From asanso@adobe.com Sun Jul 1 08:03:30 2012 Return-Path: X-Original-To: oauth@ietfa.amsl.com Delivered-To: oauth@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 93F5921F89EA for ; Sun, 1 Jul 2012 08:03:30 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -105.999 X-Spam-Level: X-Spam-Status: No, score=-105.999 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, J_CHICKENPOX_66=0.6, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id D0+CLDfSbib6 for ; Sun, 1 Jul 2012 08:03:29 -0700 (PDT) Received: from exprod6og112.obsmtp.com (exprod6og112.obsmtp.com [64.18.1.29]) by ietfa.amsl.com (Postfix) with ESMTP id 4001421F89E3 for ; Sun, 1 Jul 2012 08:03:25 -0700 (PDT) Received: from outbound-smtp-2.corp.adobe.com ([193.104.215.16]) by exprod6ob112.postini.com ([64.18.5.12]) with SMTP ID DSNKT/Bmv5ey24RHUudmUAlrRhKPFJel+fXR@postini.com; Sun, 01 Jul 2012 08:03:30 PDT Received: from inner-relay-1.corp.adobe.com (ms-exchange.macromedia.com [153.32.1.51]) by outbound-smtp-2.corp.adobe.com (8.12.10/8.12.10) with ESMTP id q61F3PX9014191; Sun, 1 Jul 2012 08:03:26 -0700 (PDT) Received: from nacas03.corp.adobe.com (nacas03.corp.adobe.com [10.8.189.121]) by inner-relay-1.corp.adobe.com (8.12.10/8.12.10) with ESMTP id q61F3Pvm017351; Sun, 1 Jul 2012 08:03:25 -0700 (PDT) Received: from eurhub01.eur.adobe.com (10.128.4.30) by nacas03.corp.adobe.com (10.8.189.121) with Microsoft SMTP Server (TLS) id 8.3.192.1; Sun, 1 Jul 2012 08:03:32 -0700 Received: from eurmbx01.eur.adobe.com ([10.128.4.32]) by eurhub01.eur.adobe.com ([10.128.4.30]) with mapi; Sun, 1 Jul 2012 16:03:30 +0100 From: Antonio Sanso To: John Bradley Date: Sun, 1 Jul 2012 16:03:16 +0100 Thread-Topic: [OAUTH-WG] Report an authentication issue Thread-Index: Ac1Xmq0VONM726B2RR2DIGdxGLuIRw== Message-ID: <44E9325B-02A7-4668-9A56-57047C56DC93@adobe.com> References: <4FE223E4.6060307@mitre.org> <4FE226BC.6010403@alcatel-lucent.com> <59E470B10C4630419ED717AC79FCF9A910889AB5@BL2PRD0410MB363.namprd04.prod.outlook.com> <59E470B10C4630419ED717AC79FCF9A917052BC8@SN2PRD0410MB370.namprd04.prod.outlook.com> <4FE37D38.1030407@gmail.com> <59E470B10C4630419ED717AC79FCF9A91A2C8949@CH1PRD0410MB369.namprd04.prod.outlook.com> <59E470B10C4630419ED717AC79FCF9A91A2D1309@CH1PRD0410MB369.namprd04.prod.outlook.com> <496AFB1D-A609-4188-B92D-2185E8880388@ve7jtb.com> <59E470B10C4630419ED717AC79FCF9A91A2D13C9@CH1PRD0410MB369.namprd04.prod.outlook.com> <67F8B633-E4C8-42F6-B84C-FDBC337B7EEA@ve7jtb.com> <04C05FAA-63BC-4441-8540-36280E40DB98@adobe.com> <4FEDE4AF.9030107@mitre.org> <8C18C43D-AC63-465A-ADC2-966CE7F38685@gmail.com> <71899C6B-40A6-46E8-BCF8-BF9C43B83C64@oracle.com> <83124DF5-8D21-4D63-9D37-BBFBA0932065@ve7jtb.com> <353091D2-F63F-4D48-A49B-99E53FE31954@oracle.com> <7ED8AA4B-85D0-4D60-AFB6-C50503042A52@ve7jtb.com> <9DFCB89E-39E2-4F70-A9F8-4D245800D798@oracle.com> <7A8FC3E0-79E4-403D-8A4E-16CBCD55C565@oracle.com> <904BFB7C-0A84-427F-BA06-CBEE90FCCF53@ve7jtb.com> In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: acceptlanguage: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Cc: "oauth@ietf.org" Subject: Re: [OAUTH-WG] Report an authentication issue X-BeenThere: oauth@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: OAUTH WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 01 Jul 2012 15:03:30 -0000 Hi *, On Jun 30, 2012, at 7:46 PM, John Bradley wrote: > There is one Core issue. > Audience restriction of the grant for the client. This is mostly import= ant where the client is inferring from the grant what the identity of the p= resenter is. > > This surfaces in slightly different ways depending on the use case. > > 1, Native apps passing a access token over a back channel API to Authenti= cate the user of the App. This is not a OAuth flow itself but is enabled b= y OAuth. > 2, Web Applications using implicit flow. (there are mitigations but they= are not part of OAuth core) > 3, Public clients using code flow. > > Bearer tokens & MAC with per token secrets are both vulnerable to this. > > One observation from the security concern text I proposed that Dick and o= thers received was that 3 could be fixed relatively simply in the spec. definitely +1 here. Another possible flaw in the Authorization Code Grant flow that affects the= Resource Owner this time (using confidential client) may be the follow: Stealing John example (thanks :)) we will have only one confidential client Site A is I love Puppies (this time a Good site) One resource owner RO1 access Site A in a library/airport (just as reminde= r Site A use the Authorization Code Grant) and this will imply a login to t= he Authorization Server (e.g. Facebook). As result of this the authorizatio= n code will stay in the browser history. When RO1 finishes he will almost certainly log out from Site A and Facebook= but arguably he will not clean the browser history. At this stage an evil resource owner RO2 that also uses Site A will login i= n Facebook with his own credentials but will tamper the redirect to site A = with the authorization code of RO1 that is stored on the browser history. What will happen is that despite the fact RO2 is logged in in Facebook wit= h his own credentials will have back the resource of RO1. WDYT? Regards Antonio > > The first two are out of scope for OAuth core and can really only be deal= t with by documenting them as a security concern so that people avoid doing= those things without additional security like using token introspection et= c. > > So they are all just different attacks exploiting the same flaw. > > The MS researchers may have a different opinion, but I have yet to hear i= t. > > John B. > On 2012-06-30, at 4:11 AM, Phil Hunt wrote: > >> John, >> >> Thanks. I am not understanding yet. But if you believe there is a proble= m that is enough for me. I do not mean in any way dismiss it. >> >> Do you think the issue you described is different from the original mess= age that started this thread? It seems so to me. >> >> Phil >> >> On 2012-06-29, at 20:34, John Bradley wrote: >> >>> Phil, >>> >>> You know not everyone gets a personalized example:) >>> >>> In the below examples there is no proxy or other compromise of the clie= nt required only the ability to do what appears to be a SSO login using OAu= th. >>> The attacker needs only a web browser. >>> >>> When they tales about compromised clients, they are not talking about = needing to compromise the app on the users phone. >>> >>> They can compromise a client on there platform e.g. load it into a iPho= ne emulator, or just create a new client that emulates the backend API. >>> >>> There are already script kits to exploit this. The vulnerability was = distributed in API kits from Faceboo, Apple and others. >>> >>> If it was just one developer getting it wrong that would be one thing, = hundreds getting it wrong by using the API in trusted development kits is = a much worse problem in my opinion. >>> >>> My hope is to at least make it clear to the library authors and tool ve= nders, what are unsafe patterns. >>> >>> This exploit is unfortunately not hypothetical. >>> >>> John B. >>> >>> >>> On 2012-06-29, at 7:31 PM, Phil Hunt wrote: >>> >>>> See below... >>>> >>>> Phil >>>> >>>> @independentid >>>> www.independentid.com >>>> phil.hunt@oracle.com >>>> >>>> >>>> >>>> >>>> >>>> On 2012-06-29, at 1:54 PM, John Bradley wrote: >>>> >>>>> No, >>>>> >>>>> Trying to explain this over email is a challenge:) >>>>> >>>>> This apples to both native apps and Web Servers who are OAuth Clients= . >>>>> >>>>> Imagine there are two web servers that authenticate people with Faceb= ook Connect (just an example). >>>>> >>>>> Site A is I love Puppies (An evil site) >>>>> Site B is I Hate Larry Ellison (A good site) >>>>> >>>>> You as a chocolate lover go to Site A and login to get some cool free= screensaver of Puppies. >>>>> Site A gets a token for your social graph no big deal mostly public s= tuff. However they discovery you work for Mr Evil who they think is purcha= sing paradise to put up a parking lot. >>>> >>>> Ummm....ok. I didn't want to go political on this. ;-) >>>>> >>>>> They then go to site B who is using the implicit flow for Facebook au= thentication. They login using a web browser but using any one of a number= of browser plugins modify the response to have the access_token that they = got from you when you logged into their site. They now post as you tellin= g everyone that Larry can't sail and has bad fashion sense. (Perhaps true) = You might now have some explaining to do! >>>> >>>> Soooo...according to the specs, there are now TWO mistakes: >>>> >>>> 1. Implicit is intended ONLY for java script clients in the browser. I= mplicit clients shouldn't have any data of value (at least retained data). >>>> >>>> 2. The MS example states that they have control of the client applicat= ion and its communications. >>>> >>>> Do we need to make #1 even more clearer -- an entire paragraph in all = caps maybe? ;-) >>>> >>>> Since the researchers put a proxy server in between the app and Facebo= ok. Therefore ANY OAUTH flow would be compromised since they are able to in= sert tokens into the flow. Adding client id isn't going to help (so I agre= e with you there). >>>> >>>> But I point out this hack only works if you can intercept the communic= ations path. >>>> >>>> If we were talking about some sports network on a public internet site= , this problem wouldn't come up unless that hackers have access to the web = sites physical network and can reconfigure the clients proxy server setting= s. >>>> >>>> In the end, I don't think this is a valid *oauth* security issue since= the assumption is a compromised client and/or communications path. This is= a network security issue. >>>> >>>> >>>>> It would be worse if Site B had some PII about you or could transfer = the money from your bank based on that authentication. >>>> >>>>> >>>>> The same thing could happen with the code flow if the client is publi= c and doesn't have a secret. Site A doesn't use the code themselves when = you login, they just let you through to get the puppy photos. >>>> Agreed. >>>>> They immediately take the token to site B and paste it into a legitim= ate response (note the client_id is not in the response or code ) the publi= c client then presents that to the token endpoint with it's client_id to ge= t the access_token. The token endpoint just hands it over because without= a client_secret it is not required to authenticate the client. >>>>> >>>>> What Dick and I are saying is that we don't see the need not to verif= y the client_id in the request to the token endpoint. If it were required = clients would not be able to mistakenly accept codes issued to diffrent cli= ents. >>>> >>>>> >>>>> I strongly suspect most implementations do that already, so why not c= larify the spec on that point. >>>> >>>>> >>>>> That won't stop the attack on implicit clients. >>>>> >>>>> This is why openID 2.0, openID Connect, SAML and every other identity= protocol I can think of audience restrict the assertion to the intended re= cipient and sign or integrity protect the response. >>>>> >>>>> That is not needed for the typical authorization use case of OAuth, b= ut is a really good idea if you are asserting Authentication information to= the client. >>>>> >>>>> No puppies were hurt in the creation of this message. >>>>> John B. >>>>> >>>>> On 2012-06-29, at 4:16 PM, Phil Hunt wrote: >>>>> >>>>>> John, >>>>>> >>>>>> I think that helps to clarify the authorize issue. >>>>>> >>>>>> But they were talking about a phishing site obtaining a legit access= token from Facebook. >>>>>>> Let's take Soluto's metro app as an example to describe the problem= . The app supports Facebook Login. As an attacker, we can write a regular F= acebook app. Once the victim user allows our app to access her Facebook dat= a, we receive an access_token from the traffic. Then, on our own machine (i= .e., the "attacker" machine), we run the metro app of Soluto, and use a HTT= P proxy to insert the victim's access_token into the traffic of Facebook lo= gin. Through this way, we are able to log into the victim's Soluto account = from our machine. Other than Soluto, we also have confirmed the same issue = on another Windows 8 metro-app Givit. >>>>>> >>>>>> >>>>>> Important: the attack works because the researchers had control of t= he client application. And thus they were able to insert the token between= the metro client app and the server because they are able to get in the co= mmunications path. All bets are off. If the attacker can insert a token the= n can insert appropriate client_id's and responses in the stream as well. >>>>>> >>>>>> Phil >>>>>> >>>>>> @independentid >>>>>> www.independentid.com >>>>>> phil.hunt@oracle.com >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> On 2012-06-29, at 1:00 PM, John Bradley wrote: >>>>>> >>>>>>> The attack requires a web browser that allows modifying the value o= f the of the redirect URI. It is dead simple cut token or code from the s= tring and paste in the token or code that was granted by the user you want = to impersonate. >>>>>>> >>>>>>> OAuth responses are not signed or audience restricted to the client= (except confidential clients using the code flow). >>>>>>> >>>>>>> In cases where the code or token is passed over a back channel to a= server, faking the entire client is the easiest thing for the attacker. >>>>>>> >>>>>>> I don't consider these to be authorization attacks, rather attacks= on a client that is inappropariatly making unwarranted assumptions about t= he presenter of the token. >>>>>>> >>>>>>> John B. >>>>>>> On 2012-06-29, at 3:29 PM, Phil Hunt wrote: >>>>>>> >>>>>>>> We need more info on the inject method the researchers used before= we can account for it. >>>>>>>> >>>>>>>> Phil >>>>>>>> >>>>>>>> On 2012-06-29, at 12:16, John Bradley wrote: >>>>>>>> >>>>>>>>> The same thing can be done with code. >>>>>>>>> >>>>>>>>> If the token endpoint checks the client_id before giving out the = access token then the attack on code can be prevented, as the token endpoin= t won't return the access token. >>>>>>>>> >>>>>>>>> The spec dosen't require authenticating public clients currently = so it is a slightly more difficult attack but possible. >>>>>>>>> >>>>>>>>> Dick and I are suggesting closing the hole at the token endpoint = so that nether confidential nor public clients using the code flow are susc= eptible to this substitution attack. >>>>>>>>> >>>>>>>>> John B. >>>>>>>>> >>>>>>>>> On 2012-06-29, at 2:53 PM, PhiIt helps with the code flow when l = Hunt wrote: >>>>>>>>> >>>>>>>>>> I'm not seeing how client id helps if a proxy server is somehow = involved with inserting the bearer token as the researchers suggested. >>>>>>>>>> >>>>>>>>>> Phil >>>>>>>>>> >>>>>>>>>> On 2012-06-29, at 11:30, John Bradley wrote: >>>>>>>>>> >>>>>>>>>>> I think they only exploited the implicit flow. >>>>>>>>>>> >>>>>>>>>>> My point was that there is a way you could do the same thing wi= th code if it is a public client that is not authenticating to the token en= dpoint. >>>>>>>>>>> >>>>>>>>>>> In general making identity assumptions in the client based on a= code or access_token has risks that are out of scope for OAuth. >>>>>>>>>>> >>>>>>>>>>> We do however want to provide good advice about specific things= that can leave systems insecure when using OAuth. >>>>>>>>>>> >>>>>>>>>>> John B. >>>>>>>>>>> >>>>>>>>>>> On 2012-06-29, at 2:22 PM, Phil Hunt wrote: >>>>>>>>>>> >>>>>>>>>>>> I'm not clear whether the MS Security Researcher hack was with= the authorization code or the access token. If the latter, the client_id i= s out of the picture isn't it? >>>>>>>>>>>> >>>>>>>>>>>> Phil >>>>>>>>>>>> >>>>>>>>>>>> @independentid >>>>>>>>>>>> www.independentid.com >>>>>>>>>>>> phil.hunt@oracle.com >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> On 2012-06-29, at 11:14 AM, Dick Hardt wrote: >>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> On Jun 29, 2012, at 11:06 AM, John Bradley wrote: >>>>>>>>>>>>> >>>>>>>>>>>>>> It is nice to know that I may occasionally be correct:) >>>>>>>>>>>>> >>>>>>>>>>>>> You must be delighted when it happens! ;) >>>>>>>>>>>>> >>>>>>>>>>>>>> While you may assume that it is reasonable for a client with= a code to make a request to the token endpoint including it's client_id an= d the server to only give out the access token if the client_id in the toke= n request matches the one in the original authorization request. However = the spec specifically doesn't require that. >>>>>>>>>>>>> >>>>>>>>>>>>> I think that is an error in the spec and should be changed, o= r text adding saying that the client_id SHOULD be checked. >>>>>>>>>>>>> >>>>>>>>>>>>> -- Dick >>>>>>>>>>>>> _______________________________________________ >>>>>>>>>>>>> OAuth mailing list >>>>>>>>>>>>> OAuth@ietf.org >>>>>>>>>>>>> https://www.ietf.org/mailman/listinfo/oauth >>>>>>>>>>>> >>>>>>>>>>> >>>>>>>>> >>>>>>> >>>>>> >>>>> >>>> >>> > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth From phil.hunt@oracle.com Sun Jul 1 11:20:46 2012 Return-Path: X-Original-To: oauth@ietfa.amsl.com Delivered-To: oauth@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 064D121F8B5F for ; Sun, 1 Jul 2012 11:20:46 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -10.023 X-Spam-Level: X-Spam-Status: No, score=-10.023 tagged_above=-999 required=5 tests=[AWL=-0.024, BAYES_00=-2.599, J_CHICKENPOX_66=0.6, RCVD_IN_DNSWL_HI=-8] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eGFJTdiZMIQn for ; Sun, 1 Jul 2012 11:20:41 -0700 (PDT) Received: from acsinet15.oracle.com (acsinet15.oracle.com [141.146.126.227]) by ietfa.amsl.com (Postfix) with ESMTP id 7141D21F8B59 for ; Sun, 1 Jul 2012 11:20:41 -0700 (PDT) Received: from acsinet21.oracle.com (acsinet21.oracle.com [141.146.126.237]) by acsinet15.oracle.com (Sentrion-MTA-4.2.2/Sentrion-MTA-4.2.2) with ESMTP id q61IKe8L010311 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Sun, 1 Jul 2012 18:20:41 GMT Received: from acsmt358.oracle.com (acsmt358.oracle.com [141.146.40.158]) by acsinet21.oracle.com (8.14.4+Sun/8.14.4) with ESMTP id q61IKex4006646 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Sun, 1 Jul 2012 18:20:40 GMT Received: from abhmt113.oracle.com (abhmt113.oracle.com [141.146.116.65]) by acsmt358.oracle.com (8.12.11.20060308/8.12.11) with ESMTP id q61IKdvR008194; Sun, 1 Jul 2012 13:20:40 -0500 Received: from [192.168.1.8] (/174.7.250.104) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Sun, 01 Jul 2012 11:20:39 -0700 Mime-Version: 1.0 (Apple Message framework v1278) Content-Type: text/plain; charset=us-ascii From: Phil Hunt In-Reply-To: <44E9325B-02A7-4668-9A56-57047C56DC93@adobe.com> Date: Sun, 1 Jul 2012 11:20:37 -0700 Content-Transfer-Encoding: quoted-printable Message-Id: <2E67A265-8BE0-419E-A178-0A428BDA896F@oracle.com> References: <4FE223E4.6060307@mitre.org> <4FE226BC.6010403@alcatel-lucent.com> <59E470B10C4630419ED717AC79FCF9A910889AB5@BL2PRD0410MB363.namprd04.prod.outlook.com> <59E470B10C4630419ED717AC79FCF9A917052BC8@SN2PRD0410MB370.namprd04.prod.outlook.com> <4FE37D38.1030407@gmail.com> <59E470B10C4630419ED717AC79FCF9A91A2C8949@CH1PRD0410MB369.namprd04.prod.outlook.com> <59E470B10C4630419ED717AC79FCF9A91A2D1309@CH1PRD0410MB369.namprd04.prod.outlook.com> <496AFB1D-A609-4188-B92D-2185E8880388@ve7jtb.com> <59E470B10C4630419ED717AC79FCF9A91A2D13C9@CH1PRD0410MB369.namprd04.prod.outlook.com> <67F8B633-E4C8-42F6-B84C-FDBC337B7EEA@ve7jtb.com> <04C05FAA-63BC-4441-8540-36280E40DB98@adobe.com> <4FEDE4AF.9030107@mitre.org> <8C18C43D-AC63-465A-ADC2-966CE7F38685@gmail.com> <71899C6B-40A6-46E8-BCF8-BF9C43B83C64@oracle.com> <83124DF5-8D21-4D63-9D37-BBFBA0932065@ve7jtb.com> <353091D2-F63F-4D48-A49B-99E53FE31954@oracle.com> <7ED8AA4B-85D0-4D60-AFB6-C50503042A52@ve7jtb.com> <9DFCB89E-39E2-4F70-A9F8-4D245800D798@oracle.com> <7A8FC3E0-79E4-403D-8A4E-16CBCD55C565@oracle.com> <904BFB7C-0A84-427F-BA06-CBEE90FCCF53@ve7jtb.com> <44E9325B-02A7-4668-9A56-57047C56DC93@adobe.com> To: Antonio Sanso X-Mailer: Apple Mail (2.1278) X-Source-IP: acsinet21.oracle.com [141.146.126.237] Cc: "oauth@ietf.org" Subject: [OAUTH-WG] Inadvertent cross-authentication through cached auth session(was: Report an authentication issue) X-BeenThere: oauth@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: OAUTH WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 01 Jul 2012 18:20:46 -0000 Antonio, This is a systematic issue. This tends to be an issue with = authenticating sites using cashed sso to remember users and not one of = OAuth2 directly (as the protocol is not directly involved with end-user = authentication in authorization flow). However, you are right it becomes = a problem for OAuth2 clients because they don't see whether in fact an = authentication occurred. One can envision the same thing happening with = people at home sharing browsers. The problem is wide spread enough that = a lot of existing client web sites today show "Hello Phil, not Phil?" = kinds of links somewhere on the page. While not of malicious intent, the mistaken re-use of cached = authentication is covered in the OAuth2 Threat Model Document here:=20 4.2.3. Threat: Malicious client obtains existing authorization by fraud Authorization servers may wish to automatically process authorization requests from clients which have been previously authorized by the user. When the user is redirected to the authorization server's end- user authorization endpoint to grant access, the authorization server detects that the user has already granted access to that particular client. Instead of prompting the user for approval, the authorization server automatically redirects the user back to the client. A malicious client may exploit that feature and try to obtain such an authorization code instead of the legitimate client. Action item: Should we expand the definition of this threat to include = accidental re-use of cached authentication. Also, it is worth noting that this is another issue that OpenID Connect = is aimed at addressing. It allows the client to request = re-authentication and re-authorization --> important in these scenarios = or for high risk transactions. FWIW at some point I would like to see a = core OAuth2 extension that documents additional parameters enabling the = client to request re-authentication. Phil @independentid www.independentid.com phil.hunt@oracle.com On 2012-07-01, at 8:03 AM, Antonio Sanso wrote: > Hi *, > On Jun 30, 2012, at 7:46 PM, John Bradley wrote: >=20 >> There is one Core issue. >> Audience restriction of the grant for the client. This is mostly = important where the client is inferring from the grant what the identity = of the presenter is. >>=20 >> This surfaces in slightly different ways depending on the use case. >>=20 >> 1, Native apps passing a access token over a back channel API to = Authenticate the user of the App. This is not a OAuth flow itself but = is enabled by OAuth. >> 2, Web Applications using implicit flow. (there are mitigations but = they are not part of OAuth core) >> 3, Public clients using code flow. >>=20 >> Bearer tokens & MAC with per token secrets are both vulnerable to = this. >>=20 >> One observation from the security concern text I proposed that Dick = and others received was that 3 could be fixed relatively simply in the = spec. >=20 > definitely +1 here. >=20 > Another possible flaw in the Authorization Code Grant flow that = affects the Resource Owner this time (using confidential client) may be = the follow: >=20 > Stealing John example (thanks :)) we will have only one confidential = client >=20 > Site A is I love Puppies (this time a Good site) >=20 > One resource owner RO1 access Site A in a library/airport (just as = reminder Site A use the Authorization Code Grant) and this will imply a = login to the Authorization Server (e.g. Facebook). As result of this the = authorization code will stay in the browser history. > When RO1 finishes he will almost certainly log out from Site A and = Facebook but arguably he will not clean the browser history. > At this stage an evil resource owner RO2 that also uses Site A will = login in Facebook with his own credentials but will tamper the redirect = to site A with the authorization code of RO1 that is stored on the = browser history. > What will happen is that despite the fact RO2 is logged in in = Facebook with his own credentials will have back the resource of RO1. >=20 > WDYT? >=20 > Regards >=20 > Antonio >=20 >=20 >=20 >=20 >=20 >>=20 >> The first two are out of scope for OAuth core and can really only be = dealt with by documenting them as a security concern so that people = avoid doing those things without additional security like using token = introspection etc. >>=20 >> So they are all just different attacks exploiting the same flaw. >>=20 >> The MS researchers may have a different opinion, but I have yet to = hear it. >>=20 >> John B. >> On 2012-06-30, at 4:11 AM, Phil Hunt wrote: >>=20 >>> John, >>>=20 >>> Thanks. I am not understanding yet. But if you believe there is a = problem that is enough for me. I do not mean in any way dismiss it. >>>=20 >>> Do you think the issue you described is different from the original = message that started this thread? It seems so to me. >>>=20 >>> Phil >>>=20 >>> On 2012-06-29, at 20:34, John Bradley wrote: >>>=20 >>>> Phil, >>>>=20 >>>> You know not everyone gets a personalized example:) >>>>=20 >>>> In the below examples there is no proxy or other compromise of the = client required only the ability to do what appears to be a SSO login = using OAuth. >>>> The attacker needs only a web browser. >>>>=20 >>>> When they tales about compromised clients, they are not talking = about needing to compromise the app on the users phone. >>>>=20 >>>> They can compromise a client on there platform e.g. load it into a = iPhone emulator, or just create a new client that emulates the backend = API. >>>>=20 >>>> There are already script kits to exploit this. The vulnerability = was distributed in API kits from Faceboo, Apple and others. >>>>=20 >>>> If it was just one developer getting it wrong that would be one = thing, hundreds getting it wrong by using the API in trusted = development kits is a much worse problem in my opinion. >>>>=20 >>>> My hope is to at least make it clear to the library authors and = tool venders, what are unsafe patterns. >>>>=20 >>>> This exploit is unfortunately not hypothetical. >>>>=20 >>>> John B. >>>>=20 >>>>=20 >>>> On 2012-06-29, at 7:31 PM, Phil Hunt wrote: >>>>=20 >>>>> See below... >>>>>=20 >>>>> Phil >>>>>=20 >>>>> @independentid >>>>> www.independentid.com >>>>> phil.hunt@oracle.com >>>>>=20 >>>>>=20 >>>>>=20 >>>>>=20 >>>>>=20 >>>>> On 2012-06-29, at 1:54 PM, John Bradley wrote: >>>>>=20 >>>>>> No, >>>>>>=20 >>>>>> Trying to explain this over email is a challenge:) >>>>>>=20 >>>>>> This apples to both native apps and Web Servers who are OAuth = Clients. >>>>>>=20 >>>>>> Imagine there are two web servers that authenticate people with = Facebook Connect (just an example). >>>>>>=20 >>>>>> Site A is I love Puppies (An evil site) >>>>>> Site B is I Hate Larry Ellison (A good site) >>>>>>=20 >>>>>> You as a chocolate lover go to Site A and login to get some cool = free screensaver of Puppies. >>>>>> Site A gets a token for your social graph no big deal mostly = public stuff. However they discovery you work for Mr Evil who they = think is purchasing paradise to put up a parking lot. >>>>>=20 >>>>> Ummm....ok. I didn't want to go political on this. ;-) >>>>>>=20 >>>>>> They then go to site B who is using the implicit flow for = Facebook authentication. They login using a web browser but using any = one of a number of browser plugins modify the response to have the = access_token that they got from you when you logged into their site. = They now post as you telling everyone that Larry can't sail and has bad = fashion sense. (Perhaps true) You might now have some explaining to do! >>>>>=20 >>>>> Soooo...according to the specs, there are now TWO mistakes: >>>>>=20 >>>>> 1. Implicit is intended ONLY for java script clients in the = browser. Implicit clients shouldn't have any data of value (at least = retained data). >>>>>=20 >>>>> 2. The MS example states that they have control of the client = application and its communications. >>>>>=20 >>>>> Do we need to make #1 even more clearer -- an entire paragraph in = all caps maybe? ;-) >>>>>=20 >>>>> Since the researchers put a proxy server in between the app and = Facebook. Therefore ANY OAUTH flow would be compromised since they are = able to insert tokens into the flow. Adding client id isn't going to = help (so I agree with you there). >>>>>=20 >>>>> But I point out this hack only works if you can intercept the = communications path. >>>>>=20 >>>>> If we were talking about some sports network on a public internet = site, this problem wouldn't come up unless that hackers have access to = the web sites physical network and can reconfigure the clients proxy = server settings. >>>>>=20 >>>>> In the end, I don't think this is a valid *oauth* security issue = since the assumption is a compromised client and/or communications path. = This is a network security issue. >>>>>=20 >>>>>=20 >>>>>> It would be worse if Site B had some PII about you or could = transfer the money from your bank based on that authentication. >>>>>=20 >>>>>>=20 >>>>>> The same thing could happen with the code flow if the client is = public and doesn't have a secret. Site A doesn't use the code = themselves when you login, they just let you through to get the puppy = photos. >>>>> Agreed. >>>>>> They immediately take the token to site B and paste it into a = legitimate response (note the client_id is not in the response or code ) = the public client then presents that to the token endpoint with it's = client_id to get the access_token. The token endpoint just hands it = over because without a client_secret it is not required to authenticate = the client. >>>>>>=20 >>>>>> What Dick and I are saying is that we don't see the need not to = verify the client_id in the request to the token endpoint. If it were = required clients would not be able to mistakenly accept codes issued to = diffrent clients. >>>>>=20 >>>>>>=20 >>>>>> I strongly suspect most implementations do that already, so why = not clarify the spec on that point. >>>>>=20 >>>>>>=20 >>>>>> That won't stop the attack on implicit clients. >>>>>>=20 >>>>>> This is why openID 2.0, openID Connect, SAML and every other = identity protocol I can think of audience restrict the assertion to the = intended recipient and sign or integrity protect the response. >>>>>>=20 >>>>>> That is not needed for the typical authorization use case of = OAuth, but is a really good idea if you are asserting Authentication = information to the client. >>>>>>=20 >>>>>> No puppies were hurt in the creation of this message. >>>>>> John B. >>>>>>=20 >>>>>> On 2012-06-29, at 4:16 PM, Phil Hunt wrote: >>>>>>=20 >>>>>>> John, >>>>>>>=20 >>>>>>> I think that helps to clarify the authorize issue. >>>>>>>=20 >>>>>>> But they were talking about a phishing site obtaining a legit = access token from Facebook. >>>>>>>> Let's take Soluto's metro app as an example to describe the = problem. The app supports Facebook Login. As an attacker, we can write a = regular Facebook app. Once the victim user allows our app to access her = Facebook data, we receive an access_token from the traffic. Then, on our = own machine (i.e., the "attacker" machine), we run the metro app of = Soluto, and use a HTTP proxy to insert the victim's access_token into = the traffic of Facebook login. Through this way, we are able to log into = the victim's Soluto account from our machine. Other than Soluto, we also = have confirmed the same issue on another Windows 8 metro-app Givit. >>>>>>>=20 >>>>>>>=20 >>>>>>> Important: the attack works because the researchers had control = of the client application. And thus they were able to insert the token = between the metro client app and the server because they are able to get = in the communications path. All bets are off. If the attacker can insert = a token then can insert appropriate client_id's and responses in the = stream as well. >>>>>>>=20 >>>>>>> Phil >>>>>>>=20 >>>>>>> @independentid >>>>>>> www.independentid.com >>>>>>> phil.hunt@oracle.com >>>>>>>=20 >>>>>>>=20 >>>>>>>=20 >>>>>>>=20 >>>>>>>=20 >>>>>>> On 2012-06-29, at 1:00 PM, John Bradley wrote: >>>>>>>=20 >>>>>>>> The attack requires a web browser that allows modifying the = value of the of the redirect URI. It is dead simple cut token or code = from the string and paste in the token or code that was granted by the = user you want to impersonate. >>>>>>>>=20 >>>>>>>> OAuth responses are not signed or audience restricted to the = client(except confidential clients using the code flow). >>>>>>>>=20 >>>>>>>> In cases where the code or token is passed over a back channel = to a server, faking the entire client is the easiest thing for the = attacker. >>>>>>>>=20 >>>>>>>> I don't consider these to be authorization attacks, rather = attacks on a client that is inappropariatly making unwarranted = assumptions about the presenter of the token. >>>>>>>>=20 >>>>>>>> John B. >>>>>>>> On 2012-06-29, at 3:29 PM, Phil Hunt wrote: >>>>>>>>=20 >>>>>>>>> We need more info on the inject method the researchers used = before we can account for it. >>>>>>>>>=20 >>>>>>>>> Phil >>>>>>>>>=20 >>>>>>>>> On 2012-06-29, at 12:16, John Bradley = wrote: >>>>>>>>>=20 >>>>>>>>>> The same thing can be done with code. >>>>>>>>>>=20 >>>>>>>>>> If the token endpoint checks the client_id before giving out = the access token then the attack on code can be prevented, as the token = endpoint won't return the access token. >>>>>>>>>>=20 >>>>>>>>>> The spec dosen't require authenticating public clients = currently so it is a slightly more difficult attack but possible. >>>>>>>>>>=20 >>>>>>>>>> Dick and I are suggesting closing the hole at the token = endpoint so that nether confidential nor public clients using the code = flow are susceptible to this substitution attack. >>>>>>>>>>=20 >>>>>>>>>> John B. >>>>>>>>>>=20 >>>>>>>>>> On 2012-06-29, at 2:53 PM, PhiIt helps with the code flow = when l Hunt wrote: >>>>>>>>>>=20 >>>>>>>>>>> I'm not seeing how client id helps if a proxy server is = somehow involved with inserting the bearer token as the researchers = suggested. >>>>>>>>>>>=20 >>>>>>>>>>> Phil >>>>>>>>>>>=20 >>>>>>>>>>> On 2012-06-29, at 11:30, John Bradley = wrote: >>>>>>>>>>>=20 >>>>>>>>>>>> I think they only exploited the implicit flow. >>>>>>>>>>>>=20 >>>>>>>>>>>> My point was that there is a way you could do the same = thing with code if it is a public client that is not authenticating to = the token endpoint. >>>>>>>>>>>>=20 >>>>>>>>>>>> In general making identity assumptions in the client based = on a code or access_token has risks that are out of scope for OAuth. >>>>>>>>>>>>=20 >>>>>>>>>>>> We do however want to provide good advice about specific = things that can leave systems insecure when using OAuth. >>>>>>>>>>>>=20 >>>>>>>>>>>> John B. >>>>>>>>>>>>=20 >>>>>>>>>>>> On 2012-06-29, at 2:22 PM, Phil Hunt wrote: >>>>>>>>>>>>=20 >>>>>>>>>>>>> I'm not clear whether the MS Security Researcher hack was = with the authorization code or the access token. If the latter, the = client_id is out of the picture isn't it? >>>>>>>>>>>>>=20 >>>>>>>>>>>>> Phil >>>>>>>>>>>>>=20 >>>>>>>>>>>>> @independentid >>>>>>>>>>>>> www.independentid.com >>>>>>>>>>>>> phil.hunt@oracle.com >>>>>>>>>>>>>=20 >>>>>>>>>>>>>=20 >>>>>>>>>>>>>=20 >>>>>>>>>>>>>=20 >>>>>>>>>>>>>=20 >>>>>>>>>>>>> On 2012-06-29, at 11:14 AM, Dick Hardt wrote: >>>>>>>>>>>>>=20 >>>>>>>>>>>>>>=20 >>>>>>>>>>>>>> On Jun 29, 2012, at 11:06 AM, John Bradley wrote: >>>>>>>>>>>>>>=20 >>>>>>>>>>>>>>> It is nice to know that I may occasionally be correct:) >>>>>>>>>>>>>>=20 >>>>>>>>>>>>>> You must be delighted when it happens! ;) >>>>>>>>>>>>>>=20 >>>>>>>>>>>>>>> While you may assume that it is reasonable for a client = with a code to make a request to the token endpoint including it's = client_id and the server to only give out the access token if the = client_id in the token request matches the one in the original = authorization request. However the spec specifically doesn't require = that. >>>>>>>>>>>>>>=20 >>>>>>>>>>>>>> I think that is an error in the spec and should be = changed, or text adding saying that the client_id SHOULD be checked. >>>>>>>>>>>>>>=20 >>>>>>>>>>>>>> -- Dick >>>>>>>>>>>>>> _______________________________________________ >>>>>>>>>>>>>> OAuth mailing list >>>>>>>>>>>>>> OAuth@ietf.org >>>>>>>>>>>>>> https://www.ietf.org/mailman/listinfo/oauth >>>>>>>>>>>>>=20 >>>>>>>>>>>>=20 >>>>>>>>>>=20 >>>>>>>>=20 >>>>>>>=20 >>>>>>=20 >>>>>=20 >>>>=20 >>=20 >> _______________________________________________ >> OAuth mailing list >> OAuth@ietf.org >> https://www.ietf.org/mailman/listinfo/oauth >=20 From ve7jtb@ve7jtb.com Sun Jul 1 11:35:36 2012 Return-Path: X-Original-To: oauth@ietfa.amsl.com Delivered-To: oauth@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5A38821F8A46 for ; Sun, 1 Jul 2012 11:35:36 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -3.152 X-Spam-Level: X-Spam-Status: No, score=-3.152 tagged_above=-999 required=5 tests=[AWL=-0.154, BAYES_00=-2.599, HTML_MESSAGE=0.001, J_CHICKENPOX_66=0.6, RCVD_IN_DNSWL_LOW=-1] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hH6mKurIa9z7 for ; Sun, 1 Jul 2012 11:35:31 -0700 (PDT) Received: from mail-gg0-f172.google.com (mail-gg0-f172.google.com [209.85.161.172]) by ietfa.amsl.com (Postfix) with ESMTP id 4B8DA21F8A38 for ; Sun, 1 Jul 2012 11:35:31 -0700 (PDT) Received: by ggnc4 with SMTP id c4so4095216ggn.31 for ; Sun, 01 Jul 2012 11:35:34 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=subject:mime-version:content-type:from:in-reply-to:date:cc :message-id:references:to:x-mailer:x-gm-message-state; bh=dDcGI7PW5SXgZlUEJp7Y76u0tmRfqA3Px1aONwIu/0g=; b=OyV9cvPjmGP9Xve9ymcAn0WP2Mn2b9Ycy+zrDIbaCQG3DXP4AfOwI52d7UkBIVFt1q OIhhbu705hXSd4vWXraP1Knzaoo5hUZqOU/L9MuZarsVE5498ydxR8pEb2ACfFcG9VjA skd+qdHYxTiChTgQ5i6CtvkEdfmxv7E9MEqy+2cXKVEbKzrzGdVLEdH4xXi1vsiYTFNX MUWzUE6wruHbA3COOH2ODE82GP95wjIi23+qS6xrECrkzQzSRwsaJLM41mgGrSUKjIX3 iH1+SLZVLZEThOMdGoqGyFFX72UWheHqwFVnqP4PDLVUIYfzMgJ8yigjtuKs4Yu7OrHR 0iBw== Received: by 10.236.185.198 with SMTP id u46mr12452249yhm.33.1341167733745; Sun, 01 Jul 2012 11:35:33 -0700 (PDT) Received: from [192.168.1.211] (190-20-56-144.baf.movistar.cl. [190.20.56.144]) by mx.google.com with ESMTPS id l13sm9405094ann.2.2012.07.01.11.35.29 (version=TLSv1/SSLv3 cipher=OTHER); Sun, 01 Jul 2012 11:35:32 -0700 (PDT) Mime-Version: 1.0 (Apple Message framework v1278) Content-Type: multipart/signed; boundary="Apple-Mail=_5016CA6B-9E53-4A0D-BB46-7F139A40A33A"; protocol="application/pkcs7-signature"; micalg=sha1 From: John Bradley In-Reply-To: <44E9325B-02A7-4668-9A56-57047C56DC93@adobe.com> Date: Sun, 1 Jul 2012 14:35:23 -0400 Message-Id: References: <4FE223E4.6060307@mitre.org> <4FE226BC.6010403@alcatel-lucent.com> <59E470B10C4630419ED717AC79FCF9A910889AB5@BL2PRD0410MB363.namprd04.prod.outlook.com> <59E470B10C4630419ED717AC79FCF9A917052BC8@SN2PRD0410MB370.namprd04.prod.outlook.com> <4FE37D38.1030407@gmail.com> <59E470B10C4630419ED717AC79FCF9A91A2C8949@CH1PRD0410MB369.namprd04.prod.outlook.com> <59E470B10C4630419ED717AC79FCF9A91A2D1309@CH1PRD0410MB369.namprd04.prod.outlook.com> <496AFB1D-A609-4188-B92D-2185E8880388@ve7jtb.com> <59E470B10C4630419ED717AC79FCF9A91A2D13C9@CH1PRD0410MB369.namprd04.prod.outlook.com> <67F8B633-E4C8-42F6-B84C-FDBC337B7EEA@ve7jtb.com> <04C05FAA-63BC-4441-8540-36280E40DB98@adobe.com> <4FEDE4AF.9030107@mitre.org> <8C18C43D-AC63-465A-ADC2-966CE7F38685@gmail.com> <71899C6B-40A6-46E8-BCF8-BF9C43B83C64@oracle.com> <83124DF5-8D21-4D63-9D37-BBFBA0932065@ve7jtb.com> <353091D2-F63F-4D48-A49B-99E53FE31954@oracle.com> <7ED8AA4B-85D0-4D60-AFB6-C50503042A52@ve7jtb.com> <9DFCB89E-39E2-4F70-A9F8-4D245800D798@oracle.com> <7A8FC3E0-79E4-403D-8A4E-16CBCD55C565@oracle.com> <904BFB7C-0A84-427F-BA06-CBEE90FCCF53@ve7jtb.com> <44E9325B-02A7-4668-9A56-57047C56DC93@adobe.com> To: Antonio Sanso X-Mailer: Apple Mail (2.1278) X-Gm-Message-State: ALoCoQlJ8j0ozpXfcCzpS3c8ysQnk9CUTOs4Q0klqAX1QW9aIiwaekKQmZpXKjLVOxXTlXpq+lRo Cc: "oauth@ietf.org" Subject: Re: [OAUTH-WG] Report an authentication issue X-BeenThere: oauth@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: OAUTH WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 01 Jul 2012 18:35:36 -0000 --Apple-Mail=_5016CA6B-9E53-4A0D-BB46-7F139A40A33A Content-Type: multipart/alternative; boundary="Apple-Mail=_EF4560BB-5107-40E9-A1FE-C797FA9AA3CE" --Apple-Mail=_EF4560BB-5107-40E9-A1FE-C797FA9AA3CE Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii There are existing mitigations in the spec to to prevent this attack on = a confidential client. code REQUIRED. The authorization code generated by the authorization server. The authorization code MUST expire shortly after it is issued to mitigate the risk of leaks. A maximum authorization code lifetime of 10 minutes is RECOMMENDED. The client MUST NOT use the authorization code more than once. If an authorization code is used more than once, the authorization server MUST deny the request and SHOULD revoke (when possible) all tokens previously issued based on = that authorization code. The authorization code is bound to the client identifier and = redirection URI. The code in the browser is precluded from being accepted twice by the = authorization server. I don't think any additional security concern is required for this. Now back in the real world, you are correct, this attack works perfectly = well on some authorization servers (Facebook for one). They however are not following the current OAuth 2 specification, they = allow the code to live perhaps indefinitely (The only way I have found = to invalidate code is by resetting the account password), and also accept it multiple times (I have not found a limit submitting = the same code for months). =20 Facebook do at-least bind the code to the client_id, at least for = authenticated clients. I think for this the spec is correct and some implementations are = non-conformant. There is a long list of stupid things people can do if they ignore parts = of the spec. John B. On 2012-07-01, at 11:03 AM, Antonio Sanso wrote: > Hi *, > On Jun 30, 2012, at 7:46 PM, John Bradley wrote: >=20 >> There is one Core issue. >> Audience restriction of the grant for the client. This is mostly = important where the client is inferring from the grant what the identity = of the presenter is. >>=20 >> This surfaces in slightly different ways depending on the use case. >>=20 >> 1, Native apps passing a access token over a back channel API to = Authenticate the user of the App. This is not a OAuth flow itself but = is enabled by OAuth. >> 2, Web Applications using implicit flow. (there are mitigations but = they are not part of OAuth core) >> 3, Public clients using code flow. >>=20 >> Bearer tokens & MAC with per token secrets are both vulnerable to = this. >>=20 >> One observation from the security concern text I proposed that Dick = and others received was that 3 could be fixed relatively simply in the = spec. >=20 > definitely +1 here. >=20 > Another possible flaw in the Authorization Code Grant flow that = affects the Resource Owner this time (using confidential client) may be = the follow: >=20 > Stealing John example (thanks :)) we will have only one confidential = client >=20 > Site A is I love Puppies (this time a Good site) >=20 > One resource owner RO1 access Site A in a library/airport (just as = reminder Site A use the Authorization Code Grant) and this will imply a = login to the Authorization Server (e.g. Facebook). As result of this the = authorization code will stay in the browser history. > When RO1 finishes he will almost certainly log out from Site A and = Facebook but arguably he will not clean the browser history. > At this stage an evil resource owner RO2 that also uses Site A will = login in Facebook with his own credentials but will tamper the redirect = to site A with the authorization code of RO1 that is stored on the = browser history. > What will happen is that despite the fact RO2 is logged in in = Facebook with his own credentials will have back the resource of RO1. >=20 > WDYT? >=20 > Regards >=20 > Antonio >=20 >=20 >=20 >=20 >=20 >>=20 >> The first two are out of scope for OAuth core and can really only be = dealt with by documenting them as a security concern so that people = avoid doing those things without additional security like using token = introspection etc. >>=20 >> So they are all just different attacks exploiting the same flaw. >>=20 >> The MS researchers may have a different opinion, but I have yet to = hear it. >>=20 >> John B. >> On 2012-06-30, at 4:11 AM, Phil Hunt wrote: >>=20 >>> John, >>>=20 >>> Thanks. I am not understanding yet. But if you believe there is a = problem that is enough for me. I do not mean in any way dismiss it. >>>=20 >>> Do you think the issue you described is different from the original = message that started this thread? It seems so to me. >>>=20 >>> Phil >>>=20 >>> On 2012-06-29, at 20:34, John Bradley wrote: >>>=20 >>>> Phil, >>>>=20 >>>> You know not everyone gets a personalized example:) >>>>=20 >>>> In the below examples there is no proxy or other compromise of the = client required only the ability to do what appears to be a SSO login = using OAuth. >>>> The attacker needs only a web browser. >>>>=20 >>>> When they tales about compromised clients, they are not talking = about needing to compromise the app on the users phone. >>>>=20 >>>> They can compromise a client on there platform e.g. load it into a = iPhone emulator, or just create a new client that emulates the backend = API. >>>>=20 >>>> There are already script kits to exploit this. The vulnerability = was distributed in API kits from Faceboo, Apple and others. >>>>=20 >>>> If it was just one developer getting it wrong that would be one = thing, hundreds getting it wrong by using the API in trusted = development kits is a much worse problem in my opinion. >>>>=20 >>>> My hope is to at least make it clear to the library authors and = tool venders, what are unsafe patterns. >>>>=20 >>>> This exploit is unfortunately not hypothetical. >>>>=20 >>>> John B. >>>>=20 >>>>=20 >>>> On 2012-06-29, at 7:31 PM, Phil Hunt wrote: >>>>=20 >>>>> See below... >>>>>=20 >>>>> Phil >>>>>=20 >>>>> @independentid >>>>> www.independentid.com >>>>> phil.hunt@oracle.com >>>>>=20 >>>>>=20 >>>>>=20 >>>>>=20 >>>>>=20 >>>>> On 2012-06-29, at 1:54 PM, John Bradley wrote: >>>>>=20 >>>>>> No, >>>>>>=20 >>>>>> Trying to explain this over email is a challenge:) >>>>>>=20 >>>>>> This apples to both native apps and Web Servers who are OAuth = Clients. >>>>>>=20 >>>>>> Imagine there are two web servers that authenticate people with = Facebook Connect (just an example). >>>>>>=20 >>>>>> Site A is I love Puppies (An evil site) >>>>>> Site B is I Hate Larry Ellison (A good site) >>>>>>=20 >>>>>> You as a chocolate lover go to Site A and login to get some cool = free screensaver of Puppies. >>>>>> Site A gets a token for your social graph no big deal mostly = public stuff. However they discovery you work for Mr Evil who they = think is purchasing paradise to put up a parking lot. >>>>>=20 >>>>> Ummm....ok. I didn't want to go political on this. ;-) >>>>>>=20 >>>>>> They then go to site B who is using the implicit flow for = Facebook authentication. They login using a web browser but using any = one of a number of browser plugins modify the response to have the = access_token that they got from you when you logged into their site. = They now post as you telling everyone that Larry can't sail and has bad = fashion sense. (Perhaps true) You might now have some explaining to do! >>>>>=20 >>>>> Soooo...according to the specs, there are now TWO mistakes: >>>>>=20 >>>>> 1. Implicit is intended ONLY for java script clients in the = browser. Implicit clients shouldn't have any data of value (at least = retained data). >>>>>=20 >>>>> 2. The MS example states that they have control of the client = application and its communications. >>>>>=20 >>>>> Do we need to make #1 even more clearer -- an entire paragraph in = all caps maybe? ;-) >>>>>=20 >>>>> Since the researchers put a proxy server in between the app and = Facebook. Therefore ANY OAUTH flow would be compromised since they are = able to insert tokens into the flow. Adding client id isn't going to = help (so I agree with you there). >>>>>=20 >>>>> But I point out this hack only works if you can intercept the = communications path. >>>>>=20 >>>>> If we were talking about some sports network on a public internet = site, this problem wouldn't come up unless that hackers have access to = the web sites physical network and can reconfigure the clients proxy = server settings. >>>>>=20 >>>>> In the end, I don't think this is a valid *oauth* security issue = since the assumption is a compromised client and/or communications path. = This is a network security issue. >>>>>=20 >>>>>=20 >>>>>> It would be worse if Site B had some PII about you or could = transfer the money from your bank based on that authentication. >>>>>=20 >>>>>>=20 >>>>>> The same thing could happen with the code flow if the client is = public and doesn't have a secret. Site A doesn't use the code = themselves when you login, they just let you through to get the puppy = photos. >>>>> Agreed. >>>>>> They immediately take the token to site B and paste it into a = legitimate response (note the client_id is not in the response or code ) = the public client then presents that to the token endpoint with it's = client_id to get the access_token. The token endpoint just hands it = over because without a client_secret it is not required to authenticate = the client. >>>>>>=20 >>>>>> What Dick and I are saying is that we don't see the need not to = verify the client_id in the request to the token endpoint. If it were = required clients would not be able to mistakenly accept codes issued to = diffrent clients. >>>>>=20 >>>>>>=20 >>>>>> I strongly suspect most implementations do that already, so why = not clarify the spec on that point. >>>>>=20 >>>>>>=20 >>>>>> That won't stop the attack on implicit clients. >>>>>>=20 >>>>>> This is why openID 2.0, openID Connect, SAML and every other = identity protocol I can think of audience restrict the assertion to the = intended recipient and sign or integrity protect the response. >>>>>>=20 >>>>>> That is not needed for the typical authorization use case of = OAuth, but is a really good idea if you are asserting Authentication = information to the client. >>>>>>=20 >>>>>> No puppies were hurt in the creation of this message. >>>>>> John B. >>>>>>=20 >>>>>> On 2012-06-29, at 4:16 PM, Phil Hunt wrote: >>>>>>=20 >>>>>>> John, >>>>>>>=20 >>>>>>> I think that helps to clarify the authorize issue. >>>>>>>=20 >>>>>>> But they were talking about a phishing site obtaining a legit = access token from Facebook. >>>>>>>> Let's take Soluto's metro app as an example to describe the = problem. The app supports Facebook Login. As an attacker, we can write a = regular Facebook app. Once the victim user allows our app to access her = Facebook data, we receive an access_token from the traffic. Then, on our = own machine (i.e., the "attacker" machine), we run the metro app of = Soluto, and use a HTTP proxy to insert the victim's access_token into = the traffic of Facebook login. Through this way, we are able to log into = the victim's Soluto account from our machine. Other than Soluto, we also = have confirmed the same issue on another Windows 8 metro-app Givit. >>>>>>>=20 >>>>>>>=20 >>>>>>> Important: the attack works because the researchers had control = of the client application. And thus they were able to insert the token = between the metro client app and the server because they are able to get = in the communications path. All bets are off. If the attacker can insert = a token then can insert appropriate client_id's and responses in the = stream as well. >>>>>>>=20 >>>>>>> Phil >>>>>>>=20 >>>>>>> @independentid >>>>>>> www.independentid.com >>>>>>> phil.hunt@oracle.com >>>>>>>=20 >>>>>>>=20 >>>>>>>=20 >>>>>>>=20 >>>>>>>=20 >>>>>>> On 2012-06-29, at 1:00 PM, John Bradley wrote: >>>>>>>=20 >>>>>>>> The attack requires a web browser that allows modifying the = value of the of the redirect URI. It is dead simple cut token or code = from the string and paste in the token or code that was granted by the = user you want to impersonate. >>>>>>>>=20 >>>>>>>> OAuth responses are not signed or audience restricted to the = client(except confidential clients using the code flow). >>>>>>>>=20 >>>>>>>> In cases where the code or token is passed over a back channel = to a server, faking the entire client is the easiest thing for the = attacker. >>>>>>>>=20 >>>>>>>> I don't consider these to be authorization attacks, rather = attacks on a client that is inappropariatly making unwarranted = assumptions about the presenter of the token. >>>>>>>>=20 >>>>>>>> John B. >>>>>>>> On 2012-06-29, at 3:29 PM, Phil Hunt wrote: >>>>>>>>=20 >>>>>>>>> We need more info on the inject method the researchers used = before we can account for it. >>>>>>>>>=20 >>>>>>>>> Phil >>>>>>>>>=20 >>>>>>>>> On 2012-06-29, at 12:16, John Bradley = wrote: >>>>>>>>>=20 >>>>>>>>>> The same thing can be done with code. >>>>>>>>>>=20 >>>>>>>>>> If the token endpoint checks the client_id before giving out = the access token then the attack on code can be prevented, as the token = endpoint won't return the access token. >>>>>>>>>>=20 >>>>>>>>>> The spec dosen't require authenticating public clients = currently so it is a slightly more difficult attack but possible. >>>>>>>>>>=20 >>>>>>>>>> Dick and I are suggesting closing the hole at the token = endpoint so that nether confidential nor public clients using the code = flow are susceptible to this substitution attack. >>>>>>>>>>=20 >>>>>>>>>> John B. >>>>>>>>>>=20 >>>>>>>>>> On 2012-06-29, at 2:53 PM, PhiIt helps with the code flow = when l Hunt wrote: >>>>>>>>>>=20 >>>>>>>>>>> I'm not seeing how client id helps if a proxy server is = somehow involved with inserting the bearer token as the researchers = suggested. >>>>>>>>>>>=20 >>>>>>>>>>> Phil >>>>>>>>>>>=20 >>>>>>>>>>> On 2012-06-29, at 11:30, John Bradley = wrote: >>>>>>>>>>>=20 >>>>>>>>>>>> I think they only exploited the implicit flow. >>>>>>>>>>>>=20 >>>>>>>>>>>> My point was that there is a way you could do the same = thing with code if it is a public client that is not authenticating to = the token endpoint. >>>>>>>>>>>>=20 >>>>>>>>>>>> In general making identity assumptions in the client based = on a code or access_token has risks that are out of scope for OAuth. >>>>>>>>>>>>=20 >>>>>>>>>>>> We do however want to provide good advice about specific = things that can leave systems insecure when using OAuth. >>>>>>>>>>>>=20 >>>>>>>>>>>> John B. >>>>>>>>>>>>=20 >>>>>>>>>>>> On 2012-06-29, at 2:22 PM, Phil Hunt wrote: >>>>>>>>>>>>=20 >>>>>>>>>>>>> I'm not clear whether the MS Security Researcher hack was = with the authorization code or the access token. If the latter, the = client_id is out of the picture isn't it? >>>>>>>>>>>>>=20 >>>>>>>>>>>>> Phil >>>>>>>>>>>>>=20 >>>>>>>>>>>>> @independentid >>>>>>>>>>>>> www.independentid.com >>>>>>>>>>>>> phil.hunt@oracle.com >>>>>>>>>>>>>=20 >>>>>>>>>>>>>=20 >>>>>>>>>>>>>=20 >>>>>>>>>>>>>=20 >>>>>>>>>>>>>=20 >>>>>>>>>>>>> On 2012-06-29, at 11:14 AM, Dick Hardt wrote: >>>>>>>>>>>>>=20 >>>>>>>>>>>>>>=20 >>>>>>>>>>>>>> On Jun 29, 2012, at 11:06 AM, John Bradley wrote: >>>>>>>>>>>>>>=20 >>>>>>>>>>>>>>> It is nice to know that I may occasionally be correct:) >>>>>>>>>>>>>>=20 >>>>>>>>>>>>>> You must be delighted when it happens! ;) >>>>>>>>>>>>>>=20 >>>>>>>>>>>>>>> While you may assume that it is reasonable for a client = with a code to make a request to the token endpoint including it's = client_id and the server to only give out the access token if the = client_id in the token request matches the one in the original = authorization request. However the spec specifically doesn't require = that. >>>>>>>>>>>>>>=20 >>>>>>>>>>>>>> I think that is an error in the spec and should be = changed, or text adding saying that the client_id SHOULD be checked. >>>>>>>>>>>>>>=20 >>>>>>>>>>>>>> -- Dick >>>>>>>>>>>>>> _______________________________________________ >>>>>>>>>>>>>> OAuth mailing list >>>>>>>>>>>>>> OAuth@ietf.org >>>>>>>>>>>>>> https://www.ietf.org/mailman/listinfo/oauth >>>>>>>>>>>>>=20 >>>>>>>>>>>>=20 >>>>>>>>>>=20 >>>>>>>>=20 >>>>>>>=20 >>>>>>=20 >>>>>=20 >>>>=20 >>=20 >> _______________________________________________ >> OAuth mailing list >> OAuth@ietf.org >> https://www.ietf.org/mailman/listinfo/oauth >=20 --Apple-Mail=_EF4560BB-5107-40E9-A1FE-C797FA9AA3CE Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=us-ascii There = are existing mitigations in the spec to to prevent this attack on a = confidential client.

code
         REQUIRED.  The authorization code generated by the
         authorization server.  The authorization code MUST expire
         shortly after it is issued to mitigate the risk of leaks.  A
         maximum authorization code lifetime of 10 minutes is
         RECOMMENDED.  The client MUST NOT use the authorization code
         more than once.  If an authorization code is used more than
         once, the authorization server MUST deny the request and SHOULD
         revoke (when possible) all tokens previously issued based on =
that authorization code.

         The authorization code is =
bound to the client identifier and redirection =
URI.

The code in the browser = is precluded from being accepted twice by the authorization = server.
I don't think any additional security concern is = required for this.

Now back in the real world, = you are correct, this attack works perfectly well on some authorization = servers (Facebook for one).
They however are not following the = current OAuth 2 specification, they allow the code to live perhaps = indefinitely  (The only way I have found to invalidate code is by = resetting the account password),
and also accept it multiple = times (I have not found a limit submitting the same code for months). =  

Facebook do at-least  bind the code = to the client_id, at least for authenticated = clients.

I think for this the spec is correct = and some implementations are = non-conformant.

There is a long list of stupid = things people can do if they ignore parts of the = spec.

John = B.


On 2012-07-01, at 11:03 AM, = Antonio Sanso wrote:

Hi = *,
On Jun 30, 2012, at 7:46 PM, John Bradley = wrote:

There is one Core = issue.
Audience restriction of = the grant for the client.   This is mostly important where the = client is inferring from the grant what the identity of the presenter = is.

This surfaces in slightly different ways depending on the = use case.

1, Native apps = passing a access token over a back channel API to Authenticate the user = of the App.  This is not a OAuth flow itself but is enabled by = OAuth.
2, Web Applications = using implicit flow.  (there are mitigations but they are not part = of OAuth core)
3, Public = clients using code flow.

Bearer tokens = & MAC with per token secrets are both vulnerable to = this.

One observation = from the security concern text I proposed that Dick and others received = was that 3 could be fixed relatively simply in the = spec.

definitely +1 here.

Another possible = flaw in the Authorization Code Grant flow that affects the Resource = Owner this time (using confidential client) may be the = follow:

Stealing John example (thanks :)) we will have only one = confidential client

Site A is I love Puppies (this time a Good = site)

One resource owner RO1 access Site A in a library/airport =  (just as reminder Site A use the Authorization Code Grant) and = this will imply a login to the Authorization Server (e.g. Facebook). As = result of this the authorization code will stay in the browser = history.
When RO1 finishes he will almost certainly log out from Site = A and Facebook but arguably he will not clean the browser history.
At = this stage an evil resource owner RO2 that also uses Site A will login = in Facebook with his own credentials but will tamper the redirect to = site A with the authorization code of RO1 that is stored on the browser = history.
What will happen is that despite the fact RO2  is = logged in in Facebook with his own credentials will have back the = resource of = RO1.

WDYT?

Regards

Antonio






The = first two are out of scope for OAuth core and can really only be dealt = with by documenting them as a security concern so that people avoid = doing those things without additional security like using token = introspection etc.

So they are all = just different attacks exploiting the same = flaw.

The MS = researchers may have a different opinion, but I have yet to hear = it.

John B.
On = 2012-06-30, at 4:11 AM, Phil Hunt wrote:

John,

Thanks. I am not understanding = yet. But if you believe there is a problem that is enough for me. I do = not mean in any way dismiss it.

Do you think the issue you = described is different from the original message that started this = thread? It seems so to me.

Phil

On 2012-06-29, at 20:34, John = Bradley <ve7jtb@ve7jtb.com>= wrote:

Phil,

You = know not everyone gets a personalized = example:)

In the = below examples there is no proxy or other compromise of the client = required only the ability to do what appears to be a SSO login using = OAuth.
The = attacker needs only a web = browser.

When = they tales about compromised clients,  they are not talking about = needing to compromise the app on the users = phone.

They = can compromise a client on there platform e.g. load it into a iPhone = emulator, or just create a new client that emulates the backend = API.

There = are already script kits to exploit this.   The vulnerability = was distributed in API kits from Faceboo, Apple and = others.

If it = was just one developer getting it wrong that would be one thing, =  hundreds getting it wrong by using the API in trusted development = kits is a much worse problem in my = opinion.

My = hope is to at least make it clear to the library authors and tool = venders, what are unsafe = patterns.

This = exploit is unfortunately not = hypothetical.

John = B.


On = 2012-06-29, at 7:31 PM, Phil Hunt = wrote:

See = below...

Phil
=

@independentid
www.independentid.com
phil.hunt@oracle.com





On 2012-06-29, at 1:54 PM, John = Bradley = wrote:

No,
<= /blockquote>

Trying = to explain this over email is a = challenge:)

This = apples to both native apps and Web Servers who are OAuth = Clients.

Imagine = there are two web servers that authenticate people with Facebook Connect = (just an = example).

Site A = is I love Puppies   (An evil = site)
=
Site B = is I Hate Larry Ellison  (A good = site)
=

You as = a chocolate lover go to Site A and login to get some cool free = screensaver of = Puppies.
Site A = gets a token for your social graph no big deal mostly public stuff. =  However they discovery you work for Mr Evil who they think is = purchasing paradise to put up a parking = lot.
<= blockquote type=3D"cite">

Ummm....ok. I didn't want to go = political on this. = ;-)

They = then go to site B who is using the implicit flow for Facebook = authentication.  They login using a web browser but using any one = of a number of browser plugins modify the response to have the = access_token that they got from you when you logged into their site. =   They now post as you telling everyone that Larry can't sail = and has bad fashion sense. (Perhaps true)  You might now have some = explaining to = do!

Soooo...according to the specs, = there are now TWO = mistakes:

1. Implicit is intended ONLY for = java script clients in the browser. Implicit clients shouldn't have any = data of value (at least retained = data).

2. The MS example states that = they have control of the client application and its = communications.

Do we need to make #1 even more = clearer -- an entire paragraph in all caps maybe? = ;-)

Since the researchers put a = proxy server in between the app and Facebook. Therefore ANY OAUTH flow = would be compromised since they are able to insert tokens into the flow. =  Adding client id isn't going to help (so I agree with you = there).

But I point out this hack only = works if you can intercept the communications = path.

If we were talking about some = sports network on a public internet site, this problem wouldn't come up = unless that hackers have access to the web sites physical network and = can reconfigure the clients proxy server = settings.

In the end, I don't think this = is a valid *oauth* security issue since the assumption is a compromised = client and/or communications path. This is a network security = issue.


It = would be worse if Site B had some PII about you or could transfer the = money from your bank based on that = authentication.


The = same thing could happen with the code flow if the client is public and = doesn't have a secret.   Site A doesn't use the code = themselves when you login,  they just let you through to get the = puppy = photos.
Agreed.
They = immediately take the token to site B and paste it into a legitimate = response (note the client_id is not in the response or code ) the public = client then presents that to the token endpoint with it's client_id to = get the access_token.   The token endpoint just hands it over = because without a client_secret it is not required to authenticate the = client.

What = Dick and I are saying is that we don't see the need not to verify the = client_id in the request to the token endpoint.  If it were = required clients would not be able to mistakenly accept codes issued to = diffrent = clients.


I = strongly suspect most implementations do that already, so why not = clarify the spec on that = point.


That = won't stop the attack on implicit = clients.

This = is why openID 2.0, openID Connect, SAML and every other identity = protocol I can think of audience restrict the assertion to the intended = recipient and sign or integrity protect the = response.

That = is not needed for the typical authorization use case of OAuth, but is a = really good idea if you are asserting Authentication information to the = client.

No = puppies were hurt in the creation of this = message.
John = B.

On = 2012-06-29, at 4:16 PM, Phil Hunt = wrote:

John,

I = think that helps to clarify the authorize = issue.

But = they were talking about a phishing site obtaining a legit access token = from = Facebook.
Let's take Soluto's metro app as = an example to describe the problem. The app supports Facebook Login. As = an attacker, we can write a regular Facebook app. Once the victim user = allows our app to access her Facebook data, we receive an access_token = from the traffic. Then, on our own machine (i.e., the "attacker" = machine), we run the metro app of Soluto, and use a HTTP proxy to insert = the victim's access_token into the traffic of Facebook login. Through = this way, we are able to log into the victim's Soluto account from our = machine. Other than Soluto, we also have confirmed the same issue on = another Windows 8 metro-app = Givit.


Important: the attack works because the researchers had = control of the client application.  And thus they were able to = insert the token between the metro client app and the server because = they are able to get in the communications path. All bets are off. If = the attacker can insert a token then can insert appropriate client_id's = and responses in the stream as = well.
=

Phil
=

@independentid
www.independentid.com
phil.hunt@oracle.com





On = 2012-06-29, at 1:00 PM, John Bradley = wrote:

The attack requires a web = browser that allows modifying the value of the of the redirect URI. =   It is dead simple cut token or code from the string and = paste in the token or code that was granted by the user you want to = impersonate.

OAuth responses are not signed = or audience restricted to the client(except confidential clients using = the code = flow).

In cases where the code or token = is passed over a back channel to a server, faking the entire client is = the easiest thing for the = attacker.

I don't consider these to be = authorization attacks,  rather attacks on a client that is = inappropariatly making unwarranted assumptions about the presenter of = the = token.

John = B.
On 2012-06-29, at 3:29 PM, Phil = Hunt = wrote:

We = need more info on the inject method the researchers used before we can = account for = it.

Phil
=

On 2012-06-29, at 12:16, John = Bradley <ve7jtb@ve7jtb.com>= = wrote:

The = same thing can be done with = code.
=

If the = token endpoint checks the client_id before giving out the access token = then the attack on code can be prevented, as the token endpoint won't = return the access = token.

The = spec dosen't require authenticating public clients currently so it is a = slightly more difficult attack but = possible.

Dick = and I are suggesting closing the hole at the token endpoint so that = nether confidential nor public clients using the code flow are = susceptible to this substitution = attack.

John = B.

On = 2012-06-29, at 2:53 PM, PhiIt helps with the code flow when l Hunt = wrote:

I'm not seeing how client id = helps if a proxy server is somehow involved with inserting the bearer = token as the researchers = suggested.

=
Phil
=

=
On 2012-06-29, at 11:30, John = Bradley <ve7jtb@ve7jtb.com>= = wrote:

=
I = think they only exploited the implicit = flow.
=

=
My point was that there is a way = you could do the same thing with code if it is a public client that is = not authenticating to the token = endpoint.

=
In general making identity = assumptions in the client based on a code or access_token has risks that = are out of scope for = OAuth.

=
We do however want to provide = good advice about specific things that can leave systems insecure when = using = OAuth.

=
John = B.

=
On 2012-06-29, at 2:22 PM, Phil = Hunt = wrote:

=
I'm = not clear whether the MS Security Researcher hack was with the = authorization code or the access token. If the latter, the client_id is = out of the picture isn't = it?

=
Phil
=

=
@independentid
www.independentid.com
phil.hunt@oracle.com
<= blockquote type=3D"cite">

=

=

=

=

=
On = 2012-06-29, at 11:14 AM, Dick Hardt = wrote:

=

=
On Jun = 29, 2012, at 11:06 AM, John Bradley = wrote:

=
It is nice to know that I may = occasionally be = correct:)

=
You = must be delighted when it happens! = ;)

=
While you may assume that it is = reasonable for a client with a code to make a request to the token = endpoint including it's client_id and the server to only give out the = access token if the client_id in the token request matches the one in = the original authorization request.   However the spec = specifically doesn't require = that.
=

=
I = think that is an error in the spec and should be changed, or text adding = saying that the client_id SHOULD be = checked.

=
-- = Dick
<= /blockquote>
_______________________________________________
<= /blockquote>
OAuth mailing = list
<= /blockquote>
OAuth@ietf.org
=
https://www.ietf.org/= mailman/listinfo/oauth
<= /blockquote>

=

=







<smime.p7s>___________________________________________= ____
OAuth mailing = list
OAuth@ietf.org
https://www.ietf.org/= mailman/listinfo/oauth

= --Apple-Mail=_EF4560BB-5107-40E9-A1FE-C797FA9AA3CE-- --Apple-Mail=_5016CA6B-9E53-4A0D-BB46-7F139A40A33A Content-Disposition: attachment; filename=smime.p7s Content-Type: application/pkcs7-signature; name=smime.p7s Content-Transfer-Encoding: base64 MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIPnzCCB7Uw ggadoAMCAQICAh5cMA0GCSqGSIb3DQEBBQUAMIGMMQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3Rh cnRDb20gTHRkLjErMCkGA1UECxMiU2VjdXJlIERpZ2l0YWwgQ2VydGlmaWNhdGUgU2lnbmluZzE4 MDYGA1UEAxMvU3RhcnRDb20gQ2xhc3MgMiBQcmltYXJ5IEludGVybWVkaWF0ZSBDbGllbnQgQ0Ew HhcNMTIwMzE4MDQzMjQ4WhcNMTQwMzE5MTEwNzMyWjCBmzEZMBcGA1UEDRMQR3JUTTZMUzdYMzU3 NzhzOTELMAkGA1UEBhMCQ0wxIjAgBgNVBAgTGU1ldHJvcG9saXRhbmEgZGUgU2FudGlhZ28xFjAU BgNVBAcTDUlzbGEgZGUgTWFpcG8xFTATBgNVBAMTDEpvaG4gQnJhZGxleTEeMBwGCSqGSIb3DQEJ ARYPamJyYWRsZXlAbWUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAskrlBI93 rBTLOQGSwIT6co6dAw/rwDPrRXl6/F2oc4KDn+QN6CdFeHo08H846VJS9CDjLKvnK9jbxxs4wYqe nKdPb3jgzt8oc7b9ZXtWkOgsxgMf6dBZ/IPm4lWBpCbSr3seDGDXEpiE2lTZXno7c25OguR4E6Qa hcpHABZjeEWK65mMH25gmoRf5MY1k3quu5y+FCYCHE2iwU5jzq+mI3HmG59+UMFLx1fjV+zTslRw 26cQDC/uepwjeYSp8S26hfWipVWwQj4js/C7RoPtvt2iyeU+LSH81jG4wlAWntiOG1WtoXUuXWSc ExhciKeKWCnemy9qqmxRfJqBROeGlQIDAQABo4IEDjCCBAowCQYDVR0TBAIwADALBgNVHQ8EBAMC BLAwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMEMB0GA1UdDgQWBBQ/A7/CxKEnzpqmZlLz 9iaQMy24eTAfBgNVHSMEGDAWgBSuVYNv7DHKufcd+q9rMfPIHeOsuzB+BgNVHREEdzB1gQ9qYnJh ZGxleUBtZS5jb22BD2picmFkbGV5QG1lLmNvbYEQamJyYWRsZXlAbWFjLmNvbYERdmU3anRiQHZl N2p0Yi5jb22BE2picmFkbGV5QHdpbmdhYS5jb22BF2pvaG4uYnJhZGxleUB3aW5nYWEuY29tMIIC IQYDVR0gBIICGDCCAhQwggIQBgsrBgEEAYG1NwECAjCCAf8wLgYIKwYBBQUHAgEWImh0dHA6Ly93 d3cuc3RhcnRzc2wuY29tL3BvbGljeS5wZGYwNAYIKwYBBQUHAgEWKGh0dHA6Ly93d3cuc3RhcnRz c2wuY29tL2ludGVybWVkaWF0ZS5wZGYwgfcGCCsGAQUFBwICMIHqMCcWIFN0YXJ0Q29tIENlcnRp ZmljYXRpb24gQXV0aG9yaXR5MAMCAQEagb5UaGlzIGNlcnRpZmljYXRlIHdhcyBpc3N1ZWQgYWNj b3JkaW5nIHRvIHRoZSBDbGFzcyAyIFZhbGlkYXRpb24gcmVxdWlyZW1lbnRzIG9mIHRoZSBTdGFy dENvbSBDQSBwb2xpY3ksIHJlbGlhbmNlIG9ubHkgZm9yIHRoZSBpbnRlbmRlZCBwdXJwb3NlIGlu IGNvbXBsaWFuY2Ugb2YgdGhlIHJlbHlpbmcgcGFydHkgb2JsaWdhdGlvbnMuMIGcBggrBgEFBQcC AjCBjzAnFiBTdGFydENvbSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTADAgECGmRMaWFiaWxpdHkg YW5kIHdhcnJhbnRpZXMgYXJlIGxpbWl0ZWQhIFNlZSBzZWN0aW9uICJMZWdhbCBhbmQgTGltaXRh dGlvbnMiIG9mIHRoZSBTdGFydENvbSBDQSBwb2xpY3kuMDYGA1UdHwQvMC0wK6ApoCeGJWh0dHA6 Ly9jcmwuc3RhcnRzc2wuY29tL2NydHUyLWNybC5jcmwwgY4GCCsGAQUFBwEBBIGBMH8wOQYIKwYB BQUHMAGGLWh0dHA6Ly9vY3NwLnN0YXJ0c3NsLmNvbS9zdWIvY2xhc3MyL2NsaWVudC9jYTBCBggr BgEFBQcwAoY2aHR0cDovL2FpYS5zdGFydHNzbC5jb20vY2VydHMvc3ViLmNsYXNzMi5jbGllbnQu Y2EuY3J0MCMGA1UdEgQcMBqGGGh0dHA6Ly93d3cuc3RhcnRzc2wuY29tLzANBgkqhkiG9w0BAQUF AAOCAQEAEcfD4PmHrX+W3zaP/KsR4gwLAL0UTaMz14SIng6a9F3kb8ZDbTUneS9ubgpqeJQP2IFc 0U5gQnJ3XeCH6p9I88mvm1NqKQw8WvfglS0aIS19vfpTgXJSPdIO2JJPRqaBtXf3zkdXJwckX9/d NMrLGeGvaFT9fUNdQdHU4BI1pVUpgKr796T7LTc/ERfH8iFp1+CmdVkJ6Y2iJdWUp4h17XmbxbIT 0CdS4SSk/VW8LFsn/mVz6hB73VthwjGsIku54Wp4pRuq1KX+pATnRk3pHRa1z3mxJMmq7OEXENcC Vm+bAnyUrYbUilNS9UVTYS8/3dVsKiNupBaOZO+vOgJqVDCCB+IwggXKoAMCAQICAQ4wDQYJKoZI hvcNAQEFBQAwfTELMAkGA1UEBhMCSUwxFjAUBgNVBAoTDVN0YXJ0Q29tIEx0ZC4xKzApBgNVBAsT IlNlY3VyZSBEaWdpdGFsIENlcnRpZmljYXRlIFNpZ25pbmcxKTAnBgNVBAMTIFN0YXJ0Q29tIENl cnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA3MTAyNDIxMDI1NFoXDTEyMTAyMjIxMDI1NFowgYwx CzAJBgNVBAYTAklMMRYwFAYDVQQKEw1TdGFydENvbSBMdGQuMSswKQYDVQQLEyJTZWN1cmUgRGln aXRhbCBDZXJ0aWZpY2F0ZSBTaWduaW5nMTgwNgYDVQQDEy9TdGFydENvbSBDbGFzcyAyIFByaW1h cnkgSW50ZXJtZWRpYXRlIENsaWVudCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB AMsohUWcASz7GfKrpTOMKqANy9BV7V0igWdGxA8IU77L3aTxErQ+fcxtDYZ36Z6GH0YFn7fq5RAD teP0AYzrCA+EQTfi8q1+kA3m0nwtwXG94M5sIqsvs7lRP1aycBke/s5g9hJHryZ2acScnzczjBCA o7X1v5G3yw8MDP2m2RCye0KfgZ4nODerZJVzhAlOD9YejvAXZqHksw56HzElVIoYSZ3q4+RJuPXX fIoyby+Y2m1E+YzX5iCZXBx05gk6MKAW1vaw4/v2OOLy6FZH3XHHtOkzUreG//CsFnB9+uaYSlR6 5cdGzTsmoIK8WH1ygoXhRBm98SD7Hf/r3FELNvUCAwEAAaOCA1swggNXMAwGA1UdEwQFMAMBAf8w CwYDVR0PBAQDAgGmMB0GA1UdDgQWBBSuVYNv7DHKufcd+q9rMfPIHeOsuzCBqAYDVR0jBIGgMIGd gBROC+8apEBbpRdphzDKNGhD0EGu8qGBgaR/MH0xCzAJBgNVBAYTAklMMRYwFAYDVQQKEw1TdGFy dENvbSBMdGQuMSswKQYDVQQLEyJTZWN1cmUgRGlnaXRhbCBDZXJ0aWZpY2F0ZSBTaWduaW5nMSkw JwYDVQQDEyBTdGFydENvbSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eYIBATAJBgNVHRIEAjAAMD0G CCsGAQUFBwEBBDEwLzAtBggrBgEFBQcwAoYhaHR0cDovL3d3dy5zdGFydHNzbC5jb20vc2ZzY2Eu Y3J0MGAGA1UdHwRZMFcwLKAqoCiGJmh0dHA6Ly9jZXJ0LnN0YXJ0Y29tLm9yZy9zZnNjYS1jcmwu Y3JsMCegJaAjhiFodHRwOi8vY3JsLnN0YXJ0c3NsLmNvbS9zZnNjYS5jcmwwggFdBgNVHSAEggFU MIIBUDCCAUwGCysGAQQBgbU3AQEEMIIBOzAvBggrBgEFBQcCARYjaHR0cDovL2NlcnQuc3RhcnRj b20ub3JnL3BvbGljeS5wZGYwNQYIKwYBBQUHAgEWKWh0dHA6Ly9jZXJ0LnN0YXJ0Y29tLm9yZy9p bnRlcm1lZGlhdGUucGRmMIHQBggrBgEFBQcCAjCBwzAnFiBTdGFydCBDb21tZXJjaWFsIChTdGFy dENvbSkgTHRkLjADAgEBGoGXTGltaXRlZCBMaWFiaWxpdHksIHJlYWQgdGhlIHNlY3Rpb24gKkxl Z2FsIExpbWl0YXRpb25zKiBvZiB0aGUgU3RhcnRDb20gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkg UG9saWN5IGF2YWlsYWJsZSBhdCBodHRwOi8vY2VydC5zdGFydGNvbS5vcmcvcG9saWN5LnBkZjAR BglghkgBhvhCAQEEBAMCAAcwUAYJYIZIAYb4QgENBEMWQVN0YXJ0Q29tIENsYXNzIDIgUHJpbWFy eSBJbnRlcm1lZGlhdGUgRnJlZSBTU0wgRW1haWwgQ2VydGlmaWNhdGVzMA0GCSqGSIb3DQEBBQUA A4ICAQAe9xAX/vbphHkvkDdNrslXWdO7fD3JaqnTT3jmmDu55r7UpW1H/v/J40UBXsw9DKU8TylE 4RwZT5HDAMW42f1x498AzM4FOnL/pUTTvr6BiRlrify5ZovkDYVWjy1GYTJ+hPiBEv0HmHnDxjhn JIIkEvJ+niMHLLEdpNMhZnxMiTFRAtIF4WeYcpgXBjAxsEDRKBvw40K+r3N4lykySQNp2ElIJ8H1 z2BmhxtppUdWpOVJ4Q1Gvn9jfV1qnMhFCDY+X1X8DrkKrTcpDExcGlefweQs7+DYUK3spiQkJpN7 qpPYlfy2GYHedv7lGa1ZAghMI/4882QVAK2zq6M60nHpOUMtYD61XtAs3ZD5L3yn9LCdeK2j4ZbQ 3uRdwvxAMFWwXyUK/ALP4lCu9QhxbnETOkBWT3FJul4/FUgzM0RRCEGhuQWiOFSoa35XJTcYf/4E /ZuvOXhK04nUpe7DYTMWzRqL04yyoJQVHKHKSboytueydKuqFZKdJA9gi77OnPBYL/yxkXGgkLC9 tsi77oT4AgZry0/6lgX56ak+f/umQihNPgtKSQQjEYq9S8MlOHzpUM0vxsghATYsdUPBw6r6ZxDH jXoUAD03DUMEbKsWvqFB7nJNVesngbu8miw1EYLA+fHfTaCidoV3CL75jKqM/KE87qrh9Fqti9bK qnkvpTGCA2wwggNoAgEBMIGTMIGMMQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3RhcnRDb20gTHRk LjErMCkGA1UECxMiU2VjdXJlIERpZ2l0YWwgQ2VydGlmaWNhdGUgU2lnbmluZzE4MDYGA1UEAxMv U3RhcnRDb20gQ2xhc3MgMiBQcmltYXJ5IEludGVybWVkaWF0ZSBDbGllbnQgQ0ECAh5cMAkGBSsO AwIaBQCgggGtMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTEyMDcw MTE4MzUyNFowIwYJKoZIhvcNAQkEMRYEFM4iGhn+93xDHHP7wQAzHFBZ8F4UMIGkBgkrBgEEAYI3 EAQxgZYwgZMwgYwxCzAJBgNVBAYTAklMMRYwFAYDVQQKEw1TdGFydENvbSBMdGQuMSswKQYDVQQL EyJTZWN1cmUgRGlnaXRhbCBDZXJ0aWZpY2F0ZSBTaWduaW5nMTgwNgYDVQQDEy9TdGFydENvbSBD bGFzcyAyIFByaW1hcnkgSW50ZXJtZWRpYXRlIENsaWVudCBDQQICHlwwgaYGCyqGSIb3DQEJEAIL MYGWoIGTMIGMMQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMi U2VjdXJlIERpZ2l0YWwgQ2VydGlmaWNhdGUgU2lnbmluZzE4MDYGA1UEAxMvU3RhcnRDb20gQ2xh c3MgMiBQcmltYXJ5IEludGVybWVkaWF0ZSBDbGllbnQgQ0ECAh5cMA0GCSqGSIb3DQEBAQUABIIB AG4yXNLXTjEc8acSnD9I1Rg9pEPRds0zNKl8QAvEWzNJS3dtapMz6ctP3Q5WubAAKnNfbc3QmjYq nsk7TZLQ2ZzfnNn6curBS2bFVLop7olsse+yqJQakGGgd+1qM8KblKtC9ZXV1rXTmKzasFHK8M8K RUFRxFCaJGFWsycVDAixwULqE2qY4PQIf1WJsuIMd7MbTrrSqNjUcqNsZKwJNKveN92SpxtN1CD6 W5No63GhqnIACqHrlSJarK/HIW8zUD1s65QJ4NJoSX0FiGN7aI9o4DWxkLI32+PWZpoBSoCxyizg qtypOvcgbbtO4dpV2b9B0VqiGRw60JHjJsXDCNkAAAAAAAA= --Apple-Mail=_5016CA6B-9E53-4A0D-BB46-7F139A40A33A-- From phil.hunt@oracle.com Sun Jul 1 11:45:56 2012 Return-Path: X-Original-To: oauth@ietfa.amsl.com Delivered-To: oauth@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0F87111E80AE for ; Sun, 1 Jul 2012 11:45:56 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -10.022 X-Spam-Level: X-Spam-Status: No, score=-10.022 tagged_above=-999 required=5 tests=[AWL=-0.024, BAYES_00=-2.599, HTML_MESSAGE=0.001, J_CHICKENPOX_66=0.6, RCVD_IN_DNSWL_HI=-8] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Dwd1wkFo-OL6 for ; Sun, 1 Jul 2012 11:45:51 -0700 (PDT) Received: from rcsinet15.oracle.com (rcsinet15.oracle.com [148.87.113.117]) by ietfa.amsl.com (Postfix) with ESMTP id 31BE411E8080 for ; Sun, 1 Jul 2012 11:45:51 -0700 (PDT) Received: from acsinet21.oracle.com (acsinet21.oracle.com [141.146.126.237]) by rcsinet15.oracle.com (Sentrion-MTA-4.2.2/Sentrion-MTA-4.2.2) with ESMTP id q61IjpWu018458 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Sun, 1 Jul 2012 18:45:51 GMT Received: from acsmt357.oracle.com (acsmt357.oracle.com [141.146.40.157]) by acsinet21.oracle.com (8.14.4+Sun/8.14.4) with ESMTP id q61IjoPk021722 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Sun, 1 Jul 2012 18:45:50 GMT Received: from abhmt117.oracle.com (abhmt117.oracle.com [141.146.116.69]) by acsmt357.oracle.com (8.12.11.20060308/8.12.11) with ESMTP id q61Ijomi011860; Sun, 1 Jul 2012 13:45:50 -0500 Received: from [192.168.1.8] (/174.7.250.104) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Sun, 01 Jul 2012 11:45:49 -0700 Mime-Version: 1.0 (Apple Message framework v1278) Content-Type: multipart/alternative; boundary="Apple-Mail=_60EDB339-F3EE-4DFB-9FE3-54484B22E922" From: Phil Hunt In-Reply-To: Date: Sun, 1 Jul 2012 11:45:46 -0700 Message-Id: <777CFAE8-674E-46C1-A272-D641B3DFF98A@oracle.com> References: <4FE223E4.6060307@mitre.org> <4FE226BC.6010403@alcatel-lucent.com> <59E470B10C4630419ED717AC79FCF9A910889AB5@BL2PRD0410MB363.namprd04.prod.outlook.com> <59E470B10C4630419ED717AC79FCF9A917052BC8@SN2PRD0410MB370.namprd04.prod.outlook.com> <4FE37D38.1030407@gmail.com> <59E470B10C4630419ED717AC79FCF9A91A2C8949@CH1PRD0410MB369.namprd04.prod.outlook.com> <59E470B10C4630419ED717AC79FCF9A91A2D1309@CH1PRD0410MB369.namprd04.prod.outlook.com> <496AFB1D-A609-4188-B92D-2185E8880388@ve7jtb.com> <59E470B10C4630419ED717AC79FCF9A91A2D13C9@CH1PRD0410MB369.namprd04.prod.outlook.com> <67F8B633-E4C8-42F6-B84C-FDBC337B7EEA@ve7jtb.com> <04C05FAA-63BC-4441-8540-36280E40DB98@adobe.com> <4FEDE4AF.9030107@mitre.org> <8C18C43D-AC63-465A-ADC2-966CE7F38685@gmail.com> <71899C6B-40A6-46E8-BCF8-BF9C43B83C64@oracle.com> <83124DF5-8D21-4D63-9D37-BBFBA0932065@ve7jtb.com> <353091D2-F63F-4D48-A49B-99E53FE31954@oracle.com> <7ED8AA4B-85D0-4D60-AFB6-C50503042A52@ve7jtb.com> <9DFCB89E-39E2-4F70-A9F8-4D245800D798@oracle.com> <7A8FC3E0-79E4-403D-8A4E-16CBCD55C565@oracle.com> <904BFB7C-0A84-427F-BA06-CBEE90FCCF53@ve7jtb.com> <44E9325B-02A7-4668-9A56-57047C56DC93@adobe.com> To: John Bradley X-Mailer: Apple Mail (2.1278) X-Source-IP: acsinet21.oracle.com [141.146.126.237] Cc: "oauth@ietf.org" Subject: Re: [OAUTH-WG] Report an authentication issue X-BeenThere: oauth@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: OAUTH WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 01 Jul 2012 18:45:56 -0000 --Apple-Mail=_60EDB339-F3EE-4DFB-9FE3-54484B22E922 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii John, Thanks. I agree. Regarding my comment (on the other thread: Inadvertent = cross-authentication through cached auth session) was directed at the = same thing happening by simply restoring the previous users login state = from a browser cookie. A much simpler and unintentional variant of the = scenario. Phil @independentid www.independentid.com phil.hunt@oracle.com On 2012-07-01, at 11:35 AM, John Bradley wrote: > There are existing mitigations in the spec to to prevent this attack = on a confidential client. >=20 > code > REQUIRED. The authorization code generated by the > authorization server. The authorization code MUST expire > shortly after it is issued to mitigate the risk of leaks. A > maximum authorization code lifetime of 10 minutes is > RECOMMENDED. The client MUST NOT use the authorization code > more than once. If an authorization code is used more than > once, the authorization server MUST deny the request and = SHOULD > revoke (when possible) all tokens previously issued based on = that authorization code. > The authorization code is bound to the client identifier and = redirection URI. >=20 > The code in the browser is precluded from being accepted twice by the = authorization server. > I don't think any additional security concern is required for this. >=20 > Now back in the real world, you are correct, this attack works = perfectly well on some authorization servers (Facebook for one). > They however are not following the current OAuth 2 specification, they = allow the code to live perhaps indefinitely (The only way I have found = to invalidate code is by resetting the account password), > and also accept it multiple times (I have not found a limit submitting = the same code for months). =20 >=20 > Facebook do at-least bind the code to the client_id, at least for = authenticated clients. >=20 > I think for this the spec is correct and some implementations are = non-conformant. >=20 > There is a long list of stupid things people can do if they ignore = parts of the spec. >=20 > John B. >=20 >=20 > On 2012-07-01, at 11:03 AM, Antonio Sanso wrote: >=20 >> Hi *, >> On Jun 30, 2012, at 7:46 PM, John Bradley wrote: >>=20 >>> There is one Core issue. >>> Audience restriction of the grant for the client. This is mostly = important where the client is inferring from the grant what the identity = of the presenter is. >>>=20 >>> This surfaces in slightly different ways depending on the use case. >>>=20 >>> 1, Native apps passing a access token over a back channel API to = Authenticate the user of the App. This is not a OAuth flow itself but = is enabled by OAuth. >>> 2, Web Applications using implicit flow. (there are mitigations but = they are not part of OAuth core) >>> 3, Public clients using code flow. >>>=20 >>> Bearer tokens & MAC with per token secrets are both vulnerable to = this. >>>=20 >>> One observation from the security concern text I proposed that Dick = and others received was that 3 could be fixed relatively simply in the = spec. >>=20 >> definitely +1 here. >>=20 >> Another possible flaw in the Authorization Code Grant flow that = affects the Resource Owner this time (using confidential client) may be = the follow: >>=20 >> Stealing John example (thanks :)) we will have only one confidential = client >>=20 >> Site A is I love Puppies (this time a Good site) >>=20 >> One resource owner RO1 access Site A in a library/airport (just as = reminder Site A use the Authorization Code Grant) and this will imply a = login to the Authorization Server (e.g. Facebook). As result of this the = authorization code will stay in the browser history. >> When RO1 finishes he will almost certainly log out from Site A and = Facebook but arguably he will not clean the browser history. >> At this stage an evil resource owner RO2 that also uses Site A will = login in Facebook with his own credentials but will tamper the redirect = to site A with the authorization code of RO1 that is stored on the = browser history. >> What will happen is that despite the fact RO2 is logged in in = Facebook with his own credentials will have back the resource of RO1. >>=20 >> WDYT? >>=20 >> Regards >>=20 >> Antonio >>=20 >>=20 >>=20 >>=20 >>=20 >>>=20 >>> The first two are out of scope for OAuth core and can really only be = dealt with by documenting them as a security concern so that people = avoid doing those things without additional security like using token = introspection etc. >>>=20 >>> So they are all just different attacks exploiting the same flaw. >>>=20 >>> The MS researchers may have a different opinion, but I have yet to = hear it. >>>=20 >>> John B. >>> On 2012-06-30, at 4:11 AM, Phil Hunt wrote: >>>=20 >>>> John, >>>>=20 >>>> Thanks. I am not understanding yet. But if you believe there is a = problem that is enough for me. I do not mean in any way dismiss it. >>>>=20 >>>> Do you think the issue you described is different from the original = message that started this thread? It seems so to me. >>>>=20 >>>> Phil >>>>=20 >>>> On 2012-06-29, at 20:34, John Bradley wrote: >>>>=20 >>>>> Phil, >>>>>=20 >>>>> You know not everyone gets a personalized example:) >>>>>=20 >>>>> In the below examples there is no proxy or other compromise of the = client required only the ability to do what appears to be a SSO login = using OAuth. >>>>> The attacker needs only a web browser. >>>>>=20 >>>>> When they tales about compromised clients, they are not talking = about needing to compromise the app on the users phone. >>>>>=20 >>>>> They can compromise a client on there platform e.g. load it into a = iPhone emulator, or just create a new client that emulates the backend = API. >>>>>=20 >>>>> There are already script kits to exploit this. The vulnerability = was distributed in API kits from Faceboo, Apple and others. >>>>>=20 >>>>> If it was just one developer getting it wrong that would be one = thing, hundreds getting it wrong by using the API in trusted = development kits is a much worse problem in my opinion. >>>>>=20 >>>>> My hope is to at least make it clear to the library authors and = tool venders, what are unsafe patterns. >>>>>=20 >>>>> This exploit is unfortunately not hypothetical. >>>>>=20 >>>>> John B. >>>>>=20 >>>>>=20 >>>>> On 2012-06-29, at 7:31 PM, Phil Hunt wrote: >>>>>=20 >>>>>> See below... >>>>>>=20 >>>>>> Phil >>>>>>=20 >>>>>> @independentid >>>>>> www.independentid.com >>>>>> phil.hunt@oracle.com >>>>>>=20 >>>>>>=20 >>>>>>=20 >>>>>>=20 >>>>>>=20 >>>>>> On 2012-06-29, at 1:54 PM, John Bradley wrote: >>>>>>=20 >>>>>>> No, >>>>>>>=20 >>>>>>> Trying to explain this over email is a challenge:) >>>>>>>=20 >>>>>>> This apples to both native apps and Web Servers who are OAuth = Clients. >>>>>>>=20 >>>>>>> Imagine there are two web servers that authenticate people with = Facebook Connect (just an example). >>>>>>>=20 >>>>>>> Site A is I love Puppies (An evil site) >>>>>>> Site B is I Hate Larry Ellison (A good site) >>>>>>>=20 >>>>>>> You as a chocolate lover go to Site A and login to get some cool = free screensaver of Puppies. >>>>>>> Site A gets a token for your social graph no big deal mostly = public stuff. However they discovery you work for Mr Evil who they = think is purchasing paradise to put up a parking lot. >>>>>>=20 >>>>>> Ummm....ok. I didn't want to go political on this. ;-) >>>>>>>=20 >>>>>>> They then go to site B who is using the implicit flow for = Facebook authentication. They login using a web browser but using any = one of a number of browser plugins modify the response to have the = access_token that they got from you when you logged into their site. = They now post as you telling everyone that Larry can't sail and has bad = fashion sense. (Perhaps true) You might now have some explaining to do! >>>>>>=20 >>>>>> Soooo...according to the specs, there are now TWO mistakes: >>>>>>=20 >>>>>> 1. Implicit is intended ONLY for java script clients in the = browser. Implicit clients shouldn't have any data of value (at least = retained data). >>>>>>=20 >>>>>> 2. The MS example states that they have control of the client = application and its communications. >>>>>>=20 >>>>>> Do we need to make #1 even more clearer -- an entire paragraph in = all caps maybe? ;-) >>>>>>=20 >>>>>> Since the researchers put a proxy server in between the app and = Facebook. Therefore ANY OAUTH flow would be compromised since they are = able to insert tokens into the flow. Adding client id isn't going to = help (so I agree with you there). >>>>>>=20 >>>>>> But I point out this hack only works if you can intercept the = communications path. >>>>>>=20 >>>>>> If we were talking about some sports network on a public internet = site, this problem wouldn't come up unless that hackers have access to = the web sites physical network and can reconfigure the clients proxy = server settings. >>>>>>=20 >>>>>> In the end, I don't think this is a valid *oauth* security issue = since the assumption is a compromised client and/or communications path. = This is a network security issue. >>>>>>=20 >>>>>>=20 >>>>>>> It would be worse if Site B had some PII about you or could = transfer the money from your bank based on that authentication. >>>>>>=20 >>>>>>>=20 >>>>>>> The same thing could happen with the code flow if the client is = public and doesn't have a secret. Site A doesn't use the code = themselves when you login, they just let you through to get the puppy = photos. >>>>>> Agreed. >>>>>>> They immediately take the token to site B and paste it into a = legitimate response (note the client_id is not in the response or code ) = the public client then presents that to the token endpoint with it's = client_id to get the access_token. The token endpoint just hands it = over because without a client_secret it is not required to authenticate = the client. >>>>>>>=20 >>>>>>> What Dick and I are saying is that we don't see the need not to = verify the client_id in the request to the token endpoint. If it were = required clients would not be able to mistakenly accept codes issued to = diffrent clients. >>>>>>=20 >>>>>>>=20 >>>>>>> I strongly suspect most implementations do that already, so why = not clarify the spec on that point. >>>>>>=20 >>>>>>>=20 >>>>>>> That won't stop the attack on implicit clients. >>>>>>>=20 >>>>>>> This is why openID 2.0, openID Connect, SAML and every other = identity protocol I can think of audience restrict the assertion to the = intended recipient and sign or integrity protect the response. >>>>>>>=20 >>>>>>> That is not needed for the typical authorization use case of = OAuth, but is a really good idea if you are asserting Authentication = information to the client. >>>>>>>=20 >>>>>>> No puppies were hurt in the creation of this message. >>>>>>> John B. >>>>>>>=20 >>>>>>> On 2012-06-29, at 4:16 PM, Phil Hunt wrote: >>>>>>>=20 >>>>>>>> John, >>>>>>>>=20 >>>>>>>> I think that helps to clarify the authorize issue. >>>>>>>>=20 >>>>>>>> But they were talking about a phishing site obtaining a legit = access token from Facebook. >>>>>>>>> Let's take Soluto's metro app as an example to describe the = problem. The app supports Facebook Login. As an attacker, we can write a = regular Facebook app. Once the victim user allows our app to access her = Facebook data, we receive an access_token from the traffic. Then, on our = own machine (i.e., the "attacker" machine), we run the metro app of = Soluto, and use a HTTP proxy to insert the victim's access_token into = the traffic of Facebook login. Through this way, we are able to log into = the victim's Soluto account from our machine. Other than Soluto, we also = have confirmed the same issue on another Windows 8 metro-app Givit. >>>>>>>>=20 >>>>>>>>=20 >>>>>>>> Important: the attack works because the researchers had control = of the client application. And thus they were able to insert the token = between the metro client app and the server because they are able to get = in the communications path. All bets are off. If the attacker can insert = a token then can insert appropriate client_id's and responses in the = stream as well. >>>>>>>>=20 >>>>>>>> Phil >>>>>>>>=20 >>>>>>>> @independentid >>>>>>>> www.independentid.com >>>>>>>> phil.hunt@oracle.com >>>>>>>>=20 >>>>>>>>=20 >>>>>>>>=20 >>>>>>>>=20 >>>>>>>>=20 >>>>>>>> On 2012-06-29, at 1:00 PM, John Bradley wrote: >>>>>>>>=20 >>>>>>>>> The attack requires a web browser that allows modifying the = value of the of the redirect URI. It is dead simple cut token or code = from the string and paste in the token or code that was granted by the = user you want to impersonate. >>>>>>>>>=20 >>>>>>>>> OAuth responses are not signed or audience restricted to the = client(except confidential clients using the code flow). >>>>>>>>>=20 >>>>>>>>> In cases where the code or token is passed over a back channel = to a server, faking the entire client is the easiest thing for the = attacker. >>>>>>>>>=20 >>>>>>>>> I don't consider these to be authorization attacks, rather = attacks on a client that is inappropariatly making unwarranted = assumptions about the presenter of the token. >>>>>>>>>=20 >>>>>>>>> John B. >>>>>>>>> On 2012-06-29, at 3:29 PM, Phil Hunt wrote: >>>>>>>>>=20 >>>>>>>>>> We need more info on the inject method the researchers used = before we can account for it. >>>>>>>>>>=20 >>>>>>>>>> Phil >>>>>>>>>>=20 >>>>>>>>>> On 2012-06-29, at 12:16, John Bradley = wrote: >>>>>>>>>>=20 >>>>>>>>>>> The same thing can be done with code. >>>>>>>>>>>=20 >>>>>>>>>>> If the token endpoint checks the client_id before giving out = the access token then the attack on code can be prevented, as the token = endpoint won't return the access token. >>>>>>>>>>>=20 >>>>>>>>>>> The spec dosen't require authenticating public clients = currently so it is a slightly more difficult attack but possible. >>>>>>>>>>>=20 >>>>>>>>>>> Dick and I are suggesting closing the hole at the token = endpoint so that nether confidential nor public clients using the code = flow are susceptible to this substitution attack. >>>>>>>>>>>=20 >>>>>>>>>>> John B. >>>>>>>>>>>=20 >>>>>>>>>>> On 2012-06-29, at 2:53 PM, PhiIt helps with the code flow = when l Hunt wrote: >>>>>>>>>>>=20 >>>>>>>>>>>> I'm not seeing how client id helps if a proxy server is = somehow involved with inserting the bearer token as the researchers = suggested. >>>>>>>>>>>>=20 >>>>>>>>>>>> Phil >>>>>>>>>>>>=20 >>>>>>>>>>>> On 2012-06-29, at 11:30, John Bradley = wrote: >>>>>>>>>>>>=20 >>>>>>>>>>>>> I think they only exploited the implicit flow. >>>>>>>>>>>>>=20 >>>>>>>>>>>>> My point was that there is a way you could do the same = thing with code if it is a public client that is not authenticating to = the token endpoint. >>>>>>>>>>>>>=20 >>>>>>>>>>>>> In general making identity assumptions in the client based = on a code or access_token has risks that are out of scope for OAuth. >>>>>>>>>>>>>=20 >>>>>>>>>>>>> We do however want to provide good advice about specific = things that can leave systems insecure when using OAuth. >>>>>>>>>>>>>=20 >>>>>>>>>>>>> John B. >>>>>>>>>>>>>=20 >>>>>>>>>>>>> On 2012-06-29, at 2:22 PM, Phil Hunt wrote: >>>>>>>>>>>>>=20 >>>>>>>>>>>>>> I'm not clear whether the MS Security Researcher hack was = with the authorization code or the access token. If the latter, the = client_id is out of the picture isn't it? >>>>>>>>>>>>>>=20 >>>>>>>>>>>>>> Phil >>>>>>>>>>>>>>=20 >>>>>>>>>>>>>> @independentid >>>>>>>>>>>>>> www.independentid.com >>>>>>>>>>>>>> phil.hunt@oracle.com >>>>>>>>>>>>>>=20 >>>>>>>>>>>>>>=20 >>>>>>>>>>>>>>=20 >>>>>>>>>>>>>>=20 >>>>>>>>>>>>>>=20 >>>>>>>>>>>>>> On 2012-06-29, at 11:14 AM, Dick Hardt wrote: >>>>>>>>>>>>>>=20 >>>>>>>>>>>>>>>=20 >>>>>>>>>>>>>>> On Jun 29, 2012, at 11:06 AM, John Bradley wrote: >>>>>>>>>>>>>>>=20 >>>>>>>>>>>>>>>> It is nice to know that I may occasionally be correct:) >>>>>>>>>>>>>>>=20 >>>>>>>>>>>>>>> You must be delighted when it happens! ;) >>>>>>>>>>>>>>>=20 >>>>>>>>>>>>>>>> While you may assume that it is reasonable for a client = with a code to make a request to the token endpoint including it's = client_id and the server to only give out the access token if the = client_id in the token request matches the one in the original = authorization request. However the spec specifically doesn't require = that. >>>>>>>>>>>>>>>=20 >>>>>>>>>>>>>>> I think that is an error in the spec and should be = changed, or text adding saying that the client_id SHOULD be checked. >>>>>>>>>>>>>>>=20 >>>>>>>>>>>>>>> -- Dick >>>>>>>>>>>>>>> _______________________________________________ >>>>>>>>>>>>>>> OAuth mailing list >>>>>>>>>>>>>>> OAuth@ietf.org >>>>>>>>>>>>>>> https://www.ietf.org/mailman/listinfo/oauth >>>>>>>>>>>>>>=20 >>>>>>>>>>>>>=20 >>>>>>>>>>>=20 >>>>>>>>>=20 >>>>>>>>=20 >>>>>>>=20 >>>>>>=20 >>>>>=20 >>>=20 >>> _______________________________________________ >>> OAuth mailing list >>> OAuth@ietf.org >>> https://www.ietf.org/mailman/listinfo/oauth >>=20 >=20 --Apple-Mail=_60EDB339-F3EE-4DFB-9FE3-54484B22E922 Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=us-ascii
Phil

@independentid
www.independentid.com
phil.hunt@oracle.com





On 2012-07-01, at 11:35 AM, John Bradley wrote:

There are existing mitigations = in the spec to to prevent this attack on a confidential = client.

code
         REQUIRED.  The authorization code generated by the
         authorization server.  The authorization code MUST expire
         shortly after it is issued to mitigate the risk of leaks.  A
         maximum authorization code lifetime of 10 minutes is
         RECOMMENDED.  The client MUST NOT use the authorization code
         more than once.  If an authorization code is used more than
         once, the authorization server MUST deny the request and SHOULD
         revoke (when possible) all tokens previously issued based on =
that authorization code.

         The authorization code is =
bound to the client identifier and redirection =
URI.

The code in the browser = is precluded from being accepted twice by the authorization = server.
I don't think any additional security concern is = required for this.

Now back in the real world, = you are correct, this attack works perfectly well on some authorization = servers (Facebook for one).
They however are not following the = current OAuth 2 specification, they allow the code to live perhaps = indefinitely  (The only way I have found to invalidate code is by = resetting the account password),
and also accept it multiple = times (I have not found a limit submitting the same code for months). =  

Facebook do at-least  bind the code = to the client_id, at least for authenticated = clients.

I think for this the spec is correct = and some implementations are = non-conformant.

There is a long list of stupid = things people can do if they ignore parts of the = spec.

John = B.


On 2012-07-01, at 11:03 AM, = Antonio Sanso wrote:

Hi = *,
On Jun 30, 2012, at 7:46 PM, John Bradley = wrote:

There is one Core = issue.
Audience restriction of = the grant for the client.   This is mostly important where the = client is inferring from the grant what the identity of the presenter = is.

This surfaces in slightly different ways depending on the = use case.

1, Native apps = passing a access token over a back channel API to Authenticate the user = of the App.  This is not a OAuth flow itself but is enabled by = OAuth.
2, Web Applications = using implicit flow.  (there are mitigations but they are not part = of OAuth core)
3, Public = clients using code flow.

Bearer tokens = & MAC with per token secrets are both vulnerable to = this.

One observation = from the security concern text I proposed that Dick and others received = was that 3 could be fixed relatively simply in the = spec.

definitely +1 here.

Another possible = flaw in the Authorization Code Grant flow that affects the Resource = Owner this time (using confidential client) may be the = follow:

Stealing John example (thanks :)) we will have only one = confidential client

Site A is I love Puppies (this time a Good = site)

One resource owner RO1 access Site A in a library/airport =  (just as reminder Site A use the Authorization Code Grant) and = this will imply a login to the Authorization Server (e.g. Facebook). As = result of this the authorization code will stay in the browser = history.
When RO1 finishes he will almost certainly log out from Site = A and Facebook but arguably he will not clean the browser history.
At = this stage an evil resource owner RO2 that also uses Site A will login = in Facebook with his own credentials but will tamper the redirect to = site A with the authorization code of RO1 that is stored on the browser = history.
What will happen is that despite the fact RO2  is = logged in in Facebook with his own credentials will have back the = resource of = RO1.

WDYT?

Regards

Antonio






The = first two are out of scope for OAuth core and can really only be dealt = with by documenting them as a security concern so that people avoid = doing those things without additional security like using token = introspection etc.

So they are all = just different attacks exploiting the same = flaw.

The MS = researchers may have a different opinion, but I have yet to hear = it.

John B.
On = 2012-06-30, at 4:11 AM, Phil Hunt wrote:

John,

Thanks. I am not understanding = yet. But if you believe there is a problem that is enough for me. I do = not mean in any way dismiss it.

Do you think the issue you = described is different from the original message that started this = thread? It seems so to me.

Phil

On 2012-06-29, at 20:34, John = Bradley <ve7jtb@ve7jtb.com>= wrote:

Phil,

You = know not everyone gets a personalized = example:)

In the = below examples there is no proxy or other compromise of the client = required only the ability to do what appears to be a SSO login using = OAuth.
The = attacker needs only a web = browser.

When = they tales about compromised clients,  they are not talking about = needing to compromise the app on the users = phone.

They = can compromise a client on there platform e.g. load it into a iPhone = emulator, or just create a new client that emulates the backend = API.

There = are already script kits to exploit this.   The vulnerability = was distributed in API kits from Faceboo, Apple and = others.

If it = was just one developer getting it wrong that would be one thing, =  hundreds getting it wrong by using the API in trusted development = kits is a much worse problem in my = opinion.

My = hope is to at least make it clear to the library authors and tool = venders, what are unsafe = patterns.

This = exploit is unfortunately not = hypothetical.

John = B.


On = 2012-06-29, at 7:31 PM, Phil Hunt = wrote:

See = below...

Phil
=

@independentid
www.independentid.com
phil.hunt@oracle.com





On 2012-06-29, at 1:54 PM, John = Bradley = wrote:

No,
<= /blockquote>

Trying = to explain this over email is a = challenge:)

This = apples to both native apps and Web Servers who are OAuth = Clients.

Imagine = there are two web servers that authenticate people with Facebook Connect = (just an = example).

Site A = is I love Puppies   (An evil = site)
=
Site B = is I Hate Larry Ellison  (A good = site)
=

You as = a chocolate lover go to Site A and login to get some cool free = screensaver of = Puppies.
Site A = gets a token for your social graph no big deal mostly public stuff. =  However they discovery you work for Mr Evil who they think is = purchasing paradise to put up a parking = lot.
<= blockquote type=3D"cite">

Ummm....ok. I didn't want to go = political on this. = ;-)

They = then go to site B who is using the implicit flow for Facebook = authentication.  They login using a web browser but using any one = of a number of browser plugins modify the response to have the = access_token that they got from you when you logged into their site. =   They now post as you telling everyone that Larry can't sail = and has bad fashion sense. (Perhaps true)  You might now have some = explaining to = do!

Soooo...according to the specs, = there are now TWO = mistakes:

1. Implicit is intended ONLY for = java script clients in the browser. Implicit clients shouldn't have any = data of value (at least retained = data).

2. The MS example states that = they have control of the client application and its = communications.

Do we need to make #1 even more = clearer -- an entire paragraph in all caps maybe? = ;-)

Since the researchers put a = proxy server in between the app and Facebook. Therefore ANY OAUTH flow = would be compromised since they are able to insert tokens into the flow. =  Adding client id isn't going to help (so I agree with you = there).

But I point out this hack only = works if you can intercept the communications = path.

If we were talking about some = sports network on a public internet site, this problem wouldn't come up = unless that hackers have access to the web sites physical network and = can reconfigure the clients proxy server = settings.

In the end, I don't think this = is a valid *oauth* security issue since the assumption is a compromised = client and/or communications path. This is a network security = issue.


It = would be worse if Site B had some PII about you or could transfer the = money from your bank based on that = authentication.


The = same thing could happen with the code flow if the client is public and = doesn't have a secret.   Site A doesn't use the code = themselves when you login,  they just let you through to get the = puppy = photos.
Agreed.
They = immediately take the token to site B and paste it into a legitimate = response (note the client_id is not in the response or code ) the public = client then presents that to the token endpoint with it's client_id to = get the access_token.   The token endpoint just hands it over = because without a client_secret it is not required to authenticate the = client.

What = Dick and I are saying is that we don't see the need not to verify the = client_id in the request to the token endpoint.  If it were = required clients would not be able to mistakenly accept codes issued to = diffrent = clients.


I = strongly suspect most implementations do that already, so why not = clarify the spec on that = point.


That = won't stop the attack on implicit = clients.

This = is why openID 2.0, openID Connect, SAML and every other identity = protocol I can think of audience restrict the assertion to the intended = recipient and sign or integrity protect the = response.

That = is not needed for the typical authorization use case of OAuth, but is a = really good idea if you are asserting Authentication information to the = client.

No = puppies were hurt in the creation of this = message.
John = B.

On = 2012-06-29, at 4:16 PM, Phil Hunt = wrote:

John,

I = think that helps to clarify the authorize = issue.

But = they were talking about a phishing site obtaining a legit access token = from = Facebook.
Let's take Soluto's metro app as = an example to describe the problem. The app supports Facebook Login. As = an attacker, we can write a regular Facebook app. Once the victim user = allows our app to access her Facebook data, we receive an access_token = from the traffic. Then, on our own machine (i.e., the "attacker" = machine), we run the metro app of Soluto, and use a HTTP proxy to insert = the victim's access_token into the traffic of Facebook login. Through = this way, we are able to log into the victim's Soluto account from our = machine. Other than Soluto, we also have confirmed the same issue on = another Windows 8 metro-app = Givit.


Important: the attack works because the researchers had = control of the client application.  And thus they were able to = insert the token between the metro client app and the server because = they are able to get in the communications path. All bets are off. If = the attacker can insert a token then can insert appropriate client_id's = and responses in the stream as = well.
=

Phil
=

@independentid
www.independentid.com
phil.hunt@oracle.com





On = 2012-06-29, at 1:00 PM, John Bradley = wrote:

The attack requires a web = browser that allows modifying the value of the of the redirect URI. =   It is dead simple cut token or code from the string and = paste in the token or code that was granted by the user you want to = impersonate.

OAuth responses are not signed = or audience restricted to the client(except confidential clients using = the code = flow).

In cases where the code or token = is passed over a back channel to a server, faking the entire client is = the easiest thing for the = attacker.

I don't consider these to be = authorization attacks,  rather attacks on a client that is = inappropariatly making unwarranted assumptions about the presenter of = the = token.

John = B.
On 2012-06-29, at 3:29 PM, Phil = Hunt = wrote:

We = need more info on the inject method the researchers used before we can = account for = it.

Phil
=

On 2012-06-29, at 12:16, John = Bradley <ve7jtb@ve7jtb.com>= = wrote:

The = same thing can be done with = code.
=

If the = token endpoint checks the client_id before giving out the access token = then the attack on code can be prevented, as the token endpoint won't = return the access = token.

The = spec dosen't require authenticating public clients currently so it is a = slightly more difficult attack but = possible.

Dick = and I are suggesting closing the hole at the token endpoint so that = nether confidential nor public clients using the code flow are = susceptible to this substitution = attack.

John = B.

On = 2012-06-29, at 2:53 PM, PhiIt helps with the code flow when l Hunt = wrote:

I'm not seeing how client id = helps if a proxy server is somehow involved with inserting the bearer = token as the researchers = suggested.

=
Phil
=

=
On 2012-06-29, at 11:30, John = Bradley <ve7jtb@ve7jtb.com>= = wrote:

=
I = think they only exploited the implicit = flow.
=

=
My point was that there is a way = you could do the same thing with code if it is a public client that is = not authenticating to the token = endpoint.

=
In general making identity = assumptions in the client based on a code or access_token has risks that = are out of scope for = OAuth.

=
We do however want to provide = good advice about specific things that can leave systems insecure when = using = OAuth.

=
John = B.

=
On 2012-06-29, at 2:22 PM, Phil = Hunt = wrote:

=
I'm = not clear whether the MS Security Researcher hack was with the = authorization code or the access token. If the latter, the client_id is = out of the picture isn't = it?

=
Phil
=

=
@independentid
www.independentid.com
phil.hunt@oracle.com
<= blockquote type=3D"cite">

=

=

=

=

=
On = 2012-06-29, at 11:14 AM, Dick Hardt = wrote:

=

=
On Jun = 29, 2012, at 11:06 AM, John Bradley = wrote:

=
It is nice to know that I may = occasionally be = correct:)

=
You = must be delighted when it happens! = ;)

=
While you may assume that it is = reasonable for a client with a code to make a request to the token = endpoint including it's client_id and the server to only give out the = access token if the client_id in the token request matches the one in = the original authorization request.   However the spec = specifically doesn't require = that.
=

=
I = think that is an error in the spec and should be changed, or text adding = saying that the client_id SHOULD be = checked.

=
-- = Dick
<= /blockquote>
_______________________________________________
<= /blockquote>
OAuth mailing = list
<= /blockquote>
OAuth@ietf.org
=
https://www.ietf.org/= mailman/listinfo/oauth
<= /blockquote>

=

=







<smime.p7s>___________________________________________= ____
OAuth mailing = list
OAuth@ietf.org
https://www.ietf.org/= mailman/listinfo/oauth


= --Apple-Mail=_60EDB339-F3EE-4DFB-9FE3-54484B22E922-- From ve7jtb@ve7jtb.com Sun Jul 1 13:25:09 2012 Return-Path: X-Original-To: oauth@ietfa.amsl.com Delivered-To: oauth@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 01D6E21F896D for ; Sun, 1 Jul 2012 13:25:09 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -3.148 X-Spam-Level: X-Spam-Status: No, score=-3.148 tagged_above=-999 required=5 tests=[AWL=-0.150, BAYES_00=-2.599, HTML_MESSAGE=0.001, J_CHICKENPOX_66=0.6, RCVD_IN_DNSWL_LOW=-1] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YLKWL1+7PEBK for ; Sun, 1 Jul 2012 13:25:04 -0700 (PDT) Received: from mail-yx0-f172.google.com (mail-yx0-f172.google.com [209.85.213.172]) by ietfa.amsl.com (Postfix) with ESMTP id E297B11E8093 for ; Sun, 1 Jul 2012 13:25:03 -0700 (PDT) Received: by yenq13 with SMTP id q13so4115458yen.31 for ; Sun, 01 Jul 2012 13:25:06 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=subject:mime-version:content-type:from:in-reply-to:date:cc :message-id:references:to:x-mailer:x-gm-message-state; bh=FFqt+MIpgumw/clNMo8banZuQY2KPAevN9KjLnLugG4=; b=JKfFZqRiVrPR4Xi0lFH2es0LUyfm76AAEi1E8t/DkDixE/rDzZtRjCinaCFm1RVBDM 3AWKlhwhyxSe8jRZulS2rZ8Ab+60Bb4DxwmGLHlkOmHRLuPVabVJFc+KtDM5/Hly1fRm sUtIFiQpDUzJsO6Am1Xh2NMthOxs2UvPuc3wCS2e6ANw8K6ZKxPh3oTC6mdY3NGumjNG OpV2/dUsj0ZSJclLZRYNlVKeSieetIVioMTXIFDOZk+v/sfGoEJpU9HX1L54eNy5DYmH b6D73mf8KGiNsVrRwp990uRanvdHNyYyaMig8H9zanGeaBBpPb1NZf9p+vPQzYTH8tJr fBgA== Received: by 10.236.77.164 with SMTP id d24mr13062606yhe.129.1341174306642; Sun, 01 Jul 2012 13:25:06 -0700 (PDT) Received: from [192.168.1.211] (190-20-56-144.baf.movistar.cl. [190.20.56.144]) by mx.google.com with ESMTPS id q10sm9598243anm.16.2012.07.01.13.25.02 (version=TLSv1/SSLv3 cipher=OTHER); Sun, 01 Jul 2012 13:25:05 -0700 (PDT) Mime-Version: 1.0 (Apple Message framework v1278) Content-Type: multipart/signed; boundary="Apple-Mail=_87207477-2EC4-40DE-B03F-560D74053DB1"; protocol="application/pkcs7-signature"; micalg=sha1 From: John Bradley In-Reply-To: <777CFAE8-674E-46C1-A272-D641B3DFF98A@oracle.com> Date: Sun, 1 Jul 2012 16:24:55 -0400 Message-Id: <264111D3-2690-4784-9061-F7FC915E34AB@ve7jtb.com> References: <4FE223E4.6060307@mitre.org> <4FE226BC.6010403@alcatel-lucent.com> <59E470B10C4630419ED717AC79FCF9A910889AB5@BL2PRD0410MB363.namprd04.prod.outlook.com> <59E470B10C4630419ED717AC79FCF9A917052BC8@SN2PRD0410MB370.namprd04.prod.outlook.com> <4FE37D38.1030407@gmail.com> <59E470B10C4630419ED717AC79FCF9A91A2C8949@CH1PRD0410MB369.namprd04.prod.outlook.com> <59E470B10C4630419ED717AC79FCF9A91A2D1309@CH1PRD0410MB369.namprd04.prod.outlook.com> <496AFB1D-A609-4188-B92D-2185E8880388@ve7jtb.com> <59E470B10C4630419ED717AC79FCF9A91A2D13C9@CH1PRD0410MB369.namprd04.prod.outlook.com> <67F8B633-E4C8-42F6-B84C-FDBC337B7EEA@ve7jtb.com> <04C05FAA-63BC-4441-8540-36280E40DB98@adobe.com> <4FEDE4AF.9030107@mitre.org> <8C18C43D-AC63-465A-ADC2-966CE7F38685@gmail.com> <71899C6B-40A6-46E8-BCF8-BF9C43B83C64@oracle.com> <83124DF5-8D21-4D63-9D37-BBFBA0932065@ve7jtb.com> <353091D2-F63F-4D48-A49B-99E53FE31954@oracle.com> <7ED8AA4B-85D0-4D60-AFB6-C50503042A52@ve7jtb.com> <9DFCB89E-39E2-4F70-A9F8-4D245800D798@oracle.com> <7A8FC3E0-79E4-403D-8A4E-16CBCD55C565@oracle.com> <904BFB7C-0A84-427F-BA06-CBEE90FCCF53@ve7jtb.com> <44E9325B-02A7-4668-9A56-57047C56DC93@adobe.com> <777CFAE8-674E-46C1-A272-D641B3DFF98A@oracle.com> To: Phil Hunt X-Mailer: Apple Mail (2.1278) X-Gm-Message-State: ALoCoQmYAa4wjjELtz7Ha8pffXqQ0m35jIy9h0hKig7ED4WpGaMyvx69S/HTHVP57RvuP3qzslUb Cc: "oauth@ietf.org" Subject: Re: [OAUTH-WG] Report an authentication issue X-BeenThere: oauth@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: OAUTH WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 01 Jul 2012 20:25:09 -0000 --Apple-Mail=_87207477-2EC4-40DE-B03F-560D74053DB1 Content-Type: multipart/alternative; boundary="Apple-Mail=_57D6E3B3-4108-4EEA-B927-8D4BB325FF99" --Apple-Mail=_57D6E3B3-4108-4EEA-B927-8D4BB325FF99 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii Phil, Yes certainly that is the case with sharing browsers. The problem is perhaps worse because the Authorization server may not = understand that the "authorization process is being used as a form of = delegated end-user authentication by the client". Session management and logout are perhaps the hardest problems for SSO. John B. On 2012-07-01, at 2:45 PM, Phil Hunt wrote: > John, >=20 > Thanks. I agree. >=20 > Regarding my comment (on the other thread: Inadvertent = cross-authentication through cached auth session) was directed at the = same thing happening by simply restoring the previous users login state = from a browser cookie. A much simpler and unintentional variant of the = scenario. >=20 > Phil >=20 > @independentid > www.independentid.com > phil.hunt@oracle.com >=20 >=20 >=20 >=20 >=20 > On 2012-07-01, at 11:35 AM, John Bradley wrote: >=20 >> There are existing mitigations in the spec to to prevent this attack = on a confidential client. >>=20 >> code >> REQUIRED. The authorization code generated by the >> authorization server. The authorization code MUST expire >> shortly after it is issued to mitigate the risk of leaks. A >> maximum authorization code lifetime of 10 minutes is >> RECOMMENDED. The client MUST NOT use the authorization code >> more than once. If an authorization code is used more than >> once, the authorization server MUST deny the request and = SHOULD >> revoke (when possible) all tokens previously issued based on = that authorization code. >> The authorization code is bound to the client identifier and = redirection URI. >>=20 >> The code in the browser is precluded from being accepted twice by the = authorization server. >> I don't think any additional security concern is required for this. >>=20 >> Now back in the real world, you are correct, this attack works = perfectly well on some authorization servers (Facebook for one). >> They however are not following the current OAuth 2 specification, = they allow the code to live perhaps indefinitely (The only way I have = found to invalidate code is by resetting the account password), >> and also accept it multiple times (I have not found a limit = submitting the same code for months). =20 >>=20 >> Facebook do at-least bind the code to the client_id, at least for = authenticated clients. >>=20 >> I think for this the spec is correct and some implementations are = non-conformant. >>=20 >> There is a long list of stupid things people can do if they ignore = parts of the spec. >>=20 >> John B. >>=20 >>=20 >> On 2012-07-01, at 11:03 AM, Antonio Sanso wrote: >>=20 >>> Hi *, >>> On Jun 30, 2012, at 7:46 PM, John Bradley wrote: >>>=20 >>>> There is one Core issue. >>>> Audience restriction of the grant for the client. This is mostly = important where the client is inferring from the grant what the identity = of the presenter is. >>>>=20 >>>> This surfaces in slightly different ways depending on the use case. >>>>=20 >>>> 1, Native apps passing a access token over a back channel API to = Authenticate the user of the App. This is not a OAuth flow itself but = is enabled by OAuth. >>>> 2, Web Applications using implicit flow. (there are mitigations = but they are not part of OAuth core) >>>> 3, Public clients using code flow. >>>>=20 >>>> Bearer tokens & MAC with per token secrets are both vulnerable to = this. >>>>=20 >>>> One observation from the security concern text I proposed that Dick = and others received was that 3 could be fixed relatively simply in the = spec. >>>=20 >>> definitely +1 here. >>>=20 >>> Another possible flaw in the Authorization Code Grant flow that = affects the Resource Owner this time (using confidential client) may be = the follow: >>>=20 >>> Stealing John example (thanks :)) we will have only one confidential = client >>>=20 >>> Site A is I love Puppies (this time a Good site) >>>=20 >>> One resource owner RO1 access Site A in a library/airport (just as = reminder Site A use the Authorization Code Grant) and this will imply a = login to the Authorization Server (e.g. Facebook). As result of this the = authorization code will stay in the browser history. >>> When RO1 finishes he will almost certainly log out from Site A and = Facebook but arguably he will not clean the browser history. >>> At this stage an evil resource owner RO2 that also uses Site A will = login in Facebook with his own credentials but will tamper the redirect = to site A with the authorization code of RO1 that is stored on the = browser history. >>> What will happen is that despite the fact RO2 is logged in in = Facebook with his own credentials will have back the resource of RO1. >>>=20 >>> WDYT? >>>=20 >>> Regards >>>=20 >>> Antonio >>>=20 >>>=20 >>>=20 >>>=20 >>>=20 >>>>=20 >>>> The first two are out of scope for OAuth core and can really only = be dealt with by documenting them as a security concern so that people = avoid doing those things without additional security like using token = introspection etc. >>>>=20 >>>> So they are all just different attacks exploiting the same flaw. >>>>=20 >>>> The MS researchers may have a different opinion, but I have yet to = hear it. >>>>=20 >>>> John B. >>>> On 2012-06-30, at 4:11 AM, Phil Hunt wrote: >>>>=20 >>>>> John, >>>>>=20 >>>>> Thanks. I am not understanding yet. But if you believe there is a = problem that is enough for me. I do not mean in any way dismiss it. >>>>>=20 >>>>> Do you think the issue you described is different from the = original message that started this thread? It seems so to me. >>>>>=20 >>>>> Phil >>>>>=20 >>>>> On 2012-06-29, at 20:34, John Bradley wrote: >>>>>=20 >>>>>> Phil, >>>>>>=20 >>>>>> You know not everyone gets a personalized example:) >>>>>>=20 >>>>>> In the below examples there is no proxy or other compromise of = the client required only the ability to do what appears to be a SSO = login using OAuth. >>>>>> The attacker needs only a web browser. >>>>>>=20 >>>>>> When they tales about compromised clients, they are not talking = about needing to compromise the app on the users phone. >>>>>>=20 >>>>>> They can compromise a client on there platform e.g. load it into = a iPhone emulator, or just create a new client that emulates the backend = API. >>>>>>=20 >>>>>> There are already script kits to exploit this. The = vulnerability was distributed in API kits from Faceboo, Apple and = others. >>>>>>=20 >>>>>> If it was just one developer getting it wrong that would be one = thing, hundreds getting it wrong by using the API in trusted = development kits is a much worse problem in my opinion. >>>>>>=20 >>>>>> My hope is to at least make it clear to the library authors and = tool venders, what are unsafe patterns. >>>>>>=20 >>>>>> This exploit is unfortunately not hypothetical. >>>>>>=20 >>>>>> John B. >>>>>>=20 >>>>>>=20 >>>>>> On 2012-06-29, at 7:31 PM, Phil Hunt wrote: >>>>>>=20 >>>>>>> See below... >>>>>>>=20 >>>>>>> Phil >>>>>>>=20 >>>>>>> @independentid >>>>>>> www.independentid.com >>>>>>> phil.hunt@oracle.com >>>>>>>=20 >>>>>>>=20 >>>>>>>=20 >>>>>>>=20 >>>>>>>=20 >>>>>>> On 2012-06-29, at 1:54 PM, John Bradley wrote: >>>>>>>=20 >>>>>>>> No, >>>>>>>>=20 >>>>>>>> Trying to explain this over email is a challenge:) >>>>>>>>=20 >>>>>>>> This apples to both native apps and Web Servers who are OAuth = Clients. >>>>>>>>=20 >>>>>>>> Imagine there are two web servers that authenticate people with = Facebook Connect (just an example). >>>>>>>>=20 >>>>>>>> Site A is I love Puppies (An evil site) >>>>>>>> Site B is I Hate Larry Ellison (A good site) >>>>>>>>=20 >>>>>>>> You as a chocolate lover go to Site A and login to get some = cool free screensaver of Puppies. >>>>>>>> Site A gets a token for your social graph no big deal mostly = public stuff. However they discovery you work for Mr Evil who they = think is purchasing paradise to put up a parking lot. >>>>>>>=20 >>>>>>> Ummm....ok. I didn't want to go political on this. ;-) >>>>>>>>=20 >>>>>>>> They then go to site B who is using the implicit flow for = Facebook authentication. They login using a web browser but using any = one of a number of browser plugins modify the response to have the = access_token that they got from you when you logged into their site. = They now post as you telling everyone that Larry can't sail and has bad = fashion sense. (Perhaps true) You might now have some explaining to do! >>>>>>>=20 >>>>>>> Soooo...according to the specs, there are now TWO mistakes: >>>>>>>=20 >>>>>>> 1. Implicit is intended ONLY for java script clients in the = browser. Implicit clients shouldn't have any data of value (at least = retained data). >>>>>>>=20 >>>>>>> 2. The MS example states that they have control of the client = application and its communications. >>>>>>>=20 >>>>>>> Do we need to make #1 even more clearer -- an entire paragraph = in all caps maybe? ;-) >>>>>>>=20 >>>>>>> Since the researchers put a proxy server in between the app and = Facebook. Therefore ANY OAUTH flow would be compromised since they are = able to insert tokens into the flow. Adding client id isn't going to = help (so I agree with you there). >>>>>>>=20 >>>>>>> But I point out this hack only works if you can intercept the = communications path. >>>>>>>=20 >>>>>>> If we were talking about some sports network on a public = internet site, this problem wouldn't come up unless that hackers have = access to the web sites physical network and can reconfigure the clients = proxy server settings. >>>>>>>=20 >>>>>>> In the end, I don't think this is a valid *oauth* security issue = since the assumption is a compromised client and/or communications path. = This is a network security issue. >>>>>>>=20 >>>>>>>=20 >>>>>>>> It would be worse if Site B had some PII about you or could = transfer the money from your bank based on that authentication. >>>>>>>=20 >>>>>>>>=20 >>>>>>>> The same thing could happen with the code flow if the client is = public and doesn't have a secret. Site A doesn't use the code = themselves when you login, they just let you through to get the puppy = photos. >>>>>>> Agreed. >>>>>>>> They immediately take the token to site B and paste it into a = legitimate response (note the client_id is not in the response or code ) = the public client then presents that to the token endpoint with it's = client_id to get the access_token. The token endpoint just hands it = over because without a client_secret it is not required to authenticate = the client. >>>>>>>>=20 >>>>>>>> What Dick and I are saying is that we don't see the need not to = verify the client_id in the request to the token endpoint. If it were = required clients would not be able to mistakenly accept codes issued to = diffrent clients. >>>>>>>=20 >>>>>>>>=20 >>>>>>>> I strongly suspect most implementations do that already, so why = not clarify the spec on that point. >>>>>>>=20 >>>>>>>>=20 >>>>>>>> That won't stop the attack on implicit clients. >>>>>>>>=20 >>>>>>>> This is why openID 2.0, openID Connect, SAML and every other = identity protocol I can think of audience restrict the assertion to the = intended recipient and sign or integrity protect the response. >>>>>>>>=20 >>>>>>>> That is not needed for the typical authorization use case of = OAuth, but is a really good idea if you are asserting Authentication = information to the client. >>>>>>>>=20 >>>>>>>> No puppies were hurt in the creation of this message. >>>>>>>> John B. >>>>>>>>=20 >>>>>>>> On 2012-06-29, at 4:16 PM, Phil Hunt wrote: >>>>>>>>=20 >>>>>>>>> John, >>>>>>>>>=20 >>>>>>>>> I think that helps to clarify the authorize issue. >>>>>>>>>=20 >>>>>>>>> But they were talking about a phishing site obtaining a legit = access token from Facebook. >>>>>>>>>> Let's take Soluto's metro app as an example to describe the = problem. The app supports Facebook Login. As an attacker, we can write a = regular Facebook app. Once the victim user allows our app to access her = Facebook data, we receive an access_token from the traffic. Then, on our = own machine (i.e., the "attacker" machine), we run the metro app of = Soluto, and use a HTTP proxy to insert the victim's access_token into = the traffic of Facebook login. Through this way, we are able to log into = the victim's Soluto account from our machine. Other than Soluto, we also = have confirmed the same issue on another Windows 8 metro-app Givit. >>>>>>>>>=20 >>>>>>>>>=20 >>>>>>>>> Important: the attack works because the researchers had = control of the client application. And thus they were able to insert = the token between the metro client app and the server because they are = able to get in the communications path. All bets are off. If the = attacker can insert a token then can insert appropriate client_id's and = responses in the stream as well. >>>>>>>>>=20 >>>>>>>>> Phil >>>>>>>>>=20 >>>>>>>>> @independentid >>>>>>>>> www.independentid.com >>>>>>>>> phil.hunt@oracle.com >>>>>>>>>=20 >>>>>>>>>=20 >>>>>>>>>=20 >>>>>>>>>=20 >>>>>>>>>=20 >>>>>>>>> On 2012-06-29, at 1:00 PM, John Bradley wrote: >>>>>>>>>=20 >>>>>>>>>> The attack requires a web browser that allows modifying the = value of the of the redirect URI. It is dead simple cut token or code = from the string and paste in the token or code that was granted by the = user you want to impersonate. >>>>>>>>>>=20 >>>>>>>>>> OAuth responses are not signed or audience restricted to the = client(except confidential clients using the code flow). >>>>>>>>>>=20 >>>>>>>>>> In cases where the code or token is passed over a back = channel to a server, faking the entire client is the easiest thing for = the attacker. >>>>>>>>>>=20 >>>>>>>>>> I don't consider these to be authorization attacks, rather = attacks on a client that is inappropariatly making unwarranted = assumptions about the presenter of the token. >>>>>>>>>>=20 >>>>>>>>>> John B. >>>>>>>>>> On 2012-06-29, at 3:29 PM, Phil Hunt wrote: >>>>>>>>>>=20 >>>>>>>>>>> We need more info on the inject method the researchers used = before we can account for it. >>>>>>>>>>>=20 >>>>>>>>>>> Phil >>>>>>>>>>>=20 >>>>>>>>>>> On 2012-06-29, at 12:16, John Bradley = wrote: >>>>>>>>>>>=20 >>>>>>>>>>>> The same thing can be done with code. >>>>>>>>>>>>=20 >>>>>>>>>>>> If the token endpoint checks the client_id before giving = out the access token then the attack on code can be prevented, as the = token endpoint won't return the access token. >>>>>>>>>>>>=20 >>>>>>>>>>>> The spec dosen't require authenticating public clients = currently so it is a slightly more difficult attack but possible. >>>>>>>>>>>>=20 >>>>>>>>>>>> Dick and I are suggesting closing the hole at the token = endpoint so that nether confidential nor public clients using the code = flow are susceptible to this substitution attack. >>>>>>>>>>>>=20 >>>>>>>>>>>> John B. >>>>>>>>>>>>=20 >>>>>>>>>>>> On 2012-06-29, at 2:53 PM, PhiIt helps with the code flow = when l Hunt wrote: >>>>>>>>>>>>=20 >>>>>>>>>>>>> I'm not seeing how client id helps if a proxy server is = somehow involved with inserting the bearer token as the researchers = suggested. >>>>>>>>>>>>>=20 >>>>>>>>>>>>> Phil >>>>>>>>>>>>>=20 >>>>>>>>>>>>> On 2012-06-29, at 11:30, John Bradley = wrote: >>>>>>>>>>>>>=20 >>>>>>>>>>>>>> I think they only exploited the implicit flow. >>>>>>>>>>>>>>=20 >>>>>>>>>>>>>> My point was that there is a way you could do the same = thing with code if it is a public client that is not authenticating to = the token endpoint. >>>>>>>>>>>>>>=20 >>>>>>>>>>>>>> In general making identity assumptions in the client = based on a code or access_token has risks that are out of scope for = OAuth. >>>>>>>>>>>>>>=20 >>>>>>>>>>>>>> We do however want to provide good advice about specific = things that can leave systems insecure when using OAuth. >>>>>>>>>>>>>>=20 >>>>>>>>>>>>>> John B. >>>>>>>>>>>>>>=20 >>>>>>>>>>>>>> On 2012-06-29, at 2:22 PM, Phil Hunt wrote: >>>>>>>>>>>>>>=20 >>>>>>>>>>>>>>> I'm not clear whether the MS Security Researcher hack = was with the authorization code or the access token. If the latter, the = client_id is out of the picture isn't it? >>>>>>>>>>>>>>>=20 >>>>>>>>>>>>>>> Phil >>>>>>>>>>>>>>>=20 >>>>>>>>>>>>>>> @independentid >>>>>>>>>>>>>>> www.independentid.com >>>>>>>>>>>>>>> phil.hunt@oracle.com >>>>>>>>>>>>>>>=20 >>>>>>>>>>>>>>>=20 >>>>>>>>>>>>>>>=20 >>>>>>>>>>>>>>>=20 >>>>>>>>>>>>>>>=20 >>>>>>>>>>>>>>> On 2012-06-29, at 11:14 AM, Dick Hardt wrote: >>>>>>>>>>>>>>>=20 >>>>>>>>>>>>>>>>=20 >>>>>>>>>>>>>>>> On Jun 29, 2012, at 11:06 AM, John Bradley wrote: >>>>>>>>>>>>>>>>=20 >>>>>>>>>>>>>>>>> It is nice to know that I may occasionally be = correct:) >>>>>>>>>>>>>>>>=20 >>>>>>>>>>>>>>>> You must be delighted when it happens! ;) >>>>>>>>>>>>>>>>=20 >>>>>>>>>>>>>>>>> While you may assume that it is reasonable for a = client with a code to make a request to the token endpoint including = it's client_id and the server to only give out the access token if the = client_id in the token request matches the one in the original = authorization request. However the spec specifically doesn't require = that. >>>>>>>>>>>>>>>>=20 >>>>>>>>>>>>>>>> I think that is an error in the spec and should be = changed, or text adding saying that the client_id SHOULD be checked. >>>>>>>>>>>>>>>>=20 >>>>>>>>>>>>>>>> -- Dick >>>>>>>>>>>>>>>> _______________________________________________ >>>>>>>>>>>>>>>> OAuth mailing list >>>>>>>>>>>>>>>> OAuth@ietf.org >>>>>>>>>>>>>>>> https://www.ietf.org/mailman/listinfo/oauth >>>>>>>>>>>>>>>=20 >>>>>>>>>>>>>>=20 >>>>>>>>>>>>=20 >>>>>>>>>>=20 >>>>>>>>>=20 >>>>>>>>=20 >>>>>>>=20 >>>>>>=20 >>>>=20 >>>> _______________________________________________ >>>> OAuth mailing list >>>> OAuth@ietf.org >>>> https://www.ietf.org/mailman/listinfo/oauth >>>=20 >>=20 >=20 --Apple-Mail=_57D6E3B3-4108-4EEA-B927-8D4BB325FF99 Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=us-ascii

Session = management and logout are perhaps the hardest problems for = SSO.

John B.

On = 2012-07-01, at 2:45 PM, Phil Hunt wrote:

Phil

@independentid
www.independentid.com
phil.hunt@oracle.com





On 2012-07-01, at 11:35 AM, John Bradley wrote:

There are existing mitigations = in the spec to to prevent this attack on a confidential = client.

code
         REQUIRED.  The authorization code generated by the
         authorization server.  The authorization code MUST expire
         shortly after it is issued to mitigate the risk of leaks.  A
         maximum authorization code lifetime of 10 minutes is
         RECOMMENDED.  The client MUST NOT use the authorization code
         more than once.  If an authorization code is used more than
         once, the authorization server MUST deny the request and SHOULD
         revoke (when possible) all tokens previously issued based on =
that authorization code.

         The authorization code is =
bound to the client identifier and redirection =
URI.

The code in the browser = is precluded from being accepted twice by the authorization = server.
I don't think any additional security concern is = required for this.

Now back in the real world, = you are correct, this attack works perfectly well on some authorization = servers (Facebook for one).
They however are not following the = current OAuth 2 specification, they allow the code to live perhaps = indefinitely  (The only way I have found to invalidate code is by = resetting the account password),
and also accept it multiple = times (I have not found a limit submitting the same code for months). =  

Facebook do at-least  bind the code = to the client_id, at least for authenticated = clients.

I think for this the spec is correct = and some implementations are = non-conformant.

There is a long list of stupid = things people can do if they ignore parts of the = spec.

John = B.


On 2012-07-01, at 11:03 AM, = Antonio Sanso wrote:

Hi = *,
On Jun 30, 2012, at 7:46 PM, John Bradley = wrote:

There is one Core = issue.
Audience restriction of = the grant for the client.   This is mostly important where the = client is inferring from the grant what the identity of the presenter = is.

This surfaces in slightly different ways depending on the = use case.

1, Native apps = passing a access token over a back channel API to Authenticate the user = of the App.  This is not a OAuth flow itself but is enabled by = OAuth.
2, Web Applications = using implicit flow.  (there are mitigations but they are not part = of OAuth core)
3, Public = clients using code flow.

Bearer tokens = & MAC with per token secrets are both vulnerable to = this.

One observation = from the security concern text I proposed that Dick and others received = was that 3 could be fixed relatively simply in the = spec.

definitely +1 here.

Another possible = flaw in the Authorization Code Grant flow that affects the Resource = Owner this time (using confidential client) may be the = follow:

Stealing John example (thanks :)) we will have only one = confidential client

Site A is I love Puppies (this time a Good = site)

One resource owner RO1 access Site A in a library/airport =  (just as reminder Site A use the Authorization Code Grant) and = this will imply a login to the Authorization Server (e.g. Facebook). As = result of this the authorization code will stay in the browser = history.
When RO1 finishes he will almost certainly log out from Site = A and Facebook but arguably he will not clean the browser history.
At = this stage an evil resource owner RO2 that also uses Site A will login = in Facebook with his own credentials but will tamper the redirect to = site A with the authorization code of RO1 that is stored on the browser = history.
What will happen is that despite the fact RO2  is = logged in in Facebook with his own credentials will have back the = resource of = RO1.

WDYT?

Regards

Antonio






The = first two are out of scope for OAuth core and can really only be dealt = with by documenting them as a security concern so that people avoid = doing those things without additional security like using token = introspection etc.

So they are all = just different attacks exploiting the same = flaw.

The MS = researchers may have a different opinion, but I have yet to hear = it.

John B.
On = 2012-06-30, at 4:11 AM, Phil Hunt wrote:

John,

Thanks. I am not understanding = yet. But if you believe there is a problem that is enough for me. I do = not mean in any way dismiss it.

Do you think the issue you = described is different from the original message that started this = thread? It seems so to me.

Phil

On 2012-06-29, at 20:34, John = Bradley <ve7jtb@ve7jtb.com>= wrote:

Phil,

You = know not everyone gets a personalized = example:)

In the = below examples there is no proxy or other compromise of the client = required only the ability to do what appears to be a SSO login using = OAuth.
The = attacker needs only a web = browser.

When = they tales about compromised clients,  they are not talking about = needing to compromise the app on the users = phone.

They = can compromise a client on there platform e.g. load it into a iPhone = emulator, or just create a new client that emulates the backend = API.

There = are already script kits to exploit this.   The vulnerability = was distributed in API kits from Faceboo, Apple and = others.

If it = was just one developer getting it wrong that would be one thing, =  hundreds getting it wrong by using the API in trusted development = kits is a much worse problem in my = opinion.

My = hope is to at least make it clear to the library authors and tool = venders, what are unsafe = patterns.

This = exploit is unfortunately not = hypothetical.

John = B.


On = 2012-06-29, at 7:31 PM, Phil Hunt = wrote:

See = below...

Phil
=

@independentid
www.independentid.com
phil.hunt@oracle.com





On 2012-06-29, at 1:54 PM, John = Bradley = wrote:

No,
<= /blockquote>

Trying = to explain this over email is a = challenge:)

This = apples to both native apps and Web Servers who are OAuth = Clients.

Imagine = there are two web servers that authenticate people with Facebook Connect = (just an = example).

Site A = is I love Puppies   (An evil = site)
=
Site B = is I Hate Larry Ellison  (A good = site)
=

You as = a chocolate lover go to Site A and login to get some cool free = screensaver of = Puppies.
Site A = gets a token for your social graph no big deal mostly public stuff. =  However they discovery you work for Mr Evil who they think is = purchasing paradise to put up a parking = lot.
<= blockquote type=3D"cite">

Ummm....ok. I didn't want to go = political on this. = ;-)

They = then go to site B who is using the implicit flow for Facebook = authentication.  They login using a web browser but using any one = of a number of browser plugins modify the response to have the = access_token that they got from you when you logged into their site. =   They now post as you telling everyone that Larry can't sail = and has bad fashion sense. (Perhaps true)  You might now have some = explaining to = do!

Soooo...according to the specs, = there are now TWO = mistakes:

1. Implicit is intended ONLY for = java script clients in the browser. Implicit clients shouldn't have any = data of value (at least retained = data).

2. The MS example states that = they have control of the client application and its = communications.

Do we need to make #1 even more = clearer -- an entire paragraph in all caps maybe? = ;-)

Since the researchers put a = proxy server in between the app and Facebook. Therefore ANY OAUTH flow = would be compromised since they are able to insert tokens into the flow. =  Adding client id isn't going to help (so I agree with you = there).

But I point out this hack only = works if you can intercept the communications = path.

If we were talking about some = sports network on a public internet site, this problem wouldn't come up = unless that hackers have access to the web sites physical network and = can reconfigure the clients proxy server = settings.

In the end, I don't think this = is a valid *oauth* security issue since the assumption is a compromised = client and/or communications path. This is a network security = issue.


It = would be worse if Site B had some PII about you or could transfer the = money from your bank based on that = authentication.


The = same thing could happen with the code flow if the client is public and = doesn't have a secret.   Site A doesn't use the code = themselves when you login,  they just let you through to get the = puppy = photos.
Agreed.
They = immediately take the token to site B and paste it into a legitimate = response (note the client_id is not in the response or code ) the public = client then presents that to the token endpoint with it's client_id to = get the access_token.   The token endpoint just hands it over = because without a client_secret it is not required to authenticate the = client.

What = Dick and I are saying is that we don't see the need not to verify the = client_id in the request to the token endpoint.  If it were = required clients would not be able to mistakenly accept codes issued to = diffrent = clients.


I = strongly suspect most implementations do that already, so why not = clarify the spec on that = point.


That = won't stop the attack on implicit = clients.

This = is why openID 2.0, openID Connect, SAML and every other identity = protocol I can think of audience restrict the assertion to the intended = recipient and sign or integrity protect the = response.

That = is not needed for the typical authorization use case of OAuth, but is a = really good idea if you are asserting Authentication information to the = client.

No = puppies were hurt in the creation of this = message.
John = B.

On = 2012-06-29, at 4:16 PM, Phil Hunt = wrote:

John,

I = think that helps to clarify the authorize = issue.

But = they were talking about a phishing site obtaining a legit access token = from = Facebook.
Let's take Soluto's metro app as = an example to describe the problem. The app supports Facebook Login. As = an attacker, we can write a regular Facebook app. Once the victim user = allows our app to access her Facebook data, we receive an access_token = from the traffic. Then, on our own machine (i.e., the "attacker" = machine), we run the metro app of Soluto, and use a HTTP proxy to insert = the victim's access_token into the traffic of Facebook login. Through = this way, we are able to log into the victim's Soluto account from our = machine. Other than Soluto, we also have confirmed the same issue on = another Windows 8 metro-app = Givit.


Important: the attack works because the researchers had = control of the client application.  And thus they were able to = insert the token between the metro client app and the server because = they are able to get in the communications path. All bets are off. If = the attacker can insert a token then can insert appropriate client_id's = and responses in the stream as = well.
=

Phil
=

@independentid
www.independentid.com
phil.hunt@oracle.com





On = 2012-06-29, at 1:00 PM, John Bradley = wrote:

The attack requires a web = browser that allows modifying the value of the of the redirect URI. =   It is dead simple cut token or code from the string and = paste in the token or code that was granted by the user you want to = impersonate.

OAuth responses are not signed = or audience restricted to the client(except confidential clients using = the code = flow).

In cases where the code or token = is passed over a back channel to a server, faking the entire client is = the easiest thing for the = attacker.

I don't consider these to be = authorization attacks,  rather attacks on a client that is = inappropariatly making unwarranted assumptions about the presenter of = the = token.

John = B.
On 2012-06-29, at 3:29 PM, Phil = Hunt = wrote:

We = need more info on the inject method the researchers used before we can = account for = it.

Phil
=

On 2012-06-29, at 12:16, John = Bradley <ve7jtb@ve7jtb.com>= = wrote:

The = same thing can be done with = code.
=

If the = token endpoint checks the client_id before giving out the access token = then the attack on code can be prevented, as the token endpoint won't = return the access = token.

The = spec dosen't require authenticating public clients currently so it is a = slightly more difficult attack but = possible.

Dick = and I are suggesting closing the hole at the token endpoint so that = nether confidential nor public clients using the code flow are = susceptible to this substitution = attack.

John = B.

On = 2012-06-29, at 2:53 PM, PhiIt helps with the code flow when l Hunt = wrote:

I'm not seeing how client id = helps if a proxy server is somehow involved with inserting the bearer = token as the researchers = suggested.

=
Phil
=

=
On 2012-06-29, at 11:30, John = Bradley <ve7jtb@ve7jtb.com>= = wrote:

=
I = think they only exploited the implicit = flow.
=

=
My point was that there is a way = you could do the same thing with code if it is a public client that is = not authenticating to the token = endpoint.

=
In general making identity = assumptions in the client based on a code or access_token has risks that = are out of scope for = OAuth.

=
We do however want to provide = good advice about specific things that can leave systems insecure when = using = OAuth.

=
John = B.

=
On 2012-06-29, at 2:22 PM, Phil = Hunt = wrote:

=
I'm = not clear whether the MS Security Researcher hack was with the = authorization code or the access token. If the latter, the client_id is = out of the picture isn't = it?

=
Phil
=

=
@independentid
www.independentid.com
phil.hunt@oracle.com
<= blockquote type=3D"cite">

=

=

=

=

=
On = 2012-06-29, at 11:14 AM, Dick Hardt = wrote:

=

=
On Jun = 29, 2012, at 11:06 AM, John Bradley = wrote:

=
It is nice to know that I may = occasionally be = correct:)

=
You = must be delighted when it happens! = ;)

=
While you may assume that it is = reasonable for a client with a code to make a request to the token = endpoint including it's client_id and the server to only give out the = access token if the client_id in the token request matches the one in = the original authorization request.   However the spec = specifically doesn't require = that.
=

=
I = think that is an error in the spec and should be changed, or text adding = saying that the client_id SHOULD be = checked.

=
-- = Dick
<= /blockquote>
_______________________________________________
<= /blockquote>
OAuth mailing = list
<= /blockquote>
OAuth@ietf.org
=
https://www.ietf.org/= mailman/listinfo/oauth
<= /blockquote>

=

=







<smime.p7s>___________________________________________= ____
OAuth mailing = list
OAuth@ietf.org
https://www.ietf.org/= mailman/listinfo/oauth



= --Apple-Mail=_57D6E3B3-4108-4EEA-B927-8D4BB325FF99-- --Apple-Mail=_87207477-2EC4-40DE-B03F-560D74053DB1 Content-Disposition: attachment; filename=smime.p7s Content-Type: application/pkcs7-signature; name=smime.p7s Content-Transfer-Encoding: base64 MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIPnzCCB7Uw ggadoAMCAQICAh5cMA0GCSqGSIb3DQEBBQUAMIGMMQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3Rh cnRDb20gTHRkLjErMCkGA1UECxMiU2VjdXJlIERpZ2l0YWwgQ2VydGlmaWNhdGUgU2lnbmluZzE4 MDYGA1UEAxMvU3RhcnRDb20gQ2xhc3MgMiBQcmltYXJ5IEludGVybWVkaWF0ZSBDbGllbnQgQ0Ew HhcNMTIwMzE4MDQzMjQ4WhcNMTQwMzE5MTEwNzMyWjCBmzEZMBcGA1UEDRMQR3JUTTZMUzdYMzU3 NzhzOTELMAkGA1UEBhMCQ0wxIjAgBgNVBAgTGU1ldHJvcG9saXRhbmEgZGUgU2FudGlhZ28xFjAU BgNVBAcTDUlzbGEgZGUgTWFpcG8xFTATBgNVBAMTDEpvaG4gQnJhZGxleTEeMBwGCSqGSIb3DQEJ ARYPamJyYWRsZXlAbWUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAskrlBI93 rBTLOQGSwIT6co6dAw/rwDPrRXl6/F2oc4KDn+QN6CdFeHo08H846VJS9CDjLKvnK9jbxxs4wYqe nKdPb3jgzt8oc7b9ZXtWkOgsxgMf6dBZ/IPm4lWBpCbSr3seDGDXEpiE2lTZXno7c25OguR4E6Qa hcpHABZjeEWK65mMH25gmoRf5MY1k3quu5y+FCYCHE2iwU5jzq+mI3HmG59+UMFLx1fjV+zTslRw 26cQDC/uepwjeYSp8S26hfWipVWwQj4js/C7RoPtvt2iyeU+LSH81jG4wlAWntiOG1WtoXUuXWSc ExhciKeKWCnemy9qqmxRfJqBROeGlQIDAQABo4IEDjCCBAowCQYDVR0TBAIwADALBgNVHQ8EBAMC BLAwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMEMB0GA1UdDgQWBBQ/A7/CxKEnzpqmZlLz 9iaQMy24eTAfBgNVHSMEGDAWgBSuVYNv7DHKufcd+q9rMfPIHeOsuzB+BgNVHREEdzB1gQ9qYnJh ZGxleUBtZS5jb22BD2picmFkbGV5QG1lLmNvbYEQamJyYWRsZXlAbWFjLmNvbYERdmU3anRiQHZl N2p0Yi5jb22BE2picmFkbGV5QHdpbmdhYS5jb22BF2pvaG4uYnJhZGxleUB3aW5nYWEuY29tMIIC IQYDVR0gBIICGDCCAhQwggIQBgsrBgEEAYG1NwECAjCCAf8wLgYIKwYBBQUHAgEWImh0dHA6Ly93 d3cuc3RhcnRzc2wuY29tL3BvbGljeS5wZGYwNAYIKwYBBQUHAgEWKGh0dHA6Ly93d3cuc3RhcnRz c2wuY29tL2ludGVybWVkaWF0ZS5wZGYwgfcGCCsGAQUFBwICMIHqMCcWIFN0YXJ0Q29tIENlcnRp ZmljYXRpb24gQXV0aG9yaXR5MAMCAQEagb5UaGlzIGNlcnRpZmljYXRlIHdhcyBpc3N1ZWQgYWNj b3JkaW5nIHRvIHRoZSBDbGFzcyAyIFZhbGlkYXRpb24gcmVxdWlyZW1lbnRzIG9mIHRoZSBTdGFy dENvbSBDQSBwb2xpY3ksIHJlbGlhbmNlIG9ubHkgZm9yIHRoZSBpbnRlbmRlZCBwdXJwb3NlIGlu IGNvbXBsaWFuY2Ugb2YgdGhlIHJlbHlpbmcgcGFydHkgb2JsaWdhdGlvbnMuMIGcBggrBgEFBQcC AjCBjzAnFiBTdGFydENvbSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTADAgECGmRMaWFiaWxpdHkg YW5kIHdhcnJhbnRpZXMgYXJlIGxpbWl0ZWQhIFNlZSBzZWN0aW9uICJMZWdhbCBhbmQgTGltaXRh dGlvbnMiIG9mIHRoZSBTdGFydENvbSBDQSBwb2xpY3kuMDYGA1UdHwQvMC0wK6ApoCeGJWh0dHA6 Ly9jcmwuc3RhcnRzc2wuY29tL2NydHUyLWNybC5jcmwwgY4GCCsGAQUFBwEBBIGBMH8wOQYIKwYB BQUHMAGGLWh0dHA6Ly9vY3NwLnN0YXJ0c3NsLmNvbS9zdWIvY2xhc3MyL2NsaWVudC9jYTBCBggr BgEFBQcwAoY2aHR0cDovL2FpYS5zdGFydHNzbC5jb20vY2VydHMvc3ViLmNsYXNzMi5jbGllbnQu Y2EuY3J0MCMGA1UdEgQcMBqGGGh0dHA6Ly93d3cuc3RhcnRzc2wuY29tLzANBgkqhkiG9w0BAQUF AAOCAQEAEcfD4PmHrX+W3zaP/KsR4gwLAL0UTaMz14SIng6a9F3kb8ZDbTUneS9ubgpqeJQP2IFc 0U5gQnJ3XeCH6p9I88mvm1NqKQw8WvfglS0aIS19vfpTgXJSPdIO2JJPRqaBtXf3zkdXJwckX9/d NMrLGeGvaFT9fUNdQdHU4BI1pVUpgKr796T7LTc/ERfH8iFp1+CmdVkJ6Y2iJdWUp4h17XmbxbIT 0CdS4SSk/VW8LFsn/mVz6hB73VthwjGsIku54Wp4pRuq1KX+pATnRk3pHRa1z3mxJMmq7OEXENcC Vm+bAnyUrYbUilNS9UVTYS8/3dVsKiNupBaOZO+vOgJqVDCCB+IwggXKoAMCAQICAQ4wDQYJKoZI hvcNAQEFBQAwfTELMAkGA1UEBhMCSUwxFjAUBgNVBAoTDVN0YXJ0Q29tIEx0ZC4xKzApBgNVBAsT IlNlY3VyZSBEaWdpdGFsIENlcnRpZmljYXRlIFNpZ25pbmcxKTAnBgNVBAMTIFN0YXJ0Q29tIENl cnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA3MTAyNDIxMDI1NFoXDTEyMTAyMjIxMDI1NFowgYwx CzAJBgNVBAYTAklMMRYwFAYDVQQKEw1TdGFydENvbSBMdGQuMSswKQYDVQQLEyJTZWN1cmUgRGln aXRhbCBDZXJ0aWZpY2F0ZSBTaWduaW5nMTgwNgYDVQQDEy9TdGFydENvbSBDbGFzcyAyIFByaW1h cnkgSW50ZXJtZWRpYXRlIENsaWVudCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB AMsohUWcASz7GfKrpTOMKqANy9BV7V0igWdGxA8IU77L3aTxErQ+fcxtDYZ36Z6GH0YFn7fq5RAD teP0AYzrCA+EQTfi8q1+kA3m0nwtwXG94M5sIqsvs7lRP1aycBke/s5g9hJHryZ2acScnzczjBCA o7X1v5G3yw8MDP2m2RCye0KfgZ4nODerZJVzhAlOD9YejvAXZqHksw56HzElVIoYSZ3q4+RJuPXX fIoyby+Y2m1E+YzX5iCZXBx05gk6MKAW1vaw4/v2OOLy6FZH3XHHtOkzUreG//CsFnB9+uaYSlR6 5cdGzTsmoIK8WH1ygoXhRBm98SD7Hf/r3FELNvUCAwEAAaOCA1swggNXMAwGA1UdEwQFMAMBAf8w CwYDVR0PBAQDAgGmMB0GA1UdDgQWBBSuVYNv7DHKufcd+q9rMfPIHeOsuzCBqAYDVR0jBIGgMIGd gBROC+8apEBbpRdphzDKNGhD0EGu8qGBgaR/MH0xCzAJBgNVBAYTAklMMRYwFAYDVQQKEw1TdGFy dENvbSBMdGQuMSswKQYDVQQLEyJTZWN1cmUgRGlnaXRhbCBDZXJ0aWZpY2F0ZSBTaWduaW5nMSkw JwYDVQQDEyBTdGFydENvbSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eYIBATAJBgNVHRIEAjAAMD0G CCsGAQUFBwEBBDEwLzAtBggrBgEFBQcwAoYhaHR0cDovL3d3dy5zdGFydHNzbC5jb20vc2ZzY2Eu Y3J0MGAGA1UdHwRZMFcwLKAqoCiGJmh0dHA6Ly9jZXJ0LnN0YXJ0Y29tLm9yZy9zZnNjYS1jcmwu Y3JsMCegJaAjhiFodHRwOi8vY3JsLnN0YXJ0c3NsLmNvbS9zZnNjYS5jcmwwggFdBgNVHSAEggFU MIIBUDCCAUwGCysGAQQBgbU3AQEEMIIBOzAvBggrBgEFBQcCARYjaHR0cDovL2NlcnQuc3RhcnRj b20ub3JnL3BvbGljeS5wZGYwNQYIKwYBBQUHAgEWKWh0dHA6Ly9jZXJ0LnN0YXJ0Y29tLm9yZy9p bnRlcm1lZGlhdGUucGRmMIHQBggrBgEFBQcCAjCBwzAnFiBTdGFydCBDb21tZXJjaWFsIChTdGFy dENvbSkgTHRkLjADAgEBGoGXTGltaXRlZCBMaWFiaWxpdHksIHJlYWQgdGhlIHNlY3Rpb24gKkxl Z2FsIExpbWl0YXRpb25zKiBvZiB0aGUgU3RhcnRDb20gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkg UG9saWN5IGF2YWlsYWJsZSBhdCBodHRwOi8vY2VydC5zdGFydGNvbS5vcmcvcG9saWN5LnBkZjAR BglghkgBhvhCAQEEBAMCAAcwUAYJYIZIAYb4QgENBEMWQVN0YXJ0Q29tIENsYXNzIDIgUHJpbWFy eSBJbnRlcm1lZGlhdGUgRnJlZSBTU0wgRW1haWwgQ2VydGlmaWNhdGVzMA0GCSqGSIb3DQEBBQUA A4ICAQAe9xAX/vbphHkvkDdNrslXWdO7fD3JaqnTT3jmmDu55r7UpW1H/v/J40UBXsw9DKU8TylE 4RwZT5HDAMW42f1x498AzM4FOnL/pUTTvr6BiRlrify5ZovkDYVWjy1GYTJ+hPiBEv0HmHnDxjhn JIIkEvJ+niMHLLEdpNMhZnxMiTFRAtIF4WeYcpgXBjAxsEDRKBvw40K+r3N4lykySQNp2ElIJ8H1 z2BmhxtppUdWpOVJ4Q1Gvn9jfV1qnMhFCDY+X1X8DrkKrTcpDExcGlefweQs7+DYUK3spiQkJpN7 qpPYlfy2GYHedv7lGa1ZAghMI/4882QVAK2zq6M60nHpOUMtYD61XtAs3ZD5L3yn9LCdeK2j4ZbQ 3uRdwvxAMFWwXyUK/ALP4lCu9QhxbnETOkBWT3FJul4/FUgzM0RRCEGhuQWiOFSoa35XJTcYf/4E /ZuvOXhK04nUpe7DYTMWzRqL04yyoJQVHKHKSboytueydKuqFZKdJA9gi77OnPBYL/yxkXGgkLC9 tsi77oT4AgZry0/6lgX56ak+f/umQihNPgtKSQQjEYq9S8MlOHzpUM0vxsghATYsdUPBw6r6ZxDH jXoUAD03DUMEbKsWvqFB7nJNVesngbu8miw1EYLA+fHfTaCidoV3CL75jKqM/KE87qrh9Fqti9bK qnkvpTGCA2wwggNoAgEBMIGTMIGMMQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3RhcnRDb20gTHRk LjErMCkGA1UECxMiU2VjdXJlIERpZ2l0YWwgQ2VydGlmaWNhdGUgU2lnbmluZzE4MDYGA1UEAxMv U3RhcnRDb20gQ2xhc3MgMiBQcmltYXJ5IEludGVybWVkaWF0ZSBDbGllbnQgQ0ECAh5cMAkGBSsO AwIaBQCgggGtMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTEyMDcw MTIwMjQ1NlowIwYJKoZIhvcNAQkEMRYEFGAQdQZTiNehYuivFQwLN3bg9mLkMIGkBgkrBgEEAYI3 EAQxgZYwgZMwgYwxCzAJBgNVBAYTAklMMRYwFAYDVQQKEw1TdGFydENvbSBMdGQuMSswKQYDVQQL EyJTZWN1cmUgRGlnaXRhbCBDZXJ0aWZpY2F0ZSBTaWduaW5nMTgwNgYDVQQDEy9TdGFydENvbSBD bGFzcyAyIFByaW1hcnkgSW50ZXJtZWRpYXRlIENsaWVudCBDQQICHlwwgaYGCyqGSIb3DQEJEAIL MYGWoIGTMIGMMQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMi U2VjdXJlIERpZ2l0YWwgQ2VydGlmaWNhdGUgU2lnbmluZzE4MDYGA1UEAxMvU3RhcnRDb20gQ2xh c3MgMiBQcmltYXJ5IEludGVybWVkaWF0ZSBDbGllbnQgQ0ECAh5cMA0GCSqGSIb3DQEBAQUABIIB AFT9drm83O1JPw9DylOmO0e81spugeEHa+szaBHO5nP/hBomf/3RmGd/KhB00MSW7k4CiSi6E2m1 qKcI918DuLdaNiAI7Cd1kpx+fodCZYnE0XjqXIc8tcDmgWU7QoGvavJIlcLeY3LMs0g96kVsipGU bwDrHRSxhGayuinLZ3IDVKFlwi9fP1xjLv87CSQudiNa8/OooXLIPw6SBlRKuqtbNn7yi589X0qw vfnUcs58EfEdcpYsl43hMyz5y9FkdSDcufYSRCbbhwKajyGsiDUIYh/64PCVTAUvMUl3s+RYQWaL 6tYstkrnva0DcB2Tt3Ek3Dq19GWgSPCImJEQUTMAAAAAAAA= --Apple-Mail=_87207477-2EC4-40DE-B03F-560D74053DB1-- From ve7jtb@ve7jtb.com Sun Jul 1 14:21:55 2012 Return-Path: X-Original-To: oauth@ietfa.amsl.com Delivered-To: oauth@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8A6F411E80F7 for ; Sun, 1 Jul 2012 14:21:55 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -3.445 X-Spam-Level: X-Spam-Status: No, score=-3.445 tagged_above=-999 required=5 tests=[AWL=0.153, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tRQd2+WceJW8 for ; Sun, 1 Jul 2012 14:21:54 -0700 (PDT) Received: from mail-gg0-f172.google.com (mail-gg0-f172.google.com [209.85.161.172]) by ietfa.amsl.com (Postfix) with ESMTP id 9D70011E80E9 for ; Sun, 1 Jul 2012 14:21:54 -0700 (PDT) Received: by ggnc4 with SMTP id c4so4130372ggn.31 for ; Sun, 01 Jul 2012 14:21:57 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=from:content-type:subject:date:message-id:cc:to:mime-version :x-mailer:x-gm-message-state; bh=3PRc0kH+55R+8Txm96dFw40jEt0NDaBhaMLJ8CW17oE=; b=SK0grIa9M/EnPX8dIIucnTzd93+vGUlQMSxdSnXex25jcHvSvzRwhZLwQ294uajh3Y xez9mtYr3WEgPi4XhB/sYfJOyf77IvW/Yf1DsUjgKz3vuwt4QtmbUVAPuYE0jUAnY7xo hcGh91nljOhobr99ycLQVd20kGiMtN4B5eDlwfff8nTVuNMYJU/yv7AvH/CGwKEDOkHr SoAOc/9mrgElQUdJg/RWOjR80M6nHYnw8x8JG56iHhvDjeYuIeyvuDd2mQf/OF9MGNzI /dX67WDn0DQHeNyiGmj/GTfDgSC5Kr4rOrD9m7GacZbO5u2FkMAvo/2SMLcuSIto3koz T73w== Received: by 10.101.135.22 with SMTP id m22mr3641026ann.67.1341177717254; Sun, 01 Jul 2012 14:21:57 -0700 (PDT) Received: from [192.168.1.211] (190-20-56-144.baf.movistar.cl. [190.20.56.144]) by mx.google.com with ESMTPS id b58sm20880498yhh.16.2012.07.01.14.21.54 (version=TLSv1/SSLv3 cipher=OTHER); Sun, 01 Jul 2012 14:21:55 -0700 (PDT) From: John Bradley Content-Type: multipart/signed; boundary="Apple-Mail=_31DDB3F8-ABD9-4CB0-B65A-41B38ECA1863"; protocol="application/pkcs7-signature"; micalg=sha1 Date: Sun, 1 Jul 2012 17:21:47 -0400 Message-Id: <65225399-494A-41B1-89EC-81B9EC22FE71@ve7jtb.com> To: "oauth@ietf.org WG" Mime-Version: 1.0 (Apple Message framework v1278) X-Mailer: Apple Mail (2.1278) X-Gm-Message-State: ALoCoQmKO5Yi2346QewN23paqaE97+CMhTHmp2WOzHHxg2po2Tv8+fPbPmakKmn7Q1BVQr74eg+K Subject: [OAUTH-WG] New Text for Sec 3.2.1 & 4.1.3 X-BeenThere: oauth@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: OAUTH WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 01 Jul 2012 21:21:55 -0000 --Apple-Mail=_31DDB3F8-ABD9-4CB0-B65A-41B38ECA1863 Content-Type: multipart/alternative; boundary="Apple-Mail=_28986B7B-18CA-4115-938D-FD073CB9402B" --Apple-Mail=_28986B7B-18CA-4115-938D-FD073CB9402B Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii Sec 4.1.2 states: The authorization code is bound to the client identifier and redirection = URI. The security concern Sec 10.5 states If the client can be authenticated, the authorization servers MUST authenticate the client and ensure that the authorization code was issued to the same client. Sec 3.2.1=20 A public client that was not issued a client password MAY use the "client_id" request parameter to identify itself when sending requests to the token endpoint (e.g. for the purpose of providing end-user context, client usage statistics). Nothing in the current spec requires that a Public client send it's = client_id or redirect_uri to the token endpoint. The client _id is only sent if it is a confidential client capable of = authenticating itself. The redirect_uri is only sent if the 'redirect_uri' parameter was = included in the authorization request. If the client has one registered redirect_uri it would not be sent to = the authorization or token endpoint. This leaves us with public clients using code flow that cannot determine = if a token was granted to them or some other public client. I propose changing Sec 3.2.1 to read: A public client that was not issued a client password MUST use the "client_id" request parameter to identify itself when sending requests to the token endpoint. This allows the authorization server=20= to ensure that the code was issued to the same client. =20 Sending "client_id" prevents the client from inadvertently accepting a code intended for a client with a different "client_id". Also change Sec 4.1.3 from: o authenticate the client if client authentication is included and ensure the authorization code was issued to the authenticated client, To: o authenticate the client if client authentication is included, o ensure the authorization code was issued to the authenticated=20 confidential client or to the public client identified by the 'client_id', =20 The Original text implies that it is a good idea to send it, but is = unclear on what security it provides. It is a small change that should not brake existing implementations, but = will increase security for public clients using the code flow. Regards John B. --Apple-Mail=_28986B7B-18CA-4115-938D-FD073CB9402B Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=us-ascii Sec = 4.1.2 states:

The =
authorization code is bound to the client identifier and redirection =
URI.

The security concern Sec 10.5 = states

   If the client can be authenticated, =
the authorization servers MUST
   authenticate the client and ensure that the authorization code was
   issued to the same client.


Sec 3.2.1 
A =
public client that was not issued a client password MAY use the
   "client_id" request parameter to identify itself when sending
   requests to the token endpoint (e.g. for the purpose of providing
   end-user context, client usage statistics).


Nothing in the current spec requires =
that a Public client send it's client_id or redirect_uri to the token =
endpoint.
The client _id is only sent if it is a confidential =
client capable of authenticating itself.
The redirect_uri is =
only sent if the 'redirect_uri' parameter was included in the =
authorization request.
If the client has one registered =
redirect_uri it would not be sent to the authorization or token =
endpoint.

This leaves us with public clients =
using code flow that cannot determine if a token was granted to them or =
some other public client.


I =
propose changing Sec 3.2.1 to read:

A public client that was not issued a =
client password MUST use the
   "client_id" request parameter to identify itself when sending
   requests to the token endpoint. This allows the authorization =
server 
   to ensure that the code was issued =
to the same client.  
   Sending "client_id" prevents =
the client from
   inadvertently accepting a code =
intended for a client with a different
   =
"client_id".

Also =
change Sec 4.1.3 from:
o  authenticate the client if client =
authentication is included and
      ensure the authorization code was issued to the =
authenticated
      client,

o  =
authenticate the client if client authentication is included,
o  ensure the authorization code was =
issued to the authenticated 
   =
confidential client or to the public client identified by the
  =
'client_id',


 
The Original text implies that it is a =
good idea to send it, but is unclear on what security it =
provides.

It is =
a small change that should not brake existing implementations, but will =
increase security for public clients using the code flow.

John B.
Thread-Topic: [OAUTH-WG] New Text for Sec 3.2.1 & 4.1.3
Thread-Index: AQHNV8+SgcartG06aE6zQe70RNTghJcWG9mw
Date: Mon, 2 Jul 2012 15:17:18 +0000
Message-ID: <4E1F6AAD24975D4BA5B1680429673943665727AC@TK5EX14MBXC283.redmond.corp.microsoft.com>
References: <65225399-494A-41B1-89EC-81B9EC22FE71@ve7jtb.com>
In-Reply-To: <65225399-494A-41B1-89EC-81B9EC22FE71@ve7jtb.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-originating-ip: [157.54.51.37]
Content-Type: multipart/alternative; boundary="_000_4E1F6AAD24975D4BA5B1680429673943665727ACTK5EX14MBXC283r_"
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
Subject: Re: [OAUTH-WG] New Text for Sec 3.2.1 & 4.1.3
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG 
List-Unsubscribe: , 
List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: , 
X-List-Received-Date: Mon, 02 Jul 2012 15:17:19 -0000

--_000_4E1F6AAD24975D4BA5B1680429673943665727ACTK5EX14MBXC283r_
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

I believe we should adopt this revised text.

                                                            -- Mike

From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On Behalf Of J=
ohn Bradley
Sent: Sunday, July 01, 2012 2:22 PM
To: oauth@ietf.org WG
Subject: [OAUTH-WG] New Text for Sec 3.2.1 & 4.1.3

Sec 4.1.2 states:


The authorization code is bound to the client identifier and redirection UR=
I.

The security concern Sec 10.5 states


   If the client can be authenticated, the authorization servers MUST

   authenticate the client and ensure that the authorization code was

   issued to the same client.



Sec 3.2.1

A public client that was not issued a client password MAY use the

   "client_id" request parameter to identify itself when sending

   requests to the token endpoint (e.g. for the purpose of providing

   end-user context, client usage statistics).



Nothing in the current spec requires that a Public client send it's client_=
id or redirect_uri to the token endpoint.

The client _id is only sent if it is a confidential client capable of authe=
nticating itself.

The redirect_uri is only sent if the 'redirect_uri' parameter was included =
in the authorization request.

If the client has one registered redirect_uri it would not be sent to the a=
uthorization or token endpoint.



This leaves us with public clients using code flow that cannot determine if=
 a token was granted to them or some other public client.





I propose changing Sec 3.2.1 to read:



A public client that was not issued a client password MUST use the

   "client_id" request parameter to identify itself when sending

   requests to the token endpoint. This allows the authorization server

   to ensure that the code was issued to the same client.

   Sending "client_id" prevents the client from

   inadvertently accepting a code intended for a client with a different

   "client_id".


Also change Sec 4.1.3 from:

o  authenticate the client if client authentication is included and

      ensure the authorization code was issued to the authenticated

      client,


To:

o  authenticate the client if client authentication is included,

o  ensure the authorization code was issued to the authenticated

   confidential client or to the public client identified by the

  'client_id',








The Original text implies that it is a good idea to send it, but is unclear=
 on what security it provides.


It is a small change that should not brake existing implementations, but wi=
ll increase security for public clients using the code flow.


Regards

John B.




--_000_4E1F6AAD24975D4BA5B1680429673943665727ACTK5EX14MBXC283r_
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable











I believe we should adopt=
 this revised text.


 <=
/p>

    &=
nbsp;           &nbs=
p;            &=
nbsp;           &nbs=
p;            &=
nbsp;     -- Mike


 <=
/p>

From: oauth-bo=
unces@ietf.org [mailto:oauth-bounces@ietf.org]
On Behalf Of John Bradley

Sent: Sunday, July 01, 2012 2:22 PM

To: oauth@ietf.org WG

Subject: [OAUTH-WG] New Text for Sec 3.2.1 & 4.1.3


 


Sec 4.1.2 states:




 






The authorizatio=
n code is bound to the client identifier and redirection URI.






 








The security concern Sec 10.5 states








 




   If =
the client can be authenticated, the authorization servers MUST<=
/span>


   authenticate the client and ensure that the authoriz=
ation code was


   issued to the same client.




 






Sec 3.2.1 






A public client =
that was not issued a client password MAY use the


   "client_id" request parameter to identify =
itself when sending


   requests to the token endpoint (e.g. for the purpose=
 of providing


   end-user context, client usage statistics).






 






Nothing in the current spec requires that a Public client send it=
's client_id or redirect_uri to the token endpoint.






The client _id is only sent if it is a confidential client capabl=
e of authenticating itself.






The redirect_uri is only sent if the 'redirect_uri' parameter was=
 included in the authorization request.






If the client has one registered redirect_uri it would not be sen=
t to the authorization or token endpoint.






 






This leaves us with public clients using code flow that cannot de=
termine if a token was granted to them or some other public client.






 






 






I propose changing Sec 3.2.1 to read:






 




A public client =
that was not issued a client password MUST use the


   "client_id" request parameter to identify =
itself when sending


   requests to the token endpoint. This allows the auth=
orization server 


   to =
ensure that the code was issued to the same client.  


   Sen=
ding "client_id" prevents the client from<=
/pre>

   ina=
dvertently accepting a code intended for a client with a different


   &qu=
ot;client_id".





Also change Sec =
4.1.3 from:


o  authenti=
cate the client if client authentication is included and<=
/pre>

      ensure the authorization code was =
issued to the authenticated


  &nbs=
p;   client,





To:


o  authenti=
cate the client if client authentication is included,

o  ensure t=
he authorization code was issued to the authenticated 

  &nbs=
p;confidential client or to the public client identified by the<=
/span>


  'client_i=
d',




 






 




 





The Original tex=
t implies that it is a good idea to send it, but is unclear on what securit=
y it provides.





It is a small ch=
ange that should not brake existing implementations, but will increase secu=
rity for public clients using the code flow.





Regards


John B.







 






--_000_4E1F6AAD24975D4BA5B1680429673943665727ACTK5EX14MBXC283r_--

From phil.hunt@oracle.com  Mon Jul  2 08:25:14 2012
Return-Path: 
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 38FD121F86BA for ; Mon,  2 Jul 2012 08:25:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.623
X-Spam-Level: 
X-Spam-Status: No, score=-9.623 tagged_above=-999 required=5 tests=[AWL=-0.421, BAYES_00=-2.599, HTML_MESSAGE=0.001, MIME_QP_LONG_LINE=1.396, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uDBzHeTVelW9 for ; Mon,  2 Jul 2012 08:25:13 -0700 (PDT)
Received: from rcsinet15.oracle.com (rcsinet15.oracle.com [148.87.113.117]) by ietfa.amsl.com (Postfix) with ESMTP id 1976021F85CD for ; Mon,  2 Jul 2012 08:25:12 -0700 (PDT)
Received: from acsinet21.oracle.com (acsinet21.oracle.com [141.146.126.237]) by rcsinet15.oracle.com (Sentrion-MTA-4.2.2/Sentrion-MTA-4.2.2) with ESMTP id q62FPG72029212 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Mon, 2 Jul 2012 15:25:17 GMT
Received: from acsmt357.oracle.com (acsmt357.oracle.com [141.146.40.157]) by acsinet21.oracle.com (8.14.4+Sun/8.14.4) with ESMTP id q62FPG7u006327 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 2 Jul 2012 15:25:16 GMT
Received: from abhmt120.oracle.com (abhmt120.oracle.com [141.146.116.72]) by acsmt357.oracle.com (8.12.11.20060308/8.12.11) with ESMTP id q62FPF24025557; Mon, 2 Jul 2012 10:25:16 -0500
Received: from [192.168.1.125] (/174.7.250.104) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Mon, 02 Jul 2012 08:25:15 -0700
References: <65225399-494A-41B1-89EC-81B9EC22FE71@ve7jtb.com> <4E1F6AAD24975D4BA5B1680429673943665727AC@TK5EX14MBXC283.redmond.corp.microsoft.com>
In-Reply-To: <4E1F6AAD24975D4BA5B1680429673943665727AC@TK5EX14MBXC283.redmond.corp.microsoft.com>
Mime-Version: 1.0 (1.0)
Content-Transfer-Encoding: 7bit
Content-Type: multipart/alternative; boundary=Apple-Mail-2F19B0C8-F3C0-4E8D-8ADD-C38983911071
Message-Id: 
X-Mailer: iPhone Mail (9B206)
From: Phil Hunt 
Date: Mon, 2 Jul 2012 08:25:16 -0700
To: Mike Jones 
X-Source-IP: acsinet21.oracle.com [141.146.126.237]
Cc: "oauth@ietf.org WG" 
Subject: Re: [OAUTH-WG] New Text for Sec 3.2.1 & 4.1.3
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG 
List-Unsubscribe: , 
List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: , 
X-List-Received-Date: Mon, 02 Jul 2012 15:25:14 -0000

--Apple-Mail-2F19B0C8-F3C0-4E8D-8ADD-C38983911071
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
	charset=us-ascii

+1

Phil

On 2012-07-02, at 8:17, Mike Jones  wrote:

> I believe we should adopt this revised text.
> =20
>                                                             -- Mike
> =20
> From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On Behalf Of J=
ohn Bradley
> Sent: Sunday, July 01, 2012 2:22 PM
> To: oauth@ietf.org WG
> Subject: [OAUTH-WG] New Text for Sec 3.2.1 & 4.1.3
> =20
> Sec 4.1.2 states:
> =20
> The authorization code is bound to the client identifier and redirection U=
RI.
> =20
> The security concern Sec 10.5 states
> =20
>    If the client can be authenticated, the authorization servers MUST
>    authenticate the client and ensure that the authorization code was
>    issued to the same client.
> =20
> Sec 3.2.1=20
> A public client that was not issued a client password MAY use the
>    "client_id" request parameter to identify itself when sending
>    requests to the token endpoint (e.g. for the purpose of providing
>    end-user context, client usage statistics).
> =20
> Nothing in the current spec requires that a Public client send it's client=
_id or redirect_uri to the token endpoint.
> The client _id is only sent if it is a confidential client capable of auth=
enticating itself.
> The redirect_uri is only sent if the 'redirect_uri' parameter was included=
 in the authorization request.
> If the client has one registered redirect_uri it would not be sent to the a=
uthorization or token endpoint.
> =20
> This leaves us with public clients using code flow that cannot determine i=
f a token was granted to them or some other public client.
> =20
> =20
> I propose changing Sec 3.2.1 to read:
> =20
> A public client that was not issued a client password MUST use the
>    "client_id" request parameter to identify itself when sending
>    requests to the token endpoint. This allows the authorization server=20=

>    to ensure that the code was issued to the same client. =20
>    Sending "client_id" prevents the client from
>    inadvertently accepting a code intended for a client with a different
>    "client_id".
>=20
>  Also change Sec 4.1.3 from:
> o  authenticate the client if client authentication is included and
>       ensure the authorization code was issued to the authenticated
>       client,
>=20
>  To:
> o  authenticate the client if client authentication is included,
> o  ensure the authorization code was issued to the authenticated=20
>    confidential client or to the public client identified by the
>   'client_id',
> =20
> =20
> =20
>=20
>  The Original text implies that it is a good idea to send it, but is uncle=
ar on what security it provides.
>=20
>  It is a small change that should not brake existing implementations, but w=
ill increase security for public clients using the code flow.
>=20
>  Regards
> John B.
>=20
>=20
> =20
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth

--Apple-Mail-2F19B0C8-F3C0-4E8D-8ADD-C38983911071
Content-Transfer-Encoding: 7bit
Content-Type: text/html;
	charset=utf-8


+1

Phil

On 2012-07-02, at 8:17, Mike Jones <Michael.Jones@microsoft.com> wrote:











I believe we should adopt this revised text.


 


                                                            -- Mike


 


From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org]
On Behalf Of John Bradley

Sent: Sunday, July 01, 2012 2:22 PM

To: oauth@ietf.org WG

Subject: [OAUTH-WG] New Text for Sec 3.2.1 & 4.1.3


 


Sec 4.1.2 states:




 






The authorization code is bound to the client identifier and redirection URI.






 








The security concern Sec 10.5 states








 




   If the client can be authenticated, the authorization servers MUST


   authenticate the client and ensure that the authorization code was


   issued to the same client.




 






Sec 3.2.1 






A public client that was not issued a client password MAY use the


   "client_id" request parameter to identify itself when sending


   requests to the token endpoint (e.g. for the purpose of providing


   end-user context, client usage statistics).






 






Nothing in the current spec requires that a Public client send it's client_id or redirect_uri to the token endpoint.






The client _id is only sent if it is a confidential client capable of authenticating itself.






The redirect_uri is only sent if the 'redirect_uri' parameter was included in the authorization request.






If the client has one registered redirect_uri it would not be sent to the authorization or token endpoint.






 






This leaves us with public clients using code flow that cannot determine if a token was granted to them or some other public client.






 






 






I propose changing Sec 3.2.1 to read:






 




A public client that was not issued a client password MUST use the


   "client_id" request parameter to identify itself when sending


   requests to the token endpoint. This allows the authorization server 


   to ensure that the code was issued to the same client.  


   Sending "client_id" prevents the client from


   inadvertently accepting a code intended for a client with a different


   "client_id".





Also change Sec 4.1.3 from:


o  authenticate the client if client authentication is included and


      ensure the authorization code was issued to the authenticated


      client,





To:


o  authenticate the client if client authentication is included,


o  ensure the authorization code was issued to the authenticated 


   confidential client or to the public client identified by the


  'client_id',




 






 




 





The Original text implies that it is a good idea to send it, but is unclear on what security it provides.





It is a small change that should not brake existing implementations, but will increase security for public clients using the code flow.





Regards


John B.







 






_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth

--Apple-Mail-2F19B0C8-F3C0-4E8D-8ADD-C38983911071--

From jricher@mitre.org  Mon Jul  2 08:32:49 2012
Return-Path: 
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 06EC421F8555 for ; Mon,  2 Jul 2012 08:32:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.531
X-Spam-Level: 
X-Spam-Status: No, score=-6.531 tagged_above=-999 required=5 tests=[AWL=0.067,  BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CAHvd7qt2SdO for ; Mon,  2 Jul 2012 08:32:43 -0700 (PDT)
Received: from smtpksrv1.mitre.org (smtpksrv1.mitre.org [198.49.146.77]) by ietfa.amsl.com (Postfix) with ESMTP id 8435221F84B6 for ; Mon,  2 Jul 2012 08:32:43 -0700 (PDT)
Received: from smtpksrv1.mitre.org (localhost.localdomain [127.0.0.1]) by localhost (Postfix) with SMTP id 5288121B0E58 for ; Mon,  2 Jul 2012 11:32:48 -0400 (EDT)
Received: from IMCCAS04.MITRE.ORG (imccas04.mitre.org [129.83.29.81]) by smtpksrv1.mitre.org (Postfix) with ESMTP id 453F621B0E54 for ; Mon,  2 Jul 2012 11:32:48 -0400 (EDT)
Received: from [129.83.50.26] (129.83.31.51) by IMCCAS04.MITRE.ORG (129.83.29.81) with Microsoft SMTP Server (TLS) id 14.2.283.3; Mon, 2 Jul 2012 11:32:47 -0400
Message-ID: <4FF1BEFF.8040103@mitre.org>
Date: Mon, 2 Jul 2012 11:32:15 -0400
From: Justin Richer 
User-Agent: Mozilla/5.0 (X11; Linux i686; rv:13.0) Gecko/20120615 Thunderbird/13.0.1
MIME-Version: 1.0
To: 
References: <65225399-494A-41B1-89EC-81B9EC22FE71@ve7jtb.com> <4E1F6AAD24975D4BA5B1680429673943665727AC@TK5EX14MBXC283.redmond.corp.microsoft.com>
In-Reply-To: <4E1F6AAD24975D4BA5B1680429673943665727AC@TK5EX14MBXC283.redmond.corp.microsoft.com>
Content-Type: multipart/alternative; boundary="------------070606040901040106000307"
X-Originating-IP: [129.83.31.51]
Subject: Re: [OAUTH-WG] New Text for Sec 3.2.1 & 4.1.3
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG 
List-Unsubscribe: , 
List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: , 
X-List-Received-Date: Mon, 02 Jul 2012 15:32:49 -0000

--------------070606040901040106000307
Content-Type: text/plain; charset="ISO-8859-1"; format=flowed
Content-Transfer-Encoding: 7bit

I'm generally OK with the change, though it does change One problem I 
have with this is that it can give a false sense of security about the 
information being sent to the token endpoint and how trustworthy it is. 
A client_id is public knowledge, and so someone impersonating a client 
on the Authentication Endpoint could also impersonate it on the Token 
Endpoint just as easily. This is not the attack that's being addressed 
here, and the possible phishing vector in the one I'm describing is both 
well known and, I believe, well covered by the existing documents. 
However, I think the new text might confuse people into conflating these 
two.

Basically, I think it needs to be made very clear, especially with this 
change of text, that a client_id on its own should never be taken as 
sufficient for authentication of the client. The context of the user's 
decision, among other things, is as important as a client secret.

  -- Justin

On 07/02/2012 11:17 AM, Mike Jones wrote:
>
> I believe we should adopt this revised text.
>
> -- Mike
>
> *From:*oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] *On 
> Behalf Of *John Bradley
> *Sent:* Sunday, July 01, 2012 2:22 PM
> *To:* oauth@ietf.org WG
> *Subject:* [OAUTH-WG] New Text for Sec 3.2.1 & 4.1.3
>
> Sec 4.1.2 states:
>
> The authorization code is bound to the client identifier and redirection URI.
>
> The security concern Sec 10.5 states
>
>     If the client can be authenticated, the authorization servers MUST
>     authenticate the client and ensure that the authorization code was
>     issued to the same client.
>   
> Sec 3.2.1
> A public client that was not issued a client password MAY use the
>     "client_id" request parameter to identify itself when sending
>     requests to the token endpoint (e.g. for the purpose of providing
>     end-user context, client usage statistics).
>   
> Nothing in the current spec requires that a Public client send it's client_id or redirect_uri to the token endpoint.
> The client _id is only sent if it is a confidential client capable of authenticating itself.
> The redirect_uri is only sent if the 'redirect_uri' parameter was included in the authorization request.
> If the client has one registered redirect_uri it would not be sent to the authorization or token endpoint.
>   
> This leaves us with public clients using code flow that cannot determine if a token was granted to them or some other public client.
>   
>   
> I propose changing Sec 3.2.1 to read:
>   
> A public client that was not issued a client password MUST use the
>     "client_id" request parameter to identify itself when sending
>     requests to the token endpoint. This allows the authorization server
>     to ensure that the code was issued to the same client.
>     Sending "client_id" prevents the client from
>     inadvertently accepting a code intended for a client with a different
>     "client_id".
>
> Also change Sec 4.1.3 from:
> o  authenticate the client if client authentication is included and
>        ensure the authorization code was issued to the authenticated
>        client,
>
> To:
> o  authenticate the client if client authentication is included,
> o  ensure the authorization code was issued to the authenticated
>     confidential client or to the public client identified by the
>    'client_id',
>   
>   
>   
>
> The Original text implies that it is a good idea to send it, but is unclear on what security it provides.
>
> It is a small change that should not brake existing implementations, but will increase security for public clients using the code flow.
>
> Regards
> John B.
>
>
>
>
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth



--------------070606040901040106000307
Content-Type: text/html; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit


  
    
  
  
    
I'm generally OK with the change,
      though it does change One problem I have with this is that it can
      give a false sense of security about the information being sent to
      the token endpoint and how trustworthy it is. A client_id is
      public knowledge, and so someone impersonating a client on the
      Authentication Endpoint could also impersonate it on the Token
      Endpoint just as easily. This is not the attack that's being
      addressed here, and the possible phishing vector in the one I'm
      describing is both well known and, I believe, well covered by the
      existing documents. However, I think the new text might confuse
      people into conflating these two.

      

      Basically, I think it needs to be made very clear, especially with
      this change of text, that a client_id on its own should never be
      taken as sufficient for authentication of the client. The context
      of the user's decision, among other things, is as important as a
      client secret.

      

       -- Justin

      

      On 07/02/2012 11:17 AM, Mike Jones wrote:

    

    

      
      
      
      

        
I
            believe we should adopt this revised text.

        
 

        
                                                           
            -- Mike

        
 

        
From:
            oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org]
            On Behalf Of John Bradley

            Sent: Sunday, July 01, 2012 2:22 PM

            To: oauth@ietf.org WG

            Subject: [OAUTH-WG] New Text for Sec 3.2.1 &
            4.1.3

        
 

        
Sec 4.1.2 states:

        

          
 

        

        

          
The authorization code is bound to the client identifier and redirection URI.

          

            

              
 

            

          

          

            
The security concern Sec 10.5 states

          

        

        

          
 

        

        
   If the client can be authenticated, the authorization servers MUST

        
   authenticate the client and ensure that the authorization code was

        
   issued to the same client.

        

          
 

        

        

          
Sec 3.2.1 

        

        

          
A public client that was not issued a client password MAY use the

          
   "client_id" request parameter to identify itself when sending

          
   requests to the token endpoint (e.g. for the purpose of providing

          
   end-user context, client usage statistics).

        

        

          
 

        

        

          
Nothing in the current spec requires that a Public client send it's client_id or redirect_uri to the token endpoint.

        

        

          
The client _id is only sent if it is a confidential client capable of authenticating itself.

        

        

          
The redirect_uri is only sent if the 'redirect_uri' parameter was included in the authorization request.

        

        

          
If the client has one registered redirect_uri it would not be sent to the authorization or token endpoint.

        

        

          
 

        

        

          
This leaves us with public clients using code flow that cannot determine if a token was granted to them or some other public client.

        

        

          
 

        

        

          
 

        

        

          
I propose changing Sec 3.2.1 to read:

        

        

          
 

        

        
A public client that was not issued a client password MUST use the

        
   "client_id" request parameter to identify itself when sending

        
   requests to the token endpoint. This allows the authorization server 

        
   to ensure that the code was issued to the same client.  

        
   Sending "client_id" prevents the client from

        
   inadvertently accepting a code intended for a client with a different

        
   "client_id".

        

        
        
Also change Sec 4.1.3 from:

        
o  authenticate the client if client authentication is included and

        
      ensure the authorization code was issued to the authenticated

        
      client,

        

        
        
To:

        
o  authenticate the client if client authentication is included,

        
o  ensure the authorization code was issued to the authenticated 

        
   confidential client or to the public client identified by the

        
  'client_id',

        

          
 

        

        

          
 

        

        
 

        

        
        
The Original text implies that it is a good idea to send it, but is unclear on what security it provides.

        

        
        
It is a small change that should not brake existing implementations, but will increase security for public clients using the code flow.

        

        
        
Regards

        
John B.

        

          

        
        
 

      

      

      

      

      
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth


    

    

    

  


--------------070606040901040106000307--

From ve7jtb@ve7jtb.com  Mon Jul  2 09:17:11 2012
Return-Path: 
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EBF0F21F8738 for ; Mon,  2 Jul 2012 09:17:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.445
X-Spam-Level: 
X-Spam-Status: No, score=-3.445 tagged_above=-999 required=5 tests=[AWL=0.153,  BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sTZt0R-5rfBm for ; Mon,  2 Jul 2012 09:17:09 -0700 (PDT)
Received: from mail-gg0-f172.google.com (mail-gg0-f172.google.com [209.85.161.172]) by ietfa.amsl.com (Postfix) with ESMTP id 8E8F421F873A for ; Mon,  2 Jul 2012 09:17:09 -0700 (PDT)
Received: by ggnc4 with SMTP id c4so4748413ggn.31 for ; Mon, 02 Jul 2012 09:17:14 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=subject:mime-version:content-type:from:in-reply-to:date:cc :message-id:references:to:x-mailer:x-gm-message-state; bh=xX4bF5DsGfwyLM0Nub9GL/td9aUppXSui/yv4OGLlRU=; b=ImsEHUdxer3zHjRD+anGgwMBBrKdIk23s0DFE1MoHpDDjebjwhFxjipnaY9HaS4hla QLXUUvf6JrZgyMcJPJBuqTINF9rn0e5KM91xJfIOmzHKW9T00Lsu3ZjxhvniH7J9gejk GtOCzp3xk4hEYpzZa0ShdGhgTMocvHWezikm5twZXg5FNjH8BpCnQD2akeFGMtJlR/Zn /IWGhX0thZAdN/YB8Ns37d7IlZOOZFSKJXfkNgLlv5YtA/Xgv8/27OA1rfMSeD+jdpPb IjoAGP8GaKx1Q1uLnc5jfBCV805/htrmw+GLEus4DCFj9GP9PD9ANJP73ij4q7SoMpsO MGUw==
Received: by 10.236.120.7 with SMTP id o7mr15981342yhh.55.1341245834707; Mon, 02 Jul 2012 09:17:14 -0700 (PDT)
Received: from [192.168.1.211] (190-20-50-6.baf.movistar.cl. [190.20.50.6]) by mx.google.com with ESMTPS id z42sm25908268yhd.1.2012.07.02.09.17.04 (version=TLSv1/SSLv3 cipher=OTHER); Mon, 02 Jul 2012 09:17:13 -0700 (PDT)
Mime-Version: 1.0 (Apple Message framework v1278)
Content-Type: multipart/signed; boundary="Apple-Mail=_CC8D39F2-C96F-44E8-8FF7-757AE12CF268"; protocol="application/pkcs7-signature"; micalg=sha1
From: John Bradley 
In-Reply-To: <4FF1BEFF.8040103@mitre.org>
Date: Mon, 2 Jul 2012 12:16:46 -0400
Message-Id: <826FB14F-5091-4B66-AB11-DB76B7838259@ve7jtb.com>
References: <65225399-494A-41B1-89EC-81B9EC22FE71@ve7jtb.com> <4E1F6AAD24975D4BA5B1680429673943665727AC@TK5EX14MBXC283.redmond.corp.microsoft.com> <4FF1BEFF.8040103@mitre.org>
To: Justin Richer 
X-Mailer: Apple Mail (2.1278)
X-Gm-Message-State: ALoCoQmXwtcTK7BKQTVeQht24dXVrD6NLCLNypa4Hifswj0/SeK01whqoJRoF7qftxNGDzBVizop
Cc: oauth@ietf.org
Subject: Re: [OAUTH-WG] New Text for Sec 3.2.1 & 4.1.3
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG 
List-Unsubscribe: , 
List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: , 
X-List-Received-Date: Mon, 02 Jul 2012 16:17:11 -0000

--Apple-Mail=_CC8D39F2-C96F-44E8-8FF7-757AE12CF268
Content-Type: multipart/alternative;
	boundary="Apple-Mail=_01185528-34E5-42AE-8BE6-5E5A34072C1F"


--Apple-Mail=_01185528-34E5-42AE-8BE6-5E5A34072C1F
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
	charset=iso-8859-1

Using the code flow with a public client in itself creates a false sense =
of security.

I suspect that most developers think public =3D=3D implicit and =
confidential =3D=3D code.
While it is clear that there is a whole group of native apps that are =
public using the code flow.
For those clients the registered redirect URI is the only security.

This change adds a bit of protection for the client against an attacker =
swapping code in the message to gain privilege.

I agree that it adds no additional protection for the protected =
resource. (That is the reason it was not originally included I am =
guessing)

Confidential clients being protected from code being swapped,  is mostly =
a side effect of protecting code from being stolen over non TLS =
connections.

While I do appreciate the problem of making something incrementally =
safer but not safe,  I don't think it is a good idea to leave something =
vulnerable to a known attack that can be easily fixed.

In some ways not fixing this and just saying:
OAuth MUST NOT be used as a form of delegated end-user authentication by =
the client (e.g. third-party sign-in service).

The obvious problem with that is that people will just ignore it.

John B.
On 2012-07-02, at 11:32 AM, Justin Richer wrote:

> I'm generally OK with the change, though it does change One problem I =
have with this is that it can give a false sense of security about the =
information being sent to the token endpoint and how trustworthy it is. =
A client_id is public knowledge, and so someone impersonating a client =
on the Authentication Endpoint could also impersonate it on the Token =
Endpoint just as easily. This is not the attack that's being addressed =
here, and the possible phishing vector in the one I'm describing is both =
well known and, I believe, well covered by the existing documents. =
However, I think the new text might confuse people into conflating these =
two.
>=20
> Basically, I think it needs to be made very clear, especially with =
this change of text, that a client_id on its own should never be taken =
as sufficient for authentication of the client. The context of the =
user's decision, among other things, is as important as a client secret.
>=20
>  -- Justin
>=20
> On 07/02/2012 11:17 AM, Mike Jones wrote:
>> I believe we should adopt this revised text.
>> =20
>>                                                             -- Mike
>> =20
>> From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On =
Behalf Of John Bradley
>> Sent: Sunday, July 01, 2012 2:22 PM
>> To: oauth@ietf.org WG
>> Subject: [OAUTH-WG] New Text for Sec 3.2.1 & 4.1.3
>> =20
>> Sec 4.1.2 states:
>> =20
>> The authorization code is bound to the client identifier and =
redirection URI.
>> =20
>> The security concern Sec 10.5 states
>> =20
>>    If the client can be authenticated, the authorization servers MUST
>>    authenticate the client and ensure that the authorization code was
>>    issued to the same client.
>> =20
>> Sec 3.2.1=20
>> A public client that was not issued a client password MAY use the
>>    "client_id" request parameter to identify itself when sending
>>    requests to the token endpoint (e.g. for the purpose of providing
>>    end-user context, client usage statistics).
>> =20
>> Nothing in the current spec requires that a Public client send it's =
client_id or redirect_uri to the token endpoint.
>> The client _id is only sent if it is a confidential client capable of =
authenticating itself.
>> The redirect_uri is only sent if the 'redirect_uri' parameter was =
included in the authorization request.
>> If the client has one registered redirect_uri it would not be sent to =
the authorization or token endpoint.
>> =20
>> This leaves us with public clients using code flow that cannot =
determine if a token was granted to them or some other public client.
>> =20
>> =20
>> I propose changing Sec 3.2.1 to read:
>> =20
>> A public client that was not issued a client password MUST use the
>>    "client_id" request parameter to identify itself when sending
>>    requests to the token endpoint. This allows the authorization =
server=20
>>    to ensure that the code was issued to the same client. =20
>>    Sending "client_id" prevents the client from
>>    inadvertently accepting a code intended for a client with a =
different
>>    "client_id".
>>=20
>>  Also change Sec 4.1.3 from:
>> o  authenticate the client if client authentication is included and
>>       ensure the authorization code was issued to the authenticated
>>       client,
>>=20
>>  To:
>> o  authenticate the client if client authentication is included,
>> o  ensure the authorization code was issued to the authenticated=20
>>    confidential client or to the public client identified by the
>>   'client_id',
>> =20
>> =20
>> =20
>>=20
>>  The Original text implies that it is a good idea to send it, but is =
unclear on what security it provides.
>>=20
>>  It is a small change that should not brake existing implementations, =
but will increase security for public clients using the code flow.
>>=20
>>  Regards
>> John B.
>>=20
>>=20
>> =20
>>=20
>>=20
>> _______________________________________________
>> OAuth mailing list
>> OAuth@ietf.org
>> https://www.ietf.org/mailman/listinfo/oauth
>=20
>=20
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth


--Apple-Mail=_01185528-34E5-42AE-8BE6-5E5A34072C1F
Content-Transfer-Encoding: quoted-printable
Content-Type: text/html;
	charset=iso-8859-1

Using =
the code flow with a public client in itself creates a false sense of =
security.

I suspect that most developers think public =
=3D=3D implicit and confidential =3D=3D code.
While it is =
clear that there is a whole group of native apps that are public using =
the code flow.
For those clients the registered redirect URI =
is the only security.

This change adds a bit of =
protection for the client against an attacker swapping code in the =
message to gain privilege.

I agree that it adds =
no additional protection for the protected resource. (That is the reason =
it was not originally included I am =
guessing)

Confidential clients being protected =
from code being swapped,  is mostly a side effect of protecting =
code from being stolen over non TLS =
connections.

While I do appreciate the problem =
of making something incrementally safer but not safe,  I don't =
think it is a good idea to leave something vulnerable to a known attack =
that can be easily fixed.

In some ways not =
fixing this and just saying:
OAuth =
MUST NOT be used as a form of delegated end-user authentication by the =
client (e.g. third-party sign-in =
service).

The obvious problem with that =
is that people will just ignore it.

John =
B.
On 2012-07-02, at 11:32 AM, Justin Richer =
wrote:


 =20
    
 =20
  

    
I'm generally OK with the change,
      though it does change One problem I have with this is that it can
      give a false sense of security about the information being sent to
      the token endpoint and how trustworthy it is. A client_id is
      public knowledge, and so someone impersonating a client on the
      Authentication Endpoint could also impersonate it on the Token
      Endpoint just as easily. This is not the attack that's being
      addressed here, and the possible phishing vector in the one I'm
      describing is both well known and, I believe, well covered by the
      existing documents. However, I think the new text might confuse
      people into conflating these two.

      

      Basically, I think it needs to be made very clear, especially with
      this change of text, that a client_id on its own should never be
      taken as sufficient for authentication of the client. The context
      of the user's decision, among other things, is as important as a
      client secret.

      

       -- Justin

      

      On 07/02/2012 11:17 AM, Mike Jones wrote:

    

    

      
      
      
      
I
            believe we should adopt this revised =
text.
 
        &nbs=
p;            =
            &n=
bsp;           &nbs=
p;            =
 
            -- Mike
 
From:
            oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org]
            On Behalf Of John Bradley

            Sent: Sunday, July 01, 2012 2:22 PM

            To: oauth@ietf.org WG

            Subject: [OAUTH-WG] New Text for Sec 3.2.1 &
            4.1.3
 
Sec =
4.1.2 states:

        
 

        

        

          
The authorization code is bound =
to the client identifier and redirection URI.

          

            
 

            

          

          
The security concern Sec 10.5 =
states

          

        

        
 

        

        
   If the client can be =
authenticated, the authorization servers MUST

        
   authenticate the =
client and ensure that the authorization code =
was

        
   issued to the same =
client.

        

          
 

        

        

          
Sec 3.2.1 =


        

        

          
A public client that was not =
issued a client password MAY use the

          
   "client_id" request =
parameter to identify itself when sending

          
   requests to the =
token endpoint (e.g. for the purpose of =
providing

          
   end-user context, =
client usage statistics).

        

        

          
 

        

        

          
Nothing in the current spec =
requires that a Public client send it's client_id or redirect_uri to the =
token endpoint.

        

        

          
The client _id is only sent if it =
is a confidential client capable of authenticating =
itself.

        

        

          
The redirect_uri is only sent if =
the 'redirect_uri' parameter was included in the authorization =
request.

        

        

          
If the client has one registered =
redirect_uri it would not be sent to the authorization or token =
endpoint.

        

        

          
 

        

        

          
This leaves us with public =
clients using code flow that cannot determine if a token was granted to =
them or some other public client.

        

        

          
 

        

        

          
 

        

        

          
I propose changing Sec 3.2.1 to =
read:

        

        

          
 

        

        
A public client that was not =
issued a client password MUST use the

        
   "client_id" request =
parameter to identify itself when sending

        
   requests to the =
token endpoint. This allows the authorization =
server 

        
   to ensure that the =
code was issued to the same client.  

        
   =
Sending "client_id" prevents the client =
from

        
   inadvertently =
accepting a code intended for a client with a =
different

        
   =
"client_id".

        

        
        
Also change Sec 4.1.3 =
from:

        
o  authenticate the client =
if client authentication is included and

        
      =
ensure the authorization code was issued to the =
authenticated

        
     =
 client,

        

        
        
To:

        
o  authenticate the client =
if client authentication is included,

        
o  ensure the authorization =
code was issued to the authenticated 

        
   confidential =
client or to the public client identified by the

        
  =
'client_id',

        

          
 

        

        

          
 

        

        
 

        

        
        
The Original text implies that it =
is a good idea to send it, but is unclear on what security it =
provides.

        

        
        
It is a small change that should =
not brake existing implementations, but will increase security for =
public clients using the code flow.

        

        
        
Regards

        
John B.

        

          

        
 

      

      

      

      

      
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/=
mailman/listinfo/oauth


    

    

    

  


_______________________________________________
OAuth mailing =
list
OAuth@ietf.org
https://www.ietf.org/=
mailman/listinfo/oauth

=

--Apple-Mail=_01185528-34E5-42AE-8BE6-5E5A34072C1F--

--Apple-Mail=_CC8D39F2-C96F-44E8-8FF7-757AE12CF268
Content-Disposition: attachment;
	filename=smime.p7s
Content-Type: application/pkcs7-signature;
	name=smime.p7s
Content-Transfer-Encoding: base64

MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIPnzCCB7Uw
ggadoAMCAQICAh5cMA0GCSqGSIb3DQEBBQUAMIGMMQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3Rh
cnRDb20gTHRkLjErMCkGA1UECxMiU2VjdXJlIERpZ2l0YWwgQ2VydGlmaWNhdGUgU2lnbmluZzE4
MDYGA1UEAxMvU3RhcnRDb20gQ2xhc3MgMiBQcmltYXJ5IEludGVybWVkaWF0ZSBDbGllbnQgQ0Ew
HhcNMTIwMzE4MDQzMjQ4WhcNMTQwMzE5MTEwNzMyWjCBmzEZMBcGA1UEDRMQR3JUTTZMUzdYMzU3
NzhzOTELMAkGA1UEBhMCQ0wxIjAgBgNVBAgTGU1ldHJvcG9saXRhbmEgZGUgU2FudGlhZ28xFjAU
BgNVBAcTDUlzbGEgZGUgTWFpcG8xFTATBgNVBAMTDEpvaG4gQnJhZGxleTEeMBwGCSqGSIb3DQEJ
ARYPamJyYWRsZXlAbWUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAskrlBI93
rBTLOQGSwIT6co6dAw/rwDPrRXl6/F2oc4KDn+QN6CdFeHo08H846VJS9CDjLKvnK9jbxxs4wYqe
nKdPb3jgzt8oc7b9ZXtWkOgsxgMf6dBZ/IPm4lWBpCbSr3seDGDXEpiE2lTZXno7c25OguR4E6Qa
hcpHABZjeEWK65mMH25gmoRf5MY1k3quu5y+FCYCHE2iwU5jzq+mI3HmG59+UMFLx1fjV+zTslRw
26cQDC/uepwjeYSp8S26hfWipVWwQj4js/C7RoPtvt2iyeU+LSH81jG4wlAWntiOG1WtoXUuXWSc
ExhciKeKWCnemy9qqmxRfJqBROeGlQIDAQABo4IEDjCCBAowCQYDVR0TBAIwADALBgNVHQ8EBAMC
BLAwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMEMB0GA1UdDgQWBBQ/A7/CxKEnzpqmZlLz
9iaQMy24eTAfBgNVHSMEGDAWgBSuVYNv7DHKufcd+q9rMfPIHeOsuzB+BgNVHREEdzB1gQ9qYnJh
ZGxleUBtZS5jb22BD2picmFkbGV5QG1lLmNvbYEQamJyYWRsZXlAbWFjLmNvbYERdmU3anRiQHZl
N2p0Yi5jb22BE2picmFkbGV5QHdpbmdhYS5jb22BF2pvaG4uYnJhZGxleUB3aW5nYWEuY29tMIIC
IQYDVR0gBIICGDCCAhQwggIQBgsrBgEEAYG1NwECAjCCAf8wLgYIKwYBBQUHAgEWImh0dHA6Ly93
d3cuc3RhcnRzc2wuY29tL3BvbGljeS5wZGYwNAYIKwYBBQUHAgEWKGh0dHA6Ly93d3cuc3RhcnRz
c2wuY29tL2ludGVybWVkaWF0ZS5wZGYwgfcGCCsGAQUFBwICMIHqMCcWIFN0YXJ0Q29tIENlcnRp
ZmljYXRpb24gQXV0aG9yaXR5MAMCAQEagb5UaGlzIGNlcnRpZmljYXRlIHdhcyBpc3N1ZWQgYWNj
b3JkaW5nIHRvIHRoZSBDbGFzcyAyIFZhbGlkYXRpb24gcmVxdWlyZW1lbnRzIG9mIHRoZSBTdGFy
dENvbSBDQSBwb2xpY3ksIHJlbGlhbmNlIG9ubHkgZm9yIHRoZSBpbnRlbmRlZCBwdXJwb3NlIGlu
IGNvbXBsaWFuY2Ugb2YgdGhlIHJlbHlpbmcgcGFydHkgb2JsaWdhdGlvbnMuMIGcBggrBgEFBQcC
AjCBjzAnFiBTdGFydENvbSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTADAgECGmRMaWFiaWxpdHkg
YW5kIHdhcnJhbnRpZXMgYXJlIGxpbWl0ZWQhIFNlZSBzZWN0aW9uICJMZWdhbCBhbmQgTGltaXRh
dGlvbnMiIG9mIHRoZSBTdGFydENvbSBDQSBwb2xpY3kuMDYGA1UdHwQvMC0wK6ApoCeGJWh0dHA6
Ly9jcmwuc3RhcnRzc2wuY29tL2NydHUyLWNybC5jcmwwgY4GCCsGAQUFBwEBBIGBMH8wOQYIKwYB
BQUHMAGGLWh0dHA6Ly9vY3NwLnN0YXJ0c3NsLmNvbS9zdWIvY2xhc3MyL2NsaWVudC9jYTBCBggr
BgEFBQcwAoY2aHR0cDovL2FpYS5zdGFydHNzbC5jb20vY2VydHMvc3ViLmNsYXNzMi5jbGllbnQu
Y2EuY3J0MCMGA1UdEgQcMBqGGGh0dHA6Ly93d3cuc3RhcnRzc2wuY29tLzANBgkqhkiG9w0BAQUF
AAOCAQEAEcfD4PmHrX+W3zaP/KsR4gwLAL0UTaMz14SIng6a9F3kb8ZDbTUneS9ubgpqeJQP2IFc
0U5gQnJ3XeCH6p9I88mvm1NqKQw8WvfglS0aIS19vfpTgXJSPdIO2JJPRqaBtXf3zkdXJwckX9/d
NMrLGeGvaFT9fUNdQdHU4BI1pVUpgKr796T7LTc/ERfH8iFp1+CmdVkJ6Y2iJdWUp4h17XmbxbIT
0CdS4SSk/VW8LFsn/mVz6hB73VthwjGsIku54Wp4pRuq1KX+pATnRk3pHRa1z3mxJMmq7OEXENcC
Vm+bAnyUrYbUilNS9UVTYS8/3dVsKiNupBaOZO+vOgJqVDCCB+IwggXKoAMCAQICAQ4wDQYJKoZI
hvcNAQEFBQAwfTELMAkGA1UEBhMCSUwxFjAUBgNVBAoTDVN0YXJ0Q29tIEx0ZC4xKzApBgNVBAsT
IlNlY3VyZSBEaWdpdGFsIENlcnRpZmljYXRlIFNpZ25pbmcxKTAnBgNVBAMTIFN0YXJ0Q29tIENl
cnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA3MTAyNDIxMDI1NFoXDTEyMTAyMjIxMDI1NFowgYwx
CzAJBgNVBAYTAklMMRYwFAYDVQQKEw1TdGFydENvbSBMdGQuMSswKQYDVQQLEyJTZWN1cmUgRGln
aXRhbCBDZXJ0aWZpY2F0ZSBTaWduaW5nMTgwNgYDVQQDEy9TdGFydENvbSBDbGFzcyAyIFByaW1h
cnkgSW50ZXJtZWRpYXRlIENsaWVudCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
AMsohUWcASz7GfKrpTOMKqANy9BV7V0igWdGxA8IU77L3aTxErQ+fcxtDYZ36Z6GH0YFn7fq5RAD
teP0AYzrCA+EQTfi8q1+kA3m0nwtwXG94M5sIqsvs7lRP1aycBke/s5g9hJHryZ2acScnzczjBCA
o7X1v5G3yw8MDP2m2RCye0KfgZ4nODerZJVzhAlOD9YejvAXZqHksw56HzElVIoYSZ3q4+RJuPXX
fIoyby+Y2m1E+YzX5iCZXBx05gk6MKAW1vaw4/v2OOLy6FZH3XHHtOkzUreG//CsFnB9+uaYSlR6
5cdGzTsmoIK8WH1ygoXhRBm98SD7Hf/r3FELNvUCAwEAAaOCA1swggNXMAwGA1UdEwQFMAMBAf8w
CwYDVR0PBAQDAgGmMB0GA1UdDgQWBBSuVYNv7DHKufcd+q9rMfPIHeOsuzCBqAYDVR0jBIGgMIGd
gBROC+8apEBbpRdphzDKNGhD0EGu8qGBgaR/MH0xCzAJBgNVBAYTAklMMRYwFAYDVQQKEw1TdGFy
dENvbSBMdGQuMSswKQYDVQQLEyJTZWN1cmUgRGlnaXRhbCBDZXJ0aWZpY2F0ZSBTaWduaW5nMSkw
JwYDVQQDEyBTdGFydENvbSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eYIBATAJBgNVHRIEAjAAMD0G
CCsGAQUFBwEBBDEwLzAtBggrBgEFBQcwAoYhaHR0cDovL3d3dy5zdGFydHNzbC5jb20vc2ZzY2Eu
Y3J0MGAGA1UdHwRZMFcwLKAqoCiGJmh0dHA6Ly9jZXJ0LnN0YXJ0Y29tLm9yZy9zZnNjYS1jcmwu
Y3JsMCegJaAjhiFodHRwOi8vY3JsLnN0YXJ0c3NsLmNvbS9zZnNjYS5jcmwwggFdBgNVHSAEggFU
MIIBUDCCAUwGCysGAQQBgbU3AQEEMIIBOzAvBggrBgEFBQcCARYjaHR0cDovL2NlcnQuc3RhcnRj
b20ub3JnL3BvbGljeS5wZGYwNQYIKwYBBQUHAgEWKWh0dHA6Ly9jZXJ0LnN0YXJ0Y29tLm9yZy9p
bnRlcm1lZGlhdGUucGRmMIHQBggrBgEFBQcCAjCBwzAnFiBTdGFydCBDb21tZXJjaWFsIChTdGFy
dENvbSkgTHRkLjADAgEBGoGXTGltaXRlZCBMaWFiaWxpdHksIHJlYWQgdGhlIHNlY3Rpb24gKkxl
Z2FsIExpbWl0YXRpb25zKiBvZiB0aGUgU3RhcnRDb20gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkg
UG9saWN5IGF2YWlsYWJsZSBhdCBodHRwOi8vY2VydC5zdGFydGNvbS5vcmcvcG9saWN5LnBkZjAR
BglghkgBhvhCAQEEBAMCAAcwUAYJYIZIAYb4QgENBEMWQVN0YXJ0Q29tIENsYXNzIDIgUHJpbWFy
eSBJbnRlcm1lZGlhdGUgRnJlZSBTU0wgRW1haWwgQ2VydGlmaWNhdGVzMA0GCSqGSIb3DQEBBQUA
A4ICAQAe9xAX/vbphHkvkDdNrslXWdO7fD3JaqnTT3jmmDu55r7UpW1H/v/J40UBXsw9DKU8TylE
4RwZT5HDAMW42f1x498AzM4FOnL/pUTTvr6BiRlrify5ZovkDYVWjy1GYTJ+hPiBEv0HmHnDxjhn
JIIkEvJ+niMHLLEdpNMhZnxMiTFRAtIF4WeYcpgXBjAxsEDRKBvw40K+r3N4lykySQNp2ElIJ8H1
z2BmhxtppUdWpOVJ4Q1Gvn9jfV1qnMhFCDY+X1X8DrkKrTcpDExcGlefweQs7+DYUK3spiQkJpN7
qpPYlfy2GYHedv7lGa1ZAghMI/4882QVAK2zq6M60nHpOUMtYD61XtAs3ZD5L3yn9LCdeK2j4ZbQ
3uRdwvxAMFWwXyUK/ALP4lCu9QhxbnETOkBWT3FJul4/FUgzM0RRCEGhuQWiOFSoa35XJTcYf/4E
/ZuvOXhK04nUpe7DYTMWzRqL04yyoJQVHKHKSboytueydKuqFZKdJA9gi77OnPBYL/yxkXGgkLC9
tsi77oT4AgZry0/6lgX56ak+f/umQihNPgtKSQQjEYq9S8MlOHzpUM0vxsghATYsdUPBw6r6ZxDH
jXoUAD03DUMEbKsWvqFB7nJNVesngbu8miw1EYLA+fHfTaCidoV3CL75jKqM/KE87qrh9Fqti9bK
qnkvpTGCA2wwggNoAgEBMIGTMIGMMQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3RhcnRDb20gTHRk
LjErMCkGA1UECxMiU2VjdXJlIERpZ2l0YWwgQ2VydGlmaWNhdGUgU2lnbmluZzE4MDYGA1UEAxMv
U3RhcnRDb20gQ2xhc3MgMiBQcmltYXJ5IEludGVybWVkaWF0ZSBDbGllbnQgQ0ECAh5cMAkGBSsO
AwIaBQCgggGtMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTEyMDcw
MjE2MTY0N1owIwYJKoZIhvcNAQkEMRYEFLdewJLjHWHdwVH7Zq898xaUjTIOMIGkBgkrBgEEAYI3
EAQxgZYwgZMwgYwxCzAJBgNVBAYTAklMMRYwFAYDVQQKEw1TdGFydENvbSBMdGQuMSswKQYDVQQL
EyJTZWN1cmUgRGlnaXRhbCBDZXJ0aWZpY2F0ZSBTaWduaW5nMTgwNgYDVQQDEy9TdGFydENvbSBD
bGFzcyAyIFByaW1hcnkgSW50ZXJtZWRpYXRlIENsaWVudCBDQQICHlwwgaYGCyqGSIb3DQEJEAIL
MYGWoIGTMIGMMQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMi
U2VjdXJlIERpZ2l0YWwgQ2VydGlmaWNhdGUgU2lnbmluZzE4MDYGA1UEAxMvU3RhcnRDb20gQ2xh
c3MgMiBQcmltYXJ5IEludGVybWVkaWF0ZSBDbGllbnQgQ0ECAh5cMA0GCSqGSIb3DQEBAQUABIIB
AGVNEEnVk7umD7oPCWuh+WbTv4ZgJYCaoFaWok15o6C5QVwmV/wsNmk3t5BZJ+pzc1kQn9gImocG
g4MJGz3kp+Acjke6pPh6CMXIKEldN89QlG7shgEwN1HuULn4xzruZYrdnYigKJL6Q9jd+M4oJP2m
Ux0igfqsqp3IaSMaO5OZju+FtNJ08PFN/URuDxqkf+QtuluHdxOJDQzRxHHfkvCpNkz6fAn3a0Tw
71qlRpWDR1cz/xzgNPCI1WmQ+AMrurF0D+nUP4FOmYcmGVaGsVEq33ddVsa6SKMNjlpk7up05ZrU
URVSIXiojanswONGPtyVKnbWjX7Q0eJZoPqzLJgAAAAAAAA=

--Apple-Mail=_CC8D39F2-C96F-44E8-8FF7-757AE12CF268--

From internet-drafts@ietf.org  Mon Jul  2 12:40:22 2012
Return-Path: 
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 320CA21F870F; Mon,  2 Jul 2012 12:40:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.506
X-Spam-Level: 
X-Spam-Status: No, score=-102.506 tagged_above=-999 required=5 tests=[AWL=0.093, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zvVc-yPYVNp7; Mon,  2 Jul 2012 12:40:19 -0700 (PDT)
Received: from ietfa.amsl.com (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 90E8521F8627; Mon,  2 Jul 2012 12:40:00 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
From: internet-drafts@ietf.org
To: i-d-announce@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 4.21p1
Message-ID: <20120702194000.30603.40491.idtracker@ietfa.amsl.com>
Date: Mon, 02 Jul 2012 12:40:00 -0700
Cc: oauth@ietf.org
Subject: [OAUTH-WG] I-D Action: draft-ietf-oauth-assertions-04.txt
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG 
List-Unsubscribe: , 
List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: , 
X-List-Received-Date: Mon, 02 Jul 2012 19:40:25 -0000

A New Internet-Draft is available from the on-line Internet-Drafts director=
ies.
 This draft is a work item of the Web Authorization Protocol Working Group =
of the IETF.

	Title           : Assertion Framework for OAuth 2.0
	Author(s)       : Brian Campbell
                          Chuck Mortimore
                          Michael B. Jones
                          Yaron Y. Goland
	Filename        : draft-ietf-oauth-assertions-04.txt
	Pages           : 21
	Date            : 2012-07-02

Abstract:
   This specification provides a framework for the use of assertions
   with OAuth 2.0 in the form of new client authentication mechanism and
   a new authorization grant type.  Mechanisms are specifies for
   transporting assertions during interactions with a token endpoint, as
   well as general processing rules.

   The intent of this specification is to provide a common framework for
   OAuth 2.0 to interwork with other identity systems using assertions,
   and to provide alternative client authentication mechanisms.

   Note that this specification only defines abstract message flows and
   processing rules and that, in order to be implementable, companion
   specifications are necessary to provide the corresponding
   instantiation.


The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/doc/draft-ietf-oauth-assertions

There's also a htmlized version available at:
http://tools.ietf.org/html/draft-ietf-oauth-assertions-04

A diff from previous version is available at:
http://tools.ietf.org/rfcdiff?url2=3Ddraft-ietf-oauth-assertions-04


Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/


From bcampbell@pingidentity.com  Mon Jul  2 13:25:17 2012
Return-Path: 
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5D73811E80C4 for ; Mon,  2 Jul 2012 13:25:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.987
X-Spam-Level: 
X-Spam-Status: No, score=-5.987 tagged_above=-999 required=5 tests=[AWL=-0.011, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id B2-xNSyJ0jRE for ; Mon,  2 Jul 2012 13:25:16 -0700 (PDT)
Received: from na3sys009aog116.obsmtp.com (na3sys009aog116.obsmtp.com [74.125.149.240]) by ietfa.amsl.com (Postfix) with ESMTP id 826CC11E8080 for ; Mon,  2 Jul 2012 13:25:16 -0700 (PDT)
Received: from mail-vb0-f50.google.com ([209.85.212.50]) (using TLSv1) by na3sys009aob116.postini.com ([74.125.148.12]) with SMTP ID DSNKT/IDsktyWWp4wc5uaM21wQiSXxeJl96W@postini.com; Mon, 02 Jul 2012 13:25:22 PDT
Received: by vbal1 with SMTP id l1so4611343vba.23 for ; Mon, 02 Jul 2012 13:25:21 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:from:date:message-id:subject:to:cc:content-type :x-gm-message-state; bh=jHY+cVspsO+caytP50o7hiVYH7a0LxILtv3Y8XgMUMY=; b=ow0rsEgjGW/Dmr1iDp/SwkKwY40BtaEY7uPWS5iW2pZa2mCEJrxN+1LNUD9k4aTGQu YsOt4ldZMfMbkrdl8etrqIs/hnf035tOwN2Tz9s2El8zE4rIxK7f2VNYkAYUFrTmzoZF hzRiU62NjNGoaYh98WFV92A2/CNmUwnM/SZ4i15J108GF5J6rIjMtP5sc3+DN276xIL3 5oAaRW6Alqu4axslzuJqdECqSM/qM9NNhuj1uaHxzAt4COGv2HYWRQUYuuMYL9NeFNzs Mikiu0AaKndjGmQojH0c5sxQ7/rP58jTLNe13coZxlNKPtQvBv+oLquOF3j0AfuGik7x zYxg==
Received: by 10.220.156.10 with SMTP id u10mr6790782vcw.20.1341260721359; Mon, 02 Jul 2012 13:25:21 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.52.34.107 with HTTP; Mon, 2 Jul 2012 13:24:51 -0700 (PDT)
From: Brian Campbell 
Date: Mon, 2 Jul 2012 14:24:51 -0600
Message-ID: 
To: oauth 
Content-Type: multipart/alternative; boundary=f46d04389093d90a0004c3de98ef
X-Gm-Message-State: ALoCoQmsZi4wXpNr/O4KR5hB3XYI04YAWV7L1ooOv8yGTA+qAq42UzzzTPPvYLXzYdw9Du0AcZAD
Subject: [OAUTH-WG] Published -04 of Assertion Framework for OAuth 2.0
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG 
List-Unsubscribe: , 
List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: , 
X-List-Received-Date: Mon, 02 Jul 2012 20:25:17 -0000

--f46d04389093d90a0004c3de98ef
Content-Type: text/plain; charset=ISO-8859-1

Draft -04 of the Assertion Framework for OAuth 2.0 (now with a new name!)
has been published. This draft includes significant changes that attempt to
incorporate comments and proposed new text from the document shepherd[1].

The new draft is available at
http://tools.ietf.org/html/draft-ietf-oauth-assertions-04 as well as the
other usual locations.

Thanks,
Brian


[1] the main thread is at
http://www.ietf.org/mail-archive/web/oauth/current/msg09437.html

--f46d04389093d90a0004c3de98ef
Content-Type: text/html; charset=ISO-8859-1

Draft -04 of the Assertion Framework for OAuth 2.0 (now with a new name!) has been published. This draft includes significant changes that attempt to incorporate comments and proposed new text from the document shepherd[1].



The new draft is available at http://tools.ietf.org/html/draft-ietf-oauth-assertions-04 as well as the other usual locations.

Thanks,

Brian



[1] the main thread is at http://www.ietf.org/mail-archive/web/oauth/current/msg09437.html


--f46d04389093d90a0004c3de98ef--

From ve7jtb@ve7jtb.com  Mon Jul  2 14:08:25 2012
Return-Path: 
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A9CB621F8608 for ; Mon,  2 Jul 2012 14:08:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.447
X-Spam-Level: 
X-Spam-Status: No, score=-3.447 tagged_above=-999 required=5 tests=[AWL=0.151,  BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xsmehEac7n47 for ; Mon,  2 Jul 2012 14:08:25 -0700 (PDT)
Received: from mail-yw0-f53.google.com (mail-yw0-f53.google.com [209.85.213.53]) by ietfa.amsl.com (Postfix) with ESMTP id BD79521F85DB for ; Mon,  2 Jul 2012 14:08:24 -0700 (PDT)
Received: by yhp26 with SMTP id 26so6396759yhp.26 for ; Mon, 02 Jul 2012 14:08:30 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=from:content-type:subject:date:references:to:message-id :mime-version:x-mailer:x-gm-message-state; bh=HOvUOhTwQWwLxYwaXDN1/X3O44tVPg1MqUingVMM+E0=; b=LRSlKC59ZjEk6lnfTjZjwRextUTPlYgCxJ1psk2JvqOZp9L4TUWnLMX6U/raoJ5aXE LPYVywDgqE4o5RYK9kofQwuJukHeduBYaIvF4VuiULOFoPnxCkwmrVzhltgXKytJZhji WRMftThpOyYP8HgBR6MOeH5K5kI3S2v7c1vxv5OdTEWnGqOpZmZuXQfV+IhVEsWRktIq 0uaKZz985LXD6pbC50wJrGdH4+dVoQnzqP+XGLryQHS1CiX0rfcf0uif8N499cJhsEcY jSDHO0fyBJgwUJlAiHjSYOusgFw3su/2SoCTns3rQEedgegTahZdVAXTDZWXMx9AAG1r OHSQ==
Received: by 10.101.133.38 with SMTP id k38mr5059910ann.44.1341263310467; Mon, 02 Jul 2012 14:08:30 -0700 (PDT)
Received: from [192.168.1.211] (190-20-50-6.baf.movistar.cl. [190.20.50.6]) by mx.google.com with ESMTPS id z19sm12690092anh.22.2012.07.02.14.08.27 (version=TLSv1/SSLv3 cipher=OTHER); Mon, 02 Jul 2012 14:08:29 -0700 (PDT)
From: John Bradley 
Content-Type: multipart/signed; boundary="Apple-Mail=_C3B116D8-8D92-45FF-827C-4AEC59E35DE2"; protocol="application/pkcs7-signature"; micalg=sha1
Date: Mon, 2 Jul 2012 17:08:20 -0400
References: 
To: "oauth@ietf.org WG" 
Message-Id: <8A4F141D-89AE-47DF-A219-815DF166ED06@ve7jtb.com>
Mime-Version: 1.0 (Apple Message framework v1278)
X-Mailer: Apple Mail (2.1278)
X-Gm-Message-State: ALoCoQl/vCJmZjawmyCm2kx59QuB2+DDbLX6TTRH4GcUmACT7sLka91k8vFbRDKq+ppnn+T3VJr0
Subject: [OAUTH-WG] Additional security consideration.
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG 
List-Unsubscribe: , 
List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: , 
X-List-Received-Date: Mon, 02 Jul 2012 21:08:25 -0000

--Apple-Mail=_C3B116D8-8D92-45FF-827C-4AEC59E35DE2
Content-Type: multipart/alternative;
	boundary="Apple-Mail=_A0BBAA75-33CF-4035-AEDD-B3380DAA07EB"


--Apple-Mail=_A0BBAA75-33CF-4035-AEDD-B3380DAA07EB
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
	charset=iso-8859-1


I sent some text to the list on public clients using the code flow.

If that gets accepted then I think this should be the additional =
security consideration to address the issues eased by the MS security =
researchers and myself.

Alternate title suggestion #1 "Resource owner Impersonation"=20
Alternate title suggestion #2 "Delegator/Delegated Confusion by the =
Client"
Alternate title suggestion #3 "Misuse of Access Token to impersonate a =
Resource Owner at a public client"



       
         For public clients using implicit flows this specification does =
not provide any
         method for the client to determine what client an access token =
was issued to.
         
         
         A Resource Owner may willingly delegate access to a resource by =
granting an access_token
          to an attacker's malicious client.  This may be due to =
Phishing or some other pretext.
         An attacker may also steal a token via some other mechanism.  =20=

         An attacker may then attempt to impersonate the resource owner =
by providing the=20
         access_token to a legitimate public client. =20
       
         
         In the implicit flow (response_type=3Dtoken) the attacker can =
easily switch the token in the response from the authorization server.
         Replacing the real access_token with the one previously issued =
to the attacker.
         
         
         Servers communicating with native apps that rely on being =
passed an access_token in the back channel to identify the user of the =
client may=20
         be similarly compromised by an attacker creating a compromised =
app that can inject arbitrary stolen access_tokens.
         
        
         Any public client that makes the assumption that only the =
resource owner
         can present them with a valid access_token for the resource is =
vulnerable to this attack.
        
       
         This attack may expose information about the resource owner at =
the legitimate client to the attacker (malicious client).
         This will also allow the attacker to perform operations at the =
legitimate client with the same permissions as=20
         the resource owner who originally granted the access_token or =
authorization code.
       
       
         Authenticating Resource Owners to clients is out of scope for =
this specification.
        Any specification that uses the authorization process as a form =
of delegated end-user authentication
        to the client (e.g. third-party sign-in service) MUST NOT use =
the implicit flow without additional security mechanisms
        that enable the client to determine if the access token was =
issued for it's use .
       
     


John B.



--Apple-Mail=_A0BBAA75-33CF-4035-AEDD-B3380DAA07EB
Content-Transfer-Encoding: quoted-printable
Content-Type: text/html;
	charset=iso-8859-1



I sent some text =
to the list on public clients using the code =
flow.

If that gets accepted then I think this should =
be the additional security consideration to address the issues eased by =
the MS security researchers and myself.

Alternate =
title suggestion #1 "Resource owner Impersonation" 
Alternate =
title suggestion #2 "Delegator/Delegated Confusion by the =
Client"
Alternate title suggestion #3 "Misuse of Access Token to =
impersonate a Resource Owner at a public client"

<section =
title=3D'Misuse of Access Token to impersonate a Resource Owner at a =
public client'>
 =
       <t>
 =
         For public clients =
using implicit flows this specification does not provide any
 =
         method for the =
client to determine what client an access token was issued to.
 =
         </t>
 =
         <t>
 =
         A Resource Owner =
may willingly delegate access to a resource by granting an =
access_token
          to an attacker's =
malicious client.  This may be due to Phishing or some other =
pretext.
          An =
attacker may also steal a token via some other mechanism. =
  
 =
         An attacker may =
then attempt to impersonate the resource owner by providing the 
 =
         access_token to a =
legitimate public client.  
 =
       </t>
 =
         <t>
 =
         In the implicit =
flow (response_type=3Dtoken) the attacker can easily switch the token in =
the response from the authorization server.
 =
         Replacing the real =
access_token with the one previously issued to the attacker.
 =
         </t>
 =
         <t>
 =
         Servers =
communicating with native apps that rely on being passed an access_token =
in the back channel to identify the user of the client may 
 =
         be similarly =
compromised by an attacker creating a compromised app that can inject =
arbitrary stolen access_tokens.
 =
         </t>
 =
        <t>
 =
         Any public client =
that makes the assumption that only the resource owner
 =
         can present them =
with a valid access_token for the resource is vulnerable to this =
attack.
 =
        </t>
 =
       <t>
 =
         This attack may =
expose information about the resource owner at the legitimate client to =
the attacker (malicious client).
 =
         This will also =
allow the attacker to perform operations at the legitimate client with =
the same permissions as 
 =
         the resource owner =
who originally granted the access_token or authorization code.
 =
       </t>
 =
       <t>
 =
         Authenticating =
Resource Owners to clients is out of scope for this specification.
 =
        Any specification that =
uses the authorization process as a form of delegated end-user =
authentication 
    =
    to the client (e.g. third-party sign-in =
service) MUST NOT use the implicit flow without additional security =
mechanisms
    =
    that enable the client to determine if the access token =
was issued for it's use .
 =
       </t>
 =
     </section>

Joh=
n B.


= --Apple-Mail=_A0BBAA75-33CF-4035-AEDD-B3380DAA07EB-- --Apple-Mail=_C3B116D8-8D92-45FF-827C-4AEC59E35DE2 Content-Disposition: attachment; filename=smime.p7s Content-Type: application/pkcs7-signature; name=smime.p7s Content-Transfer-Encoding: base64 MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIPnzCCB7Uw ggadoAMCAQICAh5cMA0GCSqGSIb3DQEBBQUAMIGMMQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3Rh cnRDb20gTHRkLjErMCkGA1UECxMiU2VjdXJlIERpZ2l0YWwgQ2VydGlmaWNhdGUgU2lnbmluZzE4 MDYGA1UEAxMvU3RhcnRDb20gQ2xhc3MgMiBQcmltYXJ5IEludGVybWVkaWF0ZSBDbGllbnQgQ0Ew HhcNMTIwMzE4MDQzMjQ4WhcNMTQwMzE5MTEwNzMyWjCBmzEZMBcGA1UEDRMQR3JUTTZMUzdYMzU3 NzhzOTELMAkGA1UEBhMCQ0wxIjAgBgNVBAgTGU1ldHJvcG9saXRhbmEgZGUgU2FudGlhZ28xFjAU BgNVBAcTDUlzbGEgZGUgTWFpcG8xFTATBgNVBAMTDEpvaG4gQnJhZGxleTEeMBwGCSqGSIb3DQEJ ARYPamJyYWRsZXlAbWUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAskrlBI93 rBTLOQGSwIT6co6dAw/rwDPrRXl6/F2oc4KDn+QN6CdFeHo08H846VJS9CDjLKvnK9jbxxs4wYqe nKdPb3jgzt8oc7b9ZXtWkOgsxgMf6dBZ/IPm4lWBpCbSr3seDGDXEpiE2lTZXno7c25OguR4E6Qa hcpHABZjeEWK65mMH25gmoRf5MY1k3quu5y+FCYCHE2iwU5jzq+mI3HmG59+UMFLx1fjV+zTslRw 26cQDC/uepwjeYSp8S26hfWipVWwQj4js/C7RoPtvt2iyeU+LSH81jG4wlAWntiOG1WtoXUuXWSc ExhciKeKWCnemy9qqmxRfJqBROeGlQIDAQABo4IEDjCCBAowCQYDVR0TBAIwADALBgNVHQ8EBAMC BLAwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMEMB0GA1UdDgQWBBQ/A7/CxKEnzpqmZlLz 9iaQMy24eTAfBgNVHSMEGDAWgBSuVYNv7DHKufcd+q9rMfPIHeOsuzB+BgNVHREEdzB1gQ9qYnJh ZGxleUBtZS5jb22BD2picmFkbGV5QG1lLmNvbYEQamJyYWRsZXlAbWFjLmNvbYERdmU3anRiQHZl N2p0Yi5jb22BE2picmFkbGV5QHdpbmdhYS5jb22BF2pvaG4uYnJhZGxleUB3aW5nYWEuY29tMIIC IQYDVR0gBIICGDCCAhQwggIQBgsrBgEEAYG1NwECAjCCAf8wLgYIKwYBBQUHAgEWImh0dHA6Ly93 d3cuc3RhcnRzc2wuY29tL3BvbGljeS5wZGYwNAYIKwYBBQUHAgEWKGh0dHA6Ly93d3cuc3RhcnRz c2wuY29tL2ludGVybWVkaWF0ZS5wZGYwgfcGCCsGAQUFBwICMIHqMCcWIFN0YXJ0Q29tIENlcnRp ZmljYXRpb24gQXV0aG9yaXR5MAMCAQEagb5UaGlzIGNlcnRpZmljYXRlIHdhcyBpc3N1ZWQgYWNj b3JkaW5nIHRvIHRoZSBDbGFzcyAyIFZhbGlkYXRpb24gcmVxdWlyZW1lbnRzIG9mIHRoZSBTdGFy dENvbSBDQSBwb2xpY3ksIHJlbGlhbmNlIG9ubHkgZm9yIHRoZSBpbnRlbmRlZCBwdXJwb3NlIGlu IGNvbXBsaWFuY2Ugb2YgdGhlIHJlbHlpbmcgcGFydHkgb2JsaWdhdGlvbnMuMIGcBggrBgEFBQcC AjCBjzAnFiBTdGFydENvbSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTADAgECGmRMaWFiaWxpdHkg YW5kIHdhcnJhbnRpZXMgYXJlIGxpbWl0ZWQhIFNlZSBzZWN0aW9uICJMZWdhbCBhbmQgTGltaXRh dGlvbnMiIG9mIHRoZSBTdGFydENvbSBDQSBwb2xpY3kuMDYGA1UdHwQvMC0wK6ApoCeGJWh0dHA6 Ly9jcmwuc3RhcnRzc2wuY29tL2NydHUyLWNybC5jcmwwgY4GCCsGAQUFBwEBBIGBMH8wOQYIKwYB BQUHMAGGLWh0dHA6Ly9vY3NwLnN0YXJ0c3NsLmNvbS9zdWIvY2xhc3MyL2NsaWVudC9jYTBCBggr BgEFBQcwAoY2aHR0cDovL2FpYS5zdGFydHNzbC5jb20vY2VydHMvc3ViLmNsYXNzMi5jbGllbnQu Y2EuY3J0MCMGA1UdEgQcMBqGGGh0dHA6Ly93d3cuc3RhcnRzc2wuY29tLzANBgkqhkiG9w0BAQUF AAOCAQEAEcfD4PmHrX+W3zaP/KsR4gwLAL0UTaMz14SIng6a9F3kb8ZDbTUneS9ubgpqeJQP2IFc 0U5gQnJ3XeCH6p9I88mvm1NqKQw8WvfglS0aIS19vfpTgXJSPdIO2JJPRqaBtXf3zkdXJwckX9/d NMrLGeGvaFT9fUNdQdHU4BI1pVUpgKr796T7LTc/ERfH8iFp1+CmdVkJ6Y2iJdWUp4h17XmbxbIT 0CdS4SSk/VW8LFsn/mVz6hB73VthwjGsIku54Wp4pRuq1KX+pATnRk3pHRa1z3mxJMmq7OEXENcC Vm+bAnyUrYbUilNS9UVTYS8/3dVsKiNupBaOZO+vOgJqVDCCB+IwggXKoAMCAQICAQ4wDQYJKoZI hvcNAQEFBQAwfTELMAkGA1UEBhMCSUwxFjAUBgNVBAoTDVN0YXJ0Q29tIEx0ZC4xKzApBgNVBAsT IlNlY3VyZSBEaWdpdGFsIENlcnRpZmljYXRlIFNpZ25pbmcxKTAnBgNVBAMTIFN0YXJ0Q29tIENl cnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA3MTAyNDIxMDI1NFoXDTEyMTAyMjIxMDI1NFowgYwx CzAJBgNVBAYTAklMMRYwFAYDVQQKEw1TdGFydENvbSBMdGQuMSswKQYDVQQLEyJTZWN1cmUgRGln aXRhbCBDZXJ0aWZpY2F0ZSBTaWduaW5nMTgwNgYDVQQDEy9TdGFydENvbSBDbGFzcyAyIFByaW1h cnkgSW50ZXJtZWRpYXRlIENsaWVudCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB AMsohUWcASz7GfKrpTOMKqANy9BV7V0igWdGxA8IU77L3aTxErQ+fcxtDYZ36Z6GH0YFn7fq5RAD teP0AYzrCA+EQTfi8q1+kA3m0nwtwXG94M5sIqsvs7lRP1aycBke/s5g9hJHryZ2acScnzczjBCA o7X1v5G3yw8MDP2m2RCye0KfgZ4nODerZJVzhAlOD9YejvAXZqHksw56HzElVIoYSZ3q4+RJuPXX fIoyby+Y2m1E+YzX5iCZXBx05gk6MKAW1vaw4/v2OOLy6FZH3XHHtOkzUreG//CsFnB9+uaYSlR6 5cdGzTsmoIK8WH1ygoXhRBm98SD7Hf/r3FELNvUCAwEAAaOCA1swggNXMAwGA1UdEwQFMAMBAf8w CwYDVR0PBAQDAgGmMB0GA1UdDgQWBBSuVYNv7DHKufcd+q9rMfPIHeOsuzCBqAYDVR0jBIGgMIGd gBROC+8apEBbpRdphzDKNGhD0EGu8qGBgaR/MH0xCzAJBgNVBAYTAklMMRYwFAYDVQQKEw1TdGFy dENvbSBMdGQuMSswKQYDVQQLEyJTZWN1cmUgRGlnaXRhbCBDZXJ0aWZpY2F0ZSBTaWduaW5nMSkw JwYDVQQDEyBTdGFydENvbSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eYIBATAJBgNVHRIEAjAAMD0G CCsGAQUFBwEBBDEwLzAtBggrBgEFBQcwAoYhaHR0cDovL3d3dy5zdGFydHNzbC5jb20vc2ZzY2Eu Y3J0MGAGA1UdHwRZMFcwLKAqoCiGJmh0dHA6Ly9jZXJ0LnN0YXJ0Y29tLm9yZy9zZnNjYS1jcmwu Y3JsMCegJaAjhiFodHRwOi8vY3JsLnN0YXJ0c3NsLmNvbS9zZnNjYS5jcmwwggFdBgNVHSAEggFU MIIBUDCCAUwGCysGAQQBgbU3AQEEMIIBOzAvBggrBgEFBQcCARYjaHR0cDovL2NlcnQuc3RhcnRj b20ub3JnL3BvbGljeS5wZGYwNQYIKwYBBQUHAgEWKWh0dHA6Ly9jZXJ0LnN0YXJ0Y29tLm9yZy9p bnRlcm1lZGlhdGUucGRmMIHQBggrBgEFBQcCAjCBwzAnFiBTdGFydCBDb21tZXJjaWFsIChTdGFy dENvbSkgTHRkLjADAgEBGoGXTGltaXRlZCBMaWFiaWxpdHksIHJlYWQgdGhlIHNlY3Rpb24gKkxl Z2FsIExpbWl0YXRpb25zKiBvZiB0aGUgU3RhcnRDb20gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkg UG9saWN5IGF2YWlsYWJsZSBhdCBodHRwOi8vY2VydC5zdGFydGNvbS5vcmcvcG9saWN5LnBkZjAR BglghkgBhvhCAQEEBAMCAAcwUAYJYIZIAYb4QgENBEMWQVN0YXJ0Q29tIENsYXNzIDIgUHJpbWFy eSBJbnRlcm1lZGlhdGUgRnJlZSBTU0wgRW1haWwgQ2VydGlmaWNhdGVzMA0GCSqGSIb3DQEBBQUA A4ICAQAe9xAX/vbphHkvkDdNrslXWdO7fD3JaqnTT3jmmDu55r7UpW1H/v/J40UBXsw9DKU8TylE 4RwZT5HDAMW42f1x498AzM4FOnL/pUTTvr6BiRlrify5ZovkDYVWjy1GYTJ+hPiBEv0HmHnDxjhn JIIkEvJ+niMHLLEdpNMhZnxMiTFRAtIF4WeYcpgXBjAxsEDRKBvw40K+r3N4lykySQNp2ElIJ8H1 z2BmhxtppUdWpOVJ4Q1Gvn9jfV1qnMhFCDY+X1X8DrkKrTcpDExcGlefweQs7+DYUK3spiQkJpN7 qpPYlfy2GYHedv7lGa1ZAghMI/4882QVAK2zq6M60nHpOUMtYD61XtAs3ZD5L3yn9LCdeK2j4ZbQ 3uRdwvxAMFWwXyUK/ALP4lCu9QhxbnETOkBWT3FJul4/FUgzM0RRCEGhuQWiOFSoa35XJTcYf/4E /ZuvOXhK04nUpe7DYTMWzRqL04yyoJQVHKHKSboytueydKuqFZKdJA9gi77OnPBYL/yxkXGgkLC9 tsi77oT4AgZry0/6lgX56ak+f/umQihNPgtKSQQjEYq9S8MlOHzpUM0vxsghATYsdUPBw6r6ZxDH jXoUAD03DUMEbKsWvqFB7nJNVesngbu8miw1EYLA+fHfTaCidoV3CL75jKqM/KE87qrh9Fqti9bK qnkvpTGCA2wwggNoAgEBMIGTMIGMMQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3RhcnRDb20gTHRk LjErMCkGA1UECxMiU2VjdXJlIERpZ2l0YWwgQ2VydGlmaWNhdGUgU2lnbmluZzE4MDYGA1UEAxMv U3RhcnRDb20gQ2xhc3MgMiBQcmltYXJ5IEludGVybWVkaWF0ZSBDbGllbnQgQ0ECAh5cMAkGBSsO AwIaBQCgggGtMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTEyMDcw MjIxMDgyMVowIwYJKoZIhvcNAQkEMRYEFFONW0Ao0OOS+yNheq9TjMrEe+NtMIGkBgkrBgEEAYI3 EAQxgZYwgZMwgYwxCzAJBgNVBAYTAklMMRYwFAYDVQQKEw1TdGFydENvbSBMdGQuMSswKQYDVQQL EyJTZWN1cmUgRGlnaXRhbCBDZXJ0aWZpY2F0ZSBTaWduaW5nMTgwNgYDVQQDEy9TdGFydENvbSBD bGFzcyAyIFByaW1hcnkgSW50ZXJtZWRpYXRlIENsaWVudCBDQQICHlwwgaYGCyqGSIb3DQEJEAIL MYGWoIGTMIGMMQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMi U2VjdXJlIERpZ2l0YWwgQ2VydGlmaWNhdGUgU2lnbmluZzE4MDYGA1UEAxMvU3RhcnRDb20gQ2xh c3MgMiBQcmltYXJ5IEludGVybWVkaWF0ZSBDbGllbnQgQ0ECAh5cMA0GCSqGSIb3DQEBAQUABIIB ABOkG9ccxMAgdDqHjcL7V2eCX5c/mxvqU5LwUkHlkZ+XcrpfRDqXZhdSe3bM9MqSqT0ZnRmdVoiw eTATRm5Ehr28X8PjjvH72eZRc9JxvNUbRLfYk/hVI6MwmAQqqIOcUMeO2yP4BVCYVGle85VHisGK XYcUXdEy/xcDE76Imom4DeOwRzLZA7Fh0nuwTP/+L+t8TNVZoQ1rDOPwDFA8trnpooaPuH2FBWNN xRz7FdcwSqT6fUcGNP4H2dTBMyr9PFSGrXNKSBanR+EAtF7okGtk+9kuiwiPIYXQMP8htFsU0jLu 1lkRqTdpvCYqhs/6NIavcW0nrIi9aBNRb9CkV0sAAAAAAAA= --Apple-Mail=_C3B116D8-8D92-45FF-827C-4AEC59E35DE2-- From tonynad@microsoft.com Mon Jul 2 14:39:24 2012 Return-Path: X-Original-To: oauth@ietfa.amsl.com Delivered-To: oauth@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 82BC221F850B for ; Mon, 2 Jul 2012 14:39:24 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.103 X-Spam-Level: X-Spam-Status: No, score=-2.103 tagged_above=-999 required=5 tests=[AWL=1.363, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-4, UNRESOLVED_TEMPLATE=3.132] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id spC1SJlZhsvC for ; Mon, 2 Jul 2012 14:39:23 -0700 (PDT) Received: from tx2outboundpool.messaging.microsoft.com (tx2ehsobe002.messaging.microsoft.com [65.55.88.12]) by ietfa.amsl.com (Postfix) with ESMTP id 31B7621F85C3 for ; Mon, 2 Jul 2012 14:39:23 -0700 (PDT) Received: from mail74-tx2-R.bigfish.com (10.9.14.244) by TX2EHSOBE007.bigfish.com (10.9.40.27) with Microsoft SMTP Server id 14.1.225.23; Mon, 2 Jul 2012 21:37:29 +0000 Received: from mail74-tx2 (localhost [127.0.0.1]) by mail74-tx2-R.bigfish.com (Postfix) with ESMTP id 21379360441 for ; Mon, 2 Jul 2012 21:37:29 +0000 (UTC) X-Forefront-Antispam-Report: CIP:131.107.125.8; KIP:(null); UIP:(null); IPV:NLI; H:TK5EX14MLTC103.redmond.corp.microsoft.com; RD:none; EFVD:NLI X-SpamScore: -18 X-BigFish: VS-18(zz9371Ic85fhzz1202h1082kzz1033IL8275bh8275dhz2fh2a8h683h839hd25hf0ah) Received-SPF: pass (mail74-tx2: domain of microsoft.com designates 131.107.125.8 as permitted sender) client-ip=131.107.125.8; envelope-from=tonynad@microsoft.com; helo=TK5EX14MLTC103.redmond.corp.microsoft.com ; icrosoft.com ; X-Forefront-Antispam-Report-Untrusted: CIP:157.56.240.21; KIP:(null); UIP:(null); (null); H:BL2PRD0310HT004.namprd03.prod.outlook.com; R:internal; EFV:INT Received: from mail74-tx2 (localhost.localdomain [127.0.0.1]) by mail74-tx2 (MessageSwitch) id 1341265047164858_6491; Mon, 2 Jul 2012 21:37:27 +0000 (UTC) Received: from TX2EHSMHS036.bigfish.com (unknown [10.9.14.247]) by mail74-tx2.bigfish.com (Postfix) with ESMTP id 125562A0045 for ; Mon, 2 Jul 2012 21:37:27 +0000 (UTC) Received: from TK5EX14MLTC103.redmond.corp.microsoft.com (131.107.125.8) by TX2EHSMHS036.bigfish.com (10.9.99.136) with Microsoft SMTP Server (TLS) id 14.1.225.23; Mon, 2 Jul 2012 21:37:26 +0000 Received: from va3outboundpool.messaging.microsoft.com (157.54.51.80) by mail.microsoft.com (157.54.79.174) with Microsoft SMTP Server (TLS) id 14.2.298.5; Mon, 2 Jul 2012 21:39:23 +0000 Received: from mail105-va3-R.bigfish.com (10.7.14.245) by VA3EHSOBE003.bigfish.com (10.7.40.23) with Microsoft SMTP Server id 14.1.225.23; Mon, 2 Jul 2012 21:37:07 +0000 Received: from mail105-va3 (localhost [127.0.0.1]) by mail105-va3-R.bigfish.com (Postfix) with ESMTP id BFF824C0107 for ; Mon, 2 Jul 2012 21:37:07 +0000 (UTC) Received: from mail105-va3 (localhost.localdomain [127.0.0.1]) by mail105-va3 (MessageSwitch) id 1341265025658312_25163; Mon, 2 Jul 2012 21:37:05 +0000 (UTC) Received: from VA3EHSMHS026.bigfish.com (unknown [10.7.14.236]) by mail105-va3.bigfish.com (Postfix) with ESMTP id 93E6D60084; Mon, 2 Jul 2012 21:37:05 +0000 (UTC) Received: from BL2PRD0310HT004.namprd03.prod.outlook.com (157.56.240.21) by VA3EHSMHS026.bigfish.com (10.7.99.36) with Microsoft SMTP Server (TLS) id 14.1.225.23; Mon, 2 Jul 2012 21:37:02 +0000 Received: from BL2PRD0310MB362.namprd03.prod.outlook.com ([169.254.10.205]) by BL2PRD0310HT004.namprd03.prod.outlook.com ([10.255.97.39]) with mapi id 14.16.0152.000; Mon, 2 Jul 2012 21:38:59 +0000 From: Anthony Nadalin To: John Bradley , "oauth@ietf.org WG" Thread-Topic: [OAUTH-WG] New Text for Sec 3.2.1 & 4.1.3 Thread-Index: AQHNV8+WFJ5L14GRb0KwigdKBvuAFpcWhj8Q Date: Mon, 2 Jul 2012 21:38:58 +0000 Message-ID: References: <65225399-494A-41B1-89EC-81B9EC22FE71@ve7jtb.com> In-Reply-To: <65225399-494A-41B1-89EC-81B9EC22FE71@ve7jtb.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [131.107.174.57] Content-Type: multipart/alternative; boundary="_000_B26C1EF377CB694EAB6BDDC8E624B6E74F3C15E0BL2PRD0310MB362_" MIME-Version: 1.0 X-OrganizationHeadersPreserved: BL2PRD0310HT004.namprd03.prod.outlook.com X-FOPE-CONNECTOR: Id%0$Dn%*$RO%0$TLS%0$FQDN%$TlsDn% X-FOPE-CONNECTOR: Id%59$Dn%VE7JTB.COM$RO%2$TLS%6$FQDN%131.107.125.5$TlsDn% X-FOPE-CONNECTOR: Id%59$Dn%IETF.ORG$RO%2$TLS%6$FQDN%131.107.125.5$TlsDn% X-CrossPremisesHeadersPromoted: TK5EX14MLTC103.redmond.corp.microsoft.com X-CrossPremisesHeadersFiltered: TK5EX14MLTC103.redmond.corp.microsoft.com X-OriginatorOrg: microsoft.com Subject: Re: [OAUTH-WG] New Text for Sec 3.2.1 & 4.1.3 X-BeenThere: oauth@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: OAUTH WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 02 Jul 2012 21:39:24 -0000 --_000_B26C1EF377CB694EAB6BDDC8E624B6E74F3C15E0BL2PRD0310MB362_ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Not sure why this has to be a MUST in section 3.2.1 as the token endpoint h= as to the choice to reject it either way (provided or not) From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On Behalf Of J= ohn Bradley Sent: Sunday, July 01, 2012 2:22 PM To: oauth@ietf.org WG Subject: [OAUTH-WG] New Text for Sec 3.2.1 & 4.1.3 Sec 4.1.2 states: The authorization code is bound to the client identifier and redirection UR= I. The security concern Sec 10.5 states If the client can be authenticated, the authorization servers MUST authenticate the client and ensure that the authorization code was issued to the same client. Sec 3.2.1 A public client that was not issued a client password MAY use the "client_id" request parameter to identify itself when sending requests to the token endpoint (e.g. for the purpose of providing end-user context, client usage statistics). Nothing in the current spec requires that a Public client send it's client_= id or redirect_uri to the token endpoint. The client _id is only sent if it is a confidential client capable of authe= nticating itself. The redirect_uri is only sent if the 'redirect_uri' parameter was included = in the authorization request. If the client has one registered redirect_uri it would not be sent to the a= uthorization or token endpoint. This leaves us with public clients using code flow that cannot determine if= a token was granted to them or some other public client. I propose changing Sec 3.2.1 to read: A public client that was not issued a client password MUST use the "client_id" request parameter to identify itself when sending requests to the token endpoint. This allows the authorization server to ensure that the code was issued to the same client. Sending "client_id" prevents the client from inadvertently accepting a code intended for a client with a different "client_id". Also change Sec 4.1.3 from: o authenticate the client if client authentication is included and ensure the authorization code was issued to the authenticated client, To: o authenticate the client if client authentication is included, o ensure the authorization code was issued to the authenticated confidential client or to the public client identified by the 'client_id', The Original text implies that it is a good idea to send it, but is unclear= on what security it provides. It is a small change that should not brake existing implementations, but wi= ll increase security for public clients using the code flow. Regards John B. --_000_B26C1EF377CB694EAB6BDDC8E624B6E74F3C15E0BL2PRD0310MB362_ Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable

Not sure why this has to = be a MUST in section 3.2.1 as the token endpoint has to the choice to rejec= t it either way (provided or not)

 <= /p>

From: oauth-bo= unces@ietf.org [mailto:oauth-bounces@ietf.org] On Behalf Of John Bradley
Sent: Sunday, July 01, 2012 2:22 PM
To: oauth@ietf.org WG
Subject: [OAUTH-WG] New Text for Sec 3.2.1 & 4.1.3

 

Sec 4.1.2 states:

 

The authorizatio=
n code is bound to the client identifier and redirection URI.

 

The security concern Sec 10.5 states

 

   If =
the client can be authenticated, the authorization servers MUST<=
/span>
   authenticate the client and ensure that the authoriz=
ation code was
   issued to the same client.
 
Sec 3.2.1 
A public client =
that was not issued a client password MAY use the
   "client_id" request parameter to identify =
itself when sending
   requests to the token endpoint (e.g. for the purpose=
 of providing
   end-user context, client usage statistics).
 
Nothing in the current spec requires that a Public client send it=
's client_id or redirect_uri to the token endpoint.
The client _id is only sent if it is a confidential client capabl=
e of authenticating itself.
The redirect_uri is only sent if the 'redirect_uri' parameter was=
 included in the authorization request.
If the client has one registered redirect_uri it would not be sen=
t to the authorization or token endpoint.
 
This leaves us with public clients using code flow that cannot de=
termine if a token was granted to them or some other public client.
 
 
I propose changing Sec 3.2.1 to read:
 
A public client =
that was not issued a client password MUST use the
   "client_id" request parameter to identify =
itself when sending
   requests to the token endpoint. This allows the auth=
orization server 
   to =
ensure that the code was issued to the same client.  
   Sen=
ding "client_id" prevents the client from<=
/pre>

   ina=
dvertently accepting a code intended for a client with a different


   &qu=
ot;client_id".





Also change Sec =
4.1.3 from:


o  authenti=
cate the client if client authentication is included and<=
/pre>

      ensure the authorization code was =
issued to the authenticated


  &nbs=
p;   client,





To:


o  authenti=
cate the client if client authentication is included,

o  ensure t=
he authorization code was issued to the authenticated 

  &nbs=
p;confidential client or to the public client identified by the<=
/span>


  'client_i=
d',




 






 




 





The Original tex=
t implies that it is a good idea to send it, but is unclear on what securit=
y it provides.





It is a small ch=
ange that should not brake existing implementations, but will increase secu=
rity for public clients using the code flow.





Regards


John B.







 
--_000_B26C1EF377CB694EAB6BDDC8E624B6E74F3C15E0BL2PRD0310MB362_-- From tonynad@microsoft.com Mon Jul 2 14:45:29 2012 Return-Path: X-Original-To: oauth@ietfa.amsl.com Delivered-To: oauth@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EE6BC11E80D6 for ; Mon, 2 Jul 2012 14:45:28 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -0.716 X-Spam-Level: X-Spam-Status: No, score=-0.716 tagged_above=-999 required=5 tests=[AWL=-0.250, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1, UNRESOLVED_TEMPLATE=3.132] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WQ2BAhHhCaYu for ; Mon, 2 Jul 2012 14:45:27 -0700 (PDT) Received: from co1outboundpool.messaging.microsoft.com (co1ehsobe004.messaging.microsoft.com [216.32.180.187]) by ietfa.amsl.com (Postfix) with ESMTP id B88D511E80C8 for ; Mon, 2 Jul 2012 14:45:27 -0700 (PDT) Received: from mail85-co1-R.bigfish.com (10.243.78.253) by CO1EHSOBE001.bigfish.com (10.243.66.64) with Microsoft SMTP Server id 14.1.225.23; Mon, 2 Jul 2012 21:43:36 +0000 Received: from mail85-co1 (localhost [127.0.0.1]) by mail85-co1-R.bigfish.com (Postfix) with ESMTP id ED475A00103 for ; Mon, 2 Jul 2012 21:43:35 +0000 (UTC) X-Forefront-Antispam-Report: CIP:131.107.125.8; KIP:(null); UIP:(null); IPV:NLI; H:TK5EX14HUBC105.redmond.corp.microsoft.com; RD:none; EFVD:NLI X-SpamScore: -20 X-BigFish: VS-20(zzbb2dI98dI9371Ic85fhzz1202h1082kzz1033IL8275bh8275dhz2fh2a8h683h839hd25hf0ah) Received-SPF: pass (mail85-co1: domain of microsoft.com designates 131.107.125.8 as permitted sender) client-ip=131.107.125.8; envelope-from=tonynad@microsoft.com; helo=TK5EX14HUBC105.redmond.corp.microsoft.com ; icrosoft.com ; X-Forefront-Antispam-Report-Untrusted: CIP:157.56.240.21; KIP:(null); UIP:(null); (null); H:BL2PRD0310HT001.namprd03.prod.outlook.com; R:internal; EFV:INT Received: from mail85-co1 (localhost.localdomain [127.0.0.1]) by mail85-co1 (MessageSwitch) id 1341265413805180_9819; Mon, 2 Jul 2012 21:43:33 +0000 (UTC) Received: from CO1EHSMHS017.bigfish.com (unknown [10.243.78.233]) by mail85-co1.bigfish.com (Postfix) with ESMTP id B8C863C0044 for ; Mon, 2 Jul 2012 21:43:33 +0000 (UTC) Received: from TK5EX14HUBC105.redmond.corp.microsoft.com (131.107.125.8) by CO1EHSMHS017.bigfish.com (10.243.66.27) with Microsoft SMTP Server (TLS) id 14.1.225.23; Mon, 2 Jul 2012 21:43:33 +0000 Received: from CH1EHSOBE017.bigfish.com (157.54.51.113) by mail.microsoft.com (157.54.80.48) with Microsoft SMTP Server (TLS) id 14.2.309.3; Mon, 2 Jul 2012 21:45:30 +0000 Received: from mail74-ch1-R.bigfish.com (10.43.68.242) by CH1EHSOBE017.bigfish.com (10.43.70.67) with Microsoft SMTP Server id 14.1.225.23; Mon, 2 Jul 2012 21:43:32 +0000 Received: from mail74-ch1 (localhost [127.0.0.1]) by mail74-ch1-R.bigfish.com (Postfix) with ESMTP id 2E7A43E04A6 for ; Mon, 2 Jul 2012 21:43:32 +0000 (UTC) Received: from mail74-ch1 (localhost.localdomain [127.0.0.1]) by mail74-ch1 (MessageSwitch) id 1341265409920443_10123; Mon, 2 Jul 2012 21:43:29 +0000 (UTC) Received: from CH1EHSMHS023.bigfish.com (snatpool1.int.messaging.microsoft.com [10.43.68.249]) by mail74-ch1.bigfish.com (Postfix) with ESMTP id DE5C04001EB; Mon, 2 Jul 2012 21:43:29 +0000 (UTC) Received: from BL2PRD0310HT001.namprd03.prod.outlook.com (157.56.240.21) by CH1EHSMHS023.bigfish.com (10.43.70.23) with Microsoft SMTP Server (TLS) id 14.1.225.23; Mon, 2 Jul 2012 21:43:29 +0000 Received: from BL2PRD0310MB362.namprd03.prod.outlook.com ([169.254.10.205]) by BL2PRD0310HT001.namprd03.prod.outlook.com ([10.255.97.36]) with mapi id 14.16.0164.004; Mon, 2 Jul 2012 21:45:24 +0000 From: Anthony Nadalin To: Justin Richer , "oauth@ietf.org" Thread-Topic: [OAUTH-WG] New Text for Sec 3.2.1 & 4.1.3 Thread-Index: AQHNV8+WFJ5L14GRb0KwigdKBvuAFpcWG+oAgAAELYCAAGfEYA== Date: Mon, 2 Jul 2012 21:45:24 +0000 Message-ID: References: <65225399-494A-41B1-89EC-81B9EC22FE71@ve7jtb.com> <4E1F6AAD24975D4BA5B1680429673943665727AC@TK5EX14MBXC283.redmond.corp.microsoft.com> <4FF1BEFF.8040103@mitre.org> In-Reply-To: <4FF1BEFF.8040103@mitre.org> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [131.107.174.57] Content-Type: multipart/alternative; boundary="_000_B26C1EF377CB694EAB6BDDC8E624B6E74F3C160FBL2PRD0310MB362_" MIME-Version: 1.0 X-OrganizationHeadersPreserved: BL2PRD0310HT001.namprd03.prod.outlook.com X-FOPE-CONNECTOR: Id%0$Dn%*$RO%0$TLS%0$FQDN%$TlsDn% X-FOPE-CONNECTOR: Id%59$Dn%MITRE.ORG$RO%2$TLS%6$FQDN%131.107.125.5$TlsDn% X-FOPE-CONNECTOR: Id%59$Dn%IETF.ORG$RO%2$TLS%6$FQDN%131.107.125.5$TlsDn% X-CrossPremisesHeadersPromoted: TK5EX14HUBC105.redmond.corp.microsoft.com X-CrossPremisesHeadersFiltered: TK5EX14HUBC105.redmond.corp.microsoft.com X-OriginatorOrg: microsoft.com Subject: Re: [OAUTH-WG] New Text for Sec 3.2.1 & 4.1.3 X-BeenThere: oauth@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: OAUTH WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 02 Jul 2012 21:45:29 -0000 --_000_B26C1EF377CB694EAB6BDDC8E624B6E74F3C160FBL2PRD0310MB362_ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable While the client may be forced to provide the client_id there are no requir= ements for the endpoint to process the client_id (or how that is done) so n= ot sure what good the change actually does From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On Behalf Of J= ustin Richer Sent: Monday, July 02, 2012 8:32 AM To: oauth@ietf.org Subject: Re: [OAUTH-WG] New Text for Sec 3.2.1 & 4.1.3 I'm generally OK with the change, though it does change One problem I have = with this is that it can give a false sense of security about the informati= on being sent to the token endpoint and how trustworthy it is. A client_id = is public knowledge, and so someone impersonating a client on the Authentic= ation Endpoint could also impersonate it on the Token Endpoint just as easi= ly. This is not the attack that's being addressed here, and the possible ph= ishing vector in the one I'm describing is both well known and, I believe, = well covered by the existing documents. However, I think the new text might= confuse people into conflating these two. Basically, I think it needs to be made very clear, especially with this cha= nge of text, that a client_id on its own should never be taken as sufficien= t for authentication of the client. The context of the user's decision, amo= ng other things, is as important as a client secret. -- Justin On 07/02/2012 11:17 AM, Mike Jones wrote: I believe we should adopt this revised text. -- Mike From: oauth-bounces@ietf.org [mailto:oauth-b= ounces@ietf.org] On Behalf Of John Bradley Sent: Sunday, July 01, 2012 2:22 PM To: oauth@ietf.org WG Subject: [OAUTH-WG] New Text for Sec 3.2.1 & 4.1.3 Sec 4.1.2 states: The authorization code is bound to the client identifier and redirection UR= I. The security concern Sec 10.5 states If the client can be authenticated, the authorization servers MUST authenticate the client and ensure that the authorization code was issued to the same client. Sec 3.2.1 A public client that was not issued a client password MAY use the "client_id" request parameter to identify itself when sending requests to the token endpoint (e.g. for the purpose of providing end-user context, client usage statistics). Nothing in the current spec requires that a Public client send it's client_= id or redirect_uri to the token endpoint. The client _id is only sent if it is a confidential client capable of authe= nticating itself. The redirect_uri is only sent if the 'redirect_uri' parameter was included = in the authorization request. If the client has one registered redirect_uri it would not be sent to the a= uthorization or token endpoint. This leaves us with public clients using code flow that cannot determine if= a token was granted to them or some other public client. I propose changing Sec 3.2.1 to read: A public client that was not issued a client password MUST use the "client_id" request parameter to identify itself when sending requests to the token endpoint. This allows the authorization server to ensure that the code was issued to the same client. Sending "client_id" prevents the client from inadvertently accepting a code intended for a client with a different "client_id". Also change Sec 4.1.3 from: o authenticate the client if client authentication is included and ensure the authorization code was issued to the authenticated client, To: o authenticate the client if client authentication is included, o ensure the authorization code was issued to the authenticated confidential client or to the public client identified by the 'client_id', The Original text implies that it is a good idea to send it, but is unclear= on what security it provides. It is a small change that should not brake existing implementations, but wi= ll increase security for public clients using the code flow. Regards John B. _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth --_000_B26C1EF377CB694EAB6BDDC8E624B6E74F3C160FBL2PRD0310MB362_ Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable

While the client may be f= orced to provide the client_id there are no requirements for the endpoint t= o process the client_id (or how that is done) so not sure what good the change actually does

 <= /p>

From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf= .org] On Behalf Of Justin Richer
Sent: Monday, July 02, 2012 8:32 AM
To: oauth@ietf.org
Subject: Re: [OAUTH-WG] New Text for Sec 3.2.1 & 4.1.3

 

I'm generally OK with the change, though it does cha= nge One problem I have with this is that it can give a false sense of secur= ity about the information being sent to the token endpoint and how trustwor= thy it is. A client_id is public knowledge, and so someone impersonating a client on the Authentication Endpoint could= also impersonate it on the Token Endpoint just as easily. This is not the = attack that's being addressed here, and the possible phishing vector in the= one I'm describing is both well known and, I believe, well covered by the existing documents. However, I t= hink the new text might confuse people into conflating these two.

Basically, I think it needs to be made very clear, especially with this cha= nge of text, that a client_id on its own should never be taken as sufficien= t for authentication of the client. The context of the user's decision, amo= ng other things, is as important as a client secret.

 -- Justin

On 07/02/2012 11:17 AM, Mike Jones wrote:

I believe we should adopt= this revised text.

 <= /p>

    &= nbsp;           &nbs= p;            &= nbsp;           &nbs= p;            &= nbsp;     -- Mike

 <= /p>

From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On Behalf Of John Bradley
Sent: Sunday, July 01, 2012 2:22 PM
To: oauth@ietf.org WG
Subject: [OAUTH-WG] New Text for Sec 3.2.1 & 4.1.3

 

Sec 4.1.2 states:

 

The authorization code is bo=
und to the client identifier and redirection URI.

 

The security concern Sec 10.5 states

 

   If the client c=
an be authenticated, the authorization servers MUST
&n=
bsp;  authenticate the client and ensure that the authorization code w=
as
&n=
bsp;  issued to the same client.
&n=
bsp;
Se=
c 3.2.1 
A public client that was not=
 issued a client password MAY use the
&n=
bsp;  "client_id" request parameter to identify itself when =
sending
&n=
bsp;  requests to the token endpoint (e.g. for the purpose of providin=
g
&n=
bsp;  end-user context, client usage statistics).

&n=
bsp;
No=
thing in the current spec requires that a Public client send it's client_id=
 or redirect_uri to the token endpoint.
Th=
e client _id is only sent if it is a confidential client capable of authent=
icating itself.
Th=
e redirect_uri is only sent if the 'redirect_uri' parameter was included in=
 the authorization request.
If=
 the client has one registered redirect_uri it would not be sent to the aut=
horization or token endpoint.
&n=
bsp;
Th=
is leaves us with public clients using code flow that cannot determine if a=
 token was granted to them or some other public client.

&n=
bsp;
&n=
bsp;
I =
propose changing Sec 3.2.1 to read:
&n=
bsp;
A public client that was not=
 issued a client password MUST use the
&n=
bsp;  "client_id" request parameter to identify itself when =
sending
&n=
bsp;  requests to the token endpoint. This allows the authorization se=
rver 
   to ensure that =
the code was issued to the same client.  
   Sending &q=
uot;client_id" prevents the client from
   inadvertently a=
ccepting a code intended for a client with a different

   "client_id=
".





Also change Sec 4.1.3 from:<=
/span>


o  authenticate the cli=
ent if client authentication is included and


&n=
bsp;     ensure the authorization code was issued to th=
e authenticated


     &nb=
sp;client,





To:


o  authenticate the cli=
ent if client authentication is included,


o  ensure the authoriza=
tion code was issued to the authenticated 


   confidenti=
al client or to the public client identified by the


  'client_id',




&n=
bsp;






&n=
bsp;




 





The Original text implies th=
at it is a good idea to send it, but is unclear on what security it provide=
s.





It is a small change that sh=
ould not brake existing implementations, but will increase security for pub=
lic clients using the code flow.





Regards

John B.






 











_______________________________________________


OAuth mailing list


OAuth@ietf.org


https://www.ie=
tf.org/mailman/listinfo/oauth

 

--_000_B26C1EF377CB694EAB6BDDC8E624B6E74F3C160FBL2PRD0310MB362_-- From ve7jtb@ve7jtb.com Mon Jul 2 14:51:39 2012 Return-Path: X-Original-To: oauth@ietfa.amsl.com Delivered-To: oauth@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4BC7C21F84DC for ; Mon, 2 Jul 2012 14:51:39 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -3.45 X-Spam-Level: X-Spam-Status: No, score=-3.45 tagged_above=-999 required=5 tests=[AWL=0.148, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UJXxqyNdbP5K for ; Mon, 2 Jul 2012 14:51:38 -0700 (PDT) Received: from mail-gg0-f172.google.com (mail-gg0-f172.google.com [209.85.161.172]) by ietfa.amsl.com (Postfix) with ESMTP id 1189221F84C2 for ; Mon, 2 Jul 2012 14:51:37 -0700 (PDT) Received: by ggnc4 with SMTP id c4so5126241ggn.31 for ; Mon, 02 Jul 2012 14:51:43 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=subject:mime-version:content-type:from:in-reply-to:date:cc :message-id:references:to:x-mailer:x-gm-message-state; bh=gh9PbejGgV2LPVBIAov1CYm7u68gGjZ8hqasOu6XmRA=; b=AJlIJ2VPHperLbuoQcMUcPWvYWabE8e/+l3AOK2g41I5Mb34RIjvDQagzBvrRtuOdz 6fkYeQP5RUt4+RyFG6FANSWAA84d2pLGjyc1Xnve1LtREfmLdC+h0phKiQOP479PtBk+ uDjuoDtZOrB1IQLY0mLNnRKhxG/PZslJmJKJrnuhn/Sp1pvY58OOxLVsPH0F/oyPCdfd yF6cSOR3XkVtmDHL/hmCvyLzcoSSdgvhSiKsYNBFXqL1/sOiOc/j7F4S2CekXZTqhPtr 6sdD0GdFN5fBNMMTuxM5hZFWlJafshgKvC+cOVVhBUNPQetqT3ApUxjCHxCTfvXUW84Q dbqw== Received: by 10.236.173.135 with SMTP id v7mr17483581yhl.19.1341265903482; Mon, 02 Jul 2012 14:51:43 -0700 (PDT) Received: from [192.168.1.211] (190-20-50-6.baf.movistar.cl. [190.20.50.6]) by mx.google.com with ESMTPS id x7sm12801142ang.7.2012.07.02.14.51.29 (version=TLSv1/SSLv3 cipher=OTHER); Mon, 02 Jul 2012 14:51:42 -0700 (PDT) Mime-Version: 1.0 (Apple Message framework v1278) Content-Type: multipart/signed; boundary="Apple-Mail=_A307C03A-B9CB-4C63-90F9-FD0379C17A8D"; protocol="application/pkcs7-signature"; micalg=sha1 From: John Bradley In-Reply-To: Date: Mon, 2 Jul 2012 17:51:06 -0400 Message-Id: <5FC2B7D2-FF4C-4B5E-9C66-D2A0631CC3DC@ve7jtb.com> References: <65225399-494A-41B1-89EC-81B9EC22FE71@ve7jtb.com> To: Anthony Nadalin X-Mailer: Apple Mail (2.1278) X-Gm-Message-State: ALoCoQkxwvwl+jivfP7DotXGUutheFiEngtKj3oDq0izY57j7jWUAP95izbYfUEt0mHF2Ger8o6R Cc: "oauth@ietf.org WG" Subject: Re: [OAUTH-WG] New Text for Sec 3.2.1 & 4.1.3 X-BeenThere: oauth@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: OAUTH WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 02 Jul 2012 21:51:39 -0000 --Apple-Mail=_A307C03A-B9CB-4C63-90F9-FD0379C17A8D Content-Type: multipart/alternative; boundary="Apple-Mail=_D0C250F8-8559-4118-B890-8329B862981D" --Apple-Mail=_D0C250F8-8559-4118-B890-8329B862981D Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii The token endpoint can always reject it. The issue is if the client can count on it being rejected if the = client_id is wrong. If the Authorization server is allowed to not to compare the client_id = to the one it issued the token to there is no point in making the = change. As Justin pointed out leaving it insecure to discourage people from = using this flow is also an option.=20 This just mitigates against one attack on public clients using the code = flow. At the end of the day a confidential client is going to be more = secure. John B. On 2012-07-02, at 5:38 PM, Anthony Nadalin wrote: > Not sure why this has to be a MUST in section 3.2.1 as the token = endpoint has to the choice to reject it either way (provided or not) > =20 > From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On Behalf = Of John Bradley > Sent: Sunday, July 01, 2012 2:22 PM > To: oauth@ietf.org WG > Subject: [OAUTH-WG] New Text for Sec 3.2.1 & 4.1.3 > =20 > Sec 4.1.2 states: > =20 > The authorization code is bound to the client identifier and = redirection URI. > =20 > The security concern Sec 10.5 states > =20 > If the client can be authenticated, the authorization servers MUST > authenticate the client and ensure that the authorization code was > issued to the same client. > =20 > Sec 3.2.1=20 > A public client that was not issued a client password MAY use the > "client_id" request parameter to identify itself when sending > requests to the token endpoint (e.g. for the purpose of providing > end-user context, client usage statistics). > =20 > Nothing in the current spec requires that a Public client send it's = client_id or redirect_uri to the token endpoint. > The client _id is only sent if it is a confidential client capable of = authenticating itself. > The redirect_uri is only sent if the 'redirect_uri' parameter was = included in the authorization request. > If the client has one registered redirect_uri it would not be sent to = the authorization or token endpoint. > =20 > This leaves us with public clients using code flow that cannot = determine if a token was granted to them or some other public client. > =20 > =20 > I propose changing Sec 3.2.1 to read: > =20 > A public client that was not issued a client password MUST use the > "client_id" request parameter to identify itself when sending > requests to the token endpoint. This allows the authorization = server=20 > to ensure that the code was issued to the same client. =20 > Sending "client_id" prevents the client from > inadvertently accepting a code intended for a client with a = different > "client_id". >=20 > Also change Sec 4.1.3 from: > o authenticate the client if client authentication is included and > ensure the authorization code was issued to the authenticated > client, >=20 > To: > o authenticate the client if client authentication is included, > o ensure the authorization code was issued to the authenticated=20 > confidential client or to the public client identified by the > 'client_id', > =20 > =20 > =20 >=20 > The Original text implies that it is a good idea to send it, but is = unclear on what security it provides. >=20 > It is a small change that should not brake existing implementations, = but will increase security for public clients using the code flow. >=20 > Regards > John B. >=20 >=20 --Apple-Mail=_D0C250F8-8559-4118-B890-8329B862981D Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=us-ascii The token endpoint can always reject = it.

The issue is if the client can count on it being = rejected if the client_id is wrong.

If the = Authorization server is allowed to not to compare the = client_id  to the one it issued the token to there is no point in = making the change.

As Justin pointed out = leaving it insecure to discourage people from using this flow is also an = option. 

This just mitigates against one = attack on public clients using the code flow.   At the end of the = day a confidential client is going to be more = secure.

John = B.


On 2012-07-02, at 5:38 PM, = Anthony Nadalin wrote:

Not = sure why this has to be a MUST in section 3.2.1 as the token endpoint = has to the choice to reject it either way (provided or = not)
 oauth-bounces@ietf.org = [mailto:oauth-bounces@ietf.org] On Behalf Of John = Bradley
Sent: Sunday, July 01, 2012 2:22 = PM
To: oauth@ietf.org = WG
Subject: [OAUTH-WG] New Text for Sec = 3.2.1 & 4.1.3
Sec 4.1.2 = states:
The authorization code is = bound to the client identifier and redirection = URI.
The security concern Sec = 10.5 states
   If the client can = be authenticated, the authorization servers = MUST
   authenticate the =
client and ensure that the authorization code =
was
   issued to the =
same client.
Sec 3.2.1 =

A public client that was not =
issued a client password MAY use the
   "client_id" request parameter to identify itself =
when sending
   requests to the =
token endpoint (e.g. for the purpose of =
providing
   end-user context, =
client usage statistics).
 
Nothing in the current spec requires that a Public client send =
it's client_id or redirect_uri to the token =
endpoint.
The client _id is only =
sent if it is a confidential client capable of authenticating =
itself.
The redirect_uri is only sent =
if the 'redirect_uri' parameter was included in the authorization =
request.
If the client has one =
registered redirect_uri it would not be sent to the authorization or =
token endpoint.
 
This leaves us with public clients using code flow that cannot =
determine if a token was granted to them or some other public =
client.
I propose changing Sec =
3.2.1 to read:
A public client that was not =
issued a client password MUST use the
   "client_id" request parameter to identify itself =
when sending
   requests to the =
token endpoint. This allows the authorization =
server 
   to ensure that =
the code was issued to the same client. =
 
   =
Sending "client_id" prevents the client =
from
   inadvertently =
accepting a code intended for a client with a =
different
   =
"client_id".

      =
ensure the authorization code was issued to the =
authenticated
      =
client,

o  authenticate the =
client if client authentication is included,
   confidential =
client or to the public client identified by =
the
  =
'client_id',
 
The =
Original text implies that it is a good idea to send it, but is unclear =
on what security it provides.
It =
is a small change that should not brake existing implementations, but =
will increase security for public clients using the code =
flow.

John =
B.


In-Reply-To: Date: Mon, 2 Jul 2012 17:54:14 -0400 Message-Id: References: <65225399-494A-41B1-89EC-81B9EC22FE71@ve7jtb.com> <4E1F6AAD24975D4BA5B1680429673943665727AC@TK5EX14MBXC283.redmond.corp.microsoft.com> <4FF1BEFF.8040103@mitre.org> To: Anthony Nadalin X-Mailer: Apple Mail (2.1278) X-Gm-Message-State: ALoCoQmsTNJ5aYMZ0z9ZvmcmsPY1ENEVkhqAjhcY9BAn/Q5SrH7VQXVx4lajPY3Eo56/DsWv0aXP Cc: "oauth@ietf.org" Subject: Re: [OAUTH-WG] New Text for Sec 3.2.1 & 4.1.3 X-BeenThere: oauth@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: OAUTH WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 02 Jul 2012 21:54:20 -0000 --Apple-Mail=_130ACDE7-94CE-4134-B0F2-928888B83FE0 Content-Type: multipart/alternative; boundary="Apple-Mail=_8B5655E5-B9B0-47CE-B935-67B071D8D9E5" --Apple-Mail=_8B5655E5-B9B0-47CE-B935-67B071D8D9E5 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii The change to 4.1.3 requires the endpoint to process it. At least as = much as the the text for the Confidential client is requiring it. John B. On 2012-07-02, at 5:45 PM, Anthony Nadalin wrote: > While the client may be forced to provide the client_id there are no = requirements for the endpoint to process the client_id (or how that is = done) so not sure what good the change actually does > =20 > From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On Behalf = Of Justin Richer > Sent: Monday, July 02, 2012 8:32 AM > To: oauth@ietf.org > Subject: Re: [OAUTH-WG] New Text for Sec 3.2.1 & 4.1.3 > =20 > I'm generally OK with the change, though it does change One problem I = have with this is that it can give a false sense of security about the = information being sent to the token endpoint and how trustworthy it is. = A client_id is public knowledge, and so someone impersonating a client = on the Authentication Endpoint could also impersonate it on the Token = Endpoint just as easily. This is not the attack that's being addressed = here, and the possible phishing vector in the one I'm describing is both = well known and, I believe, well covered by the existing documents. = However, I think the new text might confuse people into conflating these = two. >=20 > Basically, I think it needs to be made very clear, especially with = this change of text, that a client_id on its own should never be taken = as sufficient for authentication of the client. The context of the = user's decision, among other things, is as important as a client secret. >=20 > -- Justin >=20 > On 07/02/2012 11:17 AM, Mike Jones wrote: > I believe we should adopt this revised text. > =20 > -- Mike > =20 > From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On Behalf = Of John Bradley > Sent: Sunday, July 01, 2012 2:22 PM > To: oauth@ietf.org WG > Subject: [OAUTH-WG] New Text for Sec 3.2.1 & 4.1.3 > =20 > Sec 4.1.2 states: > =20 > The authorization code is bound to the client identifier and = redirection URI. > =20 > The security concern Sec 10.5 states > =20 > If the client can be authenticated, the authorization servers MUST > authenticate the client and ensure that the authorization code was > issued to the same client. > =20 > Sec 3.2.1=20 > A public client that was not issued a client password MAY use the > "client_id" request parameter to identify itself when sending > requests to the token endpoint (e.g. for the purpose of providing > end-user context, client usage statistics). > =20 > Nothing in the current spec requires that a Public client send it's = client_id or redirect_uri to the token endpoint. > The client _id is only sent if it is a confidential client capable of = authenticating itself. > The redirect_uri is only sent if the 'redirect_uri' parameter was = included in the authorization request. > If the client has one registered redirect_uri it would not be sent to = the authorization or token endpoint. > =20 > This leaves us with public clients using code flow that cannot = determine if a token was granted to them or some other public client. > =20 > =20 > I propose changing Sec 3.2.1 to read: > =20 > A public client that was not issued a client password MUST use the > "client_id" request parameter to identify itself when sending > requests to the token endpoint. This allows the authorization = server=20 > to ensure that the code was issued to the same client. =20 > Sending "client_id" prevents the client from > inadvertently accepting a code intended for a client with a = different > "client_id". >=20 > Also change Sec 4.1.3 from: > o authenticate the client if client authentication is included and > ensure the authorization code was issued to the authenticated > client, >=20 > To: > o authenticate the client if client authentication is included, > o ensure the authorization code was issued to the authenticated=20 > confidential client or to the public client identified by the > 'client_id', > =20 > =20 > =20 >=20 > The Original text implies that it is a good idea to send it, but is = unclear on what security it provides. >=20 > It is a small change that should not brake existing implementations, = but will increase security for public clients using the code flow. >=20 > Regards > John B. >=20 >=20 > =20 >=20 >=20 >=20 > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth > =20 >=20 > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth --Apple-Mail=_8B5655E5-B9B0-47CE-B935-67B071D8D9E5 Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=us-ascii The change to 4.1.3 requires the endpoint to = process it.  At least as much as the the text for the Confidential = client is requiring it.


John B.
On = 2012-07-02, at 5:45 PM, Anthony Nadalin wrote:

While the = client may be forced to provide the client_id there are no requirements = for the endpoint to process the client_id (or how that is done) so not = sure what good the change actually does
 oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.or= g] On Behalf = Of Justin = Richer
Sent: Monday, July 02, 2012 8:32 = AM
To: oauth@ietf.org
Subject: Re: [OAUTH-WG] New Text for = Sec 3.2.1 & 4.1.3
 
I'm generally OK with the change, though = it does change One problem I have with this is that it can give a false = sense of security about the information being sent to the token endpoint = and how trustworthy it is. A client_id is public knowledge, and so = someone impersonating a client on the Authentication Endpoint could also = impersonate it on the Token Endpoint just as easily. This is not the = attack that's being addressed here, and the possible phishing vector in = the one I'm describing is both well known and, I believe, well covered = by the existing documents. However, I think the new text might confuse = people into conflating these two.

Basically, I think it needs to = be made very clear, especially with this change of text, that a = client_id on its own should never be taken as sufficient for = authentication of the client. The context of the user's decision, among = other things, is as important as a client secret.

 -- = Justin

On 07/02/2012 11:17 AM, Mike Jones = wrote:
I = believe we should adopt this revised text.
 
From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On Behalf Of John = Bradley
Sent: Sunday, July 01, 2012 2:22 = PM
To: oauth@ietf.org WG
Subject: [OAUTH-WG] New Text for Sec = 3.2.1 & 4.1.3
Sec 4.1.2 = states:
The authorization = code is bound to the client identifier and redirection = URI.
The = security concern Sec 10.5 states
 
   If the client can be =
authenticated, the authorization servers =
MUST
   authenticate the client =
and ensure that the authorization code was
   issued to the same =
client.
Sec 3.2.1 =

A public client =
that was not issued a client password MAY use =
the
   "client_id" request =
parameter to identify itself when sending
   requests to the token endpoint (e.g. for the =
purpose of providing
Nothing =
in the current spec requires that a Public client send it's client_id or =
redirect_uri to the token =
endpoint.
The =
client _id is only sent if it is a confidential client capable of =
authenticating itself.
The redirect_uri is only sent if the 'redirect_uri' parameter =
was included in the authorization =
request.
If the =
client has one registered redirect_uri it would not be sent to the =
authorization or token endpoint.
 
This =
leaves us with public clients using code flow that cannot determine if a =
token was granted to them or some other public =
client.
I propose =
changing Sec 3.2.1 to read:
 
A public client =
that was not issued a client password MUST use =
the
   "client_id" request =
parameter to identify itself when sending
   requests to the token endpoint. This allows the =
authorization server 
   to ensure that the code was =
issued to the same client.  
   Sending "client_id" =
prevents the client from
   =
inadvertently accepting a code intended for a client with a =
different
   =
"client_id".

Also change Sec =
4.1.3 from:
o  =
authenticate the client if client authentication is included =
and
      =
ensure the authorization code was issued to the =
authenticated
To:
o  authenticate the client if client =
authentication is included,
o  ensure the authorization code was =
issued to the authenticated 
   confidential client or to =
the public client identified by the
  =
'client_id',
 =


The Original text =
implies that it is a good idea to send it, but is unclear on what =
security it provides.

It is a small =
change that should not brake existing implementations, but will increase =
security for public clients using the code =
flow.

John =
B.


OAuth mailing list
OAuth@ietf.org

Subject: Re: [OAUTH-WG] New Text for Sec 3.2.1 & 4.1.3
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG 
List-Unsubscribe: , 
List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: , 
X-List-Received-Date: Mon, 02 Jul 2012 22:02:47 -0000

--_000_B26C1EF377CB694EAB6BDDC8E624B6E74F3C1665BL2PRD0310MB362_
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

I read 4.1.3 as the client_id just has to have been issued to a  (or any) p=
ublic client

From: John Bradley [mailto:ve7jtb@ve7jtb.com]
Sent: Monday, July 02, 2012 2:54 PM
To: Anthony Nadalin
Cc: Justin Richer; oauth@ietf.org
Subject: Re: [OAUTH-WG] New Text for Sec 3.2.1 & 4.1.3

The change to 4.1.3 requires the endpoint to process it.  At least as much =
as the the text for the Confidential client is requiring it.

John B.
On 2012-07-02, at 5:45 PM, Anthony Nadalin wrote:


While the client may be forced to provide the client_id there are no requir=
ements for the endpoint to process the client_id (or how that is done) so n=
ot sure what good the change actually does

From: oauth-bounces@ietf.org [mailto:oauth-b=
ounces@ietf.org] On Behalf Of Justi=
n Richer
Sent: Monday, July 02, 2012 8:32 AM
To: oauth@ietf.org
Subject: Re: [OAUTH-WG] New Text for Sec 3.2.1 & 4.1.3

I'm generally OK with the change, though it does change One problem I have =
with this is that it can give a false sense of security about the informati=
on being sent to the token endpoint and how trustworthy it is. A client_id =
is public knowledge, and so someone impersonating a client on the Authentic=
ation Endpoint could also impersonate it on the Token Endpoint just as easi=
ly. This is not the attack that's being addressed here, and the possible ph=
ishing vector in the one I'm describing is both well known and, I believe, =
well covered by the existing documents. However, I think the new text might=
 confuse people into conflating these two.

Basically, I think it needs to be made very clear, especially with this cha=
nge of text, that a client_id on its own should never be taken as sufficien=
t for authentication of the client. The context of the user's decision, amo=
ng other things, is as important as a client secret.

 -- Justin

On 07/02/2012 11:17 AM, Mike Jones wrote:
I believe we should adopt this revised text.

                                                            -- Mike

From: oauth-bounces@ietf.org [mailto:oauth-b=
ounces@ietf.org] On Behalf Of John Bradley
Sent: Sunday, July 01, 2012 2:22 PM
To: oauth@ietf.org WG
Subject: [OAUTH-WG] New Text for Sec 3.2.1 & 4.1.3

Sec 4.1.2 states:


The authorization code is bound to the client identifier and redirection UR=
I.

The security concern Sec 10.5 states


   If the client can be authenticated, the authorization servers MUST

   authenticate the client and ensure that the authorization code was

   issued to the same client.



Sec 3.2.1

A public client that was not issued a client password MAY use the

   "client_id" request parameter to identify itself when sending

   requests to the token endpoint (e.g. for the purpose of providing

   end-user context, client usage statistics).



Nothing in the current spec requires that a Public client send it's client_=
id or redirect_uri to the token endpoint.

The client _id is only sent if it is a confidential client capable of authe=
nticating itself.

The redirect_uri is only sent if the 'redirect_uri' parameter was included =
in the authorization request.

If the client has one registered redirect_uri it would not be sent to the a=
uthorization or token endpoint.



This leaves us with public clients using code flow that cannot determine if=
 a token was granted to them or some other public client.





I propose changing Sec 3.2.1 to read:



A public client that was not issued a client password MUST use the

   "client_id" request parameter to identify itself when sending

   requests to the token endpoint. This allows the authorization server

   to ensure that the code was issued to the same client.

   Sending "client_id" prevents the client from

   inadvertently accepting a code intended for a client with a different

   "client_id".


Also change Sec 4.1.3 from:

o  authenticate the client if client authentication is included and

      ensure the authorization code was issued to the authenticated

      client,


To:

o  authenticate the client if client authentication is included,

o  ensure the authorization code was issued to the authenticated

   confidential client or to the public client identified by the

  'client_id',








The Original text implies that it is a good idea to send it, but is unclear=
 on what security it provides.


It is a small change that should not brake existing implementations, but wi=
ll increase security for public clients using the code flow.


Regards

John B.








_______________________________________________

OAuth mailing list

OAuth@ietf.org

https://www.ietf.org/mailman/listinfo/oauth

_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth


--_000_B26C1EF377CB694EAB6BDDC8E624B6E74F3C1665BL2PRD0310MB362_
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable











I read 4.1.3 as the clien=
t_id just has to have been issued to a  (or any) public client


 <=
/p>





From: John Bra=
dley [mailto:ve7jtb@ve7jtb.com]


Sent: Monday, July 02, 2012 2:54 PM

To: Anthony Nadalin

Cc: Justin Richer; oauth@ietf.org

Subject: Re: [OAUTH-WG] New Text for Sec 3.2.1 & 4.1.3






 


The change to 4.1.3 requires the endpoint to process=
 it.  At least as much as the the text for the Confidential client is =
requiring it.




 






John B.






On 2012-07-02, at 5:45 PM, Anthony Nadalin wrote:















While the client may be f=
orced to provide the client_id there are no requirements for the endpoint t=
o process the client_id (or how that is done) so not sure
 what good the change actually does=







 










From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On
 Behalf Of Justin Ric=
her

Sent: Monday, July=
 02, 2012 8:32 AM

To: oauth@ietf.org

Subject: Re: [OAUT=
H-WG] New Text for Sec 3.2.1 & 4.1.3=











 =









I'm generally OK with th=
e change, though it does change One problem I have with this is that it can=
 give a false sense of security about the information being sent to the tok=
en endpoint and how trustworthy it is.
 A client_id is public knowledge, and so someone impersonating a client on =
the Authentication Endpoint could also impersonate it on the Token Endpoint=
 just as easily. This is not the attack that's being addressed here, and th=
e possible phishing vector in the
 one I'm describing is both well known and, I believe, well covered by the =
existing documents. However, I think the new text might confuse people into=
 conflating these two.



Basically, I think it needs to be made very clear, especially with this cha=
nge of text, that a client_id on its own should never be taken as sufficien=
t for authentication of the client. The context of the user's decision, amo=
ng other things, is as important
 as a client secret.



 -- Justin



On 07/02/2012 11:17 AM, Mike Jones wrote:










I believe we should adopt=
 this revised text.





 






    &=
nbsp;           &nbs=
p;            &=
nbsp;           &nbs=
p;            &=
nbsp;     -- Mike






 






From: oauth-bounc=
es@ietf.org [mailto:oauth-bounces@ietf.org] On
 Behalf Of John Bradl=
ey

Sent: Sunday, July=
 01, 2012 2:22 PM

To: oauth@ietf.org WG

Subject: [OAUTH-WG=
] New Text for Sec 3.2.1 & 4.1.3






 =







Sec 4.1.2 states:








 =









The authorizatio=
n code is bound to the client identifier and redirection URI.








 =













The security concern Sec=
 10.5 states












 =







   If =
the client can be authenticated, the authorization servers MUST


   authenticate the client and ensure that the authoriz=
ation code was


   issued to the same client.




 






Sec 3.2.1 





A public client =
that was not issued a client password MAY use the


   "client_id" request parameter to identify =
itself when sending

   requests to the token endpoint (e.g. for the purpose=
 of providing


   end-user context, client usage statistics).






 






Nothing in the current spec requires that a Public client send it=
's client_id or redirect_uri to the token endpoint.






The client _id is only sent if it is a confidential client capabl=
e of authenticating itself.






The redirect_uri is only sent if the 'redirect_uri' parameter was=
 included in the authorization request.<=
o:p>






If the client has one registered redirect_uri it would not be sen=
t to the authorization or token endpoint.






 






This leaves us with public clients using code flow that cannot de=
termine if a token was granted to them or some other public client.<=
span style=3D"color:black">






 






 






I propose changing Sec 3.2.1 to read:






 




A public client =
that was not issued a client password MUST use the


   "client_id" request parameter to identify =
itself when sending

   requests to the token endpoint. This allows the auth=
orization server =



   to =
ensure that the code was issued to the same client.  


   Sen=
ding "client_id" prevents the client from


   ina=
dvertently accepting a code intended for a client with a different


   &qu=
ot;client_id".




Also change Sec =
4.1.3 from:


o  authenti=
cate the client if client authentication is included and


      ensure the authorization code was =
issued to the authenticated


  &nbs=
p;   client,=






To:


o  authenti=
cate the client if client authentication is included,


o  ensure t=
he authorization code was issued to the authenticated 


  &nbs=
p;confidential client or to the public client identified by the


  'client_i=
d',




 






 




 





The Original tex=
t implies that it is a good idea to send it, but is unclear on what securit=
y it provides.





It is a small ch=
ange that should not brake existing implementations, but will increase secu=
rity for public clients using the code flow.





Regards


John B.







 =


















__________________________________________=
_____


OAuth mailing list


OAuth@ie=
tf.org


https://www.ietf.org/mailman/listinfo/oauth




 


_____________________________________=
__________

OAuth mailing list

OAuth@ietf.org

https://www.ietf.or=
g/mailman/listinfo/oauth






 








--_000_B26C1EF377CB694EAB6BDDC8E624B6E74F3C1665BL2PRD0310MB362_--

From ve7jtb@ve7jtb.com  Mon Jul  2 15:15:09 2012
Return-Path: 
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 751A611E80A6 for ; Mon,  2 Jul 2012 15:15:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.455
X-Spam-Level: 
X-Spam-Status: No, score=-3.455 tagged_above=-999 required=5 tests=[AWL=0.143,  BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RtwaxQbEvMxm for ; Mon,  2 Jul 2012 15:15:08 -0700 (PDT)
Received: from mail-yx0-f172.google.com (mail-yx0-f172.google.com [209.85.213.172]) by ietfa.amsl.com (Postfix) with ESMTP id DB53A11E8086 for ; Mon,  2 Jul 2012 15:15:07 -0700 (PDT)
Received: by yenq13 with SMTP id q13so5139939yen.31 for ; Mon, 02 Jul 2012 15:15:13 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=subject:mime-version:content-type:from:in-reply-to:date:cc :message-id:references:to:x-mailer:x-gm-message-state; bh=1YuKLmRe139tfAFG/EycVGZbE2eIpseDpmDOqzixnmg=; b=ZdMa1Vm4pNLtyKOQu0Y1X4pCEkL8Li0VQ8Pr7yJOphgAaWJ0WHznit9F5IQztmKLY9 IL0xn1XeuJivtpjucpb9w06DpzyWoG2swlMh4Gwfa0oOhlhpA0oxFKvI+KGo52yVPzYD LJPBFi7OUmSuonLRe7j3x54OLWxgHaLN0eceSwCnBtrTPVYBRlU6x6x9Fo9xuasZKU2D tw6xDpxTb8R3KkjMRJHez/6sTqKGBPhs/jk3mbg4Kk7ApunNNhF1Ovn2qYzqPib2BCKI l3QR/RlL4Km7YuTPB1WjtHtWzs8T3W1rVN44NF1kFFPehSZ7XpInoV/OmCCvEZK13FzR s+Og==
Received: by 10.236.186.103 with SMTP id v67mr18127348yhm.6.1341267313653; Mon, 02 Jul 2012 15:15:13 -0700 (PDT)
Received: from [192.168.1.211] (190-20-50-6.baf.movistar.cl. [190.20.50.6]) by mx.google.com with ESMTPS id y10sm27730817yha.4.2012.07.02.15.15.08 (version=TLSv1/SSLv3 cipher=OTHER); Mon, 02 Jul 2012 15:15:11 -0700 (PDT)
Mime-Version: 1.0 (Apple Message framework v1278)
Content-Type: multipart/signed; boundary="Apple-Mail=_A25658F1-4677-4820-89EB-514C6E03B5A2"; protocol="application/pkcs7-signature"; micalg=sha1
From: John Bradley 
In-Reply-To: 
Date: Mon, 2 Jul 2012 18:15:01 -0400
Message-Id: <294090E6-A1B9-47A5-A905-52F51DE34B5A@ve7jtb.com>
References: <65225399-494A-41B1-89EC-81B9EC22FE71@ve7jtb.com> <4E1F6AAD24975D4BA5B1680429673943665727AC@TK5EX14MBXC283.redmond.corp.microsoft.com> <4FF1BEFF.8040103@mitre.org>  
To: Anthony Nadalin 
X-Mailer: Apple Mail (2.1278)
X-Gm-Message-State: ALoCoQnakkWSecuaEZnwKfwLU3gH6WR4yS071igw07en3Wmk/sVl+NMDKspXkKkjnkhpXse+39JF
Cc: "oauth@ietf.org" 
Subject: Re: [OAUTH-WG] New Text for Sec 3.2.1 & 4.1.3
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG 
List-Unsubscribe: , 
List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: , 
X-List-Received-Date: Mon, 02 Jul 2012 22:15:09 -0000

--Apple-Mail=_A25658F1-4677-4820-89EB-514C6E03B5A2
Content-Type: multipart/alternative;
	boundary="Apple-Mail=_331B9993-1C54-430C-931C-9E3A34438A4B"


--Apple-Mail=_331B9993-1C54-430C-931C-9E3A34438A4B
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
	charset=us-ascii

Would this be clearer:

   ensure the authorization code was issued to the authenticated=20
   confidential client, or to the public client identified by the
  'client_id' in the request,

The intent is always that the code must be presented by the client to =
which it was issued.  That is acceded by authenticating the client in =
the confidential case and by inspecting the client_id in the public =
case.

Yes a client can always fake a client_id in the public case, so it is =
not intended to protect the protected resource, only the client from =
token substitution.

John B.



On 2012-07-02, at 6:02 PM, Anthony Nadalin wrote:

> I read 4.1.3 as the client_id just has to have been issued to a  (or =
any) public client
> =20
> From: John Bradley [mailto:ve7jtb@ve7jtb.com]=20
> Sent: Monday, July 02, 2012 2:54 PM
> To: Anthony Nadalin
> Cc: Justin Richer; oauth@ietf.org
> Subject: Re: [OAUTH-WG] New Text for Sec 3.2.1 & 4.1.3
> =20
> The change to 4.1.3 requires the endpoint to process it.  At least as =
much as the the text for the Confidential client is requiring it.
> =20
> John B.
> On 2012-07-02, at 5:45 PM, Anthony Nadalin wrote:
>=20
>=20
> While the client may be forced to provide the client_id there are no =
requirements for the endpoint to process the client_id (or how that is =
done) so not sure what good the change actually does
> =20
> From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On Behalf =
Of Justin Richer
> Sent: Monday, July 02, 2012 8:32 AM
> To: oauth@ietf.org
> Subject: Re: [OAUTH-WG] New Text for Sec 3.2.1 & 4.1.3
> =20
> I'm generally OK with the change, though it does change One problem I =
have with this is that it can give a false sense of security about the =
information being sent to the token endpoint and how trustworthy it is. =
A client_id is public knowledge, and so someone impersonating a client =
on the Authentication Endpoint could also impersonate it on the Token =
Endpoint just as easily. This is not the attack that's being addressed =
here, and the possible phishing vector in the one I'm describing is both =
well known and, I believe, well covered by the existing documents. =
However, I think the new text might confuse people into conflating these =
two.
>=20
> Basically, I think it needs to be made very clear, especially with =
this change of text, that a client_id on its own should never be taken =
as sufficient for authentication of the client. The context of the =
user's decision, among other things, is as important as a client secret.
>=20
>  -- Justin
>=20
> On 07/02/2012 11:17 AM, Mike Jones wrote:
> I believe we should adopt this revised text.
> =20
>                                                             -- Mike
> =20
> From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On Behalf =
Of John Bradley
> Sent: Sunday, July 01, 2012 2:22 PM
> To: oauth@ietf.org WG
> Subject: [OAUTH-WG] New Text for Sec 3.2.1 & 4.1.3
> =20
> Sec 4.1.2 states:
> =20
> The authorization code is bound to the client identifier and =
redirection URI.
> =20
> The security concern Sec 10.5 states
> =20
>    If the client can be authenticated, the authorization servers MUST
>    authenticate the client and ensure that the authorization code was
>    issued to the same client.
> =20
> Sec 3.2.1=20
> A public client that was not issued a client password MAY use the
>    "client_id" request parameter to identify itself when sending
>    requests to the token endpoint (e.g. for the purpose of providing
>    end-user context, client usage statistics).
> =20
> Nothing in the current spec requires that a Public client send it's =
client_id or redirect_uri to the token endpoint.
> The client _id is only sent if it is a confidential client capable of =
authenticating itself.
> The redirect_uri is only sent if the 'redirect_uri' parameter was =
included in the authorization request.
> If the client has one registered redirect_uri it would not be sent to =
the authorization or token endpoint.
> =20
> This leaves us with public clients using code flow that cannot =
determine if a token was granted to them or some other public client.
> =20
> =20
> I propose changing Sec 3.2.1 to read:
> =20
> A public client that was not issued a client password MUST use the
>    "client_id" request parameter to identify itself when sending
>    requests to the token endpoint. This allows the authorization =
server=20
>    to ensure that the code was issued to the same client. =20
>    Sending "client_id" prevents the client from
>    inadvertently accepting a code intended for a client with a =
different
>    "client_id".
>=20
> Also change Sec 4.1.3 from:
> o  authenticate the client if client authentication is included and
>       ensure the authorization code was issued to the authenticated
>       client,
>=20
> To:
> o  authenticate the client if client authentication is included,
> o  ensure the authorization code was issued to the authenticated=20
>    confidential client or to the public client identified by the
>   'client_id',
> =20
> =20
> =20
>=20
> The Original text implies that it is a good idea to send it, but is =
unclear on what security it provides.
>=20
> It is a small change that should not brake existing implementations, =
but will increase security for public clients using the code flow.
>=20
> Regards
> John B.
>=20
>=20
> =20
>=20
>=20
>=20
>=20
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth
> =20
>=20
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth


--Apple-Mail=_331B9993-1C54-430C-931C-9E3A34438A4B
Content-Transfer-Encoding: quoted-printable
Content-Type: text/html;
	charset=us-ascii

Would this be clearer:

   =
ensure the authorization code was issued to the authenticated =

  'client_id' in the =
request,

The =
intent is always that the code must be presented by the client to which =
it was issued.  That is acceded by authenticating the client in the =
confidential case and by inspecting the client_id in the public =
case.

Yes a client can always fake a client_id in the public =
case, so it is not intended to protect the protected resource, only the =
client from token substitution.

John B.



On =
2012-07-02, at 6:02 PM, Anthony Nadalin wrote:

I =
read 4.1.3 as the client_id just has to have been issued to a  (or =
any) public client
From: John Bradley =
[mailto:ve7jtb@ve7jtb.com] 
Sent: Monday, July 02, 2012 2:54 =
PM
To: Anthony=
 Nadalin
Cc: Justin Richer; oauth@ietf.org
Subject: Re: [OAUTH-WG] New Text for =
Sec 3.2.1 & 4.1.3
 
The change to 4.1.3 =
requires the endpoint to process it.  At least as much as the the =
text for the Confidential client is requiring =
it.
John =
B.
On 2012-07-02, at 5:45 =
PM, Anthony Nadalin wrote:
While =
the client may be forced to provide the client_id there are no =
requirements for the endpoint to process the client_id (or how that is =
done) so not sure what good the change actually does
 
 [mailto:oauth-bounces@ietf.org] On Behalf Of Justin =
Richer
Sent: Monday, July 02, 2012 8:32 =
AM
To: oauth@ietf.org
Subject: Re: [OAUTH-WG] New Text for =
Sec 3.2.1 & 4.1.3I'm generally OK with the change, though it =
does change One problem I have with this is that it can give a false =
sense of security about the information being sent to the token endpoint =
and how trustworthy it is. A client_id is public knowledge, and so =
someone impersonating a client on the Authentication Endpoint could also =
impersonate it on the Token Endpoint just as easily. This is not the =
attack that's being addressed here, and the possible phishing vector in =
the one I'm describing is both well known and, I believe, well covered =
by the existing documents. However, I think the new text might confuse =
people into conflating these two.

Basically, I think it needs to =
be made very clear, especially with this change of text, that a =
client_id on its own should never be taken as sufficient for =
authentication of the client. The context of the user's decision, among =
other things, is as important as a client secret.

 -- =
Justin

On 07/02/2012 11:17 AM, Mike Jones =
wrote:
I =
believe we should adopt this revised text.
 oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On Behalf Of John =
Bradley
Sent: Sunday, July 01, 2012 2:22 =
PM
To: oauth@ietf.org WG
Subject: [OAUTH-WG] New Text for Sec =
3.2.1 & 4.1.3 
Sec 4.1.2 =
states:
The =
authorization code is bound to the client identifier and redirection =
URI. 
The security concern Sec =
10.5 states
   authenticate the =
client and ensure that the authorization code was
   issued to =
the same client. 
Sec 3.2.1 A public client that was not =
issued a client password MAY use the   "client_id" =
request parameter to identify itself when sending
   requests =
to the token endpoint (e.g. for the purpose of providing
   end-user =
context, client usage statistics). 
Nothing in the current spec requires that a Public client send =
it's client_id or redirect_uri to the token endpoint.
The client _id is only sent if it is a confidential client =
capable of authenticating itself.The redirect_uri is only sent =
if the 'redirect_uri' parameter was included in the authorization =
request.If the client has one =
registered redirect_uri it would not be sent to the authorization or =
token endpoint. 
This leaves us with public clients using code flow that cannot =
determine if a token was granted to them or some other public =
client. 
 I propose changing Sec 3.2.1 =
to read: 
A =
public client that was not issued a client password MUST use =
the
   "client_id" request parameter to identify itself =
when sending   requests to the =
token endpoint. This allows the authorization server 
   =
"client_id".
o  authenticate the =
client if client authentication is included and
     =
 client,
o  ensure the =
authorization code was issued to the authenticated 
  =
'client_id', 
  

The =
Original text implies that it is a good idea to send it, but is unclear =
on what security it provides.
It =
is a small change that should not brake existing implementations, but =
will increase security for public clients using the code =
flow.
John B.


 
OAuth mailing =
list
OAuth@ietf.org
 
OAuth@ietf.org

Date: Tue, 03 Jul 2012 06:12:05 -0700
Cc: oauth@ietf.org
Subject: [OAUTH-WG] I-D Action: draft-ietf-oauth-saml2-bearer-13.txt
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG 
List-Unsubscribe: , 
List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: , 
X-List-Received-Date: Tue, 03 Jul 2012 13:12:07 -0000

A New Internet-Draft is available from the on-line Internet-Drafts director=
ies.
 This draft is a work item of the Web Authorization Protocol Working Group =
of the IETF.

	Title           : SAML 2.0 Bearer Assertion Profiles for OAuth 2.0
	Author(s)       : Brian Campbell
                          Chuck Mortimore
	Filename        : draft-ietf-oauth-saml2-bearer-13.txt
	Pages           : 17
	Date            : 2012-07-03

Abstract:
   This specification defines the use of a SAML 2.0 Bearer Assertion as
   a means for requesting an OAuth 2.0 access token as well as for use
   as a means of client authentication.


The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/doc/draft-ietf-oauth-saml2-bearer

There's also a htmlized version available at:
http://tools.ietf.org/html/draft-ietf-oauth-saml2-bearer-13

A diff from previous version is available at:
http://tools.ietf.org/rfcdiff?url2=3Ddraft-ietf-oauth-saml2-bearer-13


Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/


From bcampbell@pingidentity.com  Tue Jul  3 06:24:54 2012
Return-Path: 
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 47E9D21F87FB for ; Tue,  3 Jul 2012 06:24:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.987
X-Spam-Level: 
X-Spam-Status: No, score=-5.987 tagged_above=-999 required=5 tests=[AWL=-0.011, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kZxG4gzeLMkG for ; Tue,  3 Jul 2012 06:24:53 -0700 (PDT)
Received: from na3sys009aog108.obsmtp.com (na3sys009aog108.obsmtp.com [74.125.149.199]) by ietfa.amsl.com (Postfix) with ESMTP id DB76821F86C2 for ; Tue,  3 Jul 2012 06:24:52 -0700 (PDT)
Received: from mail-vc0-f173.google.com ([209.85.220.173]) (using TLSv1) by na3sys009aob108.postini.com ([74.125.148.12]) with SMTP ID DSNKT/Lyp7rRduoSuJ+XW8jh89rXflwlHekK@postini.com; Tue, 03 Jul 2012 06:25:01 PDT
Received: by vcbfo13 with SMTP id fo13so5563070vcb.18 for ; Tue, 03 Jul 2012 06:24:53 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type:x-gm-message-state; bh=AEayjSHkCDUFPqteyeDMlcBkgW3zKGGlURgiULnNG/s=; b=h0o9miFJmNVJL8+QSrhOTQxKsqVN+M1Em3Pcz3wpa60MpR/p44hII6/nWoqSm84UWH wxUHXuzn0C8dIMuf8hPS0q6T01ZvrWDQBCmQ0WnppFj4RTtYxryGLZ5FEIgqgNoCw8E1 QAz2aiD3jl8fBj6U+Wf3UyocXDWGUVKONJHQYbzwHkcNwoUaH2VagGbQMG+qFP79kRhe lrJPA+fv0Aqs08fld1epvBL6AdjhpzCF5zHoy0Hc+6amD07bWUMoT/tAZSaBbh34OLw3 UGpstggR8bvWYcOvSGMDQUZeRsziaFjDsFf28aIh1nNKmZtU98wCQtcuMWWHwZDjgmht LCuA==
Received: by 10.52.72.99 with SMTP id c3mr6843040vdv.54.1341321893218; Tue, 03 Jul 2012 06:24:53 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.52.34.107 with HTTP; Tue, 3 Jul 2012 06:24:22 -0700 (PDT)
In-Reply-To: <20120703131205.29999.93683.idtracker@ietfa.amsl.com>
References: <20120703131205.29999.93683.idtracker@ietfa.amsl.com>
From: Brian Campbell 
Date: Tue, 3 Jul 2012 07:24:22 -0600
Message-ID: 
To: oauth 
Content-Type: multipart/alternative; boundary=20cf3071c672f987e104c3ecd600
X-Gm-Message-State: ALoCoQk2xG3e/73o5Be/oZ83w7fMrHJROLGY4QHiEQFKzZu2eauQTSwhGI5x4rptMUJ9zWaxwbWM
Subject: [OAUTH-WG] Fwd:  I-D Action: draft-ietf-oauth-saml2-bearer-13.txt
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG 
List-Unsubscribe: , 
List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: , 
X-List-Received-Date: Tue, 03 Jul 2012 13:24:54 -0000

--20cf3071c672f987e104c3ecd600
Content-Type: text/plain; charset=ISO-8859-1

Draft -13 of the SAML 2.0 Bearer Assertion Profiles for OAuth 2.0 document
has been published. This draft includes only the minor changes listed below.

draft-ietf-oauth-saml2-bearer-13

   o  Update references: oauth-assertions-04, oauth-urn-sub-ns-05, oauth
      -28

   o  Changed "Description" to "Specification Document" in both
      registration requests in IANA Considerations per changes to the
      template in ietf-oauth-urn-sub-ns(-03)

   o  Added "(or an acceptable alias)" so that it's in both sentences
      about Recipient and the token endpoint URL so there's no ambiguity

   o  Update area and workgroup (now Security and OAuth was Internet and
nothing)

Thanks,
Brian

---------- Forwarded message ----------
From: 
Date: Tue, Jul 3, 2012 at 7:12 AM
Subject: [OAUTH-WG] I-D Action: draft-ietf-oauth-saml2-bearer-13.txt
To: i-d-announce@ietf.org
Cc: oauth@ietf.org



A New Internet-Draft is available from the on-line Internet-Drafts
directories.
 This draft is a work item of the Web Authorization Protocol Working Group
of the IETF.

        Title           : SAML 2.0 Bearer Assertion Profiles for OAuth 2.0
        Author(s)       : Brian Campbell
                          Chuck Mortimore
        Filename        : draft-ietf-oauth-saml2-bearer-13.txt
        Pages           : 17
        Date            : 2012-07-03

Abstract:
   This specification defines the use of a SAML 2.0 Bearer Assertion as
   a means for requesting an OAuth 2.0 access token as well as for use
   as a means of client authentication.


The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/doc/draft-ietf-oauth-saml2-bearer

There's also a htmlized version available at:
http://tools.ietf.org/html/draft-ietf-oauth-saml2-bearer-13

A diff from previous version is available at:
http://tools.ietf.org/rfcdiff?url2=draft-ietf-oauth-saml2-bearer-13


Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/

_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth

--20cf3071c672f987e104c3ecd600
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

Draft -13 of the SAML 2.0 Bearer Assertion Profiles for OAuth 2.0 document =
has been published. This draft includes only the minor changes listed below=
.

draft-ietf-oauth-saml2-bearer-13

=A0=A0 o=A0 Update referen=
ces: oauth-assertions-04, oauth-urn-sub-ns-05, oauth


=A0=A0=A0=A0=A0 -28

=A0=A0 o=A0 Changed "Description" to &=
quot;Specification Document" in both
=A0=A0=A0=A0=A0 registration r=
equests in IANA Considerations per changes to the
=A0=A0=A0=A0=A0 templa=
te in ietf-oauth-urn-sub-ns(-03)



=A0=A0 o=A0 Added "(or an acceptable alias)" so that it's=
 in both sentences
=A0=A0=A0=A0=A0 about Recipient and the token endpoin=
t URL so there's no ambiguity

=A0=A0 o=A0 Update area and workgr=
oup (now Security and OAuth was Internet and nothing)



Thanks,
Brian

---------- Forwarded=
 message ----------
From:  <internet-drafts@ie=
tf.org>


Date: Tue, Jul 3, 2012 at 7:12 AM
Subject: [OAUTH-WG] I-D Action: draft-=
ietf-oauth-saml2-bearer-13.txt
To: i-d-announce@ietf.org
Cc: oaut=
h@ietf.org






A New Internet-Draft is available from the on-line Internet-Drafts director=
ies.

=A0This draft is a work item of the Web Authorization Protocol Working Grou=
p of the IETF.



=A0 =A0 =A0 =A0 Title =A0 =A0 =A0 =A0 =A0 : SAML 2.0 Bearer Assertion Profi=
les for OAuth 2.0

=A0 =A0 =A0 =A0 Author(s) =A0 =A0 =A0 : Brian Campbell

=A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 Chuck Mortimore

=A0 =A0 =A0 =A0 Filename =A0 =A0 =A0 =A0: draft-ietf-oauth-saml2-bearer-13.=
txt

=A0 =A0 =A0 =A0 Pages =A0 =A0 =A0 =A0 =A0 : 17

=A0 =A0 =A0 =A0 Date =A0 =A0 =A0 =A0 =A0 =A0: 2012-07-03



Abstract:

=A0 =A0This specification defines the use of a SAML 2.0 Bearer Assertion as=


=A0 =A0a means for requesting an OAuth 2.0 access token as well as for use<=
br>
=A0 =A0as a means of client authentication.





The IETF datatracker status page for this draft is:

https://datatracker.ietf.org/doc/draft-ietf-oauth-saml2-b=
earer



There's also a htmlized version available at:

http://tools.ietf.org/html/draft-ietf-oauth-saml2-bearer-13<=
/a>



A diff from previous version is available at:

http://tools.ietf.org/rfcdiff?url2=3Ddraft-ietf-oa=
uth-saml2-bearer-13





Internet-Drafts are also available by anonymous FTP at:

ftp://ftp=
.ietf.org/internet-drafts/



_______________________________________________

OAuth mailing list

OAuth@ietf.org

h=
ttps://www.ietf.org/mailman/listinfo/oauth





--20cf3071c672f987e104c3ecd600--

From phil.hunt@oracle.com  Tue Jul  3 12:15:35 2012
Return-Path: 
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8EB2F11E8170 for ; Tue,  3 Jul 2012 12:15:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.304
X-Spam-Level: 
X-Spam-Status: No, score=-10.304 tagged_above=-999 required=5 tests=[AWL=0.295, BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zIl29PvLeAtp for ; Tue,  3 Jul 2012 12:15:34 -0700 (PDT)
Received: from rcsinet15.oracle.com (rcsinet15.oracle.com [148.87.113.117]) by ietfa.amsl.com (Postfix) with ESMTP id 8C4D611E80CB for ; Tue,  3 Jul 2012 12:15:32 -0700 (PDT)
Received: from ucsinet21.oracle.com (ucsinet21.oracle.com [156.151.31.93]) by rcsinet15.oracle.com (Sentrion-MTA-4.2.2/Sentrion-MTA-4.2.2) with ESMTP id q63JFeAn019229 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK) for ; Tue, 3 Jul 2012 19:15:40 GMT
Received: from acsmt358.oracle.com (acsmt358.oracle.com [141.146.40.158]) by ucsinet21.oracle.com (8.14.4+Sun/8.14.4) with ESMTP id q63JFddu025624 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Tue, 3 Jul 2012 19:15:39 GMT
Received: from abhmt116.oracle.com (abhmt116.oracle.com [141.146.116.68]) by acsmt358.oracle.com (8.12.11.20060308/8.12.11) with ESMTP id q63JFdga016974 for ; Tue, 3 Jul 2012 14:15:39 -0500
Received: from [192.168.1.8] (/174.7.250.104) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Tue, 03 Jul 2012 12:15:39 -0700
From: Phil Hunt 
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: quoted-printable
Date: Tue, 3 Jul 2012 12:15:38 -0700
Message-Id: 
To: "oauth@ietf.org WG" 
Mime-Version: 1.0 (Apple Message framework v1278)
X-Mailer: Apple Mail (2.1278)
X-Source-IP: ucsinet21.oracle.com [156.151.31.93]
Subject: [OAUTH-WG] Clarification enhancement for saml2 bearer spec
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG 
List-Unsubscribe: , 
List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: , 
X-List-Received-Date: Tue, 03 Jul 2012 19:15:35 -0000

I have had a couple developers get confused by sections 2.1 and 2.2 of =
the spec. What seems to be happening is they read them as distinct =
complete flows rather then considering the core spec still applies.

In the case of 2.1, "Using SAML Assertions as Authorization Grants" they =
forget that a client credential is also needed and only specify the SAML =
authorization assuming it includes both (which may or may not be =
intended).

In the case of 2.2, "Using SAML Assertions for Client Authentication", =
they are not making the link that the client authentication may be used =
in connection with any of the OAuth flows. They are instead treating =
this as a new flow. IOW they forget to add the grant_type parameter.

It might be helpful to include complete examples for each of 2.1 and 2.2 =
to clarify.

Phil

@independentid
www.independentid.com
phil.hunt@oracle.com






From bcampbell@pingidentity.com  Tue Jul  3 14:12:59 2012
Return-Path: 
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 648F711E80A3 for ; Tue,  3 Jul 2012 14:12:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.987
X-Spam-Level: 
X-Spam-Status: No, score=-5.987 tagged_above=-999 required=5 tests=[AWL=-0.010, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XYZ66ANO7OqE for ; Tue,  3 Jul 2012 14:12:58 -0700 (PDT)
Received: from na3sys009aog111.obsmtp.com (na3sys009aog111.obsmtp.com [74.125.149.205]) by ietfa.amsl.com (Postfix) with ESMTP id A681521F8759 for ; Tue,  3 Jul 2012 14:12:57 -0700 (PDT)
Received: from mail-vc0-f174.google.com ([209.85.220.174]) (using TLSv1) by na3sys009aob111.postini.com ([74.125.148.12]) with SMTP ID DSNKT/NgYv6S5QZu7XewnpwvZBkhbboVgz77@postini.com; Tue, 03 Jul 2012 14:13:06 PDT
Received: by vcbf11 with SMTP id f11so4511906vcb.19 for ; Tue, 03 Jul 2012 14:13:05 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type:content-transfer-encoding:x-gm-message-state; bh=HMw418XJmIfSS0Cm26fZwnBmBht2G2OrNtbVDjnqgBc=; b=MoDlF4ZF3TK0XORvzuEeDs99bXqvhLEdPRU7SGGp92l/gVc2mg9Z6yhPN1o3BHNKSm BSPeakdTVDZLQmEfJFwls8xBLDzLoOEuHsxVqXBkzvP0UjoIlrBLqIWWOne0NaaH5bx9 YHUYVstoKj+jmpgI1Zri0OHjWN81f87Xw8m3BZUcQqaSrofbeLXboJUZKlbPWQ6iz2Az sBfKVWiDqdXT6sr/nuInrVPFZKrl/zd6EZxBfhm8/RUJMC+pyHScN8RfzCsQnRNZcfy3 1n95o+EBdD+RA47ZtRzv9ESvPJfivY7wiWfzcGw4KidO6LLMZMEC9sak5VLNqRrenSfF Dk6Q==
Received: by 10.52.28.71 with SMTP id z7mr7476243vdg.105.1341349985404; Tue, 03 Jul 2012 14:13:05 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.52.34.107 with HTTP; Tue, 3 Jul 2012 14:12:35 -0700 (PDT)
In-Reply-To: 
References: 
From: Brian Campbell 
Date: Tue, 3 Jul 2012 15:12:35 -0600
Message-ID: 
To: Phil Hunt 
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
X-Gm-Message-State: ALoCoQn2NEYMs2DAfkhKWpqNUUathW07LfINJOCQnlrIbJze0yH/yrvixQTxofw8gnY84VXNw/5x
Cc: "oauth@ietf.org WG" 
Subject: Re: [OAUTH-WG] Clarification enhancement for saml2 bearer spec
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG 
List-Unsubscribe: , 
List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: , 
X-List-Received-Date: Tue, 03 Jul 2012 21:12:59 -0000

Thanks for the feedback Phil.

In the case of =A72.1, "Using SAML Assertions as Authorization Grants"
the intent was to allow for such a SAML grant to be used with or
without client authentication. Whether or not client authentication is
required (and what type of authentication) would be a
deployment/policy decision of the AS. But both are possible from the
spec.

In the case of =A72.2, "Using SAML Assertions for Client
Authentication", yes it's just providing an alternative method of
client authentication beyond what's specified in =A72.3 of core. It
doesn't really do anything on its own and must be used in conjunction
with the grant_type parameter.

I'll take a stab at some clarifying text and/or examples for those
points of confusion. Suggestions are, of course, welcome too.

On Tue, Jul 3, 2012 at 1:15 PM, Phil Hunt  wrote:
> I have had a couple developers get confused by sections 2.1 and 2.2 of th=
e spec. What seems to be happening is they read them as distinct complete f=
lows rather then considering the core spec still applies.
>
> In the case of 2.1, "Using SAML Assertions as Authorization Grants" they =
forget that a client credential is also needed and only specify the SAML au=
thorization assuming it includes both (which may or may not be intended).
>
> In the case of 2.2, "Using SAML Assertions for Client Authentication", th=
ey are not making the link that the client authentication may be used in co=
nnection with any of the OAuth flows. They are instead treating this as a n=
ew flow. IOW they forget to add the grant_type parameter.
>
> It might be helpful to include complete examples for each of 2.1 and 2.2 =
to clarify.
>
> Phil
>
> @independentid
> www.independentid.com
> phil.hunt@oracle.com
>
>
>
>
>
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth

From bcampbell@pingidentity.com  Tue Jul  3 14:42:02 2012
Return-Path: 
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 05FA311E8073 for ; Tue,  3 Jul 2012 14:42:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.987
X-Spam-Level: 
X-Spam-Status: No, score=-5.987 tagged_above=-999 required=5 tests=[AWL=-0.010, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZiZiikRkWzpo for ; Tue,  3 Jul 2012 14:42:00 -0700 (PDT)
Received: from na3sys009aog124.obsmtp.com (na3sys009aog124.obsmtp.com [74.125.149.151]) by ietfa.amsl.com (Postfix) with ESMTP id 5D75F11E809C for ; Tue,  3 Jul 2012 14:42:00 -0700 (PDT)
Received: from mail-vc0-f180.google.com ([209.85.220.180]) (using TLSv1) by na3sys009aob124.postini.com ([74.125.148.12]) with SMTP ID DSNKT/NnLtoBkf8ostJ1gOXJEaSew8dWuhZA@postini.com; Tue, 03 Jul 2012 14:42:09 PDT
Received: by vcbfk26 with SMTP id fk26so6517417vcb.39 for ; Tue, 03 Jul 2012 14:42:05 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type:x-gm-message-state; bh=ihaOHaTiQ+lbXRzR667ewtx/FDr3ScMWvSFFcIG2kdA=; b=Teufbm689lxyeYOjAOkCldsFzD4uVxzunADXsXswZmvcuVmFZiDglrPdsnU3CFMAIR 7E90axT1nbH90jZJcvdemmmHabooovqUmOReTHahu3gAuUp+6h10z6bOFvcl6otqCJ9G bLcECvnqs+npWZXhLgOBFN0zzw/kKk66LKlrZmE524mCCYB3cQSnnOYlUZQ5AGeOVGrH qVsjH8fOxm2Z8VUB8CKKDeCYxS7gHMObWfVxct+38XwHCYeEZvMfPM6K+QB9QvleL1Uq Mt9rVZ1jDSGX+NXJw6ymDVA96BK4MvPV4+XY2Q/mmG8TlgcrjaJ63W4yyitrEMv3E5hR WZbg==
Received: by 10.52.174.52 with SMTP id bp20mr7517712vdc.29.1341351725559; Tue, 03 Jul 2012 14:42:05 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.52.34.107 with HTTP; Tue, 3 Jul 2012 14:41:35 -0700 (PDT)
In-Reply-To: <294090E6-A1B9-47A5-A905-52F51DE34B5A@ve7jtb.com>
References: <65225399-494A-41B1-89EC-81B9EC22FE71@ve7jtb.com> <4E1F6AAD24975D4BA5B1680429673943665727AC@TK5EX14MBXC283.redmond.corp.microsoft.com> <4FF1BEFF.8040103@mitre.org>   <294090E6-A1B9-47A5-A905-52F51DE34B5A@ve7jtb.com>
From: Brian Campbell 
Date: Tue, 3 Jul 2012 15:41:35 -0600
Message-ID: 
To: John Bradley 
Content-Type: text/plain; charset=ISO-8859-1
X-Gm-Message-State: ALoCoQlXGf7Ezj2jFdh/hQDVaYhWqebpNA7/HSk3scHk3ORAbWHSRZb3aI+rJPh7go/kiAmV4tbK
Cc: "oauth@ietf.org" 
Subject: Re: [OAUTH-WG] New Text for Sec 3.2.1 & 4.1.3
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG 
List-Unsubscribe: , 
List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: , 
X-List-Received-Date: Tue, 03 Jul 2012 21:42:02 -0000

That seems clear enough.

Perhaps also saying something along the lines of your last sentence
(saying that including the client_id only protects the client from
substitution of the authorization code) would help address the concern
Justin raised?

On Mon, Jul 2, 2012 at 4:15 PM, John Bradley  wrote:
> Would this be clearer:
>
>    ensure the authorization code was issued to the authenticated
>
>    confidential client, or to the public client identified by the
>
>   'client_id' in the request,
>
>
> The intent is always that the code must be presented by the client to which
> it was issued.  That is acceded by authenticating the client in the
> confidential case and by inspecting the client_id in the public case.
>
>
> Yes a client can always fake a client_id in the public case, so it is not
> intended to protect the protected resource, only the client from token
> substitution.
>
>
> John B.
>
>
>
>
> On 2012-07-02, at 6:02 PM, Anthony Nadalin wrote:
>
> I read 4.1.3 as the client_id just has to have been issued to a  (or any)
> public client
>
> From: John Bradley [mailto:ve7jtb@ve7jtb.com]
> Sent: Monday, July 02, 2012 2:54 PM
> To: Anthony Nadalin
> Cc: Justin Richer; oauth@ietf.org
> Subject: Re: [OAUTH-WG] New Text for Sec 3.2.1 & 4.1.3
>
> The change to 4.1.3 requires the endpoint to process it.  At least as much
> as the the text for the Confidential client is requiring it.
>
> John B.
> On 2012-07-02, at 5:45 PM, Anthony Nadalin wrote:
>
>
> While the client may be forced to provide the client_id there are no
> requirements for the endpoint to process the client_id (or how that is done)
> so not sure what good the change actually does
>
> From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On Behalf Of
> Justin Richer
> Sent: Monday, July 02, 2012 8:32 AM
> To: oauth@ietf.org
> Subject: Re: [OAUTH-WG] New Text for Sec 3.2.1 & 4.1.3
>
> I'm generally OK with the change, though it does change One problem I have
> with this is that it can give a false sense of security about the
> information being sent to the token endpoint and how trustworthy it is. A
> client_id is public knowledge, and so someone impersonating a client on the
> Authentication Endpoint could also impersonate it on the Token Endpoint just
> as easily. This is not the attack that's being addressed here, and the
> possible phishing vector in the one I'm describing is both well known and, I
> believe, well covered by the existing documents. However, I think the new
> text might confuse people into conflating these two.
>
> Basically, I think it needs to be made very clear, especially with this
> change of text, that a client_id on its own should never be taken as
> sufficient for authentication of the client. The context of the user's
> decision, among other things, is as important as a client secret.
>
>  -- Justin
>
> On 07/02/2012 11:17 AM, Mike Jones wrote:
>
> I believe we should adopt this revised text.
>
>                                                             -- Mike
>
> From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On Behalf Of
> John Bradley
> Sent: Sunday, July 01, 2012 2:22 PM
> To: oauth@ietf.org WG
> Subject: [OAUTH-WG] New Text for Sec 3.2.1 & 4.1.3
>
> Sec 4.1.2 states:
>
>
> The authorization code is bound to the client identifier and redirection
> URI.
>
>
> The security concern Sec 10.5 states
>
>
>    If the client can be authenticated, the authorization servers MUST
>
>    authenticate the client and ensure that the authorization code was
>
>    issued to the same client.
>
>
>
> Sec 3.2.1
>
> A public client that was not issued a client password MAY use the
>
>    "client_id" request parameter to identify itself when sending
>
>    requests to the token endpoint (e.g. for the purpose of providing
>
>    end-user context, client usage statistics).
>
>
>
> Nothing in the current spec requires that a Public client send it's
> client_id or redirect_uri to the token endpoint.
>
> The client _id is only sent if it is a confidential client capable of
> authenticating itself.
>
> The redirect_uri is only sent if the 'redirect_uri' parameter was included
> in the authorization request.
>
> If the client has one registered redirect_uri it would not be sent to the
> authorization or token endpoint.
>
>
>
> This leaves us with public clients using code flow that cannot determine if
> a token was granted to them or some other public client.
>
>
>
>
>
> I propose changing Sec 3.2.1 to read:
>
>
>
> A public client that was not issued a client password MUST use the
>
>    "client_id" request parameter to identify itself when sending
>
>    requests to the token endpoint. This allows the authorization server
>
>    to ensure that the code was issued to the same client.
>
>    Sending "client_id" prevents the client from
>
>    inadvertently accepting a code intended for a client with a different
>
>    "client_id".
>
>
> Also change Sec 4.1.3 from:
>
> o  authenticate the client if client authentication is included and
>
>       ensure the authorization code was issued to the authenticated
>
>       client,
>
>
> To:
>
> o  authenticate the client if client authentication is included,
>
> o  ensure the authorization code was issued to the authenticated
>
>    confidential client or to the public client identified by the
>
>   'client_id',
>
>
>
>
>
>
>
>
> The Original text implies that it is a good idea to send it, but is unclear
> on what security it provides.
>
>
> It is a small change that should not brake existing implementations, but
> will increase security for public clients using the code flow.
>
>
> Regards
>
> John B.
>
>
>
>
>
>
>
>
> _______________________________________________
>
> OAuth mailing list
>
> OAuth@ietf.org
>
> https://www.ietf.org/mailman/listinfo/oauth
>
>
>
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth
>
>
>
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth
>

From phil.hunt@oracle.com  Tue Jul  3 14:47:27 2012
Return-Path: 
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 180FC11E8150 for ; Tue,  3 Jul 2012 14:47:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.315
X-Spam-Level: 
X-Spam-Status: No, score=-10.315 tagged_above=-999 required=5 tests=[AWL=0.284, BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QxUroYT0QA8H for ; Tue,  3 Jul 2012 14:47:26 -0700 (PDT)
Received: from acsinet15.oracle.com (acsinet15.oracle.com [141.146.126.227]) by ietfa.amsl.com (Postfix) with ESMTP id 7445E11E814F for ; Tue,  3 Jul 2012 14:47:26 -0700 (PDT)
Received: from ucsinet21.oracle.com (ucsinet21.oracle.com [156.151.31.93]) by acsinet15.oracle.com (Sentrion-MTA-4.2.2/Sentrion-MTA-4.2.2) with ESMTP id q63LlW0E023089 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Tue, 3 Jul 2012 21:47:33 GMT
Received: from acsmt358.oracle.com (acsmt358.oracle.com [141.146.40.158]) by ucsinet21.oracle.com (8.14.4+Sun/8.14.4) with ESMTP id q63LlVRF026588 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 3 Jul 2012 21:47:32 GMT
Received: from abhmt102.oracle.com (abhmt102.oracle.com [141.146.116.54]) by acsmt358.oracle.com (8.12.11.20060308/8.12.11) with ESMTP id q63LlVGA012654; Tue, 3 Jul 2012 16:47:31 -0500
Received: from [192.168.1.8] (/174.7.250.104) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Tue, 03 Jul 2012 14:47:31 -0700
Mime-Version: 1.0 (Apple Message framework v1278)
Content-Type: text/plain; charset=iso-8859-1
From: Phil Hunt 
In-Reply-To: 
Date: Tue, 3 Jul 2012 14:47:29 -0700
Content-Transfer-Encoding: quoted-printable
Message-Id: <6CC027AE-A714-4938-9D96-6B46B4F76E2A@oracle.com>
References:  
To: Brian Campbell 
X-Mailer: Apple Mail (2.1278)
X-Source-IP: ucsinet21.oracle.com [156.151.31.93]
Cc: "oauth@ietf.org WG" 
Subject: Re: [OAUTH-WG] Clarification enhancement for saml2 bearer spec
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG 
List-Unsubscribe: , 
List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: , 
X-List-Received-Date: Tue, 03 Jul 2012 21:47:27 -0000

Phil

@independentid
www.independentid.com
phil.hunt@oracle.com





On 2012-07-03, at 2:12 PM, Brian Campbell wrote:

> Thanks for the feedback Phil.
>=20
> In the case of =A72.1, "Using SAML Assertions as Authorization Grants"
> the intent was to allow for such a SAML grant to be used with or
> without client authentication. Whether or not client authentication is
> required (and what type of authentication) would be a
> deployment/policy decision of the AS. But both are possible from the
> spec.
>=20
Yes. This makes sense. However in light of the recent discussion about =
bearer codes and tokens I'm a little more nervous of convolving the =
grant and client authentication together. It's really the token server =
that should properly authenticate the client and obscuring that act by =
combining in a single grant may serve to confuse. There is also the =
issue of offering too many choices.

Just an opinion, but I can live with your suggestion that grant can be =
used alone.=20

> In the case of =A72.2, "Using SAML Assertions for Client
> Authentication", yes it's just providing an alternative method of
> client authentication beyond what's specified in =A72.3 of core. It
> doesn't really do anything on its own and must be used in conjunction
> with the grant_type parameter.
>=20
> I'll take a stab at some clarifying text and/or examples for those
> points of confusion. Suggestions are, of course, welcome too.

Works for me.
>=20
> On Tue, Jul 3, 2012 at 1:15 PM, Phil Hunt  =
wrote:
>> I have had a couple developers get confused by sections 2.1 and 2.2 =
of the spec. What seems to be happening is they read them as distinct =
complete flows rather then considering the core spec still applies.
>>=20
>> In the case of 2.1, "Using SAML Assertions as Authorization Grants" =
they forget that a client credential is also needed and only specify the =
SAML authorization assuming it includes both (which may or may not be =
intended).
>>=20
>> In the case of 2.2, "Using SAML Assertions for Client =
Authentication", they are not making the link that the client =
authentication may be used in connection with any of the OAuth flows. =
They are instead treating this as a new flow. IOW they forget to add the =
grant_type parameter.
>>=20
>> It might be helpful to include complete examples for each of 2.1 and =
2.2 to clarify.
>>=20
>> Phil
>>=20
>> @independentid
>> www.independentid.com
>> phil.hunt@oracle.com
>>=20
>>=20
>>=20
>>=20
>>=20
>> _______________________________________________
>> OAuth mailing list
>> OAuth@ietf.org
>> https://www.ietf.org/mailman/listinfo/oauth


From torsten@lodderstedt.net  Wed Jul  4 09:31:22 2012
Return-Path: 
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 413FD21F872A for ; Wed,  4 Jul 2012 09:31:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.005
X-Spam-Level: 
X-Spam-Status: No, score=-2.005 tagged_above=-999 required=5 tests=[AWL=0.244,  BAYES_00=-2.599, HELO_EQ_DE=0.35]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 501sURLzQ55w for ; Wed,  4 Jul 2012 09:31:21 -0700 (PDT)
Received: from smtprelay04.ispgateway.de (smtprelay04.ispgateway.de [80.67.31.27]) by ietfa.amsl.com (Postfix) with ESMTP id 0C22821F877B for ; Wed,  4 Jul 2012 09:31:20 -0700 (PDT)
Received: from [79.253.28.237] (helo=[192.168.71.42]) by smtprelay04.ispgateway.de with esmtpsa (TLSv1:AES256-SHA:256) (Exim 4.68) (envelope-from ) id 1SmSUE-0006V0-3V; Wed, 04 Jul 2012 18:31:30 +0200
Message-ID: <4FF46FD6.9070100@lodderstedt.net>
Date: Wed, 04 Jul 2012 18:31:18 +0200
From: Torsten Lodderstedt 
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:13.0) Gecko/20120614 Thunderbird/13.0.1
MIME-Version: 1.0
To: Brian Campbell 
References: <65225399-494A-41B1-89EC-81B9EC22FE71@ve7jtb.com> <4E1F6AAD24975D4BA5B1680429673943665727AC@TK5EX14MBXC283.redmond.corp.microsoft.com> <4FF1BEFF.8040103@mitre.org>   <294090E6-A1B9-47A5-A905-52F51DE34B5A@ve7jtb.com> 
In-Reply-To: 
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Df-Sender: dG9yc3RlbkBsb2RkZXJzdGVkdC1vbmxpbmUuZGU=
Cc: "oauth@ietf.org" 
Subject: Re: [OAUTH-WG] New Text for Sec 3.2.1 & 4.1.3
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG 
List-Unsubscribe: , 
List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: , 
X-List-Received-Date: Wed, 04 Jul 2012 16:31:22 -0000

Am 03.07.2012 23:41, schrieb Brian Campbell:
> That seems clear enough.
>
> Perhaps also saying something along the lines of your last sentence
> (saying that including the client_id only protects the client from
> substitution of the authorization code) would help address the concern
> Justin raised?

+1

I basically support John's proposal but would also propose to explain 
the rationale.

regards,
Torsten.

>
> On Mon, Jul 2, 2012 at 4:15 PM, John Bradley  wrote:
>> Would this be clearer:
>>
>>     ensure the authorization code was issued to the authenticated
>>
>>     confidential client, or to the public client identified by the
>>
>>    'client_id' in the request,
>>
>>
>> The intent is always that the code must be presented by the client to which
>> it was issued.  That is acceded by authenticating the client in the
>> confidential case and by inspecting the client_id in the public case.
>>
>>
>> Yes a client can always fake a client_id in the public case, so it is not
>> intended to protect the protected resource, only the client from token
>> substitution.
>>
>>
>> John B.
>>
>>
>>
>>
>> On 2012-07-02, at 6:02 PM, Anthony Nadalin wrote:
>>
>> I read 4.1.3 as the client_id just has to have been issued to a  (or any)
>> public client
>>
>> From: John Bradley [mailto:ve7jtb@ve7jtb.com]
>> Sent: Monday, July 02, 2012 2:54 PM
>> To: Anthony Nadalin
>> Cc: Justin Richer; oauth@ietf.org
>> Subject: Re: [OAUTH-WG] New Text for Sec 3.2.1 & 4.1.3
>>
>> The change to 4.1.3 requires the endpoint to process it.  At least as much
>> as the the text for the Confidential client is requiring it.
>>
>> John B.
>> On 2012-07-02, at 5:45 PM, Anthony Nadalin wrote:
>>
>>
>> While the client may be forced to provide the client_id there are no
>> requirements for the endpoint to process the client_id (or how that is done)
>> so not sure what good the change actually does
>>
>> From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On Behalf Of
>> Justin Richer
>> Sent: Monday, July 02, 2012 8:32 AM
>> To: oauth@ietf.org
>> Subject: Re: [OAUTH-WG] New Text for Sec 3.2.1 & 4.1.3
>>
>> I'm generally OK with the change, though it does change One problem I have
>> with this is that it can give a false sense of security about the
>> information being sent to the token endpoint and how trustworthy it is. A
>> client_id is public knowledge, and so someone impersonating a client on the
>> Authentication Endpoint could also impersonate it on the Token Endpoint just
>> as easily. This is not the attack that's being addressed here, and the
>> possible phishing vector in the one I'm describing is both well known and, I
>> believe, well covered by the existing documents. However, I think the new
>> text might confuse people into conflating these two.
>>
>> Basically, I think it needs to be made very clear, especially with this
>> change of text, that a client_id on its own should never be taken as
>> sufficient for authentication of the client. The context of the user's
>> decision, among other things, is as important as a client secret.
>>
>>   -- Justin
>>
>> On 07/02/2012 11:17 AM, Mike Jones wrote:
>>
>> I believe we should adopt this revised text.
>>
>>                                                              -- Mike
>>
>> From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On Behalf Of
>> John Bradley
>> Sent: Sunday, July 01, 2012 2:22 PM
>> To: oauth@ietf.org WG
>> Subject: [OAUTH-WG] New Text for Sec 3.2.1 & 4.1.3
>>
>> Sec 4.1.2 states:
>>
>>
>> The authorization code is bound to the client identifier and redirection
>> URI.
>>
>>
>> The security concern Sec 10.5 states
>>
>>
>>     If the client can be authenticated, the authorization servers MUST
>>
>>     authenticate the client and ensure that the authorization code was
>>
>>     issued to the same client.
>>
>>
>>
>> Sec 3.2.1
>>
>> A public client that was not issued a client password MAY use the
>>
>>     "client_id" request parameter to identify itself when sending
>>
>>     requests to the token endpoint (e.g. for the purpose of providing
>>
>>     end-user context, client usage statistics).
>>
>>
>>
>> Nothing in the current spec requires that a Public client send it's
>> client_id or redirect_uri to the token endpoint.
>>
>> The client _id is only sent if it is a confidential client capable of
>> authenticating itself.
>>
>> The redirect_uri is only sent if the 'redirect_uri' parameter was included
>> in the authorization request.
>>
>> If the client has one registered redirect_uri it would not be sent to the
>> authorization or token endpoint.
>>
>>
>>
>> This leaves us with public clients using code flow that cannot determine if
>> a token was granted to them or some other public client.
>>
>>
>>
>>
>>
>> I propose changing Sec 3.2.1 to read:
>>
>>
>>
>> A public client that was not issued a client password MUST use the
>>
>>     "client_id" request parameter to identify itself when sending
>>
>>     requests to the token endpoint. This allows the authorization server
>>
>>     to ensure that the code was issued to the same client.
>>
>>     Sending "client_id" prevents the client from
>>
>>     inadvertently accepting a code intended for a client with a different
>>
>>     "client_id".
>>
>>
>> Also change Sec 4.1.3 from:
>>
>> o  authenticate the client if client authentication is included and
>>
>>        ensure the authorization code was issued to the authenticated
>>
>>        client,
>>
>>
>> To:
>>
>> o  authenticate the client if client authentication is included,
>>
>> o  ensure the authorization code was issued to the authenticated
>>
>>     confidential client or to the public client identified by the
>>
>>    'client_id',
>>
>>
>>
>>
>>
>>
>>
>>
>> The Original text implies that it is a good idea to send it, but is unclear
>> on what security it provides.
>>
>>
>> It is a small change that should not brake existing implementations, but
>> will increase security for public clients using the code flow.
>>
>>
>> Regards
>>
>> John B.
>>
>>
>>
>>
>>
>>
>>
>>
>> _______________________________________________
>>
>> OAuth mailing list
>>
>> OAuth@ietf.org
>>
>> https://www.ietf.org/mailman/listinfo/oauth
>>
>>
>>
>> _______________________________________________
>> OAuth mailing list
>> OAuth@ietf.org
>> https://www.ietf.org/mailman/listinfo/oauth
>>
>>
>>
>> _______________________________________________
>> OAuth mailing list
>> OAuth@ietf.org
>> https://www.ietf.org/mailman/listinfo/oauth
>>
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth



From torsten@lodderstedt.net  Wed Jul  4 10:31:12 2012
Return-Path: 
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B2F1921F876F for ; Wed,  4 Jul 2012 10:31:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.895
X-Spam-Level: 
X-Spam-Status: No, score=-1.895 tagged_above=-999 required=5 tests=[AWL=0.053,  BAYES_00=-2.599, HELO_EQ_DE=0.35, HTML_MESSAGE=0.001, MIME_8BIT_HEADER=0.3]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Yoh1U5lBvGBX for ; Wed,  4 Jul 2012 10:31:12 -0700 (PDT)
Received: from smtprelay02.ispgateway.de (smtprelay02.ispgateway.de [80.67.31.25]) by ietfa.amsl.com (Postfix) with ESMTP id D790A21F8762 for ; Wed,  4 Jul 2012 10:31:11 -0700 (PDT)
Received: from [79.253.28.237] (helo=[192.168.71.42]) by smtprelay02.ispgateway.de with esmtpsa (TLSv1:AES256-SHA:256) (Exim 4.68) (envelope-from ) id 1SmTQ9-0001R1-Qf; Wed, 04 Jul 2012 19:31:21 +0200
Message-ID: <4FF47DDD.3010904@lodderstedt.net>
Date: Wed, 04 Jul 2012 19:31:09 +0200
From: Torsten Lodderstedt 
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:13.0) Gecko/20120614 Thunderbird/13.0.1
MIME-Version: 1.0
To: =?ISO-8859-1?Q?J=E9r=F4me_LELEU?= 
References: 
In-Reply-To: 
Content-Type: multipart/alternative; boundary="------------070104080701010803040506"
X-Df-Sender: dG9yc3RlbkBsb2RkZXJzdGVkdC1vbmxpbmUuZGU=
Cc: oauth@ietf.org
Subject: Re: [OAUTH-WG] Authorization request errors
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG 
List-Unsubscribe: , 
List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: , 
X-List-Received-Date: Wed, 04 Jul 2012 17:31:12 -0000

This is a multi-part message in MIME format.
--------------070104080701010803040506
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 8bit

Hi Jerome,

I read the introduction of 4.1.2.1 as follows: The authorization server 
shall display an error message to the end-user. So no HTTP error code 
required.

best regards,
Torsten.

Am 21.06.2012 21:40, schrieb Jérôme LELEU:
> Hi,
>
> I'm trying to implement OAuth 2.0 provider support and, in particular, 
> right handling of errors.
>
> Following OAuth 2.0 spec : 
> http://tools.ietf.org/html/draft-ietf-oauth-v2-28, I don't understand 
> the authorization request errors : part 4.1.2.1.
> If I have a valid redirection url, I understand that an error should 
> be returned with GET parameters (error, error_description...) in the 
> redirected url as shown in example.
> But in case of invalid redirection url or unknown client_id (which 
> makes validation of redirection url impossible), what http code should 
> I return ? 500 ? 400 ? What should be the format of the error message 
> ? Json ? plaintext ? like a POST body ?
>
> I'm certainly misunderstanding OAuth spec, but I would appreciate any 
> help.
> Thanks.
> Best regards,
> Jérôme
>
>
>
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth



--------------070104080701010803040506
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit


  
    
  
  
    Hi Jerome,

    

    I read the introduction of 4.1.2.1 as follows: The authorization
    server shall display an error message to the end-user. So no HTTP
    error code required.

    

    best regards,

    Torsten.

    

    
Am 21.06.2012 21:40, schrieb Jérôme
      LELEU:

    

    
Hi,
      


      

      
I'm trying to implement OAuth 2.0 provider support and, in
        particular, right handling of errors.

      


      

      
Following OAuth 2.0 spec : http://tools.ietf.org/html/draft-ietf-oauth-v2-28,
        I don't understand the authorization request errors : part
        4.1.2.1.

      
If I have a valid redirection url, I understand that an error
        should be returned with GET parameters (error,
        error_description...) in the redirected url as shown in example.

      
But in case of invalid redirection url or unknown client_id
        (which makes validation of redirection url impossible), what
        http code should I return ? 500 ? 400 ? What should be the
        format of the error message ? Json ? plaintext ? like a POST
        body ?

      


      

      
I'm certainly misunderstanding OAuth spec, but I would
        appreciate any help.

      
Thanks.

      
Best regards,

      
Jérôme

      


      

      

      

      

      
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth


    

    

    

  


--------------070104080701010803040506--

From ve7jtb@ve7jtb.com  Wed Jul  4 11:01:34 2012
Return-Path: 
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BE8B421F86B1 for ; Wed,  4 Jul 2012 11:01:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.472
X-Spam-Level: 
X-Spam-Status: No, score=-3.472 tagged_above=-999 required=5 tests=[AWL=0.126,  BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XeMPUMAIvOXn for ; Wed,  4 Jul 2012 11:01:34 -0700 (PDT)
Received: from mail-yw0-f44.google.com (mail-yw0-f44.google.com [209.85.213.44]) by ietfa.amsl.com (Postfix) with ESMTP id E470521F86E0 for ; Wed,  4 Jul 2012 11:01:33 -0700 (PDT)
Received: by yhq56 with SMTP id 56so8978617yhq.31 for ; Wed, 04 Jul 2012 11:01:44 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=subject:mime-version:content-type:from:in-reply-to:date:cc :message-id:references:to:x-mailer:x-gm-message-state; bh=BDQsL750D596YWZHMHdFOocWTIodh0A2WS5k0lpwXo4=; b=hxrXZgbJV11Ev9C8tNAGTbcDnKL4eRK6hTAMzGwIuFmE+NiAluekWT+Y1SlZAdm4n0 IgQYVUub16nrLGSQP9K4zWHaMMposAvB1EGMB8g3+IdCntw2xbJhUA9zx39VvavbVUNM 6v6t/Q24QiJo9RLuXxBMq1IiEHPan14/P/+cGUMMrhlG+d0deAqU+GfwaX9/NGdsmFpf gexBoiHlc/Er8oge7e/WN69QDpyonAt00OyTzZmWXr6pQOJzJ76D84L/3+BMXUf+5dnD dX5sLB2BwA91f3uMD8KDx1vim5wIqXkz7iUS1rH/Jt6tsVfl7GQL5RnhB7e4H18pOuWq ZIiw==
Received: by 10.236.182.161 with SMTP id o21mr26818580yhm.43.1341424904774; Wed, 04 Jul 2012 11:01:44 -0700 (PDT)
Received: from [192.168.1.211] (190-20-63-87.baf.movistar.cl. [190.20.63.87]) by mx.google.com with ESMTPS id h15sm17901149ank.1.2012.07.04.11.01.42 (version=TLSv1/SSLv3 cipher=OTHER); Wed, 04 Jul 2012 11:01:43 -0700 (PDT)
Mime-Version: 1.0 (Apple Message framework v1278)
Content-Type: multipart/signed; boundary="Apple-Mail=_518F4193-75E8-4D85-8505-E707BA459F84"; protocol="application/pkcs7-signature"; micalg=sha1
From: John Bradley 
In-Reply-To: <4FF47DDD.3010904@lodderstedt.net>
Date: Wed, 4 Jul 2012 14:01:34 -0400
Message-Id: 
References:  <4FF47DDD.3010904@lodderstedt.net>
To: Torsten Lodderstedt 
X-Mailer: Apple Mail (2.1278)
X-Gm-Message-State: ALoCoQkoY5z5m74/GRAb5IEwaXS4M/VaK1fEQ4BRiSpufqDzG2/WgTmaVPC6VxWTr7BzCt915FyI
Cc: oauth@ietf.org, =?iso-8859-1?Q?J=E9r=F4me_LELEU?= 
Subject: Re: [OAUTH-WG] Authorization request errors
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG 
List-Unsubscribe: , 
List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: , 
X-List-Received-Date: Wed, 04 Jul 2012 18:01:34 -0000

--Apple-Mail=_518F4193-75E8-4D85-8505-E707BA459F84
Content-Type: multipart/alternative;
	boundary="Apple-Mail=_196E22A0-E8AA-4BFA-AD46-4C3353706EBD"


--Apple-Mail=_196E22A0-E8AA-4BFA-AD46-4C3353706EBD
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
	charset=iso-8859-1

Jerome,

If you redirect an error of any sort to the redirect_uri in the =
authorization request if the client_id is wrong or the URI doesn't match =
the registered one you are creating a open redirector that can =
potentially be used for phasing or other attacks.

The redirect URI are registered to prevent that.   Not sending a =
response is intentional.

Regards
John B.

On 2012-07-04, at 1:31 PM, Torsten Lodderstedt wrote:

> Hi Jerome,
>=20
> I read the introduction of 4.1.2.1 as follows: The authorization =
server shall display an error message to the end-user. So no HTTP error =
code required.
>=20
> best regards,
> Torsten.
>=20
> Am 21.06.2012 21:40, schrieb J=E9r=F4me LELEU:
>> Hi,
>>=20
>> I'm trying to implement OAuth 2.0 provider support and, in =
particular, right handling of errors.
>>=20
>> Following OAuth 2.0 spec : =
http://tools.ietf.org/html/draft-ietf-oauth-v2-28, I don't understand =
the authorization request errors : part 4.1.2.1.
>> If I have a valid redirection url, I understand that an error should =
be returned with GET parameters (error, error_description...) in the =
redirected url as shown in example.
>> But in case of invalid redirection url or unknown client_id (which =
makes validation of redirection url impossible), what http code should I =
return ? 500 ? 400 ? What should be the format of the error message ? =
Json ? plaintext ? like a POST body ?
>>=20
>> I'm certainly misunderstanding OAuth spec, but I would appreciate any =
help.
>> Thanks.
>> Best regards,
>> J=E9r=F4me
>>=20
>>=20
>>=20
>> _______________________________________________
>> OAuth mailing list
>> OAuth@ietf.org
>> https://www.ietf.org/mailman/listinfo/oauth
>=20
>=20
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth


--Apple-Mail=_196E22A0-E8AA-4BFA-AD46-4C3353706EBD
Content-Transfer-Encoding: quoted-printable
Content-Type: text/html;
	charset=iso-8859-1



 =20
    
 =20
  

    Hi Jerome,

    

    I read the introduction of 4.1.2.1 as follows: The authorization
    server shall display an error message to the end-user. So no HTTP
    error code required.

    

    best regards,

    Torsten.

    

    
Am 21.06.2012 21:40, schrieb J=E9r=F4me=

      LELEU:

    

    
Hi,
      


      

      
I'm trying to implement OAuth 2.0 provider support and, in
        particular, right handling of errors.

      


      

      
Following OAuth 2.0 spec : http://tools.ie=
tf.org/html/draft-ietf-oauth-v2-28,
        I don't understand the authorization request errors : part
        4.1.2.1.

      
If I have a valid redirection url, I understand that an error
        should be returned with GET parameters (error,
        error_description...) in the redirected url as shown in =
example.

      
But in case of invalid redirection url or unknown client_id
        (which makes validation of redirection url impossible), what
        http code should I return ? 500 ? 400 ? What should be the
        format of the error message ? Json ? plaintext ? like a POST
        body ?

      


      

      
I'm certainly misunderstanding OAuth spec, but I would
        appreciate any help.

      
Thanks.

      
Best regards,

      
J=E9r=F4me

      


      

      

      

      

      
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/=
mailman/listinfo/oauth


    

    

    

  


_______________________________________________
OAuth mailing =
list
OAuth@ietf.org
https://www.ietf.org/=
mailman/listinfo/oauth

= --Apple-Mail=_196E22A0-E8AA-4BFA-AD46-4C3353706EBD-- --Apple-Mail=_518F4193-75E8-4D85-8505-E707BA459F84 Content-Disposition: attachment; filename=smime.p7s Content-Type: application/pkcs7-signature; name=smime.p7s Content-Transfer-Encoding: base64 MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIPnzCCB7Uw ggadoAMCAQICAh5cMA0GCSqGSIb3DQEBBQUAMIGMMQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3Rh cnRDb20gTHRkLjErMCkGA1UECxMiU2VjdXJlIERpZ2l0YWwgQ2VydGlmaWNhdGUgU2lnbmluZzE4 MDYGA1UEAxMvU3RhcnRDb20gQ2xhc3MgMiBQcmltYXJ5IEludGVybWVkaWF0ZSBDbGllbnQgQ0Ew HhcNMTIwMzE4MDQzMjQ4WhcNMTQwMzE5MTEwNzMyWjCBmzEZMBcGA1UEDRMQR3JUTTZMUzdYMzU3 NzhzOTELMAkGA1UEBhMCQ0wxIjAgBgNVBAgTGU1ldHJvcG9saXRhbmEgZGUgU2FudGlhZ28xFjAU BgNVBAcTDUlzbGEgZGUgTWFpcG8xFTATBgNVBAMTDEpvaG4gQnJhZGxleTEeMBwGCSqGSIb3DQEJ ARYPamJyYWRsZXlAbWUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAskrlBI93 rBTLOQGSwIT6co6dAw/rwDPrRXl6/F2oc4KDn+QN6CdFeHo08H846VJS9CDjLKvnK9jbxxs4wYqe nKdPb3jgzt8oc7b9ZXtWkOgsxgMf6dBZ/IPm4lWBpCbSr3seDGDXEpiE2lTZXno7c25OguR4E6Qa hcpHABZjeEWK65mMH25gmoRf5MY1k3quu5y+FCYCHE2iwU5jzq+mI3HmG59+UMFLx1fjV+zTslRw 26cQDC/uepwjeYSp8S26hfWipVWwQj4js/C7RoPtvt2iyeU+LSH81jG4wlAWntiOG1WtoXUuXWSc ExhciKeKWCnemy9qqmxRfJqBROeGlQIDAQABo4IEDjCCBAowCQYDVR0TBAIwADALBgNVHQ8EBAMC BLAwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMEMB0GA1UdDgQWBBQ/A7/CxKEnzpqmZlLz 9iaQMy24eTAfBgNVHSMEGDAWgBSuVYNv7DHKufcd+q9rMfPIHeOsuzB+BgNVHREEdzB1gQ9qYnJh ZGxleUBtZS5jb22BD2picmFkbGV5QG1lLmNvbYEQamJyYWRsZXlAbWFjLmNvbYERdmU3anRiQHZl N2p0Yi5jb22BE2picmFkbGV5QHdpbmdhYS5jb22BF2pvaG4uYnJhZGxleUB3aW5nYWEuY29tMIIC IQYDVR0gBIICGDCCAhQwggIQBgsrBgEEAYG1NwECAjCCAf8wLgYIKwYBBQUHAgEWImh0dHA6Ly93 d3cuc3RhcnRzc2wuY29tL3BvbGljeS5wZGYwNAYIKwYBBQUHAgEWKGh0dHA6Ly93d3cuc3RhcnRz c2wuY29tL2ludGVybWVkaWF0ZS5wZGYwgfcGCCsGAQUFBwICMIHqMCcWIFN0YXJ0Q29tIENlcnRp ZmljYXRpb24gQXV0aG9yaXR5MAMCAQEagb5UaGlzIGNlcnRpZmljYXRlIHdhcyBpc3N1ZWQgYWNj b3JkaW5nIHRvIHRoZSBDbGFzcyAyIFZhbGlkYXRpb24gcmVxdWlyZW1lbnRzIG9mIHRoZSBTdGFy dENvbSBDQSBwb2xpY3ksIHJlbGlhbmNlIG9ubHkgZm9yIHRoZSBpbnRlbmRlZCBwdXJwb3NlIGlu IGNvbXBsaWFuY2Ugb2YgdGhlIHJlbHlpbmcgcGFydHkgb2JsaWdhdGlvbnMuMIGcBggrBgEFBQcC AjCBjzAnFiBTdGFydENvbSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTADAgECGmRMaWFiaWxpdHkg YW5kIHdhcnJhbnRpZXMgYXJlIGxpbWl0ZWQhIFNlZSBzZWN0aW9uICJMZWdhbCBhbmQgTGltaXRh dGlvbnMiIG9mIHRoZSBTdGFydENvbSBDQSBwb2xpY3kuMDYGA1UdHwQvMC0wK6ApoCeGJWh0dHA6 Ly9jcmwuc3RhcnRzc2wuY29tL2NydHUyLWNybC5jcmwwgY4GCCsGAQUFBwEBBIGBMH8wOQYIKwYB BQUHMAGGLWh0dHA6Ly9vY3NwLnN0YXJ0c3NsLmNvbS9zdWIvY2xhc3MyL2NsaWVudC9jYTBCBggr BgEFBQcwAoY2aHR0cDovL2FpYS5zdGFydHNzbC5jb20vY2VydHMvc3ViLmNsYXNzMi5jbGllbnQu Y2EuY3J0MCMGA1UdEgQcMBqGGGh0dHA6Ly93d3cuc3RhcnRzc2wuY29tLzANBgkqhkiG9w0BAQUF AAOCAQEAEcfD4PmHrX+W3zaP/KsR4gwLAL0UTaMz14SIng6a9F3kb8ZDbTUneS9ubgpqeJQP2IFc 0U5gQnJ3XeCH6p9I88mvm1NqKQw8WvfglS0aIS19vfpTgXJSPdIO2JJPRqaBtXf3zkdXJwckX9/d NMrLGeGvaFT9fUNdQdHU4BI1pVUpgKr796T7LTc/ERfH8iFp1+CmdVkJ6Y2iJdWUp4h17XmbxbIT 0CdS4SSk/VW8LFsn/mVz6hB73VthwjGsIku54Wp4pRuq1KX+pATnRk3pHRa1z3mxJMmq7OEXENcC Vm+bAnyUrYbUilNS9UVTYS8/3dVsKiNupBaOZO+vOgJqVDCCB+IwggXKoAMCAQICAQ4wDQYJKoZI hvcNAQEFBQAwfTELMAkGA1UEBhMCSUwxFjAUBgNVBAoTDVN0YXJ0Q29tIEx0ZC4xKzApBgNVBAsT IlNlY3VyZSBEaWdpdGFsIENlcnRpZmljYXRlIFNpZ25pbmcxKTAnBgNVBAMTIFN0YXJ0Q29tIENl cnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA3MTAyNDIxMDI1NFoXDTEyMTAyMjIxMDI1NFowgYwx CzAJBgNVBAYTAklMMRYwFAYDVQQKEw1TdGFydENvbSBMdGQuMSswKQYDVQQLEyJTZWN1cmUgRGln aXRhbCBDZXJ0aWZpY2F0ZSBTaWduaW5nMTgwNgYDVQQDEy9TdGFydENvbSBDbGFzcyAyIFByaW1h cnkgSW50ZXJtZWRpYXRlIENsaWVudCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB AMsohUWcASz7GfKrpTOMKqANy9BV7V0igWdGxA8IU77L3aTxErQ+fcxtDYZ36Z6GH0YFn7fq5RAD teP0AYzrCA+EQTfi8q1+kA3m0nwtwXG94M5sIqsvs7lRP1aycBke/s5g9hJHryZ2acScnzczjBCA o7X1v5G3yw8MDP2m2RCye0KfgZ4nODerZJVzhAlOD9YejvAXZqHksw56HzElVIoYSZ3q4+RJuPXX fIoyby+Y2m1E+YzX5iCZXBx05gk6MKAW1vaw4/v2OOLy6FZH3XHHtOkzUreG//CsFnB9+uaYSlR6 5cdGzTsmoIK8WH1ygoXhRBm98SD7Hf/r3FELNvUCAwEAAaOCA1swggNXMAwGA1UdEwQFMAMBAf8w CwYDVR0PBAQDAgGmMB0GA1UdDgQWBBSuVYNv7DHKufcd+q9rMfPIHeOsuzCBqAYDVR0jBIGgMIGd gBROC+8apEBbpRdphzDKNGhD0EGu8qGBgaR/MH0xCzAJBgNVBAYTAklMMRYwFAYDVQQKEw1TdGFy dENvbSBMdGQuMSswKQYDVQQLEyJTZWN1cmUgRGlnaXRhbCBDZXJ0aWZpY2F0ZSBTaWduaW5nMSkw JwYDVQQDEyBTdGFydENvbSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eYIBATAJBgNVHRIEAjAAMD0G CCsGAQUFBwEBBDEwLzAtBggrBgEFBQcwAoYhaHR0cDovL3d3dy5zdGFydHNzbC5jb20vc2ZzY2Eu Y3J0MGAGA1UdHwRZMFcwLKAqoCiGJmh0dHA6Ly9jZXJ0LnN0YXJ0Y29tLm9yZy9zZnNjYS1jcmwu Y3JsMCegJaAjhiFodHRwOi8vY3JsLnN0YXJ0c3NsLmNvbS9zZnNjYS5jcmwwggFdBgNVHSAEggFU MIIBUDCCAUwGCysGAQQBgbU3AQEEMIIBOzAvBggrBgEFBQcCARYjaHR0cDovL2NlcnQuc3RhcnRj b20ub3JnL3BvbGljeS5wZGYwNQYIKwYBBQUHAgEWKWh0dHA6Ly9jZXJ0LnN0YXJ0Y29tLm9yZy9p bnRlcm1lZGlhdGUucGRmMIHQBggrBgEFBQcCAjCBwzAnFiBTdGFydCBDb21tZXJjaWFsIChTdGFy dENvbSkgTHRkLjADAgEBGoGXTGltaXRlZCBMaWFiaWxpdHksIHJlYWQgdGhlIHNlY3Rpb24gKkxl Z2FsIExpbWl0YXRpb25zKiBvZiB0aGUgU3RhcnRDb20gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkg UG9saWN5IGF2YWlsYWJsZSBhdCBodHRwOi8vY2VydC5zdGFydGNvbS5vcmcvcG9saWN5LnBkZjAR BglghkgBhvhCAQEEBAMCAAcwUAYJYIZIAYb4QgENBEMWQVN0YXJ0Q29tIENsYXNzIDIgUHJpbWFy eSBJbnRlcm1lZGlhdGUgRnJlZSBTU0wgRW1haWwgQ2VydGlmaWNhdGVzMA0GCSqGSIb3DQEBBQUA A4ICAQAe9xAX/vbphHkvkDdNrslXWdO7fD3JaqnTT3jmmDu55r7UpW1H/v/J40UBXsw9DKU8TylE 4RwZT5HDAMW42f1x498AzM4FOnL/pUTTvr6BiRlrify5ZovkDYVWjy1GYTJ+hPiBEv0HmHnDxjhn JIIkEvJ+niMHLLEdpNMhZnxMiTFRAtIF4WeYcpgXBjAxsEDRKBvw40K+r3N4lykySQNp2ElIJ8H1 z2BmhxtppUdWpOVJ4Q1Gvn9jfV1qnMhFCDY+X1X8DrkKrTcpDExcGlefweQs7+DYUK3spiQkJpN7 qpPYlfy2GYHedv7lGa1ZAghMI/4882QVAK2zq6M60nHpOUMtYD61XtAs3ZD5L3yn9LCdeK2j4ZbQ 3uRdwvxAMFWwXyUK/ALP4lCu9QhxbnETOkBWT3FJul4/FUgzM0RRCEGhuQWiOFSoa35XJTcYf/4E /ZuvOXhK04nUpe7DYTMWzRqL04yyoJQVHKHKSboytueydKuqFZKdJA9gi77OnPBYL/yxkXGgkLC9 tsi77oT4AgZry0/6lgX56ak+f/umQihNPgtKSQQjEYq9S8MlOHzpUM0vxsghATYsdUPBw6r6ZxDH jXoUAD03DUMEbKsWvqFB7nJNVesngbu8miw1EYLA+fHfTaCidoV3CL75jKqM/KE87qrh9Fqti9bK qnkvpTGCA2wwggNoAgEBMIGTMIGMMQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3RhcnRDb20gTHRk LjErMCkGA1UECxMiU2VjdXJlIERpZ2l0YWwgQ2VydGlmaWNhdGUgU2lnbmluZzE4MDYGA1UEAxMv U3RhcnRDb20gQ2xhc3MgMiBQcmltYXJ5IEludGVybWVkaWF0ZSBDbGllbnQgQ0ECAh5cMAkGBSsO AwIaBQCgggGtMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTEyMDcw NDE4MDEzNVowIwYJKoZIhvcNAQkEMRYEFPPAwzQObE7a488nPVqqhalyjdg/MIGkBgkrBgEEAYI3 EAQxgZYwgZMwgYwxCzAJBgNVBAYTAklMMRYwFAYDVQQKEw1TdGFydENvbSBMdGQuMSswKQYDVQQL EyJTZWN1cmUgRGlnaXRhbCBDZXJ0aWZpY2F0ZSBTaWduaW5nMTgwNgYDVQQDEy9TdGFydENvbSBD bGFzcyAyIFByaW1hcnkgSW50ZXJtZWRpYXRlIENsaWVudCBDQQICHlwwgaYGCyqGSIb3DQEJEAIL MYGWoIGTMIGMMQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMi U2VjdXJlIERpZ2l0YWwgQ2VydGlmaWNhdGUgU2lnbmluZzE4MDYGA1UEAxMvU3RhcnRDb20gQ2xh c3MgMiBQcmltYXJ5IEludGVybWVkaWF0ZSBDbGllbnQgQ0ECAh5cMA0GCSqGSIb3DQEBAQUABIIB AIMz9IPbMxGmKLIQglKlw9Bf8xbRrDNgl3AR21JBBSFquPU6DTyyvqwF2EBrLmU1OZj/RVUWVLfP 0ymWQSUimg4FV5I8mB2Nq2IwxVlBIW9024JWuPDVaIAxPAcV1Xm1+swwVt1bs68QVobK94WOUImv md5Z06PIX0JdKEvJ4VaPuLiGjzPhCQRBr6tjHKI55+nkQs1QPQDEOhS2EZyYIg9gTVWXFr6qa4v4 hC+aCgr7QRDaGAhHzhuNqZCWIogwlXNdNtLnre9CMTtZK8kI3nsb36/uLYsiQx/8ZoO3XrhX9trK O8sHpKfuJkVIrHnhwrnd5n3xufjt6vSbSX/htt0AAAAAAAA= --Apple-Mail=_518F4193-75E8-4D85-8505-E707BA459F84-- From leleuj@gmail.com Wed Jul 4 11:36:29 2012 Return-Path: X-Original-To: oauth@ietfa.amsl.com Delivered-To: oauth@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 17DC121F86B0 for ; Wed, 4 Jul 2012 11:36:29 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -3.298 X-Spam-Level: X-Spam-Status: No, score=-3.298 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_LOW=-1] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TrYUz+FJo8xU for ; Wed, 4 Jul 2012 11:36:28 -0700 (PDT) Received: from mail-lb0-f172.google.com (mail-lb0-f172.google.com [209.85.217.172]) by ietfa.amsl.com (Postfix) with ESMTP id CB4E721F86C2 for ; Wed, 4 Jul 2012 11:36:27 -0700 (PDT) Received: by lbbgo11 with SMTP id go11so11820267lbb.31 for ; Wed, 04 Jul 2012 11:36:38 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=vy7iburyLnq3XsGHDBBp36XVi1YZDGnpkZJgNy5ZAeQ=; b=AC15urI8X+3v4nmh2jRwPrmKl61un5kBxnIaNJYCoPemkrnk9S92w3omRUkvfRCuHs xdy9OXOZMEz3tQTZaOKIru9UxX1GM0ybNz3opLuE2YxYch11MW2aHfGPIe/Y8GM3W7uq hsbakJCiE7D3HEmVna38Yu/7hL0maZvBlP5xFYd0mP7OztQQQKTQfS5RSij/Y9mWLVp+ kkwynKo1VGDt7QqYU/v8JxHzjBW74jUO4Yv9FBcSt3FlUkW6f9YTdlTuRAEXTs9W+zkD 2XMUIJgUtdWeIYs8tDn+1ywhd/pzAg0X1kbKsQ+14FnwUBnSruXVAbaLlTQpKuUYRj3H ol3w== MIME-Version: 1.0 Received: by 10.112.43.129 with SMTP id w1mr187417lbl.61.1341426998162; Wed, 04 Jul 2012 11:36:38 -0700 (PDT) Received: by 10.112.106.166 with HTTP; Wed, 4 Jul 2012 11:36:38 -0700 (PDT) In-Reply-To: References: <4FF47DDD.3010904@lodderstedt.net> Date: Wed, 4 Jul 2012 20:36:38 +0200 Message-ID: From: =?ISO-8859-1?B?Suly9G1lIExFTEVV?= To: John Bradley Content-Type: multipart/alternative; boundary=e0cb4efe3166b7b59504c4054f5a Cc: oauth@ietf.org Subject: Re: [OAUTH-WG] Authorization request errors X-BeenThere: oauth@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: OAUTH WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 04 Jul 2012 18:36:29 -0000 --e0cb4efe3166b7b59504c4054f5a Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Hi, Thanks for your replies. The possible security breach is clear to me : I would never redirect to a redirect_uri url if I didn't validate the client_id and if it didn't match the associated registered redirection url. My understanding of Torsten message is that the error page is in a free HTML format for end user with HTTP code 200 (status : OK). I think the spec could be more precise on this point. Thanks. Best regards, J=E9r=F4me 2012/7/4 John Bradley > Jerome, > > If you redirect an error of any sort to the redirect_uri in the > authorization request if the client_id is wrong or the URI doesn't match > the registered one you are creating a open redirector that can potentiall= y > be used for phasing or other attacks. > > The redirect URI are registered to prevent that. Not sending a response > is intentional. > > Regards > John B. > > On 2012-07-04, at 1:31 PM, Torsten Lodderstedt wrote: > > Hi Jerome, > > I read the introduction of 4.1.2.1 as follows: The authorization server > shall display an error message to the end-user. So no HTTP error code > required. > > best regards, > Torsten. > > Am 21.06.2012 21:40, schrieb J=E9r=F4me LELEU: > > Hi, > > I'm trying to implement OAuth 2.0 provider support and, in particular, > right handling of errors. > > Following OAuth 2.0 spec : > http://tools.ietf.org/html/draft-ietf-oauth-v2-28, I don't understand the > authorization request errors : part 4.1.2.1. > If I have a valid redirection url, I understand that an error should be > returned with GET parameters (error, error_description...) in the > redirected url as shown in example. > But in case of invalid redirection url or unknown client_id (which makes > validation of redirection url impossible), what http code should I return= ? > 500 ? 400 ? What should be the format of the error message ? Json ? > plaintext ? like a POST body ? > > I'm certainly misunderstanding OAuth spec, but I would appreciate any > help. > Thanks. > Best regards, > J=E9r=F4me > > > > _______________________________________________ > OAuth mailing listOAuth@ietf.orghttps://www.ietf.org/mailman/listinfo/oau= th > > > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth > > > --e0cb4efe3166b7b59504c4054f5a Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Hi,

Thanks for your replies.

Th= e possible security breach is clear to me : I would never redirect to a red= irect_uri url if I didn't validate the client_id and if it didn't m= atch the associated registered redirection url.

My understanding of Torsten message is that the error p= age is in a free HTML format for end user with HTTP code 200 (status : OK).=

I think the spec could be more precise on this po= int.
Thanks.

Best regards,
J=E9r=F4me



2012/7/4 John Bra= dley <ve7jtb@ve7jtb.com>
Jerome,<= div>
If you redirect an error of any sort to the redirect_uri= in the authorization request if the client_id is wrong or the URI doesn= 9;t match the registered one you are creating a open redirector that can po= tentially be used for phasing or other attacks.

The redirect URI are registered to prevent that. =A0 No= t sending a response is intentional.

Regards
=
John B.

On 2012-07-04, at 1:31 PM, Torsten Lod= derstedt wrote:

=20 =20 =20
Hi Jerome,

I read the introduction of 4.1.2.1 as follows: The authorization server shall display an error message to the end-user. So no HTTP error code required.

best regards,
Torsten.

Am 21.06.2012 21:40, schrieb J=E9r=F4me LELEU:
Hi,

I'm trying to implement OAuth 2.0 provider support and, in particular, right handling of errors.

Following OAuth 2.0 spec :=A0http://tools.ietf.org/html/dra= ft-ietf-oauth-v2-28, I don't understand the authorization request errors : part 4.1.2.1.
If I have a valid redirection url, I understand that an error should be returned with GET parameters (error, error_description...) in the redirected url as shown in example.
But in case of invalid redirection url or unknown client_id (which makes validation of redirection url impossible), what http code should I return ? 500 ? 400 ? What should be the format of the error message ? Json ? plaintext ? like a POST body ?

I'm certainly misunderstanding OAuth spec, but I would appreciate any help.
Thanks.
Best regards,
J=E9r=F4me



_______________________________________________
OAuth mailing list
OAuth@ietf.org
h=
ttps://www.ietf.org/mailman/listinfo/oauth


_______________________________________________
OAuth mailing list
OAuth@ietf.org
http= s://www.ietf.org/mailman/listinfo/oauth


--e0cb4efe3166b7b59504c4054f5a-- From ve7jtb@ve7jtb.com Wed Jul 4 12:33:48 2012 Return-Path: X-Original-To: oauth@ietfa.amsl.com Delivered-To: oauth@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6D6AA21F853A for ; Wed, 4 Jul 2012 12:33:48 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -3.323 X-Spam-Level: X-Spam-Status: No, score=-3.323 tagged_above=-999 required=5 tests=[AWL=-0.025, BAYES_00=-2.599, HTML_MESSAGE=0.001, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_LOW=-1] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id z7kvygsVA6Ki for ; Wed, 4 Jul 2012 12:33:46 -0700 (PDT) Received: from mail-yx0-f172.google.com (mail-yx0-f172.google.com [209.85.213.172]) by ietfa.amsl.com (Postfix) with ESMTP id 69B3F21F845A for ; Wed, 4 Jul 2012 12:33:44 -0700 (PDT) Received: by yenq13 with SMTP id q13so7471414yen.31 for ; Wed, 04 Jul 2012 12:33:55 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=subject:mime-version:content-type:from:in-reply-to:date:cc :message-id:references:to:x-mailer:x-gm-message-state; bh=kPz6R70IZ0KIOkg7VoSHudrAdJT3h9/z4MyzaD8w80w=; b=RntyNymOGfDkdIQILJKeROzYDhzZRbcAoJWnHAze7xWoV1Amx5xs2SJ/Emeb/Irxua DbwswJsXZSAm2N7Osl4mGR5aaHnF+BmfOokFmexXdhr/iZge8SGRNjrA3IxG24xMJ6wB 3371lGUe9TZeuTHGD+t4A88HBsmc5v+WnPI6iSwSdDStiVnC6O2P09t4rPFV+Sf+ctA5 ELphLppzcNZn5VEWelYAXCblHwS0EfNacSnlATu5hp//ktkK6oc52Cg2ovXvCS6WvjDb 9kd8A0yoH1ZjT0hSo0hzJ8upRr14QPsPANaEMG2dEBtHM80OozOVJLPlaymDiQR04Cmj 0+tA== Received: by 10.236.165.74 with SMTP id d50mr26245851yhl.118.1341430435490; Wed, 04 Jul 2012 12:33:55 -0700 (PDT) Received: from [192.168.1.211] (190-20-63-87.baf.movistar.cl. [190.20.63.87]) by mx.google.com with ESMTPS id w61sm38492573yhi.5.2012.07.04.12.33.53 (version=TLSv1/SSLv3 cipher=OTHER); Wed, 04 Jul 2012 12:33:54 -0700 (PDT) Mime-Version: 1.0 (Apple Message framework v1278) Content-Type: multipart/signed; boundary="Apple-Mail=_A484B927-7CD5-4446-BB42-C3A3BDA8FFE7"; protocol="application/pkcs7-signature"; micalg=sha1 From: John Bradley In-Reply-To: Date: Wed, 4 Jul 2012 15:33:44 -0400 Message-Id: References: <4FF47DDD.3010904@lodderstedt.net> To: =?iso-8859-1?Q?J=E9r=F4me_LELEU?= X-Mailer: Apple Mail (2.1278) X-Gm-Message-State: ALoCoQnfH4Erex//xdrDmWkTGAU2xxNj89AfSEqUvoHdLwir/HZgwnA3IWbjlpOt5Oe2XwuCSD4W Cc: oauth@ietf.org Subject: Re: [OAUTH-WG] Authorization request errors X-BeenThere: oauth@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: OAUTH WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 04 Jul 2012 19:33:48 -0000 --Apple-Mail=_A484B927-7CD5-4446-BB42-C3A3BDA8FFE7 Content-Type: multipart/alternative; boundary="Apple-Mail=_6E91E007-C2C7-401E-AECD-327CA6DFF2A2" --Apple-Mail=_6E91E007-C2C7-401E-AECD-327CA6DFF2A2 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=iso-8859-1 Yes it is a HTML message to the user describing why the error occurred, = 200 OK as I understand it. John B. On 2012-07-04, at 2:36 PM, J=E9r=F4me LELEU wrote: > Hi, >=20 > Thanks for your replies. >=20 > The possible security breach is clear to me : I would never redirect = to a redirect_uri url if I didn't validate the client_id and if it = didn't match the associated registered redirection url. >=20 > My understanding of Torsten message is that the error page is in a = free HTML format for end user with HTTP code 200 (status : OK). >=20 > I think the spec could be more precise on this point. > Thanks. >=20 > Best regards, > J=E9r=F4me >=20 >=20 >=20 > 2012/7/4 John Bradley > Jerome, >=20 > If you redirect an error of any sort to the redirect_uri in the = authorization request if the client_id is wrong or the URI doesn't match = the registered one you are creating a open redirector that can = potentially be used for phasing or other attacks. >=20 > The redirect URI are registered to prevent that. Not sending a = response is intentional. >=20 > Regards > John B. >=20 > On 2012-07-04, at 1:31 PM, Torsten Lodderstedt wrote: >=20 >> Hi Jerome, >>=20 >> I read the introduction of 4.1.2.1 as follows: The authorization = server shall display an error message to the end-user. So no HTTP error = code required. >>=20 >> best regards, >> Torsten. >>=20 >> Am 21.06.2012 21:40, schrieb J=E9r=F4me LELEU: >>> Hi, >>>=20 >>> I'm trying to implement OAuth 2.0 provider support and, in = particular, right handling of errors. >>>=20 >>> Following OAuth 2.0 spec : = http://tools.ietf.org/html/draft-ietf-oauth-v2-28, I don't understand = the authorization request errors : part 4.1.2.1. >>> If I have a valid redirection url, I understand that an error should = be returned with GET parameters (error, error_description...) in the = redirected url as shown in example. >>> But in case of invalid redirection url or unknown client_id (which = makes validation of redirection url impossible), what http code should I = return ? 500 ? 400 ? What should be the format of the error message ? = Json ? plaintext ? like a POST body ? >>>=20 >>> I'm certainly misunderstanding OAuth spec, but I would appreciate = any help. >>> Thanks. >>> Best regards, >>> J=E9r=F4me >>>=20 >>>=20 >>>=20 >>> _______________________________________________ >>> OAuth mailing list >>> OAuth@ietf.org >>> https://www.ietf.org/mailman/listinfo/oauth >>=20 >>=20 >> _______________________________________________ >> OAuth mailing list >> OAuth@ietf.org >> https://www.ietf.org/mailman/listinfo/oauth >=20 >=20 --Apple-Mail=_6E91E007-C2C7-401E-AECD-327CA6DFF2A2 Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=iso-8859-1 Yes = it is a HTML message to the user describing why the error occurred, =  200 OK  as I understand it.

John = B.
On 2012-07-04, at 2:36 PM, J=E9r=F4me LELEU = wrote:

Hi,

Thanks for your = replies.

The possible security breach is clear = to me : I would never redirect to a redirect_uri url if I didn't = validate the client_id and if it didn't match the associated registered = redirection url.

My understanding of Torsten message is that the = error page is in a free HTML format for end user with HTTP code 200 = (status : OK).

I think the spec could be more = precise on this point.
Thanks.

Best = regards,
J=E9r=F4me



2012/7/4 John Bradley <ve7jtb@ve7jtb.com>
Jerome,

If you = redirect an error of any sort to the redirect_uri in the authorization = request if the client_id is wrong or the URI doesn't match the = registered one you are creating a open redirector that can potentially = be used for phasing or other attacks.

The redirect URI are registered to prevent that. =   Not sending a response is = intentional.

Regards
John = B.

On 2012-07-04, at 1:31 PM, Torsten = Lodderstedt wrote:

=20 =20 =20
Hi Jerome,

I read the introduction of 4.1.2.1 as follows: The authorization server shall display an error message to the end-user. So no HTTP error code required.

best regards,
Torsten.

Am 21.06.2012 21:40, schrieb J=E9r=F4me LELEU:
Hi,

I'm trying to implement OAuth 2.0 provider support and, in particular, right handling of errors.

Following OAuth 2.0 spec : http://tools.ietf.org/html/draft-ietf-oauth-v2-28, I don't understand the authorization request errors : part 4.1.2.1.
If I have a valid redirection url, I understand that an error should be returned with GET parameters (error, error_description...) in the redirected url as shown in = example.
But in case of invalid redirection url or unknown client_id (which makes validation of redirection url impossible), what http code should I return ? 500 ? 400 ? What should be the format of the error message ? Json ? plaintext ? like a POST body ?

I'm certainly misunderstanding OAuth spec, but I would appreciate any help.
Thanks.
Best regards,
J=E9r=F4me



_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth


_______________________________________________
OAuth mailing = list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth



= --Apple-Mail=_6E91E007-C2C7-401E-AECD-327CA6DFF2A2-- --Apple-Mail=_A484B927-7CD5-4446-BB42-C3A3BDA8FFE7 Content-Disposition: attachment; filename=smime.p7s Content-Type: application/pkcs7-signature; name=smime.p7s Content-Transfer-Encoding: base64 MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIPnzCCB7Uw ggadoAMCAQICAh5cMA0GCSqGSIb3DQEBBQUAMIGMMQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3Rh cnRDb20gTHRkLjErMCkGA1UECxMiU2VjdXJlIERpZ2l0YWwgQ2VydGlmaWNhdGUgU2lnbmluZzE4 MDYGA1UEAxMvU3RhcnRDb20gQ2xhc3MgMiBQcmltYXJ5IEludGVybWVkaWF0ZSBDbGllbnQgQ0Ew HhcNMTIwMzE4MDQzMjQ4WhcNMTQwMzE5MTEwNzMyWjCBmzEZMBcGA1UEDRMQR3JUTTZMUzdYMzU3 NzhzOTELMAkGA1UEBhMCQ0wxIjAgBgNVBAgTGU1ldHJvcG9saXRhbmEgZGUgU2FudGlhZ28xFjAU BgNVBAcTDUlzbGEgZGUgTWFpcG8xFTATBgNVBAMTDEpvaG4gQnJhZGxleTEeMBwGCSqGSIb3DQEJ ARYPamJyYWRsZXlAbWUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAskrlBI93 rBTLOQGSwIT6co6dAw/rwDPrRXl6/F2oc4KDn+QN6CdFeHo08H846VJS9CDjLKvnK9jbxxs4wYqe nKdPb3jgzt8oc7b9ZXtWkOgsxgMf6dBZ/IPm4lWBpCbSr3seDGDXEpiE2lTZXno7c25OguR4E6Qa hcpHABZjeEWK65mMH25gmoRf5MY1k3quu5y+FCYCHE2iwU5jzq+mI3HmG59+UMFLx1fjV+zTslRw 26cQDC/uepwjeYSp8S26hfWipVWwQj4js/C7RoPtvt2iyeU+LSH81jG4wlAWntiOG1WtoXUuXWSc ExhciKeKWCnemy9qqmxRfJqBROeGlQIDAQABo4IEDjCCBAowCQYDVR0TBAIwADALBgNVHQ8EBAMC BLAwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMEMB0GA1UdDgQWBBQ/A7/CxKEnzpqmZlLz 9iaQMy24eTAfBgNVHSMEGDAWgBSuVYNv7DHKufcd+q9rMfPIHeOsuzB+BgNVHREEdzB1gQ9qYnJh ZGxleUBtZS5jb22BD2picmFkbGV5QG1lLmNvbYEQamJyYWRsZXlAbWFjLmNvbYERdmU3anRiQHZl N2p0Yi5jb22BE2picmFkbGV5QHdpbmdhYS5jb22BF2pvaG4uYnJhZGxleUB3aW5nYWEuY29tMIIC IQYDVR0gBIICGDCCAhQwggIQBgsrBgEEAYG1NwECAjCCAf8wLgYIKwYBBQUHAgEWImh0dHA6Ly93 d3cuc3RhcnRzc2wuY29tL3BvbGljeS5wZGYwNAYIKwYBBQUHAgEWKGh0dHA6Ly93d3cuc3RhcnRz c2wuY29tL2ludGVybWVkaWF0ZS5wZGYwgfcGCCsGAQUFBwICMIHqMCcWIFN0YXJ0Q29tIENlcnRp ZmljYXRpb24gQXV0aG9yaXR5MAMCAQEagb5UaGlzIGNlcnRpZmljYXRlIHdhcyBpc3N1ZWQgYWNj b3JkaW5nIHRvIHRoZSBDbGFzcyAyIFZhbGlkYXRpb24gcmVxdWlyZW1lbnRzIG9mIHRoZSBTdGFy dENvbSBDQSBwb2xpY3ksIHJlbGlhbmNlIG9ubHkgZm9yIHRoZSBpbnRlbmRlZCBwdXJwb3NlIGlu IGNvbXBsaWFuY2Ugb2YgdGhlIHJlbHlpbmcgcGFydHkgb2JsaWdhdGlvbnMuMIGcBggrBgEFBQcC AjCBjzAnFiBTdGFydENvbSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTADAgECGmRMaWFiaWxpdHkg YW5kIHdhcnJhbnRpZXMgYXJlIGxpbWl0ZWQhIFNlZSBzZWN0aW9uICJMZWdhbCBhbmQgTGltaXRh dGlvbnMiIG9mIHRoZSBTdGFydENvbSBDQSBwb2xpY3kuMDYGA1UdHwQvMC0wK6ApoCeGJWh0dHA6 Ly9jcmwuc3RhcnRzc2wuY29tL2NydHUyLWNybC5jcmwwgY4GCCsGAQUFBwEBBIGBMH8wOQYIKwYB BQUHMAGGLWh0dHA6Ly9vY3NwLnN0YXJ0c3NsLmNvbS9zdWIvY2xhc3MyL2NsaWVudC9jYTBCBggr BgEFBQcwAoY2aHR0cDovL2FpYS5zdGFydHNzbC5jb20vY2VydHMvc3ViLmNsYXNzMi5jbGllbnQu Y2EuY3J0MCMGA1UdEgQcMBqGGGh0dHA6Ly93d3cuc3RhcnRzc2wuY29tLzANBgkqhkiG9w0BAQUF AAOCAQEAEcfD4PmHrX+W3zaP/KsR4gwLAL0UTaMz14SIng6a9F3kb8ZDbTUneS9ubgpqeJQP2IFc 0U5gQnJ3XeCH6p9I88mvm1NqKQw8WvfglS0aIS19vfpTgXJSPdIO2JJPRqaBtXf3zkdXJwckX9/d NMrLGeGvaFT9fUNdQdHU4BI1pVUpgKr796T7LTc/ERfH8iFp1+CmdVkJ6Y2iJdWUp4h17XmbxbIT 0CdS4SSk/VW8LFsn/mVz6hB73VthwjGsIku54Wp4pRuq1KX+pATnRk3pHRa1z3mxJMmq7OEXENcC Vm+bAnyUrYbUilNS9UVTYS8/3dVsKiNupBaOZO+vOgJqVDCCB+IwggXKoAMCAQICAQ4wDQYJKoZI hvcNAQEFBQAwfTELMAkGA1UEBhMCSUwxFjAUBgNVBAoTDVN0YXJ0Q29tIEx0ZC4xKzApBgNVBAsT IlNlY3VyZSBEaWdpdGFsIENlcnRpZmljYXRlIFNpZ25pbmcxKTAnBgNVBAMTIFN0YXJ0Q29tIENl cnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA3MTAyNDIxMDI1NFoXDTEyMTAyMjIxMDI1NFowgYwx CzAJBgNVBAYTAklMMRYwFAYDVQQKEw1TdGFydENvbSBMdGQuMSswKQYDVQQLEyJTZWN1cmUgRGln aXRhbCBDZXJ0aWZpY2F0ZSBTaWduaW5nMTgwNgYDVQQDEy9TdGFydENvbSBDbGFzcyAyIFByaW1h cnkgSW50ZXJtZWRpYXRlIENsaWVudCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB AMsohUWcASz7GfKrpTOMKqANy9BV7V0igWdGxA8IU77L3aTxErQ+fcxtDYZ36Z6GH0YFn7fq5RAD teP0AYzrCA+EQTfi8q1+kA3m0nwtwXG94M5sIqsvs7lRP1aycBke/s5g9hJHryZ2acScnzczjBCA o7X1v5G3yw8MDP2m2RCye0KfgZ4nODerZJVzhAlOD9YejvAXZqHksw56HzElVIoYSZ3q4+RJuPXX fIoyby+Y2m1E+YzX5iCZXBx05gk6MKAW1vaw4/v2OOLy6FZH3XHHtOkzUreG//CsFnB9+uaYSlR6 5cdGzTsmoIK8WH1ygoXhRBm98SD7Hf/r3FELNvUCAwEAAaOCA1swggNXMAwGA1UdEwQFMAMBAf8w CwYDVR0PBAQDAgGmMB0GA1UdDgQWBBSuVYNv7DHKufcd+q9rMfPIHeOsuzCBqAYDVR0jBIGgMIGd gBROC+8apEBbpRdphzDKNGhD0EGu8qGBgaR/MH0xCzAJBgNVBAYTAklMMRYwFAYDVQQKEw1TdGFy dENvbSBMdGQuMSswKQYDVQQLEyJTZWN1cmUgRGlnaXRhbCBDZXJ0aWZpY2F0ZSBTaWduaW5nMSkw JwYDVQQDEyBTdGFydENvbSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eYIBATAJBgNVHRIEAjAAMD0G CCsGAQUFBwEBBDEwLzAtBggrBgEFBQcwAoYhaHR0cDovL3d3dy5zdGFydHNzbC5jb20vc2ZzY2Eu Y3J0MGAGA1UdHwRZMFcwLKAqoCiGJmh0dHA6Ly9jZXJ0LnN0YXJ0Y29tLm9yZy9zZnNjYS1jcmwu Y3JsMCegJaAjhiFodHRwOi8vY3JsLnN0YXJ0c3NsLmNvbS9zZnNjYS5jcmwwggFdBgNVHSAEggFU MIIBUDCCAUwGCysGAQQBgbU3AQEEMIIBOzAvBggrBgEFBQcCARYjaHR0cDovL2NlcnQuc3RhcnRj b20ub3JnL3BvbGljeS5wZGYwNQYIKwYBBQUHAgEWKWh0dHA6Ly9jZXJ0LnN0YXJ0Y29tLm9yZy9p bnRlcm1lZGlhdGUucGRmMIHQBggrBgEFBQcCAjCBwzAnFiBTdGFydCBDb21tZXJjaWFsIChTdGFy dENvbSkgTHRkLjADAgEBGoGXTGltaXRlZCBMaWFiaWxpdHksIHJlYWQgdGhlIHNlY3Rpb24gKkxl Z2FsIExpbWl0YXRpb25zKiBvZiB0aGUgU3RhcnRDb20gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkg UG9saWN5IGF2YWlsYWJsZSBhdCBodHRwOi8vY2VydC5zdGFydGNvbS5vcmcvcG9saWN5LnBkZjAR BglghkgBhvhCAQEEBAMCAAcwUAYJYIZIAYb4QgENBEMWQVN0YXJ0Q29tIENsYXNzIDIgUHJpbWFy eSBJbnRlcm1lZGlhdGUgRnJlZSBTU0wgRW1haWwgQ2VydGlmaWNhdGVzMA0GCSqGSIb3DQEBBQUA A4ICAQAe9xAX/vbphHkvkDdNrslXWdO7fD3JaqnTT3jmmDu55r7UpW1H/v/J40UBXsw9DKU8TylE 4RwZT5HDAMW42f1x498AzM4FOnL/pUTTvr6BiRlrify5ZovkDYVWjy1GYTJ+hPiBEv0HmHnDxjhn JIIkEvJ+niMHLLEdpNMhZnxMiTFRAtIF4WeYcpgXBjAxsEDRKBvw40K+r3N4lykySQNp2ElIJ8H1 z2BmhxtppUdWpOVJ4Q1Gvn9jfV1qnMhFCDY+X1X8DrkKrTcpDExcGlefweQs7+DYUK3spiQkJpN7 qpPYlfy2GYHedv7lGa1ZAghMI/4882QVAK2zq6M60nHpOUMtYD61XtAs3ZD5L3yn9LCdeK2j4ZbQ 3uRdwvxAMFWwXyUK/ALP4lCu9QhxbnETOkBWT3FJul4/FUgzM0RRCEGhuQWiOFSoa35XJTcYf/4E /ZuvOXhK04nUpe7DYTMWzRqL04yyoJQVHKHKSboytueydKuqFZKdJA9gi77OnPBYL/yxkXGgkLC9 tsi77oT4AgZry0/6lgX56ak+f/umQihNPgtKSQQjEYq9S8MlOHzpUM0vxsghATYsdUPBw6r6ZxDH jXoUAD03DUMEbKsWvqFB7nJNVesngbu8miw1EYLA+fHfTaCidoV3CL75jKqM/KE87qrh9Fqti9bK qnkvpTGCA2wwggNoAgEBMIGTMIGMMQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3RhcnRDb20gTHRk LjErMCkGA1UECxMiU2VjdXJlIERpZ2l0YWwgQ2VydGlmaWNhdGUgU2lnbmluZzE4MDYGA1UEAxMv U3RhcnRDb20gQ2xhc3MgMiBQcmltYXJ5IEludGVybWVkaWF0ZSBDbGllbnQgQ0ECAh5cMAkGBSsO AwIaBQCgggGtMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTEyMDcw NDE5MzM0NFowIwYJKoZIhvcNAQkEMRYEFMp3+UEbswmYleeuvFhq7Jq5JvE7MIGkBgkrBgEEAYI3 EAQxgZYwgZMwgYwxCzAJBgNVBAYTAklMMRYwFAYDVQQKEw1TdGFydENvbSBMdGQuMSswKQYDVQQL EyJTZWN1cmUgRGlnaXRhbCBDZXJ0aWZpY2F0ZSBTaWduaW5nMTgwNgYDVQQDEy9TdGFydENvbSBD bGFzcyAyIFByaW1hcnkgSW50ZXJtZWRpYXRlIENsaWVudCBDQQICHlwwgaYGCyqGSIb3DQEJEAIL MYGWoIGTMIGMMQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMi U2VjdXJlIERpZ2l0YWwgQ2VydGlmaWNhdGUgU2lnbmluZzE4MDYGA1UEAxMvU3RhcnRDb20gQ2xh c3MgMiBQcmltYXJ5IEludGVybWVkaWF0ZSBDbGllbnQgQ0ECAh5cMA0GCSqGSIb3DQEBAQUABIIB ABjX23t/cvbadpLGuwyir50tnNvLgiUz/+PtzLjJx7HFKcfwpkXeLyvYX+1PntrdnKT0L39U9gDD EXmuNh9S7+boqf1bhbf18eoO4gaLUwbi4OyUcohajgTQNYQmOuzJadeX43dJT30wkHG0ftsoaLWn LPH18Urh1Fq+Ob5IQ4Cv0zL9d1jqRe1pm1LbEc0Y6yY21o6l/V0Iq/nAXCl9HIR5I8M0oOvCHaD6 oADSO6AV9KL+777s3b7J5BcwAOBgnEFkv3NtMe3iyY07dJiiAghl2h78IsPmAft1EmsEU3T+dOJ9 nx6To8DS9TzUAzjS6EFQqmHBzHsEHCmhNoY2UXwAAAAAAAA= --Apple-Mail=_A484B927-7CD5-4446-BB42-C3A3BDA8FFE7-- From abilbie@lincoln.ac.uk Fri Jul 6 09:12:28 2012 Return-Path: X-Original-To: oauth@ietfa.amsl.com Delivered-To: oauth@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0658A21F87B4 for ; Fri, 6 Jul 2012 09:12:28 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.598 X-Spam-Level: X-Spam-Status: No, score=-2.598 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zmNJYMlfT3-1 for ; Fri, 6 Jul 2012 09:12:26 -0700 (PDT) Received: from atreides.lincoln.ac.uk (atreides.lincoln.ac.uk [195.195.10.21]) by ietfa.amsl.com (Postfix) with ESMTP id EDD7321F871E for ; Fri, 6 Jul 2012 09:12:23 -0700 (PDT) Received: from [194.80.56.81] (helo=email.lincoln.ac.uk) by atreides.lincoln.ac.uk with esmtp (Exim 4.72) (envelope-from ) id 1SnB92-0005jR-CS for oauth@ietf.org; Fri, 06 Jul 2012 17:12:38 +0100 Received: from [192.168.2.105] ([78.144.48.128]) by email.lincoln.ac.uk over TLS secured channel with Microsoft SMTPSVC(6.0.3790.4675); Fri, 6 Jul 2012 17:12:34 +0100 From: Alex Bilbie Content-Type: multipart/alternative; boundary="Apple-Mail=_3551C82E-B780-406D-AF7F-B95B4B2C39AC" Date: Fri, 6 Jul 2012 17:12:32 +0100 Message-Id: <438F0EB1-EE30-406B-A5CC-6754A571CF31@lincoln.ac.uk> To: oauth@ietf.org Mime-Version: 1.0 (Apple Message framework v1278) X-Mailer: Apple Mail (2.1278) X-OriginalArrivalTime: 06 Jul 2012 16:12:34.0673 (UTC) FILETIME=[27533610:01CD5B92] X-atreides-AV-clam: Checked using ClamAV X-atreides-AV-sophos: Checked using SophosAV X-SA-Exim-Connect-IP: 194.80.56.81 X-SA-Exim-Mail-From: abilbie@lincoln.ac.uk X-SA-Exim-Version: 4.2.1 (built Wed, 15 Dec 2010 15:49:34 +0000) X-SA-Exim-Scanned: Yes (on atreides.lincoln.ac.uk) Subject: [OAUTH-WG] Section 3.3 access token scopes X-BeenThere: oauth@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: OAUTH WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 06 Jul 2012 16:12:28 -0000 --Apple-Mail=_3551C82E-B780-406D-AF7F-B95B4B2C39AC Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii Hello, Could someone please explain why section 3.3 states that access token = scopes should be space delimited instead of comma delimited as lists = often are in query strings? Many thanks, Alex -- Alex Bilbie Online Services Team ICT Services University of Lincoln t: 01522 886542 e: abilbie@lincoln.ac.uk http://lncn.eu/me/abilbie --Apple-Mail=_3551C82E-B780-406D-AF7F-B95B4B2C39AC Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=us-ascii


ICT Services
University of = Lincoln

t: = 01522 886542
Date: Fri, 06 Jul 2012 10:13:10 -0700 Cc: oauth@ietf.org Subject: [OAUTH-WG] I-D Action: draft-ietf-oauth-json-web-token-01.txt X-BeenThere: oauth@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: OAUTH WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 06 Jul 2012 17:13:12 -0000 A New Internet-Draft is available from the on-line Internet-Drafts director= ies. This draft is a work item of the Web Authorization Protocol Working Group = of the IETF. Title : JSON Web Token (JWT) Author(s) : Michael B. Jones John Bradley Nat Sakimura Filename : draft-ietf-oauth-json-web-token-01.txt Pages : 21 Date : 2012-07-06 Abstract: JSON Web Token (JWT) is a means of representing claims to be transferred between two parties. The claims in a JWT are encoded as a JavaScript Object Notation (JSON) object that is digitally signed or MACed using JSON Web Signature (JWS) and/or encrypted using JSON Web Encryption (JWE). The suggested pronunciation of JWT is the same as the English word "jot". The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-oauth-json-web-token There's also a htmlized version available at: http://tools.ietf.org/html/draft-ietf-oauth-json-web-token-01 A diff from previous version is available at: http://tools.ietf.org/rfcdiff?url2=3Ddraft-ietf-oauth-json-web-token-01 Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ From Michael.Jones@microsoft.com Fri Jul 6 10:26:56 2012 Return-Path: X-Original-To: oauth@ietfa.amsl.com Delivered-To: oauth@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BE42721F8656 for ; Fri, 6 Jul 2012 10:26:56 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -3.771 X-Spam-Level: X-Spam-Status: No, score=-3.771 tagged_above=-999 required=5 tests=[AWL=-0.173, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Z5WzFvqkBRhz for ; Fri, 6 Jul 2012 10:26:45 -0700 (PDT) Received: from DB3EHSOBE004.bigfish.com (mail-db3.bigfish.com [94.245.120.74]) by ietfa.amsl.com (Postfix) with ESMTP id 56BF721F8697 for ; Fri, 6 Jul 2012 10:26:44 -0700 (PDT) Received: from mail5-db3-R.bigfish.com (10.3.81.233) by DB3EHSOBE004.bigfish.com (10.3.84.24) with Microsoft SMTP Server id 14.1.225.23; Fri, 6 Jul 2012 17:24:51 +0000 Received: from mail5-db3 (localhost [127.0.0.1]) by mail5-db3-R.bigfish.com (Postfix) with ESMTP id B3CB84A039F for ; Fri, 6 Jul 2012 17:24:51 +0000 (UTC) X-Forefront-Antispam-Report: CIP:131.107.125.8; KIP:(null); UIP:(null); IPV:NLI; H:TK5EX14MLTC103.redmond.corp.microsoft.com; RD:none; EFVD:NLI X-SpamScore: -20 X-BigFish: VS-20(zzc85fhzz1202hzz1033IL8275bh8275dhz2fh2a8h668h839hd25hf0ah107ah) Received-SPF: pass (mail5-db3: domain of microsoft.com designates 131.107.125.8 as permitted sender) client-ip=131.107.125.8; envelope-from=Michael.Jones@microsoft.com; helo=TK5EX14MLTC103.redmond.corp.microsoft.com ; icrosoft.com ; Received: from mail5-db3 (localhost.localdomain [127.0.0.1]) by mail5-db3 (MessageSwitch) id 1341595489394660_22105; Fri, 6 Jul 2012 17:24:49 +0000 (UTC) Received: from DB3EHSMHS010.bigfish.com (unknown [10.3.81.236]) by mail5-db3.bigfish.com (Postfix) with ESMTP id 5434936004A for ; Fri, 6 Jul 2012 17:24:49 +0000 (UTC) Received: from TK5EX14MLTC103.redmond.corp.microsoft.com (131.107.125.8) by DB3EHSMHS010.bigfish.com (10.3.87.110) with Microsoft SMTP Server (TLS) id 14.1.225.23; Fri, 6 Jul 2012 17:24:49 +0000 Received: from TK5EX14MBXC283.redmond.corp.microsoft.com ([169.254.2.53]) by TK5EX14MLTC103.redmond.corp.microsoft.com ([157.54.79.174]) with mapi id 14.02.0298.005; Fri, 6 Jul 2012 17:26:34 +0000 From: Mike Jones To: "oauth@ietf.org" Thread-Topic: Updated versions of JOSE and JWT specifications Thread-Index: Ac1bnHsz+/rWJ9BITF+plHEfJG2unA== Date: Fri, 6 Jul 2012 17:26:33 +0000 Message-ID: <4E1F6AAD24975D4BA5B168042967394366579EAB@TK5EX14MBXC283.redmond.corp.microsoft.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [157.54.51.78] Content-Type: multipart/alternative; boundary="_000_4E1F6AAD24975D4BA5B168042967394366579EABTK5EX14MBXC283r_" MIME-Version: 1.0 X-OriginatorOrg: microsoft.com Subject: [OAUTH-WG] Updated versions of JOSE and JWT specifications X-BeenThere: oauth@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: OAUTH WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 06 Jul 2012 17:26:56 -0000 --_000_4E1F6AAD24975D4BA5B168042967394366579EABTK5EX14MBXC283r_ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable New versions of the JSON WEB {Signature,Encryption,Key,Algorithms,Token} (J= WS, JWE, JWK, JWA, JWT) specifications have been released. These versions = incorporate numerous suggestions from working group members and developers = that clarify the intent of the specifications and make them easier to read = and implement. In particular, the JWE spec now includes encryption and key= derivation examples for a number of algorithms that have been verified in = multiple independent implementations. I've worked to close out all the former "TBD" items in the specs, bringing = them up to an editorially complete state, in preparation for working group = last call. As with previous releases, see the "Open Issues" sections for a= small number of discussion points that I believe merit working group atten= tion. I also applied the changes made to the JOSE specs to the related individual= submission JWS JSON Serialization and JWE JSON Serialization specs, which = enable multiple recipients. The working group specifications are available at: * http://tools.ietf.org/html/draft-ietf-jose-json-web-signature-03 * http://tools.ietf.org/html/draft-ietf-jose-json-web-encryption-03 * http://tools.ietf.org/html/draft-ietf-jose-json-web-key-03 * http://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-03 * http://tools.ietf.org/html/draft-ietf-oauth-json-web-token-01 The individual submission specifications are available at: * http://tools.ietf.org/html/draft-jones-json-web-signature-json-ser= ialization-02 * http://tools.ietf.org/html/draft-jones-json-web-encryption-json-se= rialization-02 The document history entries (also in the specifications) are as follows: http://tools.ietf.org/html/draft-ietf-jose-json-web-signature-03 * Added the cty (content type) header parameter for declaring type info= rmation about the secured content, as opposed to the typ (type) header para= meter, which declares type information about this object. * Added "Collision Resistant Namespace" to the terminology section. * Reference ITU.X690.1994 for DER encoding. * Added an example JWS using ECDSA P-521 SHA-512. This has particular i= llustrative value because of the use of the 521 bit integers in the key and= signature values. This is also an example in which the payload is not a ba= se64url encoded JSON object. * Added an example x5c value. * No longer say "the UTF-8 representation of the JWS Secured Input (whi= ch is the same as the ASCII representation)". Just call it "the ASCII repre= sentation of the JWS Secured Input". * Added Registration Template sections for defined registries. * Added Registry Contents sections to populate registry values. * Changed name of the JSON Web Signature and Encryption "typ" Values re= gistry to be the JSON Web Signature and Encryption Type Values registry, si= nce it is used for more than just values of the typ parameter. * Moved registries JSON Web Signature and Encryption Header Parameters = and JSON Web Signature and Encryption Type Values to the JWS specification. * Numerous editorial improvements. http://tools.ietf.org/html/draft-ietf-jose-json-web-encryption-03 * Added the kdf (key derivation function) header parameter to provide c= rypto agility for key derivation. The default KDF remains the Concat KDF wi= th the SHA-256 digest function. * Reordered encryption steps so that the Encoded JWE Header is always c= reated before it is needed as an input to the AEAD "additional authenticate= d data" parameter. * Added the cty (content type) header parameter for declaring type info= rmation about the secured content, as opposed to the typ (type) header para= meter, which declares type information about this object. * Moved description of how to determine whether a header is for a JWS o= r a JWE from the JWT spec to the JWE spec. * Added complete encryption examples for both AEAD and non-AEAD algorit= hms. * Added complete key derivation examples. * Added "Collision Resistant Namespace" to the terminology section. * Reference ITU.X690.1994 for DER encoding. * Added Registry Contents sections to populate registry values. * Numerous editorial improvements. http://tools.ietf.org/html/draft-ietf-jose-json-web-key-03 * Clarified that kid values need not be unique within a JWK Set. * Moved JSON Web Key Parameters registry to the JWK specification. * Added "Collision Resistant Namespace" to the terminology section. * Changed registration requirements from RFC Required to Specification = Required with Expert Review. * Added Registration Template sections for defined registries. * Added Registry Contents sections to populate registry values. * Numerous editorial improvements. http://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-03 * Always use a 128 bit "authentication tag" size for AES GCM, regardles= s of the key size. * Specified that use of a 128 bit IV is REQUIRED with AES CBC. It was p= reviously RECOMMENDED. * Removed key size language for ECDSA algorithms, since the key size is= implied by the algorithm being used. * Stated that the int key size must be the same as the hash output size= (and not larger, as was previously allowed) so that its size is defined fo= r key generation purposes. * Added the kdf (key derivation function) header parameter to provide c= rypto agility for key derivation. The default KDF remains the Concat KDF wi= th the SHA-256 digest function. * Clarified that the mod and exp values are unsigned. * Added Implementation Requirements columns to algorithm tables and Imp= lementation Requirements entries to algorithm registries. * Changed AES Key Wrap to RECOMMENDED. * Moved registries JSON Web Signature and Encryption Header Parameters = and JSON Web Signature and Encryption Type Values to the JWS specification. * Moved JSON Web Key Parameters registry to the JWK specification. * Changed registration requirements from RFC Required to Specification = Required with Expert Review. * Added Registration Template sections for defined registries. * Added Registry Contents sections to populate registry values. * No longer say "the UTF-8 representation of the JWS Secured Input (whi= ch is the same as the ASCII representation)". Just call it "the ASCII repre= sentation of the JWS Secured Input". * Added "Collision Resistant Namespace" to the terminology section. * Numerous editorial improvements. http://tools.ietf.org/html/draft-ietf-oauth-json-web-token-01 * Added the cty (content type) header parameter for declaring type info= rmation about the secured content, as opposed to the typ (type) header para= meter, which declares type information about this object. This significantl= y simplified nested JWTs. * Moved description of how to determine whether a header is for a JWS o= r a JWE from the JWT spec to the JWE spec. * Changed registration requirements from RFC Required to Specification = Required with Expert Review. * Added Registration Template sections for defined registries. * Added Registry Contents sections to populate registry values. * Added "Collision Resistant Namespace" to the terminology section. * Numerous editorial improvements. http://tools.ietf.org/html/draft-jones-json-web-signature-json-serializatio= n-02 * Tracked editorial changes made to the JWS spec. http://tools.ietf.org/html/draft-jones-json-web-encryption-json-serializati= on-02 * Updated examples to track updated algorithm properties in the JWA spe= c. * Tracked editorial changes made to the JWE spec. Special thanks to Axel Nennker, Emmanuel Raviart, Brian Campbell, and Edmun= d Jay for validating the JWE examples! -- Mike --_000_4E1F6AAD24975D4BA5B168042967394366579EABTK5EX14MBXC283r_ Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable

New versions of the JSON WEB {Signature,Encryption,K= ey,Algorithms,Token} (JWS, JWE, JWK, JWA, JWT) specifications have been rel= eased.  These versions incorporate numerous suggestions from working g= roup members and developers that clarify the intent of the specifications and make them easier to read and implemen= t.  In particular, the JWE spec now includes encryption and key deriva= tion examples for a number of algorithms that have been verified in multipl= e independent implementations.

 

I’ve worked to close out all the former “= ;TBD” items in the specs, bringing them up to an editorially complete= state, in preparation for working group last call.  As with previous = releases, see the “Open Issues” sections for a small number of discussion points that I believe merit working group attention.

 

I also applied the changes made to the JOSE specs to= the related individual submission JWS JSON Serialization and JWE JSON Seri= alization specs, which enable multiple recipients.

 

The working group specifications are available at:

·        http://tools.ietf.org/html/draft-ietf-jose= -json-web-signature-03

·        http://tools.ietf.org/html/draft-ietf-jos= e-json-web-encryption-03

·        http://tools.ietf.org/html/draft-ietf-jose-json-= web-key-03

·        http://tools.ietf.org/html/draft-ietf-jos= e-json-web-algorithms-03

·        http://tools.ietf.org/html/draft-ietf-oauth-j= son-web-token-01

 

The individual submission specifications are availab= le at:

·        http://tools.ietf.org/html/= draft-jones-json-web-signature-json-serialization-02

·        http://tools.ietf.org/html= /draft-jones-json-web-encryption-json-serialization-02

 

The document history entries (also in the specificat= ions) are as follows:

 

http://tools.ietf.org/html/draft-ietf-jose-json-we= b-signature-03

  • Added the cty (content type) header parameter for declaring = type information about the secured content, as opposed to the typ (type) header parameter, which declares type i= nformation about this object.
  • Added "Collision Resistant Namespace" t= o the terminology section.
  • Reference ITU.X690.1994 for DER encoding.
  • Added an example JWS using ECDSA P-521 SHA-512. T= his has particular illustrative value because of the use of the 521 bit int= egers in the key and signature values. This is also an example in which the payload= is not a base64url encoded JSON object.
  • Added an example x5c value.
  • No longer say "the UTF-8 representation of t= he JWS Secured Input (which is the same as the ASCII representation)".= Just call it "the ASCII representation of the JWS Secured Input".
  • Added Registration Template sections for defined registries.
  • Added Registry Contents sections to populate regi= stry values.
  • Changed name of the JSON Web Signature and Encryp= tion "typ" Values registry to be the JSON Web Signature and Encry= ption Type Values registry, since it is used for more than just values of the typ<= /span> parameter.
  • Moved registries JSON Web Signature and Encryptio= n Header Parameters and JSON Web Signature and Encryption Type Values to th= e JWS specification.
  • Numerous editorial improvements.

 

http://tools.ietf.org/html/draft-ietf-jose-json-w= eb-encryption-03

  • Added the kdf (key derivation function) header parameter to = provide crypto agility for key derivation. The default KDF remains the Concat KDF with the SHA-256 digest function.
  • Re= ordered encryption steps so that the Encoded JWE Header is always created b= efore it is needed as an input to the AEAD "additional authenticated data" parameter.
  • Added the cty (content type) header parameter for declaring = type information about the secured content, as opposed to the typ (type) header parameter, which declares type i= nformation about this object.
  • Moved description of how to determine whether a h= eader is for a JWS or a JWE from the JWT spec to the JWE spec.
  • Added complete encryption examples for both AEAD = and non-AEAD algorithms.
  • Added complete key derivation examples.
  • Added "Collision Resistant Namespace" t= o the terminology section.
  • Reference ITU.X690.1994 for DER encoding.
  • Added Registry Contents sections to populate regi= stry values.
  • Numerous editorial improvements.

 

http://tools.ietf.org/html/draft-ietf-jose-json-web-key-= 03

  • Clarified that kid values need not be unique within a JWK Set.
  • Moved JSON Web Key Parameters registry to the JWK= specification.
  • Added "Collision Resistant Namespace" t= o the terminology section.
  • Changed registration requirements from RFC Requir= ed to Specification Required with Expert Review.
  • Added Registration Template sections for defined = registries.
  • Added Registry Contents sections to populate regi= stry values.
  • Numerous editorial improvements.

 

http://tools.ietf.org/html/draft-ietf-jose-json-w= eb-algorithms-03

  • Always use a 128 bit "authentication tag" size for AES GCM, re= gardless of the key size.
  • Specified that use of a 128 bit IV is REQUIRED wi= th AES CBC. It was previously RECOMMENDED.
  • Removed key size language for ECDSA algorithms, s= ince the key size is implied by the algorithm being used.
  • Stated that the int key size must be the same as the hash output s= ize (and not larger, as was previously allowed) so that its size is defined for key generation purposes.
  • Added the kdf (key derivation function) header parameter to = provide crypto agility for key derivation. The default KDF remains the Concat KDF with the SHA-256 digest function.
  • Cl= arified that the mod and exp values are unsigned.
  • Added Implementation Requirements columns to algo= rithm tables and Implementation Requirements entries to algorithm registrie= s.
  • Changed AES Key Wrap to RECOMMENDED.
  • Moved registries JSON Web Signature and Encryptio= n Header Parameters and JSON Web Signature and Encryption Type Values to th= e JWS specification.
  • Moved JSON Web Key Parameters registry to the JWK= specification.
  • Changed registration requirements from RFC Requir= ed to Specification Required with Expert Review.
  • Added Registration Template sections for defined = registries.
  • Added Registry Contents sections to populate regi= stry values.
  • No longer say "the UTF-8 representation of t= he JWS Secured Input (which is the same as the ASCII representation)".= Just call it "the ASCII representation of the JWS Secured Input".
  • Added "Collision Resistant Namespace" to the terminology sec= tion.
  • Numerous editorial improvements.

 

http://tools.ietf.org/html/draft-ietf-oauth-json-web-= token-01

  • Added the cty (content type) header parameter for declaring = type information about the secured content, as opposed to the typ (type) header parameter, which declares type i= nformation about this object. This significantly simplified nested JWTs.
  • Moved description of how to determine whether a h= eader is for a JWS or a JWE from the JWT spec to the JWE spec.
  • Changed registration requirements from RFC Requir= ed to Specification Required with Expert Review.
  • Added Registration Template sections for defined = registries.
  • Added Registry Contents sections to populate regi= stry values.
  • Added "Collision Resistant Namespace" t= o the terminology section.
  • Numerous editorial improvements.

 

http://tools.ietf.org/html/draft-jo= nes-json-web-signature-json-serialization-02

  • Tracked editorial changes made to the JWS spec.

    •  

    http://tools.ietf.org/html/draft-j= ones-json-web-encryption-json-serialization-02

    • Updated examples to track updated algorithm properties in the JWA spec.
    • Tracked editorial changes made to the JWE spec.

     

    Special thanks to Axel Nennker, Emmanuel Raviart, Br= ian Campbell, and Edmund Jay for validating the JWE examples!

     

            &nbs= p;            &= nbsp;           &nbs= p;            &= nbsp;           &nbs= p; -- Mike

     

     

--_000_4E1F6AAD24975D4BA5B168042967394366579EABTK5EX14MBXC283r_-- From Michael.Jones@microsoft.com Fri Jul 6 11:31:18 2012 Return-Path: X-Original-To: oauth@ietfa.amsl.com Delivered-To: oauth@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 86BB611E80D2 for ; Fri, 6 Jul 2012 11:31:18 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -5.262 X-Spam-Level: X-Spam-Status: No, score=-5.262 tagged_above=-999 required=5 tests=[AWL=1.337, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3qfI0iuISJ+S for ; Fri, 6 Jul 2012 11:31:17 -0700 (PDT) Received: from va3outboundpool.messaging.microsoft.com (va3ehsobe006.messaging.microsoft.com [216.32.180.16]) by ietfa.amsl.com (Postfix) with ESMTP id 1A6E011E80AD for ; Fri, 6 Jul 2012 11:31:17 -0700 (PDT) Received: from mail111-va3-R.bigfish.com (10.7.14.254) by VA3EHSOBE002.bigfish.com (10.7.40.22) with Microsoft SMTP Server id 14.1.225.23; Fri, 6 Jul 2012 18:29:25 +0000 Received: from mail111-va3 (localhost [127.0.0.1]) by mail111-va3-R.bigfish.com (Postfix) with ESMTP id 875DA602CA; Fri, 6 Jul 2012 18:29:25 +0000 (UTC) X-Forefront-Antispam-Report: CIP:131.107.125.8; KIP:(null); UIP:(null); IPV:NLI; H:TK5EX14HUBC107.redmond.corp.microsoft.com; RD:none; EFVD:NLI X-SpamScore: -29 X-BigFish: VS-29(zz98dI9371I542M1432I1447Izz1202hzz1033IL8275dhz2fh2a8h668h839hd25hf0ah107ah) Received-SPF: pass (mail111-va3: domain of microsoft.com designates 131.107.125.8 as permitted sender) client-ip=131.107.125.8; envelope-from=Michael.Jones@microsoft.com; helo=TK5EX14HUBC107.redmond.corp.microsoft.com ; icrosoft.com ; Received: from mail111-va3 (localhost.localdomain [127.0.0.1]) by mail111-va3 (MessageSwitch) id 1341599363750384_9838; Fri, 6 Jul 2012 18:29:23 +0000 (UTC) Received: from VA3EHSMHS030.bigfish.com (unknown [10.7.14.237]) by mail111-va3.bigfish.com (Postfix) with ESMTP id B3A414004C; Fri, 6 Jul 2012 18:29:23 +0000 (UTC) Received: from TK5EX14HUBC107.redmond.corp.microsoft.com (131.107.125.8) by VA3EHSMHS030.bigfish.com (10.7.99.40) with Microsoft SMTP Server (TLS) id 14.1.225.23; Fri, 6 Jul 2012 18:29:23 +0000 Received: from TK5EX14MBXC283.redmond.corp.microsoft.com ([169.254.2.53]) by TK5EX14HUBC107.redmond.corp.microsoft.com ([157.54.80.67]) with mapi id 14.02.0309.003; Fri, 6 Jul 2012 18:31:11 +0000 From: Mike Jones To: "Richard L. Barnes" Thread-Topic: Nested JWT (was: Re: [jose] "typ":"JWS") Thread-Index: AQHNW6RTy17iT3k5l0KLVKfXYwOy5pcckp4g Date: Fri, 6 Jul 2012 18:31:11 +0000 Message-ID: <4E1F6AAD24975D4BA5B16804296739436657A2B8@TK5EX14MBXC283.redmond.corp.microsoft.com> References: <4E1F6AAD24975D4BA5B16804296739436657A131@TK5EX14MBXC283.redmond.corp.microsoft.com> In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [157.54.51.75] Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OriginatorOrg: microsoft.com Cc: "oauth@ietf.org" Subject: Re: [OAUTH-WG] Nested JWT (was: Re: [jose] "typ":"JWS") X-BeenThere: oauth@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: OAUTH WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 06 Jul 2012 18:31:18 -0000 A nested JWT is one where a JWT is used as the payload of another JWT, for = instance, so you can do sign/encrypt/sign. See http://tools.ietf.org/html/= draft-ietf-oauth-json-web-token-01#section-7 and http://tools.ietf.org/html= /draft-ietf-oauth-json-web-token-01#section-5.2. I wouldn't use it for multiple signatures - I'd use http://tools.ietf.org/h= tml/draft-jones-json-web-signature-json-serialization-02 or similar for tha= t. -- Mike -----Original Message----- From: Richard L. Barnes [mailto:rbarnes@bbn.com]=20 Sent: Friday, July 06, 2012 11:23 AM To: Mike Jones Cc: Manger, James H; jose@ietf.org Subject: Nested JWT (was: Re: [jose] "typ":"JWS") Not sure what the appropriate list is for this, so I'm just going to ask it= here: What is a "nested JWT"? I'm guessing it's a JWT claim set wrapped in JWS m= ultiple times, as in the example we were discussing earlier? Why would you want to do that instead of having parallel signatures? On Jul 6, 2012, at 2:19 PM, Mike Jones wrote: > Thanks for the thought on this, James. > =20 > In the -03 drafts there is now a clear distinction between "typ" (type) -= information about this object and the new "cty" (content type) - informati= on about the secured object. Besides being semantically cleaner, this also= simplified nested JWTs. > =20 > I then was able to make changes in the spirit of the ones you suggested b= elow, although using slightly different wording in some cases. > =20 > --=20 > Mike > =20 > From: Manger, James H [mailto:James.H.Manger@team.telstra.com] > Sent: Tuesday, May 15, 2012 5:40 PM > To: Mike Jones; jose@ietf.org > Subject: RE: "typ":"JWS" > =20 > >> draft-ietf-jose-json-web-signature-02 =A77.2 registers the "JWS" type= =20 > >> value (for the "typ" header field) . Perhaps "typ":"JWS" is more=20 > >> useful in a JWE header when encrypting signed content (sign-then-encry= pt). If this is the intention, then mentioning the "JWS" type value when de= fining the "typ" header for a JWS is misleading. It would be better to ment= ion it where the JWE spec defines "typ". > >> . > =20 > > Your second paragraph correctly describes the intended usage. For inst= ance, see http://tools.ietf.org/html/draft-jones-json-web-token-10#section-= 5.1 for this usage in action. The value is registered per the working grou= p decision relating "typ" values to MIME types. > =20 > Good. So let's say that. Suggested text changes: > =20 > * draft-ietf-jose-json-web-signature-02, section 4.1.8 "typ" (Type) Heade= r Parameter: delete the 2nd sentence because signing a signature is not wha= t we are talking about (and JWS-JS recommends a different approach for mult= iple signatures anyway). > =20 > * section 7.1 Registration of application/jws MIME Media Type: add a phra= se explicitly stating the syntax (since the spec mentions two: compact, and= JWS JS) so the section says: > This specification registers the "application/jws" MIME Media Type [RFC= 2045] > to identify content that uses the JWS compact serialization. > =20 > * section 7.2 Registration of "JWS" Type Value: mention the intended use = of encrypting signed content by adding this sentence. > The "typ" parameter can be set to "JWS" in a JSON Web Encryption [JWE] = header when encrypting signed content. > =20 > * draft-ietf-jose-json-web-encryption-02, section 4.1.13 "typ" (Type) Hea= der Parameter, section 11.1 Registration of application/jwe MIME Media Type= , section 11.2 Registration of "JWE" type Value: make equivalent changes. > =20 > -- > James Manger > =20 > _______________________________________________ > jose mailing list > jose@ietf.org > https://www.ietf.org/mailman/listinfo/jose From rbarnes@bbn.com Fri Jul 6 11:40:58 2012 Return-Path: X-Original-To: oauth@ietfa.amsl.com Delivered-To: oauth@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E8B6711E80C2 for ; Fri, 6 Jul 2012 11:40:58 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -106.544 X-Spam-Level: X-Spam-Status: No, score=-106.544 tagged_above=-999 required=5 tests=[AWL=0.055, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zdWJJ+FDEDy6 for ; Fri, 6 Jul 2012 11:40:58 -0700 (PDT) Received: from smtp.bbn.com (smtp.bbn.com [128.33.1.81]) by ietfa.amsl.com (Postfix) with ESMTP id 18A5B11E80AE for ; Fri, 6 Jul 2012 11:40:58 -0700 (PDT) Received: from ros-dhcp192-1-51-6.bbn.com ([192.1.51.6]:61800) by smtp.bbn.com with esmtps (TLSv1:AES128-SHA:128) (Exim 4.77 (FreeBSD)) (envelope-from ) id 1SnDSr-000EJJ-RV; Fri, 06 Jul 2012 14:41:13 -0400 Mime-Version: 1.0 (Apple Message framework v1278) Content-Type: text/plain; charset=iso-8859-1 From: "Richard L. Barnes" In-Reply-To: <4E1F6AAD24975D4BA5B16804296739436657A2B8@TK5EX14MBXC283.redmond.corp.microsoft.com> Date: Fri, 6 Jul 2012 14:41:13 -0400 Content-Transfer-Encoding: quoted-printable Message-Id: References: <4E1F6AAD24975D4BA5B16804296739436657A131@TK5EX14MBXC283.redmond.corp.microsoft.com> <4E1F6AAD24975D4BA5B16804296739436657A2B8@TK5EX14MBXC283.redmond.corp.microsoft.com> To: Mike Jones X-Mailer: Apple Mail (2.1278) Cc: "oauth@ietf.org" Subject: Re: [OAUTH-WG] Nested JWT (was: Re: [jose] "typ":"JWS") X-BeenThere: oauth@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: OAUTH WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 06 Jul 2012 18:40:59 -0000 So, first of all, it seems like an abuse of terminology to say "JWT = within a JWT", unless you really want to create an infinite recursion. What's the use case for sign/encrypt/sign, as opposed to just = sign/encrypt? On Jul 6, 2012, at 2:31 PM, Mike Jones wrote: > A nested JWT is one where a JWT is used as the payload of another JWT, = for instance, so you can do sign/encrypt/sign. See = http://tools.ietf.org/html/draft-ietf-oauth-json-web-token-01#section-7 = and = http://tools.ietf.org/html/draft-ietf-oauth-json-web-token-01#section-5.2.= >=20 > I wouldn't use it for multiple signatures - I'd use = http://tools.ietf.org/html/draft-jones-json-web-signature-json-serializati= on-02 or similar for that. >=20 > -- Mike >=20 > -----Original Message----- > From: Richard L. Barnes [mailto:rbarnes@bbn.com]=20 > Sent: Friday, July 06, 2012 11:23 AM > To: Mike Jones > Cc: Manger, James H; jose@ietf.org > Subject: Nested JWT (was: Re: [jose] "typ":"JWS") >=20 > Not sure what the appropriate list is for this, so I'm just going to = ask it here: >=20 > What is a "nested JWT"? I'm guessing it's a JWT claim set wrapped in = JWS multiple times, as in the example we were discussing earlier? >=20 > Why would you want to do that instead of having parallel signatures? >=20 >=20 >=20 >=20 > On Jul 6, 2012, at 2:19 PM, Mike Jones wrote: >=20 >> Thanks for the thought on this, James. >>=20 >> In the -03 drafts there is now a clear distinction between "typ" = (type) - information about this object and the new "cty" (content type) = - information about the secured object. Besides being semantically = cleaner, this also simplified nested JWTs. >>=20 >> I then was able to make changes in the spirit of the ones you = suggested below, although using slightly different wording in some = cases. >>=20 >> --=20 >> Mike >>=20 >> From: Manger, James H [mailto:James.H.Manger@team.telstra.com] >> Sent: Tuesday, May 15, 2012 5:40 PM >> To: Mike Jones; jose@ietf.org >> Subject: RE: "typ":"JWS" >>=20 >>>> draft-ietf-jose-json-web-signature-02 =A77.2 registers the "JWS" = type=20 >>>> value (for the "typ" header field) . Perhaps "typ":"JWS" is more=20 >>>> useful in a JWE header when encrypting signed content = (sign-then-encrypt). If this is the intention, then mentioning the "JWS" = type value when defining the "typ" header for a JWS is misleading. It = would be better to mention it where the JWE spec defines "typ". >>>> . >>=20 >>> Your second paragraph correctly describes the intended usage. For = instance, see = http://tools.ietf.org/html/draft-jones-json-web-token-10#section-5.1 for = this usage in action. The value is registered per the working group = decision relating "typ" values to MIME types. >>=20 >> Good. So let's say that. Suggested text changes: >>=20 >> * draft-ietf-jose-json-web-signature-02, section 4.1.8 "typ" (Type) = Header Parameter: delete the 2nd sentence because signing a signature is = not what we are talking about (and JWS-JS recommends a different = approach for multiple signatures anyway). >>=20 >> * section 7.1 Registration of application/jws MIME Media Type: add a = phrase explicitly stating the syntax (since the spec mentions two: = compact, and JWS JS) so the section says: >> This specification registers the "application/jws" MIME Media Type = [RFC 2045] >> to identify content that uses the JWS compact serialization. >>=20 >> * section 7.2 Registration of "JWS" Type Value: mention the intended = use of encrypting signed content by adding this sentence. >> The "typ" parameter can be set to "JWS" in a JSON Web Encryption = [JWE] header when encrypting signed content. >>=20 >> * draft-ietf-jose-json-web-encryption-02, section 4.1.13 "typ" (Type) = Header Parameter, section 11.1 Registration of application/jwe MIME = Media Type, section 11.2 Registration of "JWE" type Value: make = equivalent changes. >>=20 >> -- >> James Manger >>=20 >> _______________________________________________ >> jose mailing list >> jose@ietf.org >> https://www.ietf.org/mailman/listinfo/jose >=20 >=20 >=20 From ve7jtb@ve7jtb.com Fri Jul 6 12:07:07 2012 Return-Path: X-Original-To: oauth@ietfa.amsl.com Delivered-To: oauth@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 713D911E809F for ; Fri, 6 Jul 2012 12:07:07 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -3.477 X-Spam-Level: X-Spam-Status: No, score=-3.477 tagged_above=-999 required=5 tests=[AWL=0.122, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZdkFhbIMqdwm for ; Fri, 6 Jul 2012 12:07:06 -0700 (PDT) Received: from mail-yw0-f44.google.com (mail-yw0-f44.google.com [209.85.213.44]) by ietfa.amsl.com (Postfix) with ESMTP id 8E82011E8079 for ; Fri, 6 Jul 2012 12:07:06 -0700 (PDT) Received: by yhq56 with SMTP id 56so11394027yhq.31 for ; Fri, 06 Jul 2012 12:07:23 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=subject:mime-version:content-type:from:in-reply-to:date:cc :message-id:references:to:x-mailer:x-gm-message-state; bh=0BYjjYUKDT9+KC7yz99L39aYYEILSyTsFJZGBRFQH7U=; b=GlKpi3RdgmkooNrqNEMubdO8S9DPtChrHDv6eZ7Lf11pOVVUetOGn0WRDJ6SOp66sL l96KNaq94obl+gCPnBPOLXVVjN/ewddyjfT62Qv7pwG4xExvMjMqdyNeDorxwVEBQ8QD xJcrP/DbDslFPc9+NLO8MATWOQu3G+dTGTylwdytVZqujQD4VF0M1QWQK9dIaf/g5G/X URX6eY4nVeANViIV0bE8g8XwT0iOn7L5Li88X6h7x1wLYF5+MSNt/YU+e8KXCbUtkFmX w37L92CcovFQCf1741983nUHIJS6jv1mwx2vE8nFQYW6cgYphFmG19EdliJeMUosdeAv Firg== Received: by 10.101.60.2 with SMTP id n2mr10758056ank.29.1341601643275; Fri, 06 Jul 2012 12:07:23 -0700 (PDT) Received: from [192.168.1.211] (190-20-25-33.baf.movistar.cl. [190.20.25.33]) by mx.google.com with ESMTPS id i65sm37068884yhb.3.2012.07.06.12.07.19 (version=TLSv1/SSLv3 cipher=OTHER); Fri, 06 Jul 2012 12:07:21 -0700 (PDT) Mime-Version: 1.0 (Apple Message framework v1278) Content-Type: multipart/signed; boundary="Apple-Mail=_6FC6FB6E-C971-412A-A485-2AC1F30403DF"; protocol="application/pkcs7-signature"; micalg=sha1 From: John Bradley In-Reply-To: Date: Fri, 6 Jul 2012 15:07:11 -0400 Message-Id: <4A66416B-701E-4CE9-B47B-091383DD4526@ve7jtb.com> References: <4E1F6AAD24975D4BA5B16804296739436657A131@TK5EX14MBXC283.redmond.corp.microsoft.com> <4E1F6AAD24975D4BA5B16804296739436657A2B8@TK5EX14MBXC283.redmond.corp.microsoft.com> To: "Richard L. Barnes" X-Mailer: Apple Mail (2.1278) X-Gm-Message-State: ALoCoQlLuMv5eZBOxHjfqCvAXW1b2W3jGEOyjcOHA8Ver3Efl63gSlv3ULjydX7HxH9CZeP5mKn4 Cc: "oauth@ietf.org" Subject: Re: [OAUTH-WG] Nested JWT (was: Re: [jose] "typ":"JWS") X-BeenThere: oauth@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: OAUTH WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 06 Jul 2012 19:07:07 -0000 --Apple-Mail=_6FC6FB6E-C971-412A-A485-2AC1F30403DF Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=iso-8859-1 In the security token case the outer signature may be checked by = intermediate gateways. Signing with RSA then encrypting would also fall into the same category. = =20 At the moment in SAML we have sign encrypt sign to prevent the padding = oracle attack on authn responses.=20 The use of AEAD admittedly covers a number of cases where people are = doing an outer signing today but not all. John B. On 2012-07-06, at 2:41 PM, Richard L. Barnes wrote: > So, first of all, it seems like an abuse of terminology to say "JWT = within a JWT", unless you really want to create an infinite recursion. >=20 > What's the use case for sign/encrypt/sign, as opposed to just = sign/encrypt? >=20 >=20 >=20 >=20 > On Jul 6, 2012, at 2:31 PM, Mike Jones wrote: >=20 >> A nested JWT is one where a JWT is used as the payload of another = JWT, for instance, so you can do sign/encrypt/sign. See = http://tools.ietf.org/html/draft-ietf-oauth-json-web-token-01#section-7 = and = http://tools.ietf.org/html/draft-ietf-oauth-json-web-token-01#section-5.2.= >>=20 >> I wouldn't use it for multiple signatures - I'd use = http://tools.ietf.org/html/draft-jones-json-web-signature-json-serializati= on-02 or similar for that. >>=20 >> -- Mike >>=20 >> -----Original Message----- >> From: Richard L. Barnes [mailto:rbarnes@bbn.com]=20 >> Sent: Friday, July 06, 2012 11:23 AM >> To: Mike Jones >> Cc: Manger, James H; jose@ietf.org >> Subject: Nested JWT (was: Re: [jose] "typ":"JWS") >>=20 >> Not sure what the appropriate list is for this, so I'm just going to = ask it here: >>=20 >> What is a "nested JWT"? I'm guessing it's a JWT claim set wrapped in = JWS multiple times, as in the example we were discussing earlier? >>=20 >> Why would you want to do that instead of having parallel signatures? >>=20 >>=20 >>=20 >>=20 >> On Jul 6, 2012, at 2:19 PM, Mike Jones wrote: >>=20 >>> Thanks for the thought on this, James. >>>=20 >>> In the -03 drafts there is now a clear distinction between "typ" = (type) - information about this object and the new "cty" (content type) = - information about the secured object. Besides being semantically = cleaner, this also simplified nested JWTs. >>>=20 >>> I then was able to make changes in the spirit of the ones you = suggested below, although using slightly different wording in some = cases. >>>=20 >>> --=20 >>> Mike >>>=20 >>> From: Manger, James H [mailto:James.H.Manger@team.telstra.com] >>> Sent: Tuesday, May 15, 2012 5:40 PM >>> To: Mike Jones; jose@ietf.org >>> Subject: RE: "typ":"JWS" >>>=20 >>>>> draft-ietf-jose-json-web-signature-02 =A77.2 registers the "JWS" = type=20 >>>>> value (for the "typ" header field) . Perhaps "typ":"JWS" is more=20= >>>>> useful in a JWE header when encrypting signed content = (sign-then-encrypt). If this is the intention, then mentioning the "JWS" = type value when defining the "typ" header for a JWS is misleading. It = would be better to mention it where the JWE spec defines "typ". >>>>> . >>>=20 >>>> Your second paragraph correctly describes the intended usage. For = instance, see = http://tools.ietf.org/html/draft-jones-json-web-token-10#section-5.1 for = this usage in action. The value is registered per the working group = decision relating "typ" values to MIME types. >>>=20 >>> Good. So let's say that. Suggested text changes: >>>=20 >>> * draft-ietf-jose-json-web-signature-02, section 4.1.8 "typ" (Type) = Header Parameter: delete the 2nd sentence because signing a signature is = not what we are talking about (and JWS-JS recommends a different = approach for multiple signatures anyway). >>>=20 >>> * section 7.1 Registration of application/jws MIME Media Type: add a = phrase explicitly stating the syntax (since the spec mentions two: = compact, and JWS JS) so the section says: >>> This specification registers the "application/jws" MIME Media Type = [RFC 2045] >>> to identify content that uses the JWS compact serialization. >>>=20 >>> * section 7.2 Registration of "JWS" Type Value: mention the intended = use of encrypting signed content by adding this sentence. >>> The "typ" parameter can be set to "JWS" in a JSON Web Encryption = [JWE] header when encrypting signed content. >>>=20 >>> * draft-ietf-jose-json-web-encryption-02, section 4.1.13 "typ" = (Type) Header Parameter, section 11.1 Registration of application/jwe = MIME Media Type, section 11.2 Registration of "JWE" type Value: make = equivalent changes. >>>=20 >>> -- >>> James Manger >>>=20 >>> _______________________________________________ >>> jose mailing list >>> jose@ietf.org >>> https://www.ietf.org/mailman/listinfo/jose >>=20 >>=20 >>=20 >=20 > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth --Apple-Mail=_6FC6FB6E-C971-412A-A485-2AC1F30403DF Content-Disposition: attachment; filename=smime.p7s Content-Type: application/pkcs7-signature; name=smime.p7s Content-Transfer-Encoding: base64 MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIPnzCCB7Uw ggadoAMCAQICAh5cMA0GCSqGSIb3DQEBBQUAMIGMMQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3Rh cnRDb20gTHRkLjErMCkGA1UECxMiU2VjdXJlIERpZ2l0YWwgQ2VydGlmaWNhdGUgU2lnbmluZzE4 MDYGA1UEAxMvU3RhcnRDb20gQ2xhc3MgMiBQcmltYXJ5IEludGVybWVkaWF0ZSBDbGllbnQgQ0Ew HhcNMTIwMzE4MDQzMjQ4WhcNMTQwMzE5MTEwNzMyWjCBmzEZMBcGA1UEDRMQR3JUTTZMUzdYMzU3 NzhzOTELMAkGA1UEBhMCQ0wxIjAgBgNVBAgTGU1ldHJvcG9saXRhbmEgZGUgU2FudGlhZ28xFjAU BgNVBAcTDUlzbGEgZGUgTWFpcG8xFTATBgNVBAMTDEpvaG4gQnJhZGxleTEeMBwGCSqGSIb3DQEJ ARYPamJyYWRsZXlAbWUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAskrlBI93 rBTLOQGSwIT6co6dAw/rwDPrRXl6/F2oc4KDn+QN6CdFeHo08H846VJS9CDjLKvnK9jbxxs4wYqe nKdPb3jgzt8oc7b9ZXtWkOgsxgMf6dBZ/IPm4lWBpCbSr3seDGDXEpiE2lTZXno7c25OguR4E6Qa hcpHABZjeEWK65mMH25gmoRf5MY1k3quu5y+FCYCHE2iwU5jzq+mI3HmG59+UMFLx1fjV+zTslRw 26cQDC/uepwjeYSp8S26hfWipVWwQj4js/C7RoPtvt2iyeU+LSH81jG4wlAWntiOG1WtoXUuXWSc ExhciKeKWCnemy9qqmxRfJqBROeGlQIDAQABo4IEDjCCBAowCQYDVR0TBAIwADALBgNVHQ8EBAMC BLAwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMEMB0GA1UdDgQWBBQ/A7/CxKEnzpqmZlLz 9iaQMy24eTAfBgNVHSMEGDAWgBSuVYNv7DHKufcd+q9rMfPIHeOsuzB+BgNVHREEdzB1gQ9qYnJh ZGxleUBtZS5jb22BD2picmFkbGV5QG1lLmNvbYEQamJyYWRsZXlAbWFjLmNvbYERdmU3anRiQHZl N2p0Yi5jb22BE2picmFkbGV5QHdpbmdhYS5jb22BF2pvaG4uYnJhZGxleUB3aW5nYWEuY29tMIIC IQYDVR0gBIICGDCCAhQwggIQBgsrBgEEAYG1NwECAjCCAf8wLgYIKwYBBQUHAgEWImh0dHA6Ly93 d3cuc3RhcnRzc2wuY29tL3BvbGljeS5wZGYwNAYIKwYBBQUHAgEWKGh0dHA6Ly93d3cuc3RhcnRz c2wuY29tL2ludGVybWVkaWF0ZS5wZGYwgfcGCCsGAQUFBwICMIHqMCcWIFN0YXJ0Q29tIENlcnRp ZmljYXRpb24gQXV0aG9yaXR5MAMCAQEagb5UaGlzIGNlcnRpZmljYXRlIHdhcyBpc3N1ZWQgYWNj b3JkaW5nIHRvIHRoZSBDbGFzcyAyIFZhbGlkYXRpb24gcmVxdWlyZW1lbnRzIG9mIHRoZSBTdGFy dENvbSBDQSBwb2xpY3ksIHJlbGlhbmNlIG9ubHkgZm9yIHRoZSBpbnRlbmRlZCBwdXJwb3NlIGlu IGNvbXBsaWFuY2Ugb2YgdGhlIHJlbHlpbmcgcGFydHkgb2JsaWdhdGlvbnMuMIGcBggrBgEFBQcC AjCBjzAnFiBTdGFydENvbSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTADAgECGmRMaWFiaWxpdHkg YW5kIHdhcnJhbnRpZXMgYXJlIGxpbWl0ZWQhIFNlZSBzZWN0aW9uICJMZWdhbCBhbmQgTGltaXRh dGlvbnMiIG9mIHRoZSBTdGFydENvbSBDQSBwb2xpY3kuMDYGA1UdHwQvMC0wK6ApoCeGJWh0dHA6 Ly9jcmwuc3RhcnRzc2wuY29tL2NydHUyLWNybC5jcmwwgY4GCCsGAQUFBwEBBIGBMH8wOQYIKwYB BQUHMAGGLWh0dHA6Ly9vY3NwLnN0YXJ0c3NsLmNvbS9zdWIvY2xhc3MyL2NsaWVudC9jYTBCBggr BgEFBQcwAoY2aHR0cDovL2FpYS5zdGFydHNzbC5jb20vY2VydHMvc3ViLmNsYXNzMi5jbGllbnQu Y2EuY3J0MCMGA1UdEgQcMBqGGGh0dHA6Ly93d3cuc3RhcnRzc2wuY29tLzANBgkqhkiG9w0BAQUF AAOCAQEAEcfD4PmHrX+W3zaP/KsR4gwLAL0UTaMz14SIng6a9F3kb8ZDbTUneS9ubgpqeJQP2IFc 0U5gQnJ3XeCH6p9I88mvm1NqKQw8WvfglS0aIS19vfpTgXJSPdIO2JJPRqaBtXf3zkdXJwckX9/d NMrLGeGvaFT9fUNdQdHU4BI1pVUpgKr796T7LTc/ERfH8iFp1+CmdVkJ6Y2iJdWUp4h17XmbxbIT 0CdS4SSk/VW8LFsn/mVz6hB73VthwjGsIku54Wp4pRuq1KX+pATnRk3pHRa1z3mxJMmq7OEXENcC Vm+bAnyUrYbUilNS9UVTYS8/3dVsKiNupBaOZO+vOgJqVDCCB+IwggXKoAMCAQICAQ4wDQYJKoZI hvcNAQEFBQAwfTELMAkGA1UEBhMCSUwxFjAUBgNVBAoTDVN0YXJ0Q29tIEx0ZC4xKzApBgNVBAsT IlNlY3VyZSBEaWdpdGFsIENlcnRpZmljYXRlIFNpZ25pbmcxKTAnBgNVBAMTIFN0YXJ0Q29tIENl cnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA3MTAyNDIxMDI1NFoXDTEyMTAyMjIxMDI1NFowgYwx CzAJBgNVBAYTAklMMRYwFAYDVQQKEw1TdGFydENvbSBMdGQuMSswKQYDVQQLEyJTZWN1cmUgRGln aXRhbCBDZXJ0aWZpY2F0ZSBTaWduaW5nMTgwNgYDVQQDEy9TdGFydENvbSBDbGFzcyAyIFByaW1h cnkgSW50ZXJtZWRpYXRlIENsaWVudCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB AMsohUWcASz7GfKrpTOMKqANy9BV7V0igWdGxA8IU77L3aTxErQ+fcxtDYZ36Z6GH0YFn7fq5RAD teP0AYzrCA+EQTfi8q1+kA3m0nwtwXG94M5sIqsvs7lRP1aycBke/s5g9hJHryZ2acScnzczjBCA o7X1v5G3yw8MDP2m2RCye0KfgZ4nODerZJVzhAlOD9YejvAXZqHksw56HzElVIoYSZ3q4+RJuPXX fIoyby+Y2m1E+YzX5iCZXBx05gk6MKAW1vaw4/v2OOLy6FZH3XHHtOkzUreG//CsFnB9+uaYSlR6 5cdGzTsmoIK8WH1ygoXhRBm98SD7Hf/r3FELNvUCAwEAAaOCA1swggNXMAwGA1UdEwQFMAMBAf8w CwYDVR0PBAQDAgGmMB0GA1UdDgQWBBSuVYNv7DHKufcd+q9rMfPIHeOsuzCBqAYDVR0jBIGgMIGd gBROC+8apEBbpRdphzDKNGhD0EGu8qGBgaR/MH0xCzAJBgNVBAYTAklMMRYwFAYDVQQKEw1TdGFy dENvbSBMdGQuMSswKQYDVQQLEyJTZWN1cmUgRGlnaXRhbCBDZXJ0aWZpY2F0ZSBTaWduaW5nMSkw JwYDVQQDEyBTdGFydENvbSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eYIBATAJBgNVHRIEAjAAMD0G CCsGAQUFBwEBBDEwLzAtBggrBgEFBQcwAoYhaHR0cDovL3d3dy5zdGFydHNzbC5jb20vc2ZzY2Eu Y3J0MGAGA1UdHwRZMFcwLKAqoCiGJmh0dHA6Ly9jZXJ0LnN0YXJ0Y29tLm9yZy9zZnNjYS1jcmwu Y3JsMCegJaAjhiFodHRwOi8vY3JsLnN0YXJ0c3NsLmNvbS9zZnNjYS5jcmwwggFdBgNVHSAEggFU MIIBUDCCAUwGCysGAQQBgbU3AQEEMIIBOzAvBggrBgEFBQcCARYjaHR0cDovL2NlcnQuc3RhcnRj b20ub3JnL3BvbGljeS5wZGYwNQYIKwYBBQUHAgEWKWh0dHA6Ly9jZXJ0LnN0YXJ0Y29tLm9yZy9p bnRlcm1lZGlhdGUucGRmMIHQBggrBgEFBQcCAjCBwzAnFiBTdGFydCBDb21tZXJjaWFsIChTdGFy dENvbSkgTHRkLjADAgEBGoGXTGltaXRlZCBMaWFiaWxpdHksIHJlYWQgdGhlIHNlY3Rpb24gKkxl Z2FsIExpbWl0YXRpb25zKiBvZiB0aGUgU3RhcnRDb20gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkg UG9saWN5IGF2YWlsYWJsZSBhdCBodHRwOi8vY2VydC5zdGFydGNvbS5vcmcvcG9saWN5LnBkZjAR BglghkgBhvhCAQEEBAMCAAcwUAYJYIZIAYb4QgENBEMWQVN0YXJ0Q29tIENsYXNzIDIgUHJpbWFy eSBJbnRlcm1lZGlhdGUgRnJlZSBTU0wgRW1haWwgQ2VydGlmaWNhdGVzMA0GCSqGSIb3DQEBBQUA A4ICAQAe9xAX/vbphHkvkDdNrslXWdO7fD3JaqnTT3jmmDu55r7UpW1H/v/J40UBXsw9DKU8TylE 4RwZT5HDAMW42f1x498AzM4FOnL/pUTTvr6BiRlrify5ZovkDYVWjy1GYTJ+hPiBEv0HmHnDxjhn JIIkEvJ+niMHLLEdpNMhZnxMiTFRAtIF4WeYcpgXBjAxsEDRKBvw40K+r3N4lykySQNp2ElIJ8H1 z2BmhxtppUdWpOVJ4Q1Gvn9jfV1qnMhFCDY+X1X8DrkKrTcpDExcGlefweQs7+DYUK3spiQkJpN7 qpPYlfy2GYHedv7lGa1ZAghMI/4882QVAK2zq6M60nHpOUMtYD61XtAs3ZD5L3yn9LCdeK2j4ZbQ 3uRdwvxAMFWwXyUK/ALP4lCu9QhxbnETOkBWT3FJul4/FUgzM0RRCEGhuQWiOFSoa35XJTcYf/4E /ZuvOXhK04nUpe7DYTMWzRqL04yyoJQVHKHKSboytueydKuqFZKdJA9gi77OnPBYL/yxkXGgkLC9 tsi77oT4AgZry0/6lgX56ak+f/umQihNPgtKSQQjEYq9S8MlOHzpUM0vxsghATYsdUPBw6r6ZxDH jXoUAD03DUMEbKsWvqFB7nJNVesngbu8miw1EYLA+fHfTaCidoV3CL75jKqM/KE87qrh9Fqti9bK qnkvpTGCA2wwggNoAgEBMIGTMIGMMQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3RhcnRDb20gTHRk LjErMCkGA1UECxMiU2VjdXJlIERpZ2l0YWwgQ2VydGlmaWNhdGUgU2lnbmluZzE4MDYGA1UEAxMv U3RhcnRDb20gQ2xhc3MgMiBQcmltYXJ5IEludGVybWVkaWF0ZSBDbGllbnQgQ0ECAh5cMAkGBSsO AwIaBQCgggGtMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTEyMDcw NjE5MDcxMlowIwYJKoZIhvcNAQkEMRYEFBDXtVhdyvFv8soD6t66QdJKGOL3MIGkBgkrBgEEAYI3 EAQxgZYwgZMwgYwxCzAJBgNVBAYTAklMMRYwFAYDVQQKEw1TdGFydENvbSBMdGQuMSswKQYDVQQL EyJTZWN1cmUgRGlnaXRhbCBDZXJ0aWZpY2F0ZSBTaWduaW5nMTgwNgYDVQQDEy9TdGFydENvbSBD bGFzcyAyIFByaW1hcnkgSW50ZXJtZWRpYXRlIENsaWVudCBDQQICHlwwgaYGCyqGSIb3DQEJEAIL MYGWoIGTMIGMMQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMi U2VjdXJlIERpZ2l0YWwgQ2VydGlmaWNhdGUgU2lnbmluZzE4MDYGA1UEAxMvU3RhcnRDb20gQ2xh c3MgMiBQcmltYXJ5IEludGVybWVkaWF0ZSBDbGllbnQgQ0ECAh5cMA0GCSqGSIb3DQEBAQUABIIB AKS3Pum5t5zxGRAOX3fSvz7fTsdYRUmb03nJU4ZLabXHovdmGLKjoxf8HAbVC6Wpm0dCF425MZGJ RY9DvkfB5v7jjAZ8pWNRSO9MRWuFS07PEMshN2EwrlkQ10YU/p7dblr2yfKBrCcJAttGF2+H7aCb ENvdoIUhNwusE6w127Nxf3fmOsEyovh+jriwgd7yF8+ioVR0uS6onR8vloDhbbG2lM/wQ1uocHuL BnuaYDvM/dD02QDO9bZba6ev9ZQQdUIe/1ImjaQYiKN+cMfD762zXEnjSaWLfZ2qWHZCsZLJIQ6L iqRYcoT+lg03ltmW5FA3+2fjzae+Rg1Hj3zflswAAAAAAAA= --Apple-Mail=_6FC6FB6E-C971-412A-A485-2AC1F30403DF-- From internet-drafts@ietf.org Fri Jul 6 15:17:04 2012 Return-Path: X-Original-To: oauth@ietfa.amsl.com Delivered-To: oauth@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D04DD21F86E0; Fri, 6 Jul 2012 15:17:04 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -102.579 X-Spam-Level: X-Spam-Status: No, score=-102.579 tagged_above=-999 required=5 tests=[AWL=0.020, BAYES_00=-2.599, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ykkM+RG9G10y; Fri, 6 Jul 2012 15:17:03 -0700 (PDT) Received: from ietfa.amsl.com (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CD62C21F873C; Fri, 6 Jul 2012 15:17:03 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable From: internet-drafts@ietf.org To: i-d-announce@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 4.30p2 Message-ID: <20120706221703.22849.61429.idtracker@ietfa.amsl.com> Date: Fri, 06 Jul 2012 15:17:03 -0700 Cc: oauth@ietf.org Subject: [OAUTH-WG] I-D Action: draft-ietf-oauth-jwt-bearer-01.txt X-BeenThere: oauth@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: OAUTH WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 06 Jul 2012 22:17:05 -0000 A New Internet-Draft is available from the on-line Internet-Drafts director= ies. This draft is a work item of the Web Authorization Protocol Working Group = of the IETF. Title : JSON Web Token (JWT) Bearer Token Profiles for OAuth 2.0 Author(s) : Michael B. Jones Brian Campbell Chuck Mortimore Filename : draft-ietf-oauth-jwt-bearer-01.txt Pages : 10 Date : 2012-07-06 Abstract: This specification defines the use of a JSON Web Token (JWT) Bearer Token as a means for requesting an OAuth 2.0 access token as well as for use as a means of client authentication. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-oauth-jwt-bearer There's also a htmlized version available at: http://tools.ietf.org/html/draft-ietf-oauth-jwt-bearer-01 A diff from previous version is available at: http://tools.ietf.org/rfcdiff?url2=3Ddraft-ietf-oauth-jwt-bearer-01 Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ From Michael.Jones@microsoft.com Fri Jul 6 15:26:22 2012 Return-Path: X-Original-To: oauth@ietfa.amsl.com Delivered-To: oauth@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7831D11E80C0 for ; Fri, 6 Jul 2012 15:26:22 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -3.778 X-Spam-Level: X-Spam-Status: No, score=-3.778 tagged_above=-999 required=5 tests=[AWL=-0.180, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5EvyhhamTm92 for ; Fri, 6 Jul 2012 15:26:21 -0700 (PDT) Received: from am1outboundpool.messaging.microsoft.com (am1ehsobe004.messaging.microsoft.com [213.199.154.207]) by ietfa.amsl.com (Postfix) with ESMTP id 01E1011E80B3 for ; Fri, 6 Jul 2012 15:26:20 -0700 (PDT) Received: from mail28-am1-R.bigfish.com (10.3.201.226) by AM1EHSOBE002.bigfish.com (10.3.204.22) with Microsoft SMTP Server id 14.1.225.23; Fri, 6 Jul 2012 22:24:29 +0000 Received: from mail28-am1 (localhost [127.0.0.1]) by mail28-am1-R.bigfish.com (Postfix) with ESMTP id B794220292 for ; Fri, 6 Jul 2012 22:24:28 +0000 (UTC) X-Forefront-Antispam-Report: CIP:131.107.125.8; KIP:(null); UIP:(null); IPV:NLI; H:TK5EX14HUBC105.redmond.corp.microsoft.com; RD:none; EFVD:NLI X-SpamScore: -20 X-BigFish: VS-20(zzc85fhzz1202hzz1033IL8275bh8275dhz2fh2a8h668h839hd25hf0ah107ah) Received-SPF: pass (mail28-am1: domain of microsoft.com designates 131.107.125.8 as permitted sender) client-ip=131.107.125.8; envelope-from=Michael.Jones@microsoft.com; helo=TK5EX14HUBC105.redmond.corp.microsoft.com ; icrosoft.com ; Received: from mail28-am1 (localhost.localdomain [127.0.0.1]) by mail28-am1 (MessageSwitch) id 1341613466744272_3247; Fri, 6 Jul 2012 22:24:26 +0000 (UTC) Received: from AM1EHSMHS019.bigfish.com (unknown [10.3.201.251]) by mail28-am1.bigfish.com (Postfix) with ESMTP id B3C574C0083 for ; Fri, 6 Jul 2012 22:24:26 +0000 (UTC) Received: from TK5EX14HUBC105.redmond.corp.microsoft.com (131.107.125.8) by AM1EHSMHS019.bigfish.com (10.3.207.157) with Microsoft SMTP Server (TLS) id 14.1.225.23; Fri, 6 Jul 2012 22:24:26 +0000 Received: from TK5EX14MBXC283.redmond.corp.microsoft.com ([169.254.2.53]) by TK5EX14HUBC105.redmond.corp.microsoft.com ([157.54.80.48]) with mapi id 14.02.0309.003; Fri, 6 Jul 2012 22:26:33 +0000 From: Mike Jones To: "oauth@ietf.org" Thread-Topic: Updated JWT Bearer Token Profiles for OAuth 2.0 Thread-Index: Ac1bxmWZ7Y5XxaJkTnujFaW04tg7RQ== Date: Fri, 6 Jul 2012 22:26:33 +0000 Message-ID: <4E1F6AAD24975D4BA5B16804296739436657A899@TK5EX14MBXC283.redmond.corp.microsoft.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [157.54.51.73] Content-Type: multipart/alternative; boundary="_000_4E1F6AAD24975D4BA5B16804296739436657A899TK5EX14MBXC283r_" MIME-Version: 1.0 X-OriginatorOrg: microsoft.com Subject: [OAUTH-WG] Updated JWT Bearer Token Profiles for OAuth 2.0 X-BeenThere: oauth@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: OAUTH WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 06 Jul 2012 22:26:22 -0000 --_000_4E1F6AAD24975D4BA5B16804296739436657A899TK5EX14MBXC283r_ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable I've updated the OAuth JWT Profile document to track minor changes to some of the underling do= cuments. No normative changes were made. The updated specification is available at: * http://tools.ietf.org/html/draft-ietf-oauth-jwt-bearer-01 Changes made were: * Tracked specification name changes: "The OAuth 2.0 Authorization = Protocol" to "The OAuth 2.0 Authorization Framework" and "OAuth 2.0 Asserti= on Profile" to "Assertion Framework for OAuth 2.0". * Merged in changes between draft-ietf-oauth-saml2-bearer-11 and dr= aft-ietf-oauth-saml2-bearer-13. All changes were strictly editorial. -- Mike --_000_4E1F6AAD24975D4BA5B16804296739436657A899TK5EX14MBXC283r_ Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable

I’ve updated the OAuth JWT Profile document to track minor changes to some of the underl= ing documents.  No normative changes were made.

 

The updated specification is available at:

·         http://tools.ietf.org/html/draft-ietf-oauth-jwt-b= earer-01

 

Changes made were:

·         Tracked specification name changes: "Th= e OAuth 2.0 Authorization Protocol" to "The OAuth 2.0 Authorizati= on Framework" and "OAuth 2.0 Assertion Profile" to "Ass= ertion Framework for OAuth 2.0".

·         Merged in changes between draft-ietf-oauth-s= aml2-bearer-11 and draft-ietf-oauth-saml2-bearer-13. All changes were stric= tly editorial.

 

        &nbs= p;            &= nbsp;           &nbs= p;            &= nbsp;           &nbs= p;     -- Mike

 

--_000_4E1F6AAD24975D4BA5B16804296739436657A899TK5EX14MBXC283r_-- From James.H.Manger@team.telstra.com Sat Jul 7 07:57:41 2012 Return-Path: X-Original-To: oauth@ietfa.amsl.com Delivered-To: oauth@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1F9C721F865A for ; Sat, 7 Jul 2012 07:57:41 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.023 X-Spam-Level: X-Spam-Status: No, score=-1.023 tagged_above=-999 required=5 tests=[AWL=-0.122, BAYES_00=-2.599, HELO_EQ_AU=0.377, HOST_EQ_AU=0.327, RELAY_IS_203=0.994] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eZeEVaUh2vQW for ; Sat, 7 Jul 2012 07:57:40 -0700 (PDT) Received: from ipxbvo.tcif.telstra.com.au (ipxbvo.tcif.telstra.com.au [203.35.135.204]) by ietfa.amsl.com (Postfix) with ESMTP id 244D321F8658 for ; Sat, 7 Jul 2012 07:57:39 -0700 (PDT) X-IronPort-AV: E=Sophos;i="4.77,543,1336312800"; d="scan'208";a="81318611" Received: from unknown (HELO ipcbvi.tcif.telstra.com.au) ([10.97.217.204]) by ipobvi.tcif.telstra.com.au with ESMTP; 08 Jul 2012 00:57:59 +1000 X-IronPort-AV: E=McAfee;i="5400,1158,6764"; a="74317793" Received: from wsmsg3757.srv.dir.telstra.com ([172.49.40.85]) by ipcbvi.tcif.telstra.com.au with ESMTP; 08 Jul 2012 00:57:58 +1000 Received: from WSMSG3153V.srv.dir.telstra.com ([172.49.40.159]) by wsmsg3757.srv.dir.telstra.com ([172.49.40.85]) with mapi; Sun, 8 Jul 2012 00:57:57 +1000 From: "Manger, James H" To: "Richard L. Barnes" , Mike Jones Date: Sun, 8 Jul 2012 00:57:56 +1000 Thread-Topic: [OAUTH-WG] Nested JWT (was: Re: [jose] "typ":"JWS") Thread-Index: Ac1bpvDFJuJow5gBRWiDiIPGWGX57QApszsQ Message-ID: <255B9BB34FB7D647A506DC292726F6E114F77C56B1@WSMSG3153V.srv.dir.telstra.com> References: <4E1F6AAD24975D4BA5B16804296739436657A131@TK5EX14MBXC283.redmond.corp.microsoft.com> <4E1F6AAD24975D4BA5B16804296739436657A2B8@TK5EX14MBXC283.redmond.corp.microsoft.com> In-Reply-To: Accept-Language: en-US, en-AU Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: acceptlanguage: en-US, en-AU Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 MIME-Version: 1.0 Cc: "oauth@ietf.org" Subject: Re: [OAUTH-WG] Nested JWT (was: Re: [jose] "typ":"JWS") X-BeenThere: oauth@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: OAUTH WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 07 Jul 2012 14:57:41 -0000 Pj4gQSBuZXN0ZWQgSldUIGlzIG9uZSB3aGVyZSBhIEpXVCBpcyB1c2VkIGFzIHRoZSBwYXlsb2Fk IG9mIGFub3RoZXINCj4+IEpXVCwgZm9yIGluc3RhbmNlLCBzbyB5b3UgY2FuIGRvIHNpZ24vZW5j cnlwdC9zaWduLg0KDQo+IFNvLCBmaXJzdCBvZiBhbGwsIGl0IHNlZW1zIGxpa2UgYW4gYWJ1c2Ug b2YgdGVybWlub2xvZ3kgdG8gc2F5ICJKV1QNCj4gd2l0aGluIGEgSldUIiwgdW5sZXNzIHlvdSBy ZWFsbHkgd2FudCB0byBjcmVhdGUgYW4gaW5maW5pdGUgcmVjdXJzaW9uLg0KDQpJdCB3b3VsZCBi ZSBiZXR0ZXIgdG8gc2F5IGEgSldUIGlzIGEgc2V0IG9mIGNsYWltcyB3cmFwcGVkIGluOiBhIEpX RTsgYSBKV1M7IG9yIGEgSldTLCB3aGljaCBpcyBpdHNlbGYgd3JhcHBlZCBpbiBhIEpXRSBbKl0u DQoNClRoaXMgd291bGQgaG9wZWZ1bGx5IGF2b2lkIHRoZSBjb25mdXNpbmcgZGVmaW5pdGlvbiBh bmQgZGlzY3Vzc2lvbiBvZiBhICJKV1QgaGVhZGVyIiwgd2hlbiB0aGUgc3BlYyBzaG91bGQganVz dCBiZSBwcm9maWxpbmcgdGhlIEpXRSBhbmQgSldTIGhlYWRlcnMuDQogDQpbKl0gQWRkIG90aGVy IGNvbWJpbmF0aW9ucyAoSldFIGluc2lkZSBhIEpXUz8pIG9yIGFsbG93IGFueSBjb21iaW5hdGlv biBpZiBpdCBpcyByZWFsbHkgcmVxdWlyZWQsIGJ1dCBsaXN0aW5nIGEgZmV3IHNwZWNpZmljIGNv bWJpbmF0aW9ucyB0aGF0IE1VU1QgYmUgc3VwcG9ydGVkIHNlZW1zIG1vcmUgaW4ga2VlcGluZyB3 aXRoIHRoZSBnZW5lcmFsIHBoaWxvc29waHkgaW4gdGhpcyBhcmVhLg0KDQotLQ0KSmFtZXMgTWFu Z2VyDQoNCg== From dromasca@avaya.com Sun Jul 8 08:21:13 2012 Return-Path: X-Original-To: oauth@ietfa.amsl.com Delivered-To: oauth@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C18F521F8611; Sun, 8 Jul 2012 08:21:13 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -103.49 X-Spam-Level: X-Spam-Status: No, score=-103.49 tagged_above=-999 required=5 tests=[AWL=0.109, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wKr97FX+85qa; Sun, 8 Jul 2012 08:21:13 -0700 (PDT) Received: from de307622-de-outbound.net.avaya.com (de307622-de-outbound.net.avaya.com [198.152.71.100]) by ietfa.amsl.com (Postfix) with ESMTP id CA15D21F8617; Sun, 8 Jul 2012 08:21:12 -0700 (PDT) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: Av4EAEil+U/GmAcF/2dsb2JhbABFt12BB4IiAQEDEh4KOAcSARUVBgwMB1cBBAEaDgyHa507m3qQbGADmy6KDYJh X-IronPort-AV: E=Sophos;i="4.77,548,1336363200"; d="scan'208";a="314249472" Received: from unknown (HELO co300216-co-erhwest.avaya.com) ([198.152.7.5]) by de307622-de-outbound.net.avaya.com with ESMTP; 08 Jul 2012 11:18:08 -0400 Received: from unknown (HELO 307622ANEX5.global.avaya.com) ([135.64.140.11]) by co300216-co-erhwest-out.avaya.com with ESMTP; 08 Jul 2012 11:18:07 -0400 x-mimeole: Produced By Microsoft Exchange V6.5 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Date: Sun, 8 Jul 2012 17:21:11 +0200 Message-ID: X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: Operations Directorate Review of draft-ietf-oauth-v2-threatmodel-06 Thread-Index: Ac1dHU5+iGtrvjufQcqoVYojJlCjgw== From: "Romascanu, Dan (Dan)" To: , , X-Mailman-Approved-At: Sun, 08 Jul 2012 08:29:12 -0700 Cc: ops-dir@ietf.org, Barry Leiba , oauth@ietf.org Subject: [OAUTH-WG] Operations Directorate Review of draft-ietf-oauth-v2-threatmodel-06 X-BeenThere: oauth@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: OAUTH WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 08 Jul 2012 15:21:13 -0000 This document is informational and describes the threat model and security counter measures for OAuth 2.0 (about the scope see Comment 1). Although informational it includes a lot of pieces of information useful for operators, as well as recommendations on actions that need to be taken by operators, or recommendations or education that needs to be made to users in order to ensure a secure environment. Some more clarity on what are the operators responsibilities vs. design recommendations would have helped, but overall it's a good document.=20 Specific comments:=20 1. The relation between this document, OAuth 1.0 (RFC 5849) and OAuth 2.0 is not clear. In the Introduction we find:=20 This document gives additional security considerations for OAuth, beyond those in the OAuth specification, based on a comprehensive threat model for the OAuth 2.0 Protocol [I-D.ietf-oauth-v2]. =20 (would be good to provide a referent for the 'OAuth specification' - probably RFC 5489) but then says the document - Gives a comprehensive threat model for OAuth and describes the respective counter measures to thwart those threats. So is the scope of the document the threats beyond what is described in OAuth 1.0, or all the threats?=20 In any of the two cases some additional text is needed to clarify the Scope.=20 2. The countermeasures to threats described in Section 5 can be divided into several categories - user actions, operator actions, design measures. Operators are typically responsible on some of them, and may make recommendations to users on other. It would have been useful to mark these accordingly, or maybe to include in Section 5 a table that shows to what category/ies each measure belongs. For operators this would have eased detecting the specific actions and recommendations to users that concern them.=20 3. The OAuth and OAuth 2.0 documents need to be Normative References. One cannot understand this document without understanding OAuth.=20 Regards, Dan From barryleiba@gmail.com Sun Jul 8 08:37:05 2012 Return-Path: X-Original-To: oauth@ietfa.amsl.com Delivered-To: oauth@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EC02821F8628; Sun, 8 Jul 2012 08:37:05 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -103.14 X-Spam-Level: X-Spam-Status: No, score=-103.14 tagged_above=-999 required=5 tests=[AWL=-0.163, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IDuJ0HIl4muT; Sun, 8 Jul 2012 08:37:04 -0700 (PDT) Received: from mail-qa0-f51.google.com (mail-qa0-f51.google.com [209.85.216.51]) by ietfa.amsl.com (Postfix) with ESMTP id EE6A521F8624; Sun, 8 Jul 2012 08:37:03 -0700 (PDT) Received: by qaea16 with SMTP id a16so1165027qae.10 for ; Sun, 08 Jul 2012 08:37:25 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:cc:content-type; bh=U4JtRVG/lHVmuOPbf/otro8Qse+D4riQHmXoD1qJNKU=; b=IU4F58ZCvBZmU3CUT5Bl3ylBeLv5Wj5cI7iPnOlODmZ5+hNvz9jOTwpsKaS37hSN5m /X6ccrmY4Rb9zpFgM8Rexc3mUJPt4RW+AHVcdH0yLPMOUp1pCiNgTZprS76buzZ5QDbw CV8c29lT1XZs4ADPiAjFJvKe8g4DOISEa1b6dIZbqNTgGB/oQgz6XR2khx9yIMfJVAur GXpyGbDFFJhIdJNLnNdaVcp2hISv1mE+Uyfq8JbEldv9bjb85hbL2SbaJ7WzUTj8FpzI kuMdaUerzgX+4XXP+88egFWFHoh7POlGlP1wWfO7ueSZl7MEt0ce3Qe0G1zv7cosxEdC vlFA== MIME-Version: 1.0 Received: by 10.224.202.73 with SMTP id fd9mr5813148qab.23.1341761845866; Sun, 08 Jul 2012 08:37:25 -0700 (PDT) Sender: barryleiba@gmail.com Received: by 10.229.245.85 with HTTP; Sun, 8 Jul 2012 08:37:25 -0700 (PDT) In-Reply-To: References: Date: Sun, 8 Jul 2012 11:37:25 -0400 X-Google-Sender-Auth: nN0X7Jxyz8vXIFKyQBIW6JLvrLc Message-ID: From: Barry Leiba To: "Romascanu, Dan (Dan)" Content-Type: text/plain; charset=ISO-8859-1 Cc: phil.hunt@yahoo.com, oauth@ietf.org, ops-dir@ietf.org Subject: Re: [OAUTH-WG] Operations Directorate Review of draft-ietf-oauth-v2-threatmodel-06 X-BeenThere: oauth@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: OAUTH WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 08 Jul 2012 15:37:06 -0000 > 1. The relation between this document, OAuth 1.0 (RFC 5849) and OAuth > 2.0 is not clear. In the Introduction we find: > > This document gives additional security considerations for OAuth, > beyond those in the OAuth specification, based on a comprehensive > threat model for the OAuth 2.0 Protocol [I-D.ietf-oauth-v2]. > > (would be good to provide a referent for the 'OAuth specification' - > probably RFC 5489) It does have a citation, right there: [I-D.ietf-oauth-v2]. That is the OAuth specification. I suppose we could move the citation to be after the word "specification", though no one else has been confused by this. > but then says the document > > - Gives a comprehensive threat model for OAuth and describes the > respective counter measures to thwart those threats. > > So is the scope of the document the threats beyond what is described in > OAuth 1.0, or all the threats? It has nothing to do with OAuth 1.0, and I don't think it says that anywhere. It's OAuth 2.0, as noted in the citation. It expands on what's in the Security Considerations of the OAuth spec, and covers threats that are not described there as well. The OAuth spec has an informative reference to this document. > In any of the two cases some additional text is needed to clarify the > Scope. > > 2. The countermeasures to threats described in Section 5 can be divided > into several categories - user actions, operator actions, design > measures. Operators are typically responsible on some of them, and may > make recommendations to users on other. It would have been useful to > mark these accordingly, or maybe to include in Section 5 a table that > shows to what category/ies each measure belongs. For operators this > would have eased detecting the specific actions and recommendations to > users that concern them. I'll leave this for the authors. > 3. The OAuth and OAuth 2.0 documents need to be Normative References. > One cannot understand this document without understanding OAuth. By the first, I presume you're talking about RFC 5849, and this document has nothing whatever to do with that, and makes no claim to. For the other, you're right, and I missed this in my shepherd review. The authors appear to have made the mistake of thinking that all references from an Informational document are informative. Authors, have a look at the references and figure out which ones are central to the understanding of this document. Make those normative references. At the least, [I-D.ietf-oauth-v2] should be normative. Barry, document shepherd From dromasca@avaya.com Sun Jul 8 08:45:13 2012 Return-Path: X-Original-To: oauth@ietfa.amsl.com Delivered-To: oauth@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DC90A21F8533; Sun, 8 Jul 2012 08:45:13 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -103.492 X-Spam-Level: X-Spam-Status: No, score=-103.492 tagged_above=-999 required=5 tests=[AWL=0.107, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id etBlCASpzLiC; Sun, 8 Jul 2012 08:45:13 -0700 (PDT) Received: from de307622-de-outbound.net.avaya.com (de307622-de-outbound.net.avaya.com [198.152.71.100]) by ietfa.amsl.com (Postfix) with ESMTP id D10F621F852B; Sun, 8 Jul 2012 08:45:11 -0700 (PDT) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: AgEFAASq+U+HCzI1/2dsb2JhbABFplORC4EHgiABAQEBAxIeCjgHDAQCAQgNBAQBAQsGDAsBBgEgJAEJCAEBBBMIGodcAwydOpIgDYlOilpmhSxgA5Nkh0qFDIUBgmE X-IronPort-AV: E=Sophos;i="4.77,548,1336363200"; d="scan'208";a="314250130" Received: from unknown (HELO p-us1-erheast.us1.avaya.com) ([135.11.50.53]) by de307622-de-outbound.net.avaya.com with ESMTP; 08 Jul 2012 11:42:27 -0400 Received: from unknown (HELO 307622ANEX5.global.avaya.com) ([135.64.140.11]) by p-us1-erheast-out.us1.avaya.com with ESMTP; 08 Jul 2012 11:26:35 -0400 x-mimeole: Produced By Microsoft Exchange V6.5 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Date: Sun, 8 Jul 2012 17:45:30 +0200 Message-ID: In-Reply-To: X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: Operations Directorate Review of draft-ietf-oauth-v2-threatmodel-06 Thread-Index: Ac1dH5UddZKgXAqPQwiVjTiOnQ+gqgAAHRMg References: From: "Romascanu, Dan (Dan)" To: "Barry Leiba" Cc: phil.hunt@yahoo.com, oauth@ietf.org, ops-dir@ietf.org Subject: Re: [OAUTH-WG] Operations Directorate Review of draft-ietf-oauth-v2-threatmodel-06 X-BeenThere: oauth@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: OAUTH WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 08 Jul 2012 15:45:14 -0000 > -----Original Message----- > From: barryleiba@gmail.com [mailto:barryleiba@gmail.com] On Behalf Of > Barry Leiba > Sent: Sunday, July 08, 2012 6:37 PM > To: Romascanu, Dan (Dan) > Cc: torsten@lodderstedt.net; mark.mcgloin@ie.ibm.com; > phil.hunt@yahoo.com; oauth@ietf.org; ops-dir@ietf.org > Subject: Re: Operations Directorate Review of draft-ietf-oauth-v2- > threatmodel-06 >=20 > > 1. The relation between this document, OAuth 1.0 (RFC 5849) and OAuth > > 2.0 is not clear. In the Introduction we find: > > > > This document gives additional security considerations for OAuth, > > beyond those in the OAuth specification, based on a comprehensive > > threat model for the OAuth 2.0 Protocol [I-D.ietf-oauth-v2]. > > > > (would be good to provide a referent for the 'OAuth specification' - > > probably RFC 5489) >=20 > It does have a citation, right there: [I-D.ietf-oauth-v2]. That is > the OAuth specification. I suppose we could move the citation to be > after the word "specification", though no one else has been confused > by this. >=20 > > but then says the document > > > > - Gives a comprehensive threat model for OAuth and describes the > > respective counter measures to thwart those threats. > > > > So is the scope of the document the threats beyond what is described > in > > OAuth 1.0, or all the threats? >=20 > It has nothing to do with OAuth 1.0, and I don't think it says that > anywhere. It's OAuth 2.0, as noted in the citation. It expands on > what's in the Security Considerations of the OAuth spec, and covers > threats that are not described there as well. The OAuth spec has an > informative reference to this document. Barry, I believe that the words 'additional' and 'beyond' create in the first quoted paragraph create the confusion. Saying ' This document gives additional security considerations for OAuth, beyond those in the OAuth specification ' is not the same as saying ' This document gives security considerations for OAuth based on the OAuth specification (and by the way, when we say this we mean OAuth 2.0 and nothing else)'. Regards, Dan From Hannes.Tschofenig@gmx.net Sun Jul 8 11:03:08 2012 Return-Path: X-Original-To: oauth@ietfa.amsl.com Delivered-To: oauth@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 101B421F849D for ; Sun, 8 Jul 2012 11:03:08 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -103.579 X-Spam-Level: X-Spam-Status: No, score=-103.579 tagged_above=-999 required=5 tests=[AWL=1.020, BAYES_00=-2.599, GB_I_INVITATION=-2, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7djpb4fwc+1j for ; Sun, 8 Jul 2012 11:03:05 -0700 (PDT) Received: from mailout-de.gmx.net (mailout-de.gmx.net [213.165.64.23]) by ietfa.amsl.com (Postfix) with SMTP id 547EF21F849C for ; Sun, 8 Jul 2012 11:03:05 -0700 (PDT) Received: (qmail invoked by alias); 08 Jul 2012 18:03:26 -0000 Received: from a88-115-216-191.elisa-laajakaista.fi (EHLO [192.168.100.110]) [88.115.216.191] by mail.gmx.net (mp041) with SMTP; 08 Jul 2012 20:03:26 +0200 X-Authenticated: #29516787 X-Provags-ID: V01U2FsdGVkX1+7MLVmpcS7+MT9bcn3N4J85ajVkiZ+GH+aYslKf1 lVC/Xu6U14z2ij From: Hannes Tschofenig Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable Date: Sun, 8 Jul 2012 21:03:25 +0300 Message-Id: <792AA4D5-A0FB-4C82-B2A4-01164E2C0C15@gmx.net> To: OAuth WG Mime-Version: 1.0 (Apple Message framework v1084) X-Mailer: Apple Mail (2.1084) X-Y-GMX-Trusted: 0 Subject: [OAUTH-WG] 'Finishing up design team' Conference Call X-BeenThere: oauth@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: OAUTH WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 08 Jul 2012 18:03:09 -0000 I don't know why Google Hangout does not forward my invitation to the = oauth@ietf.org mailing list.=20 So, send me private mail if you plan to participate.=20 -------- Original Message -------- Subject: Hannes Tschofenig invited you to "'Finishing up design team' Conference Call" Date: Sun, 08 Jul 2012 08:43:39 -0700 (PDT) From: Hannes Tschofenig (Google+) Reply-To: Hannes Tschofenig (Google+) Hannes Tschofenig invited you to "'Finishing up design team' Conference Call" Tomorrow, July 9, 8:00 PM GMT+03:00 12 people invited As discussed at the last conference call we will try it with Google hangout this time instead of the conventional conference bridge. Date: 9th July 2012 (Monday) Time: 1pm EDT Agenda: We will do a status check on these documents: * draft-ietf-oauth-v2 * draft-ietf-oauth-v2-bearer * draft-ietf-oauth-v2-threatmodel * draft-ietf-oauth-urn-sub-ns * draft-ietf-oauth-assertions From wmills_92105@yahoo.com Sun Jul 8 18:45:24 2012 Return-Path: X-Original-To: oauth@ietfa.amsl.com Delivered-To: oauth@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2172A21F87F8 for ; Sun, 8 Jul 2012 18:45:24 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.598 X-Spam-Level: X-Spam-Status: No, score=-4.598 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, GB_I_INVITATION=-2, HTML_MESSAGE=0.001] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8UozamFZXHqI for ; Sun, 8 Jul 2012 18:45:23 -0700 (PDT) Received: from nm27-vm0.bullet.mail.ne1.yahoo.com (nm27-vm0.bullet.mail.ne1.yahoo.com [98.138.91.63]) by ietfa.amsl.com (Postfix) with SMTP id 4AFBF21F87F5 for ; Sun, 8 Jul 2012 18:45:23 -0700 (PDT) Received: from [98.138.90.57] by nm27.bullet.mail.ne1.yahoo.com with NNFMP; 09 Jul 2012 01:45:46 -0000 Received: from [98.138.89.249] by tm10.bullet.mail.ne1.yahoo.com with NNFMP; 09 Jul 2012 01:45:46 -0000 Received: from [127.0.0.1] by omp1041.mail.ne1.yahoo.com with NNFMP; 09 Jul 2012 01:45:46 -0000 X-Yahoo-Newman-Property: ymail-3 X-Yahoo-Newman-Id: 597185.22528.bm@omp1041.mail.ne1.yahoo.com Received: (qmail 19063 invoked by uid 60001); 9 Jul 2012 01:45:46 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024; t=1341798345; bh=azBJw2hleOz284JA4TjU4IDVWnqMkICTNDtkNSyqYJM=; h=X-YMail-OSG:Received:X-Mailer:References:Message-ID:Date:From:Reply-To:Subject:To:In-Reply-To:MIME-Version:Content-Type; b=dz5twvAzJUgarVyWyIWIEeOUODDkse7/SYeMpeTPKtS6YjDXx86mfyON0rnz5kHK6IJUP4xyLpMjyF3PdGrnb3659M4TVOBOGHBTTMXNS1ns6SiCxZNDIAC87vNVNyzMdAhspAIltAw+LRgGzBqh75ZBYby+Avdi3DfYSnu2hHc= DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=X-YMail-OSG:Received:X-Mailer:References:Message-ID:Date:From:Reply-To:Subject:To:In-Reply-To:MIME-Version:Content-Type; b=g8U+2l6l9NxorAfYZixNwA9CHQLv6+o/GtZLPYUQQFfOANpVKDRPfcBenr++GMmiZPNezhjBtMS/HzxIx4CzTeNa1XXJog4nMSeXOHADkufEUvG6uXrpuKb1UKH1G+qdJupt2v1b4OXy+SJ9ji1fPS16c/hNHbqJbJat/EiK9pM=; X-YMail-OSG: jXy4WZ4VM1kVTT.IpzX7ELWlrvzhQdtrpBvQbKTAs_3xCwS qBkXFylYwoasPwNW6b8VbJqnruz9ghWazOTz7TonEH_gZ.bQgQiwFcaoH_5d LZP6vCNx9pqV0fdOjDNIQgz819n1WXUftEdo_Z_Bpe.agVcioHC8hfRfAb5M WA5AnlypKVCs5ZrlsaShgx5B5gKUEsN9dU6NkdyPtMQtdPYQfrgXJRDfUzIl EY.ilsJiBnPVazni3uJcZLXOifvSa2Ooo.gxNbrudU1Nu1nHRH1VU.odL0Iw AyVyxGtTy4RgGu4XqVyv5MjXfHk1b74xPWY4S_q7OXc0KJZgh2DqffnWABfs 975KjzU.jzPt80BacA0.wjrcTZZ726OsIFG58Iz1IJi.Y3WaCFvtT9eb1y88 L4EoJWvhzkLf75odC04rCMnbZj_WpcNPg3cXZ7lxQf5g43uHbhe6humWqMVN i7nMn2VW1.FN.EmLBQlXbKLbp Received: from [99.31.212.42] by web31803.mail.mud.yahoo.com via HTTP; Sun, 08 Jul 2012 18:45:45 PDT X-Mailer: YahooMailWebService/0.8.120.356233 References: <792AA4D5-A0FB-4C82-B2A4-01164E2C0C15@gmx.net> Message-ID: <1341798345.18328.YahooMailNeo@web31803.mail.mud.yahoo.com> Date: Sun, 8 Jul 2012 18:45:45 -0700 (PDT) From: William Mills To: Hannes Tschofenig , OAuth WG In-Reply-To: <792AA4D5-A0FB-4C82-B2A4-01164E2C0C15@gmx.net> MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="1502656925-1430909668-1341798345=:18328" Subject: Re: [OAUTH-WG] 'Finishing up design team' Conference Call X-BeenThere: oauth@ietf.org X-Mailman-Version: 2.1.12 Precedence: list Reply-To: William Mills List-Id: OAUTH WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 09 Jul 2012 01:45:24 -0000 --1502656925-1430909668-1341798345=:18328 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: quoted-printable I'll try to attend this.=0A=0A=0A________________________________=0A From: = Hannes Tschofenig =0ATo: OAuth WG =0ASent: Sunday, July 8, 2012 11:03 AM=0ASubject: [OAUTH-WG] 'Finishing = up design team' Conference Call=0A =0AI don't know why Google Hangout does= not forward my invitation to the oauth@ietf.org mailing list. =0A=0ASo, se= nd me private mail if you plan to participate. =0A=0A-------- Original Mess= age --------=0ASubject: Hannes Tschofenig invited you to "'Finishing up des= ign team'=0AConference=A0 Call"=0ADate: Sun, 08 Jul 2012 08:43:39 -0700 (PD= T)=0AFrom: Hannes Tschofenig (Google+) = =0AReply-To: Hannes Tschofenig (Google+) = =0A=0AHannes Tschofenig invited you to "'Finishing up design team' Conferen= ce=0ACall"=0ATomorrow, July 9, 8:00 PM GMT+03:00=0A12 people invited=0AAs d= iscussed at the last conference call we will try it with Google=0Ahangout= =0Athis time instead of the conventional conference bridge.=0A=0ADate: 9th = July 2012 (Monday)=0ATime: 1pm EDT=0A=0AAgenda: We will do a status check o= n these documents:=0A*=A0 =A0 draft-ietf-oauth-v2=0A*=A0 =A0 draft-ietf-oau= th-v2-bearer=0A*=A0 =A0 draft-ietf-oauth-v2-threatmodel=0A*=A0 =A0 draft-ie= tf-oauth-urn-sub-ns=0A*=A0 =A0 draft-ietf-oauth-assertions=0A=0A=0A________= _______________________________________=0AOAuth mailing list=0AOAuth@ietf.o= rg=0Ahttps://www.ietf.org/mailman/listinfo/oauth --1502656925-1430909668-1341798345=:18328 Content-Type: text/html; charset=iso-8859-1 Content-Transfer-Encoding: quoted-printable
I'll try t= o attend this.

<= span style=3D"font-weight:bold;">From: Hannes Tschofenig <Han= nes.Tschofenig@gmx.net>
To: OAuth WG <oauth@ietf.org>
Sent: Sunday, July 8, 2012 11:03 AM
Subject: [OAUTH-WG] 'Finishing up design= team' Conference Call

=0AI don't know why Google H= angout does not forward my invitation to the oauth@ietf.org mailing list.
=
So, send me private mail if you plan to participate.

-------- O= riginal Message --------
Subject: Hannes Tschofenig invited you to "'Fin= ishing up design team'
Conference  Call"
Date: Sun, 08 Jul 2012 = 08:43:39 -0700 (PDT)
From: Hannes Tschofenig (Google+) <noreply-d883e609@plus.google.com>
Reply-To: Hanne= s Tschofenig (Google+) <noreply-d883e609@pl= us.google.com>

Hannes Tschofenig invited you to "'Finishing u= p design team' Conference
Call"
Tomorrow, July 9, 8:00 PM GMT+03:0012 people invited
As discussed at the last conference call we will try it with Google
hangout
this time instead= of the conventional conference bridge.

Date: 9th July 2012 (Monday)=
Time: 1pm EDT

Agenda: We will do a status check on these documen= ts:
*    draft-ietf-oauth-v2
*    draft-ietf-oaut= h-v2-bearer
*    draft-ietf-oauth-v2-threatmodel
*  &n= bsp; draft-ietf-oauth-urn-sub-ns
*    draft-ietf-oauth-asserti= ons


_______________________________________________
OAuth mai= ling list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth<= br>

--1502656925-1430909668-1341798345=:18328-- From Michael.Jones@microsoft.com Mon Jul 9 00:08:47 2012 Return-Path: X-Original-To: oauth@ietfa.amsl.com Delivered-To: oauth@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 964B611E8073 for ; Mon, 9 Jul 2012 00:08:47 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: 0 X-Spam-Level: X-Spam-Status: No, score=x tagged_above=-999 required=5 tests=[] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LaPlx6lew50x for ; Mon, 9 Jul 2012 00:08:47 -0700 (PDT) Received: from va3outboundpool.messaging.microsoft.com (va3ehsobe004.messaging.microsoft.com [216.32.180.14]) by ietfa.amsl.com (Postfix) with ESMTP id 39AAE11E8083 for ; Mon, 9 Jul 2012 00:08:42 -0700 (PDT) Received: from mail40-va3-R.bigfish.com (10.7.14.247) by VA3EHSOBE005.bigfish.com (10.7.40.25) with Microsoft SMTP Server id 14.1.225.23; Mon, 9 Jul 2012 07:06:50 +0000 Received: from mail40-va3 (localhost [127.0.0.1]) by mail40-va3-R.bigfish.com (Postfix) with ESMTP id 29F792C02A3 for ; Mon, 9 Jul 2012 07:06:50 +0000 (UTC) X-Forefront-Antispam-Report: CIP:131.107.125.8; KIP:(null); UIP:(null); IPV:NLI; H:TK5EX14HUBC101.redmond.corp.microsoft.com; RD:none; EFVD:NLI X-SpamScore: 0 X-BigFish: VS0(zzc85fhzz1202hzz8275bh8275dhz2fh793h2a8h668h839hd25hf0ah107ah34h) Received-SPF: pass (mail40-va3: domain of microsoft.com designates 131.107.125.8 as permitted sender) client-ip=131.107.125.8; envelope-from=Michael.Jones@microsoft.com; helo=TK5EX14HUBC101.redmond.corp.microsoft.com ; icrosoft.com ; Received: from mail40-va3 (localhost.localdomain [127.0.0.1]) by mail40-va3 (MessageSwitch) id 1341817608172891_4664; Mon, 9 Jul 2012 07:06:48 +0000 (UTC) Received: from VA3EHSMHS010.bigfish.com (unknown [10.7.14.241]) by mail40-va3.bigfish.com (Postfix) with ESMTP id 162C140093 for ; Mon, 9 Jul 2012 07:06:48 +0000 (UTC) Received: from TK5EX14HUBC101.redmond.corp.microsoft.com (131.107.125.8) by VA3EHSMHS010.bigfish.com (10.7.99.20) with Microsoft SMTP Server (TLS) id 14.1.225.23; Mon, 9 Jul 2012 07:06:44 +0000 Received: from TK5EX14MBXC283.redmond.corp.microsoft.com ([169.254.2.53]) by TK5EX14HUBC101.redmond.corp.microsoft.com ([157.54.7.153]) with mapi id 14.02.0309.003; Mon, 9 Jul 2012 07:08:58 +0000 From: Mike Jones To: "oauth@ietf.org" Thread-Topic: Preliminary OAuth Core draft -29 Thread-Index: Ac1doaVzn0rH3CgzRNqCMkZEFAvQfw== Date: Mon, 9 Jul 2012 07:08:56 +0000 Message-ID: <4E1F6AAD24975D4BA5B16804296739436657C93A@TK5EX14MBXC283.redmond.corp.microsoft.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: yes X-MS-TNEF-Correlator: x-originating-ip: [157.54.51.32] Content-Type: multipart/mixed; boundary="_007_4E1F6AAD24975D4BA5B16804296739436657C93ATK5EX14MBXC283r_" MIME-Version: 1.0 X-OriginatorOrg: microsoft.com Subject: [OAUTH-WG] Preliminary OAuth Core draft -29 X-BeenThere: oauth@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: OAUTH WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 09 Jul 2012 07:08:47 -0000 --_007_4E1F6AAD24975D4BA5B16804296739436657C93ATK5EX14MBXC283r_ Content-Type: multipart/alternative; boundary="_000_4E1F6AAD24975D4BA5B16804296739436657C93ATK5EX14MBXC283r_" --_000_4E1F6AAD24975D4BA5B16804296739436657C93ATK5EX14MBXC283r_ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable A preliminary version of OAuth core draft -29 is attached for the working g= roup's consideration and discussion on today's call. I believe that this a= ddresses all issues that have been raised, including Julian's issues about = the ABNF, character sets, and form encoding. Changes are: * Added "MUST" to "A public client that was not issued a client passwor= d MUST use the client_id request parameter to identify itself when sending = requests to the token endpoint" and added text explaining why this must be = so. * Added that the authorization server MUST "ensure the authorization co= de was issued to the authenticated confidential client or to the public cli= ent identified by the client_id in the request". * Added Security Considerations section "Misuse of Access Token to Impe= rsonate Resource Owner at Public Client". * Deleted ";charset=3DUTF-8" from examples formerly using "Content-Type= : application/x-www-form-urlencoded;charset=3DUTF-8". * Added the phrase "and a character encoding of UTF-8" when describing = how to send requests using the HTTP request entity-body, per Julian Reschke= 's suggestion. * Added "The ABNF below is defined in terms of Unicode code points [UNI= CODE5]; these characters are typically encoded in UTF-8". * For symmetry when using HTTP Basic authentication, also apply the app= lication/x-www-form-urlencoded encoding to the client password, just as was= already done for the client identifier. * Reduced multiple blank lines around artwork elements to single blank = lines. * Removed Eran Hammer's name from the author list, at his request. Dick= Hardt is now listed as the editor. Best wishes, -- Mike --_000_4E1F6AAD24975D4BA5B16804296739436657C93ATK5EX14MBXC283r_ Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable

A preliminary version of OAuth core draft -29 is att= ached for the working group’s consideration and discussion on today&#= 8217;s call.  I believe that this addresses all issues that have been = raised, including Julian’s issues about the ABNF, character sets, and form encoding.  Changes are:

 

  • Added "MUST" to "A public client that was not issued a cl= ient password MUST use the client_id request parameter to identify itself whe= n sending requests to the token endpoint" and added text explaining wh= y this must be so.
  • Added that the authorization se= rver MUST "ensure the authorization code was issued to the authenticat= ed confidential client or to the public client identified by the client_id in the = request".
  • Added Security Considerations section "Misus= e of Access Token to Impersonate Resource Owner at Public Client".
  • Deleted ";charset=3DUTF-8" from example= s formerly using "Content-Type: application/x-www-form-urlencoded;char= set=3DUTF-8".
  • Added the phrase "and a character encoding o= f UTF-8" when describing how to send requests using the HTTP request e= ntity-body, per Julian Reschke's suggestion.
  • Added "The ABNF below= is defined in terms of Unicode code points [UNICODE5]; these characters ar= e typically encoded in UTF-8".
  • For symmetry when using HTTP Basic authentication= , also apply the application/x-www-form-urlencoded encoding to th= e client password, just as was already done for the client identifier.
  • Reduced multiple blank lines around artwork eleme= nts to single blank lines.
  • Removed Eran Hammer's name from the author list, = at his request. Dick Hardt is now listed as the editor.

 

        &nbs= p;            &= nbsp;           &nbs= p;            &= nbsp;           &nbs= p; Best wishes,

        &nbs= p;            &= nbsp;           &nbs= p;            &= nbsp;           &nbs= p; -- Mike

 

--_000_4E1F6AAD24975D4BA5B16804296739436657C93ATK5EX14MBXC283r_-- --_007_4E1F6AAD24975D4BA5B16804296739436657C93ATK5EX14MBXC283r_ Content-Type: text/plain; name="draft-ietf-oauth-v2-29 preliminary.txt" Content-Description: draft-ietf-oauth-v2-29 preliminary.txt Content-Disposition: attachment; filename="draft-ietf-oauth-v2-29 preliminary.txt"; size=162962; creation-date="Mon, 09 Jul 2012 07:04:15 GMT"; modification-date="Mon, 09 Jul 2012 07:02:53 GMT" Content-Transfer-Encoding: base64 CgoKT0F1dGggV29ya2luZyBHcm91cCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICBELiBIYXJkdCwgRWQuCkludGVybmV0LURyYWZ0ICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgIE1pY3Jvc29mdApPYnNvbGV0ZXM6IDU4NDkgKGlmIGFw cHJvdmVkKSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgRC4gUmVjb3Jkb24KSW50ZW5k ZWQgc3RhdHVzOiBTdGFuZGFyZHMgVHJhY2sgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg IEZhY2Vib29rCkV4cGlyZXM6IEphbnVhcnkgMTAsIDIwMTMgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgIEp1bHkgOSwgMjAxMgoKCiAgICAgICAgICAgICAgICAgVGhlIE9BdXRoIDIu MCBBdXRob3JpemF0aW9uIEZyYW1ld29yawogICAgICAgICAgICAgICAgICAgICAgICAgZHJhZnQt aWV0Zi1vYXV0aC12Mi0yOQoKQWJzdHJhY3QKCiAgIFRoZSBPQXV0aCAyLjAgYXV0aG9yaXphdGlv biBmcmFtZXdvcmsgZW5hYmxlcyBhIHRoaXJkLXBhcnR5CiAgIGFwcGxpY2F0aW9uIHRvIG9idGFp biBsaW1pdGVkIGFjY2VzcyB0byBhbiBIVFRQIHNlcnZpY2UsIGVpdGhlciBvbgogICBiZWhhbGYg b2YgYSByZXNvdXJjZSBvd25lciBieSBvcmNoZXN0cmF0aW5nIGFuIGFwcHJvdmFsIGludGVyYWN0 aW9uCiAgIGJldHdlZW4gdGhlIHJlc291cmNlIG93bmVyIGFuZCB0aGUgSFRUUCBzZXJ2aWNlLCBv ciBieSBhbGxvd2luZyB0aGUKICAgdGhpcmQtcGFydHkgYXBwbGljYXRpb24gdG8gb2J0YWluIGFj Y2VzcyBvbiBpdHMgb3duIGJlaGFsZi4gIFRoaXMKICAgc3BlY2lmaWNhdGlvbiByZXBsYWNlcyBh bmQgb2Jzb2xldGVzIHRoZSBPQXV0aCAxLjAgcHJvdG9jb2wgZGVzY3JpYmVkCiAgIGluIFJGQyA1 ODQ5LgoKU3RhdHVzIG9mIHRoaXMgTWVtbwoKICAgVGhpcyBJbnRlcm5ldC1EcmFmdCBpcyBzdWJt aXR0ZWQgaW4gZnVsbCBjb25mb3JtYW5jZSB3aXRoIHRoZQogICBwcm92aXNpb25zIG9mIEJDUCA3 OCBhbmQgQkNQIDc5LgoKICAgSW50ZXJuZXQtRHJhZnRzIGFyZSB3b3JraW5nIGRvY3VtZW50cyBv ZiB0aGUgSW50ZXJuZXQgRW5naW5lZXJpbmcKICAgVGFzayBGb3JjZSAoSUVURikuICBOb3RlIHRo YXQgb3RoZXIgZ3JvdXBzIG1heSBhbHNvIGRpc3RyaWJ1dGUKICAgd29ya2luZyBkb2N1bWVudHMg YXMgSW50ZXJuZXQtRHJhZnRzLiAgVGhlIGxpc3Qgb2YgY3VycmVudCBJbnRlcm5ldC0KICAgRHJh ZnRzIGlzIGF0IGh0dHA6Ly9kYXRhdHJhY2tlci5pZXRmLm9yZy9kcmFmdHMvY3VycmVudC8uCgog ICBJbnRlcm5ldC1EcmFmdHMgYXJlIGRyYWZ0IGRvY3VtZW50cyB2YWxpZCBmb3IgYSBtYXhpbXVt IG9mIHNpeCBtb250aHMKICAgYW5kIG1heSBiZSB1cGRhdGVkLCByZXBsYWNlZCwgb3Igb2Jzb2xl dGVkIGJ5IG90aGVyIGRvY3VtZW50cyBhdCBhbnkKICAgdGltZS4gIEl0IGlzIGluYXBwcm9wcmlh dGUgdG8gdXNlIEludGVybmV0LURyYWZ0cyBhcyByZWZlcmVuY2UKICAgbWF0ZXJpYWwgb3IgdG8g Y2l0ZSB0aGVtIG90aGVyIHRoYW4gYXMgIndvcmsgaW4gcHJvZ3Jlc3MuIgoKICAgVGhpcyBJbnRl cm5ldC1EcmFmdCB3aWxsIGV4cGlyZSBvbiBKYW51YXJ5IDEwLCAyMDEzLgoKQ29weXJpZ2h0IE5v dGljZQoKICAgQ29weXJpZ2h0IChjKSAyMDEyIElFVEYgVHJ1c3QgYW5kIHRoZSBwZXJzb25zIGlk ZW50aWZpZWQgYXMgdGhlCiAgIGRvY3VtZW50IGF1dGhvcnMuICBBbGwgcmlnaHRzIHJlc2VydmVk LgoKICAgVGhpcyBkb2N1bWVudCBpcyBzdWJqZWN0IHRvIEJDUCA3OCBhbmQgdGhlIElFVEYgVHJ1 c3QncyBMZWdhbAogICBQcm92aXNpb25zIFJlbGF0aW5nIHRvIElFVEYgRG9jdW1lbnRzCiAgICho dHRwOi8vdHJ1c3RlZS5pZXRmLm9yZy9saWNlbnNlLWluZm8pIGluIGVmZmVjdCBvbiB0aGUgZGF0 ZSBvZgogICBwdWJsaWNhdGlvbiBvZiB0aGlzIGRvY3VtZW50LiAgUGxlYXNlIHJldmlldyB0aGVz ZSBkb2N1bWVudHMKICAgY2FyZWZ1bGx5LCBhcyB0aGV5IGRlc2NyaWJlIHlvdXIgcmlnaHRzIGFu ZCByZXN0cmljdGlvbnMgd2l0aCByZXNwZWN0CiAgIHRvIHRoaXMgZG9jdW1lbnQuICBDb2RlIENv bXBvbmVudHMgZXh0cmFjdGVkIGZyb20gdGhpcyBkb2N1bWVudCBtdXN0CgoKCkhhcmR0ICYgUmVj b3Jkb24gICAgICAgIEV4cGlyZXMgSmFudWFyeSAxMCwgMjAxMyAgICAgICAgICAgICAgICBbUGFn ZSAxXQoMCkludGVybmV0LURyYWZ0ICAgICAgICAgICAgICAgICAgT0F1dGggMi4wICAgICAgICAg ICAgICAgICAgICAgIEp1bHkgMjAxMgoKCiAgIGluY2x1ZGUgU2ltcGxpZmllZCBCU0QgTGljZW5z ZSB0ZXh0IGFzIGRlc2NyaWJlZCBpbiBTZWN0aW9uIDQuZSBvZgogICB0aGUgVHJ1c3QgTGVnYWwg UHJvdmlzaW9ucyBhbmQgYXJlIHByb3ZpZGVkIHdpdGhvdXQgd2FycmFudHkgYXMKICAgZGVzY3Jp YmVkIGluIHRoZSBTaW1wbGlmaWVkIEJTRCBMaWNlbnNlLgoKClRhYmxlIG9mIENvbnRlbnRzCgog ICAxLiAgSW50cm9kdWN0aW9uIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4g LiAuIC4gLiAuIC4gIDUKICAgICAxLjEuICAgUm9sZXMgLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4g LiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuICA2CiAgICAgMS4yLiAgIFByb3RvY29sIEZsb3cg LiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAgNwogICAgIDEuMy4g ICBBdXRob3JpemF0aW9uIEdyYW50IC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAu IC4gIDgKICAgICAgIDEuMy4xLiAgQXV0aG9yaXphdGlvbiBDb2RlIC4gLiAuIC4gLiAuIC4gLiAu IC4gLiAuIC4gLiAuIC4gLiAuICA4CiAgICAgICAxLjMuMi4gIEltcGxpY2l0IC4gLiAuIC4gLiAu IC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAgOAogICAgICAgMS4zLjMuICBSZXNv dXJjZSBPd25lciBQYXNzd29yZCBDcmVkZW50aWFscyAgLiAuIC4gLiAuIC4gLiAuIC4gIDkKICAg ICAgIDEuMy40LiAgQ2xpZW50IENyZWRlbnRpYWxzIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4g LiAuIC4gLiAuICA5CiAgICAgMS40LiAgIEFjY2VzcyBUb2tlbiAgLiAuIC4gLiAuIC4gLiAuIC4g LiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAgOQogICAgIDEuNS4gICBSZWZyZXNoIFRva2VuIC4g LiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gMTAKICAgICAxLjYuICAg VExTIFZlcnNpb24gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAu IDEyCiAgICAgMS43LiAgIEhUVFAgUmVkaXJlY3Rpb25zIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAu IC4gLiAuIC4gLiAuIC4gLiAxMgogICAgIDEuOC4gICBJbnRlcm9wZXJhYmlsaXR5ICAuIC4gLiAu IC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gMTIKICAgICAxLjkuICAgTm90YXRpb25h bCBDb252ZW50aW9ucyAgLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIDEyCiAgIDIu ICBDbGllbnQgUmVnaXN0cmF0aW9uICAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4g LiAuIC4gLiAxMwogICAgIDIuMS4gICBDbGllbnQgVHlwZXMgIC4gLiAuIC4gLiAuIC4gLiAuIC4g LiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gMTMKICAgICAyLjIuICAgQ2xpZW50IElkZW50aWZpZXIg LiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIDE1CiAgICAgMi4zLiAgIENs aWVudCBBdXRoZW50aWNhdGlvbiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAx NQogICAgICAgMi4zLjEuICBDbGllbnQgUGFzc3dvcmQgIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAu IC4gLiAuIC4gLiAuIC4gMTUKICAgICAgIDIuMy4yLiAgT3RoZXIgQXV0aGVudGljYXRpb24gTWV0 aG9kcyAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIDE3CiAgICAgMi40LiAgIFVucmVnaXN0ZXJl ZCBDbGllbnRzICAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAxNwogICAzLiAg UHJvdG9jb2wgRW5kcG9pbnRzIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4g LiAuIC4gMTcKICAgICAzLjEuICAgQXV0aG9yaXphdGlvbiBFbmRwb2ludCAgLiAuIC4gLiAuIC4g LiAuIC4gLiAuIC4gLiAuIC4gLiAuIDE3CiAgICAgICAzLjEuMS4gIFJlc3BvbnNlIFR5cGUgIC4g LiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAxOAogICAgICAgMy4xLjIuICBS ZWRpcmVjdGlvbiBFbmRwb2ludCAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gMTgK ICAgICAzLjIuICAgVG9rZW4gRW5kcG9pbnQgIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAu IC4gLiAuIC4gLiAuIDIxCiAgICAgICAzLjIuMS4gIENsaWVudCBBdXRoZW50aWNhdGlvbiAgLiAu IC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAyMQogICAgIDMuMy4gICBBY2Nlc3MgVG9rZW4g U2NvcGUgIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gMjIKICAgNC4gIE9i dGFpbmluZyBBdXRob3JpemF0aW9uICAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4g LiAuIDIyCiAgICAgNC4xLiAgIEF1dGhvcml6YXRpb24gQ29kZSBHcmFudCAgLiAuIC4gLiAuIC4g LiAuIC4gLiAuIC4gLiAuIC4gLiAyMwogICAgICAgNC4xLjEuICBBdXRob3JpemF0aW9uIFJlcXVl c3QgIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gMjQKICAgICAgIDQuMS4yLiAgQXV0 aG9yaXphdGlvbiBSZXNwb25zZSAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIDI1CiAg ICAgICA0LjEuMy4gIEFjY2VzcyBUb2tlbiBSZXF1ZXN0IC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAu IC4gLiAuIC4gLiAyNwogICAgICAgNC4xLjQuICBBY2Nlc3MgVG9rZW4gUmVzcG9uc2UgIC4gLiAu IC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gMjgKICAgICA0LjIuICAgSW1wbGljaXQgR3JhbnQg IC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIDI5CiAgICAgICA0LjIu MS4gIEF1dGhvcml6YXRpb24gUmVxdWVzdCAgLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4g LiAzMQogICAgICAgNC4yLjIuICBBY2Nlc3MgVG9rZW4gUmVzcG9uc2UgIC4gLiAuIC4gLiAuIC4g LiAuIC4gLiAuIC4gLiAuIC4gMzIKICAgICA0LjMuICAgUmVzb3VyY2UgT3duZXIgUGFzc3dvcmQg Q3JlZGVudGlhbHMgR3JhbnQgLiAuIC4gLiAuIC4gLiAuIDM1CiAgICAgICA0LjMuMS4gIEF1dGhv cml6YXRpb24gUmVxdWVzdCBhbmQgUmVzcG9uc2UgLiAuIC4gLiAuIC4gLiAuIC4gLiAzNgogICAg ICAgNC4zLjIuICBBY2Nlc3MgVG9rZW4gUmVxdWVzdCAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAu IC4gLiAuIC4gMzYKICAgICAgIDQuMy4zLiAgQWNjZXNzIFRva2VuIFJlc3BvbnNlICAuIC4gLiAu IC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIDM3CgoKCkhhcmR0ICYgUmVjb3Jkb24gICAgICAgIEV4 cGlyZXMgSmFudWFyeSAxMCwgMjAxMyAgICAgICAgICAgICAgICBbUGFnZSAyXQoMCkludGVybmV0 LURyYWZ0ICAgICAgICAgICAgICAgICAgT0F1dGggMi4wICAgICAgICAgICAgICAgICAgICAgIEp1 bHkgMjAxMgoKCiAgICAgNC40LiAgIENsaWVudCBDcmVkZW50aWFscyBHcmFudCAgLiAuIC4gLiAu IC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAzNwogICAgICAgNC40LjEuICBBdXRob3JpemF0aW9uIFJl cXVlc3QgYW5kIFJlc3BvbnNlIC4gLiAuIC4gLiAuIC4gLiAuIC4gMzgKICAgICAgIDQuNC4yLiAg QWNjZXNzIFRva2VuIFJlcXVlc3QgLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIDM4 CiAgICAgICA0LjQuMy4gIEFjY2VzcyBUb2tlbiBSZXNwb25zZSAgLiAuIC4gLiAuIC4gLiAuIC4g LiAuIC4gLiAuIC4gLiAzOQogICAgIDQuNS4gICBFeHRlbnNpb24gR3JhbnRzICAuIC4gLiAuIC4g LiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gMzkKICAgNS4gIElzc3VpbmcgYW4gQWNjZXNz IFRva2VuICAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIDQwCiAgICAgNS4x LiAgIFN1Y2Nlc3NmdWwgUmVzcG9uc2UgLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAu IC4gLiA0MAogICAgIDUuMi4gICBFcnJvciBSZXNwb25zZSAgLiAuIC4gLiAuIC4gLiAuIC4gLiAu IC4gLiAuIC4gLiAuIC4gLiAuIC4gNDEKICAgNi4gIFJlZnJlc2hpbmcgYW4gQWNjZXNzIFRva2Vu IC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIDQzCiAgIDcuICBBY2Nlc3Npbmcg UHJvdGVjdGVkIFJlc291cmNlcyAgLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiA0NAog ICAgIDcuMS4gICBBY2Nlc3MgVG9rZW4gVHlwZXMgIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4g LiAuIC4gLiAuIC4gNDQKICAgICA3LjIuICAgRXJyb3IgUmVzcG9uc2UgIC4gLiAuIC4gLiAuIC4g LiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIDQ1CiAgIDguICBFeHRlbnNpYmlsaXR5ICAuIC4g LiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiA0NgogICAgIDguMS4g ICBEZWZpbmluZyBBY2Nlc3MgVG9rZW4gVHlwZXMgLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAu IC4gNDYKICAgICA4LjIuICAgRGVmaW5pbmcgTmV3IEVuZHBvaW50IFBhcmFtZXRlcnMgIC4gLiAu IC4gLiAuIC4gLiAuIC4gLiAuIDQ2CiAgICAgOC4zLiAgIERlZmluaW5nIE5ldyBBdXRob3JpemF0 aW9uIEdyYW50IFR5cGVzICAuIC4gLiAuIC4gLiAuIC4gLiA0NwogICAgIDguNC4gICBEZWZpbmlu ZyBOZXcgQXV0aG9yaXphdGlvbiBFbmRwb2ludCBSZXNwb25zZSBUeXBlcyAgLiAuIC4gNDcKICAg ICA4LjUuICAgRGVmaW5pbmcgQWRkaXRpb25hbCBFcnJvciBDb2RlcyAuIC4gLiAuIC4gLiAuIC4g LiAuIC4gLiAuIDQ3CiAgIDkuICBOYXRpdmUgQXBwbGljYXRpb25zICAuIC4gLiAuIC4gLiAuIC4g LiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiA0OAogICAxMC4gU2VjdXJpdHkgQ29uc2lkZXJhdGlv bnMgIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gNDkKICAgICAxMC4xLiAg Q2xpZW50IEF1dGhlbnRpY2F0aW9uIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAu IDQ5CiAgICAgMTAuMi4gIENsaWVudCBJbXBlcnNvbmF0aW9uICAuIC4gLiAuIC4gLiAuIC4gLiAu IC4gLiAuIC4gLiAuIC4gLiA1MAogICAgIDEwLjMuICBBY2Nlc3MgVG9rZW5zIC4gLiAuIC4gLiAu IC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gNTAKICAgICAxMC40LiAgUmVmcmVzaCBU b2tlbnMgIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIDUxCiAgICAg MTAuNS4gIEF1dGhvcml6YXRpb24gQ29kZXMgLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4g LiAuIC4gLiA1MQogICAgIDEwLjYuICBBdXRob3JpemF0aW9uIENvZGUgUmVkaXJlY3Rpb24gVVJJ IE1hbmlwdWxhdGlvbiAuIC4gLiAuIC4gNTIKICAgICAxMC43LiAgUmVzb3VyY2UgT3duZXIgUGFz c3dvcmQgQ3JlZGVudGlhbHMgLiAuIC4gLiAuIC4gLiAuIC4gLiAuIDUzCiAgICAgMTAuOC4gIFJl cXVlc3QgQ29uZmlkZW50aWFsaXR5IC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiA1 MwogICAgIDEwLjkuICBFbmRwb2ludHMgQXV0aGVudGljaXR5ICAuIC4gLiAuIC4gLiAuIC4gLiAu IC4gLiAuIC4gLiAuIC4gNTMKICAgICAxMC4xMC4gQ3JlZGVudGlhbHMgR3Vlc3NpbmcgQXR0YWNr cyAgLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIDU0CiAgICAgMTAuMTEuIFBoaXNoaW5nIEF0 dGFja3MgIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiA1NAogICAgIDEw LjEyLiBDcm9zcy1TaXRlIFJlcXVlc3QgRm9yZ2VyeSAgLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4g LiAuIC4gNTQKICAgICAxMC4xMy4gQ2xpY2tqYWNraW5nICAuIC4gLiAuIC4gLiAuIC4gLiAuIC4g LiAuIC4gLiAuIC4gLiAuIC4gLiAuIDU1CiAgICAgMTAuMTQuIENvZGUgSW5qZWN0aW9uIGFuZCBJ bnB1dCBWYWxpZGF0aW9uIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiA1NgogICAgIDEwLjE1LiBPcGVu IFJlZGlyZWN0b3JzICAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gNTYK ICAgICAxMC4xNi4gTWlzdXNlIG9mIEFjY2VzcyBUb2tlbiB0byBJbXBlcnNvbmF0ZSBSZXNvdXJj ZSBPd25lcgogICAgICAgICAgICBhdCBQdWJsaWMgQ2xpZW50ICAuIC4gLiAuIC4gLiAuIC4gLiAu IC4gLiAuIC4gLiAuIC4gLiAuIC4gNTYKICAgMTEuIElBTkEgQ29uc2lkZXJhdGlvbnMgIC4gLiAu IC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIDU3CiAgICAgMTEuMS4gIFRoZSBP QXV0aCBBY2Nlc3MgVG9rZW4gVHlwZSBSZWdpc3RyeSAgLiAuIC4gLiAuIC4gLiAuIC4gLiA1Nwog ICAgICAgMTEuMS4xLiBSZWdpc3RyYXRpb24gVGVtcGxhdGUgIC4gLiAuIC4gLiAuIC4gLiAuIC4g LiAuIC4gLiAuIC4gNTgKICAgICAxMS4yLiAgVGhlIE9BdXRoIFBhcmFtZXRlcnMgUmVnaXN0cnkg LiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIDU4CiAgICAgICAxMS4yLjEuIFJlZ2lzdHJhdGlv biBUZW1wbGF0ZSAgLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiA1OQogICAgICAgMTEu Mi4yLiBJbml0aWFsIFJlZ2lzdHJ5IENvbnRlbnRzICAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAu IC4gNTkKICAgICAxMS4zLiAgVGhlIE9BdXRoIEF1dGhvcml6YXRpb24gRW5kcG9pbnQgUmVzcG9u c2UgVHlwZQogICAgICAgICAgICBSZWdpc3RyeSAgLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAu IC4gLiAuIC4gLiAuIC4gLiAuIC4gNjEKICAgICAgIDExLjMuMS4gUmVnaXN0cmF0aW9uIFRlbXBs YXRlICAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIDYyCiAgICAgICAxMS4zLjIuIElu aXRpYWwgUmVnaXN0cnkgQ29udGVudHMgIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiA2Mgog ICAgIDExLjQuICBUaGUgT0F1dGggRXh0ZW5zaW9ucyBFcnJvciBSZWdpc3RyeSAuIC4gLiAuIC4g LiAuIC4gLiAuIC4gNjIKCgoKSGFyZHQgJiBSZWNvcmRvbiAgICAgICAgRXhwaXJlcyBKYW51YXJ5 IDEwLCAyMDEzICAgICAgICAgICAgICAgIFtQYWdlIDNdCgwKSW50ZXJuZXQtRHJhZnQgICAgICAg ICAgICAgICAgICBPQXV0aCAyLjAgICAgICAgICAgICAgICAgICAgICAgSnVseSAyMDEyCgoKICAg ICAgIDExLjQuMS4gUmVnaXN0cmF0aW9uIFRlbXBsYXRlICAuIC4gLiAuIC4gLiAuIC4gLiAuIC4g LiAuIC4gLiAuIDYzCiAgIDEyLiBSZWZlcmVuY2VzIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4g LiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiA2NAogICAgIDEyLjEuICBOb3JtYXRpdmUgUmVmZXJl bmNlcyAgLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gNjQKICAgICAxMi4yLiAg SW5mb3JtYXRpdmUgUmVmZXJlbmNlcyAgLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAu IDY1CiAgIEFwcGVuZGl4IEEuICBBdWdtZW50ZWQgQmFja3VzLU5hdXIgRm9ybSAoQUJORikgU3lu dGF4ICAuIC4gLiAuIC4gLiA2NQogICAgIEEuMS4gICAiY2xpZW50X2lkIiBTeW50YXggIC4gLiAu IC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gNjYKICAgICBBLjIuICAgImNsaWVudF9z ZWNyZXQiIFN5bnRheCAgLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIDY2CiAgICAg QS4zLiAgICJyZXNwb25zZV90eXBlIiBTeW50YXggIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4g LiAuIC4gLiA2NgogICAgIEEuNC4gICAic2NvcGUiIFN5bnRheCAgLiAuIC4gLiAuIC4gLiAuIC4g LiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gNjYKICAgICBBLjUuICAgInN0YXRlIiBTeW50YXggIC4g LiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIDY3CiAgICAgQS42LiAgICJy ZWRpcmVjdF91cmkiIFN5bnRheCAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiA2 NwogICAgIEEuNy4gICAiZXJyb3IiIFN5bnRheCAgLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAu IC4gLiAuIC4gLiAuIC4gNjcKICAgICBBLjguICAgImVycm9yX2Rlc2NyaXB0aW9uIiBTeW50YXgg IC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIDY3CiAgICAgQS45LiAgICJlcnJvcl91cmki IFN5bnRheCAgLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiA2NwogICAgIEEu MTAuICAiZ3JhbnRfdHlwZSIgU3ludGF4IC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4g LiAuIC4gNjcKICAgICBBLjExLiAgImNvZGUiIFN5bnRheCAuIC4gLiAuIC4gLiAuIC4gLiAuIC4g LiAuIC4gLiAuIC4gLiAuIC4gLiAuIDY4CiAgICAgQS4xMi4gICJhY2Nlc3NfdG9rZW4iIFN5bnRh eCAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiA2OAogICAgIEEuMTMuICAidG9r ZW5fdHlwZSIgU3ludGF4IC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gNjgK ICAgICBBLjE0LiAgImV4cGlyZXNfaW4iIFN5bnRheCAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAu IC4gLiAuIC4gLiAuIDY4CiAgICAgQS4xNS4gICJ1c2VybmFtZSIgU3ludGF4IC4gLiAuIC4gLiAu IC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiA2OAogICAgIEEuMTYuICAicGFzc3dvcmQiIFN5 bnRheCAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gNjgKICAgICBBLjE3 LiAgInJlZnJlc2hfdG9rZW4iIFN5bnRheCAgLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4g LiAuIDY4CiAgICAgQS4xOC4gIEVuZHBvaW50IFBhcmFtZXRlciBTeW50YXggLiAuIC4gLiAuIC4g LiAuIC4gLiAuIC4gLiAuIC4gLiA2OQogICBBcHBlbmRpeCBCLiAgQWNrbm93bGVkZ2VtZW50cyAg LiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gNjkKICAgQXBwZW5kaXggQy4gIERv Y3VtZW50IEhpc3RvcnkgIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIDcwCiAg IEF1dGhvcnMnIEFkZHJlc3NlcyAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAu IC4gLiAuIC4gLiA3MQoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKSGFyZHQgJiBSZWNvcmRvbiAg ICAgICAgRXhwaXJlcyBKYW51YXJ5IDEwLCAyMDEzICAgICAgICAgICAgICAgIFtQYWdlIDRdCgwK SW50ZXJuZXQtRHJhZnQgICAgICAgICAgICAgICAgICBPQXV0aCAyLjAgICAgICAgICAgICAgICAg ICAgICAgSnVseSAyMDEyCgoKMS4gIEludHJvZHVjdGlvbgoKICAgSW4gdGhlIHRyYWRpdGlvbmFs IGNsaWVudC1zZXJ2ZXIgYXV0aGVudGljYXRpb24gbW9kZWwsIHRoZSBjbGllbnQKICAgcmVxdWVz dHMgYW4gYWNjZXNzIHJlc3RyaWN0ZWQgcmVzb3VyY2UgKHByb3RlY3RlZCByZXNvdXJjZSkgb24g dGhlCiAgIHNlcnZlciBieSBhdXRoZW50aWNhdGluZyB3aXRoIHRoZSBzZXJ2ZXIgdXNpbmcgdGhl IHJlc291cmNlIG93bmVyJ3MKICAgY3JlZGVudGlhbHMuICBJbiBvcmRlciB0byBwcm92aWRlIHRo aXJkLXBhcnR5IGFwcGxpY2F0aW9ucyBhY2Nlc3MgdG8KICAgcmVzdHJpY3RlZCByZXNvdXJjZXMs IHRoZSByZXNvdXJjZSBvd25lciBzaGFyZXMgaXRzIGNyZWRlbnRpYWxzIHdpdGgKICAgdGhlIHRo aXJkLXBhcnR5LiAgVGhpcyBjcmVhdGVzIHNldmVyYWwgcHJvYmxlbXMgYW5kIGxpbWl0YXRpb25z OgoKICAgbyAgVGhpcmQtcGFydHkgYXBwbGljYXRpb25zIGFyZSByZXF1aXJlZCB0byBzdG9yZSB0 aGUgcmVzb3VyY2UKICAgICAgb3duZXIncyBjcmVkZW50aWFscyBmb3IgZnV0dXJlIHVzZSwgdHlw aWNhbGx5IGEgcGFzc3dvcmQgaW4gY2xlYXItCiAgICAgIHRleHQuCiAgIG8gIFNlcnZlcnMgYXJl IHJlcXVpcmVkIHRvIHN1cHBvcnQgcGFzc3dvcmQgYXV0aGVudGljYXRpb24sIGRlc3BpdGUKICAg ICAgdGhlIHNlY3VyaXR5IHdlYWtuZXNzZXMgaW5oZXJlbnQgaW4gcGFzc3dvcmRzLgogICBvICBU aGlyZC1wYXJ0eSBhcHBsaWNhdGlvbnMgZ2FpbiBvdmVybHkgYnJvYWQgYWNjZXNzIHRvIHRoZSBy ZXNvdXJjZQogICAgICBvd25lcidzIHByb3RlY3RlZCByZXNvdXJjZXMsIGxlYXZpbmcgcmVzb3Vy Y2Ugb3duZXJzIHdpdGhvdXQgYW55CiAgICAgIGFiaWxpdHkgdG8gcmVzdHJpY3QgZHVyYXRpb24g b3IgYWNjZXNzIHRvIGEgbGltaXRlZCBzdWJzZXQgb2YKICAgICAgcmVzb3VyY2VzLgogICBvICBS ZXNvdXJjZSBvd25lcnMgY2Fubm90IHJldm9rZSBhY2Nlc3MgdG8gYW4gaW5kaXZpZHVhbCB0aGly ZC1wYXJ0eQogICAgICB3aXRob3V0IHJldm9raW5nIGFjY2VzcyB0byBhbGwgdGhpcmQtcGFydGll cywgYW5kIG11c3QgZG8gc28gYnkKICAgICAgY2hhbmdpbmcgdGhlaXIgcGFzc3dvcmQuCiAgIG8g IENvbXByb21pc2Ugb2YgYW55IHRoaXJkLXBhcnR5IGFwcGxpY2F0aW9uIHJlc3VsdHMgaW4gY29t cHJvbWlzZSBvZgogICAgICB0aGUgZW5kLXVzZXIncyBwYXNzd29yZCBhbmQgYWxsIG9mIHRoZSBk YXRhIHByb3RlY3RlZCBieSB0aGF0CiAgICAgIHBhc3N3b3JkLgoKICAgT0F1dGggYWRkcmVzc2Vz IHRoZXNlIGlzc3VlcyBieSBpbnRyb2R1Y2luZyBhbiBhdXRob3JpemF0aW9uIGxheWVyCiAgIGFu ZCBzZXBhcmF0aW5nIHRoZSByb2xlIG9mIHRoZSBjbGllbnQgZnJvbSB0aGF0IG9mIHRoZSByZXNv dXJjZQogICBvd25lci4gIEluIE9BdXRoLCB0aGUgY2xpZW50IHJlcXVlc3RzIGFjY2VzcyB0byBy ZXNvdXJjZXMgY29udHJvbGxlZAogICBieSB0aGUgcmVzb3VyY2Ugb3duZXIgYW5kIGhvc3RlZCBi eSB0aGUgcmVzb3VyY2Ugc2VydmVyLCBhbmQgaXMKICAgaXNzdWVkIGEgZGlmZmVyZW50IHNldCBv ZiBjcmVkZW50aWFscyB0aGFuIHRob3NlIG9mIHRoZSByZXNvdXJjZQogICBvd25lci4KCiAgIElu c3RlYWQgb2YgdXNpbmcgdGhlIHJlc291cmNlIG93bmVyJ3MgY3JlZGVudGlhbHMgdG8gYWNjZXNz IHByb3RlY3RlZAogICByZXNvdXJjZXMsIHRoZSBjbGllbnQgb2J0YWlucyBhbiBhY2Nlc3MgdG9r ZW4gLSBhIHN0cmluZyBkZW5vdGluZyBhCiAgIHNwZWNpZmljIHNjb3BlLCBsaWZldGltZSwgYW5k IG90aGVyIGFjY2VzcyBhdHRyaWJ1dGVzLiAgQWNjZXNzIHRva2VucwogICBhcmUgaXNzdWVkIHRv IHRoaXJkLXBhcnR5IGNsaWVudHMgYnkgYW4gYXV0aG9yaXphdGlvbiBzZXJ2ZXIgd2l0aCB0aGUK ICAgYXBwcm92YWwgb2YgdGhlIHJlc291cmNlIG93bmVyLiAgVGhlIGNsaWVudCB1c2VzIHRoZSBh Y2Nlc3MgdG9rZW4gdG8KICAgYWNjZXNzIHRoZSBwcm90ZWN0ZWQgcmVzb3VyY2VzIGhvc3RlZCBi eSB0aGUgcmVzb3VyY2Ugc2VydmVyLgoKICAgRm9yIGV4YW1wbGUsIGFuIGVuZC11c2VyIChyZXNv dXJjZSBvd25lcikgY2FuIGdyYW50IGEgcHJpbnRpbmcKICAgc2VydmljZSAoY2xpZW50KSBhY2Nl c3MgdG8gaGVyIHByb3RlY3RlZCBwaG90b3Mgc3RvcmVkIGF0IGEgcGhvdG8KICAgc2hhcmluZyBz ZXJ2aWNlIChyZXNvdXJjZSBzZXJ2ZXIpLCB3aXRob3V0IHNoYXJpbmcgaGVyIHVzZXJuYW1lIGFu ZAogICBwYXNzd29yZCB3aXRoIHRoZSBwcmludGluZyBzZXJ2aWNlLiAgSW5zdGVhZCwgc2hlIGF1 dGhlbnRpY2F0ZXMKICAgZGlyZWN0bHkgd2l0aCBhIHNlcnZlciB0cnVzdGVkIGJ5IHRoZSBwaG90 byBzaGFyaW5nIHNlcnZpY2UKICAgKGF1dGhvcml6YXRpb24gc2VydmVyKSB3aGljaCBpc3N1ZXMg dGhlIHByaW50aW5nIHNlcnZpY2UgZGVsZWdhdGlvbi0KICAgc3BlY2lmaWMgY3JlZGVudGlhbHMg KGFjY2VzcyB0b2tlbikuCgogICBUaGlzIHNwZWNpZmljYXRpb24gaXMgZGVzaWduZWQgZm9yIHVz ZSB3aXRoIEhUVFAgKFtSRkMyNjE2XSkuICBUaGUKCgoKSGFyZHQgJiBSZWNvcmRvbiAgICAgICAg RXhwaXJlcyBKYW51YXJ5IDEwLCAyMDEzICAgICAgICAgICAgICAgIFtQYWdlIDVdCgwKSW50ZXJu ZXQtRHJhZnQgICAgICAgICAgICAgICAgICBPQXV0aCAyLjAgICAgICAgICAgICAgICAgICAgICAg SnVseSAyMDEyCgoKICAgdXNlIG9mIE9BdXRoIG92ZXIgYW55IG90aGVyIHByb3RvY29sIHRoYW4g SFRUUCBpcyBvdXQgb2Ygc2NvcGUuCgogICBUaGUgT0F1dGggMS4wIHByb3RvY29sIChbUkZDNTg0 OV0pLCBwdWJsaXNoZWQgYXMgYW4gaW5mb3JtYXRpb25hbAogICBkb2N1bWVudCwgd2FzIHRoZSBy ZXN1bHQgb2YgYSBzbWFsbCBhZC1ob2MgY29tbXVuaXR5IGVmZm9ydC4gIFRoaXMKICAgc3RhbmRh cmRzLXRyYWNrIHNwZWNpZmljYXRpb24gYnVpbGRzIG9uIHRoZSBPQXV0aCAxLjAgZGVwbG95bWVu dAogICBleHBlcmllbmNlLCBhcyB3ZWxsIGFzIGFkZGl0aW9uYWwgdXNlIGNhc2VzIGFuZCBleHRl bnNpYmlsaXR5CiAgIHJlcXVpcmVtZW50cyBnYXRoZXJlZCBmcm9tIHRoZSB3aWRlciBJRVRGIGNv bW11bml0eS4gIFRoZSBPQXV0aCAyLjAKICAgcHJvdG9jb2wgaXMgbm90IGJhY2t3YXJkIGNvbXBh dGlibGUgd2l0aCBPQXV0aCAxLjAuICBUaGUgdHdvIHZlcnNpb25zCiAgIG1heSBjby1leGlzdCBv biB0aGUgbmV0d29yayBhbmQgaW1wbGVtZW50YXRpb25zIG1heSBjaG9vc2UgdG8gc3VwcG9ydAog ICBib3RoLiAgSG93ZXZlciwgaXQgaXMgdGhlIGludGVudGlvbiBvZiB0aGlzIHNwZWNpZmljYXRp b24gdGhhdCBuZXcKICAgaW1wbGVtZW50YXRpb24gc3VwcG9ydCBPQXV0aCAyLjAgYXMgc3BlY2lm aWVkIGluIHRoaXMgZG9jdW1lbnQsIGFuZAogICB0aGF0IE9BdXRoIDEuMCBpcyB1c2VkIG9ubHkg dG8gc3VwcG9ydCBleGlzdGluZyBkZXBsb3ltZW50cy4gIFRoZQogICBPQXV0aCAyLjAgcHJvdG9j b2wgc2hhcmVzIHZlcnkgZmV3IGltcGxlbWVudGF0aW9uIGRldGFpbHMgd2l0aCB0aGUKICAgT0F1 dGggMS4wIHByb3RvY29sLiAgSW1wbGVtZW50ZXJzIGZhbWlsaWFyIHdpdGggT0F1dGggMS4wIHNo b3VsZAogICBhcHByb2FjaCB0aGlzIGRvY3VtZW50IHdpdGhvdXQgYW55IGFzc3VtcHRpb25zIGFz IHRvIGl0cyBzdHJ1Y3R1cmUKICAgYW5kIGRldGFpbHMuCgoxLjEuICBSb2xlcwoKICAgT0F1dGgg ZGVmaW5lcyBmb3VyIHJvbGVzOgoKICAgcmVzb3VyY2Ugb3duZXIKICAgICAgQW4gZW50aXR5IGNh cGFibGUgb2YgZ3JhbnRpbmcgYWNjZXNzIHRvIGEgcHJvdGVjdGVkIHJlc291cmNlLgogICAgICBX aGVuIHRoZSByZXNvdXJjZSBvd25lciBpcyBhIHBlcnNvbiwgaXQgaXMgcmVmZXJyZWQgdG8gYXMg YW4gZW5kLQogICAgICB1c2VyLgogICByZXNvdXJjZSBzZXJ2ZXIKICAgICAgVGhlIHNlcnZlciBo b3N0aW5nIHRoZSBwcm90ZWN0ZWQgcmVzb3VyY2VzLCBjYXBhYmxlIG9mIGFjY2VwdGluZwogICAg ICBhbmQgcmVzcG9uZGluZyB0byBwcm90ZWN0ZWQgcmVzb3VyY2UgcmVxdWVzdHMgdXNpbmcgYWNj ZXNzIHRva2Vucy4KICAgY2xpZW50CiAgICAgIEFuIGFwcGxpY2F0aW9uIG1ha2luZyBwcm90ZWN0 ZWQgcmVzb3VyY2UgcmVxdWVzdHMgb24gYmVoYWxmIG9mIHRoZQogICAgICByZXNvdXJjZSBvd25l ciBhbmQgd2l0aCBpdHMgYXV0aG9yaXphdGlvbi4gIFRoZSB0ZXJtIGNsaWVudCBkb2VzCiAgICAg IG5vdCBpbXBseSBhbnkgcGFydGljdWxhciBpbXBsZW1lbnRhdGlvbiBjaGFyYWN0ZXJpc3RpY3Mg KGUuZy4KICAgICAgd2hldGhlciB0aGUgYXBwbGljYXRpb24gZXhlY3V0ZXMgb24gYSBzZXJ2ZXIs IGEgZGVza3RvcCwgb3Igb3RoZXIKICAgICAgZGV2aWNlcykuCiAgIGF1dGhvcml6YXRpb24gc2Vy dmVyCiAgICAgIFRoZSBzZXJ2ZXIgaXNzdWluZyBhY2Nlc3MgdG9rZW5zIHRvIHRoZSBjbGllbnQg YWZ0ZXIgc3VjY2Vzc2Z1bGx5CiAgICAgIGF1dGhlbnRpY2F0aW5nIHRoZSByZXNvdXJjZSBvd25l ciBhbmQgb2J0YWluaW5nIGF1dGhvcml6YXRpb24uCgogICBUaGUgaW50ZXJhY3Rpb24gYmV0d2Vl biB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgYW5kIHJlc291cmNlIHNlcnZlcgogICBpcyBiZXlv bmQgdGhlIHNjb3BlIG9mIHRoaXMgc3BlY2lmaWNhdGlvbi4gIFRoZSBhdXRob3JpemF0aW9uIHNl cnZlcgogICBtYXkgYmUgdGhlIHNhbWUgc2VydmVyIGFzIHRoZSByZXNvdXJjZSBzZXJ2ZXIgb3Ig YSBzZXBhcmF0ZSBlbnRpdHkuCiAgIEEgc2luZ2xlIGF1dGhvcml6YXRpb24gc2VydmVyIG1heSBp c3N1ZSBhY2Nlc3MgdG9rZW5zIGFjY2VwdGVkIGJ5CiAgIG11bHRpcGxlIHJlc291cmNlIHNlcnZl cnMuCgoKCgoKCgoKSGFyZHQgJiBSZWNvcmRvbiAgICAgICAgRXhwaXJlcyBKYW51YXJ5IDEwLCAy MDEzICAgICAgICAgICAgICAgIFtQYWdlIDZdCgwKSW50ZXJuZXQtRHJhZnQgICAgICAgICAgICAg ICAgICBPQXV0aCAyLjAgICAgICAgICAgICAgICAgICAgICAgSnVseSAyMDEyCgoKMS4yLiAgUHJv dG9jb2wgRmxvdwoKICAgICArLS0tLS0tLS0rICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICstLS0tLS0tLS0tLS0tLS0rCiAgICAgfCAgICAgICAgfC0tKEEpLSBBdXRob3JpemF0aW9uIFJl cXVlc3QgLT58ICAgUmVzb3VyY2UgICAgfAogICAgIHwgICAgICAgIHwgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgfCAgICAgT3duZXIgICAgIHwKICAgICB8ICAgICAgICB8PC0oQiktLSBB dXRob3JpemF0aW9uIEdyYW50IC0tLXwgICAgICAgICAgICAgICB8CiAgICAgfCAgICAgICAgfCAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICArLS0tLS0tLS0tLS0tLS0tKwogICAgIHwgICAg ICAgIHwKICAgICB8ICAgICAgICB8ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICstLS0t LS0tLS0tLS0tLS0rCiAgICAgfCAgICAgICAgfC0tKEMpLS0gQXV0aG9yaXphdGlvbiBHcmFudCAt LT58IEF1dGhvcml6YXRpb24gfAogICAgIHwgQ2xpZW50IHwgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgfCAgICAgU2VydmVyICAgIHwKICAgICB8ICAgICAgICB8PC0oRCktLS0tLSBBY2Nl c3MgVG9rZW4gLS0tLS0tLXwgICAgICAgICAgICAgICB8CiAgICAgfCAgICAgICAgfCAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICArLS0tLS0tLS0tLS0tLS0tKwogICAgIHwgICAgICAgIHwK ICAgICB8ICAgICAgICB8ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICstLS0tLS0tLS0t LS0tLS0rCiAgICAgfCAgICAgICAgfC0tKEUpLS0tLS0gQWNjZXNzIFRva2VuIC0tLS0tLT58ICAg IFJlc291cmNlICAgfAogICAgIHwgICAgICAgIHwgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgfCAgICAgU2VydmVyICAgIHwKICAgICB8ICAgICAgICB8PC0oRiktLS0gUHJvdGVjdGVkIFJl c291cmNlIC0tLXwgICAgICAgICAgICAgICB8CiAgICAgKy0tLS0tLS0tKyAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICArLS0tLS0tLS0tLS0tLS0tKwoKICAgICAgICAgICAgICAgICAgICAg RmlndXJlIDE6IEFic3RyYWN0IFByb3RvY29sIEZsb3cKCiAgIFRoZSBhYnN0cmFjdCBmbG93IGls bHVzdHJhdGVkIGluIEZpZ3VyZSAxIGRlc2NyaWJlcyB0aGUgaW50ZXJhY3Rpb24KICAgYmV0d2Vl biB0aGUgZm91ciByb2xlcyBhbmQgaW5jbHVkZXMgdGhlIGZvbGxvd2luZyBzdGVwczoKCiAgIChB KSAgVGhlIGNsaWVudCByZXF1ZXN0cyBhdXRob3JpemF0aW9uIGZyb20gdGhlIHJlc291cmNlIG93 bmVyLiAgVGhlCiAgICAgICAgYXV0aG9yaXphdGlvbiByZXF1ZXN0IGNhbiBiZSBtYWRlIGRpcmVj dGx5IHRvIHRoZSByZXNvdXJjZSBvd25lcgogICAgICAgIChhcyBzaG93biksIG9yIHByZWZlcmFi bHkgaW5kaXJlY3RseSB2aWEgdGhlIGF1dGhvcml6YXRpb24KICAgICAgICBzZXJ2ZXIgYXMgYW4g aW50ZXJtZWRpYXJ5LgogICAoQikgIFRoZSBjbGllbnQgcmVjZWl2ZXMgYW4gYXV0aG9yaXphdGlv biBncmFudCB3aGljaCBpcyBhIGNyZWRlbnRpYWwKICAgICAgICByZXByZXNlbnRpbmcgdGhlIHJl c291cmNlIG93bmVyJ3MgYXV0aG9yaXphdGlvbiwgZXhwcmVzc2VkIHVzaW5nCiAgICAgICAgb25l IG9mIGZvdXIgZ3JhbnQgdHlwZXMgZGVmaW5lZCBpbiB0aGlzIHNwZWNpZmljYXRpb24gb3IgdXNp bmcKICAgICAgICBhbiBleHRlbnNpb24gZ3JhbnQgdHlwZS4gIFRoZSBhdXRob3JpemF0aW9uIGdy YW50IHR5cGUgZGVwZW5kcwogICAgICAgIG9uIHRoZSBtZXRob2QgdXNlZCBieSB0aGUgY2xpZW50 IHRvIHJlcXVlc3QgYXV0aG9yaXphdGlvbiBhbmQKICAgICAgICB0aGUgdHlwZXMgc3VwcG9ydGVk IGJ5IHRoZSBhdXRob3JpemF0aW9uIHNlcnZlci4KICAgKEMpICBUaGUgY2xpZW50IHJlcXVlc3Rz IGFuIGFjY2VzcyB0b2tlbiBieSBhdXRoZW50aWNhdGluZyB3aXRoIHRoZQogICAgICAgIGF1dGhv cml6YXRpb24gc2VydmVyIGFuZCBwcmVzZW50aW5nIHRoZSBhdXRob3JpemF0aW9uIGdyYW50Lgog ICAoRCkgIFRoZSBhdXRob3JpemF0aW9uIHNlcnZlciBhdXRoZW50aWNhdGVzIHRoZSBjbGllbnQg YW5kIHZhbGlkYXRlcwogICAgICAgIHRoZSBhdXRob3JpemF0aW9uIGdyYW50LCBhbmQgaWYgdmFs aWQgaXNzdWVzIGFuIGFjY2VzcyB0b2tlbi4KICAgKEUpICBUaGUgY2xpZW50IHJlcXVlc3RzIHRo ZSBwcm90ZWN0ZWQgcmVzb3VyY2UgZnJvbSB0aGUgcmVzb3VyY2UKICAgICAgICBzZXJ2ZXIgYW5k IGF1dGhlbnRpY2F0ZXMgYnkgcHJlc2VudGluZyB0aGUgYWNjZXNzIHRva2VuLgogICAoRikgIFRo ZSByZXNvdXJjZSBzZXJ2ZXIgdmFsaWRhdGVzIHRoZSBhY2Nlc3MgdG9rZW4sIGFuZCBpZiB2YWxp ZCwKICAgICAgICBzZXJ2ZXMgdGhlIHJlcXVlc3QuCgogICBUaGUgcHJlZmVycmVkIG1ldGhvZCBm b3IgdGhlIGNsaWVudCB0byBvYnRhaW4gYW4gYXV0aG9yaXphdGlvbiBncmFudAogICBmcm9tIHRo ZSByZXNvdXJjZSBvd25lciAoZGVwaWN0ZWQgaW4gc3RlcHMgKEEpIGFuZCAoQikpIGlzIHRvIHVz ZSB0aGUKICAgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgYXMgYW4gaW50ZXJtZWRpYXJ5IHdoaWNoIGlz IGlsbHVzdHJhdGVkIGluCiAgIEZpZ3VyZSAzLgoKCgpIYXJkdCAmIFJlY29yZG9uICAgICAgICBF eHBpcmVzIEphbnVhcnkgMTAsIDIwMTMgICAgICAgICAgICAgICAgW1BhZ2UgN10KDApJbnRlcm5l dC1EcmFmdCAgICAgICAgICAgICAgICAgIE9BdXRoIDIuMCAgICAgICAgICAgICAgICAgICAgICBK dWx5IDIwMTIKCgoxLjMuICBBdXRob3JpemF0aW9uIEdyYW50CgogICBBbiBhdXRob3JpemF0aW9u IGdyYW50IGlzIGEgY3JlZGVudGlhbCByZXByZXNlbnRpbmcgdGhlIHJlc291cmNlCiAgIG93bmVy J3MgYXV0aG9yaXphdGlvbiAodG8gYWNjZXNzIGl0cyBwcm90ZWN0ZWQgcmVzb3VyY2VzKSB1c2Vk IGJ5IHRoZQogICBjbGllbnQgdG8gb2J0YWluIGFuIGFjY2VzcyB0b2tlbi4gIFRoaXMgc3BlY2lm aWNhdGlvbiBkZWZpbmVzIGZvdXIKICAgZ3JhbnQgdHlwZXM6IGF1dGhvcml6YXRpb24gY29kZSwg aW1wbGljaXQsIHJlc291cmNlIG93bmVyIHBhc3N3b3JkCiAgIGNyZWRlbnRpYWxzLCBhbmQgY2xp ZW50IGNyZWRlbnRpYWxzLCBhcyB3ZWxsIGFzIGFuIGV4dGVuc2liaWxpdHkKICAgbWVjaGFuaXNt IGZvciBkZWZpbmluZyBhZGRpdGlvbmFsIHR5cGVzLgoKMS4zLjEuICBBdXRob3JpemF0aW9uIENv ZGUKCiAgIFRoZSBhdXRob3JpemF0aW9uIGNvZGUgaXMgb2J0YWluZWQgYnkgdXNpbmcgYW4gYXV0 aG9yaXphdGlvbiBzZXJ2ZXIKICAgYXMgYW4gaW50ZXJtZWRpYXJ5IGJldHdlZW4gdGhlIGNsaWVu dCBhbmQgcmVzb3VyY2Ugb3duZXIuICBJbnN0ZWFkIG9mCiAgIHJlcXVlc3RpbmcgYXV0aG9yaXph dGlvbiBkaXJlY3RseSBmcm9tIHRoZSByZXNvdXJjZSBvd25lciwgdGhlIGNsaWVudAogICBkaXJl Y3RzIHRoZSByZXNvdXJjZSBvd25lciB0byBhbiBhdXRob3JpemF0aW9uIHNlcnZlciAodmlhIGl0 cyB1c2VyLQogICBhZ2VudCBhcyBkZWZpbmVkIGluIFtSRkMyNjE2XSksIHdoaWNoIGluIHR1cm4g ZGlyZWN0cyB0aGUgcmVzb3VyY2UKICAgb3duZXIgYmFjayB0byB0aGUgY2xpZW50IHdpdGggdGhl IGF1dGhvcml6YXRpb24gY29kZS4KCiAgIEJlZm9yZSBkaXJlY3RpbmcgdGhlIHJlc291cmNlIG93 bmVyIGJhY2sgdG8gdGhlIGNsaWVudCB3aXRoIHRoZQogICBhdXRob3JpemF0aW9uIGNvZGUsIHRo ZSBhdXRob3JpemF0aW9uIHNlcnZlciBhdXRoZW50aWNhdGVzIHRoZQogICByZXNvdXJjZSBvd25l ciBhbmQgb2J0YWlucyBhdXRob3JpemF0aW9uLiAgQmVjYXVzZSB0aGUgcmVzb3VyY2Ugb3duZXIK ICAgb25seSBhdXRoZW50aWNhdGVzIHdpdGggdGhlIGF1dGhvcml6YXRpb24gc2VydmVyLCB0aGUg cmVzb3VyY2UKICAgb3duZXIncyBjcmVkZW50aWFscyBhcmUgbmV2ZXIgc2hhcmVkIHdpdGggdGhl IGNsaWVudC4KCiAgIFRoZSBhdXRob3JpemF0aW9uIGNvZGUgcHJvdmlkZXMgYSBmZXcgaW1wb3J0 YW50IHNlY3VyaXR5IGJlbmVmaXRzCiAgIHN1Y2ggYXMgdGhlIGFiaWxpdHkgdG8gYXV0aGVudGlj YXRlIHRoZSBjbGllbnQsIGFuZCB0aGUgdHJhbnNtaXNzaW9uCiAgIG9mIHRoZSBhY2Nlc3MgdG9r ZW4gZGlyZWN0bHkgdG8gdGhlIGNsaWVudCB3aXRob3V0IHBhc3NpbmcgaXQgdGhyb3VnaAogICB0 aGUgcmVzb3VyY2Ugb3duZXIncyB1c2VyLWFnZW50LCBwb3RlbnRpYWxseSBleHBvc2luZyBpdCB0 byBvdGhlcnMsCiAgIGluY2x1ZGluZyB0aGUgcmVzb3VyY2Ugb3duZXIuCgoxLjMuMi4gIEltcGxp Y2l0CgogICBUaGUgaW1wbGljaXQgZ3JhbnQgaXMgYSBzaW1wbGlmaWVkIGF1dGhvcml6YXRpb24g Y29kZSBmbG93IG9wdGltaXplZAogICBmb3IgY2xpZW50cyBpbXBsZW1lbnRlZCBpbiBhIGJyb3dz ZXIgdXNpbmcgYSBzY3JpcHRpbmcgbGFuZ3VhZ2Ugc3VjaAogICBhcyBKYXZhU2NyaXB0LiAgSW4g dGhlIGltcGxpY2l0IGZsb3csIGluc3RlYWQgb2YgaXNzdWluZyB0aGUgY2xpZW50CiAgIGFuIGF1 dGhvcml6YXRpb24gY29kZSwgdGhlIGNsaWVudCBpcyBpc3N1ZWQgYW4gYWNjZXNzIHRva2VuIGRp cmVjdGx5CiAgIChhcyB0aGUgcmVzdWx0IG9mIHRoZSByZXNvdXJjZSBvd25lciBhdXRob3JpemF0 aW9uKS4gIFRoZSBncmFudCB0eXBlCiAgIGlzIGltcGxpY2l0IGFzIG5vIGludGVybWVkaWF0ZSBj cmVkZW50aWFscyAoc3VjaCBhcyBhbiBhdXRob3JpemF0aW9uCiAgIGNvZGUpIGFyZSBpc3N1ZWQg KGFuZCBsYXRlciB1c2VkIHRvIG9idGFpbiBhbiBhY2Nlc3MgdG9rZW4pLgoKICAgV2hlbiBpc3N1 aW5nIGFuIGFjY2VzcyB0b2tlbiBkdXJpbmcgdGhlIGltcGxpY2l0IGdyYW50IGZsb3csIHRoZQog ICBhdXRob3JpemF0aW9uIHNlcnZlciBkb2VzIG5vdCBhdXRoZW50aWNhdGUgdGhlIGNsaWVudC4g IEluIHNvbWUKICAgY2FzZXMsIHRoZSBjbGllbnQgaWRlbnRpdHkgY2FuIGJlIHZlcmlmaWVkIHZp YSB0aGUgcmVkaXJlY3Rpb24gVVJJCiAgIHVzZWQgdG8gZGVsaXZlciB0aGUgYWNjZXNzIHRva2Vu IHRvIHRoZSBjbGllbnQuICBUaGUgYWNjZXNzIHRva2VuIG1heQogICBiZSBleHBvc2VkIHRvIHRo ZSByZXNvdXJjZSBvd25lciBvciBvdGhlciBhcHBsaWNhdGlvbnMgd2l0aCBhY2Nlc3MgdG8KICAg dGhlIHJlc291cmNlIG93bmVyJ3MgdXNlci1hZ2VudC4KCiAgIEltcGxpY2l0IGdyYW50cyBpbXBy b3ZlIHRoZSByZXNwb25zaXZlbmVzcyBhbmQgZWZmaWNpZW5jeSBvZiBzb21lCgoKCkhhcmR0ICYg UmVjb3Jkb24gICAgICAgIEV4cGlyZXMgSmFudWFyeSAxMCwgMjAxMyAgICAgICAgICAgICAgICBb UGFnZSA4XQoMCkludGVybmV0LURyYWZ0ICAgICAgICAgICAgICAgICAgT0F1dGggMi4wICAgICAg ICAgICAgICAgICAgICAgIEp1bHkgMjAxMgoKCiAgIGNsaWVudHMgKHN1Y2ggYXMgYSBjbGllbnQg aW1wbGVtZW50ZWQgYXMgYW4gaW4tYnJvd3NlciBhcHBsaWNhdGlvbikKICAgc2luY2UgaXQgcmVk dWNlcyB0aGUgbnVtYmVyIG9mIHJvdW5kIHRyaXBzIHJlcXVpcmVkIHRvIG9idGFpbiBhbgogICBh Y2Nlc3MgdG9rZW4uICBIb3dldmVyLCB0aGlzIGNvbnZlbmllbmNlIHNob3VsZCBiZSB3ZWlnaGVk IGFnYWluc3QKICAgdGhlIHNlY3VyaXR5IGltcGxpY2F0aW9ucyBvZiB1c2luZyBpbXBsaWNpdCBn cmFudHMsIGVzcGVjaWFsbHkgd2hlbgogICB0aGUgYXV0aG9yaXphdGlvbiBjb2RlIGdyYW50IHR5 cGUgaXMgYXZhaWxhYmxlLgoKMS4zLjMuICBSZXNvdXJjZSBPd25lciBQYXNzd29yZCBDcmVkZW50 aWFscwoKICAgVGhlIHJlc291cmNlIG93bmVyIHBhc3N3b3JkIGNyZWRlbnRpYWxzIChpLmUuIHVz ZXJuYW1lIGFuZCBwYXNzd29yZCkKICAgY2FuIGJlIHVzZWQgZGlyZWN0bHkgYXMgYW4gYXV0aG9y aXphdGlvbiBncmFudCB0byBvYnRhaW4gYW4gYWNjZXNzCiAgIHRva2VuLiAgVGhlIGNyZWRlbnRp YWxzIHNob3VsZCBvbmx5IGJlIHVzZWQgd2hlbiB0aGVyZSBpcyBhIGhpZ2gKICAgZGVncmVlIG9m IHRydXN0IGJldHdlZW4gdGhlIHJlc291cmNlIG93bmVyIGFuZCB0aGUgY2xpZW50IChlLmcuIHRo ZQogICBjbGllbnQgaXMgcGFydCBvZiB0aGUgZGV2aWNlIG9wZXJhdGluZyBzeXN0ZW0gb3IgYSBo aWdobHkgcHJpdmlsZWdlZAogICBhcHBsaWNhdGlvbiksIGFuZCB3aGVuIG90aGVyIGF1dGhvcml6 YXRpb24gZ3JhbnQgdHlwZXMgYXJlIG5vdAogICBhdmFpbGFibGUgKHN1Y2ggYXMgYW4gYXV0aG9y aXphdGlvbiBjb2RlKS4KCiAgIEV2ZW4gdGhvdWdoIHRoaXMgZ3JhbnQgdHlwZSByZXF1aXJlcyBk aXJlY3QgY2xpZW50IGFjY2VzcyB0byB0aGUKICAgcmVzb3VyY2Ugb3duZXIgY3JlZGVudGlhbHMs IHRoZSByZXNvdXJjZSBvd25lciBjcmVkZW50aWFscyBhcmUgdXNlZAogICBmb3IgYSBzaW5nbGUg cmVxdWVzdCBhbmQgYXJlIGV4Y2hhbmdlZCBmb3IgYW4gYWNjZXNzIHRva2VuLiAgVGhpcwogICBn cmFudCB0eXBlIGNhbiBlbGltaW5hdGUgdGhlIG5lZWQgZm9yIHRoZSBjbGllbnQgdG8gc3RvcmUg dGhlCiAgIHJlc291cmNlIG93bmVyIGNyZWRlbnRpYWxzIGZvciBmdXR1cmUgdXNlLCBieSBleGNo YW5naW5nIHRoZQogICBjcmVkZW50aWFscyB3aXRoIGEgbG9uZy1saXZlZCBhY2Nlc3MgdG9rZW4g b3IgcmVmcmVzaCB0b2tlbi4KCjEuMy40LiAgQ2xpZW50IENyZWRlbnRpYWxzCgogICBUaGUgY2xp ZW50IGNyZWRlbnRpYWxzIChvciBvdGhlciBmb3JtcyBvZiBjbGllbnQgYXV0aGVudGljYXRpb24p IGNhbgogICBiZSB1c2VkIGFzIGFuIGF1dGhvcml6YXRpb24gZ3JhbnQgd2hlbiB0aGUgYXV0aG9y aXphdGlvbiBzY29wZSBpcwogICBsaW1pdGVkIHRvIHRoZSBwcm90ZWN0ZWQgcmVzb3VyY2VzIHVu ZGVyIHRoZSBjb250cm9sIG9mIHRoZSBjbGllbnQsCiAgIG9yIHRvIHByb3RlY3RlZCByZXNvdXJj ZXMgcHJldmlvdXNseSBhcnJhbmdlZCB3aXRoIHRoZSBhdXRob3JpemF0aW9uCiAgIHNlcnZlci4g IENsaWVudCBjcmVkZW50aWFscyBhcmUgdXNlZCBhcyBhbiBhdXRob3JpemF0aW9uIGdyYW50CiAg IHR5cGljYWxseSB3aGVuIHRoZSBjbGllbnQgaXMgYWN0aW5nIG9uIGl0cyBvd24gYmVoYWxmICh0 aGUgY2xpZW50IGlzCiAgIGFsc28gdGhlIHJlc291cmNlIG93bmVyKSwgb3IgaXMgcmVxdWVzdGlu ZyBhY2Nlc3MgdG8gcHJvdGVjdGVkCiAgIHJlc291cmNlcyBiYXNlZCBvbiBhbiBhdXRob3JpemF0 aW9uIHByZXZpb3VzbHkgYXJyYW5nZWQgd2l0aCB0aGUKICAgYXV0aG9yaXphdGlvbiBzZXJ2ZXIu CgoxLjQuICBBY2Nlc3MgVG9rZW4KCiAgIEFjY2VzcyB0b2tlbnMgYXJlIGNyZWRlbnRpYWxzIHVz ZWQgdG8gYWNjZXNzIHByb3RlY3RlZCByZXNvdXJjZXMuICBBbgogICBhY2Nlc3MgdG9rZW4gaXMg YSBzdHJpbmcgcmVwcmVzZW50aW5nIGFuIGF1dGhvcml6YXRpb24gaXNzdWVkIHRvIHRoZQogICBj bGllbnQuICBUaGUgc3RyaW5nIGlzIHVzdWFsbHkgb3BhcXVlIHRvIHRoZSBjbGllbnQuICBUb2tl bnMKICAgcmVwcmVzZW50IHNwZWNpZmljIHNjb3BlcyBhbmQgZHVyYXRpb25zIG9mIGFjY2Vzcywg Z3JhbnRlZCBieSB0aGUKICAgcmVzb3VyY2Ugb3duZXIsIGFuZCBlbmZvcmNlZCBieSB0aGUgcmVz b3VyY2Ugc2VydmVyIGFuZCBhdXRob3JpemF0aW9uCiAgIHNlcnZlci4KCiAgIFRoZSB0b2tlbiBt YXkgZGVub3RlIGFuIGlkZW50aWZpZXIgdXNlZCB0byByZXRyaWV2ZSB0aGUgYXV0aG9yaXphdGlv bgogICBpbmZvcm1hdGlvbiwgb3Igc2VsZi1jb250YWluIHRoZSBhdXRob3JpemF0aW9uIGluZm9y bWF0aW9uIGluIGEKICAgdmVyaWZpYWJsZSBtYW5uZXIgKGkuZS4gYSB0b2tlbiBzdHJpbmcgY29u c2lzdGluZyBvZiBzb21lIGRhdGEgYW5kIGEKICAgc2lnbmF0dXJlKS4gIEFkZGl0aW9uYWwgYXV0 aGVudGljYXRpb24gY3JlZGVudGlhbHMsIHdoaWNoIGFyZSBiZXlvbmQKCgoKSGFyZHQgJiBSZWNv cmRvbiAgICAgICAgRXhwaXJlcyBKYW51YXJ5IDEwLCAyMDEzICAgICAgICAgICAgICAgIFtQYWdl IDldCgwKSW50ZXJuZXQtRHJhZnQgICAgICAgICAgICAgICAgICBPQXV0aCAyLjAgICAgICAgICAg ICAgICAgICAgICAgSnVseSAyMDEyCgoKICAgdGhlIHNjb3BlIG9mIHRoaXMgc3BlY2lmaWNhdGlv biwgbWF5IGJlIHJlcXVpcmVkIGluIG9yZGVyIGZvciB0aGUKICAgY2xpZW50IHRvIHVzZSBhIHRv a2VuLgoKICAgVGhlIGFjY2VzcyB0b2tlbiBwcm92aWRlcyBhbiBhYnN0cmFjdGlvbiBsYXllciwg cmVwbGFjaW5nIGRpZmZlcmVudAogICBhdXRob3JpemF0aW9uIGNvbnN0cnVjdHMgKGUuZy4gdXNl cm5hbWUgYW5kIHBhc3N3b3JkKSB3aXRoIGEgc2luZ2xlCiAgIHRva2VuIHVuZGVyc3Rvb2QgYnkg dGhlIHJlc291cmNlIHNlcnZlci4gIFRoaXMgYWJzdHJhY3Rpb24gZW5hYmxlcwogICBpc3N1aW5n IGFjY2VzcyB0b2tlbnMgbW9yZSByZXN0cmljdGl2ZSB0aGFuIHRoZSBhdXRob3JpemF0aW9uIGdy YW50CiAgIHVzZWQgdG8gb2J0YWluIHRoZW0sIGFzIHdlbGwgYXMgcmVtb3ZpbmcgdGhlIHJlc291 cmNlIHNlcnZlcidzIG5lZWQKICAgdG8gdW5kZXJzdGFuZCBhIHdpZGUgcmFuZ2Ugb2YgYXV0aGVu dGljYXRpb24gbWV0aG9kcy4KCiAgIEFjY2VzcyB0b2tlbnMgY2FuIGhhdmUgZGlmZmVyZW50IGZv cm1hdHMsIHN0cnVjdHVyZXMsIGFuZCBtZXRob2RzIG9mCiAgIHV0aWxpemF0aW9uIChlLmcuIGNy eXB0b2dyYXBoaWMgcHJvcGVydGllcykgYmFzZWQgb24gdGhlIHJlc291cmNlCiAgIHNlcnZlciBz ZWN1cml0eSByZXF1aXJlbWVudHMuICBBY2Nlc3MgdG9rZW4gYXR0cmlidXRlcyBhbmQgdGhlCiAg IG1ldGhvZHMgdXNlZCB0byBhY2Nlc3MgcHJvdGVjdGVkIHJlc291cmNlcyBhcmUgYmV5b25kIHRo ZSBzY29wZSBvZgogICB0aGlzIHNwZWNpZmljYXRpb24gYW5kIGFyZSBkZWZpbmVkIGJ5IGNvbXBh bmlvbiBzcGVjaWZpY2F0aW9ucy4KCjEuNS4gIFJlZnJlc2ggVG9rZW4KCiAgIFJlZnJlc2ggdG9r ZW5zIGFyZSBjcmVkZW50aWFscyB1c2VkIHRvIG9idGFpbiBhY2Nlc3MgdG9rZW5zLiAgUmVmcmVz aAogICB0b2tlbnMgYXJlIGlzc3VlZCB0byB0aGUgY2xpZW50IGJ5IHRoZSBhdXRob3JpemF0aW9u IHNlcnZlciBhbmQgYXJlCiAgIHVzZWQgdG8gb2J0YWluIGEgbmV3IGFjY2VzcyB0b2tlbiB3aGVu IHRoZSBjdXJyZW50IGFjY2VzcyB0b2tlbgogICBiZWNvbWVzIGludmFsaWQgb3IgZXhwaXJlcywg b3IgdG8gb2J0YWluIGFkZGl0aW9uYWwgYWNjZXNzIHRva2VucwogICB3aXRoIGlkZW50aWNhbCBv ciBuYXJyb3dlciBzY29wZSAoYWNjZXNzIHRva2VucyBtYXkgaGF2ZSBhIHNob3J0ZXIKICAgbGlm ZXRpbWUgYW5kIGZld2VyIHBlcm1pc3Npb25zIHRoYW4gYXV0aG9yaXplZCBieSB0aGUgcmVzb3Vy Y2UKICAgb3duZXIpLiAgSXNzdWluZyBhIHJlZnJlc2ggdG9rZW4gaXMgb3B0aW9uYWwgYXQgdGhl IGRpc2NyZXRpb24gb2YgdGhlCiAgIGF1dGhvcml6YXRpb24gc2VydmVyLiAgSWYgdGhlIGF1dGhv cml6YXRpb24gc2VydmVyIGlzc3VlcyBhIHJlZnJlc2gKICAgdG9rZW4sIGl0IGlzIGluY2x1ZGVk IHdoZW4gaXNzdWluZyBhbiBhY2Nlc3MgdG9rZW4gKGkuZS4gc3RlcCAoRCkgaW4KICAgRmlndXJl IDEpLgoKICAgQSByZWZyZXNoIHRva2VuIGlzIGEgc3RyaW5nIHJlcHJlc2VudGluZyB0aGUgYXV0 aG9yaXphdGlvbiBncmFudGVkIHRvCiAgIHRoZSBjbGllbnQgYnkgdGhlIHJlc291cmNlIG93bmVy LiAgVGhlIHN0cmluZyBpcyB1c3VhbGx5IG9wYXF1ZSB0bwogICB0aGUgY2xpZW50LiAgVGhlIHRv a2VuIGRlbm90ZXMgYW4gaWRlbnRpZmllciB1c2VkIHRvIHJldHJpZXZlIHRoZQogICBhdXRob3Jp emF0aW9uIGluZm9ybWF0aW9uLiAgVW5saWtlIGFjY2VzcyB0b2tlbnMsIHJlZnJlc2ggdG9rZW5z IGFyZQogICBpbnRlbmRlZCBmb3IgdXNlIG9ubHkgd2l0aCBhdXRob3JpemF0aW9uIHNlcnZlcnMg YW5kIGFyZSBuZXZlciBzZW50CiAgIHRvIHJlc291cmNlIHNlcnZlcnMuCgoKCgoKCgoKCgoKCgoK CgpIYXJkdCAmIFJlY29yZG9uICAgICAgICBFeHBpcmVzIEphbnVhcnkgMTAsIDIwMTMgICAgICAg ICAgICAgICBbUGFnZSAxMF0KDApJbnRlcm5ldC1EcmFmdCAgICAgICAgICAgICAgICAgIE9BdXRo IDIuMCAgICAgICAgICAgICAgICAgICAgICBKdWx5IDIwMTIKCgogICstLS0tLS0tLSsgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgKy0tLS0tLS0tLS0tLS0tLSsKICB8 ICAgICAgICB8LS0oQSktLS0tLS0tIEF1dGhvcml6YXRpb24gR3JhbnQgLS0tLS0tLS0tPnwgICAg ICAgICAgICAgICB8CiAgfCAgICAgICAgfCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICB8ICAgICAgICAgICAgICAgfAogIHwgICAgICAgIHw8LShCKS0tLS0tLS0tLS0t IEFjY2VzcyBUb2tlbiAtLS0tLS0tLS0tLS0tfCAgICAgICAgICAgICAgIHwKICB8ICAgICAgICB8 ICAgICAgICAgICAgICAgJiBSZWZyZXNoIFRva2VuICAgICAgICAgICAgIHwgICAgICAgICAgICAg ICB8CiAgfCAgICAgICAgfCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICB8ICAgICAgICAgICAgICAgfAogIHwgICAgICAgIHwgICAgICAgICAgICAgICAgICAgICAgICAg ICAgKy0tLS0tLS0tLS0rICAgfCAgICAgICAgICAgICAgIHwKICB8ICAgICAgICB8LS0oQyktLS0t IEFjY2VzcyBUb2tlbiAtLS0tPnwgICAgICAgICAgfCAgIHwgICAgICAgICAgICAgICB8CiAgfCAg ICAgICAgfCAgICAgICAgICAgICAgICAgICAgICAgICAgICB8ICAgICAgICAgIHwgICB8ICAgICAg ICAgICAgICAgfAogIHwgICAgICAgIHw8LShEKS0gUHJvdGVjdGVkIFJlc291cmNlIC0tfCBSZXNv dXJjZSB8ICAgfCBBdXRob3JpemF0aW9uIHwKICB8IENsaWVudCB8ICAgICAgICAgICAgICAgICAg ICAgICAgICAgIHwgIFNlcnZlciAgfCAgIHwgICAgIFNlcnZlciAgICB8CiAgfCAgICAgICAgfC0t KEUpLS0tLSBBY2Nlc3MgVG9rZW4gLS0tLT58ICAgICAgICAgIHwgICB8ICAgICAgICAgICAgICAg fAogIHwgICAgICAgIHwgICAgICAgICAgICAgICAgICAgICAgICAgICAgfCAgICAgICAgICB8ICAg fCAgICAgICAgICAgICAgIHwKICB8ICAgICAgICB8PC0oRiktIEludmFsaWQgVG9rZW4gRXJyb3Ig LXwgICAgICAgICAgfCAgIHwgICAgICAgICAgICAgICB8CiAgfCAgICAgICAgfCAgICAgICAgICAg ICAgICAgICAgICAgICAgICArLS0tLS0tLS0tLSsgICB8ICAgICAgICAgICAgICAgfAogIHwgICAg ICAgIHwgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgfCAgICAgICAg ICAgICAgIHwKICB8ICAgICAgICB8LS0oRyktLS0tLS0tLS0tLSBSZWZyZXNoIFRva2VuIC0tLS0t LS0tLS0tPnwgICAgICAgICAgICAgICB8CiAgfCAgICAgICAgfCAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICB8ICAgICAgICAgICAgICAgfAogIHwgICAgICAgIHw8LShI KS0tLS0tLS0tLS0tIEFjY2VzcyBUb2tlbiAtLS0tLS0tLS0tLS0tfCAgICAgICAgICAgICAgIHwK ICArLS0tLS0tLS0rICAgICAgICAgICAmIE9wdGlvbmFsIFJlZnJlc2ggVG9rZW4gICAgICAgICst LS0tLS0tLS0tLS0tLS0rCgogICAgICAgICAgICAgICBGaWd1cmUgMjogUmVmcmVzaGluZyBhbiBF eHBpcmVkIEFjY2VzcyBUb2tlbgoKICAgVGhlIGZsb3cgaWxsdXN0cmF0ZWQgaW4gRmlndXJlIDIg aW5jbHVkZXMgdGhlIGZvbGxvd2luZyBzdGVwczoKCiAgIChBKSAgVGhlIGNsaWVudCByZXF1ZXN0 cyBhbiBhY2Nlc3MgdG9rZW4gYnkgYXV0aGVudGljYXRpbmcgd2l0aCB0aGUKICAgICAgICBhdXRo b3JpemF0aW9uIHNlcnZlciwgYW5kIHByZXNlbnRpbmcgYW4gYXV0aG9yaXphdGlvbiBncmFudC4K ICAgKEIpICBUaGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgYXV0aGVudGljYXRlcyB0aGUgY2xpZW50 IGFuZCB2YWxpZGF0ZXMKICAgICAgICB0aGUgYXV0aG9yaXphdGlvbiBncmFudCwgYW5kIGlmIHZh bGlkIGlzc3VlcyBhbiBhY2Nlc3MgdG9rZW4gYW5kCiAgICAgICAgYSByZWZyZXNoIHRva2VuLgog ICAoQykgIFRoZSBjbGllbnQgbWFrZXMgYSBwcm90ZWN0ZWQgcmVzb3VyY2UgcmVxdWVzdCB0byB0 aGUgcmVzb3VyY2UKICAgICAgICBzZXJ2ZXIgYnkgcHJlc2VudGluZyB0aGUgYWNjZXNzIHRva2Vu LgogICAoRCkgIFRoZSByZXNvdXJjZSBzZXJ2ZXIgdmFsaWRhdGVzIHRoZSBhY2Nlc3MgdG9rZW4s IGFuZCBpZiB2YWxpZCwKICAgICAgICBzZXJ2ZXMgdGhlIHJlcXVlc3QuCiAgIChFKSAgU3RlcHMg KEMpIGFuZCAoRCkgcmVwZWF0IHVudGlsIHRoZSBhY2Nlc3MgdG9rZW4gZXhwaXJlcy4gIElmIHRo ZQogICAgICAgIGNsaWVudCBrbm93cyB0aGUgYWNjZXNzIHRva2VuIGV4cGlyZWQsIGl0IHNraXBz IHRvIHN0ZXAgKEcpLAogICAgICAgIG90aGVyd2lzZSBpdCBtYWtlcyBhbm90aGVyIHByb3RlY3Rl ZCByZXNvdXJjZSByZXF1ZXN0LgogICAoRikgIFNpbmNlIHRoZSBhY2Nlc3MgdG9rZW4gaXMgaW52 YWxpZCwgdGhlIHJlc291cmNlIHNlcnZlciByZXR1cm5zCiAgICAgICAgYW4gaW52YWxpZCB0b2tl biBlcnJvci4KICAgKEcpICBUaGUgY2xpZW50IHJlcXVlc3RzIGEgbmV3IGFjY2VzcyB0b2tlbiBi eSBhdXRoZW50aWNhdGluZyB3aXRoCiAgICAgICAgdGhlIGF1dGhvcml6YXRpb24gc2VydmVyIGFu ZCBwcmVzZW50aW5nIHRoZSByZWZyZXNoIHRva2VuLiAgVGhlCiAgICAgICAgY2xpZW50IGF1dGhl bnRpY2F0aW9uIHJlcXVpcmVtZW50cyBhcmUgYmFzZWQgb24gdGhlIGNsaWVudCB0eXBlCiAgICAg ICAgYW5kIG9uIHRoZSBhdXRob3JpemF0aW9uIHNlcnZlciBwb2xpY2llcy4KICAgKEgpICBUaGUg YXV0aG9yaXphdGlvbiBzZXJ2ZXIgYXV0aGVudGljYXRlcyB0aGUgY2xpZW50IGFuZCB2YWxpZGF0 ZXMKICAgICAgICB0aGUgcmVmcmVzaCB0b2tlbiwgYW5kIGlmIHZhbGlkIGlzc3VlcyBhIG5ldyBh Y2Nlc3MgdG9rZW4gKGFuZAogICAgICAgIG9wdGlvbmFsbHksIGEgbmV3IHJlZnJlc2ggdG9rZW4p LgoKICAgU3RlcHMgQywgRCwgRSwgYW5kIEYgYXJlIG91dHNpZGUgdGhlIHNjb3BlIG9mIHRoaXMg c3BlY2lmaWNhdGlvbiBhcwoKCgpIYXJkdCAmIFJlY29yZG9uICAgICAgICBFeHBpcmVzIEphbnVh cnkgMTAsIDIwMTMgICAgICAgICAgICAgICBbUGFnZSAxMV0KDApJbnRlcm5ldC1EcmFmdCAgICAg ICAgICAgICAgICAgIE9BdXRoIDIuMCAgICAgICAgICAgICAgICAgICAgICBKdWx5IDIwMTIKCgog ICBkZXNjcmliZWQgaW4gU2VjdGlvbiA3LgoKMS42LiAgVExTIFZlcnNpb24KCiAgIFdoZW5ldmVy IFRMUyBpcyB1c2VkIGJ5IHRoaXMgc3BlY2lmaWNhdGlvbiwgdGhlIGFwcHJvcHJpYXRlIHZlcnNp b24KICAgKG9yIHZlcnNpb25zKSBvZiBUTFMgd2lsbCB2YXJ5IG92ZXIgdGltZSwgYmFzZWQgb24g dGhlIHdpZGVzcHJlYWQKICAgZGVwbG95bWVudCBhbmQga25vd24gc2VjdXJpdHkgdnVsbmVyYWJp bGl0aWVzLiAgQXQgdGhlIHRpbWUgb2YgdGhpcwogICB3cml0aW5nLCBUTFMgdmVyc2lvbiAxLjIg W1JGQzUyNDZdIGlzIHRoZSBtb3N0IHJlY2VudCB2ZXJzaW9uLCBidXQKICAgaGFzIGEgdmVyeSBs aW1pdGVkIGRlcGxveW1lbnQgYmFzZSBhbmQgbWlnaHQgbm90IGJlIHJlYWRpbHkgYXZhaWxhYmxl CiAgIGZvciBpbXBsZW1lbnRhdGlvbi4gIFRMUyB2ZXJzaW9uIDEuMCBbUkZDMjI0Nl0gaXMgdGhl IG1vc3Qgd2lkZWx5CiAgIGRlcGxveWVkIHZlcnNpb24sIGFuZCB3aWxsIHByb3ZpZGUgdGhlIGJy b2FkZXN0IGludGVyb3BlcmFiaWxpdHkuCgogICBJbXBsZW1lbnRhdGlvbnMgTUFZIGFsc28gc3Vw cG9ydCBhZGRpdGlvbmFsIHRyYW5zcG9ydC1sYXllciBzZWN1cml0eQogICBtZWNoYW5pc21zIHRo YXQgbWVldCB0aGVpciBzZWN1cml0eSByZXF1aXJlbWVudHMuCgoxLjcuICBIVFRQIFJlZGlyZWN0 aW9ucwoKICAgVGhpcyBzcGVjaWZpY2F0aW9uIG1ha2VzIGV4dGVuc2l2ZSB1c2Ugb2YgSFRUUCBy ZWRpcmVjdGlvbnMsIGluIHdoaWNoCiAgIHRoZSBjbGllbnQgb3IgdGhlIGF1dGhvcml6YXRpb24g c2VydmVyIGRpcmVjdHMgdGhlIHJlc291cmNlIG93bmVyJ3MKICAgdXNlci1hZ2VudCB0byBhbm90 aGVyIGRlc3RpbmF0aW9uLiAgV2hpbGUgdGhlIGV4YW1wbGVzIGluIHRoaXMKICAgc3BlY2lmaWNh dGlvbiBzaG93IHRoZSB1c2Ugb2YgdGhlIEhUVFAgMzAyIHN0YXR1cyBjb2RlLCBhbnkgb3RoZXIK ICAgbWV0aG9kIGF2YWlsYWJsZSB2aWEgdGhlIHVzZXItYWdlbnQgdG8gYWNjb21wbGlzaCB0aGlz IHJlZGlyZWN0aW9uIGlzCiAgIGFsbG93ZWQgYW5kIGlzIGNvbnNpZGVyZWQgdG8gYmUgYW4gaW1w bGVtZW50YXRpb24gZGV0YWlsLgoKMS44LiAgSW50ZXJvcGVyYWJpbGl0eQoKICAgT0F1dGggMi4w IHByb3ZpZGVzIGEgcmljaCBhdXRob3JpemF0aW9uIGZyYW1ld29yayB3aXRoIHdlbGwtZGVmaW5l ZAogICBzZWN1cml0eSBwcm9wZXJ0aWVzLiAgSG93ZXZlciwgYXMgYSByaWNoIGFuZCBoaWdobHkg ZXh0ZW5zaWJsZQogICBmcmFtZXdvcmsgd2l0aCBtYW55IG9wdGlvbmFsIGNvbXBvbmVudHMsIG9u IGl0cyBvd24sIHRoaXMKICAgc3BlY2lmaWNhdGlvbiBpcyBsaWtlbHkgdG8gcHJvZHVjZSBhIHdp ZGUgcmFuZ2Ugb2Ygbm9uLWludGVyb3BlcmFibGUKICAgaW1wbGVtZW50YXRpb25zLgoKICAgSW4g YWRkaXRpb24sIHRoaXMgc3BlY2lmaWNhdGlvbiBsZWF2ZXMgYSBmZXcgcmVxdWlyZWQgY29tcG9u ZW50cwogICBwYXJ0aWFsbHkgb3IgZnVsbHkgdW5kZWZpbmVkIChlLmcuIGNsaWVudCByZWdpc3Ry YXRpb24sIGF1dGhvcml6YXRpb24KICAgc2VydmVyIGNhcGFiaWxpdGllcywgZW5kcG9pbnQgZGlz Y292ZXJ5KS4gIFdpdGhvdXQgdGhlc2UgY29tcG9uZW50cywKICAgY2xpZW50cyBtdXN0IGJlIG1h bnVhbGx5IGFuZCBzcGVjaWZpY2FsbHkgY29uZmlndXJlZCBhZ2FpbnN0IGEKICAgc3BlY2lmaWMg YXV0aG9yaXphdGlvbiBzZXJ2ZXIgYW5kIHJlc291cmNlIHNlcnZlciBpbiBvcmRlciB0bwogICBp bnRlcm9wZXJhdGUuCgogICBUaGlzIGZyYW1ld29yayB3YXMgZGVzaWduZWQgd2l0aCB0aGUgY2xl YXIgZXhwZWN0YXRpb24gdGhhdCBmdXR1cmUKICAgd29yayB3aWxsIGRlZmluZSBwcmVzY3JpcHRp dmUgcHJvZmlsZXMgYW5kIGV4dGVuc2lvbnMgbmVjZXNzYXJ5IHRvCiAgIGFjaGlldmUgZnVsbCB3 ZWItc2NhbGUgaW50ZXJvcGVyYWJpbGl0eS4KCjEuOS4gIE5vdGF0aW9uYWwgQ29udmVudGlvbnMK CiAgIFRoZSBrZXkgd29yZHMgIk1VU1QiLCAiTVVTVCBOT1QiLCAiUkVRVUlSRUQiLCAiU0hBTEwi LCAiU0hBTEwgTk9UIiwKICAgIlNIT1VMRCIsICJTSE9VTEQgTk9UIiwgIlJFQ09NTUVOREVEIiwg Ik1BWSIsIGFuZCAiT1BUSU9OQUwiIGluIHRoaXMKICAgc3BlY2lmaWNhdGlvbiBhcmUgdG8gYmUg aW50ZXJwcmV0ZWQgYXMgZGVzY3JpYmVkIGluIFtSRkMyMTE5XS4KCgoKSGFyZHQgJiBSZWNvcmRv biAgICAgICAgRXhwaXJlcyBKYW51YXJ5IDEwLCAyMDEzICAgICAgICAgICAgICAgW1BhZ2UgMTJd CgwKSW50ZXJuZXQtRHJhZnQgICAgICAgICAgICAgICAgICBPQXV0aCAyLjAgICAgICAgICAgICAg ICAgICAgICAgSnVseSAyMDEyCgoKICAgVGhpcyBzcGVjaWZpY2F0aW9uIHVzZXMgdGhlIEF1Z21l bnRlZCBCYWNrdXMtTmF1ciBGb3JtIChBQk5GKQogICBub3RhdGlvbiBvZiBbUkZDNTIzNF0uICBB ZGRpdGlvbmFsbHksIHRoZSBydWxlIFVSSS1SZWZlcmVuY2UgaXMKICAgaW5jbHVkZWQgZnJvbSBV bmlmb3JtIFJlc291cmNlIElkZW50aWZpZXIgKFVSSSkgW1JGQzM5ODZdLgoKICAgQ2VydGFpbiBz ZWN1cml0eS1yZWxhdGVkIHRlcm1zIGFyZSB0byBiZSB1bmRlcnN0b29kIGluIHRoZSBzZW5zZQog ICBkZWZpbmVkIGluIFtSRkM0OTQ5XS4gIFRoZXNlIHRlcm1zIGluY2x1ZGUsIGJ1dCBhcmUgbm90 IGxpbWl0ZWQgdG8sCiAgICJhdHRhY2siLCAiYXV0aGVudGljYXRpb24iLCAiYXV0aG9yaXphdGlv biIsICJjZXJ0aWZpY2F0ZSIsCiAgICJjb25maWRlbnRpYWxpdHkiLCAiY3JlZGVudGlhbCIsICJl bmNyeXB0aW9uIiwgImlkZW50aXR5IiwgInNpZ24iLAogICAic2lnbmF0dXJlIiwgInRydXN0Iiwg InZhbGlkYXRlIiwgYW5kICJ2ZXJpZnkiLgoKICAgVW5sZXNzIG90aGVyd2lzZSBub3RlZCwgYWxs IHRoZSBwcm90b2NvbCBwYXJhbWV0ZXIgbmFtZXMgYW5kIHZhbHVlcwogICBhcmUgY2FzZSBzZW5z aXRpdmUuCgoKMi4gIENsaWVudCBSZWdpc3RyYXRpb24KCiAgIEJlZm9yZSBpbml0aWF0aW5nIHRo ZSBwcm90b2NvbCwgdGhlIGNsaWVudCByZWdpc3RlcnMgd2l0aCB0aGUKICAgYXV0aG9yaXphdGlv biBzZXJ2ZXIuICBUaGUgbWVhbnMgdGhyb3VnaCB3aGljaCB0aGUgY2xpZW50IHJlZ2lzdGVycwog ICB3aXRoIHRoZSBhdXRob3JpemF0aW9uIHNlcnZlciBhcmUgYmV5b25kIHRoZSBzY29wZSBvZiB0 aGlzCiAgIHNwZWNpZmljYXRpb24sIGJ1dCB0eXBpY2FsbHkgaW52b2x2ZSBlbmQtdXNlciBpbnRl cmFjdGlvbiB3aXRoIGFuCiAgIEhUTUwgcmVnaXN0cmF0aW9uIGZvcm0uCgogICBDbGllbnQgcmVn aXN0cmF0aW9uIGRvZXMgbm90IHJlcXVpcmUgYSBkaXJlY3QgaW50ZXJhY3Rpb24gYmV0d2VlbiB0 aGUKICAgY2xpZW50IGFuZCB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIuICBXaGVuIHN1cHBvcnRl ZCBieSB0aGUKICAgYXV0aG9yaXphdGlvbiBzZXJ2ZXIsIHJlZ2lzdHJhdGlvbiBjYW4gcmVseSBv biBvdGhlciBtZWFucyBmb3IKICAgZXN0YWJsaXNoaW5nIHRydXN0IGFuZCBvYnRhaW5pbmcgdGhl IHJlcXVpcmVkIGNsaWVudCBwcm9wZXJ0aWVzIChlLmcuCiAgIHJlZGlyZWN0aW9uIFVSSSwgY2xp ZW50IHR5cGUpLiAgRm9yIGV4YW1wbGUsIHJlZ2lzdHJhdGlvbiBjYW4gYmUKICAgYWNjb21wbGlz aGVkIHVzaW5nIGEgc2VsZi1pc3N1ZWQgb3IgdGhpcmQtcGFydHktaXNzdWVkIGFzc2VydGlvbiwg b3IKICAgYnkgdGhlIGF1dGhvcml6YXRpb24gc2VydmVyIHBlcmZvcm1pbmcgY2xpZW50IGRpc2Nv dmVyeSB1c2luZyBhCiAgIHRydXN0ZWQgY2hhbm5lbC4KCiAgIFdoZW4gcmVnaXN0ZXJpbmcgYSBj bGllbnQsIHRoZSBjbGllbnQgZGV2ZWxvcGVyIFNIQUxMOgoKICAgbyAgc3BlY2lmeSB0aGUgY2xp ZW50IHR5cGUgYXMgZGVzY3JpYmVkIGluIFNlY3Rpb24gMi4xLAogICBvICBwcm92aWRlIGl0cyBj bGllbnQgcmVkaXJlY3Rpb24gVVJJcyBhcyBkZXNjcmliZWQgaW4gU2VjdGlvbiAzLjEuMiwKICAg ICAgYW5kCiAgIG8gIGluY2x1ZGUgYW55IG90aGVyIGluZm9ybWF0aW9uIHJlcXVpcmVkIGJ5IHRo ZSBhdXRob3JpemF0aW9uIHNlcnZlcgogICAgICAoZS5nLiBhcHBsaWNhdGlvbiBuYW1lLCB3ZWJz aXRlLCBkZXNjcmlwdGlvbiwgbG9nbyBpbWFnZSwgdGhlCiAgICAgIGFjY2VwdGFuY2Ugb2YgbGVn YWwgdGVybXMpLgoKMi4xLiAgQ2xpZW50IFR5cGVzCgogICBPQXV0aCBkZWZpbmVzIHR3byBjbGll bnQgdHlwZXMsIGJhc2VkIG9uIHRoZWlyIGFiaWxpdHkgdG8KICAgYXV0aGVudGljYXRlIHNlY3Vy ZWx5IHdpdGggdGhlIGF1dGhvcml6YXRpb24gc2VydmVyIChpLmUuIGFiaWxpdHkgdG8KICAgbWFp bnRhaW4gdGhlIGNvbmZpZGVudGlhbGl0eSBvZiB0aGVpciBjbGllbnQgY3JlZGVudGlhbHMpOgoK CgoKCgpIYXJkdCAmIFJlY29yZG9uICAgICAgICBFeHBpcmVzIEphbnVhcnkgMTAsIDIwMTMgICAg ICAgICAgICAgICBbUGFnZSAxM10KDApJbnRlcm5ldC1EcmFmdCAgICAgICAgICAgICAgICAgIE9B dXRoIDIuMCAgICAgICAgICAgICAgICAgICAgICBKdWx5IDIwMTIKCgogICBjb25maWRlbnRpYWwK ICAgICAgQ2xpZW50cyBjYXBhYmxlIG9mIG1haW50YWluaW5nIHRoZSBjb25maWRlbnRpYWxpdHkg b2YgdGhlaXIKICAgICAgY3JlZGVudGlhbHMgKGUuZy4gY2xpZW50IGltcGxlbWVudGVkIG9uIGEg c2VjdXJlIHNlcnZlciB3aXRoCiAgICAgIHJlc3RyaWN0ZWQgYWNjZXNzIHRvIHRoZSBjbGllbnQg Y3JlZGVudGlhbHMpLCBvciBjYXBhYmxlIG9mIHNlY3VyZQogICAgICBjbGllbnQgYXV0aGVudGlj YXRpb24gdXNpbmcgb3RoZXIgbWVhbnMuCiAgIHB1YmxpYwogICAgICBDbGllbnRzIGluY2FwYWJs ZSBvZiBtYWludGFpbmluZyB0aGUgY29uZmlkZW50aWFsaXR5IG9mIHRoZWlyCiAgICAgIGNyZWRl bnRpYWxzIChlLmcuIGNsaWVudHMgZXhlY3V0aW5nIG9uIHRoZSBkZXZpY2UgdXNlZCBieSB0aGUK ICAgICAgcmVzb3VyY2Ugb3duZXIgc3VjaCBhcyBhbiBpbnN0YWxsZWQgbmF0aXZlIGFwcGxpY2F0 aW9uIG9yIGEgd2ViCiAgICAgIGJyb3dzZXItYmFzZWQgYXBwbGljYXRpb24pLCBhbmQgaW5jYXBh YmxlIG9mIHNlY3VyZSBjbGllbnQKICAgICAgYXV0aGVudGljYXRpb24gdmlhIGFueSBvdGhlciBt ZWFucy4KCiAgIFRoZSBjbGllbnQgdHlwZSBkZXNpZ25hdGlvbiBpcyBiYXNlZCBvbiB0aGUgYXV0 aG9yaXphdGlvbiBzZXJ2ZXIncwogICBkZWZpbml0aW9uIG9mIHNlY3VyZSBhdXRoZW50aWNhdGlv biBhbmQgaXRzIGFjY2VwdGFibGUgZXhwb3N1cmUKICAgbGV2ZWxzIG9mIGNsaWVudCBjcmVkZW50 aWFscy4gIFRoZSBhdXRob3JpemF0aW9uIHNlcnZlciBTSE9VTEQgTk9UCiAgIG1ha2UgYXNzdW1w dGlvbnMgYWJvdXQgdGhlIGNsaWVudCB0eXBlLgoKICAgQSBjbGllbnQgbWF5IGJlIGltcGxlbWVu dGVkIGFzIGEgZGlzdHJpYnV0ZWQgc2V0IG9mIGNvbXBvbmVudHMsIGVhY2gKICAgd2l0aCBhIGRp ZmZlcmVudCBjbGllbnQgdHlwZSBhbmQgc2VjdXJpdHkgY29udGV4dCAoZS5nLiBhIGRpc3RyaWJ1 dGVkCiAgIGNsaWVudCB3aXRoIGJvdGggYSBjb25maWRlbnRpYWwgc2VydmVyLWJhc2VkIGNvbXBv bmVudCBhbmQgYSBwdWJsaWMKICAgYnJvd3Nlci1iYXNlZCBjb21wb25lbnQpLiAgSWYgdGhlIGF1 dGhvcml6YXRpb24gc2VydmVyIGRvZXMgbm90CiAgIHByb3ZpZGUgc3VwcG9ydCBmb3Igc3VjaCBj bGllbnRzLCBvciBkb2VzIG5vdCBwcm92aWRlIGd1aWRhbmNlIHdpdGgKICAgcmVnYXJkIHRvIHRo ZWlyIHJlZ2lzdHJhdGlvbiwgdGhlIGNsaWVudCBTSE9VTEQgcmVnaXN0ZXIgZWFjaAogICBjb21w b25lbnQgYXMgYSBzZXBhcmF0ZSBjbGllbnQuCgogICBUaGlzIHNwZWNpZmljYXRpb24gaGFzIGJl ZW4gZGVzaWduZWQgYXJvdW5kIHRoZSBmb2xsb3dpbmcgY2xpZW50CiAgIHByb2ZpbGVzOgoKICAg d2ViIGFwcGxpY2F0aW9uCiAgICAgIEEgd2ViIGFwcGxpY2F0aW9uIGlzIGEgY29uZmlkZW50aWFs IGNsaWVudCBydW5uaW5nIG9uIGEgd2ViCiAgICAgIHNlcnZlci4gIFJlc291cmNlIG93bmVycyBh Y2Nlc3MgdGhlIGNsaWVudCB2aWEgYW4gSFRNTCB1c2VyCiAgICAgIGludGVyZmFjZSByZW5kZXJl ZCBpbiBhIHVzZXItYWdlbnQgb24gdGhlIGRldmljZSB1c2VkIGJ5IHRoZQogICAgICByZXNvdXJj ZSBvd25lci4gIFRoZSBjbGllbnQgY3JlZGVudGlhbHMgYXMgd2VsbCBhcyBhbnkgYWNjZXNzCiAg ICAgIHRva2VuIGlzc3VlZCB0byB0aGUgY2xpZW50IGFyZSBzdG9yZWQgb24gdGhlIHdlYiBzZXJ2 ZXIgYW5kIGFyZQogICAgICBub3QgZXhwb3NlZCB0byBvciBhY2Nlc3NpYmxlIGJ5IHRoZSByZXNv dXJjZSBvd25lci4KICAgdXNlci1hZ2VudC1iYXNlZCBhcHBsaWNhdGlvbgogICAgICBBIHVzZXIt YWdlbnQtYmFzZWQgYXBwbGljYXRpb24gaXMgYSBwdWJsaWMgY2xpZW50IGluIHdoaWNoIHRoZQog ICAgICBjbGllbnQgY29kZSBpcyBkb3dubG9hZGVkIGZyb20gYSB3ZWIgc2VydmVyIGFuZCBleGVj dXRlcyB3aXRoaW4gYQogICAgICB1c2VyLWFnZW50IChlLmcuIHdlYiBicm93c2VyKSBvbiB0aGUg ZGV2aWNlIHVzZWQgYnkgdGhlIHJlc291cmNlCiAgICAgIG93bmVyLiAgUHJvdG9jb2wgZGF0YSBh bmQgY3JlZGVudGlhbHMgYXJlIGVhc2lseSBhY2Nlc3NpYmxlIChhbmQKICAgICAgb2Z0ZW4gdmlz aWJsZSkgdG8gdGhlIHJlc291cmNlIG93bmVyLiAgU2luY2Ugc3VjaCBhcHBsaWNhdGlvbnMKICAg ICAgcmVzaWRlIHdpdGhpbiB0aGUgdXNlci1hZ2VudCwgdGhleSBjYW4gbWFrZSBzZWFtbGVzcyB1 c2Ugb2YgdGhlCiAgICAgIHVzZXItYWdlbnQgY2FwYWJpbGl0aWVzIHdoZW4gcmVxdWVzdGluZyBh dXRob3JpemF0aW9uLgogICBuYXRpdmUgYXBwbGljYXRpb24KICAgICAgQSBuYXRpdmUgYXBwbGlj YXRpb24gaXMgYSBwdWJsaWMgY2xpZW50IGluc3RhbGxlZCBhbmQgZXhlY3V0ZWQgb24KICAgICAg dGhlIGRldmljZSB1c2VkIGJ5IHRoZSByZXNvdXJjZSBvd25lci4gIFByb3RvY29sIGRhdGEgYW5k CiAgICAgIGNyZWRlbnRpYWxzIGFyZSBhY2Nlc3NpYmxlIHRvIHRoZSByZXNvdXJjZSBvd25lci4g IEl0IGlzIGFzc3VtZWQKICAgICAgdGhhdCBhbnkgY2xpZW50IGF1dGhlbnRpY2F0aW9uIGNyZWRl bnRpYWxzIGluY2x1ZGVkIGluIHRoZQoKCgpIYXJkdCAmIFJlY29yZG9uICAgICAgICBFeHBpcmVz IEphbnVhcnkgMTAsIDIwMTMgICAgICAgICAgICAgICBbUGFnZSAxNF0KDApJbnRlcm5ldC1EcmFm dCAgICAgICAgICAgICAgICAgIE9BdXRoIDIuMCAgICAgICAgICAgICAgICAgICAgICBKdWx5IDIw MTIKCgogICAgICBhcHBsaWNhdGlvbiBjYW4gYmUgZXh0cmFjdGVkLiAgT24gdGhlIG90aGVyIGhh bmQsIGR5bmFtaWNhbGx5CiAgICAgIGlzc3VlZCBjcmVkZW50aWFscyBzdWNoIGFzIGFjY2VzcyB0 b2tlbnMgb3IgcmVmcmVzaCB0b2tlbnMgY2FuCiAgICAgIHJlY2VpdmUgYW4gYWNjZXB0YWJsZSBs ZXZlbCBvZiBwcm90ZWN0aW9uLiAgQXQgYSBtaW5pbXVtLCB0aGVzZQogICAgICBjcmVkZW50aWFs cyBhcmUgcHJvdGVjdGVkIGZyb20gaG9zdGlsZSBzZXJ2ZXJzIHdpdGggd2hpY2ggdGhlCiAgICAg IGFwcGxpY2F0aW9uIG1heSBpbnRlcmFjdCB3aXRoLiAgT24gc29tZSBwbGF0Zm9ybXMgdGhlc2UK ICAgICAgY3JlZGVudGlhbHMgbWlnaHQgYmUgcHJvdGVjdGVkIGZyb20gb3RoZXIgYXBwbGljYXRp b25zIHJlc2lkaW5nIG9uCiAgICAgIHRoZSBzYW1lIGRldmljZS4KCjIuMi4gIENsaWVudCBJZGVu dGlmaWVyCgogICBUaGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgaXNzdWVzIHRoZSByZWdpc3RlcmVk IGNsaWVudCBhIGNsaWVudAogICBpZGVudGlmaWVyIC0gYSB1bmlxdWUgc3RyaW5nIHJlcHJlc2Vu dGluZyB0aGUgcmVnaXN0cmF0aW9uCiAgIGluZm9ybWF0aW9uIHByb3ZpZGVkIGJ5IHRoZSBjbGll bnQuICBUaGUgY2xpZW50IGlkZW50aWZpZXIgaXMgbm90IGEKICAgc2VjcmV0OyBpdCBpcyBleHBv c2VkIHRvIHRoZSByZXNvdXJjZSBvd25lciwgYW5kIE1VU1QgTk9UIGJlIHVzZWQKICAgYWxvbmUg Zm9yIGNsaWVudCBhdXRoZW50aWNhdGlvbi4gIFRoZSBjbGllbnQgaWRlbnRpZmllciBpcyB1bmlx dWUgdG8KICAgdGhlIGF1dGhvcml6YXRpb24gc2VydmVyLgoKICAgVGhlIGNsaWVudCBpZGVudGlm aWVyIHN0cmluZyBzaXplIGlzIGxlZnQgdW5kZWZpbmVkIGJ5IHRoaXMKICAgc3BlY2lmaWNhdGlv bi4gIFRoZSBjbGllbnQgc2hvdWxkIGF2b2lkIG1ha2luZyBhc3N1bXB0aW9ucyBhYm91dCB0aGUK ICAgaWRlbnRpZmllciBzaXplLiAgVGhlIGF1dGhvcml6YXRpb24gc2VydmVyIFNIT1VMRCBkb2N1 bWVudCB0aGUgc2l6ZQogICBvZiBhbnkgaWRlbnRpZmllciBpdCBpc3N1ZXMuCgoyLjMuICBDbGll bnQgQXV0aGVudGljYXRpb24KCiAgIElmIHRoZSBjbGllbnQgdHlwZSBpcyBjb25maWRlbnRpYWws IHRoZSBjbGllbnQgYW5kIGF1dGhvcml6YXRpb24KICAgc2VydmVyIGVzdGFibGlzaCBhIGNsaWVu dCBhdXRoZW50aWNhdGlvbiBtZXRob2Qgc3VpdGFibGUgZm9yIHRoZQogICBzZWN1cml0eSByZXF1 aXJlbWVudHMgb2YgdGhlIGF1dGhvcml6YXRpb24gc2VydmVyLiAgVGhlIGF1dGhvcml6YXRpb24K ICAgc2VydmVyIE1BWSBhY2NlcHQgYW55IGZvcm0gb2YgY2xpZW50IGF1dGhlbnRpY2F0aW9uIG1l ZXRpbmcgaXRzCiAgIHNlY3VyaXR5IHJlcXVpcmVtZW50cy4KCiAgIENvbmZpZGVudGlhbCBjbGll bnRzIGFyZSB0eXBpY2FsbHkgaXNzdWVkIChvciBlc3RhYmxpc2gpIGEgc2V0IG9mCiAgIGNsaWVu dCBjcmVkZW50aWFscyB1c2VkIGZvciBhdXRoZW50aWNhdGluZyB3aXRoIHRoZSBhdXRob3JpemF0 aW9uCiAgIHNlcnZlciAoZS5nLiBwYXNzd29yZCwgcHVibGljL3ByaXZhdGUga2V5IHBhaXIpLgoK ICAgVGhlIGF1dGhvcml6YXRpb24gc2VydmVyIE1BWSBlc3RhYmxpc2ggYSBjbGllbnQgYXV0aGVu dGljYXRpb24gbWV0aG9kCiAgIHdpdGggcHVibGljIGNsaWVudHMuICBIb3dldmVyLCB0aGUgYXV0 aG9yaXphdGlvbiBzZXJ2ZXIgTVVTVCBOT1QgcmVseQogICBvbiBwdWJsaWMgY2xpZW50IGF1dGhl bnRpY2F0aW9uIGZvciB0aGUgcHVycG9zZSBvZiBpZGVudGlmeWluZyB0aGUKICAgY2xpZW50LgoK ICAgVGhlIGNsaWVudCBNVVNUIE5PVCB1c2UgbW9yZSB0aGFuIG9uZSBhdXRoZW50aWNhdGlvbiBt ZXRob2QgaW4gZWFjaAogICByZXF1ZXN0LgoKMi4zLjEuICBDbGllbnQgUGFzc3dvcmQKCiAgIENs aWVudHMgaW4gcG9zc2Vzc2lvbiBvZiBhIGNsaWVudCBwYXNzd29yZCBNQVkgdXNlIHRoZSBIVFRQ IEJhc2ljCiAgIGF1dGhlbnRpY2F0aW9uIHNjaGVtZSBhcyBkZWZpbmVkIGluIFtSRkMyNjE3XSB0 byBhdXRoZW50aWNhdGUgd2l0aAogICB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIuICBUaGUgY2xp ZW50IGlkZW50aWZpZXIgaXMgZW5jb2RlZCB1c2luZyB0aGUKICAgImFwcGxpY2F0aW9uL3gtd3d3 LWZvcm0tdXJsZW5jb2RlZCIgZW5jb2RpbmcgYWxnb3JpdGhtIGRlZmluZWQgYnkKCgoKSGFyZHQg JiBSZWNvcmRvbiAgICAgICAgRXhwaXJlcyBKYW51YXJ5IDEwLCAyMDEzICAgICAgICAgICAgICAg W1BhZ2UgMTVdCgwKSW50ZXJuZXQtRHJhZnQgICAgICAgICAgICAgICAgICBPQXV0aCAyLjAgICAg ICAgICAgICAgICAgICAgICAgSnVseSAyMDEyCgoKICAgSFRNTCA0LjAxIFtXM0MuUkVDLWh0bWw0 MDEtMTk5OTEyMjRdIGFuZCB0aGUgZW5jb2RlZCB2YWx1ZSBpcyB1c2VkIGFzCiAgIHRoZSB1c2Vy bmFtZTsgdGhlIGNsaWVudCBwYXNzd29yZCBpcyBlbmNvZGVkIHVzaW5nIHRoZSBzYW1lIGFsZ29y aXRobQogICBhbmQgdXNlZCBhcyB0aGUgcGFzc3dvcmQuICBUaGUgYXV0aG9yaXphdGlvbiBzZXJ2 ZXIgTVVTVCBzdXBwb3J0IHRoZQogICBIVFRQIEJhc2ljIGF1dGhlbnRpY2F0aW9uIHNjaGVtZSBm b3IgYXV0aGVudGljYXRpbmcgY2xpZW50cyB0aGF0IHdlcmUKICAgaXNzdWVkIGEgY2xpZW50IHBh c3N3b3JkLgoKICAgRm9yIGV4YW1wbGUgKGV4dHJhIGxpbmUgYnJlYWtzIGFyZSBmb3IgZGlzcGxh eSBwdXJwb3NlcyBvbmx5KToKCiAgICAgQXV0aG9yaXphdGlvbjogQmFzaWMgY3paQ2FHUlNhM0Yw TXpvM1JtcG1jREJhUW5JeFMzUkVVbUp1Wmxaa2JVbDMKCiAgIEFsdGVybmF0aXZlbHksIHRoZSBh dXRob3JpemF0aW9uIHNlcnZlciBNQVkgc3VwcG9ydCBpbmNsdWRpbmcgdGhlCiAgIGNsaWVudCBj cmVkZW50aWFscyBpbiB0aGUgcmVxdWVzdCBib2R5IHVzaW5nIHRoZSBmb2xsb3dpbmcKICAgcGFy YW1ldGVyczoKCiAgIGNsaWVudF9pZAogICAgICAgICBSRVFVSVJFRC4gIFRoZSBjbGllbnQgaWRl bnRpZmllciBpc3N1ZWQgdG8gdGhlIGNsaWVudCBkdXJpbmcKICAgICAgICAgdGhlIHJlZ2lzdHJh dGlvbiBwcm9jZXNzIGRlc2NyaWJlZCBieSBTZWN0aW9uIDIuMi4KICAgY2xpZW50X3NlY3JldAog ICAgICAgICBSRVFVSVJFRC4gIFRoZSBjbGllbnQgc2VjcmV0LiAgVGhlIGNsaWVudCBNQVkgb21p dCB0aGUKICAgICAgICAgcGFyYW1ldGVyIGlmIHRoZSBjbGllbnQgc2VjcmV0IGlzIGFuIGVtcHR5 IHN0cmluZy4KCiAgIEluY2x1ZGluZyB0aGUgY2xpZW50IGNyZWRlbnRpYWxzIGluIHRoZSByZXF1 ZXN0IGJvZHkgdXNpbmcgdGhlIHR3bwogICBwYXJhbWV0ZXJzIGlzIE5PVCBSRUNPTU1FTkRFRCwg YW5kIFNIT1VMRCBiZSBsaW1pdGVkIHRvIGNsaWVudHMKICAgdW5hYmxlIHRvIGRpcmVjdGx5IHV0 aWxpemUgdGhlIEhUVFAgQmFzaWMgYXV0aGVudGljYXRpb24gc2NoZW1lIChvcgogICBvdGhlciBw YXNzd29yZC1iYXNlZCBIVFRQIGF1dGhlbnRpY2F0aW9uIHNjaGVtZXMpLiAgVGhlIHBhcmFtZXRl cnMKICAgY2FuIG9ubHkgYmUgdHJhbnNtaXR0ZWQgaW4gdGhlIHJlcXVlc3QgYm9keSBhbmQgTVVT VCBOT1QgYmUgaW5jbHVkZWQKICAgaW4gdGhlIHJlcXVlc3QgVVJJLgoKICAgRm9yIGV4YW1wbGUs IHJlcXVlc3RpbmcgdG8gcmVmcmVzaCBhbiBhY2Nlc3MgdG9rZW4gKFNlY3Rpb24gNikgdXNpbmcK ICAgdGhlIGJvZHkgcGFyYW1ldGVycyAoZXh0cmEgbGluZSBicmVha3MgYXJlIGZvciBkaXNwbGF5 IHB1cnBvc2VzCiAgIG9ubHkpOgoKICAgICBQT1NUIC90b2tlbiBIVFRQLzEuMQogICAgIEhvc3Q6 IHNlcnZlci5leGFtcGxlLmNvbQogICAgIENvbnRlbnQtVHlwZTogYXBwbGljYXRpb24veC13d3ct Zm9ybS11cmxlbmNvZGVkCgogICAgIGdyYW50X3R5cGU9cmVmcmVzaF90b2tlbiZyZWZyZXNoX3Rv a2VuPXRHenYzSk9rRjBYRzVReDJUbEtXSUEKICAgICAmY2xpZW50X2lkPXM2QmhkUmtxdDMmY2xp ZW50X3NlY3JldD03RmpmcDBaQnIxS3REUmJuZlZkbUl3CgogICBUaGUgYXV0aG9yaXphdGlvbiBz ZXJ2ZXIgTVVTVCByZXF1aXJlIHRoZSB1c2Ugb2YgVExTIGFzIGRlc2NyaWJlZCBpbgogICBTZWN0 aW9uIDEuNiB3aGVuIHNlbmRpbmcgcmVxdWVzdHMgdXNpbmcgcGFzc3dvcmQgYXV0aGVudGljYXRp b24uCgogICBTaW5jZSB0aGlzIGNsaWVudCBhdXRoZW50aWNhdGlvbiBtZXRob2QgaW52b2x2ZXMg YSBwYXNzd29yZCwgdGhlCiAgIGF1dGhvcml6YXRpb24gc2VydmVyIE1VU1QgcHJvdGVjdCBhbnkg ZW5kcG9pbnQgdXRpbGl6aW5nIGl0IGFnYWluc3QKICAgYnJ1dGUgZm9yY2UgYXR0YWNrcy4KCgoK CgoKSGFyZHQgJiBSZWNvcmRvbiAgICAgICAgRXhwaXJlcyBKYW51YXJ5IDEwLCAyMDEzICAgICAg ICAgICAgICAgW1BhZ2UgMTZdCgwKSW50ZXJuZXQtRHJhZnQgICAgICAgICAgICAgICAgICBPQXV0 aCAyLjAgICAgICAgICAgICAgICAgICAgICAgSnVseSAyMDEyCgoKMi4zLjIuICBPdGhlciBBdXRo ZW50aWNhdGlvbiBNZXRob2RzCgogICBUaGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgTUFZIHN1cHBv cnQgYW55IHN1aXRhYmxlIEhUVFAgYXV0aGVudGljYXRpb24KICAgc2NoZW1lIG1hdGNoaW5nIGl0 cyBzZWN1cml0eSByZXF1aXJlbWVudHMuICBXaGVuIHVzaW5nIG90aGVyCiAgIGF1dGhlbnRpY2F0 aW9uIG1ldGhvZHMsIHRoZSBhdXRob3JpemF0aW9uIHNlcnZlciBNVVNUIGRlZmluZSBhCiAgIG1h cHBpbmcgYmV0d2VlbiB0aGUgY2xpZW50IGlkZW50aWZpZXIgKHJlZ2lzdHJhdGlvbiByZWNvcmQp IGFuZAogICBhdXRoZW50aWNhdGlvbiBzY2hlbWUuCgoyLjQuICBVbnJlZ2lzdGVyZWQgQ2xpZW50 cwoKICAgVGhpcyBzcGVjaWZpY2F0aW9uIGRvZXMgbm90IGV4Y2x1ZGUgdGhlIHVzZSBvZiB1bnJl Z2lzdGVyZWQgY2xpZW50cy4KICAgSG93ZXZlciwgdGhlIHVzZSB3aXRoIHN1Y2ggY2xpZW50cyBp cyBiZXlvbmQgdGhlIHNjb3BlIG9mIHRoaXMKICAgc3BlY2lmaWNhdGlvbiwgYW5kIHJlcXVpcmVz IGFkZGl0aW9uYWwgc2VjdXJpdHkgYW5hbHlzaXMgYW5kIHJldmlldwogICBvZiBpdHMgaW50ZXJv cGVyYWJpbGl0eSBpbXBhY3QuCgoKMy4gIFByb3RvY29sIEVuZHBvaW50cwoKICAgVGhlIGF1dGhv cml6YXRpb24gcHJvY2VzcyB1dGlsaXplcyB0d28gYXV0aG9yaXphdGlvbiBzZXJ2ZXIgZW5kcG9p bnRzCiAgIChIVFRQIHJlc291cmNlcyk6CgogICBvICBBdXRob3JpemF0aW9uIGVuZHBvaW50IC0g dXNlZCBieSB0aGUgY2xpZW50IHRvIG9idGFpbgogICAgICBhdXRob3JpemF0aW9uIGZyb20gdGhl IHJlc291cmNlIG93bmVyIHZpYSB1c2VyLWFnZW50IHJlZGlyZWN0aW9uLgogICBvICBUb2tlbiBl bmRwb2ludCAtIHVzZWQgYnkgdGhlIGNsaWVudCB0byBleGNoYW5nZSBhbiBhdXRob3JpemF0aW9u CiAgICAgIGdyYW50IGZvciBhbiBhY2Nlc3MgdG9rZW4sIHR5cGljYWxseSB3aXRoIGNsaWVudCBh dXRoZW50aWNhdGlvbi4KCiAgIEFzIHdlbGwgYXMgb25lIGNsaWVudCBlbmRwb2ludDoKCiAgIG8g IFJlZGlyZWN0aW9uIGVuZHBvaW50IC0gdXNlZCBieSB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIg dG8gcmV0dXJuCiAgICAgIGF1dGhvcml6YXRpb24gY3JlZGVudGlhbHMgcmVzcG9uc2VzIHRvIHRo ZSBjbGllbnQgdmlhIHRoZSByZXNvdXJjZQogICAgICBvd25lciB1c2VyLWFnZW50LgoKICAgTm90 IGV2ZXJ5IGF1dGhvcml6YXRpb24gZ3JhbnQgdHlwZSB1dGlsaXplcyBib3RoIGVuZHBvaW50cy4K ICAgRXh0ZW5zaW9uIGdyYW50IHR5cGVzIE1BWSBkZWZpbmUgYWRkaXRpb25hbCBlbmRwb2ludHMg YXMgbmVlZGVkLgoKMy4xLiAgQXV0aG9yaXphdGlvbiBFbmRwb2ludAoKICAgVGhlIGF1dGhvcml6 YXRpb24gZW5kcG9pbnQgaXMgdXNlZCB0byBpbnRlcmFjdCB3aXRoIHRoZSByZXNvdXJjZQogICBv d25lciBhbmQgb2J0YWluIGFuIGF1dGhvcml6YXRpb24gZ3JhbnQuICBUaGUgYXV0aG9yaXphdGlv biBzZXJ2ZXIKICAgTVVTVCBmaXJzdCB2ZXJpZnkgdGhlIGlkZW50aXR5IG9mIHRoZSByZXNvdXJj ZSBvd25lci4gIFRoZSB3YXkgaW4KICAgd2hpY2ggdGhlIGF1dGhvcml6YXRpb24gc2VydmVyIGF1 dGhlbnRpY2F0ZXMgdGhlIHJlc291cmNlIG93bmVyIChlLmcuCiAgIHVzZXJuYW1lIGFuZCBwYXNz d29yZCBsb2dpbiwgc2Vzc2lvbiBjb29raWVzKSBpcyBiZXlvbmQgdGhlIHNjb3BlIG9mCiAgIHRo aXMgc3BlY2lmaWNhdGlvbi4KCiAgIFRoZSBtZWFucyB0aHJvdWdoIHdoaWNoIHRoZSBjbGllbnQg b2J0YWlucyB0aGUgbG9jYXRpb24gb2YgdGhlCiAgIGF1dGhvcml6YXRpb24gZW5kcG9pbnQgYXJl IGJleW9uZCB0aGUgc2NvcGUgb2YgdGhpcyBzcGVjaWZpY2F0aW9uLAogICBidXQgdGhlIGxvY2F0 aW9uIGlzIHR5cGljYWxseSBwcm92aWRlZCBpbiB0aGUgc2VydmljZSBkb2N1bWVudGF0aW9uLgoK CgoKSGFyZHQgJiBSZWNvcmRvbiAgICAgICAgRXhwaXJlcyBKYW51YXJ5IDEwLCAyMDEzICAgICAg ICAgICAgICAgW1BhZ2UgMTddCgwKSW50ZXJuZXQtRHJhZnQgICAgICAgICAgICAgICAgICBPQXV0 aCAyLjAgICAgICAgICAgICAgICAgICAgICAgSnVseSAyMDEyCgoKICAgVGhlIGVuZHBvaW50IFVS SSBNQVkgaW5jbHVkZSBhbiAiYXBwbGljYXRpb24veC13d3ctZm9ybS11cmxlbmNvZGVkIgogICBm b3JtYXR0ZWQgKFtXM0MuUkVDLWh0bWw0MDEtMTk5OTEyMjRdKSBxdWVyeSBjb21wb25lbnQgKFtS RkMzOTg2XQogICBzZWN0aW9uIDMuNCksIHdoaWNoIE1VU1QgYmUgcmV0YWluZWQgd2hlbiBhZGRp bmcgYWRkaXRpb25hbCBxdWVyeQogICBwYXJhbWV0ZXJzLiAgVGhlIGVuZHBvaW50IFVSSSBNVVNU IE5PVCBpbmNsdWRlIGEgZnJhZ21lbnQgY29tcG9uZW50LgoKICAgU2luY2UgcmVxdWVzdHMgdG8g dGhlIGF1dGhvcml6YXRpb24gZW5kcG9pbnQgcmVzdWx0IGluIHVzZXIKICAgYXV0aGVudGljYXRp b24gYW5kIHRoZSB0cmFuc21pc3Npb24gb2YgY2xlYXItdGV4dCBjcmVkZW50aWFscyAoaW4gdGhl CiAgIEhUVFAgcmVzcG9uc2UpLCB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgTVVTVCByZXF1aXJl IHRoZSB1c2Ugb2YgVExTCiAgIGFzIGRlc2NyaWJlZCBpbiBTZWN0aW9uIDEuNiB3aGVuIHNlbmRp bmcgcmVxdWVzdHMgdG8gdGhlCiAgIGF1dGhvcml6YXRpb24gZW5kcG9pbnQuCgogICBUaGUgYXV0 aG9yaXphdGlvbiBzZXJ2ZXIgTVVTVCBzdXBwb3J0IHRoZSB1c2Ugb2YgdGhlIEhUVFAgIkdFVCIK ICAgbWV0aG9kIFtSRkMyNjE2XSBmb3IgdGhlIGF1dGhvcml6YXRpb24gZW5kcG9pbnQsIGFuZCBN QVkgc3VwcG9ydCB0aGUKICAgdXNlIG9mIHRoZSAiUE9TVCIgbWV0aG9kIGFzIHdlbGwuCgogICBQ YXJhbWV0ZXJzIHNlbnQgd2l0aG91dCBhIHZhbHVlIE1VU1QgYmUgdHJlYXRlZCBhcyBpZiB0aGV5 IHdlcmUKICAgb21pdHRlZCBmcm9tIHRoZSByZXF1ZXN0LiAgVGhlIGF1dGhvcml6YXRpb24gc2Vy dmVyIE1VU1QgaWdub3JlCiAgIHVucmVjb2duaXplZCByZXF1ZXN0IHBhcmFtZXRlcnMuICBSZXF1 ZXN0IGFuZCByZXNwb25zZSBwYXJhbWV0ZXJzCiAgIE1VU1QgTk9UIGJlIGluY2x1ZGVkIG1vcmUg dGhhbiBvbmNlLgoKMy4xLjEuICBSZXNwb25zZSBUeXBlCgogICBUaGUgYXV0aG9yaXphdGlvbiBl bmRwb2ludCBpcyB1c2VkIGJ5IHRoZSBhdXRob3JpemF0aW9uIGNvZGUgZ3JhbnQKICAgdHlwZSBh bmQgaW1wbGljaXQgZ3JhbnQgdHlwZSBmbG93cy4gIFRoZSBjbGllbnQgaW5mb3JtcyB0aGUKICAg YXV0aG9yaXphdGlvbiBzZXJ2ZXIgb2YgdGhlIGRlc2lyZWQgZ3JhbnQgdHlwZSB1c2luZyB0aGUg Zm9sbG93aW5nCiAgIHBhcmFtZXRlcjoKCiAgIHJlc3BvbnNlX3R5cGUKICAgICAgICAgUkVRVUlS RUQuICBUaGUgdmFsdWUgTVVTVCBiZSBvbmUgb2YgImNvZGUiIGZvciByZXF1ZXN0aW5nIGFuCiAg ICAgICAgIGF1dGhvcml6YXRpb24gY29kZSBhcyBkZXNjcmliZWQgYnkgU2VjdGlvbiA0LjEuMSwg InRva2VuIiBmb3IKICAgICAgICAgcmVxdWVzdGluZyBhbiBhY2Nlc3MgdG9rZW4gKGltcGxpY2l0 IGdyYW50KSBhcyBkZXNjcmliZWQgYnkKICAgICAgICAgU2VjdGlvbiA0LjIuMSwgb3IgYSByZWdp c3RlcmVkIGV4dGVuc2lvbiB2YWx1ZSBhcyBkZXNjcmliZWQgYnkKICAgICAgICAgU2VjdGlvbiA4 LjQuCgogICBFeHRlbnNpb24gcmVzcG9uc2UgdHlwZXMgTUFZIGNvbnRhaW4gYSBzcGFjZS1kZWxp bWl0ZWQgKCV4MjApIGxpc3Qgb2YKICAgdmFsdWVzLCB3aGVyZSB0aGUgb3JkZXIgb2YgdmFsdWVz IGRvZXMgbm90IG1hdHRlciAoZS5nLiByZXNwb25zZSB0eXBlCiAgICJhIGIiIGlzIHRoZSBzYW1l IGFzICJiIGEiKS4gIFRoZSBtZWFuaW5nIG9mIHN1Y2ggY29tcG9zaXRlIHJlc3BvbnNlCiAgIHR5 cGVzIGlzIGRlZmluZWQgYnkgdGhlaXIgcmVzcGVjdGl2ZSBzcGVjaWZpY2F0aW9ucy4KCiAgIElm IGFuIGF1dGhvcml6YXRpb24gcmVxdWVzdCBpcyBtaXNzaW5nIHRoZSAicmVzcG9uc2VfdHlwZSIg cGFyYW1ldGVyLAogICBvciBpZiB0aGUgcmVzcG9uc2UgdHlwZSBpcyBub3QgdW5kZXJzdG9vZCwg dGhlIGF1dGhvcml6YXRpb24gc2VydmVyCiAgIE1VU1QgcmV0dXJuIGFuIGVycm9yIHJlc3BvbnNl IGFzIGRlc2NyaWJlZCBpbiBTZWN0aW9uIDQuMS4yLjEuCgozLjEuMi4gIFJlZGlyZWN0aW9uIEVu ZHBvaW50CgogICBBZnRlciBjb21wbGV0aW5nIGl0cyBpbnRlcmFjdGlvbiB3aXRoIHRoZSByZXNv dXJjZSBvd25lciwgdGhlCiAgIGF1dGhvcml6YXRpb24gc2VydmVyIGRpcmVjdHMgdGhlIHJlc291 cmNlIG93bmVyJ3MgdXNlci1hZ2VudCBiYWNrIHRvCiAgIHRoZSBjbGllbnQuICBUaGUgYXV0aG9y aXphdGlvbiBzZXJ2ZXIgcmVkaXJlY3RzIHRoZSB1c2VyLWFnZW50IHRvIHRoZQoKCgpIYXJkdCAm IFJlY29yZG9uICAgICAgICBFeHBpcmVzIEphbnVhcnkgMTAsIDIwMTMgICAgICAgICAgICAgICBb UGFnZSAxOF0KDApJbnRlcm5ldC1EcmFmdCAgICAgICAgICAgICAgICAgIE9BdXRoIDIuMCAgICAg ICAgICAgICAgICAgICAgICBKdWx5IDIwMTIKCgogICBjbGllbnQncyByZWRpcmVjdGlvbiBlbmRw b2ludCBwcmV2aW91c2x5IGVzdGFibGlzaGVkIHdpdGggdGhlCiAgIGF1dGhvcml6YXRpb24gc2Vy dmVyIGR1cmluZyB0aGUgY2xpZW50IHJlZ2lzdHJhdGlvbiBwcm9jZXNzIG9yIHdoZW4KICAgbWFr aW5nIHRoZSBhdXRob3JpemF0aW9uIHJlcXVlc3QuCgogICBUaGUgcmVkaXJlY3Rpb24gZW5kcG9p bnQgVVJJIE1VU1QgYmUgYW4gYWJzb2x1dGUgVVJJIGFzIGRlZmluZWQgYnkKICAgW1JGQzM5ODZd IHNlY3Rpb24gNC4zLiAgVGhlIGVuZHBvaW50IFVSSSBNQVkgaW5jbHVkZSBhbgogICAiYXBwbGlj YXRpb24veC13d3ctZm9ybS11cmxlbmNvZGVkIiBmb3JtYXR0ZWQKICAgKFtXM0MuUkVDLWh0bWw0 MDEtMTk5OTEyMjRdKSBxdWVyeSBjb21wb25lbnQgKFtSRkMzOTg2XSBzZWN0aW9uIDMuNCksCiAg IHdoaWNoIE1VU1QgYmUgcmV0YWluZWQgd2hlbiBhZGRpbmcgYWRkaXRpb25hbCBxdWVyeSBwYXJh bWV0ZXJzLiAgVGhlCiAgIGVuZHBvaW50IFVSSSBNVVNUIE5PVCBpbmNsdWRlIGEgZnJhZ21lbnQg Y29tcG9uZW50LgoKMy4xLjIuMS4gIEVuZHBvaW50IFJlcXVlc3QgQ29uZmlkZW50aWFsaXR5Cgog ICBUaGUgcmVkaXJlY3Rpb24gZW5kcG9pbnQgU0hPVUxEIHJlcXVpcmUgdGhlIHVzZSBvZiBUTFMg YXMgZGVzY3JpYmVkCiAgIGluIFNlY3Rpb24gMS42IHdoZW4gdGhlIHJlcXVlc3RlZCByZXNwb25z ZSB0eXBlIGlzICJjb2RlIiBvciAidG9rZW4iLAogICBvciB3aGVuIHRoZSByZWRpcmVjdGlvbiBy ZXF1ZXN0IHdpbGwgcmVzdWx0IGluIHRoZSB0cmFuc21pc3Npb24gb2YKICAgc2Vuc2l0aXZlIGNy ZWRlbnRpYWxzIG92ZXIgYW4gb3BlbiBuZXR3b3JrLiAgVGhpcyBzcGVjaWZpY2F0aW9uIGRvZXMK ICAgbm90IG1hbmRhdGUgdGhlIHVzZSBvZiBUTFMgYmVjYXVzZSBhdCB0aGUgdGltZSBvZiB0aGlz IHdyaXRpbmcsCiAgIHJlcXVpcmluZyBjbGllbnRzIHRvIGRlcGxveSBUTFMgaXMgYSBzaWduaWZp Y2FudCBodXJkbGUgZm9yIG1hbnkKICAgY2xpZW50IGRldmVsb3BlcnMuICBJZiBUTFMgaXMgbm90 IGF2YWlsYWJsZSwgdGhlIGF1dGhvcml6YXRpb24gc2VydmVyCiAgIFNIT1VMRCB3YXJuIHRoZSBy ZXNvdXJjZSBvd25lciBhYm91dCB0aGUgaW5zZWN1cmUgZW5kcG9pbnQgcHJpb3IgdG8KICAgcmVk aXJlY3Rpb24gKGUuZy4gZGlzcGxheSBhIG1lc3NhZ2UgZHVyaW5nIHRoZSBhdXRob3JpemF0aW9u CiAgIHJlcXVlc3QpLgoKICAgTGFjayBvZiB0cmFuc3BvcnQtbGF5ZXIgc2VjdXJpdHkgY2FuIGhh dmUgYSBzZXZlcmUgaW1wYWN0IG9uIHRoZQogICBzZWN1cml0eSBvZiB0aGUgY2xpZW50IGFuZCB0 aGUgcHJvdGVjdGVkIHJlc291cmNlcyBpdCBpcyBhdXRob3JpemVkCiAgIHRvIGFjY2Vzcy4gIFRo ZSB1c2Ugb2YgdHJhbnNwb3J0LWxheWVyIHNlY3VyaXR5IGlzIHBhcnRpY3VsYXJseQogICBjcml0 aWNhbCB3aGVuIHRoZSBhdXRob3JpemF0aW9uIHByb2Nlc3MgaXMgdXNlZCBhcyBhIGZvcm0gb2YK ICAgZGVsZWdhdGVkIGVuZC11c2VyIGF1dGhlbnRpY2F0aW9uIGJ5IHRoZSBjbGllbnQgKGUuZy4g dGhpcmQtcGFydHkKICAgc2lnbi1pbiBzZXJ2aWNlKS4KCjMuMS4yLjIuICBSZWdpc3RyYXRpb24g UmVxdWlyZW1lbnRzCgogICBUaGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgTVVTVCByZXF1aXJlIHRo ZSBmb2xsb3dpbmcgY2xpZW50cyB0bwogICByZWdpc3RlciB0aGVpciByZWRpcmVjdGlvbiBlbmRw b2ludDoKCiAgIG8gIFB1YmxpYyBjbGllbnRzLgogICBvICBDb25maWRlbnRpYWwgY2xpZW50cyB1 dGlsaXppbmcgdGhlIGltcGxpY2l0IGdyYW50IHR5cGUuCgogICBUaGUgYXV0aG9yaXphdGlvbiBz ZXJ2ZXIgU0hPVUxEIHJlcXVpcmUgYWxsIGNsaWVudHMgdG8gcmVnaXN0ZXIgdGhlaXIKICAgcmVk aXJlY3Rpb24gZW5kcG9pbnQgcHJpb3IgdG8gdXRpbGl6aW5nIHRoZSBhdXRob3JpemF0aW9uIGVu ZHBvaW50LgoKICAgVGhlIGF1dGhvcml6YXRpb24gc2VydmVyIFNIT1VMRCByZXF1aXJlIHRoZSBj bGllbnQgdG8gcHJvdmlkZSB0aGUKICAgY29tcGxldGUgcmVkaXJlY3Rpb24gVVJJICh0aGUgY2xp ZW50IE1BWSB1c2UgdGhlICJzdGF0ZSIgcmVxdWVzdAogICBwYXJhbWV0ZXIgdG8gYWNoaWV2ZSBw ZXItcmVxdWVzdCBjdXN0b21pemF0aW9uKS4gIElmIHJlcXVpcmluZyB0aGUKICAgcmVnaXN0cmF0 aW9uIG9mIHRoZSBjb21wbGV0ZSByZWRpcmVjdGlvbiBVUkkgaXMgbm90IHBvc3NpYmxlLCB0aGUK ICAgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgU0hPVUxEIHJlcXVpcmUgdGhlIHJlZ2lzdHJhdGlvbiBv ZiB0aGUgVVJJCiAgIHNjaGVtZSwgYXV0aG9yaXR5LCBhbmQgcGF0aCAoYWxsb3dpbmcgdGhlIGNs aWVudCB0byBkeW5hbWljYWxseSB2YXJ5CgoKCkhhcmR0ICYgUmVjb3Jkb24gICAgICAgIEV4cGly ZXMgSmFudWFyeSAxMCwgMjAxMyAgICAgICAgICAgICAgIFtQYWdlIDE5XQoMCkludGVybmV0LURy YWZ0ICAgICAgICAgICAgICAgICAgT0F1dGggMi4wICAgICAgICAgICAgICAgICAgICAgIEp1bHkg MjAxMgoKCiAgIG9ubHkgdGhlIHF1ZXJ5IGNvbXBvbmVudCBvZiB0aGUgcmVkaXJlY3Rpb24gVVJJ IHdoZW4gcmVxdWVzdGluZwogICBhdXRob3JpemF0aW9uKS4KCiAgIFRoZSBhdXRob3JpemF0aW9u IHNlcnZlciBNQVkgYWxsb3cgdGhlIGNsaWVudCB0byByZWdpc3RlciBtdWx0aXBsZQogICByZWRp cmVjdGlvbiBlbmRwb2ludHMuCgogICBMYWNrIG9mIGEgcmVkaXJlY3Rpb24gVVJJIHJlZ2lzdHJh dGlvbiByZXF1aXJlbWVudCBjYW4gZW5hYmxlIGFuCiAgIGF0dGFja2VyIHRvIHVzZSB0aGUgYXV0 aG9yaXphdGlvbiBlbmRwb2ludCBhcyBvcGVuIHJlZGlyZWN0b3IgYXMKICAgZGVzY3JpYmVkIGlu IFNlY3Rpb24gMTAuMTUuCgozLjEuMi4zLiAgRHluYW1pYyBDb25maWd1cmF0aW9uCgogICBJZiBt dWx0aXBsZSByZWRpcmVjdGlvbiBVUklzIGhhdmUgYmVlbiByZWdpc3RlcmVkLCBpZiBvbmx5IHBh cnQgb2YKICAgdGhlIHJlZGlyZWN0aW9uIFVSSSBoYXMgYmVlbiByZWdpc3RlcmVkLCBvciBpZiBu byByZWRpcmVjdGlvbiBVUkkgaGFzCiAgIGJlZW4gcmVnaXN0ZXJlZCwgdGhlIGNsaWVudCBNVVNU IGluY2x1ZGUgYSByZWRpcmVjdGlvbiBVUkkgd2l0aCB0aGUKICAgYXV0aG9yaXphdGlvbiByZXF1 ZXN0IHVzaW5nIHRoZSAicmVkaXJlY3RfdXJpIiByZXF1ZXN0IHBhcmFtZXRlci4KCiAgIFdoZW4g YSByZWRpcmVjdGlvbiBVUkkgaXMgaW5jbHVkZWQgaW4gYW4gYXV0aG9yaXphdGlvbiByZXF1ZXN0 LCB0aGUKICAgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgTVVTVCBjb21wYXJlIGFuZCBtYXRjaCB0aGUg dmFsdWUgcmVjZWl2ZWQKICAgYWdhaW5zdCBhdCBsZWFzdCBvbmUgb2YgdGhlIHJlZ2lzdGVyZWQg cmVkaXJlY3Rpb24gVVJJcyAob3IgVVJJCiAgIGNvbXBvbmVudHMpIGFzIGRlZmluZWQgaW4gW1JG QzM5ODZdIHNlY3Rpb24gNiwgaWYgYW55IHJlZGlyZWN0aW9uCiAgIFVSSXMgd2VyZSByZWdpc3Rl cmVkLiAgSWYgdGhlIGNsaWVudCByZWdpc3RyYXRpb24gaW5jbHVkZWQgdGhlIGZ1bGwKICAgcmVk aXJlY3Rpb24gVVJJLCB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgTVVTVCBjb21wYXJlIHRoZSB0 d28gVVJJcwogICB1c2luZyBzaW1wbGUgc3RyaW5nIGNvbXBhcmlzb24gYXMgZGVmaW5lZCBpbiBb UkZDMzk4Nl0gc2VjdGlvbiA2LjIuMS4KCjMuMS4yLjQuICBJbnZhbGlkIEVuZHBvaW50CgogICBJ ZiBhbiBhdXRob3JpemF0aW9uIHJlcXVlc3QgZmFpbHMgdmFsaWRhdGlvbiBkdWUgdG8gYSBtaXNz aW5nLAogICBpbnZhbGlkLCBvciBtaXNtYXRjaGluZyByZWRpcmVjdGlvbiBVUkksIHRoZSBhdXRo b3JpemF0aW9uIHNlcnZlcgogICBTSE9VTEQgaW5mb3JtIHRoZSByZXNvdXJjZSBvd25lciBvZiB0 aGUgZXJyb3IsIGFuZCBNVVNUIE5PVAogICBhdXRvbWF0aWNhbGx5IHJlZGlyZWN0IHRoZSB1c2Vy LWFnZW50IHRvIHRoZSBpbnZhbGlkIHJlZGlyZWN0aW9uIFVSSS4KCjMuMS4yLjUuICBFbmRwb2lu dCBDb250ZW50CgogICBUaGUgcmVkaXJlY3Rpb24gcmVxdWVzdCB0byB0aGUgY2xpZW50J3MgZW5k cG9pbnQgdHlwaWNhbGx5IHJlc3VsdHMgaW4KICAgYW4gSFRNTCBkb2N1bWVudCByZXNwb25zZSwg cHJvY2Vzc2VkIGJ5IHRoZSB1c2VyLWFnZW50LiAgSWYgdGhlIEhUTUwKICAgcmVzcG9uc2UgaXMg c2VydmVkIGRpcmVjdGx5IGFzIHRoZSByZXN1bHQgb2YgdGhlIHJlZGlyZWN0aW9uIHJlcXVlc3Qs CiAgIGFueSBzY3JpcHQgaW5jbHVkZWQgaW4gdGhlIEhUTUwgZG9jdW1lbnQgd2lsbCBleGVjdXRl IHdpdGggZnVsbAogICBhY2Nlc3MgdG8gdGhlIHJlZGlyZWN0aW9uIFVSSSBhbmQgdGhlIGNyZWRl bnRpYWxzIGl0IGNvbnRhaW5zLgoKICAgVGhlIGNsaWVudCBTSE9VTEQgTk9UIGluY2x1ZGUgYW55 IHRoaXJkLXBhcnR5IHNjcmlwdHMgKGUuZy4gdGhpcmQtCiAgIHBhcnR5IGFuYWx5dGljcywgc29j aWFsIHBsdWctaW5zLCBhZCBuZXR3b3JrcykgaW4gdGhlIHJlZGlyZWN0aW9uCiAgIGVuZHBvaW50 IHJlc3BvbnNlLiAgSW5zdGVhZCwgaXQgU0hPVUxEIGV4dHJhY3QgdGhlIGNyZWRlbnRpYWxzIGZy b20KICAgdGhlIFVSSSBhbmQgcmVkaXJlY3QgdGhlIHVzZXItYWdlbnQgYWdhaW4gdG8gYW5vdGhl ciBlbmRwb2ludCB3aXRob3V0CiAgIGV4cG9zaW5nIHRoZSBjcmVkZW50aWFscyAoaW4gdGhlIFVS SSBvciBlbHNld2hlcmUpLiAgSWYgdGhpcmQtcGFydHkKICAgc2NyaXB0cyBhcmUgaW5jbHVkZWQs IHRoZSBjbGllbnQgTVVTVCBlbnN1cmUgdGhhdCBpdHMgb3duIHNjcmlwdHMKICAgKHVzZWQgdG8g ZXh0cmFjdCBhbmQgcmVtb3ZlIHRoZSBjcmVkZW50aWFscyBmcm9tIHRoZSBVUkkpIHdpbGwKICAg ZXhlY3V0ZSBmaXJzdC4KCgoKSGFyZHQgJiBSZWNvcmRvbiAgICAgICAgRXhwaXJlcyBKYW51YXJ5 IDEwLCAyMDEzICAgICAgICAgICAgICAgW1BhZ2UgMjBdCgwKSW50ZXJuZXQtRHJhZnQgICAgICAg ICAgICAgICAgICBPQXV0aCAyLjAgICAgICAgICAgICAgICAgICAgICAgSnVseSAyMDEyCgoKMy4y LiAgVG9rZW4gRW5kcG9pbnQKCiAgIFRoZSB0b2tlbiBlbmRwb2ludCBpcyB1c2VkIGJ5IHRoZSBj bGllbnQgdG8gb2J0YWluIGFuIGFjY2VzcyB0b2tlbiBieQogICBwcmVzZW50aW5nIGl0cyBhdXRo b3JpemF0aW9uIGdyYW50IG9yIHJlZnJlc2ggdG9rZW4uICBUaGUgdG9rZW4KICAgZW5kcG9pbnQg aXMgdXNlZCB3aXRoIGV2ZXJ5IGF1dGhvcml6YXRpb24gZ3JhbnQgZXhjZXB0IGZvciB0aGUKICAg aW1wbGljaXQgZ3JhbnQgdHlwZSAoc2luY2UgYW4gYWNjZXNzIHRva2VuIGlzIGlzc3VlZCBkaXJl Y3RseSkuCgogICBUaGUgbWVhbnMgdGhyb3VnaCB3aGljaCB0aGUgY2xpZW50IG9idGFpbnMgdGhl IGxvY2F0aW9uIG9mIHRoZSB0b2tlbgogICBlbmRwb2ludCBhcmUgYmV5b25kIHRoZSBzY29wZSBv ZiB0aGlzIHNwZWNpZmljYXRpb24gYnV0IGlzIHR5cGljYWxseQogICBwcm92aWRlZCBpbiB0aGUg c2VydmljZSBkb2N1bWVudGF0aW9uLgoKICAgVGhlIGVuZHBvaW50IFVSSSBNQVkgaW5jbHVkZSBh biAiYXBwbGljYXRpb24veC13d3ctZm9ybS11cmxlbmNvZGVkIgogICBmb3JtYXR0ZWQgKFtXM0Mu UkVDLWh0bWw0MDEtMTk5OTEyMjRdKSBxdWVyeSBjb21wb25lbnQgKFtSRkMzOTg2XQogICBzZWN0 aW9uIDMuNCksIHdoaWNoIE1VU1QgYmUgcmV0YWluZWQgd2hlbiBhZGRpbmcgYWRkaXRpb25hbCBx dWVyeQogICBwYXJhbWV0ZXJzLiAgVGhlIGVuZHBvaW50IFVSSSBNVVNUIE5PVCBpbmNsdWRlIGEg ZnJhZ21lbnQgY29tcG9uZW50LgoKICAgU2luY2UgcmVxdWVzdHMgdG8gdGhlIHRva2VuIGVuZHBv aW50IHJlc3VsdCBpbiB0aGUgdHJhbnNtaXNzaW9uIG9mCiAgIGNsZWFyLXRleHQgY3JlZGVudGlh bHMgKGluIHRoZSBIVFRQIHJlcXVlc3QgYW5kIHJlc3BvbnNlKSwgdGhlCiAgIGF1dGhvcml6YXRp b24gc2VydmVyIE1VU1QgcmVxdWlyZSB0aGUgdXNlIG9mIFRMUyBhcyBkZXNjcmliZWQgaW4KICAg U2VjdGlvbiAxLjYgd2hlbiBzZW5kaW5nIHJlcXVlc3RzIHRvIHRoZSB0b2tlbiBlbmRwb2ludC4K CiAgIFRoZSBjbGllbnQgTVVTVCB1c2UgdGhlIEhUVFAgIlBPU1QiIG1ldGhvZCB3aGVuIG1ha2lu ZyBhY2Nlc3MgdG9rZW4KICAgcmVxdWVzdHMuCgogICBQYXJhbWV0ZXJzIHNlbnQgd2l0aG91dCBh IHZhbHVlIE1VU1QgYmUgdHJlYXRlZCBhcyBpZiB0aGV5IHdlcmUKICAgb21pdHRlZCBmcm9tIHRo ZSByZXF1ZXN0LiAgVGhlIGF1dGhvcml6YXRpb24gc2VydmVyIE1VU1QgaWdub3JlCiAgIHVucmVj b2duaXplZCByZXF1ZXN0IHBhcmFtZXRlcnMuICBSZXF1ZXN0IGFuZCByZXNwb25zZSBwYXJhbWV0 ZXJzCiAgIE1VU1QgTk9UIGJlIGluY2x1ZGVkIG1vcmUgdGhhbiBvbmNlLgoKMy4yLjEuICBDbGll bnQgQXV0aGVudGljYXRpb24KCiAgIENvbmZpZGVudGlhbCBjbGllbnRzIG9yIG90aGVyIGNsaWVu dHMgaXNzdWVkIGNsaWVudCBjcmVkZW50aWFscyBNVVNUCiAgIGF1dGhlbnRpY2F0ZSB3aXRoIHRo ZSBhdXRob3JpemF0aW9uIHNlcnZlciBhcyBkZXNjcmliZWQgaW4KICAgU2VjdGlvbiAyLjMgd2hl biBtYWtpbmcgcmVxdWVzdHMgdG8gdGhlIHRva2VuIGVuZHBvaW50LiAgQ2xpZW50CiAgIGF1dGhl bnRpY2F0aW9uIGlzIHVzZWQgZm9yOgoKICAgbyAgRW5mb3JjaW5nIHRoZSBiaW5kaW5nIG9mIHJl ZnJlc2ggdG9rZW5zIGFuZCBhdXRob3JpemF0aW9uIGNvZGVzIHRvCiAgICAgIHRoZSBjbGllbnQg dGhleSB3ZXJlIGlzc3VlZCB0by4gIENsaWVudCBhdXRoZW50aWNhdGlvbiBpcyBjcml0aWNhbAog ICAgICB3aGVuIGFuIGF1dGhvcml6YXRpb24gY29kZSBpcyB0cmFuc21pdHRlZCB0byB0aGUgcmVk aXJlY3Rpb24KICAgICAgZW5kcG9pbnQgb3ZlciBhbiBpbnNlY3VyZSBjaGFubmVsLCBvciB3aGVu IHRoZSByZWRpcmVjdGlvbiBVUkkgaGFzCiAgICAgIG5vdCBiZWVuIHJlZ2lzdGVyZWQgaW4gZnVs bC4KICAgbyAgUmVjb3ZlcmluZyBmcm9tIGEgY29tcHJvbWlzZWQgY2xpZW50IGJ5IGRpc2FibGlu ZyB0aGUgY2xpZW50IG9yCiAgICAgIGNoYW5naW5nIGl0cyBjcmVkZW50aWFscywgdGh1cyBwcmV2 ZW50aW5nIGFuIGF0dGFja2VyIGZyb20gYWJ1c2luZwogICAgICBzdG9sZW4gcmVmcmVzaCB0b2tl bnMuICBDaGFuZ2luZyBhIHNpbmdsZSBzZXQgb2YgY2xpZW50CiAgICAgIGNyZWRlbnRpYWxzIGlz IHNpZ25pZmljYW50bHkgZmFzdGVyIHRoYW4gcmV2b2tpbmcgYW4gZW50aXJlIHNldCBvZgogICAg ICByZWZyZXNoIHRva2Vucy4KCgoKCgpIYXJkdCAmIFJlY29yZG9uICAgICAgICBFeHBpcmVzIEph bnVhcnkgMTAsIDIwMTMgICAgICAgICAgICAgICBbUGFnZSAyMV0KDApJbnRlcm5ldC1EcmFmdCAg ICAgICAgICAgICAgICAgIE9BdXRoIDIuMCAgICAgICAgICAgICAgICAgICAgICBKdWx5IDIwMTIK CgogICBvICBJbXBsZW1lbnRpbmcgYXV0aGVudGljYXRpb24gbWFuYWdlbWVudCBiZXN0IHByYWN0 aWNlcyB3aGljaAogICAgICByZXF1aXJlIHBlcmlvZGljIGNyZWRlbnRpYWwgcm90YXRpb24uICBS b3RhdGlvbiBvZiBhbiBlbnRpcmUgc2V0CiAgICAgIG9mIHJlZnJlc2ggdG9rZW5zIGNhbiBiZSBj aGFsbGVuZ2luZywgd2hpbGUgcm90YXRpb24gb2YgYSBzaW5nbGUKICAgICAgc2V0IG9mIGNsaWVu dCBjcmVkZW50aWFscyBpcyBzaWduaWZpY2FudGx5IGVhc2llci4KCiAgIEEgcHVibGljIGNsaWVu dCB0aGF0IHdhcyBub3QgaXNzdWVkIGEgY2xpZW50IHBhc3N3b3JkIE1VU1QgdXNlIHRoZQogICAi Y2xpZW50X2lkIiByZXF1ZXN0IHBhcmFtZXRlciB0byBpZGVudGlmeSBpdHNlbGYgd2hlbiBzZW5k aW5nCiAgIHJlcXVlc3RzIHRvIHRoZSB0b2tlbiBlbmRwb2ludC4gIFRoaXMgYWxsb3dzIHRoZSBh dXRob3JpemF0aW9uIHNlcnZlcgogICB0byBlbnN1cmUgdGhhdCB0aGUgY29kZSB3YXMgaXNzdWVk IHRvIHRoZSBzYW1lIGNsaWVudC4gIFNlbmRpbmcKICAgImNsaWVudF9pZCIgcHJldmVudHMgdGhl IGNsaWVudCBmcm9tIGluYWR2ZXJ0ZW50bHkgYWNjZXB0aW5nIGEgY29kZQogICBpbnRlbmRlZCBm b3IgYSBjbGllbnQgd2l0aCBhIGRpZmZlcmVudCAiY2xpZW50X2lkIi4gIFRoaXMgcHJvdGVjdHMK ICAgdGhlIGNsaWVudCBmcm9tIHN1YnN0aXR1dGlvbiBvZiB0aGUgYXV0aGVudGljYXRpb24gY29k ZS4gIChJdAogICBwcm92aWRlcyBubyBhZGRpdGlvbmFsIHNlY3VyaXR5IGZvciB0aGUgcHJvdGVj dGVkIHJlc291cmNlLikKCjMuMy4gIEFjY2VzcyBUb2tlbiBTY29wZQoKICAgVGhlIGF1dGhvcml6 YXRpb24gYW5kIHRva2VuIGVuZHBvaW50cyBhbGxvdyB0aGUgY2xpZW50IHRvIHNwZWNpZnkgdGhl CiAgIHNjb3BlIG9mIHRoZSBhY2Nlc3MgcmVxdWVzdCB1c2luZyB0aGUgInNjb3BlIiByZXF1ZXN0 IHBhcmFtZXRlci4gIEluCiAgIHR1cm4sIHRoZSBhdXRob3JpemF0aW9uIHNlcnZlciB1c2VzIHRo ZSAic2NvcGUiIHJlc3BvbnNlIHBhcmFtZXRlciB0bwogICBpbmZvcm0gdGhlIGNsaWVudCBvZiB0 aGUgc2NvcGUgb2YgdGhlIGFjY2VzcyB0b2tlbiBpc3N1ZWQuCgogICBUaGUgdmFsdWUgb2YgdGhl IHNjb3BlIHBhcmFtZXRlciBpcyBleHByZXNzZWQgYXMgYSBsaXN0IG9mIHNwYWNlLQogICBkZWxp bWl0ZWQsIGNhc2Ugc2Vuc2l0aXZlIHN0cmluZ3MuICBUaGUgc3RyaW5ncyBhcmUgZGVmaW5lZCBi eSB0aGUKICAgYXV0aG9yaXphdGlvbiBzZXJ2ZXIuICBJZiB0aGUgdmFsdWUgY29udGFpbnMgbXVs dGlwbGUgc3BhY2UtZGVsaW1pdGVkCiAgIHN0cmluZ3MsIHRoZWlyIG9yZGVyIGRvZXMgbm90IG1h dHRlciwgYW5kIGVhY2ggc3RyaW5nIGFkZHMgYW4KICAgYWRkaXRpb25hbCBhY2Nlc3MgcmFuZ2Ug dG8gdGhlIHJlcXVlc3RlZCBzY29wZS4KCiAgICAgc2NvcGUgICAgICAgPSBzY29wZS10b2tlbiAq KCBTUCBzY29wZS10b2tlbiApCiAgICAgc2NvcGUtdG9rZW4gPSAxKiggJXgyMSAvICV4MjMtNUIg LyAleDVELTdFICkKCiAgIFRoZSBhdXRob3JpemF0aW9uIHNlcnZlciBNQVkgZnVsbHkgb3IgcGFy dGlhbGx5IGlnbm9yZSB0aGUgc2NvcGUKICAgcmVxdWVzdGVkIGJ5IHRoZSBjbGllbnQgYmFzZWQg b24gdGhlIGF1dGhvcml6YXRpb24gc2VydmVyIHBvbGljeSBvcgogICB0aGUgcmVzb3VyY2Ugb3du ZXIncyBpbnN0cnVjdGlvbnMuICBJZiB0aGUgaXNzdWVkIGFjY2VzcyB0b2tlbiBzY29wZQogICBp cyBkaWZmZXJlbnQgZnJvbSB0aGUgb25lIHJlcXVlc3RlZCBieSB0aGUgY2xpZW50LCB0aGUgYXV0 aG9yaXphdGlvbgogICBzZXJ2ZXIgTVVTVCBpbmNsdWRlIHRoZSAic2NvcGUiIHJlc3BvbnNlIHBh cmFtZXRlciB0byBpbmZvcm0gdGhlCiAgIGNsaWVudCBvZiB0aGUgYWN0dWFsIHNjb3BlIGdyYW50 ZWQuCgogICBJZiB0aGUgY2xpZW50IG9taXRzIHRoZSBzY29wZSBwYXJhbWV0ZXIgd2hlbiByZXF1 ZXN0aW5nCiAgIGF1dGhvcml6YXRpb24sIHRoZSBhdXRob3JpemF0aW9uIHNlcnZlciBNVVNUIGVp dGhlciBwcm9jZXNzIHRoZQogICByZXF1ZXN0IHVzaW5nIGEgcHJlLWRlZmluZWQgZGVmYXVsdCB2 YWx1ZSwgb3IgZmFpbCB0aGUgcmVxdWVzdAogICBpbmRpY2F0aW5nIGFuIGludmFsaWQgc2NvcGUu ICBUaGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgU0hPVUxECiAgIGRvY3VtZW50IGl0cyBzY29wZSBy ZXF1aXJlbWVudHMgYW5kIGRlZmF1bHQgdmFsdWUgKGlmIGRlZmluZWQpLgoKCjQuICBPYnRhaW5p bmcgQXV0aG9yaXphdGlvbgoKICAgVG8gcmVxdWVzdCBhbiBhY2Nlc3MgdG9rZW4sIHRoZSBjbGll bnQgb2J0YWlucyBhdXRob3JpemF0aW9uIGZyb20gdGhlCiAgIHJlc291cmNlIG93bmVyLiAgVGhl IGF1dGhvcml6YXRpb24gaXMgZXhwcmVzc2VkIGluIHRoZSBmb3JtIG9mIGFuCgoKCkhhcmR0ICYg UmVjb3Jkb24gICAgICAgIEV4cGlyZXMgSmFudWFyeSAxMCwgMjAxMyAgICAgICAgICAgICAgIFtQ YWdlIDIyXQoMCkludGVybmV0LURyYWZ0ICAgICAgICAgICAgICAgICAgT0F1dGggMi4wICAgICAg ICAgICAgICAgICAgICAgIEp1bHkgMjAxMgoKCiAgIGF1dGhvcml6YXRpb24gZ3JhbnQgd2hpY2gg dGhlIGNsaWVudCB1c2VzIHRvIHJlcXVlc3QgdGhlIGFjY2VzcwogICB0b2tlbi4gIE9BdXRoIGRl ZmluZXMgZm91ciBncmFudCB0eXBlczogYXV0aG9yaXphdGlvbiBjb2RlLCBpbXBsaWNpdCwKICAg cmVzb3VyY2Ugb3duZXIgcGFzc3dvcmQgY3JlZGVudGlhbHMsIGFuZCBjbGllbnQgY3JlZGVudGlh bHMuICBJdCBhbHNvCiAgIHByb3ZpZGVzIGFuIGV4dGVuc2lvbiBtZWNoYW5pc20gZm9yIGRlZmlu aW5nIGFkZGl0aW9uYWwgZ3JhbnQgdHlwZXMuCgo0LjEuICBBdXRob3JpemF0aW9uIENvZGUgR3Jh bnQKCiAgIFRoZSBhdXRob3JpemF0aW9uIGNvZGUgZ3JhbnQgdHlwZSBpcyB1c2VkIHRvIG9idGFp biBib3RoIGFjY2VzcwogICB0b2tlbnMgYW5kIHJlZnJlc2ggdG9rZW5zIGFuZCBpcyBvcHRpbWl6 ZWQgZm9yIGNvbmZpZGVudGlhbCBjbGllbnRzLgogICBBcyBhIHJlZGlyZWN0aW9uLWJhc2VkIGZs b3csIHRoZSBjbGllbnQgbXVzdCBiZSBjYXBhYmxlIG9mCiAgIGludGVyYWN0aW5nIHdpdGggdGhl IHJlc291cmNlIG93bmVyJ3MgdXNlci1hZ2VudCAodHlwaWNhbGx5IGEgd2ViCiAgIGJyb3dzZXIp IGFuZCBjYXBhYmxlIG9mIHJlY2VpdmluZyBpbmNvbWluZyByZXF1ZXN0cyAodmlhIHJlZGlyZWN0 aW9uKQogICBmcm9tIHRoZSBhdXRob3JpemF0aW9uIHNlcnZlci4KCiAgICAgKy0tLS0tLS0tLS0r CiAgICAgfCByZXNvdXJjZSB8CiAgICAgfCAgIG93bmVyICB8CiAgICAgfCAgICAgICAgICB8CiAg ICAgKy0tLS0tLS0tLS0rCiAgICAgICAgICBeCiAgICAgICAgICB8CiAgICAgICAgIChCKQogICAg ICstLS0tfC0tLS0tKyAgICAgICAgICBDbGllbnQgSWRlbnRpZmllciAgICAgICstLS0tLS0tLS0t LS0tLS0rCiAgICAgfCAgICAgICAgIC0rLS0tLShBKS0tICYgUmVkaXJlY3Rpb24gVVJJIC0tLS0+ fCAgICAgICAgICAgICAgIHwKICAgICB8ICBVc2VyLSAgIHwgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICB8IEF1dGhvcml6YXRpb24gfAogICAgIHwgIEFnZW50ICAtKy0tLS0oQiktLSBV c2VyIGF1dGhlbnRpY2F0ZXMgLS0tPnwgICAgIFNlcnZlciAgICB8CiAgICAgfCAgICAgICAgICB8 ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgfCAgICAgICAgICAgICAgIHwKICAgICB8 ICAgICAgICAgLSstLS0tKEMpLS0gQXV0aG9yaXphdGlvbiBDb2RlIC0tLTx8ICAgICAgICAgICAg ICAgfAogICAgICstfC0tLS18LS0tKyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICst LS0tLS0tLS0tLS0tLS0rCiAgICAgICB8ICAgIHwgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgIF4gICAgICB2CiAgICAgIChBKSAgKEMpICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgIHwgICAgICB8CiAgICAgICB8ICAgIHwgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgIHwgICAgICB8CiAgICAgICBeICAgIHYgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHwgICAgICB8CiAgICAgKy0tLS0tLS0tLSsg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHwgICAgICB8CiAgICAgfCAgICAg ICAgIHw+LS0tKEQpLS0gQXV0aG9yaXphdGlvbiBDb2RlIC0tLS0tLS0tLScgICAgICB8CiAgICAg fCAgQ2xpZW50IHwgICAgICAgICAgJiBSZWRpcmVjdGlvbiBVUkkgICAgICAgICAgICAgICAgICB8 CiAgICAgfCAgICAgICAgIHwgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICB8CiAgICAgfCAgICAgICAgIHw8LS0tKEUpLS0tLS0gQWNjZXNzIFRva2VuIC0tLS0tLS0t LS0tLS0tLS0tLS0nCiAgICAgKy0tLS0tLS0tLSsgICAgICAgKHcvIE9wdGlvbmFsIFJlZnJlc2gg VG9rZW4pCgogICBOb3RlOiBUaGUgbGluZXMgaWxsdXN0cmF0aW5nIHN0ZXBzIEEsIEIsIGFuZCBD IGFyZSBicm9rZW4gaW50byB0d28KICAgcGFydHMgYXMgdGhleSBwYXNzIHRocm91Z2ggdGhlIHVz ZXItYWdlbnQuCgogICAgICAgICAgICAgICAgICAgICBGaWd1cmUgMzogQXV0aG9yaXphdGlvbiBD b2RlIEZsb3cKCiAgIFRoZSBmbG93IGlsbHVzdHJhdGVkIGluIEZpZ3VyZSAzIGluY2x1ZGVzIHRo ZSBmb2xsb3dpbmcgc3RlcHM6CgoKCgoKSGFyZHQgJiBSZWNvcmRvbiAgICAgICAgRXhwaXJlcyBK YW51YXJ5IDEwLCAyMDEzICAgICAgICAgICAgICAgW1BhZ2UgMjNdCgwKSW50ZXJuZXQtRHJhZnQg ICAgICAgICAgICAgICAgICBPQXV0aCAyLjAgICAgICAgICAgICAgICAgICAgICAgSnVseSAyMDEy CgoKICAgKEEpICBUaGUgY2xpZW50IGluaXRpYXRlcyB0aGUgZmxvdyBieSBkaXJlY3RpbmcgdGhl IHJlc291cmNlIG93bmVyJ3MKICAgICAgICB1c2VyLWFnZW50IHRvIHRoZSBhdXRob3JpemF0aW9u IGVuZHBvaW50LiAgVGhlIGNsaWVudCBpbmNsdWRlcwogICAgICAgIGl0cyBjbGllbnQgaWRlbnRp ZmllciwgcmVxdWVzdGVkIHNjb3BlLCBsb2NhbCBzdGF0ZSwgYW5kIGEKICAgICAgICByZWRpcmVj dGlvbiBVUkkgdG8gd2hpY2ggdGhlIGF1dGhvcml6YXRpb24gc2VydmVyIHdpbGwgc2VuZCB0aGUK ICAgICAgICB1c2VyLWFnZW50IGJhY2sgb25jZSBhY2Nlc3MgaXMgZ3JhbnRlZCAob3IgZGVuaWVk KS4KICAgKEIpICBUaGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgYXV0aGVudGljYXRlcyB0aGUgcmVz b3VyY2Ugb3duZXIgKHZpYQogICAgICAgIHRoZSB1c2VyLWFnZW50KSBhbmQgZXN0YWJsaXNoZXMg d2hldGhlciB0aGUgcmVzb3VyY2Ugb3duZXIKICAgICAgICBncmFudHMgb3IgZGVuaWVzIHRoZSBj bGllbnQncyBhY2Nlc3MgcmVxdWVzdC4KICAgKEMpICBBc3N1bWluZyB0aGUgcmVzb3VyY2Ugb3du ZXIgZ3JhbnRzIGFjY2VzcywgdGhlIGF1dGhvcml6YXRpb24KICAgICAgICBzZXJ2ZXIgcmVkaXJl Y3RzIHRoZSB1c2VyLWFnZW50IGJhY2sgdG8gdGhlIGNsaWVudCB1c2luZyB0aGUKICAgICAgICBy ZWRpcmVjdGlvbiBVUkkgcHJvdmlkZWQgZWFybGllciAoaW4gdGhlIHJlcXVlc3Qgb3IgZHVyaW5n CiAgICAgICAgY2xpZW50IHJlZ2lzdHJhdGlvbikuICBUaGUgcmVkaXJlY3Rpb24gVVJJIGluY2x1 ZGVzIGFuCiAgICAgICAgYXV0aG9yaXphdGlvbiBjb2RlIGFuZCBhbnkgbG9jYWwgc3RhdGUgcHJv dmlkZWQgYnkgdGhlIGNsaWVudAogICAgICAgIGVhcmxpZXIuCiAgIChEKSAgVGhlIGNsaWVudCBy ZXF1ZXN0cyBhbiBhY2Nlc3MgdG9rZW4gZnJvbSB0aGUgYXV0aG9yaXphdGlvbgogICAgICAgIHNl cnZlcidzIHRva2VuIGVuZHBvaW50IGJ5IGluY2x1ZGluZyB0aGUgYXV0aG9yaXphdGlvbiBjb2Rl CiAgICAgICAgcmVjZWl2ZWQgaW4gdGhlIHByZXZpb3VzIHN0ZXAuICBXaGVuIG1ha2luZyB0aGUg cmVxdWVzdCwgdGhlCiAgICAgICAgY2xpZW50IGF1dGhlbnRpY2F0ZXMgd2l0aCB0aGUgYXV0aG9y aXphdGlvbiBzZXJ2ZXIuICBUaGUgY2xpZW50CiAgICAgICAgaW5jbHVkZXMgdGhlIHJlZGlyZWN0 aW9uIFVSSSB1c2VkIHRvIG9idGFpbiB0aGUgYXV0aG9yaXphdGlvbgogICAgICAgIGNvZGUgZm9y IHZlcmlmaWNhdGlvbi4KICAgKEUpICBUaGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgYXV0aGVudGlj YXRlcyB0aGUgY2xpZW50LCB2YWxpZGF0ZXMgdGhlCiAgICAgICAgYXV0aG9yaXphdGlvbiBjb2Rl LCBhbmQgZW5zdXJlcyB0aGUgcmVkaXJlY3Rpb24gVVJJIHJlY2VpdmVkCiAgICAgICAgbWF0Y2hl cyB0aGUgVVJJIHVzZWQgdG8gcmVkaXJlY3QgdGhlIGNsaWVudCBpbiBzdGVwIChDKS4gIElmCiAg ICAgICAgdmFsaWQsIHRoZSBhdXRob3JpemF0aW9uIHNlcnZlciByZXNwb25kcyBiYWNrIHdpdGgg YW4gYWNjZXNzCiAgICAgICAgdG9rZW4gYW5kIG9wdGlvbmFsbHksIGEgcmVmcmVzaCB0b2tlbi4K CjQuMS4xLiAgQXV0aG9yaXphdGlvbiBSZXF1ZXN0CgogICBUaGUgY2xpZW50IGNvbnN0cnVjdHMg dGhlIHJlcXVlc3QgVVJJIGJ5IGFkZGluZyB0aGUgZm9sbG93aW5nCiAgIHBhcmFtZXRlcnMgdG8g dGhlIHF1ZXJ5IGNvbXBvbmVudCBvZiB0aGUgYXV0aG9yaXphdGlvbiBlbmRwb2ludCBVUkkKICAg dXNpbmcgdGhlICJhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQiIGZvcm1hdAogICBb VzNDLlJFQy1odG1sNDAxLTE5OTkxMjI0XToKCiAgIHJlc3BvbnNlX3R5cGUKICAgICAgICAgUkVR VUlSRUQuICBWYWx1ZSBNVVNUIGJlIHNldCB0byAiY29kZSIuCiAgIGNsaWVudF9pZAogICAgICAg ICBSRVFVSVJFRC4gIFRoZSBjbGllbnQgaWRlbnRpZmllciBhcyBkZXNjcmliZWQgaW4gU2VjdGlv biAyLjIuCiAgIHJlZGlyZWN0X3VyaQogICAgICAgICBPUFRJT05BTC4gIEFzIGRlc2NyaWJlZCBp biBTZWN0aW9uIDMuMS4yLgogICBzY29wZQogICAgICAgICBPUFRJT05BTC4gIFRoZSBzY29wZSBv ZiB0aGUgYWNjZXNzIHJlcXVlc3QgYXMgZGVzY3JpYmVkIGJ5CiAgICAgICAgIFNlY3Rpb24gMy4z LgogICBzdGF0ZQogICAgICAgICBSRUNPTU1FTkRFRC4gIEFuIG9wYXF1ZSB2YWx1ZSB1c2VkIGJ5 IHRoZSBjbGllbnQgdG8gbWFpbnRhaW4KICAgICAgICAgc3RhdGUgYmV0d2VlbiB0aGUgcmVxdWVz dCBhbmQgY2FsbGJhY2suICBUaGUgYXV0aG9yaXphdGlvbgogICAgICAgICBzZXJ2ZXIgaW5jbHVk ZXMgdGhpcyB2YWx1ZSB3aGVuIHJlZGlyZWN0aW5nIHRoZSB1c2VyLWFnZW50IGJhY2sKICAgICAg ICAgdG8gdGhlIGNsaWVudC4gIFRoZSBwYXJhbWV0ZXIgU0hPVUxEIGJlIHVzZWQgZm9yIHByZXZl bnRpbmcKICAgICAgICAgY3Jvc3Mtc2l0ZSByZXF1ZXN0IGZvcmdlcnkgYXMgZGVzY3JpYmVkIGlu IFNlY3Rpb24gMTAuMTIuCgoKCkhhcmR0ICYgUmVjb3Jkb24gICAgICAgIEV4cGlyZXMgSmFudWFy eSAxMCwgMjAxMyAgICAgICAgICAgICAgIFtQYWdlIDI0XQoMCkludGVybmV0LURyYWZ0ICAgICAg ICAgICAgICAgICAgT0F1dGggMi4wICAgICAgICAgICAgICAgICAgICAgIEp1bHkgMjAxMgoKCiAg IFRoZSBjbGllbnQgZGlyZWN0cyB0aGUgcmVzb3VyY2Ugb3duZXIgdG8gdGhlIGNvbnN0cnVjdGVk IFVSSSB1c2luZyBhbgogICBIVFRQIHJlZGlyZWN0aW9uIHJlc3BvbnNlLCBvciBieSBvdGhlciBt ZWFucyBhdmFpbGFibGUgdG8gaXQgdmlhIHRoZQogICB1c2VyLWFnZW50LgoKICAgRm9yIGV4YW1w bGUsIHRoZSBjbGllbnQgZGlyZWN0cyB0aGUgdXNlci1hZ2VudCB0byBtYWtlIHRoZSBmb2xsb3dp bmcKICAgSFRUUCByZXF1ZXN0IHVzaW5nIFRMUyAoZXh0cmEgbGluZSBicmVha3MgYXJlIGZvciBk aXNwbGF5IHB1cnBvc2VzCiAgIG9ubHkpOgoKICAgIEdFVCAvYXV0aG9yaXplP3Jlc3BvbnNlX3R5 cGU9Y29kZSZjbGllbnRfaWQ9czZCaGRSa3F0MyZzdGF0ZT14eXoKICAgICAgICAmcmVkaXJlY3Rf dXJpPWh0dHBzJTNBJTJGJTJGY2xpZW50JTJFZXhhbXBsZSUyRWNvbSUyRmNiIEhUVFAvMS4xCiAg ICBIb3N0OiBzZXJ2ZXIuZXhhbXBsZS5jb20KCiAgIFRoZSBhdXRob3JpemF0aW9uIHNlcnZlciB2 YWxpZGF0ZXMgdGhlIHJlcXVlc3QgdG8gZW5zdXJlIGFsbCByZXF1aXJlZAogICBwYXJhbWV0ZXJz IGFyZSBwcmVzZW50IGFuZCB2YWxpZC4gIElmIHRoZSByZXF1ZXN0IGlzIHZhbGlkLCB0aGUKICAg YXV0aG9yaXphdGlvbiBzZXJ2ZXIgYXV0aGVudGljYXRlcyB0aGUgcmVzb3VyY2Ugb3duZXIgYW5k IG9idGFpbnMgYW4KICAgYXV0aG9yaXphdGlvbiBkZWNpc2lvbiAoYnkgYXNraW5nIHRoZSByZXNv dXJjZSBvd25lciBvciBieQogICBlc3RhYmxpc2hpbmcgYXBwcm92YWwgdmlhIG90aGVyIG1lYW5z KS4KCiAgIFdoZW4gYSBkZWNpc2lvbiBpcyBlc3RhYmxpc2hlZCwgdGhlIGF1dGhvcml6YXRpb24g c2VydmVyIGRpcmVjdHMgdGhlCiAgIHVzZXItYWdlbnQgdG8gdGhlIHByb3ZpZGVkIGNsaWVudCBy ZWRpcmVjdGlvbiBVUkkgdXNpbmcgYW4gSFRUUAogICByZWRpcmVjdGlvbiByZXNwb25zZSwgb3Ig Ynkgb3RoZXIgbWVhbnMgYXZhaWxhYmxlIHRvIGl0IHZpYSB0aGUgdXNlci0KICAgYWdlbnQuCgo0 LjEuMi4gIEF1dGhvcml6YXRpb24gUmVzcG9uc2UKCiAgIElmIHRoZSByZXNvdXJjZSBvd25lciBn cmFudHMgdGhlIGFjY2VzcyByZXF1ZXN0LCB0aGUgYXV0aG9yaXphdGlvbgogICBzZXJ2ZXIgaXNz dWVzIGFuIGF1dGhvcml6YXRpb24gY29kZSBhbmQgZGVsaXZlcnMgaXQgdG8gdGhlIGNsaWVudCBi eQogICBhZGRpbmcgdGhlIGZvbGxvd2luZyBwYXJhbWV0ZXJzIHRvIHRoZSBxdWVyeSBjb21wb25l bnQgb2YgdGhlCiAgIHJlZGlyZWN0aW9uIFVSSSB1c2luZyB0aGUgImFwcGxpY2F0aW9uL3gtd3d3 LWZvcm0tdXJsZW5jb2RlZCIgZm9ybWF0OgoKICAgY29kZQogICAgICAgICBSRVFVSVJFRC4gIFRo ZSBhdXRob3JpemF0aW9uIGNvZGUgZ2VuZXJhdGVkIGJ5IHRoZQogICAgICAgICBhdXRob3JpemF0 aW9uIHNlcnZlci4gIFRoZSBhdXRob3JpemF0aW9uIGNvZGUgTVVTVCBleHBpcmUKICAgICAgICAg c2hvcnRseSBhZnRlciBpdCBpcyBpc3N1ZWQgdG8gbWl0aWdhdGUgdGhlIHJpc2sgb2YgbGVha3Mu ICBBCiAgICAgICAgIG1heGltdW0gYXV0aG9yaXphdGlvbiBjb2RlIGxpZmV0aW1lIG9mIDEwIG1p bnV0ZXMgaXMKICAgICAgICAgUkVDT01NRU5ERUQuICBUaGUgY2xpZW50IE1VU1QgTk9UIHVzZSB0 aGUgYXV0aG9yaXphdGlvbiBjb2RlCiAgICAgICAgIG1vcmUgdGhhbiBvbmNlLiAgSWYgYW4gYXV0 aG9yaXphdGlvbiBjb2RlIGlzIHVzZWQgbW9yZSB0aGFuCiAgICAgICAgIG9uY2UsIHRoZSBhdXRo b3JpemF0aW9uIHNlcnZlciBNVVNUIGRlbnkgdGhlIHJlcXVlc3QgYW5kIFNIT1VMRAogICAgICAg ICByZXZva2UgKHdoZW4gcG9zc2libGUpIGFsbCB0b2tlbnMgcHJldmlvdXNseSBpc3N1ZWQgYmFz ZWQgb24KICAgICAgICAgdGhhdCBhdXRob3JpemF0aW9uIGNvZGUuICBUaGUgYXV0aG9yaXphdGlv biBjb2RlIGlzIGJvdW5kIHRvCiAgICAgICAgIHRoZSBjbGllbnQgaWRlbnRpZmllciBhbmQgcmVk aXJlY3Rpb24gVVJJLgogICBzdGF0ZQogICAgICAgICBSRVFVSVJFRCBpZiB0aGUgInN0YXRlIiBw YXJhbWV0ZXIgd2FzIHByZXNlbnQgaW4gdGhlIGNsaWVudAogICAgICAgICBhdXRob3JpemF0aW9u IHJlcXVlc3QuICBUaGUgZXhhY3QgdmFsdWUgcmVjZWl2ZWQgZnJvbSB0aGUKICAgICAgICAgY2xp ZW50LgoKCgoKCgpIYXJkdCAmIFJlY29yZG9uICAgICAgICBFeHBpcmVzIEphbnVhcnkgMTAsIDIw MTMgICAgICAgICAgICAgICBbUGFnZSAyNV0KDApJbnRlcm5ldC1EcmFmdCAgICAgICAgICAgICAg ICAgIE9BdXRoIDIuMCAgICAgICAgICAgICAgICAgICAgICBKdWx5IDIwMTIKCgogICBGb3IgZXhh bXBsZSwgdGhlIGF1dGhvcml6YXRpb24gc2VydmVyIHJlZGlyZWN0cyB0aGUgdXNlci1hZ2VudCBi eQogICBzZW5kaW5nIHRoZSBmb2xsb3dpbmcgSFRUUCByZXNwb25zZToKCiAgICAgSFRUUC8xLjEg MzAyIEZvdW5kCiAgICAgTG9jYXRpb246IGh0dHBzOi8vY2xpZW50LmV4YW1wbGUuY29tL2NiP2Nv ZGU9U3BseGxPQmVaUVFZYllTNld4U2JJQQogICAgICAgICAgICAgICAmc3RhdGU9eHl6CgogICBU aGUgY2xpZW50IE1VU1QgaWdub3JlIHVucmVjb2duaXplZCByZXNwb25zZSBwYXJhbWV0ZXJzLiAg VGhlCiAgIGF1dGhvcml6YXRpb24gY29kZSBzdHJpbmcgc2l6ZSBpcyBsZWZ0IHVuZGVmaW5lZCBi eSB0aGlzCiAgIHNwZWNpZmljYXRpb24uICBUaGUgY2xpZW50IHNob3VsZCBhdm9pZCBtYWtpbmcg YXNzdW1wdGlvbnMgYWJvdXQgY29kZQogICB2YWx1ZSBzaXplcy4gIFRoZSBhdXRob3JpemF0aW9u IHNlcnZlciBTSE9VTEQgZG9jdW1lbnQgdGhlIHNpemUgb2YKICAgYW55IHZhbHVlIGl0IGlzc3Vl cy4KCjQuMS4yLjEuICBFcnJvciBSZXNwb25zZQoKICAgSWYgdGhlIHJlcXVlc3QgZmFpbHMgZHVl IHRvIGEgbWlzc2luZywgaW52YWxpZCwgb3IgbWlzbWF0Y2hpbmcKICAgcmVkaXJlY3Rpb24gVVJJ LCBvciBpZiB0aGUgY2xpZW50IGlkZW50aWZpZXIgaXMgbWlzc2luZyBvciBpbnZhbGlkLAogICB0 aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgU0hPVUxEIGluZm9ybSB0aGUgcmVzb3VyY2Ugb3duZXIg b2YgdGhlCiAgIGVycm9yLCBhbmQgTVVTVCBOT1QgYXV0b21hdGljYWxseSByZWRpcmVjdCB0aGUg dXNlci1hZ2VudCB0byB0aGUKICAgaW52YWxpZCByZWRpcmVjdGlvbiBVUkkuCgogICBJZiB0aGUg cmVzb3VyY2Ugb3duZXIgZGVuaWVzIHRoZSBhY2Nlc3MgcmVxdWVzdCBvciBpZiB0aGUgcmVxdWVz dAogICBmYWlscyBmb3IgcmVhc29ucyBvdGhlciB0aGFuIGEgbWlzc2luZyBvciBpbnZhbGlkIHJl ZGlyZWN0aW9uIFVSSSwKICAgdGhlIGF1dGhvcml6YXRpb24gc2VydmVyIGluZm9ybXMgdGhlIGNs aWVudCBieSBhZGRpbmcgdGhlIGZvbGxvd2luZwogICBwYXJhbWV0ZXJzIHRvIHRoZSBxdWVyeSBj b21wb25lbnQgb2YgdGhlIHJlZGlyZWN0aW9uIFVSSSB1c2luZyB0aGUKICAgImFwcGxpY2F0aW9u L3gtd3d3LWZvcm0tdXJsZW5jb2RlZCIgZm9ybWF0OgoKICAgZXJyb3IKICAgICAgICAgUkVRVUlS RUQuICBBIHNpbmdsZSBBU0NJSSBbVVNBU0NJSV0gZXJyb3IgY29kZSBmcm9tIHRoZQogICAgICAg ICBmb2xsb3dpbmc6CiAgICAgICAgIGludmFsaWRfcmVxdWVzdAogICAgICAgICAgICAgICBUaGUg cmVxdWVzdCBpcyBtaXNzaW5nIGEgcmVxdWlyZWQgcGFyYW1ldGVyLCBpbmNsdWRlcyBhbgogICAg ICAgICAgICAgICBpbnZhbGlkIHBhcmFtZXRlciB2YWx1ZSwgaW5jbHVkZXMgYSBwYXJhbWV0ZXIg bW9yZSB0aGFuCiAgICAgICAgICAgICAgIG9uY2UsIG9yIGlzIG90aGVyd2lzZSBtYWxmb3JtZWQu CiAgICAgICAgIHVuYXV0aG9yaXplZF9jbGllbnQKICAgICAgICAgICAgICAgVGhlIGNsaWVudCBp cyBub3QgYXV0aG9yaXplZCB0byByZXF1ZXN0IGFuIGF1dGhvcml6YXRpb24KICAgICAgICAgICAg ICAgY29kZSB1c2luZyB0aGlzIG1ldGhvZC4KICAgICAgICAgYWNjZXNzX2RlbmllZAogICAgICAg ICAgICAgICBUaGUgcmVzb3VyY2Ugb3duZXIgb3IgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgZGVuaWVk IHRoZQogICAgICAgICAgICAgICByZXF1ZXN0LgogICAgICAgICB1bnN1cHBvcnRlZF9yZXNwb25z ZV90eXBlCiAgICAgICAgICAgICAgIFRoZSBhdXRob3JpemF0aW9uIHNlcnZlciBkb2VzIG5vdCBz dXBwb3J0IG9idGFpbmluZyBhbgogICAgICAgICAgICAgICBhdXRob3JpemF0aW9uIGNvZGUgdXNp bmcgdGhpcyBtZXRob2QuCiAgICAgICAgIGludmFsaWRfc2NvcGUKICAgICAgICAgICAgICAgVGhl IHJlcXVlc3RlZCBzY29wZSBpcyBpbnZhbGlkLCB1bmtub3duLCBvciBtYWxmb3JtZWQuCgoKCgoK CkhhcmR0ICYgUmVjb3Jkb24gICAgICAgIEV4cGlyZXMgSmFudWFyeSAxMCwgMjAxMyAgICAgICAg ICAgICAgIFtQYWdlIDI2XQoMCkludGVybmV0LURyYWZ0ICAgICAgICAgICAgICAgICAgT0F1dGgg Mi4wICAgICAgICAgICAgICAgICAgICAgIEp1bHkgMjAxMgoKCiAgICAgICAgIHNlcnZlcl9lcnJv cgogICAgICAgICAgICAgICBUaGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgZW5jb3VudGVyZWQgYW4g dW5leHBlY3RlZAogICAgICAgICAgICAgICBjb25kaXRpb24gd2hpY2ggcHJldmVudGVkIGl0IGZy b20gZnVsZmlsbGluZyB0aGUgcmVxdWVzdC4KICAgICAgICAgdGVtcG9yYXJpbHlfdW5hdmFpbGFi bGUKICAgICAgICAgICAgICAgVGhlIGF1dGhvcml6YXRpb24gc2VydmVyIGlzIGN1cnJlbnRseSB1 bmFibGUgdG8gaGFuZGxlCiAgICAgICAgICAgICAgIHRoZSByZXF1ZXN0IGR1ZSB0byBhIHRlbXBv cmFyeSBvdmVybG9hZGluZyBvciBtYWludGVuYW5jZQogICAgICAgICAgICAgICBvZiB0aGUgc2Vy dmVyLgogICAgICAgICBWYWx1ZXMgZm9yIHRoZSAiZXJyb3IiIHBhcmFtZXRlciBNVVNUIE5PVCBp bmNsdWRlIGNoYXJhY3RlcnMKICAgICAgICAgb3V0c2lkZSB0aGUgc2V0ICV4MjAtMjEgLyAleDIz LTVCIC8gJXg1RC03RS4KICAgZXJyb3JfZGVzY3JpcHRpb24KICAgICAgICAgT1BUSU9OQUwuICBB IGh1bWFuLXJlYWRhYmxlIEFTQ0lJIFtVU0FTQ0lJXSB0ZXh0IHByb3ZpZGluZwogICAgICAgICBh ZGRpdGlvbmFsIGluZm9ybWF0aW9uLCB1c2VkIHRvIGFzc2lzdCB0aGUgY2xpZW50IGRldmVsb3Bl ciBpbgogICAgICAgICB1bmRlcnN0YW5kaW5nIHRoZSBlcnJvciB0aGF0IG9jY3VycmVkLgogICAg ICAgICBWYWx1ZXMgZm9yIHRoZSAiZXJyb3JfZGVzY3JpcHRpb24iIHBhcmFtZXRlciBNVVNUIE5P VCBpbmNsdWRlCiAgICAgICAgIGNoYXJhY3RlcnMgb3V0c2lkZSB0aGUgc2V0ICV4MjAtMjEgLyAl eDIzLTVCIC8gJXg1RC03RS4KICAgZXJyb3JfdXJpCiAgICAgICAgIE9QVElPTkFMLiAgQSBVUkkg aWRlbnRpZnlpbmcgYSBodW1hbi1yZWFkYWJsZSB3ZWIgcGFnZSB3aXRoCiAgICAgICAgIGluZm9y bWF0aW9uIGFib3V0IHRoZSBlcnJvciwgdXNlZCB0byBwcm92aWRlIHRoZSBjbGllbnQKICAgICAg ICAgZGV2ZWxvcGVyIHdpdGggYWRkaXRpb25hbCBpbmZvcm1hdGlvbiBhYm91dCB0aGUgZXJyb3Iu CiAgICAgICAgIFZhbHVlcyBmb3IgdGhlICJlcnJvcl91cmkiIHBhcmFtZXRlciBNVVNUIGNvbmZv cm0gdG8gdGhlIFVSSS0KICAgICAgICAgUmVmZXJlbmNlIHN5bnRheCwgYW5kIHRodXMgTVVTVCBO T1QgaW5jbHVkZSBjaGFyYWN0ZXJzIG91dHNpZGUKICAgICAgICAgdGhlIHNldCAleDIxIC8gJXgy My01QiAvICV4NUQtN0UuCiAgIHN0YXRlCiAgICAgICAgIFJFUVVJUkVEIGlmIGEgInN0YXRlIiBw YXJhbWV0ZXIgd2FzIHByZXNlbnQgaW4gdGhlIGNsaWVudAogICAgICAgICBhdXRob3JpemF0aW9u IHJlcXVlc3QuICBUaGUgZXhhY3QgdmFsdWUgcmVjZWl2ZWQgZnJvbSB0aGUKICAgICAgICAgY2xp ZW50LgoKICAgRm9yIGV4YW1wbGUsIHRoZSBhdXRob3JpemF0aW9uIHNlcnZlciByZWRpcmVjdHMg dGhlIHVzZXItYWdlbnQgYnkKICAgc2VuZGluZyB0aGUgZm9sbG93aW5nIEhUVFAgcmVzcG9uc2U6 CgogICBIVFRQLzEuMSAzMDIgRm91bmQKICAgTG9jYXRpb246IGh0dHBzOi8vY2xpZW50LmV4YW1w bGUuY29tL2NiP2Vycm9yPWFjY2Vzc19kZW5pZWQmc3RhdGU9eHl6Cgo0LjEuMy4gIEFjY2VzcyBU b2tlbiBSZXF1ZXN0CgogICBUaGUgY2xpZW50IG1ha2VzIGEgcmVxdWVzdCB0byB0aGUgdG9rZW4g ZW5kcG9pbnQgYnkgc2VuZGluZyB0aGUKICAgZm9sbG93aW5nIHBhcmFtZXRlcnMgdXNpbmcgdGhl ICJhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQiCiAgIGZvcm1hdCBbVzNDLlJFQy1o dG1sNDAxLTE5OTkxMjI0XSBhbmQgYSBjaGFyYWN0ZXIgZW5jb2Rpbmcgb2YgVVRGLTgKICAgaW4g dGhlIEhUVFAgcmVxdWVzdCBlbnRpdHktYm9keToKCiAgIGdyYW50X3R5cGUKICAgICAgICAgUkVR VUlSRUQuICBWYWx1ZSBNVVNUIGJlIHNldCB0byAiYXV0aG9yaXphdGlvbl9jb2RlIi4KICAgY29k ZQogICAgICAgICBSRVFVSVJFRC4gIFRoZSBhdXRob3JpemF0aW9uIGNvZGUgcmVjZWl2ZWQgZnJv bSB0aGUKICAgICAgICAgYXV0aG9yaXphdGlvbiBzZXJ2ZXIuCgoKCgoKCkhhcmR0ICYgUmVjb3Jk b24gICAgICAgIEV4cGlyZXMgSmFudWFyeSAxMCwgMjAxMyAgICAgICAgICAgICAgIFtQYWdlIDI3 XQoMCkludGVybmV0LURyYWZ0ICAgICAgICAgICAgICAgICAgT0F1dGggMi4wICAgICAgICAgICAg ICAgICAgICAgIEp1bHkgMjAxMgoKCiAgIHJlZGlyZWN0X3VyaQogICAgICAgICBSRVFVSVJFRCwg aWYgdGhlICJyZWRpcmVjdF91cmkiIHBhcmFtZXRlciB3YXMgaW5jbHVkZWQgaW4gdGhlCiAgICAg ICAgIGF1dGhvcml6YXRpb24gcmVxdWVzdCBhcyBkZXNjcmliZWQgaW4gU2VjdGlvbiA0LjEuMSwg YW5kIHRoZWlyCiAgICAgICAgIHZhbHVlcyBNVVNUIGJlIGlkZW50aWNhbC4KCiAgIElmIHRoZSBj bGllbnQgdHlwZSBpcyBjb25maWRlbnRpYWwgb3IgdGhlIGNsaWVudCB3YXMgaXNzdWVkIGNsaWVu dAogICBjcmVkZW50aWFscyAob3IgYXNzaWduZWQgb3RoZXIgYXV0aGVudGljYXRpb24gcmVxdWly ZW1lbnRzKSwgdGhlCiAgIGNsaWVudCBNVVNUIGF1dGhlbnRpY2F0ZSB3aXRoIHRoZSBhdXRob3Jp emF0aW9uIHNlcnZlciBhcyBkZXNjcmliZWQKICAgaW4gU2VjdGlvbiAzLjIuMS4KCiAgIEZvciBl eGFtcGxlLCB0aGUgY2xpZW50IG1ha2VzIHRoZSBmb2xsb3dpbmcgSFRUUCByZXF1ZXN0IHVzaW5n IFRMUwogICAoZXh0cmEgbGluZSBicmVha3MgYXJlIGZvciBkaXNwbGF5IHB1cnBvc2VzIG9ubHkp OgoKICAgICBQT1NUIC90b2tlbiBIVFRQLzEuMQogICAgIEhvc3Q6IHNlcnZlci5leGFtcGxlLmNv bQogICAgIEF1dGhvcml6YXRpb246IEJhc2ljIGN6WkNhR1JTYTNGME16cG5XREZtUW1GME0ySlcK ICAgICBDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJsZW5jb2RlZAoKICAg ICBncmFudF90eXBlPWF1dGhvcml6YXRpb25fY29kZSZjb2RlPVNwbHhsT0JlWlFRWWJZUzZXeFNi SUEKICAgICAmcmVkaXJlY3RfdXJpPWh0dHBzJTNBJTJGJTJGY2xpZW50JTJFZXhhbXBsZSUyRWNv bSUyRmNiCgogICBUaGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgTVVTVDoKCiAgIG8gIHJlcXVpcmUg Y2xpZW50IGF1dGhlbnRpY2F0aW9uIGZvciBjb25maWRlbnRpYWwgY2xpZW50cyBvciBmb3IgYW55 CiAgICAgIGNsaWVudCB0aGF0IHdhcyBpc3N1ZWQgY2xpZW50IGNyZWRlbnRpYWxzIChvciB3aXRo IG90aGVyCiAgICAgIGF1dGhlbnRpY2F0aW9uIHJlcXVpcmVtZW50cyksCiAgIG8gIGF1dGhlbnRp Y2F0ZSB0aGUgY2xpZW50IGlmIGNsaWVudCBhdXRoZW50aWNhdGlvbiBpcyBpbmNsdWRlZCwKICAg byAgZW5zdXJlIHRoZSBhdXRob3JpemF0aW9uIGNvZGUgd2FzIGlzc3VlZCB0byB0aGUgYXV0aGVu dGljYXRlZAogICAgICBjb25maWRlbnRpYWwgY2xpZW50IG9yIHRvIHRoZSBwdWJsaWMgY2xpZW50 IGlkZW50aWZpZWQgYnkgdGhlCiAgICAgICJjbGllbnRfaWQiIGluIHRoZSByZXF1ZXN0LAogICBv ICB2ZXJpZnkgdGhhdCB0aGUgYXV0aG9yaXphdGlvbiBjb2RlIGlzIHZhbGlkLCBhbmQKICAgbyAg ZW5zdXJlIHRoYXQgdGhlICJyZWRpcmVjdF91cmkiIHBhcmFtZXRlciBpcyBwcmVzZW50IGlmIHRo ZQogICAgICAicmVkaXJlY3RfdXJpIiBwYXJhbWV0ZXIgd2FzIGluY2x1ZGVkIGluIHRoZSBpbml0 aWFsIGF1dGhvcml6YXRpb24KICAgICAgcmVxdWVzdCBhcyBkZXNjcmliZWQgaW4gU2VjdGlvbiA0 LjEuMSwgYW5kIGlmIGluY2x1ZGVkIGVuc3VyZQogICAgICB0aGVpciB2YWx1ZXMgYXJlIGlkZW50 aWNhbC4KCjQuMS40LiAgQWNjZXNzIFRva2VuIFJlc3BvbnNlCgogICBJZiB0aGUgYWNjZXNzIHRv a2VuIHJlcXVlc3QgaXMgdmFsaWQgYW5kIGF1dGhvcml6ZWQsIHRoZQogICBhdXRob3JpemF0aW9u IHNlcnZlciBpc3N1ZXMgYW4gYWNjZXNzIHRva2VuIGFuZCBvcHRpb25hbCByZWZyZXNoCiAgIHRv a2VuIGFzIGRlc2NyaWJlZCBpbiBTZWN0aW9uIDUuMS4gIElmIHRoZSByZXF1ZXN0IGNsaWVudAog ICBhdXRoZW50aWNhdGlvbiBmYWlsZWQgb3IgaXMgaW52YWxpZCwgdGhlIGF1dGhvcml6YXRpb24g c2VydmVyIHJldHVybnMKICAgYW4gZXJyb3IgcmVzcG9uc2UgYXMgZGVzY3JpYmVkIGluIFNlY3Rp b24gNS4yLgoKCgoKCgoKCkhhcmR0ICYgUmVjb3Jkb24gICAgICAgIEV4cGlyZXMgSmFudWFyeSAx MCwgMjAxMyAgICAgICAgICAgICAgIFtQYWdlIDI4XQoMCkludGVybmV0LURyYWZ0ICAgICAgICAg ICAgICAgICAgT0F1dGggMi4wICAgICAgICAgICAgICAgICAgICAgIEp1bHkgMjAxMgoKCiAgIEFu IGV4YW1wbGUgc3VjY2Vzc2Z1bCByZXNwb25zZToKCiAgICAgSFRUUC8xLjEgMjAwIE9LCiAgICAg Q29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi9qc29uO2NoYXJzZXQ9VVRGLTgKICAgICBDYWNoZS1D b250cm9sOiBuby1zdG9yZQogICAgIFByYWdtYTogbm8tY2FjaGUKCiAgICAgewogICAgICAgImFj Y2Vzc190b2tlbiI6IjJZb3RuRlpGRWpyMXpDc2ljTVdwQUEiLAogICAgICAgInRva2VuX3R5cGUi OiJleGFtcGxlIiwKICAgICAgICJleHBpcmVzX2luIjozNjAwLAogICAgICAgInJlZnJlc2hfdG9r ZW4iOiJ0R3p2M0pPa0YwWEc1UXgyVGxLV0lBIiwKICAgICAgICJleGFtcGxlX3BhcmFtZXRlciI6 ImV4YW1wbGVfdmFsdWUiCiAgICAgfQoKNC4yLiAgSW1wbGljaXQgR3JhbnQKCiAgIFRoZSBpbXBs aWNpdCBncmFudCB0eXBlIGlzIHVzZWQgdG8gb2J0YWluIGFjY2VzcyB0b2tlbnMgKGl0IGRvZXMg bm90CiAgIHN1cHBvcnQgdGhlIGlzc3VhbmNlIG9mIHJlZnJlc2ggdG9rZW5zKSBhbmQgaXMgb3B0 aW1pemVkIGZvciBwdWJsaWMKICAgY2xpZW50cyBrbm93biB0byBvcGVyYXRlIGEgcGFydGljdWxh ciByZWRpcmVjdGlvbiBVUkkuICBUaGVzZSBjbGllbnRzCiAgIGFyZSB0eXBpY2FsbHkgaW1wbGVt ZW50ZWQgaW4gYSBicm93c2VyIHVzaW5nIGEgc2NyaXB0aW5nIGxhbmd1YWdlCiAgIHN1Y2ggYXMg SmF2YVNjcmlwdC4KCiAgIEFzIGEgcmVkaXJlY3Rpb24tYmFzZWQgZmxvdywgdGhlIGNsaWVudCBt dXN0IGJlIGNhcGFibGUgb2YKICAgaW50ZXJhY3Rpbmcgd2l0aCB0aGUgcmVzb3VyY2Ugb3duZXIn cyB1c2VyLWFnZW50ICh0eXBpY2FsbHkgYSB3ZWIKICAgYnJvd3NlcikgYW5kIGNhcGFibGUgb2Yg cmVjZWl2aW5nIGluY29taW5nIHJlcXVlc3RzICh2aWEgcmVkaXJlY3Rpb24pCiAgIGZyb20gdGhl IGF1dGhvcml6YXRpb24gc2VydmVyLgoKICAgVW5saWtlIHRoZSBhdXRob3JpemF0aW9uIGNvZGUg Z3JhbnQgdHlwZSBpbiB3aGljaCB0aGUgY2xpZW50IG1ha2VzCiAgIHNlcGFyYXRlIHJlcXVlc3Rz IGZvciBhdXRob3JpemF0aW9uIGFuZCBhY2Nlc3MgdG9rZW4sIHRoZSBjbGllbnQKICAgcmVjZWl2 ZXMgdGhlIGFjY2VzcyB0b2tlbiBhcyB0aGUgcmVzdWx0IG9mIHRoZSBhdXRob3JpemF0aW9uIHJl cXVlc3QuCgogICBUaGUgaW1wbGljaXQgZ3JhbnQgdHlwZSBkb2VzIG5vdCBpbmNsdWRlIGNsaWVu dCBhdXRoZW50aWNhdGlvbiwgYW5kCiAgIHJlbGllcyBvbiB0aGUgcHJlc2VuY2Ugb2YgdGhlIHJl c291cmNlIG93bmVyIGFuZCB0aGUgcmVnaXN0cmF0aW9uIG9mCiAgIHRoZSByZWRpcmVjdGlvbiBV UkkuICBCZWNhdXNlIHRoZSBhY2Nlc3MgdG9rZW4gaXMgZW5jb2RlZCBpbnRvIHRoZQogICByZWRp cmVjdGlvbiBVUkksIGl0IG1heSBiZSBleHBvc2VkIHRvIHRoZSByZXNvdXJjZSBvd25lciBhbmQg b3RoZXIKICAgYXBwbGljYXRpb25zIHJlc2lkaW5nIG9uIHRoZSBzYW1lIGRldmljZS4KCgoKCgoK CgoKCgoKCgpIYXJkdCAmIFJlY29yZG9uICAgICAgICBFeHBpcmVzIEphbnVhcnkgMTAsIDIwMTMg ICAgICAgICAgICAgICBbUGFnZSAyOV0KDApJbnRlcm5ldC1EcmFmdCAgICAgICAgICAgICAgICAg IE9BdXRoIDIuMCAgICAgICAgICAgICAgICAgICAgICBKdWx5IDIwMTIKCgogICAgICstLS0tLS0t LS0tKwogICAgIHwgUmVzb3VyY2UgfAogICAgIHwgIE93bmVyICAgfAogICAgIHwgICAgICAgICAg fAogICAgICstLS0tLS0tLS0tKwogICAgICAgICAgXgogICAgICAgICAgfAogICAgICAgICAoQikK ICAgICArLS0tLXwtLS0tLSsgICAgICAgICAgQ2xpZW50IElkZW50aWZpZXIgICAgICstLS0tLS0t LS0tLS0tLS0rCiAgICAgfCAgICAgICAgIC0rLS0tLShBKS0tICYgUmVkaXJlY3Rpb24gVVJJIC0t LT58ICAgICAgICAgICAgICAgfAogICAgIHwgIFVzZXItICAgfCAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgfCBBdXRob3JpemF0aW9uIHwKICAgICB8ICBBZ2VudCAgLXwtLS0tKEIpLS0g VXNlciBhdXRoZW50aWNhdGVzIC0tPnwgICAgIFNlcnZlciAgICB8CiAgICAgfCAgICAgICAgICB8 ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICB8ICAgICAgICAgICAgICAgfAogICAgIHwg ICAgICAgICAgfDwtLS0oQyktLS0gUmVkaXJlY3Rpb24gVVJJIC0tLS08fCAgICAgICAgICAgICAg IHwKICAgICB8ICAgICAgICAgIHwgICAgICAgICAgd2l0aCBBY2Nlc3MgVG9rZW4gICAgICstLS0t LS0tLS0tLS0tLS0rCiAgICAgfCAgICAgICAgICB8ICAgICAgICAgICAgaW4gRnJhZ21lbnQKICAg ICB8ICAgICAgICAgIHwgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICstLS0tLS0tLS0t LS0tLS0rCiAgICAgfCAgICAgICAgICB8LS0tLShEKS0tLSBSZWRpcmVjdGlvbiBVUkkgLS0tLT58 ICAgV2ViLUhvc3RlZCAgfAogICAgIHwgICAgICAgICAgfCAgICAgICAgICB3aXRob3V0IEZyYWdt ZW50ICAgICAgfCAgICAgQ2xpZW50ICAgIHwKICAgICB8ICAgICAgICAgIHwgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgIHwgICAgUmVzb3VyY2UgICB8CiAgICAgfCAgICAgKEYpICB8PC0t LShFKS0tLS0tLS0gU2NyaXB0IC0tLS0tLS0tLTx8ICAgICAgICAgICAgICAgfAogICAgIHwgICAg ICAgICAgfCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgKy0tLS0tLS0tLS0tLS0tLSsK ICAgICArLXwtLS0tLS0tLSsKICAgICAgIHwgICAgfAogICAgICAoQSkgIChHKSBBY2Nlc3MgVG9r ZW4KICAgICAgIHwgICAgfAogICAgICAgXiAgICB2CiAgICAgKy0tLS0tLS0tLSsKICAgICB8ICAg ICAgICAgfAogICAgIHwgIENsaWVudCB8CiAgICAgfCAgICAgICAgIHwKICAgICArLS0tLS0tLS0t KwoKICAgTm90ZTogVGhlIGxpbmVzIGlsbHVzdHJhdGluZyBzdGVwcyBBIGFuZCBCIGFyZSBicm9r ZW4gaW50byB0d28gcGFydHMKICAgYXMgdGhleSBwYXNzIHRocm91Z2ggdGhlIHVzZXItYWdlbnQu CgogICAgICAgICAgICAgICAgICAgICAgIEZpZ3VyZSA0OiBJbXBsaWNpdCBHcmFudCBGbG93Cgog ICBUaGUgZmxvdyBpbGx1c3RyYXRlZCBpbiBGaWd1cmUgNCBpbmNsdWRlcyB0aGUgZm9sbG93aW5n IHN0ZXBzOgoKICAgKEEpICBUaGUgY2xpZW50IGluaXRpYXRlcyB0aGUgZmxvdyBieSBkaXJlY3Rp bmcgdGhlIHJlc291cmNlIG93bmVyJ3MKICAgICAgICB1c2VyLWFnZW50IHRvIHRoZSBhdXRob3Jp emF0aW9uIGVuZHBvaW50LiAgVGhlIGNsaWVudCBpbmNsdWRlcwogICAgICAgIGl0cyBjbGllbnQg aWRlbnRpZmllciwgcmVxdWVzdGVkIHNjb3BlLCBsb2NhbCBzdGF0ZSwgYW5kIGEKICAgICAgICBy ZWRpcmVjdGlvbiBVUkkgdG8gd2hpY2ggdGhlIGF1dGhvcml6YXRpb24gc2VydmVyIHdpbGwgc2Vu ZCB0aGUKICAgICAgICB1c2VyLWFnZW50IGJhY2sgb25jZSBhY2Nlc3MgaXMgZ3JhbnRlZCAob3Ig ZGVuaWVkKS4KCgoKCgoKSGFyZHQgJiBSZWNvcmRvbiAgICAgICAgRXhwaXJlcyBKYW51YXJ5IDEw LCAyMDEzICAgICAgICAgICAgICAgW1BhZ2UgMzBdCgwKSW50ZXJuZXQtRHJhZnQgICAgICAgICAg ICAgICAgICBPQXV0aCAyLjAgICAgICAgICAgICAgICAgICAgICAgSnVseSAyMDEyCgoKICAgKEIp ICBUaGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgYXV0aGVudGljYXRlcyB0aGUgcmVzb3VyY2Ugb3du ZXIgKHZpYQogICAgICAgIHRoZSB1c2VyLWFnZW50KSBhbmQgZXN0YWJsaXNoZXMgd2hldGhlciB0 aGUgcmVzb3VyY2Ugb3duZXIKICAgICAgICBncmFudHMgb3IgZGVuaWVzIHRoZSBjbGllbnQncyBh Y2Nlc3MgcmVxdWVzdC4KICAgKEMpICBBc3N1bWluZyB0aGUgcmVzb3VyY2Ugb3duZXIgZ3JhbnRz IGFjY2VzcywgdGhlIGF1dGhvcml6YXRpb24KICAgICAgICBzZXJ2ZXIgcmVkaXJlY3RzIHRoZSB1 c2VyLWFnZW50IGJhY2sgdG8gdGhlIGNsaWVudCB1c2luZyB0aGUKICAgICAgICByZWRpcmVjdGlv biBVUkkgcHJvdmlkZWQgZWFybGllci4gIFRoZSByZWRpcmVjdGlvbiBVUkkgaW5jbHVkZXMKICAg ICAgICB0aGUgYWNjZXNzIHRva2VuIGluIHRoZSBVUkkgZnJhZ21lbnQuCiAgIChEKSAgVGhlIHVz ZXItYWdlbnQgZm9sbG93cyB0aGUgcmVkaXJlY3Rpb24gaW5zdHJ1Y3Rpb25zIGJ5IG1ha2luZyBh CiAgICAgICAgcmVxdWVzdCB0byB0aGUgd2ViLWhvc3RlZCBjbGllbnQgcmVzb3VyY2UgKHdoaWNo IGRvZXMgbm90CiAgICAgICAgaW5jbHVkZSB0aGUgZnJhZ21lbnQgcGVyIFtSRkMyNjE2XSkuICBU aGUgdXNlci1hZ2VudCByZXRhaW5zIHRoZQogICAgICAgIGZyYWdtZW50IGluZm9ybWF0aW9uIGxv Y2FsbHkuCiAgIChFKSAgVGhlIHdlYi1ob3N0ZWQgY2xpZW50IHJlc291cmNlIHJldHVybnMgYSB3 ZWIgcGFnZSAodHlwaWNhbGx5IGFuCiAgICAgICAgSFRNTCBkb2N1bWVudCB3aXRoIGFuIGVtYmVk ZGVkIHNjcmlwdCkgY2FwYWJsZSBvZiBhY2Nlc3NpbmcgdGhlCiAgICAgICAgZnVsbCByZWRpcmVj dGlvbiBVUkkgaW5jbHVkaW5nIHRoZSBmcmFnbWVudCByZXRhaW5lZCBieSB0aGUKICAgICAgICB1 c2VyLWFnZW50LCBhbmQgZXh0cmFjdGluZyB0aGUgYWNjZXNzIHRva2VuIChhbmQgb3RoZXIKICAg ICAgICBwYXJhbWV0ZXJzKSBjb250YWluZWQgaW4gdGhlIGZyYWdtZW50LgogICAoRikgIFRoZSB1 c2VyLWFnZW50IGV4ZWN1dGVzIHRoZSBzY3JpcHQgcHJvdmlkZWQgYnkgdGhlIHdlYi1ob3N0ZWQK ICAgICAgICBjbGllbnQgcmVzb3VyY2UgbG9jYWxseSwgd2hpY2ggZXh0cmFjdHMgdGhlIGFjY2Vz cyB0b2tlbiBhbmQKICAgICAgICBwYXNzZXMgaXQgdG8gdGhlIGNsaWVudC4KCjQuMi4xLiAgQXV0 aG9yaXphdGlvbiBSZXF1ZXN0CgogICBUaGUgY2xpZW50IGNvbnN0cnVjdHMgdGhlIHJlcXVlc3Qg VVJJIGJ5IGFkZGluZyB0aGUgZm9sbG93aW5nCiAgIHBhcmFtZXRlcnMgdG8gdGhlIHF1ZXJ5IGNv bXBvbmVudCBvZiB0aGUgYXV0aG9yaXphdGlvbiBlbmRwb2ludCBVUkkKICAgdXNpbmcgdGhlICJh cHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQiIGZvcm1hdDoKCiAgIHJlc3BvbnNlX3R5 cGUKICAgICAgICAgUkVRVUlSRUQuICBWYWx1ZSBNVVNUIGJlIHNldCB0byAidG9rZW4iLgogICBj bGllbnRfaWQKICAgICAgICAgUkVRVUlSRUQuICBUaGUgY2xpZW50IGlkZW50aWZpZXIgYXMgZGVz Y3JpYmVkIGluIFNlY3Rpb24gMi4yLgogICByZWRpcmVjdF91cmkKICAgICAgICAgT1BUSU9OQUwu ICBBcyBkZXNjcmliZWQgaW4gU2VjdGlvbiAzLjEuMi4KICAgc2NvcGUKICAgICAgICAgT1BUSU9O QUwuICBUaGUgc2NvcGUgb2YgdGhlIGFjY2VzcyByZXF1ZXN0IGFzIGRlc2NyaWJlZCBieQogICAg ICAgICBTZWN0aW9uIDMuMy4KICAgc3RhdGUKICAgICAgICAgUkVDT01NRU5ERUQuICBBbiBvcGFx dWUgdmFsdWUgdXNlZCBieSB0aGUgY2xpZW50IHRvIG1haW50YWluCiAgICAgICAgIHN0YXRlIGJl dHdlZW4gdGhlIHJlcXVlc3QgYW5kIGNhbGxiYWNrLiAgVGhlIGF1dGhvcml6YXRpb24KICAgICAg ICAgc2VydmVyIGluY2x1ZGVzIHRoaXMgdmFsdWUgd2hlbiByZWRpcmVjdGluZyB0aGUgdXNlci1h Z2VudCBiYWNrCiAgICAgICAgIHRvIHRoZSBjbGllbnQuICBUaGUgcGFyYW1ldGVyIFNIT1VMRCBi ZSB1c2VkIGZvciBwcmV2ZW50aW5nCiAgICAgICAgIGNyb3NzLXNpdGUgcmVxdWVzdCBmb3JnZXJ5 IGFzIGRlc2NyaWJlZCBpbiBTZWN0aW9uIDEwLjEyLgoKICAgVGhlIGNsaWVudCBkaXJlY3RzIHRo ZSByZXNvdXJjZSBvd25lciB0byB0aGUgY29uc3RydWN0ZWQgVVJJIHVzaW5nIGFuCiAgIEhUVFAg cmVkaXJlY3Rpb24gcmVzcG9uc2UsIG9yIGJ5IG90aGVyIG1lYW5zIGF2YWlsYWJsZSB0byBpdCB2 aWEgdGhlCiAgIHVzZXItYWdlbnQuCgoKCgoKCkhhcmR0ICYgUmVjb3Jkb24gICAgICAgIEV4cGly ZXMgSmFudWFyeSAxMCwgMjAxMyAgICAgICAgICAgICAgIFtQYWdlIDMxXQoMCkludGVybmV0LURy YWZ0ICAgICAgICAgICAgICAgICAgT0F1dGggMi4wICAgICAgICAgICAgICAgICAgICAgIEp1bHkg MjAxMgoKCiAgIEZvciBleGFtcGxlLCB0aGUgY2xpZW50IGRpcmVjdHMgdGhlIHVzZXItYWdlbnQg dG8gbWFrZSB0aGUgZm9sbG93aW5nCiAgIEhUVFAgcmVxdWVzdCB1c2luZyBUTFMgKGV4dHJhIGxp bmUgYnJlYWtzIGFyZSBmb3IgZGlzcGxheSBwdXJwb3NlcwogICBvbmx5KToKCiAgICBHRVQgL2F1 dGhvcml6ZT9yZXNwb25zZV90eXBlPXRva2VuJmNsaWVudF9pZD1zNkJoZFJrcXQzJnN0YXRlPXh5 egogICAgICAgICZyZWRpcmVjdF91cmk9aHR0cHMlM0ElMkYlMkZjbGllbnQlMkVleGFtcGxlJTJF Y29tJTJGY2IgSFRUUC8xLjEKICAgIEhvc3Q6IHNlcnZlci5leGFtcGxlLmNvbQoKICAgVGhlIGF1 dGhvcml6YXRpb24gc2VydmVyIHZhbGlkYXRlcyB0aGUgcmVxdWVzdCB0byBlbnN1cmUgYWxsIHJl cXVpcmVkCiAgIHBhcmFtZXRlcnMgYXJlIHByZXNlbnQgYW5kIHZhbGlkLiAgVGhlIGF1dGhvcml6 YXRpb24gc2VydmVyIE1VU1QKICAgdmVyaWZ5IHRoYXQgdGhlIHJlZGlyZWN0aW9uIFVSSSB0byB3 aGljaCBpdCB3aWxsIHJlZGlyZWN0IHRoZSBhY2Nlc3MKICAgdG9rZW4gbWF0Y2hlcyBhIHJlZGly ZWN0aW9uIFVSSSByZWdpc3RlcmVkIGJ5IHRoZSBjbGllbnQgYXMgZGVzY3JpYmVkCiAgIGluIFNl Y3Rpb24gMy4xLjIuCgogICBJZiB0aGUgcmVxdWVzdCBpcyB2YWxpZCwgdGhlIGF1dGhvcml6YXRp b24gc2VydmVyIGF1dGhlbnRpY2F0ZXMgdGhlCiAgIHJlc291cmNlIG93bmVyIGFuZCBvYnRhaW5z IGFuIGF1dGhvcml6YXRpb24gZGVjaXNpb24gKGJ5IGFza2luZyB0aGUKICAgcmVzb3VyY2Ugb3du ZXIgb3IgYnkgZXN0YWJsaXNoaW5nIGFwcHJvdmFsIHZpYSBvdGhlciBtZWFucykuCgogICBXaGVu IGEgZGVjaXNpb24gaXMgZXN0YWJsaXNoZWQsIHRoZSBhdXRob3JpemF0aW9uIHNlcnZlciBkaXJl Y3RzIHRoZQogICB1c2VyLWFnZW50IHRvIHRoZSBwcm92aWRlZCBjbGllbnQgcmVkaXJlY3Rpb24g VVJJIHVzaW5nIGFuIEhUVFAKICAgcmVkaXJlY3Rpb24gcmVzcG9uc2UsIG9yIGJ5IG90aGVyIG1l YW5zIGF2YWlsYWJsZSB0byBpdCB2aWEgdGhlIHVzZXItCiAgIGFnZW50LgoKNC4yLjIuICBBY2Nl c3MgVG9rZW4gUmVzcG9uc2UKCiAgIElmIHRoZSByZXNvdXJjZSBvd25lciBncmFudHMgdGhlIGFj Y2VzcyByZXF1ZXN0LCB0aGUgYXV0aG9yaXphdGlvbgogICBzZXJ2ZXIgaXNzdWVzIGFuIGFjY2Vz cyB0b2tlbiBhbmQgZGVsaXZlcnMgaXQgdG8gdGhlIGNsaWVudCBieSBhZGRpbmcKICAgdGhlIGZv bGxvd2luZyBwYXJhbWV0ZXJzIHRvIHRoZSBmcmFnbWVudCBjb21wb25lbnQgb2YgdGhlIHJlZGly ZWN0aW9uCiAgIFVSSSB1c2luZyB0aGUgImFwcGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJsZW5jb2Rl ZCIgZm9ybWF0OgoKICAgYWNjZXNzX3Rva2VuCiAgICAgICAgIFJFUVVJUkVELiAgVGhlIGFjY2Vz cyB0b2tlbiBpc3N1ZWQgYnkgdGhlIGF1dGhvcml6YXRpb24gc2VydmVyLgogICB0b2tlbl90eXBl CiAgICAgICAgIFJFUVVJUkVELiAgVGhlIHR5cGUgb2YgdGhlIHRva2VuIGlzc3VlZCBhcyBkZXNj cmliZWQgaW4KICAgICAgICAgU2VjdGlvbiA3LjEuICBWYWx1ZSBpcyBjYXNlIGluc2Vuc2l0aXZl LgogICBleHBpcmVzX2luCiAgICAgICAgIFJFQ09NTUVOREVELiAgVGhlIGxpZmV0aW1lIGluIHNl Y29uZHMgb2YgdGhlIGFjY2VzcyB0b2tlbi4gIEZvcgogICAgICAgICBleGFtcGxlLCB0aGUgdmFs dWUgIjM2MDAiIGRlbm90ZXMgdGhhdCB0aGUgYWNjZXNzIHRva2VuIHdpbGwKICAgICAgICAgZXhw aXJlIGluIG9uZSBob3VyIGZyb20gdGhlIHRpbWUgdGhlIHJlc3BvbnNlIHdhcyBnZW5lcmF0ZWQu CiAgICAgICAgIElmIG9taXR0ZWQsIHRoZSBhdXRob3JpemF0aW9uIHNlcnZlciBTSE9VTEQgcHJv dmlkZSB0aGUKICAgICAgICAgZXhwaXJhdGlvbiB0aW1lIHZpYSBvdGhlciBtZWFucyBvciBkb2N1 bWVudCB0aGUgZGVmYXVsdCB2YWx1ZS4KICAgc2NvcGUKICAgICAgICAgT1BUSU9OQUwsIGlmIGlk ZW50aWNhbCB0byB0aGUgc2NvcGUgcmVxdWVzdGVkIGJ5IHRoZSBjbGllbnQsCiAgICAgICAgIG90 aGVyd2lzZSBSRVFVSVJFRC4gIFRoZSBzY29wZSBvZiB0aGUgYWNjZXNzIHRva2VuIGFzIGRlc2Ny aWJlZAogICAgICAgICBieSBTZWN0aW9uIDMuMy4KCgoKCgoKSGFyZHQgJiBSZWNvcmRvbiAgICAg ICAgRXhwaXJlcyBKYW51YXJ5IDEwLCAyMDEzICAgICAgICAgICAgICAgW1BhZ2UgMzJdCgwKSW50 ZXJuZXQtRHJhZnQgICAgICAgICAgICAgICAgICBPQXV0aCAyLjAgICAgICAgICAgICAgICAgICAg ICAgSnVseSAyMDEyCgoKICAgc3RhdGUKICAgICAgICAgUkVRVUlSRUQgaWYgdGhlICJzdGF0ZSIg cGFyYW1ldGVyIHdhcyBwcmVzZW50IGluIHRoZSBjbGllbnQKICAgICAgICAgYXV0aG9yaXphdGlv biByZXF1ZXN0LiAgVGhlIGV4YWN0IHZhbHVlIHJlY2VpdmVkIGZyb20gdGhlCiAgICAgICAgIGNs aWVudC4KCiAgIFRoZSBhdXRob3JpemF0aW9uIHNlcnZlciBNVVNUIE5PVCBpc3N1ZSBhIHJlZnJl c2ggdG9rZW4uCgogICBGb3IgZXhhbXBsZSwgdGhlIGF1dGhvcml6YXRpb24gc2VydmVyIHJlZGly ZWN0cyB0aGUgdXNlci1hZ2VudCBieQogICBzZW5kaW5nIHRoZSBmb2xsb3dpbmcgSFRUUCByZXNw b25zZSAoVVJJIGV4dHJhIGxpbmUgYnJlYWtzIGFyZSBmb3IKICAgZGlzcGxheSBwdXJwb3NlcyBv bmx5KToKCiAgICAgSFRUUC8xLjEgMzAyIEZvdW5kCiAgICAgTG9jYXRpb246IGh0dHA6Ly9leGFt cGxlLmNvbS9jYiNhY2Nlc3NfdG9rZW49MllvdG5GWkZFanIxekNzaWNNV3BBQQogICAgICAgICAg ICAgICAmc3RhdGU9eHl6JnRva2VuX3R5cGU9ZXhhbXBsZSZleHBpcmVzX2luPTM2MDAKCiAgIERl dmVsb3BlcnMgc2hvdWxkIG5vdGUgdGhhdCBzb21lIHVzZXItYWdlbnRzIGRvIG5vdCBzdXBwb3J0 IHRoZQogICBpbmNsdXNpb24gb2YgYSBmcmFnbWVudCBjb21wb25lbnQgaW4gdGhlIEhUVFAgIkxv Y2F0aW9uIiByZXNwb25zZQogICBoZWFkZXIgZmllbGQuICBTdWNoIGNsaWVudHMgd2lsbCByZXF1 aXJlIHVzaW5nIG90aGVyIG1ldGhvZHMgZm9yCiAgIHJlZGlyZWN0aW5nIHRoZSBjbGllbnQgdGhh biBhIDN4eCByZWRpcmVjdGlvbiByZXNwb25zZS4gIEZvciBleGFtcGxlLAogICByZXR1cm5pbmcg YW4gSFRNTCBwYWdlIHdoaWNoIGluY2x1ZGVzIGEgJ2NvbnRpbnVlJyBidXR0b24gd2l0aCBhbgog ICBhY3Rpb24gbGlua2VkIHRvIHRoZSByZWRpcmVjdGlvbiBVUkkuCgogICBUaGUgY2xpZW50IE1V U1QgaWdub3JlIHVucmVjb2duaXplZCByZXNwb25zZSBwYXJhbWV0ZXJzLiAgVGhlIGFjY2Vzcwog ICB0b2tlbiBzdHJpbmcgc2l6ZSBpcyBsZWZ0IHVuZGVmaW5lZCBieSB0aGlzIHNwZWNpZmljYXRp b24uICBUaGUKICAgY2xpZW50IHNob3VsZCBhdm9pZCBtYWtpbmcgYXNzdW1wdGlvbnMgYWJvdXQg dmFsdWUgc2l6ZXMuICBUaGUKICAgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgU0hPVUxEIGRvY3VtZW50 IHRoZSBzaXplIG9mIGFueSB2YWx1ZSBpdCBpc3N1ZXMuCgo0LjIuMi4xLiAgRXJyb3IgUmVzcG9u c2UKCiAgIElmIHRoZSByZXF1ZXN0IGZhaWxzIGR1ZSB0byBhIG1pc3NpbmcsIGludmFsaWQsIG9y IG1pc21hdGNoaW5nCiAgIHJlZGlyZWN0aW9uIFVSSSwgb3IgaWYgdGhlIGNsaWVudCBpZGVudGlm aWVyIGlzIG1pc3Npbmcgb3IgaW52YWxpZCwKICAgdGhlIGF1dGhvcml6YXRpb24gc2VydmVyIFNI T1VMRCBpbmZvcm0gdGhlIHJlc291cmNlIG93bmVyIG9mIHRoZQogICBlcnJvciwgYW5kIE1VU1Qg Tk9UIGF1dG9tYXRpY2FsbHkgcmVkaXJlY3QgdGhlIHVzZXItYWdlbnQgdG8gdGhlCiAgIGludmFs aWQgcmVkaXJlY3Rpb24gVVJJLgoKICAgSWYgdGhlIHJlc291cmNlIG93bmVyIGRlbmllcyB0aGUg YWNjZXNzIHJlcXVlc3Qgb3IgaWYgdGhlIHJlcXVlc3QKICAgZmFpbHMgZm9yIHJlYXNvbnMgb3Ro ZXIgdGhhbiBhIG1pc3Npbmcgb3IgaW52YWxpZCByZWRpcmVjdGlvbiBVUkksCiAgIHRoZSBhdXRo b3JpemF0aW9uIHNlcnZlciBpbmZvcm1zIHRoZSBjbGllbnQgYnkgYWRkaW5nIHRoZSBmb2xsb3dp bmcKICAgcGFyYW1ldGVycyB0byB0aGUgZnJhZ21lbnQgY29tcG9uZW50IG9mIHRoZSByZWRpcmVj dGlvbiBVUkkgdXNpbmcgdGhlCiAgICJhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQi IGZvcm1hdDoKCiAgIGVycm9yCiAgICAgICAgIFJFUVVJUkVELiAgQSBzaW5nbGUgQVNDSUkgW1VT QVNDSUldIGVycm9yIGNvZGUgZnJvbSB0aGUKICAgICAgICAgZm9sbG93aW5nOgoKCgoKCgoKSGFy ZHQgJiBSZWNvcmRvbiAgICAgICAgRXhwaXJlcyBKYW51YXJ5IDEwLCAyMDEzICAgICAgICAgICAg ICAgW1BhZ2UgMzNdCgwKSW50ZXJuZXQtRHJhZnQgICAgICAgICAgICAgICAgICBPQXV0aCAyLjAg ICAgICAgICAgICAgICAgICAgICAgSnVseSAyMDEyCgoKICAgICAgICAgaW52YWxpZF9yZXF1ZXN0 CiAgICAgICAgICAgICAgIFRoZSByZXF1ZXN0IGlzIG1pc3NpbmcgYSByZXF1aXJlZCBwYXJhbWV0 ZXIsIGluY2x1ZGVzIGFuCiAgICAgICAgICAgICAgIGludmFsaWQgcGFyYW1ldGVyIHZhbHVlLCBp bmNsdWRlcyBhIHBhcmFtZXRlciBtb3JlIHRoYW4KICAgICAgICAgICAgICAgb25jZSwgb3IgaXMg b3RoZXJ3aXNlIG1hbGZvcm1lZC4KICAgICAgICAgdW5hdXRob3JpemVkX2NsaWVudAogICAgICAg ICAgICAgICBUaGUgY2xpZW50IGlzIG5vdCBhdXRob3JpemVkIHRvIHJlcXVlc3QgYW4gYWNjZXNz IHRva2VuCiAgICAgICAgICAgICAgIHVzaW5nIHRoaXMgbWV0aG9kLgogICAgICAgICBhY2Nlc3Nf ZGVuaWVkCiAgICAgICAgICAgICAgIFRoZSByZXNvdXJjZSBvd25lciBvciBhdXRob3JpemF0aW9u IHNlcnZlciBkZW5pZWQgdGhlCiAgICAgICAgICAgICAgIHJlcXVlc3QuCiAgICAgICAgIHVuc3Vw cG9ydGVkX3Jlc3BvbnNlX3R5cGUKICAgICAgICAgICAgICAgVGhlIGF1dGhvcml6YXRpb24gc2Vy dmVyIGRvZXMgbm90IHN1cHBvcnQgb2J0YWluaW5nIGFuCiAgICAgICAgICAgICAgIGFjY2VzcyB0 b2tlbiB1c2luZyB0aGlzIG1ldGhvZC4KICAgICAgICAgaW52YWxpZF9zY29wZQogICAgICAgICAg ICAgICBUaGUgcmVxdWVzdGVkIHNjb3BlIGlzIGludmFsaWQsIHVua25vd24sIG9yIG1hbGZvcm1l ZC4KICAgICAgICAgc2VydmVyX2Vycm9yCiAgICAgICAgICAgICAgIFRoZSBhdXRob3JpemF0aW9u IHNlcnZlciBlbmNvdW50ZXJlZCBhbiB1bmV4cGVjdGVkCiAgICAgICAgICAgICAgIGNvbmRpdGlv biB3aGljaCBwcmV2ZW50ZWQgaXQgZnJvbSBmdWxmaWxsaW5nIHRoZSByZXF1ZXN0LgogICAgICAg ICB0ZW1wb3JhcmlseV91bmF2YWlsYWJsZQogICAgICAgICAgICAgICBUaGUgYXV0aG9yaXphdGlv biBzZXJ2ZXIgaXMgY3VycmVudGx5IHVuYWJsZSB0byBoYW5kbGUKICAgICAgICAgICAgICAgdGhl IHJlcXVlc3QgZHVlIHRvIGEgdGVtcG9yYXJ5IG92ZXJsb2FkaW5nIG9yIG1haW50ZW5hbmNlCiAg ICAgICAgICAgICAgIG9mIHRoZSBzZXJ2ZXIuCiAgICAgICAgIFZhbHVlcyBmb3IgdGhlICJlcnJv ciIgcGFyYW1ldGVyIE1VU1QgTk9UIGluY2x1ZGUgY2hhcmFjdGVycwogICAgICAgICBvdXRzaWRl IHRoZSBzZXQgJXgyMC0yMSAvICV4MjMtNUIgLyAleDVELTdFLgogICBlcnJvcl9kZXNjcmlwdGlv bgogICAgICAgICBPUFRJT05BTC4gIEEgaHVtYW4tcmVhZGFibGUgQVNDSUkgW1VTQVNDSUldIHRl eHQgcHJvdmlkaW5nCiAgICAgICAgIGFkZGl0aW9uYWwgaW5mb3JtYXRpb24sIHVzZWQgdG8gYXNz aXN0IHRoZSBjbGllbnQgZGV2ZWxvcGVyIGluCiAgICAgICAgIHVuZGVyc3RhbmRpbmcgdGhlIGVy cm9yIHRoYXQgb2NjdXJyZWQuCiAgICAgICAgIFZhbHVlcyBmb3IgdGhlICJlcnJvcl9kZXNjcmlw dGlvbiIgcGFyYW1ldGVyIE1VU1QgTk9UIGluY2x1ZGUKICAgICAgICAgY2hhcmFjdGVycyBvdXRz aWRlIHRoZSBzZXQgJXgyMC0yMSAvICV4MjMtNUIgLyAleDVELTdFLgogICBlcnJvcl91cmkKICAg ICAgICAgT1BUSU9OQUwuICBBIFVSSSBpZGVudGlmeWluZyBhIGh1bWFuLXJlYWRhYmxlIHdlYiBw YWdlIHdpdGgKICAgICAgICAgaW5mb3JtYXRpb24gYWJvdXQgdGhlIGVycm9yLCB1c2VkIHRvIHBy b3ZpZGUgdGhlIGNsaWVudAogICAgICAgICBkZXZlbG9wZXIgd2l0aCBhZGRpdGlvbmFsIGluZm9y bWF0aW9uIGFib3V0IHRoZSBlcnJvci4KICAgICAgICAgVmFsdWVzIGZvciB0aGUgImVycm9yX3Vy aSIgcGFyYW1ldGVyIE1VU1QgY29uZm9ybSB0byB0aGUgVVJJLQogICAgICAgICBSZWZlcmVuY2Ug c3ludGF4LCBhbmQgdGh1cyBNVVNUIE5PVCBpbmNsdWRlIGNoYXJhY3RlcnMgb3V0c2lkZQogICAg ICAgICB0aGUgc2V0ICV4MjEgLyAleDIzLTVCIC8gJXg1RC03RS4KICAgc3RhdGUKICAgICAgICAg UkVRVUlSRUQgaWYgYSAic3RhdGUiIHBhcmFtZXRlciB3YXMgcHJlc2VudCBpbiB0aGUgY2xpZW50 CiAgICAgICAgIGF1dGhvcml6YXRpb24gcmVxdWVzdC4gIFRoZSBleGFjdCB2YWx1ZSByZWNlaXZl ZCBmcm9tIHRoZQogICAgICAgICBjbGllbnQuCgogICBGb3IgZXhhbXBsZSwgdGhlIGF1dGhvcml6 YXRpb24gc2VydmVyIHJlZGlyZWN0cyB0aGUgdXNlci1hZ2VudCBieQogICBzZW5kaW5nIHRoZSBm b2xsb3dpbmcgSFRUUCByZXNwb25zZToKCiAgIEhUVFAvMS4xIDMwMiBGb3VuZAogICBMb2NhdGlv bjogaHR0cHM6Ly9jbGllbnQuZXhhbXBsZS5jb20vY2IjZXJyb3I9YWNjZXNzX2RlbmllZCZzdGF0 ZT14eXoKCgoKCkhhcmR0ICYgUmVjb3Jkb24gICAgICAgIEV4cGlyZXMgSmFudWFyeSAxMCwgMjAx MyAgICAgICAgICAgICAgIFtQYWdlIDM0XQoMCkludGVybmV0LURyYWZ0ICAgICAgICAgICAgICAg ICAgT0F1dGggMi4wICAgICAgICAgICAgICAgICAgICAgIEp1bHkgMjAxMgoKCjQuMy4gIFJlc291 cmNlIE93bmVyIFBhc3N3b3JkIENyZWRlbnRpYWxzIEdyYW50CgogICBUaGUgcmVzb3VyY2Ugb3du ZXIgcGFzc3dvcmQgY3JlZGVudGlhbHMgZ3JhbnQgdHlwZSBpcyBzdWl0YWJsZSBpbgogICBjYXNl cyB3aGVyZSB0aGUgcmVzb3VyY2Ugb3duZXIgaGFzIGEgdHJ1c3QgcmVsYXRpb25zaGlwIHdpdGgg dGhlCiAgIGNsaWVudCwgc3VjaCBhcyB0aGUgZGV2aWNlIG9wZXJhdGluZyBzeXN0ZW0gb3IgYSBo aWdobHkgcHJpdmlsZWdlZAogICBhcHBsaWNhdGlvbi4gIFRoZSBhdXRob3JpemF0aW9uIHNlcnZl ciBzaG91bGQgdGFrZSBzcGVjaWFsIGNhcmUgd2hlbgogICBlbmFibGluZyB0aGlzIGdyYW50IHR5 cGUsIGFuZCBvbmx5IGFsbG93IGl0IHdoZW4gb3RoZXIgZmxvd3MgYXJlIG5vdAogICB2aWFibGUu CgogICBUaGUgZ3JhbnQgdHlwZSBpcyBzdWl0YWJsZSBmb3IgY2xpZW50cyBjYXBhYmxlIG9mIG9i dGFpbmluZyB0aGUKICAgcmVzb3VyY2Ugb3duZXIncyBjcmVkZW50aWFscyAodXNlcm5hbWUgYW5k IHBhc3N3b3JkLCB0eXBpY2FsbHkgdXNpbmcKICAgYW4gaW50ZXJhY3RpdmUgZm9ybSkuICBJdCBp cyBhbHNvIHVzZWQgdG8gbWlncmF0ZSBleGlzdGluZyBjbGllbnRzCiAgIHVzaW5nIGRpcmVjdCBh dXRoZW50aWNhdGlvbiBzY2hlbWVzIHN1Y2ggYXMgSFRUUCBCYXNpYyBvciBEaWdlc3QKICAgYXV0 aGVudGljYXRpb24gdG8gT0F1dGggYnkgY29udmVydGluZyB0aGUgc3RvcmVkIGNyZWRlbnRpYWxz IHRvIGFuCiAgIGFjY2VzcyB0b2tlbi4KCiAgICAgKy0tLS0tLS0tLS0rCiAgICAgfCBSZXNvdXJj ZSB8CiAgICAgfCAgT3duZXIgICB8CiAgICAgfCAgICAgICAgICB8CiAgICAgKy0tLS0tLS0tLS0r CiAgICAgICAgICB2CiAgICAgICAgICB8ICAgIFJlc291cmNlIE93bmVyCiAgICAgICAgIChBKSBQ YXNzd29yZCBDcmVkZW50aWFscwogICAgICAgICAgfAogICAgICAgICAgdgogICAgICstLS0tLS0t LS0rICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICstLS0tLS0tLS0tLS0tLS0rCiAg ICAgfCAgICAgICAgIHw+LS0oQiktLS0tIFJlc291cmNlIE93bmVyIC0tLS0tLS0+fCAgICAgICAg ICAgICAgIHwKICAgICB8ICAgICAgICAgfCAgICAgICAgIFBhc3N3b3JkIENyZWRlbnRpYWxzICAg ICB8IEF1dGhvcml6YXRpb24gfAogICAgIHwgQ2xpZW50ICB8ICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgIHwgICAgIFNlcnZlciAgICB8CiAgICAgfCAgICAgICAgIHw8LS0oQyktLS0t IEFjY2VzcyBUb2tlbiAtLS0tLS0tLS08fCAgICAgICAgICAgICAgIHwKICAgICB8ICAgICAgICAg fCAgICAody8gT3B0aW9uYWwgUmVmcmVzaCBUb2tlbikgICB8ICAgICAgICAgICAgICAgfAogICAg ICstLS0tLS0tLS0rICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICstLS0tLS0tLS0t LS0tLS0rCgogICAgICAgICAgICBGaWd1cmUgNTogUmVzb3VyY2UgT3duZXIgUGFzc3dvcmQgQ3Jl ZGVudGlhbHMgRmxvdwoKICAgVGhlIGZsb3cgaWxsdXN0cmF0ZWQgaW4gRmlndXJlIDUgaW5jbHVk ZXMgdGhlIGZvbGxvd2luZyBzdGVwczoKCiAgIChBKSAgVGhlIHJlc291cmNlIG93bmVyIHByb3Zp ZGVzIHRoZSBjbGllbnQgd2l0aCBpdHMgdXNlcm5hbWUgYW5kCiAgICAgICAgcGFzc3dvcmQuCiAg IChCKSAgVGhlIGNsaWVudCByZXF1ZXN0cyBhbiBhY2Nlc3MgdG9rZW4gZnJvbSB0aGUgYXV0aG9y aXphdGlvbgogICAgICAgIHNlcnZlcidzIHRva2VuIGVuZHBvaW50IGJ5IGluY2x1ZGluZyB0aGUg Y3JlZGVudGlhbHMgcmVjZWl2ZWQKICAgICAgICBmcm9tIHRoZSByZXNvdXJjZSBvd25lci4gIFdo ZW4gbWFraW5nIHRoZSByZXF1ZXN0LCB0aGUgY2xpZW50CiAgICAgICAgYXV0aGVudGljYXRlcyB3 aXRoIHRoZSBhdXRob3JpemF0aW9uIHNlcnZlci4KCgoKCgoKCkhhcmR0ICYgUmVjb3Jkb24gICAg ICAgIEV4cGlyZXMgSmFudWFyeSAxMCwgMjAxMyAgICAgICAgICAgICAgIFtQYWdlIDM1XQoMCklu dGVybmV0LURyYWZ0ICAgICAgICAgICAgICAgICAgT0F1dGggMi4wICAgICAgICAgICAgICAgICAg ICAgIEp1bHkgMjAxMgoKCiAgIChDKSAgVGhlIGF1dGhvcml6YXRpb24gc2VydmVyIGF1dGhlbnRp Y2F0ZXMgdGhlIGNsaWVudCBhbmQgdmFsaWRhdGVzCiAgICAgICAgdGhlIHJlc291cmNlIG93bmVy IGNyZWRlbnRpYWxzLCBhbmQgaWYgdmFsaWQgaXNzdWVzIGFuIGFjY2VzcwogICAgICAgIHRva2Vu LgoKNC4zLjEuICBBdXRob3JpemF0aW9uIFJlcXVlc3QgYW5kIFJlc3BvbnNlCgogICBUaGUgbWV0 aG9kIHRocm91Z2ggd2hpY2ggdGhlIGNsaWVudCBvYnRhaW5zIHRoZSByZXNvdXJjZSBvd25lcgog ICBjcmVkZW50aWFscyBpcyBiZXlvbmQgdGhlIHNjb3BlIG9mIHRoaXMgc3BlY2lmaWNhdGlvbi4g IFRoZSBjbGllbnQKICAgTVVTVCBkaXNjYXJkIHRoZSBjcmVkZW50aWFscyBvbmNlIGFuIGFjY2Vz cyB0b2tlbiBoYXMgYmVlbiBvYnRhaW5lZC4KCjQuMy4yLiAgQWNjZXNzIFRva2VuIFJlcXVlc3QK CiAgIFRoZSBjbGllbnQgbWFrZXMgYSByZXF1ZXN0IHRvIHRoZSB0b2tlbiBlbmRwb2ludCBieSBh ZGRpbmcgdGhlCiAgIGZvbGxvd2luZyBwYXJhbWV0ZXJzIHVzaW5nIHRoZSAiYXBwbGljYXRpb24v eC13d3ctZm9ybS11cmxlbmNvZGVkIgogICBmb3JtYXQgW1czQy5SRUMtaHRtbDQwMS0xOTk5MTIy NF0gYW5kIGEgY2hhcmFjdGVyIGVuY29kaW5nIG9mIFVURi04CiAgIGluIHRoZSBIVFRQIHJlcXVl c3QgZW50aXR5LWJvZHk6CgogICBncmFudF90eXBlCiAgICAgICAgIFJFUVVJUkVELiAgVmFsdWUg TVVTVCBiZSBzZXQgdG8gInBhc3N3b3JkIi4KICAgdXNlcm5hbWUKICAgICAgICAgUkVRVUlSRUQu ICBUaGUgcmVzb3VyY2Ugb3duZXIgdXNlcm5hbWUuCiAgIHBhc3N3b3JkCiAgICAgICAgIFJFUVVJ UkVELiAgVGhlIHJlc291cmNlIG93bmVyIHBhc3N3b3JkLgogICBzY29wZQogICAgICAgICBPUFRJ T05BTC4gIFRoZSBzY29wZSBvZiB0aGUgYWNjZXNzIHJlcXVlc3QgYXMgZGVzY3JpYmVkIGJ5CiAg ICAgICAgIFNlY3Rpb24gMy4zLgoKICAgSWYgdGhlIGNsaWVudCB0eXBlIGlzIGNvbmZpZGVudGlh bCBvciB0aGUgY2xpZW50IHdhcyBpc3N1ZWQgY2xpZW50CiAgIGNyZWRlbnRpYWxzIChvciBhc3Np Z25lZCBvdGhlciBhdXRoZW50aWNhdGlvbiByZXF1aXJlbWVudHMpLCB0aGUKICAgY2xpZW50IE1V U1QgYXV0aGVudGljYXRlIHdpdGggdGhlIGF1dGhvcml6YXRpb24gc2VydmVyIGFzIGRlc2NyaWJl ZAogICBpbiBTZWN0aW9uIDMuMi4xLgoKICAgRm9yIGV4YW1wbGUsIHRoZSBjbGllbnQgbWFrZXMg dGhlIGZvbGxvd2luZyBIVFRQIHJlcXVlc3QgdXNpbmcKICAgdHJhbnNwb3J0LWxheWVyIHNlY3Vy aXR5IChleHRyYSBsaW5lIGJyZWFrcyBhcmUgZm9yIGRpc3BsYXkgcHVycG9zZXMKICAgb25seSk6 CgogICAgIFBPU1QgL3Rva2VuIEhUVFAvMS4xCiAgICAgSG9zdDogc2VydmVyLmV4YW1wbGUuY29t CiAgICAgQXV0aG9yaXphdGlvbjogQmFzaWMgY3paQ2FHUlNhM0YwTXpwbldERm1RbUYwTTJKVwog ICAgIENvbnRlbnQtVHlwZTogYXBwbGljYXRpb24veC13d3ctZm9ybS11cmxlbmNvZGVkCgogICAg IGdyYW50X3R5cGU9cGFzc3dvcmQmdXNlcm5hbWU9am9obmRvZSZwYXNzd29yZD1BM2RkajN3Cgog ICBUaGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgTVVTVDoKCiAgIG8gIHJlcXVpcmUgY2xpZW50IGF1 dGhlbnRpY2F0aW9uIGZvciBjb25maWRlbnRpYWwgY2xpZW50cyBvciBmb3IgYW55CiAgICAgIGNs aWVudCB0aGF0IHdhcyBpc3N1ZWQgY2xpZW50IGNyZWRlbnRpYWxzIChvciB3aXRoIG90aGVyCiAg ICAgIGF1dGhlbnRpY2F0aW9uIHJlcXVpcmVtZW50cyksCgoKCkhhcmR0ICYgUmVjb3Jkb24gICAg ICAgIEV4cGlyZXMgSmFudWFyeSAxMCwgMjAxMyAgICAgICAgICAgICAgIFtQYWdlIDM2XQoMCklu dGVybmV0LURyYWZ0ICAgICAgICAgICAgICAgICAgT0F1dGggMi4wICAgICAgICAgICAgICAgICAg ICAgIEp1bHkgMjAxMgoKCiAgIG8gIGF1dGhlbnRpY2F0ZSB0aGUgY2xpZW50IGlmIGNsaWVudCBh dXRoZW50aWNhdGlvbiBpcyBpbmNsdWRlZCwgYW5kCiAgIG8gIHZhbGlkYXRlIHRoZSByZXNvdXJj ZSBvd25lciBwYXNzd29yZCBjcmVkZW50aWFscyB1c2luZyBpdHMKICAgICAgZXhpc3RpbmcgcGFz c3dvcmQgdmFsaWRhdGlvbiBhbGdvcml0aG0uCgogICBTaW5jZSB0aGlzIGFjY2VzcyB0b2tlbiBy ZXF1ZXN0IHV0aWxpemVzIHRoZSByZXNvdXJjZSBvd25lcidzCiAgIHBhc3N3b3JkLCB0aGUgYXV0 aG9yaXphdGlvbiBzZXJ2ZXIgTVVTVCBwcm90ZWN0IHRoZSBlbmRwb2ludCBhZ2FpbnN0CiAgIGJy dXRlIGZvcmNlIGF0dGFja3MgKGUuZy4gdXNpbmcgcmF0ZS1saW1pdGF0aW9uIG9yIGdlbmVyYXRp bmcKICAgYWxlcnRzKS4KCjQuMy4zLiAgQWNjZXNzIFRva2VuIFJlc3BvbnNlCgogICBJZiB0aGUg YWNjZXNzIHRva2VuIHJlcXVlc3QgaXMgdmFsaWQgYW5kIGF1dGhvcml6ZWQsIHRoZQogICBhdXRo b3JpemF0aW9uIHNlcnZlciBpc3N1ZXMgYW4gYWNjZXNzIHRva2VuIGFuZCBvcHRpb25hbCByZWZy ZXNoCiAgIHRva2VuIGFzIGRlc2NyaWJlZCBpbiBTZWN0aW9uIDUuMS4gIElmIHRoZSByZXF1ZXN0 IGZhaWxlZCBjbGllbnQKICAgYXV0aGVudGljYXRpb24gb3IgaXMgaW52YWxpZCwgdGhlIGF1dGhv cml6YXRpb24gc2VydmVyIHJldHVybnMgYW4KICAgZXJyb3IgcmVzcG9uc2UgYXMgZGVzY3JpYmVk IGluIFNlY3Rpb24gNS4yLgoKICAgQW4gZXhhbXBsZSBzdWNjZXNzZnVsIHJlc3BvbnNlOgoKICAg ICBIVFRQLzEuMSAyMDAgT0sKICAgICBDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL2pzb247Y2hh cnNldD1VVEYtOAogICAgIENhY2hlLUNvbnRyb2w6IG5vLXN0b3JlCiAgICAgUHJhZ21hOiBuby1j YWNoZQoKICAgICB7CiAgICAgICAiYWNjZXNzX3Rva2VuIjoiMllvdG5GWkZFanIxekNzaWNNV3BB QSIsCiAgICAgICAidG9rZW5fdHlwZSI6ImV4YW1wbGUiLAogICAgICAgImV4cGlyZXNfaW4iOjM2 MDAsCiAgICAgICAicmVmcmVzaF90b2tlbiI6InRHenYzSk9rRjBYRzVReDJUbEtXSUEiLAogICAg ICAgImV4YW1wbGVfcGFyYW1ldGVyIjoiZXhhbXBsZV92YWx1ZSIKICAgICB9Cgo0LjQuICBDbGll bnQgQ3JlZGVudGlhbHMgR3JhbnQKCiAgIFRoZSBjbGllbnQgY2FuIHJlcXVlc3QgYW4gYWNjZXNz IHRva2VuIHVzaW5nIG9ubHkgaXRzIGNsaWVudAogICBjcmVkZW50aWFscyAob3Igb3RoZXIgc3Vw cG9ydGVkIG1lYW5zIG9mIGF1dGhlbnRpY2F0aW9uKSB3aGVuIHRoZQogICBjbGllbnQgaXMgcmVx dWVzdGluZyBhY2Nlc3MgdG8gdGhlIHByb3RlY3RlZCByZXNvdXJjZXMgdW5kZXIgaXRzCiAgIGNv bnRyb2wsIG9yIHRob3NlIG9mIGFub3RoZXIgcmVzb3VyY2Ugb3duZXIgd2hpY2ggaGFzIGJlZW4g cHJldmlvdXNseQogICBhcnJhbmdlZCB3aXRoIHRoZSBhdXRob3JpemF0aW9uIHNlcnZlciAodGhl IG1ldGhvZCBvZiB3aGljaCBpcyBiZXlvbmQKICAgdGhlIHNjb3BlIG9mIHRoaXMgc3BlY2lmaWNh dGlvbikuCgogICBUaGUgY2xpZW50IGNyZWRlbnRpYWxzIGdyYW50IHR5cGUgTVVTVCBvbmx5IGJl IHVzZWQgYnkgY29uZmlkZW50aWFsCiAgIGNsaWVudHMuCgoKCgoKCgoKSGFyZHQgJiBSZWNvcmRv biAgICAgICAgRXhwaXJlcyBKYW51YXJ5IDEwLCAyMDEzICAgICAgICAgICAgICAgW1BhZ2UgMzdd CgwKSW50ZXJuZXQtRHJhZnQgICAgICAgICAgICAgICAgICBPQXV0aCAyLjAgICAgICAgICAgICAg ICAgICAgICAgSnVseSAyMDEyCgoKICAgICArLS0tLS0tLS0tKyAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICArLS0tLS0tLS0tLS0tLS0tKwogICAgIHwgICAgICAgICB8ICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgIHwgICAgICAgICAgICAgICB8CiAgICAgfCAgICAgICAg IHw+LS0oQSktIENsaWVudCBBdXRoZW50aWNhdGlvbiAtLS0+fCBBdXRob3JpemF0aW9uIHwKICAg ICB8IENsaWVudCAgfCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICB8ICAgICBTZXJ2 ZXIgICAgfAogICAgIHwgICAgICAgICB8PC0tKEIpLS0tLSBBY2Nlc3MgVG9rZW4gLS0tLS0tLS0t PHwgICAgICAgICAgICAgICB8CiAgICAgfCAgICAgICAgIHwgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgfCAgICAgICAgICAgICAgIHwKICAgICArLS0tLS0tLS0tKyAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICArLS0tLS0tLS0tLS0tLS0tKwoKICAgICAgICAgICAgICAg ICAgICAgRmlndXJlIDY6IENsaWVudCBDcmVkZW50aWFscyBGbG93CgogICBUaGUgZmxvdyBpbGx1 c3RyYXRlZCBpbiBGaWd1cmUgNiBpbmNsdWRlcyB0aGUgZm9sbG93aW5nIHN0ZXBzOgoKICAgKEEp ICBUaGUgY2xpZW50IGF1dGhlbnRpY2F0ZXMgd2l0aCB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIg YW5kCiAgICAgICAgcmVxdWVzdHMgYW4gYWNjZXNzIHRva2VuIGZyb20gdGhlIHRva2VuIGVuZHBv aW50LgogICAoQikgIFRoZSBhdXRob3JpemF0aW9uIHNlcnZlciBhdXRoZW50aWNhdGVzIHRoZSBj bGllbnQsIGFuZCBpZiB2YWxpZAogICAgICAgIGlzc3VlcyBhbiBhY2Nlc3MgdG9rZW4uCgo0LjQu MS4gIEF1dGhvcml6YXRpb24gUmVxdWVzdCBhbmQgUmVzcG9uc2UKCiAgIFNpbmNlIHRoZSBjbGll bnQgYXV0aGVudGljYXRpb24gaXMgdXNlZCBhcyB0aGUgYXV0aG9yaXphdGlvbiBncmFudCwKICAg bm8gYWRkaXRpb25hbCBhdXRob3JpemF0aW9uIHJlcXVlc3QgaXMgbmVlZGVkLgoKNC40LjIuICBB Y2Nlc3MgVG9rZW4gUmVxdWVzdAoKICAgVGhlIGNsaWVudCBtYWtlcyBhIHJlcXVlc3QgdG8gdGhl IHRva2VuIGVuZHBvaW50IGJ5IGFkZGluZyB0aGUKICAgZm9sbG93aW5nIHBhcmFtZXRlcnMgdXNp bmcgdGhlICJhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQiCiAgIGZvcm1hdCBbVzND LlJFQy1odG1sNDAxLTE5OTkxMjI0XSBhbmQgYSBjaGFyYWN0ZXIgZW5jb2Rpbmcgb2YgVVRGLTgK ICAgaW4gdGhlIEhUVFAgcmVxdWVzdCBlbnRpdHktYm9keToKCiAgIGdyYW50X3R5cGUKICAgICAg ICAgUkVRVUlSRUQuICBWYWx1ZSBNVVNUIGJlIHNldCB0byAiY2xpZW50X2NyZWRlbnRpYWxzIi4K ICAgc2NvcGUKICAgICAgICAgT1BUSU9OQUwuICBUaGUgc2NvcGUgb2YgdGhlIGFjY2VzcyByZXF1 ZXN0IGFzIGRlc2NyaWJlZCBieQogICAgICAgICBTZWN0aW9uIDMuMy4KCiAgIFRoZSBjbGllbnQg TVVTVCBhdXRoZW50aWNhdGUgd2l0aCB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgYXMKICAgZGVz Y3JpYmVkIGluIFNlY3Rpb24gMy4yLjEuCgogICBGb3IgZXhhbXBsZSwgdGhlIGNsaWVudCBtYWtl cyB0aGUgZm9sbG93aW5nIEhUVFAgcmVxdWVzdCB1c2luZwogICB0cmFuc3BvcnQtbGF5ZXIgc2Vj dXJpdHkgKGV4dHJhIGxpbmUgYnJlYWtzIGFyZSBmb3IgZGlzcGxheSBwdXJwb3NlcwogICBvbmx5 KToKCiAgICAgUE9TVCAvdG9rZW4gSFRUUC8xLjEKICAgICBIb3N0OiBzZXJ2ZXIuZXhhbXBsZS5j b20KICAgICBBdXRob3JpemF0aW9uOiBCYXNpYyBjelpDYUdSU2EzRjBNenBuV0RGbVFtRjBNMkpX CiAgICAgQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQKCiAg ICAgZ3JhbnRfdHlwZT1jbGllbnRfY3JlZGVudGlhbHMKCgoKSGFyZHQgJiBSZWNvcmRvbiAgICAg ICAgRXhwaXJlcyBKYW51YXJ5IDEwLCAyMDEzICAgICAgICAgICAgICAgW1BhZ2UgMzhdCgwKSW50 ZXJuZXQtRHJhZnQgICAgICAgICAgICAgICAgICBPQXV0aCAyLjAgICAgICAgICAgICAgICAgICAg ICAgSnVseSAyMDEyCgoKICAgVGhlIGF1dGhvcml6YXRpb24gc2VydmVyIE1VU1QgYXV0aGVudGlj YXRlIHRoZSBjbGllbnQuCgo0LjQuMy4gIEFjY2VzcyBUb2tlbiBSZXNwb25zZQoKICAgSWYgdGhl IGFjY2VzcyB0b2tlbiByZXF1ZXN0IGlzIHZhbGlkIGFuZCBhdXRob3JpemVkLCB0aGUKICAgYXV0 aG9yaXphdGlvbiBzZXJ2ZXIgaXNzdWVzIGFuIGFjY2VzcyB0b2tlbiBhcyBkZXNjcmliZWQgaW4K ICAgU2VjdGlvbiA1LjEuICBBIHJlZnJlc2ggdG9rZW4gU0hPVUxEIE5PVCBiZSBpbmNsdWRlZC4g IElmIHRoZSByZXF1ZXN0CiAgIGZhaWxlZCBjbGllbnQgYXV0aGVudGljYXRpb24gb3IgaXMgaW52 YWxpZCwgdGhlIGF1dGhvcml6YXRpb24gc2VydmVyCiAgIHJldHVybnMgYW4gZXJyb3IgcmVzcG9u c2UgYXMgZGVzY3JpYmVkIGluIFNlY3Rpb24gNS4yLgoKICAgQW4gZXhhbXBsZSBzdWNjZXNzZnVs IHJlc3BvbnNlOgoKICAgICBIVFRQLzEuMSAyMDAgT0sKICAgICBDb250ZW50LVR5cGU6IGFwcGxp Y2F0aW9uL2pzb247Y2hhcnNldD1VVEYtOAogICAgIENhY2hlLUNvbnRyb2w6IG5vLXN0b3JlCiAg ICAgUHJhZ21hOiBuby1jYWNoZQoKICAgICB7CiAgICAgICAiYWNjZXNzX3Rva2VuIjoiMllvdG5G WkZFanIxekNzaWNNV3BBQSIsCiAgICAgICAidG9rZW5fdHlwZSI6ImV4YW1wbGUiLAogICAgICAg ImV4cGlyZXNfaW4iOjM2MDAsCiAgICAgICAiZXhhbXBsZV9wYXJhbWV0ZXIiOiJleGFtcGxlX3Zh bHVlIgogICAgIH0KCjQuNS4gIEV4dGVuc2lvbiBHcmFudHMKCiAgIFRoZSBjbGllbnQgdXNlcyBh biBleHRlbnNpb24gZ3JhbnQgdHlwZSBieSBzcGVjaWZ5aW5nIHRoZSBncmFudCB0eXBlCiAgIHVz aW5nIGFuIGFic29sdXRlIFVSSSAoZGVmaW5lZCBieSB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIp IGFzIHRoZQogICB2YWx1ZSBvZiB0aGUgImdyYW50X3R5cGUiIHBhcmFtZXRlciBvZiB0aGUgdG9r ZW4gZW5kcG9pbnQsIGFuZCBieQogICBhZGRpbmcgYW55IGFkZGl0aW9uYWwgcGFyYW1ldGVycyBu ZWNlc3NhcnkuCgogICBGb3IgZXhhbXBsZSwgdG8gcmVxdWVzdCBhbiBhY2Nlc3MgdG9rZW4gdXNp bmcgYSBTQU1MIDIuMCBhc3NlcnRpb24KICAgZ3JhbnQgdHlwZSBhcyBkZWZpbmVkIGJ5IFtJLUQu aWV0Zi1vYXV0aC1zYW1sMi1iZWFyZXJdLCB0aGUgY2xpZW50CiAgIGNvdWxkIG1ha2UgdGhlIGZv bGxvd2luZyBIVFRQIHJlcXVlc3QgdXNpbmcgVExTIChsaW5lIGJyZWFrcyBhcmUgZm9yCiAgIGRp c3BsYXkgcHVycG9zZXMgb25seSk6CgogICAgIFBPU1QgL3Rva2VuIEhUVFAvMS4xCiAgICAgSG9z dDogc2VydmVyLmV4YW1wbGUuY29tCiAgICAgQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LXd3 dy1mb3JtLXVybGVuY29kZWQKCiAgICAgZ3JhbnRfdHlwZT11cm4lM0FpZXRmJTNBcGFyYW1zJTNB b2F1dGglM0FncmFudC10eXBlJTNBc2FtbDItCiAgICAgYmVhcmVyJmFzc2VydGlvbj1QRUZ6YzJW eWRHbHZiaUJKYzNOMVpVbHVjM1JoYm5ROUlqSXdNVEV0TURVCiAgICAgWy4uLm9taXR0ZWQgZm9y IGJyZXZpdHkuLi5dYUc1VGRHRjBaVzFsYm5RLVBDOUJjM05sY25ScGIyNC0KCiAgIElmIHRoZSBh Y2Nlc3MgdG9rZW4gcmVxdWVzdCBpcyB2YWxpZCBhbmQgYXV0aG9yaXplZCwgdGhlCiAgIGF1dGhv cml6YXRpb24gc2VydmVyIGlzc3VlcyBhbiBhY2Nlc3MgdG9rZW4gYW5kIG9wdGlvbmFsIHJlZnJl c2gKICAgdG9rZW4gYXMgZGVzY3JpYmVkIGluIFNlY3Rpb24gNS4xLiAgSWYgdGhlIHJlcXVlc3Qg ZmFpbGVkIGNsaWVudAogICBhdXRoZW50aWNhdGlvbiBvciBpcyBpbnZhbGlkLCB0aGUgYXV0aG9y aXphdGlvbiBzZXJ2ZXIgcmV0dXJucyBhbgoKCgpIYXJkdCAmIFJlY29yZG9uICAgICAgICBFeHBp cmVzIEphbnVhcnkgMTAsIDIwMTMgICAgICAgICAgICAgICBbUGFnZSAzOV0KDApJbnRlcm5ldC1E cmFmdCAgICAgICAgICAgICAgICAgIE9BdXRoIDIuMCAgICAgICAgICAgICAgICAgICAgICBKdWx5 IDIwMTIKCgogICBlcnJvciByZXNwb25zZSBhcyBkZXNjcmliZWQgaW4gU2VjdGlvbiA1LjIuCgoK NS4gIElzc3VpbmcgYW4gQWNjZXNzIFRva2VuCgogICBJZiB0aGUgYWNjZXNzIHRva2VuIHJlcXVl c3QgaXMgdmFsaWQgYW5kIGF1dGhvcml6ZWQsIHRoZQogICBhdXRob3JpemF0aW9uIHNlcnZlciBp c3N1ZXMgYW4gYWNjZXNzIHRva2VuIGFuZCBvcHRpb25hbCByZWZyZXNoCiAgIHRva2VuIGFzIGRl c2NyaWJlZCBpbiBTZWN0aW9uIDUuMS4gIElmIHRoZSByZXF1ZXN0IGZhaWxlZCBjbGllbnQKICAg YXV0aGVudGljYXRpb24gb3IgaXMgaW52YWxpZCwgdGhlIGF1dGhvcml6YXRpb24gc2VydmVyIHJl dHVybnMgYW4KICAgZXJyb3IgcmVzcG9uc2UgYXMgZGVzY3JpYmVkIGluIFNlY3Rpb24gNS4yLgoK NS4xLiAgU3VjY2Vzc2Z1bCBSZXNwb25zZQoKICAgVGhlIGF1dGhvcml6YXRpb24gc2VydmVyIGlz c3VlcyBhbiBhY2Nlc3MgdG9rZW4gYW5kIG9wdGlvbmFsIHJlZnJlc2gKICAgdG9rZW4sIGFuZCBj b25zdHJ1Y3RzIHRoZSByZXNwb25zZSBieSBhZGRpbmcgdGhlIGZvbGxvd2luZyBwYXJhbWV0ZXJz CiAgIHRvIHRoZSBlbnRpdHkgYm9keSBvZiB0aGUgSFRUUCByZXNwb25zZSB3aXRoIGEgMjAwIChP Sykgc3RhdHVzIGNvZGU6CgogICBhY2Nlc3NfdG9rZW4KICAgICAgICAgUkVRVUlSRUQuICBUaGUg YWNjZXNzIHRva2VuIGlzc3VlZCBieSB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIuCiAgIHRva2Vu X3R5cGUKICAgICAgICAgUkVRVUlSRUQuICBUaGUgdHlwZSBvZiB0aGUgdG9rZW4gaXNzdWVkIGFz IGRlc2NyaWJlZCBpbgogICAgICAgICBTZWN0aW9uIDcuMS4gIFZhbHVlIGlzIGNhc2UgaW5zZW5z aXRpdmUuCiAgIGV4cGlyZXNfaW4KICAgICAgICAgUkVDT01NRU5ERUQuICBUaGUgbGlmZXRpbWUg aW4gc2Vjb25kcyBvZiB0aGUgYWNjZXNzIHRva2VuLiAgRm9yCiAgICAgICAgIGV4YW1wbGUsIHRo ZSB2YWx1ZSAiMzYwMCIgZGVub3RlcyB0aGF0IHRoZSBhY2Nlc3MgdG9rZW4gd2lsbAogICAgICAg ICBleHBpcmUgaW4gb25lIGhvdXIgZnJvbSB0aGUgdGltZSB0aGUgcmVzcG9uc2Ugd2FzIGdlbmVy YXRlZC4KICAgICAgICAgSWYgb21pdHRlZCwgdGhlIGF1dGhvcml6YXRpb24gc2VydmVyIFNIT1VM RCBwcm92aWRlIHRoZQogICAgICAgICBleHBpcmF0aW9uIHRpbWUgdmlhIG90aGVyIG1lYW5zIG9y IGRvY3VtZW50IHRoZSBkZWZhdWx0IHZhbHVlLgogICByZWZyZXNoX3Rva2VuCiAgICAgICAgIE9Q VElPTkFMLiAgVGhlIHJlZnJlc2ggdG9rZW4gd2hpY2ggY2FuIGJlIHVzZWQgdG8gb2J0YWluIG5l dwogICAgICAgICBhY2Nlc3MgdG9rZW5zIHVzaW5nIHRoZSBzYW1lIGF1dGhvcml6YXRpb24gZ3Jh bnQgYXMgZGVzY3JpYmVkCiAgICAgICAgIGluIFNlY3Rpb24gNi4KICAgc2NvcGUKICAgICAgICAg T1BUSU9OQUwsIGlmIGlkZW50aWNhbCB0byB0aGUgc2NvcGUgcmVxdWVzdGVkIGJ5IHRoZSBjbGll bnQsCiAgICAgICAgIG90aGVyd2lzZSBSRVFVSVJFRC4gIFRoZSBzY29wZSBvZiB0aGUgYWNjZXNz IHRva2VuIGFzIGRlc2NyaWJlZAogICAgICAgICBieSBTZWN0aW9uIDMuMy4KCiAgIFRoZSBwYXJh bWV0ZXJzIGFyZSBpbmNsdWRlZCBpbiB0aGUgZW50aXR5IGJvZHkgb2YgdGhlIEhUVFAgcmVzcG9u c2UKICAgdXNpbmcgdGhlICJhcHBsaWNhdGlvbi9qc29uIiBtZWRpYSB0eXBlIGFzIGRlZmluZWQg YnkgW1JGQzQ2MjddLiAgVGhlCiAgIHBhcmFtZXRlcnMgYXJlIHNlcmlhbGl6ZWQgaW50byBhIEpT T04gc3RydWN0dXJlIGJ5IGFkZGluZyBlYWNoCiAgIHBhcmFtZXRlciBhdCB0aGUgaGlnaGVzdCBz dHJ1Y3R1cmUgbGV2ZWwuICBQYXJhbWV0ZXIgbmFtZXMgYW5kIHN0cmluZwogICB2YWx1ZXMgYXJl IGluY2x1ZGVkIGFzIEpTT04gc3RyaW5ncy4gIE51bWVyaWNhbCB2YWx1ZXMgYXJlIGluY2x1ZGVk CiAgIGFzIEpTT04gbnVtYmVycy4gIFRoZSBvcmRlciBvZiBwYXJhbWV0ZXJzIGRvZXMgbm90IG1h dHRlciBhbmQgY2FuCiAgIHZhcnkuCgogICBUaGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgTVVTVCBp bmNsdWRlIHRoZSBIVFRQICJDYWNoZS1Db250cm9sIgogICByZXNwb25zZSBoZWFkZXIgZmllbGQg W1JGQzI2MTZdIHdpdGggYSB2YWx1ZSBvZiAibm8tc3RvcmUiIGluIGFueQogICByZXNwb25zZSBj b250YWluaW5nIHRva2VucywgY3JlZGVudGlhbHMsIG9yIG90aGVyIHNlbnNpdGl2ZQoKCgpIYXJk dCAmIFJlY29yZG9uICAgICAgICBFeHBpcmVzIEphbnVhcnkgMTAsIDIwMTMgICAgICAgICAgICAg ICBbUGFnZSA0MF0KDApJbnRlcm5ldC1EcmFmdCAgICAgICAgICAgICAgICAgIE9BdXRoIDIuMCAg ICAgICAgICAgICAgICAgICAgICBKdWx5IDIwMTIKCgogICBpbmZvcm1hdGlvbiwgYXMgd2VsbCBh cyB0aGUgIlByYWdtYSIgcmVzcG9uc2UgaGVhZGVyIGZpZWxkIFtSRkMyNjE2XQogICB3aXRoIGEg dmFsdWUgb2YgIm5vLWNhY2hlIi4KCiAgIEZvciBleGFtcGxlOgoKICAgICBIVFRQLzEuMSAyMDAg T0sKICAgICBDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL2pzb247Y2hhcnNldD1VVEYtOAogICAg IENhY2hlLUNvbnRyb2w6IG5vLXN0b3JlCiAgICAgUHJhZ21hOiBuby1jYWNoZQoKICAgICB7CiAg ICAgICAiYWNjZXNzX3Rva2VuIjoiMllvdG5GWkZFanIxekNzaWNNV3BBQSIsCiAgICAgICAidG9r ZW5fdHlwZSI6ImV4YW1wbGUiLAogICAgICAgImV4cGlyZXNfaW4iOjM2MDAsCiAgICAgICAicmVm cmVzaF90b2tlbiI6InRHenYzSk9rRjBYRzVReDJUbEtXSUEiLAogICAgICAgImV4YW1wbGVfcGFy YW1ldGVyIjoiZXhhbXBsZV92YWx1ZSIKICAgICB9CgogICBUaGUgY2xpZW50IE1VU1QgaWdub3Jl IHVucmVjb2duaXplZCB2YWx1ZSBuYW1lcyBpbiB0aGUgcmVzcG9uc2UuICBUaGUKICAgc2l6ZXMg b2YgdG9rZW5zIGFuZCBvdGhlciB2YWx1ZXMgcmVjZWl2ZWQgZnJvbSB0aGUgYXV0aG9yaXphdGlv bgogICBzZXJ2ZXIgYXJlIGxlZnQgdW5kZWZpbmVkLiAgVGhlIGNsaWVudCBzaG91bGQgYXZvaWQg bWFraW5nCiAgIGFzc3VtcHRpb25zIGFib3V0IHZhbHVlIHNpemVzLiAgVGhlIGF1dGhvcml6YXRp b24gc2VydmVyIFNIT1VMRAogICBkb2N1bWVudCB0aGUgc2l6ZSBvZiBhbnkgdmFsdWUgaXQgaXNz dWVzLgoKNS4yLiAgRXJyb3IgUmVzcG9uc2UKCiAgIFRoZSBhdXRob3JpemF0aW9uIHNlcnZlciBy ZXNwb25kcyB3aXRoIGFuIEhUVFAgNDAwIChCYWQgUmVxdWVzdCkKICAgc3RhdHVzIGNvZGUgKHVu bGVzcyBzcGVjaWZpZWQgb3RoZXJ3aXNlKSBhbmQgaW5jbHVkZXMgdGhlIGZvbGxvd2luZwogICBw YXJhbWV0ZXJzIHdpdGggdGhlIHJlc3BvbnNlOgoKICAgZXJyb3IKICAgICAgICAgUkVRVUlSRUQu ICBBIHNpbmdsZSBBU0NJSSBbVVNBU0NJSV0gZXJyb3IgY29kZSBmcm9tIHRoZQogICAgICAgICBm b2xsb3dpbmc6CiAgICAgICAgIGludmFsaWRfcmVxdWVzdAogICAgICAgICAgICAgICBUaGUgcmVx dWVzdCBpcyBtaXNzaW5nIGEgcmVxdWlyZWQgcGFyYW1ldGVyLCBpbmNsdWRlcyBhbgogICAgICAg ICAgICAgICB1bnN1cHBvcnRlZCBwYXJhbWV0ZXIgdmFsdWUgKG90aGVyIHRoYW4gZ3JhbnQgdHlw ZSksCiAgICAgICAgICAgICAgIHJlcGVhdHMgYSBwYXJhbWV0ZXIsIGluY2x1ZGVzIG11bHRpcGxl IGNyZWRlbnRpYWxzLAogICAgICAgICAgICAgICB1dGlsaXplcyBtb3JlIHRoYW4gb25lIG1lY2hh bmlzbSBmb3IgYXV0aGVudGljYXRpbmcgdGhlCiAgICAgICAgICAgICAgIGNsaWVudCwgb3IgaXMg b3RoZXJ3aXNlIG1hbGZvcm1lZC4KICAgICAgICAgaW52YWxpZF9jbGllbnQKICAgICAgICAgICAg ICAgQ2xpZW50IGF1dGhlbnRpY2F0aW9uIGZhaWxlZCAoZS5nLiB1bmtub3duIGNsaWVudCwgbm8K ICAgICAgICAgICAgICAgY2xpZW50IGF1dGhlbnRpY2F0aW9uIGluY2x1ZGVkLCBvciB1bnN1cHBv cnRlZAogICAgICAgICAgICAgICBhdXRoZW50aWNhdGlvbiBtZXRob2QpLiAgVGhlIGF1dGhvcml6 YXRpb24gc2VydmVyIE1BWQogICAgICAgICAgICAgICByZXR1cm4gYW4gSFRUUCA0MDEgKFVuYXV0 aG9yaXplZCkgc3RhdHVzIGNvZGUgdG8gaW5kaWNhdGUKICAgICAgICAgICAgICAgd2hpY2ggSFRU UCBhdXRoZW50aWNhdGlvbiBzY2hlbWVzIGFyZSBzdXBwb3J0ZWQuICBJZiB0aGUKICAgICAgICAg ICAgICAgY2xpZW50IGF0dGVtcHRlZCB0byBhdXRoZW50aWNhdGUgdmlhIHRoZSAiQXV0aG9yaXph dGlvbiIKICAgICAgICAgICAgICAgcmVxdWVzdCBoZWFkZXIgZmllbGQsIHRoZSBhdXRob3JpemF0 aW9uIHNlcnZlciBNVVNUCiAgICAgICAgICAgICAgIHJlc3BvbmQgd2l0aCBhbiBIVFRQIDQwMSAo VW5hdXRob3JpemVkKSBzdGF0dXMgY29kZSwgYW5kCgoKCkhhcmR0ICYgUmVjb3Jkb24gICAgICAg IEV4cGlyZXMgSmFudWFyeSAxMCwgMjAxMyAgICAgICAgICAgICAgIFtQYWdlIDQxXQoMCkludGVy bmV0LURyYWZ0ICAgICAgICAgICAgICAgICAgT0F1dGggMi4wICAgICAgICAgICAgICAgICAgICAg IEp1bHkgMjAxMgoKCiAgICAgICAgICAgICAgIGluY2x1ZGUgdGhlICJXV1ctQXV0aGVudGljYXRl IiByZXNwb25zZSBoZWFkZXIgZmllbGQKICAgICAgICAgICAgICAgbWF0Y2hpbmcgdGhlIGF1dGhl bnRpY2F0aW9uIHNjaGVtZSB1c2VkIGJ5IHRoZSBjbGllbnQuCiAgICAgICAgIGludmFsaWRfZ3Jh bnQKICAgICAgICAgICAgICAgVGhlIHByb3ZpZGVkIGF1dGhvcml6YXRpb24gZ3JhbnQgKGUuZy4g YXV0aG9yaXphdGlvbgogICAgICAgICAgICAgICBjb2RlLCByZXNvdXJjZSBvd25lciBjcmVkZW50 aWFscykgb3IgcmVmcmVzaCB0b2tlbiBpcwogICAgICAgICAgICAgICBpbnZhbGlkLCBleHBpcmVk LCByZXZva2VkLCBkb2VzIG5vdCBtYXRjaCB0aGUgcmVkaXJlY3Rpb24KICAgICAgICAgICAgICAg VVJJIHVzZWQgaW4gdGhlIGF1dGhvcml6YXRpb24gcmVxdWVzdCwgb3Igd2FzIGlzc3VlZCB0bwog ICAgICAgICAgICAgICBhbm90aGVyIGNsaWVudC4KICAgICAgICAgdW5hdXRob3JpemVkX2NsaWVu dAogICAgICAgICAgICAgICBUaGUgYXV0aGVudGljYXRlZCBjbGllbnQgaXMgbm90IGF1dGhvcml6 ZWQgdG8gdXNlIHRoaXMKICAgICAgICAgICAgICAgYXV0aG9yaXphdGlvbiBncmFudCB0eXBlLgog ICAgICAgICB1bnN1cHBvcnRlZF9ncmFudF90eXBlCiAgICAgICAgICAgICAgIFRoZSBhdXRob3Jp emF0aW9uIGdyYW50IHR5cGUgaXMgbm90IHN1cHBvcnRlZCBieSB0aGUKICAgICAgICAgICAgICAg YXV0aG9yaXphdGlvbiBzZXJ2ZXIuCiAgICAgICAgIGludmFsaWRfc2NvcGUKICAgICAgICAgICAg ICAgVGhlIHJlcXVlc3RlZCBzY29wZSBpcyBpbnZhbGlkLCB1bmtub3duLCBtYWxmb3JtZWQsIG9y CiAgICAgICAgICAgICAgIGV4Y2VlZHMgdGhlIHNjb3BlIGdyYW50ZWQgYnkgdGhlIHJlc291cmNl IG93bmVyLgogICAgICAgICBWYWx1ZXMgZm9yIHRoZSAiZXJyb3IiIHBhcmFtZXRlciBNVVNUIE5P VCBpbmNsdWRlIGNoYXJhY3RlcnMKICAgICAgICAgb3V0c2lkZSB0aGUgc2V0ICV4MjAtMjEgLyAl eDIzLTVCIC8gJXg1RC03RS4KICAgZXJyb3JfZGVzY3JpcHRpb24KICAgICAgICAgT1BUSU9OQUwu ICBBIGh1bWFuLXJlYWRhYmxlIEFTQ0lJIFtVU0FTQ0lJXSB0ZXh0IHByb3ZpZGluZwogICAgICAg ICBhZGRpdGlvbmFsIGluZm9ybWF0aW9uLCB1c2VkIHRvIGFzc2lzdCB0aGUgY2xpZW50IGRldmVs b3BlciBpbgogICAgICAgICB1bmRlcnN0YW5kaW5nIHRoZSBlcnJvciB0aGF0IG9jY3VycmVkLgog ICAgICAgICBWYWx1ZXMgZm9yIHRoZSAiZXJyb3JfZGVzY3JpcHRpb24iIHBhcmFtZXRlciBNVVNU IE5PVCBpbmNsdWRlCiAgICAgICAgIGNoYXJhY3RlcnMgb3V0c2lkZSB0aGUgc2V0ICV4MjAtMjEg LyAleDIzLTVCIC8gJXg1RC03RS4KICAgZXJyb3JfdXJpCiAgICAgICAgIE9QVElPTkFMLiAgQSBV UkkgaWRlbnRpZnlpbmcgYSBodW1hbi1yZWFkYWJsZSB3ZWIgcGFnZSB3aXRoCiAgICAgICAgIGlu Zm9ybWF0aW9uIGFib3V0IHRoZSBlcnJvciwgdXNlZCB0byBwcm92aWRlIHRoZSBjbGllbnQKICAg ICAgICAgZGV2ZWxvcGVyIHdpdGggYWRkaXRpb25hbCBpbmZvcm1hdGlvbiBhYm91dCB0aGUgZXJy b3IuCiAgICAgICAgIFZhbHVlcyBmb3IgdGhlICJlcnJvcl91cmkiIHBhcmFtZXRlciBNVVNUIGNv bmZvcm0gdG8gdGhlIFVSSS0KICAgICAgICAgUmVmZXJlbmNlIHN5bnRheCwgYW5kIHRodXMgTVVT VCBOT1QgaW5jbHVkZSBjaGFyYWN0ZXJzIG91dHNpZGUKICAgICAgICAgdGhlIHNldCAleDIxIC8g JXgyMy01QiAvICV4NUQtN0UuCgogICBUaGUgcGFyYW1ldGVycyBhcmUgaW5jbHVkZWQgaW4gdGhl IGVudGl0eSBib2R5IG9mIHRoZSBIVFRQIHJlc3BvbnNlCiAgIHVzaW5nIHRoZSAiYXBwbGljYXRp b24vanNvbiIgbWVkaWEgdHlwZSBhcyBkZWZpbmVkIGJ5IFtSRkM0NjI3XS4gIFRoZQogICBwYXJh bWV0ZXJzIGFyZSBzZXJpYWxpemVkIGludG8gYSBKU09OIHN0cnVjdHVyZSBieSBhZGRpbmcgZWFj aAogICBwYXJhbWV0ZXIgYXQgdGhlIGhpZ2hlc3Qgc3RydWN0dXJlIGxldmVsLiAgUGFyYW1ldGVy IG5hbWVzIGFuZCBzdHJpbmcKICAgdmFsdWVzIGFyZSBpbmNsdWRlZCBhcyBKU09OIHN0cmluZ3Mu ICBOdW1lcmljYWwgdmFsdWVzIGFyZSBpbmNsdWRlZAogICBhcyBKU09OIG51bWJlcnMuICBUaGUg b3JkZXIgb2YgcGFyYW1ldGVycyBkb2VzIG5vdCBtYXR0ZXIgYW5kIGNhbgogICB2YXJ5LgoKCgoK CgoKCgoKCkhhcmR0ICYgUmVjb3Jkb24gICAgICAgIEV4cGlyZXMgSmFudWFyeSAxMCwgMjAxMyAg ICAgICAgICAgICAgIFtQYWdlIDQyXQoMCkludGVybmV0LURyYWZ0ICAgICAgICAgICAgICAgICAg T0F1dGggMi4wICAgICAgICAgICAgICAgICAgICAgIEp1bHkgMjAxMgoKCiAgIEZvciBleGFtcGxl OgoKICAgICBIVFRQLzEuMSA0MDAgQmFkIFJlcXVlc3QKICAgICBDb250ZW50LVR5cGU6IGFwcGxp Y2F0aW9uL2pzb247Y2hhcnNldD1VVEYtOAogICAgIENhY2hlLUNvbnRyb2w6IG5vLXN0b3JlCiAg ICAgUHJhZ21hOiBuby1jYWNoZQoKICAgICB7CiAgICAgICAiZXJyb3IiOiJpbnZhbGlkX3JlcXVl c3QiCiAgICAgfQoKCjYuICBSZWZyZXNoaW5nIGFuIEFjY2VzcyBUb2tlbgoKICAgSWYgdGhlIGF1 dGhvcml6YXRpb24gc2VydmVyIGlzc3VlZCBhIHJlZnJlc2ggdG9rZW4gdG8gdGhlIGNsaWVudCwg dGhlCiAgIGNsaWVudCBtYWtlcyBhIHJlZnJlc2ggcmVxdWVzdCB0byB0aGUgdG9rZW4gZW5kcG9p bnQgYnkgYWRkaW5nIHRoZQogICBmb2xsb3dpbmcgcGFyYW1ldGVycyB1c2luZyB0aGUgImFwcGxp Y2F0aW9uL3gtd3d3LWZvcm0tdXJsZW5jb2RlZCIKICAgZm9ybWF0IFtXM0MuUkVDLWh0bWw0MDEt MTk5OTEyMjRdIGFuZCBhIGNoYXJhY3RlciBlbmNvZGluZyBvZiBVVEYtOAogICBpbiB0aGUgSFRU UCByZXF1ZXN0IGVudGl0eS1ib2R5OgoKICAgZ3JhbnRfdHlwZQogICAgICAgICBSRVFVSVJFRC4g IFZhbHVlIE1VU1QgYmUgc2V0IHRvICJyZWZyZXNoX3Rva2VuIi4KICAgcmVmcmVzaF90b2tlbgog ICAgICAgICBSRVFVSVJFRC4gIFRoZSByZWZyZXNoIHRva2VuIGlzc3VlZCB0byB0aGUgY2xpZW50 LgogICBzY29wZQogICAgICAgICBPUFRJT05BTC4gIFRoZSBzY29wZSBvZiB0aGUgYWNjZXNzIHJl cXVlc3QgYXMgZGVzY3JpYmVkIGJ5CiAgICAgICAgIFNlY3Rpb24gMy4zLiAgVGhlIHJlcXVlc3Rl ZCBzY29wZSBNVVNUIE5PVCBpbmNsdWRlIGFueSBzY29wZQogICAgICAgICBub3Qgb3JpZ2luYWxs eSBncmFudGVkIGJ5IHRoZSByZXNvdXJjZSBvd25lciwgYW5kIGlmIG9taXR0ZWQgaXMKICAgICAg ICAgdHJlYXRlZCBhcyBlcXVhbCB0byB0aGUgc2NvcGUgb3JpZ2luYWxseSBncmFudGVkIGJ5IHRo ZQogICAgICAgICByZXNvdXJjZSBvd25lci4KCiAgIEJlY2F1c2UgcmVmcmVzaCB0b2tlbnMgYXJl IHR5cGljYWxseSBsb25nLWxhc3RpbmcgY3JlZGVudGlhbHMgdXNlZCB0bwogICByZXF1ZXN0IGFk ZGl0aW9uYWwgYWNjZXNzIHRva2VucywgdGhlIHJlZnJlc2ggdG9rZW4gaXMgYm91bmQgdG8gdGhl CiAgIGNsaWVudCB0byB3aGljaCBpdCB3YXMgaXNzdWVkLiAgSWYgdGhlIGNsaWVudCB0eXBlIGlz IGNvbmZpZGVudGlhbCBvcgogICB0aGUgY2xpZW50IHdhcyBpc3N1ZWQgY2xpZW50IGNyZWRlbnRp YWxzIChvciBhc3NpZ25lZCBvdGhlcgogICBhdXRoZW50aWNhdGlvbiByZXF1aXJlbWVudHMpLCB0 aGUgY2xpZW50IE1VU1QgYXV0aGVudGljYXRlIHdpdGggdGhlCiAgIGF1dGhvcml6YXRpb24gc2Vy dmVyIGFzIGRlc2NyaWJlZCBpbiBTZWN0aW9uIDMuMi4xLgoKICAgRm9yIGV4YW1wbGUsIHRoZSBj bGllbnQgbWFrZXMgdGhlIGZvbGxvd2luZyBIVFRQIHJlcXVlc3QgdXNpbmcKICAgdHJhbnNwb3J0 LWxheWVyIHNlY3VyaXR5IChleHRyYSBsaW5lIGJyZWFrcyBhcmUgZm9yIGRpc3BsYXkgcHVycG9z ZXMKICAgb25seSk6CgogICAgIFBPU1QgL3Rva2VuIEhUVFAvMS4xCiAgICAgSG9zdDogc2VydmVy LmV4YW1wbGUuY29tCiAgICAgQXV0aG9yaXphdGlvbjogQmFzaWMgY3paQ2FHUlNhM0YwTXpwbldE Rm1RbUYwTTJKVwogICAgIENvbnRlbnQtVHlwZTogYXBwbGljYXRpb24veC13d3ctZm9ybS11cmxl bmNvZGVkCgogICAgIGdyYW50X3R5cGU9cmVmcmVzaF90b2tlbiZyZWZyZXNoX3Rva2VuPXRHenYz Sk9rRjBYRzVReDJUbEtXSUEKCgoKSGFyZHQgJiBSZWNvcmRvbiAgICAgICAgRXhwaXJlcyBKYW51 YXJ5IDEwLCAyMDEzICAgICAgICAgICAgICAgW1BhZ2UgNDNdCgwKSW50ZXJuZXQtRHJhZnQgICAg ICAgICAgICAgICAgICBPQXV0aCAyLjAgICAgICAgICAgICAgICAgICAgICAgSnVseSAyMDEyCgoK ICAgVGhlIGF1dGhvcml6YXRpb24gc2VydmVyIE1VU1Q6CgogICBvICByZXF1aXJlIGNsaWVudCBh dXRoZW50aWNhdGlvbiBmb3IgY29uZmlkZW50aWFsIGNsaWVudHMgb3IgZm9yIGFueQogICAgICBj bGllbnQgdGhhdCB3YXMgaXNzdWVkIGNsaWVudCBjcmVkZW50aWFscyAob3Igd2l0aCBvdGhlcgog ICAgICBhdXRoZW50aWNhdGlvbiByZXF1aXJlbWVudHMpLAogICBvICBhdXRoZW50aWNhdGUgdGhl IGNsaWVudCBpZiBjbGllbnQgYXV0aGVudGljYXRpb24gaXMgaW5jbHVkZWQgYW5kCiAgICAgIGVu c3VyZSB0aGUgcmVmcmVzaCB0b2tlbiB3YXMgaXNzdWVkIHRvIHRoZSBhdXRoZW50aWNhdGVkIGNs aWVudCwKICAgICAgYW5kCiAgIG8gIHZhbGlkYXRlIHRoZSByZWZyZXNoIHRva2VuLgoKICAgSWYg dmFsaWQgYW5kIGF1dGhvcml6ZWQsIHRoZSBhdXRob3JpemF0aW9uIHNlcnZlciBpc3N1ZXMgYW4g YWNjZXNzCiAgIHRva2VuIGFzIGRlc2NyaWJlZCBpbiBTZWN0aW9uIDUuMS4gIElmIHRoZSByZXF1 ZXN0IGZhaWxlZAogICB2ZXJpZmljYXRpb24gb3IgaXMgaW52YWxpZCwgdGhlIGF1dGhvcml6YXRp b24gc2VydmVyIHJldHVybnMgYW4gZXJyb3IKICAgcmVzcG9uc2UgYXMgZGVzY3JpYmVkIGluIFNl Y3Rpb24gNS4yLgoKICAgVGhlIGF1dGhvcml6YXRpb24gc2VydmVyIE1BWSBpc3N1ZSBhIG5ldyBy ZWZyZXNoIHRva2VuLCBpbiB3aGljaCBjYXNlCiAgIHRoZSBjbGllbnQgTVVTVCBkaXNjYXJkIHRo ZSBvbGQgcmVmcmVzaCB0b2tlbiBhbmQgcmVwbGFjZSBpdCB3aXRoIHRoZQogICBuZXcgcmVmcmVz aCB0b2tlbi4gIFRoZSBhdXRob3JpemF0aW9uIHNlcnZlciBNQVkgcmV2b2tlIHRoZSBvbGQKICAg cmVmcmVzaCB0b2tlbiBhZnRlciBpc3N1aW5nIGEgbmV3IHJlZnJlc2ggdG9rZW4gdG8gdGhlIGNs aWVudC4gIElmIGEKICAgbmV3IHJlZnJlc2ggdG9rZW4gaXMgaXNzdWVkLCB0aGUgcmVmcmVzaCB0 b2tlbiBzY29wZSBNVVNUIGJlCiAgIGlkZW50aWNhbCB0byB0aGF0IG9mIHRoZSByZWZyZXNoIHRv a2VuIGluY2x1ZGVkIGJ5IHRoZSBjbGllbnQgaW4gdGhlCiAgIHJlcXVlc3QuCgoKNy4gIEFjY2Vz c2luZyBQcm90ZWN0ZWQgUmVzb3VyY2VzCgogICBUaGUgY2xpZW50IGFjY2Vzc2VzIHByb3RlY3Rl ZCByZXNvdXJjZXMgYnkgcHJlc2VudGluZyB0aGUgYWNjZXNzCiAgIHRva2VuIHRvIHRoZSByZXNv dXJjZSBzZXJ2ZXIuICBUaGUgcmVzb3VyY2Ugc2VydmVyIE1VU1QgdmFsaWRhdGUgdGhlCiAgIGFj Y2VzcyB0b2tlbiBhbmQgZW5zdXJlIGl0IGhhcyBub3QgZXhwaXJlZCBhbmQgdGhhdCBpdHMgc2Nv cGUgY292ZXJzCiAgIHRoZSByZXF1ZXN0ZWQgcmVzb3VyY2UuICBUaGUgbWV0aG9kcyB1c2VkIGJ5 IHRoZSByZXNvdXJjZSBzZXJ2ZXIgdG8KICAgdmFsaWRhdGUgdGhlIGFjY2VzcyB0b2tlbiAoYXMg d2VsbCBhcyBhbnkgZXJyb3IgcmVzcG9uc2VzKSBhcmUgYmV5b25kCiAgIHRoZSBzY29wZSBvZiB0 aGlzIHNwZWNpZmljYXRpb24sIGJ1dCBnZW5lcmFsbHkgaW52b2x2ZSBhbiBpbnRlcmFjdGlvbgog ICBvciBjb29yZGluYXRpb24gYmV0d2VlbiB0aGUgcmVzb3VyY2Ugc2VydmVyIGFuZCB0aGUgYXV0 aG9yaXphdGlvbgogICBzZXJ2ZXIuCgogICBUaGUgbWV0aG9kIGluIHdoaWNoIHRoZSBjbGllbnQg dXRpbGl6ZXMgdGhlIGFjY2VzcyB0b2tlbiB0bwogICBhdXRoZW50aWNhdGUgd2l0aCB0aGUgcmVz b3VyY2Ugc2VydmVyIGRlcGVuZHMgb24gdGhlIHR5cGUgb2YgYWNjZXNzCiAgIHRva2VuIGlzc3Vl ZCBieSB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIuICBUeXBpY2FsbHksIGl0IGludm9sdmVzCiAg IHVzaW5nIHRoZSBIVFRQICJBdXRob3JpemF0aW9uIiByZXF1ZXN0IGhlYWRlciBmaWVsZCBbUkZD MjYxN10gd2l0aCBhbgogICBhdXRoZW50aWNhdGlvbiBzY2hlbWUgZGVmaW5lZCBieSB0aGUgYWNj ZXNzIHRva2VuIHR5cGUgc3BlY2lmaWNhdGlvbi4KCjcuMS4gIEFjY2VzcyBUb2tlbiBUeXBlcwoK ICAgVGhlIGFjY2VzcyB0b2tlbiB0eXBlIHByb3ZpZGVzIHRoZSBjbGllbnQgd2l0aCB0aGUgaW5m b3JtYXRpb24KICAgcmVxdWlyZWQgdG8gc3VjY2Vzc2Z1bGx5IHV0aWxpemUgdGhlIGFjY2VzcyB0 b2tlbiB0byBtYWtlIGEgcHJvdGVjdGVkCiAgIHJlc291cmNlIHJlcXVlc3QgKGFsb25nIHdpdGgg dHlwZS1zcGVjaWZpYyBhdHRyaWJ1dGVzKS4gIFRoZSBjbGllbnQKICAgTVVTVCBOT1QgdXNlIGFu IGFjY2VzcyB0b2tlbiBpZiBpdCBkb2VzIG5vdCB1bmRlcnN0YW5kIHRoZSB0b2tlbgogICB0eXBl LgoKCgpIYXJkdCAmIFJlY29yZG9uICAgICAgICBFeHBpcmVzIEphbnVhcnkgMTAsIDIwMTMgICAg ICAgICAgICAgICBbUGFnZSA0NF0KDApJbnRlcm5ldC1EcmFmdCAgICAgICAgICAgICAgICAgIE9B dXRoIDIuMCAgICAgICAgICAgICAgICAgICAgICBKdWx5IDIwMTIKCgogICBGb3IgZXhhbXBsZSwg dGhlICJiZWFyZXIiIHRva2VuIHR5cGUgZGVmaW5lZCBpbgogICBbSS1ELmlldGYtb2F1dGgtdjIt YmVhcmVyXSBpcyB1dGlsaXplZCBieSBzaW1wbHkgaW5jbHVkaW5nIHRoZSBhY2Nlc3MKICAgdG9r ZW4gc3RyaW5nIGluIHRoZSByZXF1ZXN0OgoKICAgICBHRVQgL3Jlc291cmNlLzEgSFRUUC8xLjEK ICAgICBIb3N0OiBleGFtcGxlLmNvbQogICAgIEF1dGhvcml6YXRpb246IEJlYXJlciBtRl85LkI1 Zi00LjFKcU0KCiAgIHdoaWxlIHRoZSAibWFjIiB0b2tlbiB0eXBlIGRlZmluZWQgaW4gW0ktRC5p ZXRmLW9hdXRoLXYyLWh0dHAtbWFjXSBpcwogICB1dGlsaXplZCBieSBpc3N1aW5nIGEgTUFDIGtl eSB0b2dldGhlciB3aXRoIHRoZSBhY2Nlc3MgdG9rZW4gd2hpY2ggaXMKICAgdXNlZCB0byBzaWdu IGNlcnRhaW4gY29tcG9uZW50cyBvZiB0aGUgSFRUUCByZXF1ZXN0czoKCiAgICAgR0VUIC9yZXNv dXJjZS8xIEhUVFAvMS4xCiAgICAgSG9zdDogZXhhbXBsZS5jb20KICAgICBBdXRob3JpemF0aW9u OiBNQUMgaWQ9Img0ODBkanM5M2hkOCIsCiAgICAgICAgICAgICAgICAgICAgICAgIG5vbmNlPSIy NzQzMTI6ZGo4M2hzOXMiLAogICAgICAgICAgICAgICAgICAgICAgICBtYWM9ImtEWnZkZGtuZHh2 aEdSWFpodnVEakVXaEdlRT0iCgogICBUaGUgYWJvdmUgZXhhbXBsZXMgYXJlIHByb3ZpZGVkIGZv ciBpbGx1c3RyYXRpb24gcHVycG9zZXMgb25seS4KICAgRGV2ZWxvcGVycyBhcmUgYWR2aXNlZCB0 byBjb25zdWx0IHRoZSBbSS1ELmlldGYtb2F1dGgtdjItYmVhcmVyXSBhbmQKICAgW0ktRC5pZXRm LW9hdXRoLXYyLWh0dHAtbWFjXSBzcGVjaWZpY2F0aW9ucyBiZWZvcmUgdXNlLgoKICAgRWFjaCBh Y2Nlc3MgdG9rZW4gdHlwZSBkZWZpbml0aW9uIHNwZWNpZmllcyB0aGUgYWRkaXRpb25hbCBhdHRy aWJ1dGVzCiAgIChpZiBhbnkpIHNlbnQgdG8gdGhlIGNsaWVudCB0b2dldGhlciB3aXRoIHRoZSAi YWNjZXNzX3Rva2VuIiByZXNwb25zZQogICBwYXJhbWV0ZXIuICBJdCBhbHNvIGRlZmluZXMgdGhl IEhUVFAgYXV0aGVudGljYXRpb24gbWV0aG9kIHVzZWQgdG8KICAgaW5jbHVkZSB0aGUgYWNjZXNz IHRva2VuIHdoZW4gbWFraW5nIGEgcHJvdGVjdGVkIHJlc291cmNlIHJlcXVlc3QuCgo3LjIuICBF cnJvciBSZXNwb25zZQoKICAgSWYgYSByZXNvdXJjZSBhY2Nlc3MgcmVxdWVzdCBmYWlscywgdGhl IHJlc291cmNlIHNlcnZlciBTSE9VTEQgaW5mb3JtCiAgIHRoZSBjbGllbnQgb2YgdGhlIGVycm9y LiAgV2hpbGUgdGhlIHNwZWNpZmljcyBvZiBzdWNoIGVycm9yIHJlc3BvbnNlcwogICBhcmUgYmV5 b25kIHRoZSBzY29wZSBvZiB0aGlzIHNwZWNpZmljYXRpb24sIHRoaXMgZG9jdW1lbnRzCiAgIGVz dGFibGlzaGVzIGEgY29tbW9uIHJlZ2lzdHJ5IGluIFNlY3Rpb24gMTEuNCBmb3IgZXJyb3IgdmFs dWVzIHRvIGJlCiAgIHNoYXJlZCBhbW9uZyBPQXV0aCB0b2tlbiBhdXRoZW50aWNhdGlvbiBzY2hl bWVzLgoKICAgTmV3IGF1dGhlbnRpY2F0aW9uIHNjaGVtZXMgZGVzaWduZWQgcHJpbWFyaWx5IGZv ciBPQXV0aCB0b2tlbgogICBhdXRoZW50aWNhdGlvbiBTSE9VTEQgZGVmaW5lIGEgbWVjaGFuaXNt IGZvciBwcm92aWRpbmcgYW4gZXJyb3IKICAgc3RhdHVzIGNvZGUgdG8gdGhlIGNsaWVudCwgaW4g d2hpY2ggdGhlIGVycm9yIHZhbHVlcyBhbGxvd2VkIGFyZQogICByZWdpc3RlcmVkIGluIHRoZSBl cnJvciByZWdpc3RyeSBlc3RhYmxpc2hlZCBieSB0aGlzIHNwZWNpZmljYXRpb24uCiAgIFN1Y2gg c2NoZW1lcyBNQVkgbGltaXQgdGhlIHNldCBvZiB2YWxpZCBlcnJvciBjb2RlcyB0byBhIHN1YnNl dCBvZgogICB0aGUgcmVnaXN0ZXJlZCB2YWx1ZXMuICBJZiB0aGUgZXJyb3IgY29kZSBpcyByZXR1 cm5lZCB1c2luZyBhIG5hbWVkCiAgIHBhcmFtZXRlciwgdGhlIHBhcmFtZXRlciBuYW1lIFNIT1VM RCBiZSAiZXJyb3IiLgoKICAgT3RoZXIgc2NoZW1lcyBjYXBhYmxlIG9mIGJlaW5nIHVzZWQgZm9y IE9BdXRoIHRva2VuIGF1dGhlbnRpY2F0aW9uLAogICBidXQgbm90IHByaW1hcmlseSBkZXNpZ25l ZCBmb3IgdGhhdCBwdXJwb3NlLCBNQVkgYmluZCB0aGVpciBlcnJvcgogICB2YWx1ZXMgdG8gdGhl IHJlZ2lzdHJ5IGluIHRoZSBzYW1lIG1hbm5lci4KCiAgIE5ldyBhdXRoZW50aWNhdGlvbiBzY2hl bWVzIE1BWSBjaG9vc2UgdG8gYWxzbyBzcGVjaWZ5IHRoZSB1c2Ugb2YgdGhlCgoKCkhhcmR0ICYg UmVjb3Jkb24gICAgICAgIEV4cGlyZXMgSmFudWFyeSAxMCwgMjAxMyAgICAgICAgICAgICAgIFtQ YWdlIDQ1XQoMCkludGVybmV0LURyYWZ0ICAgICAgICAgICAgICAgICAgT0F1dGggMi4wICAgICAg ICAgICAgICAgICAgICAgIEp1bHkgMjAxMgoKCiAgICJlcnJvcl9kZXNjcmlwdGlvbiIgYW5kICJl cnJvcl91cmkiIHBhcmFtZXRlcnMgdG8gcmV0dXJuIGVycm9yCiAgIGluZm9ybWF0aW9uIGluIGEg bWFubmVyIHBhcmFsbGVsIHRvIHRoZWlyIHVzYWdlIGluIHRoaXMKICAgc3BlY2lmaWNhdGlvbi4K Cgo4LiAgRXh0ZW5zaWJpbGl0eQoKOC4xLiAgRGVmaW5pbmcgQWNjZXNzIFRva2VuIFR5cGVzCgog ICBBY2Nlc3MgdG9rZW4gdHlwZXMgY2FuIGJlIGRlZmluZWQgaW4gb25lIG9mIHR3byB3YXlzOiBy ZWdpc3RlcmVkIGluCiAgIHRoZSBhY2Nlc3MgdG9rZW4gdHlwZSByZWdpc3RyeSAoZm9sbG93aW5n IHRoZSBwcm9jZWR1cmVzIGluCiAgIFNlY3Rpb24gMTEuMSksIG9yIGJ5IHVzaW5nIGEgdW5pcXVl IGFic29sdXRlIFVSSSBhcyBpdHMgbmFtZS4KCiAgIFR5cGVzIHV0aWxpemluZyBhIFVSSSBuYW1l IFNIT1VMRCBiZSBsaW1pdGVkIHRvIHZlbmRvci1zcGVjaWZpYwogICBpbXBsZW1lbnRhdGlvbnMg dGhhdCBhcmUgbm90IGNvbW1vbmx5IGFwcGxpY2FibGUsIGFuZCBhcmUgc3BlY2lmaWMgdG8KICAg dGhlIGltcGxlbWVudGF0aW9uIGRldGFpbHMgb2YgdGhlIHJlc291cmNlIHNlcnZlciB3aGVyZSB0 aGV5IGFyZQogICB1c2VkLgoKICAgQWxsIG90aGVyIHR5cGVzIE1VU1QgYmUgcmVnaXN0ZXJlZC4g IFR5cGUgbmFtZXMgTVVTVCBjb25mb3JtIHRvIHRoZQogICB0eXBlLW5hbWUgQUJORi4gIElmIHRo ZSB0eXBlIGRlZmluaXRpb24gaW5jbHVkZXMgYSBuZXcgSFRUUAogICBhdXRoZW50aWNhdGlvbiBz Y2hlbWUsIHRoZSB0eXBlIG5hbWUgU0hPVUxEIGJlIGlkZW50aWNhbCB0byB0aGUgSFRUUAogICBh dXRoZW50aWNhdGlvbiBzY2hlbWUgbmFtZSAoYXMgZGVmaW5lZCBieSBbUkZDMjYxN10pLiAgVGhl IHRva2VuIHR5cGUKICAgImV4YW1wbGUiIGlzIHJlc2VydmVkIGZvciB1c2UgaW4gZXhhbXBsZXMu CgogICAgIHR5cGUtbmFtZSAgPSAxKm5hbWUtY2hhcgogICAgIG5hbWUtY2hhciAgPSAiLSIgLyAi LiIgLyAiXyIgLyBESUdJVCAvIEFMUEhBCgo4LjIuICBEZWZpbmluZyBOZXcgRW5kcG9pbnQgUGFy YW1ldGVycwoKICAgTmV3IHJlcXVlc3Qgb3IgcmVzcG9uc2UgcGFyYW1ldGVycyBmb3IgdXNlIHdp dGggdGhlIGF1dGhvcml6YXRpb24KICAgZW5kcG9pbnQgb3IgdGhlIHRva2VuIGVuZHBvaW50IGFy ZSBkZWZpbmVkIGFuZCByZWdpc3RlcmVkIGluIHRoZQogICBwYXJhbWV0ZXJzIHJlZ2lzdHJ5IGZv bGxvd2luZyB0aGUgcHJvY2VkdXJlIGluIFNlY3Rpb24gMTEuMi4KCiAgIFBhcmFtZXRlciBuYW1l cyBNVVNUIGNvbmZvcm0gdG8gdGhlIHBhcmFtLW5hbWUgQUJORiBhbmQgcGFyYW1ldGVyCiAgIHZh bHVlcyBzeW50YXggTVVTVCBiZSB3ZWxsLWRlZmluZWQgKGUuZy4sIHVzaW5nIEFCTkYsIG9yIGEg cmVmZXJlbmNlCiAgIHRvIHRoZSBzeW50YXggb2YgYW4gZXhpc3RpbmcgcGFyYW1ldGVyKS4KCiAg ICAgcGFyYW0tbmFtZSAgPSAxKm5hbWUtY2hhcgogICAgIG5hbWUtY2hhciAgID0gIi0iIC8gIi4i IC8gIl8iIC8gRElHSVQgLyBBTFBIQQoKICAgVW5yZWdpc3RlcmVkIHZlbmRvci1zcGVjaWZpYyBw YXJhbWV0ZXIgZXh0ZW5zaW9ucyB0aGF0IGFyZSBub3QKICAgY29tbW9ubHkgYXBwbGljYWJsZSwg YW5kIGFyZSBzcGVjaWZpYyB0byB0aGUgaW1wbGVtZW50YXRpb24gZGV0YWlscwogICBvZiB0aGUg YXV0aG9yaXphdGlvbiBzZXJ2ZXIgd2hlcmUgdGhleSBhcmUgdXNlZCBTSE9VTEQgdXRpbGl6ZSBh CiAgIHZlbmRvci1zcGVjaWZpYyBwcmVmaXggdGhhdCBpcyBub3QgbGlrZWx5IHRvIGNvbmZsaWN0 IHdpdGggb3RoZXIKICAgcmVnaXN0ZXJlZCB2YWx1ZXMgKGUuZy4gYmVnaW4gd2l0aCAnY29tcGFu eW5hbWVfJykuCgoKCgoKCkhhcmR0ICYgUmVjb3Jkb24gICAgICAgIEV4cGlyZXMgSmFudWFyeSAx MCwgMjAxMyAgICAgICAgICAgICAgIFtQYWdlIDQ2XQoMCkludGVybmV0LURyYWZ0ICAgICAgICAg ICAgICAgICAgT0F1dGggMi4wICAgICAgICAgICAgICAgICAgICAgIEp1bHkgMjAxMgoKCjguMy4g IERlZmluaW5nIE5ldyBBdXRob3JpemF0aW9uIEdyYW50IFR5cGVzCgogICBOZXcgYXV0aG9yaXph dGlvbiBncmFudCB0eXBlcyBjYW4gYmUgZGVmaW5lZCBieSBhc3NpZ25pbmcgdGhlbSBhCiAgIHVu aXF1ZSBhYnNvbHV0ZSBVUkkgZm9yIHVzZSB3aXRoIHRoZSAiZ3JhbnRfdHlwZSIgcGFyYW1ldGVy LiAgSWYgdGhlCiAgIGV4dGVuc2lvbiBncmFudCB0eXBlIHJlcXVpcmVzIGFkZGl0aW9uYWwgdG9r ZW4gZW5kcG9pbnQgcGFyYW1ldGVycywKICAgdGhleSBNVVNUIGJlIHJlZ2lzdGVyZWQgaW4gdGhl IE9BdXRoIHBhcmFtZXRlcnMgcmVnaXN0cnkgYXMgZGVzY3JpYmVkCiAgIGJ5IFNlY3Rpb24gMTEu Mi4KCjguNC4gIERlZmluaW5nIE5ldyBBdXRob3JpemF0aW9uIEVuZHBvaW50IFJlc3BvbnNlIFR5 cGVzCgogICBOZXcgcmVzcG9uc2UgdHlwZXMgZm9yIHVzZSB3aXRoIHRoZSBhdXRob3JpemF0aW9u IGVuZHBvaW50IGFyZQogICBkZWZpbmVkIGFuZCByZWdpc3RlcmVkIGluIHRoZSBhdXRob3JpemF0 aW9uIGVuZHBvaW50IHJlc3BvbnNlIHR5cGUKICAgcmVnaXN0cnkgZm9sbG93aW5nIHRoZSBwcm9j ZWR1cmUgaW4gU2VjdGlvbiAxMS4zLiAgUmVzcG9uc2UgdHlwZQogICBuYW1lcyBNVVNUIGNvbmZv cm0gdG8gdGhlIHJlc3BvbnNlLXR5cGUgQUJORi4KCiAgICAgcmVzcG9uc2UtdHlwZSAgPSByZXNw b25zZS1uYW1lICooIFNQIHJlc3BvbnNlLW5hbWUgKQogICAgIHJlc3BvbnNlLW5hbWUgID0gMSpy ZXNwb25zZS1jaGFyCiAgICAgcmVzcG9uc2UtY2hhciAgPSAiXyIgLyBESUdJVCAvIEFMUEhBCgog ICBJZiBhIHJlc3BvbnNlIHR5cGUgY29udGFpbnMgb25lIG9yIG1vcmUgc3BhY2UgY2hhcmFjdGVy cyAoJXgyMCksIGl0CiAgIGlzIGNvbXBhcmVkIGFzIGEgc3BhY2UtZGVsaW1pdGVkIGxpc3Qgb2Yg dmFsdWVzIGluIHdoaWNoIHRoZSBvcmRlciBvZgogICB2YWx1ZXMgZG9lcyBub3QgbWF0dGVyLiAg T25seSBvbmUgb3JkZXIgb2YgdmFsdWVzIGNhbiBiZSByZWdpc3RlcmVkLAogICB3aGljaCBjb3Zl cnMgYWxsIG90aGVyIGFycmFuZ2VtZW50cyBvZiB0aGUgc2FtZSBzZXQgb2YgdmFsdWVzLgoKICAg Rm9yIGV4YW1wbGUsIHRoZSByZXNwb25zZSB0eXBlICJ0b2tlbiBjb2RlIiBpcyBsZWZ0IHVuZGVm aW5lZCBieSB0aGlzCiAgIHNwZWNpZmljYXRpb24uICBIb3dldmVyLCBhbiBleHRlbnNpb24gY2Fu IGRlZmluZSBhbmQgcmVnaXN0ZXIgdGhlCiAgICJ0b2tlbiBjb2RlIiByZXNwb25zZSB0eXBlLiAg T25jZSByZWdpc3RlcmVkLCB0aGUgc2FtZSBjb21iaW5hdGlvbgogICBjYW5ub3QgYmUgcmVnaXN0 ZXJlZCBhcyAiY29kZSB0b2tlbiIsIGJ1dCBib3RoIHZhbHVlcyBjYW4gYmUgdXNlZCB0bwogICBk ZW5vdGUgdGhlIHNhbWUgcmVzcG9uc2UgdHlwZS4KCjguNS4gIERlZmluaW5nIEFkZGl0aW9uYWwg RXJyb3IgQ29kZXMKCiAgIEluIGNhc2VzIHdoZXJlIHByb3RvY29sIGV4dGVuc2lvbnMgKGkuZS4g YWNjZXNzIHRva2VuIHR5cGVzLAogICBleHRlbnNpb24gcGFyYW1ldGVycywgb3IgZXh0ZW5zaW9u IGdyYW50IHR5cGVzKSByZXF1aXJlIGFkZGl0aW9uYWwKICAgZXJyb3IgY29kZXMgdG8gYmUgdXNl ZCB3aXRoIHRoZSBhdXRob3JpemF0aW9uIGNvZGUgZ3JhbnQgZXJyb3IKICAgcmVzcG9uc2UgKFNl Y3Rpb24gNC4xLjIuMSksIHRoZSBpbXBsaWNpdCBncmFudCBlcnJvciByZXNwb25zZQogICAoU2Vj dGlvbiA0LjIuMi4xKSwgdGhlIHRva2VuIGVycm9yIHJlc3BvbnNlIChTZWN0aW9uIDUuMiksIG9y IHRoZQogICByZXNvdXJjZSBhY2Nlc3MgZXJyb3IgcmVzcG9uc2UgKFNlY3Rpb24gNy4yKSwgc3Vj aCBlcnJvciBjb2RlcyBNQVkgYmUKICAgZGVmaW5lZC4KCiAgIEV4dGVuc2lvbiBlcnJvciBjb2Rl cyBNVVNUIGJlIHJlZ2lzdGVyZWQgKGZvbGxvd2luZyB0aGUgcHJvY2VkdXJlcyBpbgogICBTZWN0 aW9uIDExLjQpIGlmIHRoZSBleHRlbnNpb24gdGhleSBhcmUgdXNlZCBpbiBjb25qdW5jdGlvbiB3 aXRoIGlzIGEKICAgcmVnaXN0ZXJlZCBhY2Nlc3MgdG9rZW4gdHlwZSwgYSByZWdpc3RlcmVkIGVu ZHBvaW50IHBhcmFtZXRlciwgb3IgYW4KICAgZXh0ZW5zaW9uIGdyYW50IHR5cGUuICBFcnJvciBj b2RlcyB1c2VkIHdpdGggdW5yZWdpc3RlcmVkIGV4dGVuc2lvbnMKICAgTUFZIGJlIHJlZ2lzdGVy ZWQuCgogICBFcnJvciBjb2RlcyBNVVNUIGNvbmZvcm0gdG8gdGhlIGVycm9yIEFCTkYsIGFuZCBT SE9VTEQgYmUgcHJlZml4ZWQgYnkKICAgYW4gaWRlbnRpZnlpbmcgbmFtZSB3aGVuIHBvc3NpYmxl LiAgRm9yIGV4YW1wbGUsIGFuIGVycm9yIGlkZW50aWZ5aW5nCgoKCkhhcmR0ICYgUmVjb3Jkb24g ICAgICAgIEV4cGlyZXMgSmFudWFyeSAxMCwgMjAxMyAgICAgICAgICAgICAgIFtQYWdlIDQ3XQoM CkludGVybmV0LURyYWZ0ICAgICAgICAgICAgICAgICAgT0F1dGggMi4wICAgICAgICAgICAgICAg ICAgICAgIEp1bHkgMjAxMgoKCiAgIGFuIGludmFsaWQgdmFsdWUgc2V0IHRvIHRoZSBleHRlbnNp b24gcGFyYW1ldGVyICJleGFtcGxlIiBTSE9VTEQgYmUKICAgbmFtZWQgImV4YW1wbGVfaW52YWxp ZCIuCgogICAgIGVycm9yICAgICAgPSAxKmVycm9yLWNoYXIKICAgICBlcnJvci1jaGFyID0gJXgy MC0yMSAvICV4MjMtNUIgLyAleDVELTdFCgoKOS4gIE5hdGl2ZSBBcHBsaWNhdGlvbnMKCiAgIE5h dGl2ZSBhcHBsaWNhdGlvbnMgYXJlIGNsaWVudHMgaW5zdGFsbGVkIGFuZCBleGVjdXRlZCBvbiB0 aGUgZGV2aWNlCiAgIHVzZWQgYnkgdGhlIHJlc291cmNlIG93bmVyIChpLmUuIGRlc2t0b3AgYXBw bGljYXRpb24sIG5hdGl2ZSBtb2JpbGUKICAgYXBwbGljYXRpb24pLiAgTmF0aXZlIGFwcGxpY2F0 aW9ucyByZXF1aXJlIHNwZWNpYWwgY29uc2lkZXJhdGlvbgogICByZWxhdGVkIHRvIHNlY3VyaXR5 LCBwbGF0Zm9ybSBjYXBhYmlsaXRpZXMsIGFuZCBvdmVyYWxsIGVuZC11c2VyCiAgIGV4cGVyaWVu Y2UuCgogICBUaGUgYXV0aG9yaXphdGlvbiBlbmRwb2ludCByZXF1aXJlcyBpbnRlcmFjdGlvbiBi ZXR3ZWVuIHRoZSBjbGllbnQKICAgYW5kIHRoZSByZXNvdXJjZSBvd25lcidzIHVzZXItYWdlbnQu ICBOYXRpdmUgYXBwbGljYXRpb25zIGNhbiBpbnZva2UKICAgYW4gZXh0ZXJuYWwgdXNlci1hZ2Vu dCBvciBlbWJlZCBhIHVzZXItYWdlbnQgd2l0aGluIHRoZSBhcHBsaWNhdGlvbi4KICAgRm9yIGV4 YW1wbGU6CgogICBvICBFeHRlcm5hbCB1c2VyLWFnZW50IC0gdGhlIG5hdGl2ZSBhcHBsaWNhdGlv biBjYW4gY2FwdHVyZSB0aGUKICAgICAgcmVzcG9uc2UgZnJvbSB0aGUgYXV0aG9yaXphdGlvbiBz ZXJ2ZXIgdXNpbmcgYSByZWRpcmVjdGlvbiBVUkkKICAgICAgd2l0aCBhIHNjaGVtZSByZWdpc3Rl cmVkIHdpdGggdGhlIG9wZXJhdGluZyBzeXN0ZW0gdG8gaW52b2tlIHRoZQogICAgICBjbGllbnQg YXMgdGhlIGhhbmRsZXIsIG1hbnVhbCBjb3B5LWFuZC1wYXN0ZSBvZiB0aGUgY3JlZGVudGlhbHMs CiAgICAgIHJ1bm5pbmcgYSBsb2NhbCB3ZWIgc2VydmVyLCBpbnN0YWxsaW5nIGEgdXNlci1hZ2Vu dCBleHRlbnNpb24sIG9yCiAgICAgIGJ5IHByb3ZpZGluZyBhIHJlZGlyZWN0aW9uIFVSSSBpZGVu dGlmeWluZyBhIHNlcnZlci1ob3N0ZWQKICAgICAgcmVzb3VyY2UgdW5kZXIgdGhlIGNsaWVudCdz IGNvbnRyb2wsIHdoaWNoIGluIHR1cm4gbWFrZXMgdGhlCiAgICAgIHJlc3BvbnNlIGF2YWlsYWJs ZSB0byB0aGUgbmF0aXZlIGFwcGxpY2F0aW9uLgogICBvICBFbWJlZGRlZCB1c2VyLWFnZW50IC0g dGhlIG5hdGl2ZSBhcHBsaWNhdGlvbiBvYnRhaW5zIHRoZSByZXNwb25zZQogICAgICBieSBkaXJl Y3RseSBjb21tdW5pY2F0aW5nIHdpdGggdGhlIGVtYmVkZGVkIHVzZXItYWdlbnQgYnkKICAgICAg bW9uaXRvcmluZyBzdGF0ZSBjaGFuZ2VzIGVtaXR0ZWQgZHVyaW5nIHRoZSByZXNvdXJjZSBsb2Fk LCBvcgogICAgICBhY2Nlc3NpbmcgdGhlIHVzZXItYWdlbnQncyBjb29raWVzIHN0b3JhZ2UuCgog ICBXaGVuIGNob29zaW5nIGJldHdlZW4gYW4gZXh0ZXJuYWwgb3IgZW1iZWRkZWQgdXNlci1hZ2Vu dCwgZGV2ZWxvcGVycwogICBzaG91bGQgY29uc2lkZXI6CgogICBvICBBbiBFeHRlcm5hbCB1c2Vy LWFnZW50IG1heSBpbXByb3ZlIGNvbXBsZXRpb24gcmF0ZSBhcyB0aGUgcmVzb3VyY2UKICAgICAg b3duZXIgbWF5IGFscmVhZHkgaGF2ZSBhbiBhY3RpdmUgc2Vzc2lvbiB3aXRoIHRoZSBhdXRob3Jp emF0aW9uCiAgICAgIHNlcnZlciByZW1vdmluZyB0aGUgbmVlZCB0byByZS1hdXRoZW50aWNhdGUu ICBJdCBwcm92aWRlcyBhCiAgICAgIGZhbWlsaWFyIGVuZC11c2VyIGV4cGVyaWVuY2UgYW5kIGZ1 bmN0aW9uYWxpdHkuICBUaGUgcmVzb3VyY2UKICAgICAgb3duZXIgbWF5IGFsc28gcmVseSBvbiB1 c2VyLWFnZW50IGZlYXR1cmVzIG9yIGV4dGVuc2lvbnMgdG8gYXNzaXN0CiAgICAgIHdpdGggYXV0 aGVudGljYXRpb24gKGUuZy4gcGFzc3dvcmQgbWFuYWdlciwgMi1mYWN0b3IgZGV2aWNlCiAgICAg IHJlYWRlcikuCiAgIG8gIEFuIGVtYmVkZGVkIHVzZXItYWdlbnQgbWF5IG9mZmVyIGltcHJvdmVk IHVzYWJpbGl0eSwgYXMgaXQgcmVtb3ZlcwogICAgICB0aGUgbmVlZCB0byBzd2l0Y2ggY29udGV4 dCBhbmQgb3BlbiBuZXcgd2luZG93cy4KICAgbyAgQW4gZW1iZWRkZWQgdXNlci1hZ2VudCBwb3Nl cyBhIHNlY3VyaXR5IGNoYWxsZW5nZSBiZWNhdXNlIHJlc291cmNlCiAgICAgIG93bmVycyBhcmUg YXV0aGVudGljYXRpbmcgaW4gYW4gdW5pZGVudGlmaWVkIHdpbmRvdyB3aXRob3V0IGFjY2Vzcwog ICAgICB0byB0aGUgdmlzdWFsIHByb3RlY3Rpb25zIGZvdW5kIGluIG1vc3QgZXh0ZXJuYWwgdXNl ci1hZ2VudHMuICBBbgoKCgpIYXJkdCAmIFJlY29yZG9uICAgICAgICBFeHBpcmVzIEphbnVhcnkg MTAsIDIwMTMgICAgICAgICAgICAgICBbUGFnZSA0OF0KDApJbnRlcm5ldC1EcmFmdCAgICAgICAg ICAgICAgICAgIE9BdXRoIDIuMCAgICAgICAgICAgICAgICAgICAgICBKdWx5IDIwMTIKCgogICAg ICBlbWJlZGRlZCB1c2VyLWFnZW50IGVkdWNhdGVzIGVuZC11c2VycyB0byB0cnVzdCB1bmlkZW50 aWZpZWQKICAgICAgcmVxdWVzdHMgZm9yIGF1dGhlbnRpY2F0aW9uIChtYWtpbmcgcGhpc2hpbmcg YXR0YWNrcyBlYXNpZXIgdG8KICAgICAgZXhlY3V0ZSkuCgogICBXaGVuIGNob29zaW5nIGJldHdl ZW4gdGhlIGltcGxpY2l0IGdyYW50IHR5cGUgYW5kIHRoZSBhdXRob3JpemF0aW9uCiAgIGNvZGUg Z3JhbnQgdHlwZSwgdGhlIGZvbGxvd2luZyBzaG91bGQgYmUgY29uc2lkZXJlZDoKCiAgIG8gIE5h dGl2ZSBhcHBsaWNhdGlvbnMgdGhhdCB1c2UgdGhlIGF1dGhvcml6YXRpb24gY29kZSBncmFudCB0 eXBlCiAgICAgIFNIT1VMRCBkbyBzbyB3aXRob3V0IHVzaW5nIGNsaWVudCBjcmVkZW50aWFscywg ZHVlIHRvIHRoZSBuYXRpdmUKICAgICAgYXBwbGljYXRpb24ncyBpbmFiaWxpdHkgdG8ga2VlcCBj bGllbnQgY3JlZGVudGlhbHMgY29uZmlkZW50aWFsLgogICBvICBXaGVuIHVzaW5nIHRoZSBpbXBs aWNpdCBncmFudCB0eXBlIGZsb3cgYSByZWZyZXNoIHRva2VuIGlzIG5vdAogICAgICByZXR1cm5l ZCB3aGljaCByZXF1aXJlcyByZXBlYXRpbmcgdGhlIGF1dGhvcml6YXRpb24gcHJvY2VzcyBvbmNl CiAgICAgIHRoZSBhY2Nlc3MgdG9rZW4gZXhwaXJlcy4KCgoxMC4gIFNlY3VyaXR5IENvbnNpZGVy YXRpb25zCgogICBBcyBhIGZsZXhpYmxlIGFuZCBleHRlbnNpYmxlIGZyYW1ld29yaywgT0F1dGgn cyBzZWN1cml0eQogICBjb25zaWRlcmF0aW9ucyBkZXBlbmQgb24gbWFueSBmYWN0b3JzLiAgVGhl IGZvbGxvd2luZyBzZWN0aW9ucwogICBwcm92aWRlIGltcGxlbWVudGVycyB3aXRoIHNlY3VyaXR5 IGd1aWRlbGluZXMgZm9jdXNlZCBvbiB0aGUgdGhyZWUKICAgY2xpZW50IHByb2ZpbGVzIGRlc2Ny aWJlZCBpbiBTZWN0aW9uIDIuMTogd2ViIGFwcGxpY2F0aW9uLCB1c2VyLQogICBhZ2VudC1iYXNl ZCBhcHBsaWNhdGlvbiwgYW5kIG5hdGl2ZSBhcHBsaWNhdGlvbi4KCiAgIEEgY29tcHJlaGVuc2l2 ZSBPQXV0aCBzZWN1cml0eSBtb2RlbCBhbmQgYW5hbHlzaXMsIGFzIHdlbGwgYXMKICAgYmFja2dy b3VuZCBmb3IgdGhlIHByb3RvY29sIGRlc2lnbiwgaXMgcHJvdmlkZWQgYnkKICAgW0ktRC5pZXRm LW9hdXRoLXYyLXRocmVhdG1vZGVsXS4KCjEwLjEuICBDbGllbnQgQXV0aGVudGljYXRpb24KCiAg IFRoZSBhdXRob3JpemF0aW9uIHNlcnZlciBlc3RhYmxpc2hlcyBjbGllbnQgY3JlZGVudGlhbHMg d2l0aCB3ZWIKICAgYXBwbGljYXRpb24gY2xpZW50cyBmb3IgdGhlIHB1cnBvc2Ugb2YgY2xpZW50 IGF1dGhlbnRpY2F0aW9uLiAgVGhlCiAgIGF1dGhvcml6YXRpb24gc2VydmVyIGlzIGVuY291cmFn ZWQgdG8gY29uc2lkZXIgc3Ryb25nZXIgY2xpZW50CiAgIGF1dGhlbnRpY2F0aW9uIG1lYW5zIHRo YW4gYSBjbGllbnQgcGFzc3dvcmQuICBXZWIgYXBwbGljYXRpb24gY2xpZW50cwogICBNVVNUIGVu c3VyZSBjb25maWRlbnRpYWxpdHkgb2YgY2xpZW50IHBhc3N3b3JkcyBhbmQgb3RoZXIgY2xpZW50 CiAgIGNyZWRlbnRpYWxzLgoKICAgVGhlIGF1dGhvcml6YXRpb24gc2VydmVyIE1VU1QgTk9UIGlz c3VlIGNsaWVudCBwYXNzd29yZHMgb3Igb3RoZXIKICAgY2xpZW50IGNyZWRlbnRpYWxzIHRvIG5h dGl2ZSBhcHBsaWNhdGlvbiBvciB1c2VyLWFnZW50LWJhc2VkCiAgIGFwcGxpY2F0aW9uIGNsaWVu dHMgZm9yIHRoZSBwdXJwb3NlIG9mIGNsaWVudCBhdXRoZW50aWNhdGlvbi4gIFRoZQogICBhdXRo b3JpemF0aW9uIHNlcnZlciBNQVkgaXNzdWUgYSBjbGllbnQgcGFzc3dvcmQgb3Igb3RoZXIgY3Jl ZGVudGlhbHMKICAgZm9yIGEgc3BlY2lmaWMgaW5zdGFsbGF0aW9uIG9mIGEgbmF0aXZlIGFwcGxp Y2F0aW9uIGNsaWVudCBvbiBhCiAgIHNwZWNpZmljIGRldmljZS4KCiAgIFdoZW4gY2xpZW50IGF1 dGhlbnRpY2F0aW9uIGlzIG5vdCBwb3NzaWJsZSwgdGhlIGF1dGhvcml6YXRpb24gc2VydmVyCiAg IFNIT1VMRCBlbXBsb3kgb3RoZXIgbWVhbnMgdG8gdmFsaWRhdGUgdGhlIGNsaWVudCdzIGlkZW50 aXR5LiAgRm9yCiAgIGV4YW1wbGUsIGJ5IHJlcXVpcmluZyB0aGUgcmVnaXN0cmF0aW9uIG9mIHRo ZSBjbGllbnQgcmVkaXJlY3Rpb24gVVJJCiAgIG9yIGVubGlzdGluZyB0aGUgcmVzb3VyY2Ugb3du ZXIgdG8gY29uZmlybSBpZGVudGl0eS4gIEEgdmFsaWQKICAgcmVkaXJlY3Rpb24gVVJJIGlzIG5v dCBzdWZmaWNpZW50IHRvIHZlcmlmeSB0aGUgY2xpZW50J3MgaWRlbnRpdHkKCgoKSGFyZHQgJiBS ZWNvcmRvbiAgICAgICAgRXhwaXJlcyBKYW51YXJ5IDEwLCAyMDEzICAgICAgICAgICAgICAgW1Bh Z2UgNDldCgwKSW50ZXJuZXQtRHJhZnQgICAgICAgICAgICAgICAgICBPQXV0aCAyLjAgICAgICAg ICAgICAgICAgICAgICAgSnVseSAyMDEyCgoKICAgd2hlbiBhc2tpbmcgZm9yIHJlc291cmNlIG93 bmVyIGF1dGhvcml6YXRpb24sIGJ1dCBjYW4gYmUgdXNlZCB0bwogICBwcmV2ZW50IGRlbGl2ZXJp bmcgY3JlZGVudGlhbHMgdG8gYSBjb3VudGVyZmVpdCBjbGllbnQgYWZ0ZXIKICAgb2J0YWluaW5n IHJlc291cmNlIG93bmVyIGF1dGhvcml6YXRpb24uCgogICBUaGUgYXV0aG9yaXphdGlvbiBzZXJ2 ZXIgbXVzdCBjb25zaWRlciB0aGUgc2VjdXJpdHkgaW1wbGljYXRpb25zIG9mCiAgIGludGVyYWN0 aW5nIHdpdGggdW5hdXRoZW50aWNhdGVkIGNsaWVudHMgYW5kIHRha2UgbWVhc3VyZXMgdG8gbGlt aXQKICAgdGhlIHBvdGVudGlhbCBleHBvc3VyZSBvZiBvdGhlciBjcmVkZW50aWFscyAoZS5nLiBy ZWZyZXNoIHRva2VucykKICAgaXNzdWVkIHRvIHN1Y2ggY2xpZW50cy4KCjEwLjIuICBDbGllbnQg SW1wZXJzb25hdGlvbgoKICAgQSBtYWxpY2lvdXMgY2xpZW50IGNhbiBpbXBlcnNvbmF0ZSBhbm90 aGVyIGNsaWVudCBhbmQgb2J0YWluIGFjY2VzcwogICB0byBwcm90ZWN0ZWQgcmVzb3VyY2VzLCBp ZiB0aGUgaW1wZXJzb25hdGVkIGNsaWVudCBmYWlscyB0bywgb3IgaXMKICAgdW5hYmxlIHRvLCBr ZWVwIGl0cyBjbGllbnQgY3JlZGVudGlhbHMgY29uZmlkZW50aWFsLgoKICAgVGhlIGF1dGhvcml6 YXRpb24gc2VydmVyIE1VU1QgYXV0aGVudGljYXRlIHRoZSBjbGllbnQgd2hlbmV2ZXIKICAgcG9z c2libGUuICBJZiB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgY2Fubm90IGF1dGhlbnRpY2F0ZSB0 aGUgY2xpZW50CiAgIGR1ZSB0byB0aGUgY2xpZW50J3MgbmF0dXJlLCB0aGUgYXV0aG9yaXphdGlv biBzZXJ2ZXIgTVVTVCByZXF1aXJlIHRoZQogICByZWdpc3RyYXRpb24gb2YgYW55IHJlZGlyZWN0 aW9uIFVSSSB1c2VkIGZvciByZWNlaXZpbmcgYXV0aG9yaXphdGlvbgogICByZXNwb25zZXMsIGFu ZCBTSE9VTEQgdXRpbGl6ZSBvdGhlciBtZWFucyB0byBwcm90ZWN0IHJlc291cmNlIG93bmVycwog ICBmcm9tIHN1Y2ggcG90ZW50aWFsbHkgbWFsaWNpb3VzIGNsaWVudHMuICBGb3IgZXhhbXBsZSwg dGhlCiAgIGF1dGhvcml6YXRpb24gc2VydmVyIGNhbiBlbmdhZ2UgdGhlIHJlc291cmNlIG93bmVy IHRvIGFzc2lzdCBpbgogICBpZGVudGlmeWluZyB0aGUgY2xpZW50IGFuZCBpdHMgb3JpZ2luLgoK ICAgVGhlIGF1dGhvcml6YXRpb24gc2VydmVyIFNIT1VMRCBlbmZvcmNlIGV4cGxpY2l0IHJlc291 cmNlIG93bmVyCiAgIGF1dGhlbnRpY2F0aW9uIGFuZCBwcm92aWRlIHRoZSByZXNvdXJjZSBvd25l ciB3aXRoIGluZm9ybWF0aW9uIGFib3V0CiAgIHRoZSBjbGllbnQgYW5kIHRoZSByZXF1ZXN0ZWQg YXV0aG9yaXphdGlvbiBzY29wZSBhbmQgbGlmZXRpbWUuICBJdCBpcwogICB1cCB0byB0aGUgcmVz b3VyY2Ugb3duZXIgdG8gcmV2aWV3IHRoZSBpbmZvcm1hdGlvbiBpbiB0aGUgY29udGV4dCBvZgog ICB0aGUgY3VycmVudCBjbGllbnQsIGFuZCBhdXRob3JpemUgb3IgZGVueSB0aGUgcmVxdWVzdC4K CiAgIFRoZSBhdXRob3JpemF0aW9uIHNlcnZlciBTSE9VTEQgTk9UIHByb2Nlc3MgcmVwZWF0ZWQg YXV0aG9yaXphdGlvbgogICByZXF1ZXN0cyBhdXRvbWF0aWNhbGx5ICh3aXRob3V0IGFjdGl2ZSBy ZXNvdXJjZSBvd25lciBpbnRlcmFjdGlvbikKICAgd2l0aG91dCBhdXRoZW50aWNhdGluZyB0aGUg Y2xpZW50IG9yIHJlbHlpbmcgb24gb3RoZXIgbWVhc3VyZXMgdG8KICAgZW5zdXJlIHRoZSByZXBl YXRlZCByZXF1ZXN0IGNvbWVzIGZyb20gdGhlIG9yaWdpbmFsIGNsaWVudCBhbmQgbm90IGFuCiAg IGltcGVyc29uYXRvci4KCjEwLjMuICBBY2Nlc3MgVG9rZW5zCgogICBBY2Nlc3MgdG9rZW4gY3Jl ZGVudGlhbHMgKGFzIHdlbGwgYXMgYW55IGNvbmZpZGVudGlhbCBhY2Nlc3MgdG9rZW4KICAgYXR0 cmlidXRlcykgTVVTVCBiZSBrZXB0IGNvbmZpZGVudGlhbCBpbiB0cmFuc2l0IGFuZCBzdG9yYWdl LCBhbmQKICAgb25seSBzaGFyZWQgYW1vbmcgdGhlIGF1dGhvcml6YXRpb24gc2VydmVyLCB0aGUg cmVzb3VyY2Ugc2VydmVycyB0aGUKICAgYWNjZXNzIHRva2VuIGlzIHZhbGlkIGZvciwgYW5kIHRo ZSBjbGllbnQgdG8gd2hvbSB0aGUgYWNjZXNzIHRva2VuIGlzCiAgIGlzc3VlZC4gIEFjY2VzcyB0 b2tlbiBjcmVkZW50aWFscyBNVVNUIG9ubHkgYmUgdHJhbnNtaXR0ZWQgdXNpbmcgVExTCiAgIGFz IGRlc2NyaWJlZCBpbiBTZWN0aW9uIDEuNiB3aXRoIHNlcnZlciBhdXRoZW50aWNhdGlvbiBhcyBk ZWZpbmVkIGJ5CiAgIFtSRkMyODE4XS4KCiAgIFdoZW4gdXNpbmcgdGhlIGltcGxpY2l0IGdyYW50 IHR5cGUsIHRoZSBhY2Nlc3MgdG9rZW4gaXMgdHJhbnNtaXR0ZWQKICAgaW4gdGhlIFVSSSBmcmFn bWVudCwgd2hpY2ggY2FuIGV4cG9zZSBpdCB0byB1bmF1dGhvcml6ZWQgcGFydGllcy4KCgoKSGFy ZHQgJiBSZWNvcmRvbiAgICAgICAgRXhwaXJlcyBKYW51YXJ5IDEwLCAyMDEzICAgICAgICAgICAg ICAgW1BhZ2UgNTBdCgwKSW50ZXJuZXQtRHJhZnQgICAgICAgICAgICAgICAgICBPQXV0aCAyLjAg ICAgICAgICAgICAgICAgICAgICAgSnVseSAyMDEyCgoKICAgVGhlIGF1dGhvcml6YXRpb24gc2Vy dmVyIE1VU1QgZW5zdXJlIHRoYXQgYWNjZXNzIHRva2VucyBjYW5ub3QgYmUKICAgZ2VuZXJhdGVk LCBtb2RpZmllZCwgb3IgZ3Vlc3NlZCB0byBwcm9kdWNlIHZhbGlkIGFjY2VzcyB0b2tlbnMgYnkK ICAgdW5hdXRob3JpemVkIHBhcnRpZXMuCgogICBUaGUgY2xpZW50IFNIT1VMRCByZXF1ZXN0IGFj Y2VzcyB0b2tlbnMgd2l0aCB0aGUgbWluaW1hbCBzY29wZQogICBuZWNlc3NhcnkuICBUaGUgYXV0 aG9yaXphdGlvbiBzZXJ2ZXIgU0hPVUxEIHRha2UgdGhlIGNsaWVudCBpZGVudGl0eQogICBpbnRv IGFjY291bnQgd2hlbiBjaG9vc2luZyBob3cgdG8gaG9ub3IgdGhlIHJlcXVlc3RlZCBzY29wZSwg YW5kIE1BWQogICBpc3N1ZSBhbiBhY2Nlc3MgdG9rZW4gd2l0aCBhIGxlc3MgcmlnaHRzIHRoYW4g cmVxdWVzdGVkLgoKICAgVGhpcyBzcGVjaWZpY2F0aW9uIGRvZXMgbm90IHByb3ZpZGUgYW55IG1l dGhvZHMgZm9yIHRoZSByZXNvdXJjZQogICBzZXJ2ZXIgdG8gZW5zdXJlIHRoYXQgYW4gYWNjZXNz IHRva2VuIHByZXNlbnRlZCB0byBpdCBieSBhIGdpdmVuCiAgIGNsaWVudCB3YXMgaXNzdWVkIHRv IHRoYXQgY2xpZW50IGJ5IHRoZSBhdXRob3JpemF0aW9uIHNlcnZlci4KCjEwLjQuICBSZWZyZXNo IFRva2VucwoKICAgQXV0aG9yaXphdGlvbiBzZXJ2ZXJzIE1BWSBpc3N1ZSByZWZyZXNoIHRva2Vu cyB0byB3ZWIgYXBwbGljYXRpb24KICAgY2xpZW50cyBhbmQgbmF0aXZlIGFwcGxpY2F0aW9uIGNs aWVudHMuCgogICBSZWZyZXNoIHRva2VucyBNVVNUIGJlIGtlcHQgY29uZmlkZW50aWFsIGluIHRy YW5zaXQgYW5kIHN0b3JhZ2UsIGFuZAogICBzaGFyZWQgb25seSBhbW9uZyB0aGUgYXV0aG9yaXph dGlvbiBzZXJ2ZXIgYW5kIHRoZSBjbGllbnQgdG8gd2hvbSB0aGUKICAgcmVmcmVzaCB0b2tlbnMg d2VyZSBpc3N1ZWQuICBUaGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgTVVTVCBtYWludGFpbgogICB0 aGUgYmluZGluZyBiZXR3ZWVuIGEgcmVmcmVzaCB0b2tlbiBhbmQgdGhlIGNsaWVudCB0byB3aG9t IGl0IHdhcwogICBpc3N1ZWQuICBSZWZyZXNoIHRva2VucyBNVVNUIG9ubHkgYmUgdHJhbnNtaXR0 ZWQgdXNpbmcgVExTIGFzCiAgIGRlc2NyaWJlZCBpbiBTZWN0aW9uIDEuNiB3aXRoIHNlcnZlciBh dXRoZW50aWNhdGlvbiBhcyBkZWZpbmVkIGJ5CiAgIFtSRkMyODE4XS4KCiAgIFRoZSBhdXRob3Jp emF0aW9uIHNlcnZlciBNVVNUIHZlcmlmeSB0aGUgYmluZGluZyBiZXR3ZWVuIHRoZSByZWZyZXNo CiAgIHRva2VuIGFuZCBjbGllbnQgaWRlbnRpdHkgd2hlbmV2ZXIgdGhlIGNsaWVudCBpZGVudGl0 eSBjYW4gYmUKICAgYXV0aGVudGljYXRlZC4gIFdoZW4gY2xpZW50IGF1dGhlbnRpY2F0aW9uIGlz IG5vdCBwb3NzaWJsZSwgdGhlCiAgIGF1dGhvcml6YXRpb24gc2VydmVyIFNIT1VMRCBkZXBsb3kg b3RoZXIgbWVhbnMgdG8gZGV0ZWN0IHJlZnJlc2gKICAgdG9rZW4gYWJ1c2UuCgogICBGb3IgZXhh bXBsZSwgdGhlIGF1dGhvcml6YXRpb24gc2VydmVyIGNvdWxkIGVtcGxveSByZWZyZXNoIHRva2Vu CiAgIHJvdGF0aW9uIGluIHdoaWNoIGEgbmV3IHJlZnJlc2ggdG9rZW4gaXMgaXNzdWVkIHdpdGgg ZXZlcnkgYWNjZXNzCiAgIHRva2VuIHJlZnJlc2ggcmVzcG9uc2UuICBUaGUgcHJldmlvdXMgcmVm cmVzaCB0b2tlbiBpcyBpbnZhbGlkYXRlZAogICBidXQgcmV0YWluZWQgYnkgdGhlIGF1dGhvcml6 YXRpb24gc2VydmVyLiAgSWYgYSByZWZyZXNoIHRva2VuIGlzCiAgIGNvbXByb21pc2VkIGFuZCBz dWJzZXF1ZW50bHkgdXNlZCBieSBib3RoIHRoZSBhdHRhY2tlciBhbmQgdGhlCiAgIGxlZ2l0aW1h dGUgY2xpZW50LCBvbmUgb2YgdGhlbSB3aWxsIHByZXNlbnQgYW4gaW52YWxpZGF0ZWQgcmVmcmVz aAogICB0b2tlbiB3aGljaCB3aWxsIGluZm9ybSB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgb2Yg dGhlIGJyZWFjaC4KCiAgIFRoZSBhdXRob3JpemF0aW9uIHNlcnZlciBNVVNUIGVuc3VyZSB0aGF0 IHJlZnJlc2ggdG9rZW5zIGNhbm5vdCBiZQogICBnZW5lcmF0ZWQsIG1vZGlmaWVkLCBvciBndWVz c2VkIHRvIHByb2R1Y2UgdmFsaWQgcmVmcmVzaCB0b2tlbnMgYnkKICAgdW5hdXRob3JpemVkIHBh cnRpZXMuCgoxMC41LiAgQXV0aG9yaXphdGlvbiBDb2RlcwoKICAgVGhlIHRyYW5zbWlzc2lvbiBv ZiBhdXRob3JpemF0aW9uIGNvZGVzIFNIT1VMRCBiZSBtYWRlIG92ZXIgYSBzZWN1cmUKICAgY2hh bm5lbCwgYW5kIHRoZSBjbGllbnQgU0hPVUxEIHJlcXVpcmUgdGhlIHVzZSBvZiBUTFMgd2l0aCBp dHMKCgoKSGFyZHQgJiBSZWNvcmRvbiAgICAgICAgRXhwaXJlcyBKYW51YXJ5IDEwLCAyMDEzICAg ICAgICAgICAgICAgW1BhZ2UgNTFdCgwKSW50ZXJuZXQtRHJhZnQgICAgICAgICAgICAgICAgICBP QXV0aCAyLjAgICAgICAgICAgICAgICAgICAgICAgSnVseSAyMDEyCgoKICAgcmVkaXJlY3Rpb24g VVJJIGlmIHRoZSBVUkkgaWRlbnRpZmllcyBhIG5ldHdvcmsgcmVzb3VyY2UuICBTaW5jZQogICBh dXRob3JpemF0aW9uIGNvZGVzIGFyZSB0cmFuc21pdHRlZCB2aWEgdXNlci1hZ2VudCByZWRpcmVj dGlvbnMsIHRoZXkKICAgY291bGQgcG90ZW50aWFsbHkgYmUgZGlzY2xvc2VkIHRocm91Z2ggdXNl ci1hZ2VudCBoaXN0b3J5IGFuZCBIVFRQCiAgIHJlZmVycmVyIGhlYWRlcnMuCgogICBBdXRob3Jp emF0aW9uIGNvZGVzIG9wZXJhdGUgYXMgcGxhaW50ZXh0IGJlYXJlciBjcmVkZW50aWFscywgdXNl ZCB0bwogICB2ZXJpZnkgdGhhdCB0aGUgcmVzb3VyY2Ugb3duZXIgd2hvIGdyYW50ZWQgYXV0aG9y aXphdGlvbiBhdCB0aGUKICAgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgaXMgdGhlIHNhbWUgcmVzb3Vy Y2Ugb3duZXIgcmV0dXJuaW5nIHRvIHRoZQogICBjbGllbnQgdG8gY29tcGxldGUgdGhlIHByb2Nl c3MuICBUaGVyZWZvcmUsIGlmIHRoZSBjbGllbnQgcmVsaWVzIG9uCiAgIHRoZSBhdXRob3JpemF0 aW9uIGNvZGUgZm9yIGl0cyBvd24gcmVzb3VyY2Ugb3duZXIgYXV0aGVudGljYXRpb24sIHRoZQog ICBjbGllbnQgcmVkaXJlY3Rpb24gZW5kcG9pbnQgTVVTVCByZXF1aXJlIHRoZSB1c2Ugb2YgVExT LgoKICAgQXV0aG9yaXphdGlvbiBjb2RlcyBNVVNUIGJlIHNob3J0IGxpdmVkIGFuZCBzaW5nbGUg dXNlLiAgSWYgdGhlCiAgIGF1dGhvcml6YXRpb24gc2VydmVyIG9ic2VydmVzIG11bHRpcGxlIGF0 dGVtcHRzIHRvIGV4Y2hhbmdlIGFuCiAgIGF1dGhvcml6YXRpb24gY29kZSBmb3IgYW4gYWNjZXNz IHRva2VuLCB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIKICAgU0hPVUxEIGF0dGVtcHQgdG8gcmV2 b2tlIGFsbCBhY2Nlc3MgdG9rZW5zIGFscmVhZHkgZ3JhbnRlZCBiYXNlZCBvbgogICB0aGUgY29t cHJvbWlzZWQgYXV0aG9yaXphdGlvbiBjb2RlLgoKICAgSWYgdGhlIGNsaWVudCBjYW4gYmUgYXV0 aGVudGljYXRlZCwgdGhlIGF1dGhvcml6YXRpb24gc2VydmVycyBNVVNUCiAgIGF1dGhlbnRpY2F0 ZSB0aGUgY2xpZW50IGFuZCBlbnN1cmUgdGhhdCB0aGUgYXV0aG9yaXphdGlvbiBjb2RlIHdhcwog ICBpc3N1ZWQgdG8gdGhlIHNhbWUgY2xpZW50LgoKMTAuNi4gIEF1dGhvcml6YXRpb24gQ29kZSBS ZWRpcmVjdGlvbiBVUkkgTWFuaXB1bGF0aW9uCgogICBXaGVuIHJlcXVlc3RpbmcgYXV0aG9yaXph dGlvbiB1c2luZyB0aGUgYXV0aG9yaXphdGlvbiBjb2RlIGdyYW50CiAgIHR5cGUsIHRoZSBjbGll bnQgY2FuIHNwZWNpZnkgYSByZWRpcmVjdGlvbiBVUkkgdmlhIHRoZSAicmVkaXJlY3RfdXJpIgog ICBwYXJhbWV0ZXIuICBJZiBhbiBhdHRhY2tlciBjYW4gbWFuaXB1bGF0ZSB0aGUgdmFsdWUgb2Yg dGhlCiAgIHJlZGlyZWN0aW9uIFVSSSwgaXQgY2FuIGNhdXNlIHRoZSBhdXRob3JpemF0aW9uIHNl cnZlciB0byByZWRpcmVjdAogICB0aGUgcmVzb3VyY2Ugb3duZXIgdXNlci1hZ2VudCB0byBhIFVS SSB1bmRlciB0aGUgY29udHJvbCBvZiB0aGUKICAgYXR0YWNrZXIgd2l0aCB0aGUgYXV0aG9yaXph dGlvbiBjb2RlLgoKICAgQW4gYXR0YWNrZXIgY2FuIGNyZWF0ZSBhbiBhY2NvdW50IGF0IGEgbGVn aXRpbWF0ZSBjbGllbnQgYW5kIGluaXRpYXRlCiAgIHRoZSBhdXRob3JpemF0aW9uIGZsb3cuICBX aGVuIHRoZSBhdHRhY2tlcidzIHVzZXItYWdlbnQgaXMgc2VudCB0bwogICB0aGUgYXV0aG9yaXph dGlvbiBzZXJ2ZXIgdG8gZ3JhbnQgYWNjZXNzLCB0aGUgYXR0YWNrZXIgZ3JhYnMgdGhlCiAgIGF1 dGhvcml6YXRpb24gVVJJIHByb3ZpZGVkIGJ5IHRoZSBsZWdpdGltYXRlIGNsaWVudCwgYW5kIHJl cGxhY2VzIHRoZQogICBjbGllbnQncyByZWRpcmVjdGlvbiBVUkkgd2l0aCBhIFVSSSB1bmRlciB0 aGUgY29udHJvbCBvZiB0aGUKICAgYXR0YWNrZXIuICBUaGUgYXR0YWNrZXIgdGhlbiB0cmlja3Mg dGhlIHZpY3RpbSBpbnRvIGZvbGxvd2luZyB0aGUKICAgbWFuaXB1bGF0ZWQgbGluayB0byBhdXRo b3JpemUgYWNjZXNzIHRvIHRoZSBsZWdpdGltYXRlIGNsaWVudC4KCiAgIE9uY2UgYXQgdGhlIGF1 dGhvcml6YXRpb24gc2VydmVyLCB0aGUgdmljdGltIGlzIHByb21wdGVkIHdpdGggYQogICBub3Jt YWwsIHZhbGlkIHJlcXVlc3Qgb24gYmVoYWxmIG9mIGEgbGVnaXRpbWF0ZSBhbmQgdHJ1c3RlZCBj bGllbnQsCiAgIGFuZCBhdXRob3JpemVzIHRoZSByZXF1ZXN0LiAgVGhlIHZpY3RpbSBpcyB0aGVu IHJlZGlyZWN0ZWQgdG8gYW4KICAgZW5kcG9pbnQgdW5kZXIgdGhlIGNvbnRyb2wgb2YgdGhlIGF0 dGFja2VyIHdpdGggdGhlIGF1dGhvcml6YXRpb24KICAgY29kZS4gIFRoZSBhdHRhY2tlciBjb21w bGV0ZXMgdGhlIGF1dGhvcml6YXRpb24gZmxvdyBieSBzZW5kaW5nIHRoZQogICBhdXRob3JpemF0 aW9uIGNvZGUgdG8gdGhlIGNsaWVudCB1c2luZyB0aGUgb3JpZ2luYWwgcmVkaXJlY3Rpb24gVVJJ CiAgIHByb3ZpZGVkIGJ5IHRoZSBjbGllbnQuICBUaGUgY2xpZW50IGV4Y2hhbmdlcyB0aGUgYXV0 aG9yaXphdGlvbiBjb2RlCiAgIHdpdGggYW4gYWNjZXNzIHRva2VuIGFuZCBsaW5rcyBpdCB0byB0 aGUgYXR0YWNrZXIncyBjbGllbnQgYWNjb3VudAogICB3aGljaCBjYW4gbm93IGdhaW4gYWNjZXNz IHRvIHRoZSBwcm90ZWN0ZWQgcmVzb3VyY2VzIGF1dGhvcml6ZWQgYnkKCgoKSGFyZHQgJiBSZWNv cmRvbiAgICAgICAgRXhwaXJlcyBKYW51YXJ5IDEwLCAyMDEzICAgICAgICAgICAgICAgW1BhZ2Ug NTJdCgwKSW50ZXJuZXQtRHJhZnQgICAgICAgICAgICAgICAgICBPQXV0aCAyLjAgICAgICAgICAg ICAgICAgICAgICAgSnVseSAyMDEyCgoKICAgdGhlIHZpY3RpbSAodmlhIHRoZSBjbGllbnQpLgoK ICAgSW4gb3JkZXIgdG8gcHJldmVudCBzdWNoIGFuIGF0dGFjaywgdGhlIGF1dGhvcml6YXRpb24g c2VydmVyIE1VU1QKICAgZW5zdXJlIHRoYXQgdGhlIHJlZGlyZWN0aW9uIFVSSSB1c2VkIHRvIG9i dGFpbiB0aGUgYXV0aG9yaXphdGlvbiBjb2RlCiAgIGlzIGlkZW50aWNhbCB0byB0aGUgcmVkaXJl Y3Rpb24gVVJJIHByb3ZpZGVkIHdoZW4gZXhjaGFuZ2luZyB0aGUKICAgYXV0aG9yaXphdGlvbiBj b2RlIGZvciBhbiBhY2Nlc3MgdG9rZW4uICBUaGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIKICAgTVVT VCByZXF1aXJlIHB1YmxpYyBjbGllbnRzIGFuZCBTSE9VTEQgcmVxdWlyZSBjb25maWRlbnRpYWwg Y2xpZW50cwogICB0byByZWdpc3RlciB0aGVpciByZWRpcmVjdGlvbiBVUklzLiAgSWYgYSByZWRp cmVjdGlvbiBVUkkgaXMgcHJvdmlkZWQKICAgaW4gdGhlIHJlcXVlc3QsIHRoZSBhdXRob3JpemF0 aW9uIHNlcnZlciBNVVNUIHZhbGlkYXRlIGl0IGFnYWluc3QgdGhlCiAgIHJlZ2lzdGVyZWQgdmFs dWUuCgoxMC43LiAgUmVzb3VyY2UgT3duZXIgUGFzc3dvcmQgQ3JlZGVudGlhbHMKCiAgIFRoZSBy ZXNvdXJjZSBvd25lciBwYXNzd29yZCBjcmVkZW50aWFscyBncmFudCB0eXBlIGlzIG9mdGVuIHVz ZWQgZm9yCiAgIGxlZ2FjeSBvciBtaWdyYXRpb24gcmVhc29ucy4gIEl0IHJlZHVjZXMgdGhlIG92 ZXJhbGwgcmlzayBvZiBzdG9yaW5nCiAgIHVzZXJuYW1lIGFuZCBwYXNzd29yZCBieSB0aGUgY2xp ZW50LCBidXQgZG9lcyBub3QgZWxpbWluYXRlIHRoZSBuZWVkCiAgIHRvIGV4cG9zZSBoaWdobHkg cHJpdmlsZWdlZCBjcmVkZW50aWFscyB0byB0aGUgY2xpZW50LgoKICAgVGhpcyBncmFudCB0eXBl IGNhcnJpZXMgYSBoaWdoZXIgcmlzayB0aGFuIG90aGVyIGdyYW50IHR5cGVzIGJlY2F1c2UKICAg aXQgbWFpbnRhaW5zIHRoZSBwYXNzd29yZCBhbnRpLXBhdHRlcm4gdGhpcyBwcm90b2NvbCBzZWVr cyB0byBhdm9pZC4KICAgVGhlIGNsaWVudCBjb3VsZCBhYnVzZSB0aGUgcGFzc3dvcmQgb3IgdGhl IHBhc3N3b3JkIGNvdWxkCiAgIHVuaW50ZW50aW9uYWxseSBiZSBkaXNjbG9zZWQgdG8gYW4gYXR0 YWNrZXIgKGUuZy4gdmlhIGxvZyBmaWxlcyBvcgogICBvdGhlciByZWNvcmRzIGtlcHQgYnkgdGhl IGNsaWVudCkuCgogICBBZGRpdGlvbmFsbHksIGJlY2F1c2UgdGhlIHJlc291cmNlIG93bmVyIGRv ZXMgbm90IGhhdmUgY29udHJvbCBvdmVyCiAgIHRoZSBhdXRob3JpemF0aW9uIHByb2Nlc3MgKHRo ZSByZXNvdXJjZSBvd25lciBpbnZvbHZlbWVudCBlbmRzIHdoZW4KICAgaXQgaGFuZHMgb3ZlciBp dHMgY3JlZGVudGlhbHMgdG8gdGhlIGNsaWVudCksIHRoZSBjbGllbnQgY2FuIG9idGFpbgogICBh Y2Nlc3MgdG9rZW5zIHdpdGggYSBicm9hZGVyIHNjb3BlIHRoYW4gZGVzaXJlZCBieSB0aGUgcmVz b3VyY2UKICAgb3duZXIuICBUaGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgc2hvdWxkIGNvbnNpZGVy IHRoZSBzY29wZSBhbmQKICAgbGlmZXRpbWUgb2YgYWNjZXNzIHRva2VucyBpc3N1ZWQgdmlhIHRo aXMgZ3JhbnQgdHlwZS4KCiAgIFRoZSBhdXRob3JpemF0aW9uIHNlcnZlciBhbmQgY2xpZW50IFNI T1VMRCBtaW5pbWl6ZSB1c2Ugb2YgdGhpcyBncmFudAogICB0eXBlIGFuZCB1dGlsaXplIG90aGVy IGdyYW50IHR5cGVzIHdoZW5ldmVyIHBvc3NpYmxlLgoKMTAuOC4gIFJlcXVlc3QgQ29uZmlkZW50 aWFsaXR5CgogICBBY2Nlc3MgdG9rZW5zLCByZWZyZXNoIHRva2VucywgcmVzb3VyY2Ugb3duZXIg cGFzc3dvcmRzLCBhbmQgY2xpZW50CiAgIGNyZWRlbnRpYWxzIE1VU1QgTk9UIGJlIHRyYW5zbWl0 dGVkIGluIHRoZSBjbGVhci4gIEF1dGhvcml6YXRpb24KICAgY29kZXMgU0hPVUxEIE5PVCBiZSB0 cmFuc21pdHRlZCBpbiB0aGUgY2xlYXIuCgogICBUaGUgInN0YXRlIiBhbmQgInNjb3BlIiBwYXJh bWV0ZXJzIFNIT1VMRCBOT1QgaW5jbHVkZSBzZW5zaXRpdmUKICAgY2xpZW50IG9yIHJlc291cmNl IG93bmVyIGluZm9ybWF0aW9uIGluIHBsYWluIHRleHQgYXMgdGhleSBjYW4gYmUKICAgdHJhbnNt aXR0ZWQgb3ZlciBpbnNlY3VyZSBjaGFubmVscyBvciBzdG9yZWQgaW5zZWN1cmVseS4KCjEwLjku ICBFbmRwb2ludHMgQXV0aGVudGljaXR5CgogICBJbiBvcmRlciB0byBwcmV2ZW50IG1hbi1pbi10 aGUtbWlkZGxlIGF0dGFja3MsIHRoZSBhdXRob3JpemF0aW9uCiAgIHNlcnZlciBNVVNUIHJlcXVp cmUgdGhlIHVzZSBvZiBUTFMgd2l0aCBzZXJ2ZXIgYXV0aGVudGljYXRpb24gYXMKCgoKSGFyZHQg JiBSZWNvcmRvbiAgICAgICAgRXhwaXJlcyBKYW51YXJ5IDEwLCAyMDEzICAgICAgICAgICAgICAg W1BhZ2UgNTNdCgwKSW50ZXJuZXQtRHJhZnQgICAgICAgICAgICAgICAgICBPQXV0aCAyLjAgICAg ICAgICAgICAgICAgICAgICAgSnVseSAyMDEyCgoKICAgZGVmaW5lZCBieSBbUkZDMjgxOF0gZm9y IGFueSByZXF1ZXN0IHNlbnQgdG8gdGhlIGF1dGhvcml6YXRpb24gYW5kCiAgIHRva2VuIGVuZHBv aW50cy4gIFRoZSBjbGllbnQgTVVTVCB2YWxpZGF0ZSB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIn cwogICBUTFMgY2VydGlmaWNhdGUgYXMgZGVmaW5lZCBieSBbUkZDNjEyNV0sIGFuZCBpbiBhY2Nv cmRhbmNlIHdpdGggaXRzCiAgIHJlcXVpcmVtZW50cyBmb3Igc2VydmVyIGlkZW50aXR5IGF1dGhl bnRpY2F0aW9uLgoKMTAuMTAuICBDcmVkZW50aWFscyBHdWVzc2luZyBBdHRhY2tzCgogICBUaGUg YXV0aG9yaXphdGlvbiBzZXJ2ZXIgTVVTVCBwcmV2ZW50IGF0dGFja2VycyBmcm9tIGd1ZXNzaW5n IGFjY2VzcwogICB0b2tlbnMsIGF1dGhvcml6YXRpb24gY29kZXMsIHJlZnJlc2ggdG9rZW5zLCBy ZXNvdXJjZSBvd25lcgogICBwYXNzd29yZHMsIGFuZCBjbGllbnQgY3JlZGVudGlhbHMuCgogICBU aGUgcHJvYmFiaWxpdHkgb2YgYW4gYXR0YWNrZXIgZ3Vlc3NpbmcgZ2VuZXJhdGVkIHRva2VucyAo YW5kIG90aGVyCiAgIGNyZWRlbnRpYWxzIG5vdCBpbnRlbmRlZCBmb3IgaGFuZGxpbmcgYnkgZW5k LXVzZXJzKSBNVVNUIGJlIGxlc3MgdGhhbgogICBvciBlcXVhbCB0byAyXigtMTI4KSBhbmQgU0hP VUxEIGJlIGxlc3MgdGhhbiBvciBlcXVhbCB0byAyXigtMTYwKS4KCiAgIFRoZSBhdXRob3JpemF0 aW9uIHNlcnZlciBNVVNUIHV0aWxpemUgb3RoZXIgbWVhbnMgdG8gcHJvdGVjdAogICBjcmVkZW50 aWFscyBpbnRlbmRlZCBmb3IgZW5kLXVzZXIgdXNhZ2UuCgoxMC4xMS4gIFBoaXNoaW5nIEF0dGFj a3MKCiAgIFdpZGUgZGVwbG95bWVudCBvZiB0aGlzIGFuZCBzaW1pbGFyIHByb3RvY29scyBtYXkg Y2F1c2UgZW5kLXVzZXJzIHRvCiAgIGJlY29tZSBpbnVyZWQgdG8gdGhlIHByYWN0aWNlIG9mIGJl aW5nIHJlZGlyZWN0ZWQgdG8gd2Vic2l0ZXMgd2hlcmUKICAgdGhleSBhcmUgYXNrZWQgdG8gZW50 ZXIgdGhlaXIgcGFzc3dvcmRzLiAgSWYgZW5kLXVzZXJzIGFyZSBub3QKICAgY2FyZWZ1bCB0byB2 ZXJpZnkgdGhlIGF1dGhlbnRpY2l0eSBvZiB0aGVzZSB3ZWJzaXRlcyBiZWZvcmUgZW50ZXJpbmcK ICAgdGhlaXIgY3JlZGVudGlhbHMsIGl0IHdpbGwgYmUgcG9zc2libGUgZm9yIGF0dGFja2VycyB0 byBleHBsb2l0IHRoaXMKICAgcHJhY3RpY2UgdG8gc3RlYWwgcmVzb3VyY2Ugb3duZXJzJyBwYXNz d29yZHMuCgogICBTZXJ2aWNlIHByb3ZpZGVycyBzaG91bGQgYXR0ZW1wdCB0byBlZHVjYXRlIGVu ZC11c2VycyBhYm91dCB0aGUgcmlza3MKICAgcGhpc2hpbmcgYXR0YWNrcyBwb3NlLCBhbmQgc2hv dWxkIHByb3ZpZGUgbWVjaGFuaXNtcyB0aGF0IG1ha2UgaXQKICAgZWFzeSBmb3IgZW5kLXVzZXJz IHRvIGNvbmZpcm0gdGhlIGF1dGhlbnRpY2l0eSBvZiB0aGVpciBzaXRlcy4KICAgQ2xpZW50IGRl dmVsb3BlcnMgc2hvdWxkIGNvbnNpZGVyIHRoZSBzZWN1cml0eSBpbXBsaWNhdGlvbnMgb2YgaG93 CiAgIHRoZXkgaW50ZXJhY3Qgd2l0aCB0aGUgdXNlci1hZ2VudCAoZS5nLiwgZXh0ZXJuYWwsIGVt YmVkZGVkKSwgYW5kIHRoZQogICBhYmlsaXR5IG9mIHRoZSBlbmQtdXNlciB0byB2ZXJpZnkgdGhl IGF1dGhlbnRpY2l0eSBvZiB0aGUKICAgYXV0aG9yaXphdGlvbiBzZXJ2ZXIuCgogICBUbyByZWR1 Y2UgdGhlIHJpc2sgb2YgcGhpc2hpbmcgYXR0YWNrcywgdGhlIGF1dGhvcml6YXRpb24gc2VydmVy cwogICBNVVNUIHJlcXVpcmUgdGhlIHVzZSBvZiBUTFMgb24gZXZlcnkgZW5kcG9pbnQgdXNlZCBm b3IgZW5kLXVzZXIKICAgaW50ZXJhY3Rpb24uCgoxMC4xMi4gIENyb3NzLVNpdGUgUmVxdWVzdCBG b3JnZXJ5CgogICBDcm9zcy1zaXRlIHJlcXVlc3QgZm9yZ2VyeSAoQ1NSRikgaXMgYW4gZXhwbG9p dCBpbiB3aGljaCBhbiBhdHRhY2tlcgogICBjYXVzZXMgdGhlIHVzZXItYWdlbnQgb2YgYSB2aWN0 aW0gZW5kLXVzZXIgdG8gZm9sbG93IGEgbWFsaWNpb3VzIFVSSQogICAoZS5nLiBwcm92aWRlZCB0 byB0aGUgdXNlci1hZ2VudCBhcyBhIG1pc2xlYWRpbmcgbGluaywgaW1hZ2UsIG9yCiAgIHJlZGly ZWN0aW9uKSB0byBhIHRydXN0aW5nIHNlcnZlciAodXN1YWxseSBlc3RhYmxpc2hlZCB2aWEgdGhl CiAgIHByZXNlbmNlIG9mIGEgdmFsaWQgc2Vzc2lvbiBjb29raWUpLgoKICAgQSBDU1JGIGF0dGFj ayBhZ2FpbnN0IHRoZSBjbGllbnQncyByZWRpcmVjdGlvbiBVUkkgYWxsb3dzIGFuIGF0dGFja2Vy CgoKCkhhcmR0ICYgUmVjb3Jkb24gICAgICAgIEV4cGlyZXMgSmFudWFyeSAxMCwgMjAxMyAgICAg ICAgICAgICAgIFtQYWdlIDU0XQoMCkludGVybmV0LURyYWZ0ICAgICAgICAgICAgICAgICAgT0F1 dGggMi4wICAgICAgICAgICAgICAgICAgICAgIEp1bHkgMjAxMgoKCiAgIHRvIGluamVjdCB0aGVp ciBvd24gYXV0aG9yaXphdGlvbiBjb2RlIG9yIGFjY2VzcyB0b2tlbiwgd2hpY2ggY2FuCiAgIHJl c3VsdCBpbiB0aGUgY2xpZW50IHVzaW5nIGFuIGFjY2VzcyB0b2tlbiBhc3NvY2lhdGVkIHdpdGgg dGhlCiAgIGF0dGFja2VyJ3MgcHJvdGVjdGVkIHJlc291cmNlcyByYXRoZXIgdGhhbiB0aGUgdmlj dGltJ3MgKGUuZy4gc2F2ZQogICB0aGUgdmljdGltJ3MgYmFuayBhY2NvdW50IGluZm9ybWF0aW9u IHRvIGEgcHJvdGVjdGVkIHJlc291cmNlCiAgIGNvbnRyb2xsZWQgYnkgdGhlIGF0dGFja2VyKS4K CiAgIFRoZSBjbGllbnQgTVVTVCBpbXBsZW1lbnQgQ1NSRiBwcm90ZWN0aW9uIGZvciBpdHMgcmVk aXJlY3Rpb24gVVJJLgogICBUaGlzIGlzIHR5cGljYWxseSBhY2NvbXBsaXNoZWQgYnkgcmVxdWly aW5nIGFueSByZXF1ZXN0IHNlbnQgdG8gdGhlCiAgIHJlZGlyZWN0aW9uIFVSSSBlbmRwb2ludCB0 byBpbmNsdWRlIGEgdmFsdWUgdGhhdCBiaW5kcyB0aGUgcmVxdWVzdCB0bwogICB0aGUgdXNlci1h Z2VudCdzIGF1dGhlbnRpY2F0ZWQgc3RhdGUgKGUuZy4gYSBoYXNoIG9mIHRoZSBzZXNzaW9uCiAg IGNvb2tpZSB1c2VkIHRvIGF1dGhlbnRpY2F0ZSB0aGUgdXNlci1hZ2VudCkuICBUaGUgY2xpZW50 IFNIT1VMRAogICB1dGlsaXplIHRoZSAic3RhdGUiIHJlcXVlc3QgcGFyYW1ldGVyIHRvIGRlbGl2 ZXIgdGhpcyB2YWx1ZSB0byB0aGUKICAgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgd2hlbiBtYWtpbmcg YW4gYXV0aG9yaXphdGlvbiByZXF1ZXN0LgoKICAgT25jZSBhdXRob3JpemF0aW9uIGhhcyBiZWVu IG9idGFpbmVkIGZyb20gdGhlIGVuZC11c2VyLCB0aGUKICAgYXV0aG9yaXphdGlvbiBzZXJ2ZXIg cmVkaXJlY3RzIHRoZSBlbmQtdXNlcidzIHVzZXItYWdlbnQgYmFjayB0byB0aGUKICAgY2xpZW50 IHdpdGggdGhlIHJlcXVpcmVkIGJpbmRpbmcgdmFsdWUgY29udGFpbmVkIGluIHRoZSAic3RhdGUi CiAgIHBhcmFtZXRlci4gIFRoZSBiaW5kaW5nIHZhbHVlIGVuYWJsZXMgdGhlIGNsaWVudCB0byB2 ZXJpZnkgdGhlCiAgIHZhbGlkaXR5IG9mIHRoZSByZXF1ZXN0IGJ5IG1hdGNoaW5nIHRoZSBiaW5k aW5nIHZhbHVlIHRvIHRoZSB1c2VyLQogICBhZ2VudCdzIGF1dGhlbnRpY2F0ZWQgc3RhdGUuICBU aGUgYmluZGluZyB2YWx1ZSB1c2VkIGZvciBDU1JGCiAgIHByb3RlY3Rpb24gTVVTVCBjb250YWlu IGEgbm9uLWd1ZXNzYWJsZSB2YWx1ZSAoYXMgZGVzY3JpYmVkIGluCiAgIFNlY3Rpb24gMTAuMTAp LCBhbmQgdGhlIHVzZXItYWdlbnQncyBhdXRoZW50aWNhdGVkIHN0YXRlIChlLmcuCiAgIHNlc3Np b24gY29va2llLCBIVE1MNSBsb2NhbCBzdG9yYWdlKSBNVVNUIGJlIGtlcHQgaW4gYSBsb2NhdGlv bgogICBhY2Nlc3NpYmxlIG9ubHkgdG8gdGhlIGNsaWVudCBhbmQgdGhlIHVzZXItYWdlbnQgKGku ZS4sIHByb3RlY3RlZCBieQogICBzYW1lLW9yaWdpbiBwb2xpY3kpLgoKICAgQSBDU1JGIGF0dGFj ayBhZ2FpbnN0IHRoZSBhdXRob3JpemF0aW9uIHNlcnZlcidzIGF1dGhvcml6YXRpb24KICAgZW5k cG9pbnQgY2FuIHJlc3VsdCBpbiBhbiBhdHRhY2tlciBvYnRhaW5pbmcgZW5kLXVzZXIgYXV0aG9y aXphdGlvbgogICBmb3IgYSBtYWxpY2lvdXMgY2xpZW50IHdpdGhvdXQgaW52b2x2aW5nIG9yIGFs ZXJ0aW5nIHRoZSBlbmQtdXNlci4KCiAgIFRoZSBhdXRob3JpemF0aW9uIHNlcnZlciBNVVNUIGlt cGxlbWVudCBDU1JGIHByb3RlY3Rpb24gZm9yIGl0cwogICBhdXRob3JpemF0aW9uIGVuZHBvaW50 LCBhbmQgZW5zdXJlIHRoYXQgYSBtYWxpY2lvdXMgY2xpZW50IGNhbm5vdAogICBvYnRhaW4gYXV0 aG9yaXphdGlvbiB3aXRob3V0IHRoZSBhd2FyZW5lc3MgYW5kIGV4cGxpY2l0IGNvbnNlbnQgb2YK ICAgdGhlIHJlc291cmNlIG93bmVyLgoKMTAuMTMuICBDbGlja2phY2tpbmcKCiAgIEluIGEgY2xp Y2tqYWNraW5nIGF0dGFjaywgYW4gYXR0YWNrZXIgcmVnaXN0ZXJzIGEgbGVnaXRpbWF0ZSBjbGll bnQKICAgYW5kIHRoZW4gY29uc3RydWN0cyBhIG1hbGljaW91cyBzaXRlIGluIHdoaWNoIGl0IGxv YWRzIHRoZQogICBhdXRob3JpemF0aW9uIHNlcnZlcidzIGF1dGhvcml6YXRpb24gZW5kcG9pbnQg d2ViIHBhZ2UgaW4gYQogICB0cmFuc3BhcmVudCBpZnJhbWUgb3ZlcmxhaWQgb24gdG9wIG9mIGEg c2V0IG9mIGR1bW15IGJ1dHRvbnMgd2hpY2gKICAgYXJlIGNhcmVmdWxseSBjb25zdHJ1Y3RlZCB0 byBiZSBwbGFjZWQgZGlyZWN0bHkgdW5kZXIgaW1wb3J0YW50CiAgIGJ1dHRvbnMgb24gdGhlIGF1 dGhvcml6YXRpb24gcGFnZS4gIFdoZW4gYW4gZW5kLXVzZXIgY2xpY2tzIGEKICAgbWlzbGVhZGlu ZyB2aXNpYmxlIGJ1dHRvbiwgdGhlIGVuZC11c2VyIGlzIGFjdHVhbGx5IGNsaWNraW5nIGFuCiAg IGludmlzaWJsZSBidXR0b24gb24gdGhlIGF1dGhvcml6YXRpb24gcGFnZSAoc3VjaCBhcyBhbiAi QXV0aG9yaXplIgogICBidXR0b24pLiAgVGhpcyBhbGxvd3MgYW4gYXR0YWNrZXIgdG8gdHJpY2sg YSByZXNvdXJjZSBvd25lciBpbnRvCiAgIGdyYW50aW5nIGl0cyBjbGllbnQgYWNjZXNzIHdpdGhv dXQgdGhlaXIga25vd2xlZGdlLgoKCgoKSGFyZHQgJiBSZWNvcmRvbiAgICAgICAgRXhwaXJlcyBK YW51YXJ5IDEwLCAyMDEzICAgICAgICAgICAgICAgW1BhZ2UgNTVdCgwKSW50ZXJuZXQtRHJhZnQg ICAgICAgICAgICAgICAgICBPQXV0aCAyLjAgICAgICAgICAgICAgICAgICAgICAgSnVseSAyMDEy CgoKICAgVG8gcHJldmVudCB0aGlzIGZvcm0gb2YgYXR0YWNrLCBuYXRpdmUgYXBwbGljYXRpb25z IFNIT1VMRCB1c2UKICAgZXh0ZXJuYWwgYnJvd3NlcnMgaW5zdGVhZCBvZiBlbWJlZGRpbmcgYnJv d3NlcnMgd2l0aGluIHRoZQogICBhcHBsaWNhdGlvbiB3aGVuIHJlcXVlc3RpbmcgZW5kLXVzZXIg YXV0aG9yaXphdGlvbi4gIEZvciBtb3N0IG5ld2VyCiAgIGJyb3dzZXJzLCBhdm9pZGFuY2Ugb2Yg aWZyYW1lcyBjYW4gYmUgZW5mb3JjZWQgYnkgdGhlIGF1dGhvcml6YXRpb24KICAgc2VydmVyIHVz aW5nIHRoZSAobm9uLXN0YW5kYXJkKSAieC1mcmFtZS1vcHRpb25zIiBoZWFkZXIuICBUaGlzCiAg IGhlYWRlciBjYW4gaGF2ZSB0d28gdmFsdWVzLCAiZGVueSIgYW5kICJzYW1lb3JpZ2luIiwgd2hp Y2ggd2lsbCBibG9jawogICBhbnkgZnJhbWluZywgb3IgZnJhbWluZyBieSBzaXRlcyB3aXRoIGEg ZGlmZmVyZW50IG9yaWdpbiwKICAgcmVzcGVjdGl2ZWx5LiAgRm9yIG9sZGVyIGJyb3dzZXJzLCBK YXZhU2NyaXB0IGZyYW1lYnVzdGluZyB0ZWNobmlxdWVzCiAgIGNhbiBiZSB1c2VkIGJ1dCBtYXkg bm90IGJlIGVmZmVjdGl2ZSBpbiBhbGwgYnJvd3NlcnMuCgoxMC4xNC4gIENvZGUgSW5qZWN0aW9u IGFuZCBJbnB1dCBWYWxpZGF0aW9uCgogICBBIGNvZGUgaW5qZWN0aW9uIGF0dGFjayBvY2N1cnMg d2hlbiBhbiBpbnB1dCBvciBvdGhlcndpc2UgZXh0ZXJuYWwKICAgdmFyaWFibGUgaXMgdXNlZCBi eSBhbiBhcHBsaWNhdGlvbiB1bnNhbml0aXplZCBhbmQgY2F1c2VzCiAgIG1vZGlmaWNhdGlvbiB0 byB0aGUgYXBwbGljYXRpb24gbG9naWMuICBUaGlzIG1heSBhbGxvdyBhbiBhdHRhY2tlciB0bwog ICBnYWluIGFjY2VzcyB0byB0aGUgYXBwbGljYXRpb24gZGV2aWNlIG9yIGl0cyBkYXRhLCBjYXVz ZSBkZW5pYWwgb2YKICAgc2VydmljZSwgb3IgYSB3aWRlIHJhbmdlIG9mIG1hbGljaW91cyBzaWRl LWVmZmVjdHMuCgogICBUaGUgQXV0aG9yaXphdGlvbiBzZXJ2ZXIgYW5kIGNsaWVudCBNVVNUIHNh bml0aXplIChhbmQgdmFsaWRhdGUgd2hlbgogICBwb3NzaWJsZSkgYW55IHZhbHVlIHJlY2VpdmVk LCBpbiBwYXJ0aWN1bGFyLCB0aGUgdmFsdWUgb2YgdGhlICJzdGF0ZSIKICAgYW5kICJyZWRpcmVj dF91cmkiIHBhcmFtZXRlcnMuCgoxMC4xNS4gIE9wZW4gUmVkaXJlY3RvcnMKCiAgIFRoZSBhdXRo b3JpemF0aW9uIHNlcnZlciBhdXRob3JpemF0aW9uIGVuZHBvaW50IGFuZCB0aGUgY2xpZW50CiAg IHJlZGlyZWN0aW9uIGVuZHBvaW50IGNhbiBiZSBpbXByb3Blcmx5IGNvbmZpZ3VyZWQgYW5kIG9w ZXJhdGUgYXMgb3BlbgogICByZWRpcmVjdG9ycy4gIEFuIG9wZW4gcmVkaXJlY3RvciBpcyBhbiBl bmRwb2ludCB1c2luZyBhIHBhcmFtZXRlciB0bwogICBhdXRvbWF0aWNhbGx5IHJlZGlyZWN0IGEg dXNlci1hZ2VudCB0byB0aGUgbG9jYXRpb24gc3BlY2lmaWVkIGJ5IHRoZQogICBwYXJhbWV0ZXIg dmFsdWUgd2l0aG91dCBhbnkgdmFsaWRhdGlvbi4KCiAgIE9wZW4gcmVkaXJlY3RvcnMgY2FuIGJl IHVzZWQgaW4gcGhpc2hpbmcgYXR0YWNrcywgb3IgYnkgYW4gYXR0YWNrZXIKICAgdG8gZ2V0IGVu ZC11c2VycyB0byB2aXNpdCBtYWxpY2lvdXMgc2l0ZXMgYnkgbWFraW5nIHRoZSBVUkkncwogICBh dXRob3JpdHkgbG9vayBsaWtlIGEgZmFtaWxpYXIgYW5kIHRydXN0ZWQgZGVzdGluYXRpb24uICBJ biBhZGRpdGlvbiwKICAgaWYgdGhlIGF1dGhvcml6YXRpb24gc2VydmVyIGFsbG93cyB0aGUgY2xp ZW50IHRvIHJlZ2lzdGVyIG9ubHkgcGFydAogICBvZiB0aGUgcmVkaXJlY3Rpb24gVVJJLCBhbiBh dHRhY2tlciBjYW4gdXNlIGFuIG9wZW4gcmVkaXJlY3RvcgogICBvcGVyYXRlZCBieSB0aGUgY2xp ZW50IHRvIGNvbnN0cnVjdCBhIHJlZGlyZWN0aW9uIFVSSSB0aGF0IHdpbGwgcGFzcwogICB0aGUg YXV0aG9yaXphdGlvbiBzZXJ2ZXIgdmFsaWRhdGlvbiBidXQgd2lsbCBzZW5kIHRoZSBhdXRob3Jp emF0aW9uCiAgIGNvZGUgb3IgYWNjZXNzIHRva2VuIHRvIGFuIGVuZHBvaW50IHVuZGVyIHRoZSBj b250cm9sIG9mIHRoZQogICBhdHRhY2tlci4KCjEwLjE2LiAgTWlzdXNlIG9mIEFjY2VzcyBUb2tl biB0byBJbXBlcnNvbmF0ZSBSZXNvdXJjZSBPd25lciBhdCBQdWJsaWMKICAgICAgICBDbGllbnQK CiAgIEZvciBwdWJsaWMgY2xpZW50cyB1c2luZyBpbXBsaWNpdCBmbG93cywgdGhpcyBzcGVjaWZp Y2F0aW9uIGRvZXMgbm90CiAgIHByb3ZpZGUgYW55IG1ldGhvZCBmb3IgdGhlIGNsaWVudCB0byBk ZXRlcm1pbmUgd2hhdCBjbGllbnQgYW4gYWNjZXNzCiAgIHRva2VuIHdhcyBpc3N1ZWQgdG8uCgog ICBBIFJlc291cmNlIE93bmVyIG1heSB3aWxsaW5nbHkgZGVsZWdhdGUgYWNjZXNzIHRvIGEgcmVz b3VyY2UgYnkKCgoKSGFyZHQgJiBSZWNvcmRvbiAgICAgICAgRXhwaXJlcyBKYW51YXJ5IDEwLCAy MDEzICAgICAgICAgICAgICAgW1BhZ2UgNTZdCgwKSW50ZXJuZXQtRHJhZnQgICAgICAgICAgICAg ICAgICBPQXV0aCAyLjAgICAgICAgICAgICAgICAgICAgICAgSnVseSAyMDEyCgoKICAgZ3JhbnRp bmcgYW4gYWNjZXNzIHRva2VuIHRvIGFuIGF0dGFja2VyJ3MgbWFsaWNpb3VzIGNsaWVudC4gIFRo aXMgbWF5CiAgIGJlIGR1ZSB0byBQaGlzaGluZyBvciBzb21lIG90aGVyIHByZXRleHQuICBBbiBh dHRhY2tlciBtYXkgYWxzbyBzdGVhbAogICBhIHRva2VuIHZpYSBzb21lIG90aGVyIG1lY2hhbmlz bS4gIEFuIGF0dGFja2VyIG1heSB0aGVuIGF0dGVtcHQgdG8KICAgaW1wZXJzb25hdGUgdGhlIHJl c291cmNlIG93bmVyIGJ5IHByb3ZpZGluZyB0aGUgYWNjZXNzIHRva2VuIHRvIGEKICAgbGVnaXRp bWF0ZSBwdWJsaWMgY2xpZW50LgoKICAgSW4gdGhlIGltcGxpY2l0IGZsb3cgKHJlc3BvbnNlX3R5 cGU9dG9rZW4pLCB0aGUgYXR0YWNrZXIgY2FuIGVhc2lseQogICBzd2l0Y2ggdGhlIHRva2VuIGlu IHRoZSByZXNwb25zZSBmcm9tIHRoZSBhdXRob3JpemF0aW9uIHNlcnZlciwKICAgcmVwbGFjaW5n IHRoZSByZWFsIGFjY2Vzc190b2tlbiB3aXRoIHRoZSBvbmUgcHJldmlvdXNseSBpc3N1ZWQgdG8g dGhlCiAgIGF0dGFja2VyLgoKICAgU2VydmVycyBjb21tdW5pY2F0aW5nIHdpdGggbmF0aXZlIGFw cGxpY2F0aW9ucyB0aGF0IHJlbHkgb24gYmVpbmcKICAgcGFzc2VkIGFuIGFjY2VzcyB0b2tlbiBp biB0aGUgYmFjayBjaGFubmVsIHRvIGlkZW50aWZ5IHRoZSB1c2VyIG9mCiAgIHRoZSBjbGllbnQg bWF5IGJlIHNpbWlsYXJseSBjb21wcm9taXNlZCBieSBhbiBhdHRhY2tlciBjcmVhdGluZyBhCiAg IGNvbXByb21pc2VkIGFwcGxpY2F0aW9uIHRoYXQgY2FuIGluamVjdCBhcmJpdHJhcnkgc3RvbGVu IGFjY2VzcwogICB0b2tlbnMuCgogICBBbnkgcHVibGljIGNsaWVudCB0aGF0IG1ha2VzIHRoZSBh c3N1bXB0aW9uIHRoYXQgb25seSB0aGUgcmVzb3VyY2UKICAgb3duZXIgY2FuIHByZXNlbnQgdGhl bSB3aXRoIGEgdmFsaWQgYWNjZXNzIHRva2VuIGZvciB0aGUgcmVzb3VyY2UgaXMKICAgdnVsbmVy YWJsZSB0byB0aGlzIGF0dGFjay4KCiAgIFRoaXMgYXR0YWNrIG1heSBleHBvc2UgaW5mb3JtYXRp b24gYWJvdXQgdGhlIHJlc291cmNlIG93bmVyIGF0IHRoZQogICBsZWdpdGltYXRlIGNsaWVudCB0 byB0aGUgYXR0YWNrZXIgKG1hbGljaW91cyBjbGllbnQpLiAgVGhpcyB3aWxsIGFsc28KICAgYWxs b3cgdGhlIGF0dGFja2VyIHRvIHBlcmZvcm0gb3BlcmF0aW9ucyBhdCB0aGUgbGVnaXRpbWF0ZSBj bGllbnQKICAgd2l0aCB0aGUgc2FtZSBwZXJtaXNzaW9ucyBhcyB0aGUgcmVzb3VyY2Ugb3duZXIg d2hvIG9yaWdpbmFsbHkKICAgZ3JhbnRlZCB0aGUgYWNjZXNzIHRva2VuIG9yIGF1dGhvcml6YXRp b24gY29kZS4KCiAgIEF1dGhlbnRpY2F0aW5nIFJlc291cmNlIE93bmVycyB0byBjbGllbnRzIGlz IG91dCBvZiBzY29wZSBmb3IgdGhpcwogICBzcGVjaWZpY2F0aW9uLiAgQW55IHNwZWNpZmljYXRp b24gdGhhdCB1c2VzIHRoZSBhdXRob3JpemF0aW9uIHByb2Nlc3MKICAgYXMgYSBmb3JtIG9mIGRl bGVnYXRlZCBlbmQtdXNlciBhdXRoZW50aWNhdGlvbiB0byB0aGUgY2xpZW50IChlLmcuCiAgIHRo aXJkLXBhcnR5IHNpZ24taW4gc2VydmljZSkgTVVTVCBOT1QgdXNlIHRoZSBpbXBsaWNpdCBmbG93 IHdpdGhvdXQKICAgYWRkaXRpb25hbCBzZWN1cml0eSBtZWNoYW5pc21zIHN1Y2ggYXMgYXVkaWVu Y2UgcmVzdHJpY3RpbmcgdGhlCiAgIGFjY2VzcyB0b2tlbiB0aGF0IGVuYWJsZSB0aGUgY2xpZW50 IHRvIGRldGVybWluZSBpZiB0aGUgYWNjZXNzIHRva2VuCiAgIHdhcyBpc3N1ZWQgZm9yIGl0cyB1 c2UuCgoKMTEuICBJQU5BIENvbnNpZGVyYXRpb25zCgoxMS4xLiAgVGhlIE9BdXRoIEFjY2VzcyBU b2tlbiBUeXBlIFJlZ2lzdHJ5CgogICBUaGlzIHNwZWNpZmljYXRpb24gZXN0YWJsaXNoZXMgdGhl IE9BdXRoIGFjY2VzcyB0b2tlbiB0eXBlIHJlZ2lzdHJ5LgoKICAgQWNjZXNzIHRva2VuIHR5cGVz IGFyZSByZWdpc3RlcmVkIHdpdGggYSBTcGVjaWZpY2F0aW9uIFJlcXVpcmVkCiAgIChbUkZDNTIy Nl0pIGFmdGVyIGEgdHdvIHdlZWsgcmV2aWV3IHBlcmlvZCBvbiB0aGUgW1RCRF1AaWV0Zi5vcmcK ICAgbWFpbGluZyBsaXN0LCBvbiB0aGUgYWR2aWNlIG9mIG9uZSBvciBtb3JlIERlc2lnbmF0ZWQg RXhwZXJ0cy4KICAgSG93ZXZlciwgdG8gYWxsb3cgZm9yIHRoZSBhbGxvY2F0aW9uIG9mIHZhbHVl cyBwcmlvciB0byBwdWJsaWNhdGlvbiwKICAgdGhlIERlc2lnbmF0ZWQgRXhwZXJ0KHMpIG1heSBh cHByb3ZlIHJlZ2lzdHJhdGlvbiBvbmNlIHRoZXkgYXJlCiAgIHNhdGlzZmllZCB0aGF0IHN1Y2gg YSBzcGVjaWZpY2F0aW9uIHdpbGwgYmUgcHVibGlzaGVkLgoKCgpIYXJkdCAmIFJlY29yZG9uICAg ICAgICBFeHBpcmVzIEphbnVhcnkgMTAsIDIwMTMgICAgICAgICAgICAgICBbUGFnZSA1N10KDApJ bnRlcm5ldC1EcmFmdCAgICAgICAgICAgICAgICAgIE9BdXRoIDIuMCAgICAgICAgICAgICAgICAg ICAgICBKdWx5IDIwMTIKCgogICBSZWdpc3RyYXRpb24gcmVxdWVzdHMgbXVzdCBiZSBzZW50IHRv IHRoZSBbVEJEXUBpZXRmLm9yZyBtYWlsaW5nIGxpc3QKICAgZm9yIHJldmlldyBhbmQgY29tbWVu dCwgd2l0aCBhbiBhcHByb3ByaWF0ZSBzdWJqZWN0IChlLmcuLCAiUmVxdWVzdAogICBmb3IgYWNj ZXNzIHRva2VuIHR5cGU6IGV4YW1wbGUiKS4gW1sgTm90ZSB0byBSRkMtRURJVE9SOiBUaGUgbmFt ZSBvZgogICB0aGUgbWFpbGluZyBsaXN0IHNob3VsZCBiZSBkZXRlcm1pbmVkIGluIGNvbnN1bHRh dGlvbiB3aXRoIHRoZSBJRVNHCiAgIGFuZCBJQU5BLiAgU3VnZ2VzdGVkIG5hbWU6IG9hdXRoLWV4 dC1yZXZpZXcuIF1dCgogICBXaXRoaW4gdGhlIHJldmlldyBwZXJpb2QsIHRoZSBEZXNpZ25hdGVk IEV4cGVydChzKSB3aWxsIGVpdGhlcgogICBhcHByb3ZlIG9yIGRlbnkgdGhlIHJlZ2lzdHJhdGlv biByZXF1ZXN0LCBjb21tdW5pY2F0aW5nIHRoaXMgZGVjaXNpb24KICAgdG8gdGhlIHJldmlldyBs aXN0IGFuZCBJQU5BLiAgRGVuaWFscyBzaG91bGQgaW5jbHVkZSBhbiBleHBsYW5hdGlvbgogICBh bmQsIGlmIGFwcGxpY2FibGUsIHN1Z2dlc3Rpb25zIGFzIHRvIGhvdyB0byBtYWtlIHRoZSByZXF1 ZXN0CiAgIHN1Y2Nlc3NmdWwuCgogICBJQU5BIG11c3Qgb25seSBhY2NlcHQgcmVnaXN0cnkgdXBk YXRlcyBmcm9tIHRoZSBEZXNpZ25hdGVkIEV4cGVydChzKSwKICAgYW5kIHNob3VsZCBkaXJlY3Qg YWxsIHJlcXVlc3RzIGZvciByZWdpc3RyYXRpb24gdG8gdGhlIHJldmlldyBtYWlsaW5nCiAgIGxp c3QuCgoxMS4xLjEuICBSZWdpc3RyYXRpb24gVGVtcGxhdGUKCiAgIFR5cGUgbmFtZToKICAgICAg VGhlIG5hbWUgcmVxdWVzdGVkIChlLmcuLCAiZXhhbXBsZSIpLgogICBBZGRpdGlvbmFsIFRva2Vu IEVuZHBvaW50IFJlc3BvbnNlIFBhcmFtZXRlcnM6CiAgICAgIEFkZGl0aW9uYWwgcmVzcG9uc2Ug cGFyYW1ldGVycyByZXR1cm5lZCB0b2dldGhlciB3aXRoIHRoZQogICAgICAiYWNjZXNzX3Rva2Vu IiBwYXJhbWV0ZXIuICBOZXcgcGFyYW1ldGVycyBNVVNUIGJlIHNlcGFyYXRlbHkKICAgICAgcmVn aXN0ZXJlZCBpbiB0aGUgT0F1dGggcGFyYW1ldGVycyByZWdpc3RyeSBhcyBkZXNjcmliZWQgYnkK ICAgICAgU2VjdGlvbiAxMS4yLgogICBIVFRQIEF1dGhlbnRpY2F0aW9uIFNjaGVtZShzKToKICAg ICAgVGhlIEhUVFAgYXV0aGVudGljYXRpb24gc2NoZW1lIG5hbWUocyksIGlmIGFueSwgdXNlZCB0 bwogICAgICBhdXRoZW50aWNhdGUgcHJvdGVjdGVkIHJlc291cmNlcyByZXF1ZXN0cyB1c2luZyBh Y2Nlc3MgdG9rZW5zIG9mCiAgICAgIHRoaXMgdHlwZS4KICAgQ2hhbmdlIGNvbnRyb2xsZXI6CiAg ICAgIEZvciBzdGFuZGFyZHMtdHJhY2sgUkZDcywgc3RhdGUgIklFVEYiLiAgRm9yIG90aGVycywg Z2l2ZSB0aGUgbmFtZQogICAgICBvZiB0aGUgcmVzcG9uc2libGUgcGFydHkuICBPdGhlciBkZXRh aWxzIChlLmcuLCBwb3N0YWwgYWRkcmVzcywKICAgICAgZS1tYWlsIGFkZHJlc3MsIGhvbWUgcGFn ZSBVUkkpIG1heSBhbHNvIGJlIGluY2x1ZGVkLgogICBTcGVjaWZpY2F0aW9uIGRvY3VtZW50KHMp OgogICAgICBSZWZlcmVuY2UgdG8gdGhlIGRvY3VtZW50IHRoYXQgc3BlY2lmaWVzIHRoZSBwYXJh bWV0ZXIsIHByZWZlcmFibHkKICAgICAgaW5jbHVkaW5nIGEgVVJJIHRoYXQgY2FuIGJlIHVzZWQg dG8gcmV0cmlldmUgYSBjb3B5IG9mIHRoZQogICAgICBkb2N1bWVudC4gIEFuIGluZGljYXRpb24g b2YgdGhlIHJlbGV2YW50IHNlY3Rpb25zIG1heSBhbHNvIGJlCiAgICAgIGluY2x1ZGVkLCBidXQg aXMgbm90IHJlcXVpcmVkLgoKMTEuMi4gIFRoZSBPQXV0aCBQYXJhbWV0ZXJzIFJlZ2lzdHJ5Cgog ICBUaGlzIHNwZWNpZmljYXRpb24gZXN0YWJsaXNoZXMgdGhlIE9BdXRoIHBhcmFtZXRlcnMgcmVn aXN0cnkuCgogICBBZGRpdGlvbmFsIHBhcmFtZXRlcnMgZm9yIGluY2x1c2lvbiBpbiB0aGUgYXV0 aG9yaXphdGlvbiBlbmRwb2ludAogICByZXF1ZXN0LCB0aGUgYXV0aG9yaXphdGlvbiBlbmRwb2lu dCByZXNwb25zZSwgdGhlIHRva2VuIGVuZHBvaW50CiAgIHJlcXVlc3QsIG9yIHRoZSB0b2tlbiBl bmRwb2ludCByZXNwb25zZSBhcmUgcmVnaXN0ZXJlZCB3aXRoIGEKICAgU3BlY2lmaWNhdGlvbiBS ZXF1aXJlZCAoW1JGQzUyMjZdKSBhZnRlciBhIHR3byB3ZWVrIHJldmlldyBwZXJpb2Qgb24KICAg dGhlIFtUQkRdQGlldGYub3JnIG1haWxpbmcgbGlzdCwgb24gdGhlIGFkdmljZSBvZiBvbmUgb3Ig bW9yZQoKCgpIYXJkdCAmIFJlY29yZG9uICAgICAgICBFeHBpcmVzIEphbnVhcnkgMTAsIDIwMTMg ICAgICAgICAgICAgICBbUGFnZSA1OF0KDApJbnRlcm5ldC1EcmFmdCAgICAgICAgICAgICAgICAg IE9BdXRoIDIuMCAgICAgICAgICAgICAgICAgICAgICBKdWx5IDIwMTIKCgogICBEZXNpZ25hdGVk IEV4cGVydHMuICBIb3dldmVyLCB0byBhbGxvdyBmb3IgdGhlIGFsbG9jYXRpb24gb2YgdmFsdWVz CiAgIHByaW9yIHRvIHB1YmxpY2F0aW9uLCB0aGUgRGVzaWduYXRlZCBFeHBlcnQocykgbWF5IGFw cHJvdmUKICAgcmVnaXN0cmF0aW9uIG9uY2UgdGhleSBhcmUgc2F0aXNmaWVkIHRoYXQgc3VjaCBh IHNwZWNpZmljYXRpb24gd2lsbAogICBiZSBwdWJsaXNoZWQuCgogICBSZWdpc3RyYXRpb24gcmVx dWVzdHMgbXVzdCBiZSBzZW50IHRvIHRoZSBbVEJEXUBpZXRmLm9yZyBtYWlsaW5nIGxpc3QKICAg Zm9yIHJldmlldyBhbmQgY29tbWVudCwgd2l0aCBhbiBhcHByb3ByaWF0ZSBzdWJqZWN0IChlLmcu LCAiUmVxdWVzdAogICBmb3IgcGFyYW1ldGVyOiBleGFtcGxlIikuIFtbIE5vdGUgdG8gUkZDLUVE SVRPUjogVGhlIG5hbWUgb2YgdGhlCiAgIG1haWxpbmcgbGlzdCBzaG91bGQgYmUgZGV0ZXJtaW5l ZCBpbiBjb25zdWx0YXRpb24gd2l0aCB0aGUgSUVTRyBhbmQKICAgSUFOQS4gIFN1Z2dlc3RlZCBu YW1lOiBvYXV0aC1leHQtcmV2aWV3LiBdXQoKICAgV2l0aGluIHRoZSByZXZpZXcgcGVyaW9kLCB0 aGUgRGVzaWduYXRlZCBFeHBlcnQocykgd2lsbCBlaXRoZXIKICAgYXBwcm92ZSBvciBkZW55IHRo ZSByZWdpc3RyYXRpb24gcmVxdWVzdCwgY29tbXVuaWNhdGluZyB0aGlzIGRlY2lzaW9uCiAgIHRv IHRoZSByZXZpZXcgbGlzdCBhbmQgSUFOQS4gIERlbmlhbHMgc2hvdWxkIGluY2x1ZGUgYW4gZXhw bGFuYXRpb24KICAgYW5kLCBpZiBhcHBsaWNhYmxlLCBzdWdnZXN0aW9ucyBhcyB0byBob3cgdG8g bWFrZSB0aGUgcmVxdWVzdAogICBzdWNjZXNzZnVsLgoKICAgSUFOQSBtdXN0IG9ubHkgYWNjZXB0 IHJlZ2lzdHJ5IHVwZGF0ZXMgZnJvbSB0aGUgRGVzaWduYXRlZCBFeHBlcnQocyksCiAgIGFuZCBz aG91bGQgZGlyZWN0IGFsbCByZXF1ZXN0cyBmb3IgcmVnaXN0cmF0aW9uIHRvIHRoZSByZXZpZXcg bWFpbGluZwogICBsaXN0LgoKMTEuMi4xLiAgUmVnaXN0cmF0aW9uIFRlbXBsYXRlCgogICBQYXJh bWV0ZXIgbmFtZToKICAgICAgVGhlIG5hbWUgcmVxdWVzdGVkIChlLmcuLCAiZXhhbXBsZSIpLgog ICBQYXJhbWV0ZXIgdXNhZ2UgbG9jYXRpb246CiAgICAgIFRoZSBsb2NhdGlvbihzKSB3aGVyZSBw YXJhbWV0ZXIgY2FuIGJlIHVzZWQuICBUaGUgcG9zc2libGUKICAgICAgbG9jYXRpb25zIGFyZTog YXV0aG9yaXphdGlvbiByZXF1ZXN0LCBhdXRob3JpemF0aW9uIHJlc3BvbnNlLAogICAgICB0b2tl biByZXF1ZXN0LCBvciB0b2tlbiByZXNwb25zZS4KICAgQ2hhbmdlIGNvbnRyb2xsZXI6CiAgICAg IEZvciBzdGFuZGFyZHMtdHJhY2sgUkZDcywgc3RhdGUgIklFVEYiLiAgRm9yIG90aGVycywgZ2l2 ZSB0aGUgbmFtZQogICAgICBvZiB0aGUgcmVzcG9uc2libGUgcGFydHkuICBPdGhlciBkZXRhaWxz IChlLmcuLCBwb3N0YWwgYWRkcmVzcywKICAgICAgZS1tYWlsIGFkZHJlc3MsIGhvbWUgcGFnZSBV UkkpIG1heSBhbHNvIGJlIGluY2x1ZGVkLgogICBTcGVjaWZpY2F0aW9uIGRvY3VtZW50KHMpOgog ICAgICBSZWZlcmVuY2UgdG8gdGhlIGRvY3VtZW50IHRoYXQgc3BlY2lmaWVzIHRoZSBwYXJhbWV0 ZXIsIHByZWZlcmFibHkKICAgICAgaW5jbHVkaW5nIGEgVVJJIHRoYXQgY2FuIGJlIHVzZWQgdG8g cmV0cmlldmUgYSBjb3B5IG9mIHRoZQogICAgICBkb2N1bWVudC4gIEFuIGluZGljYXRpb24gb2Yg dGhlIHJlbGV2YW50IHNlY3Rpb25zIG1heSBhbHNvIGJlCiAgICAgIGluY2x1ZGVkLCBidXQgaXMg bm90IHJlcXVpcmVkLgoKMTEuMi4yLiAgSW5pdGlhbCBSZWdpc3RyeSBDb250ZW50cwoKICAgVGhl IE9BdXRoIFBhcmFtZXRlcnMgUmVnaXN0cnkncyBpbml0aWFsIGNvbnRlbnRzIGFyZToKCiAgIG8g IFBhcmFtZXRlciBuYW1lOiBjbGllbnRfaWQKICAgbyAgUGFyYW1ldGVyIHVzYWdlIGxvY2F0aW9u OiBhdXRob3JpemF0aW9uIHJlcXVlc3QsIHRva2VuIHJlcXVlc3QKICAgbyAgQ2hhbmdlIGNvbnRy b2xsZXI6IElFVEYKCgoKCgpIYXJkdCAmIFJlY29yZG9uICAgICAgICBFeHBpcmVzIEphbnVhcnkg MTAsIDIwMTMgICAgICAgICAgICAgICBbUGFnZSA1OV0KDApJbnRlcm5ldC1EcmFmdCAgICAgICAg ICAgICAgICAgIE9BdXRoIDIuMCAgICAgICAgICAgICAgICAgICAgICBKdWx5IDIwMTIKCgogICBv ICBTcGVjaWZpY2F0aW9uIGRvY3VtZW50KHMpOiBbWyB0aGlzIGRvY3VtZW50IF1dCgogICBvICBQ YXJhbWV0ZXIgbmFtZTogY2xpZW50X3NlY3JldAogICBvICBQYXJhbWV0ZXIgdXNhZ2UgbG9jYXRp b246IHRva2VuIHJlcXVlc3QKICAgbyAgQ2hhbmdlIGNvbnRyb2xsZXI6IElFVEYKICAgbyAgU3Bl Y2lmaWNhdGlvbiBkb2N1bWVudChzKTogW1sgdGhpcyBkb2N1bWVudCBdXQoKICAgbyAgUGFyYW1l dGVyIG5hbWU6IHJlc3BvbnNlX3R5cGUKICAgbyAgUGFyYW1ldGVyIHVzYWdlIGxvY2F0aW9uOiBh dXRob3JpemF0aW9uIHJlcXVlc3QKICAgbyAgQ2hhbmdlIGNvbnRyb2xsZXI6IElFVEYKICAgbyAg U3BlY2lmaWNhdGlvbiBkb2N1bWVudChzKTogW1sgdGhpcyBkb2N1bWVudCBdXQoKICAgbyAgUGFy YW1ldGVyIG5hbWU6IHJlZGlyZWN0X3VyaQogICBvICBQYXJhbWV0ZXIgdXNhZ2UgbG9jYXRpb246 IGF1dGhvcml6YXRpb24gcmVxdWVzdCwgdG9rZW4gcmVxdWVzdAogICBvICBDaGFuZ2UgY29udHJv bGxlcjogSUVURgogICBvICBTcGVjaWZpY2F0aW9uIGRvY3VtZW50KHMpOiBbWyB0aGlzIGRvY3Vt ZW50IF1dCgogICBvICBQYXJhbWV0ZXIgbmFtZTogc2NvcGUKICAgbyAgUGFyYW1ldGVyIHVzYWdl IGxvY2F0aW9uOiBhdXRob3JpemF0aW9uIHJlcXVlc3QsIGF1dGhvcml6YXRpb24KICAgICAgcmVz cG9uc2UsIHRva2VuIHJlcXVlc3QsIHRva2VuIHJlc3BvbnNlCiAgIG8gIENoYW5nZSBjb250cm9s bGVyOiBJRVRGCiAgIG8gIFNwZWNpZmljYXRpb24gZG9jdW1lbnQocyk6IFtbIHRoaXMgZG9jdW1l bnQgXV0KCiAgIG8gIFBhcmFtZXRlciBuYW1lOiBzdGF0ZQogICBvICBQYXJhbWV0ZXIgdXNhZ2Ug bG9jYXRpb246IGF1dGhvcml6YXRpb24gcmVxdWVzdCwgYXV0aG9yaXphdGlvbgogICAgICByZXNw b25zZQogICBvICBDaGFuZ2UgY29udHJvbGxlcjogSUVURgogICBvICBTcGVjaWZpY2F0aW9uIGRv Y3VtZW50KHMpOiBbWyB0aGlzIGRvY3VtZW50IF1dCgogICBvICBQYXJhbWV0ZXIgbmFtZTogY29k ZQogICBvICBQYXJhbWV0ZXIgdXNhZ2UgbG9jYXRpb246IGF1dGhvcml6YXRpb24gcmVzcG9uc2Us IHRva2VuIHJlcXVlc3QKICAgbyAgQ2hhbmdlIGNvbnRyb2xsZXI6IElFVEYKICAgbyAgU3BlY2lm aWNhdGlvbiBkb2N1bWVudChzKTogW1sgdGhpcyBkb2N1bWVudCBdXQoKICAgbyAgUGFyYW1ldGVy IG5hbWU6IGVycm9yX2Rlc2NyaXB0aW9uCiAgIG8gIFBhcmFtZXRlciB1c2FnZSBsb2NhdGlvbjog YXV0aG9yaXphdGlvbiByZXNwb25zZSwgdG9rZW4gcmVzcG9uc2UKICAgbyAgQ2hhbmdlIGNvbnRy b2xsZXI6IElFVEYKICAgbyAgU3BlY2lmaWNhdGlvbiBkb2N1bWVudChzKTogW1sgdGhpcyBkb2N1 bWVudCBdXQoKICAgbyAgUGFyYW1ldGVyIG5hbWU6IGVycm9yX3VyaQogICBvICBQYXJhbWV0ZXIg dXNhZ2UgbG9jYXRpb246IGF1dGhvcml6YXRpb24gcmVzcG9uc2UsIHRva2VuIHJlc3BvbnNlCiAg IG8gIENoYW5nZSBjb250cm9sbGVyOiBJRVRGCiAgIG8gIFNwZWNpZmljYXRpb24gZG9jdW1lbnQo cyk6IFtbIHRoaXMgZG9jdW1lbnQgXV0KCiAgIG8gIFBhcmFtZXRlciBuYW1lOiBncmFudF90eXBl CiAgIG8gIFBhcmFtZXRlciB1c2FnZSBsb2NhdGlvbjogdG9rZW4gcmVxdWVzdAoKCgoKCkhhcmR0 ICYgUmVjb3Jkb24gICAgICAgIEV4cGlyZXMgSmFudWFyeSAxMCwgMjAxMyAgICAgICAgICAgICAg IFtQYWdlIDYwXQoMCkludGVybmV0LURyYWZ0ICAgICAgICAgICAgICAgICAgT0F1dGggMi4wICAg ICAgICAgICAgICAgICAgICAgIEp1bHkgMjAxMgoKCiAgIG8gIENoYW5nZSBjb250cm9sbGVyOiBJ RVRGCiAgIG8gIFNwZWNpZmljYXRpb24gZG9jdW1lbnQocyk6IFtbIHRoaXMgZG9jdW1lbnQgXV0K CiAgIG8gIFBhcmFtZXRlciBuYW1lOiBhY2Nlc3NfdG9rZW4KICAgbyAgUGFyYW1ldGVyIHVzYWdl IGxvY2F0aW9uOiBhdXRob3JpemF0aW9uIHJlc3BvbnNlLCB0b2tlbiByZXNwb25zZQogICBvICBD aGFuZ2UgY29udHJvbGxlcjogSUVURgogICBvICBTcGVjaWZpY2F0aW9uIGRvY3VtZW50KHMpOiBb WyB0aGlzIGRvY3VtZW50IF1dCgogICBvICBQYXJhbWV0ZXIgbmFtZTogdG9rZW5fdHlwZQogICBv ICBQYXJhbWV0ZXIgdXNhZ2UgbG9jYXRpb246IGF1dGhvcml6YXRpb24gcmVzcG9uc2UsIHRva2Vu IHJlc3BvbnNlCiAgIG8gIENoYW5nZSBjb250cm9sbGVyOiBJRVRGCiAgIG8gIFNwZWNpZmljYXRp b24gZG9jdW1lbnQocyk6IFtbIHRoaXMgZG9jdW1lbnQgXV0KCiAgIG8gIFBhcmFtZXRlciBuYW1l OiBleHBpcmVzX2luCiAgIG8gIFBhcmFtZXRlciB1c2FnZSBsb2NhdGlvbjogYXV0aG9yaXphdGlv biByZXNwb25zZSwgdG9rZW4gcmVzcG9uc2UKICAgbyAgQ2hhbmdlIGNvbnRyb2xsZXI6IElFVEYK ICAgbyAgU3BlY2lmaWNhdGlvbiBkb2N1bWVudChzKTogW1sgdGhpcyBkb2N1bWVudCBdXQoKICAg byAgUGFyYW1ldGVyIG5hbWU6IHVzZXJuYW1lCiAgIG8gIFBhcmFtZXRlciB1c2FnZSBsb2NhdGlv bjogdG9rZW4gcmVxdWVzdAogICBvICBDaGFuZ2UgY29udHJvbGxlcjogSUVURgogICBvICBTcGVj aWZpY2F0aW9uIGRvY3VtZW50KHMpOiBbWyB0aGlzIGRvY3VtZW50IF1dCgogICBvICBQYXJhbWV0 ZXIgbmFtZTogcGFzc3dvcmQKICAgbyAgUGFyYW1ldGVyIHVzYWdlIGxvY2F0aW9uOiB0b2tlbiBy ZXF1ZXN0CiAgIG8gIENoYW5nZSBjb250cm9sbGVyOiBJRVRGCiAgIG8gIFNwZWNpZmljYXRpb24g ZG9jdW1lbnQocyk6IFtbIHRoaXMgZG9jdW1lbnQgXV0KCiAgIG8gIFBhcmFtZXRlciBuYW1lOiBy ZWZyZXNoX3Rva2VuCiAgIG8gIFBhcmFtZXRlciB1c2FnZSBsb2NhdGlvbjogdG9rZW4gcmVxdWVz dCwgdG9rZW4gcmVzcG9uc2UKICAgbyAgQ2hhbmdlIGNvbnRyb2xsZXI6IElFVEYKICAgbyAgU3Bl Y2lmaWNhdGlvbiBkb2N1bWVudChzKTogW1sgdGhpcyBkb2N1bWVudCBdXQoKMTEuMy4gIFRoZSBP QXV0aCBBdXRob3JpemF0aW9uIEVuZHBvaW50IFJlc3BvbnNlIFR5cGUgUmVnaXN0cnkKCiAgIFRo aXMgc3BlY2lmaWNhdGlvbiBlc3RhYmxpc2hlcyB0aGUgT0F1dGggYXV0aG9yaXphdGlvbiBlbmRw b2ludAogICByZXNwb25zZSB0eXBlIHJlZ2lzdHJ5LgoKICAgQWRkaXRpb25hbCByZXNwb25zZSB0 eXBlIGZvciB1c2Ugd2l0aCB0aGUgYXV0aG9yaXphdGlvbiBlbmRwb2ludCBhcmUKICAgcmVnaXN0 ZXJlZCB3aXRoIGEgU3BlY2lmaWNhdGlvbiBSZXF1aXJlZCAoW1JGQzUyMjZdKSBhZnRlciBhIHR3 byB3ZWVrCiAgIHJldmlldyBwZXJpb2Qgb24gdGhlIFtUQkRdQGlldGYub3JnIG1haWxpbmcgbGlz dCwgb24gdGhlIGFkdmljZSBvZgogICBvbmUgb3IgbW9yZSBEZXNpZ25hdGVkIEV4cGVydHMuICBI b3dldmVyLCB0byBhbGxvdyBmb3IgdGhlIGFsbG9jYXRpb24KICAgb2YgdmFsdWVzIHByaW9yIHRv IHB1YmxpY2F0aW9uLCB0aGUgRGVzaWduYXRlZCBFeHBlcnQocykgbWF5IGFwcHJvdmUKICAgcmVn aXN0cmF0aW9uIG9uY2UgdGhleSBhcmUgc2F0aXNmaWVkIHRoYXQgc3VjaCBhIHNwZWNpZmljYXRp b24gd2lsbAogICBiZSBwdWJsaXNoZWQuCgogICBSZWdpc3RyYXRpb24gcmVxdWVzdHMgbXVzdCBi ZSBzZW50IHRvIHRoZSBbVEJEXUBpZXRmLm9yZyBtYWlsaW5nIGxpc3QKICAgZm9yIHJldmlldyBh bmQgY29tbWVudCwgd2l0aCBhbiBhcHByb3ByaWF0ZSBzdWJqZWN0IChlLmcuLCAiUmVxdWVzdAoK CgpIYXJkdCAmIFJlY29yZG9uICAgICAgICBFeHBpcmVzIEphbnVhcnkgMTAsIDIwMTMgICAgICAg ICAgICAgICBbUGFnZSA2MV0KDApJbnRlcm5ldC1EcmFmdCAgICAgICAgICAgICAgICAgIE9BdXRo IDIuMCAgICAgICAgICAgICAgICAgICAgICBKdWx5IDIwMTIKCgogICBmb3IgcmVzcG9uc2UgdHlw ZTogZXhhbXBsZSIpLiBbWyBOb3RlIHRvIFJGQy1FRElUT1I6IFRoZSBuYW1lIG9mIHRoZQogICBt YWlsaW5nIGxpc3Qgc2hvdWxkIGJlIGRldGVybWluZWQgaW4gY29uc3VsdGF0aW9uIHdpdGggdGhl IElFU0cgYW5kCiAgIElBTkEuICBTdWdnZXN0ZWQgbmFtZTogb2F1dGgtZXh0LXJldmlldy4gXV0K CiAgIFdpdGhpbiB0aGUgcmV2aWV3IHBlcmlvZCwgdGhlIERlc2lnbmF0ZWQgRXhwZXJ0KHMpIHdp bGwgZWl0aGVyCiAgIGFwcHJvdmUgb3IgZGVueSB0aGUgcmVnaXN0cmF0aW9uIHJlcXVlc3QsIGNv bW11bmljYXRpbmcgdGhpcyBkZWNpc2lvbgogICB0byB0aGUgcmV2aWV3IGxpc3QgYW5kIElBTkEu ICBEZW5pYWxzIHNob3VsZCBpbmNsdWRlIGFuIGV4cGxhbmF0aW9uCiAgIGFuZCwgaWYgYXBwbGlj YWJsZSwgc3VnZ2VzdGlvbnMgYXMgdG8gaG93IHRvIG1ha2UgdGhlIHJlcXVlc3QKICAgc3VjY2Vz c2Z1bC4KCiAgIElBTkEgbXVzdCBvbmx5IGFjY2VwdCByZWdpc3RyeSB1cGRhdGVzIGZyb20gdGhl IERlc2lnbmF0ZWQgRXhwZXJ0KHMpLAogICBhbmQgc2hvdWxkIGRpcmVjdCBhbGwgcmVxdWVzdHMg Zm9yIHJlZ2lzdHJhdGlvbiB0byB0aGUgcmV2aWV3IG1haWxpbmcKICAgbGlzdC4KCjExLjMuMS4g IFJlZ2lzdHJhdGlvbiBUZW1wbGF0ZQoKICAgUmVzcG9uc2UgdHlwZSBuYW1lOgogICAgICBUaGUg bmFtZSByZXF1ZXN0ZWQgKGUuZy4sICJleGFtcGxlIikuCiAgIENoYW5nZSBjb250cm9sbGVyOgog ICAgICBGb3Igc3RhbmRhcmRzLXRyYWNrIFJGQ3MsIHN0YXRlICJJRVRGIi4gIEZvciBvdGhlcnMs IGdpdmUgdGhlIG5hbWUKICAgICAgb2YgdGhlIHJlc3BvbnNpYmxlIHBhcnR5LiAgT3RoZXIgZGV0 YWlscyAoZS5nLiwgcG9zdGFsIGFkZHJlc3MsCiAgICAgIGUtbWFpbCBhZGRyZXNzLCBob21lIHBh Z2UgVVJJKSBtYXkgYWxzbyBiZSBpbmNsdWRlZC4KICAgU3BlY2lmaWNhdGlvbiBkb2N1bWVudChz KToKICAgICAgUmVmZXJlbmNlIHRvIHRoZSBkb2N1bWVudCB0aGF0IHNwZWNpZmllcyB0aGUgdHlw ZSwgcHJlZmVyYWJseQogICAgICBpbmNsdWRpbmcgYSBVUkkgdGhhdCBjYW4gYmUgdXNlZCB0byBy ZXRyaWV2ZSBhIGNvcHkgb2YgdGhlCiAgICAgIGRvY3VtZW50LiAgQW4gaW5kaWNhdGlvbiBvZiB0 aGUgcmVsZXZhbnQgc2VjdGlvbnMgbWF5IGFsc28gYmUKICAgICAgaW5jbHVkZWQsIGJ1dCBpcyBu b3QgcmVxdWlyZWQuCgoxMS4zLjIuICBJbml0aWFsIFJlZ2lzdHJ5IENvbnRlbnRzCgogICBUaGUg T0F1dGggQXV0aG9yaXphdGlvbiBFbmRwb2ludCBSZXNwb25zZSBUeXBlIFJlZ2lzdHJ5J3MgaW5p dGlhbAogICBjb250ZW50cyBhcmU6CgogICBvICBSZXNwb25zZSB0eXBlIG5hbWU6IGNvZGUKICAg byAgQ2hhbmdlIGNvbnRyb2xsZXI6IElFVEYKICAgbyAgU3BlY2lmaWNhdGlvbiBkb2N1bWVudChz KTogW1sgdGhpcyBkb2N1bWVudCBdXQoKICAgbyAgUmVzcG9uc2UgdHlwZSBuYW1lOiB0b2tlbgog ICBvICBDaGFuZ2UgY29udHJvbGxlcjogSUVURgogICBvICBTcGVjaWZpY2F0aW9uIGRvY3VtZW50 KHMpOiBbWyB0aGlzIGRvY3VtZW50IF1dCgoxMS40LiAgVGhlIE9BdXRoIEV4dGVuc2lvbnMgRXJy b3IgUmVnaXN0cnkKCiAgIFRoaXMgc3BlY2lmaWNhdGlvbiBlc3RhYmxpc2hlcyB0aGUgT0F1dGgg ZXh0ZW5zaW9ucyBlcnJvciByZWdpc3RyeS4KCiAgIEFkZGl0aW9uYWwgZXJyb3IgY29kZXMgdXNl ZCB0b2dldGhlciB3aXRoIG90aGVyIHByb3RvY29sIGV4dGVuc2lvbnMKICAgKGkuZS4gZXh0ZW5z aW9uIGdyYW50IHR5cGVzLCBhY2Nlc3MgdG9rZW4gdHlwZXMsIG9yIGV4dGVuc2lvbgogICBwYXJh bWV0ZXJzKSBhcmUgcmVnaXN0ZXJlZCB3aXRoIGEgU3BlY2lmaWNhdGlvbiBSZXF1aXJlZCAoW1JG QzUyMjZdKQoKCgpIYXJkdCAmIFJlY29yZG9uICAgICAgICBFeHBpcmVzIEphbnVhcnkgMTAsIDIw MTMgICAgICAgICAgICAgICBbUGFnZSA2Ml0KDApJbnRlcm5ldC1EcmFmdCAgICAgICAgICAgICAg ICAgIE9BdXRoIDIuMCAgICAgICAgICAgICAgICAgICAgICBKdWx5IDIwMTIKCgogICBhZnRlciBh IHR3byB3ZWVrIHJldmlldyBwZXJpb2Qgb24gdGhlIFtUQkRdQGlldGYub3JnIG1haWxpbmcgbGlz dCwgb24KICAgdGhlIGFkdmljZSBvZiBvbmUgb3IgbW9yZSBEZXNpZ25hdGVkIEV4cGVydHMuICBI b3dldmVyLCB0byBhbGxvdyBmb3IKICAgdGhlIGFsbG9jYXRpb24gb2YgdmFsdWVzIHByaW9yIHRv IHB1YmxpY2F0aW9uLCB0aGUgRGVzaWduYXRlZAogICBFeHBlcnQocykgbWF5IGFwcHJvdmUgcmVn aXN0cmF0aW9uIG9uY2UgdGhleSBhcmUgc2F0aXNmaWVkIHRoYXQgc3VjaAogICBhIHNwZWNpZmlj YXRpb24gd2lsbCBiZSBwdWJsaXNoZWQuCgogICBSZWdpc3RyYXRpb24gcmVxdWVzdHMgbXVzdCBi ZSBzZW50IHRvIHRoZSBbVEJEXUBpZXRmLm9yZyBtYWlsaW5nIGxpc3QKICAgZm9yIHJldmlldyBh bmQgY29tbWVudCwgd2l0aCBhbiBhcHByb3ByaWF0ZSBzdWJqZWN0IChlLmcuLCAiUmVxdWVzdAog ICBmb3IgZXJyb3IgY29kZTogZXhhbXBsZSIpLiBbWyBOb3RlIHRvIFJGQy1FRElUT1I6IFRoZSBu YW1lIG9mIHRoZQogICBtYWlsaW5nIGxpc3Qgc2hvdWxkIGJlIGRldGVybWluZWQgaW4gY29uc3Vs dGF0aW9uIHdpdGggdGhlIElFU0cgYW5kCiAgIElBTkEuICBTdWdnZXN0ZWQgbmFtZTogb2F1dGgt ZXh0LXJldmlldy4gXV0KCiAgIFdpdGhpbiB0aGUgcmV2aWV3IHBlcmlvZCwgdGhlIERlc2lnbmF0 ZWQgRXhwZXJ0KHMpIHdpbGwgZWl0aGVyCiAgIGFwcHJvdmUgb3IgZGVueSB0aGUgcmVnaXN0cmF0 aW9uIHJlcXVlc3QsIGNvbW11bmljYXRpbmcgdGhpcyBkZWNpc2lvbgogICB0byB0aGUgcmV2aWV3 IGxpc3QgYW5kIElBTkEuICBEZW5pYWxzIHNob3VsZCBpbmNsdWRlIGFuIGV4cGxhbmF0aW9uCiAg IGFuZCwgaWYgYXBwbGljYWJsZSwgc3VnZ2VzdGlvbnMgYXMgdG8gaG93IHRvIG1ha2UgdGhlIHJl cXVlc3QKICAgc3VjY2Vzc2Z1bC4KCiAgIElBTkEgbXVzdCBvbmx5IGFjY2VwdCByZWdpc3RyeSB1 cGRhdGVzIGZyb20gdGhlIERlc2lnbmF0ZWQgRXhwZXJ0KHMpLAogICBhbmQgc2hvdWxkIGRpcmVj dCBhbGwgcmVxdWVzdHMgZm9yIHJlZ2lzdHJhdGlvbiB0byB0aGUgcmV2aWV3IG1haWxpbmcKICAg bGlzdC4KCjExLjQuMS4gIFJlZ2lzdHJhdGlvbiBUZW1wbGF0ZQoKICAgRXJyb3IgbmFtZToKICAg ICAgVGhlIG5hbWUgcmVxdWVzdGVkIChlLmcuLCAiZXhhbXBsZSIpLiAgVmFsdWVzIGZvciB0aGUg ZXJyb3IgbmFtZQogICAgICBNVVNUIE5PVCBpbmNsdWRlIGNoYXJhY3RlcnMgb3V0c2lkZSB0aGUg c2V0ICV4MjAtMjEgLyAleDIzLTVCIC8KICAgICAgJXg1RC03RS4KICAgRXJyb3IgdXNhZ2UgbG9j YXRpb246CiAgICAgIFRoZSBsb2NhdGlvbihzKSB3aGVyZSB0aGUgZXJyb3IgY2FuIGJlIHVzZWQu ICBUaGUgcG9zc2libGUKICAgICAgbG9jYXRpb25zIGFyZTogYXV0aG9yaXphdGlvbiBjb2RlIGdy YW50IGVycm9yIHJlc3BvbnNlCiAgICAgIChTZWN0aW9uIDQuMS4yLjEpLCBpbXBsaWNpdCBncmFu dCBlcnJvciByZXNwb25zZQogICAgICAoU2VjdGlvbiA0LjIuMi4xKSwgdG9rZW4gZXJyb3IgcmVz cG9uc2UgKFNlY3Rpb24gNS4yKSwgb3IgcmVzb3VyY2UKICAgICAgYWNjZXNzIGVycm9yIHJlc3Bv bnNlIChTZWN0aW9uIDcuMikuCiAgIFJlbGF0ZWQgcHJvdG9jb2wgZXh0ZW5zaW9uOgogICAgICBU aGUgbmFtZSBvZiB0aGUgZXh0ZW5zaW9uIGdyYW50IHR5cGUsIGFjY2VzcyB0b2tlbiB0eXBlLCBv cgogICAgICBleHRlbnNpb24gcGFyYW1ldGVyLCB0aGUgZXJyb3IgY29kZSBpcyB1c2VkIGluIGNv bmp1bmN0aW9uIHdpdGguCiAgIENoYW5nZSBjb250cm9sbGVyOgogICAgICBGb3Igc3RhbmRhcmRz LXRyYWNrIFJGQ3MsIHN0YXRlICJJRVRGIi4gIEZvciBvdGhlcnMsIGdpdmUgdGhlIG5hbWUKICAg ICAgb2YgdGhlIHJlc3BvbnNpYmxlIHBhcnR5LiAgT3RoZXIgZGV0YWlscyAoZS5nLiwgcG9zdGFs IGFkZHJlc3MsCiAgICAgIGUtbWFpbCBhZGRyZXNzLCBob21lIHBhZ2UgVVJJKSBtYXkgYWxzbyBi ZSBpbmNsdWRlZC4KICAgU3BlY2lmaWNhdGlvbiBkb2N1bWVudChzKToKICAgICAgUmVmZXJlbmNl IHRvIHRoZSBkb2N1bWVudCB0aGF0IHNwZWNpZmllcyB0aGUgZXJyb3IgY29kZSwKICAgICAgcHJl ZmVyYWJseSBpbmNsdWRpbmcgYSBVUkkgdGhhdCBjYW4gYmUgdXNlZCB0byByZXRyaWV2ZSBhIGNv cHkgb2YKICAgICAgdGhlIGRvY3VtZW50LiAgQW4gaW5kaWNhdGlvbiBvZiB0aGUgcmVsZXZhbnQg c2VjdGlvbnMgbWF5IGFsc28gYmUKICAgICAgaW5jbHVkZWQsIGJ1dCBpcyBub3QgcmVxdWlyZWQu CgoKCgoKSGFyZHQgJiBSZWNvcmRvbiAgICAgICAgRXhwaXJlcyBKYW51YXJ5IDEwLCAyMDEzICAg ICAgICAgICAgICAgW1BhZ2UgNjNdCgwKSW50ZXJuZXQtRHJhZnQgICAgICAgICAgICAgICAgICBP QXV0aCAyLjAgICAgICAgICAgICAgICAgICAgICAgSnVseSAyMDEyCgoKMTIuICBSZWZlcmVuY2Vz CgoxMi4xLiAgTm9ybWF0aXZlIFJlZmVyZW5jZXMKCiAgIFtSRkMyMTE5XSAgQnJhZG5lciwgUy4s ICJLZXkgd29yZHMgZm9yIHVzZSBpbiBSRkNzIHRvIEluZGljYXRlCiAgICAgICAgICAgICAgUmVx dWlyZW1lbnQgTGV2ZWxzIiwgQkNQIDE0LCBSRkMgMjExOSwgTWFyY2ggMTk5Ny4KCiAgIFtSRkMy MjQ2XSAgRGllcmtzLCBULiBhbmQgQy4gQWxsZW4sICJUaGUgVExTIFByb3RvY29sIFZlcnNpb24g MS4wIiwKICAgICAgICAgICAgICBSRkMgMjI0NiwgSmFudWFyeSAxOTk5LgoKICAgW1JGQzI2MTZd ICBGaWVsZGluZywgUi4sIEdldHR5cywgSi4sIE1vZ3VsLCBKLiwgRnJ5c3R5aywgSC4sCiAgICAg ICAgICAgICAgTWFzaW50ZXIsIEwuLCBMZWFjaCwgUC4sIGFuZCBULiBCZXJuZXJzLUxlZSwgIkh5 cGVydGV4dAogICAgICAgICAgICAgIFRyYW5zZmVyIFByb3RvY29sIC0tIEhUVFAvMS4xIiwgUkZD IDI2MTYsIEp1bmUgMTk5OS4KCiAgIFtSRkMyNjE3XSAgRnJhbmtzLCBKLiwgSGFsbGFtLUJha2Vy LCBQLiwgSG9zdGV0bGVyLCBKLiwgTGF3cmVuY2UsIFMuLAogICAgICAgICAgICAgIExlYWNoLCBQ LiwgTHVvdG9uZW4sIEEuLCBhbmQgTC4gU3Rld2FydCwgIkhUVFAKICAgICAgICAgICAgICBBdXRo ZW50aWNhdGlvbjogQmFzaWMgYW5kIERpZ2VzdCBBY2Nlc3MgQXV0aGVudGljYXRpb24iLAogICAg ICAgICAgICAgIFJGQyAyNjE3LCBKdW5lIDE5OTkuCgogICBbUkZDMjgxOF0gIFJlc2NvcmxhLCBF LiwgIkhUVFAgT3ZlciBUTFMiLCBSRkMgMjgxOCwgTWF5IDIwMDAuCgogICBbUkZDMzk4Nl0gIEJl cm5lcnMtTGVlLCBULiwgRmllbGRpbmcsIFIuLCBhbmQgTC4gTWFzaW50ZXIsICJVbmlmb3JtCiAg ICAgICAgICAgICAgUmVzb3VyY2UgSWRlbnRpZmllciAoVVJJKTogR2VuZXJpYyBTeW50YXgiLCBT VEQgNjYsCiAgICAgICAgICAgICAgUkZDIDM5ODYsIEphbnVhcnkgMjAwNS4KCiAgIFtSRkM0NjI3 XSAgQ3JvY2tmb3JkLCBELiwgIlRoZSBhcHBsaWNhdGlvbi9qc29uIE1lZGlhIFR5cGUgZm9yCiAg ICAgICAgICAgICAgSmF2YVNjcmlwdCBPYmplY3QgTm90YXRpb24gKEpTT04pIiwgUkZDIDQ2Mjcs IEp1bHkgMjAwNi4KCiAgIFtSRkM0OTQ5XSAgU2hpcmV5LCBSLiwgIkludGVybmV0IFNlY3VyaXR5 IEdsb3NzYXJ5LCBWZXJzaW9uIDIiLAogICAgICAgICAgICAgIFJGQyA0OTQ5LCBBdWd1c3QgMjAw Ny4KCiAgIFtSRkM1MjI2XSAgTmFydGVuLCBULiBhbmQgSC4gQWx2ZXN0cmFuZCwgIkd1aWRlbGlu ZXMgZm9yIFdyaXRpbmcgYW4KICAgICAgICAgICAgICBJQU5BIENvbnNpZGVyYXRpb25zIFNlY3Rp b24gaW4gUkZDcyIsIEJDUCAyNiwgUkZDIDUyMjYsCiAgICAgICAgICAgICAgTWF5IDIwMDguCgog ICBbUkZDNTIzNF0gIENyb2NrZXIsIEQuIGFuZCBQLiBPdmVyZWxsLCAiQXVnbWVudGVkIEJORiBm b3IgU3ludGF4CiAgICAgICAgICAgICAgU3BlY2lmaWNhdGlvbnM6IEFCTkYiLCBTVEQgNjgsIFJG QyA1MjM0LCBKYW51YXJ5IDIwMDguCgogICBbUkZDNTI0Nl0gIERpZXJrcywgVC4gYW5kIEUuIFJl c2NvcmxhLCAiVGhlIFRyYW5zcG9ydCBMYXllciBTZWN1cml0eQogICAgICAgICAgICAgIChUTFMp IFByb3RvY29sIFZlcnNpb24gMS4yIiwgUkZDIDUyNDYsIEF1Z3VzdCAyMDA4LgoKICAgW1JGQzYx MjVdICBTYWludC1BbmRyZSwgUC4gYW5kIEouIEhvZGdlcywgIlJlcHJlc2VudGF0aW9uIGFuZAog ICAgICAgICAgICAgIFZlcmlmaWNhdGlvbiBvZiBEb21haW4tQmFzZWQgQXBwbGljYXRpb24gU2Vy dmljZSBJZGVudGl0eQogICAgICAgICAgICAgIHdpdGhpbiBJbnRlcm5ldCBQdWJsaWMgS2V5IElu ZnJhc3RydWN0dXJlIFVzaW5nIFguNTA5CiAgICAgICAgICAgICAgKFBLSVgpIENlcnRpZmljYXRl cyBpbiB0aGUgQ29udGV4dCBvZiBUcmFuc3BvcnQgTGF5ZXIKICAgICAgICAgICAgICBTZWN1cml0 eSAoVExTKSIsIFJGQyA2MTI1LCBNYXJjaCAyMDExLgoKICAgW1VTQVNDSUldICBBbWVyaWNhbiBO YXRpb25hbCBTdGFuZGFyZHMgSW5zdGl0dXRlLCAiQ29kZWQgQ2hhcmFjdGVyCgoKCkhhcmR0ICYg UmVjb3Jkb24gICAgICAgIEV4cGlyZXMgSmFudWFyeSAxMCwgMjAxMyAgICAgICAgICAgICAgIFtQ YWdlIDY0XQoMCkludGVybmV0LURyYWZ0ICAgICAgICAgICAgICAgICAgT0F1dGggMi4wICAgICAg ICAgICAgICAgICAgICAgIEp1bHkgMjAxMgoKCiAgICAgICAgICAgICAgU2V0IC0tIDctYml0IEFt ZXJpY2FuIFN0YW5kYXJkIENvZGUgZm9yIEluZm9ybWF0aW9uCiAgICAgICAgICAgICAgSW50ZXJj aGFuZ2UiLCBBTlNJIFgzLjQsIDE5ODYuCgogICBbVzNDLlJFQy1odG1sNDAxLTE5OTkxMjI0XQog ICAgICAgICAgICAgIEhvcnMsIEEuLCBSYWdnZXR0LCBELiwgYW5kIEkuIEphY29icywgIkhUTUwg NC4wMQogICAgICAgICAgICAgIFNwZWNpZmljYXRpb24iLCBXb3JsZCBXaWRlIFdlYiBDb25zb3J0 aXVtCiAgICAgICAgICAgICAgUmVjb21tZW5kYXRpb24gUkVDLWh0bWw0MDEtMTk5OTEyMjQsIERl Y2VtYmVyIDE5OTksCiAgICAgICAgICAgICAgPGh0dHA6Ly93d3cudzMub3JnL1RSLzE5OTkvUkVD LWh0bWw0MDEtMTk5OTEyMjQ+LgoKMTIuMi4gIEluZm9ybWF0aXZlIFJlZmVyZW5jZXMKCiAgIFtJ LUQuZHJhZnQtaGFyZHQtb2F1dGgtMDFdCiAgICAgICAgICAgICAgSGFyZHQsIEQuLCBFZC4sIFRv bSwgQS4sIEVhdG9uLCBCLiwgYW5kIFkuIEdvbGFuZCwgIk9BdXRoCiAgICAgICAgICAgICAgV2Vi IFJlc291cmNlIEF1dGhvcml6YXRpb24gUHJvZmlsZXMiLCBKYW51YXJ5IDIwMTAuCgogICBbSS1E LmlldGYtb2F1dGgtc2FtbDItYmVhcmVyXQogICAgICAgICAgICAgIENhbXBiZWxsLCBCLiBhbmQg Qy4gTW9ydGltb3JlLCAiU0FNTCAyLjAgQmVhcmVyIEFzc2VydGlvbgogICAgICAgICAgICAgIFBy b2ZpbGVzIGZvciBPQXV0aCAyLjAiLCBkcmFmdC1pZXRmLW9hdXRoLXNhbWwyLWJlYXJlci0xMwog ICAgICAgICAgICAgICh3b3JrIGluIHByb2dyZXNzKSwgSnVseSAyMDEyLgoKICAgW0ktRC5pZXRm LW9hdXRoLXYyLWJlYXJlcl0KICAgICAgICAgICAgICBKb25lcywgTS4sIEhhcmR0LCBELiwgYW5k IEQuIFJlY29yZG9uLCAiVGhlIE9BdXRoIDIuMAogICAgICAgICAgICAgIEF1dGhvcml6YXRpb24g RnJhbWV3b3JrOiBCZWFyZXIgVG9rZW4gVXNhZ2UiLAogICAgICAgICAgICAgIGRyYWZ0LWlldGYt b2F1dGgtdjItYmVhcmVyLTIxICh3b3JrIGluIHByb2dyZXNzKSwKICAgICAgICAgICAgICBKdW5l IDIwMTIuCgogICBbSS1ELmlldGYtb2F1dGgtdjItaHR0cC1tYWNdCiAgICAgICAgICAgICAgSGFt bWVyLUxhaGF2LCBFLiwgIkhUVFAgQXV0aGVudGljYXRpb246IE1BQyBBY2Nlc3MKICAgICAgICAg ICAgICBBdXRoZW50aWNhdGlvbiIsIGRyYWZ0LWlldGYtb2F1dGgtdjItaHR0cC1tYWMtMDEgKHdv cmsgaW4KICAgICAgICAgICAgICBwcm9ncmVzcyksIEZlYnJ1YXJ5IDIwMTIuCgogICBbSS1ELmll dGYtb2F1dGgtdjItdGhyZWF0bW9kZWxdCiAgICAgICAgICAgICAgTG9kZGVyc3RlZHQsIFQuLCBN Y0dsb2luLCBNLiwgYW5kIFAuIEh1bnQsICJPQXV0aCAyLjAKICAgICAgICAgICAgICBUaHJlYXQg TW9kZWwgYW5kIFNlY3VyaXR5IENvbnNpZGVyYXRpb25zIiwKICAgICAgICAgICAgICBkcmFmdC1p ZXRmLW9hdXRoLXYyLXRocmVhdG1vZGVsLTA2ICh3b3JrIGluIHByb2dyZXNzKSwKICAgICAgICAg ICAgICBKdW5lIDIwMTIuCgogICBbUkZDNTg0OV0gIEhhbW1lci1MYWhhdiwgRS4sICJUaGUgT0F1 dGggMS4wIFByb3RvY29sIiwgUkZDIDU4NDksCiAgICAgICAgICAgICAgQXByaWwgMjAxMC4KCiAg IFtVTklDT0RFNV0KICAgICAgICAgICAgICBUaGUgVW5pY29kZSBDb25zb3J0aXVtLCAiVGhlIFVu aWNvZGUgU3RhbmRhcmQgLSBWZXJzaW9uCiAgICAgICAgICAgICAgNS4wIiwgTm92ZW1iZXIgMjAw Ni4KCgpBcHBlbmRpeCBBLiAgQXVnbWVudGVkIEJhY2t1cy1OYXVyIEZvcm0gKEFCTkYpIFN5bnRh eAoKICAgVGhpcyBzZWN0aW9uIHByb3ZpZGVzIEF1Z21lbnRlZCBCYWNrdXMtTmF1ciBGb3JtIChB Qk5GKSBzeW50YXgKCgoKSGFyZHQgJiBSZWNvcmRvbiAgICAgICAgRXhwaXJlcyBKYW51YXJ5IDEw LCAyMDEzICAgICAgICAgICAgICAgW1BhZ2UgNjVdCgwKSW50ZXJuZXQtRHJhZnQgICAgICAgICAg ICAgICAgICBPQXV0aCAyLjAgICAgICAgICAgICAgICAgICAgICAgSnVseSAyMDEyCgoKICAgZGVz Y3JpcHRpb25zIGZvciB0aGUgZWxlbWVudHMgZGVmaW5lZCBpbiB0aGlzIHNwZWNpZmljYXRpb24g dXNpbmcgdGhlCiAgIG5vdGF0aW9uIG9mIFtSRkM1MjM0XS4gIFRoZSBBQk5GIGJlbG93IGlzIGRl ZmluZWQgaW4gdGVybXMgb2YgVW5pY29kZQogICBjb2RlIHBvaW50cyBbVU5JQ09ERTVdOyB0aGVz ZSBjaGFyYWN0ZXJzIGFyZSB0eXBpY2FsbHkgZW5jb2RlZCBpbgogICBVVEYtOC4gIEVsZW1lbnRz IGFyZSBwcmVzZW50ZWQgaW4gdGhlIG9yZGVyIGZpcnN0IGRlZmluZWQuCgogICBTb21lIG9mIHRo ZSBkZWZpbml0aW9ucyB0aGF0IGZvbGxvdyB1c2UgdGhlICJVUkktcmVmZXJlbmNlIgogICBkZWZp bml0aW9uIGZyb20gW1JGQzM5ODZdLgoKICAgU29tZSBvZiB0aGUgZGVmaW5pdGlvbnMgdGhhdCBm b2xsb3cgdXNlIHRoZXNlIGNvbW1vbiBkZWZpbml0aW9uczoKCiAgVlNDSEFSICAgICA9ICV4MjAt N0UKICBOUUNIQVIgICAgID0gJXgyMSAvICV4MjMtNUIgLyAleDVELTdFCiAgTlFTQ0hBUiAgICA9 ICV4MjAtMjEgLyAleDIzLTVCIC8gJXg1RC03RQogIFVOSUNPREVOT0NUUkxDSEFSID0gPEFueSBV bmljb2RlIGNoYXJhY3RlciBvdGhlciB0aGFuICgleDAtMUYgLyAleDdGKT4KCkEuMS4gICJjbGll bnRfaWQiIFN5bnRheAoKICAgVGhlICJjbGllbnRfaWQiIGVsZW1lbnQgaXMgZGVmaW5lZCBpbiBT ZWN0aW9uIDIuMy4xOgoKICAgICBjbGllbnQtaWQgICAgID0gKlZTQ0hBUgoKQS4yLiAgImNsaWVu dF9zZWNyZXQiIFN5bnRheAoKICAgVGhlICJjbGllbnRfc2VjcmV0IiBlbGVtZW50IGlzIGRlZmlu ZWQgaW4gU2VjdGlvbiAyLjMuMToKCiAgICAgY2xpZW50LXNlY3JldCA9ICpWU0NIQVIKCkEuMy4g ICJyZXNwb25zZV90eXBlIiBTeW50YXgKCiAgIFRoZSAicmVzcG9uc2VfdHlwZSIgZWxlbWVudCBp cyBkZWZpbmVkIGluIFNlY3Rpb24gMy4xLjEgYW5kCiAgIFNlY3Rpb24gOC40OgoKICAgICByZXNw b25zZS10eXBlID0gcmVzcG9uc2UtbmFtZSAqKCBTUCByZXNwb25zZS1uYW1lICkKICAgICByZXNw b25zZS1uYW1lID0gMSpyZXNwb25zZS1jaGFyCiAgICAgcmVzcG9uc2UtY2hhciA9ICJfIiAvIERJ R0lUIC8gQUxQSEEKCkEuNC4gICJzY29wZSIgU3ludGF4CgogICBUaGUgInNjb3BlIiBlbGVtZW50 IGlzIGRlZmluZWQgaW4gU2VjdGlvbiAzLjM6CgogICAgIHNjb3BlICAgICAgID0gc2NvcGUtdG9r ZW4gKiggU1Agc2NvcGUtdG9rZW4gKQogICAgIHNjb3BlLXRva2VuID0gMSpOUUNIQVIKCgoKCgoK CgoKSGFyZHQgJiBSZWNvcmRvbiAgICAgICAgRXhwaXJlcyBKYW51YXJ5IDEwLCAyMDEzICAgICAg ICAgICAgICAgW1BhZ2UgNjZdCgwKSW50ZXJuZXQtRHJhZnQgICAgICAgICAgICAgICAgICBPQXV0 aCAyLjAgICAgICAgICAgICAgICAgICAgICAgSnVseSAyMDEyCgoKQS41LiAgInN0YXRlIiBTeW50 YXgKCiAgIFRoZSAic3RhdGUiIGVsZW1lbnQgaXMgZGVmaW5lZCBpbiBTZWN0aW9uIDQuMS4xLCBT ZWN0aW9uIDQuMS4yLAogICBTZWN0aW9uIDQuMS4yLjEsIFNlY3Rpb24gNC4yLjEsIFNlY3Rpb24g NC4yLjIsIGFuZCBTZWN0aW9uIDQuMi4yLjE6CgogICAgIHN0YXRlICAgICAgPSAxKlZTQ0hBUgoK QS42LiAgInJlZGlyZWN0X3VyaSIgU3ludGF4CgogICBUaGUgInJlZGlyZWN0X3VyaSIgZWxlbWVu dCBpcyBkZWZpbmVkIGluIFNlY3Rpb24gNC4xLjEsCiAgIFNlY3Rpb24gNC4xLjMsIGFuZCBTZWN0 aW9uIDQuMi4xOgoKICAgICByZWRpcmVjdC11cmkgICAgICA9IFVSSS1yZWZlcmVuY2UKCkEuNy4g ICJlcnJvciIgU3ludGF4CgogICBUaGUgImVycm9yIiBlbGVtZW50IGlzIGRlZmluZWQgaW4gU2Vj dGlvbiA0LjEuMi4xLCBTZWN0aW9uIDQuMi4yLjEsCiAgIFNlY3Rpb24gNS4yLCBTZWN0aW9uIDcu MiwgYW5kIFNlY3Rpb24gOC41OgoKICAgICBlcnJvciAgICAgICAgICAgICA9IDEqTlFTQ0hBUgoK QS44LiAgImVycm9yX2Rlc2NyaXB0aW9uIiBTeW50YXgKCiAgIFRoZSAiZXJyb3JfZGVzY3JpcHRp b24iIGVsZW1lbnQgaXMgZGVmaW5lZCBpbiBTZWN0aW9uIDQuMS4yLjEsCiAgIFNlY3Rpb24gNC4y LjIuMSwgU2VjdGlvbiA1LjIsIGFuZCBTZWN0aW9uIDcuMjoKCiAgICAgZXJyb3ItZGVzY3JpcHRp b24gPSAxKk5RU0NIQVIKCkEuOS4gICJlcnJvcl91cmkiIFN5bnRheAoKICAgVGhlICJlcnJvcl91 cmkiIGVsZW1lbnQgaXMgZGVmaW5lZCBpbiBTZWN0aW9uIDQuMS4yLjEsCiAgIFNlY3Rpb24gNC4y LjIuMSwgU2VjdGlvbiA1LjIsIGFuZCBTZWN0aW9uIDcuMjoKCiAgICAgZXJyb3ItdXJpICAgICAg ICAgPSBVUkktcmVmZXJlbmNlCgpBLjEwLiAgImdyYW50X3R5cGUiIFN5bnRheAoKICAgVGhlICJn cmFudF90eXBlIiBlbGVtZW50IGlzIGRlZmluZWQgaW4gU2VjdGlvbiA0LjEuMywgU2VjdGlvbiA0 LjMuMiwKICAgU2VjdGlvbiA0LjQuMiwgU2VjdGlvbiA2LCBhbmQgU2VjdGlvbiA0LjU6CgogICAg IGdyYW50LXR5cGUgPSBncmFudC1uYW1lIC8gVVJJLXJlZmVyZW5jZQogICAgIGdyYW50LW5hbWUg PSAxKm5hbWUtY2hhcgogICAgIG5hbWUtY2hhciAgPSAiLSIgLyAiLiIgLyAiXyIgLyBESUdJVCAv IEFMUEhBCgoKCgoKCgoKSGFyZHQgJiBSZWNvcmRvbiAgICAgICAgRXhwaXJlcyBKYW51YXJ5IDEw LCAyMDEzICAgICAgICAgICAgICAgW1BhZ2UgNjddCgwKSW50ZXJuZXQtRHJhZnQgICAgICAgICAg ICAgICAgICBPQXV0aCAyLjAgICAgICAgICAgICAgICAgICAgICAgSnVseSAyMDEyCgoKQS4xMS4g ICJjb2RlIiBTeW50YXgKCiAgIFRoZSAiY29kZSIgZWxlbWVudCBpcyBkZWZpbmVkIGluIFNlY3Rp b24gNC4xLjM6CgogICAgIGNvZGUgICAgICAgPSAxKlZTQ0hBUgoKQS4xMi4gICJhY2Nlc3NfdG9r ZW4iIFN5bnRheAoKICAgVGhlICJhY2Nlc3NfdG9rZW4iIGVsZW1lbnQgaXMgZGVmaW5lZCBpbiBT ZWN0aW9uIDQuMi4yIGFuZAogICBTZWN0aW9uIDUuMToKCiAgICAgYWNjZXNzLXRva2VuID0gMSpW U0NIQVIKCkEuMTMuICAidG9rZW5fdHlwZSIgU3ludGF4CgogICBUaGUgInRva2VuX3R5cGUiIGVs ZW1lbnQgaXMgZGVmaW5lZCBpbiBTZWN0aW9uIDQuMi4yLCBTZWN0aW9uIDUuMSwKICAgYW5kIFNl Y3Rpb24gOC4xOgoKICAgICB0b2tlbi10eXBlID0gdHlwZS1uYW1lIC8gVVJJLXJlZmVyZW5jZQog ICAgIHR5cGUtbmFtZSAgPSAxKm5hbWUtY2hhcgogICAgIG5hbWUtY2hhciAgPSAiLSIgLyAiLiIg LyAiXyIgLyBESUdJVCAvIEFMUEhBCgpBLjE0LiAgImV4cGlyZXNfaW4iIFN5bnRheAoKICAgVGhl ICJleHBpcmVzX2luIiBlbGVtZW50IGlzIGRlZmluZWQgaW4gU2VjdGlvbiA0LjIuMiBhbmQgU2Vj dGlvbiA1LjE6CgogICAgIGV4cGlyZXMtaW4gPSAxKkRJR0lUCgpBLjE1LiAgInVzZXJuYW1lIiBT eW50YXgKCiAgIFRoZSAidXNlcm5hbWUiIGVsZW1lbnQgaXMgZGVmaW5lZCBpbiBTZWN0aW9uIDQu My4yOgoKICAgICB1c2VybmFtZSA9ICpVTklDT0RFTk9DVFJMQ0hBUgoKQS4xNi4gICJwYXNzd29y ZCIgU3ludGF4CgogICBUaGUgInBhc3N3b3JkIiBlbGVtZW50IGlzIGRlZmluZWQgaW4gU2VjdGlv biA0LjMuMjoKCiAgICAgcGFzc3dvcmQgPSAqVU5JQ09ERU5PQ1RSTENIQVIKCkEuMTcuICAicmVm cmVzaF90b2tlbiIgU3ludGF4CgogICBUaGUgInJlZnJlc2hfdG9rZW4iIGVsZW1lbnQgaXMgZGVm aW5lZCBpbiBTZWN0aW9uIDUuMSBhbmQgU2VjdGlvbiA2OgoKICAgICByZWZyZXNoLXRva2VuID0g MSpWU0NIQVIKCgoKCgoKSGFyZHQgJiBSZWNvcmRvbiAgICAgICAgRXhwaXJlcyBKYW51YXJ5IDEw LCAyMDEzICAgICAgICAgICAgICAgW1BhZ2UgNjhdCgwKSW50ZXJuZXQtRHJhZnQgICAgICAgICAg ICAgICAgICBPQXV0aCAyLjAgICAgICAgICAgICAgICAgICAgICAgSnVseSAyMDEyCgoKQS4xOC4g IEVuZHBvaW50IFBhcmFtZXRlciBTeW50YXgKCiAgIFRoZSBzeW50YXggZm9yIG5ldyBlbmRwb2lu dCBwYXJhbWV0ZXJzIGlzIGRlZmluZWQgaW4gU2VjdGlvbiA4LjI6CgogICAgIHBhcmFtLW5hbWUg PSAxKm5hbWUtY2hhcgogICAgIG5hbWUtY2hhciAgPSAiLSIgLyAiLiIgLyAiXyIgLyBESUdJVCAv IEFMUEhBCgoKQXBwZW5kaXggQi4gIEFja25vd2xlZGdlbWVudHMKCiAgIFRoZSBpbml0aWFsIE9B dXRoIDIuMCBwcm90b2NvbCBzcGVjaWZpY2F0aW9uIHdhcyBlZGl0ZWQgYnkgRGF2aWQKICAgUmVj b3Jkb24sIGJhc2VkIG9uIHR3byBwcmV2aW91cyBwdWJsaWNhdGlvbnM6IHRoZSBPQXV0aCAxLjAg Y29tbXVuaXR5CiAgIHNwZWNpZmljYXRpb24gW1JGQzU4NDldLCBhbmQgT0F1dGggV1JBUCAoT0F1 dGggV2ViIFJlc291cmNlCiAgIEF1dGhvcml6YXRpb24gUHJvZmlsZXMpIFtJLUQuZHJhZnQtaGFy ZHQtb2F1dGgtMDFdLiAgRXJhbiBIYW1tZXIgdGhlbgogICBlZGl0ZWQgdGhlIGRyYWZ0cyB0aHJv dWdoIGRyYWZ0IC0yNi4gIFRoZSBTZWN1cml0eSBDb25zaWRlcmF0aW9ucwogICBzZWN0aW9uIHdh cyBkcmFmdGVkIGJ5IFRvcnN0ZW4gTG9kZGVyc3RlZHQsIE1hcmsgTWNHbG9pbiwgUGhpbCBIdW50 LAogICBBbnRob255IE5hZGFsaW4sIGFuZCBKb2huIEJyYWRsZXkuICBUaGUgQUJORiBzZWN0aW9u IHdhcyBkcmFmdGVkIGJ5CiAgIE1pY2hhZWwgQi4gSm9uZXMuCgogICBUaGUgT0F1dGggMS4wIGNv bW11bml0eSBzcGVjaWZpY2F0aW9uIHdhcyBlZGl0ZWQgYnkgRXJhbiBIYW1tZXIgYW5kCiAgIGF1 dGhvcmVkIGJ5IE1hcmsgQXR3b29kLCBEaXJrIEJhbGZhbnosIERhcnJlbiBCb3VuZHMsIFJpY2hh cmQgTS4KICAgQ29ubGFuLCBCbGFpbmUgQ29vaywgTGVhaCBDdWx2ZXIsIEJyZW5vIGRlIE1lZGVp cm9zLCBCcmlhbiBFYXRvbiwKICAgS2VsbGFuIEVsbGlvdHQtTWNDcmVhLCBMYXJyeSBIYWxmZiwg RXJhbiBIYW1tZXIsIEJlbiBMYXVyaWUsIENocmlzCiAgIE1lc3NpbmEsIEpvaG4gUGFuemVyLCBT YW0gUXVpZ2xleSwgRGF2aWQgUmVjb3Jkb24sIEVyYW4gU2FuZGxlciwKICAgSm9uYXRoYW4gU2Vy Z2VudCwgVG9kZCBTaWVsaW5nLCBCcmlhbiBTbGVzaW5za3ksIGFuZCBBbmR5IFNtaXRoLgoKICAg VGhlIE9BdXRoIFdSQVAgc3BlY2lmaWNhdGlvbiB3YXMgZWRpdGVkIGJ5IERpY2sgSGFyZHQgYW5k IGF1dGhvcmVkIGJ5CiAgIEJyaWFuIEVhdG9uLCBZYXJvbiBZLiBHb2xhbmQsIERpY2sgSGFyZHQs IGFuZCBBbGxlbiBUb20uCgogICBUaGlzIHNwZWNpZmljYXRpb24gaXMgdGhlIHdvcmsgb2YgdGhl IE9BdXRoIFdvcmtpbmcgR3JvdXAgd2hpY2gKICAgaW5jbHVkZXMgZG96ZW5zIG9mIGFjdGl2ZSBh bmQgZGVkaWNhdGVkIHBhcnRpY2lwYW50cy4gIEluIHBhcnRpY3VsYXIsCiAgIHRoZSBmb2xsb3dp bmcgaW5kaXZpZHVhbHMgY29udHJpYnV0ZWQgaWRlYXMsIGZlZWRiYWNrLCBhbmQgd29yZGluZwog ICB3aGljaCBzaGFwZWQgYW5kIGZvcm1lZCB0aGUgZmluYWwgc3BlY2lmaWNhdGlvbjoKCiAgIE1p Y2hhZWwgQWRhbXMsIEFtYW5kYSBBbmdhbmVzLCBBbmRyZXcgQXJub3R0LCBEaXJrIEJhbGZhbnos IEFpZGVuCiAgIEJlbGwsIEpvaG4gQnJhZGxleSwgQnJpYW4gQ2FtcGJlbGwsIFNjb3R0IENhbnRv ciwgTWFyY29zIENhY2VyZXMsCiAgIEJsYWluZSBDb29rLCBSb2dlciBDcmV3LCBCcmlhbiBFYXRv biwgV2VzbGV5IEVkZHksIExlYWggQ3VsdmVyLCBCaWxsCiAgIGRlIGhPcmEsIEFuZHJlIERlTWFy cmUsIEJyaWFuIEVhdG9uLCBXb2x0ZXIgRWxkZXJpbmcsIEJyaWFuIEVsbGluLAogICBJZ29yIEZh eW5iZXJnLCBHZW9yZ2UgRmxldGNoZXIsIFRpbSBGcmVlbWFuLCBMdWNhIEZyb3NpbmksIEV2YW4K ICAgR2lsYmVydCwgWWFyb24gWS4gR29sYW5kLCBCcmVudCBHb2xkbWFuLCBLcmlzdG9mZmVyIEdy b25vd3NraSwgRXJhbgogICBIYW1tZXIsIEp1c3RpbiBIYXJ0LCBEaWNrIEhhcmR0LCBDcmFpZyBI ZWF0aCwgUGhpbCBIdW50LCBNaWNoYWVsIEIuCiAgIEpvbmVzLCBUZXJyeSBKb25lcywgSm9obiBL ZW1wLCBNYXJrIEtlbnQsIFJhZmZpIEtyaWtvcmlhbiwgQ2hhc2VuIExlCiAgIEhhcmEsIFJhc211 cyBMZXJkb3JmLCBUb3JzdGVuIExvZGRlcnN0ZWR0LCBIdWktTGFuIEx1LCBDYXNleSBMdWNhcywK ICAgUGF1bCBNYWRzZW4sIEFsYXN0YWlyIE1haXIsIEV2ZSBNYWxlciwgSmFtZXMgTWFuZ2VyLCBN YXJrIE1jR2xvaW4sCiAgIExhdXJlbmNlIE1pYW8sIFdpbGxpYW0gTWlsbHMsIENodWNrIE1vcnRp bW9yZSwgQW50aG9ueSBOYWRhbGluLAogICBKdWxpYW4gUmVzY2hrZSwgSnVzdGluIFJpY2hlciwg UGV0ZXIgU2FpbnQtQW5kcmUsIE5hdCBTYWtpbXVyYSwgUm9iCiAgIFNheXJlLCBNYXJpdXMgU2N1 cnRlc2N1LCBOYWl0aWsgU2hhaCwgTHVrZSBTaGVwYXJkLCBWbGFkIFNrdm9ydHNvdiwKICAgSnVz dGluIFNtaXRoLCBIYWliaW4gU29uZywgTml2IFN0ZWluZ2FydGVuLCBDaHJpc3RpYW4gU3R1ZWJu ZXIsCgoKCkhhcmR0ICYgUmVjb3Jkb24gICAgICAgIEV4cGlyZXMgSmFudWFyeSAxMCwgMjAxMyAg ICAgICAgICAgICAgIFtQYWdlIDY5XQoMCkludGVybmV0LURyYWZ0ICAgICAgICAgICAgICAgICAg T0F1dGggMi4wICAgICAgICAgICAgICAgICAgICAgIEp1bHkgMjAxMgoKCiAgIEplcmVteSBTdXJp ZWwsIFBhdWwgVGFyamFuLCBDaHJpc3RvcGhlciBUaG9tYXMsIEhlbnJ5IFMuIFRob21wc29uLAog ICBBbGxlbiBUb20sIEZyYW5rbGluIFRzZSwgTmljayBXYWxrZXIsIFNoYW5lIFdlZWRlbiwgYW5k IFNreWxhcgogICBXb29kd2FyZC4KCiAgIFRoaXMgZG9jdW1lbnQgd2FzIHByb2R1Y2VkIHVuZGVy IHRoZSBjaGFpcm1hbnNoaXAgb2YgQmxhaW5lIENvb2ssCiAgIFBldGVyIFNhaW50LUFuZHJlLCBI YW5uZXMgVHNjaG9mZW5pZywgQmFycnkgTGVpYmEsIGFuZCBEZXJlayBBdGtpbnMuCiAgIFRoZSBh cmVhIGRpcmVjdG9ycyBpbmNsdWRlZCBMaXNhIER1c3NlYXVsdCwgUGV0ZXIgU2FpbnQtQW5kcmUs IGFuZAogICBTdGVwaGVuIEZhcnJlbGwuCgoKQXBwZW5kaXggQy4gIERvY3VtZW50IEhpc3RvcnkK CiAgIFtbIHRvIGJlIHJlbW92ZWQgYnkgdGhlIFJGQyBlZGl0b3IgYmVmb3JlIHB1YmxpY2F0aW9u IGFzIGFuIFJGQyBdXQoKICAgLTI5CiAgIG8gIEFkZGVkICJNVVNUIiB0byAiQSBwdWJsaWMgY2xp ZW50IHRoYXQgd2FzIG5vdCBpc3N1ZWQgYSBjbGllbnQKICAgICAgcGFzc3dvcmQgTVVTVCB1c2Ug dGhlICJjbGllbnRfaWQiIHJlcXVlc3QgcGFyYW1ldGVyIHRvIGlkZW50aWZ5CiAgICAgIGl0c2Vs ZiB3aGVuIHNlbmRpbmcgcmVxdWVzdHMgdG8gdGhlIHRva2VuIGVuZHBvaW50IiBhbmQgYWRkZWQg dGV4dAogICAgICBleHBsYWluaW5nIHdoeSB0aGlzIG11c3QgYmUgc28uCiAgIG8gIEFkZGVkIHRo YXQgdGhlIGF1dGhvcml6YXRpb24gc2VydmVyIE1VU1QgImVuc3VyZSB0aGUgYXV0aG9yaXphdGlv bgogICAgICBjb2RlIHdhcyBpc3N1ZWQgdG8gdGhlIGF1dGhlbnRpY2F0ZWQgY29uZmlkZW50aWFs IGNsaWVudCBvciB0byB0aGUKICAgICAgcHVibGljIGNsaWVudCBpZGVudGlmaWVkIGJ5IHRoZSAi Y2xpZW50X2lkIiBpbiB0aGUgcmVxdWVzdCIuCiAgIG8gIEFkZGVkIFNlY3VyaXR5IENvbnNpZGVy YXRpb25zIHNlY3Rpb24gIk1pc3VzZSBvZiBBY2Nlc3MgVG9rZW4gdG8KICAgICAgSW1wZXJzb25h dGUgUmVzb3VyY2UgT3duZXIgYXQgUHVibGljIENsaWVudCIuCiAgIG8gIERlbGV0ZWQgIjtjaGFy c2V0PVVURi04IiBmcm9tIGV4YW1wbGVzIGZvcm1lcmx5IHVzaW5nICJDb250ZW50LQogICAgICBU eXBlOiBhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQ7Y2hhcnNldD1VVEYtOCIuCiAg IG8gIEFkZGVkIHRoZSBwaHJhc2UgImFuZCBhIGNoYXJhY3RlciBlbmNvZGluZyBvZiBVVEYtOCIg d2hlbgogICAgICBkZXNjcmliaW5nIGhvdyB0byBzZW5kIHJlcXVlc3RzIHVzaW5nIHRoZSBIVFRQ IHJlcXVlc3QgZW50aXR5LQogICAgICBib2R5LCBwZXIgSnVsaWFuIFJlc2Noa2UncyBzdWdnZXN0 aW9uLgogICBvICBBZGRlZCAiVGhlIEFCTkYgYmVsb3cgaXMgZGVmaW5lZCBpbiB0ZXJtcyBvZiBV bmljb2RlIGNvZGUgcG9pbnRzCiAgICAgIFtVTklDT0RFNV07IHRoZXNlIGNoYXJhY3RlcnMgYXJl IHR5cGljYWxseSBlbmNvZGVkIGluIFVURi04Ii4KICAgbyAgRm9yIHN5bW1ldHJ5IHdoZW4gdXNp bmcgSFRUUCBCYXNpYyBhdXRoZW50aWNhdGlvbiwgYWxzbyBhcHBseSB0aGUKICAgICAgImFwcGxp Y2F0aW9uL3gtd3d3LWZvcm0tdXJsZW5jb2RlZCIgZW5jb2RpbmcgdG8gdGhlIGNsaWVudAogICAg ICBwYXNzd29yZCwganVzdCBhcyB3YXMgYWxyZWFkeSBkb25lIGZvciB0aGUgY2xpZW50IGlkZW50 aWZpZXIuCiAgIG8gIFJlZHVjZWQgbXVsdGlwbGUgYmxhbmsgbGluZXMgYXJvdW5kIGFydHdvcmsg ZWxlbWVudHMgdG8gc2luZ2xlCiAgICAgIGJsYW5rIGxpbmVzLgogICBvICBSZW1vdmVkIEVyYW4g SGFtbWVyJ3MgbmFtZSBmcm9tIHRoZSBhdXRob3IgbGlzdCwgYXQgaGlzIHJlcXVlc3QuCiAgICAg IERpY2sgSGFyZHQgaXMgbm93IGxpc3RlZCBhcyB0aGUgZWRpdG9yLgoKICAgLTI4CiAgIG8gIFVw ZGF0ZWQgdGhlIEFCTkYgaW4gdGhlIG1hbm5lciBkaXNjdXNzZWQgYnkgdGhlIHdvcmtpbmcgZ3Jv dXAsCiAgICAgIGFsbG93aW5nICJ1c2VybmFtZSIgYW5kICJwYXNzd29yZCIgdG8gYmUgVW5pY29k ZSBhbmQgcmVzdHJpY3RpbmcKICAgICAgImNsaWVudF9pZCIgYW5kICJjbGllbnRfc2VjcmV0IiB0 byBBU0NJSS4KICAgbyAgU3BlY2lmaWVkIHRoZSB1c2Ugb2YgdGhlIGFwcGxpY2F0aW9uL3gtd3d3 LWZvcm0tdXJsZW5jb2RlZAogICAgICBjb250ZW50LXR5cGUgZW5jb2RpbmcgbWV0aG9kIHRvIGVu Y29kZSB0aGUgImNsaWVudF9pZCIgd2hlbiB1c2VkCiAgICAgIGFzIHRoZSBwYXNzd29yZCBmb3Ig SFRUUCBCYXNpYy4KCiAgIC0yNwoKCgpIYXJkdCAmIFJlY29yZG9uICAgICAgICBFeHBpcmVzIEph bnVhcnkgMTAsIDIwMTMgICAgICAgICAgICAgICBbUGFnZSA3MF0KDApJbnRlcm5ldC1EcmFmdCAg ICAgICAgICAgICAgICAgIE9BdXRoIDIuMCAgICAgICAgICAgICAgICAgICAgICBKdWx5IDIwMTIK CgogICBvICBBZGRlZCBjaGFyYWN0ZXIgc2V0IHJlc3RyaWN0aW9ucyBmb3IgZXJyb3IsIGVycm9y X2Rlc2NyaXB0aW9uLCBhbmQKICAgICAgZXJyb3JfdXJpIHBhcmFtZXRlcnMgY29uc2lzdGVudCB3 aXRoIHRoZSBPQXV0aCBCZWFyZXIgc3BlYy4KICAgbyAgQWRkZWQgInJlc291cmNlIGFjY2VzcyBl cnJvciByZXNwb25zZSIgYXMgYW4gZXJyb3IgdXNhZ2UgbG9jYXRpb24KICAgICAgaW4gdGhlIE9B dXRoIEV4dGVuc2lvbnMgRXJyb3IgUmVnaXN0cnkuCiAgIG8gIEFkZGVkIGFuIEFCTkYgZm9yIGFs bCBtZXNzYWdlIGVsZW1lbnRzLgogICBvICBDb3JyZWN0ZWQgZWRpdG9yaWFsIGlzc3VlcyBpZGVu dGlmaWVkIGR1cmluZyByZXZpZXcuCgoKQXV0aG9ycycgQWRkcmVzc2VzCgogICBEaWNrIEhhcmR0 IChlZGl0b3IpCiAgIE1pY3Jvc29mdAoKICAgRW1haWw6IGRpY2suaGFyZHRAZ21haWwuY29tCiAg IFVSSTogICBodHRwOi8vZGlja2hhcmR0Lm9yZy8KCgogICBEYXZpZCBSZWNvcmRvbgogICBGYWNl Ym9vawoKICAgRW1haWw6IGRyQGZiLmNvbQogICBVUkk6ICAgaHR0cDovL3d3dy5kYXZpZHJlY29y ZG9uLmNvbS8KCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgpIYXJkdCAmIFJlY29yZG9uICAg ICAgICBFeHBpcmVzIEphbnVhcnkgMTAsIDIwMTMgICAgICAgICAgICAgICBbUGFnZSA3MV0KDAo= --_007_4E1F6AAD24975D4BA5B16804296739436657C93ATK5EX14MBXC283r_ Content-Type: text/html; name="draft-ietf-oauth-v2-29 preliminary.html" Content-Description: draft-ietf-oauth-v2-29 preliminary.html Content-Disposition: attachment; filename="draft-ietf-oauth-v2-29 preliminary.html"; size=259085; creation-date="Mon, 09 Jul 2012 07:04:15 GMT"; modification-date="Mon, 09 Jul 2012 07:03:21 GMT" Content-Transfer-Encoding: base64 PCFET0NUWVBFIEhUTUwgUFVCTElDICItLy9XM0MvL0RURCBIVE1MIDQuMDEgVHJhbnNpdGlvbmFs Ly9FTiIgImh0dHA6Ly93d3cudzMub3JnL1RSL2h0bWw0L2xvb3NlLmR0ZCI+CjxodG1sIGxhbmc9 ImVuIj48aGVhZD48dGl0bGU+VGhlIE9BdXRoIDIuMCBBdXRob3JpemF0aW9uIEZyYW1ld29yazwv dGl0bGU+CjxtZXRhIGh0dHAtZXF1aXY9IkNvbnRlbnQtVHlwZSIgY29udGVudD0idGV4dC9odG1s OyBjaGFyc2V0PXV0Zi04Ij4KPG1ldGEgbmFtZT0iZGVzY3JpcHRpb24iIGNvbnRlbnQ9IlRoZSBP QXV0aCAyLjAgQXV0aG9yaXphdGlvbiBGcmFtZXdvcmsiPgo8bWV0YSBuYW1lPSJnZW5lcmF0b3Ii IGNvbnRlbnQ9InhtbDJyZmMgdjEuMzYgKGh0dHA6Ly94bWwucmVzb3VyY2Uub3JnLykiPgo8c3R5 bGUgdHlwZT0ndGV4dC9jc3MnPjwhLS0KICAgICAgICBib2R5IHsKICAgICAgICAgICAgICAgIGZv bnQtZmFtaWx5OiB2ZXJkYW5hLCBjaGFyY29hbCwgaGVsdmV0aWNhLCBhcmlhbCwgc2Fucy1zZXJp ZjsKICAgICAgICAgICAgICAgIGZvbnQtc2l6ZTogc21hbGw7IGNvbG9yOiAjMDAwOyBiYWNrZ3Jv dW5kLWNvbG9yOiAjRkZGOwogICAgICAgICAgICAgICAgbWFyZ2luOiAyZW07CiAgICAgICAgfQog ICAgICAgIGgxLCBoMiwgaDMsIGg0LCBoNSwgaDYgewogICAgICAgICAgICAgICAgZm9udC1mYW1p bHk6IGhlbHZldGljYSwgbW9uYWNvLCAiTVMgU2FucyBTZXJpZiIsIGFyaWFsLCBzYW5zLXNlcmlm OwogICAgICAgICAgICAgICAgZm9udC13ZWlnaHQ6IGJvbGQ7IGZvbnQtc3R5bGU6IG5vcm1hbDsK ICAgICAgICB9CiAgICAgICAgaDEgeyBjb2xvcjogIzkwMDsgYmFja2dyb3VuZC1jb2xvcjogdHJh bnNwYXJlbnQ7IHRleHQtYWxpZ246IHJpZ2h0OyB9CiAgICAgICAgaDMgeyBjb2xvcjogIzMzMzsg YmFja2dyb3VuZC1jb2xvcjogdHJhbnNwYXJlbnQ7IH0KCiAgICAgICAgdGQuUkZDYnVnIHsKICAg ICAgICAgICAgICAgIGZvbnQtc2l6ZTogeC1zbWFsbDsgdGV4dC1kZWNvcmF0aW9uOiBub25lOwog ICAgICAgICAgICAgICAgd2lkdGg6IDMwcHg7IGhlaWdodDogMzBweDsgcGFkZGluZy10b3A6IDJw eDsKICAgICAgICAgICAgICAgIHRleHQtYWxpZ246IGp1c3RpZnk7IHZlcnRpY2FsLWFsaWduOiBt aWRkbGU7CiAgICAgICAgICAgICAgICBiYWNrZ3JvdW5kLWNvbG9yOiAjMDAwOwogICAgICAgIH0K ICAgICAgICB0ZC5SRkNidWcgc3Bhbi5SRkMgewogICAgICAgICAgICAgICAgZm9udC1mYW1pbHk6 IG1vbmFjbywgY2hhcmNvYWwsIGdlbmV2YSwgIk1TIFNhbnMgU2VyaWYiLCBoZWx2ZXRpY2EsIHZl cmRhbmEsIHNhbnMtc2VyaWY7CiAgICAgICAgICAgICAgICBmb250LXdlaWdodDogYm9sZDsgY29s b3I6ICM2NjY7CiAgICAgICAgfQogICAgICAgIHRkLlJGQ2J1ZyBzcGFuLmhvdFRleHQgewogICAg ICAgICAgICAgICAgZm9udC1mYW1pbHk6IGNoYXJjb2FsLCBtb25hY28sIGdlbmV2YSwgIk1TIFNh bnMgU2VyaWYiLCBoZWx2ZXRpY2EsIHZlcmRhbmEsIHNhbnMtc2VyaWY7CiAgICAgICAgICAgICAg ICBmb250LXdlaWdodDogbm9ybWFsOyB0ZXh0LWFsaWduOiBjZW50ZXI7IGNvbG9yOiAjRkZGOwog ICAgICAgIH0KCiAgICAgICAgdGFibGUuVE9DYnVnIHsgd2lkdGg6IDMwcHg7IGhlaWdodDogMTVw eDsgfQogICAgICAgIHRkLlRPQ2J1ZyB7CiAgICAgICAgICAgICAgICB0ZXh0LWFsaWduOiBjZW50 ZXI7IHdpZHRoOiAzMHB4OyBoZWlnaHQ6IDE1cHg7CiAgICAgICAgICAgICAgICBjb2xvcjogI0ZG RjsgYmFja2dyb3VuZC1jb2xvcjogIzkwMDsKICAgICAgICB9CiAgICAgICAgdGQuVE9DYnVnIGEg ewogICAgICAgICAgICAgICAgZm9udC1mYW1pbHk6IG1vbmFjbywgY2hhcmNvYWwsIGdlbmV2YSwg Ik1TIFNhbnMgU2VyaWYiLCBoZWx2ZXRpY2EsIHNhbnMtc2VyaWY7CiAgICAgICAgICAgICAgICBm b250LXdlaWdodDogYm9sZDsgZm9udC1zaXplOiB4LXNtYWxsOyB0ZXh0LWRlY29yYXRpb246IG5v bmU7CiAgICAgICAgICAgICAgICBjb2xvcjogI0ZGRjsgYmFja2dyb3VuZC1jb2xvcjogdHJhbnNw YXJlbnQ7CiAgICAgICAgfQoKICAgICAgICB0ZC5oZWFkZXIgewogICAgICAgICAgICAgICAgZm9u dC1mYW1pbHk6IGFyaWFsLCBoZWx2ZXRpY2EsIHNhbnMtc2VyaWY7IGZvbnQtc2l6ZTogeC1zbWFs bDsKICAgICAgICAgICAgICAgIHZlcnRpY2FsLWFsaWduOiB0b3A7IHdpZHRoOiAzMyU7CiAgICAg ICAgICAgICAgICBjb2xvcjogI0ZGRjsgYmFja2dyb3VuZC1jb2xvcjogIzY2NjsKICAgICAgICB9 CiAgICAgICAgdGQuYXV0aG9yIHsgZm9udC13ZWlnaHQ6IGJvbGQ7IGZvbnQtc2l6ZTogeC1zbWFs bDsgbWFyZ2luLWxlZnQ6IDRlbTsgfQogICAgICAgIHRkLmF1dGhvci10ZXh0IHsgZm9udC1zaXpl OiB4LXNtYWxsOyB9CgogICAgICAgIC8qIGluZm8gY29kZSBmcm9tIFNhbnRhS2xhdXNzIGF0IGh0 dHA6Ly93d3cubWFkYWJvdXRzdHlsZS5jb20vdG9vbHRpcDIuaHRtbCAqLwogICAgICAgIGEuaW5m byB7CiAgICAgICAgICAgICAgICAvKiBUaGlzIGlzIHRoZSBrZXkuICovCiAgICAgICAgICAgICAg ICBwb3NpdGlvbjogcmVsYXRpdmU7CiAgICAgICAgICAgICAgICB6LWluZGV4OiAyNDsKICAgICAg ICAgICAgICAgIHRleHQtZGVjb3JhdGlvbjogbm9uZTsKICAgICAgICB9CiAgICAgICAgYS5pbmZv OmhvdmVyIHsKICAgICAgICAgICAgICAgIHotaW5kZXg6IDI1OwogICAgICAgICAgICAgICAgY29s b3I6ICNGRkY7IGJhY2tncm91bmQtY29sb3I6ICM5MDA7CiAgICAgICAgfQogICAgICAgIGEuaW5m byBzcGFuIHsgZGlzcGxheTogbm9uZTsgfQogICAgICAgIGEuaW5mbzpob3ZlciBzcGFuLmluZm8g ewogICAgICAgICAgICAgICAgLyogVGhlIHNwYW4gd2lsbCBkaXNwbGF5IGp1c3Qgb24gOmhvdmVy IHN0YXRlLiAqLwogICAgICAgICAgICAgICAgZGlzcGxheTogYmxvY2s7CiAgICAgICAgICAgICAg ICBwb3NpdGlvbjogYWJzb2x1dGU7CiAgICAgICAgICAgICAgICBmb250LXNpemU6IHNtYWxsZXI7 CiAgICAgICAgICAgICAgICB0b3A6IDJlbTsgbGVmdDogLTVlbTsgd2lkdGg6IDE1ZW07CiAgICAg ICAgICAgICAgICBwYWRkaW5nOiAycHg7IGJvcmRlcjogMXB4IHNvbGlkICMzMzM7CiAgICAgICAg ICAgICAgICBjb2xvcjogIzkwMDsgYmFja2dyb3VuZC1jb2xvcjogI0VFRTsKICAgICAgICAgICAg ICAgIHRleHQtYWxpZ246IGxlZnQ7CiAgICAgICAgfQoKICAgICAgICBhIHsgZm9udC13ZWlnaHQ6 IGJvbGQ7IH0KICAgICAgICBhOmxpbmsgICAgeyBjb2xvcjogIzkwMDsgYmFja2dyb3VuZC1jb2xv cjogdHJhbnNwYXJlbnQ7IH0KICAgICAgICBhOnZpc2l0ZWQgeyBjb2xvcjogIzYzMzsgYmFja2dy b3VuZC1jb2xvcjogdHJhbnNwYXJlbnQ7IH0KICAgICAgICBhOmFjdGl2ZSAgeyBjb2xvcjogIzYz MzsgYmFja2dyb3VuZC1jb2xvcjogdHJhbnNwYXJlbnQ7IH0KCiAgICAgICAgcCB7IG1hcmdpbi1s ZWZ0OiAyZW07IG1hcmdpbi1yaWdodDogMmVtOyB9CiAgICAgICAgcC5jb3B5cmlnaHQgeyBmb250 LXNpemU6IHgtc21hbGw7IH0KICAgICAgICBwLnRvYyB7IGZvbnQtc2l6ZTogc21hbGw7IGZvbnQt d2VpZ2h0OiBib2xkOyBtYXJnaW4tbGVmdDogM2VtOyB9CiAgICAgICAgdGFibGUudG9jIHsgbWFy Z2luOiAwIDAgMCAzZW07IHBhZGRpbmc6IDA7IGJvcmRlcjogMDsgdmVydGljYWwtYWxpZ246IHRl eHQtdG9wOyB9CiAgICAgICAgdGQudG9jIHsgZm9udC1zaXplOiBzbWFsbDsgZm9udC13ZWlnaHQ6 IGJvbGQ7IHZlcnRpY2FsLWFsaWduOiB0ZXh0LXRvcDsgfQoKICAgICAgICBvbC50ZXh0IHsgbWFy Z2luLWxlZnQ6IDJlbTsgbWFyZ2luLXJpZ2h0OiAyZW07IH0KICAgICAgICB1bC50ZXh0IHsgbWFy Z2luLWxlZnQ6IDJlbTsgbWFyZ2luLXJpZ2h0OiAyZW07IH0KICAgICAgICBsaSAgICAgIHsgbWFy Z2luLWxlZnQ6IDNlbTsgfQoKICAgICAgICAvKiBSRkMtMjYyOSA8c3Bhbng+cyBhbmQgPGFydHdv cms+cy4gKi8KICAgICAgICBlbSAgICAgeyBmb250LXN0eWxlOiBpdGFsaWM7IH0KICAgICAgICBz dHJvbmcgeyBmb250LXdlaWdodDogYm9sZDsgfQogICAgICAgIGRmbiAgICB7IGZvbnQtd2VpZ2h0 OiBib2xkOyBmb250LXN0eWxlOiBub3JtYWw7IH0KICAgICAgICBjaXRlICAgeyBmb250LXdlaWdo dDogbm9ybWFsOyBmb250LXN0eWxlOiBub3JtYWw7IH0KICAgICAgICB0dCAgICAgeyBjb2xvcjog IzAzNjsgfQogICAgICAgIHR0LCBwcmUsIHByZSBkZm4sIHByZSBlbSwgcHJlIGNpdGUsIHByZSBz cGFuIHsKICAgICAgICAgICAgICAgIGZvbnQtZmFtaWx5OiAiQ291cmllciBOZXciLCBDb3VyaWVy LCBtb25vc3BhY2U7IGZvbnQtc2l6ZTogc21hbGw7CiAgICAgICAgfQogICAgICAgIHByZSB7CiAg ICAgICAgICAgICAgICB0ZXh0LWFsaWduOiBsZWZ0OyBwYWRkaW5nOiA0cHg7CiAgICAgICAgICAg ICAgICBjb2xvcjogIzAwMDsgYmFja2dyb3VuZC1jb2xvcjogI0NDQzsKICAgICAgICB9CiAgICAg ICAgcHJlIGRmbiAgeyBjb2xvcjogIzkwMDsgfQogICAgICAgIHByZSBlbSAgIHsgY29sb3I6ICM2 NkY7IGJhY2tncm91bmQtY29sb3I6ICNGRkM7IGZvbnQtd2VpZ2h0OiBub3JtYWw7IH0KICAgICAg ICBwcmUgLmtleSB7IGNvbG9yOiAjMzNDOyBmb250LXdlaWdodDogYm9sZDsgfQogICAgICAgIHBy ZSAuaWQgIHsgY29sb3I6ICM5MDA7IH0KICAgICAgICBwcmUgLnN0ciB7IGNvbG9yOiAjMDAwOyBi YWNrZ3JvdW5kLWNvbG9yOiAjQ0ZGOyB9CiAgICAgICAgcHJlIC52YWwgeyBjb2xvcjogIzA2Njsg fQogICAgICAgIHByZSAucmVwIHsgY29sb3I6ICM5MDk7IH0KICAgICAgICBwcmUgLm90aCB7IGNv bG9yOiAjMDAwOyBiYWNrZ3JvdW5kLWNvbG9yOiAjRkNGOyB9CiAgICAgICAgcHJlIC5lcnIgeyBi YWNrZ3JvdW5kLWNvbG9yOiAjRkNDOyB9CgogICAgICAgIC8qIFJGQy0yNjI5IDx0ZXh0dGFibGU+ cy4gKi8KICAgICAgICB0YWJsZS5hbGwsIHRhYmxlLmZ1bGwsIHRhYmxlLmhlYWRlcnMsIHRhYmxl Lm5vbmUgewogICAgICAgICAgICAgICAgZm9udC1zaXplOiBzbWFsbDsgdGV4dC1hbGlnbjogY2Vu dGVyOyBib3JkZXItd2lkdGg6IDJweDsKICAgICAgICAgICAgICAgIHZlcnRpY2FsLWFsaWduOiB0 b3A7IGJvcmRlci1jb2xsYXBzZTogY29sbGFwc2U7CiAgICAgICAgfQogICAgICAgIHRhYmxlLmFs bCwgdGFibGUuZnVsbCB7IGJvcmRlci1zdHlsZTogc29saWQ7IGJvcmRlci1jb2xvcjogYmxhY2s7 IH0KICAgICAgICB0YWJsZS5oZWFkZXJzLCB0YWJsZS5ub25lIHsgYm9yZGVyLXN0eWxlOiBub25l OyB9CiAgICAgICAgdGggewogICAgICAgICAgICAgICAgZm9udC13ZWlnaHQ6IGJvbGQ7IGJvcmRl ci1jb2xvcjogYmxhY2s7CiAgICAgICAgICAgICAgICBib3JkZXItd2lkdGg6IDJweCAycHggM3B4 IDJweDsKICAgICAgICB9CiAgICAgICAgdGFibGUuYWxsIHRoLCB0YWJsZS5mdWxsIHRoIHsgYm9y ZGVyLXN0eWxlOiBzb2xpZDsgfQogICAgICAgIHRhYmxlLmhlYWRlcnMgdGggeyBib3JkZXItc3R5 bGU6IG5vbmUgbm9uZSBzb2xpZCBub25lOyB9CiAgICAgICAgdGFibGUubm9uZSB0aCB7IGJvcmRl ci1zdHlsZTogbm9uZTsgfQogICAgICAgIHRhYmxlLmFsbCB0ZCB7CiAgICAgICAgICAgICAgICBi b3JkZXItc3R5bGU6IHNvbGlkOyBib3JkZXItY29sb3I6ICMzMzM7CiAgICAgICAgICAgICAgICBi b3JkZXItd2lkdGg6IDFweCAycHg7CiAgICAgICAgfQogICAgICAgIHRhYmxlLmZ1bGwgdGQsIHRh YmxlLmhlYWRlcnMgdGQsIHRhYmxlLm5vbmUgdGQgeyBib3JkZXItc3R5bGU6IG5vbmU7IH0KCiAg ICAgICAgaHIgeyBoZWlnaHQ6IDFweDsgfQogICAgICAgIGhyLmluc2VydCB7CiAgICAgICAgICAg ICAgICB3aWR0aDogODAlOyBib3JkZXItc3R5bGU6IG5vbmU7IGJvcmRlci13aWR0aDogMDsKICAg ICAgICAgICAgICAgIGNvbG9yOiAjQ0NDOyBiYWNrZ3JvdW5kLWNvbG9yOiAjQ0NDOwogICAgICAg IH0KLS0+PC9zdHlsZT4KPC9oZWFkPgo8Ym9keT4KPHRhYmxlIHN1bW1hcnk9ImxheW91dCIgY2Vs bHBhZGRpbmc9IjAiIGNlbGxzcGFjaW5nPSIyIiBjbGFzcz0iVE9DYnVnIiBhbGlnbj0icmlnaHQi Pjx0cj48dGQgY2xhc3M9IlRPQ2J1ZyI+PGEgaHJlZj0iI3RvYyI+Jm5ic3A7VE9DJm5ic3A7PC9h PjwvdGQ+PC90cj48L3RhYmxlPgo8dGFibGUgc3VtbWFyeT0ibGF5b3V0IiB3aWR0aD0iNjYlIiBi b3JkZXI9IjAiIGNlbGxwYWRkaW5nPSIwIiBjZWxsc3BhY2luZz0iMCI+PHRyPjx0ZD48dGFibGUg c3VtbWFyeT0ibGF5b3V0IiB3aWR0aD0iMTAwJSIgYm9yZGVyPSIwIiBjZWxscGFkZGluZz0iMiIg Y2VsbHNwYWNpbmc9IjEiPgo8dHI+PHRkIGNsYXNzPSJoZWFkZXIiPk9BdXRoIFdvcmtpbmcgR3Jv dXA8L3RkPjx0ZCBjbGFzcz0iaGVhZGVyIj5ELiBIYXJkdCwgRWQuPC90ZD48L3RyPgo8dHI+PHRk IGNsYXNzPSJoZWFkZXIiPkludGVybmV0LURyYWZ0PC90ZD48dGQgY2xhc3M9ImhlYWRlciI+TWlj cm9zb2Z0PC90ZD48L3RyPgo8dHI+PHRkIGNsYXNzPSJoZWFkZXIiPk9ic29sZXRlczogPGEgaHJl Zj0naHR0cDovL3Rvb2xzLmlldGYub3JnL2h0bWwvcmZjNTg0OSc+NTg0OTwvYT4gKGlmJm5ic3A7 YXBwcm92ZWQpPC90ZD48dGQgY2xhc3M9ImhlYWRlciI+RC4gUmVjb3Jkb248L3RkPjwvdHI+Cjx0 cj48dGQgY2xhc3M9ImhlYWRlciI+SW50ZW5kZWQgc3RhdHVzOiBTdGFuZGFyZHMgVHJhY2s8L3Rk Pjx0ZCBjbGFzcz0iaGVhZGVyIj5GYWNlYm9vazwvdGQ+PC90cj4KPHRyPjx0ZCBjbGFzcz0iaGVh ZGVyIj5FeHBpcmVzOiBKYW51YXJ5IDEwLCAyMDEzPC90ZD48dGQgY2xhc3M9ImhlYWRlciI+SnVs eSA5LCAyMDEyPC90ZD48L3RyPgo8L3RhYmxlPjwvdGQ+PC90cj48L3RhYmxlPgo8aDE+PGJyIC8+ VGhlIE9BdXRoIDIuMCBBdXRob3JpemF0aW9uIEZyYW1ld29yazxiciAvPmRyYWZ0LWlldGYtb2F1 dGgtdjItMjk8L2gxPgoKPGgzPkFic3RyYWN0PC9oMz4KCjxwPgogICAgICAgIFRoZSBPQXV0aCAy LjAgYXV0aG9yaXphdGlvbiBmcmFtZXdvcmsgZW5hYmxlcyBhIHRoaXJkLXBhcnR5IGFwcGxpY2F0 aW9uIHRvIG9idGFpbiBsaW1pdGVkCiAgICAgICAgYWNjZXNzIHRvIGFuIEhUVFAgc2VydmljZSwg ZWl0aGVyIG9uIGJlaGFsZiBvZiBhIHJlc291cmNlIG93bmVyIGJ5IG9yY2hlc3RyYXRpbmcgYW4g YXBwcm92YWwKICAgICAgICBpbnRlcmFjdGlvbiBiZXR3ZWVuIHRoZSByZXNvdXJjZSBvd25lciBh bmQgdGhlIEhUVFAgc2VydmljZSwgb3IgYnkgYWxsb3dpbmcgdGhlIHRoaXJkLXBhcnR5CiAgICAg ICAgYXBwbGljYXRpb24gdG8gb2J0YWluIGFjY2VzcyBvbiBpdHMgb3duIGJlaGFsZi4gVGhpcyBz cGVjaWZpY2F0aW9uIHJlcGxhY2VzIGFuZCBvYnNvbGV0ZXMKICAgICAgICB0aGUgT0F1dGggMS4w IHByb3RvY29sIGRlc2NyaWJlZCBpbiBSRkMgNTg0OS4KICAgICAgCjwvcD4KPGgzPlN0YXR1cyBv ZiB0aGlzIE1lbW88L2gzPgo8cD4KVGhpcyBJbnRlcm5ldC1EcmFmdCBpcyBzdWJtaXR0ZWQgIGlu IGZ1bGwKY29uZm9ybWFuY2Ugd2l0aCB0aGUgcHJvdmlzaW9ucyBvZiBCQ1AmbmJzcDs3OCBhbmQg QkNQJm5ic3A7NzkuPC9wPgo8cD4KSW50ZXJuZXQtRHJhZnRzIGFyZSB3b3JraW5nIGRvY3VtZW50 cyBvZiB0aGUgSW50ZXJuZXQgRW5naW5lZXJpbmcKVGFzayBGb3JjZSAoSUVURikuICBOb3RlIHRo YXQgb3RoZXIgZ3JvdXBzIG1heSBhbHNvIGRpc3RyaWJ1dGUKd29ya2luZyBkb2N1bWVudHMgYXMg SW50ZXJuZXQtRHJhZnRzLiAgVGhlIGxpc3Qgb2YgY3VycmVudApJbnRlcm5ldC1EcmFmdHMgaXMg YXQgaHR0cDovL2RhdGF0cmFja2VyLmlldGYub3JnL2RyYWZ0cy9jdXJyZW50Ly48L3A+CjxwPgpJ bnRlcm5ldC1EcmFmdHMgYXJlIGRyYWZ0IGRvY3VtZW50cyB2YWxpZCBmb3IgYSBtYXhpbXVtIG9m IHNpeCBtb250aHMKYW5kIG1heSBiZSB1cGRhdGVkLCByZXBsYWNlZCwgb3Igb2Jzb2xldGVkIGJ5 IG90aGVyIGRvY3VtZW50cyBhdCBhbnkgdGltZS4KSXQgaXMgaW5hcHByb3ByaWF0ZSB0byB1c2Ug SW50ZXJuZXQtRHJhZnRzIGFzIHJlZmVyZW5jZSBtYXRlcmlhbCBvciB0byBjaXRlCnRoZW0gb3Ro ZXIgdGhhbiBhcyAmbGRxdW87d29yayBpbiBwcm9ncmVzcy4mcmRxdW87PC9wPgo8cD4KVGhpcyBJ bnRlcm5ldC1EcmFmdCB3aWxsIGV4cGlyZSBvbiBKYW51YXJ5IDEwLCAyMDEzLjwvcD4KCjxoMz5D b3B5cmlnaHQgTm90aWNlPC9oMz4KPHA+CkNvcHlyaWdodCAoYykgMjAxMiBJRVRGIFRydXN0IGFu ZCB0aGUgcGVyc29ucyBpZGVudGlmaWVkIGFzIHRoZQpkb2N1bWVudCBhdXRob3JzLiAgQWxsIHJp Z2h0cyByZXNlcnZlZC48L3A+CjxwPgpUaGlzIGRvY3VtZW50IGlzIHN1YmplY3QgdG8gQkNQIDc4 IGFuZCB0aGUgSUVURiBUcnVzdCdzIExlZ2FsClByb3Zpc2lvbnMgUmVsYXRpbmcgdG8gSUVURiBE b2N1bWVudHMKKGh0dHA6Ly90cnVzdGVlLmlldGYub3JnL2xpY2Vuc2UtaW5mbykgaW4gZWZmZWN0 IG9uIHRoZSBkYXRlIG9mCnB1YmxpY2F0aW9uIG9mIHRoaXMgZG9jdW1lbnQuICBQbGVhc2UgcmV2 aWV3IHRoZXNlIGRvY3VtZW50cwpjYXJlZnVsbHksIGFzIHRoZXkgZGVzY3JpYmUgeW91ciByaWdo dHMgYW5kIHJlc3RyaWN0aW9ucyB3aXRoIHJlc3BlY3QKdG8gdGhpcyBkb2N1bWVudC4gQ29kZSBD b21wb25lbnRzIGV4dHJhY3RlZCBmcm9tIHRoaXMgZG9jdW1lbnQgbXVzdAppbmNsdWRlIFNpbXBs aWZpZWQgQlNEIExpY2Vuc2UgdGV4dCBhcyBkZXNjcmliZWQgaW4gU2VjdGlvbiA0LmUgb2YKdGhl IFRydXN0IExlZ2FsIFByb3Zpc2lvbnMgYW5kIGFyZSBwcm92aWRlZCB3aXRob3V0IHdhcnJhbnR5 IGFzCmRlc2NyaWJlZCBpbiB0aGUgU2ltcGxpZmllZCBCU0QgTGljZW5zZS48L3A+CjxhIG5hbWU9 InRvYyI+PC9hPjxiciAvPjxociAvPgo8aDM+VGFibGUgb2YgQ29udGVudHM8L2gzPgo8cCBjbGFz cz0idG9jIj4KPGEgaHJlZj0iI2FuY2hvcjEiPjEuPC9hPiZuYnNwOwpJbnRyb2R1Y3Rpb248YnIg Lz4KJm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7PGEgaHJlZj0iI2FuY2hvcjIiPjEuMS48L2E+Jm5i c3A7ClJvbGVzPGJyIC8+CiZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOzxhIGhyZWY9IiNhbmNob3Iz Ij4xLjIuPC9hPiZuYnNwOwpQcm90b2NvbCBGbG93PGJyIC8+CiZuYnNwOyZuYnNwOyZuYnNwOyZu YnNwOzxhIGhyZWY9IiNhbmNob3I0Ij4xLjMuPC9hPiZuYnNwOwpBdXRob3JpemF0aW9uIEdyYW50 PGJyIC8+CiZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOzxh IGhyZWY9IiNhbmNob3I1Ij4xLjMuMS48L2E+Jm5ic3A7CkF1dGhvcml6YXRpb24gQ29kZTxiciAv PgombmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDs8YSBocmVm PSIjYW5jaG9yNiI+MS4zLjIuPC9hPiZuYnNwOwpJbXBsaWNpdDxiciAvPgombmJzcDsmbmJzcDsm bmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDs8YSBocmVmPSIjYW5jaG9yNyI+MS4z LjMuPC9hPiZuYnNwOwpSZXNvdXJjZSBPd25lciBQYXNzd29yZCBDcmVkZW50aWFsczxiciAvPgom bmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDs8YSBocmVmPSIj YW5jaG9yOCI+MS4zLjQuPC9hPiZuYnNwOwpDbGllbnQgQ3JlZGVudGlhbHM8YnIgLz4KJm5ic3A7 Jm5ic3A7Jm5ic3A7Jm5ic3A7PGEgaHJlZj0iI2FuY2hvcjkiPjEuNC48L2E+Jm5ic3A7CkFjY2Vz cyBUb2tlbjxiciAvPgombmJzcDsmbmJzcDsmbmJzcDsmbmJzcDs8YSBocmVmPSIjYW5jaG9yMTAi PjEuNS48L2E+Jm5ic3A7ClJlZnJlc2ggVG9rZW48YnIgLz4KJm5ic3A7Jm5ic3A7Jm5ic3A7Jm5i c3A7PGEgaHJlZj0iI3RscyI+MS42LjwvYT4mbmJzcDsKVExTIFZlcnNpb248YnIgLz4KJm5ic3A7 Jm5ic3A7Jm5ic3A7Jm5ic3A7PGEgaHJlZj0iI2FuY2hvcjExIj4xLjcuPC9hPiZuYnNwOwpIVFRQ IFJlZGlyZWN0aW9uczxiciAvPgombmJzcDsmbmJzcDsmbmJzcDsmbmJzcDs8YSBocmVmPSIjYW5j aG9yMTIiPjEuOC48L2E+Jm5ic3A7CkludGVyb3BlcmFiaWxpdHk8YnIgLz4KJm5ic3A7Jm5ic3A7 Jm5ic3A7Jm5ic3A7PGEgaHJlZj0iI2FuY2hvcjEzIj4xLjkuPC9hPiZuYnNwOwpOb3RhdGlvbmFs IENvbnZlbnRpb25zPGJyIC8+CjxhIGhyZWY9IiNhbmNob3IxNCI+Mi48L2E+Jm5ic3A7CkNsaWVu dCBSZWdpc3RyYXRpb248YnIgLz4KJm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7PGEgaHJlZj0iI2Ns aWVudC10eXBlcyI+Mi4xLjwvYT4mbmJzcDsKQ2xpZW50IFR5cGVzPGJyIC8+CiZuYnNwOyZuYnNw OyZuYnNwOyZuYnNwOzxhIGhyZWY9IiNjbGllbnQtaWRlbnRpZmllciI+Mi4yLjwvYT4mbmJzcDsK Q2xpZW50IElkZW50aWZpZXI8YnIgLz4KJm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7PGEgaHJlZj0i I2NsaWVudC1hdXRoZW50aWNhdGlvbiI+Mi4zLjwvYT4mbmJzcDsKQ2xpZW50IEF1dGhlbnRpY2F0 aW9uPGJyIC8+CiZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNw OzxhIGhyZWY9IiNjbGllbnQtcGFzc3dvcmQiPjIuMy4xLjwvYT4mbmJzcDsKQ2xpZW50IFBhc3N3 b3JkPGJyIC8+CiZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNw OzxhIGhyZWY9IiNhbmNob3IxNSI+Mi4zLjIuPC9hPiZuYnNwOwpPdGhlciBBdXRoZW50aWNhdGlv biBNZXRob2RzPGJyIC8+CiZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOzxhIGhyZWY9IiNhbmNob3Ix NiI+Mi40LjwvYT4mbmJzcDsKVW5yZWdpc3RlcmVkIENsaWVudHM8YnIgLz4KPGEgaHJlZj0iI2Fu Y2hvcjE3Ij4zLjwvYT4mbmJzcDsKUHJvdG9jb2wgRW5kcG9pbnRzPGJyIC8+CiZuYnNwOyZuYnNw OyZuYnNwOyZuYnNwOzxhIGhyZWY9IiNhbmNob3IxOCI+My4xLjwvYT4mbmJzcDsKQXV0aG9yaXph dGlvbiBFbmRwb2ludDxiciAvPgombmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsm bmJzcDsmbmJzcDs8YSBocmVmPSIjcmVzcG9uc2UtdHlwZSI+My4xLjEuPC9hPiZuYnNwOwpSZXNw b25zZSBUeXBlPGJyIC8+CiZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNw OyZuYnNwOzxhIGhyZWY9IiNyZWRpcmVjdC11cmkiPjMuMS4yLjwvYT4mbmJzcDsKUmVkaXJlY3Rp b24gRW5kcG9pbnQ8YnIgLz4KJm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7PGEgaHJlZj0iI2FuY2hv cjI0Ij4zLjIuPC9hPiZuYnNwOwpUb2tlbiBFbmRwb2ludDxiciAvPgombmJzcDsmbmJzcDsmbmJz cDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDs8YSBocmVmPSIjdG9rZW4tZW5kcG9pbnQt YXV0aCI+My4yLjEuPC9hPiZuYnNwOwpDbGllbnQgQXV0aGVudGljYXRpb248YnIgLz4KJm5ic3A7 Jm5ic3A7Jm5ic3A7Jm5ic3A7PGEgaHJlZj0iI3Njb3BlIj4zLjMuPC9hPiZuYnNwOwpBY2Nlc3Mg VG9rZW4gU2NvcGU8YnIgLz4KPGEgaHJlZj0iI2FuY2hvcjI1Ij40LjwvYT4mbmJzcDsKT2J0YWlu aW5nIEF1dGhvcml6YXRpb248YnIgLz4KJm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7PGEgaHJlZj0i I2dyYW50LWNvZGUiPjQuMS48L2E+Jm5ic3A7CkF1dGhvcml6YXRpb24gQ29kZSBHcmFudDxiciAv PgombmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDs8YSBocmVm PSIjY29kZS1hdXRoei1yZXEiPjQuMS4xLjwvYT4mbmJzcDsKQXV0aG9yaXphdGlvbiBSZXF1ZXN0 PGJyIC8+CiZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOzxh IGhyZWY9IiNjb2RlLWF1dGh6LXJlc3AiPjQuMS4yLjwvYT4mbmJzcDsKQXV0aG9yaXphdGlvbiBS ZXNwb25zZTxiciAvPgombmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsm bmJzcDs8YSBocmVmPSIjdG9rZW4tcmVxIj40LjEuMy48L2E+Jm5ic3A7CkFjY2VzcyBUb2tlbiBS ZXF1ZXN0PGJyIC8+CiZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZu YnNwOzxhIGhyZWY9IiNhbmNob3IyNiI+NC4xLjQuPC9hPiZuYnNwOwpBY2Nlc3MgVG9rZW4gUmVz cG9uc2U8YnIgLz4KJm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7PGEgaHJlZj0iI2dyYW50LWltcGxp Y2l0Ij40LjIuPC9hPiZuYnNwOwpJbXBsaWNpdCBHcmFudDxiciAvPgombmJzcDsmbmJzcDsmbmJz cDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDs8YSBocmVmPSIjaW1wbGljaXQtYXV0aHot cmVxIj40LjIuMS48L2E+Jm5ic3A7CkF1dGhvcml6YXRpb24gUmVxdWVzdDxiciAvPgombmJzcDsm bmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDs8YSBocmVmPSIjaW1wbGlj aXQtYXV0aHotcmVzcCI+NC4yLjIuPC9hPiZuYnNwOwpBY2Nlc3MgVG9rZW4gUmVzcG9uc2U8YnIg Lz4KJm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7PGEgaHJlZj0iI2dyYW50LXBhc3N3b3JkIj40LjMu PC9hPiZuYnNwOwpSZXNvdXJjZSBPd25lciBQYXNzd29yZCBDcmVkZW50aWFscyBHcmFudDxiciAv PgombmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDs8YSBocmVm PSIjYW5jaG9yMjciPjQuMy4xLjwvYT4mbmJzcDsKQXV0aG9yaXphdGlvbiBSZXF1ZXN0IGFuZCBS ZXNwb25zZTxiciAvPgombmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsm bmJzcDs8YSBocmVmPSIjcGFzc3dvcmQtdG9rLXJlcSI+NC4zLjIuPC9hPiZuYnNwOwpBY2Nlc3Mg VG9rZW4gUmVxdWVzdDxiciAvPgombmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsm bmJzcDsmbmJzcDs8YSBocmVmPSIjYW5jaG9yMjgiPjQuMy4zLjwvYT4mbmJzcDsKQWNjZXNzIFRv a2VuIFJlc3BvbnNlPGJyIC8+CiZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOzxhIGhyZWY9IiNncmFu dC1jbGllbnQiPjQuNC48L2E+Jm5ic3A7CkNsaWVudCBDcmVkZW50aWFscyBHcmFudDxiciAvPgom bmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDs8YSBocmVmPSIj YW5jaG9yMjkiPjQuNC4xLjwvYT4mbmJzcDsKQXV0aG9yaXphdGlvbiBSZXF1ZXN0IGFuZCBSZXNw b25zZTxiciAvPgombmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJz cDs8YSBocmVmPSIjY2xpZW50LXJlcSI+NC40LjIuPC9hPiZuYnNwOwpBY2Nlc3MgVG9rZW4gUmVx dWVzdDxiciAvPgombmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJz cDs8YSBocmVmPSIjYW5jaG9yMzAiPjQuNC4zLjwvYT4mbmJzcDsKQWNjZXNzIFRva2VuIFJlc3Bv bnNlPGJyIC8+CiZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOzxhIGhyZWY9IiNleHQtZ3JhbnQiPjQu NS48L2E+Jm5ic3A7CkV4dGVuc2lvbiBHcmFudHM8YnIgLz4KPGEgaHJlZj0iI3Rva2VuLWlzc3Vl Ij41LjwvYT4mbmJzcDsKSXNzdWluZyBhbiBBY2Nlc3MgVG9rZW48YnIgLz4KJm5ic3A7Jm5ic3A7 Jm5ic3A7Jm5ic3A7PGEgaHJlZj0iI3Rva2VuLXJlc3BvbnNlIj41LjEuPC9hPiZuYnNwOwpTdWNj ZXNzZnVsIFJlc3BvbnNlPGJyIC8+CiZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOzxhIGhyZWY9IiN0 b2tlbi1lcnJvcnMiPjUuMi48L2E+Jm5ic3A7CkVycm9yIFJlc3BvbnNlPGJyIC8+CjxhIGhyZWY9 IiN0b2tlbi1yZWZyZXNoIj42LjwvYT4mbmJzcDsKUmVmcmVzaGluZyBhbiBBY2Nlc3MgVG9rZW48 YnIgLz4KPGEgaHJlZj0iI2FjY2Vzcy1yZXNvdXJjZSI+Ny48L2E+Jm5ic3A7CkFjY2Vzc2luZyBQ cm90ZWN0ZWQgUmVzb3VyY2VzPGJyIC8+CiZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOzxhIGhyZWY9 IiN0b2tlbi10eXBlcyI+Ny4xLjwvYT4mbmJzcDsKQWNjZXNzIFRva2VuIFR5cGVzPGJyIC8+CiZu YnNwOyZuYnNwOyZuYnNwOyZuYnNwOzxhIGhyZWY9IiNyZXNvdXJjZS1lcnJvcnMiPjcuMi48L2E+ Jm5ic3A7CkVycm9yIFJlc3BvbnNlPGJyIC8+CjxhIGhyZWY9IiNleHRlbnNpb25zIj44LjwvYT4m bmJzcDsKRXh0ZW5zaWJpbGl0eTxiciAvPgombmJzcDsmbmJzcDsmbmJzcDsmbmJzcDs8YSBocmVm PSIjbmV3LXR5cGVzIj44LjEuPC9hPiZuYnNwOwpEZWZpbmluZyBBY2Nlc3MgVG9rZW4gVHlwZXM8 YnIgLz4KJm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7PGEgaHJlZj0iI2VuZHBvaW50LXBhcmFtcyI+ OC4yLjwvYT4mbmJzcDsKRGVmaW5pbmcgTmV3IEVuZHBvaW50IFBhcmFtZXRlcnM8YnIgLz4KJm5i c3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7PGEgaHJlZj0iI2FuY2hvcjMxIj44LjMuPC9hPiZuYnNwOwpE ZWZpbmluZyBOZXcgQXV0aG9yaXphdGlvbiBHcmFudCBUeXBlczxiciAvPgombmJzcDsmbmJzcDsm bmJzcDsmbmJzcDs8YSBocmVmPSIjcmVzcG9uc2UtdHlwZS1leHQiPjguNC48L2E+Jm5ic3A7CkRl ZmluaW5nIE5ldyBBdXRob3JpemF0aW9uIEVuZHBvaW50IFJlc3BvbnNlIFR5cGVzPGJyIC8+CiZu YnNwOyZuYnNwOyZuYnNwOyZuYnNwOzxhIGhyZWY9IiNuZXctZXJyb3JzIj44LjUuPC9hPiZuYnNw OwpEZWZpbmluZyBBZGRpdGlvbmFsIEVycm9yIENvZGVzPGJyIC8+CjxhIGhyZWY9IiNhbmNob3Iz MiI+OS48L2E+Jm5ic3A7Ck5hdGl2ZSBBcHBsaWNhdGlvbnM8YnIgLz4KPGEgaHJlZj0iI2FuY2hv cjMzIj4xMC48L2E+Jm5ic3A7ClNlY3VyaXR5IENvbnNpZGVyYXRpb25zPGJyIC8+CiZuYnNwOyZu YnNwOyZuYnNwOyZuYnNwOzxhIGhyZWY9IiNhbmNob3IzNCI+MTAuMS48L2E+Jm5ic3A7CkNsaWVu dCBBdXRoZW50aWNhdGlvbjxiciAvPgombmJzcDsmbmJzcDsmbmJzcDsmbmJzcDs8YSBocmVmPSIj YW5jaG9yMzUiPjEwLjIuPC9hPiZuYnNwOwpDbGllbnQgSW1wZXJzb25hdGlvbjxiciAvPgombmJz cDsmbmJzcDsmbmJzcDsmbmJzcDs8YSBocmVmPSIjYW5jaG9yMzYiPjEwLjMuPC9hPiZuYnNwOwpB Y2Nlc3MgVG9rZW5zPGJyIC8+CiZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOzxhIGhyZWY9IiNhbmNo b3IzNyI+MTAuNC48L2E+Jm5ic3A7ClJlZnJlc2ggVG9rZW5zPGJyIC8+CiZuYnNwOyZuYnNwOyZu YnNwOyZuYnNwOzxhIGhyZWY9IiNhbmNob3IzOCI+MTAuNS48L2E+Jm5ic3A7CkF1dGhvcml6YXRp b24gQ29kZXM8YnIgLz4KJm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7PGEgaHJlZj0iI2FuY2hvcjM5 Ij4xMC42LjwvYT4mbmJzcDsKQXV0aG9yaXphdGlvbiBDb2RlIFJlZGlyZWN0aW9uIFVSSSBNYW5p cHVsYXRpb248YnIgLz4KJm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7PGEgaHJlZj0iI2FuY2hvcjQw Ij4xMC43LjwvYT4mbmJzcDsKUmVzb3VyY2UgT3duZXIgUGFzc3dvcmQgQ3JlZGVudGlhbHM8YnIg Lz4KJm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7PGEgaHJlZj0iI2FuY2hvcjQxIj4xMC44LjwvYT4m bmJzcDsKUmVxdWVzdCBDb25maWRlbnRpYWxpdHk8YnIgLz4KJm5ic3A7Jm5ic3A7Jm5ic3A7Jm5i c3A7PGEgaHJlZj0iI2FuY2hvcjQyIj4xMC45LjwvYT4mbmJzcDsKRW5kcG9pbnRzIEF1dGhlbnRp Y2l0eTxiciAvPgombmJzcDsmbmJzcDsmbmJzcDsmbmJzcDs8YSBocmVmPSIjYW50aHJvcHkiPjEw LjEwLjwvYT4mbmJzcDsKQ3JlZGVudGlhbHMgR3Vlc3NpbmcgQXR0YWNrczxiciAvPgombmJzcDsm bmJzcDsmbmJzcDsmbmJzcDs8YSBocmVmPSIjYW5jaG9yNDMiPjEwLjExLjwvYT4mbmJzcDsKUGhp c2hpbmcgQXR0YWNrczxiciAvPgombmJzcDsmbmJzcDsmbmJzcDsmbmJzcDs8YSBocmVmPSIjQ1NS RiI+MTAuMTIuPC9hPiZuYnNwOwpDcm9zcy1TaXRlIFJlcXVlc3QgRm9yZ2VyeTxiciAvPgombmJz cDsmbmJzcDsmbmJzcDsmbmJzcDs8YSBocmVmPSIjYW5jaG9yNDQiPjEwLjEzLjwvYT4mbmJzcDsK Q2xpY2tqYWNraW5nPGJyIC8+CiZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOzxhIGhyZWY9IiNhbmNo b3I0NSI+MTAuMTQuPC9hPiZuYnNwOwpDb2RlIEluamVjdGlvbiBhbmQgSW5wdXQgVmFsaWRhdGlv bjxiciAvPgombmJzcDsmbmJzcDsmbmJzcDsmbmJzcDs8YSBocmVmPSIjb3Blbi1yZWRpcmVjdCI+ MTAuMTUuPC9hPiZuYnNwOwpPcGVuIFJlZGlyZWN0b3JzPGJyIC8+CiZuYnNwOyZuYnNwOyZuYnNw OyZuYnNwOzxhIGhyZWY9IiNhbmNob3I0NiI+MTAuMTYuPC9hPiZuYnNwOwpNaXN1c2Ugb2YgQWNj ZXNzIFRva2VuIHRvIEltcGVyc29uYXRlIFJlc291cmNlIE93bmVyIGF0IFB1YmxpYyBDbGllbnQ8 YnIgLz4KPGEgaHJlZj0iI2FuY2hvcjQ3Ij4xMS48L2E+Jm5ic3A7CklBTkEgQ29uc2lkZXJhdGlv bnM8YnIgLz4KJm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7PGEgaHJlZj0iI3R5cGUtcmVnaXN0cnki PjExLjEuPC9hPiZuYnNwOwpUaGUgT0F1dGggQWNjZXNzIFRva2VuIFR5cGUgUmVnaXN0cnk8YnIg Lz4KJm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7PGEgaHJl Zj0iI2FuY2hvcjQ4Ij4xMS4xLjEuPC9hPiZuYnNwOwpSZWdpc3RyYXRpb24gVGVtcGxhdGU8YnIg Lz4KJm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7PGEgaHJlZj0iI3BhcmFtZXRlcnMtcmVnaXN0cnki PjExLjIuPC9hPiZuYnNwOwpUaGUgT0F1dGggUGFyYW1ldGVycyBSZWdpc3RyeTxiciAvPgombmJz cDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDs8YSBocmVmPSIjYW5j aG9yNDkiPjExLjIuMS48L2E+Jm5ic3A7ClJlZ2lzdHJhdGlvbiBUZW1wbGF0ZTxiciAvPgombmJz cDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDs8YSBocmVmPSIjYW5j aG9yNTAiPjExLjIuMi48L2E+Jm5ic3A7CkluaXRpYWwgUmVnaXN0cnkgQ29udGVudHM8YnIgLz4K Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7PGEgaHJlZj0iI3Jlc3BvbnNlLXR5cGUtcmVnaXN0cnki PjExLjMuPC9hPiZuYnNwOwpUaGUgT0F1dGggQXV0aG9yaXphdGlvbiBFbmRwb2ludCBSZXNwb25z ZSBUeXBlIFJlZ2lzdHJ5PGJyIC8+CiZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNw OyZuYnNwOyZuYnNwOzxhIGhyZWY9IiNhbmNob3I1MSI+MTEuMy4xLjwvYT4mbmJzcDsKUmVnaXN0 cmF0aW9uIFRlbXBsYXRlPGJyIC8+CiZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNw OyZuYnNwOyZuYnNwOzxhIGhyZWY9IiNhbmNob3I1MiI+MTEuMy4yLjwvYT4mbmJzcDsKSW5pdGlh bCBSZWdpc3RyeSBDb250ZW50czxiciAvPgombmJzcDsmbmJzcDsmbmJzcDsmbmJzcDs8YSBocmVm PSIjZXJyb3ItcmVnaXN0cnkiPjExLjQuPC9hPiZuYnNwOwpUaGUgT0F1dGggRXh0ZW5zaW9ucyBF cnJvciBSZWdpc3RyeTxiciAvPgombmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsm bmJzcDsmbmJzcDs8YSBocmVmPSIjYW5jaG9yNTMiPjExLjQuMS48L2E+Jm5ic3A7ClJlZ2lzdHJh dGlvbiBUZW1wbGF0ZTxiciAvPgo8YSBocmVmPSIjcmZjLnJlZmVyZW5jZXMxIj4xMi48L2E+Jm5i c3A7ClJlZmVyZW5jZXM8YnIgLz4KJm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7PGEgaHJlZj0iI3Jm Yy5yZWZlcmVuY2VzMSI+MTIuMS48L2E+Jm5ic3A7Ck5vcm1hdGl2ZSBSZWZlcmVuY2VzPGJyIC8+ CiZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOzxhIGhyZWY9IiNyZmMucmVmZXJlbmNlczIiPjEyLjIu PC9hPiZuYnNwOwpJbmZvcm1hdGl2ZSBSZWZlcmVuY2VzPGJyIC8+CjxhIGhyZWY9IiNhbmNob3I1 NiI+QXBwZW5kaXgmbmJzcDtBLjwvYT4mbmJzcDsKQXVnbWVudGVkIEJhY2t1cy1OYXVyIEZvcm0g KEFCTkYpIFN5bnRheDxiciAvPgombmJzcDsmbmJzcDsmbmJzcDsmbmJzcDs8YSBocmVmPSIjYW5j aG9yNTciPkEuMS48L2E+Jm5ic3A7CiJjbGllbnRfaWQiIFN5bnRheDxiciAvPgombmJzcDsmbmJz cDsmbmJzcDsmbmJzcDs8YSBocmVmPSIjYW5jaG9yNTgiPkEuMi48L2E+Jm5ic3A7CiJjbGllbnRf c2VjcmV0IiBTeW50YXg8YnIgLz4KJm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7PGEgaHJlZj0iI2Fu Y2hvcjU5Ij5BLjMuPC9hPiZuYnNwOwoicmVzcG9uc2VfdHlwZSIgU3ludGF4PGJyIC8+CiZuYnNw OyZuYnNwOyZuYnNwOyZuYnNwOzxhIGhyZWY9IiNhbmNob3I2MCI+QS40LjwvYT4mbmJzcDsKInNj b3BlIiBTeW50YXg8YnIgLz4KJm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7PGEgaHJlZj0iI2FuY2hv cjYxIj5BLjUuPC9hPiZuYnNwOwoic3RhdGUiIFN5bnRheDxiciAvPgombmJzcDsmbmJzcDsmbmJz cDsmbmJzcDs8YSBocmVmPSIjYW5jaG9yNjIiPkEuNi48L2E+Jm5ic3A7CiJyZWRpcmVjdF91cmki IFN5bnRheDxiciAvPgombmJzcDsmbmJzcDsmbmJzcDsmbmJzcDs8YSBocmVmPSIjYW5jaG9yNjMi PkEuNy48L2E+Jm5ic3A7CiJlcnJvciIgU3ludGF4PGJyIC8+CiZuYnNwOyZuYnNwOyZuYnNwOyZu YnNwOzxhIGhyZWY9IiNhbmNob3I2NCI+QS44LjwvYT4mbmJzcDsKImVycm9yX2Rlc2NyaXB0aW9u IiBTeW50YXg8YnIgLz4KJm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7PGEgaHJlZj0iI2FuY2hvcjY1 Ij5BLjkuPC9hPiZuYnNwOwoiZXJyb3JfdXJpIiBTeW50YXg8YnIgLz4KJm5ic3A7Jm5ic3A7Jm5i c3A7Jm5ic3A7PGEgaHJlZj0iI2FuY2hvcjY2Ij5BLjEwLjwvYT4mbmJzcDsKImdyYW50X3R5cGUi IFN5bnRheDxiciAvPgombmJzcDsmbmJzcDsmbmJzcDsmbmJzcDs8YSBocmVmPSIjYW5jaG9yNjci PkEuMTEuPC9hPiZuYnNwOwoiY29kZSIgU3ludGF4PGJyIC8+CiZuYnNwOyZuYnNwOyZuYnNwOyZu YnNwOzxhIGhyZWY9IiNhbmNob3I2OCI+QS4xMi48L2E+Jm5ic3A7CiJhY2Nlc3NfdG9rZW4iIFN5 bnRheDxiciAvPgombmJzcDsmbmJzcDsmbmJzcDsmbmJzcDs8YSBocmVmPSIjYW5jaG9yNjkiPkEu MTMuPC9hPiZuYnNwOwoidG9rZW5fdHlwZSIgU3ludGF4PGJyIC8+CiZuYnNwOyZuYnNwOyZuYnNw OyZuYnNwOzxhIGhyZWY9IiNhbmNob3I3MCI+QS4xNC48L2E+Jm5ic3A7CiJleHBpcmVzX2luIiBT eW50YXg8YnIgLz4KJm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7PGEgaHJlZj0iI2FuY2hvcjcxIj5B LjE1LjwvYT4mbmJzcDsKInVzZXJuYW1lIiBTeW50YXg8YnIgLz4KJm5ic3A7Jm5ic3A7Jm5ic3A7 Jm5ic3A7PGEgaHJlZj0iI2FuY2hvcjcyIj5BLjE2LjwvYT4mbmJzcDsKInBhc3N3b3JkIiBTeW50 YXg8YnIgLz4KJm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7PGEgaHJlZj0iI2FuY2hvcjczIj5BLjE3 LjwvYT4mbmJzcDsKInJlZnJlc2hfdG9rZW4iIFN5bnRheDxiciAvPgombmJzcDsmbmJzcDsmbmJz cDsmbmJzcDs8YSBocmVmPSIjYW5jaG9yNzQiPkEuMTguPC9hPiZuYnNwOwpFbmRwb2ludCBQYXJh bWV0ZXIgU3ludGF4PGJyIC8+CjxhIGhyZWY9IiNhbmNob3I3NSI+QXBwZW5kaXgmbmJzcDtCLjwv YT4mbmJzcDsKQWNrbm93bGVkZ2VtZW50czxiciAvPgo8YSBocmVmPSIjYW5jaG9yNzYiPkFwcGVu ZGl4Jm5ic3A7Qy48L2E+Jm5ic3A7CkRvY3VtZW50IEhpc3Rvcnk8YnIgLz4KPGEgaHJlZj0iI3Jm Yy5hdXRob3JzIj4mIzE2Nzs8L2E+Jm5ic3A7CkF1dGhvcnMnIEFkZHJlc3NlczxiciAvPgo8L3A+ CjxiciBjbGVhcj0iYWxsIiAvPgoKPGEgbmFtZT0iYW5jaG9yMSI+PC9hPjxiciAvPjxociAvPgo8 dGFibGUgc3VtbWFyeT0ibGF5b3V0IiBjZWxscGFkZGluZz0iMCIgY2VsbHNwYWNpbmc9IjIiIGNs YXNzPSJUT0NidWciIGFsaWduPSJyaWdodCI+PHRyPjx0ZCBjbGFzcz0iVE9DYnVnIj48YSBocmVm PSIjdG9jIj4mbmJzcDtUT0MmbmJzcDs8L2E+PC90ZD48L3RyPjwvdGFibGU+CjxhIG5hbWU9InJm Yy5zZWN0aW9uLjEiPjwvYT48aDM+MS4mbmJzcDsKSW50cm9kdWN0aW9uPC9oMz4KCjxwPgogICAg ICAgIEluIHRoZSB0cmFkaXRpb25hbCBjbGllbnQtc2VydmVyIGF1dGhlbnRpY2F0aW9uIG1vZGVs LCB0aGUgY2xpZW50IHJlcXVlc3RzIGFuIGFjY2VzcwogICAgICAgIHJlc3RyaWN0ZWQgcmVzb3Vy Y2UgKHByb3RlY3RlZCByZXNvdXJjZSkgb24gdGhlIHNlcnZlciBieSBhdXRoZW50aWNhdGluZyB3 aXRoIHRoZSBzZXJ2ZXIKICAgICAgICB1c2luZyB0aGUgcmVzb3VyY2Ugb3duZXIncyBjcmVkZW50 aWFscy4gSW4gb3JkZXIgdG8gcHJvdmlkZSB0aGlyZC1wYXJ0eSBhcHBsaWNhdGlvbnMgYWNjZXNz CiAgICAgICAgdG8gcmVzdHJpY3RlZCByZXNvdXJjZXMsIHRoZSByZXNvdXJjZSBvd25lciBzaGFy ZXMgaXRzIGNyZWRlbnRpYWxzIHdpdGggdGhlIHRoaXJkLXBhcnR5LgogICAgICAgIFRoaXMgY3Jl YXRlcyBzZXZlcmFsIHByb2JsZW1zIGFuZCBsaW1pdGF0aW9uczoKICAgICAgCjwvcD4KPHA+CiAg ICAgICAgPC9wPgo8dWwgY2xhc3M9InRleHQiPgo8bGk+CiAgICAgICAgICAgIFRoaXJkLXBhcnR5 IGFwcGxpY2F0aW9ucyBhcmUgcmVxdWlyZWQgdG8gc3RvcmUgdGhlIHJlc291cmNlIG93bmVyJ3Mg Y3JlZGVudGlhbHMKICAgICAgICAgICAgZm9yIGZ1dHVyZSB1c2UsIHR5cGljYWxseSBhIHBhc3N3 b3JkIGluIGNsZWFyLXRleHQuCiAgICAgICAgICAKPC9saT4KPGxpPgogICAgICAgICAgICBTZXJ2 ZXJzIGFyZSByZXF1aXJlZCB0byBzdXBwb3J0IHBhc3N3b3JkIGF1dGhlbnRpY2F0aW9uLCBkZXNw aXRlIHRoZSBzZWN1cml0eQogICAgICAgICAgICB3ZWFrbmVzc2VzIGluaGVyZW50IGluIHBhc3N3 b3Jkcy4KICAgICAgICAgIAo8L2xpPgo8bGk+CiAgICAgICAgICAgIFRoaXJkLXBhcnR5IGFwcGxp Y2F0aW9ucyBnYWluIG92ZXJseSBicm9hZCBhY2Nlc3MgdG8gdGhlIHJlc291cmNlIG93bmVyJ3Mg cHJvdGVjdGVkCiAgICAgICAgICAgIHJlc291cmNlcywgbGVhdmluZyByZXNvdXJjZSBvd25lcnMg d2l0aG91dCBhbnkgYWJpbGl0eSB0byByZXN0cmljdCBkdXJhdGlvbiBvciBhY2Nlc3MKICAgICAg ICAgICAgdG8gYSBsaW1pdGVkIHN1YnNldCBvZiByZXNvdXJjZXMuCiAgICAgICAgICAKPC9saT4K PGxpPgogICAgICAgICAgICBSZXNvdXJjZSBvd25lcnMgY2Fubm90IHJldm9rZSBhY2Nlc3MgdG8g YW4gaW5kaXZpZHVhbCB0aGlyZC1wYXJ0eSB3aXRob3V0IHJldm9raW5nCiAgICAgICAgICAgIGFj Y2VzcyB0byBhbGwgdGhpcmQtcGFydGllcywgYW5kIG11c3QgZG8gc28gYnkgY2hhbmdpbmcgdGhl aXIgcGFzc3dvcmQuCiAgICAgICAgICAKPC9saT4KPGxpPgogICAgICAgICAgICBDb21wcm9taXNl IG9mIGFueSB0aGlyZC1wYXJ0eSBhcHBsaWNhdGlvbiByZXN1bHRzIGluIGNvbXByb21pc2Ugb2Yg dGhlIGVuZC11c2VyJ3MKICAgICAgICAgICAgcGFzc3dvcmQgYW5kIGFsbCBvZiB0aGUgZGF0YSBw cm90ZWN0ZWQgYnkgdGhhdCBwYXNzd29yZC4KICAgICAgICAgIAo8L2xpPgo8L3VsPjxwPgogICAg ICAKPC9wPgo8cD4KICAgICAgICBPQXV0aCBhZGRyZXNzZXMgdGhlc2UgaXNzdWVzIGJ5IGludHJv ZHVjaW5nIGFuIGF1dGhvcml6YXRpb24gbGF5ZXIgYW5kIHNlcGFyYXRpbmcgdGhlIHJvbGUKICAg ICAgICBvZiB0aGUgY2xpZW50IGZyb20gdGhhdCBvZiB0aGUgcmVzb3VyY2Ugb3duZXIuIEluIE9B dXRoLCB0aGUgY2xpZW50IHJlcXVlc3RzIGFjY2VzcyB0bwogICAgICAgIHJlc291cmNlcyBjb250 cm9sbGVkIGJ5IHRoZSByZXNvdXJjZSBvd25lciBhbmQgaG9zdGVkIGJ5IHRoZSByZXNvdXJjZSBz ZXJ2ZXIsIGFuZCBpcyBpc3N1ZWQKICAgICAgICBhIGRpZmZlcmVudCBzZXQgb2YgY3JlZGVudGlh bHMgdGhhbiB0aG9zZSBvZiB0aGUgcmVzb3VyY2Ugb3duZXIuCiAgICAgIAo8L3A+CjxwPgogICAg ICAgIEluc3RlYWQgb2YgdXNpbmcgdGhlIHJlc291cmNlIG93bmVyJ3MgY3JlZGVudGlhbHMgdG8g YWNjZXNzIHByb3RlY3RlZCByZXNvdXJjZXMsIHRoZSBjbGllbnQKICAgICAgICBvYnRhaW5zIGFu IGFjY2VzcyB0b2tlbiAtIGEgc3RyaW5nIGRlbm90aW5nIGEgc3BlY2lmaWMgc2NvcGUsIGxpZmV0 aW1lLCBhbmQgb3RoZXIgYWNjZXNzCiAgICAgICAgYXR0cmlidXRlcy4gQWNjZXNzIHRva2VucyBh cmUgaXNzdWVkIHRvIHRoaXJkLXBhcnR5IGNsaWVudHMgYnkgYW4gYXV0aG9yaXphdGlvbiBzZXJ2 ZXIgd2l0aAogICAgICAgIHRoZSBhcHByb3ZhbCBvZiB0aGUgcmVzb3VyY2Ugb3duZXIuIFRoZSBj bGllbnQgdXNlcyB0aGUgYWNjZXNzIHRva2VuIHRvIGFjY2VzcyB0aGUKICAgICAgICBwcm90ZWN0 ZWQgcmVzb3VyY2VzIGhvc3RlZCBieSB0aGUgcmVzb3VyY2Ugc2VydmVyLgogICAgICAKPC9wPgo8 cD4KICAgICAgICBGb3IgZXhhbXBsZSwgYW4gZW5kLXVzZXIgKHJlc291cmNlIG93bmVyKSBjYW4g Z3JhbnQgYSBwcmludGluZyBzZXJ2aWNlIChjbGllbnQpIGFjY2VzcwogICAgICAgIHRvIGhlciBw cm90ZWN0ZWQgcGhvdG9zIHN0b3JlZCBhdCBhIHBob3RvIHNoYXJpbmcgc2VydmljZSAocmVzb3Vy Y2Ugc2VydmVyKSwgd2l0aG91dAogICAgICAgIHNoYXJpbmcgaGVyIHVzZXJuYW1lIGFuZCBwYXNz d29yZCB3aXRoIHRoZSBwcmludGluZyBzZXJ2aWNlLiBJbnN0ZWFkLCBzaGUgYXV0aGVudGljYXRl cwogICAgICAgIGRpcmVjdGx5IHdpdGggYSBzZXJ2ZXIgdHJ1c3RlZCBieSB0aGUgcGhvdG8gc2hh cmluZyBzZXJ2aWNlIChhdXRob3JpemF0aW9uIHNlcnZlcikgd2hpY2gKICAgICAgICBpc3N1ZXMg dGhlIHByaW50aW5nIHNlcnZpY2UgZGVsZWdhdGlvbi1zcGVjaWZpYyBjcmVkZW50aWFscyAoYWNj ZXNzIHRva2VuKS4KICAgICAgCjwvcD4KPHA+CiAgICAgICAgVGhpcyBzcGVjaWZpY2F0aW9uIGlz IGRlc2lnbmVkIGZvciB1c2Ugd2l0aCBIVFRQICg8YSBjbGFzcz0naW5mbycgaHJlZj0nI1JGQzI2 MTYnPltSRkMyNjE2XTxzcGFuPiAoPC9zcGFuPjxzcGFuIGNsYXNzPSdpbmZvJz5GaWVsZGluZywg Ui4sIEdldHR5cywgSi4sIE1vZ3VsLCBKLiwgRnJ5c3R5aywgSC4sIE1hc2ludGVyLCBMLiwgTGVh Y2gsIFAuLCBhbmQgVC4gQmVybmVycy1MZWUsICZsZHF1bztIeXBlcnRleHQgVHJhbnNmZXIgUHJv dG9jb2wgLS0gSFRUUC8xLjEsJnJkcXVvOyBKdW5lJm5ic3A7MTk5OS48L3NwYW4+PHNwYW4+KTwv c3Bhbj48L2E+KS4gVGhlIHVzZSBvZgogICAgICAgIE9BdXRoIG92ZXIgYW55IG90aGVyIHByb3Rv Y29sIHRoYW4gSFRUUCBpcyBvdXQgb2Ygc2NvcGUuCiAgICAgIAo8L3A+CjxwPgogICAgICAgIFRo ZSBPQXV0aCAxLjAgcHJvdG9jb2wgKDxhIGNsYXNzPSdpbmZvJyBocmVmPScjUkZDNTg0OSc+W1JG QzU4NDldPHNwYW4+ICg8L3NwYW4+PHNwYW4gY2xhc3M9J2luZm8nPkhhbW1lci1MYWhhdiwgRS4s ICZsZHF1bztUaGUgT0F1dGggMS4wIFByb3RvY29sLCZyZHF1bzsgQXByaWwmbmJzcDsyMDEwLjwv c3Bhbj48c3Bhbj4pPC9zcGFuPjwvYT4pLCBwdWJsaXNoZWQgYXMgYW4gaW5mb3JtYXRpb25hbCBk b2N1bWVudCwKICAgICAgICB3YXMgdGhlIHJlc3VsdCBvZiBhIHNtYWxsIGFkLWhvYyBjb21tdW5p dHkgZWZmb3J0LiBUaGlzIHN0YW5kYXJkcy10cmFjayBzcGVjaWZpY2F0aW9uIGJ1aWxkcwogICAg ICAgIG9uIHRoZSBPQXV0aCAxLjAgZGVwbG95bWVudCBleHBlcmllbmNlLCBhcyB3ZWxsIGFzIGFk ZGl0aW9uYWwgdXNlIGNhc2VzIGFuZCBleHRlbnNpYmlsaXR5CiAgICAgICAgcmVxdWlyZW1lbnRz IGdhdGhlcmVkIGZyb20gdGhlIHdpZGVyIElFVEYgY29tbXVuaXR5LiBUaGUgT0F1dGggMi4wIHBy b3RvY29sIGlzIG5vdCBiYWNrd2FyZAogICAgICAgIGNvbXBhdGlibGUgd2l0aCBPQXV0aCAxLjAu IFRoZSB0d28gdmVyc2lvbnMgbWF5IGNvLWV4aXN0IG9uIHRoZSBuZXR3b3JrIGFuZCBpbXBsZW1l bnRhdGlvbnMKICAgICAgICBtYXkgY2hvb3NlIHRvIHN1cHBvcnQgYm90aC4gSG93ZXZlciwgaXQg aXMgdGhlIGludGVudGlvbiBvZiB0aGlzIHNwZWNpZmljYXRpb24gdGhhdCBuZXcKICAgICAgICBp bXBsZW1lbnRhdGlvbiBzdXBwb3J0IE9BdXRoIDIuMCBhcyBzcGVjaWZpZWQgaW4gdGhpcyBkb2N1 bWVudCwgYW5kIHRoYXQgT0F1dGggMS4wIGlzIHVzZWQKICAgICAgICBvbmx5IHRvIHN1cHBvcnQg ZXhpc3RpbmcgZGVwbG95bWVudHMuIFRoZSBPQXV0aCAyLjAgcHJvdG9jb2wgc2hhcmVzIHZlcnkg ZmV3IGltcGxlbWVudGF0aW9uCiAgICAgICAgZGV0YWlscyB3aXRoIHRoZSBPQXV0aCAxLjAgcHJv dG9jb2wuIEltcGxlbWVudGVycyBmYW1pbGlhciB3aXRoIE9BdXRoIDEuMCBzaG91bGQgYXBwcm9h Y2gKICAgICAgICB0aGlzIGRvY3VtZW50IHdpdGhvdXQgYW55IGFzc3VtcHRpb25zIGFzIHRvIGl0 cyBzdHJ1Y3R1cmUgYW5kIGRldGFpbHMuCiAgICAgIAo8L3A+CjxhIG5hbWU9ImFuY2hvcjIiPjwv YT48YnIgLz48aHIgLz4KPHRhYmxlIHN1bW1hcnk9ImxheW91dCIgY2VsbHBhZGRpbmc9IjAiIGNl bGxzcGFjaW5nPSIyIiBjbGFzcz0iVE9DYnVnIiBhbGlnbj0icmlnaHQiPjx0cj48dGQgY2xhc3M9 IlRPQ2J1ZyI+PGEgaHJlZj0iI3RvYyI+Jm5ic3A7VE9DJm5ic3A7PC9hPjwvdGQ+PC90cj48L3Rh YmxlPgo8YSBuYW1lPSJyZmMuc2VjdGlvbi4xLjEiPjwvYT48aDM+MS4xLiZuYnNwOwpSb2xlczwv aDM+Cgo8cD4KICAgICAgICAgIE9BdXRoIGRlZmluZXMgZm91ciByb2xlczoKICAgICAgICAKPC9w Pgo8cD4KICAgICAgICAgIDwvcD4KPGJsb2NrcXVvdGUgY2xhc3M9InRleHQiPjxkbD4KPGR0PnJl c291cmNlIG93bmVyPC9kdD4KPGRkPgogICAgICAgICAgICAgIAogICAgICAgICAgICAgIEFuIGVu dGl0eSBjYXBhYmxlIG9mIGdyYW50aW5nIGFjY2VzcyB0byBhIHByb3RlY3RlZCByZXNvdXJjZS4g V2hlbiB0aGUgcmVzb3VyY2Ugb3duZXIKICAgICAgICAgICAgICBpcyBhIHBlcnNvbiwgaXQgaXMg cmVmZXJyZWQgdG8gYXMgYW4gZW5kLXVzZXIuCiAgICAgICAgICAgIAo8L2RkPgo8ZHQ+cmVzb3Vy Y2Ugc2VydmVyPC9kdD4KPGRkPgogICAgICAgICAgICAgIAogICAgICAgICAgICAgIFRoZSBzZXJ2 ZXIgaG9zdGluZyB0aGUgcHJvdGVjdGVkIHJlc291cmNlcywgY2FwYWJsZSBvZiBhY2NlcHRpbmcg YW5kIHJlc3BvbmRpbmcgdG8KICAgICAgICAgICAgICBwcm90ZWN0ZWQgcmVzb3VyY2UgcmVxdWVz dHMgdXNpbmcgYWNjZXNzIHRva2Vucy4KICAgICAgICAgICAgCjwvZGQ+CjxkdD5jbGllbnQ8L2R0 Pgo8ZGQ+CiAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgQW4gYXBwbGljYXRpb24gbWFraW5n IHByb3RlY3RlZCByZXNvdXJjZSByZXF1ZXN0cyBvbiBiZWhhbGYgb2YgdGhlIHJlc291cmNlIG93 bmVyIGFuZAogICAgICAgICAgICAgIHdpdGggaXRzIGF1dGhvcml6YXRpb24uIFRoZSB0ZXJtIGNs aWVudCBkb2VzIG5vdCBpbXBseSBhbnkgcGFydGljdWxhciBpbXBsZW1lbnRhdGlvbgogICAgICAg ICAgICAgIGNoYXJhY3RlcmlzdGljcyAoZS5nLiB3aGV0aGVyIHRoZSBhcHBsaWNhdGlvbiBleGVj dXRlcyBvbiBhIHNlcnZlciwgYSBkZXNrdG9wLCBvcgogICAgICAgICAgICAgIG90aGVyIGRldmlj ZXMpLgogICAgICAgICAgICAKPC9kZD4KPGR0PmF1dGhvcml6YXRpb24gc2VydmVyPC9kdD4KPGRk PgogICAgICAgICAgICAgIAogICAgICAgICAgICAgIFRoZSBzZXJ2ZXIgaXNzdWluZyBhY2Nlc3Mg dG9rZW5zIHRvIHRoZSBjbGllbnQgYWZ0ZXIgc3VjY2Vzc2Z1bGx5IGF1dGhlbnRpY2F0aW5nIHRo ZQogICAgICAgICAgICAgIHJlc291cmNlIG93bmVyIGFuZCBvYnRhaW5pbmcgYXV0aG9yaXphdGlv bi4KICAgICAgICAgICAgCjwvZGQ+CjwvZGw+PC9ibG9ja3F1b3RlPjxwPgogICAgICAgIAo8L3A+ CjxwPgogICAgICAgICAgVGhlIGludGVyYWN0aW9uIGJldHdlZW4gdGhlIGF1dGhvcml6YXRpb24g c2VydmVyIGFuZCByZXNvdXJjZSBzZXJ2ZXIgaXMgYmV5b25kIHRoZSBzY29wZQogICAgICAgICAg b2YgdGhpcyBzcGVjaWZpY2F0aW9uLiBUaGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgbWF5IGJlIHRo ZSBzYW1lIHNlcnZlciBhcyB0aGUgcmVzb3VyY2UKICAgICAgICAgIHNlcnZlciBvciBhIHNlcGFy YXRlIGVudGl0eS4gQSBzaW5nbGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgbWF5IGlzc3VlIGFjY2Vz cyB0b2tlbnMKICAgICAgICAgIGFjY2VwdGVkIGJ5IG11bHRpcGxlIHJlc291cmNlIHNlcnZlcnMu CiAgICAgICAgCjwvcD4KPGEgbmFtZT0iYW5jaG9yMyI+PC9hPjxiciAvPjxociAvPgo8dGFibGUg c3VtbWFyeT0ibGF5b3V0IiBjZWxscGFkZGluZz0iMCIgY2VsbHNwYWNpbmc9IjIiIGNsYXNzPSJU T0NidWciIGFsaWduPSJyaWdodCI+PHRyPjx0ZCBjbGFzcz0iVE9DYnVnIj48YSBocmVmPSIjdG9j Ij4mbmJzcDtUT0MmbmJzcDs8L2E+PC90ZD48L3RyPjwvdGFibGU+CjxhIG5hbWU9InJmYy5zZWN0 aW9uLjEuMiI+PC9hPjxoMz4xLjIuJm5ic3A7ClByb3RvY29sIEZsb3c8L2gzPgo8YnIgLz48aHIg Y2xhc3M9Imluc2VydCIgLz4KPGEgbmFtZT0iRmlndXJlLTEiPjwvYT4KPGRpdiBzdHlsZT0nZGlz cGxheTogdGFibGU7IHdpZHRoOiAwOyBtYXJnaW4tbGVmdDogM2VtOyBtYXJnaW4tcmlnaHQ6IGF1 dG8nPjxwcmU+CiAgKy0tLS0tLS0tKyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICArLS0t LS0tLS0tLS0tLS0tKwogIHwgICAgICAgIHwtLShBKS0gQXV0aG9yaXphdGlvbiBSZXF1ZXN0IC0m Z3Q7fCAgIFJlc291cmNlICAgIHwKICB8ICAgICAgICB8ICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgIHwgICAgIE93bmVyICAgICB8CiAgfCAgICAgICAgfCZsdDstKEIpLS0gQXV0aG9yaXph dGlvbiBHcmFudCAtLS18ICAgICAgICAgICAgICAgfAogIHwgICAgICAgIHwgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgKy0tLS0tLS0tLS0tLS0tLSsKICB8ICAgICAgICB8CiAgfCAgICAg ICAgfCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICArLS0tLS0tLS0tLS0tLS0tKwogIHwg ICAgICAgIHwtLShDKS0tIEF1dGhvcml6YXRpb24gR3JhbnQgLS0mZ3Q7fCBBdXRob3JpemF0aW9u IHwKICB8IENsaWVudCB8ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHwgICAgIFNlcnZl ciAgICB8CiAgfCAgICAgICAgfCZsdDstKEQpLS0tLS0gQWNjZXNzIFRva2VuIC0tLS0tLS18ICAg ICAgICAgICAgICAgfAogIHwgICAgICAgIHwgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg Ky0tLS0tLS0tLS0tLS0tLSsKICB8ICAgICAgICB8CiAgfCAgICAgICAgfCAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICArLS0tLS0tLS0tLS0tLS0tKwogIHwgICAgICAgIHwtLShFKS0tLS0t IEFjY2VzcyBUb2tlbiAtLS0tLS0mZ3Q7fCAgICBSZXNvdXJjZSAgIHwKICB8ICAgICAgICB8ICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgIHwgICAgIFNlcnZlciAgICB8CiAgfCAgICAgICAg fCZsdDstKEYpLS0tIFByb3RlY3RlZCBSZXNvdXJjZSAtLS18ICAgICAgICAgICAgICAgfAogICst LS0tLS0tLSsgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgKy0tLS0tLS0tLS0tLS0tLSsK PC9wcmU+PC9kaXY+PHRhYmxlIGJvcmRlcj0iMCIgY2VsbHBhZGRpbmc9IjAiIGNlbGxzcGFjaW5n PSIyIiBhbGlnbj0iY2VudGVyIj48dHI+PHRkIGFsaWduPSJjZW50ZXIiPjxmb250IGZhY2U9Im1v bmFjbywgTVMgU2FucyBTZXJpZiIgc2l6ZT0iMSI+PGI+Jm5ic3A7RmlndXJlJm5ic3A7MTogQWJz dHJhY3QgUHJvdG9jb2wgRmxvdyZuYnNwOzwvYj48L2ZvbnQ+PGJyIC8+PC90ZD48L3RyPjwvdGFi bGU+PGhyIGNsYXNzPSJpbnNlcnQiIC8+Cgo8cD4KICAgICAgICAgIFRoZSBhYnN0cmFjdCBmbG93 IGlsbHVzdHJhdGVkIGluIDxhIGNsYXNzPSdpbmZvJyBocmVmPScjRmlndXJlLTEnPkZpZ3VyZSZu YnNwOzE8c3Bhbj4gKDwvc3Bhbj48c3BhbiBjbGFzcz0naW5mbyc+QWJzdHJhY3QgUHJvdG9jb2wg Rmxvdzwvc3Bhbj48c3Bhbj4pPC9zcGFuPjwvYT4gZGVzY3JpYmVzIHRoZSBpbnRlcmFjdGlvbgog ICAgICAgICAgYmV0d2VlbiB0aGUgZm91ciByb2xlcyBhbmQgaW5jbHVkZXMgdGhlIGZvbGxvd2lu ZyBzdGVwczoKICAgICAgICAKPC9wPgo8cD4KICAgICAgICAgIDwvcD4KPGJsb2NrcXVvdGUgY2xh c3M9InRleHQiPjxkbD4KPGR0PihBKTwvZHQ+CjxkZD4KICAgICAgICAgICAgICBUaGUgY2xpZW50 IHJlcXVlc3RzIGF1dGhvcml6YXRpb24gZnJvbSB0aGUgcmVzb3VyY2Ugb3duZXIuIFRoZSBhdXRo b3JpemF0aW9uIHJlcXVlc3QKICAgICAgICAgICAgICBjYW4gYmUgbWFkZSBkaXJlY3RseSB0byB0 aGUgcmVzb3VyY2Ugb3duZXIgKGFzIHNob3duKSwgb3IgcHJlZmVyYWJseSBpbmRpcmVjdGx5IHZp YQogICAgICAgICAgICAgIHRoZSBhdXRob3JpemF0aW9uIHNlcnZlciBhcyBhbiBpbnRlcm1lZGlh cnkuCiAgICAgICAgICAgIAo8L2RkPgo8ZHQ+KEIpPC9kdD4KPGRkPgogICAgICAgICAgICAgIFRo ZSBjbGllbnQgcmVjZWl2ZXMgYW4gYXV0aG9yaXphdGlvbiBncmFudCB3aGljaCBpcyBhIGNyZWRl bnRpYWwgcmVwcmVzZW50aW5nCiAgICAgICAgICAgICAgdGhlIHJlc291cmNlIG93bmVyJ3MgYXV0 aG9yaXphdGlvbiwgZXhwcmVzc2VkIHVzaW5nIG9uZSBvZiBmb3VyIGdyYW50IHR5cGVzIGRlZmlu ZWQKICAgICAgICAgICAgICBpbiB0aGlzIHNwZWNpZmljYXRpb24gb3IgdXNpbmcgYW4gZXh0ZW5z aW9uIGdyYW50IHR5cGUuIFRoZSBhdXRob3JpemF0aW9uIGdyYW50IHR5cGUKICAgICAgICAgICAg ICBkZXBlbmRzIG9uIHRoZSBtZXRob2QgdXNlZCBieSB0aGUgY2xpZW50IHRvIHJlcXVlc3QgYXV0 aG9yaXphdGlvbiBhbmQgdGhlIHR5cGVzCiAgICAgICAgICAgICAgc3VwcG9ydGVkIGJ5IHRoZSBh dXRob3JpemF0aW9uIHNlcnZlci4KICAgICAgICAgICAgCjwvZGQ+CjxkdD4oQyk8L2R0Pgo8ZGQ+ CiAgICAgICAgICAgICAgVGhlIGNsaWVudCByZXF1ZXN0cyBhbiBhY2Nlc3MgdG9rZW4gYnkgYXV0 aGVudGljYXRpbmcgd2l0aCB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIKICAgICAgICAgICAgICBh bmQgcHJlc2VudGluZyB0aGUgYXV0aG9yaXphdGlvbiBncmFudC4KICAgICAgICAgICAgCjwvZGQ+ CjxkdD4oRCk8L2R0Pgo8ZGQ+CiAgICAgICAgICAgICAgVGhlIGF1dGhvcml6YXRpb24gc2VydmVy IGF1dGhlbnRpY2F0ZXMgdGhlIGNsaWVudCBhbmQgdmFsaWRhdGVzIHRoZSBhdXRob3JpemF0aW9u CiAgICAgICAgICAgICAgZ3JhbnQsIGFuZCBpZiB2YWxpZCBpc3N1ZXMgYW4gYWNjZXNzIHRva2Vu LgogICAgICAgICAgICAKPC9kZD4KPGR0PihFKTwvZHQ+CjxkZD4KICAgICAgICAgICAgICBUaGUg Y2xpZW50IHJlcXVlc3RzIHRoZSBwcm90ZWN0ZWQgcmVzb3VyY2UgZnJvbSB0aGUgcmVzb3VyY2Ug c2VydmVyIGFuZCBhdXRoZW50aWNhdGVzCiAgICAgICAgICAgICAgYnkgcHJlc2VudGluZyB0aGUg YWNjZXNzIHRva2VuLgogICAgICAgICAgICAKPC9kZD4KPGR0PihGKTwvZHQ+CjxkZD4KICAgICAg ICAgICAgICBUaGUgcmVzb3VyY2Ugc2VydmVyIHZhbGlkYXRlcyB0aGUgYWNjZXNzIHRva2VuLCBh bmQgaWYgdmFsaWQsIHNlcnZlcyB0aGUgcmVxdWVzdC4KICAgICAgICAgICAgCjwvZGQ+CjwvZGw+ PC9ibG9ja3F1b3RlPjxwPgogICAgICAgIAo8L3A+CjxwPgogICAgICAgICAgVGhlIHByZWZlcnJl ZCBtZXRob2QgZm9yIHRoZSBjbGllbnQgdG8gb2J0YWluIGFuIGF1dGhvcml6YXRpb24gZ3JhbnQg ZnJvbSB0aGUgcmVzb3VyY2UKICAgICAgICAgIG93bmVyIChkZXBpY3RlZCBpbiBzdGVwcyAoQSkg YW5kIChCKSkgaXMgdG8gdXNlIHRoZSBhdXRob3JpemF0aW9uIHNlcnZlciBhcyBhbiBpbnRlcm1l ZGlhcnkKICAgICAgICAgIHdoaWNoIGlzIGlsbHVzdHJhdGVkIGluIDxhIGNsYXNzPSdpbmZvJyBo cmVmPScjRmlndXJlLTMnPkZpZ3VyZSZuYnNwOzM8c3Bhbj4gKDwvc3Bhbj48c3BhbiBjbGFzcz0n aW5mbyc+QXV0aG9yaXphdGlvbiBDb2RlIEZsb3c8L3NwYW4+PHNwYW4+KTwvc3Bhbj48L2E+Lgog ICAgICAgIAo8L3A+CjxhIG5hbWU9ImFuY2hvcjQiPjwvYT48YnIgLz48aHIgLz4KPHRhYmxlIHN1 bW1hcnk9ImxheW91dCIgY2VsbHBhZGRpbmc9IjAiIGNlbGxzcGFjaW5nPSIyIiBjbGFzcz0iVE9D YnVnIiBhbGlnbj0icmlnaHQiPjx0cj48dGQgY2xhc3M9IlRPQ2J1ZyI+PGEgaHJlZj0iI3RvYyI+ Jm5ic3A7VE9DJm5ic3A7PC9hPjwvdGQ+PC90cj48L3RhYmxlPgo8YSBuYW1lPSJyZmMuc2VjdGlv bi4xLjMiPjwvYT48aDM+MS4zLiZuYnNwOwpBdXRob3JpemF0aW9uIEdyYW50PC9oMz4KCjxwPgog ICAgICAgICAgQW4gYXV0aG9yaXphdGlvbiBncmFudCBpcyBhIGNyZWRlbnRpYWwgcmVwcmVzZW50 aW5nIHRoZSByZXNvdXJjZSBvd25lcidzIGF1dGhvcml6YXRpb24KICAgICAgICAgICh0byBhY2Nl c3MgaXRzIHByb3RlY3RlZCByZXNvdXJjZXMpIHVzZWQgYnkgdGhlIGNsaWVudCB0byBvYnRhaW4g YW4gYWNjZXNzIHRva2VuLiBUaGlzCiAgICAgICAgICBzcGVjaWZpY2F0aW9uIGRlZmluZXMgZm91 ciBncmFudCB0eXBlczogYXV0aG9yaXphdGlvbiBjb2RlLCBpbXBsaWNpdCwgcmVzb3VyY2Ugb3du ZXIKICAgICAgICAgIHBhc3N3b3JkIGNyZWRlbnRpYWxzLCBhbmQgY2xpZW50IGNyZWRlbnRpYWxz LCBhcyB3ZWxsIGFzIGFuIGV4dGVuc2liaWxpdHkgbWVjaGFuaXNtIGZvcgogICAgICAgICAgZGVm aW5pbmcgYWRkaXRpb25hbCB0eXBlcy4KICAgICAgICAKPC9wPgo8YSBuYW1lPSJhbmNob3I1Ij48 L2E+PGJyIC8+PGhyIC8+Cjx0YWJsZSBzdW1tYXJ5PSJsYXlvdXQiIGNlbGxwYWRkaW5nPSIwIiBj ZWxsc3BhY2luZz0iMiIgY2xhc3M9IlRPQ2J1ZyIgYWxpZ249InJpZ2h0Ij48dHI+PHRkIGNsYXNz PSJUT0NidWciPjxhIGhyZWY9IiN0b2MiPiZuYnNwO1RPQyZuYnNwOzwvYT48L3RkPjwvdHI+PC90 YWJsZT4KPGEgbmFtZT0icmZjLnNlY3Rpb24uMS4zLjEiPjwvYT48aDM+MS4zLjEuJm5ic3A7CkF1 dGhvcml6YXRpb24gQ29kZTwvaDM+Cgo8cD4KICAgICAgICAgICAgVGhlIGF1dGhvcml6YXRpb24g Y29kZSBpcyBvYnRhaW5lZCBieSB1c2luZyBhbiBhdXRob3JpemF0aW9uIHNlcnZlciBhcyBhbiBp bnRlcm1lZGlhcnkKICAgICAgICAgICAgYmV0d2VlbiB0aGUgY2xpZW50IGFuZCByZXNvdXJjZSBv d25lci4gSW5zdGVhZCBvZiByZXF1ZXN0aW5nIGF1dGhvcml6YXRpb24gZGlyZWN0bHkKICAgICAg ICAgICAgZnJvbSB0aGUgcmVzb3VyY2Ugb3duZXIsIHRoZSBjbGllbnQgZGlyZWN0cyB0aGUgcmVz b3VyY2Ugb3duZXIgdG8gYW4gYXV0aG9yaXphdGlvbgogICAgICAgICAgICBzZXJ2ZXIgKHZpYSBp dHMgdXNlci1hZ2VudCBhcyBkZWZpbmVkIGluIDxhIGNsYXNzPSdpbmZvJyBocmVmPScjUkZDMjYx Nic+W1JGQzI2MTZdPHNwYW4+ICg8L3NwYW4+PHNwYW4gY2xhc3M9J2luZm8nPkZpZWxkaW5nLCBS LiwgR2V0dHlzLCBKLiwgTW9ndWwsIEouLCBGcnlzdHlrLCBILiwgTWFzaW50ZXIsIEwuLCBMZWFj aCwgUC4sIGFuZCBULiBCZXJuZXJzLUxlZSwgJmxkcXVvO0h5cGVydGV4dCBUcmFuc2ZlciBQcm90 b2NvbCAtLSBIVFRQLzEuMSwmcmRxdW87IEp1bmUmbmJzcDsxOTk5Ljwvc3Bhbj48c3Bhbj4pPC9z cGFuPjwvYT4pLCB3aGljaCBpbiB0dXJuCiAgICAgICAgICAgIGRpcmVjdHMgdGhlIHJlc291cmNl IG93bmVyIGJhY2sgdG8gdGhlIGNsaWVudCB3aXRoIHRoZSBhdXRob3JpemF0aW9uIGNvZGUuCiAg ICAgICAgICAKPC9wPgo8cD4KICAgICAgICAgICAgQmVmb3JlIGRpcmVjdGluZyB0aGUgcmVzb3Vy Y2Ugb3duZXIgYmFjayB0byB0aGUgY2xpZW50IHdpdGggdGhlIGF1dGhvcml6YXRpb24gY29kZSwg dGhlCiAgICAgICAgICAgIGF1dGhvcml6YXRpb24gc2VydmVyIGF1dGhlbnRpY2F0ZXMgdGhlIHJl c291cmNlIG93bmVyIGFuZCBvYnRhaW5zIGF1dGhvcml6YXRpb24uCiAgICAgICAgICAgIEJlY2F1 c2UgdGhlIHJlc291cmNlIG93bmVyIG9ubHkgYXV0aGVudGljYXRlcyB3aXRoIHRoZSBhdXRob3Jp emF0aW9uIHNlcnZlciwgdGhlCiAgICAgICAgICAgIHJlc291cmNlIG93bmVyJ3MgY3JlZGVudGlh bHMgYXJlIG5ldmVyIHNoYXJlZCB3aXRoIHRoZSBjbGllbnQuCiAgICAgICAgICAKPC9wPgo8cD4K ICAgICAgICAgICAgVGhlIGF1dGhvcml6YXRpb24gY29kZSBwcm92aWRlcyBhIGZldyBpbXBvcnRh bnQgc2VjdXJpdHkgYmVuZWZpdHMgc3VjaCBhcyB0aGUgYWJpbGl0eQogICAgICAgICAgICB0byBh dXRoZW50aWNhdGUgdGhlIGNsaWVudCwgYW5kIHRoZSB0cmFuc21pc3Npb24gb2YgdGhlIGFjY2Vz cyB0b2tlbiBkaXJlY3RseSB0bwogICAgICAgICAgICB0aGUgY2xpZW50IHdpdGhvdXQgcGFzc2lu ZyBpdCB0aHJvdWdoIHRoZSByZXNvdXJjZSBvd25lcidzIHVzZXItYWdlbnQsIHBvdGVudGlhbGx5 CiAgICAgICAgICAgIGV4cG9zaW5nIGl0IHRvIG90aGVycywgaW5jbHVkaW5nIHRoZSByZXNvdXJj ZSBvd25lci4KICAgICAgICAgIAo8L3A+CjxhIG5hbWU9ImFuY2hvcjYiPjwvYT48YnIgLz48aHIg Lz4KPHRhYmxlIHN1bW1hcnk9ImxheW91dCIgY2VsbHBhZGRpbmc9IjAiIGNlbGxzcGFjaW5nPSIy IiBjbGFzcz0iVE9DYnVnIiBhbGlnbj0icmlnaHQiPjx0cj48dGQgY2xhc3M9IlRPQ2J1ZyI+PGEg aHJlZj0iI3RvYyI+Jm5ic3A7VE9DJm5ic3A7PC9hPjwvdGQ+PC90cj48L3RhYmxlPgo8YSBuYW1l PSJyZmMuc2VjdGlvbi4xLjMuMiI+PC9hPjxoMz4xLjMuMi4mbmJzcDsKSW1wbGljaXQ8L2gzPgoK PHA+CiAgICAgICAgICAgIFRoZSBpbXBsaWNpdCBncmFudCBpcyBhIHNpbXBsaWZpZWQgYXV0aG9y aXphdGlvbiBjb2RlIGZsb3cgb3B0aW1pemVkIGZvciBjbGllbnRzCiAgICAgICAgICAgIGltcGxl bWVudGVkIGluIGEgYnJvd3NlciB1c2luZyBhIHNjcmlwdGluZyBsYW5ndWFnZSBzdWNoIGFzIEph dmFTY3JpcHQuIEluIHRoZSBpbXBsaWNpdAogICAgICAgICAgICBmbG93LCBpbnN0ZWFkIG9mIGlz c3VpbmcgdGhlIGNsaWVudCBhbiBhdXRob3JpemF0aW9uIGNvZGUsIHRoZSBjbGllbnQgaXMgaXNz dWVkIGFuCiAgICAgICAgICAgIGFjY2VzcyB0b2tlbiBkaXJlY3RseSAoYXMgdGhlIHJlc3VsdCBv ZiB0aGUgcmVzb3VyY2Ugb3duZXIgYXV0aG9yaXphdGlvbikuIFRoZSBncmFudAogICAgICAgICAg ICB0eXBlIGlzIGltcGxpY2l0IGFzIG5vIGludGVybWVkaWF0ZSBjcmVkZW50aWFscyAoc3VjaCBh cyBhbiBhdXRob3JpemF0aW9uIGNvZGUpIGFyZQogICAgICAgICAgICBpc3N1ZWQgKGFuZCBsYXRl ciB1c2VkIHRvIG9idGFpbiBhbiBhY2Nlc3MgdG9rZW4pLgogICAgICAgICAgCjwvcD4KPHA+CiAg ICAgICAgICAgIFdoZW4gaXNzdWluZyBhbiBhY2Nlc3MgdG9rZW4gZHVyaW5nIHRoZSBpbXBsaWNp dCBncmFudCBmbG93LCB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIKICAgICAgICAgICAgZG9lcyBu b3QgYXV0aGVudGljYXRlIHRoZSBjbGllbnQuIEluIHNvbWUgY2FzZXMsIHRoZSBjbGllbnQgaWRl bnRpdHkgY2FuIGJlIHZlcmlmaWVkCiAgICAgICAgICAgIHZpYSB0aGUgcmVkaXJlY3Rpb24gVVJJ IHVzZWQgdG8gZGVsaXZlciB0aGUgYWNjZXNzIHRva2VuIHRvIHRoZSBjbGllbnQuIFRoZSBhY2Nl c3MKICAgICAgICAgICAgdG9rZW4gbWF5IGJlIGV4cG9zZWQgdG8gdGhlIHJlc291cmNlIG93bmVy IG9yIG90aGVyIGFwcGxpY2F0aW9ucyB3aXRoIGFjY2VzcyB0byB0aGUKICAgICAgICAgICAgcmVz b3VyY2Ugb3duZXIncyB1c2VyLWFnZW50LgogICAgICAgICAgCjwvcD4KPHA+CiAgICAgICAgICAg IEltcGxpY2l0IGdyYW50cyBpbXByb3ZlIHRoZSByZXNwb25zaXZlbmVzcyBhbmQgZWZmaWNpZW5j eSBvZiBzb21lIGNsaWVudHMgKHN1Y2ggYXMgYQogICAgICAgICAgICBjbGllbnQgaW1wbGVtZW50 ZWQgYXMgYW4gaW4tYnJvd3NlciBhcHBsaWNhdGlvbikgc2luY2UgaXQgcmVkdWNlcyB0aGUgbnVt YmVyIG9mIHJvdW5kCiAgICAgICAgICAgIHRyaXBzIHJlcXVpcmVkIHRvIG9idGFpbiBhbiBhY2Nl c3MgdG9rZW4uIEhvd2V2ZXIsIHRoaXMgY29udmVuaWVuY2Ugc2hvdWxkIGJlIHdlaWdoZWQKICAg ICAgICAgICAgYWdhaW5zdCB0aGUgc2VjdXJpdHkgaW1wbGljYXRpb25zIG9mIHVzaW5nIGltcGxp Y2l0IGdyYW50cywgZXNwZWNpYWxseSB3aGVuIHRoZQogICAgICAgICAgICBhdXRob3JpemF0aW9u IGNvZGUgZ3JhbnQgdHlwZSBpcyBhdmFpbGFibGUuCiAgICAgICAgICAKPC9wPgo8YSBuYW1lPSJh bmNob3I3Ij48L2E+PGJyIC8+PGhyIC8+Cjx0YWJsZSBzdW1tYXJ5PSJsYXlvdXQiIGNlbGxwYWRk aW5nPSIwIiBjZWxsc3BhY2luZz0iMiIgY2xhc3M9IlRPQ2J1ZyIgYWxpZ249InJpZ2h0Ij48dHI+ PHRkIGNsYXNzPSJUT0NidWciPjxhIGhyZWY9IiN0b2MiPiZuYnNwO1RPQyZuYnNwOzwvYT48L3Rk PjwvdHI+PC90YWJsZT4KPGEgbmFtZT0icmZjLnNlY3Rpb24uMS4zLjMiPjwvYT48aDM+MS4zLjMu Jm5ic3A7ClJlc291cmNlIE93bmVyIFBhc3N3b3JkIENyZWRlbnRpYWxzPC9oMz4KCjxwPgogICAg ICAgICAgICBUaGUgcmVzb3VyY2Ugb3duZXIgcGFzc3dvcmQgY3JlZGVudGlhbHMgKGkuZS4gdXNl cm5hbWUgYW5kIHBhc3N3b3JkKSBjYW4gYmUgdXNlZAogICAgICAgICAgICBkaXJlY3RseSBhcyBh biBhdXRob3JpemF0aW9uIGdyYW50IHRvIG9idGFpbiBhbiBhY2Nlc3MgdG9rZW4uIFRoZSBjcmVk ZW50aWFscyBzaG91bGQKICAgICAgICAgICAgb25seSBiZSB1c2VkIHdoZW4gdGhlcmUgaXMgYSBo aWdoIGRlZ3JlZSBvZiB0cnVzdCBiZXR3ZWVuIHRoZSByZXNvdXJjZSBvd25lciBhbmQgdGhlCiAg ICAgICAgICAgIGNsaWVudCAoZS5nLiB0aGUgY2xpZW50IGlzIHBhcnQgb2YgdGhlIGRldmljZSBv cGVyYXRpbmcgc3lzdGVtIG9yIGEgaGlnaGx5IHByaXZpbGVnZWQKICAgICAgICAgICAgYXBwbGlj YXRpb24pLCBhbmQgd2hlbiBvdGhlciBhdXRob3JpemF0aW9uIGdyYW50IHR5cGVzIGFyZSBub3Qg YXZhaWxhYmxlIChzdWNoIGFzIGFuCiAgICAgICAgICAgIGF1dGhvcml6YXRpb24gY29kZSkuCiAg ICAgICAgICAKPC9wPgo8cD4KICAgICAgICAgICAgRXZlbiB0aG91Z2ggdGhpcyBncmFudCB0eXBl IHJlcXVpcmVzIGRpcmVjdCBjbGllbnQgYWNjZXNzIHRvIHRoZSByZXNvdXJjZSBvd25lcgogICAg ICAgICAgICBjcmVkZW50aWFscywgdGhlIHJlc291cmNlIG93bmVyIGNyZWRlbnRpYWxzIGFyZSB1 c2VkIGZvciBhIHNpbmdsZSByZXF1ZXN0IGFuZCBhcmUKICAgICAgICAgICAgZXhjaGFuZ2VkIGZv ciBhbiBhY2Nlc3MgdG9rZW4uIFRoaXMgZ3JhbnQgdHlwZSBjYW4gZWxpbWluYXRlIHRoZSBuZWVk IGZvciB0aGUgY2xpZW50CiAgICAgICAgICAgIHRvIHN0b3JlIHRoZSByZXNvdXJjZSBvd25lciBj cmVkZW50aWFscyBmb3IgZnV0dXJlIHVzZSwgYnkgZXhjaGFuZ2luZyB0aGUgY3JlZGVudGlhbHMK ICAgICAgICAgICAgd2l0aCBhIGxvbmctbGl2ZWQgYWNjZXNzIHRva2VuIG9yIHJlZnJlc2ggdG9r ZW4uCiAgICAgICAgICAKPC9wPgo8YSBuYW1lPSJhbmNob3I4Ij48L2E+PGJyIC8+PGhyIC8+Cjx0 YWJsZSBzdW1tYXJ5PSJsYXlvdXQiIGNlbGxwYWRkaW5nPSIwIiBjZWxsc3BhY2luZz0iMiIgY2xh c3M9IlRPQ2J1ZyIgYWxpZ249InJpZ2h0Ij48dHI+PHRkIGNsYXNzPSJUT0NidWciPjxhIGhyZWY9 IiN0b2MiPiZuYnNwO1RPQyZuYnNwOzwvYT48L3RkPjwvdHI+PC90YWJsZT4KPGEgbmFtZT0icmZj LnNlY3Rpb24uMS4zLjQiPjwvYT48aDM+MS4zLjQuJm5ic3A7CkNsaWVudCBDcmVkZW50aWFsczwv aDM+Cgo8cD4KICAgICAgICAgICAgVGhlIGNsaWVudCBjcmVkZW50aWFscyAob3Igb3RoZXIgZm9y bXMgb2YgY2xpZW50IGF1dGhlbnRpY2F0aW9uKSBjYW4gYmUgdXNlZCBhcyBhbgogICAgICAgICAg ICBhdXRob3JpemF0aW9uIGdyYW50IHdoZW4gdGhlIGF1dGhvcml6YXRpb24gc2NvcGUgaXMgbGlt aXRlZCB0byB0aGUgcHJvdGVjdGVkIHJlc291cmNlcwogICAgICAgICAgICB1bmRlciB0aGUgY29u dHJvbCBvZiB0aGUgY2xpZW50LCBvciB0byBwcm90ZWN0ZWQgcmVzb3VyY2VzIHByZXZpb3VzbHkg YXJyYW5nZWQgd2l0aCB0aGUKICAgICAgICAgICAgYXV0aG9yaXphdGlvbiBzZXJ2ZXIuIENsaWVu dCBjcmVkZW50aWFscyBhcmUgdXNlZCBhcyBhbiBhdXRob3JpemF0aW9uIGdyYW50IHR5cGljYWxs eQogICAgICAgICAgICB3aGVuIHRoZSBjbGllbnQgaXMgYWN0aW5nIG9uIGl0cyBvd24gYmVoYWxm ICh0aGUgY2xpZW50IGlzIGFsc28gdGhlIHJlc291cmNlIG93bmVyKSwgb3IKICAgICAgICAgICAg aXMgcmVxdWVzdGluZyBhY2Nlc3MgdG8gcHJvdGVjdGVkIHJlc291cmNlcyBiYXNlZCBvbiBhbiBh dXRob3JpemF0aW9uIHByZXZpb3VzbHkKICAgICAgICAgICAgYXJyYW5nZWQgd2l0aCB0aGUgYXV0 aG9yaXphdGlvbiBzZXJ2ZXIuCiAgICAgICAgICAKPC9wPgo8YSBuYW1lPSJhbmNob3I5Ij48L2E+ PGJyIC8+PGhyIC8+Cjx0YWJsZSBzdW1tYXJ5PSJsYXlvdXQiIGNlbGxwYWRkaW5nPSIwIiBjZWxs c3BhY2luZz0iMiIgY2xhc3M9IlRPQ2J1ZyIgYWxpZ249InJpZ2h0Ij48dHI+PHRkIGNsYXNzPSJU T0NidWciPjxhIGhyZWY9IiN0b2MiPiZuYnNwO1RPQyZuYnNwOzwvYT48L3RkPjwvdHI+PC90YWJs ZT4KPGEgbmFtZT0icmZjLnNlY3Rpb24uMS40Ij48L2E+PGgzPjEuNC4mbmJzcDsKQWNjZXNzIFRv a2VuPC9oMz4KCjxwPgogICAgICAgICAgQWNjZXNzIHRva2VucyBhcmUgY3JlZGVudGlhbHMgdXNl ZCB0byBhY2Nlc3MgcHJvdGVjdGVkIHJlc291cmNlcy4gQW4gYWNjZXNzIHRva2VuIGlzIGEKICAg ICAgICAgIHN0cmluZyByZXByZXNlbnRpbmcgYW4gYXV0aG9yaXphdGlvbiBpc3N1ZWQgdG8gdGhl IGNsaWVudC4gVGhlIHN0cmluZyBpcyB1c3VhbGx5IG9wYXF1ZQogICAgICAgICAgdG8gdGhlIGNs aWVudC4gVG9rZW5zIHJlcHJlc2VudCBzcGVjaWZpYyBzY29wZXMgYW5kIGR1cmF0aW9ucyBvZiBh Y2Nlc3MsIGdyYW50ZWQgYnkgdGhlCiAgICAgICAgICByZXNvdXJjZSBvd25lciwgYW5kIGVuZm9y Y2VkIGJ5IHRoZSByZXNvdXJjZSBzZXJ2ZXIgYW5kIGF1dGhvcml6YXRpb24gc2VydmVyLgogICAg ICAgIAo8L3A+CjxwPgogICAgICAgICAgVGhlIHRva2VuIG1heSBkZW5vdGUgYW4gaWRlbnRpZmll ciB1c2VkIHRvIHJldHJpZXZlIHRoZSBhdXRob3JpemF0aW9uIGluZm9ybWF0aW9uLCBvcgogICAg ICAgICAgc2VsZi1jb250YWluIHRoZSBhdXRob3JpemF0aW9uIGluZm9ybWF0aW9uIGluIGEgdmVy aWZpYWJsZSBtYW5uZXIgKGkuZS4gYSB0b2tlbiBzdHJpbmcKICAgICAgICAgIGNvbnNpc3Rpbmcg b2Ygc29tZSBkYXRhIGFuZCBhIHNpZ25hdHVyZSkuIEFkZGl0aW9uYWwgYXV0aGVudGljYXRpb24g Y3JlZGVudGlhbHMsIHdoaWNoCiAgICAgICAgICBhcmUgYmV5b25kIHRoZSBzY29wZSBvZiB0aGlz IHNwZWNpZmljYXRpb24sIG1heSBiZSByZXF1aXJlZCBpbiBvcmRlciBmb3IgdGhlIGNsaWVudCB0 bwogICAgICAgICAgdXNlIGEgdG9rZW4uCiAgICAgICAgCjwvcD4KPHA+CiAgICAgICAgICBUaGUg YWNjZXNzIHRva2VuIHByb3ZpZGVzIGFuIGFic3RyYWN0aW9uIGxheWVyLCByZXBsYWNpbmcgZGlm ZmVyZW50IGF1dGhvcml6YXRpb24KICAgICAgICAgIGNvbnN0cnVjdHMgKGUuZy4gdXNlcm5hbWUg YW5kIHBhc3N3b3JkKSB3aXRoIGEgc2luZ2xlIHRva2VuIHVuZGVyc3Rvb2QgYnkgdGhlIHJlc291 cmNlCiAgICAgICAgICBzZXJ2ZXIuIFRoaXMgYWJzdHJhY3Rpb24gZW5hYmxlcyBpc3N1aW5nIGFj Y2VzcyB0b2tlbnMgbW9yZSByZXN0cmljdGl2ZSB0aGFuIHRoZQogICAgICAgICAgYXV0aG9yaXph dGlvbiBncmFudCB1c2VkIHRvIG9idGFpbiB0aGVtLCBhcyB3ZWxsIGFzIHJlbW92aW5nIHRoZSBy ZXNvdXJjZSBzZXJ2ZXIncyBuZWVkIHRvCiAgICAgICAgICB1bmRlcnN0YW5kIGEgd2lkZSByYW5n ZSBvZiBhdXRoZW50aWNhdGlvbiBtZXRob2RzLgogICAgICAgIAo8L3A+CjxwPgogICAgICAgICAg QWNjZXNzIHRva2VucyBjYW4gaGF2ZSBkaWZmZXJlbnQgZm9ybWF0cywgc3RydWN0dXJlcywgYW5k IG1ldGhvZHMgb2YgdXRpbGl6YXRpb24gKGUuZy4KICAgICAgICAgIGNyeXB0b2dyYXBoaWMgcHJv cGVydGllcykgYmFzZWQgb24gdGhlIHJlc291cmNlIHNlcnZlciBzZWN1cml0eSByZXF1aXJlbWVu dHMuIEFjY2VzcyB0b2tlbgogICAgICAgICAgYXR0cmlidXRlcyBhbmQgdGhlIG1ldGhvZHMgdXNl ZCB0byBhY2Nlc3MgcHJvdGVjdGVkIHJlc291cmNlcyBhcmUgYmV5b25kIHRoZSBzY29wZSBvZiB0 aGlzCiAgICAgICAgICBzcGVjaWZpY2F0aW9uIGFuZCBhcmUgZGVmaW5lZCBieSBjb21wYW5pb24g c3BlY2lmaWNhdGlvbnMuCiAgICAgICAgCjwvcD4KPGEgbmFtZT0iYW5jaG9yMTAiPjwvYT48YnIg Lz48aHIgLz4KPHRhYmxlIHN1bW1hcnk9ImxheW91dCIgY2VsbHBhZGRpbmc9IjAiIGNlbGxzcGFj aW5nPSIyIiBjbGFzcz0iVE9DYnVnIiBhbGlnbj0icmlnaHQiPjx0cj48dGQgY2xhc3M9IlRPQ2J1 ZyI+PGEgaHJlZj0iI3RvYyI+Jm5ic3A7VE9DJm5ic3A7PC9hPjwvdGQ+PC90cj48L3RhYmxlPgo8 YSBuYW1lPSJyZmMuc2VjdGlvbi4xLjUiPjwvYT48aDM+MS41LiZuYnNwOwpSZWZyZXNoIFRva2Vu PC9oMz4KCjxwPgogICAgICAgICAgUmVmcmVzaCB0b2tlbnMgYXJlIGNyZWRlbnRpYWxzIHVzZWQg dG8gb2J0YWluIGFjY2VzcyB0b2tlbnMuIFJlZnJlc2ggdG9rZW5zIGFyZSBpc3N1ZWQgdG8KICAg ICAgICAgIHRoZSBjbGllbnQgYnkgdGhlIGF1dGhvcml6YXRpb24gc2VydmVyIGFuZCBhcmUgdXNl ZCB0byBvYnRhaW4gYSBuZXcgYWNjZXNzIHRva2VuIHdoZW4gdGhlCiAgICAgICAgICBjdXJyZW50 IGFjY2VzcyB0b2tlbiBiZWNvbWVzIGludmFsaWQgb3IgZXhwaXJlcywgb3IgdG8gb2J0YWluIGFk ZGl0aW9uYWwgYWNjZXNzIHRva2VucwogICAgICAgICAgd2l0aCBpZGVudGljYWwgb3IgbmFycm93 ZXIgc2NvcGUgKGFjY2VzcyB0b2tlbnMgbWF5IGhhdmUgYSBzaG9ydGVyIGxpZmV0aW1lIGFuZCBm ZXdlcgogICAgICAgICAgcGVybWlzc2lvbnMgdGhhbiBhdXRob3JpemVkIGJ5IHRoZSByZXNvdXJj ZSBvd25lcikuIElzc3VpbmcgYSByZWZyZXNoIHRva2VuIGlzIG9wdGlvbmFsCiAgICAgICAgICBh dCB0aGUgZGlzY3JldGlvbiBvZiB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIuIElmIHRoZSBhdXRo b3JpemF0aW9uIHNlcnZlciBpc3N1ZXMgYQogICAgICAgICAgcmVmcmVzaCB0b2tlbiwgaXQgaXMg aW5jbHVkZWQgd2hlbiBpc3N1aW5nIGFuIGFjY2VzcyB0b2tlbiAoaS5lLiBzdGVwIChEKSBpbgog ICAgICAgICAgPGEgY2xhc3M9J2luZm8nIGhyZWY9JyNGaWd1cmUtMSc+RmlndXJlJm5ic3A7MTxz cGFuPiAoPC9zcGFuPjxzcGFuIGNsYXNzPSdpbmZvJz5BYnN0cmFjdCBQcm90b2NvbCBGbG93PC9z cGFuPjxzcGFuPik8L3NwYW4+PC9hPikuCiAgICAgICAgCjwvcD4KPHA+CiAgICAgICAgICBBIHJl ZnJlc2ggdG9rZW4gaXMgYSBzdHJpbmcgcmVwcmVzZW50aW5nIHRoZSBhdXRob3JpemF0aW9uIGdy YW50ZWQgdG8gdGhlIGNsaWVudCBieSB0aGUKICAgICAgICAgIHJlc291cmNlIG93bmVyLiBUaGUg c3RyaW5nIGlzIHVzdWFsbHkgb3BhcXVlIHRvIHRoZSBjbGllbnQuIFRoZSB0b2tlbiBkZW5vdGVz IGFuCiAgICAgICAgICBpZGVudGlmaWVyIHVzZWQgdG8gcmV0cmlldmUgdGhlIGF1dGhvcml6YXRp b24gaW5mb3JtYXRpb24uIFVubGlrZSBhY2Nlc3MgdG9rZW5zLCByZWZyZXNoCiAgICAgICAgICB0 b2tlbnMgYXJlIGludGVuZGVkIGZvciB1c2Ugb25seSB3aXRoIGF1dGhvcml6YXRpb24gc2VydmVy cyBhbmQgYXJlIG5ldmVyIHNlbnQgdG8KICAgICAgICAgIHJlc291cmNlIHNlcnZlcnMuCiAgICAg ICAgCjwvcD48YnIgLz48aHIgY2xhc3M9Imluc2VydCIgLz4KPGEgbmFtZT0iRmlndXJlLTIiPjwv YT4KPGRpdiBzdHlsZT0nZGlzcGxheTogdGFibGU7IHdpZHRoOiAwOyBtYXJnaW4tbGVmdDogM2Vt OyBtYXJnaW4tcmlnaHQ6IGF1dG8nPjxwcmU+CiAgKy0tLS0tLS0tKyAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICArLS0tLS0tLS0tLS0tLS0tKwogIHwgICAgICAgIHwt LShBKS0tLS0tLS0gQXV0aG9yaXphdGlvbiBHcmFudCAtLS0tLS0tLS0mZ3Q7fCAgICAgICAgICAg ICAgIHwKICB8ICAgICAgICB8ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgIHwgICAgICAgICAgICAgICB8CiAgfCAgICAgICAgfCZsdDstKEIpLS0tLS0tLS0tLS0gQWNj ZXNzIFRva2VuIC0tLS0tLS0tLS0tLS18ICAgICAgICAgICAgICAgfAogIHwgICAgICAgIHwgICAg ICAgICAgICAgICAmYW1wOyBSZWZyZXNoIFRva2VuICAgICAgICAgICAgIHwgICAgICAgICAgICAg ICB8CiAgfCAgICAgICAgfCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICB8ICAgICAgICAgICAgICAgfAogIHwgICAgICAgIHwgICAgICAgICAgICAgICAgICAgICAgICAg ICAgKy0tLS0tLS0tLS0rICAgfCAgICAgICAgICAgICAgIHwKICB8ICAgICAgICB8LS0oQyktLS0t IEFjY2VzcyBUb2tlbiAtLS0tJmd0O3wgICAgICAgICAgfCAgIHwgICAgICAgICAgICAgICB8CiAg fCAgICAgICAgfCAgICAgICAgICAgICAgICAgICAgICAgICAgICB8ICAgICAgICAgIHwgICB8ICAg ICAgICAgICAgICAgfAogIHwgICAgICAgIHwmbHQ7LShEKS0gUHJvdGVjdGVkIFJlc291cmNlIC0t fCBSZXNvdXJjZSB8ICAgfCBBdXRob3JpemF0aW9uIHwKICB8IENsaWVudCB8ICAgICAgICAgICAg ICAgICAgICAgICAgICAgIHwgIFNlcnZlciAgfCAgIHwgICAgIFNlcnZlciAgICB8CiAgfCAgICAg ICAgfC0tKEUpLS0tLSBBY2Nlc3MgVG9rZW4gLS0tLSZndDt8ICAgICAgICAgIHwgICB8ICAgICAg ICAgICAgICAgfAogIHwgICAgICAgIHwgICAgICAgICAgICAgICAgICAgICAgICAgICAgfCAgICAg ICAgICB8ICAgfCAgICAgICAgICAgICAgIHwKICB8ICAgICAgICB8Jmx0Oy0oRiktIEludmFsaWQg VG9rZW4gRXJyb3IgLXwgICAgICAgICAgfCAgIHwgICAgICAgICAgICAgICB8CiAgfCAgICAgICAg fCAgICAgICAgICAgICAgICAgICAgICAgICAgICArLS0tLS0tLS0tLSsgICB8ICAgICAgICAgICAg ICAgfAogIHwgICAgICAgIHwgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgfCAgICAgICAgICAgICAgIHwKICB8ICAgICAgICB8LS0oRyktLS0tLS0tLS0tLSBSZWZyZXNo IFRva2VuIC0tLS0tLS0tLS0tJmd0O3wgICAgICAgICAgICAgICB8CiAgfCAgICAgICAgfCAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICB8ICAgICAgICAgICAgICAgfAog IHwgICAgICAgIHwmbHQ7LShIKS0tLS0tLS0tLS0tIEFjY2VzcyBUb2tlbiAtLS0tLS0tLS0tLS0t fCAgICAgICAgICAgICAgIHwKICArLS0tLS0tLS0rICAgICAgICAgICAmYW1wOyBPcHRpb25hbCBS ZWZyZXNoIFRva2VuICAgICAgICArLS0tLS0tLS0tLS0tLS0tKwo8L3ByZT48L2Rpdj48dGFibGUg Ym9yZGVyPSIwIiBjZWxscGFkZGluZz0iMCIgY2VsbHNwYWNpbmc9IjIiIGFsaWduPSJjZW50ZXIi Pjx0cj48dGQgYWxpZ249ImNlbnRlciI+PGZvbnQgZmFjZT0ibW9uYWNvLCBNUyBTYW5zIFNlcmlm IiBzaXplPSIxIj48Yj4mbmJzcDtGaWd1cmUmbmJzcDsyOiBSZWZyZXNoaW5nIGFuIEV4cGlyZWQg QWNjZXNzIFRva2VuJm5ic3A7PC9iPjwvZm9udD48YnIgLz48L3RkPjwvdHI+PC90YWJsZT48aHIg Y2xhc3M9Imluc2VydCIgLz4KCjxwPgogICAgICAgICAgVGhlIGZsb3cgaWxsdXN0cmF0ZWQgaW4g PGEgY2xhc3M9J2luZm8nIGhyZWY9JyNGaWd1cmUtMic+RmlndXJlJm5ic3A7MjxzcGFuPiAoPC9z cGFuPjxzcGFuIGNsYXNzPSdpbmZvJz5SZWZyZXNoaW5nIGFuIEV4cGlyZWQgQWNjZXNzIFRva2Vu PC9zcGFuPjxzcGFuPik8L3NwYW4+PC9hPiBpbmNsdWRlcyB0aGUgZm9sbG93aW5nIHN0ZXBzOgog ICAgICAgIAo8L3A+CjxwPgogICAgICAgICAgPC9wPgo8YmxvY2txdW90ZSBjbGFzcz0idGV4dCI+ PGRsPgo8ZHQ+KEEpPC9kdD4KPGRkPgogICAgICAgICAgICAgIFRoZSBjbGllbnQgcmVxdWVzdHMg YW4gYWNjZXNzIHRva2VuIGJ5IGF1dGhlbnRpY2F0aW5nIHdpdGggdGhlIGF1dGhvcml6YXRpb24g c2VydmVyLAogICAgICAgICAgICAgIGFuZCBwcmVzZW50aW5nIGFuIGF1dGhvcml6YXRpb24gZ3Jh bnQuCiAgICAgICAgICAgIAo8L2RkPgo8ZHQ+KEIpPC9kdD4KPGRkPgogICAgICAgICAgICAgIFRo ZSBhdXRob3JpemF0aW9uIHNlcnZlciBhdXRoZW50aWNhdGVzIHRoZSBjbGllbnQgYW5kIHZhbGlk YXRlcyB0aGUgYXV0aG9yaXphdGlvbgogICAgICAgICAgICAgIGdyYW50LCBhbmQgaWYgdmFsaWQg aXNzdWVzIGFuIGFjY2VzcyB0b2tlbiBhbmQgYSByZWZyZXNoIHRva2VuLgogICAgICAgICAgICAK PC9kZD4KPGR0PihDKTwvZHQ+CjxkZD4KICAgICAgICAgICAgICBUaGUgY2xpZW50IG1ha2VzIGEg cHJvdGVjdGVkIHJlc291cmNlIHJlcXVlc3QgdG8gdGhlIHJlc291cmNlIHNlcnZlciBieSBwcmVz ZW50aW5nCiAgICAgICAgICAgICAgdGhlIGFjY2VzcyB0b2tlbi4KICAgICAgICAgICAgCjwvZGQ+ CjxkdD4oRCk8L2R0Pgo8ZGQ+CiAgICAgICAgICAgICAgVGhlIHJlc291cmNlIHNlcnZlciB2YWxp ZGF0ZXMgdGhlIGFjY2VzcyB0b2tlbiwgYW5kIGlmIHZhbGlkLCBzZXJ2ZXMgdGhlIHJlcXVlc3Qu CiAgICAgICAgICAgIAo8L2RkPgo8ZHQ+KEUpPC9kdD4KPGRkPgogICAgICAgICAgICAgIFN0ZXBz IChDKSBhbmQgKEQpIHJlcGVhdCB1bnRpbCB0aGUgYWNjZXNzIHRva2VuIGV4cGlyZXMuIElmIHRo ZSBjbGllbnQga25vd3MgdGhlCiAgICAgICAgICAgICAgYWNjZXNzIHRva2VuIGV4cGlyZWQsIGl0 IHNraXBzIHRvIHN0ZXAgKEcpLCBvdGhlcndpc2UgaXQgbWFrZXMgYW5vdGhlciBwcm90ZWN0ZWQK ICAgICAgICAgICAgICByZXNvdXJjZSByZXF1ZXN0LgogICAgICAgICAgICAKPC9kZD4KPGR0PihG KTwvZHQ+CjxkZD4KICAgICAgICAgICAgICBTaW5jZSB0aGUgYWNjZXNzIHRva2VuIGlzIGludmFs aWQsIHRoZSByZXNvdXJjZSBzZXJ2ZXIgcmV0dXJucyBhbiBpbnZhbGlkIHRva2VuCiAgICAgICAg ICAgICAgZXJyb3IuCiAgICAgICAgICAgIAo8L2RkPgo8ZHQ+KEcpPC9kdD4KPGRkPgogICAgICAg ICAgICAgIFRoZSBjbGllbnQgcmVxdWVzdHMgYSBuZXcgYWNjZXNzIHRva2VuIGJ5IGF1dGhlbnRp Y2F0aW5nIHdpdGggdGhlIGF1dGhvcml6YXRpb24KICAgICAgICAgICAgICBzZXJ2ZXIgYW5kIHBy ZXNlbnRpbmcgdGhlIHJlZnJlc2ggdG9rZW4uIFRoZSBjbGllbnQgYXV0aGVudGljYXRpb24gcmVx dWlyZW1lbnRzIGFyZQogICAgICAgICAgICAgIGJhc2VkIG9uIHRoZSBjbGllbnQgdHlwZSBhbmQg b24gdGhlIGF1dGhvcml6YXRpb24gc2VydmVyIHBvbGljaWVzLgogICAgICAgICAgICAKPC9kZD4K PGR0PihIKTwvZHQ+CjxkZD4KICAgICAgICAgICAgICBUaGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIg YXV0aGVudGljYXRlcyB0aGUgY2xpZW50IGFuZCB2YWxpZGF0ZXMgdGhlIHJlZnJlc2ggdG9rZW4s CiAgICAgICAgICAgICAgYW5kIGlmIHZhbGlkIGlzc3VlcyBhIG5ldyBhY2Nlc3MgdG9rZW4gKGFu ZCBvcHRpb25hbGx5LCBhIG5ldyByZWZyZXNoIHRva2VuKS4KICAgICAgICAgICAgCjwvZGQ+Cjwv ZGw+PC9ibG9ja3F1b3RlPjxwPgogICAgICAgIAo8L3A+CjxwPgogICAgICAgICAgU3RlcHMgQywg RCwgRSwgYW5kIEYgYXJlIG91dHNpZGUgdGhlIHNjb3BlIG9mIHRoaXMgc3BlY2lmaWNhdGlvbiBh cyBkZXNjcmliZWQgaW4KICAgICAgICAgIDxhIGNsYXNzPSdpbmZvJyBocmVmPScjYWNjZXNzLXJl c291cmNlJz5TZWN0aW9uJm5ic3A7NzxzcGFuPiAoPC9zcGFuPjxzcGFuIGNsYXNzPSdpbmZvJz5B Y2Nlc3NpbmcgUHJvdGVjdGVkIFJlc291cmNlczwvc3Bhbj48c3Bhbj4pPC9zcGFuPjwvYT4uCiAg ICAgICAgCjwvcD4KPGEgbmFtZT0idGxzIj48L2E+PGJyIC8+PGhyIC8+Cjx0YWJsZSBzdW1tYXJ5 PSJsYXlvdXQiIGNlbGxwYWRkaW5nPSIwIiBjZWxsc3BhY2luZz0iMiIgY2xhc3M9IlRPQ2J1ZyIg YWxpZ249InJpZ2h0Ij48dHI+PHRkIGNsYXNzPSJUT0NidWciPjxhIGhyZWY9IiN0b2MiPiZuYnNw O1RPQyZuYnNwOzwvYT48L3RkPjwvdHI+PC90YWJsZT4KPGEgbmFtZT0icmZjLnNlY3Rpb24uMS42 Ij48L2E+PGgzPjEuNi4mbmJzcDsKVExTIFZlcnNpb248L2gzPgoKPHA+CiAgICAgICAgICBXaGVu ZXZlciBUTFMgaXMgdXNlZCBieSB0aGlzIHNwZWNpZmljYXRpb24sIHRoZSBhcHByb3ByaWF0ZSB2 ZXJzaW9uIChvciB2ZXJzaW9ucykgb2YKICAgICAgICAgIFRMUyB3aWxsIHZhcnkgb3ZlciB0aW1l LCBiYXNlZCBvbiB0aGUgd2lkZXNwcmVhZCBkZXBsb3ltZW50IGFuZCBrbm93biBzZWN1cml0eQog ICAgICAgICAgdnVsbmVyYWJpbGl0aWVzLiBBdCB0aGUgdGltZSBvZiB0aGlzIHdyaXRpbmcsIFRM UyB2ZXJzaW9uIDEuMiA8YSBjbGFzcz0naW5mbycgaHJlZj0nI1JGQzUyNDYnPltSRkM1MjQ2XTxz cGFuPiAoPC9zcGFuPjxzcGFuIGNsYXNzPSdpbmZvJz5EaWVya3MsIFQuIGFuZCBFLiBSZXNjb3Js YSwgJmxkcXVvO1RoZSBUcmFuc3BvcnQgTGF5ZXIgU2VjdXJpdHkgKFRMUykgUHJvdG9jb2wgVmVy c2lvbiAxLjIsJnJkcXVvOyBBdWd1c3QmbmJzcDsyMDA4Ljwvc3Bhbj48c3Bhbj4pPC9zcGFuPjwv YT4KICAgICAgICAgIGlzIHRoZSBtb3N0IHJlY2VudCB2ZXJzaW9uLCBidXQgaGFzIGEgdmVyeSBs aW1pdGVkIGRlcGxveW1lbnQgYmFzZSBhbmQgbWlnaHQgbm90IGJlCiAgICAgICAgICByZWFkaWx5 IGF2YWlsYWJsZSBmb3IgaW1wbGVtZW50YXRpb24uIFRMUyB2ZXJzaW9uIDEuMCA8YSBjbGFzcz0n aW5mbycgaHJlZj0nI1JGQzIyNDYnPltSRkMyMjQ2XTxzcGFuPiAoPC9zcGFuPjxzcGFuIGNsYXNz PSdpbmZvJz5EaWVya3MsIFQuIGFuZCBDLiBBbGxlbiwgJmxkcXVvO1RoZSBUTFMgUHJvdG9jb2wg VmVyc2lvbiAxLjAsJnJkcXVvOyBKYW51YXJ5Jm5ic3A7MTk5OS48L3NwYW4+PHNwYW4+KTwvc3Bh bj48L2E+IGlzIHRoZQogICAgICAgICAgbW9zdCB3aWRlbHkgZGVwbG95ZWQgdmVyc2lvbiwgYW5k IHdpbGwgcHJvdmlkZSB0aGUgYnJvYWRlc3QgaW50ZXJvcGVyYWJpbGl0eS4KICAgICAgICAKPC9w Pgo8cD4KICAgICAgICAgIEltcGxlbWVudGF0aW9ucyBNQVkgYWxzbyBzdXBwb3J0IGFkZGl0aW9u YWwgdHJhbnNwb3J0LWxheWVyIHNlY3VyaXR5IG1lY2hhbmlzbXMKICAgICAgICAgIHRoYXQgbWVl dCB0aGVpciBzZWN1cml0eSByZXF1aXJlbWVudHMuCiAgICAgICAgCjwvcD4KPGEgbmFtZT0iYW5j aG9yMTEiPjwvYT48YnIgLz48aHIgLz4KPHRhYmxlIHN1bW1hcnk9ImxheW91dCIgY2VsbHBhZGRp bmc9IjAiIGNlbGxzcGFjaW5nPSIyIiBjbGFzcz0iVE9DYnVnIiBhbGlnbj0icmlnaHQiPjx0cj48 dGQgY2xhc3M9IlRPQ2J1ZyI+PGEgaHJlZj0iI3RvYyI+Jm5ic3A7VE9DJm5ic3A7PC9hPjwvdGQ+ PC90cj48L3RhYmxlPgo8YSBuYW1lPSJyZmMuc2VjdGlvbi4xLjciPjwvYT48aDM+MS43LiZuYnNw OwpIVFRQIFJlZGlyZWN0aW9uczwvaDM+Cgo8cD4KICAgICAgICAgIFRoaXMgc3BlY2lmaWNhdGlv biBtYWtlcyBleHRlbnNpdmUgdXNlIG9mIEhUVFAgcmVkaXJlY3Rpb25zLCBpbiB3aGljaCB0aGUg Y2xpZW50IG9yIHRoZQogICAgICAgICAgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgZGlyZWN0cyB0aGUg cmVzb3VyY2Ugb3duZXIncyB1c2VyLWFnZW50IHRvIGFub3RoZXIgZGVzdGluYXRpb24uIFdoaWxl CiAgICAgICAgICB0aGUgZXhhbXBsZXMgaW4gdGhpcyBzcGVjaWZpY2F0aW9uIHNob3cgdGhlIHVz ZSBvZiB0aGUgSFRUUCAzMDIgc3RhdHVzIGNvZGUsIGFueSBvdGhlcgogICAgICAgICAgbWV0aG9k IGF2YWlsYWJsZSB2aWEgdGhlIHVzZXItYWdlbnQgdG8gYWNjb21wbGlzaCB0aGlzIHJlZGlyZWN0 aW9uIGlzIGFsbG93ZWQgYW5kIGlzCiAgICAgICAgICBjb25zaWRlcmVkIHRvIGJlIGFuIGltcGxl bWVudGF0aW9uIGRldGFpbC4KICAgICAgICAKPC9wPgo8YSBuYW1lPSJhbmNob3IxMiI+PC9hPjxi ciAvPjxociAvPgo8dGFibGUgc3VtbWFyeT0ibGF5b3V0IiBjZWxscGFkZGluZz0iMCIgY2VsbHNw YWNpbmc9IjIiIGNsYXNzPSJUT0NidWciIGFsaWduPSJyaWdodCI+PHRyPjx0ZCBjbGFzcz0iVE9D YnVnIj48YSBocmVmPSIjdG9jIj4mbmJzcDtUT0MmbmJzcDs8L2E+PC90ZD48L3RyPjwvdGFibGU+ CjxhIG5hbWU9InJmYy5zZWN0aW9uLjEuOCI+PC9hPjxoMz4xLjguJm5ic3A7CkludGVyb3BlcmFi aWxpdHk8L2gzPgoKPHA+CiAgICAgICAgICBPQXV0aCAyLjAgcHJvdmlkZXMgYSByaWNoIGF1dGhv cml6YXRpb24gZnJhbWV3b3JrIHdpdGggd2VsbC1kZWZpbmVkIHNlY3VyaXR5IHByb3BlcnRpZXMu CiAgICAgICAgICBIb3dldmVyLCBhcyBhIHJpY2ggYW5kIGhpZ2hseSBleHRlbnNpYmxlIGZyYW1l d29yayB3aXRoIG1hbnkgb3B0aW9uYWwgY29tcG9uZW50cywgb24gaXRzCiAgICAgICAgICBvd24s IHRoaXMgc3BlY2lmaWNhdGlvbiBpcyBsaWtlbHkgdG8gcHJvZHVjZSBhIHdpZGUgcmFuZ2Ugb2Yg bm9uLWludGVyb3BlcmFibGUKICAgICAgICAgIGltcGxlbWVudGF0aW9ucy4KICAgICAgICAKPC9w Pgo8cD4KICAgICAgICAgIEluIGFkZGl0aW9uLCB0aGlzIHNwZWNpZmljYXRpb24gbGVhdmVzIGEg ZmV3IHJlcXVpcmVkIGNvbXBvbmVudHMgcGFydGlhbGx5IG9yIGZ1bGx5CiAgICAgICAgICB1bmRl ZmluZWQgKGUuZy4gY2xpZW50IHJlZ2lzdHJhdGlvbiwgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgY2Fw YWJpbGl0aWVzLCBlbmRwb2ludAogICAgICAgICAgZGlzY292ZXJ5KS4gV2l0aG91dCB0aGVzZSBj b21wb25lbnRzLCBjbGllbnRzIG11c3QgYmUgbWFudWFsbHkgYW5kIHNwZWNpZmljYWxseQogICAg ICAgICAgY29uZmlndXJlZCBhZ2FpbnN0IGEgc3BlY2lmaWMgYXV0aG9yaXphdGlvbiBzZXJ2ZXIg YW5kIHJlc291cmNlIHNlcnZlciBpbiBvcmRlciB0bwogICAgICAgICAgaW50ZXJvcGVyYXRlLgog ICAgICAgIAo8L3A+CjxwPgogICAgICAgICAgVGhpcyBmcmFtZXdvcmsgd2FzIGRlc2lnbmVkIHdp dGggdGhlIGNsZWFyIGV4cGVjdGF0aW9uIHRoYXQgZnV0dXJlIHdvcmsgd2lsbCBkZWZpbmUKICAg ICAgICAgIHByZXNjcmlwdGl2ZSBwcm9maWxlcyBhbmQgZXh0ZW5zaW9ucyBuZWNlc3NhcnkgdG8g YWNoaWV2ZSBmdWxsIHdlYi1zY2FsZQogICAgICAgICAgaW50ZXJvcGVyYWJpbGl0eS4KICAgICAg ICAKPC9wPgo8YSBuYW1lPSJhbmNob3IxMyI+PC9hPjxiciAvPjxociAvPgo8dGFibGUgc3VtbWFy eT0ibGF5b3V0IiBjZWxscGFkZGluZz0iMCIgY2VsbHNwYWNpbmc9IjIiIGNsYXNzPSJUT0NidWci IGFsaWduPSJyaWdodCI+PHRyPjx0ZCBjbGFzcz0iVE9DYnVnIj48YSBocmVmPSIjdG9jIj4mbmJz cDtUT0MmbmJzcDs8L2E+PC90ZD48L3RyPjwvdGFibGU+CjxhIG5hbWU9InJmYy5zZWN0aW9uLjEu OSI+PC9hPjxoMz4xLjkuJm5ic3A7Ck5vdGF0aW9uYWwgQ29udmVudGlvbnM8L2gzPgoKPHA+CiAg ICAgICAgICBUaGUga2V5IHdvcmRzICJNVVNUIiwgIk1VU1QgTk9UIiwgIlJFUVVJUkVEIiwgIlNI QUxMIiwgIlNIQUxMIE5PVCIsICJTSE9VTEQiLCAiU0hPVUxECiAgICAgICAgICBOT1QiLCAiUkVD T01NRU5ERUQiLCAiTUFZIiwgYW5kICJPUFRJT05BTCIgaW4gdGhpcyBzcGVjaWZpY2F0aW9uIGFy ZSB0byBiZSBpbnRlcnByZXRlZCBhcwogICAgICAgICAgZGVzY3JpYmVkIGluIDxhIGNsYXNzPSdp bmZvJyBocmVmPScjUkZDMjExOSc+W1JGQzIxMTldPHNwYW4+ICg8L3NwYW4+PHNwYW4gY2xhc3M9 J2luZm8nPkJyYWRuZXIsIFMuLCAmbGRxdW87S2V5IHdvcmRzIGZvciB1c2UgaW4gUkZDcyB0byBJ bmRpY2F0ZSBSZXF1aXJlbWVudCBMZXZlbHMsJnJkcXVvOyBNYXJjaCZuYnNwOzE5OTcuPC9zcGFu PjxzcGFuPik8L3NwYW4+PC9hPi4KICAgICAgICAKPC9wPgo8cD4KICAgICAgICAgIFRoaXMgc3Bl Y2lmaWNhdGlvbiB1c2VzIHRoZSBBdWdtZW50ZWQgQmFja3VzLU5hdXIgRm9ybSAoQUJORikgbm90 YXRpb24gb2YKICAgICAgICAgIDxhIGNsYXNzPSdpbmZvJyBocmVmPScjUkZDNTIzNCc+W1JGQzUy MzRdPHNwYW4+ICg8L3NwYW4+PHNwYW4gY2xhc3M9J2luZm8nPkNyb2NrZXIsIEQuIGFuZCBQLiBP dmVyZWxsLCAmbGRxdW87QXVnbWVudGVkIEJORiBmb3IgU3ludGF4IFNwZWNpZmljYXRpb25zOiBB Qk5GLCZyZHF1bzsgSmFudWFyeSZuYnNwOzIwMDguPC9zcGFuPjxzcGFuPik8L3NwYW4+PC9hPi4K CSAgQWRkaXRpb25hbGx5LCB0aGUgcnVsZSBVUkktUmVmZXJlbmNlIGlzIGluY2x1ZGVkIGZyb20K CSAgVW5pZm9ybSBSZXNvdXJjZSBJZGVudGlmaWVyIChVUkkpIDxhIGNsYXNzPSdpbmZvJyBocmVm PScjUkZDMzk4Nic+W1JGQzM5ODZdPHNwYW4+ICg8L3NwYW4+PHNwYW4gY2xhc3M9J2luZm8nPkJl cm5lcnMtTGVlLCBULiwgRmllbGRpbmcsIFIuLCBhbmQgTC4gTWFzaW50ZXIsICZsZHF1bztVbmlm b3JtIFJlc291cmNlIElkZW50aWZpZXIgKFVSSSk6IEdlbmVyaWMgU3ludGF4LCZyZHF1bzsgSmFu dWFyeSZuYnNwOzIwMDUuPC9zcGFuPjxzcGFuPik8L3NwYW4+PC9hPi4KICAgICAgICAKPC9wPgo8 cD4KICAgICAgICAgIENlcnRhaW4gc2VjdXJpdHktcmVsYXRlZCB0ZXJtcyBhcmUgdG8gYmUgdW5k ZXJzdG9vZCBpbiB0aGUgc2Vuc2UgZGVmaW5lZCBpbgogICAgICAgICAgPGEgY2xhc3M9J2luZm8n IGhyZWY9JyNSRkM0OTQ5Jz5bUkZDNDk0OV08c3Bhbj4gKDwvc3Bhbj48c3BhbiBjbGFzcz0naW5m byc+U2hpcmV5LCBSLiwgJmxkcXVvO0ludGVybmV0IFNlY3VyaXR5IEdsb3NzYXJ5LCBWZXJzaW9u IDIsJnJkcXVvOyBBdWd1c3QmbmJzcDsyMDA3Ljwvc3Bhbj48c3Bhbj4pPC9zcGFuPjwvYT4uIFRo ZXNlIHRlcm1zIGluY2x1ZGUsIGJ1dCBhcmUgbm90IGxpbWl0ZWQgdG8sICJhdHRhY2siLAogICAg ICAgICAgImF1dGhlbnRpY2F0aW9uIiwgImF1dGhvcml6YXRpb24iLCAiY2VydGlmaWNhdGUiLCAi Y29uZmlkZW50aWFsaXR5IiwgImNyZWRlbnRpYWwiLAogICAgICAgICAgImVuY3J5cHRpb24iLCAi aWRlbnRpdHkiLCAic2lnbiIsICJzaWduYXR1cmUiLCAidHJ1c3QiLCAidmFsaWRhdGUiLCBhbmQg InZlcmlmeSIuCiAgICAgICAgCjwvcD4KPHA+CiAgICAgICAgICBVbmxlc3Mgb3RoZXJ3aXNlIG5v dGVkLCBhbGwgdGhlIHByb3RvY29sIHBhcmFtZXRlciBuYW1lcyBhbmQgdmFsdWVzIGFyZSBjYXNl IHNlbnNpdGl2ZS4KICAgICAgICAKPC9wPgo8YSBuYW1lPSJhbmNob3IxNCI+PC9hPjxiciAvPjxo ciAvPgo8dGFibGUgc3VtbWFyeT0ibGF5b3V0IiBjZWxscGFkZGluZz0iMCIgY2VsbHNwYWNpbmc9 IjIiIGNsYXNzPSJUT0NidWciIGFsaWduPSJyaWdodCI+PHRyPjx0ZCBjbGFzcz0iVE9DYnVnIj48 YSBocmVmPSIjdG9jIj4mbmJzcDtUT0MmbmJzcDs8L2E+PC90ZD48L3RyPjwvdGFibGU+CjxhIG5h bWU9InJmYy5zZWN0aW9uLjIiPjwvYT48aDM+Mi4mbmJzcDsKQ2xpZW50IFJlZ2lzdHJhdGlvbjwv aDM+Cgo8cD4KICAgICAgICBCZWZvcmUgaW5pdGlhdGluZyB0aGUgcHJvdG9jb2wsIHRoZSBjbGll bnQgcmVnaXN0ZXJzIHdpdGggdGhlIGF1dGhvcml6YXRpb24gc2VydmVyLiBUaGUKICAgICAgICBt ZWFucyB0aHJvdWdoIHdoaWNoIHRoZSBjbGllbnQgcmVnaXN0ZXJzIHdpdGggdGhlIGF1dGhvcml6 YXRpb24gc2VydmVyIGFyZSBiZXlvbmQgdGhlCiAgICAgICAgc2NvcGUgb2YgdGhpcyBzcGVjaWZp Y2F0aW9uLCBidXQgdHlwaWNhbGx5IGludm9sdmUgZW5kLXVzZXIgaW50ZXJhY3Rpb24gd2l0aCBh biBIVE1MCiAgICAgICAgcmVnaXN0cmF0aW9uIGZvcm0uCiAgICAgIAo8L3A+CjxwPgogICAgICAg IENsaWVudCByZWdpc3RyYXRpb24gZG9lcyBub3QgcmVxdWlyZSBhIGRpcmVjdCBpbnRlcmFjdGlv biBiZXR3ZWVuIHRoZSBjbGllbnQgYW5kIHRoZQogICAgICAgIGF1dGhvcml6YXRpb24gc2VydmVy LiBXaGVuIHN1cHBvcnRlZCBieSB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIsIHJlZ2lzdHJhdGlv biBjYW4gcmVseQogICAgICAgIG9uIG90aGVyIG1lYW5zIGZvciBlc3RhYmxpc2hpbmcgdHJ1c3Qg YW5kIG9idGFpbmluZyB0aGUgcmVxdWlyZWQgY2xpZW50IHByb3BlcnRpZXMgKGUuZy4KICAgICAg ICByZWRpcmVjdGlvbiBVUkksIGNsaWVudCB0eXBlKS4gRm9yIGV4YW1wbGUsIHJlZ2lzdHJhdGlv biBjYW4gYmUgYWNjb21wbGlzaGVkIHVzaW5nIGEKICAgICAgICBzZWxmLWlzc3VlZCBvciB0aGly ZC1wYXJ0eS1pc3N1ZWQgYXNzZXJ0aW9uLCBvciBieSB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIg cGVyZm9ybWluZwogICAgICAgIGNsaWVudCBkaXNjb3ZlcnkgdXNpbmcgYSB0cnVzdGVkIGNoYW5u ZWwuCiAgICAgIAo8L3A+CjxwPgogICAgICAgIFdoZW4gcmVnaXN0ZXJpbmcgYSBjbGllbnQsIHRo ZSBjbGllbnQgZGV2ZWxvcGVyIFNIQUxMOgogICAgICAKPC9wPgo8cD4KICAgICAgICA8L3A+Cjx1 bCBjbGFzcz0idGV4dCI+CjxsaT4KICAgICAgICAgICAgc3BlY2lmeSB0aGUgY2xpZW50IHR5cGUg YXMgZGVzY3JpYmVkIGluIDxhIGNsYXNzPSdpbmZvJyBocmVmPScjY2xpZW50LXR5cGVzJz5TZWN0 aW9uJm5ic3A7Mi4xPHNwYW4+ICg8L3NwYW4+PHNwYW4gY2xhc3M9J2luZm8nPkNsaWVudCBUeXBl czwvc3Bhbj48c3Bhbj4pPC9zcGFuPjwvYT4sCiAgICAgICAgICAKPC9saT4KPGxpPgogICAgICAg ICAgICBwcm92aWRlIGl0cyBjbGllbnQgcmVkaXJlY3Rpb24gVVJJcyBhcyBkZXNjcmliZWQgaW4K ICAgICAgICAgICAgPGEgY2xhc3M9J2luZm8nIGhyZWY9JyNyZWRpcmVjdC11cmknPlNlY3Rpb24m bmJzcDszLjEuMjxzcGFuPiAoPC9zcGFuPjxzcGFuIGNsYXNzPSdpbmZvJz5SZWRpcmVjdGlvbiBF bmRwb2ludDwvc3Bhbj48c3Bhbj4pPC9zcGFuPjwvYT4sIGFuZAogICAgICAgICAgCjwvbGk+Cjxs aT4KICAgICAgICAgICAgaW5jbHVkZSBhbnkgb3RoZXIgaW5mb3JtYXRpb24gcmVxdWlyZWQgYnkg dGhlIGF1dGhvcml6YXRpb24gc2VydmVyIChlLmcuIGFwcGxpY2F0aW9uCiAgICAgICAgICAgIG5h bWUsIHdlYnNpdGUsIGRlc2NyaXB0aW9uLCBsb2dvIGltYWdlLCB0aGUgYWNjZXB0YW5jZSBvZiBs ZWdhbCB0ZXJtcykuCiAgICAgICAgICAKPC9saT4KPC91bD48cD4KICAgICAgCjwvcD4KPGEgbmFt ZT0iY2xpZW50LXR5cGVzIj48L2E+PGJyIC8+PGhyIC8+Cjx0YWJsZSBzdW1tYXJ5PSJsYXlvdXQi IGNlbGxwYWRkaW5nPSIwIiBjZWxsc3BhY2luZz0iMiIgY2xhc3M9IlRPQ2J1ZyIgYWxpZ249InJp Z2h0Ij48dHI+PHRkIGNsYXNzPSJUT0NidWciPjxhIGhyZWY9IiN0b2MiPiZuYnNwO1RPQyZuYnNw OzwvYT48L3RkPjwvdHI+PC90YWJsZT4KPGEgbmFtZT0icmZjLnNlY3Rpb24uMi4xIj48L2E+PGgz PjIuMS4mbmJzcDsKQ2xpZW50IFR5cGVzPC9oMz4KCjxwPgogICAgICAgICAgT0F1dGggZGVmaW5l cyB0d28gY2xpZW50IHR5cGVzLCBiYXNlZCBvbiB0aGVpciBhYmlsaXR5IHRvIGF1dGhlbnRpY2F0 ZSBzZWN1cmVseSB3aXRoIHRoZQogICAgICAgICAgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgKGkuZS4g YWJpbGl0eSB0byBtYWludGFpbiB0aGUgY29uZmlkZW50aWFsaXR5IG9mIHRoZWlyIGNsaWVudAog ICAgICAgICAgY3JlZGVudGlhbHMpOgogICAgICAgIAo8L3A+CjxwPgogICAgICAgICAgPC9wPgo8 YmxvY2txdW90ZSBjbGFzcz0idGV4dCI+PGRsPgo8ZHQ+Y29uZmlkZW50aWFsPC9kdD4KPGRkPgog ICAgICAgICAgICAgIAogICAgICAgICAgICAgIENsaWVudHMgY2FwYWJsZSBvZiBtYWludGFpbmlu ZyB0aGUgY29uZmlkZW50aWFsaXR5IG9mIHRoZWlyIGNyZWRlbnRpYWxzIChlLmcuCiAgICAgICAg ICAgICAgY2xpZW50IGltcGxlbWVudGVkIG9uIGEgc2VjdXJlIHNlcnZlciB3aXRoIHJlc3RyaWN0 ZWQgYWNjZXNzIHRvIHRoZSBjbGllbnQKICAgICAgICAgICAgICBjcmVkZW50aWFscyksIG9yIGNh cGFibGUgb2Ygc2VjdXJlIGNsaWVudCBhdXRoZW50aWNhdGlvbiB1c2luZyBvdGhlciBtZWFucy4K ICAgICAgICAgICAgCjwvZGQ+CjxkdD5wdWJsaWM8L2R0Pgo8ZGQ+CiAgICAgICAgICAgICAgCiAg ICAgICAgICAgICAgQ2xpZW50cyBpbmNhcGFibGUgb2YgbWFpbnRhaW5pbmcgdGhlIGNvbmZpZGVu dGlhbGl0eSBvZiB0aGVpciBjcmVkZW50aWFscyAoZS5nLgogICAgICAgICAgICAgIGNsaWVudHMg ZXhlY3V0aW5nIG9uIHRoZSBkZXZpY2UgdXNlZCBieSB0aGUgcmVzb3VyY2Ugb3duZXIgc3VjaCBh cyBhbiBpbnN0YWxsZWQKICAgICAgICAgICAgICBuYXRpdmUgYXBwbGljYXRpb24gb3IgYSB3ZWIg YnJvd3Nlci1iYXNlZCBhcHBsaWNhdGlvbiksIGFuZCBpbmNhcGFibGUgb2Ygc2VjdXJlCiAgICAg ICAgICAgICAgY2xpZW50IGF1dGhlbnRpY2F0aW9uIHZpYSBhbnkgb3RoZXIgbWVhbnMuCiAgICAg ICAgICAgIAo8L2RkPgo8L2RsPjwvYmxvY2txdW90ZT48cD4KICAgICAgICAKPC9wPgo8cD4KICAg ICAgICAgIFRoZSBjbGllbnQgdHlwZSBkZXNpZ25hdGlvbiBpcyBiYXNlZCBvbiB0aGUgYXV0aG9y aXphdGlvbiBzZXJ2ZXIncyBkZWZpbml0aW9uIG9mIHNlY3VyZQogICAgICAgICAgYXV0aGVudGlj YXRpb24gYW5kIGl0cyBhY2NlcHRhYmxlIGV4cG9zdXJlIGxldmVscyBvZiBjbGllbnQgY3JlZGVu dGlhbHMuIFRoZQogICAgICAgICAgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgU0hPVUxEIE5PVCBtYWtl IGFzc3VtcHRpb25zIGFib3V0IHRoZSBjbGllbnQgdHlwZS4KICAgICAgICAKPC9wPgo8cD4KICAg ICAgICAgIEEgY2xpZW50IG1heSBiZSBpbXBsZW1lbnRlZCBhcyBhIGRpc3RyaWJ1dGVkIHNldCBv ZiBjb21wb25lbnRzLCBlYWNoIHdpdGggYSBkaWZmZXJlbnQKICAgICAgICAgIGNsaWVudCB0eXBl IGFuZCBzZWN1cml0eSBjb250ZXh0IChlLmcuIGEgZGlzdHJpYnV0ZWQgY2xpZW50IHdpdGggYm90 aCBhIGNvbmZpZGVudGlhbAogICAgICAgICAgc2VydmVyLWJhc2VkIGNvbXBvbmVudCBhbmQgYSBw dWJsaWMgYnJvd3Nlci1iYXNlZCBjb21wb25lbnQpLiBJZiB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2 ZXIKICAgICAgICAgIGRvZXMgbm90IHByb3ZpZGUgc3VwcG9ydCBmb3Igc3VjaCBjbGllbnRzLCBv ciBkb2VzIG5vdCBwcm92aWRlIGd1aWRhbmNlIHdpdGggcmVnYXJkIHRvCiAgICAgICAgICB0aGVp ciByZWdpc3RyYXRpb24sIHRoZSBjbGllbnQgU0hPVUxEIHJlZ2lzdGVyIGVhY2ggY29tcG9uZW50 IGFzIGEgc2VwYXJhdGUgY2xpZW50LgogICAgICAgIAo8L3A+CjxwPgogICAgICAgICAgVGhpcyBz cGVjaWZpY2F0aW9uIGhhcyBiZWVuIGRlc2lnbmVkIGFyb3VuZCB0aGUgZm9sbG93aW5nIGNsaWVu dCBwcm9maWxlczoKICAgICAgICAKPC9wPgo8cD4KICAgICAgICAgIDwvcD4KPGJsb2NrcXVvdGUg Y2xhc3M9InRleHQiPjxkbD4KPGR0PndlYiBhcHBsaWNhdGlvbjwvZHQ+CjxkZD4KICAgICAgICAg ICAgICAKICAgICAgICAgICAgICBBIHdlYiBhcHBsaWNhdGlvbiBpcyBhIGNvbmZpZGVudGlhbCBj bGllbnQgcnVubmluZyBvbiBhIHdlYiBzZXJ2ZXIuIFJlc291cmNlIG93bmVycwogICAgICAgICAg ICAgIGFjY2VzcyB0aGUgY2xpZW50IHZpYSBhbiBIVE1MIHVzZXIgaW50ZXJmYWNlIHJlbmRlcmVk IGluIGEgdXNlci1hZ2VudCBvbiB0aGUgZGV2aWNlCiAgICAgICAgICAgICAgdXNlZCBieSB0aGUg cmVzb3VyY2Ugb3duZXIuIFRoZSBjbGllbnQgY3JlZGVudGlhbHMgYXMgd2VsbCBhcyBhbnkgYWNj ZXNzIHRva2VuIGlzc3VlZAogICAgICAgICAgICAgIHRvIHRoZSBjbGllbnQgYXJlIHN0b3JlZCBv biB0aGUgd2ViIHNlcnZlciBhbmQgYXJlIG5vdCBleHBvc2VkIHRvIG9yIGFjY2Vzc2libGUgYnkK ICAgICAgICAgICAgICB0aGUgcmVzb3VyY2Ugb3duZXIuCiAgICAgICAgICAgIAo8L2RkPgo8ZHQ+ dXNlci1hZ2VudC1iYXNlZCBhcHBsaWNhdGlvbjwvZHQ+CjxkZD4KICAgICAgICAgICAgICAKICAg ICAgICAgICAgICBBIHVzZXItYWdlbnQtYmFzZWQgYXBwbGljYXRpb24gaXMgYSBwdWJsaWMgY2xp ZW50IGluIHdoaWNoIHRoZSBjbGllbnQgY29kZSBpcwogICAgICAgICAgICAgIGRvd25sb2FkZWQg ZnJvbSBhIHdlYiBzZXJ2ZXIgYW5kIGV4ZWN1dGVzIHdpdGhpbiBhIHVzZXItYWdlbnQgKGUuZy4g d2ViIGJyb3dzZXIpIG9uCiAgICAgICAgICAgICAgdGhlIGRldmljZSB1c2VkIGJ5IHRoZSByZXNv dXJjZSBvd25lci4gUHJvdG9jb2wgZGF0YSBhbmQgY3JlZGVudGlhbHMgYXJlIGVhc2lseQogICAg ICAgICAgICAgIGFjY2Vzc2libGUgKGFuZCBvZnRlbiB2aXNpYmxlKSB0byB0aGUgcmVzb3VyY2Ug b3duZXIuIFNpbmNlIHN1Y2ggYXBwbGljYXRpb25zIHJlc2lkZQogICAgICAgICAgICAgIHdpdGhp biB0aGUgdXNlci1hZ2VudCwgdGhleSBjYW4gbWFrZSBzZWFtbGVzcyB1c2Ugb2YgdGhlIHVzZXIt YWdlbnQgY2FwYWJpbGl0aWVzIHdoZW4KICAgICAgICAgICAgICByZXF1ZXN0aW5nIGF1dGhvcml6 YXRpb24uCiAgICAgICAgICAgIAo8L2RkPgo8ZHQ+bmF0aXZlIGFwcGxpY2F0aW9uPC9kdD4KPGRk PgogICAgICAgICAgICAgIAogICAgICAgICAgICAgIEEgbmF0aXZlIGFwcGxpY2F0aW9uIGlzIGEg cHVibGljIGNsaWVudCBpbnN0YWxsZWQgYW5kIGV4ZWN1dGVkIG9uIHRoZSBkZXZpY2UgdXNlZCBi eQogICAgICAgICAgICAgIHRoZSByZXNvdXJjZSBvd25lci4gUHJvdG9jb2wgZGF0YSBhbmQgY3Jl ZGVudGlhbHMgYXJlIGFjY2Vzc2libGUgdG8gdGhlIHJlc291cmNlCiAgICAgICAgICAgICAgb3du ZXIuIEl0IGlzIGFzc3VtZWQgdGhhdCBhbnkgY2xpZW50IGF1dGhlbnRpY2F0aW9uIGNyZWRlbnRp YWxzIGluY2x1ZGVkIGluIHRoZQogICAgICAgICAgICAgIGFwcGxpY2F0aW9uIGNhbiBiZSBleHRy YWN0ZWQuIE9uIHRoZSBvdGhlciBoYW5kLCBkeW5hbWljYWxseSBpc3N1ZWQgY3JlZGVudGlhbHMg c3VjaAogICAgICAgICAgICAgIGFzIGFjY2VzcyB0b2tlbnMgb3IgcmVmcmVzaCB0b2tlbnMgY2Fu IHJlY2VpdmUgYW4gYWNjZXB0YWJsZSBsZXZlbCBvZiBwcm90ZWN0aW9uLiBBdCBhCiAgICAgICAg ICAgICAgbWluaW11bSwgdGhlc2UgY3JlZGVudGlhbHMgYXJlIHByb3RlY3RlZCBmcm9tIGhvc3Rp bGUgc2VydmVycyB3aXRoIHdoaWNoIHRoZQogICAgICAgICAgICAgIGFwcGxpY2F0aW9uIG1heSBp bnRlcmFjdCB3aXRoLiBPbiBzb21lIHBsYXRmb3JtcyB0aGVzZSBjcmVkZW50aWFscyBtaWdodCBi ZSBwcm90ZWN0ZWQKICAgICAgICAgICAgICBmcm9tIG90aGVyIGFwcGxpY2F0aW9ucyByZXNpZGlu ZyBvbiB0aGUgc2FtZSBkZXZpY2UuCiAgICAgICAgICAgIAo8L2RkPgo8L2RsPjwvYmxvY2txdW90 ZT48cD4KICAgICAgICAKPC9wPgo8YSBuYW1lPSJjbGllbnQtaWRlbnRpZmllciI+PC9hPjxiciAv PjxociAvPgo8dGFibGUgc3VtbWFyeT0ibGF5b3V0IiBjZWxscGFkZGluZz0iMCIgY2VsbHNwYWNp bmc9IjIiIGNsYXNzPSJUT0NidWciIGFsaWduPSJyaWdodCI+PHRyPjx0ZCBjbGFzcz0iVE9DYnVn Ij48YSBocmVmPSIjdG9jIj4mbmJzcDtUT0MmbmJzcDs8L2E+PC90ZD48L3RyPjwvdGFibGU+Cjxh IG5hbWU9InJmYy5zZWN0aW9uLjIuMiI+PC9hPjxoMz4yLjIuJm5ic3A7CkNsaWVudCBJZGVudGlm aWVyPC9oMz4KCjxwPgogICAgICAgICAgVGhlIGF1dGhvcml6YXRpb24gc2VydmVyIGlzc3VlcyB0 aGUgcmVnaXN0ZXJlZCBjbGllbnQgYSBjbGllbnQgaWRlbnRpZmllciAtIGEgdW5pcXVlCiAgICAg ICAgICBzdHJpbmcgcmVwcmVzZW50aW5nIHRoZSByZWdpc3RyYXRpb24gaW5mb3JtYXRpb24gcHJv dmlkZWQgYnkgdGhlIGNsaWVudC4gVGhlIGNsaWVudAogICAgICAgICAgaWRlbnRpZmllciBpcyBu b3QgYSBzZWNyZXQ7IGl0IGlzIGV4cG9zZWQgdG8gdGhlIHJlc291cmNlIG93bmVyLCBhbmQgTVVT VCBOT1QgYmUgdXNlZAogICAgICAgICAgYWxvbmUgZm9yIGNsaWVudCBhdXRoZW50aWNhdGlvbi4g VGhlIGNsaWVudCBpZGVudGlmaWVyIGlzIHVuaXF1ZSB0byB0aGUgYXV0aG9yaXphdGlvbgogICAg ICAgICAgc2VydmVyLgogICAgICAgIAo8L3A+CjxwPgogICAgICAgICAgVGhlIGNsaWVudCBpZGVu dGlmaWVyIHN0cmluZyBzaXplIGlzIGxlZnQgdW5kZWZpbmVkIGJ5IHRoaXMgc3BlY2lmaWNhdGlv bi4gVGhlIGNsaWVudAogICAgICAgICAgc2hvdWxkIGF2b2lkIG1ha2luZyBhc3N1bXB0aW9ucyBh Ym91dCB0aGUgaWRlbnRpZmllciBzaXplLiAgVGhlIGF1dGhvcml6YXRpb24gc2VydmVyCiAgICAg ICAgICBTSE9VTEQgZG9jdW1lbnQgdGhlIHNpemUgb2YgYW55IGlkZW50aWZpZXIgaXQgaXNzdWVz LgogICAgICAgIAo8L3A+CjxhIG5hbWU9ImNsaWVudC1hdXRoZW50aWNhdGlvbiI+PC9hPjxiciAv PjxociAvPgo8dGFibGUgc3VtbWFyeT0ibGF5b3V0IiBjZWxscGFkZGluZz0iMCIgY2VsbHNwYWNp bmc9IjIiIGNsYXNzPSJUT0NidWciIGFsaWduPSJyaWdodCI+PHRyPjx0ZCBjbGFzcz0iVE9DYnVn Ij48YSBocmVmPSIjdG9jIj4mbmJzcDtUT0MmbmJzcDs8L2E+PC90ZD48L3RyPjwvdGFibGU+Cjxh IG5hbWU9InJmYy5zZWN0aW9uLjIuMyI+PC9hPjxoMz4yLjMuJm5ic3A7CkNsaWVudCBBdXRoZW50 aWNhdGlvbjwvaDM+Cgo8cD4KICAgICAgICAgIElmIHRoZSBjbGllbnQgdHlwZSBpcyBjb25maWRl bnRpYWwsIHRoZSBjbGllbnQgYW5kIGF1dGhvcml6YXRpb24gc2VydmVyIGVzdGFibGlzaCBhIGNs aWVudAogICAgICAgICAgYXV0aGVudGljYXRpb24gbWV0aG9kIHN1aXRhYmxlIGZvciB0aGUgc2Vj dXJpdHkgcmVxdWlyZW1lbnRzIG9mIHRoZSBhdXRob3JpemF0aW9uIHNlcnZlci4KICAgICAgICAg IFRoZSBhdXRob3JpemF0aW9uIHNlcnZlciBNQVkgYWNjZXB0IGFueSBmb3JtIG9mIGNsaWVudCBh dXRoZW50aWNhdGlvbiBtZWV0aW5nIGl0cwogICAgICAgICAgc2VjdXJpdHkgcmVxdWlyZW1lbnRz LgogICAgICAgIAo8L3A+CjxwPgogICAgICAgICAgQ29uZmlkZW50aWFsIGNsaWVudHMgYXJlIHR5 cGljYWxseSBpc3N1ZWQgKG9yIGVzdGFibGlzaCkgYSBzZXQgb2YgY2xpZW50IGNyZWRlbnRpYWxz IHVzZWQgZm9yCiAgICAgICAgICBhdXRoZW50aWNhdGluZyB3aXRoIHRoZSBhdXRob3JpemF0aW9u IHNlcnZlciAoZS5nLiBwYXNzd29yZCwgcHVibGljL3ByaXZhdGUga2V5IHBhaXIpLgogICAgICAg IAo8L3A+CjxwPgogICAgICAgICAgVGhlIGF1dGhvcml6YXRpb24gc2VydmVyIE1BWSBlc3RhYmxp c2ggYSBjbGllbnQgYXV0aGVudGljYXRpb24gbWV0aG9kIHdpdGggcHVibGljIGNsaWVudHMuCiAg ICAgICAgICBIb3dldmVyLCB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgTVVTVCBOT1QgcmVseSBv biBwdWJsaWMgY2xpZW50IGF1dGhlbnRpY2F0aW9uIGZvciB0aGUKICAgICAgICAgIHB1cnBvc2Ug b2YgaWRlbnRpZnlpbmcgdGhlIGNsaWVudC4KICAgICAgICAKPC9wPgo8cD4KICAgICAgICAgIFRo ZSBjbGllbnQgTVVTVCBOT1QgdXNlIG1vcmUgdGhhbiBvbmUgYXV0aGVudGljYXRpb24gbWV0aG9k IGluIGVhY2ggcmVxdWVzdC4KICAgICAgICAKPC9wPgo8YSBuYW1lPSJjbGllbnQtcGFzc3dvcmQi PjwvYT48YnIgLz48aHIgLz4KPHRhYmxlIHN1bW1hcnk9ImxheW91dCIgY2VsbHBhZGRpbmc9IjAi IGNlbGxzcGFjaW5nPSIyIiBjbGFzcz0iVE9DYnVnIiBhbGlnbj0icmlnaHQiPjx0cj48dGQgY2xh c3M9IlRPQ2J1ZyI+PGEgaHJlZj0iI3RvYyI+Jm5ic3A7VE9DJm5ic3A7PC9hPjwvdGQ+PC90cj48 L3RhYmxlPgo8YSBuYW1lPSJyZmMuc2VjdGlvbi4yLjMuMSI+PC9hPjxoMz4yLjMuMS4mbmJzcDsK Q2xpZW50IFBhc3N3b3JkPC9oMz4KCjxwPgogICAgICAgICAgICBDbGllbnRzIGluIHBvc3Nlc3Np b24gb2YgYSBjbGllbnQgcGFzc3dvcmQgTUFZIHVzZSB0aGUgSFRUUCBCYXNpYyBhdXRoZW50aWNh dGlvbiBzY2hlbWUKICAgICAgICAgICAgYXMgZGVmaW5lZCBpbiA8YSBjbGFzcz0naW5mbycgaHJl Zj0nI1JGQzI2MTcnPltSRkMyNjE3XTxzcGFuPiAoPC9zcGFuPjxzcGFuIGNsYXNzPSdpbmZvJz5G cmFua3MsIEouLCBIYWxsYW0tQmFrZXIsIFAuLCBIb3N0ZXRsZXIsIEouLCBMYXdyZW5jZSwgUy4s IExlYWNoLCBQLiwgTHVvdG9uZW4sIEEuLCBhbmQgTC4gU3Rld2FydCwgJmxkcXVvO0hUVFAgQXV0 aGVudGljYXRpb246IEJhc2ljIGFuZCBEaWdlc3QgQWNjZXNzIEF1dGhlbnRpY2F0aW9uLCZyZHF1 bzsgSnVuZSZuYnNwOzE5OTkuPC9zcGFuPjxzcGFuPik8L3NwYW4+PC9hPiB0byBhdXRoZW50aWNh dGUgd2l0aCB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIuCiAgICAgICAgICAgIFRoZSBjbGllbnQg aWRlbnRpZmllciBpcyBlbmNvZGVkIHVzaW5nIHRoZQoJICAgIDx0dD5hcHBsaWNhdGlvbi94LXd3 dy1mb3JtLXVybGVuY29kZWQ8L3R0PgoJICAgIGVuY29kaW5nIGFsZ29yaXRobSBkZWZpbmVkIGJ5 CgkgICAgSFRNTCA0LjAxIDxhIGNsYXNzPSdpbmZvJyBocmVmPScjVzNDLlJFQy1odG1sNDAxLTE5 OTkxMjI0Jz5bVzNDLlJFQyYjODIwOTtodG1sNDAxJiM4MjA5OzE5OTkxMjI0XTxzcGFuPiAoPC9z cGFuPjxzcGFuIGNsYXNzPSdpbmZvJz5Ib3JzLCBBLiwgUmFnZ2V0dCwgRC4sIGFuZCBJLiBKYWNv YnMsICZsZHF1bztIVE1MIDQuMDEgU3BlY2lmaWNhdGlvbiwmcmRxdW87IERlY2VtYmVyJm5ic3A7 MTk5OS48L3NwYW4+PHNwYW4+KTwvc3Bhbj48L2E+IGFuZCB0aGUgZW5jb2RlZCB2YWx1ZSBpcwoJ ICAgIHVzZWQgYXMgdGhlIHVzZXJuYW1lOyB0aGUgY2xpZW50IHBhc3N3b3JkIGlzIGVuY29kZWQg dXNpbmcKCSAgICB0aGUgc2FtZSBhbGdvcml0aG0gYW5kIHVzZWQgYXMgdGhlCiAgICAgICAgICAg IHBhc3N3b3JkLiBUaGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgTVVTVCBzdXBwb3J0IHRoZSBIVFRQ IEJhc2ljIGF1dGhlbnRpY2F0aW9uIHNjaGVtZQogICAgICAgICAgICBmb3IgYXV0aGVudGljYXRp bmcgY2xpZW50cyB0aGF0IHdlcmUgaXNzdWVkIGEgY2xpZW50IHBhc3N3b3JkLgogICAgICAgICAg CjwvcD4KPHA+CiAgICAgICAgICAgICAgRm9yIGV4YW1wbGUgKGV4dHJhIGxpbmUgYnJlYWtzIGFy ZSBmb3IgZGlzcGxheSBwdXJwb3NlcyBvbmx5KToKICAgICAgICAgICAgCjwvcD48ZGl2IHN0eWxl PSdkaXNwbGF5OiB0YWJsZTsgd2lkdGg6IDA7IG1hcmdpbi1sZWZ0OiAzZW07IG1hcmdpbi1yaWdo dDogYXV0byc+PHByZT4KICBBdXRob3JpemF0aW9uOiBCYXNpYyBjelpDYUdSU2EzRjBNem8zUm1w bWNEQmFRbkl4UzNSRVVtSnVabFprYlVsMwo8L3ByZT48L2Rpdj4KPHA+CiAgICAgICAgICAgIEFs dGVybmF0aXZlbHksIHRoZSBhdXRob3JpemF0aW9uIHNlcnZlciBNQVkgc3VwcG9ydCBpbmNsdWRp bmcgdGhlIGNsaWVudCBjcmVkZW50aWFscyBpbgogICAgICAgICAgICB0aGUgcmVxdWVzdCBib2R5 IHVzaW5nIHRoZSBmb2xsb3dpbmcgcGFyYW1ldGVyczoKICAgICAgICAgIAo8L3A+CjxwPgogICAg ICAgICAgICA8L3A+CjxibG9ja3F1b3RlIGNsYXNzPSJ0ZXh0Ij48ZGw+CjxkdD5jbGllbnRfaWQ8 L2R0Pgo8ZGQ+CiAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgIFJFUVVJUkVELiBUaGUg Y2xpZW50IGlkZW50aWZpZXIgaXNzdWVkIHRvIHRoZSBjbGllbnQgZHVyaW5nIHRoZSByZWdpc3Ry YXRpb24gcHJvY2VzcwogICAgICAgICAgICAgICAgZGVzY3JpYmVkIGJ5IDxhIGNsYXNzPSdpbmZv JyBocmVmPScjY2xpZW50LWlkZW50aWZpZXInPlNlY3Rpb24mbmJzcDsyLjI8c3Bhbj4gKDwvc3Bh bj48c3BhbiBjbGFzcz0naW5mbyc+Q2xpZW50IElkZW50aWZpZXI8L3NwYW4+PHNwYW4+KTwvc3Bh bj48L2E+LgogICAgICAgICAgICAgIAo8L2RkPgo8ZHQ+Y2xpZW50X3NlY3JldDwvZHQ+CjxkZD4K ICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgUkVRVUlSRUQuIFRoZSBjbGllbnQgc2Vj cmV0LiBUaGUgY2xpZW50IE1BWSBvbWl0IHRoZSBwYXJhbWV0ZXIgaWYgdGhlIGNsaWVudCBzZWNy ZXQKICAgICAgICAgICAgICAgIGlzIGFuIGVtcHR5IHN0cmluZy4KICAgICAgICAgICAgICAKPC9k ZD4KPC9kbD48L2Jsb2NrcXVvdGU+PHA+CiAgICAgICAgICAKPC9wPgo8cD4KICAgICAgICAgICAg SW5jbHVkaW5nIHRoZSBjbGllbnQgY3JlZGVudGlhbHMgaW4gdGhlIHJlcXVlc3QgYm9keSB1c2lu ZyB0aGUgdHdvIHBhcmFtZXRlcnMgaXMgTk9UCiAgICAgICAgICAgIFJFQ09NTUVOREVELCBhbmQg U0hPVUxEIGJlIGxpbWl0ZWQgdG8gY2xpZW50cyB1bmFibGUgdG8gZGlyZWN0bHkgdXRpbGl6ZSB0 aGUgSFRUUCBCYXNpYwogICAgICAgICAgICBhdXRoZW50aWNhdGlvbiBzY2hlbWUgKG9yIG90aGVy IHBhc3N3b3JkLWJhc2VkIEhUVFAgYXV0aGVudGljYXRpb24gc2NoZW1lcykuIFRoZQogICAgICAg ICAgICBwYXJhbWV0ZXJzIGNhbiBvbmx5IGJlIHRyYW5zbWl0dGVkIGluIHRoZSByZXF1ZXN0IGJv ZHkgYW5kIE1VU1QgTk9UIGJlIGluY2x1ZGVkIGluIHRoZQogICAgICAgICAgICByZXF1ZXN0IFVS SS4KICAgICAgICAgIAo8L3A+CjxwPgogICAgICAgICAgICAgIEZvciBleGFtcGxlLCByZXF1ZXN0 aW5nIHRvIHJlZnJlc2ggYW4gYWNjZXNzIHRva2VuICg8YSBjbGFzcz0naW5mbycgaHJlZj0nI3Rv a2VuLXJlZnJlc2gnPlNlY3Rpb24mbmJzcDs2PHNwYW4+ICg8L3NwYW4+PHNwYW4gY2xhc3M9J2lu Zm8nPlJlZnJlc2hpbmcgYW4gQWNjZXNzIFRva2VuPC9zcGFuPjxzcGFuPik8L3NwYW4+PC9hPikK ICAgICAgICAgICAgICB1c2luZyB0aGUgYm9keSBwYXJhbWV0ZXJzIChleHRyYSBsaW5lIGJyZWFr cyBhcmUgZm9yIGRpc3BsYXkgcHVycG9zZXMgb25seSk6CiAgICAgICAgICAgIAo8L3A+PGRpdiBz dHlsZT0nZGlzcGxheTogdGFibGU7IHdpZHRoOiAwOyBtYXJnaW4tbGVmdDogM2VtOyBtYXJnaW4t cmlnaHQ6IGF1dG8nPjxwcmU+CiAgUE9TVCAvdG9rZW4gSFRUUC8xLjEKICBIb3N0OiBzZXJ2ZXIu ZXhhbXBsZS5jb20KICBDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJsZW5j b2RlZAoKICBncmFudF90eXBlPXJlZnJlc2hfdG9rZW4mYW1wO3JlZnJlc2hfdG9rZW49dEd6djNK T2tGMFhHNVF4MlRsS1dJQQogICZhbXA7Y2xpZW50X2lkPXM2QmhkUmtxdDMmYW1wO2NsaWVudF9z ZWNyZXQ9N0ZqZnAwWkJyMUt0RFJibmZWZG1Jdwo8L3ByZT48L2Rpdj4KPHA+CiAgICAgICAgICAg IFRoZSBhdXRob3JpemF0aW9uIHNlcnZlciBNVVNUIHJlcXVpcmUgdGhlIHVzZSBvZiBUTFMgYXMg ZGVzY3JpYmVkIGluCiAgICAgICAgICAgIDxhIGNsYXNzPSdpbmZvJyBocmVmPScjdGxzJz5TZWN0 aW9uJm5ic3A7MS42PHNwYW4+ICg8L3NwYW4+PHNwYW4gY2xhc3M9J2luZm8nPlRMUyBWZXJzaW9u PC9zcGFuPjxzcGFuPik8L3NwYW4+PC9hPiB3aGVuIHNlbmRpbmcgcmVxdWVzdHMgdXNpbmcgcGFz c3dvcmQgYXV0aGVudGljYXRpb24uCiAgICAgICAgICAKPC9wPgo8cD4KICAgICAgICAgICAgU2lu Y2UgdGhpcyBjbGllbnQgYXV0aGVudGljYXRpb24gbWV0aG9kIGludm9sdmVzIGEgcGFzc3dvcmQs IHRoZSBhdXRob3JpemF0aW9uIHNlcnZlcgogICAgICAgICAgICBNVVNUIHByb3RlY3QgYW55IGVu ZHBvaW50IHV0aWxpemluZyBpdCBhZ2FpbnN0IGJydXRlIGZvcmNlIGF0dGFja3MuCiAgICAgICAg ICAKPC9wPgo8YSBuYW1lPSJhbmNob3IxNSI+PC9hPjxiciAvPjxociAvPgo8dGFibGUgc3VtbWFy eT0ibGF5b3V0IiBjZWxscGFkZGluZz0iMCIgY2VsbHNwYWNpbmc9IjIiIGNsYXNzPSJUT0NidWci IGFsaWduPSJyaWdodCI+PHRyPjx0ZCBjbGFzcz0iVE9DYnVnIj48YSBocmVmPSIjdG9jIj4mbmJz cDtUT0MmbmJzcDs8L2E+PC90ZD48L3RyPjwvdGFibGU+CjxhIG5hbWU9InJmYy5zZWN0aW9uLjIu My4yIj48L2E+PGgzPjIuMy4yLiZuYnNwOwpPdGhlciBBdXRoZW50aWNhdGlvbiBNZXRob2RzPC9o Mz4KCjxwPgogICAgICAgICAgICBUaGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgTUFZIHN1cHBvcnQg YW55IHN1aXRhYmxlIEhUVFAgYXV0aGVudGljYXRpb24gc2NoZW1lIG1hdGNoaW5nCiAgICAgICAg ICAgIGl0cyBzZWN1cml0eSByZXF1aXJlbWVudHMuIFdoZW4gdXNpbmcgb3RoZXIgYXV0aGVudGlj YXRpb24gbWV0aG9kcywgdGhlIGF1dGhvcml6YXRpb24KICAgICAgICAgICAgc2VydmVyIE1VU1Qg ZGVmaW5lIGEgbWFwcGluZyBiZXR3ZWVuIHRoZSBjbGllbnQgaWRlbnRpZmllciAocmVnaXN0cmF0 aW9uIHJlY29yZCkgYW5kCiAgICAgICAgICAgIGF1dGhlbnRpY2F0aW9uIHNjaGVtZS4KICAgICAg ICAgIAo8L3A+CjxhIG5hbWU9ImFuY2hvcjE2Ij48L2E+PGJyIC8+PGhyIC8+Cjx0YWJsZSBzdW1t YXJ5PSJsYXlvdXQiIGNlbGxwYWRkaW5nPSIwIiBjZWxsc3BhY2luZz0iMiIgY2xhc3M9IlRPQ2J1 ZyIgYWxpZ249InJpZ2h0Ij48dHI+PHRkIGNsYXNzPSJUT0NidWciPjxhIGhyZWY9IiN0b2MiPiZu YnNwO1RPQyZuYnNwOzwvYT48L3RkPjwvdHI+PC90YWJsZT4KPGEgbmFtZT0icmZjLnNlY3Rpb24u Mi40Ij48L2E+PGgzPjIuNC4mbmJzcDsKVW5yZWdpc3RlcmVkIENsaWVudHM8L2gzPgoKPHA+CiAg ICAgICAgICBUaGlzIHNwZWNpZmljYXRpb24gZG9lcyBub3QgZXhjbHVkZSB0aGUgdXNlIG9mIHVu cmVnaXN0ZXJlZCBjbGllbnRzLiBIb3dldmVyLCB0aGUgdXNlCiAgICAgICAgICB3aXRoIHN1Y2gg Y2xpZW50cyBpcyBiZXlvbmQgdGhlIHNjb3BlIG9mIHRoaXMgc3BlY2lmaWNhdGlvbiwgYW5kIHJl cXVpcmVzIGFkZGl0aW9uYWwKICAgICAgICAgIHNlY3VyaXR5IGFuYWx5c2lzIGFuZCByZXZpZXcg b2YgaXRzIGludGVyb3BlcmFiaWxpdHkgaW1wYWN0LgogICAgICAgIAo8L3A+CjxhIG5hbWU9ImFu Y2hvcjE3Ij48L2E+PGJyIC8+PGhyIC8+Cjx0YWJsZSBzdW1tYXJ5PSJsYXlvdXQiIGNlbGxwYWRk aW5nPSIwIiBjZWxsc3BhY2luZz0iMiIgY2xhc3M9IlRPQ2J1ZyIgYWxpZ249InJpZ2h0Ij48dHI+ PHRkIGNsYXNzPSJUT0NidWciPjxhIGhyZWY9IiN0b2MiPiZuYnNwO1RPQyZuYnNwOzwvYT48L3Rk PjwvdHI+PC90YWJsZT4KPGEgbmFtZT0icmZjLnNlY3Rpb24uMyI+PC9hPjxoMz4zLiZuYnNwOwpQ cm90b2NvbCBFbmRwb2ludHM8L2gzPgoKPHA+CiAgICAgICAgVGhlIGF1dGhvcml6YXRpb24gcHJv Y2VzcyB1dGlsaXplcyB0d28gYXV0aG9yaXphdGlvbiBzZXJ2ZXIgZW5kcG9pbnRzIChIVFRQIHJl c291cmNlcyk6CiAgICAgIAo8L3A+CjxwPgogICAgICAgIDwvcD4KPHVsIGNsYXNzPSJ0ZXh0Ij4K PGxpPgogICAgICAgICAgICBBdXRob3JpemF0aW9uIGVuZHBvaW50IC0gdXNlZCBieSB0aGUgY2xp ZW50IHRvIG9idGFpbiBhdXRob3JpemF0aW9uIGZyb20gdGhlIHJlc291cmNlCiAgICAgICAgICAg IG93bmVyIHZpYSB1c2VyLWFnZW50IHJlZGlyZWN0aW9uLgogICAgICAgICAgCjwvbGk+CjxsaT4K ICAgICAgICAgICAgVG9rZW4gZW5kcG9pbnQgLSB1c2VkIGJ5IHRoZSBjbGllbnQgdG8gZXhjaGFu Z2UgYW4gYXV0aG9yaXphdGlvbiBncmFudCBmb3IgYW4gYWNjZXNzCiAgICAgICAgICAgIHRva2Vu LCB0eXBpY2FsbHkgd2l0aCBjbGllbnQgYXV0aGVudGljYXRpb24uCiAgICAgICAgICAKPC9saT4K PC91bD48cD4KICAgICAgCjwvcD4KPHA+CiAgICAgICAgQXMgd2VsbCBhcyBvbmUgY2xpZW50IGVu ZHBvaW50OgogICAgICAKPC9wPgo8cD4KICAgICAgICA8L3A+Cjx1bCBjbGFzcz0idGV4dCI+Cjxs aT4KICAgICAgICAgICAgUmVkaXJlY3Rpb24gZW5kcG9pbnQgLSB1c2VkIGJ5IHRoZSBhdXRob3Jp emF0aW9uIHNlcnZlciB0byByZXR1cm4gYXV0aG9yaXphdGlvbgogICAgICAgICAgICBjcmVkZW50 aWFscyByZXNwb25zZXMgdG8gdGhlIGNsaWVudCB2aWEgdGhlIHJlc291cmNlIG93bmVyIHVzZXIt YWdlbnQuCiAgICAgICAgICAKPC9saT4KPC91bD48cD4KICAgICAgCjwvcD4KPHA+CiAgICAgICAg Tm90IGV2ZXJ5IGF1dGhvcml6YXRpb24gZ3JhbnQgdHlwZSB1dGlsaXplcyBib3RoIGVuZHBvaW50 cy4gRXh0ZW5zaW9uIGdyYW50IHR5cGVzIE1BWQogICAgICAgIGRlZmluZSBhZGRpdGlvbmFsIGVu ZHBvaW50cyBhcyBuZWVkZWQuCiAgICAgIAo8L3A+CjxhIG5hbWU9ImFuY2hvcjE4Ij48L2E+PGJy IC8+PGhyIC8+Cjx0YWJsZSBzdW1tYXJ5PSJsYXlvdXQiIGNlbGxwYWRkaW5nPSIwIiBjZWxsc3Bh Y2luZz0iMiIgY2xhc3M9IlRPQ2J1ZyIgYWxpZ249InJpZ2h0Ij48dHI+PHRkIGNsYXNzPSJUT0Ni dWciPjxhIGhyZWY9IiN0b2MiPiZuYnNwO1RPQyZuYnNwOzwvYT48L3RkPjwvdHI+PC90YWJsZT4K PGEgbmFtZT0icmZjLnNlY3Rpb24uMy4xIj48L2E+PGgzPjMuMS4mbmJzcDsKQXV0aG9yaXphdGlv biBFbmRwb2ludDwvaDM+Cgo8cD4KICAgICAgICAgIFRoZSBhdXRob3JpemF0aW9uIGVuZHBvaW50 IGlzIHVzZWQgdG8gaW50ZXJhY3Qgd2l0aCB0aGUgcmVzb3VyY2Ugb3duZXIgYW5kIG9idGFpbgog ICAgICAgICAgYW4gYXV0aG9yaXphdGlvbiBncmFudC4gVGhlIGF1dGhvcml6YXRpb24gc2VydmVy IE1VU1QgZmlyc3QgdmVyaWZ5IHRoZSBpZGVudGl0eSBvZiB0aGUKICAgICAgICAgIHJlc291cmNl IG93bmVyLiBUaGUgd2F5IGluIHdoaWNoIHRoZSBhdXRob3JpemF0aW9uIHNlcnZlciBhdXRoZW50 aWNhdGVzIHRoZSByZXNvdXJjZQogICAgICAgICAgb3duZXIgKGUuZy4gdXNlcm5hbWUgYW5kIHBh c3N3b3JkIGxvZ2luLCBzZXNzaW9uIGNvb2tpZXMpIGlzIGJleW9uZCB0aGUgc2NvcGUgb2YgdGhp cwogICAgICAgICAgc3BlY2lmaWNhdGlvbi4KICAgICAgICAKPC9wPgo8cD4KICAgICAgICAgIFRo ZSBtZWFucyB0aHJvdWdoIHdoaWNoIHRoZSBjbGllbnQgb2J0YWlucyB0aGUgbG9jYXRpb24gb2Yg dGhlIGF1dGhvcml6YXRpb24gZW5kcG9pbnQgYXJlCiAgICAgICAgICBiZXlvbmQgdGhlIHNjb3Bl IG9mIHRoaXMgc3BlY2lmaWNhdGlvbiwgYnV0IHRoZSBsb2NhdGlvbiBpcyB0eXBpY2FsbHkgcHJv dmlkZWQgaW4gdGhlCiAgICAgICAgICBzZXJ2aWNlIGRvY3VtZW50YXRpb24uCiAgICAgICAgCjwv cD4KPHA+CiAgICAgICAgICBUaGUgZW5kcG9pbnQgVVJJIE1BWSBpbmNsdWRlIGFuCiAgICAgICAg ICA8dHQ+YXBwbGljYXRpb24veC13d3ctZm9ybS11cmxlbmNvZGVkPC90dD4gZm9ybWF0dGVkCiAg ICAgICAgICAoPGEgY2xhc3M9J2luZm8nIGhyZWY9JyNXM0MuUkVDLWh0bWw0MDEtMTk5OTEyMjQn PltXM0MuUkVDJiM4MjA5O2h0bWw0MDEmIzgyMDk7MTk5OTEyMjRdPHNwYW4+ICg8L3NwYW4+PHNw YW4gY2xhc3M9J2luZm8nPkhvcnMsIEEuLCBSYWdnZXR0LCBELiwgYW5kIEkuIEphY29icywgJmxk cXVvO0hUTUwgNC4wMSBTcGVjaWZpY2F0aW9uLCZyZHF1bzsgRGVjZW1iZXImbmJzcDsxOTk5Ljwv c3Bhbj48c3Bhbj4pPC9zcGFuPjwvYT4pIHF1ZXJ5IGNvbXBvbmVudCAoPGEgY2xhc3M9J2luZm8n IGhyZWY9JyNSRkMzOTg2Jz5bUkZDMzk4Nl08c3Bhbj4gKDwvc3Bhbj48c3BhbiBjbGFzcz0naW5m byc+QmVybmVycy1MZWUsIFQuLCBGaWVsZGluZywgUi4sIGFuZCBMLiBNYXNpbnRlciwgJmxkcXVv O1VuaWZvcm0gUmVzb3VyY2UgSWRlbnRpZmllciAoVVJJKTogR2VuZXJpYyBTeW50YXgsJnJkcXVv OyBKYW51YXJ5Jm5ic3A7MjAwNS48L3NwYW4+PHNwYW4+KTwvc3Bhbj48L2E+CiAgICAgICAgICBz ZWN0aW9uIDMuNCksIHdoaWNoIE1VU1QgYmUgcmV0YWluZWQgd2hlbiBhZGRpbmcgYWRkaXRpb25h bCBxdWVyeSBwYXJhbWV0ZXJzLiBUaGUKICAgICAgICAgIGVuZHBvaW50IFVSSSBNVVNUIE5PVCBp bmNsdWRlIGEgZnJhZ21lbnQgY29tcG9uZW50LgogICAgICAgIAo8L3A+CjxwPgogICAgICAgICAg U2luY2UgcmVxdWVzdHMgdG8gdGhlIGF1dGhvcml6YXRpb24gZW5kcG9pbnQgcmVzdWx0IGluIHVz ZXIgYXV0aGVudGljYXRpb24gYW5kIHRoZQogICAgICAgICAgdHJhbnNtaXNzaW9uIG9mIGNsZWFy LXRleHQgY3JlZGVudGlhbHMgKGluIHRoZSBIVFRQIHJlc3BvbnNlKSwgdGhlIGF1dGhvcml6YXRp b24gc2VydmVyCiAgICAgICAgICBNVVNUIHJlcXVpcmUgdGhlIHVzZSBvZiBUTFMgYXMgZGVzY3Jp YmVkIGluIDxhIGNsYXNzPSdpbmZvJyBocmVmPScjdGxzJz5TZWN0aW9uJm5ic3A7MS42PHNwYW4+ ICg8L3NwYW4+PHNwYW4gY2xhc3M9J2luZm8nPlRMUyBWZXJzaW9uPC9zcGFuPjxzcGFuPik8L3Nw YW4+PC9hPiB3aGVuIHNlbmRpbmcgcmVxdWVzdHMKICAgICAgICAgIHRvIHRoZSBhdXRob3JpemF0 aW9uIGVuZHBvaW50LgogICAgICAgIAo8L3A+CjxwPgogICAgICAgICAgVGhlIGF1dGhvcml6YXRp b24gc2VydmVyIE1VU1Qgc3VwcG9ydCB0aGUgdXNlIG9mIHRoZSBIVFRQIDx0dD5HRVQ8L3R0Pgog ICAgICAgICAgbWV0aG9kIDxhIGNsYXNzPSdpbmZvJyBocmVmPScjUkZDMjYxNic+W1JGQzI2MTZd PHNwYW4+ICg8L3NwYW4+PHNwYW4gY2xhc3M9J2luZm8nPkZpZWxkaW5nLCBSLiwgR2V0dHlzLCBK LiwgTW9ndWwsIEouLCBGcnlzdHlrLCBILiwgTWFzaW50ZXIsIEwuLCBMZWFjaCwgUC4sIGFuZCBU LiBCZXJuZXJzLUxlZSwgJmxkcXVvO0h5cGVydGV4dCBUcmFuc2ZlciBQcm90b2NvbCAtLSBIVFRQ LzEuMSwmcmRxdW87IEp1bmUmbmJzcDsxOTk5Ljwvc3Bhbj48c3Bhbj4pPC9zcGFuPjwvYT4gZm9y IHRoZSBhdXRob3JpemF0aW9uIGVuZHBvaW50LCBhbmQgTUFZIHN1cHBvcnQgdGhlIHVzZQogICAg ICAgICAgb2YgdGhlIDx0dD5QT1NUPC90dD4gbWV0aG9kIGFzIHdlbGwuCiAgICAgICAgCjwvcD4K PHA+CiAgICAgICAgICBQYXJhbWV0ZXJzIHNlbnQgd2l0aG91dCBhIHZhbHVlIE1VU1QgYmUgdHJl YXRlZCBhcyBpZiB0aGV5IHdlcmUgb21pdHRlZCBmcm9tIHRoZSByZXF1ZXN0LgogICAgICAgICAg VGhlIGF1dGhvcml6YXRpb24gc2VydmVyIE1VU1QgaWdub3JlIHVucmVjb2duaXplZCByZXF1ZXN0 IHBhcmFtZXRlcnMuIFJlcXVlc3QgYW5kCiAgICAgICAgICByZXNwb25zZSBwYXJhbWV0ZXJzIE1V U1QgTk9UIGJlIGluY2x1ZGVkIG1vcmUgdGhhbiBvbmNlLgogICAgICAgIAo8L3A+CjxhIG5hbWU9 InJlc3BvbnNlLXR5cGUiPjwvYT48YnIgLz48aHIgLz4KPHRhYmxlIHN1bW1hcnk9ImxheW91dCIg Y2VsbHBhZGRpbmc9IjAiIGNlbGxzcGFjaW5nPSIyIiBjbGFzcz0iVE9DYnVnIiBhbGlnbj0icmln aHQiPjx0cj48dGQgY2xhc3M9IlRPQ2J1ZyI+PGEgaHJlZj0iI3RvYyI+Jm5ic3A7VE9DJm5ic3A7 PC9hPjwvdGQ+PC90cj48L3RhYmxlPgo8YSBuYW1lPSJyZmMuc2VjdGlvbi4zLjEuMSI+PC9hPjxo Mz4zLjEuMS4mbmJzcDsKUmVzcG9uc2UgVHlwZTwvaDM+Cgo8cD4KICAgICAgICAgICAgVGhlIGF1 dGhvcml6YXRpb24gZW5kcG9pbnQgaXMgdXNlZCBieSB0aGUgYXV0aG9yaXphdGlvbiBjb2RlIGdy YW50IHR5cGUgYW5kIGltcGxpY2l0CiAgICAgICAgICAgIGdyYW50IHR5cGUgZmxvd3MuIFRoZSBj bGllbnQgaW5mb3JtcyB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgb2YgdGhlIGRlc2lyZWQgZ3Jh bnQKICAgICAgICAgICAgdHlwZSB1c2luZyB0aGUgZm9sbG93aW5nIHBhcmFtZXRlcjoKICAgICAg ICAgIAo8L3A+CjxwPgogICAgICAgICAgICA8L3A+CjxibG9ja3F1b3RlIGNsYXNzPSJ0ZXh0Ij48 ZGw+CjxkdD5yZXNwb25zZV90eXBlPC9kdD4KPGRkPgogICAgICAgICAgICAgICAgCiAgICAgICAg ICAgICAgICBSRVFVSVJFRC4gVGhlIHZhbHVlIE1VU1QgYmUgb25lIG9mIDx0dD5jb2RlPC90dD4g Zm9yIHJlcXVlc3RpbmcKICAgICAgICAgICAgICAgIGFuIGF1dGhvcml6YXRpb24gY29kZSBhcyBk ZXNjcmliZWQgYnkgPGEgY2xhc3M9J2luZm8nIGhyZWY9JyNjb2RlLWF1dGh6LXJlcSc+U2VjdGlv biZuYnNwOzQuMS4xPHNwYW4+ICg8L3NwYW4+PHNwYW4gY2xhc3M9J2luZm8nPkF1dGhvcml6YXRp b24gUmVxdWVzdDwvc3Bhbj48c3Bhbj4pPC9zcGFuPjwvYT4sCiAgICAgICAgICAgICAgICA8dHQ+ dG9rZW48L3R0PiBmb3IgcmVxdWVzdGluZyBhbiBhY2Nlc3MgdG9rZW4gKGltcGxpY2l0IGdyYW50 KQogICAgICAgICAgICAgICAgYXMgZGVzY3JpYmVkIGJ5IDxhIGNsYXNzPSdpbmZvJyBocmVmPScj aW1wbGljaXQtYXV0aHotcmVxJz5TZWN0aW9uJm5ic3A7NC4yLjE8c3Bhbj4gKDwvc3Bhbj48c3Bh biBjbGFzcz0naW5mbyc+QXV0aG9yaXphdGlvbiBSZXF1ZXN0PC9zcGFuPjxzcGFuPik8L3NwYW4+ PC9hPiwgb3IgYSByZWdpc3RlcmVkIGV4dGVuc2lvbgogICAgICAgICAgICAgICAgdmFsdWUgYXMg ZGVzY3JpYmVkIGJ5IDxhIGNsYXNzPSdpbmZvJyBocmVmPScjcmVzcG9uc2UtdHlwZS1leHQnPlNl Y3Rpb24mbmJzcDs4LjQ8c3Bhbj4gKDwvc3Bhbj48c3BhbiBjbGFzcz0naW5mbyc+RGVmaW5pbmcg TmV3IEF1dGhvcml6YXRpb24gRW5kcG9pbnQgUmVzcG9uc2UgVHlwZXM8L3NwYW4+PHNwYW4+KTwv c3Bhbj48L2E+LgogICAgICAgICAgICAgIAo8L2RkPgo8L2RsPjwvYmxvY2txdW90ZT48cD4KICAg ICAgICAgIAo8L3A+CjxwPgogICAgICAgICAgICBFeHRlbnNpb24gcmVzcG9uc2UgdHlwZXMgTUFZ IGNvbnRhaW4gYSBzcGFjZS1kZWxpbWl0ZWQgKCV4MjApIGxpc3Qgb2YgdmFsdWVzLCB3aGVyZSB0 aGUKICAgICAgICAgICAgb3JkZXIgb2YgdmFsdWVzIGRvZXMgbm90IG1hdHRlciAoZS5nLiByZXNw b25zZSB0eXBlIDx0dD5hIGI8L3R0PiBpcwogICAgICAgICAgICB0aGUgc2FtZSBhcyA8dHQ+YiBh PC90dD4pLiBUaGUgbWVhbmluZyBvZiBzdWNoIGNvbXBvc2l0ZSByZXNwb25zZQogICAgICAgICAg ICB0eXBlcyBpcyBkZWZpbmVkIGJ5IHRoZWlyIHJlc3BlY3RpdmUgc3BlY2lmaWNhdGlvbnMuCiAg ICAgICAgICAKPC9wPgo8cD4KICAgICAgICAgICAgSWYgYW4gYXV0aG9yaXphdGlvbiByZXF1ZXN0 IGlzIG1pc3NpbmcgdGhlIDx0dD5yZXNwb25zZV90eXBlPC90dD4KICAgICAgICAgICAgcGFyYW1l dGVyLCBvciBpZiB0aGUgcmVzcG9uc2UgdHlwZSBpcyBub3QgdW5kZXJzdG9vZCwgdGhlIGF1dGhv cml6YXRpb24gc2VydmVyIE1VU1QKICAgICAgICAgICAgcmV0dXJuIGFuIGVycm9yIHJlc3BvbnNl IGFzIGRlc2NyaWJlZCBpbiA8YSBjbGFzcz0naW5mbycgaHJlZj0nI2NvZGUtYXV0aHotZXJyb3In PlNlY3Rpb24mbmJzcDs0LjEuMi4xPHNwYW4+ICg8L3NwYW4+PHNwYW4gY2xhc3M9J2luZm8nPkVy cm9yIFJlc3BvbnNlPC9zcGFuPjxzcGFuPik8L3NwYW4+PC9hPi4KICAgICAgICAgIAo8L3A+Cjxh IG5hbWU9InJlZGlyZWN0LXVyaSI+PC9hPjxiciAvPjxociAvPgo8dGFibGUgc3VtbWFyeT0ibGF5 b3V0IiBjZWxscGFkZGluZz0iMCIgY2VsbHNwYWNpbmc9IjIiIGNsYXNzPSJUT0NidWciIGFsaWdu PSJyaWdodCI+PHRyPjx0ZCBjbGFzcz0iVE9DYnVnIj48YSBocmVmPSIjdG9jIj4mbmJzcDtUT0Mm bmJzcDs8L2E+PC90ZD48L3RyPjwvdGFibGU+CjxhIG5hbWU9InJmYy5zZWN0aW9uLjMuMS4yIj48 L2E+PGgzPjMuMS4yLiZuYnNwOwpSZWRpcmVjdGlvbiBFbmRwb2ludDwvaDM+Cgo8cD4KICAgICAg ICAgICAgQWZ0ZXIgY29tcGxldGluZyBpdHMgaW50ZXJhY3Rpb24gd2l0aCB0aGUgcmVzb3VyY2Ug b3duZXIsIHRoZSBhdXRob3JpemF0aW9uIHNlcnZlcgogICAgICAgICAgICBkaXJlY3RzIHRoZSBy ZXNvdXJjZSBvd25lcidzIHVzZXItYWdlbnQgYmFjayB0byB0aGUgY2xpZW50LiBUaGUgYXV0aG9y aXphdGlvbiBzZXJ2ZXIKICAgICAgICAgICAgcmVkaXJlY3RzIHRoZSB1c2VyLWFnZW50IHRvIHRo ZSBjbGllbnQncyByZWRpcmVjdGlvbiBlbmRwb2ludCBwcmV2aW91c2x5IGVzdGFibGlzaGVkCiAg ICAgICAgICAgIHdpdGggdGhlIGF1dGhvcml6YXRpb24gc2VydmVyIGR1cmluZyB0aGUgY2xpZW50 IHJlZ2lzdHJhdGlvbiBwcm9jZXNzIG9yIHdoZW4gbWFraW5nCiAgICAgICAgICAgIHRoZSBhdXRo b3JpemF0aW9uIHJlcXVlc3QuCiAgICAgICAgICAKPC9wPgo8cD4KICAgICAgICAgICAgVGhlIHJl ZGlyZWN0aW9uIGVuZHBvaW50IFVSSSBNVVNUIGJlIGFuIGFic29sdXRlIFVSSSBhcyBkZWZpbmVk IGJ5CiAgICAgICAgICAgIDxhIGNsYXNzPSdpbmZvJyBocmVmPScjUkZDMzk4Nic+W1JGQzM5ODZd PHNwYW4+ICg8L3NwYW4+PHNwYW4gY2xhc3M9J2luZm8nPkJlcm5lcnMtTGVlLCBULiwgRmllbGRp bmcsIFIuLCBhbmQgTC4gTWFzaW50ZXIsICZsZHF1bztVbmlmb3JtIFJlc291cmNlIElkZW50aWZp ZXIgKFVSSSk6IEdlbmVyaWMgU3ludGF4LCZyZHF1bzsgSmFudWFyeSZuYnNwOzIwMDUuPC9zcGFu PjxzcGFuPik8L3NwYW4+PC9hPiBzZWN0aW9uIDQuMy4gVGhlIGVuZHBvaW50IFVSSSBNQVkgaW5j bHVkZSBhbgogICAgICAgICAgICA8dHQ+YXBwbGljYXRpb24veC13d3ctZm9ybS11cmxlbmNvZGVk PC90dD4gZm9ybWF0dGVkCiAgICAgICAgICAgICg8YSBjbGFzcz0naW5mbycgaHJlZj0nI1czQy5S RUMtaHRtbDQwMS0xOTk5MTIyNCc+W1czQy5SRUMmIzgyMDk7aHRtbDQwMSYjODIwOTsxOTk5MTIy NF08c3Bhbj4gKDwvc3Bhbj48c3BhbiBjbGFzcz0naW5mbyc+SG9ycywgQS4sIFJhZ2dldHQsIEQu LCBhbmQgSS4gSmFjb2JzLCAmbGRxdW87SFRNTCA0LjAxIFNwZWNpZmljYXRpb24sJnJkcXVvOyBE ZWNlbWJlciZuYnNwOzE5OTkuPC9zcGFuPjxzcGFuPik8L3NwYW4+PC9hPikgcXVlcnkgY29tcG9u ZW50ICg8YSBjbGFzcz0naW5mbycgaHJlZj0nI1JGQzM5ODYnPltSRkMzOTg2XTxzcGFuPiAoPC9z cGFuPjxzcGFuIGNsYXNzPSdpbmZvJz5CZXJuZXJzLUxlZSwgVC4sIEZpZWxkaW5nLCBSLiwgYW5k IEwuIE1hc2ludGVyLCAmbGRxdW87VW5pZm9ybSBSZXNvdXJjZSBJZGVudGlmaWVyIChVUkkpOiBH ZW5lcmljIFN5bnRheCwmcmRxdW87IEphbnVhcnkmbmJzcDsyMDA1Ljwvc3Bhbj48c3Bhbj4pPC9z cGFuPjwvYT4KICAgICAgICAgICAgc2VjdGlvbiAzLjQpLCB3aGljaCBNVVNUIGJlIHJldGFpbmVk IHdoZW4gYWRkaW5nIGFkZGl0aW9uYWwgcXVlcnkgcGFyYW1ldGVycy4gVGhlCiAgICAgICAgICAg IGVuZHBvaW50IFVSSSBNVVNUIE5PVCBpbmNsdWRlIGEgZnJhZ21lbnQgY29tcG9uZW50LgogICAg ICAgICAgCjwvcD4KPGEgbmFtZT0iYW5jaG9yMTkiPjwvYT48YnIgLz48aHIgLz4KPHRhYmxlIHN1 bW1hcnk9ImxheW91dCIgY2VsbHBhZGRpbmc9IjAiIGNlbGxzcGFjaW5nPSIyIiBjbGFzcz0iVE9D YnVnIiBhbGlnbj0icmlnaHQiPjx0cj48dGQgY2xhc3M9IlRPQ2J1ZyI+PGEgaHJlZj0iI3RvYyI+ Jm5ic3A7VE9DJm5ic3A7PC9hPjwvdGQ+PC90cj48L3RhYmxlPgo8YSBuYW1lPSJyZmMuc2VjdGlv bi4zLjEuMi4xIj48L2E+PGgzPjMuMS4yLjEuJm5ic3A7CkVuZHBvaW50IFJlcXVlc3QgQ29uZmlk ZW50aWFsaXR5PC9oMz4KCjxwPgogICAgICAgICAgICAgIFRoZSByZWRpcmVjdGlvbiBlbmRwb2lu dCBTSE9VTEQgcmVxdWlyZSB0aGUgdXNlIG9mIFRMUyBhcyBkZXNjcmliZWQgaW4KICAgICAgICAg ICAgICA8YSBjbGFzcz0naW5mbycgaHJlZj0nI3Rscyc+U2VjdGlvbiZuYnNwOzEuNjxzcGFuPiAo PC9zcGFuPjxzcGFuIGNsYXNzPSdpbmZvJz5UTFMgVmVyc2lvbjwvc3Bhbj48c3Bhbj4pPC9zcGFu PjwvYT4gd2hlbiB0aGUgcmVxdWVzdGVkIHJlc3BvbnNlIHR5cGUgaXMKICAgICAgICAgICAgICA8 dHQ+Y29kZTwvdHQ+IG9yIDx0dD50b2tlbjwvdHQ+LCBvcgogICAgICAgICAgICAgIHdoZW4gdGhl IHJlZGlyZWN0aW9uIHJlcXVlc3Qgd2lsbCByZXN1bHQgaW4gdGhlIHRyYW5zbWlzc2lvbiBvZiBz ZW5zaXRpdmUgY3JlZGVudGlhbHMKICAgICAgICAgICAgICBvdmVyIGFuIG9wZW4gbmV0d29yay4g VGhpcyBzcGVjaWZpY2F0aW9uIGRvZXMgbm90IG1hbmRhdGUgdGhlIHVzZSBvZiBUTFMgYmVjYXVz ZSBhdAogICAgICAgICAgICAgIHRoZSB0aW1lIG9mIHRoaXMgd3JpdGluZywgcmVxdWlyaW5nIGNs aWVudHMgdG8gZGVwbG95IFRMUyBpcyBhIHNpZ25pZmljYW50IGh1cmRsZSBmb3IKICAgICAgICAg ICAgICBtYW55IGNsaWVudCBkZXZlbG9wZXJzLiBJZiBUTFMgaXMgbm90IGF2YWlsYWJsZSwgdGhl IGF1dGhvcml6YXRpb24gc2VydmVyIFNIT1VMRCB3YXJuCiAgICAgICAgICAgICAgdGhlIHJlc291 cmNlIG93bmVyIGFib3V0IHRoZSBpbnNlY3VyZSBlbmRwb2ludCBwcmlvciB0byByZWRpcmVjdGlv biAoZS5nLiBkaXNwbGF5IGEKICAgICAgICAgICAgICBtZXNzYWdlIGR1cmluZyB0aGUgYXV0aG9y aXphdGlvbiByZXF1ZXN0KS4KICAgICAgICAgICAgCjwvcD4KPHA+CiAgICAgICAgICAgICAgTGFj ayBvZiB0cmFuc3BvcnQtbGF5ZXIgc2VjdXJpdHkgY2FuIGhhdmUgYSBzZXZlcmUgaW1wYWN0IG9u IHRoZSBzZWN1cml0eSBvZiB0aGUKICAgICAgICAgICAgICBjbGllbnQgYW5kIHRoZSBwcm90ZWN0 ZWQgcmVzb3VyY2VzIGl0IGlzIGF1dGhvcml6ZWQgdG8gYWNjZXNzLiBUaGUgdXNlIG9mCiAgICAg ICAgICAgICAgdHJhbnNwb3J0LWxheWVyIHNlY3VyaXR5IGlzIHBhcnRpY3VsYXJseSBjcml0aWNh bCB3aGVuIHRoZSBhdXRob3JpemF0aW9uIHByb2Nlc3MgaXMKICAgICAgICAgICAgICB1c2VkIGFz IGEgZm9ybSBvZiBkZWxlZ2F0ZWQgZW5kLXVzZXIgYXV0aGVudGljYXRpb24gYnkgdGhlIGNsaWVu dCAoZS5nLiB0aGlyZC1wYXJ0eQogICAgICAgICAgICAgIHNpZ24taW4gc2VydmljZSkuCiAgICAg ICAgICAgIAo8L3A+CjxhIG5hbWU9ImFuY2hvcjIwIj48L2E+PGJyIC8+PGhyIC8+Cjx0YWJsZSBz dW1tYXJ5PSJsYXlvdXQiIGNlbGxwYWRkaW5nPSIwIiBjZWxsc3BhY2luZz0iMiIgY2xhc3M9IlRP Q2J1ZyIgYWxpZ249InJpZ2h0Ij48dHI+PHRkIGNsYXNzPSJUT0NidWciPjxhIGhyZWY9IiN0b2Mi PiZuYnNwO1RPQyZuYnNwOzwvYT48L3RkPjwvdHI+PC90YWJsZT4KPGEgbmFtZT0icmZjLnNlY3Rp b24uMy4xLjIuMiI+PC9hPjxoMz4zLjEuMi4yLiZuYnNwOwpSZWdpc3RyYXRpb24gUmVxdWlyZW1l bnRzPC9oMz4KCjxwPgogICAgICAgICAgICAgIFRoZSBhdXRob3JpemF0aW9uIHNlcnZlciBNVVNU IHJlcXVpcmUgdGhlIGZvbGxvd2luZyBjbGllbnRzIHRvIHJlZ2lzdGVyIHRoZWlyCiAgICAgICAg ICAgICAgcmVkaXJlY3Rpb24gZW5kcG9pbnQ6CiAgICAgICAgICAgIAo8L3A+CjxwPgogICAgICAg ICAgICAgIDwvcD4KPHVsIGNsYXNzPSJ0ZXh0Ij4KPGxpPgogICAgICAgICAgICAgICAgICBQdWJs aWMgY2xpZW50cy4KICAgICAgICAgICAgICAgIAo8L2xpPgo8bGk+CiAgICAgICAgICAgICAgICAg IENvbmZpZGVudGlhbCBjbGllbnRzIHV0aWxpemluZyB0aGUgaW1wbGljaXQgZ3JhbnQgdHlwZS4K ICAgICAgICAgICAgICAgIAo8L2xpPgo8L3VsPjxwPgogICAgICAgICAgICAKPC9wPgo8cD4KICAg ICAgICAgICAgICBUaGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgU0hPVUxEIHJlcXVpcmUgYWxsIGNs aWVudHMgdG8gcmVnaXN0ZXIgdGhlaXIgcmVkaXJlY3Rpb24KICAgICAgICAgICAgICBlbmRwb2lu dCBwcmlvciB0byB1dGlsaXppbmcgdGhlIGF1dGhvcml6YXRpb24gZW5kcG9pbnQuCiAgICAgICAg ICAgIAo8L3A+CjxwPgogICAgICAgICAgICAgIFRoZSBhdXRob3JpemF0aW9uIHNlcnZlciBTSE9V TEQgcmVxdWlyZSB0aGUgY2xpZW50IHRvIHByb3ZpZGUgdGhlIGNvbXBsZXRlCiAgICAgICAgICAg ICAgcmVkaXJlY3Rpb24gVVJJICh0aGUgY2xpZW50IE1BWSB1c2UgdGhlIDx0dD5zdGF0ZTwvdHQ+ IHJlcXVlc3QKICAgICAgICAgICAgICBwYXJhbWV0ZXIgdG8gYWNoaWV2ZSBwZXItcmVxdWVzdCBj dXN0b21pemF0aW9uKS4gSWYgcmVxdWlyaW5nIHRoZSByZWdpc3RyYXRpb24gb2YKICAgICAgICAg ICAgICB0aGUgY29tcGxldGUgcmVkaXJlY3Rpb24gVVJJIGlzIG5vdCBwb3NzaWJsZSwgdGhlIGF1 dGhvcml6YXRpb24gc2VydmVyIFNIT1VMRCByZXF1aXJlCiAgICAgICAgICAgICAgdGhlIHJlZ2lz dHJhdGlvbiBvZiB0aGUgVVJJIHNjaGVtZSwgYXV0aG9yaXR5LCBhbmQgcGF0aCAoYWxsb3dpbmcg dGhlIGNsaWVudCB0bwogICAgICAgICAgICAgIGR5bmFtaWNhbGx5IHZhcnkgb25seSB0aGUgcXVl cnkgY29tcG9uZW50IG9mIHRoZSByZWRpcmVjdGlvbiBVUkkgd2hlbiByZXF1ZXN0aW5nCiAgICAg ICAgICAgICAgYXV0aG9yaXphdGlvbikuCiAgICAgICAgICAgIAo8L3A+CjxwPgogICAgICAgICAg ICAgIFRoZSBhdXRob3JpemF0aW9uIHNlcnZlciBNQVkgYWxsb3cgdGhlIGNsaWVudCB0byByZWdp c3RlciBtdWx0aXBsZSByZWRpcmVjdGlvbgogICAgICAgICAgICAgIGVuZHBvaW50cy4KICAgICAg ICAgICAgCjwvcD4KPHA+CiAgICAgICAgICAgICAgTGFjayBvZiBhIHJlZGlyZWN0aW9uIFVSSSBy ZWdpc3RyYXRpb24gcmVxdWlyZW1lbnQgY2FuIGVuYWJsZSBhbiBhdHRhY2tlciB0byB1c2UKICAg ICAgICAgICAgICB0aGUgYXV0aG9yaXphdGlvbiBlbmRwb2ludCBhcyBvcGVuIHJlZGlyZWN0b3Ig YXMgZGVzY3JpYmVkIGluCiAgICAgICAgICAgICAgPGEgY2xhc3M9J2luZm8nIGhyZWY9JyNvcGVu LXJlZGlyZWN0Jz5TZWN0aW9uJm5ic3A7MTAuMTU8c3Bhbj4gKDwvc3Bhbj48c3BhbiBjbGFzcz0n aW5mbyc+T3BlbiBSZWRpcmVjdG9yczwvc3Bhbj48c3Bhbj4pPC9zcGFuPjwvYT4uCiAgICAgICAg ICAgIAo8L3A+CjxhIG5hbWU9ImFuY2hvcjIxIj48L2E+PGJyIC8+PGhyIC8+Cjx0YWJsZSBzdW1t YXJ5PSJsYXlvdXQiIGNlbGxwYWRkaW5nPSIwIiBjZWxsc3BhY2luZz0iMiIgY2xhc3M9IlRPQ2J1 ZyIgYWxpZ249InJpZ2h0Ij48dHI+PHRkIGNsYXNzPSJUT0NidWciPjxhIGhyZWY9IiN0b2MiPiZu YnNwO1RPQyZuYnNwOzwvYT48L3RkPjwvdHI+PC90YWJsZT4KPGEgbmFtZT0icmZjLnNlY3Rpb24u My4xLjIuMyI+PC9hPjxoMz4zLjEuMi4zLiZuYnNwOwpEeW5hbWljIENvbmZpZ3VyYXRpb248L2gz PgoKPHA+CiAgICAgICAgICAgICAgSWYgbXVsdGlwbGUgcmVkaXJlY3Rpb24gVVJJcyBoYXZlIGJl ZW4gcmVnaXN0ZXJlZCwgaWYgb25seSBwYXJ0IG9mIHRoZSByZWRpcmVjdGlvbgogICAgICAgICAg ICAgIFVSSSBoYXMgYmVlbiByZWdpc3RlcmVkLCBvciBpZiBubyByZWRpcmVjdGlvbiBVUkkgaGFz IGJlZW4gcmVnaXN0ZXJlZCwgdGhlIGNsaWVudAogICAgICAgICAgICAgIE1VU1QgaW5jbHVkZSBh IHJlZGlyZWN0aW9uIFVSSSB3aXRoIHRoZSBhdXRob3JpemF0aW9uIHJlcXVlc3QgdXNpbmcgdGhl CiAgICAgICAgICAgICAgPHR0PnJlZGlyZWN0X3VyaTwvdHQ+IHJlcXVlc3QgcGFyYW1ldGVyLgog ICAgICAgICAgICAKPC9wPgo8cD4KICAgICAgICAgICAgICBXaGVuIGEgcmVkaXJlY3Rpb24gVVJJ IGlzIGluY2x1ZGVkIGluIGFuIGF1dGhvcml6YXRpb24gcmVxdWVzdCwgdGhlIGF1dGhvcml6YXRp b24KICAgICAgICAgICAgICBzZXJ2ZXIgTVVTVCBjb21wYXJlIGFuZCBtYXRjaCB0aGUgdmFsdWUg cmVjZWl2ZWQgYWdhaW5zdCBhdCBsZWFzdCBvbmUgb2YgdGhlCiAgICAgICAgICAgICAgcmVnaXN0 ZXJlZCByZWRpcmVjdGlvbiBVUklzIChvciBVUkkgY29tcG9uZW50cykgYXMgZGVmaW5lZCBpbgog ICAgICAgICAgICAgIDxhIGNsYXNzPSdpbmZvJyBocmVmPScjUkZDMzk4Nic+W1JGQzM5ODZdPHNw YW4+ICg8L3NwYW4+PHNwYW4gY2xhc3M9J2luZm8nPkJlcm5lcnMtTGVlLCBULiwgRmllbGRpbmcs IFIuLCBhbmQgTC4gTWFzaW50ZXIsICZsZHF1bztVbmlmb3JtIFJlc291cmNlIElkZW50aWZpZXIg KFVSSSk6IEdlbmVyaWMgU3ludGF4LCZyZHF1bzsgSmFudWFyeSZuYnNwOzIwMDUuPC9zcGFuPjxz cGFuPik8L3NwYW4+PC9hPiBzZWN0aW9uIDYsIGlmIGFueSByZWRpcmVjdGlvbiBVUklzIHdlcmUg cmVnaXN0ZXJlZC4KICAgICAgICAgICAgICBJZiB0aGUgY2xpZW50IHJlZ2lzdHJhdGlvbiBpbmNs dWRlZCB0aGUgZnVsbCByZWRpcmVjdGlvbiBVUkksIHRoZSBhdXRob3JpemF0aW9uCiAgICAgICAg ICAgICAgc2VydmVyIE1VU1QgY29tcGFyZSB0aGUgdHdvIFVSSXMgdXNpbmcgc2ltcGxlIHN0cmlu ZyBjb21wYXJpc29uIGFzIGRlZmluZWQKICAgICAgICAgICAgICBpbiA8YSBjbGFzcz0naW5mbycg aHJlZj0nI1JGQzM5ODYnPltSRkMzOTg2XTxzcGFuPiAoPC9zcGFuPjxzcGFuIGNsYXNzPSdpbmZv Jz5CZXJuZXJzLUxlZSwgVC4sIEZpZWxkaW5nLCBSLiwgYW5kIEwuIE1hc2ludGVyLCAmbGRxdW87 VW5pZm9ybSBSZXNvdXJjZSBJZGVudGlmaWVyIChVUkkpOiBHZW5lcmljIFN5bnRheCwmcmRxdW87 IEphbnVhcnkmbmJzcDsyMDA1Ljwvc3Bhbj48c3Bhbj4pPC9zcGFuPjwvYT4gc2VjdGlvbiA2LjIu MS4KICAgICAgICAgICAgCjwvcD4KPGEgbmFtZT0iYW5jaG9yMjIiPjwvYT48YnIgLz48aHIgLz4K PHRhYmxlIHN1bW1hcnk9ImxheW91dCIgY2VsbHBhZGRpbmc9IjAiIGNlbGxzcGFjaW5nPSIyIiBj bGFzcz0iVE9DYnVnIiBhbGlnbj0icmlnaHQiPjx0cj48dGQgY2xhc3M9IlRPQ2J1ZyI+PGEgaHJl Zj0iI3RvYyI+Jm5ic3A7VE9DJm5ic3A7PC9hPjwvdGQ+PC90cj48L3RhYmxlPgo8YSBuYW1lPSJy ZmMuc2VjdGlvbi4zLjEuMi40Ij48L2E+PGgzPjMuMS4yLjQuJm5ic3A7CkludmFsaWQgRW5kcG9p bnQ8L2gzPgoKPHA+CiAgICAgICAgICAgICAgSWYgYW4gYXV0aG9yaXphdGlvbiByZXF1ZXN0IGZh aWxzIHZhbGlkYXRpb24gZHVlIHRvIGEgbWlzc2luZywgaW52YWxpZCwgb3IKICAgICAgICAgICAg ICBtaXNtYXRjaGluZyByZWRpcmVjdGlvbiBVUkksIHRoZSBhdXRob3JpemF0aW9uIHNlcnZlciBT SE9VTEQgaW5mb3JtIHRoZSByZXNvdXJjZQogICAgICAgICAgICAgIG93bmVyIG9mIHRoZSBlcnJv ciwgYW5kIE1VU1QgTk9UIGF1dG9tYXRpY2FsbHkgcmVkaXJlY3QgdGhlIHVzZXItYWdlbnQgdG8g dGhlIGludmFsaWQKICAgICAgICAgICAgICByZWRpcmVjdGlvbiBVUkkuCiAgICAgICAgICAgIAo8 L3A+CjxhIG5hbWU9ImFuY2hvcjIzIj48L2E+PGJyIC8+PGhyIC8+Cjx0YWJsZSBzdW1tYXJ5PSJs YXlvdXQiIGNlbGxwYWRkaW5nPSIwIiBjZWxsc3BhY2luZz0iMiIgY2xhc3M9IlRPQ2J1ZyIgYWxp Z249InJpZ2h0Ij48dHI+PHRkIGNsYXNzPSJUT0NidWciPjxhIGhyZWY9IiN0b2MiPiZuYnNwO1RP QyZuYnNwOzwvYT48L3RkPjwvdHI+PC90YWJsZT4KPGEgbmFtZT0icmZjLnNlY3Rpb24uMy4xLjIu NSI+PC9hPjxoMz4zLjEuMi41LiZuYnNwOwpFbmRwb2ludCBDb250ZW50PC9oMz4KCjxwPgogICAg ICAgICAgICAgIFRoZSByZWRpcmVjdGlvbiByZXF1ZXN0IHRvIHRoZSBjbGllbnQncyBlbmRwb2lu dCB0eXBpY2FsbHkgcmVzdWx0cyBpbiBhbiBIVE1MCiAgICAgICAgICAgICAgZG9jdW1lbnQgcmVz cG9uc2UsIHByb2Nlc3NlZCBieSB0aGUgdXNlci1hZ2VudC4gSWYgdGhlIEhUTUwgcmVzcG9uc2Ug aXMgc2VydmVkCiAgICAgICAgICAgICAgZGlyZWN0bHkgYXMgdGhlIHJlc3VsdCBvZiB0aGUgcmVk aXJlY3Rpb24gcmVxdWVzdCwgYW55IHNjcmlwdCBpbmNsdWRlZCBpbiB0aGUgSFRNTAogICAgICAg ICAgICAgIGRvY3VtZW50IHdpbGwgZXhlY3V0ZSB3aXRoIGZ1bGwgYWNjZXNzIHRvIHRoZSByZWRp cmVjdGlvbiBVUkkgYW5kIHRoZSBjcmVkZW50aWFscyBpdAogICAgICAgICAgICAgIGNvbnRhaW5z LgogICAgICAgICAgICAKPC9wPgo8cD4KICAgICAgICAgICAgICBUaGUgY2xpZW50IFNIT1VMRCBO T1QgaW5jbHVkZSBhbnkgdGhpcmQtcGFydHkgc2NyaXB0cyAoZS5nLiB0aGlyZC1wYXJ0eSBhbmFs eXRpY3MsCiAgICAgICAgICAgICAgc29jaWFsIHBsdWctaW5zLCBhZCBuZXR3b3JrcykgaW4gdGhl IHJlZGlyZWN0aW9uIGVuZHBvaW50IHJlc3BvbnNlLiBJbnN0ZWFkLCBpdAogICAgICAgICAgICAg IFNIT1VMRCBleHRyYWN0IHRoZSBjcmVkZW50aWFscyBmcm9tIHRoZSBVUkkgYW5kIHJlZGlyZWN0 IHRoZSB1c2VyLWFnZW50IGFnYWluIHRvCiAgICAgICAgICAgICAgYW5vdGhlciBlbmRwb2ludCB3 aXRob3V0IGV4cG9zaW5nIHRoZSBjcmVkZW50aWFscyAoaW4gdGhlIFVSSSBvciBlbHNld2hlcmUp LiBJZgogICAgICAgICAgICAgIHRoaXJkLXBhcnR5IHNjcmlwdHMgYXJlIGluY2x1ZGVkLCB0aGUg Y2xpZW50IE1VU1QgZW5zdXJlIHRoYXQgaXRzIG93biBzY3JpcHRzCiAgICAgICAgICAgICAgKHVz ZWQgdG8gZXh0cmFjdCBhbmQgcmVtb3ZlIHRoZSBjcmVkZW50aWFscyBmcm9tIHRoZSBVUkkpIHdp bGwgZXhlY3V0ZSBmaXJzdC4KICAgICAgICAgICAgCjwvcD4KPGEgbmFtZT0iYW5jaG9yMjQiPjwv YT48YnIgLz48aHIgLz4KPHRhYmxlIHN1bW1hcnk9ImxheW91dCIgY2VsbHBhZGRpbmc9IjAiIGNl bGxzcGFjaW5nPSIyIiBjbGFzcz0iVE9DYnVnIiBhbGlnbj0icmlnaHQiPjx0cj48dGQgY2xhc3M9 IlRPQ2J1ZyI+PGEgaHJlZj0iI3RvYyI+Jm5ic3A7VE9DJm5ic3A7PC9hPjwvdGQ+PC90cj48L3Rh YmxlPgo8YSBuYW1lPSJyZmMuc2VjdGlvbi4zLjIiPjwvYT48aDM+My4yLiZuYnNwOwpUb2tlbiBF bmRwb2ludDwvaDM+Cgo8cD4KICAgICAgICAgIFRoZSB0b2tlbiBlbmRwb2ludCBpcyB1c2VkIGJ5 IHRoZSBjbGllbnQgdG8gb2J0YWluIGFuIGFjY2VzcyB0b2tlbiBieSBwcmVzZW50aW5nIGl0cwog ICAgICAgICAgYXV0aG9yaXphdGlvbiBncmFudCBvciByZWZyZXNoIHRva2VuLiBUaGUgdG9rZW4g ZW5kcG9pbnQgaXMgdXNlZCB3aXRoIGV2ZXJ5IGF1dGhvcml6YXRpb24KICAgICAgICAgIGdyYW50 IGV4Y2VwdCBmb3IgdGhlIGltcGxpY2l0IGdyYW50IHR5cGUgKHNpbmNlIGFuIGFjY2VzcyB0b2tl biBpcyBpc3N1ZWQgZGlyZWN0bHkpLgogICAgICAgIAo8L3A+CjxwPgogICAgICAgICAgVGhlIG1l YW5zIHRocm91Z2ggd2hpY2ggdGhlIGNsaWVudCBvYnRhaW5zIHRoZSBsb2NhdGlvbiBvZiB0aGUg dG9rZW4gZW5kcG9pbnQgYXJlCiAgICAgICAgICBiZXlvbmQgdGhlIHNjb3BlIG9mIHRoaXMgc3Bl Y2lmaWNhdGlvbiBidXQgaXMgdHlwaWNhbGx5IHByb3ZpZGVkIGluIHRoZSBzZXJ2aWNlCiAgICAg ICAgICBkb2N1bWVudGF0aW9uLgogICAgICAgIAo8L3A+CjxwPgogICAgICAgICAgVGhlIGVuZHBv aW50IFVSSSBNQVkgaW5jbHVkZSBhbgogICAgICAgICAgPHR0PmFwcGxpY2F0aW9uL3gtd3d3LWZv cm0tdXJsZW5jb2RlZDwvdHQ+IGZvcm1hdHRlZAogICAgICAgICAgKDxhIGNsYXNzPSdpbmZvJyBo cmVmPScjVzNDLlJFQy1odG1sNDAxLTE5OTkxMjI0Jz5bVzNDLlJFQyYjODIwOTtodG1sNDAxJiM4 MjA5OzE5OTkxMjI0XTxzcGFuPiAoPC9zcGFuPjxzcGFuIGNsYXNzPSdpbmZvJz5Ib3JzLCBBLiwg UmFnZ2V0dCwgRC4sIGFuZCBJLiBKYWNvYnMsICZsZHF1bztIVE1MIDQuMDEgU3BlY2lmaWNhdGlv biwmcmRxdW87IERlY2VtYmVyJm5ic3A7MTk5OS48L3NwYW4+PHNwYW4+KTwvc3Bhbj48L2E+KSBx dWVyeSBjb21wb25lbnQgKDxhIGNsYXNzPSdpbmZvJyBocmVmPScjUkZDMzk4Nic+W1JGQzM5ODZd PHNwYW4+ICg8L3NwYW4+PHNwYW4gY2xhc3M9J2luZm8nPkJlcm5lcnMtTGVlLCBULiwgRmllbGRp bmcsIFIuLCBhbmQgTC4gTWFzaW50ZXIsICZsZHF1bztVbmlmb3JtIFJlc291cmNlIElkZW50aWZp ZXIgKFVSSSk6IEdlbmVyaWMgU3ludGF4LCZyZHF1bzsgSmFudWFyeSZuYnNwOzIwMDUuPC9zcGFu PjxzcGFuPik8L3NwYW4+PC9hPgogICAgICAgICAgc2VjdGlvbiAzLjQpLCB3aGljaCBNVVNUIGJl IHJldGFpbmVkIHdoZW4gYWRkaW5nIGFkZGl0aW9uYWwgcXVlcnkgcGFyYW1ldGVycy4gVGhlCiAg ICAgICAgICBlbmRwb2ludCBVUkkgTVVTVCBOT1QgaW5jbHVkZSBhIGZyYWdtZW50IGNvbXBvbmVu dC4KICAgICAgICAKPC9wPgo8cD4KICAgICAgICAgIFNpbmNlIHJlcXVlc3RzIHRvIHRoZSB0b2tl biBlbmRwb2ludCByZXN1bHQgaW4gdGhlIHRyYW5zbWlzc2lvbiBvZiBjbGVhci10ZXh0IGNyZWRl bnRpYWxzCiAgICAgICAgICAoaW4gdGhlIEhUVFAgcmVxdWVzdCBhbmQgcmVzcG9uc2UpLCB0aGUg YXV0aG9yaXphdGlvbiBzZXJ2ZXIgTVVTVCByZXF1aXJlIHRoZSB1c2Ugb2YgVExTCiAgICAgICAg ICBhcyBkZXNjcmliZWQgaW4gPGEgY2xhc3M9J2luZm8nIGhyZWY9JyN0bHMnPlNlY3Rpb24mbmJz cDsxLjY8c3Bhbj4gKDwvc3Bhbj48c3BhbiBjbGFzcz0naW5mbyc+VExTIFZlcnNpb248L3NwYW4+ PHNwYW4+KTwvc3Bhbj48L2E+IHdoZW4gc2VuZGluZyByZXF1ZXN0cyB0byB0aGUgdG9rZW4gZW5k cG9pbnQuCiAgICAgICAgCjwvcD4KPHA+CiAgICAgICAgICBUaGUgY2xpZW50IE1VU1QgdXNlIHRo ZSBIVFRQIDx0dD5QT1NUPC90dD4gbWV0aG9kIHdoZW4gbWFraW5nIGFjY2VzcwogICAgICAgICAg dG9rZW4gcmVxdWVzdHMuCiAgICAgICAgCjwvcD4KPHA+CiAgICAgICAgICBQYXJhbWV0ZXJzIHNl bnQgd2l0aG91dCBhIHZhbHVlIE1VU1QgYmUgdHJlYXRlZCBhcyBpZiB0aGV5IHdlcmUgb21pdHRl ZCBmcm9tIHRoZSByZXF1ZXN0LgogICAgICAgICAgVGhlIGF1dGhvcml6YXRpb24gc2VydmVyIE1V U1QgaWdub3JlIHVucmVjb2duaXplZCByZXF1ZXN0IHBhcmFtZXRlcnMuIFJlcXVlc3QgYW5kCiAg ICAgICAgICByZXNwb25zZSBwYXJhbWV0ZXJzIE1VU1QgTk9UIGJlIGluY2x1ZGVkIG1vcmUgdGhh biBvbmNlLgogICAgICAgIAo8L3A+CjxhIG5hbWU9InRva2VuLWVuZHBvaW50LWF1dGgiPjwvYT48 YnIgLz48aHIgLz4KPHRhYmxlIHN1bW1hcnk9ImxheW91dCIgY2VsbHBhZGRpbmc9IjAiIGNlbGxz cGFjaW5nPSIyIiBjbGFzcz0iVE9DYnVnIiBhbGlnbj0icmlnaHQiPjx0cj48dGQgY2xhc3M9IlRP Q2J1ZyI+PGEgaHJlZj0iI3RvYyI+Jm5ic3A7VE9DJm5ic3A7PC9hPjwvdGQ+PC90cj48L3RhYmxl Pgo8YSBuYW1lPSJyZmMuc2VjdGlvbi4zLjIuMSI+PC9hPjxoMz4zLjIuMS4mbmJzcDsKQ2xpZW50 IEF1dGhlbnRpY2F0aW9uPC9oMz4KCjxwPgogICAgICAgICAgICBDb25maWRlbnRpYWwgY2xpZW50 cyBvciBvdGhlciBjbGllbnRzIGlzc3VlZCBjbGllbnQgY3JlZGVudGlhbHMgTVVTVCBhdXRoZW50 aWNhdGUgd2l0aAogICAgICAgICAgICB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgYXMgZGVzY3Jp YmVkIGluIDxhIGNsYXNzPSdpbmZvJyBocmVmPScjY2xpZW50LWF1dGhlbnRpY2F0aW9uJz5TZWN0 aW9uJm5ic3A7Mi4zPHNwYW4+ICg8L3NwYW4+PHNwYW4gY2xhc3M9J2luZm8nPkNsaWVudCBBdXRo ZW50aWNhdGlvbjwvc3Bhbj48c3Bhbj4pPC9zcGFuPjwvYT4gd2hlbgogICAgICAgICAgICBtYWtp bmcgcmVxdWVzdHMgdG8gdGhlIHRva2VuIGVuZHBvaW50LiBDbGllbnQgYXV0aGVudGljYXRpb24g aXMgdXNlZCBmb3I6CiAgICAgICAgICAKPC9wPgo8cD4KICAgICAgICAgICAgPC9wPgo8dWwgY2xh c3M9InRleHQiPgo8bGk+CiAgICAgICAgICAgICAgICBFbmZvcmNpbmcgdGhlIGJpbmRpbmcgb2Yg cmVmcmVzaCB0b2tlbnMgYW5kIGF1dGhvcml6YXRpb24gY29kZXMgdG8gdGhlIGNsaWVudCB0aGV5 CiAgICAgICAgICAgICAgICB3ZXJlIGlzc3VlZCB0by4gQ2xpZW50IGF1dGhlbnRpY2F0aW9uIGlz IGNyaXRpY2FsIHdoZW4gYW4gYXV0aG9yaXphdGlvbiBjb2RlIGlzCiAgICAgICAgICAgICAgICB0 cmFuc21pdHRlZCB0byB0aGUgcmVkaXJlY3Rpb24gZW5kcG9pbnQgb3ZlciBhbiBpbnNlY3VyZSBj aGFubmVsLCBvciB3aGVuIHRoZQogICAgICAgICAgICAgICAgcmVkaXJlY3Rpb24gVVJJIGhhcyBu b3QgYmVlbiByZWdpc3RlcmVkIGluIGZ1bGwuCiAgICAgICAgICAgICAgCjwvbGk+CjxsaT4KICAg ICAgICAgICAgICAgIFJlY292ZXJpbmcgZnJvbSBhIGNvbXByb21pc2VkIGNsaWVudCBieSBkaXNh YmxpbmcgdGhlIGNsaWVudCBvciBjaGFuZ2luZyBpdHMKICAgICAgICAgICAgICAgIGNyZWRlbnRp YWxzLCB0aHVzIHByZXZlbnRpbmcgYW4gYXR0YWNrZXIgZnJvbSBhYnVzaW5nIHN0b2xlbiByZWZy ZXNoIHRva2Vucy4gQ2hhbmdpbmcKICAgICAgICAgICAgICAgIGEgc2luZ2xlIHNldCBvZiBjbGll bnQgY3JlZGVudGlhbHMgaXMgc2lnbmlmaWNhbnRseSBmYXN0ZXIgdGhhbiByZXZva2luZyBhbiBl bnRpcmUKICAgICAgICAgICAgICAgIHNldCBvZiByZWZyZXNoIHRva2Vucy4KICAgICAgICAgICAg ICAKPC9saT4KPGxpPgogICAgICAgICAgICAgICAgSW1wbGVtZW50aW5nIGF1dGhlbnRpY2F0aW9u IG1hbmFnZW1lbnQgYmVzdCBwcmFjdGljZXMgd2hpY2ggcmVxdWlyZSBwZXJpb2RpYwogICAgICAg ICAgICAgICAgY3JlZGVudGlhbCByb3RhdGlvbi4gUm90YXRpb24gb2YgYW4gZW50aXJlIHNldCBv ZiByZWZyZXNoIHRva2VucyBjYW4gYmUKICAgICAgICAgICAgICAgIGNoYWxsZW5naW5nLCB3aGls ZSByb3RhdGlvbiBvZiBhIHNpbmdsZSBzZXQgb2YgY2xpZW50IGNyZWRlbnRpYWxzIGlzIHNpZ25p ZmljYW50bHkKICAgICAgICAgICAgICAgIGVhc2llci4KICAgICAgICAgICAgICAKPC9saT4KPC91 bD48cD4KICAgICAgICAgIAo8L3A+CjxwPgoJICAgIEEgcHVibGljIGNsaWVudCB0aGF0IHdhcyBu b3QgaXNzdWVkIGEgY2xpZW50IHBhc3N3b3JkIE1VU1QgdXNlIHRoZQoJICAgIDx0dD5jbGllbnRf aWQ8L3R0PiByZXF1ZXN0IHBhcmFtZXRlciB0byBpZGVudGlmeSBpdHNlbGYgd2hlbiBzZW5kaW5n CgkgICAgcmVxdWVzdHMgdG8gdGhlIHRva2VuIGVuZHBvaW50LiAgVGhpcyBhbGxvd3MgdGhlIGF1 dGhvcml6YXRpb24gc2VydmVyIAoJICAgIHRvIGVuc3VyZSB0aGF0IHRoZSBjb2RlIHdhcyBpc3N1 ZWQgdG8gdGhlIHNhbWUgY2xpZW50LiAgCgkgICAgU2VuZGluZyA8dHQ+Y2xpZW50X2lkPC90dD4g cHJldmVudHMgdGhlIGNsaWVudCBmcm9tCgkgICAgaW5hZHZlcnRlbnRseSBhY2NlcHRpbmcgYSBj b2RlIGludGVuZGVkIGZvciBhIGNsaWVudCB3aXRoIGEgZGlmZmVyZW50CgkgICAgPHR0PmNsaWVu dF9pZDwvdHQ+LiAgVGhpcyBwcm90ZWN0cyB0aGUgY2xpZW50IGZyb20gc3Vic3RpdHV0aW9uIG9m IHRoZQoJICAgIGF1dGhlbnRpY2F0aW9uIGNvZGUuICAoSXQgcHJvdmlkZXMgbm8gYWRkaXRpb25h bCBzZWN1cml0eSBmb3IgdGhlCgkgICAgcHJvdGVjdGVkIHJlc291cmNlLikKCSAgCjwvcD4KPGEg bmFtZT0ic2NvcGUiPjwvYT48YnIgLz48aHIgLz4KPHRhYmxlIHN1bW1hcnk9ImxheW91dCIgY2Vs bHBhZGRpbmc9IjAiIGNlbGxzcGFjaW5nPSIyIiBjbGFzcz0iVE9DYnVnIiBhbGlnbj0icmlnaHQi Pjx0cj48dGQgY2xhc3M9IlRPQ2J1ZyI+PGEgaHJlZj0iI3RvYyI+Jm5ic3A7VE9DJm5ic3A7PC9h PjwvdGQ+PC90cj48L3RhYmxlPgo8YSBuYW1lPSJyZmMuc2VjdGlvbi4zLjMiPjwvYT48aDM+My4z LiZuYnNwOwpBY2Nlc3MgVG9rZW4gU2NvcGU8L2gzPgoKPHA+CiAgICAgICAgICBUaGUgYXV0aG9y aXphdGlvbiBhbmQgdG9rZW4gZW5kcG9pbnRzIGFsbG93IHRoZSBjbGllbnQgdG8gc3BlY2lmeSB0 aGUgc2NvcGUgb2YgdGhlIGFjY2VzcwogICAgICAgICAgcmVxdWVzdCB1c2luZyB0aGUgPHR0PnNj b3BlPC90dD4gcmVxdWVzdCBwYXJhbWV0ZXIuIEluIHR1cm4sIHRoZQogICAgICAgICAgYXV0aG9y aXphdGlvbiBzZXJ2ZXIgdXNlcyB0aGUgPHR0PnNjb3BlPC90dD4gcmVzcG9uc2UgcGFyYW1ldGVy IHRvCiAgICAgICAgICBpbmZvcm0gdGhlIGNsaWVudCBvZiB0aGUgc2NvcGUgb2YgdGhlIGFjY2Vz cyB0b2tlbiBpc3N1ZWQuCiAgICAgICAgCjwvcD4KPHA+CiAgICAgICAgICBUaGUgdmFsdWUgb2Yg dGhlIHNjb3BlIHBhcmFtZXRlciBpcyBleHByZXNzZWQgYXMgYSBsaXN0IG9mIHNwYWNlLWRlbGlt aXRlZCwgY2FzZQogICAgICAgICAgc2Vuc2l0aXZlIHN0cmluZ3MuIFRoZSBzdHJpbmdzIGFyZSBk ZWZpbmVkIGJ5IHRoZSBhdXRob3JpemF0aW9uIHNlcnZlci4gSWYgdGhlIHZhbHVlCiAgICAgICAg ICBjb250YWlucyBtdWx0aXBsZSBzcGFjZS1kZWxpbWl0ZWQgc3RyaW5ncywgdGhlaXIgb3JkZXIg ZG9lcyBub3QgbWF0dGVyLCBhbmQgZWFjaCBzdHJpbmcKICAgICAgICAgIGFkZHMgYW4gYWRkaXRp b25hbCBhY2Nlc3MgcmFuZ2UgdG8gdGhlIHJlcXVlc3RlZCBzY29wZS4KICAgICAgICAKPC9wPjxk aXYgc3R5bGU9J2Rpc3BsYXk6IHRhYmxlOyB3aWR0aDogMDsgbWFyZ2luLWxlZnQ6IDNlbTsgbWFy Z2luLXJpZ2h0OiBhdXRvJz48cHJlPgogIHNjb3BlICAgICAgID0gc2NvcGUtdG9rZW4gKiggU1Ag c2NvcGUtdG9rZW4gKQogIHNjb3BlLXRva2VuID0gMSooICV4MjEgLyAleDIzLTVCIC8gJXg1RC03 RSApCjwvcHJlPjwvZGl2Pgo8cD4KICAgICAgICAgIFRoZSBhdXRob3JpemF0aW9uIHNlcnZlciBN QVkgZnVsbHkgb3IgcGFydGlhbGx5IGlnbm9yZSB0aGUgc2NvcGUgcmVxdWVzdGVkIGJ5IHRoZSBj bGllbnQKICAgICAgICAgIGJhc2VkIG9uIHRoZSBhdXRob3JpemF0aW9uIHNlcnZlciBwb2xpY3kg b3IgdGhlIHJlc291cmNlIG93bmVyJ3MgaW5zdHJ1Y3Rpb25zLiBJZiB0aGUKICAgICAgICAgIGlz c3VlZCBhY2Nlc3MgdG9rZW4gc2NvcGUgaXMgZGlmZmVyZW50IGZyb20gdGhlIG9uZSByZXF1ZXN0 ZWQgYnkgdGhlIGNsaWVudCwgdGhlCiAgICAgICAgICBhdXRob3JpemF0aW9uIHNlcnZlciBNVVNU IGluY2x1ZGUgdGhlIDx0dD5zY29wZTwvdHQ+IHJlc3BvbnNlCiAgICAgICAgICBwYXJhbWV0ZXIg dG8gaW5mb3JtIHRoZSBjbGllbnQgb2YgdGhlIGFjdHVhbCBzY29wZSBncmFudGVkLgogICAgICAg IAo8L3A+CjxwPgogICAgICAgICAgSWYgdGhlIGNsaWVudCBvbWl0cyB0aGUgc2NvcGUgcGFyYW1l dGVyIHdoZW4gcmVxdWVzdGluZyBhdXRob3JpemF0aW9uLCB0aGUgYXV0aG9yaXphdGlvbgogICAg ICAgICAgc2VydmVyIE1VU1QgZWl0aGVyIHByb2Nlc3MgdGhlIHJlcXVlc3QgdXNpbmcgYSBwcmUt ZGVmaW5lZCBkZWZhdWx0IHZhbHVlLCBvciBmYWlsIHRoZQogICAgICAgICAgcmVxdWVzdCBpbmRp Y2F0aW5nIGFuIGludmFsaWQgc2NvcGUuIFRoZSBhdXRob3JpemF0aW9uIHNlcnZlciBTSE9VTEQg ZG9jdW1lbnQgaXRzIHNjb3BlCiAgICAgICAgICByZXF1aXJlbWVudHMgYW5kIGRlZmF1bHQgdmFs dWUgKGlmIGRlZmluZWQpLgogICAgICAgIAo8L3A+CjxhIG5hbWU9ImFuY2hvcjI1Ij48L2E+PGJy IC8+PGhyIC8+Cjx0YWJsZSBzdW1tYXJ5PSJsYXlvdXQiIGNlbGxwYWRkaW5nPSIwIiBjZWxsc3Bh Y2luZz0iMiIgY2xhc3M9IlRPQ2J1ZyIgYWxpZ249InJpZ2h0Ij48dHI+PHRkIGNsYXNzPSJUT0Ni dWciPjxhIGhyZWY9IiN0b2MiPiZuYnNwO1RPQyZuYnNwOzwvYT48L3RkPjwvdHI+PC90YWJsZT4K PGEgbmFtZT0icmZjLnNlY3Rpb24uNCI+PC9hPjxoMz40LiZuYnNwOwpPYnRhaW5pbmcgQXV0aG9y aXphdGlvbjwvaDM+Cgo8cD4KICAgICAgICBUbyByZXF1ZXN0IGFuIGFjY2VzcyB0b2tlbiwgdGhl IGNsaWVudCBvYnRhaW5zIGF1dGhvcml6YXRpb24gZnJvbSB0aGUgcmVzb3VyY2Ugb3duZXIuIFRo ZQogICAgICAgIGF1dGhvcml6YXRpb24gaXMgZXhwcmVzc2VkIGluIHRoZSBmb3JtIG9mIGFuIGF1 dGhvcml6YXRpb24gZ3JhbnQgd2hpY2ggdGhlIGNsaWVudCB1c2VzIHRvCiAgICAgICAgcmVxdWVz dCB0aGUgYWNjZXNzIHRva2VuLiBPQXV0aCBkZWZpbmVzIGZvdXIgZ3JhbnQgdHlwZXM6IGF1dGhv cml6YXRpb24gY29kZSwgaW1wbGljaXQsCiAgICAgICAgcmVzb3VyY2Ugb3duZXIgcGFzc3dvcmQg Y3JlZGVudGlhbHMsIGFuZCBjbGllbnQgY3JlZGVudGlhbHMuIEl0IGFsc28gcHJvdmlkZXMgYW4g ZXh0ZW5zaW9uCiAgICAgICAgbWVjaGFuaXNtIGZvciBkZWZpbmluZyBhZGRpdGlvbmFsIGdyYW50 IHR5cGVzLgogICAgICAKPC9wPgo8YSBuYW1lPSJncmFudC1jb2RlIj48L2E+PGJyIC8+PGhyIC8+ Cjx0YWJsZSBzdW1tYXJ5PSJsYXlvdXQiIGNlbGxwYWRkaW5nPSIwIiBjZWxsc3BhY2luZz0iMiIg Y2xhc3M9IlRPQ2J1ZyIgYWxpZ249InJpZ2h0Ij48dHI+PHRkIGNsYXNzPSJUT0NidWciPjxhIGhy ZWY9IiN0b2MiPiZuYnNwO1RPQyZuYnNwOzwvYT48L3RkPjwvdHI+PC90YWJsZT4KPGEgbmFtZT0i cmZjLnNlY3Rpb24uNC4xIj48L2E+PGgzPjQuMS4mbmJzcDsKQXV0aG9yaXphdGlvbiBDb2RlIEdy YW50PC9oMz4KCjxwPgogICAgICAgICAgVGhlIGF1dGhvcml6YXRpb24gY29kZSBncmFudCB0eXBl IGlzIHVzZWQgdG8gb2J0YWluIGJvdGggYWNjZXNzIHRva2VucyBhbmQgcmVmcmVzaAogICAgICAg ICAgdG9rZW5zIGFuZCBpcyBvcHRpbWl6ZWQgZm9yIGNvbmZpZGVudGlhbCBjbGllbnRzLiBBcyBh IHJlZGlyZWN0aW9uLWJhc2VkIGZsb3csIHRoZSBjbGllbnQKICAgICAgICAgIG11c3QgYmUgY2Fw YWJsZSBvZiBpbnRlcmFjdGluZyB3aXRoIHRoZSByZXNvdXJjZSBvd25lcidzIHVzZXItYWdlbnQg KHR5cGljYWxseSBhIHdlYgogICAgICAgICAgYnJvd3NlcikgYW5kIGNhcGFibGUgb2YgcmVjZWl2 aW5nIGluY29taW5nIHJlcXVlc3RzICh2aWEgcmVkaXJlY3Rpb24pIGZyb20gdGhlCiAgICAgICAg ICBhdXRob3JpemF0aW9uIHNlcnZlci4KICAgICAgICAKPC9wPjxiciAvPjxociBjbGFzcz0iaW5z ZXJ0IiAvPgo8YSBuYW1lPSJGaWd1cmUtMyI+PC9hPgo8ZGl2IHN0eWxlPSdkaXNwbGF5OiB0YWJs ZTsgd2lkdGg6IDA7IG1hcmdpbi1sZWZ0OiAzZW07IG1hcmdpbi1yaWdodDogYXV0byc+PHByZT4K ICArLS0tLS0tLS0tLSsKICB8IHJlc291cmNlIHwKICB8ICAgb3duZXIgIHwKICB8ICAgICAgICAg IHwKICArLS0tLS0tLS0tLSsKICAgICAgIF4KICAgICAgIHwKICAgICAgKEIpCiAgKy0tLS18LS0t LS0rICAgICAgICAgIENsaWVudCBJZGVudGlmaWVyICAgICAgKy0tLS0tLS0tLS0tLS0tLSsKICB8 ICAgICAgICAgLSstLS0tKEEpLS0gJmFtcDsgUmVkaXJlY3Rpb24gVVJJIC0tLS0mZ3Q7fCAgICAg ICAgICAgICAgIHwKICB8ICBVc2VyLSAgIHwgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICB8IEF1dGhvcml6YXRpb24gfAogIHwgIEFnZW50ICAtKy0tLS0oQiktLSBVc2VyIGF1dGhlbnRp Y2F0ZXMgLS0tJmd0O3wgICAgIFNlcnZlciAgICB8CiAgfCAgICAgICAgICB8ICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgfCAgICAgICAgICAgICAgIHwKICB8ICAgICAgICAgLSstLS0t KEMpLS0gQXV0aG9yaXphdGlvbiBDb2RlIC0tLSZsdDt8ICAgICAgICAgICAgICAgfAogICstfC0t LS18LS0tKyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICstLS0tLS0tLS0tLS0tLS0r CiAgICB8ICAgIHwgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIF4gICAg ICB2CiAgIChBKSAgKEMpICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHwg ICAgICB8CiAgICB8ICAgIHwgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg IHwgICAgICB8CiAgICBeICAgIHYgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgIHwgICAgICB8CiAgKy0tLS0tLS0tLSsgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgIHwgICAgICB8CiAgfCAgICAgICAgIHwmZ3Q7LS0tKEQpLS0gQXV0aG9yaXphdGlvbiBD b2RlIC0tLS0tLS0tLScgICAgICB8CiAgfCAgQ2xpZW50IHwgICAgICAgICAgJmFtcDsgUmVkaXJl Y3Rpb24gVVJJICAgICAgICAgICAgICAgICAgfAogIHwgICAgICAgICB8ICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgfAogIHwgICAgICAgICB8Jmx0Oy0tLShFKS0t LS0tIEFjY2VzcyBUb2tlbiAtLS0tLS0tLS0tLS0tLS0tLS0tJwogICstLS0tLS0tLS0rICAgICAg ICh3LyBPcHRpb25hbCBSZWZyZXNoIFRva2VuKQo8L3ByZT48L2Rpdj4KPHA+CiAgICAgICAgICAg IE5vdGU6IFRoZSBsaW5lcyBpbGx1c3RyYXRpbmcgc3RlcHMgQSwgQiwgYW5kIEMgYXJlIGJyb2tl biBpbnRvIHR3byBwYXJ0cyBhcyB0aGV5IHBhc3MKICAgICAgICAgICAgdGhyb3VnaCB0aGUgdXNl ci1hZ2VudC4KICAgICAgICAgIAo8L3A+PHRhYmxlIGJvcmRlcj0iMCIgY2VsbHBhZGRpbmc9IjAi IGNlbGxzcGFjaW5nPSIyIiBhbGlnbj0iY2VudGVyIj48dHI+PHRkIGFsaWduPSJjZW50ZXIiPjxm b250IGZhY2U9Im1vbmFjbywgTVMgU2FucyBTZXJpZiIgc2l6ZT0iMSI+PGI+Jm5ic3A7RmlndXJl Jm5ic3A7MzogQXV0aG9yaXphdGlvbiBDb2RlIEZsb3cmbmJzcDs8L2I+PC9mb250PjxiciAvPjwv dGQ+PC90cj48L3RhYmxlPjxociBjbGFzcz0iaW5zZXJ0IiAvPgoKPHA+CiAgICAgICAgICBUaGUg ZmxvdyBpbGx1c3RyYXRlZCBpbiA8YSBjbGFzcz0naW5mbycgaHJlZj0nI0ZpZ3VyZS0zJz5GaWd1 cmUmbmJzcDszPHNwYW4+ICg8L3NwYW4+PHNwYW4gY2xhc3M9J2luZm8nPkF1dGhvcml6YXRpb24g Q29kZSBGbG93PC9zcGFuPjxzcGFuPik8L3NwYW4+PC9hPiBpbmNsdWRlcyB0aGUgZm9sbG93aW5n IHN0ZXBzOgogICAgICAgIAo8L3A+CjxwPgogICAgICAgICAgPC9wPgo8YmxvY2txdW90ZSBjbGFz cz0idGV4dCI+PGRsPgo8ZHQ+KEEpPC9kdD4KPGRkPgogICAgICAgICAgICAgIFRoZSBjbGllbnQg aW5pdGlhdGVzIHRoZSBmbG93IGJ5IGRpcmVjdGluZyB0aGUgcmVzb3VyY2Ugb3duZXIncyB1c2Vy LWFnZW50IHRvIHRoZQogICAgICAgICAgICAgIGF1dGhvcml6YXRpb24gZW5kcG9pbnQuIFRoZSBj bGllbnQgaW5jbHVkZXMgaXRzIGNsaWVudCBpZGVudGlmaWVyLCByZXF1ZXN0ZWQKICAgICAgICAg ICAgICBzY29wZSwgbG9jYWwgc3RhdGUsIGFuZCBhIHJlZGlyZWN0aW9uIFVSSSB0byB3aGljaCB0 aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgd2lsbCBzZW5kCiAgICAgICAgICAgICAgdGhlIHVzZXIt YWdlbnQgYmFjayBvbmNlIGFjY2VzcyBpcyBncmFudGVkIChvciBkZW5pZWQpLgogICAgICAgICAg ICAKPC9kZD4KPGR0PihCKTwvZHQ+CjxkZD4KICAgICAgICAgICAgICBUaGUgYXV0aG9yaXphdGlv biBzZXJ2ZXIgYXV0aGVudGljYXRlcyB0aGUgcmVzb3VyY2Ugb3duZXIgKHZpYSB0aGUgdXNlci1h Z2VudCkgYW5kCiAgICAgICAgICAgICAgZXN0YWJsaXNoZXMgd2hldGhlciB0aGUgcmVzb3VyY2Ug b3duZXIgZ3JhbnRzIG9yIGRlbmllcyB0aGUgY2xpZW50J3MgYWNjZXNzIHJlcXVlc3QuCiAgICAg ICAgICAgIAo8L2RkPgo8ZHQ+KEMpPC9kdD4KPGRkPgogICAgICAgICAgICAgIEFzc3VtaW5nIHRo ZSByZXNvdXJjZSBvd25lciBncmFudHMgYWNjZXNzLCB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIg cmVkaXJlY3RzIHRoZQogICAgICAgICAgICAgIHVzZXItYWdlbnQgYmFjayB0byB0aGUgY2xpZW50 IHVzaW5nIHRoZSByZWRpcmVjdGlvbiBVUkkgcHJvdmlkZWQgZWFybGllciAoaW4gdGhlCiAgICAg ICAgICAgICAgcmVxdWVzdCBvciBkdXJpbmcgY2xpZW50IHJlZ2lzdHJhdGlvbikuIFRoZSByZWRp cmVjdGlvbiBVUkkgaW5jbHVkZXMgYW4gYXV0aG9yaXphdGlvbgogICAgICAgICAgICAgIGNvZGUg YW5kIGFueSBsb2NhbCBzdGF0ZSBwcm92aWRlZCBieSB0aGUgY2xpZW50IGVhcmxpZXIuCiAgICAg ICAgICAgIAo8L2RkPgo8ZHQ+KEQpPC9kdD4KPGRkPgogICAgICAgICAgICAgIFRoZSBjbGllbnQg cmVxdWVzdHMgYW4gYWNjZXNzIHRva2VuIGZyb20gdGhlIGF1dGhvcml6YXRpb24gc2VydmVyJ3Mg dG9rZW4gZW5kcG9pbnQKICAgICAgICAgICAgICBieSBpbmNsdWRpbmcgdGhlIGF1dGhvcml6YXRp b24gY29kZSByZWNlaXZlZCBpbiB0aGUgcHJldmlvdXMgc3RlcC4gV2hlbiBtYWtpbmcgdGhlCiAg ICAgICAgICAgICAgcmVxdWVzdCwgdGhlIGNsaWVudCBhdXRoZW50aWNhdGVzIHdpdGggdGhlIGF1 dGhvcml6YXRpb24gc2VydmVyLiBUaGUgY2xpZW50IGluY2x1ZGVzCiAgICAgICAgICAgICAgdGhl IHJlZGlyZWN0aW9uIFVSSSB1c2VkIHRvIG9idGFpbiB0aGUgYXV0aG9yaXphdGlvbiBjb2RlIGZv ciB2ZXJpZmljYXRpb24uCiAgICAgICAgICAgIAo8L2RkPgo8ZHQ+KEUpPC9kdD4KPGRkPgogICAg ICAgICAgICAgIFRoZSBhdXRob3JpemF0aW9uIHNlcnZlciBhdXRoZW50aWNhdGVzIHRoZSBjbGll bnQsIHZhbGlkYXRlcyB0aGUgYXV0aG9yaXphdGlvbiBjb2RlLAogICAgICAgICAgICAgIGFuZCBl bnN1cmVzIHRoZSByZWRpcmVjdGlvbiBVUkkgcmVjZWl2ZWQgbWF0Y2hlcyB0aGUgVVJJIHVzZWQg dG8gcmVkaXJlY3QgdGhlIGNsaWVudAogICAgICAgICAgICAgIGluIHN0ZXAgKEMpLiBJZiB2YWxp ZCwgdGhlIGF1dGhvcml6YXRpb24gc2VydmVyIHJlc3BvbmRzIGJhY2sgd2l0aCBhbiBhY2Nlc3Mg dG9rZW4KICAgICAgICAgICAgICBhbmQgb3B0aW9uYWxseSwgYSByZWZyZXNoIHRva2VuLgogICAg ICAgICAgICAKPC9kZD4KPC9kbD48L2Jsb2NrcXVvdGU+PHA+CiAgICAgICAgCjwvcD4KPGEgbmFt ZT0iY29kZS1hdXRoei1yZXEiPjwvYT48YnIgLz48aHIgLz4KPHRhYmxlIHN1bW1hcnk9ImxheW91 dCIgY2VsbHBhZGRpbmc9IjAiIGNlbGxzcGFjaW5nPSIyIiBjbGFzcz0iVE9DYnVnIiBhbGlnbj0i cmlnaHQiPjx0cj48dGQgY2xhc3M9IlRPQ2J1ZyI+PGEgaHJlZj0iI3RvYyI+Jm5ic3A7VE9DJm5i c3A7PC9hPjwvdGQ+PC90cj48L3RhYmxlPgo8YSBuYW1lPSJyZmMuc2VjdGlvbi40LjEuMSI+PC9h PjxoMz40LjEuMS4mbmJzcDsKQXV0aG9yaXphdGlvbiBSZXF1ZXN0PC9oMz4KCjxwPgogICAgICAg ICAgICBUaGUgY2xpZW50IGNvbnN0cnVjdHMgdGhlIHJlcXVlc3QgVVJJIGJ5IGFkZGluZyB0aGUg Zm9sbG93aW5nIHBhcmFtZXRlcnMgdG8gdGhlCiAgICAgICAgICAgIHF1ZXJ5IGNvbXBvbmVudCBv ZiB0aGUgYXV0aG9yaXphdGlvbiBlbmRwb2ludCBVUkkgdXNpbmcgdGhlCiAgICAgICAgICAgIDx0 dD5hcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQ8L3R0PiBmb3JtYXQKICAgICAgICAg ICAgPGEgY2xhc3M9J2luZm8nIGhyZWY9JyNXM0MuUkVDLWh0bWw0MDEtMTk5OTEyMjQnPltXM0Mu UkVDJiM4MjA5O2h0bWw0MDEmIzgyMDk7MTk5OTEyMjRdPHNwYW4+ICg8L3NwYW4+PHNwYW4gY2xh c3M9J2luZm8nPkhvcnMsIEEuLCBSYWdnZXR0LCBELiwgYW5kIEkuIEphY29icywgJmxkcXVvO0hU TUwgNC4wMSBTcGVjaWZpY2F0aW9uLCZyZHF1bzsgRGVjZW1iZXImbmJzcDsxOTk5Ljwvc3Bhbj48 c3Bhbj4pPC9zcGFuPjwvYT46CiAgICAgICAgICAKPC9wPgo8cD4KICAgICAgICAgICAgPC9wPgo8 YmxvY2txdW90ZSBjbGFzcz0idGV4dCI+PGRsPgo8ZHQ+cmVzcG9uc2VfdHlwZTwvZHQ+CjxkZD4K ICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgUkVRVUlSRUQuIFZhbHVlIE1VU1QgYmUg c2V0IHRvIDx0dD5jb2RlPC90dD4uCiAgICAgICAgICAgICAgCjwvZGQ+CjxkdD5jbGllbnRfaWQ8 L2R0Pgo8ZGQ+CiAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgIFJFUVVJUkVELiBUaGUg Y2xpZW50IGlkZW50aWZpZXIgYXMgZGVzY3JpYmVkIGluCiAgICAgICAgICAgICAgICA8YSBjbGFz cz0naW5mbycgaHJlZj0nI2NsaWVudC1pZGVudGlmaWVyJz5TZWN0aW9uJm5ic3A7Mi4yPHNwYW4+ ICg8L3NwYW4+PHNwYW4gY2xhc3M9J2luZm8nPkNsaWVudCBJZGVudGlmaWVyPC9zcGFuPjxzcGFu Pik8L3NwYW4+PC9hPi4KICAgICAgICAgICAgICAKPC9kZD4KPGR0PnJlZGlyZWN0X3VyaTwvZHQ+ CjxkZD4KICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgT1BUSU9OQUwuIEFzIGRlc2Ny aWJlZCBpbiA8YSBjbGFzcz0naW5mbycgaHJlZj0nI3JlZGlyZWN0LXVyaSc+U2VjdGlvbiZuYnNw OzMuMS4yPHNwYW4+ICg8L3NwYW4+PHNwYW4gY2xhc3M9J2luZm8nPlJlZGlyZWN0aW9uIEVuZHBv aW50PC9zcGFuPjxzcGFuPik8L3NwYW4+PC9hPi4KICAgICAgICAgICAgICAKPC9kZD4KPGR0PnNj b3BlPC9kdD4KPGRkPgogICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICBPUFRJT05BTC4g VGhlIHNjb3BlIG9mIHRoZSBhY2Nlc3MgcmVxdWVzdCBhcyBkZXNjcmliZWQgYnkgPGEgY2xhc3M9 J2luZm8nIGhyZWY9JyNzY29wZSc+U2VjdGlvbiZuYnNwOzMuMzxzcGFuPiAoPC9zcGFuPjxzcGFu IGNsYXNzPSdpbmZvJz5BY2Nlc3MgVG9rZW4gU2NvcGU8L3NwYW4+PHNwYW4+KTwvc3Bhbj48L2E+ LgogICAgICAgICAgICAgIAo8L2RkPgo8ZHQ+c3RhdGU8L2R0Pgo8ZGQ+CiAgICAgICAgICAgICAg ICAKICAgICAgICAgICAgICAgIFJFQ09NTUVOREVELiBBbiBvcGFxdWUgdmFsdWUgdXNlZCBieSB0 aGUgY2xpZW50IHRvIG1haW50YWluIHN0YXRlIGJldHdlZW4gdGhlIHJlcXVlc3QKICAgICAgICAg ICAgICAgIGFuZCBjYWxsYmFjay4gVGhlIGF1dGhvcml6YXRpb24gc2VydmVyIGluY2x1ZGVzIHRo aXMgdmFsdWUgd2hlbiByZWRpcmVjdGluZyB0aGUKICAgICAgICAgICAgICAgIHVzZXItYWdlbnQg YmFjayB0byB0aGUgY2xpZW50LiBUaGUgcGFyYW1ldGVyIFNIT1VMRCBiZSB1c2VkIGZvciBwcmV2 ZW50aW5nCiAgICAgICAgICAgICAgICBjcm9zcy1zaXRlIHJlcXVlc3QgZm9yZ2VyeSBhcyBkZXNj cmliZWQgaW4gPGEgY2xhc3M9J2luZm8nIGhyZWY9JyNDU1JGJz5TZWN0aW9uJm5ic3A7MTAuMTI8 c3Bhbj4gKDwvc3Bhbj48c3BhbiBjbGFzcz0naW5mbyc+Q3Jvc3MtU2l0ZSBSZXF1ZXN0IEZvcmdl cnk8L3NwYW4+PHNwYW4+KTwvc3Bhbj48L2E+LgogICAgICAgICAgICAgIAo8L2RkPgo8L2RsPjwv YmxvY2txdW90ZT48cD4KICAgICAgICAgIAo8L3A+CjxwPgogICAgICAgICAgICBUaGUgY2xpZW50 IGRpcmVjdHMgdGhlIHJlc291cmNlIG93bmVyIHRvIHRoZSBjb25zdHJ1Y3RlZCBVUkkgdXNpbmcg YW4gSFRUUCByZWRpcmVjdGlvbgogICAgICAgICAgICByZXNwb25zZSwgb3IgYnkgb3RoZXIgbWVh bnMgYXZhaWxhYmxlIHRvIGl0IHZpYSB0aGUgdXNlci1hZ2VudC4KICAgICAgICAgIAo8L3A+Cjxw PgogICAgICAgICAgICAgIEZvciBleGFtcGxlLCB0aGUgY2xpZW50IGRpcmVjdHMgdGhlIHVzZXIt YWdlbnQgdG8gbWFrZSB0aGUgZm9sbG93aW5nIEhUVFAgcmVxdWVzdAogICAgICAgICAgICAgIHVz aW5nIFRMUyAoZXh0cmEgbGluZSBicmVha3MgYXJlIGZvciBkaXNwbGF5IHB1cnBvc2VzIG9ubHkp OgogICAgICAgICAgICAKPC9wPjxkaXYgc3R5bGU9J2Rpc3BsYXk6IHRhYmxlOyB3aWR0aDogMDsg bWFyZ2luLWxlZnQ6IDNlbTsgbWFyZ2luLXJpZ2h0OiBhdXRvJz48cHJlPgogIEdFVCAvYXV0aG9y aXplP3Jlc3BvbnNlX3R5cGU9Y29kZSZhbXA7Y2xpZW50X2lkPXM2QmhkUmtxdDMmYW1wO3N0YXRl PXh5egogICAgICAmYW1wO3JlZGlyZWN0X3VyaT1odHRwcyUzQSUyRiUyRmNsaWVudCUyRWV4YW1w bGUlMkVjb20lMkZjYiBIVFRQLzEuMQogIEhvc3Q6IHNlcnZlci5leGFtcGxlLmNvbQo8L3ByZT48 L2Rpdj4KPHA+CiAgICAgICAgICAgIFRoZSBhdXRob3JpemF0aW9uIHNlcnZlciB2YWxpZGF0ZXMg dGhlIHJlcXVlc3QgdG8gZW5zdXJlIGFsbCByZXF1aXJlZCBwYXJhbWV0ZXJzIGFyZQogICAgICAg ICAgICBwcmVzZW50IGFuZCB2YWxpZC4gSWYgdGhlIHJlcXVlc3QgaXMgdmFsaWQsIHRoZSBhdXRo b3JpemF0aW9uIHNlcnZlciBhdXRoZW50aWNhdGVzIHRoZQogICAgICAgICAgICByZXNvdXJjZSBv d25lciBhbmQgb2J0YWlucyBhbiBhdXRob3JpemF0aW9uIGRlY2lzaW9uIChieSBhc2tpbmcgdGhl IHJlc291cmNlIG93bmVyIG9yCiAgICAgICAgICAgIGJ5IGVzdGFibGlzaGluZyBhcHByb3ZhbCB2 aWEgb3RoZXIgbWVhbnMpLgogICAgICAgICAgCjwvcD4KPHA+CiAgICAgICAgICAgIFdoZW4gYSBk ZWNpc2lvbiBpcyBlc3RhYmxpc2hlZCwgdGhlIGF1dGhvcml6YXRpb24gc2VydmVyIGRpcmVjdHMg dGhlIHVzZXItYWdlbnQgdG8gdGhlCiAgICAgICAgICAgIHByb3ZpZGVkIGNsaWVudCByZWRpcmVj dGlvbiBVUkkgdXNpbmcgYW4gSFRUUCByZWRpcmVjdGlvbiByZXNwb25zZSwgb3IgYnkgb3RoZXIg bWVhbnMKICAgICAgICAgICAgYXZhaWxhYmxlIHRvIGl0IHZpYSB0aGUgdXNlci1hZ2VudC4KICAg ICAgICAgIAo8L3A+CjxhIG5hbWU9ImNvZGUtYXV0aHotcmVzcCI+PC9hPjxiciAvPjxociAvPgo8 dGFibGUgc3VtbWFyeT0ibGF5b3V0IiBjZWxscGFkZGluZz0iMCIgY2VsbHNwYWNpbmc9IjIiIGNs YXNzPSJUT0NidWciIGFsaWduPSJyaWdodCI+PHRyPjx0ZCBjbGFzcz0iVE9DYnVnIj48YSBocmVm PSIjdG9jIj4mbmJzcDtUT0MmbmJzcDs8L2E+PC90ZD48L3RyPjwvdGFibGU+CjxhIG5hbWU9InJm Yy5zZWN0aW9uLjQuMS4yIj48L2E+PGgzPjQuMS4yLiZuYnNwOwpBdXRob3JpemF0aW9uIFJlc3Bv bnNlPC9oMz4KCjxwPgogICAgICAgICAgICBJZiB0aGUgcmVzb3VyY2Ugb3duZXIgZ3JhbnRzIHRo ZSBhY2Nlc3MgcmVxdWVzdCwgdGhlIGF1dGhvcml6YXRpb24gc2VydmVyIGlzc3VlcyBhbgogICAg ICAgICAgICBhdXRob3JpemF0aW9uIGNvZGUgYW5kIGRlbGl2ZXJzIGl0IHRvIHRoZSBjbGllbnQg YnkgYWRkaW5nIHRoZSBmb2xsb3dpbmcgcGFyYW1ldGVycyB0bwogICAgICAgICAgICB0aGUgcXVl cnkgY29tcG9uZW50IG9mIHRoZSByZWRpcmVjdGlvbiBVUkkgdXNpbmcgdGhlCiAgICAgICAgICAg IDx0dD5hcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQ8L3R0PiBmb3JtYXQ6CiAgICAg ICAgICAKPC9wPgo8cD4KICAgICAgICAgICAgPC9wPgo8YmxvY2txdW90ZSBjbGFzcz0idGV4dCI+ PGRsPgo8ZHQ+Y29kZTwvZHQ+CjxkZD4KICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAg UkVRVUlSRUQuIFRoZSBhdXRob3JpemF0aW9uIGNvZGUgZ2VuZXJhdGVkIGJ5IHRoZSBhdXRob3Jp emF0aW9uIHNlcnZlci4gVGhlCiAgICAgICAgICAgICAgICBhdXRob3JpemF0aW9uIGNvZGUgTVVT VCBleHBpcmUgc2hvcnRseSBhZnRlciBpdCBpcyBpc3N1ZWQgdG8gbWl0aWdhdGUgdGhlIHJpc2sg b2YKICAgICAgICAgICAgICAgIGxlYWtzLiBBIG1heGltdW0gYXV0aG9yaXphdGlvbiBjb2RlIGxp ZmV0aW1lIG9mIDEwIG1pbnV0ZXMgaXMgUkVDT01NRU5ERUQuIFRoZQogICAgICAgICAgICAgICAg Y2xpZW50IE1VU1QgTk9UIHVzZSB0aGUgYXV0aG9yaXphdGlvbiBjb2RlIG1vcmUgdGhhbiBvbmNl LiBJZiBhbiBhdXRob3JpemF0aW9uIGNvZGUKICAgICAgICAgICAgICAgIGlzIHVzZWQgbW9yZSB0 aGFuIG9uY2UsIHRoZSBhdXRob3JpemF0aW9uIHNlcnZlciBNVVNUIGRlbnkgdGhlIHJlcXVlc3Qg YW5kIFNIT1VMRAogICAgICAgICAgICAgICAgcmV2b2tlICh3aGVuIHBvc3NpYmxlKSBhbGwgdG9r ZW5zIHByZXZpb3VzbHkgaXNzdWVkIGJhc2VkIG9uIHRoYXQgYXV0aG9yaXphdGlvbgogICAgICAg ICAgICAgICAgY29kZS4gVGhlIGF1dGhvcml6YXRpb24gY29kZSBpcyBib3VuZCB0byB0aGUgY2xp ZW50IGlkZW50aWZpZXIgYW5kIHJlZGlyZWN0aW9uIFVSSS4KICAgICAgICAgICAgICAKPC9kZD4K PGR0PnN0YXRlPC9kdD4KPGRkPgogICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICBSRVFV SVJFRCBpZiB0aGUgPHR0PnN0YXRlPC90dD4gcGFyYW1ldGVyIHdhcyBwcmVzZW50IGluIHRoZQog ICAgICAgICAgICAgICAgY2xpZW50IGF1dGhvcml6YXRpb24gcmVxdWVzdC4gVGhlIGV4YWN0IHZh bHVlIHJlY2VpdmVkIGZyb20gdGhlIGNsaWVudC4KICAgICAgICAgICAgICAKPC9kZD4KPC9kbD48 L2Jsb2NrcXVvdGU+PHA+CiAgICAgICAgICAKPC9wPgo8cD4KICAgICAgICAgICAgICBGb3IgZXhh bXBsZSwgdGhlIGF1dGhvcml6YXRpb24gc2VydmVyIHJlZGlyZWN0cyB0aGUgdXNlci1hZ2VudCBi eSBzZW5kaW5nIHRoZQogICAgICAgICAgICAgIGZvbGxvd2luZyBIVFRQIHJlc3BvbnNlOgogICAg ICAgICAgICAKPC9wPjxkaXYgc3R5bGU9J2Rpc3BsYXk6IHRhYmxlOyB3aWR0aDogMDsgbWFyZ2lu LWxlZnQ6IDNlbTsgbWFyZ2luLXJpZ2h0OiBhdXRvJz48cHJlPgogIEhUVFAvMS4xIDMwMiBGb3Vu ZAogIExvY2F0aW9uOiBodHRwczovL2NsaWVudC5leGFtcGxlLmNvbS9jYj9jb2RlPVNwbHhsT0Jl WlFRWWJZUzZXeFNiSUEKICAgICAgICAgICAgJmFtcDtzdGF0ZT14eXoKPC9wcmU+PC9kaXY+Cjxw PgogICAgICAgICAgICBUaGUgY2xpZW50IE1VU1QgaWdub3JlIHVucmVjb2duaXplZCByZXNwb25z ZSBwYXJhbWV0ZXJzLiBUaGUgYXV0aG9yaXphdGlvbiBjb2RlCiAgICAgICAgICAgIHN0cmluZyBz aXplIGlzIGxlZnQgdW5kZWZpbmVkIGJ5IHRoaXMgc3BlY2lmaWNhdGlvbi4gVGhlIGNsaWVudCBz aG91bGQgYXZvaWQgbWFraW5nCiAgICAgICAgICAgIGFzc3VtcHRpb25zIGFib3V0IGNvZGUgdmFs dWUgc2l6ZXMuIFRoZSBhdXRob3JpemF0aW9uIHNlcnZlciBTSE9VTEQgZG9jdW1lbnQgdGhlIHNp emUKICAgICAgICAgICAgb2YgYW55IHZhbHVlIGl0IGlzc3Vlcy4KICAgICAgICAgIAo8L3A+Cjxh IG5hbWU9ImNvZGUtYXV0aHotZXJyb3IiPjwvYT48YnIgLz48aHIgLz4KPHRhYmxlIHN1bW1hcnk9 ImxheW91dCIgY2VsbHBhZGRpbmc9IjAiIGNlbGxzcGFjaW5nPSIyIiBjbGFzcz0iVE9DYnVnIiBh bGlnbj0icmlnaHQiPjx0cj48dGQgY2xhc3M9IlRPQ2J1ZyI+PGEgaHJlZj0iI3RvYyI+Jm5ic3A7 VE9DJm5ic3A7PC9hPjwvdGQ+PC90cj48L3RhYmxlPgo8YSBuYW1lPSJyZmMuc2VjdGlvbi40LjEu Mi4xIj48L2E+PGgzPjQuMS4yLjEuJm5ic3A7CkVycm9yIFJlc3BvbnNlPC9oMz4KCjxwPgogICAg ICAgICAgICAgIElmIHRoZSByZXF1ZXN0IGZhaWxzIGR1ZSB0byBhIG1pc3NpbmcsIGludmFsaWQs IG9yIG1pc21hdGNoaW5nIHJlZGlyZWN0aW9uIFVSSSwgb3IgaWYKICAgICAgICAgICAgICB0aGUg Y2xpZW50IGlkZW50aWZpZXIgaXMgbWlzc2luZyBvciBpbnZhbGlkLCB0aGUgYXV0aG9yaXphdGlv biBzZXJ2ZXIgU0hPVUxEIGluZm9ybQogICAgICAgICAgICAgIHRoZSByZXNvdXJjZSBvd25lciBv ZiB0aGUgZXJyb3IsIGFuZCBNVVNUIE5PVCBhdXRvbWF0aWNhbGx5IHJlZGlyZWN0IHRoZSB1c2Vy LWFnZW50CiAgICAgICAgICAgICAgdG8gdGhlIGludmFsaWQgcmVkaXJlY3Rpb24gVVJJLgogICAg ICAgICAgICAKPC9wPgo8cD4KICAgICAgICAgICAgICBJZiB0aGUgcmVzb3VyY2Ugb3duZXIgZGVu aWVzIHRoZSBhY2Nlc3MgcmVxdWVzdCBvciBpZiB0aGUgcmVxdWVzdCBmYWlscyBmb3IgcmVhc29u cwogICAgICAgICAgICAgIG90aGVyIHRoYW4gYSBtaXNzaW5nIG9yIGludmFsaWQgcmVkaXJlY3Rp b24gVVJJLCB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgaW5mb3JtcyB0aGUKICAgICAgICAgICAg ICBjbGllbnQgYnkgYWRkaW5nIHRoZSBmb2xsb3dpbmcgcGFyYW1ldGVycyB0byB0aGUgcXVlcnkg Y29tcG9uZW50IG9mIHRoZSByZWRpcmVjdGlvbgogICAgICAgICAgICAgIFVSSSB1c2luZyB0aGUg PHR0PmFwcGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJsZW5jb2RlZDwvdHQ+IGZvcm1hdDoKICAgICAg ICAgICAgCjwvcD4KPHA+CiAgICAgICAgICAgICAgPC9wPgo8YmxvY2txdW90ZSBjbGFzcz0idGV4 dCI+PGRsPgo8ZHQ+ZXJyb3I8L2R0Pgo8ZGQ+CiAgICAgICAgICAgICAgICAgIAogICAgICAgICAg ICAgICAgICBSRVFVSVJFRC4gQSBzaW5nbGUgQVNDSUkgPGEgY2xhc3M9J2luZm8nIGhyZWY9JyNV U0FTQ0lJJz5bVVNBU0NJSV08c3Bhbj4gKDwvc3Bhbj48c3BhbiBjbGFzcz0naW5mbyc+QW1lcmlj YW4gTmF0aW9uYWwgU3RhbmRhcmRzIEluc3RpdHV0ZSwgJmxkcXVvO0NvZGVkIENoYXJhY3RlciBT ZXQgLS0gNy1iaXQgQW1lcmljYW4gU3RhbmRhcmQgQ29kZSBmb3IgSW5mb3JtYXRpb24gSW50ZXJj aGFuZ2UsJnJkcXVvOyAxOTg2Ljwvc3Bhbj48c3Bhbj4pPC9zcGFuPjwvYT4gZXJyb3IgY29kZSBm cm9tIHRoZSBmb2xsb3dpbmc6CgogICAgICAgICAgICAgICAgICAKPGJsb2NrcXVvdGUgY2xhc3M9 InRleHQiPjxkbD4KPGR0PmludmFsaWRfcmVxdWVzdDwvZHQ+CjxkZD4KICAgICAgICAgICAgICAg ICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgVGhlIHJlcXVlc3QgaXMgbWlzc2luZyBhIHJl cXVpcmVkIHBhcmFtZXRlciwgaW5jbHVkZXMgYW4gaW52YWxpZAogICAgICAgICAgICAgICAgICAg ICAgcGFyYW1ldGVyIHZhbHVlLCBpbmNsdWRlcyBhIHBhcmFtZXRlciBtb3JlIHRoYW4gb25jZSwg b3IgaXMgb3RoZXJ3aXNlCiAgICAgICAgICAgICAgICAgICAgICBtYWxmb3JtZWQuCiAgICAgICAg ICAgICAgICAgICAgCjwvZGQ+CjxkdD51bmF1dGhvcml6ZWRfY2xpZW50PC9kdD4KPGRkPgogICAg ICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICBUaGUgY2xpZW50IGlzIG5v dCBhdXRob3JpemVkIHRvIHJlcXVlc3QgYW4gYXV0aG9yaXphdGlvbiBjb2RlIHVzaW5nIHRoaXMK ICAgICAgICAgICAgICAgICAgICAgIG1ldGhvZC4KICAgICAgICAgICAgICAgICAgICAKPC9kZD4K PGR0PmFjY2Vzc19kZW5pZWQ8L2R0Pgo8ZGQ+CiAgICAgICAgICAgICAgICAgICAgICAKICAgICAg ICAgICAgICAgICAgICAgIFRoZSByZXNvdXJjZSBvd25lciBvciBhdXRob3JpemF0aW9uIHNlcnZl ciBkZW5pZWQgdGhlIHJlcXVlc3QuCiAgICAgICAgICAgICAgICAgICAgCjwvZGQ+CjxkdD51bnN1 cHBvcnRlZF9yZXNwb25zZV90eXBlPC9kdD4KPGRkPgogICAgICAgICAgICAgICAgICAgICAgCiAg ICAgICAgICAgICAgICAgICAgICBUaGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgZG9lcyBub3Qgc3Vw cG9ydCBvYnRhaW5pbmcgYW4gYXV0aG9yaXphdGlvbiBjb2RlCiAgICAgICAgICAgICAgICAgICAg ICB1c2luZyB0aGlzIG1ldGhvZC4KICAgICAgICAgICAgICAgICAgICAKPC9kZD4KPGR0PmludmFs aWRfc2NvcGU8L2R0Pgo8ZGQ+CiAgICAgICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAg ICAgICAgIFRoZSByZXF1ZXN0ZWQgc2NvcGUgaXMgaW52YWxpZCwgdW5rbm93biwgb3IgbWFsZm9y bWVkLgogICAgICAgICAgICAgICAgICAgIAo8L2RkPgo8ZHQ+c2VydmVyX2Vycm9yPC9kdD4KPGRk PgogICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICBUaGUgYXV0aG9y aXphdGlvbiBzZXJ2ZXIgZW5jb3VudGVyZWQgYW4gdW5leHBlY3RlZCBjb25kaXRpb24gd2hpY2gg cHJldmVudGVkCiAgICAgICAgICAgICAgICAgICAgICBpdCBmcm9tIGZ1bGZpbGxpbmcgdGhlIHJl cXVlc3QuCiAgICAgICAgICAgICAgICAgICAgCjwvZGQ+CjxkdD50ZW1wb3JhcmlseV91bmF2YWls YWJsZTwvZHQ+CjxkZD4KICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAg ICAgVGhlIGF1dGhvcml6YXRpb24gc2VydmVyIGlzIGN1cnJlbnRseSB1bmFibGUgdG8gaGFuZGxl IHRoZSByZXF1ZXN0IGR1ZSB0byBhCiAgICAgICAgICAgICAgICAgICAgICB0ZW1wb3Jhcnkgb3Zl cmxvYWRpbmcgb3IgbWFpbnRlbmFuY2Ugb2YgdGhlIHNlcnZlci4KICAgICAgICAgICAgICAgICAg ICAKPC9kZD4KPC9kbD48L2Jsb2NrcXVvdGU+CgoJCSAgVmFsdWVzIGZvciB0aGUgPHR0PmVycm9y PC90dD4gcGFyYW1ldGVyIE1VU1QgTk9UIGluY2x1ZGUKCQkgIGNoYXJhY3RlcnMgb3V0c2lkZSB0 aGUgc2V0ICV4MjAtMjEgLyAleDIzLTVCIC8gJXg1RC03RS4KICAgICAgICAgICAgICAgIAo8L2Rk Pgo8ZHQ+ZXJyb3JfZGVzY3JpcHRpb248L2R0Pgo8ZGQ+CiAgICAgICAgICAgICAgICAgIAogICAg ICAgICAgICAgICAgICBPUFRJT05BTC4gQSBodW1hbi1yZWFkYWJsZSBBU0NJSSA8YSBjbGFzcz0n aW5mbycgaHJlZj0nI1VTQVNDSUknPltVU0FTQ0lJXTxzcGFuPiAoPC9zcGFuPjxzcGFuIGNsYXNz PSdpbmZvJz5BbWVyaWNhbiBOYXRpb25hbCBTdGFuZGFyZHMgSW5zdGl0dXRlLCAmbGRxdW87Q29k ZWQgQ2hhcmFjdGVyIFNldCAtLSA3LWJpdCBBbWVyaWNhbiBTdGFuZGFyZCBDb2RlIGZvciBJbmZv cm1hdGlvbiBJbnRlcmNoYW5nZSwmcmRxdW87IDE5ODYuPC9zcGFuPjxzcGFuPik8L3NwYW4+PC9h PiB0ZXh0IHByb3ZpZGluZyBhZGRpdGlvbmFsIGluZm9ybWF0aW9uLAogICAgICAgICAgICAgICAg ICB1c2VkIHRvIGFzc2lzdCB0aGUgY2xpZW50IGRldmVsb3BlciBpbiB1bmRlcnN0YW5kaW5nIHRo ZSBlcnJvciB0aGF0IG9jY3VycmVkLgoJCSAgPGJyIC8+CgoJCSAgVmFsdWVzIGZvciB0aGUgPHR0 PmVycm9yX2Rlc2NyaXB0aW9uPC90dD4gcGFyYW1ldGVyIE1VU1QgTk9UIGluY2x1ZGUKCQkgIGNo YXJhY3RlcnMgb3V0c2lkZSB0aGUgc2V0ICV4MjAtMjEgLyAleDIzLTVCIC8gJXg1RC03RS4KICAg ICAgICAgICAgICAgIAo8L2RkPgo8ZHQ+ZXJyb3JfdXJpPC9kdD4KPGRkPgogICAgICAgICAgICAg ICAgICAKICAgICAgICAgICAgICAgICAgT1BUSU9OQUwuIEEgVVJJIGlkZW50aWZ5aW5nIGEgaHVt YW4tcmVhZGFibGUgd2ViIHBhZ2Ugd2l0aCBpbmZvcm1hdGlvbiBhYm91dCB0aGUKICAgICAgICAg ICAgICAgICAgZXJyb3IsIHVzZWQgdG8gcHJvdmlkZSB0aGUgY2xpZW50IGRldmVsb3BlciB3aXRo IGFkZGl0aW9uYWwgaW5mb3JtYXRpb24gYWJvdXQgdGhlCiAgICAgICAgICAgICAgICAgIGVycm9y LgoJCSAgPGJyIC8+CgoJCSAgVmFsdWVzIGZvciB0aGUgPHR0PmVycm9yX3VyaTwvdHQ+IHBhcmFt ZXRlcgoJCSAgTVVTVCBjb25mb3JtIHRvIHRoZSBVUkktUmVmZXJlbmNlIHN5bnRheCwgYW5kIHRo dXMgTVVTVCBOT1QgaW5jbHVkZQoJCSAgY2hhcmFjdGVycyBvdXRzaWRlIHRoZSBzZXQgJXgyMSAv ICV4MjMtNUIgLyAleDVELTdFLgogICAgICAgICAgICAgICAgCjwvZGQ+CjxkdD5zdGF0ZTwvZHQ+ CjxkZD4KICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgIFJFUVVJUkVEIGlmIGEg PHR0PnN0YXRlPC90dD4gcGFyYW1ldGVyIHdhcyBwcmVzZW50IGluIHRoZQogICAgICAgICAgICAg ICAgICBjbGllbnQgYXV0aG9yaXphdGlvbiByZXF1ZXN0LiBUaGUgZXhhY3QgdmFsdWUgcmVjZWl2 ZWQgZnJvbSB0aGUgY2xpZW50LgogICAgICAgICAgICAgICAgCjwvZGQ+CjwvZGw+PC9ibG9ja3F1 b3RlPjxwPgogICAgICAgICAgICAKPC9wPgo8cD4KICAgICAgICAgICAgICAgIEZvciBleGFtcGxl LCB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgcmVkaXJlY3RzIHRoZSB1c2VyLWFnZW50IGJ5IHNl bmRpbmcgdGhlCiAgICAgICAgICAgICAgICBmb2xsb3dpbmcgSFRUUCByZXNwb25zZToKICAgICAg ICAgICAgICAKPC9wPjxkaXYgc3R5bGU9J2Rpc3BsYXk6IHRhYmxlOyB3aWR0aDogMDsgbWFyZ2lu LWxlZnQ6IDNlbTsgbWFyZ2luLXJpZ2h0OiBhdXRvJz48cHJlPgogIEhUVFAvMS4xIDMwMiBGb3Vu ZAogIExvY2F0aW9uOiBodHRwczovL2NsaWVudC5leGFtcGxlLmNvbS9jYj9lcnJvcj1hY2Nlc3Nf ZGVuaWVkJmFtcDtzdGF0ZT14eXoKPC9wcmU+PC9kaXY+CjxhIG5hbWU9InRva2VuLXJlcSI+PC9h PjxiciAvPjxociAvPgo8dGFibGUgc3VtbWFyeT0ibGF5b3V0IiBjZWxscGFkZGluZz0iMCIgY2Vs bHNwYWNpbmc9IjIiIGNsYXNzPSJUT0NidWciIGFsaWduPSJyaWdodCI+PHRyPjx0ZCBjbGFzcz0i VE9DYnVnIj48YSBocmVmPSIjdG9jIj4mbmJzcDtUT0MmbmJzcDs8L2E+PC90ZD48L3RyPjwvdGFi bGU+CjxhIG5hbWU9InJmYy5zZWN0aW9uLjQuMS4zIj48L2E+PGgzPjQuMS4zLiZuYnNwOwpBY2Nl c3MgVG9rZW4gUmVxdWVzdDwvaDM+Cgo8cD4KICAgICAgICAgICAgVGhlIGNsaWVudCBtYWtlcyBh IHJlcXVlc3QgdG8gdGhlIHRva2VuIGVuZHBvaW50IGJ5IHNlbmRpbmcgdGhlIGZvbGxvd2luZyBw YXJhbWV0ZXJzCiAgICAgICAgICAgIHVzaW5nIHRoZSA8dHQ+YXBwbGljYXRpb24veC13d3ctZm9y bS11cmxlbmNvZGVkPC90dD4gZm9ybWF0CgkgICAgPGEgY2xhc3M9J2luZm8nIGhyZWY9JyNXM0Mu UkVDLWh0bWw0MDEtMTk5OTEyMjQnPltXM0MuUkVDJiM4MjA5O2h0bWw0MDEmIzgyMDk7MTk5OTEy MjRdPHNwYW4+ICg8L3NwYW4+PHNwYW4gY2xhc3M9J2luZm8nPkhvcnMsIEEuLCBSYWdnZXR0LCBE LiwgYW5kIEkuIEphY29icywgJmxkcXVvO0hUTUwgNC4wMSBTcGVjaWZpY2F0aW9uLCZyZHF1bzsg RGVjZW1iZXImbmJzcDsxOTk5Ljwvc3Bhbj48c3Bhbj4pPC9zcGFuPjwvYT4gYW5kIGEgY2hhcmFj dGVyIGVuY29kaW5nIG9mIFVURi04CgkgICAgaW4gdGhlIEhUVFAgcmVxdWVzdCBlbnRpdHktYm9k eToKICAgICAgICAgIAo8L3A+CjxwPgogICAgICAgICAgICA8L3A+CjxibG9ja3F1b3RlIGNsYXNz PSJ0ZXh0Ij48ZGw+CjxkdD5ncmFudF90eXBlPC9kdD4KPGRkPgogICAgICAgICAgICAgICAgCiAg ICAgICAgICAgICAgICBSRVFVSVJFRC4gVmFsdWUgTVVTVCBiZSBzZXQgdG8gPHR0PmF1dGhvcml6 YXRpb25fY29kZTwvdHQ+LgogICAgICAgICAgICAgIAo8L2RkPgo8ZHQ+Y29kZTwvZHQ+CjxkZD4K ICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgUkVRVUlSRUQuIFRoZSBhdXRob3JpemF0 aW9uIGNvZGUgcmVjZWl2ZWQgZnJvbSB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIuCiAgICAgICAg ICAgICAgCjwvZGQ+CjxkdD5yZWRpcmVjdF91cmk8L2R0Pgo8ZGQ+CiAgICAgICAgICAgICAgICAK ICAgICAgICAgICAgICAgIFJFUVVJUkVELCBpZiB0aGUgPHR0PnJlZGlyZWN0X3VyaTwvdHQ+IHBh cmFtZXRlciB3YXMgaW5jbHVkZWQgaW4KICAgICAgICAgICAgICAgIHRoZSBhdXRob3JpemF0aW9u IHJlcXVlc3QgYXMgZGVzY3JpYmVkIGluIDxhIGNsYXNzPSdpbmZvJyBocmVmPScjY29kZS1hdXRo ei1yZXEnPlNlY3Rpb24mbmJzcDs0LjEuMTxzcGFuPiAoPC9zcGFuPjxzcGFuIGNsYXNzPSdpbmZv Jz5BdXRob3JpemF0aW9uIFJlcXVlc3Q8L3NwYW4+PHNwYW4+KTwvc3Bhbj48L2E+LCBhbmQKICAg ICAgICAgICAgICAgIHRoZWlyIHZhbHVlcyBNVVNUIGJlIGlkZW50aWNhbC4KICAgICAgICAgICAg ICAKPC9kZD4KPC9kbD48L2Jsb2NrcXVvdGU+PHA+CiAgICAgICAgICAKPC9wPgo8cD4KICAgICAg ICAgICAgSWYgdGhlIGNsaWVudCB0eXBlIGlzIGNvbmZpZGVudGlhbCBvciB0aGUgY2xpZW50IHdh cyBpc3N1ZWQgY2xpZW50IGNyZWRlbnRpYWxzIChvcgogICAgICAgICAgICBhc3NpZ25lZCBvdGhl ciBhdXRoZW50aWNhdGlvbiByZXF1aXJlbWVudHMpLCB0aGUgY2xpZW50IE1VU1QgYXV0aGVudGlj YXRlIHdpdGggdGhlCiAgICAgICAgICAgIGF1dGhvcml6YXRpb24gc2VydmVyIGFzIGRlc2NyaWJl ZCBpbiA8YSBjbGFzcz0naW5mbycgaHJlZj0nI3Rva2VuLWVuZHBvaW50LWF1dGgnPlNlY3Rpb24m bmJzcDszLjIuMTxzcGFuPiAoPC9zcGFuPjxzcGFuIGNsYXNzPSdpbmZvJz5DbGllbnQgQXV0aGVu dGljYXRpb248L3NwYW4+PHNwYW4+KTwvc3Bhbj48L2E+LgogICAgICAgICAgCjwvcD4KPHA+CiAg ICAgICAgICAgICAgRm9yIGV4YW1wbGUsIHRoZSBjbGllbnQgbWFrZXMgdGhlIGZvbGxvd2luZyBI VFRQIHJlcXVlc3QgdXNpbmcgVExTIChleHRyYSBsaW5lIGJyZWFrcwogICAgICAgICAgICAgIGFy ZSBmb3IgZGlzcGxheSBwdXJwb3NlcyBvbmx5KToKICAgICAgICAgICAgCjwvcD48ZGl2IHN0eWxl PSdkaXNwbGF5OiB0YWJsZTsgd2lkdGg6IDA7IG1hcmdpbi1sZWZ0OiAzZW07IG1hcmdpbi1yaWdo dDogYXV0byc+PHByZT4KICBQT1NUIC90b2tlbiBIVFRQLzEuMQogIEhvc3Q6IHNlcnZlci5leGFt cGxlLmNvbQogIEF1dGhvcml6YXRpb246IEJhc2ljIGN6WkNhR1JTYTNGME16cG5XREZtUW1GME0y SlcKICBDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJsZW5jb2RlZAoKICBn cmFudF90eXBlPWF1dGhvcml6YXRpb25fY29kZSZhbXA7Y29kZT1TcGx4bE9CZVpRUVliWVM2V3hT YklBCiAgJmFtcDtyZWRpcmVjdF91cmk9aHR0cHMlM0ElMkYlMkZjbGllbnQlMkVleGFtcGxlJTJF Y29tJTJGY2IKPC9wcmU+PC9kaXY+CjxwPgogICAgICAgICAgICBUaGUgYXV0aG9yaXphdGlvbiBz ZXJ2ZXIgTVVTVDoKICAgICAgICAgIAo8L3A+CjxwPgogICAgICAgICAgICA8L3A+Cjx1bCBjbGFz cz0idGV4dCI+CjxsaT4KICAgICAgICAgICAgICAgIHJlcXVpcmUgY2xpZW50IGF1dGhlbnRpY2F0 aW9uIGZvciBjb25maWRlbnRpYWwgY2xpZW50cyBvciBmb3IgYW55IGNsaWVudCB0aGF0IHdhcwog ICAgICAgICAgICAgICAgaXNzdWVkIGNsaWVudCBjcmVkZW50aWFscyAob3Igd2l0aCBvdGhlciBh dXRoZW50aWNhdGlvbiByZXF1aXJlbWVudHMpLAogICAgICAgICAgICAgIAo8L2xpPgo8bGk+CgkJ YXV0aGVudGljYXRlIHRoZSBjbGllbnQgaWYgY2xpZW50IGF1dGhlbnRpY2F0aW9uIGlzIGluY2x1 ZGVkLAogICAgICAgICAgICAgIAo8L2xpPgo8bGk+CgkJZW5zdXJlIHRoZSBhdXRob3JpemF0aW9u IGNvZGUgd2FzIGlzc3VlZCB0byB0aGUgYXV0aGVudGljYXRlZCAKCQljb25maWRlbnRpYWwgY2xp ZW50IG9yIHRvIHRoZSBwdWJsaWMgY2xpZW50IGlkZW50aWZpZWQgYnkgdGhlCgkJPHR0PmNsaWVu dF9pZDwvdHQ+IGluIHRoZSByZXF1ZXN0LAoJICAgICAgCjwvbGk+CjxsaT4KICAgICAgICAgICAg ICAgIHZlcmlmeSB0aGF0IHRoZSBhdXRob3JpemF0aW9uIGNvZGUgaXMgdmFsaWQsIGFuZAogICAg ICAgICAgICAgIAo8L2xpPgo8bGk+CiAgICAgICAgICAgICAgICBlbnN1cmUgdGhhdCB0aGUgPHR0 PnJlZGlyZWN0X3VyaTwvdHQ+IHBhcmFtZXRlciBpcyBwcmVzZW50IGlmCiAgICAgICAgICAgICAg ICB0aGUgPHR0PnJlZGlyZWN0X3VyaTwvdHQ+IHBhcmFtZXRlciB3YXMgaW5jbHVkZWQgaW4gdGhl IGluaXRpYWwKICAgICAgICAgICAgICAgIGF1dGhvcml6YXRpb24gcmVxdWVzdCBhcyBkZXNjcmli ZWQgaW4gPGEgY2xhc3M9J2luZm8nIGhyZWY9JyNjb2RlLWF1dGh6LXJlcSc+U2VjdGlvbiZuYnNw OzQuMS4xPHNwYW4+ICg8L3NwYW4+PHNwYW4gY2xhc3M9J2luZm8nPkF1dGhvcml6YXRpb24gUmVx dWVzdDwvc3Bhbj48c3Bhbj4pPC9zcGFuPjwvYT4sIGFuZCBpZgogICAgICAgICAgICAgICAgaW5j bHVkZWQgZW5zdXJlIHRoZWlyIHZhbHVlcyBhcmUgaWRlbnRpY2FsLgogICAgICAgICAgICAgIAo8 L2xpPgo8L3VsPjxwPgogICAgICAgICAgCjwvcD4KPGEgbmFtZT0iYW5jaG9yMjYiPjwvYT48YnIg Lz48aHIgLz4KPHRhYmxlIHN1bW1hcnk9ImxheW91dCIgY2VsbHBhZGRpbmc9IjAiIGNlbGxzcGFj aW5nPSIyIiBjbGFzcz0iVE9DYnVnIiBhbGlnbj0icmlnaHQiPjx0cj48dGQgY2xhc3M9IlRPQ2J1 ZyI+PGEgaHJlZj0iI3RvYyI+Jm5ic3A7VE9DJm5ic3A7PC9hPjwvdGQ+PC90cj48L3RhYmxlPgo8 YSBuYW1lPSJyZmMuc2VjdGlvbi40LjEuNCI+PC9hPjxoMz40LjEuNC4mbmJzcDsKQWNjZXNzIFRv a2VuIFJlc3BvbnNlPC9oMz4KCjxwPgogICAgICAgICAgICBJZiB0aGUgYWNjZXNzIHRva2VuIHJl cXVlc3QgaXMgdmFsaWQgYW5kIGF1dGhvcml6ZWQsIHRoZSBhdXRob3JpemF0aW9uIHNlcnZlciBp c3N1ZXMgYW4KICAgICAgICAgICAgYWNjZXNzIHRva2VuIGFuZCBvcHRpb25hbCByZWZyZXNoIHRv a2VuIGFzIGRlc2NyaWJlZCBpbiA8YSBjbGFzcz0naW5mbycgaHJlZj0nI3Rva2VuLXJlc3BvbnNl Jz5TZWN0aW9uJm5ic3A7NS4xPHNwYW4+ICg8L3NwYW4+PHNwYW4gY2xhc3M9J2luZm8nPlN1Y2Nl c3NmdWwgUmVzcG9uc2U8L3NwYW4+PHNwYW4+KTwvc3Bhbj48L2E+LgogICAgICAgICAgICBJZiB0 aGUgcmVxdWVzdCBjbGllbnQgYXV0aGVudGljYXRpb24gZmFpbGVkIG9yIGlzIGludmFsaWQsIHRo ZSBhdXRob3JpemF0aW9uIHNlcnZlciByZXR1cm5zCiAgICAgICAgICAgIGFuIGVycm9yIHJlc3Bv bnNlIGFzIGRlc2NyaWJlZCBpbiA8YSBjbGFzcz0naW5mbycgaHJlZj0nI3Rva2VuLWVycm9ycyc+ U2VjdGlvbiZuYnNwOzUuMjxzcGFuPiAoPC9zcGFuPjxzcGFuIGNsYXNzPSdpbmZvJz5FcnJvciBS ZXNwb25zZTwvc3Bhbj48c3Bhbj4pPC9zcGFuPjwvYT4uCiAgICAgICAgICAKPC9wPgo8cD4KICAg ICAgICAgICAgICBBbiBleGFtcGxlIHN1Y2Nlc3NmdWwgcmVzcG9uc2U6CiAgICAgICAgICAgIAo8 L3A+PGRpdiBzdHlsZT0nZGlzcGxheTogdGFibGU7IHdpZHRoOiAwOyBtYXJnaW4tbGVmdDogM2Vt OyBtYXJnaW4tcmlnaHQ6IGF1dG8nPjxwcmU+CiAgSFRUUC8xLjEgMjAwIE9LCiAgQ29udGVudC1U eXBlOiBhcHBsaWNhdGlvbi9qc29uO2NoYXJzZXQ9VVRGLTgKICBDYWNoZS1Db250cm9sOiBuby1z dG9yZQogIFByYWdtYTogbm8tY2FjaGUKCiAgewogICAgImFjY2Vzc190b2tlbiI6IjJZb3RuRlpG RWpyMXpDc2ljTVdwQUEiLAogICAgInRva2VuX3R5cGUiOiJleGFtcGxlIiwKICAgICJleHBpcmVz X2luIjozNjAwLAogICAgInJlZnJlc2hfdG9rZW4iOiJ0R3p2M0pPa0YwWEc1UXgyVGxLV0lBIiwK ICAgICJleGFtcGxlX3BhcmFtZXRlciI6ImV4YW1wbGVfdmFsdWUiCiAgfQo8L3ByZT48L2Rpdj4K PGEgbmFtZT0iZ3JhbnQtaW1wbGljaXQiPjwvYT48YnIgLz48aHIgLz4KPHRhYmxlIHN1bW1hcnk9 ImxheW91dCIgY2VsbHBhZGRpbmc9IjAiIGNlbGxzcGFjaW5nPSIyIiBjbGFzcz0iVE9DYnVnIiBh bGlnbj0icmlnaHQiPjx0cj48dGQgY2xhc3M9IlRPQ2J1ZyI+PGEgaHJlZj0iI3RvYyI+Jm5ic3A7 VE9DJm5ic3A7PC9hPjwvdGQ+PC90cj48L3RhYmxlPgo8YSBuYW1lPSJyZmMuc2VjdGlvbi40LjIi PjwvYT48aDM+NC4yLiZuYnNwOwpJbXBsaWNpdCBHcmFudDwvaDM+Cgo8cD4KICAgICAgICAgIFRo ZSBpbXBsaWNpdCBncmFudCB0eXBlIGlzIHVzZWQgdG8gb2J0YWluIGFjY2VzcyB0b2tlbnMgKGl0 IGRvZXMgbm90IHN1cHBvcnQgdGhlIGlzc3VhbmNlCiAgICAgICAgICBvZiByZWZyZXNoIHRva2Vu cykgYW5kIGlzIG9wdGltaXplZCBmb3IgcHVibGljIGNsaWVudHMga25vd24gdG8gb3BlcmF0ZSBh IHBhcnRpY3VsYXIKICAgICAgICAgIHJlZGlyZWN0aW9uIFVSSS4gVGhlc2UgY2xpZW50cyBhcmUg dHlwaWNhbGx5IGltcGxlbWVudGVkIGluIGEgYnJvd3NlciB1c2luZyBhIHNjcmlwdGluZwogICAg ICAgICAgbGFuZ3VhZ2Ugc3VjaCBhcyBKYXZhU2NyaXB0LgogICAgICAgIAo8L3A+CjxwPgogICAg ICAgICAgQXMgYSByZWRpcmVjdGlvbi1iYXNlZCBmbG93LCB0aGUgY2xpZW50IG11c3QgYmUgY2Fw YWJsZSBvZiBpbnRlcmFjdGluZyB3aXRoIHRoZQogICAgICAgICAgcmVzb3VyY2Ugb3duZXIncyB1 c2VyLWFnZW50ICh0eXBpY2FsbHkgYSB3ZWIgYnJvd3NlcikgYW5kIGNhcGFibGUgb2YgcmVjZWl2 aW5nIGluY29taW5nCiAgICAgICAgICByZXF1ZXN0cyAodmlhIHJlZGlyZWN0aW9uKSBmcm9tIHRo ZSBhdXRob3JpemF0aW9uIHNlcnZlci4KICAgICAgICAKPC9wPgo8cD4KICAgICAgICAgIFVubGlr ZSB0aGUgYXV0aG9yaXphdGlvbiBjb2RlIGdyYW50IHR5cGUgaW4gd2hpY2ggdGhlIGNsaWVudCBt YWtlcyBzZXBhcmF0ZSByZXF1ZXN0cyBmb3IKICAgICAgICAgIGF1dGhvcml6YXRpb24gYW5kIGFj Y2VzcyB0b2tlbiwgdGhlIGNsaWVudCByZWNlaXZlcyB0aGUgYWNjZXNzIHRva2VuIGFzIHRoZSBy ZXN1bHQgb2YgdGhlCiAgICAgICAgICBhdXRob3JpemF0aW9uIHJlcXVlc3QuCiAgICAgICAgCjwv cD4KPHA+CiAgICAgICAgICBUaGUgaW1wbGljaXQgZ3JhbnQgdHlwZSBkb2VzIG5vdCBpbmNsdWRl IGNsaWVudCBhdXRoZW50aWNhdGlvbiwgYW5kIHJlbGllcyBvbiB0aGUKICAgICAgICAgIHByZXNl bmNlIG9mIHRoZSByZXNvdXJjZSBvd25lciBhbmQgdGhlIHJlZ2lzdHJhdGlvbiBvZiB0aGUgcmVk aXJlY3Rpb24gVVJJLiBCZWNhdXNlIHRoZQogICAgICAgICAgYWNjZXNzIHRva2VuIGlzIGVuY29k ZWQgaW50byB0aGUgcmVkaXJlY3Rpb24gVVJJLCBpdCBtYXkgYmUgZXhwb3NlZCB0byB0aGUgcmVz b3VyY2Ugb3duZXIKICAgICAgICAgIGFuZCBvdGhlciBhcHBsaWNhdGlvbnMgcmVzaWRpbmcgb24g dGhlIHNhbWUgZGV2aWNlLgogICAgICAgIAo8L3A+PGJyIC8+PGhyIGNsYXNzPSJpbnNlcnQiIC8+ CjxhIG5hbWU9IkZpZ3VyZS00Ij48L2E+CjxkaXYgc3R5bGU9J2Rpc3BsYXk6IHRhYmxlOyB3aWR0 aDogMDsgbWFyZ2luLWxlZnQ6IDNlbTsgbWFyZ2luLXJpZ2h0OiBhdXRvJz48cHJlPgogICstLS0t LS0tLS0tKwogIHwgUmVzb3VyY2UgfAogIHwgIE93bmVyICAgfAogIHwgICAgICAgICAgfAogICst LS0tLS0tLS0tKwogICAgICAgXgogICAgICAgfAogICAgICAoQikKICArLS0tLXwtLS0tLSsgICAg ICAgICAgQ2xpZW50IElkZW50aWZpZXIgICAgICstLS0tLS0tLS0tLS0tLS0rCiAgfCAgICAgICAg IC0rLS0tLShBKS0tICZhbXA7IFJlZGlyZWN0aW9uIFVSSSAtLS0mZ3Q7fCAgICAgICAgICAgICAg IHwKICB8ICBVc2VyLSAgIHwgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHwgQXV0aG9y aXphdGlvbiB8CiAgfCAgQWdlbnQgIC18LS0tLShCKS0tIFVzZXIgYXV0aGVudGljYXRlcyAtLSZn dDt8ICAgICBTZXJ2ZXIgICAgfAogIHwgICAgICAgICAgfCAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgfCAgICAgICAgICAgICAgIHwKICB8ICAgICAgICAgIHwmbHQ7LS0tKEMpLS0tIFJl ZGlyZWN0aW9uIFVSSSAtLS0tJmx0O3wgICAgICAgICAgICAgICB8CiAgfCAgICAgICAgICB8ICAg ICAgICAgIHdpdGggQWNjZXNzIFRva2VuICAgICArLS0tLS0tLS0tLS0tLS0tKwogIHwgICAgICAg ICAgfCAgICAgICAgICAgIGluIEZyYWdtZW50CiAgfCAgICAgICAgICB8ICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICArLS0tLS0tLS0tLS0tLS0tKwogIHwgICAgICAgICAgfC0tLS0oRCkt LS0gUmVkaXJlY3Rpb24gVVJJIC0tLS0mZ3Q7fCAgIFdlYi1Ib3N0ZWQgIHwKICB8ICAgICAgICAg IHwgICAgICAgICAgd2l0aG91dCBGcmFnbWVudCAgICAgIHwgICAgIENsaWVudCAgICB8CiAgfCAg ICAgICAgICB8ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICB8ICAgIFJlc291cmNlICAg fAogIHwgICAgIChGKSAgfCZsdDstLS0oRSktLS0tLS0tIFNjcmlwdCAtLS0tLS0tLS0mbHQ7fCAg ICAgICAgICAgICAgIHwKICB8ICAgICAgICAgIHwgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICstLS0tLS0tLS0tLS0tLS0rCiAgKy18LS0tLS0tLS0rCiAgICB8ICAgIHwKICAgKEEpICAo RykgQWNjZXNzIFRva2VuCiAgICB8ICAgIHwKICAgIF4gICAgdgogICstLS0tLS0tLS0rCiAgfCAg ICAgICAgIHwKICB8ICBDbGllbnQgfAogIHwgICAgICAgICB8CiAgKy0tLS0tLS0tLSsKPC9wcmU+ PC9kaXY+CjxwPgogICAgICAgICAgICBOb3RlOiBUaGUgbGluZXMgaWxsdXN0cmF0aW5nIHN0ZXBz IEEgYW5kIEIgYXJlIGJyb2tlbiBpbnRvIHR3byBwYXJ0cyBhcyB0aGV5IHBhc3MKICAgICAgICAg ICAgdGhyb3VnaCB0aGUgdXNlci1hZ2VudC4KICAgICAgICAgIAo8L3A+PHRhYmxlIGJvcmRlcj0i MCIgY2VsbHBhZGRpbmc9IjAiIGNlbGxzcGFjaW5nPSIyIiBhbGlnbj0iY2VudGVyIj48dHI+PHRk IGFsaWduPSJjZW50ZXIiPjxmb250IGZhY2U9Im1vbmFjbywgTVMgU2FucyBTZXJpZiIgc2l6ZT0i MSI+PGI+Jm5ic3A7RmlndXJlJm5ic3A7NDogSW1wbGljaXQgR3JhbnQgRmxvdyZuYnNwOzwvYj48 L2ZvbnQ+PGJyIC8+PC90ZD48L3RyPjwvdGFibGU+PGhyIGNsYXNzPSJpbnNlcnQiIC8+Cgo8cD4K ICAgICAgICAgIFRoZSBmbG93IGlsbHVzdHJhdGVkIGluIDxhIGNsYXNzPSdpbmZvJyBocmVmPScj RmlndXJlLTQnPkZpZ3VyZSZuYnNwOzQ8c3Bhbj4gKDwvc3Bhbj48c3BhbiBjbGFzcz0naW5mbyc+ SW1wbGljaXQgR3JhbnQgRmxvdzwvc3Bhbj48c3Bhbj4pPC9zcGFuPjwvYT4gaW5jbHVkZXMgdGhl IGZvbGxvd2luZyBzdGVwczoKICAgICAgICAKPC9wPgo8cD4KICAgICAgICAgIDwvcD4KPGJsb2Nr cXVvdGUgY2xhc3M9InRleHQiPjxkbD4KPGR0PihBKTwvZHQ+CjxkZD4KICAgICAgICAgICAgICBU aGUgY2xpZW50IGluaXRpYXRlcyB0aGUgZmxvdyBieSBkaXJlY3RpbmcgdGhlIHJlc291cmNlIG93 bmVyJ3MgdXNlci1hZ2VudCB0byB0aGUKICAgICAgICAgICAgICBhdXRob3JpemF0aW9uIGVuZHBv aW50LiBUaGUgY2xpZW50IGluY2x1ZGVzIGl0cyBjbGllbnQgaWRlbnRpZmllciwgcmVxdWVzdGVk CiAgICAgICAgICAgICAgc2NvcGUsIGxvY2FsIHN0YXRlLCBhbmQgYSByZWRpcmVjdGlvbiBVUkkg dG8gd2hpY2ggdGhlIGF1dGhvcml6YXRpb24gc2VydmVyIHdpbGwgc2VuZAogICAgICAgICAgICAg IHRoZSB1c2VyLWFnZW50IGJhY2sgb25jZSBhY2Nlc3MgaXMgZ3JhbnRlZCAob3IgZGVuaWVkKS4K ICAgICAgICAgICAgCjwvZGQ+CjxkdD4oQik8L2R0Pgo8ZGQ+CiAgICAgICAgICAgICAgVGhlIGF1 dGhvcml6YXRpb24gc2VydmVyIGF1dGhlbnRpY2F0ZXMgdGhlIHJlc291cmNlIG93bmVyICh2aWEg dGhlIHVzZXItYWdlbnQpIGFuZAogICAgICAgICAgICAgIGVzdGFibGlzaGVzIHdoZXRoZXIgdGhl IHJlc291cmNlIG93bmVyIGdyYW50cyBvciBkZW5pZXMgdGhlIGNsaWVudCdzIGFjY2VzcyByZXF1 ZXN0LgogICAgICAgICAgICAKPC9kZD4KPGR0PihDKTwvZHQ+CjxkZD4KICAgICAgICAgICAgICBB c3N1bWluZyB0aGUgcmVzb3VyY2Ugb3duZXIgZ3JhbnRzIGFjY2VzcywgdGhlIGF1dGhvcml6YXRp b24gc2VydmVyIHJlZGlyZWN0cyB0aGUKICAgICAgICAgICAgICB1c2VyLWFnZW50IGJhY2sgdG8g dGhlIGNsaWVudCB1c2luZyB0aGUgcmVkaXJlY3Rpb24gVVJJIHByb3ZpZGVkIGVhcmxpZXIuIFRo ZQogICAgICAgICAgICAgIHJlZGlyZWN0aW9uIFVSSSBpbmNsdWRlcyB0aGUgYWNjZXNzIHRva2Vu IGluIHRoZSBVUkkgZnJhZ21lbnQuCiAgICAgICAgICAgIAo8L2RkPgo8ZHQ+KEQpPC9kdD4KPGRk PgogICAgICAgICAgICAgIFRoZSB1c2VyLWFnZW50IGZvbGxvd3MgdGhlIHJlZGlyZWN0aW9uIGlu c3RydWN0aW9ucyBieSBtYWtpbmcgYSByZXF1ZXN0IHRvIHRoZQogICAgICAgICAgICAgIHdlYi1o b3N0ZWQgY2xpZW50IHJlc291cmNlICh3aGljaCBkb2VzIG5vdCBpbmNsdWRlIHRoZSBmcmFnbWVu dCBwZXIKICAgICAgICAgICAgICA8YSBjbGFzcz0naW5mbycgaHJlZj0nI1JGQzI2MTYnPltSRkMy NjE2XTxzcGFuPiAoPC9zcGFuPjxzcGFuIGNsYXNzPSdpbmZvJz5GaWVsZGluZywgUi4sIEdldHR5 cywgSi4sIE1vZ3VsLCBKLiwgRnJ5c3R5aywgSC4sIE1hc2ludGVyLCBMLiwgTGVhY2gsIFAuLCBh bmQgVC4gQmVybmVycy1MZWUsICZsZHF1bztIeXBlcnRleHQgVHJhbnNmZXIgUHJvdG9jb2wgLS0g SFRUUC8xLjEsJnJkcXVvOyBKdW5lJm5ic3A7MTk5OS48L3NwYW4+PHNwYW4+KTwvc3Bhbj48L2E+ KS4gVGhlIHVzZXItYWdlbnQgcmV0YWlucyB0aGUgZnJhZ21lbnQgaW5mb3JtYXRpb24gbG9jYWxs eS4KICAgICAgICAgICAgCjwvZGQ+CjxkdD4oRSk8L2R0Pgo8ZGQ+CiAgICAgICAgICAgICAgVGhl IHdlYi1ob3N0ZWQgY2xpZW50IHJlc291cmNlIHJldHVybnMgYSB3ZWIgcGFnZSAodHlwaWNhbGx5 IGFuIEhUTUwgZG9jdW1lbnQgd2l0aCBhbgogICAgICAgICAgICAgIGVtYmVkZGVkIHNjcmlwdCkg Y2FwYWJsZSBvZiBhY2Nlc3NpbmcgdGhlIGZ1bGwgcmVkaXJlY3Rpb24gVVJJIGluY2x1ZGluZyB0 aGUgZnJhZ21lbnQKICAgICAgICAgICAgICByZXRhaW5lZCBieSB0aGUgdXNlci1hZ2VudCwgYW5k IGV4dHJhY3RpbmcgdGhlIGFjY2VzcyB0b2tlbiAoYW5kIG90aGVyIHBhcmFtZXRlcnMpCiAgICAg ICAgICAgICAgY29udGFpbmVkIGluIHRoZSBmcmFnbWVudC4KICAgICAgICAgICAgCjwvZGQ+Cjxk dD4oRik8L2R0Pgo8ZGQ+CiAgICAgICAgICAgICAgVGhlIHVzZXItYWdlbnQgZXhlY3V0ZXMgdGhl IHNjcmlwdCBwcm92aWRlZCBieSB0aGUgd2ViLWhvc3RlZCBjbGllbnQgcmVzb3VyY2UKICAgICAg ICAgICAgICBsb2NhbGx5LCB3aGljaCBleHRyYWN0cyB0aGUgYWNjZXNzIHRva2VuIGFuZCBwYXNz ZXMgaXQgdG8gdGhlIGNsaWVudC4KICAgICAgICAgICAgCjwvZGQ+CjwvZGw+PC9ibG9ja3F1b3Rl PjxwPgogICAgICAgIAo8L3A+CjxhIG5hbWU9ImltcGxpY2l0LWF1dGh6LXJlcSI+PC9hPjxiciAv PjxociAvPgo8dGFibGUgc3VtbWFyeT0ibGF5b3V0IiBjZWxscGFkZGluZz0iMCIgY2VsbHNwYWNp bmc9IjIiIGNsYXNzPSJUT0NidWciIGFsaWduPSJyaWdodCI+PHRyPjx0ZCBjbGFzcz0iVE9DYnVn Ij48YSBocmVmPSIjdG9jIj4mbmJzcDtUT0MmbmJzcDs8L2E+PC90ZD48L3RyPjwvdGFibGU+Cjxh IG5hbWU9InJmYy5zZWN0aW9uLjQuMi4xIj48L2E+PGgzPjQuMi4xLiZuYnNwOwpBdXRob3JpemF0 aW9uIFJlcXVlc3Q8L2gzPgoKPHA+CiAgICAgICAgICAgIFRoZSBjbGllbnQgY29uc3RydWN0cyB0 aGUgcmVxdWVzdCBVUkkgYnkgYWRkaW5nIHRoZSBmb2xsb3dpbmcgcGFyYW1ldGVycyB0byB0aGUK ICAgICAgICAgICAgcXVlcnkgY29tcG9uZW50IG9mIHRoZSBhdXRob3JpemF0aW9uIGVuZHBvaW50 IFVSSSB1c2luZyB0aGUKICAgICAgICAgICAgPHR0PmFwcGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJs ZW5jb2RlZDwvdHQ+IGZvcm1hdDoKICAgICAgICAgIAo8L3A+CjxwPgogICAgICAgICAgICA8L3A+ CjxibG9ja3F1b3RlIGNsYXNzPSJ0ZXh0Ij48ZGw+CjxkdD5yZXNwb25zZV90eXBlPC9kdD4KPGRk PgogICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICBSRVFVSVJFRC4gVmFsdWUgTVVTVCBi ZSBzZXQgdG8gPHR0PnRva2VuPC90dD4uCiAgICAgICAgICAgICAgCjwvZGQ+CjxkdD5jbGllbnRf aWQ8L2R0Pgo8ZGQ+CiAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgIFJFUVVJUkVELiBU aGUgY2xpZW50IGlkZW50aWZpZXIgYXMgZGVzY3JpYmVkIGluCiAgICAgICAgICAgICAgICA8YSBj bGFzcz0naW5mbycgaHJlZj0nI2NsaWVudC1pZGVudGlmaWVyJz5TZWN0aW9uJm5ic3A7Mi4yPHNw YW4+ICg8L3NwYW4+PHNwYW4gY2xhc3M9J2luZm8nPkNsaWVudCBJZGVudGlmaWVyPC9zcGFuPjxz cGFuPik8L3NwYW4+PC9hPi4KICAgICAgICAgICAgICAKPC9kZD4KPGR0PnJlZGlyZWN0X3VyaTwv ZHQ+CjxkZD4KICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgT1BUSU9OQUwuIEFzIGRl c2NyaWJlZCBpbiA8YSBjbGFzcz0naW5mbycgaHJlZj0nI3JlZGlyZWN0LXVyaSc+U2VjdGlvbiZu YnNwOzMuMS4yPHNwYW4+ICg8L3NwYW4+PHNwYW4gY2xhc3M9J2luZm8nPlJlZGlyZWN0aW9uIEVu ZHBvaW50PC9zcGFuPjxzcGFuPik8L3NwYW4+PC9hPi4KICAgICAgICAgICAgICAKPC9kZD4KPGR0 PnNjb3BlPC9kdD4KPGRkPgogICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICBPUFRJT05B TC4gVGhlIHNjb3BlIG9mIHRoZSBhY2Nlc3MgcmVxdWVzdCBhcyBkZXNjcmliZWQgYnkgPGEgY2xh c3M9J2luZm8nIGhyZWY9JyNzY29wZSc+U2VjdGlvbiZuYnNwOzMuMzxzcGFuPiAoPC9zcGFuPjxz cGFuIGNsYXNzPSdpbmZvJz5BY2Nlc3MgVG9rZW4gU2NvcGU8L3NwYW4+PHNwYW4+KTwvc3Bhbj48 L2E+LgogICAgICAgICAgICAgIAo8L2RkPgo8ZHQ+c3RhdGU8L2R0Pgo8ZGQ+CiAgICAgICAgICAg ICAgICAKICAgICAgICAgICAgICAgIFJFQ09NTUVOREVELiBBbiBvcGFxdWUgdmFsdWUgdXNlZCBi eSB0aGUgY2xpZW50IHRvIG1haW50YWluIHN0YXRlIGJldHdlZW4gdGhlIHJlcXVlc3QKICAgICAg ICAgICAgICAgIGFuZCBjYWxsYmFjay4gVGhlIGF1dGhvcml6YXRpb24gc2VydmVyIGluY2x1ZGVz IHRoaXMgdmFsdWUgd2hlbiByZWRpcmVjdGluZyB0aGUKICAgICAgICAgICAgICAgIHVzZXItYWdl bnQgYmFjayB0byB0aGUgY2xpZW50LiBUaGUgcGFyYW1ldGVyIFNIT1VMRCBiZSB1c2VkIGZvciBw cmV2ZW50aW5nCiAgICAgICAgICAgICAgICBjcm9zcy1zaXRlIHJlcXVlc3QgZm9yZ2VyeSBhcyBk ZXNjcmliZWQgaW4gPGEgY2xhc3M9J2luZm8nIGhyZWY9JyNDU1JGJz5TZWN0aW9uJm5ic3A7MTAu MTI8c3Bhbj4gKDwvc3Bhbj48c3BhbiBjbGFzcz0naW5mbyc+Q3Jvc3MtU2l0ZSBSZXF1ZXN0IEZv cmdlcnk8L3NwYW4+PHNwYW4+KTwvc3Bhbj48L2E+LgogICAgICAgICAgICAgIAo8L2RkPgo8L2Rs PjwvYmxvY2txdW90ZT48cD4KICAgICAgICAgIAo8L3A+CjxwPgogICAgICAgICAgICBUaGUgY2xp ZW50IGRpcmVjdHMgdGhlIHJlc291cmNlIG93bmVyIHRvIHRoZSBjb25zdHJ1Y3RlZCBVUkkgdXNp bmcgYW4gSFRUUCByZWRpcmVjdGlvbgogICAgICAgICAgICByZXNwb25zZSwgb3IgYnkgb3RoZXIg bWVhbnMgYXZhaWxhYmxlIHRvIGl0IHZpYSB0aGUgdXNlci1hZ2VudC4KICAgICAgICAgIAo8L3A+ CjxwPgogICAgICAgICAgICAgIEZvciBleGFtcGxlLCB0aGUgY2xpZW50IGRpcmVjdHMgdGhlIHVz ZXItYWdlbnQgdG8gbWFrZSB0aGUgZm9sbG93aW5nIEhUVFAgcmVxdWVzdAogICAgICAgICAgICAg IHVzaW5nIFRMUyAoZXh0cmEgbGluZSBicmVha3MgYXJlIGZvciBkaXNwbGF5IHB1cnBvc2VzIG9u bHkpOgogICAgICAgICAgICAKPC9wPjxkaXYgc3R5bGU9J2Rpc3BsYXk6IHRhYmxlOyB3aWR0aDog MDsgbWFyZ2luLWxlZnQ6IDNlbTsgbWFyZ2luLXJpZ2h0OiBhdXRvJz48cHJlPgogIEdFVCAvYXV0 aG9yaXplP3Jlc3BvbnNlX3R5cGU9dG9rZW4mYW1wO2NsaWVudF9pZD1zNkJoZFJrcXQzJmFtcDtz dGF0ZT14eXoKICAgICAgJmFtcDtyZWRpcmVjdF91cmk9aHR0cHMlM0ElMkYlMkZjbGllbnQlMkVl eGFtcGxlJTJFY29tJTJGY2IgSFRUUC8xLjEKICBIb3N0OiBzZXJ2ZXIuZXhhbXBsZS5jb20KPC9w cmU+PC9kaXY+CjxwPgogICAgICAgICAgICBUaGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgdmFsaWRh dGVzIHRoZSByZXF1ZXN0IHRvIGVuc3VyZSBhbGwgcmVxdWlyZWQgcGFyYW1ldGVycyBhcmUKICAg ICAgICAgICAgcHJlc2VudCBhbmQgdmFsaWQuIFRoZSBhdXRob3JpemF0aW9uIHNlcnZlciBNVVNU IHZlcmlmeSB0aGF0IHRoZSByZWRpcmVjdGlvbiBVUkkgdG8gd2hpY2gKICAgICAgICAgICAgaXQg d2lsbCByZWRpcmVjdCB0aGUgYWNjZXNzIHRva2VuIG1hdGNoZXMgYSByZWRpcmVjdGlvbiBVUkkg cmVnaXN0ZXJlZCBieSB0aGUgY2xpZW50IGFzCiAgICAgICAgICAgIGRlc2NyaWJlZCBpbiA8YSBj bGFzcz0naW5mbycgaHJlZj0nI3JlZGlyZWN0LXVyaSc+U2VjdGlvbiZuYnNwOzMuMS4yPHNwYW4+ ICg8L3NwYW4+PHNwYW4gY2xhc3M9J2luZm8nPlJlZGlyZWN0aW9uIEVuZHBvaW50PC9zcGFuPjxz cGFuPik8L3NwYW4+PC9hPi4KICAgICAgICAgIAo8L3A+CjxwPgogICAgICAgICAgICBJZiB0aGUg cmVxdWVzdCBpcyB2YWxpZCwgdGhlIGF1dGhvcml6YXRpb24gc2VydmVyIGF1dGhlbnRpY2F0ZXMg dGhlIHJlc291cmNlIG93bmVyIGFuZAogICAgICAgICAgICBvYnRhaW5zIGFuIGF1dGhvcml6YXRp b24gZGVjaXNpb24gKGJ5IGFza2luZyB0aGUgcmVzb3VyY2Ugb3duZXIgb3IgYnkgZXN0YWJsaXNo aW5nCiAgICAgICAgICAgIGFwcHJvdmFsIHZpYSBvdGhlciBtZWFucykuCiAgICAgICAgICAKPC9w Pgo8cD4KICAgICAgICAgICAgV2hlbiBhIGRlY2lzaW9uIGlzIGVzdGFibGlzaGVkLCB0aGUgYXV0 aG9yaXphdGlvbiBzZXJ2ZXIgZGlyZWN0cyB0aGUgdXNlci1hZ2VudCB0byB0aGUKICAgICAgICAg ICAgcHJvdmlkZWQgY2xpZW50IHJlZGlyZWN0aW9uIFVSSSB1c2luZyBhbiBIVFRQIHJlZGlyZWN0 aW9uIHJlc3BvbnNlLCBvciBieSBvdGhlciBtZWFucwogICAgICAgICAgICBhdmFpbGFibGUgdG8g aXQgdmlhIHRoZSB1c2VyLWFnZW50LgogICAgICAgICAgCjwvcD4KPGEgbmFtZT0iaW1wbGljaXQt YXV0aHotcmVzcCI+PC9hPjxiciAvPjxociAvPgo8dGFibGUgc3VtbWFyeT0ibGF5b3V0IiBjZWxs cGFkZGluZz0iMCIgY2VsbHNwYWNpbmc9IjIiIGNsYXNzPSJUT0NidWciIGFsaWduPSJyaWdodCI+ PHRyPjx0ZCBjbGFzcz0iVE9DYnVnIj48YSBocmVmPSIjdG9jIj4mbmJzcDtUT0MmbmJzcDs8L2E+ PC90ZD48L3RyPjwvdGFibGU+CjxhIG5hbWU9InJmYy5zZWN0aW9uLjQuMi4yIj48L2E+PGgzPjQu Mi4yLiZuYnNwOwpBY2Nlc3MgVG9rZW4gUmVzcG9uc2U8L2gzPgoKPHA+CiAgICAgICAgICAgIElm IHRoZSByZXNvdXJjZSBvd25lciBncmFudHMgdGhlIGFjY2VzcyByZXF1ZXN0LCB0aGUgYXV0aG9y aXphdGlvbiBzZXJ2ZXIgaXNzdWVzIGFuCiAgICAgICAgICAgIGFjY2VzcyB0b2tlbiBhbmQgZGVs aXZlcnMgaXQgdG8gdGhlIGNsaWVudCBieSBhZGRpbmcgdGhlIGZvbGxvd2luZyBwYXJhbWV0ZXJz IHRvCiAgICAgICAgICAgIHRoZSBmcmFnbWVudCBjb21wb25lbnQgb2YgdGhlIHJlZGlyZWN0aW9u IFVSSSB1c2luZyB0aGUKICAgICAgICAgICAgPHR0PmFwcGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJs ZW5jb2RlZDwvdHQ+IGZvcm1hdDoKICAgICAgICAgIAo8L3A+CjxwPgogICAgICAgICAgICA8L3A+ CjxibG9ja3F1b3RlIGNsYXNzPSJ0ZXh0Ij48ZGw+CjxkdD5hY2Nlc3NfdG9rZW48L2R0Pgo8ZGQ+ CiAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgIFJFUVVJUkVELiBUaGUgYWNjZXNzIHRv a2VuIGlzc3VlZCBieSB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIuCiAgICAgICAgICAgICAgCjwv ZGQ+CjxkdD50b2tlbl90eXBlPC9kdD4KPGRkPgogICAgICAgICAgICAgICAgCiAgICAgICAgICAg ICAgICBSRVFVSVJFRC4gVGhlIHR5cGUgb2YgdGhlIHRva2VuIGlzc3VlZCBhcyBkZXNjcmliZWQg aW4KICAgICAgICAgICAgICAgIDxhIGNsYXNzPSdpbmZvJyBocmVmPScjdG9rZW4tdHlwZXMnPlNl Y3Rpb24mbmJzcDs3LjE8c3Bhbj4gKDwvc3Bhbj48c3BhbiBjbGFzcz0naW5mbyc+QWNjZXNzIFRv a2VuIFR5cGVzPC9zcGFuPjxzcGFuPik8L3NwYW4+PC9hPi4gVmFsdWUgaXMgY2FzZSBpbnNlbnNp dGl2ZS4KICAgICAgICAgICAgICAKPC9kZD4KPGR0PmV4cGlyZXNfaW48L2R0Pgo8ZGQ+CiAgICAg ICAgICAgICAgICAKICAgICAgICAgICAgICAgIFJFQ09NTUVOREVELiBUaGUgbGlmZXRpbWUgaW4g c2Vjb25kcyBvZiB0aGUgYWNjZXNzIHRva2VuLiBGb3IgZXhhbXBsZSwgdGhlIHZhbHVlCiAgICAg ICAgICAgICAgICA8dHQ+MzYwMDwvdHQ+IGRlbm90ZXMgdGhhdCB0aGUgYWNjZXNzIHRva2VuIHdp bGwgZXhwaXJlIGluIG9uZQogICAgICAgICAgICAgICAgaG91ciBmcm9tIHRoZSB0aW1lIHRoZSBy ZXNwb25zZSB3YXMgZ2VuZXJhdGVkLiBJZiBvbWl0dGVkLCB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2 ZXIKICAgICAgICAgICAgICAgIFNIT1VMRCBwcm92aWRlIHRoZSBleHBpcmF0aW9uIHRpbWUgdmlh IG90aGVyIG1lYW5zIG9yIGRvY3VtZW50IHRoZSBkZWZhdWx0IHZhbHVlLgogICAgICAgICAgICAg IAo8L2RkPgo8ZHQ+c2NvcGU8L2R0Pgo8ZGQ+CiAgICAgICAgICAgICAgICAKICAgICAgICAgICAg ICAgIE9QVElPTkFMLCBpZiBpZGVudGljYWwgdG8gdGhlIHNjb3BlIHJlcXVlc3RlZCBieSB0aGUg Y2xpZW50LCBvdGhlcndpc2UgUkVRVUlSRUQuIFRoZQogICAgICAgICAgICAgICAgc2NvcGUgb2Yg dGhlIGFjY2VzcyB0b2tlbiBhcyBkZXNjcmliZWQgYnkgPGEgY2xhc3M9J2luZm8nIGhyZWY9JyNz Y29wZSc+U2VjdGlvbiZuYnNwOzMuMzxzcGFuPiAoPC9zcGFuPjxzcGFuIGNsYXNzPSdpbmZvJz5B Y2Nlc3MgVG9rZW4gU2NvcGU8L3NwYW4+PHNwYW4+KTwvc3Bhbj48L2E+LgogICAgICAgICAgICAg IAo8L2RkPgo8ZHQ+c3RhdGU8L2R0Pgo8ZGQ+CiAgICAgICAgICAgICAgICAKICAgICAgICAgICAg ICAgIFJFUVVJUkVEIGlmIHRoZSA8dHQ+c3RhdGU8L3R0PiBwYXJhbWV0ZXIgd2FzIHByZXNlbnQg aW4gdGhlCiAgICAgICAgICAgICAgICBjbGllbnQgYXV0aG9yaXphdGlvbiByZXF1ZXN0LiBUaGUg ZXhhY3QgdmFsdWUgcmVjZWl2ZWQgZnJvbSB0aGUgY2xpZW50LgogICAgICAgICAgICAgIAo8L2Rk Pgo8L2RsPjwvYmxvY2txdW90ZT48cD4KICAgICAgICAgIAo8L3A+CjxwPgogICAgICAgICAgICBU aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgTVVTVCBOT1QgaXNzdWUgYSByZWZyZXNoIHRva2VuLgog ICAgICAgICAgCjwvcD4KPHA+CiAgICAgICAgICAgICAgRm9yIGV4YW1wbGUsIHRoZSBhdXRob3Jp emF0aW9uIHNlcnZlciByZWRpcmVjdHMgdGhlIHVzZXItYWdlbnQgYnkgc2VuZGluZyB0aGUKICAg ICAgICAgICAgICBmb2xsb3dpbmcgSFRUUCByZXNwb25zZSAoVVJJIGV4dHJhIGxpbmUgYnJlYWtz IGFyZSBmb3IgZGlzcGxheSBwdXJwb3NlcyBvbmx5KToKICAgICAgICAgICAgCjwvcD48ZGl2IHN0 eWxlPSdkaXNwbGF5OiB0YWJsZTsgd2lkdGg6IDA7IG1hcmdpbi1sZWZ0OiAzZW07IG1hcmdpbi1y aWdodDogYXV0byc+PHByZT4KICBIVFRQLzEuMSAzMDIgRm91bmQKICBMb2NhdGlvbjogaHR0cDov L2V4YW1wbGUuY29tL2NiI2FjY2Vzc190b2tlbj0yWW90bkZaRkVqcjF6Q3NpY01XcEFBCiAgICAg ICAgICAgICZhbXA7c3RhdGU9eHl6JmFtcDt0b2tlbl90eXBlPWV4YW1wbGUmYW1wO2V4cGlyZXNf aW49MzYwMAo8L3ByZT48L2Rpdj4KPHA+CiAgICAgICAgICAgICAgRGV2ZWxvcGVycyBzaG91bGQg bm90ZSB0aGF0IHNvbWUgdXNlci1hZ2VudHMgZG8gbm90IHN1cHBvcnQgdGhlIGluY2x1c2lvbiBv ZiBhCiAgICAgICAgICAgICAgZnJhZ21lbnQgY29tcG9uZW50IGluIHRoZSBIVFRQIDx0dD5Mb2Nh dGlvbjwvdHQ+IHJlc3BvbnNlIGhlYWRlcgogICAgICAgICAgICAgIGZpZWxkLiBTdWNoIGNsaWVu dHMgd2lsbCByZXF1aXJlIHVzaW5nIG90aGVyIG1ldGhvZHMgZm9yIHJlZGlyZWN0aW5nIHRoZSBj bGllbnQgdGhhbgogICAgICAgICAgICAgIGEgM3h4IHJlZGlyZWN0aW9uIHJlc3BvbnNlLiBGb3Ig ZXhhbXBsZSwgcmV0dXJuaW5nIGFuIEhUTUwgcGFnZSB3aGljaCBpbmNsdWRlcyBhCiAgICAgICAg ICAgICAgJ2NvbnRpbnVlJyBidXR0b24gd2l0aCBhbiBhY3Rpb24gbGlua2VkIHRvIHRoZSByZWRp cmVjdGlvbiBVUkkuCiAgICAgICAgICAgIAo8L3A+CjxwPgogICAgICAgICAgICBUaGUgY2xpZW50 IE1VU1QgaWdub3JlIHVucmVjb2duaXplZCByZXNwb25zZSBwYXJhbWV0ZXJzLiBUaGUgYWNjZXNz IHRva2VuIHN0cmluZyBzaXplCiAgICAgICAgICAgIGlzIGxlZnQgdW5kZWZpbmVkIGJ5IHRoaXMg c3BlY2lmaWNhdGlvbi4gVGhlIGNsaWVudCBzaG91bGQgYXZvaWQgbWFraW5nIGFzc3VtcHRpb25z CiAgICAgICAgICAgIGFib3V0IHZhbHVlIHNpemVzLiBUaGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIg U0hPVUxEIGRvY3VtZW50IHRoZSBzaXplIG9mIGFueSB2YWx1ZSBpdAogICAgICAgICAgICBpc3N1 ZXMuCiAgICAgICAgICAKPC9wPgo8YSBuYW1lPSJpbXBsaWNpdC1hdXRoei1lcnJvciI+PC9hPjxi ciAvPjxociAvPgo8dGFibGUgc3VtbWFyeT0ibGF5b3V0IiBjZWxscGFkZGluZz0iMCIgY2VsbHNw YWNpbmc9IjIiIGNsYXNzPSJUT0NidWciIGFsaWduPSJyaWdodCI+PHRyPjx0ZCBjbGFzcz0iVE9D YnVnIj48YSBocmVmPSIjdG9jIj4mbmJzcDtUT0MmbmJzcDs8L2E+PC90ZD48L3RyPjwvdGFibGU+ CjxhIG5hbWU9InJmYy5zZWN0aW9uLjQuMi4yLjEiPjwvYT48aDM+NC4yLjIuMS4mbmJzcDsKRXJy b3IgUmVzcG9uc2U8L2gzPgoKPHA+CiAgICAgICAgICAgICAgSWYgdGhlIHJlcXVlc3QgZmFpbHMg ZHVlIHRvIGEgbWlzc2luZywgaW52YWxpZCwgb3IgbWlzbWF0Y2hpbmcgcmVkaXJlY3Rpb24gVVJJ LCBvciBpZgogICAgICAgICAgICAgIHRoZSBjbGllbnQgaWRlbnRpZmllciBpcyBtaXNzaW5nIG9y IGludmFsaWQsIHRoZSBhdXRob3JpemF0aW9uIHNlcnZlciBTSE9VTEQgaW5mb3JtCiAgICAgICAg ICAgICAgdGhlIHJlc291cmNlIG93bmVyIG9mIHRoZSBlcnJvciwgYW5kIE1VU1QgTk9UIGF1dG9t YXRpY2FsbHkgcmVkaXJlY3QgdGhlIHVzZXItYWdlbnQKICAgICAgICAgICAgICB0byB0aGUgaW52 YWxpZCByZWRpcmVjdGlvbiBVUkkuCiAgICAgICAgICAgIAo8L3A+CjxwPgogICAgICAgICAgICAg IElmIHRoZSByZXNvdXJjZSBvd25lciBkZW5pZXMgdGhlIGFjY2VzcyByZXF1ZXN0IG9yIGlmIHRo ZSByZXF1ZXN0IGZhaWxzIGZvciByZWFzb25zCiAgICAgICAgICAgICAgb3RoZXIgdGhhbiBhIG1p c3Npbmcgb3IgaW52YWxpZCByZWRpcmVjdGlvbiBVUkksIHRoZSBhdXRob3JpemF0aW9uIHNlcnZl ciBpbmZvcm1zIHRoZQogICAgICAgICAgICAgIGNsaWVudCBieSBhZGRpbmcgdGhlIGZvbGxvd2lu ZyBwYXJhbWV0ZXJzIHRvIHRoZSBmcmFnbWVudCBjb21wb25lbnQgb2YgdGhlCiAgICAgICAgICAg ICAgcmVkaXJlY3Rpb24gVVJJIHVzaW5nIHRoZQogICAgICAgICAgICAgIDx0dD5hcHBsaWNhdGlv bi94LXd3dy1mb3JtLXVybGVuY29kZWQ8L3R0PiBmb3JtYXQ6CiAgICAgICAgICAgIAo8L3A+Cjxw PgogICAgICAgICAgICAgIDwvcD4KPGJsb2NrcXVvdGUgY2xhc3M9InRleHQiPjxkbD4KPGR0PmVy cm9yPC9kdD4KPGRkPgogICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgUkVRVUlS RUQuIEEgc2luZ2xlIEFTQ0lJIDxhIGNsYXNzPSdpbmZvJyBocmVmPScjVVNBU0NJSSc+W1VTQVND SUldPHNwYW4+ICg8L3NwYW4+PHNwYW4gY2xhc3M9J2luZm8nPkFtZXJpY2FuIE5hdGlvbmFsIFN0 YW5kYXJkcyBJbnN0aXR1dGUsICZsZHF1bztDb2RlZCBDaGFyYWN0ZXIgU2V0IC0tIDctYml0IEFt ZXJpY2FuIFN0YW5kYXJkIENvZGUgZm9yIEluZm9ybWF0aW9uIEludGVyY2hhbmdlLCZyZHF1bzsg MTk4Ni48L3NwYW4+PHNwYW4+KTwvc3Bhbj48L2E+IGVycm9yIGNvZGUgZnJvbSB0aGUgZm9sbG93 aW5nOgoKICAgICAgICAgICAgICAgICAgCjxibG9ja3F1b3RlIGNsYXNzPSJ0ZXh0Ij48ZGw+Cjxk dD5pbnZhbGlkX3JlcXVlc3Q8L2R0Pgo8ZGQ+CiAgICAgICAgICAgICAgICAgICAgICAKICAgICAg ICAgICAgICAgICAgICAgIFRoZSByZXF1ZXN0IGlzIG1pc3NpbmcgYSByZXF1aXJlZCBwYXJhbWV0 ZXIsIGluY2x1ZGVzIGFuIGludmFsaWQKICAgICAgICAgICAgICAgICAgICAgIHBhcmFtZXRlciB2 YWx1ZSwgaW5jbHVkZXMgYSBwYXJhbWV0ZXIgbW9yZSB0aGFuIG9uY2UsIG9yIGlzIG90aGVyd2lz ZSBtYWxmb3JtZWQuCiAgICAgICAgICAgICAgICAgICAgCjwvZGQ+CjxkdD51bmF1dGhvcml6ZWRf Y2xpZW50PC9kdD4KPGRkPgogICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAg ICAgICBUaGUgY2xpZW50IGlzIG5vdCBhdXRob3JpemVkIHRvIHJlcXVlc3QgYW4gYWNjZXNzIHRv a2VuIHVzaW5nIHRoaXMgbWV0aG9kLgogICAgICAgICAgICAgICAgICAgIAo8L2RkPgo8ZHQ+YWNj ZXNzX2RlbmllZDwvZHQ+CjxkZD4KICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAg ICAgICAgICAgVGhlIHJlc291cmNlIG93bmVyIG9yIGF1dGhvcml6YXRpb24gc2VydmVyIGRlbmll ZCB0aGUgcmVxdWVzdC4KICAgICAgICAgICAgICAgICAgICAKPC9kZD4KPGR0PnVuc3VwcG9ydGVk X3Jlc3BvbnNlX3R5cGU8L2R0Pgo8ZGQ+CiAgICAgICAgICAgICAgICAgICAgICAKICAgICAgICAg ICAgICAgICAgICAgIFRoZSBhdXRob3JpemF0aW9uIHNlcnZlciBkb2VzIG5vdCBzdXBwb3J0IG9i dGFpbmluZyBhbiBhY2Nlc3MgdG9rZW4gdXNpbmcKICAgICAgICAgICAgICAgICAgICAgIHRoaXMg bWV0aG9kLgogICAgICAgICAgICAgICAgICAgIAo8L2RkPgo8ZHQ+aW52YWxpZF9zY29wZTwvZHQ+ CjxkZD4KICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgVGhlIHJl cXVlc3RlZCBzY29wZSBpcyBpbnZhbGlkLCB1bmtub3duLCBvciBtYWxmb3JtZWQuCiAgICAgICAg ICAgICAgICAgICAgCjwvZGQ+CjxkdD5zZXJ2ZXJfZXJyb3I8L2R0Pgo8ZGQ+CiAgICAgICAgICAg ICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgIFRoZSBhdXRob3JpemF0aW9uIHNlcnZl ciBlbmNvdW50ZXJlZCBhbiB1bmV4cGVjdGVkIGNvbmRpdGlvbiB3aGljaCBwcmV2ZW50ZWQKICAg ICAgICAgICAgICAgICAgICAgIGl0IGZyb20gZnVsZmlsbGluZyB0aGUgcmVxdWVzdC4KICAgICAg ICAgICAgICAgICAgICAKPC9kZD4KPGR0PnRlbXBvcmFyaWx5X3VuYXZhaWxhYmxlPC9kdD4KPGRk PgogICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICBUaGUgYXV0aG9y aXphdGlvbiBzZXJ2ZXIgaXMgY3VycmVudGx5IHVuYWJsZSB0byBoYW5kbGUgdGhlIHJlcXVlc3Qg ZHVlIHRvIGEKICAgICAgICAgICAgICAgICAgICAgIHRlbXBvcmFyeSBvdmVybG9hZGluZyBvciBt YWludGVuYW5jZSBvZiB0aGUgc2VydmVyLgogICAgICAgICAgICAgICAgICAgIAo8L2RkPgo8L2Rs PjwvYmxvY2txdW90ZT4KCgkJICBWYWx1ZXMgZm9yIHRoZSA8dHQ+ZXJyb3I8L3R0PiBwYXJhbWV0 ZXIgTVVTVCBOT1QgaW5jbHVkZQoJCSAgY2hhcmFjdGVycyBvdXRzaWRlIHRoZSBzZXQgJXgyMC0y MSAvICV4MjMtNUIgLyAleDVELTdFLgogICAgICAgICAgICAgICAgCjwvZGQ+CjxkdD5lcnJvcl9k ZXNjcmlwdGlvbjwvZHQ+CjxkZD4KICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAg IE9QVElPTkFMLiBBIGh1bWFuLXJlYWRhYmxlIEFTQ0lJIDxhIGNsYXNzPSdpbmZvJyBocmVmPScj VVNBU0NJSSc+W1VTQVNDSUldPHNwYW4+ICg8L3NwYW4+PHNwYW4gY2xhc3M9J2luZm8nPkFtZXJp Y2FuIE5hdGlvbmFsIFN0YW5kYXJkcyBJbnN0aXR1dGUsICZsZHF1bztDb2RlZCBDaGFyYWN0ZXIg U2V0IC0tIDctYml0IEFtZXJpY2FuIFN0YW5kYXJkIENvZGUgZm9yIEluZm9ybWF0aW9uIEludGVy Y2hhbmdlLCZyZHF1bzsgMTk4Ni48L3NwYW4+PHNwYW4+KTwvc3Bhbj48L2E+IHRleHQgcHJvdmlk aW5nIGFkZGl0aW9uYWwgaW5mb3JtYXRpb24sCiAgICAgICAgICAgICAgICAgIHVzZWQgdG8gYXNz aXN0IHRoZSBjbGllbnQgZGV2ZWxvcGVyIGluIHVuZGVyc3RhbmRpbmcgdGhlIGVycm9yIHRoYXQg b2NjdXJyZWQuCgkJICA8YnIgLz4KCgkJICBWYWx1ZXMgZm9yIHRoZSA8dHQ+ZXJyb3JfZGVzY3Jp cHRpb248L3R0PiBwYXJhbWV0ZXIgTVVTVCBOT1QgaW5jbHVkZQoJCSAgY2hhcmFjdGVycyBvdXRz aWRlIHRoZSBzZXQgJXgyMC0yMSAvICV4MjMtNUIgLyAleDVELTdFLgogICAgICAgICAgICAgICAg CjwvZGQ+CjxkdD5lcnJvcl91cmk8L2R0Pgo8ZGQ+CiAgICAgICAgICAgICAgICAgIAogICAgICAg ICAgICAgICAgICBPUFRJT05BTC4gQSBVUkkgaWRlbnRpZnlpbmcgYSBodW1hbi1yZWFkYWJsZSB3 ZWIgcGFnZSB3aXRoIGluZm9ybWF0aW9uIGFib3V0IHRoZQogICAgICAgICAgICAgICAgICBlcnJv ciwgdXNlZCB0byBwcm92aWRlIHRoZSBjbGllbnQgZGV2ZWxvcGVyIHdpdGggYWRkaXRpb25hbCBp bmZvcm1hdGlvbiBhYm91dCB0aGUKICAgICAgICAgICAgICAgICAgZXJyb3IuCgkJICA8YnIgLz4K CgkJICBWYWx1ZXMgZm9yIHRoZSA8dHQ+ZXJyb3JfdXJpPC90dD4gcGFyYW1ldGVyCgkJICBNVVNU IGNvbmZvcm0gdG8gdGhlIFVSSS1SZWZlcmVuY2Ugc3ludGF4LCBhbmQgdGh1cyBNVVNUIE5PVCBp bmNsdWRlCgkJICBjaGFyYWN0ZXJzIG91dHNpZGUgdGhlIHNldCAleDIxIC8gJXgyMy01QiAvICV4 NUQtN0UuCiAgICAgICAgICAgICAgICAKPC9kZD4KPGR0PnN0YXRlPC9kdD4KPGRkPgogICAgICAg ICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgUkVRVUlSRUQgaWYgYSA8dHQ+c3RhdGU8L3R0 PiBwYXJhbWV0ZXIgd2FzIHByZXNlbnQgaW4gdGhlCiAgICAgICAgICAgICAgICAgIGNsaWVudCBh dXRob3JpemF0aW9uIHJlcXVlc3QuIFRoZSBleGFjdCB2YWx1ZSByZWNlaXZlZCBmcm9tIHRoZSBj bGllbnQuCiAgICAgICAgICAgICAgICAKPC9kZD4KPC9kbD48L2Jsb2NrcXVvdGU+PHA+CiAgICAg ICAgICAgIAo8L3A+CjxwPgogICAgICAgICAgICAgICAgRm9yIGV4YW1wbGUsIHRoZSBhdXRob3Jp emF0aW9uIHNlcnZlciByZWRpcmVjdHMgdGhlIHVzZXItYWdlbnQgYnkgc2VuZGluZyB0aGUKICAg ICAgICAgICAgICAgIGZvbGxvd2luZyBIVFRQIHJlc3BvbnNlOgogICAgICAgICAgICAgIAo8L3A+ PGRpdiBzdHlsZT0nZGlzcGxheTogdGFibGU7IHdpZHRoOiAwOyBtYXJnaW4tbGVmdDogM2VtOyBt YXJnaW4tcmlnaHQ6IGF1dG8nPjxwcmU+CiAgSFRUUC8xLjEgMzAyIEZvdW5kCiAgTG9jYXRpb246 IGh0dHBzOi8vY2xpZW50LmV4YW1wbGUuY29tL2NiI2Vycm9yPWFjY2Vzc19kZW5pZWQmYW1wO3N0 YXRlPXh5ego8L3ByZT48L2Rpdj4KPGEgbmFtZT0iZ3JhbnQtcGFzc3dvcmQiPjwvYT48YnIgLz48 aHIgLz4KPHRhYmxlIHN1bW1hcnk9ImxheW91dCIgY2VsbHBhZGRpbmc9IjAiIGNlbGxzcGFjaW5n PSIyIiBjbGFzcz0iVE9DYnVnIiBhbGlnbj0icmlnaHQiPjx0cj48dGQgY2xhc3M9IlRPQ2J1ZyI+ PGEgaHJlZj0iI3RvYyI+Jm5ic3A7VE9DJm5ic3A7PC9hPjwvdGQ+PC90cj48L3RhYmxlPgo8YSBu YW1lPSJyZmMuc2VjdGlvbi40LjMiPjwvYT48aDM+NC4zLiZuYnNwOwpSZXNvdXJjZSBPd25lciBQ YXNzd29yZCBDcmVkZW50aWFscyBHcmFudDwvaDM+Cgo8cD4KICAgICAgICAgIFRoZSByZXNvdXJj ZSBvd25lciBwYXNzd29yZCBjcmVkZW50aWFscyBncmFudCB0eXBlIGlzIHN1aXRhYmxlIGluIGNh c2VzIHdoZXJlIHRoZQogICAgICAgICAgcmVzb3VyY2Ugb3duZXIgaGFzIGEgdHJ1c3QgcmVsYXRp b25zaGlwIHdpdGggdGhlIGNsaWVudCwgc3VjaCBhcyB0aGUgZGV2aWNlIG9wZXJhdGluZwogICAg ICAgICAgc3lzdGVtIG9yIGEgaGlnaGx5IHByaXZpbGVnZWQgYXBwbGljYXRpb24uIFRoZSBhdXRo b3JpemF0aW9uIHNlcnZlciBzaG91bGQgdGFrZSBzcGVjaWFsCiAgICAgICAgICBjYXJlIHdoZW4g ZW5hYmxpbmcgdGhpcyBncmFudCB0eXBlLCBhbmQgb25seSBhbGxvdyBpdCB3aGVuIG90aGVyIGZs b3dzIGFyZSBub3QgdmlhYmxlLgogICAgICAgIAo8L3A+CjxwPgogICAgICAgICAgVGhlIGdyYW50 IHR5cGUgaXMgc3VpdGFibGUgZm9yIGNsaWVudHMgY2FwYWJsZSBvZiBvYnRhaW5pbmcgdGhlIHJl c291cmNlIG93bmVyJ3MKICAgICAgICAgIGNyZWRlbnRpYWxzICh1c2VybmFtZSBhbmQgcGFzc3dv cmQsIHR5cGljYWxseSB1c2luZyBhbiBpbnRlcmFjdGl2ZSBmb3JtKS4gSXQgaXMgYWxzbyB1c2Vk CiAgICAgICAgICB0byBtaWdyYXRlIGV4aXN0aW5nIGNsaWVudHMgdXNpbmcgZGlyZWN0IGF1dGhl bnRpY2F0aW9uIHNjaGVtZXMgc3VjaCBhcyBIVFRQIEJhc2ljIG9yCiAgICAgICAgICBEaWdlc3Qg YXV0aGVudGljYXRpb24gdG8gT0F1dGggYnkgY29udmVydGluZyB0aGUgc3RvcmVkIGNyZWRlbnRp YWxzIHRvIGFuIGFjY2VzcyB0b2tlbi4KICAgICAgICAKPC9wPjxiciAvPjxociBjbGFzcz0iaW5z ZXJ0IiAvPgo8YSBuYW1lPSJGaWd1cmUtNSI+PC9hPgo8ZGl2IHN0eWxlPSdkaXNwbGF5OiB0YWJs ZTsgd2lkdGg6IDA7IG1hcmdpbi1sZWZ0OiAzZW07IG1hcmdpbi1yaWdodDogYXV0byc+PHByZT4K ICArLS0tLS0tLS0tLSsKICB8IFJlc291cmNlIHwKICB8ICBPd25lciAgIHwKICB8ICAgICAgICAg IHwKICArLS0tLS0tLS0tLSsKICAgICAgIHYKICAgICAgIHwgICAgUmVzb3VyY2UgT3duZXIKICAg ICAgKEEpIFBhc3N3b3JkIENyZWRlbnRpYWxzCiAgICAgICB8CiAgICAgICB2CiAgKy0tLS0tLS0t LSsgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgKy0tLS0tLS0tLS0tLS0tLSsKICB8 ICAgICAgICAgfCZndDstLShCKS0tLS0gUmVzb3VyY2UgT3duZXIgLS0tLS0tLSZndDt8ICAgICAg ICAgICAgICAgfAogIHwgICAgICAgICB8ICAgICAgICAgUGFzc3dvcmQgQ3JlZGVudGlhbHMgICAg IHwgQXV0aG9yaXphdGlvbiB8CiAgfCBDbGllbnQgIHwgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgfCAgICAgU2VydmVyICAgIHwKICB8ICAgICAgICAgfCZsdDstLShDKS0tLS0gQWNj ZXNzIFRva2VuIC0tLS0tLS0tLSZsdDt8ICAgICAgICAgICAgICAgfAogIHwgICAgICAgICB8ICAg ICh3LyBPcHRpb25hbCBSZWZyZXNoIFRva2VuKSAgIHwgICAgICAgICAgICAgICB8CiAgKy0tLS0t LS0tLSsgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgKy0tLS0tLS0tLS0tLS0tLSsK PC9wcmU+PC9kaXY+PHRhYmxlIGJvcmRlcj0iMCIgY2VsbHBhZGRpbmc9IjAiIGNlbGxzcGFjaW5n PSIyIiBhbGlnbj0iY2VudGVyIj48dHI+PHRkIGFsaWduPSJjZW50ZXIiPjxmb250IGZhY2U9Im1v bmFjbywgTVMgU2FucyBTZXJpZiIgc2l6ZT0iMSI+PGI+Jm5ic3A7RmlndXJlJm5ic3A7NTogUmVz b3VyY2UgT3duZXIgUGFzc3dvcmQgQ3JlZGVudGlhbHMgRmxvdyZuYnNwOzwvYj48L2ZvbnQ+PGJy IC8+PC90ZD48L3RyPjwvdGFibGU+PGhyIGNsYXNzPSJpbnNlcnQiIC8+Cgo8cD4KICAgICAgICAg IFRoZSBmbG93IGlsbHVzdHJhdGVkIGluIDxhIGNsYXNzPSdpbmZvJyBocmVmPScjRmlndXJlLTUn PkZpZ3VyZSZuYnNwOzU8c3Bhbj4gKDwvc3Bhbj48c3BhbiBjbGFzcz0naW5mbyc+UmVzb3VyY2Ug T3duZXIgUGFzc3dvcmQgQ3JlZGVudGlhbHMgRmxvdzwvc3Bhbj48c3Bhbj4pPC9zcGFuPjwvYT4g aW5jbHVkZXMgdGhlIGZvbGxvd2luZyBzdGVwczoKICAgICAgICAKPC9wPgo8cD4KICAgICAgICAg IDwvcD4KPGJsb2NrcXVvdGUgY2xhc3M9InRleHQiPjxkbD4KPGR0PihBKTwvZHQ+CjxkZD4KICAg ICAgICAgICAgICBUaGUgcmVzb3VyY2Ugb3duZXIgcHJvdmlkZXMgdGhlIGNsaWVudCB3aXRoIGl0 cyB1c2VybmFtZSBhbmQgcGFzc3dvcmQuCiAgICAgICAgICAgIAo8L2RkPgo8ZHQ+KEIpPC9kdD4K PGRkPgogICAgICAgICAgICAgIFRoZSBjbGllbnQgcmVxdWVzdHMgYW4gYWNjZXNzIHRva2VuIGZy b20gdGhlIGF1dGhvcml6YXRpb24gc2VydmVyJ3MgdG9rZW4gZW5kcG9pbnQgYnkKICAgICAgICAg ICAgICBpbmNsdWRpbmcgdGhlIGNyZWRlbnRpYWxzIHJlY2VpdmVkIGZyb20gdGhlIHJlc291cmNl IG93bmVyLiBXaGVuIG1ha2luZyB0aGUgcmVxdWVzdCwKICAgICAgICAgICAgICB0aGUgY2xpZW50 IGF1dGhlbnRpY2F0ZXMgd2l0aCB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIuCiAgICAgICAgICAg IAo8L2RkPgo8ZHQ+KEMpPC9kdD4KPGRkPgogICAgICAgICAgICAgIFRoZSBhdXRob3JpemF0aW9u IHNlcnZlciBhdXRoZW50aWNhdGVzIHRoZSBjbGllbnQgYW5kIHZhbGlkYXRlcyB0aGUgcmVzb3Vy Y2Ugb3duZXIKICAgICAgICAgICAgICBjcmVkZW50aWFscywgYW5kIGlmIHZhbGlkIGlzc3VlcyBh biBhY2Nlc3MgdG9rZW4uCiAgICAgICAgICAgIAo8L2RkPgo8L2RsPjwvYmxvY2txdW90ZT48cD4K ICAgICAgICAKPC9wPgo8YSBuYW1lPSJhbmNob3IyNyI+PC9hPjxiciAvPjxociAvPgo8dGFibGUg c3VtbWFyeT0ibGF5b3V0IiBjZWxscGFkZGluZz0iMCIgY2VsbHNwYWNpbmc9IjIiIGNsYXNzPSJU T0NidWciIGFsaWduPSJyaWdodCI+PHRyPjx0ZCBjbGFzcz0iVE9DYnVnIj48YSBocmVmPSIjdG9j Ij4mbmJzcDtUT0MmbmJzcDs8L2E+PC90ZD48L3RyPjwvdGFibGU+CjxhIG5hbWU9InJmYy5zZWN0 aW9uLjQuMy4xIj48L2E+PGgzPjQuMy4xLiZuYnNwOwpBdXRob3JpemF0aW9uIFJlcXVlc3QgYW5k IFJlc3BvbnNlPC9oMz4KCjxwPgogICAgICAgICAgICBUaGUgbWV0aG9kIHRocm91Z2ggd2hpY2gg dGhlIGNsaWVudCBvYnRhaW5zIHRoZSByZXNvdXJjZSBvd25lciBjcmVkZW50aWFscyBpcyBiZXlv bmQKICAgICAgICAgICAgdGhlIHNjb3BlIG9mIHRoaXMgc3BlY2lmaWNhdGlvbi4gVGhlIGNsaWVu dCBNVVNUIGRpc2NhcmQgdGhlIGNyZWRlbnRpYWxzIG9uY2UgYW4gYWNjZXNzCiAgICAgICAgICAg IHRva2VuIGhhcyBiZWVuIG9idGFpbmVkLgogICAgICAgICAgCjwvcD4KPGEgbmFtZT0icGFzc3dv cmQtdG9rLXJlcSI+PC9hPjxiciAvPjxociAvPgo8dGFibGUgc3VtbWFyeT0ibGF5b3V0IiBjZWxs cGFkZGluZz0iMCIgY2VsbHNwYWNpbmc9IjIiIGNsYXNzPSJUT0NidWciIGFsaWduPSJyaWdodCI+ PHRyPjx0ZCBjbGFzcz0iVE9DYnVnIj48YSBocmVmPSIjdG9jIj4mbmJzcDtUT0MmbmJzcDs8L2E+ PC90ZD48L3RyPjwvdGFibGU+CjxhIG5hbWU9InJmYy5zZWN0aW9uLjQuMy4yIj48L2E+PGgzPjQu My4yLiZuYnNwOwpBY2Nlc3MgVG9rZW4gUmVxdWVzdDwvaDM+Cgo8cD4KICAgICAgICAgICAgVGhl IGNsaWVudCBtYWtlcyBhIHJlcXVlc3QgdG8gdGhlIHRva2VuIGVuZHBvaW50IGJ5IGFkZGluZyB0 aGUgZm9sbG93aW5nIHBhcmFtZXRlcnMKICAgICAgICAgICAgdXNpbmcgdGhlIDx0dD5hcHBsaWNh dGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQ8L3R0PiBmb3JtYXQKCSAgICA8YSBjbGFzcz0naW5m bycgaHJlZj0nI1czQy5SRUMtaHRtbDQwMS0xOTk5MTIyNCc+W1czQy5SRUMmIzgyMDk7aHRtbDQw MSYjODIwOTsxOTk5MTIyNF08c3Bhbj4gKDwvc3Bhbj48c3BhbiBjbGFzcz0naW5mbyc+SG9ycywg QS4sIFJhZ2dldHQsIEQuLCBhbmQgSS4gSmFjb2JzLCAmbGRxdW87SFRNTCA0LjAxIFNwZWNpZmlj YXRpb24sJnJkcXVvOyBEZWNlbWJlciZuYnNwOzE5OTkuPC9zcGFuPjxzcGFuPik8L3NwYW4+PC9h PiBhbmQgYSBjaGFyYWN0ZXIgZW5jb2Rpbmcgb2YgVVRGLTgKCSAgICBpbiB0aGUgSFRUUCByZXF1 ZXN0IGVudGl0eS1ib2R5OgogICAgICAgICAgCjwvcD4KPHA+CiAgICAgICAgICAgIDwvcD4KPGJs b2NrcXVvdGUgY2xhc3M9InRleHQiPjxkbD4KPGR0PmdyYW50X3R5cGU8L2R0Pgo8ZGQ+CiAgICAg ICAgICAgICAgICAKICAgICAgICAgICAgICAgIFJFUVVJUkVELiBWYWx1ZSBNVVNUIGJlIHNldCB0 byA8dHQ+cGFzc3dvcmQ8L3R0Pi4KICAgICAgICAgICAgICAKPC9kZD4KPGR0PnVzZXJuYW1lPC9k dD4KPGRkPgogICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICBSRVFVSVJFRC4gVGhlIHJl c291cmNlIG93bmVyIHVzZXJuYW1lLgogICAgICAgICAgICAgIAo8L2RkPgo8ZHQ+cGFzc3dvcmQ8 L2R0Pgo8ZGQ+CiAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgIFJFUVVJUkVELiBUaGUg cmVzb3VyY2Ugb3duZXIgcGFzc3dvcmQuCiAgICAgICAgICAgICAgCjwvZGQ+CjxkdD5zY29wZTwv ZHQ+CjxkZD4KICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgT1BUSU9OQUwuIFRoZSBz Y29wZSBvZiB0aGUgYWNjZXNzIHJlcXVlc3QgYXMgZGVzY3JpYmVkIGJ5IDxhIGNsYXNzPSdpbmZv JyBocmVmPScjc2NvcGUnPlNlY3Rpb24mbmJzcDszLjM8c3Bhbj4gKDwvc3Bhbj48c3BhbiBjbGFz cz0naW5mbyc+QWNjZXNzIFRva2VuIFNjb3BlPC9zcGFuPjxzcGFuPik8L3NwYW4+PC9hPi4KICAg ICAgICAgICAgICAKPC9kZD4KPC9kbD48L2Jsb2NrcXVvdGU+PHA+CiAgICAgICAgICAKPC9wPgo8 cD4KICAgICAgICAgICAgSWYgdGhlIGNsaWVudCB0eXBlIGlzIGNvbmZpZGVudGlhbCBvciB0aGUg Y2xpZW50IHdhcyBpc3N1ZWQgY2xpZW50IGNyZWRlbnRpYWxzIChvcgogICAgICAgICAgICBhc3Np Z25lZCBvdGhlciBhdXRoZW50aWNhdGlvbiByZXF1aXJlbWVudHMpLCB0aGUgY2xpZW50IE1VU1Qg YXV0aGVudGljYXRlIHdpdGggdGhlCiAgICAgICAgICAgIGF1dGhvcml6YXRpb24gc2VydmVyIGFz IGRlc2NyaWJlZCBpbiA8YSBjbGFzcz0naW5mbycgaHJlZj0nI3Rva2VuLWVuZHBvaW50LWF1dGgn PlNlY3Rpb24mbmJzcDszLjIuMTxzcGFuPiAoPC9zcGFuPjxzcGFuIGNsYXNzPSdpbmZvJz5DbGll bnQgQXV0aGVudGljYXRpb248L3NwYW4+PHNwYW4+KTwvc3Bhbj48L2E+LgogICAgICAgICAgCjwv cD4KPHA+CiAgICAgICAgICAgICAgRm9yIGV4YW1wbGUsIHRoZSBjbGllbnQgbWFrZXMgdGhlIGZv bGxvd2luZyBIVFRQIHJlcXVlc3QgdXNpbmcgdHJhbnNwb3J0LWxheWVyCiAgICAgICAgICAgICAg c2VjdXJpdHkgKGV4dHJhIGxpbmUgYnJlYWtzIGFyZSBmb3IgZGlzcGxheSBwdXJwb3NlcyBvbmx5 KToKICAgICAgICAgICAgCjwvcD48ZGl2IHN0eWxlPSdkaXNwbGF5OiB0YWJsZTsgd2lkdGg6IDA7 IG1hcmdpbi1sZWZ0OiAzZW07IG1hcmdpbi1yaWdodDogYXV0byc+PHByZT4KICBQT1NUIC90b2tl biBIVFRQLzEuMQogIEhvc3Q6IHNlcnZlci5leGFtcGxlLmNvbQogIEF1dGhvcml6YXRpb246IEJh c2ljIGN6WkNhR1JTYTNGME16cG5XREZtUW1GME0ySlcKICBDb250ZW50LVR5cGU6IGFwcGxpY2F0 aW9uL3gtd3d3LWZvcm0tdXJsZW5jb2RlZAoKICBncmFudF90eXBlPXBhc3N3b3JkJmFtcDt1c2Vy bmFtZT1qb2huZG9lJmFtcDtwYXNzd29yZD1BM2RkajN3CjwvcHJlPjwvZGl2Pgo8cD4KICAgICAg ICAgICAgVGhlIGF1dGhvcml6YXRpb24gc2VydmVyIE1VU1Q6CiAgICAgICAgICAKPC9wPgo8cD4K ICAgICAgICAgICAgPC9wPgo8dWwgY2xhc3M9InRleHQiPgo8bGk+CiAgICAgICAgICAgICAgICBy ZXF1aXJlIGNsaWVudCBhdXRoZW50aWNhdGlvbiBmb3IgY29uZmlkZW50aWFsIGNsaWVudHMgb3Ig Zm9yIGFueSBjbGllbnQgdGhhdCB3YXMKICAgICAgICAgICAgICAgIGlzc3VlZCBjbGllbnQgY3Jl ZGVudGlhbHMgKG9yIHdpdGggb3RoZXIgYXV0aGVudGljYXRpb24gcmVxdWlyZW1lbnRzKSwKICAg ICAgICAgICAgICAKPC9saT4KPGxpPgogICAgICAgICAgICAgICAgYXV0aGVudGljYXRlIHRoZSBj bGllbnQgaWYgY2xpZW50IGF1dGhlbnRpY2F0aW9uIGlzIGluY2x1ZGVkLCBhbmQKICAgICAgICAg ICAgICAKPC9saT4KPGxpPgogICAgICAgICAgICAgICAgdmFsaWRhdGUgdGhlIHJlc291cmNlIG93 bmVyIHBhc3N3b3JkIGNyZWRlbnRpYWxzIHVzaW5nIGl0cyBleGlzdGluZyBwYXNzd29yZAogICAg ICAgICAgICAgICAgdmFsaWRhdGlvbiBhbGdvcml0aG0uCiAgICAgICAgICAgICAgCjwvbGk+Cjwv dWw+PHA+CiAgICAgICAgICAKPC9wPgo8cD4KICAgICAgICAgICAgU2luY2UgdGhpcyBhY2Nlc3Mg dG9rZW4gcmVxdWVzdCB1dGlsaXplcyB0aGUgcmVzb3VyY2Ugb3duZXIncyBwYXNzd29yZCwgdGhl CiAgICAgICAgICAgIGF1dGhvcml6YXRpb24gc2VydmVyIE1VU1QgcHJvdGVjdCB0aGUgZW5kcG9p bnQgYWdhaW5zdCBicnV0ZSBmb3JjZSBhdHRhY2tzIChlLmcuIHVzaW5nCiAgICAgICAgICAgIHJh dGUtbGltaXRhdGlvbiBvciBnZW5lcmF0aW5nIGFsZXJ0cykuCiAgICAgICAgICAKPC9wPgo8YSBu YW1lPSJhbmNob3IyOCI+PC9hPjxiciAvPjxociAvPgo8dGFibGUgc3VtbWFyeT0ibGF5b3V0IiBj ZWxscGFkZGluZz0iMCIgY2VsbHNwYWNpbmc9IjIiIGNsYXNzPSJUT0NidWciIGFsaWduPSJyaWdo dCI+PHRyPjx0ZCBjbGFzcz0iVE9DYnVnIj48YSBocmVmPSIjdG9jIj4mbmJzcDtUT0MmbmJzcDs8 L2E+PC90ZD48L3RyPjwvdGFibGU+CjxhIG5hbWU9InJmYy5zZWN0aW9uLjQuMy4zIj48L2E+PGgz PjQuMy4zLiZuYnNwOwpBY2Nlc3MgVG9rZW4gUmVzcG9uc2U8L2gzPgoKPHA+CiAgICAgICAgICAg IElmIHRoZSBhY2Nlc3MgdG9rZW4gcmVxdWVzdCBpcyB2YWxpZCBhbmQgYXV0aG9yaXplZCwgdGhl IGF1dGhvcml6YXRpb24gc2VydmVyIGlzc3VlcyBhbgogICAgICAgICAgICBhY2Nlc3MgdG9rZW4g YW5kIG9wdGlvbmFsIHJlZnJlc2ggdG9rZW4gYXMgZGVzY3JpYmVkIGluIDxhIGNsYXNzPSdpbmZv JyBocmVmPScjdG9rZW4tcmVzcG9uc2UnPlNlY3Rpb24mbmJzcDs1LjE8c3Bhbj4gKDwvc3Bhbj48 c3BhbiBjbGFzcz0naW5mbyc+U3VjY2Vzc2Z1bCBSZXNwb25zZTwvc3Bhbj48c3Bhbj4pPC9zcGFu PjwvYT4uCiAgICAgICAgICAgIElmIHRoZSByZXF1ZXN0IGZhaWxlZCBjbGllbnQgYXV0aGVudGlj YXRpb24gb3IgaXMgaW52YWxpZCwgdGhlIGF1dGhvcml6YXRpb24gc2VydmVyIHJldHVybnMKICAg ICAgICAgICAgYW4gZXJyb3IgcmVzcG9uc2UgYXMgZGVzY3JpYmVkIGluIDxhIGNsYXNzPSdpbmZv JyBocmVmPScjdG9rZW4tZXJyb3JzJz5TZWN0aW9uJm5ic3A7NS4yPHNwYW4+ICg8L3NwYW4+PHNw YW4gY2xhc3M9J2luZm8nPkVycm9yIFJlc3BvbnNlPC9zcGFuPjxzcGFuPik8L3NwYW4+PC9hPi4K ICAgICAgICAgIAo8L3A+CjxwPgogICAgICAgICAgICAgIEFuIGV4YW1wbGUgc3VjY2Vzc2Z1bCBy ZXNwb25zZToKICAgICAgICAgICAgCjwvcD48ZGl2IHN0eWxlPSdkaXNwbGF5OiB0YWJsZTsgd2lk dGg6IDA7IG1hcmdpbi1sZWZ0OiAzZW07IG1hcmdpbi1yaWdodDogYXV0byc+PHByZT4KICBIVFRQ LzEuMSAyMDAgT0sKICBDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL2pzb247Y2hhcnNldD1VVEYt OAogIENhY2hlLUNvbnRyb2w6IG5vLXN0b3JlCiAgUHJhZ21hOiBuby1jYWNoZQoKICB7CiAgICAi YWNjZXNzX3Rva2VuIjoiMllvdG5GWkZFanIxekNzaWNNV3BBQSIsCiAgICAidG9rZW5fdHlwZSI6 ImV4YW1wbGUiLAogICAgImV4cGlyZXNfaW4iOjM2MDAsCiAgICAicmVmcmVzaF90b2tlbiI6InRH enYzSk9rRjBYRzVReDJUbEtXSUEiLAogICAgImV4YW1wbGVfcGFyYW1ldGVyIjoiZXhhbXBsZV92 YWx1ZSIKICB9CjwvcHJlPjwvZGl2Pgo8YSBuYW1lPSJncmFudC1jbGllbnQiPjwvYT48YnIgLz48 aHIgLz4KPHRhYmxlIHN1bW1hcnk9ImxheW91dCIgY2VsbHBhZGRpbmc9IjAiIGNlbGxzcGFjaW5n PSIyIiBjbGFzcz0iVE9DYnVnIiBhbGlnbj0icmlnaHQiPjx0cj48dGQgY2xhc3M9IlRPQ2J1ZyI+ PGEgaHJlZj0iI3RvYyI+Jm5ic3A7VE9DJm5ic3A7PC9hPjwvdGQ+PC90cj48L3RhYmxlPgo8YSBu YW1lPSJyZmMuc2VjdGlvbi40LjQiPjwvYT48aDM+NC40LiZuYnNwOwpDbGllbnQgQ3JlZGVudGlh bHMgR3JhbnQ8L2gzPgoKPHA+CiAgICAgICAgICBUaGUgY2xpZW50IGNhbiByZXF1ZXN0IGFuIGFj Y2VzcyB0b2tlbiB1c2luZyBvbmx5IGl0cyBjbGllbnQgY3JlZGVudGlhbHMgKG9yIG90aGVyCiAg ICAgICAgICBzdXBwb3J0ZWQgbWVhbnMgb2YgYXV0aGVudGljYXRpb24pIHdoZW4gdGhlIGNsaWVu dCBpcyByZXF1ZXN0aW5nIGFjY2VzcyB0byB0aGUKICAgICAgICAgIHByb3RlY3RlZCByZXNvdXJj ZXMgdW5kZXIgaXRzIGNvbnRyb2wsIG9yIHRob3NlIG9mIGFub3RoZXIgcmVzb3VyY2Ugb3duZXIg d2hpY2ggaGFzIGJlZW4KICAgICAgICAgIHByZXZpb3VzbHkgYXJyYW5nZWQgd2l0aCB0aGUgYXV0 aG9yaXphdGlvbiBzZXJ2ZXIgKHRoZSBtZXRob2Qgb2Ygd2hpY2ggaXMgYmV5b25kIHRoZQogICAg ICAgICAgc2NvcGUgb2YgdGhpcyBzcGVjaWZpY2F0aW9uKS4KICAgICAgICAKPC9wPgo8cD4KICAg ICAgICAgIFRoZSBjbGllbnQgY3JlZGVudGlhbHMgZ3JhbnQgdHlwZSBNVVNUIG9ubHkgYmUgdXNl ZCBieSBjb25maWRlbnRpYWwgY2xpZW50cy4KICAgICAgICAKPC9wPjxiciAvPjxociBjbGFzcz0i aW5zZXJ0IiAvPgo8YSBuYW1lPSJGaWd1cmUtNiI+PC9hPgo8ZGl2IHN0eWxlPSdkaXNwbGF5OiB0 YWJsZTsgd2lkdGg6IDA7IG1hcmdpbi1sZWZ0OiAzZW07IG1hcmdpbi1yaWdodDogYXV0byc+PHBy ZT4KICArLS0tLS0tLS0tKyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICArLS0tLS0t LS0tLS0tLS0tKwogIHwgICAgICAgICB8ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg IHwgICAgICAgICAgICAgICB8CiAgfCAgICAgICAgIHwmZ3Q7LS0oQSktIENsaWVudCBBdXRoZW50 aWNhdGlvbiAtLS0mZ3Q7fCBBdXRob3JpemF0aW9uIHwKICB8IENsaWVudCAgfCAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICB8ICAgICBTZXJ2ZXIgICAgfAogIHwgICAgICAgICB8Jmx0 Oy0tKEIpLS0tLSBBY2Nlc3MgVG9rZW4gLS0tLS0tLS0tJmx0O3wgICAgICAgICAgICAgICB8CiAg fCAgICAgICAgIHwgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgfCAgICAgICAgICAg ICAgIHwKICArLS0tLS0tLS0tKyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICArLS0t LS0tLS0tLS0tLS0tKwo8L3ByZT48L2Rpdj48dGFibGUgYm9yZGVyPSIwIiBjZWxscGFkZGluZz0i MCIgY2VsbHNwYWNpbmc9IjIiIGFsaWduPSJjZW50ZXIiPjx0cj48dGQgYWxpZ249ImNlbnRlciI+ PGZvbnQgZmFjZT0ibW9uYWNvLCBNUyBTYW5zIFNlcmlmIiBzaXplPSIxIj48Yj4mbmJzcDtGaWd1 cmUmbmJzcDs2OiBDbGllbnQgQ3JlZGVudGlhbHMgRmxvdyZuYnNwOzwvYj48L2ZvbnQ+PGJyIC8+ PC90ZD48L3RyPjwvdGFibGU+PGhyIGNsYXNzPSJpbnNlcnQiIC8+Cgo8cD4KICAgICAgICAgIFRo ZSBmbG93IGlsbHVzdHJhdGVkIGluIDxhIGNsYXNzPSdpbmZvJyBocmVmPScjRmlndXJlLTYnPkZp Z3VyZSZuYnNwOzY8c3Bhbj4gKDwvc3Bhbj48c3BhbiBjbGFzcz0naW5mbyc+Q2xpZW50IENyZWRl bnRpYWxzIEZsb3c8L3NwYW4+PHNwYW4+KTwvc3Bhbj48L2E+IGluY2x1ZGVzIHRoZSBmb2xsb3dp bmcgc3RlcHM6CiAgICAgICAgCjwvcD4KPHA+CiAgICAgICAgICA8L3A+CjxibG9ja3F1b3RlIGNs YXNzPSJ0ZXh0Ij48ZGw+CjxkdD4oQSk8L2R0Pgo8ZGQ+CiAgICAgICAgICAgICAgVGhlIGNsaWVu dCBhdXRoZW50aWNhdGVzIHdpdGggdGhlIGF1dGhvcml6YXRpb24gc2VydmVyIGFuZCByZXF1ZXN0 cyBhbiBhY2Nlc3MgdG9rZW4KICAgICAgICAgICAgICBmcm9tIHRoZSB0b2tlbiBlbmRwb2ludC4K ICAgICAgICAgICAgCjwvZGQ+CjxkdD4oQik8L2R0Pgo8ZGQ+CiAgICAgICAgICAgICAgVGhlIGF1 dGhvcml6YXRpb24gc2VydmVyIGF1dGhlbnRpY2F0ZXMgdGhlIGNsaWVudCwgYW5kIGlmIHZhbGlk IGlzc3VlcyBhbiBhY2Nlc3MKICAgICAgICAgICAgICB0b2tlbi4KICAgICAgICAgICAgCjwvZGQ+ CjwvZGw+PC9ibG9ja3F1b3RlPjxwPgogICAgICAgIAo8L3A+CjxhIG5hbWU9ImFuY2hvcjI5Ij48 L2E+PGJyIC8+PGhyIC8+Cjx0YWJsZSBzdW1tYXJ5PSJsYXlvdXQiIGNlbGxwYWRkaW5nPSIwIiBj ZWxsc3BhY2luZz0iMiIgY2xhc3M9IlRPQ2J1ZyIgYWxpZ249InJpZ2h0Ij48dHI+PHRkIGNsYXNz PSJUT0NidWciPjxhIGhyZWY9IiN0b2MiPiZuYnNwO1RPQyZuYnNwOzwvYT48L3RkPjwvdHI+PC90 YWJsZT4KPGEgbmFtZT0icmZjLnNlY3Rpb24uNC40LjEiPjwvYT48aDM+NC40LjEuJm5ic3A7CkF1 dGhvcml6YXRpb24gUmVxdWVzdCBhbmQgUmVzcG9uc2U8L2gzPgoKPHA+CiAgICAgICAgICAgIFNp bmNlIHRoZSBjbGllbnQgYXV0aGVudGljYXRpb24gaXMgdXNlZCBhcyB0aGUgYXV0aG9yaXphdGlv biBncmFudCwgbm8gYWRkaXRpb25hbAogICAgICAgICAgICBhdXRob3JpemF0aW9uIHJlcXVlc3Qg aXMgbmVlZGVkLgogICAgICAgICAgCjwvcD4KPGEgbmFtZT0iY2xpZW50LXJlcSI+PC9hPjxiciAv PjxociAvPgo8dGFibGUgc3VtbWFyeT0ibGF5b3V0IiBjZWxscGFkZGluZz0iMCIgY2VsbHNwYWNp bmc9IjIiIGNsYXNzPSJUT0NidWciIGFsaWduPSJyaWdodCI+PHRyPjx0ZCBjbGFzcz0iVE9DYnVn Ij48YSBocmVmPSIjdG9jIj4mbmJzcDtUT0MmbmJzcDs8L2E+PC90ZD48L3RyPjwvdGFibGU+Cjxh IG5hbWU9InJmYy5zZWN0aW9uLjQuNC4yIj48L2E+PGgzPjQuNC4yLiZuYnNwOwpBY2Nlc3MgVG9r ZW4gUmVxdWVzdDwvaDM+Cgo8cD4KICAgICAgICAgICAgVGhlIGNsaWVudCBtYWtlcyBhIHJlcXVl c3QgdG8gdGhlIHRva2VuIGVuZHBvaW50IGJ5IGFkZGluZyB0aGUgZm9sbG93aW5nIHBhcmFtZXRl cnMKICAgICAgICAgICAgdXNpbmcgdGhlIDx0dD5hcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVu Y29kZWQ8L3R0PiBmb3JtYXQKCSAgICA8YSBjbGFzcz0naW5mbycgaHJlZj0nI1czQy5SRUMtaHRt bDQwMS0xOTk5MTIyNCc+W1czQy5SRUMmIzgyMDk7aHRtbDQwMSYjODIwOTsxOTk5MTIyNF08c3Bh bj4gKDwvc3Bhbj48c3BhbiBjbGFzcz0naW5mbyc+SG9ycywgQS4sIFJhZ2dldHQsIEQuLCBhbmQg SS4gSmFjb2JzLCAmbGRxdW87SFRNTCA0LjAxIFNwZWNpZmljYXRpb24sJnJkcXVvOyBEZWNlbWJl ciZuYnNwOzE5OTkuPC9zcGFuPjxzcGFuPik8L3NwYW4+PC9hPiBhbmQgYSBjaGFyYWN0ZXIgZW5j b2Rpbmcgb2YgVVRGLTgKCSAgICBpbiB0aGUgSFRUUCByZXF1ZXN0IGVudGl0eS1ib2R5OgogICAg ICAgICAgCjwvcD4KPHA+CiAgICAgICAgICAgIDwvcD4KPGJsb2NrcXVvdGUgY2xhc3M9InRleHQi PjxkbD4KPGR0PmdyYW50X3R5cGU8L2R0Pgo8ZGQ+CiAgICAgICAgICAgICAgICAKICAgICAgICAg ICAgICAgIFJFUVVJUkVELiBWYWx1ZSBNVVNUIGJlIHNldCB0byA8dHQ+Y2xpZW50X2NyZWRlbnRp YWxzPC90dD4uCiAgICAgICAgICAgICAgCjwvZGQ+CjxkdD5zY29wZTwvZHQ+CjxkZD4KICAgICAg ICAgICAgICAgIAogICAgICAgICAgICAgICAgT1BUSU9OQUwuIFRoZSBzY29wZSBvZiB0aGUgYWNj ZXNzIHJlcXVlc3QgYXMgZGVzY3JpYmVkIGJ5IDxhIGNsYXNzPSdpbmZvJyBocmVmPScjc2NvcGUn PlNlY3Rpb24mbmJzcDszLjM8c3Bhbj4gKDwvc3Bhbj48c3BhbiBjbGFzcz0naW5mbyc+QWNjZXNz IFRva2VuIFNjb3BlPC9zcGFuPjxzcGFuPik8L3NwYW4+PC9hPi4KICAgICAgICAgICAgICAKPC9k ZD4KPC9kbD48L2Jsb2NrcXVvdGU+PHA+CiAgICAgICAgICAKPC9wPgo8cD4KICAgICAgICAgICAg VGhlIGNsaWVudCBNVVNUIGF1dGhlbnRpY2F0ZSB3aXRoIHRoZSBhdXRob3JpemF0aW9uIHNlcnZl ciBhcyBkZXNjcmliZWQgaW4KICAgICAgICAgICAgPGEgY2xhc3M9J2luZm8nIGhyZWY9JyN0b2tl bi1lbmRwb2ludC1hdXRoJz5TZWN0aW9uJm5ic3A7My4yLjE8c3Bhbj4gKDwvc3Bhbj48c3BhbiBj bGFzcz0naW5mbyc+Q2xpZW50IEF1dGhlbnRpY2F0aW9uPC9zcGFuPjxzcGFuPik8L3NwYW4+PC9h Pi4KICAgICAgICAgIAo8L3A+CjxwPgogICAgICAgICAgICAgIEZvciBleGFtcGxlLCB0aGUgY2xp ZW50IG1ha2VzIHRoZSBmb2xsb3dpbmcgSFRUUCByZXF1ZXN0IHVzaW5nIHRyYW5zcG9ydC1sYXll cgogICAgICAgICAgICAgIHNlY3VyaXR5IChleHRyYSBsaW5lIGJyZWFrcyBhcmUgZm9yIGRpc3Bs YXkgcHVycG9zZXMgb25seSk6CiAgICAgICAgICAgIAo8L3A+PGRpdiBzdHlsZT0nZGlzcGxheTog dGFibGU7IHdpZHRoOiAwOyBtYXJnaW4tbGVmdDogM2VtOyBtYXJnaW4tcmlnaHQ6IGF1dG8nPjxw cmU+CiAgUE9TVCAvdG9rZW4gSFRUUC8xLjEKICBIb3N0OiBzZXJ2ZXIuZXhhbXBsZS5jb20KICBB dXRob3JpemF0aW9uOiBCYXNpYyBjelpDYUdSU2EzRjBNenBuV0RGbVFtRjBNMkpXCiAgQ29udGVu dC1UeXBlOiBhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQKCiAgZ3JhbnRfdHlwZT1j bGllbnRfY3JlZGVudGlhbHMKPC9wcmU+PC9kaXY+CjxwPgogICAgICAgICAgICBUaGUgYXV0aG9y aXphdGlvbiBzZXJ2ZXIgTVVTVCBhdXRoZW50aWNhdGUgdGhlIGNsaWVudC4KICAgICAgICAgIAo8 L3A+CjxhIG5hbWU9ImFuY2hvcjMwIj48L2E+PGJyIC8+PGhyIC8+Cjx0YWJsZSBzdW1tYXJ5PSJs YXlvdXQiIGNlbGxwYWRkaW5nPSIwIiBjZWxsc3BhY2luZz0iMiIgY2xhc3M9IlRPQ2J1ZyIgYWxp Z249InJpZ2h0Ij48dHI+PHRkIGNsYXNzPSJUT0NidWciPjxhIGhyZWY9IiN0b2MiPiZuYnNwO1RP QyZuYnNwOzwvYT48L3RkPjwvdHI+PC90YWJsZT4KPGEgbmFtZT0icmZjLnNlY3Rpb24uNC40LjMi PjwvYT48aDM+NC40LjMuJm5ic3A7CkFjY2VzcyBUb2tlbiBSZXNwb25zZTwvaDM+Cgo8cD4KICAg ICAgICAgICAgSWYgdGhlIGFjY2VzcyB0b2tlbiByZXF1ZXN0IGlzIHZhbGlkIGFuZCBhdXRob3Jp emVkLCB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgaXNzdWVzIGFuCiAgICAgICAgICAgIGFjY2Vz cyB0b2tlbiBhcyBkZXNjcmliZWQgaW4gPGEgY2xhc3M9J2luZm8nIGhyZWY9JyN0b2tlbi1yZXNw b25zZSc+U2VjdGlvbiZuYnNwOzUuMTxzcGFuPiAoPC9zcGFuPjxzcGFuIGNsYXNzPSdpbmZvJz5T dWNjZXNzZnVsIFJlc3BvbnNlPC9zcGFuPjxzcGFuPik8L3NwYW4+PC9hPi4gQSByZWZyZXNoIHRv a2VuIFNIT1VMRAogICAgICAgICAgICBOT1QgYmUgaW5jbHVkZWQuIElmIHRoZSByZXF1ZXN0IGZh aWxlZCBjbGllbnQgYXV0aGVudGljYXRpb24gb3IgaXMgaW52YWxpZCwgdGhlCiAgICAgICAgICAg IGF1dGhvcml6YXRpb24gc2VydmVyIHJldHVybnMgYW4gZXJyb3IgcmVzcG9uc2UgYXMgZGVzY3Jp YmVkIGluCiAgICAgICAgICAgIDxhIGNsYXNzPSdpbmZvJyBocmVmPScjdG9rZW4tZXJyb3JzJz5T ZWN0aW9uJm5ic3A7NS4yPHNwYW4+ICg8L3NwYW4+PHNwYW4gY2xhc3M9J2luZm8nPkVycm9yIFJl c3BvbnNlPC9zcGFuPjxzcGFuPik8L3NwYW4+PC9hPi4KICAgICAgICAgIAo8L3A+CjxwPgogICAg ICAgICAgICAgIEFuIGV4YW1wbGUgc3VjY2Vzc2Z1bCByZXNwb25zZToKICAgICAgICAgICAgCjwv cD48ZGl2IHN0eWxlPSdkaXNwbGF5OiB0YWJsZTsgd2lkdGg6IDA7IG1hcmdpbi1sZWZ0OiAzZW07 IG1hcmdpbi1yaWdodDogYXV0byc+PHByZT4KICBIVFRQLzEuMSAyMDAgT0sKICBDb250ZW50LVR5 cGU6IGFwcGxpY2F0aW9uL2pzb247Y2hhcnNldD1VVEYtOAogIENhY2hlLUNvbnRyb2w6IG5vLXN0 b3JlCiAgUHJhZ21hOiBuby1jYWNoZQoKICB7CiAgICAiYWNjZXNzX3Rva2VuIjoiMllvdG5GWkZF anIxekNzaWNNV3BBQSIsCiAgICAidG9rZW5fdHlwZSI6ImV4YW1wbGUiLAogICAgImV4cGlyZXNf aW4iOjM2MDAsCiAgICAiZXhhbXBsZV9wYXJhbWV0ZXIiOiJleGFtcGxlX3ZhbHVlIgogIH0KPC9w cmU+PC9kaXY+CjxhIG5hbWU9ImV4dC1ncmFudCI+PC9hPjxiciAvPjxociAvPgo8dGFibGUgc3Vt bWFyeT0ibGF5b3V0IiBjZWxscGFkZGluZz0iMCIgY2VsbHNwYWNpbmc9IjIiIGNsYXNzPSJUT0Ni dWciIGFsaWduPSJyaWdodCI+PHRyPjx0ZCBjbGFzcz0iVE9DYnVnIj48YSBocmVmPSIjdG9jIj4m bmJzcDtUT0MmbmJzcDs8L2E+PC90ZD48L3RyPjwvdGFibGU+CjxhIG5hbWU9InJmYy5zZWN0aW9u LjQuNSI+PC9hPjxoMz40LjUuJm5ic3A7CkV4dGVuc2lvbiBHcmFudHM8L2gzPgoKPHA+CiAgICAg ICAgICBUaGUgY2xpZW50IHVzZXMgYW4gZXh0ZW5zaW9uIGdyYW50IHR5cGUgYnkgc3BlY2lmeWlu ZyB0aGUgZ3JhbnQgdHlwZSB1c2luZyBhbgogICAgICAgICAgYWJzb2x1dGUgVVJJIChkZWZpbmVk IGJ5IHRoZSBhdXRob3JpemF0aW9uIHNlcnZlcikgYXMgdGhlIHZhbHVlIG9mIHRoZQogICAgICAg ICAgPHR0PmdyYW50X3R5cGU8L3R0PiBwYXJhbWV0ZXIgb2YgdGhlIHRva2VuIGVuZHBvaW50LCBh bmQgYnkKICAgICAgICAgIGFkZGluZyBhbnkgYWRkaXRpb25hbCBwYXJhbWV0ZXJzIG5lY2Vzc2Fy eS4KICAgICAgICAKPC9wPgo8cD4KICAgICAgICAgICAgRm9yIGV4YW1wbGUsIHRvIHJlcXVlc3Qg YW4gYWNjZXNzIHRva2VuIHVzaW5nIGEgU0FNTCAyLjAgYXNzZXJ0aW9uIGdyYW50IHR5cGUgYXMK ICAgICAgICAgICAgZGVmaW5lZCBieSA8YSBjbGFzcz0naW5mbycgaHJlZj0nI0ktRC5pZXRmLW9h dXRoLXNhbWwyLWJlYXJlcic+W0kmIzgyMDk7RC5pZXRmJiM4MjA5O29hdXRoJiM4MjA5O3NhbWwy JiM4MjA5O2JlYXJlcl08c3Bhbj4gKDwvc3Bhbj48c3BhbiBjbGFzcz0naW5mbyc+Q2FtcGJlbGws IEIuIGFuZCBDLiBNb3J0aW1vcmUsICZsZHF1bztTQU1MIDIuMCBCZWFyZXIgQXNzZXJ0aW9uIFBy b2ZpbGVzIGZvciBPQXV0aCAyLjAsJnJkcXVvOyBKdWx5Jm5ic3A7MjAxMi48L3NwYW4+PHNwYW4+ KTwvc3Bhbj48L2E+LCB0aGUgY2xpZW50IGNvdWxkIG1ha2UgdGhlCiAgICAgICAgICAgIGZvbGxv d2luZyBIVFRQIHJlcXVlc3QgdXNpbmcgVExTIChsaW5lIGJyZWFrcyBhcmUgZm9yIGRpc3BsYXkg cHVycG9zZXMgb25seSk6CiAgICAgICAgICAKPC9wPjxkaXYgc3R5bGU9J2Rpc3BsYXk6IHRhYmxl OyB3aWR0aDogMDsgbWFyZ2luLWxlZnQ6IDNlbTsgbWFyZ2luLXJpZ2h0OiBhdXRvJz48cHJlPgog IFBPU1QgL3Rva2VuIEhUVFAvMS4xCiAgSG9zdDogc2VydmVyLmV4YW1wbGUuY29tCiAgQ29udGVu dC1UeXBlOiBhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQKCiAgZ3JhbnRfdHlwZT11 cm4lM0FpZXRmJTNBcGFyYW1zJTNBb2F1dGglM0FncmFudC10eXBlJTNBc2FtbDItCiAgYmVhcmVy JmFtcDthc3NlcnRpb249UEVGemMyVnlkR2x2YmlCSmMzTjFaVWx1YzNSaGJuUTlJakl3TVRFdE1E VQogIFsuLi5vbWl0dGVkIGZvciBicmV2aXR5Li4uXWFHNVRkR0YwWlcxbGJuUS1QQzlCYzNObGNu UnBiMjQtCjwvcHJlPjwvZGl2Pgo8cD4KICAgICAgICAgIElmIHRoZSBhY2Nlc3MgdG9rZW4gcmVx dWVzdCBpcyB2YWxpZCBhbmQgYXV0aG9yaXplZCwgdGhlIGF1dGhvcml6YXRpb24gc2VydmVyIGlz c3VlcyBhbgogICAgICAgICAgYWNjZXNzIHRva2VuIGFuZCBvcHRpb25hbCByZWZyZXNoIHRva2Vu IGFzIGRlc2NyaWJlZCBpbiA8YSBjbGFzcz0naW5mbycgaHJlZj0nI3Rva2VuLXJlc3BvbnNlJz5T ZWN0aW9uJm5ic3A7NS4xPHNwYW4+ICg8L3NwYW4+PHNwYW4gY2xhc3M9J2luZm8nPlN1Y2Nlc3Nm dWwgUmVzcG9uc2U8L3NwYW4+PHNwYW4+KTwvc3Bhbj48L2E+LgogICAgICAgICAgSWYgdGhlIHJl cXVlc3QgZmFpbGVkIGNsaWVudCBhdXRoZW50aWNhdGlvbiBvciBpcyBpbnZhbGlkLCB0aGUgYXV0 aG9yaXphdGlvbiBzZXJ2ZXIgcmV0dXJucwogICAgICAgICAgYW4gZXJyb3IgcmVzcG9uc2UgYXMg ZGVzY3JpYmVkIGluIDxhIGNsYXNzPSdpbmZvJyBocmVmPScjdG9rZW4tZXJyb3JzJz5TZWN0aW9u Jm5ic3A7NS4yPHNwYW4+ICg8L3NwYW4+PHNwYW4gY2xhc3M9J2luZm8nPkVycm9yIFJlc3BvbnNl PC9zcGFuPjxzcGFuPik8L3NwYW4+PC9hPi4KICAgICAgICAKPC9wPgo8YSBuYW1lPSJ0b2tlbi1p c3N1ZSI+PC9hPjxiciAvPjxociAvPgo8dGFibGUgc3VtbWFyeT0ibGF5b3V0IiBjZWxscGFkZGlu Zz0iMCIgY2VsbHNwYWNpbmc9IjIiIGNsYXNzPSJUT0NidWciIGFsaWduPSJyaWdodCI+PHRyPjx0 ZCBjbGFzcz0iVE9DYnVnIj48YSBocmVmPSIjdG9jIj4mbmJzcDtUT0MmbmJzcDs8L2E+PC90ZD48 L3RyPjwvdGFibGU+CjxhIG5hbWU9InJmYy5zZWN0aW9uLjUiPjwvYT48aDM+NS4mbmJzcDsKSXNz dWluZyBhbiBBY2Nlc3MgVG9rZW48L2gzPgoKPHA+CiAgICAgICAgSWYgdGhlIGFjY2VzcyB0b2tl biByZXF1ZXN0IGlzIHZhbGlkIGFuZCBhdXRob3JpemVkLCB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2 ZXIgaXNzdWVzIGFuCiAgICAgICAgYWNjZXNzIHRva2VuIGFuZCBvcHRpb25hbCByZWZyZXNoIHRv a2VuIGFzIGRlc2NyaWJlZCBpbiA8YSBjbGFzcz0naW5mbycgaHJlZj0nI3Rva2VuLXJlc3BvbnNl Jz5TZWN0aW9uJm5ic3A7NS4xPHNwYW4+ICg8L3NwYW4+PHNwYW4gY2xhc3M9J2luZm8nPlN1Y2Nl c3NmdWwgUmVzcG9uc2U8L3NwYW4+PHNwYW4+KTwvc3Bhbj48L2E+LgogICAgICAgIElmIHRoZSBy ZXF1ZXN0IGZhaWxlZCBjbGllbnQgYXV0aGVudGljYXRpb24gb3IgaXMgaW52YWxpZCwgdGhlIGF1 dGhvcml6YXRpb24gc2VydmVyIHJldHVybnMKICAgICAgICBhbiBlcnJvciByZXNwb25zZSBhcyBk ZXNjcmliZWQgaW4gPGEgY2xhc3M9J2luZm8nIGhyZWY9JyN0b2tlbi1lcnJvcnMnPlNlY3Rpb24m bmJzcDs1LjI8c3Bhbj4gKDwvc3Bhbj48c3BhbiBjbGFzcz0naW5mbyc+RXJyb3IgUmVzcG9uc2U8 L3NwYW4+PHNwYW4+KTwvc3Bhbj48L2E+LgogICAgICAKPC9wPgo8YSBuYW1lPSJ0b2tlbi1yZXNw b25zZSI+PC9hPjxiciAvPjxociAvPgo8dGFibGUgc3VtbWFyeT0ibGF5b3V0IiBjZWxscGFkZGlu Zz0iMCIgY2VsbHNwYWNpbmc9IjIiIGNsYXNzPSJUT0NidWciIGFsaWduPSJyaWdodCI+PHRyPjx0 ZCBjbGFzcz0iVE9DYnVnIj48YSBocmVmPSIjdG9jIj4mbmJzcDtUT0MmbmJzcDs8L2E+PC90ZD48 L3RyPjwvdGFibGU+CjxhIG5hbWU9InJmYy5zZWN0aW9uLjUuMSI+PC9hPjxoMz41LjEuJm5ic3A7 ClN1Y2Nlc3NmdWwgUmVzcG9uc2U8L2gzPgoKPHA+CiAgICAgICAgICBUaGUgYXV0aG9yaXphdGlv biBzZXJ2ZXIgaXNzdWVzIGFuIGFjY2VzcyB0b2tlbiBhbmQgb3B0aW9uYWwgcmVmcmVzaCB0b2tl biwgYW5kCiAgICAgICAgICBjb25zdHJ1Y3RzIHRoZSByZXNwb25zZSBieSBhZGRpbmcgdGhlIGZv bGxvd2luZyBwYXJhbWV0ZXJzIHRvIHRoZSBlbnRpdHkgYm9keSBvZiB0aGUgSFRUUAogICAgICAg ICAgcmVzcG9uc2Ugd2l0aCBhIDIwMCAoT0spIHN0YXR1cyBjb2RlOgogICAgICAgIAo8L3A+Cjxw PgogICAgICAgICAgPC9wPgo8YmxvY2txdW90ZSBjbGFzcz0idGV4dCI+PGRsPgo8ZHQ+YWNjZXNz X3Rva2VuPC9kdD4KPGRkPgogICAgICAgICAgICAgIAogICAgICAgICAgICAgIFJFUVVJUkVELiBU aGUgYWNjZXNzIHRva2VuIGlzc3VlZCBieSB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIuCiAgICAg ICAgICAgIAo8L2RkPgo8ZHQ+dG9rZW5fdHlwZTwvZHQ+CjxkZD4KICAgICAgICAgICAgICAKICAg ICAgICAgICAgICBSRVFVSVJFRC4gVGhlIHR5cGUgb2YgdGhlIHRva2VuIGlzc3VlZCBhcyBkZXNj cmliZWQgaW4gPGEgY2xhc3M9J2luZm8nIGhyZWY9JyN0b2tlbi10eXBlcyc+U2VjdGlvbiZuYnNw OzcuMTxzcGFuPiAoPC9zcGFuPjxzcGFuIGNsYXNzPSdpbmZvJz5BY2Nlc3MgVG9rZW4gVHlwZXM8 L3NwYW4+PHNwYW4+KTwvc3Bhbj48L2E+LgogICAgICAgICAgICAgIFZhbHVlIGlzIGNhc2UgaW5z ZW5zaXRpdmUuCiAgICAgICAgICAgIAo8L2RkPgo8ZHQ+ZXhwaXJlc19pbjwvZHQ+CjxkZD4KICAg ICAgICAgICAgICAKICAgICAgICAgICAgICBSRUNPTU1FTkRFRC4gVGhlIGxpZmV0aW1lIGluIHNl Y29uZHMgb2YgdGhlIGFjY2VzcyB0b2tlbi4gRm9yIGV4YW1wbGUsIHRoZSB2YWx1ZQogICAgICAg ICAgICAgIDx0dD4zNjAwPC90dD4gZGVub3RlcyB0aGF0IHRoZSBhY2Nlc3MgdG9rZW4gd2lsbCBl eHBpcmUgaW4gb25lCiAgICAgICAgICAgICAgaG91ciBmcm9tIHRoZSB0aW1lIHRoZSByZXNwb25z ZSB3YXMgZ2VuZXJhdGVkLiBJZiBvbWl0dGVkLCB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIKICAg ICAgICAgICAgICBTSE9VTEQgcHJvdmlkZSB0aGUgZXhwaXJhdGlvbiB0aW1lIHZpYSBvdGhlciBt ZWFucyBvciBkb2N1bWVudCB0aGUgZGVmYXVsdCB2YWx1ZS4KICAgICAgICAgICAgCjwvZGQ+Cjxk dD5yZWZyZXNoX3Rva2VuPC9kdD4KPGRkPgogICAgICAgICAgICAgIAogICAgICAgICAgICAgIE9Q VElPTkFMLiBUaGUgcmVmcmVzaCB0b2tlbiB3aGljaCBjYW4gYmUgdXNlZCB0byBvYnRhaW4gbmV3 IGFjY2VzcyB0b2tlbnMgdXNpbmcgdGhlCiAgICAgICAgICAgICAgc2FtZSBhdXRob3JpemF0aW9u IGdyYW50IGFzIGRlc2NyaWJlZCBpbiA8YSBjbGFzcz0naW5mbycgaHJlZj0nI3Rva2VuLXJlZnJl c2gnPlNlY3Rpb24mbmJzcDs2PHNwYW4+ICg8L3NwYW4+PHNwYW4gY2xhc3M9J2luZm8nPlJlZnJl c2hpbmcgYW4gQWNjZXNzIFRva2VuPC9zcGFuPjxzcGFuPik8L3NwYW4+PC9hPi4KICAgICAgICAg ICAgCjwvZGQ+CjxkdD5zY29wZTwvZHQ+CjxkZD4KICAgICAgICAgICAgICAKICAgICAgICAgICAg ICBPUFRJT05BTCwgaWYgaWRlbnRpY2FsIHRvIHRoZSBzY29wZSByZXF1ZXN0ZWQgYnkgdGhlIGNs aWVudCwgb3RoZXJ3aXNlIFJFUVVJUkVELiBUaGUKICAgICAgICAgICAgICBzY29wZSBvZiB0aGUg YWNjZXNzIHRva2VuIGFzIGRlc2NyaWJlZCBieSA8YSBjbGFzcz0naW5mbycgaHJlZj0nI3Njb3Bl Jz5TZWN0aW9uJm5ic3A7My4zPHNwYW4+ICg8L3NwYW4+PHNwYW4gY2xhc3M9J2luZm8nPkFjY2Vz cyBUb2tlbiBTY29wZTwvc3Bhbj48c3Bhbj4pPC9zcGFuPjwvYT4uCiAgICAgICAgICAgIAo8L2Rk Pgo8L2RsPjwvYmxvY2txdW90ZT48cD4KICAgICAgICAKPC9wPgo8cD4KICAgICAgICAgIFRoZSBw YXJhbWV0ZXJzIGFyZSBpbmNsdWRlZCBpbiB0aGUgZW50aXR5IGJvZHkgb2YgdGhlIEhUVFAgcmVz cG9uc2UgdXNpbmcgdGhlCiAgICAgICAgICA8dHQ+YXBwbGljYXRpb24vanNvbjwvdHQ+IG1lZGlh IHR5cGUgYXMgZGVmaW5lZCBieQogICAgICAgICAgPGEgY2xhc3M9J2luZm8nIGhyZWY9JyNSRkM0 NjI3Jz5bUkZDNDYyN108c3Bhbj4gKDwvc3Bhbj48c3BhbiBjbGFzcz0naW5mbyc+Q3JvY2tmb3Jk LCBELiwgJmxkcXVvO1RoZSBhcHBsaWNhdGlvbi9qc29uIE1lZGlhIFR5cGUgZm9yIEphdmFTY3Jp cHQgT2JqZWN0IE5vdGF0aW9uIChKU09OKSwmcmRxdW87IEp1bHkmbmJzcDsyMDA2Ljwvc3Bhbj48 c3Bhbj4pPC9zcGFuPjwvYT4uIFRoZSBwYXJhbWV0ZXJzIGFyZSBzZXJpYWxpemVkIGludG8gYSBK U09OIHN0cnVjdHVyZSBieQogICAgICAgICAgYWRkaW5nIGVhY2ggcGFyYW1ldGVyIGF0IHRoZSBo aWdoZXN0IHN0cnVjdHVyZSBsZXZlbC4gUGFyYW1ldGVyIG5hbWVzIGFuZCBzdHJpbmcgdmFsdWVz CiAgICAgICAgICBhcmUgaW5jbHVkZWQgYXMgSlNPTiBzdHJpbmdzLiBOdW1lcmljYWwgdmFsdWVz IGFyZSBpbmNsdWRlZCBhcyBKU09OIG51bWJlcnMuIFRoZSBvcmRlciBvZgogICAgICAgICAgcGFy YW1ldGVycyBkb2VzIG5vdCBtYXR0ZXIgYW5kIGNhbiB2YXJ5LgogICAgICAgIAo8L3A+CjxwPgog ICAgICAgICAgVGhlIGF1dGhvcml6YXRpb24gc2VydmVyIE1VU1QgaW5jbHVkZSB0aGUgSFRUUAog ICAgICAgICAgPHR0PkNhY2hlLUNvbnRyb2w8L3R0PiByZXNwb25zZSBoZWFkZXIgZmllbGQgPGEg Y2xhc3M9J2luZm8nIGhyZWY9JyNSRkMyNjE2Jz5bUkZDMjYxNl08c3Bhbj4gKDwvc3Bhbj48c3Bh biBjbGFzcz0naW5mbyc+RmllbGRpbmcsIFIuLCBHZXR0eXMsIEouLCBNb2d1bCwgSi4sIEZyeXN0 eWssIEguLCBNYXNpbnRlciwgTC4sIExlYWNoLCBQLiwgYW5kIFQuIEJlcm5lcnMtTGVlLCAmbGRx dW87SHlwZXJ0ZXh0IFRyYW5zZmVyIFByb3RvY29sIC0tIEhUVFAvMS4xLCZyZHF1bzsgSnVuZSZu YnNwOzE5OTkuPC9zcGFuPjxzcGFuPik8L3NwYW4+PC9hPgogICAgICAgICAgd2l0aCBhIHZhbHVl IG9mIDx0dD5uby1zdG9yZTwvdHQ+IGluIGFueSByZXNwb25zZSBjb250YWluaW5nIHRva2VucywK ICAgICAgICAgIGNyZWRlbnRpYWxzLCBvciBvdGhlciBzZW5zaXRpdmUgaW5mb3JtYXRpb24sIGFz IHdlbGwgYXMgdGhlCiAgICAgICAgICA8dHQ+UHJhZ21hPC90dD4gcmVzcG9uc2UgaGVhZGVyIGZp ZWxkIDxhIGNsYXNzPSdpbmZvJyBocmVmPScjUkZDMjYxNic+W1JGQzI2MTZdPHNwYW4+ICg8L3Nw YW4+PHNwYW4gY2xhc3M9J2luZm8nPkZpZWxkaW5nLCBSLiwgR2V0dHlzLCBKLiwgTW9ndWwsIEou LCBGcnlzdHlrLCBILiwgTWFzaW50ZXIsIEwuLCBMZWFjaCwgUC4sIGFuZCBULiBCZXJuZXJzLUxl ZSwgJmxkcXVvO0h5cGVydGV4dCBUcmFuc2ZlciBQcm90b2NvbCAtLSBIVFRQLzEuMSwmcmRxdW87 IEp1bmUmbmJzcDsxOTk5Ljwvc3Bhbj48c3Bhbj4pPC9zcGFuPjwvYT4gd2l0aCBhCiAgICAgICAg ICB2YWx1ZSBvZiA8dHQ+bm8tY2FjaGU8L3R0Pi4KICAgICAgICAKPC9wPgo8cD4KICAgICAgICAg ICAgRm9yIGV4YW1wbGU6CiAgICAgICAgICAKPC9wPjxkaXYgc3R5bGU9J2Rpc3BsYXk6IHRhYmxl OyB3aWR0aDogMDsgbWFyZ2luLWxlZnQ6IDNlbTsgbWFyZ2luLXJpZ2h0OiBhdXRvJz48cHJlPgog IEhUVFAvMS4xIDIwMCBPSwogIENvbnRlbnQtVHlwZTogYXBwbGljYXRpb24vanNvbjtjaGFyc2V0 PVVURi04CiAgQ2FjaGUtQ29udHJvbDogbm8tc3RvcmUKICBQcmFnbWE6IG5vLWNhY2hlCgogIHsK ICAgICJhY2Nlc3NfdG9rZW4iOiIyWW90bkZaRkVqcjF6Q3NpY01XcEFBIiwKICAgICJ0b2tlbl90 eXBlIjoiZXhhbXBsZSIsCiAgICAiZXhwaXJlc19pbiI6MzYwMCwKICAgICJyZWZyZXNoX3Rva2Vu IjoidEd6djNKT2tGMFhHNVF4MlRsS1dJQSIsCiAgICAiZXhhbXBsZV9wYXJhbWV0ZXIiOiJleGFt cGxlX3ZhbHVlIgogIH0KPC9wcmU+PC9kaXY+CjxwPgogICAgICAgICAgVGhlIGNsaWVudCBNVVNU IGlnbm9yZSB1bnJlY29nbml6ZWQgdmFsdWUgbmFtZXMgaW4gdGhlIHJlc3BvbnNlLiBUaGUgc2l6 ZXMgb2YgdG9rZW5zIGFuZAogICAgICAgICAgb3RoZXIgdmFsdWVzIHJlY2VpdmVkIGZyb20gdGhl IGF1dGhvcml6YXRpb24gc2VydmVyIGFyZSBsZWZ0IHVuZGVmaW5lZC4gVGhlIGNsaWVudCBzaG91 bGQKICAgICAgICAgIGF2b2lkIG1ha2luZyBhc3N1bXB0aW9ucyBhYm91dCB2YWx1ZSBzaXplcy4g VGhlIGF1dGhvcml6YXRpb24gc2VydmVyIFNIT1VMRCBkb2N1bWVudCB0aGUKICAgICAgICAgIHNp emUgb2YgYW55IHZhbHVlIGl0IGlzc3Vlcy4KICAgICAgICAKPC9wPgo8YSBuYW1lPSJ0b2tlbi1l cnJvcnMiPjwvYT48YnIgLz48aHIgLz4KPHRhYmxlIHN1bW1hcnk9ImxheW91dCIgY2VsbHBhZGRp bmc9IjAiIGNlbGxzcGFjaW5nPSIyIiBjbGFzcz0iVE9DYnVnIiBhbGlnbj0icmlnaHQiPjx0cj48 dGQgY2xhc3M9IlRPQ2J1ZyI+PGEgaHJlZj0iI3RvYyI+Jm5ic3A7VE9DJm5ic3A7PC9hPjwvdGQ+ PC90cj48L3RhYmxlPgo8YSBuYW1lPSJyZmMuc2VjdGlvbi41LjIiPjwvYT48aDM+NS4yLiZuYnNw OwpFcnJvciBSZXNwb25zZTwvaDM+Cgo8cD4KICAgICAgICAgIFRoZSBhdXRob3JpemF0aW9uIHNl cnZlciByZXNwb25kcyB3aXRoIGFuIEhUVFAgNDAwIChCYWQgUmVxdWVzdCkgc3RhdHVzIGNvZGUg KHVubGVzcwogICAgICAgICAgc3BlY2lmaWVkIG90aGVyd2lzZSkgYW5kIGluY2x1ZGVzIHRoZSBm b2xsb3dpbmcgcGFyYW1ldGVycyB3aXRoIHRoZSByZXNwb25zZToKICAgICAgICAKPC9wPgo8cD4K ICAgICAgICAgIDwvcD4KPGJsb2NrcXVvdGUgY2xhc3M9InRleHQiPjxkbD4KPGR0PmVycm9yPC9k dD4KPGRkPgogICAgICAgICAgICAgIAogICAgICAgICAgICAgIFJFUVVJUkVELiBBIHNpbmdsZSBB U0NJSSA8YSBjbGFzcz0naW5mbycgaHJlZj0nI1VTQVNDSUknPltVU0FTQ0lJXTxzcGFuPiAoPC9z cGFuPjxzcGFuIGNsYXNzPSdpbmZvJz5BbWVyaWNhbiBOYXRpb25hbCBTdGFuZGFyZHMgSW5zdGl0 dXRlLCAmbGRxdW87Q29kZWQgQ2hhcmFjdGVyIFNldCAtLSA3LWJpdCBBbWVyaWNhbiBTdGFuZGFy ZCBDb2RlIGZvciBJbmZvcm1hdGlvbiBJbnRlcmNoYW5nZSwmcmRxdW87IDE5ODYuPC9zcGFuPjxz cGFuPik8L3NwYW4+PC9hPiBlcnJvciBjb2RlIGZyb20gdGhlIGZvbGxvd2luZzoKCiAgICAgICAg ICAgICAgCjxibG9ja3F1b3RlIGNsYXNzPSJ0ZXh0Ij48ZGw+CjxkdD5pbnZhbGlkX3JlcXVlc3Q8 L2R0Pgo8ZGQ+CiAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICBUaGUgcmVxdWVz dCBpcyBtaXNzaW5nIGEgcmVxdWlyZWQgcGFyYW1ldGVyLCBpbmNsdWRlcyBhbiB1bnN1cHBvcnRl ZAogICAgICAgICAgICAgICAgICBwYXJhbWV0ZXIgdmFsdWUgKG90aGVyIHRoYW4gZ3JhbnQgdHlw ZSksIHJlcGVhdHMgYSBwYXJhbWV0ZXIsIGluY2x1ZGVzIG11bHRpcGxlCiAgICAgICAgICAgICAg ICAgIGNyZWRlbnRpYWxzLCB1dGlsaXplcyBtb3JlIHRoYW4gb25lIG1lY2hhbmlzbSBmb3IgYXV0 aGVudGljYXRpbmcgdGhlIGNsaWVudCwKICAgICAgICAgICAgICAgICAgb3IgaXMgb3RoZXJ3aXNl IG1hbGZvcm1lZC4KICAgICAgICAgICAgICAgIAo8L2RkPgo8ZHQ+aW52YWxpZF9jbGllbnQ8L2R0 Pgo8ZGQ+CiAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICBDbGllbnQgYXV0aGVu dGljYXRpb24gZmFpbGVkIChlLmcuIHVua25vd24gY2xpZW50LCBubyBjbGllbnQgYXV0aGVudGlj YXRpb24KICAgICAgICAgICAgICAgICAgaW5jbHVkZWQsIG9yIHVuc3VwcG9ydGVkIGF1dGhlbnRp Y2F0aW9uIG1ldGhvZCkuIFRoZSBhdXRob3JpemF0aW9uIHNlcnZlciBNQVkKICAgICAgICAgICAg ICAgICAgcmV0dXJuIGFuIEhUVFAgNDAxIChVbmF1dGhvcml6ZWQpIHN0YXR1cyBjb2RlIHRvIGlu ZGljYXRlIHdoaWNoIEhUVFAKICAgICAgICAgICAgICAgICAgYXV0aGVudGljYXRpb24gc2NoZW1l cyBhcmUgc3VwcG9ydGVkLiBJZiB0aGUgY2xpZW50IGF0dGVtcHRlZCB0byBhdXRoZW50aWNhdGUg dmlhCiAgICAgICAgICAgICAgICAgIHRoZSA8dHQ+QXV0aG9yaXphdGlvbjwvdHQ+IHJlcXVlc3Qg aGVhZGVyIGZpZWxkLAogICAgICAgICAgICAgICAgICB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIg TVVTVCByZXNwb25kIHdpdGggYW4gSFRUUCA0MDEgKFVuYXV0aG9yaXplZCkgc3RhdHVzCiAgICAg ICAgICAgICAgICAgIGNvZGUsIGFuZCBpbmNsdWRlIHRoZSA8dHQ+V1dXLUF1dGhlbnRpY2F0ZTwv dHQ+IHJlc3BvbnNlCiAgICAgICAgICAgICAgICAgIGhlYWRlciBmaWVsZCBtYXRjaGluZyB0aGUg YXV0aGVudGljYXRpb24gc2NoZW1lIHVzZWQgYnkgdGhlIGNsaWVudC4KICAgICAgICAgICAgICAg IAo8L2RkPgo8ZHQ+aW52YWxpZF9ncmFudDwvZHQ+CjxkZD4KICAgICAgICAgICAgICAgICAgCiAg ICAgICAgICAgICAgICAgIFRoZSBwcm92aWRlZCBhdXRob3JpemF0aW9uIGdyYW50IChlLmcuIGF1 dGhvcml6YXRpb24gY29kZSwgcmVzb3VyY2Ugb3duZXIKICAgICAgICAgICAgICAgICAgY3JlZGVu dGlhbHMpIG9yIHJlZnJlc2ggdG9rZW4gaXMgaW52YWxpZCwgZXhwaXJlZCwgcmV2b2tlZCwgZG9l cyBub3QgbWF0Y2ggdGhlCiAgICAgICAgICAgICAgICAgIHJlZGlyZWN0aW9uIFVSSSB1c2VkIGlu IHRoZSBhdXRob3JpemF0aW9uIHJlcXVlc3QsIG9yIHdhcyBpc3N1ZWQgdG8gYW5vdGhlcgogICAg ICAgICAgICAgICAgICBjbGllbnQuCiAgICAgICAgICAgICAgICAKPC9kZD4KPGR0PnVuYXV0aG9y aXplZF9jbGllbnQ8L2R0Pgo8ZGQ+CiAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAg ICBUaGUgYXV0aGVudGljYXRlZCBjbGllbnQgaXMgbm90IGF1dGhvcml6ZWQgdG8gdXNlIHRoaXMg YXV0aG9yaXphdGlvbiBncmFudCB0eXBlLgogICAgICAgICAgICAgICAgCjwvZGQ+CjxkdD51bnN1 cHBvcnRlZF9ncmFudF90eXBlPC9kdD4KPGRkPgogICAgICAgICAgICAgICAgICAKICAgICAgICAg ICAgICAgICAgVGhlIGF1dGhvcml6YXRpb24gZ3JhbnQgdHlwZSBpcyBub3Qgc3VwcG9ydGVkIGJ5 IHRoZSBhdXRob3JpemF0aW9uIHNlcnZlci4KICAgICAgICAgICAgICAgIAo8L2RkPgo8ZHQ+aW52 YWxpZF9zY29wZTwvZHQ+CjxkZD4KICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAg IFRoZSByZXF1ZXN0ZWQgc2NvcGUgaXMgaW52YWxpZCwgdW5rbm93biwgbWFsZm9ybWVkLCBvciBl eGNlZWRzIHRoZSBzY29wZSBncmFudGVkCiAgICAgICAgICAgICAgICAgIGJ5IHRoZSByZXNvdXJj ZSBvd25lci4KICAgICAgICAgICAgICAgIAo8L2RkPgo8L2RsPjwvYmxvY2txdW90ZT4KCgkgICAg ICBWYWx1ZXMgZm9yIHRoZSA8dHQ+ZXJyb3I8L3R0PiBwYXJhbWV0ZXIgTVVTVCBOT1QgaW5jbHVk ZQoJICAgICAgY2hhcmFjdGVycyBvdXRzaWRlIHRoZSBzZXQgJXgyMC0yMSAvICV4MjMtNUIgLyAl eDVELTdFLgogICAgICAgICAgICAKPC9kZD4KPGR0PmVycm9yX2Rlc2NyaXB0aW9uPC9kdD4KPGRk PgogICAgICAgICAgICAgIAogICAgICAgICAgICAgIE9QVElPTkFMLiBBIGh1bWFuLXJlYWRhYmxl IEFTQ0lJIDxhIGNsYXNzPSdpbmZvJyBocmVmPScjVVNBU0NJSSc+W1VTQVNDSUldPHNwYW4+ICg8 L3NwYW4+PHNwYW4gY2xhc3M9J2luZm8nPkFtZXJpY2FuIE5hdGlvbmFsIFN0YW5kYXJkcyBJbnN0 aXR1dGUsICZsZHF1bztDb2RlZCBDaGFyYWN0ZXIgU2V0IC0tIDctYml0IEFtZXJpY2FuIFN0YW5k YXJkIENvZGUgZm9yIEluZm9ybWF0aW9uIEludGVyY2hhbmdlLCZyZHF1bzsgMTk4Ni48L3NwYW4+ PHNwYW4+KTwvc3Bhbj48L2E+IHRleHQgcHJvdmlkaW5nIGFkZGl0aW9uYWwgaW5mb3JtYXRpb24s CiAgICAgICAgICAgICAgdXNlZCB0byBhc3Npc3QgdGhlIGNsaWVudCBkZXZlbG9wZXIgaW4gdW5k ZXJzdGFuZGluZyB0aGUgZXJyb3IgdGhhdCBvY2N1cnJlZC4KCSAgICAgIDxiciAvPgoKCSAgICAg IFZhbHVlcyBmb3IgdGhlIDx0dD5lcnJvcl9kZXNjcmlwdGlvbjwvdHQ+IHBhcmFtZXRlciBNVVNU IE5PVCBpbmNsdWRlCgkgICAgICBjaGFyYWN0ZXJzIG91dHNpZGUgdGhlIHNldCAleDIwLTIxIC8g JXgyMy01QiAvICV4NUQtN0UuCiAgICAgICAgICAgIAo8L2RkPgo8ZHQ+ZXJyb3JfdXJpPC9kdD4K PGRkPgogICAgICAgICAgICAgIAogICAgICAgICAgICAgIE9QVElPTkFMLiBBIFVSSSBpZGVudGlm eWluZyBhIGh1bWFuLXJlYWRhYmxlIHdlYiBwYWdlIHdpdGggaW5mb3JtYXRpb24gYWJvdXQgdGhl CiAgICAgICAgICAgICAgZXJyb3IsIHVzZWQgdG8gcHJvdmlkZSB0aGUgY2xpZW50IGRldmVsb3Bl ciB3aXRoIGFkZGl0aW9uYWwgaW5mb3JtYXRpb24gYWJvdXQgdGhlCiAgICAgICAgICAgICAgZXJy b3IuCgkgICAgICA8YnIgLz4KCgkgICAgICBWYWx1ZXMgZm9yIHRoZSA8dHQ+ZXJyb3JfdXJpPC90 dD4gcGFyYW1ldGVyCgkgICAgICBNVVNUIGNvbmZvcm0gdG8gdGhlIFVSSS1SZWZlcmVuY2Ugc3lu dGF4LCBhbmQgdGh1cyBNVVNUIE5PVCBpbmNsdWRlCgkgICAgICBjaGFyYWN0ZXJzIG91dHNpZGUg dGhlIHNldCAleDIxIC8gJXgyMy01QiAvICV4NUQtN0UuCiAgICAgICAgICAgIAo8L2RkPgo8L2Rs PjwvYmxvY2txdW90ZT48cD4KICAgICAgICAKPC9wPgo8cD4KICAgICAgICAgIFRoZSBwYXJhbWV0 ZXJzIGFyZSBpbmNsdWRlZCBpbiB0aGUgZW50aXR5IGJvZHkgb2YgdGhlIEhUVFAgcmVzcG9uc2Ug dXNpbmcgdGhlCiAgICAgICAgICA8dHQ+YXBwbGljYXRpb24vanNvbjwvdHQ+IG1lZGlhIHR5cGUg YXMgZGVmaW5lZCBieQogICAgICAgICAgPGEgY2xhc3M9J2luZm8nIGhyZWY9JyNSRkM0NjI3Jz5b UkZDNDYyN108c3Bhbj4gKDwvc3Bhbj48c3BhbiBjbGFzcz0naW5mbyc+Q3JvY2tmb3JkLCBELiwg JmxkcXVvO1RoZSBhcHBsaWNhdGlvbi9qc29uIE1lZGlhIFR5cGUgZm9yIEphdmFTY3JpcHQgT2Jq ZWN0IE5vdGF0aW9uIChKU09OKSwmcmRxdW87IEp1bHkmbmJzcDsyMDA2Ljwvc3Bhbj48c3Bhbj4p PC9zcGFuPjwvYT4uIFRoZSBwYXJhbWV0ZXJzIGFyZSBzZXJpYWxpemVkIGludG8gYSBKU09OIHN0 cnVjdHVyZSBieQogICAgICAgICAgYWRkaW5nIGVhY2ggcGFyYW1ldGVyIGF0IHRoZSBoaWdoZXN0 IHN0cnVjdHVyZSBsZXZlbC4gUGFyYW1ldGVyIG5hbWVzIGFuZCBzdHJpbmcgdmFsdWVzCiAgICAg ICAgICBhcmUgaW5jbHVkZWQgYXMgSlNPTiBzdHJpbmdzLiBOdW1lcmljYWwgdmFsdWVzIGFyZSBp bmNsdWRlZCBhcyBKU09OIG51bWJlcnMuIFRoZSBvcmRlciBvZgogICAgICAgICAgcGFyYW1ldGVy cyBkb2VzIG5vdCBtYXR0ZXIgYW5kIGNhbiB2YXJ5LgogICAgICAgIAo8L3A+CjxwPgogICAgICAg ICAgICBGb3IgZXhhbXBsZToKICAgICAgICAgIAo8L3A+PGRpdiBzdHlsZT0nZGlzcGxheTogdGFi bGU7IHdpZHRoOiAwOyBtYXJnaW4tbGVmdDogM2VtOyBtYXJnaW4tcmlnaHQ6IGF1dG8nPjxwcmU+ CiAgSFRUUC8xLjEgNDAwIEJhZCBSZXF1ZXN0CiAgQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi9q c29uO2NoYXJzZXQ9VVRGLTgKICBDYWNoZS1Db250cm9sOiBuby1zdG9yZQogIFByYWdtYTogbm8t Y2FjaGUKCiAgewogICAgImVycm9yIjoiaW52YWxpZF9yZXF1ZXN0IgogIH0KPC9wcmU+PC9kaXY+ CjxhIG5hbWU9InRva2VuLXJlZnJlc2giPjwvYT48YnIgLz48aHIgLz4KPHRhYmxlIHN1bW1hcnk9 ImxheW91dCIgY2VsbHBhZGRpbmc9IjAiIGNlbGxzcGFjaW5nPSIyIiBjbGFzcz0iVE9DYnVnIiBh bGlnbj0icmlnaHQiPjx0cj48dGQgY2xhc3M9IlRPQ2J1ZyI+PGEgaHJlZj0iI3RvYyI+Jm5ic3A7 VE9DJm5ic3A7PC9hPjwvdGQ+PC90cj48L3RhYmxlPgo8YSBuYW1lPSJyZmMuc2VjdGlvbi42Ij48 L2E+PGgzPjYuJm5ic3A7ClJlZnJlc2hpbmcgYW4gQWNjZXNzIFRva2VuPC9oMz4KCjxwPgogICAg ICAgIElmIHRoZSBhdXRob3JpemF0aW9uIHNlcnZlciBpc3N1ZWQgYSByZWZyZXNoIHRva2VuIHRv IHRoZSBjbGllbnQsIHRoZSBjbGllbnQgbWFrZXMgYQogICAgICAgIHJlZnJlc2ggcmVxdWVzdCB0 byB0aGUgdG9rZW4gZW5kcG9pbnQgYnkgYWRkaW5nIHRoZSBmb2xsb3dpbmcgcGFyYW1ldGVycyB1 c2luZyB0aGUKICAgICAgICA8dHQ+YXBwbGljYXRpb24veC13d3ctZm9ybS11cmxlbmNvZGVkPC90 dD4gZm9ybWF0Cgk8YSBjbGFzcz0naW5mbycgaHJlZj0nI1czQy5SRUMtaHRtbDQwMS0xOTk5MTIy NCc+W1czQy5SRUMmIzgyMDk7aHRtbDQwMSYjODIwOTsxOTk5MTIyNF08c3Bhbj4gKDwvc3Bhbj48 c3BhbiBjbGFzcz0naW5mbyc+SG9ycywgQS4sIFJhZ2dldHQsIEQuLCBhbmQgSS4gSmFjb2JzLCAm bGRxdW87SFRNTCA0LjAxIFNwZWNpZmljYXRpb24sJnJkcXVvOyBEZWNlbWJlciZuYnNwOzE5OTku PC9zcGFuPjxzcGFuPik8L3NwYW4+PC9hPiBhbmQgYSBjaGFyYWN0ZXIgZW5jb2Rpbmcgb2YgVVRG LTgKCWluIHRoZSBIVFRQIHJlcXVlc3QgZW50aXR5LWJvZHk6CiAgICAgIAo8L3A+CjxwPgogICAg ICAgIDwvcD4KPGJsb2NrcXVvdGUgY2xhc3M9InRleHQiPjxkbD4KPGR0PmdyYW50X3R5cGU8L2R0 Pgo8ZGQ+CiAgICAgICAgICAgIAogICAgICAgICAgICBSRVFVSVJFRC4gVmFsdWUgTVVTVCBiZSBz ZXQgdG8gPHR0PnJlZnJlc2hfdG9rZW48L3R0Pi4KICAgICAgICAgIAo8L2RkPgo8ZHQ+cmVmcmVz aF90b2tlbjwvZHQ+CjxkZD4KICAgICAgICAgICAgCiAgICAgICAgICAgIFJFUVVJUkVELiBUaGUg cmVmcmVzaCB0b2tlbiBpc3N1ZWQgdG8gdGhlIGNsaWVudC4KICAgICAgICAgIAo8L2RkPgo8ZHQ+ c2NvcGU8L2R0Pgo8ZGQ+CiAgICAgICAgICAgIAogICAgICAgICAgICBPUFRJT05BTC4gVGhlIHNj b3BlIG9mIHRoZSBhY2Nlc3MgcmVxdWVzdCBhcyBkZXNjcmliZWQgYnkgPGEgY2xhc3M9J2luZm8n IGhyZWY9JyNzY29wZSc+U2VjdGlvbiZuYnNwOzMuMzxzcGFuPiAoPC9zcGFuPjxzcGFuIGNsYXNz PSdpbmZvJz5BY2Nlc3MgVG9rZW4gU2NvcGU8L3NwYW4+PHNwYW4+KTwvc3Bhbj48L2E+LgogICAg ICAgICAgICBUaGUgcmVxdWVzdGVkIHNjb3BlIE1VU1QgTk9UIGluY2x1ZGUgYW55IHNjb3BlIG5v dCBvcmlnaW5hbGx5IGdyYW50ZWQgYnkgdGhlIHJlc291cmNlCiAgICAgICAgICAgIG93bmVyLCBh bmQgaWYgb21pdHRlZCBpcyB0cmVhdGVkIGFzIGVxdWFsIHRvIHRoZSBzY29wZSBvcmlnaW5hbGx5 IGdyYW50ZWQgYnkgdGhlCiAgICAgICAgICAgIHJlc291cmNlIG93bmVyLgogICAgICAgICAgCjwv ZGQ+CjwvZGw+PC9ibG9ja3F1b3RlPjxwPgogICAgICAKPC9wPgo8cD4KICAgICAgICBCZWNhdXNl IHJlZnJlc2ggdG9rZW5zIGFyZSB0eXBpY2FsbHkgbG9uZy1sYXN0aW5nIGNyZWRlbnRpYWxzIHVz ZWQgdG8gcmVxdWVzdCBhZGRpdGlvbmFsCiAgICAgICAgYWNjZXNzIHRva2VucywgdGhlIHJlZnJl c2ggdG9rZW4gaXMgYm91bmQgdG8gdGhlIGNsaWVudCB0byB3aGljaCBpdCB3YXMgaXNzdWVkLiBJ ZiB0aGUgY2xpZW50IHR5cGUKICAgICAgICBpcyBjb25maWRlbnRpYWwgb3IgdGhlIGNsaWVudCB3 YXMgaXNzdWVkIGNsaWVudCBjcmVkZW50aWFscyAob3IgYXNzaWduZWQgb3RoZXIKICAgICAgICBh dXRoZW50aWNhdGlvbiByZXF1aXJlbWVudHMpLCB0aGUgY2xpZW50IE1VU1QgYXV0aGVudGljYXRl IHdpdGggdGhlIGF1dGhvcml6YXRpb24gc2VydmVyIGFzCiAgICAgICAgZGVzY3JpYmVkIGluIDxh IGNsYXNzPSdpbmZvJyBocmVmPScjdG9rZW4tZW5kcG9pbnQtYXV0aCc+U2VjdGlvbiZuYnNwOzMu Mi4xPHNwYW4+ICg8L3NwYW4+PHNwYW4gY2xhc3M9J2luZm8nPkNsaWVudCBBdXRoZW50aWNhdGlv bjwvc3Bhbj48c3Bhbj4pPC9zcGFuPjwvYT4uCiAgICAgIAo8L3A+CjxwPgogICAgICAgICAgRm9y IGV4YW1wbGUsIHRoZSBjbGllbnQgbWFrZXMgdGhlIGZvbGxvd2luZyBIVFRQIHJlcXVlc3QgdXNp bmcgdHJhbnNwb3J0LWxheWVyCiAgICAgICAgICBzZWN1cml0eSAoZXh0cmEgbGluZSBicmVha3Mg YXJlIGZvciBkaXNwbGF5IHB1cnBvc2VzIG9ubHkpOgogICAgICAgIAo8L3A+PGRpdiBzdHlsZT0n ZGlzcGxheTogdGFibGU7IHdpZHRoOiAwOyBtYXJnaW4tbGVmdDogM2VtOyBtYXJnaW4tcmlnaHQ6 IGF1dG8nPjxwcmU+CiAgUE9TVCAvdG9rZW4gSFRUUC8xLjEKICBIb3N0OiBzZXJ2ZXIuZXhhbXBs ZS5jb20KICBBdXRob3JpemF0aW9uOiBCYXNpYyBjelpDYUdSU2EzRjBNenBuV0RGbVFtRjBNMkpX CiAgQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQKCiAgZ3Jh bnRfdHlwZT1yZWZyZXNoX3Rva2VuJmFtcDtyZWZyZXNoX3Rva2VuPXRHenYzSk9rRjBYRzVReDJU bEtXSUEKPC9wcmU+PC9kaXY+CjxwPgogICAgICAgIFRoZSBhdXRob3JpemF0aW9uIHNlcnZlciBN VVNUOgogICAgICAKPC9wPgo8cD4KICAgICAgICA8L3A+Cjx1bCBjbGFzcz0idGV4dCI+CjxsaT4K ICAgICAgICAgICAgcmVxdWlyZSBjbGllbnQgYXV0aGVudGljYXRpb24gZm9yIGNvbmZpZGVudGlh bCBjbGllbnRzIG9yIGZvciBhbnkgY2xpZW50IHRoYXQgd2FzCiAgICAgICAgICAgIGlzc3VlZCBj bGllbnQgY3JlZGVudGlhbHMgKG9yIHdpdGggb3RoZXIgYXV0aGVudGljYXRpb24gcmVxdWlyZW1l bnRzKSwKICAgICAgICAgIAo8L2xpPgo8bGk+CiAgICAgICAgICAgIGF1dGhlbnRpY2F0ZSB0aGUg Y2xpZW50IGlmIGNsaWVudCBhdXRoZW50aWNhdGlvbiBpcyBpbmNsdWRlZCBhbmQgZW5zdXJlIHRo ZQogICAgICAgICAgICByZWZyZXNoIHRva2VuIHdhcyBpc3N1ZWQgdG8gdGhlIGF1dGhlbnRpY2F0 ZWQgY2xpZW50LCBhbmQKICAgICAgICAgIAo8L2xpPgo8bGk+CiAgICAgICAgICAgIHZhbGlkYXRl IHRoZSByZWZyZXNoIHRva2VuLgogICAgICAgICAgCjwvbGk+CjwvdWw+PHA+CiAgICAgIAo8L3A+ CjxwPgogICAgICAgIElmIHZhbGlkIGFuZCBhdXRob3JpemVkLCB0aGUgYXV0aG9yaXphdGlvbiBz ZXJ2ZXIgaXNzdWVzIGFuIGFjY2VzcyB0b2tlbiBhcyBkZXNjcmliZWQgaW4KICAgICAgICA8YSBj bGFzcz0naW5mbycgaHJlZj0nI3Rva2VuLXJlc3BvbnNlJz5TZWN0aW9uJm5ic3A7NS4xPHNwYW4+ ICg8L3NwYW4+PHNwYW4gY2xhc3M9J2luZm8nPlN1Y2Nlc3NmdWwgUmVzcG9uc2U8L3NwYW4+PHNw YW4+KTwvc3Bhbj48L2E+LiBJZiB0aGUgcmVxdWVzdCBmYWlsZWQgdmVyaWZpY2F0aW9uIG9yIGlz IGludmFsaWQsIHRoZQogICAgICAgIGF1dGhvcml6YXRpb24gc2VydmVyIHJldHVybnMgYW4gZXJy b3IgcmVzcG9uc2UgYXMgZGVzY3JpYmVkIGluCiAgICAgICAgPGEgY2xhc3M9J2luZm8nIGhyZWY9 JyN0b2tlbi1lcnJvcnMnPlNlY3Rpb24mbmJzcDs1LjI8c3Bhbj4gKDwvc3Bhbj48c3BhbiBjbGFz cz0naW5mbyc+RXJyb3IgUmVzcG9uc2U8L3NwYW4+PHNwYW4+KTwvc3Bhbj48L2E+LgogICAgICAK PC9wPgo8cD4KICAgICAgICBUaGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgTUFZIGlzc3VlIGEgbmV3 IHJlZnJlc2ggdG9rZW4sIGluIHdoaWNoIGNhc2UgdGhlIGNsaWVudCBNVVNUCiAgICAgICAgZGlz Y2FyZCB0aGUgb2xkIHJlZnJlc2ggdG9rZW4gYW5kIHJlcGxhY2UgaXQgd2l0aCB0aGUgbmV3IHJl ZnJlc2ggdG9rZW4uIFRoZSBhdXRob3JpemF0aW9uCiAgICAgICAgc2VydmVyIE1BWSByZXZva2Ug dGhlIG9sZCByZWZyZXNoIHRva2VuIGFmdGVyIGlzc3VpbmcgYSBuZXcgcmVmcmVzaCB0b2tlbiB0 byB0aGUgY2xpZW50LiBJZgogICAgICAgIGEgbmV3IHJlZnJlc2ggdG9rZW4gaXMgaXNzdWVkLCB0 aGUgcmVmcmVzaCB0b2tlbiBzY29wZSBNVVNUIGJlIGlkZW50aWNhbCB0byB0aGF0IG9mIHRoZQog ICAgICAgIHJlZnJlc2ggdG9rZW4gaW5jbHVkZWQgYnkgdGhlIGNsaWVudCBpbiB0aGUgcmVxdWVz dC4KICAgICAgCjwvcD4KPGEgbmFtZT0iYWNjZXNzLXJlc291cmNlIj48L2E+PGJyIC8+PGhyIC8+ Cjx0YWJsZSBzdW1tYXJ5PSJsYXlvdXQiIGNlbGxwYWRkaW5nPSIwIiBjZWxsc3BhY2luZz0iMiIg Y2xhc3M9IlRPQ2J1ZyIgYWxpZ249InJpZ2h0Ij48dHI+PHRkIGNsYXNzPSJUT0NidWciPjxhIGhy ZWY9IiN0b2MiPiZuYnNwO1RPQyZuYnNwOzwvYT48L3RkPjwvdHI+PC90YWJsZT4KPGEgbmFtZT0i cmZjLnNlY3Rpb24uNyI+PC9hPjxoMz43LiZuYnNwOwpBY2Nlc3NpbmcgUHJvdGVjdGVkIFJlc291 cmNlczwvaDM+Cgo8cD4KICAgICAgICBUaGUgY2xpZW50IGFjY2Vzc2VzIHByb3RlY3RlZCByZXNv dXJjZXMgYnkgcHJlc2VudGluZyB0aGUgYWNjZXNzIHRva2VuIHRvIHRoZSByZXNvdXJjZQogICAg ICAgIHNlcnZlci4gVGhlIHJlc291cmNlIHNlcnZlciBNVVNUIHZhbGlkYXRlIHRoZSBhY2Nlc3Mg dG9rZW4gYW5kIGVuc3VyZSBpdCBoYXMgbm90IGV4cGlyZWQKICAgICAgICBhbmQgdGhhdCBpdHMg c2NvcGUgY292ZXJzIHRoZSByZXF1ZXN0ZWQgcmVzb3VyY2UuIFRoZSBtZXRob2RzIHVzZWQgYnkg dGhlIHJlc291cmNlIHNlcnZlcgogICAgICAgIHRvIHZhbGlkYXRlIHRoZSBhY2Nlc3MgdG9rZW4g KGFzIHdlbGwgYXMgYW55IGVycm9yIHJlc3BvbnNlcykgYXJlIGJleW9uZCB0aGUgc2NvcGUgb2Yg dGhpcwogICAgICAgIHNwZWNpZmljYXRpb24sIGJ1dCBnZW5lcmFsbHkgaW52b2x2ZSBhbiBpbnRl cmFjdGlvbiBvciBjb29yZGluYXRpb24gYmV0d2VlbiB0aGUgcmVzb3VyY2UKICAgICAgICBzZXJ2 ZXIgYW5kIHRoZSBhdXRob3JpemF0aW9uIHNlcnZlci4KICAgICAgCjwvcD4KPHA+CiAgICAgICAg VGhlIG1ldGhvZCBpbiB3aGljaCB0aGUgY2xpZW50IHV0aWxpemVzIHRoZSBhY2Nlc3MgdG9rZW4g dG8gYXV0aGVudGljYXRlIHdpdGggdGhlIHJlc291cmNlCiAgICAgICAgc2VydmVyIGRlcGVuZHMg b24gdGhlIHR5cGUgb2YgYWNjZXNzIHRva2VuIGlzc3VlZCBieSB0aGUgYXV0aG9yaXphdGlvbiBz ZXJ2ZXIuIFR5cGljYWxseSwKICAgICAgICBpdCBpbnZvbHZlcyB1c2luZyB0aGUgSFRUUCA8dHQ+ QXV0aG9yaXphdGlvbjwvdHQ+IHJlcXVlc3QgaGVhZGVyIGZpZWxkCiAgICAgICAgPGEgY2xhc3M9 J2luZm8nIGhyZWY9JyNSRkMyNjE3Jz5bUkZDMjYxN108c3Bhbj4gKDwvc3Bhbj48c3BhbiBjbGFz cz0naW5mbyc+RnJhbmtzLCBKLiwgSGFsbGFtLUJha2VyLCBQLiwgSG9zdGV0bGVyLCBKLiwgTGF3 cmVuY2UsIFMuLCBMZWFjaCwgUC4sIEx1b3RvbmVuLCBBLiwgYW5kIEwuIFN0ZXdhcnQsICZsZHF1 bztIVFRQIEF1dGhlbnRpY2F0aW9uOiBCYXNpYyBhbmQgRGlnZXN0IEFjY2VzcyBBdXRoZW50aWNh dGlvbiwmcmRxdW87IEp1bmUmbmJzcDsxOTk5Ljwvc3Bhbj48c3Bhbj4pPC9zcGFuPjwvYT4gd2l0 aCBhbiBhdXRoZW50aWNhdGlvbiBzY2hlbWUgZGVmaW5lZCBieSB0aGUgYWNjZXNzIHRva2VuIHR5 cGUKICAgICAgICBzcGVjaWZpY2F0aW9uLgogICAgICAKPC9wPgo8YSBuYW1lPSJ0b2tlbi10eXBl cyI+PC9hPjxiciAvPjxociAvPgo8dGFibGUgc3VtbWFyeT0ibGF5b3V0IiBjZWxscGFkZGluZz0i MCIgY2VsbHNwYWNpbmc9IjIiIGNsYXNzPSJUT0NidWciIGFsaWduPSJyaWdodCI+PHRyPjx0ZCBj bGFzcz0iVE9DYnVnIj48YSBocmVmPSIjdG9jIj4mbmJzcDtUT0MmbmJzcDs8L2E+PC90ZD48L3Ry PjwvdGFibGU+CjxhIG5hbWU9InJmYy5zZWN0aW9uLjcuMSI+PC9hPjxoMz43LjEuJm5ic3A7CkFj Y2VzcyBUb2tlbiBUeXBlczwvaDM+Cgo8cD4KICAgICAgICAgIFRoZSBhY2Nlc3MgdG9rZW4gdHlw ZSBwcm92aWRlcyB0aGUgY2xpZW50IHdpdGggdGhlIGluZm9ybWF0aW9uIHJlcXVpcmVkIHRvIHN1 Y2Nlc3NmdWxseQogICAgICAgICAgdXRpbGl6ZSB0aGUgYWNjZXNzIHRva2VuIHRvIG1ha2UgYSBw cm90ZWN0ZWQgcmVzb3VyY2UgcmVxdWVzdCAoYWxvbmcgd2l0aCB0eXBlLXNwZWNpZmljCiAgICAg ICAgICBhdHRyaWJ1dGVzKS4gVGhlIGNsaWVudCBNVVNUIE5PVCB1c2UgYW4gYWNjZXNzIHRva2Vu IGlmIGl0IGRvZXMgbm90IHVuZGVyc3RhbmQgdGhlIHRva2VuCiAgICAgICAgICB0eXBlLgogICAg ICAgIAo8L3A+CjxwPgogICAgICAgICAgICBGb3IgZXhhbXBsZSwgdGhlIDx0dD5iZWFyZXI8L3R0 PiB0b2tlbiB0eXBlIGRlZmluZWQgaW4KICAgICAgICAgICAgPGEgY2xhc3M9J2luZm8nIGhyZWY9 JyNJLUQuaWV0Zi1vYXV0aC12Mi1iZWFyZXInPltJJiM4MjA5O0QuaWV0ZiYjODIwOTtvYXV0aCYj ODIwOTt2MiYjODIwOTtiZWFyZXJdPHNwYW4+ICg8L3NwYW4+PHNwYW4gY2xhc3M9J2luZm8nPkpv bmVzLCBNLiwgSGFyZHQsIEQuLCBhbmQgRC4gUmVjb3Jkb24sICZsZHF1bztUaGUgT0F1dGggMi4w IEF1dGhvcml6YXRpb24gRnJhbWV3b3JrOiBCZWFyZXIgVG9rZW4gVXNhZ2UsJnJkcXVvOyBKdW5l Jm5ic3A7MjAxMi48L3NwYW4+PHNwYW4+KTwvc3Bhbj48L2E+IGlzIHV0aWxpemVkIGJ5IHNpbXBs eSBpbmNsdWRpbmcgdGhlIGFjY2VzcwogICAgICAgICAgICB0b2tlbiBzdHJpbmcgaW4gdGhlIHJl cXVlc3Q6CiAgICAgICAgICAKPC9wPjxkaXYgc3R5bGU9J2Rpc3BsYXk6IHRhYmxlOyB3aWR0aDog MDsgbWFyZ2luLWxlZnQ6IDNlbTsgbWFyZ2luLXJpZ2h0OiBhdXRvJz48cHJlPgogIEdFVCAvcmVz b3VyY2UvMSBIVFRQLzEuMQogIEhvc3Q6IGV4YW1wbGUuY29tCiAgQXV0aG9yaXphdGlvbjogQmVh cmVyIG1GXzkuQjVmLTQuMUpxTQo8L3ByZT48L2Rpdj4KPHA+CiAgICAgICAgICAgIHdoaWxlIHRo ZSA8dHQ+bWFjPC90dD4gdG9rZW4gdHlwZSBkZWZpbmVkIGluCiAgICAgICAgICAgIDxhIGNsYXNz PSdpbmZvJyBocmVmPScjSS1ELmlldGYtb2F1dGgtdjItaHR0cC1tYWMnPltJJiM4MjA5O0QuaWV0 ZiYjODIwOTtvYXV0aCYjODIwOTt2MiYjODIwOTtodHRwJiM4MjA5O21hY108c3Bhbj4gKDwvc3Bh bj48c3BhbiBjbGFzcz0naW5mbyc+SGFtbWVyLUxhaGF2LCBFLiwgJmxkcXVvO0hUVFAgQXV0aGVu dGljYXRpb246IE1BQyBBY2Nlc3MgQXV0aGVudGljYXRpb24sJnJkcXVvOyBGZWJydWFyeSZuYnNw OzIwMTIuPC9zcGFuPjxzcGFuPik8L3NwYW4+PC9hPiBpcyB1dGlsaXplZCBieSBpc3N1aW5nIGEg TUFDIGtleQogICAgICAgICAgICB0b2dldGhlciB3aXRoIHRoZSBhY2Nlc3MgdG9rZW4gd2hpY2gg aXMgdXNlZCB0byBzaWduIGNlcnRhaW4gY29tcG9uZW50cyBvZiB0aGUgSFRUUAogICAgICAgICAg ICByZXF1ZXN0czoKICAgICAgICAgIAo8L3A+PGRpdiBzdHlsZT0nZGlzcGxheTogdGFibGU7IHdp ZHRoOiAwOyBtYXJnaW4tbGVmdDogM2VtOyBtYXJnaW4tcmlnaHQ6IGF1dG8nPjxwcmU+CiAgR0VU IC9yZXNvdXJjZS8xIEhUVFAvMS4xCiAgSG9zdDogZXhhbXBsZS5jb20KICBBdXRob3JpemF0aW9u OiBNQUMgaWQ9Img0ODBkanM5M2hkOCIsCiAgICAgICAgICAgICAgICAgICAgIG5vbmNlPSIyNzQz MTI6ZGo4M2hzOXMiLAogICAgICAgICAgICAgICAgICAgICBtYWM9ImtEWnZkZGtuZHh2aEdSWFpo dnVEakVXaEdlRT0iCjwvcHJlPjwvZGl2Pgo8cD4KICAgICAgICAgIFRoZSBhYm92ZSBleGFtcGxl cyBhcmUgcHJvdmlkZWQgZm9yIGlsbHVzdHJhdGlvbiBwdXJwb3NlcyBvbmx5LiBEZXZlbG9wZXJz IGFyZSBhZHZpc2VkIHRvCiAgICAgICAgICBjb25zdWx0IHRoZSA8YSBjbGFzcz0naW5mbycgaHJl Zj0nI0ktRC5pZXRmLW9hdXRoLXYyLWJlYXJlcic+W0kmIzgyMDk7RC5pZXRmJiM4MjA5O29hdXRo JiM4MjA5O3YyJiM4MjA5O2JlYXJlcl08c3Bhbj4gKDwvc3Bhbj48c3BhbiBjbGFzcz0naW5mbyc+ Sm9uZXMsIE0uLCBIYXJkdCwgRC4sIGFuZCBELiBSZWNvcmRvbiwgJmxkcXVvO1RoZSBPQXV0aCAy LjAgQXV0aG9yaXphdGlvbiBGcmFtZXdvcms6IEJlYXJlciBUb2tlbiBVc2FnZSwmcmRxdW87IEp1 bmUmbmJzcDsyMDEyLjwvc3Bhbj48c3Bhbj4pPC9zcGFuPjwvYT4gYW5kCiAgICAgICAgICA8YSBj bGFzcz0naW5mbycgaHJlZj0nI0ktRC5pZXRmLW9hdXRoLXYyLWh0dHAtbWFjJz5bSSYjODIwOTtE LmlldGYmIzgyMDk7b2F1dGgmIzgyMDk7djImIzgyMDk7aHR0cCYjODIwOTttYWNdPHNwYW4+ICg8 L3NwYW4+PHNwYW4gY2xhc3M9J2luZm8nPkhhbW1lci1MYWhhdiwgRS4sICZsZHF1bztIVFRQIEF1 dGhlbnRpY2F0aW9uOiBNQUMgQWNjZXNzIEF1dGhlbnRpY2F0aW9uLCZyZHF1bzsgRmVicnVhcnkm bmJzcDsyMDEyLjwvc3Bhbj48c3Bhbj4pPC9zcGFuPjwvYT4gc3BlY2lmaWNhdGlvbnMgYmVmb3Jl IHVzZS4KICAgICAgICAKPC9wPgo8cD4KICAgICAgICAgIEVhY2ggYWNjZXNzIHRva2VuIHR5cGUg ZGVmaW5pdGlvbiBzcGVjaWZpZXMgdGhlIGFkZGl0aW9uYWwgYXR0cmlidXRlcyAoaWYgYW55KSBz ZW50IHRvCiAgICAgICAgICB0aGUgY2xpZW50IHRvZ2V0aGVyIHdpdGggdGhlIDx0dD5hY2Nlc3Nf dG9rZW48L3R0PiByZXNwb25zZSBwYXJhbWV0ZXIuCiAgICAgICAgICBJdCBhbHNvIGRlZmluZXMg dGhlIEhUVFAgYXV0aGVudGljYXRpb24gbWV0aG9kIHVzZWQgdG8gaW5jbHVkZSB0aGUgYWNjZXNz IHRva2VuIHdoZW4KICAgICAgICAgIG1ha2luZyBhIHByb3RlY3RlZCByZXNvdXJjZSByZXF1ZXN0 LgogICAgICAgIAo8L3A+CjxhIG5hbWU9InJlc291cmNlLWVycm9ycyI+PC9hPjxiciAvPjxociAv Pgo8dGFibGUgc3VtbWFyeT0ibGF5b3V0IiBjZWxscGFkZGluZz0iMCIgY2VsbHNwYWNpbmc9IjIi IGNsYXNzPSJUT0NidWciIGFsaWduPSJyaWdodCI+PHRyPjx0ZCBjbGFzcz0iVE9DYnVnIj48YSBo cmVmPSIjdG9jIj4mbmJzcDtUT0MmbmJzcDs8L2E+PC90ZD48L3RyPjwvdGFibGU+CjxhIG5hbWU9 InJmYy5zZWN0aW9uLjcuMiI+PC9hPjxoMz43LjIuJm5ic3A7CkVycm9yIFJlc3BvbnNlPC9oMz4K CjxwPgoJICBJZiBhIHJlc291cmNlIGFjY2VzcyByZXF1ZXN0IGZhaWxzLCB0aGUgcmVzb3VyY2Ug c2VydmVyIFNIT1VMRCBpbmZvcm0KCSAgdGhlIGNsaWVudCBvZiB0aGUgZXJyb3IuICBXaGlsZSB0 aGUgc3BlY2lmaWNzIG9mIHN1Y2ggZXJyb3IgcmVzcG9uc2VzCgkgIGFyZSBiZXlvbmQgdGhlIHNj b3BlIG9mIHRoaXMgc3BlY2lmaWNhdGlvbiwgdGhpcyBkb2N1bWVudHMgZXN0YWJsaXNoZXMKCSAg YSBjb21tb24gcmVnaXN0cnkgaW4gPGEgY2xhc3M9J2luZm8nIGhyZWY9JyNlcnJvci1yZWdpc3Ry eSc+U2VjdGlvbiZuYnNwOzExLjQ8c3Bhbj4gKDwvc3Bhbj48c3BhbiBjbGFzcz0naW5mbyc+VGhl IE9BdXRoIEV4dGVuc2lvbnMgRXJyb3IgUmVnaXN0cnk8L3NwYW4+PHNwYW4+KTwvc3Bhbj48L2E+ IGZvciBlcnJvciB2YWx1ZXMKCSAgdG8gYmUgc2hhcmVkIGFtb25nIE9BdXRoIHRva2VuIGF1dGhl bnRpY2F0aW9uIHNjaGVtZXMuIAoJCjwvcD4KPHA+CgkgIE5ldyBhdXRoZW50aWNhdGlvbiBzY2hl bWVzIGRlc2lnbmVkIHByaW1hcmlseSBmb3IgT0F1dGggdG9rZW4KCSAgYXV0aGVudGljYXRpb24g U0hPVUxEIGRlZmluZSBhIG1lY2hhbmlzbSBmb3IgcHJvdmlkaW5nIGFuCgkgIGVycm9yIHN0YXR1 cyBjb2RlIHRvIHRoZSBjbGllbnQsIGluIHdoaWNoIHRoZSBlcnJvciB2YWx1ZXMgYWxsb3dlZCBh cmUKCSAgcmVnaXN0ZXJlZCBpbiB0aGUgZXJyb3IgcmVnaXN0cnkgZXN0YWJsaXNoZWQgYnkgdGhp cyBzcGVjaWZpY2F0aW9uLiBTdWNoCgkgIHNjaGVtZXMgTUFZIGxpbWl0IHRoZSBzZXQgb2YgdmFs aWQgZXJyb3IgY29kZXMgdG8gYSBzdWJzZXQgb2YgdGhlCgkgIHJlZ2lzdGVyZWQgdmFsdWVzLiBJ ZiB0aGUgZXJyb3IgY29kZSBpcyByZXR1cm5lZCB1c2luZyBhIG5hbWVkIHBhcmFtZXRlciwKCSAg dGhlIHBhcmFtZXRlciBuYW1lIFNIT1VMRCBiZSA8dHQ+ZXJyb3I8L3R0Pi4KCQo8L3A+CjxwPgoJ ICBPdGhlciBzY2hlbWVzIGNhcGFibGUgb2YgYmVpbmcgdXNlZCBmb3IgT0F1dGggdG9rZW4gYXV0 aGVudGljYXRpb24sIGJ1dAoJICBub3QgcHJpbWFyaWx5IGRlc2lnbmVkIGZvciB0aGF0IHB1cnBv c2UsIE1BWSBiaW5kIHRoZWlyIGVycm9yIHZhbHVlcyB0byB0aGUKCSAgcmVnaXN0cnkgaW4gdGhl IHNhbWUgbWFubmVyLgoJCjwvcD4KPHA+CgkgIE5ldyBhdXRoZW50aWNhdGlvbiBzY2hlbWVzIE1B WSBjaG9vc2UgdG8gYWxzbyBzcGVjaWZ5IHRoZSB1c2Ugb2YgdGhlCgkgIDx0dD5lcnJvcl9kZXNj cmlwdGlvbjwvdHQ+IGFuZCAKCSAgPHR0PmVycm9yX3VyaTwvdHQ+CgkgIHBhcmFtZXRlcnMgdG8g cmV0dXJuIGVycm9yIGluZm9ybWF0aW9uIGluIGEgbWFubmVyIHBhcmFsbGVsCgkgIHRvIHRoZWly IHVzYWdlIGluIHRoaXMgc3BlY2lmaWNhdGlvbi4KCQo8L3A+CjxhIG5hbWU9ImV4dGVuc2lvbnMi PjwvYT48YnIgLz48aHIgLz4KPHRhYmxlIHN1bW1hcnk9ImxheW91dCIgY2VsbHBhZGRpbmc9IjAi IGNlbGxzcGFjaW5nPSIyIiBjbGFzcz0iVE9DYnVnIiBhbGlnbj0icmlnaHQiPjx0cj48dGQgY2xh c3M9IlRPQ2J1ZyI+PGEgaHJlZj0iI3RvYyI+Jm5ic3A7VE9DJm5ic3A7PC9hPjwvdGQ+PC90cj48 L3RhYmxlPgo8YSBuYW1lPSJyZmMuc2VjdGlvbi44Ij48L2E+PGgzPjguJm5ic3A7CkV4dGVuc2li aWxpdHk8L2gzPgoKPGEgbmFtZT0ibmV3LXR5cGVzIj48L2E+PGJyIC8+PGhyIC8+Cjx0YWJsZSBz dW1tYXJ5PSJsYXlvdXQiIGNlbGxwYWRkaW5nPSIwIiBjZWxsc3BhY2luZz0iMiIgY2xhc3M9IlRP Q2J1ZyIgYWxpZ249InJpZ2h0Ij48dHI+PHRkIGNsYXNzPSJUT0NidWciPjxhIGhyZWY9IiN0b2Mi PiZuYnNwO1RPQyZuYnNwOzwvYT48L3RkPjwvdHI+PC90YWJsZT4KPGEgbmFtZT0icmZjLnNlY3Rp b24uOC4xIj48L2E+PGgzPjguMS4mbmJzcDsKRGVmaW5pbmcgQWNjZXNzIFRva2VuIFR5cGVzPC9o Mz4KCjxwPgogICAgICAgICAgQWNjZXNzIHRva2VuIHR5cGVzIGNhbiBiZSBkZWZpbmVkIGluIG9u ZSBvZiB0d28gd2F5czogcmVnaXN0ZXJlZCBpbiB0aGUgYWNjZXNzIHRva2VuIHR5cGUKICAgICAg ICAgIHJlZ2lzdHJ5IChmb2xsb3dpbmcgdGhlIHByb2NlZHVyZXMgaW4gPGEgY2xhc3M9J2luZm8n IGhyZWY9JyN0eXBlLXJlZ2lzdHJ5Jz5TZWN0aW9uJm5ic3A7MTEuMTxzcGFuPiAoPC9zcGFuPjxz cGFuIGNsYXNzPSdpbmZvJz5UaGUgT0F1dGggQWNjZXNzIFRva2VuIFR5cGUgUmVnaXN0cnk8L3Nw YW4+PHNwYW4+KTwvc3Bhbj48L2E+KSwgb3IgYnkgdXNpbmcgYQogICAgICAgICAgdW5pcXVlIGFi c29sdXRlIFVSSSBhcyBpdHMgbmFtZS4KICAgICAgICAKPC9wPgo8cD4KICAgICAgICAgIFR5cGVz IHV0aWxpemluZyBhIFVSSSBuYW1lIFNIT1VMRCBiZSBsaW1pdGVkIHRvIHZlbmRvci1zcGVjaWZp YyBpbXBsZW1lbnRhdGlvbnMgdGhhdCBhcmUKICAgICAgICAgIG5vdCBjb21tb25seSBhcHBsaWNh YmxlLCBhbmQgYXJlIHNwZWNpZmljIHRvIHRoZSBpbXBsZW1lbnRhdGlvbiBkZXRhaWxzIG9mIHRo ZSByZXNvdXJjZQogICAgICAgICAgc2VydmVyIHdoZXJlIHRoZXkgYXJlIHVzZWQuCiAgICAgICAg CjwvcD4KPHA+CiAgICAgICAgICBBbGwgb3RoZXIgdHlwZXMgTVVTVCBiZSByZWdpc3RlcmVkLiBU eXBlIG5hbWVzIE1VU1QgY29uZm9ybSB0byB0aGUgdHlwZS1uYW1lIEFCTkYuIElmIHRoZQogICAg ICAgICAgdHlwZSBkZWZpbml0aW9uIGluY2x1ZGVzIGEgbmV3IEhUVFAgYXV0aGVudGljYXRpb24g c2NoZW1lLCB0aGUgdHlwZSBuYW1lIFNIT1VMRCBiZQogICAgICAgICAgaWRlbnRpY2FsIHRvIHRo ZSBIVFRQIGF1dGhlbnRpY2F0aW9uIHNjaGVtZSBuYW1lIChhcyBkZWZpbmVkIGJ5IDxhIGNsYXNz PSdpbmZvJyBocmVmPScjUkZDMjYxNyc+W1JGQzI2MTddPHNwYW4+ICg8L3NwYW4+PHNwYW4gY2xh c3M9J2luZm8nPkZyYW5rcywgSi4sIEhhbGxhbS1CYWtlciwgUC4sIEhvc3RldGxlciwgSi4sIExh d3JlbmNlLCBTLiwgTGVhY2gsIFAuLCBMdW90b25lbiwgQS4sIGFuZCBMLiBTdGV3YXJ0LCAmbGRx dW87SFRUUCBBdXRoZW50aWNhdGlvbjogQmFzaWMgYW5kIERpZ2VzdCBBY2Nlc3MgQXV0aGVudGlj YXRpb24sJnJkcXVvOyBKdW5lJm5ic3A7MTk5OS48L3NwYW4+PHNwYW4+KTwvc3Bhbj48L2E+KS4K ICAgICAgICAgIFRoZSB0b2tlbiB0eXBlIDx0dD5leGFtcGxlPC90dD4gaXMgcmVzZXJ2ZWQgZm9y IHVzZSBpbiBleGFtcGxlcy4KICAgICAgICAKPC9wPjxkaXYgc3R5bGU9J2Rpc3BsYXk6IHRhYmxl OyB3aWR0aDogMDsgbWFyZ2luLWxlZnQ6IDNlbTsgbWFyZ2luLXJpZ2h0OiBhdXRvJz48cHJlPgog IHR5cGUtbmFtZSAgPSAxKm5hbWUtY2hhcgogIG5hbWUtY2hhciAgPSAiLSIgLyAiLiIgLyAiXyIg LyBESUdJVCAvIEFMUEhBCjwvcHJlPjwvZGl2Pgo8YSBuYW1lPSJlbmRwb2ludC1wYXJhbXMiPjwv YT48YnIgLz48aHIgLz4KPHRhYmxlIHN1bW1hcnk9ImxheW91dCIgY2VsbHBhZGRpbmc9IjAiIGNl bGxzcGFjaW5nPSIyIiBjbGFzcz0iVE9DYnVnIiBhbGlnbj0icmlnaHQiPjx0cj48dGQgY2xhc3M9 IlRPQ2J1ZyI+PGEgaHJlZj0iI3RvYyI+Jm5ic3A7VE9DJm5ic3A7PC9hPjwvdGQ+PC90cj48L3Rh YmxlPgo8YSBuYW1lPSJyZmMuc2VjdGlvbi44LjIiPjwvYT48aDM+OC4yLiZuYnNwOwpEZWZpbmlu ZyBOZXcgRW5kcG9pbnQgUGFyYW1ldGVyczwvaDM+Cgo8cD4KICAgICAgICAgIE5ldyByZXF1ZXN0 IG9yIHJlc3BvbnNlIHBhcmFtZXRlcnMgZm9yIHVzZSB3aXRoIHRoZSBhdXRob3JpemF0aW9uIGVu ZHBvaW50IG9yIHRoZSB0b2tlbgogICAgICAgICAgZW5kcG9pbnQgYXJlIGRlZmluZWQgYW5kIHJl Z2lzdGVyZWQgaW4gdGhlIHBhcmFtZXRlcnMgcmVnaXN0cnkgZm9sbG93aW5nIHRoZSBwcm9jZWR1 cmUgaW4KICAgICAgICAgIDxhIGNsYXNzPSdpbmZvJyBocmVmPScjcGFyYW1ldGVycy1yZWdpc3Ry eSc+U2VjdGlvbiZuYnNwOzExLjI8c3Bhbj4gKDwvc3Bhbj48c3BhbiBjbGFzcz0naW5mbyc+VGhl IE9BdXRoIFBhcmFtZXRlcnMgUmVnaXN0cnk8L3NwYW4+PHNwYW4+KTwvc3Bhbj48L2E+LgogICAg ICAgIAo8L3A+CjxwPgogICAgICAgICAgUGFyYW1ldGVyIG5hbWVzIE1VU1QgY29uZm9ybSB0byB0 aGUgcGFyYW0tbmFtZSBBQk5GIGFuZCBwYXJhbWV0ZXIgdmFsdWVzIHN5bnRheCBNVVNUIGJlCiAg ICAgICAgICB3ZWxsLWRlZmluZWQgKGUuZy4sIHVzaW5nIEFCTkYsIG9yIGEgcmVmZXJlbmNlIHRv IHRoZSBzeW50YXggb2YgYW4gZXhpc3RpbmcgcGFyYW1ldGVyKS4KICAgICAgICAKPC9wPjxkaXYg c3R5bGU9J2Rpc3BsYXk6IHRhYmxlOyB3aWR0aDogMDsgbWFyZ2luLWxlZnQ6IDNlbTsgbWFyZ2lu LXJpZ2h0OiBhdXRvJz48cHJlPgogIHBhcmFtLW5hbWUgID0gMSpuYW1lLWNoYXIKICBuYW1lLWNo YXIgICA9ICItIiAvICIuIiAvICJfIiAvIERJR0lUIC8gQUxQSEEKPC9wcmU+PC9kaXY+CjxwPgog ICAgICAgICAgVW5yZWdpc3RlcmVkIHZlbmRvci1zcGVjaWZpYyBwYXJhbWV0ZXIgZXh0ZW5zaW9u cyB0aGF0IGFyZSBub3QgY29tbW9ubHkgYXBwbGljYWJsZSwgYW5kCiAgICAgICAgICBhcmUgc3Bl Y2lmaWMgdG8gdGhlIGltcGxlbWVudGF0aW9uIGRldGFpbHMgb2YgdGhlIGF1dGhvcml6YXRpb24g c2VydmVyIHdoZXJlIHRoZXkgYXJlCiAgICAgICAgICB1c2VkIFNIT1VMRCB1dGlsaXplIGEgdmVu ZG9yLXNwZWNpZmljIHByZWZpeCB0aGF0IGlzIG5vdCBsaWtlbHkgdG8gY29uZmxpY3Qgd2l0aCBv dGhlcgogICAgICAgICAgcmVnaXN0ZXJlZCB2YWx1ZXMgKGUuZy4gYmVnaW4gd2l0aCAnY29tcGFu eW5hbWVfJykuCiAgICAgICAgCjwvcD4KPGEgbmFtZT0iYW5jaG9yMzEiPjwvYT48YnIgLz48aHIg Lz4KPHRhYmxlIHN1bW1hcnk9ImxheW91dCIgY2VsbHBhZGRpbmc9IjAiIGNlbGxzcGFjaW5nPSIy IiBjbGFzcz0iVE9DYnVnIiBhbGlnbj0icmlnaHQiPjx0cj48dGQgY2xhc3M9IlRPQ2J1ZyI+PGEg aHJlZj0iI3RvYyI+Jm5ic3A7VE9DJm5ic3A7PC9hPjwvdGQ+PC90cj48L3RhYmxlPgo8YSBuYW1l PSJyZmMuc2VjdGlvbi44LjMiPjwvYT48aDM+OC4zLiZuYnNwOwpEZWZpbmluZyBOZXcgQXV0aG9y aXphdGlvbiBHcmFudCBUeXBlczwvaDM+Cgo8cD4KICAgICAgICAgIE5ldyBhdXRob3JpemF0aW9u IGdyYW50IHR5cGVzIGNhbiBiZSBkZWZpbmVkIGJ5IGFzc2lnbmluZyB0aGVtIGEgdW5pcXVlIGFi c29sdXRlIFVSSSBmb3IKICAgICAgICAgIHVzZSB3aXRoIHRoZSA8dHQ+Z3JhbnRfdHlwZTwvdHQ+ IHBhcmFtZXRlci4gSWYgdGhlIGV4dGVuc2lvbiBncmFudAogICAgICAgICAgdHlwZSByZXF1aXJl cyBhZGRpdGlvbmFsIHRva2VuIGVuZHBvaW50IHBhcmFtZXRlcnMsIHRoZXkgTVVTVCBiZSByZWdp c3RlcmVkIGluIHRoZSBPQXV0aAogICAgICAgICAgcGFyYW1ldGVycyByZWdpc3RyeSBhcyBkZXNj cmliZWQgYnkgPGEgY2xhc3M9J2luZm8nIGhyZWY9JyNwYXJhbWV0ZXJzLXJlZ2lzdHJ5Jz5TZWN0 aW9uJm5ic3A7MTEuMjxzcGFuPiAoPC9zcGFuPjxzcGFuIGNsYXNzPSdpbmZvJz5UaGUgT0F1dGgg UGFyYW1ldGVycyBSZWdpc3RyeTwvc3Bhbj48c3Bhbj4pPC9zcGFuPjwvYT4uCiAgICAgICAgCjwv cD4KPGEgbmFtZT0icmVzcG9uc2UtdHlwZS1leHQiPjwvYT48YnIgLz48aHIgLz4KPHRhYmxlIHN1 bW1hcnk9ImxheW91dCIgY2VsbHBhZGRpbmc9IjAiIGNlbGxzcGFjaW5nPSIyIiBjbGFzcz0iVE9D YnVnIiBhbGlnbj0icmlnaHQiPjx0cj48dGQgY2xhc3M9IlRPQ2J1ZyI+PGEgaHJlZj0iI3RvYyI+ Jm5ic3A7VE9DJm5ic3A7PC9hPjwvdGQ+PC90cj48L3RhYmxlPgo8YSBuYW1lPSJyZmMuc2VjdGlv bi44LjQiPjwvYT48aDM+OC40LiZuYnNwOwpEZWZpbmluZyBOZXcgQXV0aG9yaXphdGlvbiBFbmRw b2ludCBSZXNwb25zZSBUeXBlczwvaDM+Cgo8cD4KICAgICAgICAgIE5ldyByZXNwb25zZSB0eXBl cyBmb3IgdXNlIHdpdGggdGhlIGF1dGhvcml6YXRpb24gZW5kcG9pbnQgYXJlIGRlZmluZWQgYW5k IHJlZ2lzdGVyZWQgaW4KICAgICAgICAgIHRoZSBhdXRob3JpemF0aW9uIGVuZHBvaW50IHJlc3Bv bnNlIHR5cGUgcmVnaXN0cnkgZm9sbG93aW5nIHRoZSBwcm9jZWR1cmUgaW4KICAgICAgICAgIDxh IGNsYXNzPSdpbmZvJyBocmVmPScjcmVzcG9uc2UtdHlwZS1yZWdpc3RyeSc+U2VjdGlvbiZuYnNw OzExLjM8c3Bhbj4gKDwvc3Bhbj48c3BhbiBjbGFzcz0naW5mbyc+VGhlIE9BdXRoIEF1dGhvcml6 YXRpb24gRW5kcG9pbnQgUmVzcG9uc2UgVHlwZSBSZWdpc3RyeTwvc3Bhbj48c3Bhbj4pPC9zcGFu PjwvYT4uIFJlc3BvbnNlIHR5cGUgbmFtZXMgTVVTVCBjb25mb3JtIHRvIHRoZQogICAgICAgICAg cmVzcG9uc2UtdHlwZSBBQk5GLgogICAgICAgIAo8L3A+PGRpdiBzdHlsZT0nZGlzcGxheTogdGFi bGU7IHdpZHRoOiAwOyBtYXJnaW4tbGVmdDogM2VtOyBtYXJnaW4tcmlnaHQ6IGF1dG8nPjxwcmU+ CiAgcmVzcG9uc2UtdHlwZSAgPSByZXNwb25zZS1uYW1lICooIFNQIHJlc3BvbnNlLW5hbWUgKQog IHJlc3BvbnNlLW5hbWUgID0gMSpyZXNwb25zZS1jaGFyCiAgcmVzcG9uc2UtY2hhciAgPSAiXyIg LyBESUdJVCAvIEFMUEhBCjwvcHJlPjwvZGl2Pgo8cD4KICAgICAgICAgIElmIGEgcmVzcG9uc2Ug dHlwZSBjb250YWlucyBvbmUgb3IgbW9yZSBzcGFjZSBjaGFyYWN0ZXJzICgleDIwKSwgaXQgaXMg Y29tcGFyZWQgYXMgYQogICAgICAgICAgc3BhY2UtZGVsaW1pdGVkIGxpc3Qgb2YgdmFsdWVzIGlu IHdoaWNoIHRoZSBvcmRlciBvZiB2YWx1ZXMgZG9lcyBub3QgbWF0dGVyLiBPbmx5IG9uZQogICAg ICAgICAgb3JkZXIgb2YgdmFsdWVzIGNhbiBiZSByZWdpc3RlcmVkLCB3aGljaCBjb3ZlcnMgYWxs IG90aGVyIGFycmFuZ2VtZW50cyBvZiB0aGUgc2FtZSBzZXQgb2YKICAgICAgICAgIHZhbHVlcy4K ICAgICAgICAKPC9wPgo8cD4KICAgICAgICAgIEZvciBleGFtcGxlLCB0aGUgcmVzcG9uc2UgdHlw ZSA8dHQ+dG9rZW4gY29kZTwvdHQ+IGlzIGxlZnQgdW5kZWZpbmVkCiAgICAgICAgICBieSB0aGlz IHNwZWNpZmljYXRpb24uIEhvd2V2ZXIsIGFuIGV4dGVuc2lvbiBjYW4gZGVmaW5lIGFuZCByZWdp c3RlciB0aGUKICAgICAgICAgIDx0dD50b2tlbiBjb2RlPC90dD4gcmVzcG9uc2UgdHlwZS4gT25j ZSByZWdpc3RlcmVkLCB0aGUgc2FtZQogICAgICAgICAgY29tYmluYXRpb24gY2Fubm90IGJlIHJl Z2lzdGVyZWQgYXMgPHR0PmNvZGUgdG9rZW48L3R0PiwgYnV0IGJvdGgKICAgICAgICAgIHZhbHVl cyBjYW4gYmUgdXNlZCB0byBkZW5vdGUgdGhlIHNhbWUgcmVzcG9uc2UgdHlwZS4KICAgICAgICAK PC9wPgo8YSBuYW1lPSJuZXctZXJyb3JzIj48L2E+PGJyIC8+PGhyIC8+Cjx0YWJsZSBzdW1tYXJ5 PSJsYXlvdXQiIGNlbGxwYWRkaW5nPSIwIiBjZWxsc3BhY2luZz0iMiIgY2xhc3M9IlRPQ2J1ZyIg YWxpZ249InJpZ2h0Ij48dHI+PHRkIGNsYXNzPSJUT0NidWciPjxhIGhyZWY9IiN0b2MiPiZuYnNw O1RPQyZuYnNwOzwvYT48L3RkPjwvdHI+PC90YWJsZT4KPGEgbmFtZT0icmZjLnNlY3Rpb24uOC41 Ij48L2E+PGgzPjguNS4mbmJzcDsKRGVmaW5pbmcgQWRkaXRpb25hbCBFcnJvciBDb2RlczwvaDM+ Cgo8cD4KICAgICAgICAgIEluIGNhc2VzIHdoZXJlIHByb3RvY29sIGV4dGVuc2lvbnMgKGkuZS4g YWNjZXNzIHRva2VuIHR5cGVzLCBleHRlbnNpb24gcGFyYW1ldGVycywgb3IKICAgICAgICAgIGV4 dGVuc2lvbiBncmFudCB0eXBlcykgcmVxdWlyZSBhZGRpdGlvbmFsIGVycm9yIGNvZGVzIHRvIGJl IHVzZWQgd2l0aCB0aGUgYXV0aG9yaXphdGlvbgogICAgICAgICAgY29kZSBncmFudCBlcnJvciBy ZXNwb25zZSAoPGEgY2xhc3M9J2luZm8nIGhyZWY9JyNjb2RlLWF1dGh6LWVycm9yJz5TZWN0aW9u Jm5ic3A7NC4xLjIuMTxzcGFuPiAoPC9zcGFuPjxzcGFuIGNsYXNzPSdpbmZvJz5FcnJvciBSZXNw b25zZTwvc3Bhbj48c3Bhbj4pPC9zcGFuPjwvYT4pLCB0aGUgaW1wbGljaXQgZ3JhbnQgZXJyb3IK ICAgICAgICAgIHJlc3BvbnNlICg8YSBjbGFzcz0naW5mbycgaHJlZj0nI2ltcGxpY2l0LWF1dGh6 LWVycm9yJz5TZWN0aW9uJm5ic3A7NC4yLjIuMTxzcGFuPiAoPC9zcGFuPjxzcGFuIGNsYXNzPSdp bmZvJz5FcnJvciBSZXNwb25zZTwvc3Bhbj48c3Bhbj4pPC9zcGFuPjwvYT4pLCB0aGUgdG9rZW4g ZXJyb3IgcmVzcG9uc2UKICAgICAgICAgICg8YSBjbGFzcz0naW5mbycgaHJlZj0nI3Rva2VuLWVy cm9ycyc+U2VjdGlvbiZuYnNwOzUuMjxzcGFuPiAoPC9zcGFuPjxzcGFuIGNsYXNzPSdpbmZvJz5F cnJvciBSZXNwb25zZTwvc3Bhbj48c3Bhbj4pPC9zcGFuPjwvYT4pLAoJICBvciB0aGUgcmVzb3Vy Y2UgYWNjZXNzIGVycm9yIHJlc3BvbnNlICg8YSBjbGFzcz0naW5mbycgaHJlZj0nI3Jlc291cmNl LWVycm9ycyc+U2VjdGlvbiZuYnNwOzcuMjxzcGFuPiAoPC9zcGFuPjxzcGFuIGNsYXNzPSdpbmZv Jz5FcnJvciBSZXNwb25zZTwvc3Bhbj48c3Bhbj4pPC9zcGFuPjwvYT4pLAoJICBzdWNoIGVycm9y IGNvZGVzIE1BWSBiZSBkZWZpbmVkLgogICAgICAgIAo8L3A+CjxwPgogICAgICAgICAgRXh0ZW5z aW9uIGVycm9yIGNvZGVzIE1VU1QgYmUgcmVnaXN0ZXJlZCAoZm9sbG93aW5nIHRoZSBwcm9jZWR1 cmVzIGluCiAgICAgICAgICA8YSBjbGFzcz0naW5mbycgaHJlZj0nI2Vycm9yLXJlZ2lzdHJ5Jz5T ZWN0aW9uJm5ic3A7MTEuNDxzcGFuPiAoPC9zcGFuPjxzcGFuIGNsYXNzPSdpbmZvJz5UaGUgT0F1 dGggRXh0ZW5zaW9ucyBFcnJvciBSZWdpc3RyeTwvc3Bhbj48c3Bhbj4pPC9zcGFuPjwvYT4pIGlm IHRoZSBleHRlbnNpb24gdGhleSBhcmUgdXNlZCBpbiBjb25qdW5jdGlvbiB3aXRoIGlzCiAgICAg ICAgICBhIHJlZ2lzdGVyZWQgYWNjZXNzIHRva2VuIHR5cGUsIGEgcmVnaXN0ZXJlZCBlbmRwb2lu dCBwYXJhbWV0ZXIsIG9yIGFuIGV4dGVuc2lvbiBncmFudAogICAgICAgICAgdHlwZS4gRXJyb3Ig Y29kZXMgdXNlZCB3aXRoIHVucmVnaXN0ZXJlZCBleHRlbnNpb25zIE1BWSBiZSByZWdpc3RlcmVk LgogICAgICAgIAo8L3A+CjxwPgogICAgICAgICAgRXJyb3IgY29kZXMgTVVTVCBjb25mb3JtIHRv IHRoZSBlcnJvciBBQk5GLCBhbmQgU0hPVUxEIGJlIHByZWZpeGVkIGJ5IGFuIGlkZW50aWZ5aW5n CiAgICAgICAgICBuYW1lIHdoZW4gcG9zc2libGUuIEZvciBleGFtcGxlLCBhbiBlcnJvciBpZGVu dGlmeWluZyBhbiBpbnZhbGlkIHZhbHVlIHNldCB0byB0aGUKICAgICAgICAgIGV4dGVuc2lvbiBw YXJhbWV0ZXIgPHR0PmV4YW1wbGU8L3R0PiBTSE9VTEQgYmUgbmFtZWQKICAgICAgICAgIDx0dD5l eGFtcGxlX2ludmFsaWQ8L3R0Pi4KICAgICAgICAKPC9wPjxkaXYgc3R5bGU9J2Rpc3BsYXk6IHRh YmxlOyB3aWR0aDogMDsgbWFyZ2luLWxlZnQ6IDNlbTsgbWFyZ2luLXJpZ2h0OiBhdXRvJz48cHJl PgogIGVycm9yICAgICAgPSAxKmVycm9yLWNoYXIKICBlcnJvci1jaGFyID0gJXgyMC0yMSAvICV4 MjMtNUIgLyAleDVELTdFCjwvcHJlPjwvZGl2Pgo8YSBuYW1lPSJhbmNob3IzMiI+PC9hPjxiciAv PjxociAvPgo8dGFibGUgc3VtbWFyeT0ibGF5b3V0IiBjZWxscGFkZGluZz0iMCIgY2VsbHNwYWNp bmc9IjIiIGNsYXNzPSJUT0NidWciIGFsaWduPSJyaWdodCI+PHRyPjx0ZCBjbGFzcz0iVE9DYnVn Ij48YSBocmVmPSIjdG9jIj4mbmJzcDtUT0MmbmJzcDs8L2E+PC90ZD48L3RyPjwvdGFibGU+Cjxh IG5hbWU9InJmYy5zZWN0aW9uLjkiPjwvYT48aDM+OS4mbmJzcDsKTmF0aXZlIEFwcGxpY2F0aW9u czwvaDM+Cgo8cD4KICAgICAgICBOYXRpdmUgYXBwbGljYXRpb25zIGFyZSBjbGllbnRzIGluc3Rh bGxlZCBhbmQgZXhlY3V0ZWQgb24gdGhlIGRldmljZSB1c2VkIGJ5IHRoZSByZXNvdXJjZQogICAg ICAgIG93bmVyIChpLmUuIGRlc2t0b3AgYXBwbGljYXRpb24sIG5hdGl2ZSBtb2JpbGUgYXBwbGlj YXRpb24pLiBOYXRpdmUgYXBwbGljYXRpb25zIHJlcXVpcmUKICAgICAgICBzcGVjaWFsIGNvbnNp ZGVyYXRpb24gcmVsYXRlZCB0byBzZWN1cml0eSwgcGxhdGZvcm0gY2FwYWJpbGl0aWVzLCBhbmQg b3ZlcmFsbCBlbmQtdXNlcgogICAgICAgIGV4cGVyaWVuY2UuCiAgICAgIAo8L3A+CjxwPgogICAg ICAgIFRoZSBhdXRob3JpemF0aW9uIGVuZHBvaW50IHJlcXVpcmVzIGludGVyYWN0aW9uIGJldHdl ZW4gdGhlIGNsaWVudCBhbmQgdGhlIHJlc291cmNlCiAgICAgICAgb3duZXIncyB1c2VyLWFnZW50 LiBOYXRpdmUgYXBwbGljYXRpb25zIGNhbiBpbnZva2UgYW4gZXh0ZXJuYWwgdXNlci1hZ2VudCBv ciBlbWJlZCBhCiAgICAgICAgdXNlci1hZ2VudCB3aXRoaW4gdGhlIGFwcGxpY2F0aW9uLiBGb3Ig ZXhhbXBsZToKICAgICAgCjwvcD4KPHA+CiAgICAgICAgPC9wPgo8dWwgY2xhc3M9InRleHQiPgo8 bGk+CiAgICAgICAgICAgIEV4dGVybmFsIHVzZXItYWdlbnQgLSB0aGUgbmF0aXZlIGFwcGxpY2F0 aW9uIGNhbiBjYXB0dXJlIHRoZSByZXNwb25zZSBmcm9tIHRoZQogICAgICAgICAgICBhdXRob3Jp emF0aW9uIHNlcnZlciB1c2luZyBhIHJlZGlyZWN0aW9uIFVSSSB3aXRoIGEgc2NoZW1lIHJlZ2lz dGVyZWQgd2l0aCB0aGUKICAgICAgICAgICAgb3BlcmF0aW5nIHN5c3RlbSB0byBpbnZva2UgdGhl IGNsaWVudCBhcyB0aGUgaGFuZGxlciwgbWFudWFsIGNvcHktYW5kLXBhc3RlIG9mIHRoZQogICAg ICAgICAgICBjcmVkZW50aWFscywgcnVubmluZyBhIGxvY2FsIHdlYiBzZXJ2ZXIsIGluc3RhbGxp bmcgYSB1c2VyLWFnZW50IGV4dGVuc2lvbiwgb3IgYnkKICAgICAgICAgICAgcHJvdmlkaW5nIGEg cmVkaXJlY3Rpb24gVVJJIGlkZW50aWZ5aW5nIGEgc2VydmVyLWhvc3RlZCByZXNvdXJjZSB1bmRl ciB0aGUgY2xpZW50J3MKICAgICAgICAgICAgY29udHJvbCwgd2hpY2ggaW4gdHVybiBtYWtlcyB0 aGUgcmVzcG9uc2UgYXZhaWxhYmxlIHRvIHRoZSBuYXRpdmUgYXBwbGljYXRpb24uCiAgICAgICAg ICAKPC9saT4KPGxpPgogICAgICAgICAgICBFbWJlZGRlZCB1c2VyLWFnZW50IC0gdGhlIG5hdGl2 ZSBhcHBsaWNhdGlvbiBvYnRhaW5zIHRoZSByZXNwb25zZSBieSBkaXJlY3RseQogICAgICAgICAg ICBjb21tdW5pY2F0aW5nIHdpdGggdGhlIGVtYmVkZGVkIHVzZXItYWdlbnQgYnkgbW9uaXRvcmlu ZyBzdGF0ZSBjaGFuZ2VzIGVtaXR0ZWQgZHVyaW5nCiAgICAgICAgICAgIHRoZSByZXNvdXJjZSBs b2FkLCBvciBhY2Nlc3NpbmcgdGhlIHVzZXItYWdlbnQncyBjb29raWVzIHN0b3JhZ2UuCiAgICAg ICAgICAKPC9saT4KPC91bD48cD4KICAgICAgCjwvcD4KPHA+CiAgICAgICAgV2hlbiBjaG9vc2lu ZyBiZXR3ZWVuIGFuIGV4dGVybmFsIG9yIGVtYmVkZGVkIHVzZXItYWdlbnQsIGRldmVsb3BlcnMg c2hvdWxkIGNvbnNpZGVyOgogICAgICAKPC9wPgo8cD4KICAgICAgICA8L3A+Cjx1bCBjbGFzcz0i dGV4dCI+CjxsaT4KICAgICAgICAgICAgQW4gRXh0ZXJuYWwgdXNlci1hZ2VudCBtYXkgaW1wcm92 ZSBjb21wbGV0aW9uIHJhdGUgYXMgdGhlIHJlc291cmNlIG93bmVyIG1heSBhbHJlYWR5IGhhdmUK ICAgICAgICAgICAgYW4gYWN0aXZlIHNlc3Npb24gd2l0aCB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2 ZXIgcmVtb3ZpbmcgdGhlIG5lZWQgdG8gcmUtYXV0aGVudGljYXRlLiBJdAogICAgICAgICAgICBw cm92aWRlcyBhIGZhbWlsaWFyIGVuZC11c2VyIGV4cGVyaWVuY2UgYW5kIGZ1bmN0aW9uYWxpdHku IFRoZSByZXNvdXJjZSBvd25lciBtYXkgYWxzbwogICAgICAgICAgICByZWx5IG9uIHVzZXItYWdl bnQgZmVhdHVyZXMgb3IgZXh0ZW5zaW9ucyB0byBhc3Npc3Qgd2l0aCBhdXRoZW50aWNhdGlvbiAo ZS5nLiBwYXNzd29yZAogICAgICAgICAgICBtYW5hZ2VyLCAyLWZhY3RvciBkZXZpY2UgcmVhZGVy KS4KICAgICAgICAgIAo8L2xpPgo8bGk+CiAgICAgICAgICAgIEFuIGVtYmVkZGVkIHVzZXItYWdl bnQgbWF5IG9mZmVyIGltcHJvdmVkIHVzYWJpbGl0eSwgYXMgaXQgcmVtb3ZlcyB0aGUgbmVlZCB0 byBzd2l0Y2gKICAgICAgICAgICAgY29udGV4dCBhbmQgb3BlbiBuZXcgd2luZG93cy4KICAgICAg ICAgIAo8L2xpPgo8bGk+CiAgICAgICAgICAgIEFuIGVtYmVkZGVkIHVzZXItYWdlbnQgcG9zZXMg YSBzZWN1cml0eSBjaGFsbGVuZ2UgYmVjYXVzZSByZXNvdXJjZSBvd25lcnMgYXJlCiAgICAgICAg ICAgIGF1dGhlbnRpY2F0aW5nIGluIGFuIHVuaWRlbnRpZmllZCB3aW5kb3cgd2l0aG91dCBhY2Nl c3MgdG8gdGhlIHZpc3VhbCBwcm90ZWN0aW9ucyBmb3VuZAogICAgICAgICAgICBpbiBtb3N0IGV4 dGVybmFsIHVzZXItYWdlbnRzLiBBbiBlbWJlZGRlZCB1c2VyLWFnZW50IGVkdWNhdGVzIGVuZC11 c2VycyB0byB0cnVzdAogICAgICAgICAgICB1bmlkZW50aWZpZWQgcmVxdWVzdHMgZm9yIGF1dGhl bnRpY2F0aW9uIChtYWtpbmcgcGhpc2hpbmcgYXR0YWNrcyBlYXNpZXIgdG8gZXhlY3V0ZSkuCiAg ICAgICAgICAKPC9saT4KPC91bD48cD4KICAgICAgCjwvcD4KPHA+CiAgICAgICAgV2hlbiBjaG9v c2luZyBiZXR3ZWVuIHRoZSBpbXBsaWNpdCBncmFudCB0eXBlIGFuZCB0aGUgYXV0aG9yaXphdGlv biBjb2RlIGdyYW50IHR5cGUsIHRoZQogICAgICAgIGZvbGxvd2luZyBzaG91bGQgYmUgY29uc2lk ZXJlZDoKICAgICAgCjwvcD4KPHA+CiAgICAgICAgPC9wPgo8dWwgY2xhc3M9InRleHQiPgo8bGk+ CiAgICAgICAgICAgIE5hdGl2ZSBhcHBsaWNhdGlvbnMgdGhhdCB1c2UgdGhlIGF1dGhvcml6YXRp b24gY29kZSBncmFudCB0eXBlIFNIT1VMRCBkbyBzbyB3aXRob3V0CiAgICAgICAgICAgIHVzaW5n IGNsaWVudCBjcmVkZW50aWFscywgZHVlIHRvIHRoZSBuYXRpdmUgYXBwbGljYXRpb24ncyBpbmFi aWxpdHkgdG8ga2VlcCBjbGllbnQKICAgICAgICAgICAgY3JlZGVudGlhbHMgY29uZmlkZW50aWFs LgogICAgICAgICAgCjwvbGk+CjxsaT4KICAgICAgICAgICAgV2hlbiB1c2luZyB0aGUgaW1wbGlj aXQgZ3JhbnQgdHlwZSBmbG93IGEgcmVmcmVzaCB0b2tlbiBpcyBub3QgcmV0dXJuZWQgd2hpY2gg cmVxdWlyZXMKICAgICAgICAgICAgcmVwZWF0aW5nIHRoZSBhdXRob3JpemF0aW9uIHByb2Nlc3Mg b25jZSB0aGUgYWNjZXNzIHRva2VuIGV4cGlyZXMuCiAgICAgICAgICAKPC9saT4KPC91bD48cD4K ICAgICAgCjwvcD4KPGEgbmFtZT0iYW5jaG9yMzMiPjwvYT48YnIgLz48aHIgLz4KPHRhYmxlIHN1 bW1hcnk9ImxheW91dCIgY2VsbHBhZGRpbmc9IjAiIGNlbGxzcGFjaW5nPSIyIiBjbGFzcz0iVE9D YnVnIiBhbGlnbj0icmlnaHQiPjx0cj48dGQgY2xhc3M9IlRPQ2J1ZyI+PGEgaHJlZj0iI3RvYyI+ Jm5ic3A7VE9DJm5ic3A7PC9hPjwvdGQ+PC90cj48L3RhYmxlPgo8YSBuYW1lPSJyZmMuc2VjdGlv bi4xMCI+PC9hPjxoMz4xMC4mbmJzcDsKU2VjdXJpdHkgQ29uc2lkZXJhdGlvbnM8L2gzPgoKPHA+ CiAgICAgICAgQXMgYSBmbGV4aWJsZSBhbmQgZXh0ZW5zaWJsZSBmcmFtZXdvcmssIE9BdXRoJ3Mg c2VjdXJpdHkgY29uc2lkZXJhdGlvbnMgZGVwZW5kIG9uIG1hbnkKICAgICAgICBmYWN0b3JzLiBU aGUgZm9sbG93aW5nIHNlY3Rpb25zIHByb3ZpZGUgaW1wbGVtZW50ZXJzIHdpdGggc2VjdXJpdHkg Z3VpZGVsaW5lcyBmb2N1c2VkIG9uCiAgICAgICAgdGhlIHRocmVlIGNsaWVudCBwcm9maWxlcyBk ZXNjcmliZWQgaW4gPGEgY2xhc3M9J2luZm8nIGhyZWY9JyNjbGllbnQtdHlwZXMnPlNlY3Rpb24m bmJzcDsyLjE8c3Bhbj4gKDwvc3Bhbj48c3BhbiBjbGFzcz0naW5mbyc+Q2xpZW50IFR5cGVzPC9z cGFuPjxzcGFuPik8L3NwYW4+PC9hPjogd2ViIGFwcGxpY2F0aW9uLAogICAgICAgIHVzZXItYWdl bnQtYmFzZWQgYXBwbGljYXRpb24sIGFuZCBuYXRpdmUgYXBwbGljYXRpb24uCiAgICAgIAo8L3A+ CjxwPgogICAgICAgIEEgY29tcHJlaGVuc2l2ZSBPQXV0aCBzZWN1cml0eSBtb2RlbCBhbmQgYW5h bHlzaXMsIGFzIHdlbGwgYXMgYmFja2dyb3VuZCBmb3IgdGhlIHByb3RvY29sCiAgICAgICAgZGVz aWduLCBpcyBwcm92aWRlZCBieSA8YSBjbGFzcz0naW5mbycgaHJlZj0nI0ktRC5pZXRmLW9hdXRo LXYyLXRocmVhdG1vZGVsJz5bSSYjODIwOTtELmlldGYmIzgyMDk7b2F1dGgmIzgyMDk7djImIzgy MDk7dGhyZWF0bW9kZWxdPHNwYW4+ICg8L3NwYW4+PHNwYW4gY2xhc3M9J2luZm8nPkxvZGRlcnN0 ZWR0LCBULiwgTWNHbG9pbiwgTS4sIGFuZCBQLiBIdW50LCAmbGRxdW87T0F1dGggMi4wIFRocmVh dCBNb2RlbCBhbmQgU2VjdXJpdHkgQ29uc2lkZXJhdGlvbnMsJnJkcXVvOyBKdW5lJm5ic3A7MjAx Mi48L3NwYW4+PHNwYW4+KTwvc3Bhbj48L2E+LgogICAgICAKPC9wPgo8YSBuYW1lPSJhbmNob3Iz NCI+PC9hPjxiciAvPjxociAvPgo8dGFibGUgc3VtbWFyeT0ibGF5b3V0IiBjZWxscGFkZGluZz0i MCIgY2VsbHNwYWNpbmc9IjIiIGNsYXNzPSJUT0NidWciIGFsaWduPSJyaWdodCI+PHRyPjx0ZCBj bGFzcz0iVE9DYnVnIj48YSBocmVmPSIjdG9jIj4mbmJzcDtUT0MmbmJzcDs8L2E+PC90ZD48L3Ry PjwvdGFibGU+CjxhIG5hbWU9InJmYy5zZWN0aW9uLjEwLjEiPjwvYT48aDM+MTAuMS4mbmJzcDsK Q2xpZW50IEF1dGhlbnRpY2F0aW9uPC9oMz4KCjxwPgogICAgICAgICAgVGhlIGF1dGhvcml6YXRp b24gc2VydmVyIGVzdGFibGlzaGVzIGNsaWVudCBjcmVkZW50aWFscyB3aXRoIHdlYiBhcHBsaWNh dGlvbiBjbGllbnRzIGZvcgogICAgICAgICAgdGhlIHB1cnBvc2Ugb2YgY2xpZW50IGF1dGhlbnRp Y2F0aW9uLiBUaGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgaXMgZW5jb3VyYWdlZCB0byBjb25zaWRl cgogICAgICAgICAgc3Ryb25nZXIgY2xpZW50IGF1dGhlbnRpY2F0aW9uIG1lYW5zIHRoYW4gYSBj bGllbnQgcGFzc3dvcmQuIFdlYiBhcHBsaWNhdGlvbiBjbGllbnRzIE1VU1QKICAgICAgICAgIGVu c3VyZSBjb25maWRlbnRpYWxpdHkgb2YgY2xpZW50IHBhc3N3b3JkcyBhbmQgb3RoZXIgY2xpZW50 IGNyZWRlbnRpYWxzLgogICAgICAgIAo8L3A+CjxwPgogICAgICAgICAgVGhlIGF1dGhvcml6YXRp b24gc2VydmVyIE1VU1QgTk9UIGlzc3VlIGNsaWVudCBwYXNzd29yZHMgb3Igb3RoZXIgY2xpZW50 IGNyZWRlbnRpYWxzIHRvCiAgICAgICAgICBuYXRpdmUgYXBwbGljYXRpb24gb3IgdXNlci1hZ2Vu dC1iYXNlZCBhcHBsaWNhdGlvbiBjbGllbnRzIGZvciB0aGUgcHVycG9zZSBvZiBjbGllbnQKICAg ICAgICAgIGF1dGhlbnRpY2F0aW9uLiBUaGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgTUFZIGlzc3Vl IGEgY2xpZW50IHBhc3N3b3JkIG9yIG90aGVyIGNyZWRlbnRpYWxzCiAgICAgICAgICBmb3IgYSBz cGVjaWZpYyBpbnN0YWxsYXRpb24gb2YgYSBuYXRpdmUgYXBwbGljYXRpb24gY2xpZW50IG9uIGEg c3BlY2lmaWMgZGV2aWNlLgogICAgICAgIAo8L3A+CjxwPgogICAgICAgICAgV2hlbiBjbGllbnQg YXV0aGVudGljYXRpb24gaXMgbm90IHBvc3NpYmxlLCB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIg U0hPVUxEIGVtcGxveSBvdGhlcgogICAgICAgICAgbWVhbnMgdG8gdmFsaWRhdGUgdGhlIGNsaWVu dCdzIGlkZW50aXR5LiBGb3IgZXhhbXBsZSwgYnkgcmVxdWlyaW5nIHRoZSByZWdpc3RyYXRpb24g b2YKICAgICAgICAgIHRoZSBjbGllbnQgcmVkaXJlY3Rpb24gVVJJIG9yIGVubGlzdGluZyB0aGUg cmVzb3VyY2Ugb3duZXIgdG8gY29uZmlybSBpZGVudGl0eS4gQSB2YWxpZAogICAgICAgICAgcmVk aXJlY3Rpb24gVVJJIGlzIG5vdCBzdWZmaWNpZW50IHRvIHZlcmlmeSB0aGUgY2xpZW50J3MgaWRl bnRpdHkgd2hlbiBhc2tpbmcgZm9yCiAgICAgICAgICByZXNvdXJjZSBvd25lciBhdXRob3JpemF0 aW9uLCBidXQgY2FuIGJlIHVzZWQgdG8gcHJldmVudCBkZWxpdmVyaW5nIGNyZWRlbnRpYWxzIHRv IGEKICAgICAgICAgIGNvdW50ZXJmZWl0IGNsaWVudCBhZnRlciBvYnRhaW5pbmcgcmVzb3VyY2Ug b3duZXIgYXV0aG9yaXphdGlvbi4KICAgICAgICAKPC9wPgo8cD4KICAgICAgICAgIFRoZSBhdXRo b3JpemF0aW9uIHNlcnZlciBtdXN0IGNvbnNpZGVyIHRoZSBzZWN1cml0eSBpbXBsaWNhdGlvbnMg b2YgaW50ZXJhY3Rpbmcgd2l0aAogICAgICAgICAgdW5hdXRoZW50aWNhdGVkIGNsaWVudHMgYW5k IHRha2UgbWVhc3VyZXMgdG8gbGltaXQgdGhlIHBvdGVudGlhbCBleHBvc3VyZSBvZiBvdGhlcgog ICAgICAgICAgY3JlZGVudGlhbHMgKGUuZy4gcmVmcmVzaCB0b2tlbnMpIGlzc3VlZCB0byBzdWNo IGNsaWVudHMuCiAgICAgICAgCjwvcD4KPGEgbmFtZT0iYW5jaG9yMzUiPjwvYT48YnIgLz48aHIg Lz4KPHRhYmxlIHN1bW1hcnk9ImxheW91dCIgY2VsbHBhZGRpbmc9IjAiIGNlbGxzcGFjaW5nPSIy IiBjbGFzcz0iVE9DYnVnIiBhbGlnbj0icmlnaHQiPjx0cj48dGQgY2xhc3M9IlRPQ2J1ZyI+PGEg aHJlZj0iI3RvYyI+Jm5ic3A7VE9DJm5ic3A7PC9hPjwvdGQ+PC90cj48L3RhYmxlPgo8YSBuYW1l PSJyZmMuc2VjdGlvbi4xMC4yIj48L2E+PGgzPjEwLjIuJm5ic3A7CkNsaWVudCBJbXBlcnNvbmF0 aW9uPC9oMz4KCjxwPgogICAgICAgICAgQSBtYWxpY2lvdXMgY2xpZW50IGNhbiBpbXBlcnNvbmF0 ZSBhbm90aGVyIGNsaWVudCBhbmQgb2J0YWluIGFjY2VzcyB0byBwcm90ZWN0ZWQKICAgICAgICAg IHJlc291cmNlcywgaWYgdGhlIGltcGVyc29uYXRlZCBjbGllbnQgZmFpbHMgdG8sIG9yIGlzIHVu YWJsZSB0bywga2VlcCBpdHMgY2xpZW50CiAgICAgICAgICBjcmVkZW50aWFscyBjb25maWRlbnRp YWwuCiAgICAgICAgCjwvcD4KPHA+CiAgICAgICAgICBUaGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIg TVVTVCBhdXRoZW50aWNhdGUgdGhlIGNsaWVudCB3aGVuZXZlciBwb3NzaWJsZS4gSWYgdGhlCiAg ICAgICAgICBhdXRob3JpemF0aW9uIHNlcnZlciBjYW5ub3QgYXV0aGVudGljYXRlIHRoZSBjbGll bnQgZHVlIHRvIHRoZSBjbGllbnQncyBuYXR1cmUsIHRoZQogICAgICAgICAgYXV0aG9yaXphdGlv biBzZXJ2ZXIgTVVTVCByZXF1aXJlIHRoZSByZWdpc3RyYXRpb24gb2YgYW55IHJlZGlyZWN0aW9u IFVSSSB1c2VkIGZvcgogICAgICAgICAgcmVjZWl2aW5nIGF1dGhvcml6YXRpb24gcmVzcG9uc2Vz LCBhbmQgU0hPVUxEIHV0aWxpemUgb3RoZXIgbWVhbnMgdG8gcHJvdGVjdCByZXNvdXJjZQogICAg ICAgICAgb3duZXJzIGZyb20gc3VjaCBwb3RlbnRpYWxseSBtYWxpY2lvdXMgY2xpZW50cy4gRm9y IGV4YW1wbGUsIHRoZSBhdXRob3JpemF0aW9uIHNlcnZlcgogICAgICAgICAgY2FuIGVuZ2FnZSB0 aGUgcmVzb3VyY2Ugb3duZXIgdG8gYXNzaXN0IGluIGlkZW50aWZ5aW5nIHRoZSBjbGllbnQgYW5k IGl0cyBvcmlnaW4uCiAgICAgICAgCjwvcD4KPHA+CiAgICAgICAgICBUaGUgYXV0aG9yaXphdGlv biBzZXJ2ZXIgU0hPVUxEIGVuZm9yY2UgZXhwbGljaXQgcmVzb3VyY2Ugb3duZXIgYXV0aGVudGlj YXRpb24gYW5kCiAgICAgICAgICBwcm92aWRlIHRoZSByZXNvdXJjZSBvd25lciB3aXRoIGluZm9y bWF0aW9uIGFib3V0IHRoZSBjbGllbnQgYW5kIHRoZSByZXF1ZXN0ZWQKICAgICAgICAgIGF1dGhv cml6YXRpb24gc2NvcGUgYW5kIGxpZmV0aW1lLiBJdCBpcyB1cCB0byB0aGUgcmVzb3VyY2Ugb3du ZXIgdG8gcmV2aWV3IHRoZQogICAgICAgICAgaW5mb3JtYXRpb24gaW4gdGhlIGNvbnRleHQgb2Yg dGhlIGN1cnJlbnQgY2xpZW50LCBhbmQgYXV0aG9yaXplIG9yIGRlbnkgdGhlIHJlcXVlc3QuCiAg ICAgICAgCjwvcD4KPHA+CiAgICAgICAgICBUaGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgU0hPVUxE IE5PVCBwcm9jZXNzIHJlcGVhdGVkIGF1dGhvcml6YXRpb24gcmVxdWVzdHMKICAgICAgICAgIGF1 dG9tYXRpY2FsbHkgKHdpdGhvdXQgYWN0aXZlIHJlc291cmNlIG93bmVyIGludGVyYWN0aW9uKSB3 aXRob3V0IGF1dGhlbnRpY2F0aW5nIHRoZQogICAgICAgICAgY2xpZW50IG9yIHJlbHlpbmcgb24g b3RoZXIgbWVhc3VyZXMgdG8gZW5zdXJlIHRoZSByZXBlYXRlZCByZXF1ZXN0IGNvbWVzIGZyb20g dGhlCiAgICAgICAgICBvcmlnaW5hbCBjbGllbnQgYW5kIG5vdCBhbiBpbXBlcnNvbmF0b3IuCiAg ICAgICAgCjwvcD4KPGEgbmFtZT0iYW5jaG9yMzYiPjwvYT48YnIgLz48aHIgLz4KPHRhYmxlIHN1 bW1hcnk9ImxheW91dCIgY2VsbHBhZGRpbmc9IjAiIGNlbGxzcGFjaW5nPSIyIiBjbGFzcz0iVE9D YnVnIiBhbGlnbj0icmlnaHQiPjx0cj48dGQgY2xhc3M9IlRPQ2J1ZyI+PGEgaHJlZj0iI3RvYyI+ Jm5ic3A7VE9DJm5ic3A7PC9hPjwvdGQ+PC90cj48L3RhYmxlPgo8YSBuYW1lPSJyZmMuc2VjdGlv bi4xMC4zIj48L2E+PGgzPjEwLjMuJm5ic3A7CkFjY2VzcyBUb2tlbnM8L2gzPgoKPHA+CiAgICAg ICAgICBBY2Nlc3MgdG9rZW4gY3JlZGVudGlhbHMgKGFzIHdlbGwgYXMgYW55IGNvbmZpZGVudGlh bCBhY2Nlc3MgdG9rZW4gYXR0cmlidXRlcykgTVVTVCBiZQogICAgICAgICAga2VwdCBjb25maWRl bnRpYWwgaW4gdHJhbnNpdCBhbmQgc3RvcmFnZSwgYW5kIG9ubHkgc2hhcmVkIGFtb25nIHRoZSBh dXRob3JpemF0aW9uIHNlcnZlciwKICAgICAgICAgIHRoZSByZXNvdXJjZSBzZXJ2ZXJzIHRoZSBh Y2Nlc3MgdG9rZW4gaXMgdmFsaWQgZm9yLCBhbmQgdGhlIGNsaWVudCB0byB3aG9tIHRoZSBhY2Nl c3MKICAgICAgICAgIHRva2VuIGlzIGlzc3VlZC4gQWNjZXNzIHRva2VuIGNyZWRlbnRpYWxzIE1V U1Qgb25seSBiZSB0cmFuc21pdHRlZCB1c2luZyBUTFMgYXMgZGVzY3JpYmVkCiAgICAgICAgICBp biA8YSBjbGFzcz0naW5mbycgaHJlZj0nI3Rscyc+U2VjdGlvbiZuYnNwOzEuNjxzcGFuPiAoPC9z cGFuPjxzcGFuIGNsYXNzPSdpbmZvJz5UTFMgVmVyc2lvbjwvc3Bhbj48c3Bhbj4pPC9zcGFuPjwv YT4gd2l0aCBzZXJ2ZXIgYXV0aGVudGljYXRpb24gYXMgZGVmaW5lZCBieQogICAgICAgICAgPGEg Y2xhc3M9J2luZm8nIGhyZWY9JyNSRkMyODE4Jz5bUkZDMjgxOF08c3Bhbj4gKDwvc3Bhbj48c3Bh biBjbGFzcz0naW5mbyc+UmVzY29ybGEsIEUuLCAmbGRxdW87SFRUUCBPdmVyIFRMUywmcmRxdW87 IE1heSZuYnNwOzIwMDAuPC9zcGFuPjxzcGFuPik8L3NwYW4+PC9hPi4KICAgICAgICAKPC9wPgo8 cD4KICAgICAgICAgIFdoZW4gdXNpbmcgdGhlIGltcGxpY2l0IGdyYW50IHR5cGUsIHRoZSBhY2Nl c3MgdG9rZW4gaXMgdHJhbnNtaXR0ZWQgaW4gdGhlIFVSSSBmcmFnbWVudCwKICAgICAgICAgIHdo aWNoIGNhbiBleHBvc2UgaXQgdG8gdW5hdXRob3JpemVkIHBhcnRpZXMuCiAgICAgICAgCjwvcD4K PHA+CiAgICAgICAgICBUaGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgTVVTVCBlbnN1cmUgdGhhdCBh Y2Nlc3MgdG9rZW5zIGNhbm5vdCBiZSBnZW5lcmF0ZWQsIG1vZGlmaWVkLCBvcgogICAgICAgICAg Z3Vlc3NlZCB0byBwcm9kdWNlIHZhbGlkIGFjY2VzcyB0b2tlbnMgYnkgdW5hdXRob3JpemVkIHBh cnRpZXMuCiAgICAgICAgCjwvcD4KPHA+CiAgICAgICAgICBUaGUgY2xpZW50IFNIT1VMRCByZXF1 ZXN0IGFjY2VzcyB0b2tlbnMgd2l0aCB0aGUgbWluaW1hbCBzY29wZSBuZWNlc3NhcnkuIFRoZQog ICAgICAgICAgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgU0hPVUxEIHRha2UgdGhlIGNsaWVudCBpZGVu dGl0eSBpbnRvIGFjY291bnQgd2hlbiBjaG9vc2luZyBob3cKICAgICAgICAgIHRvIGhvbm9yIHRo ZSByZXF1ZXN0ZWQgc2NvcGUsIGFuZCBNQVkgaXNzdWUgYW4gYWNjZXNzIHRva2VuIHdpdGggYSBs ZXNzIHJpZ2h0cyB0aGFuCiAgICAgICAgICByZXF1ZXN0ZWQuCiAgICAgICAgCjwvcD4KPHA+CiAg ICAgICAgICBUaGlzIHNwZWNpZmljYXRpb24gZG9lcyBub3QgcHJvdmlkZSBhbnkgbWV0aG9kcyBm b3IgdGhlIHJlc291cmNlIHNlcnZlciB0byBlbnN1cmUgdGhhdCBhbgogICAgICAgICAgYWNjZXNz IHRva2VuIHByZXNlbnRlZCB0byBpdCBieSBhIGdpdmVuIGNsaWVudCB3YXMgaXNzdWVkIHRvIHRo YXQgY2xpZW50IGJ5IHRoZQogICAgICAgICAgYXV0aG9yaXphdGlvbiBzZXJ2ZXIuCiAgICAgICAg CjwvcD4KPGEgbmFtZT0iYW5jaG9yMzciPjwvYT48YnIgLz48aHIgLz4KPHRhYmxlIHN1bW1hcnk9 ImxheW91dCIgY2VsbHBhZGRpbmc9IjAiIGNlbGxzcGFjaW5nPSIyIiBjbGFzcz0iVE9DYnVnIiBh bGlnbj0icmlnaHQiPjx0cj48dGQgY2xhc3M9IlRPQ2J1ZyI+PGEgaHJlZj0iI3RvYyI+Jm5ic3A7 VE9DJm5ic3A7PC9hPjwvdGQ+PC90cj48L3RhYmxlPgo8YSBuYW1lPSJyZmMuc2VjdGlvbi4xMC40 Ij48L2E+PGgzPjEwLjQuJm5ic3A7ClJlZnJlc2ggVG9rZW5zPC9oMz4KCjxwPgogICAgICAgICAg QXV0aG9yaXphdGlvbiBzZXJ2ZXJzIE1BWSBpc3N1ZSByZWZyZXNoIHRva2VucyB0byB3ZWIgYXBw bGljYXRpb24gY2xpZW50cyBhbmQgbmF0aXZlCiAgICAgICAgICBhcHBsaWNhdGlvbiBjbGllbnRz LgogICAgICAgIAo8L3A+CjxwPgogICAgICAgICAgUmVmcmVzaCB0b2tlbnMgTVVTVCBiZSBrZXB0 IGNvbmZpZGVudGlhbCBpbiB0cmFuc2l0IGFuZCBzdG9yYWdlLCBhbmQgc2hhcmVkIG9ubHkgYW1v bmcKICAgICAgICAgIHRoZSBhdXRob3JpemF0aW9uIHNlcnZlciBhbmQgdGhlIGNsaWVudCB0byB3 aG9tIHRoZSByZWZyZXNoIHRva2VucyB3ZXJlIGlzc3VlZC4gVGhlCiAgICAgICAgICBhdXRob3Jp emF0aW9uIHNlcnZlciBNVVNUIG1haW50YWluIHRoZSBiaW5kaW5nIGJldHdlZW4gYSByZWZyZXNo IHRva2VuIGFuZCB0aGUgY2xpZW50IHRvCiAgICAgICAgICB3aG9tIGl0IHdhcyBpc3N1ZWQuIFJl ZnJlc2ggdG9rZW5zIE1VU1Qgb25seSBiZSB0cmFuc21pdHRlZCB1c2luZyBUTFMgYXMgZGVzY3Jp YmVkIGluCiAgICAgICAgICA8YSBjbGFzcz0naW5mbycgaHJlZj0nI3Rscyc+U2VjdGlvbiZuYnNw OzEuNjxzcGFuPiAoPC9zcGFuPjxzcGFuIGNsYXNzPSdpbmZvJz5UTFMgVmVyc2lvbjwvc3Bhbj48 c3Bhbj4pPC9zcGFuPjwvYT4gd2l0aCBzZXJ2ZXIgYXV0aGVudGljYXRpb24gYXMgZGVmaW5lZCBi eSA8YSBjbGFzcz0naW5mbycgaHJlZj0nI1JGQzI4MTgnPltSRkMyODE4XTxzcGFuPiAoPC9zcGFu PjxzcGFuIGNsYXNzPSdpbmZvJz5SZXNjb3JsYSwgRS4sICZsZHF1bztIVFRQIE92ZXIgVExTLCZy ZHF1bzsgTWF5Jm5ic3A7MjAwMC48L3NwYW4+PHNwYW4+KTwvc3Bhbj48L2E+LgogICAgICAgIAo8 L3A+CjxwPgogICAgICAgICAgVGhlIGF1dGhvcml6YXRpb24gc2VydmVyIE1VU1QgdmVyaWZ5IHRo ZSBiaW5kaW5nIGJldHdlZW4gdGhlIHJlZnJlc2ggdG9rZW4gYW5kIGNsaWVudAogICAgICAgICAg aWRlbnRpdHkgd2hlbmV2ZXIgdGhlIGNsaWVudCBpZGVudGl0eSBjYW4gYmUgYXV0aGVudGljYXRl ZC4gV2hlbiBjbGllbnQgYXV0aGVudGljYXRpb24gaXMKICAgICAgICAgIG5vdCBwb3NzaWJsZSwg dGhlIGF1dGhvcml6YXRpb24gc2VydmVyIFNIT1VMRCBkZXBsb3kgb3RoZXIgbWVhbnMgdG8gZGV0 ZWN0IHJlZnJlc2ggdG9rZW4KICAgICAgICAgIGFidXNlLgogICAgICAgIAo8L3A+CjxwPgogICAg ICAgICAgRm9yIGV4YW1wbGUsIHRoZSBhdXRob3JpemF0aW9uIHNlcnZlciBjb3VsZCBlbXBsb3kg cmVmcmVzaCB0b2tlbiByb3RhdGlvbiBpbiB3aGljaCBhIG5ldwogICAgICAgICAgcmVmcmVzaCB0 b2tlbiBpcyBpc3N1ZWQgd2l0aCBldmVyeSBhY2Nlc3MgdG9rZW4gcmVmcmVzaCByZXNwb25zZS4g VGhlIHByZXZpb3VzIHJlZnJlc2gKICAgICAgICAgIHRva2VuIGlzIGludmFsaWRhdGVkIGJ1dCBy ZXRhaW5lZCBieSB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIuIElmIGEgcmVmcmVzaCB0b2tlbiBp cwogICAgICAgICAgY29tcHJvbWlzZWQgYW5kIHN1YnNlcXVlbnRseSB1c2VkIGJ5IGJvdGggdGhl IGF0dGFja2VyIGFuZCB0aGUgbGVnaXRpbWF0ZSBjbGllbnQsIG9uZSBvZgogICAgICAgICAgdGhl bSB3aWxsIHByZXNlbnQgYW4gaW52YWxpZGF0ZWQgcmVmcmVzaCB0b2tlbiB3aGljaCB3aWxsIGlu Zm9ybSB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIKICAgICAgICAgIG9mIHRoZSBicmVhY2guCiAg ICAgICAgCjwvcD4KPHA+CiAgICAgICAgICBUaGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgTVVTVCBl bnN1cmUgdGhhdCByZWZyZXNoIHRva2VucyBjYW5ub3QgYmUgZ2VuZXJhdGVkLCBtb2RpZmllZCwK ICAgICAgICAgIG9yIGd1ZXNzZWQgdG8gcHJvZHVjZSB2YWxpZCByZWZyZXNoIHRva2VucyBieSB1 bmF1dGhvcml6ZWQgcGFydGllcy4KICAgICAgICAKPC9wPgo8YSBuYW1lPSJhbmNob3IzOCI+PC9h PjxiciAvPjxociAvPgo8dGFibGUgc3VtbWFyeT0ibGF5b3V0IiBjZWxscGFkZGluZz0iMCIgY2Vs bHNwYWNpbmc9IjIiIGNsYXNzPSJUT0NidWciIGFsaWduPSJyaWdodCI+PHRyPjx0ZCBjbGFzcz0i VE9DYnVnIj48YSBocmVmPSIjdG9jIj4mbmJzcDtUT0MmbmJzcDs8L2E+PC90ZD48L3RyPjwvdGFi bGU+CjxhIG5hbWU9InJmYy5zZWN0aW9uLjEwLjUiPjwvYT48aDM+MTAuNS4mbmJzcDsKQXV0aG9y aXphdGlvbiBDb2RlczwvaDM+Cgo8cD4KICAgICAgICAgIFRoZSB0cmFuc21pc3Npb24gb2YgYXV0 aG9yaXphdGlvbiBjb2RlcyBTSE9VTEQgYmUgbWFkZSBvdmVyIGEgc2VjdXJlIGNoYW5uZWwsIGFu ZCB0aGUKICAgICAgICAgIGNsaWVudCBTSE9VTEQgcmVxdWlyZSB0aGUgdXNlIG9mIFRMUyB3aXRo IGl0cyByZWRpcmVjdGlvbiBVUkkgaWYgdGhlIFVSSSBpZGVudGlmaWVzIGEKICAgICAgICAgIG5l dHdvcmsgcmVzb3VyY2UuIFNpbmNlIGF1dGhvcml6YXRpb24gY29kZXMgYXJlIHRyYW5zbWl0dGVk IHZpYSB1c2VyLWFnZW50IHJlZGlyZWN0aW9ucywKICAgICAgICAgIHRoZXkgY291bGQgcG90ZW50 aWFsbHkgYmUgZGlzY2xvc2VkIHRocm91Z2ggdXNlci1hZ2VudCBoaXN0b3J5IGFuZCBIVFRQIHJl ZmVycmVyIGhlYWRlcnMuCiAgICAgICAgCjwvcD4KPHA+CiAgICAgICAgICBBdXRob3JpemF0aW9u IGNvZGVzIG9wZXJhdGUgYXMgcGxhaW50ZXh0IGJlYXJlciBjcmVkZW50aWFscywgdXNlZCB0byB2 ZXJpZnkgdGhhdCB0aGUKICAgICAgICAgIHJlc291cmNlIG93bmVyIHdobyBncmFudGVkIGF1dGhv cml6YXRpb24gYXQgdGhlIGF1dGhvcml6YXRpb24gc2VydmVyIGlzIHRoZSBzYW1lCiAgICAgICAg ICByZXNvdXJjZSBvd25lciByZXR1cm5pbmcgdG8gdGhlIGNsaWVudCB0byBjb21wbGV0ZSB0aGUg cHJvY2Vzcy4gVGhlcmVmb3JlLCBpZiB0aGUgY2xpZW50CiAgICAgICAgICByZWxpZXMgb24gdGhl IGF1dGhvcml6YXRpb24gY29kZSBmb3IgaXRzIG93biByZXNvdXJjZSBvd25lciBhdXRoZW50aWNh dGlvbiwgdGhlIGNsaWVudAogICAgICAgICAgcmVkaXJlY3Rpb24gZW5kcG9pbnQgTVVTVCByZXF1 aXJlIHRoZSB1c2Ugb2YgVExTLgogICAgICAgIAo8L3A+CjxwPgogICAgICAgICAgQXV0aG9yaXph dGlvbiBjb2RlcyBNVVNUIGJlIHNob3J0IGxpdmVkIGFuZCBzaW5nbGUgdXNlLiBJZiB0aGUgYXV0 aG9yaXphdGlvbiBzZXJ2ZXIKICAgICAgICAgIG9ic2VydmVzIG11bHRpcGxlIGF0dGVtcHRzIHRv IGV4Y2hhbmdlIGFuIGF1dGhvcml6YXRpb24gY29kZSBmb3IgYW4gYWNjZXNzIHRva2VuLCB0aGUK ICAgICAgICAgIGF1dGhvcml6YXRpb24gc2VydmVyIFNIT1VMRCBhdHRlbXB0IHRvIHJldm9rZSBh bGwgYWNjZXNzIHRva2VucyBhbHJlYWR5IGdyYW50ZWQgYmFzZWQgb24KICAgICAgICAgIHRoZSBj b21wcm9taXNlZCBhdXRob3JpemF0aW9uIGNvZGUuCiAgICAgICAgCjwvcD4KPHA+CiAgICAgICAg ICBJZiB0aGUgY2xpZW50IGNhbiBiZSBhdXRoZW50aWNhdGVkLCB0aGUgYXV0aG9yaXphdGlvbiBz ZXJ2ZXJzIE1VU1QgYXV0aGVudGljYXRlIHRoZQogICAgICAgICAgY2xpZW50IGFuZCBlbnN1cmUg dGhhdCB0aGUgYXV0aG9yaXphdGlvbiBjb2RlIHdhcyBpc3N1ZWQgdG8gdGhlIHNhbWUgY2xpZW50 LgogICAgICAgIAo8L3A+CjxhIG5hbWU9ImFuY2hvcjM5Ij48L2E+PGJyIC8+PGhyIC8+Cjx0YWJs ZSBzdW1tYXJ5PSJsYXlvdXQiIGNlbGxwYWRkaW5nPSIwIiBjZWxsc3BhY2luZz0iMiIgY2xhc3M9 IlRPQ2J1ZyIgYWxpZ249InJpZ2h0Ij48dHI+PHRkIGNsYXNzPSJUT0NidWciPjxhIGhyZWY9IiN0 b2MiPiZuYnNwO1RPQyZuYnNwOzwvYT48L3RkPjwvdHI+PC90YWJsZT4KPGEgbmFtZT0icmZjLnNl Y3Rpb24uMTAuNiI+PC9hPjxoMz4xMC42LiZuYnNwOwpBdXRob3JpemF0aW9uIENvZGUgUmVkaXJl Y3Rpb24gVVJJIE1hbmlwdWxhdGlvbjwvaDM+Cgo8cD4KICAgICAgICAgIFdoZW4gcmVxdWVzdGlu ZyBhdXRob3JpemF0aW9uIHVzaW5nIHRoZSBhdXRob3JpemF0aW9uIGNvZGUgZ3JhbnQgdHlwZSwg dGhlIGNsaWVudCBjYW4KICAgICAgICAgIHNwZWNpZnkgYSByZWRpcmVjdGlvbiBVUkkgdmlhIHRo ZSA8dHQ+cmVkaXJlY3RfdXJpPC90dD4gcGFyYW1ldGVyLgogICAgICAgICAgSWYgYW4gYXR0YWNr ZXIgY2FuIG1hbmlwdWxhdGUgdGhlIHZhbHVlIG9mIHRoZSByZWRpcmVjdGlvbiBVUkksIGl0IGNh biBjYXVzZSB0aGUKICAgICAgICAgIGF1dGhvcml6YXRpb24gc2VydmVyIHRvIHJlZGlyZWN0IHRo ZSByZXNvdXJjZSBvd25lciB1c2VyLWFnZW50IHRvIGEgVVJJIHVuZGVyIHRoZSBjb250cm9sCiAg ICAgICAgICBvZiB0aGUgYXR0YWNrZXIgd2l0aCB0aGUgYXV0aG9yaXphdGlvbiBjb2RlLgogICAg ICAgIAo8L3A+CjxwPgogICAgICAgICAgQW4gYXR0YWNrZXIgY2FuIGNyZWF0ZSBhbiBhY2NvdW50 IGF0IGEgbGVnaXRpbWF0ZSBjbGllbnQgYW5kIGluaXRpYXRlIHRoZSBhdXRob3JpemF0aW9uCiAg ICAgICAgICBmbG93LiBXaGVuIHRoZSBhdHRhY2tlcidzIHVzZXItYWdlbnQgaXMgc2VudCB0byB0 aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgdG8gZ3JhbnQgYWNjZXNzLAogICAgICAgICAgdGhlIGF0 dGFja2VyIGdyYWJzIHRoZSBhdXRob3JpemF0aW9uIFVSSSBwcm92aWRlZCBieSB0aGUgbGVnaXRp bWF0ZSBjbGllbnQsIGFuZCByZXBsYWNlcwogICAgICAgICAgdGhlIGNsaWVudCdzIHJlZGlyZWN0 aW9uIFVSSSB3aXRoIGEgVVJJIHVuZGVyIHRoZSBjb250cm9sIG9mIHRoZSBhdHRhY2tlci4gVGhl IGF0dGFja2VyCiAgICAgICAgICB0aGVuIHRyaWNrcyB0aGUgdmljdGltIGludG8gZm9sbG93aW5n IHRoZSBtYW5pcHVsYXRlZCBsaW5rIHRvIGF1dGhvcml6ZSBhY2Nlc3MgdG8gdGhlCiAgICAgICAg ICBsZWdpdGltYXRlIGNsaWVudC4KICAgICAgICAKPC9wPgo8cD4KICAgICAgICAgIE9uY2UgYXQg dGhlIGF1dGhvcml6YXRpb24gc2VydmVyLCB0aGUgdmljdGltIGlzIHByb21wdGVkIHdpdGggYSBu b3JtYWwsIHZhbGlkIHJlcXVlc3Qgb24KICAgICAgICAgIGJlaGFsZiBvZiBhIGxlZ2l0aW1hdGUg YW5kIHRydXN0ZWQgY2xpZW50LCBhbmQgYXV0aG9yaXplcyB0aGUgcmVxdWVzdC4gVGhlIHZpY3Rp bSBpcwogICAgICAgICAgdGhlbiByZWRpcmVjdGVkIHRvIGFuIGVuZHBvaW50IHVuZGVyIHRoZSBj b250cm9sIG9mIHRoZSBhdHRhY2tlciB3aXRoIHRoZSBhdXRob3JpemF0aW9uCiAgICAgICAgICBj b2RlLiBUaGUgYXR0YWNrZXIgY29tcGxldGVzIHRoZSBhdXRob3JpemF0aW9uIGZsb3cgYnkgc2Vu ZGluZyB0aGUgYXV0aG9yaXphdGlvbiBjb2RlIHRvCiAgICAgICAgICB0aGUgY2xpZW50IHVzaW5n IHRoZSBvcmlnaW5hbCByZWRpcmVjdGlvbiBVUkkgcHJvdmlkZWQgYnkgdGhlIGNsaWVudC4gVGhl IGNsaWVudAogICAgICAgICAgZXhjaGFuZ2VzIHRoZSBhdXRob3JpemF0aW9uIGNvZGUgd2l0aCBh biBhY2Nlc3MgdG9rZW4gYW5kIGxpbmtzIGl0IHRvIHRoZSBhdHRhY2tlcidzCiAgICAgICAgICBj bGllbnQgYWNjb3VudCB3aGljaCBjYW4gbm93IGdhaW4gYWNjZXNzIHRvIHRoZSBwcm90ZWN0ZWQg cmVzb3VyY2VzIGF1dGhvcml6ZWQgYnkgdGhlCiAgICAgICAgICB2aWN0aW0gKHZpYSB0aGUgY2xp ZW50KS4KICAgICAgICAKPC9wPgo8cD4KICAgICAgICAgIEluIG9yZGVyIHRvIHByZXZlbnQgc3Vj aCBhbiBhdHRhY2ssIHRoZSBhdXRob3JpemF0aW9uIHNlcnZlciBNVVNUIGVuc3VyZSB0aGF0IHRo ZQogICAgICAgICAgcmVkaXJlY3Rpb24gVVJJIHVzZWQgdG8gb2J0YWluIHRoZSBhdXRob3JpemF0 aW9uIGNvZGUgaXMgaWRlbnRpY2FsIHRvIHRoZSByZWRpcmVjdGlvbiBVUkkKICAgICAgICAgIHBy b3ZpZGVkIHdoZW4gZXhjaGFuZ2luZyB0aGUgYXV0aG9yaXphdGlvbiBjb2RlIGZvciBhbiBhY2Nl c3MgdG9rZW4uIFRoZSBhdXRob3JpemF0aW9uCiAgICAgICAgICBzZXJ2ZXIgTVVTVCByZXF1aXJl IHB1YmxpYyBjbGllbnRzIGFuZCBTSE9VTEQgcmVxdWlyZSBjb25maWRlbnRpYWwgY2xpZW50cyB0 byByZWdpc3RlcgogICAgICAgICAgdGhlaXIgcmVkaXJlY3Rpb24gVVJJcy4gSWYgYSByZWRpcmVj dGlvbiBVUkkgaXMgcHJvdmlkZWQgaW4gdGhlIHJlcXVlc3QsIHRoZQogICAgICAgICAgYXV0aG9y aXphdGlvbiBzZXJ2ZXIgTVVTVCB2YWxpZGF0ZSBpdCBhZ2FpbnN0IHRoZSByZWdpc3RlcmVkIHZh bHVlLgogICAgICAgIAo8L3A+CjxhIG5hbWU9ImFuY2hvcjQwIj48L2E+PGJyIC8+PGhyIC8+Cjx0 YWJsZSBzdW1tYXJ5PSJsYXlvdXQiIGNlbGxwYWRkaW5nPSIwIiBjZWxsc3BhY2luZz0iMiIgY2xh c3M9IlRPQ2J1ZyIgYWxpZ249InJpZ2h0Ij48dHI+PHRkIGNsYXNzPSJUT0NidWciPjxhIGhyZWY9 IiN0b2MiPiZuYnNwO1RPQyZuYnNwOzwvYT48L3RkPjwvdHI+PC90YWJsZT4KPGEgbmFtZT0icmZj LnNlY3Rpb24uMTAuNyI+PC9hPjxoMz4xMC43LiZuYnNwOwpSZXNvdXJjZSBPd25lciBQYXNzd29y ZCBDcmVkZW50aWFsczwvaDM+Cgo8cD4KICAgICAgICAgIFRoZSByZXNvdXJjZSBvd25lciBwYXNz d29yZCBjcmVkZW50aWFscyBncmFudCB0eXBlIGlzIG9mdGVuIHVzZWQgZm9yIGxlZ2FjeSBvciBt aWdyYXRpb24KICAgICAgICAgIHJlYXNvbnMuIEl0IHJlZHVjZXMgdGhlIG92ZXJhbGwgcmlzayBv ZiBzdG9yaW5nIHVzZXJuYW1lIGFuZCBwYXNzd29yZCBieSB0aGUgY2xpZW50LCBidXQKICAgICAg ICAgIGRvZXMgbm90IGVsaW1pbmF0ZSB0aGUgbmVlZCB0byBleHBvc2UgaGlnaGx5IHByaXZpbGVn ZWQgY3JlZGVudGlhbHMgdG8gdGhlIGNsaWVudC4KICAgICAgICAKPC9wPgo8cD4KICAgICAgICAg IFRoaXMgZ3JhbnQgdHlwZSBjYXJyaWVzIGEgaGlnaGVyIHJpc2sgdGhhbiBvdGhlciBncmFudCB0 eXBlcyBiZWNhdXNlIGl0IG1haW50YWlucyB0aGUKICAgICAgICAgIHBhc3N3b3JkIGFudGktcGF0 dGVybiB0aGlzIHByb3RvY29sIHNlZWtzIHRvIGF2b2lkLiBUaGUgY2xpZW50IGNvdWxkIGFidXNl IHRoZSBwYXNzd29yZAogICAgICAgICAgb3IgdGhlIHBhc3N3b3JkIGNvdWxkIHVuaW50ZW50aW9u YWxseSBiZSBkaXNjbG9zZWQgdG8gYW4gYXR0YWNrZXIgKGUuZy4gdmlhIGxvZyBmaWxlcyBvcgog ICAgICAgICAgb3RoZXIgcmVjb3JkcyBrZXB0IGJ5IHRoZSBjbGllbnQpLgogICAgICAgIAo8L3A+ CjxwPgogICAgICAgICAgQWRkaXRpb25hbGx5LCBiZWNhdXNlIHRoZSByZXNvdXJjZSBvd25lciBk b2VzIG5vdCBoYXZlIGNvbnRyb2wgb3ZlciB0aGUgYXV0aG9yaXphdGlvbgogICAgICAgICAgcHJv Y2VzcyAodGhlIHJlc291cmNlIG93bmVyIGludm9sdmVtZW50IGVuZHMgd2hlbiBpdCBoYW5kcyBv dmVyIGl0cyBjcmVkZW50aWFscyB0byB0aGUKICAgICAgICAgIGNsaWVudCksIHRoZSBjbGllbnQg Y2FuIG9idGFpbiBhY2Nlc3MgdG9rZW5zIHdpdGggYSBicm9hZGVyIHNjb3BlIHRoYW4gZGVzaXJl ZCBieSB0aGUKICAgICAgICAgIHJlc291cmNlIG93bmVyLiBUaGUgYXV0aG9yaXphdGlvbiBzZXJ2 ZXIgc2hvdWxkIGNvbnNpZGVyIHRoZSBzY29wZSBhbmQgbGlmZXRpbWUgb2YKICAgICAgICAgIGFj Y2VzcyB0b2tlbnMgaXNzdWVkIHZpYSB0aGlzIGdyYW50IHR5cGUuCiAgICAgICAgCjwvcD4KPHA+ CiAgICAgICAgICBUaGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgYW5kIGNsaWVudCBTSE9VTEQgbWlu aW1pemUgdXNlIG9mIHRoaXMgZ3JhbnQgdHlwZSBhbmQgdXRpbGl6ZQogICAgICAgICAgb3RoZXIg Z3JhbnQgdHlwZXMgd2hlbmV2ZXIgcG9zc2libGUuCiAgICAgICAgCjwvcD4KPGEgbmFtZT0iYW5j aG9yNDEiPjwvYT48YnIgLz48aHIgLz4KPHRhYmxlIHN1bW1hcnk9ImxheW91dCIgY2VsbHBhZGRp bmc9IjAiIGNlbGxzcGFjaW5nPSIyIiBjbGFzcz0iVE9DYnVnIiBhbGlnbj0icmlnaHQiPjx0cj48 dGQgY2xhc3M9IlRPQ2J1ZyI+PGEgaHJlZj0iI3RvYyI+Jm5ic3A7VE9DJm5ic3A7PC9hPjwvdGQ+ PC90cj48L3RhYmxlPgo8YSBuYW1lPSJyZmMuc2VjdGlvbi4xMC44Ij48L2E+PGgzPjEwLjguJm5i c3A7ClJlcXVlc3QgQ29uZmlkZW50aWFsaXR5PC9oMz4KCjxwPgogICAgICAgICAgQWNjZXNzIHRv a2VucywgcmVmcmVzaCB0b2tlbnMsIHJlc291cmNlIG93bmVyIHBhc3N3b3JkcywgYW5kIGNsaWVu dCBjcmVkZW50aWFscyBNVVNUIE5PVAogICAgICAgICAgYmUgdHJhbnNtaXR0ZWQgaW4gdGhlIGNs ZWFyLiBBdXRob3JpemF0aW9uIGNvZGVzIFNIT1VMRCBOT1QgYmUgdHJhbnNtaXR0ZWQgaW4gdGhl IGNsZWFyLgogICAgICAgIAo8L3A+CjxwPgogICAgICAgICAgVGhlIDx0dD5zdGF0ZTwvdHQ+IGFu ZCA8dHQ+c2NvcGU8L3R0PiBwYXJhbWV0ZXJzCiAgICAgICAgICBTSE9VTEQgTk9UIGluY2x1ZGUg c2Vuc2l0aXZlIGNsaWVudCBvciByZXNvdXJjZSBvd25lciBpbmZvcm1hdGlvbiBpbiBwbGFpbiB0 ZXh0IGFzIHRoZXkKICAgICAgICAgIGNhbiBiZSB0cmFuc21pdHRlZCBvdmVyIGluc2VjdXJlIGNo YW5uZWxzIG9yIHN0b3JlZCBpbnNlY3VyZWx5LgogICAgICAgIAo8L3A+CjxhIG5hbWU9ImFuY2hv cjQyIj48L2E+PGJyIC8+PGhyIC8+Cjx0YWJsZSBzdW1tYXJ5PSJsYXlvdXQiIGNlbGxwYWRkaW5n PSIwIiBjZWxsc3BhY2luZz0iMiIgY2xhc3M9IlRPQ2J1ZyIgYWxpZ249InJpZ2h0Ij48dHI+PHRk IGNsYXNzPSJUT0NidWciPjxhIGhyZWY9IiN0b2MiPiZuYnNwO1RPQyZuYnNwOzwvYT48L3RkPjwv dHI+PC90YWJsZT4KPGEgbmFtZT0icmZjLnNlY3Rpb24uMTAuOSI+PC9hPjxoMz4xMC45LiZuYnNw OwpFbmRwb2ludHMgQXV0aGVudGljaXR5PC9oMz4KCjxwPgogICAgICAgICAgSW4gb3JkZXIgdG8g cHJldmVudCBtYW4taW4tdGhlLW1pZGRsZSBhdHRhY2tzLCB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2 ZXIgTVVTVCByZXF1aXJlIHRoZQogICAgICAgICAgdXNlIG9mIFRMUyB3aXRoIHNlcnZlciBhdXRo ZW50aWNhdGlvbiBhcyBkZWZpbmVkIGJ5IDxhIGNsYXNzPSdpbmZvJyBocmVmPScjUkZDMjgxOCc+ W1JGQzI4MThdPHNwYW4+ICg8L3NwYW4+PHNwYW4gY2xhc3M9J2luZm8nPlJlc2NvcmxhLCBFLiwg JmxkcXVvO0hUVFAgT3ZlciBUTFMsJnJkcXVvOyBNYXkmbmJzcDsyMDAwLjwvc3Bhbj48c3Bhbj4p PC9zcGFuPjwvYT4gZm9yCiAgICAgICAgICBhbnkgcmVxdWVzdCBzZW50IHRvIHRoZSBhdXRob3Jp emF0aW9uIGFuZCB0b2tlbiBlbmRwb2ludHMuIFRoZSBjbGllbnQgTVVTVCB2YWxpZGF0ZSB0aGUK ICAgICAgICAgIGF1dGhvcml6YXRpb24gc2VydmVyJ3MgVExTIGNlcnRpZmljYXRlIGFzIGRlZmlu ZWQgYnkgPGEgY2xhc3M9J2luZm8nIGhyZWY9JyNSRkM2MTI1Jz5bUkZDNjEyNV08c3Bhbj4gKDwv c3Bhbj48c3BhbiBjbGFzcz0naW5mbyc+U2FpbnQtQW5kcmUsIFAuIGFuZCBKLiBIb2RnZXMsICZs ZHF1bztSZXByZXNlbnRhdGlvbiBhbmQgVmVyaWZpY2F0aW9uIG9mIERvbWFpbi1CYXNlZCBBcHBs aWNhdGlvbiBTZXJ2aWNlIElkZW50aXR5IHdpdGhpbiBJbnRlcm5ldCBQdWJsaWMgS2V5IEluZnJh c3RydWN0dXJlIFVzaW5nIFguNTA5IChQS0lYKSBDZXJ0aWZpY2F0ZXMgaW4gdGhlIENvbnRleHQg b2YgVHJhbnNwb3J0IExheWVyIFNlY3VyaXR5IChUTFMpLCZyZHF1bzsgTWFyY2gmbmJzcDsyMDEx Ljwvc3Bhbj48c3Bhbj4pPC9zcGFuPjwvYT4sIGFuZCBpbgogICAgICAgICAgYWNjb3JkYW5jZSB3 aXRoIGl0cyByZXF1aXJlbWVudHMgZm9yIHNlcnZlciBpZGVudGl0eSBhdXRoZW50aWNhdGlvbi4K ICAgICAgICAKPC9wPgo8YSBuYW1lPSJhbnRocm9weSI+PC9hPjxiciAvPjxociAvPgo8dGFibGUg c3VtbWFyeT0ibGF5b3V0IiBjZWxscGFkZGluZz0iMCIgY2VsbHNwYWNpbmc9IjIiIGNsYXNzPSJU T0NidWciIGFsaWduPSJyaWdodCI+PHRyPjx0ZCBjbGFzcz0iVE9DYnVnIj48YSBocmVmPSIjdG9j Ij4mbmJzcDtUT0MmbmJzcDs8L2E+PC90ZD48L3RyPjwvdGFibGU+CjxhIG5hbWU9InJmYy5zZWN0 aW9uLjEwLjEwIj48L2E+PGgzPjEwLjEwLiZuYnNwOwpDcmVkZW50aWFscyBHdWVzc2luZyBBdHRh Y2tzPC9oMz4KCjxwPgogICAgICAgICAgVGhlIGF1dGhvcml6YXRpb24gc2VydmVyIE1VU1QgcHJl dmVudCBhdHRhY2tlcnMgZnJvbSBndWVzc2luZyBhY2Nlc3MgdG9rZW5zLAogICAgICAgICAgYXV0 aG9yaXphdGlvbiBjb2RlcywgcmVmcmVzaCB0b2tlbnMsIHJlc291cmNlIG93bmVyIHBhc3N3b3Jk cywgYW5kIGNsaWVudCBjcmVkZW50aWFscy4KICAgICAgICAKPC9wPgo8cD4KICAgICAgICAgIFRo ZSBwcm9iYWJpbGl0eSBvZiBhbiBhdHRhY2tlciBndWVzc2luZyBnZW5lcmF0ZWQgdG9rZW5zIChh bmQgb3RoZXIgY3JlZGVudGlhbHMgbm90CiAgICAgICAgICBpbnRlbmRlZCBmb3IgaGFuZGxpbmcg YnkgZW5kLXVzZXJzKSBNVVNUIGJlIGxlc3MgdGhhbiBvciBlcXVhbCB0byAyXigtMTI4KSBhbmQg U0hPVUxEIGJlCiAgICAgICAgICBsZXNzIHRoYW4gb3IgZXF1YWwgdG8gMl4oLTE2MCkuCiAgICAg ICAgCjwvcD4KPHA+CiAgICAgICAgICBUaGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgTVVTVCB1dGls aXplIG90aGVyIG1lYW5zIHRvIHByb3RlY3QgY3JlZGVudGlhbHMgaW50ZW5kZWQgZm9yCiAgICAg ICAgICBlbmQtdXNlciB1c2FnZS4KICAgICAgICAKPC9wPgo8YSBuYW1lPSJhbmNob3I0MyI+PC9h PjxiciAvPjxociAvPgo8dGFibGUgc3VtbWFyeT0ibGF5b3V0IiBjZWxscGFkZGluZz0iMCIgY2Vs bHNwYWNpbmc9IjIiIGNsYXNzPSJUT0NidWciIGFsaWduPSJyaWdodCI+PHRyPjx0ZCBjbGFzcz0i VE9DYnVnIj48YSBocmVmPSIjdG9jIj4mbmJzcDtUT0MmbmJzcDs8L2E+PC90ZD48L3RyPjwvdGFi bGU+CjxhIG5hbWU9InJmYy5zZWN0aW9uLjEwLjExIj48L2E+PGgzPjEwLjExLiZuYnNwOwpQaGlz aGluZyBBdHRhY2tzPC9oMz4KCjxwPgogICAgICAgICAgV2lkZSBkZXBsb3ltZW50IG9mIHRoaXMg YW5kIHNpbWlsYXIgcHJvdG9jb2xzIG1heSBjYXVzZSBlbmQtdXNlcnMgdG8gYmVjb21lIGludXJl ZAogICAgICAgICAgdG8gdGhlIHByYWN0aWNlIG9mIGJlaW5nIHJlZGlyZWN0ZWQgdG8gd2Vic2l0 ZXMgd2hlcmUgdGhleSBhcmUgYXNrZWQgdG8gZW50ZXIgdGhlaXIKICAgICAgICAgIHBhc3N3b3Jk cy4gSWYgZW5kLXVzZXJzIGFyZSBub3QgY2FyZWZ1bCB0byB2ZXJpZnkgdGhlIGF1dGhlbnRpY2l0 eSBvZiB0aGVzZSB3ZWJzaXRlcwogICAgICAgICAgYmVmb3JlIGVudGVyaW5nIHRoZWlyIGNyZWRl bnRpYWxzLCBpdCB3aWxsIGJlIHBvc3NpYmxlIGZvciBhdHRhY2tlcnMgdG8gZXhwbG9pdCB0aGlz CiAgICAgICAgICBwcmFjdGljZSB0byBzdGVhbCByZXNvdXJjZSBvd25lcnMnIHBhc3N3b3Jkcy4K ICAgICAgICAKPC9wPgo8cD4KICAgICAgICAgIFNlcnZpY2UgcHJvdmlkZXJzIHNob3VsZCBhdHRl bXB0IHRvIGVkdWNhdGUgZW5kLXVzZXJzIGFib3V0IHRoZSByaXNrcyBwaGlzaGluZyBhdHRhY2tz CiAgICAgICAgICBwb3NlLCBhbmQgc2hvdWxkIHByb3ZpZGUgbWVjaGFuaXNtcyB0aGF0IG1ha2Ug aXQgZWFzeSBmb3IgZW5kLXVzZXJzIHRvIGNvbmZpcm0gdGhlCiAgICAgICAgICBhdXRoZW50aWNp dHkgb2YgdGhlaXIgc2l0ZXMuIENsaWVudCBkZXZlbG9wZXJzIHNob3VsZCBjb25zaWRlciB0aGUg c2VjdXJpdHkgaW1wbGljYXRpb25zCiAgICAgICAgICBvZiBob3cgdGhleSBpbnRlcmFjdCB3aXRo IHRoZSB1c2VyLWFnZW50IChlLmcuLCBleHRlcm5hbCwgZW1iZWRkZWQpLCBhbmQgdGhlIGFiaWxp dHkgb2YKICAgICAgICAgIHRoZSBlbmQtdXNlciB0byB2ZXJpZnkgdGhlIGF1dGhlbnRpY2l0eSBv ZiB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIuCiAgICAgICAgCjwvcD4KPHA+CiAgICAgICAgICBU byByZWR1Y2UgdGhlIHJpc2sgb2YgcGhpc2hpbmcgYXR0YWNrcywgdGhlIGF1dGhvcml6YXRpb24g c2VydmVycyBNVVNUIHJlcXVpcmUgdGhlIHVzZSBvZgogICAgICAgICAgVExTIG9uIGV2ZXJ5IGVu ZHBvaW50IHVzZWQgZm9yIGVuZC11c2VyIGludGVyYWN0aW9uLgogICAgICAgIAo8L3A+CjxhIG5h bWU9IkNTUkYiPjwvYT48YnIgLz48aHIgLz4KPHRhYmxlIHN1bW1hcnk9ImxheW91dCIgY2VsbHBh ZGRpbmc9IjAiIGNlbGxzcGFjaW5nPSIyIiBjbGFzcz0iVE9DYnVnIiBhbGlnbj0icmlnaHQiPjx0 cj48dGQgY2xhc3M9IlRPQ2J1ZyI+PGEgaHJlZj0iI3RvYyI+Jm5ic3A7VE9DJm5ic3A7PC9hPjwv dGQ+PC90cj48L3RhYmxlPgo8YSBuYW1lPSJyZmMuc2VjdGlvbi4xMC4xMiI+PC9hPjxoMz4xMC4x Mi4mbmJzcDsKQ3Jvc3MtU2l0ZSBSZXF1ZXN0IEZvcmdlcnk8L2gzPgoKPHA+CiAgICAgICAgICBD cm9zcy1zaXRlIHJlcXVlc3QgZm9yZ2VyeSAoQ1NSRikgaXMgYW4gZXhwbG9pdCBpbiB3aGljaCBh biBhdHRhY2tlciBjYXVzZXMgdGhlCiAgICAgICAgICB1c2VyLWFnZW50IG9mIGEgdmljdGltIGVu ZC11c2VyIHRvIGZvbGxvdyBhIG1hbGljaW91cyBVUkkgKGUuZy4gcHJvdmlkZWQgdG8gdGhlCiAg ICAgICAgICB1c2VyLWFnZW50IGFzIGEgbWlzbGVhZGluZyBsaW5rLCBpbWFnZSwgb3IgcmVkaXJl Y3Rpb24pIHRvIGEgdHJ1c3Rpbmcgc2VydmVyICh1c3VhbGx5CiAgICAgICAgICBlc3RhYmxpc2hl ZCB2aWEgdGhlIHByZXNlbmNlIG9mIGEgdmFsaWQgc2Vzc2lvbiBjb29raWUpLgogICAgICAgIAo8 L3A+CjxwPgogICAgICAgICAgQSBDU1JGIGF0dGFjayBhZ2FpbnN0IHRoZSBjbGllbnQncyByZWRp cmVjdGlvbiBVUkkgYWxsb3dzIGFuIGF0dGFja2VyIHRvIGluamVjdCB0aGVpciBvd24KICAgICAg ICAgIGF1dGhvcml6YXRpb24gY29kZSBvciBhY2Nlc3MgdG9rZW4sIHdoaWNoIGNhbiByZXN1bHQg aW4gdGhlIGNsaWVudCB1c2luZyBhbiBhY2Nlc3MgdG9rZW4KICAgICAgICAgIGFzc29jaWF0ZWQg d2l0aCB0aGUgYXR0YWNrZXIncyBwcm90ZWN0ZWQgcmVzb3VyY2VzIHJhdGhlciB0aGFuIHRoZSB2 aWN0aW0ncyAoZS5nLiBzYXZlCiAgICAgICAgICB0aGUgdmljdGltJ3MgYmFuayBhY2NvdW50IGlu Zm9ybWF0aW9uIHRvIGEgcHJvdGVjdGVkIHJlc291cmNlIGNvbnRyb2xsZWQgYnkgdGhlCiAgICAg ICAgICBhdHRhY2tlcikuCiAgICAgICAgCjwvcD4KPHA+CiAgICAgICAgICBUaGUgY2xpZW50IE1V U1QgaW1wbGVtZW50IENTUkYgcHJvdGVjdGlvbiBmb3IgaXRzIHJlZGlyZWN0aW9uIFVSSS4gVGhp cyBpcyB0eXBpY2FsbHkKICAgICAgICAgIGFjY29tcGxpc2hlZCBieSByZXF1aXJpbmcgYW55IHJl cXVlc3Qgc2VudCB0byB0aGUgcmVkaXJlY3Rpb24gVVJJIGVuZHBvaW50IHRvIGluY2x1ZGUgYQog ICAgICAgICAgdmFsdWUgdGhhdCBiaW5kcyB0aGUgcmVxdWVzdCB0byB0aGUgdXNlci1hZ2VudCdz IGF1dGhlbnRpY2F0ZWQgc3RhdGUgKGUuZy4gYSBoYXNoIG9mIHRoZQogICAgICAgICAgc2Vzc2lv biBjb29raWUgdXNlZCB0byBhdXRoZW50aWNhdGUgdGhlIHVzZXItYWdlbnQpLiBUaGUgY2xpZW50 IFNIT1VMRCB1dGlsaXplIHRoZQogICAgICAgICAgPHR0PnN0YXRlPC90dD4gcmVxdWVzdCBwYXJh bWV0ZXIgdG8gZGVsaXZlciB0aGlzIHZhbHVlIHRvIHRoZQogICAgICAgICAgYXV0aG9yaXphdGlv biBzZXJ2ZXIgd2hlbiBtYWtpbmcgYW4gYXV0aG9yaXphdGlvbiByZXF1ZXN0LgogICAgICAgIAo8 L3A+CjxwPgogICAgICAgICAgT25jZSBhdXRob3JpemF0aW9uIGhhcyBiZWVuIG9idGFpbmVkIGZy b20gdGhlIGVuZC11c2VyLCB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIKICAgICAgICAgIHJlZGly ZWN0cyB0aGUgZW5kLXVzZXIncyB1c2VyLWFnZW50IGJhY2sgdG8gdGhlIGNsaWVudCB3aXRoIHRo ZSByZXF1aXJlZCBiaW5kaW5nIHZhbHVlCiAgICAgICAgICBjb250YWluZWQgaW4gdGhlIDx0dD5z dGF0ZTwvdHQ+IHBhcmFtZXRlci4gVGhlIGJpbmRpbmcgdmFsdWUgZW5hYmxlcwogICAgICAgICAg dGhlIGNsaWVudCB0byB2ZXJpZnkgdGhlIHZhbGlkaXR5IG9mIHRoZSByZXF1ZXN0IGJ5IG1hdGNo aW5nIHRoZSBiaW5kaW5nIHZhbHVlIHRvIHRoZQogICAgICAgICAgdXNlci1hZ2VudCdzIGF1dGhl bnRpY2F0ZWQgc3RhdGUuIFRoZSBiaW5kaW5nIHZhbHVlIHVzZWQgZm9yIENTUkYgcHJvdGVjdGlv biBNVVNUIGNvbnRhaW4KICAgICAgICAgIGEgbm9uLWd1ZXNzYWJsZSB2YWx1ZSAoYXMgZGVzY3Jp YmVkIGluIDxhIGNsYXNzPSdpbmZvJyBocmVmPScjYW50aHJvcHknPlNlY3Rpb24mbmJzcDsxMC4x MDxzcGFuPiAoPC9zcGFuPjxzcGFuIGNsYXNzPSdpbmZvJz5DcmVkZW50aWFscyBHdWVzc2luZyBB dHRhY2tzPC9zcGFuPjxzcGFuPik8L3NwYW4+PC9hPiksIGFuZCB0aGUgdXNlci1hZ2VudCdzCiAg ICAgICAgICBhdXRoZW50aWNhdGVkIHN0YXRlIChlLmcuIHNlc3Npb24gY29va2llLCBIVE1MNSBs b2NhbCBzdG9yYWdlKSBNVVNUIGJlIGtlcHQgaW4gYSBsb2NhdGlvbgogICAgICAgICAgYWNjZXNz aWJsZSBvbmx5IHRvIHRoZSBjbGllbnQgYW5kIHRoZSB1c2VyLWFnZW50IChpLmUuLCBwcm90ZWN0 ZWQgYnkgc2FtZS1vcmlnaW4gcG9saWN5KS4KICAgICAgICAKPC9wPgo8cD4KICAgICAgICAgIEEg Q1NSRiBhdHRhY2sgYWdhaW5zdCB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIncyBhdXRob3JpemF0 aW9uIGVuZHBvaW50IGNhbiByZXN1bHQgaW4gYW4KICAgICAgICAgIGF0dGFja2VyIG9idGFpbmlu ZyBlbmQtdXNlciBhdXRob3JpemF0aW9uIGZvciBhIG1hbGljaW91cyBjbGllbnQgd2l0aG91dCBp bnZvbHZpbmcgb3IKICAgICAgICAgIGFsZXJ0aW5nIHRoZSBlbmQtdXNlci4KICAgICAgICAKPC9w Pgo8cD4KICAgICAgICAgIFRoZSBhdXRob3JpemF0aW9uIHNlcnZlciBNVVNUIGltcGxlbWVudCBD U1JGIHByb3RlY3Rpb24gZm9yIGl0cyBhdXRob3JpemF0aW9uIGVuZHBvaW50LAogICAgICAgICAg YW5kIGVuc3VyZSB0aGF0IGEgbWFsaWNpb3VzIGNsaWVudCBjYW5ub3Qgb2J0YWluIGF1dGhvcml6 YXRpb24gd2l0aG91dCB0aGUgYXdhcmVuZXNzIGFuZAogICAgICAgICAgZXhwbGljaXQgY29uc2Vu dCBvZiB0aGUgcmVzb3VyY2Ugb3duZXIuCiAgICAgICAgCjwvcD4KPGEgbmFtZT0iYW5jaG9yNDQi PjwvYT48YnIgLz48aHIgLz4KPHRhYmxlIHN1bW1hcnk9ImxheW91dCIgY2VsbHBhZGRpbmc9IjAi IGNlbGxzcGFjaW5nPSIyIiBjbGFzcz0iVE9DYnVnIiBhbGlnbj0icmlnaHQiPjx0cj48dGQgY2xh c3M9IlRPQ2J1ZyI+PGEgaHJlZj0iI3RvYyI+Jm5ic3A7VE9DJm5ic3A7PC9hPjwvdGQ+PC90cj48 L3RhYmxlPgo8YSBuYW1lPSJyZmMuc2VjdGlvbi4xMC4xMyI+PC9hPjxoMz4xMC4xMy4mbmJzcDsK Q2xpY2tqYWNraW5nPC9oMz4KCjxwPgogICAgICAgICAgSW4gYSBjbGlja2phY2tpbmcgYXR0YWNr LCBhbiBhdHRhY2tlciByZWdpc3RlcnMgYSBsZWdpdGltYXRlIGNsaWVudCBhbmQgdGhlbiBjb25z dHJ1Y3RzIGEKICAgICAgICAgIG1hbGljaW91cyBzaXRlIGluIHdoaWNoIGl0IGxvYWRzIHRoZSBh dXRob3JpemF0aW9uIHNlcnZlcidzIGF1dGhvcml6YXRpb24gZW5kcG9pbnQgd2ViCiAgICAgICAg ICBwYWdlIGluIGEgdHJhbnNwYXJlbnQgaWZyYW1lIG92ZXJsYWlkIG9uIHRvcCBvZiBhIHNldCBv ZiBkdW1teSBidXR0b25zIHdoaWNoIGFyZQogICAgICAgICAgY2FyZWZ1bGx5IGNvbnN0cnVjdGVk IHRvIGJlIHBsYWNlZCBkaXJlY3RseSB1bmRlciBpbXBvcnRhbnQgYnV0dG9ucyBvbiB0aGUgYXV0 aG9yaXphdGlvbgogICAgICAgICAgcGFnZS4gV2hlbiBhbiBlbmQtdXNlciBjbGlja3MgYSBtaXNs ZWFkaW5nIHZpc2libGUgYnV0dG9uLCB0aGUgZW5kLXVzZXIgaXMgYWN0dWFsbHkKICAgICAgICAg IGNsaWNraW5nIGFuIGludmlzaWJsZSBidXR0b24gb24gdGhlIGF1dGhvcml6YXRpb24gcGFnZSAo c3VjaCBhcyBhbiAiQXV0aG9yaXplIiBidXR0b24pLgogICAgICAgICAgVGhpcyBhbGxvd3MgYW4g YXR0YWNrZXIgdG8gdHJpY2sgYSByZXNvdXJjZSBvd25lciBpbnRvIGdyYW50aW5nIGl0cyBjbGll bnQgYWNjZXNzIHdpdGhvdXQKICAgICAgICAgIHRoZWlyIGtub3dsZWRnZS4KICAgICAgICAKPC9w Pgo8cD4KICAgICAgICAgIFRvIHByZXZlbnQgdGhpcyBmb3JtIG9mIGF0dGFjaywgbmF0aXZlIGFw cGxpY2F0aW9ucyBTSE9VTEQgdXNlIGV4dGVybmFsIGJyb3dzZXJzIGluc3RlYWQKICAgICAgICAg IG9mIGVtYmVkZGluZyBicm93c2VycyB3aXRoaW4gdGhlIGFwcGxpY2F0aW9uIHdoZW4gcmVxdWVz dGluZyBlbmQtdXNlciBhdXRob3JpemF0aW9uLiBGb3IKICAgICAgICAgIG1vc3QgbmV3ZXIgYnJv d3NlcnMsIGF2b2lkYW5jZSBvZiBpZnJhbWVzIGNhbiBiZSBlbmZvcmNlZCBieSB0aGUgYXV0aG9y aXphdGlvbiBzZXJ2ZXIKICAgICAgICAgIHVzaW5nIHRoZSAobm9uLXN0YW5kYXJkKSA8dHQ+eC1m cmFtZS1vcHRpb25zPC90dD4gaGVhZGVyLiBUaGlzIGhlYWRlcgogICAgICAgICAgY2FuIGhhdmUg dHdvIHZhbHVlcywgPHR0PmRlbnk8L3R0PiBhbmQKICAgICAgICAgIDx0dD5zYW1lb3JpZ2luPC90 dD4sIHdoaWNoIHdpbGwgYmxvY2sgYW55IGZyYW1pbmcsIG9yIGZyYW1pbmcgYnkgc2l0ZXMKICAg ICAgICAgIHdpdGggYSBkaWZmZXJlbnQgb3JpZ2luLCByZXNwZWN0aXZlbHkuIEZvciBvbGRlciBi cm93c2VycywgSmF2YVNjcmlwdCBmcmFtZWJ1c3RpbmcKICAgICAgICAgIHRlY2huaXF1ZXMgY2Fu IGJlIHVzZWQgYnV0IG1heSBub3QgYmUgZWZmZWN0aXZlIGluIGFsbCBicm93c2Vycy4KICAgICAg ICAKPC9wPgo8YSBuYW1lPSJhbmNob3I0NSI+PC9hPjxiciAvPjxociAvPgo8dGFibGUgc3VtbWFy eT0ibGF5b3V0IiBjZWxscGFkZGluZz0iMCIgY2VsbHNwYWNpbmc9IjIiIGNsYXNzPSJUT0NidWci IGFsaWduPSJyaWdodCI+PHRyPjx0ZCBjbGFzcz0iVE9DYnVnIj48YSBocmVmPSIjdG9jIj4mbmJz cDtUT0MmbmJzcDs8L2E+PC90ZD48L3RyPjwvdGFibGU+CjxhIG5hbWU9InJmYy5zZWN0aW9uLjEw LjE0Ij48L2E+PGgzPjEwLjE0LiZuYnNwOwpDb2RlIEluamVjdGlvbiBhbmQgSW5wdXQgVmFsaWRh dGlvbjwvaDM+Cgo8cD4KICAgICAgICAgIEEgY29kZSBpbmplY3Rpb24gYXR0YWNrIG9jY3VycyB3 aGVuIGFuIGlucHV0IG9yIG90aGVyd2lzZSBleHRlcm5hbCB2YXJpYWJsZSBpcyB1c2VkIGJ5IGFu CiAgICAgICAgICBhcHBsaWNhdGlvbiB1bnNhbml0aXplZCBhbmQgY2F1c2VzIG1vZGlmaWNhdGlv biB0byB0aGUgYXBwbGljYXRpb24gbG9naWMuIFRoaXMgbWF5IGFsbG93CiAgICAgICAgICBhbiBh dHRhY2tlciB0byBnYWluIGFjY2VzcyB0byB0aGUgYXBwbGljYXRpb24gZGV2aWNlIG9yIGl0cyBk YXRhLCBjYXVzZSBkZW5pYWwgb2YKICAgICAgICAgIHNlcnZpY2UsIG9yIGEgd2lkZSByYW5nZSBv ZiBtYWxpY2lvdXMgc2lkZS1lZmZlY3RzLgogICAgICAgIAo8L3A+CjxwPgogICAgICAgICAgVGhl IEF1dGhvcml6YXRpb24gc2VydmVyIGFuZCBjbGllbnQgTVVTVCBzYW5pdGl6ZSAoYW5kIHZhbGlk YXRlIHdoZW4gcG9zc2libGUpIGFueSB2YWx1ZQogICAgICAgICAgcmVjZWl2ZWQsIGluIHBhcnRp Y3VsYXIsIHRoZSB2YWx1ZSBvZiB0aGUgPHR0PnN0YXRlPC90dD4gYW5kCiAgICAgICAgICA8dHQ+ cmVkaXJlY3RfdXJpPC90dD4gcGFyYW1ldGVycy4KICAgICAgICAKPC9wPgo8YSBuYW1lPSJvcGVu LXJlZGlyZWN0Ij48L2E+PGJyIC8+PGhyIC8+Cjx0YWJsZSBzdW1tYXJ5PSJsYXlvdXQiIGNlbGxw YWRkaW5nPSIwIiBjZWxsc3BhY2luZz0iMiIgY2xhc3M9IlRPQ2J1ZyIgYWxpZ249InJpZ2h0Ij48 dHI+PHRkIGNsYXNzPSJUT0NidWciPjxhIGhyZWY9IiN0b2MiPiZuYnNwO1RPQyZuYnNwOzwvYT48 L3RkPjwvdHI+PC90YWJsZT4KPGEgbmFtZT0icmZjLnNlY3Rpb24uMTAuMTUiPjwvYT48aDM+MTAu MTUuJm5ic3A7Ck9wZW4gUmVkaXJlY3RvcnM8L2gzPgoKPHA+CiAgICAgICAgICBUaGUgYXV0aG9y aXphdGlvbiBzZXJ2ZXIgYXV0aG9yaXphdGlvbiBlbmRwb2ludCBhbmQgdGhlIGNsaWVudCByZWRp cmVjdGlvbiBlbmRwb2ludCBjYW4KICAgICAgICAgIGJlIGltcHJvcGVybHkgY29uZmlndXJlZCBh bmQgb3BlcmF0ZSBhcyBvcGVuIHJlZGlyZWN0b3JzLiBBbiBvcGVuIHJlZGlyZWN0b3IgaXMgYW4K ICAgICAgICAgIGVuZHBvaW50IHVzaW5nIGEgcGFyYW1ldGVyIHRvIGF1dG9tYXRpY2FsbHkgcmVk aXJlY3QgYSB1c2VyLWFnZW50IHRvIHRoZSBsb2NhdGlvbgogICAgICAgICAgc3BlY2lmaWVkIGJ5 IHRoZSBwYXJhbWV0ZXIgdmFsdWUgd2l0aG91dCBhbnkgdmFsaWRhdGlvbi4KICAgICAgICAKPC9w Pgo8cD4KICAgICAgICAgIE9wZW4gcmVkaXJlY3RvcnMgY2FuIGJlIHVzZWQgaW4gcGhpc2hpbmcg YXR0YWNrcywgb3IgYnkgYW4gYXR0YWNrZXIgdG8gZ2V0IGVuZC11c2VycyB0bwogICAgICAgICAg dmlzaXQgbWFsaWNpb3VzIHNpdGVzIGJ5IG1ha2luZyB0aGUgVVJJJ3MgYXV0aG9yaXR5IGxvb2sg bGlrZSBhIGZhbWlsaWFyIGFuZCB0cnVzdGVkCiAgICAgICAgICBkZXN0aW5hdGlvbi4gSW4gYWRk aXRpb24sIGlmIHRoZSBhdXRob3JpemF0aW9uIHNlcnZlciBhbGxvd3MgdGhlIGNsaWVudCB0byBy ZWdpc3RlciBvbmx5CiAgICAgICAgICBwYXJ0IG9mIHRoZSByZWRpcmVjdGlvbiBVUkksIGFuIGF0 dGFja2VyIGNhbiB1c2UgYW4gb3BlbiByZWRpcmVjdG9yIG9wZXJhdGVkIGJ5IHRoZQogICAgICAg ICAgY2xpZW50IHRvIGNvbnN0cnVjdCBhIHJlZGlyZWN0aW9uIFVSSSB0aGF0IHdpbGwgcGFzcyB0 aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgdmFsaWRhdGlvbgogICAgICAgICAgYnV0IHdpbGwgc2Vu ZCB0aGUgYXV0aG9yaXphdGlvbiBjb2RlIG9yIGFjY2VzcyB0b2tlbiB0byBhbiBlbmRwb2ludCB1 bmRlciB0aGUgY29udHJvbCBvZgogICAgICAgICAgdGhlIGF0dGFja2VyLgogICAgICAgIAo8L3A+ CjxhIG5hbWU9ImFuY2hvcjQ2Ij48L2E+PGJyIC8+PGhyIC8+Cjx0YWJsZSBzdW1tYXJ5PSJsYXlv dXQiIGNlbGxwYWRkaW5nPSIwIiBjZWxsc3BhY2luZz0iMiIgY2xhc3M9IlRPQ2J1ZyIgYWxpZ249 InJpZ2h0Ij48dHI+PHRkIGNsYXNzPSJUT0NidWciPjxhIGhyZWY9IiN0b2MiPiZuYnNwO1RPQyZu YnNwOzwvYT48L3RkPjwvdHI+PC90YWJsZT4KPGEgbmFtZT0icmZjLnNlY3Rpb24uMTAuMTYiPjwv YT48aDM+MTAuMTYuJm5ic3A7Ck1pc3VzZSBvZiBBY2Nlc3MgVG9rZW4gdG8gSW1wZXJzb25hdGUg UmVzb3VyY2UgT3duZXIgYXQgUHVibGljIENsaWVudDwvaDM+Cgo8cD4KCSAgRm9yIHB1YmxpYyBj bGllbnRzIHVzaW5nIGltcGxpY2l0IGZsb3dzLCB0aGlzIHNwZWNpZmljYXRpb24gZG9lcyBub3Qg cHJvdmlkZSBhbnkKCSAgbWV0aG9kIGZvciB0aGUgY2xpZW50IHRvIGRldGVybWluZSB3aGF0IGNs aWVudCBhbiBhY2Nlc3MgdG9rZW4gd2FzIGlzc3VlZCB0by4KCQo8L3A+CjxwPgoJICBBIFJlc291 cmNlIE93bmVyIG1heSB3aWxsaW5nbHkgZGVsZWdhdGUgYWNjZXNzIHRvIGEgcmVzb3VyY2UgYnkg Z3JhbnRpbmcgYW4gYWNjZXNzIHRva2VuCiAgICAgICAgICB0byBhbiBhdHRhY2tlcidzIG1hbGlj aW91cyBjbGllbnQuICBUaGlzIG1heSBiZSBkdWUgdG8gUGhpc2hpbmcgb3Igc29tZSBvdGhlciBw cmV0ZXh0LgoJICBBbiBhdHRhY2tlciBtYXkgYWxzbyBzdGVhbCBhIHRva2VuIHZpYSBzb21lIG90 aGVyIG1lY2hhbmlzbS4gICAKCSAgQW4gYXR0YWNrZXIgbWF5IHRoZW4gYXR0ZW1wdCB0byBpbXBl cnNvbmF0ZSB0aGUgcmVzb3VyY2Ugb3duZXIgYnkgcHJvdmlkaW5nIHRoZSAKCSAgYWNjZXNzIHRv a2VuIHRvIGEgbGVnaXRpbWF0ZSBwdWJsaWMgY2xpZW50LgoJCjwvcD4KPHA+CgkgIEluIHRoZSBp bXBsaWNpdCBmbG93IChyZXNwb25zZV90eXBlPXRva2VuKSwgdGhlIGF0dGFja2VyIGNhbiBlYXNp bHkgc3dpdGNoIHRoZSB0b2tlbgoJICBpbiB0aGUgcmVzcG9uc2UgZnJvbSB0aGUgYXV0aG9yaXph dGlvbiBzZXJ2ZXIsCgkgIHJlcGxhY2luZyB0aGUgcmVhbCBhY2Nlc3NfdG9rZW4gd2l0aCB0aGUg b25lIHByZXZpb3VzbHkgaXNzdWVkIHRvIHRoZSBhdHRhY2tlci4KCQo8L3A+CjxwPgoJICBTZXJ2 ZXJzIGNvbW11bmljYXRpbmcgd2l0aCBuYXRpdmUgYXBwbGljYXRpb25zIHRoYXQgcmVseSBvbiBi ZWluZyBwYXNzZWQKCSAgYW4gYWNjZXNzIHRva2VuIGluIHRoZSBiYWNrIGNoYW5uZWwgdG8gaWRl bnRpZnkgdGhlIHVzZXIgb2YgdGhlIGNsaWVudCBtYXkgCgkgIGJlIHNpbWlsYXJseSBjb21wcm9t aXNlZCBieSBhbiBhdHRhY2tlciBjcmVhdGluZyBhIGNvbXByb21pc2VkIGFwcGxpY2F0aW9uCgkg IHRoYXQgY2FuIGluamVjdCBhcmJpdHJhcnkgc3RvbGVuIGFjY2VzcyB0b2tlbnMuCgkKPC9wPgo8 cD4KCSAgQW55IHB1YmxpYyBjbGllbnQgdGhhdCBtYWtlcyB0aGUgYXNzdW1wdGlvbiB0aGF0IG9u bHkgdGhlIHJlc291cmNlIG93bmVyCgkgIGNhbiBwcmVzZW50IHRoZW0gd2l0aCBhIHZhbGlkIGFj Y2VzcyB0b2tlbiBmb3IgdGhlIHJlc291cmNlCgkgIGlzIHZ1bG5lcmFibGUgdG8gdGhpcyBhdHRh Y2suCiAgICAgICAgCjwvcD4KPHA+CgkgIFRoaXMgYXR0YWNrIG1heSBleHBvc2UgaW5mb3JtYXRp b24gYWJvdXQgdGhlIHJlc291cmNlIG93bmVyCgkgIGF0IHRoZSBsZWdpdGltYXRlIGNsaWVudCB0 byB0aGUgYXR0YWNrZXIgKG1hbGljaW91cyBjbGllbnQpLgoJICBUaGlzIHdpbGwgYWxzbyBhbGxv dyB0aGUgYXR0YWNrZXIgdG8gcGVyZm9ybSBvcGVyYXRpb25zCgkgIGF0IHRoZSBsZWdpdGltYXRl IGNsaWVudCB3aXRoIHRoZSBzYW1lIHBlcm1pc3Npb25zIGFzIHRoZSByZXNvdXJjZSBvd25lcgoJ ICB3aG8gb3JpZ2luYWxseSBncmFudGVkIHRoZSBhY2Nlc3MgdG9rZW4gb3IgYXV0aG9yaXphdGlv biBjb2RlLgoJCjwvcD4KPHA+CgkgIEF1dGhlbnRpY2F0aW5nIFJlc291cmNlIE93bmVycyB0byBj bGllbnRzIGlzIG91dCBvZiBzY29wZSBmb3IgdGhpcyBzcGVjaWZpY2F0aW9uLgoJICBBbnkgc3Bl Y2lmaWNhdGlvbiB0aGF0IHVzZXMgdGhlIGF1dGhvcml6YXRpb24gcHJvY2VzcyBhcyBhIGZvcm0g b2YKCSAgZGVsZWdhdGVkIGVuZC11c2VyIGF1dGhlbnRpY2F0aW9uIHRvIHRoZSBjbGllbnQgKGUu Zy4gdGhpcmQtcGFydHkgc2lnbi1pbiBzZXJ2aWNlKQoJICBNVVNUIE5PVCB1c2UgdGhlIGltcGxp Y2l0IGZsb3cgd2l0aG91dCBhZGRpdGlvbmFsIHNlY3VyaXR5IG1lY2hhbmlzbXMKCSAgc3VjaCBh cyBhdWRpZW5jZSByZXN0cmljdGluZyB0aGUgYWNjZXNzIHRva2VuCgkgIHRoYXQgZW5hYmxlIHRo ZSBjbGllbnQgdG8gZGV0ZXJtaW5lIGlmIHRoZSBhY2Nlc3MgdG9rZW4gd2FzIGlzc3VlZCBmb3Ig aXRzIHVzZS4KCQo8L3A+CjxhIG5hbWU9ImFuY2hvcjQ3Ij48L2E+PGJyIC8+PGhyIC8+Cjx0YWJs ZSBzdW1tYXJ5PSJsYXlvdXQiIGNlbGxwYWRkaW5nPSIwIiBjZWxsc3BhY2luZz0iMiIgY2xhc3M9 IlRPQ2J1ZyIgYWxpZ249InJpZ2h0Ij48dHI+PHRkIGNsYXNzPSJUT0NidWciPjxhIGhyZWY9IiN0 b2MiPiZuYnNwO1RPQyZuYnNwOzwvYT48L3RkPjwvdHI+PC90YWJsZT4KPGEgbmFtZT0icmZjLnNl Y3Rpb24uMTEiPjwvYT48aDM+MTEuJm5ic3A7CklBTkEgQ29uc2lkZXJhdGlvbnM8L2gzPgoKPGEg bmFtZT0idHlwZS1yZWdpc3RyeSI+PC9hPjxiciAvPjxociAvPgo8dGFibGUgc3VtbWFyeT0ibGF5 b3V0IiBjZWxscGFkZGluZz0iMCIgY2VsbHNwYWNpbmc9IjIiIGNsYXNzPSJUT0NidWciIGFsaWdu PSJyaWdodCI+PHRyPjx0ZCBjbGFzcz0iVE9DYnVnIj48YSBocmVmPSIjdG9jIj4mbmJzcDtUT0Mm bmJzcDs8L2E+PC90ZD48L3RyPjwvdGFibGU+CjxhIG5hbWU9InJmYy5zZWN0aW9uLjExLjEiPjwv YT48aDM+MTEuMS4mbmJzcDsKVGhlIE9BdXRoIEFjY2VzcyBUb2tlbiBUeXBlIFJlZ2lzdHJ5PC9o Mz4KCjxwPgogICAgICAgICAgVGhpcyBzcGVjaWZpY2F0aW9uIGVzdGFibGlzaGVzIHRoZSBPQXV0 aCBhY2Nlc3MgdG9rZW4gdHlwZSByZWdpc3RyeS4KICAgICAgICAKPC9wPgo8cD4KICAgICAgICAg IEFjY2VzcyB0b2tlbiB0eXBlcyBhcmUgcmVnaXN0ZXJlZCB3aXRoIGEgU3BlY2lmaWNhdGlvbiBS ZXF1aXJlZAogICAgICAgICAgKDxhIGNsYXNzPSdpbmZvJyBocmVmPScjUkZDNTIyNic+W1JGQzUy MjZdPHNwYW4+ICg8L3NwYW4+PHNwYW4gY2xhc3M9J2luZm8nPk5hcnRlbiwgVC4gYW5kIEguIEFs dmVzdHJhbmQsICZsZHF1bztHdWlkZWxpbmVzIGZvciBXcml0aW5nIGFuIElBTkEgQ29uc2lkZXJh dGlvbnMgU2VjdGlvbiBpbiBSRkNzLCZyZHF1bzsgTWF5Jm5ic3A7MjAwOC48L3NwYW4+PHNwYW4+ KTwvc3Bhbj48L2E+KSBhZnRlciBhIHR3byB3ZWVrIHJldmlldyBwZXJpb2Qgb24gdGhlIFtUQkRd QGlldGYub3JnIG1haWxpbmcKICAgICAgICAgIGxpc3QsIG9uIHRoZSBhZHZpY2Ugb2Ygb25lIG9y IG1vcmUgRGVzaWduYXRlZCBFeHBlcnRzLiBIb3dldmVyLCB0byBhbGxvdyBmb3IgdGhlCiAgICAg ICAgICBhbGxvY2F0aW9uIG9mIHZhbHVlcyBwcmlvciB0byBwdWJsaWNhdGlvbiwgdGhlIERlc2ln bmF0ZWQgRXhwZXJ0KHMpIG1heSBhcHByb3ZlCiAgICAgICAgICByZWdpc3RyYXRpb24gb25jZSB0 aGV5IGFyZSBzYXRpc2ZpZWQgdGhhdCBzdWNoIGEgc3BlY2lmaWNhdGlvbiB3aWxsIGJlIHB1Ymxp c2hlZC4KICAgICAgICAKPC9wPgo8cD4KICAgICAgICAgIFJlZ2lzdHJhdGlvbiByZXF1ZXN0cyBt dXN0IGJlIHNlbnQgdG8gdGhlIFtUQkRdQGlldGYub3JnIG1haWxpbmcgbGlzdCBmb3IgcmV2aWV3 IGFuZAogICAgICAgICAgY29tbWVudCwgd2l0aCBhbiBhcHByb3ByaWF0ZSBzdWJqZWN0IChlLmcu LCAiUmVxdWVzdCBmb3IgYWNjZXNzIHRva2VuIHR5cGU6IGV4YW1wbGUiKS4KICAgICAgICAgIFtb IE5vdGUgdG8gUkZDLUVESVRPUjogVGhlIG5hbWUgb2YgdGhlIG1haWxpbmcgbGlzdCBzaG91bGQg YmUgZGV0ZXJtaW5lZCBpbiBjb25zdWx0YXRpb24KICAgICAgICAgIHdpdGggdGhlIElFU0cgYW5k IElBTkEuIFN1Z2dlc3RlZCBuYW1lOiBvYXV0aC1leHQtcmV2aWV3LiBdXQogICAgICAgIAo8L3A+ CjxwPgogICAgICAgICAgV2l0aGluIHRoZSByZXZpZXcgcGVyaW9kLCB0aGUgRGVzaWduYXRlZCBF eHBlcnQocykgd2lsbCBlaXRoZXIgYXBwcm92ZSBvcgogICAgICAgICAgZGVueSB0aGUgcmVnaXN0 cmF0aW9uIHJlcXVlc3QsIGNvbW11bmljYXRpbmcgdGhpcyBkZWNpc2lvbiB0byB0aGUgcmV2aWV3 IGxpc3QgYW5kIElBTkEuCiAgICAgICAgICBEZW5pYWxzIHNob3VsZCBpbmNsdWRlIGFuIGV4cGxh bmF0aW9uIGFuZCwgaWYgYXBwbGljYWJsZSwgc3VnZ2VzdGlvbnMgYXMgdG8gaG93IHRvIG1ha2UK ICAgICAgICAgIHRoZSByZXF1ZXN0IHN1Y2Nlc3NmdWwuCiAgICAgICAgCjwvcD4KPHA+CiAgICAg ICAgICBJQU5BIG11c3Qgb25seSBhY2NlcHQgcmVnaXN0cnkgdXBkYXRlcyBmcm9tIHRoZSBEZXNp Z25hdGVkIEV4cGVydChzKSwgYW5kIHNob3VsZCBkaXJlY3QKICAgICAgICAgIGFsbCByZXF1ZXN0 cyBmb3IgcmVnaXN0cmF0aW9uIHRvIHRoZSByZXZpZXcgbWFpbGluZyBsaXN0LgogICAgICAgIAo8 L3A+CjxhIG5hbWU9ImFuY2hvcjQ4Ij48L2E+PGJyIC8+PGhyIC8+Cjx0YWJsZSBzdW1tYXJ5PSJs YXlvdXQiIGNlbGxwYWRkaW5nPSIwIiBjZWxsc3BhY2luZz0iMiIgY2xhc3M9IlRPQ2J1ZyIgYWxp Z249InJpZ2h0Ij48dHI+PHRkIGNsYXNzPSJUT0NidWciPjxhIGhyZWY9IiN0b2MiPiZuYnNwO1RP QyZuYnNwOzwvYT48L3RkPjwvdHI+PC90YWJsZT4KPGEgbmFtZT0icmZjLnNlY3Rpb24uMTEuMS4x Ij48L2E+PGgzPjExLjEuMS4mbmJzcDsKUmVnaXN0cmF0aW9uIFRlbXBsYXRlPC9oMz4KCjxwPgog ICAgICAgICAgICA8L3A+CjxibG9ja3F1b3RlIGNsYXNzPSJ0ZXh0Ij48ZGw+CjxkdD5UeXBlIG5h bWU6PC9kdD4KPGRkPgogICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICBUaGUgbmFtZSBy ZXF1ZXN0ZWQgKGUuZy4sICJleGFtcGxlIikuCiAgICAgICAgICAgICAgCjwvZGQ+CjxkdD5BZGRp dGlvbmFsIFRva2VuIEVuZHBvaW50IFJlc3BvbnNlIFBhcmFtZXRlcnM6PC9kdD4KPGRkPgogICAg ICAgICAgICAgICAgCiAgICAgICAgICAgICAgICBBZGRpdGlvbmFsIHJlc3BvbnNlIHBhcmFtZXRl cnMgcmV0dXJuZWQgdG9nZXRoZXIgd2l0aCB0aGUKICAgICAgICAgICAgICAgIDx0dD5hY2Nlc3Nf dG9rZW48L3R0PiBwYXJhbWV0ZXIuIE5ldyBwYXJhbWV0ZXJzIE1VU1QgYmUKICAgICAgICAgICAg ICAgIHNlcGFyYXRlbHkgcmVnaXN0ZXJlZCBpbiB0aGUgT0F1dGggcGFyYW1ldGVycyByZWdpc3Ry eSBhcyBkZXNjcmliZWQgYnkKICAgICAgICAgICAgICAgIDxhIGNsYXNzPSdpbmZvJyBocmVmPScj cGFyYW1ldGVycy1yZWdpc3RyeSc+U2VjdGlvbiZuYnNwOzExLjI8c3Bhbj4gKDwvc3Bhbj48c3Bh biBjbGFzcz0naW5mbyc+VGhlIE9BdXRoIFBhcmFtZXRlcnMgUmVnaXN0cnk8L3NwYW4+PHNwYW4+ KTwvc3Bhbj48L2E+LgogICAgICAgICAgICAgIAo8L2RkPgo8ZHQ+SFRUUCBBdXRoZW50aWNhdGlv biBTY2hlbWUocyk6PC9kdD4KPGRkPgogICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICBU aGUgSFRUUCBhdXRoZW50aWNhdGlvbiBzY2hlbWUgbmFtZShzKSwgaWYgYW55LCB1c2VkIHRvIGF1 dGhlbnRpY2F0ZSBwcm90ZWN0ZWQKICAgICAgICAgICAgICAgIHJlc291cmNlcyByZXF1ZXN0cyB1 c2luZyBhY2Nlc3MgdG9rZW5zIG9mIHRoaXMgdHlwZS4KICAgICAgICAgICAgICAKPC9kZD4KPGR0 PkNoYW5nZSBjb250cm9sbGVyOjwvZHQ+CjxkZD4KICAgICAgICAgICAgICAgIAogICAgICAgICAg ICAgICAgRm9yIHN0YW5kYXJkcy10cmFjayBSRkNzLCBzdGF0ZSAiSUVURiIuIEZvciBvdGhlcnMs IGdpdmUgdGhlIG5hbWUgb2YgdGhlCiAgICAgICAgICAgICAgICByZXNwb25zaWJsZSBwYXJ0eS4g T3RoZXIgZGV0YWlscyAoZS5nLiwgcG9zdGFsIGFkZHJlc3MsIGUtbWFpbCBhZGRyZXNzLCBob21l IHBhZ2UKICAgICAgICAgICAgICAgIFVSSSkgbWF5IGFsc28gYmUgaW5jbHVkZWQuCiAgICAgICAg ICAgICAgCjwvZGQ+CjxkdD5TcGVjaWZpY2F0aW9uIGRvY3VtZW50KHMpOjwvZHQ+CjxkZD4KICAg ICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgUmVmZXJlbmNlIHRvIHRoZSBkb2N1bWVudCB0 aGF0IHNwZWNpZmllcyB0aGUgcGFyYW1ldGVyLCBwcmVmZXJhYmx5IGluY2x1ZGluZyBhIFVSSSB0 aGF0CiAgICAgICAgICAgICAgICBjYW4gYmUgdXNlZCB0byByZXRyaWV2ZSBhIGNvcHkgb2YgdGhl IGRvY3VtZW50LiBBbiBpbmRpY2F0aW9uIG9mIHRoZSByZWxldmFudAogICAgICAgICAgICAgICAg c2VjdGlvbnMgbWF5IGFsc28gYmUgaW5jbHVkZWQsIGJ1dCBpcyBub3QgcmVxdWlyZWQuCiAgICAg ICAgICAgICAgCjwvZGQ+CjwvZGw+PC9ibG9ja3F1b3RlPjxwPgogICAgICAgICAgCjwvcD4KPGEg bmFtZT0icGFyYW1ldGVycy1yZWdpc3RyeSI+PC9hPjxiciAvPjxociAvPgo8dGFibGUgc3VtbWFy eT0ibGF5b3V0IiBjZWxscGFkZGluZz0iMCIgY2VsbHNwYWNpbmc9IjIiIGNsYXNzPSJUT0NidWci IGFsaWduPSJyaWdodCI+PHRyPjx0ZCBjbGFzcz0iVE9DYnVnIj48YSBocmVmPSIjdG9jIj4mbmJz cDtUT0MmbmJzcDs8L2E+PC90ZD48L3RyPjwvdGFibGU+CjxhIG5hbWU9InJmYy5zZWN0aW9uLjEx LjIiPjwvYT48aDM+MTEuMi4mbmJzcDsKVGhlIE9BdXRoIFBhcmFtZXRlcnMgUmVnaXN0cnk8L2gz PgoKPHA+CiAgICAgICAgICBUaGlzIHNwZWNpZmljYXRpb24gZXN0YWJsaXNoZXMgdGhlIE9BdXRo IHBhcmFtZXRlcnMgcmVnaXN0cnkuCiAgICAgICAgCjwvcD4KPHA+CiAgICAgICAgICBBZGRpdGlv bmFsIHBhcmFtZXRlcnMgZm9yIGluY2x1c2lvbiBpbiB0aGUgYXV0aG9yaXphdGlvbiBlbmRwb2lu dCByZXF1ZXN0LCB0aGUKICAgICAgICAgIGF1dGhvcml6YXRpb24gZW5kcG9pbnQgcmVzcG9uc2Us IHRoZSB0b2tlbiBlbmRwb2ludCByZXF1ZXN0LCBvciB0aGUgdG9rZW4gZW5kcG9pbnQKICAgICAg ICAgIHJlc3BvbnNlIGFyZSByZWdpc3RlcmVkIHdpdGggYSBTcGVjaWZpY2F0aW9uIFJlcXVpcmVk CiAgICAgICAgICAoPGEgY2xhc3M9J2luZm8nIGhyZWY9JyNSRkM1MjI2Jz5bUkZDNTIyNl08c3Bh bj4gKDwvc3Bhbj48c3BhbiBjbGFzcz0naW5mbyc+TmFydGVuLCBULiBhbmQgSC4gQWx2ZXN0cmFu ZCwgJmxkcXVvO0d1aWRlbGluZXMgZm9yIFdyaXRpbmcgYW4gSUFOQSBDb25zaWRlcmF0aW9ucyBT ZWN0aW9uIGluIFJGQ3MsJnJkcXVvOyBNYXkmbmJzcDsyMDA4Ljwvc3Bhbj48c3Bhbj4pPC9zcGFu PjwvYT4pIGFmdGVyIGEgdHdvIHdlZWsgcmV2aWV3IHBlcmlvZCBvbiB0aGUgW1RCRF1AaWV0Zi5v cmcgbWFpbGluZwogICAgICAgICAgbGlzdCwgb24gdGhlIGFkdmljZSBvZiBvbmUgb3IgbW9yZSBE ZXNpZ25hdGVkIEV4cGVydHMuIEhvd2V2ZXIsIHRvIGFsbG93IGZvciB0aGUKICAgICAgICAgIGFs bG9jYXRpb24gb2YgdmFsdWVzIHByaW9yIHRvIHB1YmxpY2F0aW9uLCB0aGUgRGVzaWduYXRlZCBF eHBlcnQocykgbWF5IGFwcHJvdmUKICAgICAgICAgIHJlZ2lzdHJhdGlvbiBvbmNlIHRoZXkgYXJl IHNhdGlzZmllZCB0aGF0IHN1Y2ggYSBzcGVjaWZpY2F0aW9uIHdpbGwgYmUgcHVibGlzaGVkLgog ICAgICAgIAo8L3A+CjxwPgogICAgICAgICAgUmVnaXN0cmF0aW9uIHJlcXVlc3RzIG11c3QgYmUg c2VudCB0byB0aGUgW1RCRF1AaWV0Zi5vcmcgbWFpbGluZyBsaXN0IGZvciByZXZpZXcgYW5kCiAg ICAgICAgICBjb21tZW50LCB3aXRoIGFuIGFwcHJvcHJpYXRlIHN1YmplY3QgKGUuZy4sICJSZXF1 ZXN0IGZvciBwYXJhbWV0ZXI6IGV4YW1wbGUiKS4KICAgICAgICAgIFtbIE5vdGUgdG8gUkZDLUVE SVRPUjogVGhlIG5hbWUgb2YgdGhlIG1haWxpbmcgbGlzdCBzaG91bGQgYmUgZGV0ZXJtaW5lZCBp biBjb25zdWx0YXRpb24KICAgICAgICAgIHdpdGggdGhlIElFU0cgYW5kIElBTkEuIFN1Z2dlc3Rl ZCBuYW1lOiBvYXV0aC1leHQtcmV2aWV3LiBdXQogICAgICAgIAo8L3A+CjxwPgogICAgICAgICAg V2l0aGluIHRoZSByZXZpZXcgcGVyaW9kLCB0aGUgRGVzaWduYXRlZCBFeHBlcnQocykgd2lsbCBl aXRoZXIgYXBwcm92ZSBvcgogICAgICAgICAgZGVueSB0aGUgcmVnaXN0cmF0aW9uIHJlcXVlc3Qs IGNvbW11bmljYXRpbmcgdGhpcyBkZWNpc2lvbiB0byB0aGUgcmV2aWV3IGxpc3QgYW5kIElBTkEu CiAgICAgICAgICBEZW5pYWxzIHNob3VsZCBpbmNsdWRlIGFuIGV4cGxhbmF0aW9uIGFuZCwgaWYg YXBwbGljYWJsZSwgc3VnZ2VzdGlvbnMgYXMgdG8gaG93IHRvIG1ha2UKICAgICAgICAgIHRoZSBy ZXF1ZXN0IHN1Y2Nlc3NmdWwuCiAgICAgICAgCjwvcD4KPHA+CiAgICAgICAgICBJQU5BIG11c3Qg b25seSBhY2NlcHQgcmVnaXN0cnkgdXBkYXRlcyBmcm9tIHRoZSBEZXNpZ25hdGVkIEV4cGVydChz KSwgYW5kIHNob3VsZCBkaXJlY3QKICAgICAgICAgIGFsbCByZXF1ZXN0cyBmb3IgcmVnaXN0cmF0 aW9uIHRvIHRoZSByZXZpZXcgbWFpbGluZyBsaXN0LgogICAgICAgIAo8L3A+CjxhIG5hbWU9ImFu Y2hvcjQ5Ij48L2E+PGJyIC8+PGhyIC8+Cjx0YWJsZSBzdW1tYXJ5PSJsYXlvdXQiIGNlbGxwYWRk aW5nPSIwIiBjZWxsc3BhY2luZz0iMiIgY2xhc3M9IlRPQ2J1ZyIgYWxpZ249InJpZ2h0Ij48dHI+ PHRkIGNsYXNzPSJUT0NidWciPjxhIGhyZWY9IiN0b2MiPiZuYnNwO1RPQyZuYnNwOzwvYT48L3Rk PjwvdHI+PC90YWJsZT4KPGEgbmFtZT0icmZjLnNlY3Rpb24uMTEuMi4xIj48L2E+PGgzPjExLjIu MS4mbmJzcDsKUmVnaXN0cmF0aW9uIFRlbXBsYXRlPC9oMz4KCjxwPgogICAgICAgICAgICA8L3A+ CjxibG9ja3F1b3RlIGNsYXNzPSJ0ZXh0Ij48ZGw+CjxkdD5QYXJhbWV0ZXIgbmFtZTo8L2R0Pgo8 ZGQ+CiAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgIFRoZSBuYW1lIHJlcXVlc3RlZCAo ZS5nLiwgImV4YW1wbGUiKS4KICAgICAgICAgICAgICAKPC9kZD4KPGR0PlBhcmFtZXRlciB1c2Fn ZSBsb2NhdGlvbjo8L2R0Pgo8ZGQ+CiAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgIFRo ZSBsb2NhdGlvbihzKSB3aGVyZSBwYXJhbWV0ZXIgY2FuIGJlIHVzZWQuIFRoZSBwb3NzaWJsZSBs b2NhdGlvbnMgYXJlOgogICAgICAgICAgICAgICAgYXV0aG9yaXphdGlvbiByZXF1ZXN0LCBhdXRo b3JpemF0aW9uIHJlc3BvbnNlLCB0b2tlbiByZXF1ZXN0LCBvciB0b2tlbiByZXNwb25zZS4KICAg ICAgICAgICAgICAKPC9kZD4KPGR0PkNoYW5nZSBjb250cm9sbGVyOjwvZHQ+CjxkZD4KICAgICAg ICAgICAgICAgIAogICAgICAgICAgICAgICAgRm9yIHN0YW5kYXJkcy10cmFjayBSRkNzLCBzdGF0 ZSAiSUVURiIuIEZvciBvdGhlcnMsIGdpdmUgdGhlIG5hbWUgb2YgdGhlCiAgICAgICAgICAgICAg ICByZXNwb25zaWJsZSBwYXJ0eS4gT3RoZXIgZGV0YWlscyAoZS5nLiwgcG9zdGFsIGFkZHJlc3Ms IGUtbWFpbCBhZGRyZXNzLCBob21lIHBhZ2UKICAgICAgICAgICAgICAgIFVSSSkgbWF5IGFsc28g YmUgaW5jbHVkZWQuCiAgICAgICAgICAgICAgCjwvZGQ+CjxkdD5TcGVjaWZpY2F0aW9uIGRvY3Vt ZW50KHMpOjwvZHQ+CjxkZD4KICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgUmVmZXJl bmNlIHRvIHRoZSBkb2N1bWVudCB0aGF0IHNwZWNpZmllcyB0aGUgcGFyYW1ldGVyLCBwcmVmZXJh Ymx5IGluY2x1ZGluZyBhIFVSSSB0aGF0CiAgICAgICAgICAgICAgICBjYW4gYmUgdXNlZCB0byBy ZXRyaWV2ZSBhIGNvcHkgb2YgdGhlIGRvY3VtZW50LiBBbiBpbmRpY2F0aW9uIG9mIHRoZSByZWxl dmFudAogICAgICAgICAgICAgICAgc2VjdGlvbnMgbWF5IGFsc28gYmUgaW5jbHVkZWQsIGJ1dCBp cyBub3QgcmVxdWlyZWQuCiAgICAgICAgICAgICAgCjwvZGQ+CjwvZGw+PC9ibG9ja3F1b3RlPjxw PgogICAgICAgICAgCjwvcD4KPGEgbmFtZT0iYW5jaG9yNTAiPjwvYT48YnIgLz48aHIgLz4KPHRh YmxlIHN1bW1hcnk9ImxheW91dCIgY2VsbHBhZGRpbmc9IjAiIGNlbGxzcGFjaW5nPSIyIiBjbGFz cz0iVE9DYnVnIiBhbGlnbj0icmlnaHQiPjx0cj48dGQgY2xhc3M9IlRPQ2J1ZyI+PGEgaHJlZj0i I3RvYyI+Jm5ic3A7VE9DJm5ic3A7PC9hPjwvdGQ+PC90cj48L3RhYmxlPgo8YSBuYW1lPSJyZmMu c2VjdGlvbi4xMS4yLjIiPjwvYT48aDM+MTEuMi4yLiZuYnNwOwpJbml0aWFsIFJlZ2lzdHJ5IENv bnRlbnRzPC9oMz4KCjxwPgogICAgICAgICAgICBUaGUgT0F1dGggUGFyYW1ldGVycyBSZWdpc3Ry eSdzIGluaXRpYWwgY29udGVudHMgYXJlOgogICAgICAgICAgCjwvcD4KPHA+CiAgICAgICAgICAg IDwvcD4KPHVsIGNsYXNzPSJ0ZXh0Ij4KPGxpPgogICAgICAgICAgICAgICAgUGFyYW1ldGVyIG5h bWU6IGNsaWVudF9pZAogICAgICAgICAgICAgIAo8L2xpPgo8bGk+CiAgICAgICAgICAgICAgICBQ YXJhbWV0ZXIgdXNhZ2UgbG9jYXRpb246IGF1dGhvcml6YXRpb24gcmVxdWVzdCwgdG9rZW4gcmVx dWVzdAogICAgICAgICAgICAgIAo8L2xpPgo8bGk+CiAgICAgICAgICAgICAgICBDaGFuZ2UgY29u dHJvbGxlcjogSUVURgogICAgICAgICAgICAgIAo8L2xpPgo8bGk+CiAgICAgICAgICAgICAgICBT cGVjaWZpY2F0aW9uIGRvY3VtZW50KHMpOiBbWyB0aGlzIGRvY3VtZW50IF1dCiAgICAgICAgICAg ICAgCjwvbGk+CjwvdWw+PHA+CiAgICAgICAgICAKPC9wPgo8cD4KICAgICAgICAgICAgPC9wPgo8 dWwgY2xhc3M9InRleHQiPgo8bGk+CiAgICAgICAgICAgICAgICBQYXJhbWV0ZXIgbmFtZTogY2xp ZW50X3NlY3JldAogICAgICAgICAgICAgIAo8L2xpPgo8bGk+CiAgICAgICAgICAgICAgICBQYXJh bWV0ZXIgdXNhZ2UgbG9jYXRpb246IHRva2VuIHJlcXVlc3QKICAgICAgICAgICAgICAKPC9saT4K PGxpPgogICAgICAgICAgICAgICAgQ2hhbmdlIGNvbnRyb2xsZXI6IElFVEYKICAgICAgICAgICAg ICAKPC9saT4KPGxpPgogICAgICAgICAgICAgICAgU3BlY2lmaWNhdGlvbiBkb2N1bWVudChzKTog W1sgdGhpcyBkb2N1bWVudCBdXQogICAgICAgICAgICAgIAo8L2xpPgo8L3VsPjxwPgogICAgICAg ICAgCjwvcD4KPHA+CiAgICAgICAgICAgIDwvcD4KPHVsIGNsYXNzPSJ0ZXh0Ij4KPGxpPgogICAg ICAgICAgICAgICAgUGFyYW1ldGVyIG5hbWU6IHJlc3BvbnNlX3R5cGUKICAgICAgICAgICAgICAK PC9saT4KPGxpPgogICAgICAgICAgICAgICAgUGFyYW1ldGVyIHVzYWdlIGxvY2F0aW9uOiBhdXRo b3JpemF0aW9uIHJlcXVlc3QKICAgICAgICAgICAgICAKPC9saT4KPGxpPgogICAgICAgICAgICAg ICAgQ2hhbmdlIGNvbnRyb2xsZXI6IElFVEYKICAgICAgICAgICAgICAKPC9saT4KPGxpPgogICAg ICAgICAgICAgICAgU3BlY2lmaWNhdGlvbiBkb2N1bWVudChzKTogW1sgdGhpcyBkb2N1bWVudCBd XQogICAgICAgICAgICAgIAo8L2xpPgo8L3VsPjxwPgogICAgICAgICAgCjwvcD4KPHA+CiAgICAg ICAgICAgIDwvcD4KPHVsIGNsYXNzPSJ0ZXh0Ij4KPGxpPgogICAgICAgICAgICAgICAgUGFyYW1l dGVyIG5hbWU6IHJlZGlyZWN0X3VyaQogICAgICAgICAgICAgIAo8L2xpPgo8bGk+CiAgICAgICAg ICAgICAgICBQYXJhbWV0ZXIgdXNhZ2UgbG9jYXRpb246IGF1dGhvcml6YXRpb24gcmVxdWVzdCwg dG9rZW4gcmVxdWVzdAogICAgICAgICAgICAgIAo8L2xpPgo8bGk+CiAgICAgICAgICAgICAgICBD aGFuZ2UgY29udHJvbGxlcjogSUVURgogICAgICAgICAgICAgIAo8L2xpPgo8bGk+CiAgICAgICAg ICAgICAgICBTcGVjaWZpY2F0aW9uIGRvY3VtZW50KHMpOiBbWyB0aGlzIGRvY3VtZW50IF1dCiAg ICAgICAgICAgICAgCjwvbGk+CjwvdWw+PHA+CiAgICAgICAgICAKPC9wPgo8cD4KICAgICAgICAg ICAgPC9wPgo8dWwgY2xhc3M9InRleHQiPgo8bGk+CiAgICAgICAgICAgICAgICBQYXJhbWV0ZXIg bmFtZTogc2NvcGUKICAgICAgICAgICAgICAKPC9saT4KPGxpPgogICAgICAgICAgICAgICAgUGFy YW1ldGVyIHVzYWdlIGxvY2F0aW9uOiBhdXRob3JpemF0aW9uIHJlcXVlc3QsIGF1dGhvcml6YXRp b24gcmVzcG9uc2UsIHRva2VuCiAgICAgICAgICAgICAgICByZXF1ZXN0LCB0b2tlbiByZXNwb25z ZQogICAgICAgICAgICAgIAo8L2xpPgo8bGk+CiAgICAgICAgICAgICAgICBDaGFuZ2UgY29udHJv bGxlcjogSUVURgogICAgICAgICAgICAgIAo8L2xpPgo8bGk+CiAgICAgICAgICAgICAgICBTcGVj aWZpY2F0aW9uIGRvY3VtZW50KHMpOiBbWyB0aGlzIGRvY3VtZW50IF1dCiAgICAgICAgICAgICAg CjwvbGk+CjwvdWw+PHA+CiAgICAgICAgICAKPC9wPgo8cD4KICAgICAgICAgICAgPC9wPgo8dWwg Y2xhc3M9InRleHQiPgo8bGk+CiAgICAgICAgICAgICAgICBQYXJhbWV0ZXIgbmFtZTogc3RhdGUK ICAgICAgICAgICAgICAKPC9saT4KPGxpPgogICAgICAgICAgICAgICAgUGFyYW1ldGVyIHVzYWdl IGxvY2F0aW9uOiBhdXRob3JpemF0aW9uIHJlcXVlc3QsIGF1dGhvcml6YXRpb24gcmVzcG9uc2UK ICAgICAgICAgICAgICAKPC9saT4KPGxpPgogICAgICAgICAgICAgICAgQ2hhbmdlIGNvbnRyb2xs ZXI6IElFVEYKICAgICAgICAgICAgICAKPC9saT4KPGxpPgogICAgICAgICAgICAgICAgU3BlY2lm aWNhdGlvbiBkb2N1bWVudChzKTogW1sgdGhpcyBkb2N1bWVudCBdXQogICAgICAgICAgICAgIAo8 L2xpPgo8L3VsPjxwPgogICAgICAgICAgCjwvcD4KPHA+CiAgICAgICAgICAgIDwvcD4KPHVsIGNs YXNzPSJ0ZXh0Ij4KPGxpPgogICAgICAgICAgICAgICAgUGFyYW1ldGVyIG5hbWU6IGNvZGUKICAg ICAgICAgICAgICAKPC9saT4KPGxpPgogICAgICAgICAgICAgICAgUGFyYW1ldGVyIHVzYWdlIGxv Y2F0aW9uOiBhdXRob3JpemF0aW9uIHJlc3BvbnNlLCB0b2tlbiByZXF1ZXN0CiAgICAgICAgICAg ICAgCjwvbGk+CjxsaT4KICAgICAgICAgICAgICAgIENoYW5nZSBjb250cm9sbGVyOiBJRVRGCiAg ICAgICAgICAgICAgCjwvbGk+CjxsaT4KICAgICAgICAgICAgICAgIFNwZWNpZmljYXRpb24gZG9j dW1lbnQocyk6IFtbIHRoaXMgZG9jdW1lbnQgXV0KICAgICAgICAgICAgICAKPC9saT4KPC91bD48 cD4KICAgICAgICAgIAo8L3A+CjxwPgogICAgICAgICAgICA8L3A+Cjx1bCBjbGFzcz0idGV4dCI+ CjxsaT4KICAgICAgICAgICAgICAgIFBhcmFtZXRlciBuYW1lOiBlcnJvcl9kZXNjcmlwdGlvbgog ICAgICAgICAgICAgIAo8L2xpPgo8bGk+CiAgICAgICAgICAgICAgICBQYXJhbWV0ZXIgdXNhZ2Ug bG9jYXRpb246IGF1dGhvcml6YXRpb24gcmVzcG9uc2UsIHRva2VuIHJlc3BvbnNlCiAgICAgICAg ICAgICAgCjwvbGk+CjxsaT4KICAgICAgICAgICAgICAgIENoYW5nZSBjb250cm9sbGVyOiBJRVRG CiAgICAgICAgICAgICAgCjwvbGk+CjxsaT4KICAgICAgICAgICAgICAgIFNwZWNpZmljYXRpb24g ZG9jdW1lbnQocyk6IFtbIHRoaXMgZG9jdW1lbnQgXV0KICAgICAgICAgICAgICAKPC9saT4KPC91 bD48cD4KICAgICAgICAgIAo8L3A+CjxwPgogICAgICAgICAgICA8L3A+Cjx1bCBjbGFzcz0idGV4 dCI+CjxsaT4KICAgICAgICAgICAgICAgIFBhcmFtZXRlciBuYW1lOiBlcnJvcl91cmkKICAgICAg ICAgICAgICAKPC9saT4KPGxpPgogICAgICAgICAgICAgICAgUGFyYW1ldGVyIHVzYWdlIGxvY2F0 aW9uOiBhdXRob3JpemF0aW9uIHJlc3BvbnNlLCB0b2tlbiByZXNwb25zZQogICAgICAgICAgICAg IAo8L2xpPgo8bGk+CiAgICAgICAgICAgICAgICBDaGFuZ2UgY29udHJvbGxlcjogSUVURgogICAg ICAgICAgICAgIAo8L2xpPgo8bGk+CiAgICAgICAgICAgICAgICBTcGVjaWZpY2F0aW9uIGRvY3Vt ZW50KHMpOiBbWyB0aGlzIGRvY3VtZW50IF1dCiAgICAgICAgICAgICAgCjwvbGk+CjwvdWw+PHA+ CiAgICAgICAgICAKPC9wPgo8cD4KICAgICAgICAgICAgPC9wPgo8dWwgY2xhc3M9InRleHQiPgo8 bGk+CiAgICAgICAgICAgICAgICBQYXJhbWV0ZXIgbmFtZTogZ3JhbnRfdHlwZQogICAgICAgICAg ICAgIAo8L2xpPgo8bGk+CiAgICAgICAgICAgICAgICBQYXJhbWV0ZXIgdXNhZ2UgbG9jYXRpb246 IHRva2VuIHJlcXVlc3QKICAgICAgICAgICAgICAKPC9saT4KPGxpPgogICAgICAgICAgICAgICAg Q2hhbmdlIGNvbnRyb2xsZXI6IElFVEYKICAgICAgICAgICAgICAKPC9saT4KPGxpPgogICAgICAg ICAgICAgICAgU3BlY2lmaWNhdGlvbiBkb2N1bWVudChzKTogW1sgdGhpcyBkb2N1bWVudCBdXQog ICAgICAgICAgICAgIAo8L2xpPgo8L3VsPjxwPgogICAgICAgICAgCjwvcD4KPHA+CiAgICAgICAg ICAgIDwvcD4KPHVsIGNsYXNzPSJ0ZXh0Ij4KPGxpPgogICAgICAgICAgICAgICAgUGFyYW1ldGVy IG5hbWU6IGFjY2Vzc190b2tlbgogICAgICAgICAgICAgIAo8L2xpPgo8bGk+CiAgICAgICAgICAg ICAgICBQYXJhbWV0ZXIgdXNhZ2UgbG9jYXRpb246IGF1dGhvcml6YXRpb24gcmVzcG9uc2UsIHRv a2VuIHJlc3BvbnNlCiAgICAgICAgICAgICAgCjwvbGk+CjxsaT4KICAgICAgICAgICAgICAgIENo YW5nZSBjb250cm9sbGVyOiBJRVRGCiAgICAgICAgICAgICAgCjwvbGk+CjxsaT4KICAgICAgICAg ICAgICAgIFNwZWNpZmljYXRpb24gZG9jdW1lbnQocyk6IFtbIHRoaXMgZG9jdW1lbnQgXV0KICAg ICAgICAgICAgICAKPC9saT4KPC91bD48cD4KICAgICAgICAgIAo8L3A+CjxwPgogICAgICAgICAg ICA8L3A+Cjx1bCBjbGFzcz0idGV4dCI+CjxsaT4KICAgICAgICAgICAgICAgIFBhcmFtZXRlciBu YW1lOiB0b2tlbl90eXBlCiAgICAgICAgICAgICAgCjwvbGk+CjxsaT4KICAgICAgICAgICAgICAg IFBhcmFtZXRlciB1c2FnZSBsb2NhdGlvbjogYXV0aG9yaXphdGlvbiByZXNwb25zZSwgdG9rZW4g cmVzcG9uc2UKICAgICAgICAgICAgICAKPC9saT4KPGxpPgogICAgICAgICAgICAgICAgQ2hhbmdl IGNvbnRyb2xsZXI6IElFVEYKICAgICAgICAgICAgICAKPC9saT4KPGxpPgogICAgICAgICAgICAg ICAgU3BlY2lmaWNhdGlvbiBkb2N1bWVudChzKTogW1sgdGhpcyBkb2N1bWVudCBdXQogICAgICAg ICAgICAgIAo8L2xpPgo8L3VsPjxwPgogICAgICAgICAgCjwvcD4KPHA+CiAgICAgICAgICAgIDwv cD4KPHVsIGNsYXNzPSJ0ZXh0Ij4KPGxpPgogICAgICAgICAgICAgICAgUGFyYW1ldGVyIG5hbWU6 IGV4cGlyZXNfaW4KICAgICAgICAgICAgICAKPC9saT4KPGxpPgogICAgICAgICAgICAgICAgUGFy YW1ldGVyIHVzYWdlIGxvY2F0aW9uOiBhdXRob3JpemF0aW9uIHJlc3BvbnNlLCB0b2tlbiByZXNw b25zZQogICAgICAgICAgICAgIAo8L2xpPgo8bGk+CiAgICAgICAgICAgICAgICBDaGFuZ2UgY29u dHJvbGxlcjogSUVURgogICAgICAgICAgICAgIAo8L2xpPgo8bGk+CiAgICAgICAgICAgICAgICBT cGVjaWZpY2F0aW9uIGRvY3VtZW50KHMpOiBbWyB0aGlzIGRvY3VtZW50IF1dCiAgICAgICAgICAg ICAgCjwvbGk+CjwvdWw+PHA+CiAgICAgICAgICAKPC9wPgo8cD4KICAgICAgICAgICAgPC9wPgo8 dWwgY2xhc3M9InRleHQiPgo8bGk+CiAgICAgICAgICAgICAgICBQYXJhbWV0ZXIgbmFtZTogdXNl cm5hbWUKICAgICAgICAgICAgICAKPC9saT4KPGxpPgogICAgICAgICAgICAgICAgUGFyYW1ldGVy IHVzYWdlIGxvY2F0aW9uOiB0b2tlbiByZXF1ZXN0CiAgICAgICAgICAgICAgCjwvbGk+CjxsaT4K ICAgICAgICAgICAgICAgIENoYW5nZSBjb250cm9sbGVyOiBJRVRGCiAgICAgICAgICAgICAgCjwv bGk+CjxsaT4KICAgICAgICAgICAgICAgIFNwZWNpZmljYXRpb24gZG9jdW1lbnQocyk6IFtbIHRo aXMgZG9jdW1lbnQgXV0KICAgICAgICAgICAgICAKPC9saT4KPC91bD48cD4KICAgICAgICAgIAo8 L3A+CjxwPgogICAgICAgICAgICA8L3A+Cjx1bCBjbGFzcz0idGV4dCI+CjxsaT4KICAgICAgICAg ICAgICAgIFBhcmFtZXRlciBuYW1lOiBwYXNzd29yZAogICAgICAgICAgICAgIAo8L2xpPgo8bGk+ CiAgICAgICAgICAgICAgICBQYXJhbWV0ZXIgdXNhZ2UgbG9jYXRpb246IHRva2VuIHJlcXVlc3QK ICAgICAgICAgICAgICAKPC9saT4KPGxpPgogICAgICAgICAgICAgICAgQ2hhbmdlIGNvbnRyb2xs ZXI6IElFVEYKICAgICAgICAgICAgICAKPC9saT4KPGxpPgogICAgICAgICAgICAgICAgU3BlY2lm aWNhdGlvbiBkb2N1bWVudChzKTogW1sgdGhpcyBkb2N1bWVudCBdXQogICAgICAgICAgICAgIAo8 L2xpPgo8L3VsPjxwPgogICAgICAgICAgCjwvcD4KPHA+CiAgICAgICAgICAgIDwvcD4KPHVsIGNs YXNzPSJ0ZXh0Ij4KPGxpPgogICAgICAgICAgICAgICAgUGFyYW1ldGVyIG5hbWU6IHJlZnJlc2hf dG9rZW4KICAgICAgICAgICAgICAKPC9saT4KPGxpPgogICAgICAgICAgICAgICAgUGFyYW1ldGVy IHVzYWdlIGxvY2F0aW9uOiB0b2tlbiByZXF1ZXN0LCB0b2tlbiByZXNwb25zZQogICAgICAgICAg ICAgIAo8L2xpPgo8bGk+CiAgICAgICAgICAgICAgICBDaGFuZ2UgY29udHJvbGxlcjogSUVURgog ICAgICAgICAgICAgIAo8L2xpPgo8bGk+CiAgICAgICAgICAgICAgICBTcGVjaWZpY2F0aW9uIGRv Y3VtZW50KHMpOiBbWyB0aGlzIGRvY3VtZW50IF1dCiAgICAgICAgICAgICAgCjwvbGk+CjwvdWw+ PHA+CiAgICAgICAgICAKPC9wPgo8YSBuYW1lPSJyZXNwb25zZS10eXBlLXJlZ2lzdHJ5Ij48L2E+ PGJyIC8+PGhyIC8+Cjx0YWJsZSBzdW1tYXJ5PSJsYXlvdXQiIGNlbGxwYWRkaW5nPSIwIiBjZWxs c3BhY2luZz0iMiIgY2xhc3M9IlRPQ2J1ZyIgYWxpZ249InJpZ2h0Ij48dHI+PHRkIGNsYXNzPSJU T0NidWciPjxhIGhyZWY9IiN0b2MiPiZuYnNwO1RPQyZuYnNwOzwvYT48L3RkPjwvdHI+PC90YWJs ZT4KPGEgbmFtZT0icmZjLnNlY3Rpb24uMTEuMyI+PC9hPjxoMz4xMS4zLiZuYnNwOwpUaGUgT0F1 dGggQXV0aG9yaXphdGlvbiBFbmRwb2ludCBSZXNwb25zZSBUeXBlIFJlZ2lzdHJ5PC9oMz4KCjxw PgogICAgICAgICAgVGhpcyBzcGVjaWZpY2F0aW9uIGVzdGFibGlzaGVzIHRoZSBPQXV0aCBhdXRo b3JpemF0aW9uIGVuZHBvaW50IHJlc3BvbnNlIHR5cGUgcmVnaXN0cnkuCiAgICAgICAgCjwvcD4K PHA+CiAgICAgICAgICAgIEFkZGl0aW9uYWwgcmVzcG9uc2UgdHlwZSBmb3IgdXNlIHdpdGggdGhl IGF1dGhvcml6YXRpb24gZW5kcG9pbnQgYXJlIHJlZ2lzdGVyZWQgd2l0aCBhCiAgICAgICAgICAg IFNwZWNpZmljYXRpb24gUmVxdWlyZWQgKDxhIGNsYXNzPSdpbmZvJyBocmVmPScjUkZDNTIyNic+ W1JGQzUyMjZdPHNwYW4+ICg8L3NwYW4+PHNwYW4gY2xhc3M9J2luZm8nPk5hcnRlbiwgVC4gYW5k IEguIEFsdmVzdHJhbmQsICZsZHF1bztHdWlkZWxpbmVzIGZvciBXcml0aW5nIGFuIElBTkEgQ29u c2lkZXJhdGlvbnMgU2VjdGlvbiBpbiBSRkNzLCZyZHF1bzsgTWF5Jm5ic3A7MjAwOC48L3NwYW4+ PHNwYW4+KTwvc3Bhbj48L2E+KSBhZnRlciBhIHR3byB3ZWVrIHJldmlldyBwZXJpb2Qgb24KICAg ICAgICAgICAgdGhlIFtUQkRdQGlldGYub3JnIG1haWxpbmcgbGlzdCwgb24gdGhlIGFkdmljZSBv ZiBvbmUgb3IgbW9yZSBEZXNpZ25hdGVkIEV4cGVydHMuCiAgICAgICAgICAgIEhvd2V2ZXIsIHRv IGFsbG93IGZvciB0aGUgYWxsb2NhdGlvbiBvZiB2YWx1ZXMgcHJpb3IgdG8gcHVibGljYXRpb24s IHRoZSBEZXNpZ25hdGVkCiAgICAgICAgICAgIEV4cGVydChzKSBtYXkgYXBwcm92ZSByZWdpc3Ry YXRpb24gb25jZSB0aGV5IGFyZSBzYXRpc2ZpZWQgdGhhdCBzdWNoIGEgc3BlY2lmaWNhdGlvbgog ICAgICAgICAgICB3aWxsIGJlIHB1Ymxpc2hlZC4KICAgICAgICAgIAo8L3A+CjxwPgogICAgICAg ICAgICBSZWdpc3RyYXRpb24gcmVxdWVzdHMgbXVzdCBiZSBzZW50IHRvIHRoZSBbVEJEXUBpZXRm Lm9yZyBtYWlsaW5nIGxpc3QgZm9yIHJldmlldyBhbmQKICAgICAgICAgICAgY29tbWVudCwgd2l0 aCBhbiBhcHByb3ByaWF0ZSBzdWJqZWN0IChlLmcuLCAiUmVxdWVzdCBmb3IgcmVzcG9uc2UgdHlw ZTogZXhhbXBsZSIpLgogICAgICAgICAgICBbWyBOb3RlIHRvIFJGQy1FRElUT1I6IFRoZSBuYW1l IG9mIHRoZSBtYWlsaW5nIGxpc3Qgc2hvdWxkIGJlIGRldGVybWluZWQgaW4gY29uc3VsdGF0aW9u CiAgICAgICAgICAgIHdpdGggdGhlIElFU0cgYW5kIElBTkEuIFN1Z2dlc3RlZCBuYW1lOiBvYXV0 aC1leHQtcmV2aWV3LiBdXQogICAgICAgICAgCjwvcD4KPHA+CiAgICAgICAgICAgIFdpdGhpbiB0 aGUgcmV2aWV3IHBlcmlvZCwgdGhlIERlc2lnbmF0ZWQgRXhwZXJ0KHMpIHdpbGwgZWl0aGVyIGFw cHJvdmUgb3IKICAgICAgICAgICAgZGVueSB0aGUgcmVnaXN0cmF0aW9uIHJlcXVlc3QsIGNvbW11 bmljYXRpbmcgdGhpcyBkZWNpc2lvbiB0byB0aGUgcmV2aWV3IGxpc3QgYW5kIElBTkEuCiAgICAg ICAgICAgIERlbmlhbHMgc2hvdWxkIGluY2x1ZGUgYW4gZXhwbGFuYXRpb24gYW5kLCBpZiBhcHBs aWNhYmxlLCBzdWdnZXN0aW9ucyBhcyB0byBob3cgdG8gbWFrZQogICAgICAgICAgICB0aGUgcmVx dWVzdCBzdWNjZXNzZnVsLgogICAgICAgICAgCjwvcD4KPHA+CiAgICAgICAgICAgIElBTkEgbXVz dCBvbmx5IGFjY2VwdCByZWdpc3RyeSB1cGRhdGVzIGZyb20gdGhlIERlc2lnbmF0ZWQgRXhwZXJ0 KHMpLCBhbmQgc2hvdWxkIGRpcmVjdAogICAgICAgICAgICBhbGwgcmVxdWVzdHMgZm9yIHJlZ2lz dHJhdGlvbiB0byB0aGUgcmV2aWV3IG1haWxpbmcgbGlzdC4KICAgICAgICAgIAo8L3A+CjxhIG5h bWU9ImFuY2hvcjUxIj48L2E+PGJyIC8+PGhyIC8+Cjx0YWJsZSBzdW1tYXJ5PSJsYXlvdXQiIGNl bGxwYWRkaW5nPSIwIiBjZWxsc3BhY2luZz0iMiIgY2xhc3M9IlRPQ2J1ZyIgYWxpZ249InJpZ2h0 Ij48dHI+PHRkIGNsYXNzPSJUT0NidWciPjxhIGhyZWY9IiN0b2MiPiZuYnNwO1RPQyZuYnNwOzwv YT48L3RkPjwvdHI+PC90YWJsZT4KPGEgbmFtZT0icmZjLnNlY3Rpb24uMTEuMy4xIj48L2E+PGgz PjExLjMuMS4mbmJzcDsKUmVnaXN0cmF0aW9uIFRlbXBsYXRlPC9oMz4KCjxwPgogICAgICAgICAg ICA8L3A+CjxibG9ja3F1b3RlIGNsYXNzPSJ0ZXh0Ij48ZGw+CjxkdD5SZXNwb25zZSB0eXBlIG5h bWU6PC9kdD4KPGRkPgogICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICBUaGUgbmFtZSBy ZXF1ZXN0ZWQgKGUuZy4sICJleGFtcGxlIikuCiAgICAgICAgICAgICAgCjwvZGQ+CjxkdD5DaGFu Z2UgY29udHJvbGxlcjo8L2R0Pgo8ZGQ+CiAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAg IEZvciBzdGFuZGFyZHMtdHJhY2sgUkZDcywgc3RhdGUgIklFVEYiLiBGb3Igb3RoZXJzLCBnaXZl IHRoZSBuYW1lIG9mIHRoZQogICAgICAgICAgICAgICAgcmVzcG9uc2libGUgcGFydHkuIE90aGVy IGRldGFpbHMgKGUuZy4sIHBvc3RhbCBhZGRyZXNzLCBlLW1haWwgYWRkcmVzcywgaG9tZSBwYWdl CiAgICAgICAgICAgICAgICBVUkkpIG1heSBhbHNvIGJlIGluY2x1ZGVkLgogICAgICAgICAgICAg IAo8L2RkPgo8ZHQ+U3BlY2lmaWNhdGlvbiBkb2N1bWVudChzKTo8L2R0Pgo8ZGQ+CiAgICAgICAg ICAgICAgICAKICAgICAgICAgICAgICAgIFJlZmVyZW5jZSB0byB0aGUgZG9jdW1lbnQgdGhhdCBz cGVjaWZpZXMgdGhlIHR5cGUsIHByZWZlcmFibHkgaW5jbHVkaW5nIGEgVVJJIHRoYXQKICAgICAg ICAgICAgICAgIGNhbiBiZSB1c2VkIHRvIHJldHJpZXZlIGEgY29weSBvZiB0aGUgZG9jdW1lbnQu IEFuIGluZGljYXRpb24gb2YgdGhlIHJlbGV2YW50CiAgICAgICAgICAgICAgICBzZWN0aW9ucyBt YXkgYWxzbyBiZSBpbmNsdWRlZCwgYnV0IGlzIG5vdCByZXF1aXJlZC4KICAgICAgICAgICAgICAK PC9kZD4KPC9kbD48L2Jsb2NrcXVvdGU+PHA+CiAgICAgICAgICAKPC9wPgo8YSBuYW1lPSJhbmNo b3I1MiI+PC9hPjxiciAvPjxociAvPgo8dGFibGUgc3VtbWFyeT0ibGF5b3V0IiBjZWxscGFkZGlu Zz0iMCIgY2VsbHNwYWNpbmc9IjIiIGNsYXNzPSJUT0NidWciIGFsaWduPSJyaWdodCI+PHRyPjx0 ZCBjbGFzcz0iVE9DYnVnIj48YSBocmVmPSIjdG9jIj4mbmJzcDtUT0MmbmJzcDs8L2E+PC90ZD48 L3RyPjwvdGFibGU+CjxhIG5hbWU9InJmYy5zZWN0aW9uLjExLjMuMiI+PC9hPjxoMz4xMS4zLjIu Jm5ic3A7CkluaXRpYWwgUmVnaXN0cnkgQ29udGVudHM8L2gzPgoKPHA+CiAgICAgICAgICAgIFRo ZSBPQXV0aCBBdXRob3JpemF0aW9uIEVuZHBvaW50IFJlc3BvbnNlIFR5cGUgUmVnaXN0cnkncyBp bml0aWFsIGNvbnRlbnRzIGFyZToKICAgICAgICAgIAo8L3A+CjxwPgogICAgICAgICAgICA8L3A+ Cjx1bCBjbGFzcz0idGV4dCI+CjxsaT4KICAgICAgICAgICAgICAgIFJlc3BvbnNlIHR5cGUgbmFt ZTogY29kZQogICAgICAgICAgICAgIAo8L2xpPgo8bGk+CiAgICAgICAgICAgICAgICBDaGFuZ2Ug Y29udHJvbGxlcjogSUVURgogICAgICAgICAgICAgIAo8L2xpPgo8bGk+CiAgICAgICAgICAgICAg ICBTcGVjaWZpY2F0aW9uIGRvY3VtZW50KHMpOiBbWyB0aGlzIGRvY3VtZW50IF1dCiAgICAgICAg ICAgICAgCjwvbGk+CjwvdWw+PHA+CiAgICAgICAgICAKPC9wPgo8cD4KICAgICAgICAgICAgPC9w Pgo8dWwgY2xhc3M9InRleHQiPgo8bGk+CiAgICAgICAgICAgICAgICBSZXNwb25zZSB0eXBlIG5h bWU6IHRva2VuCiAgICAgICAgICAgICAgCjwvbGk+CjxsaT4KICAgICAgICAgICAgICAgIENoYW5n ZSBjb250cm9sbGVyOiBJRVRGCiAgICAgICAgICAgICAgCjwvbGk+CjxsaT4KICAgICAgICAgICAg ICAgIFNwZWNpZmljYXRpb24gZG9jdW1lbnQocyk6IFtbIHRoaXMgZG9jdW1lbnQgXV0KICAgICAg ICAgICAgICAKPC9saT4KPC91bD48cD4KICAgICAgICAgIAo8L3A+CjxhIG5hbWU9ImVycm9yLXJl Z2lzdHJ5Ij48L2E+PGJyIC8+PGhyIC8+Cjx0YWJsZSBzdW1tYXJ5PSJsYXlvdXQiIGNlbGxwYWRk aW5nPSIwIiBjZWxsc3BhY2luZz0iMiIgY2xhc3M9IlRPQ2J1ZyIgYWxpZ249InJpZ2h0Ij48dHI+ PHRkIGNsYXNzPSJUT0NidWciPjxhIGhyZWY9IiN0b2MiPiZuYnNwO1RPQyZuYnNwOzwvYT48L3Rk PjwvdHI+PC90YWJsZT4KPGEgbmFtZT0icmZjLnNlY3Rpb24uMTEuNCI+PC9hPjxoMz4xMS40LiZu YnNwOwpUaGUgT0F1dGggRXh0ZW5zaW9ucyBFcnJvciBSZWdpc3RyeTwvaDM+Cgo8cD4KICAgICAg ICAgIFRoaXMgc3BlY2lmaWNhdGlvbiBlc3RhYmxpc2hlcyB0aGUgT0F1dGggZXh0ZW5zaW9ucyBl cnJvciByZWdpc3RyeS4KICAgICAgICAKPC9wPgo8cD4KICAgICAgICAgIEFkZGl0aW9uYWwgZXJy b3IgY29kZXMgdXNlZCB0b2dldGhlciB3aXRoIG90aGVyIHByb3RvY29sIGV4dGVuc2lvbnMgKGku ZS4gZXh0ZW5zaW9uIGdyYW50CiAgICAgICAgICB0eXBlcywgYWNjZXNzIHRva2VuIHR5cGVzLCBv ciBleHRlbnNpb24gcGFyYW1ldGVycykgYXJlIHJlZ2lzdGVyZWQgd2l0aCBhIFNwZWNpZmljYXRp b24KICAgICAgICAgIFJlcXVpcmVkICg8YSBjbGFzcz0naW5mbycgaHJlZj0nI1JGQzUyMjYnPltS RkM1MjI2XTxzcGFuPiAoPC9zcGFuPjxzcGFuIGNsYXNzPSdpbmZvJz5OYXJ0ZW4sIFQuIGFuZCBI LiBBbHZlc3RyYW5kLCAmbGRxdW87R3VpZGVsaW5lcyBmb3IgV3JpdGluZyBhbiBJQU5BIENvbnNp ZGVyYXRpb25zIFNlY3Rpb24gaW4gUkZDcywmcmRxdW87IE1heSZuYnNwOzIwMDguPC9zcGFuPjxz cGFuPik8L3NwYW4+PC9hPikgYWZ0ZXIgYSB0d28gd2VlayByZXZpZXcgcGVyaW9kIG9uIHRoZQog ICAgICAgICAgW1RCRF1AaWV0Zi5vcmcgbWFpbGluZyBsaXN0LCBvbiB0aGUgYWR2aWNlIG9mIG9u ZSBvciBtb3JlIERlc2lnbmF0ZWQgRXhwZXJ0cy4gSG93ZXZlciwgdG8KICAgICAgICAgIGFsbG93 IGZvciB0aGUgYWxsb2NhdGlvbiBvZiB2YWx1ZXMgcHJpb3IgdG8gcHVibGljYXRpb24sIHRoZSBE ZXNpZ25hdGVkIEV4cGVydChzKSBtYXkKICAgICAgICAgIGFwcHJvdmUgcmVnaXN0cmF0aW9uIG9u Y2UgdGhleSBhcmUgc2F0aXNmaWVkIHRoYXQgc3VjaCBhIHNwZWNpZmljYXRpb24gd2lsbCBiZSBw dWJsaXNoZWQuCiAgICAgICAgCjwvcD4KPHA+CiAgICAgICAgICBSZWdpc3RyYXRpb24gcmVxdWVz dHMgbXVzdCBiZSBzZW50IHRvIHRoZSBbVEJEXUBpZXRmLm9yZyBtYWlsaW5nIGxpc3QgZm9yIHJl dmlldyBhbmQKICAgICAgICAgIGNvbW1lbnQsIHdpdGggYW4gYXBwcm9wcmlhdGUgc3ViamVjdCAo ZS5nLiwgIlJlcXVlc3QgZm9yIGVycm9yIGNvZGU6IGV4YW1wbGUiKS4KICAgICAgICAgIFtbIE5v dGUgdG8gUkZDLUVESVRPUjogVGhlIG5hbWUgb2YgdGhlIG1haWxpbmcgbGlzdCBzaG91bGQgYmUg ZGV0ZXJtaW5lZCBpbiBjb25zdWx0YXRpb24KICAgICAgICAgIHdpdGggdGhlIElFU0cgYW5kIElB TkEuIFN1Z2dlc3RlZCBuYW1lOiBvYXV0aC1leHQtcmV2aWV3LiBdXQogICAgICAgIAo8L3A+Cjxw PgogICAgICAgICAgV2l0aGluIHRoZSByZXZpZXcgcGVyaW9kLCB0aGUgRGVzaWduYXRlZCBFeHBl cnQocykgd2lsbCBlaXRoZXIgYXBwcm92ZSBvcgogICAgICAgICAgZGVueSB0aGUgcmVnaXN0cmF0 aW9uIHJlcXVlc3QsIGNvbW11bmljYXRpbmcgdGhpcyBkZWNpc2lvbiB0byB0aGUgcmV2aWV3IGxp c3QgYW5kIElBTkEuCiAgICAgICAgICBEZW5pYWxzIHNob3VsZCBpbmNsdWRlIGFuIGV4cGxhbmF0 aW9uIGFuZCwgaWYgYXBwbGljYWJsZSwgc3VnZ2VzdGlvbnMgYXMgdG8gaG93IHRvIG1ha2UKICAg ICAgICAgIHRoZSByZXF1ZXN0IHN1Y2Nlc3NmdWwuCiAgICAgICAgCjwvcD4KPHA+CiAgICAgICAg ICBJQU5BIG11c3Qgb25seSBhY2NlcHQgcmVnaXN0cnkgdXBkYXRlcyBmcm9tIHRoZSBEZXNpZ25h dGVkIEV4cGVydChzKSwgYW5kIHNob3VsZCBkaXJlY3QKICAgICAgICAgIGFsbCByZXF1ZXN0cyBm b3IgcmVnaXN0cmF0aW9uIHRvIHRoZSByZXZpZXcgbWFpbGluZyBsaXN0LgogICAgICAgIAo8L3A+ CjxhIG5hbWU9ImFuY2hvcjUzIj48L2E+PGJyIC8+PGhyIC8+Cjx0YWJsZSBzdW1tYXJ5PSJsYXlv dXQiIGNlbGxwYWRkaW5nPSIwIiBjZWxsc3BhY2luZz0iMiIgY2xhc3M9IlRPQ2J1ZyIgYWxpZ249 InJpZ2h0Ij48dHI+PHRkIGNsYXNzPSJUT0NidWciPjxhIGhyZWY9IiN0b2MiPiZuYnNwO1RPQyZu YnNwOzwvYT48L3RkPjwvdHI+PC90YWJsZT4KPGEgbmFtZT0icmZjLnNlY3Rpb24uMTEuNC4xIj48 L2E+PGgzPjExLjQuMS4mbmJzcDsKUmVnaXN0cmF0aW9uIFRlbXBsYXRlPC9oMz4KCjxwPgogICAg ICAgICAgICA8L3A+CjxibG9ja3F1b3RlIGNsYXNzPSJ0ZXh0Ij48ZGw+CjxkdD5FcnJvciBuYW1l OjwvZHQ+CjxkZD4KICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgVGhlIG5hbWUgcmVx dWVzdGVkIChlLmcuLCAiZXhhbXBsZSIpLgoJCVZhbHVlcyBmb3IgdGhlIGVycm9yIG5hbWUgTVVT VCBOT1QgaW5jbHVkZQoJCWNoYXJhY3RlcnMgb3V0c2lkZSB0aGUgc2V0ICV4MjAtMjEgLyAleDIz LTVCIC8gJXg1RC03RS4KICAgICAgICAgICAgICAKPC9kZD4KPGR0PkVycm9yIHVzYWdlIGxvY2F0 aW9uOjwvZHQ+CjxkZD4KICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgVGhlIGxvY2F0 aW9uKHMpIHdoZXJlIHRoZSBlcnJvciBjYW4gYmUgdXNlZC4gVGhlIHBvc3NpYmxlIGxvY2F0aW9u cyBhcmU6CiAgICAgICAgICAgICAgICBhdXRob3JpemF0aW9uIGNvZGUgZ3JhbnQgZXJyb3IgcmVz cG9uc2UgKDxhIGNsYXNzPSdpbmZvJyBocmVmPScjY29kZS1hdXRoei1lcnJvcic+U2VjdGlvbiZu YnNwOzQuMS4yLjE8c3Bhbj4gKDwvc3Bhbj48c3BhbiBjbGFzcz0naW5mbyc+RXJyb3IgUmVzcG9u c2U8L3NwYW4+PHNwYW4+KTwvc3Bhbj48L2E+KSwKICAgICAgICAgICAgICAgIGltcGxpY2l0IGdy YW50IGVycm9yIHJlc3BvbnNlICg8YSBjbGFzcz0naW5mbycgaHJlZj0nI2ltcGxpY2l0LWF1dGh6 LWVycm9yJz5TZWN0aW9uJm5ic3A7NC4yLjIuMTxzcGFuPiAoPC9zcGFuPjxzcGFuIGNsYXNzPSdp bmZvJz5FcnJvciBSZXNwb25zZTwvc3Bhbj48c3Bhbj4pPC9zcGFuPjwvYT4pLAoJCXRva2VuIGVy cm9yIHJlc3BvbnNlICg8YSBjbGFzcz0naW5mbycgaHJlZj0nI3Rva2VuLWVycm9ycyc+U2VjdGlv biZuYnNwOzUuMjxzcGFuPiAoPC9zcGFuPjxzcGFuIGNsYXNzPSdpbmZvJz5FcnJvciBSZXNwb25z ZTwvc3Bhbj48c3Bhbj4pPC9zcGFuPjwvYT4pLCBvcgoJCXJlc291cmNlIGFjY2VzcyBlcnJvciBy ZXNwb25zZSAoPGEgY2xhc3M9J2luZm8nIGhyZWY9JyNyZXNvdXJjZS1lcnJvcnMnPlNlY3Rpb24m bmJzcDs3LjI8c3Bhbj4gKDwvc3Bhbj48c3BhbiBjbGFzcz0naW5mbyc+RXJyb3IgUmVzcG9uc2U8 L3NwYW4+PHNwYW4+KTwvc3Bhbj48L2E+KS4KICAgICAgICAgICAgICAKPC9kZD4KPGR0PlJlbGF0 ZWQgcHJvdG9jb2wgZXh0ZW5zaW9uOjwvZHQ+CjxkZD4KICAgICAgICAgICAgICAgIAogICAgICAg ICAgICAgICAgVGhlIG5hbWUgb2YgdGhlIGV4dGVuc2lvbiBncmFudCB0eXBlLCBhY2Nlc3MgdG9r ZW4gdHlwZSwgb3IgZXh0ZW5zaW9uIHBhcmFtZXRlciwKICAgICAgICAgICAgICAgIHRoZSBlcnJv ciBjb2RlIGlzIHVzZWQgaW4gY29uanVuY3Rpb24gd2l0aC4KICAgICAgICAgICAgICAKPC9kZD4K PGR0PkNoYW5nZSBjb250cm9sbGVyOjwvZHQ+CjxkZD4KICAgICAgICAgICAgICAgIAogICAgICAg ICAgICAgICAgRm9yIHN0YW5kYXJkcy10cmFjayBSRkNzLCBzdGF0ZSAiSUVURiIuIEZvciBvdGhl cnMsIGdpdmUgdGhlIG5hbWUgb2YgdGhlCiAgICAgICAgICAgICAgICByZXNwb25zaWJsZSBwYXJ0 eS4gT3RoZXIgZGV0YWlscyAoZS5nLiwgcG9zdGFsIGFkZHJlc3MsIGUtbWFpbCBhZGRyZXNzLCBo b21lIHBhZ2UKICAgICAgICAgICAgICAgIFVSSSkgbWF5IGFsc28gYmUgaW5jbHVkZWQuCiAgICAg ICAgICAgICAgCjwvZGQ+CjxkdD5TcGVjaWZpY2F0aW9uIGRvY3VtZW50KHMpOjwvZHQ+CjxkZD4K ICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgUmVmZXJlbmNlIHRvIHRoZSBkb2N1bWVu dCB0aGF0IHNwZWNpZmllcyB0aGUgZXJyb3IgY29kZSwgcHJlZmVyYWJseSBpbmNsdWRpbmcgYSBV UkkKICAgICAgICAgICAgICAgIHRoYXQgY2FuIGJlIHVzZWQgdG8gcmV0cmlldmUgYSBjb3B5IG9m IHRoZSBkb2N1bWVudC4gQW4gaW5kaWNhdGlvbiBvZiB0aGUgcmVsZXZhbnQKICAgICAgICAgICAg ICAgIHNlY3Rpb25zIG1heSBhbHNvIGJlIGluY2x1ZGVkLCBidXQgaXMgbm90IHJlcXVpcmVkLgog ICAgICAgICAgICAgIAo8L2RkPgo8L2RsPjwvYmxvY2txdW90ZT48cD4KICAgICAgICAgIAo8L3A+ CjxhIG5hbWU9InJmYy5yZWZlcmVuY2VzIj48L2E+PGJyIC8+PGhyIC8+Cjx0YWJsZSBzdW1tYXJ5 PSJsYXlvdXQiIGNlbGxwYWRkaW5nPSIwIiBjZWxsc3BhY2luZz0iMiIgY2xhc3M9IlRPQ2J1ZyIg YWxpZ249InJpZ2h0Ij48dHI+PHRkIGNsYXNzPSJUT0NidWciPjxhIGhyZWY9IiN0b2MiPiZuYnNw O1RPQyZuYnNwOzwvYT48L3RkPjwvdHI+PC90YWJsZT4KPGEgbmFtZT0icmZjLnNlY3Rpb24uMTIi PjwvYT48aDM+MTIuJm5ic3A7ClJlZmVyZW5jZXM8L2gzPgoKPGEgbmFtZT0icmZjLnJlZmVyZW5j ZXMxIj48L2E+PGJyIC8+PGhyIC8+Cjx0YWJsZSBzdW1tYXJ5PSJsYXlvdXQiIGNlbGxwYWRkaW5n PSIwIiBjZWxsc3BhY2luZz0iMiIgY2xhc3M9IlRPQ2J1ZyIgYWxpZ249InJpZ2h0Ij48dHI+PHRk IGNsYXNzPSJUT0NidWciPjxhIGhyZWY9IiN0b2MiPiZuYnNwO1RPQyZuYnNwOzwvYT48L3RkPjwv dHI+PC90YWJsZT4KPGgzPjEyLjEuJm5ic3A7Tm9ybWF0aXZlIFJlZmVyZW5jZXM8L2gzPgo8dGFi bGUgd2lkdGg9Ijk5JSIgYm9yZGVyPSIwIj4KPHRyPjx0ZCBjbGFzcz0iYXV0aG9yLXRleHQiIHZh bGlnbj0idG9wIj48YSBuYW1lPSJSRkMyMTE5Ij5bUkZDMjExOV08L2E+PC90ZD4KPHRkIGNsYXNz PSJhdXRob3ItdGV4dCI+PGEgaHJlZj0ibWFpbHRvOnNvYkBoYXJ2YXJkLmVkdSI+QnJhZG5lciwg Uy48L2E+LCAmbGRxdW87PGEgaHJlZj0iaHR0cDovL3Rvb2xzLmlldGYub3JnL2h0bWwvcmZjMjEx OSI+S2V5IHdvcmRzIGZvciB1c2UgaW4gUkZDcyB0byBJbmRpY2F0ZSBSZXF1aXJlbWVudCBMZXZl bHM8L2E+LCZyZHF1bzsgQkNQJm5ic3A7MTQsIFJGQyZuYnNwOzIxMTksIE1hcmNoJm5ic3A7MTk5 NyAoPGEgaHJlZj0iaHR0cDovL3d3dy5yZmMtZWRpdG9yLm9yZy9yZmMvcmZjMjExOS50eHQiPlRY VDwvYT4sIDxhIGhyZWY9Imh0dHA6Ly94bWwucmVzb3VyY2Uub3JnL3B1YmxpYy9yZmMvaHRtbC9y ZmMyMTE5Lmh0bWwiPkhUTUw8L2E+LCA8YSBocmVmPSJodHRwOi8veG1sLnJlc291cmNlLm9yZy9w dWJsaWMvcmZjL3htbC9yZmMyMTE5LnhtbCI+WE1MPC9hPikuPC90ZD48L3RyPgo8dHI+PHRkIGNs YXNzPSJhdXRob3ItdGV4dCIgdmFsaWduPSJ0b3AiPjxhIG5hbWU9IlJGQzIyNDYiPltSRkMyMjQ2 XTwvYT48L3RkPgo8dGQgY2xhc3M9ImF1dGhvci10ZXh0Ij48YSBocmVmPSJtYWlsdG86dGRpZXJr c0BjZXJ0aWNvbS5jb20iPkRpZXJrcywgVC48L2E+IGFuZCA8YSBocmVmPSJtYWlsdG86Y2FsbGVu QGNlcnRpY29tLmNvbSI+Qy4gQWxsZW48L2E+LCAmbGRxdW87PGEgaHJlZj0iaHR0cDovL3Rvb2xz LmlldGYub3JnL2h0bWwvcmZjMjI0NiI+VGhlIFRMUyBQcm90b2NvbCBWZXJzaW9uIDEuMDwvYT4s JnJkcXVvOyBSRkMmbmJzcDsyMjQ2LCBKYW51YXJ5Jm5ic3A7MTk5OSAoPGEgaHJlZj0iaHR0cDov L3d3dy5yZmMtZWRpdG9yLm9yZy9yZmMvcmZjMjI0Ni50eHQiPlRYVDwvYT4pLjwvdGQ+PC90cj4K PHRyPjx0ZCBjbGFzcz0iYXV0aG9yLXRleHQiIHZhbGlnbj0idG9wIj48YSBuYW1lPSJSRkMyNjE2 Ij5bUkZDMjYxNl08L2E+PC90ZD4KPHRkIGNsYXNzPSJhdXRob3ItdGV4dCI+PGEgaHJlZj0ibWFp bHRvOmZpZWxkaW5nQGljcy51Y2kuZWR1Ij5GaWVsZGluZywgUi48L2E+LCA8YSBocmVmPSJtYWls dG86amdAdzMub3JnIj5HZXR0eXMsIEouPC9hPiwgPGEgaHJlZj0ibWFpbHRvOm1vZ3VsQHdybC5k ZWMuY29tIj5Nb2d1bCwgSi48L2E+LCA8YSBocmVmPSJtYWlsdG86ZnJ5c3R5a0B3My5vcmciPkZy eXN0eWssIEguPC9hPiwgPGEgaHJlZj0ibWFpbHRvOm1hc2ludGVyQHBhcmMueGVyb3guY29tIj5N YXNpbnRlciwgTC48L2E+LCA8YSBocmVmPSJtYWlsdG86cGF1bGxlQG1pY3Jvc29mdC5jb20iPkxl YWNoLCBQLjwvYT4sIGFuZCA8YSBocmVmPSJtYWlsdG86dGltYmxAdzMub3JnIj5ULiBCZXJuZXJz LUxlZTwvYT4sICZsZHF1bzs8YSBocmVmPSJodHRwOi8vdG9vbHMuaWV0Zi5vcmcvaHRtbC9yZmMy NjE2Ij5IeXBlcnRleHQgVHJhbnNmZXIgUHJvdG9jb2wgLS0gSFRUUC8xLjE8L2E+LCZyZHF1bzsg UkZDJm5ic3A7MjYxNiwgSnVuZSZuYnNwOzE5OTkgKDxhIGhyZWY9Imh0dHA6Ly93d3cucmZjLWVk aXRvci5vcmcvcmZjL3JmYzI2MTYudHh0Ij5UWFQ8L2E+LCA8YSBocmVmPSJodHRwOi8vd3d3LnJm Yy1lZGl0b3Iub3JnL3JmYy9yZmMyNjE2LnBzIj5QUzwvYT4sIDxhIGhyZWY9Imh0dHA6Ly93d3cu cmZjLWVkaXRvci5vcmcvcmZjL3JmYzI2MTYucGRmIj5QREY8L2E+LCA8YSBocmVmPSJodHRwOi8v eG1sLnJlc291cmNlLm9yZy9wdWJsaWMvcmZjL2h0bWwvcmZjMjYxNi5odG1sIj5IVE1MPC9hPiwg PGEgaHJlZj0iaHR0cDovL3htbC5yZXNvdXJjZS5vcmcvcHVibGljL3JmYy94bWwvcmZjMjYxNi54 bWwiPlhNTDwvYT4pLjwvdGQ+PC90cj4KPHRyPjx0ZCBjbGFzcz0iYXV0aG9yLXRleHQiIHZhbGln bj0idG9wIj48YSBuYW1lPSJSRkMyNjE3Ij5bUkZDMjYxN108L2E+PC90ZD4KPHRkIGNsYXNzPSJh dXRob3ItdGV4dCI+PGEgaHJlZj0ibWFpbHRvOmpvaG5AbWF0aC5ud3UuZWR1Ij5GcmFua3MsIEou PC9hPiwgPGEgaHJlZj0ibWFpbHRvOnBiYWtlckB2ZXJpc2lnbi5jb20iPkhhbGxhbS1CYWtlciwg UC48L2E+LCA8YSBocmVmPSJtYWlsdG86amVmZkBBYmlTb3VyY2UuY29tIj5Ib3N0ZXRsZXIsIEou PC9hPiwgPGEgaHJlZj0ibWFpbHRvOmxhd3JlbmNlQGFncmFuYXQuY29tIj5MYXdyZW5jZSwgUy48 L2E+LCA8YSBocmVmPSJtYWlsdG86cGF1bGxlQG1pY3Jvc29mdC5jb20iPkxlYWNoLCBQLjwvYT4s IEx1b3RvbmVuLCBBLiwgYW5kIDxhIGhyZWY9Im1haWx0bzpzdGV3YXJ0QE9wZW5NYXJrZXQuY29t Ij5MLiBTdGV3YXJ0PC9hPiwgJmxkcXVvOzxhIGhyZWY9Imh0dHA6Ly90b29scy5pZXRmLm9yZy9o dG1sL3JmYzI2MTciPkhUVFAgQXV0aGVudGljYXRpb246IEJhc2ljIGFuZCBEaWdlc3QgQWNjZXNz IEF1dGhlbnRpY2F0aW9uPC9hPiwmcmRxdW87IFJGQyZuYnNwOzI2MTcsIEp1bmUmbmJzcDsxOTk5 ICg8YSBocmVmPSJodHRwOi8vd3d3LnJmYy1lZGl0b3Iub3JnL3JmYy9yZmMyNjE3LnR4dCI+VFhU PC9hPiwgPGEgaHJlZj0iaHR0cDovL3htbC5yZXNvdXJjZS5vcmcvcHVibGljL3JmYy9odG1sL3Jm YzI2MTcuaHRtbCI+SFRNTDwvYT4sIDxhIGhyZWY9Imh0dHA6Ly94bWwucmVzb3VyY2Uub3JnL3B1 YmxpYy9yZmMveG1sL3JmYzI2MTcueG1sIj5YTUw8L2E+KS48L3RkPjwvdHI+Cjx0cj48dGQgY2xh c3M9ImF1dGhvci10ZXh0IiB2YWxpZ249InRvcCI+PGEgbmFtZT0iUkZDMjgxOCI+W1JGQzI4MThd PC9hPjwvdGQ+Cjx0ZCBjbGFzcz0iYXV0aG9yLXRleHQiPlJlc2NvcmxhLCBFLiwgJmxkcXVvOzxh IGhyZWY9Imh0dHA6Ly90b29scy5pZXRmLm9yZy9odG1sL3JmYzI4MTgiPkhUVFAgT3ZlciBUTFM8 L2E+LCZyZHF1bzsgUkZDJm5ic3A7MjgxOCwgTWF5Jm5ic3A7MjAwMCAoPGEgaHJlZj0iaHR0cDov L3d3dy5yZmMtZWRpdG9yLm9yZy9yZmMvcmZjMjgxOC50eHQiPlRYVDwvYT4pLjwvdGQ+PC90cj4K PHRyPjx0ZCBjbGFzcz0iYXV0aG9yLXRleHQiIHZhbGlnbj0idG9wIj48YSBuYW1lPSJSRkMzOTg2 Ij5bUkZDMzk4Nl08L2E+PC90ZD4KPHRkIGNsYXNzPSJhdXRob3ItdGV4dCI+PGEgaHJlZj0ibWFp bHRvOnRpbWJsQHczLm9yZyI+QmVybmVycy1MZWUsIFQuPC9hPiwgPGEgaHJlZj0ibWFpbHRvOmZp ZWxkaW5nQGdiaXYuY29tIj5GaWVsZGluZywgUi48L2E+LCBhbmQgPGEgaHJlZj0ibWFpbHRvOkxN TUBhY20ub3JnIj5MLiBNYXNpbnRlcjwvYT4sICZsZHF1bzs8YSBocmVmPSJodHRwOi8vdG9vbHMu aWV0Zi5vcmcvaHRtbC9yZmMzOTg2Ij5Vbmlmb3JtIFJlc291cmNlIElkZW50aWZpZXIgKFVSSSk6 IEdlbmVyaWMgU3ludGF4PC9hPiwmcmRxdW87IFNURCZuYnNwOzY2LCBSRkMmbmJzcDszOTg2LCBK YW51YXJ5Jm5ic3A7MjAwNSAoPGEgaHJlZj0iaHR0cDovL3d3dy5yZmMtZWRpdG9yLm9yZy9yZmMv cmZjMzk4Ni50eHQiPlRYVDwvYT4sIDxhIGhyZWY9Imh0dHA6Ly94bWwucmVzb3VyY2Uub3JnL3B1 YmxpYy9yZmMvaHRtbC9yZmMzOTg2Lmh0bWwiPkhUTUw8L2E+LCA8YSBocmVmPSJodHRwOi8veG1s LnJlc291cmNlLm9yZy9wdWJsaWMvcmZjL3htbC9yZmMzOTg2LnhtbCI+WE1MPC9hPikuPC90ZD48 L3RyPgo8dHI+PHRkIGNsYXNzPSJhdXRob3ItdGV4dCIgdmFsaWduPSJ0b3AiPjxhIG5hbWU9IlJG QzQ2MjciPltSRkM0NjI3XTwvYT48L3RkPgo8dGQgY2xhc3M9ImF1dGhvci10ZXh0Ij5Dcm9ja2Zv cmQsIEQuLCAmbGRxdW87PGEgaHJlZj0iaHR0cDovL3Rvb2xzLmlldGYub3JnL2h0bWwvcmZjNDYy NyI+VGhlIGFwcGxpY2F0aW9uL2pzb24gTWVkaWEgVHlwZSBmb3IgSmF2YVNjcmlwdCBPYmplY3Qg Tm90YXRpb24gKEpTT04pPC9hPiwmcmRxdW87IFJGQyZuYnNwOzQ2MjcsIEp1bHkmbmJzcDsyMDA2 ICg8YSBocmVmPSJodHRwOi8vd3d3LnJmYy1lZGl0b3Iub3JnL3JmYy9yZmM0NjI3LnR4dCI+VFhU PC9hPikuPC90ZD48L3RyPgo8dHI+PHRkIGNsYXNzPSJhdXRob3ItdGV4dCIgdmFsaWduPSJ0b3Ai PjxhIG5hbWU9IlJGQzQ5NDkiPltSRkM0OTQ5XTwvYT48L3RkPgo8dGQgY2xhc3M9ImF1dGhvci10 ZXh0Ij5TaGlyZXksIFIuLCAmbGRxdW87PGEgaHJlZj0iaHR0cDovL3Rvb2xzLmlldGYub3JnL2h0 bWwvcmZjNDk0OSI+SW50ZXJuZXQgU2VjdXJpdHkgR2xvc3NhcnksIFZlcnNpb24gMjwvYT4sJnJk cXVvOyBSRkMmbmJzcDs0OTQ5LCBBdWd1c3QmbmJzcDsyMDA3ICg8YSBocmVmPSJodHRwOi8vd3d3 LnJmYy1lZGl0b3Iub3JnL3JmYy9yZmM0OTQ5LnR4dCI+VFhUPC9hPikuPC90ZD48L3RyPgo8dHI+ PHRkIGNsYXNzPSJhdXRob3ItdGV4dCIgdmFsaWduPSJ0b3AiPjxhIG5hbWU9IlJGQzUyMjYiPltS RkM1MjI2XTwvYT48L3RkPgo8dGQgY2xhc3M9ImF1dGhvci10ZXh0Ij5OYXJ0ZW4sIFQuIGFuZCBI LiBBbHZlc3RyYW5kLCAmbGRxdW87PGEgaHJlZj0iaHR0cDovL3Rvb2xzLmlldGYub3JnL2h0bWwv cmZjNTIyNiI+R3VpZGVsaW5lcyBmb3IgV3JpdGluZyBhbiBJQU5BIENvbnNpZGVyYXRpb25zIFNl Y3Rpb24gaW4gUkZDczwvYT4sJnJkcXVvOyBCQ1AmbmJzcDsyNiwgUkZDJm5ic3A7NTIyNiwgTWF5 Jm5ic3A7MjAwOCAoPGEgaHJlZj0iaHR0cDovL3d3dy5yZmMtZWRpdG9yLm9yZy9yZmMvcmZjNTIy Ni50eHQiPlRYVDwvYT4pLjwvdGQ+PC90cj4KPHRyPjx0ZCBjbGFzcz0iYXV0aG9yLXRleHQiIHZh bGlnbj0idG9wIj48YSBuYW1lPSJSRkM1MjM0Ij5bUkZDNTIzNF08L2E+PC90ZD4KPHRkIGNsYXNz PSJhdXRob3ItdGV4dCI+Q3JvY2tlciwgRC4gYW5kIFAuIE92ZXJlbGwsICZsZHF1bzs8YSBocmVm PSJodHRwOi8vdG9vbHMuaWV0Zi5vcmcvaHRtbC9yZmM1MjM0Ij5BdWdtZW50ZWQgQk5GIGZvciBT eW50YXggU3BlY2lmaWNhdGlvbnM6IEFCTkY8L2E+LCZyZHF1bzsgU1REJm5ic3A7NjgsIFJGQyZu YnNwOzUyMzQsIEphbnVhcnkmbmJzcDsyMDA4ICg8YSBocmVmPSJodHRwOi8vd3d3LnJmYy1lZGl0 b3Iub3JnL3JmYy9yZmM1MjM0LnR4dCI+VFhUPC9hPikuPC90ZD48L3RyPgo8dHI+PHRkIGNsYXNz PSJhdXRob3ItdGV4dCIgdmFsaWduPSJ0b3AiPjxhIG5hbWU9IlJGQzUyNDYiPltSRkM1MjQ2XTwv YT48L3RkPgo8dGQgY2xhc3M9ImF1dGhvci10ZXh0Ij5EaWVya3MsIFQuIGFuZCBFLiBSZXNjb3Js YSwgJmxkcXVvOzxhIGhyZWY9Imh0dHA6Ly90b29scy5pZXRmLm9yZy9odG1sL3JmYzUyNDYiPlRo ZSBUcmFuc3BvcnQgTGF5ZXIgU2VjdXJpdHkgKFRMUykgUHJvdG9jb2wgVmVyc2lvbiAxLjI8L2E+ LCZyZHF1bzsgUkZDJm5ic3A7NTI0NiwgQXVndXN0Jm5ic3A7MjAwOCAoPGEgaHJlZj0iaHR0cDov L3d3dy5yZmMtZWRpdG9yLm9yZy9yZmMvcmZjNTI0Ni50eHQiPlRYVDwvYT4pLjwvdGQ+PC90cj4K PHRyPjx0ZCBjbGFzcz0iYXV0aG9yLXRleHQiIHZhbGlnbj0idG9wIj48YSBuYW1lPSJSRkM2MTI1 Ij5bUkZDNjEyNV08L2E+PC90ZD4KPHRkIGNsYXNzPSJhdXRob3ItdGV4dCI+U2FpbnQtQW5kcmUs IFAuIGFuZCBKLiBIb2RnZXMsICZsZHF1bzs8YSBocmVmPSJodHRwOi8vdG9vbHMuaWV0Zi5vcmcv aHRtbC9yZmM2MTI1Ij5SZXByZXNlbnRhdGlvbiBhbmQgVmVyaWZpY2F0aW9uIG9mIERvbWFpbi1C YXNlZCBBcHBsaWNhdGlvbiBTZXJ2aWNlIElkZW50aXR5IHdpdGhpbiBJbnRlcm5ldCBQdWJsaWMg S2V5IEluZnJhc3RydWN0dXJlIFVzaW5nIFguNTA5IChQS0lYKSBDZXJ0aWZpY2F0ZXMgaW4gdGhl IENvbnRleHQgb2YgVHJhbnNwb3J0IExheWVyIFNlY3VyaXR5IChUTFMpPC9hPiwmcmRxdW87IFJG QyZuYnNwOzYxMjUsIE1hcmNoJm5ic3A7MjAxMSAoPGEgaHJlZj0iaHR0cDovL3d3dy5yZmMtZWRp dG9yLm9yZy9yZmMvcmZjNjEyNS50eHQiPlRYVDwvYT4pLjwvdGQ+PC90cj4KPHRyPjx0ZCBjbGFz cz0iYXV0aG9yLXRleHQiIHZhbGlnbj0idG9wIj48YSBuYW1lPSJVU0FTQ0lJIj5bVVNBU0NJSV08 L2E+PC90ZD4KPHRkIGNsYXNzPSJhdXRob3ItdGV4dCI+QW1lcmljYW4gTmF0aW9uYWwgU3RhbmRh cmRzIEluc3RpdHV0ZSwgJmxkcXVvO0NvZGVkIENoYXJhY3RlciBTZXQgLS0gNy1iaXQgQW1lcmlj YW4gU3RhbmRhcmQgQ29kZSBmb3IgSW5mb3JtYXRpb24gSW50ZXJjaGFuZ2UsJnJkcXVvOyBBTlNJ Jm5ic3A7WDMuNCwgMTk4Ni48L3RkPjwvdHI+Cjx0cj48dGQgY2xhc3M9ImF1dGhvci10ZXh0IiB2 YWxpZ249InRvcCI+PGEgbmFtZT0iVzNDLlJFQy1odG1sNDAxLTE5OTkxMjI0Ij5bVzNDLlJFQy1o dG1sNDAxLTE5OTkxMjI0XTwvYT48L3RkPgo8dGQgY2xhc3M9ImF1dGhvci10ZXh0Ij5Ib3JzLCBB LiwgUmFnZ2V0dCwgRC4sIGFuZCBJLiBKYWNvYnMsICZsZHF1bzs8YSBocmVmPSJodHRwOi8vd3d3 LnczLm9yZy9UUi8xOTk5L1JFQy1odG1sNDAxLTE5OTkxMjI0Ij5IVE1MIDQuMDEgU3BlY2lmaWNh dGlvbjwvYT4sJnJkcXVvOyBXb3JsZCBXaWRlIFdlYiBDb25zb3J0aXVtIFJlY29tbWVuZGF0aW9u Jm5ic3A7UkVDLWh0bWw0MDEtMTk5OTEyMjQsIERlY2VtYmVyJm5ic3A7MTk5OSAoPGEgaHJlZj0i aHR0cDovL3d3dy53My5vcmcvVFIvMTk5OS9SRUMtaHRtbDQwMS0xOTk5MTIyNCI+SFRNTDwvYT4p LjwvdGQ+PC90cj4KPC90YWJsZT4KCjxhIG5hbWU9InJmYy5yZWZlcmVuY2VzMiI+PC9hPjxiciAv PjxociAvPgo8dGFibGUgc3VtbWFyeT0ibGF5b3V0IiBjZWxscGFkZGluZz0iMCIgY2VsbHNwYWNp bmc9IjIiIGNsYXNzPSJUT0NidWciIGFsaWduPSJyaWdodCI+PHRyPjx0ZCBjbGFzcz0iVE9DYnVn Ij48YSBocmVmPSIjdG9jIj4mbmJzcDtUT0MmbmJzcDs8L2E+PC90ZD48L3RyPjwvdGFibGU+Cjxo Mz4xMi4yLiZuYnNwO0luZm9ybWF0aXZlIFJlZmVyZW5jZXM8L2gzPgo8dGFibGUgd2lkdGg9Ijk5 JSIgYm9yZGVyPSIwIj4KPHRyPjx0ZCBjbGFzcz0iYXV0aG9yLXRleHQiIHZhbGlnbj0idG9wIj48 YSBuYW1lPSJJLUQuZHJhZnQtaGFyZHQtb2F1dGgtMDEiPltJLUQuZHJhZnQtaGFyZHQtb2F1dGgt MDFdPC9hPjwvdGQ+Cjx0ZCBjbGFzcz0iYXV0aG9yLXRleHQiPkhhcmR0LCBELiwgRWQuLCBUb20s IEEuLCBFYXRvbiwgQi4sIGFuZCBZLiBHb2xhbmQsICZsZHF1bzs8YSBocmVmPSJodHRwOi8vdG9v bHMuaWV0Zi5vcmcvaHRtbC9kcmFmdC1oYXJkdC1vYXV0aC0wMSI+T0F1dGggV2ViIFJlc291cmNl IEF1dGhvcml6YXRpb24gUHJvZmlsZXM8L2E+LCZyZHF1bzsgSmFudWFyeSZuYnNwOzIwMTAuPC90 ZD48L3RyPgo8dHI+PHRkIGNsYXNzPSJhdXRob3ItdGV4dCIgdmFsaWduPSJ0b3AiPjxhIG5hbWU9 IkktRC5pZXRmLW9hdXRoLXNhbWwyLWJlYXJlciI+W0ktRC5pZXRmLW9hdXRoLXNhbWwyLWJlYXJl cl08L2E+PC90ZD4KPHRkIGNsYXNzPSJhdXRob3ItdGV4dCI+Q2FtcGJlbGwsIEIuIGFuZCBDLiBN b3J0aW1vcmUsICZsZHF1bzs8YSBocmVmPSJodHRwOi8vdG9vbHMuaWV0Zi5vcmcvaHRtbC9kcmFm dC1pZXRmLW9hdXRoLXNhbWwyLWJlYXJlci0xMyI+U0FNTCAyLjAgQmVhcmVyIEFzc2VydGlvbiBQ cm9maWxlcyBmb3IgT0F1dGggMi4wPC9hPiwmcmRxdW87IGRyYWZ0LWlldGYtb2F1dGgtc2FtbDIt YmVhcmVyLTEzICh3b3JrIGluIHByb2dyZXNzKSwgSnVseSZuYnNwOzIwMTIgKDxhIGhyZWY9Imh0 dHA6Ly93d3cuaWV0Zi5vcmcvaW50ZXJuZXQtZHJhZnRzL2RyYWZ0LWlldGYtb2F1dGgtc2FtbDIt YmVhcmVyLTEzLnR4dCI+VFhUPC9hPikuPC90ZD48L3RyPgo8dHI+PHRkIGNsYXNzPSJhdXRob3It dGV4dCIgdmFsaWduPSJ0b3AiPjxhIG5hbWU9IkktRC5pZXRmLW9hdXRoLXYyLWJlYXJlciI+W0kt RC5pZXRmLW9hdXRoLXYyLWJlYXJlcl08L2E+PC90ZD4KPHRkIGNsYXNzPSJhdXRob3ItdGV4dCI+ Sm9uZXMsIE0uLCBIYXJkdCwgRC4sIGFuZCBELiBSZWNvcmRvbiwgJmxkcXVvOzxhIGhyZWY9Imh0 dHA6Ly90b29scy5pZXRmLm9yZy9odG1sL2RyYWZ0LWlldGYtb2F1dGgtdjItYmVhcmVyLTIxIj5U aGUgT0F1dGggMi4wIEF1dGhvcml6YXRpb24gRnJhbWV3b3JrOiBCZWFyZXIgVG9rZW4gVXNhZ2U8 L2E+LCZyZHF1bzsgZHJhZnQtaWV0Zi1vYXV0aC12Mi1iZWFyZXItMjEgKHdvcmsgaW4gcHJvZ3Jl c3MpLCBKdW5lJm5ic3A7MjAxMiAoPGEgaHJlZj0iaHR0cDovL3d3dy5pZXRmLm9yZy9pbnRlcm5l dC1kcmFmdHMvZHJhZnQtaWV0Zi1vYXV0aC12Mi1iZWFyZXItMjEudHh0Ij5UWFQ8L2E+LCA8YSBo cmVmPSJodHRwOi8vd3d3LmlldGYub3JnL2ludGVybmV0LWRyYWZ0cy9kcmFmdC1pZXRmLW9hdXRo LXYyLWJlYXJlci0yMS5wZGYiPlBERjwvYT4pLjwvdGQ+PC90cj4KPHRyPjx0ZCBjbGFzcz0iYXV0 aG9yLXRleHQiIHZhbGlnbj0idG9wIj48YSBuYW1lPSJJLUQuaWV0Zi1vYXV0aC12Mi1odHRwLW1h YyI+W0ktRC5pZXRmLW9hdXRoLXYyLWh0dHAtbWFjXTwvYT48L3RkPgo8dGQgY2xhc3M9ImF1dGhv ci10ZXh0Ij5IYW1tZXItTGFoYXYsIEUuLCAmbGRxdW87PGEgaHJlZj0iaHR0cDovL3Rvb2xzLmll dGYub3JnL2h0bWwvZHJhZnQtaWV0Zi1vYXV0aC12Mi1odHRwLW1hYy0wMSI+SFRUUCBBdXRoZW50 aWNhdGlvbjogTUFDIEFjY2VzcyBBdXRoZW50aWNhdGlvbjwvYT4sJnJkcXVvOyBkcmFmdC1pZXRm LW9hdXRoLXYyLWh0dHAtbWFjLTAxICh3b3JrIGluIHByb2dyZXNzKSwgRmVicnVhcnkmbmJzcDsy MDEyICg8YSBocmVmPSJodHRwOi8vd3d3LmlldGYub3JnL2ludGVybmV0LWRyYWZ0cy9kcmFmdC1p ZXRmLW9hdXRoLXYyLWh0dHAtbWFjLTAxLnR4dCI+VFhUPC9hPiwgPGEgaHJlZj0iaHR0cDovL3d3 dy5pZXRmLm9yZy9pbnRlcm5ldC1kcmFmdHMvZHJhZnQtaWV0Zi1vYXV0aC12Mi1odHRwLW1hYy0w MS5wZGYiPlBERjwvYT4pLjwvdGQ+PC90cj4KPHRyPjx0ZCBjbGFzcz0iYXV0aG9yLXRleHQiIHZh bGlnbj0idG9wIj48YSBuYW1lPSJJLUQuaWV0Zi1vYXV0aC12Mi10aHJlYXRtb2RlbCI+W0ktRC5p ZXRmLW9hdXRoLXYyLXRocmVhdG1vZGVsXTwvYT48L3RkPgo8dGQgY2xhc3M9ImF1dGhvci10ZXh0 Ij5Mb2RkZXJzdGVkdCwgVC4sIE1jR2xvaW4sIE0uLCBhbmQgUC4gSHVudCwgJmxkcXVvOzxhIGhy ZWY9Imh0dHA6Ly90b29scy5pZXRmLm9yZy9odG1sL2RyYWZ0LWlldGYtb2F1dGgtdjItdGhyZWF0 bW9kZWwtMDYiPk9BdXRoIDIuMCBUaHJlYXQgTW9kZWwgYW5kIFNlY3VyaXR5IENvbnNpZGVyYXRp b25zPC9hPiwmcmRxdW87IGRyYWZ0LWlldGYtb2F1dGgtdjItdGhyZWF0bW9kZWwtMDYgKHdvcmsg aW4gcHJvZ3Jlc3MpLCBKdW5lJm5ic3A7MjAxMiAoPGEgaHJlZj0iaHR0cDovL3d3dy5pZXRmLm9y Zy9pbnRlcm5ldC1kcmFmdHMvZHJhZnQtaWV0Zi1vYXV0aC12Mi10aHJlYXRtb2RlbC0wNi50eHQi PlRYVDwvYT4pLjwvdGQ+PC90cj4KPHRyPjx0ZCBjbGFzcz0iYXV0aG9yLXRleHQiIHZhbGlnbj0i dG9wIj48YSBuYW1lPSJSRkM1ODQ5Ij5bUkZDNTg0OV08L2E+PC90ZD4KPHRkIGNsYXNzPSJhdXRo b3ItdGV4dCI+SGFtbWVyLUxhaGF2LCBFLiwgJmxkcXVvOzxhIGhyZWY9Imh0dHA6Ly90b29scy5p ZXRmLm9yZy9odG1sL3JmYzU4NDkiPlRoZSBPQXV0aCAxLjAgUHJvdG9jb2w8L2E+LCZyZHF1bzsg UkZDJm5ic3A7NTg0OSwgQXByaWwmbmJzcDsyMDEwICg8YSBocmVmPSJodHRwOi8vd3d3LnJmYy1l ZGl0b3Iub3JnL3JmYy9yZmM1ODQ5LnR4dCI+VFhUPC9hPikuPC90ZD48L3RyPgo8dHI+PHRkIGNs YXNzPSJhdXRob3ItdGV4dCIgdmFsaWduPSJ0b3AiPjxhIG5hbWU9IlVOSUNPREU1Ij5bVU5JQ09E RTVdPC9hPjwvdGQ+Cjx0ZCBjbGFzcz0iYXV0aG9yLXRleHQiPlRoZSBVbmljb2RlIENvbnNvcnRp dW0sICZsZHF1bzs8YSBocmVmPSJodHRwOi8vd3d3LnVuaWNvZGUub3JnL3ZlcnNpb25zL1VuaWNv ZGU1LjAuMC8iPlRoZSBVbmljb2RlIFN0YW5kYXJkIC0gVmVyc2lvbiA1LjA8L2E+LCZyZHF1bzsg Tm92ZW1iZXImbmJzcDsyMDA2LjwvdGQ+PC90cj4KPC90YWJsZT4KCjxhIG5hbWU9ImFuY2hvcjU2 Ij48L2E+PGJyIC8+PGhyIC8+Cjx0YWJsZSBzdW1tYXJ5PSJsYXlvdXQiIGNlbGxwYWRkaW5nPSIw IiBjZWxsc3BhY2luZz0iMiIgY2xhc3M9IlRPQ2J1ZyIgYWxpZ249InJpZ2h0Ij48dHI+PHRkIGNs YXNzPSJUT0NidWciPjxhIGhyZWY9IiN0b2MiPiZuYnNwO1RPQyZuYnNwOzwvYT48L3RkPjwvdHI+ PC90YWJsZT4KPGEgbmFtZT0icmZjLnNlY3Rpb24uQSI+PC9hPjxoMz5BcHBlbmRpeCBBLiZuYnNw OwpBdWdtZW50ZWQgQmFja3VzLU5hdXIgRm9ybSAoQUJORikgU3ludGF4PC9oMz4KCjxwPgoJVGhp cyBzZWN0aW9uIHByb3ZpZGVzIEF1Z21lbnRlZCBCYWNrdXMtTmF1ciBGb3JtIChBQk5GKSBzeW50 YXgKCWRlc2NyaXB0aW9ucyBmb3IgdGhlIGVsZW1lbnRzIGRlZmluZWQgaW4gdGhpcyBzcGVjaWZp Y2F0aW9uCgl1c2luZyB0aGUgbm90YXRpb24gb2YgPGEgY2xhc3M9J2luZm8nIGhyZWY9JyNSRkM1 MjM0Jz5bUkZDNTIzNF08c3Bhbj4gKDwvc3Bhbj48c3BhbiBjbGFzcz0naW5mbyc+Q3JvY2tlciwg RC4gYW5kIFAuIE92ZXJlbGwsICZsZHF1bztBdWdtZW50ZWQgQk5GIGZvciBTeW50YXggU3BlY2lm aWNhdGlvbnM6IEFCTkYsJnJkcXVvOyBKYW51YXJ5Jm5ic3A7MjAwOC48L3NwYW4+PHNwYW4+KTwv c3Bhbj48L2E+LgoJVGhlIEFCTkYgYmVsb3cgaXMgZGVmaW5lZCBpbiB0ZXJtcyBvZgoJVW5pY29k ZSBjb2RlIHBvaW50cyA8YSBjbGFzcz0naW5mbycgaHJlZj0nI1VOSUNPREU1Jz5bVU5JQ09ERTVd PHNwYW4+ICg8L3NwYW4+PHNwYW4gY2xhc3M9J2luZm8nPlRoZSBVbmljb2RlIENvbnNvcnRpdW0s ICZsZHF1bztUaGUgVW5pY29kZSBTdGFuZGFyZCAtIFZlcnNpb24gNS4wLCZyZHF1bzsgTm92ZW1i ZXImbmJzcDsyMDA2Ljwvc3Bhbj48c3Bhbj4pPC9zcGFuPjwvYT47Cgl0aGVzZSBjaGFyYWN0ZXJz IGFyZSB0eXBpY2FsbHkgZW5jb2RlZCBpbiBVVEYtOC4KCUVsZW1lbnRzIGFyZSBwcmVzZW50ZWQg aW4gdGhlIG9yZGVyIGZpcnN0IGRlZmluZWQuCiAgICAgIAo8L3A+CjxwPgoJU29tZSBvZiB0aGUg ZGVmaW5pdGlvbnMgdGhhdCBmb2xsb3cgdXNlIHRoZQoJPHR0PlVSSS1yZWZlcmVuY2U8L3R0PgoJ ZGVmaW5pdGlvbiBmcm9tIDxhIGNsYXNzPSdpbmZvJyBocmVmPScjUkZDMzk4Nic+W1JGQzM5ODZd PHNwYW4+ICg8L3NwYW4+PHNwYW4gY2xhc3M9J2luZm8nPkJlcm5lcnMtTGVlLCBULiwgRmllbGRp bmcsIFIuLCBhbmQgTC4gTWFzaW50ZXIsICZsZHF1bztVbmlmb3JtIFJlc291cmNlIElkZW50aWZp ZXIgKFVSSSk6IEdlbmVyaWMgU3ludGF4LCZyZHF1bzsgSmFudWFyeSZuYnNwOzIwMDUuPC9zcGFu PjxzcGFuPik8L3NwYW4+PC9hPi4KICAgICAgCjwvcD4KPHA+CgkgIFNvbWUgb2YgdGhlIGRlZmlu aXRpb25zIHRoYXQgZm9sbG93IHVzZSB0aGVzZSBjb21tb24gZGVmaW5pdGlvbnM6CgkKPC9wPjxk aXYgc3R5bGU9J2Rpc3BsYXk6IHRhYmxlOyB3aWR0aDogMDsgbWFyZ2luLWxlZnQ6IDNlbTsgbWFy Z2luLXJpZ2h0OiBhdXRvJz48cHJlPgogIFZTQ0hBUiAgICAgPSAleDIwLTdFCiAgTlFDSEFSICAg ICA9ICV4MjEgLyAleDIzLTVCIC8gJXg1RC03RQogIE5RU0NIQVIgICAgPSAleDIwLTIxIC8gJXgy My01QiAvICV4NUQtN0UKICBVTklDT0RFTk9DVFJMQ0hBUiA9ICZsdDtBbnkgVW5pY29kZSBjaGFy YWN0ZXIgb3RoZXIgdGhhbiAoJXgwLTFGIC8gJXg3RikmZ3Q7CjwvcHJlPjwvZGl2Pgo8YSBuYW1l PSJhbmNob3I1NyI+PC9hPjxiciAvPjxociAvPgo8dGFibGUgc3VtbWFyeT0ibGF5b3V0IiBjZWxs cGFkZGluZz0iMCIgY2VsbHNwYWNpbmc9IjIiIGNsYXNzPSJUT0NidWciIGFsaWduPSJyaWdodCI+ PHRyPjx0ZCBjbGFzcz0iVE9DYnVnIj48YSBocmVmPSIjdG9jIj4mbmJzcDtUT0MmbmJzcDs8L2E+ PC90ZD48L3RyPjwvdGFibGU+CjxhIG5hbWU9InJmYy5zZWN0aW9uLkEuMSI+PC9hPjxoMz5BLjEu Jm5ic3A7CiJjbGllbnRfaWQiIFN5bnRheDwvaDM+Cgo8cD4KCSAgICBUaGUgPHR0PmNsaWVudF9p ZDwvdHQ+IGVsZW1lbnQgaXMgZGVmaW5lZCBpbgoJICAgIDxhIGNsYXNzPSdpbmZvJyBocmVmPScj Y2xpZW50LXBhc3N3b3JkJz5TZWN0aW9uJm5ic3A7Mi4zLjE8c3Bhbj4gKDwvc3Bhbj48c3BhbiBj bGFzcz0naW5mbyc+Q2xpZW50IFBhc3N3b3JkPC9zcGFuPjxzcGFuPik8L3NwYW4+PC9hPjoKCSAg CjwvcD48ZGl2IHN0eWxlPSdkaXNwbGF5OiB0YWJsZTsgd2lkdGg6IDA7IG1hcmdpbi1sZWZ0OiAz ZW07IG1hcmdpbi1yaWdodDogYXV0byc+PHByZT4KICBjbGllbnQtaWQgICAgID0gKlZTQ0hBUgo8 L3ByZT48L2Rpdj4KPGEgbmFtZT0iYW5jaG9yNTgiPjwvYT48YnIgLz48aHIgLz4KPHRhYmxlIHN1 bW1hcnk9ImxheW91dCIgY2VsbHBhZGRpbmc9IjAiIGNlbGxzcGFjaW5nPSIyIiBjbGFzcz0iVE9D YnVnIiBhbGlnbj0icmlnaHQiPjx0cj48dGQgY2xhc3M9IlRPQ2J1ZyI+PGEgaHJlZj0iI3RvYyI+ Jm5ic3A7VE9DJm5ic3A7PC9hPjwvdGQ+PC90cj48L3RhYmxlPgo8YSBuYW1lPSJyZmMuc2VjdGlv bi5BLjIiPjwvYT48aDM+QS4yLiZuYnNwOwoiY2xpZW50X3NlY3JldCIgU3ludGF4PC9oMz4KCjxw PgoJICAgIFRoZSA8dHQ+Y2xpZW50X3NlY3JldDwvdHQ+IGVsZW1lbnQgaXMgZGVmaW5lZCBpbgoJ ICAgIDxhIGNsYXNzPSdpbmZvJyBocmVmPScjY2xpZW50LXBhc3N3b3JkJz5TZWN0aW9uJm5ic3A7 Mi4zLjE8c3Bhbj4gKDwvc3Bhbj48c3BhbiBjbGFzcz0naW5mbyc+Q2xpZW50IFBhc3N3b3JkPC9z cGFuPjxzcGFuPik8L3NwYW4+PC9hPjoKCSAgCjwvcD48ZGl2IHN0eWxlPSdkaXNwbGF5OiB0YWJs ZTsgd2lkdGg6IDA7IG1hcmdpbi1sZWZ0OiAzZW07IG1hcmdpbi1yaWdodDogYXV0byc+PHByZT4K ICBjbGllbnQtc2VjcmV0ID0gKlZTQ0hBUgo8L3ByZT48L2Rpdj4KPGEgbmFtZT0iYW5jaG9yNTki PjwvYT48YnIgLz48aHIgLz4KPHRhYmxlIHN1bW1hcnk9ImxheW91dCIgY2VsbHBhZGRpbmc9IjAi IGNlbGxzcGFjaW5nPSIyIiBjbGFzcz0iVE9DYnVnIiBhbGlnbj0icmlnaHQiPjx0cj48dGQgY2xh c3M9IlRPQ2J1ZyI+PGEgaHJlZj0iI3RvYyI+Jm5ic3A7VE9DJm5ic3A7PC9hPjwvdGQ+PC90cj48 L3RhYmxlPgo8YSBuYW1lPSJyZmMuc2VjdGlvbi5BLjMiPjwvYT48aDM+QS4zLiZuYnNwOwoicmVz cG9uc2VfdHlwZSIgU3ludGF4PC9oMz4KCjxwPgoJICAgIFRoZSA8dHQ+cmVzcG9uc2VfdHlwZTwv dHQ+IGVsZW1lbnQgaXMgZGVmaW5lZCBpbgoJICAgIDxhIGNsYXNzPSdpbmZvJyBocmVmPScjcmVz cG9uc2UtdHlwZSc+U2VjdGlvbiZuYnNwOzMuMS4xPHNwYW4+ICg8L3NwYW4+PHNwYW4gY2xhc3M9 J2luZm8nPlJlc3BvbnNlIFR5cGU8L3NwYW4+PHNwYW4+KTwvc3Bhbj48L2E+IGFuZAoJICAgIDxh IGNsYXNzPSdpbmZvJyBocmVmPScjcmVzcG9uc2UtdHlwZS1leHQnPlNlY3Rpb24mbmJzcDs4LjQ8 c3Bhbj4gKDwvc3Bhbj48c3BhbiBjbGFzcz0naW5mbyc+RGVmaW5pbmcgTmV3IEF1dGhvcml6YXRp b24gRW5kcG9pbnQgUmVzcG9uc2UgVHlwZXM8L3NwYW4+PHNwYW4+KTwvc3Bhbj48L2E+OgoJICAK PC9wPjxkaXYgc3R5bGU9J2Rpc3BsYXk6IHRhYmxlOyB3aWR0aDogMDsgbWFyZ2luLWxlZnQ6IDNl bTsgbWFyZ2luLXJpZ2h0OiBhdXRvJz48cHJlPgogIHJlc3BvbnNlLXR5cGUgPSByZXNwb25zZS1u YW1lICooIFNQIHJlc3BvbnNlLW5hbWUgKQogIHJlc3BvbnNlLW5hbWUgPSAxKnJlc3BvbnNlLWNo YXIKICByZXNwb25zZS1jaGFyID0gIl8iIC8gRElHSVQgLyBBTFBIQQo8L3ByZT48L2Rpdj4KPGEg bmFtZT0iYW5jaG9yNjAiPjwvYT48YnIgLz48aHIgLz4KPHRhYmxlIHN1bW1hcnk9ImxheW91dCIg Y2VsbHBhZGRpbmc9IjAiIGNlbGxzcGFjaW5nPSIyIiBjbGFzcz0iVE9DYnVnIiBhbGlnbj0icmln aHQiPjx0cj48dGQgY2xhc3M9IlRPQ2J1ZyI+PGEgaHJlZj0iI3RvYyI+Jm5ic3A7VE9DJm5ic3A7 PC9hPjwvdGQ+PC90cj48L3RhYmxlPgo8YSBuYW1lPSJyZmMuc2VjdGlvbi5BLjQiPjwvYT48aDM+ QS40LiZuYnNwOwoic2NvcGUiIFN5bnRheDwvaDM+Cgo8cD4KCSAgICBUaGUgPHR0PnNjb3BlPC90 dD4gZWxlbWVudCBpcyBkZWZpbmVkIGluCgkgICAgPGEgY2xhc3M9J2luZm8nIGhyZWY9JyNzY29w ZSc+U2VjdGlvbiZuYnNwOzMuMzxzcGFuPiAoPC9zcGFuPjxzcGFuIGNsYXNzPSdpbmZvJz5BY2Nl c3MgVG9rZW4gU2NvcGU8L3NwYW4+PHNwYW4+KTwvc3Bhbj48L2E+OgoJICAKPC9wPjxkaXYgc3R5 bGU9J2Rpc3BsYXk6IHRhYmxlOyB3aWR0aDogMDsgbWFyZ2luLWxlZnQ6IDNlbTsgbWFyZ2luLXJp Z2h0OiBhdXRvJz48cHJlPgogIHNjb3BlICAgICAgID0gc2NvcGUtdG9rZW4gKiggU1Agc2NvcGUt dG9rZW4gKQogIHNjb3BlLXRva2VuID0gMSpOUUNIQVIKPC9wcmU+PC9kaXY+CjxhIG5hbWU9ImFu Y2hvcjYxIj48L2E+PGJyIC8+PGhyIC8+Cjx0YWJsZSBzdW1tYXJ5PSJsYXlvdXQiIGNlbGxwYWRk aW5nPSIwIiBjZWxsc3BhY2luZz0iMiIgY2xhc3M9IlRPQ2J1ZyIgYWxpZ249InJpZ2h0Ij48dHI+ PHRkIGNsYXNzPSJUT0NidWciPjxhIGhyZWY9IiN0b2MiPiZuYnNwO1RPQyZuYnNwOzwvYT48L3Rk PjwvdHI+PC90YWJsZT4KPGEgbmFtZT0icmZjLnNlY3Rpb24uQS41Ij48L2E+PGgzPkEuNS4mbmJz cDsKInN0YXRlIiBTeW50YXg8L2gzPgoKPHA+CgkgICAgVGhlIDx0dD5zdGF0ZTwvdHQ+IGVsZW1l bnQgaXMgZGVmaW5lZCBpbgoJICAgIDxhIGNsYXNzPSdpbmZvJyBocmVmPScjY29kZS1hdXRoei1y ZXEnPlNlY3Rpb24mbmJzcDs0LjEuMTxzcGFuPiAoPC9zcGFuPjxzcGFuIGNsYXNzPSdpbmZvJz5B dXRob3JpemF0aW9uIFJlcXVlc3Q8L3NwYW4+PHNwYW4+KTwvc3Bhbj48L2E+LAoJICAgIDxhIGNs YXNzPSdpbmZvJyBocmVmPScjY29kZS1hdXRoei1yZXNwJz5TZWN0aW9uJm5ic3A7NC4xLjI8c3Bh bj4gKDwvc3Bhbj48c3BhbiBjbGFzcz0naW5mbyc+QXV0aG9yaXphdGlvbiBSZXNwb25zZTwvc3Bh bj48c3Bhbj4pPC9zcGFuPjwvYT4sCgkgICAgPGEgY2xhc3M9J2luZm8nIGhyZWY9JyNjb2RlLWF1 dGh6LWVycm9yJz5TZWN0aW9uJm5ic3A7NC4xLjIuMTxzcGFuPiAoPC9zcGFuPjxzcGFuIGNsYXNz PSdpbmZvJz5FcnJvciBSZXNwb25zZTwvc3Bhbj48c3Bhbj4pPC9zcGFuPjwvYT4sCgkgICAgPGEg Y2xhc3M9J2luZm8nIGhyZWY9JyNpbXBsaWNpdC1hdXRoei1yZXEnPlNlY3Rpb24mbmJzcDs0LjIu MTxzcGFuPiAoPC9zcGFuPjxzcGFuIGNsYXNzPSdpbmZvJz5BdXRob3JpemF0aW9uIFJlcXVlc3Q8 L3NwYW4+PHNwYW4+KTwvc3Bhbj48L2E+LAoJICAgIDxhIGNsYXNzPSdpbmZvJyBocmVmPScjaW1w bGljaXQtYXV0aHotcmVzcCc+U2VjdGlvbiZuYnNwOzQuMi4yPHNwYW4+ICg8L3NwYW4+PHNwYW4g Y2xhc3M9J2luZm8nPkFjY2VzcyBUb2tlbiBSZXNwb25zZTwvc3Bhbj48c3Bhbj4pPC9zcGFuPjwv YT4sIGFuZAoJICAgIDxhIGNsYXNzPSdpbmZvJyBocmVmPScjaW1wbGljaXQtYXV0aHotZXJyb3In PlNlY3Rpb24mbmJzcDs0LjIuMi4xPHNwYW4+ICg8L3NwYW4+PHNwYW4gY2xhc3M9J2luZm8nPkVy cm9yIFJlc3BvbnNlPC9zcGFuPjxzcGFuPik8L3NwYW4+PC9hPjoKCSAgCjwvcD48ZGl2IHN0eWxl PSdkaXNwbGF5OiB0YWJsZTsgd2lkdGg6IDA7IG1hcmdpbi1sZWZ0OiAzZW07IG1hcmdpbi1yaWdo dDogYXV0byc+PHByZT4KICBzdGF0ZSAgICAgID0gMSpWU0NIQVIKPC9wcmU+PC9kaXY+CjxhIG5h bWU9ImFuY2hvcjYyIj48L2E+PGJyIC8+PGhyIC8+Cjx0YWJsZSBzdW1tYXJ5PSJsYXlvdXQiIGNl bGxwYWRkaW5nPSIwIiBjZWxsc3BhY2luZz0iMiIgY2xhc3M9IlRPQ2J1ZyIgYWxpZ249InJpZ2h0 Ij48dHI+PHRkIGNsYXNzPSJUT0NidWciPjxhIGhyZWY9IiN0b2MiPiZuYnNwO1RPQyZuYnNwOzwv YT48L3RkPjwvdHI+PC90YWJsZT4KPGEgbmFtZT0icmZjLnNlY3Rpb24uQS42Ij48L2E+PGgzPkEu Ni4mbmJzcDsKInJlZGlyZWN0X3VyaSIgU3ludGF4PC9oMz4KCjxwPgoJICAgIFRoZSA8dHQ+cmVk aXJlY3RfdXJpPC90dD4gZWxlbWVudCBpcyBkZWZpbmVkIGluCgkgICAgPGEgY2xhc3M9J2luZm8n IGhyZWY9JyNjb2RlLWF1dGh6LXJlcSc+U2VjdGlvbiZuYnNwOzQuMS4xPHNwYW4+ICg8L3NwYW4+ PHNwYW4gY2xhc3M9J2luZm8nPkF1dGhvcml6YXRpb24gUmVxdWVzdDwvc3Bhbj48c3Bhbj4pPC9z cGFuPjwvYT4sCgkgICAgPGEgY2xhc3M9J2luZm8nIGhyZWY9JyN0b2tlbi1yZXEnPlNlY3Rpb24m bmJzcDs0LjEuMzxzcGFuPiAoPC9zcGFuPjxzcGFuIGNsYXNzPSdpbmZvJz5BY2Nlc3MgVG9rZW4g UmVxdWVzdDwvc3Bhbj48c3Bhbj4pPC9zcGFuPjwvYT4sIGFuZAoJICAgIDxhIGNsYXNzPSdpbmZv JyBocmVmPScjaW1wbGljaXQtYXV0aHotcmVxJz5TZWN0aW9uJm5ic3A7NC4yLjE8c3Bhbj4gKDwv c3Bhbj48c3BhbiBjbGFzcz0naW5mbyc+QXV0aG9yaXphdGlvbiBSZXF1ZXN0PC9zcGFuPjxzcGFu Pik8L3NwYW4+PC9hPjoKCSAgCjwvcD48ZGl2IHN0eWxlPSdkaXNwbGF5OiB0YWJsZTsgd2lkdGg6 IDA7IG1hcmdpbi1sZWZ0OiAzZW07IG1hcmdpbi1yaWdodDogYXV0byc+PHByZT4KICByZWRpcmVj dC11cmkgICAgICA9IFVSSS1yZWZlcmVuY2UKPC9wcmU+PC9kaXY+CjxhIG5hbWU9ImFuY2hvcjYz Ij48L2E+PGJyIC8+PGhyIC8+Cjx0YWJsZSBzdW1tYXJ5PSJsYXlvdXQiIGNlbGxwYWRkaW5nPSIw IiBjZWxsc3BhY2luZz0iMiIgY2xhc3M9IlRPQ2J1ZyIgYWxpZ249InJpZ2h0Ij48dHI+PHRkIGNs YXNzPSJUT0NidWciPjxhIGhyZWY9IiN0b2MiPiZuYnNwO1RPQyZuYnNwOzwvYT48L3RkPjwvdHI+ PC90YWJsZT4KPGEgbmFtZT0icmZjLnNlY3Rpb24uQS43Ij48L2E+PGgzPkEuNy4mbmJzcDsKImVy cm9yIiBTeW50YXg8L2gzPgoKPHA+CgkgICAgVGhlIDx0dD5lcnJvcjwvdHQ+IGVsZW1lbnQgaXMg ZGVmaW5lZCBpbgoJICAgIDxhIGNsYXNzPSdpbmZvJyBocmVmPScjY29kZS1hdXRoei1lcnJvcic+ U2VjdGlvbiZuYnNwOzQuMS4yLjE8c3Bhbj4gKDwvc3Bhbj48c3BhbiBjbGFzcz0naW5mbyc+RXJy b3IgUmVzcG9uc2U8L3NwYW4+PHNwYW4+KTwvc3Bhbj48L2E+LAoJICAgIDxhIGNsYXNzPSdpbmZv JyBocmVmPScjaW1wbGljaXQtYXV0aHotZXJyb3InPlNlY3Rpb24mbmJzcDs0LjIuMi4xPHNwYW4+ ICg8L3NwYW4+PHNwYW4gY2xhc3M9J2luZm8nPkVycm9yIFJlc3BvbnNlPC9zcGFuPjxzcGFuPik8 L3NwYW4+PC9hPiwKCSAgICA8YSBjbGFzcz0naW5mbycgaHJlZj0nI3Rva2VuLWVycm9ycyc+U2Vj dGlvbiZuYnNwOzUuMjxzcGFuPiAoPC9zcGFuPjxzcGFuIGNsYXNzPSdpbmZvJz5FcnJvciBSZXNw b25zZTwvc3Bhbj48c3Bhbj4pPC9zcGFuPjwvYT4sCgkgICAgPGEgY2xhc3M9J2luZm8nIGhyZWY9 JyNyZXNvdXJjZS1lcnJvcnMnPlNlY3Rpb24mbmJzcDs3LjI8c3Bhbj4gKDwvc3Bhbj48c3BhbiBj bGFzcz0naW5mbyc+RXJyb3IgUmVzcG9uc2U8L3NwYW4+PHNwYW4+KTwvc3Bhbj48L2E+LCBhbmQK CSAgICA8YSBjbGFzcz0naW5mbycgaHJlZj0nI25ldy1lcnJvcnMnPlNlY3Rpb24mbmJzcDs4LjU8 c3Bhbj4gKDwvc3Bhbj48c3BhbiBjbGFzcz0naW5mbyc+RGVmaW5pbmcgQWRkaXRpb25hbCBFcnJv ciBDb2Rlczwvc3Bhbj48c3Bhbj4pPC9zcGFuPjwvYT46CgkgIAo8L3A+PGRpdiBzdHlsZT0nZGlz cGxheTogdGFibGU7IHdpZHRoOiAwOyBtYXJnaW4tbGVmdDogM2VtOyBtYXJnaW4tcmlnaHQ6IGF1 dG8nPjxwcmU+CiAgZXJyb3IgICAgICAgICAgICAgPSAxKk5RU0NIQVIKPC9wcmU+PC9kaXY+Cjxh IG5hbWU9ImFuY2hvcjY0Ij48L2E+PGJyIC8+PGhyIC8+Cjx0YWJsZSBzdW1tYXJ5PSJsYXlvdXQi IGNlbGxwYWRkaW5nPSIwIiBjZWxsc3BhY2luZz0iMiIgY2xhc3M9IlRPQ2J1ZyIgYWxpZ249InJp Z2h0Ij48dHI+PHRkIGNsYXNzPSJUT0NidWciPjxhIGhyZWY9IiN0b2MiPiZuYnNwO1RPQyZuYnNw OzwvYT48L3RkPjwvdHI+PC90YWJsZT4KPGEgbmFtZT0icmZjLnNlY3Rpb24uQS44Ij48L2E+PGgz PkEuOC4mbmJzcDsKImVycm9yX2Rlc2NyaXB0aW9uIiBTeW50YXg8L2gzPgoKPHA+CgkgICAgVGhl IDx0dD5lcnJvcl9kZXNjcmlwdGlvbjwvdHQ+IGVsZW1lbnQgaXMgZGVmaW5lZCBpbgoJICAgIDxh IGNsYXNzPSdpbmZvJyBocmVmPScjY29kZS1hdXRoei1lcnJvcic+U2VjdGlvbiZuYnNwOzQuMS4y LjE8c3Bhbj4gKDwvc3Bhbj48c3BhbiBjbGFzcz0naW5mbyc+RXJyb3IgUmVzcG9uc2U8L3NwYW4+ PHNwYW4+KTwvc3Bhbj48L2E+LAoJICAgIDxhIGNsYXNzPSdpbmZvJyBocmVmPScjaW1wbGljaXQt YXV0aHotZXJyb3InPlNlY3Rpb24mbmJzcDs0LjIuMi4xPHNwYW4+ICg8L3NwYW4+PHNwYW4gY2xh c3M9J2luZm8nPkVycm9yIFJlc3BvbnNlPC9zcGFuPjxzcGFuPik8L3NwYW4+PC9hPiwKCSAgICA8 YSBjbGFzcz0naW5mbycgaHJlZj0nI3Rva2VuLWVycm9ycyc+U2VjdGlvbiZuYnNwOzUuMjxzcGFu PiAoPC9zcGFuPjxzcGFuIGNsYXNzPSdpbmZvJz5FcnJvciBSZXNwb25zZTwvc3Bhbj48c3Bhbj4p PC9zcGFuPjwvYT4sIGFuZAoJICAgIDxhIGNsYXNzPSdpbmZvJyBocmVmPScjcmVzb3VyY2UtZXJy b3JzJz5TZWN0aW9uJm5ic3A7Ny4yPHNwYW4+ICg8L3NwYW4+PHNwYW4gY2xhc3M9J2luZm8nPkVy cm9yIFJlc3BvbnNlPC9zcGFuPjxzcGFuPik8L3NwYW4+PC9hPjoKCSAgCjwvcD48ZGl2IHN0eWxl PSdkaXNwbGF5OiB0YWJsZTsgd2lkdGg6IDA7IG1hcmdpbi1sZWZ0OiAzZW07IG1hcmdpbi1yaWdo dDogYXV0byc+PHByZT4KICBlcnJvci1kZXNjcmlwdGlvbiA9IDEqTlFTQ0hBUgo8L3ByZT48L2Rp dj4KPGEgbmFtZT0iYW5jaG9yNjUiPjwvYT48YnIgLz48aHIgLz4KPHRhYmxlIHN1bW1hcnk9Imxh eW91dCIgY2VsbHBhZGRpbmc9IjAiIGNlbGxzcGFjaW5nPSIyIiBjbGFzcz0iVE9DYnVnIiBhbGln bj0icmlnaHQiPjx0cj48dGQgY2xhc3M9IlRPQ2J1ZyI+PGEgaHJlZj0iI3RvYyI+Jm5ic3A7VE9D Jm5ic3A7PC9hPjwvdGQ+PC90cj48L3RhYmxlPgo8YSBuYW1lPSJyZmMuc2VjdGlvbi5BLjkiPjwv YT48aDM+QS45LiZuYnNwOwoiZXJyb3JfdXJpIiBTeW50YXg8L2gzPgoKPHA+CgkgICAgVGhlIDx0 dD5lcnJvcl91cmk8L3R0PiBlbGVtZW50IGlzIGRlZmluZWQgaW4KCSAgICA8YSBjbGFzcz0naW5m bycgaHJlZj0nI2NvZGUtYXV0aHotZXJyb3InPlNlY3Rpb24mbmJzcDs0LjEuMi4xPHNwYW4+ICg8 L3NwYW4+PHNwYW4gY2xhc3M9J2luZm8nPkVycm9yIFJlc3BvbnNlPC9zcGFuPjxzcGFuPik8L3Nw YW4+PC9hPiwKCSAgICA8YSBjbGFzcz0naW5mbycgaHJlZj0nI2ltcGxpY2l0LWF1dGh6LWVycm9y Jz5TZWN0aW9uJm5ic3A7NC4yLjIuMTxzcGFuPiAoPC9zcGFuPjxzcGFuIGNsYXNzPSdpbmZvJz5F cnJvciBSZXNwb25zZTwvc3Bhbj48c3Bhbj4pPC9zcGFuPjwvYT4sCgkgICAgPGEgY2xhc3M9J2lu Zm8nIGhyZWY9JyN0b2tlbi1lcnJvcnMnPlNlY3Rpb24mbmJzcDs1LjI8c3Bhbj4gKDwvc3Bhbj48 c3BhbiBjbGFzcz0naW5mbyc+RXJyb3IgUmVzcG9uc2U8L3NwYW4+PHNwYW4+KTwvc3Bhbj48L2E+ LCBhbmQKCSAgICA8YSBjbGFzcz0naW5mbycgaHJlZj0nI3Jlc291cmNlLWVycm9ycyc+U2VjdGlv biZuYnNwOzcuMjxzcGFuPiAoPC9zcGFuPjxzcGFuIGNsYXNzPSdpbmZvJz5FcnJvciBSZXNwb25z ZTwvc3Bhbj48c3Bhbj4pPC9zcGFuPjwvYT46CgkgIAo8L3A+PGRpdiBzdHlsZT0nZGlzcGxheTog dGFibGU7IHdpZHRoOiAwOyBtYXJnaW4tbGVmdDogM2VtOyBtYXJnaW4tcmlnaHQ6IGF1dG8nPjxw cmU+CiAgZXJyb3ItdXJpICAgICAgICAgPSBVUkktcmVmZXJlbmNlCjwvcHJlPjwvZGl2Pgo8YSBu YW1lPSJhbmNob3I2NiI+PC9hPjxiciAvPjxociAvPgo8dGFibGUgc3VtbWFyeT0ibGF5b3V0IiBj ZWxscGFkZGluZz0iMCIgY2VsbHNwYWNpbmc9IjIiIGNsYXNzPSJUT0NidWciIGFsaWduPSJyaWdo dCI+PHRyPjx0ZCBjbGFzcz0iVE9DYnVnIj48YSBocmVmPSIjdG9jIj4mbmJzcDtUT0MmbmJzcDs8 L2E+PC90ZD48L3RyPjwvdGFibGU+CjxhIG5hbWU9InJmYy5zZWN0aW9uLkEuMTAiPjwvYT48aDM+ QS4xMC4mbmJzcDsKImdyYW50X3R5cGUiIFN5bnRheDwvaDM+Cgo8cD4KCSAgICBUaGUgPHR0Pmdy YW50X3R5cGU8L3R0PiBlbGVtZW50IGlzIGRlZmluZWQgaW4KCSAgICA8YSBjbGFzcz0naW5mbycg aHJlZj0nI3Rva2VuLXJlcSc+U2VjdGlvbiZuYnNwOzQuMS4zPHNwYW4+ICg8L3NwYW4+PHNwYW4g Y2xhc3M9J2luZm8nPkFjY2VzcyBUb2tlbiBSZXF1ZXN0PC9zcGFuPjxzcGFuPik8L3NwYW4+PC9h PiwKCSAgICA8YSBjbGFzcz0naW5mbycgaHJlZj0nI3Bhc3N3b3JkLXRvay1yZXEnPlNlY3Rpb24m bmJzcDs0LjMuMjxzcGFuPiAoPC9zcGFuPjxzcGFuIGNsYXNzPSdpbmZvJz5BY2Nlc3MgVG9rZW4g UmVxdWVzdDwvc3Bhbj48c3Bhbj4pPC9zcGFuPjwvYT4sCgkgICAgPGEgY2xhc3M9J2luZm8nIGhy ZWY9JyNjbGllbnQtcmVxJz5TZWN0aW9uJm5ic3A7NC40LjI8c3Bhbj4gKDwvc3Bhbj48c3BhbiBj bGFzcz0naW5mbyc+QWNjZXNzIFRva2VuIFJlcXVlc3Q8L3NwYW4+PHNwYW4+KTwvc3Bhbj48L2E+ LAoJICAgIDxhIGNsYXNzPSdpbmZvJyBocmVmPScjdG9rZW4tcmVmcmVzaCc+U2VjdGlvbiZuYnNw OzY8c3Bhbj4gKDwvc3Bhbj48c3BhbiBjbGFzcz0naW5mbyc+UmVmcmVzaGluZyBhbiBBY2Nlc3Mg VG9rZW48L3NwYW4+PHNwYW4+KTwvc3Bhbj48L2E+LCBhbmQKCSAgICA8YSBjbGFzcz0naW5mbycg aHJlZj0nI2V4dC1ncmFudCc+U2VjdGlvbiZuYnNwOzQuNTxzcGFuPiAoPC9zcGFuPjxzcGFuIGNs YXNzPSdpbmZvJz5FeHRlbnNpb24gR3JhbnRzPC9zcGFuPjxzcGFuPik8L3NwYW4+PC9hPjoKCSAg CjwvcD48ZGl2IHN0eWxlPSdkaXNwbGF5OiB0YWJsZTsgd2lkdGg6IDA7IG1hcmdpbi1sZWZ0OiAz ZW07IG1hcmdpbi1yaWdodDogYXV0byc+PHByZT4KICBncmFudC10eXBlID0gZ3JhbnQtbmFtZSAv IFVSSS1yZWZlcmVuY2UKICBncmFudC1uYW1lID0gMSpuYW1lLWNoYXIKICBuYW1lLWNoYXIgID0g Ii0iIC8gIi4iIC8gIl8iIC8gRElHSVQgLyBBTFBIQQo8L3ByZT48L2Rpdj4KPGEgbmFtZT0iYW5j aG9yNjciPjwvYT48YnIgLz48aHIgLz4KPHRhYmxlIHN1bW1hcnk9ImxheW91dCIgY2VsbHBhZGRp bmc9IjAiIGNlbGxzcGFjaW5nPSIyIiBjbGFzcz0iVE9DYnVnIiBhbGlnbj0icmlnaHQiPjx0cj48 dGQgY2xhc3M9IlRPQ2J1ZyI+PGEgaHJlZj0iI3RvYyI+Jm5ic3A7VE9DJm5ic3A7PC9hPjwvdGQ+ PC90cj48L3RhYmxlPgo8YSBuYW1lPSJyZmMuc2VjdGlvbi5BLjExIj48L2E+PGgzPkEuMTEuJm5i c3A7CiJjb2RlIiBTeW50YXg8L2gzPgoKPHA+CgkgICAgVGhlIDx0dD5jb2RlPC90dD4gZWxlbWVu dCBpcyBkZWZpbmVkIGluCgkgICAgPGEgY2xhc3M9J2luZm8nIGhyZWY9JyN0b2tlbi1yZXEnPlNl Y3Rpb24mbmJzcDs0LjEuMzxzcGFuPiAoPC9zcGFuPjxzcGFuIGNsYXNzPSdpbmZvJz5BY2Nlc3Mg VG9rZW4gUmVxdWVzdDwvc3Bhbj48c3Bhbj4pPC9zcGFuPjwvYT46CgkgIAo8L3A+PGRpdiBzdHls ZT0nZGlzcGxheTogdGFibGU7IHdpZHRoOiAwOyBtYXJnaW4tbGVmdDogM2VtOyBtYXJnaW4tcmln aHQ6IGF1dG8nPjxwcmU+CiAgY29kZSAgICAgICA9IDEqVlNDSEFSCjwvcHJlPjwvZGl2Pgo8YSBu YW1lPSJhbmNob3I2OCI+PC9hPjxiciAvPjxociAvPgo8dGFibGUgc3VtbWFyeT0ibGF5b3V0IiBj ZWxscGFkZGluZz0iMCIgY2VsbHNwYWNpbmc9IjIiIGNsYXNzPSJUT0NidWciIGFsaWduPSJyaWdo dCI+PHRyPjx0ZCBjbGFzcz0iVE9DYnVnIj48YSBocmVmPSIjdG9jIj4mbmJzcDtUT0MmbmJzcDs8 L2E+PC90ZD48L3RyPjwvdGFibGU+CjxhIG5hbWU9InJmYy5zZWN0aW9uLkEuMTIiPjwvYT48aDM+ QS4xMi4mbmJzcDsKImFjY2Vzc190b2tlbiIgU3ludGF4PC9oMz4KCjxwPgoJICAgIFRoZSA8dHQ+ YWNjZXNzX3Rva2VuPC90dD4gZWxlbWVudCBpcyBkZWZpbmVkIGluCgkgICAgPGEgY2xhc3M9J2lu Zm8nIGhyZWY9JyNpbXBsaWNpdC1hdXRoei1yZXNwJz5TZWN0aW9uJm5ic3A7NC4yLjI8c3Bhbj4g KDwvc3Bhbj48c3BhbiBjbGFzcz0naW5mbyc+QWNjZXNzIFRva2VuIFJlc3BvbnNlPC9zcGFuPjxz cGFuPik8L3NwYW4+PC9hPiBhbmQKCSAgICA8YSBjbGFzcz0naW5mbycgaHJlZj0nI3Rva2VuLXJl c3BvbnNlJz5TZWN0aW9uJm5ic3A7NS4xPHNwYW4+ICg8L3NwYW4+PHNwYW4gY2xhc3M9J2luZm8n PlN1Y2Nlc3NmdWwgUmVzcG9uc2U8L3NwYW4+PHNwYW4+KTwvc3Bhbj48L2E+OgoJICAKPC9wPjxk aXYgc3R5bGU9J2Rpc3BsYXk6IHRhYmxlOyB3aWR0aDogMDsgbWFyZ2luLWxlZnQ6IDNlbTsgbWFy Z2luLXJpZ2h0OiBhdXRvJz48cHJlPgogIGFjY2Vzcy10b2tlbiA9IDEqVlNDSEFSCjwvcHJlPjwv ZGl2Pgo8YSBuYW1lPSJhbmNob3I2OSI+PC9hPjxiciAvPjxociAvPgo8dGFibGUgc3VtbWFyeT0i bGF5b3V0IiBjZWxscGFkZGluZz0iMCIgY2VsbHNwYWNpbmc9IjIiIGNsYXNzPSJUT0NidWciIGFs aWduPSJyaWdodCI+PHRyPjx0ZCBjbGFzcz0iVE9DYnVnIj48YSBocmVmPSIjdG9jIj4mbmJzcDtU T0MmbmJzcDs8L2E+PC90ZD48L3RyPjwvdGFibGU+CjxhIG5hbWU9InJmYy5zZWN0aW9uLkEuMTMi PjwvYT48aDM+QS4xMy4mbmJzcDsKInRva2VuX3R5cGUiIFN5bnRheDwvaDM+Cgo8cD4KCSAgICBU aGUgPHR0PnRva2VuX3R5cGU8L3R0PiBlbGVtZW50IGlzIGRlZmluZWQgaW4KCSAgICA8YSBjbGFz cz0naW5mbycgaHJlZj0nI2ltcGxpY2l0LWF1dGh6LXJlc3AnPlNlY3Rpb24mbmJzcDs0LjIuMjxz cGFuPiAoPC9zcGFuPjxzcGFuIGNsYXNzPSdpbmZvJz5BY2Nlc3MgVG9rZW4gUmVzcG9uc2U8L3Nw YW4+PHNwYW4+KTwvc3Bhbj48L2E+LAoJICAgIDxhIGNsYXNzPSdpbmZvJyBocmVmPScjdG9rZW4t cmVzcG9uc2UnPlNlY3Rpb24mbmJzcDs1LjE8c3Bhbj4gKDwvc3Bhbj48c3BhbiBjbGFzcz0naW5m byc+U3VjY2Vzc2Z1bCBSZXNwb25zZTwvc3Bhbj48c3Bhbj4pPC9zcGFuPjwvYT4sIGFuZAoJICAg IDxhIGNsYXNzPSdpbmZvJyBocmVmPScjbmV3LXR5cGVzJz5TZWN0aW9uJm5ic3A7OC4xPHNwYW4+ ICg8L3NwYW4+PHNwYW4gY2xhc3M9J2luZm8nPkRlZmluaW5nIEFjY2VzcyBUb2tlbiBUeXBlczwv c3Bhbj48c3Bhbj4pPC9zcGFuPjwvYT46CgkgIAo8L3A+PGRpdiBzdHlsZT0nZGlzcGxheTogdGFi bGU7IHdpZHRoOiAwOyBtYXJnaW4tbGVmdDogM2VtOyBtYXJnaW4tcmlnaHQ6IGF1dG8nPjxwcmU+ CiAgdG9rZW4tdHlwZSA9IHR5cGUtbmFtZSAvIFVSSS1yZWZlcmVuY2UKICB0eXBlLW5hbWUgID0g MSpuYW1lLWNoYXIKICBuYW1lLWNoYXIgID0gIi0iIC8gIi4iIC8gIl8iIC8gRElHSVQgLyBBTFBI QQo8L3ByZT48L2Rpdj4KPGEgbmFtZT0iYW5jaG9yNzAiPjwvYT48YnIgLz48aHIgLz4KPHRhYmxl IHN1bW1hcnk9ImxheW91dCIgY2VsbHBhZGRpbmc9IjAiIGNlbGxzcGFjaW5nPSIyIiBjbGFzcz0i VE9DYnVnIiBhbGlnbj0icmlnaHQiPjx0cj48dGQgY2xhc3M9IlRPQ2J1ZyI+PGEgaHJlZj0iI3Rv YyI+Jm5ic3A7VE9DJm5ic3A7PC9hPjwvdGQ+PC90cj48L3RhYmxlPgo8YSBuYW1lPSJyZmMuc2Vj dGlvbi5BLjE0Ij48L2E+PGgzPkEuMTQuJm5ic3A7CiJleHBpcmVzX2luIiBTeW50YXg8L2gzPgoK PHA+CgkgICAgVGhlIDx0dD5leHBpcmVzX2luPC90dD4gZWxlbWVudCBpcyBkZWZpbmVkIGluCgkg ICAgPGEgY2xhc3M9J2luZm8nIGhyZWY9JyNpbXBsaWNpdC1hdXRoei1yZXNwJz5TZWN0aW9uJm5i c3A7NC4yLjI8c3Bhbj4gKDwvc3Bhbj48c3BhbiBjbGFzcz0naW5mbyc+QWNjZXNzIFRva2VuIFJl c3BvbnNlPC9zcGFuPjxzcGFuPik8L3NwYW4+PC9hPiBhbmQKCSAgICA8YSBjbGFzcz0naW5mbycg aHJlZj0nI3Rva2VuLXJlc3BvbnNlJz5TZWN0aW9uJm5ic3A7NS4xPHNwYW4+ICg8L3NwYW4+PHNw YW4gY2xhc3M9J2luZm8nPlN1Y2Nlc3NmdWwgUmVzcG9uc2U8L3NwYW4+PHNwYW4+KTwvc3Bhbj48 L2E+OgoJICAKPC9wPjxkaXYgc3R5bGU9J2Rpc3BsYXk6IHRhYmxlOyB3aWR0aDogMDsgbWFyZ2lu LWxlZnQ6IDNlbTsgbWFyZ2luLXJpZ2h0OiBhdXRvJz48cHJlPgogIGV4cGlyZXMtaW4gPSAxKkRJ R0lUCjwvcHJlPjwvZGl2Pgo8YSBuYW1lPSJhbmNob3I3MSI+PC9hPjxiciAvPjxociAvPgo8dGFi bGUgc3VtbWFyeT0ibGF5b3V0IiBjZWxscGFkZGluZz0iMCIgY2VsbHNwYWNpbmc9IjIiIGNsYXNz PSJUT0NidWciIGFsaWduPSJyaWdodCI+PHRyPjx0ZCBjbGFzcz0iVE9DYnVnIj48YSBocmVmPSIj dG9jIj4mbmJzcDtUT0MmbmJzcDs8L2E+PC90ZD48L3RyPjwvdGFibGU+CjxhIG5hbWU9InJmYy5z ZWN0aW9uLkEuMTUiPjwvYT48aDM+QS4xNS4mbmJzcDsKInVzZXJuYW1lIiBTeW50YXg8L2gzPgoK PHA+CgkgICAgVGhlIDx0dD51c2VybmFtZTwvdHQ+IGVsZW1lbnQgaXMgZGVmaW5lZCBpbgoJICAg IDxhIGNsYXNzPSdpbmZvJyBocmVmPScjcGFzc3dvcmQtdG9rLXJlcSc+U2VjdGlvbiZuYnNwOzQu My4yPHNwYW4+ICg8L3NwYW4+PHNwYW4gY2xhc3M9J2luZm8nPkFjY2VzcyBUb2tlbiBSZXF1ZXN0 PC9zcGFuPjxzcGFuPik8L3NwYW4+PC9hPjoKCSAgCjwvcD48ZGl2IHN0eWxlPSdkaXNwbGF5OiB0 YWJsZTsgd2lkdGg6IDA7IG1hcmdpbi1sZWZ0OiAzZW07IG1hcmdpbi1yaWdodDogYXV0byc+PHBy ZT4KICB1c2VybmFtZSA9ICpVTklDT0RFTk9DVFJMQ0hBUgo8L3ByZT48L2Rpdj4KPGEgbmFtZT0i YW5jaG9yNzIiPjwvYT48YnIgLz48aHIgLz4KPHRhYmxlIHN1bW1hcnk9ImxheW91dCIgY2VsbHBh ZGRpbmc9IjAiIGNlbGxzcGFjaW5nPSIyIiBjbGFzcz0iVE9DYnVnIiBhbGlnbj0icmlnaHQiPjx0 cj48dGQgY2xhc3M9IlRPQ2J1ZyI+PGEgaHJlZj0iI3RvYyI+Jm5ic3A7VE9DJm5ic3A7PC9hPjwv dGQ+PC90cj48L3RhYmxlPgo8YSBuYW1lPSJyZmMuc2VjdGlvbi5BLjE2Ij48L2E+PGgzPkEuMTYu Jm5ic3A7CiJwYXNzd29yZCIgU3ludGF4PC9oMz4KCjxwPgoJICAgIFRoZSA8dHQ+cGFzc3dvcmQ8 L3R0PiBlbGVtZW50IGlzIGRlZmluZWQgaW4KCSAgICA8YSBjbGFzcz0naW5mbycgaHJlZj0nI3Bh c3N3b3JkLXRvay1yZXEnPlNlY3Rpb24mbmJzcDs0LjMuMjxzcGFuPiAoPC9zcGFuPjxzcGFuIGNs YXNzPSdpbmZvJz5BY2Nlc3MgVG9rZW4gUmVxdWVzdDwvc3Bhbj48c3Bhbj4pPC9zcGFuPjwvYT46 CgkgIAo8L3A+PGRpdiBzdHlsZT0nZGlzcGxheTogdGFibGU7IHdpZHRoOiAwOyBtYXJnaW4tbGVm dDogM2VtOyBtYXJnaW4tcmlnaHQ6IGF1dG8nPjxwcmU+CiAgcGFzc3dvcmQgPSAqVU5JQ09ERU5P Q1RSTENIQVIKPC9wcmU+PC9kaXY+CjxhIG5hbWU9ImFuY2hvcjczIj48L2E+PGJyIC8+PGhyIC8+ Cjx0YWJsZSBzdW1tYXJ5PSJsYXlvdXQiIGNlbGxwYWRkaW5nPSIwIiBjZWxsc3BhY2luZz0iMiIg Y2xhc3M9IlRPQ2J1ZyIgYWxpZ249InJpZ2h0Ij48dHI+PHRkIGNsYXNzPSJUT0NidWciPjxhIGhy ZWY9IiN0b2MiPiZuYnNwO1RPQyZuYnNwOzwvYT48L3RkPjwvdHI+PC90YWJsZT4KPGEgbmFtZT0i cmZjLnNlY3Rpb24uQS4xNyI+PC9hPjxoMz5BLjE3LiZuYnNwOwoicmVmcmVzaF90b2tlbiIgU3lu dGF4PC9oMz4KCjxwPgoJICAgIFRoZSA8dHQ+cmVmcmVzaF90b2tlbjwvdHQ+IGVsZW1lbnQgaXMg ZGVmaW5lZCBpbgoJICAgIDxhIGNsYXNzPSdpbmZvJyBocmVmPScjdG9rZW4tcmVzcG9uc2UnPlNl Y3Rpb24mbmJzcDs1LjE8c3Bhbj4gKDwvc3Bhbj48c3BhbiBjbGFzcz0naW5mbyc+U3VjY2Vzc2Z1 bCBSZXNwb25zZTwvc3Bhbj48c3Bhbj4pPC9zcGFuPjwvYT4gYW5kCgkgICAgPGEgY2xhc3M9J2lu Zm8nIGhyZWY9JyN0b2tlbi1yZWZyZXNoJz5TZWN0aW9uJm5ic3A7NjxzcGFuPiAoPC9zcGFuPjxz cGFuIGNsYXNzPSdpbmZvJz5SZWZyZXNoaW5nIGFuIEFjY2VzcyBUb2tlbjwvc3Bhbj48c3Bhbj4p PC9zcGFuPjwvYT46CgkgIAo8L3A+PGRpdiBzdHlsZT0nZGlzcGxheTogdGFibGU7IHdpZHRoOiAw OyBtYXJnaW4tbGVmdDogM2VtOyBtYXJnaW4tcmlnaHQ6IGF1dG8nPjxwcmU+CiAgcmVmcmVzaC10 b2tlbiA9IDEqVlNDSEFSCjwvcHJlPjwvZGl2Pgo8YSBuYW1lPSJhbmNob3I3NCI+PC9hPjxiciAv PjxociAvPgo8dGFibGUgc3VtbWFyeT0ibGF5b3V0IiBjZWxscGFkZGluZz0iMCIgY2VsbHNwYWNp bmc9IjIiIGNsYXNzPSJUT0NidWciIGFsaWduPSJyaWdodCI+PHRyPjx0ZCBjbGFzcz0iVE9DYnVn Ij48YSBocmVmPSIjdG9jIj4mbmJzcDtUT0MmbmJzcDs8L2E+PC90ZD48L3RyPjwvdGFibGU+Cjxh IG5hbWU9InJmYy5zZWN0aW9uLkEuMTgiPjwvYT48aDM+QS4xOC4mbmJzcDsKRW5kcG9pbnQgUGFy YW1ldGVyIFN5bnRheDwvaDM+Cgo8cD4KCSAgICBUaGUgc3ludGF4IGZvciBuZXcgZW5kcG9pbnQg cGFyYW1ldGVycyBpcyBkZWZpbmVkIGluCgkgICAgPGEgY2xhc3M9J2luZm8nIGhyZWY9JyNlbmRw b2ludC1wYXJhbXMnPlNlY3Rpb24mbmJzcDs4LjI8c3Bhbj4gKDwvc3Bhbj48c3BhbiBjbGFzcz0n aW5mbyc+RGVmaW5pbmcgTmV3IEVuZHBvaW50IFBhcmFtZXRlcnM8L3NwYW4+PHNwYW4+KTwvc3Bh bj48L2E+OgoJICAKPC9wPjxkaXYgc3R5bGU9J2Rpc3BsYXk6IHRhYmxlOyB3aWR0aDogMDsgbWFy Z2luLWxlZnQ6IDNlbTsgbWFyZ2luLXJpZ2h0OiBhdXRvJz48cHJlPgogIHBhcmFtLW5hbWUgPSAx Km5hbWUtY2hhcgogIG5hbWUtY2hhciAgPSAiLSIgLyAiLiIgLyAiXyIgLyBESUdJVCAvIEFMUEhB CjwvcHJlPjwvZGl2Pgo8YSBuYW1lPSJhbmNob3I3NSI+PC9hPjxiciAvPjxociAvPgo8dGFibGUg c3VtbWFyeT0ibGF5b3V0IiBjZWxscGFkZGluZz0iMCIgY2VsbHNwYWNpbmc9IjIiIGNsYXNzPSJU T0NidWciIGFsaWduPSJyaWdodCI+PHRyPjx0ZCBjbGFzcz0iVE9DYnVnIj48YSBocmVmPSIjdG9j Ij4mbmJzcDtUT0MmbmJzcDs8L2E+PC90ZD48L3RyPjwvdGFibGU+CjxhIG5hbWU9InJmYy5zZWN0 aW9uLkIiPjwvYT48aDM+QXBwZW5kaXggQi4mbmJzcDsKQWNrbm93bGVkZ2VtZW50czwvaDM+Cgo8 cD4KICAgICAgICBUaGUgaW5pdGlhbCBPQXV0aCAyLjAgcHJvdG9jb2wgc3BlY2lmaWNhdGlvbiB3 YXMgZWRpdGVkIGJ5IERhdmlkIFJlY29yZG9uLCBiYXNlZCBvbiB0d28KICAgICAgICBwcmV2aW91 cyBwdWJsaWNhdGlvbnM6IHRoZSBPQXV0aCAxLjAgY29tbXVuaXR5IHNwZWNpZmljYXRpb24gPGEg Y2xhc3M9J2luZm8nIGhyZWY9JyNSRkM1ODQ5Jz5bUkZDNTg0OV08c3Bhbj4gKDwvc3Bhbj48c3Bh biBjbGFzcz0naW5mbyc+SGFtbWVyLUxhaGF2LCBFLiwgJmxkcXVvO1RoZSBPQXV0aCAxLjAgUHJv dG9jb2wsJnJkcXVvOyBBcHJpbCZuYnNwOzIwMTAuPC9zcGFuPjxzcGFuPik8L3NwYW4+PC9hPiwg YW5kCiAgICAgICAgT0F1dGggV1JBUCAoT0F1dGggV2ViIFJlc291cmNlIEF1dGhvcml6YXRpb24g UHJvZmlsZXMpCiAgICAgICAgPGEgY2xhc3M9J2luZm8nIGhyZWY9JyNJLUQuZHJhZnQtaGFyZHQt b2F1dGgtMDEnPltJJiM4MjA5O0QuZHJhZnQmIzgyMDk7aGFyZHQmIzgyMDk7b2F1dGgmIzgyMDk7 MDFdPHNwYW4+ICg8L3NwYW4+PHNwYW4gY2xhc3M9J2luZm8nPkhhcmR0LCBELiwgRWQuLCBUb20s IEEuLCBFYXRvbiwgQi4sIGFuZCBZLiBHb2xhbmQsICZsZHF1bztPQXV0aCBXZWIgUmVzb3VyY2Ug QXV0aG9yaXphdGlvbiBQcm9maWxlcywmcmRxdW87IEphbnVhcnkmbmJzcDsyMDEwLjwvc3Bhbj48 c3Bhbj4pPC9zcGFuPjwvYT4uCglFcmFuIEhhbW1lciB0aGVuIGVkaXRlZCB0aGUgZHJhZnRzIHRo cm91Z2ggZHJhZnQgLTI2LgoJVGhlIFNlY3VyaXR5IENvbnNpZGVyYXRpb25zIHNlY3Rpb24gd2Fz IGRyYWZ0ZWQKICAgICAgICBieSBUb3JzdGVuIExvZGRlcnN0ZWR0LCBNYXJrIE1jR2xvaW4sIFBo aWwgSHVudCwgQW50aG9ueSBOYWRhbGluLCBhbmQgSm9obiBCcmFkbGV5LgoJVGhlIEFCTkYgc2Vj dGlvbiB3YXMgZHJhZnRlZCBieSBNaWNoYWVsIEIuIEpvbmVzLgogICAgICAKPC9wPgo8cD4KICAg ICAgICBUaGUgT0F1dGggMS4wIGNvbW11bml0eSBzcGVjaWZpY2F0aW9uIHdhcyBlZGl0ZWQgYnkg RXJhbiBIYW1tZXIgYW5kIGF1dGhvcmVkIGJ5CiAgICAgICAgTWFyayBBdHdvb2QsIERpcmsgQmFs ZmFueiwgRGFycmVuIEJvdW5kcywgUmljaGFyZCBNLiBDb25sYW4sIEJsYWluZSBDb29rLCBMZWFo IEN1bHZlciwKICAgICAgICBCcmVubyBkZSBNZWRlaXJvcywgQnJpYW4gRWF0b24sIEtlbGxhbiBF bGxpb3R0LU1jQ3JlYSwgTGFycnkgSGFsZmYsIEVyYW4gSGFtbWVyLAogICAgICAgIEJlbiBMYXVy aWUsIENocmlzIE1lc3NpbmEsIEpvaG4gUGFuemVyLCBTYW0gUXVpZ2xleSwgRGF2aWQgUmVjb3Jk b24sIEVyYW4gU2FuZGxlciwKICAgICAgICBKb25hdGhhbiBTZXJnZW50LCBUb2RkIFNpZWxpbmcs IEJyaWFuIFNsZXNpbnNreSwgYW5kIEFuZHkgU21pdGguCiAgICAgIAo8L3A+CjxwPgogICAgICAg IFRoZSBPQXV0aCBXUkFQIHNwZWNpZmljYXRpb24gd2FzIGVkaXRlZCBieSBEaWNrIEhhcmR0IGFu ZCBhdXRob3JlZCBieSBCcmlhbiBFYXRvbiwKICAgICAgICBZYXJvbiBZLiBHb2xhbmQsIERpY2sg SGFyZHQsIGFuZCBBbGxlbiBUb20uCiAgICAgIAo8L3A+CjxwPgogICAgICAgIFRoaXMgc3BlY2lm aWNhdGlvbiBpcyB0aGUgd29yayBvZiB0aGUgT0F1dGggV29ya2luZyBHcm91cCB3aGljaCBpbmNs dWRlcyBkb3plbnMgb2YgYWN0aXZlCiAgICAgICAgYW5kIGRlZGljYXRlZCBwYXJ0aWNpcGFudHMu IEluIHBhcnRpY3VsYXIsIHRoZSBmb2xsb3dpbmcgaW5kaXZpZHVhbHMgY29udHJpYnV0ZWQgaWRl YXMsCiAgICAgICAgZmVlZGJhY2ssIGFuZCB3b3JkaW5nIHdoaWNoIHNoYXBlZCBhbmQgZm9ybWVk IHRoZSBmaW5hbCBzcGVjaWZpY2F0aW9uOgogICAgICAKPC9wPgo8cD4KICAgICAgICBNaWNoYWVs IEFkYW1zLCBBbWFuZGEgQW5nYW5lcywgQW5kcmV3IEFybm90dCwgRGlyayBCYWxmYW56LCBBaWRl biBCZWxsLCBKb2huIEJyYWRsZXksIEJyaWFuIENhbXBiZWxsLAogICAgICAgIFNjb3R0IENhbnRv ciwgTWFyY29zIENhY2VyZXMsIEJsYWluZSBDb29rLCBSb2dlciBDcmV3LCBCcmlhbiBFYXRvbiwg V2VzbGV5IEVkZHksIExlYWggQ3VsdmVyLAogICAgICAgIEJpbGwgZGUgaE9yYSwgQW5kcmUgRGVN YXJyZSwgQnJpYW4gRWF0b24sIFdvbHRlciBFbGRlcmluZywgQnJpYW4gRWxsaW4sIElnb3IgRmF5 bmJlcmcsCiAgICAgICAgR2VvcmdlIEZsZXRjaGVyLCBUaW0gRnJlZW1hbiwgTHVjYSBGcm9zaW5p LCBFdmFuIEdpbGJlcnQsIFlhcm9uIFkuIEdvbGFuZCwgQnJlbnQgR29sZG1hbiwKICAgICAgICBL cmlzdG9mZmVyIEdyb25vd3NraSwgRXJhbiBIYW1tZXIsIEp1c3RpbiBIYXJ0LCBEaWNrIEhhcmR0 LCBDcmFpZyBIZWF0aCwgUGhpbCBIdW50LCBNaWNoYWVsIEIuIEpvbmVzLAogICAgICAgIFRlcnJ5 IEpvbmVzLCBKb2huIEtlbXAsIE1hcmsgS2VudCwgUmFmZmkgS3Jpa29yaWFuLCBDaGFzZW4gTGUg SGFyYSwgUmFzbXVzIExlcmRvcmYsCiAgICAgICAgVG9yc3RlbiBMb2RkZXJzdGVkdCwgSHVpLUxh biBMdSwgQ2FzZXkgTHVjYXMsIFBhdWwgTWFkc2VuLCBBbGFzdGFpciBNYWlyLCBFdmUgTWFsZXIs CiAgICAgICAgSmFtZXMgTWFuZ2VyLCBNYXJrIE1jR2xvaW4sIExhdXJlbmNlIE1pYW8sIFdpbGxp YW0gTWlsbHMsIENodWNrIE1vcnRpbW9yZSwgQW50aG9ueSBOYWRhbGluLAogICAgICAgIEp1bGlh biBSZXNjaGtlLCBKdXN0aW4gUmljaGVyLCBQZXRlciBTYWludC1BbmRyZSwgTmF0IFNha2ltdXJh LCBSb2IgU2F5cmUsCiAgICAgICAgTWFyaXVzIFNjdXJ0ZXNjdSwgTmFpdGlrIFNoYWgsIEx1a2Ug U2hlcGFyZCwgVmxhZCBTa3ZvcnRzb3YsIEp1c3RpbiBTbWl0aCwgSGFpYmluIFNvbmcsCiAgICAg ICAgTml2IFN0ZWluZ2FydGVuLCBDaHJpc3RpYW4gU3R1ZWJuZXIsIEplcmVteSBTdXJpZWwsIFBh dWwgVGFyamFuLCBDaHJpc3RvcGhlciBUaG9tYXMsCiAgICAgICAgSGVucnkgUy4gVGhvbXBzb24s IEFsbGVuIFRvbSwgRnJhbmtsaW4gVHNlLCBOaWNrIFdhbGtlciwgU2hhbmUgV2VlZGVuLCBhbmQg U2t5bGFyIFdvb2R3YXJkLgogICAgICAKPC9wPgo8cD4KICAgICAgICBUaGlzIGRvY3VtZW50IHdh cyBwcm9kdWNlZCB1bmRlciB0aGUgY2hhaXJtYW5zaGlwIG9mIEJsYWluZSBDb29rLCBQZXRlciBT YWludC1BbmRyZSwKICAgICAgICBIYW5uZXMgVHNjaG9mZW5pZywgQmFycnkgTGVpYmEsIGFuZCBE ZXJlayBBdGtpbnMuIFRoZSBhcmVhIGRpcmVjdG9ycyBpbmNsdWRlZCBMaXNhIER1c3NlYXVsdCwK ICAgICAgICBQZXRlciBTYWludC1BbmRyZSwgYW5kIFN0ZXBoZW4gRmFycmVsbC4KICAgICAgCjwv cD4KPGEgbmFtZT0iYW5jaG9yNzYiPjwvYT48YnIgLz48aHIgLz4KPHRhYmxlIHN1bW1hcnk9Imxh eW91dCIgY2VsbHBhZGRpbmc9IjAiIGNlbGxzcGFjaW5nPSIyIiBjbGFzcz0iVE9DYnVnIiBhbGln bj0icmlnaHQiPjx0cj48dGQgY2xhc3M9IlRPQ2J1ZyI+PGEgaHJlZj0iI3RvYyI+Jm5ic3A7VE9D Jm5ic3A7PC9hPjwvdGQ+PC90cj48L3RhYmxlPgo8YSBuYW1lPSJyZmMuc2VjdGlvbi5DIj48L2E+ PGgzPkFwcGVuZGl4IEMuJm5ic3A7CkRvY3VtZW50IEhpc3Rvcnk8L2gzPgoKPHA+CiAgICAgICAg W1sgdG8gYmUgcmVtb3ZlZCBieSB0aGUgUkZDIGVkaXRvciBiZWZvcmUgcHVibGljYXRpb24gYXMg YW4gUkZDIF1dCiAgICAgIAo8L3A+CjxwPgogICAgICAgIC0yOQogICAgICAgIDwvcD4KPHVsIGNs YXNzPSJ0ZXh0Ij4KPGxpPgoJICAgIEFkZGVkICJNVVNUIiB0byAiQSBwdWJsaWMgY2xpZW50IHRo YXQgd2FzIG5vdCBpc3N1ZWQgYSBjbGllbnQgcGFzc3dvcmQKCSAgICBNVVNUIHVzZSB0aGUgPHR0 PmNsaWVudF9pZDwvdHQ+IHJlcXVlc3QgcGFyYW1ldGVyIHRvCgkgICAgaWRlbnRpZnkgaXRzZWxm IHdoZW4gc2VuZGluZyByZXF1ZXN0cyB0byB0aGUgdG9rZW4gZW5kcG9pbnQiCgkgICAgYW5kIGFk ZGVkIHRleHQgZXhwbGFpbmluZyB3aHkgdGhpcyBtdXN0IGJlIHNvLgoJICAKPC9saT4KPGxpPgoJ ICAgIEFkZGVkIHRoYXQgdGhlIGF1dGhvcml6YXRpb24gc2VydmVyIE1VU1QKCSAgICAiZW5zdXJl IHRoZSBhdXRob3JpemF0aW9uIGNvZGUgd2FzIGlzc3VlZCB0byB0aGUgYXV0aGVudGljYXRlZCAK CSAgICBjb25maWRlbnRpYWwgY2xpZW50IG9yIHRvIHRoZSBwdWJsaWMgY2xpZW50IGlkZW50aWZp ZWQgYnkgdGhlCgkgICAgPHR0PmNsaWVudF9pZDwvdHQ+IGluIHRoZSByZXF1ZXN0Ii4KCSAgCjwv bGk+CjxsaT4KCSAgICBBZGRlZCBTZWN1cml0eSBDb25zaWRlcmF0aW9ucyBzZWN0aW9uCgkgICAg Ik1pc3VzZSBvZiBBY2Nlc3MgVG9rZW4gdG8gSW1wZXJzb25hdGUgUmVzb3VyY2UgT3duZXIgYXQg UHVibGljIENsaWVudCIuCgkgIAo8L2xpPgo8bGk+CgkgICAgRGVsZXRlZCAiO2NoYXJzZXQ9VVRG LTgiIGZyb20gZXhhbXBsZXMgZm9ybWVybHkgdXNpbmcKCSAgICAiQ29udGVudC1UeXBlOiBhcHBs aWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQ7Y2hhcnNldD1VVEYtOCIuCgkgIAo8L2xpPgo8 bGk+CgkgICAgQWRkZWQgdGhlIHBocmFzZSAiYW5kIGEgY2hhcmFjdGVyIGVuY29kaW5nIG9mIFVU Ri04IiB3aGVuCgkgICAgZGVzY3JpYmluZyBob3cgdG8gc2VuZCByZXF1ZXN0cyB1c2luZyB0aGUg SFRUUCByZXF1ZXN0IGVudGl0eS1ib2R5LAoJICAgIHBlciBKdWxpYW4gUmVzY2hrZSdzIHN1Z2dl c3Rpb24uCgkgIAo8L2xpPgo8bGk+CgkgICAgQWRkZWQgIlRoZSBBQk5GIGJlbG93IGlzIGRlZmlu ZWQgaW4gdGVybXMgb2YgVW5pY29kZSBjb2RlCgkgICAgcG9pbnRzIFtVTklDT0RFNV07IHRoZXNl IGNoYXJhY3RlcnMgYXJlIHR5cGljYWxseSBlbmNvZGVkIGluIFVURi04Ii4KCSAgCjwvbGk+Cjxs aT4KCSAgICBGb3Igc3ltbWV0cnkgd2hlbiB1c2luZyBIVFRQIEJhc2ljIGF1dGhlbnRpY2F0aW9u LCBhbHNvIGFwcGx5CgkgICAgdGhlIDx0dD5hcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29k ZWQ8L3R0PgoJICAgIGVuY29kaW5nIHRvIHRoZSBjbGllbnQgcGFzc3dvcmQsIGp1c3QgYXMgd2Fz IGFscmVhZHkgZG9uZSBmb3IKCSAgICB0aGUgY2xpZW50IGlkZW50aWZpZXIuCgkgIAo8L2xpPgo8 bGk+CgkgICAgUmVkdWNlZCBtdWx0aXBsZSBibGFuayBsaW5lcyBhcm91bmQgYXJ0d29yayBlbGVt ZW50cyB0byBzaW5nbGUgYmxhbmsgbGluZXMuCgkgIAo8L2xpPgo8bGk+CgkgICAgUmVtb3ZlZCBF cmFuIEhhbW1lcidzIG5hbWUgZnJvbSB0aGUgYXV0aG9yIGxpc3QsIGF0IGhpcyByZXF1ZXN0LgoJ ICAgIERpY2sgSGFyZHQgaXMgbm93IGxpc3RlZCBhcyB0aGUgZWRpdG9yLgoJICAKPC9saT4KPC91 bD48cD4KICAgICAgCjwvcD4KPHA+CiAgICAgICAgLTI4CiAgICAgICAgPC9wPgo8dWwgY2xhc3M9 InRleHQiPgo8bGk+CgkgICAgVXBkYXRlZCB0aGUgQUJORiBpbiB0aGUgbWFubmVyIGRpc2N1c3Nl ZCBieSB0aGUgd29ya2luZwoJICAgIGdyb3VwLCBhbGxvd2luZyA8dHQ+dXNlcm5hbWU8L3R0PiBh bmQKCSAgICA8dHQ+cGFzc3dvcmQ8L3R0PiB0byBiZSBVbmljb2RlIGFuZAoJICAgIHJlc3RyaWN0 aW5nIDx0dD5jbGllbnRfaWQ8L3R0PiBhbmQKCSAgICA8dHQ+Y2xpZW50X3NlY3JldDwvdHQ+IHRv IEFTQ0lJLgoJICAKPC9saT4KPGxpPgoJICAgIFNwZWNpZmllZCB0aGUgdXNlIG9mIHRoZSBhcHBs aWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQgY29udGVudC10eXBlCgkgICAgZW5jb2Rpbmcg bWV0aG9kIHRvIGVuY29kZSB0aGUgPHR0PmNsaWVudF9pZDwvdHQ+CgkgICAgd2hlbiB1c2VkIGFz IHRoZSBwYXNzd29yZCBmb3IgSFRUUCBCYXNpYy4KCSAgCjwvbGk+CjwvdWw+PHA+CiAgICAgIAo8 L3A+CjxwPgogICAgICAgIC0yNwogICAgICAgIDwvcD4KPHVsIGNsYXNzPSJ0ZXh0Ij4KPGxpPgoJ ICAgIEFkZGVkIGNoYXJhY3RlciBzZXQgcmVzdHJpY3Rpb25zIGZvciBlcnJvciwgZXJyb3JfZGVz Y3JpcHRpb24sIGFuZCBlcnJvcl91cmkgcGFyYW1ldGVycyBjb25zaXN0ZW50IHdpdGggdGhlIE9B dXRoIEJlYXJlciBzcGVjLgoJICAKPC9saT4KPGxpPgoJICAgIEFkZGVkICJyZXNvdXJjZSBhY2Nl c3MgZXJyb3IgcmVzcG9uc2UiIGFzIGFuIGVycm9yIHVzYWdlIGxvY2F0aW9uIGluIHRoZSBPQXV0 aCBFeHRlbnNpb25zIEVycm9yIFJlZ2lzdHJ5LgoJICAKPC9saT4KPGxpPgoJICAgIEFkZGVkIGFu IEFCTkYgZm9yIGFsbCBtZXNzYWdlIGVsZW1lbnRzLgoJICAKPC9saT4KPGxpPgoJICAgIENvcnJl Y3RlZCBlZGl0b3JpYWwgaXNzdWVzIGlkZW50aWZpZWQgZHVyaW5nIHJldmlldy4KCSAgCjwvbGk+ CjwvdWw+PHA+CiAgICAgIAo8L3A+CjxhIG5hbWU9InJmYy5hdXRob3JzIj48L2E+PGJyIC8+PGhy IC8+Cjx0YWJsZSBzdW1tYXJ5PSJsYXlvdXQiIGNlbGxwYWRkaW5nPSIwIiBjZWxsc3BhY2luZz0i MiIgY2xhc3M9IlRPQ2J1ZyIgYWxpZ249InJpZ2h0Ij48dHI+PHRkIGNsYXNzPSJUT0NidWciPjxh IGhyZWY9IiN0b2MiPiZuYnNwO1RPQyZuYnNwOzwvYT48L3RkPjwvdHI+PC90YWJsZT4KPGgzPkF1 dGhvcnMnIEFkZHJlc3NlczwvaDM+Cjx0YWJsZSB3aWR0aD0iOTklIiBib3JkZXI9IjAiIGNlbGxw YWRkaW5nPSIwIiBjZWxsc3BhY2luZz0iMCI+Cjx0cj48dGQgY2xhc3M9ImF1dGhvci10ZXh0Ij4m bmJzcDs8L3RkPgo8dGQgY2xhc3M9ImF1dGhvci10ZXh0Ij5EaWNrIEhhcmR0IChlZGl0b3IpPC90 ZD48L3RyPgo8dHI+PHRkIGNsYXNzPSJhdXRob3ItdGV4dCI+Jm5ic3A7PC90ZD4KPHRkIGNsYXNz PSJhdXRob3ItdGV4dCI+TWljcm9zb2Z0PC90ZD48L3RyPgo8dHI+PHRkIGNsYXNzPSJhdXRob3Ii IGFsaWduPSJyaWdodCI+RW1haWw6Jm5ic3A7PC90ZD4KPHRkIGNsYXNzPSJhdXRob3ItdGV4dCI+ PGEgaHJlZj0ibWFpbHRvOmRpY2suaGFyZHRAZ21haWwuY29tIj5kaWNrLmhhcmR0QGdtYWlsLmNv bTwvYT48L3RkPjwvdHI+Cjx0cj48dGQgY2xhc3M9ImF1dGhvciIgYWxpZ249InJpZ2h0Ij5VUkk6 Jm5ic3A7PC90ZD4KPHRkIGNsYXNzPSJhdXRob3ItdGV4dCI+PGEgaHJlZj0iaHR0cDovL2RpY2to YXJkdC5vcmcvIj5odHRwOi8vZGlja2hhcmR0Lm9yZy88L2E+PC90ZD48L3RyPgo8dHIgY2VsbHBh ZGRpbmc9IjMiPjx0ZD4mbmJzcDs8L3RkPjx0ZD4mbmJzcDs8L3RkPjwvdHI+Cjx0cj48dGQgY2xh c3M9ImF1dGhvci10ZXh0Ij4mbmJzcDs8L3RkPgo8dGQgY2xhc3M9ImF1dGhvci10ZXh0Ij5EYXZp ZCBSZWNvcmRvbjwvdGQ+PC90cj4KPHRyPjx0ZCBjbGFzcz0iYXV0aG9yLXRleHQiPiZuYnNwOzwv dGQ+Cjx0ZCBjbGFzcz0iYXV0aG9yLXRleHQiPkZhY2Vib29rPC90ZD48L3RyPgo8dHI+PHRkIGNs YXNzPSJhdXRob3IiIGFsaWduPSJyaWdodCI+RW1haWw6Jm5ic3A7PC90ZD4KPHRkIGNsYXNzPSJh dXRob3ItdGV4dCI+PGEgaHJlZj0ibWFpbHRvOmRyQGZiLmNvbSI+ZHJAZmIuY29tPC9hPjwvdGQ+ PC90cj4KPHRyPjx0ZCBjbGFzcz0iYXV0aG9yIiBhbGlnbj0icmlnaHQiPlVSSTombmJzcDs8L3Rk Pgo8dGQgY2xhc3M9ImF1dGhvci10ZXh0Ij48YSBocmVmPSJodHRwOi8vd3d3LmRhdmlkcmVjb3Jk b24uY29tLyI+aHR0cDovL3d3dy5kYXZpZHJlY29yZG9uLmNvbS88L2E+PC90ZD48L3RyPgo8L3Rh YmxlPgo8L2JvZHk+PC9odG1sPgo= --_007_4E1F6AAD24975D4BA5B16804296739436657C93ATK5EX14MBXC283r_ Content-Type: application/pdf; name="draft-ietf-oauth-v2-29 preliminary.pdf" Content-Description: draft-ietf-oauth-v2-29 preliminary.pdf Content-Disposition: attachment; filename="draft-ietf-oauth-v2-29 preliminary.pdf"; size=452602; creation-date="Mon, 09 Jul 2012 07:04:15 GMT"; modification-date="Mon, 09 Jul 2012 07:04:00 GMT" Content-Transfer-Encoding: base64 JVBERi0xLjQKMSAwIG9iago8PAovVGl0bGUgKP7/AFQAaABlACAATwBBAHUAdABoACAAMgAuADAA IABBAHUAdABoAG8AcgBpAHoAYQB0AGkAbwBuACAARgByAGEAbQBlAHcAbwByAGspCi9DcmVhdG9y ICj+/ykKL1Byb2R1Y2VyICj+/wB3AGsAaAB0AG0AbAB0AG8AcABkAGYpCi9DcmVhdGlvbkRhdGUg KEQ6MjAxMjA3MDkwOTAzNDMrMDInMDAnKQo+PgplbmRvYmoKMyAwIG9iago8PAovVHlwZSAvRXh0 R1N0YXRlCi9TQSB0cnVlCi9TTSAwLjAyCi9jYSAxLjAKL0NBIDEuMAovQUlTIGZhbHNlCi9TTWFz ayAvTm9uZT4+CmVuZG9iago0IDAgb2JqClsvUGF0dGVybiAvRGV2aWNlUkdCXQplbmRvYmoKMTEg MCBvYmoKWzAgL1hZWiA0Ny41MTk5OTk5ICAKNzE0Ljc5OTk5OSAgMF0KZW5kb2JqCjEyIDAgb2Jq ClswIC9YWVogNDcuNTE5OTk5OSAgCjIzMi44Nzk5OTkgIDBdCmVuZG9iagoxMyAwIG9iagpbMCAv WFlaIDQ3LjUxOTk5OTkgIAo2MjUuNTE5OTk5ICAwXQplbmRvYmoKMTQgMCBvYmoKWzAgL1hZWiA0 Ny41MTk5OTk5ICAKMjAzLjExOTk5OSAgMF0KZW5kb2JqCjE1IDAgb2JqClswIC9YWVogNDcuNTE5 OTk5OSAgCjUzMC40Nzk5OTkgIDBdCmVuZG9iagoxNiAwIG9iagpbMCAvWFlaIDQ3LjUxOTk5OTkg IAozNzEuMTE5OTk5ICAwXQplbmRvYmoKMTcgMCBvYmoKPDwKL1R5cGUgL0Fubm90Ci9TdWJ0eXBl IC9MaW5rCi9SZWN0IFs1MjIuNzIwMDAwICA3ODIuOTU5OTk5ICA1NDMuODQwMDAwICA3OTAuNjM5 OTk5IF0KL0JvcmRlciBbMCAwIDBdCi9EZXN0IC9maWxlIzNhIzJmIzJmIzJmdmFyIzJmdG1wIzJm Q0dJdGVtcDUwNzI5LmRpciMyZmRyYWZ0IzJkaWV0ZiMyZG9hdXRoIzJkdjIuaHRtbC5odG1sIzIz dG9jCj4+CmVuZG9iagoxOCAwIG9iago8PAovVHlwZSAvQW5ub3QKL1N1YnR5cGUgL0xpbmsKL1Jl Y3QgWzc4LjIzOTk5OTkgIDE2NS42Nzk5OTkgIDg4Ljc5OTk5OTkgIDE3Ni4yMzk5OTkgXQovQm9y ZGVyIFswIDAgMF0KL0Rlc3QgL2ZpbGUjM2EjMmYjMmYjMmZ2YXIjMmZ0bXAjMmZDR0l0ZW1wNTA3 MjkuZGlyIzJmZHJhZnQjMmRpZXRmIzJkb2F1dGgjMmR2Mi5odG1sLmh0bWwjMjNhbmNob3IxCj4+ CmVuZG9iagoxOSAwIG9iago8PAovVHlwZSAvQW5ub3QKL1N1YnR5cGUgL0xpbmsKL1JlY3QgWzkz LjU5OTk5OTkgIDE1NC4xNTk5OTkgIDExNC43MTk5OTkgIDE2NC43MTk5OTkgXQovQm9yZGVyIFsw IDAgMF0KL0Rlc3QgL2ZpbGUjM2EjMmYjMmYjMmZ2YXIjMmZ0bXAjMmZDR0l0ZW1wNTA3MjkuZGly IzJmZHJhZnQjMmRpZXRmIzJkb2F1dGgjMmR2Mi5odG1sLmh0bWwjMjNhbmNob3IyCj4+CmVuZG9i agoyMCAwIG9iago8PAovVHlwZSAvQW5ub3QKL1N1YnR5cGUgL0xpbmsKL1JlY3QgWzkzLjU5OTk5 OTkgIDE0Mi42Mzk5OTkgIDExNC43MTk5OTkgIDE1My4xOTk5OTkgXQovQm9yZGVyIFswIDAgMF0K L0Rlc3QgL2ZpbGUjM2EjMmYjMmYjMmZ2YXIjMmZ0bXAjMmZDR0l0ZW1wNTA3MjkuZGlyIzJmZHJh ZnQjMmRpZXRmIzJkb2F1dGgjMmR2Mi5odG1sLmh0bWwjMjNhbmNob3IzCj4+CmVuZG9iagoyMSAw IG9iago8PAovVHlwZSAvQW5ub3QKL1N1YnR5cGUgL0xpbmsKL1JlY3QgWzkzLjU5OTk5OTkgIDEz MS4xMTk5OTkgIDExNC43MTk5OTkgIDE0MS42Nzk5OTkgXQovQm9yZGVyIFswIDAgMF0KL0Rlc3Qg L2ZpbGUjM2EjMmYjMmYjMmZ2YXIjMmZ0bXAjMmZDR0l0ZW1wNTA3MjkuZGlyIzJmZHJhZnQjMmRp ZXRmIzJkb2F1dGgjMmR2Mi5odG1sLmh0bWwjMjNhbmNob3I0Cj4+CmVuZG9iagoyMiAwIG9iago8 PAovVHlwZSAvQW5ub3QKL1N1YnR5cGUgL0xpbmsKL1JlY3QgWzEwOC45NTk5OTkgIDExOS41OTk5 OTkgIDE0MC42Mzk5OTkgIDEzMC4xNTk5OTkgXQovQm9yZGVyIFswIDAgMF0KL0Rlc3QgL2ZpbGUj M2EjMmYjMmYjMmZ2YXIjMmZ0bXAjMmZDR0l0ZW1wNTA3MjkuZGlyIzJmZHJhZnQjMmRpZXRmIzJk b2F1dGgjMmR2Mi5odG1sLmh0bWwjMjNhbmNob3I1Cj4+CmVuZG9iagoyMyAwIG9iago8PAovVHlw ZSAvQW5ub3QKL1N1YnR5cGUgL0xpbmsKL1JlY3QgWzEwOC45NTk5OTkgIDEwOC4wNzk5OTkgIDE0 MC42Mzk5OTkgIDExOC42Mzk5OTkgXQovQm9yZGVyIFswIDAgMF0KL0Rlc3QgL2ZpbGUjM2EjMmYj MmYjMmZ2YXIjMmZ0bXAjMmZDR0l0ZW1wNTA3MjkuZGlyIzJmZHJhZnQjMmRpZXRmIzJkb2F1dGgj MmR2Mi5odG1sLmh0bWwjMjNhbmNob3I2Cj4+CmVuZG9iagoyNCAwIG9iago8PAovVHlwZSAvQW5u b3QKL1N1YnR5cGUgL0xpbmsKL1JlY3QgWzEwOC45NTk5OTkgIDk2LjU1OTk5OTkgIDE0MC42Mzk5 OTkgIDEwNy4xMTk5OTkgXQovQm9yZGVyIFswIDAgMF0KL0Rlc3QgL2ZpbGUjM2EjMmYjMmYjMmZ2 YXIjMmZ0bXAjMmZDR0l0ZW1wNTA3MjkuZGlyIzJmZHJhZnQjMmRpZXRmIzJkb2F1dGgjMmR2Mi5o dG1sLmh0bWwjMjNhbmNob3I3Cj4+CmVuZG9iagoyNSAwIG9iago8PAovVHlwZSAvQW5ub3QKL1N1 YnR5cGUgL0xpbmsKL1JlY3QgWzEwOC45NTk5OTkgIDg1LjAzOTk5OTkgIDE0MC42Mzk5OTkgIDk1 LjU5OTk5OTkgXQovQm9yZGVyIFswIDAgMF0KL0Rlc3QgL2ZpbGUjM2EjMmYjMmYjMmZ2YXIjMmZ0 bXAjMmZDR0l0ZW1wNTA3MjkuZGlyIzJmZHJhZnQjMmRpZXRmIzJkb2F1dGgjMmR2Mi5odG1sLmh0 bWwjMjNhbmNob3I4Cj4+CmVuZG9iagoyNiAwIG9iago8PAovVHlwZSAvQW5ub3QKL1N1YnR5cGUg L0xpbmsKL1JlY3QgWzkzLjU5OTk5OTkgIDczLjUxOTk5OTkgIDExNC43MTk5OTkgIDg0LjA3OTk5 OTkgXQovQm9yZGVyIFswIDAgMF0KL0Rlc3QgL2ZpbGUjM2EjMmYjMmYjMmZ2YXIjMmZ0bXAjMmZD R0l0ZW1wNTA3MjkuZGlyIzJmZHJhZnQjMmRpZXRmIzJkb2F1dGgjMmR2Mi5odG1sLmh0bWwjMjNh bmNob3I5Cj4+CmVuZG9iagoyNyAwIG9iago8PAovVHlwZSAvQW5ub3QKL1N1YnR5cGUgL0xpbmsK L1JlY3QgWzkzLjU5OTk5OTkgIDYxLjk5OTk5OTkgIDExNC43MTk5OTkgIDcyLjU1OTk5OTkgXQov Qm9yZGVyIFswIDAgMF0KL0Rlc3QgL2ZpbGUjM2EjMmYjMmYjMmZ2YXIjMmZ0bXAjMmZDR0l0ZW1w NTA3MjkuZGlyIzJmZHJhZnQjMmRpZXRmIzJkb2F1dGgjMmR2Mi5odG1sLmh0bWwjMjNhbmNob3Ix MAo+PgplbmRvYmoKMjggMCBvYmoKPDwKL1R5cGUgL0Fubm90Ci9TdWJ0eXBlIC9MaW5rCi9SZWN0 IFs5My41OTk5OTk5ICA1MC40Nzk5OTk5ICAxMTQuNzE5OTk5ICA2MS4wMzk5OTk5IF0KL0JvcmRl ciBbMCAwIDBdCi9EZXN0IC9maWxlIzNhIzJmIzJmIzJmdmFyIzJmdG1wIzJmQ0dJdGVtcDUwNzI5 LmRpciMyZmRyYWZ0IzJkaWV0ZiMyZG9hdXRoIzJkdjIuaHRtbC5odG1sIzIzdGxzCj4+CmVuZG9i agoyOSAwIG9iago8PAovVHlwZSAvQW5ub3QKL1N1YnR5cGUgL0xpbmsKL1JlY3QgWzkzLjU5OTk5 OTkgIDM4Ljk1OTk5OTkgIDExNC43MTk5OTkgIDQ5LjUxOTk5OTkgXQovQm9yZGVyIFswIDAgMF0K L0Rlc3QgL2ZpbGUjM2EjMmYjMmYjMmZ2YXIjMmZ0bXAjMmZDR0l0ZW1wNTA3MjkuZGlyIzJmZHJh ZnQjMmRpZXRmIzJkb2F1dGgjMmR2Mi5odG1sLmh0bWwjMjNhbmNob3IxMQo+PgplbmRvYmoKMzAg MCBvYmoKPDwKL1R5cGUgL0Fubm90Ci9TdWJ0eXBlIC9MaW5rCi9SZWN0IFs4OS43NTk5OTk5ICA3 NTcuMDM5OTk5ICAxMDcuOTk5OTk5ICA3NjQuNzE5OTk5IF0KL0JvcmRlciBbMCAwIDBdCi9BIDw8 Ci9UeXBlIC9BY3Rpb24KL1MgL1VSSQovVVJJIChodHRwOi8vdG9vbHMuaWV0Zi5vcmcvaHRtbC9y ZmM1ODQ5KQo+Pgo+PgplbmRvYmoKNSAwIG9iago8PAovVHlwZSAvUGFnZQovUGFyZW50IDIgMCBS Ci9Db250ZW50cyAzMSAwIFIKL1Jlc291cmNlcyAzMyAwIFIKL0Fubm90cyAzNCAwIFIKL01lZGlh Qm94IFswIDAgNTk1IDg0Ml0KPj4KZW5kb2JqCjMzIDAgb2JqCjw8Ci9Db2xvclNwYWNlIDw8Ci9Q Q1NwIDQgMCBSCi9DU3AgL0RldmljZVJHQgovQ1NwZyAvRGV2aWNlR3JheQo+PgovRXh0R1N0YXRl IDw8Ci9HU2EgMyAwIFIKPj4KL1BhdHRlcm4gPDwKPj4KL0ZvbnQgPDwKL0Y2IDYgMCBSCi9GNyA3 IDAgUgovRjggOCAwIFIKL0Y5IDkgMCBSCi9GMTAgMTAgMCBSCj4+Ci9YT2JqZWN0IDw8Cj4+Cj4+ CmVuZG9iagozNCAwIG9iagpbIDE3IDAgUiAxOCAwIFIgMTkgMCBSIDIwIDAgUiAyMSAwIFIgMjIg MCBSIDIzIDAgUiAyNCAwIFIgMjUgMCBSIDI2IDAgUiAyNyAwIFIgMjggMCBSIDI5IDAgUiAzMCAw IFIgXQplbmRvYmoKMzEgMCBvYmoKPDwKL0xlbmd0aCAzMiAwIFIKL0ZpbHRlciAvRmxhdGVEZWNv ZGUKPj4Kc3RyZWFtCnic7V1Lb+S4Eb73r9A5wHhE6g0EC/g1AXIIMLCBHBY5BLOZDRb2Is4e8vcj qdnd7PpEfSRNqeWx7d21zZXIIuvxVRWL7M9/efhn9usf2efbh/9k38zP24ddfpVX3f4ry/vvT3aD bq8KnQ9fWauKq7oZW789716yl93X3df+v8PPl92h13z8/uPb77vP+/HMU0Pr867t6r73PFdF/+eT /afSXT/W8Hvfnss/h4f/vfv7n7LfZ4c6/p+rMjdfzt/t9152Sl+1Y7saOxV/9vPVTTb8o3Sm6uy/ /9p97+e15HBlvu54TVaW605v1fGarFbrTm/V8Zqsaded3qrjNVlXrTu9mfHqvOi0qurW+bs9XlGY /sus66p2oEqVvSUsyqp/o/+q+vZGXemxvTeJtSrHh7Rs1834h7b7eXL0P1jL7xbNXWG+nL+f0WzT 1pajGR5ptsfq6uF3pO2s3ZrLsZ8nR/+S5kTr7KDZRYOLL0us8zSvn8/bvdZ5WjZcsnRO8wHrO4BT D12pByveDv+o6qAqX31ePIyvxm971H3Lw+3fetz/X6azv/b//pb9/I/+vV8s9McXbx53n7/Umcqz x+/ZfqBP+x+Pe0I/FV32+Ev254GOn7LH33aDF2Ia9NjQnBqKsaE9NZTyiX0f949n/o+DrMZBlu6Q qpZSVUuqrIlU8olaPtGMDd2poZWvdPKV67GhPDXcyCduZR93lI57OVsYFgiD6X9JwYNSW0xQuVhz BbIiZ6IkmxTQKaemSsZIVdFhazms7FSlEtGqPvTYUMbDRLh4yT7wFegUFlSyDZdcMkVdSzrKVNJ0 Wq8bqWxScxQsIFUDdSfVEZ5YZmq9JDSFy1ip+3Ayv1BZodIEo+h8WnHGuUu4G2BGIcy0KmvKq8r4 j8871bsDVsPT7sELQKdGmwW1uc5G1rQO1vQEA2usVdTUkFrysRQ0u8RqWFyLeGnmNNhfUCGQdjCV DuCYa6BqqPerWs3IpjTIukhlYY7rFYFXWroySDgYJWrEEdHgldtENqg7jpkCjQB8AEUpW1HewPQB HdyTA7zytXQWpyuJipwOvh7h3g2uB1AqnRkP/AZmX6fSrqOE6YZNHqhAcZHAiJoBDUlm0quKyhuX t6hbYb7QBIKXDzyJRmOL8500o1QkUTWoSOprOVug40Yaa+Asdcm1jHqgDxzlPpXQnngNS4oLJj0v j/WR4rHMctyhI7Kui9Vlup50U9rhr7Y9d7IUeFkK5FQBDlhmbr+IOperqKyYoYGO93rXzY0NI3VA zLV85IbTm4i6W2jZM15ZC3Evx95LoIKoT0GM0c30AkMrZCV4SDgDoBeJMWZJA6jbz5QgAB5rY3RP WI1o2S57gj5prc6xInS2jsTSqUFx5qDGQCdyGOwVOYxyEiO1MJJCnYIWJA8fseD+xMv9vms+bmZM /35uCPnzHsYxbFAjVKqaBKW6l6laGg51mrXMjRhXqpUsqaQYAmOtLMTddB/na4sw4gke02rVq0Vv lCaWoOphWXcHtTKQ0UgJs4h1ZJ0t+arATNZSvhq6jDAuDNPJJxwp4Lk+gJ0RhAE776e91rlMIBcr 2QcMqyA1L2drEKKcoVTSYeBBATxYj5SSuXRBlCPmK2dGgdkBqbVsgNAbOm0pHcAYeIILCLAO1kOK spKurgJRBsKAl5IwY7tCZgvDYgMsMgj73UWE3WWY516BUaRIYacwF5g+V0u+hKiFsEJAGQh7N+mP RcBFkddOgZHMRu5TJfTQygjeAqWcL/eAY4COssEErXO9wuwAUKUma4ALrmOyU5OihrBpxuR6yBh3 DsAqcaXjjAG1hGGBMGC/VDoER04pf4XDBywQBykQdnBaAGCofHjMVuI8Miqc+wjaHKS4ewGzpXKK iwyyTn0lDmOwYpp7ueF2KwLFcXJykdEGOTQqBb4co3wPNKW45+Hkgrws4n1zqwUeG7jW8Ar3kyMc Vm4c3rfV4koJHv0ibHhvHgqPtFPgC3cVwGGnUpcEClIo7luLVlPASeEOVz7iW0Jpgvj2UkFixJrS iCdmWI5AFwpwIF8Kc+HZYEd53MwCISvBWgD3QT5gWJjcVtSUe0rc5HCHNUFmM8aHoQaFu4E8S+uR 2nLM9pXgUffNNnr44m8KzKqOIdA6uykaVj18NyUirOQohrLOJQgIA0nm+ALD8l0darU9NCocXk2p pOVJyt0VDQIDfUgJMpVXVoMk3VTjgMD8gDvERVseuIEBF3gIcrsXRRyqA3iW8Fa+0shOfT19qGwo A+hQUN6CMo57FbcTggE2ccHt7XJg7XIOjYZi7wRJKo80BUieDMNMKRvWK83lwsCRAtq5zQr3AQHC 0JOI2QPz3RQDkX8lhOuqOhO7iE1B4AOsEE9LQKccS8EJBDp4+t1lAeaGCU/18RxLTFFJiqxciuw6 16nw4CQmeKVbXKYa9sQG8DZ4xlHLc5bgfiwSvixD+pxf9EocKw8nat4Z5MTU6dC428OgRBQyJcjz ouDymAjAwaNui4rMIvYihYXdivgjYdJeeLCf+wZ0088jNo3YbgBfGRQXgmZa14envSJ286l8FLk0 S1JggFEwW6C0UHKRHfnT11r67szUFxosKk+iJMtDlVXrHISmoD1CBz6VBCVGKOs8LwUGFbK0PMjx 8INT7EbynXaOMNzd5PUwPB/G85QfIL0ASFO7vVmAvZh/uZBp7626bVITHLbw2J/mquzr1qUAlNOt AFQ/kLV8M43L6YesM3sRns+LgX6QdZq9AwwuCtFpAZ4gt9ucdP5EeIkhghL3a8AoQQqICxkvAqB4 CuDoschLCC4OexmLAnSky/hU+WEb+MNKUZMTkfFZQk7fsqvoXeU952/QvGvEnkLEyQqP8KvgkQF2 4sGaBGkynu9H4j1WgBcw0QB8ndKiJMGzRx0d0M4D/wgPgm476slrEKMgQx3rlS5UeuaYW9rC7s2U nnFJTnHEaYm02BvCpZj4ghshzgd+oovPn5fZgm+3SM2Fx0bDEgfHPF6BMCbcoCYpjwfh5gdhNp5M SIEnxTEE2Yqn7/EKhz4gjBtQatliqli4nxNzxJGqFC8WigHlcKXjpf1JlJ8fAI7w4pc5Dx++zxZz BIeqUOG4ujvxPS8RlXER5VV8AzDiwJHE9SLZAeiqEvftfxSsvgJhIioHI2orYboQn6Pg0qOWMQee qQIVLQUH6AMSqTT7xr1rPHIiF8gjcoQYBvoAvjjuDfsBDy4MpSRmFcztgkpysJOLbTU4bjqrJdOB pXBBIVy4OLcfV1JSXRsw4FaANbrcIYRaH4s34TgOjZlQmajHh9zjG260jgq8NSyKSqCh+ApFsIh6 Lo+CN1hkHiGmyEusc3cEPXWLJp1n1CJKzvn+QcQmf/j54JjDehGBaQrObSVv55GmW+I6zdWqdZrO Nttw7DbGSVzCbJv1SBB31EXrJJSfuY64JYbrXLI8Vl0f90UWudVgu0q5yvG8Aj7ghl/iwEkPzye9 4eNIi5yM2KxjVEASgqekwAuGO6TCr0VxnXEOyi9t5PgeXAWASkg3eJe5xTBCkaMlOQVYtDObHpvd JYVw7UI1lh71kRGBFD8F9XbqIyMuFeObT9Qhg3wrV21equWRAYi4Moxu1/H9uxh/I8U1bCkCuhQb 4BE1Z5AS4LcybPZ6vEVOpjpgPQXidLVTGi4VSSwTVitdnU0Xjszyqiyed+HqQQNc7tR5fBRGip3p 8MltRoQ8Qk1uHiJqOcLvSoEMu8fe0yrpP48q143cboaEAenhd0CvmkJLUdOcAAsapZyT5dYh4qDu Evefe6g+3YaPucAnorIj4v7RJVJX8f7Hm8hL8jJYvi9KLV1MpzA7FAjufy5S9UxLSlKcRExS484/ WYwv+7tQiBTwoGs3HSl2qHlWAE6zgs8OdISrbiFT+R7V9zH3ty+xNQzbEDCZicQiz3evkiby0MMI w5TAe96Ko7vINb4o7RFeSILECVz0i8C9RO4pyYdbrFLAk3AXKgUYlMdPRH67+1ZJdk9TnAdf5OZO brW4f5UiVOLBd0TlNF917pFyVznimqz3jSYpzOmH/3Uh/+uHrUdvlficcasqBz4lXX70utndD/JD wq/N9yiUV5J2jwiavmJ/3FV+VXXmKzvUoytkVF1lbVlcVXtGPO+azv77afdgMfK8w3NJwcGIVLg7 GyWgdn2cStVLQHk4kWA+18RaknpC7JFcTyLDSBsqPS3SYEsbGpppe2vNZm+irLMS17JBCnjuKjWB j2xoZ4b5IimDYUISEbO8rBr/BXM0hMh728t71Z7kXfWkWQ3bE/j2fJEcAm+tyZZUYljdIBYbC26L rxQ9JffUlDwepIpUwtkEaHMi4WwKIZzNhq1xe75IVDjR9b+4cAawWOGnaHF7DLYVngBzTCUeKYP6 ZHgFOg3JHswqSbu+BW+lBW+3bsFbfwuuwA24uJIEsNiEVbMOiNQJU1NoPQFKAoomXRTXccc5VfR1 c7qZ6d6Bqy9JRUIcft7rdbHLXw9YKRpC9FnlVdblNuqVjd2wPYUeKLaXOlqjt+q19QwIEqV3pvMm 3p9zUjEMC7r9elbH1evx9iI6rlqh42rDoL3XcfV61N6q8zvqeIgoyWzF4WMs4dCTLfTghoL6gfcL TyQDx+KNgmMhwbHYPDgWKcFxWw7xqDgBooQpDVfCYiYERDwFcJSKBKMgqYX0XU1QqLQbDbFboITH zYDTsALYgKRxhwGToR5YDv47zNgF7tzFn3NmHFsEpVyTBJawfKMuRCldiHLzLkSZ0oUwG0tbsoQh ogS6xv2DGM360PFB8OrVc9ddLXLXVsP21LM9XySqndvSvSEtF8LiiRAdPG/qQXCURkKgZAS25GEX 36FoCXSiWT1V3TUiVW01bFQnGn/E0sCqi+tEAIs9PHNzrdzMDryHkkCma9tK0q0PHJ0Ejm7rwNEF AMem8j6jkoSwWMqmKaGyGuB0lOxDN9yZAr0CaFmvKEXl+epA0Y9pgMHogNWwTR2wV4krwaZyOIMS BDHZHGiwt/noAeGJcoEIBJrIYYAi8GgmXcnXdJlN/5299AxR9bjG5se351jWfs2+7v4PwkyzqWVu ZHN0cmVhbQplbmRvYmoKMzIgMCBvYmoKMzgwNAplbmRvYmoKMzYgMCBvYmoKPDwKL1R5cGUgL0Fu bm90Ci9TdWJ0eXBlIC9MaW5rCi9SZWN0IFs5My41OTk5OTk5ICA4MDMuMTIwMDAwICAxMTQuNzE5 OTk5ICA4MTMuNjc5OTk5IF0KL0JvcmRlciBbMCAwIDBdCi9EZXN0IC9maWxlIzNhIzJmIzJmIzJm dmFyIzJmdG1wIzJmQ0dJdGVtcDUwNzI5LmRpciMyZmRyYWZ0IzJkaWV0ZiMyZG9hdXRoIzJkdjIu aHRtbC5odG1sIzIzYW5jaG9yMTIKPj4KZW5kb2JqCjM3IDAgb2JqCjw8Ci9UeXBlIC9Bbm5vdAov U3VidHlwZSAvTGluawovUmVjdCBbOTMuNTk5OTk5OSAgNzkxLjU5OTk5OSAgMTE0LjcxOTk5OSAg ODAyLjE1OTk5OSBdCi9Cb3JkZXIgWzAgMCAwXQovRGVzdCAvZmlsZSMzYSMyZiMyZiMyZnZhciMy ZnRtcCMyZkNHSXRlbXA1MDcyOS5kaXIjMmZkcmFmdCMyZGlldGYjMmRvYXV0aCMyZHYyLmh0bWwu aHRtbCMyM2FuY2hvcjEzCj4+CmVuZG9iagozOCAwIG9iago8PAovVHlwZSAvQW5ub3QKL1N1YnR5 cGUgL0xpbmsKL1JlY3QgWzc4LjIzOTk5OTkgIDc4MC4wNzk5OTkgIDg4Ljc5OTk5OTkgIDc5MC42 Mzk5OTkgXQovQm9yZGVyIFswIDAgMF0KL0Rlc3QgL2ZpbGUjM2EjMmYjMmYjMmZ2YXIjMmZ0bXAj MmZDR0l0ZW1wNTA3MjkuZGlyIzJmZHJhZnQjMmRpZXRmIzJkb2F1dGgjMmR2Mi5odG1sLmh0bWwj MjNhbmNob3IxNAo+PgplbmRvYmoKMzkgMCBvYmoKPDwKL1R5cGUgL0Fubm90Ci9TdWJ0eXBlIC9M aW5rCi9SZWN0IFs5My41OTk5OTk5ICA3NjguNTU5OTk5ICAxMTQuNzE5OTk5ICA3NzkuMTE5OTk5 IF0KL0JvcmRlciBbMCAwIDBdCi9EZXN0IC9maWxlIzNhIzJmIzJmIzJmdmFyIzJmdG1wIzJmQ0dJ dGVtcDUwNzI5LmRpciMyZmRyYWZ0IzJkaWV0ZiMyZG9hdXRoIzJkdjIuaHRtbC5odG1sIzIzY2xp ZW50IzJkdHlwZXMKPj4KZW5kb2JqCjQwIDAgb2JqCjw8Ci9UeXBlIC9Bbm5vdAovU3VidHlwZSAv TGluawovUmVjdCBbOTMuNTk5OTk5OSAgNzU3LjAzOTk5OSAgMTE0LjcxOTk5OSAgNzY3LjU5OTk5 OSBdCi9Cb3JkZXIgWzAgMCAwXQovRGVzdCAvZmlsZSMzYSMyZiMyZiMyZnZhciMyZnRtcCMyZkNH SXRlbXA1MDcyOS5kaXIjMmZkcmFmdCMyZGlldGYjMmRvYXV0aCMyZHYyLmh0bWwuaHRtbCMyM2Ns aWVudCMyZGlkZW50aWZpZXIKPj4KZW5kb2JqCjQxIDAgb2JqCjw8Ci9UeXBlIC9Bbm5vdAovU3Vi dHlwZSAvTGluawovUmVjdCBbOTMuNTk5OTk5OSAgNzQ1LjUxOTk5OSAgMTE0LjcxOTk5OSAgNzU2 LjA3OTk5OSBdCi9Cb3JkZXIgWzAgMCAwXQovRGVzdCAvZmlsZSMzYSMyZiMyZiMyZnZhciMyZnRt cCMyZkNHSXRlbXA1MDcyOS5kaXIjMmZkcmFmdCMyZGlldGYjMmRvYXV0aCMyZHYyLmh0bWwuaHRt bCMyM2NsaWVudCMyZGF1dGhlbnRpY2F0aW9uCj4+CmVuZG9iago0MiAwIG9iago8PAovVHlwZSAv QW5ub3QKL1N1YnR5cGUgL0xpbmsKL1JlY3QgWzEwOC45NTk5OTkgIDczNCAgMTQwLjYzOTk5OSAg NzQ0LjU1OTk5OSBdCi9Cb3JkZXIgWzAgMCAwXQovRGVzdCAvZmlsZSMzYSMyZiMyZiMyZnZhciMy ZnRtcCMyZkNHSXRlbXA1MDcyOS5kaXIjMmZkcmFmdCMyZGlldGYjMmRvYXV0aCMyZHYyLmh0bWwu aHRtbCMyM2NsaWVudCMyZHBhc3N3b3JkCj4+CmVuZG9iago0MyAwIG9iago8PAovVHlwZSAvQW5u b3QKL1N1YnR5cGUgL0xpbmsKL1JlY3QgWzEwOC45NTk5OTkgIDcyMi40Nzk5OTkgIDE0MC42Mzk5 OTkgIDczMy4wMzk5OTkgXQovQm9yZGVyIFswIDAgMF0KL0Rlc3QgL2ZpbGUjM2EjMmYjMmYjMmZ2 YXIjMmZ0bXAjMmZDR0l0ZW1wNTA3MjkuZGlyIzJmZHJhZnQjMmRpZXRmIzJkb2F1dGgjMmR2Mi5o dG1sLmh0bWwjMjNhbmNob3IxNQo+PgplbmRvYmoKNDQgMCBvYmoKPDwKL1R5cGUgL0Fubm90Ci9T dWJ0eXBlIC9MaW5rCi9SZWN0IFs5My41OTk5OTk5ICA3MTAuOTU5OTk5ICAxMTQuNzE5OTk5ICA3 MjEuNTE5OTk5IF0KL0JvcmRlciBbMCAwIDBdCi9EZXN0IC9maWxlIzNhIzJmIzJmIzJmdmFyIzJm dG1wIzJmQ0dJdGVtcDUwNzI5LmRpciMyZmRyYWZ0IzJkaWV0ZiMyZG9hdXRoIzJkdjIuaHRtbC5o dG1sIzIzYW5jaG9yMTYKPj4KZW5kb2JqCjQ1IDAgb2JqCjw8Ci9UeXBlIC9Bbm5vdAovU3VidHlw ZSAvTGluawovUmVjdCBbNzguMjM5OTk5OSAgNjk5LjQzOTk5OSAgODguNzk5OTk5OSAgNzA5Ljk5 OTk5OSBdCi9Cb3JkZXIgWzAgMCAwXQovRGVzdCAvZmlsZSMzYSMyZiMyZiMyZnZhciMyZnRtcCMy ZkNHSXRlbXA1MDcyOS5kaXIjMmZkcmFmdCMyZGlldGYjMmRvYXV0aCMyZHYyLmh0bWwuaHRtbCMy M2FuY2hvcjE3Cj4+CmVuZG9iago0NiAwIG9iago8PAovVHlwZSAvQW5ub3QKL1N1YnR5cGUgL0xp bmsKL1JlY3QgWzkzLjU5OTk5OTkgIDY4Ny45MTk5OTkgIDExNC43MTk5OTkgIDY5OC40Nzk5OTkg XQovQm9yZGVyIFswIDAgMF0KL0Rlc3QgL2ZpbGUjM2EjMmYjMmYjMmZ2YXIjMmZ0bXAjMmZDR0l0 ZW1wNTA3MjkuZGlyIzJmZHJhZnQjMmRpZXRmIzJkb2F1dGgjMmR2Mi5odG1sLmh0bWwjMjNhbmNo b3IxOAo+PgplbmRvYmoKNDcgMCBvYmoKPDwKL1R5cGUgL0Fubm90Ci9TdWJ0eXBlIC9MaW5rCi9S ZWN0IFsxMDguOTU5OTk5ICA2NzYuMzk5OTk5ICAxNDAuNjM5OTk5ICA2ODYuOTU5OTk5IF0KL0Jv cmRlciBbMCAwIDBdCi9EZXN0IC9maWxlIzNhIzJmIzJmIzJmdmFyIzJmdG1wIzJmQ0dJdGVtcDUw NzI5LmRpciMyZmRyYWZ0IzJkaWV0ZiMyZG9hdXRoIzJkdjIuaHRtbC5odG1sIzIzcmVzcG9uc2Uj MmR0eXBlCj4+CmVuZG9iago0OCAwIG9iago8PAovVHlwZSAvQW5ub3QKL1N1YnR5cGUgL0xpbmsK L1JlY3QgWzEwOC45NTk5OTkgIDY2NC44Nzk5OTkgIDE0MC42Mzk5OTkgIDY3NS40Mzk5OTkgXQov Qm9yZGVyIFswIDAgMF0KL0Rlc3QgL2ZpbGUjM2EjMmYjMmYjMmZ2YXIjMmZ0bXAjMmZDR0l0ZW1w NTA3MjkuZGlyIzJmZHJhZnQjMmRpZXRmIzJkb2F1dGgjMmR2Mi5odG1sLmh0bWwjMjNyZWRpcmVj dCMyZHVyaQo+PgplbmRvYmoKNDkgMCBvYmoKPDwKL1R5cGUgL0Fubm90Ci9TdWJ0eXBlIC9MaW5r Ci9SZWN0IFs5My41OTk5OTk5ICA2NTMuMzU5OTk5ICAxMTQuNzE5OTk5ICA2NjMuOTE5OTk5IF0K L0JvcmRlciBbMCAwIDBdCi9EZXN0IC9maWxlIzNhIzJmIzJmIzJmdmFyIzJmdG1wIzJmQ0dJdGVt cDUwNzI5LmRpciMyZmRyYWZ0IzJkaWV0ZiMyZG9hdXRoIzJkdjIuaHRtbC5odG1sIzIzYW5jaG9y MjQKPj4KZW5kb2JqCjUwIDAgb2JqCjw8Ci9UeXBlIC9Bbm5vdAovU3VidHlwZSAvTGluawovUmVj dCBbMTA4Ljk1OTk5OSAgNjQxLjgzOTk5OSAgMTQwLjYzOTk5OSAgNjUyLjM5OTk5OSBdCi9Cb3Jk ZXIgWzAgMCAwXQovRGVzdCAvZmlsZSMzYSMyZiMyZiMyZnZhciMyZnRtcCMyZkNHSXRlbXA1MDcy OS5kaXIjMmZkcmFmdCMyZGlldGYjMmRvYXV0aCMyZHYyLmh0bWwuaHRtbCMyM3Rva2VuIzJkZW5k cG9pbnQjMmRhdXRoCj4+CmVuZG9iago1MSAwIG9iago8PAovVHlwZSAvQW5ub3QKL1N1YnR5cGUg L0xpbmsKL1JlY3QgWzkzLjU5OTk5OTkgIDYzMC4zMTk5OTkgIDExNC43MTk5OTkgIDY0MC44Nzk5 OTkgXQovQm9yZGVyIFswIDAgMF0KL0Rlc3QgL2ZpbGUjM2EjMmYjMmYjMmZ2YXIjMmZ0bXAjMmZD R0l0ZW1wNTA3MjkuZGlyIzJmZHJhZnQjMmRpZXRmIzJkb2F1dGgjMmR2Mi5odG1sLmh0bWwjMjNz Y29wZQo+PgplbmRvYmoKNTIgMCBvYmoKPDwKL1R5cGUgL0Fubm90Ci9TdWJ0eXBlIC9MaW5rCi9S ZWN0IFs3OC4yMzk5OTk5ICA2MTguNzk5OTk5ICA4OC43OTk5OTk5ICA2MjkuMzU5OTk5IF0KL0Jv cmRlciBbMCAwIDBdCi9EZXN0IC9maWxlIzNhIzJmIzJmIzJmdmFyIzJmdG1wIzJmQ0dJdGVtcDUw NzI5LmRpciMyZmRyYWZ0IzJkaWV0ZiMyZG9hdXRoIzJkdjIuaHRtbC5odG1sIzIzYW5jaG9yMjUK Pj4KZW5kb2JqCjUzIDAgb2JqCjw8Ci9UeXBlIC9Bbm5vdAovU3VidHlwZSAvTGluawovUmVjdCBb OTMuNTk5OTk5OSAgNjA3LjI3OTk5OSAgMTE0LjcxOTk5OSAgNjE3LjgzOTk5OSBdCi9Cb3JkZXIg WzAgMCAwXQovRGVzdCAvZmlsZSMzYSMyZiMyZiMyZnZhciMyZnRtcCMyZkNHSXRlbXA1MDcyOS5k aXIjMmZkcmFmdCMyZGlldGYjMmRvYXV0aCMyZHYyLmh0bWwuaHRtbCMyM2dyYW50IzJkY29kZQo+ PgplbmRvYmoKNTQgMCBvYmoKPDwKL1R5cGUgL0Fubm90Ci9TdWJ0eXBlIC9MaW5rCi9SZWN0IFsx MDguOTU5OTk5ICA1OTUuNzU5OTk5ICAxNDAuNjM5OTk5ICA2MDYuMzE5OTk5IF0KL0JvcmRlciBb MCAwIDBdCi9EZXN0IC9maWxlIzNhIzJmIzJmIzJmdmFyIzJmdG1wIzJmQ0dJdGVtcDUwNzI5LmRp ciMyZmRyYWZ0IzJkaWV0ZiMyZG9hdXRoIzJkdjIuaHRtbC5odG1sIzIzY29kZSMyZGF1dGh6IzJk cmVxCj4+CmVuZG9iago1NSAwIG9iago8PAovVHlwZSAvQW5ub3QKL1N1YnR5cGUgL0xpbmsKL1Jl Y3QgWzEwOC45NTk5OTkgIDU4NC4yNDAwMDAgIDE0MC42Mzk5OTkgIDU5NC43OTk5OTkgXQovQm9y ZGVyIFswIDAgMF0KL0Rlc3QgL2ZpbGUjM2EjMmYjMmYjMmZ2YXIjMmZ0bXAjMmZDR0l0ZW1wNTA3 MjkuZGlyIzJmZHJhZnQjMmRpZXRmIzJkb2F1dGgjMmR2Mi5odG1sLmh0bWwjMjNjb2RlIzJkYXV0 aHojMmRyZXNwCj4+CmVuZG9iago1NiAwIG9iago8PAovVHlwZSAvQW5ub3QKL1N1YnR5cGUgL0xp bmsKL1JlY3QgWzEwOC45NTk5OTkgIDU3Mi43MTk5OTkgIDE0MC42Mzk5OTkgIDU4My4yNzk5OTkg XQovQm9yZGVyIFswIDAgMF0KL0Rlc3QgL2ZpbGUjM2EjMmYjMmYjMmZ2YXIjMmZ0bXAjMmZDR0l0 ZW1wNTA3MjkuZGlyIzJmZHJhZnQjMmRpZXRmIzJkb2F1dGgjMmR2Mi5odG1sLmh0bWwjMjN0b2tl biMyZHJlcQo+PgplbmRvYmoKNTcgMCBvYmoKPDwKL1R5cGUgL0Fubm90Ci9TdWJ0eXBlIC9MaW5r Ci9SZWN0IFsxMDguOTU5OTk5ICA1NjEuMTk5OTk5ICAxNDAuNjM5OTk5ICA1NzEuNzU5OTk5IF0K L0JvcmRlciBbMCAwIDBdCi9EZXN0IC9maWxlIzNhIzJmIzJmIzJmdmFyIzJmdG1wIzJmQ0dJdGVt cDUwNzI5LmRpciMyZmRyYWZ0IzJkaWV0ZiMyZG9hdXRoIzJkdjIuaHRtbC5odG1sIzIzYW5jaG9y MjYKPj4KZW5kb2JqCjU4IDAgb2JqCjw8Ci9UeXBlIC9Bbm5vdAovU3VidHlwZSAvTGluawovUmVj dCBbOTMuNTk5OTk5OSAgNTQ5LjY3OTk5OSAgMTE0LjcxOTk5OSAgNTYwLjIzOTk5OSBdCi9Cb3Jk ZXIgWzAgMCAwXQovRGVzdCAvZmlsZSMzYSMyZiMyZiMyZnZhciMyZnRtcCMyZkNHSXRlbXA1MDcy OS5kaXIjMmZkcmFmdCMyZGlldGYjMmRvYXV0aCMyZHYyLmh0bWwuaHRtbCMyM2dyYW50IzJkaW1w bGljaXQKPj4KZW5kb2JqCjU5IDAgb2JqCjw8Ci9UeXBlIC9Bbm5vdAovU3VidHlwZSAvTGluawov UmVjdCBbMTA4Ljk1OTk5OSAgNTM4LjE1OTk5OSAgMTQwLjYzOTk5OSAgNTQ4LjcxOTk5OSBdCi9C b3JkZXIgWzAgMCAwXQovRGVzdCAvZmlsZSMzYSMyZiMyZiMyZnZhciMyZnRtcCMyZkNHSXRlbXA1 MDcyOS5kaXIjMmZkcmFmdCMyZGlldGYjMmRvYXV0aCMyZHYyLmh0bWwuaHRtbCMyM2ltcGxpY2l0 IzJkYXV0aHojMmRyZXEKPj4KZW5kb2JqCjYwIDAgb2JqCjw8Ci9UeXBlIC9Bbm5vdAovU3VidHlw ZSAvTGluawovUmVjdCBbMTA4Ljk1OTk5OSAgNTI2LjYzOTk5OSAgMTQwLjYzOTk5OSAgNTM3LjE5 OTk5OSBdCi9Cb3JkZXIgWzAgMCAwXQovRGVzdCAvZmlsZSMzYSMyZiMyZiMyZnZhciMyZnRtcCMy ZkNHSXRlbXA1MDcyOS5kaXIjMmZkcmFmdCMyZGlldGYjMmRvYXV0aCMyZHYyLmh0bWwuaHRtbCMy M2ltcGxpY2l0IzJkYXV0aHojMmRyZXNwCj4+CmVuZG9iago2MSAwIG9iago8PAovVHlwZSAvQW5u b3QKL1N1YnR5cGUgL0xpbmsKL1JlY3QgWzkzLjU5OTk5OTkgIDUxNS4xMjAwMDAgIDExNC43MTk5 OTkgIDUyNS42Nzk5OTkgXQovQm9yZGVyIFswIDAgMF0KL0Rlc3QgL2ZpbGUjM2EjMmYjMmYjMmZ2 YXIjMmZ0bXAjMmZDR0l0ZW1wNTA3MjkuZGlyIzJmZHJhZnQjMmRpZXRmIzJkb2F1dGgjMmR2Mi5o dG1sLmh0bWwjMjNncmFudCMyZHBhc3N3b3JkCj4+CmVuZG9iago2MiAwIG9iago8PAovVHlwZSAv QW5ub3QKL1N1YnR5cGUgL0xpbmsKL1JlY3QgWzEwOC45NTk5OTkgIDUwMy41OTk5OTkgIDE0MC42 Mzk5OTkgIDUxNC4xNTk5OTkgXQovQm9yZGVyIFswIDAgMF0KL0Rlc3QgL2ZpbGUjM2EjMmYjMmYj MmZ2YXIjMmZ0bXAjMmZDR0l0ZW1wNTA3MjkuZGlyIzJmZHJhZnQjMmRpZXRmIzJkb2F1dGgjMmR2 Mi5odG1sLmh0bWwjMjNhbmNob3IyNwo+PgplbmRvYmoKNjMgMCBvYmoKPDwKL1R5cGUgL0Fubm90 Ci9TdWJ0eXBlIC9MaW5rCi9SZWN0IFsxMDguOTU5OTk5ICA0OTIuMDc5OTk5ICAxNDAuNjM5OTk5 ICA1MDIuNjM5OTk5IF0KL0JvcmRlciBbMCAwIDBdCi9EZXN0IC9maWxlIzNhIzJmIzJmIzJmdmFy IzJmdG1wIzJmQ0dJdGVtcDUwNzI5LmRpciMyZmRyYWZ0IzJkaWV0ZiMyZG9hdXRoIzJkdjIuaHRt bC5odG1sIzIzcGFzc3dvcmQjMmR0b2sjMmRyZXEKPj4KZW5kb2JqCjY0IDAgb2JqCjw8Ci9UeXBl IC9Bbm5vdAovU3VidHlwZSAvTGluawovUmVjdCBbMTA4Ljk1OTk5OSAgNDgwLjU1OTk5OSAgMTQw LjYzOTk5OSAgNDkxLjExOTk5OSBdCi9Cb3JkZXIgWzAgMCAwXQovRGVzdCAvZmlsZSMzYSMyZiMy ZiMyZnZhciMyZnRtcCMyZkNHSXRlbXA1MDcyOS5kaXIjMmZkcmFmdCMyZGlldGYjMmRvYXV0aCMy ZHYyLmh0bWwuaHRtbCMyM2FuY2hvcjI4Cj4+CmVuZG9iago2NSAwIG9iago8PAovVHlwZSAvQW5u b3QKL1N1YnR5cGUgL0xpbmsKL1JlY3QgWzkzLjU5OTk5OTkgIDQ2OS4wMzk5OTkgIDExNC43MTk5 OTkgIDQ3OS41OTk5OTkgXQovQm9yZGVyIFswIDAgMF0KL0Rlc3QgL2ZpbGUjM2EjMmYjMmYjMmZ2 YXIjMmZ0bXAjMmZDR0l0ZW1wNTA3MjkuZGlyIzJmZHJhZnQjMmRpZXRmIzJkb2F1dGgjMmR2Mi5o dG1sLmh0bWwjMjNncmFudCMyZGNsaWVudAo+PgplbmRvYmoKNjYgMCBvYmoKPDwKL1R5cGUgL0Fu bm90Ci9TdWJ0eXBlIC9MaW5rCi9SZWN0IFsxMDguOTU5OTk5ICA0NTcuNTE5OTk5ICAxNDAuNjM5 OTk5ICA0NjguMDc5OTk5IF0KL0JvcmRlciBbMCAwIDBdCi9EZXN0IC9maWxlIzNhIzJmIzJmIzJm dmFyIzJmdG1wIzJmQ0dJdGVtcDUwNzI5LmRpciMyZmRyYWZ0IzJkaWV0ZiMyZG9hdXRoIzJkdjIu aHRtbC5odG1sIzIzYW5jaG9yMjkKPj4KZW5kb2JqCjY3IDAgb2JqCjw8Ci9UeXBlIC9Bbm5vdAov U3VidHlwZSAvTGluawovUmVjdCBbMTA4Ljk1OTk5OSAgNDQ1Ljk5OTk5OSAgMTQwLjYzOTk5OSAg NDU2LjU1OTk5OSBdCi9Cb3JkZXIgWzAgMCAwXQovRGVzdCAvZmlsZSMzYSMyZiMyZiMyZnZhciMy ZnRtcCMyZkNHSXRlbXA1MDcyOS5kaXIjMmZkcmFmdCMyZGlldGYjMmRvYXV0aCMyZHYyLmh0bWwu aHRtbCMyM2NsaWVudCMyZHJlcQo+PgplbmRvYmoKNjggMCBvYmoKPDwKL1R5cGUgL0Fubm90Ci9T dWJ0eXBlIC9MaW5rCi9SZWN0IFsxMDguOTU5OTk5ICA0MzQuNDc5OTk5ICAxNDAuNjM5OTk5ICA0 NDUuMDM5OTk5IF0KL0JvcmRlciBbMCAwIDBdCi9EZXN0IC9maWxlIzNhIzJmIzJmIzJmdmFyIzJm dG1wIzJmQ0dJdGVtcDUwNzI5LmRpciMyZmRyYWZ0IzJkaWV0ZiMyZG9hdXRoIzJkdjIuaHRtbC5o dG1sIzIzYW5jaG9yMzAKPj4KZW5kb2JqCjY5IDAgb2JqCjw8Ci9UeXBlIC9Bbm5vdAovU3VidHlw ZSAvTGluawovUmVjdCBbOTMuNTk5OTk5OSAgNDIyLjk1OTk5OSAgMTE0LjcxOTk5OSAgNDMzLjUx OTk5OSBdCi9Cb3JkZXIgWzAgMCAwXQovRGVzdCAvZmlsZSMzYSMyZiMyZiMyZnZhciMyZnRtcCMy ZkNHSXRlbXA1MDcyOS5kaXIjMmZkcmFmdCMyZGlldGYjMmRvYXV0aCMyZHYyLmh0bWwuaHRtbCMy M2V4dCMyZGdyYW50Cj4+CmVuZG9iago3MCAwIG9iago8PAovVHlwZSAvQW5ub3QKL1N1YnR5cGUg L0xpbmsKL1JlY3QgWzc4LjIzOTk5OTkgIDQxMS40Mzk5OTkgIDg4Ljc5OTk5OTkgIDQyMS45OTk5 OTkgXQovQm9yZGVyIFswIDAgMF0KL0Rlc3QgL2ZpbGUjM2EjMmYjMmYjMmZ2YXIjMmZ0bXAjMmZD R0l0ZW1wNTA3MjkuZGlyIzJmZHJhZnQjMmRpZXRmIzJkb2F1dGgjMmR2Mi5odG1sLmh0bWwjMjN0 b2tlbiMyZGlzc3VlCj4+CmVuZG9iago3MSAwIG9iago8PAovVHlwZSAvQW5ub3QKL1N1YnR5cGUg L0xpbmsKL1JlY3QgWzkzLjU5OTk5OTkgIDM5OS45MTk5OTkgIDExNC43MTk5OTkgIDQxMC40Nzk5 OTkgXQovQm9yZGVyIFswIDAgMF0KL0Rlc3QgL2ZpbGUjM2EjMmYjMmYjMmZ2YXIjMmZ0bXAjMmZD R0l0ZW1wNTA3MjkuZGlyIzJmZHJhZnQjMmRpZXRmIzJkb2F1dGgjMmR2Mi5odG1sLmh0bWwjMjN0 b2tlbiMyZHJlc3BvbnNlCj4+CmVuZG9iago3MiAwIG9iago8PAovVHlwZSAvQW5ub3QKL1N1YnR5 cGUgL0xpbmsKL1JlY3QgWzkzLjU5OTk5OTkgIDM4OC4zOTk5OTkgIDExNC43MTk5OTkgIDM5OC45 NTk5OTkgXQovQm9yZGVyIFswIDAgMF0KL0Rlc3QgL2ZpbGUjM2EjMmYjMmYjMmZ2YXIjMmZ0bXAj MmZDR0l0ZW1wNTA3MjkuZGlyIzJmZHJhZnQjMmRpZXRmIzJkb2F1dGgjMmR2Mi5odG1sLmh0bWwj MjN0b2tlbiMyZGVycm9ycwo+PgplbmRvYmoKNzMgMCBvYmoKPDwKL1R5cGUgL0Fubm90Ci9TdWJ0 eXBlIC9MaW5rCi9SZWN0IFs3OC4yMzk5OTk5ICAzNzYuODc5OTk5ICA4OC43OTk5OTk5ICAzODcu NDM5OTk5IF0KL0JvcmRlciBbMCAwIDBdCi9EZXN0IC9maWxlIzNhIzJmIzJmIzJmdmFyIzJmdG1w IzJmQ0dJdGVtcDUwNzI5LmRpciMyZmRyYWZ0IzJkaWV0ZiMyZG9hdXRoIzJkdjIuaHRtbC5odG1s IzIzdG9rZW4jMmRyZWZyZXNoCj4+CmVuZG9iago3NCAwIG9iago8PAovVHlwZSAvQW5ub3QKL1N1 YnR5cGUgL0xpbmsKL1JlY3QgWzc4LjIzOTk5OTkgIDM2NS4zNTk5OTkgIDg4Ljc5OTk5OTkgIDM3 NS45MTk5OTkgXQovQm9yZGVyIFswIDAgMF0KL0Rlc3QgL2ZpbGUjM2EjMmYjMmYjMmZ2YXIjMmZ0 bXAjMmZDR0l0ZW1wNTA3MjkuZGlyIzJmZHJhZnQjMmRpZXRmIzJkb2F1dGgjMmR2Mi5odG1sLmh0 bWwjMjNhY2Nlc3MjMmRyZXNvdXJjZQo+PgplbmRvYmoKNzUgMCBvYmoKPDwKL1R5cGUgL0Fubm90 Ci9TdWJ0eXBlIC9MaW5rCi9SZWN0IFs5My41OTk5OTk5ICAzNTMuODM5OTk5ICAxMTQuNzE5OTk5 ICAzNjQuMzk5OTk5IF0KL0JvcmRlciBbMCAwIDBdCi9EZXN0IC9maWxlIzNhIzJmIzJmIzJmdmFy IzJmdG1wIzJmQ0dJdGVtcDUwNzI5LmRpciMyZmRyYWZ0IzJkaWV0ZiMyZG9hdXRoIzJkdjIuaHRt bC5odG1sIzIzdG9rZW4jMmR0eXBlcwo+PgplbmRvYmoKNzYgMCBvYmoKPDwKL1R5cGUgL0Fubm90 Ci9TdWJ0eXBlIC9MaW5rCi9SZWN0IFs5My41OTk5OTk5ICAzNDIuMzE5OTk5ICAxMTQuNzE5OTk5 ICAzNTIuODc5OTk5IF0KL0JvcmRlciBbMCAwIDBdCi9EZXN0IC9maWxlIzNhIzJmIzJmIzJmdmFy IzJmdG1wIzJmQ0dJdGVtcDUwNzI5LmRpciMyZmRyYWZ0IzJkaWV0ZiMyZG9hdXRoIzJkdjIuaHRt bC5odG1sIzIzcmVzb3VyY2UjMmRlcnJvcnMKPj4KZW5kb2JqCjc3IDAgb2JqCjw8Ci9UeXBlIC9B bm5vdAovU3VidHlwZSAvTGluawovUmVjdCBbNzguMjM5OTk5OSAgMzMwLjc5OTk5OSAgODguNzk5 OTk5OSAgMzQxLjM1OTk5OSBdCi9Cb3JkZXIgWzAgMCAwXQovRGVzdCAvZmlsZSMzYSMyZiMyZiMy ZnZhciMyZnRtcCMyZkNHSXRlbXA1MDcyOS5kaXIjMmZkcmFmdCMyZGlldGYjMmRvYXV0aCMyZHYy Lmh0bWwuaHRtbCMyM2V4dGVuc2lvbnMKPj4KZW5kb2JqCjc4IDAgb2JqCjw8Ci9UeXBlIC9Bbm5v dAovU3VidHlwZSAvTGluawovUmVjdCBbOTMuNTk5OTk5OSAgMzE5LjI3OTk5OSAgMTE0LjcxOTk5 OSAgMzI5LjgzOTk5OSBdCi9Cb3JkZXIgWzAgMCAwXQovRGVzdCAvZmlsZSMzYSMyZiMyZiMyZnZh ciMyZnRtcCMyZkNHSXRlbXA1MDcyOS5kaXIjMmZkcmFmdCMyZGlldGYjMmRvYXV0aCMyZHYyLmh0 bWwuaHRtbCMyM25ldyMyZHR5cGVzCj4+CmVuZG9iago3OSAwIG9iago8PAovVHlwZSAvQW5ub3QK L1N1YnR5cGUgL0xpbmsKL1JlY3QgWzkzLjU5OTk5OTkgIDMwNy43NTk5OTkgIDExNC43MTk5OTkg IDMxOC4zMTk5OTkgXQovQm9yZGVyIFswIDAgMF0KL0Rlc3QgL2ZpbGUjM2EjMmYjMmYjMmZ2YXIj MmZ0bXAjMmZDR0l0ZW1wNTA3MjkuZGlyIzJmZHJhZnQjMmRpZXRmIzJkb2F1dGgjMmR2Mi5odG1s Lmh0bWwjMjNlbmRwb2ludCMyZHBhcmFtcwo+PgplbmRvYmoKODAgMCBvYmoKPDwKL1R5cGUgL0Fu bm90Ci9TdWJ0eXBlIC9MaW5rCi9SZWN0IFs5My41OTk5OTk5ICAyOTYuMjM5OTk5ICAxMTQuNzE5 OTk5ICAzMDYuNzk5OTk5IF0KL0JvcmRlciBbMCAwIDBdCi9EZXN0IC9maWxlIzNhIzJmIzJmIzJm dmFyIzJmdG1wIzJmQ0dJdGVtcDUwNzI5LmRpciMyZmRyYWZ0IzJkaWV0ZiMyZG9hdXRoIzJkdjIu aHRtbC5odG1sIzIzYW5jaG9yMzEKPj4KZW5kb2JqCjgxIDAgb2JqCjw8Ci9UeXBlIC9Bbm5vdAov U3VidHlwZSAvTGluawovUmVjdCBbOTMuNTk5OTk5OSAgMjg0LjcxOTk5OSAgMTE0LjcxOTk5OSAg Mjk1LjI3OTk5OSBdCi9Cb3JkZXIgWzAgMCAwXQovRGVzdCAvZmlsZSMzYSMyZiMyZiMyZnZhciMy ZnRtcCMyZkNHSXRlbXA1MDcyOS5kaXIjMmZkcmFmdCMyZGlldGYjMmRvYXV0aCMyZHYyLmh0bWwu aHRtbCMyM3Jlc3BvbnNlIzJkdHlwZSMyZGV4dAo+PgplbmRvYmoKODIgMCBvYmoKPDwKL1R5cGUg L0Fubm90Ci9TdWJ0eXBlIC9MaW5rCi9SZWN0IFs5My41OTk5OTk5ICAyNzMuMTk5OTk5ICAxMTQu NzE5OTk5ICAyODMuNzU5OTk5IF0KL0JvcmRlciBbMCAwIDBdCi9EZXN0IC9maWxlIzNhIzJmIzJm IzJmdmFyIzJmdG1wIzJmQ0dJdGVtcDUwNzI5LmRpciMyZmRyYWZ0IzJkaWV0ZiMyZG9hdXRoIzJk djIuaHRtbC5odG1sIzIzbmV3IzJkZXJyb3JzCj4+CmVuZG9iago4MyAwIG9iago8PAovVHlwZSAv QW5ub3QKL1N1YnR5cGUgL0xpbmsKL1JlY3QgWzc4LjIzOTk5OTkgIDI2MS42Nzk5OTkgIDg4Ljc5 OTk5OTkgIDI3Mi4yMzk5OTkgXQovQm9yZGVyIFswIDAgMF0KL0Rlc3QgL2ZpbGUjM2EjMmYjMmYj MmZ2YXIjMmZ0bXAjMmZDR0l0ZW1wNTA3MjkuZGlyIzJmZHJhZnQjMmRpZXRmIzJkb2F1dGgjMmR2 Mi5odG1sLmh0bWwjMjNhbmNob3IzMgo+PgplbmRvYmoKODQgMCBvYmoKPDwKL1R5cGUgL0Fubm90 Ci9TdWJ0eXBlIC9MaW5rCi9SZWN0IFs3OC4yMzk5OTk5ICAyNTAuMTU5OTk5ICA5NS41MTk5OTk5 ICAyNjAuNzE5OTk5IF0KL0JvcmRlciBbMCAwIDBdCi9EZXN0IC9maWxlIzNhIzJmIzJmIzJmdmFy IzJmdG1wIzJmQ0dJdGVtcDUwNzI5LmRpciMyZmRyYWZ0IzJkaWV0ZiMyZG9hdXRoIzJkdjIuaHRt bC5odG1sIzIzYW5jaG9yMzMKPj4KZW5kb2JqCjg1IDAgb2JqCjw8Ci9UeXBlIC9Bbm5vdAovU3Vi dHlwZSAvTGluawovUmVjdCBbOTMuNTk5OTk5OSAgMjM4LjYzOTk5OSAgMTIxLjQzOTk5OSAgMjQ5 LjE5OTk5OSBdCi9Cb3JkZXIgWzAgMCAwXQovRGVzdCAvZmlsZSMzYSMyZiMyZiMyZnZhciMyZnRt cCMyZkNHSXRlbXA1MDcyOS5kaXIjMmZkcmFmdCMyZGlldGYjMmRvYXV0aCMyZHYyLmh0bWwuaHRt bCMyM2FuY2hvcjM0Cj4+CmVuZG9iago4NiAwIG9iago8PAovVHlwZSAvQW5ub3QKL1N1YnR5cGUg L0xpbmsKL1JlY3QgWzkzLjU5OTk5OTkgIDIyNy4xMTk5OTkgIDEyMS40Mzk5OTkgIDIzNy42Nzk5 OTkgXQovQm9yZGVyIFswIDAgMF0KL0Rlc3QgL2ZpbGUjM2EjMmYjMmYjMmZ2YXIjMmZ0bXAjMmZD R0l0ZW1wNTA3MjkuZGlyIzJmZHJhZnQjMmRpZXRmIzJkb2F1dGgjMmR2Mi5odG1sLmh0bWwjMjNh bmNob3IzNQo+PgplbmRvYmoKODcgMCBvYmoKPDwKL1R5cGUgL0Fubm90Ci9TdWJ0eXBlIC9MaW5r Ci9SZWN0IFs5My41OTk5OTk5ICAyMTUuNTk5OTk5ICAxMjEuNDM5OTk5ICAyMjYuMTU5OTk5IF0K L0JvcmRlciBbMCAwIDBdCi9EZXN0IC9maWxlIzNhIzJmIzJmIzJmdmFyIzJmdG1wIzJmQ0dJdGVt cDUwNzI5LmRpciMyZmRyYWZ0IzJkaWV0ZiMyZG9hdXRoIzJkdjIuaHRtbC5odG1sIzIzYW5jaG9y MzYKPj4KZW5kb2JqCjg4IDAgb2JqCjw8Ci9UeXBlIC9Bbm5vdAovU3VidHlwZSAvTGluawovUmVj dCBbOTMuNTk5OTk5OSAgMjA0LjA3OTk5OSAgMTIxLjQzOTk5OSAgMjE0LjYzOTk5OSBdCi9Cb3Jk ZXIgWzAgMCAwXQovRGVzdCAvZmlsZSMzYSMyZiMyZiMyZnZhciMyZnRtcCMyZkNHSXRlbXA1MDcy OS5kaXIjMmZkcmFmdCMyZGlldGYjMmRvYXV0aCMyZHYyLmh0bWwuaHRtbCMyM2FuY2hvcjM3Cj4+ CmVuZG9iago4OSAwIG9iago8PAovVHlwZSAvQW5ub3QKL1N1YnR5cGUgL0xpbmsKL1JlY3QgWzkz LjU5OTk5OTkgIDE5Mi41NTk5OTkgIDEyMS40Mzk5OTkgIDIwMy4xMTk5OTkgXQovQm9yZGVyIFsw IDAgMF0KL0Rlc3QgL2ZpbGUjM2EjMmYjMmYjMmZ2YXIjMmZ0bXAjMmZDR0l0ZW1wNTA3MjkuZGly IzJmZHJhZnQjMmRpZXRmIzJkb2F1dGgjMmR2Mi5odG1sLmh0bWwjMjNhbmNob3IzOAo+PgplbmRv YmoKOTAgMCBvYmoKPDwKL1R5cGUgL0Fubm90Ci9TdWJ0eXBlIC9MaW5rCi9SZWN0IFs5My41OTk5 OTk5ICAxODEuMDM5OTk5ICAxMjEuNDM5OTk5ICAxOTEuNTk5OTk5IF0KL0JvcmRlciBbMCAwIDBd Ci9EZXN0IC9maWxlIzNhIzJmIzJmIzJmdmFyIzJmdG1wIzJmQ0dJdGVtcDUwNzI5LmRpciMyZmRy YWZ0IzJkaWV0ZiMyZG9hdXRoIzJkdjIuaHRtbC5odG1sIzIzYW5jaG9yMzkKPj4KZW5kb2JqCjkx IDAgb2JqCjw8Ci9UeXBlIC9Bbm5vdAovU3VidHlwZSAvTGluawovUmVjdCBbOTMuNTk5OTk5OSAg MTY5LjUxOTk5OSAgMTIxLjQzOTk5OSAgMTgwLjA3OTk5OSBdCi9Cb3JkZXIgWzAgMCAwXQovRGVz dCAvZmlsZSMzYSMyZiMyZiMyZnZhciMyZnRtcCMyZkNHSXRlbXA1MDcyOS5kaXIjMmZkcmFmdCMy ZGlldGYjMmRvYXV0aCMyZHYyLmh0bWwuaHRtbCMyM2FuY2hvcjQwCj4+CmVuZG9iago5MiAwIG9i ago8PAovVHlwZSAvQW5ub3QKL1N1YnR5cGUgL0xpbmsKL1JlY3QgWzkzLjU5OTk5OTkgIDE1Ny45 OTk5OTkgIDEyMS40Mzk5OTkgIDE2OC41NTk5OTkgXQovQm9yZGVyIFswIDAgMF0KL0Rlc3QgL2Zp bGUjM2EjMmYjMmYjMmZ2YXIjMmZ0bXAjMmZDR0l0ZW1wNTA3MjkuZGlyIzJmZHJhZnQjMmRpZXRm IzJkb2F1dGgjMmR2Mi5odG1sLmh0bWwjMjNhbmNob3I0MQo+PgplbmRvYmoKOTMgMCBvYmoKPDwK L1R5cGUgL0Fubm90Ci9TdWJ0eXBlIC9MaW5rCi9SZWN0IFs5My41OTk5OTk5ICAxNDYuNDc5OTk5 ICAxMjEuNDM5OTk5ICAxNTcuMDM5OTk5IF0KL0JvcmRlciBbMCAwIDBdCi9EZXN0IC9maWxlIzNh IzJmIzJmIzJmdmFyIzJmdG1wIzJmQ0dJdGVtcDUwNzI5LmRpciMyZmRyYWZ0IzJkaWV0ZiMyZG9h dXRoIzJkdjIuaHRtbC5odG1sIzIzYW5jaG9yNDIKPj4KZW5kb2JqCjk0IDAgb2JqCjw8Ci9UeXBl IC9Bbm5vdAovU3VidHlwZSAvTGluawovUmVjdCBbOTMuNTk5OTk5OSAgMTM0Ljk1OTk5OSAgMTI4 LjE1OTk5OSAgMTQ1LjUxOTk5OSBdCi9Cb3JkZXIgWzAgMCAwXQovRGVzdCAvZmlsZSMzYSMyZiMy ZiMyZnZhciMyZnRtcCMyZkNHSXRlbXA1MDcyOS5kaXIjMmZkcmFmdCMyZGlldGYjMmRvYXV0aCMy ZHYyLmh0bWwuaHRtbCMyM2FudGhyb3B5Cj4+CmVuZG9iago5NSAwIG9iago8PAovVHlwZSAvQW5u b3QKL1N1YnR5cGUgL0xpbmsKL1JlY3QgWzkzLjU5OTk5OTkgIDEyMy40Mzk5OTkgIDEyOC4xNTk5 OTkgIDEzMy45OTk5OTkgXQovQm9yZGVyIFswIDAgMF0KL0Rlc3QgL2ZpbGUjM2EjMmYjMmYjMmZ2 YXIjMmZ0bXAjMmZDR0l0ZW1wNTA3MjkuZGlyIzJmZHJhZnQjMmRpZXRmIzJkb2F1dGgjMmR2Mi5o dG1sLmh0bWwjMjNhbmNob3I0Mwo+PgplbmRvYmoKOTYgMCBvYmoKPDwKL1R5cGUgL0Fubm90Ci9T dWJ0eXBlIC9MaW5rCi9SZWN0IFs5My41OTk5OTk5ICAxMTEuOTE5OTk5ICAxMjguMTU5OTk5ICAx MjIuNDc5OTk5IF0KL0JvcmRlciBbMCAwIDBdCi9EZXN0IC9maWxlIzNhIzJmIzJmIzJmdmFyIzJm dG1wIzJmQ0dJdGVtcDUwNzI5LmRpciMyZmRyYWZ0IzJkaWV0ZiMyZG9hdXRoIzJkdjIuaHRtbC5o dG1sIzIzQ1NSRgo+PgplbmRvYmoKOTcgMCBvYmoKPDwKL1R5cGUgL0Fubm90Ci9TdWJ0eXBlIC9M aW5rCi9SZWN0IFs5My41OTk5OTk5ICAxMDAuMzk5OTk5ICAxMjguMTU5OTk5ICAxMTAuOTU5OTk5 IF0KL0JvcmRlciBbMCAwIDBdCi9EZXN0IC9maWxlIzNhIzJmIzJmIzJmdmFyIzJmdG1wIzJmQ0dJ dGVtcDUwNzI5LmRpciMyZmRyYWZ0IzJkaWV0ZiMyZG9hdXRoIzJkdjIuaHRtbC5odG1sIzIzYW5j aG9yNDQKPj4KZW5kb2JqCjk4IDAgb2JqCjw8Ci9UeXBlIC9Bbm5vdAovU3VidHlwZSAvTGluawov UmVjdCBbOTMuNTk5OTk5OSAgODguODc5OTk5OSAgMTI4LjE1OTk5OSAgOTkuNDM5OTk5OSBdCi9C b3JkZXIgWzAgMCAwXQovRGVzdCAvZmlsZSMzYSMyZiMyZiMyZnZhciMyZnRtcCMyZkNHSXRlbXA1 MDcyOS5kaXIjMmZkcmFmdCMyZGlldGYjMmRvYXV0aCMyZHYyLmh0bWwuaHRtbCMyM2FuY2hvcjQ1 Cj4+CmVuZG9iago5OSAwIG9iago8PAovVHlwZSAvQW5ub3QKL1N1YnR5cGUgL0xpbmsKL1JlY3Qg WzkzLjU5OTk5OTkgIDc3LjM1OTk5OTkgIDEyOC4xNTk5OTkgIDg3LjkxOTk5OTkgXQovQm9yZGVy IFswIDAgMF0KL0Rlc3QgL2ZpbGUjM2EjMmYjMmYjMmZ2YXIjMmZ0bXAjMmZDR0l0ZW1wNTA3Mjku ZGlyIzJmZHJhZnQjMmRpZXRmIzJkb2F1dGgjMmR2Mi5odG1sLmh0bWwjMjNvcGVuIzJkcmVkaXJl Y3QKPj4KZW5kb2JqCjEwMCAwIG9iago8PAovVHlwZSAvQW5ub3QKL1N1YnR5cGUgL0xpbmsKL1Jl Y3QgWzkzLjU5OTk5OTkgIDY1LjgzOTk5OTkgIDEyOC4xNTk5OTkgIDc2LjM5OTk5OTkgXQovQm9y ZGVyIFswIDAgMF0KL0Rlc3QgL2ZpbGUjM2EjMmYjMmYjMmZ2YXIjMmZ0bXAjMmZDR0l0ZW1wNTA3 MjkuZGlyIzJmZHJhZnQjMmRpZXRmIzJkb2F1dGgjMmR2Mi5odG1sLmh0bWwjMjNhbmNob3I0Ngo+ PgplbmRvYmoKMTAxIDAgb2JqCjw8Ci9UeXBlIC9Bbm5vdAovU3VidHlwZSAvTGluawovUmVjdCBb NzguMjM5OTk5OSAgNDIuNzk5OTk5OSAgOTUuNTE5OTk5OSAgNTMuMzU5OTk5OSBdCi9Cb3JkZXIg WzAgMCAwXQovRGVzdCAvZmlsZSMzYSMyZiMyZiMyZnZhciMyZnRtcCMyZkNHSXRlbXA1MDcyOS5k aXIjMmZkcmFmdCMyZGlldGYjMmRvYXV0aCMyZHYyLmh0bWwuaHRtbCMyM2FuY2hvcjQ3Cj4+CmVu ZG9iagoxMDIgMCBvYmoKPDwKL1R5cGUgL0Fubm90Ci9TdWJ0eXBlIC9MaW5rCi9SZWN0IFs5My41 OTk5OTk5ICAzMS4yNzk5OTk5ICAxMjEuNDM5OTk5ICA0MS44Mzk5OTk5IF0KL0JvcmRlciBbMCAw IDBdCi9EZXN0IC9maWxlIzNhIzJmIzJmIzJmdmFyIzJmdG1wIzJmQ0dJdGVtcDUwNzI5LmRpciMy ZmRyYWZ0IzJkaWV0ZiMyZG9hdXRoIzJkdjIuaHRtbC5odG1sIzIzdHlwZSMyZHJlZ2lzdHJ5Cj4+ CmVuZG9iagozNSAwIG9iago8PAovVHlwZSAvUGFnZQovUGFyZW50IDIgMCBSCi9Db250ZW50cyAx MDMgMCBSCi9SZXNvdXJjZXMgMTA1IDAgUgovQW5ub3RzIDEwNiAwIFIKL01lZGlhQm94IFswIDAg NTk1IDg0Ml0KPj4KZW5kb2JqCjEwNSAwIG9iago8PAovQ29sb3JTcGFjZSA8PAovUENTcCA0IDAg UgovQ1NwIC9EZXZpY2VSR0IKL0NTcGcgL0RldmljZUdyYXkKPj4KL0V4dEdTdGF0ZSA8PAovR1Nh IDMgMCBSCj4+Ci9QYXR0ZXJuIDw8Cj4+Ci9Gb250IDw8Ci9GNiA2IDAgUgo+PgovWE9iamVjdCA8 PAo+Pgo+PgplbmRvYmoKMTA2IDAgb2JqClsgMzYgMCBSIDM3IDAgUiAzOCAwIFIgMzkgMCBSIDQw IDAgUiA0MSAwIFIgNDIgMCBSIDQzIDAgUiA0NCAwIFIgNDUgMCBSIDQ2IDAgUiA0NyAwIFIgNDgg MCBSIDQ5IDAgUiA1MCAwIFIgNTEgMCBSIDUyIDAgUiA1MyAwIFIgNTQgMCBSIDU1IDAgUiA1NiAw IFIgNTcgMCBSIDU4IDAgUiA1OSAwIFIgNjAgMCBSIDYxIDAgUiA2MiAwIFIgNjMgMCBSIDY0IDAg UiA2NSAwIFIgNjYgMCBSIDY3IDAgUiA2OCAwIFIgNjkgMCBSIDcwIDAgUiA3MSAwIFIgNzIgMCBS IDczIDAgUiA3NCAwIFIgNzUgMCBSIDc2IDAgUiA3NyAwIFIgNzggMCBSIDc5IDAgUiA4MCAwIFIg ODEgMCBSIDgyIDAgUiA4MyAwIFIgODQgMCBSIDg1IDAgUiA4NiAwIFIgODcgMCBSIDg4IDAgUiA4 OSAwIFIgOTAgMCBSIDkxIDAgUiA5MiAwIFIgOTMgMCBSIDk0IDAgUiA5NSAwIFIgOTYgMCBSIDk3 IDAgUiA5OCAwIFIgOTkgMCBSIDEwMCAwIFIgMTAxIDAgUiAxMDIgMCBSIF0KZW5kb2JqCjEwMyAw IG9iago8PAovTGVuZ3RoIDEwNCAwIFIKL0ZpbHRlciAvRmxhdGVEZWNvZGUKPj4Kc3RyZWFtCnic 7V1Nj9vIEb3rV/AcwGOymx9NIFhgPWsHyCGA4QFyCHIIvNgEi51FjD3k74di00OySlKxqJL6UZKN 3bHatNisrlef3Y/v//LlX9m//8jeP3/5b/Z1+Pn8ZZc/5VUbf2V59/vddMCFJ+/y/a8sFP6pbvrR r6+7b9m33efd5+7/33ZF3f/D4Uf3l99vkfe///j6++59vPkujnx5/lv3p/9lLvtr99+v2T/+2Q3+ PHzf/oLXXWjrbh55Xvju42/Tj4XPq7r/czee04/7i/+z+/ufst/3E3NPoZ98ESc4/fiucG33dP2n 9VP+duIffnjZvf9UdxPMXn7J4gzexR8vr7u66j7kzmUvP2d/3k/ih+zl1121/0vdwMeXTm750/cV a99mW/DZhirr7umfqn5BX3fFXpzjwG+7L+PjkG+cSeTA3U7L5sSXnZRSIFKq+kduRxnURCjux8NX 9FK69hrvxatc5KYfKMeBQJ+n7Qfqt4HC0St+JFfkH8gVxad+oMgVX1I8kyvcB/ol+Scy+aKgT0Ov YE/jnsflOhNbvrk+tnwg2HobQMXWKCUZWz/hYUuxyO5jVNjiODA4uKjWsyu4SrMvpRBmX8pxwh6m ZGATb+PizMIJkIvGZc3TeTV06j10qtEtNe30Mx5yon2pvpv1ogTCRSe76dwWmDqmWrLZXqNJ9L5F Ljohzy7hM/FEyfmNRU+2Xust3FSdwE3V1E3V6G7qTUrHwDYRyhFHltJNaRY5ER5zR5A0hGIT/yGH jVPjfyYuQoLUKNDUKOA6oTCXkowLKDc14EKzyKlwwVKyZzl70gdWzktXHMvRLMDWJnBCLXVCLboT apc7oYJpQHqwaRY5VVDYsoiPJZ0sR6MlH5M85yN1flBRY1Gc7x0tBjSg77KSrJv4xMWWzXQAD/X7 GU9lvR72qNFptwJKZUplGCp2X1ZFoakgH4iuvHvc4xBlxVOzgmThzneyaTDrAsGsw/XUA2bd+a4a NXKOmNUoU8TBtPC5wocyYNyl726PP7+PA33D8tjDiM/P78uzDbMcuyivn2MXJcmxxwE8YxLmUpJt icuRLEUf9msW2TsGYab2rJx6kartgoYku4IhJVX0srIFUlRh1gIZP+MhI9qP6s3LIqW7fQtknJus 9jy4lHvo3IWwK6gb4n14se/nvah83D+wMi2fGnN3Kp0+0+s0CbxOQ71Og+513qS0tZwyeh3FIpsE jgsyOWbZP6SJExNj2gLCYaupbKCpbMD1sUMqGyQnKxsCVFMRU1mFMi3YNMCrPguwc2QTy6m9M4b9 UwNEunyjBWGXk4LwOICKyFHWFogELC5plGkBIg8kZsxXydkdi6YfvvmwJSiu38t1BenljgN4IA5z KW2t/NuH16pFpo6JqacrqPuTax63iBy/VR/qqQ/18D7UL/ehW9vyF32oRpkeuy1oqAy128KVCVxq SV1qie5SS4VLRaoXDy5VscgHgMPCU6bScqLKuiJpXLmrxdh78YkybQ/E1fNjIONnPK2PtqH+bueh en99D2Sc25pNAgcO+MnHo+RwTbziQP/wHirGFn6qSeCnGuqnGnQ/9SalY4hFDSyjn1Is8i3i5FQJ dsEpyQWb95kUf6KmccGZsgumqe1W09SWpqktrnMf0tRW8u4bb75olOnOrMmSA6rc4FCJyGG/nWXw +Ubbsj4nbdlxANUyjLK2sAxYJebeMmiU6WEZrtqFtjAVBsxDaUyFI0GEB6YvGkyFswwisEpn0VQo lOm2S2cbjBkMaJLSGAJPYwZgrqXBEHjLmAGq3jgYAoUy3b0hgA8RNCRCRtVEX5F92h6YBirMpSRj GivK76uJqkWmTBjFwKg2GeF9ILGTzWEvsgSil+i8AalTGqdaU6cKzAw1ONV6uVPd5E4SjTI9EnH0 cNuA1iqNZQg07wbmxhosQzjfNaM672gZFMr0CLfRw+0EHFyecnB5dA6uUUoLMA1VKYvhtmKR1+g0 12Dm/pkvF1G/YK/QAWYdBp0VjCKJSX9ObUE6sNdgBUOBxeZZmU5attJg+VO5VXqzktKblfD0ZqOs 11tU6PxJo0yP/OmS+dMpUy9bF9km30AUWG6VJK6kJHElPEncKGsLyweYH2qU6e7zQ7BCUWnAzZbG EJQ0BAImeBsMQWkZAmGlndEQKJTp7g0BfIigYDazKhSVFSkUlcDcdGEuJRnTWDsp+kKRapFTvRnh UQK5YAnEgCUvjf9vqP8Hptob/H+z3P9v7cxY9P8PNj6QzOBRApEt31bJBUtKLljCkwuOsrawfIgl EA254L1nPmAlkGqrnIYV5TSs4DkNR1mbGAK8EohGme7eEKCHCFUCjsOKchxW6ByHo5QWYJrpUfIS iGaRGfugr6T4W0YOB6xFvmFYZjj7jROVn7MtVcC8gRH4b6x6UArbsy1VGsY/dpRC9hYsCzdhUpJ1 7Qa9o4ULSsAJWFFOwAqdE3CU0jG8otbNogtSLDJnzWOAvQRM+HuDWcrGmgG3GBFqqO6s4FiTw4oV MFlhmEtJhiNWMSfCUbHInI+aVaDldzzJO5QRkKMJ+Jr5K8YqYLK+iOuRrA9JH2PAp2HikxWFW3Kx m8rVgjViHkHiWUGiBlstSaaA2e0itkZyO6R6XcTWebx0F9E1EyhZvGpwxctR1rwtE+YAkt27B2sD hjxtmFjnJGurgcntwlxKxwwDdNamWeQb8FMnvPAZ7yS7CPoMSOfU6HMkSauB+eLCXEoy+gCTNM0i P5K0Q4Fk7edJWg1MbBZxPfKasfwjdSBZKyjJEnWRDrxogW2OEzf0spkNpt7CbCcgAqspEViNTgQ2 SukYCLCDJsUi+zjb6fl/uZiR7M0gj3juYvGcAc2Z2jDUNJsCZigLcynJhgExnlMsMrBhcB/FqR1g CpED1uu+5fI8shR5p8kBRkdmpeQQiN3GzuIY0KepLU6goQgw81mYS2mBxUEq/Q4WR7HIN29x7u04 zkW2x8EHUgm432rK/Vajc7+NUpLNGuCRXs0iP8zabZk15LgxcXV0O+luY8BKp7XSTUGCzwaYUC7M pbTASiNt4o5WWrPIwFb6gH3lDX8+IjPv642hTM6QqC9k87rQlUcvGjdv8jTAdGnR+o1sacxTp27y NAqiswPxiz4EcJ/Uzowj8oDzsnh9xkUimrVaPiEDC2H6GVXLR6Ys2qPxDZDad8KcTVZ/PGHBJjJ5 69bSLuSpzskCK7ziZN4CniG5sGAMnDPDzwS8X82U98u56QAegAOR0lIAo/ZlO3krVz0REZhJMm/B A3ZJX2iBYANOLzWCp3RcPYKB6bgCkZIewVgN1IhgzaqnovJb9Wq3pY2/U9vDxWwxLWINuKjUiA3U 5wLTSAUipRWIhWpARsTeK2mUXbAaDLibtMAJOXF1AZh2KRAp6YGD1eLqgaNZ9WQnIreGpARcR6Eg Liigcx1NpLQCSVBtiIgkxarfWS/Vvmx/JkA1vD9WAPXU1QEzNwUipRUAxcvqNKv+AOgKgK4JGJZ0 NGWKevEwtcmOEMeehnd1aVbOvyUOdIp6fInF/vKB3RwihxBWmh4SkHGFksZI6GRcEymtMMF4abpm 1WG4DPhUHy9T3eKbRCysVgLOslDTwBGds2wipRVWC+k88mC1FKuO83KKNV36BXvfEmH4mqeng4Il zAzlDY1NgHneApHSCpQjbUgbUK5YdZzN4QvekgXb6r8qphXsZGaYntDLFb6YDqBiuj3Dc2Nvv9sv gFINthfi6l6Wp486LsSwxy0UEwmzUKyaQa0LbwGZpQFtAk66dspJtzcmLTon3URKFvv6oDb69cZE owYHcnmR+PVaXLGbg18CUrrWEV/eopPSTaRkAD+sXXoRfho1kH05i8Zl7+cDTWvYGwXEENeki3Kt 912yxxNLidz+yIVQu6i/VVDJmVkKTx01MBlgIFKysBRQbYdoKTRqsGI/r+z8fCuF9PJ3LHb2FsBJ QCDYVtTFohMITqRkABys3YEROBo1uMweAt5RZ1rPsJVmf4DJ26Dlx13Q+5c9uWvYSqwowfPlhNpj 0CYgO2xr6v3RyQ4nUrIwYlAbM6MR06gBb+0vOERj8QLXa22EEiN2wzw9AfVfG2gQgU79N5GSBf4A 83QNOSDbHSdXxXiqu4K3iB0gYJ3wmz5GxO8iG44tn0g0qbrc+vYzOZiTq9xMApw6f3F+beGSRka/ S57bVZKuuLyYka5MPuM5rb0cuwkedVpQjZo96cp0snLYwYwYM/MH6Ii4K7DYjXWPnCkuVxBDGQWN 3T3nm68mA3j4C0RKS/F3qreaevOVbtVpALRgt9ICH2py4ufOgkQLts9V/S7e1ZbTBGbmTvWdut/Z t06ri7pX1OHH19e1+Picfd79H8N0xexlbmRzdHJlYW0KZW5kb2JqCjEwNCAwIG9iagozMjc0CmVu ZG9iagoxMDggMCBvYmoKWzIgL1hZWiA0Ny41MTk5OTk5ICAKNDEyLjM5OTk5OSAgMF0KZW5kb2Jq CjEwOSAwIG9iagpbMiAvWFlaIDQ3LjUxOTk5OTkgIAozNzEuMTE5OTk5ICAwXQplbmRvYmoKMTEw IDAgb2JqCjw8Ci9UeXBlIC9Bbm5vdAovU3VidHlwZSAvTGluawovUmVjdCBbMTA4Ljk1OTk5OSAg ODAzLjEyMDAwMCAgMTQ3LjM1OTk5OSAgODEzLjY3OTk5OSBdCi9Cb3JkZXIgWzAgMCAwXQovRGVz dCAvZmlsZSMzYSMyZiMyZiMyZnZhciMyZnRtcCMyZkNHSXRlbXA1MDcyOS5kaXIjMmZkcmFmdCMy ZGlldGYjMmRvYXV0aCMyZHYyLmh0bWwuaHRtbCMyM2FuY2hvcjQ4Cj4+CmVuZG9iagoxMTEgMCBv YmoKPDwKL1R5cGUgL0Fubm90Ci9TdWJ0eXBlIC9MaW5rCi9SZWN0IFs5My41OTk5OTk5ICA3OTEu NTk5OTk5ICAxMjEuNDM5OTk5ICA4MDIuMTU5OTk5IF0KL0JvcmRlciBbMCAwIDBdCi9EZXN0IC9m aWxlIzNhIzJmIzJmIzJmdmFyIzJmdG1wIzJmQ0dJdGVtcDUwNzI5LmRpciMyZmRyYWZ0IzJkaWV0 ZiMyZG9hdXRoIzJkdjIuaHRtbC5odG1sIzIzcGFyYW1ldGVycyMyZHJlZ2lzdHJ5Cj4+CmVuZG9i agoxMTIgMCBvYmoKPDwKL1R5cGUgL0Fubm90Ci9TdWJ0eXBlIC9MaW5rCi9SZWN0IFsxMDguOTU5 OTk5ICA3ODAuMDc5OTk5ICAxNDcuMzU5OTk5ICA3OTAuNjM5OTk5IF0KL0JvcmRlciBbMCAwIDBd Ci9EZXN0IC9maWxlIzNhIzJmIzJmIzJmdmFyIzJmdG1wIzJmQ0dJdGVtcDUwNzI5LmRpciMyZmRy YWZ0IzJkaWV0ZiMyZG9hdXRoIzJkdjIuaHRtbC5odG1sIzIzYW5jaG9yNDkKPj4KZW5kb2JqCjEx MyAwIG9iago8PAovVHlwZSAvQW5ub3QKL1N1YnR5cGUgL0xpbmsKL1JlY3QgWzEwOC45NTk5OTkg IDc2OC41NTk5OTkgIDE0Ny4zNTk5OTkgIDc3OS4xMTk5OTkgXQovQm9yZGVyIFswIDAgMF0KL0Rl c3QgL2ZpbGUjM2EjMmYjMmYjMmZ2YXIjMmZ0bXAjMmZDR0l0ZW1wNTA3MjkuZGlyIzJmZHJhZnQj MmRpZXRmIzJkb2F1dGgjMmR2Mi5odG1sLmh0bWwjMjNhbmNob3I1MAo+PgplbmRvYmoKMTE0IDAg b2JqCjw8Ci9UeXBlIC9Bbm5vdAovU3VidHlwZSAvTGluawovUmVjdCBbOTMuNTk5OTk5OSAgNzU3 LjAzOTk5OSAgMTIxLjQzOTk5OSAgNzY3LjU5OTk5OSBdCi9Cb3JkZXIgWzAgMCAwXQovRGVzdCAv ZmlsZSMzYSMyZiMyZiMyZnZhciMyZnRtcCMyZkNHSXRlbXA1MDcyOS5kaXIjMmZkcmFmdCMyZGll dGYjMmRvYXV0aCMyZHYyLmh0bWwuaHRtbCMyM3Jlc3BvbnNlIzJkdHlwZSMyZHJlZ2lzdHJ5Cj4+ CmVuZG9iagoxMTUgMCBvYmoKPDwKL1R5cGUgL0Fubm90Ci9TdWJ0eXBlIC9MaW5rCi9SZWN0IFsx MDguOTU5OTk5ICA3NDUuNTE5OTk5ICAxNDcuMzU5OTk5ICA3NTYuMDc5OTk5IF0KL0JvcmRlciBb MCAwIDBdCi9EZXN0IC9maWxlIzNhIzJmIzJmIzJmdmFyIzJmdG1wIzJmQ0dJdGVtcDUwNzI5LmRp ciMyZmRyYWZ0IzJkaWV0ZiMyZG9hdXRoIzJkdjIuaHRtbC5odG1sIzIzYW5jaG9yNTEKPj4KZW5k b2JqCjExNiAwIG9iago8PAovVHlwZSAvQW5ub3QKL1N1YnR5cGUgL0xpbmsKL1JlY3QgWzEwOC45 NTk5OTkgIDczNCAgMTQ3LjM1OTk5OSAgNzQ0LjU1OTk5OSBdCi9Cb3JkZXIgWzAgMCAwXQovRGVz dCAvZmlsZSMzYSMyZiMyZiMyZnZhciMyZnRtcCMyZkNHSXRlbXA1MDcyOS5kaXIjMmZkcmFmdCMy ZGlldGYjMmRvYXV0aCMyZHYyLmh0bWwuaHRtbCMyM2FuY2hvcjUyCj4+CmVuZG9iagoxMTcgMCBv YmoKPDwKL1R5cGUgL0Fubm90Ci9TdWJ0eXBlIC9MaW5rCi9SZWN0IFs5My41OTk5OTk5ICA3MjIu NDc5OTk5ICAxMjEuNDM5OTk5ICA3MzMuMDM5OTk5IF0KL0JvcmRlciBbMCAwIDBdCi9EZXN0IC9m aWxlIzNhIzJmIzJmIzJmdmFyIzJmdG1wIzJmQ0dJdGVtcDUwNzI5LmRpciMyZmRyYWZ0IzJkaWV0 ZiMyZG9hdXRoIzJkdjIuaHRtbC5odG1sIzIzZXJyb3IjMmRyZWdpc3RyeQo+PgplbmRvYmoKMTE4 IDAgb2JqCjw8Ci9UeXBlIC9Bbm5vdAovU3VidHlwZSAvTGluawovUmVjdCBbMTA4Ljk1OTk5OSAg NzEwLjk1OTk5OSAgMTQ3LjM1OTk5OSAgNzIxLjUxOTk5OSBdCi9Cb3JkZXIgWzAgMCAwXQovRGVz dCAvZmlsZSMzYSMyZiMyZiMyZnZhciMyZnRtcCMyZkNHSXRlbXA1MDcyOS5kaXIjMmZkcmFmdCMy ZGlldGYjMmRvYXV0aCMyZHYyLmh0bWwuaHRtbCMyM2FuY2hvcjUzCj4+CmVuZG9iagoxMTkgMCBv YmoKPDwKL1R5cGUgL0Fubm90Ci9TdWJ0eXBlIC9MaW5rCi9SZWN0IFs3OC4yMzk5OTk5ICA2OTku NDM5OTk5ICA5NS41MTk5OTk5ICA3MDkuOTk5OTk5IF0KL0JvcmRlciBbMCAwIDBdCi9EZXN0IC9m aWxlIzNhIzJmIzJmIzJmdmFyIzJmdG1wIzJmQ0dJdGVtcDUwNzI5LmRpciMyZmRyYWZ0IzJkaWV0 ZiMyZG9hdXRoIzJkdjIuaHRtbC5odG1sIzIzcmZjLnJlZmVyZW5jZXMxCj4+CmVuZG9iagoxMjAg MCBvYmoKPDwKL1R5cGUgL0Fubm90Ci9TdWJ0eXBlIC9MaW5rCi9SZWN0IFs5My41OTk5OTk5ICA2 ODcuOTE5OTk5ICAxMjEuNDM5OTk5ICA2OTguNDc5OTk5IF0KL0JvcmRlciBbMCAwIDBdCi9EZXN0 IC9maWxlIzNhIzJmIzJmIzJmdmFyIzJmdG1wIzJmQ0dJdGVtcDUwNzI5LmRpciMyZmRyYWZ0IzJk aWV0ZiMyZG9hdXRoIzJkdjIuaHRtbC5odG1sIzIzcmZjLnJlZmVyZW5jZXMxCj4+CmVuZG9iagox MjEgMCBvYmoKPDwKL1R5cGUgL0Fubm90Ci9TdWJ0eXBlIC9MaW5rCi9SZWN0IFs5My41OTk5OTk5 ICA2NzYuMzk5OTk5ICAxMjEuNDM5OTk5ICA2ODYuOTU5OTk5IF0KL0JvcmRlciBbMCAwIDBdCi9E ZXN0IC9maWxlIzNhIzJmIzJmIzJmdmFyIzJmdG1wIzJmQ0dJdGVtcDUwNzI5LmRpciMyZmRyYWZ0 IzJkaWV0ZiMyZG9hdXRoIzJkdjIuaHRtbC5odG1sIzIzcmZjLnJlZmVyZW5jZXMyCj4+CmVuZG9i agoxMjIgMCBvYmoKPDwKL1R5cGUgL0Fubm90Ci9TdWJ0eXBlIC9MaW5rCi9SZWN0IFs3OC4yMzk5 OTk5ICA2NjQuODc5OTk5ICAxNDcuMzYwMDAwICA2NzUuNDM5OTk5IF0KL0JvcmRlciBbMCAwIDBd Ci9EZXN0IC9maWxlIzNhIzJmIzJmIzJmdmFyIzJmdG1wIzJmQ0dJdGVtcDUwNzI5LmRpciMyZmRy YWZ0IzJkaWV0ZiMyZG9hdXRoIzJkdjIuaHRtbC5odG1sIzIzYW5jaG9yNTYKPj4KZW5kb2JqCjEy MyAwIG9iago8PAovVHlwZSAvQW5ub3QKL1N1YnR5cGUgL0xpbmsKL1JlY3QgWzkzLjU5OTk5OTkg IDY1My4zNTk5OTkgIDExNS42Nzk5OTkgIDY2My45MTk5OTkgXQovQm9yZGVyIFswIDAgMF0KL0Rl c3QgL2ZpbGUjM2EjMmYjMmYjMmZ2YXIjMmZ0bXAjMmZDR0l0ZW1wNTA3MjkuZGlyIzJmZHJhZnQj MmRpZXRmIzJkb2F1dGgjMmR2Mi5odG1sLmh0bWwjMjNhbmNob3I1Nwo+PgplbmRvYmoKMTI0IDAg b2JqCjw8Ci9UeXBlIC9Bbm5vdAovU3VidHlwZSAvTGluawovUmVjdCBbOTMuNTk5OTk5OSAgNjQx LjgzOTk5OSAgMTE1LjY3OTk5OSAgNjUyLjM5OTk5OSBdCi9Cb3JkZXIgWzAgMCAwXQovRGVzdCAv ZmlsZSMzYSMyZiMyZiMyZnZhciMyZnRtcCMyZkNHSXRlbXA1MDcyOS5kaXIjMmZkcmFmdCMyZGll dGYjMmRvYXV0aCMyZHYyLmh0bWwuaHRtbCMyM2FuY2hvcjU4Cj4+CmVuZG9iagoxMjUgMCBvYmoK PDwKL1R5cGUgL0Fubm90Ci9TdWJ0eXBlIC9MaW5rCi9SZWN0IFs5My41OTk5OTk5ICA2MzAuMzE5 OTk5ICAxMTUuNjc5OTk5ICA2NDAuODc5OTk5IF0KL0JvcmRlciBbMCAwIDBdCi9EZXN0IC9maWxl IzNhIzJmIzJmIzJmdmFyIzJmdG1wIzJmQ0dJdGVtcDUwNzI5LmRpciMyZmRyYWZ0IzJkaWV0ZiMy ZG9hdXRoIzJkdjIuaHRtbC5odG1sIzIzYW5jaG9yNTkKPj4KZW5kb2JqCjEyNiAwIG9iago8PAov VHlwZSAvQW5ub3QKL1N1YnR5cGUgL0xpbmsKL1JlY3QgWzkzLjU5OTk5OTkgIDYxOC43OTk5OTkg IDExNS42Nzk5OTkgIDYyOS4zNTk5OTkgXQovQm9yZGVyIFswIDAgMF0KL0Rlc3QgL2ZpbGUjM2Ej MmYjMmYjMmZ2YXIjMmZ0bXAjMmZDR0l0ZW1wNTA3MjkuZGlyIzJmZHJhZnQjMmRpZXRmIzJkb2F1 dGgjMmR2Mi5odG1sLmh0bWwjMjNhbmNob3I2MAo+PgplbmRvYmoKMTI3IDAgb2JqCjw8Ci9UeXBl IC9Bbm5vdAovU3VidHlwZSAvTGluawovUmVjdCBbOTMuNTk5OTk5OSAgNjA3LjI3OTk5OSAgMTE1 LjY3OTk5OSAgNjE3LjgzOTk5OSBdCi9Cb3JkZXIgWzAgMCAwXQovRGVzdCAvZmlsZSMzYSMyZiMy ZiMyZnZhciMyZnRtcCMyZkNHSXRlbXA1MDcyOS5kaXIjMmZkcmFmdCMyZGlldGYjMmRvYXV0aCMy ZHYyLmh0bWwuaHRtbCMyM2FuY2hvcjYxCj4+CmVuZG9iagoxMjggMCBvYmoKPDwKL1R5cGUgL0Fu bm90Ci9TdWJ0eXBlIC9MaW5rCi9SZWN0IFs5My41OTk5OTk5ICA1OTUuNzU5OTk5ICAxMTUuNjc5 OTk5ICA2MDYuMzE5OTk5IF0KL0JvcmRlciBbMCAwIDBdCi9EZXN0IC9maWxlIzNhIzJmIzJmIzJm dmFyIzJmdG1wIzJmQ0dJdGVtcDUwNzI5LmRpciMyZmRyYWZ0IzJkaWV0ZiMyZG9hdXRoIzJkdjIu aHRtbC5odG1sIzIzYW5jaG9yNjIKPj4KZW5kb2JqCjEyOSAwIG9iago8PAovVHlwZSAvQW5ub3QK L1N1YnR5cGUgL0xpbmsKL1JlY3QgWzkzLjU5OTk5OTkgIDU4NC4yNDAwMDAgIDExNS42Nzk5OTkg IDU5NC43OTk5OTkgXQovQm9yZGVyIFswIDAgMF0KL0Rlc3QgL2ZpbGUjM2EjMmYjMmYjMmZ2YXIj MmZ0bXAjMmZDR0l0ZW1wNTA3MjkuZGlyIzJmZHJhZnQjMmRpZXRmIzJkb2F1dGgjMmR2Mi5odG1s Lmh0bWwjMjNhbmNob3I2Mwo+PgplbmRvYmoKMTMwIDAgb2JqCjw8Ci9UeXBlIC9Bbm5vdAovU3Vi dHlwZSAvTGluawovUmVjdCBbOTMuNTk5OTk5OSAgNTcyLjcxOTk5OSAgMTE1LjY3OTk5OSAgNTgz LjI3OTk5OSBdCi9Cb3JkZXIgWzAgMCAwXQovRGVzdCAvZmlsZSMzYSMyZiMyZiMyZnZhciMyZnRt cCMyZkNHSXRlbXA1MDcyOS5kaXIjMmZkcmFmdCMyZGlldGYjMmRvYXV0aCMyZHYyLmh0bWwuaHRt bCMyM2FuY2hvcjY0Cj4+CmVuZG9iagoxMzEgMCBvYmoKPDwKL1R5cGUgL0Fubm90Ci9TdWJ0eXBl IC9MaW5rCi9SZWN0IFs5My41OTk5OTk5ICA1NjEuMTk5OTk5ICAxMTUuNjc5OTk5ICA1NzEuNzU5 OTk5IF0KL0JvcmRlciBbMCAwIDBdCi9EZXN0IC9maWxlIzNhIzJmIzJmIzJmdmFyIzJmdG1wIzJm Q0dJdGVtcDUwNzI5LmRpciMyZmRyYWZ0IzJkaWV0ZiMyZG9hdXRoIzJkdjIuaHRtbC5odG1sIzIz YW5jaG9yNjUKPj4KZW5kb2JqCjEzMiAwIG9iago8PAovVHlwZSAvQW5ub3QKL1N1YnR5cGUgL0xp bmsKL1JlY3QgWzkzLjU5OTk5OTkgIDU0OS42Nzk5OTkgIDEyMi4zOTk5OTkgIDU2MC4yMzk5OTkg XQovQm9yZGVyIFswIDAgMF0KL0Rlc3QgL2ZpbGUjM2EjMmYjMmYjMmZ2YXIjMmZ0bXAjMmZDR0l0 ZW1wNTA3MjkuZGlyIzJmZHJhZnQjMmRpZXRmIzJkb2F1dGgjMmR2Mi5odG1sLmh0bWwjMjNhbmNo b3I2Ngo+PgplbmRvYmoKMTMzIDAgb2JqCjw8Ci9UeXBlIC9Bbm5vdAovU3VidHlwZSAvTGluawov UmVjdCBbOTMuNTk5OTk5OSAgNTM4LjE1OTk5OSAgMTIyLjM5OTk5OSAgNTQ4LjcxOTk5OSBdCi9C b3JkZXIgWzAgMCAwXQovRGVzdCAvZmlsZSMzYSMyZiMyZiMyZnZhciMyZnRtcCMyZkNHSXRlbXA1 MDcyOS5kaXIjMmZkcmFmdCMyZGlldGYjMmRvYXV0aCMyZHYyLmh0bWwuaHRtbCMyM2FuY2hvcjY3 Cj4+CmVuZG9iagoxMzQgMCBvYmoKPDwKL1R5cGUgL0Fubm90Ci9TdWJ0eXBlIC9MaW5rCi9SZWN0 IFs5My41OTk5OTk5ICA1MjYuNjM5OTk5ICAxMjIuMzk5OTk5ICA1MzcuMTk5OTk5IF0KL0JvcmRl ciBbMCAwIDBdCi9EZXN0IC9maWxlIzNhIzJmIzJmIzJmdmFyIzJmdG1wIzJmQ0dJdGVtcDUwNzI5 LmRpciMyZmRyYWZ0IzJkaWV0ZiMyZG9hdXRoIzJkdjIuaHRtbC5odG1sIzIzYW5jaG9yNjgKPj4K ZW5kb2JqCjEzNSAwIG9iago8PAovVHlwZSAvQW5ub3QKL1N1YnR5cGUgL0xpbmsKL1JlY3QgWzkz LjU5OTk5OTkgIDUxNS4xMjAwMDAgIDEyMi4zOTk5OTkgIDUyNS42Nzk5OTkgXQovQm9yZGVyIFsw IDAgMF0KL0Rlc3QgL2ZpbGUjM2EjMmYjMmYjMmZ2YXIjMmZ0bXAjMmZDR0l0ZW1wNTA3MjkuZGly IzJmZHJhZnQjMmRpZXRmIzJkb2F1dGgjMmR2Mi5odG1sLmh0bWwjMjNhbmNob3I2OQo+PgplbmRv YmoKMTM2IDAgb2JqCjw8Ci9UeXBlIC9Bbm5vdAovU3VidHlwZSAvTGluawovUmVjdCBbOTMuNTk5 OTk5OSAgNTAzLjU5OTk5OSAgMTIyLjM5OTk5OSAgNTE0LjE1OTk5OSBdCi9Cb3JkZXIgWzAgMCAw XQovRGVzdCAvZmlsZSMzYSMyZiMyZiMyZnZhciMyZnRtcCMyZkNHSXRlbXA1MDcyOS5kaXIjMmZk cmFmdCMyZGlldGYjMmRvYXV0aCMyZHYyLmh0bWwuaHRtbCMyM2FuY2hvcjcwCj4+CmVuZG9iagox MzcgMCBvYmoKPDwKL1R5cGUgL0Fubm90Ci9TdWJ0eXBlIC9MaW5rCi9SZWN0IFs5My41OTk5OTk5 ICA0OTIuMDc5OTk5ICAxMjIuMzk5OTk5ICA1MDIuNjM5OTk5IF0KL0JvcmRlciBbMCAwIDBdCi9E ZXN0IC9maWxlIzNhIzJmIzJmIzJmdmFyIzJmdG1wIzJmQ0dJdGVtcDUwNzI5LmRpciMyZmRyYWZ0 IzJkaWV0ZiMyZG9hdXRoIzJkdjIuaHRtbC5odG1sIzIzYW5jaG9yNzEKPj4KZW5kb2JqCjEzOCAw IG9iago8PAovVHlwZSAvQW5ub3QKL1N1YnR5cGUgL0xpbmsKL1JlY3QgWzkzLjU5OTk5OTkgIDQ4 MC41NTk5OTkgIDEyMi4zOTk5OTkgIDQ5MS4xMTk5OTkgXQovQm9yZGVyIFswIDAgMF0KL0Rlc3Qg L2ZpbGUjM2EjMmYjMmYjMmZ2YXIjMmZ0bXAjMmZDR0l0ZW1wNTA3MjkuZGlyIzJmZHJhZnQjMmRp ZXRmIzJkb2F1dGgjMmR2Mi5odG1sLmh0bWwjMjNhbmNob3I3Mgo+PgplbmRvYmoKMTM5IDAgb2Jq Cjw8Ci9UeXBlIC9Bbm5vdAovU3VidHlwZSAvTGluawovUmVjdCBbOTMuNTk5OTk5OSAgNDY5LjAz OTk5OSAgMTIyLjM5OTk5OSAgNDc5LjU5OTk5OSBdCi9Cb3JkZXIgWzAgMCAwXQovRGVzdCAvZmls ZSMzYSMyZiMyZiMyZnZhciMyZnRtcCMyZkNHSXRlbXA1MDcyOS5kaXIjMmZkcmFmdCMyZGlldGYj MmRvYXV0aCMyZHYyLmh0bWwuaHRtbCMyM2FuY2hvcjczCj4+CmVuZG9iagoxNDAgMCBvYmoKPDwK L1R5cGUgL0Fubm90Ci9TdWJ0eXBlIC9MaW5rCi9SZWN0IFs5My41OTk5OTk5ICA0NTcuNTE5OTk5 ICAxMjIuMzk5OTk5ICA0NjguMDc5OTk5IF0KL0JvcmRlciBbMCAwIDBdCi9EZXN0IC9maWxlIzNh IzJmIzJmIzJmdmFyIzJmdG1wIzJmQ0dJdGVtcDUwNzI5LmRpciMyZmRyYWZ0IzJkaWV0ZiMyZG9h dXRoIzJkdjIuaHRtbC5odG1sIzIzYW5jaG9yNzQKPj4KZW5kb2JqCjE0MSAwIG9iago8PAovVHlw ZSAvQW5ub3QKL1N1YnR5cGUgL0xpbmsKL1JlY3QgWzc4LjIzOTk5OTkgIDQ0NS45OTk5OTkgIDE0 Ny4zNjAwMDAgIDQ1Ni41NTk5OTkgXQovQm9yZGVyIFswIDAgMF0KL0Rlc3QgL2ZpbGUjM2EjMmYj MmYjMmZ2YXIjMmZ0bXAjMmZDR0l0ZW1wNTA3MjkuZGlyIzJmZHJhZnQjMmRpZXRmIzJkb2F1dGgj MmR2Mi5odG1sLmh0bWwjMjNhbmNob3I3NQo+PgplbmRvYmoKMTQyIDAgb2JqCjw8Ci9UeXBlIC9B bm5vdAovU3VidHlwZSAvTGluawovUmVjdCBbNzguMjM5OTk5OSAgNDM0LjQ3OTk5OSAgMTQ3LjM2 MDAwMCAgNDQ1LjAzOTk5OSBdCi9Cb3JkZXIgWzAgMCAwXQovRGVzdCAvZmlsZSMzYSMyZiMyZiMy ZnZhciMyZnRtcCMyZkNHSXRlbXA1MDcyOS5kaXIjMmZkcmFmdCMyZGlldGYjMmRvYXV0aCMyZHYy Lmh0bWwuaHRtbCMyM2FuY2hvcjc2Cj4+CmVuZG9iagoxNDMgMCBvYmoKPDwKL1R5cGUgL0Fubm90 Ci9TdWJ0eXBlIC9MaW5rCi9SZWN0IFs3OC4yMzk5OTk5ICA0MjIuOTU5OTk5ICA4My4wMzk5OTk5 ICA0MzMuNTE5OTk5IF0KL0JvcmRlciBbMCAwIDBdCi9EZXN0IC9maWxlIzNhIzJmIzJmIzJmdmFy IzJmdG1wIzJmQ0dJdGVtcDUwNzI5LmRpciMyZmRyYWZ0IzJkaWV0ZiMyZG9hdXRoIzJkdjIuaHRt bC5odG1sIzIzcmZjLmF1dGhvcnMKPj4KZW5kb2JqCjE0NCAwIG9iago8PAovVHlwZSAvQW5ub3QK L1N1YnR5cGUgL0xpbmsKL1JlY3QgWzUyMi43MjAwMDAgIDM2Ny4yNzk5OTkgIDU0My44NDAwMDAg IDM3NC45NTk5OTkgXQovQm9yZGVyIFswIDAgMF0KL0Rlc3QgL2ZpbGUjM2EjMmYjMmYjMmZ2YXIj MmZ0bXAjMmZDR0l0ZW1wNTA3MjkuZGlyIzJmZHJhZnQjMmRpZXRmIzJkb2F1dGgjMmR2Mi5odG1s Lmh0bWwjMjN0b2MKPj4KZW5kb2JqCjEwNyAwIG9iago8PAovVHlwZSAvUGFnZQovUGFyZW50IDIg MCBSCi9Db250ZW50cyAxNDUgMCBSCi9SZXNvdXJjZXMgMTQ3IDAgUgovQW5ub3RzIDE0OCAwIFIK L01lZGlhQm94IFswIDAgNTk1IDg0Ml0KPj4KZW5kb2JqCjE0NyAwIG9iago8PAovQ29sb3JTcGFj ZSA8PAovUENTcCA0IDAgUgovQ1NwIC9EZXZpY2VSR0IKL0NTcGcgL0RldmljZUdyYXkKPj4KL0V4 dEdTdGF0ZSA8PAovR1NhIDMgMCBSCj4+Ci9QYXR0ZXJuIDw8Cj4+Ci9Gb250IDw8Ci9GNiA2IDAg UgovRjkgOSAwIFIKL0YxMCAxMCAwIFIKPj4KL1hPYmplY3QgPDwKPj4KPj4KZW5kb2JqCjE0OCAw IG9iagpbIDExMCAwIFIgMTExIDAgUiAxMTIgMCBSIDExMyAwIFIgMTE0IDAgUiAxMTUgMCBSIDEx NiAwIFIgMTE3IDAgUiAxMTggMCBSIDExOSAwIFIgMTIwIDAgUiAxMjEgMCBSIDEyMiAwIFIgMTIz IDAgUiAxMjQgMCBSIDEyNSAwIFIgMTI2IDAgUiAxMjcgMCBSIDEyOCAwIFIgMTI5IDAgUiAxMzAg MCBSIDEzMSAwIFIgMTMyIDAgUiAxMzMgMCBSIDEzNCAwIFIgMTM1IDAgUiAxMzYgMCBSIDEzNyAw IFIgMTM4IDAgUiAxMzkgMCBSIDE0MCAwIFIgMTQxIDAgUiAxNDIgMCBSIDE0MyAwIFIgMTQ0IDAg UiBdCmVuZG9iagoxNDUgMCBvYmoKPDwKL0xlbmd0aCAxNDYgMCBSCi9GaWx0ZXIgL0ZsYXRlRGVj b2RlCj4+CnN0cmVhbQp4nO1dS2/kuBG+96/QeYHxiKREUUAQYMZrB8ghwGAM5LDIIfBms1jMLOLs IX8/elpSfVIXSVESZfcMdqdNt6RisR5fFYulj3/5+s/k338kH++//id57v69/3pJ79K8bP8kafX3 w3hAmjsl0/pPYoS600Uz+vz98pK8XL5cvlT/f7kI3VzY/VP9sn9E2vz94/n3y8f24Zd25Ov936pP /0tk8tfqv9+Sn/5RDf7c3a/+wveLKXVFR5oKVf34bfyjkGVFVf25Gk/pj/WXf738/Yfk95oweWca 4kVL4PjHDzIvTVZfqFaR/DJceqdTVUqRa7P4eXxjpTp6sqQQeX5X8VnUU1dZXl1R/cmrcd3OreGB FtldVv0g6bgsmovl+D7fFu5fs+eXEc2l6v4sfp7QPKbNpPX9W5rHzypV/R2kbTI+msvrfb4t3J/S HIjPCzQv0bC0LlvweX6tv0/Hrfg8LxtLsjSluTcDJSiFk27pLEtkRVFlTRKRJ//9V/WQL43qeCio aP6OaWlHFhT05cqFn58uHx91Uk386ZekpeBD+89TS/QHqYVInn5O/lTT9Ofk6bdLbY66AdkMFMOA agbMMJDRb7T3eHiqJu9pcF6uXNjPR83OJ6+mk2ZySkpOadtnoOEAla96xgJnLCp9qwhXd3njhr5f KgUfD3y7fLUS2bnHXWfwlZtdZXVN8YTXeTPpcuACDGjKJ+9vHCJc9ZK4SZdImwGRDiOSTEjBV9LH ZiQbrgGVK5sBPQx8IgPinvINLqFPST/TSwwdgPlKQhjMTjy0sxtN5hFYIuh8WeK75zRSsNJW5MWu em5qNc/NoOZSjgfiU3NDuOSu5SKLSYcrfjuuOgj5JyrkVOrxHq0GCzFcU4La/8hKPX0w2psclAt0 iTUVMzoLE1xQyGuPASMWjbGU98GsSXFW5FFQ5FFEjzyKFchjySbFjTwcpOuGPKJHHmY98jjGVhhD bIWJF750tsJsgF9iRTitrXCRroIqJOgfqCyr1AgrqLLFY7M6AHAFm3RJjvFzeaPFgyT+EhXK3Ih0 PTRxDXREqqaBzjAQn6UwhEsehgKW8/BAx2nVzxToBLkrqDA1DGhcPlMe7QJ3lGIvuQfbCXAHHwyk sQbJx2iDRbYhjVKCN+GFkQo02PkZSMje9WgvFcIXiJNCTyEI9BwG4nMoLfQc8TqcR4k6THWRrluY GnuYKtRJU1pCkZTWMBCtrVAboM+ow1Qn6bqFqfSSNximZvvvx4mM7McNA/FZCkO45G4oZBqTGWjD VJdVP1GYCnGbyjmt57UPLYc7UuF34zDkhOAYBvh4OjZbGsJi6bMCJE0Bko4eIOkVAGnJ7sUdTDlI 1y2Y2j6YslQwXetXMcAKY8Y/x6derSUrFlFFVKFDxcwJsSEUQyrWD4PU8zj5gZXYcMC5PGB/p6T7 O2W8HsQQLtmKeKzuoQXODqsuHyjo5QHbjEV1t/XykVODd6mxMt0/1JUpCXWHgUg1dsQld42Nym21 Guu06mzGC5TgptLrVNoB30k5jp8mA/HpUmtxZO8tMN0xg5QtNkf5bWgQHUyBWGzuHxqHTVlnATf5 XBLGYTZV1x6pW1wPSPR8AlLAHlAVkoJ+g04QokhlWDiCz4UUHJ9Q0vQSD4OIPPpMr4ElRjbOTJAS p+65+Uh6CW4C8FJB+dqpYAgMow7AMGqEYapVGw3EZ3fNlEuLpi3WKENkjqusWp0dHQcF/ws7bJCC crd86oE+FjJOYAqR1LNpX75/zC9zRbQvjxf1mCmXLLQvroih1T6HVY5F+yyq9ShhFtAeHnt6BdYH uE9N3aeO3X1qB/cZVxF2q8AOq4wizarFTuW16GGpoviU155fhc0BPthQH2xi98HGwQfHVaDSqrDD KoNI444q+D6qn+9Cc8oDnF9JnV8Zu/MrHZyfBMh0vOY4rLKF5rDyyefETq84SuzvcpQgLmcYiFRx Bi7ZKE58YZ/LKnugRotMvcVNwJHxeRk+pws7BqdXWLm/p1OSeLphIFaFlS6eLr4wz2WV0dOxO50e 5bbnV5wAnfycFSejni7iJnxmyiUbxYGi9eMVx2GVd1Ic8Fp4vJpNw/AZTky9YuYmQCXt+c3AAU36 VE79Z+xN+gYu2ZgBgGHHmwGHVT7KDLxH8Bqgp52z8o3b0Uk1HohV+QoHHwxb/KqISRsrhrstO8j4 zDET/syIxx7/bQeiXqkAjeScFXTcA65R0Ih7wJkpl7xqcKIqymkV1GHZ+bIAdIY84j295mQH9ETL UuLasth7og1c8tGcuApqGs1xWXYEmmxxrHXBuVke4F0dKCzU5PJ1POdX4ACNrJwVWBDXl0Xcg8pM ueSlwFFlWlsFdlh2lPFNNOkGTWf1M0DzKGf9VNTBRtz3yUy55KOfcVXLtPrpsOx8JgcODM1kSd23 Li1cLtsd8/z6eUC3pSyj/jP2bksDl7z0M6qanFY/HZYdZZw96mWRi4XyU4+XkJxf+wJ0DnLWPk29 Y8RNf8yUS17aF2H46bDs6B0RNYLqsNGlaNPNQg4P5lt3vb3jU5lDC5lg+ldQ7xdxVyAz5ZKX/kUY PTosu0dhHbZk8DjBQYs0bvkgO40+oAlSVlKPGnsTpIFLXhodVQFRq9EOyx7zqxTifXvf/obAoRFL Pm5qlE8G4tPAxk7l6bJPjagRC/a0OL4RS+7QP2nGvPGdTICTcDYL0DP2lOSr7Wc6wFi0s1zXmttF p2hzozz25kb5OZobzbRoP16nHJobqZbaq10EYUcUUkYhJBt9UgmkeTS3ZSPhcetoF40ata0p5Pjn WBXqteuLejxOQgs5IcXL6G/xajCQpCylCNCCMrQoOOIRPrIZ2bFXGKRFpt2fxc9TceS/byGibg9t ZKVMRD4nK7LumK1fjVmHUaEAf7REGTcgaQtGsQAYcipukDobcR+alNH6T/HjPJoePeWBkr7wJpNN tbaS03m1zWu11bnq2djqk6LEmStLATOm/b9TMOb8PR7oAGzLl/Smj4R0vCl8g64ezhYeW9B70LkI SAXDJUAH2AGgg86ls4TQT6W4wnXK025H2uUSXDkIJwtWI1j54KcPLASuI2EhxAEWu3tBybWbgKAu pPmHe0gap2yidPsIKpIOMrWww39NpoAOkH5QGPgGK8oWtg8uAZ6CXLKkL1Fql3ddtvSFmZh6fh14 puI9eL2Ee8BjyyDTbRybNitmC74dxJDelF9tEKEuvzC6B311LZLOgw6YnPcyXJP+SHiqFmL3bPmx +8Cag3yyoHi6S+C62L4Tu3F4rARKgWNQfcCDSfamp5OgtRY3T6cml4oQTibA0llzOYg/MWu85y7+ BE0dlW1US1ZAFISFLJpC0nmO8UjZ3aLwERzOhU0/+ITJsPqw2Oz0LcKxhSTHNRPjjjfQxIAi83Px UGRYW5aFGCbDbMHBwPQhlHB3p/BYHGCDr31CXJ84KeKgRxOz7a4f7yJOKmOLk+Ap++REYpn+Pm7d Am4CC3lzyXMMJsei7beNN04TjpzZRy+AurXmU5RT+ylYDQLTv4VsW2ADdz3lo1Gf4HNBYUL4tUKo RZliUS6mUQCiLWzoCpfF5dPOfCbOAjziRgVvU3bBl2puixsWe9j+nHtNtkwTWaiiqextPpo7kWa5 ToQo209lPVpWP5v2w/NFCH1nyjxTaf8rPb1St/dsvll/zNuvJ9ML8/6eefPN8eOqX7XUvF7Z0/l8 +fXy+Yet9nSFErXsZ8LfJkVjtd93ZGVh5zfZXmPFwWe3wCM1wQdWbFYlCKi5xQ0TOt5ZOjAIUNTE KHelXnyCcOVzO2dQebSl5/I7PaxgWsghvxkAWNI94gf/gU7J3fajhMCAx/4an4YFOticGcaNHkln Nji3qIrhK0v4eAUopYCDj2i6Ku9r/uPToGOrwKcewKeeBZ+6B58awKfuwaeegk89gE89Cz51Dz41 gE/dg089BZ96J/BZ9HZOQVHvFjuYN2y1HluBhWaRtQX6YsvB4rV7b6gkgg9OeGdrAcdgXVjvy9vw g8oqkOs8COKz2KMTKastrHlFdCD9rHMV1DHyQYDFjl2AxD/SwS8ubz89ilQ9QE8khmypnGE9xikH jFPOYpyyxzglYJyyxzjlFOOUA8YpZzFO2WOcEjBO2WOccopxyn0wjklvCbZ24DQJNiwnAzrcFd+i PIbHr+4hJWxPWNQJ84doDi32WAVob2k8V0e5lMYLgk+MeMUnkRe0r51u5W7G041FhjwqaDzSNBal gB41vZGwcB813KkehGcQj4r5rWoPfAF+DCSIP5fmgXPOVgkYxiqr1/0HsIZ8gLvLkUqLpNKZK1Jl ribr4COH/GbCNvUg7olJiywjVNnwR154QwViB7tesfqczcJ3k8k+fDeZmgnfTZa1oXb9YRq+t7/S 0yt1e88ufDdZOhO+V6P9PVMSvje/aqlJx+F7e88dwvesR2xd71mX5Nfbhhv8lij4faCDh/TuGohg ExgEO348k88T4XocUGfRON9Hw+e0D2iDex+NM9caHwrgwwBFLRbnH0ItvaPEtbMz5XR2J9Z+ti7l xDpl0XrE44RQiFJrBM58aRO/Cw7P9djA5y9xbwyA0s+m0C1Uec9z3y6yHe2mXrAgoBiCgGI2CCj6 IKCAIKDog4BiGgQUQxBQzAYBRR8EFBAEFH0QUEyDgGKnIKB4DQKg1xs4MTzc4XGohI+7LQLgEPFu iFzeadzJm973DJLLACcGk3M/kxmidPStq2GIXUu24GVJycKECqVYFCKeh95nC9bSXqgJ7dF4+i1A a5DY4RjhxsnxJtSj2D6uLelVkN2C6zwLzwCEVx4OLkXZ3xRe6JEudP69xjI+ZGHLb3C67p48SF2m R2Wzh7tkXS4PU3xOsXuoFA9k+I1evjEsuE+wKCEC5wBtTn20gd/WhclBXnGfnr7gCoFjIDAenbpC 5KJ4VfeInXbpuLhNtR4s9kJBUxD3obLFx+6DjI7p34yT84m2dgEtR8VjkZQS7NREapNuiZsgsltf dU7I3AvaIusXyG+xBbH9WWnN9aPKhjwyayFALZ9YiCUIvtlxxqCESDyxYYDFZulNYNYKzD5txPfZ gPfon7dNoiFc+9VSZ0sMssiHwuQoyEXUu8sZ2oMKec/faWhVVBTkzRa8kY52LyxWE7xl7BXEBr2+ m5sP1zx8ts/RUw8JiuuVEzc57QbeZcO4wNWeuwTN59kYjUWBDmpUv2WSKYA7Uenw+ncwKHDgk9/A 548xeKSh4nq9n4u54I+5WGxzQT89j3OGPBDgd/k8XtflYeh5s7XF3irPMbS4vPlkIz6LQkSeMD5f yJLu03KAnxwfRlqcdnUnNUjyghdDj4ZXe9qtIM7h9dXfFpt6HhYFHAy/VWR7DPeafNAdqhN7i536 aW6Yl3OK30I0FzpNpftOLyjfpA7rVrvkCC82SfRvc741SFm3lmLqYGz9axC/popFQeWb6Xq8dtHj VPUtLcvwY5eSGIuOkdHWmbgf8tik4Ph9RevnSSH6L+Xqd32mExscWS6zmV31N3mp5ih0Q3X3z/N3 q0O9M+dfvyRfLv8HdR4O02VuZHN0cmVhbQplbmRvYmoKMTQ2IDAgb2JqCjQxNjMKZW5kb2JqCjE1 MSAwIG9iagpbMyAvWFlaIDQ3LjUxOTk5OTkgIAoxNzIuMzk5OTk5ICAwXQplbmRvYmoKMTUyIDAg b2JqClszIC9YWVogNDcuNTE5OTk5OSAgCjU1NS40Mzk5OTkgIDBdCmVuZG9iagoxNTMgMCBvYmoK WzMgL1hZWiA0Ny41MTk5OTk5ICAKMjUwLjE1OTk5OSAgMF0KZW5kb2JqCjE1NCAwIG9iagpbMyAv WFlaIDQ3LjUxOTk5OTkgIAo1MjUuNjc5OTk5ICAwXQplbmRvYmoKMTU1IDAgb2JqClszIC9YWVog NDcuNTE5OTk5OSAgCjIyMC4zOTk5OTkgIDBdCmVuZG9iagoxNTYgMCBvYmoKPDwKL1R5cGUgL0Fu bm90Ci9TdWJ0eXBlIC9MaW5rCi9SZWN0IFszMDIuODc5OTk5ICA3MTQuNzk5OTk5ICAzNjEuNDM5 OTk5ICA3MjUuMzU5OTk5IF0KL0JvcmRlciBbMCAwIDBdCi9EZXN0IC9maWxlIzNhIzJmIzJmIzJm dmFyIzJmdG1wIzJmQ0dJdGVtcDUwNzI5LmRpciMyZmRyYWZ0IzJkaWV0ZiMyZG9hdXRoIzJkdjIu aHRtbC5odG1sIzIzUkZDMjYxNgo+PgplbmRvYmoKMTU3IDAgb2JqCjw8Ci9UeXBlIC9Bbm5vdAov U3VidHlwZSAvTGluawovUmVjdCBbMTg3LjY4MDAwMCAgNjgxLjE5OTk5OSAgMjQ2LjI0MDAwMCAg NjkxLjc1OTk5OSBdCi9Cb3JkZXIgWzAgMCAwXQovRGVzdCAvZmlsZSMzYSMyZiMyZiMyZnZhciMy ZnRtcCMyZkNHSXRlbXA1MDcyOS5kaXIjMmZkcmFmdCMyZGlldGYjMmRvYXV0aCMyZHYyLmh0bWwu aHRtbCMyM1JGQzU4NDkKPj4KZW5kb2JqCjE1OCAwIG9iago8PAovVHlwZSAvQW5ub3QKL1N1YnR5 cGUgL0xpbmsKL1JlY3QgWzUyMi43MjAwMDAgIDUyMS44Mzk5OTkgIDU0My44NDAwMDAgIDUyOS41 MTk5OTkgXQovQm9yZGVyIFswIDAgMF0KL0Rlc3QgL2ZpbGUjM2EjMmYjMmYjMmZ2YXIjMmZ0bXAj MmZDR0l0ZW1wNTA3MjkuZGlyIzJmZHJhZnQjMmRpZXRmIzJkb2F1dGgjMmR2Mi5odG1sLmh0bWwj MjN0b2MKPj4KZW5kb2JqCjE1OSAwIG9iago8PAovVHlwZSAvQW5ub3QKL1N1YnR5cGUgL0xpbmsK L1JlY3QgWzUyMi43MjAwMDAgIDIxNi41NTk5OTkgIDU0My44NDAwMDAgIDIyNC4yMzk5OTkgXQov Qm9yZGVyIFswIDAgMF0KL0Rlc3QgL2ZpbGUjM2EjMmYjMmYjMmZ2YXIjMmZ0bXAjMmZDR0l0ZW1w NTA3MjkuZGlyIzJmZHJhZnQjMmRpZXRmIzJkb2F1dGgjMmR2Mi5odG1sLmh0bWwjMjN0b2MKPj4K ZW5kb2JqCjE0OSAwIG9iago8PAovVHlwZSAvUGFnZQovUGFyZW50IDIgMCBSCi9Db250ZW50cyAx NjAgMCBSCi9SZXNvdXJjZXMgMTYyIDAgUgovQW5ub3RzIDE2MyAwIFIKL01lZGlhQm94IFswIDAg NTk1IDg0Ml0KPj4KZW5kb2JqCjE2MiAwIG9iago8PAovQ29sb3JTcGFjZSA8PAovUENTcCA0IDAg UgovQ1NwIC9EZXZpY2VSR0IKL0NTcGcgL0RldmljZUdyYXkKPj4KL0V4dEdTdGF0ZSA8PAovR1Nh IDMgMCBSCj4+Ci9QYXR0ZXJuIDw8Cj4+Ci9Gb250IDw8Ci9GNiA2IDAgUgovRjEwIDEwIDAgUgov RjkgOSAwIFIKL0YxNTAgMTUwIDAgUgo+PgovWE9iamVjdCA8PAo+Pgo+PgplbmRvYmoKMTYzIDAg b2JqClsgMTU2IDAgUiAxNTcgMCBSIDE1OCAwIFIgMTU5IDAgUiBdCmVuZG9iagoxNjAgMCBvYmoK PDwKL0xlbmd0aCAxNjEgMCBSCi9GaWx0ZXIgL0ZsYXRlRGVjb2RlCj4+CnN0cmVhbQp4nO1dW4/b uBV+96/Qc4FMRN0sAUWBZJIU6EOBQQL0YdGHItttsZgsOt2H/v1KsseW+Jn+yONDXTzKIBmbsanD w8PvXEm+//PXfyT/+j15//j1P8n34+/Hr7v0IS2bw58kbX/eDRuy+iHP0u5PUpv8odr3rd9/7F6S l93T7qn992Vnqv6Lx1/tf74+Iu1/fv/+2+794eG7Q8vXx7+2r/6XZMlf2r+/Jj/9vW38+dhf94Ef u7qpWjrS1OTt2+fhW5OnZv9Qta/b9tR+233437u//SH5rSMse6h74s2BwOHbd3ndtA3tu/Imkl/O X22pyJvMlFXtfD3sOM+P9BRJUdbZQ9G+rNqh50XZjacjrCib8iHr21seVKboPmQyuz3bd2/69lM/ z47+O/b8MqC5yY9/nK9HNA9oq9K6Y9+B5sGzqiztX9u0jdvPYzn38+zo36ZZic8Oml00uOYlBp8v z/WPMd+8+HxZNlyypMTnpqqKfrkWY3luqn3VfaZtH9FgtZ9oHvTz7OhfTZ6bqm56HCnGstHs055v QNu4fTCWUz/Pjv4j8dlBs4sG17zE4PPluR7JsyefL8uGS5bGNB/Qv1NmrtdDmoP0R2OSvG4nqjR1 YpL//rN97tM0T67K9sl1nRTtX1M1+OxXZd6Aagt7TlEkeZF2NkFiytfHPMnUrOl/hrQcWhxq9uXK Fz9+273/UiUmTb79khwoeHf49e1A9Lu8yNo3Pyd/7Gj6U/Lt111nVBwbsr5hf27I+4b63FDYnzj0 8fnbcfhxOF23eLw+TtdmH4nTQgPt5coX+/GYzoS8NKAya8eTtv8eafnc01K6yTe1Tf4ne4B7u8Hu 1HxiTMKnHLhW2Iyu3XRgHzUdXHN5ss6PNZX9lUdKKTwWSHfISOFm4UzzgvyAx8JX7KdkafBX0g/n JXKrrNcnOkrKMaAD5sUmPYdOH+2JOnzFnDHDfLQ/srdRxX5MZmxCgDJ4rqFCBjJlfwXWh/lgc8gW MoGAAGF5an9iqcsBQejwiebKNFB+5IYxCCkNn/0MUAmYzDsFqKNiiWOxVwPS8cVaHh500K/g8KNA HdARLmOwGqAPxA/7sXypAwu5FKJ8AGHhit9lCdyoC6rW8BwqA5QYwAtugTjkQUVtNaX/+gDSueED E6NhKwGl1Gbj08AtQw+7jyv68NEiskUBQwUWenAMngKUhoPyihF2sfbGNOY3QD83P8HuQRXE3SLO QscSuxVxi2YMuQtZH5NqHGOcbBdIHdoX3C/yMLepRSrRUtAptUlQ2qmG8SBMYwnFCEZsFrrV6QeG htlHNjhBsArl1BYpD5jmyBa+CD1gmj5FIjDUCfYwauN4G2VRjRAVFz8sbW5xUJMd3EAeq4yDOY96 Silz6+QogUeOn/AVri3XG4fe/JEp9An3RzQglzvBQDoMjiMs4Ac49DQyOZOT4wGOwFM+2Q6huxUc zRgdkRAeVwMREiTlVm9dqiipYmkAgvoE5pannDgGKyx+SCih4IJ8cMsIWJjZgsuZzHMugiCigtmL bgCYfXTdcgUTM5R/DT9AYCC/SlmIwK6XTTZV/dqpoUhPMZlrvrmEfxI9L2EQX1HQh/0UADaeovWw z4HJguICQdxtEofOHEg36fkjIP12g/nCej2C0I3LssjL0bp0rf5rpRN8KfOgiMLc4RICoVIyHusx lJUwvZUtRQJ/gw5PxT/nEWHFaESdO1e3wBKmg1NJ/YJQAdjDJ8A2FNj94QUpcVBGoGTkeSjBWr6m /PlMUfNA0fbJjNEEzGlAJ+PBe+DhapahjgbN6nI0u5LsL3AI1CHEL2nNkiBXIaja8IADQWUlDT8I 7MULCdMoZjr1Lz2sci7tICA8HcydZZek3gp/VT5aIWhkC6TK12BQge6sckIXd6BgqkAgYqhDj2Ip UJh8hWCwhBs7NO+KVdF8s4Ig3gR9YGU5MgAmDxYRdRA9Uk0gRPb0SvxjkCoNT04hKIOECcpSaEIL pQzEHcSOJyt5nA8Cbm87SAWGC1qlQClgDJ1KJT1VW2AviMlNqpaKk0exIm+AhyD5/h6YGBtiVcwh wfYlD4+Spuc89hXRZIJkwxNHcrDbaFpMYh4IPAoACF4wNI+prxKj5ruXaKcabpuHt8i3+/HaHl76 BwoEdA5VMd5WnApul/7uRP45WH96+Cga6MhFSJICF4R9NbJNNCJ1gWVRqjlo/onrTx4Yh/raDOLA tieAu3/X5HBNk8OaKA8EAnBHIVmJfwkC4iBdBbr3pyAWKJlw35AHwrz3Qdw4OGOq8egki5nuDPGo M+Nx7nly+Av2sKYBNwBZvocHBheesObGnkeNHIcQj8An3wvAlwwEnLh9zPFQEDzWC2NcW4b85AaB TIGAULvE25FR0Q915Zw5jYNMdOIaUSpR48TkTFWM2BppqfJqf76xPhxDJVs7wD4GIQIFIUgV8DCu oIKHKqoLJSz0gBgMfYVrGY9oGTchNCpnFGBXUu2vUVYtUDKCpCZnkIPrGuCep8Y1lXedwxGUq3kg Cq8ahqWuo1GaYjSXb01RL1bHrCh+IkmezAMZkhovrkH0cDlos8LCyqJm8jFyU/mzXXDK0nIjHRom VngCLlbIrWnGk8ldrPADClbscsQJjmhsc19PBQMyZMuEWJO51EyIyqEOjrS/ihbKXw1oSViXh2jA svF1D66phzdh2d+6n8Hko+n1SDjz0fEaP0H10ULO91qRwbQYtBMcAbactSvIWnF48zjfT1DFxFWE 3jJT0SrFyRxe0ariqppuieRFzx5OJ7fL+XKnVQyRjuTJ8nQ8/3cdUoij3TQ23vpuCA/KuELsi/uY HuUlEbOWt9UnhzvdHkVtGhtt+OF7/GBzei6z4jm0KiqlmtuSHewhP18LdbhAM+0v/Lr8enSdkcfn +WVHgQ/tmdt0t01dwuuuYKw4O4GQILb1KP8Eyglo6wNvjbEn6Iybx0LVa47j44X5AMk6tMS5QKqo ThdITWPleISsePKRJ+wEZm/4se8oJbx4mzsGNum5yjatql8kjT9Urv8enluj4v1FI2V6OpnRXg4a 9zJ5WA7hm3g9tuXwo9MVyl8FZRVx7jLSOMF/qefqSbbbr+YimsXAFDUQ8i9gDwiOSo8SFJyVhzog nDkp07imTSmLWtRjUgUpYcHSFYQAqS+6mCpELro0OYN9aFwZpQDLcc4r4ptWp7kJUuW0st5oLfPS f+bmMVpjnnOuA6DlqVeFpPpcNzhoXBysYQpqbEnZTLDARQdP8TjMbr1+kIq7ER6mVnGMBKczhMsY L/TyoGOiuwWOGFyVznlwWA+3PjfLR8/dQOdmTa9yTAYfS3jKxcNou+coiOB2gavZkVtt1trNIL0r nnVgqbklwBme+Pc4Lnam8+E89nPyul9BEe+GyveLyhrHFMLw+RHtkAnmBmeULZBvIThZGTcP9YKT Ggb3rcPdj4cbpwxWofzkvi/Zm+eQFY84Mz+XLKYxdK2ijdbaSQoIfA97CgqJC0qLJVVw4ZV0Hkcq 8Y1V3NLjJ5Q7HqsD5VeuYVxO0feSN2yYERc9Kna5FPEy4HCsUtmvB2BGMQNv66OJZvQf+NkloJc5 /gtMOcGNywpXlK/YwfTYRsrdOG7JhKsyyVjC73SIkiQ6JgF00L8IGF349YUYPOBRLVu2PRLz3G5V 2jNejFkmOIUpHFI42zVu4cUSzDgXkfahwqosnVJ3T27L6nLm1f7U64pz5hrXiW+Jg1CFKigP0igq mMe9xrmF0KHAQucLiO4Y0hApHAvfL6ngoUugX6HYXMMyjllRowPs9eILypYeSb5GKeQvBDvZ6En7 Girorswrvdth9+Z0N7JGIFnhEFCVmFCUG8RoHIUfEjvXroC7Xg1Lsb7nqY1bf9Gz7jYCvm7RQhNU E0Yx6cEe5Ufc8C0iKhGgqj8mY6AtHBUEKjopq/2ZqnAx6F0dojxNwnjTJ/GxT+fKAW7FTIJkPudM LVYJRbwmfD22wK3I3qQjaJ9rLh2oo6K3itwlMQJRltRgcDjkUjfNKQZcTcF5JJyF4XEDyf6eTfet RPeppEMERQv3l+y4FR1Ncx0e4+x3C695x/1/erfv7suT6kPh5pVwPBIfXqG2dJNjahh6S0eo1SdL zOOANH7gOUiS3ZAd+sA7tiobSQcq35FMaGxRAiPp2rlsIFsZ/Qo8trggFwAKNx7lVjpjMR2aNqkV uB/wABq48zFTAxDGx7I1vKGGxQrurOvF0xwhAGJq/3koFiIPnDDOw9JuAP3HnQCgw5EHHzQ4dOig gTv8Drdx0PCFPhb6ALsxZaNFvwH8akeu9NpXYCqBdH4SKMytguB6jBae4nBOrswtuh5RdGOQP0cA JA+wQNYDIEshbGtYRMMk8mEc53lcAWWEB9AWEfmhAyDFPVogHqe921rKgCnALZDNJBl/glNq04Gd hhscHg2LFdxZ14sOgFSbBbI13HvDFgO5xA8dANnfjwWiw5BmQ9St4d4bNkSNhahF62XcwTpViCob Xia0+XTXR7sUn04SVX5TE6VogRRppmmBwCrEggHHRobbZGqxyLY1LKJhmqiyjQY8ZmwAUKcJM2sC SH6PFoggqpwBbgksEEED1YWY6qS5T8iwYsrVfmwGdMD5SvAUDv3h1kOchsUK7qzrRQdAyi0GsjXc e8MWA7nED6vSu2yOfwBI7P/zqOB2d9ajUuXApLzsbho01atVUxym8lw2fVRSg8pq49g7NfyIfVRF BmdXlOwTxeW4kXSgWdoNtDtVVnOgGVR3f7AbUrvh05WBtj/JSztcU/V0H399/yGtA39Knnb/B8Mo 9UtlbmRzdHJlYW0KZW5kb2JqCjE2MSAwIG9iagozNjAwCmVuZG9iagoxNjUgMCBvYmoKWzQgL1hZ WiA0Ny41MTk5OTk5ICAKMzc0Ljk1OTk5OSAgMF0KZW5kb2JqCjE2NiAwIG9iagpbNCAvWFlaIDQ3 LjUxOTk5OTkgIAoyNTEuMTE5OTk5ICAwXQplbmRvYmoKMTY3IDAgb2JqCls0IC9YWVogNDcuNTE5 OTk5OSAgCjM0NS4xOTk5OTkgIDBdCmVuZG9iagoxNjggMCBvYmoKWzQgL1hZWiA0Ny41MTk5OTk5 ICAKMjIxLjM1OTk5OSAgMF0KZW5kb2JqCjE2OSAwIG9iago8PAovVHlwZSAvQW5ub3QKL1N1YnR5 cGUgL0xpbmsKL1JlY3QgWzIxNi40Nzk5OTkgIDY5My42Nzk5OTkgIDI2Mi41NjAwMDAgIDcwNC4y Mzk5OTkgXQovQm9yZGVyIFswIDAgMF0KL0Rlc3QgL2ZpbGUjM2EjMmYjMmYjMmZ2YXIjMmZ0bXAj MmZDR0l0ZW1wNTA3MjkuZGlyIzJmZHJhZnQjMmRpZXRmIzJkb2F1dGgjMmR2Mi5odG1sLmh0bWwj MjNGaWd1cmUjMmQxCj4+CmVuZG9iagoxNzAgMCBvYmoKPDwKL1R5cGUgL0Fubm90Ci9TdWJ0eXBl IC9MaW5rCi9SZWN0IFsxMzEuMDM5OTk5ICAzODUuNTE5OTk5ICAxNzcuMTIwMDAwICAzOTYuMDc5 OTk5IF0KL0JvcmRlciBbMCAwIDBdCi9EZXN0IC9maWxlIzNhIzJmIzJmIzJmdmFyIzJmdG1wIzJm Q0dJdGVtcDUwNzI5LmRpciMyZmRyYWZ0IzJkaWV0ZiMyZG9hdXRoIzJkdjIuaHRtbC5odG1sIzIz RmlndXJlIzJkMwo+PgplbmRvYmoKMTcxIDAgb2JqCjw8Ci9UeXBlIC9Bbm5vdAovU3VidHlwZSAv TGluawovUmVjdCBbNTIyLjcyMDAwMCAgMzQxLjM1OTk5OSAgNTQzLjg0MDAwMCAgMzQ5LjAzOTk5 OSBdCi9Cb3JkZXIgWzAgMCAwXQovRGVzdCAvZmlsZSMzYSMyZiMyZiMyZnZhciMyZnRtcCMyZkNH SXRlbXA1MDcyOS5kaXIjMmZkcmFmdCMyZGlldGYjMmRvYXV0aCMyZHYyLmh0bWwuaHRtbCMyM3Rv Ywo+PgplbmRvYmoKMTcyIDAgb2JqCjw8Ci9UeXBlIC9Bbm5vdAovU3VidHlwZSAvTGluawovUmVj dCBbNTIyLjcyMDAwMCAgMjE3LjUxOTk5OSAgNTQzLjg0MDAwMCAgMjI1LjE5OTk5OSBdCi9Cb3Jk ZXIgWzAgMCAwXQovRGVzdCAvZmlsZSMzYSMyZiMyZiMyZnZhciMyZnRtcCMyZkNHSXRlbXA1MDcy OS5kaXIjMmZkcmFmdCMyZGlldGYjMmRvYXV0aCMyZHYyLmh0bWwuaHRtbCMyM3RvYwo+PgplbmRv YmoKMTczIDAgb2JqCjw8Ci9UeXBlIC9Bbm5vdAovU3VidHlwZSAvTGluawovUmVjdCBbMTY0LjYz OTk5OSAgMTUwLjMxOTk5OSAgMjIzLjE5OTk5OSAgMTYwLjg3OTk5OSBdCi9Cb3JkZXIgWzAgMCAw XQovRGVzdCAvZmlsZSMzYSMyZiMyZiMyZnZhciMyZnRtcCMyZkNHSXRlbXA1MDcyOS5kaXIjMmZk cmFmdCMyZGlldGYjMmRvYXV0aCMyZHYyLmh0bWwuaHRtbCMyM1JGQzI2MTYKPj4KZW5kb2JqCjE2 NCAwIG9iago8PAovVHlwZSAvUGFnZQovUGFyZW50IDIgMCBSCi9Db250ZW50cyAxNzQgMCBSCi9S ZXNvdXJjZXMgMTc2IDAgUgovQW5ub3RzIDE3NyAwIFIKL01lZGlhQm94IFswIDAgNTk1IDg0Ml0K Pj4KZW5kb2JqCjE3NiAwIG9iago8PAovQ29sb3JTcGFjZSA8PAovUENTcCA0IDAgUgovQ1NwIC9E ZXZpY2VSR0IKL0NTcGcgL0RldmljZUdyYXkKPj4KL0V4dEdTdGF0ZSA8PAovR1NhIDMgMCBSCj4+ Ci9QYXR0ZXJuIDw8Cj4+Ci9Gb250IDw8Ci9GNiA2IDAgUgovRjE1MCAxNTAgMCBSCi9GMTAgMTAg MCBSCi9GOSA5IDAgUgo+PgovWE9iamVjdCA8PAo+Pgo+PgplbmRvYmoKMTc3IDAgb2JqClsgMTY5 IDAgUiAxNzAgMCBSIDE3MSAwIFIgMTcyIDAgUiAxNzMgMCBSIF0KZW5kb2JqCjE3NCAwIG9iago8 PAovTGVuZ3RoIDE3NSAwIFIKL0ZpbHRlciAvRmxhdGVEZWNvZGUKPj4Kc3RyZWFtCnic7V1Lj+M2 Er77V+i8wPSIFEmJwCLATM/MAntYoDEG9hDkEEx2sgi6g+3kkL+/sqy2JX6mi6JKD8vsRtI2RyKL xeJXLz7e/+Prz9mvf2bvH7/+L/vW/n38ussfcm2PP1le/77rFsjqoZD54SerRPFgyqb028vuNXvd Pe2e6v+/7oRpXmz/1P/41kTe/P757ffd+2Pju2PJ18d/1Z/+ymT2z/q/37Iff6oLf2nrOzzwsqus qenIc1HUX5+7X4W0uqak/lyX5+7Xw8P/3f37b9nvB8LkQ9UQL44Edr++08JKe3ixHEXy6/nVtvYD s3yfuxUPos/oTOW6zFRVZVZlf/xn971ufJamrciUqEymRZUJbNnkhZVCm8r7udtyUbQtqazUNn9Q dZOiHu9C6UODea6zsn7zQTbl9cAboZqHpFsuy+aL7Nbz7Kn/IBPfOzTbov3xfu7R3KVNmEYOG5o7 bZl6plQXaOuXd/pyqufZU79LMxOfPTT7aPCNyxR8vjzWL/3yID5flg2fLDHx2RotmjpVX56tMarh p+rT4JSfaO7U8+ypn02erSlNwzfVlw1rqgYAkLZeeacvp3qePfVPxGcPzT4afOMyBZ8vj/VLvzyI z5dlwydLfZrfdLkFzTZMASmVKWNEbRJkQr+pgac4LSua3y4txxKPln298uLH/e79F5OJPNt/z44U vDv+2R+JfqdMKbP9L9nfDzT9kO1/2x1sirZANgXluaBoCqpzgXKfONbxed92fxpOV1LeIKeregZM w+lI++z1yotNf4Su+Vhc7JGtO5TXMNQjpnKpA/qvPbFQgTrzcTRDqmIzDFmejlSwzgLpFgBW3VeB ZAQQux1EHcRD7RRIeKKcZSyhL8YpEHSBOz+Eyw8ogGYl0PHRfQJagYKc7Nws80O4YzuJ4AooIIcB eJpXbsHj4MFe2AIRIlkgqWDrBbPIh/hMznWAhy+DX1mbCyPkFi0QYYdbINA5DgsEFD0oRxAQ0FJu X1DTuVqKfkXCK7ejYCOGYbWCu+h84QEQNcACWa0ryWHWpYLtFqxWcG8gBuKLkktdHvCjNH2un6Pk rXIw52a/OE8UR5+3EyX/5BZ8aAq0q2AgsN4JzmvnCXXsvvK/0tob9qxfPzp1iMLti3UIQ0ofXUo/ k3UAYW5foJXcpRQrhSeADugt8JQcW3wFKi0dJreVBqoxnxbTspZCKZysWKe39NxXrnzQZk7ltlK5 XP/sFkClIOtQh0tYK/zK5WmH65/cVpTLdeitOyuhUmzFta05+IGvQGgK3AK6L+NsJ5/QFXnZlzoY KdKDAZahPADLoHfgBpCtIMuA7REThmY7ObgsE8alA6fDNPKgyqInD/TAAO04UelQraczvIMLoANM RVcbxhIIgydgpAB0ImQbRAi8Ysung2QZPB1AlAMgdjiiLCQOAfqD1lIkCyGjgpTSSglY6IZAoI6i 4BAYYw4Co/VbpblLmHH4UbDYSiJv2i0dC2yUsRQgyoDKNJCRphACiFtp4QaE6YggLTERmIPN0rMQ EJY2BcCVou2raG15DQ1oYD9yXRRXeMhhk5ACgmM5XLGhTUITRoIfsp02lj64rUCzUzhGty/bPIha aW9nZoElHitWaNvrDAo3aU8hQNCWMLyCAAHt0gki2iMDEaERg/RA0PaBKBANdjBDEj6Oxke3FTS5 QMZIVY9PkGBH96W19M6EtYuLrkE7DalAOuT6aHEAVR/hwkMgzTNfWGC5yP0qxeMIrg8eJCg/IAy0 IY82qGyfhxygsz0DYpADSs4YHO3h0BaBZBGKfZKY3wXVTweB6fkAzcCs+8AxYxqvvhBer15+csCf 06svilNntuzVBxgULmH0nJpmgtwV1mE4jjYGhssHxgmhWeAHCAwZOMQ6IqI+5IwKkHU65EuzkERH nNkRszLCnCSVY0TngqPEYwP+VvQhN9Q24oF6FR5u2JITV3xkmJcbAuEAzxCiT+6CEo6ZGzCV6cw9 vaSAISUUoNgiRBsc41lSqPNoXHRhXdsZJWi4eRWg6YCFtP8RKoVjzX5h+6DsoYwH+80A4Bpux+Dc pkcXtAM0S48dGWmexGiNCJzNhFMR7gYJ9QHpb4iKkZ1bravAAVwpq8Y/59Y++jwoXZ5yaLRmoxGW DFYHGMIR6MixWogO6EUIN4s5OdxGxexFRHLvdmJxEXnJRbPf94qowascJ57rjK4CDwhbvwgBPMDC PyCVlgeGBewLQcx9TZiZ8nJ8OSWV+3NKU64UVfLUmS3nlNayUjQG6oGnZKw2IHw33BTAjWrDNyvE YB8HbnHkHRjiFzEr3Mll8wHdT/okSJ/wAGpx8gvnXBsyel1o3qOdw+C8uYxhmiDxBtc0MR9G+0qf TAGwr46EifxUwmpgmdOcSoHEoebCSlbX3ZDJsdCOwYXsfgYthQJDr56BgYJW1jpQG8QPHpSuJlVk Acs4OCJ8dFZ2HukfvtqODt8ttKLzlr1vRuvJ+qNT7gmLnMaTFqfOpOgUIf0R0SkOzU87eaAuaF1I HwMSsfxsrQsp0wbr4SxbiWMw0WEjLfhJbzRmgw7JWJbZqseyiEhzilcl0ycD00erk5YG08cljNX0 0axxo4Tk++T1b2Fq35crTfd2kgk0k1gutJaMRTk0B8Jp93qxcf7pPCc2RGxKXMuaz4BdNrQRf8Px 7oj1msBkOK0HKgU1FnrkatpMHdzbmTZTp9ACpRx59ocdTfazNuDbG8uipk6X2IEPE7N5gQ4LcITr hoPOJKeBQivBJ3lOnLgMPntEDyEs4lyECKU0fOtGyoaOVjmrCZpOkrjb1FlFLEpJV1UP+5c9WYVD j5nzXYrpRoPBLBRW93nY8YPPt8LLvP3xfu7dZh7wPH3X+cBGm27aw2Xzl+6sOVhi5mSJ4TVq7oZf +YF6AkcMCo6tCOFKm70iKdJ94tEtOM4+48ojiE5H2uCKWY9MA9iCaXrlPpH27hwh/aQCIVhrdUH8 QKSPJbQIxcBJKZTPhEvuqjPi82zpTqdy7Qc6yXees1xXFOFa2C06ANBx39LhWBOYRSbv6wL07z0O LodFW0rrhYd5cnTkdrKAE4XSGrCBeIF3ztCRmXTcxWjz4q7SJzec42c5lGnCOESplJdjWz5MbaYz /GiFkw5b7GuPgpwvd2AHXnP56KUGLpMD1hlBbyFcjOklegkQCQ8xu4tWYvfM4ycxhc/Lsg/1MC/J xAYWQAienFOM11eW2npHaq0xEWDhPOv/FrJQ72xcaEUP8wU6R+d9FkpIwlrGWQ5rRf+EzJQFhADo vRMBmVI6l0hzmd5ISi9fil9EOBaEi6qPwpOY06GhWRaNUirv2MEBpnSmnMMWjIiyT2GSbzi5Wp1M Io7kKl1HSr+6LMuhu1CJm9BsJXbBbGtVpoNwQkFsCoeWJds6Tzh0nkD2ao/5vy/RTqsS91edgIVX JXKYidX5mGb6rmiwxkgfMOIg0lvOYnFsb7yveCBpUUpYWUF73vTEJV2igO6T206X2kQ5hW7ctqJb 1/XToxeXqz6wL7vTjENL2fw+71wMiNzerracadatZL/8lsSSZflO8r4u9XY0WuY9uFzIhcMNkFAp 7fVMsR4yZnsjzEK+Qyqs9HYfbbRJHBQ6z7fo5aDzb8WSWvcGBpZ/Bpz7stBuvgjXmlY503C5cMQ/ 2QKbsQUwjkQvf4X8O4eBsXLLmEV/nG80AcxJl9HMZrQxZ4MY7Qtz2mzrnkARoMZprtMTaBZcT3ve EvLfEPJfY2GC8a3AOGPsjkUVlNV9DuVKktgbPBc8KU9G5cmSO55lDdC9b233pKxH72lRPZQOMNjp qR0a7WRRMLYIH9yEBgQakGIYnE2+V52UTOlF0HEZ+2vKRPlYcBSmj453hWy+g3EYNI6ux9Tb25vZ nBcADxFhN3KgOHwc7Au5bYzlhPu1AvtMMSO28LDOC/NWadr3MVSvTbHvI+K4JnplRQDSRYASvXUT WoF5S6e06WMbAiSG9HljArWkWYMCQh98wrHdl1zGH7Aag1zREXMUGTwB3mnEIoiIvSJTmPCz7u0e C/3WwX5PhoVFw2jBqR1W4nzesPUw0x1dHHPMsz93CI6HnEEQcQE2g/kQs51kEuC64aPoVr6NIyKH PfoUC9vH3JuBpWmcPDpswhiMMG/6lOM0KpYVLTTHIiCGPj/WZTJSmhbj9OmYMM42z1r4KzqZYx17 wJJr2i2kUwqTxPtm2vSntOmBEH3GFc2y9aLS8MOBYxAFhN3lh+xcKn0+1Efb9geG0P23gBOC/JU1 8mB8uxjUIekghXwjHQ6d+eJwrN2yI3KXh513jpO9c5MIHNQDZ2Xri8Id2y1RqN49OUt1y5PEiO5W WfV2QyjhUgS9wJ4reMRVKxJsKk09oToHktW/2WvdXWEauts/315iDy16yp52/wcG/9EDZW5kc3Ry ZWFtCmVuZG9iagoxNzUgMCBvYmoKMzMwOAplbmRvYmoKMTc5IDAgb2JqCls1IC9YWVogNDcuNTE5 OTk5OSAgCjUxNS4xMjAwMDAgIDBdCmVuZG9iagoxODAgMCBvYmoKWzUgL1hZWiA0Ny41MTk5OTk5 ICAKMzI0LjA3OTk5OSAgMF0KZW5kb2JqCjE4MSAwIG9iagpbNSAvWFlaIDQ3LjUxOTk5OTkgIAox ODguNzE5OTk5ICAwXQplbmRvYmoKMTgyIDAgb2JqCls1IC9YWVogNDcuNTE5OTk5OSAgCjc5Mi41 NTk5OTkgIDBdCmVuZG9iagoxODMgMCBvYmoKWzUgL1hZWiA0Ny41MTk5OTk5ICAKNTQ0Ljg3OTk5 OSAgMF0KZW5kb2JqCjE4NCAwIG9iagpbNSAvWFlaIDQ3LjUxOTk5OTkgIAozNTMuODM5OTk5ICAw XQplbmRvYmoKMTg1IDAgb2JqCls1IC9YWVogNDcuNTE5OTk5OSAgCjIxOC40Nzk5OTkgIDBdCmVu ZG9iagoxODYgMCBvYmoKWzUgL1hZWiA0Ny41MTk5OTk5ICAKNzYyLjc5OTk5OSAgMF0KZW5kb2Jq CjE4NyAwIG9iago8PAovVHlwZSAvQW5ub3QKL1N1YnR5cGUgL0xpbmsKL1JlY3QgWzUyMi43MjAw MDAgIDc1OC45NTk5OTkgIDU0My44NDAwMDAgIDc2Ni42Mzk5OTkgXQovQm9yZGVyIFswIDAgMF0K L0Rlc3QgL2ZpbGUjM2EjMmYjMmYjMmZ2YXIjMmZ0bXAjMmZDR0l0ZW1wNTA3MjkuZGlyIzJmZHJh ZnQjMmRpZXRmIzJkb2F1dGgjMmR2Mi5odG1sLmh0bWwjMjN0b2MKPj4KZW5kb2JqCjE4OCAwIG9i ago8PAovVHlwZSAvQW5ub3QKL1N1YnR5cGUgL0xpbmsKL1JlY3QgWzUyMi43MjAwMDAgIDUxMS4y Nzk5OTkgIDU0My44NDAwMDAgIDUxOC45NTk5OTkgXQovQm9yZGVyIFswIDAgMF0KL0Rlc3QgL2Zp bGUjM2EjMmYjMmYjMmZ2YXIjMmZ0bXAjMmZDR0l0ZW1wNTA3MjkuZGlyIzJmZHJhZnQjMmRpZXRm IzJkb2F1dGgjMmR2Mi5odG1sLmh0bWwjMjN0b2MKPj4KZW5kb2JqCjE4OSAwIG9iago8PAovVHlw ZSAvQW5ub3QKL1N1YnR5cGUgL0xpbmsKL1JlY3QgWzUyMi43MjAwMDAgIDMyMC4yMzk5OTkgIDU0 My44NDAwMDAgIDMyNy45MTk5OTkgXQovQm9yZGVyIFswIDAgMF0KL0Rlc3QgL2ZpbGUjM2EjMmYj MmYjMmZ2YXIjMmZ0bXAjMmZDR0l0ZW1wNTA3MjkuZGlyIzJmZHJhZnQjMmRpZXRmIzJkb2F1dGgj MmR2Mi5odG1sLmh0bWwjMjN0b2MKPj4KZW5kb2JqCjE5MCAwIG9iago8PAovVHlwZSAvQW5ub3QK L1N1YnR5cGUgL0xpbmsKL1JlY3QgWzUyMi43MjAwMDAgIDE4NC44Nzk5OTkgIDU0My44NDAwMDAg IDE5Mi41NTk5OTkgXQovQm9yZGVyIFswIDAgMF0KL0Rlc3QgL2ZpbGUjM2EjMmYjMmYjMmZ2YXIj MmZ0bXAjMmZDR0l0ZW1wNTA3MjkuZGlyIzJmZHJhZnQjMmRpZXRmIzJkb2F1dGgjMmR2Mi5odG1s Lmh0bWwjMjN0b2MKPj4KZW5kb2JqCjE3OCAwIG9iago8PAovVHlwZSAvUGFnZQovUGFyZW50IDIg MCBSCi9Db250ZW50cyAxOTEgMCBSCi9SZXNvdXJjZXMgMTkzIDAgUgovQW5ub3RzIDE5NCAwIFIK L01lZGlhQm94IFswIDAgNTk1IDg0Ml0KPj4KZW5kb2JqCjE5MyAwIG9iago8PAovQ29sb3JTcGFj ZSA8PAovUENTcCA0IDAgUgovQ1NwIC9EZXZpY2VSR0IKL0NTcGcgL0RldmljZUdyYXkKPj4KL0V4 dEdTdGF0ZSA8PAovR1NhIDMgMCBSCj4+Ci9QYXR0ZXJuIDw8Cj4+Ci9Gb250IDw8Ci9GNiA2IDAg UgovRjEwIDEwIDAgUgovRjkgOSAwIFIKPj4KL1hPYmplY3QgPDwKPj4KPj4KZW5kb2JqCjE5NCAw IG9iagpbIDE4NyAwIFIgMTg4IDAgUiAxODkgMCBSIDE5MCAwIFIgXQplbmRvYmoKMTkxIDAgb2Jq Cjw8Ci9MZW5ndGggMTkyIDAgUgovRmlsdGVyIC9GbGF0ZURlY29kZQo+PgpzdHJlYW0KeJztXVtv 3LgVfvevmOcCcUTdBRQFEicp0IcCQQL0YdGHItttsbAXdfehf78aaWYs8RvORx4d6jIzNnZtMxqK PDz3G9//+ds/dv/6fff+6dt/dj8OP5++PSSPSdH0X7uk/X43HEjrxyxN9l+72mSPZdWN/nh5eN29 Pnx9+Nr+//XBlN0HDz/afzy+Ium+f//x28P7/uUP/ci3p7+2v/1vl+7+0v736+6nv7eDPx/m2z/w 8lA3ZbuOJDFZ++fz8E+TJbV5LNvf2/HE/nP/8L8f/vaH3W/7haWPdbd40y9w+Oe7Mq/r7LHdXDNp ya9vH21XkTWpKcra+ftw4iw7rCfflWn12IG5abee5cV+P0lS7Mq82/V+vIVBafLHvF19ao/3n96P v83z7Jh/D55fBmtussOX8/fRmgdrKw7Td2sevKs8PGKvbTz+tpe3eZ4d89trVoKzY82uNbjOJQac z5/1y2jcD87nccOFS0pwzqu87n6vxvicV2VHq+34aA3W+GnNg3meHfOr4XNeVd1y+jUP31X3gIO1 jcYHeznN8+yYPxKcHWt2rcF1LjHgfP6sX8bjXnA+jxsuXFKCc9VkZSd+zBifq6ZfgzHjNVjjpzUP 5nl2zK+Gz1XTw6Ff8/BdPQ7g2kbjg72c5nl2zB8Jzo41u9bgOpcYcD5/1i/jcS84n8cNFy4pwdkk pu4nHeOzSdLkpEwN1mCNn9Y8mOfZMb8aPrdrOKxnjBvt+GE99tpG48O9HOd5dswfCc6ONbvW4DqX GHA+f9Yv1rgPnM/jhguXxms+mh0NKOFBunyZ57vCpHvrZWeK3X//2b7ka6eqCwwC030P19KPOAyC 1wsf/Pj94f2XsgXA7vsvu34F7/of3/tFvytM3v7x8+6P+zX9aff914e9+XMYSLuB6m0g6wbqt4Hc fqKf4/P3w/bjQDovzAYhnZfp5iBdtWb49iBdtZJra5Cuq3KDkK7rKhKkhe6R1wsf7PZj9g6ccxsq 0nY/SX3CnC/Wfoyxlm8+Wcs3lQ2Cyv5IY4OAviVNz0Mtfxuou4HChnxNIT+Y47M9h/0RU9uH9cme 1N4tTAoQ81iY/RbTP9G4IYaTwuY+nMGz3lWx/3L+PsJCj+c5jga+tMPgZs8kziBwWu7FeXFE4LS0 wfDBgm36gT2RAL7CE3Bg9kBaWQOmPx/zhvSpsc40Lc7jZ26jEhwykMWCzMTUlsAfIL6ARIFVABzN R5tYgCPBJECS9hPIXuCEYTNAcE/2woBo6Vtw6cCR4CP2a+EJnCMOlFO2GeS3QHp8d8CAuWRwkFFx YS+JDTJYB7wWdgtcHfABTgoQFeYAiFGagnPBo6Tyx0Nk2QjDAYRY53EO4SiEeMnxgR4MJwdcKWUH LmLv2PsEPt1avyNGrUL+sD08zXAISDiEQ7ucCrROuDUnzZ9zWVBFAKu4mgcIwNU8gAfo45z9C/Tx cKmDzI2zYQFTCd8L4jaV5DgpiCV7DvwI59xwcnC2ANPwk+MqRlYzAKVUXmafbFyPgg5UdU8/MoSJ Y3uuTLGdyh2TMXvU0DEOBtIls4u7KwCXqYRBeuAiB/YCKka4Ys+J3ZvXaYi+1KROEAo42Sz6kwev 48R+NzgINdjn4kG3G8YggUGuQeoKlrLr9CdyhzzJx+wB3gsnRT2iHhDiOAWYW9DXcvqgvmwPpzJs H+w+G5XNE9t+ltivDVfrlvKpgxILlMzJ0iGBVSRfWi0MoA0HHW5KnGbGnoNHDhSc5DFd0RMJKMvN ZQoCzoY2ncCWEsjktcQVBHwbDxMIJNxy8jCUgOl4ePy4/OSEGa4bejBdqtZ6QIjuBQX7IF43VUzl Rw0MdIG1+I3u5lcw4oabXyiEOEwpeehIg7TORoi6kGXkoSuDH4lHlajTWMBRJc58gaVITScPZRGi HTApwIPLoBgMZMPmqEu/VBEf1ekt/bkYc4GjhlvOszo87yjkL3KAPVDjcjX5e6tV4udJDpopyKJx UrelxYVH7TFe6qsbTOX9zZj5IzsAsHN/lcBAVbSD6kIT6xTMQOQoCjbuhmIoMWLw3Enq4Y3wsL+4 kUvJ4cbiYVEcKdRtKDlKjmRg1HBfrICRR0ycncpQTTHiqLg77r5bKMo0S6DOW1vQEGxZcpw074/B JG9ol1vvBZa6WleCB8OgnEyuPkXWc6/JUpS4ibYj2GaJ1M2KH1PzOvJqxHRmckeg1gYw47I/XG6j G93eDAYmYf8L+WJ9iUxFCJmTdXXjiQzhRSMuqzeIPYZnWKAPTMMpFsOT4uFJgEIk7pwTuIRXIrUV 5enkJL/6hok/A/8EP9xw7Rq3/8EGcngNibfmoyIc8uy4MIDYVbvm4yQc8YIxD7tnJUmeHtoTlwbh Zh8ndgnjVkgXwHVAMId6gTzIgcIDRR3VrgXVLjN5a2ctwr2QT7LafCvNmNEbs495DipiqagncOEV VzrPk4HHi+xsPWU1pc/bNYV4Fp+gjFuiTwsymAXOec4fw6POKs5HIA9YKXIQ7n0KdxV4VJRSGsO1 ++otU7lwWY/ZMJxMeKm3YuZ0VmXOdYBb8DMDqiTQdE/RvEz9G4qa0DiC6dFhELzzaLcDNbbhAS+V NITwShuPlHbIHhSYdQqWj6T/Bk9So8WNHqnl4eEMjkFoTMNeuHMpkrio6jFX5m6vcMbl6gyhIlBq t6TT6PrCExXCc3gFKTZz5d8uE2qQqGDztFq6rbRnST6dwB3JaUpQ3Rdex4+MW6P2YrGwUWPG7PC2 8sBjdG9UpDENUZcnmQuES5V2h/ciw7fwDnC2TsbdhFfcgDk/6WoaDZg9WjTDoQOZ9HgyLGIDvglo 8GTz3soe6Am4tEk8CKV7o9KkNs8fjti9oXFaeyUIgZ63DOzMAxu8AAEcgKUhkAAmpf2EI0l6eDiw HTgtmNUhBwdPONxMuRsi0IP7AJEFG2oXSX5cvkYG4k0lbqBIBhFEYyg4ACoa1Ug8bPyttawIiYfi W4ChO4TlNGOLZ9gAgGD7gri0SjuBlSCqRxxqmUIbxfKFyeHwYsSml+0Rp6HUF6bxxrooAYCrNgtn ujniHjEi3GAzESMNve+a9ItZwzBT+WlWjRkq90wLnIZzik8VAZOdhOVa/J2+LbB0fVP4BA25esTp wkssPWQSwENg0vEICs8M4YjLG6dwegF1iwdU5/TL3w16b+VBklwzU3ikSM2YGS7TwwHtdWqNI7/g WsycZYpF3iwLU0mmDDX5kRz4OjR4sEDd5BKHtpJQ4Tk85ESNrzh3DIH1AdEyLtc8EtF5DaqgZXcM pUWi9vKCKV4xxEN/XFeaydGUV2bE2q4pvd0jqUPDqyq2NlSEUpm7ADRPJfjdrTZdritkOUjsxHDz 1LvpXggGrSaXYrs1eLGu4cmzMYu5KeKP0zhdrzJ+XzJ5oKAvlKSiOBKozS/wK0UpGNgOHxf4YuKU D3HTcp5ueJQql7rlbyXRobsDcD+g4QCcypOLZsSUNxwdS/XskzK5X3Q2ES+vM+CqYY5EaTeKzswY 7i2NKh6BSaOiTXCaE4hTQYhlqSuH8iYbczaAIfR55GYhBYjcRRgZtxW9WWV6lTe+amTj3JTRo5H/ iefC/dQY6+CpZ2u5d4HrFwvxC43NzWn0TY6o1GNOFm7CeQhUfg6zYN2yCrmKyMkq18LuOjyRMBrs AefgPmXeiSCG6cDDiRh04P0OFtIdV3Ld2vapYaq0KKoRE5qnGTWeA7/ljZuj0LJP4Y4NScfCrVkK KmKsSF3r8FDRONEBlxYIfgFH0bO+rrFEvjopmSol8sAlBCXyUIUN1c9QMC0puubvvVd/O3lFVZz6 a8SoAponILd9zeFSsrSAh8+S/iXQ+M90korRJ2stceEN3QcapYPw5iu3o2Rmaah4VXmbLa9muvh6 LUWDt51xi5YYz8KbpQWYSvRApUP/MilBgptkPHbL878EAFpJkkgkj1GZlGNhIOjA7lD8VKRU7Wze p+If5CyFl/vCHEDbayl5m0Wp9aiT0Qj78bDXncUosZggmIZXUXq0wgAxHl6K55HfE64IqmTRRPHR L1Yw3uWtDtj29embKnKtOQpcQU84yV3i1Pma2v7Lu+PNQqntJqHee6QJSX1xP4IkHy7cmSdvCz85 9zUfM8O1uk2206ODB7Dl3SI0JF9tTqpBONF53AkiiAbwxCyBT5mn1QCNUSMQIzs3jtpcRt8L3EJx neqSks4Yvhb/VHmS1mMWI0CyhWpaNFLo1pq7tHbfjIpcS2tvDFqNOwfEGDcUBNaHQM7frY/JBLQu R9xEEtvfzDqisbs3L1RHuS36mNOrdo3JoPXJJvdIBlVI9Uz6twxSLuHiIn6TEb8tyFUr2dj4OdCQ C/pacwYNgMHFzMFs0mYMx8aG2uI6oCDXeqYuZNfkgY7iPRakiCxjiazMrNiAxwDfwlk3cJjbugxD z5GlYXY2ee58LU9d0XA6cEwOt1U82JYgqVnDo3K3QwORn3e53FDW4jyu8nmu21mIXQi4JVdqAKX0 IpyX/Fi0Hb7AVayUhtPd+PYmHGISjIoYK2a+DUFAY/NYNKsVpzy3XuHGeoyB8myGWZL+NTJmPLyH 8ARvThFDzkepqZvHCuDByDiZOwJXsaC/x2JpnWU14tLb79TTVM6rDjSC5PPcFuEhcQQltpwK14Xb 63OrLBWPiIJjN2XQzh84msbHyvb9x0kVrMJ5XGZnahsdkZtLap7ACR/u/VVxCQFux4gfcNVZwkDW ElDgcZ1w94VHioSAYO6h+VBq0NBZOEfR2Mx6Mh07B8+A+XvQJc03NopSyZxa0GnU3Grc4X4n1Bsi VMFmPE4bPAkCzU8gtmPcRuajgsFxKzSsxRIG2C64ZuEt3HnL837mUXTnDLJMrtwtpjJuj2so5kmE dzgnVSRb5ha58FokMk6YoD5z/sixPYofgGM7vWRX0gA/vF+z6968oCwXG0AeN5ZpCDIayYyjpWym idw15fN59ATnBbL8GCLJD1OP2KNKbiats0Q/EZdSAgdFvNB3meSVCx/idCuL0nxI0AJtLfHjZRwF Oj5QQW/LhW4A5UQnsNC4uenbrOxSosMtXlsj8NZOrd2tqxE3FLieV2MHKjrSquI4qUZ455oTsQXZ /7wm0kM1VMgM8vgI+HwErgWF1iAShRzYFBd0GvkV4Zl0HivlGki4u4JbkuiqB5nE5ZqGLLgBB7hG ptSAbau40Thpg7CkpH14i4qQao6TonuXOm+RPrhzRqAagGbIPS0C751KEihNK+ciGP0E4aqyR3v+ KMXuq73teJ5yMr0GzEDrlzgK4Ads7p70R1iMUhgmH3HUtfQHlV8q3AGk/d69tmAxZbfRw48fL9KC +a+7rw//ByIpg+JlbmRzdHJlYW0KZW5kb2JqCjE5MiAwIG9iago0MDA3CmVuZG9iagoxOTYgMCBv YmoKWzYgL1hZWiA0Ny41MTk5OTk5ICAKNDg3LjI3OTk5OSAgMF0KZW5kb2JqCjE5NyAwIG9iagpb NiAvWFlaIDQ3LjUxOTk5OTkgIAo2ODIuMTU5OTk5ICAwXQplbmRvYmoKMTk4IDAgb2JqCls2IC9Y WVogNDcuNTE5OTk5OSAgCjcxMS45MTk5OTkgIDBdCmVuZG9iagoxOTkgMCBvYmoKPDwKL1R5cGUg L0Fubm90Ci9TdWJ0eXBlIC9MaW5rCi9SZWN0IFs1MjIuNzIwMDAwICA2NzguMzE5OTk5ICA1NDMu ODQwMDAwICA2ODUuOTk5OTk5IF0KL0JvcmRlciBbMCAwIDBdCi9EZXN0IC9maWxlIzNhIzJmIzJm IzJmdmFyIzJmdG1wIzJmQ0dJdGVtcDUwNzI5LmRpciMyZmRyYWZ0IzJkaWV0ZiMyZG9hdXRoIzJk djIuaHRtbC5odG1sIzIzdG9jCj4+CmVuZG9iagoyMDAgMCBvYmoKPDwKL1R5cGUgL0Fubm90Ci9T dWJ0eXBlIC9MaW5rCi9SZWN0IFszNDcuMDM5OTk5ICA1NzYuNTU5OTk5ICAzOTMuMTE5OTk5ICA1 ODcuMTE5OTk5IF0KL0JvcmRlciBbMCAwIDBdCi9EZXN0IC9maWxlIzNhIzJmIzJmIzJmdmFyIzJm dG1wIzJmQ0dJdGVtcDUwNzI5LmRpciMyZmRyYWZ0IzJkaWV0ZiMyZG9hdXRoIzJkdjIuaHRtbC5o dG1sIzIzRmlndXJlIzJkMQo+PgplbmRvYmoKMjAxIDAgb2JqCjw8Ci9UeXBlIC9Bbm5vdAovU3Vi dHlwZSAvTGluawovUmVjdCBbMTczLjI4MDAwMCAgMTkyLjU1OTk5OSAgMjE5LjM2MDAwMCAgMjAz LjExOTk5OSBdCi9Cb3JkZXIgWzAgMCAwXQovRGVzdCAvZmlsZSMzYSMyZiMyZiMyZnZhciMyZnRt cCMyZkNHSXRlbXA1MDcyOS5kaXIjMmZkcmFmdCMyZGlldGYjMmRvYXV0aCMyZHYyLmh0bWwuaHRt bCMyM0ZpZ3VyZSMyZDIKPj4KZW5kb2JqCjE5NSAwIG9iago8PAovVHlwZSAvUGFnZQovUGFyZW50 IDIgMCBSCi9Db250ZW50cyAyMDIgMCBSCi9SZXNvdXJjZXMgMjA0IDAgUgovQW5ub3RzIDIwNSAw IFIKL01lZGlhQm94IFswIDAgNTk1IDg0Ml0KPj4KZW5kb2JqCjIwNCAwIG9iago8PAovQ29sb3JT cGFjZSA8PAovUENTcCA0IDAgUgovQ1NwIC9EZXZpY2VSR0IKL0NTcGcgL0RldmljZUdyYXkKPj4K L0V4dEdTdGF0ZSA8PAovR1NhIDMgMCBSCj4+Ci9QYXR0ZXJuIDw8Cj4+Ci9Gb250IDw8Ci9GNiA2 IDAgUgovRjEwIDEwIDAgUgovRjkgOSAwIFIKL0YxNTAgMTUwIDAgUgo+PgovWE9iamVjdCA8PAo+ Pgo+PgplbmRvYmoKMjA1IDAgb2JqClsgMTk5IDAgUiAyMDAgMCBSIDIwMSAwIFIgXQplbmRvYmoK MjAyIDAgb2JqCjw8Ci9MZW5ndGggMjAzIDAgUgovRmlsdGVyIC9GbGF0ZURlY29kZQo+PgpzdHJl YW0KeJztXcuO3LgV3ddXaB2g2yL1BoIA7rYdYBYDNNxAFoNZBHYmgWEP0pnF/H5UUj1UPEUd6hb1 LLphd/e1irwkL899inz398//jP79R/Tu+fN/oy+H78+fd/FjnFXtnyiuvx66BF0+Jjre/4lKlTzm RUP98mP3Fr3tXnYv9b9vO5U3Hzx8q//z2EXcfP3x5ffdu7bzXUv5/Pxz/dOfkY5+qv9+i375tSZ+ PbS3f+DHrqzymo84Vkn96/furyqJVfGY1z/X9Nj8df/wf3b/+Ev0+54x/Vg2zKuWwe6vD0VR5WlN UOomlt/OH625SCqtsry0/txtOEkO/KSRqgr1uJ9nXQ89SbP9eOI4q+lluh92Ta/nIFfpY1pzr026 LvYfbuindr5b2t9Pz28dnqvk8Mf68wXPXd6qvGm/4fncV91N1Txj8GbQO2M5tfPd0r7Js6d5tvBs 48G2LmPM8/W1/tGlO87zddmwydIlz+1u2W9+289dngftt0pFeRZXUabKSEX/+1fd78s0PedZ3bOu ey7TKInLSfvej7ostG3UR9itAISGjTBNo1xneY3ekcqO3bzIAFE1X11eWooFEN96Pvj0unv3KY9U HL3+FrUcPLTfXlumH3KdF9Hr1+ive57+Fr1+2+3h/0DQDaE4E5KGUJ4JqflE28bH1+4sDwP4t54P NuNRexV0bUCZrscTV0dekrjhJeth/31DSE8ErdkThxF3CIXxEVXSWftoMKaU+cSz2WjbhkroWqQ9 jZjdqIq1oZ4oZ+ZwkdA2Wp3b+EAnxGQsUeZaAqfQyydTnEuzDVhtOoXYLay22S3MOgiZKkxO+drC WMw5VRkTQ5Q6Lttcgriww4zRseDguODm5keezW75nIJ88HUxR4uzDsOH0ZqzjlP4wRGYGxy+AVCz 9AJRBdCm48EfccBcZTYKKwW7sPQyIXsNo2pz1AaGIHVc2GH40CisNrQBUAcbhu91Dg98tBTIcD6A D8vK9SgY3DDDMdhBe5rLwHehA+uTADvv9op9QZX0OGjI9wcs7vD94YBKAu1A7S2PKudGIEvLsh/J cE9xVrnEwNLBOgAfY2Ad7n4OwtAoMObBMzjYNV60lB5gXwHrMKcm1GOjsHIUhH1sBwQuraj5QH0Y B+8CGDF1HypDD3w4ICpHckQ/H/pye9Zzn5c3huGbPDHTBxmDPQW9WDDmJufSkxIq8kugmsnd9BAn cQgU0PiEw+D4hqFjwZ2c+NM5SWaTGKUHo7LEBOFODLUnEB4msUlcInzDTTCQKdwO7/0tf54cG80N Yd+280QlxsH0od6EwGdBRAFhN7cl7lMerxFsOuAUuuUxYtwwdKPCWnJjUeKhgh7jHiq1Wvj+kBi+ gozAXDjFfRSuYrhGgQ0CVvxCfFiP2S0v2F+UVmGHnWuG4jHLRIFc4sJDLzxqDGPhCTLgA9YWPsIh lksQhQeHFBo4+dxBFXgXgth08C0vepEkVYZ3i2PhSormXB3ScHShko90XYAPSdxkuF1js677dNLq TWUv6qM6uQ5cewpSBIBs3BIQpK58BBI8QN1yTDRxBNxHdGr2XJ7ANnAQQ+5LCOZ0IcpRsMcEaUlE A+ADtBQ1Wiba2iCFMKcCc9OHa8UHN2JJho5L6wTR4eMU0ijJUoKG44SuBTuKhq4dppCmMkap+nLY QKBOHaoiYTA+QsRblu3ewPS5YLt9NSZuysOv/3xRaOzwPC9DHthpg1fVvg78ClzpfcpLn4IlGlQR BG1Az3KXAuod2rlVqkdQiuumSU6VJMRTqh7OlPnEs0E4eB19Ij17iXkSV8eJTYfjnsDUEiTfJ0l8 eFEdNFzooAc8pP0QwqGgYz3+zkzlO5sumaSwG8DgZjDwUvzrb4v5cE0SnVp7Efh/sKNofspLenam tynuqip1pkTAUnzIoDyZfHAHGWrMtqyiHUrsBPVhYhzzoiySyroMPPk2RmHOtgWGB4IF0SEvLz1B 2SbVSQ6VKsNz8w7qA7Kz5sJglEqQnRUUOwnGsl5tgdk5WvvnxYjhUrhlRLF1e6MuyOPiUhnQ2nGb lvKilLLUKqhjRGIcymm5kA3f/Fy2HTQuyBR9b0hQqTNKzg/rCe9gn/bWTMD4uc87RhG35AwKgRNM qwgcBJVbILy6nMODQ3XLKIXPlHfnze4FlfOTdhheT3plDgWRNx9JPoG7JXi5YilxpEky2puuluUa 1uGVSHjxEkqjebCfvqs50zEVkqVcb1pCkEFwECn+OsKIntKtvoNSF9rBFrv2ooNKr7kN/rYat4R5 3HmUOqxRCuZCfuS138wdJT8igP6w2Gtd7GkS0ILcuRddkDUnfHZQesumgENE2BI186IKq8pZhATh f4e8P6RPeWyOex+jZNQWe8LbXVU4OUQAYb+AbqTvHEvepwfWwR6nrOt2oVR8foS+/uqchvFy7M0Z MGzepw9YSvXpdGfzPcPgKA6GaUEkVvCuogDJ+DLwV9H4yvnI7cx0sNhd2c7jHG84TfFVqJG8Nlov qiDVN+z99QZ3vRwnLTjFYRrkF2gxXmcJa8vfjQACF34edjW7dTj4gcvYpkFpElmfqDhPUFsieJ1+ uNU3kluQ5fklSk9TbENf/xwziZ1mJ/dkKdXfggQCPwXHbGOc88eDGUx0I0TVpjl1UDIYCuRpO6md CAcOj9fjUJzedAhMUlU8a5Dk5nyAAboLf1PQi4op7ApV4PQOP5FaUlkmKF0XXEPGLXKKKA7na4hr l4Mic19KD7nQic4383FkAA0CTHRAouB1KleL9Fboi+NL7FtqyGcu2R6UYsmsxVZVPcv7LPuhVRAI IHCjfSYCMMbHEgiBsErCYjfhrHvfDxhmlfs6pAuRB84Yn0M4t4ofOTvTasNoLW+sdghg1r03CTR2 bzO3O4RPtFtow+z2YKH3jJZnGYAPbBQY42mphRDwfLXFbsJZ974fMCwGWIaLXYfFMhYIgRBkfTVg WG7RMnS4tM/UuAqMp6VYhpNYl1gnBQTTP1Mw61Q+NPBh2n1QXIPdUmNyMbM+CmGxm3D9YJjHwTLc HEEDjptP2CoQOm2A7w1JF4qO6J3PhI5bIgRZHw8M1RYtw8UwFgiBEGR9NWCYBMswEFZFWHE61UfV Q5D18cAw3aRlODybjHctjRIzBNZD8K6fsKl0qg/WVzz8xYNhHizDQFgVYcWLHcBw2WBYbNEyFGST Ndg53DIEewusGDA3oWoO7psAAwzKCulH8DZUk1OeQEHr0nKaa89ouVErMSapFC53cNOA4V3VoXoF w8qnZQi+poLhWo677Rs/L5ldLEoHwviaj39EmfsUcQsEFyq56Ue2ZBkuZsYmtQyLeIuWoSBmqOGJ EDMcqrUEZl6IGS4SDFdE8AmGOsQMA2FVhBUvdgDDZYNhskXLUBIzhMEJYoYQzTONJ/Al8MVaGljg EcFp7D60pcEN4iFT7jlt6RWMAIbLBsMsWIaBsCpCqDNcxDIsheATDPMtWoaLYSwQAiHI+mrAsNyk ZSgougYPbssHNdzZu8lLWYY7zx8tHgyrYBkGQiCshxBkfTQwLNUWLUNJAiUc4UUId1XRs1zCYjfh BsBQD7AMFxu63tCx/w7Hb5lPaPpai6TUn6e5gTEgbNr3nomw2E046953A8M8UvE1KNSqwcJcX856 586k1jTIze1xfiKB+1zgGplWcDv3uWjzCeg2NZ5I2+HDTahwuxOIdud6OGiDMna4L/A8/MPpr4V9 PmLzshqcIGAdruGCC2/MjyQmY4l51duhfqePU74uwBiw3iJu536wj6bAmASHSTYJ0G0MnD6Zi63M XuAjlkn2cW1dWZWXjd52O7V5wxxeDUmv3na4X5PeCu1wSx2/XZXfuQYRU34tGb8b0Mu9XDqLLxdX cGkpv0kaZplfUii4gNODGKLUcRHigurhXnUHuYQpBMMQcDzxIULNNdGVzi+VQ4ex3JiPxAsqqbjp N1U+YWmaS9FBlOlleIKL5rnEeLxqfJvX8aJ8QFiJXjfq5WZQgYwB5sCsD78qVIJbFAwlt62Gq8ev iYMfQM2OQD7NTZi2G65vHUyWXgzGx1WxWH4huMTUx1Yevg19APn6N0jPaHEKqZnvsHKDLnXtt6+K o50D9pX+MKZ9VZ52kAf76r5kahoA3ZTFMZMbOJPZ70EnocBAo3Qs2MtSF2qD+OEDpYu6tTH1mM1G 8yvKOO0QnZlG+jlj3D8VuOfB+R46OIGMwcYdHotBsRS4AQIf18ecejNIi1hZA356xIBfUTd2HMx6 A36HdJDqtArCzVd3OIJIXFpQl9wWAIzxkRARbDJgHVDZbJTD41KCtwLAGMckW+q6zOR92ULEfsAv PQXn1haLunX8RXkx/lG8iTVbSx41e24PNbUzpuJxVHvhNdYUgOk1RAq2sLfvy/3mox1lA00kljMZ ix61Q2XXDmadsU/lsP/30KqZ7/BRCgMr5ezVjhzgddfBNxWYoD0JssyhHrqFui+BgQkIEtQFmVPo BTAGKmth9SHqIbCm3lP98TRY5aw43QNLiW3QUkKPWqpB5RMmP2bV4Q+gs/l/n59/3sXRn5GOfqr/ fot++bUmfu0CfE9jx9r9q0ifqix6yJPTG+7KhNzDugA6dsAwBu3QiiFUa3eeAPzMruot6bBUWV3U 2M41LNXxxOuv6K0enMobLg/fvvzo0dJx3+q/RC+7/wO0d6bKZW5kc3RyZWFtCmVuZG9iagoyMDMg MCBvYmoKMzUxMAplbmRvYmoKMjA3IDAgb2JqCls3IC9YWVogNDcuNTE5OTk5OSAgCjM1Mi44Nzk5 OTkgIDBdCmVuZG9iagoyMDggMCBvYmoKWzcgL1hZWiA0Ny41MTk5OTk5ICAKMTYyLjc5OTk5OSAg MF0KZW5kb2JqCjIwOSAwIG9iagpbNyAvWFlaIDQ3LjUxOTk5OTkgIAo2MTMuOTk5OTk5ICAwXQpl bmRvYmoKMjEwIDAgb2JqCls3IC9YWVogNDcuNTE5OTk5OSAgCjMyMi4xNTk5OTkgIDBdCmVuZG9i agoyMTEgMCBvYmoKWzcgL1hZWiA0Ny41MTk5OTk5ICAKNDQ1Ljk5OTk5OSAgMF0KZW5kb2JqCjIx MiAwIG9iagpbNyAvWFlaIDQ3LjUxOTk5OTkgIAoxMzMuMDM5OTk5ICAwXQplbmRvYmoKMjEzIDAg b2JqCls3IC9YWVogNDcuNTE5OTk5OSAgCjY0NC43MTk5OTkgIDBdCmVuZG9iagoyMTQgMCBvYmoK WzcgL1hZWiA0Ny41MTk5OTk5ICAKNDc1Ljc1OTk5OSAgMF0KZW5kb2JqCjIxNSAwIG9iago8PAov VHlwZSAvQW5ub3QKL1N1YnR5cGUgL0xpbmsKL1JlY3QgWzQ1MS42ODAwMDAgIDY1NS4yNzk5OTkg IDUwMy41MTk5OTkgIDY2NS44Mzk5OTkgXQovQm9yZGVyIFswIDAgMF0KL0Rlc3QgL2ZpbGUjM2Ej MmYjMmYjMmZ2YXIjMmZ0bXAjMmZDR0l0ZW1wNTA3MjkuZGlyIzJmZHJhZnQjMmRpZXRmIzJkb2F1 dGgjMmR2Mi5odG1sLmh0bWwjMjNhY2Nlc3MjMmRyZXNvdXJjZQo+PgplbmRvYmoKMjE2IDAgb2Jq Cjw8Ci9UeXBlIC9Bbm5vdAovU3VidHlwZSAvTGluawovUmVjdCBbNTIyLjcyMDAwMCAgNjEwLjE1 OTk5OSAgNTQzLjg0MDAwMCAgNjE3LjgzOTk5OSBdCi9Cb3JkZXIgWzAgMCAwXQovRGVzdCAvZmls ZSMzYSMyZiMyZiMyZnZhciMyZnRtcCMyZkNHSXRlbXA1MDcyOS5kaXIjMmZkcmFmdCMyZGlldGYj MmRvYXV0aCMyZHYyLmh0bWwuaHRtbCMyM3RvYwo+PgplbmRvYmoKMjE3IDAgb2JqCjw8Ci9UeXBl IC9Bbm5vdAovU3VidHlwZSAvTGluawovUmVjdCBbMjYwLjYzOTk5OSAgNTU0LjQ3OTk5OSAgMzE5 LjE5OTk5OSAgNTY1LjAzOTk5OSBdCi9Cb3JkZXIgWzAgMCAwXQovRGVzdCAvZmlsZSMzYSMyZiMy ZiMyZnZhciMyZnRtcCMyZkNHSXRlbXA1MDcyOS5kaXIjMmZkcmFmdCMyZGlldGYjMmRvYXV0aCMy ZHYyLmh0bWwuaHRtbCMyM1JGQzUyNDYKPj4KZW5kb2JqCjIxOCAwIG9iago8PAovVHlwZSAvQW5u b3QKL1N1YnR5cGUgL0xpbmsKL1JlY3QgWzEyNC4zMTk5OTkgIDUzMS40Mzk5OTkgIDE4Mi44Nzk5 OTkgIDU0MS45OTk5OTkgXQovQm9yZGVyIFswIDAgMF0KL0Rlc3QgL2ZpbGUjM2EjMmYjMmYjMmZ2 YXIjMmZ0bXAjMmZDR0l0ZW1wNTA3MjkuZGlyIzJmZHJhZnQjMmRpZXRmIzJkb2F1dGgjMmR2Mi5o dG1sLmh0bWwjMjNSRkMyMjQ2Cj4+CmVuZG9iagoyMTkgMCBvYmoKPDwKL1R5cGUgL0Fubm90Ci9T dWJ0eXBlIC9MaW5rCi9SZWN0IFs1MjIuNzIwMDAwICA0NDIuMTU5OTk5ICA1NDMuODQwMDAwICA0 NDkuODM5OTk5IF0KL0JvcmRlciBbMCAwIDBdCi9EZXN0IC9maWxlIzNhIzJmIzJmIzJmdmFyIzJm dG1wIzJmQ0dJdGVtcDUwNzI5LmRpciMyZmRyYWZ0IzJkaWV0ZiMyZG9hdXRoIzJkdjIuaHRtbC5o dG1sIzIzdG9jCj4+CmVuZG9iagoyMjAgMCBvYmoKPDwKL1R5cGUgL0Fubm90Ci9TdWJ0eXBlIC9M aW5rCi9SZWN0IFs1MjIuNzIwMDAwICAzMTguMzE5OTk5ICA1NDMuODQwMDAwICAzMjYgXQovQm9y ZGVyIFswIDAgMF0KL0Rlc3QgL2ZpbGUjM2EjMmYjMmYjMmZ2YXIjMmZ0bXAjMmZDR0l0ZW1wNTA3 MjkuZGlyIzJmZHJhZnQjMmRpZXRmIzJkb2F1dGgjMmR2Mi5odG1sLmh0bWwjMjN0b2MKPj4KZW5k b2JqCjIyMSAwIG9iago8PAovVHlwZSAvQW5ub3QKL1N1YnR5cGUgL0xpbmsKL1JlY3QgWzUyMi43 MjAwMDAgIDEyOS4xOTk5OTkgIDU0My44NDAwMDAgIDEzNi44Nzk5OTkgXQovQm9yZGVyIFswIDAg MF0KL0Rlc3QgL2ZpbGUjM2EjMmYjMmYjMmZ2YXIjMmZ0bXAjMmZDR0l0ZW1wNTA3MjkuZGlyIzJm ZHJhZnQjMmRpZXRmIzJkb2F1dGgjMmR2Mi5odG1sLmh0bWwjMjN0b2MKPj4KZW5kb2JqCjIyMiAw IG9iago8PAovVHlwZSAvQW5ub3QKL1N1YnR5cGUgL0xpbmsKL1JlY3QgWzIwMi4wNzk5OTkgIDcz LjUxOTk5OTkgIDI2MC42Mzk5OTkgIDg0LjA3OTk5OTkgXQovQm9yZGVyIFswIDAgMF0KL0Rlc3Qg L2ZpbGUjM2EjMmYjMmYjMmZ2YXIjMmZ0bXAjMmZDR0l0ZW1wNTA3MjkuZGlyIzJmZHJhZnQjMmRp ZXRmIzJkb2F1dGgjMmR2Mi5odG1sLmh0bWwjMjNSRkMyMTE5Cj4+CmVuZG9iagoyMjMgMCBvYmoK PDwKL1R5cGUgL0Fubm90Ci9TdWJ0eXBlIC9MaW5rCi9SZWN0IFs0NDcuODM5OTk5ICA1MS40Mzk5 OTk5ICA1MDYuMzk5OTk5ICA2MS45OTk5OTk5IF0KL0JvcmRlciBbMCAwIDBdCi9EZXN0IC9maWxl IzNhIzJmIzJmIzJmdmFyIzJmdG1wIzJmQ0dJdGVtcDUwNzI5LmRpciMyZmRyYWZ0IzJkaWV0ZiMy ZG9hdXRoIzJkdjIuaHRtbC5odG1sIzIzUkZDNTIzNAo+PgplbmRvYmoKMjI0IDAgb2JqCjw8Ci9U eXBlIC9Bbm5vdAovU3VidHlwZSAvTGluawovUmVjdCBbNjcuNjc5OTk5OSAgMjguMzk5OTk5OSAg MTI2LjIzOTk5OSAgMzguOTU5OTk5OSBdCi9Cb3JkZXIgWzAgMCAwXQovRGVzdCAvZmlsZSMzYSMy ZiMyZiMyZnZhciMyZnRtcCMyZkNHSXRlbXA1MDcyOS5kaXIjMmZkcmFmdCMyZGlldGYjMmRvYXV0 aCMyZHYyLmh0bWwuaHRtbCMyM1JGQzM5ODYKPj4KZW5kb2JqCjIwNiAwIG9iago8PAovVHlwZSAv UGFnZQovUGFyZW50IDIgMCBSCi9Db250ZW50cyAyMjUgMCBSCi9SZXNvdXJjZXMgMjI3IDAgUgov QW5ub3RzIDIyOCAwIFIKL01lZGlhQm94IFswIDAgNTk1IDg0Ml0KPj4KZW5kb2JqCjIyNyAwIG9i ago8PAovQ29sb3JTcGFjZSA8PAovUENTcCA0IDAgUgovQ1NwIC9EZXZpY2VSR0IKL0NTcGcgL0Rl dmljZUdyYXkKPj4KL0V4dEdTdGF0ZSA8PAovR1NhIDMgMCBSCj4+Ci9QYXR0ZXJuIDw8Cj4+Ci9G b250IDw8Ci9GNiA2IDAgUgovRjEwIDEwIDAgUgovRjkgOSAwIFIKPj4KL1hPYmplY3QgPDwKPj4K Pj4KZW5kb2JqCjIyOCAwIG9iagpbIDIxNSAwIFIgMjE2IDAgUiAyMTcgMCBSIDIxOCAwIFIgMjE5 IDAgUiAyMjAgMCBSIDIyMSAwIFIgMjIyIDAgUiAyMjMgMCBSIDIyNCAwIFIgXQplbmRvYmoKMjI1 IDAgb2JqCjw8Ci9MZW5ndGggMjI2IDAgUgovRmlsdGVyIC9GbGF0ZURlY29kZQo+PgpzdHJlYW0K eJztXUtvHLkRvs+vmHMAy02yn0AQwJbtADkEECwgh0UOgTebYCEtouwhfz/9mEc3v+Z8ZE319Iwk CbuS6GmyWFWsKtarP/75+z+2//p9+/H++3+2P3Y/779vsrusaIavbdZ+fxgP2PrO2az72tbG3ZVV P/rjefOyfdk8bB7a/79sTNk/uPvR/uN+iaz//v3Hb5uPw+KbYeT7/V/b3/63tdu/tP/9uv3p7+3g z7v5ug88b+qmbOHIMuPaP5/GfxqX1eaubH9vxzP/z+7D/9787Q/b3zrA7F3dA28GAMd/fmiypinu bDflOSC/HB9toXCNNUVZB38fT+zcDp5867Km6vbQ/vq8cXnR/54VW2dMdpf34y0OSpN3fxjrj9uq 3Uc/fpznKTB/h55fRjA3bvcV/H0C8xg267plB5hHaxlX3mUzsE3HR3s5zPMUmN+HWQnPAZhDMITo sgSe52n9PB2PwvM8b4R4SQnPRZNl/e/1lJ+LphMi/fgEBm/8APNonqfA/Gr8XDS27PFQT3mjaFzT 8wDANhkf7eUwz1Ng/oXwHIA5BEOILkvgeZ7Wz9PxKDzP80aIl5TwXDXloGPMlJ+rphqWNVMYvPED zKN5ngLzq/Fz1dTDsmbKG92PXpV6sHnjo70c5nkKzL8QngMwh2AI0WUJPM/TesLPkXie540QLynh 2ZidYvP4uR0flIcHgzd+gHk0z1NgfjV+bufM624Bjzfa8fJgAE5hG4+P97Kf5ykw/0J4DsAcgiFE lyXwPE/rZ288Bs/zvBHipSnM+2tHA0Z4ki1f5u1Jd6Vtby9bU2z/+892kYfeVBdcCEz/PYZlGAlc CF5OPPj5cfPxW7k12fbxl+0AwYfhx+MA9IfKVW77+PP2jx1Mf9o+/rrprj+7AdsPVMcB1w/Ux4Hc /8Qwx9fH3faXwXRRmxvEdGsK3Rymq/wWeboqbo+nm7q5PUx30CyEaaF75OXEg/1+TOfAmduQycqW dYw1e2DuPXDNFw9cGIAdmtp/xB/Y4SA/DgyfKI4DX/xJC7qsmcd0Hn7E+ZOaz/4c33wCf/UhBTga b8AaHw4ADFYBfPiPIJIBQf6ksDkNunDAcA7AGGDdn9Rl3hz5gFOTHT9ivI9EoB02A6Ba/xNwnH1+ MMMqzQk6AIYCMuI8BhkmNaNn4GzzM8U5BCaFY7gElnG7wEPwCIcDtg+yjj/SHKX52WLZlfFSBygF 260o61LRjuSngLmvFA6+F0D7Jw0slz2Si73uAyFj/fPhjCJxyz1x3RcqMfwzJaGU4NTxw/6arAMu p/kj/io28+cAFFa+aIdJBQaFBrGvVeZE6E9/FSRDuobh+ECs8+3DydbQuFfCp0seZB0ZXJt4fuD2 BHxCUUs1B20RbQqroMiaA4qMT5p0mYL6gnJVhCSntvBKVorgLCPGYLcAB1w43pTaNqX/yH061oHY 6fozgi1BYALWATA+B0hygBQwRm+oEdu/iHkpoQuXyoBCqvs4GZC1NWWw3Qv/tUwfanJw3R9xQecS VuPQpR+YC1nTNv0RQJBgLxpC+ZO/Cix7w8bDK9IWITG1tIdH4EVH92U6DnfnQ0cI58EYScTNMFcB xJkJIGD6oJzmEpRf2gQ8oyAw1zrtwEO+OYmKTOA3S9efK5HhFdpk1+daQpYC0Ln3BdQDPx6wWz2H hS2CDgsz4GMph0Wl6bB4Z/8LsP8tW1iCiOkNK0cFPbaMp/laCfWqr31WU2zXpSKTIccAli/Dl+lB RiSuwBP97mc+l7d5CtIyRj1Yghp6nnIyDvi3noiY82V47DULVMhh0zHIC9ulvJt8vwrkm6Rn6PFT aUtvFc5BduCg0cUg4plv80ophVElVgwQlx+HWC/RqQRFahgjYbiSukjuEAp20AVcGKZjjCv+iM2l Zwbhbule+AUe93ItPmLudwQEUS6MYBh+jwYPqcD/SSNIOt7d0mYTMT2W/cfqi6FLRPsV/H1SNRDx eV5TkLhov82mK+qY2aXtjH1X7zdpgUB+KMlCdIEHmwLRp5Eu+uYNoE8qZACOPwLiaODQ8jhtQAnA 0Wl87lqnHKS3FPKOcsOWBzQZkyD4uZGn4jLyfXvON1jRytFI+PT1r0aARZLB8q6zEnXWhXJmQRGC 4ZxepxDxCOAj3R8W4RDhtS/U+BQYF3jx5v70K9kLzIEXPLEBe+6dsDYTUa8hUCNKnwKOB40Lbu7C 1KZ3sQiR6xNGRY3xmATPg+Ci7XUnCnCuE9w10rPVEKdc83PAQH+AExqwDgkLGqk0y+QEQv0tLR4E amtENdEEoYUbPGc2JFLOlnVM2IGNCkKXmui4XaA2iBQq6yPSjMUpC6fsOt8RmalkhQ06Jy+CexFY jxra4HpdYiCn08+UIJs3wvBXMH2uxVi2sCycj4BUPvM4uDqbngelWfPprIIru4aJgccOSMNrlgWh LB4uTVfcK7GqxErlaUCAUyBuumt694iKfijPwTq9k0RkJCDnciErcGHdsCGrcTlaxjrmtMPaFRjg +xc07OA4XCYD3hXN5FSp3Mq4kyK9ojDCBcHtZWpz4yNclYHxl+5Ni5AyEcd9kYqPZeKd6eVNIRNS RalURZDLrtbqDLR4OhMfNnMThKjEeMQG47mbycvJZpaxOlXcZekS8jIWgsB0uVpzWMWEEHvk3YlJ 00NYiORryUoCw4W3+eAWRWyrCBVt0IRxytUld/wJkrLWcR6iMNBLnixMvefkz2/L9uH6Mh9O3ThJ xPe45o4qXZ6iDIAIWlGCa5yH57l5LAiV+BKDX0oukwceIWP54aYspIFk88kf4Ncnai1EVGpeVyzp pLOAQ8adZcBCvH4F5WFAhJydweAmkjnCHOACUoDWUBs4Fb3jXPzuAA7edeFm2PsVdKGYN0xeWWZv me0Zlmf2OoGfBZLD0Pjwc30x+XdQtqdyfW0N0wLdIawMqb1+NnDoMJ0SSLH5wqOB+xnuAuGzZAJx 6fIp7k+pnPc81ekcERpokT7eIE9hUh4n4pcHCGBw74tCDrZGTsRMhQAwtz9g/OI0SQyYXw0EceQl boaC9xxEsD94sLgE4XbuIq6klXoyCOI3sbvVMGHLvAnKy/deKpNlVVoJXURcXE3zDO4UWuStB4Ks VEpKB57FJcqRcPu+IwVj2Rq9dtLr5wUBkQu9akTs709JZFwpkh1T8sed9Yrqo8zPoKXAygUmU/Hv 86Ocbhq9FwEuoKSpwRHRokSDUde55KjYwYtclBwIXeBLHg3nYplzHScMvRggYahGUUkXSK9xk+tP Fdlf7a8OMW749LtDREnbzeT18QwL3p9pLcH1mkxS3vEMuFBiYHDFruHzECTP3a4/SyV3ML3TWoSB ISjFXaSHol5cs2zyICkFKSmCZDIBnyrIi+g8+aRb75vPz06/oUcAxvX46w3jVmV8gybHk79pGNdW PgUhistTFyHc6odKLUxK59g5j0fM99mfw4/Q7loDgk48ITh25syKIduqOaTQD+CPr28Q6Rb47YEF 4IjGlgysnois0W43ImwhiGK9rQAL7/PKfXkRHWgpQjD8np6GLzhBEXYib/MLWZSc+7kvj7f5Fbhq riQRTaV/F7dG9TpjaJjrtTmsgs699PuLIM4p8X/djJiWXM7oXZ2XBkvqXNfJElqm8PWNqYuIPDIF j/FKDewlTnd+KY6ATCEdOEK2KTivFno53qAfbBGElGZGqHTmfA90JrJDBIK405nnnQpUjMCrJrDJ QMNC3EKQFsTfgKFQfB1hpFDBzuMnKimzvJsfaBwI/dxuUWu0kXKuCHblVAa/Mffvojef4lDPAul5 gtcirFP3+a5hL6BhI047TyZYwtWIGOOXmGspv+N+otsx8yPMFv7KIM65Cu/60qgxQK7jbWljATtX sPdNxI6SHSHj/pgFvaIqaqvcV0Vj93warkPjkAb01qp9oRIE98L1WHrLgwsp6bcV3lmpfoZaD1xs X0tv7AiW4s5ZMFl58w7BlU1FsHet08ayL6LVI5io1J7QaOQaes9jWl2GwCnMq6MEWZI8FzNwlFU0 Xe2iSXc1pmBEL+SLKNQIGxVv/TzBl3dVSU+Dk4QvkLsXMY41+vRd61V5NSM9z/LU0w1op/tH65Dn ECgk4+KyPPmQO7245OauglXZUEUdNHVwt+/W8qO2taySynCtVd5r4VRQCcqTDgQZ8eLI3Nkv/Sin J/lmQkARcOiFJhpb7iddpMvSLefLXOR91NycUMmEXCIZ6EL9bmgEJELo0IwziY2yTlnKMh0qqaOd 1zBHvEaDs+VFEt8k7coXdN6ryPHcBDk53TRCXucma3rKnqBtmyRJh9NFo/OGhg27Tl6sRvvuCB1F TWfkQlhW4w28S9Rnc1NJkr6+RDRUUgACKUlQ78HlB8+9XSitKWsm0vF2rgGXf73B6yo/rVvS7s8a LT/dsfSJT0SUnw4D4+CKXzuK9PArQ1V69/qTYjEpwJ5R2HEZbhLx+tsb7ExcZ7ndQ8vvzFyq8/xn Xk8msKMhJEuVfJ57c+BLO/IdHx0ru/Cttz7OYFoe2FoIEoyXWn+SmcLmJfazkyWjI+z3tsoBENwx ZJvyae09TKuwHUD9TAWgXx+OL7/zB64XsuthpJj9RXAS7DCeTxRut3VWVOtvUMcgNaaabOiKRYyF lg2ISJS7MALz4pYR2RcSTJLXTgnW1fAOwLJIDWyA6DMOaAScZIYhqQBE2DTiUe/lBI/n+oq5q5yX bOk1qFJRBZWNZ6n0q7zAe6rx6vPoWNO52icvJzgUBKwkvmGaqSVpJBfg/nPjxl3K0JjL1GKttcmC cvldtCWLtvQWoRd63wBtdIURXpWqyPQzZeFGzDuRgreC0gHcxTMWBk+zojFeC5BxHwjiHS5uUPni kxeQOGPe+qBh6jYPqPCuypc5d7EV3GdKzNLmU5GpKIdNESLm1b5TlWfMqtTnCtoE0BgUn3TGcwWX Uyic9qUKPBIRoRc0dIWLm6DDg6AlME/l5Yk0QClu/PHEIp7gxQsotDL+isnhRq6KeBEtbEdDiUSw 5jrJqXiqYmM6KVqG25CCPFJQzBIh4lRclMY2HeO5OVV1DG8Wze4LZvf/LSJWGp6sB7UMFi13uULO eH15G59U0Jh2RJmBQ0qfmCPqQnPb2h/wzR8730VKuk2XdS91zvODJDAezAZFA1jtObCTjxuIuu2i qKMB/xO5Vd2o6fssdxWLmhvFblurb9TaanIrX2ijO2/oiQGw9pU3WuTVxOy9FOsa/4wCibU3aicy U4mgsAufXPZTCue239uXdrem7MHe/fjxLE08eNg+bP4PnbRe4mVuZHN0cmVhbQplbmRvYmoKMjI2 IDAgb2JqCjM5NzAKZW5kb2JqCjIzMCAwIG9iagpbOCAvWFlaIDQ3LjUxOTk5OTkgIAo3MjUuMzU5 OTk5ICAwXQplbmRvYmoKMjMxIDAgb2JqCls4IC9YWVogNDcuNTE5OTk5OSAgCjY5NC42Mzk5OTkg IDBdCmVuZG9iagoyMzIgMCBvYmoKWzggL1hZWiA0Ny41MTk5OTk5ICAKNDU2LjU1OTk5OSAgMF0K ZW5kb2JqCjIzMyAwIG9iagpbOCAvWFlaIDQ3LjUxOTk5OTkgIAo0MjUuODM5OTk5ICAwXQplbmRv YmoKMjM0IDAgb2JqCjw8Ci9UeXBlIC9Bbm5vdAovU3VidHlwZSAvTGluawovUmVjdCBbNDM5LjE5 OTk5OSAgNzkxLjU5OTk5OSAgNDk3Ljc1OTk5OSAgODAyLjE1OTk5OSBdCi9Cb3JkZXIgWzAgMCAw XQovRGVzdCAvZmlsZSMzYSMyZiMyZiMyZnZhciMyZnRtcCMyZkNHSXRlbXA1MDcyOS5kaXIjMmZk cmFmdCMyZGlldGYjMmRvYXV0aCMyZHYyLmh0bWwuaHRtbCMyM1JGQzQ5NDkKPj4KZW5kb2JqCjIz NSAwIG9iago8PAovVHlwZSAvQW5ub3QKL1N1YnR5cGUgL0xpbmsKL1JlY3QgWzUyMi43MjAwMDAg IDY5MC43OTk5OTkgIDU0My44NDAwMDAgIDY5OC40Nzk5OTkgXQovQm9yZGVyIFswIDAgMF0KL0Rl c3QgL2ZpbGUjM2EjMmYjMmYjMmZ2YXIjMmZ0bXAjMmZDR0l0ZW1wNTA3MjkuZGlyIzJmZHJhZnQj MmRpZXRmIzJkb2F1dGgjMmR2Mi5odG1sLmh0bWwjMjN0b2MKPj4KZW5kb2JqCjIzNiAwIG9iago8 PAovVHlwZSAvQW5ub3QKL1N1YnR5cGUgL0xpbmsKL1JlY3QgWzMxNS4zNjAwMDAgIDUxMy4xOTk5 OTkgIDM3Ny43NTk5OTkgIDUyMy43NTk5OTkgXQovQm9yZGVyIFswIDAgMF0KL0Rlc3QgL2ZpbGUj M2EjMmYjMmYjMmZ2YXIjMmZ0bXAjMmZDR0l0ZW1wNTA3MjkuZGlyIzJmZHJhZnQjMmRpZXRmIzJk b2F1dGgjMmR2Mi5odG1sLmh0bWwjMjNjbGllbnQjMmR0eXBlcwo+PgplbmRvYmoKMjM3IDAgb2Jq Cjw8Ci9UeXBlIC9Bbm5vdAovU3VidHlwZSAvTGluawovUmVjdCBbMzY4LjE1OTk5OSAgNTAxLjY3 OTk5OSAgNDQxLjExOTk5OSAgNTEyLjIzOTk5OSBdCi9Cb3JkZXIgWzAgMCAwXQovRGVzdCAvZmls ZSMzYSMyZiMyZiMyZnZhciMyZnRtcCMyZkNHSXRlbXA1MDcyOS5kaXIjMmZkcmFmdCMyZGlldGYj MmRvYXV0aCMyZHYyLmh0bWwuaHRtbCMyM3JlZGlyZWN0IzJkdXJpCj4+CmVuZG9iagoyMzggMCBv YmoKPDwKL1R5cGUgL0Fubm90Ci9TdWJ0eXBlIC9MaW5rCi9SZWN0IFs1MjIuNzIwMDAwICA0MjEu OTk5OTk5ICA1NDMuODQwMDAwICA0MjkuNjc5OTk5IF0KL0JvcmRlciBbMCAwIDBdCi9EZXN0IC9m aWxlIzNhIzJmIzJmIzJmdmFyIzJmdG1wIzJmQ0dJdGVtcDUwNzI5LmRpciMyZmRyYWZ0IzJkaWV0 ZiMyZG9hdXRoIzJkdjIuaHRtbC5odG1sIzIzdG9jCj4+CmVuZG9iagoyMjkgMCBvYmoKPDwKL1R5 cGUgL1BhZ2UKL1BhcmVudCAyIDAgUgovQ29udGVudHMgMjM5IDAgUgovUmVzb3VyY2VzIDI0MSAw IFIKL0Fubm90cyAyNDIgMCBSCi9NZWRpYUJveCBbMCAwIDU5NSA4NDJdCj4+CmVuZG9iagoyNDEg MCBvYmoKPDwKL0NvbG9yU3BhY2UgPDwKL1BDU3AgNCAwIFIKL0NTcCAvRGV2aWNlUkdCCi9DU3Bn IC9EZXZpY2VHcmF5Cj4+Ci9FeHRHU3RhdGUgPDwKL0dTYSAzIDAgUgo+PgovUGF0dGVybiA8PAo+ PgovRm9udCA8PAovRjYgNiAwIFIKL0YxMCAxMCAwIFIKL0Y5IDkgMCBSCj4+Ci9YT2JqZWN0IDw8 Cj4+Cj4+CmVuZG9iagoyNDIgMCBvYmoKWyAyMzQgMCBSIDIzNSAwIFIgMjM2IDAgUiAyMzcgMCBS IDIzOCAwIFIgXQplbmRvYmoKMjM5IDAgb2JqCjw8Ci9MZW5ndGggMjQwIDAgUgovRmlsdGVyIC9G bGF0ZURlY29kZQo+PgpzdHJlYW0KeJztXVlvHDcSfp9f0c8BLDePvoDFArbsLJCHAIYN7EOQh4W8 2cCwgtXmIX9/+5ijmzWcj6wp9jEaCbZG1AxZXSzWXcW3//j8r+w/f2ZvHz//N3va/3z8vMsf8qIZ vrK8/X4zHtD1g9F595XVyjyUVT/69Lx7yV52n3af2v9fdqrsP7j/0f7xsETef//59Mfu7bD4bhj5 /Phz++qvTGc/tf++Zb/82g5+3c/XveF5VzdlC0eeK9P++n38qzJ5rR7K9nU7nru/dm/+fffPH7I/ OsD0Q90DrwYAx7++UbnNq7IdUVeB/HL6aAuFabQqytr7ejyxMXt4bKaqwnTPkOv20Y0t+td50Y6X 5YPtx1sclMp2vyjtjuvqQe/Hj/N898zfoee3EcyN2X95X09gHsNWNd2yA8zjtRrdbRWFbTI+epbj PN8987swC+HZA7MPBt++pMDz+b1+no4H4fk8bfhoSQjPpTbDWs2Unktth7WaKQzO+BHm0TzfPfOL 0XOpi2GvmylttNAM+CSwTcZHz3Kc57tn/kR49sDsg8G3LynwfH6vn6fjQXg+Txs+WprCfBBrDWHy UbKitDarddVJx0wV2f/+3S7yqRcFDIGj+u8xLMOIR+C8XPjg+y+7tz+WmcqzL79lAwRvhh9fBqDf 1Lppf/ma/a2D6e/Zl2+7TrzuB3Q/UJ0GTD9Qnwas+45hjo9f9o+fBtOl3iKmS5sK00xV5eXCB/vn UZ0yde6BVLsBb1r17wjMuxMw/FkL3U1a1PtJddlP2lxAysd+oDgN1O7Ao/uRHx3UK3Ue0/b0jhpt jvrgvqOCkLpwENDVozOpeufOQSYlgFXuKgQfBGNkjgYhCM9BIFXDO5S5gGWyDIEdPn8AqB/g9pfu O/Aq7vYTIqNIxSgjCMLP4g4E7GX8+aBw6GiMBZwxgkL4EboKxLrS8fhgHJhQJF/JUEs15aiSbLoy U0E02ge4/Yytm4vHwJ0hvJ7yWHL6Idlp5cKBuRARMQRDKRgopVTCdCAcFGME62TrsLwUEVzuw+CN sRaqHGQVqKVQIiucAbKsD9IrD7tpzYPxaQ94XEyYmEEQKiNzEJIhOhjeB0JTRF66cASjPYpAGBgj pw4qmCpfEkEiMqeufavQ3WfYCgRjWBlgEJ0LmARJUTjgRgU8HNaW4o8pZXVQGGDLKA0KsXW1DIJm Y/06v3zoAnR0iFRq5b5fK9ue53zMQ+xEEXbh0K7ESYJTCTgCWC72xqRgyhQOsiyxFKCNn1K+6tyr 5WmoPAQo9eS8zCIsKaTYGQP3luID6xtQvcBHXdCA10YdVhmeReUXMEQ2F5r0AbY2thyxI4nIk2GV 5gLaGX4jhtELlQUO5brbQPcliXOOiGRC2xgfREZjlRU+HAUMezgITqmrgSAk3vcUQEIMQBg+cgaz 4/B6ImEFQOd4p6A9xjn9Er5p7L4img8WMSNpcAq0DslZ7Zf39SRAGPB+HD6MXLQXT00Xvz0jnXTZ SieTH6RTTuj1HeSbHopW6jRSuJ/56A54Nrm5sIVk3dpdl3p+jTurC4jCWtJA9eXpIzn8CHncRwcO tWR8uddQjNEHJH1wkYTjNthBhmMOOEwTf6wZXjeyLDGKblrsByhKEk+L4zpkKxn2PgEdkiXdbKzR MoJlUD5jzTpgG1Ls3E370xnaCAGdY6xiIRsf9pVxSxa1mgiHEAUea8W1CGi92LJVONlhjurSMmUH 8JDRk4tZCmHT84icOxO+M+E7Ew5HMsNEhulsxA0ZEExkpFrMJS6KYsKUqaMSa6REEcbHgcxBDBQG hjw8R0RqldqLIPj4FIXzhNLjT/JMiVY4l5fgNB4f2BtMT3K8iUv5FjbYMKsjcGCXmstiaDo0jqYx WC72ATC8wzDfK43USqI8QN2awjHgYxRwIsaEHdYdec6Mh5avZH62rifcbyZVEFJEGgKI95Kdsa7k YpDmWHtEaj1uSvFfaLeJUkZ2Oz5KI5H/i7FuPkIhTBDE8O+SbcAojF82gLfftNDB5TNEWyJyinwE n/1bck8IBHWDH1+Cr9u88B6xu1tgsmwS36z50dWeOCn3+OmIwu1aNdTMwXspUNdBeE6AIXT3ga2S 2AOCfzetw2EvAJZ88WXCvvNybT1iXk2lgwchIjJI+4+UQJ4h3SnBMNQl/ZuR6ICdLZj8CeiExeL8 X7IKPpcSmQ8CWddpVDJC/URVhtvASFFZKJtkIaMvQFlYRqlnZNcExCHii9wYPgCTI6wTFZXSmJwX yZriCnJIYtALSH6ala+te3DfO8sERDcWsmAZARHCHpS7CrSDtFs1LSEsDZkUZ3JTwwgWVNwVX4Rl CdcTluvkwOBwMWf7GcoSo98B1nwktAWPW/XqvK9iwuwD0vKJWUMqrgSlUBG+l9iTwtlcBm+LTzmg ASIYl+VU6WB5QaK/C2EdFphwotCzZDowCObuWJtD9C2TXMawLmTiyWyRcy3bLosJ306pG4tImPIo +qAVw8hyY9BQwOlfVONI7RUScDZQPoU9S7gDHSFcQT2nOTQJSBNlWksu9jx0OY89ftMVVAHd9SBn o5BK+N6I38wtYzyTCOfmQZG0NzowituHFGoqWqipdJ7Vhaqy58PL+kHltigzpZrhVdONNu3v9fDi qT335UPdFNbkhz+V00+Ww5z9O7uXxfD2bPrB4jBn0b9zvFz7pwGa4ycPcD7tft+9/yFZd2PTVRgV +lCCPE9G9Dyq9IYdgAzbi8EsAjQnLCpwjcVqesR2Z3VM7ON+QlexE6OP7MSYc+zE2P3Rb1847KT/ Uzn9ZDnMeWAnJj/HTtr/9nPmLjvp/jRAk0/YST/nDOzElF5Kh5EfKsHim5FhCqOHFJ+ntRbs3Xag h9MI5s4bo09uYZrJyRVsNnY9f7Undc2eVdfsQV2zRF2zB3XNTtU1e1LX7Fl1zR7UNUvUNXtQ1+xU XbMzqWuFCqaOJD28ObSAVb5ZcpcCMCbi6ZvFfbreRJO78zz97i/kPF9PSsyeG5alD+04STsgOj1L sa6MENe5nSBEpBNfQKYNLGKh/AD6xrEfMwCwedS8FG2cAx4OOvLosYM3AIVcT+HSEF2GkeCTgvsH JLQQesB7iVUd3KBfoIdCQFoVjrdUgmy4Vl6U4egazSNyD6YvJ+4WW0KWRXhLSE2MzO00jczdjxCS 1WRSTwuXBZs3lvWxon7A2qUgB0cjZYg1ibu9sOMFV7PiK+e266QnCOJ0XIlv2suptkhSMowNRyyh CT4InQrcmRLwtFgx2vDdTzhShomOce0nu/TukmUxZw84iRySsqkkKejunLjMYahzgjwLUY+g++KW +FiIq5LRkkPg7uEkIf/XdTmYhF05jyYwq9p3dWjMThj5dq5Pw0a0EZF0ZWe0VrrwImhrp/Baj0je I8QeJdssLb8YKQzYY86phk/i7lqN3FpJkfn2D9lrFXXbERcpY39kX66V0lUx4bkrLnHZi4ei8AEi UlUdcslWfK+9NN4nXDwwi4diLVZsGrcHZjuMCnnsn5IgKYnIHi5WlXATbi1v/Vqua/MJK9uwsCO2 kcx1s3tmX/lpiKFBbEdtX4hvr6R76YaCBBLpiPNUwG65x51I3tvgbqmPPJccfrIPjA52H+SYX50f d3cljhBG3vSGeO7dVYLk591VEklTd1eJs/ubdpXUU648j7Ykc4PTXqKowgcI7VnH0DixhiWgt8wU EmX0DMD6JJZb8TcUrbeshOE5IUoqtGpE0oZdxxFO8wvgyrCZGOcKzfiiTU4/cKznYZ9X/GVkwaR9 tc/bTJghrvfAnM3nv5Th28aP1a3V6sQUCHI83vFFNQHpprjxMuEg8S5w2hZxnrTX7ZKUz/coUX59 HXvcsBk8p+tRhpEbL2RrC17WVvTao+36PLHyHNCxbzPV82v2ivbp1nV1aNlH7tlceyROtjhFohaW 6oYuCiUUTo7Chbsg3nTlzb3vweWNkkjKMPGNiNLU5eHUjxQmzLL6lYgoqOu7ihIokeMtBU7QbaH6 fAnzA3qZ8fWPAT35GYkOuAtAfEfYgK1ksIuFWuZuOKSE69DYOu7VJTFKnsOuSwGREEFNbrybO085 ZEAbZtKzgHZpJI2Y9SOZhiyt8UqUfhm5DAoG/BjBh4CYB87RlpDmHLFKTB0cjIq3SV+ZOS3nomjM sbkLaQ6yEoyFnDpcu8+4kuy2CiEEQpwBNqbEPXe4cy3mGIxwPhaK+HALaKKca+0C7DCBxMWAMBD2 v8YH59PUn0jQNrlJgOw2VpKWqpUo83rC/lcc5BkElS29hJrkSoN4t0QaH5RAiiUj5RRzVJraBtlj yizEVyu2FlLKUjDlAFshCae/pYxsGY+KthOWO4/DIGWmjogIKr3CcjVKWxp/Oz5CCat+oqy6W04p Wy/Vca6IJxHNJGUf9+B0er4tJHNKh8eS80DQjnNGCEIIyjwahoi8qNZ281SAIxlmqQZQP9Ye4281 macQYNbioyjPCgNBix6gS4Ct5DRQ2xJeR0NXSdGAf6GOK7hFP9WEsO4Y2rbk6t4fU5YrWCMqIgsa dcU+SLgnUigcN32/8YLh6tXcxT2Pg3+1ds1MUTRsG8KyFs55X8vBE4tmN608OkyKk5EYadskMSPF fdSrydTEN/YwEt0J0WGCWah4QCDGjhVbarQw3HMSMhZaZAGFxtDXJtG5YKmAR7zREnCycbqIS8ly PbKb3FbejYov791cwatE6WGTl8frlnD+1GvE8qVniZfArzKYtzjvo6wOS60k7beSNPMVOJUz+dlx UMVCOr2h3jCCPZyavPLejLRUe9/NOErmqTqnT0vdMa7RZ/dp/6erJIk3hkIS3ytK4qJ3hneGyi3s jJFoL4UtFEbao0B7EAbzl9hskg3AuJOYI5QTVnfLsNRGBxOIYNe3a2Ev1AT2e+u4raoHKSsWF5e5 W64kFXCqByjt2F2VwrnPaZaTUOEUYeQqr7z0QA4ubngq4BcIqF4PZcrXYqhRkRi6Jc0/wOHNyEnC KJRQJxdqgLsdb8M8mcQMghFIQUrTQoNBhQx24TkNMqxea+9uJ3GDwKIZRn+UYO36at5fTFF2V9HB 03pUdIlgljKV7/FXa9PfW9M6k6aM1KkiPFJ3J6FbI6GrzI0NFUQtZAfE+2apIowTtOJTCzdsWwUE suNT3n203nPYI399KJr9F+G07t8+P/68y7O/Mp391P77lv3yazv4dcysL0zWs+3yUtq0OjahtgMG yxPkJNNWefj6+C218xbtJvnqd+6AS6j7oJIrlNjPabqrglVRiz7o3uC79KDwHcIPaqquqLjQh0R4 ev2adh/ro0vPjYObPT2PCPy9O4e747lbq0g5UemezUIUEdZ2/dULU64NEeQdHkRceIcaWVbtd/bS IkyV/ZPvfzw9X1Dk8ktM5VP2afd/FRcv+WVuZHN0cmVhbQplbmRvYmoKMjQwIDAgb2JqCjQwNTEK ZW5kb2JqCjI0NSAwIG9iagpbOSAvWFlaIDQ3LjUxOTk5OTkgIAo2MTIuMDc5OTk5ICAwXQplbmRv YmoKMjQ2IDAgb2JqCls5IC9YWVogNDcuNTE5OTk5OSAgCjI3NC4xNTk5OTkgIDBdCmVuZG9iagoy NDcgMCBvYmoKWzkgL1hZWiA0Ny41MTk5OTk5ICAKNjQxLjgzOTk5OSAgMF0KZW5kb2JqCjI0OCAw IG9iagpbOSAvWFlaIDQ3LjUxOTk5OTkgIAo0ODUuMzU5OTk5ICAwXQplbmRvYmoKMjQ5IDAgb2Jq Cls5IC9YWVogNDcuNTE5OTk5OSAgCjQ1NS41OTk5OTkgIDBdCmVuZG9iagoyNTAgMCBvYmoKWzkg L1hZWiA0Ny41MTk5OTk5ICAKMjQ0LjM5OTk5OSAgMF0KZW5kb2JqCjI1MSAwIG9iago8PAovVHlw ZSAvQW5ub3QKL1N1YnR5cGUgL0xpbmsKL1JlY3QgWzUyMi43MjAwMDAgIDYwOC4yNDAwMDAgIDU0 My44NDAwMDAgIDYxNS45MTk5OTkgXQovQm9yZGVyIFswIDAgMF0KL0Rlc3QgL2ZpbGUjM2EjMmYj MmYjMmZ2YXIjMmZ0bXAjMmZDR0l0ZW1wNTA3MjkuZGlyIzJmZHJhZnQjMmRpZXRmIzJkb2F1dGgj MmR2Mi5odG1sLmh0bWwjMjN0b2MKPj4KZW5kb2JqCjI1MiAwIG9iago8PAovVHlwZSAvQW5ub3QK L1N1YnR5cGUgL0xpbmsKL1JlY3QgWzUyMi43MjAwMDAgIDQ1MS43NTk5OTkgIDU0My44NDAwMDAg IDQ1OS40Mzk5OTkgXQovQm9yZGVyIFswIDAgMF0KL0Rlc3QgL2ZpbGUjM2EjMmYjMmYjMmZ2YXIj MmZ0bXAjMmZDR0l0ZW1wNTA3MjkuZGlyIzJmZHJhZnQjMmRpZXRmIzJkb2F1dGgjMmR2Mi5odG1s Lmh0bWwjMjN0b2MKPj4KZW5kb2JqCjI1MyAwIG9iago8PAovVHlwZSAvQW5ub3QKL1N1YnR5cGUg L0xpbmsKL1JlY3QgWzUyMi43MjAwMDAgIDI0MC41NTk5OTkgIDU0My44NDAwMDAgIDI0OC4yMzk5 OTkgXQovQm9yZGVyIFswIDAgMF0KL0Rlc3QgL2ZpbGUjM2EjMmYjMmYjMmZ2YXIjMmZ0bXAjMmZD R0l0ZW1wNTA3MjkuZGlyIzJmZHJhZnQjMmRpZXRmIzJkb2F1dGgjMmR2Mi5odG1sLmh0bWwjMjN0 b2MKPj4KZW5kb2JqCjI1NCAwIG9iago8PAovVHlwZSAvQW5ub3QKL1N1YnR5cGUgL0xpbmsKL1Jl Y3QgWzExOC41NjAwMDAgIDE5Ni4zOTk5OTkgIDE3Ny4xMjAwMDAgIDIwNi45NTk5OTkgXQovQm9y ZGVyIFswIDAgMF0KL0Rlc3QgL2ZpbGUjM2EjMmYjMmYjMmZ2YXIjMmZ0bXAjMmZDR0l0ZW1wNTA3 MjkuZGlyIzJmZHJhZnQjMmRpZXRmIzJkb2F1dGgjMmR2Mi5odG1sLmh0bWwjMjNSRkMyNjE3Cj4+ CmVuZG9iagoyNTUgMCBvYmoKPDwKL1R5cGUgL0Fubm90Ci9TdWJ0eXBlIC9MaW5rCi9SZWN0IFsx MjIuMzk5OTk5ICAxNzIuMzk5OTk5ICAyOTEuMzU5OTk5ICAxODIuOTU5OTk5IF0KL0JvcmRlciBb MCAwIDBdCi9EZXN0IC9maWxlIzNhIzJmIzJmIzJmdmFyIzJmdG1wIzJmQ0dJdGVtcDUwNzI5LmRp ciMyZmRyYWZ0IzJkaWV0ZiMyZG9hdXRoIzJkdjIuaHRtbC5odG1sIzIzVzNDLlJFQyMyZGh0bWw0 MDEjMmQxOTk5MTIyNAo+PgplbmRvYmoKMjQzIDAgb2JqCjw8Ci9UeXBlIC9QYWdlCi9QYXJlbnQg MiAwIFIKL0NvbnRlbnRzIDI1NiAwIFIKL1Jlc291cmNlcyAyNTggMCBSCi9Bbm5vdHMgMjU5IDAg UgovTWVkaWFCb3ggWzAgMCA1OTUgODQyXQo+PgplbmRvYmoKMjU4IDAgb2JqCjw8Ci9Db2xvclNw YWNlIDw8Ci9QQ1NwIDQgMCBSCi9DU3AgL0RldmljZVJHQgovQ1NwZyAvRGV2aWNlR3JheQo+Pgov RXh0R1N0YXRlIDw8Ci9HU2EgMyAwIFIKPj4KL1BhdHRlcm4gPDwKPj4KL0ZvbnQgPDwKL0Y2IDYg MCBSCi9GMTAgMTAgMCBSCi9GOSA5IDAgUgovRjE1MCAxNTAgMCBSCi9GMjQ0IDI0NCAwIFIKPj4K L1hPYmplY3QgPDwKPj4KPj4KZW5kb2JqCjI1OSAwIG9iagpbIDI1MSAwIFIgMjUyIDAgUiAyNTMg MCBSIDI1NCAwIFIgMjU1IDAgUiBdCmVuZG9iagoyNTYgMCBvYmoKPDwKL0xlbmd0aCAyNTcgMCBS Ci9GaWx0ZXIgL0ZsYXRlRGVjb2RlCj4+CnN0cmVhbQp4nO1dS4/cuBG+96/QOYDHIvUGggD22A6Q QwDDA+SwyCHwZhMsxotM9pC/H7Wk6Zb4NfWRVOnVo2nsTg8tkcVisd4svv/zt39E//o9ev/47T/R 9+7347dT/BBnVfsTxfXnXb9Blw+Jjs8/UamSh7xoWr//OL1EL6evp6/1/19OKm9e7H7V//g6RNx8 fv/+2+l9O/ipbfn2+Nf62/8iHf2l/u/X6Ke/140/d/2dH/hxKqu8hiOOVVL/+dz/UyVxqR7y+nvd Hpt/nh/+9+lvf4h+OwOmH8oGeNUC2P/znVJF/XnQ9V9TQH65vlpDkVRaZXlp/d7vOEk6eNIoUUn+ 0H79cUrS7DyfOM7q9rRsnknPOMhV+pDW0GuzXRf1NNr2Sz/Plv7P6PmlB3OVdD/W7wOY+7DlDd5b mPtjFQ2YCNugvTeXSz/Plv5NmIXwbIHZBoNtXebA8+21/jFsd8Lzbdqw0ZIQnrMibYaNyyE9Z0W7 jev2AQxG+wXmXj/Plv7F6Dkrirb/ckgbWVG2zwBsg/beXC79PFv6nwnPFphtMNjWZQ48317rH8N2 Jzzfpg0bLQnhudJ5O2wypOdKl69iaQCD0X6BudfPs6V/MXqudNX038LcGyuJm2cAtmF7by6Xfp4t /c+EZwvMNhhs6zIHnm+v9YCeHfF8mzZstDSEudVm6h/r9z7MXvpQnkUqjqs4ytI00kn033/WI3/t jf2qIlagMPmNU3dfpSquNc1IZa/DfA1T3lTz6cPStliUt5eRFz8+nd5/yWscRE+/RC0E79pfTy3Q 76pUq+jp5+iPZ5j+FD39ejqrql2DbhqKa0PSNJTXhtR8ou3j81M3/XkwXZPVDjGd62x3mC7LaoeY ruJ4JkwHGlgvIy8281FnE/DWhFSc1xNSedEBoyoT3E9Gg2rhr64NynyiMJFi9hE/mq/AsCba8IkW jvT6hDYa4s9NQzYyl3YUldh7BVBxXBMhCHtO+ygp2ZiT0bH3K3xyuJYU7TBskjHA1CfzicIcpTRB hz4AY3xdvph0CaNoEw7zFUBQAMHAbANWX30wQTeH1TAXQCHMBfBhgp7EbF3iD8YrCIf5RPiOanjm ZOZXaus+5RwEuKH/WiaK7lMY1kKGUxFSZgOEOGwQi3jrLSZl7cjJYNcBw6DDBmwyBxFjEoh6ZFxI AoVIhpwbgsgFFgssJQDJ/sqBg5Ti/OGL9z7FZQDQYfrwBOg1nNZBGAAcXFwICGmcHCcprpJx+QES F+Zi4rSjZBnOXhVWLNP5c0UHJwO7EBgZTNfCQKbOv1Dj8weC4LsfZucwXeCXsIUo2lHlkFBaYW+D 8cA1UKoKOgi2OVDooE9QbnjIsQXkWPLJGIWbGwGTQ5yCagSdajkmrNVFm4SN+5E2ALFz1ZCLXJBK VL3m1mYIbcNcqMiVkQ5aV4OFWctSlmApu7GltWLsIAAf3P7g+4Mv1A03GXRCnT4hPi8YBQDh0tBB bZEgqgANI3j9ZfiyLiZMdyP+KAfqNkUKPgFeH6q1O/BHeELCgRmAQhmBUekhxVBhl3w2AQG9jSOE IhWmi0TG3bPc9wydglIK+ABIwRSYQ03pVM6Jq5037CHV1lH8QXcIVnC3x8a1RRmunF32WG7ufuAP x8L47g+YCzfIAwKCIHJAwHKjniOIykIHsSUggh1sVs7YuVuQ63nc6bPjaGeAR2sR++stRHdkGHsh GVQ7PGnG0h0RIV9i31tEyEskB0R39hsheZPefBmmXBY2yJbhW/qjudoB+pb//nAgVBCw6AMMUFI4 2XH2GMAN/b2kC+nOEs4IASa8kvV1VzLIP3SHNAabTiAtds7AjAgTTuI7CBDOE3cBz7R/kgrapzBb 2HRUFQoxWKksjFtIVTwHpfqYLCGd8lRrKum4Es9DiPAKiD7uNLwh6f33FHfgOKROUk2Hqy0hboC9 SSUZLqwKZ6Ta8kUAqVMhS+MBZA4JdyuZdf4mGQ+YhySh8MBUgBXHz9Vww4/H5dbBmISYdsAHd6TN EpjxP6wSsj0g3MHd+wJeD/4KRyH339nSOGR4bqKtOAzwX3Kqkwsxj+lxELgMsINl0hbiaohlB80G 5gtPYCfcVzJP8pd/VtLudJuZvb5r7bvNnG6lqS0hWTkBzHyR86+i+nJ60ZclsmcDcr+4URagdLma z1NxWFUDHN6V58chWzbA9uVMljslAhw7s5yqnsUXxKNNDjEMLiGQ7ihVIe+mdtqNTOcAo/NQIcTY fe6hRGIWKjTwfebv+926MjNVm0+S4ULMoxEt4w3er7xb6yiURO73SjlyMFsHl/tWMu96GeXXElBt sdu4KaN2+/ugdJHD87ywkeegDS+pzpWlbrGSM0tPL36BmAerAsJZltPASl1bsts7ZySc11Gsj3NF F7dFy1h5FT6KCWnHnkaeQNr6dIO2QCjMVPgqO59oSfPkFRZl7oSAQOJdHy1Zx2RfKCg4h24dIBdR hPFkrwAzUCAmulZ+1FYA8z+6HZKWBRounQvfQHhS0x/r6PGmbvOAA4EyZkOWpwNO77CDOMu16J5T QW1kUlG6b1xu8flb/CGEGqCL74ehUjfaQkfTwBKTcCstpCz4uyYcrBeJoqHrVHRbSGxxI0VA7V1U BE/msPmQxe5XjgecA0DQubPLohyISLrKLpO5G5IHe825pDndDjyWIXEcg+boIrvkYVmJ0xhv4NyQ l3tQ4AyQQ+aHwGm+tF2Gnm8p7bxN1wgaVhsD5m92m2izEwzM8V5C0tjlzvdO5FRpWQxYFQ87OahH XKb6q3aLymUJ9p/FpQ2n930M6v60srtwjIRI8iX9IOsL7jfg354qLfJiwNkWcpKLlH1qmXKSH0xo RSY0p3dybKF4QD7gPEKAhcrL/PBCzf5c2oE+6GJzLW8tb1TAMkBMDQxSbqD775dD/wpkfVM5f1oO WL/D8S1qkGM2nn99LhSFMKyF04uIwuz15rqg+rdz1KoUqdvhcF5rlqwwXneVe3k4r5fQc+9JfQiQ 4xb+OHFPnZP9+5vqyLhhJLRqxs1UDtpkTV9XG5yPqh131LV4w4dp6kP6EbrhiZK80FtI9aM5XWV5 biUsiXxUCWU/oN65QOGmHfPqWYJNIslv95vzm1/dGzSjV39wFIwbzPntzmD3xu3oYKwTbT4hkRYM bCGmuw8Q8mjKjjVvzG0Ycn65MBcq+Ane87AV83IEdKwvRD0FIn4iXpqVZ0stIjp4vHCW2gCbIRiJ mtuHlj8OukhePVcLYLYBZV34Vg+4wWNvke+8tFY8vO/It8NReZrF5VCygvvZuZbMlfNZihoJ5H3M YyJyfz9NyeI4dbD3JG4eAjh4Rlq4/Z+NIFXCiD4C+9sUsPN4UXOdDAWIqxdVRG6N3Kd8UMxkiuFJ nVBaLU0oS1mmwt8cvj2Z8y0CPHYrttOhHFLRNstRNa63WCT75Lh8NeC662plEhKkuF4GfVeKnFwC XpFeCBPKNOzXx7USS13o6qAAp+ibqqiexCZOA6zarfqnEuUvxwMUTK4t7Eav2V0FOa8TAAIH85wV XxGBk2VWOt2vvhmSA22e9pOo43q4Zxg5bMTYRhlF8+KQpPg9lfw2eiqRkU65WRxwk8wilxgnAYUi +E0JnE65A5xfNsH9F3SxuQGD2oWgqVEe1c92xqVkXIJbVaU3Fuo9XHNWrK8Vt51DRVtG0m3GAyIo P6rLMVdM5qa1NLBWlz9/XCZ16pBsq0i2DVUwcXBQBDjjJMqo3RGrOoSsgfUlc4Ek5EGpLvW8KJ2i iSpQ8kokn2adAyXILjZSY3PRSoUiVJhKnjBcifVtWxr6+7xdLAjO3QIK4/jfuhwip5dRIXcsylay Fx2KdFDniMOlWZwRSyQ7BHht7vcgX6UuXF7gIJ+GUgT7OeqnK5ODwxE7Zbl/DqxzpU2yhyhDfn0n v0FdILHnPIVXpXq4gL0jgiulk/gznADF1yHGzF+RKFEucOZ7KxrXViJzM7n8BVQ2EWsCHYWgbpoN 6gvrVYMmTNcuwAvy1nU4oHauBwVkX0odkygG8sFGEBIGZ5Vd8nM3UkbOWQpNvsU3G8zfgWXwQqU7 3mWc/R0pRk9vJ8QxzwmwtFLDTbdfL9c9Fe+RFCiFdp6+QyEMgVtyHNTHVd3Vpg06cDGkl++GXWp5 ysVWdRigXejMKjuLdLjUpparTYMEGqC2Dq49+DVAl6bF0WIY1nQvaKjbCX1Y7FOfBswXgCeoCafB y2ZxQ3L3H+h0IwjCZYC1hbCt2ale09uSJuWQWGUkWboEt5ulDivU8BFQhjj7czjduhUTxFbJWkQ+ liN5R6Y2hO4TqCFpc6n2pgeqHGzgeezYJE0HE56nvpKEAbERTYUng6NqG3ABh2vFsqnkrob0Pstp Iwdn2ZppJercWfj80eMK3A3mz71UDlfJ7Sf3Yjeu8JAbejbCl+a0oKbKmDwxdpkE6cL0AnbZnhUx EcH8Ntm9uqh3W2FEi9wYcvhgCegbTjN3uIcD3Cg07o+z4R7VI0Y7fQ8dMVo3uSxRym7A7hcse1CP m1ivdN0x0YTUPdhKKR7/5F0HW4YeOwtJM16njM6RO2WQlEVPk2EP+WuCqYZSAALVi+DKdwf7CFUI /wLDvMwFQgbrD9PlhMlPoQVckg1hFb6V6b1ty5QME7nfm4c6YJNxCrKkCnuVuVjksFdINWUwwemp Tai/kXhZutbwb16dmYyKL7WXgPyhAagdQpUWfthr4BVJLHQIVDY2bEAIGTqFpYK5mK90EmSMqACF MIqFpfTYI02uR8Bg+jAsRXICep052wQK01k0nZF1gVFQnTT7wDQF8wnAqQYU0rVNzNkiBUGJI1h9 WEo+W4twHJltQrcpUpAJKTwBSnxislgADDvtXZo0VTlS11sc+cELnibpH6LhhhB3FnHmf5SXIH3s 2e8XcIpiM14+qjw7GIIA+iyZMzuOgt5TldKFDgRklSkeFo0cqes1qSsduOUmKg0uOxSO2Xg2ro+Z y6taO1SSknCCcsuIej2CTrlzZchc3L4Fej1gnVXdD+wc898cTmvbO2u2YW7LaVbl4GhC2q5D78gw xNoUFLlP4RFzvTUQQGY+UZqyXd/kMsETbW7hueZlwUTTbhagO4xNtNNIshF0dWsPvfhOTKep9UxX Pkw5u202hGJOx2qYwfnBnFBl0sxnQKWplncK4rWTBC67zYTRpHM1K5pyYxWAws1wKm+APmBj4U4z EdvfR/Uneqknq/IG6u7X9x+h6elfo6+n/wPbcacrZW5kc3RyZWFtCmVuZG9iagoyNTcgMCBvYmoK MzkzMQplbmRvYmoKMjYxIDAgb2JqClsxMCAvWFlaIDQ3LjUxOTk5OTkgIAo0NTguNDc5OTk5ICAw XQplbmRvYmoKMjYyIDAgb2JqClsxMCAvWFlaIDQ3LjUxOTk5OTkgIAozNDYuMTU5OTk5ICAwXQpl bmRvYmoKMjYzIDAgb2JqClsxMCAvWFlaIDQ3LjUxOTk5OTkgIAoyNDUuMzU5OTk5ICAwXQplbmRv YmoKMjY0IDAgb2JqClsxMCAvWFlaIDQ3LjUxOTk5OTkgIAo0MjguNzE5OTk5ICAwXQplbmRvYmoK MjY1IDAgb2JqClsxMCAvWFlaIDQ3LjUxOTk5OTkgIAozMTYuMzk5OTk5ICAwXQplbmRvYmoKMjY2 IDAgb2JqClsxMCAvWFlaIDQ3LjUxOTk5OTkgIAoyMTUuNTk5OTk5ICAwXQplbmRvYmoKMjY3IDAg b2JqCjw8Ci9UeXBlIC9Bbm5vdAovU3VidHlwZSAvTGluawovUmVjdCBbMTc0LjI0MDAwMCAgNzc2 LjIzOTk5OSAgMjM2LjY0MDAwMCAgNzg2Ljc5OTk5OSBdCi9Cb3JkZXIgWzAgMCAwXQovRGVzdCAv ZmlsZSMzYSMyZiMyZiMyZnZhciMyZnRtcCMyZkNHSXRlbXA1MDcyOS5kaXIjMmZkcmFmdCMyZGll dGYjMmRvYXV0aCMyZHYyLmh0bWwuaHRtbCMyM2NsaWVudCMyZGlkZW50aWZpZXIKPj4KZW5kb2Jq CjI2OCAwIG9iago8PAovVHlwZSAvQW5ub3QKL1N1YnR5cGUgL0xpbmsKL1JlY3QgWzMyNy44Mzk5 OTkgIDY1Mi4zOTk5OTkgIDM3OS42Nzk5OTkgIDY2Mi45NTk5OTkgXQovQm9yZGVyIFswIDAgMF0K L0Rlc3QgL2ZpbGUjM2EjMmYjMmYjMmZ2YXIjMmZ0bXAjMmZDR0l0ZW1wNTA3MjkuZGlyIzJmZHJh ZnQjMmRpZXRmIzJkb2F1dGgjMmR2Mi5odG1sLmh0bWwjMjN0b2tlbiMyZHJlZnJlc2gKPj4KZW5k b2JqCjI2OSAwIG9iago8PAovVHlwZSAvQW5ub3QKL1N1YnR5cGUgL0xpbmsKL1JlY3QgWzQwOC40 Nzk5OTkgIDUxNC4xNTk5OTkgIDQ3MC44Nzk5OTkgIDUyNC43MTk5OTkgXQovQm9yZGVyIFswIDAg MF0KL0Rlc3QgL2ZpbGUjM2EjMmYjMmYjMmZ2YXIjMmZ0bXAjMmZDR0l0ZW1wNTA3MjkuZGlyIzJm ZHJhZnQjMmRpZXRmIzJkb2F1dGgjMmR2Mi5odG1sLmh0bWwjMjN0bHMKPj4KZW5kb2JqCjI3MCAw IG9iago8PAovVHlwZSAvQW5ub3QKL1N1YnR5cGUgL0xpbmsKL1JlY3QgWzUyMi43MjAwMDAgIDQy NC44Nzk5OTkgIDU0My44NDAwMDAgIDQzMi41NTk5OTkgXQovQm9yZGVyIFswIDAgMF0KL0Rlc3Qg L2ZpbGUjM2EjMmYjMmYjMmZ2YXIjMmZ0bXAjMmZDR0l0ZW1wNTA3MjkuZGlyIzJmZHJhZnQjMmRp ZXRmIzJkb2F1dGgjMmR2Mi5odG1sLmh0bWwjMjN0b2MKPj4KZW5kb2JqCjI3MSAwIG9iago8PAov VHlwZSAvQW5ub3QKL1N1YnR5cGUgL0xpbmsKL1JlY3QgWzUyMi43MjAwMDAgIDMxMi41NTk5OTkg IDU0My44NDAwMDAgIDMyMC4yMzk5OTkgXQovQm9yZGVyIFswIDAgMF0KL0Rlc3QgL2ZpbGUjM2Ej MmYjMmYjMmZ2YXIjMmZ0bXAjMmZDR0l0ZW1wNTA3MjkuZGlyIzJmZHJhZnQjMmRpZXRmIzJkb2F1 dGgjMmR2Mi5odG1sLmh0bWwjMjN0b2MKPj4KZW5kb2JqCjI3MiAwIG9iago8PAovVHlwZSAvQW5u b3QKL1N1YnR5cGUgL0xpbmsKL1JlY3QgWzUyMi43MjAwMDAgIDIxMS43NTk5OTkgIDU0My44NDAw MDAgIDIxOS40Mzk5OTkgXQovQm9yZGVyIFswIDAgMF0KL0Rlc3QgL2ZpbGUjM2EjMmYjMmYjMmZ2 YXIjMmZ0bXAjMmZDR0l0ZW1wNTA3MjkuZGlyIzJmZHJhZnQjMmRpZXRmIzJkb2F1dGgjMmR2Mi5o dG1sLmh0bWwjMjN0b2MKPj4KZW5kb2JqCjI2MCAwIG9iago8PAovVHlwZSAvUGFnZQovUGFyZW50 IDIgMCBSCi9Db250ZW50cyAyNzMgMCBSCi9SZXNvdXJjZXMgMjc1IDAgUgovQW5ub3RzIDI3NiAw IFIKL01lZGlhQm94IFswIDAgNTk1IDg0Ml0KPj4KZW5kb2JqCjI3NSAwIG9iago8PAovQ29sb3JT cGFjZSA8PAovUENTcCA0IDAgUgovQ1NwIC9EZXZpY2VSR0IKL0NTcGcgL0RldmljZUdyYXkKPj4K L0V4dEdTdGF0ZSA8PAovR1NhIDMgMCBSCj4+Ci9QYXR0ZXJuIDw8Cj4+Ci9Gb250IDw8Ci9GNiA2 IDAgUgovRjEwIDEwIDAgUgovRjE1MCAxNTAgMCBSCi9GOSA5IDAgUgo+PgovWE9iamVjdCA8PAo+ Pgo+PgplbmRvYmoKMjc2IDAgb2JqClsgMjY3IDAgUiAyNjggMCBSIDI2OSAwIFIgMjcwIDAgUiAy NzEgMCBSIDI3MiAwIFIgXQplbmRvYmoKMjczIDAgb2JqCjw8Ci9MZW5ndGggMjc0IDAgUgovRmls dGVyIC9GbGF0ZURlY29kZQo+PgpzdHJlYW0KeJztXU1v5LgRvfev0HmB8YjUJ4EgwNjjCZBDAGMM 5LDIIfBmsljYizh7yN+PpFarpXqiHkVR3Wp3z2B32nSLLBbr47GqSH3+y/d/Rv/+I/r88P0/0Uv7 78P3XXwXZ2b/J4qrv5/6Dbq8S3Rc/4lKldzlRdP68rZ7j953T7un6v/vO5U3D7b/VL88DBE3f/94 +X33eT/4bt/y/eFv1af/RTr6a/Xfb9HP/6gaf2n7q7/wtitNXtERxyqpfnzt/6iSuFR3efW5ao/l j/WXf939/afo95owfVc2xKs9gf0fP1UP6qxuUYtIfj8+2vZeM8v2ud/xLPryLFJxqk2UKR2ZMvrv v3Y/qtGPY+dxYrTK8tL6uT92krRjpVGuTHZXr7Gp2J6kWc3LOM6iXMdlzfKqveJ/rtK7tKJMy3Zd 1A/X7cd+Xi3910vzo0ezSdo/1s8Dmvu06T1XG5p7Y+kkab4jaRu29+bS9fNq6V/SHIjPFpptNNjW ZQ0+j6/127Ddic/jsmGTpUB8LuM8bUyFHspzGRd5/Z2qfUCDaO9o7vXzauk/mDyXcWkaG6aHslGq WLdkDmkbtvfm0vXzaul/JT5baLbRYFuXNfg8vtYDeXbk87hs2GQpEJ9NkTZ2QKVDeTZF1uha1T6g QbR3NPf6ebX0H0yeTZHnDTnpUDZMUZiGHKBt0N6bS9fPq6X/lfhsodlGg21d1uDz+Fq/Ddud+Dwu GzZZGtJ8gIgGANM8XJOmFbDJC1VBzUhlB1zz5IfeVPO3T8y+xYLe3icevH/eff6WV7RFzz+iPQWf 9v8876n+VJFd6uj5l+hPNVF/jp5/29VgtW3QTUNxbEiahvLYkMpv7Pt4fG7nvxKvS1VcIq/LiuaL 47VJy0vktcnMSrz23Ga9TzzYTEjVG8HRGeX1hJRJW2LUV0GdKuQMv8kGOUOl5JTLpiHrGtJC8kB2 qsyRKf6zq0xQPT0dH9ZLp4I0/U00pFnToOJjSyxb9L2glnerH2Qn8ZemJZWC0WtQkktaMtYiXMc+ TrOeSLplPSdIdxgFOtVsWGTQ43zSS8lC2RAXdHIwfRgWZvt1/iMXIx/ID2AhLBSsixxWw/TX4BgS Jh9BOqhIIWEwysNs9QAJwoWCdbmnywCdSglC+bAoUCDjrlOrUHFKgHgudvlyZYc+1IOkIw3BIl0k Qxa1Tmdht3vQoBNj4+JpQANqEXTKlxf0PahsZgfG34DHiRzLijKRXQcL0z2lSh2/sjdX5viVZNxc 9eYPbmL/iJoinsPKEIgHXBx4Vup7RybDZSYEFAXA+5Ew4fbNeW6sKwPEw8qAEFE0hgwAuUNplny2 QYspxnM06gHGg0CPTDcLYQqbRwRCHKRZ7j0QwG1k73EuzZyvd6vs91GF5PQd1JAu5Zl2jcmj7INH Fbji0p0HOmq5ctyAoAIBYRtRILSOqYA2POyyXQDhI/30kaSFg70NBOxU+iHspbY9UYekkcPmRgJT JA3RLLZAvzhn3EY57LS0kuyfDwp4MCH5KpigHvmK4d4ykWo+snPk1oS7MOqxvHYKJwm4nsb9Omgx 2FvoFOQKIk5A+nzj6cAxiqQcoASgD+AYwID5Lssh28AlN5bDevDUAxWivkP0QTYoab2gVy3NCsoU 9/JfA/oFXdgIcVhMylWf9BMI5mli9DyIzWfrgD/Az8RU/XlEAx7xkH86CkdoPKfnAAwBfgFy/iK/ Af6S65RHdmEVe3DTulNoHQyTKDmZcLHnMHY5PeD1S94YcalyiBNQqfIAKh4Q2yOZjJSCuPug8hAw /RavGXYaIl4TYNc5sq/GLSVASLBMC6INgZWGylmQQPK2FCCMA8g6YL4RpRlJnEMoSeYNQqYnkjI7 DJNJ4j0wMzAROuVeFHwz3/87RK/OtN6rBJN5uR2PVEB6lj8Cs+WkeyATeARsmXcV15SfoUxWIMp8 h2DZly7U3DQrh6qLwDtISVaaF8NxLid5sgoW2fymIYhHSGMhrVM2E3TCozjUI+wOiuYhELweA9ZO ztajksJhWCAdTPV8x+xQJgA2k7thYJCHCtFianwEVJkHovhCBdgQgxlOZkHXzFrDahq9TLvKWBB/ MLLZOPG9Bol2NO8UZBmESi4VGHsFDTEd9gujFBvk9IH0pJQNci7JLJPK1k6ewpozX+CqkjsEWAhI +MIo0AesDGq37JQ/AlyFRzTYMshVg6QCP0B35ShIB7gDEN3HkOtfuOuuAjWD+YLOUDbzR2x7qh4T QRGBMFhdKoe43LAQdLnRdsPqAh0wfeiUch2MCsqyxQ/NacB1gW9QWAoqZMOcU9pPlQwY5KBkkOoH CcoDqmEWu6thwsE+2EOqZAl1oR5KloDYwdoBV/lyw+qC05GU8smFwAcaAONHni2uLZh6yzG4Cb+d gKxbKm4mSIcoZQJiCXRIShMgDEKfcvopiIMl9N17RH4jhbnAygU1OmoG9gOYDivDnd9834+yLDsF Qw2CCRqTgvMDYAu2DmZLo0cKPBlMbqtM5hDcoQYDIDgMC/oASgYrB9snaUDBKaH2AxiA1ad7MtBc 3OfAKGDaYLHBgsCwkusglrglAascMCCX5V38NcBJvSC1MTwAxesNz1MKw2OpmldG0nDbShnnIEms +VWt61Qt8FwC78NilucUHEEtOa4LT1Hxmp2LOe/vnMNfatuKUhg34BmUNbrW6IUxu6W7ZDoUpYRI jJ0nh+1T5L9GXnArpbLXXm4asPokjw83waHVnV/kFMRxzT91dq57q65L6oDrPol0CmRD+EcEkDCK FBCOOX1SzVs1oA7VWiEA5m2jM026/0Znqe035dD4L9kuhfFDOrHqCL1VzKF0nB4L9Kl75rXT82Eq L7Zw2B/wyZ3mRGMIyO1x8Q9k32ia3AHrhCjHB0nmy7BGcZIPbuM2FBp4HSkv5+pB3eO1wvuXqMTN 60DGPw8uw3X4Pr8qd+agjc0z9WXFYzftNRcE5eZg8jBxJY9tYUkKHOyifeCaQkN7ekJTB20mRGe/ yvnEMLl0Nq0emCXjtho71cejVB3w8pBDoH20Um4m6ACN3RsbH+AMB6x748rrLVr3dJ6rovdevdAi 3X8LnG8TT04Fzj0u9OOXHmNtK8c9QPtJMJzDBc4coqxxw8bt5PYptO5E9yWMPEPn60CaNwBfeumv LoT9pzoSMmFbHG8b5pkD4OL828U97lE8UybR5VYBj0uHKNZsK436bsXDapwn7XGae0iu3fCeJpoM AnILhYZay6WWuzRzTbc/AA7jZboL21eqNnGoWaAvNfE4qeeQx+BoxQHgh8hI87sbwHlB/gQe8XBE IU7M3t6+M9Nl4vHYj/y6FZ/LD+enBm0n2UNcCLPU6qbl0OxeA2QK46lyq1NdaX/7geP2ZYdQHOL2 IAjzo/LtmYweuMAQM8Tcwe4l8hEIhnOZ5aF+EBW4c1nOroVs/QuWs3HDx9OqE7H/DQTDy8KO/EIU QdHrAxz8xXy3fa7tIj8+Or+AB4flO//5FzCtcjXYh6oQ5zdWnwbncUTqcd/qma4Fp35nJJ1gOWE2 sXXyyECdKADjLcqLS63SofFHJvL0kQ4HBcvuLimHJB3HhlsRb76r5dafn92AqD6/s8bj1QIeoQOO 6oFSig6CmPJVyr0/MtI5zWtAzpV9ml9DjRF8/paIEICTvj0qVEwjYVZ5KwlLfpMkf+OWHMUhXxcw LWxi98mE0CFEQ9z3AToIYYVdk++zHCqPk3H87OGV+AWPlruH5pQy++gHfzWRw/EPXqf+gSNrpgPJ DvWuNG7WXgmAG5pc8n+qZhTKLC13/Ry/gfEriOjBLeUQwILAmYYQF9AOEb0LiIqpiogDdbcSUeJf +XEybmBXubr5PO/H8rhT2uMNjlcmUuepOt7KQSmHN1zKnPNKZbgeeymYP7/Zd741mLxi18WHKPQh Slc+QlWOM3rrPud39aWt1UfTfMhN01pU/y/bTy87pfK70lRbqLj7ZT58OG/7bb7bfE6aJyLxaNL1 mzTfHQxa/bIl6vBwR+/L7tfd/U9reUiVqMZF6i7hCOm0j2yLtmIU0EjKV7WFCDc7pA7g0ADflFxw XRJ8g7tqfg0tPZnh8wad60II/L0l0CkWjHgL6sJA0MGkHq9y34ijDRNOVEZOj+bwHApEKXxzCHTR mlKfDB2wGQwzPwoewlR55IXXeLXxwruElqG3rIfeslH0lnXoLUP0lnXoLRuit6yH3rJR9JZ16C1D 9JZ16C0borfsVOhNvnlgKikX4A1HN9R0Q03zUNP8iiXkB82ncMPrk3G6biiGPJ3/7lYHvQ3w9iMb HYHQXGGtCF/z3XVLiS+MIJ7qrod/8CivwiwtP7pDayMwF+zxemPv0qkNGuorOLswDjOXZoxUfHiH OITDHGqHaAkjF1QH68YzE5xlm4UYGwGYwQLPSufd1kXpYmTronTZbjHqT2Lrsv9lPnw4b/s9bF2U Tke2LlVr128qty7NL1ui0v7WZd/vCbYuKum8SEpNz2Z3uFuV3yvfIF0XVD9XXtVjO8jfRgCd8vjn Ne7cwmxuVNqVhvL3EXDtDwAZHbA9xz/zw+4Or6Hll3YGqCFxUKHLjR8FieSH8A7bSstMAfc1EioX lAwJubMrDjeitm+zmjqM5rFR8fCoHnXxl++4zh5y9AlJzT8CuJUqRaxS8LhwbKu7HI+TqPDOYkhI OFz4zqHAVWkDl8IFF78uvSwyFtZ/zXuvwjiqsrSu78bPq12ChQgQX3UAYR57Jct9L+IwTmbaPyBb 8ncOh2zsnTWCmk8WAlUG6pBc0hArhxvF4cTnfrq5XNzewtzLPkrZIMuFMQCfj39DKqovJxJT/xQn 3QnLrXBCh51navLh6/y2Ms/2rQITK97nRPU3eq/4ofJmYu0/L2++55Oeoqfd/wE48/fMZW5kc3Ry ZWFtCmVuZG9iagoyNzQgMCBvYmoKMzY3MgplbmRvYmoKMjc4IDAgb2JqClsxMSAvWFlaIDQ3LjUx OTk5OTkgIAo3ODAuMDc5OTk5ICAwXQplbmRvYmoKMjc5IDAgb2JqClsxMSAvWFlaIDQ3LjUxOTk5 OTkgIAo0MzEuNTk5OTk5ICAwXQplbmRvYmoKMjgwIDAgb2JqClsxMSAvWFlaIDQ3LjUxOTk5OTkg IAoyMDEuMTk5OTk5ICAwXQplbmRvYmoKMjgxIDAgb2JqClsxMSAvWFlaIDQ3LjUxOTk5OTkgIAox NzEuNDM5OTk5ICAwXQplbmRvYmoKMjgyIDAgb2JqClsxMSAvWFlaIDQ3LjUxOTk5OTkgIAo4MDku ODM5OTk5ICAwXQplbmRvYmoKMjgzIDAgb2JqClsxMSAvWFlaIDQ3LjUxOTk5OTkgIAo0NjEuMzU5 OTk5ICAwXQplbmRvYmoKMjg0IDAgb2JqCjw8Ci9UeXBlIC9Bbm5vdAovU3VidHlwZSAvTGluawov UmVjdCBbNTIyLjcyMDAwMCAgNzc2LjIzOTk5OSAgNTQzLjg0MDAwMCAgNzgzLjkxOTk5OSBdCi9C b3JkZXIgWzAgMCAwXQovRGVzdCAvZmlsZSMzYSMyZiMyZiMyZnZhciMyZnRtcCMyZkNHSXRlbXA1 MDcyOS5kaXIjMmZkcmFmdCMyZGlldGYjMmRvYXV0aCMyZHYyLmh0bWwuaHRtbCMyM3RvYwo+Pgpl bmRvYmoKMjg1IDAgb2JqCjw8Ci9UeXBlIC9Bbm5vdAovU3VidHlwZSAvTGluawovUmVjdCBbNzEu NTE5OTk5OSAgNjMwLjMxOTk5OSAgMjQwLjQ3OTk5OSAgNjQwLjg3OTk5OSBdCi9Cb3JkZXIgWzAg MCAwXQovRGVzdCAvZmlsZSMzYSMyZiMyZiMyZnZhciMyZnRtcCMyZkNHSXRlbXA1MDcyOS5kaXIj MmZkcmFmdCMyZGlldGYjMmRvYXV0aCMyZHYyLmh0bWwuaHRtbCMyM1czQy5SRUMjMmRodG1sNDAx IzJkMTk5OTEyMjQKPj4KZW5kb2JqCjI4NiAwIG9iago8PAovVHlwZSAvQW5ub3QKL1N1YnR5cGUg L0xpbmsKL1JlY3QgWzM0Mi4yNDAwMDAgIDYzMC4zMTk5OTkgIDQwMC44MDAwMDAgIDY0MC44Nzk5 OTkgXQovQm9yZGVyIFswIDAgMF0KL0Rlc3QgL2ZpbGUjM2EjMmYjMmYjMmZ2YXIjMmZ0bXAjMmZD R0l0ZW1wNTA3MjkuZGlyIzJmZHJhZnQjMmRpZXRmIzJkb2F1dGgjMmR2Mi5odG1sLmh0bWwjMjNS RkMzOTg2Cj4+CmVuZG9iagoyODcgMCBvYmoKPDwKL1R5cGUgL0Fubm90Ci9TdWJ0eXBlIC9MaW5r Ci9SZWN0IFsyNTQuODc5OTk5ICA1NjMuMTIwMDAwICAzMTcuMjc5OTk5ICA1NzMuNjc5OTk5IF0K L0JvcmRlciBbMCAwIDBdCi9EZXN0IC9maWxlIzNhIzJmIzJmIzJmdmFyIzJmdG1wIzJmQ0dJdGVt cDUwNzI5LmRpciMyZmRyYWZ0IzJkaWV0ZiMyZG9hdXRoIzJkdjIuaHRtbC5odG1sIzIzdGxzCj4+ CmVuZG9iagoyODggMCBvYmoKPDwKL1R5cGUgL0Fubm90Ci9TdWJ0eXBlIC9MaW5rCi9SZWN0IFs0 MjMuODM5OTk5ICA1MzAuNDc5OTk5ICA0ODIuMzk5OTk5ICA1NDEuMDM5OTk5IF0KL0JvcmRlciBb MCAwIDBdCi9EZXN0IC9maWxlIzNhIzJmIzJmIzJmdmFyIzJmdG1wIzJmQ0dJdGVtcDUwNzI5LmRp ciMyZmRyYWZ0IzJkaWV0ZiMyZG9hdXRoIzJkdjIuaHRtbC5odG1sIzIzUkZDMjYxNgo+PgplbmRv YmoKMjg5IDAgb2JqCjw8Ci9UeXBlIC9Bbm5vdAovU3VidHlwZSAvTGluawovUmVjdCBbNTIyLjcy MDAwMCAgNDI3Ljc1OTk5OSAgNTQzLjg0MDAwMCAgNDM1LjQzOTk5OSBdCi9Cb3JkZXIgWzAgMCAw XQovRGVzdCAvZmlsZSMzYSMyZiMyZiMyZnZhciMyZnRtcCMyZkNHSXRlbXA1MDcyOS5kaXIjMmZk cmFmdCMyZGlldGYjMmRvYXV0aCMyZHYyLmh0bWwuaHRtbCMyM3RvYwo+PgplbmRvYmoKMjkwIDAg b2JqCjw8Ci9UeXBlIC9Bbm5vdAovU3VidHlwZSAvTGluawovUmVjdCBbMTg5LjU5OTk5OSAgMzI2 Ljk1OTk5OSAgMjYyLjU2MDAwMCAgMzM3LjUxOTk5OSBdCi9Cb3JkZXIgWzAgMCAwXQovRGVzdCAv ZmlsZSMzYSMyZiMyZiMyZnZhciMyZnRtcCMyZkNHSXRlbXA1MDcyOS5kaXIjMmZkcmFmdCMyZGll dGYjMmRvYXV0aCMyZHYyLmh0bWwuaHRtbCMyM2NvZGUjMmRhdXRoeiMyZHJlcQo+PgplbmRvYmoK MjkxIDAgb2JqCjw8Ci9UeXBlIC9Bbm5vdAovU3VidHlwZSAvTGluawovUmVjdCBbMjIyLjIzOTk5 OSAgMzE0LjQ3OTk5OSAgMjk1LjE5OTk5OSAgMzI1LjAzOTk5OSBdCi9Cb3JkZXIgWzAgMCAwXQov RGVzdCAvZmlsZSMzYSMyZiMyZiMyZnZhciMyZnRtcCMyZkNHSXRlbXA1MDcyOS5kaXIjMmZkcmFm dCMyZGlldGYjMmRvYXV0aCMyZHYyLmh0bWwuaHRtbCMyM2ltcGxpY2l0IzJkYXV0aHojMmRyZXEK Pj4KZW5kb2JqCjI5MiAwIG9iago8PAovVHlwZSAvQW5ub3QKL1N1YnR5cGUgL0xpbmsKL1JlY3Qg WzE3NC4yNDAwMDAgIDMwMi45NTk5OTkgIDIzNi42NDAwMDAgIDMxMy41MTk5OTkgXQovQm9yZGVy IFswIDAgMF0KL0Rlc3QgL2ZpbGUjM2EjMmYjMmYjMmZ2YXIjMmZ0bXAjMmZDR0l0ZW1wNTA3Mjku ZGlyIzJmZHJhZnQjMmRpZXRmIzJkb2F1dGgjMmR2Mi5odG1sLmh0bWwjMjNyZXNwb25zZSMyZHR5 cGUjMmRleHQKPj4KZW5kb2JqCjI5MyAwIG9iago8PAovVHlwZSAvQW5ub3QKL1N1YnR5cGUgL0xp bmsKL1JlY3QgWzY3LjY3OTk5OTkgIDIxMS43NTk5OTkgIDE1Mi4xNTk5OTkgIDIyMi4zMTk5OTkg XQovQm9yZGVyIFswIDAgMF0KL0Rlc3QgL2ZpbGUjM2EjMmYjMmYjMmZ2YXIjMmZ0bXAjMmZDR0l0 ZW1wNTA3MjkuZGlyIzJmZHJhZnQjMmRpZXRmIzJkb2F1dGgjMmR2Mi5odG1sLmh0bWwjMjNjb2Rl IzJkYXV0aHojMmRlcnJvcgo+PgplbmRvYmoKMjk0IDAgb2JqCjw8Ci9UeXBlIC9Bbm5vdAovU3Vi dHlwZSAvTGluawovUmVjdCBbNTIyLjcyMDAwMCAgMTY3LjU5OTk5OSAgNTQzLjg0MDAwMCAgMTc1 LjI3OTk5OSBdCi9Cb3JkZXIgWzAgMCAwXQovRGVzdCAvZmlsZSMzYSMyZiMyZiMyZnZhciMyZnRt cCMyZkNHSXRlbXA1MDcyOS5kaXIjMmZkcmFmdCMyZGlldGYjMmRvYXV0aCMyZHYyLmh0bWwuaHRt bCMyM3RvYwo+PgplbmRvYmoKMjk1IDAgb2JqCjw8Ci9UeXBlIC9Bbm5vdAovU3VidHlwZSAvTGlu awovUmVjdCBbNDA0LjYzOTk5OSAgNzguMzE5OTk5OSAgNDYzLjE5OTk5OSAgODguODc5OTk5OSBd Ci9Cb3JkZXIgWzAgMCAwXQovRGVzdCAvZmlsZSMzYSMyZiMyZiMyZnZhciMyZnRtcCMyZkNHSXRl bXA1MDcyOS5kaXIjMmZkcmFmdCMyZGlldGYjMmRvYXV0aCMyZHYyLmh0bWwuaHRtbCMyM1JGQzM5 ODYKPj4KZW5kb2JqCjI5NiAwIG9iago8PAovVHlwZSAvQW5ub3QKL1N1YnR5cGUgL0xpbmsKL1Jl Y3QgWzcxLjUxOTk5OTkgIDU0LjMxOTk5OTkgIDI0MC40Nzk5OTkgIDY0Ljg3OTk5OTkgXQovQm9y ZGVyIFswIDAgMF0KL0Rlc3QgL2ZpbGUjM2EjMmYjMmYjMmZ2YXIjMmZ0bXAjMmZDR0l0ZW1wNTA3 MjkuZGlyIzJmZHJhZnQjMmRpZXRmIzJkb2F1dGgjMmR2Mi5odG1sLmh0bWwjMjNXM0MuUkVDIzJk aHRtbDQwMSMyZDE5OTkxMjI0Cj4+CmVuZG9iagoyOTcgMCBvYmoKPDwKL1R5cGUgL0Fubm90Ci9T dWJ0eXBlIC9MaW5rCi9SZWN0IFszNDIuMjQwMDAwICA1NC4zMTk5OTk5ICA0MDAuODAwMDAwICA2 NC44Nzk5OTk5IF0KL0JvcmRlciBbMCAwIDBdCi9EZXN0IC9maWxlIzNhIzJmIzJmIzJmdmFyIzJm dG1wIzJmQ0dJdGVtcDUwNzI5LmRpciMyZmRyYWZ0IzJkaWV0ZiMyZG9hdXRoIzJkdjIuaHRtbC5o dG1sIzIzUkZDMzk4Ngo+PgplbmRvYmoKMjc3IDAgb2JqCjw8Ci9UeXBlIC9QYWdlCi9QYXJlbnQg MiAwIFIKL0NvbnRlbnRzIDI5OCAwIFIKL1Jlc291cmNlcyAzMDAgMCBSCi9Bbm5vdHMgMzAxIDAg UgovTWVkaWFCb3ggWzAgMCA1OTUgODQyXQo+PgplbmRvYmoKMzAwIDAgb2JqCjw8Ci9Db2xvclNw YWNlIDw8Ci9QQ1NwIDQgMCBSCi9DU3AgL0RldmljZVJHQgovQ1NwZyAvRGV2aWNlR3JheQo+Pgov RXh0R1N0YXRlIDw8Ci9HU2EgMyAwIFIKPj4KL1BhdHRlcm4gPDwKPj4KL0ZvbnQgPDwKL0Y2IDYg MCBSCi9GOSA5IDAgUgovRjEwIDEwIDAgUgovRjE1MCAxNTAgMCBSCi9GMjQ0IDI0NCAwIFIKPj4K L1hPYmplY3QgPDwKPj4KPj4KZW5kb2JqCjMwMSAwIG9iagpbIDI4NCAwIFIgMjg1IDAgUiAyODYg MCBSIDI4NyAwIFIgMjg4IDAgUiAyODkgMCBSIDI5MCAwIFIgMjkxIDAgUiAyOTIgMCBSIDI5MyAw IFIgMjk0IDAgUiAyOTUgMCBSIDI5NiAwIFIgMjk3IDAgUiBdCmVuZG9iagoyOTggMCBvYmoKPDwK L0xlbmd0aCAyOTkgMCBSCi9GaWx0ZXIgL0ZsYXRlRGVjb2RlCj4+CnN0cmVhbQp4nO1dyY7kuBG9 51fk2UBXi6RWwDDQqwEfDDS6AB8GPhg9HhuDqoHLc/DvWynlIsVL5qOo0JJLFWY6m62kghHB2BgR fP/n7//Y/uv37ftP3/+z/bH/89P3TfKUZFX7s03q33fdAVs+OZvsfralcU950Yz+eN28bd823zbf 6v+/bUzefHH/R/2Ph1ckze/vP37bvG9fvmlHvn/6a/3pf1u7/Uv936/bn/5eD/68n2/3wOumrPIa jiQxrv7rS/evxiWlecrrz/V4Iv+6e/jfm7/9YfvbDjD7VDbAmxbA7l/fmdS5tHiyiR0F8tvpqzUU rrImy0vv5+7Ezu3hSbedj68bl2a79SRJtu18rHGQm/QpraG3ctzultGMn+Z58cy/Q88vHZgrt//x fu7B3IEtK3fQ7D6+9t5VmCd7Drb++Gktp3lePPNLmJXw7IHZB4OPLlPg+TytX3vjYXg+zxs+XlLC cz17utuuSdXn57z+UvNM1YdBjB9h7szz4plfjZ9zk1fN56rPG7kpbcMEAFtvvLOW4zwvnvknwrMH Zh8MPrpMgefztH7tjwfh+Txv+HhJCc8mSUvXvLfPz/V4lTd6qQ+DGD/C3JnnxTO/Gj+bJEvK3QtM nzfqcXtUmD3YeuOdtRznefHMPxGePTD7YPDRZQo8n6f1q8BbCJ7P84aPl/owH8y0CoyWQbZPntaY Mdbltbm3Ndn2v/+s3/KtsW0iLCjT/HaBaUc8FtTbhS9+fN68/5rXGNg+/7JtIXjX/vHcQv2uBjst ts8/b/+4A+pP2+dfNzuDcT9gm4HiNOCagfI0kMon2jm+PO/XPxGu8yq5RlwXNSzXhuv6c3WFuLZJ mkyE6xOeW8+u/vF+7jlCAc9TZAx9aYOqake9M6iyeSMBsnK/SvtB4qEdSI8DNmdP7FF3aaCdw5jT SNGMVKeBshnIJMk6T3ySA5+bgfw08EW+96uA3SRyMfBamEO+1hgJh1yuy9rlJv7vmFwMWJgVlish Q0DKMyw7zDt/u/DFhrHMLn5wjrMy23BWWfX3TyEJ2sG9Zw8C7jtPFJR+8JbPcuCL/MpXIS32XFJc gANeK+eA1+6pdWm1Eh/wFVPJgY90tbA4gAPWAoDBHKVEEHxFEgq/AquVi8NJAVJYLQedLx/YEhhG soP5LBdHcWpSuXmBgzhrcwRF7DlYLRAKSAlkgG0qJ0WMccBgR0kUIm05KanI4ZswAFLQoUAokDCc cdOTtB8htotUyG0PAsa+p1EPrvYo71G0WwCdyxQuqLgh9tDBAwnF1RSAbgHS4VInbTHWMZDTdtaO Dek+S40B1IXVWKYOUTADAqgqi0EAkFtCaj5RE0ND2QEcINypURbAh/KJgMUB6wIp9fAxVrTnmZDt i5oQOorKVF5KaJgds4hutDFByXBGDLVDLr0WQIdJgZbz2LoP3Ta9blNBsoIURh7jWOdy6w5csLEC NTVzSFQIwiUMiRjqBFJ9UNQoLvWRJmJjIoZAtLdzGEfpq+v8YkgKJpXLxQHQIFTIBgBWMBGK9KfK bx+2vaDIAwJfFB8q0h+2O+AUJs0oHHQtzlD9MDy6iPEUgAMMG4qxmPhjhE0GxKZ0wR0VESvTcB9C CTVWXrqsLzARZxQjiFXqcaoYDBEbVVPH5PYwq4b7EKBBuMLQsJhA2VNrB0U5dSiux22B16Jq44I6 4hholrD2PCY2NwZm2v2LBn7u1RNe70krLN/jCuqoi+KQCPYwqFZtUF1a7Q2ZQgHOFPApF1P3pT4i UjXo6QTy2HD+AIzhAI1FIxzUMMQAZsSJD5djw4Pky53WFFL2a4SFOUNo6q3KeknD9yFE37ibE6DJ 1+4apvY4q0ZSwFoNKDw2t6kUCR8lIfhpfCLTNVNHxSr3dLgbB7xKhVVETLcrVzpM1ks1To+fRSqp 56mQ9NKAF7ScnflY2+ap4G2Z8Gsl18GA4WFQMDrkWxIqhhJ4rcxEtpJOFubwBFuHDMAcFp6g8Xv7 hTIhTOrJmAR7+gKCkAxAW/kETLp/YqkM6VJwK8/X4eceqL24KuLnnJWi5nH5ftb9kdzIWW1Rimnp EYMDjgW3gZ+4cfOUO55ALK4V+VlohJrUoURa5n1K6FioaZX0pw04QuMJ2ArOlQMxDyfI8gngzQAf Vy8OrbN/s0MJ21RZijT4FJEhoZJhPdwTDCAe377chAPjGgDjJ9f8qELhtSr7kMYSlhL41FQKSPMO OGQbXqGCEnPChMOx4r5I+mLm3pxLFSHqrJwkgSrEbknraK2Q58GYXcjRDTCv6fYEKakTLboi01Ez BlUdMjqQwYczkYaVEKEneIFEzAk2L2R8HPIOtZrWqkZi0ntBPoIEjaji5ShUyFS9qXxwDbbUKDAN RZCK2M6Syvve4WWMeIKNGpUeYk6SIRtxxh9g2dCUOTTeP0ikUgfAQaZuhMnBxdIkxXH8pJjqU8z1 n/NAtoPTFoVockNbmQ7HwGGCgr6IsA25aI+IZT2slqFCaNYirZHqIU9cXz+M8W11VJUNr0ENsP1p tXQA92rsgAgzTCOBTYoqJyNiSEtu7fAUN65leMof394841Ev7Wckb7v2xKvD3LOEnQOOXbjpqhGH XpcbP7q6xQliThgM0BGqztsb5qZV8WoCCIohuCwXvT8fvWHWaZpNfmAQEGOCnCXO3bCaWdKxlzKQ VuYyXmEGX+rSvlgCHrOQsXauMSsIw4lyuNKsFGJU5ww0F9I56liYilafSTtWtVTuLFJGJbYtbfSU 7i6V3FqMnoDYkkIgXSXT+6FJFXady0ux7WbvgHZlmjOp+gizmUQY0FK6ycuq0rYvUIfiMQ0I9JTg uKAVBGBAjtICOE0/LzfHEikwFtebpKYQgZqp8zJvtxVR6y2fQO+RZ0LyPMe5/MuIrF5+vMxPU0Nr G3T3f0BNtYK2CkhJpXIo5gyDJ6MF7CEFwgQk8AWAOondtEyMWlVl2Edo0MNDdxYaBIxgFixghJMq wveAt/BMCJpIG7AWzlQROmUhAXHTNQuQfr8QUoNDETqCOrXBTDVPZtBVc9n6CjSUrepl6jMCrDkk sIYW4WZFaEeESxZwRHlCx1a7tQvlimO4QeNCOY0r5/Z9DbqRXY83BeGwC3ew4T1uINc4g8o5wCJB ONwZ1gHdMVGcrlU6Rer68D+8g3DpsZIzlQDVwAMdU1zsBlptpttf7ooLA2oMhxddTnOxFSV2QIs6 hcZIMRmgvEyTN+vlHRt9KBt9kJ/0Zb0ieVVcn+J4ce0kLIG3UPE+jzLgOmvp/aBKpEl6QnPnQqOn 0Uz3rtyXPlgmZrlUnt3wqoKI8g+uMaZUmKNFbDGDjA0wIDVqBmZNFiuKg8Lk0i4gD4DqGA0MrTdE 51QokzeBiTIx3tUsEytNC/lE9C4biSGTtCgyh04u2M1G5o6kELI80xNHtsDh0+57X3YjobMYTXeX YDG8Q0y8/r7CnDqXVv0dEd9zdJlYnStNfwHTZGIvdJYZrfVGdygrBVYjThDuy7eIjjUp6TRnvaS6 oQLk4Ljp2ORsiVVfdv41ynyTCo4BtIPMhxQST/PqhZRAJlf0UAKXZXFM1yaIt9ED4IAuRtyNBTkK nX+GF/oHtM+ZNaytpAPS0ssRCjEXX9fxscDvTdAj8A8FpqHAJFYDyssiRCLN6OdCM+AOYi4jh+d8 Bxx1RfQc4+feen3cRgfyjOCQWWIDvt2tJAJz56XvvYsEW7g+ijRz6cvqEHaEWNfKts0Q2bRQMqnG MURM2mdMKTD3eyOuEotoZsh7YXNaUpMXsSw7VwaIHW42xhQbDZc7YASn+wxCe2HrUleR300TgICI hPThh6yT6DsAXeX6E42StlnPB6sk9xEGkx94EtYUZ+zzkD/AVQm99ezSpLw6idfJoNRRuFeLkw59 cU8e+aWUAn54dsu6/opjkWUhxAUU70scu+LsYrezRBpTYwS80RnGY49obCUg0cgZAlhjEiCiq8uv kIEz4/pkcKAjPNWWC9U2OLHh0F6bJ3szgI94iDI0NK5j09jj8UJE33zeMslzpd0lJE5ziQ73tbna X7n+HRtKcbngiFk89ojqlQB/FHh3kmsC5yl44QmskzAmL8qnp3oBmcYREQ0OGG/jssw1Mr6qAh1R nh3RLnP3ApKzH7kwY2X9TE0KIsQlD71FXM0zZTr3TXiBJu/vStxikG8CKbYg++gF9DAHvMXBfoHr jmX1N8CxaHrk7ur1PmaVnM+0P+16c+unOfeepfnZ2o1ojSCWjjq/cDXrLLFT3sgpIsgdoPEAUpp0 +rjBSt/euYVeaKMv7EnERoy4rx54BHaEwl2TPM0HQac9F2dyMycR3becbeezxMcmG7WXF1TlsdTu djsd2eR4Tb1GpyNMIJim05HMZNnzG1h9+YU5uB0Ak9L2SXj8CQWG2HJJLoa3bQLIEJDyDMvCPpjq FMI2nFUew6dyhWhPK5w0q4TLA+67nSSDn8bgY8LHPDWLY5knTU1ic9EK8QALcyU+WkBvdbCEePM9 niIjURhQGxvhXT/ciaGsPac7Mdb/buz+jiTn92HGtDSOkHVzprvZpCrCV3dD29/B6QknTMR9O/y+ eGhsGXEbLM+QA+uW18hBAu3wgrdpugPN0z1rllySh3pYrXqoHcuh4vHaFMglxtSTdSpqyhhvk4BJ BOZNy7YY3bcS7r/pFr/4Fl6CCvKRIohvbWx7xjOeIpIewASBRKuIchsuDKa5VzXNk76cWq+b/7A5 lGwOHc12vMoJOZN6U8vm68xuky9Uok8Dh9NwLtcGMOkkfU2GHxlG1AUG4INXeaHPulQbMldl/c39 kNxD6X391/RZk2WHWTWCBQ8bnLCygg1+pkeqJ1/TXZhkPV1ENdpngV1O48AB9cfDC3FUSDNN0si6 ClHGyq68EMJruFE9jxSxNCXDeZ7QEe+Ff+9GiPc7E4kRLVsWuh4vXqpeYUWDzVPB29ABHHpsQqYJ z+4FVQbV87zbBC2TsBArDu1YMWQAnU54gtYYWDBlPbk5F+YArPtanV4iQ2jPbHhiqXSsUnAr6CqN O200+okoXitrTXksgk80ZrVFKaalvZAinC9ENI0rT1Qnzq2x4WpShxJpmfcpoRSerpL+tGsx4XwG 2gUjD3hTpVEVrxXWa8hg7fGqkxW5ihF1DxHt7yL8nimiiag9wbimwRSVdtbDX6uyD3nHsIUE/mrL MWe9LHD0LRhJX8zcm3M59zXwOlrB+ItBV+LoBpjXdHvilQx8v8ZkU6zXdDxbc5VV+x/gHflvAbVU /skaRsy9SdG76rDUHfgwbddyKjVKWywbiAVCnVB3j+RSlOLudOdnkfuKLcymqa/yzSX9tXl2bizq jMv68+/T3zpLqgQyzRdAprRk97kIp0n2Tdo6s2baiKqySRFlE0mITCzJSlHNB2AOzBGXA4Da9LyB H7vONKnIZsJtgMV/sJlgvyFyJONZuXTlldqqaYKS2fTwQk9RHFT5QbivU9T4VSqWj3IOkDwQtJBc AZLIxokZr/xs28HsTlBUaQ68Cy4R7KGpaW4Scc3USmgO2xpozrkiUqZ6cZU5cV/F1eAKfe+JcWUq 07/qYTW4AnUOsuR8ADBalohK/dUgQmGDzc5Wh/jn8Uz7ZpVxVvQDvTdnwndj41OY8N0g+VWb8NMh qjXhu/Pfsgl/aTOtQmrUv9u3er0mbwDf//HjNfY49tv22+b/NkSntmVuZHN0cmVhbQplbmRvYmoK Mjk5IDAgb2JqCjQyNjgKZW5kb2JqCjMwMyAwIG9iagpbMTIgL1hZWiA0Ny41MTk5OTk5ICAKMjgy Ljc5OTk5OSAgMF0KZW5kb2JqCjMwNCAwIG9iagpbMTIgL1hZWiA0Ny41MTk5OTk5ICAKMTAyLjMx OTk5OSAgMF0KZW5kb2JqCjMwNSAwIG9iagpbMTIgL1hZWiA0Ny41MTk5OTk5ICAKNzc1LjI3OTk5 OSAgMF0KZW5kb2JqCjMwNiAwIG9iagpbMTIgL1hZWiA0Ny41MTk5OTk5ICAKNTcxLjc1OTk5OSAg MF0KZW5kb2JqCjMwNyAwIG9iago8PAovVHlwZSAvQW5ub3QKL1N1YnR5cGUgL0xpbmsKL1JlY3Qg WzUyMi43MjAwMDAgIDc3MS40Mzk5OTkgIDU0My44NDAwMDAgIDc3OS4xMTk5OTkgXQovQm9yZGVy IFswIDAgMF0KL0Rlc3QgL2ZpbGUjM2EjMmYjMmYjMmZ2YXIjMmZ0bXAjMmZDR0l0ZW1wNTA3Mjku ZGlyIzJmZHJhZnQjMmRpZXRmIzJkb2F1dGgjMmR2Mi5odG1sLmh0bWwjMjN0b2MKPj4KZW5kb2Jq CjMwOCAwIG9iago8PAovVHlwZSAvQW5ub3QKL1N1YnR5cGUgL0xpbmsKL1JlY3QgWzQyMy44Mzk5 OTkgIDczOC43OTk5OTkgIDQ4Ni4yMzk5OTkgIDc0OS4zNTk5OTkgXQovQm9yZGVyIFswIDAgMF0K L0Rlc3QgL2ZpbGUjM2EjMmYjMmYjMmZ2YXIjMmZ0bXAjMmZDR0l0ZW1wNTA3MjkuZGlyIzJmZHJh ZnQjMmRpZXRmIzJkb2F1dGgjMmR2Mi5odG1sLmh0bWwjMjN0bHMKPj4KZW5kb2JqCjMwOSAwIG9i ago8PAovVHlwZSAvQW5ub3QKL1N1YnR5cGUgL0xpbmsKL1JlY3QgWzUyMi43MjAwMDAgIDU2Ny45 MTk5OTkgIDU0My44NDAwMDAgIDU3NS41OTk5OTkgXQovQm9yZGVyIFswIDAgMF0KL0Rlc3QgL2Zp bGUjM2EjMmYjMmYjMmZ2YXIjMmZ0bXAjMmZDR0l0ZW1wNTA3MjkuZGlyIzJmZHJhZnQjMmRpZXRm IzJkb2F1dGgjMmR2Mi5odG1sLmh0bWwjMjN0b2MKPj4KZW5kb2JqCjMxMCAwIG9iago8PAovVHlw ZSAvQW5ub3QKL1N1YnR5cGUgL0xpbmsKL1JlY3QgWzM1MC44Nzk5OTkgIDMyMy4xMTk5OTkgIDQy Ny42ODAwMDAgIDMzMy42Nzk5OTkgXQovQm9yZGVyIFswIDAgMF0KL0Rlc3QgL2ZpbGUjM2EjMmYj MmYjMmZ2YXIjMmZ0bXAjMmZDR0l0ZW1wNTA3MjkuZGlyIzJmZHJhZnQjMmRpZXRmIzJkb2F1dGgj MmR2Mi5odG1sLmh0bWwjMjNvcGVuIzJkcmVkaXJlY3QKPj4KZW5kb2JqCjMxMSAwIG9iago8PAov VHlwZSAvQW5ub3QKL1N1YnR5cGUgL0xpbmsKL1JlY3QgWzUyMi43MjAwMDAgIDI3OC45NTk5OTkg IDU0My44NDAwMDAgIDI4Ni42Mzk5OTkgXQovQm9yZGVyIFswIDAgMF0KL0Rlc3QgL2ZpbGUjM2Ej MmYjMmYjMmZ2YXIjMmZ0bXAjMmZDR0l0ZW1wNTA3MjkuZGlyIzJmZHJhZnQjMmRpZXRmIzJkb2F1 dGgjMmR2Mi5odG1sLmh0bWwjMjN0b2MKPj4KZW5kb2JqCjMxMiAwIG9iago8PAovVHlwZSAvQW5u b3QKL1N1YnR5cGUgL0xpbmsKL1JlY3QgWzIzNy41OTk5OTkgIDE3Ny4xOTk5OTkgIDI5Ni4xNTk5 OTkgIDE4Ny43NTk5OTkgXQovQm9yZGVyIFswIDAgMF0KL0Rlc3QgL2ZpbGUjM2EjMmYjMmYjMmZ2 YXIjMmZ0bXAjMmZDR0l0ZW1wNTA3MjkuZGlyIzJmZHJhZnQjMmRpZXRmIzJkb2F1dGgjMmR2Mi5o dG1sLmh0bWwjMjNSRkMzOTg2Cj4+CmVuZG9iagozMTMgMCBvYmoKPDwKL1R5cGUgL0Fubm90Ci9T dWJ0eXBlIC9MaW5rCi9SZWN0IFs0MzEuNTE5OTk5ICAxNTQuMTU5OTk5ICA0OTAuMDc5OTk5ICAx NjQuNzE5OTk5IF0KL0JvcmRlciBbMCAwIDBdCi9EZXN0IC9maWxlIzNhIzJmIzJmIzJmdmFyIzJm dG1wIzJmQ0dJdGVtcDUwNzI5LmRpciMyZmRyYWZ0IzJkaWV0ZiMyZG9hdXRoIzJkdjIuaHRtbC5o dG1sIzIzUkZDMzk4Ngo+PgplbmRvYmoKMzE0IDAgb2JqCjw8Ci9UeXBlIC9Bbm5vdAovU3VidHlw ZSAvTGluawovUmVjdCBbNTIyLjcyMDAwMCAgOTguNDc5OTk5OSAgNTQzLjg0MDAwMCAgMTA2LjE1 OTk5OSBdCi9Cb3JkZXIgWzAgMCAwXQovRGVzdCAvZmlsZSMzYSMyZiMyZiMyZnZhciMyZnRtcCMy ZkNHSXRlbXA1MDcyOS5kaXIjMmZkcmFmdCMyZGlldGYjMmRvYXV0aCMyZHYyLmh0bWwuaHRtbCMy M3RvYwo+PgplbmRvYmoKMzAyIDAgb2JqCjw8Ci9UeXBlIC9QYWdlCi9QYXJlbnQgMiAwIFIKL0Nv bnRlbnRzIDMxNSAwIFIKL1Jlc291cmNlcyAzMTcgMCBSCi9Bbm5vdHMgMzE4IDAgUgovTWVkaWFC b3ggWzAgMCA1OTUgODQyXQo+PgplbmRvYmoKMzE3IDAgb2JqCjw8Ci9Db2xvclNwYWNlIDw8Ci9Q Q1NwIDQgMCBSCi9DU3AgL0RldmljZVJHQgovQ1NwZyAvRGV2aWNlR3JheQo+PgovRXh0R1N0YXRl IDw8Ci9HU2EgMyAwIFIKPj4KL1BhdHRlcm4gPDwKPj4KL0ZvbnQgPDwKL0Y2IDYgMCBSCi9GOSA5 IDAgUgovRjEwIDEwIDAgUgovRjE1MCAxNTAgMCBSCj4+Ci9YT2JqZWN0IDw8Cj4+Cj4+CmVuZG9i agozMTggMCBvYmoKWyAzMDcgMCBSIDMwOCAwIFIgMzA5IDAgUiAzMTAgMCBSIDMxMSAwIFIgMzEy IDAgUiAzMTMgMCBSIDMxNCAwIFIgXQplbmRvYmoKMzE1IDAgb2JqCjw8Ci9MZW5ndGggMzE2IDAg UgovRmlsdGVyIC9GbGF0ZURlY29kZQo+PgpzdHJlYW0KeJztXUtv3MgRvs+v4HkBy+wHX0AQYC3b AXIIYFhADoscAm02i4W0iLKH/P1wyBkOWR97qtmsJjkjSrA1apHN6up6d1Xx41++/zP59x/Jx8fv /0meTz8fvx/ShzSr2q8krb8/9Ad0+WB0evxKSmUe8qIZfX49vCVvh2+Hb/X/bweVNzeeftR/PD8i bb7/eP798LF9+KEd+f74t/rT/xKd/LX+91vy0z/qwZ9P8x0veD2UVV7DkabK1L++9H9VJjXpg60/ 1+Mp/fV48a+Hv/+Q/H4ETD+UDfCqBbD/6weV5bZeXpnqWSC/XW59yFNT6Xre0vm5P7ExJ3hsYtOq vqj+yuulG5u1v2SJ1fq4tON4jYNc2Wahmo7r4kG345d5XhzzH9HzSw/mypy+nJ8HMPdgM9mD7mDu PcuWD+kYbMPxy1ou87w45qcwC+HZAbMLBte+xMDz+F6/Dsb98DxOGy5aEsKzKVPVPCwb0rMp28fW HwcwkPEO5t48L475xejZlO1jW5j7z7KN6EHYBuO9tXTzvDjmj4RnB8wuGFz7EgPP43v9Ohz3wvM4 bbhoSQjPvccO6LnMW9jq8QEMZLy7uffxxTG/GD2XedbM38Lcf1beXIOwDcZ7a+nmeXHMHwnPDphd MLj2JQaex/f6dTjuhedx2nDRkhCelcpbzaaG9FyPt9pDDWEg4x2gvXleHPOL0XM9Z20DlieYB88q TINQgK0/3l/LeZ4Xx/yR8OyA2QWDa19i4Hl8r1/JuA+ex2nDRUtDmM9uRwVG+CRbPrc1ZrTObe2+ JCpL/vuv+infGls9wCNQzXcfmHbE4RG8Xbnx09Ph49c8UWny9EvSQvCh/fHUQv2hBrvIkqefkz8d gfpz8vTb4egAnQZ0M1BcBkwzUF4GLL2inePL02n9kXCd6eoWcZ3Z9PZwXdWG+g3iulLFzeHaKKtu ENdGZToSri94bqNC9Zfz8yCI4nE9i4ypD21QVR13bwRVOm+kbZmfVql/pHhoB2w3oHPuirQSmMNy AyZrBlTajah2h6rLQE4GNL0ifaQDX8hjYNK0bAYyN2S6vUIpN3UZClla0AF6i3qkOOMBSQEQul7E WUFnBYwA7AAqjzOYNCVz6IwSAL0FJtV6hEOnBTLfrtzY8JE6hlrHGKmWNTUjGSree/JD0/1ziBxY cnYF08BqX6mk4+f4TCGF3YJJP4/v+LW1OIjkylrUJzopfSwAhnCwTGI+Uw74QgVLCqLGpnTEPBIs 6keYZvr+mi90PcX8DUc4AEkBtEoBU6WnirXu/VWaVQuUzWAfYH9xDipZEXR6C/IdkDedA9kMNgqo GdQkz/+wOJ5F7EVszpB/VUEEIODM0o1gqUwpEdBa0Ww6a1CC3CVYl6UZhDSAAHgFAKTKCl4U3gHc ThenKOsiHPykQO4OXqZWwsCQtqOGtPsqH2vC4wEtGWcuOtZZNiRklA8UYWBoqzVtJF0WhBNZDYDU e7PbZ9KSrB54F7aPCiYFA+mK+2ksWdHJv7qmrydt8AzQCkN4JVj7xDac7snIX0kr8qYGqIWCG5BQ pGgUw1PYtbgMOBmjqOZgQVJ2uPm9ATC1WUNCtY9V5gpG4B7YCAninu6d8FaRhyEFoLOce4r7TDHG PLwTXizxApQXOkAgwKjXDLoZCkMZwhB0uz2w6tBl11zNALJjrWJ+UrwC1gLWOchUVpWrjGKMD/Py YTNfC/8KG3qgEPgBHgvcD1fAHHwIV0BOIV/CRvGKiycYmLQUVEu5cUt/XoUAAni87zGyp6sxMo9Q FE/tEsv3PQWZSYe6tENCjGMfgchAco9CEfxiAqQsKAg2wOmBEMrc4BJ7+JzLhNmng85bYegvABzT jS5+K3FfQNoHRMSp0sXFASVTQRUn/u+gdRlVVnQGJYgu3l0Ayx7iP7DbMeyUgGM1lCjAUmAuwgEg EAjvx8BqFwo4qdP5R7fdQZYLS+/LSIgA7ua9Iw925+P9QDPAMqyLoT+xHLKklJEwuqd4nLhRIJfY YBlSMpwzsKzrobclTC7WCPV4Ci9CAGM8kqO4frxBTUH3jmrIaMPqbE+vmHaBhipsDoiZOIfmyuZD rCx0oABkAhTOK2swGgIcFboRHmGpgBAbuK78anmxKrFRrMfgET+GbWB3zgOwreZq4VN4F9PX/pvl /dzTIZ5JWYKBfF4g/h/ldIZNS28c8pFeD1uGdzodntxcbaDoevlokMfRFxiA0yUVIp6XMgLhkN0A nMq7Kx3AG0UfK8n/5lycAMYe8i64x3AEFSV8KnHOzWtQeApE9n6kAwHSbrrJFcdMYYPFAdGSkPNX kAa8Rx0glabjNOQ8OsAmBR2EhMpyoYc9HSDrBLTDZik3zqGOAx9zxXRuhnJ6pSCl98mwjFrKlCQh 8p4NH/sL8BcWySePEl7wOMXijxsFgrSbMTADtjLA0eUtruk7FxDEFymvWzIdY6bMsbbghM5ug25T k8c8XbZ57tw6NqjtkX3BoozfXBTtkNEZYMdLpJbwzgGbE77dqoKtaKVlzr2mW08iampe9dmMZOWy GnJ/gCrzMA+m18V6+LXTEzRGwqASufl8whJ/hs3GBkQs7oDjGKqEQ2wdwXNfWyonhgIEk0ChwVrJ 2ZAowRsQEu7lOh654FGSbDarR+4ZmLECBpZrs+eqA2OHTCaRSIgixLeTgHA+Cs+5cMZx7Tji3no3 ZZ1LuEzvJo8rgEEhBa+li2sdknQ7cK0zEy+wW0rJL7fQLkN8YyK+Y1LI6jz6PwEgdDEooD2Oi9nO TCesrtlEKStJ37Z5UZ735QlFzAC8ouitpiQ/kqoHKbKwuytVbixS/MU7Ph416WwG3TuvQuH3FpfP ++x8tWBAThlPQTzhyhzfGSp1by2ZTcRFPTaw8iXmZdIfjZmmihWqYqWPnVlzfWxiff6sH1Rqj820 q+ZDXjWjph4oT5+ea0GeP5RVZk3a/TEf3pyf5m2uPX6upzvekQxvVdV53vrT8dr+Q49/1Ong5g7e 58Ovh08/xDI0lFHHPc/1ucu0+srpEY8SB95T2YqoHfOHgijL5BfKMsUYZZnyTAH1J0pZzR/z4c35 ad6Osowdoyxju3ktUJbpSKm7uYN3GcrqemprMPX5Zmp8yd46vTc2Q7/sUa5HAJBnXz4UsVJOa0CS Voi0mp4/geuffiodUHwR0jlQMEM1z7sa391hZTZ3Iw7r3vXXp9XS7cj/3VVkyOH+Kpbmiu6sJLJ7 I25fzKo3GXVXustVebZ7X5bau9Llm+EgQduuUF3mwm7bTaSH3ba76QOLlao4AnpPTU//80gzYEMs y2Ad+S7E2Yfn8oaqjJVlUyJFb97u7J16gszQltLZJ0FVpLtCWMirul1+x6PjlEZMraG7GaWUY179 3G29jECnZkhSilIu5vnAEQkYc6u+XMKSFW2lOF4oxy9NyYYF5CNCxIfPGIoT0RCoM/NI8gyomOZN C74lHSRObuWtCHw1Dz8pb42s5H24kj6vpSE6OgHKaGvrn0+xlf6zy7QfE4mrsrItToRjoXJPbVJC Q3foWtxTMDrEKbhWz7ROs1CPF7/xRXHsWwz33qDR1KGM5soK5+buAbyYAby5WiPNhvu363MpfS4r eUR0hMcbZvnCSd4B9JDF68hRPgsoAHSPl8nwSpMnXdYSxwhfQLbGItUC3vwgo5uK7oWOGz+emNsM NC3IeiHaBklvsBqPeI9AV4yAhh4eTeghrBLQMw2YeTqkEuI+ILwTsHwR985Dh0ow0Tpqd3czKclE aV+zUrjTV5fJ6KGys7Hvz4vkg6oiOCzVufpmT62ZymSbqfMNOayNYsq+7xSYzWYzj5icAS/FBlAD wtL3Zw3MLvwtiBjeSP7m1XrF2VrHdq8g2ko7ebZp2u2TqvT5yF0HJdeJQfu3j5miy0Ra8PNwCLyQ LiA46MHKgCAYCBA6y6TgBOfUze4nnw0F9bIhxjJzv7H1nl2KrWh/Dz7k6wFh+Wwel4RcXkgL8yQl gEKPFgP8ARRP6/x75fn+qL6NCWeLB0Xkwx23Faz0eZXLtBXkn4L7DnH2Vjz3ohOuNpe91ALaEnDE DILOg6zuPMVa+nESto/gyUIB87M3qyG3YNfAiB0P12wJWGXVGQfT3968hyBYjbKSX+ehyGO8fYtX OlGsg4UicCwJeaRFAGB8ECPG4avISy32w0chXp/dcCEdinKZSBArIDxM3WB5IOJwVoW9RxkS4KVM FzseWc/3x4jSwdRVWei9qNRbO46c+8KyvBrKtlgtolnn3wNr4A4E1P7f3yGOjHIrRdU9n8IakGy7 F5PIS+ZlSlo9zihWLYu8wc4AxmRDvkVrgK4e439AyOwcaEBQYWgclH3NO/w8ugvJIpEr23YC7iFy q1y04VYCcokfpsbMGatfqSkikvd6fxZAdM9jepnrSvae4CmUcILBbmaIC8i9/FhqK2dngtih5N5M 2rO/7yqju8w5F0amyofX7wLZUR6lk2g0sMToUeUag1v5ijVezYgcEsDyYVJ41yPLAQHvAvZ49S2v qQMcPl5YAZHx57J8vDPgVIktnFv3ZGpufK+ohoLpdoK1u10+jnYZTWU7LwtK2KefCMnEDDdbGAv0 jvV2y2Ty8S8c4le7mTw90xw09ygxoHpuIWZdJjWDt9T4MvhdRHJcBicTvqpKRu7mN6iIHSmec1tn 6GyIkYCcwZs7rn0vtVGbDf9JEAyQJZunyr+i6b1L7j2YJ7UPc/VUZYdiOWYwT0anFmcLMlLyynaC eRIsAN4NWERsbl6kJPJFsgQ8JuU3M6CIIERXSyx3IdrlTZMAK+LWnOi54kylQ3m2XMlc89zKX+Sv 5HiHVKwBZ95vOaBRF2dqmXJAEAzTywF1QXkYSu6goJmWy+mMPgWKAeH93lCWCL2KERA6iaZXQFUe AgK3lCP0CAwcs27PqOqc/hvig+/pEcxqt5I/BlvJnwWCI8tq4JATWP6lbst0a4PHBhwNB3TwYDPS fBrCQpW/gPEcEueGSWPQg2Bd09wD1qoYStCgvYqTYLFkq02j08qJ6T2UxQmJPZTFSMB1MsrWfMUF H0IHfc5u54igWamImg0PIDnDYvgcKxnvuHmnX1/AsW1OPbKK+DLblQrgeUjZ1/YiL8q94kFGWenI 9Y5G83LCo2oyQMbz4b0Aib3M6wY2YzhE4auAPn38Oyv5fE+Jo+oAn0YCY+v4FkJ+ARU0myHutaqK RsOuWXX6AvTSv3mEU92TNXuVO8PuTSmlUed3BWga5jtpXojq9VDU7l1O0dyj5k90jnJcq/S2KqNX 5FSvjtNqKCYsbZ23WUwYaKlGUQO3OJzdUFzpwgzTF60iC1fAJa4gdP8SigtNjY9TZL+iRNDr7S+7 0uyUqFVse6X1d/JWr1flDeCnH8+voUH1b8m3w/8BtxbNq2VuZHN0cmVhbQplbmRvYmoKMzE2IDAg b2JqCjQwNDgKZW5kb2JqCjMyMCAwIG9iagpbMTMgL1hZWiA0Ny41MTk5OTk5ICAKNjIyLjYzOTk5 OSAgMF0KZW5kb2JqCjMyMSAwIG9iagpbMTMgL1hZWiA0Ny41MTk5OTk5ICAKNzgzLjkxOTk5OSAg MF0KZW5kb2JqCjMyMiAwIG9iagpbMTMgL1hZWiA0Ny41MTk5OTk5ICAKMzIxLjE5OTk5OSAgMF0K ZW5kb2JqCjMyMyAwIG9iagpbMTMgL1hZWiA0Ny41MTk5OTk5ICAKNTkyLjg3OTk5OSAgMF0KZW5k b2JqCjMyNCAwIG9iagpbMTMgL1hZWiA0Ny41MTk5OTk5ICAKMjkxLjQzOTk5OSAgMF0KZW5kb2Jq CjMyNSAwIG9iago8PAovVHlwZSAvQW5ub3QKL1N1YnR5cGUgL0xpbmsKL1JlY3QgWzUyMi43MjAw MDAgIDc4MC4wNzk5OTkgIDU0My44NDAwMDAgIDc4Ny43NTk5OTkgXQovQm9yZGVyIFswIDAgMF0K L0Rlc3QgL2ZpbGUjM2EjMmYjMmYjMmZ2YXIjMmZ0bXAjMmZDR0l0ZW1wNTA3MjkuZGlyIzJmZHJh ZnQjMmRpZXRmIzJkb2F1dGgjMmR2Mi5odG1sLmh0bWwjMjN0b2MKPj4KZW5kb2JqCjMyNiAwIG9i ago8PAovVHlwZSAvQW5ub3QKL1N1YnR5cGUgL0xpbmsKL1JlY3QgWzUyMi43MjAwMDAgIDU4OS4w Mzk5OTkgIDU0My44NDAwMDAgIDU5Ni43MTk5OTkgXQovQm9yZGVyIFswIDAgMF0KL0Rlc3QgL2Zp bGUjM2EjMmYjMmYjMmZ2YXIjMmZ0bXAjMmZDR0l0ZW1wNTA3MjkuZGlyIzJmZHJhZnQjMmRpZXRm IzJkb2F1dGgjMmR2Mi5odG1sLmh0bWwjMjN0b2MKPj4KZW5kb2JqCjMyNyAwIG9iago8PAovVHlw ZSAvQW5ub3QKL1N1YnR5cGUgL0xpbmsKL1JlY3QgWzcxLjUxOTk5OTkgIDQ2Ni4xNTk5OTkgIDI0 MC40Nzk5OTkgIDQ3Ni43MTk5OTkgXQovQm9yZGVyIFswIDAgMF0KL0Rlc3QgL2ZpbGUjM2EjMmYj MmYjMmZ2YXIjMmZ0bXAjMmZDR0l0ZW1wNTA3MjkuZGlyIzJmZHJhZnQjMmRpZXRmIzJkb2F1dGgj MmR2Mi5odG1sLmh0bWwjMjNXM0MuUkVDIzJkaHRtbDQwMSMyZDE5OTkxMjI0Cj4+CmVuZG9iagoz MjggMCBvYmoKPDwKL1R5cGUgL0Fubm90Ci9TdWJ0eXBlIC9MaW5rCi9SZWN0IFszNDIuMjQwMDAw ICA0NjYuMTU5OTk5ICA0MDAuODAwMDAwICA0NzYuNzE5OTk5IF0KL0JvcmRlciBbMCAwIDBdCi9E ZXN0IC9maWxlIzNhIzJmIzJmIzJmdmFyIzJmdG1wIzJmQ0dJdGVtcDUwNzI5LmRpciMyZmRyYWZ0 IzJkaWV0ZiMyZG9hdXRoIzJkdjIuaHRtbC5odG1sIzIzUkZDMzk4Ngo+PgplbmRvYmoKMzI5IDAg b2JqCjw8Ci9UeXBlIC9Bbm5vdAovU3VidHlwZSAvTGluawovUmVjdCBbMTMwLjA3OTk5OSAgMzk4 Ljk1OTk5OSAgMTkyLjQ3OTk5OSAgNDA5LjUxOTk5OSBdCi9Cb3JkZXIgWzAgMCAwXQovRGVzdCAv ZmlsZSMzYSMyZiMyZiMyZnZhciMyZnRtcCMyZkNHSXRlbXA1MDcyOS5kaXIjMmZkcmFmdCMyZGll dGYjMmRvYXV0aCMyZHYyLmh0bWwuaHRtbCMyM3Rscwo+PgplbmRvYmoKMzMwIDAgb2JqCjw8Ci9U eXBlIC9Bbm5vdAovU3VidHlwZSAvTGluawovUmVjdCBbNTIyLjcyMDAwMCAgMjg3LjU5OTk5OSAg NTQzLjg0MDAwMCAgMjk1LjI3OTk5OSBdCi9Cb3JkZXIgWzAgMCAwXQovRGVzdCAvZmlsZSMzYSMy ZiMyZiMyZnZhciMyZnRtcCMyZkNHSXRlbXA1MDcyOS5kaXIjMmZkcmFmdCMyZGlldGYjMmRvYXV0 aCMyZHYyLmh0bWwuaHRtbCMyM3RvYwo+PgplbmRvYmoKMzMxIDAgb2JqCjw8Ci9UeXBlIC9Bbm5v dAovU3VidHlwZSAvTGluawovUmVjdCBbMjQ2LjIzOTk5OSAgMjQyLjQ3OTk5OSAgMzA4LjYzOTk5 OSAgMjUzLjAzOTk5OSBdCi9Cb3JkZXIgWzAgMCAwXQovRGVzdCAvZmlsZSMzYSMyZiMyZiMyZnZh ciMyZnRtcCMyZkNHSXRlbXA1MDcyOS5kaXIjMmZkcmFmdCMyZGlldGYjMmRvYXV0aCMyZHYyLmh0 bWwuaHRtbCMyM2NsaWVudCMyZGF1dGhlbnRpY2F0aW9uCj4+CmVuZG9iagozMTkgMCBvYmoKPDwK L1R5cGUgL1BhZ2UKL1BhcmVudCAyIDAgUgovQ29udGVudHMgMzMyIDAgUgovUmVzb3VyY2VzIDMz NCAwIFIKL0Fubm90cyAzMzUgMCBSCi9NZWRpYUJveCBbMCAwIDU5NSA4NDJdCj4+CmVuZG9iagoz MzQgMCBvYmoKPDwKL0NvbG9yU3BhY2UgPDwKL1BDU3AgNCAwIFIKL0NTcCAvRGV2aWNlUkdCCi9D U3BnIC9EZXZpY2VHcmF5Cj4+Ci9FeHRHU3RhdGUgPDwKL0dTYSAzIDAgUgo+PgovUGF0dGVybiA8 PAo+PgovRm9udCA8PAovRjYgNiAwIFIKL0Y5IDkgMCBSCi9GMTAgMTAgMCBSCi9GMTUwIDE1MCAw IFIKL0YyNDQgMjQ0IDAgUgo+PgovWE9iamVjdCA8PAo+Pgo+PgplbmRvYmoKMzM1IDAgb2JqClsg MzI1IDAgUiAzMjYgMCBSIDMyNyAwIFIgMzI4IDAgUiAzMjkgMCBSIDMzMCAwIFIgMzMxIDAgUiBd CmVuZG9iagozMzIgMCBvYmoKPDwKL0xlbmd0aCAzMzMgMCBSCi9GaWx0ZXIgL0ZsYXRlRGVjb2Rl Cj4+CnN0cmVhbQp4nO1dTY/cuBG996/QOYDHIkV9AUEAe9YbIIcAhg3kEOQQeLNZLGYWcfaQvx+1 pFZLfM1+FFWU1D3twa7bnBZFFov18apYfP/nL/9M/v178v75y3+Sb/3fz18O6VOa192fJG1+3o0b dPWU6fT4J6lU9lSUbeu318P35Pvh8+Fz8//vB1W0D/Z/Nb88vSJtf37/9tvhfffyQ9fy5fmvzaf/ JTr5S/Pfr8nf/9E0/tT3d/zC66Gqi2Ycaaqy5p8v438qXefNSJrPTXtq//P45V8Of/tD8ttxYPqp agevugGO//lOFbUpddOpXjTk7+dHm1FktVZ5UTk/jzvOsn48JtFFdfr4eshMfpxPmuYN+VX30Rxp UCjzZJrRa7tdl0+6az/38+Lo/0ien0djrrP+j/PzZMyjsdXtaPoxn9+Vpe1oYGxW+3ku535eHP3b Yxais2PMrjG41iUGnS+v9eu43ZPOl3nDxUtCdG5IVTx1pJrwc2b6QeTTMVjt57mc+3lx9C/Gz5np CZFbvGF6JoCxTdpHcxn6eXH0H4nOjjG7xuBalxh0vrzWU372o/Nl3nDxkhCdK1MVffcTfq5MXffD mYzBah/GPOrnxdG/GD9XudKtytRT3qhybY6fYWzT9vNczv28OPqPRGfHmF1jcK1LDDpfXuvXKd28 6HyZN1y8NB3zyUyrwWiZZfsUxiQq0+VRFyQqT/77r+Ytn1vbJsCCUu3PeDBdi8OC+n7lwY9fD+9/ LBKVJl9/TroRvOv++tqN+l0z7CpLvv6U/PE4qD8lX389HA3GvkG3DeW5IWsbqnODsb/R9fHpaz// SLTOtbpFWueZvj1a18rcIq1rnUei9ZnOnWfX/HF+njhCHt+nxJj70pZU9XH1LpBKF60EqE0/S/3B pkPXYIYGXbBvpDXt4wfah2ENWd42qHRoUd0K1eeGwmrQ9jfSZ7vhk/Ua6DSt2obcPTKddiNT7td4 9GozpOuRKUPO872/X3mwZZuGuiq7xDe5PvJNZu+w0XbR9hI7dpixaX+NBsBZP9obm/fxgz1SID10 arNrvxaL5pJ9svsoGcVURYcO44BvwNbjj8xfSiCyKm2aApEdDF+5B5Z9tPpAAsHk6FuAx9RHexxA QnsufOic6urZJiGMA14LrP1sz8VeBmywXxuyTWEZbNZGdoDp86XkVIdHgB70EfXJVjMg6oy25X3m IGIrqxcI3SydSl2UhyCpgCVgKbrVUwE7cel0Oh1iFjAW35u4v4Gx7Lf0VsIV2wNfC0PnC8EnR0eK 6w8jta01j/0tIP+Ry+hcgITqgz0Oe/dqOjAPQUwtTw1aRrNHRFSopOBZJL2jbDIPcU41QABT9bZ5 wJ5aKuxUOpV269iyIfodlCRXxRIiI6JZIaOo8sHZAf5fRSI8/CMm7al/xFU7NxH5DkIJCjSF6YP0 A6HLXQhqEHu4ZbClgKXmGyEhlvreNOhCEWK0mcqQjU33K2ykuob6yvJRL5L73T18d00R0/lz0Cxg ch6cB52C+KeKqW+QUUylW3jBhpdwQ3YCMt2TPjSpLau0sZ4BPyREd3FZHQP9C1mpAEkG68Dhr/ko k0uALtzKWVlN9zISkXMVDM0mgIeJABT5ICip6sqliXcLMmPg6QdLhVywMyA2hfsbDA39DN3AqzV/ E1J2J3ZiFFPbQ1xRkY+Iv408oTEOGwskHMXzN3IbuMjLUmpWQUAXqM4Dune0ch5xBa6K4C1Uv+E2 tdfW5e8uleZFPRXnyFTcm5mvrTkOz+UUcKoS1G9GZc61ooo2BJvg+D8wIuxlYHdwkcCah31oO3Mw uUwxtboRSHBPTsR+g9t7CToEBHv4WzgKQfetx95fyQ8xZTqVZBuaux6gERABOI1CIiFJNA45I6NE dOUc6u360YiR8ZA5wpsxNMB+oJe9qKI3nhFA1xbfMh9nCQdRlwp4U0yljIfzAiMJYAhgzJuxXkRi BjAwRzBDRoWYzEVUUKEehhbsVEpU3CEPnPm6fkTQZRt/SEYbUo/RY/dzGsIjsFEDxBJsGPBc5TLG lsYMqtLa7XeEqe0FDfWYXEBu2zaZGR5u5rquTu50ddaJ5WD+xwXP1XaAPSIs3JShuWwhbMYXD5h5 flZRyB4Ck8KW1B6J+JvKg6WSOs2m/I7qfr5/FBLM54kZe8Fc1nGoEWKwKcQzhh+2LVPl22I/Mqqq PBlZIRYyD3/cd9YdMAA3QznMPgrc3duB7Hww6fmBbH7cmh+mTunB6D7Ex4VL7X7Lxke2tzwpnZdm SuplJ6WpXoeIrIcuuBlALuCoUBTzaqPDdRv5SiHGJLAlFI8QSFmUOOa728xpiY0cwKceJ1z56RsB 8zMEWfZ1WEXswryqnZzLLSceJuA+Lfgn3McXyDXBdeBeYIDMCQCSOaNyd4TzdkCAQ2Jrc9PuYV7c jXkR46wSVjvg+Ab4ZvMTYm9fFopoiyIdCm2tIz95+JebNfNPoqKEDZDjEkknwCAAK3mkEPMyO765 eaurTxp2w8WlRAXoOiA/gHPdw6ifzdvzz7J5TI4fuud6bCeVLlyRfBnJbhf2XHa0jZ/s9giQBHAq F0s0kQlFGz9AzRM3uBDeJuVoJexlFSBlnUIvSDF+VmgVl3arsi5v3NsKzq9ZKrfLeiq4cU8BzcDx 4YdSakEdY0rJfcgTKmB2863FOJtKoFYYnwu383lccyNRhqzM/W8JAzPA39imiGlABUcESmDoN1wr af5pDA96+Hp5S480dHmwZ/G4n+JKUXa7pNtSilbw3quRIZLVjsmiqZ2tYDIqIm+m+MZ4b46YbJLg YobPViaF41s+2RUeL+g4O3exti6Mxds/Xl7sKw0K2JC7YPZbMDMHOoXXpvbA4PAZ9OGArOY0YFQA vkGT/jUUbHSUGriGYTisxSsEwmWAtYXwt91p/42tEoQqi1sF4PQL2ourIprYJ+rM1KrvtQeUF/aq uwJao25pzmVAidGAWJiHW8WjEh5WgURpK5GVMFUxXQkhK69Op916xFhXKbuR8ftu7G8Ab3rUnJfD SEX2b5kWTrtI5BANh2MCcj9E8s0kQvkBB9W5CQfGNY28hORXCbxWZB/Orxe1ksAPOB8Jc/EIAPE8 fJ5UHzGfSKYQzVnMvDXnUkSIzqgYKaMVtPKm7EaObsjxJFoBJFIp7v2ajoIYVGlOKbTI4FEySba5 e2C/dbTfeABylfvM9gL0h5zepXkCF6RfQKrRNiF8Dy1EU288KlVRY83jnPX9nRFeqD8KZSwF4ltF R0ZxFcZJoyjXlUCDAsh5J8puq/P8PMovUEY0AL0REd33l1R/bTtIRKTnV6GLVRFGYhvOT5uNw4cB pRwl0oJsIkNJWVwXGS2TVpa0d9yQJ6NUypMy89DVEjVxeNabXNLK0hiPyqckWgdoDTjZGgd5fTiu M197V46rIORSpUMmqcRphfsq3iah3nbmD9xiEk9Xp/jMqdquQKNgoWzpp9XF2Ser5HX0CQmjrRZy yme+Rb9RNNIj4wSlcZRwZMRDfotjWrb0XUeD7cVukNRg2SkuiDJvv+FWActyZ/XKZ53sgVPQFFrg IUGuSHeUn8LBd441+2bpzZKZAWeHYxyO80iuAObmGE8AGsEDGuHpk9eU6G5vSdkKR5ZUGfmQmyBx 1uGBxl4f+p7RWJsimM/B70AJEDPgsMBbAgohwDk1PhfOVAE6ZSeBprvKvoNEsr1H72QEdVF4M9VK FwfeMpftL9VQ2Kreye0aPpCIhBbhZkVAqSS+SXii3R0X5K4HuEGiIDecSAso2d2bV6Nd3AOkoJJ5 KANKZV9TBYX93n7vXOtE298IGAiU+QaWtY8G8j6wzPmWiHGn/eqinLLJlZuYcZfyihTbZIBtFDQK uJvGozQhPBLgYNO37IZAG1WN2yaoePs5lfG9ZwnkQ4BEIbV1uGEvAZ6LBIvyqpqqg3UvvKkrLbne D6SL6JT5kPwjPwyuWSsKi3Ujhr6XxoLTcjrWzQLoe4kO319WmYwgrktv1lw1E+2ac2p7LiuVSb1h y0Ti9NNeLi6YX68mG1kuPn63Qr9b6WYfmVSr5HX4rJ9UavJEqbr9UNRta9Y0VP2nb415XDxVdW6y dPhlMX246Pttv3v83HR3fCKZPqrqU7/Np+N3xy89/lKnk4eH8X47/HL4+IdYqILKVPOv5kWn+kLa TpjxQBF4wSFeLDNANUmkUTrKdF2Di6MkbweceLjnq2wCbt4OOTL2tnwXXi9gvs+wF7tsN9fe+WYx LbT+TnLbDN1GSX3aBt3z4KGHkUlkzM0YmQGog8T0PWIQMRLhJS6qeWipudrBxZZCQjjPnRRZp35G lHTTrRCWgJBKjCuDRMThXjAZ6m/EQakD9MX89CuPS+nnWz4eNwjxncxLadlKyKNWxPyIdBxFtlK8 6SRjy3uUDyLFAT04kxthPKOZB8d5cl6M02kIrnAbdH7iZMy41jVslNYSQzv2UqIdbDofsLQagaXV RbC0GsDSCsHSagBLqylYWo3A0vIiWFoOYGmJYGk5gKXlFCyt1gJLqwEspRnYHhn5AZpXAHGMdJiI 19MUqVoZMlYuFm4nDwkuLeBH4zhsDfQAPQKv5dfhboTrbwQHBhhnAoamhwoMWAbqZIo60Sp1U+Rm kuxESr3xoCs/b8KtJn6oKwB0lCjQEICHcfSDl4GgMSqPrbyOSuXX9wXcue1hMHArGmZHi6VKOAB3 FeYUOdF8EqlqsFPhrMCmSmbp9Op8Oj0Pq1NgR3iU/g1IF51vU4hULX5kx19XqRKXyIYcJI9xiazH OY+AO1JhYBx1CoBd1jnfGGAucekf0ToS0g+Z6K5b6WZu1ZbJGg1+IyH7dg2TRahi8zOgispcQhWV OaGKx08Wqtj9spg+XPT9nlBFlV1CFZvWU78ZoIrtL3U6eXgY7yqoojKDtWZD/h6ImIepzQsKbOTy va0UGZ+THNAJvWIo0nLPj/GIFGXhWRPzw3MBhR5DIqm+1ywuMkfWKQeP6zI/MuGRveOgmJCNU7gX Yq/eiQdD8OhsxLvlr2VdQkBso5FKGHgBjsSadvTmMMMbs4A53DGfYVz6VEj4DbeGh0SZeKYBJaIE Zhjn8uP5WN5uhHAM0fYATKevfQCm1mI/ANMJCV2AqZDcrt3sz1FWyqnIZXJ1dI1W1alXCDpxBwMi mQEZJ7C8O9ntAdB1SDn3bZI/tzopNj/fbCXRTkuAcgLh2vKD1pRid3kvzg3eYGPKeiouUdTBajsM m1EDFDm0+SGDDQP5qMVFkibrFDnMlaVEooBjvqCljEbMTlcD7rcusMjhr1WKSYJ9x0PV3pmM1/AB MPi4UxHj2M22tw0urcCliumGeFSXmvvaO7yzELbQYqlriV2PCz0CaiMF4GWwmLaECGHMiGUejR7u Tn9jh9C58SpX5nEpZlAZa6kCZFcAHC5wyDaKRxzl+IhEEQIJV32/BVmiLAM/keRhDW+ECERSblkx 3e3oq0c0CK3bG/K6/wOTsH/ncSuDu7OWIoWLIG2h1KI+3d5luqEXw9BNR3cFbAXA5PgqksI2GREk yS73Yi8wm5g2xokGp9O5pZezP0NJp7J82r/6YE+ptoh5unYYwMNRCkBqdZLBDRC5NKHqPCqhdGov RG5NSdu7kDdAH2gN2g1AWqNF52nSmmwm3AbKgfKPv2LvNySOzXjanrrwTFWWHWdalicxiuXC4FYS 8ETtzdGL0ZHI/2j3AZJH2WrD5gqQRDpMzDh5uzUfR5Wm90IJNJdAJo9AuuYn+d7QQxXtxPq/vr2G Qpifk8+H/wOxMYhnZW5kc3RyZWFtCmVuZG9iagozMzMgMCBvYmoKNDMzMwplbmRvYmoKMzM3IDAg b2JqClsxNCAvWFlaIDQ3LjUxOTk5OTkgIAo0MzguMzE5OTk5ICAwXQplbmRvYmoKMzM4IDAgb2Jq ClsxNCAvWFlaIDQ3LjUxOTk5OTkgIAoxODEuMDM5OTk5ICAwXQplbmRvYmoKMzM5IDAgb2JqClsx NCAvWFlaIDQ3LjUxOTk5OTkgIAo3NjcuNTk5OTk5ICAwXQplbmRvYmoKMzQwIDAgb2JqClsxNCAv WFlaIDQ3LjUxOTk5OTkgIAo3MzcuODM5OTk5ICAwXQplbmRvYmoKMzQxIDAgb2JqClsxNCAvWFla IDQ3LjUxOTk5OTkgIAo0MDguNTU5OTk5ICAwXQplbmRvYmoKMzQyIDAgb2JqClsxNCAvWFlaIDQ3 LjUxOTk5OTkgIAozMTQuNDc5OTk5ICAwXQplbmRvYmoKMzQzIDAgb2JqClsxNCAvWFlaIDQ3LjUx OTk5OTkgIAoyODQuNzE5OTk5ICAwXQplbmRvYmoKMzQ0IDAgb2JqCjw8Ci9UeXBlIC9Bbm5vdAov U3VidHlwZSAvTGluawovUmVjdCBbNTIyLjcyMDAwMCAgNzM0ICA1NDMuODQwMDAwICA3NDEuNjc5 OTk5IF0KL0JvcmRlciBbMCAwIDBdCi9EZXN0IC9maWxlIzNhIzJmIzJmIzJmdmFyIzJmdG1wIzJm Q0dJdGVtcDUwNzI5LmRpciMyZmRyYWZ0IzJkaWV0ZiMyZG9hdXRoIzJkdjIuaHRtbC5odG1sIzIz dG9jCj4+CmVuZG9iagozNDUgMCBvYmoKPDwKL1R5cGUgL0Fubm90Ci9TdWJ0eXBlIC9MaW5rCi9S ZWN0IFs1MjIuNzIwMDAwICA0MDQuNzE5OTk5ICA1NDMuODQwMDAwICA0MTIuMzk5OTk5IF0KL0Jv cmRlciBbMCAwIDBdCi9EZXN0IC9maWxlIzNhIzJmIzJmIzJmdmFyIzJmdG1wIzJmQ0dJdGVtcDUw NzI5LmRpciMyZmRyYWZ0IzJkaWV0ZiMyZG9hdXRoIzJkdjIuaHRtbC5odG1sIzIzdG9jCj4+CmVu ZG9iagozNDYgMCBvYmoKPDwKL1R5cGUgL0Fubm90Ci9TdWJ0eXBlIC9MaW5rCi9SZWN0IFs1MjIu NzIwMDAwICAyODAuODc5OTk5ICA1NDMuODQwMDAwICAyODguNTYwMDAwIF0KL0JvcmRlciBbMCAw IDBdCi9EZXN0IC9maWxlIzNhIzJmIzJmIzJmdmFyIzJmdG1wIzJmQ0dJdGVtcDUwNzI5LmRpciMy ZmRyYWZ0IzJkaWV0ZiMyZG9hdXRoIzJkdjIuaHRtbC5odG1sIzIzdG9jCj4+CmVuZG9iagozMzYg MCBvYmoKPDwKL1R5cGUgL1BhZ2UKL1BhcmVudCAyIDAgUgovQ29udGVudHMgMzQ3IDAgUgovUmVz b3VyY2VzIDM0OSAwIFIKL0Fubm90cyAzNTAgMCBSCi9NZWRpYUJveCBbMCAwIDU5NSA4NDJdCj4+ CmVuZG9iagozNDkgMCBvYmoKPDwKL0NvbG9yU3BhY2UgPDwKL1BDU3AgNCAwIFIKL0NTcCAvRGV2 aWNlUkdCCi9DU3BnIC9EZXZpY2VHcmF5Cj4+Ci9FeHRHU3RhdGUgPDwKL0dTYSAzIDAgUgo+Pgov UGF0dGVybiA8PAo+PgovRm9udCA8PAovRjYgNiAwIFIKL0YxNTAgMTUwIDAgUgovRjEwIDEwIDAg UgovRjkgOSAwIFIKPj4KL1hPYmplY3QgPDwKPj4KPj4KZW5kb2JqCjM1MCAwIG9iagpbIDM0NCAw IFIgMzQ1IDAgUiAzNDYgMCBSIF0KZW5kb2JqCjM0NyAwIG9iago8PAovTGVuZ3RoIDM0OCAwIFIK L0ZpbHRlciAvRmxhdGVEZWNvZGUKPj4Kc3RyZWFtCnic7V1Lb+S4Eb73r9A5wHhEUlJLQBBgxjMT IIcAxhjIYZFDMJtNsLAXcfaQvx+ppe6W6mvqI9nUq902ZizTarJYLNa7yI9//v6P5F+/Jx8fv/8n +dH9fPy+Sx/SvGq/krT+/tBv0OWD0WnzlZTKPBT7Q+uP191b8rZ72j3V/7/tVHH4YPej/uNxiPTw /fuP33Yf28F3bcv3x7/WT/9LdPKX+t+vyU9/rxt/7vprXnjdlVVRw5GmytS/vvR/VSYtyoeyfq7b U/lr8/K/d3/7Q/JbA5hu/tB8rAWw/+sHVepM5w9Fqq8C+e380bovU2mVF6X1ud+xMR08WaJSUxye VT11kzVQ1V953Z5Vh+dmcmWhsoesftayXe8fdNd+6ufF0n+Dnl96MFem+7I+D2Duw1boBpwW5v5Y +7wBB2EbtPfmcurnxdK/hDkSni0w22CwrcsUeL681q/Ddic8X6YNGy0NYW53S7P5bc99mL32W1Ej MctNmpgyq/8l//1nPfJTjDUu8pppNY/VcC8VedZCXg3nL9pP+Or182LpP9peKvLcHJ6rIV0WeVEc 6A9gG7T35nLq58XSf7S9NMSzBWYbDLZ1mQLPl9f6ddjuhOfLtGGjpUh4LvOylW96SM9lkarmuW4f wCDaTzD3+nmx9B+NnnvgDGijB84QtmF7by6nxxdL/xPh2QKzDQbbukyB58tr/Tpsd8LzZdqw0dJs sqFSicrTokpyVSYKRcPEYilPy3poXb9YiyYY/KgaV6Ao+g2U1dpCZur/dT3H/DjOU5jWqg7ffWDa FovW+jbywc/Pu4/filorSJ5/SVoIPrQ/nluoP9Rg53ny/HPyxwaoPyXPv+4aJb1r0IeG/bnBHBrK c0Mm32j7+PrczX8iXO/3Zou43tdEuDlcV2aTdF1lU9F1z7x80D2WlV1kWfa36MTdBjggo2Z0tfV8 CR25brChiyPlqULMVX2Rk5cNSsuGVH6kEg3mkXWqi4sY9THY30Y+2GLFhhSlsyFWugXPzlP8LCfw 9dCQ24lGp4yslJKdlqJTVco+JGDwkVSujo2ae5P7IkZRe7lFvskG/7ngsFrOBXAKpNcOq4zs9UA3 4QSgy1wQgJwwzk+StJJEzwkAJwxIC6AZuXjqkRIRzAUoQjYgYLBDYC4Upxpol0LKiRmJSC4U3yEO 5OC/chwOfIPvIWDfQGMRcDoTg2gbqpFRLNzvSnbQCcnSA0OwUkAxcqVw6Th7CEbqBjUVpdVwFe6q SoOVygja/CTJKI5ETAX2O5W3x1eBWQPJU+3FQa2CNeaMFiTAXa0KVKuyEZTtZSewPeEjVCPAN+Qo Dn3A7ACHsNoWvgGbKgaBXCub0owJJ44zCqsD3cFuh20HgE2xdlH0vU8RtYaqOEqSVExXf6bkHoFB otkBK8UVT865YWGAUXMrQ8LBtagoJARwAF/m3I8LHdiFsHJ0ctxyi6L/L8XKjDLDHbOQOhBgdzmo 5kAyADqlEG51g/ZnLnkmB8r45eeB6urwPldsPQc9kErV+JUvaaPFITZRHAlFf2J44G/gmkJDq9Eo JRdkzAQBOgBuQ43JTtXu2b2PokHljgK8so+iWmpT6chk5LgaejUXyA3YwES2UCtwTbUf4m3MROGe nhjaFOfBIJJBaM+iPKEo5E4qLj4AjpxKTw6pvzsNpQmsi79bz8F0pOoF6huAMfB83ZCBygmG61+4 tlzsc48cd5THwDrMhVswdLbLmrSRIwmAoPIsZK6VFpnSziqc+UplAdf6+HYARwr0ESNwcp2SvzHX cVEO17rjpyPOqlRuMS0blL6IjmQWVUenYkYBFsk85Iy8CjQZgBSYBvojgTipEYfDUAsAHDQOegn3 WIJVB7tXTcear2SamcoF3b0r/Zj7fQD0kKh/gEjw99i9KwlQpMWNSYBOfdGlM793UJrpjnDYABsS AMGWyNXB1EwsHtXoAhy7DlG8LVuNyxg0d2vNV/CESKJJPEY0HYHHtB0iAxFDh1l+9G/H8GSiIsLj XnT+a6HcebbllkSZf/INGohy1wVkPTtssoBoGyDV3wuLi0vFVogzx387OKhplE0jTj9J5YDH/Dk+ kJR5fJ6uNrd+eWaJs5p6LZ8uqiGjdqBurlL7JznYjMw4Ymiv3DcAt9yprxJH4aHaCPJxqclxTkWZ rEP6MZAh8CEe+wpIR4ccwFlCKnenFAE9xCkV4C2dRfWbUq+9OjdzLxgo10q5JQxExZ0HPH0PRTn4 HAGLPAUUPGbQR0w5VVql8DtTodYi26YJZACCuDHEfWU8J5iOgn3wZLAYebU8BIdExgWTvw3qsNox 0osADr6VaTR8nv0RKQRX5UNuF5BHHZK1FJA8tq587ihCJk+VM91N4yzlHiZOiFyD9s/JiqK4L5S0 EEGiRnE4ejmP7cHOg1Milydc9MYBthsvGjoyyjwNBih1ntnCYgINQaegQPHyVDmXDMgfUsFh+nIL af6RG8JY6iUN2CYr3AnzlpDIN5kpr6fUTPah5bCZhBSGhU416L4xhqXOMvNNIhkqUqaAFIbVsLYS 0kzSqQYau25PjWtYTarOYJh7/cax07W4AuWwWYuxXmFUVyp1LljIjByGly5SD1TI0Tb+9ZAhUV++ uP5VIQ6Tg7gQcHbuTvCPNmwngL8h+2KZyMmsyVxXiouizaI7ywvUp/zjwt3KxJFk+uQrCCjFu8fB tiH8HLJoeRgAtt0UgmweD81Mhe4800bWTPKANsBhIKTJ/XMB0TjubAZViB9i4L+jAhIvZo35XsuU MyW48jwZoZuriSxMYV2rKTJzZ9L9Ao4jW/kpfmPDxjjkK4rA4IL8rrZfi+R51PY11yXuJee6q77j oE/j9+kco71DZDpPce/oChVjwTtJldtlOWg3fI+AlhVwMvB7qqpU7TlM51XYfFWlKsSMYhhAU9ZZ XluJaIxYwQ2VuATkKNzrLH01y9WWIjqctBDhYMdJTBFMyPFP6gnRViPWJhan82YXSvtezXYIyOCd 6bzpe02kAFV6BEPOPV6LbTrJ5Rk3ZCNNaazeNArjiIfqmHy4QdPUp0ba+QqSMaoKiDFx9948JzVs J8cX4JjnnD1edx5QVB9QijRPvWcAHJSDOhSezVIT6CBRApKLOD5goagVs1yIrVJD7j/rZo8iufbK fYc4xIciXIIRg+uEHI8DwwZsKn7VxJyFFROfIHCDyqDPQs2j2IHShufWd4nlvZYLup+My3XJ1v1u /As8+a0fDqZuiFcigssh4saLw4h1VCHCq4ZhHWIsVYxKy3eudyELkBcp8bSMtZyQ0tWJwLEaN3k/ y/6kBmIlS8DtKx1X15L9VHYCxUKmr5IO4AYT+kZXDjN2GQNcFNNR+QionSYwcslLx34LO6gp1BjB /C2phsAXIG1yyVNuS20vCeIxv7X4G2JU1G/3PM55/LGriQpB3sMsx/i8MwtkvUmP7ypLPqJ1HcVy KDPrGR03vR9u+8xXrn1PIlCmyQcKSKqJoD7cNPVPk1QTkEPAfcAT3s60vCo0z10lXyKKi/Mx62sx FWZJoNuO7eCgYIDLF04gCGF+C3mNuK+WSyV+3fQyDBR9NNIT73CXo0SQMd7i86ZloYPrnlKyg8HO TzN1OAGWi0sa3NARM5fK02G978yI80/s5OIBtaWAk1g5cfOF4nybc7KAI1wkPuY5InUhzW/D6xJQ 6B7i8OVwUG92QCYgBuV4VkaAih5gn1Lng0ORQ8B1GlMmvpbnQ8gdwsfcMuRY5YcYcH9EgJdjJt14 kmSodZ1LPLIuG1bJbzmwXZ08BjywrSESFBD6vsF48kj4vBNY/elCJ2Dd86K7loZ7+QOAAJgewlpe oGoQFJMGw6tyfwTmnrPoqXHEsIs3zKSjRIwC/Ls8uBNQyj1LyB0pCEbh93EEaCjb9dXOk/DoYFry 5ACuw0xzg0de7gUjn3AhYlg1eY2JmIsXwHV46jGvo+CV2iiWAmqgYthSXE7xgysCrPwpnC0LuadC bpGUSmWMa2VDnGABueqTnAcJZYbxDtj12UBIH9QBfoPZhtcy8lwNObnLlX/+oWskkXiJXXmNXyu9 AyXy8AWc1We5ndBLC+WJPFzpDDjrIuC4nAiuNYzvBJTD3xMwnxc4ptjfjMPpS/kAVMhvHguwhLH8 J8A09i/UjXJBAz8NAHYUYAw4bBz5YHLBYmEcnl0NtOxPVFghFWw/xpE5RruTyGplToACSU86cYgr BgRr/M/xDDmSKwSyZZIDOSsHfsgX5qbNFs5B1lY4cu3hx0U55FTvzKk/z0EEEe/mzFWaHbvlF1xy Klptg46JM1W54yyjb4BkhquyoA+Ly9FL3PNLUr1YAsOZ8aAzjjPeAOmeEkUYYqUpL86gR8JZFpXO VtsQFWfFnZ9542zvQWdTNGReVhKbTeVBAaunZ53OvDbyKly8HDbircW51ktvV+CbE27X5Vmtf4Oy +HNH9HOHW5zBYgMrWL4B2Wsho0BCMuhNdC4hSkGMhg3LqtULQG1uUtHiXCjGQsDd6eCt5edqQQOw A+gD+JQlDWGEg6BjgZti0AflMWiJ8DvtQQhT9uiw+v4NCtZ2O8S/QVUvn9RERqKSfTjIOrpRb4qB 3hvW2cApyJKBO8a3wc7h14lYHNO9Blm2MIm4iMuFiml1IbkyxnLr2hgCuPBbiS5kM56v0oWiMHJA EFCq/46JYZGhgkW3kIO/PIJytJAupCRL4WuroFZqHhu2x4Xq7+St5kWqODCX7seP19BKpafkafd/ 81NNMmVuZHN0cmVhbQplbmRvYmoKMzQ4IDAgb2JqCjM1NjQKZW5kb2JqCjM1MiAwIG9iagpbMTUg L1hZWiA0Ny41MTk5OTk5ICAKMjMwLjk1OTk5OSAgMF0KZW5kb2JqCjM1MyAwIG9iagpbMTUgL1hZ WiA0Ny41MTk5OTk5ICAKMjYwLjcxOTk5OSAgMF0KZW5kb2JqCjM1NCAwIG9iago8PAovVHlwZSAv QW5ub3QKL1N1YnR5cGUgL0xpbmsKL1JlY3QgWzE3My4yODAwMDAgIDU2OS44Mzk5OTkgIDIxOS4z NjAwMDAgIDU4MC4zOTk5OTkgXQovQm9yZGVyIFswIDAgMF0KL0Rlc3QgL2ZpbGUjM2EjMmYjMmYj MmZ2YXIjMmZ0bXAjMmZDR0l0ZW1wNTA3MjkuZGlyIzJmZHJhZnQjMmRpZXRmIzJkb2F1dGgjMmR2 Mi5odG1sLmh0bWwjMjNGaWd1cmUjMmQzCj4+CmVuZG9iagozNTUgMCBvYmoKPDwKL1R5cGUgL0Fu bm90Ci9TdWJ0eXBlIC9MaW5rCi9SZWN0IFs1MjIuNzIwMDAwICAyMjcuMTE5OTk5ICA1NDMuODQw MDAwICAyMzQuNzk5OTk5IF0KL0JvcmRlciBbMCAwIDBdCi9EZXN0IC9maWxlIzNhIzJmIzJmIzJm dmFyIzJmdG1wIzJmQ0dJdGVtcDUwNzI5LmRpciMyZmRyYWZ0IzJkaWV0ZiMyZG9hdXRoIzJkdjIu aHRtbC5odG1sIzIzdG9jCj4+CmVuZG9iagozNTYgMCBvYmoKPDwKL1R5cGUgL0Fubm90Ci9TdWJ0 eXBlIC9MaW5rCi9SZWN0IFsxNjguNDc5OTk5ICAxNzAuNDc5OTk5ICAzMzcuNDM5OTk5ICAxODEu MDM5OTk5IF0KL0JvcmRlciBbMCAwIDBdCi9EZXN0IC9maWxlIzNhIzJmIzJmIzJmdmFyIzJmdG1w IzJmQ0dJdGVtcDUwNzI5LmRpciMyZmRyYWZ0IzJkaWV0ZiMyZG9hdXRoIzJkdjIuaHRtbC5odG1s IzIzVzNDLlJFQyMyZGh0bWw0MDEjMmQxOTk5MTIyNAo+PgplbmRvYmoKMzU3IDAgb2JqCjw8Ci9U eXBlIC9Bbm5vdAovU3VidHlwZSAvTGluawovUmVjdCBbMzM3LjQzOTk5OSAgMTEyLjg3OTk5OSAg Mzk5LjgzOTk5OSAgMTIzLjQzOTk5OSBdCi9Cb3JkZXIgWzAgMCAwXQovRGVzdCAvZmlsZSMzYSMy ZiMyZiMyZnZhciMyZnRtcCMyZkNHSXRlbXA1MDcyOS5kaXIjMmZkcmFmdCMyZGlldGYjMmRvYXV0 aCMyZHYyLmh0bWwuaHRtbCMyM2NsaWVudCMyZGlkZW50aWZpZXIKPj4KZW5kb2JqCjM1OCAwIG9i ago8PAovVHlwZSAvQW5ub3QKL1N1YnR5cGUgL0xpbmsKL1JlY3QgWzI0Mi40MDAwMDAgIDg5Ljgz OTk5OTkgIDMxNS4zNjAwMDAgIDEwMC4zOTk5OTkgXQovQm9yZGVyIFswIDAgMF0KL0Rlc3QgL2Zp bGUjM2EjMmYjMmYjMmZ2YXIjMmZ0bXAjMmZDR0l0ZW1wNTA3MjkuZGlyIzJmZHJhZnQjMmRpZXRm IzJkb2F1dGgjMmR2Mi5odG1sLmh0bWwjMjNyZWRpcmVjdCMyZHVyaQo+PgplbmRvYmoKMzU5IDAg b2JqCjw8Ci9UeXBlIC9Bbm5vdAovU3VidHlwZSAvTGluawovUmVjdCBbNDA2LjU2MDAwMCAgNjYu Nzk5OTk5OSAgNDY4Ljk1OTk5OSAgNzcuMzU5OTk5OSBdCi9Cb3JkZXIgWzAgMCAwXQovRGVzdCAv ZmlsZSMzYSMyZiMyZiMyZnZhciMyZnRtcCMyZkNHSXRlbXA1MDcyOS5kaXIjMmZkcmFmdCMyZGll dGYjMmRvYXV0aCMyZHYyLmh0bWwuaHRtbCMyM3Njb3BlCj4+CmVuZG9iagozNTEgMCBvYmoKPDwK L1R5cGUgL1BhZ2UKL1BhcmVudCAyIDAgUgovQ29udGVudHMgMzYwIDAgUgovUmVzb3VyY2VzIDM2 MiAwIFIKL0Fubm90cyAzNjMgMCBSCi9NZWRpYUJveCBbMCAwIDU5NSA4NDJdCj4+CmVuZG9iagoz NjIgMCBvYmoKPDwKL0NvbG9yU3BhY2UgPDwKL1BDU3AgNCAwIFIKL0NTcCAvRGV2aWNlUkdCCi9D U3BnIC9EZXZpY2VHcmF5Cj4+Ci9FeHRHU3RhdGUgPDwKL0dTYSAzIDAgUgo+PgovUGF0dGVybiA8 PAo+PgovRm9udCA8PAovRjYgNiAwIFIKL0YxNTAgMTUwIDAgUgovRjEwIDEwIDAgUgovRjkgOSAw IFIKL0YyNDQgMjQ0IDAgUgo+PgovWE9iamVjdCA8PAo+Pgo+PgplbmRvYmoKMzYzIDAgb2JqClsg MzU0IDAgUiAzNTUgMCBSIDM1NiAwIFIgMzU3IDAgUiAzNTggMCBSIDM1OSAwIFIgXQplbmRvYmoK MzYwIDAgb2JqCjw8Ci9MZW5ndGggMzYxIDAgUgovRmlsdGVyIC9GbGF0ZURlY29kZQo+PgpzdHJl YW0KeJztXUtv3DgSvvev0HmBOOJDDwKLAWInXmAOAxg2sIfBHBbJZBdBMljvHObvr7qlbkv1Nbso qvTqlo0Z2xU1WSwWP9aL1Pt/PP8r+fefyfuH5/8mn5ufD8+79C7NXP2VpNX3uzZBl3dGp/uvpFTm Li8O1M8/dq/J6+5p91T9/3Wn8sMHmx/VPx67SA/ff37+Y/e+7nxXU54ffql++yvRyc/Vf9+SX3+r iF+a9vYP/NiVLq/4SFNlqj+/t/9UJrXmrmJKVfSU/rl/+D+7f/4t+WPPmL4rD8yrmsH2n++Uy6yz dzbVg1h+ffto0/peWL7f2w334i/PEpXpwiSZrh6s5uB/v+++Vt1P0rlTVedZXnWuykRh13lqnFZZ Xnp/b3dtTNOVTZwt7f53ZaspNzarPlF9ZRXdFfvfK3o197nac5IqTem6OEy8brfz3dP+Xi2+tnh2 pvny/t7hucVbptIDOweeW31lutZDyluX/jaWt3a+e9qnPAvJ2cOzjwffvIwh5/Nz/aMrtyA5n9cN ny51eT7CnwMw6Ldmra1AMdVZBaPVAjqum6c4ZFKH7zYzNcWDTK8XPnj/snv/mCcqTV6+JjUH7+of LzXX7yq2TZ68fEn+vmfqp+Tl224PxA1BHwjFG8EcCOUbwdIn6jY+vbRxox/Uvl744GFAKtvvBmeH 5Ko/Ml3aLjclZQ8GcOmJxRJWzPpGWARh06Bz8jiA13AUqnaVK5wI2AE0+0QEISME9UCfKPo3CmPJ KaGkBEcJHyjhnhKA04+U8IkSHtluoQ3arUq50aIIaRuaykPB3PLqwBIUDG49yr8+FDKqhy3EL2WY KonFLtEor6kbYSMMU/7bImhJFNI9bKGZrKVtF9oIV0GwYGBN0q16lAQM28NsAQL1HtDQB++hf6MB LslCFGIjbIQlbn2ifk62WRgbYSNsgBEKGMUQC2MSm0tBXHAp878RNsLNAUbZw8JYTzBpC5xuhAUS rgAwbHqVZSiUUwXRFoF8r4Z05pbv7Up9NfneaQgWJmqFgKFGrRgBhVCgZZQACoFqxzs+64E2StBs RFcBgUoMFhmubZgXkDq0MQZgGIhwgzzmySxcFUEUMMxNWBiLYWwjbIR1A4a9yppUcElgn5JwSeCJ CJckgsB6MWAdIAEMCpAYO9ka+AB3AnrhrcfV+BfrITSekBBg5KLlo0shLCXoCRY3DUhocOLB4aAo pCFCIeEs0JAF+o4RrhGEX3hPCHCK9fvHAa6izyLzrbFM79dYpo6tmrpflV6YqlpmmV+5TU2wdHu0 VEStQ3uhhd9vbTRq1zor+EgIMP94EqCkfACn0CjtFvmg6wF7ARF+ogRYdfARdrSgVChCnjGQGCxU XoS1MeDoerigH/pj74/gyoXV7zn20eqWcsr3gjPHKy7EUqANiIJlVMgwLx6T9JImw0dg9mHtQ6P0 Iw08uh5tgEoFCBm65bUQ9IP/CMiDRakmwnmhUX60wJiP06HYX9ou+AeMl9VUAD9EoV5l/czGpbP4 ucL55oEb2qACUR84JEeB8GsZBtfHwvadvteZOciw+tHZlVsIUSNV7scQk1IJfaQEKhAFR/qhWyp2 CwYFfMSdh51WL+78TLWeuOdYRwi9p43C+qfdQhvYLWgdHS3eeQBtUD4CpE4nW0G3tJfG9HG0UZm1 TatdhlmLmhLAbINNF7ay9RiHoUdee5kHIruOzlIyu/05UXRxB4iZDciNYg/weohqx+sQr6lLdQ4a 13CgDuX5XoVyVXR3oRZn1JA3IsCk0rpjoyWRiVdm2DIiLIaI9Q7dsj5oDDLNs+wk4B+j3Lz1DzAE ImQdSlCYUWIDIgY1PxaYfdahQJMb5MEzxk42HzsCPsw9lTqv2uvxOHj96B8s8KmUEEzbwicRVCqe NU9R3aVVB85R/6geaiof6GFnF1AIgxIw2ojo0QfK2Chh4KVun3MZqeyuzbexGJny8uB7gUbBAmfH Aks9IBzNbn0GinLZbH6MSe5x/Ia66HnZhVgMWsKuDEgGoEOZ16JWe3602gNsP2AegrTQRoT/1N9a niYPgoxFWHbzWLoR+6Wtt+lWzlPTHK+mpp2EOYQOBux+gF0gkGns+JuynyJscA2csh8JUIeI6GL/ sQTDw+BsU9FF4am9geLkDazX6cLUsedERWsfhtQx7wyzpmwEZCBjbKPBidBLJiT7EZwoNt4eMHP9 A/AYxOQRkw8v8UrHW/K00SaYGpmO5KK6TvsEAlUholHdIj0BhIBbum2ZE2yZIkKWcClZd2EpcfDb isjyGItayKc0RpmX1dgkspirtY/XqexSZSzhJCLqAsxDZogvVoVe+MniA3m8iwlqFaHNPFBv0DVU hKOYqQGbzlKM0GnSxJMEvmMShSO6U0JQbgqvhkwT+hZ0QorM74SMWlpS5Ccp0n4CvGEwImopqj5n JLbKgCsG80mCMgE5ii0mzcztUhzshaR5ZHeqsncIWt7pUIST1fh/E8WkR6wumt3+i/H+17Nv31be F4sY2CNSfMwpwIPic/gwl+ypughljwi5BR80mK1wsHBzuzKjeOGsuSxyamAmBGUnClnnI3BjHNPm gcqXXhu5kHKDdiqQxZZ48r7hDXhLMlhfKu2bTOyYv9Rpkmo8bIM/d7Leksf1mFwR54HW7LTMZGAK hnlL7T1B2Fx71NpBROO8pb2GI4TzWMfTbJAT1auxcQ6Jq1/wyAN/4wymDrYobpBdMnsUNya9KKeG QviYFUw/FzbmcU6zyQR+czK8GJthGr9kKRHH20KIUZyQCK8cGqWD44FJ8M4RYYOZdyAgesTXCbLp 6YByrYjzfTAWNlhkataV6iFDWXAvTj43Whlgh8HGMyswDZVAqbsSmMmGniZHP5dfclNl4fy5sYDR bjv34J17mgoNuVSAEJaXJ0t2KZcGzBqlH3o7Wpp2pbol7btjkcns9K+2CTBmI0pWYPye98NdCqDP Y0PfGLiP4ZbxVwE28pBBapcebc6Yfaf/LSox1k/EVAmmA5z/QkFN3z4gmg1wohcK3tjS3I6e9pX6 NZ+tCXi3AKunAYf1AO2XKvUbAwOBfVr00innv4MwphKEz4WwZ4JiTt5slcSXxyLjlCw1Sh8QpMUc PX9R1Txqd13+41LW0MwF2y73FvGNGYQayry1XeYjXHmRjBFbsu8789onLgmrCj3ISSy17XSi/P63 3NOJUJHFloYElJfwKZkxjsSNk+dZVqWc0HZQ+KPncuV1g9Gf8irhIPB37EqsfxaGkUCrmiIuso1Z /3zhI2+GRiRLJbSsFdg86didTpsv7+9tDQx5/vnhl12a/JXo5Ofqv2/Jr79VLHxpK3bPTg9q7xKV nc1v7ZU+T09eMb5dlhoSGrC0/xM4Y0Co22jXxMC7rTzo6qjGwkvIcqp+EDVv6QG859VzCA0WCtxQ ceHNJc17b9vDhbITeBcmCAR02GNsdHUYcLKm8HrYE2APbxHL06I8MrPeQvuAsBYfCOIPM4JXG3ov w+yhomlO4cocGI8o+IX9FkzSpVbvruh1ZxFvoYV5wUgZSIg/7wanpgTK95dTAZnlqovLEWsXRfQg wlq9Y7jj+1ADYBcmPMLBFKmCgl7Y6MoW5uCkHpF+mfIoyvRB7fkrr1tLu+OK2LOuiP+pEGszoIMa TzIfoNg07yIKmPua6gcQFCgMXzRGe0nBPIBGoVvqh4CnpqENj4nVh4DZWHiC3ac1bCi+XMPwGa63 DJW6rnrzkT9A6guixwkGrQGjkjbaPDGPK6YMFVN0LVxrz49IS8qYMDa13eEIvtU2V6b0jXic8DYb u7cFfQLcQHjbuOfVXiLx3Vyd3liP2xyFPpvRrfHMZkn3Rr5ZvB6ADzrZ+gmIF13whQJMYeilXkmt 0A4O2NAXaWBshE9p8L4fnxWKSCR7PJsVWgdGq642x+P8PLBuKs47AxAsxs1VfkTXaYJuiHKeVLIQ hpV2jRi24iDqet4uGhAA5FPQ/U8wYbiDd8TZXUHwEPhQq63MugtPFK2c8wptnposxLPQ+x9lAE6r k5wBvhQ4qBRWMFwBjRgN8AVlShBa5wGOvXZ/W2q8YVBkRAUEl5rWLlysfD2EpGOi7Tp1XmJTl5uL Swq8kDD3RJeDLSTvedXmR3A+dmhyqcFEOwomZl5MjL+CUwgTi3BHB+qMEQHPhDeAgoc1ATbR95Fx j8B64JNKPCzSCYvJmErUVvfvZZSDEjd2zWr/3H5IZDwi6yhw88BEFwTzsUqIYENJCXxkzCuxcl06 73jXVjA1+IosSyQiUBgdcbs1EiSq+qe5yv+myjLmOn2yrIuHem12/Ksv5rEXIt5X24bht5L1zDVf AD703wLq3/2NHZAs9wKZ25/wyE5ApsC8fSTjNxDXTyFVVyPIW025gjJ0ejjPc7gmflymm/62irBk 62lUsEahJB0jGS22MW9pzrfSd2R7J8xz/1aWk0qF87t8rOx0Xf341r6CpLCj8/sJhEnPzjSLsxUE glr9TFhQx+TlWIIymk5ERoak6crgCdAGvtyTEkC0VouO06aGpAPBhYT1DbYbVRnAlSaRDIdZLoEG QDGsz7jF510ahesGjRcjCXiCSgL0amxZWWe6waT1yKq9GVXfyWslD5UfBtb8+PwjtpThKXna/R9K tx/8ZW5kc3RyZWFtCmVuZG9iagozNjEgMCBvYmoKMzQ3NwplbmRvYmoKMzY1IDAgb2JqClsxNiAv WFlaIDQ3LjUxOTk5OTkgIAoxMDMuMjc5OTk5ICAwXQplbmRvYmoKMzY2IDAgb2JqClsxNiAvWFla IDQ3LjUxOTk5OTkgIAoxMzMuOTk5OTk5ICAwXQplbmRvYmoKMzY3IDAgb2JqClsxNiAvWFlaIDQ3 LjUxOTk5OTkgIAo1NDMuOTE5OTk5ICAwXQplbmRvYmoKMzY4IDAgb2JqClsxNiAvWFlaIDQ3LjUx OTk5OTkgIAo1MTQuMTU5OTk5ICAwXQplbmRvYmoKMzY5IDAgb2JqCjw8Ci9UeXBlIC9Bbm5vdAov U3VidHlwZSAvTGluawovUmVjdCBbMzcwLjA3OTk5OSAgNzkxLjU5OTk5OSAgNDQ2Ljg3OTk5OSAg ODAyLjE1OTk5OSBdCi9Cb3JkZXIgWzAgMCAwXQovRGVzdCAvZmlsZSMzYSMyZiMyZiMyZnZhciMy ZnRtcCMyZkNHSXRlbXA1MDcyOS5kaXIjMmZkcmFmdCMyZGlldGYjMmRvYXV0aCMyZHYyLmh0bWwu aHRtbCMyM0NTUkYKPj4KZW5kb2JqCjM3MCAwIG9iago8PAovVHlwZSAvQW5ub3QKL1N1YnR5cGUg L0xpbmsKL1JlY3QgWzUyMi43MjAwMDAgIDUxMC4zMTk5OTkgIDU0My44NDAwMDAgIDUxNy45OTk5 OTkgXQovQm9yZGVyIFswIDAgMF0KL0Rlc3QgL2ZpbGUjM2EjMmYjMmYjMmZ2YXIjMmZ0bXAjMmZD R0l0ZW1wNTA3MjkuZGlyIzJmZHJhZnQjMmRpZXRmIzJkb2F1dGgjMmR2Mi5odG1sLmh0bWwjMjN0 b2MKPj4KZW5kb2JqCjM3MSAwIG9iago8PAovVHlwZSAvQW5ub3QKL1N1YnR5cGUgL0xpbmsKL1Jl Y3QgWzUyMi43MjAwMDAgIDk5LjQzOTk5OTkgIDU0My44NDAwMDAgIDEwNy4xMTk5OTkgXQovQm9y ZGVyIFswIDAgMF0KL0Rlc3QgL2ZpbGUjM2EjMmYjMmYjMmZ2YXIjMmZ0bXAjMmZDR0l0ZW1wNTA3 MjkuZGlyIzJmZHJhZnQjMmRpZXRmIzJkb2F1dGgjMmR2Mi5odG1sLmh0bWwjMjN0b2MKPj4KZW5k b2JqCjM2NCAwIG9iago8PAovVHlwZSAvUGFnZQovUGFyZW50IDIgMCBSCi9Db250ZW50cyAzNzIg MCBSCi9SZXNvdXJjZXMgMzc0IDAgUgovQW5ub3RzIDM3NSAwIFIKL01lZGlhQm94IFswIDAgNTk1 IDg0Ml0KPj4KZW5kb2JqCjM3NCAwIG9iago8PAovQ29sb3JTcGFjZSA8PAovUENTcCA0IDAgUgov Q1NwIC9EZXZpY2VSR0IKL0NTcGcgL0RldmljZUdyYXkKPj4KL0V4dEdTdGF0ZSA8PAovR1NhIDMg MCBSCj4+Ci9QYXR0ZXJuIDw8Cj4+Ci9Gb250IDw8Ci9GNiA2IDAgUgovRjEwIDEwIDAgUgovRjE1 MCAxNTAgMCBSCi9GOSA5IDAgUgo+PgovWE9iamVjdCA8PAo+Pgo+PgplbmRvYmoKMzc1IDAgb2Jq ClsgMzY5IDAgUiAzNzAgMCBSIDM3MSAwIFIgXQplbmRvYmoKMzcyIDAgb2JqCjw8Ci9MZW5ndGgg MzczIDAgUgovRmlsdGVyIC9GbGF0ZURlY29kZQo+PgpzdHJlYW0KeJztXUuP3LgRvvev0DmAxyKp JxAEsGftADkEMDxADoscAm+cYDFeZLKH/P2ope4eqb5mf1Q1pZam5cHuzHBaVLFerCpWFd//+es/ kn/9nrx//Pqf5Nvh++PXXfqQ5nX3L0mbr3f9AVs9OJvu/yWVcQ9F2Y5++7F7SV52X3Zfmv+/7EzR Pnj41vzx+Iq0/fr922+7993Ld93I18e/Nj/9L7HJX5r/fk1+/nsz+Mthvv0HfuyqumjgSFPjml+f +78al5ryoWh+bsZT+ev+w//e/e0PyW97wOxD1QJvOgD7v76zaZW7/ZPuKpBfXh89zL5Hlu/n/sSj 4CvyBr+Zy5K8qJLcJf/95+578/bXdzefq63Z/9X3c//dzh3elSVZWWYPWfNj2aDdZfkel2maN+NV +WDb8Qb/hWk/ZKwct+0v7fhpnmfP/HvSfO/BXLvDP+/PA5h7sDVz79mhg7n3ruqAQwnbcPx1La/z PHvmlzBHwrMHZh8MPrpMgefztP4xxFsQns/zho+XhjBPLEtlmplGltK4smRMkdadMhrIUjNubbvm 4frF+AlfvXmePfNHk6VmTpe37x3yZTOeVa3OBdj64/21HOd59swfTZaGePbA7IPBR5cp8Hye1j/E eAiez/OGj5eGMB+38xo2t3FykzWYKYqyaMyCxORHufmi22lN+9UHphvx7LQvFx78+LR7/7lITJo8 fU86CN513546qN81YFdl8vRL8sc9UH9Knn7d7Q2Lw4BtB8rXAdcOVK8DmfxEN8enp8P6p8F1aZsl rQ/XpbVmIlwrzbSXCw+2CzJ7Q/Lcikxa7LnHNUrhAM2nFprcvwBTyxV9lkjgc/wkkVDJR+Skxog5 rD2P2ezCpPCIhzotMfRYtQ17DrFaSgRUlE8kEs0HuZpHihHAu0Qiokgi0RTyEflaIKbJ5eI4ZX6a jpjZBUhLybrAywoUfpCgw1qMRJBiLR8ZXVAMgXLdW8yF5eLqKKMCqK5De/363u4Rk74+k8uRLJUj 7lFgzT7CNJx7KWIVsooqEeCw8i3A8J9iaJ6jPje1l02ocrYpXS+XAbX6vhYBZSUQAFsNIECSAgiO A1IXI4+AIuGCBJxISeU+yTkk8yLtAFK+BYQyb36Bunx/k+KN+AD9BWsB0EEyKT4CGAaYm2oZriG4 xMQRkDwTGuKwXV07rW1nzYQXct0WN892zXlmCgOX824MiycAUoADhBt0CogurJYDBko3k0YCUG68 5bEUOxNXKxcXoJZhtWCocK9qvF5CO8xmciv/KOVDYVPF8Pdgf/Co0B6l0BIFxSUHzOcIUncbJ9rH h3GUf2H1WgftVIXIgCVrJGGoGuI6BTb7AMMF3qJQMhywAG+OSkjAtgRhB/AXwBMF4YaNHAADLMMj fI9RaH9utstHcPkwB+Bjkq1+PTGmmBZnfYIMok7jZRsdLJiUx1BAlXHWDVBU6wl/vWl7ej1CFkEb ntlRgP1BQBRqWcHKNCQBvI3MTl2QGEbprSzMKUND12rushyq7pncA4lmCCgfAtVRNqYszY+zppRW IETc+aM2BVfuAR42j6dTRuQqQ2FzBrw2QhRTsZVxxybA9qUOBXpLPEbDHSx+zsEJxb020MsghUaA 7twYscx9clnUrVxmp8AnsD/AKnFmPYbbhTmsxxmCrbs3AFz2QQ7wwz8Pc/cWJxVmRieFR4wnFHQB UpOyOeAtDhYnEeQkggAOnBQ4FVQbUB98UjmphY0MHgG6AByAZIkxXD6lPoCOy5dkyED6gQsB67Ba uksb0NuwOJgDkCxBRwECmZOf4Pxh5QAw3bgjXKanilPyCNUxMQYAq1z6gdyodLgGgTk4c4O+pOwP xESNCiwjB1ClgMRIwIB1U7laeCSTwg7RdsUj82ihAMBApQBLAWBScq3cx5AudC0aSPnuIAGLQSgH UglyC0oYPgEDObNRHHAySGUVU9eV4TYZrBctDLodWNgOwPKjRgmqNjkpfwSweiN5QDhCuT2Kq5zb fEiHq7IGcDcAGeIBKO4aguPHT0HUx3MXVquIP/L8Lu4I8zOfgPADbLkcYwqPdJYsinkSsTQHWjRy jHDQWIJCCAPCsZNgXXHUwJM5F5t6O2Uk7VpVX2dDXa/ITA2IUHnOReLsU5mfnCBVlIumUaE09xyS dTAu+qZVKA3YzkOoeU58N1toBlsoCpJjpNjDGfmy7KlrdbAzQgnfQW5rnH0rz30codi3cHXgLAKL 8ISwCHloXEHcmTrktQ/A23x3jAAYHIhrUippLQhmpty0pHTLyQ8XoDj7RVoNlZ+GyxQWpyKTlUsd cFkoL8fZQEr/6iDayN06OFlTGNiTZOGuOE0bkiZiJtnmdXV8TYdVY0agRLMvr2YvU/iTy1UqNBS2 ea1kjvV4rVtWtoB0NVnZwRiLovuL/R/j7ew8gqmIx9+mrmF1VX4XULhVed5BlWdcn3Sr2GTb1Kyu QBxlbyvfe7cqT6LKtipPMWnPAX3tH9h1W07bXqfnfx50vQv4PO+JN/KlraDU+66E51q7td1TipND jOn98gQWs2ThjHb8KS4OdG/pO+Ydp9SU/WrJB72BTpQKyUsgSj3GgDxRTy0T7OgQZqz9y7UVLBc4 FJgaZqXvhTn6lvXszRo7HV3aY7LkYo/y33T8GnUjT/ahynImP5m3bqRY583RlpL7sQWryBzrCVYF lFnyLEZFroNHkKPY2mWW3ScL8eZYNCakCAoEhJF4KIrGlRTMHsCG492VpTQ+m6nDSIz8AaiB4LXe t8kfWFHvizUnSodK0NV50U7sBrOG98v86E0obDBFD9cA7c8bKgXsOjHi+566qdu7V6sJK6/pWOG6 vNaeFA5CTNnpZxEg8HwqJGgQ8AJSdunKdCj8WFYIBX+0rDAgMZSW4aOSpf0jIAKHNZMey3/MAJ5U wCfoZgelmr6d7MIcvJgTG2zEaGxRnGX1ZM64V5kPoRtzJhTQyQwUwLi2M94K5zZgXKVuSECF+xPn aoDKnELXoIqleGYBtzKA/ubTnrm3YZYrMzY/O4zRLkyqORji4R5FnQr35hU+4RYOHMtj84QD42mH SDrUufsk9xQqJevw0TvKO3P1j7xBCAlOs2yhySK6lePdqACJUJAbTodoz7yA+BYYTeOjJlEik4qE 6Umi/7zQbXwM9YyZyTEEMWTaN0Zzl9AkkQlOGH4VnMehiaSps6O1G5BZpGhUynemQmquAJ6BPkG8 lA0ngagJfuTOjZcpdrOAOgxQxDyeHUBuRXYEDWdCFzSMcSg0IFKGc5ni7FbR6IF7riDN6CGjOQMj MK+zchr0kcPd6EiqszgZuWrf+1pInBtCcqPzxYlMVKQ6slOAoavICN0832VuHqg8OUJiEFfRSoEn +/MEvkmaFU2Ts3NUiqU3QX5j91n2BGtrQQiFQznJFb/3JbxbduUEUnab7MqJzJuAfDpgu8eYurp2 4TwSIS1jpgZ2ETIdZ7+Q/VqdX1pBUMUl5iCO42+uwsZFkDUXoRuG4qaWgIyY8ZV22FKE86KiyyuN snJCKbqHKbqPBpQA0jIXpJwitD9hODyO5q3TU9QVck/4He6KSL2i4Hm8XaXQzW/QWrlWlVel4JAY nsWWPhKJulOXaYz31VCDcCWraGr59uolIqly67y0G2/fB5xsQICHIkDRoVfDIfeelh3lbKHLhqzd SftzByj08DsSv+fOi5LbpUdyPTphacIK89utMUNiRrwi7jY50DYXK1pRsRWCCm4z9woiOHD66yNG 5TPF8D2miZ1nWSXE4kad0+7Kkr5V5DBmMkBdiBvarvOkaG4m71ShadnE2wrzkkeFXcgPQseXkQec R4FJQNs1hqSILdzric3/Xe1RXZdHygCnju9Hp2F/XhTLA7rbkV185X6rhigL8Ua3/r6EUIoyJIWZ urBeFdfq3NwNle6KOl7oO83G2KjKBlXh0g3HRlN0dB1XRXv5ouAyzYshFiuJ1h6xbnox8gXA4FZw B/dTQw9FgBTiGUA7KGmHwvkiJmVKE0yZDHZmsGXm6RxAr4Ge5Jp4X8DvwsA8F7iv/zrqMSiEq9Uz zoXjGyc4WO14BAHWEYVgIEnGRcAkOzjJpzCQydciCulqM7k/ZJTHYA54rQWpjKraqvBNZz0DFlgm Xoj8AvsDdR2o2Hg3H5bG2eH6rwpbva3qE153irDGSGimp/UavxTYjK+FBxAUiUgLMbpXdDikqand knkIby+3fCOvqqFiDjjI4Fid8PLD0mSlF9TxOiRKShSN9AY0exivlwPyfWjyTkCjxht19lGQgaty vnGNz3/SXPOtUCGzaOFb9QtWNGkB8YCII7cO+J06Hv96zFsC+klEvBr5WhVr6qGODbjXmSa3h3SQ jSAimv7x45NZ42RzHray4rTrTtIcbpYD9xi78GZ0TrBjLORodPbitksVj57I3SjlFSXjKkbaRjzz 9+qr3cuhOtO06uY54dSsnCnDaIoma1HuS3m7N7yV9uSgznPDW8AcQGTQfNg9ppOL4sIAv/INuL7j gzu8e620p05Ei717bZ4qdFzt+NtAAzxsEBuF9lRUdtGbPEO6nClqtKnTFZDBxydVbFrUC53m3l4N lrn3i0lsYJTx6JAinWohKXu3KiCbhEWCC6GutTiLfKj/l54HHSVeYC80WVpP8acisnsj9T6NRCxl A9hyy0dq2fsLoHDmjXP3S6QoRC6U5CwG/pu+XHmibuCH7SxuQzC+OlpwhfLL1WiEXgbL7mer0PEB hWzjNTY/aOVVBwFH00txC7bCnev1TJZXTNHM0lfmRkbgcpl7AU1TXoPVeX34B9wl/xYQ+fZP1rJq 4W0F0NZ1O3Os64bW9oedt5aE6KGoo10h0dyj/0c5R3V+V+mRKhefOGR79x4p2COmJ8zNV/LSYMwU 7dIP37790IaQvyRfdv8HVZhnrmVuZHN0cmVhbQplbmRvYmoKMzczIDAgb2JqCjM2ODUKZW5kb2Jq CjM3NyAwIG9iagpbMTcgL1hZWiA0Ny41MTk5OTk5ICAKMTM5Ljc1OTk5OSAgMF0KZW5kb2JqCjM3 OCAwIG9iagpbMTcgL1hZWiA0Ny41MTk5OTk5ICAKMTY5LjUxOTk5OSAgMF0KZW5kb2JqCjM3OSAw IG9iago8PAovVHlwZSAvQW5ub3QKL1N1YnR5cGUgL0xpbmsKL1JlY3QgWzIzNS42ODAwMDAgIDcz NC45NTk5OTkgIDI4Ny41MTk5OTkgIDc0NS41MTk5OTkgXQovQm9yZGVyIFswIDAgMF0KL0Rlc3Qg L2ZpbGUjM2EjMmYjMmYjMmZ2YXIjMmZ0bXAjMmZDR0l0ZW1wNTA3MjkuZGlyIzJmZHJhZnQjMmRp ZXRmIzJkb2F1dGgjMmR2Mi5odG1sLmh0bWwjMjNVU0FTQ0lJCj4+CmVuZG9iagozODAgMCBvYmoK PDwKL1R5cGUgL0Fubm90Ci9TdWJ0eXBlIC9MaW5rCi9SZWN0IFsyODcuNTE5OTk5ICA0MjYuNzk5 OTk5ICAzMzkuMzU5OTk5ICA0MzcuMzU5OTk5IF0KL0JvcmRlciBbMCAwIDBdCi9EZXN0IC9maWxl IzNhIzJmIzJmIzJmdmFyIzJmdG1wIzJmQ0dJdGVtcDUwNzI5LmRpciMyZmRyYWZ0IzJkaWV0ZiMy ZG9hdXRoIzJkdjIuaHRtbC5odG1sIzIzVVNBU0NJSQo+PgplbmRvYmoKMzgxIDAgb2JqCjw8Ci9U eXBlIC9Bbm5vdAovU3VidHlwZSAvTGluawovUmVjdCBbNTIyLjcyMDAwMCAgMTM1LjkxOTk5OSAg NTQzLjg0MDAwMCAgMTQzLjU5OTk5OSBdCi9Cb3JkZXIgWzAgMCAwXQovRGVzdCAvZmlsZSMzYSMy ZiMyZiMyZnZhciMyZnRtcCMyZkNHSXRlbXA1MDcyOS5kaXIjMmZkcmFmdCMyZGlldGYjMmRvYXV0 aCMyZHYyLmh0bWwuaHRtbCMyM3RvYwo+PgplbmRvYmoKMzgyIDAgb2JqCjw8Ci9UeXBlIC9Bbm5v dAovU3VidHlwZSAvTGluawovUmVjdCBbMzI4LjgwMDAwMCAgOTEuNzU5OTk5OSAgNDk3Ljc1OTk5 OSAgMTAyLjMxOTk5OSBdCi9Cb3JkZXIgWzAgMCAwXQovRGVzdCAvZmlsZSMzYSMyZiMyZiMyZnZh ciMyZnRtcCMyZkNHSXRlbXA1MDcyOS5kaXIjMmZkcmFmdCMyZGlldGYjMmRvYXV0aCMyZHYyLmh0 bWwuaHRtbCMyM1czQy5SRUMjMmRodG1sNDAxIzJkMTk5OTEyMjQKPj4KZW5kb2JqCjM3NiAwIG9i ago8PAovVHlwZSAvUGFnZQovUGFyZW50IDIgMCBSCi9Db250ZW50cyAzODMgMCBSCi9SZXNvdXJj ZXMgMzg1IDAgUgovQW5ub3RzIDM4NiAwIFIKL01lZGlhQm94IFswIDAgNTk1IDg0Ml0KPj4KZW5k b2JqCjM4NSAwIG9iago8PAovQ29sb3JTcGFjZSA8PAovUENTcCA0IDAgUgovQ1NwIC9EZXZpY2VS R0IKL0NTcGcgL0RldmljZUdyYXkKPj4KL0V4dEdTdGF0ZSA8PAovR1NhIDMgMCBSCj4+Ci9QYXR0 ZXJuIDw8Cj4+Ci9Gb250IDw8Ci9GNiA2IDAgUgovRjEwIDEwIDAgUgovRjE1MCAxNTAgMCBSCi9G OSA5IDAgUgovRjI0NCAyNDQgMCBSCj4+Ci9YT2JqZWN0IDw8Cj4+Cj4+CmVuZG9iagozODYgMCBv YmoKWyAzNzkgMCBSIDM4MCAwIFIgMzgxIDAgUiAzODIgMCBSIF0KZW5kb2JqCjM4MyAwIG9iago8 PAovTGVuZ3RoIDM4NCAwIFIKL0ZpbHRlciAvRmxhdGVEZWNvZGUKPj4Kc3RyZWFtCnic7V1Ljxu5 Eb7rV/Q5gMdNsp9AsIA9tgPkEMDwADkscgi88QYLe5HJHvL30+puSa36xP7YVPVDM5rB7ki0RBaL xXpX9du/fPln8usfydvHL/9JvvZ/H7/s0oc0r7ufJG1+3wwHbPXgbLr/SSrjHoqyHf36Y/ecPO8+ 7z43/3/emaL9Yv+n+cfDEmn7+8fX33dvu8V33ciXx781r/6X2OSvzX+/JT//oxn8pZ9v/4Efu6ou GjjS1Ljm7ffhW+NSUz4UzetmPJVv9x/+9+7vf0p+3wNmH6oWeNMBOHz7xlqT5/mDTd1VID+fvtrP vkeW7/Vw4knwFXliqrQuk7wsElcl//3X7luz+mntInV1842i8r4eru1cv1aWGJOmVYvbBu0uy/e4 TNN8P25b0PeIrQqTPWTNayvHbdmA2I8f5vnumX9/NN8GMNeu//G+PoP5DDbnukP/IdbKihZOgG04 PtzLYZ7vnvklzEp49sDsg8F3LnPg+fJZ/xDjIXi+TBs+WjqH+cCCariQ0+5N1mCmaq5Ow8oSkx/u zec47mDa3yEw3YiHOzyPfPH90+7tpyIxafL0LekgeNP9eeqgftOAXZvk6Zfkz3ugfkqeftvtmWE/ YNuB8jTg2oHqNJDJT3RzfHwa8o1p7O555IvthsyeIV/aUW6bN6Wzhw3Z92JDpttQJuEfDFTtQC5x UFEcDOb4KOeQXzGVRNsHOWkpB+Sk5kPg4WT+VUz3ifo0YOhuYXNyFVOzOXCVT5LyOMZmOblHuaxE Msc6QBoAOiUY95HSB8cYIIjSBz9sOLmtXLFlMIa7lRSECCrlAKUPXCXioCjGkPgpl4KL7NtLKw+u YOylO+fsiIAIouI445MCzozKfjtB5govVQGJdLszAxYKhMcZE3xFnq8FBMzCQ2DZVEIKeJe3CicF sRQht2EOEFx8DpAgQGUwKb13sJesw5hJTzjMJFKldmTNIqwbaBkYM1+FExkcPyWhWc4B7xhlQ0js EZyLXqkImYI8Zk6t7FoWatw5D0VVjrKMAMWVawiFnOOR4gyYm2Q7nA/FcO7Qo9IRbrkJpkRUmeDo qGWjgSHznol/vJlwliio4QLAQVAGEHMR4b7Pwe0j1HDcHL0xKFOBHpB3wWFy7q7AD3CVjRhMW9dt ruQ6WWHO2U6MhoRoldQ8j049iTMPMPTQhVXSNkCQHV8LV5znUyHuuYAFumPJiTQoinN8wSGMDBjg ZEBTUgjDKilQP0wKy6YSMMnrLczhcTlMGYA5LHyCiikLXNkjg8YsXQ8jG0EQHgOcLWhLctL+E+s4 mJ0pBLUquGouaATUNHEqmljR7abOg0UxDni2dyVkJm1By4yfN8sbnOWSn1/g8GDy0mn7Sz2YJH1H BXYhlU9uFk4XE6gEcy1AAuY+iAErP4Eo8wjFK0/cuer8xBF4Peocs9e4KknjGwFcgUJ6gSvMoRdu 1vjS4XAm6/hIQ1zBkMzha8xKOemSAYxrkVh1SMzdYVoj17ndCA53k2/Y107DAipYjrADqa99u66U AC84d65yXyMYjjxqzn08nmjUGIEsyQ+V+FBRbZ6IAM8xWKTs7iWR6g1xiBCBwBVPLiGjo89jk/IQ Ps1wCSA7jSCwqu5SOS9oCpkDAQovjwOqmFE2N+f7DfAuoIav4sTgSsE7lRPuVfz6qOIDv4JbsZUQ NEUR2A1zRjF1rto+8NpPq2AmrBS1jbEKYBXOaTabGzFdoY+JL27FBIwQo1s5qGWSWKJ9Ykosxfp5 +0rxtlD+oCPOTwiI0mgp5c0rmvPM+ch1lvxqFJqzZKRr2rR5fqTwRXxrL7oAIcb6eF38fJ2kxDmv 4XXcfLPealU2XDofaAF5/PAVSIeg+VSIROp70QikoMCYnvnFbwwCJjcHaWwIh6rSVKmKlDuDXINB hiYQzWyXrsUOuP4AGUUwBy/IokJHIzSnUxjU3+0i9WrUL/te6iVnXJuuktbiIG7NMh0NX2zepizM 1jI6UM3gxDqrAlC4l5CvEZFaoHcQY/iYfs9WotSAcB23B3KJU6pVcNN+ljjia4l3FdnRJbiIsor2 zXaShXt+V6jyu9elWK1UpkodQJx3B4R7I1I8ItxMEVEkDjoIWWDEVHQFFGVFCFkuU+EoeYFZNGkr cZDyyFMhoYPr2YCRiHpSSof81kWQv++4rw1e1dk5VgMOfJnMeZwVbiLXEXhjF66rzVgLuEFdXlX/ qZ13HQAtoviXJxcGCHOgCOkCRq1qevISNxo4YCi8oBDPU22kw3nL9O6sDhSjm9HdIhxNICJpkDlA M6Pyjl/DGM0s+sZMYu48iWp6UjC2E9GAdJ5mIQf+YF0wQSzU+Q10Jt7YQuO4PXnzV6tqEs1bEaoB d1WuEsHdeE0jb8qzUve0kPJxHvLix80Z4PRKgkW7oyhxIres301Jae7q6ctj44Ksm7YeOc7p9UgL dbK8rqXYbbVHMXV9fnDQEANvOwx4KqnW6aFhndjRLVd+Zd1pGHMagaYT0GMBTRzommXlJCl0t+Cz rFT8p9SvyQmOFeBfiyCT6b7RmN5rPLkWbBaePTC9DYVKwwgu9XSqiXqJVdnDxeqmNfZ0S6QvHJs4 QVbSO4kBiJZSDDhAK3CFCFAdGGUSVCuJxgJjmQVUXBda4iCs0gaDvjo6ek3Xwaisy3AWPr1HTEw9 Ac9B4O4kEIOrhUe6u1iZw11EaWTgfKV4wr5BMMkFsQcNi8AcVOjGhGwQpF5AVgEIV+A1ES3YgdJm cTttty1UBqTHhRqNmQZ4d3hkjnsduMSeJdF0erNgFbe0x35UYj22DMbZQi34InDkS3i62jNRChzx XNRlCnzpEyUC1NyIel4NNXelbuFUswhIAOD92Xi6o0KH+Zg0Q27TcOuLVgBEZKasFaifQ53VaDSj auNVmfUBH1AfrBFC9GRqqjPqfr/5gVHfvbA35YU9HZyiF3agp0JmB+2G3OepjZgDCAcorgBYdC/s lboyu/z8dO4e5btH+UKneWfFJd64R1lJ2pzKvl+jG3rsqt09yhLUu0e58yhXp+L5RTzKAVrsJ0We UJ/KVl+WJ1fnoS7TeVyAqU8flIqZTsu0iH7lzm8s9YDDBZ16un6JJxUBGPfbcnq4YfdpgH8RTipU 5VHiq6eq9OvM4ysgcUZAMocAi6kpXscHvVAkZxml9+6UJpDOwjI3HmGbpMncub0it3f+bPmFuf0J klkiBrO6w+tjJ4O7O/ym3OGng1vGHc6fSdgf3EqJzaU5x8rtuaGvbYqVleJCz+PMjmk+oCLnNHIi FPTAGC8HOtTkV5BzAs4i+mYoFAVh1gh00uRKLXAXcEpqpkrWRea9wDz7IIJmuLV1DzQtFWiyXT7W iQa2Hmi6ly54V9EIxNwDQPEBICV2XNaHhRYNI9V15qU93qjWc59VUFI15OLVHdZ7tDKXA7weeKxC /tbsrOr8qCDdB+PT9MH2PQbXKv4UO7o9G2nM20jznTVagAU40jUeeMX9cWs5vbI232t4LVZ6SNir ajN0203DeqFn88O0Gm2meKFRhNIuV5nlybERpxtguEsqCwgL8UaTszQAvKFonAr957Yl/+MT3C1Q aoTLO4L8ec8gnsEREHvWKL14Vcx9rR5yEaUZEU+jp0w3wA+iQVLTUyLQYwN5VdMzjWJSACDRirbl ilBTN1aHdS3PbbjtGdPlMYiAFrK0zb4GzkxHdqMuWzlgVBJUe0FVHGNoG3m8l5vke/Fa9MU+cFqZ UzU7XEU4rHeXxd/YQC4HIPghI6ngKoRPAGAOBiRZ9U6isc2BP8PT82JwVHLSvkhK6WRONdT0ZDIa 0sYEFeqdCS61GvNgAuiShnBZ8FnDsqHuvJEBlCKwW0//v5HtB7i95RwWloW9gJsY8EEhRTiAHOSk uCxFoZNKRQaQzpKcQVGIhx1RzSgHYkokgWDoycGkEK9QdMSO4BTo1MFFHjxA5cj6zhzPl1+fuXoD Ps8dwRMXbblxnZj8ope4ddbY9CAl4RZAQhqcGH4CUMfLTTz1J4OQOXIB/sRGuNK8RMNIHe9RDBgp 8n3K9khkz1Zyd6gFQQFOKQfodocpmIvHHzr10qo+GW2trOyAqhxwyExPjgwoINpIR+6VkrH4sgHH wL3v043ngHbcEX2h756B873cjk2/2cCqjwldm4LRxXwGzF7vEa0qXg6bKVWL3VZWQ1mKzYPxBWYR Nb4CHgw9i+kN5ghX/8ChQQcwAgKf4PWnIII9F3dkDm7yAoICTF5qwA0dPMv3lsmMoFaF6pGoCiod nmgc2U5wvrIOC/TnSQdk/W8kizZGWeMVDIs8XoSn02GmH/aDgGdSQp4p8BadROusEkS0ZBaTSrjk FuwqhWYXGHGFEg5JM7y6Ey0eOem0qM1oLm9l66M7CiiEsxmKMmwJw1E20+PjO73ZpYdQyJYShKnT bpYa0qWKZ5DmFylqCPac3KC14aw5p2Y0BEA4edqBTtG3fUrgzAYJxEfiFfB19O2syMVx6ZVjVO74 eLsY/ctdQMtDXvc/iCDxbwEhFP9k7e4Kb+Hx/l2ZmSMv6hhNcSILKMqDhv79fsc+0jOBITsuJSeR A9llf0nsVl1bPzB4HMAL3motnESw1awHEoTB6D4KqVag4HKXZ5m6M5tl47d8YIZeLr6NxV3W3ojB /Aa0glog86DDD5Ap80z7jMdBCzuIfuXKiMpdOiuicicPIhdbgopAPgBzgD8bBgC1w8vU/CbPzW5N 0YLd//n6I1Y6fU4+7/4PrZimQGVuZHN0cmVhbQplbmRvYmoKMzg0IDAgb2JqCjM1NjEKZW5kb2Jq CjM4OCAwIG9iagpbMTggL1hZWiA0Ny41MTk5OTk5ICAKMTI4LjIzOTk5OSAgMF0KZW5kb2JqCjM4 OSAwIG9iagpbMTggL1hZWiA0Ny41MTk5OTk5ICAKNDI1LjgzOTk5OSAgMF0KZW5kb2JqCjM5MCAw IG9iagpbMTggL1hZWiA0Ny41MTk5OTk5ICAKMzk2LjA3OTk5OSAgMF0KZW5kb2JqCjM5MSAwIG9i agpbMTggL1hZWiA0Ny41MTk5OTk5ICAKOTguNDc5OTk5OSAgMF0KZW5kb2JqCjM5MiAwIG9iago8 PAovVHlwZSAvQW5ub3QKL1N1YnR5cGUgL0xpbmsKL1JlY3QgWzIyNy4wMzk5OTkgIDc2OC41NTk5 OTkgIDMwMCAgNzc5LjExOTk5OSBdCi9Cb3JkZXIgWzAgMCAwXQovRGVzdCAvZmlsZSMzYSMyZiMy ZiMyZnZhciMyZnRtcCMyZkNHSXRlbXA1MDcyOS5kaXIjMmZkcmFmdCMyZGlldGYjMmRvYXV0aCMy ZHYyLmh0bWwuaHRtbCMyM2NvZGUjMmRhdXRoeiMyZHJlcQo+PgplbmRvYmoKMzkzIDAgb2JqCjw8 Ci9UeXBlIC9Bbm5vdAovU3VidHlwZSAvTGluawovUmVjdCBbMTMwLjA3OTk5OSAgNzIzLjQzOTk5 OSAgMjAzLjAzOTk5OSAgNzMzLjk5OTk5OSBdCi9Cb3JkZXIgWzAgMCAwXQovRGVzdCAvZmlsZSMz YSMyZiMyZiMyZnZhciMyZnRtcCMyZkNHSXRlbXA1MDcyOS5kaXIjMmZkcmFmdCMyZGlldGYjMmRv YXV0aCMyZHYyLmh0bWwuaHRtbCMyM3Rva2VuIzJkZW5kcG9pbnQjMmRhdXRoCj4+CmVuZG9iagoz OTQgMCBvYmoKPDwKL1R5cGUgL0Fubm90Ci9TdWJ0eXBlIC9MaW5rCi9SZWN0IFsxMjguMTU5OTk5 ICA0MzcuMzU5OTk5ICAyMDEuMTIwMDAwICA0NDcuOTE5OTk5IF0KL0JvcmRlciBbMCAwIDBdCi9E ZXN0IC9maWxlIzNhIzJmIzJmIzJmdmFyIzJmdG1wIzJmQ0dJdGVtcDUwNzI5LmRpciMyZmRyYWZ0 IzJkaWV0ZiMyZG9hdXRoIzJkdjIuaHRtbC5odG1sIzIzY29kZSMyZGF1dGh6IzJkcmVxCj4+CmVu ZG9iagozOTUgMCBvYmoKPDwKL1R5cGUgL0Fubm90Ci9TdWJ0eXBlIC9MaW5rCi9SZWN0IFs1MjIu NzIwMDAwICAzOTIuMjM5OTk5ICA1NDMuODQwMDAwICAzOTkuOTE5OTk5IF0KL0JvcmRlciBbMCAw IDBdCi9EZXN0IC9maWxlIzNhIzJmIzJmIzJmdmFyIzJmdG1wIzJmQ0dJdGVtcDUwNzI5LmRpciMy ZmRyYWZ0IzJkaWV0ZiMyZG9hdXRoIzJkdjIuaHRtbC5odG1sIzIzdG9jCj4+CmVuZG9iagozOTYg MCBvYmoKPDwKL1R5cGUgL0Fubm90Ci9TdWJ0eXBlIC9MaW5rCi9SZWN0IFszMDcuNjgwMDAwICAz NDguMDc5OTk5ICAzNzAuMDc5OTk5ICAzNTguNjM5OTk5IF0KL0JvcmRlciBbMCAwIDBdCi9EZXN0 IC9maWxlIzNhIzJmIzJmIzJmdmFyIzJmdG1wIzJmQ0dJdGVtcDUwNzI5LmRpciMyZmRyYWZ0IzJk aWV0ZiMyZG9hdXRoIzJkdjIuaHRtbC5odG1sIzIzdG9rZW4jMmRyZXNwb25zZQo+PgplbmRvYmoK Mzk3IDAgb2JqCjw8Ci9UeXBlIC9Bbm5vdAovU3VidHlwZSAvTGluawovUmVjdCBbMTMwLjA3OTk5 OSAgMzI1LjAzOTk5OSAgMTkyLjQ3OTk5OSAgMzM1LjU5OTk5OSBdCi9Cb3JkZXIgWzAgMCAwXQov RGVzdCAvZmlsZSMzYSMyZiMyZiMyZnZhciMyZnRtcCMyZkNHSXRlbXA1MDcyOS5kaXIjMmZkcmFm dCMyZGlldGYjMmRvYXV0aCMyZHYyLmh0bWwuaHRtbCMyM3Rva2VuIzJkZXJyb3JzCj4+CmVuZG9i agozOTggMCBvYmoKPDwKL1R5cGUgL0Fubm90Ci9TdWJ0eXBlIC9MaW5rCi9SZWN0IFs1MjIuNzIw MDAwICA5NC42Mzk5OTk5ICA1NDMuODQwMDAwICAxMDIuMzE5OTk5IF0KL0JvcmRlciBbMCAwIDBd Ci9EZXN0IC9maWxlIzNhIzJmIzJmIzJmdmFyIzJmdG1wIzJmQ0dJdGVtcDUwNzI5LmRpciMyZmRy YWZ0IzJkaWV0ZiMyZG9hdXRoIzJkdjIuaHRtbC5odG1sIzIzdG9jCj4+CmVuZG9iagozODcgMCBv YmoKPDwKL1R5cGUgL1BhZ2UKL1BhcmVudCAyIDAgUgovQ29udGVudHMgMzk5IDAgUgovUmVzb3Vy Y2VzIDQwMSAwIFIKL0Fubm90cyA0MDIgMCBSCi9NZWRpYUJveCBbMCAwIDU5NSA4NDJdCj4+CmVu ZG9iago0MDEgMCBvYmoKPDwKL0NvbG9yU3BhY2UgPDwKL1BDU3AgNCAwIFIKL0NTcCAvRGV2aWNl UkdCCi9DU3BnIC9EZXZpY2VHcmF5Cj4+Ci9FeHRHU3RhdGUgPDwKL0dTYSAzIDAgUgo+PgovUGF0 dGVybiA8PAo+PgovRm9udCA8PAovRjYgNiAwIFIKL0YxMCAxMCAwIFIKL0YxNTAgMTUwIDAgUgov RjkgOSAwIFIKPj4KL1hPYmplY3QgPDwKPj4KPj4KZW5kb2JqCjQwMiAwIG9iagpbIDM5MiAwIFIg MzkzIDAgUiAzOTQgMCBSIDM5NSAwIFIgMzk2IDAgUiAzOTcgMCBSIDM5OCAwIFIgXQplbmRvYmoK Mzk5IDAgb2JqCjw8Ci9MZW5ndGggNDAwIDAgUgovRmlsdGVyIC9GbGF0ZURlY29kZQo+PgpzdHJl YW0KeJztXUtv5LgRvvev0HmB6REfoiggCDD2eALkEMAYAzkscgi8mSwW9iLOHvL3o2dLqk9UUWxK rbbbxu602RJZrHeRxeLnv3z/Z/LvP5LP99//kzy3/95/P6THNCuanyQtfz8NG6Q9KplWP4kV6mjy uvX59fCWvB0eD4/l/98OwtQvtv+UX3ZDpPXvH8+/Hz43gx+alu/3fys//S+RyV/L/35Lfv5H2fhL 21/1wOvBFqaEI02FKv98Gf4pZKHToy0/l+0p/bN6+NfD339Kfq8Ak9UX1WsNgMM/P0mls7xqUWeB /Na/2vZeIcv1edjxIvhMlgibCZ1oWz5YouG//zr8KIfvBzepKqTIjHV+Hg6uVDuYTkzefBYV3stB yzfKn6xsbz6LmgBG6KMu/5C0XeZH2baf+nlx9F/R5scA5kK1P87PI5iHsGW2BqeGeThWLmpwALZR +2Aup35eHP1TmCPh2QGzCwYXXdbA8zStX8ftXnie5g0XL41hXlmYilTYROWmFCsbUZiEMEVRT3os TELkJURpo6YGCCDtJ4QN+nlx9B9NmEoYpG5U6Ot4rFzlNXUobKP24Vy6fl4c/UcTpjGeHTC7YHDR ZQ08T9P6lbT74HmaN1y8NIa5M+gFmLdlgqN1JS9GlY5BIrJObh7DbK2of4fANC0OW/s28+Ld0+Hz t1KW0+TpR9JA8Kn556mB+lMJdq6Tp1+SP1VA/Tl5+u1QuRZtg6wb8r5B1Q22b9D0iaaPh6d2/uvg upCZuEJcF9LIlXAd6Ki9zbxYT6icTulVTcxIpKbiHqVsC43UBF75jTTorG4Qad+S0hZ5R/DCdyvv aSfpl7pFU9Rpirqcot+y6B/0cU+fyGmDrRuymVG+0oYH+so3ghCRUtABDhiW9gHDCsHNVnylw0If xXIUwmzpKzgsdEonJwFB0ClACrOVLKQw/WYUoWamy/PDjevGdLAs+SnoPPlxtl96RRquEU2jEDPl z9zAh4CyAAGhdNA5fQI4xkH+MxHSmQizQxMhBWsiQARAJ8STb2rDj83qUlqHdvr0mdh1x1M+tt5j gIa4mYu6ZRwypi5oBEFnLw2riNg+BPRBhUg5NNPMKC0cl/GklBAEkaAF79gJgAQDItE8AS8C+/Ka E0BtGooZQECl85JH7QQoPZFTxUl1HO+d8F4BD9hQnMM5QtuccMTNcZhyHCLZJ6uds6FYVQ8sEoGt gN9hviypeJnxYG/aB3oOPDFB+e5XiFSWjanrYfIB76B4HNM7F9ZCEE4MEHjed6TzRVcZEMDqVQ9+ p8PqZi5C9C3g5Kmv1I5AxA4iwDKnBy/yYgTcyqovFDQezVEikkxWXKVFt+gEnvOaLu3M0gFOF3g3 AO0s6OKewgF+VQDH8KqZXzkBNQN02YRRPfgS8MF7BO+IpdbxbsEwQx+80uVXtC6EMd7J4OeyCWvz lFMpHcWX+c/V48qMFTnPdjgbWCaFyBqwGuDcAUYChP0hou2TuQtlIeHPJs7AKgupUUKbgNVJftWB xyHwshLkCQ/X/nqNzkru8jULBE8qMNRAGX5ykZd3z1gPKtIVlNm+1nLmiLnNJpDvKkwcw6Q7W35b uYGdBVmMURQ1Gs5PPJJRLAbEMmBFoVN+IR7CULQrdJh3bfAmnAZAIqB5+TJUFAxBoA7qDeIMwCG8 whovQCo48wjpA/UZ0EWgDYLuo67jVsZYMYftHjb+CcAhIEjRFSX0w/ggklchMH12tw/Jz0ouH/55 rLiy7MBLsktwz83OSMVY/XvsoUYQ/6jBrM2ctppfVOKNDJCGcrfHxjSbWoKvgPpj3T0P3c4vsYJe BlmmUaZSS2jpTJwwtXeTlU7OSKsMMAKaKZsGftBAtazkOwX+B6aipMIlI2hI2WG/cJBiA50+gK5o hoeCpJBFvjtHO639aUfnC1gVNH0JCAH5TDAK9AGUQemmnfKvAFYxwwf0H6RiAacCPkB26SgIBxgi YN1Fepijf+YvuymABtlIIHcsy7gSmEDvzhACh4U+gDJUuj0YE+YCbAfsD/QHFMIoDkdkwDIUdAEo BMBg+jAsi2QF6oDOVgFzO1Yq5iSGTk6DXALlIGcSMMY+ETAXTeFQlHIt6JEElZ5tmeMhYAgWzSBC HvaQXe0B86fAYgJgQG5WLlEvg8Zk9bKHoK6idCih0Og4HMYlDUgXeILVyiAxrpTLOTPNWkNAkIc1 pE+4UnXjiKFJ/cVQ8bYOFDUrZJgSDE8sFzLF+jrvydQDCqNwGcQxEToFumBwxKo2UCkohgA6JSUC BjgFA0obNB1W0WHhCZitBiPMeu3QBwwrgaWiKgyxIDiGJYerP4cwp2NAYQAhIHpkA04N4TMbxcAr 4NmBdxjwCiDZwwdZ7oJ5AAYOxWUC3xBIfUPjuIRqFUaUdU9junXP27Fdgva97p3HyVkZLrj6HMsS eCxLyJK3rLFF8tp9LtKjSHVV46KoP5Qmp2oVZYNtPz2XkJujLTKt0tOXZvyyafutn60/5/UbyfhV m3f9lp+qZ4eDVl+2AHYvn+B9Pvx6uPtpteP7qt4OMYX/adVVEsT2sud8zdlQMdSE70bWolTfd5Tn vg1bBmxsedAlAm09Tkbxm4U7OQaCcsuLWPBBgHOPKDZqOk+tC0W30wPcXK7+9MDaaa3xcvZvBtY5 /Y+Qf3++o56L3lHP5ZSjnsvOUa8+EUe9+dKMXzZtv52jnospR71s7foV4KjXX7YAjhz1pt8NHPVc qncgSHxwfr1ZqwH1Ym6xzkVU8fIjvHupSBJPzyrd61mVTelZZTp9WH6ierb+0oxfNm2/Jz1blQ1F PavkqV8Jerb6sgVKjvRs3e8WevZUz5DncA9Pe/n6x63Uy1J5XqUy4RWf9EYkAyl3y3Q78UtWKvOS qWysY25LZoHeTaRllb5WY4wyFpuIGZ9yj5um/NkP4MO9uKrbFOhhZSpkyQzIwK6Qfqj6kSrPxjK4 zWY/ZmVA7o+ZRGnicrKjuqFa50QzBZ/CjWzeL3PSL17EY7I+4jFmKuIxpxUgk0PEU39pxi+btt9T xGPUVMRj1KlfBRFP9WULlBpFPHW/W0Q8psu1Ctn4Z1VpFK23fINmNx7txw6jAtZaQooSsl5CxNqP EVSRTXtVZMWUKrKnRRIrQRXVX5rxy6bt96SKcjulinLb9Vt+oqqo+lKmo5dP8G6jivr6l7tdfNlS FV2hVyeVJpS8+mzcC1UFVylBJB8J7rYqeEjVTJgdv9nJHxxfcVvn7JrfVHA+ktrI0uKmNiJaUpte oZa43R0Qy3FYNCyfQhS8GHxuWXSTjZn5Y0Vkuymu9BGvIzi7hl29jmdFd3RlzdsHtvdWZK7H09uv 3t1tJHm9FzjEKJ11FVcv9LeXDj3c6c8j587jed71WzhoLbFFdSfqlMDWFcTtqYIYVn+id2aifw1P sH0g1aGhGWVwUAxPQfLlHRyVy+bYr+El8DX7BkGrTrn4cabYX1szYjA7HnbJQ0afwOkuPDgXNQRp Dm0WwnQTusytI65KGnMeB++kBFQVBX7ma5dej2u4k/X9dZypvUQbvnmhW0vUu46+LlV1fJWkweUu 3Uq1vdsyrL11WFNNR6k+UCixrWqPobkAMFgFjCEyAddF8Yv4/M3bPHcHXOWwDSk/wMJJbI2htSFi 6Igyzh0n0+NxLuW37sS123H6bquYtdOGXFHq+SrFGxwl89QMLQMUQEDO9BpHry6VMHTzqJfy6YU8 an5xEmbLl7HnV5HjWKWc03UebgiPM2gIkO3lfprHXQA8mgMWgmIaIdO5CzfPDdacRTZGUcx7nAp7 KhHZoATWR5dIxEbXNnmoRNgDW2PVEj0GGDZGKLeJvMe8laMoe+vGWX6zw6Y3WcwAhkXWoRItOBGO 61EGnS7aFufQrK03mm912blR9lqXXcO1NXpxp5rGujgX9oYJ1OUUDrz6BKQOKvOCKLNXPQBL6W8x Zcr4qy6Pyy9YNCPO2K3NAMnFyISv3c1fSgLDgmGCuQAx2duSXOmnkcid+6tQMDt8TX0ow493GYCm WgXvrOry5tQ4eBepP96zNObA0l++PUBjDQ8ex2Ur76NepQ38RQwxLh2DyQFrwhPgM0FdfeRV8DLY MtlwAwBewwM2gpVddAjBZrIGkHcZ8CofcG4AQSCZtAHIkEUVVeUvqiESswbrrnJTSYA8XKjA/coM ka2qQnmcoYgEnFnhdSqgebmChBsg4BYRPqiMSzuzrjDz543Ygz88qcA12a09ROPmOI83eILlIbjs DVYZYHIed8wBHBRSBYCB1aUSgzdeONLZB6+AxMBcHHfmbKb+7IXV3zqXgUICLXAquyDAA8avEPDX p16PGcbLvgCFEC44qkjzxj4ScxcL4rKp9Oj3keJfyLwTco/0fMd1dEsS+NvrtwZbGrBRAhnt7XoE 7CVA8glYm7ntd4Cs4Xsh+0eaXo3bUmJKv51gFeDQNTPpC0VvTzzv+iPY/AvZ2OIzX/hTpUAvmAx/ MDngPD9UN6cFitDTWaPMDe648dULVin9yW8WQKd8elFAauT1ns4IufthuXgg9X2vvZ1LNwVC8ZdB BOxhg0Lh42CQ/W1KfsXIvucTuFnWjpRsLywxIA7PL0ZGRqH6Szvfc5Y3fxvGRie7eWUX4RTAROmP COeVPFJYAy7Hec+VcT1UOWVlXrdDwZWQmiQBHgbvYLGeX8jdIuyh4JBaOQFJ4XyuFT9sFPuQmXSx 4gZRDriUCDASnG0cx3Cpzj7iJaW4QUdPhXjEzMvDtoA0173ooSjFIQKCtAilH7CBL14bJZwGOvAF tzxC322KVPFaFQJKNtscDdPyowMhETd/1oT3OXl8xEgDD/DkfOdytk41Y6XKmzcP0NggC19ZI/na I+aYO23Qr/tmRfsD2KXfeSwiuzurSWVc+flZXXRRnYouSsikl6QBNv3aJeR+SbXluwFC7mgfljbQ AKo99TN4wlDuzjyfoMwciiuhVIUrreXOcCXgCYoJLKu4Oq4EqX22E1ztkK+UoaeO94IrGHYbCetP C10PJsTAcJa/yVuJD2HqibX/PL+G7h49Jo+H/wMd5qpJZW5kc3RyZWFtCmVuZG9iago0MDAgMCBv YmoKMzc5MgplbmRvYmoKNDA0IDAgb2JqClsxOSAvWFlaIDQ3LjUxOTk5OTkgIAo2MjUuNTE5OTk5 ICAwXQplbmRvYmoKNDA1IDAgb2JqCjw8Ci9UeXBlIC9Bbm5vdAovU3VidHlwZSAvTGluawovUmVj dCBbMTczLjI4MDAwMCAgMTUwLjMxOTk5OSAgMjE5LjM2MDAwMCAgMTYwLjg3OTk5OSBdCi9Cb3Jk ZXIgWzAgMCAwXQovRGVzdCAvZmlsZSMzYSMyZiMyZiMyZnZhciMyZnRtcCMyZkNHSXRlbXA1MDcy OS5kaXIjMmZkcmFmdCMyZGlldGYjMmRvYXV0aCMyZHYyLmh0bWwuaHRtbCMyM0ZpZ3VyZSMyZDQK Pj4KZW5kb2JqCjQwMyAwIG9iago8PAovVHlwZSAvUGFnZQovUGFyZW50IDIgMCBSCi9Db250ZW50 cyA0MDYgMCBSCi9SZXNvdXJjZXMgNDA4IDAgUgovQW5ub3RzIDQwOSAwIFIKL01lZGlhQm94IFsw IDAgNTk1IDg0Ml0KPj4KZW5kb2JqCjQwOCAwIG9iago8PAovQ29sb3JTcGFjZSA8PAovUENTcCA0 IDAgUgovQ1NwIC9EZXZpY2VSR0IKL0NTcGcgL0RldmljZUdyYXkKPj4KL0V4dEdTdGF0ZSA8PAov R1NhIDMgMCBSCj4+Ci9QYXR0ZXJuIDw8Cj4+Ci9Gb250IDw8Ci9GMTAgMTAgMCBSCi9GMTUwIDE1 MCAwIFIKL0Y2IDYgMCBSCj4+Ci9YT2JqZWN0IDw8Cj4+Cj4+CmVuZG9iago0MDkgMCBvYmoKWyA0 MDUgMCBSIF0KZW5kb2JqCjQwNiAwIG9iago8PAovTGVuZ3RoIDQwNyAwIFIKL0ZpbHRlciAvRmxh dGVEZWNvZGUKPj4Kc3RyZWFtCnic7V1Lb9w2EL7vr9C5QByR1BMoCiROXCCHAoYN9BDkUCRNi6AJ 6uaQv1/tau1o54v2I6nRY3dlI3E80ZLD4fCbBynO81/v/kj++po8v777N3m//3l9t0mv0rxuv5K0 +X7WJdjqytl0+5VUxl0V5Y76/vPmIXnY3G5um78fNqbYfXD/o/nPxy7S3ffX9182z9vONy3l7vq3 5l/fEpu8af58St6+a4gf9u1tH/i8qeqi4SNNjWt+/af7q7F1WV81TJmGnspftw//vfn9p+TLljF7 Ve2YNy2D3V+f2azMt0NK3SCWH75/dN/6Vlh9/+42HMRfbRJT52We5KZKTPLfn5uPTeeTdF3k267r bdc2yapq0s6bcdvUlNnhuG8nmdyHIx98eb95fmOabl1y/zFpWXjW/rj/vMlt80vtsjq5/5D8nKau +iW5/7TZ6nJLSK93hOqJYNMdoex/wr3aEeongnklP/J6R8i/E25Et+alaDSt5Ede7Aiv7w9VO278 ZfnYaiF5ryTv2Y6Q9Y8fn4DhOvERU8s2pEA82gApg8ig0VeyDSMJL0QbppCcyuGjxPhopcSMlYSS sp6JmbNGTgPMCwjISsYk68iplDpyClIHeUipI2PQbduG6bRa0nngrcLkho8f9QGWMjwhu0UZUj5Q H6QK4UcAdPg8AB+wLGFw4csS+LCglzANUvtR67iy662PoaicVQKWOfqBtkuFgAUCjeJUOUUbU1tv 6EJFpHrnXkol4oaLIwbtFuwD+gtUZyLgz6XyCfkRcy1xGWAIlh2HMolLSJDdRrgLuJZBYoDTHMlh BXEtDFcHZ9jMoUzB5eDewQnbnAg3DviQiosuuYJF4W0gpyAP9FKiORsKwnktUJjOhHtNLQi3QoBL FJYB2/j07rVbxU5laYDRXWrYwnEIlyoHSNTmMSIKNBCgdrwXcH54xE3jeo2JwXkINzK4HrhXrpgs yFy+bzVrGTHpEYyk0aDJ6WhWLRusZdxUAZRREaKl4sFguKsb49ny2eehL/dKYfjcoR4x5FxiSgam n6517h54pNeo88sV1SPzEe7azuRQoanvwS0d85BfJsRqBHY8ecajI9AHj0QIyAOGzxcuxDHnnH6e KIwNR8dRXKMT1kKPwU0j04gELqQnQbW5nkZkaHxHq2MtirxvYs7bWszjLKjGgbV7bNXIfiMWCEwM uJPg13kElwBUfFvojMIc9DhggUQ44DA4aJSPNjy5ipMN+Bgews7lPmhgXQQf4Ts+GuDn4Qlq+M7c wkbMLXcOIrB/tm3lvDgEboSUCDeF6qGHK+zrt6gYrjytBs/EMM9Ob2s+SIYK2+zjLN1JpgHtOMAh 958iEkca3uKIbvww1V7qBhiMBfcqbCYVRB4h2XvLR6Rs5VFPj9FR2++xJbQck+JyAalnnTzoQQwd s2SdN2ca+zkeuBxxQBBM2wpM+sDk4VGHx7k++zf0dFfECVrMfMiVim4qiFnhzPVydfn8/MfBVscI xNTwQnkag8+u4kZa7vptKmTCNFJjY7iyHpY7Qv9hLBTtYw4AThnZH9vfhtlHoI7IBEJ4xA9RcgwJ Si/nffpf7I4qFuapWRA8ELicF0sIymwwmdncX2bSzYAncDVLMRtoo+e9tQ6Bn0SGyexhXUlmWYCe UZmhEHvCuw4hpQIAaOacjiuzXFPPlktQlVm54lmwzKoAPRuDkNWKoynTc9Ln0kw8N7mEyRfyiVJz eG7u5Qq4OeJynR9qwwmmJ9XY+UhP3vyI7U3BUYbIQT5hqQPj0Yvk1ILfRMei4iWctWlavL0rs7P0 qzjoaEyEtA8p5CLpCSokwOqHNsKjJgAMTD0BtAGkQBv8rA8kiQCW4D0ysLkUDT1mnxIMTOXp6PoJ OnJFcMchvKIOyTY8LBldl2eFlythEQSuMADC4LUBPELQwt9W6jnV3CHcTGEMdEGnHNfTkTPjYLwK oYCHrRsliPONhAd5Oiq4DQICTQ1fMRrhFbpPdAl5JL/DXZ+ZPB0jEYRPpZECmij+VAWd+jLchRNm fSWsCjM/QRN0qvQsczqUdY/XcSI8Hf7mTEQvYB6BsKZwhhL6DmDNr7hLIaiCjr0M9D9d1uEYCC52 njugYS8eruGbVQDkVMgW+JA4BcftPIK4UaZh3b36kTyUQMddpqezGMY0CJApoesS3lfARIDMHUA2 ztKERF+SR0l188uY/xNmfSXMQVjt5Yj2srhQeznGHogF+7BmBo6PZTGZgTH2QDIacDiqH5bu1WJo RHeNUD8mzgxUl+EunC7rKpkB/h4OP+g6q19/ngoz05nleHkogU59oZ7OUhhbCcskjKEwy31tc1rQ qUNeIJ5m5ULQAt3S4+Wc9VE2Xi08oRFeaRBA28HloCUb8e0bWA+TREKjENaN10lBR/UN/OUSTpj1 lTAHYU0k/0geSqATcoWF75U084toXJmFXGExEx6qGqaQ6yeo4+rxbmV4o3jPG2/05A+8KM2u7kUZ C9dm27SmyVo2RgJt/8KE0nhDLts4HVOrB+iNiEIu7Dgd91V11Yx7vcBcyW1VEY37MvRZaFHIq5tn ikXHru60jVabfauubbVzu6/HNaOSNdcSjl3328p9UAUejytDac7L47pPaJTWlPe4IH2Me/ojrgz1 YAwkBkcKuAhbj7Y+8oTCdbh4tT2vYkOvcvW4L5qXoR7lInf4iMJt0FgylrYRU7s0vCLoNEXwPG4L p6P1LgUwFLcLdwjcHuOlmgrAhQiiVxBYx3C5wh90YXHDpeMvGAqjQPhaHlTTrki2m4I4fNu6NqbI Di1qByFapCr6McTBDcpwYbIUyN797Twhu4VrmTNwBuRHUrCo7cQY851yI5cVNNJTL+HI+Peeet7P GcYDIBDADFA73oucKRzcSzn8UiK10VtUVuYqhrlpsvQP+kv04v4T8sp8dzMjarsPnFzbhEmHsxvO yShVDqepaMurinvoENfUpXrlTsXqFsVOhexjpYe9CelwJn19pwJMJm07zjRLuM5VTJOvd14MB56I QKZ5lp0G/OMeCXfd5ymwFFPHYy3SQ0Yr+XCy3pSHap9OuDBl3SclmM57KwGdd5F0OruAQrxUWEzq h9aBPGvzOZeTSq22R63ypciUy4P3Ao2CB07HAkvdo5IgNX0OriOlR4NjXPKewG9w4q86hFjMOPJa mwA68CahqtdePtXv5r4frfKGbUTET+He8kRF4YGxCM/urEuJarhDGGDwUtsgkGn8+IvynyJ8cKwC SD/ioQ4R2cXwsXjDw1CLUZWHKDx1NFA9RQOnG3Txd3LQdYN9Xx4MU1c2AjImKmjeU2r8yEdwomi+ 3WPmwhPwmMTkiMnTS1zpuCcvG90nUyP3EklW16WuTyBwtkI1q+vME0AohKWryZzAZKoIWSOkjCgK PU8e/LIyshxjeflmj1hIY15OxifRxVw3vBT9UE5cJjiJyLrwt/z5KVHohU8WT+TxEBPUKkKbOVCv 0DVUhKO4qR5GZylO6DTbxJMkvmM2CkcMp5SgPKt6NWSa1HcnCHkay1Ve779gVPL/7q5/26TJt8Qm b5o/n5K37xrih65gjjT2eEryxxKq6sMjTwaOot/82FHBFyBqOd7OeT0rn5Bxmu28O9l8Jw/N6Eyx Y3P/4/3nI3qQHpPTbXK7+R+3Mmv2ZW5kc3RyZWFtCmVuZG9iago0MDcgMCBvYmoKMjczOAplbmRv YmoKNDExIDAgb2JqClsyMCAvWFlaIDQ3LjUxOTk5OTkgIAo2MTkuNzU5OTk5ICAwXQplbmRvYmoK NDEyIDAgb2JqClsyMCAvWFlaIDQ3LjUxOTk5OTkgIAo3NS40Mzk5OTk5ICAwXQplbmRvYmoKNDEz IDAgb2JqClsyMCAvWFlaIDQ3LjUxOTk5OTkgIAo1ODkuOTk5OTk5ICAwXQplbmRvYmoKNDE0IDAg b2JqClsyMCAvWFlaIDQ3LjUxOTk5OTkgIAo0NS42Nzk5OTk5ICAwXQplbmRvYmoKNDE1IDAgb2Jq Cjw8Ci9UeXBlIC9Bbm5vdAovU3VidHlwZSAvTGluawovUmVjdCBbNDQ4LjgwMDAwMCAgNzM0ICA1 MDcuMzYwMDAwICA3NDQuNTU5OTk5IF0KL0JvcmRlciBbMCAwIDBdCi9EZXN0IC9maWxlIzNhIzJm IzJmIzJmdmFyIzJmdG1wIzJmQ0dJdGVtcDUwNzI5LmRpciMyZmRyYWZ0IzJkaWV0ZiMyZG9hdXRo IzJkdjIuaHRtbC5odG1sIzIzUkZDMjYxNgo+PgplbmRvYmoKNDE2IDAgb2JqCjw8Ci9UeXBlIC9B bm5vdAovU3VidHlwZSAvTGluawovUmVjdCBbNTIyLjcyMDAwMCAgNTg2LjE1OTk5OSAgNTQzLjg0 MDAwMCAgNTkzLjgzOTk5OSBdCi9Cb3JkZXIgWzAgMCAwXQovRGVzdCAvZmlsZSMzYSMyZiMyZiMy ZnZhciMyZnRtcCMyZkNHSXRlbXA1MDcyOS5kaXIjMmZkcmFmdCMyZGlldGYjMmRvYXV0aCMyZHYy Lmh0bWwuaHRtbCMyM3RvYwo+PgplbmRvYmoKNDE3IDAgb2JqCjw8Ci9UeXBlIC9Bbm5vdAovU3Vi dHlwZSAvTGluawovUmVjdCBbMzM3LjQzOTk5OSAgNDcxLjkxOTk5OSAgMzk5LjgzOTk5OSAgNDgy LjQ3OTk5OSBdCi9Cb3JkZXIgWzAgMCAwXQovRGVzdCAvZmlsZSMzYSMyZiMyZiMyZnZhciMyZnRt cCMyZkNHSXRlbXA1MDcyOS5kaXIjMmZkcmFmdCMyZGlldGYjMmRvYXV0aCMyZHYyLmh0bWwuaHRt bCMyM2NsaWVudCMyZGlkZW50aWZpZXIKPj4KZW5kb2JqCjQxOCAwIG9iago8PAovVHlwZSAvQW5u b3QKL1N1YnR5cGUgL0xpbmsKL1JlY3QgWzI0Mi40MDAwMDAgIDQ0OC44Nzk5OTkgIDMxNS4zNjAw MDAgIDQ1OS40Mzk5OTkgXQovQm9yZGVyIFswIDAgMF0KL0Rlc3QgL2ZpbGUjM2EjMmYjMmYjMmZ2 YXIjMmZ0bXAjMmZDR0l0ZW1wNTA3MjkuZGlyIzJmZHJhZnQjMmRpZXRmIzJkb2F1dGgjMmR2Mi5o dG1sLmh0bWwjMjNyZWRpcmVjdCMyZHVyaQo+PgplbmRvYmoKNDE5IDAgb2JqCjw8Ci9UeXBlIC9B bm5vdAovU3VidHlwZSAvTGluawovUmVjdCBbNDA2LjU2MDAwMCAgNDI1LjgzOTk5OSAgNDY4Ljk1 OTk5OSAgNDM2LjM5OTk5OSBdCi9Cb3JkZXIgWzAgMCAwXQovRGVzdCAvZmlsZSMzYSMyZiMyZiMy ZnZhciMyZnRtcCMyZkNHSXRlbXA1MDcyOS5kaXIjMmZkcmFmdCMyZGlldGYjMmRvYXV0aCMyZHYy Lmh0bWwuaHRtbCMyM3Njb3BlCj4+CmVuZG9iago0MjAgMCBvYmoKPDwKL1R5cGUgL0Fubm90Ci9T dWJ0eXBlIC9MaW5rCi9SZWN0IFszNzAuMDc5OTk5ICAzNjguMjM5OTk5ICA0NDYuODc5OTk5ICAz NzguNzk5OTk5IF0KL0JvcmRlciBbMCAwIDBdCi9EZXN0IC9maWxlIzNhIzJmIzJmIzJmdmFyIzJm dG1wIzJmQ0dJdGVtcDUwNzI5LmRpciMyZmRyYWZ0IzJkaWV0ZiMyZG9hdXRoIzJkdjIuaHRtbC5o dG1sIzIzQ1NSRgo+PgplbmRvYmoKNDIxIDAgb2JqCjw8Ci9UeXBlIC9Bbm5vdAovU3VidHlwZSAv TGluawovUmVjdCBbNjcuNjc5OTk5OSAgMTc1LjI3OTk5OSAgMTQwLjYzOTk5OSAgMTg1LjgzOTk5 OSBdCi9Cb3JkZXIgWzAgMCAwXQovRGVzdCAvZmlsZSMzYSMyZiMyZiMyZnZhciMyZnRtcCMyZkNH SXRlbXA1MDcyOS5kaXIjMmZkcmFmdCMyZGlldGYjMmRvYXV0aCMyZHYyLmh0bWwuaHRtbCMyM3Jl ZGlyZWN0IzJkdXJpCj4+CmVuZG9iago0MjIgMCBvYmoKPDwKL1R5cGUgL0Fubm90Ci9TdWJ0eXBl IC9MaW5rCi9SZWN0IFs1MjIuNzIwMDAwICA0MS44Mzk5OTk5ICA1NDMuODQwMDAwICA0OS41MTk5 OTk5IF0KL0JvcmRlciBbMCAwIDBdCi9EZXN0IC9maWxlIzNhIzJmIzJmIzJmdmFyIzJmdG1wIzJm Q0dJdGVtcDUwNzI5LmRpciMyZmRyYWZ0IzJkaWV0ZiMyZG9hdXRoIzJkdjIuaHRtbC5odG1sIzIz dG9jCj4+CmVuZG9iago0MTAgMCBvYmoKPDwKL1R5cGUgL1BhZ2UKL1BhcmVudCAyIDAgUgovQ29u dGVudHMgNDIzIDAgUgovUmVzb3VyY2VzIDQyNSAwIFIKL0Fubm90cyA0MjYgMCBSCi9NZWRpYUJv eCBbMCAwIDU5NSA4NDJdCj4+CmVuZG9iago0MjUgMCBvYmoKPDwKL0NvbG9yU3BhY2UgPDwKL1BD U3AgNCAwIFIKL0NTcCAvRGV2aWNlUkdCCi9DU3BnIC9EZXZpY2VHcmF5Cj4+Ci9FeHRHU3RhdGUg PDwKL0dTYSAzIDAgUgo+PgovUGF0dGVybiA8PAo+PgovRm9udCA8PAovRjYgNiAwIFIKL0YxMCAx MCAwIFIKL0Y5IDkgMCBSCi9GMTUwIDE1MCAwIFIKPj4KL1hPYmplY3QgPDwKPj4KPj4KZW5kb2Jq CjQyNiAwIG9iagpbIDQxNSAwIFIgNDE2IDAgUiA0MTcgMCBSIDQxOCAwIFIgNDE5IDAgUiA0MjAg MCBSIDQyMSAwIFIgNDIyIDAgUiBdCmVuZG9iago0MjMgMCBvYmoKPDwKL0xlbmd0aCA0MjQgMCBS Ci9GaWx0ZXIgL0ZsYXRlRGVjb2RlCj4+CnN0cmVhbQp4nO1dTW/kuBG996/QOcB4RIpSS0AQYMYz EyCHAMYYyGGRQzCbTbCwF3H2kL8ftaRuS/Wa/Sh26ctuG7u2OWqyWCy++mCx9PHP3/+R/Ov35OP9 9/8kP7qf99936V2aV+1XktbfH/oNtrzLbHr4SkqT3RX7pvXH8+4ledk97B7q/7/sTNF8sPtR/+Nx iLT5/v3Hb7uP7eC7tuX7/V/r3/6X2OQv9X+/Jj/9vW78uevv8MDzrqyKmo40NVn951P/T5Olpbkr 6t/r9lT+eXj437u//SH57UCYvSsb4k1LYP/PD7ZIXXVoya4i+eX1ozUVWWVNXpTe3/sdZ1lHj0uy PN3fHfic11PPXH6Yz+GPLLfNtOtfax4Uxt25mnor223z4ab91M+Tp/8De37p0Vxl3Zf39wHNfdq6 /hua+2N1zwBtg/beXE79PHn6lzQr8dlDs48G37pMwefza/08bA/i83nZ8MnSkOZ2txw2v+/3Ps2j 9luRJ9akLk8Oq5VnyX//WY/8oLHGxualbeY23Et1e5U3vBjOX7Sf+NXr58nTv9peMjVzygbfhnJZ t9uG3UDboL03l1M/T57+1fbSkM8emn00+NZlCj6fX+tnwbcQPp+XDZ8sDWk+qtQKFMy4feNcYtMi K2rVnJj8uG8e4rSdab77xLQtHm33cuGDnx93H78ViUmTx1+SloIP7Y/HluoPNdlunzz+nPzxQNSf ksdfdwfl3jXYpmH/2pA1DeVrg5NPtH18fezmPw2vTS2qG+S1yfJiIl5HmkovFz7YTMgcjLmzMyoO wpMVWUdMljbE5CfqbNE0VKeGrEdu/LgmbQfel0cuyHFMKfgEDelesNa0vDa95fgm1scY8Rlrz6+P e20oBUtS+IhnjXt9fJV9yI/g7L7ITuV0oVPzJVD4nH8U4+Q6SI5hpzA5OQoyGT5yL+mAYeUyIMdg ctCpZBDnGBdDa+Swk0iQnAuKAx8FRAqWAfZLKhkEdMCwsg+UMVhbOVtcWyp0FigdL6cB27SSncJs eR8gdB7RVsLYKguXEI8cXktJZgQlAN3jF9x8YhiCsANLQVEGRbOQH+Eok1OkgmFhq04BKkjpXkoz iLcCCwNWfzt6exZA0MBU1wKkSV956CRTP8thQGI+U1CVlCEww+ICDzmXYaVgLUFRAYCMF3ac7Seq /I2cvkcMddDepaWX1ncuuxxUAvAQoIvLLrdTp7APJ7F1IxQXKj+uQcav3CQ81UFMS3UKtVvOOLYR aviTBsy0AQNn/QGDe8k01YiBy074Fgqsl6Rkw3YoyBXsPAleiGbc+58HvN6QqgrQMsBToAPmAnI6 xVz4YoPzY+7pRxC7QFWBitAw/8H+Gy912VfZBwRduLbn7tCEzp8S6OZHuAeAQAaAiAA+0rhUABPH ewhLObtrDf2C5sa1hYWCfQnD0n2JCwWzHW9B47pAp3yhlnEPpgnsrMbo5AGE0DDttYarzYdQ1pml 2gbyETKLm50aiH/YB6juCJvqfW2rAA5RfwElhptu05z+cD8F9A7YlNT5QdNV00Eu/Q7yN0Gqrn9c aeLOzdzTh7ulTvojcJjTEYHD1C+LELoAM2O8suMWMx7cSkxBOrgJrQFlPDzMUbhd7F4gDxDFtTw0 5pVFPB5A7X/kSECiT+jW1UHZ3PgdYkAVbnhEr9a1s8nz4WyQjcBp3HsUmzXO9/BsAqSEJ7PAZpRL gz4BVSu4VhR6UGeCaopI3AL7bqEjopUc3SM/AEV4fPwtB6q3dKY6p0wpaQh7tMPX5jReO7+iGs5v Hgc/RmWMP6xQOczaTKwmIHOVGiIRmTkZHPfw8y+qujhELpVC9pYTM9Aj0hAYHrvny/BVE8vdydqn tl2A6HIs5/EPRAwpET5T9lqWVKlgCUgvN0WW0QcLZRGtR/8rxjfz/Kj+Mb4pcUU1vpnvT77qOz9X 4WqV+xX8Dsky2YzzePvbyW5eyJS9hf9H78pFw/9KEFuWXp7NchDH/ZJ5UlUW8lxuCeNsWG63Kbgh AXFcPv0I9cnPD97X7bGe1fpahqAtnJQ2JVPO/z64PB/wPL9aP3LQBmurQ3GDM1BrG6QtTla0BQ8I LhaBwMonLJzM8MtJ0ND20TvR67RRRUWn98S9bGglpZAwCVLfE4yUCgb0IYfthKvyT9eWMF3AfFmY ABkCQu3JklmmxENuG1ErqyMxGnkhy1hXEbGGeZLt13JNYp6EdZ17UREuDShgftK8kijwPLd1NGa7 oRDnsobQlc5WXpghLkfsXWTRvQppjcbYpy4cdjFNBMSIh4U1/O+ItIhbdRbCdeoXc++Ki0NAdH4e xbT26hTSihy4Iu6sK+J/KsTaDBigxZPcByiuDSy9IgqY+1bKBzQYEBgQXPB/5CjoQ0GnMKz0Q8BT s6H3l8Y0QB8WnuAZrqBQfFHC61e4UxlWiPel4IkHqS+wHhcYpAaMStlp98QyrpjJJJvG24kqtzQy lXhxexS4d5WPtICA4XgzgQfZ3F4+EZGnrRlR3xdH4EN9JDHK5VKHndFqUonxbrEsA48OufYJCOxc cFoCbFYYBZLIccLZF0kJBDGofxlx6hjgtUS7IBtU45k1Q2lGfQqADKDuQfllADkr5IwUcyT2pdB1 E4fLEPY8R9FKoFblWwS1DYc/Y1IL+CjQKZggEWXReOiO3+kfX1krJktk/HWW+MSyKzeeK/PhxtNE q9L4mbbMJQfEM5oY0dGhA3ClPfEZ4MuAaylhBQMN0ElmAb6g2rbnkjI/whtTw+m21cAw2OdCBDS3 mhvBVvCHJvVUynybMq+h1PXW4pIAryRAPVO2z0pOLN+0+RF8knrtsVCHifkkmLgfsbz8lEMVE8tw Rwdel4EIeCbeAS1YIwRgE30fHfcIrAd+HMRhUS5YzFkn5O7Qwy+N6FTEDYH1pnMv5LaOP5UPiWlH nBdG9MFjhNHoNEZAeCSS5+r71lIHJatU1V5Z1HC4liOlExzRSEfWyLTXeHfFLMb4+0qoWOp1Nxsu iA+k007nsRcCbqZMC8Mm967/SmqVzJ8tE89Vm2aCq9u9MXp7c9FoFs4TeFptxi3We5Dn8GeKxAUc 9UGE74ynqnCeP43vFpqho4TnmV9MKDhzIyHmfDAUvq9lwL4UDODhNXq1GBskFvNszwh/bi1x0Ij0 soA6mZ4s9FE3Od5QPHauM6rcCYTQice2qZxVrlpHeKH7YnO+rXPxy19v+hXCa7Ez13LjMAKXtnQ7 YpJyxdCAJ9oRu25dBT91wP+1yNJKUroDShXyaJ/GMYxebbpLhAV4czykzNUShB14+BM2NyjySaod R6D/+DoavJZTwEvFNFT9dmJMehanqcc7UgZRp/F7O6B2D4+hAJRx0Q0Aqu2Ev960Pb2dTTbPgTqv u/TeKyMsZGGu+KQ73++H0D2TeyDZDAHlLlCto5hMcewVyh1zLcOdP/5CHAruAR42j6fzOu4UMmJe /8OHVYhiRqgy7tgE2L78dTjgLfEYDXew+DkHXyjutdFCjlCDety9Y+9FxOYVBCYtBB70OAK0wsVE j+F2oQ+s0QbgDrfePUXbeg388M8j3L3JScB0vHQhXMP0hIIuUIr382UfMEoGk5MMyiSDsBAEdAoM 0ruW2vsIaDbwa3mFCjoK8oOKA9Q8AH7AujiAAxBLWAaYLVXbBoAcJgd9AJMl6bi2tMgHFxgo4QFS OO5MlwHX/pRNQkFHowG4yuEAa0mCcHNIgT64cNOyIUAH7n5YOxAZ2YAYAztGEgaim8rZwkccQAod hX9kHhQKIAwgBUTKU/Gp94RUbLwIEKq+CEp5WRlJmMZCZbArYd8CCMMT0JAzoyUDSYZdWWpiXTUC p6hxxNUBXIJBU5BaKQhtUJ2WfgS4utB+QDpCpV3FdzZZMVyHW1a4z35aS1Z4TJ40L0wx/lLMWtIq ZrqhGnHCxcswAh28gkLEVeIp3qMZwPWIsweFov8rrn4bHVq7FuorN8T6iFTVgJDVNG907vRUbrzL Of6u1jQQert49VZU7EQl72JIo9WfVK4m88VcKGVyXclbF+aik7wXcXDM77NFv2np6grqmYDu8Sk/ AQfFW3tLuI4+LAovD7dTfYaKu8a7pmLq7wZskQh3iCen3QBxLEMwGYHfPI64aHerIULMgdALQ9ei X+qG8Lf9a0fXXsNzZcOR8qRlFXM+bXqsHQ57daa6aGsJ/8xTz4A6mfOkr96cTEK6SnUPDSZr3Bem hWu2Ewt+21fsoiNfV8cPi6EyCHi1Cyz3+NpeRtFfstYFc/G9wyG3qGCHcO2oQBhk96q8ohCsQ3A5 V/KKwveOfvPcH4ywFSMu1PH9wt3amcp85LZkAApZD/x4CTL8IozlSa4H6t0f1dFb2VHnTnPnFDLA Vb3HYn8cpl2J/nucI0zZ8QG11eqyCH9yvdBEYyE3r5X0sR2v9XbFVFC6mSumwRzTwf7SaloDEW9W Gl+xd6ZQ+e2QZ/Q2vJWsWef638rPsFHWXn5GB+yrvW/cW8kaAmW3kjWi054DepLKwbtRz/8+eBtp wPP8XaUjB202SpUcKlGfqVPdRNCzk0OMd5Uhe5Tnl0ZkoEJDu5N6jjleWYF9AYvquVZ/SR5bOYBX F/dihvKmlE+WKv8o3UvZ+2EHSrvllMkncLrZORnOq+4LMFb+W4Bs+jtr5LDw1iRtiva6/FhAzrWT KV4nAyadgXcmOXhERnwt5O3l7Iku6VYqpNiZurYyfO8tuPDmJCtphFSCSjCnQ++eHH+WfZSyQUbY MKWxOP+EFifsvhq+K3E1nIAnJCdAaqbmlauy4TvUtsMrj0EXzQlZvXgtnACZ6C7qjhEjZanpcnJP KVhrYZX2Bqu/k5eaYaZoZt79+PEc+2L4h+Rh93+h+suFZW5kc3RyZWFtCmVuZG9iago0MjQgMCBv YmoKMzY0OQplbmRvYmoKNDI4IDAgb2JqClsyMSAvWFlaIDQ3LjUxOTk5OTkgIAozMzYuNTU5OTk5 ICAwXQplbmRvYmoKNDI5IDAgb2JqClsyMSAvWFlaIDQ3LjUxOTk5OTkgIAozMDYuNzk5OTk5ICAw XQplbmRvYmoKNDMwIDAgb2JqCjw8Ci9UeXBlIC9Bbm5vdAovU3VidHlwZSAvTGluawovUmVjdCBb Mzg0LjQ3OTk5OSAgNzEzLjgzOTk5OSAgNDQ2Ljg3OTk5OSAgNzI0LjM5OTk5OSBdCi9Cb3JkZXIg WzAgMCAwXQovRGVzdCAvZmlsZSMzYSMyZiMyZiMyZnZhciMyZnRtcCMyZkNHSXRlbXA1MDcyOS5k aXIjMmZkcmFmdCMyZGlldGYjMmRvYXV0aCMyZHYyLmh0bWwuaHRtbCMyM3Rva2VuIzJkdHlwZXMK Pj4KZW5kb2JqCjQzMSAwIG9iago8PAovVHlwZSAvQW5ub3QKL1N1YnR5cGUgL0xpbmsKL1JlY3Qg WzM0MS4yNzk5OTkgIDYwOS4xOTk5OTkgIDQwMy42Nzk5OTkgIDYxOS43NTk5OTkgXQovQm9yZGVy IFswIDAgMF0KL0Rlc3QgL2ZpbGUjM2EjMmYjMmYjMmZ2YXIjMmZ0bXAjMmZDR0l0ZW1wNTA3Mjku ZGlyIzJmZHJhZnQjMmRpZXRmIzJkb2F1dGgjMmR2Mi5odG1sLmh0bWwjMjNzY29wZQo+PgplbmRv YmoKNDMyIDAgb2JqCjw8Ci9UeXBlIC9Bbm5vdAovU3VidHlwZSAvTGluawovUmVjdCBbNTIyLjcy MDAwMCAgMzAyLjk1OTk5OSAgNTQzLjg0MDAwMCAgMzEwLjYzOTk5OSBdCi9Cb3JkZXIgWzAgMCAw XQovRGVzdCAvZmlsZSMzYSMyZiMyZiMyZnZhciMyZnRtcCMyZkNHSXRlbXA1MDcyOS5kaXIjMmZk cmFmdCMyZGlldGYjMmRvYXV0aCMyZHYyLmh0bWwuaHRtbCMyM3RvYwo+PgplbmRvYmoKNDMzIDAg b2JqCjw8Ci9UeXBlIC9Bbm5vdAovU3VidHlwZSAvTGluawovUmVjdCBbMjM1LjY4MDAwMCAgMTU3 LjAzOTk5OSAgMjg3LjUxOTk5OSAgMTY3LjU5OTk5OSBdCi9Cb3JkZXIgWzAgMCAwXQovRGVzdCAv ZmlsZSMzYSMyZiMyZiMyZnZhciMyZnRtcCMyZkNHSXRlbXA1MDcyOS5kaXIjMmZkcmFmdCMyZGll dGYjMmRvYXV0aCMyZHYyLmh0bWwuaHRtbCMyM1VTQVNDSUkKPj4KZW5kb2JqCjQyNyAwIG9iago8 PAovVHlwZSAvUGFnZQovUGFyZW50IDIgMCBSCi9Db250ZW50cyA0MzQgMCBSCi9SZXNvdXJjZXMg NDM2IDAgUgovQW5ub3RzIDQzNyAwIFIKL01lZGlhQm94IFswIDAgNTk1IDg0Ml0KPj4KZW5kb2Jq CjQzNiAwIG9iago8PAovQ29sb3JTcGFjZSA8PAovUENTcCA0IDAgUgovQ1NwIC9EZXZpY2VSR0IK L0NTcGcgL0RldmljZUdyYXkKPj4KL0V4dEdTdGF0ZSA8PAovR1NhIDMgMCBSCj4+Ci9QYXR0ZXJu IDw8Cj4+Ci9Gb250IDw8Ci9GNiA2IDAgUgovRjEwIDEwIDAgUgovRjE1MCAxNTAgMCBSCi9GOSA5 IDAgUgo+PgovWE9iamVjdCA8PAo+Pgo+PgplbmRvYmoKNDM3IDAgb2JqClsgNDMwIDAgUiA0MzEg MCBSIDQzMiAwIFIgNDMzIDAgUiBdCmVuZG9iago0MzQgMCBvYmoKPDwKL0xlbmd0aCA0MzUgMCBS Ci9GaWx0ZXIgL0ZsYXRlRGVjb2RlCj4+CnN0cmVhbQp4nO1dS4/cuBG+96/QOYDHIqknEASwx94A OQQwbCCHRQ6BN06wsBeZ7CF/P2pJ3SPV1+yPYpdeMz2D3Zmh1RRZLH5VrBff/vnzP5J//Z68ffz8 n+Rr//Px8yF9SPO6+0rS5vvNsMFWD86mx6+kMu6hKNvWrz8OT8nT4dPhU/P/p4Mp2g/2P5p/PL0i bb9///rb4W338kPX8vnxr81v/0ts8pfmv1+Tn//eNP7S93d84MehqotmHGlqXPPn9+GfxqWZe2gG ZZr2VP55fPjfh7/9IfntODD7ULWDN90Ah3++saXLy+whS7Obhvz0/NG+9yOxfL8PO540viJPrCmr LMmLNMld8t9/Hr41b39+d5G62pq8qLy/D9/tXP+uLKmsS5u3pMY2ZHdZ3nyi+cqb9p6u9kj/wmT9 Q6Ldlv0fg36+e/o/Ls23wZhr1395fx+NeTi2vGjZoR3z8F1FdfwdxzZqH8zl3M93T/9yzEp09ozZ NwbfusxB58tr/WPcHkTny7zh46XxmE8QVMOGnLZvsiyxNrVlA2WJyU/75lMcOpj2eziYrsWDDk9X Pvj+y+HtT0Vi0uTLt6QbwZvux5du1G+aYbsq+fJL8sfjoP6UfPn1cATDvsG2DeVzg2sbqueGTD7R 9fHxyxA3psHd05UPthMyR0C+NKPcNhMyrj5NyL4XEzLdhDI5/kFD1TbkkgYVpcGgj4+yD/kRU0my fZCdlrJBdmo+BC5O5n+L6Z6onxsMnS1MTr7FAsXgI49yHPBauQxIsVlWDgYmicypDiMNGDplGPeR 8gfnMUkgaxbZDZKmOHT+FtgeQLGf5FZP5fRhHPBa2QfuF+BTOVukOt1AFkY6fc/h9DkXRnAQ3y8e ArXy4AZgr4oxss+5UW8dayuEsuM/etgMuCqnQ6V8x1fC1JR34QkYRyl3iOS7CGYOYDPYmEBTjlwA IXOAHbIhpVjAYtPZmkL28Th968rVR3YAkJEjRdE/C5FBi4MdJamOy0BVIY3ZmvfyCRBCXDfq6GGu cAwSVWPThe6gW/HSpAwwNViE0hlWM4Dwvq2qI0LsSdqhLAPuhbEi63FlRgGJ8C1bOXJRNAvoA9Zh DhUy60SoSZ9ZM5O8Kg+2SBCp3eGGXxXNpYHgoTMAp60pMzv/LowGnqdCDAkBL+g2Ze7blc6l423Z UxCW5UqDAQwF/pCiHN6SAidDp/DaVA4M0A/68KjLUxqgDwtPUAFp4eTrkX5X+gCqG8B6SSBcBlhb 0Llkp/0TK9nC6kxw63Q1CrUGFIn0VO2chkgs2gNglpdkjXUtNVlJAT/6MHcjQUzaUaS0XiEhgSPL pWC5IGqkZOHd9lgy6CR9R2W+kVTaj7FumfP8LAYdbgKIOEjebYQT13YhG+E7RdytSi9BFLifwyyw IR5vVMRMj6p5+npRNZr01zpd6VT4kqEaxR8VXQEGXhg6iFCOqqA6R0yOHk6VjE+Z2O98k2XdE/WV hQBjI13uYKZSwjdTeteXs1XE4MEZQTsN+Aj3CkR4JxSlZu6s7zVO4g6CaoR5ih9fPAujxFXZiasC xFshdxGK0Q7wjbnSAv06C7IXBOlmZC13DqGc5LZ/6CPAgRCNv1O02gAzNnVaBpzPVtI1XtJplHK/ hU756QuGTkExwBcGuIl7CoyQemEvSrhZnE8b9EAar1vs0OJu2gjFAX0cnByBh+RK9Q3rGGFNKRY4 RiWH3Qlbjbp/VaLnuG3kjqtk5WD1edABj2SYjqsayqaGyhDhktY59h3tWeN9ya2JNCA3JgiB+/EX MoyoKI0Li82yCuZWRIDp4RERB2Hc39ONNuiF5zjDjcMczLnRhmuJEfH3ATuCn/unT+YeC0362K6f Q0ci1OUYU9wHsXVN9+KhkSDA8u+k9fyCrYFHDVK5gXQDHqCK5up4Xjvf0FQ0mEV4fh7JypcXZ0eR NQbQuM4TMDseqj7dyBMwMho2hQcJCKKLDwmd+ZgUcI4E2UuFEZ416FzmsWAoGuWLtPJxWYB9clav c2HPAAiSxUAUoLQ/Y0wodILG8VSa4VFeccWIG635RyLMIBxpuW+LH6ZXyiPR481rI10n73A/cUnL pPMEbLE5ZHeA8Wn6iXd78TJK2Cyz5CMcf7eOxLnxSBYCibs/bdzpLNmaLyh2Jxirbz6yp2JnaqqJ ufMuDbBIqDFNCYqKc32LDYGthlb4mrKJrDHjxTSS6pjnQzOBzJrOTpuLGe0oHXYWy32AHY8rzxr2 hQjP3G1b8QZQzyqxLdbJqH9dlvq1DoKqGnqVnbrVCIOPCE7i2cHLWMsikqN5LanpobQBmuJmHeQL oY4K/3fVAkpzjmWYI7fuRcPfSkWbLgQ4o/9QuiFxdWW3F6y8cArgvcyS1RLAZxHgxVGEi6aIUgd6 gbY6AJCdefMenHuHt/XhbSs1WRYqHckLrnCL/Ds5DlqkSOOsE+Fcicnf2lY5sVsxN3dj0N1RUTIM ZAJtQDb07mcdQZXn8YJ6mbhNl4qB6dRk4jIV2JlHMUUklYVGWV+BiIAAcdAPIIiLAzO3D/KhTy9z E+B84dox132AQBx2gft5mWi+YTiWRyTdwS4E9JOz7ZN7YisHeS3tRd2iTl2PwW1AEcDQd7IBnoCG XDbI1XWyTJWTTAVPwMAg/wnSnTJZyAonB34G4BA5DiwfViiuTGWy4JXJABBgmy1TP80TjgVHu2uv hRh0KDHm8btdacAiZDA56FSadnnVOngL8HJA/TR4LcxF9uEk2uXAy3JyqNvSsm3giIMGB1wIawuz hbfQEnROUh32dkYZFz2EwMkwOfqElfIhk+AHog2hTa6+gdWHtaWlEh0MDHYDEAj4VBXabLjQ2U+D haOunuv6CvsDkjmAWIAUUI9m2agUDmCkCLF0+ishOy42HQduMhgpFVsBmAtDpwB6Y/r4rQffqjwd fC/Ez4AhlPvXuPmAR/tNrwseYDunubN4GOC+QoU0+GWy3vnlPlHJtbuxL8bEMtKg+pjl5wsDNAV8 5FAGxoNlyiLwElvchT29RnhMbElE/LDHyHUrChfVGIZfwi0BVe1d8A3fErBkRJqK5fsyL+4s5DTN xxyzrjVlpSjV/mRW+zltq16JAI6nl/oslU/vKsFriLU8gIpribQEBcbPgNAD2OQetEWiwwL0KO4e jCgfpBELqlFPaJkbTPQy61TEeZ0W4YpFRJBKREFFDQfaVmJBNnOF2UpR7dPPuzMVXnapYHfu2EZ/ mXQooz99N3w4S9D+QnrKa68WymUbLD9328PyayCXZ3PrSC5rTr3yYxaGPkPhiYjsMW69ClChoA9e VoITfhZrzfSM4KUsLdZlY5ZwUAluei3oCGHOI9JhYAGhTzxWmMeKK5QGDRDmoQAw6SOLCLeIKLaA +Ht+78Q65V5ekloSFSqpmAdRZ8LnflMi1EqK+kypQZjFB+Zs7mfROMrDWyKYF9zOfC48ISMCMrai hu8n2x4nc78wkLw2IsmHx5JrJBNwoxxPJVLROQsr4X+eK5R6KVOcglb5ERINaNxQQxEzpuDj9ESA tSqz8UpklBF58Avudl6zZnqNQRUla5nriNbRdVYKKELrAQCVJ8BuUtgSClCaFzOPqWd6+nZIuIAC c/v29s3RHgKokSRwsueXPixZ0kNHUJW1l84R6vBGNLd7vvb4tRr52mtWvH/Ztbn1dGTdsDqEYqq7 LVSxiNs6dWSELccYOc9dvh7QHAdAjeK7Lv8+Co8KeJ4HT018aUvNOjH55ciqhpY2PZ+/IJ8LZQWP 56FPWBDiXCIB8mF9nG53FVcaHgVa4hOwdzo+GBj1kFVAKTXyNfK9Rj4BfQzVicXj7VotxKbVeUIR dwItYmGfp8IdD6aB1eIxXBEB9hEYHOEK4cUJUEhHIO7081HMLQbQaYToowfGmNrvMZewcCrzgypG KHJPuMZR9pU7x2ZhkeDyzDefwvMx/m89ek7j0G3TOvfSeZabTqYHV8ewCJc7K8H7PDtiKwLgXvBu Isq+PgNKQHTM9Chub63dWzEyzQVILhNCQ/NyA8IyeaFkbqiRkV0x97eGmoNUxJkxqljEZ0fLQOP+ 5TDKrV/Um7Ptir0RGB+QmT4dsSPuXePVwbZ7LJhFXu8m219HJGR5xYBmmUDMdZTA7TL3/gNCrTlf ELVZ2+OLVk1iTrz8+B4RdrefiMGNGKvntCvdzfte1WcjGbkBN16tFttTujGyL3O5eXz6rI4gO99J uF1Hy44tcXclTLzmbprUX4e17uJYxj44p1Z2K4QaN8bQtaKdI+LlaVWfde/W0BFuzzc+7ucmjR1l WG0k03XlknvXNuaOyudFxH6uhbuZEdv7tWtVMbbexdF8X4UNewlSuTG9YBGuNEAhbF5tfp6LJQD9 oA+PmWJKA1a5gSd4sRUwqHjk1rXTMS0/DgQKuFiC3vAwvL5k8YBYZwrBrQrmnRi/3bTrdbxpt+1s 7PPts3reXZV7oZuv0ovNcgdnAeEZeEym3V4I4OBB6h2P1v4nNMQET17mAwOHt5VPIMk8QvHWonKu Gq/4MrEHMaokr8saoTkHePOX0ek3cmDTQTiTdTiS+2M6F7FPZqXsdEmnx61ErDoiluduNdJCN+L1 2XWkrMIN3LMUBA7Ird+s+UUj3WQrFQEDSsQtiYdKOFTlm2eiZXJvXxKr7gghQgSCRuW1aI/1tU65 259GxSyU1KSpu7jUPzSFaIMAhTeiBlxA+RnQzVXMD1ycq4T49cq5M2flnNca3IrDmZIINP4NJ76d Nok7d7vfilQx+rzC/WT7YUwVb+JWDm9z1ETecSFJRXeUEqRkE/LEVE7iXL+bfs+KrrgrlmVFFESz xHRrnvDc+Za/ZSxNLzqEP0YX34owe8lhfXNuw9tOlZu13arCcO0dWkAk/DKXz04/ZGyloDkODOrP yNBJX81fUWktr/svWHb5bwEV1PydtTxU+OKiivaKlDw9Oc7Ba9qfw2u5MIPZdWs5KDn2k9xl72Uf lWwwEpfgiULyQ35xD0VTIm2v5S2e0/Q2QglDKeGxL8VS4ugdG/mvMyOmhZniSKyaPtKD8TAeoZTk kg3ZQKVvvpOnZsKmaEfe//j6IzaY5lPy6fB/+df97GVuZHN0cmVhbQplbmRvYmoKNDM1IDAgb2Jq CjM4MTgKZW5kb2JqCjQzOSAwIG9iagpbMjIgL1hZWiA0Ny41MTk5OTk5ICAKMzc0Ljk1OTk5OSAg MF0KZW5kb2JqCjQ0MCAwIG9iagpbMjIgL1hZWiA0Ny41MTk5OTk5ICAKMTg0Ljg3OTk5OSAgMF0K ZW5kb2JqCjQ0MSAwIG9iagpbMjIgL1hZWiA0Ny41MTk5OTk5ICAKMzQ1LjE5OTk5OSAgMF0KZW5k b2JqCjQ0MiAwIG9iago8PAovVHlwZSAvQW5ub3QKL1N1YnR5cGUgL0xpbmsKL1JlY3QgWzI4Ny41 MTk5OTkgIDYzMS4yNzk5OTkgIDMzOS4zNTk5OTkgIDY0MS44Mzk5OTkgXQovQm9yZGVyIFswIDAg MF0KL0Rlc3QgL2ZpbGUjM2EjMmYjMmYjMmZ2YXIjMmZ0bXAjMmZDR0l0ZW1wNTA3MjkuZGlyIzJm ZHJhZnQjMmRpZXRmIzJkb2F1dGgjMmR2Mi5odG1sLmh0bWwjMjNVU0FTQ0lJCj4+CmVuZG9iago0 NDMgMCBvYmoKPDwKL1R5cGUgL0Fubm90Ci9TdWJ0eXBlIC9MaW5rCi9SZWN0IFs1MjIuNzIwMDAw ICAzNDEuMzU5OTk5ICA1NDMuODQwMDAwICAzNDkuMDM5OTk5IF0KL0JvcmRlciBbMCAwIDBdCi9E ZXN0IC9maWxlIzNhIzJmIzJmIzJmdmFyIzJmdG1wIzJmQ0dJdGVtcDUwNzI5LmRpciMyZmRyYWZ0 IzJkaWV0ZiMyZG9hdXRoIzJkdjIuaHRtbC5odG1sIzIzdG9jCj4+CmVuZG9iago0MzggMCBvYmoK PDwKL1R5cGUgL1BhZ2UKL1BhcmVudCAyIDAgUgovQ29udGVudHMgNDQ0IDAgUgovUmVzb3VyY2Vz IDQ0NiAwIFIKL0Fubm90cyA0NDcgMCBSCi9NZWRpYUJveCBbMCAwIDU5NSA4NDJdCj4+CmVuZG9i ago0NDYgMCBvYmoKPDwKL0NvbG9yU3BhY2UgPDwKL1BDU3AgNCAwIFIKL0NTcCAvRGV2aWNlUkdC Ci9DU3BnIC9EZXZpY2VHcmF5Cj4+Ci9FeHRHU3RhdGUgPDwKL0dTYSAzIDAgUgo+PgovUGF0dGVy biA8PAo+PgovRm9udCA8PAovRjYgNiAwIFIKL0YxMCAxMCAwIFIKL0YxNTAgMTUwIDAgUgovRjkg OSAwIFIKPj4KL1hPYmplY3QgPDwKPj4KPj4KZW5kb2JqCjQ0NyAwIG9iagpbIDQ0MiAwIFIgNDQz IDAgUiBdCmVuZG9iago0NDQgMCBvYmoKPDwKL0xlbmd0aCA0NDUgMCBSCi9GaWx0ZXIgL0ZsYXRl RGVjb2RlCj4+CnN0cmVhbQp4nO1dS4/byBG+61fwHMBjdjefQBDAnrUD5BDA8AA5LHIIvHGChb3I ZA/5+6FEjkTVp+bXLBUpyaMZ7M5MW+wu1rurqqvf/vnzP7J//Z69ffz8n+zL8PPx8yZ/yMu2/8ry 7vvNeMA3D8Hn26+sceGhqnejX75vnrPnzafNp+7/zxtX7R4cfnT/+LJEvvv+/ctvm7f94pt+5PPj X7vf/pf57C/df79mP/+9G/xlmG/7ge+bpq06OPLche7Pb+M/Xcjz4qHpfu/Gc/nn9sP/3vztD9lv W8D89h+2j/UAjv9845uqCvlDkRdngfx8eHSYfYus2O/jiWfBV5WZ960rsrKustBk//3n5mu3+mHt Kg+td2XVRH8frx3CsFaR1WW7XSV3rkN7KMruie6rzOruyQe/G+/wX7li9yEvx329+8OP5/kWmX9L mq8jmNswfEV/P4J5DJurduywg3m0VtUxbHMCtuPx0bvs5/kWmV/CbITnCMwxGGJ0WQLPp2n9/Xg8 Cc+neSPGS8cwLyhLrct8p9XKrHRN5lCUFhbj4H23tO8+2BS4+IvqbUERzVuoKLYKo607FZ658mWd Tzqt6HbfY2D6kYhWfJ548P3T5u3HKnN59vQ16yF40/946qF+4zuN3mRPv2R/3AL1p+zp183WCAwD fjdQHwbCbqA5DBTyE/0cH57GeJ6n5p8nHty9kNsaolNv5JqqeyNfdNx2BE0t36ihb1QcBh7lJ2o5 0OwGyolVfpIDH+QjHwXuXS5BBzhgWTkHLOsce1vXUJJL0D1ASh/BZVuKMTkpQgqTwtvCpIBCjg9J ffeeDSRQn8KBpKzouwDDAI8BgugnPLA2lRfOdPjITwLrMMDZYRjYaaLzVYqPoxkoU1JYOUaAy4AP 1aQ6EyO+KhhGYGGAlctujzMX4lhUqF1UM+9MmKTomSSU6cSh6t3VUpvDpPJtivq0DEzJEaAItFew lKNSOArnmWbQo/KR8IEab25XgM/gEWArakb0hJjCx3w5uxCneifh4BpQAgZ6ltt716/STrwtB4xb 8wRlRnHo/Ox1E3TmwgqwelGA67iRoO8SPE8YiKDVSN81pvruvhUx5yFEMvXWuO7myosbFW7cuNnR +OIcdDCyoIip6UIUWhhZblOBlDApMK6atY00SLvXqdJ4JfjZgBG6fUPaUT7kUqdg/xi5z929tMUx VhMIDigC00yNygnTzGcFSeQ+AjAAPMJ9NcWWn1udq/XlLf2f0s3gb+AITdwIDDE35sARjwJH6FVx kyDh4JsGDhgaLxnywkcs96qlv4eRE83o1fhuikATmEigC99DzLd3XAw1nplaYmYpd+BCeAQYl/qh YO5NII2IqZF+KC5tu3gWha5iQm5QKUaumkTztRjVBFmVqyi0G0oAgA5iRbczGu9ukYBXQjKKk5sr QL535xIB5g/c7ktronLduJuR05z3wDdhmLbop20nyAkioVCjfOM1n+H1OyBZKfHQVwDmuyKYYv+7 qJ6IfCqloiJhgZ5uZZRwbXtMOEftPQ6AXn48iY5slcIRH8QbJYRF+NYLuFeT05zvBBc9NZw7jPQi 7vL9SPhJihpsceS0wctJ8hJG6Cxc7WPunwo9mr0pYdOzSRGExkqIrynYZH5sFH0HnvijMWvcs/Aa hFRC2MaOEqyeTTHIYLE6/TcIVj+t8wcpgeIPQAnUC72TGIBsKcVAALSCVlCAGmBTJkH1kmk8KJZF QMV1H6UuQljlHsx/lGg18WuqHZNUrkhX4alJyYnUJxe9hBoEHk4CM3ix9Egvi5V/kUW0Rg7oK82T fy+BhUlOmL1KsHiA7eA7xuIwR0IMBaxeQlUBGFfQNTR0kbDJXCTsBFiWmsXLTwA1kbw2bgCwHjdq NGeaEN3hmTkedeAWe5ESUDAkC+ZdpxiztlQ9RZGMM5tqniVC97GCp7MjE7XAEa9oVdQ3GAQrY4XD U0IzPzRr4ubynRHQX5GJ51FlRQEAjWUmlDsq0j8G5S4Jexq++6K1+YrKlEsl6pdwZzWQRrShkXIv 2xjwCYcTLFKIkUpNc0U9vG/9oqjvUdibisIeCGcYhR35qVDZAb69XHaoU5vYDiAc4LgCYPyAGMRV 8pOkzVaJKIdQHlPnHlG+R5SRTcrghRBfeUTZyNq0cTF+BWHoKVG7R5QlqPeIch9Rrg/H2leJKCd4 sR8NdUJ9OFD6Y0Vy0VZ66SHFApVTVo7H+/lWHyaVTjhWOi0RHrwHvyXa4agHEBd86vn+JVJKARiP 23J+uOHwaUJ8ESiV6vIY6dXDqfTztsdnQBKcgGQJA6Y5U3yZGPRKmZx1nN57UJpAuojKvPIM2yxP 5q7tDbV9OYOrltX2ZXwdi4zBouHwet/J4B4Ov6lw+IFw64TDBxzz2PaFCptrd4yV2wtDnynQoaiF QC8TzNY0HzCxcxY1EQZ+oCbKgQE1+QhqTsCZom+GwaEgrBqRkZIEpxa0CwQlLUsl68ZFBZhXHyh4 hu+27ommtRJNvq/HOvDAtSea7kcXoqtYJGLuCSB9AshIHbfVy0KrppEa56K8x1vIRuTZBiWN36ME fAeJkgI0+AkPBArC6bRI9AQ7wM8DT52Qv7V9VnNMKij3wfw0sDMoAX8SHdk6e6Qg3uj29khT0UZa 72zRAiwhkD4/xqsp571U0Kvo671GYnGZuPjrajN0203DBqNX+JdpLdpM8YNGCqddrqLpCaxoRcPV Dt+4Sy5LSAvxRpOLNAC8oWycCf+Xu9LHpt5TBjhVEfJWsD/vGcQrOBJyzxZHL16Vcr9UDznF0Qx4 W4Xm4iGLRVhqfkkERmygrmp+pZGmBAAKrWhbLoWbemXnsM7VuWU4Vro8B5HQQpa22bfAmevZbjJk KwecSYHqYKiafQ5t/naIt6FDxqO8GmbFXqI7+mqXOG0Pp9lBFIFY706bv6mBUg5A8kNmUiFUCJ8A wAIMSLYagkRTLwfxjEjPixGp5KTDISkjyhzOUFPKFDSljQUqNDqTfNRqKoIJoEsewmUhZg3Lpobz JgbQisDbRvr/Tbx+QthbzuFhWXgXCBMDPiikCAewg5wUl6UoDNKpKOFI4CLFGRSFSGzFaUY5oDki CQxDKQeTQr7CMBA7gVPg0wCCPLpA5XDV5jjwfPr3o1Bvwud5IHjmojtt3G4v8Dx57dnuskz3YiVB CqAgDaxkwmESCLQMeatDQhx9jYjkjLyvWg70NKwmdB7fOAz5Fy/5bzzi5MIwrYQEMdBKtw+EBzCA AwAaIglwQg/2DLvNMXHgdSLnNqZOdgDSYLPwQQCC5reUn6BHbgZjMkYRYAQQHwH1MnmcnZse8pVv mEM3nVcnwAbaoimx3HPxe3sSsknU5vLuObgZ5FVuiqt+FFEbgwNzCfe40TAObn15MlGRGIL4EhSs rXLhIL9QN+GgwiIN5+ZnG5ELebJVUQoOAsT1GD/YeD0hqSYXevuiOtciVhTyQ731Kno64cINHk3m p3IjjkgZR7umUxonP70pyCIfgaDz69ZAg65zGOxmEoc8TZZw3/r8O+000mCBU8UZRX6Dn8I1VJxi nC9Ra90/Xvr2WMUmlOJzLQS8nJCvV6SnFZ0PoIABPgHRpcjdUjamrYmzFc0kJ/A7T7XzXKLiXlQI pfIaAC6qi6TJeRDpflsdQeGVVBokeBj8YmGQdcXJHZAGKJpRnIdS3AE8f3dtVLxZt0K1cVGev8NS 7OMSKiD5I4rN8jolDpHggY2Z2l/wezvhlYQiMouDe3zno7ibksfBFFUjNESTUCS0iNCBWlbsFrh5 gGZc81Go2fYrNBtgjCOIlxRza6CI+tlVrgbn97eFGXhct6OmfugosEXfjXViKZqrjem2Z5nIuuIC TXgE6lT4WUUe0L+WlvqvKssYoA1EhJNNal1HavrmkoY2Zio0L4jPJWQWxd98v5Fw8nEJR/dakteK syEJVnl+9Im75Jo76HljBYv7o7hLbnCdtEl/i/nnzSx8EJSxoRSaN0yDEqA52yuF66cpmeAdjOw6 e56rdIv8WOtq+oOixuRZAEUKxzDj7coQQzQewVPcp2VxgORK3PJ1dOg6h9SWSRwY+FgrJWN4GJxn qxNSj4qioSvJo59xamsqWAItgThknEPUCd6zL4HJj1XoiSY0XP+ntjGwUfdVE8P86xJ4TbdF7D0H ReEKHFocj53fw1KTB13CuC/Ti40TVxFB+JFrmU0uZFV03eZXMvIjugYvxxPnsXoOk6OiwRfCqI7W gQEuIFc74C1xVpbpOIMjdhCWijT5hRDqaA56vjghKg/EjIBuhLN6Bp9RnCESIzuk0QAcReIHSjmk y+KsseSz6x2wxFnI7/psNs7cDD5bYmBe0w32NuE6+NkYRddqJQw1rxH9i5W5WfYpySHxDHsz2usE +xBI6uIAUJdf5waQAnVpkwXedkDR/AL3AICPSJ7ZiIeq69AhRm9T/1D6vZ0Bye1YeO6O3wfuA7MG bof5b89nLvIfcm8GTgU4JhzN8hEHXW14Y1/FwGv0mKdIeRkhQ4a5HeZf3bM7tJ0q2+ELtJH8t4Qe VvHJdqqtit171t9qUO3bOhY97Id2Pngrkpd5KAfNl+AjAwbG2axeIqDg4TBQjHR39509dy/sqh3k w48v37X9gz5lnzb/B5j1nr5lbmRzdHJlYW0KZW5kb2JqCjQ0NSAwIG9iagozNDc3CmVuZG9iago0 NDkgMCBvYmoKWzIzIC9YWVogNDcuNTE5OTk5OSAgCjU1MC42Mzk5OTkgIDBdCmVuZG9iago0NTAg MCBvYmoKWzIzIC9YWVogNDcuNTE5OTk5OSAgCjQ0OS44Mzk5OTkgIDBdCmVuZG9iago0NTEgMCBv YmoKWzIzIC9YWVogNDcuNTE5OTk5OSAgCjU4MC4zOTk5OTkgIDBdCmVuZG9iago0NTIgMCBvYmoK WzIzIC9YWVogNDcuNTE5OTk5OSAgCjQ3OS41OTk5OTkgIDBdCmVuZG9iago0NTMgMCBvYmoKPDwK L1R5cGUgL0Fubm90Ci9TdWJ0eXBlIC9MaW5rCi9SZWN0IFsxNzMuMjgwMDAwICA3MDUuMTk5OTk5 ICAyMTkuMzYwMDAwICA3MTUuNzU5OTk5IF0KL0JvcmRlciBbMCAwIDBdCi9EZXN0IC9maWxlIzNh IzJmIzJmIzJmdmFyIzJmdG1wIzJmQ0dJdGVtcDUwNzI5LmRpciMyZmRyYWZ0IzJkaWV0ZiMyZG9h dXRoIzJkdjIuaHRtbC5odG1sIzIzRmlndXJlIzJkNQo+PgplbmRvYmoKNDU0IDAgb2JqCjw8Ci9U eXBlIC9Bbm5vdAovU3VidHlwZSAvTGluawovUmVjdCBbNTIyLjcyMDAwMCAgNTQ2Ljc5OTk5OSAg NTQzLjg0MDAwMCAgNTU0LjQ3OTk5OSBdCi9Cb3JkZXIgWzAgMCAwXQovRGVzdCAvZmlsZSMzYSMy ZiMyZiMyZnZhciMyZnRtcCMyZkNHSXRlbXA1MDcyOS5kaXIjMmZkcmFmdCMyZGlldGYjMmRvYXV0 aCMyZHYyLmh0bWwuaHRtbCMyM3RvYwo+PgplbmRvYmoKNDU1IDAgb2JqCjw8Ci9UeXBlIC9Bbm5v dAovU3VidHlwZSAvTGluawovUmVjdCBbNTIyLjcyMDAwMCAgNDQ1Ljk5OTk5OSAgNTQzLjg0MDAw MCAgNDUzLjY3OTk5OSBdCi9Cb3JkZXIgWzAgMCAwXQovRGVzdCAvZmlsZSMzYSMyZiMyZiMyZnZh ciMyZnRtcCMyZkNHSXRlbXA1MDcyOS5kaXIjMmZkcmFmdCMyZGlldGYjMmRvYXV0aCMyZHYyLmh0 bWwuaHRtbCMyM3RvYwo+PgplbmRvYmoKNDU2IDAgb2JqCjw8Ci9UeXBlIC9Bbm5vdAovU3VidHlw ZSAvTGluawovUmVjdCBbMzI4LjgwMDAwMCAgNDAxLjgzOTk5OSAgNDk3Ljc1OTk5OSAgNDEyLjM5 OTk5OSBdCi9Cb3JkZXIgWzAgMCAwXQovRGVzdCAvZmlsZSMzYSMyZiMyZiMyZnZhciMyZnRtcCMy ZkNHSXRlbXA1MDcyOS5kaXIjMmZkcmFmdCMyZGlldGYjMmRvYXV0aCMyZHYyLmh0bWwuaHRtbCMy M1czQy5SRUMjMmRodG1sNDAxIzJkMTk5OTEyMjQKPj4KZW5kb2JqCjQ1NyAwIG9iago8PAovVHlw ZSAvQW5ub3QKL1N1YnR5cGUgL0xpbmsKL1JlY3QgWzQwNi41NjAwMDAgIDI4Ni42Mzk5OTkgIDQ2 OC45NTk5OTkgIDI5Ny4xOTk5OTkgXQovQm9yZGVyIFswIDAgMF0KL0Rlc3QgL2ZpbGUjM2EjMmYj MmYjMmZ2YXIjMmZ0bXAjMmZDR0l0ZW1wNTA3MjkuZGlyIzJmZHJhZnQjMmRpZXRmIzJkb2F1dGgj MmR2Mi5odG1sLmh0bWwjMjNzY29wZQo+PgplbmRvYmoKNDU4IDAgb2JqCjw8Ci9UeXBlIC9Bbm5v dAovU3VidHlwZSAvTGluawovUmVjdCBbMTMwLjA3OTk5OSAgMjQyLjQ3OTk5OSAgMjAzLjAzOTk5 OSAgMjUzLjAzOTk5OSBdCi9Cb3JkZXIgWzAgMCAwXQovRGVzdCAvZmlsZSMzYSMyZiMyZiMyZnZh ciMyZnRtcCMyZkNHSXRlbXA1MDcyOS5kaXIjMmZkcmFmdCMyZGlldGYjMmRvYXV0aCMyZHYyLmh0 bWwuaHRtbCMyM3Rva2VuIzJkZW5kcG9pbnQjMmRhdXRoCj4+CmVuZG9iago0NDggMCBvYmoKPDwK L1R5cGUgL1BhZ2UKL1BhcmVudCAyIDAgUgovQ29udGVudHMgNDU5IDAgUgovUmVzb3VyY2VzIDQ2 MSAwIFIKL0Fubm90cyA0NjIgMCBSCi9NZWRpYUJveCBbMCAwIDU5NSA4NDJdCj4+CmVuZG9iago0 NjEgMCBvYmoKPDwKL0NvbG9yU3BhY2UgPDwKL1BDU3AgNCAwIFIKL0NTcCAvRGV2aWNlUkdCCi9D U3BnIC9EZXZpY2VHcmF5Cj4+Ci9FeHRHU3RhdGUgPDwKL0dTYSAzIDAgUgo+PgovUGF0dGVybiA8 PAo+PgovRm9udCA8PAovRjYgNiAwIFIKL0YxNTAgMTUwIDAgUgovRjEwIDEwIDAgUgovRjkgOSAw IFIKL0YyNDQgMjQ0IDAgUgo+PgovWE9iamVjdCA8PAo+Pgo+PgplbmRvYmoKNDYyIDAgb2JqClsg NDUzIDAgUiA0NTQgMCBSIDQ1NSAwIFIgNDU2IDAgUiA0NTcgMCBSIDQ1OCAwIFIgXQplbmRvYmoK NDU5IDAgb2JqCjw8Ci9MZW5ndGggNDYwIDAgUgovRmlsdGVyIC9GbGF0ZURlY29kZQo+PgpzdHJl YW0KeJztXUtv5LgRvvev0HmB8YgviQSCAGOPJ0AOAYwxkMMih8CbyWJhL+LsIX8/akmtpuprqig1 pZba7caMZbZEFuvNYrH0+S/f/5n9+4/s88P3/2Qv7e+H77v8Ljeu+cny6vPJb5D2Tsl8/5NZoe6K sm59edu9Z++7p91T9f/7ThT1g+2v6svDEHn9+ePl993nZvBd0/L94W/V1f8ymf21+vdb9vM/qsZf 2v72N7ztrCsqOPJcqOrPV/9PIZ2pIKmuq/ac/rm/+dfd33/Kft8DJu9sDbxoAPT//CSdK5S5k7k+ C+T346Nt73tkha79jkfBV5hMKp27zMg8K13233/tflSjLzK2E9XYRqrMCJsJHLrIlZPCFDZ47Q+t VDuUzrRoqJoXFcWVNnsy5rmp2svmnmJP+kLoO10BJmm7LCsIm/aun9dA/3uu+OHB7FT7E7zuwezD ZpvrGmZ/LGf3YCJsvXZvLl0/r4H+KcyJ8ByAOQRDiC5z4Pk0rd/67VF4Ps0bIV5KhGdjVVFf2z4/ G6tdfW37MJD2Dmavn9dA/8n42VTj1nizfd4wttwrgBOw9dq9uXT9vAb6nwnPAZhDMIToMgeeT9P6 rd8ehefTvBHipT7MM5slLWWlArTNnEXbcPAkHNjVceNoXdmgUlfDVSbIHMZ5mmbkRf3xgWlaAkb+ feDB++fd529FJvLs+UfWQPCp+fXcQP2pAtsU2fMv2Z/2QP05e/5tt/dp2gZZN5THBlU32GODpnc0 fTw+t/OfCde2LLaIa2vLmXA90UN8H3iwnpAwFSLVySm5/Yy0JNBYCh5MYOiOtTRsBlJp6B3fSIOg c8EGS/u4pw0PdNiCA0zQR6APIblO4Q6R004dbfjK4oPeAfi4FEsBToEuMNsvoymHCHrkMBaBZDos EiqAj1p5na+FlElICGBdYBlAwBROvSItdGvYSsMiLCWoSgHxQGMAapp9JCE+EmkhszZCzMIyAjQZ eKrQQL0U9A7K8Z3yDayJFXwDaHbWn0InDeCg9lLCKLxBgU5TYGyOBmSY7TD/kiKWSAsVKX2h1TTM AimoJepxS9boCKq4JLjgKdxndhWDgEEDrLdgfcEu0VDXwQpkGeUH5mItLLXhhqRayI4YGFy9lRgu bABI10K7W8NWG7bD/EuKWJwWCoXbhauVkNlrKB/tx3B76+cX1MIe71CNzfHC7V9pQ2P7DLVbEKE/ dirpHbqZvw4/ArYPRhGKzuV+NOhtFLAYMRf08xuj7I53WAopdApwwPQN7eOBmz42AGCAIICDjoLT h+0Ynh0AdLiDYqx1Hj3AKJ8iPgCFwB+sNEAfgDHEqRjjPoS8ByNrwdWu36uHEF5faiJSLZY1hd2b XWBPwIU7RTrQTnEU6rQKoLY9LZbAl3bgkdjl99BczvMNQ8SVJifUHQ+JoKosAs1swAoJAYABmhPw IbIdz0M8p7IohPUWQsozJqAQ1rC0D6VS8FBR1CxUHjbSWzPtQVYQhKgkiknkzcBOJtRMKN48Z8LC H5bCtFMQmQjAWDZDFQGdwuSAzSBUAo9QOCR4ZcDua5F2XlFR0BFSQDIABsOy+iBicqxahj4icMpb P5aDEB8QsWr6EANIRcigEzA6rAlFVoZOwRmGBiBdYK/eDAD2JZ2SLfKgkpVf51SyhUypZC8kiLxu V5B5wW6C8YY5QhBZdo94BHDK2hie/yPUMJglujqMoBzvlrFW6ISWmcOEoLMPDMKPwuoQtKBgY/lF B0gQoIynw3h7gN4A+4i6p7Ndkg0T6UdVMuMMmC60VIGUuaHlIO+GwD46BFSSLCmFNQQjy6wgEyyy ZnEyI1YUvH/MkxvEHQwErGR5MeNB5xcyFDBeQ0T4dus1EB9r/fiFjkKHVQ35hRiB1LSa2cgwB4CM gNVYiVa5kOvaZgoAfc+NOirXJ82GV/dJPMIE+h5VwoS4NGsR5oll3BxzhvqXccyTRi6KcORi1vBw YZOGh29slp7NPrZKvSbbNyFMiwzDLlwiNhjWSqiPsDxIpLddGZzNZlbUIf85rQihPMDyeBmp4wHj I84TVi23cHp/cp7bdjzs31RlyutCDqeve0fUI+7nD7CPHLTWC25fQuDUmrHWCmXnRuI5ABqLkJAI D3fA+V42noENTR9+gCOQdAeGw1H2g31GL0Hs8bRseXwAGfmB1CXgetDxA0lW7QkFf7oQiaD+PCIE eJi31+DyQBImhV0AHBMmA5BJQBGLRJydl3czW5mI4Xy+0tkDMCk2dCP2+MeviyIMDN8pGxgGi4MR PT47C8Ii8Ai/uLjM9sRCKwWgbaC0wlBeJb+PdPPh+3DMkiK2XXd8goPKb6OGTMYA9aN9/HNDb81S ytP1seyfJGfcdoc90DUGJgIcwab4BP5n10ERCJnAIjBbdi6ID35NlyJcNSFIyLvI280Q0w2knkOo GzdT5F2Lool2OF+YDZ+swAsIEJPPPLzlNzDqn1fME6zwyqMP56p2S3T7MimByKmBbN40lkseLCZv 7qdMZhFvOEIOrzhSZDunJ0WkKFTn7bxIERa+g3UCG4/A4ELAHg9FLKBkYYCnVxMYumToxMmkRyEv dChlSjJUglD8WjKbJoTi5wkmLGM9N5+UPOQsAeirzQ3eznFTvmopew56UlCYP3A2k1vb1KfwdDt/ OC4Wz0lcUqf12ZxIrWbP09Kn3bvgXTHWNWIApnZRWZLJ020vKO4FDRG1YsH9nqPgLvihkvf2aD0w vgH6wJpifC1psLgBwR1ajo0vyItkANqytSDbOy7jHyotCLeOtwCo8HhPLWRnzw0fV83D04nOXkmj Aot4tzJie22CRYNOx9uvKb4ZHyyfxeMZH07HaCkskSRUD6JFelBhpTl0oC1hotgaK4mdwEcWR9AA tZjXu4xKEdqFE9RQUAkKO4HpYEUEOk1ZDcXZLvrEZyTwAWOKEF1yhEGUBfagkmRrVq7dIRwsNVU0 lHe1oQKAakPSM8F8t6175csVG6PTzR0QGhtYkEWUxV5qV4kPTU9I6E8XKNngakNJQbgZpGbJl7lc yIutD3B7SEh4DkhXejgkSMtWn0mk99TBN96U3rtVyuJmy7vtqymelFI6uzqAl62elEg4i5twfkzh vMLaXzovXRDUydl0iQTNdREiECNcukJEgIoVdqIkiBEcGoaNo2US1Tac2TghlWmZU1FriWWwSiMi 04/HB59QB4EqPgeZL6GzUDkoUxqiIpLoxDoirEVXlhCUyDIScqnjFJPDPUPSPiHTmVd2EMzm85gv ky7KK92IRcF2WQrdnfHab57zvrwquxDGrigTGmt2xzL/uXpcFX1FPsFTxxJzsNU8ITeWVwcThD1J hYTW9h0LLG64XkqCKjVJ3EWAg5dlPjTD4xBL8gtyR0QJie0anZl2RrYsEDyp2Hy/RUuwnanLtMtn UGa3ClvDcjfn4RktjhU3N7MaXux9O9L1UZR0Ndy94RGSbKasZcCKQqf8bgW+gwbsCuQrXrPBW+rY xcdKVr/ujKp0ieijHIDxaUoR5955NQQeMqR6AZMFjsRNsJDnqmFj+3qYN+9o79hdt+h8uTRGxR1e Xo4xAt5CjOcqlG6+EB2/Y8jnTrHSzivqKcfh+GETpJAnKUjAW3JeDvl9Wn7PmdUpEUKXojIAGD/I J6VL+XEJpsOv89b7Guo92+ZhBNQ/Pd8rwKZQU4bviIdOgZeBqVK8Vh6GpWe1AVJsoNMH0BVN0VN0 LmrUAomjndHxtIOz6SCINAsFCAFpKTAKJi3y9RYgE5J9BLCKx3cCh0y9O4BT2fNeMArCwZ88GhW5 5ehfxMtuHigNMSR3LMugHQrYkAFCJDkSxzMmzIVNwI043gejBNwBj2XgsFqgIId3B0wfhmWRrEAd 0NkqYO6AszskMXRyGuQSKAepb4Ax9o4Jc9EUDkUpp0edueUE1cYramQIFs0gQhH2kA2pgflTYDEB MCA3K5e3c7hMw+0cbjoxVCJeDBVv6/jKyeD9sb7uBCFTlDKXPWziNQR2XIaG5d1FQDLr2fEY01C4 CGZL6YLqgOV2ZG4oGbwSygGCwHtEhwKoDxaVIhn6SLl7pI7nc2/v6+ljea27iWl28f3oSMyZN4Fn 3oTMs4qDKqftrbs2d6Li4EwIV19UBmXfWlQNtr16qSAv7qwzWuXdl0X/4aLtt763vpb1Exl5VHb9 yvre3qDVly1Qh4c7eF92v+7uf5rrRJ9Q9bFG1R1KvlDKzFp24bacH5JCTaSIIF9z5u8ybDkhCh1B lwS0jdjp4yP7K0mMjyj7ki41+tzTVI2a1seD17d86mGDcoX51HMn+qXLYr4Z2OD0P0JG8vmOuhZH R12LU466FgdHfX9FHPXmy6L/cNH2e3DUtTjlqFetXb/gqNdftkD1HPWm3wUcdS3sFQjShNq3m8nj m/DKxdta5yKqePyhxoj3TPGkhAQL3lOBXft0Lw8lFf6Na39Qa5PvIir3hzurdV0RUnW2LrhrjhVH oDr8t9NOlZ/nCVGlJtx7fG+igFctgjk7vWE4dV7KkXK9WhCQdENGAXE7qK6P9Q48O40hNnW6l7Ez q+xP6LBGYUhBUJEUd7rM+/0LqM/mKH0fAZlUbNoQp1cqAl47YBIjyqh8VkQZRQlhyJQklQy+AfrA 0iy0AVAb2H2fzBBO9YsHSKokUL7Bs6YsA3ql3WiBF7YOKA2UWJDP0yGByepSqf7BkQ1hAtax9A5f /qpP9l5hTBT11NtfL29T6+A9ZU+7/wP5CvbUZW5kc3RyZWFtCmVuZG9iago0NjAgMCBvYmoKMzU1 OAplbmRvYmoKNDY0IDAgb2JqClsyNCAvWFlaIDQ3LjUxOTk5OTkgIAo3MDYuMTU5OTk5ICAwXQpl bmRvYmoKNDY1IDAgb2JqClsyNCAvWFlaIDQ3LjUxOTk5OTkgIAo3MzYuODc5OTk5ICAwXQplbmRv YmoKNDY2IDAgb2JqClsyNCAvWFlaIDQ3LjUxOTk5OTkgIAo0OC41NTk5OTk5ICAwXQplbmRvYmoK NDY3IDAgb2JqClsyNCAvWFlaIDQ3LjUxOTk5OTkgIAoyODMuNzU5OTk5ICAwXQplbmRvYmoKNDY4 IDAgb2JqClsyNCAvWFlaIDQ3LjUxOTk5OTkgIAo0MDguNTU5OTk5ICAwXQplbmRvYmoKNDY5IDAg b2JqClsyNCAvWFlaIDQ3LjUxOTk5OTkgIAo0MzguMzE5OTk5ICAwXQplbmRvYmoKNDcwIDAgb2Jq Cjw8Ci9UeXBlIC9Bbm5vdAovU3VidHlwZSAvTGluawovUmVjdCBbNTIyLjcyMDAwMCAgNzAyLjMx OTk5OSAgNTQzLjg0MDAwMCAgNzA5Ljk5OTk5OSBdCi9Cb3JkZXIgWzAgMCAwXQovRGVzdCAvZmls ZSMzYSMyZiMyZiMyZnZhciMyZnRtcCMyZkNHSXRlbXA1MDcyOS5kaXIjMmZkcmFmdCMyZGlldGYj MmRvYXV0aCMyZHYyLmh0bWwuaHRtbCMyM3RvYwo+PgplbmRvYmoKNDcxIDAgb2JqCjw8Ci9UeXBl IC9Bbm5vdAovU3VidHlwZSAvTGluawovUmVjdCBbMzA3LjY4MDAwMCAgNjU4LjE1OTk5OSAgMzcw LjA3OTk5OSAgNjY4LjcxOTk5OSBdCi9Cb3JkZXIgWzAgMCAwXQovRGVzdCAvZmlsZSMzYSMyZiMy ZiMyZnZhciMyZnRtcCMyZkNHSXRlbXA1MDcyOS5kaXIjMmZkcmFmdCMyZGlldGYjMmRvYXV0aCMy ZHYyLmh0bWwuaHRtbCMyM3Rva2VuIzJkcmVzcG9uc2UKPj4KZW5kb2JqCjQ3MiAwIG9iago8PAov VHlwZSAvQW5ub3QKL1N1YnR5cGUgL0xpbmsKL1JlY3QgWzY3LjY3OTk5OTkgIDYzNS4xMjAwMDAg IDEzMC4wNzk5OTkgIDY0NS42Nzk5OTkgXQovQm9yZGVyIFswIDAgMF0KL0Rlc3QgL2ZpbGUjM2Ej MmYjMmYjMmZ2YXIjMmZ0bXAjMmZDR0l0ZW1wNTA3MjkuZGlyIzJmZHJhZnQjMmRpZXRmIzJkb2F1 dGgjMmR2Mi5odG1sLmh0bWwjMjN0b2tlbiMyZGVycm9ycwo+PgplbmRvYmoKNDczIDAgb2JqCjw8 Ci9UeXBlIC9Bbm5vdAovU3VidHlwZSAvTGluawovUmVjdCBbNTIyLjcyMDAwMCAgNDA0LjcxOTk5 OSAgNTQzLjg0MDAwMCAgNDEyLjM5OTk5OSBdCi9Cb3JkZXIgWzAgMCAwXQovRGVzdCAvZmlsZSMz YSMyZiMyZiMyZnZhciMyZnRtcCMyZkNHSXRlbXA1MDcyOS5kaXIjMmZkcmFmdCMyZGlldGYjMmRv YXV0aCMyZHYyLmh0bWwuaHRtbCMyM3RvYwo+PgplbmRvYmoKNDc0IDAgb2JqCjw8Ci9UeXBlIC9B bm5vdAovU3VidHlwZSAvTGluawovUmVjdCBbMTczLjI4MDAwMCAgMTM4Ljc5OTk5OSAgMjE5LjM2 MDAwMCAgMTQ5LjM1OTk5OSBdCi9Cb3JkZXIgWzAgMCAwXQovRGVzdCAvZmlsZSMzYSMyZiMyZiMy ZnZhciMyZnRtcCMyZkNHSXRlbXA1MDcyOS5kaXIjMmZkcmFmdCMyZGlldGYjMmRvYXV0aCMyZHYy Lmh0bWwuaHRtbCMyM0ZpZ3VyZSMyZDYKPj4KZW5kb2JqCjQ2MyAwIG9iago8PAovVHlwZSAvUGFn ZQovUGFyZW50IDIgMCBSCi9Db250ZW50cyA0NzUgMCBSCi9SZXNvdXJjZXMgNDc3IDAgUgovQW5u b3RzIDQ3OCAwIFIKL01lZGlhQm94IFswIDAgNTk1IDg0Ml0KPj4KZW5kb2JqCjQ3NyAwIG9iago8 PAovQ29sb3JTcGFjZSA8PAovUENTcCA0IDAgUgovQ1NwIC9EZXZpY2VSR0IKL0NTcGcgL0Rldmlj ZUdyYXkKPj4KL0V4dEdTdGF0ZSA8PAovR1NhIDMgMCBSCj4+Ci9QYXR0ZXJuIDw8Cj4+Ci9Gb250 IDw8Ci9GNiA2IDAgUgovRjEwIDEwIDAgUgovRjkgOSAwIFIKL0YxNTAgMTUwIDAgUgo+PgovWE9i amVjdCA8PAo+Pgo+PgplbmRvYmoKNDc4IDAgb2JqClsgNDcwIDAgUiA0NzEgMCBSIDQ3MiAwIFIg NDczIDAgUiA0NzQgMCBSIF0KZW5kb2JqCjQ3NSAwIG9iago8PAovTGVuZ3RoIDQ3NiAwIFIKL0Zp bHRlciAvRmxhdGVEZWNvZGUKPj4Kc3RyZWFtCnic7V3Pb+O4Fb77r9B5gWREUqQloCgwycwU6KFA MAF6KHoost0Wi2TRdA/990tLsi29z/RH0ZRlZ5xgJvKzRL7f75F8pD796fs/in/9Xnx6/P6f4qX/ +/h9Vd6Xtul+itL/3g0Bur43utz8FLUy927dQl/eVu/F++pp9eT/f18p1z7Y//Ffbrso29/fX35b feo6X3WQ749/8Vf/K3TxZ//v1+Jvf/fAn/v2Nje8rerGeTzKUhn/8XX4UZmyVvfOX3t4KT9ubv73 6q8/Fb9tENP3dYu86hAcfrwzStu69pDqJJTf9496LEyjlXV18HrYsDE9PlXhv2tpKLUn3VS2vS6t h6+r+6qFex441X5QWsL1+l738F07r4H2N+z5ZYBzY/qf4PUI5yFuddtth/OgL//9RlSA2xg+oGXX zmugfYlzJj4HcA7hEJLLHHw+LOu3ETyOz4d1I6RLY5w7a9kYf+h6iPMke3O20NW6bAqzdoWq6+K/ //RdP+UQsrPea20um7ExOVt1qDdjBgj4jmGDdl4D7WczJmetaa+bsWI661wrHMBtBB/QsmvnNdB+ NmMa8zmAcwiHkFzm4PNhWb+N4VF8PqwbIV06mzE1qtBWeVZaVRcKTWlmO7YeUljtb/Th+Zydt3Tr tQnRnR4nTGnKVqQiHpuyMq0KCB86hu997r6d10D7+eKxKa1rcyQR20zpNhw7gNsQPqRl285roP18 8XjE5wDOIRxCcpmDz4dl/SbgMXw+rBshXRrjvE3LG0hSp9lsVfnga63/35uN3drNU1rGrNrfITId JJAxvx958OF59embTwfK4vmXosPgrvvz3GF959H2Huf55+IPG6T+WDz/utoMEHqAbgHrPcC0gHoP qOQdXRtfn3v6Z+J1U+lr5HVjzUy8jhluKSRI+SCjq0pvond/7W1IlZV3AappL1zTQj25PiZ0Vy8r pdx93Vh/8+5LN37Y9e2297bX6/aJYvyoXm/b9Vebe4edbr7sEdw+vMP3xZvyw0/HB5PvR9jSiktt hruH5KU8SXcberby0qVk/qMQj1pLiX4TANVIico2yroFWKoE1ZFHtHyEt/GVdatqSf4X2ehaAmSj 6kukhlfhXlR3R7MHKEotECd7UQ9MLkA+AiRiyCDgB6gDIAYc44KCRuEO4BhokFRcruuoHyBKqR/4 CNiLxFSDakMvgLokLgJTyTFjKabQKOVpAnHL6mkbZk73qFW9sEcFDQEfAwYCGkIxRWFSNnPVBc+u Ok1Vg2c+55CV1a2o1m5rAF+k0lBtTnH2PJJxu+OikohxTLlVRdACWgZOhTvq6XHbfKVhmod6oIX6 9gj3x20b/APH9JYcPZ+YHJmHySZ2KemTVpJB+dThVIdq1mOPinGKm1CGkII2lS9e5ok5jQrqHdVd zCimjwWqjstK7SFdq6rc2wiEQzXdRgATkCYdC6LP4J46h0OkgQpME8kHamlGEUGcVGbMwkDdeSIz PRwqR4XNrZ2KQWkWD7IEGe4gAMBTLpn78CBjSsqgz+IRlL6846yD1FP9o2rGDhKVavpskvosNYSn ZTjm4AOX84zKAvqfJTDZ0gXlyxN3HoemcyhldoSPsDmmdELFKPnIYFC6Xw/oqqDKduny8PVoFjvi fj4LPLHTVjGazSrDAb3QrtWLXUqnQYTgkD6ffgfKFABOZjAKbAksBVQYNAWog36VzIoeBaB3+9xy mnAvupbUcdw1x0zegeSaAzoMnmSm1YjOBblyvSUIBmmQC8yS+N3mUsZtzDKXMn2Oa56ZVC59mvZH ZJMLDXvpssmckwkXyI+zJGgLDem5RSFiCZY93V7yDAxcqcbRYU43nSWXdlqf17Xn8FyAGExp5DAZ 7rgTpqchOUiY0eZji4VEyaen+Yo4KDtfdwefAnM+fGWeO6p5PEZVOWGGgVHGqf3YatzPUnnrhaR2 SC2fjqQD9IQqEp4NRheN5IkHJhi6UvKhDAUv6AAWncHKO1yImEmaY0Bxy6jzK8xSGTV1qEgtXwHn Ky95opKpiNOJMFTOM76+l4HNmLnQhbYINidMBP0AWdjJ9W+d2lmRdOWJoPUO+44Dx2pAEuodQd6w CASKF7G0wL0ZLMfNMeGIaRl0m2MUdhZTNWaKUtngnEK71rjW1bYfUCJIGeTKhYY7ACCXA2AFxdQS IK0X7gDE+vKNwSMy3AMA2lBSIapJLoGx2TTRbMZ1CbA7SW8JxRhQRkofAT0DYRqQPyAmu9XfGLWl vAMaxV4gzIJVQYwAPIB8aJRyHXS5ktrel7xNabSSw1SkBRYQgTjw5RIPEBTww0h+GDBlMHagVqpU 9S2nTdl414U2JXnG2Yw8o6uSCZaLgwqq/tzIsFsITEALCBMw5TWhOqe4XbwLhbATmoUZqDe4HZgv Ak81C9+p64rW1Ex8b+L5bsuMHdcq3r4jUKOBB/iKAIiq4FclwIDiUTOCGh8ezIE4UE24A3KmigZA zDIgIgL59A4NMYLaLiaEEDNpAOQpgwHEILkBBoFlSgCIweY01VrHm2qKxcyhutxAEtLOBHvA1DVQ vnwkQvBMlWOaVyGqWV0o5xmaCHA1kDRM8qnA5ukO0oCDhHE3HVTmlZ2d15gp3zW42emigtTkYuMh BrfAdo7BHVSHDGQQcpYBiMMQCmoHeEhMDSAGUVdaDKQDMLoDX1aBxQAtINszx8P1wu5vlpABJoRO lk4IcMT4DAHeIXu5njAMPAXbxuFCYDMXD/aZlLueMC47VNn8QarzG7c18ojqfHoHr73vF1cH1en9 bAOsFPDtdI1UniMrhdhvn/a4I93IlaIURCQxOOqT9PONBL2JKh0mBroJobpkvX7TiIO1jpXT8cWx Gat4jtUs0UqYKyqtT0D9Q295OM+RPHxZE04TeqQMynDOz8VY1PUe6oS7chOqXPjGd+4tA72cWlzh qrEjj6hQgPySz3LQLZYhhchRO2JLtWsVt/YCo3kpPXdugYz7WKL1Q9WF4gZa8CFwXEoCtXOUXy7k U1OqYBdKSmbZxn0hScnlHLhTNUb4toUOYEmoP7yQ86Yy7viyfhgYDJh8L1aGLX850sOI+uzA+PhY Hg8nB/Iy+YQca3rNe0pZcIbAjjydMT28PKNb6gRcnk/wVIjHLTopHGGVtMI7OvM5OcTYsWuLCDFQ RgmbMWi2yAftKcNpSGP5fgZquREH5eQcxlRhZZ5+suptbxJRw4vdm4RTEjmGNREj44QQm7DrnEbU M7ny6QOuiL054Kf41CFn4WJDELcWfolvcOKHDMyShHEWJYib73fhwynoFmi5lBmafJu5bOm2R6R/ qHWj653lxkRmejKUcDQruMMEbzDTcbazrOlEpPYJK1gJ5yVAYRZHffpcQYQrW8YeFvIgKLlJLvV4 QYxVuygcUdzFneylAOjOxRvgBpgGuB7lP6eJZfJC1sYLAsqlL0VDrhjTG+BKADeVOsSPTF5o/SEF Adst6WnTCIBHYEhCSwAAMdxvyI8oSDihAfgBqMOWHWiD7mqPwGOZ4xaQ/OmhHhWGK38GJvOt8qE5 /7PzNKsXqnPmQksZ2RX7yxvgSgBnUSnF93jRbVD8kYvLhXR5aYKYJxfiNVU0F1IQuHgulACgIXaW ozigW9jimmPrcY4s5TyA0Cz58qp9KYCsXkjd5oVugBvgplKLeiEzoePrWSa4rZHdAJkB16P8l7dG 5orNnpwDBzbYtlxOOzNmOxzuPTjSQJYdGKgfhboMeOGplnfIbvtDd/Z39Ic/wZsPoYRiUDEBdwQq 22Ar0QDQCNR5txHUQo1RAh5ACzQKojRSlFTYyMIH2Us3HoU6pixFeVqedHlaUZ4s/sGSGrrvI6Im F2qwoBdeP8W3NCW8dvhiXoWkfU40lu50TCLqo4DN09+GMM92XfoO8Qgd4pqaYc9rhGICC2GFQ7Yx 7bT8YPa8OWrIGr19nwjuQJAn7ZgsjkmVXcfV7o0SOTzTQhu4r3iD/3TTve1QElz/oXYoZXkd5TKn F2R86+l5jjPI5GLtOsSRjAcznYprJXCNeO8nII/73GZxM+c53oo+AnYWcVgPT0yBuCx7g/osY70N 9pBlaLmNI2+WUe9MIEOWcYszS8SZD51TXc/pRREnfOTIEPjeycAponlf+5mwdXjZ17FfU2JSlfO+ SX0Qufan9Nqm/wGc5XcRR/6GG9vOFh+k3zj5aml476EWACya7FQV5pMHCvAg26glQEnjhm6dFIw9 qACpnOhfAGmvjxHqcNqbyghVN+OpPDzgWJJlYC9sCXthPwveIDuB8gFd/rd499Qp16LZ/3l5Sz2T +Kl4Wv0f86D1R2VuZHN0cmVhbQplbmRvYmoKNDc2IDAgb2JqCjMyMzEKZW5kb2JqCjQ4MCAwIG9i agpbMjUgL1hZWiA0Ny41MTk5OTk5ICAKNzQ0LjU1OTk5OSAgMF0KZW5kb2JqCjQ4MSAwIG9iagpb MjUgL1hZWiA0Ny41MTk5OTk5ICAKODAzLjExOTk5OSAgMF0KZW5kb2JqCjQ4MiAwIG9iagpbMjUg L1hZWiA0Ny41MTk5OTk5ICAKNzEzLjgzOTk5OSAgMF0KZW5kb2JqCjQ4MyAwIG9iagpbMjUgL1hZ WiA0Ny41MTk5OTk5ICAKNDA0LjcxOTk5OSAgMF0KZW5kb2JqCjQ4NCAwIG9iagpbMjUgL1hZWiA0 Ny41MTk5OTk5ICAKMzc0Ljk1OTk5OSAgMF0KZW5kb2JqCjQ4NSAwIG9iagpbMjUgL1hZWiA0Ny41 MTk5OTk5ICAKODcuOTE5OTk5OSAgMF0KZW5kb2JqCjQ4NiAwIG9iagpbMjUgL1hZWiA0Ny41MTk5 OTk5ICAKMTE4LjYzOTk5OSAgMF0KZW5kb2JqCjQ4NyAwIG9iago8PAovVHlwZSAvQW5ub3QKL1N1 YnR5cGUgL0xpbmsKL1JlY3QgWzUyMi43MjAwMDAgIDc5OS4yNzk5OTkgIDU0My44NDAwMDAgIDgw Ni45NTk5OTkgXQovQm9yZGVyIFswIDAgMF0KL0Rlc3QgL2ZpbGUjM2EjMmYjMmYjMmZ2YXIjMmZ0 bXAjMmZDR0l0ZW1wNTA3MjkuZGlyIzJmZHJhZnQjMmRpZXRmIzJkb2F1dGgjMmR2Mi5odG1sLmh0 bWwjMjN0b2MKPj4KZW5kb2JqCjQ4OCAwIG9iago8PAovVHlwZSAvQW5ub3QKL1N1YnR5cGUgL0xp bmsKL1JlY3QgWzUyMi43MjAwMDAgIDcxMCAgNTQzLjg0MDAwMCAgNzE3LjY3OTk5OSBdCi9Cb3Jk ZXIgWzAgMCAwXQovRGVzdCAvZmlsZSMzYSMyZiMyZiMyZnZhciMyZnRtcCMyZkNHSXRlbXA1MDcy OS5kaXIjMmZkcmFmdCMyZGlldGYjMmRvYXV0aCMyZHYyLmh0bWwuaHRtbCMyM3RvYwo+PgplbmRv YmoKNDg5IDAgb2JqCjw8Ci9UeXBlIC9Bbm5vdAovU3VidHlwZSAvTGluawovUmVjdCBbMzI4Ljgw MDAwMCAgNjY1LjgzOTk5OSAgNDk3Ljc1OTk5OSAgNjc2LjM5OTk5OSBdCi9Cb3JkZXIgWzAgMCAw XQovRGVzdCAvZmlsZSMzYSMyZiMyZiMyZnZhciMyZnRtcCMyZkNHSXRlbXA1MDcyOS5kaXIjMmZk cmFmdCMyZGlldGYjMmRvYXV0aCMyZHYyLmh0bWwuaHRtbCMyM1czQy5SRUMjMmRodG1sNDAxIzJk MTk5OTEyMjQKPj4KZW5kb2JqCjQ5MCAwIG9iago8PAovVHlwZSAvQW5ub3QKL1N1YnR5cGUgL0xp bmsKL1JlY3QgWzQwNi41NjAwMDAgIDU5Ni43MTk5OTkgIDQ2OC45NTk5OTkgIDYwNy4yNzk5OTkg XQovQm9yZGVyIFswIDAgMF0KL0Rlc3QgL2ZpbGUjM2EjMmYjMmYjMmZ2YXIjMmZ0bXAjMmZDR0l0 ZW1wNTA3MjkuZGlyIzJmZHJhZnQjMmRpZXRmIzJkb2F1dGgjMmR2Mi5odG1sLmh0bWwjMjNzY29w ZQo+PgplbmRvYmoKNDkxIDAgb2JqCjw8Ci9UeXBlIC9Bbm5vdAovU3VidHlwZSAvTGluawovUmVj dCBbNDM0LjM5OTk5OSAgNTc1LjU5OTk5OSAgNTA3LjM1OTk5OSAgNTg2LjE1OTk5OSBdCi9Cb3Jk ZXIgWzAgMCAwXQovRGVzdCAvZmlsZSMzYSMyZiMyZiMyZnZhciMyZnRtcCMyZkNHSXRlbXA1MDcy OS5kaXIjMmZkcmFmdCMyZGlldGYjMmRvYXV0aCMyZHYyLmh0bWwuaHRtbCMyM3Rva2VuIzJkZW5k cG9pbnQjMmRhdXRoCj4+CmVuZG9iago0OTIgMCBvYmoKPDwKL1R5cGUgL0Fubm90Ci9TdWJ0eXBl IC9MaW5rCi9SZWN0IFs1MjIuNzIwMDAwICAzNzEuMTE5OTk5ICA1NDMuODQwMDAwICAzNzguNzk5 OTk5IF0KL0JvcmRlciBbMCAwIDBdCi9EZXN0IC9maWxlIzNhIzJmIzJmIzJmdmFyIzJmdG1wIzJm Q0dJdGVtcDUwNzI5LmRpciMyZmRyYWZ0IzJkaWV0ZiMyZG9hdXRoIzJkdjIuaHRtbC5odG1sIzIz dG9jCj4+CmVuZG9iago0OTMgMCBvYmoKPDwKL1R5cGUgL0Fubm90Ci9TdWJ0eXBlIC9MaW5rCi9S ZWN0IFsxNzUuMTk5OTk5ICAzMjYuOTU5OTk5ICAyMzcuNTk5OTk5ICAzMzcuNTE5OTk5IF0KL0Jv cmRlciBbMCAwIDBdCi9EZXN0IC9maWxlIzNhIzJmIzJmIzJmdmFyIzJmdG1wIzJmQ0dJdGVtcDUw NzI5LmRpciMyZmRyYWZ0IzJkaWV0ZiMyZG9hdXRoIzJkdjIuaHRtbC5odG1sIzIzdG9rZW4jMmRy ZXNwb25zZQo+PgplbmRvYmoKNDk0IDAgb2JqCjw8Ci9UeXBlIC9Bbm5vdAovU3VidHlwZSAvTGlu awovUmVjdCBbMTMwLjA3OTk5OSAgMzAzLjkxOTk5OSAgMTkyLjQ3OTk5OSAgMzE0LjQ3OTk5OSBd Ci9Cb3JkZXIgWzAgMCAwXQovRGVzdCAvZmlsZSMzYSMyZiMyZiMyZnZhciMyZnRtcCMyZkNHSXRl bXA1MDcyOS5kaXIjMmZkcmFmdCMyZGlldGYjMmRvYXV0aCMyZHYyLmh0bWwuaHRtbCMyM3Rva2Vu IzJkZXJyb3JzCj4+CmVuZG9iago0OTUgMCBvYmoKPDwKL1R5cGUgL0Fubm90Ci9TdWJ0eXBlIC9M aW5rCi9SZWN0IFs1MjIuNzIwMDAwICA4NC4wNzk5OTk5ICA1NDMuODQwMDAwICA5MS43NTk5OTk5 IF0KL0JvcmRlciBbMCAwIDBdCi9EZXN0IC9maWxlIzNhIzJmIzJmIzJmdmFyIzJmdG1wIzJmQ0dJ dGVtcDUwNzI5LmRpciMyZmRyYWZ0IzJkaWV0ZiMyZG9hdXRoIzJkdjIuaHRtbC5odG1sIzIzdG9j Cj4+CmVuZG9iago0NzkgMCBvYmoKPDwKL1R5cGUgL1BhZ2UKL1BhcmVudCAyIDAgUgovQ29udGVu dHMgNDk2IDAgUgovUmVzb3VyY2VzIDQ5OCAwIFIKL0Fubm90cyA0OTkgMCBSCi9NZWRpYUJveCBb MCAwIDU5NSA4NDJdCj4+CmVuZG9iago0OTggMCBvYmoKPDwKL0NvbG9yU3BhY2UgPDwKL1BDU3Ag NCAwIFIKL0NTcCAvRGV2aWNlUkdCCi9DU3BnIC9EZXZpY2VHcmF5Cj4+Ci9FeHRHU3RhdGUgPDwK L0dTYSAzIDAgUgo+PgovUGF0dGVybiA8PAo+PgovRm9udCA8PAovRjYgNiAwIFIKL0Y5IDkgMCBS Ci9GMTAgMTAgMCBSCi9GMTUwIDE1MCAwIFIKL0YyNDQgMjQ0IDAgUgo+PgovWE9iamVjdCA8PAo+ Pgo+PgplbmRvYmoKNDk5IDAgb2JqClsgNDg3IDAgUiA0ODggMCBSIDQ4OSAwIFIgNDkwIDAgUiA0 OTEgMCBSIDQ5MiAwIFIgNDkzIDAgUiA0OTQgMCBSIDQ5NSAwIFIgXQplbmRvYmoKNDk2IDAgb2Jq Cjw8Ci9MZW5ndGggNDk3IDAgUgovRmlsdGVyIC9GbGF0ZURlY29kZQo+PgpzdHJlYW0KeJztXVtv 4zYWfvev0HOByYhXSUBRYCaTKbAPCwQToA/FPiyml0WRFJvtw/79ypJsS+cT9VEy5dgeJ2iTcGTy 3M8h+ZF6/+OXf2e//5W9v//y3+xr9/P+yya/y13VfmV5/f2u36DLO6Pz7VdWKnPni6b168vmNXvd PG4e6/+/bpRvPtj9qP9xN0TefP/19c/N+3bwTdvy5f6f9W//z3T2j/q/P7Kf/1U3/tL1t33gZVNW vqYjz5Wp/3zu/6l0pdxdTZSq23P55/bh/2x++i77c0uYvisb4lVLYP/Pd0Y7X+R3NrdHkfx6+Oid z02llfNl8Pd+x8Z09NhMWVMLt/5V16wb65rfc1e3W19TuG2vZeCV3f6htGzXRSMA3e/nOdD/Vjy/ 9WiuTPcV/H1Ac582V22HbWnuj1XoraqQtkF7j5d9P8+B/iXNieQcoDlEQ0gva8h5XNcvw/YoOY/b RsiWhjS33rJ1/tDvfZpn+Zt3mXaltpmtw0ZVZv/7tR75MYWOi7xSDcv50JcKldsmhORD/kX7Xl69 fp4D/SfzpUIpv+2/pbk3Vh3dts8AbcP2Hi/7fp4D/SfzpaGcAzSHaAjpZQ05j+v6ZdgeJedx2wjZ 0kl9yStvMlP4TBUmoTMpVfpGU0okJlUWZcO0CCbD9kPwOfTzHOg/XWJSZacdEeRV1WlH0jZo7/Oy 6+c50H+6xDSQc4DmEA0hvawh53FdDxNTnJzHbSNkS0Oad/VpBdXaPMexts5C1uV1nZspt/Obx2Wl o2q++8S0LYHS8XXigx+fNu8/176cZ0+/ZS0F79ofTy3V72qyvcqefsm+3xL1Q/b0x2ZbKXcNumko Dg2maSgPDVY+0fbx8NTxv5KsnfeXKGtXFBcn69qhyguUtc9VdXmyNqW6RFnXWWklWR/krHvFzvjv g9l2xPNUGHMHbURVbbU3Iirtm2hb7CSl76UcPjQNdt8Q8YRnT3TCnWpo+1Dq0FI0LdWhoWwanFRq 74l72fCpafCHhgc57mdBu8olMzAs9CGHVUrSIdnVJbArDdJ42QkIRH5EgaqAdkkIsAu0K6BjATNA mQYRUSEid2bEQ+eteL1OfLDxozrgKDPmSE43qTQ3O3V9kgx9FjGoY6gnlE+RQclOKFSPC2WiDxhW FTJaStJRn5IXbmk5qK+gfVDmIugANYDUudeAPD5ROoB9oKOUdMBHpIDwIyCPitIhuY2gI4HRJdG+ lHoXiaeUnb+JsjWQDpSCGqgldyFzIoliHyAxbg7SgtCkQEApRAh0QFCyh2h/RNh21TBuX6FhHiui NrOpMsgMlCoPVIYQqCDq8AQyP4KimUGg4hGUP/FhpA65kpmCK3dmkGKmkAdEd9xMQYEfgD/SehSL SxiXV6wuslw5m4nBW5bOXq6M9Pz4Yopa1faher2CZTlatPEKjFvnuQRpeIKXICnKSzpshBp4DU8/ gtXTR1or0HlihBnKFZjO4eeY1ILCDyjFuneVCayWnYKypfNjNICPWBlEE3CL2gdH5hMDDDEgIRAq PCGHCcWcY2vHqhKxnc9hY+WcpKz1xh5tiTJrDiotO17eBZ+Kya4RA7S8uxDzRSGYl8ueWloqNGBR BS4E68ByFKz/oFMYVi5QQpWpebVXzm6APjQ8QX1bQ8YNOO7UNBiELK0UV3BBDaBbSBey0+6Jt6kP jVXCWudnAAx4vFIL5dkjA4+vm6fZ4YtBXS5OEwJdfFmJi6UQJBdkNOh0fv5aUpvBsOBbq1Q8AQ+e mOLa1qVVfnhETpG0LGfVByEhDFhJrFnbUhgRr19XKQIfqIygQUE+OttpVIKNDngCJgVgM5g6qItA p8akMDPfrD75Yr/6tMaKui2YYlBkkPWTsKvylt9qtyytrQw00natkw6AYaMr4g42wbvtyqu+X9E1 Ots+AUtjExMy7jU4SmsCvaUxZBh3YSEo0LlzROyh+3AJF0oucLZhtBpaM65P8MkErXNhMmHA6kC1 8ESg8D2KjtASz1RVP67r7CT1tvVuqK7+hsaxIbzIq5DXRBRkq0bbQu8rcoilWCpABSZjK3ZiNMRS uXZvYKGO74ikWC5Pp4u0pe8qWAPcHKDIGxQQX6Q/l9pxPsIjYtOTGwzf86aZlsNXole6j50qF06E iCQxsZ2BF04AVS9x62ulcuySYWJcVXSTIYK5Gzzr6Uh4VkT9LknXQOmCJaprDszRy0DHVpXaiRCa MjCXe33DdjG3brqIY6BTvtkHZRdGd9iqoEDBC4YRnwpx8W3tU1/3Ymq6PehZaXj+CiUGcw4fgVFg DRNWecHIAmi4BdnuaHhuOYzDEZB3yHdgQzQBhtZ90ySVyu3MPacOAaFrvlWhd9PAHIGT5cum1Nt5 oF6ChOPDJtg9jijMKDo5IpNzP+QII2r9PKZEOB1XFC3LMfnBVpISpM/bWwquT/sGpFQaAUCFxb5e +JfQXgU5RaYyzTsFWwajAuQGrEbz5WkY9gOjFBsk+0C6kbvNBlbny5S6czZed5JfxBjJXTFQBGyT wSjQB2gGvRu2BehHQKq4gUE3HwCWxKFeMArSwUFHDyn17+N9NwfSABkROJYwwQ3moUAOmVBEEjQc N0zgBcwOzJ8j+2CUQDnQMxnAqYEIgTBgH4alQjYQDiS3Bow7UOxOeYxkzoJfguZgKx4kRp9YwIuV dBipOTsLbssctYwP1GgQVMzgQku2awPrJz0RQcYEwkDd1C9vEFzScIPgpnPDSsW7oeG5jl+aQbEZ +MR8JzPU/G84k9FUn2Rdo/LChI7axbztQBHSU+xA3fZs5+/ZXtBeyfWeQ/f19CFUfCy5sQrmRLdz 6EJC3+ydTj7fX0UJEL/rxq+d5gz1uWwKzr9NBDMwh7nDKAsuaKKHzM+3mKI4ktNgFc5GHtdcXEbs gAFhCzx7vr8kAh7lapgd1gzTKSZoPi/8aUP7Dd92vOp0YYXueGlKb+jkSRcrG/4R0O4CjMwadggz 2BF4U8ThOTiaMXI0LonKrRUqHzk3AvSucrBtwZ2l/GTf8hvVJmz+rUrzU1avaZJApYISCqzrTsER F5zYuF03+3T6GnAJXHnBDbUcN7nGnGnNScORTmd0OfS629SDkJ5k6sFBgMAtx8lRdO7yucjEIQHk BRoW+Pb8ai4CJsgFtGCtK2Hu257zja5BvrV5hnJDESU8R+PV4a4jOTdZ4BEnOjYTEcygtF1jYRbr NBg2cDf2+fl7SsCuV/vbYBaAPk8Kcp0gDPFXgGqA9B9ATvc6nXXxNxPz4R6IG2Rr2HBFkC0LiHZA gXKQo5zrIi8UfIqxnAOpweukPAy4MkWBgknZzwl9SufxoSsCF0vFjDLjV4LP91ycU1Dzj8Arw7D0 4hGO3+dIQZUQ9eq1jg+hkHY43A4QeghzhEi1itxp6Iq21ERyd/Fyd3nKgX28f0eQRhMPAh05nhDi KoDHT3IeCZgD04QnoGayNAFilUHx93BAARH6kCOo72JBCDmTJkBeMiDKH4obEBB4pmwANbikrlrG u+oSj1nDdFcBMS/whzc69LWyQVSrhlAuM3QRkCqFdUfEVBDz/AAJZ5oszLvppDKp7oxa1Znf6pAj ABzBQuhshhPGpzf8WOjlxBA8OwEipIcY4MhOKFIlMm4dH5jcGHz1SiDYdv/OvAiANehsPsDa4H2a UExROH8E4jjF63xbR1BahvnDm4f5i3YnLyF5Iyy0NeLc2CXeVLjkPaon2eqLuO2Fv9WA3mV0Lu8v 5Zv00betT9nY/FdhRWyF8EuHYNtO7uIgHWfyOq0LVvaJbvY6EcLYWS9iLj1oivzSK+Yi8Cf8Kn58 0wCslXxMIpI2C9ndbR9wg1bExj5sp86//SrhvcS3gw3L09Jp0EVw61QKoHuSQL0ASzf/NRsnvbT9 Al9uYZWMSWd+X8IbvVSiEmKKuLruXF6OeTYvMkh3XEKsSLiq+0JzEP8WsdIQ7qwxER+CylbijZwd iuUwZ7atQBRkAJiK4ys2eiUCnuww473IYoVxpq0lr1SR0+e5I4RkZ4t82L+CVzBVQpi7QzA9YUoY dZdgem8ngTeLu8SCciZfVVDOSEU4wZKWp4V4A/QBlzJDA4g2cMvWYoOozPB9FRqAl1pyAaABaTJd 3uoFpI+yD/BHWTyhx4J/jiN+F2tcV8ML4i9IEnC3t3xiof+FZKUqcVD0XGSlYdi1JWHMEA59OZLo 3+lUf2evtTyUbxjrfnx9WVr/PWaPm78BeYDIRGVuZHN0cmVhbQplbmRvYmoKNDk3IDAgb2JqCjMx NjkKZW5kb2JqCjUwMSAwIG9iagpbMjYgL1hZWiA0Ny41MTk5OTk5ICAKNTc1LjU5OTk5OSAgMF0K ZW5kb2JqCjUwMiAwIG9iagpbMjYgL1hZWiA0Ny41MTk5OTk5ICAKNTQ0Ljg3OTk5OSAgMF0KZW5k b2JqCjUwMyAwIG9iagpbMjYgL1hZWiA0Ny41MTk5OTk5ICAKNDYzLjI3OTk5OSAgMF0KZW5kb2Jq CjUwNCAwIG9iagpbMjYgL1hZWiA0Ny41MTk5OTk5ICAKNDMzLjUxOTk5OSAgMF0KZW5kb2JqCjUw NSAwIG9iago8PAovVHlwZSAvQW5ub3QKL1N1YnR5cGUgL0xpbmsKL1JlY3QgWzgyLjA3OTk5OTkg IDc3MC40Nzk5OTkgIDI0NC4zMTk5OTkgIDc4MS4wMzk5OTkgXQovQm9yZGVyIFswIDAgMF0KL0Rl c3QgL2ZpbGUjM2EjMmYjMmYjMmZ2YXIjMmZ0bXAjMmZDR0l0ZW1wNTA3MjkuZGlyIzJmZHJhZnQj MmRpZXRmIzJkb2F1dGgjMmR2Mi5odG1sLmh0bWwjMjNJIzJkRC5pZXRmIzJkb2F1dGgjMmRzYW1s MiMyZGJlYXJlcgo+PgplbmRvYmoKNTA2IDAgb2JqCjw8Ci9UeXBlIC9Bbm5vdAovU3VidHlwZSAv TGluawovUmVjdCBbMzA3LjY4MDAwMCAgNjA5LjE5OTk5OSAgMzcwLjA3OTk5OSAgNjE5Ljc1OTk5 OSBdCi9Cb3JkZXIgWzAgMCAwXQovRGVzdCAvZmlsZSMzYSMyZiMyZiMyZnZhciMyZnRtcCMyZkNH SXRlbXA1MDcyOS5kaXIjMmZkcmFmdCMyZGlldGYjMmRvYXV0aCMyZHYyLmh0bWwuaHRtbCMyM3Rv a2VuIzJkcmVzcG9uc2UKPj4KZW5kb2JqCjUwNyAwIG9iago8PAovVHlwZSAvQW5ub3QKL1N1YnR5 cGUgL0xpbmsKL1JlY3QgWzY3LjY3OTk5OTkgIDU4Ni4xNTk5OTkgIDEzMC4wNzk5OTkgIDU5Ni43 MTk5OTkgXQovQm9yZGVyIFswIDAgMF0KL0Rlc3QgL2ZpbGUjM2EjMmYjMmYjMmZ2YXIjMmZ0bXAj MmZDR0l0ZW1wNTA3MjkuZGlyIzJmZHJhZnQjMmRpZXRmIzJkb2F1dGgjMmR2Mi5odG1sLmh0bWwj MjN0b2tlbiMyZGVycm9ycwo+PgplbmRvYmoKNTA4IDAgb2JqCjw8Ci9UeXBlIC9Bbm5vdAovU3Vi dHlwZSAvTGluawovUmVjdCBbNTIyLjcyMDAwMCAgNTQxLjAzOTk5OSAgNTQzLjg0MDAwMCAgNTQ4 LjcxOTk5OSBdCi9Cb3JkZXIgWzAgMCAwXQovRGVzdCAvZmlsZSMzYSMyZiMyZiMyZnZhciMyZnRt cCMyZkNHSXRlbXA1MDcyOS5kaXIjMmZkcmFmdCMyZGlldGYjMmRvYXV0aCMyZHYyLmh0bWwuaHRt bCMyM3RvYwo+PgplbmRvYmoKNTA5IDAgb2JqCjw8Ci9UeXBlIC9Bbm5vdAovU3VidHlwZSAvTGlu awovUmVjdCBbMzA3LjY4MDAwMCAgNDk2Ljg3OTk5OSAgMzcwLjA3OTk5OSAgNTA3LjQzOTk5OSBd Ci9Cb3JkZXIgWzAgMCAwXQovRGVzdCAvZmlsZSMzYSMyZiMyZiMyZnZhciMyZnRtcCMyZkNHSXRl bXA1MDcyOS5kaXIjMmZkcmFmdCMyZGlldGYjMmRvYXV0aCMyZHYyLmh0bWwuaHRtbCMyM3Rva2Vu IzJkcmVzcG9uc2UKPj4KZW5kb2JqCjUxMCAwIG9iago8PAovVHlwZSAvQW5ub3QKL1N1YnR5cGUg L0xpbmsKL1JlY3QgWzY3LjY3OTk5OTkgIDQ3My44Mzk5OTkgIDEzMC4wNzk5OTkgIDQ4NC4zOTk5 OTkgXQovQm9yZGVyIFswIDAgMF0KL0Rlc3QgL2ZpbGUjM2EjMmYjMmYjMmZ2YXIjMmZ0bXAjMmZD R0l0ZW1wNTA3MjkuZGlyIzJmZHJhZnQjMmRpZXRmIzJkb2F1dGgjMmR2Mi5odG1sLmh0bWwjMjN0 b2tlbiMyZGVycm9ycwo+PgplbmRvYmoKNTExIDAgb2JqCjw8Ci9UeXBlIC9Bbm5vdAovU3VidHlw ZSAvTGluawovUmVjdCBbNTIyLjcyMDAwMCAgNDI5LjY3OTk5OSAgNTQzLjg0MDAwMCAgNDM3LjM1 OTk5OSBdCi9Cb3JkZXIgWzAgMCAwXQovRGVzdCAvZmlsZSMzYSMyZiMyZiMyZnZhciMyZnRtcCMy ZkNHSXRlbXA1MDcyOS5kaXIjMmZkcmFmdCMyZGlldGYjMmRvYXV0aCMyZHYyLmh0bWwuaHRtbCMy M3RvYwo+PgplbmRvYmoKNTEyIDAgb2JqCjw8Ci9UeXBlIC9Bbm5vdAovU3VidHlwZSAvTGluawov UmVjdCBbMzg0LjQ3OTk5OSAgMzE3LjM1OTk5OSAgNDQ2Ljg3OTk5OSAgMzI3LjkxOTk5OSBdCi9C b3JkZXIgWzAgMCAwXQovRGVzdCAvZmlsZSMzYSMyZiMyZiMyZnZhciMyZnRtcCMyZkNHSXRlbXA1 MDcyOS5kaXIjMmZkcmFmdCMyZGlldGYjMmRvYXV0aCMyZHYyLmh0bWwuaHRtbCMyM3Rva2VuIzJk dHlwZXMKPj4KZW5kb2JqCjUxMyAwIG9iago8PAovVHlwZSAvQW5ub3QKL1N1YnR5cGUgL0xpbmsK L1JlY3QgWzMzMi42Mzk5OTkgIDIxMi43MTk5OTkgIDM4NC40Nzk5OTkgIDIyMy4yNzk5OTkgXQov Qm9yZGVyIFswIDAgMF0KL0Rlc3QgL2ZpbGUjM2EjMmYjMmYjMmZ2YXIjMmZ0bXAjMmZDR0l0ZW1w NTA3MjkuZGlyIzJmZHJhZnQjMmRpZXRmIzJkb2F1dGgjMmR2Mi5odG1sLmh0bWwjMjN0b2tlbiMy ZHJlZnJlc2gKPj4KZW5kb2JqCjUxNCAwIG9iago8PAovVHlwZSAvQW5ub3QKL1N1YnR5cGUgL0xp bmsKL1JlY3QgWzM0MS4yNzk5OTkgIDE3OC4xNTk5OTkgIDQwMy42Nzk5OTkgIDE4OC43MTk5OTkg XQovQm9yZGVyIFswIDAgMF0KL0Rlc3QgL2ZpbGUjM2EjMmYjMmYjMmZ2YXIjMmZ0bXAjMmZDR0l0 ZW1wNTA3MjkuZGlyIzJmZHJhZnQjMmRpZXRmIzJkb2F1dGgjMmR2Mi5odG1sLmh0bWwjMjNzY29w ZQo+PgplbmRvYmoKNTE1IDAgb2JqCjw8Ci9UeXBlIC9Bbm5vdAovU3VidHlwZSAvTGluawovUmVj dCBbMjk2LjE1OTk5OSAgMTQ1LjUxOTk5OSAgMzU0LjcxOTk5OSAgMTU2LjA3OTk5OSBdCi9Cb3Jk ZXIgWzAgMCAwXQovRGVzdCAvZmlsZSMzYSMyZiMyZiMyZnZhciMyZnRtcCMyZkNHSXRlbXA1MDcy OS5kaXIjMmZkcmFmdCMyZGlldGYjMmRvYXV0aCMyZHYyLmh0bWwuaHRtbCMyM1JGQzQ2MjcKPj4K ZW5kb2JqCjUxNiAwIG9iago8PAovVHlwZSAvQW5ub3QKL1N1YnR5cGUgL0xpbmsKL1JlY3QgWzY3 LjY3OTk5OTkgIDc2LjM5OTk5OTkgIDEyNi4yMzk5OTkgIDg2Ljk1OTk5OTkgXQovQm9yZGVyIFsw IDAgMF0KL0Rlc3QgL2ZpbGUjM2EjMmYjMmYjMmZ2YXIjMmZ0bXAjMmZDR0l0ZW1wNTA3MjkuZGly IzJmZHJhZnQjMmRpZXRmIzJkb2F1dGgjMmR2Mi5odG1sLmh0bWwjMjNSRkMyNjE2Cj4+CmVuZG9i ago1MTcgMCBvYmoKPDwKL1R5cGUgL0Fubm90Ci9TdWJ0eXBlIC9MaW5rCi9SZWN0IFs0MjMuODM5 OTk5ICA2My45MTk5OTk5ICA0ODIuMzk5OTk5ICA3NC40Nzk5OTk5IF0KL0JvcmRlciBbMCAwIDBd Ci9EZXN0IC9maWxlIzNhIzJmIzJmIzJmdmFyIzJmdG1wIzJmQ0dJdGVtcDUwNzI5LmRpciMyZmRy YWZ0IzJkaWV0ZiMyZG9hdXRoIzJkdjIuaHRtbC5odG1sIzIzUkZDMjYxNgo+PgplbmRvYmoKNTAw IDAgb2JqCjw8Ci9UeXBlIC9QYWdlCi9QYXJlbnQgMiAwIFIKL0NvbnRlbnRzIDUxOCAwIFIKL1Jl c291cmNlcyA1MjAgMCBSCi9Bbm5vdHMgNTIxIDAgUgovTWVkaWFCb3ggWzAgMCA1OTUgODQyXQo+ PgplbmRvYmoKNTIwIDAgb2JqCjw8Ci9Db2xvclNwYWNlIDw8Ci9QQ1NwIDQgMCBSCi9DU3AgL0Rl dmljZVJHQgovQ1NwZyAvRGV2aWNlR3JheQo+PgovRXh0R1N0YXRlIDw8Ci9HU2EgMyAwIFIKPj4K L1BhdHRlcm4gPDwKPj4KL0ZvbnQgPDwKL0Y2IDYgMCBSCi9GMTAgMTAgMCBSCi9GMTUwIDE1MCAw IFIKL0Y5IDkgMCBSCi9GMjQ0IDI0NCAwIFIKPj4KL1hPYmplY3QgPDwKPj4KPj4KZW5kb2JqCjUy MSAwIG9iagpbIDUwNSAwIFIgNTA2IDAgUiA1MDcgMCBSIDUwOCAwIFIgNTA5IDAgUiA1MTAgMCBS IDUxMSAwIFIgNTEyIDAgUiA1MTMgMCBSIDUxNCAwIFIgNTE1IDAgUiA1MTYgMCBSIDUxNyAwIFIg XQplbmRvYmoKNTE4IDAgb2JqCjw8Ci9MZW5ndGggNTE5IDAgUgovRmlsdGVyIC9GbGF0ZURlY29k ZQo+PgpzdHJlYW0KeJztXUuP3LgRvvev0DmAx+JDLyAIYM/aAXIIYHiAHBY5BN44wcJeZLKH/P2o Jblbqk/sj6LIbvWMZrA73bREFuvNYrH49s+f/5H96/fs7ePn/2Rfhr+Pnw/5Q140/U+Wt79vxg26 fjA6P/5ktTIPZdW1fvl+eM6eD58On9r/Px9U2b04/Gn/8ccQeff7+5ffDm/7wQ99y+fHv7af/pfp 7C/tf79mP/+9bfxl6O/4wPdD3ZQtHHmuTPv12/irMnmtHsr2c9uey6/Hh/99+Nsfst+OgOmHugNe 9QCOv74xpi6a+sHmxSqQn8+vDr0fkeX6PO54EXxlkemyKHRW5DZTLRr++8/D13b48+BlbhqtirJ2 fh4PbswwmM2sts0RgXnZ4t3Yovvcjmp1qdvhj+0tAUplj1+Ulu26etBD+6mfb47+j7T5OoK5McOP 8/ME5jFsVXEctod5PFZdH/kEYZu0j+Zy6uebo38JcyQ8O2B2weCiSwo8z9P6+7TdC8/zvOHipUh4 LpWquz6bKT+XyqgOn80UBtF+gnnUzzdH/9H4uYXGdnhrprxRthPtPgNsk/bRXE79fHP0nwjPDphd MLjokgLP87T+Pm33wvM8b7h4aQrzD5vagIVZZgisbS1B1ZStbc5U8cMOfAozd6r7HQPTtzjM3fOF F98/Hd5+LDOVZ09fsx6CN/2fpx7qN7qs8yp7+iX74xGoP2VPvx6O1n1o0F1DdW4wXUN9brDyib6P D0/D/BPhurH6HnHdFCYRrgN9pecLL3YTUkdvbm5GrdvTTsi2PpADXKVkQyMb3ssZ/iQbPgosQad5 3TUUpwbdP2El2kYNj4shhT5UKV95lMSxZ+KEY1mVRqAZgAesAvAUiVqz+XrgzIGAS30sBx3IjU9I HkKWATgq2QeQGzhV9pF/kIDBKL2AqNEwIOEwO3hCDqNqhnacP0jqT0z1wCg4LEUIMsi7GBIy6KHm h2LVhRwGlAqQCjhVzt9Ap5y6wDPIZnIYD90FHAKzg1dgujC7D7KPirIM0B8AW65CPF6RnBqFdZcj WQE/UOuHo0gkI2ApFDc8YfrJNecnStFg+1GUOr/DlT2o8nfyCdCpnPycllRhRrEgElKkAzcH1JPh fAkqFe2Uw4lcguQ4nkxRm6miRmMPMqQlrNwdhD6aeEamyOsfvV7J/dM90s4Dh1gI4E3KE6hmwXSB 0HAFSPkblTkYN9CZEjAP1x39MBABqt4jon0li9iiErwJUgP6DJAG5IVXrDQSEWyT6pWkys+PKIl4 2aA+3o2/E8++x9Fe2riQCuYcfQLwGnJpi6iK4MqaL7M5cbkweziAfHXHQadiyNchHkt58Ij4qgMQ RJ05dCtAYGC1R2M73HfzIBR11VDXAa8rAboxS4SucEld2XRSV4ro6ggjIO3FPPCjBqm5NO8UeBmY SpIKNLeChpwO+45Big1y+gC6qWWDnMvwRCTa1dqfdnK+gNXBhF4ghAbbBtws+wDKoHTLTvkrgFV4 RTsCtaMngFMBHyC7chSEA8wBsO6HmPRv/GVXgZjBfEFmKJr5K64Q0giJIIgAGFCX8iGSGwhByY26 G6gLcMD0oVOKdVAqyMsOO7SkAekCT9CQMoiQK158SfqpkAGCPIQMVr/AQWVEMSy1vxgaHqgHfUiF zFATGiBkBtiOE1NCasEeAoKAmJQh0CzJUQKGBXygbFNCgTyANQzBBwcM6OIIba6CIwnjosKIwLgB k0PXh9NW8qmF2cZ000vr7+oZ8MpBhChzcydMwxIL6A/O4HLvMIZFBU2GjjxYQ2AIoL/kIaC/BREC XgY+5D6oRDIQGxWoHNbAsACpZKlCYgxXOoB1WCxSg8LhwBANTA6YHwCTtC3AGEims8Aw4BoDPqjj C0yHyg/6cCA5ko4p/P2YQqIZV7q0wbU4uiTs0AdfCoJFBUIsd325zuUaFSPFdLagQQKwXsBsQW/L 6RuwhoBCqslAoxpwOEGBwhOgMCTGAqQfV0KguCQpQWGAig3QqKjqYRRYCQEZgHISH2ClCodPFiWk X+VmCtkozAnh5xQbhS87QWMrG0k06I/5CLl8gue8wSh0JzVGIiWqfkAh51O+swKTAwQ5EgdAKV9b om6FD4AjRd5MQP4OsjZP+VkuUQhYgGQHZ8CtNA5lrqbWIaWajmPIVO1ksySqPYbmAsDArb1NsjK3 W+gc8FeAu3nq4Y1IyTOieeYZMDvIB1epsDCiJsZDUaXRGNaWQgwhWzNSspKdjnMrv3Ujrh3O1hH1 vZSrtZytUub3xbEHxmm6QvyhgNxEQDsogKs4SCGHF5YvFzwS0VIsKHaPOj7D3Mqj5glyMFueQwZO WZrUdGssUToegspxBg0Bsr3cT/NIxONojneK4CV5YWvPdg5sZ4XTNT3P+9CXesm7oiXznyenfT2e 52eBFw7azbM5nsaeO8PQuZb12eUDtnf4mhcahs3RETM5klpB6zeSd+Cg5PmJYQfpQha0K2R84ZVh c3x0mAoj0zwjiU8XxgXIHkWDkiFzl990ywPntW1+UGcPeU873UPel/2tPeTN+GN30Mmwd+ygv4qQ 99k6bD7kXZf2uqp9D3kvfWUPeT9tZ7GVKOQ9EsOkIe/zOHvIm5n/Vxnyriun6dpD3qudmz3kvZiD do+aMN0LCHlfUDp7yHv3wlKFvOtGOF0vMuTdnF0+GvLGLPrlQfGZcioy5p0k1DyYQVBzo0B6wWAf zgiMouIcEM0j2vIJDJObGf4Dpk4a0W6aU21PqH6zm/5tmv6NB9Ney27FHtJa6yrdKKSVskjz2tV4 WU21Mq9K5+FNAhKBVHCyCoaVfUSMRle5WmAeIsSabuSze9dtvMSI1ym4HYEMd1QJ8I7ra4eUZI4h YxEifLygrEdFPmAQkA8uY46iJInDZDHrT662OlIN31SFxrEp+mRCqc7wICdf6cAT9EQ8r0ENdS7z QjKNhVPBsqKgx7oF5s/XT7y+KN0E4cKLu0RROKQsOw4prnFC7dxgK4r2YOd2bWQs7zFSntIk5UF6 qMpmkRNz2QKbjbzboUDaWCvyWFSKyMWLWqomiRjEu6Zm33/ytpm3CkJFuS1l0Lu1cSIkAvdzNet9 cUEkrdq8Xq0ajPpFQbPrpLC8ZFX9KrcToy+jrJD3REldRZfUNRrH9uPAXtSliC9lGm/WjKMljzcY u7iEM2cA8MsDeh6vLL8xzsMYR7S9SteuYeCWMVTNMLvlYQK0zon2+geusqcaVdxIypunZhbbcBcV tkC/Qy20sQUHc7wZi+2RVQbWlgc6oQ+PaGmwFl/iG4dsrziqQ24vwvii1rSU+1/b1YsOfoikN4vT miUgEdXXt5CJL5PMJ3v6LJJhHE/5JMh4DECKqaruKuURfqD2owUegkqXenb22VXSflQlCBzi2IN0 Oqr/LkoGCGB5HmHZ9SqhHFCf77DybdvlejWGsxnDZfCIwF1SZityoutKyCWPSdKEbo9NeZokPeOr XSe8EsVpvLLZrKw3t94qCQXke3noB1MquJ7hIWauzHnoh3uJAeffPCSCr/uXT2Y/rUP62O5uSRyL 0FRTnQL3Ys6kkHjsH8B9mzOxBp4iRe0G4o0XvNicPq8bF2hRPJjrHGlMYlk5eT1SZPiygSs07vN4 zI7n+y4P8oTcsOo4IXNhs8djdjEuew8JJQZcsU6NEa416FzSRDAiBuV1vsBrTJF2v/3MJK1Oihgs HCZFyjg4OH3YCQbpc7kdAHbzSnvoL/kohsfyxHG92aVKATzjm28xckjpzjSikCdNBuxuB2SA09to PDJCA7Zj6KIQqf+SY28ew3KG8T3/EEkPG3fdKF/VtvoUt5pCgjgJOZzxutfFGNHhJ14CvMo9y2g9 /9uyEJIY0xU9lbDzQCs/vBpzLa7PtbK24wJ6xOh4/gR/JWBHji/6uQ/E93Vuc/osIm+ucrzT1Cy7 m0T7lFXNRvFXLmIpwkge+6DLN1+2lwAeSTefKzkFr3hXu4VmCsmVlMSe2jXtdK8wGklXr949yoVk RhH4/nCtycVl0utyTu/5/D0HNUZuOre0ECngEhFvSRNZue3FBVa7ZhGLC6yKK1+pGmK8OFkM3r7D vNZBr2s9xdcIPXDnO6Q5gxvOw8zAcnRHFIomwC04WqpkC7exS3/Z1emNUnTrXBAjYEub1wXy2J9P cnwziXcHWpWbrg37bl0JzzEDXOfszyv3wwKSw7hQeRyo8r0aJ47rbmonINzN4uE9qlRMLYaFtDav 0CwnHgAfoeqdR8o1Z7MraRGdN4LgNyomx7OtAnbwN6urPETiOqdUaOIEko7ndXMpu2PB5Of0uKqG PqjpxnXXbVk5jpk5FdfyKEfr4c0udwACyvGGsGoEBZkkQTHR1Q1amSl5X3YAbPlaZUPuzXLWxFGo 9pqBPSBF2QP4CNvVVxW01xIjvqqIxLFNpzKHaJs473rkffLl63Uyh2n6mccJHO7e+ka4127wNrUg 3maXACERLX4VCu804Fi+R2SRL19SLJJC3LcIWd3cRCC1HecC4uiqpoypEV5VUuuN7meZKRKFZzDB 4gF1N+IBbH578g4320wpZBtvhpKTRa/j3bzZvWRBYBS6l4b7cbyPn2bJkl1l68z2acwjrXk/e9hc jGj8NuR0LN054zGuOPsTSnfxaqvEtmecxMBztze6DyBlIa1Qb/y+1KbWtaAkqCu6HY1b//yaBqDT Let36UbPSsm6rC3uffNMp60q1oAaj1GOPybJOEpx7NCVYb96ASM41SPjlsefYuQGUsXrjSIebImy CrTnsr3XKZnBzyXfqBZywKqI3kOGK/qQIMjyBWvIPYQ8CATeDXff+Dmv5XCsPB98X56J0Woqplqm HLoMyLnBQIIlnC77eEO/w5SN0ER34wDc/8pqXkZWWJVGmhWuRuItkuKYRHu633xfWK1UX8MpvjNK QxZWNLfbO4R1q8LI+RQJMcP4tjrdQ3DHZcrHt++d8PFQNMMPUkr8G6fZhc46NJcOLFdH+1sW+elG lN5slFLiJTHZeLrlhvkRazFiPl/uKnRCdTnt3vTCM9pUGIoTgAcKBmikwxuBFT1foCEcK0pXSdGi jBb9vxdzHAIVo0nDVovEgpoX9BVYqGxaLFTNtH/lCPVjqVDYLQaTHw8NWpukaOjjgaP+hyNJ48Ig UgSQPd5JbgCpkU/Y+VyU0GmYsuOWSp2mIcuOIEiwNJA8DcoABGXw32ALcrQZCsOCyimiYqKzlWVl 7w8RgbJDWKI+lby5H0wkYYm6uT9ERGYJW4pL3zaDCXgiMUuYvi72uQDWZjARmeJ5Pa3gsJV5Kkpx x82AwRS3zfQ8JLj3CjJsFNzmZuUjQ+CgkQQcIVg2ALNH9gUKsWUSZ6I4DYjuFOyJ2BNVxTQCtc2Z tr/ZcztfVXaAD3++fA8NT3zKPh3+DzyfRc1lbmRzdHJlYW0KZW5kb2JqCjUxOSAwIG9iago0MDYx CmVuZG9iago1MjMgMCBvYmoKWzI3IC9YWVogNDcuNTE5OTk5OSAgCjU0Mi45NTk5OTkgIDBdCmVu ZG9iago1MjQgMCBvYmoKWzI3IC9YWVogNDcuNTE5OTk5OSAgCjU3Mi43MTk5OTkgIDBdCmVuZG9i ago1MjUgMCBvYmoKPDwKL1R5cGUgL0Fubm90Ci9TdWJ0eXBlIC9MaW5rCi9SZWN0IFs1MjIuNzIw MDAwICA1MzkuMTIwMDAwICA1NDMuODQwMDAwICA1NDYuNzk5OTk5IF0KL0JvcmRlciBbMCAwIDBd Ci9EZXN0IC9maWxlIzNhIzJmIzJmIzJmdmFyIzJmdG1wIzJmQ0dJdGVtcDUwNzI5LmRpciMyZmRy YWZ0IzJkaWV0ZiMyZG9hdXRoIzJkdjIuaHRtbC5odG1sIzIzdG9jCj4+CmVuZG9iago1MjYgMCBv YmoKPDwKL1R5cGUgL0Fubm90Ci9TdWJ0eXBlIC9MaW5rCi9SZWN0IFsyMzUuNjgwMDAwICA0NjEu MzU5OTk5ICAyODcuNTE5OTk5ICA0NzEuOTE5OTk5IF0KL0JvcmRlciBbMCAwIDBdCi9EZXN0IC9m aWxlIzNhIzJmIzJmIzJmdmFyIzJmdG1wIzJmQ0dJdGVtcDUwNzI5LmRpciMyZmRyYWZ0IzJkaWV0 ZiMyZG9hdXRoIzJkdjIuaHRtbC5odG1sIzIzVVNBU0NJSQo+PgplbmRvYmoKNTI3IDAgb2JqCjw8 Ci9UeXBlIC9Bbm5vdAovU3VidHlwZSAvTGluawovUmVjdCBbMjg3LjUxOTk5OSAgMzUuMTE5OTk5 OSAgMzM5LjM1OTk5OSAgNDUuNjc5OTk5OSBdCi9Cb3JkZXIgWzAgMCAwXQovRGVzdCAvZmlsZSMz YSMyZiMyZiMyZnZhciMyZnRtcCMyZkNHSXRlbXA1MDcyOS5kaXIjMmZkcmFmdCMyZGlldGYjMmRv YXV0aCMyZHYyLmh0bWwuaHRtbCMyM1VTQVNDSUkKPj4KZW5kb2JqCjUyMiAwIG9iago8PAovVHlw ZSAvUGFnZQovUGFyZW50IDIgMCBSCi9Db250ZW50cyA1MjggMCBSCi9SZXNvdXJjZXMgNTMwIDAg UgovQW5ub3RzIDUzMSAwIFIKL01lZGlhQm94IFswIDAgNTk1IDg0Ml0KPj4KZW5kb2JqCjUzMCAw IG9iago8PAovQ29sb3JTcGFjZSA8PAovUENTcCA0IDAgUgovQ1NwIC9EZXZpY2VSR0IKL0NTcGcg L0RldmljZUdyYXkKPj4KL0V4dEdTdGF0ZSA8PAovR1NhIDMgMCBSCj4+Ci9QYXR0ZXJuIDw8Cj4+ Ci9Gb250IDw8Ci9GNiA2IDAgUgovRjE1MCAxNTAgMCBSCi9GMTAgMTAgMCBSCi9GOSA5IDAgUgo+ PgovWE9iamVjdCA8PAo+Pgo+PgplbmRvYmoKNTMxIDAgb2JqClsgNTI1IDAgUiA1MjYgMCBSIDUy NyAwIFIgXQplbmRvYmoKNTI4IDAgb2JqCjw8Ci9MZW5ndGggNTI5IDAgUgovRmlsdGVyIC9GbGF0 ZURlY29kZQo+PgpzdHJlYW0KeJztXUtv5LgRvvev0DnAeERSTyAIMOvMBNjDAsYYyCHIIZjNJFjM LOLdw/79qFtyt1RfUx9FlR5t28aM27REFuvNYhX5/m+f/5X85/fk/f3n/yVfup/3nw/pXZrX7VeS Nt/v+g22unM2PX4llXF3RXlq/fL98JQ8HR4OD83/TwdTnF7sfjR/fB4iPX3//uXXw/t28EPb8vn+ p+bTH4lNfmz+/ZL8459N489df8cHvh+qumjgSFPjml+/9X81ti7ruwYo07Sn8tfjw/89/P1Pya9H wOxddQLetAD2f33nclNUx07zWSA/XV7tej8iy/e53/Ek+Io8sWWe2sSVRWKqKvnt34evzfCXwYvU 1dbkReX93B/cuW6wLMlsVR1xmxYN3l2WN2+kx1Ezl7agF0cCFCa7yxrQrGy35Qn7tt/PN0//R9p8 7cFcu+7L+3kAcx+2Izc+w9wby9niCCbANmzvzeXczzdP/xJmJTx7YPbB4KPLEni+Tuvvw/YgPF/n DR8vDWF+1kE1SOQ0wcmyRnIqaxpdlpj8WW4e4tSDOX33gWlbPOrhaeTFHx4P7z81spwmj1+TFoJ3 7Y/HFup3DdjOJo8/J38+AvWX5PGXw1Ebdg321FBeGtypobo0ZPKJto+Pj329MU3fPY28eJqQyRtE uqtTqo8zyk05hKaS4F0a7AfZAE9AQy4b7kWDq2RDzZ4AwLJUvmJZA/RhStlpjzrz0SwZZwwSiaL0 B/mEnG8qcWbkfPkrwK9ATAf0B8DksPYTm20qn4BOcZS/yj5kgynYKDh96JRiHXg5k9xussmdZh/p XCQZcHISMIADCAX4cBIfDkQZhB1mK1kq+6QpU1m46kKZkjjjaEacyelpSC7QDvuQlOFChsPKTnEu QEyAFPoAtrOa5C7CVSiYHcSqxJkDtSMFETXVIninqiuYU5XwXofjPU8VBy7ScPkOAI0aHsArNoBV Bb0qGxwwHhUjC6NQYw6TA9aEJ8BnyqgBRC8DLCJMnz5hwUZQ2UWHEGwmNYDcZXAAGDg3gCCQTNkA ZMg1RbWw4aIaIzFLsC4XkAi3M0Ie0HUFeQD9L9mOe6ocUl2GcIuqUI4zFBHAqsdpmKRTAc3TFaQD BSnlny8qdWmXLyvMFO8W1Ox0UoFrslt7iMYNWBesDOUhBx6EjDLA5NCEAtsBHBJSB4CB1ZUSA+4A rO5Al2UgMTAXoO3K9rDYWP0tYjJAhFDJ0oAAB4xHCPAJOcrtmGHAKcg2LhcAMKkvfcZeibmrCesy N2Vg37iNQWrGLW01HKYX0KYRki4GnkksXvroNKSTiHf+Tg3Mv6VE7h+2U1XGSAVo0gtPtKDVEq2l v1uAFW0XwAps9FECT5GYSquCo9BOgRAAWMBc5PQ7wzyyKWLARMjJWegDZBVYRuIjgA+5f9T2YcYY sZrMIDguvALMPF3KAsgvQUf3B5Qo6G6YPgD2QQIGkGroFIAjgi85KT1GZWxyQEroI6eAcazDsMDK 0EetaB8y51VtEawMnLuKfghAaoRGhcmBuVDQl8iGAClwHaq2RbQQeKFABz4KN5dc2AEOGBZ8Dqr8 ArQQ5W1Ofi4OOLnp/gQKDLAhMBl1ubiTgrzNh+X2lEvQOkZpG0cXuZBLFBBKQqpqLvLzcgLWtSAO nrUgQDZGB9R1YC/ACFMuA984wAiDxwWkAkIA7OilKaiyGI8Cdj4oV3HeXcnzX8RbXEWnvBnUFQwq hAFM+0ovUpDmsuVKNOFegNJlD/W7gRnTJCX0MbnOCDYrOvq9dF6mCOX4mYCU5RAQDYlXWQ7ydZlk mo10JIovd/cAp9PtXbCeHabQ3rUVEukp1//650GCbcDzPP124qAnjq2PCdBXGNYWp2Tj80IaY+Bg XiKcWlB0oMU6ni5GGu6FcsQngGNbGvZCrzyPrtuMqv3jGvkE5uK5K6wCmmRmtvW4LqzK7M3635b1 XylyCntr1AXvttrrESRz6k+3SAgHekPA27IBN9dASfBkU2gAfZZKfoANHZgu342gOc6wPR9j1iTp usyCSQt9ID+XU3AeORvSbSMe1eGUC4gd8ZCVx/9Q8XKrqg5XBzxQDDqXxr0iAsWLhOe5WuKKnDN7 8I7GFJ8W++AhO+BLHsLkwRWFUDsyDIglBPVgcvAKp+30uBiKBw9gR2zNIlI5K29kg1/Qfq9TyTsp Tsuh+lKpyN04uuXVPTETMpO2oJ2r+zC9Xbo6WUCsqEtg6u0L0m6vRJP4CrCQ7BsRG6USzy0zBwxi cFY+gSiTDTqxJOeqIcUReD3uHHP3lvC79rt1vFt7pqPhTNbqkWICJBGBP7pblpWyU2pIFJc7c5FY tUgs8+duNYIsayJgVjg1ZKczIia7xNbnMlgG34s7QXy3eLfeaRcSHTPvu13geFZvSvJf+4HnHiy8 ArnkvKIJOIJS18eIMzFiSzPEyH7ZeaONLYw0rZKzGNDp9EgsKmJOy+kJRfAE7FHygBcEeAKUGVfm dFgeANUJCbaKqDoeVRRqAPcrmDdsZ64ghKa28b0rtAihC9y5S88qH7IVrgEjPJ6IHENwtKhmBloF cBXfzATK8AWPQt7/Fa7SKOGJtghKysp6Z8NTakNwxDc9IkwgX8/w8AQPLcQkXUdsxStIIiJ1+t58 zAJPI8KzSn60T+/MFKLslGI2JkQBPDR9hb+zHTwlTeTO9i0gVRsszXRpDlFWnvQqlbBfleYThHGV sN+SwqjEJcUzl8BWwDqFFS9J5cekY4GceY4YGHPPpsfjcL1OS0zRfPGNMR44kiUivK4b9GoAkje1 iWPF0aBU1wRdSYNUr1qU54YWKyuQuFEUQD4RsLKM8M1uPpL8ugyXkoaoRzxRHlqjudZAK0x8eysj 0/dctkkkxxNnIMulO3EOFnxzF6euHnJzQHiKZgbjKoofZHI7yeVWc0FrzFm+pfeKqV/8HJqthJNa mteVo87PconZKAE4NKwmj71ByAc4iMPBM33jhVlJEK1/Q+7l+UBTTGAANWG2AVGz6ZkgMYeV7Nbz ps4b5KjGHCG111B7ALHhFY7kmBMwPJRSUirZHItww3qIshl6zXTjWGmjvPkLocykkwd6cAwqu7Pz Z1FB7HkqpKo4YAByOqhzuZg9nM1SyQaP6hrxkJF0HhUKPsTYsKF38GxTxN0tpHqY3W22MOdvXvo6 fY0bU6boOVsKAnpK2jovFA3pbtZmrytwonNU7zaF/W91/FK8VUMtpXnmiLdQCzMaeqGW2TV16ZB4 GgGbgH2g2y0iV1wW3qCHm53KGnr8AhdP8AZvytJ88J51UXWuV1ZwwGMu9FS4FbN/k9zq/na3x9xD 5F7r3JX0YFaL+b4gNz4kR5jXZ/A45ZrprDpOi02dFwG3Ew66nbB0QHYHFfgA9oarn+hZjjcU29VM f7Wm8oG2UfqrYiWdkopwZxWhcRS552azkcg1j+VGpGq98njKOvWaK2XMvirKKa5PlfRDVnlxxsPJ /Kh2SPbhV5vQrMuAfOhQ13V2Lms1ROINF1YGnJ0Xkf7Kp89PDuJ8GOGYK9yfpFKItY3jEhDjgv0n KFzwXB7pppBy0T0bW7hgSPiVIQEcMh3N/KD+mEJjXnVBrf9Ci2zl8OOMkEmZT2URnmMXc7XXEm7G lYMBM8manlPuFl7cLnmNoZLSKL3XCr1o13SjDIRFqm5wa5TeoRRhzGOuoeACopALFqP/o88mmltj UNuh1N1iHKp2Pg644a3iG6ztdqnmDdO3HFSPCDtvlNsbcTylgnt7O2KoYiGmu3IxbpiHlEqybVU3 u27GL7udw/lUberxuOxQm7rbQo4l94dy/yjxxFQS1Vxz0+lN3Hcq7jsx5buV/lV39pUkt3idwY+V MtRVDWTlvEjc6OwvnoUDlFnWDtWqy8GNSnQi9IweIXTV/X53u7Y5tytgf2i/JxnGR251pDszzgcr 7lXytAM635XuX1tFdpfxMkM11dytuyIb0n+jjMlXljGj47ykrexm5wqMDwI0jdsaAhYeGmc3v6bS GVPXQ8JBXQl66tDgqQXfqEjEiRkFpLvu5W6FtWpdnZWdpHjXO6+Y3bTWbfYhaEJjRZw/H8AmPC+E MkXMsd90UR9wr9eaRYeTluw62w+dxcqfa6uytltjL1ICmWG0eNl8kBgA95piwAFaQStEgOrA75Wg Wsk0eD36IqDiuHB1KcIql+Rw/6mOX1O0TFJaLzMq3OWJEZfpd90EZCjTe2u2O161k8VLnSNYIzxZ QJonzHyDTq6YPbhYFpYYCrfmohoEqxcQDwDjCrqGn5XGq0PhCViEvajrezNgPW7UaFgiYHNjnYqr Je7qxAAKz5/ViO171o/DRcZdXndfwAfyb3zhMdLZiakK7y2L6fBK6KydTDGiiPDSipo+0tGqr85K ST3ZkPXq9xWm2t5+3ROfnU61+U6emgmb4gR59+PL99jl6UPycPg/Maz3JWVuZHN0cmVhbQplbmRv YmoKNTI5IDAgb2JqCjMzMzEKZW5kb2JqCjUzMyAwIG9iagpbMjggL1hZWiA0Ny41MTk5OTk5ICAK NDM3LjM1OTk5OSAgMF0KZW5kb2JqCjUzNCAwIG9iagpbMjggL1hZWiA0Ny41MTk5OTk5ICAKNDY4 LjA3OTk5OSAgMF0KZW5kb2JqCjUzNSAwIG9iago8PAovVHlwZSAvQW5ub3QKL1N1YnR5cGUgL0xp bmsKL1JlY3QgWzI5Ni4xNTk5OTkgIDY1My4zNTk5OTkgIDM1NC43MTk5OTkgIDY2My45MTk5OTkg XQovQm9yZGVyIFswIDAgMF0KL0Rlc3QgL2ZpbGUjM2EjMmYjMmYjMmZ2YXIjMmZ0bXAjMmZDR0l0 ZW1wNTA3MjkuZGlyIzJmZHJhZnQjMmRpZXRmIzJkb2F1dGgjMmR2Mi5odG1sLmh0bWwjMjNSRkM0 NjI3Cj4+CmVuZG9iago1MzYgMCBvYmoKPDwKL1R5cGUgL0Fubm90Ci9TdWJ0eXBlIC9MaW5rCi9S ZWN0IFs1MjIuNzIwMDAwICA0MzMuNTE5OTk5ICA1NDMuODQwMDAwICA0NDEuMTk5OTk5IF0KL0Jv cmRlciBbMCAwIDBdCi9EZXN0IC9maWxlIzNhIzJmIzJmIzJmdmFyIzJmdG1wIzJmQ0dJdGVtcDUw NzI5LmRpciMyZmRyYWZ0IzJkaWV0ZiMyZG9hdXRoIzJkdjIuaHRtbC5odG1sIzIzdG9jCj4+CmVu ZG9iago1MzcgMCBvYmoKPDwKL1R5cGUgL0Fubm90Ci9TdWJ0eXBlIC9MaW5rCi9SZWN0IFszMDku NTk5OTk5ICAzNzcuODM5OTk5ICA0NzguNTU5OTk5ICAzODguMzk5OTk5IF0KL0JvcmRlciBbMCAw IDBdCi9EZXN0IC9maWxlIzNhIzJmIzJmIzJmdmFyIzJmdG1wIzJmQ0dJdGVtcDUwNzI5LmRpciMy ZmRyYWZ0IzJkaWV0ZiMyZG9hdXRoIzJkdjIuaHRtbC5odG1sIzIzVzNDLlJFQyMyZGh0bWw0MDEj MmQxOTk5MTIyNAo+PgplbmRvYmoKNTM4IDAgb2JqCjw8Ci9UeXBlIC9Bbm5vdAovU3VidHlwZSAv TGluawovUmVjdCBbNDA2LjU2MDAwMCAgMjg1LjY3OTk5OSAgNDY4Ljk1OTk5OSAgMjk2LjIzOTk5 OSBdCi9Cb3JkZXIgWzAgMCAwXQovRGVzdCAvZmlsZSMzYSMyZiMyZiMyZnZhciMyZnRtcCMyZkNH SXRlbXA1MDcyOS5kaXIjMmZkcmFmdCMyZGlldGYjMmRvYXV0aCMyZHYyLmh0bWwuaHRtbCMyM3Nj b3BlCj4+CmVuZG9iago1MzkgMCBvYmoKPDwKL1R5cGUgL0Fubm90Ci9TdWJ0eXBlIC9MaW5rCi9S ZWN0IFsxMzAuMDc5OTk5ICAxODMuOTE5OTk5ICAyMDMuMDM5OTk5ICAxOTQuNDc5OTk5IF0KL0Jv cmRlciBbMCAwIDBdCi9EZXN0IC9maWxlIzNhIzJmIzJmIzJmdmFyIzJmdG1wIzJmQ0dJdGVtcDUw NzI5LmRpciMyZmRyYWZ0IzJkaWV0ZiMyZG9hdXRoIzJkdjIuaHRtbC5odG1sIzIzdG9rZW4jMmRl bmRwb2ludCMyZGF1dGgKPj4KZW5kb2JqCjUzMiAwIG9iago8PAovVHlwZSAvUGFnZQovUGFyZW50 IDIgMCBSCi9Db250ZW50cyA1NDAgMCBSCi9SZXNvdXJjZXMgNTQyIDAgUgovQW5ub3RzIDU0MyAw IFIKL01lZGlhQm94IFswIDAgNTk1IDg0Ml0KPj4KZW5kb2JqCjU0MiAwIG9iago8PAovQ29sb3JT cGFjZSA8PAovUENTcCA0IDAgUgovQ1NwIC9EZXZpY2VSR0IKL0NTcGcgL0RldmljZUdyYXkKPj4K L0V4dEdTdGF0ZSA8PAovR1NhIDMgMCBSCj4+Ci9QYXR0ZXJuIDw8Cj4+Ci9Gb250IDw8Ci9GNiA2 IDAgUgovRjEwIDEwIDAgUgovRjE1MCAxNTAgMCBSCi9GOSA5IDAgUgovRjI0NCAyNDQgMCBSCj4+ Ci9YT2JqZWN0IDw8Cj4+Cj4+CmVuZG9iago1NDMgMCBvYmoKWyA1MzUgMCBSIDUzNiAwIFIgNTM3 IDAgUiA1MzggMCBSIDUzOSAwIFIgXQplbmRvYmoKNTQwIDAgb2JqCjw8Ci9MZW5ndGggNTQxIDAg UgovRmlsdGVyIC9GbGF0ZURlY29kZQo+PgpzdHJlYW0KeJztXUuP3LgRvvev0DmAx+JDDwJBAO94 JkAOAQwPkMMih8AbJ1jYi0z2kL8ftVo9LdXX1EeyKfXDPQN7ejgSWSzWi1XF4vs/f/5H8a/fi/eP n/9TfBl+Pn7elA9l5XZfRdl9vxs36PbB6HL7VbTKPNRN3/rl++a1eN182nzq/n/dqLp/cfjR/XE/ RNl///7lt8373eCbXcvnx792n/5X6OIv3b9fi5//3jX+MvS3feD7pnV1B0dZKtP9+m38q9LO6f5z 117KX7cP/3vztz8Uv20B0w9tD7zaATj+9Z2pbd1s36xOAvn18OrQ+xZZvs/jjqPgq6tuLbq/Fqap uwfb4r//3Hzthj8MXpfGaVXVrffzeHBjhsFsUZdWdU+VpevwbmzVf+5GrcvKPti+vVuAWvW/KC3b dfOgh/a3fr55+t+uzdcRzM4MX97PE5jHsNX9sDuYx2O1PZ0gbJP20Vze+vnm6V/CnAnPHph9MPjW ZQk8H1/r79P2IDwfpw0fLU1hXpiZnGlVUXUguCO8tJd/DqRB3DjWdlzrGtP9X6hqP86nNNGk+u8x MLsWj2h6nXnxp5fN++dOjpTFy9diB8G73Y+XHdTvOrBbW7z8UvxxC9SfipdfN1tJPDTovqE5NJi+ oT00WPnEro+nlzGe42Tt68yL/YS66XT64ciMVFlvZ1SVeg/Ns5iRUmICajdFe5jARznFp76hOryy Q4Ia4elRvtOKdwAQGAYg00pCZg+oPQFHbSNw1EhIWrbqyh0nAzuDAEArvCKRCHAgYLC88ATAwSHV ElIP0R/6UB8lpI1cblh/wKlcfw46LoPsVJd0KQFSIMyfKD4khyCSKR/iK0CWwLp0+si6nD6ACvmw dHIaSGoJKgxYF2igwi4FUo80PFVwDcJdNV5KBTaUDUBUASjiwu/DMoJ6mK/ZC2q7G8fN0CowM8wX ZgMcAVImXkNmJG9pSDzokYloj5qI/qdCDI6AAXbrVnkXrjMnJwunOIdAAwhd+YSRDbo+btqMGqxs kK8gHHKtNQAG7ADkIV9R5RltRGOq6eogwVPcI8EDJ6KNCAQOPBGvV+1uiZU6tOxwq8oDoXyUYkMx ljdadlJW0EJ7CTC+ud0EVgBX+lmk75Y+pkwMuoRzNScT6DSeKFRW7WpbLxuDLpGwBtjnoauX2T6n OxpubNvdE0ofuKSSvcLsQPJ9kMPIVzSdjAEM5QDVyAYAVcv11yBYFgEVx32UsghhfZLvPB832k7k mnrHNLUJF+HxJrht4q3Y55wyoXmTCaAFFOBVqoXBYBiJdOjkiLqpBWkN1k4j12+GtKAPJD7QlVpa SAg913JUxgVs9aFTaYQrQEiOXShoMHgC+gAFzb1jaAeAWKS7MOwU0A5PgIEM1gbXJFYSFSwu2NTx 9iWuVAJg4HHiijTBgrtY92mAfxFWKtTkySRXnQlfmmWsXGWUgGQJBebzZM85+87jg0bWpLNFF+ul GL13pzSBdBGRSfUS9x9nEX/cN3iX9mtK+7psw6lqUWk/gmSRiMGi7vBa71XV3R1+Ve7ww8Kt4w4f cMx92+dxQ+tGTbFyfW7oExna2EYw9DLObPSxUm2SR8/lyInIYAemeDnQoSZfQckJOON0RM1NXLt4 Xy94SgKMWpAu4JQcpTmdrtOM8zIwzz5IoBm+27oHmtYKNOldPtaBBi490DS3EPeY0ZRrEgIx9wBQ egAokziu9gmxa4WRqj7WXLdvKQkg8hLo92LNxwA5wkHlMuA8SiFAPyfkQi6RHZgQhULpDVEoIEPq dkEHGe0U+wDjcxGV8MRtE9mAAVKAjJvFYNICb/MtDVdnCU75NTNfr9D1Mch110zxBRuvmQYFJhUs NXAYkFxyih7o3EODreQrsEW8qLw/1ZZiMYC9ubYL8N3zEDoVogHBjfjDEwmBGpSqXHXF60MMy3vk /4lGltW1IACeQnK3w062wwIUjyd7aS6DhIYyFQ8yuhxUtRPxjTJeQLiZFX80CjdarRgWnTEhaVd8 8QB4WDywGrjrgeezcTJbSYro0okFzxDwTTGbeEIU9yNdj6wKYIlVTvrhK3ItcenoKAmnFq+IMWmS XUo+CFXduO86LynnUTN6H7kPyPcIsGbjDYCEeEQKqWYQkEhVC6YHnKpUuubJ8t62Ayx+r3JB5k08 aeIoVHodgT0gzzresEYVEJ82tiqj/Sg+4lVZJI9ussaHxADaRSdWwvZ1lf18QCpIfF2CdA/3qSEv 14rFu9gtQIpHC9YqId8PqBk65dZ6ShLsEpukFPONqwgav+IqAlfbc+Arj6xq1B4yiIsnZHPKhcFg O+cQ4Du+bzImBiPeIEXdOzRaVU2F5AgDYOF8kA2e2kWjBhktgHiCkfmakJAATwBgFbwi5Ts0QB9K Tg6DNqCroA9PQiEQAPD/3CsQX4lyYLL1N97Z4PRoei6EjyAEhdOjr6DjQAJmgDABMDksZnTA9O9B u2kfMikG50JZCAWihAOTxIG3JT4MyBiQQjSL1UYdnGY8ZcNlKvKUxBlHM+IMzJ0MnMuT84H8OZPh sDQG6pOHc30A2UVtgNhy1+EiFPQhYlXizIDYkYyIkmoRvFPRFUypmfDuwvFelRkHdmU4fweARo2G HOdkYBSgEXgClZckGnS2A0lQjQhWFZ7o8XDvIlYV4CMTyegIgjiW9zRJSjr+eZJME/A8T7WJHLTH hNsWwj3m6+6zMJzbsw5KMe7Ggf3lkER8OJ3gCyFB1L2OUZY74hl51J4EIIPhf3hiyOaeSZFGZpJ9 +CqbjKYL7IX8RmeH0/W4z+DE5aFBgVrzZJ2eJwes3/27TtTsVwfOPa2SR4pimx6TwFG4n4KnxKxy EjshAYhHhFNKzvJywjwsEe+5T8n3BSqMTxEOqFRA85AU+LF4DvmFHHpcp/hFQGGTq5lLitM6gEAS 4nhZAhtVI2T9qmyXw0vtSquCATFgRSWEWBMyqFZh5pUkFT+NDE5Meg4jJR00ObUxbxWaM1Ux52fv QfwFlAvajTJT6idhttccKr2f7aEDhJztcWVVT/E1Qs/1hgl0aNw8pgHDN/AEL4wIao56fHx50XM+ IdiSwzLA2tLi68MTZyp6rmpBrRnKGiVlNeQx7tqWTCdLIY3HjLZcc/F1xFMMIl5aZxEzI/74L1Yr wULF0obEAgggW/Jk/5p6SiJnOiF+ruPNK+1dVjn/DjST4/x7XKLPbK1yp0o/n3ExQ1GGtcqTT7tm Kebh1FteE1a9krRrIUH2SO0s6TLm3WK5Eh7iWKS44VpVnQKSeZeothPsnbjC3YbRakrNPBiK2orH TyEYKgP3GJSlSRd4HsJjb5/HNLa6EpjNdzOE21ZcDVWDi3j9uTxO96VlEtD2LRp3TQI6y1GCHysS dKaA3C0HoLLKqlp5F4bv85Y14pq3jf5V3UCTo3xIvrXIu6NeJBEi4AZPXhyLO78vZUu6SNEeTjA8 U4Qa8JdT1qdqKiEilqk/X7VGjBPK3ZlkoDt3NDiBBlYRXvfaxEmi1nMCYU74rLKcOQ5cJmTHoTuM e2GpTwYbKJIXccstKb9Tw70nS0RdRuT2gHjjpaoh3hVajP7U6dVyejSdgdfhS7mUK0cMjV5kGGCL YpyR35iUgQP4hjWAA+IvMswCerxlmWJEJNwxdabd+Hl2UXetc5RwM4l//eavWFBVZRfuVTkF/sJ0 15wczqB1MlZxcNrur8zAiwgAh7SKRcIVlD+WQ3elkkwJ8eIMVa0SRGZA1ikvDQbpAtAp1+Q0bSEl t5U7jbhVkiPjgq9cjlzXdcIKF+t2vKwrSvMoh9p6h1nHybyKDF7nBNJN67Uc+76Ey2Wz3Ox2S6HM DLPFYx58exVfJTtAGHLAEjbo68TPaVTzTIeml6TCPBqncb7ppt/wcSJkrRWQJYi2HNenxt/pt4it mOKxuTZavg0pdCkYu6FtkCmpPk0oKMpXn7o8c1wiFBAj5Gyar1K/0867/Ugp9pGBhAI8YDn2dIts egEOzoX8XC3HIdCyUeKJmy4AsVBexTUzBF8qetA8YHKrpNrdaw4JVs5Rc8ijHrOoFFO+3RB+NUmA wScZTz1Cqd0URTnjTMbsbwy85mrhN62q1qpV9GPVN7nt88BnqoASn1eRcP0zjgK2bULkEUKioRry VDFctVM5HBDAA33Hr7ILPe2dR6lU+9P+uC/nGiKeqgLC1/GX+wbEQeLz30BQr3RPbXwBlIDTGdxb xjU550OAAwQETxDiV8pzpuMLxX3HNBEDNuE570FxxonzHSOM0CLuCnSKVGVwJQF2uuAJ67lhz3qn S561s0qFrx3cUQGMCIfhJfAB5fVlH7ymO1hQ/BXAKtYC8NQlHD0BlEqrlcEoCAevmxXlc2Xrr8N5 twTQoFyCJzQ6MxvUQx4dMrMQWQq6ccKkV7Qg+fPidDCKxxwYkQyUWuP3oMD0YViKZENvhsGbozzG 7hzHwNU5wJewclCsADBGn0iYi5VwGLlyNuONHc7acEF9v2wqVi7fq0gSqXwjVSRPZ8MmnA3h9iF+ YRFnMl5NKIHJ4F6wGyyVNHqFH8q6odni2vKS3HBdHTUGQPnBvg5AD9C5AIeE1ABgoOrl9EFvg5YC OWXlE2iUwModK137ULnhC4SP/FvABUP+znpJVvvKotn+VqXaNdPZHW71URCyVrKyy+ClGNeQKsUj Go4+yYaBqZxEq5TUyTOtm2nJW5ipHaYBUdC5mQ5LW83gazAWoZfYmWlrfSXYbCnK+R4vMJaKO2ur af8Kqis6STZPgEwZPwMiMY3stcqMqKqsFkVUpeRCVJLMZb4Hb4A+8BwhMJNEbWZmsk7UctFSJijP VV+geUb3hz0LAhkU3qgP4EfpykSOBf487jBLxYQyZho4vyJMQMxTPjHmv+67eO0wpup+6sOPL99T C05+Kj5t/g9PuvAYZW5kc3RyZWFtCmVuZG9iago1NDEgMCBvYmoKMzY4NAplbmRvYmoKNTQ1IDAg b2JqClsyOSAvWFlaIDQ3LjUxOTk5OTkgIAo2MTMuMDM5OTk5ICAwXQplbmRvYmoKNTQ2IDAgb2Jq ClsyOSAvWFlaIDQ3LjUxOTk5OTkgIAo1ODMuMjc5OTk5ICAwXQplbmRvYmoKNTQ3IDAgb2JqClsy OSAvWFlaIDQ3LjUxOTk5OTkgIAozOTEuMjc5OTk5ICAwXQplbmRvYmoKNTQ4IDAgb2JqClsyOSAv WFlaIDQ3LjUxOTk5OTkgIAo0MjEuMDM5OTk5ICAwXQplbmRvYmoKNTQ5IDAgb2JqCjw8Ci9UeXBl IC9Bbm5vdAovU3VidHlwZSAvTGluawovUmVjdCBbNjcuNjc5OTk5OSAgNzAzLjI3OTk5OSAgMTMw LjA3OTk5OSAgNzEzLjgzOTk5OSBdCi9Cb3JkZXIgWzAgMCAwXQovRGVzdCAvZmlsZSMzYSMyZiMy ZiMyZnZhciMyZnRtcCMyZkNHSXRlbXA1MDcyOS5kaXIjMmZkcmFmdCMyZGlldGYjMmRvYXV0aCMy ZHYyLmh0bWwuaHRtbCMyM3Rva2VuIzJkcmVzcG9uc2UKPj4KZW5kb2JqCjU1MCAwIG9iago8PAov VHlwZSAvQW5ub3QKL1N1YnR5cGUgL0xpbmsKL1JlY3QgWzIyMC4zMTk5OTkgIDY5MS43NTk5OTkg IDI4Mi43MTk5OTkgIDcwMi4zMTk5OTkgXQovQm9yZGVyIFswIDAgMF0KL0Rlc3QgL2ZpbGUjM2Ej MmYjMmYjMmZ2YXIjMmZ0bXAjMmZDR0l0ZW1wNTA3MjkuZGlyIzJmZHJhZnQjMmRpZXRmIzJkb2F1 dGgjMmR2Mi5odG1sLmh0bWwjMjN0b2tlbiMyZGVycm9ycwo+PgplbmRvYmoKNTUxIDAgb2JqCjw8 Ci9UeXBlIC9Bbm5vdAovU3VidHlwZSAvTGluawovUmVjdCBbNTIyLjcyMDAwMCAgNTc5LjQzOTk5 OSAgNTQzLjg0MDAwMCAgNTg3LjExOTk5OSBdCi9Cb3JkZXIgWzAgMCAwXQovRGVzdCAvZmlsZSMz YSMyZiMyZiMyZnZhciMyZnRtcCMyZkNHSXRlbXA1MDcyOS5kaXIjMmZkcmFmdCMyZGlldGYjMmRv YXV0aCMyZHYyLmh0bWwuaHRtbCMyM3RvYwo+PgplbmRvYmoKNTUyIDAgb2JqCjw8Ci9UeXBlIC9B bm5vdAovU3VidHlwZSAvTGluawovUmVjdCBbMzcwLjA3OTk5OSAgNDQ0LjA3OTk5OSAgNDI4LjYz OTk5OSAgNDU0LjYzOTk5OSBdCi9Cb3JkZXIgWzAgMCAwXQovRGVzdCAvZmlsZSMzYSMyZiMyZiMy ZnZhciMyZnRtcCMyZkNHSXRlbXA1MDcyOS5kaXIjMmZkcmFmdCMyZGlldGYjMmRvYXV0aCMyZHYy Lmh0bWwuaHRtbCMyM1JGQzI2MTcKPj4KZW5kb2JqCjU1MyAwIG9iago8PAovVHlwZSAvQW5ub3QK L1N1YnR5cGUgL0xpbmsKL1JlY3QgWzUyMi43MjAwMDAgIDM4Ny40Mzk5OTkgIDU0My44NDAwMDAg IDM5NS4xMTk5OTkgXQovQm9yZGVyIFswIDAgMF0KL0Rlc3QgL2ZpbGUjM2EjMmYjMmYjMmZ2YXIj MmZ0bXAjMmZDR0l0ZW1wNTA3MjkuZGlyIzJmZHJhZnQjMmRpZXRmIzJkb2F1dGgjMmR2Mi5odG1s Lmh0bWwjMjN0b2MKPj4KZW5kb2JqCjU1NCAwIG9iago8PAovVHlwZSAvQW5ub3QKL1N1YnR5cGUg L0xpbmsKL1JlY3QgWzMwMCAgMzA5LjY3OTk5OSAgNDQyLjA3OTk5OSAgMzIwLjIzOTk5OSBdCi9C b3JkZXIgWzAgMCAwXQovRGVzdCAvZmlsZSMzYSMyZiMyZiMyZnZhciMyZnRtcCMyZkNHSXRlbXA1 MDcyOS5kaXIjMmZkcmFmdCMyZGlldGYjMmRvYXV0aCMyZHYyLmh0bWwuaHRtbCMyM0kjMmRELmll dGYjMmRvYXV0aCMyZHYyIzJkYmVhcmVyCj4+CmVuZG9iago1NTUgMCBvYmoKPDwKL1R5cGUgL0Fu bm90Ci9TdWJ0eXBlIC9MaW5rCi9SZWN0IFsyNDEuNDM5OTk5ICAyMDUuMDM5OTk5ICAzOTYuOTU5 OTk5ICAyMTUuNTk5OTk5IF0KL0JvcmRlciBbMCAwIDBdCi9EZXN0IC9maWxlIzNhIzJmIzJmIzJm dmFyIzJmdG1wIzJmQ0dJdGVtcDUwNzI5LmRpciMyZmRyYWZ0IzJkaWV0ZiMyZG9hdXRoIzJkdjIu aHRtbC5odG1sIzIzSSMyZEQuaWV0ZiMyZG9hdXRoIzJkdjIjMmRodHRwIzJkbWFjCj4+CmVuZG9i ago1NTYgMCBvYmoKPDwKL1R5cGUgL0Fubm90Ci9TdWJ0eXBlIC9MaW5rCi9SZWN0IFsxMjUuMjgw MDAwICA1NC4zMTk5OTk5ICAyNjcuMzYwMDAwICA2NC44Nzk5OTk5IF0KL0JvcmRlciBbMCAwIDBd Ci9EZXN0IC9maWxlIzNhIzJmIzJmIzJmdmFyIzJmdG1wIzJmQ0dJdGVtcDUwNzI5LmRpciMyZmRy YWZ0IzJkaWV0ZiMyZG9hdXRoIzJkdjIuaHRtbC5odG1sIzIzSSMyZEQuaWV0ZiMyZG9hdXRoIzJk djIjMmRiZWFyZXIKPj4KZW5kb2JqCjU1NyAwIG9iago8PAovVHlwZSAvQW5ub3QKL1N1YnR5cGUg L0xpbmsKL1JlY3QgWzI5Mi4zMTk5OTkgIDU0LjMxOTk5OTkgIDQ0Ny44Mzk5OTkgIDY0Ljg3OTk5 OTkgXQovQm9yZGVyIFswIDAgMF0KL0Rlc3QgL2ZpbGUjM2EjMmYjMmYjMmZ2YXIjMmZ0bXAjMmZD R0l0ZW1wNTA3MjkuZGlyIzJmZHJhZnQjMmRpZXRmIzJkb2F1dGgjMmR2Mi5odG1sLmh0bWwjMjNJ IzJkRC5pZXRmIzJkb2F1dGgjMmR2MiMyZGh0dHAjMmRtYWMKPj4KZW5kb2JqCjU0NCAwIG9iago8 PAovVHlwZSAvUGFnZQovUGFyZW50IDIgMCBSCi9Db250ZW50cyA1NTggMCBSCi9SZXNvdXJjZXMg NTYwIDAgUgovQW5ub3RzIDU2MSAwIFIKL01lZGlhQm94IFswIDAgNTk1IDg0Ml0KPj4KZW5kb2Jq CjU2MCAwIG9iago8PAovQ29sb3JTcGFjZSA8PAovUENTcCA0IDAgUgovQ1NwIC9EZXZpY2VSR0IK L0NTcGcgL0RldmljZUdyYXkKPj4KL0V4dEdTdGF0ZSA8PAovR1NhIDMgMCBSCj4+Ci9QYXR0ZXJu IDw8Cj4+Ci9Gb250IDw8Ci9GNiA2IDAgUgovRjEwIDEwIDAgUgovRjkgOSAwIFIKL0YxNTAgMTUw IDAgUgovRjI0NCAyNDQgMCBSCj4+Ci9YT2JqZWN0IDw8Cj4+Cj4+CmVuZG9iago1NjEgMCBvYmoK WyA1NDkgMCBSIDU1MCAwIFIgNTUxIDAgUiA1NTIgMCBSIDU1MyAwIFIgNTU0IDAgUiA1NTUgMCBS IDU1NiAwIFIgNTU3IDAgUiBdCmVuZG9iago1NTggMCBvYmoKPDwKL0xlbmd0aCA1NTkgMCBSCi9G aWx0ZXIgL0ZsYXRlRGVjb2RlCj4+CnN0cmVhbQp4nO1dS4/cuBG+96/QeQGP+RIlAUEA27sOkEOA gQfIIcgh8GYTLOxFJnvI349erZbqE7soilRLPW1j1z2cFlks1ptVpfd/+vKP7F+/Z+8/fflP9rX/ 99OXk3gSedX9yUT99914QJVPWonmT1ZK/WSLdvTr99Nr9np6Pj3X/389Sds+2P9T//K8hGj//v71 t9P7bvFTN/Ll01/qT//LVPbn+r9fs7/9vR78uZ+v+cL3U1nZGg4hpK5//Db+UWqhxZOpP9fjgv7Y fPnfp7/+kP3WAKaeyhZ42QE4/vGdLgprTT1pvgrk18ujT1boSsncls7P44m17uExmbZKNXuoYfl+ 0iavn2h/0FbnT6r9WOPAStNuVNFxVTQ/tOPDPN8c8zfo+WUEc6X7P87PE5jHsJnySZxhHq9VH1U5 B9tkfLSXYZ5vjvkpzJHw7IDZBYPrXFLgef6sv0/HvfA8TxsuWoqEZ1t2a0kxpWdbdmtJMYWBjA8w j+b55pg/Gj3bsjvrDubxWh0+EbbJ+GgvwzzfHPMnwrMDZhcMrnNJgef5s/4+HffC8zxtuGhpCnMn /Rtl5vo8hnmR/rC1UBCqEQ1KZLnO/vvPeuXnDdfWuc2MKbNyZu2zOq9AuS1bx5hMVUVrFmQyP6/z HKZpZft3DEw34tC0r1ce/Phyev/ZZvWJv/ySdRC86/556aB+p6qy+e3P2R8aoP6Yvfx6agyLfkC1 A8VlQLcD5WXA0G90c/z00u8/Ca51ve4BcV2DbVPhOtBMe73yYLsh2RiSczvKVUM8uSymwBR0QyW7 IXMZ+ES/UdCBsh3Ir6zyIx34iT7ymaBeCgo6wAHL0jlgWSm53cqSPXEKugJI2UdgWdNhTMrLSDer FMOI7nZTUVK7LKz1MtqTSHuyVgg1BRlZq7vzZ/UkhckzKav2g63a0dq3kWX/6WsNuX0qm89i+KWd Pmz7edvvNp911T6RTR/V1Xne+lPz3fGizS+VmDw8wPu1Vp8ff0jFWVLLlrXqrbjOlJ66/ollHCBY dlIk2B8JEciCTgqr0EmRLYC1kkiFADhATNDtbyQmFMUHL+HYk+PhwGUBH1UCJANOkcZuQ5YorYFO A84lwtkixuAoP3Gg34qzeb7lWQz2YqjuAgSVF921XkxbJ4qAZJCGQJIBVoHJdnJ2KFJYhXIjgcFz rhZ0lQBWBrIDSHlq50XKck0XIEHeloK9kXkluwEZVytpSb6hFjqJbkO9GBnqxayhXgyGeoGGejEY 6sXUUC9GhrqdNdTtYKhbNNTtYKjbqaFebGWoF/kdMBLvnAeInp3oKkQQ2F17gfTAFBRDFLMmlMcj YP7yR0mR7GGpsHaZh13Oz8EepYdJudzRD2f1lTZ1XlkiUXk1CqzMPwI4UzGAP6uDyo1G4IicQsLz brC/s4iJNnFdeAQl0UJHFrJ79Q97M/OKRvWWh+tNVSsupqoVc6aqFWdTtflETNXul3b6sO3nHUzV atZUrQZTtUJTtRpM1WpiqnbzbmCqWnEWrHiTwAfe+ADgTszMTbXGKvkWogA+RNG07fWd1fpMDx/p 4bImchoSSmJG7eVekZXeHmJ0Lwrwcc/6stDpjGFT8aYcyy8ej4DJAJYKC5gHpJuYxwHWsIf3B7vl o+FADpZdhRdsDud3tSfTZgZZU051zjVlsFx/bKPpPWK3PJPxtyGwWxBtcFSgHJeff4ic4mNhewkG BdyFpogfJbFzUir6ldxvjCXc/zAXNjAX+DAd7JYN9XmEC33thzj+htX+GIKBAHmw3KuTHznK9UDq cgv8LVglsQWV1pSoYrrGlTzP+shsPYYIxcxW0VHzJTZu9HJ7IILb5kEPgEPAMjAiBP7fVBzMw4Ly lUPXLlNgc7x1zOKDN6hDVMpx7+fXpKRHEfaFsE7txssD3j0CuyzgaixA6QCXQWocD8c9i5A0wWZ+ +9TERC5jI3Iep8/nH26TwxhDLj2UIUPJbIDuYcXOojCO+lDSSQ8HsnxZakdQl5PuQ9PtVNPB5vi7 +23uwPgALY/Th7sVn4Juk7y1kYsS78JrpYaxspyqmJ6W4ygubZ0oedA/s0qMu6YUaZYb5ZC8qcP2 cPphWbhIYHEapzQfgWdj+h6UmqJ2zyMOxlb/plFDy8tO8fwTJkCsTrPPp9L/SGn2vebKpTcBpJH2 OykzAebmq70PZIZFCOkfOc1odJ95aaTUtZ0UbZOs+c+TdHmP7/Pp5gsXbTm4atozzTCwatNLysGg 1QHBLBiwVHNKkAKgF+BAQPs4AvngNl60sdJUPYPjUFGV3gssS9VPdYUyAHa+UhweoSEiBLWkWOVx hrAXdIBu1/tkbtnpqqz/cRlcxxGf22T6Ls9aRmOZz/7x5YlrAjYguSXA7gHQ+cSt5ccQwzLwOAYe jhiOQUCIL0VdxF0lwt+o2PKm/BLF1yht4QQ1yfXONpd5OxFk+80eixJ8ue9Cy7sWmAdu4LA894OP gXlYHIBT3mhjMabpUaKREtB8aVRqvlo9lComxSQJTrL04HG4m4TA+UkDZH2IRDlOkOi4Psw2ho5H o7WAtCXAsgeRQfyX9532Gv/dDQltaT3GURdV4TwH1iN7WJMcw+zVmsQeowH2FaRgAByQ98ZfoAa0 i4rQcvhtFQDyfTo9ctYCOrbz1XxwUPxuNyle2MbcTHNr70jziaI+KqmcGGL3jzjcazcAPokJaZtP Rgd1GtDWjZdbfEdqGODFZUCbAjYp2sPwWS76Q+7sA1KN+QqZFJWtSd69wE/qUZUGoG9T6cunlkGk gTViolxuHM2liaMc1MY3FUlipilcieNXKt3I553PRlpNqPnQ4fc4EZ4Y2WjbFJgfOcOPZ1S+k1ZA J8ZtQsT3HOEISTC4o07MHqy+k2rqezB0io11Hxwun7rNe+OsbRTw0rGNbGWw6qkHu1Ew5q4F6o1e KHajG6WHyR5fbC2/YPVg5AhlXHwEzBUAXFtOq4j+cCnlOGqqzJ1I2yR+F+VSeifZubKj7nHhBPiO QM2f52ellQSTmhYzfCbVBY5v+VQceCzQEVTuoiglLCEpiL2VdABk/Qc6AMwN0s8hUkEeXFsW5oAO SGL2WLJNCjx0/ZspZveS2sMn6QHXgOhlDdWQ19Tynr9vA5bVclYzZ5fGDUvXJVc3YiymTXQj/ziF keQRCoPdesQGA5w7/pqUb6hxGEv8rpyqeJ7r2j7rTWeXMbff9YX+/dYy10dY+NcyK7Da9lvt7HAW 4VWDl4GeQ3ntc62NENRUUxGmYI7dFQzr2qSNWTD8kMlLMRZQUoz+dEAbnE0ukm50ObffKw2+PQvo QT7rBk3Hu34hfYr3tfIR6iSCDE8blg1OylsbgRQ5UQ9b3nhHcVCldJcwPFTbapbhxU5Im12+Beqj B8dU/C8vPtpLnNCj2AQkCJ+Szb/XYhPzIMA4lB/oHHtxteMEQQtBxDJvp8BAwKuheMUVUAcTLcuw Roi+g55NifpSaEUnETmMsLMElLRGKSm4a5OBlyvsIx6uHH9Jt9y1jdIAAkiKTyEP6AAAcOwlcz0h ja0VqqYiUjVG3CamvLeDrQI4CqgdBdsNJgWaAdPd410/dJnkr4Y9Vt6DtGZ6thoEhCOFvrxyUI6m KrcJGCtJyHcvzmqUOOxOLlO3eitprivuMAPeHHCjqojgK+o48rywTgzBZgJEb4yy2yhtv3eSYbep Wb2SQpQWUxK50YsgQhzpgNN9U33P9aJYtdNysK0gVmpYB3AGzExFhnIYZ1fmUI6O2FeMjz5uNnoE 1CykdsKkIIjh1pw+omFS2AvNF4Xt4wDNAOCX1VQe6kUp2Nz569z7/GG/mKgKRwWv3wHj03EVOXoE nBM6h6JspgAwR/HMFTRjQA/If1HfK+4gcn9GvMPc5kUUQvcS0cW5Rv5AZZTaNZ0jpweFVEb3ooG4 4Wyp1M1BQjhExmgA5CGorog3oqoaLNWAAm82JPDGIwCS4BjoFLihF223ceeltlN4H+48Z7zu1503 peQO8w2484tc5IAq1XjveI0izvXQZM3jzcqKfY+OBzOnyTWSUk63wwseviVaiO7hS4x2m1l4z1eN G3WjiSAgY7RKjpK+SPcC/OKBdT6xCPiFva4M6UXEd9Tkg6oe+a3LkyBC+l7Ee91mHBVyacUWu245 HLSynIJ2o/geZgHFDPjpoRrnEfAjh/kmAn66tN7n/wj4zS4b5yCM8GfENx7w02ABOByxaygEUx5i c/QbuaNccfQNun1D96KBuOmyhkoI4CmMIrKA4SoUMNhcvuj90xxxS38p8xhYPQA8xXMdryB5fjB0 UgOkC7oMeJtKMpgU5APPQsiGLMfwXIffSMtCeoF+eAysHfCOmi9hEKzNpsStgS9ZascBMKCBheAR MI9ACQODgEgBVqYohM3hpLAsFQeAMWB2cEoMeK78XuCgwNVzHHYUd9gUg8+ZpBoezMeA18btJQE4 4AU8Ie+GuVF9PH8HsbxS2yPkyL8YiQ858qle27RFgpPjaxn5sB0fYA0IyoEZx6dgsu1Q+vjCOJ4G QRv+Koyvf+TvRgPeMxmBcfkWbx58mjCcHkdfVMNrjvgoNVAZ33QAjp+vS1qXcrGmPSHBSEAFXaru e6ZgQNtNoW0KyRzvvV5a5GK4L+Bf2hagIXmxElDKOdvTK6/6P4AH+juPXl3uyVqk2qvtd60pzxKR 3tH3KKwoxkab61jGUgIZYewjnaOkA7S6WcGylh5UPktToYhoki4bTFh9OEzIeREVigljSP9cI8m2 JNRVS0dqx/gr9ApdwZ16Tr9BkWPmoyqhO9U5qZiDnfa8vnRBZYxrSVqkJ+Z9x+AtWVJUpaEFHnIS pVKkdErYav4eMhwvRoqkeDEyJ/NTTpS0RZ+AXgEUC3K+JHcFFvIiLRYsLf+FyFaYLLmypYJW+UXe UkkYqr//G0seSs541B/oyQIH0G9EFkWqKKfZk+lFkSrJkpFPRlV6Ov9BRJHWJiledFf3Opp/j6JI QzpvZCyUJPd7A1EkdNItGUEYqj+UK8eG5/g59qaB2iJv2hBuOWdxjXgYyJkazpGFqVTE204vTKWm Dn5cNEtDYhsHEaay1Gnx0imx0fx7FKZ9DXYyLDSlm5P50wtTRcOPsbeUE4Y6pl2nO/G4pSjqvdpk J6Pz6pCiyIi0TGhEfgBRZCASHRkLVC5sYNfZKu2WCsJQe7DrcqC2uJvOJeGWtXZd/Td7rSGTtl2i /+fr99Cy0+fs+fR/DYRPlGVuZHN0cmVhbQplbmRvYmoKNTU5IDAgb2JqCjM5MjAKZW5kb2JqCjU2 MyAwIG9iagpbMzAgL1hZWiA0Ny41MTk5OTk5ICAKMTkwLjYzOTk5OSAgMF0KZW5kb2JqCjU2NCAw IG9iagpbMzAgL1hZWiA0Ny41MTk5OTk5ICAKNDQxLjE5OTk5OSAgMF0KZW5kb2JqCjU2NSAwIG9i agpbMzAgL1hZWiA0Ny41MTk5OTk5ICAKNzI3LjI3OTk5OSAgMF0KZW5kb2JqCjU2NiAwIG9iagpb MzAgL1hZWiA0Ny41MTk5OTk5ICAKNDk3LjgzOTk5OSAgMF0KZW5kb2JqCjU2NyAwIG9iagpbMzAg L1hZWiA0Ny41MTk5OTk5ICAKNzU3LjAzOTk5OSAgMF0KZW5kb2JqCjU2OCAwIG9iagpbMzAgL1hZ WiA0Ny41MTk5OTk5ICAKNDY4LjA3OTk5OSAgMF0KZW5kb2JqCjU2OSAwIG9iagpbMzAgL1hZWiA0 Ny41MTk5OTk5ICAKNDExLjQzOTk5OSAgMF0KZW5kb2JqCjU3MCAwIG9iagpbMzAgL1hZWiA0Ny41 MTk5OTk5ICAKMTYwLjg3OTk5OSAgMF0KZW5kb2JqCjU3MSAwIG9iago8PAovVHlwZSAvQW5ub3QK L1N1YnR5cGUgL0xpbmsKL1JlY3QgWzUyMi43MjAwMDAgIDcyMy40Mzk5OTkgIDU0My44NDAwMDAg IDczMS4xMTk5OTkgXQovQm9yZGVyIFswIDAgMF0KL0Rlc3QgL2ZpbGUjM2EjMmYjMmYjMmZ2YXIj MmZ0bXAjMmZDR0l0ZW1wNTA3MjkuZGlyIzJmZHJhZnQjMmRpZXRmIzJkb2F1dGgjMmR2Mi5odG1s Lmh0bWwjMjN0b2MKPj4KZW5kb2JqCjU3MiAwIG9iago8PAovVHlwZSAvQW5ub3QKL1N1YnR5cGUg L0xpbmsKL1JlY3QgWzI5Mi4zMTk5OTkgIDY2Ny43NTk5OTkgIDM2MS40Mzk5OTkgIDY3OC4zMTk5 OTkgXQovQm9yZGVyIFswIDAgMF0KL0Rlc3QgL2ZpbGUjM2EjMmYjMmYjMmZ2YXIjMmZ0bXAjMmZD R0l0ZW1wNTA3MjkuZGlyIzJmZHJhZnQjMmRpZXRmIzJkb2F1dGgjMmR2Mi5odG1sLmh0bWwjMjNl cnJvciMyZHJlZ2lzdHJ5Cj4+CmVuZG9iago1NzMgMCBvYmoKPDwKL1R5cGUgL0Fubm90Ci9TdWJ0 eXBlIC9MaW5rCi9SZWN0IFs1MjIuNzIwMDAwICA0NjQuMjM5OTk5ICA1NDMuODQwMDAwICA0NzEu OTE5OTk5IF0KL0JvcmRlciBbMCAwIDBdCi9EZXN0IC9maWxlIzNhIzJmIzJmIzJmdmFyIzJmdG1w IzJmQ0dJdGVtcDUwNzI5LmRpciMyZmRyYWZ0IzJkaWV0ZiMyZG9hdXRoIzJkdjIuaHRtbC5odG1s IzIzdG9jCj4+CmVuZG9iago1NzQgMCBvYmoKPDwKL1R5cGUgL0Fubm90Ci9TdWJ0eXBlIC9MaW5r Ci9SZWN0IFs1MjIuNzIwMDAwICA0MDcuNTk5OTk5ICA1NDMuODQwMDAwICA0MTUuMjc5OTk5IF0K L0JvcmRlciBbMCAwIDBdCi9EZXN0IC9maWxlIzNhIzJmIzJmIzJmdmFyIzJmdG1wIzJmQ0dJdGVt cDUwNzI5LmRpciMyZmRyYWZ0IzJkaWV0ZiMyZG9hdXRoIzJkdjIuaHRtbC5odG1sIzIzdG9jCj4+ CmVuZG9iago1NzUgMCBvYmoKPDwKL1R5cGUgL0Fubm90Ci9TdWJ0eXBlIC9MaW5rCi9SZWN0IFsy NDUuMjgwMDAwICAzNjMuNDM5OTk5ICAzMTQuMzk5OTk5ICAzNzMuOTk5OTk5IF0KL0JvcmRlciBb MCAwIDBdCi9EZXN0IC9maWxlIzNhIzJmIzJmIzJmdmFyIzJmdG1wIzJmQ0dJdGVtcDUwNzI5LmRp ciMyZmRyYWZ0IzJkaWV0ZiMyZG9hdXRoIzJkdjIuaHRtbC5odG1sIzIzdHlwZSMyZHJlZ2lzdHJ5 Cj4+CmVuZG9iago1NzYgMCBvYmoKPDwKL1R5cGUgL0Fubm90Ci9TdWJ0eXBlIC9MaW5rCi9SZWN0 IFszOTEuMTk5OTk5ICAyNjIuNjM5OTk5ICA0NDkuNzU5OTk5ICAyNzMuMTk5OTk5IF0KL0JvcmRl ciBbMCAwIDBdCi9EZXN0IC9maWxlIzNhIzJmIzJmIzJmdmFyIzJmdG1wIzJmQ0dJdGVtcDUwNzI5 LmRpciMyZmRyYWZ0IzJkaWV0ZiMyZG9hdXRoIzJkdjIuaHRtbC5odG1sIzIzUkZDMjYxNwo+Pgpl bmRvYmoKNTc3IDAgb2JqCjw8Ci9UeXBlIC9Bbm5vdAovU3VidHlwZSAvTGluawovUmVjdCBbNTIy LjcyMDAwMCAgMTU3LjAzOTk5OSAgNTQzLjg0MDAwMCAgMTY0LjcxOTk5OSBdCi9Cb3JkZXIgWzAg MCAwXQovRGVzdCAvZmlsZSMzYSMyZiMyZiMyZnZhciMyZnRtcCMyZkNHSXRlbXA1MDcyOS5kaXIj MmZkcmFmdCMyZGlldGYjMmRvYXV0aCMyZHYyLmh0bWwuaHRtbCMyM3RvYwo+PgplbmRvYmoKNTc4 IDAgb2JqCjw8Ci9UeXBlIC9Bbm5vdAovU3VidHlwZSAvTGluawovUmVjdCBbNjcuNjc5OTk5OSAg MTAwLjM5OTk5OSAgMTM2LjgwMDAwMCAgMTEwLjk1OTk5OSBdCi9Cb3JkZXIgWzAgMCAwXQovRGVz dCAvZmlsZSMzYSMyZiMyZiMyZnZhciMyZnRtcCMyZkNHSXRlbXA1MDcyOS5kaXIjMmZkcmFmdCMy ZGlldGYjMmRvYXV0aCMyZHYyLmh0bWwuaHRtbCMyM3BhcmFtZXRlcnMjMmRyZWdpc3RyeQo+Pgpl bmRvYmoKNTYyIDAgb2JqCjw8Ci9UeXBlIC9QYWdlCi9QYXJlbnQgMiAwIFIKL0NvbnRlbnRzIDU3 OSAwIFIKL1Jlc291cmNlcyA1ODEgMCBSCi9Bbm5vdHMgNTgyIDAgUgovTWVkaWFCb3ggWzAgMCA1 OTUgODQyXQo+PgplbmRvYmoKNTgxIDAgb2JqCjw8Ci9Db2xvclNwYWNlIDw8Ci9QQ1NwIDQgMCBS Ci9DU3AgL0RldmljZVJHQgovQ1NwZyAvRGV2aWNlR3JheQo+PgovRXh0R1N0YXRlIDw8Ci9HU2Eg MyAwIFIKPj4KL1BhdHRlcm4gPDwKPj4KL0ZvbnQgPDwKL0Y2IDYgMCBSCi9GMTAgMTAgMCBSCi9G MTUwIDE1MCAwIFIKL0Y5IDkgMCBSCj4+Ci9YT2JqZWN0IDw8Cj4+Cj4+CmVuZG9iago1ODIgMCBv YmoKWyA1NzEgMCBSIDU3MiAwIFIgNTczIDAgUiA1NzQgMCBSIDU3NSAwIFIgNTc2IDAgUiA1Nzcg MCBSIDU3OCAwIFIgXQplbmRvYmoKNTc5IDAgb2JqCjw8Ci9MZW5ndGggNTgwIDAgUgovRmlsdGVy IC9GbGF0ZURlY29kZQo+PgpzdHJlYW0KeJztXUtv3MgRvs+v4DmA5X7wCQQBbNkKkEMAwQZyWOQQ eLMJFtIiyh7y98MhOTNkfWxWs1nNhyQZux61Od3V1dX1ruLHP3/7R/Kv35OP99/+k/zo/r7/dlJ3 Kqvan0TVfz70B0x5Z406/ySltnd50Yz+eD69JC+nx9Nj/f+Xk86bL3Z/1f94WUI1f37/8dvpY7v4 qR35dv/X+tP/EpP8pf7v1+Snv9eDP3fznR94PpVVXsOhlLb1r0/9X7VVVt2l9ed6XNFfzw//+/S3 PyS/nQEzd2UDvG4B7P/6wVYqr9L6m9kikF9uX73Lla2MzvLS+bk/sbUdPGkNmc7vWsieTzbN6m/U P1k9Xh9AqdrNlblOm40aOm6KO9ONX+d5csx/Rs8vPZgr2/04Pw9g7sOW6uZzA3N/rawBE2EbjPf2 cp3nyTE/hVkIzw6YXTC4ziUGnsfP+nk47oXncdpw0ZIQnrMsNQ0M5ZCes/rnDE49PoCBjF9h7s3z 5JhfjJ6zej8NfsohbWRZqZrPANtgvLeX6zxPjvkj4dkBswsG17nEwPP4WT8Px73wPE4bLloSwnOe FnnzuRrSc56WVfO5GsJAxq8w9+Z5cswvRs95plr8VEPayDPd4ofCNhy/7eU2z5Nj/kh4dsDsgsF1 LjHwPH7Wz0O8eeF5nDZctDSEudVm6h/n5z7Ms/ShPEusNmWa2CJPbJn895/1yo8iMljluWkVtqGu o/KiQQyVT8Pxmzy7zfPkmF9O11F52TBOqjeoQjXoBtgG4/29XOZ5cswvp+sM8OyA2QWD61xi4Hn8 rIe6jh+ex2nDRUvr3qXMFvU9SpMUr9LF2qrA9pi3TFrfVpWbs9WW6OyyzmOYIaSbP31g2hGHIfQy 8cXP308fH/Ia+cn3X5IWgg/tX99bqD/UYKf1bz8nfzwD9afk+6+ns93XDZhmoLgN2GagvA2k9Il2 jq/fu/1HwnWVF0fEdVWUh8O1VjWBHA/XWmX6eLi2h6RrbaPRdaB36GXii82G9Nl/NbajzJwvamaz DhjzQMG9JwP6C4XfjO8wnTEHTkrRpkv6FTqAy7ZPZLeBL3TSjF1Ws5ujq+h7CulnOoeDJm6T6or7 ijYUjgdCigg6fQIRBE8Axlh84EGx28fTh72wu+UJxoM+gJLZg0LSpieHRxnlGACOgs7Bgo5wwMBX DlKd00kLdpX5J2cVCwcQDH9yFKdwka2my7LE78FQAB/z+Vj3lUaELJAFJREGEhcEWT0QJn+VHThb ut92u5k/ng2//wCUwaUCHLYD1RwWwgvl4MOlmspdG7hTjRmbXj8T7cXxlI9G47FAe9KZ66h1bRoP z5rqOcC4cIDipzuWiQELLBaEARWOQGK4rNpQXzS5JogEugJy5lU50BBYecczWrxFsAqcDoAOMqJd RU8wK16+4TKfxoXVQv6WqnR4VuYzyzZ4KUnZN56EQzrF1m63UQB1e5ha3R7RdF06oB8ExVeeO8mZ V73Y/XqoK3AyoM3ziqaE3RFyNWH/sC6QKhARxbKHDshP6qvyzbkhHqoY7IW9qStZVa/IYYDaXMAt lBEQmR2ykJE7BCcBGGDpDrVm3hTlhTcIUbghvKEJRMR/hb+68/UfBB04N53URf8yMqXU3puxX1nY +f0D2j/dNnNzPfetgPHPAwXY43lePZ65aIPd6uzQHtWdmwDU1VFv4VaDHgjU5tAUJwZsBgpKSzv5 xMA9ZVHwBF3GtGeo9cS501tuNF2GrqvpEzBHn+438p7npblsiCrYAW6onTGUHUrpjXgSiCQ4WzhK EI2s8dRdiSmCkdCv9kpSHmY9XcWo2V9BHvmFshm06oCNpoqOWOowNvcwTYDaDnQGRwGYRz1OxkOs 7JDh7d1DPOXZAN2e59USV4+nTl6zdTiQRJS/vCou5PwAIh32y3K4dQzGjYKOSLq89JpPdjgpmOkB MfkodLhXZ7DrXBbeGGuK4ZXxcCnztAwhVIciPSGcEUUBLieJawiECZDOT46Iw7nhbrNXeS9MJ4p/ VUQRdeBURE4V+qKEIG3D7gBlwEF57zGvY3hw/wC7A6wsCEyy+hKuwrsc43BM08akbofn4frjeQgc 3shxzo8o8LwbPZs85tmcGuTu820GIf+wzchh8TZwgI6wiiaCZiKfMRXgNZAxs1JF8D4/HMRrER56 JpD3fPWmY84yLN849ayQC+8Rl0DfaYvWnssyIMi6UaLqG48P87opv1sPLQEukaBtXmSX1DxrgDIB EogzvlPEPigiIB8G5qD7x7wxPkGGtQk9oq5wlnwI2WMS8JOzOpGIJnJ8dr9U48uLIZ954ywicmBA RigUM/iIQF5dSPaGB5fkeS+bsM9bX87AiCwjCchWQfsENsMWkkhk3kRiLKashrS6jtUX4F7BJ/gE vwCXhURiHZ8TeJjwnIe70dfpMSvTjpczEQspXpMPREaUlU69A1VCABXuGBx/QDZfcEBnIUK0KQlG 1vFG8oQYgMT5V/c4l2q/XuLjxBp4QxTg4Lf/HvJj2COffsqaQ+GZCEvlRaGG7HFdZ46ItCvVZda0 8+b1Mm2o4yG1LG3yVxP3xxeSrpIn4FGqI5AFEKL/8FbYNmJHwsSQqIgJ8Qbw+UzA7rchmIU10ktK N/Mhhziw9rdS5JUVXiHJ+YfRQuN4HGLm75Ta37LhfTKoHwuEPzw8P+sUv/HdXjw0l4Boz14K5F3e ocVOyZxQooRus1ssxqGrPRVTeCe9HLCFSdZmzt2IFRqDIKHBgIM2N6qeS8mOJFMlynpyF7HFadKz m2wC1lnAsygPv0+MNG2P+yshcGN0bHjPP2DVmtecOcDHr0I648m4ytpIwo0hIhL51gl7zwySkRlZ 5bzve8nIkmAz/L3jrwhPELyJxld6sYyZv3cyvlW4vHzZbpSKK+BMbzG9fqOciKU+vZQwmf1GDreJ 1+JeJMxRn55GcHf5JLiYJdhleS3Bfk/znquJ7dcwk5FEPPDAAueL1SiBIJHWkasE4EWyC3iczrdD dxDUOpjXTKshRxX0mt0GoM+vCWgeDComwAE5wwAYWwkNe9m0m3Ar7ipl/SWzQ6s+IGmWarj5dSiz u/08mW1DERpIQiabMssJsncbpYlj9KwTYt0oA3OlFlqraKshtldI/U0UGyhKLJRP/AaNz/Huk6XG mS0Jb1rH+xDg8+E1S9BYAvRXB6mK2MCVrvxR9p7IO5zjFbfPrcoLXVggUInmuBb0I1aEezSp/TrO GCv3EyYbF+ETrKS7wvT6iZ+BVrnxPgOwhEJOqWVnk72Fi3HFApJdJlAOTxhLvwKg5hQy7eg9NcVY QOTxPYH5zskZuyzMwa4CQgI7ODs2t6F9qVVlh8dV0cOJ3bF4nYA7tCOb/yJCkewS3iMb0JtonVfG RCll4+X1Km4+DBTw3lb4ioNVTdyGTkRMQXrc3PatKhtf8/tRwvmYhOGhtSq9CWSj+Cy8/pL3b4iU T0vk3kXJsGadSB7XAe466/8KyVdYqXOjLdIhLcOrSz0aLgRUoQSU6W5aY7E0paOwhGXAbtgeNQEv q/CQB3wBHcshAt7ciyFvSOs3NO6FLyXkdzf/nrl69cqIDGOdxx0SNJBLJdH6+rYhfAthDPPAg2j4 VwbAE3xvpBhlVyLE+3ZrbNI5JxxSmR6grs932POvl/GIUfPRpk/j7Gl7/zSvwcDRAageERuP/Co+ 4SyGL13kLbLz06m9+w7JSInbGyAlagNWatge0CWUL4XyIN75QZ2AcioP/Tw4WSaAzKa4+25Z1TYN 894ahwzw1XoANv/VedvmRs5xZ+79BbBaX18Au9EL+QLekRzAuULS3ueLmBDAJCpUBa1Io67JGBBB 4x2LvGMpRj32OuEwzOkfsbKgaxo1xSWMrANFUfgMAAFfRRxLfDuK4JXqmC8O3V6rkrjOYGVHcc4A jzT0uLGsy0DgLLiflQzHN+niw1sISFEwgIgwhSh5BbzvapVMYY/W3aBoSDQNDGhoNb+qccTjCUwU xMgDi9T3WskhxqLUSq70lvMoDOOt+PNlxIi9Gg58I9VVro2HebKNgvPOz47Lz9biEjTvJyAyvpdE Su9UkaV8KFNDRgSZMC5Ne+nCuSUcEK6zgEgLz8CT4e9ZBO38iLW86RAbUMtrQIZQ1m1oHhBUd2Np gRnFV7JOpW6qCAXwBgpvOgT4zgUc0iv13ZLo9xCQcEwntcAieOEUErGC3c3ySDvvWl41dFcRvtrD AAzQ47Wf2LvGqwVq9o3GSVnQLZAZPEEL1lIgMwlIYfuOuq6JVfrNZhefv9WpNxJ3hgDZ889YZQyf gGw5FjCYw9I7FWcV+hWJVQwlB0P3AtwOnjACcChKQSkUZdMiPgM0lo+oAK+j1FfbOaW+AUGm45SZ dnmnk5B1j5iJ/YEHCSuXIXTBFpp6YIDNGOuuVx8yYNktI8zdT8i0Y4Fltq9fTc31BEXaAbI6dkBJ gkfkWKC+JMA88Ggyy6d8BpQkHaed0F5MG77eTKTXuUC1ZYgPlccpX/WwTgOi+fnt/B3zMFuj8IsY UaSNXW6pzXZ/UhJZxTvxU4tkWR8nNWsnBe5Hlqe7LRt/rxLnGPkqVeLed2xpz8u0CUCl2XUdwYzg tLiUPGMMei9X9T0D9FVlgMaRCYfKCY2hnOxX1HrU4q7ykhH0KUBoe37lVeeMk2HG1wZnW5cjLBVZ 2g73g9qFwyM7VSgGN3wnpgWm87BublSd4Ak+tXKdjisSDC9Kkxo+PdnDcAICCTC+2HRtCedEHFEc kSMKF3TO707okS8RYK75XikRgZBdGxLtV7q78vBIKDOruh9ABP03jxCle7IGq7mrm1b7otpCX9re GqiCNFROQQilFQe3wFJHET26g57A5big7qEso0/AQE6+YtQomYWixpSkA9aBUaPGVbJQ1HTNwW4J oKkm+9Sgm0H8teNO/UeoSmRAR6I7NRRbqaNTdOBOOy306mg4MA3onh5b/0leavzovNlo99eP59A4 8GPyePo/NfmadmVuZHN0cmVhbQplbmRvYmoKNTgwIDAgb2JqCjM3NDgKZW5kb2JqCjU4NCAwIG9i agpbMzEgL1hZWiA0Ny41MTk5OTk5ICAKNTY4Ljg3OTk5OSAgMF0KZW5kb2JqCjU4NSAwIG9iagpb MzEgL1hZWiA0Ny41MTk5OTk5ICAKMjk1LjI3OTk5OSAgMF0KZW5kb2JqCjU4NiAwIG9iagpbMzEg L1hZWiA0Ny41MTk5OTk5ICAKNTk4LjYzOTk5OSAgMF0KZW5kb2JqCjU4NyAwIG9iagpbMzEgL1hZ WiA0Ny41MTk5OTk5ICAKMzI1LjAzOTk5OSAgMF0KZW5kb2JqCjU4OCAwIG9iagpbMzEgL1hZWiA0 Ny41MTk5OTk5ICAKNzExLjkxOTk5OSAgMF0KZW5kb2JqCjU4OSAwIG9iagpbMzEgL1hZWiA0Ny41 MTk5OTk5ICAKNTAuNDc5OTk5OSAgMF0KZW5kb2JqCjU5MCAwIG9iagpbMzEgL1hZWiA0Ny41MTk5 OTk5ICAKNjgyLjE1OTk5OSAgMF0KZW5kb2JqCjU5MSAwIG9iago8PAovVHlwZSAvQW5ub3QKL1N1 YnR5cGUgL0xpbmsKL1JlY3QgWzUyMi43MjAwMDAgIDY3OC4zMTk5OTkgIDU0My44NDAwMDAgIDY4 NS45OTk5OTkgXQovQm9yZGVyIFswIDAgMF0KL0Rlc3QgL2ZpbGUjM2EjMmYjMmYjMmZ2YXIjMmZ0 bXAjMmZDR0l0ZW1wNTA3MjkuZGlyIzJmZHJhZnQjMmRpZXRmIzJkb2F1dGgjMmR2Mi5odG1sLmh0 bWwjMjN0b2MKPj4KZW5kb2JqCjU5MiAwIG9iago8PAovVHlwZSAvQW5ub3QKL1N1YnR5cGUgL0xp bmsKL1JlY3QgWzEzMi45NjAwMDAgIDYxMC4xNTk5OTkgIDIwMi4wODAwMDAgIDYyMC43MTk5OTkg XQovQm9yZGVyIFswIDAgMF0KL0Rlc3QgL2ZpbGUjM2EjMmYjMmYjMmZ2YXIjMmZ0bXAjMmZDR0l0 ZW1wNTA3MjkuZGlyIzJmZHJhZnQjMmRpZXRmIzJkb2F1dGgjMmR2Mi5odG1sLmh0bWwjMjNwYXJh bWV0ZXJzIzJkcmVnaXN0cnkKPj4KZW5kb2JqCjU5MyAwIG9iago8PAovVHlwZSAvQW5ub3QKL1N1 YnR5cGUgL0xpbmsKL1JlY3QgWzUyMi43MjAwMDAgIDU2NS4wMzk5OTkgIDU0My44NDAwMDAgIDU3 Mi43MTk5OTkgXQovQm9yZGVyIFswIDAgMF0KL0Rlc3QgL2ZpbGUjM2EjMmYjMmYjMmZ2YXIjMmZ0 bXAjMmZDR0l0ZW1wNTA3MjkuZGlyIzJmZHJhZnQjMmRpZXRmIzJkb2F1dGgjMmR2Mi5odG1sLmh0 bWwjMjN0b2MKPj4KZW5kb2JqCjU5NCAwIG9iago8PAovVHlwZSAvQW5ub3QKL1N1YnR5cGUgL0xp bmsKL1JlY3QgWzQyMi44Nzk5OTkgIDUyMC44Nzk5OTkgIDQ5MiAgNTMxLjQzOTk5OSBdCi9Cb3Jk ZXIgWzAgMCAwXQovRGVzdCAvZmlsZSMzYSMyZiMyZiMyZnZhciMyZnRtcCMyZkNHSXRlbXA1MDcy OS5kaXIjMmZkcmFmdCMyZGlldGYjMmRvYXV0aCMyZHYyLmh0bWwuaHRtbCMyM3Jlc3BvbnNlIzJk dHlwZSMyZHJlZ2lzdHJ5Cj4+CmVuZG9iago1OTUgMCBvYmoKPDwKL1R5cGUgL0Fubm90Ci9TdWJ0 eXBlIC9MaW5rCi9SZWN0IFs1MjIuNzIwMDAwICAyOTEuNDM5OTk5ICA1NDMuODQwMDAwICAyOTku MTE5OTk5IF0KL0JvcmRlciBbMCAwIDBdCi9EZXN0IC9maWxlIzNhIzJmIzJmIzJmdmFyIzJmdG1w IzJmQ0dJdGVtcDUwNzI5LmRpciMyZmRyYWZ0IzJkaWV0ZiMyZG9hdXRoIzJkdjIuaHRtbC5odG1s IzIzdG9jCj4+CmVuZG9iago1OTYgMCBvYmoKPDwKL1R5cGUgL0Fubm90Ci9TdWJ0eXBlIC9MaW5r Ci9SZWN0IFsxNzYuMTU5OTk5ICAyMzQuNzk5OTk5ICAyNjAuNjM5OTk5ICAyNDUuMzU5OTk5IF0K L0JvcmRlciBbMCAwIDBdCi9EZXN0IC9maWxlIzNhIzJmIzJmIzJmdmFyIzJmdG1wIzJmQ0dJdGVt cDUwNzI5LmRpciMyZmRyYWZ0IzJkaWV0ZiMyZG9hdXRoIzJkdjIuaHRtbC5odG1sIzIzY29kZSMy ZGF1dGh6IzJkZXJyb3IKPj4KZW5kb2JqCjU5NyAwIG9iago8PAovVHlwZSAvQW5ub3QKL1N1YnR5 cGUgL0xpbmsKL1JlY3QgWzcxLjUxOTk5OTkgIDIyMy4yNzk5OTkgIDE1NiAgMjMzLjgzOTk5OSBd Ci9Cb3JkZXIgWzAgMCAwXQovRGVzdCAvZmlsZSMzYSMyZiMyZiMyZnZhciMyZnRtcCMyZkNHSXRl bXA1MDcyOS5kaXIjMmZkcmFmdCMyZGlldGYjMmRvYXV0aCMyZHYyLmh0bWwuaHRtbCMyM2ltcGxp Y2l0IzJkYXV0aHojMmRlcnJvcgo+PgplbmRvYmoKNTk4IDAgb2JqCjw8Ci9UeXBlIC9Bbm5vdAov U3VidHlwZSAvTGluawovUmVjdCBbMjk1LjE5OTk5OSAgMjIzLjI3OTk5OSAgMzU3LjU5OTk5OSAg MjMzLjgzOTk5OSBdCi9Cb3JkZXIgWzAgMCAwXQovRGVzdCAvZmlsZSMzYSMyZiMyZiMyZnZhciMy ZnRtcCMyZkNHSXRlbXA1MDcyOS5kaXIjMmZkcmFmdCMyZGlldGYjMmRvYXV0aCMyZHYyLmh0bWwu aHRtbCMyM3Rva2VuIzJkZXJyb3JzCj4+CmVuZG9iago1OTkgMCBvYmoKPDwKL1R5cGUgL0Fubm90 Ci9TdWJ0eXBlIC9MaW5rCi9SZWN0IFsxMjAuNDc5OTk5ICAyMTEuNzU5OTk5ICAxODIuODc5OTk5 ICAyMjIuMzE5OTk5IF0KL0JvcmRlciBbMCAwIDBdCi9EZXN0IC9maWxlIzNhIzJmIzJmIzJmdmFy IzJmdG1wIzJmQ0dJdGVtcDUwNzI5LmRpciMyZmRyYWZ0IzJkaWV0ZiMyZG9hdXRoIzJkdjIuaHRt bC5odG1sIzIzcmVzb3VyY2UjMmRlcnJvcnMKPj4KZW5kb2JqCjYwMCAwIG9iago8PAovVHlwZSAv QW5ub3QKL1N1YnR5cGUgL0xpbmsKL1JlY3QgWzQxNS4xOTk5OTkgIDE5MC42Mzk5OTkgIDQ4NC4z MTk5OTkgIDIwMS4xOTk5OTkgXQovQm9yZGVyIFswIDAgMF0KL0Rlc3QgL2ZpbGUjM2EjMmYjMmYj MmZ2YXIjMmZ0bXAjMmZDR0l0ZW1wNTA3MjkuZGlyIzJmZHJhZnQjMmRpZXRmIzJkb2F1dGgjMmR2 Mi5odG1sLmh0bWwjMjNlcnJvciMyZHJlZ2lzdHJ5Cj4+CmVuZG9iago1ODMgMCBvYmoKPDwKL1R5 cGUgL1BhZ2UKL1BhcmVudCAyIDAgUgovQ29udGVudHMgNjAxIDAgUgovUmVzb3VyY2VzIDYwMyAw IFIKL0Fubm90cyA2MDQgMCBSCi9NZWRpYUJveCBbMCAwIDU5NSA4NDJdCj4+CmVuZG9iago2MDMg MCBvYmoKPDwKL0NvbG9yU3BhY2UgPDwKL1BDU3AgNCAwIFIKL0NTcCAvRGV2aWNlUkdCCi9DU3Bn IC9EZXZpY2VHcmF5Cj4+Ci9FeHRHU3RhdGUgPDwKL0dTYSAzIDAgUgo+PgovUGF0dGVybiA8PAo+ PgovRm9udCA8PAovRjYgNiAwIFIKL0YxNTAgMTUwIDAgUgovRjEwIDEwIDAgUgovRjkgOSAwIFIK Pj4KL1hPYmplY3QgPDwKPj4KPj4KZW5kb2JqCjYwNCAwIG9iagpbIDU5MSAwIFIgNTkyIDAgUiA1 OTMgMCBSIDU5NCAwIFIgNTk1IDAgUiA1OTYgMCBSIDU5NyAwIFIgNTk4IDAgUiA1OTkgMCBSIDYw MCAwIFIgXQplbmRvYmoKNjAxIDAgb2JqCjw8Ci9MZW5ndGggNjAyIDAgUgovRmlsdGVyIC9GbGF0 ZURlY29kZQo+PgpzdHJlYW0KeJztXUtv5LgRvvev0DnAeMSHXkAQwOOdCZBDgMEYyGGRQzCbSbCw F3H2kL8ftaTulupr9kdRlFrqto0Zt2mJLBaL9Wbx45+//SP51+/Jx6dv/0m+dz+fvu3ShzSr2q8k rb8/9Bt0+WB0uv9KSmUe8qJp/f66e0vedl93X+v/33Yqb17sftR/PAyRNt+/f/9t97EdfNe2fHv6 a/3pf4lO/lL/+zX5+e914y9df/sHXndllddwpKky9a8v/V+VSUv1kNef6/ZU/rp/+N+7v/0h+W0P mH4oG+BVC2D/1w82NYW2dUs+CeS306td73tkuT73Ox4FX54lRmVWJaa0ibHJf/+5+1GPfho7T02l VZaXzs/9sY3pxrKJqgr1sF9jXaPd2GyPyzTN6vbS7lFet9f4z5V9sDVkWrbrYv9y037s58XR/35p fvRgrkz35fw8gLkPW5U3/Tcwn8aqh6maZwRsor03l2M/L47+JcyR8OyA2QWDa13mwPP5tX7tt3vi +TxtuGgpEp5NmbWfsyE9mzJvP2dDGET7EeZePy+O/qPRsymLcg9OC3N/rKrFG8A2aO/N5djPi6P/ mfDsgNkFg2td5sDz+bV+HbZ74fk8bbhoaQjz3LKhqv+3Nk0yE1E2lFbrbmqDvVRak3WoGMxftB/x 1evnxdF/tL1UWls2qoLgs6XNG2wjbIP23lyO/bw4+o+2l4Z4dsDsgsG1LnPg+fxavw7bvfB8njZc tLToXtK20bH2LCimnqWrSjeLJvQsU/+1QYyQjcP2kyw99fPi6D+enmVSVbTK9YAu63aTNnAK2Ibt /bkc+nlx9B9Pzxrg2QGzCwbXusyB5/Nr/SraffB8njZctDSE+WDqVWD4jNs3++2iivoXXSYqO+yb r2FWmGq++8C0LQ4r7O3Ci5+edx+/5IlKk+cfSQvBh/bHcwv1hxpsVSTPvyR/3AP1p+T5193e6Owa dNNQnBpM01CeGqx8ou3j83M3/5lwXdaSfoO4LnO7OVxrXU9pe7jWNdwz4TrQXfJ24cVmQirbe3TO TqnaU0+W6SE0pQTv1KA/ySe+yIYn9oT+LJ+QaFLp6D6UZqBDg/mJPlGKBlvMASlMP5dPPHpivaGj 6QSRF95IXBkCxqx/AEFk0IcEHZ+ALUQhhT5Mtcgo8pUYo2hJH1rORUmWAk/oCHCkkqSsfEVnsgGI Lh+zyVx7rOa29R7L939sAWkxpNITRgD4dgtlbrLTsKe+COGkSil6StYpH1bJpeoEnJXrf0Emwmyx U9iXEjD1KBvkbIHKEI6fJKSAQi0mh09AHxIfCAeQLmBdPqFa0JW5sHQBiytBhVdMNpqEcHGBDCUO YbU9+gDQATDYH4B2eAU65Svl0Pesey5I2xQOJDLAGBDIGZLhaC4kdT9RvAOpSnLHBjmKx6aCUSRz x06BYSoJOp+Lg1HFkQe1KRSRzNbK/pC6gf4D9jLFB0KKO4QTJqCM82Hc7zAbzojGc0gkCJCpXGI4 DDnjxpAHYwbQgahmWX+YizTkPEahWggiCJSfZRYbloEKf66mcX1BtQ3VmIUaz9oCyCFAbnkDNpX5 V0Zwf/Aw0MWMKobswSzpjOHTaqoWJT07Jc1kC9oyRuK+M9X63cBq8M1JWZHHXgzgGu/WzeV9hHBw E5IOi2bHMuo+t6Bn0e45JQM+AKcBmvt4xczDDgHil4sdov1zFIIgAqHKCYZqLiF6iUOGTmXdVg15 99r9RXFEVXaQmciFwXQDMgMRA6DS3W5SipBHKS8A7fIJJGbwhQesJVcZ59gy5hPdyx6eC+owQy4j uR3OP8Cl1sV+Cvf0jJIoejyR+ymK2uZ+p012zfnPg9ifx/M8Mjhy0Gb/VfvY7Jntp/Mmvn9UWQ0n e/CkU7JHYmrRrxQVez38fz4voKsRT2gjXwEl0HLIukf0hQnn0EshR3Zswd4TT7Kh3WC5e8IQScOI HgwLfchhEc+AtE+AEQkqAIK9ciUOllNyLQ2dOszHeWP0l2VdkVWHbdDC3zefHMR2Afn35Q5B+cgj LNxtRxVolELcSOMWBveFc1lPNYoA96GH9Uhj5zyaiI7+gJAEGM80JAUUhHOhs0UqjOHZQrVlvBMD XU50dgZSeKg+7bEwsLiwMLD5uV7PrRYJGDqxOgnfW0yp+iGlwn5w8MsotlBRWOdicmfwMvZzsBtf Ct6B/mrP6q/up3wEtMcAJI9KGTNcFsPD/lwPk+wREnbwCal4Q/5eR6fXUW60EmjaUroENWGASSwU 61pr2saiitlEtmrlBo6h3uFSUYeZh6CFheBeOB6mBbxD1h7oalxGBJAMd+SNd2R7+M9VDBrqRHM1 YpfR3EjUIriazf3lq2WyQKkeaTtzxIdtZ3WfnDNnIp0yYNr5Hi5Zc+MtsbW79i+BPt4tHUUeQpS6 c7X1VirA/RFHzLSRmxOP2NBWvBZpAmDBLoAo/L1MM+cOoIIX3TnciUZ5RkQ3ykQMaV0OUXTLAZGy OMzSIyACu/o9IHLnAREDYgreUVJuYewCpssXnKqHuuTLCYdpKGQ4O9gTXLTfRnSnSvMDEUSJ7ow3 ALmd4eERGJ+6OU+IxNfzeimYc3te1HuN/q3W6o5yzmMlcTnvszJ3btlO1KdzbYbywpsdRDF1qlPp g3cWsgoWcsuSfjv+Ba5xYEI2+LHhFao+LJNiEJLjD3MBNwfnscBQAo4KLcWW00ywx8cY3XZM1xyY PWQh3PRuj5Kzy62FuTz7Ec5GeBwM8kj/WfLA7USCN6YcUvxa5BscwJpHvoF7R9Idugc0xDJHsR5S CKgqBcX3oOfbE5LmHFlUvT4gOwVSgGUfvJhQeFLMpdmOrx20WgTNUm0LKmWlsrwOlpKSo0BFnjvH aacTRdrbVeYc587RPEehuPWi8LrF5nSqbkDGLFOwLqA+3XtNN9EwY003nWZHUy0g9ZPn6a9EG17I /htvQYWUsAmoLcbh4BgbH5LyqOA1T6Eo4LnUmeOxlrw+A09z4oUBIiQ1wSFv20XDT5kLmF8NziyJ VDgp7JHXyKOH3P8VcL4sxgntKDEWeo7Lm6VOdvfZIbefZROpeD5EnRbKiWdaO8SjdpoHbQYkqXFA uDOfM28qmK9UXSJKEQceD+GceZYUBO7a5AXreBbHZhbboyhUQKcxqhHhXuch1zkOU2EWd5R6pcG6 3OSSPeWQMd/ljogj3MqjHL7O4fjtJK5wLXMZEcK1zIB6lCGn2nhYnkuueGXARuWGjT8qiVToUU6A pr6g8b/WIrAIWMjJGd4rP2wTjJDJDLMacsyF1J2IpoxShxO5GPoMyPPlZ6U5jQRUjp7lGONdOgw3 WBxCZ9WQkrm/CAvQQANEwmCdQLOBUeBY2DWLQxgj0RTDv8WLugPr5eybFtC5bp725EOq5XAhQqow cXYWsJicewGKZimDPEsWMq8MigW5eRIpSKLxiraOVx1BK+Ovv2640kkUy3QRHnLbRzsipzpuS+8w yoot9653nENTJdF0X3p1FFfs+BjxanhEBC/aoseytLLOQOQED8dE0CoJWkhgGTgHl2fLXLAzXpxH Ccbcsm86POC/RVFslNgewULyguSNKN+vI4qtEmjyCGAAIvnJVN5HgNM/juldFAIBV4pPXymyFnwZ 1hglqVvdOLI4105AeCiFk9l4FXA1gZJ70JpvsbCV1uZA0x6FrYCEb6mwFZakgpJM0IC1oSJUjwKr uwuGXcIqlkGEUljQwKtnOdJF+osHswEUra8mk9b54TItzOWPYR9wQcaFMs/VGK+Xxzju71GCl1uD PBNjrd7fkJvDYBRgmwF+Gpp07JGFDCKZZ3fw1fctwDyz0A6pLrxWovPYt6utJOuB9hkvz9C6KDe3 uhu+0whvyRtvKcxSFt+DgW6nCj6X/FyM8zNpXIyPr4kco4TJWnwN7zUgh7NdtIDb5GNe+VA6hFN7 HDFVHS2SZZj/IixktV4hk8ZYOpOa4dqFnPyMsd/5IT6PNFaeCTX+kOr2iXmqjz8XJHLdLRGFV5n0 eDlwlG2k8kJ0e6VttIxte4+cdyqjtWYOwrMmDSS8yUm3Yj4hK3ydMwQIKa3lGZIvdCXvVry9GYfT 6nWIjdk1KZ2K+S61E7XKhgMjCsB0DDhVf0MGO9ZUhdKW1rBONnRLdcTjbSY7HAjXsmDYan2Rt026 7xf9UTTT8NZ7gXRC/ssUSI9YdGYqs6uyIbfzCArwg1rXTcM2ee5C/HpZ93hyD7huMST0MkvmX0BJ pfFVCLvy0hcSMD2OS8yStT5LMML32OZk+z4TmyxCvczVStD31A3ChTzcfZunjzhSqVTeK/V+/bh4 Ijwx5ZIic8sHneeM5kyVIG3xm96GWOS0JNjxG7aON5QjQXWu++D+1eptkvW6E9dOIfN4IK0+Fti6 Ic71fs3XPNHBZSLVMS7GCrAYAiqdAA2dKdIDB3HOkKLURLrLMPrdxAiYcE/l+AgKCpYAnSCgwlSA Wg3cOuDMJvXUAMZwLr6O6zgM3lTOyUQpiDn+WFLIaQZgtNzdAWgGKqPV4Tz0/dsuSxnBeJ1HRmxt L4/y/gWwMselTaMqB3CcOo5/xq1P4HFAnTt7rqoxTWXc7VVpJ869MmsujlzKjvUlV+sQ7C/ntirO KG0FkiXt4tF9epciXpzqKGR9nZPcqkyHc966uh5DX7tYJHZbNG2UuSJNl3L5LymncMck+FZkAwyL dyTkV9xb1gjcx7x4WtvqKOnoPZFYBwuWAxq4gKHDxmiIcbHsPNMHrnHlW2KzUxXwKxFEPIxMIggr CQJYnJW8xlAtFV+RowTczhoCKU2+NcAmAetzQArDwhW4iFMrX+nlmp2qNWVV94WMW/zNo/STu7Nm k+UuPcnsT1fV2tLhRnANVY20aEjhAH6rVvQqA30R2ku3x3p9lLIBkgAz+QQ05OIVdd7gCkVN1tRM VpVWN4CaMipqVCXOLa4FNd3evIAJbzLifUQjNHHAcTvI5KhaHJmmvbFihdiEYWfmX0qnw8NLq8EE PDE3J29v7e0dsFkJJgI4ue6dqKu/k7caQSpvZtr9+P4aahJ+Tb7u/g9WIEtdZW5kc3RyZWFtCmVu ZG9iago2MDIgMCBvYmoKMzc4OQplbmRvYmoKNjA2IDAgb2JqClszMiAvWFlaIDQ3LjUxOTk5OTkg IAoxMzcuODM5OTk5ICAwXQplbmRvYmoKNjA3IDAgb2JqClszMiAvWFlaIDQ3LjUxOTk5OTkgIAo4 MDUuOTk5OTk5ICAwXQplbmRvYmoKNjA4IDAgb2JqClszMiAvWFlaIDQ3LjUxOTk5OTkgIAoyNTMu MDM5OTk5ICAwXQplbmRvYmoKNjA5IDAgb2JqClszMiAvWFlaIDQ3LjUxOTk5OTkgIAoxMDguMDc5 OTk5ICAwXQplbmRvYmoKNjEwIDAgb2JqClszMiAvWFlaIDQ3LjUxOTk5OTkgIAoyODMuNzU5OTk5 ICAwXQplbmRvYmoKNjExIDAgb2JqCjw8Ci9UeXBlIC9Bbm5vdAovU3VidHlwZSAvTGluawovUmVj dCBbNTIyLjcyMDAwMCAgODAyLjE1OTk5OSAgNTQzLjg0MDAwMCAgODA5LjgzOTk5OSBdCi9Cb3Jk ZXIgWzAgMCAwXQovRGVzdCAvZmlsZSMzYSMyZiMyZiMyZnZhciMyZnRtcCMyZkNHSXRlbXA1MDcy OS5kaXIjMmZkcmFmdCMyZGlldGYjMmRvYXV0aCMyZHYyLmh0bWwuaHRtbCMyM3RvYwo+PgplbmRv YmoKNjEyIDAgb2JqCjw8Ci9UeXBlIC9Bbm5vdAovU3VidHlwZSAvTGluawovUmVjdCBbNTIyLjcy MDAwMCAgMjQ5LjE5OTk5OSAgNTQzLjg0MDAwMCAgMjU2Ljg3OTk5OSBdCi9Cb3JkZXIgWzAgMCAw XQovRGVzdCAvZmlsZSMzYSMyZiMyZiMyZnZhciMyZnRtcCMyZkNHSXRlbXA1MDcyOS5kaXIjMmZk cmFmdCMyZGlldGYjMmRvYXV0aCMyZHYyLmh0bWwuaHRtbCMyM3RvYwo+PgplbmRvYmoKNjEzIDAg b2JqCjw8Ci9UeXBlIC9Bbm5vdAovU3VidHlwZSAvTGluawovUmVjdCBbMjI3LjAzOTk5OSAgMTkz LjUxOTk5OSAgMjg5LjQzOTk5OSAgMjA0LjA3OTk5OSBdCi9Cb3JkZXIgWzAgMCAwXQovRGVzdCAv ZmlsZSMzYSMyZiMyZiMyZnZhciMyZnRtcCMyZkNHSXRlbXA1MDcyOS5kaXIjMmZkcmFmdCMyZGll dGYjMmRvYXV0aCMyZHYyLmh0bWwuaHRtbCMyM2NsaWVudCMyZHR5cGVzCj4+CmVuZG9iago2MTQg MCBvYmoKPDwKL1R5cGUgL0Fubm90Ci9TdWJ0eXBlIC9MaW5rCi9SZWN0IFsxNzcuMTIwMDAwICAx NDkuMzU5OTk5ICAzNTAuODc5OTk5ICAxNTkuOTE5OTk5IF0KL0JvcmRlciBbMCAwIDBdCi9EZXN0 IC9maWxlIzNhIzJmIzJmIzJmdmFyIzJmdG1wIzJmQ0dJdGVtcDUwNzI5LmRpciMyZmRyYWZ0IzJk aWV0ZiMyZG9hdXRoIzJkdjIuaHRtbC5odG1sIzIzSSMyZEQuaWV0ZiMyZG9hdXRoIzJkdjIjMmR0 aHJlYXRtb2RlbAo+PgplbmRvYmoKNjE1IDAgb2JqCjw8Ci9UeXBlIC9Bbm5vdAovU3VidHlwZSAv TGluawovUmVjdCBbNTIyLjcyMDAwMCAgMTA0LjIzOTk5OSAgNTQzLjg0MDAwMCAgMTExLjkxOTk5 OSBdCi9Cb3JkZXIgWzAgMCAwXQovRGVzdCAvZmlsZSMzYSMyZiMyZiMyZnZhciMyZnRtcCMyZkNH SXRlbXA1MDcyOS5kaXIjMmZkcmFmdCMyZGlldGYjMmRvYXV0aCMyZHYyLmh0bWwuaHRtbCMyM3Rv Ywo+PgplbmRvYmoKNjA1IDAgb2JqCjw8Ci9UeXBlIC9QYWdlCi9QYXJlbnQgMiAwIFIKL0NvbnRl bnRzIDYxNiAwIFIKL1Jlc291cmNlcyA2MTggMCBSCi9Bbm5vdHMgNjE5IDAgUgovTWVkaWFCb3gg WzAgMCA1OTUgODQyXQo+PgplbmRvYmoKNjE4IDAgb2JqCjw8Ci9Db2xvclNwYWNlIDw8Ci9QQ1Nw IDQgMCBSCi9DU3AgL0RldmljZVJHQgovQ1NwZyAvRGV2aWNlR3JheQo+PgovRXh0R1N0YXRlIDw8 Ci9HU2EgMyAwIFIKPj4KL1BhdHRlcm4gPDwKPj4KL0ZvbnQgPDwKL0Y2IDYgMCBSCi9GOSA5IDAg UgovRjEwIDEwIDAgUgovRjI0NCAyNDQgMCBSCj4+Ci9YT2JqZWN0IDw8Cj4+Cj4+CmVuZG9iago2 MTkgMCBvYmoKWyA2MTEgMCBSIDYxMiAwIFIgNjEzIDAgUiA2MTQgMCBSIDYxNSAwIFIgXQplbmRv YmoKNjE2IDAgb2JqCjw8Ci9MZW5ndGggNjE3IDAgUgovRmlsdGVyIC9GbGF0ZURlY29kZQo+Pgpz dHJlYW0KeJztXUuP3LgRvvev0HkBj0VSTyAIYM/aAXIIYNhADoscAm82i4Vnkcke8vejltRtiSX2 VywV1a2ZnsGuNewWH8Vivav49i+f/5n9+4/s7ePn/2Rfx38fPx/yh7xsh58s737fTBts8+BsfvzJ GuMeqrpv/fp0eM6eD58On7r/Px9M1b84/tN9eBoi73//+Pr74e0w+GFo+fz4t+7pf5nN/tr991v2 0z+6xp/H/o5feDo0bdXNI8+N6/78Nv3TuLwxD1X33LXn/p/HL/96+PsP2e/HidmHpp+8GSY4/fNN Yaomrx6KvFo15efvr3azcK01ZdUEn6cdOzfOp8hacwRuv7yngyvK43Oel127Pc7w2N7BoDJF/4f1 2239YMf2cz/fAv0fwfPLZM6tG3+Cz7M5T+fm2n7Yfs7TsUo7bpU3t1n7ZC3nfr4F+vfnrATnwJxD cwjtSwo4L+/107ydBedl3AjhkhKcjSmHP8wcn7v24Q8zn4PXfp7zpJ9vgf7V8Lnrs2z6+cxxo2uv TT8fMrdp+3Qtp36+BfpPBOfAnENzCO1LCjgv7/WT186B8zJuhHBpPucTW2sJkY/iFVVRZM6WVd2x x8yU2X//1Y3yqecFAo5j+t/pZIaWAMd5vvDi+y+Htx+rzOTZl1+yYQZvhn++DLN+0027brIvP2d/ Ok7qz9mX3w5HBjs22L6h/t7g+obme0Phf2Po48OXcf1pYO1sU+0Q1s629f5gXdTlHmFddCiSBtbf 4TxIwkdhOPQ8ExwZ34fAiB20B1V73L0FUNmqpwBNO67SvPPhMDQUPmAuNNihwZhzi8n9Xpu+ofze 8MHrxLT+K4Edmkyk8se1w561FxpKvxMykR+9cQWLyR+9YY0/D/O4gF1xisfzhRd7HDBH1WgJCUp7 RILKnibjhtNhcn8Bl9b80TtiNmceMQKmCajfw4baP9n+PMb9q9esJSc4YPyGxh8FLm7EkjICQGQt ePmkUzJ1snzGWgiQMTwIkMlm+2uhiyNrIUQCoxSZKe7DH9aVCLUp0tUQ6QSLg2hJXyHD2mg6i0kz Pfv4VGLq4IOQ4lg8CE3lv/IIkV8BhPjs08X5m01Ryu80BOSey6xmF64MomGxzO4uQYgAxAeZyyGV JqIKGQUKMxi3ycYYQg0IghAA+WzsJbHCUca6BGSCDpuIF2b4hrm0GJ8cUBhCpvSS9tIZvw94gu7C YzSUGQIX5BfuA2QPZGJcAXQlv6g6hXTGMCgJJfQQC1RkNQF5UofZleGJCLaXoBlWdslepUBEiZxC zhCemEDShSyVUnssHWIhnSyfwJQoT778yGCHmC5BmBrrj0IARKRDyg6hvomJLP2GgKVCKDPUXH/7 8T6o6Io+2BmcDB5thmYMdVa8ltH0N5lHvMIVEuPXEmHXzKkwVskxS2EcbgxErMa+U+RCvqNmMq5A ByVEBdsoyCiQytDTTg7ENpxMcCAICpHVQjsYXcuNiHYaRj7M2Rm0jZygFLtPmRCZKeGovhGDvoJN q0nMb5sYgdNwx92bzrR1o6PnbU7ZUxjT3Hv/KDeKXKl1igIDlUJ8vLMQZxjYfTdj6PNczFIY+gQm oZAtUaiTqUMHjoD8SfxG8QwU204ZysF+zinUr7DjgA5LFF8sHgg8jUoMoiz3RWRVeEqdn/ghFcOw cYDMHUuySSSV/ZJyzB8toWUKJ5MSSAJCenYxDMkwEzcoJ9jG0GAbY/OsQ1Nns6fzs3sweXGMnG37 h6rtW48hs8349PVgTPXQtGXh8vOH1fzlauy3/27/nPdvZN6r+bnfvP/ubNBjPF4+e/k836+HXw/v f0gVSmSc6c+vO4Xe2Y93JqjNBOmwSfTM63hp90w1U8i7Ehs8WQt2bOB9uY7ujo1wDD0E4zpxn5CZ kmGx+4QNspUy04noliaI3S/ZtCsg3BKvjICBYFWVQJ2rVkQdKqK8COzFm9hpi2FfJlaXMZh8AjLf lkXxQUNliN8HSroIyLAwQImKAlGlWEYQE4fr4gMiiL5MslMbU93qnGWCw/xShHUIiApFVT9qQYAQ IoYIwziuZe57SY4a7OrTkO3IK/EOI0ZwJeHkOLyG4iWWwom8FK9gMiLFiCJDjiFUMAVxHYyYHQE7 wMkJVpPqNiY4NS7urp1JWc1nQjdcwCIFBIAbCXmB3TOCo8haiPhLMJFMfRN5mJ5MgolYpcanG4YH UKfCdRQXxt5eKZ1rG/Vov3Y+DQeiIBpZI8UjZD1Qov7tSeZm52+tJva5NzBhotBixMiKg4r63YIA 1qJiQRAE6Av4NDE6UtzdhmFuwoYoDYUWR4kSiv30txU/dolR4QA7gdVyW+tIY4LScRJtOBTpps4P 6hYsj0G7AnUjLjkdfJgx1F8iqGJrIDZcCoKFMSbiU4V9AQxlH2fvb2MwuVVnGBVusV8H5/TAvCBJ Zq3AnnjjnnElsmurINz3406fpM6sCtNpXH0O02lcsxCm07h2DKc5PnlhOsOH1fzlauz3FKbTuHIh TKdrPfdb+mE6/YfjpMppmM7Q7wZhOk1xYl8kTEclSJIhNmN5bb/6+z1O50YJC7ZVE1yH9i6JEe1V iRWCUjvbmB2opXJSjG09jS2r4ExwTNGCPAvVxCSnSuJlvqp3/1IfSTICXjuzExxvityYdmMcEgSu KYRQMDhEvBOVoYlDhzBjt1UyN070rjbBceh+491UMPnRb8QX+mCjyEooWtt6UHx5ObMxvlqK3/5m yp1RUUE0xHwJV0vlrCQBohr4sRu2w7bvxsThMALG4uvNSDgGxtN4mGoWIGnaU51oNwBkUmuZEdwq yHXAUenYaaTB7W+lfsRLykK+lVTe1yW4MzxGgvq+ZB44CCs+OFpCYzEBITtHzAFYwLyRooBqia2t dWeLeWuLBYt5a0+W7eOTZzEfPqzmL1djvyeLeWvNgsW8az33a3yLef/hOCkztZgP/W5gMW/t+f6O yqPvmBTfc2FXUy+RwxeX9CZnD6eZS+K9BPo+w0QYnwC/Ua1QBQPItZIZblVhViwPpWPuaQurehIx 8cKpy9BkwJgHtLOxT/dag1DRzuEs0QEUqu5JqBnkIgITiSRB+GYdEfc87ctTV8nTxrQc+yEYsdsJ TXdKpLqsg3uFbRMpanQztgZKlZIjoxG8LfCpBkxzF1RxGqoeEIhXYojLnYch26Q3CCIvcTg7qeWB i0hJapLj+7yw+eqqRbljbIQ3U0473iI6wlSJhtY2iGY4fj9JBgyWmOMvLWDc+qhRgfwVaFnJTRfx yb4hvrzyhBR5PT8hgstDGOsVGCZ2bN0iRAYquxrFvxhsOGl+Z9vUoandSgqsxA6F5WFo7WK4DbCb eRv9eMeCuoKyS68rhNI/pSD4usL4Uh60gew+vjoooAyu5SBNMT/9otItghAJQckEXGUFqyFYHIx3 kae8nFWFuLtuBmxGhE25DKdo4A7D1V5S1+HnyUvaPS94SbvW0UvaP829pOOH1fzlaux39JJ2zwte 0mPruV/fSzp8OE5q6iUd+03vJe0GWuElvQd5pBAkVXSNQEmnKHkVGyOu5IxV2f9Nbr8T3DEo8aNi IXAjU/t18rPlRnIlPulscDXxt18KZHx2GYC162299arUUhAojmLbYpQpCd91iz1pEDXpdscrfYzV YjsZOapqwlcxEb6KReGrOAtfBRW+vktbxVz4KibCV7EofBVn4augwldxFr6KufBVbCV8FXfh68aE L5xfGx8pkaTQ0zZXIqukueHygnDnGJaB+EQAhr1JgMmv23WimaDo8ioYScW+FkOldOzFmezXWCoJ hBFUjxJEwQky5zep+8fwlCuU0tcQ59K4DjBhEojqSfI1NXw8Cqopw4RLps6taK5EZOsVkUQMl16K SApGehE5uTibiKsyrg4TrudwF9BUTj2GeO/i7SYg7kajCGnRlwx+d91vu51Sopmt5YOIQEQhHpXB 724kgnEjzozvPOCSw7XxucZ5GPKSZVmshrkP6DwwkBtTWQH/j68ssmNVTyMuRlSxl6tz6hBmk4eF WcHVavHXU0uqvJPNIw1YZSJR4PEMguF4hBRDUtUcU3sslgqso9gNdSkaZWV9lo5LlKdh7vVZwM6k qc+ikRQoiH+QVFaNd+/TfYAp35Jbb6D/gJGMksSVe8/4XE0vSB84nm+/WMgIy9koA3RkD+V57lCQ ZfjXsLU4SZ3NbSr6YIYiQPZNigBhhUurTJAzdXGOwTB1uRCDYepqjJU4PnkxGMOH1fzlauz3FINh arsQg9G1nvu1fgxG/+E4KTuNwRj63SAGw9TNCdYDuk7uo7qXZ48+FQKyiSemYWS8iwh3EUFXUHU/ ekzUfCAEpPRb6KV3joQIP5JucOpIfJjp+IqS3aV1bNEipZt57WoabzUMSqMhOW1y4RrjQL+gW5AZ lcQFPGL3l1a9TDlEUGua4XS/ToaIBhbii/PouX2vyA5s3oT2PyVpWzv5qgWT3w+BVNF5ocfwSqtV y0ywpj1rxdbmC1qxPRW57Z88rXj4sJq/XI39nrRia+oFrbhrPfVral8r7j8cJ1hPteKh3w20YmtP ElAa98Q2ctXdxr9eSEyiOtFsVIHJMj6rgkG+CckTRO8L8BJfayE4Y9i/jSVPHPAZD2RB3RtGGp0g 7lp8vbKSlOQaNswYYTSCC/cCCLFai65jl8egIdukN9ytgpFURhA0nia+H4uzghSpFOhwK/kOKjwG huZQ/NCgU0sKwIPNx5/g80w9YHwfi9eRg/aEs81MuZgY0KeaubP6aYm9gcASB5eT80qN1IHgKULA SN2pyt/DC+iHae9osppqGo/euCNCThoCeYHEPXwpeMhfzEhJLxFOslzuTNk6q6pWNwQVOHe6E4ym HGjkLGOhHgfyEa5G7irFV2YkiShSSI2RBBUoLJ+h0zDKLuOyFbgWnQ8yRtQNcaAR1BVIV5KrCfeT kH+lWJbrxBcwLJDxVVwktWIkKXuYLqlcbz5S/7IIEoQU9Q4lmXAKlar3HC93K7mz17lRIJHplVHX TOC0UMh7S1LL92b5FD0P0IDFoO3Y0I4Nhwq5ZBimjH3RYzor+UXVqaczhrFt7LOrWv642NgcHw28 UfSNwHCGHbKY/GmIVMQchR3lULORHAhu4YS1Ob2FmSPmGJZ9ycwCc5YoAF5QQE5Is1tbdrwsPQpx 4+UGLoxC9x/nXwqOyO5xSIenNEUQIPHa3z1AL3YvNVNnC3MurUBsQQLrCNYpGEJGPIHARhgJhiQx l+1HyeCURRIoFUkMyvHXY+A7mAR3ziQpSM6QfrARRmMemMfCSgqMMCu90mIxSqek1oLAnqZRFA7r ywEjnQ7DsHUQ7Fg9ImTZhyFb+F0XmnWlaz7j829DZHqt7G/NfDNfchBA0Z5WKQgCoK/EhwlQZ7wt /XeIEzwg9EzYAI4erPxxafBBgKpd4jZ4IiRugFAkvaiAawYBlPYcladxL+jrinWLNy6oXIseXyAN 5y4xNEMc2CwwLt5THS9vw7X8Rq/bXnklPE1Zx3Ct6NxWHrvY1AlUFi6EM4xsAYVbPBjeN7I1N0Ls Xlndym0uQL8LOhsIOvFqMcPQCm0NDNukwCMkKFKH87pvJdhPicXkHqnHci32kQuuDlK5EH3kW+VV Mt9fLfFneABgJtk2Za0EF+XcikBxM3eXQ1a/kK1+12PSYww+MIX1N2ahEpZfUIsKbjp8py7npFri rcUyg6Y2VLsgGu24jIdGcZzdaGW3QkQFqV4aCRISXyRUGO7WRHDEmJmzZTv+EOrkf8ZwhoU760ld FboWq2znsX2WJCkSPw8pijBAufJBNsHL934fzTLTmZwgcugqf2PKRVIvhYRpi7mnszD+spa942hA WxQh4OfekPly8J14c/N23r+jfj4CVX/v6P77222Xee4KuJR5WrgMAa2T/n38NL4PMSdSkg8Fsxxs twIKbZ0UCi734jTsR5+wLQt+8iU506ZdkvUPVGCXJvv4zv+Gj+8UF0inY3b/JYJHysvScfwAlmJS 9qb7zZ47EJmqX+v4z9cnqUP7U/bp8H90D7+bZW5kc3RyZWFtCmVuZG9iago2MTcgMCBvYmoKNDUy NAplbmRvYmoKNjIxIDAgb2JqClszMyAvWFlaIDQ3LjUxOTk5OTkgIAo2MzIuMjQwMDAwICAwXQpl bmRvYmoKNjIyIDAgb2JqClszMyAvWFlaIDQ3LjUxOTk5OTkgIAozNTEuOTE5OTk5ICAwXQplbmRv YmoKNjIzIDAgb2JqClszMyAvWFlaIDQ3LjUxOTk5OTkgIAo2MS4wMzk5OTk5ICAwXQplbmRvYmoK NjI0IDAgb2JqClszMyAvWFlaIDQ3LjUxOTk5OTkgIAo2MDIuNDc5OTk5ICAwXQplbmRvYmoKNjI1 IDAgb2JqClszMyAvWFlaIDQ3LjUxOTk5OTkgIAozMjIuMTU5OTk5ICAwXQplbmRvYmoKNjI2IDAg b2JqCjw8Ci9UeXBlIC9Bbm5vdAovU3VidHlwZSAvTGluawovUmVjdCBbNTIyLjcyMDAwMCAgNTk4 LjYzOTk5OSAgNTQzLjg0MDAwMCAgNjA2LjMxOTk5OSBdCi9Cb3JkZXIgWzAgMCAwXQovRGVzdCAv ZmlsZSMzYSMyZiMyZiMyZnZhciMyZnRtcCMyZkNHSXRlbXA1MDcyOS5kaXIjMmZkcmFmdCMyZGll dGYjMmRvYXV0aCMyZHYyLmh0bWwuaHRtbCMyM3RvYwo+PgplbmRvYmoKNjI3IDAgb2JqCjw8Ci9U eXBlIC9Bbm5vdAovU3VidHlwZSAvTGluawovUmVjdCBbNTIyLjcyMDAwMCAgMzE4LjMxOTk5OSAg NTQzLjg0MDAwMCAgMzI2IF0KL0JvcmRlciBbMCAwIDBdCi9EZXN0IC9maWxlIzNhIzJmIzJmIzJm dmFyIzJmdG1wIzJmQ0dJdGVtcDUwNzI5LmRpciMyZmRyYWZ0IzJkaWV0ZiMyZG9hdXRoIzJkdjIu aHRtbC5odG1sIzIzdG9jCj4+CmVuZG9iago2MjggMCBvYmoKPDwKL1R5cGUgL0Fubm90Ci9TdWJ0 eXBlIC9MaW5rCi9SZWN0IFs2Ny42Nzk5OTk5ICAyMzguNjM5OTk5ICAxMzAuMDc5OTk5ICAyNDku MTk5OTk5IF0KL0JvcmRlciBbMCAwIDBdCi9EZXN0IC9maWxlIzNhIzJmIzJmIzJmdmFyIzJmdG1w IzJmQ0dJdGVtcDUwNzI5LmRpciMyZmRyYWZ0IzJkaWV0ZiMyZG9hdXRoIzJkdjIuaHRtbC5odG1s IzIzdGxzCj4+CmVuZG9iago2MjkgMCBvYmoKPDwKL1R5cGUgL0Fubm90Ci9TdWJ0eXBlIC9MaW5r Ci9SZWN0IFszMzEuNjgwMDAwICAyMzguNjM5OTk5ICAzOTAuMjQwMDAwICAyNDkuMTk5OTk5IF0K L0JvcmRlciBbMCAwIDBdCi9EZXN0IC9maWxlIzNhIzJmIzJmIzJmdmFyIzJmdG1wIzJmQ0dJdGVt cDUwNzI5LmRpciMyZmRyYWZ0IzJkaWV0ZiMyZG9hdXRoIzJkdjIuaHRtbC5odG1sIzIzUkZDMjgx OAo+PgplbmRvYmoKNjMwIDAgb2JqCjw8Ci9UeXBlIC9Bbm5vdAovU3VidHlwZSAvTGluawovUmVj dCBbNTIyLjcyMDAwMCAgMjcuNDM5OTk5OSAgNTQzLjg0MDAwMCAgMzUuMTE5OTk5OSBdCi9Cb3Jk ZXIgWzAgMCAwXQovRGVzdCAvZmlsZSMzYSMyZiMyZiMyZnZhciMyZnRtcCMyZkNHSXRlbXA1MDcy OS5kaXIjMmZkcmFmdCMyZGlldGYjMmRvYXV0aCMyZHYyLmh0bWwuaHRtbCMyM3RvYwo+PgplbmRv YmoKNjIwIDAgb2JqCjw8Ci9UeXBlIC9QYWdlCi9QYXJlbnQgMiAwIFIKL0NvbnRlbnRzIDYzMSAw IFIKL1Jlc291cmNlcyA2MzMgMCBSCi9Bbm5vdHMgNjM0IDAgUgovTWVkaWFCb3ggWzAgMCA1OTUg ODQyXQo+PgplbmRvYmoKNjMzIDAgb2JqCjw8Ci9Db2xvclNwYWNlIDw8Ci9QQ1NwIDQgMCBSCi9D U3AgL0RldmljZVJHQgovQ1NwZyAvRGV2aWNlR3JheQo+PgovRXh0R1N0YXRlIDw8Ci9HU2EgMyAw IFIKPj4KL1BhdHRlcm4gPDwKPj4KL0ZvbnQgPDwKL0Y2IDYgMCBSCi9GMTAgMTAgMCBSCi9GOSA5 IDAgUgo+PgovWE9iamVjdCA8PAo+Pgo+PgplbmRvYmoKNjM0IDAgb2JqClsgNjI2IDAgUiA2Mjcg MCBSIDYyOCAwIFIgNjI5IDAgUiA2MzAgMCBSIF0KZW5kb2JqCjYzMSAwIG9iago8PAovTGVuZ3Ro IDYzMiAwIFIKL0ZpbHRlciAvRmxhdGVEZWNvZGUKPj4Kc3RyZWFtCnic7V1LbyO5Eb7rV/Q5wHia ZD+BIMCMZyZADgGMMZDDIodgNptgYS/i7CF/Py21JHezRH1kdZH9kGzs2uao2cVisd5V/Pjn7//I /vV79vHx+3+yH8efj993+UNetv1XlnffH4YDunkwOt9/ZY0yD1V9GP3xunvL3nZPu6fu/287VR0e PP7o/vH0ivzw/fuP33Yf+5fv+pHvj3/tfvtfprO/dP/9mv30927w5+N8+w+87pq26uDIc2W6P1+G fyqTF+ahA0p147n95/7D/9797Q/Zb3vA9ENzAF71AA7//FDots3zbqSaBPLb+6MPVW5arcqqcf4+ nNiYIzxFZkyuH4rDr687U5TdE91X2Y2rcr+2brzDQaWK/YeUtsd1fUCAHs7z4ph/j55fBjC35vjl /H0E8xC2jjjyE8zDdxX54XcC22h8sJbzPC+O+W2YhfDsgNkFg2tfYuD58l6/jse98HyZNly0JITn uq376dWYnuu26cFRYxis8TPMg3leHPOL0fN+6gOLUWPaaPKeb9iwWePntQzmeXHMHwnPDphdMLj2 JQaeL+/16xhvXni+TBsuWhLCs9LNEYgxPXfj+vCHBYM1foZ5MM+LY34xeu7mNM0BnjFtdOOlOgnM MWzD8eFaTvO8OOaPhGcHzC4YXPsSA8+X9/rVGvfB82XacNHSGOaTmtYSpSVI96mKveRqyrJT9zJV Zv/9Z/eWp4Nuw9Cg1OF7CEw/4tCg3q48+Pl59/Fblak8e/4l6yH40P947qH+0IFdVdnzz9kf90D9 KXv+dbdXGI8D+jBQvw+Yw0DzPlDYn+jn+Pp8XH8cXBda5yvEdaGNWh+uy7bZ47peF6qrvI2Eaqal 83blwcOC1N4Wu7SiUu/PaZVbtFPbC2rggor3gUf7E7U90BwGyitv+WIPfLUf+WahXuU26AQO8lp7 DvJapdBqVQN33AZdE0jhI+S1RY8xpd5H+llVfh4x/Wpam9Rq97RG25PkJRmBs9C9sZFEsUZoBNKZ +mJPWtvbSfbXnpTuL6ER8trP9iM2neHVqsLeGUjvqkVvoduADxF+BB/VcOKda+fs11JIyVtsrHPg IGshBGMv32NvyVu+vIuRyfJAVc7VhTNVD3YHRQg5dHQAkhDd/iQCgnMKbWbIEDLqk/0We7UanmRM 2+Qtqgrmjh6Hbsv0kYYZYo6itADhMqQFlq9ENSC0Th4h24APEDy3FEEpt1KGsb8biRJKuoAsTHTo PqGtuxs+wXxrKYZP3oucd2W6MIjXpTFQ6D4sRRFeiAmzYotldabDRPlRaUuAeKsLMoKrqFwYwIyJ kjvZCbK9hEGQ5WJJhrmOTQB08whFYAIgLGQeMwerSx5beTc/J4vpeUQMh4LWe7Ixr6dUiN9C6PST IEOti+Os5htRqBiK/lLI7rbMmnC91oPFYoUK65PQ/qaAEdBtTxKlIHLIFBQ5Ag6Ku5kHQJcw80js SvWPXI1MXQiBPVqg6EcyDdlfcv77ATXYCyz+CaZtSGJaMjIiommdCKAvJioT1m19YxpXqJOSGtSP 6cEiwhsfLMwkJDyhSWSo+RwsMzxQKGHrEh82OULQradL+xGGh8FeiyGTEqLjcIxwaUZFJGYy0G9h vkLxRnYKCy97+2nwKYqohqulcGAVigBG3rIsi3uqNGjMWBwsnbeJSL86L7yJiLI/fEKwoRqDZqiG pAv7RNjyQMRLC/fOQ07jg7gatkPXQnCKo57YYYBZhu3FpyQUrrsz9Di6Fkjb2G9DMUb12PWqNiTs lUg5lpEpOr8z2etM1sH+ZISbap2rYbh/YKyUnFWO0zWKv1DC5MQcEvqcPRT3hStd2zAoCcZIlFvA N+4RbScWpoBmw0/wmshziiOzPzOdW9ePtuxAZngtXMuXEXWmcNID9Fl6wI5pKjyZ1yNRhqFikyAN do5AUcdJPsKsHUolERnM4KCrzwKaREGuAP3Ec2pqeFAh8/dAIs6YJ/KRPAI1isXGweniwhHkIS4J e4T5S/hcinh1ZtU4ZARZ0TrRftdSArUUyVSauq5Ps96TyEP1qXmyCy44ArGWxqgvxE5MnAYDFYhE ZTlYayXLhwxTwkSnGOMEX+dJ4GLU8Hqk1WKJypD9RKEId6VyNG7if8EqmBZk7a128gecmrye1MNw A3QpVYseeUcMY5pMSvxxmF9ycqZw0RFDj5XwHWB+SZcbbizFKR/FAY0kJjkjr4hT1xpOMSIyZ2G5 i01+0sm35LMxOdxLO2xMRSwOLGMEEXpgsCVGJgahS8iWscZlFORKMYpF47h4cSCWnIZwp2ciST+w 0N+7j/X9jrsv5++jplken8cttQJfemBP7b5/3AXupKsDdzp7DDRxmBGWT84roRx8oh0x7EHNzzFR lhxpnMLVXqFY8t4aakmazEp4XE+Q1fskRMF9tOYgoB7dHdcYOFm/Y9I5G7e1eXOCDmYDXdDQGOlA OCsD++pxTdJS+kOFBwg53giP0AR0TnMqZRl1sIxsofX2CxOxLdOESDDoBIUwO8JDzUkTlmYYcNg5 5auQTTVH6sJi1AvJfSFv0Upkvb1c0sZJu9iWlMjAXjEbXorzzSOBDHOqGIkJHmW+jAqF8NJphk+Y UdQcBUEeDk1CMOS8QBRyutClJO2peY1VPmZ2W/I1RanImGm1ktH+trz3yvaVfQuJ9kfqlb2lgN+K yw3i5OyHp8J6mLELaZPiUTZPSjgiau1T2XKlLL68PZ4qI7nOt7HMlXUV7l+TKE+78+mF8mmiDDJa rDKy2FeDMUYhHcf/EJ4xELPP1lSbrCnHvG6D0mAmDVtGCDUnMR1LK0/T4CYJY763rwGSnOoLAg2Q bq3RQIz6xPlqjYt8zGY4ewXrvjy6uTJqlLYnqWRERlv57yUxoLHNjZPyfWNn01gXPFRz9sTEpAhD Px6UF56aGiffgJO7naTf5VzR8mXVU4obDVVjMZoYFZacK5jg7nq0tOJnhUqw72J/2bcvL54pNZ8O 4MYw92w6RN033pz13mockdCs4cGpIqNuLeYmkTwKjx21IsJvdZzJVbH0BgtFrqOK/ygdWDgBQ+wQ YlQU40dipH549NFbSEvYNacwC6R1MYSQh2szYlePIi/PrUnveT5LFuTL8I/gwsNwjyingWF4TbGI mbI2h8G1MEQUWb/iHASJWA9bDE3l5W09ZuYMB5qHs9+h28gIokry3oUbP4f8fjJBuq4E88cOpkRH lRSsYXrA4uDGVeokJ9kj0QEf/tkK55SyuN9tq9Ae9RiOgjYZKdQUrvUz6N9D58TNWLGy4xHGC0+F 5rhLGKVkuNpqntTHG1cgOFhn9NnGgosoMstJwTxy7neOsSn9iOELjaHseIAORTeNlWHexsja812+ jKBqWyfKcKYzZm4CbUWi6KlpUpAWo4QxMoWwcRgeokhzb89cqr6gO13pe5Nsrsi5PXe60fhNuBSA 4euL0xUHSxXciyRGH5HbOkYzcVHBe/sKVegJW+eROxi+ER55LwLpdqTzqYgjV8KRKdAX3YNZ363w 50AjDJfSxmhxj9kS7je7WNJeccwyadbP5PvW2zGvnyvQ4ZDsMpKsrMezXmNlWF5I7LdACeNyqlFg zv9MNwl4mNQCoM/l+Z5JjZ/JPcDwUWJSnqtKZj52b0qLIabJlQy/sGLpAXcZwVRrJ6gCvWe21UEa U+p2u/gX+qygMbr460/oE5QwyED/2kEHDeXwZ13j84RCHbe8Dt5LWvST1vglfC3pyP94gVLICe5H 4nTTL3RtxphtbTxeS8eQcBRil034jSceYnq9XUrpjThYE8b2NjZA8OVO4XBIdDfZVNfWcF/bik+l h7QlA9jTTgQTduFAjGEPVqTWTnQ1cTTyKm/H4sBjf4nAF/T66+Z0ecC2j7dEZg126mJ/A6O6RSIn EhvcWN0OrwZOlDeC6ZTRg4FgDFZHc1QdjA/qXYDLTVN1elsB3jR5Eq4DM7lSKR/z+rRpcyY3zu1d SGgxzfZy9EGBg7kpVTY8/51uFKObToyuhInE44rLocJjQB4N+pM68Gc6lpNvFlMW4571cMtIIdWA 11xDK+PSXex0vXsCAQoX4gmM1U46iuHi68iIbOle4KrY9pUIWOMmdhIJHfbmkkxkSg8CblyPE4Jr OxmevVR1uU2BOLVI719l+vcY40S0RJ7cQnLtt5RrJ9J0QOKYYc8nTEX1sCnI/UsO9j+54aCxzoNg dY6pTm0MzTdbjHLobCaGL2EBMLIv0nRQousP1wAY5hwhZ5x8MlNv1C1p5pwWApvSEOepsha5UMMj PxGGaXwSJX1LgmUkRH2+PA57bzD7w3pYjHa6uBkevpGRIUKiONEYl08vpVbbQ6ki+4IDeVgvxXEM QZWqyO/9Qx1HaiGBvGQupMWWPODN3LLSxbkDPcmFpQz3IM7z4JRdChSrYFvAJ3sC3siGbX0JUKNW xBWqdW5meLWOxCVunNAeo+UCvAaWkSuQJp58Y9zQ19N1V1KdcCxNSS0ku/LMlIEwZ9v3hVRe3hgj ihH4EUnBwd4ySt8eXUsZpZo4xOjbPvbaenH8RILsIFulggjndfjyOxk+W03p23M35MFqlyQRCBrJ 4YUscVPpgWmqTWDUihNhYDhlGXIY5k5zWo5iH71EthhmTNidLhH3xemjBB9ChWK5xd0dJCMjROra f8HYDcVodb2ezqUMay6GxpQme5z6rUnWamHC+aFAwi1juZu2bRKZMrCDA77fVqTNKW5TQwaIIJco x3EQnQxXbrVz/UvhdYIeo1KfZ8UWVHgSCyU7yGNxbpVHIuA8aY90p3C7FoxCiQhUylvSJokL1k3t 5L3hJjdZDKdv2VJ1sk0XeIok32w6pC8oHffN7Vyv2ZIah/klPmMMP0iSmC4jn40TKoRKK25yiLkB w8uRxk9GDQFGA6k0NZMSJBWDkc21cwxaZ0vxqUy5qAFXXn84QkZulYmVkot9Msv2+EXWYP+bR/9L 92QHhFTX07/PZUeaFERrm3MRK7dnIZW9l4MD8dmeo7EHSNOx0v5EZW/D5SPDRYRpqzEmCmUtS5EI krKRdTzGw4/YjP/YGbR1r5R84ugAPKy0+87euvWq6gD48cePV25Tzafsafd/ARtWb2VuZHN0cmVh bQplbmRvYmoKNjMyIDAgb2JqCjM4MjgKZW5kb2JqCjYzNiAwIG9iagpbMzQgL1hZWiA0Ny41MTk5 OTk5ICAKNTMwLjQ3OTk5OSAgMF0KZW5kb2JqCjYzNyAwIG9iagpbMzQgL1hZWiA0Ny41MTk5OTk5 ICAKMjYxLjY3OTk5OSAgMF0KZW5kb2JqCjYzOCAwIG9iagpbMzQgL1hZWiA0Ny41MTk5OTk5ICAK ODEzLjY3OTk5OSAgMF0KZW5kb2JqCjYzOSAwIG9iagpbMzQgL1hZWiA0Ny41MTk5OTk5ICAKNTAw LjcxOTk5OSAgMF0KZW5kb2JqCjY0MCAwIG9iagpbMzQgL1hZWiA0Ny41MTk5OTk5ICAKMjMxLjkx OTk5OSAgMF0KZW5kb2JqCjY0MSAwIG9iago8PAovVHlwZSAvQW5ub3QKL1N1YnR5cGUgL0xpbmsK L1JlY3QgWzY3LjY3OTk5OTkgIDY5OC40Nzk5OTkgIDEzMC4wNzk5OTkgIDcwOS4wMzk5OTkgXQov Qm9yZGVyIFswIDAgMF0KL0Rlc3QgL2ZpbGUjM2EjMmYjMmYjMmZ2YXIjMmZ0bXAjMmZDR0l0ZW1w NTA3MjkuZGlyIzJmZHJhZnQjMmRpZXRmIzJkb2F1dGgjMmR2Mi5odG1sLmh0bWwjMjN0bHMKPj4K ZW5kb2JqCjY0MiAwIG9iago8PAovVHlwZSAvQW5ub3QKL1N1YnR5cGUgL0xpbmsKL1JlY3QgWzMz MS42ODAwMDAgIDY5OC40Nzk5OTkgIDM5MC4yNDAwMDAgIDcwOS4wMzk5OTkgXQovQm9yZGVyIFsw IDAgMF0KL0Rlc3QgL2ZpbGUjM2EjMmYjMmYjMmZ2YXIjMmZ0bXAjMmZDR0l0ZW1wNTA3MjkuZGly IzJmZHJhZnQjMmRpZXRmIzJkb2F1dGgjMmR2Mi5odG1sLmh0bWwjMjNSRkMyODE4Cj4+CmVuZG9i ago2NDMgMCBvYmoKPDwKL1R5cGUgL0Fubm90Ci9TdWJ0eXBlIC9MaW5rCi9SZWN0IFs1MjIuNzIw MDAwICA0OTYuODc5OTk5ICA1NDMuODQwMDAwICA1MDQuNTU5OTk5IF0KL0JvcmRlciBbMCAwIDBd Ci9EZXN0IC9maWxlIzNhIzJmIzJmIzJmdmFyIzJmdG1wIzJmQ0dJdGVtcDUwNzI5LmRpciMyZmRy YWZ0IzJkaWV0ZiMyZG9hdXRoIzJkdjIuaHRtbC5odG1sIzIzdG9jCj4+CmVuZG9iago2NDQgMCBv YmoKPDwKL1R5cGUgL0Fubm90Ci9TdWJ0eXBlIC9MaW5rCi9SZWN0IFs1MjIuNzIwMDAwICAyMjgu MDc5OTk5ICA1NDMuODQwMDAwICAyMzUuNzU5OTk5IF0KL0JvcmRlciBbMCAwIDBdCi9EZXN0IC9m aWxlIzNhIzJmIzJmIzJmdmFyIzJmdG1wIzJmQ0dJdGVtcDUwNzI5LmRpciMyZmRyYWZ0IzJkaWV0 ZiMyZG9hdXRoIzJkdjIuaHRtbC5odG1sIzIzdG9jCj4+CmVuZG9iago2MzUgMCBvYmoKPDwKL1R5 cGUgL1BhZ2UKL1BhcmVudCAyIDAgUgovQ29udGVudHMgNjQ1IDAgUgovUmVzb3VyY2VzIDY0NyAw IFIKL0Fubm90cyA2NDggMCBSCi9NZWRpYUJveCBbMCAwIDU5NSA4NDJdCj4+CmVuZG9iago2NDcg MCBvYmoKPDwKL0NvbG9yU3BhY2UgPDwKL1BDU3AgNCAwIFIKL0NTcCAvRGV2aWNlUkdCCi9DU3Bn IC9EZXZpY2VHcmF5Cj4+Ci9FeHRHU3RhdGUgPDwKL0dTYSAzIDAgUgo+PgovUGF0dGVybiA8PAo+ PgovRm9udCA8PAovRjYgNiAwIFIKL0Y5IDkgMCBSCi9GMTAgMTAgMCBSCi9GMTUwIDE1MCAwIFIK Pj4KL1hPYmplY3QgPDwKPj4KPj4KZW5kb2JqCjY0OCAwIG9iagpbIDY0MSAwIFIgNjQyIDAgUiA2 NDMgMCBSIDY0NCAwIFIgXQplbmRvYmoKNjQ1IDAgb2JqCjw8Ci9MZW5ndGggNjQ2IDAgUgovRmls dGVyIC9GbGF0ZURlY29kZQo+PgpzdHJlYW0KeJztXcmO5LgRvedX6Gygq0WJ2gDDQK8GfDDQ6AJ8 GPhg9HhsDLoHLs/Bv2+lcqlMvqQeFQpqyVQVZqqKraSCwWDsEXz756//SP71e/L2w9f/JN+OPz98 3aVPadEcvpK0/X5zOZDVT3mW7r+S2uRPZdWNfvuxe0ledl92X9r/v+xM2X3w+KP9x9Mr0u7792+/ 7d4eXr47jHz98Nf2t/8lWfKX9r9fk5/+3g7+fJxv/8CPXd2ULRxpavL2z++Xf5qsqZqnFijTjqfu n/uH/7372x+S3/aAZU91B7w5AHj55xtrs8badtJyFMgvrx99KtO8yUxR1t7fLyfO8yM8NrFNk+2X l1bt0nNbtJ9ov4qkaP+xe6ba46A09sm20GfueFZ1CMgu5/numX+Pnl8uYG7y45f39yuYL2EzVfd7 B/Pru4o0T/dgurA54xdrOc/z3TO/C7MSnj0w+2Dw7UsMPN/e6x/X40F4vk0bPlpSwnNjq+5dxl7T c2Pr7l3t+BUMzvgZ5ot5vnvmV6PnxjbdXh9gvnhXYTp8AmzX4xdrOc/z3TN/JDx7YPbB4NuXGHi+ vddX9ByI59u04aOla5hPYq0BJj9IVpTWJrktW7xldVIn//1n+5IvnSgQCBzTfV/CchjxCJyXng++ f969/VwmJk2ef0kOELw5/Hg+AP1mD3WTPP+c/HEP1J+S5193e/l6HMi6gep1IO8G6tcB6z5xmOPT 83H9cVBd7P9oUW2KVeF6LzzWh+u8WCWu8zIWrl/xfFCE2y/v71d6Y8DzFBlDX9qhqtnv3g1UZWXH AbLTKrPSxcN7d+BdN2DPA9kH9sQRlz0DWd0NGOPfEFN1A8XrEx+7gbLnIwDZYdubHsiM+8QHZ8AU 7qTwWneOIxzXpDPMqHjp+WC3we1JaA2hGztcZN0OF+YEbumusHIXVLuYztwnProDn9yPfHZOnEnd 8wSbA69154DXHjENp/Z1P01ND7oLegaQ0o/gW1w4bAYE7u6DzdkkiFT3vQgIbK6H0dmevQQCz4Z/ BAADmgI4gB5g+wu2U0AgfKf4a5HIrHukAA5gq/Ba9zgYl/HiQOWeD6CPj/McOve1HFK+cwBpwFYC ToEcGroWgGM4Cn0cpRMIozl7WW4kpEZC7xQ3prGn/bdUZbhnjoqyzx4OhEnPI/lHl4UaNi3yVCra ApYH6i7gjJIqJ3fcbjh2wJiGUzeeEGAQcKi4ykGPLsIBtMz5MhAVrIXuiwr3Bzi4dkBXm8FBdfc2 M+5aplkcAAa8nrMl+tqA4+GS5dGAGiTqD4CZIVIIN8ZqiIMyM9fyIMDAUlQQqlf3HmznZvo9jzT9 opzMYAKZXYOKYz5RortxumPg8MFNYW7X8tVO48TAI8V9kKBgRmXC2Zn5b0w4PhOOZXIg2wEscoUZ 8CyYI4rEAIOKwoHnjn7Ep2QNMuzAkOeciss2KskfSz5smk0YknXkQ35S0iNpQ8PtZwQE9p97YBci 7DcPXAxxGMWSF7j1onicbhwqfoZgQOAecemf+8IEMhY2N3c3BumBywNuUXC3JuwDuFe5rktJKGAb PEgeye1N3qVcVYX1ogjYLic7rlItxBcisXUUHN8zBbHiHBAeOwDAhpM/HCEf4x55HlrFxzkPihG4 qs68skzgDNoM9/gcI5KmIgENNsI9eAFRic0qf1a3yje/7mgxJIgVRrS5dXh9U/kAiRNLB2Lnlg23 7DlgECrWUNNW7JRZ7GZTlTNABgtM4RVr3Ap+nvyzqz5IVrcU2l7xXmpYT9R3qJSeYfJrAYKggdau KLhqczJSMPcMkMa9p9QXgrQryD7S0ME2c6ofdA3JDqaSOXzkwppKC3fkhsXlirtjzc/lNAJPBs9G BkRzk8tzVgfRKsXrDecwTCJIctRIpqFoDxC8wPC5rLo/i0qHu2eVlx5Au+Oef9hLRW9ZXRSn0w0o 4nwWNsIFNYdJecpmAIfYhNfdCi+eWI8nBuKNPNADx19ChgJBdX8cc5DHjcvpmawMfhy4H4ebUHxf aPZRQJxHxUA6iofqQSk31AydPOtlksixhsNRUr4BLhc4QTxzQEG/jsP7ZjovwycNcElwq8ajtGrk ZvedBgCdLh9JmwqYAJ19WeQw1lmWlo4wWJrBVRe+zZMwboiTUg08oKQaOLmGb5wHD7iJMpxUVZLZ I6anbGZfMOOey+zjybvvXXwAf9xS98lbJoqlFFl1zYQDiuO5uc2Nx4BkXU7NAb6C0EwKFVHWpH7Y Qe0AhkiXm3+izGx48FBSuj3c7RlFQKDAFIQSppE6PO+c21OUq6yo1Jl7hamHJiAMHlD8R/W2mXIL ArziXD/ghApzeAT1WPZoqmv+KMmD4DVT3J+C3I42VBGYpQH8UCG5RNMIa4zfCFuvRfVYKuM0Xu4o ZywgQxo2ilplU7Wc2EzMftDlkcXRpSqVw9tCxV3sggDupaHqIMKhmFnQ2Pw061aHs+QTEr0OR1LM DLsr6DnDCYJv5kOpAwGVisMT3IMTa/uSQobnxPN+ewG2Dq0oF2iY3CoL6WLHi71oxagc1LHhpNw4 AsLDmHXkUFF7SYL7vnh4WWBSCBI8Bd5RgANcbjS6HlBSqWG3bUy2n9tJ3Km8g/VMCpTArQvEzzuU cq2M08eFMnxnd38UaXZmioK7P4AMht/9cbwI4bJm60CPDaXHnms68HaQT7elYO0SaN8xgDngdhC4 P8TDNy+XC5PAFR1AobPfKFKkhXNr1DijzoPqvpCGRgsfQUWVJMlU4ClYCpOep91/gA7DufaSqqEE zep5vCmg2IeSYpw+P8PdGEgCCoZ/gJ9LYLUC6K6iO03/9knbiBdpZX1InaYcesbTyykvIJkCcBLF j8XnEFSZacgzhYZzcRLcebMHjZRe6qUJmIOXZSqIYjwx0DwTEvICInCThEYiwR6jpYjEKcfp0COH xwqArknbpQTg/lI4RHB2ecS1UJRedeN7TQCeadY/ws4daryZCTBEHtce7sfbDA3GqTXOoYasX3FT 24DKGp6xLVBc4Fi+YziUBIs0QoVL1Q8AyZEiQfsb7a/5tCCnT9CVS1xSriKWTHoWqbTSLuAcxrgS bpoW3gFRTOBl3Ayl/ZNUQnZAl7zW3SUy5DrcblkxO+SZhLAWHijVqDoWNMZEJwS4w90B40YeVMKe 3G3HlRDu6eNGmcBJye/T1stGK0x+7gr9WFehT6P6wqQg2GLk1gScbR5s521eNG57AtchJA5oJEEJ LBBBQx6BXjuN0hKqtUYuQxPk9yy3VbkgRVLs0xvL6WvrsPpZvT46cstWPsjAuSZJaBQUgHBi5rox b4usUbrzUE6uSU/qoyJ5rit1BF1NNIpO4C0BF25H4u2mdtjhUjz6XBcW82kdCVKGi0MkGo4hWIzG RWXDNag1X2cgyAfX6LDBK+glJpjGPgiy3TU6xUVpUSZw6nBxCK0OuKUzT3B+0iM1ll+mZijDlKxG 4E3Rux9JR6RU3v7W9639KTjTcFLB8Y+SziTQWwQe7NUrZYMyYu/57pZpmq6vS4A0DntcbwqApIrb XUtAeDvUla4jt5qTZI9V6b6lDBO2GyVlWDFOmGXnWbc44UDVZrYr6SWpJ7wamO8dD9lRWcW9g4oN KgfhY7gbJ8CfoMFkorSO3TzhQxnGlJ7w0YFBl7fDeod3UhUszyjqMll+7raLPniazhhgQwi8hYKQ FA/zcT+mxNgVOJhpCodG3SFPvROw/0dnVYt12yjs3IrvTInpQBjLYwt7zWTv8MToiKFiFoVgGQXC M4k3FWkmuBdn+JEPYF+CRq93xAIFVWWIIEEnUPDU0VTBpSR1oa3Pc34FJnWoljFazlTXXHTaQF5W PsiVHeuX1rH1W00fanNq7DiTJ2amPB5Bc1QNV+aao470aG83O0fgF5No6rNFA+7pPCzIIq6La94+ V7LklLdxFXlaB8O+oibmG8scyjKjuBCh1mZ4+eJMt07PlaCtWJAwubp4x+2E82pMO2FIidnaCTtw eMpFx7UTxllrmBXIHGaF1QDOPOlqkVGUW3cxuLysYnR1bNpgQADBye9BSQZPuLSZFe579choznbR Nj019sk/A20JdO4o+XY8jYmr+oISp4fSnwLyfKKUjW167UDVR0OvjRMqoJsNMQzehOQOU9g13JFj 7/c51FG9Mn+0SejOIPCh7S5U7H6bWR/SJEUvq0nyV+mlq9L3cZyf62L3rywce9PC8T8VohcFvOBA coWP5rK0JkRn3NWjnQUyh86BsQaXTnOPEOrzPn28uQvJJFpnnloHkby0mPdMkvgYuGcXXuOxekfy s7x2UCKJyWlkGPLcGJ7XoXB9vUqQDgmAT0ITbAOydmcNIPQxeJ6k4jG7dKS19Yu8aVL/H1wFELQf mCiczmNwGmVucwXl8lbPuKb/x7Je50k5jZJuORGDmIn7rb7qX0dOFYVvuSvq4yygfmru6dzhQi9B FXQlnsYjFMD8PAGAvmRLTyr1SFrOGusQ80xK12JNDIjra9xYtfm2h2oHC0uLtfX5vnM3ivro9jTM MbykQaVbeJTyO6rqaGTBST4C20ArfFGh4JwNuAF3ngj2cunZiH00xXvgDMfyUlxFjyByRofL0mvx gJEtfscNqByagqs5ZXdFyuK4I2UwB+86T+FcsS04vC91QHnXNDbpxtwGHtP1eNsmSkCZpA451s17 x7DgmbVPW3hamNyHxaUYNhIi4l2ENjY0lg2puAoFpcs8qyWgQ97w8naVS3y4+bSZfgSOgBCnhi3I QynD7ysTiCEtIVM6zH5aIZPVk5KIRPdfSlxwMYw5iu98iz8Rljlp/KkvQPtYkaMoF44sdrU6MqXM r3m7SjE/pzKuDlMUabb/LOxgmdpnMHPddrgIuaHtCVzfw61/3pkxoOkYd7AupF5pRbmoAdYPVctQ pAIjipKwMpNFLYhhLqQZ3nKSJAuTXnPMzdilcChGj4rKnGaFPpx4mgVJflv/E/La1fj+pynHXI6y w4NlGh0WAxrKCiT1PHY6Uio9QiEKkstDOSFKSmC4v3i4eyhOfwNupyu2kN57CY+z8uaHvKM+6Pbc pSDwQtx1MpWKJ5tb0DzvQYNR3VN0YCk6R2j8YOo6kzjccBIv3eK1krG8viqumb3cb6cidfZNKkLJ aqIYzDRt+ARJz5Qfxrz5sU8t2QIu/brPFnAhe7uV6jBRv9y86aJyGLliwY+GsNcRU6YM34mlVAAJ fBIBt8txebll2ymdzJ5gmiRUppDkJkgb51rb1mJwCgqK0WIwWPEdfT9P43DhGMqgokvCaS9dNMcv WLf7bwFto/2TdUgs+wSZrYpzAyqofoVGzGDGHyikdBF0QRDv3Tlqd8C4O1e4T5TOE9ltGpIiIm/K a0xY4yzLQBoaNly28IjLb7N37mfclcITx6s4upW238lLu15TdoAff3z7IW3n9iX5svs/+oARr2Vu ZHN0cmVhbQplbmRvYmoKNjQ2IDAgb2JqCjQwNzUKZW5kb2JqCjY1MCAwIG9iagpbMzUgL1hZWiA0 Ny41MTk5OTk5ICAKNjYwLjA3OTk5OSAgMF0KZW5kb2JqCjY1MSAwIG9iagpbMzUgL1hZWiA0Ny41 MTk5OTk5ICAKMTc1LjI3OTk5OSAgMF0KZW5kb2JqCjY1MiAwIG9iagpbMzUgL1hZWiA0Ny41MTk5 OTk5ICAKNDAyLjc5OTk5OSAgMF0KZW5kb2JqCjY1MyAwIG9iagpbMzUgL1hZWiA0Ny41MTk5OTk5 ICAKMjY4LjM5OTk5OSAgMF0KZW5kb2JqCjY1NCAwIG9iagpbMzUgL1hZWiA0Ny41MTk5OTk5ICAK MTQ1LjUxOTk5OSAgMF0KZW5kb2JqCjY1NSAwIG9iagpbMzUgL1hZWiA0Ny41MTk5OTk5ICAKNjkw Ljc5OTk5OSAgMF0KZW5kb2JqCjY1NiAwIG9iagpbMzUgL1hZWiA0Ny41MTk5OTk5ICAKNDMzLjUx OTk5OSAgMF0KZW5kb2JqCjY1NyAwIG9iagpbMzUgL1hZWiA0Ny41MTk5OTk5ICAKMjk5LjExOTk5 OSAgMF0KZW5kb2JqCjY1OCAwIG9iago8PAovVHlwZSAvQW5ub3QKL1N1YnR5cGUgL0xpbmsKL1Jl Y3QgWzUyMi43MjAwMDAgIDY1Ni4yNDAwMDAgIDU0My44NDAwMDAgIDY2My45MTk5OTkgXQovQm9y ZGVyIFswIDAgMF0KL0Rlc3QgL2ZpbGUjM2EjMmYjMmYjMmZ2YXIjMmZ0bXAjMmZDR0l0ZW1wNTA3 MjkuZGlyIzJmZHJhZnQjMmRpZXRmIzJkb2F1dGgjMmR2Mi5odG1sLmh0bWwjMjN0b2MKPj4KZW5k b2JqCjY1OSAwIG9iago8PAovVHlwZSAvQW5ub3QKL1N1YnR5cGUgL0xpbmsKL1JlY3QgWzUyMi43 MjAwMDAgIDM5OC45NTk5OTkgIDU0My44NDAwMDAgIDQwNi42Mzk5OTkgXQovQm9yZGVyIFswIDAg MF0KL0Rlc3QgL2ZpbGUjM2EjMmYjMmYjMmZ2YXIjMmZ0bXAjMmZDR0l0ZW1wNTA3MjkuZGlyIzJm ZHJhZnQjMmRpZXRmIzJkb2F1dGgjMmR2Mi5odG1sLmh0bWwjMjN0b2MKPj4KZW5kb2JqCjY2MCAw IG9iago8PAovVHlwZSAvQW5ub3QKL1N1YnR5cGUgL0xpbmsKL1JlY3QgWzUyMi43MjAwMDAgIDI2 NC41NTk5OTkgIDU0My44NDAwMDAgIDI3Mi4yMzk5OTkgXQovQm9yZGVyIFswIDAgMF0KL0Rlc3Qg L2ZpbGUjM2EjMmYjMmYjMmZ2YXIjMmZ0bXAjMmZDR0l0ZW1wNTA3MjkuZGlyIzJmZHJhZnQjMmRp ZXRmIzJkb2F1dGgjMmR2Mi5odG1sLmh0bWwjMjN0b2MKPj4KZW5kb2JqCjY2MSAwIG9iago8PAov VHlwZSAvQW5ub3QKL1N1YnR5cGUgL0xpbmsKL1JlY3QgWzI5OS4wMzk5OTkgIDIyMC4zOTk5OTkg IDM1Ny41OTk5OTkgIDIzMC45NTk5OTkgXQovQm9yZGVyIFswIDAgMF0KL0Rlc3QgL2ZpbGUjM2Ej MmYjMmYjMmZ2YXIjMmZ0bXAjMmZDR0l0ZW1wNTA3MjkuZGlyIzJmZHJhZnQjMmRpZXRmIzJkb2F1 dGgjMmR2Mi5odG1sLmh0bWwjMjNSRkMyODE4Cj4+CmVuZG9iago2NjIgMCBvYmoKPDwKL1R5cGUg L0Fubm90Ci9TdWJ0eXBlIC9MaW5rCi9SZWN0IFsxODcuNjgwMDAwICAxOTcuMzU5OTk5ICAyNDYu MjQwMDAwICAyMDcuOTE5OTk5IF0KL0JvcmRlciBbMCAwIDBdCi9EZXN0IC9maWxlIzNhIzJmIzJm IzJmdmFyIzJmdG1wIzJmQ0dJdGVtcDUwNzI5LmRpciMyZmRyYWZ0IzJkaWV0ZiMyZG9hdXRoIzJk djIuaHRtbC5odG1sIzIzUkZDNjEyNQo+PgplbmRvYmoKNjYzIDAgb2JqCjw8Ci9UeXBlIC9Bbm5v dAovU3VidHlwZSAvTGluawovUmVjdCBbNTIyLjcyMDAwMCAgMTQxLjY3OTk5OSAgNTQzLjg0MDAw MCAgMTQ5LjM1OTk5OSBdCi9Cb3JkZXIgWzAgMCAwXQovRGVzdCAvZmlsZSMzYSMyZiMyZiMyZnZh ciMyZnRtcCMyZkNHSXRlbXA1MDcyOS5kaXIjMmZkcmFmdCMyZGlldGYjMmRvYXV0aCMyZHYyLmh0 bWwuaHRtbCMyM3RvYwo+PgplbmRvYmoKNjQ5IDAgb2JqCjw8Ci9UeXBlIC9QYWdlCi9QYXJlbnQg MiAwIFIKL0NvbnRlbnRzIDY2NCAwIFIKL1Jlc291cmNlcyA2NjYgMCBSCi9Bbm5vdHMgNjY3IDAg UgovTWVkaWFCb3ggWzAgMCA1OTUgODQyXQo+PgplbmRvYmoKNjY2IDAgb2JqCjw8Ci9Db2xvclNw YWNlIDw8Ci9QQ1NwIDQgMCBSCi9DU3AgL0RldmljZVJHQgovQ1NwZyAvRGV2aWNlR3JheQo+Pgov RXh0R1N0YXRlIDw8Ci9HU2EgMyAwIFIKPj4KL1BhdHRlcm4gPDwKPj4KL0ZvbnQgPDwKL0Y2IDYg MCBSCi9GMTAgMTAgMCBSCi9GOSA5IDAgUgovRjE1MCAxNTAgMCBSCj4+Ci9YT2JqZWN0IDw8Cj4+ Cj4+CmVuZG9iago2NjcgMCBvYmoKWyA2NTggMCBSIDY1OSAwIFIgNjYwIDAgUiA2NjEgMCBSIDY2 MiAwIFIgNjYzIDAgUiBdCmVuZG9iago2NjQgMCBvYmoKPDwKL0xlbmd0aCA2NjUgMCBSCi9GaWx0 ZXIgL0ZsYXRlRGVjb2RlCj4+CnN0cmVhbQp4nO1d32/juBF+z1/h5wKbFUWJloCiwG5ur0AfCiw2 QB8OfSj2ei0OyaHpPfTfryw7jjSf6Y8ckbKsOMFdEq5MDYfD+T3Dj3/+9o/Nv37ffHz49p/N98PP h293xX1Rt/uvTdF9fxgOlM29LYvd16Yx9t5t+9Hvz3cvm5e7r3dfu/+/3BnXf/Dwo/vH11cU/ffv 33+7+7h/+d1+5NvDX7vf/rcpN3/p/vt189Pfu8GfD/PtHni+a1rXwVEUxnZ/Pg3/NLZwzX3T/d6N F/LP3cP/vvvbHza/7QArd/+w+9gewOGfH6q6bkt7XxZuEsgvbx+9d4VtS1O7xvv7cGJrD/BUm9KW bfdUUdhu6baq+9+LuhuvyvuqH+9w4Ey1+8OUcrzcdsvYjx/nefLMv0PPLwOYW3v48v4+gnkIW13v XruHefiubj+KU7CNxgdrOc7z5JlfwpwIzx6YfTD49iUHnk/v9fN4PAjPp2nDR0uJ8Oyc2fbvasf0 7Jwt+ne1YxjE+BHmwTxPnvmT0bNzle33uh3ThnO16/EJsI3GB2s5zvPkmT8Tnj0w+2Dw7UsOPJ/e 6+fxeBCeT9OGj5YS4blp6v5dRvDnptn27zLiTInxI8yDeZ488yej56Zp+r02gtc1nSw9iFIB22h8 sJbjPE+e+TPh2QOzDwbfvuTA8+m9fh6PB+H5NG34aCkRnk3RmqafdEzP3bg1PTxjGMT4EebBPE+e +ZPRczdnVfWIG9NGN94xiOYUbMPx4Vpe53nyzJ8Jzx6YfTD49iUHnk/v9bMYD8Hzadrw0dIY5lez owUlPEqXd1W1sXWz022ajak3//1n95avva6usAhM/z0EZj/isQheznzw8+Pdxx9dh4HN4y+bPQQf 9j8e91B/6MAu7ebx580fd0D9afP4693OADoMlP3A9m3A9gPN20Aln9jP8eXxsP48uO42d3uFuHam bq4P17a8Rrp2O45zdbiuGnuNuK7aKhOulW6SlzMf7Bdkdo6cUyuqyx1TdNa8ArMV4JpGgvujWLIx 4iNleXrJ1dvAftJaoq2haBvM8YN84oucVEKKgNG1FA8SH1u54wAYwCHXYloGR8AcP8h9AZzCpBJj uFq5lqroB0zxhsNK7vZnhhDzme6UhKwsKNUBDjmWATAnP/IgX5uDcmHrkKZg62BxsHUA2CcJOqzF yNUudi3VG4vU87pqK5mdhMTWcjVwygBFwCA4OwQEAI9Vk91EFB3EQeV8qwP5EABZPKM2cPwBjhzc Dncb5qBcByfdD7RnIOUoBHqgVBfwETi6sHxKqBrKBZzKQxfAIOLxESANKOfCSYFfcHzw3Y9HYR4F i585GOA0RjcbuIOVCoYPyVPFQ2vHzG9W2TbtoAJBgBofDwcyLq4+c3HJea7nKKeRbM54EQJ8CdYv YUfJDkeGGxhXw6fz6MLxtgG+VmEbxRsLASYZIJkeS5hUsbcBjPtCStvCLbKp8qI2Y5YSYLTGG+1m D7w5Y1/bQkzCAUESuV5D1xoJ6aeEAqNpX5EKaghn5fQQBdgTcO4ScO4ArivhQJpKoOogLwO9JV6j SGEbZVF1SyNfO4/avmqTHSiIHiBOyfzMVXuMGfM2Ap5Su1/NQH8EfxvsHT1T/MTwo6whO76Zi5HL 9bYZc+6rc8gnkVzbovKSpsKJHxAYUujUCqMDcCZVRs6qNVbZjTPHcuYczlRcXLzDLSByxDUZrtkr AocX8vNdG3s8s5YJrG4q07VmzHWXG/Xkfj3PgUgjl0zre81M4belJDDcxMFUcWBKph0EmM/vPJQ2 S5rAe6D1ydyxHrPHKzRt0wgIW3mBBYnxhdJVvKoS4C4DYwj81jyYDCziMu5TRTxBEVwHijFfJFEV tRw5QXgyHFA+wDTx+u1MVMQlIOAV5NssxozCdlkMrSpsKO775iokAEYjjj5OPJWHGieYqEJV5dR+ 9UZkGlFVvQprjeGJREN1MZwDOARXva5+7/I4ACZ5mRZr7V/K15lC6PLUBwlpzhDb1HSBwo5Zxnuw idYaqEPQuMrETzffiHgH+WGONOLOVT5QU6TCBShRl2FVM+l/8cxdQ4aUyw7TZ97q/vZdirov7++j arWA53ktW+RLexJud9WEJyi47NXi5qgWlxA2BAkutTGr8J3BjjWSH+G2w8l5kPxpKwf2HMy9zQFy gR+Dg/ldvk1SwYiRL4ZpJSSIgVby34NEOoMBHADQEEmAEyef8Byn4ebAcmC3YFaPWTt4AnjDFyks JUbKWj7xcOKQAlPPWjTauNorL7NEIWdJrw1IOJDxM1R+4vUUtB+A5GnAAAN7ivxD7rVSyK1ZfFLc SEM5DmvhwaB4nQRymHGzsyQ+AOGCr4CnxXNjMUdeUIq4Hmo+XK3jcT2ejq6AFFO8eeU6pdwLu8aa JpxhcF4X4CpP4EwLONsK5sdTmjPWA8cINo29zbmyol8C5XUY51YwP+6h4LEEDroitySeo6Jc530s kOnER/E1VbaLVXTW3AyC+0UxjZZ7I5P4RZ0xY3mBW0WNWZPQydW0tRetvBSRZ/RzvyBXB/jx1rgO U1AzN4XmyRLnqYXAh0BicLYLr6WOQmT/cgAlKOVDAcEngIMHnxT6s0LTX5F5eakS6jnbCSVhsa3s wXjOcxRv+F6xmc/LCHAt9KwnKSHPweo0xa5ZjIX4+jdN8a/irFN8XA+tB+RQgArKc0hoDF0jxeNb 9JzQ2RRFZwkK15bWSqy1jZdCFmL4aQ4I7MMn+Vq62oASc4WZr9jtWZKdAmoXeHosz0Llhx1YiqKF l0LPg3wJ0L9hDp4vsr4OjzHZ0sjqQWVXnH3qBtEIlBRa/rLY52SnTzWWDj5I0gih2q53J2Y/Mry1 nELTSWHC86TE+GhFgPOFaq34EZpOjQTDuXC8/yqP622p7XcU1hV01vIly50zyHgcMkG7Lk4OPPAU UG1EfYKKtIRchTDbreD96QzyNFLJNV4McMM3Xl4E6PW8fBhkH1fk1hxXy9p7rm2PbbhlkiFuLq/Q WYgA1YQiL+QHmqe5yqrTGtWx3HNsKkVclnp4A7Jh4hXwALWWulICMmpSZPZkOQ3rK3lKweldN5lX wHJ6yNFrBDXfGzOcygwDksOoVxAOf0BfVp7ppQkJ0Tk0Cii4RUJbU53bXMWNC/HxP8Vq87BputqA bbglZQSxujS8v5z3vgkwWeZpS7yYMEKCSP5MLUdX1GVMw/pzXJMUYGvyUCbsS4Im7tzhi9ugqCLK kegSwPph9xXtQy6awJ2G01cmfLlrUoRvLQaJnnM17TTwtRyFCWKOmtZplOfkuXtDoRnNw/rnuSEP QkgAGM+l0lQmhZZ7TWXkjRWcPKOSlkbo1M6L+VkUu4DYNszBO0EpWqNkuQNp1dnp6WJZrmjElek3 Wb90WZ9EYlzG6r9gt1lV9Z6mBDA+PJUkJhpfV/3euWiOcxXA73jujpqkpiZ/Fo0QCcvKzHFF214d mc0UXIEa0BRGZXwpboB1xzuyn9N3Vtb4zhl3JGlF4zua9YgkDQx7v2PnGt9ZaKUGfe6AQOPvpTvR 5E22joOObQfagSwNcD7O3QYOPoKdH8oTRA1cMWejONcR7St0kMe2opBGQByNu31Bm1J4ihW3Fy0W H2tygy+1kESzc9drG64puSFTd2tbyknQWk54448rzbHlTnwxTUAGJSdWOFbcAFfU7y62W3/AUYQ5 eGMKriR6FL6VuvF4WEcRSV+Q6yuCbaStp7uxgGWzgDRCoopoGnTOcTUAY2RbV8ffhWXkeSrEWgp4 wX7ttW/x23a8+IPCN1iap/LnzBPmkjahMWJFCZXLK9xfUxuywcgQpd1QyoHLbnBryAYHNEfhDDwg S4ByY7SNPPJ1Igcrt9UYJVcvpQM6EXGBAvEoxQ3AvMg9PjOIq38pisPmMXc1NyK/A7dMGpWkbn1b F3CVJ3fUBDQVy2GoKDRQ4OhI3Cky4ilDhzavAQeEN59PoG/7cpGnCpa6GRNiinqHd2+BzVKXFSCX eNk75bKaomVF8Rtlu5rKrXjJlaSFv4dg0kiMbbUwegjoeLTisLitJtwHd2j6eOYJHha3oHtj8Fl6 SUuIJMPdZxBJpsFnjKR7vLXDwDnE5z2CMXFY3HOGlx0Ft9vXIAde4qxoJszbw6WoZqC1sgH9CuJT hjRRPa4rI4OVTVsDeDJ8RKEKQq/YgGxP2u8nwF3Ls6i5NhXfdk0TXb61GiHnYSEp4pniz0kuD48v MU1Ih1MzZMt6LDKCU7eTaKm29ZMiT/eW2wtOSqSIWYrBl1JGoWFECfJNAnqmZXEmxbtXAsLgvFMl t0jTFZRPPHSVLcSpA0jU92FOBa2uBWhcq+JV9ynYO3dJc50xPnagyOVfWr+Zqqh9e7lqFSlJ2U2O xFl8i6K1Fi2hUDTlVlypesUXDmTSZVGFoHmfAZ0KLnrd31SZ4qr3zIfmUUMt+Ji4vz1UcU8jhkrv eQ9Qsrm2yzVEhT6sqO28abti+8umHu//PNUGweHmicuz1o2Xp+kQovD2chTF51vk6cmWoEHlhRxE STqpBnAEtbU3j5RJw/9t7duIPOU2tMb6vXtuVhzmrY+6piLMq/hIQDk0ViHvd8idIZ3L1BjzyPAh oGlKeVJiKrfxNTSIXVr5loCYNY1xAUYg3nww8gH2S4aXa3vs83VrsEQ43UIiA5k8DksJyS/lVi+N wsUvXUBVELgiHIh4J3ZAnxO4QyC+K/J76MIwVWl1VnDZ9XHIJHp9XRsvESWod7012ciAj6uv5jhn CN+abIzXcmuy8XjeL56wZrneHguEUgTGFHdDge3KL7yObxyo8a0oEotWdLHsYnVDfCK+JyCv/UlS pTOLfMWEfbgYLUVwIl0DzJUyZVgLvJajMI0h0BaCs+e47TwA7wmrkur2tQomReghyeVpPCcinrdp LohRpOJAiYCi7TL1YeDFw3N5lxTX3cffGp6kBjfBTV8B1K6IPPIMoBRZhZIwqwdJECDLgHZL2Fw5 66Gv62D9lDJTSMxLdngPPQGT7xppBXNe1jlKInpccZSjt7NHzl4Fp0IahDmvo3fObr1S4hZhIiJw VRGmy94+MLvZFNBpKr65xUzFtxxDvKnAqr19ijzBjObcuc2+VA2QK4xg/2qjSCQX1e3hCyCS/xaQ NOSfrF+e8+Vr1nZc4VTtF/OWh2OAZWIiTgWPyJBB+Ul+pmZPVOXJ7dOutNxfu/KWmZpmpSUER+TC EBeyK8Rwpd335qVbr3E94Icf35+1iTVfN1/v/g+C0DMUZW5kc3RyZWFtCmVuZG9iago2NjUgMCBv YmoKMzk0MAplbmRvYmoKNjY5IDAgb2JqClszNiAvWFlaIDQ3LjUxOTk5OTkgIAo3NjIuNzk5OTk5 ICAwXQplbmRvYmoKNjcwIDAgb2JqClszNiAvWFlaIDQ3LjUxOTk5OTkgIAo1MzguMTU5OTk5ICAw XQplbmRvYmoKNjcxIDAgb2JqClszNiAvWFlaIDQ3LjUxOTk5OTkgIAo5OC40Nzk5OTk5ICAwXQpl bmRvYmoKNjcyIDAgb2JqClszNiAvWFlaIDQ3LjUxOTk5OTkgIAo3OTIuNTU5OTk5ICAwXQplbmRv YmoKNjczIDAgb2JqClszNiAvWFlaIDQ3LjUxOTk5OTkgIAoxMjguMjM5OTk5ICAwXQplbmRvYmoK Njc0IDAgb2JqClszNiAvWFlaIDQ3LjUxOTk5OTkgIAo1NjcuOTE5OTk5ICAwXQplbmRvYmoKNjc1 IDAgb2JqCjw8Ci9UeXBlIC9Bbm5vdAovU3VidHlwZSAvTGluawovUmVjdCBbNTIyLjcyMDAwMCAg NzU4Ljk1OTk5OSAgNTQzLjg0MDAwMCAgNzY2LjYzOTk5OSBdCi9Cb3JkZXIgWzAgMCAwXQovRGVz dCAvZmlsZSMzYSMyZiMyZiMyZnZhciMyZnRtcCMyZkNHSXRlbXA1MDcyOS5kaXIjMmZkcmFmdCMy ZGlldGYjMmRvYXV0aCMyZHYyLmh0bWwuaHRtbCMyM3RvYwo+PgplbmRvYmoKNjc2IDAgb2JqCjw8 Ci9UeXBlIC9Bbm5vdAovU3VidHlwZSAvTGluawovUmVjdCBbNTIyLjcyMDAwMCAgNTM0LjMxOTk5 OSAgNTQzLjg0MDAwMCAgNTQxLjk5OTk5OSBdCi9Cb3JkZXIgWzAgMCAwXQovRGVzdCAvZmlsZSMz YSMyZiMyZiMyZnZhciMyZnRtcCMyZkNHSXRlbXA1MDcyOS5kaXIjMmZkcmFmdCMyZGlldGYjMmRv YXV0aCMyZHYyLmh0bWwuaHRtbCMyM3RvYwo+PgplbmRvYmoKNjc3IDAgb2JqCjw8Ci9UeXBlIC9B bm5vdAovU3VidHlwZSAvTGluawovUmVjdCBbNDMwLjU2MDAwMCAgMjYyLjYzOTk5OSAgNTA3LjM2 MDAwMCAgMjczLjE5OTk5OSBdCi9Cb3JkZXIgWzAgMCAwXQovRGVzdCAvZmlsZSMzYSMyZiMyZiMy ZnZhciMyZnRtcCMyZkNHSXRlbXA1MDcyOS5kaXIjMmZkcmFmdCMyZGlldGYjMmRvYXV0aCMyZHYy Lmh0bWwuaHRtbCMyM2FudGhyb3B5Cj4+CmVuZG9iago2NzggMCBvYmoKPDwKL1R5cGUgL0Fubm90 Ci9TdWJ0eXBlIC9MaW5rCi9SZWN0IFs1MjIuNzIwMDAwICA5NC42Mzk5OTk5ICA1NDMuODQwMDAw ICAxMDIuMzE5OTk5IF0KL0JvcmRlciBbMCAwIDBdCi9EZXN0IC9maWxlIzNhIzJmIzJmIzJmdmFy IzJmdG1wIzJmQ0dJdGVtcDUwNzI5LmRpciMyZmRyYWZ0IzJkaWV0ZiMyZG9hdXRoIzJkdjIuaHRt bC5odG1sIzIzdG9jCj4+CmVuZG9iago2NjggMCBvYmoKPDwKL1R5cGUgL1BhZ2UKL1BhcmVudCAy IDAgUgovQ29udGVudHMgNjc5IDAgUgovUmVzb3VyY2VzIDY4MSAwIFIKL0Fubm90cyA2ODIgMCBS Ci9NZWRpYUJveCBbMCAwIDU5NSA4NDJdCj4+CmVuZG9iago2ODEgMCBvYmoKPDwKL0NvbG9yU3Bh Y2UgPDwKL1BDU3AgNCAwIFIKL0NTcCAvRGV2aWNlUkdCCi9DU3BnIC9EZXZpY2VHcmF5Cj4+Ci9F eHRHU3RhdGUgPDwKL0dTYSAzIDAgUgo+PgovUGF0dGVybiA8PAo+PgovRm9udCA8PAovRjYgNiAw IFIKL0YxMCAxMCAwIFIKL0Y5IDkgMCBSCi9GMTUwIDE1MCAwIFIKPj4KL1hPYmplY3QgPDwKPj4K Pj4KZW5kb2JqCjY4MiAwIG9iagpbIDY3NSAwIFIgNjc2IDAgUiA2NzcgMCBSIDY3OCAwIFIgXQpl bmRvYmoKNjc5IDAgb2JqCjw8Ci9MZW5ndGggNjgwIDAgUgovRmlsdGVyIC9GbGF0ZURlY29kZQo+ PgpzdHJlYW0KeJztXUuP28gRvs+v4DmAx2w+RSAIYI/tADkEMGwgh0UOgTebYDGzyGQP+fuhSElD 1qeer7tUfI00xu7IbbFZXV1d76p+/+dv/0j+9Xvy/uHbf5Ifh98P3+7S+7Rs+p8kbf+8Gw5ku/s8 S/c/yc7l91Xdjf54untOnu++3n1t//9856ruwcOv9h+Pr0i7P7//+O3uff/yu37k28Nf20//S7Lk L+1/vyY//b0d/Pkw3/4LT3e7pmrhSFOXt399HP7VZU2R3u/az+14Kv+6//K/7/72h+S3PWDZ/h/2 j/UADv/6rqh2TZO1k1YXgfz88uh9leZN5spq5/08nDjPD/AUSZXV9x2am3bpeVG2T7Q/ZVIV3ar3 4y0OKlfcFy30mRzvn96Pv8zz6Jl/j55fBjA3+eHH+3kE8wC28jB9B/PgXdXhKxK28fjLWl7mefTM L2E2wrMHZh8Mvn2ZAs/n9/ppNB6G5/O04aMlIzwXeVV0n6sxPRd5XXefqzEMYvwE82CeR8/8ZvRc 5E26B6eHefCuIs07xEnYxuODtZzmefTMPxGePTD7YPDtyxR4Pr/XI3oOxPN52vDRkhGenauapnvv mJ6dq13WyaUxDGL8BPNgnkfP/Gb03MKQFb1gfBq/q847BAFso/HhWo7zPHrmnwjPHph9MPj2ZQo8 n9/rJzEegufztOGjpTHMRzWtAaUlSvepiiLJq7rV8bJd4srkv/9s3/K1020UGpTr/gyB6Uc8GtTz Kw9+/H73/kuVuDT5/kvSQ/Cu//W9h/pdC7Zzyfefkz/ugfpT8v3Xu73CeBjIuoH6ZSDvBnYvA4X8 Rj/H5++H9U+E63Zgg7huKSTfHK7rsiq3iOuyribCtdLUeX7lwW5B7XJa8+zMispsf1BbXfoITC3A dTu6oM/dQClXWLwM8EkfxDeyTL4FXvvhDNp6LXr/4/08QmrA9znKI1/abUizJ/oz+5FVHePMjvuR VXLZH8/j4QXb8AjOIR/BHZMDWdMNuFRSeiPp4OUZJzc14BEnvpHl8hEAtV+dcy8jO0mQcsClkiA/ yYFSDjwsfkrr8sji8y+w5i+CEbmGHiCJSf6Ik8Tnasn/AJEP4qi7flKXv/IaJwGBHQUqgPdmlMZh UuA5gFTgWzCppHlYC2IZ9gHeAnAgDuErsDNwGinfhu3GRyTaEamwMZ/k6uAbEnSO9jMIgY2QhIiT AGSAMoV0BAqh1A4U4j5IpBpI6QBapnuJKARRA6vl288ZBIIK5A8sRKIMaRlA9ZzUTgbomXnVGsEj bq7AcwDvyi1gPQieahfOEeDcwYYD7LB58AgngHj+z2mVUxWqqQCYgszkawPm4EgOpe7Lzn8/0Lzy Wol1Lu0C1sIFBADGDQyKdf2xjBFLAYKbAwanUmLsoPC+cuYmIRiN7qcwQOP3JeAQmkiDMq8Yi+V7 BwNA7bARoA6A0gFnilqN2UfJLzNDIbTLg2lmNRqUwdHFA8F1boVmy0UMCFRAIZgcBgwiS6P3BcW2 BD2A6So4Bt990EEV8oLzR65OUQkbgKBJDG4u2Pl5WZcKciHvKxo3Zn4BFhZsBGX+FlarRk5b6Nd2 ot1GTDUnQQ7HTmEKGBx/1B+ofyVz9CzzE8IPJvVZcYkSYMRxrxawMqpgIejAUwB0Dpji4HKZQ53h 3GLntsE83iV4bS4BUzioFZRs6Dm+VDy4UjCd1TpoFM4EwBkXMZTXaRw0AAeATp2LJi4tyUBRGMSf y/yjnezbuZOWsnIj1ma5xTG9Jf8kQaUbgXaNwSFTBGwC4OCRxHjuj98AFkoPGaoL3EOlEI/ADiA+ gWhXiBCFqwyWCxjidj9nqRsOYAHTAW2Rc3ILbYDjlJtG1GEbcOiAThV6C39EYcTNorUe1mLD+8vK i1RqTgA9BNhbk+QVzMJzlxJKATkCPIwGGKL7EHByUYAorCUKWYBFHpA1wU0/A9dAgB4PSOTpHBbm 9HZkncK+4qkYsFrAKQ2TnSGyZbMZdrXzUdnNQR+tyYSGSWPS2zTedh6c7HW/gfUMrgGAwyAxkQsq HuEKyLIEGbtdG03Dlrh/Nt6InUTR57wfl88z1yzYBc8xDXCucs7GtRRYjGL7bVIzmlLICwVLpUfG 2cDai7ZdpadVDY1YBAEV/uj40FIAPiax6y10P1Ao44tlFIIrT+lWQuUJwAHf4IYujfEoaAyXT+ME CkjPcEwerAfzgYeA5TdyJ5Y7jzthkhQZxBgvbJhTWb6UTZfFxXx6ZUaqieBqUudFyC1FLFaQX5cF OglOuasIUAhUOIWqqzAoAkKP/LwYhk2brDnO6iQgPAimyKHiUbEpEvsnifGY1L3cokCjgQBt6caV VsmVuAur6FE4KJQu+tcMCtkxeQPYUjwXyj/T7Y6v8lqNibqU+lxlKZEgudRKDrtrI7mKQn8kFH5f JHiucylsARrA1vh9DMgswFX8hkJ86/W2KeTB2+3NUqfuyAQserOkQOOK3iypFHKHHarktg+CX572 CEDCA+bzWUpOaN+iyCbLdgA8yFIZuTsct9dKfBTJENCcRuIMsIrNaWC58MigInKZNjJ1WpRjaoR+ PK84XwLSdiVztIj3TqOB8ahyKNXESKCA1lbxch+89bC3oOZmhVRIpKkEjuUAGaVIyoxXnZaq++AS mUemuOXMk9AscLqSQiFNrbJClbRIsPMwJZOQwIArbzhm6LMDLayvOq38FMFDAvyUcSd5QCbbao0J RXogFW0B9Zq0himAMWnSVhWZKdTMCdgY8D+BtwmlrmyaMU8kfi1p2tN0lVmKmRflTrCqDTNzmoNt c3Z5FISXUgOotKeWLz5hI6rq0gs7BQSUKEU1fgCL5DQT8F6Fu20t/dDivVoB5pCCVdEjg5PC8jmT 4cpNfLxuptAzF4d8+WD6854YMOCxwS+VGKngGBqvBM2iCmBDPMQbL7q5gqAhf0XWNddt4jsPIeOe pW2lxvhRqMeNoTRsIpBK/Ysm4WlaYoCTgmuDVougvLDLoqmdO7b8SMGLS0tfFL7ApRxI9LUopwAw rnLFO35N2BIsf4qSpBy6MnI9frtK2jQmuEJfCGjfMomvfK1+XY1uTA9u/oGej/hqknnKIIPb+9iI izz3EsibTkTjxYTxnQQs+rLhGaPaY4BuFH/oAvo+g2VI/QLzRL14pCiAXSoMAd73dopI4nYUDk3u 1xTpwwphublTaSMcip0XIXx1ADuPrMR3oQrIBVxtDehKNDKFHWByAZBCI1MEiVbSxVFjW3H6UNxV oaBkBf80OB4zheoV1D9T3BXgAA8Hd5rbZKI0jZAGodtrI4WqfPUkgeXJvJA63qUVoIXw3ASFmsb9 ZPHZjgGRyEkMv0lCcTd5GCsPNQY5p1yepszdcwoNE6JqE9aIX3ytUD3mqavRQicNijTiwvGYcOZa rOWpahZNGjzxnicWKJgkYLUU87bwYlrUufGODre4kKApiAvx4izOdxQlE4pHYHPhHmY4DvHN24Kz Zky4e5ZWXkDiNWab/nZTZM1o9Ix5CtJn8dLOtFqL4q/4HKFpbgaw8FJeO2u3KOWYp5J+ikB6gK4L HgZF4NRjYV/aFsIJ+aDJgPMwCBvJlfnbm1n0cedN8zjtTlghtz7OvRST3Uw1iCZpbLW97CYJN8Zn ZSvK3OcJQQQkYfNgEdeELZKfF/On1eWYkc+aymwjhPLTlTWzpD9bcL9pqgPfEKO6djHl8SZf5qFZ q2cYvKBnWvKUcuSM81ga2NkDTENJIoC8ufckNLBtJgAGHHTUDao4fRZteDzfCmnNE/CCnm2X/iBO Lhi3NGOxfdQX9o1hS4b5OxDVYkXLWgg2crX9dXgNvfU0oB8bD6ho2r4ZiM2AWn564i3qPwNYQLy/ 3NBjYKysLKXxZk0xpu4rKxyIV3ksiDsgc54rEjBpQMMUqt8vlJG9fSKzETJVvYSAnCZNI2tOxe6g rppUVb89IjL2zXAPMiA5nu3gWuAt3GfGAyYK3x34mXhCWUDvLwvLeyX9w2498TeuUVzKp3dOMOqV hIcN7/Cuc/cWj64mcrMZf58mIV/RY2KZ6OBCXsX1Fs4tc8uGIkFLEW+3sK+mdFpcnH9ejlmsSd7/ LNrhlLXZW3RC97IyO3U03LoPuhELCkgUX40bd57o1hWwtxi9TdNeL7Qu+EI2mxdOEPN29RCF1rXh mz8Nm/S9pu3QMoBls3LWlxnoS763sTiLU/qQoiw2oEWOhdPegoNclwTZUlSvdmNC3I7tf0tJZadu kpTUm8ppzzDUiZA2Uqg85RMZ1JXeanXHoE9Uvr2U/8RU6pTeAk5cL0BC1wtiCM97vMbI2/MorMGF +A5WEygixTwLDFAIpMuNMhqPNvTjXXwpcTEmbkhKzgwTQfLaeTePi8grzxYP1SAv3Cm3a8hW3fTQ 2NcuVBp1XTcWBHT2xYoDqbqgAoQFB0D+8B7eTj2+O4WGUrlCHM+p+EVCUymRHrFqI5l2J7OCd68F /Z67hxVhOa5lGpCZoRVxqdypyvFGzNTfmGpvCo04QN0PvaHpWhM7bgrixShEJQM2ClQIroZwKbuZ PpOKXkUBFjUPnjvDdPQidV6sUksVyU5xSTjtG6O4zxY2YtLOi0XWHGe9XUc1hmMz11Hd0rEJ6Ip0 g6WCVpvZhtW22bqy22U8i7MRDkUxL5dWFBXPU6tkkZ+xkjqDK+dbJi15uX8ioHI3XjXk6w8gkJUY uSbVC7zzvQHPRe2BavkBF2EoGEgooV5cQ8aYf4BbCEDjMQ4PRmwkWdmEU9VmSsZMDcHdqVDdIC/o ymTKMj0nbhcO3JKYptBuLC4cuKrzvxZb2OegvjhRJhcSIjRAYSKZyjQLxzM1y7lpr/HRxfd+vtkQ l3N/hauHpycGbN08Pofr5qmrsQ+ncNDj4nilKj8vigwAu9CzzR2Wr/D6XOptmmtfODc07FNSutr7 Xp4lwRPYFJkFa60RXOhSQ8SHPJj8lL1qlZ8IaFTPf/7zqIQ+4Pu8wD7ypR1NN4krz5YCVB1Jn3TA DGQeaLSQPyEfyT6wR3DHPBn4AyP4YOAB+YHeMNj2UjKbRj6SykfoHPhaJ4grO99cIpmlnULPoyp3 vDQYbtYxydOLVwx5mCj/IOdQhJqmaJM5SVAsoKWbRbvOtcTzqKgISNzhaRg8b03h4uBJqvFrCfCb KyrSb6mPsQfGRIMDwIDYwfQObazHCdVEpa3y473EW/JO8MKO+AOiSRcEq4+zMt46It59q8imx71d 6B6y6/KB3FLd1rANa3HvBzAUgBSsNCNvjRPSgLZe42n+wSzWRpIVOy8Rcc7F+8hRbUDTrc5Cw6J9 tGya5FFXi4JToZzibnWuLioYAi1Hws21cMVxi4MLjCl8hIhkUNIwhQBHeAUKcDMudvhWcb19IUUu nh8YcfesHHPIgFpKzqqAimjC9KuX0r84Ocvm8APLlP8W4DH1T9bhrPKiTPSSgMSUw/obibIBDvtT VEkiGqDso5xjJwegVqgU38hr+UgV+EiH9vZP8txizFXd0g+/fjxp/Zdfk693/wehAA6qZW5kc3Ry ZWFtCmVuZG9iago2ODAgMCBvYmoKNDE0NgplbmRvYmoKNjg0IDAgb2JqClszNyAvWFlaIDQ3LjUx OTk5OTkgIAo2NjUuODM5OTk5ICAwXQplbmRvYmoKNjg1IDAgb2JqClszNyAvWFlaIDQ3LjUxOTk5 OTkgIAo0OTAuMTU5OTk5ICAwXQplbmRvYmoKNjg2IDAgb2JqClszNyAvWFlaIDQ3LjUxOTk5OTkg IAozMjguODc5OTk5ICAwXQplbmRvYmoKNjg3IDAgb2JqClszNyAvWFlaIDQ3LjUxOTk5OTkgIAoy OTkuMTE5OTk5ICAwXQplbmRvYmoKNjg4IDAgb2JqClszNyAvWFlaIDQ3LjUxOTk5OTkgIAo1MTku OTE5OTk5ICAwXQplbmRvYmoKNjg5IDAgb2JqClszNyAvWFlaIDQ3LjUxOTk5OTkgIAo2MzYuMDc5 OTk5ICAwXQplbmRvYmoKNjkwIDAgb2JqCjw8Ci9UeXBlIC9Bbm5vdAovU3VidHlwZSAvTGluawov UmVjdCBbNTIyLjcyMDAwMCAgNjMyLjI0MDAwMCAgNTQzLjg0MDAwMCAgNjM5LjkxOTk5OSBdCi9C b3JkZXIgWzAgMCAwXQovRGVzdCAvZmlsZSMzYSMyZiMyZiMyZnZhciMyZnRtcCMyZkNHSXRlbXA1 MDcyOS5kaXIjMmZkcmFmdCMyZGlldGYjMmRvYXV0aCMyZHYyLmh0bWwuaHRtbCMyM3RvYwo+Pgpl bmRvYmoKNjkxIDAgb2JqCjw8Ci9UeXBlIC9Bbm5vdAovU3VidHlwZSAvTGluawovUmVjdCBbNTIy LjcyMDAwMCAgNDg2LjMxOTk5OSAgNTQzLjg0MDAwMCAgNDkzLjk5OTk5OSBdCi9Cb3JkZXIgWzAg MCAwXQovRGVzdCAvZmlsZSMzYSMyZiMyZiMyZnZhciMyZnRtcCMyZkNHSXRlbXA1MDcyOS5kaXIj MmZkcmFmdCMyZGlldGYjMmRvYXV0aCMyZHYyLmh0bWwuaHRtbCMyM3RvYwo+PgplbmRvYmoKNjky IDAgb2JqCjw8Ci9UeXBlIC9Bbm5vdAovU3VidHlwZSAvTGluawovUmVjdCBbNTIyLjcyMDAwMCAg Mjk1LjI3OTk5OSAgNTQzLjg0MDAwMCAgMzAyLjk1OTk5OSBdCi9Cb3JkZXIgWzAgMCAwXQovRGVz dCAvZmlsZSMzYSMyZiMyZiMyZnZhciMyZnRtcCMyZkNHSXRlbXA1MDcyOS5kaXIjMmZkcmFmdCMy ZGlldGYjMmRvYXV0aCMyZHYyLmh0bWwuaHRtbCMyM3RvYwo+PgplbmRvYmoKNjgzIDAgb2JqCjw8 Ci9UeXBlIC9QYWdlCi9QYXJlbnQgMiAwIFIKL0NvbnRlbnRzIDY5MyAwIFIKL1Jlc291cmNlcyA2 OTUgMCBSCi9Bbm5vdHMgNjk2IDAgUgovTWVkaWFCb3ggWzAgMCA1OTUgODQyXQo+PgplbmRvYmoK Njk1IDAgb2JqCjw8Ci9Db2xvclNwYWNlIDw8Ci9QQ1NwIDQgMCBSCi9DU3AgL0RldmljZVJHQgov Q1NwZyAvRGV2aWNlR3JheQo+PgovRXh0R1N0YXRlIDw8Ci9HU2EgMyAwIFIKPj4KL1BhdHRlcm4g PDwKPj4KL0ZvbnQgPDwKL0Y2IDYgMCBSCi9GMTAgMTAgMCBSCi9GMTUwIDE1MCAwIFIKL0Y5IDkg MCBSCj4+Ci9YT2JqZWN0IDw8Cj4+Cj4+CmVuZG9iago2OTYgMCBvYmoKWyA2OTAgMCBSIDY5MSAw IFIgNjkyIDAgUiBdCmVuZG9iago2OTMgMCBvYmoKPDwKL0xlbmd0aCA2OTQgMCBSCi9GaWx0ZXIg L0ZsYXRlRGVjb2RlCj4+CnN0cmVhbQp4nO1dS2/cyBG+61fMOYBlNt8EggBe2RsghwCGDeSwyCHw ZhMs5EWUPeTvhzMcjcj+puerLlaTnJEkJBr3DpvV1dX1rur3f/7yj92/ft+9f/jyn92349+HL3fZ fVZ1w88u63/fjQfy9r7Is/3PrnXFfd0cRr99v3vaPd19vvvc///TnasPDx7/9P/x+RXZ4ff3b7/d vR9efjeMfHn4a//pf7t895f+f7/ufvp7P/jzcb79F77ftV3dw5Flruj/+Tj+p8u7Hqr953488/+5 //K/7/72h91ve8Dy+/YAvBsAHP/zXdm6rtiPNLNAfnp59L7Oii53Vd0GP48nLoojPOUub4ruPj98 /H5XlFX/RP9T9eNVfj98pcdB7cr7soc+98fzZv/wYfw0z2Ng/j16fhnB3BXHn+DnCcxj2OryMP8B 5vG7mubwHYBtMj5ay2mex8D8PsxGeA7AHIIhtC8p8Hx+r79Px0V4Pk8bIVoywnPlGnd4VzOl58q1 5eFdzRQGb/wE82iex8D8ZvRcua4+zN9MaaPKs+7wHR+26fhoLad5HgPzJ8JzAOYQDKF9SYHn83s9 oWchns/TRoiWjPDcFlV7nH5Cz20xwNCPT2Dwxk8wj+Z5DMxvRs9tMeBhgHn8roEGELbJ+Ggtp3ke A/MnwnMA5hAMoX1Jgefze/19Oi7C83naCNHSFOZnNa0DpSVK96nLclc0bVP36t7OVbv//rN/y+eD bqPQoNzhdwzMMBLQoJ4uPPjD17v3P9Y7l+2+/rIbIHg3/Pk6QP2uB7ttdl9/3v1xD9Sfdl9/vdsr jMeB/DDQvAwUh4H2ZaD0vzHM8enrcf1pcN1m9TXiun/5FeK66LF8hbgu8joRrpWmztOFBw8L6pfT m2dnVlTl+4Na18URGPfRh+6jB79z/kDrPzIMVC8Dn/yBxp8DXgtz+Hh03XnElhfm8NcCj7ja/0Zg +0aP/OAD1vg08UBXG784/MaP/msB6/AWinVYi3vwHwGsw94CwQDogGQAHd7ir9YNc7givDG4/fAa oBjYOn8x+AinKR9DOAelXMEpBJTROQQnKI8+H4BCwfLhLXzngB4yHx8AB7wWTpAUYwfePYMJV53H hYF0feBzvhEf/I3wd6YY1utcxPY6Z7LgQeo0rfyYAVkFILvAZtwHKobgEMVzJmCqKA+AVuGRyh/g pxvIGwADDomA+K9B2AEhsHVUMMFOITH7sOdwmino+A2fDwsWtw4vzx07uiaMeasnSLC3lPoFCiXs HMwByo9UG5rLHjOPPybhKRbnUsO4+WuXPOw2kqwrQu9NwiDedDtv+xPqdhcsPY1WBkpY5kGKtM2N ZcU5VbBUiqCy9LE+nIZudfrwtwEhXUfSF85/JKC1z2RTZVNN+dTR6XSJhiykMJWgiKLSI5kklCpg GNwVwCWsQvcJ0JCJmGqyNvgafqj4cuNtEoGPCrYf+AEcTH9S7m8TCFSgSyAyC02Xu5eoDxOFEMCh 8GpZKIsgg8HdSM+6QhPmdg734QkOP/fpgnHNV+sTHUehQH5yQWYjc4qGMR2uLnGnNuAMfCew3fxs U88AmMZih5wNJy+8CNQl/sj1WMqF0SSzOFScHuJ1EJczTo7iAR1jXBzAa9ZRMbirCDcm3lji2y/g mBAn44EzqoMkMfw4kRUffYYx0JTLXp6p/JEy80cK332UP8A0PLzGPW7U81eAKkfDr3iKKJ3h/nKj CziTwl7goHMTg6o/gii4wnVuIojrvPFkRoCb2YimygVlBMZoabwdfdAp4gubJTwTDZBbGYs4B69H Agi2QRopnWX8Fp/8OUB35/ZyElNus7Gjm/ZI05B+DoKcr8VGxvTDE+Z/RqmG9QVI1UYM1XUQjUC8 cLoVYf+NSBBB7BiiFkC8QDRA7yCEqUvJxAnHrS6AFB7h3jAkXc5lqaNK4aVWZCMKGLPCQLbIV4SA LM8kfItQxhJMPAMRmPZpJEbVdFM+LdAHLDQXKVHZSKH2WR5inJe7JeHo+iqUQNnjfJmycuQH/iMY xhyRyAiD90O9cv/Tfy5Pn70898C3JLnvghcM21aF9s35G5fD6QfnaEsx+KP/iK/YO87afGMpBzcu 7CSADgZXdl4nWacYIW883OPp5WjiThXO4KienSZ8vszibII7WTPdKgt9BxHAVVWuAUCQEbR9HlKl 4hw9F/GWekh1v0IuWg0FgCMuCuqfv9fAiooPZ1e/DCuqmpqxIqlkvcbtG/hw10yPzDyBRrPn4BwW tILnSDTr0IgrPDQJgnHcj8g9ntybTZ3GgsQsbsDxXC6DlCE8VdRutDH5420NgetF6o1bfzEWBjw3 4ARlngG1aa7+UlZnWdy8QIuiKIdHs3wCQIrgOp9Ftka8FwSJitOhYX1Z6wo5QiA5C2RPfPWsIo9C UGKSMAhwyfUKgBlU8V6P07xofW7ATRP/G5g1AhTEHYtAlrz+OI0HnObHp4xEzuX+rvEYBJdDVA1D nuovzyScu5VAQ3z0VhEkEOeqXixzBYQ8GAqZvA2iGdiuoleAIuITrzAkEWWabHeLipKtCpnsnD9j Yquf/zyxZAXf53Zu5EsPx6Dbd+k557M9+Ena7vkUgKMH7X5fgYFHclCbuUM24LIbNzd48DcVqtMo CeeNT1zOm6PohIftElv4dP4YQPFJF4YUPfv+I7j8+NXmAEfjD1CeV0BeLMB+1GhBhYFD3oXn0GN5 zc5MXd49Q0e3S9C7ievs8Uz76Ke9pCvGixdNQfMyNX3cUuKlQbxiTZEYapGRmKKcH02WeKXOwoLV pJPAvnDP6g2l43OTlhus+FqDNiya4Ooi9oogqSlwxEyMka4sg6+53uRrQUc52EvOyLh7N76tgKAn oSIfJ97i1xA7lziCjN54b/ZmiCy+0PqtSMIjEBoQFAQEAPR1cnHkXqSl+2EY5etnHRMYlnKp6uSU uK3GG5ecATRdycTjtUingTf2N5/9UeNa0NjMoEhC0XZE04iDpw3TgyzIl0mh6ih2TqA+xptX4vKW uTy4aKdM2KRMIJ50k+THCFIsuM0e2H8b2deUwcVQY0DRUE5RNCVRdhRcl/JUwdmNTykSHGaoRF0k hHYxIDSTytqeVJ5n5eowp6Gt9O27vaqpxK6AZdphlcNmj4JrZ5qb+NkuSJh8I9Zx44RCVPPKqiyK CuLrcAWu40VCC/w2BoHVYtDSO1SqZpuCbFgwYiMe3Ol2IMWtILQrmyCvEfqlcWUw3njmHXoFV35w xQbUFnrjCwqQRVq8J6lbMinTVy/uCqtpisxNzyCW0wT85he+MW7ZtHhuQlF6KzJUbq5xg5vCQwes HmpFIE0K1GU6Bya2QV12QBu4xCA/rkhXZd0RutJweEV2sybg/ory/dqsNc33A9qPz/d77reY+yL2 Qnofz6I7lvaPswgDifCdTxkgH+sLc/BcFT83DSYdJzWvk6zWOncK81g4Id5atxAdMoUT4qaRrGlb x28RVDRxT+ELsjAY1mqvzo3SRa67vGka0xcKmeQajKRDqMrFxNXhijKINOw/y1uhAwXQwlBUDeNv UdXcw0tTqzCaRBORV0pxs8C6hStUc29SPOgWrWIXYpC8V2DADLqkukPthuK+s1eFZJOE6IW4f1XX HlteVUDayJjyZOgs07SQJzls1i9ikmqmsFKAQ/AkB00sID7FU5A3uhVGFE+HFk29MT8DEscUAUm+ uHVSIBVtlLZ8lbmrpwzSpLFKfBXBxjoU20idugzicLPcfpkQ5LoXpa2fO2CRF6K+j8CGuLtTAhvc nPS6lPvX1fLFJMtDUfCjaE2mUNNTFLdornxQ9B20K21dHWNrlQNxeWrhPE5xr45hwdDsi2U88SCo RJC2nTQRXHl2Suu5pTR6fWfOWTxEgkM43kteC3FhDsyBzv1Er2PP/hdQC39A4bhbJmSL9Qx8M6lp izom7bciOEKc/yscbGByatru8mgqN+SWiR3DaxXtHaXa4Oz6tsZjxLwEyKA35VpXvAHHsCvUbvM8 D1JV/EWcFgjR5IknTD9enQ2/8vQkiw4KGuX2elJpFF5sfv27wsC2iBTxnAdpcGVuw+C2nLJHk0qT VQspNugak/IpG1FXPKsLGr1dcc3mFXtDTC53sri4XvHat0yRufiwyKza2AWhs28PyaYs5HqEvSax kMt2bi0mSTbYyjFcVnBVz0qIRnBpDhE/7vHxWE0jd6pzmTS+ejMFCQdZxxS8orC4iYwp2mp62k0u x0hyLnkYeJ1qlld2LpO0fw8s30aS1eGC6Y10PeTWU5rWsgpDZ6t1R4L2zQZXiSVx2QlOIVeFYY7N NAYs6sY7hkmY7kpOjBsuvy9OhqdJ+T1cSxZffu8GRuHAsBp9JSCNuwvfkFLbaI6Gcoph/aOafii/ x3p8YK6BbtCXQIVuAwB7RV9LOxYIOgeAZg3X/EAkm/dSCPUjAF37wiVGgjt7eMsjQccGChneYgSr oxSCOwMdKo7a+HgkHs94FDkWAWmDAB45EvBs/uANCO5k4ilzcEkXn1VwJkbZXSt1wijqdrqgCzqF wP1Ob9ARNMLjiWbrRDBNrm6xyABTVIubpPNxox260RrEvE0a0CnuVVinHGgzLeG5YsFRaHHPaHzf A0HercK9oK6XmZ0zVk/5tKocijqLBGEvoF1FTG/RMrT+d1EBYRL14qQZn68iSfiE1Vl031XEY1ba KYMciFvyBOLeKvqLUKGLc/BrxhX++EDTPhMeU/YmwXFWfkutH/MUyFRe6gmHnXdFDhl8WXj/BfyB WweCkgmeqm8RGIrXwjWdkXhyN20CLri5Kd7zsFnOlSazYp0zpcgSws2Ov4dFUR6gKBd9DdLRRjzk tSH1X09ipqJa7JqKEpdRUgPBjZmEmdc+ZW72WkpF6T8KXcU1AQqzDdrgb6XSX+HEpQJT4oLggChC uAoHNNUPuAIluOU8zVGtutI7qoEGhDayqjyZMhuRImm4iqBUi6uM/NBwvZyLN4U+vIh7gLtYBXXK 18xmOGSoiVBTjt8ZhhoxApKGFZXDRSojHqHohXrbbCWe0NKgDN7Cw4OWbUbKao7Jo+mErWgSwyNk Fn6WZUoeV/IZ8kiuhctQ0ZhlmYjhqq1cZmfsN95JvXpvja05J9BeFK5bxQ2gXDAp+FLKLB0bEdK4 6azLeFpsYO+eG8qG+p+klhg3nR4Ek+KNt/ESU3DlKy819d9SNv43IKHMl2VctSkHwMZJoyl4KNw9 u8wtoNs1ECzaCnD7n2cLKqKQQOw0gIqEym3ZJOSQUD2Yy+uHmscXZq/oDrtsMlTlTtdabIRBCjLM eIkSKkjLMKabrs9cpG46JFLm2jYuiyZ3rg5RKbOV1p6CeIeB2zmJecgVpoVS3RQd+ZNsJT+5lvIh P12EER9DE8QD4sPumvtoNptyeNPqsqH5XFXPBaPFR/9cppBCmjsMuBJyRi2hteVJSkEUUigJP7To SSvYXS64QNRbuEJSaGUmDYHi8+8F2pKCLSt0UJ76Y0HrFo2apPJiNn+spwzyVWZlRjk+DZNjqiYP LkbRvwOoWyGXuaCKzzjgMTuBtWAR9uW584rMZ/A/J2zcGFUVrOgiI+28YruWlcqzZiRozM17ybLp 8dfkpHK/rqBAj/okFrrNW5CQoXHb8fTYeLvM8GooGyHSBmX3diMd8Q6lZWpQbpx2r9h0MXLklv6Z SWHvmET2KHkXH6hQBDjia5ZRAICs4qY8b6ENb4mPQQoMAppf87qsHXytodOt3rdwG2alWb2aBLwb agK0jBdGdbkcTwxdxAmtcLnLM5RtA51pPGjctafwoL2lEpPVBjTb2fyxmTJIkxuN4wNsis7VJqwr UEtgI3WK4H6bhGCpwZCmUfstayGClJ2ETaGuh7fNNX3ybHpAFAXYSNwgdUEMKbgsEDdX7VLUXydp AbiQk8ZSka+eu8QlKepfCCFpyvNoVbcgyTE+p5H7BhQsVFUWYqEv09MuYKop1JKty4Or0HVL4CEK 48cixnTNpVVbcULYJaAdqKr/3T31tOXqA7Uc/3z7rm1b/Xn3+e7/N8FShWVuZHN0cmVhbQplbmRv YmoKNjk0IDAgb2JqCjQ1MjMKZW5kb2JqCjY5OCAwIG9iagpbMzggL1hZWiA0Ny41MTk5OTk5ICAK MzM3LjUxOTk5OSAgMF0KZW5kb2JqCjY5OSAwIG9iagpbMzggL1hZWiA0Ny41MTk5OTk5ICAKNjQ1 LjY3OTk5OSAgMF0KZW5kb2JqCjcwMCAwIG9iagpbMzggL1hZWiA0Ny41MTk5OTk5ICAKMTA0LjIz OTk5OSAgMF0KZW5kb2JqCjcwMSAwIG9iagpbMzggL1hZWiA0Ny41MTk5OTk5ICAKNzAyLjMxOTk5 OSAgMF0KZW5kb2JqCjcwMiAwIG9iagpbMzggL1hZWiA0Ny41MTk5OTk5ICAKNzQuNDc5OTk5OSAg MF0KZW5kb2JqCjcwMyAwIG9iagpbMzggL1hZWiA0Ny41MTk5OTk5ICAKMzY3LjI3OTk5OSAgMF0K ZW5kb2JqCjcwNCAwIG9iagpbMzggL1hZWiA0Ny41MTk5OTk5ICAKNjcxLjU5OTk5OSAgMF0KZW5k b2JqCjcwNSAwIG9iagpbMzggL1hZWiA0Ny41MTk5OTk5ICAKNjE1LjkxOTk5OSAgMF0KZW5kb2Jq CjcwNiAwIG9iago8PAovVHlwZSAvQW5ub3QKL1N1YnR5cGUgL0xpbmsKL1JlY3QgWzUyMi43MjAw MDAgIDY2Ny43NTk5OTkgIDU0My44NDAwMDAgIDY3NS40Mzk5OTkgXQovQm9yZGVyIFswIDAgMF0K L0Rlc3QgL2ZpbGUjM2EjMmYjMmYjMmZ2YXIjMmZ0bXAjMmZDR0l0ZW1wNTA3MjkuZGlyIzJmZHJh ZnQjMmRpZXRmIzJkb2F1dGgjMmR2Mi5odG1sLmh0bWwjMjN0b2MKPj4KZW5kb2JqCjcwNyAwIG9i ago8PAovVHlwZSAvQW5ub3QKL1N1YnR5cGUgL0xpbmsKL1JlY3QgWzUyMi43MjAwMDAgIDYxMi4w Nzk5OTkgIDU0My44NDAwMDAgIDYxOS43NTk5OTkgXQovQm9yZGVyIFswIDAgMF0KL0Rlc3QgL2Zp bGUjM2EjMmYjMmYjMmZ2YXIjMmZ0bXAjMmZDR0l0ZW1wNTA3MjkuZGlyIzJmZHJhZnQjMmRpZXRm IzJkb2F1dGgjMmR2Mi5odG1sLmh0bWwjMjN0b2MKPj4KZW5kb2JqCjcwOCAwIG9iago8PAovVHlw ZSAvQW5ub3QKL1N1YnR5cGUgL0xpbmsKL1JlY3QgWzM4NS40Mzk5OTkgIDU1Ny4zNjAwMDAgIDQ0 NCAgNTY3LjkxOTk5OSBdCi9Cb3JkZXIgWzAgMCAwXQovRGVzdCAvZmlsZSMzYSMyZiMyZiMyZnZh ciMyZnRtcCMyZkNHSXRlbXA1MDcyOS5kaXIjMmZkcmFmdCMyZGlldGYjMmRvYXV0aCMyZHYyLmh0 bWwuaHRtbCMyM1JGQzUyMjYKPj4KZW5kb2JqCjcwOSAwIG9iago8PAovVHlwZSAvQW5ub3QKL1N1 YnR5cGUgL0xpbmsKL1JlY3QgWzUyMi43MjAwMDAgIDMzMy42Nzk5OTkgIDU0My44NDAwMDAgIDM0 MS4zNTk5OTkgXQovQm9yZGVyIFswIDAgMF0KL0Rlc3QgL2ZpbGUjM2EjMmYjMmYjMmZ2YXIjMmZ0 bXAjMmZDR0l0ZW1wNTA3MjkuZGlyIzJmZHJhZnQjMmRpZXRmIzJkb2F1dGgjMmR2Mi5odG1sLmh0 bWwjMjN0b2MKPj4KZW5kb2JqCjcxMCAwIG9iago8PAovVHlwZSAvQW5ub3QKL1N1YnR5cGUgL0xp bmsKL1JlY3QgWzI4OS40Mzk5OTkgIDI0Mi40Nzk5OTkgIDM1OC41NjAwMDAgIDI1My4wMzk5OTkg XQovQm9yZGVyIFswIDAgMF0KL0Rlc3QgL2ZpbGUjM2EjMmYjMmYjMmZ2YXIjMmZ0bXAjMmZDR0l0 ZW1wNTA3MjkuZGlyIzJmZHJhZnQjMmRpZXRmIzJkb2F1dGgjMmR2Mi5odG1sLmh0bWwjMjNwYXJh bWV0ZXJzIzJkcmVnaXN0cnkKPj4KZW5kb2JqCjcxMSAwIG9iago8PAovVHlwZSAvQW5ub3QKL1N1 YnR5cGUgL0xpbmsKL1JlY3QgWzUyMi43MjAwMDAgIDcwLjYzOTk5OTkgIDU0My44NDAwMDAgIDc4 LjMxOTk5OTkgXQovQm9yZGVyIFswIDAgMF0KL0Rlc3QgL2ZpbGUjM2EjMmYjMmYjMmZ2YXIjMmZ0 bXAjMmZDR0l0ZW1wNTA3MjkuZGlyIzJmZHJhZnQjMmRpZXRmIzJkb2F1dGgjMmR2Mi5odG1sLmh0 bWwjMjN0b2MKPj4KZW5kb2JqCjY5NyAwIG9iago8PAovVHlwZSAvUGFnZQovUGFyZW50IDIgMCBS Ci9Db250ZW50cyA3MTIgMCBSCi9SZXNvdXJjZXMgNzE0IDAgUgovQW5ub3RzIDcxNSAwIFIKL01l ZGlhQm94IFswIDAgNTk1IDg0Ml0KPj4KZW5kb2JqCjcxNCAwIG9iago8PAovQ29sb3JTcGFjZSA8 PAovUENTcCA0IDAgUgovQ1NwIC9EZXZpY2VSR0IKL0NTcGcgL0RldmljZUdyYXkKPj4KL0V4dEdT dGF0ZSA8PAovR1NhIDMgMCBSCj4+Ci9QYXR0ZXJuIDw8Cj4+Ci9Gb250IDw8Ci9GNiA2IDAgUgov RjEwIDEwIDAgUgovRjkgOSAwIFIKL0YxNTAgMTUwIDAgUgo+PgovWE9iamVjdCA8PAo+Pgo+Pgpl bmRvYmoKNzE1IDAgb2JqClsgNzA2IDAgUiA3MDcgMCBSIDcwOCAwIFIgNzA5IDAgUiA3MTAgMCBS IDcxMSAwIFIgXQplbmRvYmoKNzEyIDAgb2JqCjw8Ci9MZW5ndGggNzEzIDAgUgovRmlsdGVyIC9G bGF0ZURlY29kZQo+PgpzdHJlYW0KeJztXUuPG7kRvutX6BzA4yb7DQQB7LEdIIcAhg3ksMgh8GYT LGYWmewhfz8ttUburk/UR5aK3dJ4ZrA7Ei2xi8Vivav49s9f/rH91+/bt/df/rP9dvh7/2VT3BV1 P/5si+H3zXTAd3elL3Y/286Vd027H/32uHnaPm0+bz4P/3/auGb/xcOf4R+fH1Hsf3//9tvm7fjw zTjy5f6vw6v/bf32L8N/v25/+vsw+PNhvt0HHjdd3wxwFIUrh7cP07euLDp31wyvh/FCvt19+N+b v/1h+9sOMH/X7YF3I4DTt2+qvuqGSbuivQjkp+9fHaAoe+/qpgu+nk5clgd4qq13ZbtbQ1EOSy+r ev+6qIfxurir9uMDDhpX7d44L8d9e+cP48d5HgLz79DzywTmvjz8BF/PYJ7C1pS7x44wT5/VNrut Qthm45O1HOd5CMwvYTbCcwDmEAyhfcmB59N7/Tgfj8LzadoI0ZIRnsui9Xfjyxk9D2e12n+mmsMg xo8wT+Z5CMxvRs9l0Y/4qea0UTo34kfCNh+frOU4z0Ng/kx4DsAcgiG0LznwfHqvZ/QciefTtBGi JSM8t63r9tO7OT23ben24Lg5DGL8CPNknofA/Gb03LZVtReZbk4bbVs3u9cI22x8spbjPA+B+TPh OQBzCIbQvuTA8+m9fpyPR+H5NG2EaMkIz84X/V5ICHp23hXdHrg5DGL8CPNknofA/Gb0PMDgD4re 4/xZrhzhlLDNxqdr8UeF8fT8mfAcgDkEQ2hfcuD59F4/ivEYPJ+mjRAtzWF+Njt6UMKTdPmmGiRX 15U782Xr6u1//zk85fNeV1dYBG7/OwVmHAlYBE9nvvj+6+btp2briu3XX7YjBG/GP19HqN8MYNfD u5+3f9wB9aft1183OwPoMOD3A+33gXI/0H0fqOQnxjk+fj2sPxOu+50eeXu47n15c7jufVvfIK57 3zW3h+vGtbeI62aAOQ+ulW6SpzNf3C/I7Rw5p1ZU+91BbdrjQb2X4Hb7gfrMgPyK+yBW6GqKlI9y 0hFL1XGgLMQn3DiHK88A0srd+SQGAFT4RPFBgtrKp3RyDgk7IoQCBhhyjm1M6SQO3wk4DoDtKU1P Mt7XgmacRICXsALeOc7Ggf7MHBKJiFU5KacQBAz2XzEpACYnxdXCU+DYAZIDnOYMpNdyuPGxFOvu PV2+fKzz8rHwFPgKMhmAHfYyHbKIjaF8CRhE6IxdePzrpk0WGWpivhTWUbp1z+IaD6LcGk9ZF9+a CMmEk9DDu4wQUfDhiM3MwcyQvIFV4T7wWRVsBR9DxR0Cb3e+z0km/hULMQPsDeiQS1mpZSHaQXXj gFGxiwckVphdyKmqthesCs4dbATXTKh8A7Lj/A9RlK7/uHtGhwgHlZkRzA3osDfjVCaSqi2CQhXZ P6X/CK6TrohxdQ/3QUGXXHUFBsF3Kv04uIIJGQtNjct6nAMoFxjVO0O6LN3zrI1kS4p9UKgl3HBP 3xh4LDIdYEsVXctKom08lq4wlW0WDGMlRTYC9HSnRMRectsHjjKYpVTVjeAPXI+Fp6SbxxpxqXAF wfLp4rhfD1ebg8VE8P48Trq6bgnjRnvi3lBgVM0PsXkK+ld4S7jHmUuhZfyJL1opA8IFSGHSLDq6 wqoHBBkwf5VvNCDrLrWeq1ZwHaoea1yB6V68CAOTqjYwh3snH5vOIA67acPsGxfE0O1aBybcn7to LDyh63iGISIbMkHPeXUC2s9FGiVyKnqCkLcDwQCzB4uDOrW41xcQhNwADj930HE4qCXoQebyMycn xQC1DfMvBReqRiQ6d3xQNUI/sY7LEdqJHwOC2EDvXk6CRjefRcOrs+huPGoFh8Ikn4JHnKSOEB0+ t5FmbTOf9bLQl4XHABQ+4GegZqRHLSPkHc+vSec0SDHUPcYXF8GKeWwQIaMKIaKMRwLx2OWJ25dF J8gbngOsiWMgi3ECcHDy5lq0wqeqiGPCMePWLACWw3Gdxdy//ZjUhWeqKar5mdL7f2xkV+/iMQC7 2VD2vohmspI5o4lk8CAcz/PRpJPwSA5X92jU4ZVlsO0H/VAh/BSpQqAgpXudTGI9XA3jy1dYQ5O4 9veyhLGJwvATfD1Lpo/4PE+1T3zonoH3u2KHU0nVzb446WjDesmMYSDCdQLR61Z+Ypx0YikfAtyT EfwMzlvAR+7F0TicpslAwMEyoVFINQBSGIm2+f6VgvJf+ZRoSKWAtt/9vqz0u29BH4Vc+oHjn9uC UCKCP0dArZw2IGrO5cPDrC4QfTnHKIFh00AJ4ggIqKaPhTnoU0DD9zAH3RrfwUZAzKOUs8Kp5J50 eSoPsK9Z4NQ39RyzxsUqP1aQW2EGK4wNvg08dLRMGBzdwBZZcj+ULs1deIqMJu7AiUh3TnfxoPfR MBWz78sQkb3SQ/Lp51G+ayEyXoegsAKz1PZQFQpiby9aWvKU4fKj/ARICxrijt79S4OtTTHnQocs gEt5WyWYWyhWfE4cAgUoDlE6NSOnglP1wYz998Pjgo+B1QFNAGNWMDOaCICPBUgNqu4ijibPvcqS 4EklRgVrkTaJlxzSj2Q4UTGrT2KS+uCESXGTI+3CGQIvAnUU8mBUTIEsrfbXR8UuDaQ2vTiJCtNF Iv5gzp9zzqxDrDz5wCI1yKJKIgJB6Y/lEuIEMfNJ7GoG++LYZAmZRIRKnJ6BliUN1n+SSpGUVRoZ wQMS1EnqPgJSefMOLjR5wh1nCIps00ValSxUSBQ4zJdy96qZnyoTnK3kqEtnokipPOmLxyO5A5XX VvDGTMu0mYGIpcKTuQg5aDhIxuL2viifFaZXQcUEFXY7k/jgBnJMgzSaJ4lfgaTg9LKoCHFowst9 288JbyWH8Frc3iIHUlGvk05UCrcrb/8TkUcJ3m/qRMzTQiS9JjRn8q4Nt6/LIJZfsrs3S99C0DE0 jawsFBdFCBbOh10wrC+6Y74U9bLfMmen7DEihJAetI9Q21HF4Al9nLcpqJ3XmSySEfzqHr599/C5 wjMFy8jiHVknTMPrnQ7c3oa598dKJd7uBquoIgq8KEvgJvQyIfQIEZHDTtN4ZSw6nXLdVkqI8h2l bl5mBXkKOQrcOUlVlaRCiwwCRc5eFs71msRGtrJk9IFfAdB5J9yI2m75GKDLpRrON66eywPQkCq7 bia9c882xYmCfyD4dO6m0CqBAXi54x5yAWWbCPBbos7o30sSgFxpyHQF0CLol2dgcxHBqxm5/DcJ OlsUPL5sfZf7DGiPBHSZ8NxGhRF5teWcEU5GRRcYrlXzluN0p3gpgKHL5OJy7n4uAfTavY0o8gl1 5bz8R7J3DGVJv0LlQAKqbcIUyCC1/YQohhILmsqBPX8k9WKVlaLExCDIaCLeIiQxMF6D/m3YoIrr q6A3wxzLODwoCYFb7TBgc9zr5/rPcpx1WqmncCuki4Rlbn+44RRiw5yKc/zwNT9CwJElPyJHpA7X oji4BmUKi6ZpKDxClzLMgTXOOGZEw9dAv+vcxaE3n3JiI9uaPhohWbyZEa58mygDWES8J9w6d1nk 6dXPzyHP7aCy7XZ6866lDeXw5Fy9qXfxHVzFnFXF6GH0dGvuHL0SHxrnMhG92ngzR0UNkqVk6qoQ IFx1xeXy0O0yKUPpZzXCtlE0kUtXTC3y5xW9DCMUBOr9zOM/utqrIbkEpWxKc/ExL9qIyHzntxbb yJSqE0xmEaVioYSA9CRki+g+ch0ehTBMOvXOmyozyyRVRjCN9Fs6TbI5wDHB13ItfX0AMNgoEG6g /SiccFxfhBPCc72Q6l5dmwL2a3VtRmhuBqbbWoF83vydN8OJTf67NIDs67mEiC4etpFMvl1XQ9Bw pizZz1fuUn31U4Wlzg2nPr3cztS9759ZS5bexCbdrcf9WLy9bZam06GsyTNNRvAsQY/gQ95olQJ7 eYKoQTqNI+bNe5s97ZW+myOhldt1UZdQy2SbC8W4K8YFV2VowdeTK7uSDyJdbb+WMo6rz9u/VPkd abc+HlbISb+Za8vw2OUoFwF7MuLqV2BvoB3yrC/qX+EFRxE1/QonNWdlEmMRnSQ0zE6R5g1GuqlA aMNNn2/nUKVfp7YQVSkuf12JqhRIxcfSCxZNChKoHctjY1lS5fJU7KpNcKlYz8y16qS5Fv5UjAIe 8YCRJ9XBmFbXCqYEggzCrzAALlwpc2CghFMJRCgPMjqKYaA4uQvbRcybZ+7ePSecXC8niqiuwFCX RRb3tSCAs+JM105HF7Jd2viyLgUx8p4qBrsVYeEp4pK3eyfDWlUbhnfY2Oi8VVEZktn16mdrharT E4AicntBgYfAG78PmfI7RfFvCB+XZveUfk6qlp6Uyh05MfagBrEBnlEwlYECLC6p4l4Pnrq+TqM+ vIWGN0zkLnd08qWH801dB9XxUkkTX3IeSjQoO71hSozgmhaUmCnwkSVdxSLRmNZ7RcCRfj2xhWfk RR0QhfuNJqtFGA084yewc0Zst4qvd0OionlUqPCl59VeS0jP5JZwi3q4F9SaLOKxWXodpRcMWvRM M9W6G3EJN9yGfU5ecqrj7DC9LU9E7hrMwUvbqfVrq6e2x6o7IHfFpUzcZFZkxFK3AwbjgB9AZ5P0 vEPkS/ReP00HOQm6pkCKYl2hL2B/TNrYCDsoy+VjtgZ1eFvQaYRmkx7yUuwcd0JpmkEY+CVvr9Gf ETvsqyARLRM2p365CIlhEd6h+kFEqig6t7NElhX9A9OznblKtVLCWwTVKaQyTyuhF1TiviiOVDpP xUml7LfJfr8dhPBqYI0Xi/KUkBJuw6nr4llxxXAvql1SVVntGi/OVniZdXqL1ZU6SmS6hGa0GGt/ bNv3Q11sj0jl117C1vEDz63dtUMsdXk0XXniLOymIokgy71ui5SZXQ3NaFZncEvbMgxB4/u12Nyr zdPQKK/8GCqOcnqfmgjZvoxMtfOwG3HdY+9Hjd6V8/xfur7GzdcX0e6IC2uFrnYtwU9Fijtv9Qtp WAr/FhCEwpcP9Vz8vK90S8XViG7u7wFfNs+h5EyUc8SbueV9YWdmndD8NaJRG7+iPlb9u5hT+/ny Ijgkz0vI0e7t1YmQrvBQ4RahVcLieN4OXy3fbaB/HmbKkgyi6NRzzlPz0ppqNN8dB+lNNbD6Kb1l BjaV8HIgunLAS/E7bcTRymkDAuhMaZAf1zvR8rF5BW3NYWNewmOoIrhWbxI/qchYvLxtbErVtILa zqW1KnjdOi6WtXS99PQ6TW9ci3vfF3E5WZYt3aRn64YqkE4K8ro//CBTEv8WIaDDk+0ZVROq4ml2 Xfu6vn+uZz5cewZyZCp7Am1cp04oKdKg/BUGvByoTlfUaVdaVm5er4RZXyCHQcvrBXIO1DKhuPen pT1UvU7Ip5afgIFGEtjEhBt+t08DglyzX+nhz7dHrcz7vP28+T86h1oTZW5kc3RyZWFtCmVuZG9i ago3MTMgMCBvYmoKNDA2OAplbmRvYmoKNzE3IDAgb2JqClszOSAvWFlaIDQ3LjUxOTk5OTkgIAoz ODMuNTk5OTk5ICAwXQplbmRvYmoKNzE4IDAgb2JqClszOSAvWFlaIDQ3LjUxOTk5OTkgIAo1OTgu NjM5OTk5ICAwXQplbmRvYmoKNzE5IDAgb2JqClszOSAvWFlaIDQ3LjUxOTk5OTkgIAo1NjguODc5 OTk5ICAwXQplbmRvYmoKNzIwIDAgb2JqClszOSAvWFlaIDQ3LjUxOTk5OTkgIAozNTIuODc5OTk5 ICAwXQplbmRvYmoKNzIxIDAgb2JqCjw8Ci9UeXBlIC9Bbm5vdAovU3VidHlwZSAvTGluawovUmVj dCBbMjY3LjM2MDAwMCAgNzc4LjE1OTk5OSAgMzI1LjkyMDAwMCAgNzg4LjcxOTk5OSBdCi9Cb3Jk ZXIgWzAgMCAwXQovRGVzdCAvZmlsZSMzYSMyZiMyZiMyZnZhciMyZnRtcCMyZkNHSXRlbXA1MDcy OS5kaXIjMmZkcmFmdCMyZGlldGYjMmRvYXV0aCMyZHYyLmh0bWwuaHRtbCMyM1JGQzUyMjYKPj4K ZW5kb2JqCjcyMiAwIG9iago8PAovVHlwZSAvQW5ub3QKL1N1YnR5cGUgL0xpbmsKL1JlY3QgWzUy Mi43MjAwMDAgIDU2NS4wMzk5OTkgIDU0My44NDAwMDAgIDU3Mi43MTk5OTkgXQovQm9yZGVyIFsw IDAgMF0KL0Rlc3QgL2ZpbGUjM2EjMmYjMmYjMmZ2YXIjMmZ0bXAjMmZDR0l0ZW1wNTA3MjkuZGly IzJmZHJhZnQjMmRpZXRmIzJkb2F1dGgjMmR2Mi5odG1sLmh0bWwjMjN0b2MKPj4KZW5kb2JqCjcy MyAwIG9iago8PAovVHlwZSAvQW5ub3QKL1N1YnR5cGUgL0xpbmsKL1JlY3QgWzUyMi43MjAwMDAg IDM0OS4wMzk5OTkgIDU0My44NDAwMDAgIDM1Ni43MTk5OTkgXQovQm9yZGVyIFswIDAgMF0KL0Rl c3QgL2ZpbGUjM2EjMmYjMmYjMmZ2YXIjMmZ0bXAjMmZDR0l0ZW1wNTA3MjkuZGlyIzJmZHJhZnQj MmRpZXRmIzJkb2F1dGgjMmR2Mi5odG1sLmh0bWwjMjN0b2MKPj4KZW5kb2JqCjcxNiAwIG9iago8 PAovVHlwZSAvUGFnZQovUGFyZW50IDIgMCBSCi9Db250ZW50cyA3MjQgMCBSCi9SZXNvdXJjZXMg NzI2IDAgUgovQW5ub3RzIDcyNyAwIFIKL01lZGlhQm94IFswIDAgNTk1IDg0Ml0KPj4KZW5kb2Jq CjcyNiAwIG9iago8PAovQ29sb3JTcGFjZSA8PAovUENTcCA0IDAgUgovQ1NwIC9EZXZpY2VSR0IK L0NTcGcgL0RldmljZUdyYXkKPj4KL0V4dEdTdGF0ZSA8PAovR1NhIDMgMCBSCj4+Ci9QYXR0ZXJu IDw8Cj4+Ci9Gb250IDw8Ci9GNiA2IDAgUgovRjEwIDEwIDAgUgovRjkgOSAwIFIKPj4KL1hPYmpl Y3QgPDwKPj4KPj4KZW5kb2JqCjcyNyAwIG9iagpbIDcyMSAwIFIgNzIyIDAgUiA3MjMgMCBSIF0K ZW5kb2JqCjcyNCAwIG9iago8PAovTGVuZ3RoIDcyNSAwIFIKL0ZpbHRlciAvRmxhdGVEZWNvZGUK Pj4Kc3RyZWFtCnic7V1Jj924Eb6/X6FzALfFVSQQBPAaIIcAhg3kEOQQeDIZDOxBOnPI349WPpGf 9Irio5bXVjdmrKZEqkhWfbWwSL3+8+d/Fv/+vXj97vN/iq/9v+8+X8qnUtnupyjr31fjAm6eBC+b n8Iw8aSrtvTr98tz8Xz5dPlU///5wnRbsf+nvjm8omx/f//62+V19/JLV/L53V/rq/8VvPhL/d+v xd//URf+1LfXPPD9Yqyu6ShLJuo/v43/ZNxq/STr67q8DP9sHv7l8rc/FL81hPEn0xLPOgLHf75S ZWUlr2tWd5H8fK36pEthOVPazF6PGxaip0cWwqjuWtVdF1LVNdo/hNHdtWrGQDPZdpSH5bx64n25 a+fbTPvN8Pw8otmK/mf22qN5TFtlGnI6msfvsqwhB2nzykd9ce18m2k/pDnTOM/QPEfD3LysMc7T c/3dL48a52nemOOlTONcSWmbNhnz+bmSmrevZT4NQbmjedTOt5n2s/FzJSvVvpb5vFFJY1roAdq8 8lFfXDvfZtpfaZxnaJ6jYW5e1hjn6bn+7pdHjfM0b8zxkk/zoNYsgPwiXaFlLel1K6pWjwVTxX// Vb/lU6sLEjQOa3/HxHQlMxrn+UbFt18urz/qgpXFl5+LjoJX3T9fOqpfNVimiy8/FX9siPpT8eXX S6Ng+wLeFlTXAtEWmGuBDJ/o2vjwpe//KmMtS17pRxxrbqqVxjrRXHm+UbHtUN2d2sSa6JHixSth tTUDMbolxjrqmA3oh4LyYzgGpi1QN554HzbKwkbfhU9UYRvdOMrrE2+pNsoPIWHwlm62mLgxf9A7 eCJ8DTPhlAPtPCiAEULawzZglGFQ2fuADhzUKqwCpCfM5XJKsQqMOg+rzAiavMEPYW8j3kLPC3Su DIcQ6MghMNDbcDyQHUC0QYKgt/TMQV+AMBixkFLxgZwo6BzwaUgHZyEd+Xisxe47QFiaAIVfHqfe O0Stnqqam4/O3cCqNGHYOWD38C1rsvutNoB0RVF6QtkKUJZgPpzskMYO9yJbKQJoOwiCRNhPM5Tm wXpuogeEA6vCbJJCRZvxOA/gCoFd3xXYecIixI6eh/AJ8T54LTII9CX0DXAIwUeBJ6CNTSxdLqnO RaAw0JE8+3dyvygrn/1FmaVZY4NmGakRwDsGDkgQouXcDG9BqQI0pwURKIX5BVW1XP1zsKiBz+C1 QCkd6KBHnRYzEstSfNBYmyKPxpCDCpXQfxbMAw8RkndsyEpXIj8GjahuMsfBIXI2kXdBht4stt1Q 3QGLYBwLxAzQG4JBpEk0R8id08nL0p/PCNLWMJp3CkuBKNIogpqXfi30FjgzYYCWv5bWEBPMTDdC EoICH+GJheMOAkAHsmmdSUMx/xgaOKGuStERAFXQfYAqmKoPMKjAM6QmRnYnaU+JdrzPqHnUbOQO oAuxjB6hVZYL9op2MiFWGLN9XI8EEEXuppe6EmJGtNG43EZMYSraMgfCYA1KkwO0jye6TYz1VFSU ouo95Buai3Z2Iyxm9o4SMqwS9i5CDEO2m1OHeTRXFR92zBJlI5fgN8Jpcm08JdpNCncCCyWYtjgN ywcZY8xk+C8BHyKGkCad7j5oFJjsDEHXiKj8Cwq60pHtCCsOGg01fQSvr2I+AAfRkg28/iYfSpuS DRhMxrofGaX3WU6NMJ7ROKATpWicSuB2ctUuZRV7udGew649g7T7BmnlkkYTuDtHjGKfBRY042cS DPKAOxsyt1GVA4YCy0RkrNKQQDuy2yxkR6iINTyslNjIcm85xU4NNYR4Q3I38BApqeA+I+kh/CGm wBMkS0kZcmGOdfzl6n8V5DpuMroQ1MTgsMNKOE0qyiUomfA1wBAYtZlZgLgXh3XlAzGYJmirgBDx 0DRBrlkOEauuWhgx61XwcMY57At5E0pvGOpDY42/DVkgtPhKBXVC0iL4F1pdbpxGbEiJkM4ca64Z LO0XbmjSzjpIIihaiFXQqX0J3hs0mmNzEU4uncqaEKlbvmcnwpyls1LJmcIhWzFWcS/uqsoH3nXM 6hyLTiFU40pO6JzLjBs9jNRzs0kne9OdgV2OE9o7fIROfoARAeYFhETITLBfE9KSc2i3CEUMuJth XxMYHhHmKsR3oI1tAg0kC0E4qy/II1SVHEaoa5Wxu3Bnp12cLznp9swoIGl/nIyCNVbIsC8Jgpsh SX/NxIYlDtQc6fcCZg2NHmLSpjvaJfRa/zZwePAFwTy6zdjoAdlpT2am6D44RAC7a2QIJDj7KRYE vRJLyyGdU7HKmRb7LKLuZQ2tEcg5vKt3J1LJqvShKsYOI6U7Inualqp9QmjrnFhDB9liGS+LZrKl nCOENl2xu/SS6TapOstlNcK3obPfMhimObLHI3LKlh/IQQc/14kfLWcHGlFwxOgqCRqUhKmIZI+E LQsRueLkOReZdEp3dNAIZDYxKjZaiF+eyEuncWOaLp3pTC9CZEz2tIJnNWa2SWaMAA0wEBL2UyTM NwQmMhzrs4pPHTEeMFGg3MD6SQjC0fYiSAidY4Vcd4Y2A9qPGtqMsNwyuG57rePT55nSR8HEJt3d qSA0V76GiN46m0czySp6SPbK1N8m6/jgIdUzTjWvdR4482lkZF4P5O4+41H/zF57x0hHPE8fMr3w pS222OaY76nDXnR7fDkboIWHrjUUYHhuZu+VXNIGcCyo524+xovmwMMiZMgPIR/QQt7Jo75WKckq 4Vt6Jrchx95yg+EJkDaQJR7W6dNG5RLaxQRTg3bqSrKffq473pPDSRQstMAOk7W9agrPvQd6lN0w auHz0hETcHeKbCx3Bo6yKePwmwHuNak73q0eEAIiwjYhZXS8OMJy2efsnbxYZbNi1VGGaJWspYT0 oYRd+4eVsojFIDoTfvlegQjhppUKbeTm4H768Gky5I7e0PIFtsOKZcJqWYSdkhMOWfmCvzxxPHMw IZ76g0/Dcb+ZscoHDg7LlmucCLjNiG30zYSMPgnjg40Km2/pU7IiQpS0/ly+fy8iyg1t0EnwsXva MylDMShD2AWdchAAHRxIWDsj7QX8AgrwP+yBWr5Cgcvx5Jn5KVvNQ9JTUqkSdomSAoInWJC7JvGM o7D7GIEhrfgcfBpxWsFyRzBh5uiltZRtIzk20T/ciQCZ4FDt/WGiVXzDhAAErEZDvg7tb8P5Fqts 10o5aGD5uijt1+4UxE6ISERoZXpvHvkhB5yXBJFajqnYaKj786yTP86A0HnDCVhOY8qcEZ4JqfVg uMoyhBk0u0JTZbcjsmlYoROyE+Kr++w9WemY2N5jNIOq/rE+AIeDSgd6Yepogae93YQFmLyuq/uC MH2WHs7m8nWddU5R3yQh7TA8k9K7DGeibwMICbnlWSb3sMuLKcYrLYYJorx8R1uEbt9Gp+bYm/4u I+py9+neFLtrTfm/t3+a+f175LXwHHqHTnSgY6gkRKbEt+iPU9CxfMjRouV9p+MsD6O66XgPxLLp pSwaRGlEfJivoW0czOQLPioesaWb/pTbRh+RZ5r73YtASHrP0hqpLmcQYbnBQyq3CKsSOkcnlNC9 pWcb+J9eZlolGyLH591f8PYbfg0crLH9JuIJevtNNc1bNzbb0BtlYH8K7GA5zDYg2qnp1dGYMnof EL1VgazCRs7U5lt4VKv4BHfHv2XIaJ1YpYMMnIR8PADHw241oIF9p++QgWkgQnc6IsBEn1tLn6m5 /BSuddKrljstq2cjx0AAQwhgvCxqQVai+O6u5RMrpSoYs+2Ftm1pU2D6q6813OknY5UUpbup/cq6 b7d9tr1mbY0iqMpcu6x91ntpfbMnaqjs6P16+eXy9g9rARwTbRBGqGGD7HFhY9VNireMW9rIpgPT pODIKhQcABKbSwq0uUqBtlNSUJUDt9ZXoRS0N7VfWfftOinQekoKtB7ara9CKWhu9kRpTwradreQ goo/nhT8kPv0zs0N8cpzp2T+g2TmZ+x+BuQ1I/vDTNofxtkfBu0P46DW+PaHGdkfZtL+MM7+MGh/ GGd/GN/+MFvZHyY4oOPcjTDXKI2A6XniGTjcjmwLO2VbyHKwLZqrgMO7m9qvrPt2HYfbSdvCOtvC om1hnW1hfdvCbmRbyHKwLc7sKapzB8ueuiFqCZ9y3Ojg+qPkG9385tBdUCO5dlAjeTUFNdwMUMMN QE17U/uVdd/uADWSywmoqUtduzKEmvZmT5QcQ03X7hZQI9x8PY4b87Kd+ZQF09h0kAySJNlVkiSf kiQpBo6XAiSpvan9yrpv10mSsFOSJOzQbn0VSlJzk5deZUfvNpJUd+XhJOkMCFAK9/REGxG7irya VJ7KKU+FylM55al85alGylNNKk/llKdC5XmVceUrT7WV8tROKE5P9DbyHNsTldVIqVWTSq1ySq1C pVY5pVb5Sq0aKTU9qdS0U2oalZp2Sk37Sq3aSqlVg1I7PdFdfKTTE91ilLf0RK11UKPKcgJqVDmE X5urAGq6m9qvrPt2HdTYagpqbDVATX0VQk1zsyew8qCmbXcDqFGly+1/HPt5q89XH+RQIVx4Jk8i mFMT90uSYvIqSUxNSRIbwrzNVShJ7U3tV9Z9u4MkKcYnJKkude3yUJLamz1RfCxJXbtbSBI7j5Cd k9fH8UTPpWl/xI7kESs+UuJiUokLp8QFKnHhlLjwlHjTroMePqXE69KhXQ5KvL3ZE+gp8a7dLaBH nCfFRSLgsT1iJUfKVU4qV+mUq0TlKp1ylb5ylSPlKieVq3TKVaJylU65Sl+5yq2Uq/tEw+kR7+Kr nR7xFqO8oUesKn6FmkpMQU01hIGbqxBq2pvar6z7dh3UVOUU1LjUVdWnrnovLQdscZUdvdtATaUf z44/jke8ydf00CMGs3TG5s4gOKa6Co4xU4JjhuhycxUKTntT+5V1364THKOmBMdlHqo+89B7qRok xVV29G4jOJY9nuCcDnBQcDrA/oidudmZun8/8uryarLocspk0eVgsjRXAfJ2N7VfWfftDsiryymT RbuMWF2CydLe7InyTJau3Q2QV5eDyXL6/wTyHNv/1+xqW2g2ZVtoNtgWzVXI4WywLUaVdd+u43A2 ZVvUpa5dsC3amz1Rnm3RtbsFh/PBtjj9f6pzp/8fTN3p/09BTQ0ODmqknoIaOQS9m6sQatqb2q+s +3Yd1EgxBTUuU1X3mareS8WALa6yo3cbqJHDURIP5MZslZsN693Lj5XLthKtdXnlYM2mOFgPQe3m KuTg9qb2K+u+XcfBykxxsEu81H3i5filzU1eepUdvdtwsJaPx8GnIx4UnI64P2Lnh/iOMA0v8EN8 9x692INuZaMH8QcPKq3JQxnMCjsyK+ykWWGdWWHRrLDOrLC+WWFHZoWZNCuMMysMmhXGmRXGNyvs VmaFHcyKM8pE4Pl2UaYnZfsf5PXgXsS5kvONtRyiZxhEMF68ErZyp8/Kjvbr4YUMDkZnwEMyfKRn kVGoR1IFPCyQ/Dpo9W/xXPeX6Zbw/p+v31MPLfxUfLr8H6ureNllbmRzdHJlYW0KZW5kb2JqCjcy NSAwIG9iago0MTMyCmVuZG9iago3MjkgMCBvYmoKWzQwIC9YWVogNDcuNTE5OTk5OSAgCjE0NS41 MTk5OTkgIDBdCmVuZG9iago3MzAgMCBvYmoKWzQwIC9YWVogNDcuNTE5OTk5OSAgCjE3Ni4yMzk5 OTkgIDBdCmVuZG9iago3MzEgMCBvYmoKPDwKL1R5cGUgL0Fubm90Ci9TdWJ0eXBlIC9MaW5rCi9S ZWN0IFs1MjIuNzIwMDAwICAxNDEuNjc5OTk5ICA1NDMuODQwMDAwICAxNDkuMzU5OTk5IF0KL0Jv cmRlciBbMCAwIDBdCi9EZXN0IC9maWxlIzNhIzJmIzJmIzJmdmFyIzJmdG1wIzJmQ0dJdGVtcDUw NzI5LmRpciMyZmRyYWZ0IzJkaWV0ZiMyZG9hdXRoIzJkdjIuaHRtbC5odG1sIzIzdG9jCj4+CmVu ZG9iago3MzIgMCBvYmoKPDwKL1R5cGUgL0Fubm90Ci9TdWJ0eXBlIC9MaW5rCi9SZWN0IFsxODIu ODc5OTk5ICA3Ni4zOTk5OTk5ICAyNDEuNDM5OTk5ICA4Ni45NTk5OTk5IF0KL0JvcmRlciBbMCAw IDBdCi9EZXN0IC9maWxlIzNhIzJmIzJmIzJmdmFyIzJmdG1wIzJmQ0dJdGVtcDUwNzI5LmRpciMy ZmRyYWZ0IzJkaWV0ZiMyZG9hdXRoIzJkdjIuaHRtbC5odG1sIzIzUkZDNTIyNgo+PgplbmRvYmoK NzI4IDAgb2JqCjw8Ci9UeXBlIC9QYWdlCi9QYXJlbnQgMiAwIFIKL0NvbnRlbnRzIDczMyAwIFIK L1Jlc291cmNlcyA3MzUgMCBSCi9Bbm5vdHMgNzM2IDAgUgovTWVkaWFCb3ggWzAgMCA1OTUgODQy XQo+PgplbmRvYmoKNzM1IDAgb2JqCjw8Ci9Db2xvclNwYWNlIDw8Ci9QQ1NwIDQgMCBSCi9DU3Ag L0RldmljZVJHQgovQ1NwZyAvRGV2aWNlR3JheQo+PgovRXh0R1N0YXRlIDw8Ci9HU2EgMyAwIFIK Pj4KL1BhdHRlcm4gPDwKPj4KL0ZvbnQgPDwKL0Y2IDYgMCBSCi9GMTAgMTAgMCBSCi9GOSA5IDAg Ugo+PgovWE9iamVjdCA8PAo+Pgo+PgplbmRvYmoKNzM2IDAgb2JqClsgNzMxIDAgUiA3MzIgMCBS IF0KZW5kb2JqCjczMyAwIG9iago8PAovTGVuZ3RoIDczNCAwIFIKL0ZpbHRlciAvRmxhdGVEZWNv ZGUKPj4Kc3RyZWFtCnic7V1Njxy3Eb3Pr5izAa34WSSBIIC1lgLkEECQgByCHAI5TmBYRhQf8vfD ZpPVJIsznJ3tpWYsrmCLIofV1c2qV6/YnNrXf/rwj+O/fju+fvzwn+On+PfjhwN7YNqtP0fm/7zK O4R9kIItP0fL5QOY0Pvp8+HL8cvh/eG9//+XA4cwMf7lB9MlWPjz26dfD6/Xix/Wng+Pf/Gt/x3F 8c/+v5+Pf/u77/wxyls+8PlgHXg9GOPS//OX/J9cMg2h7ftZ/c/lw/8+/PW746+LYuLBBuX5qmD+ z1daMCf4AzDzLJW/bFO9LOlFarAn27lgKaM+6siZY9p/zGv2+SBVaDKml35uH9R6cxa4Cm1R9wvz IFJ/kvPLCfnL4/kp09nJ+HOyXehc6CZ5uO6ic3EtpdKClLrl/fm9JDm/nJBf67zTcz6h8ykdTq3L Szzn9lp/rvovec5t2zhlS6XOCQYccYon+RYodVR+WZiHkyPXx//+01/lffCdKzyUhz+5MmvPCQ/9 cmbim4+H1+/AP4Hjx5+Oqwav1r8+rlq/8mobfvz44/EPi1J/PH78+bAAUuwQocNsHTJ02K1D1Z9Y Zbz96O/+Esjh9Ia4YEfFjLfCz9iGB86UN0vuQgNc6DW+w8bWpwPn8GCdVpLhIJSTIcoNnw1tGWYc q6kS5crw2eKifjAqlSajvp+8eb357jygfjnzWMJy8QXyW+vFJffr5S/k4rOWP4Rn7fDh8zf18tTr xX+o1+tdteZ8XXN15hNExmN9WRs69GkZ7IdaMd62rE0P7upPEBlEMVN/Yn0eXJ55QkSR+mYkqzq4 ra4reT1F1g+1vjv1tppCOsgU+pRFrTpZulrT233K9Am9q5/Qu72gxscmhBqpWlAjdYIEqQnUSMSW bTJEuQg1Psw2oMa7dJLLCdQsg1EpXkBNkDsCaqRJ6/WuXi/i88Re609cYBbUCsgnum5BTesKRfoO S12J6N6HRbmXBSu7WbByLQvWLFmab9UWHAahnAxRLlqwgpYFK0hyfau24GUwKgWFBQe5IyxYi/uz YAqoxNZqzQSB/hNMLTNg043JQwJ939XoZesHdEEorPWgy0CCJfsqPIcqRsDpbfd5kHjbRSvB5zI8 bRnIM6X0u3tZui67hQTISA00SQ0gqQFKagBjAJSkBjJSA01SA0hqgJIaQFIDJamBUaQGEqkREJ71 lj9RcyURoF7Aa4CXwGrfOomFE+skMmp4p3jfjUx9aBZvKqGChFle3a3Qe1m4yUiPaZIei6THUtJj kfSYkvSYjPSYJukxSHoMJT0GSY8pSY8ZRXpsIj1zh6B3c3OHoFq6uUPQgBrLAKHGMtOAGstshISl VUHNOgjlZIhyE9RYphpQY5dN9yhX1VATBqNSKoeaVe4AqLEc1+t+8qtROwT9OE9caS/2ZwXfDFaI lsGKtMu9tGqDDYNQToYoFw3Wi2sYLHdJrm/VBrsMClZMRn3HGKzQ92ewc0Og6piZ6Hlz2DETzUyq v0NAbp9cVveucmMbJDtAscy4g2xyB4ncQVLuIJE7yJI7yIw7yCZ3kMgdJOUOErFXltxBjuIOCi1r JuLnoei2E3GrM7Khm2RDI9nQlGxoJBu6JBs6IxuqSTYUkg1FyYZCsqFKsqFHkQ2dyMZMxHs3NxPx aulmIt6CGuM2qLGsBTU27T4vrRpqwiCUkyHKRagxpgU1Jp02Wlo11CyDUUFTQE2QOwJqrEzrdT95 zaBE/ALNulGcfEKZmnOfSObP0XTin/0chMSNqwF8B290avNGp1ve6NJO+dKqvTEMQjkZolz0Rida 3ugEyhXEG5fBqJQovDHIHeGNzt6fN85dhqpj7jJ04Ovb3mW47ff/jm1MyfEWU3I8MaWlVWHzOgjl ZIhyEzY71mJKDs9lO0aYUhiMChZMaZU7AJsdT0xpbjt0sOm2tx2c2NiHEy324URiH0urtnCR2Ec2 GaJctHDRYh++F+US9hEGo1IF+1jljrBwkdjH3Hbo3dzcdqiWbm47tKBGiw1qtGxBjU577UurhpoV QMrJEOUi1GjWgho8t+3iue3ioixhC05GfcdAjYa0XveT6Pyuth1oUnIiw9jBC8BsXgC25QWQ9uOX Vu0FYRDKyRDloheAbnkBHlV18ahqcVGdzB4no75jvAC/QnlHXjDT/apjpvvnzWGm+y/2PHbAZpsx FNtkKBYZiqUMxSJDsSVDsRlDsU2GgoesnaUMxSJDsSVDsaMYik0MZab7HWy68XTfZezDNdmHQ/bh KPtwyD5cyT5cxj5ck304ZB+Osg+H7MOV7MONYR/cP/O0gDPd79zcTPerpZvpPoUa7kErQY1vN2qP +N64xx1aJdTEQSgnQ5Qboca3G7VHll6UW9ceWQejUnntkSh3BNSIVHvkjhKdQek+pQb9B9A1epru 15/gj11auhPH9HbINrdQvOUWSiTzVYK4RRiEcjJEuegW0rbcIp2QDa3aLZZBwYrJqO8Yt1Dq/txi 5v+96DkPr3Oms0iom5FQYyTUNBJqjIS6jIQ6i4S6GQk1RkJNI6HGSKjLSKhHRUKdIuFMKzvIc9Np JWcmC2qmGdQMBjVDg5rBoGbKoGayoAbNoAYY1IAGNcCgBmVQM6OCmklBbaaVXyXhmWnliKc8Mq10 doMa1yhYwTmLe6mhVUHNOgjlZIhyEWpco2DF0pugxtUFK9bBqBQUUOPGFKzwd3aHVbpGvUUmUmu/ oI7Sf3VRd/TzzOvZ8PMdh3OsZeTbjVpGvlcnx+F1LaM4COVkiHKT4/ifhuPwdEYytCrHCYNRqbyW UZQ7wnH4HRZonIlnx8Pni+cKreaL55d6Hjtgs9hIDRdNUiOR1EhKamQiNdlkiHIRm0WL1PB0uje0 amwWidRsk1HfMdgsE6mZOwQdbLrtHQKuMvahmuxDIftQlH1sJq1K9qEy9qGa7EMh+1CUfShkH6pk H2oU+1CJfcwdgt7NzR2CaunmDkELagzfoMY0Kmn43rQtvrRqqDEyYYsRBdQYvkENNCppLL1JLtSV NNZBwYrJqO8YqDF3WLZr1A7BS/DUm3rxzC1sbmEbJZR8b9pLX1q1W1ib/MCawi0sbG5hGyWUll6U W5dQWgejUqpwCzumhJLXht2fW8z8v+qY+f95c5j5/4s9j+djs2AbZRGsRVlE+n1aoVVh8zoI5WSI chGbXZOyOKQsjlIWh5TFFZRllTsAmwVLlGXm/x1suu38X/CNfQjeYh+CJ/axtGoL54l9ZJMhyk0W LniLffhelEvYRxiMShXsY5U7wsIFLuDM/zs3N/P/aulm/t+CGqU2qFGNkha+N216C1WXtIiDUE6G KBehRjVKWiy9KLcuabEORqVEATVqTEkLf6E7LKj1tb5nLmtaStGYoODTWSjdISA+vtf7f6Hd5hbQ qGXke9NOuYC6llEchHIyRLnoFrpRy2jpTXJ1XctoHYwKmsIt9JhaRv5+7rDq48z/q46Z/583h5n/ v9jz2AGbTUZZTJOyGKQshlIWg5TFlJTFZJTFNCkLnssWhlIWg5TFlJTFjKIsJlGWmf93sOnG83+b sQ/XZB8O2Yej7MMh+3Al+7AZ+7BN9mGRfVjKPiyyD1uyDzuKfbjEPmb+37u5mf9XSzfz/wbUSI41 Lny7UePC96ZNb8nrGhdxEMrJEOUmqJG8UeNi6UW5dY2LdTAqlde4iHIHQI0Ud1hha1T+38+nuro/ Q9UdrF6Kzeplo3aR700b4VLWtYviIJSTIcpFq5eN2kVLL8qtaxetg1EpVli9HFO7yF/oDqsrzvS+ Fxzn98q5VFmgU81ApzDQKRroFAY6VQY6lQU61Qx0eFZXKhroFAY6VQY6NSrQ6RToZtbYQZ7bzhol ZEENmkENMKgBDWqAQQ3KoAZZUINmUAMMakCDGmBQgzKowaigBimozazxq+QzM2sc8ZRHZo1uK2Eh XauEhUy/Lim0aqhxqYRFNhmiXIQa2yphIfHYrbSkhEUYFKyYjPqOgRp3h3WZRv12coK15DLdb41z VVOU7muo6J/PN3rFtspEirUqE6n0e2hCqzL6dRDKyRDlJqNXrFWZSOF5RsVIZaIwGJUqKhOtcgcY vWJ3WKNvJo292DiTRq7EFueUaMU5lX4xT2jVLi9SnMsmQ5SLLs9bcU7hAU/FSZwLg4IVk1HfMS4v UpybSWMHeW47aVQyC2qyGdQkBjVJg5rEoCbLoCazoCabQU1iUJM0qEkMarIManJUUJMpqM2k8auk MzNpHPGUByaNCraqBgpaVQ1U+qU7oVVDDSC2QFHVYJGLUAOtqgYKz2oqIFUNwmBUqqhqsModATVw hzWVRr1q7B9WI0j69PNtxKVvuzqZMlsFHGVaFXBU+hUpoVV7kk0VcLLJEOWiJ5lWBRyFJ+uUIRVw wmBUqqiAs8od4Un2Dsv6zUy0F3DvPhPdrjIPAe8EgS4jE65JJhySCUfJhEPMcyWZcBmZcE0ygUcv laNkwiGZcCWZcKPIhEtkYmbmHSS+7cxcsy3Ia9YK8pqnIL+0KgtfB6GcDFFusnDNWkHe9ya5jAT5 MBiVKoL8KneAhWuegvzMzHs3NzPzaul+95n5g2Dx52S7AKILPt935CdeNLi5O3Ld8nIBwcltVcsy i0l1B/u+hu3ve5+gtkQ6eDt6utNrSmWsscDjFfasunNeG487YwjkwuQ6u0h9rDtWO4c6gBJkzKya XRjZyXcRMwwnD76+3fhtY85Oz+E19xFEKrndWjOqSNdFhSULQRyf5HJdzejdkXjTN8VaBmF2VI+u 0AtuV8juY+4Hz9oQo+4Xc6xdWYgWCz4Bl+WTPbOZdE0U6idfvyNmc0UeTVOXOirQhKC/DN1sp79y F5CSi+PGBnCM5HJXfGP7G/8aeJeCEerX3/E4VYHiKbzuVr6f3jfliwtwPmvjie459B23u4FAVI+U MMSQZwcDlY7QEz+lNkXyC2Lbe1g/gUeCht+2GdJY2AeyPb4GR/QgBxr75tAH9j1i0AwONxEc+q+t bgVy+2++yEMmWDjGPR53hH79bX63RKjezV3w+uyKmmBdi4mbk89cXGFctbr1juYFvzaNrN0eL4vJ 6vbDZf/MfN/tiKZkZchLyStgiIA/sRByWaJp/2sH/afed5CuHV7sU8+FIaZKS90j+NO9d/Kaq0Y7 sRpmlrOS/Wq9Li8/k5L3D1hQryJ7u13Wke8fPTsAGKwTQXf9ibMS9O5vUvRfyfaPejw9ml9wTuEK lvUSvJS4Yh9F+r+/8oK7JXZ4xQN6+mUvOJhHzbAvpL/VS9z7gr2x+rkT0+3nrf2Y2Ydi8tL+gnKl /RhBgInc/omXTs+EHaVZhTtvydIQy+vGc+o03Sewx1GmC9y7f9Cjf7cvkv1fCmb7hBkLez6hr7TP /3QQpXbZ39m64phenzQ+nSNeY0J9Zk4UI5tQV7wIGWIO1+DF0/nB/QWq58YDZkqAGBPurjgEdAlV Id5N9u37EaO+uwucuTbeC8LhjbzY2NFVdwlUhvHOZc6Foae/DLjgne3TTegKgtw/tN9fGPqCpbv9 dwUdvuAR9lXv3z6JS2Sxr3hB/S2ek3imWy71lwq/7O+pX8AoyUKQQ3l9j3kRKnPFmQ7iMdmr4e2I o3bxhzz/euyC85KnhYXFhFPb0qx66aBWm9mORsX3Z/nZOHJ0RNUfEfVZQGIipEPUHSrbU/N/jl/8 /XIIise/Pn2+9rDW++P7w/8BUSN2IGVuZHN0cmVhbQplbmRvYmoKNzM0IDAgb2JqCjQyODQKZW5k b2JqCjczOCAwIG9iagpbNDEgL1hZWiA0Ny41MTk5OTk5ICAKNDY5LjAzOTk5OSAgMF0KZW5kb2Jq CjczOSAwIG9iagpbNDEgL1hZWiA0Ny41MTk5OTk5ICAKMzAyLjk1OTk5OSAgMF0KZW5kb2JqCjc0 MCAwIG9iagpbNDEgL1hZWiA0Ny41MTk5OTk5ICAKNjgwLjI0MDAwMCAgMF0KZW5kb2JqCjc0MSAw IG9iagpbNDEgL1hZWiA0Ny41MTk5OTk5ICAKNDk4Ljc5OTk5OSAgMF0KZW5kb2JqCjc0MiAwIG9i agpbNDEgL1hZWiA0Ny41MTk5OTk5ICAKNDEuODM5OTk5OSAgMF0KZW5kb2JqCjc0MyAwIG9iagpb NDEgL1hZWiA0Ny41MTk5OTk5ICAKMzMyLjcxOTk5OSAgMF0KZW5kb2JqCjc0NCAwIG9iagpbNDEg L1hZWiA0Ny41MTk5OTk5ICAKNjUwLjQ3OTk5OSAgMF0KZW5kb2JqCjc0NSAwIG9iago8PAovVHlw ZSAvQW5ub3QKL1N1YnR5cGUgL0xpbmsKL1JlY3QgWzUyMi43MjAwMDAgIDY0Ni42Mzk5OTkgIDU0 My44NDAwMDAgIDY1NC4zMTk5OTkgXQovQm9yZGVyIFswIDAgMF0KL0Rlc3QgL2ZpbGUjM2EjMmYj MmYjMmZ2YXIjMmZ0bXAjMmZDR0l0ZW1wNTA3MjkuZGlyIzJmZHJhZnQjMmRpZXRmIzJkb2F1dGgj MmR2Mi5odG1sLmh0bWwjMjN0b2MKPj4KZW5kb2JqCjc0NiAwIG9iago8PAovVHlwZSAvQW5ub3QK L1N1YnR5cGUgL0xpbmsKL1JlY3QgWzUyMi43MjAwMDAgIDQ2NS4xOTk5OTkgIDU0My44NDAwMDAg IDQ3Mi44Nzk5OTkgXQovQm9yZGVyIFswIDAgMF0KL0Rlc3QgL2ZpbGUjM2EjMmYjMmYjMmZ2YXIj MmZ0bXAjMmZDR0l0ZW1wNTA3MjkuZGlyIzJmZHJhZnQjMmRpZXRmIzJkb2F1dGgjMmR2Mi5odG1s Lmh0bWwjMjN0b2MKPj4KZW5kb2JqCjc0NyAwIG9iago8PAovVHlwZSAvQW5ub3QKL1N1YnR5cGUg L0xpbmsKL1JlY3QgWzUyMi43MjAwMDAgIDI5OS4xMTk5OTkgIDU0My44NDAwMDAgIDMwNi43OTk5 OTkgXQovQm9yZGVyIFswIDAgMF0KL0Rlc3QgL2ZpbGUjM2EjMmYjMmYjMmZ2YXIjMmZ0bXAjMmZD R0l0ZW1wNTA3MjkuZGlyIzJmZHJhZnQjMmRpZXRmIzJkb2F1dGgjMmR2Mi5odG1sLmh0bWwjMjN0 b2MKPj4KZW5kb2JqCjc0OCAwIG9iago8PAovVHlwZSAvQW5ub3QKL1N1YnR5cGUgL0xpbmsKL1Jl Y3QgWzExNy41OTk5OTkgIDIyMS4zNTk5OTkgIDE3Ni4xNTk5OTkgIDIzMS45MTk5OTkgXQovQm9y ZGVyIFswIDAgMF0KL0Rlc3QgL2ZpbGUjM2EjMmYjMmYjMmZ2YXIjMmZ0bXAjMmZDR0l0ZW1wNTA3 MjkuZGlyIzJmZHJhZnQjMmRpZXRmIzJkb2F1dGgjMmR2Mi5odG1sLmh0bWwjMjNSRkM1MjI2Cj4+ CmVuZG9iago3MzcgMCBvYmoKPDwKL1R5cGUgL1BhZ2UKL1BhcmVudCAyIDAgUgovQ29udGVudHMg NzQ5IDAgUgovUmVzb3VyY2VzIDc1MSAwIFIKL0Fubm90cyA3NTIgMCBSCi9NZWRpYUJveCBbMCAw IDU5NSA4NDJdCj4+CmVuZG9iago3NTEgMCBvYmoKPDwKL0NvbG9yU3BhY2UgPDwKL1BDU3AgNCAw IFIKL0NTcCAvRGV2aWNlUkdCCi9DU3BnIC9EZXZpY2VHcmF5Cj4+Ci9FeHRHU3RhdGUgPDwKL0dT YSAzIDAgUgo+PgovUGF0dGVybiA8PAo+PgovRm9udCA8PAovRjYgNiAwIFIKL0YxMCAxMCAwIFIK L0Y5IDkgMCBSCj4+Ci9YT2JqZWN0IDw8Cj4+Cj4+CmVuZG9iago3NTIgMCBvYmoKWyA3NDUgMCBS IDc0NiAwIFIgNzQ3IDAgUiA3NDggMCBSIF0KZW5kb2JqCjc0OSAwIG9iago8PAovTGVuZ3RoIDc1 MCAwIFIKL0ZpbHRlciAvRmxhdGVEZWNvZGUKPj4Kc3RyZWFtCnic7V1Nj+S2Eb33r9DZwM6KpERJ QBBg9itADgEWu0AORg7BOI5hzBiZ+JC/H7WkVkt8Yj+qmvrocc/Anl62SBXJqlfFYrH4/i/f/pn8 +/fk/cdv/0meur8fvx3ShzSv2p8krX/fDQt0+WB0evxJSmUebNGUPr0cXpPXw9fD1/r/rwdlm4rd n/rL0yvS5vf3p98O79uXH9qSbx//Vn/6X6KTv9b//Zr8+I+68KeuveMDL4eysjUdaapM/c/n4T+V SUv1YOvPdXnq/vP48C+Hv/+Q/HYkTD+UDfGqJXD4z3e5MVVR1DWLq0h+PVet2zKVVrktvZ+HDRvT 0ZMlOqvssXupqbtusvzYnzTNE52nZfOMOY6BVdlDVlOv3XJdPOi2/NzOs6f94/D8PKC5Mt2P9/OI 5iFtuhn3lubBu3LTkAm0jcsHfenbefa079IcaZw9NPto8M3LEuM8Pdcv4/KgcZ7mDR8vRRrnPFe2 +VyO+TnPddV8Lsc0OOU9zYN2nj3tR+PnPM90M27lmDfy+udIDtI2Kh/0pW/n2dP+QuPsodlHg29e lhjn6bl+GZcHjfM0b/h4KdI4l7o6NT/i59KkJ3JGNDjlPc2Ddp497Ufj57JW3I3K1GPeKLvPQNu4 fNCXvp1nT/sLjbOHZh8NvnlZYpyn5/plXB40ztO84eOlMc0nM60Co2WW7WOzLMlUpU1t7iUqT/77 r/otXxvbRmBBqeZ3SExb4rGgXi9U/PD98P6LTVSafP85aSl41/753lL9ribbZMn3n5I/HYn6c/L9 18PRYOwKdFNQnAtMU1CeCzL3ibaNz9+7/i8z1rUMVDc41loV6e2NtSnsLY61KYuFxlq41Hm9ULHp kDouxqZ6lOujoBa66ojRmUuuS7/W7hNfnDFQpdvDtiA/F3x2Cz66jUIV9y3pJ6eKUtMjnV14rds5 89lto2DjwXuLT7iEqbZRZfzvDRhUaNUy2rEKvAW6C6NM6cAn3KkLqAJcR/uSwWwrp3O6paM6F7Rs qNJzI1+cRvIUpgo4E0gDjtBufx/dAhgitzcohwFcBWIGslu4nYEnXAYIIIQ3KuBuGEM6ZAJA0KlL GJ1tlTlcha91pwHGVFVnnXA1uGcnK0x9cjsDGAosM8FE8yFBK3cEYDZh0GCcOSTMH+eAKh9YATIR jCqvAr3lClEA5qBUXA1hHil3Aw9RSTUpJd2FP8QUeIKyVJa5XEhtm0XU/0bIBYQhF1ILipsDXHOr j5QOmAbD5har5C6lIMgIbSDaoKfc1wBPGeXOA2jyLAqUV+kYy8G6QXMH5FC71g0yngdl4iiivPK+ hlqEILzanXFtHRWiHl0A+OK2Afae/uCygGs0pjnUcUkL4F9odb59i8qMs3yA/AIoAFotYay/cVsV qgAdIACgq13COhvxUl8EC0BolC5m8AkXiSYml84U6jPa3YBGobvcIuY6kc4UDtmC7o5robrIxli9 jGUeChlxFE9x0poA76ASjOsTyBRoTfF67pJ+A8XjqrMJ9e0+4jM+Mn/3gHsBIhEzBTbwfGmOot4C NDEAL8gmrAEo84LlEWCvgt0MbazjrKAsBC6xriCKqJapPo1Q26pSVwHPfJUQw5rZyK/EV1YBjgfQ M66k8pV3jCFE0zwAdtzOAHRxUIkBXahUXGmXzJRLGLhVYDxwcTrf7YZmJ1g3dHEuEVw+Hqu47lBO 56+gfKRfC5g1NI4Qk9vuaJe4zpmt4HDnm4pxdJsqggdkEU9kgBs+zg4BrIgAdmF64cXzJ0+w2pdY EHw3l8sh9Ja/Jcb+9zYbsVtZQ0t4cna/1LsSqbIiHUNViB1GpRtHDawKLlXb+NA4yoAwI+MBHdzL Fsp4cTST0T5CuOmK3eXbruuE+8yX1YC1DfAD94/PN0wDsIsqTPD+8u2tAAOBej+X8R/NZweOKDhi vIpAg1KYCggYmf/agA0VBT4oDwpdq1Oy0gGZVYyKlTbz+XYA6AcQXb53DwWAOnwX4jGiwrBxjZl1 AiIDQAMMBL5ABrESzDc4JnhftllTB4wHTBQoN7B+BE44bi+ChPA4LeS6u2vToX2vrs0Ayy3C0m2r jXx4AuwhHg8WGrh3pYKwOh9riIDFXxFRMxX5thaCBJkWiVzeuUv17qfya50bDn0aGJnnQ2Ntmor6 x/t5dNQp4Hl+EGrmSxtsqY5H0SagRdvmOGN2ghbtLq2hAOOVH+kTtA3kWFDP7XwMN82Bh43LkJ9d PuBC3sqjPVdJaRX3LR2TVy7HXloGwxMgbSBL2q3TxY1mc2g3E0wN2mmhE3q25b3CnuinUew3HPm9 aBTQlfaFStuZqNSYHfcYxLuRc2T+emIvZ0N2f6DgWqv8yLu15utRBFwwMKp0ucQduzHibQOMUmiD x6zQNWlMzNA1R461z4UB4LZ/gCAKlrqg9MH141ZBPQMhi/MXFOg9gxGLcTTEJV2y8yGI6uaHluHQ Go1YxmPNbvcR7ahlGYNPA04XzQ/7EswcXwlLorxiHHq5uRM8keDQWC8TrWPMwsJ2/l5pQPQthVRu MgesAeE82iLRlZKDQfPdGNx5tpHBGMB1Aq3MQ2mhCihhmBeBSM3HVGzU1f1x3Fq3MyB8m1+A5RxT fEZ4JKTOT4Zrlrowg2aXa6oExJ8HRCkIdmA5rPD4iflnJzcKFcMnYq4Y7UlVw8kx7s0JCHMF02SJ wGDBFgQOKrQBhMHUcYHnq13BVmjcpWvZL1254xFmk9sZ/IgCjZ7Yy/7RbnhG0jsuVXRBvA4gCEJB omwORvBuS8xMLjACoZsfKhqghdfRfjEOfQCvgxdGYOxEFLpIyF1Z38ALEmNJ7CEesidI8iDAdipD AX5KCkMSHxJlxAB/Oew5cEndKMXLbtQj96mAv5jHrHD441i2ja27ET8EqDZ+YAGEjiNbTIxV6mQd B2AbD8Bb4pTDfYk938igainAkoPO8TQivLd8toHd+SbMItEDggDVS36MNxZLptV5Wb1ELFnqGctZ sWTFNG9diBzjUV8QbAXhWLuJaeMLiU77DCnjQW08aIZW6TqzYcZ4rVV/mCtCFNTEHhbEp8zPwsTN OkmjfB8cUJsaKYuYdRAowC1SvssVkFCJ6pf9RjC6rBwjgnGjGxWAdOM6LAL8ZnyyeWaf+bkAloka m79OFJwgDjCdZsYSK8RupdOkRmBjk5f+c/Gg0ixPlKqaD7ZqSsu6oOw+PdV6yj6UVZ6ZtP/Sjivb rt3m2eZz1tRInKpZ327WPDt6af1lR9Spck/v0+GXw4cfltJMyqhGNWX7B5q9h0pfWthwYfSspyLw fK7OPJ/rKZ7PzYk3608uzzdf2nFl27Xb83xWTfF8Vp3arT+5PH/8Uqejyj296/B87hxNuQf2+hrl HC4PuYzA4XaA6nYS1W2P6hZR3faobseobgeobidR3faobhHVbc/Sdozqdi1U7+83uwcisM7tLBDh 0jmM+bcYrJSybS9b9xez7V4HNVV2hpoqn4Kayp4gobIANc2XdlzZdu32UFPpKaipdN+uBqg5ftkR pUdQ07S7BtRU5d2AXM6A5Du4PDHRMPnZVUJg0qoXAqPSCSEwSnXMevzkCEH7pR1Xtl27JyE4XhKL QlCXnto9XmY5FoLmy47AYigEbbsrCIE5fnu3KG/fojT6DPNGT8G80SeYP35yOVyfYH5Q2Xbt9hyu p2C+Lu3bBZhvvuyIGsF82+4aHK5PMH+3KO8W5d2ifJP7rOZsywn2WUEe5++iYs4K7RYEb4/pc0lL +3DnsXCb9XD1hfwaBrbhTEnZi25f4tbr/FQg2AanHTZ0scB9Lz6xs83oLbd8s/6S8IAtXwFgbhNO vlXMnSC7hiDBL58GQXLeRYIBV4oA4Gk+5m8cxsjVHzDKPKyfrnZ2m1fOd+45RkpAneWFj6cCTo8K drg5HAhOAq8y/fLNvVmsvM3BgAAnxCIn5zMXyGJcoLhEbg3JcSROB1/3UKfMW8JxTGAAb4FVBk1x cDsDFJCdhR9XWyamv9MWhTdNvcDJLskkECOhOM1osKRbfuGNC8mYCiyhm5EgSeIZSaIhns2KJmvi GSEEIXVbGbGCw+080/cixgL3nrw9D3gcZVD292DRreCVDsV47Ilrz7NV2bi/AknF+RaIzHzeRZUC MsSPokEVoBRmhuYlfNO3AAecIl3wquWrbyRyuB03iWA/1kVIvMUDNlbyFJQqnV/kZpAqMP6pcROQ +52fEr2dJPQCezCm0sjTqBdd0YxnHEUkOXQEh8I5Asx/bYCTAlmXN8KP7dwv6XHo4MdjqFdCfYZB BZ6hmjgg0Qbgn+DKeo/NcK3mMZkDEaG341xSztwmiHHlzCJgJujtzWTJCMhOQZMT+FAnjqbqr/kN 8PTSMZSwELfMgTDYPBBsg67CQhLUud8mF19RCeLMYmZRuVJSTZGPRVVwnTDftpFkr3rTV5DxnZ4Y eSl59MX81Dy+eYmjMfpLfHHq5k9MwLW23CEi2BleIvslv/c3hqP2jxUlxb3hAfYjNDo/7dQyRogg FmuZVM+daJ/vdN4mZcVKyL7ba0HRxIhw57WE23k0TowUxKvkZL47dt+SY3cZv8Y22zTBd3TFAff+ WuSA8CtgmSgHUQJyJq6y+R2gIpZYYUk8LBEuFAuwU10NYR4pd/NUpjzsjQa1LXLRY5R9fEHw/iLI dTMxwQGnwnm41bYXcALt1+KyzcfALDi5aLRrqgTE4wrcFJ8iKqLKK4kB1za6l0yBAxGNN0zUD6eX 4OwJkBbAv/u9DHijdO9v2/Dki3eQRFC84Lvg4YGC1Zzg4j4e2ImTy3NFCjx3vFGBtuJBuXSmJHe/ in0X1+JuXoyBdxkzO8ZWFk2TAXGqWcS4HZvmvtkMuMyBdgYOn01obzjzSEMqYESAeQEh+TmoRa56 Xyu9EOAuiOb8g6R4s/X80wHYxjqOB8pCFxNCXC1U5pRHyLStDo/OC3BnvkZY566SGw7lvccpUNpv J05hiR0z7ItAcCOE/m8V6BDqM7kWMJUaI2bAWWuwS3i8wDpwuPMNwji6LSuDB2QRr2KASz2Otx8W RPQigBgRA5K7HQUWBN+Z5XLIYyyWOPm50abqVtbQEo6c3S/1rg04L9IxVIXYYfyaD8F9cDtxoW10 hVww48XRTNb4COGmK3aXb6GuE7ozX1YD1jY8Gi6CYRojJj0gxgxwmBsI1Pm5jP9okRRZMGIRsl5g FQpTAcEfgoMQARHoNEFHrOOzpQMyqxgVK23Mzw/sjZGPBVGHb0JEDP60VX8fZRRjZp3gxgDQEFxk HyP/DjgmeF/2knkPCIOJAuUG1o/ACcftRZAQHnOFXHd3bTq079W1KUmUNX/pttU+Pk8zyVPDhAbh XakgrM7HGiL4EG8UzVSkdlsLQYJMN5N4daWF2x/LT/WmIp8mL2HPq+4HRNr9LiDpv7+xBh+sL2WV KpwkPu0InZOmdxcvD/Sy8hiqw9g/N00+TDgUaLcgG2Rrr3+T17q/yjaEd3+eXqRp3L8mXw//B4nc 7A1lbmRzdHJlYW0KZW5kb2JqCjc1MCAwIG9iago0MTI2CmVuZG9iago3NTQgMCBvYmoKWzQyIC9Y WVogNDcuNTE5OTk5OSAgCjUxMi4yNDAwMDAgIDBdCmVuZG9iago3NTUgMCBvYmoKWzQyIC9YWVog NTAuMzk5OTk5OSAgCjU2LjIzOTk5OTkgIDBdCmVuZG9iago3NTYgMCBvYmoKWzQyIC9YWVogNDcu NTE5OTk5OSAgCjQ1Ni41NTk5OTkgIDBdCmVuZG9iago3NTcgMCBvYmoKWzQyIC9YWVogNTAuMzk5 OTk5OSAgCjM1MCAgMF0KZW5kb2JqCjc1OCAwIG9iagpbNDIgL1hZWiA1MC4zOTk5OTk5ICAKMjgy Ljc5OTk5OSAgMF0KZW5kb2JqCjc1OSAwIG9iagpbNDIgL1hZWiA1MC4zOTk5OTk5ICAKMjM5LjU5 OTk5OSAgMF0KZW5kb2JqCjc2MCAwIG9iagpbNDIgL1hZWiA0Ny41MTk5OTk5ICAKNDg2LjMxOTk5 OSAgMF0KZW5kb2JqCjc2MSAwIG9iagpbNDIgL1hZWiA0Ny41MTk5OTk5ICAKMTM2Ljg3OTk5OSAg MF0KZW5kb2JqCjc2MiAwIG9iagpbNDIgL1hZWiA1MC4zOTk5OTk5ICAKNzcuMzU5OTk5OSAgMF0K ZW5kb2JqCjc2MyAwIG9iagpbNDIgL1hZWiA1MC4zOTk5OTk5ICAKMTY1LjY3OTk5OSAgMF0KZW5k b2JqCjc2NCAwIG9iagpbNDIgL1hZWiA1MC4zOTk5OTk5ICAKNDA1LjY3OTk5OSAgMF0KZW5kb2Jq Cjc2NSAwIG9iagpbNDIgL1hZWiA1MC4zOTk5OTk5ICAKMjk1LjI3OTk5OSAgMF0KZW5kb2JqCjc2 NiAwIG9iagpbNDIgL1hZWiA1MC4zOTk5OTk5ICAKMzM3LjUxOTk5OSAgMF0KZW5kb2JqCjc2NyAw IG9iagpbNDIgL1hZWiA0Ny41MTk5OTk5ICAKMTA3LjExOTk5OSAgMF0KZW5kb2JqCjc2OCAwIG9i agpbNDIgL1hZWiA1MC4zOTk5OTk5ICAKMzE2LjM5OTk5OSAgMF0KZW5kb2JqCjc2OSAwIG9iagpb NDIgL1hZWiA1MC4zOTk5OTk5ICAKMTg3Ljc1OTk5OSAgMF0KZW5kb2JqCjc3MCAwIG9iagpbNDIg L1hZWiA1MC4zOTk5OTk5ICAKMjE4LjQ3OTk5OSAgMF0KZW5kb2JqCjc3MSAwIG9iagpbNDIgL1hZ WiA1MC4zOTk5OTk5ICAKMjYwLjcxOTk5OSAgMF0KZW5kb2JqCjc3MiAwIG9iagpbNDIgL1hZWiA1 MC4zOTk5OTk5ICAKMzkzLjE5OTk5OSAgMF0KZW5kb2JqCjc3MyAwIG9iagpbNDIgL1hZWiA1MC4z OTk5OTk5ICAKMzcyLjA3OTk5OSAgMF0KZW5kb2JqCjc3NCAwIG9iagpbNDIgL1hZWiA1MC4zOTk5 OTk5ICAKNDI2Ljc5OTk5OSAgMF0KZW5kb2JqCjc3NSAwIG9iagpbNDIgL1hZWiA0Ny41MTk5OTk5 ICAKNzk3LjM1OTk5OSAgMF0KZW5kb2JqCjc3NiAwIG9iago8PAovVHlwZSAvQW5ub3QKL1N1YnR5 cGUgL0xpbmsKL1JlY3QgWzUyMi43MjAwMDAgIDc5My41MTk5OTkgIDU0My44NDAwMDAgIDgwMS4x OTk5OTkgXQovQm9yZGVyIFswIDAgMF0KL0Rlc3QgL2ZpbGUjM2EjMmYjMmYjMmZ2YXIjMmZ0bXAj MmZDR0l0ZW1wNTA3MjkuZGlyIzJmZHJhZnQjMmRpZXRmIzJkb2F1dGgjMmR2Mi5odG1sLmh0bWwj MjN0b2MKPj4KZW5kb2JqCjc3NyAwIG9iago8PAovVHlwZSAvQW5ub3QKL1N1YnR5cGUgL0xpbmsK L1JlY3QgWzMxMi40ODAwMDAgIDcwMy4yNzk5OTkgIDM5Ni45NjAwMDAgIDcxMy44Mzk5OTkgXQov Qm9yZGVyIFswIDAgMF0KL0Rlc3QgL2ZpbGUjM2EjMmYjMmYjMmZ2YXIjMmZ0bXAjMmZDR0l0ZW1w NTA3MjkuZGlyIzJmZHJhZnQjMmRpZXRmIzJkb2F1dGgjMmR2Mi5odG1sLmh0bWwjMjNjb2RlIzJk YXV0aHojMmRlcnJvcgo+PgplbmRvYmoKNzc4IDAgb2JqCjw8Ci9UeXBlIC9Bbm5vdAovU3VidHlw ZSAvTGluawovUmVjdCBbMTYxLjc1OTk5OSAgNjkxLjc1OTk5OSAgMjQ2LjIzOTk5OSAgNzAyLjMx OTk5OSBdCi9Cb3JkZXIgWzAgMCAwXQovRGVzdCAvZmlsZSMzYSMyZiMyZiMyZnZhciMyZnRtcCMy ZkNHSXRlbXA1MDcyOS5kaXIjMmZkcmFmdCMyZGlldGYjMmRvYXV0aCMyZHYyLmh0bWwuaHRtbCMy M2ltcGxpY2l0IzJkYXV0aHojMmRlcnJvcgo+PgplbmRvYmoKNzc5IDAgb2JqCjw8Ci9UeXBlIC9B bm5vdAovU3VidHlwZSAvTGluawovUmVjdCBbMzY2LjI0MDAwMCAgNjkxLjc1OTk5OSAgNDI4LjYz OTk5OSAgNzAyLjMxOTk5OSBdCi9Cb3JkZXIgWzAgMCAwXQovRGVzdCAvZmlsZSMzYSMyZiMyZiMy ZnZhciMyZnRtcCMyZkNHSXRlbXA1MDcyOS5kaXIjMmZkcmFmdCMyZGlldGYjMmRvYXV0aCMyZHYy Lmh0bWwuaHRtbCMyM3Rva2VuIzJkZXJyb3JzCj4+CmVuZG9iago3ODAgMCBvYmoKPDwKL1R5cGUg L0Fubm90Ci9TdWJ0eXBlIC9MaW5rCi9SZWN0IFsyMjUuMTIwMDAwICA2ODAuMjQwMDAwICAyODcu NTE5OTk5ICA2OTAuNzk5OTk5IF0KL0JvcmRlciBbMCAwIDBdCi9EZXN0IC9maWxlIzNhIzJmIzJm IzJmdmFyIzJmdG1wIzJmQ0dJdGVtcDUwNzI5LmRpciMyZmRyYWZ0IzJkaWV0ZiMyZG9hdXRoIzJk djIuaHRtbC5odG1sIzIzcmVzb3VyY2UjMmRlcnJvcnMKPj4KZW5kb2JqCjc4MSAwIG9iago8PAov VHlwZSAvQW5ub3QKL1N1YnR5cGUgL0xpbmsKL1JlY3QgWzUyMi43MjAwMDAgIDUwOC4zOTk5OTkg IDU0My44NDAwMDAgIDUxNi4wNzk5OTkgXQovQm9yZGVyIFswIDAgMF0KL0Rlc3QgL2ZpbGUjM2Ej MmYjMmYjMmZ2YXIjMmZ0bXAjMmZDR0l0ZW1wNTA3MjkuZGlyIzJmZHJhZnQjMmRpZXRmIzJkb2F1 dGgjMmR2Mi5odG1sLmh0bWwjMjN0b2MKPj4KZW5kb2JqCjc4MiAwIG9iago8PAovVHlwZSAvQW5u b3QKL1N1YnR5cGUgL0xpbmsKL1JlY3QgWzUyMi43MjAwMDAgIDQ1Mi43MTk5OTkgIDU0My44NDAw MDAgIDQ2MC4zOTk5OTkgXQovQm9yZGVyIFswIDAgMF0KL0Rlc3QgL2ZpbGUjM2EjMmYjMmYjMmZ2 YXIjMmZ0bXAjMmZDR0l0ZW1wNTA3MjkuZGlyIzJmZHJhZnQjMmRpZXRmIzJkb2F1dGgjMmR2Mi5o dG1sLmh0bWwjMjN0b2MKPj4KZW5kb2JqCjc4MyAwIG9iago8PAovVHlwZSAvQW5ub3QKL1N1YnR5 cGUgL0xpbmsKL1JlY3QgWzUyMi43MjAwMDAgIDEwMy4yNzk5OTkgIDU0My44NDAwMDAgIDExMC45 NTk5OTkgXQovQm9yZGVyIFswIDAgMF0KL0Rlc3QgL2ZpbGUjM2EjMmYjMmYjMmZ2YXIjMmZ0bXAj MmZDR0l0ZW1wNTA3MjkuZGlyIzJmZHJhZnQjMmRpZXRmIzJkb2F1dGgjMmR2Mi5odG1sLmh0bWwj MjN0b2MKPj4KZW5kb2JqCjc4NCAwIG9iago8PAovVHlwZSAvQW5ub3QKL1N1YnR5cGUgL0xpbmsK L1JlY3QgWzEwNC4xNTk5OTkgIDQxOS4xMTk5OTkgIDE1Mi4xNTk5OTkgIDQyNi43OTk5OTkgXQov Qm9yZGVyIFswIDAgMF0KL0EgPDwKL1R5cGUgL0FjdGlvbgovUyAvVVJJCi9VUkkgKG1haWx0bzpz b2JAaGFydmFyZC5lZHUpCj4+Cj4+CmVuZG9iago3ODUgMCBvYmoKPDwKL1R5cGUgL0Fubm90Ci9T dWJ0eXBlIC9MaW5rCi9SZWN0IFsxNjAuNzk5OTk5ICA0MTkuMTE5OTk5ICA0MDcuNTE5OTk5ICA0 MjYuNzk5OTk5IF0KL0JvcmRlciBbMCAwIDBdCi9BIDw8Ci9UeXBlIC9BY3Rpb24KL1MgL1VSSQov VVJJIChodHRwOi8vdG9vbHMuaWV0Zi5vcmcvaHRtbC9yZmMyMTE5KQo+Pgo+PgplbmRvYmoKNzg2 IDAgb2JqCjw8Ci9UeXBlIC9Bbm5vdAovU3VidHlwZSAvTGluawovUmVjdCBbMTA3LjAzOTk5OSAg NDEwLjQ3OTk5OSAgMTIzLjM1OTk5OSAgNDE4LjE1OTk5OSBdCi9Cb3JkZXIgWzAgMCAwXQovQSA8 PAovVHlwZSAvQWN0aW9uCi9TIC9VUkkKL1VSSSAoaHR0cDovL3d3dy5yZmMtZWRpdG9yLm9yZy9y ZmMvcmZjMjExOS50eHQpCj4+Cj4+CmVuZG9iago3ODcgMCBvYmoKPDwKL1R5cGUgL0Fubm90Ci9T dWJ0eXBlIC9MaW5rCi9SZWN0IFsxMjguMTU5OTk5ICA0MTAuNDc5OTk5ICAxNTEuMTk5OTk5ICA0 MTguMTU5OTk5IF0KL0JvcmRlciBbMCAwIDBdCi9BIDw8Ci9UeXBlIC9BY3Rpb24KL1MgL1VSSQov VVJJIChodHRwOi8veG1sLnJlc291cmNlLm9yZy9wdWJsaWMvcmZjL2h0bWwvcmZjMjExOS5odG1s KQo+Pgo+PgplbmRvYmoKNzg4IDAgb2JqCjw8Ci9UeXBlIC9Bbm5vdAovU3VidHlwZSAvTGluawov UmVjdCBbMTU2ICA0MTAuNDc5OTk5ICAxNzMuMjgwMDAwICA0MTguMTU5OTk5IF0KL0JvcmRlciBb MCAwIDBdCi9BIDw8Ci9UeXBlIC9BY3Rpb24KL1MgL1VSSQovVVJJIChodHRwOi8veG1sLnJlc291 cmNlLm9yZy9wdWJsaWMvcmZjL3htbC9yZmMyMTE5LnhtbCkKPj4KPj4KZW5kb2JqCjc4OSAwIG9i ago8PAovVHlwZSAvQW5ub3QKL1N1YnR5cGUgL0xpbmsKL1JlY3QgWzEwNC4xNTk5OTkgIDM5Ny45 OTk5OTkgIDE0NS40Mzk5OTkgIDQwNS42Nzk5OTkgXQovQm9yZGVyIFswIDAgMF0KL0EgPDwKL1R5 cGUgL0FjdGlvbgovUyAvVVJJCi9VUkkgKG1haWx0bzp0ZGllcmtzQGNlcnRpY29tLmNvbSkKPj4K Pj4KZW5kb2JqCjc5MCAwIG9iago8PAovVHlwZSAvQW5ub3QKL1N1YnR5cGUgL0xpbmsKL1JlY3Qg WzE2My42ODAwMDAgIDM5Ny45OTk5OTkgIDE5Ni4zMTk5OTkgIDQwNS42Nzk5OTkgXQovQm9yZGVy IFswIDAgMF0KL0EgPDwKL1R5cGUgL0FjdGlvbgovUyAvVVJJCi9VUkkgKG1haWx0bzpjYWxsZW5A Y2VydGljb20uY29tKQo+Pgo+PgplbmRvYmoKNzkxIDAgb2JqCjw8Ci9UeXBlIC9Bbm5vdAovU3Vi dHlwZSAvTGluawovUmVjdCBbMjA0Ljk1OTk5OSAgMzk3Ljk5OTk5OSAgMzI4Ljc5OTk5OSAgNDA1 LjY3OTk5OSBdCi9Cb3JkZXIgWzAgMCAwXQovQSA8PAovVHlwZSAvQWN0aW9uCi9TIC9VUkkKL1VS SSAoaHR0cDovL3Rvb2xzLmlldGYub3JnL2h0bWwvcmZjMjI0NikKPj4KPj4KZW5kb2JqCjc5MiAw IG9iago8PAovVHlwZSAvQW5ub3QKL1N1YnR5cGUgL0xpbmsKL1JlY3QgWzQzNC4zOTk5OTkgIDM5 Ny45OTk5OTkgIDQ1MC43MTk5OTkgIDQwNS42Nzk5OTkgXQovQm9yZGVyIFswIDAgMF0KL0EgPDwK L1R5cGUgL0FjdGlvbgovUyAvVVJJCi9VUkkgKGh0dHA6Ly93d3cucmZjLWVkaXRvci5vcmcvcmZj L3JmYzIyNDYudHh0KQo+Pgo+PgplbmRvYmoKNzkzIDAgb2JqCjw8Ci9UeXBlIC9Bbm5vdAovU3Vi dHlwZSAvTGluawovUmVjdCBbMTA0LjE1OTk5OSAgMzg1LjUxOTk5OSAgMTUxLjE5OTk5OSAgMzkz LjE5OTk5OSBdCi9Cb3JkZXIgWzAgMCAwXQovQSA8PAovVHlwZSAvQWN0aW9uCi9TIC9VUkkKL1VS SSAobWFpbHRvOmZpZWxkaW5nQGljcy51Y2kuZWR1KQo+Pgo+PgplbmRvYmoKNzk0IDAgb2JqCjw8 Ci9UeXBlIC9Bbm5vdAovU3VidHlwZSAvTGluawovUmVjdCBbMTU2ICAzODUuNTE5OTk5ICAxOTUu MzYwMDAwICAzOTMuMTk5OTk5IF0KL0JvcmRlciBbMCAwIDBdCi9BIDw8Ci9UeXBlIC9BY3Rpb24K L1MgL1VSSQovVVJJIChtYWlsdG86amdAdzMub3JnKQo+Pgo+PgplbmRvYmoKNzk1IDAgb2JqCjw8 Ci9UeXBlIC9Bbm5vdAovU3VidHlwZSAvTGluawovUmVjdCBbMjAxLjEyMDAwMCAgMzg1LjUxOTk5 OSAgMjM2LjYzOTk5OSAgMzkzLjE5OTk5OSBdCi9Cb3JkZXIgWzAgMCAwXQovQSA8PAovVHlwZSAv QWN0aW9uCi9TIC9VUkkKL1VSSSAobWFpbHRvOm1vZ3VsQHdybC5kZWMuY29tKQo+Pgo+PgplbmRv YmoKNzk2IDAgb2JqCjw8Ci9UeXBlIC9Bbm5vdAovU3VidHlwZSAvTGluawovUmVjdCBbMjQxLjQz OTk5OSAgMzg1LjUxOTk5OSAgMjg4LjQ4MDAwMCAgMzkzLjE5OTk5OSBdCi9Cb3JkZXIgWzAgMCAw XQovQSA8PAovVHlwZSAvQWN0aW9uCi9TIC9VUkkKL1VSSSAobWFpbHRvOmZyeXN0eWtAdzMub3Jn KQo+Pgo+PgplbmRvYmoKNzk3IDAgb2JqCjw8Ci9UeXBlIC9Bbm5vdAovU3VidHlwZSAvTGluawov UmVjdCBbMjkzLjI3OTk5OSAgMzg1LjUxOTk5OSAgMzQzLjE5OTk5OSAgMzkzLjE5OTk5OSBdCi9C b3JkZXIgWzAgMCAwXQovQSA8PAovVHlwZSAvQWN0aW9uCi9TIC9VUkkKL1VSSSAobWFpbHRvOm1h c2ludGVyQHBhcmMueGVyb3guY29tKQo+Pgo+PgplbmRvYmoKNzk4IDAgb2JqCjw8Ci9UeXBlIC9B bm5vdAovU3VidHlwZSAvTGluawovUmVjdCBbMzQ4Ljk1OTk5OSAgMzg1LjUxOTk5OSAgMzg3LjM1 OTk5OSAgMzkzLjE5OTk5OSBdCi9Cb3JkZXIgWzAgMCAwXQovQSA8PAovVHlwZSAvQWN0aW9uCi9T IC9VUkkKL1VSSSAobWFpbHRvOnBhdWxsZUBtaWNyb3NvZnQuY29tKQo+Pgo+PgplbmRvYmoKNzk5 IDAgb2JqCjw8Ci9UeXBlIC9Bbm5vdAovU3VidHlwZSAvTGluawovUmVjdCBbNDA4LjQ3OTk5OSAg Mzg1LjUxOTk5OSAgNDcwLjg3OTk5OSAgMzkzLjE5OTk5OSBdCi9Cb3JkZXIgWzAgMCAwXQovQSA8 PAovVHlwZSAvQWN0aW9uCi9TIC9VUkkKL1VSSSAobWFpbHRvOnRpbWJsQHczLm9yZykKPj4KPj4K ZW5kb2JqCjgwMCAwIG9iago8PAovVHlwZSAvQW5ub3QKL1N1YnR5cGUgL0xpbmsKL1JlY3QgWzEw NC4xNTk5OTkgIDM3Ni44Nzk5OTkgIDUyNC42Mzk5OTkgIDM5My4xOTk5OTkgXQovQm9yZGVyIFsw IDAgMF0KL0EgPDwKL1R5cGUgL0FjdGlvbgovUyAvVVJJCi9VUkkgKGh0dHA6Ly90b29scy5pZXRm Lm9yZy9odG1sL3JmYzI2MTYpCj4+Cj4+CmVuZG9iago4MDEgMCBvYmoKPDwKL1R5cGUgL0Fubm90 Ci9TdWJ0eXBlIC9MaW5rCi9SZWN0IFszMjEuMTIwMDAwICAzNzUuOTE5OTk5ICAzMzcuNDM5OTk5 ICAzODMuNTk5OTk5IF0KL0JvcmRlciBbMCAwIDBdCi9BIDw8Ci9UeXBlIC9BY3Rpb24KL1MgL1VS SQovVVJJIChodHRwOi8vd3d3LnJmYy1lZGl0b3Iub3JnL3JmYy9yZmMyNjE2LnR4dCkKPj4KPj4K ZW5kb2JqCjgwMiAwIG9iago8PAovVHlwZSAvQW5ub3QKL1N1YnR5cGUgL0xpbmsKL1JlY3QgWzM0 My4xOTk5OTkgIDM3NS45MTk5OTkgIDM1My43NTk5OTkgIDM4My41OTk5OTkgXQovQm9yZGVyIFsw IDAgMF0KL0EgPDwKL1R5cGUgL0FjdGlvbgovUyAvVVJJCi9VUkkgKGh0dHA6Ly93d3cucmZjLWVk aXRvci5vcmcvcmZjL3JmYzI2MTYucHMpCj4+Cj4+CmVuZG9iago4MDMgMCBvYmoKPDwKL1R5cGUg L0Fubm90Ci9TdWJ0eXBlIC9MaW5rCi9SZWN0IFszNTguNTYwMDAwICAzNzUuOTE5OTk5ICAzNzMu OTIwMDAwICAzODMuNTk5OTk5IF0KL0JvcmRlciBbMCAwIDBdCi9BIDw8Ci9UeXBlIC9BY3Rpb24K L1MgL1VSSQovVVJJIChodHRwOi8vd3d3LnJmYy1lZGl0b3Iub3JnL3JmYy9yZmMyNjE2LnBkZikK Pj4KPj4KZW5kb2JqCjgwNCAwIG9iago8PAovVHlwZSAvQW5ub3QKL1N1YnR5cGUgL0xpbmsKL1Jl Y3QgWzM3OC43MTk5OTkgIDM3NS45MTk5OTkgIDQwMS43NTk5OTkgIDM4My41OTk5OTkgXQovQm9y ZGVyIFswIDAgMF0KL0EgPDwKL1R5cGUgL0FjdGlvbgovUyAvVVJJCi9VUkkgKGh0dHA6Ly94bWwu cmVzb3VyY2Uub3JnL3B1YmxpYy9yZmMvaHRtbC9yZmMyNjE2Lmh0bWwpCj4+Cj4+CmVuZG9iago4 MDUgMCBvYmoKPDwKL1R5cGUgL0Fubm90Ci9TdWJ0eXBlIC9MaW5rCi9SZWN0IFs0MDYuNTYwMDAw ICAzNzUuOTE5OTk5ICA0MjMuODQwMDAwICAzODMuNTk5OTk5IF0KL0JvcmRlciBbMCAwIDBdCi9B IDw8Ci9UeXBlIC9BY3Rpb24KL1MgL1VSSQovVVJJIChodHRwOi8veG1sLnJlc291cmNlLm9yZy9w dWJsaWMvcmZjL3htbC9yZmMyNjE2LnhtbCkKPj4KPj4KZW5kb2JqCjgwNiAwIG9iago8PAovVHlw ZSAvQW5ub3QKL1N1YnR5cGUgL0xpbmsKL1JlY3QgWzEwNC4xNTk5OTkgIDM2NC4zOTk5OTkgIDE0 My41MTk5OTkgIDM3Mi4wNzk5OTkgXQovQm9yZGVyIFswIDAgMF0KL0EgPDwKL1R5cGUgL0FjdGlv bgovUyAvVVJJCi9VUkkgKG1haWx0bzpqb2huQG1hdGgubnd1LmVkdSkKPj4KPj4KZW5kb2JqCjgw NyAwIG9iago8PAovVHlwZSAvQW5ub3QKL1N1YnR5cGUgL0xpbmsKL1JlY3QgWzE0OC4zMTk5OTkg IDM2NC4zOTk5OTkgIDIyMC4zMTk5OTkgIDM3Mi4wNzk5OTkgXQovQm9yZGVyIFswIDAgMF0KL0Eg PDwKL1R5cGUgL0FjdGlvbgovUyAvVVJJCi9VUkkgKG1haWx0bzpwYmFrZXJAdmVyaXNpZ24uY29t KQo+Pgo+PgplbmRvYmoKODA4IDAgb2JqCjw8Ci9UeXBlIC9Bbm5vdAovU3VidHlwZSAvTGluawov UmVjdCBbMjI1LjEyMDAwMCAgMzY0LjM5OTk5OSAgMjc2ICAzNzIuMDc5OTk5IF0KL0JvcmRlciBb MCAwIDBdCi9BIDw8Ci9UeXBlIC9BY3Rpb24KL1MgL1VSSQovVVJJIChtYWlsdG86amVmZkBBYmlT b3VyY2UuY29tKQo+Pgo+PgplbmRvYmoKODA5IDAgb2JqCjw8Ci9UeXBlIC9Bbm5vdAovU3VidHlw ZSAvTGluawovUmVjdCBbMjgxLjc1OTk5OSAgMzY0LjM5OTk5OSAgMzM2LjQ4MDAwMCAgMzcyLjA3 OTk5OSBdCi9Cb3JkZXIgWzAgMCAwXQovQSA8PAovVHlwZSAvQWN0aW9uCi9TIC9VUkkKL1VSSSAo bWFpbHRvOmxhd3JlbmNlQGFncmFuYXQuY29tKQo+Pgo+PgplbmRvYmoKODEwIDAgb2JqCjw8Ci9U eXBlIC9Bbm5vdAovU3VidHlwZSAvTGluawovUmVjdCBbMzQxLjI3OTk5OSAgMzY0LjM5OTk5OSAg Mzc5LjY3OTk5OSAgMzcyLjA3OTk5OSBdCi9Cb3JkZXIgWzAgMCAwXQovQSA8PAovVHlwZSAvQWN0 aW9uCi9TIC9VUkkKL1VSSSAobWFpbHRvOnBhdWxsZUBtaWNyb3NvZnQuY29tKQo+Pgo+PgplbmRv YmoKODExIDAgb2JqCjw8Ci9UeXBlIC9Bbm5vdAovU3VidHlwZSAvTGluawovUmVjdCBbNDUzLjU5 OTk5OSAgMzY0LjM5OTk5OSAgNDk3Ljc1OTk5OSAgMzcyLjA3OTk5OSBdCi9Cb3JkZXIgWzAgMCAw XQovQSA8PAovVHlwZSAvQWN0aW9uCi9TIC9VUkkKL1VSSSAobWFpbHRvOnN0ZXdhcnRAT3Blbk1h cmtldC5jb20pCj4+Cj4+CmVuZG9iago4MTIgMCBvYmoKPDwKL1R5cGUgL0Fubm90Ci9TdWJ0eXBl IC9MaW5rCi9SZWN0IFsxMDQuMTU5OTk5ICAzNTUuNzU5OTk5ICA1MjguNDgwMDAwICAzNzIuMDc5 OTk5IF0KL0JvcmRlciBbMCAwIDBdCi9BIDw8Ci9UeXBlIC9BY3Rpb24KL1MgL1VSSQovVVJJICho dHRwOi8vdG9vbHMuaWV0Zi5vcmcvaHRtbC9yZmMyNjE3KQo+Pgo+PgplbmRvYmoKODEzIDAgb2Jq Cjw8Ci9UeXBlIC9Bbm5vdAovU3VidHlwZSAvTGluawovUmVjdCBbNDM4LjI0MDAwMCAgMzU0Ljc5 OTk5OSAgNDU0LjU2MDAwMCAgMzYyLjQ3OTk5OSBdCi9Cb3JkZXIgWzAgMCAwXQovQSA8PAovVHlw ZSAvQWN0aW9uCi9TIC9VUkkKL1VSSSAoaHR0cDovL3d3dy5yZmMtZWRpdG9yLm9yZy9yZmMvcmZj MjYxNy50eHQpCj4+Cj4+CmVuZG9iago4MTQgMCBvYmoKPDwKL1R5cGUgL0Fubm90Ci9TdWJ0eXBl IC9MaW5rCi9SZWN0IFs0NTkuMzU5OTk5ICAzNTQuNzk5OTk5ICA0ODIuMzk5OTk5ICAzNjIuNDc5 OTk5IF0KL0JvcmRlciBbMCAwIDBdCi9BIDw8Ci9UeXBlIC9BY3Rpb24KL1MgL1VSSQovVVJJICho dHRwOi8veG1sLnJlc291cmNlLm9yZy9wdWJsaWMvcmZjL2h0bWwvcmZjMjYxNy5odG1sKQo+Pgo+ PgplbmRvYmoKODE1IDAgb2JqCjw8Ci9UeXBlIC9Bbm5vdAovU3VidHlwZSAvTGluawovUmVjdCBb NDg3LjE5OTk5OSAgMzU0Ljc5OTk5OSAgNTA0LjQ4MDAwMCAgMzYyLjQ3OTk5OSBdCi9Cb3JkZXIg WzAgMCAwXQovQSA8PAovVHlwZSAvQWN0aW9uCi9TIC9VUkkKL1VSSSAoaHR0cDovL3htbC5yZXNv dXJjZS5vcmcvcHVibGljL3JmYy94bWwvcmZjMjYxNy54bWwpCj4+Cj4+CmVuZG9iago4MTYgMCBv YmoKPDwKL1R5cGUgL0Fubm90Ci9TdWJ0eXBlIC9MaW5rCi9SZWN0IFsxNTYgIDM0Mi4zMTk5OTkg IDIxOC40MDAwMDAgIDM1MCBdCi9Cb3JkZXIgWzAgMCAwXQovQSA8PAovVHlwZSAvQWN0aW9uCi9T IC9VUkkKL1VSSSAoaHR0cDovL3Rvb2xzLmlldGYub3JnL2h0bWwvcmZjMjgxOCkKPj4KPj4KZW5k b2JqCjgxNyAwIG9iago8PAovVHlwZSAvQW5ub3QKL1N1YnR5cGUgL0xpbmsKL1JlY3QgWzMxMS41 MTk5OTkgIDM0Mi4zMTk5OTkgIDMyNy44Mzk5OTkgIDM1MCBdCi9Cb3JkZXIgWzAgMCAwXQovQSA8 PAovVHlwZSAvQWN0aW9uCi9TIC9VUkkKL1VSSSAoaHR0cDovL3d3dy5yZmMtZWRpdG9yLm9yZy9y ZmMvcmZjMjgxOC50eHQpCj4+Cj4+CmVuZG9iago4MTggMCBvYmoKPDwKL1R5cGUgL0Fubm90Ci9T dWJ0eXBlIC9MaW5rCi9SZWN0IFsxMDQuMTU5OTk5ICAzMjkuODM5OTk5ICAxNjkuNDM5OTk5ICAz MzcuNTE5OTk5IF0KL0JvcmRlciBbMCAwIDBdCi9BIDw8Ci9UeXBlIC9BY3Rpb24KL1MgL1VSSQov VVJJIChtYWlsdG86dGltYmxAdzMub3JnKQo+Pgo+PgplbmRvYmoKODE5IDAgb2JqCjw8Ci9UeXBl IC9Bbm5vdAovU3VidHlwZSAvTGluawovUmVjdCBbMTc0LjI0MDAwMCAgMzI5LjgzOTk5OSAgMjIx LjI4MDAwMCAgMzM3LjUxOTk5OSBdCi9Cb3JkZXIgWzAgMCAwXQovQSA8PAovVHlwZSAvQWN0aW9u Ci9TIC9VUkkKL1VSSSAobWFpbHRvOmZpZWxkaW5nQGdiaXYuY29tKQo+Pgo+PgplbmRvYmoKODIw IDAgb2JqCjw8Ci9UeXBlIC9Bbm5vdAovU3VidHlwZSAvTGluawovUmVjdCBbMjQzLjM1OTk5OSAg MzI5LjgzOTk5OSAgMjkwLjM5OTk5OSAgMzM3LjUxOTk5OSBdCi9Cb3JkZXIgWzAgMCAwXQovQSA8 PAovVHlwZSAvQWN0aW9uCi9TIC9VUkkKL1VSSSAobWFpbHRvOkxNTUBhY20ub3JnKQo+Pgo+Pgpl bmRvYmoKODIxIDAgb2JqCjw8Ci9UeXBlIC9Bbm5vdAovU3VidHlwZSAvTGluawovUmVjdCBbMjk5 LjAzOTk5OSAgMzI5LjgzOTk5OSAgNTE0LjA3OTk5OSAgMzM3LjUxOTk5OSBdCi9Cb3JkZXIgWzAg MCAwXQovQSA8PAovVHlwZSAvQWN0aW9uCi9TIC9VUkkKL1VSSSAoaHR0cDovL3Rvb2xzLmlldGYu b3JnL2h0bWwvcmZjMzk4NikKPj4KPj4KZW5kb2JqCjgyMiAwIG9iago8PAovVHlwZSAvQW5ub3QK L1N1YnR5cGUgL0xpbmsKL1JlY3QgWzIzMS44NDAwMDAgIDMyMS4xOTk5OTkgIDI0OC4xNTk5OTkg IDMyOC44Nzk5OTkgXQovQm9yZGVyIFswIDAgMF0KL0EgPDwKL1R5cGUgL0FjdGlvbgovUyAvVVJJ Ci9VUkkgKGh0dHA6Ly93d3cucmZjLWVkaXRvci5vcmcvcmZjL3JmYzM5ODYudHh0KQo+Pgo+Pgpl bmRvYmoKODIzIDAgb2JqCjw8Ci9UeXBlIC9Bbm5vdAovU3VidHlwZSAvTGluawovUmVjdCBbMjUy Ljk1OTk5OSAgMzIxLjE5OTk5OSAgMjc2ICAzMjguODc5OTk5IF0KL0JvcmRlciBbMCAwIDBdCi9B IDw8Ci9UeXBlIC9BY3Rpb24KL1MgL1VSSQovVVJJIChodHRwOi8veG1sLnJlc291cmNlLm9yZy9w dWJsaWMvcmZjL2h0bWwvcmZjMzk4Ni5odG1sKQo+Pgo+PgplbmRvYmoKODI0IDAgb2JqCjw8Ci9U eXBlIC9Bbm5vdAovU3VidHlwZSAvTGluawovUmVjdCBbMjgwLjgwMDAwMCAgMzIxLjE5OTk5OSAg Mjk4LjA4MDAwMCAgMzI4Ljg3OTk5OSBdCi9Cb3JkZXIgWzAgMCAwXQovQSA8PAovVHlwZSAvQWN0 aW9uCi9TIC9VUkkKL1VSSSAoaHR0cDovL3htbC5yZXNvdXJjZS5vcmcvcHVibGljL3JmYy94bWwv cmZjMzk4Ni54bWwpCj4+Cj4+CmVuZG9iago4MjUgMCBvYmoKPDwKL1R5cGUgL0Fubm90Ci9TdWJ0 eXBlIC9MaW5rCi9SZWN0IFsxNjIuNzE5OTk5ICAzMDguNzE5OTk5ICA0NjEuMjc5OTk5ICAzMTYu Mzk5OTk5IF0KL0JvcmRlciBbMCAwIDBdCi9BIDw8Ci9UeXBlIC9BY3Rpb24KL1MgL1VSSQovVVJJ IChodHRwOi8vdG9vbHMuaWV0Zi5vcmcvaHRtbC9yZmM0NjI3KQo+Pgo+PgplbmRvYmoKODI2IDAg b2JqCjw8Ci9UeXBlIC9Bbm5vdAovU3VidHlwZSAvTGluawovUmVjdCBbMTQzLjUxOTk5OSAgMjk5 LjExOTk5OSAgMTU5LjgzOTk5OSAgMzA2Ljc5OTk5OSBdCi9Cb3JkZXIgWzAgMCAwXQovQSA8PAov VHlwZSAvQWN0aW9uCi9TIC9VUkkKL1VSSSAoaHR0cDovL3d3dy5yZmMtZWRpdG9yLm9yZy9yZmMv cmZjNDYyNy50eHQpCj4+Cj4+CmVuZG9iago4MjcgMCBvYmoKPDwKL1R5cGUgL0Fubm90Ci9TdWJ0 eXBlIC9MaW5rCi9SZWN0IFsxNDguMzE5OTk5ICAyODcuNTk5OTk5ICAzMDguNjM5OTk5ICAyOTUu Mjc5OTk5IF0KL0JvcmRlciBbMCAwIDBdCi9BIDw8Ci9UeXBlIC9BY3Rpb24KL1MgL1VSSQovVVJJ IChodHRwOi8vdG9vbHMuaWV0Zi5vcmcvaHRtbC9yZmM0OTQ5KQo+Pgo+PgplbmRvYmoKODI4IDAg b2JqCjw8Ci9UeXBlIC9Bbm5vdAovU3VidHlwZSAvTGluawovUmVjdCBbNDExLjM2MDAwMCAgMjg3 LjU5OTk5OSAgNDI3LjY4MDAwMCAgMjk1LjI3OTk5OSBdCi9Cb3JkZXIgWzAgMCAwXQovQSA8PAov VHlwZSAvQWN0aW9uCi9TIC9VUkkKL1VSSSAoaHR0cDovL3d3dy5yZmMtZWRpdG9yLm9yZy9yZmMv cmZjNDk0OS50eHQpCj4+Cj4+CmVuZG9iago4MjkgMCBvYmoKPDwKL1R5cGUgL0Fubm90Ci9TdWJ0 eXBlIC9MaW5rCi9SZWN0IFsyMTguNDAwMDAwICAyNzUuMTE5OTk5ICA0ODMuMzYwMDAwICAyODIu Nzk5OTk5IF0KL0JvcmRlciBbMCAwIDBdCi9BIDw8Ci9UeXBlIC9BY3Rpb24KL1MgL1VSSQovVVJJ IChodHRwOi8vdG9vbHMuaWV0Zi5vcmcvaHRtbC9yZmM1MjI2KQo+Pgo+PgplbmRvYmoKODMwIDAg b2JqCjw8Ci9UeXBlIC9Bbm5vdAovU3VidHlwZSAvTGluawovUmVjdCBbMTg3LjY4MDAwMCAgMjY1 LjUxOTk5OSAgMjA0ICAyNzMuMTk5OTk5IF0KL0JvcmRlciBbMCAwIDBdCi9BIDw8Ci9UeXBlIC9B Y3Rpb24KL1MgL1VSSQovVVJJIChodHRwOi8vd3d3LnJmYy1lZGl0b3Iub3JnL3JmYy9yZmM1MjI2 LnR4dCkKPj4KPj4KZW5kb2JqCjgzMSAwIG9iago8PAovVHlwZSAvQW5ub3QKL1N1YnR5cGUgL0xp bmsKL1JlY3QgWzIwOC43OTk5OTkgIDI1My4wMzk5OTkgIDQxNi4xNTk5OTkgIDI2MC43MTk5OTkg XQovQm9yZGVyIFswIDAgMF0KL0EgPDwKL1R5cGUgL0FjdGlvbgovUyAvVVJJCi9VUkkgKGh0dHA6 Ly90b29scy5pZXRmLm9yZy9odG1sL3JmYzUyMzQpCj4+Cj4+CmVuZG9iago4MzIgMCBvYmoKPDwK L1R5cGUgL0Fubm90Ci9TdWJ0eXBlIC9MaW5rCi9SZWN0IFsxNTguODc5OTk5ICAyNDQuMzk5OTk5 ICAxNzUuMTk5OTk5ICAyNTIuMDc5OTk5IF0KL0JvcmRlciBbMCAwIDBdCi9BIDw8Ci9UeXBlIC9B Y3Rpb24KL1MgL1VSSQovVVJJIChodHRwOi8vd3d3LnJmYy1lZGl0b3Iub3JnL3JmYy9yZmM1MjM0 LnR4dCkKPj4KPj4KZW5kb2JqCjgzMyAwIG9iago8PAovVHlwZSAvQW5ub3QKL1N1YnR5cGUgL0xp bmsKL1JlY3QgWzIwNS45MTk5OTkgIDIzMS45MTk5OTkgIDQ0Ny44Mzk5OTkgIDIzOS41OTk5OTkg XQovQm9yZGVyIFswIDAgMF0KL0EgPDwKL1R5cGUgL0FjdGlvbgovUyAvVVJJCi9VUkkgKGh0dHA6 Ly90b29scy5pZXRmLm9yZy9odG1sL3JmYzUyNDYpCj4+Cj4+CmVuZG9iago4MzQgMCBvYmoKPDwK L1R5cGUgL0Fubm90Ci9TdWJ0eXBlIC9MaW5rCi9SZWN0IFsxNTYgIDIyMi4zMTk5OTkgIDE3Mi4z MTk5OTkgIDIyOS45OTk5OTkgXQovQm9yZGVyIFswIDAgMF0KL0EgPDwKL1R5cGUgL0FjdGlvbgov UyAvVVJJCi9VUkkgKGh0dHA6Ly93d3cucmZjLWVkaXRvci5vcmcvcmZjL3JmYzUyNDYudHh0KQo+ Pgo+PgplbmRvYmoKODM1IDAgb2JqCjw8Ci9UeXBlIC9Bbm5vdAovU3VidHlwZSAvTGluawovUmVj dCBbMTA0LjE1OTk5OSAgMTkyLjU1OTk5OSAgNTIyLjcyMDAwMCAgMjE4LjQ3OTk5OSBdCi9Cb3Jk ZXIgWzAgMCAwXQovQSA8PAovVHlwZSAvQWN0aW9uCi9TIC9VUkkKL1VSSSAoaHR0cDovL3Rvb2xz LmlldGYub3JnL2h0bWwvcmZjNjEyNSkKPj4KPj4KZW5kb2JqCjgzNiAwIG9iago8PAovVHlwZSAv QW5ub3QKL1N1YnR5cGUgL0xpbmsKL1JlY3QgWzMzNi40Nzk5OTkgIDE5MS41OTk5OTkgIDM1Mi43 OTk5OTkgIDE5OS4yNzk5OTkgXQovQm9yZGVyIFswIDAgMF0KL0EgPDwKL1R5cGUgL0FjdGlvbgov UyAvVVJJCi9VUkkgKGh0dHA6Ly93d3cucmZjLWVkaXRvci5vcmcvcmZjL3JmYzYxMjUudHh0KQo+ Pgo+PgplbmRvYmoKODM3IDAgb2JqCjw8Ci9UeXBlIC9Bbm5vdAovU3VidHlwZSAvTGluawovUmVj dCBbMjQxLjQzOTk5OSAgMTUzLjE5OTk5OSAgMzQzLjE5OTk5OSAgMTYwLjg3OTk5OSBdCi9Cb3Jk ZXIgWzAgMCAwXQovQSA8PAovVHlwZSAvQWN0aW9uCi9TIC9VUkkKL1VSSSAoaHR0cDovL3d3dy53 My5vcmcvVFIvMTk5OS9SRUMtaHRtbDQwMS0xOTk5MTIyNCkKPj4KPj4KZW5kb2JqCjgzOCAwIG9i ago8PAovVHlwZSAvQW5ub3QKL1N1YnR5cGUgL0xpbmsKL1JlY3QgWzMzMi42Mzk5OTkgIDE0NC41 NTk5OTkgIDM1NS42ODAwMDAgIDE1Mi4yMzk5OTkgXQovQm9yZGVyIFswIDAgMF0KL0EgPDwKL1R5 cGUgL0FjdGlvbgovUyAvVVJJCi9VUkkgKGh0dHA6Ly93d3cudzMub3JnL1RSLzE5OTkvUkVDLWh0 bWw0MDEtMTk5OTEyMjQpCj4+Cj4+CmVuZG9iago4MzkgMCBvYmoKPDwKL1R5cGUgL0Fubm90Ci9T dWJ0eXBlIC9MaW5rCi9SZWN0IFszMjEuMTIwMDAwICA2OS42Nzk5OTk5ICA1MDkuMjc5OTk5ICA3 Ny4zNTk5OTk5IF0KL0JvcmRlciBbMCAwIDBdCi9BIDw8Ci9UeXBlIC9BY3Rpb24KL1MgL1VSSQov VVJJIChodHRwOi8vdG9vbHMuaWV0Zi5vcmcvaHRtbC9kcmFmdC1oYXJkdC1vYXV0aC0wMSkKPj4K Pj4KZW5kb2JqCjg0MCAwIG9iago8PAovVHlwZSAvQW5ub3QKL1N1YnR5cGUgL0xpbmsKL1JlY3Qg WzI1Ni44MDAwMDAgIDQ4LjU1OTk5OTkgIDQ2OCAgNTYuMjM5OTk5OSBdCi9Cb3JkZXIgWzAgMCAw XQovQSA8PAovVHlwZSAvQWN0aW9uCi9TIC9VUkkKL1VSSSAoaHR0cDovL3Rvb2xzLmlldGYub3Jn L2h0bWwvZHJhZnQtaWV0Zi1vYXV0aC1zYW1sMi1iZWFyZXItMTMpCj4+Cj4+CmVuZG9iago4NDEg MCBvYmoKPDwKL1R5cGUgL0Fubm90Ci9TdWJ0eXBlIC9MaW5rCi9SZWN0IFszMDcuNjgwMDAwICAz OC45NTk5OTk5ICAzMjQgIDQ2LjYzOTk5OTkgXQovQm9yZGVyIFswIDAgMF0KL0EgPDwKL1R5cGUg L0FjdGlvbgovUyAvVVJJCi9VUkkgKGh0dHA6Ly93d3cuaWV0Zi5vcmcvaW50ZXJuZXQtZHJhZnRz L2RyYWZ0LWlldGYtb2F1dGgtc2FtbDItYmVhcmVyLTEzLnR4dCkKPj4KPj4KZW5kb2JqCjc1MyAw IG9iago8PAovVHlwZSAvUGFnZQovUGFyZW50IDIgMCBSCi9Db250ZW50cyA4NDIgMCBSCi9SZXNv dXJjZXMgODQ0IDAgUgovQW5ub3RzIDg0NSAwIFIKL01lZGlhQm94IFswIDAgNTk1IDg0Ml0KPj4K ZW5kb2JqCjg0NCAwIG9iago8PAovQ29sb3JTcGFjZSA8PAovUENTcCA0IDAgUgovQ1NwIC9EZXZp Y2VSR0IKL0NTcGcgL0RldmljZUdyYXkKPj4KL0V4dEdTdGF0ZSA8PAovR1NhIDMgMCBSCj4+Ci9Q YXR0ZXJuIDw8Cj4+Ci9Gb250IDw8Ci9GNiA2IDAgUgovRjkgOSAwIFIKL0YxMCAxMCAwIFIKPj4K L1hPYmplY3QgPDwKPj4KPj4KZW5kb2JqCjg0NSAwIG9iagpbIDc3NiAwIFIgNzc3IDAgUiA3Nzgg MCBSIDc3OSAwIFIgNzgwIDAgUiA3ODEgMCBSIDc4MiAwIFIgNzgzIDAgUiA3ODQgMCBSIDc4NSAw IFIgNzg2IDAgUiA3ODcgMCBSIDc4OCAwIFIgNzg5IDAgUiA3OTAgMCBSIDc5MSAwIFIgNzkyIDAg UiA3OTMgMCBSIDc5NCAwIFIgNzk1IDAgUiA3OTYgMCBSIDc5NyAwIFIgNzk4IDAgUiA3OTkgMCBS IDgwMCAwIFIgODAxIDAgUiA4MDIgMCBSIDgwMyAwIFIgODA0IDAgUiA4MDUgMCBSIDgwNiAwIFIg ODA3IDAgUiA4MDggMCBSIDgwOSAwIFIgODEwIDAgUiA4MTEgMCBSIDgxMiAwIFIgODEzIDAgUiA4 MTQgMCBSIDgxNSAwIFIgODE2IDAgUiA4MTcgMCBSIDgxOCAwIFIgODE5IDAgUiA4MjAgMCBSIDgy MSAwIFIgODIyIDAgUiA4MjMgMCBSIDgyNCAwIFIgODI1IDAgUiA4MjYgMCBSIDgyNyAwIFIgODI4 IDAgUiA4MjkgMCBSIDgzMCAwIFIgODMxIDAgUiA4MzIgMCBSIDgzMyAwIFIgODM0IDAgUiA4MzUg MCBSIDgzNiAwIFIgODM3IDAgUiA4MzggMCBSIDgzOSAwIFIgODQwIDAgUiA4NDEgMCBSIF0KZW5k b2JqCjg0MiAwIG9iago8PAovTGVuZ3RoIDg0MyAwIFIKL0ZpbHRlciAvRmxhdGVEZWNvZGUKPj4K c3RyZWFtCnic7V1Lj906ct73rzjrALev+NALCAawfe0AWQQwbCCLQRbBncwEg/Ygzizy96NXH5H1 Heqj2NQRz9htzLjNK1HFYrFYj4/FX//ly39e/vL3y68fvvzP5ffl7w9fnqrnqu7nn0s1/PnFbdDd s9HV+HPplHlu2qn1929P3y/fnz4/fR7+//uTaqYXl7+G//j6iWr68/ff//b06/zxp7nly4d/G377 v4u+/Ovwv79e/vgfQ+Oflv7GB749dX0z0FFVygz/fHH/qXTf9s8DUWpor+Q/x4f/++nf/+nyt5Ew /dxNxKuZQPefv9S2HcY5vNm9ieTv66vPTWV6reqmC/7udmzMQo+91Op55nI7DN3Yenhj+KkvjX2e mqt+5EGj7LMdqNeyXbcTA7Tbz0ug/5E9f3Zo7s3yE/zdo3mlrW3m3pUaaV6/1fXzE8NUebSJ9utY nH5eAv1LmjPxOUBziIbQvBzB59tz/c1tj+TzbdkIyVImPtvh7+cb8my7ZQ0KGkT7lWann5dA/9nk 2XZ6/l3Ihu1MN5KJtHntzliu/bwE+j+IzwGaQzSE5uUIPt+e629+exSfb8tGSJZy6Y3WTN0Pe4Un z3VrJ3KGdo8G0b6uwbWfl0D/2eS5buctc6bZ/VY7/w60ee3OWK79vAT6P4jPAZpDNITm5Qg+357r b357FJ9vy0ZIljLxWam6nhaV8uV5aG/VqzHl0CDarzQ7/bwE+s8mz0Of3bRVCXtjaO+nbRppc9vd sbz28xLo/yA+B2gO0RCalyP4fHuuv4n2GD7flo2QLPk0v7odPRjhu2z5xg47l25rO7gvF1Vf/ve/ hq98nmz1BI9ATX9cYuaWgEfwfePF91+ffv3UXFR1+frny0zBL/NfX2eqfxnIburL1z9d/nkk6g+X r399Gh2gpUFPDe3aYKaGbm2w8om5j49fl/Efw2ujdP2AvDbKNA/I6757RF7rwb94OF43tXlEXjeN PYjXK59nX3L4Cf7uBVEinqfM2PvRiVX9OHs3WKWbSdu2rxpAN4IP0FC9mxrs+sQH+gTtY+H2RoPu pgalwlOm54Z+feKj6EQBqXOv9drw29TQrK9U9BX5leqDoEMpSRgMF56Qg1Nzg1plWMt3dC2Hy2k3 N4R6X+zv+8aLk+gNa3Sg+tYynWSvGzzUhf5PktyPt1kN07X1imT1MhmdnK4tVsNsGIdv6QxQ1cwB rX0xcJSOlsQG9FTm8aGAAl+BJR9lHy2jXXVyuAH5dF7pGaWmYn2gfgIuwxOK6SdrKYNqOVo+Meq9 fKSVO5n8DBBilKQsoH3fKM2m7nxptu+kUoMBw2gSZAYWgJbD268kUBD3L0R8olh1htKs5W5r52Wl qlWufpPTC9oL1qaWnVQ1tDh21ttVq3ndXKpPQtSAceo3QT6XTtRGAc6+dTR17Y8GaEX5BFMHRAkE BTql6hg65csTZRzWvPwsdgqTGTsReZc4EgavwFdgqS2Grd7YKGB0sC28k5+Rr2g6GENt8BRSjWwA UrWcfw2K5RBS8bsfpC5CWqWRgzbruxwLfjGNax38zBF7Ceo3kG+pM9B04osG1KqkFBUR99ukRsBO pb7Pa8M3140mhw1fCoukLQ0CgcYljMXK1cz5QZ2NRzbY6MyhSQd9QECFD46vbe5r8bBNDuGXmxvK qSQ9wkCQHOOOVLGrMsLG4sbfsRGNTgcpodYeigxfZDDd1T0mImJtQx/7DVXcYrklD5RSM/Q+yo/L Ia5trg74AuHGb5VD/G1X+eIP22MokPTWD/dGrDtYESmxJegE5BsWDRW0hxPnTCqxb4Mf/odaA7qz /njvtQb08EWf0YHkjsMkcF9hKqjO/6k4M8xdrXWi0CSEed9Ka63fvKAjgmAQWQPdm9Ni61XQYsO4 aICSXQb6z2V0wDIypvcnM5T7yRKe6vU1c2uZVYu2BTfI9+f+cK64zPBNghv1MDgq3Rg45cPnYnZy EKy3D5DIBpZAuvAusaVSBOAs+xxyPB+o3gW8DzcJTtrL7mN43oeFCZvsw8g6MighaxqhhPbnUXXO LHhfh12ixwmTZwilYUCDr+UccXNOR47QIuzt7+QKgbFQDMQxYVJICfEwUgCilceQba951kZSRnEV MNyUlOj+yQ3BULc2HWmmRuRAZKd57cXu6kDADpGgMTiakM4dLl26IcAraDAAOIPPHTdcgGNgyEmn DJgM0g6kc/sggesR2yFFV+r3QnQRISFdEBg+QjZpfjOHnEa4oPsz5Akzh3pKamENWbT7oKoezvHL og7N0H1QiO4Tpjoka55gY1PPJgKJgMDSDMsMR8eNUK4Pge2wUVMz9STUewJWI2JX5uE0eAU2YZiX hCW1X6dip3Lvv6G69svDAzGEgjlSdDnXKSEjPJOmVq+GK8Li0eySpkoEZo4LCapELhNcrYBpkgN5 dg7yPoRey+ExmspcMywSrMyDbhxFgaYJR2LcB+AETOXZEpg6vuC5t5uATM3puprK7sh9wWzuB7xG RGoSbHO63LOY86XITMro+KqiDvF9FELCQbkfKxicYszyZZmwtGFbpk5WxF5/nz2WfgXNLg5NhlhP tEmVSZU3V7f7EH3wwHj/HDsIP8vBo6FU2aVEqqggRmgdgNDylXoO/qCcTZhHbiAqzVPhXP1xXXaO RX0WHoVvbTTUh4suFhiSSXG31+PQXLcdkdiMqEXw05HfbWTQbSnCkoPB8VNHGbACKO481bN/YUYU WgFR5qt9K1ryD1buyqjVeQdBSTjzCIk1XqpqWRdbVpEsRBXaa519EqQNXvlwU/3m57DWVTqHE8qF LR6Cy3JZhAsre+GJqP21vlLO8z2EeBxVDSxUs0/3k9xcKx5YGb6DyVmUfCM57ew+sqGC9D1AIuQO tlTCmXgiyyqOPFDIg+G/jiMxz/W4cgZzZXAwnYaXpy9RhRpvfY1oynBnm7zvBe8X4BikW7cSstAA YTAouSg7tbJ+HZRtXDSD00dzvMSOZuhNto3z6vFNQ5lJKxpMs1uaVGt8cbJ9XbY4jRT7a1lOG8iC BvGRrFxUoqPP3zN5AplcNH4T/spSJcfu+QpMOhjB8rO4FKCPACByi0EJ+pHyY9ms6w1+wCtg8geK yGxBuT9KjsErkjDOU2SQfMXAfsHPO4NmlJ2qj3K7R1KBQ8B2ENSaydQCiNtYdAo45GTI7q5NR7W2 rU0NWEVSvcLuDaakklzBPuSi0L1soGpeS0GC6UIbV/ZRwWeBMGh4t5vSxbyBGo2OTgCT9zc5Dfq2 otniKVAKDXsP329ZNtdC0O4xy9j9t5r236a+mnO6dhsK3H8r448aql1biBg4Vu797Shd+/SGxHbX tBklpq1RhU/bQLHPBvAtYcMKlIA+yx6WA8gxj00r5rGvCp/HpvXZAKutsGnrK6EkIb66BzlFHPzu qoOOcPChAXIUsDUnO/iduopkbdyG8kSyF7w3YH0EACcbfo+W5yvAm+D+PF7DcKo/XxufTWiTSeNo MaGdBmm1pai8tvXla4ymFi1fI8W3OAcTuyELC+cg7Qvppi0h7U4Un3GWPCYcEg7Ss12zCofpC1c+ erFruuCqVzLeGBEgAXc34GFtBQQgGgyxHYh28HiIDF3AEyDG6NzLWBfXxhjKgUgFUEpDShgul6t4 ccnPWXCmN2TBRUQMjvDU0XWXDXZ/TMF0uzejJRTXhF8J3ZCT2ZeXDTi4/X55rYUVVteqbEVYSxO4 cL98ZKhvNh7pGPSvV1Ad4hjAOsfMXzbHoG9FzOG1oTyR7AXvkbPUMcDtjIf34ayG9NK464C5+nNT gcpnZMbQxypOWvVli9Nr6GOVpwC6ccuikg2QG0xwNC1snmdKyziP2aVFz2FpR1paXba06CXue2UD xMXAZgVFgclWmPpHE45WHyAcbecLh7FV4cLRdmxrgogUz/dT3QJRrQhQCoTpzxSfcWKzi4+xjS8+ VhWuW0aKt3ULVsvjLjTN02cBOUkP9FR5Gmc6uzxZJdSRbQq3bEaKfTZQAAZiVgDVIuNeEWZvICRz knA0kYbMvUPothcKq/Y3wAIFrBcKK5Qb2RAOwG1ydZQA0wQ9uUSmoErW1to4Na4hTYtDAvV1J4IB jW3LFsGRYp8vcPIG9kwKMkOJo3tm6FLB3ZEYU/VXZ2jCYF8bRubfO8piqi64tDm+GtZpAA1m90zF w2REQMVAQ4RZDvwArQQVAnv5FZoRqc6EcugZkb5KWikZEcx3QAwnR0ZE5jswIwI2fqnpDdNpX4PZ ykoNVtb2MVK8rebKSm+MDN1eLEmeTSWmTRc+bSPFHhtAC+pTXQx9xCwZOUtT7rDkWTJslgDTpU6d tjl3mHna6lZMW9cWPm11K9jwYJjekcP553GCLDnzWKum8HmcoSYrGwrH9I4M9eg9MnVv9BXpfFLq XjpHqal7o1eY+bwj6GJh5r3gPc+PcKcyB6a3rGyaWvYhnfVMwrwPrcKiSxcWtexDOni2BNMhHH4L r8BRR/TbIURJM3A5ciplhc31EUKppVCa2fMoVyg1FUqMFNGMLgeYRMDI9wtYWVrPLE5TVgEzs9O0 CpitdNkCZhanaWUDJCZAhUGZAXrAG7PCkOeDQMiDVboYZzq7PNmqE/JU92XL00gxkacfMQlc93HC 4cRDAWUOSHWobwQBf6jnRIO98EREuhrWobxUrZSUd11bfzk1qnD1PFK8vZx4yhv1JDUIQMWHbpeB nOU566tRkcr3TenqRhshPnXh4jNSTMzH2Izf/kCBcaBw1m04JbNsGl+ROOYLVLCB9cFBI7w8TYYC PgkH1ixUa+KImATUH+SvqSMcUfIIKKVHsgH7jJqNekf81C2OllqzWN+K1pX6EeT0LLym9VXC40AA tJyMHxwCUBvrbzV13citpqwteaTYE77CIQAjQ7cXS4ohPkPNnGnrdeHTtsCGTBD4V3iWcuRw/nns O38eG60Kn8e+89lQeJZyZKhH76FZymNLC2uomQtZSgj06B2DCzKxF6PDdCmYZ3C9KlT0g+gL1AmY JUuvT8ggR0SVRKjFuD+2klJQdzpWa9aCutr2bkN563o5VuvMcQZsK1b7gPs9EsDdyXVaTsrEWbl6 CrGWF0jDlrUMT2Qo9snLf2Cxk/f7G3LgY5veX8WmV2WvYtMIWSvcOB4Z6tF76O7cXJFVOXZnALZA YWC5GWcr/zFM8xVD1NVuQ3ki2QveP9wBsj1Zs8KKDXa1z/sswKRZB64SqKfKlAVLoFqUzJUNPyvQ pGKKTJw83TsvOZaP8mTSWF22TI4U+6zcn5c8t9zAWaUn9F4RTHDfjK/Svj01pnAdZ+TSNHBfI8y0 lIWEi0kQjZlwJQZKKXwXMjdgItAMUsQlIrB8MmR/kKn7yyDjyn8vnoDZxo1DjnbBxzgARJrpjKi0 td9SS8iFAiADr/bhak2+Yk6NUhq2s7pVUN8cyFurLcLCkp6RDlxh7Hj8GQqP5ohvGPgsZNBkOOOB S6QmxEg00JEhRqKbyf90ConP5+XKLZE6UuwtgsJjJHo5Hkdrfu+atvl4nFPiW5vCp205Hrey4cES iEbLAeQAzE8Vit15nCF15c6j0WIPKjyBODLU3zOPDFFmrVDMLybBFOPWMcc32x1r1R/YzeUOiNBr mUBcsk3gqW70Ebpad5epAgbRfTKK7bTPOtXGGus2lLfQR4q9Sc9xJwOGOCCBCA0wHSchSWWhn8Vg dQbHHWF6nwIGhYCnNHKJw+cp14SqXeDWZbgYFc7I4dlPIAyeALw/eKTUicU7IClMFnPjUJkYBAZ4 CpTyWz4/Sn1Gy28dsjx4kAPmFicKWCgHZ+5w/XgYQtZYsQ2egwTgV4UgViCAm81iF9i1hATH2kpQ 0CGuMjIkg6us6jFLYdeSJGqqnm7LLUkyUuzNT+Gusprrmtu7lCSxWUuSoK0OcAL6RE5bfR0dxgjh Lt5PYk2iNQ/4wAQoH4AO72N4TzUPrFPzoGnchhJXbevPYMR16fuLjEeE+rntITfwCIOGp4LA9qAV +SMyHSBatGwENtAzoEBYxCH+Qu5xU07s6v4xmqbxJb4UwwpTEPyJhPPi0kjSoKHBjJL4bDz7niPj AKs3gxllJwico5Dr6cxEwQrZyi21cDOqns9MOCbAkWaUvTIhhxkFMab9td+ymlHX0SEgg2YBcU3m qDYhuQxmVEYQl7M/QJiBfxasA+n7LSbxVjkOrueA6/tHe8wtvHY8G2btevnklLO7NpSn50aKPZkH MwqtNzA9KAgnIp5LTVN+ejxLMHKWAhcdtd9YTcCVphQPoOgoOE4PsTU8cB9YFu0GU+kdBAkSE1Gl MkMAM0KmEtydIyKrEShQjuLjByTMmSbMjBZYVVGKRwARGCh/DVH+hBIFOQOp4ROaKd4M4IVomDgB UHXSgTHAgmUBQ03l5qxz7HOqZ2jLPTCm53Jz9lEOjOm53KK9y4Exm/XAWIRrAkfK4MRITtdkBZse gcbAGiiy0xxYi2N8FXpoHD9bC0q5axIRJIdcFzhAhzgeZgpwr6cf6qp1GwrUYqbxJZrXfsJKV3CU IQH+HwG2oOXD0K4G1XKEs3IkqH4L9AE2MQeOgJG8/9DFfSA/WNqen7GQkhstHycZ2lUrNpP9hvYh pxASahfcx2jGcwqHugQrbvWBTy4cYayrdrLNV+i0mmpo2XKh0yPF3pQWbqyruWSWvQt02uaFTlNj nYOrsxrrK2YMVCGgL6ilidBpGSYvNo/ACzpFAEdKrVaVZKxPSsvBhc9pg3Jx4SPFnkTnwIUfct0t +oHcrOaYF3o/BGKp958QLhZZA6je6Opdjlchjy4/ziXDpcB1+CXDpwJ66iWTeDpSmlrzHEud05qv VyTu44CADjHepwKLtYOl7nq3obxtbymwWD8MlroTEnek8V7nxVLT2xzRmofJyGi81xtYanCXpTWP TrlcpIu55EwMbP7czqbBaG69poTNM3gEGNegn0UwEuQ3QIuDNqVOxDH2/nQFT+3coWJrt6E8xafn K3jWRRBRESggSVs37sB0JETv73KuLcdNHglmZLFBcrRN5StIKViDYMmBaY7pnYQKfvuvGo2QS34a QeYEHufQc4pjCqciQBvwsSQWVq2dSvzWug1n3LlUr3dc3KVWWcpBGbjLknYK0Z0EOFqxJ5ow8AAg Mh402F8RzdJVxaeS8xT1MA2yRVwXBdMANjIHRdLQFY8gYgm9/cUzORIXfTwZdwFPZIl0ONMQSJdu BNlALEFgYPaxLA+NuiEElK+5DAUUE3ayBEB4ipZKuF8sA2SajxZhGbw6RcAo27/F2rVydGvchlO2 WBsMx/zMILA+Hj6DcBKGtTW+6J0U3Oa35WG0G4LMGfDdmEqF7CsEX/bHpfFyE3pJX8rh1Om+ekfH jYcohY4rKzyz3Lu+oQjLikuPDPXoPTQu3QTj0mAvosKEE1NgdMHmDjY4mGU549LX0WHEeF4cqlop 4fhlCF3DOuaIM1iD/NgsJK0AEMOvcQfCAM3BQYtAR0Jwm+tG+Qom8WCveC8akA6eCASewhOQKqWn l6MD5I55ALsajdxjoJ6DjOArsAHxw9sw+7AaKIOwUy6F0AfN6UL+CBNKwCBwuaCPwB0rWxLED4AX o5UKWfwRkrt/faCA7C+smqKEEsq3ojzk2x3ybLFtE82ABH0QYSlTOeSZzQT/BJYu7OOwhIBB0Gkt SQcoPZYESyjwy6/mpvcI5DRB++CdslhfAE4QooUJOC+ZjTUBfQBpsByja6prVhjSAhDGwhQeBC1k ABaCpwAFyTkY1YS+gmfJaQMHrXBMelZvoe/8idjYZFBRJQDMwVvaX+8PkUAAypbaj6tD1NNwt2CG k61H3q22sS1z8EzEOSKKngfr8E7gmXbExg+PXqMzSrkN5UVnRoq9tZd+68VGbgP0BuwSXI/+CCc7 T4p4KSVkIOGI5SchFAkHWiKgePAVcL72ex/YKTj0AUToLreIx0S408N9DYBgO1m0t27QjQpve8Ay rqLBt4rwvlOc3BzhO54ekboHa/lA0AMMAQDeIougQMP+vAQQEuGQ8Aaa2uEnG1KsGi53gbK5LlNh ee+Pk+XgYZYr5fvx3EKj1Jof8hrKs0BGin3l8mD3bo0c9gawmTBa+aWr5Sf4uz8h/PmISdr30Wng /UXVt++5m4bd1sE9ECYSVCB/wkpl1UolKYVBgbHygdkmrzrBCZ7B/aawXQeCp6CcIEPuDGbu1C3g KN/B0UCvYDdAH8AiqJsJr9wBwLAd7GirdqEF4lJ41yzgpkEW4bZrWiwdUS/gG0hDH+hAQBb9LBIW +EqOiFKret9u2KIUAkgUfobzQt28PBElNRdsWmUIQ0oJyZBzwjB4oRSPSidUV+D2+Z1CagBp4xY9 NeAjPhvAlt07YLZUcNqgA19RbEfgtSNOqkFtuhHO1Fbd9VTEZK5eGwo0VzvtaxbcOmltuIgjC7zU MyLwIajEi+xymDJ0yjGYgcMyW4TlYBlHvsIlegBjv88Bvf3FI3hYElJVobk96QL62Ulal81BF9C/ bvxXu+ZxqpJhCAVKH+TL+rbm1W07xroG8aRHnUDE4bNHmqhZeGpbf6lt5Agics2QfQWG4FEvWPPc y6HI/bwWuQmHC2BhYqROrggeustR45bbhsfkToFD3BQEMHyGpMKNuDzvNRmLuSvf2o/51tY01+Jk 04mfa0N55uNI8a1lsIHqTsi3guqIyLfSusGHKJeIs+j83rsMpwAfzozbyrZnqNZ8H68mWk5PqhI2 H6RyFuv+xHhEJRzYKgCoyivy8Bqd0If8CnYKWh6sXI7Jl0lOtceGpdbEanFBeD7CmoCoCJx94Khz 4DMH7nPULc3QIjA1kDuEenu7QHVw5wKYObyaFCwI8GroZRAImeNXG0DFVdkAWboIC+Wc28Mjcus5 MsfNeJCwtddQnOkat6E8W8rM192vSqDwk4UjQz16IxPFd+a1uUn7VBpcd931AqhG2mngekDKBcT2 021Dxemjkw0yWrFAC50n5JGuJcW08cSiGnkfctdK5aZq7cTNvn04bnJe3Z2b4yVsZXITPhvgVS5O 6Olmdt2r4lYpPLHFieHP5fvAD9VMA1v++v1bqsr+fPn89P/pWsQ/ZW5kc3RyZWFtCmVuZG9iago4 NDMgMCBvYmoKNjgxNQplbmRvYmoKODQ3IDAgb2JqCls0MyAvWFlaIDUwLjM5OTk5OTkgIAo3NDku MzU5OTk5ICAwXQplbmRvYmoKODQ4IDAgb2JqCls0MyAvWFlaIDQ3LjUxOTk5OTkgIAoxMjcuMjc5 OTk5ICAwXQplbmRvYmoKODQ5IDAgb2JqCls0MyAvWFlaIDUwLjM5OTk5OTkgIAo3OTIuNTU5OTk5 ICAwXQplbmRvYmoKODUwIDAgb2JqCls0MyAvWFlaIDQ3LjUxOTk5OTkgIAo2OTYuNTU5OTk5ICAw XQplbmRvYmoKODUxIDAgb2JqCls0MyAvWFlaIDQ3LjUxOTk5OTkgIAo0NjguMDc5OTk5ICAwXQpl bmRvYmoKODUyIDAgb2JqCls0MyAvWFlaIDQ3LjUxOTk5OTkgIAozNTIuODc5OTk5ICAwXQplbmRv YmoKODUzIDAgb2JqCls0MyAvWFlaIDQ3LjUxOTk5OTkgIAo3MjYuMzE5OTk5ICAwXQplbmRvYmoK ODU0IDAgb2JqCls0MyAvWFlaIDQ3LjUxOTk5OTkgIAo0OTguNzk5OTk5ICAwXQplbmRvYmoKODU1 IDAgb2JqCls0MyAvWFlaIDQ3LjUxOTk5OTkgIAoyMzYuNzE5OTk5ICAwXQplbmRvYmoKODU2IDAg b2JqCls0MyAvWFlaIDQ3LjUxOTk5OTkgIAozODIuNjM5OTk5ICAwXQplbmRvYmoKODU3IDAgb2Jq Cls0MyAvWFlaIDUwLjM5OTk5OTkgIAo4MTMuNjc5OTk5ICAwXQplbmRvYmoKODU4IDAgb2JqCls0 MyAvWFlaIDQ3LjUxOTk5OTkgIAoyNjYuNDc5OTk5ICAwXQplbmRvYmoKODU5IDAgb2JqCls0MyAv WFlaIDQ3LjUxOTk5OTkgIAo5Ny41MTk5OTk5ICAwXQplbmRvYmoKODYwIDAgb2JqCls0MyAvWFla IDUwLjM5OTk5OTkgIAo3MzYuODc5OTk5ICAwXQplbmRvYmoKODYxIDAgb2JqCls0MyAvWFlaIDUw LjM5OTk5OTkgIAo3NzEuNDQwMDAwICAwXQplbmRvYmoKODYyIDAgb2JqCjw8Ci9UeXBlIC9Bbm5v dAovU3VidHlwZSAvTGluawovUmVjdCBbNTIyLjcyMDAwMCAgNjkyLjcxOTk5OSAgNTQzLjg0MDAw MCAgNzAwLjM5OTk5OSBdCi9Cb3JkZXIgWzAgMCAwXQovRGVzdCAvZmlsZSMzYSMyZiMyZiMyZnZh ciMyZnRtcCMyZkNHSXRlbXA1MDcyOS5kaXIjMmZkcmFmdCMyZGlldGYjMmRvYXV0aCMyZHYyLmh0 bWwuaHRtbCMyM3RvYwo+PgplbmRvYmoKODYzIDAgb2JqCjw8Ci9UeXBlIC9Bbm5vdAovU3VidHlw ZSAvTGluawovUmVjdCBbMzU2LjYzOTk5OSAgNjQ4LjU1OTk5OSAgNDE1LjE5OTk5OSAgNjU5LjEx OTk5OSBdCi9Cb3JkZXIgWzAgMCAwXQovRGVzdCAvZmlsZSMzYSMyZiMyZiMyZnZhciMyZnRtcCMy ZkNHSXRlbXA1MDcyOS5kaXIjMmZkcmFmdCMyZGlldGYjMmRvYXV0aCMyZHYyLmh0bWwuaHRtbCMy M1JGQzUyMzQKPj4KZW5kb2JqCjg2NCAwIG9iago8PAovVHlwZSAvQW5ub3QKL1N1YnR5cGUgL0xp bmsKL1JlY3QgWzI2Ni4zOTk5OTkgIDYzNy4wMzk5OTkgIDMzMi42Mzk5OTkgIDY0Ny41OTk5OTkg XQovQm9yZGVyIFswIDAgMF0KL0Rlc3QgL2ZpbGUjM2EjMmYjMmYjMmZ2YXIjMmZ0bXAjMmZDR0l0 ZW1wNTA3MjkuZGlyIzJmZHJhZnQjMmRpZXRmIzJkb2F1dGgjMmR2Mi5odG1sLmh0bWwjMjNVTklD T0RFNQo+PgplbmRvYmoKODY1IDAgb2JqCjw8Ci9UeXBlIC9Bbm5vdAovU3VidHlwZSAvTGluawov UmVjdCBbNDM0LjM5OTk5OSAgNjAzLjQzOTk5OSAgNDkyLjk1OTk5OSAgNjEzLjk5OTk5OSBdCi9C b3JkZXIgWzAgMCAwXQovRGVzdCAvZmlsZSMzYSMyZiMyZiMyZnZhciMyZnRtcCMyZkNHSXRlbXA1 MDcyOS5kaXIjMmZkcmFmdCMyZGlldGYjMmRvYXV0aCMyZHYyLmh0bWwuaHRtbCMyM1JGQzM5ODYK Pj4KZW5kb2JqCjg2NiAwIG9iago8PAovVHlwZSAvQW5ub3QKL1N1YnR5cGUgL0xpbmsKL1JlY3Qg WzUyMi43MjAwMDAgIDQ2NC4yMzk5OTkgIDU0My44NDAwMDAgIDQ3MS45MTk5OTkgXQovQm9yZGVy IFswIDAgMF0KL0Rlc3QgL2ZpbGUjM2EjMmYjMmYjMmZ2YXIjMmZ0bXAjMmZDR0l0ZW1wNTA3Mjku ZGlyIzJmZHJhZnQjMmRpZXRmIzJkb2F1dGgjMmR2Mi5odG1sLmh0bWwjMjN0b2MKPj4KZW5kb2Jq Cjg2NyAwIG9iago8PAovVHlwZSAvQW5ub3QKL1N1YnR5cGUgL0xpbmsKL1JlY3QgWzI1MiAgNDMx LjU5OTk5OSAgMzI0Ljk1OTk5OSAgNDQyLjE1OTk5OSBdCi9Cb3JkZXIgWzAgMCAwXQovRGVzdCAv ZmlsZSMzYSMyZiMyZiMyZnZhciMyZnRtcCMyZkNHSXRlbXA1MDcyOS5kaXIjMmZkcmFmdCMyZGll dGYjMmRvYXV0aCMyZHYyLmh0bWwuaHRtbCMyM2NsaWVudCMyZHBhc3N3b3JkCj4+CmVuZG9iago4 NjggMCBvYmoKPDwKL1R5cGUgL0Fubm90Ci9TdWJ0eXBlIC9MaW5rCi9SZWN0IFs1MjIuNzIwMDAw ICAzNDkuMDM5OTk5ICA1NDMuODQwMDAwICAzNTYuNzE5OTk5IF0KL0JvcmRlciBbMCAwIDBdCi9E ZXN0IC9maWxlIzNhIzJmIzJmIzJmdmFyIzJmdG1wIzJmQ0dJdGVtcDUwNzI5LmRpciMyZmRyYWZ0 IzJkaWV0ZiMyZG9hdXRoIzJkdjIuaHRtbC5odG1sIzIzdG9jCj4+CmVuZG9iago4NjkgMCBvYmoK PDwKL1R5cGUgL0Fubm90Ci9TdWJ0eXBlIC9MaW5rCi9SZWN0IFsyNzYuOTU5OTk5ICAzMTUuNDM5 OTk5ICAzNDkuOTE5OTk5ICAzMjUuOTk5OTk5IF0KL0JvcmRlciBbMCAwIDBdCi9EZXN0IC9maWxl IzNhIzJmIzJmIzJmdmFyIzJmdG1wIzJmQ0dJdGVtcDUwNzI5LmRpciMyZmRyYWZ0IzJkaWV0ZiMy ZG9hdXRoIzJkdjIuaHRtbC5odG1sIzIzY2xpZW50IzJkcGFzc3dvcmQKPj4KZW5kb2JqCjg3MCAw IG9iago8PAovVHlwZSAvQW5ub3QKL1N1YnR5cGUgL0xpbmsKL1JlY3QgWzUyMi43MjAwMDAgIDIz Mi44Nzk5OTkgIDU0My44NDAwMDAgIDI0MC41NTk5OTkgXQovQm9yZGVyIFswIDAgMF0KL0Rlc3Qg L2ZpbGUjM2EjMmYjMmYjMmZ2YXIjMmZ0bXAjMmZDR0l0ZW1wNTA3MjkuZGlyIzJmZHJhZnQjMmRp ZXRmIzJkb2F1dGgjMmR2Mi5odG1sLmh0bWwjMjN0b2MKPj4KZW5kb2JqCjg3MSAwIG9iago8PAov VHlwZSAvQW5ub3QKL1N1YnR5cGUgL0xpbmsKL1JlY3QgWzI3Ni45NTk5OTkgIDIwMC4yMzk5OTkg IDM0OS45MTk5OTkgIDIxMC43OTk5OTkgXQovQm9yZGVyIFswIDAgMF0KL0Rlc3QgL2ZpbGUjM2Ej MmYjMmYjMmZ2YXIjMmZ0bXAjMmZDR0l0ZW1wNTA3MjkuZGlyIzJmZHJhZnQjMmRpZXRmIzJkb2F1 dGgjMmR2Mi5odG1sLmh0bWwjMjNyZXNwb25zZSMyZHR5cGUKPj4KZW5kb2JqCjg3MiAwIG9iago8 PAovVHlwZSAvQW5ub3QKL1N1YnR5cGUgL0xpbmsKL1JlY3QgWzM3NC44Nzk5OTkgIDIwMC4yMzk5 OTkgIDQzNy4yNzk5OTkgIDIxMC43OTk5OTkgXQovQm9yZGVyIFswIDAgMF0KL0Rlc3QgL2ZpbGUj M2EjMmYjMmYjMmZ2YXIjMmZ0bXAjMmZDR0l0ZW1wNTA3MjkuZGlyIzJmZHJhZnQjMmRpZXRmIzJk b2F1dGgjMmR2Mi5odG1sLmh0bWwjMjNyZXNwb25zZSMyZHR5cGUjMmRleHQKPj4KZW5kb2JqCjg3 MyAwIG9iago8PAovVHlwZSAvQW5ub3QKL1N1YnR5cGUgL0xpbmsKL1JlY3QgWzUyMi43MjAwMDAg IDkzLjY3OTk5OTkgIDU0My44NDAwMDAgIDEwMS4zNTk5OTkgXQovQm9yZGVyIFswIDAgMF0KL0Rl c3QgL2ZpbGUjM2EjMmYjMmYjMmZ2YXIjMmZ0bXAjMmZDR0l0ZW1wNTA3MjkuZGlyIzJmZHJhZnQj MmRpZXRmIzJkb2F1dGgjMmR2Mi5odG1sLmh0bWwjMjN0b2MKPj4KZW5kb2JqCjg3NCAwIG9iago8 PAovVHlwZSAvQW5ub3QKL1N1YnR5cGUgL0xpbmsKL1JlY3QgWzIyOCAgNjEuMDM5OTk5OSAgMjkw LjM5OTk5OSAgNzEuNTk5OTk5OSBdCi9Cb3JkZXIgWzAgMCAwXQovRGVzdCAvZmlsZSMzYSMyZiMy ZiMyZnZhciMyZnRtcCMyZkNHSXRlbXA1MDcyOS5kaXIjMmZkcmFmdCMyZGlldGYjMmRvYXV0aCMy ZHYyLmh0bWwuaHRtbCMyM3Njb3BlCj4+CmVuZG9iago4NzUgMCBvYmoKPDwKL1R5cGUgL0Fubm90 Ci9TdWJ0eXBlIC9MaW5rCi9SZWN0IFsxMzIgIDc5Ny4zNTk5OTkgIDUxOC44Nzk5OTkgIDgxMy42 Nzk5OTkgXQovQm9yZGVyIFswIDAgMF0KL0EgPDwKL1R5cGUgL0FjdGlvbgovUyAvVVJJCi9VUkkg KGh0dHA6Ly90b29scy5pZXRmLm9yZy9odG1sL2RyYWZ0LWlldGYtb2F1dGgtdjItYmVhcmVyLTIx KQo+Pgo+PgplbmRvYmoKODc2IDAgb2JqCjw8Ci9UeXBlIC9Bbm5vdAovU3VidHlwZSAvTGluawov UmVjdCBbMzk0LjA3OTk5OSAgNzk3LjM1OTk5OSAgNDEwLjM5OTk5OSAgODA1LjAzOTk5OSBdCi9C b3JkZXIgWzAgMCAwXQovQSA8PAovVHlwZSAvQWN0aW9uCi9TIC9VUkkKL1VSSSAoaHR0cDovL3d3 dy5pZXRmLm9yZy9pbnRlcm5ldC1kcmFmdHMvZHJhZnQtaWV0Zi1vYXV0aC12Mi1iZWFyZXItMjEu dHh0KQo+Pgo+PgplbmRvYmoKODc3IDAgb2JqCjw8Ci9UeXBlIC9Bbm5vdAovU3VidHlwZSAvTGlu awovUmVjdCBbNDE2LjE1OTk5OSAgNzk3LjM1OTk5OSAgNDMxLjUxOTk5OSAgODA1LjAzOTk5OSBd Ci9Cb3JkZXIgWzAgMCAwXQovQSA8PAovVHlwZSAvQWN0aW9uCi9TIC9VUkkKL1VSSSAoaHR0cDov L3d3dy5pZXRmLm9yZy9pbnRlcm5ldC1kcmFmdHMvZHJhZnQtaWV0Zi1vYXV0aC12Mi1iZWFyZXIt MjEucGRmKQo+Pgo+PgplbmRvYmoKODc4IDAgb2JqCjw8Ci9UeXBlIC9Bbm5vdAovU3VidHlwZSAv TGluawovUmVjdCBbMjEyLjYzOTk5OSAgNzg0Ljg3OTk5OSAgNDI3LjY3OTk5OSAgNzkyLjU1OTk5 OSBdCi9Cb3JkZXIgWzAgMCAwXQovQSA8PAovVHlwZSAvQWN0aW9uCi9TIC9VUkkKL1VSSSAoaHR0 cDovL3Rvb2xzLmlldGYub3JnL2h0bWwvZHJhZnQtaWV0Zi1vYXV0aC12Mi1odHRwLW1hYy0wMSkK Pj4KPj4KZW5kb2JqCjg3OSAwIG9iago8PAovVHlwZSAvQW5ub3QKL1N1YnR5cGUgL0xpbmsKL1Jl Y3QgWzI5NC4yNDAwMDAgIDc3NS4yNzk5OTkgIDMxMC41NjAwMDAgIDc4Mi45NTk5OTkgXQovQm9y ZGVyIFswIDAgMF0KL0EgPDwKL1R5cGUgL0FjdGlvbgovUyAvVVJJCi9VUkkgKGh0dHA6Ly93d3cu aWV0Zi5vcmcvaW50ZXJuZXQtZHJhZnRzL2RyYWZ0LWlldGYtb2F1dGgtdjItaHR0cC1tYWMtMDEu dHh0KQo+Pgo+PgplbmRvYmoKODgwIDAgb2JqCjw8Ci9UeXBlIC9Bbm5vdAovU3VidHlwZSAvTGlu awovUmVjdCBbMzE2LjMxOTk5OSAgNzc1LjI3OTk5OSAgMzMxLjY4MDAwMCAgNzgyLjk1OTk5OSBd Ci9Cb3JkZXIgWzAgMCAwXQovQSA8PAovVHlwZSAvQWN0aW9uCi9TIC9VUkkKL1VSSSAoaHR0cDov L3d3dy5pZXRmLm9yZy9pbnRlcm5ldC1kcmFmdHMvZHJhZnQtaWV0Zi1vYXV0aC12Mi1odHRwLW1h Yy0wMS5wZGYpCj4+Cj4+CmVuZG9iago4ODEgMCBvYmoKPDwKL1R5cGUgL0Fubm90Ci9TdWJ0eXBl IC9MaW5rCi9SZWN0IFsyOTMuMjc5OTk5ICA3NjMuNzU5OTk5ICA1MTkuODM5OTk5ICA3NzEuNDM5 OTk5IF0KL0JvcmRlciBbMCAwIDBdCi9BIDw8Ci9UeXBlIC9BY3Rpb24KL1MgL1VSSQovVVJJICho dHRwOi8vdG9vbHMuaWV0Zi5vcmcvaHRtbC9kcmFmdC1pZXRmLW9hdXRoLXYyLXRocmVhdG1vZGVs LTA2KQo+Pgo+PgplbmRvYmoKODgyIDAgb2JqCjw8Ci9UeXBlIC9Bbm5vdAovU3VidHlwZSAvTGlu awovUmVjdCBbMzgwLjYzOTk5OSAgNzU0LjE1OTk5OSAgMzk2Ljk1OTk5OSAgNzYxLjgzOTk5OSBd Ci9Cb3JkZXIgWzAgMCAwXQovQSA8PAovVHlwZSAvQWN0aW9uCi9TIC9VUkkKL1VSSSAoaHR0cDov L3d3dy5pZXRmLm9yZy9pbnRlcm5ldC1kcmFmdHMvZHJhZnQtaWV0Zi1vYXV0aC12Mi10aHJlYXRt b2RlbC0wNi50eHQpCj4+Cj4+CmVuZG9iago4ODMgMCBvYmoKPDwKL1R5cGUgL0Fubm90Ci9TdWJ0 eXBlIC9MaW5rCi9SZWN0IFsyMTIuNjM5OTk5ICA3NDEuNjc5OTk5ICAzMTIuNDgwMDAwICA3NDku MzU5OTk5IF0KL0JvcmRlciBbMCAwIDBdCi9BIDw8Ci9UeXBlIC9BY3Rpb24KL1MgL1VSSQovVVJJ IChodHRwOi8vdG9vbHMuaWV0Zi5vcmcvaHRtbC9yZmM1ODQ5KQo+Pgo+PgplbmRvYmoKODg0IDAg b2JqCjw8Ci9UeXBlIC9Bbm5vdAovU3VidHlwZSAvTGluawovUmVjdCBbNDA1LjU5OTk5OSAgNzQx LjY3OTk5OSAgNDIxLjkxOTk5OSAgNzQ5LjM1OTk5OSBdCi9Cb3JkZXIgWzAgMCAwXQovQSA8PAov VHlwZSAvQWN0aW9uCi9TIC9VUkkKL1VSSSAoaHR0cDovL3d3dy5yZmMtZWRpdG9yLm9yZy9yZmMv cmZjNTg0OS50eHQpCj4+Cj4+CmVuZG9iago4ODUgMCBvYmoKPDwKL1R5cGUgL0Fubm90Ci9TdWJ0 eXBlIC9MaW5rCi9SZWN0IFsyMzEuODQwMDAwICA3MjkuMTk5OTk5ICAzODQuNDgwMDAwICA3MzYu ODc5OTk5IF0KL0JvcmRlciBbMCAwIDBdCi9BIDw8Ci9UeXBlIC9BY3Rpb24KL1MgL1VSSQovVVJJ IChodHRwOi8vd3d3LnVuaWNvZGUub3JnL3ZlcnNpb25zL1VuaWNvZGU1LjAuMC8pCj4+Cj4+CmVu ZG9iago4NDYgMCBvYmoKPDwKL1R5cGUgL1BhZ2UKL1BhcmVudCAyIDAgUgovQ29udGVudHMgODg2 IDAgUgovUmVzb3VyY2VzIDg4OCAwIFIKL0Fubm90cyA4ODkgMCBSCi9NZWRpYUJveCBbMCAwIDU5 NSA4NDJdCj4+CmVuZG9iago4ODggMCBvYmoKPDwKL0NvbG9yU3BhY2UgPDwKL1BDU3AgNCAwIFIK L0NTcCAvRGV2aWNlUkdCCi9DU3BnIC9EZXZpY2VHcmF5Cj4+Ci9FeHRHU3RhdGUgPDwKL0dTYSAz IDAgUgo+PgovUGF0dGVybiA8PAo+PgovRm9udCA8PAovRjYgNiAwIFIKL0YxMCAxMCAwIFIKL0Y5 IDkgMCBSCi9GMTUwIDE1MCAwIFIKPj4KL1hPYmplY3QgPDwKPj4KPj4KZW5kb2JqCjg4OSAwIG9i agpbIDg2MiAwIFIgODYzIDAgUiA4NjQgMCBSIDg2NSAwIFIgODY2IDAgUiA4NjcgMCBSIDg2OCAw IFIgODY5IDAgUiA4NzAgMCBSIDg3MSAwIFIgODcyIDAgUiA4NzMgMCBSIDg3NCAwIFIgODc1IDAg UiA4NzYgMCBSIDg3NyAwIFIgODc4IDAgUiA4NzkgMCBSIDg4MCAwIFIgODgxIDAgUiA4ODIgMCBS IDg4MyAwIFIgODg0IDAgUiA4ODUgMCBSIF0KZW5kb2JqCjg4NiAwIG9iago8PAovTGVuZ3RoIDg4 NyAwIFIKL0ZpbHRlciAvRmxhdGVEZWNvZGUKPj4Kc3RyZWFtCnic7V1Lj9y4Eb73r9A5gMd8SwKC AJ6xHSCHAAMbyGGRQ+DNJlj0LDLZQ/5+9OCoyfpElaShutUzPYbXPVyJLNbzY7HI/vjnb/8o/vV7 8fHh23+KH/7fh28HcSds3f8UovnzIWxQ1Z1Wov0pKqnvXNm1/ng6PBfPh8fDY/Pf54N03Yv+n+Z/ vgwhuj+///jt8LEf/NC3fHv4a/Ppf4Uq/tL8/bX46e9N48++v/aBp0NVu4YOIaRufj2Gv0pVO3dn ms9Nu6C/tg//+/C3PxS/tYSpu6ojXvYEhr9+sE4IK++UqF5F8vPp1TsndK2kdVXyc9ix1p4eU8iy YXT7UTVT18Y2bzQ/tmk3ontGtTxw0nQTVbRdlc00+vahn2Oi/5Y9vwQ019r/JD9HNIe0Wd197mgO x+rlgbRF7cFchn6Oif4pzZn4nKA5RUNKLlvweVzWT3H7LD6P60ZKl2Kae2tpjT/1OaR5kb05Wxgj KlPY5m8jsP/+sxn5MYeMrVV1J6cqtiVrjer4UsXzJ+0Dv4J+jon+s9mSbX7aYXuaw7FcLzOgLWoP 5jL0c0z0n82WYj4naE7RkJLLFnwel/VT3D6Lz+O6kdKl89qSqkTR/q50RlsqjevmI2VsS6UpO1lK Gc+ftA/8Cvo5JvrPZkulqTqZ9TQHY1nRcRtoi9uDuQz9HBP9Z7OlmM8JmlM0pOSyBZ/HZR3Z0kw+ j+tGSpfOa0tGy/y2VOu6n4+ObaluwmAnSxPPn7QP/Ar6OSb6z2ZLtVG9zEysl7XRHS4C2uL2YC5D P8dE/9lsKeZzguYUDSm5bMHncVk/xe2z+DyuGyldOq8t2UoVRjehMactSVk2A3ejxuulBuSaTpgE 48btJ0x86ueY6D/fekmWuuyERtYezSJDvCxgY9rC9nAuL/0cE/3nWy9FfE7QnKIhJZct+Dwu6yfS PofP47qR0qXz2lLpdKGb9ZJBU3rJ2NSQv1g2jGl613VDqaoKaV/GeVyXTJHdn5CYviWRTHmeePH+ ++HjV1dIUXz/pegp+ND/872n+kNDdgMVvv9c/LEl6k/F918Pbe7IN6iuoTw16K6hOjUY+kTfx5fv fv7b8NrIurxCXpt29KvjtTbVNfJa2/r6eG267PHV8dpKcX28dtU1+mvj6q389cps/vPEi5MTUnUb f9rw3NNielrsibiSTFBXXYM5NTg6QUeeEF9JHxKYVJNhlaaj0GHFPelDPtBOP3OjyE/kCRhFfaWj UOn5VzrpvVYMpX0ZFiZHOYaz/UQnB0ymTxi1gPSG8HHapXaxDnmOaCoIdyJNkgZvJMETFVUIMDRD GvxsajpfvaAP+YXq8gOl9AvREFnTJ0CH2GHVAx12OelAKTAZKV1OB74C3gxE+Zm6FKoOM3jKahDP IO+nOm2nYax1qxLdqm7sstVsc2fbNVDr/0XYcDx8mxUZx4ab9uITnU06Ek0dOsQj8HnoJ4CVNIR5 +dRUPktcLYwCnhXiiC7ZPnIQRn0v+E2MZ/e0U/DOdFjoA4et2Nk6aiYQAygd3sFJORFZSspDliHe +E5PGBq+gXbNqmGOCDcDntHJwVxwlCDiz3QkbYxs47t7cSSylGFD60jO5yReIvYAN7SiBg5OnApD i3E2bYpi0xikYWcMoEDfSqoaEPsh6NCwhCFW0Sdo7PfeBbCwSsdL7IOOgp1CRAXYUnKjeMtw6VGU oH1QjsEr6KFgtizAwlcALgA/KGEK+gB0IGinhmIhHrZYTsdA+oiEQS3vWQZRwhQVJc9TwNvQoCVV Bx5xwUKAaiG/EEAWgplSBqGwWeDrpb/EpZuyjF16mzciLn1f2LClOHKSEAxNSXX+kk69Zei0U/dy XCI2K2wsNqvcvsXWUhyxwbuZIBbTDIx0FxRby9AYXVDP4WFalpTJkIm7Za6Iez5n5qoSOkUYrnxg LpRSmMvIqgVY9oX4+LzJrUHN+AyRx85STLSswDQagBI0QNinTwCCm5GaosJZkZpakXlRplsf1erk pqOG/bnpluJIU1Q9HkzLdAN49k0SHKkF7aJsBTW3TTIeM9IIkvADGZTYbpniKZ0czhYkB4AaLPw9 ivJSCISa4i0bEDdcJhuAAQqGhdnSxZ1cgh25sB7AFgzRIF66j4Hz41eit7RDzNMt0g7KUjpgWEhL AaVgIfxGIDyx19SFNm3qohLDtpZ2ddiwP3DVUhzZ685TFy1DI3pzpC50aYnYardzsZWWuNl9py5a hkb0bpm6qORLcdwtdUFc/FlTF1rOppTfgeSxM+YyEDzDri0MQ91J1mzHSTMx6QCFGID6IGLxuQ4a 9BEXQgTPUHUjwOyWpzag6AhQojfuwMOVFPMDwmPh2nmqoXKUFEFyjy8pwhQbv220XPpryoFMF2+V OJUDybBhhwHYEIO+nlIevnAphzfmE0o5vDMyCAiDvA08QftQjqMD81ggW7a0CUECSxhm3NhEH2bL gA6W63zxU46UpKf0MvjU9TnmkzmnEluZcMAAjW7ZMDK5HNkwdpQZpTAwF2AQJrZYCIdoi0IWPvVl 5iYubqmvVMOt4oZU3NguS6WHPUFTybBhf/CrpTheYu47bdUyNKJ30/yHKV+YQBdiUlCUCglbijEU 5ayicFHRilVF0VDeRfQwvVvJwBlLBipTDenRUoUN+3MPvmTgpCnXc1hDQKXCisMa0AesRgCOA4KH J2DNAynLMxy3TGeYG52MRL5iaxqOXMGGl4LsMPRBcYGqaAPUUH9a7AkELFF5aAV4DdJlOfAJ0JED n9QqdkBWmn07oJbiaQe0L3zSMjSid1N8kj4UDedlVCJlOZUUoX4atnQ01VrAOHkBy+nMICTGASaw iwYDEA4WHmDp7EHRGXsL4OjAFbJHSXE7gl2H4loeUhmwEAOEtw0qcl3O+nSE1TgbNuzPKbUUx+qY ARWBxWLCla2LW5EJ5pO2iL2Wp4b5k5J8Nhm3eoF0ei50RgaWT+suP/UKXjAFPS+0hnY2Vt8VCA+1 FRJOkG9MFKCGa0r+MB74teVYa0Ym8NOIeO76y9pFd+3Y+OfYHfHPz3BRywbtBF+3t9WMuq3uJi+l Yq0M9vkV3VqCBly7QXmzo69QkXlDBuwfCBUoE5DOhXdmdEL9g0fdNajk1GIVWALBGF4BllBa/Vnz 8PgIoJPPtMGOI7pgNvSyDLyzxLDjQq+INehsJOzsP3B9jDAeeESvMEABIxtHJkiJ8zkocHZ4uCcA QnAcndUKYGxYIbRlDNDjBeidL7AEUMPJj0APoFoL4iDwDZ4Ay4BEDxgTxGOwA1q+gnTc0ye+jOPn YLlEU7E4fTg8A5NjGSTAMdDFLCrabA8FSHLKQ8FkKKk+FQ02PSFLzJ7R2QGHJMVnHmdg1Ts4qCnp wmSAMip/6GOOgxLjDqpOMxGnB6RpWOqyZoZ3qvAaQbmqgUVBOfB6v2MqFzueFWaETgMEnrj+ZooB y/3MDAcIFQasnqGPAErBM+sckvERwVVJOUDCCJ7I4ZtmcJVXGeA7KATQsdwlzuh0hTAzhFnUdj7u Jmqxp2YLfYBnzhfMX6ncqqbazYYiXroQm9fb7hR4AY6AD2Gd+SaoCl8BlckiO3+7RCC7xFrwteM0 zfE4PCZmpZcFAqBOQMqYd9YgLUMBHe/flpxp4AJNtQABXI87B4XgceSMZcKZLE2WLhaN3yIJM3TA Ez4sAPWswFHhN+kUwiR4Vl4l5sKXV4pG1yURDZymyoPPvbMdxlkRwvhl/wz5wigQ0wA5swvSNebK GydPGB8lQItgBQe6uhyOQUzAhoeMDr5OryRgJZXBvDdx8OgAARRAtIYchoJ89zYAxl8xeWK8L3Pb 4RIuh9HMyOot90yb5M62WSjyXoVPavFBk81P8OBshlOF2e5lzb/0Lo+0QzRCOd+rhlwquDveDNej xMzr000kAzp0lnzdDH7wS+vlSUA+MK9ZvfEZjuW4ZLZ+0F2taO/aDJ/JTlfiqTm7XzMG6I3UJiG2 ssRM6QYrZoB4/wkgDArzKDqAJ/g+UqcR4JXLbDaarlwx4GymtYrWcbfX44pmOAl2izK5I/VKtjrh iLRyBkE73Ll6C4K3IPhGg2CWDAhvDiMGssLzXK/q6kUbn8nA7/roVJNvAgxmQxsMhFdaXQ+lV/5s StAp9MEOm6NBw6IQJkcBiaKvQOU8VoNSHTL05LTKKTspzWwGWIrqNCXtnckOslOAcsHd5xiWXYxr yF6BGLagFIZVUBF5ZuVW8x3TDOXeq6e6lGO62cO12YOZ7+xhCQ8GAkt4LJqGmkzKAEUZAKNAH2h1 gHZAVEDYFpbLmyECRhgFlJvVVMy1gJYBPoQiCLohACfrMLUCk4NOgXRqD7gaAkOFTkHp+CUWSA62 PxLJ69eNwnaKswXJQadU2DO8EOvIwW8ruKxnE0cOvg6GBdu3J2/4xk4XGXW6x48/w4MnX5ef8tFQ dQ6l/Jb2kbj5CNzkxGkODcep4a4TWvkFlL6bcyZGWWJhK2rqrnBHoazjyWNWHoJtIn055V2ph9bg 1cAiznSD9XiVgpVEJcDGL1R5PrsA8i3Vpr+2Lq2qYmlmzcmpevgiQBa4nse40DsljGsK/pxntUxh x5ZJyzeJZXRJpj15HjkBlK8Ry4AepM6PgBnAyf0Jd/uO8ZARw3WL7w8PnSZ/ITwEt7hip+DD2RIM P+yFMFWliVrdMNX1YiqjRCzNrJjKmKGuY6+YaksDvWGqBU4/P6Zqv/hwNqZCVmXAVDxSSeXmJ+4z wVtwWAiFGSS4nAVKBdnbeN4xprJ2uNfo/WGqYPJ8sShkrGEngTZgfSnroTELBbiMWjfQcdGiVY+p As7eMNXVY6opaYLh8Bufec6daxOTlhXu2Xq4OZfPMu3Ed6B7Xu07XgX3dssPxNRQpAE4lOUHXqQM F8yBRdBRFPvK++KpWPRlR4wpO6mS47xvNvOmDNUBqO275djqkpRMaqfeQATJUtezXO0svEI7hSdW VKlgQRrUF0FpFH0C6s9W0AGZDChZg/iQyoa8yeRHKdJX72LyA9idY0MpcUcGaP2SK4DfcdKh1Asu UH1rSYfT5NEh87WZ+1rsSzKj22KfjnJFi31tiHGGK+qLfZVEIi9RxZfO+W9yCW7Gxju4EteJo3sN 8tH0qKTXmsDPC9KQ+OqWtTPVUpAbrOhMR27Cw2+iL8djXnhDj6YvabwonF78DgzLPHtLj8DnkTNK kZ6q9gAraKCakHmm/VWbQUWYotPA6+FhKwS+kOErFfv9OFwIGiTFD3Ba2NEnoA/6hLB5bUKZeKf3 xiuOV6c06W54NZcT5+OVoVtie+EVeCPghBJZOaGciKHAXjjBa01422rzp3hu+CFdNzH/z4+ntUj5 sXg8/B+EF1fGZW5kc3RyZWFtCmVuZG9iago4ODcgMCBvYmoKNDAxOQplbmRvYmoKODkxIDAgb2Jq Cls0NCAvWFlaIDQ3LjUxOTk5OTkgIAoyMzcuNjc5OTk5ICAwXQplbmRvYmoKODkyIDAgb2JqCls0 NCAvWFlaIDQ3LjUxOTk5OTkgIAo0OTMuMDM5OTk5ICAwXQplbmRvYmoKODkzIDAgb2JqCls0NCAv WFlaIDQ3LjUxOTk5OTkgIAo3NzguMTU5OTk5ICAwXQplbmRvYmoKODk0IDAgb2JqCls0NCAvWFla IDQ3LjUxOTk5OTkgIAo2NTAuNDc5OTk5ICAwXQplbmRvYmoKODk1IDAgb2JqCls0NCAvWFlaIDQ3 LjUxOTk5OTkgIAoxMTAuOTU5OTk5ICAwXQplbmRvYmoKODk2IDAgb2JqCls0NCAvWFlaIDQ3LjUx OTk5OTkgIAozNjUuMzU5OTk5ICAwXQplbmRvYmoKODk3IDAgb2JqCls0NCAvWFlaIDQ3LjUxOTk5 OTkgIAo1MjIuNzk5OTk5ICAwXQplbmRvYmoKODk4IDAgb2JqCls0NCAvWFlaIDQ3LjUxOTk5OTkg IAozOTUuMTE5OTk5ICAwXQplbmRvYmoKODk5IDAgb2JqCls0NCAvWFlaIDQ3LjUxOTk5OTkgIAoy NjguMzk5OTk5ICAwXQplbmRvYmoKOTAwIDAgb2JqCls0NCAvWFlaIDQ3LjUxOTk5OTkgIAoxNDAu NzE5OTk5ICAwXQplbmRvYmoKOTAxIDAgb2JqCls0NCAvWFlaIDQ3LjUxOTk5OTkgIAo3NDguMzk5 OTk5ICAwXQplbmRvYmoKOTAyIDAgb2JqCls0NCAvWFlaIDQ3LjUxOTk5OTkgIAo2MjAuNzE5OTk5 ICAwXQplbmRvYmoKOTAzIDAgb2JqCjw8Ci9UeXBlIC9Bbm5vdAovU3VidHlwZSAvTGluawovUmVj dCBbNTIyLjcyMDAwMCAgNzQ0LjU1OTk5OSAgNTQzLjg0MDAwMCAgNzUyLjIzOTk5OSBdCi9Cb3Jk ZXIgWzAgMCAwXQovRGVzdCAvZmlsZSMzYSMyZiMyZiMyZnZhciMyZnRtcCMyZkNHSXRlbXA1MDcy OS5kaXIjMmZkcmFmdCMyZGlldGYjMmRvYXV0aCMyZHYyLmh0bWwuaHRtbCMyM3RvYwo+PgplbmRv YmoKOTA0IDAgb2JqCjw8Ci9UeXBlIC9Bbm5vdAovU3VidHlwZSAvTGluawovUmVjdCBbMjI4ICA3 MTAuOTU5OTk5ICAzMDAuOTU5OTk5ICA3MjEuNTE5OTk5IF0KL0JvcmRlciBbMCAwIDBdCi9EZXN0 IC9maWxlIzNhIzJmIzJmIzJmdmFyIzJmdG1wIzJmQ0dJdGVtcDUwNzI5LmRpciMyZmRyYWZ0IzJk aWV0ZiMyZG9hdXRoIzJkdjIuaHRtbC5odG1sIzIzY29kZSMyZGF1dGh6IzJkcmVxCj4+CmVuZG9i ago5MDUgMCBvYmoKPDwKL1R5cGUgL0Fubm90Ci9TdWJ0eXBlIC9MaW5rCi9SZWN0IFszMDcuNjgw MDAwICA3MTAuOTU5OTk5ICAzODAuNjM5OTk5ICA3MjEuNTE5OTk5IF0KL0JvcmRlciBbMCAwIDBd Ci9EZXN0IC9maWxlIzNhIzJmIzJmIzJmdmFyIzJmdG1wIzJmQ0dJdGVtcDUwNzI5LmRpciMyZmRy YWZ0IzJkaWV0ZiMyZG9hdXRoIzJkdjIuaHRtbC5odG1sIzIzY29kZSMyZGF1dGh6IzJkcmVzcAo+ PgplbmRvYmoKOTA2IDAgb2JqCjw8Ci9UeXBlIC9Bbm5vdAovU3VidHlwZSAvTGluawovUmVjdCBb Mzg3LjM2MDAwMCAgNzEwLjk1OTk5OSAgNDcxLjg0MDAwMCAgNzIxLjUxOTk5OSBdCi9Cb3JkZXIg WzAgMCAwXQovRGVzdCAvZmlsZSMzYSMyZiMyZiMyZnZhciMyZnRtcCMyZkNHSXRlbXA1MDcyOS5k aXIjMmZkcmFmdCMyZGlldGYjMmRvYXV0aCMyZHYyLmh0bWwuaHRtbCMyM2NvZGUjMmRhdXRoeiMy ZGVycm9yCj4+CmVuZG9iago5MDcgMCBvYmoKPDwKL1R5cGUgL0Fubm90Ci9TdWJ0eXBlIC9MaW5r Ci9SZWN0IFs2Ny42Nzk5OTk5ICA2OTkuNDM5OTk5ICAxNDAuNjM5OTk5ICA3MDkuOTk5OTk5IF0K L0JvcmRlciBbMCAwIDBdCi9EZXN0IC9maWxlIzNhIzJmIzJmIzJmdmFyIzJmdG1wIzJmQ0dJdGVt cDUwNzI5LmRpciMyZmRyYWZ0IzJkaWV0ZiMyZG9hdXRoIzJkdjIuaHRtbC5odG1sIzIzaW1wbGlj aXQjMmRhdXRoeiMyZHJlcQo+PgplbmRvYmoKOTA4IDAgb2JqCjw8Ci9UeXBlIC9Bbm5vdAovU3Vi dHlwZSAvTGluawovUmVjdCBbMTQ3LjM1OTk5OSAgNjk5LjQzOTk5OSAgMjIwLjMxOTk5OSAgNzA5 Ljk5OTk5OSBdCi9Cb3JkZXIgWzAgMCAwXQovRGVzdCAvZmlsZSMzYSMyZiMyZiMyZnZhciMyZnRt cCMyZkNHSXRlbXA1MDcyOS5kaXIjMmZkcmFmdCMyZGlldGYjMmRvYXV0aCMyZHYyLmh0bWwuaHRt bCMyM2ltcGxpY2l0IzJkYXV0aHojMmRyZXNwCj4+CmVuZG9iago5MDkgMCBvYmoKPDwKL1R5cGUg L0Fubm90Ci9TdWJ0eXBlIC9MaW5rCi9SZWN0IFsyNDkuMTIwMDAwICA2OTkuNDM5OTk5ICAzMzMu NjAwMDAwICA3MDkuOTk5OTk5IF0KL0JvcmRlciBbMCAwIDBdCi9EZXN0IC9maWxlIzNhIzJmIzJm IzJmdmFyIzJmdG1wIzJmQ0dJdGVtcDUwNzI5LmRpciMyZmRyYWZ0IzJkaWV0ZiMyZG9hdXRoIzJk djIuaHRtbC5odG1sIzIzaW1wbGljaXQjMmRhdXRoeiMyZGVycm9yCj4+CmVuZG9iago5MTAgMCBv YmoKPDwKL1R5cGUgL0Fubm90Ci9TdWJ0eXBlIC9MaW5rCi9SZWN0IFs1MjIuNzIwMDAwICA2MTYu ODc5OTk5ICA1NDMuODQwMDAwICA2MjQuNTU5OTk5IF0KL0JvcmRlciBbMCAwIDBdCi9EZXN0IC9m aWxlIzNhIzJmIzJmIzJmdmFyIzJmdG1wIzJmQ0dJdGVtcDUwNzI5LmRpciMyZmRyYWZ0IzJkaWV0 ZiMyZG9hdXRoIzJkdjIuaHRtbC5odG1sIzIzdG9jCj4+CmVuZG9iago5MTEgMCBvYmoKPDwKL1R5 cGUgL0Fubm90Ci9TdWJ0eXBlIC9MaW5rCi9SZWN0IFsyNzAuMjQwMDAwICA1ODQuMjQwMDAwICAz NDMuMTk5OTk5ICA1OTQuNzk5OTk5IF0KL0JvcmRlciBbMCAwIDBdCi9EZXN0IC9maWxlIzNhIzJm IzJmIzJmdmFyIzJmdG1wIzJmQ0dJdGVtcDUwNzI5LmRpciMyZmRyYWZ0IzJkaWV0ZiMyZG9hdXRo IzJkdjIuaHRtbC5odG1sIzIzY29kZSMyZGF1dGh6IzJkcmVxCj4+CmVuZG9iago5MTIgMCBvYmoK PDwKL1R5cGUgL0Fubm90Ci9TdWJ0eXBlIC9MaW5rCi9SZWN0IFszNTAuODc5OTk5ICA1ODQuMjQw MDAwICA0MjMuODM5OTk5ICA1OTQuNzk5OTk5IF0KL0JvcmRlciBbMCAwIDBdCi9EZXN0IC9maWxl IzNhIzJmIzJmIzJmdmFyIzJmdG1wIzJmQ0dJdGVtcDUwNzI5LmRpciMyZmRyYWZ0IzJkaWV0ZiMy ZG9hdXRoIzJkdjIuaHRtbC5odG1sIzIzdG9rZW4jMmRyZXEKPj4KZW5kb2JqCjkxMyAwIG9iago8 PAovVHlwZSAvQW5ub3QKL1N1YnR5cGUgL0xpbmsKL1JlY3QgWzY3LjY3OTk5OTkgIDU3MS43NTk5 OTkgIDE0MC42Mzk5OTkgIDU4Mi4zMTk5OTkgXQovQm9yZGVyIFswIDAgMF0KL0Rlc3QgL2ZpbGUj M2EjMmYjMmYjMmZ2YXIjMmZ0bXAjMmZDR0l0ZW1wNTA3MjkuZGlyIzJmZHJhZnQjMmRpZXRmIzJk b2F1dGgjMmR2Mi5odG1sLmh0bWwjMjNpbXBsaWNpdCMyZGF1dGh6IzJkcmVxCj4+CmVuZG9iago5 MTQgMCBvYmoKPDwKL1R5cGUgL0Fubm90Ci9TdWJ0eXBlIC9MaW5rCi9SZWN0IFs1MjIuNzIwMDAw ICA0ODkuMTk5OTk5ICA1NDMuODQwMDAwICA0OTYuODc5OTk5IF0KL0JvcmRlciBbMCAwIDBdCi9E ZXN0IC9maWxlIzNhIzJmIzJmIzJmdmFyIzJmdG1wIzJmQ0dJdGVtcDUwNzI5LmRpciMyZmRyYWZ0 IzJkaWV0ZiMyZG9hdXRoIzJkdjIuaHRtbC5odG1sIzIzdG9jCj4+CmVuZG9iago5MTUgMCBvYmoK PDwKL1R5cGUgL0Fubm90Ci9TdWJ0eXBlIC9MaW5rCi9SZWN0IFsyMjggIDQ1Ni41NTk5OTkgIDMx Mi40ODAwMDAgIDQ2Ny4xMTk5OTkgXQovQm9yZGVyIFswIDAgMF0KL0Rlc3QgL2ZpbGUjM2EjMmYj MmYjMmZ2YXIjMmZ0bXAjMmZDR0l0ZW1wNTA3MjkuZGlyIzJmZHJhZnQjMmRpZXRmIzJkb2F1dGgj MmR2Mi5odG1sLmh0bWwjMjNjb2RlIzJkYXV0aHojMmRlcnJvcgo+PgplbmRvYmoKOTE2IDAgb2Jq Cjw8Ci9UeXBlIC9Bbm5vdAovU3VidHlwZSAvTGluawovUmVjdCBbMzE4LjI0MDAwMCAgNDU2LjU1 OTk5OSAgNDAyLjcyMDAwMCAgNDY3LjExOTk5OSBdCi9Cb3JkZXIgWzAgMCAwXQovRGVzdCAvZmls ZSMzYSMyZiMyZiMyZnZhciMyZnRtcCMyZkNHSXRlbXA1MDcyOS5kaXIjMmZkcmFmdCMyZGlldGYj MmRvYXV0aCMyZHYyLmh0bWwuaHRtbCMyM2ltcGxpY2l0IzJkYXV0aHojMmRlcnJvcgo+PgplbmRv YmoKOTE3IDAgb2JqCjw8Ci9UeXBlIC9Bbm5vdAovU3VidHlwZSAvTGluawovUmVjdCBbNDA4LjQ3 OTk5OSAgNDU2LjU1OTk5OSAgNDcwLjg3OTk5OSAgNDY3LjExOTk5OSBdCi9Cb3JkZXIgWzAgMCAw XQovRGVzdCAvZmlsZSMzYSMyZiMyZiMyZnZhciMyZnRtcCMyZkNHSXRlbXA1MDcyOS5kaXIjMmZk cmFmdCMyZGlldGYjMmRvYXV0aCMyZHYyLmh0bWwuaHRtbCMyM3Rva2VuIzJkZXJyb3JzCj4+CmVu ZG9iago5MTggMCBvYmoKPDwKL1R5cGUgL0Fubm90Ci9TdWJ0eXBlIC9MaW5rCi9SZWN0IFs2Ny42 Nzk5OTk5ICA0NDQuMDc5OTk5ICAxMzAuMDc5OTk5ICA0NTQuNjM5OTk5IF0KL0JvcmRlciBbMCAw IDBdCi9EZXN0IC9maWxlIzNhIzJmIzJmIzJmdmFyIzJmdG1wIzJmQ0dJdGVtcDUwNzI5LmRpciMy ZmRyYWZ0IzJkaWV0ZiMyZG9hdXRoIzJkdjIuaHRtbC5odG1sIzIzcmVzb3VyY2UjMmRlcnJvcnMK Pj4KZW5kb2JqCjkxOSAwIG9iago8PAovVHlwZSAvQW5ub3QKL1N1YnR5cGUgL0xpbmsKL1JlY3Qg WzE1OC44Nzk5OTkgIDQ0NC4wNzk5OTkgIDIyMS4yODAwMDAgIDQ1NC42Mzk5OTkgXQovQm9yZGVy IFswIDAgMF0KL0Rlc3QgL2ZpbGUjM2EjMmYjMmYjMmZ2YXIjMmZ0bXAjMmZDR0l0ZW1wNTA3Mjku ZGlyIzJmZHJhZnQjMmRpZXRmIzJkb2F1dGgjMmR2Mi5odG1sLmh0bWwjMjNuZXcjMmRlcnJvcnMK Pj4KZW5kb2JqCjkyMCAwIG9iago8PAovVHlwZSAvQW5ub3QKL1N1YnR5cGUgL0xpbmsKL1JlY3Qg WzUyMi43MjAwMDAgIDM2MS41MTk5OTkgIDU0My44NDAwMDAgIDM2OS4xOTk5OTkgXQovQm9yZGVy IFswIDAgMF0KL0Rlc3QgL2ZpbGUjM2EjMmYjMmYjMmZ2YXIjMmZ0bXAjMmZDR0l0ZW1wNTA3Mjku ZGlyIzJmZHJhZnQjMmRpZXRmIzJkb2F1dGgjMmR2Mi5odG1sLmh0bWwjMjN0b2MKPj4KZW5kb2Jq CjkyMSAwIG9iago8PAovVHlwZSAvQW5ub3QKL1N1YnR5cGUgL0xpbmsKL1JlY3QgWzMwMC45NTk5 OTkgIDMyOC44Nzk5OTkgIDM4NS40Mzk5OTkgIDMzOS40Mzk5OTkgXQovQm9yZGVyIFswIDAgMF0K L0Rlc3QgL2ZpbGUjM2EjMmYjMmYjMmZ2YXIjMmZ0bXAjMmZDR0l0ZW1wNTA3MjkuZGlyIzJmZHJh ZnQjMmRpZXRmIzJkb2F1dGgjMmR2Mi5odG1sLmh0bWwjMjNjb2RlIzJkYXV0aHojMmRlcnJvcgo+ PgplbmRvYmoKOTIyIDAgb2JqCjw8Ci9UeXBlIC9Bbm5vdAovU3VidHlwZSAvTGluawovUmVjdCBb MzkyLjE1OTk5OSAgMzI4Ljg3OTk5OSAgNDc2LjYzOTk5OSAgMzM5LjQzOTk5OSBdCi9Cb3JkZXIg WzAgMCAwXQovRGVzdCAvZmlsZSMzYSMyZiMyZiMyZnZhciMyZnRtcCMyZkNHSXRlbXA1MDcyOS5k aXIjMmZkcmFmdCMyZGlldGYjMmRvYXV0aCMyZHYyLmh0bWwuaHRtbCMyM2ltcGxpY2l0IzJkYXV0 aHojMmRlcnJvcgo+PgplbmRvYmoKOTIzIDAgb2JqCjw8Ci9UeXBlIC9Bbm5vdAovU3VidHlwZSAv TGluawovUmVjdCBbNjcuNjc5OTk5OSAgMzE2LjM5OTk5OSAgMTMwLjA3OTk5OSAgMzI2Ljk1OTk5 OSBdCi9Cb3JkZXIgWzAgMCAwXQovRGVzdCAvZmlsZSMzYSMyZiMyZiMyZnZhciMyZnRtcCMyZkNH SXRlbXA1MDcyOS5kaXIjMmZkcmFmdCMyZGlldGYjMmRvYXV0aCMyZHYyLmh0bWwuaHRtbCMyM3Rv a2VuIzJkZXJyb3JzCj4+CmVuZG9iago5MjQgMCBvYmoKPDwKL1R5cGUgL0Fubm90Ci9TdWJ0eXBl IC9MaW5rCi9SZWN0IFsxNTguODc5OTk5ICAzMTYuMzk5OTk5ICAyMjEuMjgwMDAwICAzMjYuOTU5 OTk5IF0KL0JvcmRlciBbMCAwIDBdCi9EZXN0IC9maWxlIzNhIzJmIzJmIzJmdmFyIzJmdG1wIzJm Q0dJdGVtcDUwNzI5LmRpciMyZmRyYWZ0IzJkaWV0ZiMyZG9hdXRoIzJkdjIuaHRtbC5odG1sIzIz cmVzb3VyY2UjMmRlcnJvcnMKPj4KZW5kb2JqCjkyNSAwIG9iago8PAovVHlwZSAvQW5ub3QKL1N1 YnR5cGUgL0xpbmsKL1JlY3QgWzUyMi43MjAwMDAgIDIzMy44Mzk5OTkgIDU0My44NDAwMDAgIDI0 MS41MTk5OTkgXQovQm9yZGVyIFswIDAgMF0KL0Rlc3QgL2ZpbGUjM2EjMmYjMmYjMmZ2YXIjMmZ0 bXAjMmZDR0l0ZW1wNTA3MjkuZGlyIzJmZHJhZnQjMmRpZXRmIzJkb2F1dGgjMmR2Mi5odG1sLmh0 bWwjMjN0b2MKPj4KZW5kb2JqCjkyNiAwIG9iago8PAovVHlwZSAvQW5ub3QKL1N1YnR5cGUgL0xp bmsKL1JlY3QgWzI1MiAgMjAxLjE5OTk5OSAgMzM2LjQ4MDAwMCAgMjExLjc1OTk5OSBdCi9Cb3Jk ZXIgWzAgMCAwXQovRGVzdCAvZmlsZSMzYSMyZiMyZiMyZnZhciMyZnRtcCMyZkNHSXRlbXA1MDcy OS5kaXIjMmZkcmFmdCMyZGlldGYjMmRvYXV0aCMyZHYyLmh0bWwuaHRtbCMyM2NvZGUjMmRhdXRo eiMyZGVycm9yCj4+CmVuZG9iago5MjcgMCBvYmoKPDwKL1R5cGUgL0Fubm90Ci9TdWJ0eXBlIC9M aW5rCi9SZWN0IFszNDMuMTk5OTk5ICAyMDEuMTk5OTk5ICA0MjcuNjc5OTk5ICAyMTEuNzU5OTk5 IF0KL0JvcmRlciBbMCAwIDBdCi9EZXN0IC9maWxlIzNhIzJmIzJmIzJmdmFyIzJmdG1wIzJmQ0dJ dGVtcDUwNzI5LmRpciMyZmRyYWZ0IzJkaWV0ZiMyZG9hdXRoIzJkdjIuaHRtbC5odG1sIzIzaW1w bGljaXQjMmRhdXRoeiMyZGVycm9yCj4+CmVuZG9iago5MjggMCBvYmoKPDwKL1R5cGUgL0Fubm90 Ci9TdWJ0eXBlIC9MaW5rCi9SZWN0IFs0MzMuNDM5OTk5ICAyMDEuMTk5OTk5ICA0OTUuODM5OTk5 ICAyMTEuNzU5OTk5IF0KL0JvcmRlciBbMCAwIDBdCi9EZXN0IC9maWxlIzNhIzJmIzJmIzJmdmFy IzJmdG1wIzJmQ0dJdGVtcDUwNzI5LmRpciMyZmRyYWZ0IzJkaWV0ZiMyZG9hdXRoIzJkdjIuaHRt bC5odG1sIzIzdG9rZW4jMmRlcnJvcnMKPj4KZW5kb2JqCjkyOSAwIG9iago8PAovVHlwZSAvQW5u b3QKL1N1YnR5cGUgL0xpbmsKL1JlY3QgWzY3LjY3OTk5OTkgIDE4OC43MTk5OTkgIDEzMC4wNzk5 OTkgIDE5OS4yNzk5OTkgXQovQm9yZGVyIFswIDAgMF0KL0Rlc3QgL2ZpbGUjM2EjMmYjMmYjMmZ2 YXIjMmZ0bXAjMmZDR0l0ZW1wNTA3MjkuZGlyIzJmZHJhZnQjMmRpZXRmIzJkb2F1dGgjMmR2Mi5o dG1sLmh0bWwjMjNyZXNvdXJjZSMyZGVycm9ycwo+PgplbmRvYmoKOTMwIDAgb2JqCjw8Ci9UeXBl IC9Bbm5vdAovU3VidHlwZSAvTGluawovUmVjdCBbNTIyLjcyMDAwMCAgMTA3LjExOTk5OSAgNTQz Ljg0MDAwMCAgMTE0Ljc5OTk5OSBdCi9Cb3JkZXIgWzAgMCAwXQovRGVzdCAvZmlsZSMzYSMyZiMy ZiMyZnZhciMyZnRtcCMyZkNHSXRlbXA1MDcyOS5kaXIjMmZkcmFmdCMyZGlldGYjMmRvYXV0aCMy ZHYyLmh0bWwuaHRtbCMyM3RvYwo+PgplbmRvYmoKOTMxIDAgb2JqCjw8Ci9UeXBlIC9Bbm5vdAov U3VidHlwZSAvTGluawovUmVjdCBbMjU4LjcxOTk5OSAgNzMuNTE5OTk5OSAgMzMxLjY3OTk5OSAg ODQuMDc5OTk5OSBdCi9Cb3JkZXIgWzAgMCAwXQovRGVzdCAvZmlsZSMzYSMyZiMyZiMyZnZhciMy ZnRtcCMyZkNHSXRlbXA1MDcyOS5kaXIjMmZkcmFmdCMyZGlldGYjMmRvYXV0aCMyZHYyLmh0bWwu aHRtbCMyM3Rva2VuIzJkcmVxCj4+CmVuZG9iago5MzIgMCBvYmoKPDwKL1R5cGUgL0Fubm90Ci9T dWJ0eXBlIC9MaW5rCi9SZWN0IFszMzguMzk5OTk5ICA3My41MTk5OTk5ICA0MTEuMzU5OTk5ICA4 NC4wNzk5OTk5IF0KL0JvcmRlciBbMCAwIDBdCi9EZXN0IC9maWxlIzNhIzJmIzJmIzJmdmFyIzJm dG1wIzJmQ0dJdGVtcDUwNzI5LmRpciMyZmRyYWZ0IzJkaWV0ZiMyZG9hdXRoIzJkdjIuaHRtbC5o dG1sIzIzcGFzc3dvcmQjMmR0b2sjMmRyZXEKPj4KZW5kb2JqCjkzMyAwIG9iago8PAovVHlwZSAv QW5ub3QKL1N1YnR5cGUgL0xpbmsKL1JlY3QgWzQxOC4wNzk5OTkgIDczLjUxOTk5OTkgIDQ5MS4w Mzk5OTkgIDg0LjA3OTk5OTkgXQovQm9yZGVyIFswIDAgMF0KL0Rlc3QgL2ZpbGUjM2EjMmYjMmYj MmZ2YXIjMmZ0bXAjMmZDR0l0ZW1wNTA3MjkuZGlyIzJmZHJhZnQjMmRpZXRmIzJkb2F1dGgjMmR2 Mi5odG1sLmh0bWwjMjNjbGllbnQjMmRyZXEKPj4KZW5kb2JqCjkzNCAwIG9iago8PAovVHlwZSAv QW5ub3QKL1N1YnR5cGUgL0xpbmsKL1JlY3QgWzY3LjY3OTk5OTkgIDYxLjk5OTk5OTkgIDExOS41 MTk5OTkgIDcyLjU1OTk5OTkgXQovQm9yZGVyIFswIDAgMF0KL0Rlc3QgL2ZpbGUjM2EjMmYjMmYj MmZ2YXIjMmZ0bXAjMmZDR0l0ZW1wNTA3MjkuZGlyIzJmZHJhZnQjMmRpZXRmIzJkb2F1dGgjMmR2 Mi5odG1sLmh0bWwjMjN0b2tlbiMyZHJlZnJlc2gKPj4KZW5kb2JqCjkzNSAwIG9iago8PAovVHlw ZSAvQW5ub3QKL1N1YnR5cGUgL0xpbmsKL1JlY3QgWzE0Ny4zNTk5OTkgIDYxLjk5OTk5OTkgIDIw OS43NTk5OTkgIDcyLjU1OTk5OTkgXQovQm9yZGVyIFswIDAgMF0KL0Rlc3QgL2ZpbGUjM2EjMmYj MmYjMmZ2YXIjMmZ0bXAjMmZDR0l0ZW1wNTA3MjkuZGlyIzJmZHJhZnQjMmRpZXRmIzJkb2F1dGgj MmR2Mi5odG1sLmh0bWwjMjNleHQjMmRncmFudAo+PgplbmRvYmoKODkwIDAgb2JqCjw8Ci9UeXBl IC9QYWdlCi9QYXJlbnQgMiAwIFIKL0NvbnRlbnRzIDkzNiAwIFIKL1Jlc291cmNlcyA5MzggMCBS Ci9Bbm5vdHMgOTM5IDAgUgovTWVkaWFCb3ggWzAgMCA1OTUgODQyXQo+PgplbmRvYmoKOTM4IDAg b2JqCjw8Ci9Db2xvclNwYWNlIDw8Ci9QQ1NwIDQgMCBSCi9DU3AgL0RldmljZVJHQgovQ1NwZyAv RGV2aWNlR3JheQo+PgovRXh0R1N0YXRlIDw8Ci9HU2EgMyAwIFIKPj4KL1BhdHRlcm4gPDwKPj4K L0ZvbnQgPDwKL0Y2IDYgMCBSCi9GMTUwIDE1MCAwIFIKL0Y5IDkgMCBSCi9GMTAgMTAgMCBSCj4+ Ci9YT2JqZWN0IDw8Cj4+Cj4+CmVuZG9iago5MzkgMCBvYmoKWyA5MDMgMCBSIDkwNCAwIFIgOTA1 IDAgUiA5MDYgMCBSIDkwNyAwIFIgOTA4IDAgUiA5MDkgMCBSIDkxMCAwIFIgOTExIDAgUiA5MTIg MCBSIDkxMyAwIFIgOTE0IDAgUiA5MTUgMCBSIDkxNiAwIFIgOTE3IDAgUiA5MTggMCBSIDkxOSAw IFIgOTIwIDAgUiA5MjEgMCBSIDkyMiAwIFIgOTIzIDAgUiA5MjQgMCBSIDkyNSAwIFIgOTI2IDAg UiA5MjcgMCBSIDkyOCAwIFIgOTI5IDAgUiA5MzAgMCBSIDkzMSAwIFIgOTMyIDAgUiA5MzMgMCBS IDkzNCAwIFIgOTM1IDAgUiBdCmVuZG9iago5MzYgMCBvYmoKPDwKL0xlbmd0aCA5MzcgMCBSCi9G aWx0ZXIgL0ZsYXRlRGVjb2RlCj4+CnN0cmVhbQp4nO1dS28bNxC+61fsuYBlvh9AUSBx4wI9FDBs oIeihyJpWgRSUDWH/v1ylystObMUVzZ3tSvJQmxpTM0MP84MP1Kkc//T8x/VX9+q+4fnf6qP7c+H 5xVZE2n9V0Xc4y4UMLPmjNRflaF8rXQj/bhd7ard6mn15L7vVlQ1b2x/uF/uTZDm8e3j19W9N77y kueHX9yz/ypW/ez+fal++90JP7X66gbblbHK+UEI5e7lJnxJmRVkbdxzJyfwZd3479Wv31Vfa8dY /Yv6bd7B8OWd1JxQvVbEvMnlXffWVnsNVup5qPgk/5SshNBKV9yIiovq3z9Xn531zrYi3DIqlUk+ D21z3toSldFkLWqjzMHOhXTvcF+yMoavmYfc4a+oqFu5RkDOdP2qlnd6Ngn99dB8Dny2vP1KPo98 Dnyzak28D9vQliWmeQp9A/KuL52eTUI/9LkQzgmfUz6kxmUMnPvHehvKB+LcHxupWIp9HjuXrBAV taxivGAuMWtl0yER5xInDhjfJOo/kB/wCvRsEvqL5RInzKMq4rjkhPOmDfANyIO+HPRsEvqL5VKM c8LnlA+pcRkD5/6x3sbyQTj3x0YqlibNJUkpcUzBlM0lSVkz5RMd55KkbRsd9x/ID3gFejYJ/cVy SdL2uY7jUlJpmgKIfIvkQV8OejYJ/cVyKcY54XPKh9S4jIFz/1hvY/kgnPtjIxVL0+YS06piUpXN Jc2EaDgyiXNJM1lbr+VR/4H8gFegZ5PQXyyXNPOkwfsc2vKkAfsWyYO+HPRsEvqL5VKMc8LnlA+p cRkD5/6x3sbyQTj3x0YqlqbNJSFY+VyyXNmmPzzOJcsNa7oM1hhA3nHlTs8mob9YLlnuOQNaLwnP GSjgGEAe9OWgZ5PQXyyXYpwTPqd8SI3LGDj3j3W8XhqGc39spGJp2lyqnxfneJS6dVjToTiXKJXE YxH3H8gPeAV6Ngn9xXLJ+eBJA43j0sn9C+RbJA/7stezSegvlksxzgmfUz6kxmUMnPvHegvkQ3Du j41ULE2bS1q7parjeT3bePudV4v2IU8zI0QlhBFu7jMVlXs7T6/bFKXNI3TGSxKborsjb3z/srp/ VJUjAy+fK+/Bnf/x4r2+c25LXb18qr6vnfqhevmyqveAWwFrBLoT8EZgOoGALbyODy9t/8fBWjZL 88VhLYmr54vDmmqzRKypscvDmrvvC8SaS7k8rGWzj7Y4rCWjy8Na6SXOjY7jjTU3vvIT0N2RNzYd cjSrcuuVvi7ZerbXrphH3hjoXiegAgoUfMt7IGBQQFnOyjQC/uN5eouCwmaVQh1IKSW5vggNW8hs 9z9AP/JvuSDEiO5y8+1JZnnSziWDmE8ybnKRKmHYcQTQA3T9HTQLIaR9lXftj9qQZrHZ/zyqywPa 56v2iUabcLP1vNkTbEw16zdl4m5T2gHhkREdVGiEYIt21joiaEdZpweE+FGWR0IHtkARi6wgP9qK RcmRGPbjbk/wrI3QcSfpVPmQrBlRC1YuAQj5TBe9/kexJvoDPNlqSD8HGMjUTm3jzqPKiIvYY65F W8TOM5qUgh7h3IKjRzWkmaiFF9BjTdCkg7INOfII7FKTTT80GsgPlrWCPEU6kJW860hpkBKvH00u VTyajPZXyjfaEYpMYke6lUCfnTeqpaJRa6kc133ma2XeTiCA8xSKlFS0vTV0LMCE84Js00owXZzC Nl9fU+e3gsuTS4GIIVz13MhlSC6lY98nkEsIZglySbxAHZkiFCR5H6CVvA4UXHDK5KhzGppFVqAf 18tpJVFgh/iKOG3YeTQFwc4ztPxHoZnVgbcQYA3niSXbESutH2ei0loCIG9UerlUWlBQE8aiuFQN s/MKjliEJkti9h/mlKSEkjJQbY8RrZmUJFz1h5akGTJRuImJoojlu58fFwgQZub5cYFcAQ1U7xbK hdBb98bh9JajwChBb9GwIxaJBA854nnFPJNx8On4NfHMrvP5SoAF8BOhtsU5907D4bwRvuUSPq5J PJpj7Z0aM4kdv3eK7byVFPLm1AkTOuP+DPY0WVtvD74WJbDMgjJ+bE+zXK2bmknO9jBMkc/pb3ur R8knV+oE8om4ymzJJxp2tD+LJipUxFCAZvdWWZau4m1h2BdEea+YSHMLjj5eE5HuOj/K5IJ2X9EO C16n54+JZXdH0LkxvAeD8g4dNSNnjExGJQjN26JguYsCoVQ8mmORdSN67ZQh64LyjPvzIeudr0XJ uoA3yCYn6zDIF1dPb2R95mRdcjacrFME1WLI+u1UwykkWSpw0P+aSHLX+WlI8tyPKEgKQuJGThdM TglI8LHIKSOT2FF0oJ0zHIXwRFrq/THWouRUwSv3Zyensz3XcDsKkVkSXPJRCGVPuUaWvaNYgvEy nuOieMiyNBIzXtgCcVO8tXy7rHagwJpd72W1oPM8Pw/AixV46Z8/pYtawJVm6m7wuTgxgOnGiRfM iblV8WiOxYkJmcSOIqLXzlv5rKf0WizgZhrjJvY15N5D/hYM/N0A6pJWtv+TLP2uonuR8HPlNtvQ RSBUP4PNrEc4Eu/7J+FAQCFfILCFgsVGDmwBR/O1WHElLhcr2h/5r8VKKHgP9vKwmi7y0K3cxYA5 OVTUXyi/TKwKJykz8Fb55WE14fSA7kUtBs3Jp1Lh2dxlYkVNUazaq76HO23LgWryFPRsNjxBvhis Zsg6ODqPvxg0Zzg9CL/OnyGayOzItAPecZgNEKjFyEDQ9gLP/JB4l0OCsaJI+D8DFZ4mnAsSSyzc QsOzmYtBc4aFG57ynA2YU9fttlzNEImpCzez8BzLXJBYZLlCp2gWg+Ysy5WZKZrn4ZndCajZADF1 ueLoo7+5IDG/3RaBPr5cDFZ06riSxCwVq8GlvWwxCj6+ngtUhTmiX8jNsJ/5kAiWtO5R7er/TEU1 HWt/BP9lyomHfZ6qp9X/bqsN8WVuZHN0cmVhbQplbmRvYmoKOTM3IDAgb2JqCjIyMTMKZW5kb2Jq Cjk0MSAwIG9iagpbNDUgL1hZWiA0Ny41MTk5OTk5ICAKMzk1LjExOTk5OSAgMF0KZW5kb2JqCjk0 MiAwIG9iagpbNDUgL1hZWiA0Ny41MTk5OTk5ICAKMjc5LjkxOTk5OSAgMF0KZW5kb2JqCjk0MyAw IG9iagpbNDUgL1hZWiA0Ny41MTk5OTk5ICAKMTYzLjc1OTk5OSAgMF0KZW5kb2JqCjk0NCAwIG9i agpbNDUgL1hZWiA0Ny41MTk5OTk5ICAKNDcuNTk5OTk5OSAgMF0KZW5kb2JqCjk0NSAwIG9iagpb NDUgL1hZWiA0Ny41MTk5OTk5ICAKNzM2Ljg3OTk5OSAgMF0KZW5kb2JqCjk0NiAwIG9iagpbNDUg L1hZWiA0Ny41MTk5OTk5ICAKNjIwLjcxOTk5OSAgMF0KZW5kb2JqCjk0NyAwIG9iagpbNDUgL1hZ WiA0Ny41MTk5OTk5ICAKNzY2LjYzOTk5OSAgMF0KZW5kb2JqCjk0OCAwIG9iagpbNDUgL1hZWiA0 Ny41MTk5OTk5ICAKNjUwLjQ3OTk5OSAgMF0KZW5kb2JqCjk0OSAwIG9iagpbNDUgL1hZWiA0Ny41 MTk5OTk5ICAKNTA0LjU1OTk5OSAgMF0KZW5kb2JqCjk1MCAwIG9iagpbNDUgL1hZWiA0Ny41MTk5 OTk5ICAKNTM0LjMxOTk5OSAgMF0KZW5kb2JqCjk1MSAwIG9iagpbNDUgL1hZWiA0Ny41MTk5OTk5 ICAKMzY1LjM1OTk5OSAgMF0KZW5kb2JqCjk1MiAwIG9iagpbNDUgL1hZWiA0Ny41MTk5OTk5ICAK MjQ5LjE5OTk5OSAgMF0KZW5kb2JqCjk1MyAwIG9iagpbNDUgL1hZWiA0Ny41MTk5OTk5ICAKMTMz Ljk5OTk5OSAgMF0KZW5kb2JqCjk1NCAwIG9iago8PAovVHlwZSAvQW5ub3QKL1N1YnR5cGUgL0xp bmsKL1JlY3QgWzUyMi43MjAwMDAgIDczMy4wMzk5OTkgIDU0My44NDAwMDAgIDc0MC43MTk5OTkg XQovQm9yZGVyIFswIDAgMF0KL0Rlc3QgL2ZpbGUjM2EjMmYjMmYjMmZ2YXIjMmZ0bXAjMmZDR0l0 ZW1wNTA3MjkuZGlyIzJmZHJhZnQjMmRpZXRmIzJkb2F1dGgjMmR2Mi5odG1sLmh0bWwjMjN0b2MK Pj4KZW5kb2JqCjk1NSAwIG9iago8PAovVHlwZSAvQW5ub3QKL1N1YnR5cGUgL0xpbmsKL1JlY3Qg WzIyMS4yODAwMDAgIDY5OS40Mzk5OTkgIDI5NC4yNDAwMDAgIDcwOS45OTk5OTkgXQovQm9yZGVy IFswIDAgMF0KL0Rlc3QgL2ZpbGUjM2EjMmYjMmYjMmZ2YXIjMmZ0bXAjMmZDR0l0ZW1wNTA3Mjku ZGlyIzJmZHJhZnQjMmRpZXRmIzJkb2F1dGgjMmR2Mi5odG1sLmh0bWwjMjN0b2tlbiMyZHJlcQo+ PgplbmRvYmoKOTU2IDAgb2JqCjw8Ci9UeXBlIC9Bbm5vdAovU3VidHlwZSAvTGluawovUmVjdCBb NTIyLjcyMDAwMCAgNjE2Ljg3OTk5OSAgNTQzLjg0MDAwMCAgNjI0LjU1OTk5OSBdCi9Cb3JkZXIg WzAgMCAwXQovRGVzdCAvZmlsZSMzYSMyZiMyZiMyZnZhciMyZnRtcCMyZkNHSXRlbXA1MDcyOS5k aXIjMmZkcmFmdCMyZGlldGYjMmRvYXV0aCMyZHYyLmh0bWwuaHRtbCMyM3RvYwo+PgplbmRvYmoK OTU3IDAgb2JqCjw8Ci9UeXBlIC9Bbm5vdAovU3VidHlwZSAvTGluawovUmVjdCBbMjcwLjI0MDAw MCAgNTg0LjI0MDAwMCAgMzQzLjE5OTk5OSAgNTk0Ljc5OTk5OSBdCi9Cb3JkZXIgWzAgMCAwXQov RGVzdCAvZmlsZSMzYSMyZiMyZiMyZnZhciMyZnRtcCMyZkNHSXRlbXA1MDcyOS5kaXIjMmZkcmFm dCMyZGlldGYjMmRvYXV0aCMyZHYyLmh0bWwuaHRtbCMyM2ltcGxpY2l0IzJkYXV0aHojMmRyZXNw Cj4+CmVuZG9iago5NTggMCBvYmoKPDwKL1R5cGUgL0Fubm90Ci9TdWJ0eXBlIC9MaW5rCi9SZWN0 IFszNjkuMTIwMDAwICA1ODQuMjQwMDAwICA0MzEuNTE5OTk5ICA1OTQuNzk5OTk5IF0KL0JvcmRl ciBbMCAwIDBdCi9EZXN0IC9maWxlIzNhIzJmIzJmIzJmdmFyIzJmdG1wIzJmQ0dJdGVtcDUwNzI5 LmRpciMyZmRyYWZ0IzJkaWV0ZiMyZG9hdXRoIzJkdjIuaHRtbC5odG1sIzIzdG9rZW4jMmRyZXNw b25zZQo+PgplbmRvYmoKOTU5IDAgb2JqCjw8Ci9UeXBlIC9Bbm5vdAovU3VidHlwZSAvTGluawov UmVjdCBbNTIyLjcyMDAwMCAgNTAwLjcxOTk5OSAgNTQzLjg0MDAwMCAgNTA4LjM5OTk5OSBdCi9C b3JkZXIgWzAgMCAwXQovRGVzdCAvZmlsZSMzYSMyZiMyZiMyZnZhciMyZnRtcCMyZkNHSXRlbXA1 MDcyOS5kaXIjMmZkcmFmdCMyZGlldGYjMmRvYXV0aCMyZHYyLmh0bWwuaHRtbCMyM3RvYwo+Pgpl bmRvYmoKOTYwIDAgb2JqCjw8Ci9UeXBlIC9Bbm5vdAovU3VidHlwZSAvTGluawovUmVjdCBbMjU4 LjcxOTk5OSAgNDY4LjA3OTk5OSAgMzMxLjY3OTk5OSAgNDc4LjYzOTk5OSBdCi9Cb3JkZXIgWzAg MCAwXQovRGVzdCAvZmlsZSMzYSMyZiMyZiMyZnZhciMyZnRtcCMyZkNHSXRlbXA1MDcyOS5kaXIj MmZkcmFmdCMyZGlldGYjMmRvYXV0aCMyZHYyLmh0bWwuaHRtbCMyM2ltcGxpY2l0IzJkYXV0aHoj MmRyZXNwCj4+CmVuZG9iago5NjEgMCBvYmoKPDwKL1R5cGUgL0Fubm90Ci9TdWJ0eXBlIC9MaW5r Ci9SZWN0IFszMzguMzk5OTk5ICA0NjguMDc5OTk5ICA0MDAuNzk5OTk5ICA0NzguNjM5OTk5IF0K L0JvcmRlciBbMCAwIDBdCi9EZXN0IC9maWxlIzNhIzJmIzJmIzJmdmFyIzJmdG1wIzJmQ0dJdGVt cDUwNzI5LmRpciMyZmRyYWZ0IzJkaWV0ZiMyZG9hdXRoIzJkdjIuaHRtbC5odG1sIzIzdG9rZW4j MmRyZXNwb25zZQo+PgplbmRvYmoKOTYyIDAgb2JqCjw8Ci9UeXBlIC9Bbm5vdAovU3VidHlwZSAv TGluawovUmVjdCBbNDI4LjYzOTk5OSAgNDY4LjA3OTk5OSAgNDkxLjAzOTk5OSAgNDc4LjYzOTk5 OSBdCi9Cb3JkZXIgWzAgMCAwXQovRGVzdCAvZmlsZSMzYSMyZiMyZiMyZnZhciMyZnRtcCMyZkNH SXRlbXA1MDcyOS5kaXIjMmZkcmFmdCMyZGlldGYjMmRvYXV0aCMyZHYyLmh0bWwuaHRtbCMyM25l dyMyZHR5cGVzCj4+CmVuZG9iago5NjMgMCBvYmoKPDwKL1R5cGUgL0Fubm90Ci9TdWJ0eXBlIC9M aW5rCi9SZWN0IFs1MjIuNzIwMDAwICAzNjEuNTE5OTk5ICA1NDMuODQwMDAwICAzNjkuMTk5OTk5 IF0KL0JvcmRlciBbMCAwIDBdCi9EZXN0IC9maWxlIzNhIzJmIzJmIzJmdmFyIzJmdG1wIzJmQ0dJ dGVtcDUwNzI5LmRpciMyZmRyYWZ0IzJkaWV0ZiMyZG9hdXRoIzJkdjIuaHRtbC5odG1sIzIzdG9j Cj4+CmVuZG9iago5NjQgMCBvYmoKPDwKL1R5cGUgL0Fubm90Ci9TdWJ0eXBlIC9MaW5rCi9SZWN0 IFsyNTguNzE5OTk5ICAzMjguODc5OTk5ICAzMzEuNjc5OTk5ICAzMzkuNDM5OTk5IF0KL0JvcmRl ciBbMCAwIDBdCi9EZXN0IC9maWxlIzNhIzJmIzJmIzJmdmFyIzJmdG1wIzJmQ0dJdGVtcDUwNzI5 LmRpciMyZmRyYWZ0IzJkaWV0ZiMyZG9hdXRoIzJkdjIuaHRtbC5odG1sIzIzaW1wbGljaXQjMmRh dXRoeiMyZHJlc3AKPj4KZW5kb2JqCjk2NSAwIG9iago8PAovVHlwZSAvQW5ub3QKL1N1YnR5cGUg L0xpbmsKL1JlY3QgWzM1Ni42Mzk5OTkgIDMyOC44Nzk5OTkgIDQxOS4wMzk5OTkgIDMzOS40Mzk5 OTkgXQovQm9yZGVyIFswIDAgMF0KL0Rlc3QgL2ZpbGUjM2EjMmYjMmYjMmZ2YXIjMmZ0bXAjMmZD R0l0ZW1wNTA3MjkuZGlyIzJmZHJhZnQjMmRpZXRmIzJkb2F1dGgjMmR2Mi5odG1sLmh0bWwjMjN0 b2tlbiMyZHJlc3BvbnNlCj4+CmVuZG9iago5NjYgMCBvYmoKPDwKL1R5cGUgL0Fubm90Ci9TdWJ0 eXBlIC9MaW5rCi9SZWN0IFs1MjIuNzIwMDAwICAyNDUuMzU5OTk5ICA1NDMuODQwMDAwICAyNTMu MDM5OTk5IF0KL0JvcmRlciBbMCAwIDBdCi9EZXN0IC9maWxlIzNhIzJmIzJmIzJmdmFyIzJmdG1w IzJmQ0dJdGVtcDUwNzI5LmRpciMyZmRyYWZ0IzJkaWV0ZiMyZG9hdXRoIzJkdjIuaHRtbC5odG1s IzIzdG9jCj4+CmVuZG9iago5NjcgMCBvYmoKPDwKL1R5cGUgL0Fubm90Ci9TdWJ0eXBlIC9MaW5r Ci9SZWN0IFsyNDYuMjM5OTk5ICAyMTIuNzE5OTk5ICAzMTkuMTk5OTk5ICAyMjMuMjc5OTk5IF0K L0JvcmRlciBbMCAwIDBdCi9EZXN0IC9maWxlIzNhIzJmIzJmIzJmdmFyIzJmdG1wIzJmQ0dJdGVt cDUwNzI5LmRpciMyZmRyYWZ0IzJkaWV0ZiMyZG9hdXRoIzJkdjIuaHRtbC5odG1sIzIzcGFzc3dv cmQjMmR0b2sjMmRyZXEKPj4KZW5kb2JqCjk2OCAwIG9iago8PAovVHlwZSAvQW5ub3QKL1N1YnR5 cGUgL0xpbmsKL1JlY3QgWzUyMi43MjAwMDAgIDEzMC4xNTk5OTkgIDU0My44NDAwMDAgIDEzNy44 Mzk5OTkgXQovQm9yZGVyIFswIDAgMF0KL0Rlc3QgL2ZpbGUjM2EjMmYjMmYjMmZ2YXIjMmZ0bXAj MmZDR0l0ZW1wNTA3MjkuZGlyIzJmZHJhZnQjMmRpZXRmIzJkb2F1dGgjMmR2Mi5odG1sLmh0bWwj MjN0b2MKPj4KZW5kb2JqCjk2OSAwIG9iago8PAovVHlwZSAvQW5ub3QKL1N1YnR5cGUgL0xpbmsK L1JlY3QgWzI0Ni4yMzk5OTkgIDk2LjU1OTk5OTkgIDMxOS4xOTk5OTkgIDEwNy4xMTk5OTkgXQov Qm9yZGVyIFswIDAgMF0KL0Rlc3QgL2ZpbGUjM2EjMmYjMmYjMmZ2YXIjMmZ0bXAjMmZDR0l0ZW1w NTA3MjkuZGlyIzJmZHJhZnQjMmRpZXRmIzJkb2F1dGgjMmR2Mi5odG1sLmh0bWwjMjNwYXNzd29y ZCMyZHRvayMyZHJlcQo+PgplbmRvYmoKOTQwIDAgb2JqCjw8Ci9UeXBlIC9QYWdlCi9QYXJlbnQg MiAwIFIKL0NvbnRlbnRzIDk3MCAwIFIKL1Jlc291cmNlcyA5NzIgMCBSCi9Bbm5vdHMgOTczIDAg UgovTWVkaWFCb3ggWzAgMCA1OTUgODQyXQo+PgplbmRvYmoKOTcyIDAgb2JqCjw8Ci9Db2xvclNw YWNlIDw8Ci9QQ1NwIDQgMCBSCi9DU3AgL0RldmljZVJHQgovQ1NwZyAvRGV2aWNlR3JheQo+Pgov RXh0R1N0YXRlIDw8Ci9HU2EgMyAwIFIKPj4KL1BhdHRlcm4gPDwKPj4KL0ZvbnQgPDwKL0Y2IDYg MCBSCi9GMTUwIDE1MCAwIFIKL0Y5IDkgMCBSCi9GMTAgMTAgMCBSCj4+Ci9YT2JqZWN0IDw8Cj4+ Cj4+CmVuZG9iago5NzMgMCBvYmoKWyA5NTQgMCBSIDk1NSAwIFIgOTU2IDAgUiA5NTcgMCBSIDk1 OCAwIFIgOTU5IDAgUiA5NjAgMCBSIDk2MSAwIFIgOTYyIDAgUiA5NjMgMCBSIDk2NCAwIFIgOTY1 IDAgUiA5NjYgMCBSIDk2NyAwIFIgOTY4IDAgUiA5NjkgMCBSIF0KZW5kb2JqCjk3MCAwIG9iago8 PAovTGVuZ3RoIDk3MSAwIFIKL0ZpbHRlciAvRmxhdGVEZWNvZGUKPj4Kc3RyZWFtCnic7V1Lb9tG EL7rV/BcwPK+H0BRIHGTAj0UMGygh6KHwmlaBFRQN4f+/ZJcmtyd4YiUvJRISzYaS2NyduabBz8O V+7tTw9/FH99K27vHv4pntqfdw8btmXah6+CVd83sUC4rRSs/iocl1tjG+nTbvNcPG/uN/fVv88b bpoT2x/VL1+WYM33t6evm9uw+CZIHu5+qV79V4ji5+q/L8Vvv1fCT62++oDdxnlT2cEYl9XbMn7L JXN8a6rXlZzBt/XBf29+/a74Whsmtq4xngcD47c32mmv3VYx9yqTn/tTW+01WNTrWPFB9hldKG2t K6Q1hfLFv39uPler92sbJr3g2jjydby2lO1aquDMiGqVetXdRipdY8mYruRWbwULwDrDVX0QF1Au bP2mkXd6SkJ/HZrPkc1etl/k68Tm2DbntuzF5mgtzgLa0LZUHvnS6SkJ/dDmTDgTNlM2UHGZA+fh WO8S+TSch3ODyqXU5rlryesKSi8KITPWkvA++KPSWpKMhViq1H8g7/CK9JSE/my1JJkIqKo0LyWT sjkG2AbkkS+dnpLQn62WUpwJmykbqLjMgfNwrHepfBLOw7lB5dJJa8lU5V2I6n3WWlJeBH9sWkvK q2C5Tf0H8g6vSE9J6M9WS8rrEDOb5qXyxjT9D9mWyCNfOj0loT9bLaU4EzZTNlBxmQPn4VjvUvkk nIdzg8ql09aS0LbheDpnLVmhVP2as7SWbLVaw51Z6j+Qd3hFekpCf7ZassKyxhyW5qUVTjbmINsS eeRLp6ck9GerpRRnwmbKBiouc+A8HOtdKp+E83BuULl02lpS0hXcqbzXJc9t8EemteS5D7GUqf9A 3uEV6SkJ/dlqyQsWYibTvKw8Ne1tdWpbKu996fWUhP5stZTiTNhM2UDFZQ6ch2O9S3GbhPNwblC5 dNpa0s4XQpu8tcSrr+AQmD1wLkIwwf1iKo/uOzs9JaE/3+yBcxmCBu/juXJNA0S2xfLYlxc9JaE/ 3+whwZmwmbKBisscOA/HGsweJuE8nBtULp22lqxiM9SSZKrDK46ZZLqLZex/Ku/x6vWUhP58tSSZ aWO2A2v1Q93Utlge+2IG8ziW56qlBGfCZsoGKi5z4Dwc6x2QT8F5ODeoXEptfnmU4NFg/bC6UdWd pHZWFKLidPqlbu6Pm/Lz5js2JkiIKf/znhPfP25uP5qiYrePn4tgwU348RisvqnMdrJ4/FR8Xxv1 Q/H4ZVM/1GgFohHYXiAbgesFCh4RdHx4bP2fB2vDqu60Pqyr8lXrw5pbtUasudPrw1pqvUaspTHr w1rXg+H1Ya25XR/WRts1Ym0qpjUP1kc+0n/ec2LjENf1roNBl3x9tbfVnXJijYPm9QL5Hh5xBwUf gYAzeISHAgQTPEK+AwIB7eBi1PQfl+EcPgUqFR8Odk4gS5FzGipFOsbjAldBhgk3avqoDgQQN8On NFXz6vR3TFGYvaUMmZD+MHbKzmEY8hZGl8FiR6u0qGeKP5/e/hYGwB5Lj4i/RjqgpfiIw/sQ0iFh PcyzCjwlxyoCpgNqoRw2DHSEyGAHgxmk4CkCdn+BcswMMJFt2EvJmmni8OuEp0w4fpzFHLhoU+S+ 5pEDJS5MU+JepV5yDotN9chAMJEAndLSuj2Ctvp64sdROYaQedgWegEqR6QULctDN+KsdwZdbTlc JlwGNN302gvFvKSVatpa1BH1AtzJRyCMNtwWJmh/kmtqOMHJo6b4OWGBkSuW9anz+NKB+s0+7nTy 4PGq8NLoocpBV8dAQuSeI4KA7zsEdUyY5NiQj2Bd7karbZzZidFVRi/CeJVx05HSqAKOj6ZULo2m lBl5mbfTyc3xdXAIhZpFkIOXK+QcYqGIEBDXf1Qzb5EQGKZ06vZBhADfweUgBOiuFyYGpgyoNaB7 ayiQMDFwI0Q8BFJHqrt62rmLISaGWTD2viBiEjuPxiCovYw2ZK7GBOimDlcmug6gVYjx05kIktUA yCtBWi9BUhz2BGQJ6tiI2hDevNI03V4IO9NycjfDBZ/OiE7SKsafMRzfKq7sblnsjnuTun3YuAdh l4HdzUOzRskcSmGBSNV1qNRxNyHAY/RL4m6R83N0xnGqNvkZ75mYmYYwXZnZepmZ9CaNZtsYUU9/ LQN0E9dZACU0TKW2ZqWEworplHAWbraQXSZZlr1uKjlQx2k3lRjhLBn/9SbEdVPJ1PhLNr3bLQyA vPG/bio5dJXrppJ1TBmktamXh00ZEP45pgzoZh52X3z//wGuEpSaPa1l/KESVHp9QtRPGert60nJ XdKUoXceszx4LUGshxF7pvbRvvFHRugx61mf/2gA03XKAFdZ35RhXzTP9vyn+k1iWtabfaXBB0j3 0d/zNALcWolGMPPtT0a69yZplhZd8RxDs1CEctAsC3gHYkRUcvWsCnEXPKAY79oXzKK0Bp/auCQW FTmPRmPoSfj4rOzo+cOZOJKSAIQrR1oxR3IsjWZWImIO+HDfeWvpVTQDsQo0mNdoVoNoBvJlnKqg WR56HoCmvWiIhPggcm50V+tlb3cx1qduH8aQ0PAmA0NCYybMbkaD2lYfF7DaIqaCWBX8zNQFMyTL Qbu4JIbUO49vHtF+w9HNgxxeGdDzaHQhEEOT71MlQMuQogy4MqTVM6Q+mlkZktXgk5R7aMZ5a+nK kE7PkOi/+AN/N4H50Mpe/vDOYJ4K+JFfAa/ybb2jp1qRux4whTZzo2p+P3yRjwQcNLM22h6CGrU7 PXYEj4hCBqwkB9v614NV2ynGj8iFlWr/AN/ysELLEnmVLWsYA7sUl4LEArMG7pJcDFanzhotxEKR eHee+ukfpi0GiQXWj3ALxerU9SOcSiefi0FiPGuQjpmzpsUquq1/o1hl/39UFveb/wE0W6gHZW5k c3RyZWFtCmVuZG9iago5NzEgMCBvYmoKMjE3MQplbmRvYmoKOTc1IDAgb2JqCls0NiAvWFlaIDQ3 LjUxOTk5OTkgIAo4MDIuMTU5OTk5ICAwXQplbmRvYmoKOTc2IDAgb2JqCls0NiAvWFlaIDQ3LjUx OTk5OTkgIAo2ODYuOTU5OTk5ICAwXQplbmRvYmoKOTc3IDAgb2JqCls0NiAvWFlaIDQ3LjUxOTk5 OTkgIAo3MTYuNzE5OTk5ICAwXQplbmRvYmoKOTc4IDAgb2JqCls0NiAvWFlaIDQ3LjUxOTk5OTkg IAo1NjAuMjM5OTk5ICAwXQplbmRvYmoKOTc5IDAgb2JqCls0NiAvWFlaIDQ3LjUxOTk5OTkgIAo1 OTAgIDBdCmVuZG9iago5ODAgMCBvYmoKWzQ2IC9YWVogNDcuNTE5OTk5OSAgCjExNi43MTk5OTkg IDBdCmVuZG9iago5ODEgMCBvYmoKWzQ2IC9YWVogNDcuNTE5OTk5OSAgCjg2Ljk1OTk5OTkgIDBd CmVuZG9iago5ODIgMCBvYmoKPDwKL1R5cGUgL0Fubm90Ci9TdWJ0eXBlIC9MaW5rCi9SZWN0IFs1 MjIuNzIwMDAwICA3OTguMzE5OTk5ICA1NDMuODQwMDAwICA4MDUuOTk5OTk5IF0KL0JvcmRlciBb MCAwIDBdCi9EZXN0IC9maWxlIzNhIzJmIzJmIzJmdmFyIzJmdG1wIzJmQ0dJdGVtcDUwNzI5LmRp ciMyZmRyYWZ0IzJkaWV0ZiMyZG9hdXRoIzJkdjIuaHRtbC5odG1sIzIzdG9jCj4+CmVuZG9iago5 ODMgMCBvYmoKPDwKL1R5cGUgL0Fubm90Ci9TdWJ0eXBlIC9MaW5rCi9SZWN0IFsyNzYuOTU5OTk5 ICA3NjUuNjc5OTk5ICAzMzkuMzU5OTk5ICA3NzYuMjM5OTk5IF0KL0JvcmRlciBbMCAwIDBdCi9E ZXN0IC9maWxlIzNhIzJmIzJmIzJmdmFyIzJmdG1wIzJmQ0dJdGVtcDUwNzI5LmRpciMyZmRyYWZ0 IzJkaWV0ZiMyZG9hdXRoIzJkdjIuaHRtbC5odG1sIzIzdG9rZW4jMmRyZXNwb25zZQo+PgplbmRv YmoKOTg0IDAgb2JqCjw8Ci9UeXBlIC9Bbm5vdAovU3VidHlwZSAvTGluawovUmVjdCBbMzY0LjMx OTk5OSAgNzY1LjY3OTk5OSAgNDE2LjE1OTk5OSAgNzc2LjIzOTk5OSBdCi9Cb3JkZXIgWzAgMCAw XQovRGVzdCAvZmlsZSMzYSMyZiMyZiMyZnZhciMyZnRtcCMyZkNHSXRlbXA1MDcyOS5kaXIjMmZk cmFmdCMyZGlldGYjMmRvYXV0aCMyZHYyLmh0bWwuaHRtbCMyM3Rva2VuIzJkcmVmcmVzaAo+Pgpl bmRvYmoKOTg1IDAgb2JqCjw8Ci9UeXBlIC9Bbm5vdAovU3VidHlwZSAvTGluawovUmVjdCBbNTIy LjcyMDAwMCAgNjgzLjEyMDAwMCAgNTQzLjg0MDAwMCAgNjkwLjc5OTk5OSBdCi9Cb3JkZXIgWzAg MCAwXQovRGVzdCAvZmlsZSMzYSMyZiMyZiMyZnZhciMyZnRtcCMyZkNHSXRlbXA1MDcyOS5kaXIj MmZkcmFmdCMyZGlldGYjMmRvYXV0aCMyZHYyLmh0bWwuaHRtbCMyM3RvYwo+PgplbmRvYmoKOTg2 IDAgb2JqCjw8Ci9UeXBlIC9Bbm5vdAovU3VidHlwZSAvTGluawovUmVjdCBbMzMwLjcxOTk5OSAg NjQ5LjUxOTk5OSAgMzkzLjExOTk5OSAgNjYwLjA3OTk5OSBdCi9Cb3JkZXIgWzAgMCAwXQovRGVz dCAvZmlsZSMzYSMyZiMyZiMyZnZhciMyZnRtcCMyZkNHSXRlbXA1MDcyOS5kaXIjMmZkcmFmdCMy ZGlldGYjMmRvYXV0aCMyZHYyLmh0bWwuaHRtbCMyM2VuZHBvaW50IzJkcGFyYW1zCj4+CmVuZG9i ago5ODcgMCBvYmoKPDwKL1R5cGUgL0Fubm90Ci9TdWJ0eXBlIC9MaW5rCi9SZWN0IFs1MjIuNzIw MDAwICA1NTYuMzk5OTk5ICA1NDMuODQwMDAwICA1NjQuMDc5OTk5IF0KL0JvcmRlciBbMCAwIDBd Ci9EZXN0IC9maWxlIzNhIzJmIzJmIzJmdmFyIzJmdG1wIzJmQ0dJdGVtcDUwNzI5LmRpciMyZmRy YWZ0IzJkaWV0ZiMyZG9hdXRoIzJkdjIuaHRtbC5odG1sIzIzdG9jCj4+CmVuZG9iago5ODggMCBv YmoKPDwKL1R5cGUgL0Fubm90Ci9TdWJ0eXBlIC9MaW5rCi9SZWN0IFszNzAuMDc5OTk5ICA1MTEu Mjc5OTk5ICA0MjguNjM5OTk5ICA1MjEuODM5OTk5IF0KL0JvcmRlciBbMCAwIDBdCi9EZXN0IC9m aWxlIzNhIzJmIzJmIzJmdmFyIzJmdG1wIzJmQ0dJdGVtcDUwNzI5LmRpciMyZmRyYWZ0IzJkaWV0 ZiMyZG9hdXRoIzJkdjIuaHRtbC5odG1sIzIzUkZDNTg0OQo+PgplbmRvYmoKOTg5IDAgb2JqCjw8 Ci9UeXBlIC9Bbm5vdAovU3VidHlwZSAvTGluawovUmVjdCBbMjg4LjQ4MDAwMCAgNDk5Ljc1OTk5 OSAgNDMzLjQ0MDAwMCAgNTEwLjMxOTk5OSBdCi9Cb3JkZXIgWzAgMCAwXQovRGVzdCAvZmlsZSMz YSMyZiMyZiMyZnZhciMyZnRtcCMyZkNHSXRlbXA1MDcyOS5kaXIjMmZkcmFmdCMyZGlldGYjMmRv YXV0aCMyZHYyLmh0bWwuaHRtbCMyM0kjMmRELmRyYWZ0IzJkaGFyZHQjMmRvYXV0aCMyZDAxCj4+ CmVuZG9iago5OTAgMCBvYmoKPDwKL1R5cGUgL0Fubm90Ci9TdWJ0eXBlIC9MaW5rCi9SZWN0IFs1 MjIuNzIwMDAwICA4My4xMTk5OTk5ICA1NDMuODQwMDAwICA5MC43OTk5OTk5IF0KL0JvcmRlciBb MCAwIDBdCi9EZXN0IC9maWxlIzNhIzJmIzJmIzJmdmFyIzJmdG1wIzJmQ0dJdGVtcDUwNzI5LmRp ciMyZmRyYWZ0IzJkaWV0ZiMyZG9hdXRoIzJkdjIuaHRtbC5odG1sIzIzdG9jCj4+CmVuZG9iago5 NzQgMCBvYmoKPDwKL1R5cGUgL1BhZ2UKL1BhcmVudCAyIDAgUgovQ29udGVudHMgOTkxIDAgUgov UmVzb3VyY2VzIDk5MyAwIFIKL0Fubm90cyA5OTQgMCBSCi9NZWRpYUJveCBbMCAwIDU5NSA4NDJd Cj4+CmVuZG9iago5OTMgMCBvYmoKPDwKL0NvbG9yU3BhY2UgPDwKL1BDU3AgNCAwIFIKL0NTcCAv RGV2aWNlUkdCCi9DU3BnIC9EZXZpY2VHcmF5Cj4+Ci9FeHRHU3RhdGUgPDwKL0dTYSAzIDAgUgo+ PgovUGF0dGVybiA8PAo+PgovRm9udCA8PAovRjYgNiAwIFIKL0Y5IDkgMCBSCi9GMTAgMTAgMCBS Ci9GMTUwIDE1MCAwIFIKL0YyNDQgMjQ0IDAgUgo+PgovWE9iamVjdCA8PAo+Pgo+PgplbmRvYmoK OTk0IDAgb2JqClsgOTgyIDAgUiA5ODMgMCBSIDk4NCAwIFIgOTg1IDAgUiA5ODYgMCBSIDk4NyAw IFIgOTg4IDAgUiA5ODkgMCBSIDk5MCAwIFIgXQplbmRvYmoKOTkxIDAgb2JqCjw8Ci9MZW5ndGgg OTkyIDAgUgovRmlsdGVyIC9GbGF0ZURlY29kZQo+PgpzdHJlYW0KeJztXUuP3MYRvu+v4DmAVuzm GwgCrNZSAB8MCBKQg+FDIMUJjJWRjQ/+++FwuDNkfWx+1TXNmdnVrmBrtsVhV1fXu6qr3/790z+z f/+Rvb3/9N/sy/j3/aeb/Davuv1Plvd/3kwHfHtb+Hz3k7WuuK2bYfTLt5vH7PHm483H/v+PN64e vjj+1f/j0xT58OePL7/fvN1PfrMf+XT/U//pz8xnP/b//Zb9/Es/+HV83+6BbzdtV/dw5Lkr+l8f pr+6Im/dbd1/7sdz+evu4f/c/OMv2e87wPxtOwDv9gBOf33TrzEvdy9tTwL58fjV8e07ZIU+T18c BV9dZWXddi7zPZp9kf3vXze/9rMf567zovOuqtvg5+ncRTHOVWau7crbsv/oe7QXZbXDZZ5Xmevy 5tYP4z3+azc85Lwc98Mvu/Hjex4C799tza8TmLti/Al+nsE8hc0P5LCHeTJXN36WsM3HJ2s5vOch 8H4JcyI8B2AOwRDaly3wvLzX3+bjKjwv00aIluYwb8xLTV66rGjqrGgT8lK/qnpYZzXnpTJ33bDO ar5+MX7A1+Q9D4H3J+OlMu/fv/tYz+myzMty+FxL2Gbjk7Uc3vMQeH8yXprjOQBzCIbQvmyB5+W9 /jYfV+F5mTZCtJRKZvWM64Z5hW7oGbcc9LHg5/n4kf+P73kIvD+dbnCdq3cTOCFne4HaPRkKM9hm 49O1PL3nIfD+jfAcgDkEQ2hftsDz8l5/E+MaPC/TRoiW5jA/macdGGtxeqAsd0ZV/4tvM1c96YGP NsvRDX+mwOxHApbj48oX332+efuhzlyeff4120PwZv/X5z3Ub3qwXZd9/pr9dQfU37LPv93sDOVx wA8DzXGgGAba40Apn9i/4/3ncf0b4bqruueI667Jnx2uG+fLZ4jrxhXV88N1U+bPEddN5TbC9RHP ++hBPtjuy59nzrbieYqM2EkHVHW73VtAla8HaVscVlkPq3TuuO67YaQ8DPhaoKpwEnfyKyMyVwaK HyS69wN1eIdcMwxUMV+5l5Du6aA7wvFePtHKWe7FV1wlvwLTOjkLrFbiw+3hcPkR7Z69FUB1udyp doGG40JCjytfHCjN7YJWS6RW+YHUasGUjdyMFUSOaJLwz5igXOa84FOadSom2K+9Ci2+6cTiJSU6 uXjfysXTr7hymREnBAAM0MmBdxIOmAUG8gtSlWsLgVmQNQHBUaw8sR9wa4+A0ANBAYB8EPO6looB 2B6Aw9NZAFJ4B8zCQYeXTljTvptlXrPdBC6QkIRWcyJolQStKGJeG5QM9SAZuv7tM7E4AR8GLiM7 UBqnkx0rqx115doTcrVlIwekyeKkmgfLwMPy4R0v2CDsWjdfdpxBCJRiMAgraQCBveNqMeDBIpK2 Wv5eClhqRAFkvgPIgIilJQpPKDQMQgJPgMH7vZiRzS6EdqoZOUGTVMSjOGgklrhfMMFSRbU76G6Q de8ZNSq0eyk3mFtIVKc6KeoRdG4yUFbDWcB+BQSBpkvCaXIabrq9Wnvc2mvqOS+nNKmavNKbVB4I 7QOlPPmEh9ABYB70BH0HGEyb2EdJAIPVSrMALcoAkhPtf+PU+39lCFgz/uP3v6IiAZ8ABqGAwTsK KWe2mUV+JcUsXpKDp/oPnvAJ4ACfowQ3RQYfQ37LS3RTGlfW81VO3BRwBtA7oHFa8DDAfwDZio7M nYTM4A3h8pxkewhDo2EPkev9NL36FeS0ZhqC01VQtKqjaWtOyP0CGYNi2NTncE0zZ9STfA6FkSWf QDsVngDrF2KdAAc42jlQvbQXEBBYP0wDVidwAdhg3B0A6x+UIUAKfBPIPMXgEP1HgBQoHqYFeuC2 PrwDNAqnGFhtwNafrBYcSqA67h1xr4RTf7xnAyYZOPoY7rkH/gAlnNO9pJB5iL9yiqHRApyW7vao JVd0EZq1fPsNPmg8XaLOAEL94ahETtYG3ZPXqhBLcv2cYnBzwWnj8QQADN4B/ACy7jJCBxY3hgbW bCSulLhSPo8y9DxAzpUh11tgdy1YYkAR8VYIl6Hfg348WagUc6nCBfHlUqFVN4f1TGxT7Ddn6uSB 1pTzug/pRL7PnxyAIpfAXwoDiqiTwdQA1UK1EdoewHxc+qZAGU+hgJgAZXweMxqCf9SbUYg8XtsC mtXJaRMJtHbOM6Gwx6nzFPV8Hs/xSgWnIpGqSDRpUk/vE4on74P0yoPV3Ly+jMuWwqzDWThJAKuB 2cOdXA46D2BIEQgJfK41Nlk+znInn5DTljwGlEQkFE7yQ4J43ZhnWYtzgsajSjKFce1Ba8Z7V4qA BU2Jn8cP5L6FYl+uNSq2DaNqZe6JXFd7wXWhYFsaZVeEg/E8LgY7wZFGCaAATgUigixiPJdZQIdZ 5Fe4r1nuyWzqeNBSHEcLoPCtwKulk4YXmrjxpUeKKCdYkaAyuO2tsCJ5/CV+s9AJ5qVX1I9C0Uw1 U+FhuSC+gDZ5BivB7tpDJ5D6XaPDQK3lmm8OVgbXACBVuA8IW7eRb9ZUTFYbYrSQgZY4Q7ob89pp NE91UHCvpkci0+OkDN2CbuKRYKA7UGf82BBnXlrpwYWIoqATNvcuIbW3h7em4N3X/MprfuUaxN0z qj94huHMtUOQCSwvJLNN8gQbbu+prnaez2XzCe5ZGi3RHdpagDzXVmWs+R6B4toVxbpQtgMMHe+w ooan7gqKUc4BMiFlWi4/KsMp3uCv8LoVfrhIim/F+iGnmcIE5PVUCluU2oCWAC7YopSoFDiUe8ln MRw/Miwf8SEZlS8Oo3MAWKA5SBToQOwShVj5RXVoaHGnSu6hc8JEdCtiD1xAwN5pD7kl0UOFW2FE rs9hK6jKQNI0yC6Od17nzSU1P2vEa6XjhUrJPRHQmPHCja9WMQsvwQQEgW0jc6CKCDcKEcp2WIFs kH/x9oHCEVX4FdRAggEFCz1rJ2krAZ93c5mIgiZFlos7Y1ycQX0033HgGl5bETiRnUbz+Cc1qtE8 EK/hCXnaBUYhA7bIWGCiLN6/sbPIWn2GohMAaCuMTwI1y53Bjhrx+ZckDt73dQxlE5GvICLuvdLt P5cCKFshmizZBm4lUj/agneOM0NJoyGVTotLQkUdabRKGcYQVaKWzDl0ErsS7wWWbyh05stHvSwD DQbJnSTiTSs6kAx5eQbgFBUkT4IAGyZMPhZ1G+TDq00+nnBKZc3Mek3xEe5+xik+nquAfeC5CoX7 qrDUeFfT14TeBfThWaN5p8ryrpsL87KgQoXHWV1CNdMWQcho9gYLVBUNJOJ5JknG82qkyKWsJh4E NpyL4i4C2lUJjaTSRXRUNzQl/K4MDwOCkhxQ4zUR8cUKiuOjW6zlckehDTiL94g1CiD+VB8yFScR zty85IHTP4hd0CEgQ2FxvK+poT4ZqJtGlQ2nyyw8BJorvghcUSWQ6MyWEypEq3bTqC5f60mEem8W lWFwCQw9iel+KzQmnZaHO0OF4mtG5TsmDy6FIFppw6dVWKEpdDvt8q0wS+EroA0SaDKF8KdMaElC gTXAawa4vuDl+/xQHM8gQ7MVbtmk6MfNK5dovGwrZ79qhGQH8gdYKUYULeeoZ5vQ5Uyj+8onnWsx /rkyjGf/81iYyLo8f8g9zvgQoyGeYLivQdP79jwtUAw3B8Q3k33RwYK42wkI99dP99tezelFjJbx s9lY/hZf/orzIs8YmBcwEp9TRZHJbW7q2aY4vq84rGu4BYbWoSqqvWmF7OvJHYr2eGvPck4nvgz7 QgWGF2qJ4BMmmMq21C8mRXYQaEohuaWmRqM7HcmciFU3OhkHtGIpC69SpKLKglbuU1KTcaNmPNwf pj61Yv286SfXVAlO0Lykk2tYPSRfyksh+blswykUMCmupVjwQkedNM15wT/SKqY0eqjrQijivckM pY+vhy5BczWl2Aha16uIDmvPWK55Q4B3TONSu+tCvo3GhZDfsehQxb0OrxLw83pOHok3/vJNy2lP Qz/T51stn+L0q+VIjkwWomESsH6TaLfKHbwsCAcADqVmQjlE3R9+JGUrJeK6+XoXSlAAWO53xAeV Ac+Ks0+QlObBzQSnA7E0Duidnw5EsuKqCcw5Q3DTYmiBTcRD5Iblch8y/pY7w9E/tO/iZeYCD3FL LF5GWHrvpiuXXlv/cy59TtG5JOFh8Mp3J6AIPa+EMuNk1dOKBfLLz3hJLbdFaY8Ig9VoKdzkKRCI ivBDhSlE4ItoeLGWSeDX3/EishQYSCHRX9ZRDUXokEZfFdUpuDoeTKKFEy+gEXwajVUefIlrqUe4 lm7KW2nSupgjHl0UrtLiOzSdFUUbZ4YVvcV4mvNid19w4BP0r8DkEe3izsutFGvhRiAgiJ/fjY+M JekjxY+ep2ijxSv4LLZJfIReQTFg0Cranqf0rqpOj8X4XkT4FW0/ulM1Ql7Nl/d6sxEDPYH1qjDF UHjJNo+8K54Fy3D1n0GaGYQXtyESRBsNNgTvNKc4FGRQ7rw/NecpS2aUh844x1DHSxEmUZg/9K1J grpURWo209ydLY3uag4la2ARK/oVxp+b1aCE1z0niOh8dzfIJemUyo8w84o7xU5QyxprzizFAIbS Fm7zK7p6KkIaFBJLWSL3LajitLCAwpXisVJEa3yDpSu7qjCNBG8P3seVXW94svvRivXxGLyBXXnx CjigvIqSBiSRjeJp9UI5iSRXmyRQ4Gh+09oOQ1KOd+BVoJC25d+kDFFBQVxi8FMIih7FvM0Nj9hs E0sCUQ0VFIblgqFl3qqTr1QRKsJUZQoydMtgWp1HnKHhNMJDNlx2x4c9NHzFe33yEDWnTZ4Ii89A KsItVLtZQIeti2/sYqjlKe8kGfI4CL+rGWgbzuFAtCHeiEb1D15T/PnQC1kd2zSHNoVjuQEASiTB ehX18Gcq962aQkhqFHeBNjxpVITrgkjiFp+hMYmhX1SCAGzCG2ViWDHJbQkwC2hqQBB0NubnH1OU cRnOg2IOP761fYpLiQwH4jdJWWBakDJMcRdNdVfDMCCHwQxJcPxV0TpX0dX3Yk236m4uqBXFcsjv hmKiQIlWGrVThCujDJuD/Q2otbZJFu9SLacV/MzPe/DifX4iKN42g+XyBKzJZ0xQg7uQ9OB9Zrj3 luI6tATNjCxH3g3Xrlr4LkF7N+4k4qnB+KajlkOzinobeerAUvqdUnjXXi+8DU3peTdo3jBWkV7n ySiAjG6EYnW8nJIShKIkx9CIMP4ud4stlqLdoaFEnXcZszSm4+0ueatnwFB8V/IX3SLnNTVFFpey hKlumidAFOfFAPj40wUGe1DB/pyFuDagp5gsR1fj25BYKjZ5nI72XD6PVabo5aKIIfHLUkBQAafG Xx5iaLif5KJDTkL86Bw3uXgpKe/1G98eTyEeLnSHCXcwgAu55ZuwcqnunmzyBZ6iSSXuc1tim9p6 /VNrm3w5x8CrxaCzGM7tcisyO/HhX0WNFW0YZGgGpgj9TTzuA2nf+nz8CX6eEr7m+U/3P93k2Z+Z z37s//st+/mXHoSvU36KnHTgti5z1RKz+XrHa80xArCnz+mFuE5sOwyE9nBC5IFT55B8Wtv2XEKm UNBAww285F7CGrj/azW7TjGgKBXD8iOJJMcL0ORqRh1dH9HoF8gYJPR+hJOiSbc13eEKT8mXMKAI OMB+gTXEO//ALIZMJy8gOc+ltilCMlAMCEIXgwUAB18tL0rhhT3xu224GkQRxAJVBwYVbCVPt5zl rgyFtcDt+AS14wYaKz9IAfLhKN5OlVOtP9z6A2Yc1MotWgdVN/6ggBX/ptD64ZcNi6kDaykGc7pu axfC6sgPoJ1budyjFhmpbLL/75YV3mTACRx6mLaWWK4WN9OKibJorxQTy36Tece7wYHqV3Nt65Tl orDjLi0mynIwb93BlRzPFx6XNV4CMj1wGBA6k0eAcmFho+qfDEjnqfRp97wYqkp83oRWOuqj2Al9 WYamLMWU+XLg2rykqpy/vwDfBCUGBkvu5I5LE9kXElPLN8fZMVXmzaaYKp2fv99BXTb4BRItC5hL jobKb4uGSqJZiihEA8Q0pNxzy4n2E7DQbcs2VS7ZRvqvo1pdlkX9n+yxh8PVwwvHv758szqLH7OP N/8HD8+48mVuZHN0cmVhbQplbmRvYmoKOTkyIDAgb2JqCjQ1ODUKZW5kb2JqCjk5NiAwIG9iagpb NDcgL1hZWiA0Ny41MTk5OTk5ICAKMzE1LjQzOTk5OSAgMF0KZW5kb2JqCjk5NyAwIG9iagpbNDcg L1hZWiA0Ny41MTk5OTk5ICAKMzQ1LjE5OTk5OSAgMF0KZW5kb2JqCjk5OCAwIG9iago8PAovVHlw ZSAvQW5ub3QKL1N1YnR5cGUgL0xpbmsKL1JlY3QgWzUyMi43MjAwMDAgIDMxMS41OTk5OTkgIDU0 My44NDAwMDAgIDMxOS4yNzk5OTkgXQovQm9yZGVyIFswIDAgMF0KL0Rlc3QgL2ZpbGUjM2EjMmYj MmYjMmZ2YXIjMmZ0bXAjMmZDR0l0ZW1wNTA3MjkuZGlyIzJmZHJhZnQjMmRpZXRmIzJkb2F1dGgj MmR2Mi5odG1sLmh0bWwjMjN0b2MKPj4KZW5kb2JqCjk5OSAwIG9iago8PAovVHlwZSAvQW5ub3QK L1N1YnR5cGUgL0xpbmsKL1JlY3QgWzEzMS4wMzk5OTkgIDI2Mi42Mzk5OTkgIDIyOCAgMjcwLjMx OTk5OSBdCi9Cb3JkZXIgWzAgMCAwXQovQSA8PAovVHlwZSAvQWN0aW9uCi9TIC9VUkkKL1VSSSAo bWFpbHRvOmRpY2suaGFyZHRAZ21haWwuY29tKQo+Pgo+PgplbmRvYmoKMTAwMCAwIG9iago8PAov VHlwZSAvQW5ub3QKL1N1YnR5cGUgL0xpbmsKL1JlY3QgWzEzMS4wMzk5OTkgIDI1My4wMzk5OTkg IDIyMC4zMTk5OTkgIDI2MC43MTk5OTkgXQovQm9yZGVyIFswIDAgMF0KL0EgPDwKL1R5cGUgL0Fj dGlvbgovUyAvVVJJCi9VUkkgKGh0dHA6Ly9kaWNraGFyZHQub3JnLykKPj4KPj4KZW5kb2JqCjEw MDEgMCBvYmoKPDwKL1R5cGUgL0Fubm90Ci9TdWJ0eXBlIC9MaW5rCi9SZWN0IFsxMzEuMDM5OTk5 ICAyMTQuNjM5OTk5ICAxNzcuMTIwMDAwICAyMjIuMzE5OTk5IF0KL0JvcmRlciBbMCAwIDBdCi9B IDw8Ci9UeXBlIC9BY3Rpb24KL1MgL1VSSQovVVJJIChtYWlsdG86ZHJAZmIuY29tKQo+Pgo+Pgpl bmRvYmoKMTAwMiAwIG9iago8PAovVHlwZSAvQW5ub3QKL1N1YnR5cGUgL0xpbmsKL1JlY3QgWzEz MS4wMzk5OTkgIDIwNS4wMzk5OTkgIDI2OS4yNzk5OTkgIDIxMi43MTk5OTkgXQovQm9yZGVyIFsw IDAgMF0KL0EgPDwKL1R5cGUgL0FjdGlvbgovUyAvVVJJCi9VUkkgKGh0dHA6Ly93d3cuZGF2aWRy ZWNvcmRvbi5jb20vKQo+Pgo+PgplbmRvYmoKMTAwNSAwIG9iago8PC9UaXRsZSAo/v8AQQBiAHMA dAByAGEAYwB0KQogIC9QYXJlbnQgMTAwNCAwIFIKICAvRGVzdCAvX19XS0FOQ0hPUl80CiAgL0Nv dW50IDAKICAvTmV4dCAxMDA2IDAgUgo+PgplbmRvYmoKMTAwNiAwIG9iago8PC9UaXRsZSAo/v8A UwB0AGEAdAB1AHMAIABvAGYAIAB0AGgAaQBzACAATQBlAG0AbykKICAvUGFyZW50IDEwMDQgMCBS CiAgL0Rlc3QgL19fV0tBTkNIT1JfNgogIC9Db3VudCAwCiAgL05leHQgMTAwNyAwIFIKICAvUHJl diAxMDA1IDAgUgo+PgplbmRvYmoKMTAwNyAwIG9iago8PC9UaXRsZSAo/v8AQwBvAHAAeQByAGkA ZwBoAHQAIABOAG8AdABpAGMAZSkKICAvUGFyZW50IDEwMDQgMCBSCiAgL0Rlc3QgL19fV0tBTkNI T1JfOAogIC9Db3VudCAwCiAgL05leHQgMTAwOCAwIFIKICAvUHJldiAxMDA2IDAgUgo+PgplbmRv YmoKMTAwOCAwIG9iago8PC9UaXRsZSAo/v8AVABhAGIAbABlACAAbwBmACAAQwBvAG4AdABlAG4A dABzKQogIC9QYXJlbnQgMTAwNCAwIFIKICAvRGVzdCAvX19XS0FOQ0hPUl9hCiAgL0NvdW50IDAK ICAvTmV4dCAxMDA5IDAgUgogIC9QcmV2IDEwMDcgMCBSCj4+CmVuZG9iagoxMDA5IDAgb2JqCjw8 L1RpdGxlICj+/wAxAC4AoAAgAEkAbgB0AHIAbwBkAHUAYwB0AGkAbwBuKQogIC9QYXJlbnQgMTAw NCAwIFIKICAvRGVzdCAvX19XS0FOQ0hPUl9jCiAgL0NvdW50IDAKICAvTmV4dCAxMDEwIDAgUgog IC9QcmV2IDEwMDggMCBSCj4+CmVuZG9iagoxMDEwIDAgb2JqCjw8L1RpdGxlICj+/wAxAC4AMQAu AKAAIABSAG8AbABlAHMpCiAgL1BhcmVudCAxMDA0IDAgUgogIC9EZXN0IC9fX1dLQU5DSE9SX2UK ICAvQ291bnQgMAogIC9OZXh0IDEwMTEgMCBSCiAgL1ByZXYgMTAwOSAwIFIKPj4KZW5kb2JqCjEw MTEgMCBvYmoKPDwvVGl0bGUgKP7/ADEALgAyAC4AoAAgAFAAcgBvAHQAbwBjAG8AbAAgAEYAbABv AHcpCiAgL1BhcmVudCAxMDA0IDAgUgogIC9EZXN0IC9fX1dLQU5DSE9SX2cKICAvQ291bnQgMAog IC9OZXh0IDEwMTIgMCBSCiAgL1ByZXYgMTAxMCAwIFIKPj4KZW5kb2JqCjEwMTIgMCBvYmoKPDwv VGl0bGUgKP7/ADEALgAzAC4AoAAgAEEAdQB0AGgAbwByAGkAegBhAHQAaQBvAG4AIABHAHIAYQBu AHQpCiAgL1BhcmVudCAxMDA0IDAgUgogIC9EZXN0IC9fX1dLQU5DSE9SX2kKICAvQ291bnQgMAog IC9OZXh0IDEwMTMgMCBSCiAgL1ByZXYgMTAxMSAwIFIKPj4KZW5kb2JqCjEwMTMgMCBvYmoKPDwv VGl0bGUgKP7/ADEALgAzAC4AMQAuAKAAIABBAHUAdABoAG8AcgBpAHoAYQB0AGkAbwBuACAAQwBv AGQAZSkKICAvUGFyZW50IDEwMDQgMCBSCiAgL0Rlc3QgL19fV0tBTkNIT1JfawogIC9Db3VudCAw CiAgL05leHQgMTAxNCAwIFIKICAvUHJldiAxMDEyIDAgUgo+PgplbmRvYmoKMTAxNCAwIG9iago8 PC9UaXRsZSAo/v8AMQAuADMALgAyAC4AoAAgAEkAbQBwAGwAaQBjAGkAdCkKICAvUGFyZW50IDEw MDQgMCBSCiAgL0Rlc3QgL19fV0tBTkNIT1JfbQogIC9Db3VudCAwCiAgL05leHQgMTAxNSAwIFIK ICAvUHJldiAxMDEzIDAgUgo+PgplbmRvYmoKMTAxNSAwIG9iago8PC9UaXRsZSAo/v8AMQAuADMA LgAzAC4AoAAgAFIAZQBzAG8AdQByAGMAZQAgAE8AdwBuAGUAcgAgAFAAYQBzAHMAdwBvAHIAZAAg AEMAcgBlAGQAZQBuAHQAaQBhAGwAcykKICAvUGFyZW50IDEwMDQgMCBSCiAgL0Rlc3QgL19fV0tB TkNIT1JfbwogIC9Db3VudCAwCiAgL05leHQgMTAxNiAwIFIKICAvUHJldiAxMDE0IDAgUgo+Pgpl bmRvYmoKMTAxNiAwIG9iago8PC9UaXRsZSAo/v8AMQAuADMALgA0AC4AoAAgAEMAbABpAGUAbgB0 ACAAQwByAGUAZABlAG4AdABpAGEAbABzKQogIC9QYXJlbnQgMTAwNCAwIFIKICAvRGVzdCAvX19X S0FOQ0hPUl9xCiAgL0NvdW50IDAKICAvTmV4dCAxMDE3IDAgUgogIC9QcmV2IDEwMTUgMCBSCj4+ CmVuZG9iagoxMDE3IDAgb2JqCjw8L1RpdGxlICj+/wAxAC4ANAAuAKAAIABBAGMAYwBlAHMAcwAg AFQAbwBrAGUAbikKICAvUGFyZW50IDEwMDQgMCBSCiAgL0Rlc3QgL19fV0tBTkNIT1JfcwogIC9D b3VudCAwCiAgL05leHQgMTAxOCAwIFIKICAvUHJldiAxMDE2IDAgUgo+PgplbmRvYmoKMTAxOCAw IG9iago8PC9UaXRsZSAo/v8AMQAuADUALgCgACAAUgBlAGYAcgBlAHMAaAAgAFQAbwBrAGUAbikK ICAvUGFyZW50IDEwMDQgMCBSCiAgL0Rlc3QgL19fV0tBTkNIT1JfdQogIC9Db3VudCAwCiAgL05l eHQgMTAxOSAwIFIKICAvUHJldiAxMDE3IDAgUgo+PgplbmRvYmoKMTAxOSAwIG9iago8PC9UaXRs ZSAo/v8AMQAuADYALgCgACAAVABMAFMAIABWAGUAcgBzAGkAbwBuKQogIC9QYXJlbnQgMTAwNCAw IFIKICAvRGVzdCAvX19XS0FOQ0hPUl93CiAgL0NvdW50IDAKICAvTmV4dCAxMDIwIDAgUgogIC9Q cmV2IDEwMTggMCBSCj4+CmVuZG9iagoxMDIwIDAgb2JqCjw8L1RpdGxlICj+/wAxAC4ANwAuAKAA IABIAFQAVABQACAAUgBlAGQAaQByAGUAYwB0AGkAbwBuAHMpCiAgL1BhcmVudCAxMDA0IDAgUgog IC9EZXN0IC9fX1dLQU5DSE9SX3kKICAvQ291bnQgMAogIC9OZXh0IDEwMjEgMCBSCiAgL1ByZXYg MTAxOSAwIFIKPj4KZW5kb2JqCjEwMjEgMCBvYmoKPDwvVGl0bGUgKP7/ADEALgA4AC4AoAAgAEkA bgB0AGUAcgBvAHAAZQByAGEAYgBpAGwAaQB0AHkpCiAgL1BhcmVudCAxMDA0IDAgUgogIC9EZXN0 IC9fX1dLQU5DSE9SXzEwCiAgL0NvdW50IDAKICAvTmV4dCAxMDIyIDAgUgogIC9QcmV2IDEwMjAg MCBSCj4+CmVuZG9iagoxMDIyIDAgb2JqCjw8L1RpdGxlICj+/wAxAC4AOQAuAKAAIABOAG8AdABh AHQAaQBvAG4AYQBsACAAQwBvAG4AdgBlAG4AdABpAG8AbgBzKQogIC9QYXJlbnQgMTAwNCAwIFIK ICAvRGVzdCAvX19XS0FOQ0hPUl8xMgogIC9Db3VudCAwCiAgL05leHQgMTAyMyAwIFIKICAvUHJl diAxMDIxIDAgUgo+PgplbmRvYmoKMTAyMyAwIG9iago8PC9UaXRsZSAo/v8AMgAuAKAAIABDAGwA aQBlAG4AdAAgAFIAZQBnAGkAcwB0AHIAYQB0AGkAbwBuKQogIC9QYXJlbnQgMTAwNCAwIFIKICAv RGVzdCAvX19XS0FOQ0hPUl8xNAogIC9Db3VudCAwCiAgL05leHQgMTAyNCAwIFIKICAvUHJldiAx MDIyIDAgUgo+PgplbmRvYmoKMTAyNCAwIG9iago8PC9UaXRsZSAo/v8AMgAuADEALgCgACAAQwBs AGkAZQBuAHQAIABUAHkAcABlAHMpCiAgL1BhcmVudCAxMDA0IDAgUgogIC9EZXN0IC9fX1dLQU5D SE9SXzE2CiAgL0NvdW50IDAKICAvTmV4dCAxMDI1IDAgUgogIC9QcmV2IDEwMjMgMCBSCj4+CmVu ZG9iagoxMDI1IDAgb2JqCjw8L1RpdGxlICj+/wAyAC4AMgAuAKAAIABDAGwAaQBlAG4AdAAgAEkA ZABlAG4AdABpAGYAaQBlAHIpCiAgL1BhcmVudCAxMDA0IDAgUgogIC9EZXN0IC9fX1dLQU5DSE9S XzE4CiAgL0NvdW50IDAKICAvTmV4dCAxMDI2IDAgUgogIC9QcmV2IDEwMjQgMCBSCj4+CmVuZG9i agoxMDI2IDAgb2JqCjw8L1RpdGxlICj+/wAyAC4AMwAuAKAAIABDAGwAaQBlAG4AdAAgAEEAdQB0 AGgAZQBuAHQAaQBjAGEAdABpAG8AbikKICAvUGFyZW50IDEwMDQgMCBSCiAgL0Rlc3QgL19fV0tB TkNIT1JfMWEKICAvQ291bnQgMAogIC9OZXh0IDEwMjcgMCBSCiAgL1ByZXYgMTAyNSAwIFIKPj4K ZW5kb2JqCjEwMjcgMCBvYmoKPDwvVGl0bGUgKP7/ADIALgAzAC4AMQAuAKAAIABDAGwAaQBlAG4A dAAgAFAAYQBzAHMAdwBvAHIAZCkKICAvUGFyZW50IDEwMDQgMCBSCiAgL0Rlc3QgL19fV0tBTkNI T1JfMWMKICAvQ291bnQgMAogIC9OZXh0IDEwMjggMCBSCiAgL1ByZXYgMTAyNiAwIFIKPj4KZW5k b2JqCjEwMjggMCBvYmoKPDwvVGl0bGUgKP7/ADIALgAzAC4AMgAuAKAAIABPAHQAaABlAHIAIABB AHUAdABoAGUAbgB0AGkAYwBhAHQAaQBvAG4AIABNAGUAdABoAG8AZABzKQogIC9QYXJlbnQgMTAw NCAwIFIKICAvRGVzdCAvX19XS0FOQ0hPUl8xZQogIC9Db3VudCAwCiAgL05leHQgMTAyOSAwIFIK ICAvUHJldiAxMDI3IDAgUgo+PgplbmRvYmoKMTAyOSAwIG9iago8PC9UaXRsZSAo/v8AMgAuADQA LgCgACAAVQBuAHIAZQBnAGkAcwB0AGUAcgBlAGQAIABDAGwAaQBlAG4AdABzKQogIC9QYXJlbnQg MTAwNCAwIFIKICAvRGVzdCAvX19XS0FOQ0hPUl8xZwogIC9Db3VudCAwCiAgL05leHQgMTAzMCAw IFIKICAvUHJldiAxMDI4IDAgUgo+PgplbmRvYmoKMTAzMCAwIG9iago8PC9UaXRsZSAo/v8AMwAu AKAAIABQAHIAbwB0AG8AYwBvAGwAIABFAG4AZABwAG8AaQBuAHQAcykKICAvUGFyZW50IDEwMDQg MCBSCiAgL0Rlc3QgL19fV0tBTkNIT1JfMWkKICAvQ291bnQgMAogIC9OZXh0IDEwMzEgMCBSCiAg L1ByZXYgMTAyOSAwIFIKPj4KZW5kb2JqCjEwMzEgMCBvYmoKPDwvVGl0bGUgKP7/ADMALgAxAC4A oAAgAEEAdQB0AGgAbwByAGkAegBhAHQAaQBvAG4AIABFAG4AZABwAG8AaQBuAHQpCiAgL1BhcmVu dCAxMDA0IDAgUgogIC9EZXN0IC9fX1dLQU5DSE9SXzFrCiAgL0NvdW50IDAKICAvTmV4dCAxMDMy IDAgUgogIC9QcmV2IDEwMzAgMCBSCj4+CmVuZG9iagoxMDMyIDAgb2JqCjw8L1RpdGxlICj+/wAz AC4AMQAuADEALgCgACAAUgBlAHMAcABvAG4AcwBlACAAVAB5AHAAZSkKICAvUGFyZW50IDEwMDQg MCBSCiAgL0Rlc3QgL19fV0tBTkNIT1JfMW0KICAvQ291bnQgMAogIC9OZXh0IDEwMzMgMCBSCiAg L1ByZXYgMTAzMSAwIFIKPj4KZW5kb2JqCjEwMzMgMCBvYmoKPDwvVGl0bGUgKP7/ADMALgAxAC4A MgAuAKAAIABSAGUAZABpAHIAZQBjAHQAaQBvAG4AIABFAG4AZABwAG8AaQBuAHQpCiAgL1BhcmVu dCAxMDA0IDAgUgogIC9EZXN0IC9fX1dLQU5DSE9SXzFvCiAgL0NvdW50IDAKICAvTmV4dCAxMDM0 IDAgUgogIC9QcmV2IDEwMzIgMCBSCj4+CmVuZG9iagoxMDM0IDAgb2JqCjw8L1RpdGxlICj+/wAz AC4AMQAuADIALgAxAC4AoAAgAEUAbgBkAHAAbwBpAG4AdAAgAFIAZQBxAHUAZQBzAHQAIABDAG8A bgBmAGkAZABlAG4AdABpAGEAbABpAHQAeSkKICAvUGFyZW50IDEwMDQgMCBSCiAgL0Rlc3QgL19f V0tBTkNIT1JfMXEKICAvQ291bnQgMAogIC9OZXh0IDEwMzUgMCBSCiAgL1ByZXYgMTAzMyAwIFIK Pj4KZW5kb2JqCjEwMzUgMCBvYmoKPDwvVGl0bGUgKP7/ADMALgAxAC4AMgAuADIALgCgACAAUgBl AGcAaQBzAHQAcgBhAHQAaQBvAG4AIABSAGUAcQB1AGkAcgBlAG0AZQBuAHQAcykKICAvUGFyZW50 IDEwMDQgMCBSCiAgL0Rlc3QgL19fV0tBTkNIT1JfMXMKICAvQ291bnQgMAogIC9OZXh0IDEwMzYg MCBSCiAgL1ByZXYgMTAzNCAwIFIKPj4KZW5kb2JqCjEwMzYgMCBvYmoKPDwvVGl0bGUgKP7/ADMA LgAxAC4AMgAuADMALgCgACAARAB5AG4AYQBtAGkAYwAgAEMAbwBuAGYAaQBnAHUAcgBhAHQAaQBv AG4pCiAgL1BhcmVudCAxMDA0IDAgUgogIC9EZXN0IC9fX1dLQU5DSE9SXzF1CiAgL0NvdW50IDAK ICAvTmV4dCAxMDM3IDAgUgogIC9QcmV2IDEwMzUgMCBSCj4+CmVuZG9iagoxMDM3IDAgb2JqCjw8 L1RpdGxlICj+/wAzAC4AMQAuADIALgA0AC4AoAAgAEkAbgB2AGEAbABpAGQAIABFAG4AZABwAG8A aQBuAHQpCiAgL1BhcmVudCAxMDA0IDAgUgogIC9EZXN0IC9fX1dLQU5DSE9SXzF3CiAgL0NvdW50 IDAKICAvTmV4dCAxMDM4IDAgUgogIC9QcmV2IDEwMzYgMCBSCj4+CmVuZG9iagoxMDM4IDAgb2Jq Cjw8L1RpdGxlICj+/wAzAC4AMQAuADIALgA1AC4AoAAgAEUAbgBkAHAAbwBpAG4AdAAgAEMAbwBu AHQAZQBuAHQpCiAgL1BhcmVudCAxMDA0IDAgUgogIC9EZXN0IC9fX1dLQU5DSE9SXzF5CiAgL0Nv dW50IDAKICAvTmV4dCAxMDM5IDAgUgogIC9QcmV2IDEwMzcgMCBSCj4+CmVuZG9iagoxMDM5IDAg b2JqCjw8L1RpdGxlICj+/wAzAC4AMgAuAKAAIABUAG8AawBlAG4AIABFAG4AZABwAG8AaQBuAHQp CiAgL1BhcmVudCAxMDA0IDAgUgogIC9EZXN0IC9fX1dLQU5DSE9SXzIwCiAgL0NvdW50IDAKICAv TmV4dCAxMDQwIDAgUgogIC9QcmV2IDEwMzggMCBSCj4+CmVuZG9iagoxMDQwIDAgb2JqCjw8L1Rp dGxlICj+/wAzAC4AMgAuADEALgCgACAAQwBsAGkAZQBuAHQAIABBAHUAdABoAGUAbgB0AGkAYwBh AHQAaQBvAG4pCiAgL1BhcmVudCAxMDA0IDAgUgogIC9EZXN0IC9fX1dLQU5DSE9SXzIyCiAgL0Nv dW50IDAKICAvTmV4dCAxMDQxIDAgUgogIC9QcmV2IDEwMzkgMCBSCj4+CmVuZG9iagoxMDQxIDAg b2JqCjw8L1RpdGxlICj+/wAzAC4AMwAuAKAAIABBAGMAYwBlAHMAcwAgAFQAbwBrAGUAbgAgAFMA YwBvAHAAZSkKICAvUGFyZW50IDEwMDQgMCBSCiAgL0Rlc3QgL19fV0tBTkNIT1JfMjQKICAvQ291 bnQgMAogIC9OZXh0IDEwNDIgMCBSCiAgL1ByZXYgMTA0MCAwIFIKPj4KZW5kb2JqCjEwNDIgMCBv YmoKPDwvVGl0bGUgKP7/ADQALgCgACAATwBiAHQAYQBpAG4AaQBuAGcAIABBAHUAdABoAG8AcgBp AHoAYQB0AGkAbwBuKQogIC9QYXJlbnQgMTAwNCAwIFIKICAvRGVzdCAvX19XS0FOQ0hPUl8yNgog IC9Db3VudCAwCiAgL05leHQgMTA0MyAwIFIKICAvUHJldiAxMDQxIDAgUgo+PgplbmRvYmoKMTA0 MyAwIG9iago8PC9UaXRsZSAo/v8ANAAuADEALgCgACAAQQB1AHQAaABvAHIAaQB6AGEAdABpAG8A bgAgAEMAbwBkAGUAIABHAHIAYQBuAHQpCiAgL1BhcmVudCAxMDA0IDAgUgogIC9EZXN0IC9fX1dL QU5DSE9SXzI4CiAgL0NvdW50IDAKICAvTmV4dCAxMDQ0IDAgUgogIC9QcmV2IDEwNDIgMCBSCj4+ CmVuZG9iagoxMDQ0IDAgb2JqCjw8L1RpdGxlICj+/wA0AC4AMQAuADEALgCgACAAQQB1AHQAaABv AHIAaQB6AGEAdABpAG8AbgAgAFIAZQBxAHUAZQBzAHQpCiAgL1BhcmVudCAxMDA0IDAgUgogIC9E ZXN0IC9fX1dLQU5DSE9SXzJhCiAgL0NvdW50IDAKICAvTmV4dCAxMDQ1IDAgUgogIC9QcmV2IDEw NDMgMCBSCj4+CmVuZG9iagoxMDQ1IDAgb2JqCjw8L1RpdGxlICj+/wA0AC4AMQAuADIALgCgACAA QQB1AHQAaABvAHIAaQB6AGEAdABpAG8AbgAgAFIAZQBzAHAAbwBuAHMAZSkKICAvUGFyZW50IDEw MDQgMCBSCiAgL0Rlc3QgL19fV0tBTkNIT1JfMmMKICAvQ291bnQgMAogIC9OZXh0IDEwNDYgMCBS CiAgL1ByZXYgMTA0NCAwIFIKPj4KZW5kb2JqCjEwNDYgMCBvYmoKPDwvVGl0bGUgKP7/ADQALgAx AC4AMgAuADEALgCgACAARQByAHIAbwByACAAUgBlAHMAcABvAG4AcwBlKQogIC9QYXJlbnQgMTAw NCAwIFIKICAvRGVzdCAvX19XS0FOQ0hPUl8yZQogIC9Db3VudCAwCiAgL05leHQgMTA0NyAwIFIK ICAvUHJldiAxMDQ1IDAgUgo+PgplbmRvYmoKMTA0NyAwIG9iago8PC9UaXRsZSAo/v8ANAAuADEA LgAzAC4AoAAgAEEAYwBjAGUAcwBzACAAVABvAGsAZQBuACAAUgBlAHEAdQBlAHMAdCkKICAvUGFy ZW50IDEwMDQgMCBSCiAgL0Rlc3QgL19fV0tBTkNIT1JfMmcKICAvQ291bnQgMAogIC9OZXh0IDEw NDggMCBSCiAgL1ByZXYgMTA0NiAwIFIKPj4KZW5kb2JqCjEwNDggMCBvYmoKPDwvVGl0bGUgKP7/ ADQALgAxAC4ANAAuAKAAIABBAGMAYwBlAHMAcwAgAFQAbwBrAGUAbgAgAFIAZQBzAHAAbwBuAHMA ZSkKICAvUGFyZW50IDEwMDQgMCBSCiAgL0Rlc3QgL19fV0tBTkNIT1JfMmkKICAvQ291bnQgMAog IC9OZXh0IDEwNDkgMCBSCiAgL1ByZXYgMTA0NyAwIFIKPj4KZW5kb2JqCjEwNDkgMCBvYmoKPDwv VGl0bGUgKP7/ADQALgAyAC4AoAAgAEkAbQBwAGwAaQBjAGkAdAAgAEcAcgBhAG4AdCkKICAvUGFy ZW50IDEwMDQgMCBSCiAgL0Rlc3QgL19fV0tBTkNIT1JfMmsKICAvQ291bnQgMAogIC9OZXh0IDEw NTAgMCBSCiAgL1ByZXYgMTA0OCAwIFIKPj4KZW5kb2JqCjEwNTAgMCBvYmoKPDwvVGl0bGUgKP7/ ADQALgAyAC4AMQAuAKAAIABBAHUAdABoAG8AcgBpAHoAYQB0AGkAbwBuACAAUgBlAHEAdQBlAHMA dCkKICAvUGFyZW50IDEwMDQgMCBSCiAgL0Rlc3QgL19fV0tBTkNIT1JfMm0KICAvQ291bnQgMAog IC9OZXh0IDEwNTEgMCBSCiAgL1ByZXYgMTA0OSAwIFIKPj4KZW5kb2JqCjEwNTEgMCBvYmoKPDwv VGl0bGUgKP7/ADQALgAyAC4AMgAuAKAAIABBAGMAYwBlAHMAcwAgAFQAbwBrAGUAbgAgAFIAZQBz AHAAbwBuAHMAZSkKICAvUGFyZW50IDEwMDQgMCBSCiAgL0Rlc3QgL19fV0tBTkNIT1JfMm8KICAv Q291bnQgMAogIC9OZXh0IDEwNTIgMCBSCiAgL1ByZXYgMTA1MCAwIFIKPj4KZW5kb2JqCjEwNTIg MCBvYmoKPDwvVGl0bGUgKP7/ADQALgAyAC4AMgAuADEALgCgACAARQByAHIAbwByACAAUgBlAHMA cABvAG4AcwBlKQogIC9QYXJlbnQgMTAwNCAwIFIKICAvRGVzdCAvX19XS0FOQ0hPUl8ycQogIC9D b3VudCAwCiAgL05leHQgMTA1MyAwIFIKICAvUHJldiAxMDUxIDAgUgo+PgplbmRvYmoKMTA1MyAw IG9iago8PC9UaXRsZSAo/v8ANAAuADMALgCgACAAUgBlAHMAbwB1AHIAYwBlACAATwB3AG4AZQBy ACAAUABhAHMAcwB3AG8AcgBkACAAQwByAGUAZABlAG4AdABpAGEAbABzACAARwByAGEAbgB0KQog IC9QYXJlbnQgMTAwNCAwIFIKICAvRGVzdCAvX19XS0FOQ0hPUl8ycwogIC9Db3VudCAwCiAgL05l eHQgMTA1NCAwIFIKICAvUHJldiAxMDUyIDAgUgo+PgplbmRvYmoKMTA1NCAwIG9iago8PC9UaXRs ZSAo/v8ANAAuADMALgAxAC4AoAAgAEEAdQB0AGgAbwByAGkAegBhAHQAaQBvAG4AIABSAGUAcQB1 AGUAcwB0ACAAYQBuAGQAIABSAGUAcwBwAG8AbgBzAGUpCiAgL1BhcmVudCAxMDA0IDAgUgogIC9E ZXN0IC9fX1dLQU5DSE9SXzJ1CiAgL0NvdW50IDAKICAvTmV4dCAxMDU1IDAgUgogIC9QcmV2IDEw NTMgMCBSCj4+CmVuZG9iagoxMDU1IDAgb2JqCjw8L1RpdGxlICj+/wA0AC4AMwAuADIALgCgACAA QQBjAGMAZQBzAHMAIABUAG8AawBlAG4AIABSAGUAcQB1AGUAcwB0KQogIC9QYXJlbnQgMTAwNCAw IFIKICAvRGVzdCAvX19XS0FOQ0hPUl8ydwogIC9Db3VudCAwCiAgL05leHQgMTA1NiAwIFIKICAv UHJldiAxMDU0IDAgUgo+PgplbmRvYmoKMTA1NiAwIG9iago8PC9UaXRsZSAo/v8ANAAuADMALgAz AC4AoAAgAEEAYwBjAGUAcwBzACAAVABvAGsAZQBuACAAUgBlAHMAcABvAG4AcwBlKQogIC9QYXJl bnQgMTAwNCAwIFIKICAvRGVzdCAvX19XS0FOQ0hPUl8yeQogIC9Db3VudCAwCiAgL05leHQgMTA1 NyAwIFIKICAvUHJldiAxMDU1IDAgUgo+PgplbmRvYmoKMTA1NyAwIG9iago8PC9UaXRsZSAo/v8A NAAuADQALgCgACAAQwBsAGkAZQBuAHQAIABDAHIAZQBkAGUAbgB0AGkAYQBsAHMAIABHAHIAYQBu AHQpCiAgL1BhcmVudCAxMDA0IDAgUgogIC9EZXN0IC9fX1dLQU5DSE9SXzMwCiAgL0NvdW50IDAK ICAvTmV4dCAxMDU4IDAgUgogIC9QcmV2IDEwNTYgMCBSCj4+CmVuZG9iagoxMDU4IDAgb2JqCjw8 L1RpdGxlICj+/wA0AC4ANAAuADEALgCgACAAQQB1AHQAaABvAHIAaQB6AGEAdABpAG8AbgAgAFIA ZQBxAHUAZQBzAHQAIABhAG4AZAAgAFIAZQBzAHAAbwBuAHMAZSkKICAvUGFyZW50IDEwMDQgMCBS CiAgL0Rlc3QgL19fV0tBTkNIT1JfMzIKICAvQ291bnQgMAogIC9OZXh0IDEwNTkgMCBSCiAgL1By ZXYgMTA1NyAwIFIKPj4KZW5kb2JqCjEwNTkgMCBvYmoKPDwvVGl0bGUgKP7/ADQALgA0AC4AMgAu AKAAIABBAGMAYwBlAHMAcwAgAFQAbwBrAGUAbgAgAFIAZQBxAHUAZQBzAHQpCiAgL1BhcmVudCAx MDA0IDAgUgogIC9EZXN0IC9fX1dLQU5DSE9SXzM0CiAgL0NvdW50IDAKICAvTmV4dCAxMDYwIDAg UgogIC9QcmV2IDEwNTggMCBSCj4+CmVuZG9iagoxMDYwIDAgb2JqCjw8L1RpdGxlICj+/wA0AC4A NAAuADMALgCgACAAQQBjAGMAZQBzAHMAIABUAG8AawBlAG4AIABSAGUAcwBwAG8AbgBzAGUpCiAg L1BhcmVudCAxMDA0IDAgUgogIC9EZXN0IC9fX1dLQU5DSE9SXzM2CiAgL0NvdW50IDAKICAvTmV4 dCAxMDYxIDAgUgogIC9QcmV2IDEwNTkgMCBSCj4+CmVuZG9iagoxMDYxIDAgb2JqCjw8L1RpdGxl ICj+/wA0AC4ANQAuAKAAIABFAHgAdABlAG4AcwBpAG8AbgAgAEcAcgBhAG4AdABzKQogIC9QYXJl bnQgMTAwNCAwIFIKICAvRGVzdCAvX19XS0FOQ0hPUl8zOAogIC9Db3VudCAwCiAgL05leHQgMTA2 MiAwIFIKICAvUHJldiAxMDYwIDAgUgo+PgplbmRvYmoKMTA2MiAwIG9iago8PC9UaXRsZSAo/v8A NQAuAKAAIABJAHMAcwB1AGkAbgBnACAAYQBuACAAQQBjAGMAZQBzAHMAIABUAG8AawBlAG4pCiAg L1BhcmVudCAxMDA0IDAgUgogIC9EZXN0IC9fX1dLQU5DSE9SXzNhCiAgL0NvdW50IDAKICAvTmV4 dCAxMDYzIDAgUgogIC9QcmV2IDEwNjEgMCBSCj4+CmVuZG9iagoxMDYzIDAgb2JqCjw8L1RpdGxl ICj+/wA1AC4AMQAuAKAAIABTAHUAYwBjAGUAcwBzAGYAdQBsACAAUgBlAHMAcABvAG4AcwBlKQog IC9QYXJlbnQgMTAwNCAwIFIKICAvRGVzdCAvX19XS0FOQ0hPUl8zYwogIC9Db3VudCAwCiAgL05l eHQgMTA2NCAwIFIKICAvUHJldiAxMDYyIDAgUgo+PgplbmRvYmoKMTA2NCAwIG9iago8PC9UaXRs ZSAo/v8ANQAuADIALgCgACAARQByAHIAbwByACAAUgBlAHMAcABvAG4AcwBlKQogIC9QYXJlbnQg MTAwNCAwIFIKICAvRGVzdCAvX19XS0FOQ0hPUl8zZQogIC9Db3VudCAwCiAgL05leHQgMTA2NSAw IFIKICAvUHJldiAxMDYzIDAgUgo+PgplbmRvYmoKMTA2NSAwIG9iago8PC9UaXRsZSAo/v8ANgAu AKAAIABSAGUAZgByAGUAcwBoAGkAbgBnACAAYQBuACAAQQBjAGMAZQBzAHMAIABUAG8AawBlAG4p CiAgL1BhcmVudCAxMDA0IDAgUgogIC9EZXN0IC9fX1dLQU5DSE9SXzNnCiAgL0NvdW50IDAKICAv TmV4dCAxMDY2IDAgUgogIC9QcmV2IDEwNjQgMCBSCj4+CmVuZG9iagoxMDY2IDAgb2JqCjw8L1Rp dGxlICj+/wA3AC4AoAAgAEEAYwBjAGUAcwBzAGkAbgBnACAAUAByAG8AdABlAGMAdABlAGQAIABS AGUAcwBvAHUAcgBjAGUAcykKICAvUGFyZW50IDEwMDQgMCBSCiAgL0Rlc3QgL19fV0tBTkNIT1Jf M2kKICAvQ291bnQgMAogIC9OZXh0IDEwNjcgMCBSCiAgL1ByZXYgMTA2NSAwIFIKPj4KZW5kb2Jq CjEwNjcgMCBvYmoKPDwvVGl0bGUgKP7/ADcALgAxAC4AoAAgAEEAYwBjAGUAcwBzACAAVABvAGsA ZQBuACAAVAB5AHAAZQBzKQogIC9QYXJlbnQgMTAwNCAwIFIKICAvRGVzdCAvX19XS0FOQ0hPUl8z awogIC9Db3VudCAwCiAgL05leHQgMTA2OCAwIFIKICAvUHJldiAxMDY2IDAgUgo+PgplbmRvYmoK MTA2OCAwIG9iago8PC9UaXRsZSAo/v8ANwAuADIALgCgACAARQByAHIAbwByACAAUgBlAHMAcABv AG4AcwBlKQogIC9QYXJlbnQgMTAwNCAwIFIKICAvRGVzdCAvX19XS0FOQ0hPUl8zbQogIC9Db3Vu dCAwCiAgL05leHQgMTA2OSAwIFIKICAvUHJldiAxMDY3IDAgUgo+PgplbmRvYmoKMTA2OSAwIG9i ago8PC9UaXRsZSAo/v8AOAAuAKAAIABFAHgAdABlAG4AcwBpAGIAaQBsAGkAdAB5KQogIC9QYXJl bnQgMTAwNCAwIFIKICAvRGVzdCAvX19XS0FOQ0hPUl8zbwogIC9Db3VudCAwCiAgL05leHQgMTA3 MCAwIFIKICAvUHJldiAxMDY4IDAgUgo+PgplbmRvYmoKMTA3MCAwIG9iago8PC9UaXRsZSAo/v8A OAAuADEALgCgACAARABlAGYAaQBuAGkAbgBnACAAQQBjAGMAZQBzAHMAIABUAG8AawBlAG4AIABU AHkAcABlAHMpCiAgL1BhcmVudCAxMDA0IDAgUgogIC9EZXN0IC9fX1dLQU5DSE9SXzNxCiAgL0Nv dW50IDAKICAvTmV4dCAxMDcxIDAgUgogIC9QcmV2IDEwNjkgMCBSCj4+CmVuZG9iagoxMDcxIDAg b2JqCjw8L1RpdGxlICj+/wA4AC4AMgAuAKAAIABEAGUAZgBpAG4AaQBuAGcAIABOAGUAdwAgAEUA bgBkAHAAbwBpAG4AdAAgAFAAYQByAGEAbQBlAHQAZQByAHMpCiAgL1BhcmVudCAxMDA0IDAgUgog IC9EZXN0IC9fX1dLQU5DSE9SXzNzCiAgL0NvdW50IDAKICAvTmV4dCAxMDcyIDAgUgogIC9QcmV2 IDEwNzAgMCBSCj4+CmVuZG9iagoxMDcyIDAgb2JqCjw8L1RpdGxlICj+/wA4AC4AMwAuAKAAIABE AGUAZgBpAG4AaQBuAGcAIABOAGUAdwAgAEEAdQB0AGgAbwByAGkAegBhAHQAaQBvAG4AIABHAHIA YQBuAHQAIABUAHkAcABlAHMpCiAgL1BhcmVudCAxMDA0IDAgUgogIC9EZXN0IC9fX1dLQU5DSE9S XzN1CiAgL0NvdW50IDAKICAvTmV4dCAxMDczIDAgUgogIC9QcmV2IDEwNzEgMCBSCj4+CmVuZG9i agoxMDczIDAgb2JqCjw8L1RpdGxlICj+/wA4AC4ANAAuAKAAIABEAGUAZgBpAG4AaQBuAGcAIABO AGUAdwAgAEEAdQB0AGgAbwByAGkAegBhAHQAaQBvAG4AIABFAG4AZABwAG8AaQBuAHQAIABSAGUA cwBwAG8AbgBzAGUAIABUAHkAcABlAHMpCiAgL1BhcmVudCAxMDA0IDAgUgogIC9EZXN0IC9fX1dL QU5DSE9SXzN3CiAgL0NvdW50IDAKICAvTmV4dCAxMDc0IDAgUgogIC9QcmV2IDEwNzIgMCBSCj4+ CmVuZG9iagoxMDc0IDAgb2JqCjw8L1RpdGxlICj+/wA4AC4ANQAuAKAAIABEAGUAZgBpAG4AaQBu AGcAIABBAGQAZABpAHQAaQBvAG4AYQBsACAARQByAHIAbwByACAAQwBvAGQAZQBzKQogIC9QYXJl bnQgMTAwNCAwIFIKICAvRGVzdCAvX19XS0FOQ0hPUl8zeQogIC9Db3VudCAwCiAgL05leHQgMTA3 NSAwIFIKICAvUHJldiAxMDczIDAgUgo+PgplbmRvYmoKMTA3NSAwIG9iago8PC9UaXRsZSAo/v8A OQAuAKAAIABOAGEAdABpAHYAZQAgAEEAcABwAGwAaQBjAGEAdABpAG8AbgBzKQogIC9QYXJlbnQg MTAwNCAwIFIKICAvRGVzdCAvX19XS0FOQ0hPUl80MAogIC9Db3VudCAwCiAgL05leHQgMTA3NiAw IFIKICAvUHJldiAxMDc0IDAgUgo+PgplbmRvYmoKMTA3NiAwIG9iago8PC9UaXRsZSAo/v8AMQAw AC4AoAAgAFMAZQBjAHUAcgBpAHQAeQAgAEMAbwBuAHMAaQBkAGUAcgBhAHQAaQBvAG4AcykKICAv UGFyZW50IDEwMDQgMCBSCiAgL0Rlc3QgL19fV0tBTkNIT1JfNDIKICAvQ291bnQgMAogIC9OZXh0 IDEwNzcgMCBSCiAgL1ByZXYgMTA3NSAwIFIKPj4KZW5kb2JqCjEwNzcgMCBvYmoKPDwvVGl0bGUg KP7/ADEAMAAuADEALgCgACAAQwBsAGkAZQBuAHQAIABBAHUAdABoAGUAbgB0AGkAYwBhAHQAaQBv AG4pCiAgL1BhcmVudCAxMDA0IDAgUgogIC9EZXN0IC9fX1dLQU5DSE9SXzQ0CiAgL0NvdW50IDAK ICAvTmV4dCAxMDc4IDAgUgogIC9QcmV2IDEwNzYgMCBSCj4+CmVuZG9iagoxMDc4IDAgb2JqCjw8 L1RpdGxlICj+/wAxADAALgAyAC4AoAAgAEMAbABpAGUAbgB0ACAASQBtAHAAZQByAHMAbwBuAGEA dABpAG8AbikKICAvUGFyZW50IDEwMDQgMCBSCiAgL0Rlc3QgL19fV0tBTkNIT1JfNDYKICAvQ291 bnQgMAogIC9OZXh0IDEwNzkgMCBSCiAgL1ByZXYgMTA3NyAwIFIKPj4KZW5kb2JqCjEwNzkgMCBv YmoKPDwvVGl0bGUgKP7/ADEAMAAuADMALgCgACAAQQBjAGMAZQBzAHMAIABUAG8AawBlAG4AcykK ICAvUGFyZW50IDEwMDQgMCBSCiAgL0Rlc3QgL19fV0tBTkNIT1JfNDgKICAvQ291bnQgMAogIC9O ZXh0IDEwODAgMCBSCiAgL1ByZXYgMTA3OCAwIFIKPj4KZW5kb2JqCjEwODAgMCBvYmoKPDwvVGl0 bGUgKP7/ADEAMAAuADQALgCgACAAUgBlAGYAcgBlAHMAaAAgAFQAbwBrAGUAbgBzKQogIC9QYXJl bnQgMTAwNCAwIFIKICAvRGVzdCAvX19XS0FOQ0hPUl80YQogIC9Db3VudCAwCiAgL05leHQgMTA4 MSAwIFIKICAvUHJldiAxMDc5IDAgUgo+PgplbmRvYmoKMTA4MSAwIG9iago8PC9UaXRsZSAo/v8A MQAwAC4ANQAuAKAAIABBAHUAdABoAG8AcgBpAHoAYQB0AGkAbwBuACAAQwBvAGQAZQBzKQogIC9Q YXJlbnQgMTAwNCAwIFIKICAvRGVzdCAvX19XS0FOQ0hPUl80YwogIC9Db3VudCAwCiAgL05leHQg MTA4MiAwIFIKICAvUHJldiAxMDgwIDAgUgo+PgplbmRvYmoKMTA4MiAwIG9iago8PC9UaXRsZSAo /v8AMQAwAC4ANgAuAKAAIABBAHUAdABoAG8AcgBpAHoAYQB0AGkAbwBuACAAQwBvAGQAZQAgAFIA ZQBkAGkAcgBlAGMAdABpAG8AbgAgAFUAUgBJACAATQBhAG4AaQBwAHUAbABhAHQAaQBvAG4pCiAg L1BhcmVudCAxMDA0IDAgUgogIC9EZXN0IC9fX1dLQU5DSE9SXzRlCiAgL0NvdW50IDAKICAvTmV4 dCAxMDgzIDAgUgogIC9QcmV2IDEwODEgMCBSCj4+CmVuZG9iagoxMDgzIDAgb2JqCjw8L1RpdGxl ICj+/wAxADAALgA3AC4AoAAgAFIAZQBzAG8AdQByAGMAZQAgAE8AdwBuAGUAcgAgAFAAYQBzAHMA dwBvAHIAZAAgAEMAcgBlAGQAZQBuAHQAaQBhAGwAcykKICAvUGFyZW50IDEwMDQgMCBSCiAgL0Rl c3QgL19fV0tBTkNIT1JfNGcKICAvQ291bnQgMAogIC9OZXh0IDEwODQgMCBSCiAgL1ByZXYgMTA4 MiAwIFIKPj4KZW5kb2JqCjEwODQgMCBvYmoKPDwvVGl0bGUgKP7/ADEAMAAuADgALgCgACAAUgBl AHEAdQBlAHMAdAAgAEMAbwBuAGYAaQBkAGUAbgB0AGkAYQBsAGkAdAB5KQogIC9QYXJlbnQgMTAw NCAwIFIKICAvRGVzdCAvX19XS0FOQ0hPUl80aQogIC9Db3VudCAwCiAgL05leHQgMTA4NSAwIFIK ICAvUHJldiAxMDgzIDAgUgo+PgplbmRvYmoKMTA4NSAwIG9iago8PC9UaXRsZSAo/v8AMQAwAC4A OQAuAKAAIABFAG4AZABwAG8AaQBuAHQAcwAgAEEAdQB0AGgAZQBuAHQAaQBjAGkAdAB5KQogIC9Q YXJlbnQgMTAwNCAwIFIKICAvRGVzdCAvX19XS0FOQ0hPUl80awogIC9Db3VudCAwCiAgL05leHQg MTA4NiAwIFIKICAvUHJldiAxMDg0IDAgUgo+PgplbmRvYmoKMTA4NiAwIG9iago8PC9UaXRsZSAo /v8AMQAwAC4AMQAwAC4AoAAgAEMAcgBlAGQAZQBuAHQAaQBhAGwAcwAgAEcAdQBlAHMAcwBpAG4A ZwAgAEEAdAB0AGEAYwBrAHMpCiAgL1BhcmVudCAxMDA0IDAgUgogIC9EZXN0IC9fX1dLQU5DSE9S XzRtCiAgL0NvdW50IDAKICAvTmV4dCAxMDg3IDAgUgogIC9QcmV2IDEwODUgMCBSCj4+CmVuZG9i agoxMDg3IDAgb2JqCjw8L1RpdGxlICj+/wAxADAALgAxADEALgCgACAAUABoAGkAcwBoAGkAbgBn ACAAQQB0AHQAYQBjAGsAcykKICAvUGFyZW50IDEwMDQgMCBSCiAgL0Rlc3QgL19fV0tBTkNIT1Jf NG8KICAvQ291bnQgMAogIC9OZXh0IDEwODggMCBSCiAgL1ByZXYgMTA4NiAwIFIKPj4KZW5kb2Jq CjEwODggMCBvYmoKPDwvVGl0bGUgKP7/ADEAMAAuADEAMgAuAKAAIABDAHIAbwBzAHMALQBTAGkA dABlACAAUgBlAHEAdQBlAHMAdAAgAEYAbwByAGcAZQByAHkpCiAgL1BhcmVudCAxMDA0IDAgUgog IC9EZXN0IC9fX1dLQU5DSE9SXzRxCiAgL0NvdW50IDAKICAvTmV4dCAxMDg5IDAgUgogIC9QcmV2 IDEwODcgMCBSCj4+CmVuZG9iagoxMDg5IDAgb2JqCjw8L1RpdGxlICj+/wAxADAALgAxADMALgCg ACAAQwBsAGkAYwBrAGoAYQBjAGsAaQBuAGcpCiAgL1BhcmVudCAxMDA0IDAgUgogIC9EZXN0IC9f X1dLQU5DSE9SXzRzCiAgL0NvdW50IDAKICAvTmV4dCAxMDkwIDAgUgogIC9QcmV2IDEwODggMCBS Cj4+CmVuZG9iagoxMDkwIDAgb2JqCjw8L1RpdGxlICj+/wAxADAALgAxADQALgCgACAAQwBvAGQA ZQAgAEkAbgBqAGUAYwB0AGkAbwBuACAAYQBuAGQAIABJAG4AcAB1AHQAIABWAGEAbABpAGQAYQB0 AGkAbwBuKQogIC9QYXJlbnQgMTAwNCAwIFIKICAvRGVzdCAvX19XS0FOQ0hPUl80dQogIC9Db3Vu dCAwCiAgL05leHQgMTA5MSAwIFIKICAvUHJldiAxMDg5IDAgUgo+PgplbmRvYmoKMTA5MSAwIG9i ago8PC9UaXRsZSAo/v8AMQAwAC4AMQA1AC4AoAAgAE8AcABlAG4AIABSAGUAZABpAHIAZQBjAHQA bwByAHMpCiAgL1BhcmVudCAxMDA0IDAgUgogIC9EZXN0IC9fX1dLQU5DSE9SXzR3CiAgL0NvdW50 IDAKICAvTmV4dCAxMDkyIDAgUgogIC9QcmV2IDEwOTAgMCBSCj4+CmVuZG9iagoxMDkyIDAgb2Jq Cjw8L1RpdGxlICj+/wAxADAALgAxADYALgCgACAATQBpAHMAdQBzAGUAIABvAGYAIABBAGMAYwBl AHMAcwAgAFQAbwBrAGUAbgAgAHQAbwAgAEkAbQBwAGUAcgBzAG8AbgBhAHQAZQAgAFIAZQBzAG8A dQByAGMAZQAgAE8AdwBuAGUAcgAgAGEAdAAgAFAAdQBiAGwAaQBjACAAQwBsAGkAZQBuAHQpCiAg L1BhcmVudCAxMDA0IDAgUgogIC9EZXN0IC9fX1dLQU5DSE9SXzR5CiAgL0NvdW50IDAKICAvTmV4 dCAxMDkzIDAgUgogIC9QcmV2IDEwOTEgMCBSCj4+CmVuZG9iagoxMDkzIDAgb2JqCjw8L1RpdGxl ICj+/wAxADEALgCgACAASQBBAE4AQQAgAEMAbwBuAHMAaQBkAGUAcgBhAHQAaQBvAG4AcykKICAv UGFyZW50IDEwMDQgMCBSCiAgL0Rlc3QgL19fV0tBTkNIT1JfNTAKICAvQ291bnQgMAogIC9OZXh0 IDEwOTQgMCBSCiAgL1ByZXYgMTA5MiAwIFIKPj4KZW5kb2JqCjEwOTQgMCBvYmoKPDwvVGl0bGUg KP7/ADEAMQAuADEALgCgACAAVABoAGUAIABPAEEAdQB0AGgAIABBAGMAYwBlAHMAcwAgAFQAbwBr AGUAbgAgAFQAeQBwAGUAIABSAGUAZwBpAHMAdAByAHkpCiAgL1BhcmVudCAxMDA0IDAgUgogIC9E ZXN0IC9fX1dLQU5DSE9SXzUyCiAgL0NvdW50IDAKICAvTmV4dCAxMDk1IDAgUgogIC9QcmV2IDEw OTMgMCBSCj4+CmVuZG9iagoxMDk1IDAgb2JqCjw8L1RpdGxlICj+/wAxADEALgAxAC4AMQAuAKAA IABSAGUAZwBpAHMAdAByAGEAdABpAG8AbgAgAFQAZQBtAHAAbABhAHQAZSkKICAvUGFyZW50IDEw MDQgMCBSCiAgL0Rlc3QgL19fV0tBTkNIT1JfNTQKICAvQ291bnQgMAogIC9OZXh0IDEwOTYgMCBS CiAgL1ByZXYgMTA5NCAwIFIKPj4KZW5kb2JqCjEwOTYgMCBvYmoKPDwvVGl0bGUgKP7/ADEAMQAu ADIALgCgACAAVABoAGUAIABPAEEAdQB0AGgAIABQAGEAcgBhAG0AZQB0AGUAcgBzACAAUgBlAGcA aQBzAHQAcgB5KQogIC9QYXJlbnQgMTAwNCAwIFIKICAvRGVzdCAvX19XS0FOQ0hPUl81NgogIC9D b3VudCAwCiAgL05leHQgMTA5NyAwIFIKICAvUHJldiAxMDk1IDAgUgo+PgplbmRvYmoKMTA5NyAw IG9iago8PC9UaXRsZSAo/v8AMQAxAC4AMgAuADEALgCgACAAUgBlAGcAaQBzAHQAcgBhAHQAaQBv AG4AIABUAGUAbQBwAGwAYQB0AGUpCiAgL1BhcmVudCAxMDA0IDAgUgogIC9EZXN0IC9fX1dLQU5D SE9SXzU4CiAgL0NvdW50IDAKICAvTmV4dCAxMDk4IDAgUgogIC9QcmV2IDEwOTYgMCBSCj4+CmVu ZG9iagoxMDk4IDAgb2JqCjw8L1RpdGxlICj+/wAxADEALgAyAC4AMgAuAKAAIABJAG4AaQB0AGkA YQBsACAAUgBlAGcAaQBzAHQAcgB5ACAAQwBvAG4AdABlAG4AdABzKQogIC9QYXJlbnQgMTAwNCAw IFIKICAvRGVzdCAvX19XS0FOQ0hPUl81YQogIC9Db3VudCAwCiAgL05leHQgMTA5OSAwIFIKICAv UHJldiAxMDk3IDAgUgo+PgplbmRvYmoKMTA5OSAwIG9iago8PC9UaXRsZSAo/v8AMQAxAC4AMwAu AKAAIABUAGgAZQAgAE8AQQB1AHQAaAAgAEEAdQB0AGgAbwByAGkAegBhAHQAaQBvAG4AIABFAG4A ZABwAG8AaQBuAHQAIABSAGUAcwBwAG8AbgBzAGUAIABUAHkAcABlACAAUgBlAGcAaQBzAHQAcgB5 KQogIC9QYXJlbnQgMTAwNCAwIFIKICAvRGVzdCAvX19XS0FOQ0hPUl81YwogIC9Db3VudCAwCiAg L05leHQgMTEwMCAwIFIKICAvUHJldiAxMDk4IDAgUgo+PgplbmRvYmoKMTEwMCAwIG9iago8PC9U aXRsZSAo/v8AMQAxAC4AMwAuADEALgCgACAAUgBlAGcAaQBzAHQAcgBhAHQAaQBvAG4AIABUAGUA bQBwAGwAYQB0AGUpCiAgL1BhcmVudCAxMDA0IDAgUgogIC9EZXN0IC9fX1dLQU5DSE9SXzVlCiAg L0NvdW50IDAKICAvTmV4dCAxMTAxIDAgUgogIC9QcmV2IDEwOTkgMCBSCj4+CmVuZG9iagoxMTAx IDAgb2JqCjw8L1RpdGxlICj+/wAxADEALgAzAC4AMgAuAKAAIABJAG4AaQB0AGkAYQBsACAAUgBl AGcAaQBzAHQAcgB5ACAAQwBvAG4AdABlAG4AdABzKQogIC9QYXJlbnQgMTAwNCAwIFIKICAvRGVz dCAvX19XS0FOQ0hPUl81ZwogIC9Db3VudCAwCiAgL05leHQgMTEwMiAwIFIKICAvUHJldiAxMTAw IDAgUgo+PgplbmRvYmoKMTEwMiAwIG9iago8PC9UaXRsZSAo/v8AMQAxAC4ANAAuAKAAIABUAGgA ZQAgAE8AQQB1AHQAaAAgAEUAeAB0AGUAbgBzAGkAbwBuAHMAIABFAHIAcgBvAHIAIABSAGUAZwBp AHMAdAByAHkpCiAgL1BhcmVudCAxMDA0IDAgUgogIC9EZXN0IC9fX1dLQU5DSE9SXzVpCiAgL0Nv dW50IDAKICAvTmV4dCAxMTAzIDAgUgogIC9QcmV2IDExMDEgMCBSCj4+CmVuZG9iagoxMTAzIDAg b2JqCjw8L1RpdGxlICj+/wAxADEALgA0AC4AMQAuAKAAIABSAGUAZwBpAHMAdAByAGEAdABpAG8A bgAgAFQAZQBtAHAAbABhAHQAZSkKICAvUGFyZW50IDEwMDQgMCBSCiAgL0Rlc3QgL19fV0tBTkNI T1JfNWsKICAvQ291bnQgMAogIC9OZXh0IDExMDQgMCBSCiAgL1ByZXYgMTEwMiAwIFIKPj4KZW5k b2JqCjExMDQgMCBvYmoKPDwvVGl0bGUgKP7/ADEAMgAuAKAAIABSAGUAZgBlAHIAZQBuAGMAZQBz KQogIC9QYXJlbnQgMTAwNCAwIFIKICAvRGVzdCAvX19XS0FOQ0hPUl81bQogIC9Db3VudCAwCiAg L05leHQgMTEwNSAwIFIKICAvUHJldiAxMTAzIDAgUgo+PgplbmRvYmoKMTEwNSAwIG9iago8PC9U aXRsZSAo/v8AMQAyAC4AMQAuAKAATgBvAHIAbQBhAHQAaQB2AGUAIABSAGUAZgBlAHIAZQBuAGMA ZQBzKQogIC9QYXJlbnQgMTAwNCAwIFIKICAvRGVzdCAvX19XS0FOQ0hPUl81bwogIC9Db3VudCAw CiAgL05leHQgMTEwNiAwIFIKICAvUHJldiAxMTA0IDAgUgo+PgplbmRvYmoKMTEwNiAwIG9iago8 PC9UaXRsZSAo/v8AMQAyAC4AMgAuAKAASQBuAGYAbwByAG0AYQB0AGkAdgBlACAAUgBlAGYAZQBy AGUAbgBjAGUAcykKICAvUGFyZW50IDEwMDQgMCBSCiAgL0Rlc3QgL19fV0tBTkNIT1JfNXEKICAv Q291bnQgMAogIC9OZXh0IDExMDcgMCBSCiAgL1ByZXYgMTEwNSAwIFIKPj4KZW5kb2JqCjExMDcg MCBvYmoKPDwvVGl0bGUgKP7/AEEAcABwAGUAbgBkAGkAeAAgAEEALgCgACAAQQB1AGcAbQBlAG4A dABlAGQAIABCAGEAYwBrAHUAcwAtAE4AYQB1AHIAIABGAG8AcgBtACAAXCgAQQBCAE4ARgBcKQAg AFMAeQBuAHQAYQB4KQogIC9QYXJlbnQgMTAwNCAwIFIKICAvRGVzdCAvX19XS0FOQ0hPUl81cwog IC9Db3VudCAwCiAgL05leHQgMTEwOCAwIFIKICAvUHJldiAxMTA2IDAgUgo+PgplbmRvYmoKMTEw OCAwIG9iago8PC9UaXRsZSAo/v8AQQAuADEALgCgACAAIgBjAGwAaQBlAG4AdABfAGkAZAAiACAA UwB5AG4AdABhAHgpCiAgL1BhcmVudCAxMDA0IDAgUgogIC9EZXN0IC9fX1dLQU5DSE9SXzV1CiAg L0NvdW50IDAKICAvTmV4dCAxMTA5IDAgUgogIC9QcmV2IDExMDcgMCBSCj4+CmVuZG9iagoxMTA5 IDAgb2JqCjw8L1RpdGxlICj+/wBBAC4AMgAuAKAAIAAiAGMAbABpAGUAbgB0AF8AcwBlAGMAcgBl AHQAIgAgAFMAeQBuAHQAYQB4KQogIC9QYXJlbnQgMTAwNCAwIFIKICAvRGVzdCAvX19XS0FOQ0hP Ul81dwogIC9Db3VudCAwCiAgL05leHQgMTExMCAwIFIKICAvUHJldiAxMTA4IDAgUgo+PgplbmRv YmoKMTExMCAwIG9iago8PC9UaXRsZSAo/v8AQQAuADMALgCgACAAIgByAGUAcwBwAG8AbgBzAGUA XwB0AHkAcABlACIAIABTAHkAbgB0AGEAeCkKICAvUGFyZW50IDEwMDQgMCBSCiAgL0Rlc3QgL19f V0tBTkNIT1JfNXkKICAvQ291bnQgMAogIC9OZXh0IDExMTEgMCBSCiAgL1ByZXYgMTEwOSAwIFIK Pj4KZW5kb2JqCjExMTEgMCBvYmoKPDwvVGl0bGUgKP7/AEEALgA0AC4AoAAgACIAcwBjAG8AcABl ACIAIABTAHkAbgB0AGEAeCkKICAvUGFyZW50IDEwMDQgMCBSCiAgL0Rlc3QgL19fV0tBTkNIT1Jf NjAKICAvQ291bnQgMAogIC9OZXh0IDExMTIgMCBSCiAgL1ByZXYgMTExMCAwIFIKPj4KZW5kb2Jq CjExMTIgMCBvYmoKPDwvVGl0bGUgKP7/AEEALgA1AC4AoAAgACIAcwB0AGEAdABlACIAIABTAHkA bgB0AGEAeCkKICAvUGFyZW50IDEwMDQgMCBSCiAgL0Rlc3QgL19fV0tBTkNIT1JfNjIKICAvQ291 bnQgMAogIC9OZXh0IDExMTMgMCBSCiAgL1ByZXYgMTExMSAwIFIKPj4KZW5kb2JqCjExMTMgMCBv YmoKPDwvVGl0bGUgKP7/AEEALgA2AC4AoAAgACIAcgBlAGQAaQByAGUAYwB0AF8AdQByAGkAIgAg AFMAeQBuAHQAYQB4KQogIC9QYXJlbnQgMTAwNCAwIFIKICAvRGVzdCAvX19XS0FOQ0hPUl82NAog IC9Db3VudCAwCiAgL05leHQgMTExNCAwIFIKICAvUHJldiAxMTEyIDAgUgo+PgplbmRvYmoKMTEx NCAwIG9iago8PC9UaXRsZSAo/v8AQQAuADcALgCgACAAIgBlAHIAcgBvAHIAIgAgAFMAeQBuAHQA YQB4KQogIC9QYXJlbnQgMTAwNCAwIFIKICAvRGVzdCAvX19XS0FOQ0hPUl82NgogIC9Db3VudCAw CiAgL05leHQgMTExNSAwIFIKICAvUHJldiAxMTEzIDAgUgo+PgplbmRvYmoKMTExNSAwIG9iago8 PC9UaXRsZSAo/v8AQQAuADgALgCgACAAIgBlAHIAcgBvAHIAXwBkAGUAcwBjAHIAaQBwAHQAaQBv AG4AIgAgAFMAeQBuAHQAYQB4KQogIC9QYXJlbnQgMTAwNCAwIFIKICAvRGVzdCAvX19XS0FOQ0hP Ul82OAogIC9Db3VudCAwCiAgL05leHQgMTExNiAwIFIKICAvUHJldiAxMTE0IDAgUgo+PgplbmRv YmoKMTExNiAwIG9iago8PC9UaXRsZSAo/v8AQQAuADkALgCgACAAIgBlAHIAcgBvAHIAXwB1AHIA aQAiACAAUwB5AG4AdABhAHgpCiAgL1BhcmVudCAxMDA0IDAgUgogIC9EZXN0IC9fX1dLQU5DSE9S XzZhCiAgL0NvdW50IDAKICAvTmV4dCAxMTE3IDAgUgogIC9QcmV2IDExMTUgMCBSCj4+CmVuZG9i agoxMTE3IDAgb2JqCjw8L1RpdGxlICj+/wBBAC4AMQAwAC4AoAAgACIAZwByAGEAbgB0AF8AdAB5 AHAAZQAiACAAUwB5AG4AdABhAHgpCiAgL1BhcmVudCAxMDA0IDAgUgogIC9EZXN0IC9fX1dLQU5D SE9SXzZjCiAgL0NvdW50IDAKICAvTmV4dCAxMTE4IDAgUgogIC9QcmV2IDExMTYgMCBSCj4+CmVu ZG9iagoxMTE4IDAgb2JqCjw8L1RpdGxlICj+/wBBAC4AMQAxAC4AoAAgACIAYwBvAGQAZQAiACAA UwB5AG4AdABhAHgpCiAgL1BhcmVudCAxMDA0IDAgUgogIC9EZXN0IC9fX1dLQU5DSE9SXzZlCiAg L0NvdW50IDAKICAvTmV4dCAxMTE5IDAgUgogIC9QcmV2IDExMTcgMCBSCj4+CmVuZG9iagoxMTE5 IDAgb2JqCjw8L1RpdGxlICj+/wBBAC4AMQAyAC4AoAAgACIAYQBjAGMAZQBzAHMAXwB0AG8AawBl AG4AIgAgAFMAeQBuAHQAYQB4KQogIC9QYXJlbnQgMTAwNCAwIFIKICAvRGVzdCAvX19XS0FOQ0hP Ul82ZwogIC9Db3VudCAwCiAgL05leHQgMTEyMCAwIFIKICAvUHJldiAxMTE4IDAgUgo+PgplbmRv YmoKMTEyMCAwIG9iago8PC9UaXRsZSAo/v8AQQAuADEAMwAuAKAAIAAiAHQAbwBrAGUAbgBfAHQA eQBwAGUAIgAgAFMAeQBuAHQAYQB4KQogIC9QYXJlbnQgMTAwNCAwIFIKICAvRGVzdCAvX19XS0FO Q0hPUl82aQogIC9Db3VudCAwCiAgL05leHQgMTEyMSAwIFIKICAvUHJldiAxMTE5IDAgUgo+Pgpl bmRvYmoKMTEyMSAwIG9iago8PC9UaXRsZSAo/v8AQQAuADEANAAuAKAAIAAiAGUAeABwAGkAcgBl AHMAXwBpAG4AIgAgAFMAeQBuAHQAYQB4KQogIC9QYXJlbnQgMTAwNCAwIFIKICAvRGVzdCAvX19X S0FOQ0hPUl82awogIC9Db3VudCAwCiAgL05leHQgMTEyMiAwIFIKICAvUHJldiAxMTIwIDAgUgo+ PgplbmRvYmoKMTEyMiAwIG9iago8PC9UaXRsZSAo/v8AQQAuADEANQAuAKAAIAAiAHUAcwBlAHIA bgBhAG0AZQAiACAAUwB5AG4AdABhAHgpCiAgL1BhcmVudCAxMDA0IDAgUgogIC9EZXN0IC9fX1dL QU5DSE9SXzZtCiAgL0NvdW50IDAKICAvTmV4dCAxMTIzIDAgUgogIC9QcmV2IDExMjEgMCBSCj4+ CmVuZG9iagoxMTIzIDAgb2JqCjw8L1RpdGxlICj+/wBBAC4AMQA2AC4AoAAgACIAcABhAHMAcwB3 AG8AcgBkACIAIABTAHkAbgB0AGEAeCkKICAvUGFyZW50IDEwMDQgMCBSCiAgL0Rlc3QgL19fV0tB TkNIT1JfNm8KICAvQ291bnQgMAogIC9OZXh0IDExMjQgMCBSCiAgL1ByZXYgMTEyMiAwIFIKPj4K ZW5kb2JqCjExMjQgMCBvYmoKPDwvVGl0bGUgKP7/AEEALgAxADcALgCgACAAIgByAGUAZgByAGUA cwBoAF8AdABvAGsAZQBuACIAIABTAHkAbgB0AGEAeCkKICAvUGFyZW50IDEwMDQgMCBSCiAgL0Rl c3QgL19fV0tBTkNIT1JfNnEKICAvQ291bnQgMAogIC9OZXh0IDExMjUgMCBSCiAgL1ByZXYgMTEy MyAwIFIKPj4KZW5kb2JqCjExMjUgMCBvYmoKPDwvVGl0bGUgKP7/AEEALgAxADgALgCgACAARQBu AGQAcABvAGkAbgB0ACAAUABhAHIAYQBtAGUAdABlAHIAIABTAHkAbgB0AGEAeCkKICAvUGFyZW50 IDEwMDQgMCBSCiAgL0Rlc3QgL19fV0tBTkNIT1JfNnMKICAvQ291bnQgMAogIC9OZXh0IDExMjYg MCBSCiAgL1ByZXYgMTEyNCAwIFIKPj4KZW5kb2JqCjExMjYgMCBvYmoKPDwvVGl0bGUgKP7/AEEA cABwAGUAbgBkAGkAeAAgAEIALgCgACAAQQBjAGsAbgBvAHcAbABlAGQAZwBlAG0AZQBuAHQAcykK ICAvUGFyZW50IDEwMDQgMCBSCiAgL0Rlc3QgL19fV0tBTkNIT1JfNnUKICAvQ291bnQgMAogIC9O ZXh0IDExMjcgMCBSCiAgL1ByZXYgMTEyNSAwIFIKPj4KZW5kb2JqCjExMjcgMCBvYmoKPDwvVGl0 bGUgKP7/AEEAcABwAGUAbgBkAGkAeAAgAEMALgCgACAARABvAGMAdQBtAGUAbgB0ACAASABpAHMA dABvAHIAeSkKICAvUGFyZW50IDEwMDQgMCBSCiAgL0Rlc3QgL19fV0tBTkNIT1JfNncKICAvQ291 bnQgMAogIC9OZXh0IDExMjggMCBSCiAgL1ByZXYgMTEyNiAwIFIKPj4KZW5kb2JqCjExMjggMCBv YmoKPDwvVGl0bGUgKP7/AEEAdQB0AGgAbwByAHMAJwAgAEEAZABkAHIAZQBzAHMAZQBzKQogIC9Q YXJlbnQgMTAwNCAwIFIKICAvRGVzdCAvX19XS0FOQ0hPUl82eQogIC9Db3VudCAwCiAgL1ByZXYg MTEyNyAwIFIKPj4KZW5kb2JqCjEwMDQgMCBvYmoKPDwvVGl0bGUgKP7/AFQAaABlACAATwBBAHUA dABoACAAMgAuADAAIABBAHUAdABoAG8AcgBpAHoAYQB0AGkAbwBuACAARgByAGEAbQBlAHcAbwBy AGsAIABkAHIAYQBmAHQALQBpAGUAdABmAC0AbwBhAHUAdABoAC0AdgAyAC0AMgA5KQogIC9QYXJl bnQgMTAwMyAwIFIKICAvRGVzdCAvX19XS0FOQ0hPUl8yCiAgL0NvdW50IDAKICAvRmlyc3QgMTAw NSAwIFIKICAvTGFzdCAxMTI4IDAgUgo+PgplbmRvYmoKMTAwMyAwIG9iago8PC9UeXBlIC9PdXRs aW5lcyAvRmlyc3QgMTAwNCAwIFIKL0xhc3QgMTAwNCAwIFI+PgplbmRvYmoKMTEyOSAwIG9iago8 PAovVHlwZSAvQ2F0YWxvZwovUGFnZXMgMiAwIFIKL091dGxpbmVzIDEwMDMgMCBSCi9QYWdlTW9k ZSAvVXNlT3V0bGluZXMKL0Rlc3RzIDw8Ci9maWxlIzNhIzJmIzJmIzJmdmFyIzJmdG1wIzJmQ0dJ dGVtcDUwNzI5LmRpciMyZmRyYWZ0IzJkaWV0ZiMyZG9hdXRoIzJkdjIuaHRtbC5odG1sIzIzYW5j aG9yNTAgNzE3IDAgUgovZmlsZSMzYSMyZiMyZiMyZnZhciMyZnRtcCMyZkNHSXRlbXA1MDcyOS5k aXIjMmZkcmFmdCMyZGlldGYjMmRvYXV0aCMyZHYyLmh0bWwuaHRtbCMyM2FuY2hvcjUxIDc0MCAw IFIKL2ZpbGUjM2EjMmYjMmYjMmZ2YXIjMmZ0bXAjMmZDR0l0ZW1wNTA3MjkuZGlyIzJmZHJhZnQj MmRpZXRmIzJkb2F1dGgjMmR2Mi5odG1sLmh0bWwjMjNhbmNob3I1MiA3NDEgMCBSCi9maWxlIzNh IzJmIzJmIzJmdmFyIzJmdG1wIzJmQ0dJdGVtcDUwNzI5LmRpciMyZmRyYWZ0IzJkaWV0ZiMyZG9h dXRoIzJkdjIuaHRtbC5odG1sIzIzYW5jaG9yNTMgNzQyIDAgUgovZmlsZSMzYSMyZiMyZiMyZnZh ciMyZnRtcCMyZkNHSXRlbXA1MDcyOS5kaXIjMmZkcmFmdCMyZGlldGYjMmRvYXV0aCMyZHYyLmh0 bWwuaHRtbCMyM2FuY2hvcjU2IDg1MyAwIFIKL2ZpbGUjM2EjMmYjMmYjMmZ2YXIjMmZ0bXAjMmZD R0l0ZW1wNTA3MjkuZGlyIzJmZHJhZnQjMmRpZXRmIzJkb2F1dGgjMmR2Mi5odG1sLmh0bWwjMjNh bmNob3I1NyA4NTQgMCBSCi9maWxlIzNhIzJmIzJmIzJmdmFyIzJmdG1wIzJmQ0dJdGVtcDUwNzI5 LmRpciMyZmRyYWZ0IzJkaWV0ZiMyZG9hdXRoIzJkdjIuaHRtbC5odG1sIzIzYW5jaG9yNTggODU2 IDAgUgovZmlsZSMzYSMyZiMyZiMyZnZhciMyZnRtcCMyZkNHSXRlbXA1MDcyOS5kaXIjMmZkcmFm dCMyZGlldGYjMmRvYXV0aCMyZHYyLmh0bWwuaHRtbCMyM1JGQzUyNDYgNzU5IDAgUgovZmlsZSMz YSMyZiMyZiMyZnZhciMyZnRtcCMyZkNHSXRlbXA1MDcyOS5kaXIjMmZkcmFmdCMyZGlldGYjMmRv YXV0aCMyZHYyLmh0bWwuaHRtbCMyM2FuY2hvcjU5IDg1OCAwIFIKL2ZpbGUjM2EjMmYjMmYjMmZ2 YXIjMmZ0bXAjMmZDR0l0ZW1wNTA3MjkuZGlyIzJmZHJhZnQjMmRpZXRmIzJkb2F1dGgjMmR2Mi5o dG1sLmh0bWwjMjNpbXBsaWNpdCMyZGF1dGh6IzJkcmVzcCA0MTIgMCBSCi9maWxlIzNhIzJmIzJm IzJmdmFyIzJmdG1wIzJmQ0dJdGVtcDUwNzI5LmRpciMyZmRyYWZ0IzJkaWV0ZiMyZG9hdXRoIzJk djIuaHRtbC5odG1sIzIzYW5jaG9yNjAgODQ4IDAgUgovZmlsZSMzYSMyZiMyZiMyZnZhciMyZnRt cCMyZkNHSXRlbXA1MDcyOS5kaXIjMmZkcmFmdCMyZGlldGYjMmRvYXV0aCMyZHYyLmh0bWwuaHRt bCMyM2FuY2hvcjYxIDg5MyAwIFIKL2ZpbGUjM2EjMmYjMmYjMmZ2YXIjMmZ0bXAjMmZDR0l0ZW1w NTA3MjkuZGlyIzJmZHJhZnQjMmRpZXRmIzJkb2F1dGgjMmR2Mi5odG1sLmh0bWwjMjNhbmNob3I2 MiA4OTQgMCBSCi9maWxlIzNhIzJmIzJmIzJmdmFyIzJmdG1wIzJmQ0dJdGVtcDUwNzI5LmRpciMy ZmRyYWZ0IzJkaWV0ZiMyZG9hdXRoIzJkdjIuaHRtbC5odG1sIzIzYW5jaG9yNjMgODk3IDAgUgov ZmlsZSMzYSMyZiMyZiMyZnZhciMyZnRtcCMyZkNHSXRlbXA1MDcyOS5kaXIjMmZkcmFmdCMyZGll dGYjMmRvYXV0aCMyZHYyLmh0bWwuaHRtbCMyM2FuY2hvcjY0IDg5OCAwIFIKL2ZpbGUjM2EjMmYj MmYjMmZ2YXIjMmZ0bXAjMmZDR0l0ZW1wNTA3MjkuZGlyIzJmZHJhZnQjMmRpZXRmIzJkb2F1dGgj MmR2Mi5odG1sLmh0bWwjMjNhbmNob3I2NSA4OTkgMCBSCi9maWxlIzNhIzJmIzJmIzJmdmFyIzJm dG1wIzJmQ0dJdGVtcDUwNzI5LmRpciMyZmRyYWZ0IzJkaWV0ZiMyZG9hdXRoIzJkdjIuaHRtbC5o dG1sIzIzYW5jaG9yNjYgOTAwIDAgUgovZmlsZSMzYSMyZiMyZiMyZnZhciMyZnRtcCMyZkNHSXRl bXA1MDcyOS5kaXIjMmZkcmFmdCMyZGlldGYjMmRvYXV0aCMyZHYyLmh0bWwuaHRtbCMyM2FuY2hv cjY3IDk0NyAwIFIKL2ZpbGUjM2EjMmYjMmYjMmZ2YXIjMmZ0bXAjMmZDR0l0ZW1wNTA3MjkuZGly IzJmZHJhZnQjMmRpZXRmIzJkb2F1dGgjMmR2Mi5odG1sLmh0bWwjMjNhbmNob3I2OCA5NDggMCBS Ci9maWxlIzNhIzJmIzJmIzJmdmFyIzJmdG1wIzJmQ0dJdGVtcDUwNzI5LmRpciMyZmRyYWZ0IzJk aWV0ZiMyZG9hdXRoIzJkdjIuaHRtbC5odG1sIzIzYW5jaG9yNjkgOTUwIDAgUgovZmlsZSMzYSMy ZiMyZiMyZnZhciMyZnRtcCMyZkNHSXRlbXA1MDcyOS5kaXIjMmZkcmFmdCMyZGlldGYjMmRvYXV0 aCMyZHYyLmh0bWwuaHRtbCMyM2FuY2hvcjcwIDk0MSAwIFIKL2ZpbGUjM2EjMmYjMmYjMmZ2YXIj MmZ0bXAjMmZDR0l0ZW1wNTA3MjkuZGlyIzJmZHJhZnQjMmRpZXRmIzJkb2F1dGgjMmR2Mi5odG1s Lmh0bWwjMjNhbmNob3I3MSA5NDIgMCBSCi9maWxlIzNhIzJmIzJmIzJmdmFyIzJmdG1wIzJmQ0dJ dGVtcDUwNzI5LmRpciMyZmRyYWZ0IzJkaWV0ZiMyZG9hdXRoIzJkdjIuaHRtbC5odG1sIzIzYW5j aG9yNzIgOTQzIDAgUgovZmlsZSMzYSMyZiMyZiMyZnZhciMyZnRtcCMyZkNHSXRlbXA1MDcyOS5k aXIjMmZkcmFmdCMyZGlldGYjMmRvYXV0aCMyZHYyLmh0bWwuaHRtbCMyM2FuY2hvcjczIDk0NCAw IFIKL2ZpbGUjM2EjMmYjMmYjMmZ2YXIjMmZ0bXAjMmZDR0l0ZW1wNTA3MjkuZGlyIzJmZHJhZnQj MmRpZXRmIzJkb2F1dGgjMmR2Mi5odG1sLmh0bWwjMjNhbmNob3I3NCA5NzcgMCBSCi9maWxlIzNh IzJmIzJmIzJmdmFyIzJmdG1wIzJmQ0dJdGVtcDUwNzI5LmRpciMyZmRyYWZ0IzJkaWV0ZiMyZG9h dXRoIzJkdjIuaHRtbC5odG1sIzIzYW5jaG9yNzUgOTc5IDAgUgovZmlsZSMzYSMyZiMyZiMyZnZh ciMyZnRtcCMyZkNHSXRlbXA1MDcyOS5kaXIjMmZkcmFmdCMyZGlldGYjMmRvYXV0aCMyZHYyLmh0 bWwuaHRtbCMyM2FuY2hvcjc2IDk4MCAwIFIKL2ZpbGUjM2EjMmYjMmYjMmZ2YXIjMmZ0bXAjMmZD R0l0ZW1wNTA3MjkuZGlyIzJmZHJhZnQjMmRpZXRmIzJkb2F1dGgjMmR2Mi5odG1sLmh0bWwjMjNj bGllbnQjMmRyZXEgNDgwIDAgUgovZmlsZSMzYSMyZiMyZiMyZnZhciMyZnRtcCMyZkNHSXRlbXA1 MDcyOS5kaXIjMmZkcmFmdCMyZGlldGYjMmRvYXV0aCMyZHYyLmh0bWwuaHRtbCMyM1JGQzUyMjYg NzU4IDAgUgovZmlsZSMzYSMyZiMyZiMyZnZhciMyZnRtcCMyZkNHSXRlbXA1MDcyOS5kaXIjMmZk cmFmdCMyZGlldGYjMmRvYXV0aCMyZHYyLmh0bWwuaHRtbCMyM2NvZGUjMmRhdXRoeiMyZHJlc3Ag MzY3IDAgUgovZmlsZSMzYSMyZiMyZiMyZnZhciMyZnRtcCMyZkNHSXRlbXA1MDcyOS5kaXIjMmZk cmFmdCMyZGlldGYjMmRvYXV0aCMyZHYyLmh0bWwuaHRtbCMyM3Jlc291cmNlIzJkZXJyb3JzIDU2 NyAwIFIKL2ZpbGUjM2EjMmYjMmYjMmZ2YXIjMmZ0bXAjMmZDR0l0ZW1wNTA3MjkuZGlyIzJmZHJh ZnQjMmRpZXRmIzJkb2F1dGgjMmR2Mi5odG1sLmh0bWwjMjNwYXNzd29yZCMyZHRvayMyZHJlcSA0 NTIgMCBSCi9maWxlIzNhIzJmIzJmIzJmdmFyIzJmdG1wIzJmQ0dJdGVtcDUwNzI5LmRpciMyZmRy YWZ0IzJkaWV0ZiMyZG9hdXRoIzJkdjIuaHRtbC5odG1sIzIzUkZDNDYyNyA3NjggMCBSCi9maWxl IzNhIzJmIzJmIzJmdmFyIzJmdG1wIzJmQ0dJdGVtcDUwNzI5LmRpciMyZmRyYWZ0IzJkaWV0ZiMy ZG9hdXRoIzJkdjIuaHRtbC5odG1sIzIzdG9rZW4jMmR0eXBlcyA1NDggMCBSCi9maWxlIzNhIzJm IzJmIzJmdmFyIzJmdG1wIzJmQ0dJdGVtcDUwNzI5LmRpciMyZmRyYWZ0IzJkaWV0ZiMyZG9hdXRo IzJkdjIuaHRtbC5odG1sIzIzYW5jaG9yMTAgMTk4IDAgUgovZmlsZSMzYSMyZiMyZiMyZnZhciMy ZnRtcCMyZkNHSXRlbXA1MDcyOS5kaXIjMmZkcmFmdCMyZGlldGYjMmRvYXV0aCMyZHYyLmh0bWwu aHRtbCMyM2FuY2hvcjExIDIxNCAwIFIKL2ZpbGUjM2EjMmYjMmYjMmZ2YXIjMmZ0bXAjMmZDR0l0 ZW1wNTA3MjkuZGlyIzJmZHJhZnQjMmRpZXRmIzJkb2F1dGgjMmR2Mi5odG1sLmh0bWwjMjNhbmNo b3IxMiAyMDcgMCBSCi9maWxlIzNhIzJmIzJmIzJmdmFyIzJmdG1wIzJmQ0dJdGVtcDUwNzI5LmRp ciMyZmRyYWZ0IzJkaWV0ZiMyZG9hdXRoIzJkdjIuaHRtbC5odG1sIzIzYW5jaG9yMTMgMjA4IDAg UgovZmlsZSMzYSMyZiMyZiMyZnZhciMyZnRtcCMyZkNHSXRlbXA1MDcyOS5kaXIjMmZkcmFmdCMy ZGlldGYjMmRvYXV0aCMyZHYyLmh0bWwuaHRtbCMyM2FuY2hvcjEgMTA4IDAgUgovZmlsZSMzYSMy ZiMyZiMyZnZhciMyZnRtcCMyZkNHSXRlbXA1MDcyOS5kaXIjMmZkcmFmdCMyZGlldGYjMmRvYXV0 aCMyZHYyLmh0bWwuaHRtbCMyM2FuY2hvcjE0IDIzMCAwIFIKL2ZpbGUjM2EjMmYjMmYjMmZ2YXIj MmZ0bXAjMmZDR0l0ZW1wNTA3MjkuZGlyIzJmZHJhZnQjMmRpZXRmIzJkb2F1dGgjMmR2Mi5odG1s Lmh0bWwjMjNhbmNob3IyIDE1MiAwIFIKL2ZpbGUjM2EjMmYjMmYjMmZ2YXIjMmZ0bXAjMmZDR0l0 ZW1wNTA3MjkuZGlyIzJmZHJhZnQjMmRpZXRmIzJkb2F1dGgjMmR2Mi5odG1sLmh0bWwjMjNhbmNo b3IxNSAyNjEgMCBSCi9maWxlIzNhIzJmIzJmIzJmdmFyIzJmdG1wIzJmQ0dJdGVtcDUwNzI5LmRp ciMyZmRyYWZ0IzJkaWV0ZiMyZG9hdXRoIzJkdjIuaHRtbC5odG1sIzIzYW5jaG9yMyAxNTMgMCBS Ci9maWxlIzNhIzJmIzJmIzJmdmFyIzJmdG1wIzJmQ0dJdGVtcDUwNzI5LmRpciMyZmRyYWZ0IzJk aWV0ZiMyZG9hdXRoIzJkdjIuaHRtbC5odG1sIzIzYW5jaG9yMTYgMjYyIDAgUgovZmlsZSMzYSMy ZiMyZiMyZnZhciMyZnRtcCMyZkNHSXRlbXA1MDcyOS5kaXIjMmZkcmFmdCMyZGlldGYjMmRvYXV0 aCMyZHYyLmh0bWwuaHRtbCMyM2FuY2hvcjQgMTY1IDAgUgovZmlsZSMzYSMyZiMyZiMyZnZhciMy ZnRtcCMyZkNHSXRlbXA1MDcyOS5kaXIjMmZkcmFmdCMyZGlldGYjMmRvYXV0aCMyZHYyLmh0bWwu aHRtbCMyM2FuY2hvcjE3IDI2MyAwIFIKL2ZpbGUjM2EjMmYjMmYjMmZ2YXIjMmZ0bXAjMmZDR0l0 ZW1wNTA3MjkuZGlyIzJmZHJhZnQjMmRpZXRmIzJkb2F1dGgjMmR2Mi5odG1sLmh0bWwjMjNhbmNo b3I1IDE2NiAwIFIKL2ZpbGUjM2EjMmYjMmYjMmZ2YXIjMmZ0bXAjMmZDR0l0ZW1wNTA3MjkuZGly IzJmZHJhZnQjMmRpZXRmIzJkb2F1dGgjMmR2Mi5odG1sLmh0bWwjMjNhbmNob3IxOCAyODIgMCBS Ci9maWxlIzNhIzJmIzJmIzJmdmFyIzJmdG1wIzJmQ0dJdGVtcDUwNzI5LmRpciMyZmRyYWZ0IzJk aWV0ZiMyZG9hdXRoIzJkdjIuaHRtbC5odG1sIzIzYW5jaG9yNiAxODIgMCBSCi9maWxlIzNhIzJm IzJmIzJmdmFyIzJmdG1wIzJmQ0dJdGVtcDUwNzI5LmRpciMyZmRyYWZ0IzJkaWV0ZiMyZG9hdXRo IzJkdjIuaHRtbC5odG1sIzIzYW5jaG9yNyAxODMgMCBSCi9maWxlIzNhIzJmIzJmIzJmdmFyIzJm dG1wIzJmQ0dJdGVtcDUwNzI5LmRpciMyZmRyYWZ0IzJkaWV0ZiMyZG9hdXRoIzJkdjIuaHRtbC5o dG1sIzIzYW5jaG9yOCAxODQgMCBSCi9maWxlIzNhIzJmIzJmIzJmdmFyIzJmdG1wIzJmQ0dJdGVt cDUwNzI5LmRpciMyZmRyYWZ0IzJkaWV0ZiMyZG9hdXRoIzJkdjIuaHRtbC5odG1sIzIzUkZDNTg0 OSA4NDcgMCBSCi9maWxlIzNhIzJmIzJmIzJmdmFyIzJmdG1wIzJmQ0dJdGVtcDUwNzI5LmRpciMy ZmRyYWZ0IzJkaWV0ZiMyZG9hdXRoIzJkdjIuaHRtbC5odG1sIzIzYW5jaG9yOSAxODUgMCBSCi9m aWxlIzNhIzJmIzJmIzJmdmFyIzJmdG1wIzJmQ0dJdGVtcDUwNzI5LmRpciMyZmRyYWZ0IzJkaWV0 ZiMyZG9hdXRoIzJkdjIuaHRtbC5odG1sIzIzVU5JQ09ERTUgODYwIDAgUgovZmlsZSMzYSMyZiMy ZiMyZnZhciMyZnRtcCMyZkNHSXRlbXA1MDcyOS5kaXIjMmZkcmFmdCMyZGlldGYjMmRvYXV0aCMy ZHYyLmh0bWwuaHRtbCMyM2FuY2hvcjI0IDMyMCAwIFIKL2ZpbGUjM2EjMmYjMmYjMmZ2YXIjMmZ0 bXAjMmZDR0l0ZW1wNTA3MjkuZGlyIzJmZHJhZnQjMmRpZXRmIzJkb2F1dGgjMmR2Mi5odG1sLmh0 bWwjMjNhbmNob3IyNSAzMzcgMCBSCi9maWxlIzNhIzJmIzJmIzJmdmFyIzJmdG1wIzJmQ0dJdGVt cDUwNzI5LmRpciMyZmRyYWZ0IzJkaWV0ZiMyZG9hdXRoIzJkdjIuaHRtbC5odG1sIzIzYW5jaG9y MjYgMzg5IDAgUgovZmlsZSMzYSMyZiMyZiMyZnZhciMyZnRtcCMyZkNHSXRlbXA1MDcyOS5kaXIj MmZkcmFmdCMyZGlldGYjMmRvYXV0aCMyZHYyLmh0bWwuaHRtbCMyM2FuY2hvcjI3IDQ1MSAwIFIK L2ZpbGUjM2EjMmYjMmYjMmZ2YXIjMmZ0bXAjMmZDR0l0ZW1wNTA3MjkuZGlyIzJmZHJhZnQjMmRp ZXRmIzJkb2F1dGgjMmR2Mi5odG1sLmh0bWwjMjNhbmNob3IyOCA0NjUgMCBSCi9maWxlIzNhIzJm IzJmIzJmdmFyIzJmdG1wIzJmQ0dJdGVtcDUwNzI5LmRpciMyZmRyYWZ0IzJkaWV0ZiMyZG9hdXRo IzJkdjIuaHRtbC5odG1sIzIzYW5jaG9yMjkgNDY2IDAgUgovZmlsZSMzYSMyZiMyZiMyZnZhciMy ZnRtcCMyZkNHSXRlbXA1MDcyOS5kaXIjMmZkcmFmdCMyZGlldGYjMmRvYXV0aCMyZHYyLmh0bWwu aHRtbCMyM3R5cGUjMmRyZWdpc3RyeSA2OTkgMCBSCi9maWxlIzNhIzJmIzJmIzJmdmFyIzJmdG1w IzJmQ0dJdGVtcDUwNzI5LmRpciMyZmRyYWZ0IzJkaWV0ZiMyZG9hdXRoIzJkdjIuaHRtbC5odG1s IzIzdG9rZW4jMmRyZWZyZXNoIDUzNCAwIFIKL2ZpbGUjM2EjMmYjMmYjMmZ2YXIjMmZ0bXAjMmZD R0l0ZW1wNTA3MjkuZGlyIzJmZHJhZnQjMmRpZXRmIzJkb2F1dGgjMmR2Mi5odG1sLmh0bWwjMjNh bmNob3IzMCA0ODMgMCBSCi9maWxlIzNhIzJmIzJmIzJmdmFyIzJmdG1wIzJmQ0dJdGVtcDUwNzI5 LmRpciMyZmRyYWZ0IzJkaWV0ZiMyZG9hdXRoIzJkdjIuaHRtbC5odG1sIzIzYW5jaG9yMzEgNTg4 IDAgUgovZmlsZSMzYSMyZiMyZiMyZnZhciMyZnRtcCMyZkNHSXRlbXA1MDcyOS5kaXIjMmZkcmFm dCMyZGlldGYjMmRvYXV0aCMyZHYyLmh0bWwuaHRtbCMyM2FuY2hvcjMyIDU4OSAwIFIKL2ZpbGUj M2EjMmYjMmYjMmZ2YXIjMmZ0bXAjMmZDR0l0ZW1wNTA3MjkuZGlyIzJmZHJhZnQjMmRpZXRmIzJk b2F1dGgjMmR2Mi5odG1sLmh0bWwjMjNhbmNob3IzMyA2MTAgMCBSCi9maWxlIzNhIzJmIzJmIzJm dmFyIzJmdG1wIzJmQ0dJdGVtcDUwNzI5LmRpciMyZmRyYWZ0IzJkaWV0ZiMyZG9hdXRoIzJkdjIu aHRtbC5odG1sIzIzYW5jaG9yMzQgNjA2IDAgUgovX19XS0FOQ0hPUl81cSA3NjcgMCBSCi9fX1dL QU5DSE9SXzZhIDg5MSAwIFIKL2ZpbGUjM2EjMmYjMmYjMmZ2YXIjMmZ0bXAjMmZDR0l0ZW1wNTA3 MjkuZGlyIzJmZHJhZnQjMmRpZXRmIzJkb2F1dGgjMmR2Mi5odG1sLmh0bWwjMjNhbmNob3IzNSA2 MjEgMCBSCi9maWxlIzNhIzJmIzJmIzJmdmFyIzJmdG1wIzJmQ0dJdGVtcDUwNzI5LmRpciMyZmRy YWZ0IzJkaWV0ZiMyZG9hdXRoIzJkdjIuaHRtbC5odG1sIzIzYW5jaG9yMzYgNjIyIDAgUgovX19X S0FOQ0hPUl81cyA4NTAgMCBSCi9fX1dLQU5DSE9SXzZjIDg5NSAwIFIKL2ZpbGUjM2EjMmYjMmYj MmZ2YXIjMmZ0bXAjMmZDR0l0ZW1wNTA3MjkuZGlyIzJmZHJhZnQjMmRpZXRmIzJkb2F1dGgjMmR2 Mi5odG1sLmh0bWwjMjNhbmNob3IzNyA2MjMgMCBSCi9maWxlIzNhIzJmIzJmIzJmdmFyIzJmdG1w IzJmQ0dJdGVtcDUwNzI5LmRpciMyZmRyYWZ0IzJkaWV0ZiMyZG9hdXRoIzJkdjIuaHRtbC5odG1s IzIzYW5jaG9yMzggNjM2IDAgUgovZmlsZSMzYSMyZiMyZiMyZnZhciMyZnRtcCMyZkNHSXRlbXA1 MDcyOS5kaXIjMmZkcmFmdCMyZGlldGYjMmRvYXV0aCMyZHYyLmh0bWwuaHRtbCMyM3BhcmFtZXRl cnMjMmRyZWdpc3RyeSA3MDAgMCBSCi9maWxlIzNhIzJmIzJmIzJmdmFyIzJmdG1wIzJmQ0dJdGVt cDUwNzI5LmRpciMyZmRyYWZ0IzJkaWV0ZiMyZG9hdXRoIzJkdjIuaHRtbC5odG1sIzIzYW5jaG9y MzkgNjM3IDAgUgovX19XS0FOQ0hPUl81dSA4NTEgMCBSCi9fX1dLQU5DSE9SXzZlIDk0NSAwIFIK L19fV0tBTkNIT1JfNXcgODUyIDAgUgovX19XS0FOQ0hPUl82ZyA5NDYgMCBSCi9fX1dLQU5DSE9S XzV5IDg1NSAwIFIKL19fV0tBTkNIT1JfNmkgOTQ5IDAgUgovX19XS0FOQ0hPUl82ayA5NTEgMCBS Ci9maWxlIzNhIzJmIzJmIzJmdmFyIzJmdG1wIzJmQ0dJdGVtcDUwNzI5LmRpciMyZmRyYWZ0IzJk aWV0ZiMyZG9hdXRoIzJkdjIuaHRtbC5odG1sIzIzYW5jaG9yNDAgNjU1IDAgUgovZmlsZSMzYSMy ZiMyZiMyZnZhciMyZnRtcCMyZkNHSXRlbXA1MDcyOS5kaXIjMmZkcmFmdCMyZGlldGYjMmRvYXV0 aCMyZHYyLmh0bWwuaHRtbCMyM2FuY2hvcjQxIDY1NiAwIFIKL19fV0tBTkNIT1JfNm0gOTUyIDAg UgovZmlsZSMzYSMyZiMyZiMyZnZhciMyZnRtcCMyZkNHSXRlbXA1MDcyOS5kaXIjMmZkcmFmdCMy ZGlldGYjMmRvYXV0aCMyZHYyLmh0bWwuaHRtbCMyM2FuY2hvcjQyIDY1NyAwIFIKL2ZpbGUjM2Ej MmYjMmYjMmZ2YXIjMmZ0bXAjMmZDR0l0ZW1wNTA3MjkuZGlyIzJmZHJhZnQjMmRpZXRmIzJkb2F1 dGgjMmR2Mi5odG1sLmh0bWwjMjNhbmNob3I0MyA2NzIgMCBSCi9maWxlIzNhIzJmIzJmIzJmdmFy IzJmdG1wIzJmQ0dJdGVtcDUwNzI5LmRpciMyZmRyYWZ0IzJkaWV0ZiMyZG9hdXRoIzJkdjIuaHRt bC5odG1sIzIzUkZDMjI0NiA3NjQgMCBSCi9fX1dLQU5DSE9SXzZvIDk1MyAwIFIKL2ZpbGUjM2Ej MmYjMmYjMmZ2YXIjMmZ0bXAjMmZDR0l0ZW1wNTA3MjkuZGlyIzJmZHJhZnQjMmRpZXRmIzJkb2F1 dGgjMmR2Mi5odG1sLmh0bWwjMjNhbmNob3I0NCA2NzMgMCBSCi9maWxlIzNhIzJmIzJmIzJmdmFy IzJmdG1wIzJmQ0dJdGVtcDUwNzI5LmRpciMyZmRyYWZ0IzJkaWV0ZiMyZG9hdXRoIzJkdjIuaHRt bC5odG1sIzIzYW5jaG9yNDUgNjg0IDAgUgovX19XS0FOQ0hPUl82cSA5NzUgMCBSCi9maWxlIzNh IzJmIzJmIzJmdmFyIzJmdG1wIzJmQ0dJdGVtcDUwNzI5LmRpciMyZmRyYWZ0IzJkaWV0ZiMyZG9h dXRoIzJkdjIuaHRtbC5odG1sIzIzYW5jaG9yNDYgNjg2IDAgUgovZmlsZSMzYSMyZiMyZiMyZnZh ciMyZnRtcCMyZkNHSXRlbXA1MDcyOS5kaXIjMmZkcmFmdCMyZGlldGYjMmRvYXV0aCMyZHYyLmh0 bWwuaHRtbCMyM2FuY2hvcjQ3IDcwMSAwIFIKL19fV0tBTkNIT1JfNnMgOTc2IDAgUgovZmlsZSMz YSMyZiMyZiMyZnZhciMyZnRtcCMyZkNHSXRlbXA1MDcyOS5kaXIjMmZkcmFmdCMyZGlldGYjMmRv YXV0aCMyZHYyLmh0bWwuaHRtbCMyM2FuY2hvcjQ4IDcwMyAwIFIKL2ZpbGUjM2EjMmYjMmYjMmZ2 YXIjMmZ0bXAjMmZDR0l0ZW1wNTA3MjkuZGlyIzJmZHJhZnQjMmRpZXRmIzJkb2F1dGgjMmR2Mi5o dG1sLmh0bWwjMjNhbmNob3I0OSA3MTggMCBSCi9maWxlIzNhIzJmIzJmIzJmdmFyIzJmdG1wIzJm Q0dJdGVtcDUwNzI5LmRpciMyZmRyYWZ0IzJkaWV0ZiMyZG9hdXRoIzJkdjIuaHRtbC5odG1sIzIz dG9rZW4jMmRyZXNwb25zZSA1MDMgMCBSCi9fX1dLQU5DSE9SXzZ1IDk3OCAwIFIKL19fV0tBTkNI T1JfNncgOTgxIDAgUgovX19XS0FOQ0hPUl82eSA5OTYgMCBSCi9maWxlIzNhIzJmIzJmIzJmdmFy IzJmdG1wIzJmQ0dJdGVtcDUwNzI5LmRpciMyZmRyYWZ0IzJkaWV0ZiMyZG9hdXRoIzJkdjIuaHRt bC5odG1sIzIzUkZDMzk4NiA3NjYgMCBSCi9maWxlIzNhIzJmIzJmIzJmdmFyIzJmdG1wIzJmQ0dJ dGVtcDUwNzI5LmRpciMyZmRyYWZ0IzJkaWV0ZiMyZG9hdXRoIzJkdjIuaHRtbC5odG1sIzIzSSMy ZEQuZHJhZnQjMmRoYXJkdCMyZG9hdXRoIzJkMDEgNzYyIDAgUgovX19XS0FOQ0hPUl81MCA3MDQg MCBSCi9fX1dLQU5DSE9SX2EgMTQgMCBSCi9fX1dLQU5DSE9SXzFxIDMwNSAwIFIKL19fV0tBTkNI T1JfMmEgMzUyIDAgUgovX19XS0FOQ0hPUl81MiA3MDUgMCBSCi9fX1dLQU5DSE9SX2MgMTA5IDAg UgovX19XS0FOQ0hPUl8xcyAzMDYgMCBSCi9fX1dLQU5DSE9SXzJjIDM2OCAwIFIKL19fV0tBTkNI T1JfNTQgNjk4IDAgUgovX19XS0FOQ0hPUl9lIDE1NCAwIFIKL19fV0tBTkNIT1JfMXUgMzAzIDAg UgovX19XS0FOQ0hPUl8yZSAzNjUgMCBSCi9fX1dLQU5DSE9SXzU2IDcwMiAwIFIKL19fV0tBTkNI T1JfZyAxNTUgMCBSCi9maWxlIzNhIzJmIzJmIzJmdmFyIzJmdG1wIzJmQ0dJdGVtcDUwNzI5LmRp ciMyZmRyYWZ0IzJkaWV0ZiMyZG9hdXRoIzJkdjIuaHRtbC5odG1sIzIzYW50aHJvcHkgNjUxIDAg UgovX19XS0FOQ0hPUl8xdyAzMDQgMCBSCi9fX1dLQU5DSE9SXzJnIDM3NyAwIFIKL19fV0tBTkNI T1JfNTggNzE5IDAgUgovX19XS0FOQ0hPUl9pIDE2NyAwIFIKL19fV0tBTkNIT1JfMXkgMzIxIDAg UgovX19XS0FOQ0hPUl8yaSAzOTAgMCBSCi9maWxlIzNhIzJmIzJmIzJmdmFyIzJmdG1wIzJmQ0dJ dGVtcDUwNzI5LmRpciMyZmRyYWZ0IzJkaWV0ZiMyZG9hdXRoIzJkdjIuaHRtbC5odG1sIzIzY2xp ZW50IzJkaWRlbnRpZmllciAyNDcgMCBSCi9fX1dLQU5DSE9SX2sgMTY4IDAgUgovX19XS0FOQ0hP Ul8yayAzOTEgMCBSCi9fX1dLQU5DSE9SX20gMTg2IDAgUgovX19XS0FOQ0hPUl8ybSA0MTMgMCBS Ci9fX1dLQU5DSE9SX28gMTc5IDAgUgovZmlsZSMzYSMyZiMyZiMyZnZhciMyZnRtcCMyZkNHSXRl bXA1MDcyOS5kaXIjMmZkcmFmdCMyZGlldGYjMmRvYXV0aCMyZHYyLmh0bWwuaHRtbCMyM3Rva2Vu IzJkcmVxIDM3OCAwIFIKL19fV0tBTkNIT1JfMm8gNDE0IDAgUgovX19XS0FOQ0hPUl82MCA4NTkg MCBSCi9fX1dLQU5DSE9SX3EgMTgwIDAgUgovX19XS0FOQ0hPUl8ycSA0MjkgMCBSCi9fX1dLQU5D SE9SXzNhIDUwMiAwIFIKL2ZpbGUjM2EjMmYjMmYjMmZ2YXIjMmZ0bXAjMmZDR0l0ZW1wNTA3Mjku ZGlyIzJmZHJhZnQjMmRpZXRmIzJkb2F1dGgjMmR2Mi5odG1sLmh0bWwjMjNuZXcjMmR0eXBlcyA1 NjQgMCBSCi9fX1dLQU5DSE9SXzYyIDkwMSAwIFIKL19fV0tBTkNIT1JfcyAxODEgMCBSCi9fX1dL QU5DSE9SXzJzIDQ0MSAwIFIKL19fV0tBTkNIT1JfM2MgNTA0IDAgUgovX19XS0FOQ0hPUl82NCA5 MDIgMCBSCi9fX1dLQU5DSE9SX3UgMTk3IDAgUgovZmlsZSMzYSMyZiMyZiMyZnZhciMyZnRtcCMy ZkNHSXRlbXA1MDcyOS5kaXIjMmZkcmFmdCMyZGlldGYjMmRvYXV0aCMyZHYyLmh0bWwuaHRtbCMy M1JGQzI2MTYgNzcyIDAgUgovX19XS0FOQ0hPUl8ydSA0NDkgMCBSCi9fX1dLQU5DSE9SXzNlIDUy MyAwIFIKL2ZpbGUjM2EjMmYjMmYjMmZ2YXIjMmZ0bXAjMmZDR0l0ZW1wNTA3MjkuZGlyIzJmZHJh ZnQjMmRpZXRmIzJkb2F1dGgjMmR2Mi5odG1sLmh0bWwjMjNSRkMyNjE3IDc3MyAwIFIKL19fV0tB TkNIT1JfNjYgODkyIDAgUgovX19XS0FOQ0hPUl93IDIwOSAwIFIKL19fV0tBTkNIT1JfMncgNDUw IDAgUgovX19XS0FOQ0hPUl8zZyA1MzMgMCBSCi9fX1dLQU5DSE9SXzY4IDg5NiAwIFIKL19fV0tB TkNIT1JfeSAyMTEgMCBSCi9maWxlIzNhIzJmIzJmIzJmdmFyIzJmdG1wIzJmQ0dJdGVtcDUwNzI5 LmRpciMyZmRyYWZ0IzJkaWV0ZiMyZG9hdXRoIzJkdjIuaHRtbC5odG1sIzIzQ1NSRiA2NzQgMCBS Ci9fX1dLQU5DSE9SXzJ5IDQ2NCAwIFIKL19fV0tBTkNIT1JfM2kgNTQ2IDAgUgovZmlsZSMzYSMy ZiMyZiMyZnZhciMyZnRtcCMyZkNHSXRlbXA1MDcyOS5kaXIjMmZkcmFmdCMyZGlldGYjMmRvYXV0 aCMyZHYyLmh0bWwuaHRtbCMyM2NsaWVudCMyZGF1dGhlbnRpY2F0aW9uIDI0OCAwIFIKL19fV0tB TkNIT1JfM2sgNTQ3IDAgUgovX19XS0FOQ0hPUl8zbSA1NjUgMCBSCi9maWxlIzNhIzJmIzJmIzJm dmFyIzJmdG1wIzJmQ0dJdGVtcDUwNzI5LmRpciMyZmRyYWZ0IzJkaWV0ZiMyZG9hdXRoIzJkdjIu aHRtbC5odG1sIzIzY2xpZW50IzJkcGFzc3dvcmQgMjQ2IDAgUgovX19XS0FOQ0hPUl8zbyA1Njgg MCBSCi9maWxlIzNhIzJmIzJmIzJmdmFyIzJmdG1wIzJmQ0dJdGVtcDUwNzI5LmRpciMyZmRyYWZ0 IzJkaWV0ZiMyZG9hdXRoIzJkdjIuaHRtbC5odG1sIzIzUkZDMjgxOCA3NTcgMCBSCi9fX1dLQU5D SE9SXzNxIDU2OSAwIFIKL19fV0tBTkNIT1JfNGEgNjM4IDAgUgovX19XS0FOQ0hPUl8zcyA1NzAg MCBSCi9fX1dLQU5DSE9SXzRjIDYzOSAwIFIKL19fV0tBTkNIT1JfM3UgNTkwIDAgUgovX19XS0FO Q0hPUl80ZSA2NDAgMCBSCi9fX1dLQU5DSE9SXzN3IDU4NCAwIFIKL19fV0tBTkNIT1JfNGcgNjUw IDAgUgovX19XS0FOQ0hPUl8zeSA1ODUgMCBSCi9fX1dLQU5DSE9SXzRpIDY1MiAwIFIKL19fV0tB TkNIT1JfNGsgNjUzIDAgUgovX19XS0FOQ0hPUl80bSA2NTQgMCBSCi9fX1dLQU5DSE9SXzRvIDY2 OSAwIFIKL19fV0tBTkNIT1JfNHEgNjcwIDAgUgovX19XS0FOQ0hPUl81YSA3MjAgMCBSCi9maWxl IzNhIzJmIzJmIzJmdmFyIzJmdG1wIzJmQ0dJdGVtcDUwNzI5LmRpciMyZmRyYWZ0IzJkaWV0ZiMy ZG9hdXRoIzJkdjIuaHRtbC5odG1sIzIzZ3JhbnQjMmRjb2RlIDM0MiAwIFIKL19fV0tBTkNIT1Jf NHMgNjcxIDAgUgovX19XS0FOQ0hPUl81YyA3MjkgMCBSCi9fX1dLQU5DSE9SXzR1IDY4OSAwIFIK L19fV0tBTkNIT1JfNWUgNzQ0IDAgUgovX19XS0FOQ0hPUl80dyA2ODUgMCBSCi9fX1dLQU5DSE9S XzVnIDczOCAwIFIKL19fV0tBTkNIT1JfNHkgNjg3IDAgUgovX19XS0FOQ0hPUl81aSA3MzkgMCBS Ci9fX1dLQU5DSE9SXzVrIDc3NSAwIFIKL2ZpbGUjM2EjMmYjMmYjMmZ2YXIjMmZ0bXAjMmZDR0l0 ZW1wNTA3MjkuZGlyIzJmZHJhZnQjMmRpZXRmIzJkb2F1dGgjMmR2Mi5odG1sLmh0bWwjMjNSRkM2 MTI1IDc3MCAwIFIKL19fV0tBTkNIT1JfNW0gNzU0IDAgUgovX19XS0FOQ0hPUl81byA3NTYgMCBS Ci9maWxlIzNhIzJmIzJmIzJmdmFyIzJmdG1wIzJmQ0dJdGVtcDUwNzI5LmRpciMyZmRyYWZ0IzJk aWV0ZiMyZG9hdXRoIzJkdjIuaHRtbC5odG1sIzIzY29kZSMyZGF1dGh6IzJkcmVxIDM1MyAwIFIK L19fV0tBTkNIT1JfMTAgMjEwIDAgUgovX19XS0FOQ0hPUl8xMiAyMTIgMCBSCi9fX1dLQU5DSE9S XzE0IDIzMSAwIFIKL2ZpbGUjM2EjMmYjMmYjMmZ2YXIjMmZ0bXAjMmZDR0l0ZW1wNTA3MjkuZGly IzJmZHJhZnQjMmRpZXRmIzJkb2F1dGgjMmR2Mi5odG1sLmh0bWwjMjNpbXBsaWNpdCMyZGF1dGh6 IzJkcmVxIDQxMSAwIFIKL19fV0tBTkNIT1JfMTYgMjMzIDAgUgovZmlsZSMzYSMyZiMyZiMyZnZh ciMyZnRtcCMyZkNHSXRlbXA1MDcyOS5kaXIjMmZkcmFmdCMyZGlldGYjMmRvYXV0aCMyZHYyLmh0 bWwuaHRtbCMyM0kjMmRELmlldGYjMmRvYXV0aCMyZHNhbWwyIzJkYmVhcmVyIDc1NSAwIFIKL19f V0tBTkNIT1JfMTggMjQ1IDAgUgovX19XS0FOQ0hPUl8yMCAzMjMgMCBSCi9fX1dLQU5DSE9SXzIy IDMyNCAwIFIKL19fV0tBTkNIT1JfMiAxMSAwIFIKL19fV0tBTkNIT1JfMjQgMzQwIDAgUgovX19X S0FOQ0hPUl80IDEzIDAgUgovZmlsZSMzYSMyZiMyZiMyZnZhciMyZnRtcCMyZkNHSXRlbXA1MDcy OS5kaXIjMmZkcmFmdCMyZGlldGYjMmRvYXV0aCMyZHYyLmh0bWwuaHRtbCMyM2dyYW50IzJkaW1w bGljaXQgMzg4IDAgUgovX19XS0FOQ0hPUl8yNiAzNDEgMCBSCi9fX1dLQU5DSE9SXzYgMTUgMCBS Ci9fX1dLQU5DSE9SXzI4IDM0MyAwIFIKL19fV0tBTkNIT1JfOCAxNiAwIFIKL19fV0tBTkNIT1Jf MzAgNDY4IDAgUgovX19XS0FOQ0hPUl8zMiA0ODEgMCBSCi9maWxlIzNhIzJmIzJmIzJmdmFyIzJm dG1wIzJmQ0dJdGVtcDUwNzI5LmRpciMyZmRyYWZ0IzJkaWV0ZiMyZG9hdXRoIzJkdjIuaHRtbC5o dG1sIzIzZ3JhbnQjMmRwYXNzd29yZCA0MzkgMCBSCi9fX1dLQU5DSE9SXzM0IDQ4MiAwIFIKL2Zp bGUjM2EjMmYjMmYjMmZ2YXIjMmZ0bXAjMmZDR0l0ZW1wNTA3MjkuZGlyIzJmZHJhZnQjMmRpZXRm IzJkb2F1dGgjMmR2Mi5odG1sLmh0bWwjMjNyZXNwb25zZSMyZHR5cGUgMjgzIDAgUgovX19XS0FO Q0hPUl8zNiA0ODQgMCBSCi9maWxlIzNhIzJmIzJmIzJmdmFyIzJmdG1wIzJmQ0dJdGVtcDUwNzI5 LmRpciMyZmRyYWZ0IzJkaWV0ZiMyZG9hdXRoIzJkdjIuaHRtbC5odG1sIzIzUkZDNDk0OSA3NjUg MCBSCi9fX1dLQU5DSE9SXzM4IDQ4NSAwIFIKL2ZpbGUjM2EjMmYjMmYjMmZ2YXIjMmZ0bXAjMmZD R0l0ZW1wNTA3MjkuZGlyIzJmZHJhZnQjMmRpZXRmIzJkb2F1dGgjMmR2Mi5odG1sLmh0bWwjMjNJ IzJkRC5pZXRmIzJkb2F1dGgjMmR2MiMyZHRocmVhdG1vZGVsIDg2MSAwIFIKL2ZpbGUjM2EjMmYj MmYjMmZ2YXIjMmZ0bXAjMmZDR0l0ZW1wNTA3MjkuZGlyIzJmZHJhZnQjMmRpZXRmIzJkb2F1dGgj MmR2Mi5odG1sLmh0bWwjMjNyZXNwb25zZSMyZHR5cGUjMmRleHQgNTg2IDAgUgovX19XS0FOQ0hP Ul80MCA2MDcgMCBSCi9fX1dLQU5DSE9SXzFhIDI0OSAwIFIKL19fV0tBTkNIT1JfNDIgNjA4IDAg UgovX19XS0FOQ0hPUl8xYyAyNTAgMCBSCi9fX1dLQU5DSE9SXzQ0IDYwOSAwIFIKL19fV0tBTkNI T1JfMWUgMjY0IDAgUgovX19XS0FOQ0hPUl80NiA2MjQgMCBSCi9fX1dLQU5DSE9SXzFnIDI2NSAw IFIKL19fV0tBTkNIT1JfNDggNjI1IDAgUgovX19XS0FOQ0hPUl8xaSAyNjYgMCBSCi9fX1dLQU5D SE9SXzFrIDI3OCAwIFIKL2ZpbGUjM2EjMmYjMmYjMmZ2YXIjMmZ0bXAjMmZDR0l0ZW1wNTA3Mjku ZGlyIzJmZHJhZnQjMmRpZXRmIzJkb2F1dGgjMmR2Mi5odG1sLmh0bWwjMjNJIzJkRC5pZXRmIzJk b2F1dGgjMmR2MiMyZGJlYXJlciA4NTcgMCBSCi9fX1dLQU5DSE9SXzFtIDI3OSAwIFIKL19fV0tB TkNIT1JfMW8gMjgxIDAgUgovZmlsZSMzYSMyZiMyZiMyZnZhciMyZnRtcCMyZkNHSXRlbXA1MDcy OS5kaXIjMmZkcmFmdCMyZGlldGYjMmRvYXV0aCMyZHYyLmh0bWwuaHRtbCMyM2V4dCMyZGdyYW50 IDQ4NiAwIFIKL2ZpbGUjM2EjMmYjMmYjMmZ2YXIjMmZ0bXAjMmZDR0l0ZW1wNTA3MjkuZGlyIzJm ZHJhZnQjMmRpZXRmIzJkb2F1dGgjMmR2Mi5odG1sLmh0bWwjMjN0b2MgMTIgMCBSCi9maWxlIzNh IzJmIzJmIzJmdmFyIzJmdG1wIzJmQ0dJdGVtcDUwNzI5LmRpciMyZmRyYWZ0IzJkaWV0ZiMyZG9h dXRoIzJkdjIuaHRtbC5odG1sIzIzYWNjZXNzIzJkcmVzb3VyY2UgNTQ1IDAgUgovZmlsZSMzYSMy ZiMyZiMyZnZhciMyZnRtcCMyZkNHSXRlbXA1MDcyOS5kaXIjMmZkcmFmdCMyZGlldGYjMmRvYXV0 aCMyZHYyLmh0bWwuaHRtbCMyM2NvZGUjMmRhdXRoeiMyZGVycm9yIDM2NiAwIFIKL2ZpbGUjM2Ej MmYjMmYjMmZ2YXIjMmZ0bXAjMmZDR0l0ZW1wNTA3MjkuZGlyIzJmZHJhZnQjMmRpZXRmIzJkb2F1 dGgjMmR2Mi5odG1sLmh0bWwjMjNyZXNwb25zZSMyZHR5cGUjMmRyZWdpc3RyeSA3MzAgMCBSCi9m aWxlIzNhIzJmIzJmIzJmdmFyIzJmdG1wIzJmQ0dJdGVtcDUwNzI5LmRpciMyZmRyYWZ0IzJkaWV0 ZiMyZG9hdXRoIzJkdjIuaHRtbC5odG1sIzIzdGxzIDIxMyAwIFIKL2ZpbGUjM2EjMmYjMmYjMmZ2 YXIjMmZ0bXAjMmZDR0l0ZW1wNTA3MjkuZGlyIzJmZHJhZnQjMmRpZXRmIzJkb2F1dGgjMmR2Mi5o dG1sLmh0bWwjMjNpbXBsaWNpdCMyZGF1dGh6IzJkZXJyb3IgNDI4IDAgUgovZmlsZSMzYSMyZiMy ZiMyZnZhciMyZnRtcCMyZkNHSXRlbXA1MDcyOS5kaXIjMmZkcmFmdCMyZGlldGYjMmRvYXV0aCMy ZHYyLmh0bWwuaHRtbCMyM2Vycm9yIzJkcmVnaXN0cnkgNzQzIDAgUgovZmlsZSMzYSMyZiMyZiMy ZnZhciMyZnRtcCMyZkNHSXRlbXA1MDcyOS5kaXIjMmZkcmFmdCMyZGlldGYjMmRvYXV0aCMyZHYy Lmh0bWwuaHRtbCMyM1VTQVNDSUkgNzY5IDAgUgovZmlsZSMzYSMyZiMyZiMyZnZhciMyZnRtcCMy ZkNHSXRlbXA1MDcyOS5kaXIjMmZkcmFmdCMyZGlldGYjMmRvYXV0aCMyZHYyLmh0bWwuaHRtbCMy M0ZpZ3VyZSMyZDEgMTUxIDAgUgovZmlsZSMzYSMyZiMyZiMyZnZhciMyZnRtcCMyZkNHSXRlbXA1 MDcyOS5kaXIjMmZkcmFmdCMyZGlldGYjMmRvYXV0aCMyZHYyLmh0bWwuaHRtbCMyM0ZpZ3VyZSMy ZDIgMTk2IDAgUgovZmlsZSMzYSMyZiMyZiMyZnZhciMyZnRtcCMyZkNHSXRlbXA1MDcyOS5kaXIj MmZkcmFmdCMyZGlldGYjMmRvYXV0aCMyZHYyLmh0bWwuaHRtbCMyM0ZpZ3VyZSMyZDMgMzM4IDAg UgovZmlsZSMzYSMyZiMyZiMyZnZhciMyZnRtcCMyZkNHSXRlbXA1MDcyOS5kaXIjMmZkcmFmdCMy ZGlldGYjMmRvYXV0aCMyZHYyLmh0bWwuaHRtbCMyM1JGQzIxMTkgNzc0IDAgUgovZmlsZSMzYSMy ZiMyZiMyZnZhciMyZnRtcCMyZkNHSXRlbXA1MDcyOS5kaXIjMmZkcmFmdCMyZGlldGYjMmRvYXV0 aCMyZHYyLmh0bWwuaHRtbCMyM0ZpZ3VyZSMyZDQgNDA0IDAgUgovZmlsZSMzYSMyZiMyZiMyZnZh ciMyZnRtcCMyZkNHSXRlbXA1MDcyOS5kaXIjMmZkcmFmdCMyZGlldGYjMmRvYXV0aCMyZHYyLmh0 bWwuaHRtbCMyM0ZpZ3VyZSMyZDUgNDQwIDAgUgovZmlsZSMzYSMyZiMyZiMyZnZhciMyZnRtcCMy ZkNHSXRlbXA1MDcyOS5kaXIjMmZkcmFmdCMyZGlldGYjMmRvYXV0aCMyZHYyLmh0bWwuaHRtbCMy M0ZpZ3VyZSMyZDYgNDY3IDAgUgovZmlsZSMzYSMyZiMyZiMyZnZhciMyZnRtcCMyZkNHSXRlbXA1 MDcyOS5kaXIjMmZkcmFmdCMyZGlldGYjMmRvYXV0aCMyZHYyLmh0bWwuaHRtbCMyM3JlZGlyZWN0 IzJkdXJpIDI4MCAwIFIKL2ZpbGUjM2EjMmYjMmYjMmZ2YXIjMmZ0bXAjMmZDR0l0ZW1wNTA3Mjku ZGlyIzJmZHJhZnQjMmRpZXRmIzJkb2F1dGgjMmR2Mi5odG1sLmh0bWwjMjNvcGVuIzJkcmVkaXJl Y3QgNjg4IDAgUgovZmlsZSMzYSMyZiMyZiMyZnZhciMyZnRtcCMyZkNHSXRlbXA1MDcyOS5kaXIj MmZkcmFmdCMyZGlldGYjMmRvYXV0aCMyZHYyLmh0bWwuaHRtbCMyM3JmYy5hdXRob3JzIDk5NyAw IFIKL2ZpbGUjM2EjMmYjMmYjMmZ2YXIjMmZ0bXAjMmZDR0l0ZW1wNTA3MjkuZGlyIzJmZHJhZnQj MmRpZXRmIzJkb2F1dGgjMmR2Mi5odG1sLmh0bWwjMjNuZXcjMmRlcnJvcnMgNTg3IDAgUgovZmls ZSMzYSMyZiMyZiMyZnZhciMyZnRtcCMyZkNHSXRlbXA1MDcyOS5kaXIjMmZkcmFmdCMyZGlldGYj MmRvYXV0aCMyZHYyLmh0bWwuaHRtbCMyM2dyYW50IzJkY2xpZW50IDQ2OSAwIFIKL2ZpbGUjM2Ej MmYjMmYjMmZ2YXIjMmZ0bXAjMmZDR0l0ZW1wNTA3MjkuZGlyIzJmZHJhZnQjMmRpZXRmIzJkb2F1 dGgjMmR2Mi5odG1sLmh0bWwjMjNyZmMucmVmZXJlbmNlczEgNzYwIDAgUgovZmlsZSMzYSMyZiMy ZiMyZnZhciMyZnRtcCMyZkNHSXRlbXA1MDcyOS5kaXIjMmZkcmFmdCMyZGlldGYjMmRvYXV0aCMy ZHYyLmh0bWwuaHRtbCMyM3JmYy5yZWZlcmVuY2VzMiA3NjEgMCBSCi9maWxlIzNhIzJmIzJmIzJm dmFyIzJmdG1wIzJmQ0dJdGVtcDUwNzI5LmRpciMyZmRyYWZ0IzJkaWV0ZiMyZG9hdXRoIzJkdjIu aHRtbC5odG1sIzIzdG9rZW4jMmRlcnJvcnMgNTI0IDAgUgovZmlsZSMzYSMyZiMyZiMyZnZhciMy ZnRtcCMyZkNHSXRlbXA1MDcyOS5kaXIjMmZkcmFmdCMyZGlldGYjMmRvYXV0aCMyZHYyLmh0bWwu aHRtbCMyM2VuZHBvaW50IzJkcGFyYW1zIDU2MyAwIFIKL2ZpbGUjM2EjMmYjMmYjMmZ2YXIjMmZ0 bXAjMmZDR0l0ZW1wNTA3MjkuZGlyIzJmZHJhZnQjMmRpZXRmIzJkb2F1dGgjMmR2Mi5odG1sLmh0 bWwjMjNXM0MuUkVDIzJkaHRtbDQwMSMyZDE5OTkxMjI0IDc2MyAwIFIKL2ZpbGUjM2EjMmYjMmYj MmZ2YXIjMmZ0bXAjMmZDR0l0ZW1wNTA3MjkuZGlyIzJmZHJhZnQjMmRpZXRmIzJkb2F1dGgjMmR2 Mi5odG1sLmh0bWwjMjN0b2tlbiMyZGVuZHBvaW50IzJkYXV0aCAzMjIgMCBSCi9maWxlIzNhIzJm IzJmIzJmdmFyIzJmdG1wIzJmQ0dJdGVtcDUwNzI5LmRpciMyZmRyYWZ0IzJkaWV0ZiMyZG9hdXRo IzJkdjIuaHRtbC5odG1sIzIzc2NvcGUgMzM5IDAgUgovZmlsZSMzYSMyZiMyZiMyZnZhciMyZnRt cCMyZkNHSXRlbXA1MDcyOS5kaXIjMmZkcmFmdCMyZGlldGYjMmRvYXV0aCMyZHYyLmh0bWwuaHRt bCMyM0kjMmRELmlldGYjMmRvYXV0aCMyZHYyIzJkaHR0cCMyZG1hYyA4NDkgMCBSCi9maWxlIzNh IzJmIzJmIzJmdmFyIzJmdG1wIzJmQ0dJdGVtcDUwNzI5LmRpciMyZmRyYWZ0IzJkaWV0ZiMyZG9h dXRoIzJkdjIuaHRtbC5odG1sIzIzZXh0ZW5zaW9ucyA1NjYgMCBSCi9maWxlIzNhIzJmIzJmIzJm dmFyIzJmdG1wIzJmQ0dJdGVtcDUwNzI5LmRpciMyZmRyYWZ0IzJkaWV0ZiMyZG9hdXRoIzJkdjIu aHRtbC5odG1sIzIzY2xpZW50IzJkdHlwZXMgMjMyIDAgUgovZmlsZSMzYSMyZiMyZiMyZnZhciMy ZnRtcCMyZkNHSXRlbXA1MDcyOS5kaXIjMmZkcmFmdCMyZGlldGYjMmRvYXV0aCMyZHYyLmh0bWwu aHRtbCMyM1JGQzUyMzQgNzcxIDAgUgovZmlsZSMzYSMyZiMyZiMyZnZhciMyZnRtcCMyZkNHSXRl bXA1MDcyOS5kaXIjMmZkcmFmdCMyZGlldGYjMmRvYXV0aCMyZHYyLmh0bWwuaHRtbCMyM3Rva2Vu IzJkaXNzdWUgNTAxIDAgUgo+Pgo+PgplbmRvYmoKOTk1IDAgb2JqCjw8Ci9UeXBlIC9QYWdlCi9Q YXJlbnQgMiAwIFIKL0NvbnRlbnRzIDExMzAgMCBSCi9SZXNvdXJjZXMgMTEzMiAwIFIKL0Fubm90 cyAxMTMzIDAgUgovTWVkaWFCb3ggWzAgMCA1OTUgODQyXQo+PgplbmRvYmoKMTEzMiAwIG9iago8 PAovQ29sb3JTcGFjZSA8PAovUENTcCA0IDAgUgovQ1NwIC9EZXZpY2VSR0IKL0NTcGcgL0Rldmlj ZUdyYXkKPj4KL0V4dEdTdGF0ZSA8PAovR1NhIDMgMCBSCj4+Ci9QYXR0ZXJuIDw8Cj4+Ci9Gb250 IDw8Ci9GNiA2IDAgUgovRjEwIDEwIDAgUgovRjE1MCAxNTAgMCBSCi9GOSA5IDAgUgo+PgovWE9i amVjdCA8PAo+Pgo+PgplbmRvYmoKMTEzMyAwIG9iagpbIDk5OCAwIFIgOTk5IDAgUiAxMDAwIDAg UiAxMDAxIDAgUiAxMDAyIDAgUiBdCmVuZG9iagoxMTMwIDAgb2JqCjw8Ci9MZW5ndGggMTEzMSAw IFIKL0ZpbHRlciAvRmxhdGVEZWNvZGUKPj4Kc3RyZWFtCnic7V1Lj9y4Eb73r+jzAh6LD1EiEASw x+MAOQQwPEAOQQ7BbDbBwl5ksof8/VASxRbrk7ooNqXuhmcGu9ZQUoki6/FVsYp6/6ev/zj+6/fj +8ev/zm++H8fvx6qh6q2w8+xcr/vpg2yfVCy6n6OrVAPpulbX74fXo+vhy+HL+7/rwdh+hv9P+7k +Iiq//395bfD++Hhh6Hl6+Nf3NH/jvL4Z/ffr8e//d01/uzpdRd8P7TWuH5UlVDuz2/TP0WlremP XXtF/+wu/vfhrz8df+s6Jh/avvNi6OD0z3dGSKH0g67sRV1+Pd36YCplpahNu3g8JayU748+tlVj umMh3asrXbs73E/t2lvbHbt2NwZGdN3t/iDtsnmQvj3Q+bZAvxueXyZ9tsr/LB5HfZ70TVTSd+d7 9Cwhat+duG9x++ldTnS+LdCnfS40zgt9XurD0rxsMc7zc/09HrekcZ7njSVeivs8qgELQrFKtozW R91qUzt1chT18b//dE/50stOhoSK/nfamaFlQUJfz9z48fnw/rNxKuT4/Mtx6MG74Z/nodfvXLcb c3z++fiHrlN/PD7/eugUkm+QfUNzalB9Q3tq0PSKgcbTs3v7FJUj8IWErI66aXXt2GE8Ng9ODdZH IWx/YGzf2riG1h+9HIRw029rrapw0sQ3G0+3v7Y/Vv0dR3KrCnRVf230UHfSd2q8OfT3xbHXx5/O K9TXM8PST5ebLGcEZuZLKOHmyz3IjmNt+rG2YfCFJdMDDTCBeMUwozo06KGhPjUMXCHEqaUaWqrQ oj6Rrnm+aJbJwoOrll7xaXVfYYjgFvGREm3oEBna0FA5+UwaxCcqFvBYegVPFOdO0K7DiPFjKimN x9VEhaaDTGmIlh0PeBeYbP7lYBroY7EfdLIzBARH7EYmG1mbnRdsgLmFeXki/Vgasd4m5Ku/ulWx +iujh3A6Qf6BaVSJ9xnVudHpsrlgfqm1fRg8ms6pqToQ5I+JBV64KsVuJTxgePl68e1rE789allg NNog6PiIit5CWVGBrFKi0qwDMEVNvHT4MeYJ4E4qbcAT6okzaKhbgMML6BbsKWifoR/ijNbDjsAV 8JhsHHGhQKtGk8kDe8TDMV7LA1FJp+aRVXFgbehTlnTeGRAE/UjACayCw/EAonxPKQ2cBhhTeouE nt6IYPLIKgNGJ1uiQiawTe+rqFdPN77eeg5BdQeDyPIQvNySC3ThqEplyKiC4uUlggW5m/iavLpX MP+8W8DSgNlFfA7WjZ/uAkqF15gJyp4XZtZvwo6h6eZhMw8qKAZcArzn1D8I5od1gG45ImXFKSJl 5VxEyobIkVUQkepPmvhm4+mGiFRr5yJSrR3puiMakepOyiq6OfR3n4iUrcex3iUitUkQI9/7OhcJ AAvPP4X1r1FcKyoD/OsDAgRDWwB5Qdcl9HQ9nC/q9l9oanWlYwFAk85jDT4mxULLN26+nJshZAs0 WNWVHxktA6StSDfp24RCN/Q1tubUEq448BDPuqmDfGlwQhAOSeB30FTg4e8S4ECZAXR+IwH3BG13 IxLzg616XScQl/AurEbFaXgsaTBkfTFT3e/iw+nt3xYfTosPE57g5YiPtZUw79cJrSKWLxVJsKoJ kQSr2plIglWjx98dkUjCcNLENxtPd4wkWFXPRBJca6Bb00hCf9J3qp5GEga6O0QSrBbjWO8SSUA/ EWiATeO9M351hQ3aSchb4dEZMPR6q8ev2ZXwvRLCi/yiDsxLOafwUqjdEl5OyKBKCMGmpiWcU6QL RuzMmh3KIUA4mAlW1SYsWkG8ZpOFoPXgW36kEwWRcMTWrJjxUWx8mVTXshBSrMcsUanXm1YYVlaJ 8lyFszlwxCQMCOEXHMWMdIKMBLnP3Ptv4m2BEdnE29oQJpkJTDKzMMkEmGQQJpkAk0wMk8wEJplZ mGQCTDIIk0yASSaGSWYvmNSMpkU+Up7nEzUykmxysoQNFQLgV37VhteT7LvoT9TW4nIBWBsJK8Qf CFnZkgfz+cxobEHXgNbHZdb1q9sJeVcJC+C8kuffl08dTcgIg3sgEYlfEuexVPbi/aUrSlbHEg58 leEaJAg4ewtIAAgNjDsPhFRRiNKGQhbgeOBvnuFLBPfXuyAKXFRWFSHK4RuARglZRRbhYR6vZ8B7 LLBQB1e8WatioM1OQJudBW02gDaLoM0G0GZj0GYnoM3OgjYbQJtF0GYDaLMxaLP7gLauMHEc61vJ kslYJgIafJb3+jgFcucWGYwJKQDrZR57ygeqMnzQTbRkiSzo9RGmq8Hxctnol1Y2OUUUKYgE8YeQ Gsw3n2gD2ZYlGIDNAMJxTw3LFYGJrXvvZM2Uo2Zutg5gQ6ensNV5YjUCOh8QYruRicnQ3Ql+BLui hAgfpJ01CEBUinllfqnPW7dEMNdH0HFpr6VjBvzPR0NZ2IEx1/XRcR528GsdCpYlCuYVtpUSS52H UQUVgTojQ4gy1vIKOTRtpeXo0LhjhQ6Na9WD49EfxQ6NP2nim42n6x0ad1yhQ9O1BroVcWiGk75T 1cSh8XT3cGh0iLdcZyMKtAoZuSW065KmBChJrRHA0YxCFlQ+GTgpo26Hnwc+yZNdREtASSUyifjQ MIaoeJhUwoNJKAbbJN28HNFLXRphYhWxSQElP5uassRMrQjKNzWmGHKHpWZciJMUkUpqKvVn2jlT YuxH9WzE0rgleLrrgzY3Gz1JkHm+Y+srbhKWQ9YvMeBiV8bq13VC7CVswJ0Fw9uqmWDHZhY7NgE7 Nogdm4Admxg7NhPs2MxixyZgxwaxYxOwYxNjx2Yv7Bg2nUMwtb6IAl0qkD1EAjmbj4BqYYVtkz0v 9gnlbBOGAXydsGCwPvXpnivC1vu6S3GZc9s3gN3gk/Z4ouuX2Zck6FL8qYmaWbelyZ2Vs3idakXM QhMGofMADQkFLwvLBZMGMPlAFB5Li2Yk5SkJNBaw6poGoAGYAHoKzC4hWrxgP87QgFHnq4pwGmBu IZcUQnLXLDNStibcWibr3lpC9mbXSK9U8vljb0LJ20j1gb5+6pY2ZRx2UTXpkCh7p4E1oAk5hPeL +X2ieMzM2pGEPP4C2aiFtuNqDZnd+xXmmy2kxrkr5cJ3TvT3cGxnXPju3OBqd0fEhR9Omvhm4+mO Lvx4R+zCd+c8XXdEXPj+pO+UmbrwA90dXHgh5aha+TVPYBNQrXwVGV8rn7ApGYgJz43rc+MTqvjZ DeYQrfCrTnwOM790UyJYypZ7FUnfg8dCBDYDNrCDnFFfkxBqKrHWkYErS8SNfjBxKGZXlDrZFaXn 7MpYq98fUbuigiE53Ww83WBXlJizK05/j3QF2JXupO+UiOxKT3cPu6JGoJRgV1CyYEsNdss5XvfA Ul7CwhW/4RiGVxMKtTIKpJZyg86JDlttnNKRnQrgbmUDsYx1C15DsalRGbHfBJxfYIvYa+Vbfpgf j0sDyqYhygkrb9ngf4LN4pVCwvc2Mvy4ooGMevQM+K+68FlOJYQkZ3U6I35SQhPxPWWTgRM00YcS 0+2muZvtsM841v9BEG7CZhehJ1npgJ5kVc+gJ1mN3nN3RNDTcNLENxtPd0RPspIz6Mm1BrqSoqf+ pO+UnKKnge4O6ElWrR/rmaw08GSBt8rtV1lYLDZJ07zSfmYzoIZ3dwrsXJKwmsHnprMx8YSqmuxd DzdWvkUCBtfaOaAWRAHgczICNbC4WCLVICP3OXVU73f5XkoVszIMx6SBTa3E3SghJ4CibzE/govG uaz5GlaFJ4PA81VqEPEOeULKJh4OSNiA+UQmgYaMJIerbkhqqWCUCHmu/8bIzeT3XygCF1ToDen8 k5lgnfsEp4yvUF6/yeM6a3tfSkG3Op6Ft22LO9xTU97MFps75IkRPCh7XZ7gIQoqXqABojo/LTtZ H1XHI1skkYv6sbADMdQaYTUSbSi2JiVrcYqq1DNfuHKtaox+1PQLV/6kiW82nm6IquiZL1x1rSNd Tb9wNZyUVXRz6O8+UZW6XpovvlYdrdguXw4oEna50qbDWyzpvO0BRxre9oDjXIX1n8jZZqfFjNLC ghsrtrLZdmZK1CrlVHPxWxVt8sGrXbi7oE69Q1SsdBUz7pun1Hvxkohz0eDAabCvVPN4N4u8t1IT kZ8kX8iwhB1776nWtODauRJ60ejD2vlk5C/y8pQ6ZbQrNZfRrsLGQ0pDRvtw0sQ3G0939PKUmsto d60jXQUZ7f1J36koo32gu4OXp/SYt7LPhkY3u2NGQp4wj67W54NdKWRc5INF2dVFZ4Ah3sIv4MIX l/n12i0eqxuqrPfZ0hQM65Wq6zPqG3aZhuSvl5Ux8KpuFmcmQ7XlOHkFtgfK+VQujysykhYzqm/Z RIoEPLtJeA520AKbm5ODzSNAtmA1ocY1Y0OajChxqai+MhO8Z2bxXtgsSDWI95qA90yM98wE75lZ vGcC3jOI90zAeybGe2YvvNfsi/dwn6kMSLTPp9RYVLnNV/+2sIElgCi/e2GCBaBP4beoL1LDz0dW 9hl1Pn4DyUcZkRU+tXCXJZxbSTUuaWYLQcI2VNDQ+A1+uWw9JOKBVwl3L6EgsIDI8PWPKCEZMJPf 1K4YErETJGLnkIiuRiTSHREkMpw08c3G0w1IxM4iERuQiEUkYgMSsTESsTshEV3ti0RyrMQ2G2WX iJtkJJxnrB8m4JkCBux2thcoJfRanArdtZgrdNdiLHTvjqjQi1HKJzcbT3cUei3mCt1da6ALhe79 Sd+pqNB9oLuH0ItgCdlPOibYF96hLFHLtU95Iv8hDlaiE2qbgOUzyo/vZoekhOUIdpOehABsxnZ4 LCfjFg7820Lca06dRYkG88eRsku4nlcWKx/aqxJ7dFpwLke1X3nXAVJ7Iz35fKSfQ3uGuSS94nFe G5nT6FJxVJ/ppC7Ah0nPBCCdBS1ozkwz6AVw5hZu2TwDo1qerzp86Gh1AsYsVaF0TBY2UfUCI6lx gDpGgFkT0YbdGh7p9DzNa5TJFe08n5yeoqp5i2POEKUvh08BRqI9VaLERPjple0m0xvIapBYdnrh hVGmF8z05AowOms2jTALb2f7Qrdah5mA+X4CzQEO6oIZOjVoRfs+mfDqobb+J4j9HJx189D1VDzU nZLupltMG74dvk60fEwyNiP4OMZkLBM7O7Yj54TBrdiR84xyGn4JeTjwqeQPFFgtBBBgaW9yhSVX 6OGW6XdaKAoowhjwNjAAvkgSnrupBVmc0ar/VF4ddlhRfJYihcoFZaFWQRZqMW24XVk47U1D2RZ4 EBp8xlmzPJTacg0lRHATiUNJoIwPREEk9VULtgbra7LB1YKzri8kew4qNLYo1bGzgSwiQQravHN1 Bk4h4KKgzQeqYa1rYsQBkLCQDB8LgKQkaMvfjv7sTASyPhZqlmcCxwhG0XBDgmNUF8NophorbG8d o5lKj3ap21di0nCzduk0uKipqdpFbCTp0EnQ3XeJc4wIdZfXxDlGmJGflKinDbfLT2HkroRzBA08 8Q3Io1DnBl+kpj1dCh2fESfv10Ke6RnRSIBXcAuEjrMlcqJmp4DL/R5fHQsJ0/OC/+fle67wdgbj /AXHL4f/AwbDjdZlbmRzdHJlYW0KZW5kb2JqCjExMzEgMCBvYmoKNDE5NQplbmRvYmoKMTEzNCAw IG9iago8PCAvVHlwZSAvRm9udERlc2NyaXB0b3IKL0ZvbnROYW1lIC9RUVJCQUErRGVqYVZ1U2Fu cy1Cb2xkCi9GbGFncyA0IAovRm9udEJCb3ggWy0xMDY5LjMzNTkzIC00MTUuMDM5MDYyIDE5NzUu MDk3NjUgMTE3NC4zMTY0MCBdCi9JdGFsaWNBbmdsZSAwIAovQXNjZW50IDkyOC4yMjI2NTYgCi9E ZXNjZW50IC0yMzUuODM5ODQzIAovQ2FwSGVpZ2h0IDkyOC4yMjI2NTYgCi9TdGVtViA0My45NDUz MTI1IAovRm9udEZpbGUyIDExMzUgMCBSCj4+IGVuZG9iagoxMTM1IDAgb2JqCjw8Ci9MZW5ndGgx IDE2MTEyIAovTGVuZ3RoIDExMzggMCBSCi9GaWx0ZXIgL0ZsYXRlRGVjb2RlCj4+CnN0cmVhbQp4 nO0bXW8bWfXaSbvlll22C6wQiOVuYKUWzTpLy65QC4iJM0m8dexgT9LtE4w91/a09ow1M04aHhDi BSSQ4AEQH+KNN34ASOwbvCFekBAvoH1YELwhVloJpKXlnHPvfNlONk3SDyTixr5z53x/3TMnLisx xs6xr7EFxprt5ctvvfq9n8LOt+F3pz/c79370PonYf0X+F0bSMftvlF7mbGSAdevDGDj/Gee/Dpc u3D9icEovnPuY+wPcP1NpDoMug77OPsgXH8Xrs+OnDtjdoa9B65/CNfCd0YyfO4nQLv0S8Y+9zIr LX6//DpAsDNXzvwIdp9Tnwt/ZL3yM4yVz59bWDi7WC4v/o1V7v2evX2Pf+LLl4AS2+pZLhNM3Lt3 9gN3P1D68ROj0ptfZqV7oBn+lFnv7g8We2d+Blo+wdj7Lzx/4YXnLzzfW2TvRAsfeeevd3/wxFP/ eis8e4mVWFB6vfxm+Q20x/sBJijH//l2+Y27f0Y6JfX761/8+Ddfet9n32aafOEn4VRiZ9M9wHli dPejjD3N7nXudRZ7RCn/U178HesttFgA6w+CzRSvMjAoJxRmfj5c+ny6/8PSZb0usfOlN/W6zBZL /9brBfZ0Wej1Iqzben2Gvbf8Vb0+y95X/rlen2MXwApqfZ59dOFFvX7ymZ9e/IZeP8U+fe07ev00 O3/tT3p9gS1eews4lhbR1y8Rd1yX2LOl3+o16Fb6h14vMFG6q9eLTJQ/pddn2IfKrl6fZc+Vv6XX 59hS+Vd6fZ5dLf9Tr5984erCdb1+ig2uvaDXT7Nnr/1Gry+wc9f+zqpg6THbZyHzWJ8NWAzRc5F1 2SX4vMxegtcVWHUAQrAVgIlZBL8hk8xhI2bAbo35AF+BlcmG8BKsldKK6ErCpwScXXh3AZIfgesr KVcbOO0Cr1uA4wM0yuEAzv1xXIXVLcDbYROA6AKsQ9QkYTikkQAqPryPAaYDdD2AE4AfAHeH7nHG qsF4P/T6g1hc7F4Sl1966Yro7IsVL47iUDojQ9T8bkWYw6FoIVQkWjKS4a50K3wG9RVEtZ3d0a3A 74sVZ3AA4qq85exMRHfg+H0ZCSeUwvPFeNIZel3hBiPH80GyooptUjCCbYXcdny4WAFlhqASWwmG 7kEoIgPLIYtjo+yQLyKwYED2vQweuQIvtiPDyAt8cbly5UqRckL3xWm6SPbFeZL0iLgKgFiHZyJL L/DBnjG4h1GQxODiq2wZXq6msQs0KoAbwGcIbpdEL6QAqQBdCThsEMfjq8vLLhDdnVSiYBJ2ZS8I +7LiS7i9lpMgCagkqGdTB+9hkEoKdAk6BmwPYDGsTydYkdI63NkHmAFhenBvTHrFlBhotZAwMJWQ 6u6UJaf1yJJxUkjGg7Th8JqnuwoJB1Z5q82WBQ4RcPwXP1KpOf0CN9/fmc4e3OG0imkHo3BEtr4N ewF44N1kQc22iN6IqGXJ5ZFMA7ontV594uJrrxva78pbipuKMRXvBskVkPd9wh/rBFYcAqAa6xjz dBQ4RENZmmuaMUkxHU9dgsM4VNQTCgitZFexLCn/Vewt5aJkiTyHuC59RiRXF3AcrR+nLOhChI6I Skx3Evv0YDXUmXQxlTHjgDUN5Y8hflX0I8fMJrgzpqxxgUOXsBNpXNIgpljrwN2Y7ioe/BAOhs7m Lkg2ISrKJnsUAwOqSrG2zIj28holOoSFqFTSTsiGRs47uB6RP5Wvea6CRIBtHKCHkeq5TBVEEGWV D4q2p61a9P7hWieWU9KO04iOSa4s6jKN9sgeoyNxSLKhR1Xd1xrKHEeX3pGHQZ9oiVsA0SV6Cibx X49OIlXZEg91ibdLEnta0quUnbaWzgGKAVWGzAf5WpRZYLYS+AAf62yICrBJrmQWy9eAPJ4gnR2S nFNtLsaasoY6S5xD/BnQKSi070f0mdWPo/gippMIT1ZHa1QpWOowXLTJvj5bFHe0eY9kdHUkDSlO w3RHSYo2dXM+z0ddcoI6dCJ6VDOGdMVTjVySFP3l56zRL5yrilNSQx2KHhW7CY9p+0TvqlMiJdca ZBHmkI+OLkGRz7Q95slmaH8PCc87oJrz1Dsh1VmH6kpGN9mJ0ohM8mX69JC6zknSIuG0R1q5hL80 5zxcSvWexuBwLzltl3JRpnKmPnW+dCjfg5ysE50HSZzswl1vjsUku0N29nUmj+GlTi+HKqpMMfJ+ VzInO3xupgyowgv6jLSMkiLpoDhJat282u3SSeCT3/P2mmdVnrNc3ofHzdVI9+9Ca5JkW5JJ2DkM 094j1BhFimOK6Nvw3tceU+chRhVPq+qDrFQHa9XRORLr87CXWmqDWcSnyRpwhXyacGWzG9BHtuhe DfYE9HEtuLMDV6uwu0p+MekO3l+ibLwBa6TYZNtES9FowTvSvgk7SFvQNV5dB/gG0EJci71GPCyg 1gbJmrBG2puwW4dPS8MhRhV2tuEa1+sMu1DFrwFYNuUO4qEsSlIb9jOuRalqxDGRbBOuWkB/Q981 gXaN6KH8BvVHuG5oOZXlWkQdbYSUkWYVJKrTFe5uw+cWwLXJnibprKRtkA5rcF/pYpEEyhNKoip8 bgFvhFgHuWyyAnKyNaRBfkR9VgkfuV4nKCVZU3sZ1xmViralkgPtv5NybpP+dXgJ0t+GHZt8YwL9 hG4SO+tEAeXmZI1t0s8kOzSJwwrBoRXRnvU04lo5r1TJXug3lHyVOJlkkfZcTRJqee/Miw6eclgn /SyyVJ2g22BHC+Br6Y6KxxrpWtW2VjRV3KuYqOesWyUd0bNfBK6WjimTbFfUAv10g+TPtFAeMPV7 NWezzPsN7d1EHps423OscoNy0SIok3zdTnNkjfJ3U0u+nUZYVgO2dXw2U8mK9k3yKIE7Su1QtBLe RQ+uUjzVtYTt1BoKgh9CV9UuC861Lj3nxGndLp7c+a4x60bzfaeRq7X5TkBV4XWCHU3BZbvqaUmd WdmzTr53m/eEnTwdq14+6Xqz7kPVbvVMlO96XerPVQ8YpV1JQH1gkHYme3Q3O9PHenYSFJ7zkLND Z7+R8krOooyW6isd6haQWzTHmgefUHzmyXBM573iskfrWHcmqN9Ew+L+V6aehpP5z6wPxFwfJLrM 6xzy9g/J32P9LOWRhbGfrGi6IUueyzKboAXU3G005fUs+pDaVTY9VUAb9HOSu2RrztQMD3lyqlfJ jOvRT51Oe8D9OM2DeGEeNN15Pbh5EJ87DxIPeR7EjzQPKnby3ZxM2awjgTzaBHXehIU/srmSmJkr 8f/PlXJzpWzC8L85V+KFE/bRzZX4nKe1x2GuxOfOlTKNHs5ciR8yL3g4cyXO7neulP3V6TTnSlm+ FedKB52+B0+X1PO56iQet+kSZ8Xp0vzpxsOZLvFDrCtyFny8p0ycYmy2m3n4Uyb+GE+Z+NSUKXvW fZhTJv6uUybx0KZM/D6mTOKBTZk42WAHqL5K0iprm3D/4c2O+FyfP6rZEZ+ZHYlHNjviB86OshnQ g58d8fuYHR1G98HOjpLKevCJMjvx4ceY+OSnNKc58eEnmvjMPrMdb+LDcxOfw+YOpzGhiWfof4Fl kwZOfPCqwtgafUELv9eG34xLv0wnLkZSio4cBnuXKuII34KriPXh/ngQCW80DsJYuqIXBiNhhnJX fwks4UHfupuob93l2XCecd+RoSOUaOlX9/iLh/7w2S/5Hfn7gWKKsxdxR8Sh48qRE94WQW+aCudb Mhx5EX2HzovEQIYSePVDxwfVDdAd1AI0sFjYl4aIA+H4+2IswwgQgk4MFvPABI7ogtAcIOOBTOzU 7QajMYAjQDwA6mBl6UdgvSUyydIlIOYKJ4qCrucAP+4G3clI+rETozw9bwhOuogUCUG0g168B+Zf ukSShHIcBu6kK4mM64FiXmcSS5SBFxAMcHN3OHFRkj0vHgSTGIQZeZoRcgiVKYHsJAJ4VMcQI4la cwqQaGDkeBjIczkIRSTBDwDtgaha/SnWKByQHaOhY65MR4z2BhBYMwjoht4k9IGhJEQ3EFFgiGjS uSW7Me6gfr1gCMGGCnUD3/VQj+gq5zaQczrBriQNVBSRAGkQ+EEMbojULnplnEWAuieigTMc8o7U VgMxIEucgp6BD3ERilEQyrlqi3h/LHsOMKoooYp3R84+ZAugu17Pw0BzhjGEHiyAqOO6pLkyHSao E4Jck6ETcmTkysjr+yRGX+UqIGGEOl0gEiFGIk80zQlJcmBABnOG8wlonESOjBqI5w/3hZcLc47q hBK/f0+wuIjQkOiXJD0kxJwMCWkvCN1ILKV5uIS8kxt8CdN2iUwGnqnrfOlIyCSkOgEfoE12Ay8V TN6JIWOEMx5DejmdocQbSnegjAueOWXgxGLgREBR+gWbYNRl0e2Kie9qgTNROQmnNDzMq1EwxKwm t6GTHDHE6gG5kgCOne5tpw+KQR76AcdQvb+gKrCCggUiymEPhdqwxFqzYYt2c82+YbYsUWuLrVZz p7ZqrYolsw3XS4a4UbM3mtu2AIiW2bBviuaaMBs3xfVaY9UQ1mtbLavd5s2WqG1u1WsW7NUa1fr2 aq2xLlYAr9G0Rb22WbOBqN0kVE2qZrWR2KbVqm7ApblSq9fsmwZfq9kNoAnCtYQptsyWXatu182W 2NpubTXbFtBYBbKNWmOtBVysTQuUAELV5tbNVm19wzYAyYZNg9stc9XaNFvXDQHEmqBySxBIBaQE GsLaQeT2hlmvi5Wa3bZblrmJsGid9UZz0+Jrze3GqmnXmg2xYoEq5krdUrKBKtW6Wds0xKq5aa6j OgkTBFPqZObgiLBuNayWWTdEe8uq1nABdqy1rKpNkGB7sESdxK02G23ri9uwAXAJC4Pf2LCIBShg wr8qSUbqN0BdpGM3W3Yqyo1a2zKE2aq10SNrrSaIi/5srlEEbIM90XkNLS/6CPdmowOgEFsruGqZ dSDYRjFggxdgIbqsO105jjG2dXKr0khlVNVOg6JWFQEI4XUfElft0RKOJcgsOnVUdcsObDyODVV6 qXxAdMNJpEqvuyuhAkZYSoKQB1hM9ryIMh2OwFGgzjwROUNgBliYRQQFtdIZAlqUillIKJ4chuPQ A5S90IuhmAhnAruh9xV9DIf6mCINRKYBcsmKg5I/lNEYTilvVw73KwAb4llGknh+LwhHWnUyXze+ mrQKsegTcTeIeRD2K4Jz6rhO3Dod9f9HnE4fxFUfJI7TB/GsDxLH7IP4bB+ki3yXKEXJmTGnQc0a Fn6SXkkkvRJ/PHolrvzwwHolrhL2RL0SP8VeiWe9kjhmr8QLfcExeiV+UK8kjt4r8VyvlE/fQrsE 5zkUidNql7hul8SJ2iVeEJeeG0+7ZeJ+IE7cMvFTbZm4bpnE8VsmPt0yieO0THxuyyTup2Xitrmz +WoTxTY3jtUd8Uzzk3RHPOmOxEm6I57vjsSxuiM+tzsSJ+mOMFgLiZI2PvzAxkfcR+PDD298xBEa H06NT7F3ePeGJk7gv0BNA6/AR+Uk/2dwmeZ2t+F3mWZnLv1Vr0J/Xx3DXvGvhYf/D8PlPe+2t+xB sbpTGQ/Gy7piHus/fjL2Xw11pMdlbmRzdHJlYW0KZW5kb2JqCjExMzggMCBvYmoKNDE4MgplbmRv YmoKMTEzNiAwIG9iago8PCAvVHlwZSAvRm9udAovU3VidHlwZSAvQ0lERm9udFR5cGUyCi9CYXNl Rm9udCAvRGVqYVZ1U2Fucy1Cb2xkCi9DSURTeXN0ZW1JbmZvIDw8IC9SZWdpc3RyeSAoQWRvYmUp IC9PcmRlcmluZyAoSWRlbnRpdHkpIC9TdXBwbGVtZW50IDAgPj4KL0ZvbnREZXNjcmlwdG9yIDEx MzQgMCBSCi9DSURUb0dJRE1hcCAvSWRlbnRpdHkKL1cgWzAgWzU5NSA0MTIgXQpdCj4+CmVuZG9i agoxMTM3IDAgb2JqCjw8IC9MZW5ndGggMzY4ID4+CnN0cmVhbQovQ0lESW5pdCAvUHJvY1NldCBm aW5kcmVzb3VyY2UgYmVnaW4KMTIgZGljdCBiZWdpbgpiZWdpbmNtYXAKL0NJRFN5c3RlbUluZm8g PDwgL1JlZ2lzdHJ5IChBZG9iZSkgL09yZGVyaW5nIChVQ1MpIC9TdXBwbGVtZW50IDAgPj4gZGVm Ci9DTWFwTmFtZSAvQWRvYmUtSWRlbnRpdHktVUNTIGRlZgovQ01hcFR5cGUgMiBkZWYKMSBiZWdp bmNvZGVzcGFjZXJhbmdlCjwwMDAwPiA8RkZGRj4KZW5kY29kZXNwYWNlcmFuZ2UKMiBiZWdpbmJm cmFuZ2UKPDAwMDA+IDwwMDAwPiA8MDAwMD4KPDAwMDE+IDwwMDAxPiA8MjAxMT4KZW5kYmZyYW5n ZQplbmRjbWFwCkNNYXBOYW1lIGN1cnJlbnRkaWN0IC9DTWFwIGRlZmluZXJlc291cmNlIHBvcApl bmQKZW5kCmVuZHN0cmVhbQplbmRvYmoKMjQ0IDAgb2JqCjw8IC9UeXBlIC9Gb250Ci9TdWJ0eXBl IC9UeXBlMAovQmFzZUZvbnQgL0RlamFWdVNhbnMtQm9sZAovRW5jb2RpbmcgL0lkZW50aXR5LUgK L0Rlc2NlbmRhbnRGb250cyBbMTEzNiAwIFJdCi9Ub1VuaWNvZGUgMTEzNyAwIFI+PgplbmRvYmoK MTEzOSAwIG9iago8PCAvVHlwZSAvRm9udERlc2NyaXB0b3IKL0ZvbnROYW1lIC9RVlJCQUErTmlt YnVzU2FuTC1Cb2xkCi9GbGFncyA0IAovRm9udEJCb3ggWy0xNzMgLTMwNyAxMDk3IDk3OSBdCi9J dGFsaWNBbmdsZSAwIAovQXNjZW50IDk3OSAKL0Rlc2NlbnQgLTMwNyAKL0NhcEhlaWdodCA5Nzkg Ci9TdGVtViA2OSAKL0ZvbnRGaWxlMiAxMTQwIDAgUgo+PiBlbmRvYmoKMTE0MCAwIG9iago8PAov TGVuZ3RoMSA3MDIwIAovTGVuZ3RoIDExNDMgMCBSCi9GaWx0ZXIgL0ZsYXRlRGVjb2RlCj4+CnN0 cmVhbQp4nH1YCVxTV7o/3703YXNjSSICQgwkIgaEkIQQWWXfCfsqmyzKJlER2UWLlrq1KnbcqE8r Up+1jnZqtbXO8nwddVrq8Jw+O69jO9bp7/fqq298nQ6Qy/vOTVDb6Xu5ubnnnHuW73zL//ufECCE 2JFowpAVdY0dtZ+UJf4VW7oIka2sX1NZs6YnWYXld7BNV48Njs32yVj/Fuu+9U0bNi8+7faIkIVu hABpbKmufO/bdzwJccc62dpUubmVxJEYrB/Cuk9zZdOaJR+EKrGO88FFHOJFCPehaAIlICB3Fi7W DS5N5cKvQcNNAJkhUwHYbyf2y8V+iwhxxU6hOp1OL5VJpVIJramUStUSsZ3zTvD2NmaHlAc7OM0F 7/XBfQlrjxtFE5MBzKHALIMcYNV8j4BQSynz4Hb50gAoKmIUuG/1zDin4WqIgixHKXQ6bagSJ1Sq xPiRuOEamhC6nFwsViyhb1R6nUZKF5dxwQALXcOv7Dd1vLc9Pm7ganvZyRcq3PkHnuszIisWS1wY btE1XYncVSKCj5wlTqaDxuGeAICcI//x4gu/fyUjuHxbzqqk4CDPwsz3pyF4mXeKHuXJnvlI9K3o EfEgQSiPmLOjgsjEUrqmH6dHWXRaJYOCsFLaRt+iYEqllmqF9T42Q8o16XoPAA99uuYaREHE9RXp usXQVF3NHy0fbjQAGJuGS8qHm8LDm4ZFj6C+Vj+wf8SU99r+/tBxhhnX9O0/mv0mqJsbavm/Q/LQ Lzs2XN2RlLTzg/aNH+xIQQm1hIhGBKs5ooSucsDLFb8cUwUrLdP8Wcs3EF4D9/jOX4Gav0MtAGog TBJasn3mYy6XMxFXQqi5qfBiPRbcpBqpTi/hcvn7TFme5jLw96/9vGUkgjNZ0moKFsMN5sY0/84N yC8boH4z8zFTL6ohMlxfgaMVEo0z44cTaMVilVip1DtrmPrj/P1duxjwUGerJIvnefktZo5zRvDn 775vKeSnAJzmfMixAI6qZKYY54xAH/MW3ST+1Beplm2qtvmCnVgmRxXrUeVuQpX+yDl3y6tzfCPr s8t6UuSQuPXtNvP5ywAsuKyrWd0Enhkvt5d1patY9jMgHiHGTGPcxuYtqQ1nOmIAYq/8xUUetGU7 QGeTcXV5e27U5r7D1SjJAErwNgQQ1hoV8DZ/GzQQwE+g7sNRfwqUUkJCqHegHIxsAToj1Z7OWfAL O8E7MTZsciqo1wregTtigjZdj42KgLroW/2brsV1gkYTe6tXn+fp6DxHbOc4125RUYRZK5OKHOY5 LCwW3YSK4lz+i3G+71RDM5SVn4SD/wJuefXND2Gl3j27aVty1Ka6DEnsKmgJmtgftWVt1sLYBIJy JmFU7cKociUqQc4fxBLVqd1PeC9T3/fh7uTk3Tf7ev51TzpAyq5bveEV8X4AyvgKg7Ei3tc3voKr gexDfxgc+nQ4M3P494NDn/0s6ysILRvIzuwvCwkpH8jK6C8PRS32oxjfoQTzbZihCZHKnJUKVIm2 H7ynJUu93B3XjARypqlzTNq0iAMFA1taP0XZEW1gFP2bfR6XYJS/D970piNEEzMU8gIIYd9Hb3ag /SRykMi1cmDPTp8E3vJH9hXLRwz2/oul++FDZoBqJQy1EowyLSVhhPhRP0Xn8mEFd9OESGbdCn9l btSoIXqxVCYHQUdapU4vuKSeC1Z6Ajz4nI92BzfOPShZ9zosks6X+Rg15lMnICP4hdTLwzBXAnr+ ddjYlJoNaUVVnr4yt3kKn5UBTO2ZMeD7l4UrnFu81HPsHe0d7dy8zr6yNzdEdywgUApXe15IiIpK cHXh7O0c7Kya5MpRaherJin2Uty1oi5VJnSuewd/r59vHVkp6PNQ1UaG+Y0ln3nwixtQWDxCdYU5 gDuPWnV4plPU6k1ml8XMPJj6C2iYASBgAjJJEb+TEPEhAZVtiE8D7/mCdXXhF4XoBO/a8qQcePpg Lr9efyRq2ZG6Fdlr46wyrTEDpMdavJ+V2Hmv/ZzJzM3IBRe9aSeuingmlqM95yA6gZxl6ReBzZV7 COH83dHX+fuj5/m7EAbKt05xpulJVkzvqXPsnOkndI8duMcq3KMTVoQN6hEb8XuI+k0b2EMW3wQd /LvMSTYYQXFtN+/OnIcT6BlGjOtSHCkly3BtubBBhS1saDTT+BYAX/IjwI+gTqk7UFsz1hMfaQjf WR1ae0D3WFcQ7Qu+0YWh+uJouTy6WDRheWTKhOLjv+82T2RlJy6EjByWA015f0ZaV8mK4JLe9LTe Mg2x5mSmHyURsFWrpOqmIIh6lkgozsoRW/vHINMlQLIsfuncvUOHD4P3GGdsykPcY+4yDMDOoRfe nx5gu3E2LYwyVczVWSxjqix3GDVzlf9PW/ZPQW2LZ7UNzG3o5sf/9F/8OAygfu+y/lPnaNwYZj7i 5Ih6S2nucZVagWQWn1U/StbYrndRYa52tQIMOolWp8tgVrWPVAx9EuO53NsFNMEJ41tbLm6NjzQf r9ZX+rr4KeBxernocn07A/Kiqpr10AKmvN11hraWFb3Dp4uO/c20cTNA6o4r69e/uz3JY9Ec5VK+ ClJj2T3M/r6I6gaA3b29+1DWDrTkzwT9LRN8VyuV6m2op1IqbVTF9Rn6zVqyA7xDDjZUj3YnAUTp vTJKqoPrD2oehxbG+AL4xhSGtlRaLTkZsD4nAwqPTfS2TpiWxgQugkwT42IZAU1Zb1p6T2kwDPVn p3aVCNY0IuL4YxzRCl39eZ+SykSCPynEgg7lUg4BBwUNVVFowkgLkXGOTFz3my3rzmyK8Paeu1hl 8Id8bQCsrw4r8JAttOcfisHe8qAzIh4+5Q8YA5ii9Fss86hgZ6UWNJWDuYZSn/kyidRprbO/T6gB JK7zA5f/4t2qkD25EzENzool6jA4QKWMRynV1miH2YTLip/nXlTAUMG0OiReaofkzjN13b/8LUD8 9utdNad70p34R54V2S1bwMtjYUlUfrk7c7FmpNUIkPUV/2DnH15JN7aM1KwrA7h0MnNIo14BUN6I K8fOjIsWINui+gl96kpWuoU6srOyPlSNXJAkFDsIVqSSUAp4T6PNeDIyeGdfKkBgzWtt48NbgTn+ 0tE37PiJebASfPbeP54DQbt/93VOSxSSsh0dLx9z4ObVvhJhKgCI3DTWWLCtIlbi71lTVFHf0/F4 Oqbzorlgx4Gl6nkKtdE/rxqgvQ3lHERk0qJXITJRQBGwUyAH78JcJAf2oOGD+Un+v3lUPDc0tZHe oompUu4kwimOL8Z9duI+lwkaVil96T4ZiZvLczq2o6iiF4hCiOAgMtFG+8CgAv7J6RHLhbLStyaP vvjnU5UO/MSCN/YUv1SpAU3N3tKsvuUy6Xx79l75UGRbB0DTbf7zS5f4z2+uS9v3u637XqUW6uz8 5Y4k5NbeejWFF9LOx3IU3d2J2pYNZoMkVPlcmMh+AvDgIMVSzTBGSlciuHgHeHill1QFNwxrHuuK onzBL6YgVGcFPc7092+ZmLJCKDh6t9dgXluhUkZhtJSUGKzA11MSHFzSl5nWV6pBDbnwkVwGopEH SkSxSCIR6JNSJUHZpDY6qAdW9eAJ/2s4Ah4pac7yRYuDFrkbcpd6qRUKF7iBmHWP9ZvqZ8T+q9IA RA53RSJ8zF/gJA9KCBEJe0/gY5ABUw6wEleSPAtJAeRxidkNq+RCmNJ19c6iH9IlvZJif1zMwbKa 012rotpP1wVlpST5g190cWhO/QL+rjYs5mrf5K1EsEyGlsQpkUHFlepD8yKo10Tmc6axyhIoPvFp 39Y7w9kw3y8y6GBodoR3THR09XKdFuDooWqu/Y+gW92fltZduGJFYXca0iot9aQhZP8p1jwu5CnB fJwMHfC25TxqRiOamLZnv58M4OytJzcbl7JyWYFFUQyzzsSKRWcFlkVJPCOSwEPwfj+e38F+PS0T neUtcM3KP+Dic3NcpHxYmIMhJ1GatfjOV+DD8hBkvXZiN4kQv3ItVZTwUekoYVAqqKzOcurdMoFs qeAuVFSVYdLiHNzmQ7LvYmA4J2Vk2JJpCNfVXJ3+HIPLHJ3gqQPwcndPjmay8kvdlnqHOGtTwoIW 6V3Cgk09+2oDPJ1Xg0vhEUPtZACbBdudpSvq9DnIU4Ba/AjKuECIXYkgoy0ZzMqCPF0FH0Fv7alN 0QB/+9rShGt6d2za1MG4xW29bP7TI8BZ3eB66/q2FrBhOs2GyCFBcIunqYS6zGxAI5o9O77g6UUi F3xYOMAoFHDVb8USL7ckTNo+hszAW3P5r+P7Lq43X9meBBu2VJdCTMeZhp4bkfkMOILjHLfS6Pwy QLayE5O8iJOas4Kzw73hi+Y3O2OiOt9o7Dm3MvKVmuKX68IAcjPXfeBuiPcM1ANUF9+jPpM/87Ho PKKPLdqtxxIhpJUC2tAdyK2icrOohIRHphGdt4xBrtjXx3C8qPyIOQIMTYerXqtbvMwN5Avqzvxp 8J/4v31QV3dl5tX9n+b7vcMqZkhkoSo+JW3og42br21PhGLPaEPb5W0JAG0f81+ce4P/4hMzmHt+ Q+0SjPxDjf7nSOZaz5HI3ym98ZMDpx7mz1m+YRLAe5hP4bdDJxPEdk8PPubfh9hvmCbckx6toMDR vnRPlMLrBTPYCeniB0cdCmWucnTp7/uBkVasauoEpmvd6lqOfwAJvecazdeHECxiO07VJLZHBjGF orPTd7UGYF7evnUPlBRVHm1dmTp0vb3lF9tTYFkgBFHZY3B1FfqAmkRac6bKZmeKJWLBJX6wvu1A S4Gd/cG5C9u5eU4LJXON77XvmFglD/SaA8Fh0RMDjef7EzFDtRwuKxqMQUQUi93MhXEmzw/XbESK FJEdqKEeUGjiquJil0oyMJttaNJt3HGi6spkXl0LpO7+1ea6c91xsDI+LFbpvbC6CSLi+A5mV8fK ymSlX0KFsaOJHg1pBHMnMDpEs+cCuMvfZnmLVvjfgPZAO4nU2MPKE2n6Y9UM4W/y7/IX+ZvwPea5 I1yNNc8ZcTYDWsV11tOeHtV1Li4ues4wzTB3lpSszpCojGrFXJDbx3e/1y86O0P8OvcMBmUdPX29 bQz0oALVkVm0i32e0Vsvbh6E8r+1XKBIxLxuofx6nAmaDGBeR5QKRNto0TZLkFVECf8p6WctMWse esB7LlIh5BkbVNGzoNVGVubKJiiWOQeEACR2nampG+uJg5Lq7lZI3vmeue3qi6nQxrcGZhUwQhxX bQIoyAxh1m5hmK61a9uhg5W5LHL270rO3duAZMi4dl9e/e6QuAu9DWNdsbFdYw29F5gFXml5yxI1 HtBQkJPmZbnO9JvXdQJ0Nbf2oQYOI3Mw2s4Dzm707xX6f43gYlayrXXm7HftefklQGUkpmb/+cXB L3NTEjELzBncBrBtkH0yPafncmxKenpK7OUe9gnOeQKtxNu0+kypcphgblq0LDf1IVc6fffZeVBA 0TDkDMWYN4UTEubNWV1aqaxGSqUS/dQJyVh7e80ZdETnQINHenGl5uM14G359scnJM508hJA0dF/ 6zFueC3NP1q9EC5ZrokX/BFCyrZl4iHpGVdgyDH0CjPKPx+lIRqK6Hqdi17490VByZkv6+J3jEnM femfUwrLkWkWpnw5ZrmMsO4GJQD8Kdeo0npQvXkW/BqLcqYC2AngXXkpxXY5aiYJWYiTwPMoD6Hn TzlzF+r50QsX+VF87oXCq1egEM9RfvwFyLDcs9yBQn4U5bLnY+CcIJfV/wVzUQKDaKoVNHyOv69S z5PNW14m37bZ9m+GeoUKgBM9QK7SPig+OINpmYzOzIhyhfOoD/1HTCOX2gjQbFqxblUu+KmCJjJb aZQZ6X07Tq5VSaCzu3k1JEbFntloqcW9ZzS0ALQ0oMgtLXgAN7fw+0Br8EjOKw5svpAat3d1+oHw MO0MgQJTTh6YLOegunx1FerExNcyTSiL5Pl/kmQa5SwP0sNIUW+2n192b9FtU2uMF6bqmFaTaGL7 k6++3ND+1Vd/HTgy89n4+ubxz/ijNKbVOF+SdT5X3VOQVDz7z2yyoCcbVaLK7im4ndUSu3hxbEsW Xzvw14dftm/488Mn24/N3BtvaR3/bOYw6ryW/RVbI+CX1ZtdNa62337+gcmcD1/yX5na8kUT/Hf8 90jUHa1PAjN3+G5uZMaR8hqRXCLnRqY03O3vdqGEOCf0P8XEZ3PNTkJ3Idzx5FbM6vkr/4cQbPvR B+ePFB/CrAsUOW0fHMPe4W8T4vAi9nhLfEiY6flPNIc/3JfEC++dnJmoGQOePQzEJLpBtNjWzozh OzOJwPYBfBqxLYn1Iv1Y34ljA7DNgG39eB+y8yKdONYR2zqwbqRj8dZi3cvWr0OYw0wSRPkkVjxG BnGdYroOtrngMwHrQ8LcZuHZj/WT2PcIHYdz5+MzGG893rHYn76jdSMdh88gfB7BthP4zoDlY9gm x3nssTyKspjwVrM3SS1nnrkDD0mtoAU3EktexOse+Tt4QgIMwavwDRPIpDIVzGbmDvMdO5dNYuvZ 7exv2cfsDOfGreXeEnGiGNEB0SXRtDhBvEX87+LH4hk7Vzu5ndnusN0T+yj7cvujDoyDq4O/Q7bD OodPHKYdpY6ljjsdRx1vO7k6GZ2qnHqdXnI6ZrUTicaLnbXaP3xEKCFLkLfiaxdCbGUgi7BmLTNk Hiy3lTlsD7eVxWQx5JJVpIW0kg7SRhpIHaknGzDSS8kKosU7j5hIga0WTALwWv6T/YOJQbh8SBW+ +f/G+5A4soaYhbHNWFPaWjbh3SjM3ISlZpzViG9W2dZpxKuBVGNLHZY6sFc9zuFDKkkNXmvwnl05 H9sasWUdlhOEkQ3YuxVn3vScXKueyuSD54UVeAUjg7KWtCQDxzThfBuFNXJwxmahlIa7WYMSbMRZ K1Gu/7vf82+s7Wk4fyxK0Uhq/hflAs3GZW5kc3RyZWFtCmVuZG9iagoxMTQzIDAgb2JqCjUyMDYK ZW5kb2JqCjExNDEgMCBvYmoKPDwgL1R5cGUgL0ZvbnQKL1N1YnR5cGUgL0NJREZvbnRUeXBlMgov QmFzZUZvbnQgL05pbWJ1c1NhbkwtQm9sZAovQ0lEU3lzdGVtSW5mbyA8PCAvUmVnaXN0cnkgKEFk b2JlKSAvT3JkZXJpbmcgKElkZW50aXR5KSAvU3VwcGxlbWVudCAwID4+Ci9Gb250RGVzY3JpcHRv ciAxMTM5IDAgUgovQ0lEVG9HSURNYXAgL0lkZW50aXR5Ci9XIFswIFs0OTYgNjA2IDYwNiA1NTIg Mjc2IDc3MiA3MTYgNjA2IDMzMCA1NTIgMjc2IDU1MiA2MDYgMzg2IDI3NiA0OTYgNTUyIDYwNiA2 MDYgODgyIDc3MiA1NTIgNjA2IDMzMCAzMzAgNTUyIDU1MiA2MDYgNTUyIDU1MiA2NjIgODI2IDcx NiA2MDYgNTUyIDYwNiA3MTYgMjc2IDU1MiAyNzYgNzE2IDY2MiA1NTIgNzcyIDU1MiA1NTIgNTUy IDYwNiA2NjIgNTUyIDcxNiA1NTIgNzE2IDY2MiA2MDYgNzE2IDU1MiAyNzYgNzE2IDMzMCAzMzAg NDcwIDU1MiAyMzYgXQpdCj4+CmVuZG9iagoxMTQyIDAgb2JqCjw8IC9MZW5ndGggODA1ID4+CnN0 cmVhbQovQ0lESW5pdCAvUHJvY1NldCBmaW5kcmVzb3VyY2UgYmVnaW4KMTIgZGljdCBiZWdpbgpi ZWdpbmNtYXAKL0NJRFN5c3RlbUluZm8gPDwgL1JlZ2lzdHJ5IChBZG9iZSkgL09yZGVyaW5nIChV Q1MpIC9TdXBwbGVtZW50IDAgPj4gZGVmCi9DTWFwTmFtZSAvQWRvYmUtSWRlbnRpdHktVUNTIGRl ZgovQ01hcFR5cGUgMiBkZWYKMSBiZWdpbmNvZGVzcGFjZXJhbmdlCjwwMDAwPiA8RkZGRj4KZW5k Y29kZXNwYWNlcmFuZ2UKMiBiZWdpbmJmcmFuZ2UKPDAwMDA+IDwwMDAwPiA8MDAwMD4KPDAwMDE+ IDwwMDNGPiBbPDAwNTQ+IDwwMDY4PiA8MDA2NT4gPDAwMjA+IDwwMDRGPiA8MDA0MT4gPDAwNzU+ IDwwMDc0PiA8MDAzMj4gPDAwMkU+IDwwMDMwPiA8MDA2Rj4gPDAwNzI+IDwwMDY5PiA8MDA3QT4g PDAwNjE+IDwwMDZFPiA8MDA0Nj4gPDAwNkQ+IDwwMDc3PiA8MDA2Qj4gPDAwNjQ+IDwwMDY2PiA8 MDAyRD4gPDAwNzY+IDwwMDM5PiA8MDA2Mj4gPDAwNzM+IDwwMDYzPiA8MDA1Mz4gPDAwNEQ+IDww MDQzPiA8MDA3MD4gPDAwNzk+IDwwMDY3PiA8MDA0RT4gPDAwNkM+IDwwMDMxPiA8MDA0OT4gPDAw NTI+IDwwMDUwPiA8MDAzMz4gPDAwNDc+IDwwMDM0PiA8MDAzNT4gPDAwMzY+IDwwMDRDPiA8MDA1 Nj4gPDAwMzc+IDwwMDQ4PiA8MDAzOD4gPDAwNTU+IDwwMDQ1PiA8MDA3MT4gPDAwNDQ+IDwwMDc4 PiA8MDA2QT4gPDAwNDI+IDwwMDI4PiA8MDAyOT4gPDAwMjI+IDwwMDVGPiA8MDAyNz4gXQplbmRi ZnJhbmdlCmVuZGNtYXAKQ01hcE5hbWUgY3VycmVudGRpY3QgL0NNYXAgZGVmaW5lcmVzb3VyY2Ug cG9wCmVuZAplbmQKZW5kc3RyZWFtCmVuZG9iago5IDAgb2JqCjw8IC9UeXBlIC9Gb250Ci9TdWJ0 eXBlIC9UeXBlMAovQmFzZUZvbnQgL05pbWJ1c1NhbkwtQm9sZAovRW5jb2RpbmcgL0lkZW50aXR5 LUgKL0Rlc2NlbmRhbnRGb250cyBbMTE0MSAwIFJdCi9Ub1VuaWNvZGUgMTE0MiAwIFI+PgplbmRv YmoKMTE0NCAwIG9iago8PCAvVHlwZSAvRm9udERlc2NyaXB0b3IKL0ZvbnROYW1lIC9RQVNCQUEr TGliZXJhdGlvblNhbnMtQm9sZAovRmxhZ3MgNCAKL0ZvbnRCQm94IFstMTg0LjA4MjAzMSAtMzAz LjIyMjY1NiAxMDYyLjAxMTcxIDEwMzMuMjAzMTIgXQovSXRhbGljQW5nbGUgMCAKL0FzY2VudCA5 MDUuMjczNDM3IAovRGVzY2VudCAtMjExLjkxNDA2MiAKL0NhcEhlaWdodCA5MDUuMjczNDM3IAov U3RlbVYgMTA0Ljk4MDQ2OCAKL0ZvbnRGaWxlMiAxMTQ1IDAgUgo+PiBlbmRvYmoKMTE0NSAwIG9i ago8PAovTGVuZ3RoMSAzNTc2IAovTGVuZ3RoIDExNDggMCBSCi9GaWx0ZXIgL0ZsYXRlRGVjb2Rl Cj4+CnN0cmVhbQp4nKVWW2wbWRn+z/gWx3HixM7F8e2Mr4mTTO5xkiYxzqXdtklTcm13Q7dTexK7 dTyWZ9I0gCjsViwrgZAQILSqWN7QCiQQT7CKeOB9haoKLW+AkPaFFeKhCNhuvfxzfJKmu6EsyxyN 5zv/fP/lnP+bkwABgDr4KpgAllf7h/559rXvoeWbeF/fKR5sJ52dryF+H8D0KK/IuewbF74MYP4j 2sbyaHAEbSKApQPn0fyufsfzS5LE+RTOPUU1K5M/m87h/DLOG3blO2Wwwz2cb+GcluRd5aH9x7dw jjHrDsBkfk84BAvUWd6wDAMQX+1pegDbQkudRXDYzIJxmX8Ews8uw53HwK/BzOocUBAfC5aH1c+T YdsM+cV1gDf/8C7WOmn5mpENBBzzAELOso6rtQEMN4vNMbFZnBdoNUp+UM1b1j/4ybz5HSCQ/ugv zG8Sq/DYrMZIhBNxNmJt7WwMt6XGUiPcaFBEt9gqmsbQOlRjmCfFSGZWzt7d37x6ZkaMOInX5nL6 vIlYqpCeJk3NvmBXz8i53r5Q9a+DpuUnP2/vzqQ3dlZXJiaCQfK7W1de+txsNE4C/uHBhbnldjFE 273OJjI/95WU1EdDLS5CvP6Yyfugej/m85JwZGpmbRPXlsHqRyzfhwzcgFdOrMBaK3Z0JDXGxmic G+LcwOtutdYcbK18qeTkMnG0evgWDNUcR92cEAmfTjCPBEPT6WvXX3n1mjydDgY72rsTo8PjU1K/ GHa1EBo8M3l1Q//Si1fOTAT8xNUihqWBqenUSFe8va16aLe3toWjY6PhSGur3V5n87hj0Ykz8YjH bbWKdkd7Z7I3M9XV3dFpdzjqO73JZDrd3eVtd9jJt7YuLqXGQ5QQGhofW1p8cXF6sren02s3O4PB ZDeWsLYwPzSIm+cLDAwtnF0ZHxrt7vEHGswOry/ZOzkljCejYZ+3yUmIs8nrC0eT8UjUH2jBK+CP RaNPvpvsTtCAp6XFE6SJ7r6xnt6Q6GpucYkhqQfFBiFUYB6VVA8B7AQqThwlYvNwK4mnam042msi mn5affTkrrBKJg+r40QQCA5rvcPZ5HTVV39F7pNQ9U8k9ND07Q/VB8IPXQFfwO/3uhrcbW3etg5X tQmzncXOJ7Dz43AFswk2a8R6QrVH3TjKGQk/2/9h3u7YUTeP2m39WDcT5Buvf7h17sLoWCzeRurc /X0LE32oSLdL8Ijhrh6pf2Dr4uLIqD9AImI6vfWSfvDyF9JpMVT9vbPR50skhvtjcW+ns5E0NnR6 47GhRDwW9LtbhHerr7/9NvG0dHel05uxi9Gor3N8bGNVTwRDbk+9QwzNTG+ul9SrmzNTNES6etY3 733dNTU6koihSGuymRyXBsIRt6fRGfD1JsE43/C+Z3b/5uWmqb8bh90nrhDuWh53jYD12IY+tpnq JZire+ejYaOHLNLJyyK8D/NmDdJ4Z/AO4X3OOPdAIxOkTD5gHhZ41ThbaxE/cfnJxrH9GvyaYwJN ZJpjAcxkk2MThMh9js3gIe9xbIEGoZVjK7iFCxzb4IumNY7rwGP6F8d2aDT3cuwAv3mP4waQzH/j 2Al3rSGOG6HH+g/MTsx2nB2ySgxMIEgCHAtQR5Y4NsEM2eLYDF3kkGMLdJDHHFshLoQ5tsEj4RrH ddBl+i3HdqytkWMHjJvPcNwAW+bvcOyEqiXEcSNsWN+EOVChDAdQgQLsQB50PPvfwnsIBnCkEK2A Ajl8vgAyvu1FdB5KkAUJUQaKOOgJb43NFHwq+LzNfA3mInrNwgJGy8Aa4mW4hNYC48t468iWkavA Lj4rcAttKmw/Nz/MqeWDSmEnr9O36NDAQIquKDn6gqz30vOlrEQzxSJlrzVaUTSlclvJSXTx/OzC Smbt/PIlWtCoTPWKnFN25cotqm4/6w9YdAH/KCisNB2xiokprOKshIXDYuGGUpH1glqiq3IJDbPI KGKxMKsW8TeDpCy6l9i6Kujax3bieUHp0yAZLauUckqF9tGPZaK1+J860unuG8xVO3YcxC01Wg4b SkUzuIPSQOr0LEc5+k7LYaToe16F/1/Xa/raYVF0FrvGLLDY68hYZazLzNPYfZ1lKzHW2ikZlzHj NvobvXrKzLLYOs5rkVXEed7Hm7DHNK8h0/A7WptmqPLEbv8XhaEsdwqarlTQWCjRdWlVopdlXSnp VC7l6Nqx4/L2diGrMGNWqegyklU9j9K4uVcpaLlC1simSadJzvjAK/iJq8804am45tRKWa2VC7hz xo7dZvuwxOg6+5aZy6qu3FbokqzrimaQ8+x1Gf/t68exz4aETs9WkOX5JYZ2kQl5XS9P9vfv7+9L Mi8ji1VIWXW3/7OH1fEUKzMtKEzUO8itCVxiMXdRp89NrR+UlZyiFXZKqH8pr+8if50dZEeiNARQ E+/pwt5mT0NuGvPQsXSZCfRI9BoK5wbKR2GiMSKqPK7BKXIRlnhWGRdheBtiPRLy3one7rN6svhL cfEqvjN8sixGmbUudyL6/1ozymldUwzR6nkU8glZb6uoUE3d1vflimKIXNu7cVPJ6lRXkavQIoq1 hK7yTkVRdg057zGt7ecL2Tw9UPeonM0qZR1lb9D/U2Tps4uheMpaP6UMisfVcA0A/Btsu7bLZW5k c3RyZWFtCmVuZG9iagoxMTQ4IDAgb2JqCjE5ODEKZW5kb2JqCjExNDYgMCBvYmoKPDwgL1R5cGUg L0ZvbnQKL1N1YnR5cGUgL0NJREZvbnRUeXBlMgovQmFzZUZvbnQgL0xpYmVyYXRpb25TYW5zLUJv bGQKL0NJRFN5c3RlbUluZm8gPDwgL1JlZ2lzdHJ5IChBZG9iZSkgL09yZGVyaW5nIChJZGVudGl0 eSkgL1N1cHBsZW1lbnQgMCA+PgovRm9udERlc2NyaXB0b3IgMTE0NCAwIFIKL0NJRFRvR0lETWFw IC9JZGVudGl0eQovVyBbMCBbMzYyIDU1MiA1NTIgNTUyIDU1MiBdCl0KPj4KZW5kb2JqCjExNDcg MCBvYmoKPDwgL0xlbmd0aCAzOTIgPj4Kc3RyZWFtCi9DSURJbml0IC9Qcm9jU2V0IGZpbmRyZXNv dXJjZSBiZWdpbgoxMiBkaWN0IGJlZ2luCmJlZ2luY21hcAovQ0lEU3lzdGVtSW5mbyA8PCAvUmVn aXN0cnkgKEFkb2JlKSAvT3JkZXJpbmcgKFVDUykgL1N1cHBsZW1lbnQgMCA+PiBkZWYKL0NNYXBO YW1lIC9BZG9iZS1JZGVudGl0eS1VQ1MgZGVmCi9DTWFwVHlwZSAyIGRlZgoxIGJlZ2luY29kZXNw YWNlcmFuZ2UKPDAwMDA+IDxGRkZGPgplbmRjb2Rlc3BhY2VyYW5nZQoyIGJlZ2luYmZyYW5nZQo8 MDAwMD4gPDAwMDA+IDwwMDAwPgo8MDAwMT4gPDAwMDQ+IFs8MDAzNT4gPDAwMzg+IDwwMDM0PiA8 MDAzOT4gXQplbmRiZnJhbmdlCmVuZGNtYXAKQ01hcE5hbWUgY3VycmVudGRpY3QgL0NNYXAgZGVm aW5lcmVzb3VyY2UgcG9wCmVuZAplbmQKZW5kc3RyZWFtCmVuZG9iago4IDAgb2JqCjw8IC9UeXBl IC9Gb250Ci9TdWJ0eXBlIC9UeXBlMAovQmFzZUZvbnQgL0xpYmVyYXRpb25TYW5zLUJvbGQKL0Vu Y29kaW5nIC9JZGVudGl0eS1ICi9EZXNjZW5kYW50Rm9udHMgWzExNDYgMCBSXQovVG9Vbmljb2Rl IDExNDcgMCBSPj4KZW5kb2JqCjExNDkgMCBvYmoKPDwgL1R5cGUgL0ZvbnREZXNjcmlwdG9yCi9G b250TmFtZSAvUUZTQkFBK0xpYmVyYXRpb25Nb25vCi9GbGFncyA0IAovRm9udEJCb3ggWy0yNC40 MTQwNjI1IC0zMDAuMjkyOTY4IDYwOC44ODY3MTggODMyLjUxOTUzMSBdCi9JdGFsaWNBbmdsZSAw IAovQXNjZW50IDgzMi41MTk1MzEgCi9EZXNjZW50IC0zMDAuMjkyOTY4IAovQ2FwSGVpZ2h0IDgz Mi41MTk1MzEgCi9TdGVtViA0MS4wMTU2MjUwIAovRm9udEZpbGUyIDExNTAgMCBSCj4+IGVuZG9i agoxMTUwIDAgb2JqCjw8Ci9MZW5ndGgxIDE1MDE2IAovTGVuZ3RoIDExNTMgMCBSCi9GaWx0ZXIg L0ZsYXRlRGVjb2RlCj4+CnN0cmVhbQp4nKV6CWAc5X3vfDOzWu1q793Z+77v+9Cx0h7SypJs3afl U5ZWlnxItrTG2BiDHWMOg8FAQiDmCKGAgxNoAyQQbmgbJ7i5Hul7Sdok5TV5CaRNc5Vga9z/zO7K suzQ11bjz/vNzHf+/7//+Q2GMAyrxW7GCAzrHQxF/+TeXw9P7oSydfuuA9N3Lv3JBvUPMSz4jZni xNTkTzoNGBZ6Hp4lZ+BB3Y14Hu7hPWaf2V26/jl5fRrDwhIMQzO75icn5FbuQQyLXA/vX9w9cf0e bCt2P4ZFw3BvnpvYXTzw/i8+hvs+WMQwRpDn0T0YB6vlPMSJwQiG8i8xgU3jsloOziV5OM7BSfIx DH82i11/Aav8RXKDrVgWs1zAyV/Qh3FnzRl8+1YMe/Qnf49hZCOnwMyGIQzH2jAMn+LATBgXw2JS i9RhkVracDNtR5+lZzjDHz/TRp6HliXseXKUfASrg1VIbVJLwiKF1hT+7H30GHr6PvQ0vpUeQmfv RWfpoXsxhHrQd4jD+B6GiihhoVAPHkbfeewxDOFyehR/ifMu+wbGwOVP0qPcfR+dgFs0TI8SN8A7 C9woVEr2sjld7JVyppLsFavhshcupeQBX3vrxGsbWwu+AKVCSEUFfIXWja9NtLb7AnIKl504cHCx NL/3uj3zu0qLhw+duufGG0p753bt3T+/d7F04AbYPEMt8l2gCBfTYpiFsBA2FEOoMqmrMheXsJD8 O5bO3/4Oov8P+sPSv4mEYr6QyyM5XB5fIBAJHkDfRofpo5zCx18nXna4XTarXiMU6PRWm8vloNfD 3vpgb/uqe6uMaivvKJmIV6aLlfesJPZRSp+/tbDhja2Fgt+npJjbQmHrGxsKrcwtrjh16PBiadf8 nuv2zpcWDx44cdsNB0qLe+f37901t7d0w40wCfbSpQ9IE9mIpRhKV8gZi1ZmBNLXqGpUCrhszgRc QGFbZbe2mvJyElK0W8DXa/zeTCYRddoV8hcQjnAc/yIUqBFak9ntjSfaN2RzXq9cQTYuDfTFkyaL UKSioFPzAL548Us2u9NiU6m5pEpp0Bv1VNjh0uiFYmBWKNC1poh/l1nra5d+Q/yJM4SBbMkTMTmD LQssUBlTVrhOVddmZdb12hcbr0fP0X3I79nm8ns8QG+1ymrz+WOx5OP9/cTZk0hL//zkUqnP4UQc gkNyazi3c7m13FqSU2j9NP4oSx/gvAY44oc5Y1KGJ7EKP1LRCvgA6hXW2Kzl+eHRSy8Q8Kc2m7zu ZCw3kM8GA2olekEi0xvdnlBTLOFwKVXoec679MFYJBYMuhx6jUSIlKpAaE3n1FII/2pvImo2CgRK ldffnOlfuovB4RHgVifZg6lYfimu5EQKLy+KqK6mQg1qFVvJToutJTO+ce/c6HhzxmpD6OYbf/n7 /de9Qqkc7ngim0vVOz2USq30uBLxhmxD0uNWKXHj3TM7C2ssNmSzrCnsnL0bqe46gU7cSf/ixsH+ aEQhR3IqEh0YPHh4YDASlSsUsmhkcICh4G+BghSsOQA3zLou00i6GtGqKm3ZByQViiWah1rbAiGV Fj1fA6zh8Wqe4dbW1HI5JMHRmY1+T1PDYCqV9BKf4XJJZLU1NPX0jNEk/mqqqSER87g1apPZbLPY 9M2xiN0KqwRhBDreDWsqAld5mBDDHAAjUFVQXIkYhf8SHbroRU/Sb6LffeMbJ0+eJIwnv/fGG8xO 7oNefpAVHmjBBLIwKstC3YefWbqJWLc0gn/7dsJ54vaLPzzBcOom4NRtsOtObAvMEK2A02Wt7LjK G+ZBoqq0UolVOOK6qvQAtlKMeDoqPEwlKi0Y6VSS3WKxWGQz2xwxu1OpEgiIGoMFgN7Q2Plobx/y OHOZwf6hD4UincHjS0XdXr1BpuC8wjPoopHutTv/dnqKopZ+ONDS7HEDiV6rTzb4AnoDCvjmcUTu AXFAIoFB53EnEx6f3iiRopHhB3a0t7qdUhFONrWGgka9WMitlSsstqg0m4y7nSpq05bn6GCf21Nj NoVDTY2J9SReU6tWB0JrAR8MNb/CSBZQCJBsuYYASeMJVuUkYgx8oVCrBY+SElOr5YnVO6B9EKG2 mPzeRLx1IJf1+wC/V8kTMWh12m0WtaqWo1TpjHqT/CohBD4+Dqt8EDS/CrPDOpGNsWtVwa9qaETE LYCfCmuIV+l7/+V19E/Xj481N5r0SK7w+rK5Deiej+jv0L9B6oHGlN0iFeOZpTc5BY02HG0rjLY0 t8AOnOKlZ4jzP6G9CrnNEgjA7McufUi2A42iWCuQrKYix1V1p1qh7lZav1iVQBSqmiZLxVahPFLI nY7G1NpUKOC0azWCR6QmSzyxrnt7aXxjSwbkG+DSll8/uvXoxvGGBq2GdoQiMZ9fbyTwDp5G53BF oujfR9o7YgmdAYnqVJTZaA8EAiGbU6m229e079px1+d27shlDXqvd2337M6b1Oh7SCh2OFtyE5sz GadDKmHk4w56lNSSXVgMG4SdLct/fNl+U3CpWCAw+4qnVkqMVJJKLltf67W1HC7Nx6Iep9moLpsh hD9bNkgV86Q1glmKxLPf2rxl21Yc1JfC4Ywls23hqMEsFIuEJmM4XGgEiXSBfHUhPgDHag9qDDqt WiYh+XKF1RaO5i8k0Vc1Rr3OYIi53BqdUIRAKyqR+p6TSz+9rq83FKTkSKONJ3sHdu/s6Y8ndDqF PBoZGQb8PwW8tZNrsVGGs1cy0pVSXrmZVFVTrvRzqkTjOqvCQ1UQUr1IO9KbUvX9gzNburrrGx0u 2aMCncZlj0YaGqMRu51ZnM7nT7e051oykajRjNDOHed6C4VkwmkXPV6rVFlsHm/wD2CGXa5kMpdt b21MOe0o0Z1u8fiVKpHAbExEu031JqtERtbwuEq51RSJmI0UJRYpJBTcxSI99w0OIECAyRyJFhR+ g14qqal5IKQzyBUCsUSqUFptyXrWe3wIvMcvYjUYlkoglEBUiRi/+CTx/kMPonk09xC9mfExGQtY DxLRAPbYeaU+YAmxrEFqVlBwWVAqlvIo8vvWtI+Pb5noWdeQsllFb0gzuX0jjWmrXSxFSCq2W9MN I7vWtMte41lt9Q29fZN3bJ5oTOt0uPELu3bmsjoNcNUbaEy3ijYk4jpDLLmuZ6rY05eq1xsS8TlB W3MmGAIN6vd2d81MM3gvArenOeOYDvNdze+qBWDMHiEpe5RSvLx4chrMWr5189brb96yNZszmZHN mstObL7x348dO9fb98Dpnh7U1/vgF7o68TNfPvqpsXFfIBTcMHbs6FNnjx4ZGfb70Nkv019EomNH ETp6jP4t/ds77rjzBFCSAs32NbBmcdBrNmKlJ0vYiJi8AiGqTGJ59UGV5vIY8fG7d9fy62rreHw+ j1/Hu/9bX/2rTUQNySU5JF8Aj2tvffMop44H7xCHrIE/ovgc+nudzWq2O502s9VuogPgDX5e7fWH wkCugAcUsgI9TY9SVofVEzQGAuGg36vFt1yJDjlAAzHoeB/QMY43nUePP0TfS596EIIeVl/fDPra CjqzsMJHsiyrbaqqtis7RCBbNpu0qlUT8qotsi2rdPJmr699zeYt22k3Or1v44ZcxmaRSC22SKx1 OJ8N+NRK+l/Xdn/mJz/rb2iw26WSfo02GM7mey8ifmemORTQatChmTUdgZCC4hTkCqenOTPcEImB HTYJeXqDN5BqwN07QgF6K2CPMbTRpacyfp9RJxLSVgHfoA8FGYu5BzDUCxhqBo/iExB0lSxQAKVU VZMwfg7Z7QiGG5taCz3HJ6eyecCU2ZTLFqdun+xeW59yOtTPOAtr5sYzGZdHIkMjg18Ke902s1Yl on+EfnKLWqdTqsTiRHzTpiM3PfTk0ZvWjwYCjCIJpFva6ne3pK221rbJ4hH6d3fciXhcIV8k4KG+ x5gd7IUdXAc7yF2O3ZZV3Gprlohfac1W6LlyQ9SokPu8+eymTCzicRn0ykcNbk9j07qe6bumZ/IF k8Vsas0Xp05Mda+rT7kc2qclGq3dGYo2rc/k3B65Aj9zbGq6fY3Nrla7XBAT5Nbk2mJJkzkW2bTh 6JFHnjxy0/qRUEBnCITSLblc0O8DBUuBLMLemL0cB6RtZH3IFR4k/tOK9/gT9B74juRzJ6FlL+x6 BnZdXIFH6zW0fMLpuuqqUuEqbb/a7l2h92dM5pbc1slbfnX0U/aXBGq119OSHulIN/q9ajUyWeOJ fFtrNBYPhtweo1kitdszmZHh4uJgP6MNFa/UUSqrA8Ddl0xarEKxThPyt6QLqfpUIhbwWc3gIy6A BxBP6A0bNzzrqPcHTRaZTCQ06IOBTLvfZ9DLJDKhWEjJwdg4YpG2rYXWgA96IbnS7Um39FqiHrcO wI0kUr3B5QqkHU61ViyVisRSBcU4dKl6hsIgv+StoKGUjIaCgLu6v6ofiGL4t96je7+JBFx+bR2f x+VyQB3x6/i1SHEONEtWZTRbbUYzRZlNFovZqMLfqnh0RdAQspVRNqMfKsNzL8s/oxPIotuztnv3 nhP0SZR6+IYDgwN+7xt6Q33j8Mi+A49/f2Y7/tyZm46MjvkCnAJyuPoHDt149tatW1rSBv2F36Hj t8A+1lV0Enc5L0Lhf/0aXSDj5JkLo+SZ06eZ3X5YiUnqGD+TC+1iUibJQNxL33vs+efRj75Pd6K/ Q7/bRs9z3r04gQvp0NIDTD9mP9tg9Do2NwMRcbk8Tjyw5MZPL00RiFM4TY8/RMdOQ+u3oHUztOYx a2FawnoodAR/Ymnj68QN5Bla9sjS+9ABq1BqC7RVMBH3ss1iu6yg1QrdSW5BemO6ZXzjQfoXr6N3 D23e1NJsNr0xMPiFP9L9LU0ep0JO/OXwup502m5fooFeemM82bl286F8dunXSKVwOmJRxje89M9s zO3D1pY1HWO3pRJHlPUQQdUx5YrcRMUrquqUqrJLrIqEic3Rvv4D4PGh264f7Iuy7uDzZXfwLFNn rqWfiYVmYzjUVkjGnTaFTKawOeKJQi4UNoGkfHlHMIzuvANp8ATy+SdIpUKrUSl56AsX5C673Wik VLWkTKrVGPQ6tGtvb188AaGrWp2IDw1dv9jXEw6DTw6biPUPgq3ygl74PKcb24QdxO7FME7V+1vt 1ldVgPNKXV9VCasNmmpZm1aDBSb0RPFVeqPmsiQliMq01KoQgwx7HU6Ing1Kg9Xu80cTjXM9fdGY WotUSvAI4xmxUMSvq6kBB9Hvy+fXF5oa/T61mvGZOrt6jGajzeJ0eL1mk+KU1uePeKMhj0ajptR6 A/0KhGIQnLv8dqdGJxZDWKLKNqT8Hq26a7y3Pz8SDCGpxGyKhnMuu9Vk0KoFdXyZRKME/1srU9QJ DPp4rFDoW5dtYeJ8sw5msjsdzuZ6Nl2BkERmtUWi2TXJpM9vtVlSkWgYnIzg6OS2g74795Y2JTVa xCF4twrIGrLTYtAr5HV8JBCxLm+uscmrZZjosIYvnp7au6cU6lw3lQiELDaZAtXxwLmVgSzdAfKx lsVpVa6vslnUKpulokD2256nP2aCuWikv3dB73F53HarUma3uzw2uzwfiZrMjBf6AXH24hBx9qRm qrM9FADc4ARBcohTTF4Jwhl+nVYfDK3ln2R0wDdhJaisA+QVFcDYo28SKfodlL54DqXpd0CoL/zu 9GlSWNEZ3nJ7aMbqGiZXS+xc+uPrr+P81/H5pVOcwtI38eTHX2c0wVcgWsuTfeB5bLqsCVw11WSG QsWKIrUyaq+Cc3XUzl0V6lMrHXUGcnkIxYKhrnW76yNRn99sU3JYwXwBhPTZioySGrMRnKRIZve6 rlBQIX9JINQbw9GOpng5DaAAYibihY5oxKgXCXDroe0za9d6/QhYp1LarDFcLFWq9UY9vZ5DuJwO o15J8QiZQqM1mjRxpwOwxkduT0fX9plDUz09yTgYNEUoOjxya6m7LxRVUAZdfaq/H+i4ABK8vpyn VoGyXiASf3Xx2wrOTz82M1zZDFTeDfaL1egIIusY+494gn6dfvUt9Ci9+LfIj7zn6EX0BHqFbsP9 uIjegP5i6fdL32P6T0L/KYh1Bv/zDAl7LdOahd8VN1fnKSkpLq+pEYoolcmq0coVvDp0Bkj8aSi4 UCbTamzW0Jjfq8ClKoVBb7eHmr1erUbIR09XerU6XPiXexNxq0ksLPu7/Uufv5xUqZErNTq9AdSi Va+VisPhqaDTplWLhJdTnNXeQ0NPL92F4eg3ALUfAb3YcwYWj4wN/M0HH3yAfPR7hJj5n6FLJ9Dl U2UbZrFUE3Hkpy78DRFdUhFvXfw7YuJuUnv6xIV/YlrfDDxaC97X+lXe11VxdlVB2hLLGZZ4RV+6 VtFyWeVSVY9rrcmcbhkbX/zU+vHGJr2B9zIXzJm9PtF1W886COBiiaaW6PS2aH0yFDDqUb7t6P7O LsELfI+7Jd3Xu/66kaFkUqsBW+NMNnQOZJp9HhWFFjau6YpEdTqLKRVvb+2S1gdDZnC0Mi0HW4MB nQZAehqJ6gy6gC+7I92ImlvmRJsKbaGASqk3hMLZXGd9NOH1gzYheUajLxBPAGUPVWIIE5ZlznWu ikRXuZvL3uaqXHKqGi1xEjGK7AXHJ9+2fnx6Zmw8m3c4nY58fnz9zqnxsXze6XgRBNrlTjV0dDc0 OcHvpuQeV0N9V3tjvcepouixD/AvvH3seP+g1W63DvYdv+Xtd4/f0t9rNiFkMvf233L83Ud27shk IIaCGCOTmd35yOdmZrM5nQEhgy6XnZ353PV/+hOTGWC1cYGNZ6Vlo7kczl52qMuCwmg8+UpnUg5g O8PkDXGZRATO6xO3P1nDra3hcXlcmRzHH/v1SzwBX1AnEgr5QgHvpZ8RU7FEPBCN1seDkZiD7kIv iim5RqlVq1PpcBxIHbt4mlOgVWqH2+GPBP0Ol1OLfgXKFMeK9CFyL3AgDBy4fMqz0lQvZ4lXnWpd Oz2g0UaihTXj7rbWot5sUjsDofBIJheOWm26vYPDqQY9EOrPpwzu27d/eCRZTx1uaIAonXOcV1OL tJpwsL0wyk/E1o8dPnT6P8kjnLz0AetROlZYhiqaWCftyjBPGiObwe9rTI9vPFAaHW0AYXkdUGw2 JuJ9Aw1Jm1UsRK+hX90+sS3dAkvXadINWzbdSuy++KVtbcyBnUIhD/o618wQ7TD3c5c+IH4Icxsu U9K1OrJKMIaZ+KFGF4mtXTfxzPR269f5FGXQO+2e7ck4fQ79AT1R7BusbzKa0fqxN025QMhoEoo7 2k8QvNOM7YP95aveKMIrWSSbgjFdzPFcPMVezF4VTNKyrIVXnsP8mQwlWLqp6VdLwyMhNmONoy+D 6n0ex8nQyNC+t7dNvCQWmyzBcL41nrA7mX07wajlMuGw2SST4Fb6/951F/L7tml1BqVKIiVrVZTR CE4E+Wt6vQE8Np1yNhxEd9xJ/9Oe/t5EVKsGk5AYHLlhf29fMCyHtcSjg4wNux/kZgfQUM2calik VRYmqgxjgoqH0VcVoUhztn1NvrOzPdMcCWufRBOniCWP1aGByA3dD76a0euNXlh3ijmjZTU58jF2 0VLW4VXdnQdP4nbQ8eAzWVbqnkSVMKlrBHryGP6m0+UJR5vSPTa90SRXq6U9awphGe19A9XypRKx WMAnCAFfIpKKBRdf29bTl2zQG3FUeyuB8KbGoxEytHRY5/I4XCZzLd9sBN67DPgR4O5JWI+RXAs2 ZZbB7wq7sIzYhG2Vkrwiz36NlDVAQ/7neF/Rm/j2Da0FJuMq+JqkMbWpPhSwmOQShCv0Jrc3Vb9m uqMjGFKwp9XhYPe6uT3DA0Giksd+ppzH3rHTqla7PJF4vC3MuIzwZzZGw/l4POpxadX0GLjUdms0 ktasdXukEpcjnR55CyigN0pkFjNoi6nbjm6fXlNwQngzoTYbDTqFnORRKoPR7nRe/Jv3F0rEd/b0 9UbDKqVSFYn29O3Z19MbDMkVzJrCPRDUoksXLtnJ7146xvCZC1aYQ/7gx1u3AlVLaIwcJT4sW3I5 Y5+hMAk7A/E+MXb//TR2//0MGuyAvTNlP5R1jWxlNwmfRt3n6W704/P0HfSJ8+jHdPd5og1is0NL Gbx56W38TfzYsmUvYPlPyqBXDdWqUJBrYxxlYoWpI9eCvclkNm05OD8w2NBgsQlf5FNAwViks72h weNizlNYMxYEFFk1euVzIcKydIsh3NExOTs01NRoMaFXikMjzJGqls2YrKE8dpfeJJFBaOtxNzV0 NSViTgcYdi5PKJIp5Pj/PkWPOnRg2EyWVENPL0ORe4AiabAOaUYaq/hfuf7VR4Op1S4Je9xD3QM6 crB/sL8t7/XKKas9HG1MBsNWm1JV8zWe2dSQ6u/bOTs0kG4wm3z+fNvAYHdPNmfCv79v62B/V0c+ n8u05bvSTC5HJBSLjSZfsFG6tq01Bh41xLPBUKF9bEtvf0dnNpfNZXLt91YzEd+qRBUrMxgf0Jov QFiR/hldixfww2doH8QWW/DPL71z8d+ZftWvK/IrMtErfI4rM9KXabKcky57JJfz0t+Z4bCHxLVc mUQuKddqyR3f+f6ru7lcCPc4YinzDErN7md3c9hqTS1oMYL9CKBm5lX0KblWY9JbTMZCd3e70WTR G8FHpm/kFC6+mm9uiTTE2tr0ZqPRYNCp0N30XpXOoDcazfq2ApjaWLSlOUm0MnHTZwChHcDNemzs aowux/XXOr+gPilkWm1IOsCgNjQNjcwd2rCxucVQPiLYsnF/RwaCY5dLddaQbunvSqe9XpDk9WOl LX099Smj8asymR2Evz0aibo9Gq1C7nIk4q3ZRMxuY46Bi0OjzVmrLRQcGT504MHnbr9t44ZIEInF Fluyvte0weNm8rwTk0c2gJkxmesbe/t2ttanmOhbIjNZIPbuyObAfTWolAz4gc+PAJ8DbD5pmRaU rZrMYNLSga3Do4z/+AryuJgzyG1LJuJu8uU77rv/gQcffuSRhx99+MEH7z11/BRQdh89QrSBVXZg HgzjrDrfYa3JykRQqnq6T7Qhq6Oxqad32Ov2ghxb1EowmjaP05OKhtkDMXoWX/uNb+jnurqDTLKG Q9QATnh3whQQfHOQiEkOBduIv2Y/CkAYH/b0FptNXJmjXM5PnvsbmnsOZSVioVAoEogEYpEUtZwD GB0MhKOeSDAQhjA2RByHkT7CLxL/i/MtTATUcag4Ki5BuFKOFIeI4Y+i2gD985f2f+b0/lfp/xdA dYLbyCe2H+v8uAPhl7COjzqP70QMGS5duvR78u84/aB37VgBm2Zy1DFYlWOVjliNwJh89Scjq7y2 BPqfjvAPp4gn7rv4WAPg0aEGg+JyxRNN6XjCxcTrTDIpEc/cxuNLZBqtxabTyWQ8HkTrMplOYzPp NDJpHQ+v/R905nSCfDtc2dzkRDbn9khkMonHlc9OTOayLodUTD+X9/v0TETFFzAnovmc16/T8wUC vl7n9+boz/73OwNnb0Evk+2AkRrGyiEGJcRZ+qv0y59FB7+FDqGXCdvFfyBOXNzHvP4j0Y3/oPLl Gyg9/Oxdnp/Co5sYbcLkEyLs6cmKk63ly3ZZM15xmnDNj0nYgy8mdIvIFEaz0+P2uDxGM9j2ZxEl M5tc8MTlMBkUMiRXOlzJ+ta2VAOjI2q+Vud0ZFrWj+7dtX4s02KzLt39NvGrQjzh9lisepPeaLWB /9Iai3ncFpMJHtisXncy5fUa9GKxXGF1ROLNgvXda5MJsxHMSLi1cOGVc+eARr+Gva0DGnGYLDbj cv76dfwxTuHC6Omqn/A0vK0tZ9rYRAr+ziu0/jy6DpXO4x1LX8M78KWlh/FJDEdb6U8Tsmoegfl+ EMkt4JN+QN9yBvHoc+VEwoXj+GeWdkCbW8C/b2epug07uiKOqFkVEVfpuZzjW51+reYCqn7/6ph5 2aGUr04Krk6BtesNjU3jGw/duH5jY1pvYL7EikVSTcEQk4I26OtTQwNzCyND9SmdTiI1mYOh5jT4 B+BZ/KNQxByzd64Bj9AiFNXxjfp4rG84HjXoeFxAnlBktdU3Dfcl6602CXPSLbFZGxv6q3HXwaGO rkSS+QzAbEzGuzoG25samKwPnxSaTeDdR5KtWfD9DXqkN4TDmWxrIhL1eo3mOrJOo/P6Uo14POh1 m4wyCZN/NYIrG3S6PYzToVLarR63Y+mBQMDnsDIepc0eCAbTEDw7FRQld9kTUeDz+/QI6QD0r7ns i6ekVXdg2R2SVv1vC3U5HVazigsq9stA0Pj6XDLpcjFffirVLlckGotFIy6XWomqXzUg3ntBk4Wi eHUIySmL1e1z+7xuqwmMAdihje/Ro9DS465PtaEtGb9PpxUJ8duZL6K0fl8L2toONs9FUSeYL0Qc zgT9ZEMwZIEt83DmGM0WCDXSf7HTF2C+CkMU0U28yEo3tyzfTCHuPOn+KU1VBH3pCAg7OE30p/EX yhEUi16ChS48ZEDLfD0C9u+XZUrJE+Uw9yqgLqf7bInlw+/qN56q6reSlLQK+Kfe28B8/2U1ed1+ LyPPcopfp1CaLIH3EC+bSrqcKkqtdLuikVgsEnW5lWpK5QSlkqVHTwR8O9GGxlDAZlVRdTiTZbWE gg1oPAH+rlLAPwGusydV304/1uLzaw0CEbodF4q0oCwz9OfbUvVuD/AHNFwS5PwEyLkOM8EmCcZD Bz8dii0Rg2IB744pMXhukROPtyKS/uexuRH600NzQ+d+1vpviLt+bgztHJsb+/5StoB2tBI5+u1d 9AzznTL67C7UvKtco2d20W+j5hWZcIrxWZfzpDG0nL8g2pY+IjgEgdAX/xGXcEgOKG9yh9/v8gVc F+8HDXXSFXICSYitbHbnLvD4Mn/O42OjkmrqLLXKaVl5dsBdfViz6mCLzDAfheQ3b71uIJuLxex2 5Vl9unFjZ3OT36NV4ZTdGQjHU6mJdT3JlN5oNqWb1o/Of3Dw+neYDGM82Z6LJ2x2uUImsVsT8UIk EfO69Rr89b+89dYNG4MhRis0pPp0Gz1+JnWUz2+bOBpijmiFImSztKRHhorbR4bSaYvlyaee7cxn 2aBAqXZ7G5oK+YYmr1+jZTSLJRZhLNpD9CjxKiCVWz1xhGjwIdxGn0LzzEfdJ/70+RPQSgStIpVW 5aN0KRJBi1PQcvREzZYTH50A6m6vnN3yme82y2cuCMwFhZCFOPP80gJ+w9++Qt9DC9DvUYZ+E2Xu JA5evO0k0bq0thxnQJEfHqO3iNN/YD7gX/136QLon+/CKhBjqyt/0KfmzNKDMPOH0GIb+d1yxLLi b5w8jzFfwGNQSuR51EOex+XwO1J+hvrg9yUor1V+j0L5LZS7odwH5WYoX4HyOJRboNwB5anyWGzb aShU5Z5ps7dSjkPphVKoPF8H5cNK/a3KLzOWr/L7zcozZq4FKJuhTML6fgO/nZV1HIJypDLnSSjP VdrfX2mXL6/70oXKeuyVfvdUxmZo8ACUR6Dsg8KH8lHlOewN/bEy76/LfdHWyp7fhzrsERGVvScr 490Fzx6CIoI6cB9iBwXmxxpA7x3BXsD+BbWhw+ivcRM+ix/DHyJ8xGHiVdJLPsOJcdo5j3M+qMnX jNS8w3VwT3Afq03Xbq99rPYrtd+u/XntRV497yz/Tv53+b+sQ3V31Z2ue0UQF3QItgh+LhwUPiUS i7pFN4n+VawRO8VzEqFEIwlI1klelCqkYenDMrusS3ZS9hXZe/LH5C/K31FEFTnFmGKeSlB/Qb1M fVOZUM4pP6MyqaKqgmqqjCFsHLuP8W4qd6v/9Ghk+flm7LVKHWFiVksxfzjGRZsqdQLTos9V6iS0 +UGlzsEEeHX8GkyE+yp1LnaQCFfqtZiCeK9S52EisrZSr8P0ZH+lLsCC5LuVuhC7iXOhUhdhvprv w+yI5MHdK+xKmDrCjMhQqeOYCHVX6gQWR8VKnYQ2L1bqHEyNfl6p12B6XFipc7Hf442Vei3mJp6p 1HmYnvhVpV6H1ZOqSl2AbSTnKnUhRpMXKnURNlJzA9aKzWN7sAPYAjYL2JnBSpgZOwMlioXhSkFt ACtiU/DbgU3AWz/UOrE5bBILQi2H7YLLvKL3IntXhN8i/F7H9mVaroNeefDJB6DPENR7sR54Osu2 n4BSgtYT0LaI7YbfBWwnPJuH6OyT5sda5/ccWJjdPlMynzFHw+GUeaA4Ze6YKPnNnXOTQXNu1y4z +3rRvFBcLC5cV5wKmtd15gsDuaHO3h7z7KJ5wlxamJgq7p5Y2Gmen76yPwaLngWHt8gurQT1eZjY jHWzv/PwenZbcWGiNDs/Z+6en4MHzFK3Y/uAJMwWsIHi9n27JqCSg21Owrs5doMLMEaAJcknjp5b nCzOTRUXzAHzVRP9Vxc2wrZdXG4ZAeox3MVGiguLTLNIMJy69rDXGPST1vA/42gZO9vZUUrs2OWW s+zYw9BikG3Vx/ZkCFpiZ5tjWw1dY8ZemHEa+jPkv9xykh27BPflkeehPlNhzQ5g4AK7gim2X3Vv iwziVlD2P0EPQG777GKpuAAPZ+fMw8HBoLlvolScK5kn5qbMQ8sde6enZyeL7MPJ4kJpAhrPl2aA 7zv2LcwuTs1OMrMtBq+FIkZ4F0B8569gwmXktM4v7JkvLxcDyjEUu46lQzfbvMTKKdtlsFS8rmju niiViotM4xn29R6sEQvBtZ+9gtDpyhVMVuYPsrXd0BKbKZX2NIZC+/fvD05UljEJqwhOzu8O/feH LYGG2sNiociieDu0LSM6yI65G0TuE6cuHdhTnCouzm6fA8AHZ0q7of0wq6SqoGQAUAbvtYE9zf4y cFtke5Rg6RMsQKugXwTgbAP4FFnQMCPOV8Zl2uyqgHCuMusEbILpzYC1CuR9K3i7n13PJPxvhs3P wzumzyQ7xh6WdVMrRv+vrhngNLxYZEBbmgEgr4D19DwgdHF+urR/YqHIgHxx37YdxcmSuTQPbYvm XQDWOeg6sX2hWNzNwHkfi7X9M7OTM+YD8/vME5OTxT0lgD3T/M+NHPzvg2HXNfb6/wmDXcurqWAA w/4D2I7cQmVuZHN0cmVhbQplbmRvYmoKMTE1MyAwIG9iago5Nzg4CmVuZG9iagoxMTUxIDAgb2Jq Cjw8IC9UeXBlIC9Gb250Ci9TdWJ0eXBlIC9DSURGb250VHlwZTIKL0Jhc2VGb250IC9MaWJlcmF0 aW9uTW9ubwovQ0lEU3lzdGVtSW5mbyA8PCAvUmVnaXN0cnkgKEFkb2JlKSAvT3JkZXJpbmcgKElk ZW50aXR5KSAvU3VwcGxlbWVudCAwID4+Ci9Gb250RGVzY3JpcHRvciAxMTQ5IDAgUgovQ0lEVG9H SURNYXAgL0lkZW50aXR5Ci9EVyA1OTUgPj4KZW5kb2JqCjExNTIgMCBvYmoKPDwgL0xlbmd0aCA5 ODcgPj4Kc3RyZWFtCi9DSURJbml0IC9Qcm9jU2V0IGZpbmRyZXNvdXJjZSBiZWdpbgoxMiBkaWN0 IGJlZ2luCmJlZ2luY21hcAovQ0lEU3lzdGVtSW5mbyA8PCAvUmVnaXN0cnkgKEFkb2JlKSAvT3Jk ZXJpbmcgKFVDUykgL1N1cHBsZW1lbnQgMCA+PiBkZWYKL0NNYXBOYW1lIC9BZG9iZS1JZGVudGl0 eS1VQ1MgZGVmCi9DTWFwVHlwZSAyIGRlZgoxIGJlZ2luY29kZXNwYWNlcmFuZ2UKPDAwMDA+IDxG RkZGPgplbmRjb2Rlc3BhY2VyYW5nZQoyIGJlZ2luYmZyYW5nZQo8MDAwMD4gPDAwMDA+IDwwMDAw Pgo8MDAwMT4gPDAwNTk+IFs8MDAyMD4gPDAwMkI+IDwwMDJEPiA8MDA3Qz4gPDAwMjg+IDwwMDQx PiA8MDAyOT4gPDAwNzU+IDwwMDc0PiA8MDA2OD4gPDAwNkY+IDwwMDcyPiA8MDA2OT4gPDAwN0E+ IDwwMDYxPiA8MDA2RT4gPDAwNTI+IDwwMDY1PiA8MDA3MT4gPDAwNzM+IDwwMDNFPiA8MDA2Mz4g PDAwNEY+IDwwMDc3PiA8MDAzQz4gPDAwNDI+IDwwMDQ3PiA8MDA0Mz4gPDAwNkM+IDwwMDUzPiA8 MDA3Nj4gPDAwNDQ+IDwwMDU0PiA8MDA2Qj4gPDAwNDU+IDwwMDQ2PiA8MDA1MD4gPDAwNjQ+IDww MDI2PiA8MDA2Nj4gPDAwNDk+IDwwMDQ4PiA8MDA3MD4gPDAwMkY+IDwwMDc4PiA8MDA2RD4gPDAw M0E+IDwwMDVBPiA8MDAzMz4gPDAwMzA+IDwwMDREPiA8MDA1MT4gPDAwNTU+IDwwMDRBPiA8MDA2 Mj4gPDAwMzE+IDwwMDJFPiA8MDA3OT4gPDAwNjc+IDwwMDVGPiA8MDAzRD4gPDAwNTg+IDwwMDM1 PiA8MDAzMj4gPDAwNEI+IDwwMDU3PiA8MDAzNj4gPDAwMzc+IDwwMDZBPiA8MDA1Nj4gPDAwMkE+ IDwwMDI1PiA8MDA1RT4gPDAwMjc+IDwwMDNGPiA8MDA0Qz4gPDAwNTk+IDwwMDNCPiA8MDAzOD4g PDAwN0I+IDwwMDIyPiA8MDAyQz4gPDAwN0Q+IDwwMDIzPiA8MDA0RT4gPDAwMzk+IDwwMDVCPiA8 MDA1RD4gPDAwMzQ+IF0KZW5kYmZyYW5nZQplbmRjbWFwCkNNYXBOYW1lIGN1cnJlbnRkaWN0IC9D TWFwIGRlZmluZXJlc291cmNlIHBvcAplbmQKZW5kCmVuZHN0cmVhbQplbmRvYmoKMTUwIDAgb2Jq Cjw8IC9UeXBlIC9Gb250Ci9TdWJ0eXBlIC9UeXBlMAovQmFzZUZvbnQgL0xpYmVyYXRpb25Nb25v Ci9FbmNvZGluZyAvSWRlbnRpdHktSAovRGVzY2VuZGFudEZvbnRzIFsxMTUxIDAgUl0KL1RvVW5p Y29kZSAxMTUyIDAgUj4+CmVuZG9iagoxMTU0IDAgb2JqCjw8IC9UeXBlIC9Gb250RGVzY3JpcHRv cgovRm9udE5hbWUgL1FLU0JBQStCaXRzdHJlYW1WZXJhU2Fucy1Cb2xkCi9GbGFncyA0IAovRm9u dEJCb3ggWy0xOTkuMjE4NzUwIC0yMzUuODM5ODQzIDE0MTYuOTkyMTggOTI4LjIyMjY1NiBdCi9J dGFsaWNBbmdsZSAwIAovQXNjZW50IDkyOC4yMjI2NTYgCi9EZXNjZW50IC0yMzUuODM5ODQzIAov Q2FwSGVpZ2h0IDkyOC4yMjI2NTYgCi9TdGVtViAxMjUuOTc2NTYyIAovRm9udEZpbGUyIDExNTUg MCBSCj4+IGVuZG9iagoxMTU1IDAgb2JqCjw8Ci9MZW5ndGgxIDE0OTQwIAovTGVuZ3RoIDExNTgg MCBSCi9GaWx0ZXIgL0ZsYXRlRGVjb2RlCj4+CnN0cmVhbQp4nLV6C3xTVZ7wOTePliKP0BdPuWkp pRL6TiuVAmmbtoE0KUla2sKWpnk0gbzIo6VAeT9EREFEEBksT/kcxmFYdWe0sjvLuLMugssoM+Mw gICuMyu6LjvrKjS3+z/n3pumFR1/v+/7EpKce+7//N/PWxBGCCWiDUiCkNGcV/jajv8ph50n4dPY 4el2ars+vQzrjxGaoHc5rPaOIp0KoYn5sFfigo2xksT34NoF19Nc3vCqTX/J+Aiu4TxWefw262fZ dzcgNOnncP+A17oqgIyoA6HJ9XDN+qxex981X/x7uA4gNOUzhKX7mD4kQ1JZjfRdhLgK/pcxY4Zx JjLMyESJRC5lGCmg/OlYxC5AwqvCHQ4hFrH3GXkKl4IPJnjxbdjGwm0GObnnpE7ZcZAyAaFkhVKR pVQonVLUH5JM6v+Eey5h9Nd3g/IcOJGEkGy57AqFAxjyTpK1cQpuPTdWdoW7dt8gPUswOgZuy52y L9EYNBUIZSTI0+XpaaVppSXq4uzpEml6mmJsglzJZk9PZkpLJM4z1naM261nzrRbre1nsOtdeHEH uOffvYTxpXelH27a/NmdjZsx3rzxzmebN+F0fPESt4/bd/HSpYt4BV5x6SKRxjlwS7YUaCoRypIn yLMBu2JsaYmyMD0tXTE9e3qmwEYRsFEqW7oiGF7LPfHhH/7wIe5cGw6u8HS4Qpc6uzDu6rwUcnV4 TI9OmoIv/yt2YOflf508pYS7UJuZsWXLnz7dsgVnKhcQip+CNqSgjSSqDRlVm0L5JbZwx/AS7MOW +3dwkuTtWiyvva/mvoIT4C3MbLyZ+BPR32Xs4g7gzVwPwdYH98oBm3CvD2/k1suu3JtJ7p0GSuOk a9BkuFAo1QrQInlngpzphGZqSWlJUVp6mmwcd0CeOCZ12rTclfM0mDuInfVLl/h+6bQzL0cb/fiF 3Y+WTsxITcYNi5+PfihtO27Nz8Wdq4DCJIQkx2WHUSqlAG9isCKFMiN7ulqRqShSMEV4Jfc0Zqcu /Tl38YOm5rNnZYe5fxxAXJYBFDWAmps+wFcxwnMFfiV3gF+CTVB9qshnKTGI5E5ebn7uTt1CwqK2 pWnduNSUHEle2sikpuYT0X5p28+9xQUYS6TEm5oGbsuyAVvMm1JTwIyFgApwS9hBbyL2Zn65qnze vPJVkbnlGJfPjWD2+NGjx7mPuOvHjh8/JlnTsLj3SENjY8OR3sUNGB06xN3h7hyCF07BKYcOAbUl 4Eej5SkoBU0TdKEm7pTBOyvhXlLIO7LoUZKTxI4Lm5oj723dhvG2re+FljQdCc6dM2duMDhnLsZz 50j6mKZv7hy15ebhE8ewFEvgOze//18s5iO9Fnj1HjFbQG+9IKlc2kbkhDhMTeHxk3cpoSkykwnM 9GIXZjBOTFCkTcvI82vmYyd3cFHLUs95uxO/ypwOLH38idzHy+ZMykxOwY0NB5mc+71H23PzujqB TtPALakaNKokEooGSuFDtFQRFz1ZIK5UvaB2gXG/yWIx7TfXLdA0NCxezF3+MbxwXlOjRVrO/bFg wvjFzYcONzZjPHF8IXeVHa3Ahw7iNJwK32MUoFXwCGYcaFUSnztOE57JR9p2vxeS0x+JtSEO5IhG VQZwJ6g6O1OhICfA2OnAXgLRSbJSQqKAudGtLi5Wdx/l1jN6nP3E4xhX1+42zivXXOacrz9aOrtV Mm+WyuVUzcTcRu6r6AXZFZvtt/tal80aN0+zgWvCoUDODCx4rcAj5ZByJ0/55g7hajF4RRJobCLK BNBUZZqQSERlEd8g3MkIS6DNBFlS/5ujDIYnA6s6ezas27COe++llzF+6QTOwIkv/ojbg8vmtLnn a8YyRc518+ZBSqni7uSPn4hfOAj5TXH4Ry/2PuOcVw5QXuBs+cBtaTtQLxpmr/R0yKXp4CYkTrMV aUJYEIWR/KAu5h1Wmh5e7ml1FhROn9Y+D49ra8VbtnD3/J2r1i4PBsJudTGeNt0z7z/a2lZ3R9t9 XrDol/njx0+YVKxKG580Ypqx/sd/29Iybuw0PFY9YeKUyWX549NGJz68aNGJs40NeMxYorujCElv QPZ9GC6IbXEJzwdJUQkKkp5AOcShExgDs+f+eUapy8zA1TWRJcs93Rs3rF+NH9r37Lx5/4IncZ/g Sfhmxbx5VS5w6qxsPa6dmZ7W2fWb1e4VZ3j/kO0A/3gIpRM7CR6RlalQYkWRUGIy+5j1eMrz+zHe /zx3m+PW441X/HPLy+f6ZVfWbfjznZ4NOHpPeo5bhh9VO+wlJUL+lYJvoBGD/glZWDomGmQ6os+T XMxd4/6duxbdTqBrEUqYApH6EIFOpv+wUiJR1uKlfW/hmfBZyn3Idb/Vx3VL2/r7JdKolOm/3yth +jk4vQPi7wvQVjGgAqOlggBKuWBBGunExplq6mHFgkNRJUp5JUreeK7egP/Pj7k3w8FIwLPC7Tpg XoRNlmMHj+6pqcZa7brW1mWtK1cGPDjjmd1arSQru6392euhME5RTMc5JZCx1cV2p7r4a5w3628a oAikps3AE6cqxuLWtn/YYrKAnqGqybNprU8iNpWAfOQtkVZHTy7jepgcfIHJ4Xqip/Dz7+Kx3Jek VjFZjClWryCSvqteKX5gvXr+mfh6JU+JnhIKFtBYCvaqBgtQe6USp1NjZURyOXqWMfSnMYboBWnb vejBAXSPcfIRfFv6NsTQKJQHx4GTVKEZUKuzBtNq6XRIekXqeM8tBaUzR1eWzgZdLbJXa7Gb21/b 0rLxFY8P4x3bccb7lVW7wu22hlA4FMF527fir8FtddqsbLygxpezPbrxpDM3z2k/9qu/WYInW3Ky weS5WDF5zCiMO7tp53Jbdg+8IYvvXDKHdy7Z8riSB8VYKbu35+ALJ0j3cv063vTsE9tX96zpWfNv a3tWrbr2mLoo5zOmyV+TkUm7F/d779HupXpaBsbrN33x+caNiXIFZCEGKL8MXvwq6CQXNCKYhNin uLRYLeYxuBSWqfGdhvSNymVLV/7SYcfcAQZnZBqcoB9oZqayJlfpo7BwVTRaXKGWJsnJjkdLwGS3 oo1M7ajRoyZ1lhZji+XF6B+Y2jdKYNl4iHYirQX5uHQ2qRRco6wVeKL1NyueJinzxEbJYrUSigMz jjiObklL5NK2rVu3XYq0LDkRnjN37pwwrcFHo6/Kk2inc+wEF+X6j53Iy5WUWhoPv2hpxHwBJv4B /iQrAn9nwEMQJg4PXU8m9VbmLteCT87Hp69c4Z6NLpceiD4teaXfxP2Z+xKPxQtEj+8Gj+d7QQgU +EdLCD6Ee6PXGANn4BaSctL/M/xClIsexe9zs+DcYagrDFDN4rNOqpApaU6Xx+d00R4fSt6Kds7M nVmAFQf24xMvcVc3gO27/Z72nSYjxkbTTnPrshWQrD75dGSi/PEdf/mvx3eQoozzwCO0lZ2dVZU4 NV1FeM6GLm0X8Ey6tFRaUlL5tAf9HikdRZJd/1Q35WFcyF3iDp4963T8Tp7y2aQplYYB1N8racPI 8HrzYtDXOpAhU/YF9Gf5QmTF9Wd8vSKxJDoYiJYlVkxwceYTZ0FRUYHTWQQNX0ER7lxmaTD+ZFnb 2Io6/dJPdu3EPzrMfcNde/EIxn2/wNXOditzE8+v3LRlfkXF/C2bKuczl7g7qvRU3Gp9M3/ieLx1 24df7n4Gv30eL8fBD94fqxBy+03QskzM7dBdM8fvX5VduW/grhFd7AUZZkEMxiqsXKywQn7Oiq+w 6vgKS4SQXlgT6ex4oqJi1szO49+43XjPXu79p5/a/dRT27f09FRVzsrbvu+jDtfu3Xj06s0bZSe5 X5VMmQxZwjhHmZmuLHR2vPl112o8aZIaa+uysh95xFA9PWuqMt/t+tsbq1aNS0H87EXzsZzIQNxL mYQ34yfxTrw5+jtODaKclRpgXIDqAtJ+IUKmEsgdUkf0DW4Hkx0tkF358L5U+oZQ8WRfAdzI+IrH 6+ZRMn1E/5lUveivmdmQ2btJ3ZOgHshV4+hkl4/m89amQ5WglCxRJ0KhShAMTrpz2o0kp8RpEFyO ecdT9hjGj5V5lpfNnl3G9eyo0u7ahRV4zK5d2prt+416vHcfd4O79uw+g/75lsKCpc2FBQWFzUsL CplDpDvylT32WJnP/1jZ+hmNlg1v2WzYaju3wdI445HWZbtvBILBwI3dy1ofwTOb8+HV3FSQi/Pz SbyfBklawfvH0DwT19ITs0uGpZxsEhkSxPf0NLesHpJvdCQDfSp08zSzML8dmnHajwItjCZw1TDJ tSGFaEWS8KHSk2gpnQDpYhbMUE4up6a17eB7gSWPzBifJG2LJjJf3y/p0y38bMpk/VTg3U1mFIg4 lkRcqdg1lApzino6bwA6FkESwcOEu7ikwWw+3dam0OrrWv5t5y58+BBOwJlHet/s4950t1nxBntx UVGx3VEELyVOUaWk47bWtwonTITZ5g9fPrMH/+ptGM93/eYDrBjN/AeJwgp4kYiM8ypal+n8hIlP vcJMxV7OFL3J7ZVd6UdSdG+mFPXT5xAw7cgmgE4GPXsqKCIdxocOrobrgv7pnkR+v5fkaE4rGy3t BosVC1N+Bu9XRaRWqiFTD0ubaok4LqYJ4+JJMqdd2rpt29ZLkeamhTBFQRvVt9zabmttaV76U7Pp TqB87pzHwgF+fjwHIxM+2nv/3tHe3Lz2k/0K7u5TT2PFWCVOL50wqU5/QiI3mfe9YKjHZtO+fWaT EFcJs2mHystD2uFMqoR/xxbciP/MPcud+gt3imripmQqaKKq/6ok634fPQ1+eR5Op9KoFGMLcIhD LsQnTJQ7dsydgze+2Mu9yb1x+EVAtPEXxvp64y8k6/s3cv948AWYI+bGZb7hMS72tXwW5Dtb7mWS C2EChgpMtEwjQ3x6IwZtctwwLGpdybwhzLlBGiGr42dhXsvcAUkXP+byQRKdOTgLHz9GVPvNV6Iv gMcTfkFzyVR/0FbjX3MevOaTP+E18HuK29r/DbeVKWcyuVexPnoj+kvczh0ms8HAgHw2nR2nkDwe SzSYjglpQk4i2VzJlD/x2bq1a3vuRP8bP4ctL53schN3d686dYo7wy2Xnu1fGQl/dD0cwjgzvzDk 2LL15Mubt9nD+YWY6MgKEZgXe8I1lg8uxVheTxhMlSUdHAolrxSr1/YUq9XFPWtg2NrUe4S7yv2e VLQjL+IZOOtIL3MHp4eDwTC0FB+HwkB0ArfrnQsYX3gHh3DowjvvXADd+HEfc5u5Ic6nfiYcfZK5 QW020MdV09l1FJ9ZFCl8WqEjKj/LejwXfzbXOT0LCwP3qzc7uz7Debnb5QgGbwnRHZ2rklAayiFz CR8wmZmKZHGqgr6AjCt03uKHcTqMjFuSl4txbt6SK7dCc8rKHgvfuoWda6HPwHue4X4b3chU4JJd O4uKJHtxzgyD/pEZ3K+iIVxYYGsrzOe6mQnTrO1P/n75Ciy70rrskm9hHfGDn3J3JVL5OCINVgIb paR4KIVqI5Fyv3tetwAv0B3AORvmazDWzOPufvXR9atXb9746vNbH//x+q3bBMtx7i7zNY8luUTw BaXoBsfXa+bP16zHOfsX6nQLDnB3v7h96/ofP771+Vc3bl69ev2jr4idz0telrjoU7kE4lGZ9C1x fX7hc6iMV5iZ5EOfpXJTpIi7SmyDU5Vqktq4q+fOAYbRA+WSr8FTNGgRuRc/vQutRYLAES006rTB J6WxGX46n9RJRaIVlxwWBmxJxGasf1SfNb1vwujf1Buhh47os7O6V3/Q2LzUEVy6ZPb8GdmvTkt+ F4BKV+qnKnE4+I6lpYU7WKXMxHPLX58Pc4G2Wvb67eyU5PETc6sMD0lbGprWRoz1+Y+UztY9Y7KM GfXw5zmp6eTRTk71glEjFrc0be4w6IuLHi1duHvRIjxqbHTblKzsgqr8Qk1aznR1pZqMtURz+Az/ PJPoDZ8RNEbunQHrTgFvpc+CSGlNVZ5hvNyneEJ0rzzl5r3emwRqJ7UehcJKkmbUSubr6F6IjU8B +O5NWdtN0O8nYCYDZIwhT5Y+IUMa+UjbuB7uJP+EtRyhxL1xeZmWGvgqxysxA2U3BB8G+7heror7 T+4vXBX0VOel5eQDKdp/fw/g8HLX6BNcvpOUZCZfxq7/uWLHm7n3uJ04wmdc+crYU2FxEiBN1Uz8 99ECyQTu4egrtLG6wSij5f1fMProq3w3Lmf4TC3wRv9J+hk55+eOgRBeWI3Gz+AaXI2fZe5F5Zjj GOYec5Wbim8iPLCLc9InyKMoZVIuMvknIkB8/wHuomHOqrlw/14f9+cnnoCKVFWxmXjuQAVzR7BT Ec5kRl+P/uc12ZVvvKDbbdwLCX5ZL2Q5B9yN6+qJC+O4+ksf6qqL6Lg8XRj2M/hUK3o67VDShTPZ YkiLD4TJm3IsmacubmmCwRAXl7Q0F6nxwYcrqpp+stzj8fy4qari4ctra6oxnvxw2bKnnj4ZXr6i ed8ic0mx07Z5495169Y1r+jZu2//G8dOrN9QWYWrKtevO3XytRs//7s1C7Oz8LHj3O+zmUlrq2tq q9d011RX13AtNdk5uGftP/963Vo8I6d6c3RhssN22NbcuKC7suJhtsx28NBr+zZttrcDI3m5i462 F6pxxfx1a08eO/fayRM9JMk1LO5tD4Z7uC/3PUf/pgIf3drVZcvGzPlv8sej4S+w0pTEvbQXlMc2 4UyCl4OaNRLmj4GixL2xv86Ir4XSi8jJvAPVMYKS5LCW3YDPHvSpJAldZu6hPtlZdFryPpokuYtO y9ajJtkbaCns9UrPoSbmHDotz0F95FfmRU3S82g5nD0quwbnulBfgh3VwvUOeQFKInikp+CsEzXJ 9yBnYiN6GXCdhvtLZSb6e1iyBmXD73rZBDh/Hu2l58j5s3C9B/VQ+FI0AdbL6V4pmkr4SfgK9cnX 8zQpfzloqvw4PdMuMSE/c26gTw44JafQGfgcl85E56UgPHxGMyHIKPz+TkkR+iTxfVQOsnvlRYBz Jspm7g3sYu5QjcOgAt1TKlQxGzqEXkPn0WWI6xxcj7fjt/E3TCFTw2xhnmEuSzIkiyWbJQclv5CO lOZIl0hD0n+QRmU1ss2yo7Jzsn45K18p3yR/X/4neX9CWsKahNcTPkzMTpyf2JB4KvHXiV+MSBxR PcIx4uCID0bcSpIkLUjyJj2VdDTppyNnjpw9Uj9y2cjwyOdGvjTy/MiPRw48NOqhk9SqC5GTxFrc X+DiX2l4dGy/LAaDUTJcYeHvdVJkENYSND62L41byyDHmYS1HOp5q7BOgHnhZ8I6EY1ODAjrkWj8 iO3CetSIZBQGzFgKHTwKj3hRWGM0PSlZWDMoMekxYS1B+bF9adxahsYnVQprOVIlLRHWCahtJBbW iWjyxPXCeiTKn/wTYT1q3PSk7ZX+QHfQ3eEKszNsOWxhfn4R297Nkr9mhoMOq1fF6ny2XFbj8bAm AhViTY6QI9jpsOfGYNhGR9DKmq2+EFvh99hNDo/DGnKwBbkF+TEYAkIgZhGIH0RzVNKDiI5KGkbW HWKtbDhotTu81uAK1u/8Np5RSfWOoNcdCrn9PgLvcgQdQK8jaPWFHXYV6ww6HOSgzWUNdjhUbNjP Wn3dbMARDMEBf3vY6va5fR1AxwaME8iwy8E6/T5gzGqz+b0BACcAYRdg97htDh+IPyOjmkBk5AAy O2sNhfw2txXosXa/LeJ1+MLWMOHH6fY4QuwMgpEeYM1+Z7jLGnRk5FBOgo5A0G+P2BwUjd0Nornb I2EH5WHIARXr9tk8ETvhpMsddvkjYWDG6xYIEfggr01AGwkBPBFHxXodVOpApN3jDrlUcTRUhGae P8iGHGAKgHYDq4L4w0gT5gBtgCg6LKiOEupy+b3fPkDM4IwEfUDQQQ/a/WzIr2JDkfblDluY7PA6 9nj8XUQgm99ndxM5QmXEoBa4aW33dzqoDLwvURZijuDzh8EQIX6X2CUw6AP8PTbksoJY7Q5Bb8CI 28dah0jq94FnBFmvP+h4oOBsuDvgcFqBUK7I1tD7Xms3oeD1291ON3E2qycM7gcLQGu126n0vPqA eMAaBM4iHmuQkrI7Qu4OH2Wkw9MdcIXIIeKlVhsgCZETIkeh4ZR4r7PzSrN6HoxAOCPyMYgN2PN5 uln3EFcHcYIO8j8mKCxZhIgqiW3EEHGA3zl45rv8QXuIzYhFYwahLd5gM0jwZghKA+vohahpd0A8 EbwRsAMRodPvjrHmWBWGuGGtgQAEmbXd4yA3eOkB9zDDuKxh1mUNAUaHb6hWgNygj9vZiM8usJwx NLdk8DJ+v2VDkM8guqnpiKGsrIdkEYgZETBgta2wdoBoEI8+fyyH/HDXGkIKEhcw6fA4ebZqtWy1 0WBhzcZqy2KNScvqzGy9ydioq9JWsRkaM1xnqNjFOkutscHCAoRJY7A0s8ZqVmNoZhfqDFUqVttU b9KazazRxOrq6vU6LezpDJX6hiqdoYatgHMGo4XV6+p0FkBqMdKjAiqd1kyQ1WlNlbVwqanQ6XWW ZhVbrbMYCM5qQKph6zUmi66yQa8xsfUNpnqjWQs4qgCtQWeoNgEVbZ0WhABElcb6ZpOuptaigkMW 2FSxFpOmSlunMS1UEQ6NILKJpSC5wCXgYLWN5LC5VqPXsxU6i9li0mrqCCzRTo3BWEd01GCo0lh0 RgNboQVRNBV6Lc8biFKp1+jqVGyVpk5TozUPEiFggjiD6iAHarQGrUmjV7Hmem2ljixAjzqTttJC IUH3oAk9ZbfSaDBrFzXABsCJJMAgtVpKAgTQwL9KyhkV3wDiEjwWo8kSY2WxzqxVsRqTzkxYqDYZ gV1iTzhBZGwAfRLjGQR+iY3I3re9A6DIaUHAKq1GDwjNhI1vwVL/0q6yOQJh4t9CkPNJkiZUPouq qOfyyQDcuMYH4cvv0SX4NMQXrUB8lhsMMVKcVUISJmkEPByqEp+E7Z0OyIQhklIgRvwkqXS5QzTe oRx6/UL9C1k9QAxOxaAgZ1o9cCwUY3NoUImFMRB0w5GuoDsMKYW1RmA36F4tlOSgULKGS0CoDOc/ 6AgFoGK5Ox2e7lyADZK6Rjlx+5z+oFcQnarPFi4Tc2mY7aDI7SC4P9iR6wqHA2V5eV1dXbntIoVc SIWoEvlRAHWjIHKjDuSCppFFM6DlzoHfQmg081ERrNoBgkUVABNGIfgEYZS0Ii9Swa4O+QA+F1Ya 5IE3C02riCtErxzw64AznfBtB8hv42FRI4WwwsoM3z56sgJ488AJgsFDIQkeFhUAjgLg7Nt4RCwi jlkxHP/v5ByFkn6wpAT2+6V105NkFaY7drjjhd8gWgF7fhgzfgg/5FNPcXopxhB8++G+iN9F7zkE +TooJR/gI1wSXE561xGjaIMThIcO2FNR3vyUSx89H6DYQgIFP2ANwz03XJFPhyCPTdC4iDNMuSC0 /JQ2L7eNwnkBkscuYiDQPO8e+LXBSZ9g/RkoA1XHcGRQC5KzdvobonzZ4IxVkI+FD9mJABUHPUXu iPpxwspD7UYwizwOUiD+SPgPoy6qEQelOKgTshOAbz9QiVA+B7mxUwnC1Ofa4W6Y3hVpfDcFFbUb sa4HTtljOumifuAC6Ag9RzTjpXvxEon4g0N8k+c2QnWoirMOWXupPUVbBwCqneIOwWnVd8ihismZ B5iCcBWiUeqJ4XYLWh1q/e+XWtQcz20g5tHhYV43KFEX1Yf3B1EQo8EJMgSpt4bomUGKdvpNaKjo L9HEcoCwUXw8TLwfE3n91C68hWyUtp1y7BY4LYtFqEU4aQWsfpojBu0Qn5cGtfDtjOAD+LAQEaEh sGK8DGotPg/En2Op3FbBWu2CZgb9jdeIm56zfo9NCWY+ZwSpF/kFLf9QixOYbsqvk2YCgjv3W9r6 vvNEL90xGbw0Ct00psXMRvgPC9mP3+G5JXq1x9k+3vt4yQOUCq+zCGCx0nOiVHbKLbGZL04jHQBH JHIJe8G4XGqlXsT7sEhjuI5Cf1Wm+FxnH+JpVmqnH87BUDrD9fEg3lSCzT30nPt7snpQyEAOypd3 CF5xJxTzSjFuhlcRh5DvHEM030WlstPzGQ+ojRkxuYefIPBi5c0Y5ml87OiH1Zp2Gvv+OH4jQjyI VuiEu+4HaM2BVlFd+4SIDsCbr2RWml0dsRPxtuf5/v6IcdFsz9LfkMCjg3rTd/sKL92D8ji5G6FQ Q7X8IM2ycdqLt+P/TcyGhP6MFaQRo06MKNJJeGK9SFA4MRRjgHr2CvjuEKzG10cf1e/wPuT/R9b6 bqnahVgJC/XROURbtUhLaRmRAa4ILSNcWdBi6DBN9J4O9ljo7UxwpxGuqmC3itpHQ++Q+xk0MhfD mmA0ogaKi8dhgm+Cuxl2CG6WXpOrhQBvAFzkrBY1URpawGamkCaKuw529fCrFeDIiUrYaYBrsq5B pDvl6RnglIXGEDlHeOE5tcD+INWhXOkoRZGzOrgyAf5a4a4GcOsoPsK/imqKrA0xPqsFTjVURwQz wVkJHOnpFdltgN96gDNTfWqozDy3BipDNdznZdFSDnhL8BxVwm890CYQNcCXhXJBKFkESBWVkMhT Rc8TqgvpLs+ZUbAyWQ9iyRV0yfNB9N8Yo2ym8uvhzVL5LbBjobbRAH4Rr+g7NRRDXcyPGqh8GqoH I6VQQe8RLRJ96mOQpjirVFJ9EbsRzqsoJQ3ViPmBkojYhlrnQd4hUqih8mmppvQU2gx61AK8LrbD +6OOylop6JbHyfs97xP6OO1WUhmJZRcBVa3gUxqqu6FS8BFC+B+UgreARviujNPZoPUNgnUrY7Y2 Ui/7tlYW01jUUigNtbU5poVqGr91AucNcR4m2rFB8E9jjLOh+hXjSIT7IbmDxyXSHmrBKupPeoFD c0wbfx3vYP7SQo2z0fknHMvfQyt5fCc52KHG96KquJwb3xnw2biGwnqHwQ3u8nmar1+DM1B8L/eg KiZOznyPP9gJi90In8P5WSm+E7bTnp3vCUOxLoWvI/5Yp9JF7w7Wd3469FKI+PkvROnykkWEE8Nx 8X2mlXYOhFroAdr8vko1fGIM0NrPU+mi67DQpRD5IgIs2V89bEoODpuy/poNRFn+mv6D1N4BYcZy Uw2T/jJXwBtE4rw2qBOiASe95x1m9UHvI9jK0PC+lOigI45zu2BxP+0vcun8FQZuymCqzQMNkXcu +MNwGXKFrvB/ASEbXm5lbmRzdHJlYW0KZW5kb2JqCjExNTggMCBvYmoKODQxNQplbmRvYmoKMTE1 NiAwIG9iago8PCAvVHlwZSAvRm9udAovU3VidHlwZSAvQ0lERm9udFR5cGUyCi9CYXNlRm9udCAv Qml0c3RyZWFtVmVyYVNhbnMtQm9sZAovQ0lEU3lzdGVtSW5mbyA8PCAvUmVnaXN0cnkgKEFkb2Jl KSAvT3JkZXJpbmcgKElkZW50aXR5KSAvU3VwcGxlbWVudCAwID4+Ci9Gb250RGVzY3JpcHRvciAx MTU0IDAgUgovQ0lEVG9HSURNYXAgL0lkZW50aXR5Ci9XIFswIFs1OTUgMzQ1IDY3NyA4NDMgNzI4 IDY5MCAzNzcgMzY5IDcwNiA0NzQgNDg5IDY4MiA3MTAgNzA2IDU4OCAzNDAgNzY0IDM0MCA2NzMg NTkwIDY5MCA3MjcgNjc4IDkxNiA2OTAgNzY4IDcwNiA1NzcgNjY5IDgxNCAxMDM0IDcxMCA2OTAg NjYwIDY5MCA0MzIgNjkwIDYzMiA3MTQgNzY4IDY5MCA4MzAgNjkwIDcxMCA2NDcgNjkwIDgzMCA2 NDcgNzEwIDk4NyA4MDYgNjc4IDcxMCA2NDAgODIzIDY5MCA0MTIgMzQwIDc1NiA0NTMgNDUzIDUx NyA0OTYgNDk2IDMwNCA0NTMgNDUzIDM5NyAxMDk0IDM3NyA3NjkgNzY1IDM2OSAzNjIgOTkyIF0K XQo+PgplbmRvYmoKMTE1NyAwIG9iago8PCAvTGVuZ3RoIDg4MiA+PgpzdHJlYW0KL0NJREluaXQg L1Byb2NTZXQgZmluZHJlc291cmNlIGJlZ2luCjEyIGRpY3QgYmVnaW4KYmVnaW5jbWFwCi9DSURT eXN0ZW1JbmZvIDw8IC9SZWdpc3RyeSAoQWRvYmUpIC9PcmRlcmluZyAoVUNTKSAvU3VwcGxlbWVu dCAwID4+IGRlZgovQ01hcE5hbWUgL0Fkb2JlLUlkZW50aXR5LVVDUyBkZWYKL0NNYXBUeXBlIDIg ZGVmCjEgYmVnaW5jb2Rlc3BhY2VyYW5nZQo8MDAwMD4gPEZGRkY+CmVuZGNvZGVzcGFjZXJhbmdl CjIgYmVnaW5iZnJhbmdlCjwwMDAwPiA8MDAwMD4gPDAwMDA+CjwwMDAxPiA8MDA0QT4gWzwwMDIw PiA8MDA1ND4gPDAwNEY+IDwwMDQzPiA8MDAzMT4gPDAwMkU+IDwwMDQ5PiA8MDA2RT4gPDAwNzQ+ IDwwMDcyPiA8MDA2Rj4gPDAwNjQ+IDwwMDc1PiA8MDA2Mz4gPDAwNjk+IDwwMDUyPiA8MDA2Qz4g PDAwNjU+IDwwMDczPiA8MDAzMj4gPDAwNTA+IDwwMDQ2PiA8MDA3Nz4gPDAwMzM+IDwwMDQxPiA8 MDA2OD4gPDAwN0E+IDwwMDYxPiA8MDA0Nz4gPDAwNkQ+IDwwMDcwPiA8MDAzND4gPDAwNkI+IDww MDM1PiA8MDA2Nj4gPDAwMzY+IDwwMDRDPiA8MDA1Mz4gPDAwNTY+IDwwMDM3PiA8MDA0OD4gPDAw Mzg+IDwwMDYyPiA8MDA3OT4gPDAwMzk+IDwwMDRFPiA8MDA3Nj4gPDAwNjc+IDwwMDREPiA8MDA1 NT4gPDAwNDU+IDwwMDcxPiA8MDA3OD4gPDAwNDQ+IDwwMDMwPiA8MDAyRD4gPDAwNkE+IDwwMDQy PiA8MDAyOD4gPDAwMjk+IDwwMDIyPiA8MDA1Rj4gPDAwQTc+IDwwMDI3PiA8MDA1Qj4gPDAwNUQ+ IDwwMDNBPiA8MDA1Nz4gPDAwMkM+IDwwMDRCPiA8MDA1OD4gPDAwNEE+IDwwMDJGPiA8MDA0MD4g XQplbmRiZnJhbmdlCmVuZGNtYXAKQ01hcE5hbWUgY3VycmVudGRpY3QgL0NNYXAgZGVmaW5lcmVz b3VyY2UgcG9wCmVuZAplbmQKZW5kc3RyZWFtCmVuZG9iago2IDAgb2JqCjw8IC9UeXBlIC9Gb250 Ci9TdWJ0eXBlIC9UeXBlMAovQmFzZUZvbnQgL0JpdHN0cmVhbVZlcmFTYW5zLUJvbGQKL0VuY29k aW5nIC9JZGVudGl0eS1ICi9EZXNjZW5kYW50Rm9udHMgWzExNTYgMCBSXQovVG9Vbmljb2RlIDEx NTcgMCBSPj4KZW5kb2JqCjExNTkgMCBvYmoKPDwgL1R5cGUgL0ZvbnREZXNjcmlwdG9yCi9Gb250 TmFtZSAvUVBTQkFBK0xpYmVyYXRpb25TYW5zCi9GbGFncyA0IAovRm9udEJCb3ggWy0yMDMuMTI1 MDAwIC0zMDMuMjIyNjU2IDEwNTAuMjkyOTYgOTEwLjE1NjI1MCBdCi9JdGFsaWNBbmdsZSAwIAov QXNjZW50IDkwNS4yNzM0MzcgCi9EZXNjZW50IC0yMTEuOTE0MDYyIAovQ2FwSGVpZ2h0IDkwNS4y NzM0MzcgCi9TdGVtViA3My4yNDIxODc1IAovRm9udEZpbGUyIDExNjAgMCBSCj4+IGVuZG9iagox MTYwIDAgb2JqCjw8Ci9MZW5ndGgxIDkzNjggCi9MZW5ndGggMTE2MyAwIFIKL0ZpbHRlciAvRmxh dGVEZWNvZGUKPj4Kc3RyZWFtCnicpVkJeCPFla5qtSRfkqyjJdnW0brvs9WS5fs+x/f4mssj27Ll mfGBLTPMQOZmGIYBQkhCYOcjhCQsGVizSSaQBAgkLJkcEBJYNsmy+ZJvA7vfBkI2CeRgbLGv25LH YybsJqv62l1d/arqvVd/vfpfG2GEUB46hgQI9QwEwn8sPX0aWs7BtXf6wKEp1L/yPNTfQqjkS6lk YnLq3nY9QqUPQFs0BQ2yAtFReP4JPFtTs+kbno8ofg3Pq/D87IH5icR5xSeKESp7Cp7HZxM3LCAG 7UdIR8MzPZeYTfb97C0SnutAiUEkIJ/AH0VClCe8T8gghMvW74IfoSlCkSckCkUkwf3IBxDxWC+6 4TLK/kL1A42oDpkuE8JXMn2YEdfgL+1F6NM//zFCZIXwODcbIqA0IURMCmEmJEaIkZvkNpPc1ETQ GSv+VCYlHHzvkSbyRZDb+/6bwh8LP4mMqBb0EIn54hA57Fxh7bEoX8IaNVfE9vV2i3ldjlKtt8fU 63LCH2N/cMeOEyc/99iJk8MjHi8O+EdHTh2/8PDJE6PDAf9z2Giqrd89dvjonrHaegNtMtbXju25 8dTePbXVBh1x6fO33LJ3b4TFuDw6njh98wOfO31qbDcTwgyzZ+zU6QePpqY7211Op6u9czp19Fhq f2eX24ux19PVuX8f2AL+FfaDD8SoFCGTwCSwYAbjrM6OrG1igYm88zNrRx78NlH7UyK6tiKXFBcU ivMwIc4rkEhksouEDJ/PTAqPv3eUJJwup8WkUQtFao3ZAg+ZEMLo5vffFLxJVqAYeEyedQETzrpK zshFGpFGBcUCDmRh6pglO7cl51c5rigqKCvxumtr2bDdqlLii5jAsOAX4IKaoNRIO90RtmVnXb3b rVSRFWv9vZGo0SSRaijoVd1PLK3+g8VqN1k0WjGpUet1Bh0VtDlKdBIZ1lABf1tbkvgR6Gp8/zeE W+hFJQjZuJU1s3ILy8QYiqEsnO4Mt3SE2+X2xn7ykVPsDd/5TmlJbUmpVp9XKMrD7xIvn/zd706u DXYbaSwkRWAwugNw+rbwBRSEh+jV+NDILfIt7qagiZGroMI94GqDxexxh0O1000NDluxBH8Fi/O1 JR5vS32YtdiVqovgCPCA4HjMYSstKSrAOn2IaWkdWAsQK01sxGJWFGOs1rjdVVWdayeEL2SOmEwm nV6hEnO65SMkPg0IqID1twg2K8JhQbmuZE7paEyZa+JKeKNR+J+vv1NYJM0vKpIWFhZJCv7weiZx aa1YLiuUFErlojwxV0TvPvEuVxVBKZbhPLGkSCYp/vMlwVEbGwnE4pXRIBOxrR4XHl89XlddE6pk mprKaKNBry/TCGZX79aUwZoZ6bKmZouJZWoqWQGEFwINvf8mqSe7EYVYMIjYtBeLbVlNxZHsLsy5 WHQ1BEk9vukjby+OjFbXGk34jSO7dlbG9bqnlSqbPRprbI6VO5xKCmvUDls0UtNcHnM6KIowZF6/ 7RzGFlNr8/6ZO4kAxmZLS2tq320fGegLhwCgSioU7h84fKR/IBRWqlSKcGigHzx+BpQ+A/r6uCgT YXnEswynD+wAitkMEIrTOhs5NPI7OLTzoCcVGkqvcznjapWySKHVGmo83jJ9kRQLasxWs9mk12m1 vKsMyuqAz6AD1AiExOdJEgM4gkxjc9/aC6DJWYiAAsBlIaw9FvOw47a/IJj52ClA1WuvZNrxD/Db s5mjwhdWE4QkE1i7h/P4reDnaujHR0oly1AC6HnrxYsXhfSjj773C7Li8rfX7RS8DXbCnjfJt4ZB mGzDdBVvuvpq06FQckEcF0hKSt3emhzW+Q3P4V1QQhtdzmikdUd9ncetUhIrPWzEbJRJAOne6tq+ tdsFA2a71WLSavKEak2ZQWdU+h02XQn4Qq3xBVo7JtYCYMtgZkjwG7ITtaMZLppnt2JsEzhYdiMY mddfxzYHeSaSfWAAVhQXyLi9q4xcbbBmC+II6+62NiYC4ekripqqZHU4ZDWDEZTOAGGlvC3V1uEP UBqMNapwsHvbwuLQQIAPc2D4I+sBb/46n7bU4QqzbHOIMZpkcozlMtoYDjWxLONylpZkhrFKaTWH Q1WlnU6XvNhhq6oaWnHZHDpDscJibm5KTd1yIjXd0eaw4Qib0NIGfZlKSeZTGr3BarevPv/LxbTg 0kJ/T4TRwo9he/oWlnt6Q2EVBXaEerthjafhLHwAzsJmwEHOD7nosPXo0+SOvlzYYE2sSb7l/Jz2 eXaMnDyxcmI80d4GTnm81Gpn2MbmkWN79lbXGGhsMtXXjY8d629tice8Hn1mJzEYqK3v7t09tu/L p04P7/D4iEu5QxAW2uOtqt0WZbxug0FevOUYlEq0lL5Un3kgUxr0eE0mpSp3jAIuTmWGIap0oTga 3XTKcwCwqDT8cXUVhrNGb2CYCX945IldiTxKlT+wrWshPTzsF/JLzIF8Ba+vNgkwdzsjobqFrm0B v0r5VJFEZwiF26sjrMOl1mCVwm6Nsq2d4ZBBJykizDdNpzo7wTavJ0kUyzUlOqMuMyoUOaxWg05N 5QsUipIynaGEsVu16qICp6u1I5k6NtndHWX1OlwsDwa3D51Od3OLrMF6XXmstwd88TCwhCScEQpk u+ILC7CjrSSHa8rymiSORHfuvunIXWu/xS9/9uyZyYny2LPY6W7vmE4dzvwWV8yP7WludjiIl754 8y07dvkCwuNO1/ah4ye/fMf0ZEMdbbj8Rau1tQVYCkZPwqxH0GscD2Ug2jz53GuvQSunFQ1acdEL 2BoXvUxwkYk10TPPEO89Q9y+tiQ8vvYosf29jXNiCeJROxqDnrCSsRxiY+wWqIodm5aR4g99zi4q BwGu5FbUsREmxLk1Bnl8/+f6BrDL2VA3uH3491gi0+k9vgrW5TbSCpXwqXx9Gct0b5v/fmqaoipl MpnUQltsjNWu1hQVCUR6s8UfiFdaBhtqvW6Ker6xosrnLykL+lVDg/fsa2l0OmQygqxsDPgNOplE nKdUmSxheV004rRrqN1j/5jx9zpdAJ6FPFKIpUX6MoiUrMsDG19+hjaEg5UV7ChJiPNLSr2+9tFA kIuD778l+A3EdA/qXOc9XLBTFtvWQxzLxbwIexVTy8ZCvIXOsVsQL2DD/dsP/WBsHOM7Dg/0h/ng leVujxJZmK/9q1RCG4PB5pZy1m5RKZUqqz0SbWkIhoy0TL6S8vnO3opLCBb7/Il8DaVVA5bxZy8r OVwbKE1evgpOwbKSMrxwXU8vw2q0GjXLDPQfWurtDgc1FAQChukb4PjOVzPv4eOAJcg8bJQqu2QW Tm8Li4+TwoJCSbHyRm+pduS1h1mP12Y3mY11jQ31WcSRmXXEAdYoU/Z6mPStfkwQXv2B4B7h8fOZ qvsy1HmQfhqmuwmkOdSC455+huPH4Onh998itYBDN8+GN3tPs+mckW8Np9Rmp4ph4xfbrfF473Jr c+n9cgMdZrZ1HfjtTUfstsb60eHkmV07y2NaNf66rK3tFl8o7Pbo9CT+41BLG8OW6QP+dp/PF7DY 1do778Bl9+yfaWgw6DD2+LZ1z+w7pD17obcbMGuz19QnwJKd+IdED7HAWaJkTdRO/A7+4QMPcN6E fI+oEn4PWTheb+F4MhvZFACpzbQW+DOeufipTxUWGHURps9oNZfK1RqFS1smKSZFrwieWG0XPHHy cEUk5LBqKIFAdKtAgDEuKFJSBoMjcRKtr4CIAJ+W85yCnynrD8tG1mJ3ZNkDRASc816OWmBGLhxa j6xSmVQql2Y+fjpzp4ijpMBQ5cX8qwuX8UFRYUF+fp5YIMgTF+UXFuThhXcFj4J1PiYYCXkDYftq neBZmUqpVUOJVJTHAgxrX90O3DWgMtImM+y1YoPBRNNGleBHsO6Yiz+C78G6V19ZdT4L3Fj17BG4 EZY2pwniTUwQK7nNEo107a2vkz2ebzAwbHtH4tjIaKy8pBQrFCajz8My8fLKna0tLEMbpV+TxuMz XQxrpCVSwry7uycWh+QEs5EDRU3Vtf6ATo+97q6O1NQNs9v766q9bj6NAN7lq6hqlO5gI1Bn2K5u bgXiYMXjwJcGt5yKH2BNV5bjSmIc3kILcqxocxE8jnXGWHnfQGqso6u8wuZQfFrd3nYsHg5azJQS q7VOV0VlS30dMEIwYn/q+1/an9I/mK/Vmi0ur+9wRSWQJsphi0XrPT6v12236nWwrJ6uiiqnCxiV TGIyRpku47DTlSemlCZjKEQbKZVcqipWUxYzw3R9vHsbrq29TeXW6xTF+WKbvcOr0yspiawYMpxi pVprMnu8HEOAfayHiOmCEwXyDtM6N8hFlEiML1zIVHG8kGcG3KYQ2K+Oj5oPMoLM0o19A+FcbFyB QAmUgAxt7z/8wvjep7FEaqQDwebWaLnFrgDOkuUADcEgbZTLCPPa93yeyVKdXlNSLCfzNLB7rFYH +evMqKFMryqlpv2+s2cz/77Q28MCseNCY6R/4IZ0T28wDP7RqCPhgT60nh3gGp7l8/Hr7EXhC+9F wG7+NIZc/gr758/k554T7H/ppdVPvPQS9D2aGSHuh77mTbyQ2WLwxhHCHqUon7e1eXxlrLHF4+Vp L+X1tDSOrYw3t3p9kGupzh47urw8N7tv3+z88sEjx86eO3Js+eDs3MzM3Oz16WNHzsGcoI3gz6CX mstk8ZU89UrqSiRfzRx89m1RYR5sbrFYyN1ha//hGbJirU5joM0WA01RtNFkog0a4lswZhHY4Vm3 A28+LDYfdI4N8kd4wBBfS+velT3NjT6PhqI0Hl9j856Vva0tPs6MYlA7ff262geXQe2zx44cXJ7n zJpbXj567CzKsq0UxDgNnBCQl3HMJke0Ng4sLMidslcoF3ku87FM+zPEPTfs3llXy9FZt6eufif+ 6J/UGhck/9sylfjF/qoqh02lINrXnhAeL9MzbEfnnqa6+mjU4She+4zgrbqA32SQy9b+RCltlnCI w8Fu4E1/Ao6fvOIDB53d7dc6+K/a9bnTYGtSsHEqqD4YAcg/mS1tbbNzn8z8+e67nV+TGHRMsKN9 arC1JcLodUY6Hu/pHauqqIqWB0Jmq1Llcra1jSeWTuzZVV/nsGmfkpWUcbS/f7yhyeEuVkCojLa2 9NU11AHtYew2oAM3j3Z2Rsv1NN618zFbuddvNCkUMonREPQ3NnndkAYpNEVyKZdju7kUc7KtJeCn KKxUO11VNT2msMtZViaVYFysMBicbn+t01VWpoAhZEAVdXq3O14BfvMDW7jIf1vjz0ZIdijih9/I 6MjT5BuXy8g3zp/PnmjkXSCVz0lxfAIkKTwtUKy+/Yzgv8g31t65f+15oBWcrAYQ/itAOJ+vw4nH Jetcvm7K/Czz2rfw8cxdl7AUF303cxc+jZ/KNBFeQprZiT+/9s7ay1x/GmI3hyz9Ov+9agVZTkF5 dn3xdx+ZnTc/WaBRm4xOh2u6ugoY+4s6fSS2rVs1OvJNY70/YDBKpG0ttwmaz69akn198UoDzc0h zAwLVkFHD+i4OW1mc0iJXXtr7rI7XMFwZVW3RWcwKrVaeU9TY0SeGXj29Xy5VC4rKiIERQXFkmJp 4T9/Y7y7NxrXGQicd4sAE5UVJzwku3ahDCiNz2rNLzAbXU6X00js4/QBx5EysLmAyx1MciFr46jb eTyd+RbueggP30tW/fLCG5e198LO6wWkW/7il93NxOZDvuxufFOyYJujoWl0x1RqZEddg81utzU0 7BjdP7ljpKHBbnsc8j6HMxZv64pX2l1KFaV0OeLlHS0V5S7g8MQ3v3/23PYhmx1ju3Vo+7mzL7x6 7raBfovJZOkfuO3cq39/3VxTvb5Mp69vmrvuoQfn5xubdQaDrrlxfp7LysHmIrCjjrP5Cpe4Qs23 pjmxrfElV0zUNNPR3tfX211f63IoFJCXBCti/qANmKP4q/kmujI+0Lc/NdAfjxkN3IeaWHl1TXVN tNzt1RA/P7q8Y6Sjraa6trq5cbgy4KUhsshkBqPHXyHvbGpkIGcFZhEMt7btaa2rj1eyUYYNMQyk G/F7ubXrhvUoATtGN0WezVyDdzdHoXJ2Af/MfVyIZPnSRiaXC9I506hctCkx0lU1IzuWTo3sqKjU 6fO/Ltao7LZotOMMEAGzhWEra8JT4+HyKPclDTc0nTjY3lH0lQKXs6aqt2d0eWgwGi0tgdzZao2V dw/W1rqcaiW+ebyzi2Pa2GSMRVoaO+Tl/gANUQY3NZ7qDvp1JQX55wshCwz4OxYa63B1zZx0d3NT wAeZo84YijQ2b6uJRj1eAy0jC3RGjy8W5//z8BapAH+Uo5FNefhmj2x8W9nycjN4c58ktobgDeAq sNna0LBn7Pr+unqGsVrVj+qqKna11VR63VotQVntvkA0Gkts647GdAbaWFU5Ojz/q8OH/kmhsnBJ W32EtUBUVhRbzWykOcQybqeuhPjZU7ffuXvMH5AXW8zxWG/ZLpcXW8zNzanp2wM2u7ZUIrWYa6pH h/cfGB2pqTaZVlYe625uZhguLeE+6VXVdLRW13h8JaVyGDgW4f61g9ev8oduPjImq3qX+2fVB3+Z IfFpIfe1U7TRBH3ENZlu1Jj3IkLvM+LT/Eibf0HiLdQkiqOEcAiR5BK6mYgjI9zvgDsS347yoT5E XEBnSITO4kvoVng+w7VBn2m4nxJeQg+D7JPcHZ6Hefk4+iqMx7U/zbVB/51Q14sugAwCGYTiXF8Y 7yzXF94fhTYx3Iu4caDvbvKXyA8XJ6+Bi+b+gQN9zsPVCxc3dzdce8EGFTqMVjCJffhGKP9GRIhD xCeIh4nLgvtIMXk7+SL5E/K/hUeFvxfJRU5RRHS76D7Ry+Kg+O48bd6ZvI/nPZT3i/yC/Kb8cwXO gsqCvoLrCj5b8GYhLkwWfreor+inWf8HEfd/pNxqbP3p8NBG+x70jWwdIxmuztYJJMa7s3UBKsV/ l62TIPMv2boQFRG58UVISniydTE6LAhm63lIJXg1W89HUjIvWy9EOrIvWy8C372QrUvQUeHlbF2K PKJXYHZMwimMnuI14eoYGbA+WyeQFHdl6wIUwclsnQSZx7N1IdLi/8jWRUhHSLJ1MXqHqMjW85BT 8Ei2no90gl9l64WonNRk60VoFzmXrUtQhrycrUsBXzeiRjSPFtAhtIhmINKnUBrR6AtwhWEtgigG tX7gapNwb0MJeOuFWjuaQxPASGhUjw5AoTf1XuKfknBPwv16vi8nuQ16NaBmGK0ebYd6D+qG1hle PgFXGqQTIJtEs3BfRPuhbR5Nfej8qHF+4dDizHQqTX+BDgeDMbo/OUm3JdJeun1uwk/XHzhA86+X 6MXkUnLx+uSkn97W3tDcX7+9vaebnlmiE3R6MTGZnE0s7qfnp67uj0DpGTTOG8JNPQMKzcH0A/A0 B4qjbTPjycVEemZ+jh5IzEEDp+o0WgaXcCag/uT08oEEVOpBegLezfEGLsIYPt4lHzp6/dJEcm4y uUj76A9M9NcqNsTLLm1IhsB73OqioeTiEicW8gdj1x72GoN+mA7/vxVdx840P0qaH3tdcoYfexAk BnipXr4n59A0P9scL7X9GjP2wIxT0J9z/xXJCX7sNDyvjzwP9VR2afbBAi7yGkzy/XK2LXGI2+TZ /wU9ALnpmaV0chEaZ+boQf+An+5NpJNzaToxN0lv3+jYMzU1M5HkGyeSi+kECM+nU7Du+5YXZ5Ym Zya42Zb810IRt3kXYfvOX7UIV5DTOL+4ML+uLgLPcR67nvdDFy+e5vcp32Ugnbw+SXcl0unkEiec 4l8voAoUgHKQL37odLUGE9n5/XxtFiRRKp1eqAgEDh486E9k1ZgALfwT87OBv33YNESoBR4LSR7F 0yC7jmg/P+YsbLkPnTp9aCE5mVyamZ4DwPtT6VmQH+SDVA6UHADWwXttYE/xdw5uS3yPNKie4AGa A/0SAGcc4JPkQcONOJ8dl5M5kAXhXHbWBBjB9ebAmgPy8qa1PcjrMwF/aTB+Ht5xfSb4MRb4pZvc NPpfqzPAaXApyYE2nQIgb4L11DwgdGl+Kn0wsZjkQL60PL4vOZGm0/Mgm6QPAFjnoGtiejGZnOXg vMxj7WBqZiJFH5pfphMTE8mFNMCeE/9LI/v/djAcuIat/0cYHNjQJosBhP4HAXdOi2VuZHN0cmVh bQplbmRvYmoKMTE2MyAwIG9iago2MTI5CmVuZG9iagoxMTYxIDAgb2JqCjw8IC9UeXBlIC9Gb250 Ci9TdWJ0eXBlIC9DSURGb250VHlwZTIKL0Jhc2VGb250IC9MaWJlcmF0aW9uU2FucwovQ0lEU3lz dGVtSW5mbyA8PCAvUmVnaXN0cnkgKEFkb2JlKSAvT3JkZXJpbmcgKElkZW50aXR5KSAvU3VwcGxl bWVudCAwID4+Ci9Gb250RGVzY3JpcHRvciAxMTU5IDAgUgovQ0lEVG9HSURNYXAgL0lkZW50aXR5 Ci9XIFswIFszNjIgNzcyIDY2MiA1NTIgMjc2IDU1MiAyNzYgOTM2IDU1MiAzMzAgNDk2IDIyMCA1 NTIgNTUyIDc3MiA1NTIgNzE2IDI3NiA3MTYgNTUyIDU1MiAyNzYgNjYyIDI3NiA1NTIgMzMwIDI3 NiA4MjYgNDk2IDQ5NiA1NTIgMjIwIDI3NiAzMzAgNDk2IDMzMCA3MTYgNjYyIDYwNiA2MDYgNDk2 IDQ5NiA0OTYgNTUyIDU1MiA1NTIgNTUyIDU1MiBdCl0KPj4KZW5kb2JqCjExNjIgMCBvYmoKPDwg L0xlbmd0aCA2OTMgPj4Kc3RyZWFtCi9DSURJbml0IC9Qcm9jU2V0IGZpbmRyZXNvdXJjZSBiZWdp bgoxMiBkaWN0IGJlZ2luCmJlZ2luY21hcAovQ0lEU3lzdGVtSW5mbyA8PCAvUmVnaXN0cnkgKEFk b2JlKSAvT3JkZXJpbmcgKFVDUykgL1N1cHBsZW1lbnQgMCA+PiBkZWYKL0NNYXBOYW1lIC9BZG9i ZS1JZGVudGl0eS1VQ1MgZGVmCi9DTWFwVHlwZSAyIGRlZgoxIGJlZ2luY29kZXNwYWNlcmFuZ2UK PDAwMDA+IDxGRkZGPgplbmRjb2Rlc3BhY2VyYW5nZQoyIGJlZ2luYmZyYW5nZQo8MDAwMD4gPDAw MDA+IDwwMDAwPgo8MDAwMT4gPDAwMkY+IFs8MDA0Rj4gPDAwNDE+IDwwMDc1PiA8MDA3ND4gPDAw Njg+IDwwMDIwPiA8MDA1Nz4gPDAwNkY+IDwwMDcyPiA8MDA2Qj4gPDAwNjk+IDwwMDZFPiA8MDA2 Nz4gPDAwNDc+IDwwMDcwPiA8MDA0ND4gPDAwMkU+IDwwMDQ4PiA8MDA2MT4gPDAwNjQ+IDwwMDJD PiA8MDA0NT4gPDAwNDk+IDwwMDY1PiA8MDAyRD4gPDAwNjY+IDwwMDREPiA8MDA2Mz4gPDAwNzM+ IDwwMDYyPiA8MDA2Qz4gPDAwM0E+IDwwMDI4PiA8MDA3Nj4gPDAwMjk+IDwwMDUyPiA8MDA1Mz4g PDAwNTQ+IDwwMDQ2PiA8MDA3OD4gPDAwNEE+IDwwMDc5PiA8MDAzMT4gPDAwMzA+IDwwMDMyPiA8 MDAzMz4gPDAwMzk+IF0KZW5kYmZyYW5nZQplbmRjbWFwCkNNYXBOYW1lIGN1cnJlbnRkaWN0IC9D TWFwIGRlZmluZXJlc291cmNlIHBvcAplbmQKZW5kCmVuZHN0cmVhbQplbmRvYmoKNyAwIG9iago8 PCAvVHlwZSAvRm9udAovU3VidHlwZSAvVHlwZTAKL0Jhc2VGb250IC9MaWJlcmF0aW9uU2Fucwov RW5jb2RpbmcgL0lkZW50aXR5LUgKL0Rlc2NlbmRhbnRGb250cyBbMTE2MSAwIFJdCi9Ub1VuaWNv ZGUgMTE2MiAwIFI+PgplbmRvYmoKMTE2NCAwIG9iago8PCAvVHlwZSAvRm9udERlc2NyaXB0b3IK L0ZvbnROYW1lIC9RVVNCQUErQml0c3RyZWFtVmVyYVNhbnMtUm9tYW4KL0ZsYWdzIDQgCi9Gb250 QkJveCBbLTE4My4xMDU0NjggLTIzNS44Mzk4NDMgMTI4Ny4xMDkzNyA5MjguMjIyNjU2IF0KL0l0 YWxpY0FuZ2xlIDAgCi9Bc2NlbnQgOTI4LjIyMjY1NiAKL0Rlc2NlbnQgLTIzNS44Mzk4NDMgCi9D YXBIZWlnaHQgOTI4LjIyMjY1NiAKL1N0ZW1WIDY5LjgyNDIxODcgCi9Gb250RmlsZTIgMTE2NSAw IFIKPj4gZW5kb2JqCjExNjUgMCBvYmoKPDwKL0xlbmd0aDEgMTUxNTIgCi9MZW5ndGggMTE2OCAw IFIKL0ZpbHRlciAvRmxhdGVEZWNvZGUKPj4Kc3RyZWFtCnictXoJXFNXvvA5NwuIdUFAWts+b0Cg KoKCSNWqRAgQDAGTsKpAyALRbCZBRFTcEbGl1q1WitRax8dYp9Nt1GqnHdu6tvOq9c1Qx84oz7F9 42t9neVnkVy+/zn33hDQ6fT3+74v8d6ce87//PftXEQYIRSK1iEJQgX65JS3K/9mgpntcBXX2Bus L4480Azj/0LoMa7WYjRbC9SJCI2DZzSjFiZGrgzNRejxJ+B5Qq3Dt3L97smj4DkDIZxrd5mMI1Lk HyD0xFZYP+wwrnSjUmRF6Mmp8Mw6jQ5L96lz78BzIVx/RFg6Ej+PZEgqy5FeQoibz/8yetTGWEMZ ZrhcIgmVMox0HUK/GI3YPCR85tt8XpSB2PuMPJKLxC+FOHAPTGNhmUFWbo/UKjsEUoYgFBGuCI9T hCusUtTnlTzed4vbEzLy3vce+USE+3sRkn4ju0rgJIooRXhsuEIu/c7/7UX/t7KrXb1XZZMJ3pMA ZZZHomh4AJD4hPhYeYg8Coap4TPSZ6SPjR4rNR/Hc+au3lNUfOLE/PLSFR+aTMwh/2Kmo6OwAFdU vepvlkf6O8yp0zBesZLw6O6/KW2SNqJxKBawRikAR3oK4IoCzAlsQnzEaHhIiR4bQqjFhMhDpE19 bw6vtf7KZjFVm2tsS7m/7u/Au3f13dy04VeMTr91/6KKEUxF+a+rLXjcY2nHJo2Nxu3tOAyPebUT 73jho73l5SWlLxPK3v6bsm7ZXTQKjQfKQC6CiR6bCrQjmIT4BDZ6bAQTIo8DFsKBBUnC9XUbMd64 7vof1jdh3LT+D3jm6fcwfu80d5b76L3Tp9+TafCrh7hb3K1XDx16FT+OHz/06muXv+AOcAcuf4Ev X8bV2PjFZUJ3NEKyWtA1g8KALlbgVBwrUUhimVPct0wc13iLmXl5q79y61XZSP9jkmO9k3ETtx60 /3p/j7RUWkW0HwEKj+SZTYdhbBpwHxuTEH/s+Nw5a3aVFuHjx7NKyup+Y7Lgk8xhv/FAQWFlxWtM 4/3Oo9ZpKStXArZ0YOV7WQeKIrYkJif4UqMIljRAmBqO63Ejtzl+gu/06asLFzY3yzq437T5O1sS El4qLLjMVLXhucQn9oBP5IEWJyAUB2jSiB+Qr2guMpEKRo2KhAf44hbmwz6N59wnqcaEOIx1RZsr bcvqG5bZyr7eti0mdtG4zVu6urpWXDg7256fl7dCs0ChyLw0ddxj2Fv34WKd3v3ktu1A9RqQPoY4 Er/pwPS1K1c4juh2C3hTW8CmMbxN08emzwgfDTYFNwofDW4lB7di0mcwre3aQowLte3thVptYXvv lk2btvTe37QF4y2bZIX79nOfcpde3I/x/hfxdJy6f1/nJ+e4Zq75k3MYn/sEN+CGc58AzVVAcwp4 8AiUzNOMiuRppqel86YhBNPiQQ+KNCFmeLUAP8z7fyoqVma49i1ZBEabV1HZ/LrZitetvY8ZrDPs rVq0WG+uqlj015UrmdTU1MbqmbMxdtrfnqjxr++yTk3BuLrq4OmqqjFrc1R4bHRSV0JkxNq1RBPL gas64CqgiSjRYeJ5TRDvJowR72a8u4uKi4t27ywuwrioeOfdlq0Yb225+31zS0uz5I9e3/nzXp/P e/5snffl9nbuDvc/7R0Yd7TjCBzZ3s5nBkkeUCPeRPCLaSFKsH60JI+NjZ/8ss5w4sSsJYu3RESP fVLy9phhIRibre/735RWHbOmQE6QSgnvHwKWBsgzfN5KpYhiPzwOH2nV/U555DdAsRQoXoNoGAYQ iihMXA8rlkuW+jXM231rmLf9FmnVkb5rO49I4sTMBfw9JHNF/eTMBUyKiQsTWzP3gEcicRTx9Kgo PnFC7KRNB6mZe2+Y4xJwMvf5iTfeKCk5LY/c99TEGlNbX7Lk8zbte8VFQkYNeRL4mgQPAh/RgGP6 AH/TH6JN6URVVeXGX1RW4BMzZ9Y9r9OfmDlrxXPwc2JuWcmqhpIiScvq2bMwbmi8SQToLNDyAjAd B7UaHBCGaHzOXOCiGCF5GujyEaLtCPoPUpIktvj4n291//nWce5a9/9+3y2t6tsjWUqu+52SPX1L xYrQDloIo3aCTIZjQb8nTzBxf/EfY5bd9Z89IY/ss+Ee/9/8R5lY/3Ww7knwzEOwZxTJGVjIE6J3 YiEuSJzGgncmRIHckluQJ3bs1BkMup07inT+tlllpY2X1jU1rbvUWFo268QJJvlCnddbd+Ei8VJG Z0qZevAgd4+7d/AgTkm2HAFiwOuAV1GfAn+SR/5wh6y4+m9KzoIVUoktifsShuRgimghcSVAVkxI G8uzSGI4Af7Fp8fzpUnSqjUYyrdlqnDK1N3zPtLrGtf8rtxYbbeaqqvX52Tjaak/z/i5Jh/j5e7P rOVl0nnHnoqMwJMmGZSx8ezISRrt1vZFi/GY0RPen/HY41Mm6/ImJsSPmrBAvfHlkiI8apQYzeXA eyTVmZjyCVskfInCsKDAtOm8QiUHjx+fXVK2+mLTunVNF1eXlfjPUe0ZDFSTkneZih/uHLEkp2BQ UigOPXhwago3lirwIlUm6MWM/8g0MRupxsC5zczj/lvMxkPEhlyx9BBojPITF/DNIMM9YFgvRH6w 2ZinBxn1iP+YPKxrsOXwnSCzAj9zuCLoFapQOFRQIj6EGklo6cTvUpmdBeq81TvtmkmTUhXc7DO4 AlecqT03Zy5+acKELQaptm+XxE6s7e7vkdwG3hWCtWmkES7HCm0HqYHhUB9ILyK5DZWh4C0TfN4q gCqRr9Mv4Xbtxi/uxiFFCwulaUcnRUdht+fTz9weHB2Z2DVhzJgDB/BIHN7xMh4dQeidB25nQ70f Tv1OQYwH99jzF5ivLlzwx1yQXfW3M+beycxZ/0xia4CXPgvwYXy2omwRNuMIP9GEP0gyeCf3bD7E sib/We5pfK53A2lKNvRyF2TJ/t/iPHXz5jz1YeDr2lfu5f4jRHeAlehOTrjApOeYw6uIW9wLkW2Q HL3fSbjt6B+Dz0BlldHKKomNuHvl0Hodd5T7AGdQTwTLl9O6Mh3AxewkGDkajK8YFCti+RPdNDot VXJQZ9i1e6Fev3D3LoPueNM67n51UfHCwkKt/p3y8lmlZas/Wwufz1aXlc46zsw563Jg7HCdPedw Oh3/zd3Ytn3UiPFvJUZFVVb8epFpWgqtQ1Is6Xh5Wkp1F0hwAyQtp/pD6YpwWVpcKulvOJzH7cOW Cziv71CX1Jt7PLf3ahevbZkBoKNRDMhDNBwRKyHqjiVmkkL8k6YlXKycsZJnM+bNmftp96/zVDn1 f7iAz2G0di3OyPRv43Zo1BirNTuYU9E5uWu5Wty0O2Wav0V2FS9d9vtnlyxhCvzfZmVu3JA1n/cK aSzQ5euXgrZgsecl5X43U+h/A5yii8vt8qcDJOlTE6CnEf01geXbmjixTY6V8vol/iFLsHp9G7j+ 5haMW5ox3uDzWpfV1W/iXj8DH6zfvHKFrPpqxdQk3N7BdXO/h945OanqSu6ECfjz3+IaXAP3mDjq BzelZuAvTuBPLOSQDRVy0cJjgxq965LH/J2Tp0ye0vvCDrxnD/ddZZWppryqatlRq5lU+aO6goUG ItYLo0JDoLn47++h0QofzV5MiX4UL17Uvn/xojERcZBrtkGf20p7uKkog+/MA70L+FscybzT+VpJ m0rhl0QtzcgS+UAmJM7JtEKF1Ouef16vwzo999rGnDy8rumrr9Y15eat26FfuGnLP+5thJ5Pr3sh D+flbtyQp1bnbdiYm8d8DOHVvFWTr9U0N+drSsaXl65/01aDcY3tzfWl5eNjq83PfUlS05fPmatj 8by6DKUyo847PwPjjPkkVsxg40O00x9BO31JKmlkiF+lSeQcg7k07urV8/4KWVxfj+TTvtQjXCeu OkN2rgPtN4MOWNABSk8TDkURwb0kHFDCyQEFxMZBeZ+o6oZGq11wdplt1OzSMvufNmwET+jBEujp Dh/hbuXna/HcrYUFBYVbW7QQdOOPT4iIxM2bcURxUjI4zZY7t7a30kaXHFxGjWL2LllysLNyyZLK zoNLlvCei3eCVEIdPX8BnLV3Ms1c/f2yN2jk0VNFKsufpRRxCnKagtwQp8A7/4bTnn8O4+ee5y5y 8/EB/MtLF/ClS1whZ5Ql36/f3oqTceL21sNvv8ut59a+8y4GOoBXeofiHYsm0vOKKPDAMEGRoEjh /VP0iASghrMOkt7+IHcKT96Zl5ubt5O7eoGR3l6zGmcoGyH/bG3p9X/NnPdfz5q/vTVrPmPl5j6d 7nHPTMeHq6p+2bJQF6Ew1+yF5INJdjwCFiVnNznfdcZixRHJB/6bVzDnT5VdLe5dDwdlPrZbhYwv xjZc5yVv+MeRLM/c65tLIiG7y99DMtYb3PdMo3wMqWuit0fHgpuTPjKdaWzOUM7P2NK5V70gT/2i fMyfb9y4fftmz62/9Ny88VXPTdrBHAIMLh5DRKpQJkJihXPYoc49C0hmWrCnczPvnPIxd272fHXj Zs9fbvXcvH37xg2xTqWKGYn0GHCLPY9HM3s+4u76l34ku3p/vPRG72TpjfvjibXvwqYz0li+Syen MOLcd69cIWcxaSxH3kP0z2fe5D2FFBwmtMt/r0t29QcHrM0GHTVAPRpOIgMUSf5BXZKauWW4q5s7 yZ3sxm9xnm48EU+UVvn/6P8QH+dymTxmLLcctxH6xyTfSByAXUZxxKZFpEpk9I7Xk5KFXyJ3yTev 43nch6/T+4O7aIWLo3eMBnbJrtJ6d1Soerh/D2elPj+C+jxpcfjeI+38BWvtzfx5m59OhyDYyf1v w6quBQt+A/K1QwR7IYKn81WF5Ok4MW+mi12kgGT6kLMysZ5k3vP6hXjvi9zXldUWm95icp62mPCi Ja8de3dXYcFC/V5DRaXHazGX3YLQxdm5kjjWWP389YZVGEeGx59JeXQcXrCgbRMY/vAzs5Z7586B 5Pr2+PDRJHmtMRQjpv8aV0z74RG814RH8lKNpe8UyHlrof7t7Gm2+DhMz13bf1dZ1Q4d7j75U+T8 9bGkC7sE20JGwy4wrP8qM1nwJOlSqmPa8YDnX2B+11cJGoKSC+vNoJuDoBux3xbzFu23SQTHDeoh pgv9Nj1WQYxLc32WmorDpeXPzPrZqpv2pXjHTu7rZSsamlbVr/AcrazIzHqpscds2d7691qnQ3bo 4/THH89Q1pmnpY5/LHGZ850vXcvxo48m/0d2TGxWZpNj3hz20SlVVT//xOOJiBzc4ZBee0hbjYe0 3dDPQDOWHNxaM95Bfffs48eZ5KC+2v+LwU23qeuHf4BOsuAkeBh09ojYn5GIgajIuoRn4Zk95PYp 18JxH3O/4SASx0i/JVfvZNnoXhKI6Jf9PbKJsD+KtyX/BiItnDqrgrxHe/NiScmZD0tLLj7/Aneb +6+2F7Dsal/dXdsyjJfZ7kpa+xZz13bt3r0Lxwk9B6nBcaS7V6QpwonYYptBxKZmg0YkfHT0WAVQ kp7h3mXG1D37bCf3ykeffPIRrtyxeYN7+Zq1rdz/bN22bSuOWFqkv4p3HPY36SclYvzZJezAjs8u TZiQ/buKaVP37eM+5y7v24cjx/D+Ix8v6EIBdZP4VyxNRlPwGtyEp3zMNV3kmiAj9YVK7oEOxvch KeolWay/D3zvNuwNRUhClQibpd24A+/v9t+9CD76EmPt+x5y8Flia/Bi5hvqxSG8Hyt4X2YmCO5M XZpBXu6e8K4w/sF3hRE4NiFYP8KrwwdeGc7DYX+7HjN6zGj+hSF+hn+FWGN7yKvD3v/grn/HYAbj Ly5jI3l1SN8l3j9+ArihPTrNvCRX85mXdupXSPKC3OvvDmSuO9yT0kjuKI3TKEWaNPL+77mjbW0Q m8v7e0ImUplYNA3NQNmDey0adkG9FW06KIB84BwcG0e8lHiEeEwmQSr7vGRaSsq0kqKUadNSil6u gN6h/ZXFS3DlkgP37xVDyw5rJSnT4GBcJGnu7CvvlBzua3i5smJJZUfnoiXQKO/A6rxNG9UL4Ay8 QaNehx3O907ZnU77qfdcDsYIlWzDZnVennrz+gULmn74q3wErJ+GCu10nDrpdBC7tkGG2SP0kIPe yRGpAjlHIpxZKe9B3s0cop1RC+2S8LB8jVZzzrZs5KzyUvuNjRu2ttzg+ra2HPkZfgIWJLOhPXpl SSUG6V6BBolpOB4bGdHczH1Xkpy0teUvf27dLrwtBBvCYR4H3v9CD6Hg45zJ839yBXfjLy/7z0Js R0u/6RXzqGwpf5Ihb1dIKGB6cOzAUv/jknHcP/yp5PjYwtT7c/t6mN/6p8GubskR2TUev1BYJaeY 8ee5XC73PANh5b+CW7k6ZgrRUzeukl2THBTetCmi6LdbxvRy5JIcPHJX7E9KoVLwMMTbFG/gI3fv cjDZ9kNfG+H1LO1AIvk4UpCsmMa4uNLvvpNH3vuqTS5tI29nuf0hy2UHwSpmPrOKFgnOrLTpETLr DMENxbemgvdFi38kiBb2JIhnAsGg9L0NJD4QIid7TWNOdq66YVV2LqOYo9HWvL7Ubrf/vEarnd22 w6Abz2bYdu39xWr38qqOkjI8+2mnbVtLx/o1q2vL1+zcvffkq681rcvMwlAp1nX9++krv3qnMW9i woED3NfMY20L9XBqWNjWatDBuUKdPyEer1l97uza1TguXrPRz0Ytd/1yaWVF4YYcFR6vyLC+9rMP DrRut9XOeBonTl7oqk5Jw/Mz1q4+/Or77xx+bU1TVmZJSWe117eKu7f3RWI8cmYfeHOA+bdr8G99 N/bium6OBftxi7myL5koIVml9t1jGv2bJU8i4e9AcMXprmsqRz3zd/IHr6Ef6GueDDkMVsPEW4QP 7AlxcIAibEV/dX91yOHAX5TEj076KbJKe/p7ZWPQSekdtJxphYytQV5ZAxoNc8cksShdFo32wPw1 +G2W3kaN0ltouSQPnWRmog+lqaiU7GU+R8khF9FJeSsqlh5EJ2WRwvpk5ILxcqYHmcmc9BSaI7Wi 5XIpOi+9Ahc8A+4OAgP4b8jaYO4ldF62B3iIhvlo1AqXGa71zGJ0Xj4R1tbAFY2OyEai85Lx6A24 Dsn60HnmTXQXLgQ4Z0vj0DFyMYv79wBsOzOz/xqTij6W1sHeSNRM6IV8g7Jk19Cb8lTkld8Guj39 fZJj6GMiP+DpkKL+OyEvUb7aqD7mAf23UTe5BLpnwRLNskZiX6jXTyEdaoPvRXQbj8QpUBcb8FuY Y9KYxYyT2cwcYz6XREqmSRZImiW7JLekrHSKtFbaKj0jvSaTy8bJJskaZS/IPpP1yP9Nvkj+gfx6 yOSQp0PMIf8ecirki5C/h0aHJodmhGpDXaHbQl8LfX/YqGFJw54Zphm2f9h/DvtH2JNhi8NWhe0I ey3sznBm+Kjha4ZfHP6n4fcfCX9kwiMzHsl95E+P9Au+pEMW0tEF/YUx+DMWjwzMzwrAYBQBT1j4 e6QMVQpjSdC8NGgsg5pvFsZyFI3yhXEI5PHXhXEoGhlqF8bD0aPDNgrjEcMikBswYylUReQbtl8Y YxQfNkoYMygsrEwYS4LmpUFjGXo0zCSM5SgpLE0Yh6CqsL8L41D0xDivMB6Opj7xijAeMSY+rDHT 5W7w2GpqfexTpolsytSpqWx1A0v+WuvzWIyORFbtNCWxSrud1REoL6uzeC2eFRZzUgCGLbZ4jKze 6PQGpsgMmZiiczmMTp3FbjF6Ley0pGlTfxK9EWEPIzgibAhJm5c1sj6P0WxxGD3LWJf1QTwjwgot HofN67W5nAS+1uKxAL0aj9Hps5gTWavHYiEbTbVGT40lkfW5WKOzgXVbPF7Y4Kr2GW1Om7MG6JiA cQLpq7WwVpcTGDOaTC6HG8AJgK8WsNttJosTBH0qJptAxEwEZGbW6PW6TDYj0GPNLlOdw+L0GX2E H6vNbvGyTxGMdAOrd1l99UaPJWYi5cRjcXtc5jqThaIx20A0W3Wdz0J5GLQhkbU5TfY6M+Gk3uar ddX5gBmHTSBE4D28NgFtnRfgiTiJrMNCpXbXVdtt3trEIBqJhGayy8N6LWAKgLYBq4L4Q0gT5gCt myjaJ6iOEqqvdTke3EDMYK3zOIGghW40u1ivK5H11lUvtZh8ZIbXsd3uqicCmVxOs43I4Z1FDGqA RWO1a4WFysD7EmUh4AhOlw8M4eVniV3cAz7Ar7HeWiOIVW0R9AaM2JyscZCkLid4hod1uDyWhwrO +hrcFqsRCCWJbA1edxgbCAWHy2yz2oizGe0+cD8YAFqj2Uyl59UHxN1GD3BWZzd6KCmzxWurcVJG auwN7lov2US81GgCJF6yQ+TIO5QS73VmXmlG+8MRCHtEPgawAXtOewNrG+TqII7HQv43CIUlAy9R JbGNGCIW8DsLz3y9y2P2sjGBaIwhtMUFNoYEb4ygNLCORoiaagvEE8FbB3YgIqxw2QKsWVb6IG5Y o9sNQWastlvIAi894B5imFqjj601egGjxTlYK0BuwMfNbJ3TLLAcMzi3xPAy/rhlvS47iW5qOmIo I2snWQRiRgR0G03LjDUgGsSj0xXIIT/dtQaRgsQFTFrsVp6tXBWbXaA1sPqCbEOJUqdi1Xq2UFdQ rM5SZbExSj08xySyJWpDbkGRgQUInVJrKGMLslmltoxdoNZmJbKq0kKdSq9nC3SsOr9Qo1bBnFqb qSnKUmtz2PmwT1tgYDXqfLUBkBoK6FYBlVqlJ8jyVbrMXHhUzldr1IayRDZbbdASnNmAVMkWKnUG dWaRRqljC4t0hQV6FeDIArRatTZbB1RU+SoQAhBlFhSW6dQ5uYZE2GSAyUTWoFNmqfKVugWJhMMC EFnHUpAk4BJwsKpislmfq9Ro2Plqg96gUynzCSzRTo62IJ/oqEibpTSoC7TsfBWIopyvUfG8gSiZ GqU6P5HNUuYrc1T6ASIETBBnQB1kQ45Kq9IpNYmsvlCVqSYD0KNap8o0UEjQPWhCQ9nNLNDqVQuL YALgRBJgkFwVJQECKOFfJuWMiq8FcQkeQ4HOEGClRK1XJbJKnVpPWMjWFQC7xJ6wg8hYBPokxtMK /BIbkbkHvQOgyG5BwCyVUgMI9YSNB2Cpf6lWmixuH/FvIcj5JEkTKp9FE6nn8skA3DjHCeHLz9Eh +DTEF61AfJYbCDFSnBOFJEzSCHg4VCU+CZtXWCATeklKgRhxkaRSb/PSeIdy6HAJ9c9rtAMx2BWA gpxptMM2b4DNwUElFka3xwZb6j02H6QU1lgHsx7bKqEke4SSNVQCQmUo/x6L1w0Vy7bCYm9IAlgP qWuUE5vT6vI4BNGp+ky+WWIu9bE1FLkZBHd5apJqfT73rOTk+vr6pGqRQhKkQpSJXNAkNiAPsqEa VIt8iIUG3IQmwm8KNJlTUSqMqgGCRfMBxoe8cHmg9TUiB0qEWTVyAnwSjJTIDl8WGmMRl5c+WeDX AntWwN0MkA/iYVExhTDCSA93J6w+CCXCiBBTALcL5skToWKncIQWeYGTBNfU/4fyjUBhP1lCAvvj UtroTjLy0RkzrBBJPGgZzLmQ9SfxQ65CitNBMXrh7oJ1EX8tXbMI8tVQSk7AR7gkuKx01RKgaIId hIcamEukvLkol066302xeQUKLsDqgzUbPJGrRpDHJGhcxOmjXBBaLkqbl9tE4RwAyWMXMRBonnc7 /Jpgp1Ow6FMoBmUHcMRQC5K9ZvrrpXyZYI9RkI+Fi8zUARUL3UVWRP1YYWSndiOYRR4HKBA/JPz7 UD3ViIVSHNAJmXHD3QVU6iifA9yYqQQ+6nPVsOqjqyKNf04hkdqNWNcOu8wBndRTP6gF6Dq6j2jG QeeCJRLxewb5Js9tHdVhYpB1yNhB7Sna2g1Q1RS3F3Yn/hM5EgNyJgMmDzx5aeTZA7htglYHW//H pRY1x3PrDni0b4jXDUhUT/Xh+EkUxGiwggwe6q1eumeAopneCY1E+ks0sRQgTBQfDxPsx0ReF7UL byETpW2mHNsETmcFItQg7DQCVhfNEQN2CM5LA1p4MCM4Ad4nRIR3EKwYLwNaC84DwftYKrdRsFa1 oJkBf+M1YqP7jD9iU4KZzxke6kUuQcs/1eIEpoHya6WZgOBOekBbP7af6KUhIIODRqGNxrSY2Qj/ PiH78TM8t0Sv5iDbB3sfL7mbUuF1VgdYjHSfKJWZckts5gzSSA3AEYlqhTlPUC41Ui/ifVikMVRH 3n8pU3CuMw/yNCO100/nYDCdofp4GG+Jgs3tdJ/tR7K6R8hAFsqXYxBeccYb8EoxboZWEYuQ7yyD NF9PpTLT/TEPqY0xAbmH7iDwYuWNGeJpfOxohtSaahr7riB+64R4EK2wAlZtD9GaBa2kunYKEe2G L1/JjDS7WgI7gm3P8/3jEVNLsz1Lf70CjxbqTf/cV3jpHpbHyWodhRqs5Ydplg3SXrAd/29i1kuz qFi7B6JOjCjSSdgDvYhH2DEYo5t69jK41whW4+ujk+p3aB/y/yNr/XOpqoVY8Qn10TpIW7lIRWkV IC08EVoF8GRAJdBh6uiaGuZY6O10sFIMT1kwm0Xto6QrZD2GRmYJjAnGAlREcfE4dHAnuMtghuBm 6TN5WgDwWsBF9qpQKaWhAmx6CqmjuPNhVgO/KgGO7MiEmSJ4JuMcRLpTnp4WdhloDJF9hBeeUwPM D1AdzJWaUhQ5y4cnHeDPFVaVgFtN8RH+E6mmyFgb4DNb4FRJdUQwE5yZwJGGPpHZIvgtBDg91aeS ysxzq6UyZMM6L4uKcsBbgucoE34LgTaByAG+DJQLQskgQCZSCYk8WXQ/obqAzvKcFQhWJuMBLEmC Lnk+iP6LA5T1VH4NfFkqvwFmDNQ2SsAv4hV9J4diyA/4URGVT0n1UEApzKdrRItEn5oApC7IKplU X8RuhPMsSklJNaJ/qCQitsHWeZh3iBRyqHwqqikNhdaDHlUArw7M8P6oprJmCrrlcfJ+z/uEJki7 mVRGYtmFQFUl+JSS6m6wFHyEEP4HpOAtoBTumUE6G7C+VrBuZsDWBdTLHtRKCY1FFYVSUlvrA1rI pvGbL3BeFORhoh2LBP8sCHA2WL9iHIlwPyV38LhE2oMtmEX9SSNwqA9o41/jHchfKqhxJnr+8QXy 9+BKHtxJDnSowb1oYlDODe4M+GycQ2EdQ+AGZvk8zdevgTNQcC/3sComnpz5Hn+gExa7ET6H82el 4E7YTHt2vif0BroUvo64Ap1KPV0dqO/86dBBIYLPf15Kl5esTtgxFBffZxpp50CoeR+izR+rVENP jG5a+3kq9XTsE7oUIl+dAEvmVw05JXuGnLL+lQ1EWf6V/j3U3m7hjGWjGib9ZZKA14PE89qATogG rHTNMcTqA95HsM1CQ/tSooOaIM7NgsVdtL9IoucvH3AzC061yaAh8k0CfxgqQ5LQFf4fgDAV5WVu ZHN0cmVhbQplbmRvYmoKMTE2OCAwIG9iago4NTcxCmVuZG9iagoxMTY2IDAgb2JqCjw8IC9UeXBl IC9Gb250Ci9TdWJ0eXBlIC9DSURGb250VHlwZTIKL0Jhc2VGb250IC9CaXRzdHJlYW1WZXJhU2Fu cy1Sb21hbgovQ0lEU3lzdGVtSW5mbyA8PCAvUmVnaXN0cnkgKEFkb2JlKSAvT3JkZXJpbmcgKElk ZW50aXR5KSAvU3VwcGxlbWVudCAwID4+Ci9Gb250RGVzY3JpcHRvciAxMTY0IDAgUgovQ0lEVG9H SURNYXAgL0lkZW50aXR5Ci9XIFswIFs1OTUgNjA2IDYyOSA2MTAgMzE1IDc4MSA2NzkgNjI5IDM4 OSA2MzEgMzE1IDYzMSA2MDggNjA3IDQwOCAyNzYgNTIxIDYyOSAzNDkgOTY2IDgxMSA1NzQgNjMw IDI3NiA1MTcgNjMwIDM1OCA2MzAgNTg3IDU0NSA3NDYgNTk4IDU4NyAzMTUgNjMwIDYzMSA2ODkg NTcxIDY5MyA2MzEgNjMxIDYzMSA2MzEgMjkzIDc2NCA2ODEgNjMxIDYyNyAzODcgMzg3IDc0MiAz MzQgMzM0IDU4NyA1MTQgNTE0IDI5MyA2MzEgMjc2IDI3MyA1NTMgNjMwIDYzMCA5ODEgNzI2IDc2 OSA4NTYgNjA2IDQ1NiA3ODEgMzM0IDQ5NiA5NDMgNjMxIDY3OSA2NTEgODMxIDgzMSAzODcgMzg3 IDk5MiA2ODAgXQpdCj4+CmVuZG9iagoxMTY3IDAgb2JqCjw8IC9MZW5ndGggOTMxID4+CnN0cmVh bQovQ0lESW5pdCAvUHJvY1NldCBmaW5kcmVzb3VyY2UgYmVnaW4KMTIgZGljdCBiZWdpbgpiZWdp bmNtYXAKL0NJRFN5c3RlbUluZm8gPDwgL1JlZ2lzdHJ5IChBZG9iZSkgL09yZGVyaW5nIChVQ1Mp IC9TdXBwbGVtZW50IDAgPj4gZGVmCi9DTWFwTmFtZSAvQWRvYmUtSWRlbnRpdHktVUNTIGRlZgov Q01hcFR5cGUgMiBkZWYKMSBiZWdpbmNvZGVzcGFjZXJhbmdlCjwwMDAwPiA8RkZGRj4KZW5kY29k ZXNwYWNlcmFuZ2UKMiBiZWdpbmJmcmFuZ2UKPDAwMDA+IDwwMDAwPiA8MDAwMD4KPDAwMDE+IDww MDUxPiBbPDAwNTQ+IDwwMDY4PiA8MDA2NT4gPDAwMjA+IDwwMDRGPiA8MDA0MT4gPDAwNzU+IDww MDc0PiA8MDAzMj4gPDAwMkU+IDwwMDMwPiA8MDA2MT4gPDAwNkY+IDwwMDcyPiA8MDA2OT4gPDAw N0E+IDwwMDZFPiA8MDA2Nj4gPDAwNkQ+IDwwMDc3PiA8MDA2Qj4gPDAwNjI+IDwwMDZDPiA8MDA3 Mz4gPDAwNjQ+IDwwMDJEPiA8MDA3MD4gPDAwNzk+IDwwMDYzPiA8MDA0OD4gPDAwNTA+IDwwMDc2 PiA8MDAyQz4gPDAwNjc+IDwwMDMxPiA8MDA1Mj4gPDAwNDY+IDwwMDQzPiA8MDAzNT4gPDAwMzg+ IDwwMDM0PiA8MDAzOT4gPDAwNDk+IDwwMDQ0PiA8MDA0Mj4gPDAwMzc+IDwwMDQ1PiA8MDAyOD4g PDAwMjk+IDwwMDRFPiA8MDAzQT4gPDAwMkY+IDwwMDc4PiA8MjAxQz4gPDIwMUQ+IDwwMDRBPiA8 MDAzMz4gPDAwNkE+IDwwMDI3PiA8MDA0Qz4gPDAwNTM+IDwwMDcxPiA8MDA1Nz4gPDAwNTU+IDww MDQ3PiA8MDA0RD4gPDAwNTk+IDwwMDIyPiA8MDA1MT4gPDAwM0I+IDwwMDVGPiA8MDAyNT4gPDAw MzY+IDwwMDU2PiA8MDA0Qj4gPDAwNUU+IDwwMDNEPiA8MDA1Qj4gPDAwNUQ+IDwwMDQwPiA8MDA1 OD4gXQplbmRiZnJhbmdlCmVuZGNtYXAKQ01hcE5hbWUgY3VycmVudGRpY3QgL0NNYXAgZGVmaW5l cmVzb3VyY2UgcG9wCmVuZAplbmQKZW5kc3RyZWFtCmVuZG9iagoxMCAwIG9iago8PCAvVHlwZSAv Rm9udAovU3VidHlwZSAvVHlwZTAKL0Jhc2VGb250IC9CaXRzdHJlYW1WZXJhU2Fucy1Sb21hbgov RW5jb2RpbmcgL0lkZW50aXR5LUgKL0Rlc2NlbmRhbnRGb250cyBbMTE2NiAwIFJdCi9Ub1VuaWNv ZGUgMTE2NyAwIFI+PgplbmRvYmoKMiAwIG9iago8PAovVHlwZSAvUGFnZXMKL0tpZHMgClsKNSAw IFIKMzUgMCBSCjEwNyAwIFIKMTQ5IDAgUgoxNjQgMCBSCjE3OCAwIFIKMTk1IDAgUgoyMDYgMCBS CjIyOSAwIFIKMjQzIDAgUgoyNjAgMCBSCjI3NyAwIFIKMzAyIDAgUgozMTkgMCBSCjMzNiAwIFIK MzUxIDAgUgozNjQgMCBSCjM3NiAwIFIKMzg3IDAgUgo0MDMgMCBSCjQxMCAwIFIKNDI3IDAgUgo0 MzggMCBSCjQ0OCAwIFIKNDYzIDAgUgo0NzkgMCBSCjUwMCAwIFIKNTIyIDAgUgo1MzIgMCBSCjU0 NCAwIFIKNTYyIDAgUgo1ODMgMCBSCjYwNSAwIFIKNjIwIDAgUgo2MzUgMCBSCjY0OSAwIFIKNjY4 IDAgUgo2ODMgMCBSCjY5NyAwIFIKNzE2IDAgUgo3MjggMCBSCjczNyAwIFIKNzUzIDAgUgo4NDYg MCBSCjg5MCAwIFIKOTQwIDAgUgo5NzQgMCBSCjk5NSAwIFIKXQovQ291bnQgNDgKL1Byb2NTZXQg Wy9QREYgL1RleHQgL0ltYWdlQiAvSW1hZ2VDXQo+PgplbmRvYmoKeHJlZgowIDExNjkKMDAwMDAw MDAwMCA2NTUzNSBmIAowMDAwMDAwMDA5IDAwMDAwIG4gCjAwMDA0Mjg2NjEgMDAwMDAgbiAKMDAw MDAwMDIwNyAwMDAwMCBuIAowMDAwMDAwMzAyIDAwMDAwIG4gCjAwMDAwMDM3MjYgMDAwMDAgbiAK MDAwMDQxMDAzNiAwMDAwMCBuIAowMDAwNDE3ODU4IDAwMDAwIG4gCjAwMDAzODgwNDAgMDAwMDAg biAKMDAwMDM4NDgzNiAwMDAwMCBuIAowMDAwNDI4NTA3IDAwMDAwIG4gCjAwMDAwMDAzMzkgMDAw MDAgbiAKMDAwMDAwMDM5MSAwMDAwMCBuIAowMDAwMDAwNDQzIDAwMDAwIG4gCjAwMDAwMDA0OTUg MDAwMDAgbiAKMDAwMDAwMDU0NyAwMDAwMCBuIAowMDAwMDAwNTk5IDAwMDAwIG4gCjAwMDAwMDA2 NTEgMDAwMDAgbiAKMDAwMDAwMDg2OSAwMDAwMCBuIAowMDAwMDAxMDkxIDAwMDAwIG4gCjAwMDAw MDEzMTMgMDAwMDAgbiAKMDAwMDAwMTUzNSAwMDAwMCBuIAowMDAwMDAxNzU3IDAwMDAwIG4gCjAw MDAwMDE5NzkgMDAwMDAgbiAKMDAwMDAwMjIwMSAwMDAwMCBuIAowMDAwMDAyNDIzIDAwMDAwIG4g CjAwMDAwMDI2NDUgMDAwMDAgbiAKMDAwMDAwMjg2NyAwMDAwMCBuIAowMDAwMDAzMDkwIDAwMDAw IG4gCjAwMDAwMDMzMDggMDAwMDAgbiAKMDAwMDAwMzUzMSAwMDAwMCBuIAowMDAwMDA0MTczIDAw MDAwIG4gCjAwMDAwMDgwNTIgMDAwMDAgbiAKMDAwMDAwMzg0NyAwMDAwMCBuIAowMDAwMDA0MDU1 IDAwMDAwIG4gCjAwMDAwMjMyNjQgMDAwMDAgbiAKMDAwMDAwODA3MyAwMDAwMCBuIAowMDAwMDA4 Mjk2IDAwMDAwIG4gCjAwMDAwMDg1MTkgMDAwMDAgbiAKMDAwMDAwODc0MiAwMDAwMCBuIAowMDAw MDA4OTcxIDAwMDAwIG4gCjAwMDAwMDkyMDUgMDAwMDAgbiAKMDAwMDAwOTQ0MyAwMDAwMCBuIAow MDAwMDA5NjY4IDAwMDAwIG4gCjAwMDAwMDk4OTEgMDAwMDAgbiAKMDAwMDAxMDExNCAwMDAwMCBu IAowMDAwMDEwMzM3IDAwMDAwIG4gCjAwMDAwMTA1NjAgMDAwMDAgbiAKMDAwMDAxMDc5MCAwMDAw MCBuIAowMDAwMDExMDE5IDAwMDAwIG4gCjAwMDAwMTEyNDIgMDAwMDAgbiAKMDAwMDAxMTQ4MCAw MDAwMCBuIAowMDAwMDExNzAwIDAwMDAwIG4gCjAwMDAwMTE5MjMgMDAwMDAgbiAKMDAwMDAxMjE1 MCAwMDAwMCBuIAowMDAwMDEyMzgzIDAwMDAwIG4gCjAwMDAwMTI2MTcgMDAwMDAgbiAKMDAwMDAx Mjg0MyAwMDAwMCBuIAowMDAwMDEzMDY2IDAwMDAwIG4gCjAwMDAwMTMyOTcgMDAwMDAgbiAKMDAw MDAxMzUzNCAwMDAwMCBuIAowMDAwMDEzNzcyIDAwMDAwIG4gCjAwMDAwMTQwMDMgMDAwMDAgbiAK MDAwMDAxNDIyNiAwMDAwMCBuIAowMDAwMDE0NDYxIDAwMDAwIG4gCjAwMDAwMTQ2ODQgMDAwMDAg biAKMDAwMDAxNDkxMyAwMDAwMCBuIAowMDAwMDE1MTM2IDAwMDAwIG4gCjAwMDAwMTUzNjMgMDAw MDAgbiAKMDAwMDAxNTU4NiAwMDAwMCBuIAowMDAwMDE1ODEyIDAwMDAwIG4gCjAwMDAwMTYwNDAg MDAwMDAgbiAKMDAwMDAxNjI3MSAwMDAwMCBuIAowMDAwMDE2NTAwIDAwMDAwIG4gCjAwMDAwMTY3 MzAgMDAwMDAgbiAKMDAwMDAxNjk2MiAwMDAwMCBuIAowMDAwMDE3MTkwIDAwMDAwIG4gCjAwMDAw MTc0MjIgMDAwMDAgbiAKMDAwMDAxNzY0NyAwMDAwMCBuIAowMDAwMDE3ODczIDAwMDAwIG4gCjAw MDAwMTgxMDUgMDAwMDAgbiAKMDAwMDAxODMyOCAwMDAwMCBuIAowMDAwMDE4NTY0IDAwMDAwIG4g CjAwMDAwMTg3OTEgMDAwMDAgbiAKMDAwMDAxOTAxNCAwMDAwMCBuIAowMDAwMDE5MjM3IDAwMDAw IG4gCjAwMDAwMTk0NjAgMDAwMDAgbiAKMDAwMDAxOTY4MyAwMDAwMCBuIAowMDAwMDE5OTA2IDAw MDAwIG4gCjAwMDAwMjAxMjkgMDAwMDAgbiAKMDAwMDAyMDM1MiAwMDAwMCBuIAowMDAwMDIwNTc1 IDAwMDAwIG4gCjAwMDAwMjA3OTggMDAwMDAgbiAKMDAwMDAyMTAyMSAwMDAwMCBuIAowMDAwMDIx MjQ0IDAwMDAwIG4gCjAwMDAwMjE0NjcgMDAwMDAgbiAKMDAwMDAyMTY5MCAwMDAwMCBuIAowMDAw MDIxOTA5IDAwMDAwIG4gCjAwMDAwMjIxMzIgMDAwMDAgbiAKMDAwMDAyMjM1NSAwMDAwMCBuIAow MDAwMDIyNTg1IDAwMDAwIG4gCjAwMDAwMjI4MDkgMDAwMDAgbiAKMDAwMDAyMzAzMyAwMDAwMCBu IAowMDAwMDI0MDQ5IDAwMDAwIG4gCjAwMDAwMjc0MDAgMDAwMDAgbiAKMDAwMDAyMzM4OSAwMDAw MCBuIAowMDAwMDIzNTU2IDAwMDAwIG4gCjAwMDAwMzU0MTkgMDAwMDAgbiAKMDAwMDAyNzQyMiAw MDAwMCBuIAowMDAwMDI3NDc1IDAwMDAwIG4gCjAwMDAwMjc1MjggMDAwMDAgbiAKMDAwMDAyNzc1 MiAwMDAwMCBuIAowMDAwMDI3OTg5IDAwMDAwIG4gCjAwMDAwMjgyMTMgMDAwMDAgbiAKMDAwMDAy ODQzNyAwMDAwMCBuIAowMDAwMDI4Njc5IDAwMDAwIG4gCjAwMDAwMjg5MDMgMDAwMDAgbiAKMDAw MDAyOTEyMCAwMDAwMCBuIAowMDAwMDI5MzUyIDAwMDAwIG4gCjAwMDAwMjk1NzYgMDAwMDAgbiAK MDAwMDAyOTgwNyAwMDAwMCBuIAowMDAwMDMwMDM4IDAwMDAwIG4gCjAwMDAwMzAyNjkgMDAwMDAg biAKMDAwMDAzMDQ5MyAwMDAwMCBuIAowMDAwMDMwNzE3IDAwMDAwIG4gCjAwMDAwMzA5NDEgMDAw MDAgbiAKMDAwMDAzMTE2NSAwMDAwMCBuIAowMDAwMDMxMzg5IDAwMDAwIG4gCjAwMDAwMzE2MTMg MDAwMDAgbiAKMDAwMDAzMTgzNyAwMDAwMCBuIAowMDAwMDMyMDYxIDAwMDAwIG4gCjAwMDAwMzIy ODUgMDAwMDAgbiAKMDAwMDAzMjUwOSAwMDAwMCBuIAowMDAwMDMyNzMzIDAwMDAwIG4gCjAwMDAw MzI5NTcgMDAwMDAgbiAKMDAwMDAzMzE4MSAwMDAwMCBuIAowMDAwMDMzNDA1IDAwMDAwIG4gCjAw MDAwMzM2MjkgMDAwMDAgbiAKMDAwMDAzMzg1MyAwMDAwMCBuIAowMDAwMDM0MDc3IDAwMDAwIG4g CjAwMDAwMzQzMDEgMDAwMDAgbiAKMDAwMDAzNDUyNSAwMDAwMCBuIAowMDAwMDM0NzQ5IDAwMDAw IG4gCjAwMDAwMzQ5NzMgMDAwMDAgbiAKMDAwMDAzNTIwMCAwMDAwMCBuIAowMDAwMDM2MDM1IDAw MDAwIG4gCjAwMDAwNDAyNzUgMDAwMDAgbiAKMDAwMDAzNTU0NSAwMDAwMCBuIAowMDAwMDM1NzM0 IDAwMDAwIG4gCjAwMDAwNDE0NDYgMDAwMDAgbiAKMDAwMDM5OTYxOCAwMDAwMCBuIAowMDAwMDQw Mjk3IDAwMDAwIG4gCjAwMDAwNDAzNTAgMDAwMDAgbiAKMDAwMDA0MDQwMyAwMDAwMCBuIAowMDAw MDQwNDU2IDAwMDAwIG4gCjAwMDAwNDA1MDkgMDAwMDAgbiAKMDAwMDA0MDU2MiAwMDAwMCBuIAow MDAwMDQwNzg1IDAwMDAwIG4gCjAwMDAwNDEwMDggMDAwMDAgbiAKMDAwMDA0MTIyNyAwMDAwMCBu IAowMDAwMDQxODI4IDAwMDAwIG4gCjAwMDAwNDU1MDUgMDAwMDAgbiAKMDAwMDA0MTU3MiAwMDAw MCBuIAowMDAwMDQxNzc1IDAwMDAwIG4gCjAwMDAwNDY4NTIgMDAwMDAgbiAKMDAwMDA0NTUyNyAw MDAwMCBuIAowMDAwMDQ1NTgwIDAwMDAwIG4gCjAwMDAwNDU2MzMgMDAwMDAgbiAKMDAwMDA0NTY4 NiAwMDAwMCBuIAowMDAwMDQ1NzM5IDAwMDAwIG4gCjAwMDAwNDU5NjUgMDAwMDAgbiAKMDAwMDA0 NjE5MSAwMDAwMCBuIAowMDAwMDQ2NDEwIDAwMDAwIG4gCjAwMDAwNDY2MjkgMDAwMDAgbiAKMDAw MDA0NzI0MiAwMDAwMCBuIAowMDAwMDUwNjI3IDAwMDAwIG4gCjAwMDAwNDY5NzggMDAwMDAgbiAK MDAwMDA0NzE4MSAwMDAwMCBuIAowMDAwMDUxOTQ5IDAwMDAwIG4gCjAwMDAwNTA2NDkgMDAwMDAg biAKMDAwMDA1MDcwMiAwMDAwMCBuIAowMDAwMDUwNzU1IDAwMDAwIG4gCjAwMDAwNTA4MDggMDAw MDAgbiAKMDAwMDA1MDg2MSAwMDAwMCBuIAowMDAwMDUwOTE0IDAwMDAwIG4gCjAwMDAwNTA5Njcg MDAwMDAgbiAKMDAwMDA1MTAyMCAwMDAwMCBuIAowMDAwMDUxMDczIDAwMDAwIG4gCjAwMDAwNTEy OTIgMDAwMDAgbiAKMDAwMDA1MTUxMSAwMDAwMCBuIAowMDAwMDUxNzMwIDAwMDAwIG4gCjAwMDAw NTIzMTcgMDAwMDAgbiAKMDAwMDA1NjQwMSAwMDAwMCBuIAowMDAwMDUyMDc1IDAwMDAwIG4gCjAw MDAwNTIyNjQgMDAwMDAgbiAKMDAwMDA1NzI1MyAwMDAwMCBuIAowMDAwMDU2NDIzIDAwMDAwIG4g CjAwMDAwNTY0NzYgMDAwMDAgbiAKMDAwMDA1NjUyOSAwMDAwMCBuIAowMDAwMDU2NTgyIDAwMDAw IG4gCjAwMDAwNTY4MDEgMDAwMDAgbiAKMDAwMDA1NzAyNyAwMDAwMCBuIAowMDAwMDU3NjI3IDAw MDAwIG4gCjAwMDAwNjEyMTQgMDAwMDAgbiAKMDAwMDA1NzM3OSAwMDAwMCBuIAowMDAwMDU3NTgy IDAwMDAwIG4gCjAwMDAwNjM4NzcgMDAwMDAgbiAKMDAwMDA2MTIzNiAwMDAwMCBuIAowMDAwMDYx Mjg5IDAwMDAwIG4gCjAwMDAwNjEzNDIgMDAwMDAgbiAKMDAwMDA2MTM5NSAwMDAwMCBuIAowMDAw MDYxNDQ4IDAwMDAwIG4gCjAwMDAwNjE1MDEgMDAwMDAgbiAKMDAwMDA2MTU1NCAwMDAwMCBuIAow MDAwMDYxNjA3IDAwMDAwIG4gCjAwMDAwNjE2NjAgMDAwMDAgbiAKMDAwMDA2MTg5MyAwMDAwMCBu IAowMDAwMDYyMTEyIDAwMDAwIG4gCjAwMDAwNjIzMzUgMDAwMDAgbiAKMDAwMDA2MjU1OCAwMDAw MCBuIAowMDAwMDYyNzc3IDAwMDAwIG4gCjAwMDAwNjI5ODkgMDAwMDAgbiAKMDAwMDA2MzIwOCAw MDAwMCBuIAowMDAwMDYzNDMxIDAwMDAwIG4gCjAwMDAwNjM2NTQgMDAwMDAgbiAKMDAwMDA2NDI5 MyAwMDAwMCBuIAowMDAwMDY4MzQwIDAwMDAwIG4gCjAwMDAwNjQwMDMgMDAwMDAgbiAKMDAwMDA2 NDE5MiAwMDAwMCBuIAowMDAwMDY5Njk1IDAwMDAwIG4gCjAwMDAwNjgzNjIgMDAwMDAgbiAKMDAw MDA2ODQxNSAwMDAwMCBuIAowMDAwMDY4NDY4IDAwMDAwIG4gCjAwMDAwNjg1MjEgMDAwMDAgbiAK MDAwMDA2ODU3NCAwMDAwMCBuIAowMDAwMDY4Nzk3IDAwMDAwIG4gCjAwMDAwNjkwMTYgMDAwMDAg biAKMDAwMDA2OTI0NiAwMDAwMCBuIAowMDAwMDY5NDc2IDAwMDAwIG4gCjAwMDAwNzAwNzEgMDAw MDAgbiAKMDAwMDA3NDE5OSAwMDAwMCBuIAowMDAwMDY5ODIxIDAwMDAwIG4gCjAwMDAwNzAwMTAg MDAwMDAgbiAKMDAwMDA3NTY2MyAwMDAwMCBuIAowMDAwMzc3ODIwIDAwMDAwIG4gCjAwMDAwNzQy MjEgMDAwMDAgbiAKMDAwMDA3NDI3NCAwMDAwMCBuIAowMDAwMDc0MzI3IDAwMDAwIG4gCjAwMDAw NzQzODAgMDAwMDAgbiAKMDAwMDA3NDQzMyAwMDAwMCBuIAowMDAwMDc0NDg2IDAwMDAwIG4gCjAw MDAwNzQ1MzkgMDAwMDAgbiAKMDAwMDA3NDc1OCAwMDAwMCBuIAowMDAwMDc0OTc3IDAwMDAwIG4g CjAwMDAwNzUxOTYgMDAwMDAgbiAKMDAwMDA3NTQxOSAwMDAwMCBuIAowMDAwMDc2MDY3IDAwMDAw IG4gCjAwMDAwODAwNzUgMDAwMDAgbiAKMDAwMDA3NTc4OSAwMDAwMCBuIAowMDAwMDc2MDA2IDAw MDAwIG4gCjAwMDAwODE3NjMgMDAwMDAgbiAKMDAwMDA4MDA5NyAwMDAwMCBuIAowMDAwMDgwMTUx IDAwMDAwIG4gCjAwMDAwODAyMDUgMDAwMDAgbiAKMDAwMDA4MDI1OSAwMDAwMCBuIAowMDAwMDgw MzEzIDAwMDAwIG4gCjAwMDAwODAzNjcgMDAwMDAgbiAKMDAwMDA4MDQyMSAwMDAwMCBuIAowMDAw MDgwNjU2IDAwMDAwIG4gCjAwMDAwODA4ODcgMDAwMDAgbiAKMDAwMDA4MTEwNiAwMDAwMCBuIAow MDAwMDgxMzI1IDAwMDAwIG4gCjAwMDAwODE1NDQgMDAwMDAgbiAKMDAwMDA4MjE2MSAwMDAwMCBu IAowMDAwMDg1OTEwIDAwMDAwIG4gCjAwMDAwODE4ODkgMDAwMDAgbiAKMDAwMDA4MjA5MiAwMDAw MCBuIAowMDAwMDg5NDU3IDAwMDAwIG4gCjAwMDAwODU5MzIgMDAwMDAgbiAKMDAwMDA4NTk4NiAw MDAwMCBuIAowMDAwMDg2MDQwIDAwMDAwIG4gCjAwMDAwODYwOTQgMDAwMDAgbiAKMDAwMDA4NjE0 OCAwMDAwMCBuIAowMDAwMDg2MjAyIDAwMDAwIG4gCjAwMDAwODYyNTYgMDAwMDAgbiAKMDAwMDA4 NjQ3NSAwMDAwMCBuIAowMDAwMDg2NzE5IDAwMDAwIG4gCjAwMDAwODY5NDIgMDAwMDAgbiAKMDAw MDA4NzE2MSAwMDAwMCBuIAowMDAwMDg3Mzg0IDAwMDAwIG4gCjAwMDAwODc2MDMgMDAwMDAgbiAK MDAwMDA4NzgzNyAwMDAwMCBuIAowMDAwMDg4MDc1IDAwMDAwIG4gCjAwMDAwODgzMTIgMDAwMDAg biAKMDAwMDA4ODU0OCAwMDAwMCBuIAowMDAwMDg4NzY3IDAwMDAwIG4gCjAwMDAwODg5OTAgMDAw MDAgbiAKMDAwMDA4OTIzNCAwMDAwMCBuIAowMDAwMDg5OTMzIDAwMDAwIG4gCjAwMDAwOTQyNzgg MDAwMDAgbiAKMDAwMDA4OTU4MyAwMDAwMCBuIAowMDAwMDg5ODAwIDAwMDAwIG4gCjAwMDAwOTYy ODggMDAwMDAgbiAKMDAwMDA5NDMwMCAwMDAwMCBuIAowMDAwMDk0MzU0IDAwMDAwIG4gCjAwMDAw OTQ0MDggMDAwMDAgbiAKMDAwMDA5NDQ2MiAwMDAwMCBuIAowMDAwMDk0NTE2IDAwMDAwIG4gCjAw MDAwOTQ3MzUgMDAwMDAgbiAKMDAwMDA5NDk1NCAwMDAwMCBuIAowMDAwMDk1MTczIDAwMDAwIG4g CjAwMDAwOTU0MDQgMDAwMDAgbiAKMDAwMDA5NTYyMyAwMDAwMCBuIAowMDAwMDk1ODQ2IDAwMDAw IG4gCjAwMDAwOTYwNjkgMDAwMDAgbiAKMDAwMDA5NjcwMiAwMDAwMCBuIAowMDAwMTAwODI3IDAw MDAwIG4gCjAwMDAwOTY0MTQgMDAwMDAgbiAKMDAwMDA5NjYxNyAwMDAwMCBuIAowMDAwMTAyNzAx IDAwMDAwIG4gCjAwMDAxMDA4NDkgMDAwMDAgbiAKMDAwMDEwMDkwMyAwMDAwMCBuIAowMDAwMTAw OTU3IDAwMDAwIG4gCjAwMDAxMDEwMTEgMDAwMDAgbiAKMDAwMDEwMTA2NSAwMDAwMCBuIAowMDAw MTAxMTE5IDAwMDAwIG4gCjAwMDAxMDEzMzggMDAwMDAgbiAKMDAwMDEwMTU1NyAwMDAwMCBuIAow MDAwMTAxODAxIDAwMDAwIG4gCjAwMDAxMDIwMjQgMDAwMDAgbiAKMDAwMDEwMjI0MyAwMDAwMCBu IAowMDAwMTAyNDYyIDAwMDAwIG4gCjAwMDAxMDMxMjEgMDAwMDAgbiAKMDAwMDEwNzUzMSAwMDAw MCBuIAowMDAwMTAyODI3IDAwMDAwIG4gCjAwMDAxMDMwNDQgMDAwMDAgbiAKMDAwMDEwODU4MSAw MDAwMCBuIAowMDAwMTA3NTUzIDAwMDAwIG4gCjAwMDAxMDc2MDcgMDAwMDAgbiAKMDAwMDEwNzY2 MSAwMDAwMCBuIAowMDAwMTA3NzE1IDAwMDAwIG4gCjAwMDAxMDc3NjkgMDAwMDAgbiAKMDAwMDEw NzgyMyAwMDAwMCBuIAowMDAwMTA3ODc3IDAwMDAwIG4gCjAwMDAxMDc5MzEgMDAwMDAgbiAKMDAw MDEwODE0MyAwMDAwMCBuIAowMDAwMTA4MzYyIDAwMDAwIG4gCjAwMDAxMDg5NTUgMDAwMDAgbiAK MDAwMDExMjU5NiAwMDAwMCBuIAowMDAwMTA4NzA3IDAwMDAwIG4gCjAwMDAxMDg5MTAgMDAwMDAg biAKMDAwMDExNDEwMSAwMDAwMCBuIAowMDAwMTEyNjE4IDAwMDAwIG4gCjAwMDAxMTI2NzIgMDAw MDAgbiAKMDAwMDExMjcyNiAwMDAwMCBuIAowMDAwMTEyOTUyIDAwMDAwIG4gCjAwMDAxMTMxNzEg MDAwMDAgbiAKMDAwMDExMzQxNSAwMDAwMCBuIAowMDAwMTEzNjUwIDAwMDAwIG4gCjAwMDAxMTM4 ODAgMDAwMDAgbiAKMDAwMDExNDUxMyAwMDAwMCBuIAowMDAwMTE4MDY3IDAwMDAwIG4gCjAwMDAx MTQyMjcgMDAwMDAgbiAKMDAwMDExNDQ0NCAwMDAwMCBuIAowMDAwMTE4OTYzIDAwMDAwIG4gCjAw MDAxMTgwODkgMDAwMDAgbiAKMDAwMDExODE0MyAwMDAwMCBuIAowMDAwMTE4MTk3IDAwMDAwIG4g CjAwMDAxMTgyNTEgMDAwMDAgbiAKMDAwMDExODMwNSAwMDAwMCBuIAowMDAwMTE4NTI1IDAwMDAw IG4gCjAwMDAxMTg3NDQgMDAwMDAgbiAKMDAwMDExOTMzNyAwMDAwMCBuIAowMDAwMTIzMDk5IDAw MDAwIG4gCjAwMDAxMTkwODkgMDAwMDAgbiAKMDAwMDExOTI5MiAwMDAwMCBuIAowMDAwMTI0MTM4 IDAwMDAwIG4gCjAwMDAxMjMxMjEgMDAwMDAgbiAKMDAwMDEyMzE3NSAwMDAwMCBuIAowMDAwMTIz MjI5IDAwMDAwIG4gCjAwMDAxMjM0NTIgMDAwMDAgbiAKMDAwMDEyMzY3NSAwMDAwMCBuIAowMDAw MTIzODk0IDAwMDAwIG4gCjAwMDAxMjQ1MzQgMDAwMDAgbiAKMDAwMDEyODE3MiAwMDAwMCBuIAow MDAwMTI0MjY0IDAwMDAwIG4gCjAwMDAxMjQ0ODEgMDAwMDAgbiAKMDAwMDEzMDAxMCAwMDAwMCBu IAowMDAwMTI4MTk0IDAwMDAwIG4gCjAwMDAxMjgyNDggMDAwMDAgbiAKMDAwMDEyODMwMiAwMDAw MCBuIAowMDAwMTI4MzU2IDAwMDAwIG4gCjAwMDAxMjg0MTAgMDAwMDAgbiAKMDAwMDEyODYzNyAw MDAwMCBuIAowMDAwMTI4ODc2IDAwMDAwIG4gCjAwMDAxMjkxMTAgMDAwMDAgbiAKMDAwMDEyOTMy OSAwMDAwMCBuIAowMDAwMTI5NTYxIDAwMDAwIG4gCjAwMDAxMjk3OTEgMDAwMDAgbiAKMDAwMDEz MDQxNiAwMDAwMCBuIAowMDAwMTM0Mjg1IDAwMDAwIG4gCjAwMDAxMzAxMzYgMDAwMDAgbiAKMDAw MDEzMDMzOSAwMDAwMCBuIAowMDAwMTM0NTg3IDAwMDAwIG4gCjAwMDAxMzQzMDcgMDAwMDAgbiAK MDAwMDEzNDM2MSAwMDAwMCBuIAowMDAwMTM0OTM1IDAwMDAwIG4gCjAwMDAxMzc3NTAgMDAwMDAg biAKMDAwMDEzNDcxMyAwMDAwMCBuIAowMDAwMTM0OTA2IDAwMDAwIG4gCjAwMDAxMzk3NzggMDAw MDAgbiAKMDAwMDEzNzc3MiAwMDAwMCBuIAowMDAwMTM3ODI2IDAwMDAwIG4gCjAwMDAxMzc4ODAg MDAwMDAgbiAKMDAwMDEzNzkzNCAwMDAwMCBuIAowMDAwMTM3OTg4IDAwMDAwIG4gCjAwMDAxMzgy MDQgMDAwMDAgbiAKMDAwMDEzODQyMyAwMDAwMCBuIAowMDAwMTM4NjU4IDAwMDAwIG4gCjAwMDAx Mzg4ODggMDAwMDAgbiAKMDAwMDEzOTEwOSAwMDAwMCBuIAowMDAwMTM5MzI5IDAwMDAwIG4gCjAw MDAxMzk1NTkgMDAwMDAgbiAKMDAwMDE0MDE5MiAwMDAwMCBuIAowMDAwMTQzOTE4IDAwMDAwIG4g CjAwMDAxMzk5MDQgMDAwMDAgbiAKMDAwMDE0MDEwNyAwMDAwMCBuIAowMDAwMTQ0OTQwIDAwMDAw IG4gCjAwMDAxNDM5NDAgMDAwMDAgbiAKMDAwMDE0Mzk5NCAwMDAwMCBuIAowMDAwMTQ0MDQ4IDAw MDAwIG4gCjAwMDAxNDQyNzcgMDAwMDAgbiAKMDAwMDE0NDQ5OCAwMDAwMCBuIAowMDAwMTQ0NzE3 IDAwMDAwIG4gCjAwMDAxNDUzMjIgMDAwMDAgbiAKMDAwMDE0OTIxNyAwMDAwMCBuIAowMDAwMTQ1 MDY2IDAwMDAwIG4gCjAwMDAxNDUyNjkgMDAwMDAgbiAKMDAwMDE0OTg0MyAwMDAwMCBuIAowMDAw MTQ5MjM5IDAwMDAwIG4gCjAwMDAxNDkyOTMgMDAwMDAgbiAKMDAwMDE0OTM0NyAwMDAwMCBuIAow MDAwMTQ5NDAxIDAwMDAwIG4gCjAwMDAxNDk2MjQgMDAwMDAgbiAKMDAwMDE1MDIwOSAwMDAwMCBu IAowMDAwMTUzNzYzIDAwMDAwIG4gCjAwMDAxNDk5NjkgMDAwMDAgbiAKMDAwMDE1MDE3MiAwMDAw MCBuIAowMDAwMTU1MzY5IDAwMDAwIG4gCjAwMDAxNTM3ODUgMDAwMDAgbiAKMDAwMDE1MzgzOSAw MDAwMCBuIAowMDAwMTUzODkzIDAwMDAwIG4gCjAwMDAxNTM5NDcgMDAwMDAgbiAKMDAwMDE1NDAw MSAwMDAwMCBuIAowMDAwMTU0MjI3IDAwMDAwIG4gCjAwMDAxNTQ0NDYgMDAwMDAgbiAKMDAwMDE1 NDY2NSAwMDAwMCBuIAowMDAwMTU0OTA5IDAwMDAwIG4gCjAwMDAxNTUxMzAgMDAwMDAgbiAKMDAw MDE1NTc4MSAwMDAwMCBuIAowMDAwMTU5NDE2IDAwMDAwIG4gCjAwMDAxNTU0OTUgMDAwMDAgbiAK MDAwMDE1NTcxMiAwMDAwMCBuIAowMDAwMTYwODg4IDAwMDAwIG4gCjAwMDAxNTk0MzggMDAwMDAg biAKMDAwMDE1OTQ5MiAwMDAwMCBuIAowMDAwMTU5NTQ2IDAwMDAwIG4gCjAwMDAxNTk2MDAgMDAw MDAgbiAKMDAwMDE1OTY1NCAwMDAwMCBuIAowMDAwMTU5NzA4IDAwMDAwIG4gCjAwMDAxNTk3NjIg MDAwMDAgbiAKMDAwMDE1OTk4MSAwMDAwMCBuIAowMDAwMTYwMjEzIDAwMDAwIG4gCjAwMDAxNjA0 NDMgMDAwMDAgbiAKMDAwMDE2MDY2MiAwMDAwMCBuIAowMDAwMTYxMjc4IDAwMDAwIG4gCjAwMDAx NjQ1ODYgMDAwMDAgbiAKMDAwMDE2MTAxNCAwMDAwMCBuIAowMDAwMTYxMjE3IDAwMDAwIG4gCjAw MDAxNjcwMjEgMDAwMDAgbiAKMDAwMDE2NDYwOCAwMDAwMCBuIAowMDAwMTY0NjYyIDAwMDAwIG4g CjAwMDAxNjQ3MTYgMDAwMDAgbiAKMDAwMDE2NDc3MCAwMDAwMCBuIAowMDAwMTY0ODI0IDAwMDAw IG4gCjAwMDAxNjQ4NzggMDAwMDAgbiAKMDAwMDE2NDkzMiAwMDAwMCBuIAowMDAwMTY0OTg2IDAw MDAwIG4gCjAwMDAxNjUyMDUgMDAwMDAgbiAKMDAwMDE2NTQxNyAwMDAwMCBuIAowMDAwMTY1NjYx IDAwMDAwIG4gCjAwMDAxNjU4ODIgMDAwMDAgbiAKMDAwMDE2NjEyMSAwMDAwMCBuIAowMDAwMTY2 MzQwIDAwMDAwIG4gCjAwMDAxNjY1NzIgMDAwMDAgbiAKMDAwMDE2NjgwMiAwMDAwMCBuIAowMDAw MTY3NDU3IDAwMDAwIG4gCjAwMDAxNzA3MDMgMDAwMDAgbiAKMDAwMDE2NzE0NyAwMDAwMCBuIAow MDAwMTY3MzY0IDAwMDAwIG4gCjAwMDAxNzM5MDQgMDAwMDAgbiAKMDAwMDE3MDcyNSAwMDAwMCBu IAowMDAwMTcwNzc5IDAwMDAwIG4gCjAwMDAxNzA4MzMgMDAwMDAgbiAKMDAwMDE3MDg4NyAwMDAw MCBuIAowMDAwMTcwOTQxIDAwMDAwIG4gCjAwMDAxNzExOTIgMDAwMDAgbiAKMDAwMDE3MTQyNCAw MDAwMCBuIAowMDAwMTcxNjU0IDAwMDAwIG4gCjAwMDAxNzE4NzMgMDAwMDAgbiAKMDAwMDE3MjEw NSAwMDAwMCBuIAowMDAwMTcyMzM1IDAwMDAwIG4gCjAwMDAxNzI1NTQgMDAwMDAgbiAKMDAwMDE3 Mjc4MyAwMDAwMCBuIAowMDAwMTczMDE0IDAwMDAwIG4gCjAwMDAxNzMyMzUgMDAwMDAgbiAKMDAw MDE3MzQ1OCAwMDAwMCBuIAowMDAwMTczNjgxIDAwMDAwIG4gCjAwMDAxNzQzNzIgMDAwMDAgbiAK MDAwMDE3ODUxMCAwMDAwMCBuIAowMDAwMTc0MDMwIDAwMDAwIG4gCjAwMDAxNzQyNDcgMDAwMDAg biAKMDAwMDE3OTMwNSAwMDAwMCBuIAowMDAwMTc4NTMyIDAwMDAwIG4gCjAwMDAxNzg1ODYgMDAw MDAgbiAKMDAwMDE3ODY0MCAwMDAwMCBuIAowMDAwMTc4ODU5IDAwMDAwIG4gCjAwMDAxNzkwODIg MDAwMDAgbiAKMDAwMDE3OTY3OSAwMDAwMCBuIAowMDAwMTgzMDg3IDAwMDAwIG4gCjAwMDAxNzk0 MzEgMDAwMDAgbiAKMDAwMDE3OTYzNCAwMDAwMCBuIAowMDAwMTg0MzYzIDAwMDAwIG4gCjAwMDAx ODMxMDkgMDAwMDAgbiAKMDAwMDE4MzE2MyAwMDAwMCBuIAowMDAwMTgzMjE3IDAwMDAwIG4gCjAw MDAxODM0NDAgMDAwMDAgbiAKMDAwMDE4MzY1OSAwMDAwMCBuIAowMDAwMTgzOTAzIDAwMDAwIG4g CjAwMDAxODQxMjQgMDAwMDAgbiAKMDAwMDE4NDc2NyAwMDAwMCBuIAowMDAwMTg4NTI4IDAwMDAw IG4gCjAwMDAxODQ0ODkgMDAwMDAgbiAKMDAwMDE4NDcwNiAwMDAwMCBuIAowMDAwMTkwODgyIDAw MDAwIG4gCjAwMDAxODg1NTAgMDAwMDAgbiAKMDAwMDE4ODYwNCAwMDAwMCBuIAowMDAwMTg4NjU4 IDAwMDAwIG4gCjAwMDAxODg3MTIgMDAwMDAgbiAKMDAwMDE4ODc2NiAwMDAwMCBuIAowMDAwMTg4 OTk4IDAwMDAwIG4gCjAwMDAxODkyMjggMDAwMDAgbiAKMDAwMDE4OTQ0NyAwMDAwMCBuIAowMDAw MTg5NjcwIDAwMDAwIG4gCjAwMDAxODk4ODkgMDAwMDAgbiAKMDAwMDE5MDEzMCAwMDAwMCBuIAow MDAwMTkwMzgyIDAwMDAwIG4gCjAwMDAxOTA2MzAgMDAwMDAgbiAKMDAwMDE5MTMxOCAwMDAwMCBu IAowMDAwMTk1MzE1IDAwMDAwIG4gCjAwMDAxOTEwMDggMDAwMDAgbiAKMDAwMDE5MTIyNSAwMDAw MCBuIAowMDAwMTk3NTY4IDAwMDAwIG4gCjAwMDAxOTUzMzcgMDAwMDAgbiAKMDAwMDE5NTM5MSAw MDAwMCBuIAowMDAwMTk1NDQ1IDAwMDAwIG4gCjAwMDAxOTU0OTkgMDAwMDAgbiAKMDAwMDE5NTU1 MyAwMDAwMCBuIAowMDAwMTk1NjA3IDAwMDAwIG4gCjAwMDAxOTU2NjEgMDAwMDAgbiAKMDAwMDE5 NTcxNSAwMDAwMCBuIAowMDAwMTk1NzY5IDAwMDAwIG4gCjAwMDAxOTU5ODggMDAwMDAgbiAKMDAw MDE5NjIyMCAwMDAwMCBuIAowMDAwMTk2NDM5IDAwMDAwIG4gCjAwMDAxOTY2NTggMDAwMDAgbiAK MDAwMDE5Njg4OSAwMDAwMCBuIAowMDAwMTk3MTEyIDAwMDAwIG4gCjAwMDAxOTczMzEgMDAwMDAg biAKMDAwMDE5Nzk4MiAwMDAwMCBuIAowMDAwMjAxODA3IDAwMDAwIG4gCjAwMDAxOTc2OTQgMDAw MDAgbiAKMDAwMDE5Nzg5NyAwMDAwMCBuIAowMDAwMjA0NTAwIDAwMDAwIG4gCjAwMDAyMDE4Mjkg MDAwMDAgbiAKMDAwMDIwMTg4MyAwMDAwMCBuIAowMDAwMjAxOTM3IDAwMDAwIG4gCjAwMDAyMDE5 OTEgMDAwMDAgbiAKMDAwMDIwMjA0NSAwMDAwMCBuIAowMDAwMjAyMDk5IDAwMDAwIG4gCjAwMDAy MDIxNTMgMDAwMDAgbiAKMDAwMDIwMjIwNyAwMDAwMCBuIAowMDAwMjAyNDI2IDAwMDAwIG4gCjAw MDAyMDI2NjMgMDAwMDAgbiAKMDAwMDIwMjg4MiAwMDAwMCBuIAowMDAwMjAzMTE3IDAwMDAwIG4g CjAwMDAyMDMzMzYgMDAwMDAgbiAKMDAwMDIwMzU3MiAwMDAwMCBuIAowMDAwMjAzODA1IDAwMDAw IG4gCjAwMDAyMDQwMzUgMDAwMDAgbiAKMDAwMDIwNDI2OCAwMDAwMCBuIAowMDAwMjA0OTMwIDAw MDAwIG4gCjAwMDAyMDg3OTYgMDAwMDAgbiAKMDAwMDIwNDYyNiAwMDAwMCBuIAowMDAwMjA0ODI5 IDAwMDAwIG4gCjAwMDAyMTAyMjggMDAwMDAgbiAKMDAwMDIwODgxOCAwMDAwMCBuIAowMDAwMjA4 ODcyIDAwMDAwIG4gCjAwMDAyMDg5MjYgMDAwMDAgbiAKMDAwMDIwODk4MCAwMDAwMCBuIAowMDAw MjA5MDM0IDAwMDAwIG4gCjAwMDAyMDkwODggMDAwMDAgbiAKMDAwMDIwOTMwNyAwMDAwMCBuIAow MDAwMjA5NTI2IDAwMDAwIG4gCjAwMDAyMDk3NTYgMDAwMDAgbiAKMDAwMDIxMDAwOSAwMDAwMCBu IAowMDAwMjEwNjE4IDAwMDAwIG4gCjAwMDAyMTUyMTkgMDAwMDAgbiAKMDAwMDIxMDM1NCAwMDAw MCBuIAowMDAwMjEwNTU3IDAwMDAwIG4gCjAwMDAyMTY2MDMgMDAwMDAgbiAKMDAwMDIxNTI0MSAw MDAwMCBuIAowMDAwMjE1Mjk1IDAwMDAwIG4gCjAwMDAyMTUzNDkgMDAwMDAgbiAKMDAwMDIxNTQw MyAwMDAwMCBuIAowMDAwMjE1NDU3IDAwMDAwIG4gCjAwMDAyMTU1MTEgMDAwMDAgbiAKMDAwMDIx NTczMCAwMDAwMCBuIAowMDAwMjE1OTQyIDAwMDAwIG4gCjAwMDAyMTYxNjEgMDAwMDAgbiAKMDAw MDIxNjM4NCAwMDAwMCBuIAowMDAwMjE2OTc5IDAwMDAwIG4gCjAwMDAyMjA4ODQgMDAwMDAgbiAK MDAwMDIxNjcyOSAwMDAwMCBuIAowMDAwMjE2OTE4IDAwMDAwIG4gCjAwMDAyMjIwNTYgMDAwMDAg biAKMDAwMDIyMDkwNiAwMDAwMCBuIAowMDAwMjIwOTYwIDAwMDAwIG4gCjAwMDAyMjEwMTQgMDAw MDAgbiAKMDAwMDIyMTA2OCAwMDAwMCBuIAowMDAwMjIxMTIyIDAwMDAwIG4gCjAwMDAyMjExNzYg MDAwMDAgbiAKMDAwMDIyMTM5NSAwMDAwMCBuIAowMDAwMjIxNjE4IDAwMDAwIG4gCjAwMDAyMjE4 MzcgMDAwMDAgbiAKMDAwMDIyMjQzOCAwMDAwMCBuIAowMDAwMjI2NTkwIDAwMDAwIG4gCjAwMDAy MjIxODIgMDAwMDAgbiAKMDAwMDIyMjM4NSAwMDAwMCBuIAowMDAwMjI4MzY2IDAwMDAwIG4gCjAw MDAyMjY2MTIgMDAwMDAgbiAKMDAwMDIyNjY2NiAwMDAwMCBuIAowMDAwMjI2NzIwIDAwMDAwIG4g CjAwMDAyMjY3NzQgMDAwMDAgbiAKMDAwMDIyNjgyOCAwMDAwMCBuIAowMDAwMjI2ODgyIDAwMDAw IG4gCjAwMDAyMjY5MzYgMDAwMDAgbiAKMDAwMDIyNjk5MCAwMDAwMCBuIAowMDAwMjI3MDQ0IDAw MDAwIG4gCjAwMDAyMjcyNjMgMDAwMDAgbiAKMDAwMDIyNzQ4MiAwMDAwMCBuIAowMDAwMjI3NzAx IDAwMDAwIG4gCjAwMDAyMjc5MjQgMDAwMDAgbiAKMDAwMDIyODE0NyAwMDAwMCBuIAowMDAwMjI4 NzY0IDAwMDAwIG4gCjAwMDAyMzI3ODEgMDAwMDAgbiAKMDAwMDIyODQ5MiAwMDAwMCBuIAowMDAw MjI4Njk1IDAwMDAwIG4gCjAwMDAyMzQwMDggMDAwMDAgbiAKMDAwMDIzMjgwMyAwMDAwMCBuIAow MDAwMjMyODU3IDAwMDAwIG4gCjAwMDAyMzI5MTEgMDAwMDAgbiAKMDAwMDIzMjk2NSAwMDAwMCBu IAowMDAwMjMzMDE5IDAwMDAwIG4gCjAwMDAyMzMwNzMgMDAwMDAgbiAKMDAwMDIzMzEyNyAwMDAw MCBuIAowMDAwMjMzMzQ2IDAwMDAwIG4gCjAwMDAyMzM1NjUgMDAwMDAgbiAKMDAwMDIzMzc4OSAw MDAwMCBuIAowMDAwMjM0MzkwIDAwMDAwIG4gCjAwMDAyMzg2MTMgMDAwMDAgbiAKMDAwMDIzNDEz NCAwMDAwMCBuIAowMDAwMjM0MzM3IDAwMDAwIG4gCjAwMDAyMzk2MTYgMDAwMDAgbiAKMDAwMDIz ODYzNSAwMDAwMCBuIAowMDAwMjM4Njg5IDAwMDAwIG4gCjAwMDAyMzg3NDMgMDAwMDAgbiAKMDAw MDIzODc5NyAwMDAwMCBuIAowMDAwMjM4ODUxIDAwMDAwIG4gCjAwMDAyMzg5MDUgMDAwMDAgbiAK MDAwMDIzODk1OSAwMDAwMCBuIAowMDAwMjM5MTc4IDAwMDAwIG4gCjAwMDAyMzkzOTcgMDAwMDAg biAKMDAwMDIzOTk5MCAwMDAwMCBuIAowMDAwMjQ0NTkwIDAwMDAwIG4gCjAwMDAyMzk3NDIgMDAw MDAgbiAKMDAwMDIzOTk0NSAwMDAwMCBuIAowMDAwMjQ2MzczIDAwMDAwIG4gCjAwMDAyNDQ2MTIg MDAwMDAgbiAKMDAwMDI0NDY2NiAwMDAwMCBuIAowMDAwMjQ0NzIwIDAwMDAwIG4gCjAwMDAyNDQ3 NzQgMDAwMDAgbiAKMDAwMDI0NDgyOCAwMDAwMCBuIAowMDAwMjQ0ODgyIDAwMDAwIG4gCjAwMDAy NDQ5MzYgMDAwMDAgbiAKMDAwMDI0NDk5MCAwMDAwMCBuIAowMDAwMjQ1MDQ0IDAwMDAwIG4gCjAw MDAyNDUyNjMgMDAwMDAgbiAKMDAwMDI0NTQ4MiAwMDAwMCBuIAowMDAwMjQ1Njk4IDAwMDAwIG4g CjAwMDAyNDU5MTcgMDAwMDAgbiAKMDAwMDI0NjE1NCAwMDAwMCBuIAowMDAwMjQ2NzcxIDAwMDAw IG4gCjAwMDAyNTA5MTYgMDAwMDAgbiAKMDAwMDI0NjQ5OSAwMDAwMCBuIAowMDAwMjQ2NzAyIDAw MDAwIG4gCjAwMDAyNTE4MTUgMDAwMDAgbiAKMDAwMDI1MDkzOCAwMDAwMCBuIAowMDAwMjUwOTky IDAwMDAwIG4gCjAwMDAyNTEwNDYgMDAwMDAgbiAKMDAwMDI1MTEwMCAwMDAwMCBuIAowMDAwMjUx MTU0IDAwMDAwIG4gCjAwMDAyNTEzNzcgMDAwMDAgbiAKMDAwMDI1MTU5NiAwMDAwMCBuIAowMDAw MjUyMTc1IDAwMDAwIG4gCjAwMDAyNTYzODQgMDAwMDAgbiAKMDAwMDI1MTk0MSAwMDAwMCBuIAow MDAwMjUyMTMwIDAwMDAwIG4gCjAwMDAyNTY5NTYgMDAwMDAgbiAKMDAwMDI1NjQwNiAwMDAwMCBu IAowMDAwMjU2NDYwIDAwMDAwIG4gCjAwMDAyNTY1MTQgMDAwMDAgbiAKMDAwMDI1NjczMyAwMDAw MCBuIAowMDAwMjU3MzA4IDAwMDAwIG4gCjAwMDAyNjE2NjkgMDAwMDAgbiAKMDAwMDI1NzA4MiAw MDAwMCBuIAowMDAwMjU3MjcxIDAwMDAwIG4gCjAwMDAyNjI5NDkgMDAwMDAgbiAKMDAwMDI2MTY5 MSAwMDAwMCBuIAowMDAwMjYxNzQ1IDAwMDAwIG4gCjAwMDAyNjE3OTkgMDAwMDAgbiAKMDAwMDI2 MTg1MyAwMDAwMCBuIAowMDAwMjYxOTA3IDAwMDAwIG4gCjAwMDAyNjE5NjEgMDAwMDAgbiAKMDAw MDI2MjAxNSAwMDAwMCBuIAowMDAwMjYyMDY5IDAwMDAwIG4gCjAwMDAyNjIyODggMDAwMDAgbiAK MDAwMDI2MjUwNyAwMDAwMCBuIAowMDAwMjYyNzI2IDAwMDAwIG4gCjAwMDAyNjMzMTcgMDAwMDAg biAKMDAwMDI2NzUyMCAwMDAwMCBuIAowMDAwMjYzMDc1IDAwMDAwIG4gCjAwMDAyNjMyNjQgMDAw MDAgbiAKMDAwMDI4MTk3NCAwMDAwMCBuIAowMDAwMjY3NTQyIDAwMDAwIG4gCjAwMDAyNjc1OTYg MDAwMDAgbiAKMDAwMDI2NzY1MCAwMDAwMCBuIAowMDAwMjY3NzA0IDAwMDAwIG4gCjAwMDAyNjc3 NTEgMDAwMDAgbiAKMDAwMDI2NzgwNSAwMDAwMCBuIAowMDAwMjY3ODU5IDAwMDAwIG4gCjAwMDAy Njc5MTMgMDAwMDAgbiAKMDAwMDI2Nzk2NyAwMDAwMCBuIAowMDAwMjY4MDIxIDAwMDAwIG4gCjAw MDAyNjgwNzUgMDAwMDAgbiAKMDAwMDI2ODEyOSAwMDAwMCBuIAowMDAwMjY4MTgzIDAwMDAwIG4g CjAwMDAyNjgyMzcgMDAwMDAgbiAKMDAwMDI2ODI5MSAwMDAwMCBuIAowMDAwMjY4MzQ1IDAwMDAw IG4gCjAwMDAyNjgzOTkgMDAwMDAgbiAKMDAwMDI2ODQ1MyAwMDAwMCBuIAowMDAwMjY4NTA3IDAw MDAwIG4gCjAwMDAyNjg1NjEgMDAwMDAgbiAKMDAwMDI2ODYxNSAwMDAwMCBuIAowMDAwMjY4NjY5 IDAwMDAwIG4gCjAwMDAyNjg3MjMgMDAwMDAgbiAKMDAwMDI2ODk0MiAwMDAwMCBuIAowMDAwMjY5 MTc4IDAwMDAwIG4gCjAwMDAyNjk0MTggMDAwMDAgbiAKMDAwMDI2OTY0OCAwMDAwMCBuIAowMDAw MjY5ODgxIDAwMDAwIG4gCjAwMDAyNzAxMDAgMDAwMDAgbiAKMDAwMDI3MDMxOSAwMDAwMCBuIAow MDAwMjcwNTM4IDAwMDAwIG4gCjAwMDAyNzA3MjIgMDAwMDAgbiAKMDAwMDI3MDkxOCAwMDAwMCBu IAowMDAwMjcxMTIxIDAwMDAwIG4gCjAwMDAyNzEzMzUgMDAwMDAgbiAKMDAwMDI3MTU0MCAwMDAw MCBuIAowMDAwMjcxNzI5IDAwMDAwIG4gCjAwMDAyNzE5MTcgMDAwMDAgbiAKMDAwMDI3MjExMyAw MDAwMCBuIAowMDAwMjcyMzE2IDAwMDAwIG4gCjAwMDAyNzI1MDUgMDAwMDAgbiAKMDAwMDI3MjY3 NiAwMDAwMCBuIAowMDAwMjcyODYyIDAwMDAwIG4gCjAwMDAyNzMwNDUgMDAwMDAgbiAKMDAwMDI3 MzIzNyAwMDAwMCBuIAowMDAwMjczNDI2IDAwMDAwIG4gCjAwMDAyNzM2MDcgMDAwMDAgbiAKMDAw MDI3MzgwMyAwMDAwMCBuIAowMDAwMjc0MDA2IDAwMDAwIG4gCjAwMDAyNzQyMDggMDAwMDAgbiAK MDAwMDI3NDQxMSAwMDAwMCBuIAowMDAwMjc0NjI1IDAwMDAwIG4gCjAwMDAyNzQ4MzcgMDAwMDAg biAKMDAwMDI3NTAyMyAwMDAwMCBuIAowMDAwMjc1MjExIDAwMDAwIG4gCjAwMDAyNzUzOTEgMDAw MDAgbiAKMDAwMDI3NTU4MCAwMDAwMCBuIAowMDAwMjc1NzY5IDAwMDAwIG4gCjAwMDAyNzU5NjAg MDAwMDAgbiAKMDAwMDI3NjE1NiAwMDAwMCBuIAowMDAwMjc2MzU5IDAwMDAwIG4gCjAwMDAyNzY1 NzMgMDAwMDAgbiAKMDAwMDI3Njc4NSAwMDAwMCBuIAowMDAwMjc2OTY3IDAwMDAwIG4gCjAwMDAy NzcxNjMgMDAwMDAgbiAKMDAwMDI3NzM0NCAwMDAwMCBuIAowMDAwMjc3NTMwIDAwMDAwIG4gCjAw MDAyNzc3MTAgMDAwMDAgbiAKMDAwMDI3NzkwNiAwMDAwMCBuIAowMDAwMjc4MTA5IDAwMDAwIG4g CjAwMDAyNzgzMTYgMDAwMDAgbiAKMDAwMDI3ODUyOCAwMDAwMCBuIAowMDAwMjc4NzI0IDAwMDAw IG4gCjAwMDAyNzg5MjcgMDAwMDAgbiAKMDAwMDI3OTEyMyAwMDAwMCBuIAowMDAwMjc5MzI2IDAw MDAwIG4gCjAwMDAyNzk1MjIgMDAwMDAgbiAKMDAwMDI3OTcxOCAwMDAwMCBuIAowMDAwMjc5OTE0 IDAwMDAwIG4gCjAwMDAyODAxMTcgMDAwMDAgbiAKMDAwMDI4MDMxMyAwMDAwMCBuIAowMDAwMjgw NTA5IDAwMDAwIG4gCjAwMDAyODA3MDUgMDAwMDAgbiAKMDAwMDI4MDkwOCAwMDAwMCBuIAowMDAw MjgxMTE2IDAwMDAwIG4gCjAwMDAyODEzMjQgMDAwMDAgbiAKMDAwMDI4MTUzMyAwMDAwMCBuIAow MDAwMjgxNzQ3IDAwMDAwIG4gCjAwMDAyODI4MzggMDAwMDAgbiAKMDAwMDI4OTczMCAwMDAwMCBu IAowMDAwMjgyMTAwIDAwMDAwIG4gCjAwMDAyODIyODkgMDAwMDAgbiAKMDAwMDI5NTg5MiAwMDAw MCBuIAowMDAwMjg5NzUyIDAwMDAwIG4gCjAwMDAyODk4MDYgMDAwMDAgbiAKMDAwMDI4OTg2MCAw MDAwMCBuIAowMDAwMjg5OTE0IDAwMDAwIG4gCjAwMDAyODk5NjggMDAwMDAgbiAKMDAwMDI5MDAy MiAwMDAwMCBuIAowMDAwMjkwMDc2IDAwMDAwIG4gCjAwMDAyOTAxMzAgMDAwMDAgbiAKMDAwMDI5 MDE4NCAwMDAwMCBuIAowMDAwMjkwMjM4IDAwMDAwIG4gCjAwMDAyOTAyOTIgMDAwMDAgbiAKMDAw MDI5MDM0NiAwMDAwMCBuIAowMDAwMjkwNDAwIDAwMDAwIG4gCjAwMDAyOTA0NTQgMDAwMDAgbiAK MDAwMDI5MDUwOCAwMDAwMCBuIAowMDAwMjkwNTYyIDAwMDAwIG4gCjAwMDAyOTA3ODEgMDAwMDAg biAKMDAwMDI5MTAwNCAwMDAwMCBuIAowMDAwMjkxMjI4IDAwMDAwIG4gCjAwMDAyOTE0NTEgMDAw MDAgbiAKMDAwMDI5MTY3MCAwMDAwMCBuIAowMDAwMjkxODk2IDAwMDAwIG4gCjAwMDAyOTIxMTUg MDAwMDAgbiAKMDAwMDI5MjM0OCAwMDAwMCBuIAowMDAwMjkyNTY3IDAwMDAwIG4gCjAwMDAyOTI3 OTggMDAwMDAgbiAKMDAwMDI5MzAzNSAwMDAwMCBuIAowMDAwMjkzMjU0IDAwMDAwIG4gCjAwMDAy OTM0NjggMDAwMDAgbiAKMDAwMDI5MzY3OSAwMDAwMCBuIAowMDAwMjkzOTEwIDAwMDAwIG4gCjAw MDAyOTQxNDEgMDAwMDAgbiAKMDAwMDI5NDM2MSAwMDAwMCBuIAowMDAwMjk0NTk0IDAwMDAwIG4g CjAwMDAyOTQ4MjcgMDAwMDAgbiAKMDAwMDI5NTA1MCAwMDAwMCBuIAowMDAwMjk1Mjg2IDAwMDAw IG4gCjAwMDAyOTU0ODIgMDAwMDAgbiAKMDAwMDI5NTY4NSAwMDAwMCBuIAowMDAwMjk2NDM0IDAw MDAwIG4gCjAwMDAzMDA1MzAgMDAwMDAgbiAKMDAwMDI5NjAxOCAwMDAwMCBuIAowMDAwMjk2MjIx IDAwMDAwIG4gCjAwMDAzMDg4MDggMDAwMDAgbiAKMDAwMDMwMDU1MiAwMDAwMCBuIAowMDAwMzAw NjA2IDAwMDAwIG4gCjAwMDAzMDA2NjAgMDAwMDAgbiAKMDAwMDMwMDcxNCAwMDAwMCBuIAowMDAw MzAwNzY4IDAwMDAwIG4gCjAwMDAzMDA4MjIgMDAwMDAgbiAKMDAwMDMwMDg3NiAwMDAwMCBuIAow MDAwMzAwOTMwIDAwMDAwIG4gCjAwMDAzMDA5ODQgMDAwMDAgbiAKMDAwMDMwMTAzOCAwMDAwMCBu IAowMDAwMzAxMDkyIDAwMDAwIG4gCjAwMDAzMDExNDYgMDAwMDAgbiAKMDAwMDMwMTIwMCAwMDAw MCBuIAowMDAwMzAxNDE5IDAwMDAwIG4gCjAwMDAzMDE2NDYgMDAwMDAgbiAKMDAwMDMwMTg4MSAw MDAwMCBuIAowMDAwMzAyMTE3IDAwMDAwIG4gCjAwMDAzMDIzNTUgMDAwMDAgbiAKMDAwMDMwMjU5 NCAwMDAwMCBuIAowMDAwMzAyODM0IDAwMDAwIG4gCjAwMDAzMDMwNTMgMDAwMDAgbiAKMDAwMDMw MzI4NyAwMDAwMCBuIAowMDAwMzAzNTE0IDAwMDAwIG4gCjAwMDAzMDM3NTIgMDAwMDAgbiAKMDAw MDMwMzk3MSAwMDAwMCBuIAowMDAwMzA0MjAwIDAwMDAwIG4gCjAwMDAzMDQ0NDAgMDAwMDAgbiAK MDAwMDMwNDY3MCAwMDAwMCBuIAowMDAwMzA0OTAzIDAwMDAwIG4gCjAwMDAzMDUxMzEgMDAwMDAg biAKMDAwMDMwNTM1MCAwMDAwMCBuIAowMDAwMzA1NTg2IDAwMDAwIG4gCjAwMDAzMDU4MjYgMDAw MDAgbiAKMDAwMDMwNjA1NiAwMDAwMCBuIAowMDAwMzA2Mjg5IDAwMDAwIG4gCjAwMDAzMDY1MDgg MDAwMDAgbiAKMDAwMDMwNjczNyAwMDAwMCBuIAowMDAwMzA2OTc3IDAwMDAwIG4gCjAwMDAzMDcy MDcgMDAwMDAgbiAKMDAwMDMwNzQ0MCAwMDAwMCBuIAowMDAwMzA3NjU5IDAwMDAwIG4gCjAwMDAz MDc4ODYgMDAwMDAgbiAKMDAwMDMwODEyMiAwMDAwMCBuIAowMDAwMzA4MzUwIDAwMDAwIG4gCjAw MDAzMDg1ODEgMDAwMDAgbiAKMDAwMDMwOTQyMiAwMDAwMCBuIAowMDAwMzExNzEyIDAwMDAwIG4g CjAwMDAzMDg5MzQgMDAwMDAgbiAKMDAwMDMwOTEzNyAwMDAwMCBuIAowMDAwMzE2MDg5IDAwMDAw IG4gCjAwMDAzMTE3MzQgMDAwMDAgbiAKMDAwMDMxMTc4OCAwMDAwMCBuIAowMDAwMzExODQyIDAw MDAwIG4gCjAwMDAzMTE4OTYgMDAwMDAgbiAKMDAwMDMxMTk1MCAwMDAwMCBuIAowMDAwMzEyMDA0 IDAwMDAwIG4gCjAwMDAzMTIwNTggMDAwMDAgbiAKMDAwMDMxMjExMiAwMDAwMCBuIAowMDAwMzEy MTY2IDAwMDAwIG4gCjAwMDAzMTIyMjAgMDAwMDAgbiAKMDAwMDMxMjI3NCAwMDAwMCBuIAowMDAw MzEyMzI4IDAwMDAwIG4gCjAwMDAzMTIzODIgMDAwMDAgbiAKMDAwMDMxMjQzNiAwMDAwMCBuIAow MDAwMzEyNjU1IDAwMDAwIG4gCjAwMDAzMTI4ODIgMDAwMDAgbiAKMDAwMDMxMzEwMSAwMDAwMCBu IAowMDAwMzEzMzQwIDAwMDAwIG4gCjAwMDAzMTM1NzIgMDAwMDAgbiAKMDAwMDMxMzc5MSAwMDAw MCBuIAowMDAwMzE0MDMwIDAwMDAwIG4gCjAwMDAzMTQyNjIgMDAwMDAgbiAKMDAwMDMxNDQ4OSAw MDAwMCBuIAowMDAwMzE0NzA4IDAwMDAwIG4gCjAwMDAzMTQ5NDcgMDAwMDAgbiAKMDAwMDMxNTE3 OSAwMDAwMCBuIAowMDAwMzE1Mzk4IDAwMDAwIG4gCjAwMDAzMTU2MzQgMDAwMDAgbiAKMDAwMDMx NTg1MyAwMDAwMCBuIAowMDAwMzE2NTY3IDAwMDAwIG4gCjAwMDAzMTg4MTUgMDAwMDAgbiAKMDAw MDMxNjIxNSAwMDAwMCBuIAowMDAwMzE2NDE4IDAwMDAwIG4gCjAwMDAzMjEyNTEgMDAwMDAgbiAK MDAwMDMxODgzNyAwMDAwMCBuIAowMDAwMzE4ODkxIDAwMDAwIG4gCjAwMDAzMTg5NDUgMDAwMDAg biAKMDAwMDMxODk5OSAwMDAwMCBuIAowMDAwMzE5MDUzIDAwMDAwIG4gCjAwMDAzMTkxMDAgMDAw MDAgbiAKMDAwMDMxOTE1NCAwMDAwMCBuIAowMDAwMzE5MjA4IDAwMDAwIG4gCjAwMDAzMTk0Mjcg MDAwMDAgbiAKMDAwMDMxOTY1OSAwMDAwMCBuIAowMDAwMzE5ODkwIDAwMDAwIG4gCjAwMDAzMjAx MDkgMDAwMDAgbiAKMDAwMDMyMDM0MiAwMDAwMCBuIAowMDAwMzIwNTYxIDAwMDAwIG4gCjAwMDAz MjA3ODQgMDAwMDAgbiAKMDAwMDMyMTAzMiAwMDAwMCBuIAowMDAwMzIxNjg3IDAwMDAwIG4gCjAw MDAzMjYzNDkgMDAwMDAgbiAKMDAwMDMyMTM3NyAwMDAwMCBuIAowMDAwMzIxNTk0IDAwMDAwIG4g CjAwMDAzNjc5MDggMDAwMDAgbiAKMDAwMDMyNjM3MSAwMDAwMCBuIAowMDAwMzI2NDI1IDAwMDAw IG4gCjAwMDAzMjY0NzkgMDAwMDAgbiAKMDAwMDMyNjY5OCAwMDAwMCBuIAowMDAwMzI2ODgwIDAw MDAwIG4gCjAwMDAzMjcwNjQgMDAwMDAgbiAKMDAwMDMyNzI0MyAwMDAwMCBuIAowMDAwMzQ5Nzg1 IDAwMDAwIG4gCjAwMDAzNDk1NDMgMDAwMDAgbiAKMDAwMDMyNzQzNSAwMDAwMCBuIAowMDAwMzI3 NTU1IDAwMDAwIG4gCjAwMDAzMjc3MTQgMDAwMDAgbiAKMDAwMDMyNzg2NyAwMDAwMCBuIAowMDAw MzI4MDIyIDAwMDAwIG4gCjAwMDAzMjgxNzUgMDAwMDAgbiAKMDAwMDMyODMxOCAwMDAwMCBuIAow MDAwMzI4NDc3IDAwMDAwIG4gCjAwMDAzMjg2NDggMDAwMDAgbiAKMDAwMDMyODgyMSAwMDAwMCBu IAowMDAwMzI4OTc0IDAwMDAwIG4gCjAwMDAzMjkxODEgMDAwMDAgbiAKMDAwMDMyOTM1NCAwMDAw MCBuIAowMDAwMzI5NTExIDAwMDAwIG4gCjAwMDAzMjk2NzAgMDAwMDAgbiAKMDAwMDMyOTgyNSAw MDAwMCBuIAowMDAwMzI5OTkyIDAwMDAwIG4gCjAwMDAzMzAxNTggMDAwMDAgbiAKMDAwMDMzMDMz NiAwMDAwMCBuIAowMDAwMzMwNTA0IDAwMDAwIG4gCjAwMDAzMzA2NjIgMDAwMDAgbiAKMDAwMDMz MDgzMCAwMDAwMCBuIAowMDAwMzMxMDA2IDAwMDAwIG4gCjAwMDAzMzExNzQgMDAwMDAgbiAKMDAw MDMzMTM2OCAwMDAwMCBuIAowMDAwMzMxNTQyIDAwMDAwIG4gCjAwMDAzMzE3MDggMDAwMDAgbiAK MDAwMDMzMTg4NiAwMDAwMCBuIAowMDAwMzMyMDUwIDAwMDAwIG4gCjAwMDAzMzIyMjggMDAwMDAg biAKMDAwMDMzMjQzNCAwMDAwMCBuIAowMDAwMzMyNjI2IDAwMDAwIG4gCjAwMDAzMzI4MTAgMDAw MDAgbiAKMDAwMDMzMjk4NCAwMDAwMCBuIAowMDAwMzMzMTU4IDAwMDAwIG4gCjAwMDAzMzMzMjAg MDAwMDAgbiAKMDAwMDMzMzUwMCAwMDAwMCBuIAowMDAwMzMzNjcwIDAwMDAwIG4gCjAwMDAzMzM4 NDYgMDAwMDAgbiAKMDAwMDMzNDAyOCAwMDAwMCBuIAowMDAwMzM0MjA4IDAwMDAwIG4gCjAwMDAz MzQzOTAgMDAwMDAgbiAKMDAwMDMzNDU2MCAwMDAwMCBuIAowMDAwMzM0NzM4IDAwMDAwIG4gCjAw MDAzMzQ5MTggMDAwMDAgbiAKMDAwMDMzNTA4MCAwMDAwMCBuIAowMDAwMzM1MjYwIDAwMDAwIG4g CjAwMDAzMzU0NDAgMDAwMDAgbiAKMDAwMDMzNTYxMCAwMDAwMCBuIAowMDAwMzM1ODI2IDAwMDAw IG4gCjAwMDAzMzYwMzIgMDAwMDAgbiAKMDAwMDMzNjIxMCAwMDAwMCBuIAowMDAwMzM2MzkwIDAw MDAwIG4gCjAwMDAzMzY1NzIgMDAwMDAgbiAKMDAwMDMzNjc3OCAwMDAwMCBuIAowMDAwMzM2OTU2 IDAwMDAwIG4gCjAwMDAzMzcxMzYgMDAwMDAgbiAKMDAwMDMzNzMwMiAwMDAwMCBuIAowMDAwMzM3 NDc4IDAwMDAwIG4gCjAwMDAzMzc2NTAgMDAwMDAgbiAKMDAwMDMzNzgxMiAwMDAwMCBuIAowMDAw MzM3OTk0IDAwMDAwIG4gCjAwMDAzMzgxODIgMDAwMDAgbiAKMDAwMDMzODM1MiAwMDAwMCBuIAow MDAwMzM4NTE0IDAwMDAwIG4gCjAwMDAzMzg2NzAgMDAwMDAgbiAKMDAwMDMzODg1OCAwMDAwMCBu IAowMDAwMzM5MDU2IDAwMDAwIG4gCjAwMDAzMzkyNjYgMDAwMDAgbiAKMDAwMDMzOTUwMCAwMDAw MCBuIAowMDAwMzM5Njk2IDAwMDAwIG4gCjAwMDAzMzk4NjQgMDAwMDAgbiAKMDAwMDM0MDA0MiAw MDAwMCBuIAowMDAwMzQwMjIwIDAwMDAwIG4gCjAwMDAzNDAzOTYgMDAwMDAgbiAKMDAwMDM0MDU1 OCAwMDAwMCBuIAowMDAwMzQwNzIyIDAwMDAwIG4gCjAwMDAzNDA4OTYgMDAwMDAgbiAKMDAwMDM0 MTEyNiAwMDAwMCBuIAowMDAwMzQxMzMyIDAwMDAwIG4gCjAwMDAzNDE1MTQgMDAwMDAgbiAKMDAw MDM0MTY5NCAwMDAwMCBuIAowMDAwMzQxODg4IDAwMDAwIG4gCjAwMDAzNDIwNTggMDAwMDAgbiAK MDAwMDM0MjI0OCAwMDAwMCBuIAowMDAwMzQyNDEwIDAwMDAwIG4gCjAwMDAzNDI2MTggMDAwMDAg biAKMDAwMDM0Mjc4OCAwMDAwMCBuIAowMDAwMzQzMDY0IDAwMDAwIG4gCjAwMDAzNDMyMzQgMDAw MDAgbiAKMDAwMDM0MzQ0MiAwMDAwMCBuIAowMDAwMzQzNjI0IDAwMDAwIG4gCjAwMDAzNDM4MTgg MDAwMDAgbiAKMDAwMDM0NDAwMCAwMDAwMCBuIAowMDAwMzQ0MTkwIDAwMDAwIG4gCjAwMDAzNDQ0 MzYgMDAwMDAgbiAKMDAwMDM0NDYxOCAwMDAwMCBuIAowMDAwMzQ0ODA4IDAwMDAwIG4gCjAwMDAz NDUwMTQgMDAwMDAgbiAKMDAwMDM0NTE5NiAwMDAwMCBuIAowMDAwMzQ1MzQ4IDAwMDAwIG4gCjAw MDAzNDU1MjIgMDAwMDAgbiAKMDAwMDM0NTcwMCAwMDAwMCBuIAowMDAwMzQ1OTMwIDAwMDAwIG4g CjAwMDAzNDYxMDAgMDAwMDAgbiAKMDAwMDM0NjI3OCAwMDAwMCBuIAowMDAwMzQ2NDU2IDAwMDAw IG4gCjAwMDAzNDY2MTggMDAwMDAgbiAKMDAwMDM0Njc4MCAwMDAwMCBuIAowMDAwMzQ2OTU2IDAw MDAwIG4gCjAwMDAzNDcxMTggMDAwMDAgbiAKMDAwMDM0NzMwNCAwMDAwMCBuIAowMDAwMzQ3NDc0 IDAwMDAwIG4gCjAwMDAzNDc2NDggMDAwMDAgbiAKMDAwMDM0NzgxMCAwMDAwMCBuIAowMDAwMzQ3 OTg4IDAwMDAwIG4gCjAwMDAzNDgxNjIgMDAwMDAgbiAKMDAwMDM0ODMzNiAwMDAwMCBuIAowMDAw MzQ4NTA2IDAwMDAwIG4gCjAwMDAzNDg2NzYgMDAwMDAgbiAKMDAwMDM0ODg1NiAwMDAwMCBuIAow MDAwMzQ5MDQyIDAwMDAwIG4gCjAwMDAzNDkyMjIgMDAwMDAgbiAKMDAwMDM0OTQwMiAwMDAwMCBu IAowMDAwMzQ5ODU0IDAwMDAwIG4gCjAwMDAzNjgzMDYgMDAwMDAgbiAKMDAwMDM3MjU4MCAwMDAw MCBuIAowMDAwMzY4MDM3IDAwMDAwIG4gCjAwMDAzNjgyNDEgMDAwMDAgbiAKMDAwMDM3MjYwMyAw MDAwMCBuIAowMDAwMzcyODcyIDAwMDAwIG4gCjAwMDAzNzcxNzIgMDAwMDAgbiAKMDAwMDM3NzM5 OSAwMDAwMCBuIAowMDAwMzc3MTQ5IDAwMDAwIG4gCjAwMDAzNzc5NjcgMDAwMDAgbiAKMDAwMDM3 ODE4MCAwMDAwMCBuIAowMDAwMzgzNTAzIDAwMDAwIG4gCjAwMDAzODM5NzggMDAwMDAgbiAKMDAw MDM4MzQ4MCAwMDAwMCBuIAowMDAwMzg0OTgxIDAwMDAwIG4gCjAwMDAzODUyNTQgMDAwMDAgbiAK MDAwMDM4NzM1MiAwMDAwMCBuIAowMDAwMzg3NTk1IDAwMDAwIG4gCjAwMDAzODczMjkgMDAwMDAg biAKMDAwMDM4ODE4OSAwMDAwMCBuIAowMDAwMzg4NDU3IDAwMDAwIG4gCjAwMDAzOTgzNjMgMDAw MDAgbiAKMDAwMDM5ODU3OCAwMDAwMCBuIAowMDAwMzk4MzQwIDAwMDAwIG4gCjAwMDAzOTk3NjQg MDAwMDAgbiAKMDAwMDQwMDA0MCAwMDAwMCBuIAowMDAwNDA4NTczIDAwMDAwIG4gCjAwMDA0MDkx MDEgMDAwMDAgbiAKMDAwMDQwODU1MCAwMDAwMCBuIAowMDAwNDEwMTg4IDAwMDAwIG4gCjAwMDA0 MTA0NTYgMDAwMDAgbiAKMDAwMDQxNjcwMiAwMDAwMCBuIAowMDAwNDE3MTEyIDAwMDAwIG4gCjAw MDA0MTY2NzkgMDAwMDAgbiAKMDAwMDQxODAwMiAwMDAwMCBuIAowMDAwNDE4Mjc5IDAwMDAwIG4g CjAwMDA0MjY5NjggMDAwMDAgbiAKMDAwMDQyNzUyMyAwMDAwMCBuIAowMDAwNDI2OTQ1IDAwMDAw IG4gCnRyYWlsZXIKPDwKL1NpemUgMTE2OQovSW5mbyAxIDAgUgovUm9vdCAxMTI5IDAgUgo+Pgpz dGFydHhyZWYKNDI5MTM1CiUlRU9GCg== --_007_4E1F6AAD24975D4BA5B16804296739436657C93ATK5EX14MBXC283r_ Content-Type: text/xml; name="draft-ietf-oauth-v2-29 preliminary.xml" Content-Description: draft-ietf-oauth-v2-29 preliminary.xml Content-Disposition: attachment; filename="draft-ietf-oauth-v2-29 preliminary.xml"; size=191001; creation-date="Mon, 09 Jul 2012 07:04:15 GMT"; modification-date="Mon, 09 Jul 2012 06:56:25 GMT" Content-Transfer-Encoding: base64 PD94bWwgdmVyc2lvbj0nMS4wJyBlbmNvZGluZz0nVVRGLTgnID8+CjwhRE9DVFlQRSByZmMgU1lT VEVNICdyZmMyNjI5LmR0ZCc+Cjw/eG1sLXN0eWxlc2hlZXQgdHlwZT0ndGV4dC94c2wnIGhyZWY9 J3JmYzI2MjkueHNsdCcgPz4KCjxyZmMgY2F0ZWdvcnk9J3N0ZCcgaXByPSd0cnVzdDIwMDkwMicg b2Jzb2xldGVzPSc1ODQ5JyBkb2NOYW1lPSdkcmFmdC1pZXRmLW9hdXRoLXYyLTI5Jz4KICA8P3Jm YyBzdHJpY3Q9J3llcycgPz4KICA8P3JmYyB0b2M9J3llcycgPz4KICA8P3JmYyB0b2NkZXB0aD0n MycgPz4KICA8P3JmYyBzeW1yZWZzPSd5ZXMnID8+CiAgPD9yZmMgc29ydHJlZnM9J3llcycgPz4K ICA8P3JmYyBjb21wYWN0PSd5ZXMnID8+CiAgPD9yZmMgc3ViY29tcGFjdD0neWVzJyA/PgogIAog IDxmcm9udD4KICAgIDx0aXRsZSBhYmJyZXY9J09BdXRoIDIuMCc+VGhlIE9BdXRoIDIuMCBBdXRo b3JpemF0aW9uIEZyYW1ld29yazwvdGl0bGU+CgogICAgPGF1dGhvciBmdWxsbmFtZT0nRGljayBI YXJkdCcgc3VybmFtZT0nSGFyZHQnIGluaXRpYWxzPSdEJyByb2xlPSdlZGl0b3InPgogICAgICA8 b3JnYW5pemF0aW9uPk1pY3Jvc29mdDwvb3JnYW5pemF0aW9uPgogICAgICA8YWRkcmVzcz4KICAg ICAgICA8ZW1haWw+ZGljay5oYXJkdEBnbWFpbC5jb208L2VtYWlsPgogICAgICAgIDx1cmk+aHR0 cDovL2RpY2toYXJkdC5vcmcvPC91cmk+CiAgICAgIDwvYWRkcmVzcz4KICAgIDwvYXV0aG9yPgog ICAgPGF1dGhvciBmdWxsbmFtZT0nRGF2aWQgUmVjb3Jkb24nIHN1cm5hbWU9J1JlY29yZG9uJyBp bml0aWFscz0nRCc+CiAgICAgIDxvcmdhbml6YXRpb24+RmFjZWJvb2s8L29yZ2FuaXphdGlvbj4K ICAgICAgPGFkZHJlc3M+CiAgICAgICAgPGVtYWlsPmRyQGZiLmNvbTwvZW1haWw+CiAgICAgICAg PHVyaT5odHRwOi8vd3d3LmRhdmlkcmVjb3Jkb24uY29tLzwvdXJpPgogICAgICA8L2FkZHJlc3M+ CiAgICA8L2F1dGhvcj4KCiAgICA8ZGF0ZSB5ZWFyPSIyMDEyIiBtb250aD0iSnVseSIgZGF5PSI5 IiAvPgoKICAgIDxhcmVhPlNlY3VyaXR5PC9hcmVhPgogICAgPHdvcmtncm91cD5PQXV0aCBXb3Jr aW5nIEdyb3VwPC93b3JrZ3JvdXA+CgogICAgPGFic3RyYWN0PgogICAgICA8dD4KICAgICAgICBU aGUgT0F1dGggMi4wIGF1dGhvcml6YXRpb24gZnJhbWV3b3JrIGVuYWJsZXMgYSB0aGlyZC1wYXJ0 eSBhcHBsaWNhdGlvbiB0byBvYnRhaW4gbGltaXRlZAogICAgICAgIGFjY2VzcyB0byBhbiBIVFRQ IHNlcnZpY2UsIGVpdGhlciBvbiBiZWhhbGYgb2YgYSByZXNvdXJjZSBvd25lciBieSBvcmNoZXN0 cmF0aW5nIGFuIGFwcHJvdmFsCiAgICAgICAgaW50ZXJhY3Rpb24gYmV0d2VlbiB0aGUgcmVzb3Vy Y2Ugb3duZXIgYW5kIHRoZSBIVFRQIHNlcnZpY2UsIG9yIGJ5IGFsbG93aW5nIHRoZSB0aGlyZC1w YXJ0eQogICAgICAgIGFwcGxpY2F0aW9uIHRvIG9idGFpbiBhY2Nlc3Mgb24gaXRzIG93biBiZWhh bGYuIFRoaXMgc3BlY2lmaWNhdGlvbiByZXBsYWNlcyBhbmQgb2Jzb2xldGVzCiAgICAgICAgdGhl IE9BdXRoIDEuMCBwcm90b2NvbCBkZXNjcmliZWQgaW4gUkZDIDU4NDkuCiAgICAgIDwvdD4KICAg IDwvYWJzdHJhY3Q+CiAgPC9mcm9udD4KCiAgPG1pZGRsZT4KCiAgICA8c2VjdGlvbiB0aXRsZT0n SW50cm9kdWN0aW9uJz4KICAgICAgPHQ+CiAgICAgICAgSW4gdGhlIHRyYWRpdGlvbmFsIGNsaWVu dC1zZXJ2ZXIgYXV0aGVudGljYXRpb24gbW9kZWwsIHRoZSBjbGllbnQgcmVxdWVzdHMgYW4gYWNj ZXNzCiAgICAgICAgcmVzdHJpY3RlZCByZXNvdXJjZSAocHJvdGVjdGVkIHJlc291cmNlKSBvbiB0 aGUgc2VydmVyIGJ5IGF1dGhlbnRpY2F0aW5nIHdpdGggdGhlIHNlcnZlcgogICAgICAgIHVzaW5n IHRoZSByZXNvdXJjZSBvd25lcidzIGNyZWRlbnRpYWxzLiBJbiBvcmRlciB0byBwcm92aWRlIHRo aXJkLXBhcnR5IGFwcGxpY2F0aW9ucyBhY2Nlc3MKICAgICAgICB0byByZXN0cmljdGVkIHJlc291 cmNlcywgdGhlIHJlc291cmNlIG93bmVyIHNoYXJlcyBpdHMgY3JlZGVudGlhbHMgd2l0aCB0aGUg dGhpcmQtcGFydHkuCiAgICAgICAgVGhpcyBjcmVhdGVzIHNldmVyYWwgcHJvYmxlbXMgYW5kIGxp bWl0YXRpb25zOgogICAgICA8L3Q+CiAgICAgIDx0PgogICAgICAgIDxsaXN0IHN0eWxlPSdzeW1i b2xzJz4KICAgICAgICAgIDx0PgogICAgICAgICAgICBUaGlyZC1wYXJ0eSBhcHBsaWNhdGlvbnMg YXJlIHJlcXVpcmVkIHRvIHN0b3JlIHRoZSByZXNvdXJjZSBvd25lcidzIGNyZWRlbnRpYWxzCiAg ICAgICAgICAgIGZvciBmdXR1cmUgdXNlLCB0eXBpY2FsbHkgYSBwYXNzd29yZCBpbiBjbGVhci10 ZXh0LgogICAgICAgICAgPC90PgogICAgICAgICAgPHQ+CiAgICAgICAgICAgIFNlcnZlcnMgYXJl IHJlcXVpcmVkIHRvIHN1cHBvcnQgcGFzc3dvcmQgYXV0aGVudGljYXRpb24sIGRlc3BpdGUgdGhl IHNlY3VyaXR5CiAgICAgICAgICAgIHdlYWtuZXNzZXMgaW5oZXJlbnQgaW4gcGFzc3dvcmRzLgog ICAgICAgICAgPC90PgogICAgICAgICAgPHQ+CiAgICAgICAgICAgIFRoaXJkLXBhcnR5IGFwcGxp Y2F0aW9ucyBnYWluIG92ZXJseSBicm9hZCBhY2Nlc3MgdG8gdGhlIHJlc291cmNlIG93bmVyJ3Mg cHJvdGVjdGVkCiAgICAgICAgICAgIHJlc291cmNlcywgbGVhdmluZyByZXNvdXJjZSBvd25lcnMg d2l0aG91dCBhbnkgYWJpbGl0eSB0byByZXN0cmljdCBkdXJhdGlvbiBvciBhY2Nlc3MKICAgICAg ICAgICAgdG8gYSBsaW1pdGVkIHN1YnNldCBvZiByZXNvdXJjZXMuCiAgICAgICAgICA8L3Q+CiAg ICAgICAgICA8dD4KICAgICAgICAgICAgUmVzb3VyY2Ugb3duZXJzIGNhbm5vdCByZXZva2UgYWNj ZXNzIHRvIGFuIGluZGl2aWR1YWwgdGhpcmQtcGFydHkgd2l0aG91dCByZXZva2luZwogICAgICAg ICAgICBhY2Nlc3MgdG8gYWxsIHRoaXJkLXBhcnRpZXMsIGFuZCBtdXN0IGRvIHNvIGJ5IGNoYW5n aW5nIHRoZWlyIHBhc3N3b3JkLgogICAgICAgICAgPC90PgogICAgICAgICAgPHQ+CiAgICAgICAg ICAgIENvbXByb21pc2Ugb2YgYW55IHRoaXJkLXBhcnR5IGFwcGxpY2F0aW9uIHJlc3VsdHMgaW4g Y29tcHJvbWlzZSBvZiB0aGUgZW5kLXVzZXIncwogICAgICAgICAgICBwYXNzd29yZCBhbmQgYWxs IG9mIHRoZSBkYXRhIHByb3RlY3RlZCBieSB0aGF0IHBhc3N3b3JkLgogICAgICAgICAgPC90Pgog ICAgICAgIDwvbGlzdD4KICAgICAgPC90PgogICAgICA8dD4KICAgICAgICBPQXV0aCBhZGRyZXNz ZXMgdGhlc2UgaXNzdWVzIGJ5IGludHJvZHVjaW5nIGFuIGF1dGhvcml6YXRpb24gbGF5ZXIgYW5k IHNlcGFyYXRpbmcgdGhlIHJvbGUKICAgICAgICBvZiB0aGUgY2xpZW50IGZyb20gdGhhdCBvZiB0 aGUgcmVzb3VyY2Ugb3duZXIuIEluIE9BdXRoLCB0aGUgY2xpZW50IHJlcXVlc3RzIGFjY2VzcyB0 bwogICAgICAgIHJlc291cmNlcyBjb250cm9sbGVkIGJ5IHRoZSByZXNvdXJjZSBvd25lciBhbmQg aG9zdGVkIGJ5IHRoZSByZXNvdXJjZSBzZXJ2ZXIsIGFuZCBpcyBpc3N1ZWQKICAgICAgICBhIGRp ZmZlcmVudCBzZXQgb2YgY3JlZGVudGlhbHMgdGhhbiB0aG9zZSBvZiB0aGUgcmVzb3VyY2Ugb3du ZXIuCiAgICAgIDwvdD4KICAgICAgPHQ+CiAgICAgICAgSW5zdGVhZCBvZiB1c2luZyB0aGUgcmVz b3VyY2Ugb3duZXIncyBjcmVkZW50aWFscyB0byBhY2Nlc3MgcHJvdGVjdGVkIHJlc291cmNlcywg dGhlIGNsaWVudAogICAgICAgIG9idGFpbnMgYW4gYWNjZXNzIHRva2VuIC0gYSBzdHJpbmcgZGVu b3RpbmcgYSBzcGVjaWZpYyBzY29wZSwgbGlmZXRpbWUsIGFuZCBvdGhlciBhY2Nlc3MKICAgICAg ICBhdHRyaWJ1dGVzLiBBY2Nlc3MgdG9rZW5zIGFyZSBpc3N1ZWQgdG8gdGhpcmQtcGFydHkgY2xp ZW50cyBieSBhbiBhdXRob3JpemF0aW9uIHNlcnZlciB3aXRoCiAgICAgICAgdGhlIGFwcHJvdmFs IG9mIHRoZSByZXNvdXJjZSBvd25lci4gVGhlIGNsaWVudCB1c2VzIHRoZSBhY2Nlc3MgdG9rZW4g dG8gYWNjZXNzIHRoZQogICAgICAgIHByb3RlY3RlZCByZXNvdXJjZXMgaG9zdGVkIGJ5IHRoZSBy ZXNvdXJjZSBzZXJ2ZXIuCiAgICAgIDwvdD4KICAgICAgPHQ+CiAgICAgICAgRm9yIGV4YW1wbGUs IGFuIGVuZC11c2VyIChyZXNvdXJjZSBvd25lcikgY2FuIGdyYW50IGEgcHJpbnRpbmcgc2Vydmlj ZSAoY2xpZW50KSBhY2Nlc3MKICAgICAgICB0byBoZXIgcHJvdGVjdGVkIHBob3RvcyBzdG9yZWQg YXQgYSBwaG90byBzaGFyaW5nIHNlcnZpY2UgKHJlc291cmNlIHNlcnZlciksIHdpdGhvdXQKICAg ICAgICBzaGFyaW5nIGhlciB1c2VybmFtZSBhbmQgcGFzc3dvcmQgd2l0aCB0aGUgcHJpbnRpbmcg c2VydmljZS4gSW5zdGVhZCwgc2hlIGF1dGhlbnRpY2F0ZXMKICAgICAgICBkaXJlY3RseSB3aXRo IGEgc2VydmVyIHRydXN0ZWQgYnkgdGhlIHBob3RvIHNoYXJpbmcgc2VydmljZSAoYXV0aG9yaXph dGlvbiBzZXJ2ZXIpIHdoaWNoCiAgICAgICAgaXNzdWVzIHRoZSBwcmludGluZyBzZXJ2aWNlIGRl bGVnYXRpb24tc3BlY2lmaWMgY3JlZGVudGlhbHMgKGFjY2VzcyB0b2tlbikuCiAgICAgIDwvdD4K ICAgICAgPHQ+CiAgICAgICAgVGhpcyBzcGVjaWZpY2F0aW9uIGlzIGRlc2lnbmVkIGZvciB1c2Ug d2l0aCBIVFRQICg8eHJlZiB0YXJnZXQ9J1JGQzI2MTYnIC8+KS4gVGhlIHVzZSBvZgogICAgICAg IE9BdXRoIG92ZXIgYW55IG90aGVyIHByb3RvY29sIHRoYW4gSFRUUCBpcyBvdXQgb2Ygc2NvcGUu CiAgICAgIDwvdD4KICAgICAgPHQ+CiAgICAgICAgVGhlIE9BdXRoIDEuMCBwcm90b2NvbCAoPHhy ZWYgdGFyZ2V0PSdSRkM1ODQ5JyAvPiksIHB1Ymxpc2hlZCBhcyBhbiBpbmZvcm1hdGlvbmFsIGRv Y3VtZW50LAogICAgICAgIHdhcyB0aGUgcmVzdWx0IG9mIGEgc21hbGwgYWQtaG9jIGNvbW11bml0 eSBlZmZvcnQuIFRoaXMgc3RhbmRhcmRzLXRyYWNrIHNwZWNpZmljYXRpb24gYnVpbGRzCiAgICAg ICAgb24gdGhlIE9BdXRoIDEuMCBkZXBsb3ltZW50IGV4cGVyaWVuY2UsIGFzIHdlbGwgYXMgYWRk aXRpb25hbCB1c2UgY2FzZXMgYW5kIGV4dGVuc2liaWxpdHkKICAgICAgICByZXF1aXJlbWVudHMg Z2F0aGVyZWQgZnJvbSB0aGUgd2lkZXIgSUVURiBjb21tdW5pdHkuIFRoZSBPQXV0aCAyLjAgcHJv dG9jb2wgaXMgbm90IGJhY2t3YXJkCiAgICAgICAgY29tcGF0aWJsZSB3aXRoIE9BdXRoIDEuMC4g VGhlIHR3byB2ZXJzaW9ucyBtYXkgY28tZXhpc3Qgb24gdGhlIG5ldHdvcmsgYW5kIGltcGxlbWVu dGF0aW9ucwogICAgICAgIG1heSBjaG9vc2UgdG8gc3VwcG9ydCBib3RoLiBIb3dldmVyLCBpdCBp cyB0aGUgaW50ZW50aW9uIG9mIHRoaXMgc3BlY2lmaWNhdGlvbiB0aGF0IG5ldwogICAgICAgIGlt cGxlbWVudGF0aW9uIHN1cHBvcnQgT0F1dGggMi4wIGFzIHNwZWNpZmllZCBpbiB0aGlzIGRvY3Vt ZW50LCBhbmQgdGhhdCBPQXV0aCAxLjAgaXMgdXNlZAogICAgICAgIG9ubHkgdG8gc3VwcG9ydCBl eGlzdGluZyBkZXBsb3ltZW50cy4gVGhlIE9BdXRoIDIuMCBwcm90b2NvbCBzaGFyZXMgdmVyeSBm ZXcgaW1wbGVtZW50YXRpb24KICAgICAgICBkZXRhaWxzIHdpdGggdGhlIE9BdXRoIDEuMCBwcm90 b2NvbC4gSW1wbGVtZW50ZXJzIGZhbWlsaWFyIHdpdGggT0F1dGggMS4wIHNob3VsZCBhcHByb2Fj aAogICAgICAgIHRoaXMgZG9jdW1lbnQgd2l0aG91dCBhbnkgYXNzdW1wdGlvbnMgYXMgdG8gaXRz IHN0cnVjdHVyZSBhbmQgZGV0YWlscy4KICAgICAgPC90PgoKICAgICAgPHNlY3Rpb24gdGl0bGU9 J1JvbGVzJz4KICAgICAgICA8dD4KICAgICAgICAgIE9BdXRoIGRlZmluZXMgZm91ciByb2xlczoK ICAgICAgICA8L3Q+CiAgICAgICAgPHQ+CiAgICAgICAgICA8bGlzdCBzdHlsZT0naGFuZ2luZyc+ CiAgICAgICAgICAgIDx0IGhhbmdUZXh0PSdyZXNvdXJjZSBvd25lcic+CiAgICAgICAgICAgICAg PHZzcGFjZSAvPgogICAgICAgICAgICAgIEFuIGVudGl0eSBjYXBhYmxlIG9mIGdyYW50aW5nIGFj Y2VzcyB0byBhIHByb3RlY3RlZCByZXNvdXJjZS4gV2hlbiB0aGUgcmVzb3VyY2Ugb3duZXIKICAg ICAgICAgICAgICBpcyBhIHBlcnNvbiwgaXQgaXMgcmVmZXJyZWQgdG8gYXMgYW4gZW5kLXVzZXIu CiAgICAgICAgICAgIDwvdD4KICAgICAgICAgICAgPHQgaGFuZ1RleHQ9J3Jlc291cmNlIHNlcnZl cic+CiAgICAgICAgICAgICAgPHZzcGFjZSAvPgogICAgICAgICAgICAgIFRoZSBzZXJ2ZXIgaG9z dGluZyB0aGUgcHJvdGVjdGVkIHJlc291cmNlcywgY2FwYWJsZSBvZiBhY2NlcHRpbmcgYW5kIHJl c3BvbmRpbmcgdG8KICAgICAgICAgICAgICBwcm90ZWN0ZWQgcmVzb3VyY2UgcmVxdWVzdHMgdXNp bmcgYWNjZXNzIHRva2Vucy4KICAgICAgICAgICAgPC90PgogICAgICAgICAgICA8dCBoYW5nVGV4 dD0nY2xpZW50Jz4KICAgICAgICAgICAgICA8dnNwYWNlIC8+CiAgICAgICAgICAgICAgQW4gYXBw bGljYXRpb24gbWFraW5nIHByb3RlY3RlZCByZXNvdXJjZSByZXF1ZXN0cyBvbiBiZWhhbGYgb2Yg dGhlIHJlc291cmNlIG93bmVyIGFuZAogICAgICAgICAgICAgIHdpdGggaXRzIGF1dGhvcml6YXRp b24uIFRoZSB0ZXJtIGNsaWVudCBkb2VzIG5vdCBpbXBseSBhbnkgcGFydGljdWxhciBpbXBsZW1l bnRhdGlvbgogICAgICAgICAgICAgIGNoYXJhY3RlcmlzdGljcyAoZS5nLiB3aGV0aGVyIHRoZSBh cHBsaWNhdGlvbiBleGVjdXRlcyBvbiBhIHNlcnZlciwgYSBkZXNrdG9wLCBvcgogICAgICAgICAg ICAgIG90aGVyIGRldmljZXMpLgogICAgICAgICAgICA8L3Q+CiAgICAgICAgICAgIDx0IGhhbmdU ZXh0PSdhdXRob3JpemF0aW9uIHNlcnZlcic+CiAgICAgICAgICAgICAgPHZzcGFjZSAvPgogICAg ICAgICAgICAgIFRoZSBzZXJ2ZXIgaXNzdWluZyBhY2Nlc3MgdG9rZW5zIHRvIHRoZSBjbGllbnQg YWZ0ZXIgc3VjY2Vzc2Z1bGx5IGF1dGhlbnRpY2F0aW5nIHRoZQogICAgICAgICAgICAgIHJlc291 cmNlIG93bmVyIGFuZCBvYnRhaW5pbmcgYXV0aG9yaXphdGlvbi4KICAgICAgICAgICAgPC90Pgog ICAgICAgICAgPC9saXN0PgogICAgICAgIDwvdD4KICAgICAgICA8dD4KICAgICAgICAgIFRoZSBp bnRlcmFjdGlvbiBiZXR3ZWVuIHRoZSBhdXRob3JpemF0aW9uIHNlcnZlciBhbmQgcmVzb3VyY2Ug c2VydmVyIGlzIGJleW9uZCB0aGUgc2NvcGUKICAgICAgICAgIG9mIHRoaXMgc3BlY2lmaWNhdGlv bi4gVGhlIGF1dGhvcml6YXRpb24gc2VydmVyIG1heSBiZSB0aGUgc2FtZSBzZXJ2ZXIgYXMgdGhl IHJlc291cmNlCiAgICAgICAgICBzZXJ2ZXIgb3IgYSBzZXBhcmF0ZSBlbnRpdHkuIEEgc2luZ2xl IGF1dGhvcml6YXRpb24gc2VydmVyIG1heSBpc3N1ZSBhY2Nlc3MgdG9rZW5zCiAgICAgICAgICBh Y2NlcHRlZCBieSBtdWx0aXBsZSByZXNvdXJjZSBzZXJ2ZXJzLgogICAgICAgIDwvdD4KICAgICAg PC9zZWN0aW9uPgoKICAgICAgPHNlY3Rpb24gdGl0bGU9J1Byb3RvY29sIEZsb3cnPgogICAgICAg IDxmaWd1cmUgdGl0bGU9J0Fic3RyYWN0IFByb3RvY29sIEZsb3cnIGFuY2hvcj0nRmlndXJlLTEn PgogICAgICAgICAgPGFydHdvcms+PCFbQ0RBVEFbCiAgKy0tLS0tLS0tKyAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICArLS0tLS0tLS0tLS0tLS0tKwogIHwgICAgICAgIHwtLShBKS0gQXV0 aG9yaXphdGlvbiBSZXF1ZXN0IC0+fCAgIFJlc291cmNlICAgIHwKICB8ICAgICAgICB8ICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgIHwgICAgIE93bmVyICAgICB8CiAgfCAgICAgICAgfDwt KEIpLS0gQXV0aG9yaXphdGlvbiBHcmFudCAtLS18ICAgICAgICAgICAgICAgfAogIHwgICAgICAg IHwgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgKy0tLS0tLS0tLS0tLS0tLSsKICB8ICAg ICAgICB8CiAgfCAgICAgICAgfCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICArLS0tLS0t LS0tLS0tLS0tKwogIHwgICAgICAgIHwtLShDKS0tIEF1dGhvcml6YXRpb24gR3JhbnQgLS0+fCBB dXRob3JpemF0aW9uIHwKICB8IENsaWVudCB8ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg IHwgICAgIFNlcnZlciAgICB8CiAgfCAgICAgICAgfDwtKEQpLS0tLS0gQWNjZXNzIFRva2VuIC0t LS0tLS18ICAgICAgICAgICAgICAgfAogIHwgICAgICAgIHwgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgKy0tLS0tLS0tLS0tLS0tLSsKICB8ICAgICAgICB8CiAgfCAgICAgICAgfCAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICArLS0tLS0tLS0tLS0tLS0tKwogIHwgICAgICAgIHwt LShFKS0tLS0tIEFjY2VzcyBUb2tlbiAtLS0tLS0+fCAgICBSZXNvdXJjZSAgIHwKICB8ICAgICAg ICB8ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHwgICAgIFNlcnZlciAgICB8CiAgfCAg ICAgICAgfDwtKEYpLS0tIFByb3RlY3RlZCBSZXNvdXJjZSAtLS18ICAgICAgICAgICAgICAgfAog ICstLS0tLS0tLSsgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgKy0tLS0tLS0tLS0tLS0t LSsKXV0+PC9hcnR3b3JrPgogICAgICAgIDwvZmlndXJlPgogICAgICAgIDx0PgogICAgICAgICAg VGhlIGFic3RyYWN0IGZsb3cgaWxsdXN0cmF0ZWQgaW4gPHhyZWYgdGFyZ2V0PSdGaWd1cmUtMScg Lz4gZGVzY3JpYmVzIHRoZSBpbnRlcmFjdGlvbgogICAgICAgICAgYmV0d2VlbiB0aGUgZm91ciBy b2xlcyBhbmQgaW5jbHVkZXMgdGhlIGZvbGxvd2luZyBzdGVwczoKICAgICAgICA8L3Q+CiAgICAg ICAgPHQ+CiAgICAgICAgICA8bGlzdCBzdHlsZT0nZm9ybWF0ICglQyknPgogICAgICAgICAgICA8 dD4KICAgICAgICAgICAgICBUaGUgY2xpZW50IHJlcXVlc3RzIGF1dGhvcml6YXRpb24gZnJvbSB0 aGUgcmVzb3VyY2Ugb3duZXIuIFRoZSBhdXRob3JpemF0aW9uIHJlcXVlc3QKICAgICAgICAgICAg ICBjYW4gYmUgbWFkZSBkaXJlY3RseSB0byB0aGUgcmVzb3VyY2Ugb3duZXIgKGFzIHNob3duKSwg b3IgcHJlZmVyYWJseSBpbmRpcmVjdGx5IHZpYQogICAgICAgICAgICAgIHRoZSBhdXRob3JpemF0 aW9uIHNlcnZlciBhcyBhbiBpbnRlcm1lZGlhcnkuCiAgICAgICAgICAgIDwvdD4KICAgICAgICAg ICAgPHQ+CiAgICAgICAgICAgICAgVGhlIGNsaWVudCByZWNlaXZlcyBhbiBhdXRob3JpemF0aW9u IGdyYW50IHdoaWNoIGlzIGEgY3JlZGVudGlhbCByZXByZXNlbnRpbmcKICAgICAgICAgICAgICB0 aGUgcmVzb3VyY2Ugb3duZXIncyBhdXRob3JpemF0aW9uLCBleHByZXNzZWQgdXNpbmcgb25lIG9m IGZvdXIgZ3JhbnQgdHlwZXMgZGVmaW5lZAogICAgICAgICAgICAgIGluIHRoaXMgc3BlY2lmaWNh dGlvbiBvciB1c2luZyBhbiBleHRlbnNpb24gZ3JhbnQgdHlwZS4gVGhlIGF1dGhvcml6YXRpb24g Z3JhbnQgdHlwZQogICAgICAgICAgICAgIGRlcGVuZHMgb24gdGhlIG1ldGhvZCB1c2VkIGJ5IHRo ZSBjbGllbnQgdG8gcmVxdWVzdCBhdXRob3JpemF0aW9uIGFuZCB0aGUgdHlwZXMKICAgICAgICAg ICAgICBzdXBwb3J0ZWQgYnkgdGhlIGF1dGhvcml6YXRpb24gc2VydmVyLgogICAgICAgICAgICA8 L3Q+CiAgICAgICAgICAgIDx0PgogICAgICAgICAgICAgIFRoZSBjbGllbnQgcmVxdWVzdHMgYW4g YWNjZXNzIHRva2VuIGJ5IGF1dGhlbnRpY2F0aW5nIHdpdGggdGhlIGF1dGhvcml6YXRpb24gc2Vy dmVyCiAgICAgICAgICAgICAgYW5kIHByZXNlbnRpbmcgdGhlIGF1dGhvcml6YXRpb24gZ3JhbnQu CiAgICAgICAgICAgIDwvdD4KICAgICAgICAgICAgPHQ+CiAgICAgICAgICAgICAgVGhlIGF1dGhv cml6YXRpb24gc2VydmVyIGF1dGhlbnRpY2F0ZXMgdGhlIGNsaWVudCBhbmQgdmFsaWRhdGVzIHRo ZSBhdXRob3JpemF0aW9uCiAgICAgICAgICAgICAgZ3JhbnQsIGFuZCBpZiB2YWxpZCBpc3N1ZXMg YW4gYWNjZXNzIHRva2VuLgogICAgICAgICAgICA8L3Q+CiAgICAgICAgICAgIDx0PgogICAgICAg ICAgICAgIFRoZSBjbGllbnQgcmVxdWVzdHMgdGhlIHByb3RlY3RlZCByZXNvdXJjZSBmcm9tIHRo ZSByZXNvdXJjZSBzZXJ2ZXIgYW5kIGF1dGhlbnRpY2F0ZXMKICAgICAgICAgICAgICBieSBwcmVz ZW50aW5nIHRoZSBhY2Nlc3MgdG9rZW4uCiAgICAgICAgICAgIDwvdD4KICAgICAgICAgICAgPHQ+ CiAgICAgICAgICAgICAgVGhlIHJlc291cmNlIHNlcnZlciB2YWxpZGF0ZXMgdGhlIGFjY2VzcyB0 b2tlbiwgYW5kIGlmIHZhbGlkLCBzZXJ2ZXMgdGhlIHJlcXVlc3QuCiAgICAgICAgICAgIDwvdD4K ICAgICAgICAgIDwvbGlzdD4KICAgICAgICA8L3Q+CiAgICAgICAgPHQ+CiAgICAgICAgICBUaGUg cHJlZmVycmVkIG1ldGhvZCBmb3IgdGhlIGNsaWVudCB0byBvYnRhaW4gYW4gYXV0aG9yaXphdGlv biBncmFudCBmcm9tIHRoZSByZXNvdXJjZQogICAgICAgICAgb3duZXIgKGRlcGljdGVkIGluIHN0 ZXBzIChBKSBhbmQgKEIpKSBpcyB0byB1c2UgdGhlIGF1dGhvcml6YXRpb24gc2VydmVyIGFzIGFu IGludGVybWVkaWFyeQogICAgICAgICAgd2hpY2ggaXMgaWxsdXN0cmF0ZWQgaW4gPHhyZWYgdGFy Z2V0PSdGaWd1cmUtMycgLz4uCiAgICAgICAgPC90PgogICAgICA8L3NlY3Rpb24+CgogICAgICA8 c2VjdGlvbiB0aXRsZT0nQXV0aG9yaXphdGlvbiBHcmFudCc+CiAgICAgICAgPHQ+CiAgICAgICAg ICBBbiBhdXRob3JpemF0aW9uIGdyYW50IGlzIGEgY3JlZGVudGlhbCByZXByZXNlbnRpbmcgdGhl IHJlc291cmNlIG93bmVyJ3MgYXV0aG9yaXphdGlvbgogICAgICAgICAgKHRvIGFjY2VzcyBpdHMg cHJvdGVjdGVkIHJlc291cmNlcykgdXNlZCBieSB0aGUgY2xpZW50IHRvIG9idGFpbiBhbiBhY2Nl c3MgdG9rZW4uIFRoaXMKICAgICAgICAgIHNwZWNpZmljYXRpb24gZGVmaW5lcyBmb3VyIGdyYW50 IHR5cGVzOiBhdXRob3JpemF0aW9uIGNvZGUsIGltcGxpY2l0LCByZXNvdXJjZSBvd25lcgogICAg ICAgICAgcGFzc3dvcmQgY3JlZGVudGlhbHMsIGFuZCBjbGllbnQgY3JlZGVudGlhbHMsIGFzIHdl bGwgYXMgYW4gZXh0ZW5zaWJpbGl0eSBtZWNoYW5pc20gZm9yCiAgICAgICAgICBkZWZpbmluZyBh ZGRpdGlvbmFsIHR5cGVzLgogICAgICAgIDwvdD4KCiAgICAgICAgPHNlY3Rpb24gdGl0bGU9J0F1 dGhvcml6YXRpb24gQ29kZSc+CiAgICAgICAgICA8dD4KICAgICAgICAgICAgVGhlIGF1dGhvcml6 YXRpb24gY29kZSBpcyBvYnRhaW5lZCBieSB1c2luZyBhbiBhdXRob3JpemF0aW9uIHNlcnZlciBh cyBhbiBpbnRlcm1lZGlhcnkKICAgICAgICAgICAgYmV0d2VlbiB0aGUgY2xpZW50IGFuZCByZXNv dXJjZSBvd25lci4gSW5zdGVhZCBvZiByZXF1ZXN0aW5nIGF1dGhvcml6YXRpb24gZGlyZWN0bHkK ICAgICAgICAgICAgZnJvbSB0aGUgcmVzb3VyY2Ugb3duZXIsIHRoZSBjbGllbnQgZGlyZWN0cyB0 aGUgcmVzb3VyY2Ugb3duZXIgdG8gYW4gYXV0aG9yaXphdGlvbgogICAgICAgICAgICBzZXJ2ZXIg KHZpYSBpdHMgdXNlci1hZ2VudCBhcyBkZWZpbmVkIGluIDx4cmVmIHRhcmdldD0nUkZDMjYxNicg Lz4pLCB3aGljaCBpbiB0dXJuCiAgICAgICAgICAgIGRpcmVjdHMgdGhlIHJlc291cmNlIG93bmVy IGJhY2sgdG8gdGhlIGNsaWVudCB3aXRoIHRoZSBhdXRob3JpemF0aW9uIGNvZGUuCiAgICAgICAg ICA8L3Q+CiAgICAgICAgICA8dD4KICAgICAgICAgICAgQmVmb3JlIGRpcmVjdGluZyB0aGUgcmVz b3VyY2Ugb3duZXIgYmFjayB0byB0aGUgY2xpZW50IHdpdGggdGhlIGF1dGhvcml6YXRpb24gY29k ZSwgdGhlCiAgICAgICAgICAgIGF1dGhvcml6YXRpb24gc2VydmVyIGF1dGhlbnRpY2F0ZXMgdGhl IHJlc291cmNlIG93bmVyIGFuZCBvYnRhaW5zIGF1dGhvcml6YXRpb24uCiAgICAgICAgICAgIEJl Y2F1c2UgdGhlIHJlc291cmNlIG93bmVyIG9ubHkgYXV0aGVudGljYXRlcyB3aXRoIHRoZSBhdXRo b3JpemF0aW9uIHNlcnZlciwgdGhlCiAgICAgICAgICAgIHJlc291cmNlIG93bmVyJ3MgY3JlZGVu dGlhbHMgYXJlIG5ldmVyIHNoYXJlZCB3aXRoIHRoZSBjbGllbnQuCiAgICAgICAgICA8L3Q+CiAg ICAgICAgICA8dD4KICAgICAgICAgICAgVGhlIGF1dGhvcml6YXRpb24gY29kZSBwcm92aWRlcyBh IGZldyBpbXBvcnRhbnQgc2VjdXJpdHkgYmVuZWZpdHMgc3VjaCBhcyB0aGUgYWJpbGl0eQogICAg ICAgICAgICB0byBhdXRoZW50aWNhdGUgdGhlIGNsaWVudCwgYW5kIHRoZSB0cmFuc21pc3Npb24g b2YgdGhlIGFjY2VzcyB0b2tlbiBkaXJlY3RseSB0bwogICAgICAgICAgICB0aGUgY2xpZW50IHdp dGhvdXQgcGFzc2luZyBpdCB0aHJvdWdoIHRoZSByZXNvdXJjZSBvd25lcidzIHVzZXItYWdlbnQs IHBvdGVudGlhbGx5CiAgICAgICAgICAgIGV4cG9zaW5nIGl0IHRvIG90aGVycywgaW5jbHVkaW5n IHRoZSByZXNvdXJjZSBvd25lci4KICAgICAgICAgIDwvdD4KICAgICAgICA8L3NlY3Rpb24+Cgog ICAgICAgIDxzZWN0aW9uIHRpdGxlPSdJbXBsaWNpdCc+CiAgICAgICAgICA8dD4KICAgICAgICAg ICAgVGhlIGltcGxpY2l0IGdyYW50IGlzIGEgc2ltcGxpZmllZCBhdXRob3JpemF0aW9uIGNvZGUg ZmxvdyBvcHRpbWl6ZWQgZm9yIGNsaWVudHMKICAgICAgICAgICAgaW1wbGVtZW50ZWQgaW4gYSBi cm93c2VyIHVzaW5nIGEgc2NyaXB0aW5nIGxhbmd1YWdlIHN1Y2ggYXMgSmF2YVNjcmlwdC4gSW4g dGhlIGltcGxpY2l0CiAgICAgICAgICAgIGZsb3csIGluc3RlYWQgb2YgaXNzdWluZyB0aGUgY2xp ZW50IGFuIGF1dGhvcml6YXRpb24gY29kZSwgdGhlIGNsaWVudCBpcyBpc3N1ZWQgYW4KICAgICAg ICAgICAgYWNjZXNzIHRva2VuIGRpcmVjdGx5IChhcyB0aGUgcmVzdWx0IG9mIHRoZSByZXNvdXJj ZSBvd25lciBhdXRob3JpemF0aW9uKS4gVGhlIGdyYW50CiAgICAgICAgICAgIHR5cGUgaXMgaW1w bGljaXQgYXMgbm8gaW50ZXJtZWRpYXRlIGNyZWRlbnRpYWxzIChzdWNoIGFzIGFuIGF1dGhvcml6 YXRpb24gY29kZSkgYXJlCiAgICAgICAgICAgIGlzc3VlZCAoYW5kIGxhdGVyIHVzZWQgdG8gb2J0 YWluIGFuIGFjY2VzcyB0b2tlbikuCiAgICAgICAgICA8L3Q+CiAgICAgICAgICA8dD4KICAgICAg ICAgICAgV2hlbiBpc3N1aW5nIGFuIGFjY2VzcyB0b2tlbiBkdXJpbmcgdGhlIGltcGxpY2l0IGdy YW50IGZsb3csIHRoZSBhdXRob3JpemF0aW9uIHNlcnZlcgogICAgICAgICAgICBkb2VzIG5vdCBh dXRoZW50aWNhdGUgdGhlIGNsaWVudC4gSW4gc29tZSBjYXNlcywgdGhlIGNsaWVudCBpZGVudGl0 eSBjYW4gYmUgdmVyaWZpZWQKICAgICAgICAgICAgdmlhIHRoZSByZWRpcmVjdGlvbiBVUkkgdXNl ZCB0byBkZWxpdmVyIHRoZSBhY2Nlc3MgdG9rZW4gdG8gdGhlIGNsaWVudC4gVGhlIGFjY2Vzcwog ICAgICAgICAgICB0b2tlbiBtYXkgYmUgZXhwb3NlZCB0byB0aGUgcmVzb3VyY2Ugb3duZXIgb3Ig b3RoZXIgYXBwbGljYXRpb25zIHdpdGggYWNjZXNzIHRvIHRoZQogICAgICAgICAgICByZXNvdXJj ZSBvd25lcidzIHVzZXItYWdlbnQuCiAgICAgICAgICA8L3Q+CiAgICAgICAgICA8dD4KICAgICAg ICAgICAgSW1wbGljaXQgZ3JhbnRzIGltcHJvdmUgdGhlIHJlc3BvbnNpdmVuZXNzIGFuZCBlZmZp Y2llbmN5IG9mIHNvbWUgY2xpZW50cyAoc3VjaCBhcyBhCiAgICAgICAgICAgIGNsaWVudCBpbXBs ZW1lbnRlZCBhcyBhbiBpbi1icm93c2VyIGFwcGxpY2F0aW9uKSBzaW5jZSBpdCByZWR1Y2VzIHRo ZSBudW1iZXIgb2Ygcm91bmQKICAgICAgICAgICAgdHJpcHMgcmVxdWlyZWQgdG8gb2J0YWluIGFu IGFjY2VzcyB0b2tlbi4gSG93ZXZlciwgdGhpcyBjb252ZW5pZW5jZSBzaG91bGQgYmUgd2VpZ2hl ZAogICAgICAgICAgICBhZ2FpbnN0IHRoZSBzZWN1cml0eSBpbXBsaWNhdGlvbnMgb2YgdXNpbmcg aW1wbGljaXQgZ3JhbnRzLCBlc3BlY2lhbGx5IHdoZW4gdGhlCiAgICAgICAgICAgIGF1dGhvcml6 YXRpb24gY29kZSBncmFudCB0eXBlIGlzIGF2YWlsYWJsZS4KICAgICAgICAgIDwvdD4KICAgICAg ICA8L3NlY3Rpb24+CgogICAgICAgIDxzZWN0aW9uIHRpdGxlPSJSZXNvdXJjZSBPd25lciBQYXNz d29yZCBDcmVkZW50aWFscyI+CiAgICAgICAgICA8dD4KICAgICAgICAgICAgVGhlIHJlc291cmNl IG93bmVyIHBhc3N3b3JkIGNyZWRlbnRpYWxzIChpLmUuIHVzZXJuYW1lIGFuZCBwYXNzd29yZCkg Y2FuIGJlIHVzZWQKICAgICAgICAgICAgZGlyZWN0bHkgYXMgYW4gYXV0aG9yaXphdGlvbiBncmFu dCB0byBvYnRhaW4gYW4gYWNjZXNzIHRva2VuLiBUaGUgY3JlZGVudGlhbHMgc2hvdWxkCiAgICAg ICAgICAgIG9ubHkgYmUgdXNlZCB3aGVuIHRoZXJlIGlzIGEgaGlnaCBkZWdyZWUgb2YgdHJ1c3Qg YmV0d2VlbiB0aGUgcmVzb3VyY2Ugb3duZXIgYW5kIHRoZQogICAgICAgICAgICBjbGllbnQgKGUu Zy4gdGhlIGNsaWVudCBpcyBwYXJ0IG9mIHRoZSBkZXZpY2Ugb3BlcmF0aW5nIHN5c3RlbSBvciBh IGhpZ2hseSBwcml2aWxlZ2VkCiAgICAgICAgICAgIGFwcGxpY2F0aW9uKSwgYW5kIHdoZW4gb3Ro ZXIgYXV0aG9yaXphdGlvbiBncmFudCB0eXBlcyBhcmUgbm90IGF2YWlsYWJsZSAoc3VjaCBhcyBh bgogICAgICAgICAgICBhdXRob3JpemF0aW9uIGNvZGUpLgogICAgICAgICAgPC90PgogICAgICAg ICAgPHQ+CiAgICAgICAgICAgIEV2ZW4gdGhvdWdoIHRoaXMgZ3JhbnQgdHlwZSByZXF1aXJlcyBk aXJlY3QgY2xpZW50IGFjY2VzcyB0byB0aGUgcmVzb3VyY2Ugb3duZXIKICAgICAgICAgICAgY3Jl ZGVudGlhbHMsIHRoZSByZXNvdXJjZSBvd25lciBjcmVkZW50aWFscyBhcmUgdXNlZCBmb3IgYSBz aW5nbGUgcmVxdWVzdCBhbmQgYXJlCiAgICAgICAgICAgIGV4Y2hhbmdlZCBmb3IgYW4gYWNjZXNz IHRva2VuLiBUaGlzIGdyYW50IHR5cGUgY2FuIGVsaW1pbmF0ZSB0aGUgbmVlZCBmb3IgdGhlIGNs aWVudAogICAgICAgICAgICB0byBzdG9yZSB0aGUgcmVzb3VyY2Ugb3duZXIgY3JlZGVudGlhbHMg Zm9yIGZ1dHVyZSB1c2UsIGJ5IGV4Y2hhbmdpbmcgdGhlIGNyZWRlbnRpYWxzCiAgICAgICAgICAg IHdpdGggYSBsb25nLWxpdmVkIGFjY2VzcyB0b2tlbiBvciByZWZyZXNoIHRva2VuLgogICAgICAg ICAgPC90PgogICAgICAgIDwvc2VjdGlvbj4KCiAgICAgICAgPHNlY3Rpb24gdGl0bGU9J0NsaWVu dCBDcmVkZW50aWFscyc+CiAgICAgICAgICA8dD4KICAgICAgICAgICAgVGhlIGNsaWVudCBjcmVk ZW50aWFscyAob3Igb3RoZXIgZm9ybXMgb2YgY2xpZW50IGF1dGhlbnRpY2F0aW9uKSBjYW4gYmUg dXNlZCBhcyBhbgogICAgICAgICAgICBhdXRob3JpemF0aW9uIGdyYW50IHdoZW4gdGhlIGF1dGhv cml6YXRpb24gc2NvcGUgaXMgbGltaXRlZCB0byB0aGUgcHJvdGVjdGVkIHJlc291cmNlcwogICAg ICAgICAgICB1bmRlciB0aGUgY29udHJvbCBvZiB0aGUgY2xpZW50LCBvciB0byBwcm90ZWN0ZWQg cmVzb3VyY2VzIHByZXZpb3VzbHkgYXJyYW5nZWQgd2l0aCB0aGUKICAgICAgICAgICAgYXV0aG9y aXphdGlvbiBzZXJ2ZXIuIENsaWVudCBjcmVkZW50aWFscyBhcmUgdXNlZCBhcyBhbiBhdXRob3Jp emF0aW9uIGdyYW50IHR5cGljYWxseQogICAgICAgICAgICB3aGVuIHRoZSBjbGllbnQgaXMgYWN0 aW5nIG9uIGl0cyBvd24gYmVoYWxmICh0aGUgY2xpZW50IGlzIGFsc28gdGhlIHJlc291cmNlIG93 bmVyKSwgb3IKICAgICAgICAgICAgaXMgcmVxdWVzdGluZyBhY2Nlc3MgdG8gcHJvdGVjdGVkIHJl c291cmNlcyBiYXNlZCBvbiBhbiBhdXRob3JpemF0aW9uIHByZXZpb3VzbHkKICAgICAgICAgICAg YXJyYW5nZWQgd2l0aCB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIuCiAgICAgICAgICA8L3Q+CiAg ICAgICAgPC9zZWN0aW9uPgoKICAgICAgPC9zZWN0aW9uPgoKICAgICAgPHNlY3Rpb24gdGl0bGU9 J0FjY2VzcyBUb2tlbic+CiAgICAgICAgPHQ+CiAgICAgICAgICBBY2Nlc3MgdG9rZW5zIGFyZSBj cmVkZW50aWFscyB1c2VkIHRvIGFjY2VzcyBwcm90ZWN0ZWQgcmVzb3VyY2VzLiBBbiBhY2Nlc3Mg dG9rZW4gaXMgYQogICAgICAgICAgc3RyaW5nIHJlcHJlc2VudGluZyBhbiBhdXRob3JpemF0aW9u IGlzc3VlZCB0byB0aGUgY2xpZW50LiBUaGUgc3RyaW5nIGlzIHVzdWFsbHkgb3BhcXVlCiAgICAg ICAgICB0byB0aGUgY2xpZW50LiBUb2tlbnMgcmVwcmVzZW50IHNwZWNpZmljIHNjb3BlcyBhbmQg ZHVyYXRpb25zIG9mIGFjY2VzcywgZ3JhbnRlZCBieSB0aGUKICAgICAgICAgIHJlc291cmNlIG93 bmVyLCBhbmQgZW5mb3JjZWQgYnkgdGhlIHJlc291cmNlIHNlcnZlciBhbmQgYXV0aG9yaXphdGlv biBzZXJ2ZXIuCiAgICAgICAgPC90PgogICAgICAgIDx0PgogICAgICAgICAgVGhlIHRva2VuIG1h eSBkZW5vdGUgYW4gaWRlbnRpZmllciB1c2VkIHRvIHJldHJpZXZlIHRoZSBhdXRob3JpemF0aW9u IGluZm9ybWF0aW9uLCBvcgogICAgICAgICAgc2VsZi1jb250YWluIHRoZSBhdXRob3JpemF0aW9u IGluZm9ybWF0aW9uIGluIGEgdmVyaWZpYWJsZSBtYW5uZXIgKGkuZS4gYSB0b2tlbiBzdHJpbmcK ICAgICAgICAgIGNvbnNpc3Rpbmcgb2Ygc29tZSBkYXRhIGFuZCBhIHNpZ25hdHVyZSkuIEFkZGl0 aW9uYWwgYXV0aGVudGljYXRpb24gY3JlZGVudGlhbHMsIHdoaWNoCiAgICAgICAgICBhcmUgYmV5 b25kIHRoZSBzY29wZSBvZiB0aGlzIHNwZWNpZmljYXRpb24sIG1heSBiZSByZXF1aXJlZCBpbiBv cmRlciBmb3IgdGhlIGNsaWVudCB0bwogICAgICAgICAgdXNlIGEgdG9rZW4uCiAgICAgICAgPC90 PgogICAgICAgIDx0PgogICAgICAgICAgVGhlIGFjY2VzcyB0b2tlbiBwcm92aWRlcyBhbiBhYnN0 cmFjdGlvbiBsYXllciwgcmVwbGFjaW5nIGRpZmZlcmVudCBhdXRob3JpemF0aW9uCiAgICAgICAg ICBjb25zdHJ1Y3RzIChlLmcuIHVzZXJuYW1lIGFuZCBwYXNzd29yZCkgd2l0aCBhIHNpbmdsZSB0 b2tlbiB1bmRlcnN0b29kIGJ5IHRoZSByZXNvdXJjZQogICAgICAgICAgc2VydmVyLiBUaGlzIGFi c3RyYWN0aW9uIGVuYWJsZXMgaXNzdWluZyBhY2Nlc3MgdG9rZW5zIG1vcmUgcmVzdHJpY3RpdmUg dGhhbiB0aGUKICAgICAgICAgIGF1dGhvcml6YXRpb24gZ3JhbnQgdXNlZCB0byBvYnRhaW4gdGhl bSwgYXMgd2VsbCBhcyByZW1vdmluZyB0aGUgcmVzb3VyY2Ugc2VydmVyJ3MgbmVlZCB0bwogICAg ICAgICAgdW5kZXJzdGFuZCBhIHdpZGUgcmFuZ2Ugb2YgYXV0aGVudGljYXRpb24gbWV0aG9kcy4K ICAgICAgICA8L3Q+CiAgICAgICAgPHQ+CiAgICAgICAgICBBY2Nlc3MgdG9rZW5zIGNhbiBoYXZl IGRpZmZlcmVudCBmb3JtYXRzLCBzdHJ1Y3R1cmVzLCBhbmQgbWV0aG9kcyBvZiB1dGlsaXphdGlv biAoZS5nLgogICAgICAgICAgY3J5cHRvZ3JhcGhpYyBwcm9wZXJ0aWVzKSBiYXNlZCBvbiB0aGUg cmVzb3VyY2Ugc2VydmVyIHNlY3VyaXR5IHJlcXVpcmVtZW50cy4gQWNjZXNzIHRva2VuCiAgICAg ICAgICBhdHRyaWJ1dGVzIGFuZCB0aGUgbWV0aG9kcyB1c2VkIHRvIGFjY2VzcyBwcm90ZWN0ZWQg cmVzb3VyY2VzIGFyZSBiZXlvbmQgdGhlIHNjb3BlIG9mIHRoaXMKICAgICAgICAgIHNwZWNpZmlj YXRpb24gYW5kIGFyZSBkZWZpbmVkIGJ5IGNvbXBhbmlvbiBzcGVjaWZpY2F0aW9ucy4KICAgICAg ICA8L3Q+CiAgICAgIDwvc2VjdGlvbj4KCiAgICAgIDxzZWN0aW9uIHRpdGxlPSdSZWZyZXNoIFRv a2VuJz4KICAgICAgICA8dD4KICAgICAgICAgIFJlZnJlc2ggdG9rZW5zIGFyZSBjcmVkZW50aWFs cyB1c2VkIHRvIG9idGFpbiBhY2Nlc3MgdG9rZW5zLiBSZWZyZXNoIHRva2VucyBhcmUgaXNzdWVk IHRvCiAgICAgICAgICB0aGUgY2xpZW50IGJ5IHRoZSBhdXRob3JpemF0aW9uIHNlcnZlciBhbmQg YXJlIHVzZWQgdG8gb2J0YWluIGEgbmV3IGFjY2VzcyB0b2tlbiB3aGVuIHRoZQogICAgICAgICAg Y3VycmVudCBhY2Nlc3MgdG9rZW4gYmVjb21lcyBpbnZhbGlkIG9yIGV4cGlyZXMsIG9yIHRvIG9i dGFpbiBhZGRpdGlvbmFsIGFjY2VzcyB0b2tlbnMKICAgICAgICAgIHdpdGggaWRlbnRpY2FsIG9y IG5hcnJvd2VyIHNjb3BlIChhY2Nlc3MgdG9rZW5zIG1heSBoYXZlIGEgc2hvcnRlciBsaWZldGlt ZSBhbmQgZmV3ZXIKICAgICAgICAgIHBlcm1pc3Npb25zIHRoYW4gYXV0aG9yaXplZCBieSB0aGUg cmVzb3VyY2Ugb3duZXIpLiBJc3N1aW5nIGEgcmVmcmVzaCB0b2tlbiBpcyBvcHRpb25hbAogICAg ICAgICAgYXQgdGhlIGRpc2NyZXRpb24gb2YgdGhlIGF1dGhvcml6YXRpb24gc2VydmVyLiBJZiB0 aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgaXNzdWVzIGEKICAgICAgICAgIHJlZnJlc2ggdG9rZW4s IGl0IGlzIGluY2x1ZGVkIHdoZW4gaXNzdWluZyBhbiBhY2Nlc3MgdG9rZW4gKGkuZS4gc3RlcCAo RCkgaW4KICAgICAgICAgIDx4cmVmIHRhcmdldD0nRmlndXJlLTEnIC8+KS4KICAgICAgICA8L3Q+ CiAgICAgICAgPHQ+CiAgICAgICAgICBBIHJlZnJlc2ggdG9rZW4gaXMgYSBzdHJpbmcgcmVwcmVz ZW50aW5nIHRoZSBhdXRob3JpemF0aW9uIGdyYW50ZWQgdG8gdGhlIGNsaWVudCBieSB0aGUKICAg ICAgICAgIHJlc291cmNlIG93bmVyLiBUaGUgc3RyaW5nIGlzIHVzdWFsbHkgb3BhcXVlIHRvIHRo ZSBjbGllbnQuIFRoZSB0b2tlbiBkZW5vdGVzIGFuCiAgICAgICAgICBpZGVudGlmaWVyIHVzZWQg dG8gcmV0cmlldmUgdGhlIGF1dGhvcml6YXRpb24gaW5mb3JtYXRpb24uIFVubGlrZSBhY2Nlc3Mg dG9rZW5zLCByZWZyZXNoCiAgICAgICAgICB0b2tlbnMgYXJlIGludGVuZGVkIGZvciB1c2Ugb25s eSB3aXRoIGF1dGhvcml6YXRpb24gc2VydmVycyBhbmQgYXJlIG5ldmVyIHNlbnQgdG8KICAgICAg ICAgIHJlc291cmNlIHNlcnZlcnMuCiAgICAgICAgPC90PgogICAgICAgIDxmaWd1cmUgdGl0bGU9 J1JlZnJlc2hpbmcgYW4gRXhwaXJlZCBBY2Nlc3MgVG9rZW4nIGFuY2hvcj0nRmlndXJlLTInPgog ICAgICAgICAgPGFydHdvcms+PCFbQ0RBVEFbCiAgKy0tLS0tLS0tKyAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICArLS0tLS0tLS0tLS0tLS0tKwogIHwgICAgICAgIHwt LShBKS0tLS0tLS0gQXV0aG9yaXphdGlvbiBHcmFudCAtLS0tLS0tLS0+fCAgICAgICAgICAgICAg IHwKICB8ICAgICAgICB8ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg IHwgICAgICAgICAgICAgICB8CiAgfCAgICAgICAgfDwtKEIpLS0tLS0tLS0tLS0gQWNjZXNzIFRv a2VuIC0tLS0tLS0tLS0tLS18ICAgICAgICAgICAgICAgfAogIHwgICAgICAgIHwgICAgICAgICAg ICAgICAmIFJlZnJlc2ggVG9rZW4gICAgICAgICAgICAgfCAgICAgICAgICAgICAgIHwKICB8ICAg ICAgICB8ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHwgICAgICAg ICAgICAgICB8CiAgfCAgICAgICAgfCAgICAgICAgICAgICAgICAgICAgICAgICAgICArLS0tLS0t LS0tLSsgICB8ICAgICAgICAgICAgICAgfAogIHwgICAgICAgIHwtLShDKS0tLS0gQWNjZXNzIFRv a2VuIC0tLS0+fCAgICAgICAgICB8ICAgfCAgICAgICAgICAgICAgIHwKICB8ICAgICAgICB8ICAg ICAgICAgICAgICAgICAgICAgICAgICAgIHwgICAgICAgICAgfCAgIHwgICAgICAgICAgICAgICB8 CiAgfCAgICAgICAgfDwtKEQpLSBQcm90ZWN0ZWQgUmVzb3VyY2UgLS18IFJlc291cmNlIHwgICB8 IEF1dGhvcml6YXRpb24gfAogIHwgQ2xpZW50IHwgICAgICAgICAgICAgICAgICAgICAgICAgICAg fCAgU2VydmVyICB8ICAgfCAgICAgU2VydmVyICAgIHwKICB8ICAgICAgICB8LS0oRSktLS0tIEFj Y2VzcyBUb2tlbiAtLS0tPnwgICAgICAgICAgfCAgIHwgICAgICAgICAgICAgICB8CiAgfCAgICAg ICAgfCAgICAgICAgICAgICAgICAgICAgICAgICAgICB8ICAgICAgICAgIHwgICB8ICAgICAgICAg ICAgICAgfAogIHwgICAgICAgIHw8LShGKS0gSW52YWxpZCBUb2tlbiBFcnJvciAtfCAgICAgICAg ICB8ICAgfCAgICAgICAgICAgICAgIHwKICB8ICAgICAgICB8ICAgICAgICAgICAgICAgICAgICAg ICAgICAgICstLS0tLS0tLS0tKyAgIHwgICAgICAgICAgICAgICB8CiAgfCAgICAgICAgfCAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICB8ICAgICAgICAgICAgICAgfAog IHwgICAgICAgIHwtLShHKS0tLS0tLS0tLS0tIFJlZnJlc2ggVG9rZW4gLS0tLS0tLS0tLS0+fCAg ICAgICAgICAgICAgIHwKICB8ICAgICAgICB8ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgIHwgICAgICAgICAgICAgICB8CiAgfCAgICAgICAgfDwtKEgpLS0tLS0tLS0t LS0gQWNjZXNzIFRva2VuIC0tLS0tLS0tLS0tLS18ICAgICAgICAgICAgICAgfAogICstLS0tLS0t LSsgICAgICAgICAgICYgT3B0aW9uYWwgUmVmcmVzaCBUb2tlbiAgICAgICAgKy0tLS0tLS0tLS0t LS0tLSsKXV0+PC9hcnR3b3JrPgogICAgICAgIDwvZmlndXJlPgogICAgICAgIDx0PgogICAgICAg ICAgVGhlIGZsb3cgaWxsdXN0cmF0ZWQgaW4gPHhyZWYgdGFyZ2V0PSdGaWd1cmUtMicgLz4gaW5j bHVkZXMgdGhlIGZvbGxvd2luZyBzdGVwczoKICAgICAgICA8L3Q+CiAgICAgICAgPHQ+CiAgICAg ICAgICA8bGlzdCBzdHlsZT0nZm9ybWF0ICglQyknPgogICAgICAgICAgICA8dD4KICAgICAgICAg ICAgICBUaGUgY2xpZW50IHJlcXVlc3RzIGFuIGFjY2VzcyB0b2tlbiBieSBhdXRoZW50aWNhdGlu ZyB3aXRoIHRoZSBhdXRob3JpemF0aW9uIHNlcnZlciwKICAgICAgICAgICAgICBhbmQgcHJlc2Vu dGluZyBhbiBhdXRob3JpemF0aW9uIGdyYW50LgogICAgICAgICAgICA8L3Q+CiAgICAgICAgICAg IDx0PgogICAgICAgICAgICAgIFRoZSBhdXRob3JpemF0aW9uIHNlcnZlciBhdXRoZW50aWNhdGVz IHRoZSBjbGllbnQgYW5kIHZhbGlkYXRlcyB0aGUgYXV0aG9yaXphdGlvbgogICAgICAgICAgICAg IGdyYW50LCBhbmQgaWYgdmFsaWQgaXNzdWVzIGFuIGFjY2VzcyB0b2tlbiBhbmQgYSByZWZyZXNo IHRva2VuLgogICAgICAgICAgICA8L3Q+CiAgICAgICAgICAgIDx0PgogICAgICAgICAgICAgIFRo ZSBjbGllbnQgbWFrZXMgYSBwcm90ZWN0ZWQgcmVzb3VyY2UgcmVxdWVzdCB0byB0aGUgcmVzb3Vy Y2Ugc2VydmVyIGJ5IHByZXNlbnRpbmcKICAgICAgICAgICAgICB0aGUgYWNjZXNzIHRva2VuLgog ICAgICAgICAgICA8L3Q+CiAgICAgICAgICAgIDx0PgogICAgICAgICAgICAgIFRoZSByZXNvdXJj ZSBzZXJ2ZXIgdmFsaWRhdGVzIHRoZSBhY2Nlc3MgdG9rZW4sIGFuZCBpZiB2YWxpZCwgc2VydmVz IHRoZSByZXF1ZXN0LgogICAgICAgICAgICA8L3Q+CiAgICAgICAgICAgIDx0PgogICAgICAgICAg ICAgIFN0ZXBzIChDKSBhbmQgKEQpIHJlcGVhdCB1bnRpbCB0aGUgYWNjZXNzIHRva2VuIGV4cGly ZXMuIElmIHRoZSBjbGllbnQga25vd3MgdGhlCiAgICAgICAgICAgICAgYWNjZXNzIHRva2VuIGV4 cGlyZWQsIGl0IHNraXBzIHRvIHN0ZXAgKEcpLCBvdGhlcndpc2UgaXQgbWFrZXMgYW5vdGhlciBw cm90ZWN0ZWQKICAgICAgICAgICAgICByZXNvdXJjZSByZXF1ZXN0LgogICAgICAgICAgICA8L3Q+ CiAgICAgICAgICAgIDx0PgogICAgICAgICAgICAgIFNpbmNlIHRoZSBhY2Nlc3MgdG9rZW4gaXMg aW52YWxpZCwgdGhlIHJlc291cmNlIHNlcnZlciByZXR1cm5zIGFuIGludmFsaWQgdG9rZW4KICAg ICAgICAgICAgICBlcnJvci4KICAgICAgICAgICAgPC90PgogICAgICAgICAgICA8dD4KICAgICAg ICAgICAgICBUaGUgY2xpZW50IHJlcXVlc3RzIGEgbmV3IGFjY2VzcyB0b2tlbiBieSBhdXRoZW50 aWNhdGluZyB3aXRoIHRoZSBhdXRob3JpemF0aW9uCiAgICAgICAgICAgICAgc2VydmVyIGFuZCBw cmVzZW50aW5nIHRoZSByZWZyZXNoIHRva2VuLiBUaGUgY2xpZW50IGF1dGhlbnRpY2F0aW9uIHJl cXVpcmVtZW50cyBhcmUKICAgICAgICAgICAgICBiYXNlZCBvbiB0aGUgY2xpZW50IHR5cGUgYW5k IG9uIHRoZSBhdXRob3JpemF0aW9uIHNlcnZlciBwb2xpY2llcy4KICAgICAgICAgICAgPC90Pgog ICAgICAgICAgICA8dD4KICAgICAgICAgICAgICBUaGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgYXV0 aGVudGljYXRlcyB0aGUgY2xpZW50IGFuZCB2YWxpZGF0ZXMgdGhlIHJlZnJlc2ggdG9rZW4sCiAg ICAgICAgICAgICAgYW5kIGlmIHZhbGlkIGlzc3VlcyBhIG5ldyBhY2Nlc3MgdG9rZW4gKGFuZCBv cHRpb25hbGx5LCBhIG5ldyByZWZyZXNoIHRva2VuKS4KICAgICAgICAgICAgPC90PgogICAgICAg ICAgPC9saXN0PgogICAgICAgIDwvdD4KICAgICAgICA8dD4KICAgICAgICAgIFN0ZXBzIEMsIEQs IEUsIGFuZCBGIGFyZSBvdXRzaWRlIHRoZSBzY29wZSBvZiB0aGlzIHNwZWNpZmljYXRpb24gYXMg ZGVzY3JpYmVkIGluCiAgICAgICAgICA8eHJlZiB0YXJnZXQ9J2FjY2Vzcy1yZXNvdXJjZScgLz4u CiAgICAgICAgPC90PgogICAgICA8L3NlY3Rpb24+CgogICAgICA8c2VjdGlvbiB0aXRsZT0nVExT IFZlcnNpb24nIGFuY2hvcj0ndGxzJz4KICAgICAgICA8dD4KICAgICAgICAgIFdoZW5ldmVyIFRM UyBpcyB1c2VkIGJ5IHRoaXMgc3BlY2lmaWNhdGlvbiwgdGhlIGFwcHJvcHJpYXRlIHZlcnNpb24g KG9yIHZlcnNpb25zKSBvZgogICAgICAgICAgVExTIHdpbGwgdmFyeSBvdmVyIHRpbWUsIGJhc2Vk IG9uIHRoZSB3aWRlc3ByZWFkIGRlcGxveW1lbnQgYW5kIGtub3duIHNlY3VyaXR5CiAgICAgICAg ICB2dWxuZXJhYmlsaXRpZXMuIEF0IHRoZSB0aW1lIG9mIHRoaXMgd3JpdGluZywgVExTIHZlcnNp b24gMS4yIDx4cmVmIHRhcmdldD0nUkZDNTI0NicgLz4KICAgICAgICAgIGlzIHRoZSBtb3N0IHJl Y2VudCB2ZXJzaW9uLCBidXQgaGFzIGEgdmVyeSBsaW1pdGVkIGRlcGxveW1lbnQgYmFzZSBhbmQg bWlnaHQgbm90IGJlCiAgICAgICAgICByZWFkaWx5IGF2YWlsYWJsZSBmb3IgaW1wbGVtZW50YXRp b24uIFRMUyB2ZXJzaW9uIDEuMCA8eHJlZiB0YXJnZXQ9J1JGQzIyNDYnIC8+IGlzIHRoZQogICAg ICAgICAgbW9zdCB3aWRlbHkgZGVwbG95ZWQgdmVyc2lvbiwgYW5kIHdpbGwgcHJvdmlkZSB0aGUg YnJvYWRlc3QgaW50ZXJvcGVyYWJpbGl0eS4KICAgICAgICA8L3Q+CiAgICAgICAgPHQ+CiAgICAg ICAgICBJbXBsZW1lbnRhdGlvbnMgTUFZIGFsc28gc3VwcG9ydCBhZGRpdGlvbmFsIHRyYW5zcG9y dC1sYXllciBzZWN1cml0eSBtZWNoYW5pc21zCiAgICAgICAgICB0aGF0IG1lZXQgdGhlaXIgc2Vj dXJpdHkgcmVxdWlyZW1lbnRzLgogICAgICAgIDwvdD4KICAgICAgPC9zZWN0aW9uPgoKICAgICAg PHNlY3Rpb24gdGl0bGU9J0hUVFAgUmVkaXJlY3Rpb25zJz4KICAgICAgICA8dD4KICAgICAgICAg IFRoaXMgc3BlY2lmaWNhdGlvbiBtYWtlcyBleHRlbnNpdmUgdXNlIG9mIEhUVFAgcmVkaXJlY3Rp b25zLCBpbiB3aGljaCB0aGUgY2xpZW50IG9yIHRoZQogICAgICAgICAgYXV0aG9yaXphdGlvbiBz ZXJ2ZXIgZGlyZWN0cyB0aGUgcmVzb3VyY2Ugb3duZXIncyB1c2VyLWFnZW50IHRvIGFub3RoZXIg ZGVzdGluYXRpb24uIFdoaWxlCiAgICAgICAgICB0aGUgZXhhbXBsZXMgaW4gdGhpcyBzcGVjaWZp Y2F0aW9uIHNob3cgdGhlIHVzZSBvZiB0aGUgSFRUUCAzMDIgc3RhdHVzIGNvZGUsIGFueSBvdGhl cgogICAgICAgICAgbWV0aG9kIGF2YWlsYWJsZSB2aWEgdGhlIHVzZXItYWdlbnQgdG8gYWNjb21w bGlzaCB0aGlzIHJlZGlyZWN0aW9uIGlzIGFsbG93ZWQgYW5kIGlzCiAgICAgICAgICBjb25zaWRl cmVkIHRvIGJlIGFuIGltcGxlbWVudGF0aW9uIGRldGFpbC4KICAgICAgICA8L3Q+CiAgICAgIDwv c2VjdGlvbj4KCiAgICAgIDxzZWN0aW9uIHRpdGxlPSdJbnRlcm9wZXJhYmlsaXR5Jz4KICAgICAg ICA8dD4KICAgICAgICAgIE9BdXRoIDIuMCBwcm92aWRlcyBhIHJpY2ggYXV0aG9yaXphdGlvbiBm cmFtZXdvcmsgd2l0aCB3ZWxsLWRlZmluZWQgc2VjdXJpdHkgcHJvcGVydGllcy4KICAgICAgICAg IEhvd2V2ZXIsIGFzIGEgcmljaCBhbmQgaGlnaGx5IGV4dGVuc2libGUgZnJhbWV3b3JrIHdpdGgg bWFueSBvcHRpb25hbCBjb21wb25lbnRzLCBvbiBpdHMKICAgICAgICAgIG93biwgdGhpcyBzcGVj aWZpY2F0aW9uIGlzIGxpa2VseSB0byBwcm9kdWNlIGEgd2lkZSByYW5nZSBvZiBub24taW50ZXJv cGVyYWJsZQogICAgICAgICAgaW1wbGVtZW50YXRpb25zLgogICAgICAgIDwvdD4KICAgICAgICA8 dD4KICAgICAgICAgIEluIGFkZGl0aW9uLCB0aGlzIHNwZWNpZmljYXRpb24gbGVhdmVzIGEgZmV3 IHJlcXVpcmVkIGNvbXBvbmVudHMgcGFydGlhbGx5IG9yIGZ1bGx5CiAgICAgICAgICB1bmRlZmlu ZWQgKGUuZy4gY2xpZW50IHJlZ2lzdHJhdGlvbiwgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgY2FwYWJp bGl0aWVzLCBlbmRwb2ludAogICAgICAgICAgZGlzY292ZXJ5KS4gV2l0aG91dCB0aGVzZSBjb21w b25lbnRzLCBjbGllbnRzIG11c3QgYmUgbWFudWFsbHkgYW5kIHNwZWNpZmljYWxseQogICAgICAg ICAgY29uZmlndXJlZCBhZ2FpbnN0IGEgc3BlY2lmaWMgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgYW5k IHJlc291cmNlIHNlcnZlciBpbiBvcmRlciB0bwogICAgICAgICAgaW50ZXJvcGVyYXRlLgogICAg ICAgIDwvdD4KICAgICAgICA8dD4KICAgICAgICAgIFRoaXMgZnJhbWV3b3JrIHdhcyBkZXNpZ25l ZCB3aXRoIHRoZSBjbGVhciBleHBlY3RhdGlvbiB0aGF0IGZ1dHVyZSB3b3JrIHdpbGwgZGVmaW5l CiAgICAgICAgICBwcmVzY3JpcHRpdmUgcHJvZmlsZXMgYW5kIGV4dGVuc2lvbnMgbmVjZXNzYXJ5 IHRvIGFjaGlldmUgZnVsbCB3ZWItc2NhbGUKICAgICAgICAgIGludGVyb3BlcmFiaWxpdHkuCiAg ICAgICAgPC90PgogICAgICA8L3NlY3Rpb24+CgogICAgICA8c2VjdGlvbiB0aXRsZT0nTm90YXRp b25hbCBDb252ZW50aW9ucyc+CiAgICAgICAgPHQ+CiAgICAgICAgICBUaGUga2V5IHdvcmRzICJN VVNUIiwgIk1VU1QgTk9UIiwgIlJFUVVJUkVEIiwgIlNIQUxMIiwgIlNIQUxMIE5PVCIsICJTSE9V TEQiLCAiU0hPVUxECiAgICAgICAgICBOT1QiLCAiUkVDT01NRU5ERUQiLCAiTUFZIiwgYW5kICJP UFRJT05BTCIgaW4gdGhpcyBzcGVjaWZpY2F0aW9uIGFyZSB0byBiZSBpbnRlcnByZXRlZCBhcwog ICAgICAgICAgZGVzY3JpYmVkIGluIDx4cmVmIHRhcmdldD0nUkZDMjExOScgLz4uCiAgICAgICAg PC90PgogICAgICAgIDx0PgogICAgICAgICAgVGhpcyBzcGVjaWZpY2F0aW9uIHVzZXMgdGhlIEF1 Z21lbnRlZCBCYWNrdXMtTmF1ciBGb3JtIChBQk5GKSBub3RhdGlvbiBvZgogICAgICAgICAgPHhy ZWYgdGFyZ2V0PSdSRkM1MjM0JyAvPi4KCSAgQWRkaXRpb25hbGx5LCB0aGUgcnVsZSBVUkktUmVm ZXJlbmNlIGlzIGluY2x1ZGVkIGZyb20KCSAgVW5pZm9ybSBSZXNvdXJjZSBJZGVudGlmaWVyIChV UkkpIDx4cmVmIHRhcmdldD0nUkZDMzk4NicgLz4uCiAgICAgICAgPC90PgogICAgICAgIDx0Pgog ICAgICAgICAgQ2VydGFpbiBzZWN1cml0eS1yZWxhdGVkIHRlcm1zIGFyZSB0byBiZSB1bmRlcnN0 b29kIGluIHRoZSBzZW5zZSBkZWZpbmVkIGluCiAgICAgICAgICA8eHJlZiB0YXJnZXQ9J1JGQzQ5 NDknIC8+LiBUaGVzZSB0ZXJtcyBpbmNsdWRlLCBidXQgYXJlIG5vdCBsaW1pdGVkIHRvLCAiYXR0 YWNrIiwKICAgICAgICAgICJhdXRoZW50aWNhdGlvbiIsICJhdXRob3JpemF0aW9uIiwgImNlcnRp ZmljYXRlIiwgImNvbmZpZGVudGlhbGl0eSIsICJjcmVkZW50aWFsIiwKICAgICAgICAgICJlbmNy eXB0aW9uIiwgImlkZW50aXR5IiwgInNpZ24iLCAic2lnbmF0dXJlIiwgInRydXN0IiwgInZhbGlk YXRlIiwgYW5kICJ2ZXJpZnkiLgogICAgICAgIDwvdD4KICAgICAgICA8dD4KICAgICAgICAgIFVu bGVzcyBvdGhlcndpc2Ugbm90ZWQsIGFsbCB0aGUgcHJvdG9jb2wgcGFyYW1ldGVyIG5hbWVzIGFu ZCB2YWx1ZXMgYXJlIGNhc2Ugc2Vuc2l0aXZlLgogICAgICAgIDwvdD4KICAgICAgPC9zZWN0aW9u PgoKICAgIDwvc2VjdGlvbj4KCiAgICA8c2VjdGlvbiB0aXRsZT0nQ2xpZW50IFJlZ2lzdHJhdGlv bic+CiAgICAgIDx0PgogICAgICAgIEJlZm9yZSBpbml0aWF0aW5nIHRoZSBwcm90b2NvbCwgdGhl IGNsaWVudCByZWdpc3RlcnMgd2l0aCB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIuIFRoZQogICAg ICAgIG1lYW5zIHRocm91Z2ggd2hpY2ggdGhlIGNsaWVudCByZWdpc3RlcnMgd2l0aCB0aGUgYXV0 aG9yaXphdGlvbiBzZXJ2ZXIgYXJlIGJleW9uZCB0aGUKICAgICAgICBzY29wZSBvZiB0aGlzIHNw ZWNpZmljYXRpb24sIGJ1dCB0eXBpY2FsbHkgaW52b2x2ZSBlbmQtdXNlciBpbnRlcmFjdGlvbiB3 aXRoIGFuIEhUTUwKICAgICAgICByZWdpc3RyYXRpb24gZm9ybS4KICAgICAgPC90PgogICAgICA8 dD4KICAgICAgICBDbGllbnQgcmVnaXN0cmF0aW9uIGRvZXMgbm90IHJlcXVpcmUgYSBkaXJlY3Qg aW50ZXJhY3Rpb24gYmV0d2VlbiB0aGUgY2xpZW50IGFuZCB0aGUKICAgICAgICBhdXRob3JpemF0 aW9uIHNlcnZlci4gV2hlbiBzdXBwb3J0ZWQgYnkgdGhlIGF1dGhvcml6YXRpb24gc2VydmVyLCBy ZWdpc3RyYXRpb24gY2FuIHJlbHkKICAgICAgICBvbiBvdGhlciBtZWFucyBmb3IgZXN0YWJsaXNo aW5nIHRydXN0IGFuZCBvYnRhaW5pbmcgdGhlIHJlcXVpcmVkIGNsaWVudCBwcm9wZXJ0aWVzIChl LmcuCiAgICAgICAgcmVkaXJlY3Rpb24gVVJJLCBjbGllbnQgdHlwZSkuIEZvciBleGFtcGxlLCBy ZWdpc3RyYXRpb24gY2FuIGJlIGFjY29tcGxpc2hlZCB1c2luZyBhCiAgICAgICAgc2VsZi1pc3N1 ZWQgb3IgdGhpcmQtcGFydHktaXNzdWVkIGFzc2VydGlvbiwgb3IgYnkgdGhlIGF1dGhvcml6YXRp b24gc2VydmVyIHBlcmZvcm1pbmcKICAgICAgICBjbGllbnQgZGlzY292ZXJ5IHVzaW5nIGEgdHJ1 c3RlZCBjaGFubmVsLgogICAgICA8L3Q+CiAgICAgIDx0PgogICAgICAgIFdoZW4gcmVnaXN0ZXJp bmcgYSBjbGllbnQsIHRoZSBjbGllbnQgZGV2ZWxvcGVyIFNIQUxMOgogICAgICA8L3Q+CiAgICAg IDx0PgogICAgICAgIDxsaXN0IHN0eWxlPSdzeW1ib2xzJz4KICAgICAgICAgIDx0PgogICAgICAg ICAgICBzcGVjaWZ5IHRoZSBjbGllbnQgdHlwZSBhcyBkZXNjcmliZWQgaW4gPHhyZWYgdGFyZ2V0 PSdjbGllbnQtdHlwZXMnIC8+LAogICAgICAgICAgPC90PgogICAgICAgICAgPHQ+CiAgICAgICAg ICAgIHByb3ZpZGUgaXRzIGNsaWVudCByZWRpcmVjdGlvbiBVUklzIGFzIGRlc2NyaWJlZCBpbgog ICAgICAgICAgICA8eHJlZiB0YXJnZXQ9J3JlZGlyZWN0LXVyaScgLz4sIGFuZAogICAgICAgICAg PC90PgogICAgICAgICAgPHQ+CiAgICAgICAgICAgIGluY2x1ZGUgYW55IG90aGVyIGluZm9ybWF0 aW9uIHJlcXVpcmVkIGJ5IHRoZSBhdXRob3JpemF0aW9uIHNlcnZlciAoZS5nLiBhcHBsaWNhdGlv bgogICAgICAgICAgICBuYW1lLCB3ZWJzaXRlLCBkZXNjcmlwdGlvbiwgbG9nbyBpbWFnZSwgdGhl IGFjY2VwdGFuY2Ugb2YgbGVnYWwgdGVybXMpLgogICAgICAgICAgPC90PgogICAgICAgIDwvbGlz dD4KICAgICAgPC90PgoKICAgICAgPHNlY3Rpb24gdGl0bGU9J0NsaWVudCBUeXBlcycgYW5jaG9y PSdjbGllbnQtdHlwZXMnPgogICAgICAgIDx0PgogICAgICAgICAgT0F1dGggZGVmaW5lcyB0d28g Y2xpZW50IHR5cGVzLCBiYXNlZCBvbiB0aGVpciBhYmlsaXR5IHRvIGF1dGhlbnRpY2F0ZSBzZWN1 cmVseSB3aXRoIHRoZQogICAgICAgICAgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgKGkuZS4gYWJpbGl0 eSB0byBtYWludGFpbiB0aGUgY29uZmlkZW50aWFsaXR5IG9mIHRoZWlyIGNsaWVudAogICAgICAg ICAgY3JlZGVudGlhbHMpOgogICAgICAgIDwvdD4KICAgICAgICA8dD4KICAgICAgICAgIDxsaXN0 IHN0eWxlPSdoYW5naW5nJz4KICAgICAgICAgICAgPHQgaGFuZ1RleHQ9J2NvbmZpZGVudGlhbCc+ CiAgICAgICAgICAgICAgPHZzcGFjZSAvPgogICAgICAgICAgICAgIENsaWVudHMgY2FwYWJsZSBv ZiBtYWludGFpbmluZyB0aGUgY29uZmlkZW50aWFsaXR5IG9mIHRoZWlyIGNyZWRlbnRpYWxzIChl LmcuCiAgICAgICAgICAgICAgY2xpZW50IGltcGxlbWVudGVkIG9uIGEgc2VjdXJlIHNlcnZlciB3 aXRoIHJlc3RyaWN0ZWQgYWNjZXNzIHRvIHRoZSBjbGllbnQKICAgICAgICAgICAgICBjcmVkZW50 aWFscyksIG9yIGNhcGFibGUgb2Ygc2VjdXJlIGNsaWVudCBhdXRoZW50aWNhdGlvbiB1c2luZyBv dGhlciBtZWFucy4KICAgICAgICAgICAgPC90PgogICAgICAgICAgICA8dCBoYW5nVGV4dD0ncHVi bGljJz4KICAgICAgICAgICAgICA8dnNwYWNlIC8+CiAgICAgICAgICAgICAgQ2xpZW50cyBpbmNh cGFibGUgb2YgbWFpbnRhaW5pbmcgdGhlIGNvbmZpZGVudGlhbGl0eSBvZiB0aGVpciBjcmVkZW50 aWFscyAoZS5nLgogICAgICAgICAgICAgIGNsaWVudHMgZXhlY3V0aW5nIG9uIHRoZSBkZXZpY2Ug dXNlZCBieSB0aGUgcmVzb3VyY2Ugb3duZXIgc3VjaCBhcyBhbiBpbnN0YWxsZWQKICAgICAgICAg ICAgICBuYXRpdmUgYXBwbGljYXRpb24gb3IgYSB3ZWIgYnJvd3Nlci1iYXNlZCBhcHBsaWNhdGlv biksIGFuZCBpbmNhcGFibGUgb2Ygc2VjdXJlCiAgICAgICAgICAgICAgY2xpZW50IGF1dGhlbnRp Y2F0aW9uIHZpYSBhbnkgb3RoZXIgbWVhbnMuCiAgICAgICAgICAgIDwvdD4KICAgICAgICAgIDwv bGlzdD4KICAgICAgICA8L3Q+CiAgICAgICAgPHQ+CiAgICAgICAgICBUaGUgY2xpZW50IHR5cGUg ZGVzaWduYXRpb24gaXMgYmFzZWQgb24gdGhlIGF1dGhvcml6YXRpb24gc2VydmVyJ3MgZGVmaW5p dGlvbiBvZiBzZWN1cmUKICAgICAgICAgIGF1dGhlbnRpY2F0aW9uIGFuZCBpdHMgYWNjZXB0YWJs ZSBleHBvc3VyZSBsZXZlbHMgb2YgY2xpZW50IGNyZWRlbnRpYWxzLiBUaGUKICAgICAgICAgIGF1 dGhvcml6YXRpb24gc2VydmVyIFNIT1VMRCBOT1QgbWFrZSBhc3N1bXB0aW9ucyBhYm91dCB0aGUg Y2xpZW50IHR5cGUuCiAgICAgICAgPC90PgogICAgICAgIDx0PgogICAgICAgICAgQSBjbGllbnQg bWF5IGJlIGltcGxlbWVudGVkIGFzIGEgZGlzdHJpYnV0ZWQgc2V0IG9mIGNvbXBvbmVudHMsIGVh Y2ggd2l0aCBhIGRpZmZlcmVudAogICAgICAgICAgY2xpZW50IHR5cGUgYW5kIHNlY3VyaXR5IGNv bnRleHQgKGUuZy4gYSBkaXN0cmlidXRlZCBjbGllbnQgd2l0aCBib3RoIGEgY29uZmlkZW50aWFs CiAgICAgICAgICBzZXJ2ZXItYmFzZWQgY29tcG9uZW50IGFuZCBhIHB1YmxpYyBicm93c2VyLWJh c2VkIGNvbXBvbmVudCkuIElmIHRoZSBhdXRob3JpemF0aW9uIHNlcnZlcgogICAgICAgICAgZG9l cyBub3QgcHJvdmlkZSBzdXBwb3J0IGZvciBzdWNoIGNsaWVudHMsIG9yIGRvZXMgbm90IHByb3Zp ZGUgZ3VpZGFuY2Ugd2l0aCByZWdhcmQgdG8KICAgICAgICAgIHRoZWlyIHJlZ2lzdHJhdGlvbiwg dGhlIGNsaWVudCBTSE9VTEQgcmVnaXN0ZXIgZWFjaCBjb21wb25lbnQgYXMgYSBzZXBhcmF0ZSBj bGllbnQuCiAgICAgICAgPC90PgogICAgICAgIDx0PgogICAgICAgICAgVGhpcyBzcGVjaWZpY2F0 aW9uIGhhcyBiZWVuIGRlc2lnbmVkIGFyb3VuZCB0aGUgZm9sbG93aW5nIGNsaWVudCBwcm9maWxl czoKICAgICAgICA8L3Q+CiAgICAgICAgPHQ+CiAgICAgICAgICA8bGlzdCBzdHlsZT0naGFuZ2lu Zyc+CiAgICAgICAgICAgIDx0IGhhbmdUZXh0PSd3ZWIgYXBwbGljYXRpb24nPgogICAgICAgICAg ICAgIDx2c3BhY2UgLz4KICAgICAgICAgICAgICBBIHdlYiBhcHBsaWNhdGlvbiBpcyBhIGNvbmZp ZGVudGlhbCBjbGllbnQgcnVubmluZyBvbiBhIHdlYiBzZXJ2ZXIuIFJlc291cmNlIG93bmVycwog ICAgICAgICAgICAgIGFjY2VzcyB0aGUgY2xpZW50IHZpYSBhbiBIVE1MIHVzZXIgaW50ZXJmYWNl IHJlbmRlcmVkIGluIGEgdXNlci1hZ2VudCBvbiB0aGUgZGV2aWNlCiAgICAgICAgICAgICAgdXNl ZCBieSB0aGUgcmVzb3VyY2Ugb3duZXIuIFRoZSBjbGllbnQgY3JlZGVudGlhbHMgYXMgd2VsbCBh cyBhbnkgYWNjZXNzIHRva2VuIGlzc3VlZAogICAgICAgICAgICAgIHRvIHRoZSBjbGllbnQgYXJl IHN0b3JlZCBvbiB0aGUgd2ViIHNlcnZlciBhbmQgYXJlIG5vdCBleHBvc2VkIHRvIG9yIGFjY2Vz c2libGUgYnkKICAgICAgICAgICAgICB0aGUgcmVzb3VyY2Ugb3duZXIuCiAgICAgICAgICAgIDwv dD4KICAgICAgICAgICAgPHQgaGFuZ1RleHQ9J3VzZXItYWdlbnQtYmFzZWQgYXBwbGljYXRpb24n PgogICAgICAgICAgICAgIDx2c3BhY2UgLz4KICAgICAgICAgICAgICBBIHVzZXItYWdlbnQtYmFz ZWQgYXBwbGljYXRpb24gaXMgYSBwdWJsaWMgY2xpZW50IGluIHdoaWNoIHRoZSBjbGllbnQgY29k ZSBpcwogICAgICAgICAgICAgIGRvd25sb2FkZWQgZnJvbSBhIHdlYiBzZXJ2ZXIgYW5kIGV4ZWN1 dGVzIHdpdGhpbiBhIHVzZXItYWdlbnQgKGUuZy4gd2ViIGJyb3dzZXIpIG9uCiAgICAgICAgICAg ICAgdGhlIGRldmljZSB1c2VkIGJ5IHRoZSByZXNvdXJjZSBvd25lci4gUHJvdG9jb2wgZGF0YSBh bmQgY3JlZGVudGlhbHMgYXJlIGVhc2lseQogICAgICAgICAgICAgIGFjY2Vzc2libGUgKGFuZCBv ZnRlbiB2aXNpYmxlKSB0byB0aGUgcmVzb3VyY2Ugb3duZXIuIFNpbmNlIHN1Y2ggYXBwbGljYXRp b25zIHJlc2lkZQogICAgICAgICAgICAgIHdpdGhpbiB0aGUgdXNlci1hZ2VudCwgdGhleSBjYW4g bWFrZSBzZWFtbGVzcyB1c2Ugb2YgdGhlIHVzZXItYWdlbnQgY2FwYWJpbGl0aWVzIHdoZW4KICAg ICAgICAgICAgICByZXF1ZXN0aW5nIGF1dGhvcml6YXRpb24uCiAgICAgICAgICAgIDwvdD4KICAg ICAgICAgICAgPHQgaGFuZ1RleHQ9J25hdGl2ZSBhcHBsaWNhdGlvbic+CiAgICAgICAgICAgICAg PHZzcGFjZSAvPgogICAgICAgICAgICAgIEEgbmF0aXZlIGFwcGxpY2F0aW9uIGlzIGEgcHVibGlj IGNsaWVudCBpbnN0YWxsZWQgYW5kIGV4ZWN1dGVkIG9uIHRoZSBkZXZpY2UgdXNlZCBieQogICAg ICAgICAgICAgIHRoZSByZXNvdXJjZSBvd25lci4gUHJvdG9jb2wgZGF0YSBhbmQgY3JlZGVudGlh bHMgYXJlIGFjY2Vzc2libGUgdG8gdGhlIHJlc291cmNlCiAgICAgICAgICAgICAgb3duZXIuIEl0 IGlzIGFzc3VtZWQgdGhhdCBhbnkgY2xpZW50IGF1dGhlbnRpY2F0aW9uIGNyZWRlbnRpYWxzIGlu Y2x1ZGVkIGluIHRoZQogICAgICAgICAgICAgIGFwcGxpY2F0aW9uIGNhbiBiZSBleHRyYWN0ZWQu IE9uIHRoZSBvdGhlciBoYW5kLCBkeW5hbWljYWxseSBpc3N1ZWQgY3JlZGVudGlhbHMgc3VjaAog ICAgICAgICAgICAgIGFzIGFjY2VzcyB0b2tlbnMgb3IgcmVmcmVzaCB0b2tlbnMgY2FuIHJlY2Vp dmUgYW4gYWNjZXB0YWJsZSBsZXZlbCBvZiBwcm90ZWN0aW9uLiBBdCBhCiAgICAgICAgICAgICAg bWluaW11bSwgdGhlc2UgY3JlZGVudGlhbHMgYXJlIHByb3RlY3RlZCBmcm9tIGhvc3RpbGUgc2Vy dmVycyB3aXRoIHdoaWNoIHRoZQogICAgICAgICAgICAgIGFwcGxpY2F0aW9uIG1heSBpbnRlcmFj dCB3aXRoLiBPbiBzb21lIHBsYXRmb3JtcyB0aGVzZSBjcmVkZW50aWFscyBtaWdodCBiZSBwcm90 ZWN0ZWQKICAgICAgICAgICAgICBmcm9tIG90aGVyIGFwcGxpY2F0aW9ucyByZXNpZGluZyBvbiB0 aGUgc2FtZSBkZXZpY2UuCiAgICAgICAgICAgIDwvdD4KICAgICAgICAgIDwvbGlzdD4KICAgICAg ICA8L3Q+CiAgICAgIDwvc2VjdGlvbj4KCiAgICAgIDxzZWN0aW9uIHRpdGxlPSdDbGllbnQgSWRl bnRpZmllcicgYW5jaG9yPSdjbGllbnQtaWRlbnRpZmllcic+CiAgICAgICAgPHQ+CiAgICAgICAg ICBUaGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgaXNzdWVzIHRoZSByZWdpc3RlcmVkIGNsaWVudCBh IGNsaWVudCBpZGVudGlmaWVyIC0gYSB1bmlxdWUKICAgICAgICAgIHN0cmluZyByZXByZXNlbnRp bmcgdGhlIHJlZ2lzdHJhdGlvbiBpbmZvcm1hdGlvbiBwcm92aWRlZCBieSB0aGUgY2xpZW50LiBU aGUgY2xpZW50CiAgICAgICAgICBpZGVudGlmaWVyIGlzIG5vdCBhIHNlY3JldDsgaXQgaXMgZXhw b3NlZCB0byB0aGUgcmVzb3VyY2Ugb3duZXIsIGFuZCBNVVNUIE5PVCBiZSB1c2VkCiAgICAgICAg ICBhbG9uZSBmb3IgY2xpZW50IGF1dGhlbnRpY2F0aW9uLiBUaGUgY2xpZW50IGlkZW50aWZpZXIg aXMgdW5pcXVlIHRvIHRoZSBhdXRob3JpemF0aW9uCiAgICAgICAgICBzZXJ2ZXIuCiAgICAgICAg PC90PgogICAgICAgIDx0PgogICAgICAgICAgVGhlIGNsaWVudCBpZGVudGlmaWVyIHN0cmluZyBz aXplIGlzIGxlZnQgdW5kZWZpbmVkIGJ5IHRoaXMgc3BlY2lmaWNhdGlvbi4gVGhlIGNsaWVudAog ICAgICAgICAgc2hvdWxkIGF2b2lkIG1ha2luZyBhc3N1bXB0aW9ucyBhYm91dCB0aGUgaWRlbnRp ZmllciBzaXplLiAgVGhlIGF1dGhvcml6YXRpb24gc2VydmVyCiAgICAgICAgICBTSE9VTEQgZG9j dW1lbnQgdGhlIHNpemUgb2YgYW55IGlkZW50aWZpZXIgaXQgaXNzdWVzLgogICAgICAgIDwvdD4K ICAgICAgPC9zZWN0aW9uPgoKICAgICAgPHNlY3Rpb24gdGl0bGU9J0NsaWVudCBBdXRoZW50aWNh dGlvbicgYW5jaG9yPSdjbGllbnQtYXV0aGVudGljYXRpb24nPgogICAgICAgIDx0PgogICAgICAg ICAgSWYgdGhlIGNsaWVudCB0eXBlIGlzIGNvbmZpZGVudGlhbCwgdGhlIGNsaWVudCBhbmQgYXV0 aG9yaXphdGlvbiBzZXJ2ZXIgZXN0YWJsaXNoIGEgY2xpZW50CiAgICAgICAgICBhdXRoZW50aWNh dGlvbiBtZXRob2Qgc3VpdGFibGUgZm9yIHRoZSBzZWN1cml0eSByZXF1aXJlbWVudHMgb2YgdGhl IGF1dGhvcml6YXRpb24gc2VydmVyLgogICAgICAgICAgVGhlIGF1dGhvcml6YXRpb24gc2VydmVy IE1BWSBhY2NlcHQgYW55IGZvcm0gb2YgY2xpZW50IGF1dGhlbnRpY2F0aW9uIG1lZXRpbmcgaXRz CiAgICAgICAgICBzZWN1cml0eSByZXF1aXJlbWVudHMuCiAgICAgICAgPC90PgogICAgICAgIDx0 PgogICAgICAgICAgQ29uZmlkZW50aWFsIGNsaWVudHMgYXJlIHR5cGljYWxseSBpc3N1ZWQgKG9y IGVzdGFibGlzaCkgYSBzZXQgb2YgY2xpZW50IGNyZWRlbnRpYWxzIHVzZWQgZm9yCiAgICAgICAg ICBhdXRoZW50aWNhdGluZyB3aXRoIHRoZSBhdXRob3JpemF0aW9uIHNlcnZlciAoZS5nLiBwYXNz d29yZCwgcHVibGljL3ByaXZhdGUga2V5IHBhaXIpLgogICAgICAgIDwvdD4KICAgICAgICA8dD4K ICAgICAgICAgIFRoZSBhdXRob3JpemF0aW9uIHNlcnZlciBNQVkgZXN0YWJsaXNoIGEgY2xpZW50 IGF1dGhlbnRpY2F0aW9uIG1ldGhvZCB3aXRoIHB1YmxpYyBjbGllbnRzLgogICAgICAgICAgSG93 ZXZlciwgdGhlIGF1dGhvcml6YXRpb24gc2VydmVyIE1VU1QgTk9UIHJlbHkgb24gcHVibGljIGNs aWVudCBhdXRoZW50aWNhdGlvbiBmb3IgdGhlCiAgICAgICAgICBwdXJwb3NlIG9mIGlkZW50aWZ5 aW5nIHRoZSBjbGllbnQuCiAgICAgICAgPC90PgogICAgICAgIDx0PgogICAgICAgICAgVGhlIGNs aWVudCBNVVNUIE5PVCB1c2UgbW9yZSB0aGFuIG9uZSBhdXRoZW50aWNhdGlvbiBtZXRob2QgaW4g ZWFjaCByZXF1ZXN0LgogICAgICAgIDwvdD4KCiAgICAgICAgPHNlY3Rpb24gdGl0bGU9J0NsaWVu dCBQYXNzd29yZCcgYW5jaG9yPSJjbGllbnQtcGFzc3dvcmQiPgogICAgICAgICAgPHQ+CiAgICAg ICAgICAgIENsaWVudHMgaW4gcG9zc2Vzc2lvbiBvZiBhIGNsaWVudCBwYXNzd29yZCBNQVkgdXNl IHRoZSBIVFRQIEJhc2ljIGF1dGhlbnRpY2F0aW9uIHNjaGVtZQogICAgICAgICAgICBhcyBkZWZp bmVkIGluIDx4cmVmIHRhcmdldD0nUkZDMjYxNycgLz4gdG8gYXV0aGVudGljYXRlIHdpdGggdGhl IGF1dGhvcml6YXRpb24gc2VydmVyLgogICAgICAgICAgICBUaGUgY2xpZW50IGlkZW50aWZpZXIg aXMgZW5jb2RlZCB1c2luZyB0aGUKCSAgICA8c3Bhbnggc3R5bGU9J3ZlcmInPmFwcGxpY2F0aW9u L3gtd3d3LWZvcm0tdXJsZW5jb2RlZDwvc3Bhbng+CgkgICAgZW5jb2RpbmcgYWxnb3JpdGhtIGRl ZmluZWQgYnkKCSAgICBIVE1MIDQuMDEgPHhyZWYgdGFyZ2V0PSdXM0MuUkVDLWh0bWw0MDEtMTk5 OTEyMjQnIC8+IGFuZCB0aGUgZW5jb2RlZCB2YWx1ZSBpcwoJICAgIHVzZWQgYXMgdGhlIHVzZXJu YW1lOyB0aGUgY2xpZW50IHBhc3N3b3JkIGlzIGVuY29kZWQgdXNpbmcKCSAgICB0aGUgc2FtZSBh bGdvcml0aG0gYW5kIHVzZWQgYXMgdGhlCiAgICAgICAgICAgIHBhc3N3b3JkLiBUaGUgYXV0aG9y aXphdGlvbiBzZXJ2ZXIgTVVTVCBzdXBwb3J0IHRoZSBIVFRQIEJhc2ljIGF1dGhlbnRpY2F0aW9u IHNjaGVtZQogICAgICAgICAgICBmb3IgYXV0aGVudGljYXRpbmcgY2xpZW50cyB0aGF0IHdlcmUg aXNzdWVkIGEgY2xpZW50IHBhc3N3b3JkLgogICAgICAgICAgPC90PgogICAgICAgICAgPGZpZ3Vy ZT4KICAgICAgICAgICAgPHByZWFtYmxlPgogICAgICAgICAgICAgIEZvciBleGFtcGxlIChleHRy YSBsaW5lIGJyZWFrcyBhcmUgZm9yIGRpc3BsYXkgcHVycG9zZXMgb25seSk6CiAgICAgICAgICAg IDwvcHJlYW1ibGU+CiAgICAgICAgICAgIDxhcnR3b3JrPjwhW0NEQVRBWwogIEF1dGhvcml6YXRp b246IEJhc2ljIGN6WkNhR1JTYTNGME16bzNSbXBtY0RCYVFuSXhTM1JFVW1KdVpsWmtiVWwzCl1d PjwvYXJ0d29yaz4KICAgICAgICAgIDwvZmlndXJlPgogICAgICAgICAgPHQ+CiAgICAgICAgICAg IEFsdGVybmF0aXZlbHksIHRoZSBhdXRob3JpemF0aW9uIHNlcnZlciBNQVkgc3VwcG9ydCBpbmNs dWRpbmcgdGhlIGNsaWVudCBjcmVkZW50aWFscyBpbgogICAgICAgICAgICB0aGUgcmVxdWVzdCBi b2R5IHVzaW5nIHRoZSBmb2xsb3dpbmcgcGFyYW1ldGVyczoKICAgICAgICAgIDwvdD4KICAgICAg ICAgIDx0PgogICAgICAgICAgICA8bGlzdCBzdHlsZT0naGFuZ2luZycgaGFuZ0luZGVudD0nNic+ CiAgICAgICAgICAgICAgPHQgaGFuZ1RleHQ9J2NsaWVudF9pZCc+CiAgICAgICAgICAgICAgICA8 dnNwYWNlIC8+CiAgICAgICAgICAgICAgICBSRVFVSVJFRC4gVGhlIGNsaWVudCBpZGVudGlmaWVy IGlzc3VlZCB0byB0aGUgY2xpZW50IGR1cmluZyB0aGUgcmVnaXN0cmF0aW9uIHByb2Nlc3MKICAg ICAgICAgICAgICAgIGRlc2NyaWJlZCBieSA8eHJlZiB0YXJnZXQ9J2NsaWVudC1pZGVudGlmaWVy JyAvPi4KICAgICAgICAgICAgICA8L3Q+CiAgICAgICAgICAgICAgPHQgaGFuZ1RleHQ9J2NsaWVu dF9zZWNyZXQnPgogICAgICAgICAgICAgICAgPHZzcGFjZSAvPgogICAgICAgICAgICAgICAgUkVR VUlSRUQuIFRoZSBjbGllbnQgc2VjcmV0LiBUaGUgY2xpZW50IE1BWSBvbWl0IHRoZSBwYXJhbWV0 ZXIgaWYgdGhlIGNsaWVudCBzZWNyZXQKICAgICAgICAgICAgICAgIGlzIGFuIGVtcHR5IHN0cmlu Zy4KICAgICAgICAgICAgICA8L3Q+CiAgICAgICAgICAgIDwvbGlzdD4KICAgICAgICAgIDwvdD4K ICAgICAgICAgIDx0PgogICAgICAgICAgICBJbmNsdWRpbmcgdGhlIGNsaWVudCBjcmVkZW50aWFs cyBpbiB0aGUgcmVxdWVzdCBib2R5IHVzaW5nIHRoZSB0d28gcGFyYW1ldGVycyBpcyBOT1QKICAg ICAgICAgICAgUkVDT01NRU5ERUQsIGFuZCBTSE9VTEQgYmUgbGltaXRlZCB0byBjbGllbnRzIHVu YWJsZSB0byBkaXJlY3RseSB1dGlsaXplIHRoZSBIVFRQIEJhc2ljCiAgICAgICAgICAgIGF1dGhl bnRpY2F0aW9uIHNjaGVtZSAob3Igb3RoZXIgcGFzc3dvcmQtYmFzZWQgSFRUUCBhdXRoZW50aWNh dGlvbiBzY2hlbWVzKS4gVGhlCiAgICAgICAgICAgIHBhcmFtZXRlcnMgY2FuIG9ubHkgYmUgdHJh bnNtaXR0ZWQgaW4gdGhlIHJlcXVlc3QgYm9keSBhbmQgTVVTVCBOT1QgYmUgaW5jbHVkZWQgaW4g dGhlCiAgICAgICAgICAgIHJlcXVlc3QgVVJJLgogICAgICAgICAgPC90PgogICAgICAgICAgPGZp Z3VyZT4KICAgICAgICAgICAgPHByZWFtYmxlPgogICAgICAgICAgICAgIEZvciBleGFtcGxlLCBy ZXF1ZXN0aW5nIHRvIHJlZnJlc2ggYW4gYWNjZXNzIHRva2VuICg8eHJlZiB0YXJnZXQ9J3Rva2Vu LXJlZnJlc2gnIC8+KQogICAgICAgICAgICAgIHVzaW5nIHRoZSBib2R5IHBhcmFtZXRlcnMgKGV4 dHJhIGxpbmUgYnJlYWtzIGFyZSBmb3IgZGlzcGxheSBwdXJwb3NlcyBvbmx5KToKICAgICAgICAg ICAgPC9wcmVhbWJsZT4KICAgICAgICAgICAgPGFydHdvcms+PCFbQ0RBVEFbCiAgUE9TVCAvdG9r ZW4gSFRUUC8xLjEKICBIb3N0OiBzZXJ2ZXIuZXhhbXBsZS5jb20KICBDb250ZW50LVR5cGU6IGFw cGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJsZW5jb2RlZAoKICBncmFudF90eXBlPXJlZnJlc2hfdG9r ZW4mcmVmcmVzaF90b2tlbj10R3p2M0pPa0YwWEc1UXgyVGxLV0lBCiAgJmNsaWVudF9pZD1zNkJo ZFJrcXQzJmNsaWVudF9zZWNyZXQ9N0ZqZnAwWkJyMUt0RFJibmZWZG1JdwpdXT48L2FydHdvcms+ CiAgICAgICAgICA8L2ZpZ3VyZT4KICAgICAgICAgIDx0PgogICAgICAgICAgICBUaGUgYXV0aG9y aXphdGlvbiBzZXJ2ZXIgTVVTVCByZXF1aXJlIHRoZSB1c2Ugb2YgVExTIGFzIGRlc2NyaWJlZCBp bgogICAgICAgICAgICA8eHJlZiB0YXJnZXQ9J3RscycgLz4gd2hlbiBzZW5kaW5nIHJlcXVlc3Rz IHVzaW5nIHBhc3N3b3JkIGF1dGhlbnRpY2F0aW9uLgogICAgICAgICAgPC90PgogICAgICAgICAg PHQ+CiAgICAgICAgICAgIFNpbmNlIHRoaXMgY2xpZW50IGF1dGhlbnRpY2F0aW9uIG1ldGhvZCBp bnZvbHZlcyBhIHBhc3N3b3JkLCB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIKICAgICAgICAgICAg TVVTVCBwcm90ZWN0IGFueSBlbmRwb2ludCB1dGlsaXppbmcgaXQgYWdhaW5zdCBicnV0ZSBmb3Jj ZSBhdHRhY2tzLgogICAgICAgICAgPC90PgogICAgICAgIDwvc2VjdGlvbj4KCiAgICAgICAgPHNl Y3Rpb24gdGl0bGU9J090aGVyIEF1dGhlbnRpY2F0aW9uIE1ldGhvZHMnPgogICAgICAgICAgPHQ+ CiAgICAgICAgICAgIFRoZSBhdXRob3JpemF0aW9uIHNlcnZlciBNQVkgc3VwcG9ydCBhbnkgc3Vp dGFibGUgSFRUUCBhdXRoZW50aWNhdGlvbiBzY2hlbWUgbWF0Y2hpbmcKICAgICAgICAgICAgaXRz IHNlY3VyaXR5IHJlcXVpcmVtZW50cy4gV2hlbiB1c2luZyBvdGhlciBhdXRoZW50aWNhdGlvbiBt ZXRob2RzLCB0aGUgYXV0aG9yaXphdGlvbgogICAgICAgICAgICBzZXJ2ZXIgTVVTVCBkZWZpbmUg YSBtYXBwaW5nIGJldHdlZW4gdGhlIGNsaWVudCBpZGVudGlmaWVyIChyZWdpc3RyYXRpb24gcmVj b3JkKSBhbmQKICAgICAgICAgICAgYXV0aGVudGljYXRpb24gc2NoZW1lLgogICAgICAgICAgPC90 PgogICAgICAgIDwvc2VjdGlvbj4KCiAgICAgIDwvc2VjdGlvbj4KCiAgICAgIDxzZWN0aW9uIHRp dGxlPSdVbnJlZ2lzdGVyZWQgQ2xpZW50cyc+CiAgICAgICAgPHQ+CiAgICAgICAgICBUaGlzIHNw ZWNpZmljYXRpb24gZG9lcyBub3QgZXhjbHVkZSB0aGUgdXNlIG9mIHVucmVnaXN0ZXJlZCBjbGll bnRzLiBIb3dldmVyLCB0aGUgdXNlCiAgICAgICAgICB3aXRoIHN1Y2ggY2xpZW50cyBpcyBiZXlv bmQgdGhlIHNjb3BlIG9mIHRoaXMgc3BlY2lmaWNhdGlvbiwgYW5kIHJlcXVpcmVzIGFkZGl0aW9u YWwKICAgICAgICAgIHNlY3VyaXR5IGFuYWx5c2lzIGFuZCByZXZpZXcgb2YgaXRzIGludGVyb3Bl cmFiaWxpdHkgaW1wYWN0LgogICAgICAgIDwvdD4KICAgICAgPC9zZWN0aW9uPgogICAgICAKICAg IDwvc2VjdGlvbj4KCiAgICA8c2VjdGlvbiB0aXRsZT0nUHJvdG9jb2wgRW5kcG9pbnRzJz4KICAg ICAgPHQ+CiAgICAgICAgVGhlIGF1dGhvcml6YXRpb24gcHJvY2VzcyB1dGlsaXplcyB0d28gYXV0 aG9yaXphdGlvbiBzZXJ2ZXIgZW5kcG9pbnRzIChIVFRQIHJlc291cmNlcyk6CiAgICAgIDwvdD4K ICAgICAgPHQ+CiAgICAgICAgPGxpc3Qgc3R5bGU9J3N5bWJvbHMnPgogICAgICAgICAgPHQ+CiAg ICAgICAgICAgIEF1dGhvcml6YXRpb24gZW5kcG9pbnQgLSB1c2VkIGJ5IHRoZSBjbGllbnQgdG8g b2J0YWluIGF1dGhvcml6YXRpb24gZnJvbSB0aGUgcmVzb3VyY2UKICAgICAgICAgICAgb3duZXIg dmlhIHVzZXItYWdlbnQgcmVkaXJlY3Rpb24uCiAgICAgICAgICA8L3Q+CiAgICAgICAgICA8dD4K ICAgICAgICAgICAgVG9rZW4gZW5kcG9pbnQgLSB1c2VkIGJ5IHRoZSBjbGllbnQgdG8gZXhjaGFu Z2UgYW4gYXV0aG9yaXphdGlvbiBncmFudCBmb3IgYW4gYWNjZXNzCiAgICAgICAgICAgIHRva2Vu LCB0eXBpY2FsbHkgd2l0aCBjbGllbnQgYXV0aGVudGljYXRpb24uCiAgICAgICAgICA8L3Q+CiAg ICAgICAgPC9saXN0PgogICAgICA8L3Q+CiAgICAgIDx0PgogICAgICAgIEFzIHdlbGwgYXMgb25l IGNsaWVudCBlbmRwb2ludDoKICAgICAgPC90PgogICAgICA8dD4KICAgICAgICA8bGlzdCBzdHls ZT0nc3ltYm9scyc+CiAgICAgICAgICA8dD4KICAgICAgICAgICAgUmVkaXJlY3Rpb24gZW5kcG9p bnQgLSB1c2VkIGJ5IHRoZSBhdXRob3JpemF0aW9uIHNlcnZlciB0byByZXR1cm4gYXV0aG9yaXph dGlvbgogICAgICAgICAgICBjcmVkZW50aWFscyByZXNwb25zZXMgdG8gdGhlIGNsaWVudCB2aWEg dGhlIHJlc291cmNlIG93bmVyIHVzZXItYWdlbnQuCiAgICAgICAgICA8L3Q+CiAgICAgICAgPC9s aXN0PgogICAgICA8L3Q+CiAgICAgIDx0PgogICAgICAgIE5vdCBldmVyeSBhdXRob3JpemF0aW9u IGdyYW50IHR5cGUgdXRpbGl6ZXMgYm90aCBlbmRwb2ludHMuIEV4dGVuc2lvbiBncmFudCB0eXBl cyBNQVkKICAgICAgICBkZWZpbmUgYWRkaXRpb25hbCBlbmRwb2ludHMgYXMgbmVlZGVkLgogICAg ICA8L3Q+CgogICAgICA8c2VjdGlvbiB0aXRsZT0nQXV0aG9yaXphdGlvbiBFbmRwb2ludCc+CiAg ICAgICAgPHQ+CiAgICAgICAgICBUaGUgYXV0aG9yaXphdGlvbiBlbmRwb2ludCBpcyB1c2VkIHRv IGludGVyYWN0IHdpdGggdGhlIHJlc291cmNlIG93bmVyIGFuZCBvYnRhaW4KICAgICAgICAgIGFu IGF1dGhvcml6YXRpb24gZ3JhbnQuIFRoZSBhdXRob3JpemF0aW9uIHNlcnZlciBNVVNUIGZpcnN0 IHZlcmlmeSB0aGUgaWRlbnRpdHkgb2YgdGhlCiAgICAgICAgICByZXNvdXJjZSBvd25lci4gVGhl IHdheSBpbiB3aGljaCB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgYXV0aGVudGljYXRlcyB0aGUg cmVzb3VyY2UKICAgICAgICAgIG93bmVyIChlLmcuIHVzZXJuYW1lIGFuZCBwYXNzd29yZCBsb2dp biwgc2Vzc2lvbiBjb29raWVzKSBpcyBiZXlvbmQgdGhlIHNjb3BlIG9mIHRoaXMKICAgICAgICAg IHNwZWNpZmljYXRpb24uCiAgICAgICAgPC90PgogICAgICAgIDx0PgogICAgICAgICAgVGhlIG1l YW5zIHRocm91Z2ggd2hpY2ggdGhlIGNsaWVudCBvYnRhaW5zIHRoZSBsb2NhdGlvbiBvZiB0aGUg YXV0aG9yaXphdGlvbiBlbmRwb2ludCBhcmUKICAgICAgICAgIGJleW9uZCB0aGUgc2NvcGUgb2Yg dGhpcyBzcGVjaWZpY2F0aW9uLCBidXQgdGhlIGxvY2F0aW9uIGlzIHR5cGljYWxseSBwcm92aWRl ZCBpbiB0aGUKICAgICAgICAgIHNlcnZpY2UgZG9jdW1lbnRhdGlvbi4KICAgICAgICA8L3Q+CiAg ICAgICAgPHQ+CiAgICAgICAgICBUaGUgZW5kcG9pbnQgVVJJIE1BWSBpbmNsdWRlIGFuCiAgICAg ICAgICA8c3Bhbnggc3R5bGU9J3ZlcmInPmFwcGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJsZW5jb2Rl ZDwvc3Bhbng+IGZvcm1hdHRlZAogICAgICAgICAgKDx4cmVmIHRhcmdldD0nVzNDLlJFQy1odG1s NDAxLTE5OTkxMjI0JyAvPikgcXVlcnkgY29tcG9uZW50ICg8eHJlZiB0YXJnZXQ9J1JGQzM5ODYn IC8+CiAgICAgICAgICBzZWN0aW9uIDMuNCksIHdoaWNoIE1VU1QgYmUgcmV0YWluZWQgd2hlbiBh ZGRpbmcgYWRkaXRpb25hbCBxdWVyeSBwYXJhbWV0ZXJzLiBUaGUKICAgICAgICAgIGVuZHBvaW50 IFVSSSBNVVNUIE5PVCBpbmNsdWRlIGEgZnJhZ21lbnQgY29tcG9uZW50LgogICAgICAgIDwvdD4K ICAgICAgICA8dD4KICAgICAgICAgIFNpbmNlIHJlcXVlc3RzIHRvIHRoZSBhdXRob3JpemF0aW9u IGVuZHBvaW50IHJlc3VsdCBpbiB1c2VyIGF1dGhlbnRpY2F0aW9uIGFuZCB0aGUKICAgICAgICAg IHRyYW5zbWlzc2lvbiBvZiBjbGVhci10ZXh0IGNyZWRlbnRpYWxzIChpbiB0aGUgSFRUUCByZXNw b25zZSksIHRoZSBhdXRob3JpemF0aW9uIHNlcnZlcgogICAgICAgICAgTVVTVCByZXF1aXJlIHRo ZSB1c2Ugb2YgVExTIGFzIGRlc2NyaWJlZCBpbiA8eHJlZiB0YXJnZXQ9J3RscycgLz4gd2hlbiBz ZW5kaW5nIHJlcXVlc3RzCiAgICAgICAgICB0byB0aGUgYXV0aG9yaXphdGlvbiBlbmRwb2ludC4K ICAgICAgICA8L3Q+CiAgICAgICAgPHQ+CiAgICAgICAgICBUaGUgYXV0aG9yaXphdGlvbiBzZXJ2 ZXIgTVVTVCBzdXBwb3J0IHRoZSB1c2Ugb2YgdGhlIEhUVFAgPHNwYW54IHN0eWxlPSd2ZXJiJz5H RVQ8L3NwYW54PgogICAgICAgICAgbWV0aG9kIDx4cmVmIHRhcmdldD0nUkZDMjYxNicgLz4gZm9y IHRoZSBhdXRob3JpemF0aW9uIGVuZHBvaW50LCBhbmQgTUFZIHN1cHBvcnQgdGhlIHVzZQogICAg ICAgICAgb2YgdGhlIDxzcGFueCBzdHlsZT0ndmVyYic+UE9TVDwvc3Bhbng+IG1ldGhvZCBhcyB3 ZWxsLgogICAgICAgIDwvdD4KICAgICAgICA8dD4KICAgICAgICAgIFBhcmFtZXRlcnMgc2VudCB3 aXRob3V0IGEgdmFsdWUgTVVTVCBiZSB0cmVhdGVkIGFzIGlmIHRoZXkgd2VyZSBvbWl0dGVkIGZy b20gdGhlIHJlcXVlc3QuCiAgICAgICAgICBUaGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgTVVTVCBp Z25vcmUgdW5yZWNvZ25pemVkIHJlcXVlc3QgcGFyYW1ldGVycy4gUmVxdWVzdCBhbmQKICAgICAg ICAgIHJlc3BvbnNlIHBhcmFtZXRlcnMgTVVTVCBOT1QgYmUgaW5jbHVkZWQgbW9yZSB0aGFuIG9u Y2UuCiAgICAgICAgPC90PgoKICAgICAgICA8c2VjdGlvbiB0aXRsZT0nUmVzcG9uc2UgVHlwZScg YW5jaG9yPSJyZXNwb25zZS10eXBlIj4KICAgICAgICAgIDx0PgogICAgICAgICAgICBUaGUgYXV0 aG9yaXphdGlvbiBlbmRwb2ludCBpcyB1c2VkIGJ5IHRoZSBhdXRob3JpemF0aW9uIGNvZGUgZ3Jh bnQgdHlwZSBhbmQgaW1wbGljaXQKICAgICAgICAgICAgZ3JhbnQgdHlwZSBmbG93cy4gVGhlIGNs aWVudCBpbmZvcm1zIHRoZSBhdXRob3JpemF0aW9uIHNlcnZlciBvZiB0aGUgZGVzaXJlZCBncmFu dAogICAgICAgICAgICB0eXBlIHVzaW5nIHRoZSBmb2xsb3dpbmcgcGFyYW1ldGVyOgogICAgICAg ICAgPC90PgogICAgICAgICAgPHQ+CiAgICAgICAgICAgIDxsaXN0IHN0eWxlPSdoYW5naW5nJyBo YW5nSW5kZW50PSc2Jz4KICAgICAgICAgICAgICA8dCBoYW5nVGV4dD0ncmVzcG9uc2VfdHlwZSc+ CiAgICAgICAgICAgICAgICA8dnNwYWNlIC8+CiAgICAgICAgICAgICAgICBSRVFVSVJFRC4gVGhl IHZhbHVlIE1VU1QgYmUgb25lIG9mIDxzcGFueCBzdHlsZT0ndmVyYic+Y29kZTwvc3Bhbng+IGZv ciByZXF1ZXN0aW5nCiAgICAgICAgICAgICAgICBhbiBhdXRob3JpemF0aW9uIGNvZGUgYXMgZGVz Y3JpYmVkIGJ5IDx4cmVmIHRhcmdldD0nY29kZS1hdXRoei1yZXEnIC8+LAogICAgICAgICAgICAg ICAgPHNwYW54IHN0eWxlPSd2ZXJiJz50b2tlbjwvc3Bhbng+IGZvciByZXF1ZXN0aW5nIGFuIGFj Y2VzcyB0b2tlbiAoaW1wbGljaXQgZ3JhbnQpCiAgICAgICAgICAgICAgICBhcyBkZXNjcmliZWQg YnkgPHhyZWYgdGFyZ2V0PSdpbXBsaWNpdC1hdXRoei1yZXEnIC8+LCBvciBhIHJlZ2lzdGVyZWQg ZXh0ZW5zaW9uCiAgICAgICAgICAgICAgICB2YWx1ZSBhcyBkZXNjcmliZWQgYnkgPHhyZWYgdGFy Z2V0PSdyZXNwb25zZS10eXBlLWV4dCcgLz4uCiAgICAgICAgICAgICAgPC90PgogICAgICAgICAg ICA8L2xpc3Q+CiAgICAgICAgICA8L3Q+CiAgICAgICAgICA8dD4KICAgICAgICAgICAgRXh0ZW5z aW9uIHJlc3BvbnNlIHR5cGVzIE1BWSBjb250YWluIGEgc3BhY2UtZGVsaW1pdGVkICgleDIwKSBs aXN0IG9mIHZhbHVlcywgd2hlcmUgdGhlCiAgICAgICAgICAgIG9yZGVyIG9mIHZhbHVlcyBkb2Vz IG5vdCBtYXR0ZXIgKGUuZy4gcmVzcG9uc2UgdHlwZSA8c3Bhbnggc3R5bGU9J3ZlcmInPmEgYjwv c3Bhbng+IGlzCiAgICAgICAgICAgIHRoZSBzYW1lIGFzIDxzcGFueCBzdHlsZT0ndmVyYic+YiBh PC9zcGFueD4pLiBUaGUgbWVhbmluZyBvZiBzdWNoIGNvbXBvc2l0ZSByZXNwb25zZQogICAgICAg ICAgICB0eXBlcyBpcyBkZWZpbmVkIGJ5IHRoZWlyIHJlc3BlY3RpdmUgc3BlY2lmaWNhdGlvbnMu CiAgICAgICAgICA8L3Q+CiAgICAgICAgICA8dD4KICAgICAgICAgICAgSWYgYW4gYXV0aG9yaXph dGlvbiByZXF1ZXN0IGlzIG1pc3NpbmcgdGhlIDxzcGFueCBzdHlsZT0ndmVyYic+cmVzcG9uc2Vf dHlwZTwvc3Bhbng+CiAgICAgICAgICAgIHBhcmFtZXRlciwgb3IgaWYgdGhlIHJlc3BvbnNlIHR5 cGUgaXMgbm90IHVuZGVyc3Rvb2QsIHRoZSBhdXRob3JpemF0aW9uIHNlcnZlciBNVVNUCiAgICAg ICAgICAgIHJldHVybiBhbiBlcnJvciByZXNwb25zZSBhcyBkZXNjcmliZWQgaW4gPHhyZWYgdGFy Z2V0PSdjb2RlLWF1dGh6LWVycm9yJyAvPi4KICAgICAgICAgIDwvdD4KICAgICAgICA8L3NlY3Rp b24+CgogICAgICAgIDxzZWN0aW9uIHRpdGxlPSdSZWRpcmVjdGlvbiBFbmRwb2ludCcgYW5jaG9y PSdyZWRpcmVjdC11cmknPgogICAgICAgICAgPHQ+CiAgICAgICAgICAgIEFmdGVyIGNvbXBsZXRp bmcgaXRzIGludGVyYWN0aW9uIHdpdGggdGhlIHJlc291cmNlIG93bmVyLCB0aGUgYXV0aG9yaXph dGlvbiBzZXJ2ZXIKICAgICAgICAgICAgZGlyZWN0cyB0aGUgcmVzb3VyY2Ugb3duZXIncyB1c2Vy LWFnZW50IGJhY2sgdG8gdGhlIGNsaWVudC4gVGhlIGF1dGhvcml6YXRpb24gc2VydmVyCiAgICAg ICAgICAgIHJlZGlyZWN0cyB0aGUgdXNlci1hZ2VudCB0byB0aGUgY2xpZW50J3MgcmVkaXJlY3Rp b24gZW5kcG9pbnQgcHJldmlvdXNseSBlc3RhYmxpc2hlZAogICAgICAgICAgICB3aXRoIHRoZSBh dXRob3JpemF0aW9uIHNlcnZlciBkdXJpbmcgdGhlIGNsaWVudCByZWdpc3RyYXRpb24gcHJvY2Vz cyBvciB3aGVuIG1ha2luZwogICAgICAgICAgICB0aGUgYXV0aG9yaXphdGlvbiByZXF1ZXN0Lgog ICAgICAgICAgPC90PgogICAgICAgICAgPHQ+CiAgICAgICAgICAgIFRoZSByZWRpcmVjdGlvbiBl bmRwb2ludCBVUkkgTVVTVCBiZSBhbiBhYnNvbHV0ZSBVUkkgYXMgZGVmaW5lZCBieQogICAgICAg ICAgICA8eHJlZiB0YXJnZXQ9J1JGQzM5ODYnIC8+IHNlY3Rpb24gNC4zLiBUaGUgZW5kcG9pbnQg VVJJIE1BWSBpbmNsdWRlIGFuCiAgICAgICAgICAgIDxzcGFueCBzdHlsZT0ndmVyYic+YXBwbGlj YXRpb24veC13d3ctZm9ybS11cmxlbmNvZGVkPC9zcGFueD4gZm9ybWF0dGVkCiAgICAgICAgICAg ICg8eHJlZiB0YXJnZXQ9J1czQy5SRUMtaHRtbDQwMS0xOTk5MTIyNCcgLz4pIHF1ZXJ5IGNvbXBv bmVudCAoPHhyZWYgdGFyZ2V0PSdSRkMzOTg2JyAvPgogICAgICAgICAgICBzZWN0aW9uIDMuNCks IHdoaWNoIE1VU1QgYmUgcmV0YWluZWQgd2hlbiBhZGRpbmcgYWRkaXRpb25hbCBxdWVyeSBwYXJh bWV0ZXJzLiBUaGUKICAgICAgICAgICAgZW5kcG9pbnQgVVJJIE1VU1QgTk9UIGluY2x1ZGUgYSBm cmFnbWVudCBjb21wb25lbnQuCiAgICAgICAgICA8L3Q+CgogICAgICAgICAgPHNlY3Rpb24gdGl0 bGU9J0VuZHBvaW50IFJlcXVlc3QgQ29uZmlkZW50aWFsaXR5Jz4KICAgICAgICAgICAgPHQ+CiAg ICAgICAgICAgICAgVGhlIHJlZGlyZWN0aW9uIGVuZHBvaW50IFNIT1VMRCByZXF1aXJlIHRoZSB1 c2Ugb2YgVExTIGFzIGRlc2NyaWJlZCBpbgogICAgICAgICAgICAgIDx4cmVmIHRhcmdldD0ndGxz JyAvPiB3aGVuIHRoZSByZXF1ZXN0ZWQgcmVzcG9uc2UgdHlwZSBpcwogICAgICAgICAgICAgIDxz cGFueCBzdHlsZT0ndmVyYic+Y29kZTwvc3Bhbng+IG9yIDxzcGFueCBzdHlsZT0ndmVyYic+dG9r ZW48L3NwYW54Piwgb3IKICAgICAgICAgICAgICB3aGVuIHRoZSByZWRpcmVjdGlvbiByZXF1ZXN0 IHdpbGwgcmVzdWx0IGluIHRoZSB0cmFuc21pc3Npb24gb2Ygc2Vuc2l0aXZlIGNyZWRlbnRpYWxz CiAgICAgICAgICAgICAgb3ZlciBhbiBvcGVuIG5ldHdvcmsuIFRoaXMgc3BlY2lmaWNhdGlvbiBk b2VzIG5vdCBtYW5kYXRlIHRoZSB1c2Ugb2YgVExTIGJlY2F1c2UgYXQKICAgICAgICAgICAgICB0 aGUgdGltZSBvZiB0aGlzIHdyaXRpbmcsIHJlcXVpcmluZyBjbGllbnRzIHRvIGRlcGxveSBUTFMg aXMgYSBzaWduaWZpY2FudCBodXJkbGUgZm9yCiAgICAgICAgICAgICAgbWFueSBjbGllbnQgZGV2 ZWxvcGVycy4gSWYgVExTIGlzIG5vdCBhdmFpbGFibGUsIHRoZSBhdXRob3JpemF0aW9uIHNlcnZl ciBTSE9VTEQgd2FybgogICAgICAgICAgICAgIHRoZSByZXNvdXJjZSBvd25lciBhYm91dCB0aGUg aW5zZWN1cmUgZW5kcG9pbnQgcHJpb3IgdG8gcmVkaXJlY3Rpb24gKGUuZy4gZGlzcGxheSBhCiAg ICAgICAgICAgICAgbWVzc2FnZSBkdXJpbmcgdGhlIGF1dGhvcml6YXRpb24gcmVxdWVzdCkuCiAg ICAgICAgICAgIDwvdD4KICAgICAgICAgICAgPHQ+CiAgICAgICAgICAgICAgTGFjayBvZiB0cmFu c3BvcnQtbGF5ZXIgc2VjdXJpdHkgY2FuIGhhdmUgYSBzZXZlcmUgaW1wYWN0IG9uIHRoZSBzZWN1 cml0eSBvZiB0aGUKICAgICAgICAgICAgICBjbGllbnQgYW5kIHRoZSBwcm90ZWN0ZWQgcmVzb3Vy Y2VzIGl0IGlzIGF1dGhvcml6ZWQgdG8gYWNjZXNzLiBUaGUgdXNlIG9mCiAgICAgICAgICAgICAg dHJhbnNwb3J0LWxheWVyIHNlY3VyaXR5IGlzIHBhcnRpY3VsYXJseSBjcml0aWNhbCB3aGVuIHRo ZSBhdXRob3JpemF0aW9uIHByb2Nlc3MgaXMKICAgICAgICAgICAgICB1c2VkIGFzIGEgZm9ybSBv ZiBkZWxlZ2F0ZWQgZW5kLXVzZXIgYXV0aGVudGljYXRpb24gYnkgdGhlIGNsaWVudCAoZS5nLiB0 aGlyZC1wYXJ0eQogICAgICAgICAgICAgIHNpZ24taW4gc2VydmljZSkuCiAgICAgICAgICAgIDwv dD4KICAgICAgICAgIDwvc2VjdGlvbj4KCiAgICAgICAgICA8c2VjdGlvbiB0aXRsZT0nUmVnaXN0 cmF0aW9uIFJlcXVpcmVtZW50cyc+CiAgICAgICAgICAgIDx0PgogICAgICAgICAgICAgIFRoZSBh dXRob3JpemF0aW9uIHNlcnZlciBNVVNUIHJlcXVpcmUgdGhlIGZvbGxvd2luZyBjbGllbnRzIHRv IHJlZ2lzdGVyIHRoZWlyCiAgICAgICAgICAgICAgcmVkaXJlY3Rpb24gZW5kcG9pbnQ6CiAgICAg ICAgICAgIDwvdD4KICAgICAgICAgICAgPHQ+CiAgICAgICAgICAgICAgPGxpc3Qgc3R5bGU9J3N5 bWJvbHMnPgogICAgICAgICAgICAgICAgPHQ+CiAgICAgICAgICAgICAgICAgIFB1YmxpYyBjbGll bnRzLgogICAgICAgICAgICAgICAgPC90PgogICAgICAgICAgICAgICAgPHQ+CiAgICAgICAgICAg ICAgICAgIENvbmZpZGVudGlhbCBjbGllbnRzIHV0aWxpemluZyB0aGUgaW1wbGljaXQgZ3JhbnQg dHlwZS4KICAgICAgICAgICAgICAgIDwvdD4KICAgICAgICAgICAgICA8L2xpc3Q+CiAgICAgICAg ICAgIDwvdD4KICAgICAgICAgICAgPHQ+CiAgICAgICAgICAgICAgVGhlIGF1dGhvcml6YXRpb24g c2VydmVyIFNIT1VMRCByZXF1aXJlIGFsbCBjbGllbnRzIHRvIHJlZ2lzdGVyIHRoZWlyIHJlZGly ZWN0aW9uCiAgICAgICAgICAgICAgZW5kcG9pbnQgcHJpb3IgdG8gdXRpbGl6aW5nIHRoZSBhdXRo b3JpemF0aW9uIGVuZHBvaW50LgogICAgICAgICAgICA8L3Q+CiAgICAgICAgICAgIDx0PgogICAg ICAgICAgICAgIFRoZSBhdXRob3JpemF0aW9uIHNlcnZlciBTSE9VTEQgcmVxdWlyZSB0aGUgY2xp ZW50IHRvIHByb3ZpZGUgdGhlIGNvbXBsZXRlCiAgICAgICAgICAgICAgcmVkaXJlY3Rpb24gVVJJ ICh0aGUgY2xpZW50IE1BWSB1c2UgdGhlIDxzcGFueCBzdHlsZT0ndmVyYic+c3RhdGU8L3NwYW54 PiByZXF1ZXN0CiAgICAgICAgICAgICAgcGFyYW1ldGVyIHRvIGFjaGlldmUgcGVyLXJlcXVlc3Qg Y3VzdG9taXphdGlvbikuIElmIHJlcXVpcmluZyB0aGUgcmVnaXN0cmF0aW9uIG9mCiAgICAgICAg ICAgICAgdGhlIGNvbXBsZXRlIHJlZGlyZWN0aW9uIFVSSSBpcyBub3QgcG9zc2libGUsIHRoZSBh dXRob3JpemF0aW9uIHNlcnZlciBTSE9VTEQgcmVxdWlyZQogICAgICAgICAgICAgIHRoZSByZWdp c3RyYXRpb24gb2YgdGhlIFVSSSBzY2hlbWUsIGF1dGhvcml0eSwgYW5kIHBhdGggKGFsbG93aW5n IHRoZSBjbGllbnQgdG8KICAgICAgICAgICAgICBkeW5hbWljYWxseSB2YXJ5IG9ubHkgdGhlIHF1 ZXJ5IGNvbXBvbmVudCBvZiB0aGUgcmVkaXJlY3Rpb24gVVJJIHdoZW4gcmVxdWVzdGluZwogICAg ICAgICAgICAgIGF1dGhvcml6YXRpb24pLgogICAgICAgICAgICA8L3Q+CiAgICAgICAgICAgIDx0 PgogICAgICAgICAgICAgIFRoZSBhdXRob3JpemF0aW9uIHNlcnZlciBNQVkgYWxsb3cgdGhlIGNs aWVudCB0byByZWdpc3RlciBtdWx0aXBsZSByZWRpcmVjdGlvbgogICAgICAgICAgICAgIGVuZHBv aW50cy4KICAgICAgICAgICAgPC90PgogICAgICAgICAgICA8dD4KICAgICAgICAgICAgICBMYWNr IG9mIGEgcmVkaXJlY3Rpb24gVVJJIHJlZ2lzdHJhdGlvbiByZXF1aXJlbWVudCBjYW4gZW5hYmxl IGFuIGF0dGFja2VyIHRvIHVzZQogICAgICAgICAgICAgIHRoZSBhdXRob3JpemF0aW9uIGVuZHBv aW50IGFzIG9wZW4gcmVkaXJlY3RvciBhcyBkZXNjcmliZWQgaW4KICAgICAgICAgICAgICA8eHJl ZiB0YXJnZXQ9J29wZW4tcmVkaXJlY3QnIC8+LgogICAgICAgICAgICA8L3Q+CiAgICAgICAgICA8 L3NlY3Rpb24+CgogICAgICAgICAgPHNlY3Rpb24gdGl0bGU9J0R5bmFtaWMgQ29uZmlndXJhdGlv bic+CiAgICAgICAgICAgIDx0PgogICAgICAgICAgICAgIElmIG11bHRpcGxlIHJlZGlyZWN0aW9u IFVSSXMgaGF2ZSBiZWVuIHJlZ2lzdGVyZWQsIGlmIG9ubHkgcGFydCBvZiB0aGUgcmVkaXJlY3Rp b24KICAgICAgICAgICAgICBVUkkgaGFzIGJlZW4gcmVnaXN0ZXJlZCwgb3IgaWYgbm8gcmVkaXJl Y3Rpb24gVVJJIGhhcyBiZWVuIHJlZ2lzdGVyZWQsIHRoZSBjbGllbnQKICAgICAgICAgICAgICBN VVNUIGluY2x1ZGUgYSByZWRpcmVjdGlvbiBVUkkgd2l0aCB0aGUgYXV0aG9yaXphdGlvbiByZXF1 ZXN0IHVzaW5nIHRoZQogICAgICAgICAgICAgIDxzcGFueCBzdHlsZT0ndmVyYic+cmVkaXJlY3Rf dXJpPC9zcGFueD4gcmVxdWVzdCBwYXJhbWV0ZXIuCiAgICAgICAgICAgIDwvdD4KICAgICAgICAg ICAgPHQ+CiAgICAgICAgICAgICAgV2hlbiBhIHJlZGlyZWN0aW9uIFVSSSBpcyBpbmNsdWRlZCBp biBhbiBhdXRob3JpemF0aW9uIHJlcXVlc3QsIHRoZSBhdXRob3JpemF0aW9uCiAgICAgICAgICAg ICAgc2VydmVyIE1VU1QgY29tcGFyZSBhbmQgbWF0Y2ggdGhlIHZhbHVlIHJlY2VpdmVkIGFnYWlu c3QgYXQgbGVhc3Qgb25lIG9mIHRoZQogICAgICAgICAgICAgIHJlZ2lzdGVyZWQgcmVkaXJlY3Rp b24gVVJJcyAob3IgVVJJIGNvbXBvbmVudHMpIGFzIGRlZmluZWQgaW4KICAgICAgICAgICAgICA8 eHJlZiB0YXJnZXQ9J1JGQzM5ODYnIC8+IHNlY3Rpb24gNiwgaWYgYW55IHJlZGlyZWN0aW9uIFVS SXMgd2VyZSByZWdpc3RlcmVkLgogICAgICAgICAgICAgIElmIHRoZSBjbGllbnQgcmVnaXN0cmF0 aW9uIGluY2x1ZGVkIHRoZSBmdWxsIHJlZGlyZWN0aW9uIFVSSSwgdGhlIGF1dGhvcml6YXRpb24K ICAgICAgICAgICAgICBzZXJ2ZXIgTVVTVCBjb21wYXJlIHRoZSB0d28gVVJJcyB1c2luZyBzaW1w bGUgc3RyaW5nIGNvbXBhcmlzb24gYXMgZGVmaW5lZAogICAgICAgICAgICAgIGluIDx4cmVmIHRh cmdldD0nUkZDMzk4NicgLz4gc2VjdGlvbiA2LjIuMS4KICAgICAgICAgICAgPC90PgogICAgICAg ICA8L3NlY3Rpb24+CgogICAgICAgICAgPHNlY3Rpb24gdGl0bGU9J0ludmFsaWQgRW5kcG9pbnQn PgogICAgICAgICAgICA8dD4KICAgICAgICAgICAgICBJZiBhbiBhdXRob3JpemF0aW9uIHJlcXVl c3QgZmFpbHMgdmFsaWRhdGlvbiBkdWUgdG8gYSBtaXNzaW5nLCBpbnZhbGlkLCBvcgogICAgICAg ICAgICAgIG1pc21hdGNoaW5nIHJlZGlyZWN0aW9uIFVSSSwgdGhlIGF1dGhvcml6YXRpb24gc2Vy dmVyIFNIT1VMRCBpbmZvcm0gdGhlIHJlc291cmNlCiAgICAgICAgICAgICAgb3duZXIgb2YgdGhl IGVycm9yLCBhbmQgTVVTVCBOT1QgYXV0b21hdGljYWxseSByZWRpcmVjdCB0aGUgdXNlci1hZ2Vu dCB0byB0aGUgaW52YWxpZAogICAgICAgICAgICAgIHJlZGlyZWN0aW9uIFVSSS4KICAgICAgICAg ICAgPC90PgogICAgICAgICAgPC9zZWN0aW9uPgoKICAgICAgICAgIDxzZWN0aW9uIHRpdGxlPSdF bmRwb2ludCBDb250ZW50Jz4KICAgICAgICAgICAgPHQ+CiAgICAgICAgICAgICAgVGhlIHJlZGly ZWN0aW9uIHJlcXVlc3QgdG8gdGhlIGNsaWVudCdzIGVuZHBvaW50IHR5cGljYWxseSByZXN1bHRz IGluIGFuIEhUTUwKICAgICAgICAgICAgICBkb2N1bWVudCByZXNwb25zZSwgcHJvY2Vzc2VkIGJ5 IHRoZSB1c2VyLWFnZW50LiBJZiB0aGUgSFRNTCByZXNwb25zZSBpcyBzZXJ2ZWQKICAgICAgICAg ICAgICBkaXJlY3RseSBhcyB0aGUgcmVzdWx0IG9mIHRoZSByZWRpcmVjdGlvbiByZXF1ZXN0LCBh bnkgc2NyaXB0IGluY2x1ZGVkIGluIHRoZSBIVE1MCiAgICAgICAgICAgICAgZG9jdW1lbnQgd2ls bCBleGVjdXRlIHdpdGggZnVsbCBhY2Nlc3MgdG8gdGhlIHJlZGlyZWN0aW9uIFVSSSBhbmQgdGhl IGNyZWRlbnRpYWxzIGl0CiAgICAgICAgICAgICAgY29udGFpbnMuCiAgICAgICAgICAgIDwvdD4K ICAgICAgICAgICAgPHQ+CiAgICAgICAgICAgICAgVGhlIGNsaWVudCBTSE9VTEQgTk9UIGluY2x1 ZGUgYW55IHRoaXJkLXBhcnR5IHNjcmlwdHMgKGUuZy4gdGhpcmQtcGFydHkgYW5hbHl0aWNzLAog ICAgICAgICAgICAgIHNvY2lhbCBwbHVnLWlucywgYWQgbmV0d29ya3MpIGluIHRoZSByZWRpcmVj dGlvbiBlbmRwb2ludCByZXNwb25zZS4gSW5zdGVhZCwgaXQKICAgICAgICAgICAgICBTSE9VTEQg ZXh0cmFjdCB0aGUgY3JlZGVudGlhbHMgZnJvbSB0aGUgVVJJIGFuZCByZWRpcmVjdCB0aGUgdXNl ci1hZ2VudCBhZ2FpbiB0bwogICAgICAgICAgICAgIGFub3RoZXIgZW5kcG9pbnQgd2l0aG91dCBl eHBvc2luZyB0aGUgY3JlZGVudGlhbHMgKGluIHRoZSBVUkkgb3IgZWxzZXdoZXJlKS4gSWYKICAg ICAgICAgICAgICB0aGlyZC1wYXJ0eSBzY3JpcHRzIGFyZSBpbmNsdWRlZCwgdGhlIGNsaWVudCBN VVNUIGVuc3VyZSB0aGF0IGl0cyBvd24gc2NyaXB0cwogICAgICAgICAgICAgICh1c2VkIHRvIGV4 dHJhY3QgYW5kIHJlbW92ZSB0aGUgY3JlZGVudGlhbHMgZnJvbSB0aGUgVVJJKSB3aWxsIGV4ZWN1 dGUgZmlyc3QuCiAgICAgICAgICAgIDwvdD4KICAgICAgICAgIDwvc2VjdGlvbj4KICAgICAgICAg IAogICAgICAgIDwvc2VjdGlvbj4KCiAgICAgIDwvc2VjdGlvbj4KCiAgICAgIDxzZWN0aW9uIHRp dGxlPSdUb2tlbiBFbmRwb2ludCc+CiAgICAgICAgPHQ+CiAgICAgICAgICBUaGUgdG9rZW4gZW5k cG9pbnQgaXMgdXNlZCBieSB0aGUgY2xpZW50IHRvIG9idGFpbiBhbiBhY2Nlc3MgdG9rZW4gYnkg cHJlc2VudGluZyBpdHMKICAgICAgICAgIGF1dGhvcml6YXRpb24gZ3JhbnQgb3IgcmVmcmVzaCB0 b2tlbi4gVGhlIHRva2VuIGVuZHBvaW50IGlzIHVzZWQgd2l0aCBldmVyeSBhdXRob3JpemF0aW9u CiAgICAgICAgICBncmFudCBleGNlcHQgZm9yIHRoZSBpbXBsaWNpdCBncmFudCB0eXBlIChzaW5j ZSBhbiBhY2Nlc3MgdG9rZW4gaXMgaXNzdWVkIGRpcmVjdGx5KS4KICAgICAgICA8L3Q+CiAgICAg ICAgPHQ+CiAgICAgICAgICBUaGUgbWVhbnMgdGhyb3VnaCB3aGljaCB0aGUgY2xpZW50IG9idGFp bnMgdGhlIGxvY2F0aW9uIG9mIHRoZSB0b2tlbiBlbmRwb2ludCBhcmUKICAgICAgICAgIGJleW9u ZCB0aGUgc2NvcGUgb2YgdGhpcyBzcGVjaWZpY2F0aW9uIGJ1dCBpcyB0eXBpY2FsbHkgcHJvdmlk ZWQgaW4gdGhlIHNlcnZpY2UKICAgICAgICAgIGRvY3VtZW50YXRpb24uCiAgICAgICAgPC90Pgog ICAgICAgIDx0PgogICAgICAgICAgVGhlIGVuZHBvaW50IFVSSSBNQVkgaW5jbHVkZSBhbgogICAg ICAgICAgPHNwYW54IHN0eWxlPSd2ZXJiJz5hcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29k ZWQ8L3NwYW54PiBmb3JtYXR0ZWQKICAgICAgICAgICg8eHJlZiB0YXJnZXQ9J1czQy5SRUMtaHRt bDQwMS0xOTk5MTIyNCcgLz4pIHF1ZXJ5IGNvbXBvbmVudCAoPHhyZWYgdGFyZ2V0PSdSRkMzOTg2 JyAvPgogICAgICAgICAgc2VjdGlvbiAzLjQpLCB3aGljaCBNVVNUIGJlIHJldGFpbmVkIHdoZW4g YWRkaW5nIGFkZGl0aW9uYWwgcXVlcnkgcGFyYW1ldGVycy4gVGhlCiAgICAgICAgICBlbmRwb2lu dCBVUkkgTVVTVCBOT1QgaW5jbHVkZSBhIGZyYWdtZW50IGNvbXBvbmVudC4KICAgICAgICA8L3Q+ CiAgICAgICAgPHQ+CiAgICAgICAgICBTaW5jZSByZXF1ZXN0cyB0byB0aGUgdG9rZW4gZW5kcG9p bnQgcmVzdWx0IGluIHRoZSB0cmFuc21pc3Npb24gb2YgY2xlYXItdGV4dCBjcmVkZW50aWFscwog ICAgICAgICAgKGluIHRoZSBIVFRQIHJlcXVlc3QgYW5kIHJlc3BvbnNlKSwgdGhlIGF1dGhvcml6 YXRpb24gc2VydmVyIE1VU1QgcmVxdWlyZSB0aGUgdXNlIG9mIFRMUwogICAgICAgICAgYXMgZGVz Y3JpYmVkIGluIDx4cmVmIHRhcmdldD0ndGxzJyAvPiB3aGVuIHNlbmRpbmcgcmVxdWVzdHMgdG8g dGhlIHRva2VuIGVuZHBvaW50LgogICAgICAgIDwvdD4KICAgICAgICA8dD4KICAgICAgICAgIFRo ZSBjbGllbnQgTVVTVCB1c2UgdGhlIEhUVFAgPHNwYW54IHN0eWxlPSd2ZXJiJz5QT1NUPC9zcGFu eD4gbWV0aG9kIHdoZW4gbWFraW5nIGFjY2VzcwogICAgICAgICAgdG9rZW4gcmVxdWVzdHMuCiAg ICAgICAgPC90PgogICAgICAgIDx0PgogICAgICAgICAgUGFyYW1ldGVycyBzZW50IHdpdGhvdXQg YSB2YWx1ZSBNVVNUIGJlIHRyZWF0ZWQgYXMgaWYgdGhleSB3ZXJlIG9taXR0ZWQgZnJvbSB0aGUg cmVxdWVzdC4KICAgICAgICAgIFRoZSBhdXRob3JpemF0aW9uIHNlcnZlciBNVVNUIGlnbm9yZSB1 bnJlY29nbml6ZWQgcmVxdWVzdCBwYXJhbWV0ZXJzLiBSZXF1ZXN0IGFuZAogICAgICAgICAgcmVz cG9uc2UgcGFyYW1ldGVycyBNVVNUIE5PVCBiZSBpbmNsdWRlZCBtb3JlIHRoYW4gb25jZS4KICAg ICAgICA8L3Q+CgogICAgICAgIDxzZWN0aW9uIHRpdGxlPSdDbGllbnQgQXV0aGVudGljYXRpb24n IGFuY2hvcj0ndG9rZW4tZW5kcG9pbnQtYXV0aCc+CiAgICAgICAgICA8dD4KICAgICAgICAgICAg Q29uZmlkZW50aWFsIGNsaWVudHMgb3Igb3RoZXIgY2xpZW50cyBpc3N1ZWQgY2xpZW50IGNyZWRl bnRpYWxzIE1VU1QgYXV0aGVudGljYXRlIHdpdGgKICAgICAgICAgICAgdGhlIGF1dGhvcml6YXRp b24gc2VydmVyIGFzIGRlc2NyaWJlZCBpbiA8eHJlZiB0YXJnZXQ9J2NsaWVudC1hdXRoZW50aWNh dGlvbicgLz4gd2hlbgogICAgICAgICAgICBtYWtpbmcgcmVxdWVzdHMgdG8gdGhlIHRva2VuIGVu ZHBvaW50LiBDbGllbnQgYXV0aGVudGljYXRpb24gaXMgdXNlZCBmb3I6CiAgICAgICAgICA8L3Q+ CiAgICAgICAgICA8dD4KICAgICAgICAgICAgPGxpc3Qgc3R5bGU9J3N5bWJvbHMnPgogICAgICAg ICAgICAgIDx0PgogICAgICAgICAgICAgICAgRW5mb3JjaW5nIHRoZSBiaW5kaW5nIG9mIHJlZnJl c2ggdG9rZW5zIGFuZCBhdXRob3JpemF0aW9uIGNvZGVzIHRvIHRoZSBjbGllbnQgdGhleQogICAg ICAgICAgICAgICAgd2VyZSBpc3N1ZWQgdG8uIENsaWVudCBhdXRoZW50aWNhdGlvbiBpcyBjcml0 aWNhbCB3aGVuIGFuIGF1dGhvcml6YXRpb24gY29kZSBpcwogICAgICAgICAgICAgICAgdHJhbnNt aXR0ZWQgdG8gdGhlIHJlZGlyZWN0aW9uIGVuZHBvaW50IG92ZXIgYW4gaW5zZWN1cmUgY2hhbm5l bCwgb3Igd2hlbiB0aGUKICAgICAgICAgICAgICAgIHJlZGlyZWN0aW9uIFVSSSBoYXMgbm90IGJl ZW4gcmVnaXN0ZXJlZCBpbiBmdWxsLgogICAgICAgICAgICAgIDwvdD4KICAgICAgICAgICAgICA8 dD4KICAgICAgICAgICAgICAgIFJlY292ZXJpbmcgZnJvbSBhIGNvbXByb21pc2VkIGNsaWVudCBi eSBkaXNhYmxpbmcgdGhlIGNsaWVudCBvciBjaGFuZ2luZyBpdHMKICAgICAgICAgICAgICAgIGNy ZWRlbnRpYWxzLCB0aHVzIHByZXZlbnRpbmcgYW4gYXR0YWNrZXIgZnJvbSBhYnVzaW5nIHN0b2xl biByZWZyZXNoIHRva2Vucy4gQ2hhbmdpbmcKICAgICAgICAgICAgICAgIGEgc2luZ2xlIHNldCBv ZiBjbGllbnQgY3JlZGVudGlhbHMgaXMgc2lnbmlmaWNhbnRseSBmYXN0ZXIgdGhhbiByZXZva2lu ZyBhbiBlbnRpcmUKICAgICAgICAgICAgICAgIHNldCBvZiByZWZyZXNoIHRva2Vucy4KICAgICAg ICAgICAgICA8L3Q+CiAgICAgICAgICAgICAgPHQ+CiAgICAgICAgICAgICAgICBJbXBsZW1lbnRp bmcgYXV0aGVudGljYXRpb24gbWFuYWdlbWVudCBiZXN0IHByYWN0aWNlcyB3aGljaCByZXF1aXJl IHBlcmlvZGljCiAgICAgICAgICAgICAgICBjcmVkZW50aWFsIHJvdGF0aW9uLiBSb3RhdGlvbiBv ZiBhbiBlbnRpcmUgc2V0IG9mIHJlZnJlc2ggdG9rZW5zIGNhbiBiZQogICAgICAgICAgICAgICAg Y2hhbGxlbmdpbmcsIHdoaWxlIHJvdGF0aW9uIG9mIGEgc2luZ2xlIHNldCBvZiBjbGllbnQgY3Jl ZGVudGlhbHMgaXMgc2lnbmlmaWNhbnRseQogICAgICAgICAgICAgICAgZWFzaWVyLgogICAgICAg ICAgICAgIDwvdD4KICAgICAgICAgICAgPC9saXN0PgogICAgICAgICAgPC90PgoJICA8dD4KCSAg ICBBIHB1YmxpYyBjbGllbnQgdGhhdCB3YXMgbm90IGlzc3VlZCBhIGNsaWVudCBwYXNzd29yZCBN VVNUIHVzZSB0aGUKCSAgICA8c3Bhbnggc3R5bGU9J3ZlcmInPmNsaWVudF9pZDwvc3Bhbng+IHJl cXVlc3QgcGFyYW1ldGVyIHRvIGlkZW50aWZ5IGl0c2VsZiB3aGVuIHNlbmRpbmcKCSAgICByZXF1 ZXN0cyB0byB0aGUgdG9rZW4gZW5kcG9pbnQuICBUaGlzIGFsbG93cyB0aGUgYXV0aG9yaXphdGlv biBzZXJ2ZXIgCgkgICAgdG8gZW5zdXJlIHRoYXQgdGhlIGNvZGUgd2FzIGlzc3VlZCB0byB0aGUg c2FtZSBjbGllbnQuICAKCSAgICBTZW5kaW5nIDxzcGFueCBzdHlsZT0ndmVyYic+Y2xpZW50X2lk PC9zcGFueD4gcHJldmVudHMgdGhlIGNsaWVudCBmcm9tCgkgICAgaW5hZHZlcnRlbnRseSBhY2Nl cHRpbmcgYSBjb2RlIGludGVuZGVkIGZvciBhIGNsaWVudCB3aXRoIGEgZGlmZmVyZW50CgkgICAg PHNwYW54IHN0eWxlPSd2ZXJiJz5jbGllbnRfaWQ8L3NwYW54Pi4gIFRoaXMgcHJvdGVjdHMgdGhl IGNsaWVudCBmcm9tIHN1YnN0aXR1dGlvbiBvZiB0aGUKCSAgICBhdXRoZW50aWNhdGlvbiBjb2Rl LiAgKEl0IHByb3ZpZGVzIG5vIGFkZGl0aW9uYWwgc2VjdXJpdHkgZm9yIHRoZQoJICAgIHByb3Rl Y3RlZCByZXNvdXJjZS4pCgkgIDwvdD4KICAgICAgICA8L3NlY3Rpb24+CgogICAgICA8L3NlY3Rp b24+CgogICAgICA8c2VjdGlvbiB0aXRsZT0nQWNjZXNzIFRva2VuIFNjb3BlJyBhbmNob3I9J3Nj b3BlJz4KICAgICAgICA8dD4KICAgICAgICAgIFRoZSBhdXRob3JpemF0aW9uIGFuZCB0b2tlbiBl bmRwb2ludHMgYWxsb3cgdGhlIGNsaWVudCB0byBzcGVjaWZ5IHRoZSBzY29wZSBvZiB0aGUgYWNj ZXNzCiAgICAgICAgICByZXF1ZXN0IHVzaW5nIHRoZSA8c3Bhbnggc3R5bGU9J3ZlcmInPnNjb3Bl PC9zcGFueD4gcmVxdWVzdCBwYXJhbWV0ZXIuIEluIHR1cm4sIHRoZQogICAgICAgICAgYXV0aG9y aXphdGlvbiBzZXJ2ZXIgdXNlcyB0aGUgPHNwYW54IHN0eWxlPSd2ZXJiJz5zY29wZTwvc3Bhbng+ IHJlc3BvbnNlIHBhcmFtZXRlciB0bwogICAgICAgICAgaW5mb3JtIHRoZSBjbGllbnQgb2YgdGhl IHNjb3BlIG9mIHRoZSBhY2Nlc3MgdG9rZW4gaXNzdWVkLgogICAgICAgIDwvdD4KICAgICAgICA8 dD4KICAgICAgICAgIFRoZSB2YWx1ZSBvZiB0aGUgc2NvcGUgcGFyYW1ldGVyIGlzIGV4cHJlc3Nl ZCBhcyBhIGxpc3Qgb2Ygc3BhY2UtZGVsaW1pdGVkLCBjYXNlCiAgICAgICAgICBzZW5zaXRpdmUg c3RyaW5ncy4gVGhlIHN0cmluZ3MgYXJlIGRlZmluZWQgYnkgdGhlIGF1dGhvcml6YXRpb24gc2Vy dmVyLiBJZiB0aGUgdmFsdWUKICAgICAgICAgIGNvbnRhaW5zIG11bHRpcGxlIHNwYWNlLWRlbGlt aXRlZCBzdHJpbmdzLCB0aGVpciBvcmRlciBkb2VzIG5vdCBtYXR0ZXIsIGFuZCBlYWNoIHN0cmlu ZwogICAgICAgICAgYWRkcyBhbiBhZGRpdGlvbmFsIGFjY2VzcyByYW5nZSB0byB0aGUgcmVxdWVz dGVkIHNjb3BlLgogICAgICAgIDwvdD4KICAgICAgICA8ZmlndXJlPgogICAgICAgICAgPGFydHdv cms+PCFbQ0RBVEFbCiAgc2NvcGUgICAgICAgPSBzY29wZS10b2tlbiAqKCBTUCBzY29wZS10b2tl biApCiAgc2NvcGUtdG9rZW4gPSAxKiggJXgyMSAvICV4MjMtNUIgLyAleDVELTdFICkKXV0+PC9h cnR3b3JrPgogICAgICAgIDwvZmlndXJlPgogICAgICAgIDx0PgogICAgICAgICAgVGhlIGF1dGhv cml6YXRpb24gc2VydmVyIE1BWSBmdWxseSBvciBwYXJ0aWFsbHkgaWdub3JlIHRoZSBzY29wZSBy ZXF1ZXN0ZWQgYnkgdGhlIGNsaWVudAogICAgICAgICAgYmFzZWQgb24gdGhlIGF1dGhvcml6YXRp b24gc2VydmVyIHBvbGljeSBvciB0aGUgcmVzb3VyY2Ugb3duZXIncyBpbnN0cnVjdGlvbnMuIElm IHRoZQogICAgICAgICAgaXNzdWVkIGFjY2VzcyB0b2tlbiBzY29wZSBpcyBkaWZmZXJlbnQgZnJv bSB0aGUgb25lIHJlcXVlc3RlZCBieSB0aGUgY2xpZW50LCB0aGUKICAgICAgICAgIGF1dGhvcml6 YXRpb24gc2VydmVyIE1VU1QgaW5jbHVkZSB0aGUgPHNwYW54IHN0eWxlPSd2ZXJiJz5zY29wZTwv c3Bhbng+IHJlc3BvbnNlCiAgICAgICAgICBwYXJhbWV0ZXIgdG8gaW5mb3JtIHRoZSBjbGllbnQg b2YgdGhlIGFjdHVhbCBzY29wZSBncmFudGVkLgogICAgICAgIDwvdD4KICAgICAgICA8dD4KICAg ICAgICAgIElmIHRoZSBjbGllbnQgb21pdHMgdGhlIHNjb3BlIHBhcmFtZXRlciB3aGVuIHJlcXVl c3RpbmcgYXV0aG9yaXphdGlvbiwgdGhlIGF1dGhvcml6YXRpb24KICAgICAgICAgIHNlcnZlciBN VVNUIGVpdGhlciBwcm9jZXNzIHRoZSByZXF1ZXN0IHVzaW5nIGEgcHJlLWRlZmluZWQgZGVmYXVs dCB2YWx1ZSwgb3IgZmFpbCB0aGUKICAgICAgICAgIHJlcXVlc3QgaW5kaWNhdGluZyBhbiBpbnZh bGlkIHNjb3BlLiBUaGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgU0hPVUxEIGRvY3VtZW50IGl0cyBz Y29wZQogICAgICAgICAgcmVxdWlyZW1lbnRzIGFuZCBkZWZhdWx0IHZhbHVlIChpZiBkZWZpbmVk KS4KICAgICAgICA8L3Q+CiAgICAgIDwvc2VjdGlvbj4KCiAgICA8L3NlY3Rpb24+CgogICAgPHNl Y3Rpb24gdGl0bGU9J09idGFpbmluZyBBdXRob3JpemF0aW9uJz4KICAgICAgPHQ+CiAgICAgICAg VG8gcmVxdWVzdCBhbiBhY2Nlc3MgdG9rZW4sIHRoZSBjbGllbnQgb2J0YWlucyBhdXRob3JpemF0 aW9uIGZyb20gdGhlIHJlc291cmNlIG93bmVyLiBUaGUKICAgICAgICBhdXRob3JpemF0aW9uIGlz IGV4cHJlc3NlZCBpbiB0aGUgZm9ybSBvZiBhbiBhdXRob3JpemF0aW9uIGdyYW50IHdoaWNoIHRo ZSBjbGllbnQgdXNlcyB0bwogICAgICAgIHJlcXVlc3QgdGhlIGFjY2VzcyB0b2tlbi4gT0F1dGgg ZGVmaW5lcyBmb3VyIGdyYW50IHR5cGVzOiBhdXRob3JpemF0aW9uIGNvZGUsIGltcGxpY2l0LAog ICAgICAgIHJlc291cmNlIG93bmVyIHBhc3N3b3JkIGNyZWRlbnRpYWxzLCBhbmQgY2xpZW50IGNy ZWRlbnRpYWxzLiBJdCBhbHNvIHByb3ZpZGVzIGFuIGV4dGVuc2lvbgogICAgICAgIG1lY2hhbmlz bSBmb3IgZGVmaW5pbmcgYWRkaXRpb25hbCBncmFudCB0eXBlcy4KICAgICAgPC90PgoKICAgICAg PHNlY3Rpb24gdGl0bGU9J0F1dGhvcml6YXRpb24gQ29kZSBHcmFudCcgYW5jaG9yPSdncmFudC1j b2RlJz4KICAgICAgICA8dD4KICAgICAgICAgIFRoZSBhdXRob3JpemF0aW9uIGNvZGUgZ3JhbnQg dHlwZSBpcyB1c2VkIHRvIG9idGFpbiBib3RoIGFjY2VzcyB0b2tlbnMgYW5kIHJlZnJlc2gKICAg ICAgICAgIHRva2VucyBhbmQgaXMgb3B0aW1pemVkIGZvciBjb25maWRlbnRpYWwgY2xpZW50cy4g QXMgYSByZWRpcmVjdGlvbi1iYXNlZCBmbG93LCB0aGUgY2xpZW50CiAgICAgICAgICBtdXN0IGJl IGNhcGFibGUgb2YgaW50ZXJhY3Rpbmcgd2l0aCB0aGUgcmVzb3VyY2Ugb3duZXIncyB1c2VyLWFn ZW50ICh0eXBpY2FsbHkgYSB3ZWIKICAgICAgICAgIGJyb3dzZXIpIGFuZCBjYXBhYmxlIG9mIHJl Y2VpdmluZyBpbmNvbWluZyByZXF1ZXN0cyAodmlhIHJlZGlyZWN0aW9uKSBmcm9tIHRoZQogICAg ICAgICAgYXV0aG9yaXphdGlvbiBzZXJ2ZXIuCiAgICAgICAgPC90PgogICAgICAgIDxmaWd1cmUg dGl0bGU9J0F1dGhvcml6YXRpb24gQ29kZSBGbG93JyBhbmNob3I9J0ZpZ3VyZS0zJz4KCSAgPGFy dHdvcms+PCFbQ0RBVEFbCiAgKy0tLS0tLS0tLS0rCiAgfCByZXNvdXJjZSB8CiAgfCAgIG93bmVy ICB8CiAgfCAgICAgICAgICB8CiAgKy0tLS0tLS0tLS0rCiAgICAgICBeCiAgICAgICB8CiAgICAg IChCKSAgICAgIAogICstLS0tfC0tLS0tKyAgICAgICAgICBDbGllbnQgSWRlbnRpZmllciAgICAg ICstLS0tLS0tLS0tLS0tLS0rCiAgfCAgICAgICAgIC0rLS0tLShBKS0tICYgUmVkaXJlY3Rpb24g VVJJIC0tLS0+fCAgICAgICAgICAgICAgIHwKICB8ICBVc2VyLSAgIHwgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICB8IEF1dGhvcml6YXRpb24gfAogIHwgIEFnZW50ICAtKy0tLS0oQikt LSBVc2VyIGF1dGhlbnRpY2F0ZXMgLS0tPnwgICAgIFNlcnZlciAgICB8CiAgfCAgICAgICAgICB8 ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgfCAgICAgICAgICAgICAgIHwKICB8ICAg ICAgICAgLSstLS0tKEMpLS0gQXV0aG9yaXphdGlvbiBDb2RlIC0tLTx8ICAgICAgICAgICAgICAg fAogICstfC0tLS18LS0tKyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICstLS0tLS0t LS0tLS0tLS0rCiAgICB8ICAgIHwgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgIF4gICAgICB2CiAgIChBKSAgKEMpICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgIHwgICAgICB8CiAgICB8ICAgIHwgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgIHwgICAgICB8CiAgICBeICAgIHYgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgIHwgICAgICB8CiAgKy0tLS0tLS0tLSsgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgIHwgICAgICB8CiAgfCAgICAgICAgIHw+LS0tKEQpLS0gQXV0aG9yaXph dGlvbiBDb2RlIC0tLS0tLS0tLScgICAgICB8CiAgfCAgQ2xpZW50IHwgICAgICAgICAgJiBSZWRp cmVjdGlvbiBVUkkgICAgICAgICAgICAgICAgICB8CiAgfCAgICAgICAgIHwgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICB8CiAgfCAgICAgICAgIHw8LS0tKEUpLS0t LS0gQWNjZXNzIFRva2VuIC0tLS0tLS0tLS0tLS0tLS0tLS0nCiAgKy0tLS0tLS0tLSsgICAgICAg KHcvIE9wdGlvbmFsIFJlZnJlc2ggVG9rZW4pCl1dPjwvYXJ0d29yaz4KICAgICAgICAgIDxwb3N0 YW1ibGU+CiAgICAgICAgICAgIE5vdGU6IFRoZSBsaW5lcyBpbGx1c3RyYXRpbmcgc3RlcHMgQSwg QiwgYW5kIEMgYXJlIGJyb2tlbiBpbnRvIHR3byBwYXJ0cyBhcyB0aGV5IHBhc3MKICAgICAgICAg ICAgdGhyb3VnaCB0aGUgdXNlci1hZ2VudC4KICAgICAgICAgIDwvcG9zdGFtYmxlPgogICAgICAg IDwvZmlndXJlPgogICAgICAgIDx0PgogICAgICAgICAgVGhlIGZsb3cgaWxsdXN0cmF0ZWQgaW4g PHhyZWYgdGFyZ2V0PSdGaWd1cmUtMycgLz4gaW5jbHVkZXMgdGhlIGZvbGxvd2luZyBzdGVwczoK ICAgICAgICA8L3Q+CiAgICAgICAgPHQ+CiAgICAgICAgICA8bGlzdCBzdHlsZT0nZm9ybWF0ICgl QyknPgogICAgICAgICAgICA8dD4KICAgICAgICAgICAgICBUaGUgY2xpZW50IGluaXRpYXRlcyB0 aGUgZmxvdyBieSBkaXJlY3RpbmcgdGhlIHJlc291cmNlIG93bmVyJ3MgdXNlci1hZ2VudCB0byB0 aGUKICAgICAgICAgICAgICBhdXRob3JpemF0aW9uIGVuZHBvaW50LiBUaGUgY2xpZW50IGluY2x1 ZGVzIGl0cyBjbGllbnQgaWRlbnRpZmllciwgcmVxdWVzdGVkCiAgICAgICAgICAgICAgc2NvcGUs IGxvY2FsIHN0YXRlLCBhbmQgYSByZWRpcmVjdGlvbiBVUkkgdG8gd2hpY2ggdGhlIGF1dGhvcml6 YXRpb24gc2VydmVyIHdpbGwgc2VuZAogICAgICAgICAgICAgIHRoZSB1c2VyLWFnZW50IGJhY2sg b25jZSBhY2Nlc3MgaXMgZ3JhbnRlZCAob3IgZGVuaWVkKS4KICAgICAgICAgICAgPC90PgogICAg ICAgICAgICA8dD4KICAgICAgICAgICAgICBUaGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgYXV0aGVu dGljYXRlcyB0aGUgcmVzb3VyY2Ugb3duZXIgKHZpYSB0aGUgdXNlci1hZ2VudCkgYW5kCiAgICAg ICAgICAgICAgZXN0YWJsaXNoZXMgd2hldGhlciB0aGUgcmVzb3VyY2Ugb3duZXIgZ3JhbnRzIG9y IGRlbmllcyB0aGUgY2xpZW50J3MgYWNjZXNzIHJlcXVlc3QuCiAgICAgICAgICAgIDwvdD4KICAg ICAgICAgICAgPHQ+CiAgICAgICAgICAgICAgQXNzdW1pbmcgdGhlIHJlc291cmNlIG93bmVyIGdy YW50cyBhY2Nlc3MsIHRoZSBhdXRob3JpemF0aW9uIHNlcnZlciByZWRpcmVjdHMgdGhlCiAgICAg ICAgICAgICAgdXNlci1hZ2VudCBiYWNrIHRvIHRoZSBjbGllbnQgdXNpbmcgdGhlIHJlZGlyZWN0 aW9uIFVSSSBwcm92aWRlZCBlYXJsaWVyIChpbiB0aGUKICAgICAgICAgICAgICByZXF1ZXN0IG9y IGR1cmluZyBjbGllbnQgcmVnaXN0cmF0aW9uKS4gVGhlIHJlZGlyZWN0aW9uIFVSSSBpbmNsdWRl cyBhbiBhdXRob3JpemF0aW9uCiAgICAgICAgICAgICAgY29kZSBhbmQgYW55IGxvY2FsIHN0YXRl IHByb3ZpZGVkIGJ5IHRoZSBjbGllbnQgZWFybGllci4KICAgICAgICAgICAgPC90PgogICAgICAg ICAgICA8dD4KICAgICAgICAgICAgICBUaGUgY2xpZW50IHJlcXVlc3RzIGFuIGFjY2VzcyB0b2tl biBmcm9tIHRoZSBhdXRob3JpemF0aW9uIHNlcnZlcidzIHRva2VuIGVuZHBvaW50CiAgICAgICAg ICAgICAgYnkgaW5jbHVkaW5nIHRoZSBhdXRob3JpemF0aW9uIGNvZGUgcmVjZWl2ZWQgaW4gdGhl IHByZXZpb3VzIHN0ZXAuIFdoZW4gbWFraW5nIHRoZQogICAgICAgICAgICAgIHJlcXVlc3QsIHRo ZSBjbGllbnQgYXV0aGVudGljYXRlcyB3aXRoIHRoZSBhdXRob3JpemF0aW9uIHNlcnZlci4gVGhl IGNsaWVudCBpbmNsdWRlcwogICAgICAgICAgICAgIHRoZSByZWRpcmVjdGlvbiBVUkkgdXNlZCB0 byBvYnRhaW4gdGhlIGF1dGhvcml6YXRpb24gY29kZSBmb3IgdmVyaWZpY2F0aW9uLgogICAgICAg ICAgICA8L3Q+CiAgICAgICAgICAgIDx0PgogICAgICAgICAgICAgIFRoZSBhdXRob3JpemF0aW9u IHNlcnZlciBhdXRoZW50aWNhdGVzIHRoZSBjbGllbnQsIHZhbGlkYXRlcyB0aGUgYXV0aG9yaXph dGlvbiBjb2RlLAogICAgICAgICAgICAgIGFuZCBlbnN1cmVzIHRoZSByZWRpcmVjdGlvbiBVUkkg cmVjZWl2ZWQgbWF0Y2hlcyB0aGUgVVJJIHVzZWQgdG8gcmVkaXJlY3QgdGhlIGNsaWVudAogICAg ICAgICAgICAgIGluIHN0ZXAgKEMpLiBJZiB2YWxpZCwgdGhlIGF1dGhvcml6YXRpb24gc2VydmVy IHJlc3BvbmRzIGJhY2sgd2l0aCBhbiBhY2Nlc3MgdG9rZW4KICAgICAgICAgICAgICBhbmQgb3B0 aW9uYWxseSwgYSByZWZyZXNoIHRva2VuLgogICAgICAgICAgICA8L3Q+CiAgICAgICAgICA8L2xp c3Q+CiAgICAgICAgPC90PgoKICAgICAgICA8c2VjdGlvbiB0aXRsZT0nQXV0aG9yaXphdGlvbiBS ZXF1ZXN0JyBhbmNob3I9J2NvZGUtYXV0aHotcmVxJz4KICAgICAgICAgIDx0PgogICAgICAgICAg ICBUaGUgY2xpZW50IGNvbnN0cnVjdHMgdGhlIHJlcXVlc3QgVVJJIGJ5IGFkZGluZyB0aGUgZm9s bG93aW5nIHBhcmFtZXRlcnMgdG8gdGhlCiAgICAgICAgICAgIHF1ZXJ5IGNvbXBvbmVudCBvZiB0 aGUgYXV0aG9yaXphdGlvbiBlbmRwb2ludCBVUkkgdXNpbmcgdGhlCiAgICAgICAgICAgIDxzcGFu eCBzdHlsZT0ndmVyYic+YXBwbGljYXRpb24veC13d3ctZm9ybS11cmxlbmNvZGVkPC9zcGFueD4g Zm9ybWF0CiAgICAgICAgICAgIDx4cmVmIHRhcmdldD0nVzNDLlJFQy1odG1sNDAxLTE5OTkxMjI0 JyAvPjoKICAgICAgICAgIDwvdD4KICAgICAgICAgIDx0PgogICAgICAgICAgICA8bGlzdCBzdHls ZT0naGFuZ2luZycgaGFuZ0luZGVudD0nNic+CiAgICAgICAgICAgICAgPHQgaGFuZ1RleHQ9J3Jl c3BvbnNlX3R5cGUnPgogICAgICAgICAgICAgICAgPHZzcGFjZSAvPgogICAgICAgICAgICAgICAg UkVRVUlSRUQuIFZhbHVlIE1VU1QgYmUgc2V0IHRvIDxzcGFueCBzdHlsZT0ndmVyYic+Y29kZTwv c3Bhbng+LgogICAgICAgICAgICAgIDwvdD4KICAgICAgICAgICAgICA8dCBoYW5nVGV4dD0nY2xp ZW50X2lkJz4KICAgICAgICAgICAgICAgIDx2c3BhY2UgLz4KICAgICAgICAgICAgICAgIFJFUVVJ UkVELiBUaGUgY2xpZW50IGlkZW50aWZpZXIgYXMgZGVzY3JpYmVkIGluCiAgICAgICAgICAgICAg ICA8eHJlZiB0YXJnZXQ9J2NsaWVudC1pZGVudGlmaWVyJyAvPi4KICAgICAgICAgICAgICA8L3Q+ CiAgICAgICAgICAgICAgPHQgaGFuZ1RleHQ9J3JlZGlyZWN0X3VyaSc+CiAgICAgICAgICAgICAg ICA8dnNwYWNlIC8+CiAgICAgICAgICAgICAgICBPUFRJT05BTC4gQXMgZGVzY3JpYmVkIGluIDx4 cmVmIHRhcmdldD0ncmVkaXJlY3QtdXJpJyAvPi4KICAgICAgICAgICAgICA8L3Q+CiAgICAgICAg ICAgICAgPHQgaGFuZ1RleHQ9J3Njb3BlJz4KICAgICAgICAgICAgICAgIDx2c3BhY2UgLz4KICAg ICAgICAgICAgICAgIE9QVElPTkFMLiBUaGUgc2NvcGUgb2YgdGhlIGFjY2VzcyByZXF1ZXN0IGFz IGRlc2NyaWJlZCBieSA8eHJlZiB0YXJnZXQ9J3Njb3BlJyAvPi4KICAgICAgICAgICAgICA8L3Q+ CiAgICAgICAgICAgICAgPHQgaGFuZ1RleHQ9J3N0YXRlJz4KICAgICAgICAgICAgICAgIDx2c3Bh Y2UgLz4KICAgICAgICAgICAgICAgIFJFQ09NTUVOREVELiBBbiBvcGFxdWUgdmFsdWUgdXNlZCBi eSB0aGUgY2xpZW50IHRvIG1haW50YWluIHN0YXRlIGJldHdlZW4gdGhlIHJlcXVlc3QKICAgICAg ICAgICAgICAgIGFuZCBjYWxsYmFjay4gVGhlIGF1dGhvcml6YXRpb24gc2VydmVyIGluY2x1ZGVz IHRoaXMgdmFsdWUgd2hlbiByZWRpcmVjdGluZyB0aGUKICAgICAgICAgICAgICAgIHVzZXItYWdl bnQgYmFjayB0byB0aGUgY2xpZW50LiBUaGUgcGFyYW1ldGVyIFNIT1VMRCBiZSB1c2VkIGZvciBw cmV2ZW50aW5nCiAgICAgICAgICAgICAgICBjcm9zcy1zaXRlIHJlcXVlc3QgZm9yZ2VyeSBhcyBk ZXNjcmliZWQgaW4gPHhyZWYgdGFyZ2V0PSdDU1JGJyAvPi4KICAgICAgICAgICAgICA8L3Q+CiAg ICAgICAgICAgIDwvbGlzdD4KICAgICAgICAgIDwvdD4KICAgICAgICAgIDx0PgogICAgICAgICAg ICBUaGUgY2xpZW50IGRpcmVjdHMgdGhlIHJlc291cmNlIG93bmVyIHRvIHRoZSBjb25zdHJ1Y3Rl ZCBVUkkgdXNpbmcgYW4gSFRUUCByZWRpcmVjdGlvbgogICAgICAgICAgICByZXNwb25zZSwgb3Ig Ynkgb3RoZXIgbWVhbnMgYXZhaWxhYmxlIHRvIGl0IHZpYSB0aGUgdXNlci1hZ2VudC4KICAgICAg ICAgIDwvdD4KICAgICAgICAgIDxmaWd1cmU+CiAgICAgICAgICAgIDxwcmVhbWJsZT4KICAgICAg ICAgICAgICBGb3IgZXhhbXBsZSwgdGhlIGNsaWVudCBkaXJlY3RzIHRoZSB1c2VyLWFnZW50IHRv IG1ha2UgdGhlIGZvbGxvd2luZyBIVFRQIHJlcXVlc3QKICAgICAgICAgICAgICB1c2luZyBUTFMg KGV4dHJhIGxpbmUgYnJlYWtzIGFyZSBmb3IgZGlzcGxheSBwdXJwb3NlcyBvbmx5KToKICAgICAg ICAgICAgPC9wcmVhbWJsZT4KICAgICAgICAgICAgPGFydHdvcms+PCFbQ0RBVEFbCiAgR0VUIC9h dXRob3JpemU/cmVzcG9uc2VfdHlwZT1jb2RlJmNsaWVudF9pZD1zNkJoZFJrcXQzJnN0YXRlPXh5 egogICAgICAmcmVkaXJlY3RfdXJpPWh0dHBzJTNBJTJGJTJGY2xpZW50JTJFZXhhbXBsZSUyRWNv bSUyRmNiIEhUVFAvMS4xCiAgSG9zdDogc2VydmVyLmV4YW1wbGUuY29tCl1dPjwvYXJ0d29yaz4K ICAgICAgICAgIDwvZmlndXJlPgogICAgICAgICAgPHQ+CiAgICAgICAgICAgIFRoZSBhdXRob3Jp emF0aW9uIHNlcnZlciB2YWxpZGF0ZXMgdGhlIHJlcXVlc3QgdG8gZW5zdXJlIGFsbCByZXF1aXJl ZCBwYXJhbWV0ZXJzIGFyZQogICAgICAgICAgICBwcmVzZW50IGFuZCB2YWxpZC4gSWYgdGhlIHJl cXVlc3QgaXMgdmFsaWQsIHRoZSBhdXRob3JpemF0aW9uIHNlcnZlciBhdXRoZW50aWNhdGVzIHRo ZQogICAgICAgICAgICByZXNvdXJjZSBvd25lciBhbmQgb2J0YWlucyBhbiBhdXRob3JpemF0aW9u IGRlY2lzaW9uIChieSBhc2tpbmcgdGhlIHJlc291cmNlIG93bmVyIG9yCiAgICAgICAgICAgIGJ5 IGVzdGFibGlzaGluZyBhcHByb3ZhbCB2aWEgb3RoZXIgbWVhbnMpLgogICAgICAgICAgPC90Pgog ICAgICAgICAgPHQ+CiAgICAgICAgICAgIFdoZW4gYSBkZWNpc2lvbiBpcyBlc3RhYmxpc2hlZCwg dGhlIGF1dGhvcml6YXRpb24gc2VydmVyIGRpcmVjdHMgdGhlIHVzZXItYWdlbnQgdG8gdGhlCiAg ICAgICAgICAgIHByb3ZpZGVkIGNsaWVudCByZWRpcmVjdGlvbiBVUkkgdXNpbmcgYW4gSFRUUCBy ZWRpcmVjdGlvbiByZXNwb25zZSwgb3IgYnkgb3RoZXIgbWVhbnMKICAgICAgICAgICAgYXZhaWxh YmxlIHRvIGl0IHZpYSB0aGUgdXNlci1hZ2VudC4KICAgICAgICAgIDwvdD4KICAgICAgICA8L3Nl Y3Rpb24+CgogICAgICAgIDxzZWN0aW9uIHRpdGxlPSdBdXRob3JpemF0aW9uIFJlc3BvbnNlJyBh bmNob3I9ImNvZGUtYXV0aHotcmVzcCI+CiAgICAgICAgICA8dD4KICAgICAgICAgICAgSWYgdGhl IHJlc291cmNlIG93bmVyIGdyYW50cyB0aGUgYWNjZXNzIHJlcXVlc3QsIHRoZSBhdXRob3JpemF0 aW9uIHNlcnZlciBpc3N1ZXMgYW4KICAgICAgICAgICAgYXV0aG9yaXphdGlvbiBjb2RlIGFuZCBk ZWxpdmVycyBpdCB0byB0aGUgY2xpZW50IGJ5IGFkZGluZyB0aGUgZm9sbG93aW5nIHBhcmFtZXRl cnMgdG8KICAgICAgICAgICAgdGhlIHF1ZXJ5IGNvbXBvbmVudCBvZiB0aGUgcmVkaXJlY3Rpb24g VVJJIHVzaW5nIHRoZQogICAgICAgICAgICA8c3Bhbnggc3R5bGU9J3ZlcmInPmFwcGxpY2F0aW9u L3gtd3d3LWZvcm0tdXJsZW5jb2RlZDwvc3Bhbng+IGZvcm1hdDoKICAgICAgICAgIDwvdD4KICAg ICAgICAgIDx0PgogICAgICAgICAgICA8bGlzdCBzdHlsZT0naGFuZ2luZycgaGFuZ0luZGVudD0n Nic+CiAgICAgICAgICAgICAgPHQgaGFuZ1RleHQ9J2NvZGUnPgogICAgICAgICAgICAgICAgPHZz cGFjZSAvPgogICAgICAgICAgICAgICAgUkVRVUlSRUQuIFRoZSBhdXRob3JpemF0aW9uIGNvZGUg Z2VuZXJhdGVkIGJ5IHRoZSBhdXRob3JpemF0aW9uIHNlcnZlci4gVGhlCiAgICAgICAgICAgICAg ICBhdXRob3JpemF0aW9uIGNvZGUgTVVTVCBleHBpcmUgc2hvcnRseSBhZnRlciBpdCBpcyBpc3N1 ZWQgdG8gbWl0aWdhdGUgdGhlIHJpc2sgb2YKICAgICAgICAgICAgICAgIGxlYWtzLiBBIG1heGlt dW0gYXV0aG9yaXphdGlvbiBjb2RlIGxpZmV0aW1lIG9mIDEwIG1pbnV0ZXMgaXMgUkVDT01NRU5E RUQuIFRoZQogICAgICAgICAgICAgICAgY2xpZW50IE1VU1QgTk9UIHVzZSB0aGUgYXV0aG9yaXph dGlvbiBjb2RlIG1vcmUgdGhhbiBvbmNlLiBJZiBhbiBhdXRob3JpemF0aW9uIGNvZGUKICAgICAg ICAgICAgICAgIGlzIHVzZWQgbW9yZSB0aGFuIG9uY2UsIHRoZSBhdXRob3JpemF0aW9uIHNlcnZl ciBNVVNUIGRlbnkgdGhlIHJlcXVlc3QgYW5kIFNIT1VMRAogICAgICAgICAgICAgICAgcmV2b2tl ICh3aGVuIHBvc3NpYmxlKSBhbGwgdG9rZW5zIHByZXZpb3VzbHkgaXNzdWVkIGJhc2VkIG9uIHRo YXQgYXV0aG9yaXphdGlvbgogICAgICAgICAgICAgICAgY29kZS4gVGhlIGF1dGhvcml6YXRpb24g Y29kZSBpcyBib3VuZCB0byB0aGUgY2xpZW50IGlkZW50aWZpZXIgYW5kIHJlZGlyZWN0aW9uIFVS SS4KICAgICAgICAgICAgICA8L3Q+CiAgICAgICAgICAgICAgPHQgaGFuZ1RleHQ9J3N0YXRlJz4K ICAgICAgICAgICAgICAgIDx2c3BhY2UgLz4KICAgICAgICAgICAgICAgIFJFUVVJUkVEIGlmIHRo ZSA8c3Bhbnggc3R5bGU9J3ZlcmInPnN0YXRlPC9zcGFueD4gcGFyYW1ldGVyIHdhcyBwcmVzZW50 IGluIHRoZQogICAgICAgICAgICAgICAgY2xpZW50IGF1dGhvcml6YXRpb24gcmVxdWVzdC4gVGhl IGV4YWN0IHZhbHVlIHJlY2VpdmVkIGZyb20gdGhlIGNsaWVudC4KICAgICAgICAgICAgICA8L3Q+ CiAgICAgICAgICAgIDwvbGlzdD4KICAgICAgICAgIDwvdD4KICAgICAgICAgIDxmaWd1cmU+CiAg ICAgICAgICAgIDxwcmVhbWJsZT4KICAgICAgICAgICAgICBGb3IgZXhhbXBsZSwgdGhlIGF1dGhv cml6YXRpb24gc2VydmVyIHJlZGlyZWN0cyB0aGUgdXNlci1hZ2VudCBieSBzZW5kaW5nIHRoZQog ICAgICAgICAgICAgIGZvbGxvd2luZyBIVFRQIHJlc3BvbnNlOgogICAgICAgICAgICA8L3ByZWFt YmxlPgogICAgICAgICAgICA8YXJ0d29yaz48IVtDREFUQVsKICBIVFRQLzEuMSAzMDIgRm91bmQK ICBMb2NhdGlvbjogaHR0cHM6Ly9jbGllbnQuZXhhbXBsZS5jb20vY2I/Y29kZT1TcGx4bE9CZVpR UVliWVM2V3hTYklBCiAgICAgICAgICAgICZzdGF0ZT14eXoKXV0+PC9hcnR3b3JrPgogICAgICAg ICAgPC9maWd1cmU+CiAgICAgICAgICA8dD4KICAgICAgICAgICAgVGhlIGNsaWVudCBNVVNUIGln bm9yZSB1bnJlY29nbml6ZWQgcmVzcG9uc2UgcGFyYW1ldGVycy4gVGhlIGF1dGhvcml6YXRpb24g Y29kZQogICAgICAgICAgICBzdHJpbmcgc2l6ZSBpcyBsZWZ0IHVuZGVmaW5lZCBieSB0aGlzIHNw ZWNpZmljYXRpb24uIFRoZSBjbGllbnQgc2hvdWxkIGF2b2lkIG1ha2luZwogICAgICAgICAgICBh c3N1bXB0aW9ucyBhYm91dCBjb2RlIHZhbHVlIHNpemVzLiBUaGUgYXV0aG9yaXphdGlvbiBzZXJ2 ZXIgU0hPVUxEIGRvY3VtZW50IHRoZSBzaXplCiAgICAgICAgICAgIG9mIGFueSB2YWx1ZSBpdCBp c3N1ZXMuCiAgICAgICAgICA8L3Q+CgogICAgICAgICAgPHNlY3Rpb24gdGl0bGU9J0Vycm9yIFJl c3BvbnNlJyBhbmNob3I9J2NvZGUtYXV0aHotZXJyb3InPgogICAgICAgICAgICA8dD4KICAgICAg ICAgICAgICBJZiB0aGUgcmVxdWVzdCBmYWlscyBkdWUgdG8gYSBtaXNzaW5nLCBpbnZhbGlkLCBv ciBtaXNtYXRjaGluZyByZWRpcmVjdGlvbiBVUkksIG9yIGlmCiAgICAgICAgICAgICAgdGhlIGNs aWVudCBpZGVudGlmaWVyIGlzIG1pc3Npbmcgb3IgaW52YWxpZCwgdGhlIGF1dGhvcml6YXRpb24g c2VydmVyIFNIT1VMRCBpbmZvcm0KICAgICAgICAgICAgICB0aGUgcmVzb3VyY2Ugb3duZXIgb2Yg dGhlIGVycm9yLCBhbmQgTVVTVCBOT1QgYXV0b21hdGljYWxseSByZWRpcmVjdCB0aGUgdXNlci1h Z2VudAogICAgICAgICAgICAgIHRvIHRoZSBpbnZhbGlkIHJlZGlyZWN0aW9uIFVSSS4KICAgICAg ICAgICAgPC90PgogICAgICAgICAgICA8dD4KICAgICAgICAgICAgICBJZiB0aGUgcmVzb3VyY2Ug b3duZXIgZGVuaWVzIHRoZSBhY2Nlc3MgcmVxdWVzdCBvciBpZiB0aGUgcmVxdWVzdCBmYWlscyBm b3IgcmVhc29ucwogICAgICAgICAgICAgIG90aGVyIHRoYW4gYSBtaXNzaW5nIG9yIGludmFsaWQg cmVkaXJlY3Rpb24gVVJJLCB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgaW5mb3JtcyB0aGUKICAg ICAgICAgICAgICBjbGllbnQgYnkgYWRkaW5nIHRoZSBmb2xsb3dpbmcgcGFyYW1ldGVycyB0byB0 aGUgcXVlcnkgY29tcG9uZW50IG9mIHRoZSByZWRpcmVjdGlvbgogICAgICAgICAgICAgIFVSSSB1 c2luZyB0aGUgPHNwYW54IHN0eWxlPSd2ZXJiJz5hcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVu Y29kZWQ8L3NwYW54PiBmb3JtYXQ6CiAgICAgICAgICAgIDwvdD4KICAgICAgICAgICAgPHQ+CiAg ICAgICAgICAgICAgPGxpc3Qgc3R5bGU9J2hhbmdpbmcnIGhhbmdJbmRlbnQ9JzYnPgogICAgICAg ICAgICAgICAgPHQgaGFuZ1RleHQ9J2Vycm9yJz4KICAgICAgICAgICAgICAgICAgPHZzcGFjZSAv PgogICAgICAgICAgICAgICAgICBSRVFVSVJFRC4gQSBzaW5nbGUgQVNDSUkgPHhyZWYgdGFyZ2V0 PSJVU0FTQ0lJIiAvPiBlcnJvciBjb2RlIGZyb20gdGhlIGZvbGxvd2luZzoKCiAgICAgICAgICAg ICAgICAgIDxsaXN0IHN0eWxlPSdoYW5naW5nJyBoYW5nSW5kZW50PSc2Jz4KICAgICAgICAgICAg ICAgICAgICA8dCBoYW5nVGV4dD0naW52YWxpZF9yZXF1ZXN0Jz4KICAgICAgICAgICAgICAgICAg ICAgIDx2c3BhY2UgLz4KICAgICAgICAgICAgICAgICAgICAgIFRoZSByZXF1ZXN0IGlzIG1pc3Np bmcgYSByZXF1aXJlZCBwYXJhbWV0ZXIsIGluY2x1ZGVzIGFuIGludmFsaWQKICAgICAgICAgICAg ICAgICAgICAgIHBhcmFtZXRlciB2YWx1ZSwgaW5jbHVkZXMgYSBwYXJhbWV0ZXIgbW9yZSB0aGFu IG9uY2UsIG9yIGlzIG90aGVyd2lzZQogICAgICAgICAgICAgICAgICAgICAgbWFsZm9ybWVkLgog ICAgICAgICAgICAgICAgICAgIDwvdD4KICAgICAgICAgICAgICAgICAgICA8dCBoYW5nVGV4dD0n dW5hdXRob3JpemVkX2NsaWVudCc+CiAgICAgICAgICAgICAgICAgICAgICA8dnNwYWNlIC8+CiAg ICAgICAgICAgICAgICAgICAgICBUaGUgY2xpZW50IGlzIG5vdCBhdXRob3JpemVkIHRvIHJlcXVl c3QgYW4gYXV0aG9yaXphdGlvbiBjb2RlIHVzaW5nIHRoaXMKICAgICAgICAgICAgICAgICAgICAg IG1ldGhvZC4KICAgICAgICAgICAgICAgICAgICA8L3Q+CiAgICAgICAgICAgICAgICAgICAgPHQg aGFuZ1RleHQ9J2FjY2Vzc19kZW5pZWQnPgogICAgICAgICAgICAgICAgICAgICAgPHZzcGFjZSAv PgogICAgICAgICAgICAgICAgICAgICAgVGhlIHJlc291cmNlIG93bmVyIG9yIGF1dGhvcml6YXRp b24gc2VydmVyIGRlbmllZCB0aGUgcmVxdWVzdC4KICAgICAgICAgICAgICAgICAgICA8L3Q+CiAg ICAgICAgICAgICAgICAgICAgPHQgaGFuZ1RleHQ9J3Vuc3VwcG9ydGVkX3Jlc3BvbnNlX3R5cGUn PgogICAgICAgICAgICAgICAgICAgICAgPHZzcGFjZSAvPgogICAgICAgICAgICAgICAgICAgICAg VGhlIGF1dGhvcml6YXRpb24gc2VydmVyIGRvZXMgbm90IHN1cHBvcnQgb2J0YWluaW5nIGFuIGF1 dGhvcml6YXRpb24gY29kZQogICAgICAgICAgICAgICAgICAgICAgdXNpbmcgdGhpcyBtZXRob2Qu CiAgICAgICAgICAgICAgICAgICAgPC90PgogICAgICAgICAgICAgICAgICAgIDx0IGhhbmdUZXh0 PSdpbnZhbGlkX3Njb3BlJz4KICAgICAgICAgICAgICAgICAgICAgIDx2c3BhY2UgLz4KICAgICAg ICAgICAgICAgICAgICAgIFRoZSByZXF1ZXN0ZWQgc2NvcGUgaXMgaW52YWxpZCwgdW5rbm93biwg b3IgbWFsZm9ybWVkLgogICAgICAgICAgICAgICAgICAgIDwvdD4KICAgICAgICAgICAgICAgICAg ICA8dCBoYW5nVGV4dD0nc2VydmVyX2Vycm9yJz4KICAgICAgICAgICAgICAgICAgICAgIDx2c3Bh Y2UgLz4KICAgICAgICAgICAgICAgICAgICAgIFRoZSBhdXRob3JpemF0aW9uIHNlcnZlciBlbmNv dW50ZXJlZCBhbiB1bmV4cGVjdGVkIGNvbmRpdGlvbiB3aGljaCBwcmV2ZW50ZWQKICAgICAgICAg ICAgICAgICAgICAgIGl0IGZyb20gZnVsZmlsbGluZyB0aGUgcmVxdWVzdC4KICAgICAgICAgICAg ICAgICAgICA8L3Q+CiAgICAgICAgICAgICAgICAgICAgPHQgaGFuZ1RleHQ9J3RlbXBvcmFyaWx5 X3VuYXZhaWxhYmxlJz4KICAgICAgICAgICAgICAgICAgICAgIDx2c3BhY2UgLz4KICAgICAgICAg ICAgICAgICAgICAgIFRoZSBhdXRob3JpemF0aW9uIHNlcnZlciBpcyBjdXJyZW50bHkgdW5hYmxl IHRvIGhhbmRsZSB0aGUgcmVxdWVzdCBkdWUgdG8gYQogICAgICAgICAgICAgICAgICAgICAgdGVt cG9yYXJ5IG92ZXJsb2FkaW5nIG9yIG1haW50ZW5hbmNlIG9mIHRoZSBzZXJ2ZXIuCiAgICAgICAg ICAgICAgICAgICAgPC90PgogICAgICAgICAgICAgICAgICA8L2xpc3Q+CgoJCSAgVmFsdWVzIGZv ciB0aGUgPHNwYW54IHN0eWxlPSd2ZXJiJz5lcnJvcjwvc3Bhbng+IHBhcmFtZXRlciBNVVNUIE5P VCBpbmNsdWRlCgkJICBjaGFyYWN0ZXJzIG91dHNpZGUgdGhlIHNldCAleDIwLTIxIC8gJXgyMy01 QiAvICV4NUQtN0UuCiAgICAgICAgICAgICAgICA8L3Q+CiAgICAgICAgICAgICAgICA8dCBoYW5n VGV4dD0nZXJyb3JfZGVzY3JpcHRpb24nPgogICAgICAgICAgICAgICAgICA8dnNwYWNlIC8+CiAg ICAgICAgICAgICAgICAgIE9QVElPTkFMLiBBIGh1bWFuLXJlYWRhYmxlIEFTQ0lJIDx4cmVmIHRh cmdldD0iVVNBU0NJSSIgLz4gdGV4dCBwcm92aWRpbmcgYWRkaXRpb25hbCBpbmZvcm1hdGlvbiwK ICAgICAgICAgICAgICAgICAgdXNlZCB0byBhc3Npc3QgdGhlIGNsaWVudCBkZXZlbG9wZXIgaW4g dW5kZXJzdGFuZGluZyB0aGUgZXJyb3IgdGhhdCBvY2N1cnJlZC4KCQkgIDx2c3BhY2UvPgoJCSAg VmFsdWVzIGZvciB0aGUgPHNwYW54IHN0eWxlPSd2ZXJiJz5lcnJvcl9kZXNjcmlwdGlvbjwvc3Bh bng+IHBhcmFtZXRlciBNVVNUIE5PVCBpbmNsdWRlCgkJICBjaGFyYWN0ZXJzIG91dHNpZGUgdGhl IHNldCAleDIwLTIxIC8gJXgyMy01QiAvICV4NUQtN0UuCiAgICAgICAgICAgICAgICA8L3Q+CiAg ICAgICAgICAgICAgICA8dCBoYW5nVGV4dD0nZXJyb3JfdXJpJz4KICAgICAgICAgICAgICAgICAg PHZzcGFjZSAvPgogICAgICAgICAgICAgICAgICBPUFRJT05BTC4gQSBVUkkgaWRlbnRpZnlpbmcg YSBodW1hbi1yZWFkYWJsZSB3ZWIgcGFnZSB3aXRoIGluZm9ybWF0aW9uIGFib3V0IHRoZQogICAg ICAgICAgICAgICAgICBlcnJvciwgdXNlZCB0byBwcm92aWRlIHRoZSBjbGllbnQgZGV2ZWxvcGVy IHdpdGggYWRkaXRpb25hbCBpbmZvcm1hdGlvbiBhYm91dCB0aGUKICAgICAgICAgICAgICAgICAg ZXJyb3IuCgkJICA8dnNwYWNlLz4KCQkgIFZhbHVlcyBmb3IgdGhlIDxzcGFueCBzdHlsZT0ndmVy Yic+ZXJyb3JfdXJpPC9zcGFueD4gcGFyYW1ldGVyCgkJICBNVVNUIGNvbmZvcm0gdG8gdGhlIFVS SS1SZWZlcmVuY2Ugc3ludGF4LCBhbmQgdGh1cyBNVVNUIE5PVCBpbmNsdWRlCgkJICBjaGFyYWN0 ZXJzIG91dHNpZGUgdGhlIHNldCAleDIxIC8gJXgyMy01QiAvICV4NUQtN0UuCiAgICAgICAgICAg ICAgICA8L3Q+CiAgICAgICAgICAgICAgICA8dCBoYW5nVGV4dD0nc3RhdGUnPgogICAgICAgICAg ICAgICAgICA8dnNwYWNlIC8+CiAgICAgICAgICAgICAgICAgIFJFUVVJUkVEIGlmIGEgPHNwYW54 IHN0eWxlPSd2ZXJiJz5zdGF0ZTwvc3Bhbng+IHBhcmFtZXRlciB3YXMgcHJlc2VudCBpbiB0aGUK ICAgICAgICAgICAgICAgICAgY2xpZW50IGF1dGhvcml6YXRpb24gcmVxdWVzdC4gVGhlIGV4YWN0 IHZhbHVlIHJlY2VpdmVkIGZyb20gdGhlIGNsaWVudC4KICAgICAgICAgICAgICAgIDwvdD4KICAg ICAgICAgICAgICA8L2xpc3Q+CiAgICAgICAgICAgIDwvdD4KICAgICAgICAgICAgPGZpZ3VyZT4K ICAgICAgICAgICAgICA8cHJlYW1ibGU+CiAgICAgICAgICAgICAgICBGb3IgZXhhbXBsZSwgdGhl IGF1dGhvcml6YXRpb24gc2VydmVyIHJlZGlyZWN0cyB0aGUgdXNlci1hZ2VudCBieSBzZW5kaW5n IHRoZQogICAgICAgICAgICAgICAgZm9sbG93aW5nIEhUVFAgcmVzcG9uc2U6CiAgICAgICAgICAg ICAgPC9wcmVhbWJsZT4KICAgICAgICAgICAgICA8YXJ0d29yaz48IVtDREFUQVsKICBIVFRQLzEu MSAzMDIgRm91bmQKICBMb2NhdGlvbjogaHR0cHM6Ly9jbGllbnQuZXhhbXBsZS5jb20vY2I/ZXJy b3I9YWNjZXNzX2RlbmllZCZzdGF0ZT14eXoKXV0+PC9hcnR3b3JrPgogICAgICAgICAgICA8L2Zp Z3VyZT4KICAgICAgICAgIDwvc2VjdGlvbj4KCiAgICAgICAgPC9zZWN0aW9uPgoKICAgICAgICA8 c2VjdGlvbiB0aXRsZT0nQWNjZXNzIFRva2VuIFJlcXVlc3QnIGFuY2hvcj0idG9rZW4tcmVxIj4K ICAgICAgICAgIDx0PgogICAgICAgICAgICBUaGUgY2xpZW50IG1ha2VzIGEgcmVxdWVzdCB0byB0 aGUgdG9rZW4gZW5kcG9pbnQgYnkgc2VuZGluZyB0aGUgZm9sbG93aW5nIHBhcmFtZXRlcnMKICAg ICAgICAgICAgdXNpbmcgdGhlIDxzcGFueCBzdHlsZT0ndmVyYic+YXBwbGljYXRpb24veC13d3ct Zm9ybS11cmxlbmNvZGVkPC9zcGFueD4gZm9ybWF0CgkgICAgPHhyZWYgdGFyZ2V0PSdXM0MuUkVD LWh0bWw0MDEtMTk5OTEyMjQnLz4gYW5kIGEgY2hhcmFjdGVyIGVuY29kaW5nIG9mIFVURi04Cgkg ICAgaW4gdGhlIEhUVFAgcmVxdWVzdCBlbnRpdHktYm9keToKICAgICAgICAgIDwvdD4KICAgICAg ICAgIDx0PgogICAgICAgICAgICA8bGlzdCBzdHlsZT0naGFuZ2luZycgaGFuZ0luZGVudD0nNic+ CiAgICAgICAgICAgICAgPHQgaGFuZ1RleHQ9J2dyYW50X3R5cGUnPgogICAgICAgICAgICAgICAg PHZzcGFjZSAvPgogICAgICAgICAgICAgICAgUkVRVUlSRUQuIFZhbHVlIE1VU1QgYmUgc2V0IHRv IDxzcGFueCBzdHlsZT0ndmVyYic+YXV0aG9yaXphdGlvbl9jb2RlPC9zcGFueD4uCiAgICAgICAg ICAgICAgPC90PgogICAgICAgICAgICAgIDx0IGhhbmdUZXh0PSdjb2RlJz4KICAgICAgICAgICAg ICAgIDx2c3BhY2UgLz4KICAgICAgICAgICAgICAgIFJFUVVJUkVELiBUaGUgYXV0aG9yaXphdGlv biBjb2RlIHJlY2VpdmVkIGZyb20gdGhlIGF1dGhvcml6YXRpb24gc2VydmVyLgogICAgICAgICAg ICAgIDwvdD4KICAgICAgICAgICAgICA8dCBoYW5nVGV4dD0ncmVkaXJlY3RfdXJpJz4KICAgICAg ICAgICAgICAgIDx2c3BhY2UgLz4KICAgICAgICAgICAgICAgIFJFUVVJUkVELCBpZiB0aGUgPHNw YW54IHN0eWxlPSd2ZXJiJz5yZWRpcmVjdF91cmk8L3NwYW54PiBwYXJhbWV0ZXIgd2FzIGluY2x1 ZGVkIGluCiAgICAgICAgICAgICAgICB0aGUgYXV0aG9yaXphdGlvbiByZXF1ZXN0IGFzIGRlc2Ny aWJlZCBpbiA8eHJlZiB0YXJnZXQ9J2NvZGUtYXV0aHotcmVxJyAvPiwgYW5kCiAgICAgICAgICAg ICAgICB0aGVpciB2YWx1ZXMgTVVTVCBiZSBpZGVudGljYWwuCiAgICAgICAgICAgICAgPC90Pgog ICAgICAgICAgICA8L2xpc3Q+CiAgICAgICAgICA8L3Q+CiAgICAgICAgICA8dD4KICAgICAgICAg ICAgSWYgdGhlIGNsaWVudCB0eXBlIGlzIGNvbmZpZGVudGlhbCBvciB0aGUgY2xpZW50IHdhcyBp c3N1ZWQgY2xpZW50IGNyZWRlbnRpYWxzIChvcgogICAgICAgICAgICBhc3NpZ25lZCBvdGhlciBh dXRoZW50aWNhdGlvbiByZXF1aXJlbWVudHMpLCB0aGUgY2xpZW50IE1VU1QgYXV0aGVudGljYXRl IHdpdGggdGhlCiAgICAgICAgICAgIGF1dGhvcml6YXRpb24gc2VydmVyIGFzIGRlc2NyaWJlZCBp biA8eHJlZiB0YXJnZXQ9J3Rva2VuLWVuZHBvaW50LWF1dGgnIC8+LgogICAgICAgICAgPC90Pgog ICAgICAgICAgPGZpZ3VyZT4KICAgICAgICAgICAgPHByZWFtYmxlPgogICAgICAgICAgICAgIEZv ciBleGFtcGxlLCB0aGUgY2xpZW50IG1ha2VzIHRoZSBmb2xsb3dpbmcgSFRUUCByZXF1ZXN0IHVz aW5nIFRMUyAoZXh0cmEgbGluZSBicmVha3MKICAgICAgICAgICAgICBhcmUgZm9yIGRpc3BsYXkg cHVycG9zZXMgb25seSk6CiAgICAgICAgICAgIDwvcHJlYW1ibGU+CiAgICAgICAgICAgIDxhcnR3 b3JrPjwhW0NEQVRBWwogIFBPU1QgL3Rva2VuIEhUVFAvMS4xCiAgSG9zdDogc2VydmVyLmV4YW1w bGUuY29tCiAgQXV0aG9yaXphdGlvbjogQmFzaWMgY3paQ2FHUlNhM0YwTXpwbldERm1RbUYwTTJK VwogIENvbnRlbnQtVHlwZTogYXBwbGljYXRpb24veC13d3ctZm9ybS11cmxlbmNvZGVkCgogIGdy YW50X3R5cGU9YXV0aG9yaXphdGlvbl9jb2RlJmNvZGU9U3BseGxPQmVaUVFZYllTNld4U2JJQQog ICZyZWRpcmVjdF91cmk9aHR0cHMlM0ElMkYlMkZjbGllbnQlMkVleGFtcGxlJTJFY29tJTJGY2IK XV0+PC9hcnR3b3JrPgogICAgICAgICAgPC9maWd1cmU+CiAgICAgICAgICA8dD4KICAgICAgICAg ICAgVGhlIGF1dGhvcml6YXRpb24gc2VydmVyIE1VU1Q6CiAgICAgICAgICA8L3Q+CiAgICAgICAg ICA8dD4KICAgICAgICAgICAgPGxpc3Qgc3R5bGU9J3N5bWJvbHMnPgogICAgICAgICAgICAgIDx0 PgogICAgICAgICAgICAgICAgcmVxdWlyZSBjbGllbnQgYXV0aGVudGljYXRpb24gZm9yIGNvbmZp ZGVudGlhbCBjbGllbnRzIG9yIGZvciBhbnkgY2xpZW50IHRoYXQgd2FzCiAgICAgICAgICAgICAg ICBpc3N1ZWQgY2xpZW50IGNyZWRlbnRpYWxzIChvciB3aXRoIG90aGVyIGF1dGhlbnRpY2F0aW9u IHJlcXVpcmVtZW50cyksCiAgICAgICAgICAgICAgPC90PgoJICAgICAgPHQ+CgkJYXV0aGVudGlj YXRlIHRoZSBjbGllbnQgaWYgY2xpZW50IGF1dGhlbnRpY2F0aW9uIGlzIGluY2x1ZGVkLAogICAg ICAgICAgICAgIDwvdD4KCSAgICAgIDx0PgoJCWVuc3VyZSB0aGUgYXV0aG9yaXphdGlvbiBjb2Rl IHdhcyBpc3N1ZWQgdG8gdGhlIGF1dGhlbnRpY2F0ZWQgCgkJY29uZmlkZW50aWFsIGNsaWVudCBv ciB0byB0aGUgcHVibGljIGNsaWVudCBpZGVudGlmaWVkIGJ5IHRoZQoJCTxzcGFueCBzdHlsZT0n dmVyYic+Y2xpZW50X2lkPC9zcGFueD4gaW4gdGhlIHJlcXVlc3QsCgkgICAgICA8L3Q+CiAgICAg ICAgICAgICAgPHQ+CiAgICAgICAgICAgICAgICB2ZXJpZnkgdGhhdCB0aGUgYXV0aG9yaXphdGlv biBjb2RlIGlzIHZhbGlkLCBhbmQKICAgICAgICAgICAgICA8L3Q+CiAgICAgICAgICAgICAgPHQ+ CiAgICAgICAgICAgICAgICBlbnN1cmUgdGhhdCB0aGUgPHNwYW54IHN0eWxlPSd2ZXJiJz5yZWRp cmVjdF91cmk8L3NwYW54PiBwYXJhbWV0ZXIgaXMgcHJlc2VudCBpZgogICAgICAgICAgICAgICAg dGhlIDxzcGFueCBzdHlsZT0ndmVyYic+cmVkaXJlY3RfdXJpPC9zcGFueD4gcGFyYW1ldGVyIHdh cyBpbmNsdWRlZCBpbiB0aGUgaW5pdGlhbAogICAgICAgICAgICAgICAgYXV0aG9yaXphdGlvbiBy ZXF1ZXN0IGFzIGRlc2NyaWJlZCBpbiA8eHJlZiB0YXJnZXQ9J2NvZGUtYXV0aHotcmVxJyAvPiwg YW5kIGlmCiAgICAgICAgICAgICAgICBpbmNsdWRlZCBlbnN1cmUgdGhlaXIgdmFsdWVzIGFyZSBp ZGVudGljYWwuCiAgICAgICAgICAgICAgPC90PgogICAgICAgICAgICA8L2xpc3Q+CiAgICAgICAg ICA8L3Q+CiAgICAgICAgPC9zZWN0aW9uPgoKICAgICAgICA8c2VjdGlvbiB0aXRsZT0nQWNjZXNz IFRva2VuIFJlc3BvbnNlJz4KICAgICAgICAgIDx0PgogICAgICAgICAgICBJZiB0aGUgYWNjZXNz IHRva2VuIHJlcXVlc3QgaXMgdmFsaWQgYW5kIGF1dGhvcml6ZWQsIHRoZSBhdXRob3JpemF0aW9u IHNlcnZlciBpc3N1ZXMgYW4KICAgICAgICAgICAgYWNjZXNzIHRva2VuIGFuZCBvcHRpb25hbCBy ZWZyZXNoIHRva2VuIGFzIGRlc2NyaWJlZCBpbiA8eHJlZiB0YXJnZXQ9J3Rva2VuLXJlc3BvbnNl JyAvPi4KICAgICAgICAgICAgSWYgdGhlIHJlcXVlc3QgY2xpZW50IGF1dGhlbnRpY2F0aW9uIGZh aWxlZCBvciBpcyBpbnZhbGlkLCB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgcmV0dXJucwogICAg ICAgICAgICBhbiBlcnJvciByZXNwb25zZSBhcyBkZXNjcmliZWQgaW4gPHhyZWYgdGFyZ2V0PSd0 b2tlbi1lcnJvcnMnIC8+LgogICAgICAgICAgPC90PgogICAgICAgICAgPGZpZ3VyZT4KICAgICAg ICAgICAgPHByZWFtYmxlPgogICAgICAgICAgICAgIEFuIGV4YW1wbGUgc3VjY2Vzc2Z1bCByZXNw b25zZToKICAgICAgICAgICAgPC9wcmVhbWJsZT4KICAgICAgICAgICAgPGFydHdvcms+PCFbQ0RB VEFbCiAgSFRUUC8xLjEgMjAwIE9LCiAgQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi9qc29uO2No YXJzZXQ9VVRGLTgKICBDYWNoZS1Db250cm9sOiBuby1zdG9yZQogIFByYWdtYTogbm8tY2FjaGUK CiAgewogICAgImFjY2Vzc190b2tlbiI6IjJZb3RuRlpGRWpyMXpDc2ljTVdwQUEiLAogICAgInRv a2VuX3R5cGUiOiJleGFtcGxlIiwKICAgICJleHBpcmVzX2luIjozNjAwLAogICAgInJlZnJlc2hf dG9rZW4iOiJ0R3p2M0pPa0YwWEc1UXgyVGxLV0lBIiwKICAgICJleGFtcGxlX3BhcmFtZXRlciI6 ImV4YW1wbGVfdmFsdWUiCiAgfQpdXT48L2FydHdvcms+CiAgICAgICAgICA8L2ZpZ3VyZT4KICAg ICAgICA8L3NlY3Rpb24+CgogICAgICA8L3NlY3Rpb24+CgogICAgICA8c2VjdGlvbiB0aXRsZT0n SW1wbGljaXQgR3JhbnQnIGFuY2hvcj0nZ3JhbnQtaW1wbGljaXQnPgogICAgICAgIDx0PgogICAg ICAgICAgVGhlIGltcGxpY2l0IGdyYW50IHR5cGUgaXMgdXNlZCB0byBvYnRhaW4gYWNjZXNzIHRv a2VucyAoaXQgZG9lcyBub3Qgc3VwcG9ydCB0aGUgaXNzdWFuY2UKICAgICAgICAgIG9mIHJlZnJl c2ggdG9rZW5zKSBhbmQgaXMgb3B0aW1pemVkIGZvciBwdWJsaWMgY2xpZW50cyBrbm93biB0byBv cGVyYXRlIGEgcGFydGljdWxhcgogICAgICAgICAgcmVkaXJlY3Rpb24gVVJJLiBUaGVzZSBjbGll bnRzIGFyZSB0eXBpY2FsbHkgaW1wbGVtZW50ZWQgaW4gYSBicm93c2VyIHVzaW5nIGEgc2NyaXB0 aW5nCiAgICAgICAgICBsYW5ndWFnZSBzdWNoIGFzIEphdmFTY3JpcHQuCiAgICAgICAgPC90Pgog ICAgICAgIDx0PgogICAgICAgICAgQXMgYSByZWRpcmVjdGlvbi1iYXNlZCBmbG93LCB0aGUgY2xp ZW50IG11c3QgYmUgY2FwYWJsZSBvZiBpbnRlcmFjdGluZyB3aXRoIHRoZQogICAgICAgICAgcmVz b3VyY2Ugb3duZXIncyB1c2VyLWFnZW50ICh0eXBpY2FsbHkgYSB3ZWIgYnJvd3NlcikgYW5kIGNh cGFibGUgb2YgcmVjZWl2aW5nIGluY29taW5nCiAgICAgICAgICByZXF1ZXN0cyAodmlhIHJlZGly ZWN0aW9uKSBmcm9tIHRoZSBhdXRob3JpemF0aW9uIHNlcnZlci4KICAgICAgICA8L3Q+CiAgICAg ICAgPHQ+CiAgICAgICAgICBVbmxpa2UgdGhlIGF1dGhvcml6YXRpb24gY29kZSBncmFudCB0eXBl IGluIHdoaWNoIHRoZSBjbGllbnQgbWFrZXMgc2VwYXJhdGUgcmVxdWVzdHMgZm9yCiAgICAgICAg ICBhdXRob3JpemF0aW9uIGFuZCBhY2Nlc3MgdG9rZW4sIHRoZSBjbGllbnQgcmVjZWl2ZXMgdGhl IGFjY2VzcyB0b2tlbiBhcyB0aGUgcmVzdWx0IG9mIHRoZQogICAgICAgICAgYXV0aG9yaXphdGlv biByZXF1ZXN0LgogICAgICAgIDwvdD4KICAgICAgICA8dD4KICAgICAgICAgIFRoZSBpbXBsaWNp dCBncmFudCB0eXBlIGRvZXMgbm90IGluY2x1ZGUgY2xpZW50IGF1dGhlbnRpY2F0aW9uLCBhbmQg cmVsaWVzIG9uIHRoZQogICAgICAgICAgcHJlc2VuY2Ugb2YgdGhlIHJlc291cmNlIG93bmVyIGFu ZCB0aGUgcmVnaXN0cmF0aW9uIG9mIHRoZSByZWRpcmVjdGlvbiBVUkkuIEJlY2F1c2UgdGhlCiAg ICAgICAgICBhY2Nlc3MgdG9rZW4gaXMgZW5jb2RlZCBpbnRvIHRoZSByZWRpcmVjdGlvbiBVUkks IGl0IG1heSBiZSBleHBvc2VkIHRvIHRoZSByZXNvdXJjZSBvd25lcgogICAgICAgICAgYW5kIG90 aGVyIGFwcGxpY2F0aW9ucyByZXNpZGluZyBvbiB0aGUgc2FtZSBkZXZpY2UuCiAgICAgICAgPC90 PgogICAgICAgIDxmaWd1cmUgdGl0bGU9J0ltcGxpY2l0IEdyYW50IEZsb3cnIGFuY2hvcj0nRmln dXJlLTQnPgogICAgICAgICAgPGFydHdvcms+PCFbQ0RBVEFbCiAgKy0tLS0tLS0tLS0rCiAgfCBS ZXNvdXJjZSB8CiAgfCAgT3duZXIgICB8CiAgfCAgICAgICAgICB8CiAgKy0tLS0tLS0tLS0rCiAg ICAgICBeCiAgICAgICB8CiAgICAgIChCKSAgICAgIAogICstLS0tfC0tLS0tKyAgICAgICAgICBD bGllbnQgSWRlbnRpZmllciAgICAgKy0tLS0tLS0tLS0tLS0tLSsKICB8ICAgICAgICAgLSstLS0t KEEpLS0gJiBSZWRpcmVjdGlvbiBVUkkgLS0tPnwgICAgICAgICAgICAgICB8CiAgfCAgVXNlci0g ICB8ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICB8IEF1dGhvcml6YXRpb24gfAogIHwg IEFnZW50ICAtfC0tLS0oQiktLSBVc2VyIGF1dGhlbnRpY2F0ZXMgLS0+fCAgICAgU2VydmVyICAg IHwKICB8ICAgICAgICAgIHwgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHwgICAgICAg ICAgICAgICB8CiAgfCAgICAgICAgICB8PC0tLShDKS0tLSBSZWRpcmVjdGlvbiBVUkkgLS0tLTx8 ICAgICAgICAgICAgICAgfAogIHwgICAgICAgICAgfCAgICAgICAgICB3aXRoIEFjY2VzcyBUb2tl biAgICAgKy0tLS0tLS0tLS0tLS0tLSsKICB8ICAgICAgICAgIHwgICAgICAgICAgICBpbiBGcmFn bWVudAogIHwgICAgICAgICAgfCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgKy0tLS0t LS0tLS0tLS0tLSsKICB8ICAgICAgICAgIHwtLS0tKEQpLS0tIFJlZGlyZWN0aW9uIFVSSSAtLS0t PnwgICBXZWItSG9zdGVkICB8CiAgfCAgICAgICAgICB8ICAgICAgICAgIHdpdGhvdXQgRnJhZ21l bnQgICAgICB8ICAgICBDbGllbnQgICAgfAogIHwgICAgICAgICAgfCAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgfCAgICBSZXNvdXJjZSAgIHwKICB8ICAgICAoRikgIHw8LS0tKEUpLS0t LS0tLSBTY3JpcHQgLS0tLS0tLS0tPHwgICAgICAgICAgICAgICB8CiAgfCAgICAgICAgICB8ICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICArLS0tLS0tLS0tLS0tLS0tKwogICstfC0tLS0t LS0tKwogICAgfCAgICB8ICAgIAogICAoQSkgIChHKSBBY2Nlc3MgVG9rZW4KICAgIHwgICAgfAog ICAgXiAgICB2CiAgKy0tLS0tLS0tLSsKICB8ICAgICAgICAgfAogIHwgIENsaWVudCB8CiAgfCAg ICAgICAgIHwKICArLS0tLS0tLS0tKwpdXT48L2FydHdvcms+CiAgICAgICAgICA8cG9zdGFtYmxl PgogICAgICAgICAgICBOb3RlOiBUaGUgbGluZXMgaWxsdXN0cmF0aW5nIHN0ZXBzIEEgYW5kIEIg YXJlIGJyb2tlbiBpbnRvIHR3byBwYXJ0cyBhcyB0aGV5IHBhc3MKICAgICAgICAgICAgdGhyb3Vn aCB0aGUgdXNlci1hZ2VudC4KICAgICAgICAgIDwvcG9zdGFtYmxlPgogICAgICAgIDwvZmlndXJl PgogICAgICAgIDx0PgogICAgICAgICAgVGhlIGZsb3cgaWxsdXN0cmF0ZWQgaW4gPHhyZWYgdGFy Z2V0PSdGaWd1cmUtNCcgLz4gaW5jbHVkZXMgdGhlIGZvbGxvd2luZyBzdGVwczoKICAgICAgICA8 L3Q+CiAgICAgICAgPHQ+CiAgICAgICAgICA8bGlzdCBzdHlsZT0nZm9ybWF0ICglQyknPgogICAg ICAgICAgICA8dD4KICAgICAgICAgICAgICBUaGUgY2xpZW50IGluaXRpYXRlcyB0aGUgZmxvdyBi eSBkaXJlY3RpbmcgdGhlIHJlc291cmNlIG93bmVyJ3MgdXNlci1hZ2VudCB0byB0aGUKICAgICAg ICAgICAgICBhdXRob3JpemF0aW9uIGVuZHBvaW50LiBUaGUgY2xpZW50IGluY2x1ZGVzIGl0cyBj bGllbnQgaWRlbnRpZmllciwgcmVxdWVzdGVkCiAgICAgICAgICAgICAgc2NvcGUsIGxvY2FsIHN0 YXRlLCBhbmQgYSByZWRpcmVjdGlvbiBVUkkgdG8gd2hpY2ggdGhlIGF1dGhvcml6YXRpb24gc2Vy dmVyIHdpbGwgc2VuZAogICAgICAgICAgICAgIHRoZSB1c2VyLWFnZW50IGJhY2sgb25jZSBhY2Nl c3MgaXMgZ3JhbnRlZCAob3IgZGVuaWVkKS4KICAgICAgICAgICAgPC90PgogICAgICAgICAgICA8 dD4KICAgICAgICAgICAgICBUaGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgYXV0aGVudGljYXRlcyB0 aGUgcmVzb3VyY2Ugb3duZXIgKHZpYSB0aGUgdXNlci1hZ2VudCkgYW5kCiAgICAgICAgICAgICAg ZXN0YWJsaXNoZXMgd2hldGhlciB0aGUgcmVzb3VyY2Ugb3duZXIgZ3JhbnRzIG9yIGRlbmllcyB0 aGUgY2xpZW50J3MgYWNjZXNzIHJlcXVlc3QuCiAgICAgICAgICAgIDwvdD4KICAgICAgICAgICAg PHQ+CiAgICAgICAgICAgICAgQXNzdW1pbmcgdGhlIHJlc291cmNlIG93bmVyIGdyYW50cyBhY2Nl c3MsIHRoZSBhdXRob3JpemF0aW9uIHNlcnZlciByZWRpcmVjdHMgdGhlCiAgICAgICAgICAgICAg dXNlci1hZ2VudCBiYWNrIHRvIHRoZSBjbGllbnQgdXNpbmcgdGhlIHJlZGlyZWN0aW9uIFVSSSBw cm92aWRlZCBlYXJsaWVyLiBUaGUKICAgICAgICAgICAgICByZWRpcmVjdGlvbiBVUkkgaW5jbHVk ZXMgdGhlIGFjY2VzcyB0b2tlbiBpbiB0aGUgVVJJIGZyYWdtZW50LgogICAgICAgICAgICA8L3Q+ CiAgICAgICAgICAgIDx0PgogICAgICAgICAgICAgIFRoZSB1c2VyLWFnZW50IGZvbGxvd3MgdGhl IHJlZGlyZWN0aW9uIGluc3RydWN0aW9ucyBieSBtYWtpbmcgYSByZXF1ZXN0IHRvIHRoZQogICAg ICAgICAgICAgIHdlYi1ob3N0ZWQgY2xpZW50IHJlc291cmNlICh3aGljaCBkb2VzIG5vdCBpbmNs dWRlIHRoZSBmcmFnbWVudCBwZXIKICAgICAgICAgICAgICA8eHJlZiB0YXJnZXQ9J1JGQzI2MTYn IC8+KS4gVGhlIHVzZXItYWdlbnQgcmV0YWlucyB0aGUgZnJhZ21lbnQgaW5mb3JtYXRpb24gbG9j YWxseS4KICAgICAgICAgICAgPC90PgogICAgICAgICAgICA8dD4KICAgICAgICAgICAgICBUaGUg d2ViLWhvc3RlZCBjbGllbnQgcmVzb3VyY2UgcmV0dXJucyBhIHdlYiBwYWdlICh0eXBpY2FsbHkg YW4gSFRNTCBkb2N1bWVudCB3aXRoIGFuCiAgICAgICAgICAgICAgZW1iZWRkZWQgc2NyaXB0KSBj YXBhYmxlIG9mIGFjY2Vzc2luZyB0aGUgZnVsbCByZWRpcmVjdGlvbiBVUkkgaW5jbHVkaW5nIHRo ZSBmcmFnbWVudAogICAgICAgICAgICAgIHJldGFpbmVkIGJ5IHRoZSB1c2VyLWFnZW50LCBhbmQg ZXh0cmFjdGluZyB0aGUgYWNjZXNzIHRva2VuIChhbmQgb3RoZXIgcGFyYW1ldGVycykKICAgICAg ICAgICAgICBjb250YWluZWQgaW4gdGhlIGZyYWdtZW50LgogICAgICAgICAgICA8L3Q+CiAgICAg ICAgICAgIDx0PgogICAgICAgICAgICAgIFRoZSB1c2VyLWFnZW50IGV4ZWN1dGVzIHRoZSBzY3Jp cHQgcHJvdmlkZWQgYnkgdGhlIHdlYi1ob3N0ZWQgY2xpZW50IHJlc291cmNlCiAgICAgICAgICAg ICAgbG9jYWxseSwgd2hpY2ggZXh0cmFjdHMgdGhlIGFjY2VzcyB0b2tlbiBhbmQgcGFzc2VzIGl0 IHRvIHRoZSBjbGllbnQuCiAgICAgICAgICAgIDwvdD4KICAgICAgICAgIDwvbGlzdD4KICAgICAg ICA8L3Q+CgogICAgICAgIDxzZWN0aW9uIHRpdGxlPSdBdXRob3JpemF0aW9uIFJlcXVlc3QnIGFu Y2hvcj0naW1wbGljaXQtYXV0aHotcmVxJz4KICAgICAgICAgIDx0PgogICAgICAgICAgICBUaGUg Y2xpZW50IGNvbnN0cnVjdHMgdGhlIHJlcXVlc3QgVVJJIGJ5IGFkZGluZyB0aGUgZm9sbG93aW5n IHBhcmFtZXRlcnMgdG8gdGhlCiAgICAgICAgICAgIHF1ZXJ5IGNvbXBvbmVudCBvZiB0aGUgYXV0 aG9yaXphdGlvbiBlbmRwb2ludCBVUkkgdXNpbmcgdGhlCiAgICAgICAgICAgIDxzcGFueCBzdHls ZT0ndmVyYic+YXBwbGljYXRpb24veC13d3ctZm9ybS11cmxlbmNvZGVkPC9zcGFueD4gZm9ybWF0 OgogICAgICAgICAgPC90PgogICAgICAgICAgPHQ+CiAgICAgICAgICAgIDxsaXN0IHN0eWxlPSdo YW5naW5nJyBoYW5nSW5kZW50PSc2Jz4KICAgICAgICAgICAgICA8dCBoYW5nVGV4dD0ncmVzcG9u c2VfdHlwZSc+CiAgICAgICAgICAgICAgICA8dnNwYWNlIC8+CiAgICAgICAgICAgICAgICBSRVFV SVJFRC4gVmFsdWUgTVVTVCBiZSBzZXQgdG8gPHNwYW54IHN0eWxlPSd2ZXJiJz50b2tlbjwvc3Bh bng+LgogICAgICAgICAgICAgIDwvdD4KICAgICAgICAgICAgICA8dCBoYW5nVGV4dD0nY2xpZW50 X2lkJz4KICAgICAgICAgICAgICAgIDx2c3BhY2UgLz4KICAgICAgICAgICAgICAgIFJFUVVJUkVE LiBUaGUgY2xpZW50IGlkZW50aWZpZXIgYXMgZGVzY3JpYmVkIGluCiAgICAgICAgICAgICAgICA8 eHJlZiB0YXJnZXQ9J2NsaWVudC1pZGVudGlmaWVyJyAvPi4KICAgICAgICAgICAgICA8L3Q+CiAg ICAgICAgICAgICAgPHQgaGFuZ1RleHQ9J3JlZGlyZWN0X3VyaSc+CiAgICAgICAgICAgICAgICA8 dnNwYWNlIC8+CiAgICAgICAgICAgICAgICBPUFRJT05BTC4gQXMgZGVzY3JpYmVkIGluIDx4cmVm IHRhcmdldD0ncmVkaXJlY3QtdXJpJyAvPi4KICAgICAgICAgICAgICA8L3Q+CiAgICAgICAgICAg ICAgPHQgaGFuZ1RleHQ9J3Njb3BlJz4KICAgICAgICAgICAgICAgIDx2c3BhY2UgLz4KICAgICAg ICAgICAgICAgIE9QVElPTkFMLiBUaGUgc2NvcGUgb2YgdGhlIGFjY2VzcyByZXF1ZXN0IGFzIGRl c2NyaWJlZCBieSA8eHJlZiB0YXJnZXQ9J3Njb3BlJyAvPi4KICAgICAgICAgICAgICA8L3Q+CiAg ICAgICAgICAgICAgPHQgaGFuZ1RleHQ9J3N0YXRlJz4KICAgICAgICAgICAgICAgIDx2c3BhY2Ug Lz4KICAgICAgICAgICAgICAgIFJFQ09NTUVOREVELiBBbiBvcGFxdWUgdmFsdWUgdXNlZCBieSB0 aGUgY2xpZW50IHRvIG1haW50YWluIHN0YXRlIGJldHdlZW4gdGhlIHJlcXVlc3QKICAgICAgICAg ICAgICAgIGFuZCBjYWxsYmFjay4gVGhlIGF1dGhvcml6YXRpb24gc2VydmVyIGluY2x1ZGVzIHRo aXMgdmFsdWUgd2hlbiByZWRpcmVjdGluZyB0aGUKICAgICAgICAgICAgICAgIHVzZXItYWdlbnQg YmFjayB0byB0aGUgY2xpZW50LiBUaGUgcGFyYW1ldGVyIFNIT1VMRCBiZSB1c2VkIGZvciBwcmV2 ZW50aW5nCiAgICAgICAgICAgICAgICBjcm9zcy1zaXRlIHJlcXVlc3QgZm9yZ2VyeSBhcyBkZXNj cmliZWQgaW4gPHhyZWYgdGFyZ2V0PSdDU1JGJyAvPi4KICAgICAgICAgICAgICA8L3Q+CiAgICAg ICAgICAgIDwvbGlzdD4KICAgICAgICAgIDwvdD4KICAgICAgICAgIDx0PgogICAgICAgICAgICBU aGUgY2xpZW50IGRpcmVjdHMgdGhlIHJlc291cmNlIG93bmVyIHRvIHRoZSBjb25zdHJ1Y3RlZCBV UkkgdXNpbmcgYW4gSFRUUCByZWRpcmVjdGlvbgogICAgICAgICAgICByZXNwb25zZSwgb3IgYnkg b3RoZXIgbWVhbnMgYXZhaWxhYmxlIHRvIGl0IHZpYSB0aGUgdXNlci1hZ2VudC4KICAgICAgICAg IDwvdD4KICAgICAgICAgIDxmaWd1cmU+CiAgICAgICAgICAgIDxwcmVhbWJsZT4KICAgICAgICAg ICAgICBGb3IgZXhhbXBsZSwgdGhlIGNsaWVudCBkaXJlY3RzIHRoZSB1c2VyLWFnZW50IHRvIG1h a2UgdGhlIGZvbGxvd2luZyBIVFRQIHJlcXVlc3QKICAgICAgICAgICAgICB1c2luZyBUTFMgKGV4 dHJhIGxpbmUgYnJlYWtzIGFyZSBmb3IgZGlzcGxheSBwdXJwb3NlcyBvbmx5KToKICAgICAgICAg ICAgPC9wcmVhbWJsZT4KICAgICAgICAgICAgPGFydHdvcms+PCFbQ0RBVEFbCiAgR0VUIC9hdXRo b3JpemU/cmVzcG9uc2VfdHlwZT10b2tlbiZjbGllbnRfaWQ9czZCaGRSa3F0MyZzdGF0ZT14eXoK ICAgICAgJnJlZGlyZWN0X3VyaT1odHRwcyUzQSUyRiUyRmNsaWVudCUyRWV4YW1wbGUlMkVjb20l MkZjYiBIVFRQLzEuMQogIEhvc3Q6IHNlcnZlci5leGFtcGxlLmNvbQpdXT48L2FydHdvcms+CiAg ICAgICAgICA8L2ZpZ3VyZT4KICAgICAgICAgIDx0PgogICAgICAgICAgICBUaGUgYXV0aG9yaXph dGlvbiBzZXJ2ZXIgdmFsaWRhdGVzIHRoZSByZXF1ZXN0IHRvIGVuc3VyZSBhbGwgcmVxdWlyZWQg cGFyYW1ldGVycyBhcmUKICAgICAgICAgICAgcHJlc2VudCBhbmQgdmFsaWQuIFRoZSBhdXRob3Jp emF0aW9uIHNlcnZlciBNVVNUIHZlcmlmeSB0aGF0IHRoZSByZWRpcmVjdGlvbiBVUkkgdG8gd2hp Y2gKICAgICAgICAgICAgaXQgd2lsbCByZWRpcmVjdCB0aGUgYWNjZXNzIHRva2VuIG1hdGNoZXMg YSByZWRpcmVjdGlvbiBVUkkgcmVnaXN0ZXJlZCBieSB0aGUgY2xpZW50IGFzCiAgICAgICAgICAg IGRlc2NyaWJlZCBpbiA8eHJlZiB0YXJnZXQ9J3JlZGlyZWN0LXVyaScgLz4uCiAgICAgICAgICA8 L3Q+CiAgICAgICAgICA8dD4KICAgICAgICAgICAgSWYgdGhlIHJlcXVlc3QgaXMgdmFsaWQsIHRo ZSBhdXRob3JpemF0aW9uIHNlcnZlciBhdXRoZW50aWNhdGVzIHRoZSByZXNvdXJjZSBvd25lciBh bmQKICAgICAgICAgICAgb2J0YWlucyBhbiBhdXRob3JpemF0aW9uIGRlY2lzaW9uIChieSBhc2tp bmcgdGhlIHJlc291cmNlIG93bmVyIG9yIGJ5IGVzdGFibGlzaGluZwogICAgICAgICAgICBhcHBy b3ZhbCB2aWEgb3RoZXIgbWVhbnMpLgogICAgICAgICAgPC90PgogICAgICAgICAgPHQ+CiAgICAg ICAgICAgIFdoZW4gYSBkZWNpc2lvbiBpcyBlc3RhYmxpc2hlZCwgdGhlIGF1dGhvcml6YXRpb24g c2VydmVyIGRpcmVjdHMgdGhlIHVzZXItYWdlbnQgdG8gdGhlCiAgICAgICAgICAgIHByb3ZpZGVk IGNsaWVudCByZWRpcmVjdGlvbiBVUkkgdXNpbmcgYW4gSFRUUCByZWRpcmVjdGlvbiByZXNwb25z ZSwgb3IgYnkgb3RoZXIgbWVhbnMKICAgICAgICAgICAgYXZhaWxhYmxlIHRvIGl0IHZpYSB0aGUg dXNlci1hZ2VudC4KICAgICAgICAgIDwvdD4KICAgICAgICA8L3NlY3Rpb24+CgogICAgICAgIDxz ZWN0aW9uIHRpdGxlPSdBY2Nlc3MgVG9rZW4gUmVzcG9uc2UnIGFuY2hvcj0iaW1wbGljaXQtYXV0 aHotcmVzcCI+CiAgICAgICAgICA8dD4KICAgICAgICAgICAgSWYgdGhlIHJlc291cmNlIG93bmVy IGdyYW50cyB0aGUgYWNjZXNzIHJlcXVlc3QsIHRoZSBhdXRob3JpemF0aW9uIHNlcnZlciBpc3N1 ZXMgYW4KICAgICAgICAgICAgYWNjZXNzIHRva2VuIGFuZCBkZWxpdmVycyBpdCB0byB0aGUgY2xp ZW50IGJ5IGFkZGluZyB0aGUgZm9sbG93aW5nIHBhcmFtZXRlcnMgdG8KICAgICAgICAgICAgdGhl IGZyYWdtZW50IGNvbXBvbmVudCBvZiB0aGUgcmVkaXJlY3Rpb24gVVJJIHVzaW5nIHRoZQogICAg ICAgICAgICA8c3Bhbnggc3R5bGU9J3ZlcmInPmFwcGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJsZW5j b2RlZDwvc3Bhbng+IGZvcm1hdDoKICAgICAgICAgIDwvdD4KICAgICAgICAgIDx0PgogICAgICAg ICAgICA8bGlzdCBzdHlsZT0naGFuZ2luZycgaGFuZ0luZGVudD0nNic+CiAgICAgICAgICAgICAg PHQgaGFuZ1RleHQ9J2FjY2Vzc190b2tlbic+CiAgICAgICAgICAgICAgICA8dnNwYWNlIC8+CiAg ICAgICAgICAgICAgICBSRVFVSVJFRC4gVGhlIGFjY2VzcyB0b2tlbiBpc3N1ZWQgYnkgdGhlIGF1 dGhvcml6YXRpb24gc2VydmVyLgogICAgICAgICAgICAgIDwvdD4KICAgICAgICAgICAgICA8dCBo YW5nVGV4dD0ndG9rZW5fdHlwZSc+CiAgICAgICAgICAgICAgICA8dnNwYWNlIC8+CiAgICAgICAg ICAgICAgICBSRVFVSVJFRC4gVGhlIHR5cGUgb2YgdGhlIHRva2VuIGlzc3VlZCBhcyBkZXNjcmli ZWQgaW4KICAgICAgICAgICAgICAgIDx4cmVmIHRhcmdldD0ndG9rZW4tdHlwZXMnIC8+LiBWYWx1 ZSBpcyBjYXNlIGluc2Vuc2l0aXZlLgogICAgICAgICAgICAgIDwvdD4KICAgICAgICAgICAgICA8 dCBoYW5nVGV4dD0nZXhwaXJlc19pbic+CiAgICAgICAgICAgICAgICA8dnNwYWNlIC8+CiAgICAg ICAgICAgICAgICBSRUNPTU1FTkRFRC4gVGhlIGxpZmV0aW1lIGluIHNlY29uZHMgb2YgdGhlIGFj Y2VzcyB0b2tlbi4gRm9yIGV4YW1wbGUsIHRoZSB2YWx1ZQogICAgICAgICAgICAgICAgPHNwYW54 IHN0eWxlPSd2ZXJiJz4zNjAwPC9zcGFueD4gZGVub3RlcyB0aGF0IHRoZSBhY2Nlc3MgdG9rZW4g d2lsbCBleHBpcmUgaW4gb25lCiAgICAgICAgICAgICAgICBob3VyIGZyb20gdGhlIHRpbWUgdGhl IHJlc3BvbnNlIHdhcyBnZW5lcmF0ZWQuIElmIG9taXR0ZWQsIHRoZSBhdXRob3JpemF0aW9uIHNl cnZlcgogICAgICAgICAgICAgICAgU0hPVUxEIHByb3ZpZGUgdGhlIGV4cGlyYXRpb24gdGltZSB2 aWEgb3RoZXIgbWVhbnMgb3IgZG9jdW1lbnQgdGhlIGRlZmF1bHQgdmFsdWUuCiAgICAgICAgICAg ICAgPC90PgogICAgICAgICAgICAgIDx0IGhhbmdUZXh0PSdzY29wZSc+CiAgICAgICAgICAgICAg ICA8dnNwYWNlIC8+CiAgICAgICAgICAgICAgICBPUFRJT05BTCwgaWYgaWRlbnRpY2FsIHRvIHRo ZSBzY29wZSByZXF1ZXN0ZWQgYnkgdGhlIGNsaWVudCwgb3RoZXJ3aXNlIFJFUVVJUkVELiBUaGUK ICAgICAgICAgICAgICAgIHNjb3BlIG9mIHRoZSBhY2Nlc3MgdG9rZW4gYXMgZGVzY3JpYmVkIGJ5 IDx4cmVmIHRhcmdldD0nc2NvcGUnIC8+LgogICAgICAgICAgICAgIDwvdD4KICAgICAgICAgICAg ICA8dCBoYW5nVGV4dD0nc3RhdGUnPgogICAgICAgICAgICAgICAgPHZzcGFjZSAvPgogICAgICAg ICAgICAgICAgUkVRVUlSRUQgaWYgdGhlIDxzcGFueCBzdHlsZT0ndmVyYic+c3RhdGU8L3NwYW54 PiBwYXJhbWV0ZXIgd2FzIHByZXNlbnQgaW4gdGhlCiAgICAgICAgICAgICAgICBjbGllbnQgYXV0 aG9yaXphdGlvbiByZXF1ZXN0LiBUaGUgZXhhY3QgdmFsdWUgcmVjZWl2ZWQgZnJvbSB0aGUgY2xp ZW50LgogICAgICAgICAgICAgIDwvdD4KICAgICAgICAgICAgPC9saXN0PgogICAgICAgICAgPC90 PgogICAgICAgICAgPHQ+CiAgICAgICAgICAgIFRoZSBhdXRob3JpemF0aW9uIHNlcnZlciBNVVNU IE5PVCBpc3N1ZSBhIHJlZnJlc2ggdG9rZW4uCiAgICAgICAgICA8L3Q+CiAgICAgICAgICA8Zmln dXJlPgogICAgICAgICAgICA8cHJlYW1ibGU+CiAgICAgICAgICAgICAgRm9yIGV4YW1wbGUsIHRo ZSBhdXRob3JpemF0aW9uIHNlcnZlciByZWRpcmVjdHMgdGhlIHVzZXItYWdlbnQgYnkgc2VuZGlu ZyB0aGUKICAgICAgICAgICAgICBmb2xsb3dpbmcgSFRUUCByZXNwb25zZSAoVVJJIGV4dHJhIGxp bmUgYnJlYWtzIGFyZSBmb3IgZGlzcGxheSBwdXJwb3NlcyBvbmx5KToKICAgICAgICAgICAgPC9w cmVhbWJsZT4KICAgICAgICAgICAgPGFydHdvcms+PCFbQ0RBVEFbCiAgSFRUUC8xLjEgMzAyIEZv dW5kCiAgTG9jYXRpb246IGh0dHA6Ly9leGFtcGxlLmNvbS9jYiNhY2Nlc3NfdG9rZW49MllvdG5G WkZFanIxekNzaWNNV3BBQQogICAgICAgICAgICAmc3RhdGU9eHl6JnRva2VuX3R5cGU9ZXhhbXBs ZSZleHBpcmVzX2luPTM2MDAKXV0+PC9hcnR3b3JrPgogICAgICAgICAgICA8cG9zdGFtYmxlPgog ICAgICAgICAgICAgIERldmVsb3BlcnMgc2hvdWxkIG5vdGUgdGhhdCBzb21lIHVzZXItYWdlbnRz IGRvIG5vdCBzdXBwb3J0IHRoZSBpbmNsdXNpb24gb2YgYQogICAgICAgICAgICAgIGZyYWdtZW50 IGNvbXBvbmVudCBpbiB0aGUgSFRUUCA8c3Bhbnggc3R5bGU9J3ZlcmInPkxvY2F0aW9uPC9zcGFu eD4gcmVzcG9uc2UgaGVhZGVyCiAgICAgICAgICAgICAgZmllbGQuIFN1Y2ggY2xpZW50cyB3aWxs IHJlcXVpcmUgdXNpbmcgb3RoZXIgbWV0aG9kcyBmb3IgcmVkaXJlY3RpbmcgdGhlIGNsaWVudCB0 aGFuCiAgICAgICAgICAgICAgYSAzeHggcmVkaXJlY3Rpb24gcmVzcG9uc2UuIEZvciBleGFtcGxl LCByZXR1cm5pbmcgYW4gSFRNTCBwYWdlIHdoaWNoIGluY2x1ZGVzIGEKICAgICAgICAgICAgICAn Y29udGludWUnIGJ1dHRvbiB3aXRoIGFuIGFjdGlvbiBsaW5rZWQgdG8gdGhlIHJlZGlyZWN0aW9u IFVSSS4KICAgICAgICAgICAgPC9wb3N0YW1ibGU+CiAgICAgICAgICA8L2ZpZ3VyZT4KICAgICAg ICAgIDx0PgogICAgICAgICAgICBUaGUgY2xpZW50IE1VU1QgaWdub3JlIHVucmVjb2duaXplZCBy ZXNwb25zZSBwYXJhbWV0ZXJzLiBUaGUgYWNjZXNzIHRva2VuIHN0cmluZyBzaXplCiAgICAgICAg ICAgIGlzIGxlZnQgdW5kZWZpbmVkIGJ5IHRoaXMgc3BlY2lmaWNhdGlvbi4gVGhlIGNsaWVudCBz aG91bGQgYXZvaWQgbWFraW5nIGFzc3VtcHRpb25zCiAgICAgICAgICAgIGFib3V0IHZhbHVlIHNp emVzLiBUaGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgU0hPVUxEIGRvY3VtZW50IHRoZSBzaXplIG9m IGFueSB2YWx1ZSBpdAogICAgICAgICAgICBpc3N1ZXMuCiAgICAgICAgICA8L3Q+CgogICAgICAg ICAgPHNlY3Rpb24gdGl0bGU9J0Vycm9yIFJlc3BvbnNlJyBhbmNob3I9J2ltcGxpY2l0LWF1dGh6 LWVycm9yJz4KICAgICAgICAgICAgPHQ+CiAgICAgICAgICAgICAgSWYgdGhlIHJlcXVlc3QgZmFp bHMgZHVlIHRvIGEgbWlzc2luZywgaW52YWxpZCwgb3IgbWlzbWF0Y2hpbmcgcmVkaXJlY3Rpb24g VVJJLCBvciBpZgogICAgICAgICAgICAgIHRoZSBjbGllbnQgaWRlbnRpZmllciBpcyBtaXNzaW5n IG9yIGludmFsaWQsIHRoZSBhdXRob3JpemF0aW9uIHNlcnZlciBTSE9VTEQgaW5mb3JtCiAgICAg ICAgICAgICAgdGhlIHJlc291cmNlIG93bmVyIG9mIHRoZSBlcnJvciwgYW5kIE1VU1QgTk9UIGF1 dG9tYXRpY2FsbHkgcmVkaXJlY3QgdGhlIHVzZXItYWdlbnQKICAgICAgICAgICAgICB0byB0aGUg aW52YWxpZCByZWRpcmVjdGlvbiBVUkkuCiAgICAgICAgICAgIDwvdD4KICAgICAgICAgICAgPHQ+ CiAgICAgICAgICAgICAgSWYgdGhlIHJlc291cmNlIG93bmVyIGRlbmllcyB0aGUgYWNjZXNzIHJl cXVlc3Qgb3IgaWYgdGhlIHJlcXVlc3QgZmFpbHMgZm9yIHJlYXNvbnMKICAgICAgICAgICAgICBv dGhlciB0aGFuIGEgbWlzc2luZyBvciBpbnZhbGlkIHJlZGlyZWN0aW9uIFVSSSwgdGhlIGF1dGhv cml6YXRpb24gc2VydmVyIGluZm9ybXMgdGhlCiAgICAgICAgICAgICAgY2xpZW50IGJ5IGFkZGlu ZyB0aGUgZm9sbG93aW5nIHBhcmFtZXRlcnMgdG8gdGhlIGZyYWdtZW50IGNvbXBvbmVudCBvZiB0 aGUKICAgICAgICAgICAgICByZWRpcmVjdGlvbiBVUkkgdXNpbmcgdGhlCiAgICAgICAgICAgICAg PHNwYW54IHN0eWxlPSd2ZXJiJz5hcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQ8L3Nw YW54PiBmb3JtYXQ6CiAgICAgICAgICAgIDwvdD4KICAgICAgICAgICAgPHQ+CiAgICAgICAgICAg ICAgPGxpc3Qgc3R5bGU9J2hhbmdpbmcnIGhhbmdJbmRlbnQ9JzYnPgogICAgICAgICAgICAgICAg PHQgaGFuZ1RleHQ9J2Vycm9yJz4KICAgICAgICAgICAgICAgICAgPHZzcGFjZSAvPgogICAgICAg ICAgICAgICAgICBSRVFVSVJFRC4gQSBzaW5nbGUgQVNDSUkgPHhyZWYgdGFyZ2V0PSJVU0FTQ0lJ IiAvPiBlcnJvciBjb2RlIGZyb20gdGhlIGZvbGxvd2luZzoKCiAgICAgICAgICAgICAgICAgIDxs aXN0IHN0eWxlPSdoYW5naW5nJyBoYW5nSW5kZW50PSc2Jz4KICAgICAgICAgICAgICAgICAgICA8 dCBoYW5nVGV4dD0naW52YWxpZF9yZXF1ZXN0Jz4KICAgICAgICAgICAgICAgICAgICAgIDx2c3Bh Y2UgLz4KICAgICAgICAgICAgICAgICAgICAgIFRoZSByZXF1ZXN0IGlzIG1pc3NpbmcgYSByZXF1 aXJlZCBwYXJhbWV0ZXIsIGluY2x1ZGVzIGFuIGludmFsaWQKICAgICAgICAgICAgICAgICAgICAg IHBhcmFtZXRlciB2YWx1ZSwgaW5jbHVkZXMgYSBwYXJhbWV0ZXIgbW9yZSB0aGFuIG9uY2UsIG9y IGlzIG90aGVyd2lzZSBtYWxmb3JtZWQuCiAgICAgICAgICAgICAgICAgICAgPC90PgogICAgICAg ICAgICAgICAgICAgIDx0IGhhbmdUZXh0PSd1bmF1dGhvcml6ZWRfY2xpZW50Jz4KICAgICAgICAg ICAgICAgICAgICAgIDx2c3BhY2UgLz4KICAgICAgICAgICAgICAgICAgICAgIFRoZSBjbGllbnQg aXMgbm90IGF1dGhvcml6ZWQgdG8gcmVxdWVzdCBhbiBhY2Nlc3MgdG9rZW4gdXNpbmcgdGhpcyBt ZXRob2QuCiAgICAgICAgICAgICAgICAgICAgPC90PgogICAgICAgICAgICAgICAgICAgIDx0IGhh bmdUZXh0PSdhY2Nlc3NfZGVuaWVkJz4KICAgICAgICAgICAgICAgICAgICAgIDx2c3BhY2UgLz4K ICAgICAgICAgICAgICAgICAgICAgIFRoZSByZXNvdXJjZSBvd25lciBvciBhdXRob3JpemF0aW9u IHNlcnZlciBkZW5pZWQgdGhlIHJlcXVlc3QuCiAgICAgICAgICAgICAgICAgICAgPC90PgogICAg ICAgICAgICAgICAgICAgIDx0IGhhbmdUZXh0PSd1bnN1cHBvcnRlZF9yZXNwb25zZV90eXBlJz4K ICAgICAgICAgICAgICAgICAgICAgIDx2c3BhY2UgLz4KICAgICAgICAgICAgICAgICAgICAgIFRo ZSBhdXRob3JpemF0aW9uIHNlcnZlciBkb2VzIG5vdCBzdXBwb3J0IG9idGFpbmluZyBhbiBhY2Nl c3MgdG9rZW4gdXNpbmcKICAgICAgICAgICAgICAgICAgICAgIHRoaXMgbWV0aG9kLgogICAgICAg ICAgICAgICAgICAgIDwvdD4KICAgICAgICAgICAgICAgICAgICA8dCBoYW5nVGV4dD0naW52YWxp ZF9zY29wZSc+CiAgICAgICAgICAgICAgICAgICAgICA8dnNwYWNlIC8+CiAgICAgICAgICAgICAg ICAgICAgICBUaGUgcmVxdWVzdGVkIHNjb3BlIGlzIGludmFsaWQsIHVua25vd24sIG9yIG1hbGZv cm1lZC4KICAgICAgICAgICAgICAgICAgICA8L3Q+CiAgICAgICAgICAgICAgICAgICAgPHQgaGFu Z1RleHQ9J3NlcnZlcl9lcnJvcic+CiAgICAgICAgICAgICAgICAgICAgICA8dnNwYWNlIC8+CiAg ICAgICAgICAgICAgICAgICAgICBUaGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgZW5jb3VudGVyZWQg YW4gdW5leHBlY3RlZCBjb25kaXRpb24gd2hpY2ggcHJldmVudGVkCiAgICAgICAgICAgICAgICAg ICAgICBpdCBmcm9tIGZ1bGZpbGxpbmcgdGhlIHJlcXVlc3QuCiAgICAgICAgICAgICAgICAgICAg PC90PgogICAgICAgICAgICAgICAgICAgIDx0IGhhbmdUZXh0PSd0ZW1wb3JhcmlseV91bmF2YWls YWJsZSc+CiAgICAgICAgICAgICAgICAgICAgICA8dnNwYWNlIC8+CiAgICAgICAgICAgICAgICAg ICAgICBUaGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgaXMgY3VycmVudGx5IHVuYWJsZSB0byBoYW5k bGUgdGhlIHJlcXVlc3QgZHVlIHRvIGEKICAgICAgICAgICAgICAgICAgICAgIHRlbXBvcmFyeSBv dmVybG9hZGluZyBvciBtYWludGVuYW5jZSBvZiB0aGUgc2VydmVyLgogICAgICAgICAgICAgICAg ICAgIDwvdD4KICAgICAgICAgICAgICAgICAgPC9saXN0PgoKCQkgIFZhbHVlcyBmb3IgdGhlIDxz cGFueCBzdHlsZT0ndmVyYic+ZXJyb3I8L3NwYW54PiBwYXJhbWV0ZXIgTVVTVCBOT1QgaW5jbHVk ZQoJCSAgY2hhcmFjdGVycyBvdXRzaWRlIHRoZSBzZXQgJXgyMC0yMSAvICV4MjMtNUIgLyAleDVE LTdFLgogICAgICAgICAgICAgICAgPC90PgogICAgICAgICAgICAgICAgPHQgaGFuZ1RleHQ9J2Vy cm9yX2Rlc2NyaXB0aW9uJz4KICAgICAgICAgICAgICAgICAgPHZzcGFjZSAvPgogICAgICAgICAg ICAgICAgICBPUFRJT05BTC4gQSBodW1hbi1yZWFkYWJsZSBBU0NJSSA8eHJlZiB0YXJnZXQ9IlVT QVNDSUkiIC8+IHRleHQgcHJvdmlkaW5nIGFkZGl0aW9uYWwgaW5mb3JtYXRpb24sCiAgICAgICAg ICAgICAgICAgIHVzZWQgdG8gYXNzaXN0IHRoZSBjbGllbnQgZGV2ZWxvcGVyIGluIHVuZGVyc3Rh bmRpbmcgdGhlIGVycm9yIHRoYXQgb2NjdXJyZWQuCgkJICA8dnNwYWNlLz4KCQkgIFZhbHVlcyBm b3IgdGhlIDxzcGFueCBzdHlsZT0ndmVyYic+ZXJyb3JfZGVzY3JpcHRpb248L3NwYW54PiBwYXJh bWV0ZXIgTVVTVCBOT1QgaW5jbHVkZQoJCSAgY2hhcmFjdGVycyBvdXRzaWRlIHRoZSBzZXQgJXgy MC0yMSAvICV4MjMtNUIgLyAleDVELTdFLgogICAgICAgICAgICAgICAgPC90PgogICAgICAgICAg ICAgICAgPHQgaGFuZ1RleHQ9J2Vycm9yX3VyaSc+CiAgICAgICAgICAgICAgICAgIDx2c3BhY2Ug Lz4KICAgICAgICAgICAgICAgICAgT1BUSU9OQUwuIEEgVVJJIGlkZW50aWZ5aW5nIGEgaHVtYW4t cmVhZGFibGUgd2ViIHBhZ2Ugd2l0aCBpbmZvcm1hdGlvbiBhYm91dCB0aGUKICAgICAgICAgICAg ICAgICAgZXJyb3IsIHVzZWQgdG8gcHJvdmlkZSB0aGUgY2xpZW50IGRldmVsb3BlciB3aXRoIGFk ZGl0aW9uYWwgaW5mb3JtYXRpb24gYWJvdXQgdGhlCiAgICAgICAgICAgICAgICAgIGVycm9yLgoJ CSAgPHZzcGFjZS8+CgkJICBWYWx1ZXMgZm9yIHRoZSA8c3Bhbnggc3R5bGU9J3ZlcmInPmVycm9y X3VyaTwvc3Bhbng+IHBhcmFtZXRlcgoJCSAgTVVTVCBjb25mb3JtIHRvIHRoZSBVUkktUmVmZXJl bmNlIHN5bnRheCwgYW5kIHRodXMgTVVTVCBOT1QgaW5jbHVkZQoJCSAgY2hhcmFjdGVycyBvdXRz aWRlIHRoZSBzZXQgJXgyMSAvICV4MjMtNUIgLyAleDVELTdFLgogICAgICAgICAgICAgICAgPC90 PgogICAgICAgICAgICAgICAgPHQgaGFuZ1RleHQ9J3N0YXRlJz4KICAgICAgICAgICAgICAgICAg PHZzcGFjZSAvPgogICAgICAgICAgICAgICAgICBSRVFVSVJFRCBpZiBhIDxzcGFueCBzdHlsZT0n dmVyYic+c3RhdGU8L3NwYW54PiBwYXJhbWV0ZXIgd2FzIHByZXNlbnQgaW4gdGhlCiAgICAgICAg ICAgICAgICAgIGNsaWVudCBhdXRob3JpemF0aW9uIHJlcXVlc3QuIFRoZSBleGFjdCB2YWx1ZSBy ZWNlaXZlZCBmcm9tIHRoZSBjbGllbnQuCiAgICAgICAgICAgICAgICA8L3Q+CiAgICAgICAgICAg ICAgPC9saXN0PgogICAgICAgICAgICA8L3Q+CiAgICAgICAgICAgIDxmaWd1cmU+CiAgICAgICAg ICAgICAgPHByZWFtYmxlPgogICAgICAgICAgICAgICAgRm9yIGV4YW1wbGUsIHRoZSBhdXRob3Jp emF0aW9uIHNlcnZlciByZWRpcmVjdHMgdGhlIHVzZXItYWdlbnQgYnkgc2VuZGluZyB0aGUKICAg ICAgICAgICAgICAgIGZvbGxvd2luZyBIVFRQIHJlc3BvbnNlOgogICAgICAgICAgICAgIDwvcHJl YW1ibGU+CiAgICAgICAgICAgICAgPGFydHdvcms+PCFbQ0RBVEFbCiAgSFRUUC8xLjEgMzAyIEZv dW5kCiAgTG9jYXRpb246IGh0dHBzOi8vY2xpZW50LmV4YW1wbGUuY29tL2NiI2Vycm9yPWFjY2Vz c19kZW5pZWQmc3RhdGU9eHl6Cl1dPjwvYXJ0d29yaz4KICAgICAgICAgICAgPC9maWd1cmU+CiAg ICAgICAgICA8L3NlY3Rpb24+CgogICAgICAgIDwvc2VjdGlvbj4KCiAgICAgIDwvc2VjdGlvbj4K CiAgICAgIDxzZWN0aW9uIHRpdGxlPSdSZXNvdXJjZSBPd25lciBQYXNzd29yZCBDcmVkZW50aWFs cyBHcmFudCcgYW5jaG9yPSdncmFudC1wYXNzd29yZCc+CiAgICAgICAgPHQ+CiAgICAgICAgICBU aGUgcmVzb3VyY2Ugb3duZXIgcGFzc3dvcmQgY3JlZGVudGlhbHMgZ3JhbnQgdHlwZSBpcyBzdWl0 YWJsZSBpbiBjYXNlcyB3aGVyZSB0aGUKICAgICAgICAgIHJlc291cmNlIG93bmVyIGhhcyBhIHRy dXN0IHJlbGF0aW9uc2hpcCB3aXRoIHRoZSBjbGllbnQsIHN1Y2ggYXMgdGhlIGRldmljZSBvcGVy YXRpbmcKICAgICAgICAgIHN5c3RlbSBvciBhIGhpZ2hseSBwcml2aWxlZ2VkIGFwcGxpY2F0aW9u LiBUaGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgc2hvdWxkIHRha2Ugc3BlY2lhbAogICAgICAgICAg Y2FyZSB3aGVuIGVuYWJsaW5nIHRoaXMgZ3JhbnQgdHlwZSwgYW5kIG9ubHkgYWxsb3cgaXQgd2hl biBvdGhlciBmbG93cyBhcmUgbm90IHZpYWJsZS4KICAgICAgICA8L3Q+CiAgICAgICAgPHQ+CiAg ICAgICAgICBUaGUgZ3JhbnQgdHlwZSBpcyBzdWl0YWJsZSBmb3IgY2xpZW50cyBjYXBhYmxlIG9m IG9idGFpbmluZyB0aGUgcmVzb3VyY2Ugb3duZXIncwogICAgICAgICAgY3JlZGVudGlhbHMgKHVz ZXJuYW1lIGFuZCBwYXNzd29yZCwgdHlwaWNhbGx5IHVzaW5nIGFuIGludGVyYWN0aXZlIGZvcm0p LiBJdCBpcyBhbHNvIHVzZWQKICAgICAgICAgIHRvIG1pZ3JhdGUgZXhpc3RpbmcgY2xpZW50cyB1 c2luZyBkaXJlY3QgYXV0aGVudGljYXRpb24gc2NoZW1lcyBzdWNoIGFzIEhUVFAgQmFzaWMgb3IK ICAgICAgICAgIERpZ2VzdCBhdXRoZW50aWNhdGlvbiB0byBPQXV0aCBieSBjb252ZXJ0aW5nIHRo ZSBzdG9yZWQgY3JlZGVudGlhbHMgdG8gYW4gYWNjZXNzIHRva2VuLgogICAgICAgIDwvdD4KICAg ICAgICA8ZmlndXJlIHRpdGxlPSdSZXNvdXJjZSBPd25lciBQYXNzd29yZCBDcmVkZW50aWFscyBG bG93JyBhbmNob3I9J0ZpZ3VyZS01Jz4KICAgICAgICAgIDxhcnR3b3JrPjwhW0NEQVRBWwogICst LS0tLS0tLS0tKwogIHwgUmVzb3VyY2UgfAogIHwgIE93bmVyICAgfAogIHwgICAgICAgICAgfAog ICstLS0tLS0tLS0tKwogICAgICAgdgogICAgICAgfCAgICBSZXNvdXJjZSBPd25lcgogICAgICAo QSkgUGFzc3dvcmQgQ3JlZGVudGlhbHMKICAgICAgIHwKICAgICAgIHYKICArLS0tLS0tLS0tKyAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICArLS0tLS0tLS0tLS0tLS0tKwogIHwgICAg ICAgICB8Pi0tKEIpLS0tLSBSZXNvdXJjZSBPd25lciAtLS0tLS0tPnwgICAgICAgICAgICAgICB8 CiAgfCAgICAgICAgIHwgICAgICAgICBQYXNzd29yZCBDcmVkZW50aWFscyAgICAgfCBBdXRob3Jp emF0aW9uIHwKICB8IENsaWVudCAgfCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICB8 ICAgICBTZXJ2ZXIgICAgfAogIHwgICAgICAgICB8PC0tKEMpLS0tLSBBY2Nlc3MgVG9rZW4gLS0t LS0tLS0tPHwgICAgICAgICAgICAgICB8CiAgfCAgICAgICAgIHwgICAgKHcvIE9wdGlvbmFsIFJl ZnJlc2ggVG9rZW4pICAgfCAgICAgICAgICAgICAgIHwKICArLS0tLS0tLS0tKyAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICArLS0tLS0tLS0tLS0tLS0tKwpdXT48L2FydHdvcms+CiAg ICAgICAgPC9maWd1cmU+CiAgICAgICAgPHQ+CiAgICAgICAgICBUaGUgZmxvdyBpbGx1c3RyYXRl ZCBpbiA8eHJlZiB0YXJnZXQ9J0ZpZ3VyZS01JyAvPiBpbmNsdWRlcyB0aGUgZm9sbG93aW5nIHN0 ZXBzOgogICAgICAgIDwvdD4KICAgICAgICA8dD4KICAgICAgICAgIDxsaXN0IHN0eWxlPSdmb3Jt YXQgKCVDKSc+CiAgICAgICAgICAgIDx0PgogICAgICAgICAgICAgIFRoZSByZXNvdXJjZSBvd25l ciBwcm92aWRlcyB0aGUgY2xpZW50IHdpdGggaXRzIHVzZXJuYW1lIGFuZCBwYXNzd29yZC4KICAg ICAgICAgICAgPC90PgogICAgICAgICAgICA8dD4KICAgICAgICAgICAgICBUaGUgY2xpZW50IHJl cXVlc3RzIGFuIGFjY2VzcyB0b2tlbiBmcm9tIHRoZSBhdXRob3JpemF0aW9uIHNlcnZlcidzIHRv a2VuIGVuZHBvaW50IGJ5CiAgICAgICAgICAgICAgaW5jbHVkaW5nIHRoZSBjcmVkZW50aWFscyBy ZWNlaXZlZCBmcm9tIHRoZSByZXNvdXJjZSBvd25lci4gV2hlbiBtYWtpbmcgdGhlIHJlcXVlc3Qs CiAgICAgICAgICAgICAgdGhlIGNsaWVudCBhdXRoZW50aWNhdGVzIHdpdGggdGhlIGF1dGhvcml6 YXRpb24gc2VydmVyLgogICAgICAgICAgICA8L3Q+CiAgICAgICAgICAgIDx0PgogICAgICAgICAg ICAgIFRoZSBhdXRob3JpemF0aW9uIHNlcnZlciBhdXRoZW50aWNhdGVzIHRoZSBjbGllbnQgYW5k IHZhbGlkYXRlcyB0aGUgcmVzb3VyY2Ugb3duZXIKICAgICAgICAgICAgICBjcmVkZW50aWFscywg YW5kIGlmIHZhbGlkIGlzc3VlcyBhbiBhY2Nlc3MgdG9rZW4uCiAgICAgICAgICAgIDwvdD4KICAg ICAgICAgIDwvbGlzdD4KICAgICAgICA8L3Q+CgogICAgICAgIDxzZWN0aW9uIHRpdGxlPSdBdXRo b3JpemF0aW9uIFJlcXVlc3QgYW5kIFJlc3BvbnNlJz4KICAgICAgICAgIDx0PgogICAgICAgICAg ICBUaGUgbWV0aG9kIHRocm91Z2ggd2hpY2ggdGhlIGNsaWVudCBvYnRhaW5zIHRoZSByZXNvdXJj ZSBvd25lciBjcmVkZW50aWFscyBpcyBiZXlvbmQKICAgICAgICAgICAgdGhlIHNjb3BlIG9mIHRo aXMgc3BlY2lmaWNhdGlvbi4gVGhlIGNsaWVudCBNVVNUIGRpc2NhcmQgdGhlIGNyZWRlbnRpYWxz IG9uY2UgYW4gYWNjZXNzCiAgICAgICAgICAgIHRva2VuIGhhcyBiZWVuIG9idGFpbmVkLgogICAg ICAgICAgPC90PgogICAgICAgIDwvc2VjdGlvbj4KCiAgICAgICAgPHNlY3Rpb24gdGl0bGU9J0Fj Y2VzcyBUb2tlbiBSZXF1ZXN0JyBhbmNob3I9InBhc3N3b3JkLXRvay1yZXEiPgogICAgICAgICAg PHQ+CiAgICAgICAgICAgIFRoZSBjbGllbnQgbWFrZXMgYSByZXF1ZXN0IHRvIHRoZSB0b2tlbiBl bmRwb2ludCBieSBhZGRpbmcgdGhlIGZvbGxvd2luZyBwYXJhbWV0ZXJzCiAgICAgICAgICAgIHVz aW5nIHRoZSA8c3Bhbnggc3R5bGU9J3ZlcmInPmFwcGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJsZW5j b2RlZDwvc3Bhbng+IGZvcm1hdAoJICAgIDx4cmVmIHRhcmdldD0nVzNDLlJFQy1odG1sNDAxLTE5 OTkxMjI0Jy8+IGFuZCBhIGNoYXJhY3RlciBlbmNvZGluZyBvZiBVVEYtOAoJICAgIGluIHRoZSBI VFRQIHJlcXVlc3QgZW50aXR5LWJvZHk6CiAgICAgICAgICA8L3Q+CiAgICAgICAgICA8dD4KICAg ICAgICAgICAgPGxpc3Qgc3R5bGU9J2hhbmdpbmcnIGhhbmdJbmRlbnQ9JzYnPgogICAgICAgICAg ICAgIDx0IGhhbmdUZXh0PSdncmFudF90eXBlJz4KICAgICAgICAgICAgICAgIDx2c3BhY2UgLz4K ICAgICAgICAgICAgICAgIFJFUVVJUkVELiBWYWx1ZSBNVVNUIGJlIHNldCB0byA8c3Bhbnggc3R5 bGU9J3ZlcmInPnBhc3N3b3JkPC9zcGFueD4uCiAgICAgICAgICAgICAgPC90PgogICAgICAgICAg ICAgIDx0IGhhbmdUZXh0PSd1c2VybmFtZSc+CiAgICAgICAgICAgICAgICA8dnNwYWNlIC8+CiAg ICAgICAgICAgICAgICBSRVFVSVJFRC4gVGhlIHJlc291cmNlIG93bmVyIHVzZXJuYW1lLgogICAg ICAgICAgICAgIDwvdD4KICAgICAgICAgICAgICA8dCBoYW5nVGV4dD0ncGFzc3dvcmQnPgogICAg ICAgICAgICAgICAgPHZzcGFjZSAvPgogICAgICAgICAgICAgICAgUkVRVUlSRUQuIFRoZSByZXNv dXJjZSBvd25lciBwYXNzd29yZC4KICAgICAgICAgICAgICA8L3Q+CiAgICAgICAgICAgICAgPHQg aGFuZ1RleHQ9J3Njb3BlJz4KICAgICAgICAgICAgICAgIDx2c3BhY2UgLz4KICAgICAgICAgICAg ICAgIE9QVElPTkFMLiBUaGUgc2NvcGUgb2YgdGhlIGFjY2VzcyByZXF1ZXN0IGFzIGRlc2NyaWJl ZCBieSA8eHJlZiB0YXJnZXQ9J3Njb3BlJyAvPi4KICAgICAgICAgICAgICA8L3Q+CiAgICAgICAg ICAgIDwvbGlzdD4KICAgICAgICAgIDwvdD4KICAgICAgICAgIDx0PgogICAgICAgICAgICBJZiB0 aGUgY2xpZW50IHR5cGUgaXMgY29uZmlkZW50aWFsIG9yIHRoZSBjbGllbnQgd2FzIGlzc3VlZCBj bGllbnQgY3JlZGVudGlhbHMgKG9yCiAgICAgICAgICAgIGFzc2lnbmVkIG90aGVyIGF1dGhlbnRp Y2F0aW9uIHJlcXVpcmVtZW50cyksIHRoZSBjbGllbnQgTVVTVCBhdXRoZW50aWNhdGUgd2l0aCB0 aGUKICAgICAgICAgICAgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgYXMgZGVzY3JpYmVkIGluIDx4cmVm IHRhcmdldD0ndG9rZW4tZW5kcG9pbnQtYXV0aCcgLz4uCiAgICAgICAgICA8L3Q+CiAgICAgICAg ICA8ZmlndXJlPgogICAgICAgICAgICA8cHJlYW1ibGU+CiAgICAgICAgICAgICAgRm9yIGV4YW1w bGUsIHRoZSBjbGllbnQgbWFrZXMgdGhlIGZvbGxvd2luZyBIVFRQIHJlcXVlc3QgdXNpbmcgdHJh bnNwb3J0LWxheWVyCiAgICAgICAgICAgICAgc2VjdXJpdHkgKGV4dHJhIGxpbmUgYnJlYWtzIGFy ZSBmb3IgZGlzcGxheSBwdXJwb3NlcyBvbmx5KToKICAgICAgICAgICAgPC9wcmVhbWJsZT4KICAg ICAgICAgICAgPGFydHdvcms+PCFbQ0RBVEFbCiAgUE9TVCAvdG9rZW4gSFRUUC8xLjEKICBIb3N0 OiBzZXJ2ZXIuZXhhbXBsZS5jb20KICBBdXRob3JpemF0aW9uOiBCYXNpYyBjelpDYUdSU2EzRjBN enBuV0RGbVFtRjBNMkpXCiAgQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVy bGVuY29kZWQKCiAgZ3JhbnRfdHlwZT1wYXNzd29yZCZ1c2VybmFtZT1qb2huZG9lJnBhc3N3b3Jk PUEzZGRqM3cKXV0+PC9hcnR3b3JrPgogICAgICAgICAgPC9maWd1cmU+CiAgICAgICAgICA8dD4K ICAgICAgICAgICAgVGhlIGF1dGhvcml6YXRpb24gc2VydmVyIE1VU1Q6CiAgICAgICAgICA8L3Q+ CiAgICAgICAgICA8dD4KICAgICAgICAgICAgPGxpc3Qgc3R5bGU9J3N5bWJvbHMnPgogICAgICAg ICAgICAgIDx0PgogICAgICAgICAgICAgICAgcmVxdWlyZSBjbGllbnQgYXV0aGVudGljYXRpb24g Zm9yIGNvbmZpZGVudGlhbCBjbGllbnRzIG9yIGZvciBhbnkgY2xpZW50IHRoYXQgd2FzCiAgICAg ICAgICAgICAgICBpc3N1ZWQgY2xpZW50IGNyZWRlbnRpYWxzIChvciB3aXRoIG90aGVyIGF1dGhl bnRpY2F0aW9uIHJlcXVpcmVtZW50cyksCiAgICAgICAgICAgICAgPC90PgogICAgICAgICAgICAg IDx0PgogICAgICAgICAgICAgICAgYXV0aGVudGljYXRlIHRoZSBjbGllbnQgaWYgY2xpZW50IGF1 dGhlbnRpY2F0aW9uIGlzIGluY2x1ZGVkLCBhbmQKICAgICAgICAgICAgICA8L3Q+CiAgICAgICAg ICAgICAgPHQ+CiAgICAgICAgICAgICAgICB2YWxpZGF0ZSB0aGUgcmVzb3VyY2Ugb3duZXIgcGFz c3dvcmQgY3JlZGVudGlhbHMgdXNpbmcgaXRzIGV4aXN0aW5nIHBhc3N3b3JkCiAgICAgICAgICAg ICAgICB2YWxpZGF0aW9uIGFsZ29yaXRobS4KICAgICAgICAgICAgICA8L3Q+CiAgICAgICAgICAg IDwvbGlzdD4KICAgICAgICAgIDwvdD4KICAgICAgICAgIDx0PgogICAgICAgICAgICBTaW5jZSB0 aGlzIGFjY2VzcyB0b2tlbiByZXF1ZXN0IHV0aWxpemVzIHRoZSByZXNvdXJjZSBvd25lcidzIHBh c3N3b3JkLCB0aGUKICAgICAgICAgICAgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgTVVTVCBwcm90ZWN0 IHRoZSBlbmRwb2ludCBhZ2FpbnN0IGJydXRlIGZvcmNlIGF0dGFja3MgKGUuZy4gdXNpbmcKICAg ICAgICAgICAgcmF0ZS1saW1pdGF0aW9uIG9yIGdlbmVyYXRpbmcgYWxlcnRzKS4KICAgICAgICAg IDwvdD4KICAgICAgICA8L3NlY3Rpb24+CgogICAgICAgIDxzZWN0aW9uIHRpdGxlPSdBY2Nlc3Mg VG9rZW4gUmVzcG9uc2UnPgogICAgICAgICAgPHQ+CiAgICAgICAgICAgIElmIHRoZSBhY2Nlc3Mg dG9rZW4gcmVxdWVzdCBpcyB2YWxpZCBhbmQgYXV0aG9yaXplZCwgdGhlIGF1dGhvcml6YXRpb24g c2VydmVyIGlzc3VlcyBhbgogICAgICAgICAgICBhY2Nlc3MgdG9rZW4gYW5kIG9wdGlvbmFsIHJl ZnJlc2ggdG9rZW4gYXMgZGVzY3JpYmVkIGluIDx4cmVmIHRhcmdldD0ndG9rZW4tcmVzcG9uc2Un IC8+LgogICAgICAgICAgICBJZiB0aGUgcmVxdWVzdCBmYWlsZWQgY2xpZW50IGF1dGhlbnRpY2F0 aW9uIG9yIGlzIGludmFsaWQsIHRoZSBhdXRob3JpemF0aW9uIHNlcnZlciByZXR1cm5zCiAgICAg ICAgICAgIGFuIGVycm9yIHJlc3BvbnNlIGFzIGRlc2NyaWJlZCBpbiA8eHJlZiB0YXJnZXQ9J3Rv a2VuLWVycm9ycycgLz4uCiAgICAgICAgICA8L3Q+CiAgICAgICAgICA8ZmlndXJlPgogICAgICAg ICAgICA8cHJlYW1ibGU+CiAgICAgICAgICAgICAgQW4gZXhhbXBsZSBzdWNjZXNzZnVsIHJlc3Bv bnNlOgogICAgICAgICAgICA8L3ByZWFtYmxlPgogICAgICAgICAgICA8YXJ0d29yaz48IVtDREFU QVsKICBIVFRQLzEuMSAyMDAgT0sKICBDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL2pzb247Y2hh cnNldD1VVEYtOAogIENhY2hlLUNvbnRyb2w6IG5vLXN0b3JlCiAgUHJhZ21hOiBuby1jYWNoZQoK ICB7CiAgICAiYWNjZXNzX3Rva2VuIjoiMllvdG5GWkZFanIxekNzaWNNV3BBQSIsCiAgICAidG9r ZW5fdHlwZSI6ImV4YW1wbGUiLAogICAgImV4cGlyZXNfaW4iOjM2MDAsCiAgICAicmVmcmVzaF90 b2tlbiI6InRHenYzSk9rRjBYRzVReDJUbEtXSUEiLAogICAgImV4YW1wbGVfcGFyYW1ldGVyIjoi ZXhhbXBsZV92YWx1ZSIKICB9Cl1dPjwvYXJ0d29yaz4KICAgICAgICAgIDwvZmlndXJlPgogICAg ICAgIDwvc2VjdGlvbj4KCiAgICAgIDwvc2VjdGlvbj4KCiAgICAgIDxzZWN0aW9uIHRpdGxlPSdD bGllbnQgQ3JlZGVudGlhbHMgR3JhbnQnIGFuY2hvcj0nZ3JhbnQtY2xpZW50Jz4KICAgICAgICA8 dD4KICAgICAgICAgIFRoZSBjbGllbnQgY2FuIHJlcXVlc3QgYW4gYWNjZXNzIHRva2VuIHVzaW5n IG9ubHkgaXRzIGNsaWVudCBjcmVkZW50aWFscyAob3Igb3RoZXIKICAgICAgICAgIHN1cHBvcnRl ZCBtZWFucyBvZiBhdXRoZW50aWNhdGlvbikgd2hlbiB0aGUgY2xpZW50IGlzIHJlcXVlc3Rpbmcg YWNjZXNzIHRvIHRoZQogICAgICAgICAgcHJvdGVjdGVkIHJlc291cmNlcyB1bmRlciBpdHMgY29u dHJvbCwgb3IgdGhvc2Ugb2YgYW5vdGhlciByZXNvdXJjZSBvd25lciB3aGljaCBoYXMgYmVlbgog ICAgICAgICAgcHJldmlvdXNseSBhcnJhbmdlZCB3aXRoIHRoZSBhdXRob3JpemF0aW9uIHNlcnZl ciAodGhlIG1ldGhvZCBvZiB3aGljaCBpcyBiZXlvbmQgdGhlCiAgICAgICAgICBzY29wZSBvZiB0 aGlzIHNwZWNpZmljYXRpb24pLgogICAgICAgIDwvdD4KICAgICAgICA8dD4KICAgICAgICAgIFRo ZSBjbGllbnQgY3JlZGVudGlhbHMgZ3JhbnQgdHlwZSBNVVNUIG9ubHkgYmUgdXNlZCBieSBjb25m aWRlbnRpYWwgY2xpZW50cy4KICAgICAgICA8L3Q+CiAgICAgICAgPGZpZ3VyZSB0aXRsZT0nQ2xp ZW50IENyZWRlbnRpYWxzIEZsb3cnIGFuY2hvcj0nRmlndXJlLTYnPgogICAgICAgICAgPGFydHdv cms+PCFbQ0RBVEFbCiAgKy0tLS0tLS0tLSsgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgKy0tLS0tLS0tLS0tLS0tLSsKICB8ICAgICAgICAgfCAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICB8ICAgICAgICAgICAgICAgfAogIHwgICAgICAgICB8Pi0tKEEpLSBDbGllbnQg QXV0aGVudGljYXRpb24gLS0tPnwgQXV0aG9yaXphdGlvbiB8CiAgfCBDbGllbnQgIHwgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgfCAgICAgU2VydmVyICAgIHwKICB8ICAgICAgICAg fDwtLShCKS0tLS0gQWNjZXNzIFRva2VuIC0tLS0tLS0tLTx8ICAgICAgICAgICAgICAgfAogIHwg ICAgICAgICB8ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHwgICAgICAgICAgICAg ICB8CiAgKy0tLS0tLS0tLSsgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgKy0tLS0t LS0tLS0tLS0tLSsKXV0+PC9hcnR3b3JrPgogICAgICAgIDwvZmlndXJlPgogICAgICAgIDx0Pgog ICAgICAgICAgVGhlIGZsb3cgaWxsdXN0cmF0ZWQgaW4gPHhyZWYgdGFyZ2V0PSdGaWd1cmUtNicg Lz4gaW5jbHVkZXMgdGhlIGZvbGxvd2luZyBzdGVwczoKICAgICAgICA8L3Q+CiAgICAgICAgPHQ+ CiAgICAgICAgICA8bGlzdCBzdHlsZT0nZm9ybWF0ICglQyknPgogICAgICAgICAgICA8dD4KICAg ICAgICAgICAgICBUaGUgY2xpZW50IGF1dGhlbnRpY2F0ZXMgd2l0aCB0aGUgYXV0aG9yaXphdGlv biBzZXJ2ZXIgYW5kIHJlcXVlc3RzIGFuIGFjY2VzcyB0b2tlbgogICAgICAgICAgICAgIGZyb20g dGhlIHRva2VuIGVuZHBvaW50LgogICAgICAgICAgICA8L3Q+CiAgICAgICAgICAgIDx0PgogICAg ICAgICAgICAgIFRoZSBhdXRob3JpemF0aW9uIHNlcnZlciBhdXRoZW50aWNhdGVzIHRoZSBjbGll bnQsIGFuZCBpZiB2YWxpZCBpc3N1ZXMgYW4gYWNjZXNzCiAgICAgICAgICAgICAgdG9rZW4uCiAg ICAgICAgICAgIDwvdD4KICAgICAgICAgIDwvbGlzdD4KICAgICAgICA8L3Q+CgogICAgICAgIDxz ZWN0aW9uIHRpdGxlPSdBdXRob3JpemF0aW9uIFJlcXVlc3QgYW5kIFJlc3BvbnNlJz4KICAgICAg ICAgIDx0PgogICAgICAgICAgICBTaW5jZSB0aGUgY2xpZW50IGF1dGhlbnRpY2F0aW9uIGlzIHVz ZWQgYXMgdGhlIGF1dGhvcml6YXRpb24gZ3JhbnQsIG5vIGFkZGl0aW9uYWwKICAgICAgICAgICAg YXV0aG9yaXphdGlvbiByZXF1ZXN0IGlzIG5lZWRlZC4KICAgICAgICAgIDwvdD4KICAgICAgICA8 L3NlY3Rpb24+CgogICAgICAgIDxzZWN0aW9uIHRpdGxlPSdBY2Nlc3MgVG9rZW4gUmVxdWVzdCcg YW5jaG9yPSJjbGllbnQtcmVxIj4KICAgICAgICAgIDx0PgogICAgICAgICAgICBUaGUgY2xpZW50 IG1ha2VzIGEgcmVxdWVzdCB0byB0aGUgdG9rZW4gZW5kcG9pbnQgYnkgYWRkaW5nIHRoZSBmb2xs b3dpbmcgcGFyYW1ldGVycwogICAgICAgICAgICB1c2luZyB0aGUgPHNwYW54IHN0eWxlPSd2ZXJi Jz5hcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQ8L3NwYW54PiBmb3JtYXQKCSAgICA8 eHJlZiB0YXJnZXQ9J1czQy5SRUMtaHRtbDQwMS0xOTk5MTIyNCcvPiBhbmQgYSBjaGFyYWN0ZXIg ZW5jb2Rpbmcgb2YgVVRGLTgKCSAgICBpbiB0aGUgSFRUUCByZXF1ZXN0IGVudGl0eS1ib2R5Ogog ICAgICAgICAgPC90PgogICAgICAgICAgPHQ+CiAgICAgICAgICAgIDxsaXN0IHN0eWxlPSdoYW5n aW5nJyBoYW5nSW5kZW50PSc2Jz4KICAgICAgICAgICAgICA8dCBoYW5nVGV4dD0nZ3JhbnRfdHlw ZSc+CiAgICAgICAgICAgICAgICA8dnNwYWNlIC8+CiAgICAgICAgICAgICAgICBSRVFVSVJFRC4g VmFsdWUgTVVTVCBiZSBzZXQgdG8gPHNwYW54IHN0eWxlPSd2ZXJiJz5jbGllbnRfY3JlZGVudGlh bHM8L3NwYW54Pi4KICAgICAgICAgICAgICA8L3Q+CiAgICAgICAgICAgICAgPHQgaGFuZ1RleHQ9 J3Njb3BlJz4KICAgICAgICAgICAgICAgIDx2c3BhY2UgLz4KICAgICAgICAgICAgICAgIE9QVElP TkFMLiBUaGUgc2NvcGUgb2YgdGhlIGFjY2VzcyByZXF1ZXN0IGFzIGRlc2NyaWJlZCBieSA8eHJl ZiB0YXJnZXQ9J3Njb3BlJyAvPi4KICAgICAgICAgICAgICA8L3Q+CiAgICAgICAgICAgIDwvbGlz dD4KICAgICAgICAgIDwvdD4KICAgICAgICAgIDx0PgogICAgICAgICAgICBUaGUgY2xpZW50IE1V U1QgYXV0aGVudGljYXRlIHdpdGggdGhlIGF1dGhvcml6YXRpb24gc2VydmVyIGFzIGRlc2NyaWJl ZCBpbgogICAgICAgICAgICA8eHJlZiB0YXJnZXQ9J3Rva2VuLWVuZHBvaW50LWF1dGgnIC8+Lgog ICAgICAgICAgPC90PgogICAgICAgICAgPGZpZ3VyZT4KICAgICAgICAgICAgPHByZWFtYmxlPgog ICAgICAgICAgICAgIEZvciBleGFtcGxlLCB0aGUgY2xpZW50IG1ha2VzIHRoZSBmb2xsb3dpbmcg SFRUUCByZXF1ZXN0IHVzaW5nIHRyYW5zcG9ydC1sYXllcgogICAgICAgICAgICAgIHNlY3VyaXR5 IChleHRyYSBsaW5lIGJyZWFrcyBhcmUgZm9yIGRpc3BsYXkgcHVycG9zZXMgb25seSk6CiAgICAg ICAgICAgIDwvcHJlYW1ibGU+CiAgICAgICAgICA8YXJ0d29yaz48IVtDREFUQVsKICBQT1NUIC90 b2tlbiBIVFRQLzEuMQogIEhvc3Q6IHNlcnZlci5leGFtcGxlLmNvbQogIEF1dGhvcml6YXRpb246 IEJhc2ljIGN6WkNhR1JTYTNGME16cG5XREZtUW1GME0ySlcKICBDb250ZW50LVR5cGU6IGFwcGxp Y2F0aW9uL3gtd3d3LWZvcm0tdXJsZW5jb2RlZAoKICBncmFudF90eXBlPWNsaWVudF9jcmVkZW50 aWFscwpdXT48L2FydHdvcms+CiAgICAgICAgICA8L2ZpZ3VyZT4KICAgICAgICAgIDx0PgogICAg ICAgICAgICBUaGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgTVVTVCBhdXRoZW50aWNhdGUgdGhlIGNs aWVudC4KICAgICAgICAgIDwvdD4KICAgICAgICA8L3NlY3Rpb24+CgogICAgICAgIDxzZWN0aW9u IHRpdGxlPSdBY2Nlc3MgVG9rZW4gUmVzcG9uc2UnPgogICAgICAgICAgPHQ+CiAgICAgICAgICAg IElmIHRoZSBhY2Nlc3MgdG9rZW4gcmVxdWVzdCBpcyB2YWxpZCBhbmQgYXV0aG9yaXplZCwgdGhl IGF1dGhvcml6YXRpb24gc2VydmVyIGlzc3VlcyBhbgogICAgICAgICAgICBhY2Nlc3MgdG9rZW4g YXMgZGVzY3JpYmVkIGluIDx4cmVmIHRhcmdldD0ndG9rZW4tcmVzcG9uc2UnIC8+LiBBIHJlZnJl c2ggdG9rZW4gU0hPVUxECiAgICAgICAgICAgIE5PVCBiZSBpbmNsdWRlZC4gSWYgdGhlIHJlcXVl c3QgZmFpbGVkIGNsaWVudCBhdXRoZW50aWNhdGlvbiBvciBpcyBpbnZhbGlkLCB0aGUKICAgICAg ICAgICAgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgcmV0dXJucyBhbiBlcnJvciByZXNwb25zZSBhcyBk ZXNjcmliZWQgaW4KICAgICAgICAgICAgPHhyZWYgdGFyZ2V0PSd0b2tlbi1lcnJvcnMnIC8+Lgog ICAgICAgICAgPC90PgogICAgICAgICAgPGZpZ3VyZT4KICAgICAgICAgICAgPHByZWFtYmxlPgog ICAgICAgICAgICAgIEFuIGV4YW1wbGUgc3VjY2Vzc2Z1bCByZXNwb25zZToKICAgICAgICAgICAg PC9wcmVhbWJsZT4KICAgICAgICAgICAgPGFydHdvcms+PCFbQ0RBVEFbCiAgSFRUUC8xLjEgMjAw IE9LCiAgQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi9qc29uO2NoYXJzZXQ9VVRGLTgKICBDYWNo ZS1Db250cm9sOiBuby1zdG9yZQogIFByYWdtYTogbm8tY2FjaGUKCiAgewogICAgImFjY2Vzc190 b2tlbiI6IjJZb3RuRlpGRWpyMXpDc2ljTVdwQUEiLAogICAgInRva2VuX3R5cGUiOiJleGFtcGxl IiwKICAgICJleHBpcmVzX2luIjozNjAwLAogICAgImV4YW1wbGVfcGFyYW1ldGVyIjoiZXhhbXBs ZV92YWx1ZSIKICB9Cl1dPjwvYXJ0d29yaz4KICAgICAgICAgIDwvZmlndXJlPgogICAgICAgIDwv c2VjdGlvbj4KCiAgICAgIDwvc2VjdGlvbj4KCiAgICAgIDxzZWN0aW9uIHRpdGxlPSdFeHRlbnNp b24gR3JhbnRzJyBhbmNob3I9ImV4dC1ncmFudCI+CiAgICAgICAgPHQ+CiAgICAgICAgICBUaGUg Y2xpZW50IHVzZXMgYW4gZXh0ZW5zaW9uIGdyYW50IHR5cGUgYnkgc3BlY2lmeWluZyB0aGUgZ3Jh bnQgdHlwZSB1c2luZyBhbgogICAgICAgICAgYWJzb2x1dGUgVVJJIChkZWZpbmVkIGJ5IHRoZSBh dXRob3JpemF0aW9uIHNlcnZlcikgYXMgdGhlIHZhbHVlIG9mIHRoZQogICAgICAgICAgPHNwYW54 IHN0eWxlPSd2ZXJiJz5ncmFudF90eXBlPC9zcGFueD4gcGFyYW1ldGVyIG9mIHRoZSB0b2tlbiBl bmRwb2ludCwgYW5kIGJ5CiAgICAgICAgICBhZGRpbmcgYW55IGFkZGl0aW9uYWwgcGFyYW1ldGVy cyBuZWNlc3NhcnkuCiAgICAgICAgPC90PgogICAgICAgIDxmaWd1cmU+CiAgICAgICAgICA8cHJl YW1ibGU+CiAgICAgICAgICAgIEZvciBleGFtcGxlLCB0byByZXF1ZXN0IGFuIGFjY2VzcyB0b2tl biB1c2luZyBhIFNBTUwgMi4wIGFzc2VydGlvbiBncmFudCB0eXBlIGFzCiAgICAgICAgICAgIGRl ZmluZWQgYnkgPHhyZWYgdGFyZ2V0PSdJLUQuaWV0Zi1vYXV0aC1zYW1sMi1iZWFyZXInIC8+LCB0 aGUgY2xpZW50IGNvdWxkIG1ha2UgdGhlCiAgICAgICAgICAgIGZvbGxvd2luZyBIVFRQIHJlcXVl c3QgdXNpbmcgVExTIChsaW5lIGJyZWFrcyBhcmUgZm9yIGRpc3BsYXkgcHVycG9zZXMgb25seSk6 CiAgICAgICAgICA8L3ByZWFtYmxlPgogICAgICAgICAgPGFydHdvcms+PCFbQ0RBVEFbCiAgUE9T VCAvdG9rZW4gSFRUUC8xLjEKICBIb3N0OiBzZXJ2ZXIuZXhhbXBsZS5jb20KICBDb250ZW50LVR5 cGU6IGFwcGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJsZW5jb2RlZAoKICBncmFudF90eXBlPXVybiUz QWlldGYlM0FwYXJhbXMlM0FvYXV0aCUzQWdyYW50LXR5cGUlM0FzYW1sMi0KICBiZWFyZXImYXNz ZXJ0aW9uPVBFRnpjMlZ5ZEdsdmJpQkpjM04xWlVsdWMzUmhiblE5SWpJd01URXRNRFUKICBbLi4u b21pdHRlZCBmb3IgYnJldml0eS4uLl1hRzVUZEdGMFpXMWxiblEtUEM5QmMzTmxjblJwYjI0LQpd XT48L2FydHdvcms+CiAgICAgICAgPC9maWd1cmU+CiAgICAgICAgPHQ+CiAgICAgICAgICBJZiB0 aGUgYWNjZXNzIHRva2VuIHJlcXVlc3QgaXMgdmFsaWQgYW5kIGF1dGhvcml6ZWQsIHRoZSBhdXRo b3JpemF0aW9uIHNlcnZlciBpc3N1ZXMgYW4KICAgICAgICAgIGFjY2VzcyB0b2tlbiBhbmQgb3B0 aW9uYWwgcmVmcmVzaCB0b2tlbiBhcyBkZXNjcmliZWQgaW4gPHhyZWYgdGFyZ2V0PSd0b2tlbi1y ZXNwb25zZScgLz4uCiAgICAgICAgICBJZiB0aGUgcmVxdWVzdCBmYWlsZWQgY2xpZW50IGF1dGhl bnRpY2F0aW9uIG9yIGlzIGludmFsaWQsIHRoZSBhdXRob3JpemF0aW9uIHNlcnZlciByZXR1cm5z CiAgICAgICAgICBhbiBlcnJvciByZXNwb25zZSBhcyBkZXNjcmliZWQgaW4gPHhyZWYgdGFyZ2V0 PSd0b2tlbi1lcnJvcnMnIC8+LgogICAgICAgIDwvdD4KICAgICAgPC9zZWN0aW9uPgoKICAgIDwv c2VjdGlvbj4KCiAgICA8c2VjdGlvbiB0aXRsZT0nSXNzdWluZyBhbiBBY2Nlc3MgVG9rZW4nIGFu Y2hvcj0ndG9rZW4taXNzdWUnPgogICAgICA8dD4KICAgICAgICBJZiB0aGUgYWNjZXNzIHRva2Vu IHJlcXVlc3QgaXMgdmFsaWQgYW5kIGF1dGhvcml6ZWQsIHRoZSBhdXRob3JpemF0aW9uIHNlcnZl ciBpc3N1ZXMgYW4KICAgICAgICBhY2Nlc3MgdG9rZW4gYW5kIG9wdGlvbmFsIHJlZnJlc2ggdG9r ZW4gYXMgZGVzY3JpYmVkIGluIDx4cmVmIHRhcmdldD0ndG9rZW4tcmVzcG9uc2UnIC8+LgogICAg ICAgIElmIHRoZSByZXF1ZXN0IGZhaWxlZCBjbGllbnQgYXV0aGVudGljYXRpb24gb3IgaXMgaW52 YWxpZCwgdGhlIGF1dGhvcml6YXRpb24gc2VydmVyIHJldHVybnMKICAgICAgICBhbiBlcnJvciBy ZXNwb25zZSBhcyBkZXNjcmliZWQgaW4gPHhyZWYgdGFyZ2V0PSd0b2tlbi1lcnJvcnMnIC8+Lgog ICAgICA8L3Q+CgogICAgICA8c2VjdGlvbiB0aXRsZT0nU3VjY2Vzc2Z1bCBSZXNwb25zZScgYW5j aG9yPSd0b2tlbi1yZXNwb25zZSc+CiAgICAgICAgPHQ+CiAgICAgICAgICBUaGUgYXV0aG9yaXph dGlvbiBzZXJ2ZXIgaXNzdWVzIGFuIGFjY2VzcyB0b2tlbiBhbmQgb3B0aW9uYWwgcmVmcmVzaCB0 b2tlbiwgYW5kCiAgICAgICAgICBjb25zdHJ1Y3RzIHRoZSByZXNwb25zZSBieSBhZGRpbmcgdGhl IGZvbGxvd2luZyBwYXJhbWV0ZXJzIHRvIHRoZSBlbnRpdHkgYm9keSBvZiB0aGUgSFRUUAogICAg ICAgICAgcmVzcG9uc2Ugd2l0aCBhIDIwMCAoT0spIHN0YXR1cyBjb2RlOgogICAgICAgIDwvdD4K ICAgICAgICA8dD4KICAgICAgICAgIDxsaXN0IHN0eWxlPSdoYW5naW5nJyBoYW5nSW5kZW50PSc2 Jz4KICAgICAgICAgICAgPHQgaGFuZ1RleHQ9J2FjY2Vzc190b2tlbic+CiAgICAgICAgICAgICAg PHZzcGFjZSAvPgogICAgICAgICAgICAgIFJFUVVJUkVELiBUaGUgYWNjZXNzIHRva2VuIGlzc3Vl ZCBieSB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIuCiAgICAgICAgICAgIDwvdD4KICAgICAgICAg ICAgPHQgaGFuZ1RleHQ9J3Rva2VuX3R5cGUnPgogICAgICAgICAgICAgIDx2c3BhY2UgLz4KICAg ICAgICAgICAgICBSRVFVSVJFRC4gVGhlIHR5cGUgb2YgdGhlIHRva2VuIGlzc3VlZCBhcyBkZXNj cmliZWQgaW4gPHhyZWYgdGFyZ2V0PSd0b2tlbi10eXBlcycgLz4uCiAgICAgICAgICAgICAgVmFs dWUgaXMgY2FzZSBpbnNlbnNpdGl2ZS4KICAgICAgICAgICAgPC90PgogICAgICAgICAgICA8dCBo YW5nVGV4dD0nZXhwaXJlc19pbic+CiAgICAgICAgICAgICAgPHZzcGFjZSAvPgogICAgICAgICAg ICAgIFJFQ09NTUVOREVELiBUaGUgbGlmZXRpbWUgaW4gc2Vjb25kcyBvZiB0aGUgYWNjZXNzIHRv a2VuLiBGb3IgZXhhbXBsZSwgdGhlIHZhbHVlCiAgICAgICAgICAgICAgPHNwYW54IHN0eWxlPSd2 ZXJiJz4zNjAwPC9zcGFueD4gZGVub3RlcyB0aGF0IHRoZSBhY2Nlc3MgdG9rZW4gd2lsbCBleHBp cmUgaW4gb25lCiAgICAgICAgICAgICAgaG91ciBmcm9tIHRoZSB0aW1lIHRoZSByZXNwb25zZSB3 YXMgZ2VuZXJhdGVkLiBJZiBvbWl0dGVkLCB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIKICAgICAg ICAgICAgICBTSE9VTEQgcHJvdmlkZSB0aGUgZXhwaXJhdGlvbiB0aW1lIHZpYSBvdGhlciBtZWFu cyBvciBkb2N1bWVudCB0aGUgZGVmYXVsdCB2YWx1ZS4KICAgICAgICAgICAgPC90PgogICAgICAg ICAgICA8dCBoYW5nVGV4dD0ncmVmcmVzaF90b2tlbic+CiAgICAgICAgICAgICAgPHZzcGFjZSAv PgogICAgICAgICAgICAgIE9QVElPTkFMLiBUaGUgcmVmcmVzaCB0b2tlbiB3aGljaCBjYW4gYmUg dXNlZCB0byBvYnRhaW4gbmV3IGFjY2VzcyB0b2tlbnMgdXNpbmcgdGhlCiAgICAgICAgICAgICAg c2FtZSBhdXRob3JpemF0aW9uIGdyYW50IGFzIGRlc2NyaWJlZCBpbiA8eHJlZiB0YXJnZXQ9J3Rv a2VuLXJlZnJlc2gnIC8+LgogICAgICAgICAgICA8L3Q+CiAgICAgICAgICAgIDx0IGhhbmdUZXh0 PSdzY29wZSc+CiAgICAgICAgICAgICAgPHZzcGFjZSAvPgogICAgICAgICAgICAgIE9QVElPTkFM LCBpZiBpZGVudGljYWwgdG8gdGhlIHNjb3BlIHJlcXVlc3RlZCBieSB0aGUgY2xpZW50LCBvdGhl cndpc2UgUkVRVUlSRUQuIFRoZQogICAgICAgICAgICAgIHNjb3BlIG9mIHRoZSBhY2Nlc3MgdG9r ZW4gYXMgZGVzY3JpYmVkIGJ5IDx4cmVmIHRhcmdldD0nc2NvcGUnIC8+LgogICAgICAgICAgICA8 L3Q+CiAgICAgICAgICA8L2xpc3Q+CiAgICAgICAgPC90PgogICAgICAgIDx0PgogICAgICAgICAg VGhlIHBhcmFtZXRlcnMgYXJlIGluY2x1ZGVkIGluIHRoZSBlbnRpdHkgYm9keSBvZiB0aGUgSFRU UCByZXNwb25zZSB1c2luZyB0aGUKICAgICAgICAgIDxzcGFueCBzdHlsZT0ndmVyYic+YXBwbGlj YXRpb24vanNvbjwvc3Bhbng+IG1lZGlhIHR5cGUgYXMgZGVmaW5lZCBieQogICAgICAgICAgPHhy ZWYgdGFyZ2V0PSdSRkM0NjI3JyAvPi4gVGhlIHBhcmFtZXRlcnMgYXJlIHNlcmlhbGl6ZWQgaW50 byBhIEpTT04gc3RydWN0dXJlIGJ5CiAgICAgICAgICBhZGRpbmcgZWFjaCBwYXJhbWV0ZXIgYXQg dGhlIGhpZ2hlc3Qgc3RydWN0dXJlIGxldmVsLiBQYXJhbWV0ZXIgbmFtZXMgYW5kIHN0cmluZyB2 YWx1ZXMKICAgICAgICAgIGFyZSBpbmNsdWRlZCBhcyBKU09OIHN0cmluZ3MuIE51bWVyaWNhbCB2 YWx1ZXMgYXJlIGluY2x1ZGVkIGFzIEpTT04gbnVtYmVycy4gVGhlIG9yZGVyIG9mCiAgICAgICAg ICBwYXJhbWV0ZXJzIGRvZXMgbm90IG1hdHRlciBhbmQgY2FuIHZhcnkuCiAgICAgICAgPC90Pgog ICAgICAgIDx0PgogICAgICAgICAgVGhlIGF1dGhvcml6YXRpb24gc2VydmVyIE1VU1QgaW5jbHVk ZSB0aGUgSFRUUAogICAgICAgICAgPHNwYW54IHN0eWxlPSd2ZXJiJz5DYWNoZS1Db250cm9sPC9z cGFueD4gcmVzcG9uc2UgaGVhZGVyIGZpZWxkIDx4cmVmIHRhcmdldD0nUkZDMjYxNicgLz4KICAg ICAgICAgIHdpdGggYSB2YWx1ZSBvZiA8c3Bhbnggc3R5bGU9J3ZlcmInPm5vLXN0b3JlPC9zcGFu eD4gaW4gYW55IHJlc3BvbnNlIGNvbnRhaW5pbmcgdG9rZW5zLAogICAgICAgICAgY3JlZGVudGlh bHMsIG9yIG90aGVyIHNlbnNpdGl2ZSBpbmZvcm1hdGlvbiwgYXMgd2VsbCBhcyB0aGUKICAgICAg ICAgIDxzcGFueCBzdHlsZT0ndmVyYic+UHJhZ21hPC9zcGFueD4gcmVzcG9uc2UgaGVhZGVyIGZp ZWxkIDx4cmVmIHRhcmdldD0nUkZDMjYxNicgLz4gd2l0aCBhCiAgICAgICAgICB2YWx1ZSBvZiA8 c3Bhbnggc3R5bGU9J3ZlcmInPm5vLWNhY2hlPC9zcGFueD4uCiAgICAgICAgPC90PgogICAgICAg IDxmaWd1cmU+CiAgICAgICAgICA8cHJlYW1ibGU+CiAgICAgICAgICAgIEZvciBleGFtcGxlOgog ICAgICAgICAgPC9wcmVhbWJsZT4KICAgICAgICAgIDxhcnR3b3JrPjwhW0NEQVRBWwogIEhUVFAv MS4xIDIwMCBPSwogIENvbnRlbnQtVHlwZTogYXBwbGljYXRpb24vanNvbjtjaGFyc2V0PVVURi04 CiAgQ2FjaGUtQ29udHJvbDogbm8tc3RvcmUKICBQcmFnbWE6IG5vLWNhY2hlCgogIHsKICAgICJh Y2Nlc3NfdG9rZW4iOiIyWW90bkZaRkVqcjF6Q3NpY01XcEFBIiwKICAgICJ0b2tlbl90eXBlIjoi ZXhhbXBsZSIsCiAgICAiZXhwaXJlc19pbiI6MzYwMCwKICAgICJyZWZyZXNoX3Rva2VuIjoidEd6 djNKT2tGMFhHNVF4MlRsS1dJQSIsCiAgICAiZXhhbXBsZV9wYXJhbWV0ZXIiOiJleGFtcGxlX3Zh bHVlIgogIH0KXV0+PC9hcnR3b3JrPgogICAgICAgIDwvZmlndXJlPgogICAgICAgIDx0PgogICAg ICAgICAgVGhlIGNsaWVudCBNVVNUIGlnbm9yZSB1bnJlY29nbml6ZWQgdmFsdWUgbmFtZXMgaW4g dGhlIHJlc3BvbnNlLiBUaGUgc2l6ZXMgb2YgdG9rZW5zIGFuZAogICAgICAgICAgb3RoZXIgdmFs dWVzIHJlY2VpdmVkIGZyb20gdGhlIGF1dGhvcml6YXRpb24gc2VydmVyIGFyZSBsZWZ0IHVuZGVm aW5lZC4gVGhlIGNsaWVudCBzaG91bGQKICAgICAgICAgIGF2b2lkIG1ha2luZyBhc3N1bXB0aW9u cyBhYm91dCB2YWx1ZSBzaXplcy4gVGhlIGF1dGhvcml6YXRpb24gc2VydmVyIFNIT1VMRCBkb2N1 bWVudCB0aGUKICAgICAgICAgIHNpemUgb2YgYW55IHZhbHVlIGl0IGlzc3Vlcy4KICAgICAgICA8 L3Q+CiAgICAgIDwvc2VjdGlvbj4KCiAgICAgIDxzZWN0aW9uIHRpdGxlPSdFcnJvciBSZXNwb25z ZScgYW5jaG9yPSd0b2tlbi1lcnJvcnMnPgogICAgICAgIDx0PgogICAgICAgICAgVGhlIGF1dGhv cml6YXRpb24gc2VydmVyIHJlc3BvbmRzIHdpdGggYW4gSFRUUCA0MDAgKEJhZCBSZXF1ZXN0KSBz dGF0dXMgY29kZSAodW5sZXNzCiAgICAgICAgICBzcGVjaWZpZWQgb3RoZXJ3aXNlKSBhbmQgaW5j bHVkZXMgdGhlIGZvbGxvd2luZyBwYXJhbWV0ZXJzIHdpdGggdGhlIHJlc3BvbnNlOgogICAgICAg IDwvdD4KICAgICAgICA8dD4KICAgICAgICAgIDxsaXN0IHN0eWxlPSdoYW5naW5nJyBoYW5nSW5k ZW50PSc2Jz4KICAgICAgICAgICAgPHQgaGFuZ1RleHQ9J2Vycm9yJz4KICAgICAgICAgICAgICA8 dnNwYWNlIC8+CiAgICAgICAgICAgICAgUkVRVUlSRUQuIEEgc2luZ2xlIEFTQ0lJIDx4cmVmIHRh cmdldD0iVVNBU0NJSSIgLz4gZXJyb3IgY29kZSBmcm9tIHRoZSBmb2xsb3dpbmc6CgogICAgICAg ICAgICAgIDxsaXN0IHN0eWxlPSdoYW5naW5nJyBoYW5nSW5kZW50PSc2Jz4KICAgICAgICAgICAg ICAgIDx0IGhhbmdUZXh0PSdpbnZhbGlkX3JlcXVlc3QnPgogICAgICAgICAgICAgICAgICA8dnNw YWNlIC8+CiAgICAgICAgICAgICAgICAgIFRoZSByZXF1ZXN0IGlzIG1pc3NpbmcgYSByZXF1aXJl ZCBwYXJhbWV0ZXIsIGluY2x1ZGVzIGFuIHVuc3VwcG9ydGVkCiAgICAgICAgICAgICAgICAgIHBh cmFtZXRlciB2YWx1ZSAob3RoZXIgdGhhbiBncmFudCB0eXBlKSwgcmVwZWF0cyBhIHBhcmFtZXRl ciwgaW5jbHVkZXMgbXVsdGlwbGUKICAgICAgICAgICAgICAgICAgY3JlZGVudGlhbHMsIHV0aWxp emVzIG1vcmUgdGhhbiBvbmUgbWVjaGFuaXNtIGZvciBhdXRoZW50aWNhdGluZyB0aGUgY2xpZW50 LAogICAgICAgICAgICAgICAgICBvciBpcyBvdGhlcndpc2UgbWFsZm9ybWVkLgogICAgICAgICAg ICAgICAgPC90PgogICAgICAgICAgICAgICAgPHQgaGFuZ1RleHQ9J2ludmFsaWRfY2xpZW50Jz4K ICAgICAgICAgICAgICAgICAgPHZzcGFjZSAvPgogICAgICAgICAgICAgICAgICBDbGllbnQgYXV0 aGVudGljYXRpb24gZmFpbGVkIChlLmcuIHVua25vd24gY2xpZW50LCBubyBjbGllbnQgYXV0aGVu dGljYXRpb24KICAgICAgICAgICAgICAgICAgaW5jbHVkZWQsIG9yIHVuc3VwcG9ydGVkIGF1dGhl bnRpY2F0aW9uIG1ldGhvZCkuIFRoZSBhdXRob3JpemF0aW9uIHNlcnZlciBNQVkKICAgICAgICAg ICAgICAgICAgcmV0dXJuIGFuIEhUVFAgNDAxIChVbmF1dGhvcml6ZWQpIHN0YXR1cyBjb2RlIHRv IGluZGljYXRlIHdoaWNoIEhUVFAKICAgICAgICAgICAgICAgICAgYXV0aGVudGljYXRpb24gc2No ZW1lcyBhcmUgc3VwcG9ydGVkLiBJZiB0aGUgY2xpZW50IGF0dGVtcHRlZCB0byBhdXRoZW50aWNh dGUgdmlhCiAgICAgICAgICAgICAgICAgIHRoZSA8c3Bhbnggc3R5bGU9J3ZlcmInPkF1dGhvcml6 YXRpb248L3NwYW54PiByZXF1ZXN0IGhlYWRlciBmaWVsZCwKICAgICAgICAgICAgICAgICAgdGhl IGF1dGhvcml6YXRpb24gc2VydmVyIE1VU1QgcmVzcG9uZCB3aXRoIGFuIEhUVFAgNDAxIChVbmF1 dGhvcml6ZWQpIHN0YXR1cwogICAgICAgICAgICAgICAgICBjb2RlLCBhbmQgaW5jbHVkZSB0aGUg PHNwYW54IHN0eWxlPSd2ZXJiJz5XV1ctQXV0aGVudGljYXRlPC9zcGFueD4gcmVzcG9uc2UKICAg ICAgICAgICAgICAgICAgaGVhZGVyIGZpZWxkIG1hdGNoaW5nIHRoZSBhdXRoZW50aWNhdGlvbiBz Y2hlbWUgdXNlZCBieSB0aGUgY2xpZW50LgogICAgICAgICAgICAgICAgPC90PgogICAgICAgICAg ICAgICAgPHQgaGFuZ1RleHQ9J2ludmFsaWRfZ3JhbnQnPgogICAgICAgICAgICAgICAgICA8dnNw YWNlIC8+CiAgICAgICAgICAgICAgICAgIFRoZSBwcm92aWRlZCBhdXRob3JpemF0aW9uIGdyYW50 IChlLmcuIGF1dGhvcml6YXRpb24gY29kZSwgcmVzb3VyY2Ugb3duZXIKICAgICAgICAgICAgICAg ICAgY3JlZGVudGlhbHMpIG9yIHJlZnJlc2ggdG9rZW4gaXMgaW52YWxpZCwgZXhwaXJlZCwgcmV2 b2tlZCwgZG9lcyBub3QgbWF0Y2ggdGhlCiAgICAgICAgICAgICAgICAgIHJlZGlyZWN0aW9uIFVS SSB1c2VkIGluIHRoZSBhdXRob3JpemF0aW9uIHJlcXVlc3QsIG9yIHdhcyBpc3N1ZWQgdG8gYW5v dGhlcgogICAgICAgICAgICAgICAgICBjbGllbnQuCiAgICAgICAgICAgICAgICA8L3Q+CiAgICAg ICAgICAgICAgICA8dCBoYW5nVGV4dD0ndW5hdXRob3JpemVkX2NsaWVudCc+CiAgICAgICAgICAg ICAgICAgIDx2c3BhY2UgLz4KICAgICAgICAgICAgICAgICAgVGhlIGF1dGhlbnRpY2F0ZWQgY2xp ZW50IGlzIG5vdCBhdXRob3JpemVkIHRvIHVzZSB0aGlzIGF1dGhvcml6YXRpb24gZ3JhbnQgdHlw ZS4KICAgICAgICAgICAgICAgIDwvdD4KICAgICAgICAgICAgICAgIDx0IGhhbmdUZXh0PSd1bnN1 cHBvcnRlZF9ncmFudF90eXBlJz4KICAgICAgICAgICAgICAgICAgPHZzcGFjZSAvPgogICAgICAg ICAgICAgICAgICBUaGUgYXV0aG9yaXphdGlvbiBncmFudCB0eXBlIGlzIG5vdCBzdXBwb3J0ZWQg YnkgdGhlIGF1dGhvcml6YXRpb24gc2VydmVyLgogICAgICAgICAgICAgICAgPC90PgogICAgICAg ICAgICAgICAgPHQgaGFuZ1RleHQ9J2ludmFsaWRfc2NvcGUnPgogICAgICAgICAgICAgICAgICA8 dnNwYWNlIC8+CiAgICAgICAgICAgICAgICAgIFRoZSByZXF1ZXN0ZWQgc2NvcGUgaXMgaW52YWxp ZCwgdW5rbm93biwgbWFsZm9ybWVkLCBvciBleGNlZWRzIHRoZSBzY29wZSBncmFudGVkCiAgICAg ICAgICAgICAgICAgIGJ5IHRoZSByZXNvdXJjZSBvd25lci4KICAgICAgICAgICAgICAgIDwvdD4K ICAgICAgICAgICAgICA8L2xpc3Q+CgoJICAgICAgVmFsdWVzIGZvciB0aGUgPHNwYW54IHN0eWxl PSd2ZXJiJz5lcnJvcjwvc3Bhbng+IHBhcmFtZXRlciBNVVNUIE5PVCBpbmNsdWRlCgkgICAgICBj aGFyYWN0ZXJzIG91dHNpZGUgdGhlIHNldCAleDIwLTIxIC8gJXgyMy01QiAvICV4NUQtN0UuCiAg ICAgICAgICAgIDwvdD4KICAgICAgICAgICAgPHQgaGFuZ1RleHQ9J2Vycm9yX2Rlc2NyaXB0aW9u Jz4KICAgICAgICAgICAgICA8dnNwYWNlIC8+CiAgICAgICAgICAgICAgT1BUSU9OQUwuIEEgaHVt YW4tcmVhZGFibGUgQVNDSUkgPHhyZWYgdGFyZ2V0PSJVU0FTQ0lJIiAvPiB0ZXh0IHByb3ZpZGlu ZyBhZGRpdGlvbmFsIGluZm9ybWF0aW9uLAogICAgICAgICAgICAgIHVzZWQgdG8gYXNzaXN0IHRo ZSBjbGllbnQgZGV2ZWxvcGVyIGluIHVuZGVyc3RhbmRpbmcgdGhlIGVycm9yIHRoYXQgb2NjdXJy ZWQuCgkgICAgICA8dnNwYWNlLz4KCSAgICAgIFZhbHVlcyBmb3IgdGhlIDxzcGFueCBzdHlsZT0n dmVyYic+ZXJyb3JfZGVzY3JpcHRpb248L3NwYW54PiBwYXJhbWV0ZXIgTVVTVCBOT1QgaW5jbHVk ZQoJICAgICAgY2hhcmFjdGVycyBvdXRzaWRlIHRoZSBzZXQgJXgyMC0yMSAvICV4MjMtNUIgLyAl eDVELTdFLgogICAgICAgICAgICA8L3Q+CiAgICAgICAgICAgIDx0IGhhbmdUZXh0PSdlcnJvcl91 cmknPgogICAgICAgICAgICAgIDx2c3BhY2UgLz4KICAgICAgICAgICAgICBPUFRJT05BTC4gQSBV UkkgaWRlbnRpZnlpbmcgYSBodW1hbi1yZWFkYWJsZSB3ZWIgcGFnZSB3aXRoIGluZm9ybWF0aW9u IGFib3V0IHRoZQogICAgICAgICAgICAgIGVycm9yLCB1c2VkIHRvIHByb3ZpZGUgdGhlIGNsaWVu dCBkZXZlbG9wZXIgd2l0aCBhZGRpdGlvbmFsIGluZm9ybWF0aW9uIGFib3V0IHRoZQogICAgICAg ICAgICAgIGVycm9yLgoJICAgICAgPHZzcGFjZS8+CgkgICAgICBWYWx1ZXMgZm9yIHRoZSA8c3Bh bnggc3R5bGU9J3ZlcmInPmVycm9yX3VyaTwvc3Bhbng+IHBhcmFtZXRlcgoJICAgICAgTVVTVCBj b25mb3JtIHRvIHRoZSBVUkktUmVmZXJlbmNlIHN5bnRheCwgYW5kIHRodXMgTVVTVCBOT1QgaW5j bHVkZQoJICAgICAgY2hhcmFjdGVycyBvdXRzaWRlIHRoZSBzZXQgJXgyMSAvICV4MjMtNUIgLyAl eDVELTdFLgogICAgICAgICAgICA8L3Q+CiAgICAgICAgICA8L2xpc3Q+CiAgICAgICAgPC90Pgog ICAgICAgIDx0PgogICAgICAgICAgVGhlIHBhcmFtZXRlcnMgYXJlIGluY2x1ZGVkIGluIHRoZSBl bnRpdHkgYm9keSBvZiB0aGUgSFRUUCByZXNwb25zZSB1c2luZyB0aGUKICAgICAgICAgIDxzcGFu eCBzdHlsZT0ndmVyYic+YXBwbGljYXRpb24vanNvbjwvc3Bhbng+IG1lZGlhIHR5cGUgYXMgZGVm aW5lZCBieQogICAgICAgICAgPHhyZWYgdGFyZ2V0PSdSRkM0NjI3JyAvPi4gVGhlIHBhcmFtZXRl cnMgYXJlIHNlcmlhbGl6ZWQgaW50byBhIEpTT04gc3RydWN0dXJlIGJ5CiAgICAgICAgICBhZGRp bmcgZWFjaCBwYXJhbWV0ZXIgYXQgdGhlIGhpZ2hlc3Qgc3RydWN0dXJlIGxldmVsLiBQYXJhbWV0 ZXIgbmFtZXMgYW5kIHN0cmluZyB2YWx1ZXMKICAgICAgICAgIGFyZSBpbmNsdWRlZCBhcyBKU09O IHN0cmluZ3MuIE51bWVyaWNhbCB2YWx1ZXMgYXJlIGluY2x1ZGVkIGFzIEpTT04gbnVtYmVycy4g VGhlIG9yZGVyIG9mCiAgICAgICAgICBwYXJhbWV0ZXJzIGRvZXMgbm90IG1hdHRlciBhbmQgY2Fu IHZhcnkuCiAgICAgICAgPC90PgogICAgICAgIDxmaWd1cmU+CiAgICAgICAgICA8cHJlYW1ibGU+ CiAgICAgICAgICAgIEZvciBleGFtcGxlOgogICAgICAgICAgPC9wcmVhbWJsZT4KICAgICAgICAg IDxhcnR3b3JrPjwhW0NEQVRBWwogIEhUVFAvMS4xIDQwMCBCYWQgUmVxdWVzdAogIENvbnRlbnQt VHlwZTogYXBwbGljYXRpb24vanNvbjtjaGFyc2V0PVVURi04CiAgQ2FjaGUtQ29udHJvbDogbm8t c3RvcmUKICBQcmFnbWE6IG5vLWNhY2hlCgogIHsKICAgICJlcnJvciI6ImludmFsaWRfcmVxdWVz dCIKICB9Cl1dPjwvYXJ0d29yaz4KICAgICAgICA8L2ZpZ3VyZT4KICAgICAgPC9zZWN0aW9uPgoK ICAgIDwvc2VjdGlvbj4KCiAgICA8c2VjdGlvbiB0aXRsZT0nUmVmcmVzaGluZyBhbiBBY2Nlc3Mg VG9rZW4nIGFuY2hvcj0ndG9rZW4tcmVmcmVzaCc+CiAgICAgIDx0PgogICAgICAgIElmIHRoZSBh dXRob3JpemF0aW9uIHNlcnZlciBpc3N1ZWQgYSByZWZyZXNoIHRva2VuIHRvIHRoZSBjbGllbnQs IHRoZSBjbGllbnQgbWFrZXMgYQogICAgICAgIHJlZnJlc2ggcmVxdWVzdCB0byB0aGUgdG9rZW4g ZW5kcG9pbnQgYnkgYWRkaW5nIHRoZSBmb2xsb3dpbmcgcGFyYW1ldGVycyB1c2luZyB0aGUKICAg ICAgICA8c3Bhbnggc3R5bGU9J3ZlcmInPmFwcGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJsZW5jb2Rl ZDwvc3Bhbng+IGZvcm1hdAoJPHhyZWYgdGFyZ2V0PSdXM0MuUkVDLWh0bWw0MDEtMTk5OTEyMjQn Lz4gYW5kIGEgY2hhcmFjdGVyIGVuY29kaW5nIG9mIFVURi04CglpbiB0aGUgSFRUUCByZXF1ZXN0 IGVudGl0eS1ib2R5OgogICAgICA8L3Q+CiAgICAgIDx0PgogICAgICAgIDxsaXN0IHN0eWxlPSdo YW5naW5nJyBoYW5nSW5kZW50PSc2Jz4KICAgICAgICAgIDx0IGhhbmdUZXh0PSdncmFudF90eXBl Jz4KICAgICAgICAgICAgPHZzcGFjZSAvPgogICAgICAgICAgICBSRVFVSVJFRC4gVmFsdWUgTVVT VCBiZSBzZXQgdG8gPHNwYW54IHN0eWxlPSd2ZXJiJz5yZWZyZXNoX3Rva2VuPC9zcGFueD4uCiAg ICAgICAgICA8L3Q+CiAgICAgICAgICA8dCBoYW5nVGV4dD0ncmVmcmVzaF90b2tlbic+CiAgICAg ICAgICAgIDx2c3BhY2UgLz4KICAgICAgICAgICAgUkVRVUlSRUQuIFRoZSByZWZyZXNoIHRva2Vu IGlzc3VlZCB0byB0aGUgY2xpZW50LgogICAgICAgICAgPC90PgogICAgICAgICAgPHQgaGFuZ1Rl eHQ9J3Njb3BlJz4KICAgICAgICAgICAgPHZzcGFjZSAvPgogICAgICAgICAgICBPUFRJT05BTC4g VGhlIHNjb3BlIG9mIHRoZSBhY2Nlc3MgcmVxdWVzdCBhcyBkZXNjcmliZWQgYnkgPHhyZWYgdGFy Z2V0PSdzY29wZScgLz4uCiAgICAgICAgICAgIFRoZSByZXF1ZXN0ZWQgc2NvcGUgTVVTVCBOT1Qg aW5jbHVkZSBhbnkgc2NvcGUgbm90IG9yaWdpbmFsbHkgZ3JhbnRlZCBieSB0aGUgcmVzb3VyY2UK ICAgICAgICAgICAgb3duZXIsIGFuZCBpZiBvbWl0dGVkIGlzIHRyZWF0ZWQgYXMgZXF1YWwgdG8g dGhlIHNjb3BlIG9yaWdpbmFsbHkgZ3JhbnRlZCBieSB0aGUKICAgICAgICAgICAgcmVzb3VyY2Ug b3duZXIuCiAgICAgICAgICA8L3Q+CiAgICAgICAgPC9saXN0PgogICAgICA8L3Q+CiAgICAgIDx0 PgogICAgICAgIEJlY2F1c2UgcmVmcmVzaCB0b2tlbnMgYXJlIHR5cGljYWxseSBsb25nLWxhc3Rp bmcgY3JlZGVudGlhbHMgdXNlZCB0byByZXF1ZXN0IGFkZGl0aW9uYWwKICAgICAgICBhY2Nlc3Mg dG9rZW5zLCB0aGUgcmVmcmVzaCB0b2tlbiBpcyBib3VuZCB0byB0aGUgY2xpZW50IHRvIHdoaWNo IGl0IHdhcyBpc3N1ZWQuIElmIHRoZSBjbGllbnQgdHlwZQogICAgICAgIGlzIGNvbmZpZGVudGlh bCBvciB0aGUgY2xpZW50IHdhcyBpc3N1ZWQgY2xpZW50IGNyZWRlbnRpYWxzIChvciBhc3NpZ25l ZCBvdGhlcgogICAgICAgIGF1dGhlbnRpY2F0aW9uIHJlcXVpcmVtZW50cyksIHRoZSBjbGllbnQg TVVTVCBhdXRoZW50aWNhdGUgd2l0aCB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgYXMKICAgICAg ICBkZXNjcmliZWQgaW4gPHhyZWYgdGFyZ2V0PSd0b2tlbi1lbmRwb2ludC1hdXRoJyAvPi4KICAg ICAgPC90PgogICAgICA8ZmlndXJlPgogICAgICAgIDxwcmVhbWJsZT4KICAgICAgICAgIEZvciBl eGFtcGxlLCB0aGUgY2xpZW50IG1ha2VzIHRoZSBmb2xsb3dpbmcgSFRUUCByZXF1ZXN0IHVzaW5n IHRyYW5zcG9ydC1sYXllcgogICAgICAgICAgc2VjdXJpdHkgKGV4dHJhIGxpbmUgYnJlYWtzIGFy ZSBmb3IgZGlzcGxheSBwdXJwb3NlcyBvbmx5KToKICAgICAgICA8L3ByZWFtYmxlPgogICAgICAg IDxhcnR3b3JrPjwhW0NEQVRBWwogIFBPU1QgL3Rva2VuIEhUVFAvMS4xCiAgSG9zdDogc2VydmVy LmV4YW1wbGUuY29tCiAgQXV0aG9yaXphdGlvbjogQmFzaWMgY3paQ2FHUlNhM0YwTXpwbldERm1R bUYwTTJKVwogIENvbnRlbnQtVHlwZTogYXBwbGljYXRpb24veC13d3ctZm9ybS11cmxlbmNvZGVk CgogIGdyYW50X3R5cGU9cmVmcmVzaF90b2tlbiZyZWZyZXNoX3Rva2VuPXRHenYzSk9rRjBYRzVR eDJUbEtXSUEKXV0+PC9hcnR3b3JrPgogICAgICA8L2ZpZ3VyZT4KICAgICAgPHQ+CiAgICAgICAg VGhlIGF1dGhvcml6YXRpb24gc2VydmVyIE1VU1Q6CiAgICAgIDwvdD4KICAgICAgPHQ+CiAgICAg ICAgPGxpc3Qgc3R5bGU9J3N5bWJvbHMnPgogICAgICAgICAgPHQ+CiAgICAgICAgICAgIHJlcXVp cmUgY2xpZW50IGF1dGhlbnRpY2F0aW9uIGZvciBjb25maWRlbnRpYWwgY2xpZW50cyBvciBmb3Ig YW55IGNsaWVudCB0aGF0IHdhcwogICAgICAgICAgICBpc3N1ZWQgY2xpZW50IGNyZWRlbnRpYWxz IChvciB3aXRoIG90aGVyIGF1dGhlbnRpY2F0aW9uIHJlcXVpcmVtZW50cyksCiAgICAgICAgICA8 L3Q+CiAgICAgICAgICA8dD4KICAgICAgICAgICAgYXV0aGVudGljYXRlIHRoZSBjbGllbnQgaWYg Y2xpZW50IGF1dGhlbnRpY2F0aW9uIGlzIGluY2x1ZGVkIGFuZCBlbnN1cmUgdGhlCiAgICAgICAg ICAgIHJlZnJlc2ggdG9rZW4gd2FzIGlzc3VlZCB0byB0aGUgYXV0aGVudGljYXRlZCBjbGllbnQs IGFuZAogICAgICAgICAgPC90PgogICAgICAgICAgPHQ+CiAgICAgICAgICAgIHZhbGlkYXRlIHRo ZSByZWZyZXNoIHRva2VuLgogICAgICAgICAgPC90PgogICAgICAgIDwvbGlzdD4KICAgICAgPC90 PgogICAgICA8dD4KICAgICAgICBJZiB2YWxpZCBhbmQgYXV0aG9yaXplZCwgdGhlIGF1dGhvcml6 YXRpb24gc2VydmVyIGlzc3VlcyBhbiBhY2Nlc3MgdG9rZW4gYXMgZGVzY3JpYmVkIGluCiAgICAg ICAgPHhyZWYgdGFyZ2V0PSd0b2tlbi1yZXNwb25zZScgLz4uIElmIHRoZSByZXF1ZXN0IGZhaWxl ZCB2ZXJpZmljYXRpb24gb3IgaXMgaW52YWxpZCwgdGhlCiAgICAgICAgYXV0aG9yaXphdGlvbiBz ZXJ2ZXIgcmV0dXJucyBhbiBlcnJvciByZXNwb25zZSBhcyBkZXNjcmliZWQgaW4KICAgICAgICA8 eHJlZiB0YXJnZXQ9J3Rva2VuLWVycm9ycycgLz4uCiAgICAgIDwvdD4KICAgICAgPHQ+CiAgICAg ICAgVGhlIGF1dGhvcml6YXRpb24gc2VydmVyIE1BWSBpc3N1ZSBhIG5ldyByZWZyZXNoIHRva2Vu LCBpbiB3aGljaCBjYXNlIHRoZSBjbGllbnQgTVVTVAogICAgICAgIGRpc2NhcmQgdGhlIG9sZCBy ZWZyZXNoIHRva2VuIGFuZCByZXBsYWNlIGl0IHdpdGggdGhlIG5ldyByZWZyZXNoIHRva2VuLiBU aGUgYXV0aG9yaXphdGlvbgogICAgICAgIHNlcnZlciBNQVkgcmV2b2tlIHRoZSBvbGQgcmVmcmVz aCB0b2tlbiBhZnRlciBpc3N1aW5nIGEgbmV3IHJlZnJlc2ggdG9rZW4gdG8gdGhlIGNsaWVudC4g SWYKICAgICAgICBhIG5ldyByZWZyZXNoIHRva2VuIGlzIGlzc3VlZCwgdGhlIHJlZnJlc2ggdG9r ZW4gc2NvcGUgTVVTVCBiZSBpZGVudGljYWwgdG8gdGhhdCBvZiB0aGUKICAgICAgICByZWZyZXNo IHRva2VuIGluY2x1ZGVkIGJ5IHRoZSBjbGllbnQgaW4gdGhlIHJlcXVlc3QuCiAgICAgIDwvdD4K ICAgIDwvc2VjdGlvbj4KCiAgICA8c2VjdGlvbiB0aXRsZT0nQWNjZXNzaW5nIFByb3RlY3RlZCBS ZXNvdXJjZXMnIGFuY2hvcj0nYWNjZXNzLXJlc291cmNlJz4KICAgICAgPHQ+CiAgICAgICAgVGhl IGNsaWVudCBhY2Nlc3NlcyBwcm90ZWN0ZWQgcmVzb3VyY2VzIGJ5IHByZXNlbnRpbmcgdGhlIGFj Y2VzcyB0b2tlbiB0byB0aGUgcmVzb3VyY2UKICAgICAgICBzZXJ2ZXIuIFRoZSByZXNvdXJjZSBz ZXJ2ZXIgTVVTVCB2YWxpZGF0ZSB0aGUgYWNjZXNzIHRva2VuIGFuZCBlbnN1cmUgaXQgaGFzIG5v dCBleHBpcmVkCiAgICAgICAgYW5kIHRoYXQgaXRzIHNjb3BlIGNvdmVycyB0aGUgcmVxdWVzdGVk IHJlc291cmNlLiBUaGUgbWV0aG9kcyB1c2VkIGJ5IHRoZSByZXNvdXJjZSBzZXJ2ZXIKICAgICAg ICB0byB2YWxpZGF0ZSB0aGUgYWNjZXNzIHRva2VuIChhcyB3ZWxsIGFzIGFueSBlcnJvciByZXNw b25zZXMpIGFyZSBiZXlvbmQgdGhlIHNjb3BlIG9mIHRoaXMKICAgICAgICBzcGVjaWZpY2F0aW9u LCBidXQgZ2VuZXJhbGx5IGludm9sdmUgYW4gaW50ZXJhY3Rpb24gb3IgY29vcmRpbmF0aW9uIGJl dHdlZW4gdGhlIHJlc291cmNlCiAgICAgICAgc2VydmVyIGFuZCB0aGUgYXV0aG9yaXphdGlvbiBz ZXJ2ZXIuCiAgICAgIDwvdD4KICAgICAgPHQ+CiAgICAgICAgVGhlIG1ldGhvZCBpbiB3aGljaCB0 aGUgY2xpZW50IHV0aWxpemVzIHRoZSBhY2Nlc3MgdG9rZW4gdG8gYXV0aGVudGljYXRlIHdpdGgg dGhlIHJlc291cmNlCiAgICAgICAgc2VydmVyIGRlcGVuZHMgb24gdGhlIHR5cGUgb2YgYWNjZXNz IHRva2VuIGlzc3VlZCBieSB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIuIFR5cGljYWxseSwKICAg ICAgICBpdCBpbnZvbHZlcyB1c2luZyB0aGUgSFRUUCA8c3Bhbnggc3R5bGU9J3ZlcmInPkF1dGhv cml6YXRpb248L3NwYW54PiByZXF1ZXN0IGhlYWRlciBmaWVsZAogICAgICAgIDx4cmVmIHRhcmdl dD0nUkZDMjYxNycgLz4gd2l0aCBhbiBhdXRoZW50aWNhdGlvbiBzY2hlbWUgZGVmaW5lZCBieSB0 aGUgYWNjZXNzIHRva2VuIHR5cGUKICAgICAgICBzcGVjaWZpY2F0aW9uLgogICAgICA8L3Q+Cgog ICAgICA8c2VjdGlvbiB0aXRsZT0nQWNjZXNzIFRva2VuIFR5cGVzJyBhbmNob3I9J3Rva2VuLXR5 cGVzJz4KICAgICAgICA8dD4KICAgICAgICAgIFRoZSBhY2Nlc3MgdG9rZW4gdHlwZSBwcm92aWRl cyB0aGUgY2xpZW50IHdpdGggdGhlIGluZm9ybWF0aW9uIHJlcXVpcmVkIHRvIHN1Y2Nlc3NmdWxs eQogICAgICAgICAgdXRpbGl6ZSB0aGUgYWNjZXNzIHRva2VuIHRvIG1ha2UgYSBwcm90ZWN0ZWQg cmVzb3VyY2UgcmVxdWVzdCAoYWxvbmcgd2l0aCB0eXBlLXNwZWNpZmljCiAgICAgICAgICBhdHRy aWJ1dGVzKS4gVGhlIGNsaWVudCBNVVNUIE5PVCB1c2UgYW4gYWNjZXNzIHRva2VuIGlmIGl0IGRv ZXMgbm90IHVuZGVyc3RhbmQgdGhlIHRva2VuCiAgICAgICAgICB0eXBlLgogICAgICAgIDwvdD4K ICAgICAgICA8ZmlndXJlPgogICAgICAgICAgPHByZWFtYmxlPgogICAgICAgICAgICBGb3IgZXhh bXBsZSwgdGhlIDxzcGFueCBzdHlsZT0ndmVyYic+YmVhcmVyPC9zcGFueD4gdG9rZW4gdHlwZSBk ZWZpbmVkIGluCiAgICAgICAgICAgIDx4cmVmIHRhcmdldD0nSS1ELmlldGYtb2F1dGgtdjItYmVh cmVyJyAvPiBpcyB1dGlsaXplZCBieSBzaW1wbHkgaW5jbHVkaW5nIHRoZSBhY2Nlc3MKICAgICAg ICAgICAgdG9rZW4gc3RyaW5nIGluIHRoZSByZXF1ZXN0OgogICAgICAgICAgPC9wcmVhbWJsZT4K ICAgICAgICAgIDxhcnR3b3JrPjwhW0NEQVRBWwogIEdFVCAvcmVzb3VyY2UvMSBIVFRQLzEuMQog IEhvc3Q6IGV4YW1wbGUuY29tCiAgQXV0aG9yaXphdGlvbjogQmVhcmVyIG1GXzkuQjVmLTQuMUpx TQpdXT48L2FydHdvcms+CiAgICAgICAgPC9maWd1cmU+CiAgICAgICAgPGZpZ3VyZT4KICAgICAg ICAgIDxwcmVhbWJsZT4KICAgICAgICAgICAgd2hpbGUgdGhlIDxzcGFueCBzdHlsZT0ndmVyYic+ bWFjPC9zcGFueD4gdG9rZW4gdHlwZSBkZWZpbmVkIGluCiAgICAgICAgICAgIDx4cmVmIHRhcmdl dD0nSS1ELmlldGYtb2F1dGgtdjItaHR0cC1tYWMnIC8+IGlzIHV0aWxpemVkIGJ5IGlzc3Vpbmcg YSBNQUMga2V5CiAgICAgICAgICAgIHRvZ2V0aGVyIHdpdGggdGhlIGFjY2VzcyB0b2tlbiB3aGlj aCBpcyB1c2VkIHRvIHNpZ24gY2VydGFpbiBjb21wb25lbnRzIG9mIHRoZSBIVFRQCiAgICAgICAg ICAgIHJlcXVlc3RzOgogICAgICAgICAgPC9wcmVhbWJsZT4KICAgICAgICAgIDxhcnR3b3JrPjwh W0NEQVRBWwogIEdFVCAvcmVzb3VyY2UvMSBIVFRQLzEuMQogIEhvc3Q6IGV4YW1wbGUuY29tCiAg QXV0aG9yaXphdGlvbjogTUFDIGlkPSJoNDgwZGpzOTNoZDgiLAogICAgICAgICAgICAgICAgICAg ICBub25jZT0iMjc0MzEyOmRqODNoczlzIiwKICAgICAgICAgICAgICAgICAgICAgbWFjPSJrRFp2 ZGRrbmR4dmhHUlhaaHZ1RGpFV2hHZUU9IgpdXT48L2FydHdvcms+CiAgICAgICAgPC9maWd1cmU+ CiAgICAgICAgPHQ+CiAgICAgICAgICBUaGUgYWJvdmUgZXhhbXBsZXMgYXJlIHByb3ZpZGVkIGZv ciBpbGx1c3RyYXRpb24gcHVycG9zZXMgb25seS4gRGV2ZWxvcGVycyBhcmUgYWR2aXNlZCB0bwog ICAgICAgICAgY29uc3VsdCB0aGUgPHhyZWYgdGFyZ2V0PSdJLUQuaWV0Zi1vYXV0aC12Mi1iZWFy ZXInIC8+IGFuZAogICAgICAgICAgPHhyZWYgdGFyZ2V0PSdJLUQuaWV0Zi1vYXV0aC12Mi1odHRw LW1hYycgLz4gc3BlY2lmaWNhdGlvbnMgYmVmb3JlIHVzZS4KICAgICAgICA8L3Q+CiAgICAgICAg PHQ+CiAgICAgICAgICBFYWNoIGFjY2VzcyB0b2tlbiB0eXBlIGRlZmluaXRpb24gc3BlY2lmaWVz IHRoZSBhZGRpdGlvbmFsIGF0dHJpYnV0ZXMgKGlmIGFueSkgc2VudCB0bwogICAgICAgICAgdGhl IGNsaWVudCB0b2dldGhlciB3aXRoIHRoZSA8c3Bhbnggc3R5bGU9J3ZlcmInPmFjY2Vzc190b2tl bjwvc3Bhbng+IHJlc3BvbnNlIHBhcmFtZXRlci4KICAgICAgICAgIEl0IGFsc28gZGVmaW5lcyB0 aGUgSFRUUCBhdXRoZW50aWNhdGlvbiBtZXRob2QgdXNlZCB0byBpbmNsdWRlIHRoZSBhY2Nlc3Mg dG9rZW4gd2hlbgogICAgICAgICAgbWFraW5nIGEgcHJvdGVjdGVkIHJlc291cmNlIHJlcXVlc3Qu CiAgICAgICAgPC90PgogICAgICA8L3NlY3Rpb24+CgogICAgICA8c2VjdGlvbiB0aXRsZT0nRXJy b3IgUmVzcG9uc2UnIGFuY2hvcj0ncmVzb3VyY2UtZXJyb3JzJz4KCTx0PgoJICBJZiBhIHJlc291 cmNlIGFjY2VzcyByZXF1ZXN0IGZhaWxzLCB0aGUgcmVzb3VyY2Ugc2VydmVyIFNIT1VMRCBpbmZv cm0KCSAgdGhlIGNsaWVudCBvZiB0aGUgZXJyb3IuICBXaGlsZSB0aGUgc3BlY2lmaWNzIG9mIHN1 Y2ggZXJyb3IgcmVzcG9uc2VzCgkgIGFyZSBiZXlvbmQgdGhlIHNjb3BlIG9mIHRoaXMgc3BlY2lm aWNhdGlvbiwgdGhpcyBkb2N1bWVudHMgZXN0YWJsaXNoZXMKCSAgYSBjb21tb24gcmVnaXN0cnkg aW4gPHhyZWYgdGFyZ2V0PSdlcnJvci1yZWdpc3RyeScgLz4gZm9yIGVycm9yIHZhbHVlcwoJICB0 byBiZSBzaGFyZWQgYW1vbmcgT0F1dGggdG9rZW4gYXV0aGVudGljYXRpb24gc2NoZW1lcy4gCgk8 L3Q+Cgk8dD4KCSAgTmV3IGF1dGhlbnRpY2F0aW9uIHNjaGVtZXMgZGVzaWduZWQgcHJpbWFyaWx5 IGZvciBPQXV0aCB0b2tlbgoJICBhdXRoZW50aWNhdGlvbiBTSE9VTEQgZGVmaW5lIGEgbWVjaGFu aXNtIGZvciBwcm92aWRpbmcgYW4KCSAgZXJyb3Igc3RhdHVzIGNvZGUgdG8gdGhlIGNsaWVudCwg aW4gd2hpY2ggdGhlIGVycm9yIHZhbHVlcyBhbGxvd2VkIGFyZQoJICByZWdpc3RlcmVkIGluIHRo ZSBlcnJvciByZWdpc3RyeSBlc3RhYmxpc2hlZCBieSB0aGlzIHNwZWNpZmljYXRpb24uIFN1Y2gK CSAgc2NoZW1lcyBNQVkgbGltaXQgdGhlIHNldCBvZiB2YWxpZCBlcnJvciBjb2RlcyB0byBhIHN1 YnNldCBvZiB0aGUKCSAgcmVnaXN0ZXJlZCB2YWx1ZXMuIElmIHRoZSBlcnJvciBjb2RlIGlzIHJl dHVybmVkIHVzaW5nIGEgbmFtZWQgcGFyYW1ldGVyLAoJICB0aGUgcGFyYW1ldGVyIG5hbWUgU0hP VUxEIGJlIDxzcGFueCBzdHlsZT0ndmVyYic+ZXJyb3I8L3NwYW54Pi4KCTwvdD4KCTx0PgoJICBP dGhlciBzY2hlbWVzIGNhcGFibGUgb2YgYmVpbmcgdXNlZCBmb3IgT0F1dGggdG9rZW4gYXV0aGVu dGljYXRpb24sIGJ1dAoJICBub3QgcHJpbWFyaWx5IGRlc2lnbmVkIGZvciB0aGF0IHB1cnBvc2Us IE1BWSBiaW5kIHRoZWlyIGVycm9yIHZhbHVlcyB0byB0aGUKCSAgcmVnaXN0cnkgaW4gdGhlIHNh bWUgbWFubmVyLgoJPC90PgoJPHQ+CgkgIE5ldyBhdXRoZW50aWNhdGlvbiBzY2hlbWVzIE1BWSBj aG9vc2UgdG8gYWxzbyBzcGVjaWZ5IHRoZSB1c2Ugb2YgdGhlCgkgIDxzcGFueCBzdHlsZT0ndmVy Yic+ZXJyb3JfZGVzY3JpcHRpb248L3NwYW54PiBhbmQgCgkgIDxzcGFueCBzdHlsZT0ndmVyYic+ ZXJyb3JfdXJpPC9zcGFueD4KCSAgcGFyYW1ldGVycyB0byByZXR1cm4gZXJyb3IgaW5mb3JtYXRp b24gaW4gYSBtYW5uZXIgcGFyYWxsZWwKCSAgdG8gdGhlaXIgdXNhZ2UgaW4gdGhpcyBzcGVjaWZp Y2F0aW9uLgoJPC90PgogICAgICA8L3NlY3Rpb24+CgogICAgPC9zZWN0aW9uPgoKICAgIDxzZWN0 aW9uIHRpdGxlPSdFeHRlbnNpYmlsaXR5JyBhbmNob3I9J2V4dGVuc2lvbnMnPgoKICAgICAgPHNl Y3Rpb24gdGl0bGU9J0RlZmluaW5nIEFjY2VzcyBUb2tlbiBUeXBlcycgYW5jaG9yPSduZXctdHlw ZXMnPgogICAgICAgIDx0PgogICAgICAgICAgQWNjZXNzIHRva2VuIHR5cGVzIGNhbiBiZSBkZWZp bmVkIGluIG9uZSBvZiB0d28gd2F5czogcmVnaXN0ZXJlZCBpbiB0aGUgYWNjZXNzIHRva2VuIHR5 cGUKICAgICAgICAgIHJlZ2lzdHJ5IChmb2xsb3dpbmcgdGhlIHByb2NlZHVyZXMgaW4gPHhyZWYg dGFyZ2V0PSd0eXBlLXJlZ2lzdHJ5JyAvPiksIG9yIGJ5IHVzaW5nIGEKICAgICAgICAgIHVuaXF1 ZSBhYnNvbHV0ZSBVUkkgYXMgaXRzIG5hbWUuCiAgICAgICAgPC90PgogICAgICAgIDx0PgogICAg ICAgICAgVHlwZXMgdXRpbGl6aW5nIGEgVVJJIG5hbWUgU0hPVUxEIGJlIGxpbWl0ZWQgdG8gdmVu ZG9yLXNwZWNpZmljIGltcGxlbWVudGF0aW9ucyB0aGF0IGFyZQogICAgICAgICAgbm90IGNvbW1v bmx5IGFwcGxpY2FibGUsIGFuZCBhcmUgc3BlY2lmaWMgdG8gdGhlIGltcGxlbWVudGF0aW9uIGRl dGFpbHMgb2YgdGhlIHJlc291cmNlCiAgICAgICAgICBzZXJ2ZXIgd2hlcmUgdGhleSBhcmUgdXNl ZC4KICAgICAgICA8L3Q+CiAgICAgICAgPHQ+CiAgICAgICAgICBBbGwgb3RoZXIgdHlwZXMgTVVT VCBiZSByZWdpc3RlcmVkLiBUeXBlIG5hbWVzIE1VU1QgY29uZm9ybSB0byB0aGUgdHlwZS1uYW1l IEFCTkYuIElmIHRoZQogICAgICAgICAgdHlwZSBkZWZpbml0aW9uIGluY2x1ZGVzIGEgbmV3IEhU VFAgYXV0aGVudGljYXRpb24gc2NoZW1lLCB0aGUgdHlwZSBuYW1lIFNIT1VMRCBiZQogICAgICAg ICAgaWRlbnRpY2FsIHRvIHRoZSBIVFRQIGF1dGhlbnRpY2F0aW9uIHNjaGVtZSBuYW1lIChhcyBk ZWZpbmVkIGJ5IDx4cmVmIHRhcmdldD0nUkZDMjYxNycgLz4pLgogICAgICAgICAgVGhlIHRva2Vu IHR5cGUgPHNwYW54IHN0eWxlPSd2ZXJiJz5leGFtcGxlPC9zcGFueD4gaXMgcmVzZXJ2ZWQgZm9y IHVzZSBpbiBleGFtcGxlcy4KICAgICAgICA8L3Q+CiAgICAgICAgPGZpZ3VyZT4KICAgICAgICAg IDxhcnR3b3JrPjwhW0NEQVRBWwogIHR5cGUtbmFtZSAgPSAxKm5hbWUtY2hhcgogIG5hbWUtY2hh ciAgPSAiLSIgLyAiLiIgLyAiXyIgLyBESUdJVCAvIEFMUEhBCl1dPjwvYXJ0d29yaz4KICAgICAg ICA8L2ZpZ3VyZT4KICAgICAgPC9zZWN0aW9uPgoKICAgICAgPHNlY3Rpb24gdGl0bGU9J0RlZmlu aW5nIE5ldyBFbmRwb2ludCBQYXJhbWV0ZXJzJyBhbmNob3I9ImVuZHBvaW50LXBhcmFtcyI+CiAg ICAgICAgPHQ+CiAgICAgICAgICBOZXcgcmVxdWVzdCBvciByZXNwb25zZSBwYXJhbWV0ZXJzIGZv ciB1c2Ugd2l0aCB0aGUgYXV0aG9yaXphdGlvbiBlbmRwb2ludCBvciB0aGUgdG9rZW4KICAgICAg ICAgIGVuZHBvaW50IGFyZSBkZWZpbmVkIGFuZCByZWdpc3RlcmVkIGluIHRoZSBwYXJhbWV0ZXJz IHJlZ2lzdHJ5IGZvbGxvd2luZyB0aGUgcHJvY2VkdXJlIGluCiAgICAgICAgICA8eHJlZiB0YXJn ZXQ9J3BhcmFtZXRlcnMtcmVnaXN0cnknIC8+LgogICAgICAgIDwvdD4KICAgICAgICA8dD4KICAg ICAgICAgIFBhcmFtZXRlciBuYW1lcyBNVVNUIGNvbmZvcm0gdG8gdGhlIHBhcmFtLW5hbWUgQUJO RiBhbmQgcGFyYW1ldGVyIHZhbHVlcyBzeW50YXggTVVTVCBiZQogICAgICAgICAgd2VsbC1kZWZp bmVkIChlLmcuLCB1c2luZyBBQk5GLCBvciBhIHJlZmVyZW5jZSB0byB0aGUgc3ludGF4IG9mIGFu IGV4aXN0aW5nIHBhcmFtZXRlcikuCiAgICAgICAgPC90PgogICAgICAgIDxmaWd1cmU+CiAgICAg ICAgICA8YXJ0d29yaz48IVtDREFUQVsKICBwYXJhbS1uYW1lICA9IDEqbmFtZS1jaGFyCiAgbmFt ZS1jaGFyICAgPSAiLSIgLyAiLiIgLyAiXyIgLyBESUdJVCAvIEFMUEhBCl1dPjwvYXJ0d29yaz4K ICAgICAgICA8L2ZpZ3VyZT4KICAgICAgICA8dD4KICAgICAgICAgIFVucmVnaXN0ZXJlZCB2ZW5k b3Itc3BlY2lmaWMgcGFyYW1ldGVyIGV4dGVuc2lvbnMgdGhhdCBhcmUgbm90IGNvbW1vbmx5IGFw cGxpY2FibGUsIGFuZAogICAgICAgICAgYXJlIHNwZWNpZmljIHRvIHRoZSBpbXBsZW1lbnRhdGlv biBkZXRhaWxzIG9mIHRoZSBhdXRob3JpemF0aW9uIHNlcnZlciB3aGVyZSB0aGV5IGFyZQogICAg ICAgICAgdXNlZCBTSE9VTEQgdXRpbGl6ZSBhIHZlbmRvci1zcGVjaWZpYyBwcmVmaXggdGhhdCBp cyBub3QgbGlrZWx5IHRvIGNvbmZsaWN0IHdpdGggb3RoZXIKICAgICAgICAgIHJlZ2lzdGVyZWQg dmFsdWVzIChlLmcuIGJlZ2luIHdpdGggJ2NvbXBhbnluYW1lXycpLgogICAgICAgIDwvdD4KICAg ICAgPC9zZWN0aW9uPgoKICAgICAgPHNlY3Rpb24gdGl0bGU9J0RlZmluaW5nIE5ldyBBdXRob3Jp emF0aW9uIEdyYW50IFR5cGVzJz4KICAgICAgICA8dD4KICAgICAgICAgIE5ldyBhdXRob3JpemF0 aW9uIGdyYW50IHR5cGVzIGNhbiBiZSBkZWZpbmVkIGJ5IGFzc2lnbmluZyB0aGVtIGEgdW5pcXVl IGFic29sdXRlIFVSSSBmb3IKICAgICAgICAgIHVzZSB3aXRoIHRoZSA8c3Bhbnggc3R5bGU9J3Zl cmInPmdyYW50X3R5cGU8L3NwYW54PiBwYXJhbWV0ZXIuIElmIHRoZSBleHRlbnNpb24gZ3JhbnQK ICAgICAgICAgIHR5cGUgcmVxdWlyZXMgYWRkaXRpb25hbCB0b2tlbiBlbmRwb2ludCBwYXJhbWV0 ZXJzLCB0aGV5IE1VU1QgYmUgcmVnaXN0ZXJlZCBpbiB0aGUgT0F1dGgKICAgICAgICAgIHBhcmFt ZXRlcnMgcmVnaXN0cnkgYXMgZGVzY3JpYmVkIGJ5IDx4cmVmIHRhcmdldD0ncGFyYW1ldGVycy1y ZWdpc3RyeScgLz4uCiAgICAgICAgPC90PgogICAgICA8L3NlY3Rpb24+CgogICAgICA8c2VjdGlv biB0aXRsZT0nRGVmaW5pbmcgTmV3IEF1dGhvcml6YXRpb24gRW5kcG9pbnQgUmVzcG9uc2UgVHlw ZXMnIGFuY2hvcj0ncmVzcG9uc2UtdHlwZS1leHQnPgogICAgICAgIDx0PgogICAgICAgICAgTmV3 IHJlc3BvbnNlIHR5cGVzIGZvciB1c2Ugd2l0aCB0aGUgYXV0aG9yaXphdGlvbiBlbmRwb2ludCBh cmUgZGVmaW5lZCBhbmQgcmVnaXN0ZXJlZCBpbgogICAgICAgICAgdGhlIGF1dGhvcml6YXRpb24g ZW5kcG9pbnQgcmVzcG9uc2UgdHlwZSByZWdpc3RyeSBmb2xsb3dpbmcgdGhlIHByb2NlZHVyZSBp bgogICAgICAgICAgPHhyZWYgdGFyZ2V0PSdyZXNwb25zZS10eXBlLXJlZ2lzdHJ5JyAvPi4gUmVz cG9uc2UgdHlwZSBuYW1lcyBNVVNUIGNvbmZvcm0gdG8gdGhlCiAgICAgICAgICByZXNwb25zZS10 eXBlIEFCTkYuCiAgICAgICAgPC90PgogICAgICAgIDxmaWd1cmU+CiAgICAgICAgICA8YXJ0d29y az48IVtDREFUQVsKICByZXNwb25zZS10eXBlICA9IHJlc3BvbnNlLW5hbWUgKiggU1AgcmVzcG9u c2UtbmFtZSApCiAgcmVzcG9uc2UtbmFtZSAgPSAxKnJlc3BvbnNlLWNoYXIKICByZXNwb25zZS1j aGFyICA9ICJfIiAvIERJR0lUIC8gQUxQSEEKXV0+PC9hcnR3b3JrPgogICAgICAgIDwvZmlndXJl PgogICAgICAgIDx0PgogICAgICAgICAgSWYgYSByZXNwb25zZSB0eXBlIGNvbnRhaW5zIG9uZSBv ciBtb3JlIHNwYWNlIGNoYXJhY3RlcnMgKCV4MjApLCBpdCBpcyBjb21wYXJlZCBhcyBhCiAgICAg ICAgICBzcGFjZS1kZWxpbWl0ZWQgbGlzdCBvZiB2YWx1ZXMgaW4gd2hpY2ggdGhlIG9yZGVyIG9m IHZhbHVlcyBkb2VzIG5vdCBtYXR0ZXIuIE9ubHkgb25lCiAgICAgICAgICBvcmRlciBvZiB2YWx1 ZXMgY2FuIGJlIHJlZ2lzdGVyZWQsIHdoaWNoIGNvdmVycyBhbGwgb3RoZXIgYXJyYW5nZW1lbnRz IG9mIHRoZSBzYW1lIHNldCBvZgogICAgICAgICAgdmFsdWVzLgogICAgICAgIDwvdD4KICAgICAg ICA8dD4KICAgICAgICAgIEZvciBleGFtcGxlLCB0aGUgcmVzcG9uc2UgdHlwZSA8c3Bhbnggc3R5 bGU9J3ZlcmInPnRva2VuIGNvZGU8L3NwYW54PiBpcyBsZWZ0IHVuZGVmaW5lZAogICAgICAgICAg YnkgdGhpcyBzcGVjaWZpY2F0aW9uLiBIb3dldmVyLCBhbiBleHRlbnNpb24gY2FuIGRlZmluZSBh bmQgcmVnaXN0ZXIgdGhlCiAgICAgICAgICA8c3Bhbnggc3R5bGU9J3ZlcmInPnRva2VuIGNvZGU8 L3NwYW54PiByZXNwb25zZSB0eXBlLiBPbmNlIHJlZ2lzdGVyZWQsIHRoZSBzYW1lCiAgICAgICAg ICBjb21iaW5hdGlvbiBjYW5ub3QgYmUgcmVnaXN0ZXJlZCBhcyA8c3Bhbnggc3R5bGU9J3ZlcmIn PmNvZGUgdG9rZW48L3NwYW54PiwgYnV0IGJvdGgKICAgICAgICAgIHZhbHVlcyBjYW4gYmUgdXNl ZCB0byBkZW5vdGUgdGhlIHNhbWUgcmVzcG9uc2UgdHlwZS4KICAgICAgICA8L3Q+CiAgICAgIDwv c2VjdGlvbj4KCiAgICAgIDxzZWN0aW9uIHRpdGxlPSdEZWZpbmluZyBBZGRpdGlvbmFsIEVycm9y IENvZGVzJyBhbmNob3I9J25ldy1lcnJvcnMnPgogICAgICAgIDx0PgogICAgICAgICAgSW4gY2Fz ZXMgd2hlcmUgcHJvdG9jb2wgZXh0ZW5zaW9ucyAoaS5lLiBhY2Nlc3MgdG9rZW4gdHlwZXMsIGV4 dGVuc2lvbiBwYXJhbWV0ZXJzLCBvcgogICAgICAgICAgZXh0ZW5zaW9uIGdyYW50IHR5cGVzKSBy ZXF1aXJlIGFkZGl0aW9uYWwgZXJyb3IgY29kZXMgdG8gYmUgdXNlZCB3aXRoIHRoZSBhdXRob3Jp emF0aW9uCiAgICAgICAgICBjb2RlIGdyYW50IGVycm9yIHJlc3BvbnNlICg8eHJlZiB0YXJnZXQ9 J2NvZGUtYXV0aHotZXJyb3InIC8+KSwgdGhlIGltcGxpY2l0IGdyYW50IGVycm9yCiAgICAgICAg ICByZXNwb25zZSAoPHhyZWYgdGFyZ2V0PSdpbXBsaWNpdC1hdXRoei1lcnJvcicgLz4pLCB0aGUg dG9rZW4gZXJyb3IgcmVzcG9uc2UKICAgICAgICAgICg8eHJlZiB0YXJnZXQ9J3Rva2VuLWVycm9y cycgLz4pLAoJICBvciB0aGUgcmVzb3VyY2UgYWNjZXNzIGVycm9yIHJlc3BvbnNlICg8eHJlZiB0 YXJnZXQ9J3Jlc291cmNlLWVycm9ycycgLz4pLAoJICBzdWNoIGVycm9yIGNvZGVzIE1BWSBiZSBk ZWZpbmVkLgogICAgICAgIDwvdD4KICAgICAgICA8dD4KICAgICAgICAgIEV4dGVuc2lvbiBlcnJv ciBjb2RlcyBNVVNUIGJlIHJlZ2lzdGVyZWQgKGZvbGxvd2luZyB0aGUgcHJvY2VkdXJlcyBpbgog ICAgICAgICAgPHhyZWYgdGFyZ2V0PSdlcnJvci1yZWdpc3RyeScgLz4pIGlmIHRoZSBleHRlbnNp b24gdGhleSBhcmUgdXNlZCBpbiBjb25qdW5jdGlvbiB3aXRoIGlzCiAgICAgICAgICBhIHJlZ2lz dGVyZWQgYWNjZXNzIHRva2VuIHR5cGUsIGEgcmVnaXN0ZXJlZCBlbmRwb2ludCBwYXJhbWV0ZXIs IG9yIGFuIGV4dGVuc2lvbiBncmFudAogICAgICAgICAgdHlwZS4gRXJyb3IgY29kZXMgdXNlZCB3 aXRoIHVucmVnaXN0ZXJlZCBleHRlbnNpb25zIE1BWSBiZSByZWdpc3RlcmVkLgogICAgICAgIDwv dD4KICAgICAgICA8dD4KICAgICAgICAgIEVycm9yIGNvZGVzIE1VU1QgY29uZm9ybSB0byB0aGUg ZXJyb3IgQUJORiwgYW5kIFNIT1VMRCBiZSBwcmVmaXhlZCBieSBhbiBpZGVudGlmeWluZwogICAg ICAgICAgbmFtZSB3aGVuIHBvc3NpYmxlLiBGb3IgZXhhbXBsZSwgYW4gZXJyb3IgaWRlbnRpZnlp bmcgYW4gaW52YWxpZCB2YWx1ZSBzZXQgdG8gdGhlCiAgICAgICAgICBleHRlbnNpb24gcGFyYW1l dGVyIDxzcGFueCBzdHlsZT0ndmVyYic+ZXhhbXBsZTwvc3Bhbng+IFNIT1VMRCBiZSBuYW1lZAog ICAgICAgICAgPHNwYW54IHN0eWxlPSd2ZXJiJz5leGFtcGxlX2ludmFsaWQ8L3NwYW54Pi4KICAg ICAgICA8L3Q+CiAgICAgICAgPGZpZ3VyZT4KICAgICAgICAgIDxhcnR3b3JrPjwhW0NEQVRBWwog IGVycm9yICAgICAgPSAxKmVycm9yLWNoYXIKICBlcnJvci1jaGFyID0gJXgyMC0yMSAvICV4MjMt NUIgLyAleDVELTdFCl1dPjwvYXJ0d29yaz4KICAgICAgICA8L2ZpZ3VyZT4KICAgICAgPC9zZWN0 aW9uPgoKICAgIDwvc2VjdGlvbj4KCiAgICA8c2VjdGlvbiB0aXRsZT0nTmF0aXZlIEFwcGxpY2F0 aW9ucyc+CiAgICAgIDx0PgogICAgICAgIE5hdGl2ZSBhcHBsaWNhdGlvbnMgYXJlIGNsaWVudHMg aW5zdGFsbGVkIGFuZCBleGVjdXRlZCBvbiB0aGUgZGV2aWNlIHVzZWQgYnkgdGhlIHJlc291cmNl CiAgICAgICAgb3duZXIgKGkuZS4gZGVza3RvcCBhcHBsaWNhdGlvbiwgbmF0aXZlIG1vYmlsZSBh cHBsaWNhdGlvbikuIE5hdGl2ZSBhcHBsaWNhdGlvbnMgcmVxdWlyZQogICAgICAgIHNwZWNpYWwg Y29uc2lkZXJhdGlvbiByZWxhdGVkIHRvIHNlY3VyaXR5LCBwbGF0Zm9ybSBjYXBhYmlsaXRpZXMs IGFuZCBvdmVyYWxsIGVuZC11c2VyCiAgICAgICAgZXhwZXJpZW5jZS4KICAgICAgPC90PgogICAg ICA8dD4KICAgICAgICBUaGUgYXV0aG9yaXphdGlvbiBlbmRwb2ludCByZXF1aXJlcyBpbnRlcmFj dGlvbiBiZXR3ZWVuIHRoZSBjbGllbnQgYW5kIHRoZSByZXNvdXJjZQogICAgICAgIG93bmVyJ3Mg dXNlci1hZ2VudC4gTmF0aXZlIGFwcGxpY2F0aW9ucyBjYW4gaW52b2tlIGFuIGV4dGVybmFsIHVz ZXItYWdlbnQgb3IgZW1iZWQgYQogICAgICAgIHVzZXItYWdlbnQgd2l0aGluIHRoZSBhcHBsaWNh dGlvbi4gRm9yIGV4YW1wbGU6CiAgICAgIDwvdD4KICAgICAgPHQ+CiAgICAgICAgPGxpc3Qgc3R5 bGU9J3N5bWJvbHMnPgogICAgICAgICAgPHQ+CiAgICAgICAgICAgIEV4dGVybmFsIHVzZXItYWdl bnQgLSB0aGUgbmF0aXZlIGFwcGxpY2F0aW9uIGNhbiBjYXB0dXJlIHRoZSByZXNwb25zZSBmcm9t IHRoZQogICAgICAgICAgICBhdXRob3JpemF0aW9uIHNlcnZlciB1c2luZyBhIHJlZGlyZWN0aW9u IFVSSSB3aXRoIGEgc2NoZW1lIHJlZ2lzdGVyZWQgd2l0aCB0aGUKICAgICAgICAgICAgb3BlcmF0 aW5nIHN5c3RlbSB0byBpbnZva2UgdGhlIGNsaWVudCBhcyB0aGUgaGFuZGxlciwgbWFudWFsIGNv cHktYW5kLXBhc3RlIG9mIHRoZQogICAgICAgICAgICBjcmVkZW50aWFscywgcnVubmluZyBhIGxv Y2FsIHdlYiBzZXJ2ZXIsIGluc3RhbGxpbmcgYSB1c2VyLWFnZW50IGV4dGVuc2lvbiwgb3IgYnkK ICAgICAgICAgICAgcHJvdmlkaW5nIGEgcmVkaXJlY3Rpb24gVVJJIGlkZW50aWZ5aW5nIGEgc2Vy dmVyLWhvc3RlZCByZXNvdXJjZSB1bmRlciB0aGUgY2xpZW50J3MKICAgICAgICAgICAgY29udHJv bCwgd2hpY2ggaW4gdHVybiBtYWtlcyB0aGUgcmVzcG9uc2UgYXZhaWxhYmxlIHRvIHRoZSBuYXRp dmUgYXBwbGljYXRpb24uCiAgICAgICAgICA8L3Q+CiAgICAgICAgICA8dD4KICAgICAgICAgICAg RW1iZWRkZWQgdXNlci1hZ2VudCAtIHRoZSBuYXRpdmUgYXBwbGljYXRpb24gb2J0YWlucyB0aGUg cmVzcG9uc2UgYnkgZGlyZWN0bHkKICAgICAgICAgICAgY29tbXVuaWNhdGluZyB3aXRoIHRoZSBl bWJlZGRlZCB1c2VyLWFnZW50IGJ5IG1vbml0b3Jpbmcgc3RhdGUgY2hhbmdlcyBlbWl0dGVkIGR1 cmluZwogICAgICAgICAgICB0aGUgcmVzb3VyY2UgbG9hZCwgb3IgYWNjZXNzaW5nIHRoZSB1c2Vy LWFnZW50J3MgY29va2llcyBzdG9yYWdlLgogICAgICAgICAgPC90PgogICAgICAgIDwvbGlzdD4K ICAgICAgPC90PgogICAgICA8dD4KICAgICAgICBXaGVuIGNob29zaW5nIGJldHdlZW4gYW4gZXh0 ZXJuYWwgb3IgZW1iZWRkZWQgdXNlci1hZ2VudCwgZGV2ZWxvcGVycyBzaG91bGQgY29uc2lkZXI6 CiAgICAgIDwvdD4KICAgICAgPHQ+CiAgICAgICAgPGxpc3Qgc3R5bGU9J3N5bWJvbHMnPgogICAg ICAgICAgPHQ+CiAgICAgICAgICAgIEFuIEV4dGVybmFsIHVzZXItYWdlbnQgbWF5IGltcHJvdmUg Y29tcGxldGlvbiByYXRlIGFzIHRoZSByZXNvdXJjZSBvd25lciBtYXkgYWxyZWFkeSBoYXZlCiAg ICAgICAgICAgIGFuIGFjdGl2ZSBzZXNzaW9uIHdpdGggdGhlIGF1dGhvcml6YXRpb24gc2VydmVy IHJlbW92aW5nIHRoZSBuZWVkIHRvIHJlLWF1dGhlbnRpY2F0ZS4gSXQKICAgICAgICAgICAgcHJv dmlkZXMgYSBmYW1pbGlhciBlbmQtdXNlciBleHBlcmllbmNlIGFuZCBmdW5jdGlvbmFsaXR5LiBU aGUgcmVzb3VyY2Ugb3duZXIgbWF5IGFsc28KICAgICAgICAgICAgcmVseSBvbiB1c2VyLWFnZW50 IGZlYXR1cmVzIG9yIGV4dGVuc2lvbnMgdG8gYXNzaXN0IHdpdGggYXV0aGVudGljYXRpb24gKGUu Zy4gcGFzc3dvcmQKICAgICAgICAgICAgbWFuYWdlciwgMi1mYWN0b3IgZGV2aWNlIHJlYWRlciku CiAgICAgICAgICA8L3Q+CiAgICAgICAgICA8dD4KICAgICAgICAgICAgQW4gZW1iZWRkZWQgdXNl ci1hZ2VudCBtYXkgb2ZmZXIgaW1wcm92ZWQgdXNhYmlsaXR5LCBhcyBpdCByZW1vdmVzIHRoZSBu ZWVkIHRvIHN3aXRjaAogICAgICAgICAgICBjb250ZXh0IGFuZCBvcGVuIG5ldyB3aW5kb3dzLgog ICAgICAgICAgPC90PgogICAgICAgICAgPHQ+CiAgICAgICAgICAgIEFuIGVtYmVkZGVkIHVzZXIt YWdlbnQgcG9zZXMgYSBzZWN1cml0eSBjaGFsbGVuZ2UgYmVjYXVzZSByZXNvdXJjZSBvd25lcnMg YXJlCiAgICAgICAgICAgIGF1dGhlbnRpY2F0aW5nIGluIGFuIHVuaWRlbnRpZmllZCB3aW5kb3cg d2l0aG91dCBhY2Nlc3MgdG8gdGhlIHZpc3VhbCBwcm90ZWN0aW9ucyBmb3VuZAogICAgICAgICAg ICBpbiBtb3N0IGV4dGVybmFsIHVzZXItYWdlbnRzLiBBbiBlbWJlZGRlZCB1c2VyLWFnZW50IGVk dWNhdGVzIGVuZC11c2VycyB0byB0cnVzdAogICAgICAgICAgICB1bmlkZW50aWZpZWQgcmVxdWVz dHMgZm9yIGF1dGhlbnRpY2F0aW9uIChtYWtpbmcgcGhpc2hpbmcgYXR0YWNrcyBlYXNpZXIgdG8g ZXhlY3V0ZSkuCiAgICAgICAgICA8L3Q+CiAgICAgICAgPC9saXN0PgogICAgICA8L3Q+CiAgICAg IDx0PgogICAgICAgIFdoZW4gY2hvb3NpbmcgYmV0d2VlbiB0aGUgaW1wbGljaXQgZ3JhbnQgdHlw ZSBhbmQgdGhlIGF1dGhvcml6YXRpb24gY29kZSBncmFudCB0eXBlLCB0aGUKICAgICAgICBmb2xs b3dpbmcgc2hvdWxkIGJlIGNvbnNpZGVyZWQ6CiAgICAgIDwvdD4KICAgICAgPHQ+CiAgICAgICAg PGxpc3Qgc3R5bGU9J3N5bWJvbHMnPgogICAgICAgICAgPHQ+CiAgICAgICAgICAgIE5hdGl2ZSBh cHBsaWNhdGlvbnMgdGhhdCB1c2UgdGhlIGF1dGhvcml6YXRpb24gY29kZSBncmFudCB0eXBlIFNI T1VMRCBkbyBzbyB3aXRob3V0CiAgICAgICAgICAgIHVzaW5nIGNsaWVudCBjcmVkZW50aWFscywg ZHVlIHRvIHRoZSBuYXRpdmUgYXBwbGljYXRpb24ncyBpbmFiaWxpdHkgdG8ga2VlcCBjbGllbnQK ICAgICAgICAgICAgY3JlZGVudGlhbHMgY29uZmlkZW50aWFsLgogICAgICAgICAgPC90PgogICAg ICAgICAgPHQ+CiAgICAgICAgICAgIFdoZW4gdXNpbmcgdGhlIGltcGxpY2l0IGdyYW50IHR5cGUg ZmxvdyBhIHJlZnJlc2ggdG9rZW4gaXMgbm90IHJldHVybmVkIHdoaWNoIHJlcXVpcmVzCiAgICAg ICAgICAgIHJlcGVhdGluZyB0aGUgYXV0aG9yaXphdGlvbiBwcm9jZXNzIG9uY2UgdGhlIGFjY2Vz cyB0b2tlbiBleHBpcmVzLgogICAgICAgICAgPC90PgogICAgICAgIDwvbGlzdD4KICAgICAgPC90 PgogICAgPC9zZWN0aW9uPgoKICAgIDxzZWN0aW9uIHRpdGxlPSdTZWN1cml0eSBDb25zaWRlcmF0 aW9ucyc+CiAgICAgIDx0PgogICAgICAgIEFzIGEgZmxleGlibGUgYW5kIGV4dGVuc2libGUgZnJh bWV3b3JrLCBPQXV0aCdzIHNlY3VyaXR5IGNvbnNpZGVyYXRpb25zIGRlcGVuZCBvbiBtYW55CiAg ICAgICAgZmFjdG9ycy4gVGhlIGZvbGxvd2luZyBzZWN0aW9ucyBwcm92aWRlIGltcGxlbWVudGVy cyB3aXRoIHNlY3VyaXR5IGd1aWRlbGluZXMgZm9jdXNlZCBvbgogICAgICAgIHRoZSB0aHJlZSBj bGllbnQgcHJvZmlsZXMgZGVzY3JpYmVkIGluIDx4cmVmIHRhcmdldD0nY2xpZW50LXR5cGVzJyAv Pjogd2ViIGFwcGxpY2F0aW9uLAogICAgICAgIHVzZXItYWdlbnQtYmFzZWQgYXBwbGljYXRpb24s IGFuZCBuYXRpdmUgYXBwbGljYXRpb24uCiAgICAgIDwvdD4KICAgICAgPHQ+CiAgICAgICAgQSBj b21wcmVoZW5zaXZlIE9BdXRoIHNlY3VyaXR5IG1vZGVsIGFuZCBhbmFseXNpcywgYXMgd2VsbCBh cyBiYWNrZ3JvdW5kIGZvciB0aGUgcHJvdG9jb2wKICAgICAgICBkZXNpZ24sIGlzIHByb3ZpZGVk IGJ5IDx4cmVmIHRhcmdldD0nSS1ELmlldGYtb2F1dGgtdjItdGhyZWF0bW9kZWwnIC8+LgogICAg ICA8L3Q+CgogICAgICA8c2VjdGlvbiB0aXRsZT0nQ2xpZW50IEF1dGhlbnRpY2F0aW9uJz4KICAg ICAgICA8dD4KICAgICAgICAgIFRoZSBhdXRob3JpemF0aW9uIHNlcnZlciBlc3RhYmxpc2hlcyBj bGllbnQgY3JlZGVudGlhbHMgd2l0aCB3ZWIgYXBwbGljYXRpb24gY2xpZW50cyBmb3IKICAgICAg ICAgIHRoZSBwdXJwb3NlIG9mIGNsaWVudCBhdXRoZW50aWNhdGlvbi4gVGhlIGF1dGhvcml6YXRp b24gc2VydmVyIGlzIGVuY291cmFnZWQgdG8gY29uc2lkZXIKICAgICAgICAgIHN0cm9uZ2VyIGNs aWVudCBhdXRoZW50aWNhdGlvbiBtZWFucyB0aGFuIGEgY2xpZW50IHBhc3N3b3JkLiBXZWIgYXBw bGljYXRpb24gY2xpZW50cyBNVVNUCiAgICAgICAgICBlbnN1cmUgY29uZmlkZW50aWFsaXR5IG9m IGNsaWVudCBwYXNzd29yZHMgYW5kIG90aGVyIGNsaWVudCBjcmVkZW50aWFscy4KICAgICAgICA8 L3Q+CiAgICAgICAgPHQ+CiAgICAgICAgICBUaGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgTVVTVCBO T1QgaXNzdWUgY2xpZW50IHBhc3N3b3JkcyBvciBvdGhlciBjbGllbnQgY3JlZGVudGlhbHMgdG8K ICAgICAgICAgIG5hdGl2ZSBhcHBsaWNhdGlvbiBvciB1c2VyLWFnZW50LWJhc2VkIGFwcGxpY2F0 aW9uIGNsaWVudHMgZm9yIHRoZSBwdXJwb3NlIG9mIGNsaWVudAogICAgICAgICAgYXV0aGVudGlj YXRpb24uIFRoZSBhdXRob3JpemF0aW9uIHNlcnZlciBNQVkgaXNzdWUgYSBjbGllbnQgcGFzc3dv cmQgb3Igb3RoZXIgY3JlZGVudGlhbHMKICAgICAgICAgIGZvciBhIHNwZWNpZmljIGluc3RhbGxh dGlvbiBvZiBhIG5hdGl2ZSBhcHBsaWNhdGlvbiBjbGllbnQgb24gYSBzcGVjaWZpYyBkZXZpY2Uu CiAgICAgICAgPC90PgogICAgICAgIDx0PgogICAgICAgICAgV2hlbiBjbGllbnQgYXV0aGVudGlj YXRpb24gaXMgbm90IHBvc3NpYmxlLCB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgU0hPVUxEIGVt cGxveSBvdGhlcgogICAgICAgICAgbWVhbnMgdG8gdmFsaWRhdGUgdGhlIGNsaWVudCdzIGlkZW50 aXR5LiBGb3IgZXhhbXBsZSwgYnkgcmVxdWlyaW5nIHRoZSByZWdpc3RyYXRpb24gb2YKICAgICAg ICAgIHRoZSBjbGllbnQgcmVkaXJlY3Rpb24gVVJJIG9yIGVubGlzdGluZyB0aGUgcmVzb3VyY2Ug b3duZXIgdG8gY29uZmlybSBpZGVudGl0eS4gQSB2YWxpZAogICAgICAgICAgcmVkaXJlY3Rpb24g VVJJIGlzIG5vdCBzdWZmaWNpZW50IHRvIHZlcmlmeSB0aGUgY2xpZW50J3MgaWRlbnRpdHkgd2hl biBhc2tpbmcgZm9yCiAgICAgICAgICByZXNvdXJjZSBvd25lciBhdXRob3JpemF0aW9uLCBidXQg Y2FuIGJlIHVzZWQgdG8gcHJldmVudCBkZWxpdmVyaW5nIGNyZWRlbnRpYWxzIHRvIGEKICAgICAg ICAgIGNvdW50ZXJmZWl0IGNsaWVudCBhZnRlciBvYnRhaW5pbmcgcmVzb3VyY2Ugb3duZXIgYXV0 aG9yaXphdGlvbi4KICAgICAgICA8L3Q+CiAgICAgICAgPHQ+CiAgICAgICAgICBUaGUgYXV0aG9y aXphdGlvbiBzZXJ2ZXIgbXVzdCBjb25zaWRlciB0aGUgc2VjdXJpdHkgaW1wbGljYXRpb25zIG9m IGludGVyYWN0aW5nIHdpdGgKICAgICAgICAgIHVuYXV0aGVudGljYXRlZCBjbGllbnRzIGFuZCB0 YWtlIG1lYXN1cmVzIHRvIGxpbWl0IHRoZSBwb3RlbnRpYWwgZXhwb3N1cmUgb2Ygb3RoZXIKICAg ICAgICAgIGNyZWRlbnRpYWxzIChlLmcuIHJlZnJlc2ggdG9rZW5zKSBpc3N1ZWQgdG8gc3VjaCBj bGllbnRzLgogICAgICAgIDwvdD4KICAgICAgPC9zZWN0aW9uPgoKICAgICAgPHNlY3Rpb24gdGl0 bGU9J0NsaWVudCBJbXBlcnNvbmF0aW9uJz4KICAgICAgICA8dD4KICAgICAgICAgIEEgbWFsaWNp b3VzIGNsaWVudCBjYW4gaW1wZXJzb25hdGUgYW5vdGhlciBjbGllbnQgYW5kIG9idGFpbiBhY2Nl c3MgdG8gcHJvdGVjdGVkCiAgICAgICAgICByZXNvdXJjZXMsIGlmIHRoZSBpbXBlcnNvbmF0ZWQg Y2xpZW50IGZhaWxzIHRvLCBvciBpcyB1bmFibGUgdG8sIGtlZXAgaXRzIGNsaWVudAogICAgICAg ICAgY3JlZGVudGlhbHMgY29uZmlkZW50aWFsLgogICAgICAgIDwvdD4KICAgICAgICA8dD4KICAg ICAgICAgIFRoZSBhdXRob3JpemF0aW9uIHNlcnZlciBNVVNUIGF1dGhlbnRpY2F0ZSB0aGUgY2xp ZW50IHdoZW5ldmVyIHBvc3NpYmxlLiBJZiB0aGUKICAgICAgICAgIGF1dGhvcml6YXRpb24gc2Vy dmVyIGNhbm5vdCBhdXRoZW50aWNhdGUgdGhlIGNsaWVudCBkdWUgdG8gdGhlIGNsaWVudCdzIG5h dHVyZSwgdGhlCiAgICAgICAgICBhdXRob3JpemF0aW9uIHNlcnZlciBNVVNUIHJlcXVpcmUgdGhl IHJlZ2lzdHJhdGlvbiBvZiBhbnkgcmVkaXJlY3Rpb24gVVJJIHVzZWQgZm9yCiAgICAgICAgICBy ZWNlaXZpbmcgYXV0aG9yaXphdGlvbiByZXNwb25zZXMsIGFuZCBTSE9VTEQgdXRpbGl6ZSBvdGhl ciBtZWFucyB0byBwcm90ZWN0IHJlc291cmNlCiAgICAgICAgICBvd25lcnMgZnJvbSBzdWNoIHBv dGVudGlhbGx5IG1hbGljaW91cyBjbGllbnRzLiBGb3IgZXhhbXBsZSwgdGhlIGF1dGhvcml6YXRp b24gc2VydmVyCiAgICAgICAgICBjYW4gZW5nYWdlIHRoZSByZXNvdXJjZSBvd25lciB0byBhc3Np c3QgaW4gaWRlbnRpZnlpbmcgdGhlIGNsaWVudCBhbmQgaXRzIG9yaWdpbi4KICAgICAgICA8L3Q+ CiAgICAgICAgPHQ+CiAgICAgICAgICBUaGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgU0hPVUxEIGVu Zm9yY2UgZXhwbGljaXQgcmVzb3VyY2Ugb3duZXIgYXV0aGVudGljYXRpb24gYW5kCiAgICAgICAg ICBwcm92aWRlIHRoZSByZXNvdXJjZSBvd25lciB3aXRoIGluZm9ybWF0aW9uIGFib3V0IHRoZSBj bGllbnQgYW5kIHRoZSByZXF1ZXN0ZWQKICAgICAgICAgIGF1dGhvcml6YXRpb24gc2NvcGUgYW5k IGxpZmV0aW1lLiBJdCBpcyB1cCB0byB0aGUgcmVzb3VyY2Ugb3duZXIgdG8gcmV2aWV3IHRoZQog ICAgICAgICAgaW5mb3JtYXRpb24gaW4gdGhlIGNvbnRleHQgb2YgdGhlIGN1cnJlbnQgY2xpZW50 LCBhbmQgYXV0aG9yaXplIG9yIGRlbnkgdGhlIHJlcXVlc3QuCiAgICAgICAgPC90PgogICAgICAg IDx0PgogICAgICAgICAgVGhlIGF1dGhvcml6YXRpb24gc2VydmVyIFNIT1VMRCBOT1QgcHJvY2Vz cyByZXBlYXRlZCBhdXRob3JpemF0aW9uIHJlcXVlc3RzCiAgICAgICAgICBhdXRvbWF0aWNhbGx5 ICh3aXRob3V0IGFjdGl2ZSByZXNvdXJjZSBvd25lciBpbnRlcmFjdGlvbikgd2l0aG91dCBhdXRo ZW50aWNhdGluZyB0aGUKICAgICAgICAgIGNsaWVudCBvciByZWx5aW5nIG9uIG90aGVyIG1lYXN1 cmVzIHRvIGVuc3VyZSB0aGUgcmVwZWF0ZWQgcmVxdWVzdCBjb21lcyBmcm9tIHRoZQogICAgICAg ICAgb3JpZ2luYWwgY2xpZW50IGFuZCBub3QgYW4gaW1wZXJzb25hdG9yLgogICAgICAgIDwvdD4K ICAgICAgPC9zZWN0aW9uPgoKICAgICAgPHNlY3Rpb24gdGl0bGU9J0FjY2VzcyBUb2tlbnMnPgog ICAgICAgIDx0PgogICAgICAgICAgQWNjZXNzIHRva2VuIGNyZWRlbnRpYWxzIChhcyB3ZWxsIGFz IGFueSBjb25maWRlbnRpYWwgYWNjZXNzIHRva2VuIGF0dHJpYnV0ZXMpIE1VU1QgYmUKICAgICAg ICAgIGtlcHQgY29uZmlkZW50aWFsIGluIHRyYW5zaXQgYW5kIHN0b3JhZ2UsIGFuZCBvbmx5IHNo YXJlZCBhbW9uZyB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIsCiAgICAgICAgICB0aGUgcmVzb3Vy Y2Ugc2VydmVycyB0aGUgYWNjZXNzIHRva2VuIGlzIHZhbGlkIGZvciwgYW5kIHRoZSBjbGllbnQg dG8gd2hvbSB0aGUgYWNjZXNzCiAgICAgICAgICB0b2tlbiBpcyBpc3N1ZWQuIEFjY2VzcyB0b2tl biBjcmVkZW50aWFscyBNVVNUIG9ubHkgYmUgdHJhbnNtaXR0ZWQgdXNpbmcgVExTIGFzIGRlc2Ny aWJlZAogICAgICAgICAgaW4gPHhyZWYgdGFyZ2V0PSd0bHMnIC8+IHdpdGggc2VydmVyIGF1dGhl bnRpY2F0aW9uIGFzIGRlZmluZWQgYnkKICAgICAgICAgIDx4cmVmIHRhcmdldD0nUkZDMjgxOCcg Lz4uCiAgICAgICAgPC90PgogICAgICAgIDx0PgogICAgICAgICAgV2hlbiB1c2luZyB0aGUgaW1w bGljaXQgZ3JhbnQgdHlwZSwgdGhlIGFjY2VzcyB0b2tlbiBpcyB0cmFuc21pdHRlZCBpbiB0aGUg VVJJIGZyYWdtZW50LAogICAgICAgICAgd2hpY2ggY2FuIGV4cG9zZSBpdCB0byB1bmF1dGhvcml6 ZWQgcGFydGllcy4KICAgICAgICA8L3Q+CiAgICAgICAgPHQ+CiAgICAgICAgICBUaGUgYXV0aG9y aXphdGlvbiBzZXJ2ZXIgTVVTVCBlbnN1cmUgdGhhdCBhY2Nlc3MgdG9rZW5zIGNhbm5vdCBiZSBn ZW5lcmF0ZWQsIG1vZGlmaWVkLCBvcgogICAgICAgICAgZ3Vlc3NlZCB0byBwcm9kdWNlIHZhbGlk IGFjY2VzcyB0b2tlbnMgYnkgdW5hdXRob3JpemVkIHBhcnRpZXMuCiAgICAgICAgPC90PgogICAg ICAgIDx0PgogICAgICAgICAgVGhlIGNsaWVudCBTSE9VTEQgcmVxdWVzdCBhY2Nlc3MgdG9rZW5z IHdpdGggdGhlIG1pbmltYWwgc2NvcGUgbmVjZXNzYXJ5LiBUaGUKICAgICAgICAgIGF1dGhvcml6 YXRpb24gc2VydmVyIFNIT1VMRCB0YWtlIHRoZSBjbGllbnQgaWRlbnRpdHkgaW50byBhY2NvdW50 IHdoZW4gY2hvb3NpbmcgaG93CiAgICAgICAgICB0byBob25vciB0aGUgcmVxdWVzdGVkIHNjb3Bl LCBhbmQgTUFZIGlzc3VlIGFuIGFjY2VzcyB0b2tlbiB3aXRoIGEgbGVzcyByaWdodHMgdGhhbgog ICAgICAgICAgcmVxdWVzdGVkLgogICAgICAgIDwvdD4KICAgICAgICA8dD4KICAgICAgICAgIFRo aXMgc3BlY2lmaWNhdGlvbiBkb2VzIG5vdCBwcm92aWRlIGFueSBtZXRob2RzIGZvciB0aGUgcmVz b3VyY2Ugc2VydmVyIHRvIGVuc3VyZSB0aGF0IGFuCiAgICAgICAgICBhY2Nlc3MgdG9rZW4gcHJl c2VudGVkIHRvIGl0IGJ5IGEgZ2l2ZW4gY2xpZW50IHdhcyBpc3N1ZWQgdG8gdGhhdCBjbGllbnQg YnkgdGhlCiAgICAgICAgICBhdXRob3JpemF0aW9uIHNlcnZlci4KICAgICAgICA8L3Q+CiAgICAg IDwvc2VjdGlvbj4KCiAgICAgIDxzZWN0aW9uIHRpdGxlPSdSZWZyZXNoIFRva2Vucyc+CiAgICAg ICAgPHQ+CiAgICAgICAgICBBdXRob3JpemF0aW9uIHNlcnZlcnMgTUFZIGlzc3VlIHJlZnJlc2gg dG9rZW5zIHRvIHdlYiBhcHBsaWNhdGlvbiBjbGllbnRzIGFuZCBuYXRpdmUKICAgICAgICAgIGFw cGxpY2F0aW9uIGNsaWVudHMuCiAgICAgICAgPC90PgogICAgICAgIDx0PgogICAgICAgICAgUmVm cmVzaCB0b2tlbnMgTVVTVCBiZSBrZXB0IGNvbmZpZGVudGlhbCBpbiB0cmFuc2l0IGFuZCBzdG9y YWdlLCBhbmQgc2hhcmVkIG9ubHkgYW1vbmcKICAgICAgICAgIHRoZSBhdXRob3JpemF0aW9uIHNl cnZlciBhbmQgdGhlIGNsaWVudCB0byB3aG9tIHRoZSByZWZyZXNoIHRva2VucyB3ZXJlIGlzc3Vl ZC4gVGhlCiAgICAgICAgICBhdXRob3JpemF0aW9uIHNlcnZlciBNVVNUIG1haW50YWluIHRoZSBi aW5kaW5nIGJldHdlZW4gYSByZWZyZXNoIHRva2VuIGFuZCB0aGUgY2xpZW50IHRvCiAgICAgICAg ICB3aG9tIGl0IHdhcyBpc3N1ZWQuIFJlZnJlc2ggdG9rZW5zIE1VU1Qgb25seSBiZSB0cmFuc21p dHRlZCB1c2luZyBUTFMgYXMgZGVzY3JpYmVkIGluCiAgICAgICAgICA8eHJlZiB0YXJnZXQ9J3Rs cycgLz4gd2l0aCBzZXJ2ZXIgYXV0aGVudGljYXRpb24gYXMgZGVmaW5lZCBieSA8eHJlZiB0YXJn ZXQ9J1JGQzI4MTgnIC8+LgogICAgICAgIDwvdD4KICAgICAgICA8dD4KICAgICAgICAgIFRoZSBh dXRob3JpemF0aW9uIHNlcnZlciBNVVNUIHZlcmlmeSB0aGUgYmluZGluZyBiZXR3ZWVuIHRoZSBy ZWZyZXNoIHRva2VuIGFuZCBjbGllbnQKICAgICAgICAgIGlkZW50aXR5IHdoZW5ldmVyIHRoZSBj bGllbnQgaWRlbnRpdHkgY2FuIGJlIGF1dGhlbnRpY2F0ZWQuIFdoZW4gY2xpZW50IGF1dGhlbnRp Y2F0aW9uIGlzCiAgICAgICAgICBub3QgcG9zc2libGUsIHRoZSBhdXRob3JpemF0aW9uIHNlcnZl ciBTSE9VTEQgZGVwbG95IG90aGVyIG1lYW5zIHRvIGRldGVjdCByZWZyZXNoIHRva2VuCiAgICAg ICAgICBhYnVzZS4KICAgICAgICA8L3Q+CiAgICAgICAgPHQ+CiAgICAgICAgICBGb3IgZXhhbXBs ZSwgdGhlIGF1dGhvcml6YXRpb24gc2VydmVyIGNvdWxkIGVtcGxveSByZWZyZXNoIHRva2VuIHJv dGF0aW9uIGluIHdoaWNoIGEgbmV3CiAgICAgICAgICByZWZyZXNoIHRva2VuIGlzIGlzc3VlZCB3 aXRoIGV2ZXJ5IGFjY2VzcyB0b2tlbiByZWZyZXNoIHJlc3BvbnNlLiBUaGUgcHJldmlvdXMgcmVm cmVzaAogICAgICAgICAgdG9rZW4gaXMgaW52YWxpZGF0ZWQgYnV0IHJldGFpbmVkIGJ5IHRoZSBh dXRob3JpemF0aW9uIHNlcnZlci4gSWYgYSByZWZyZXNoIHRva2VuIGlzCiAgICAgICAgICBjb21w cm9taXNlZCBhbmQgc3Vic2VxdWVudGx5IHVzZWQgYnkgYm90aCB0aGUgYXR0YWNrZXIgYW5kIHRo ZSBsZWdpdGltYXRlIGNsaWVudCwgb25lIG9mCiAgICAgICAgICB0aGVtIHdpbGwgcHJlc2VudCBh biBpbnZhbGlkYXRlZCByZWZyZXNoIHRva2VuIHdoaWNoIHdpbGwgaW5mb3JtIHRoZSBhdXRob3Jp emF0aW9uIHNlcnZlcgogICAgICAgICAgb2YgdGhlIGJyZWFjaC4KICAgICAgICA8L3Q+CiAgICAg ICAgPHQ+CiAgICAgICAgICBUaGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgTVVTVCBlbnN1cmUgdGhh dCByZWZyZXNoIHRva2VucyBjYW5ub3QgYmUgZ2VuZXJhdGVkLCBtb2RpZmllZCwKICAgICAgICAg IG9yIGd1ZXNzZWQgdG8gcHJvZHVjZSB2YWxpZCByZWZyZXNoIHRva2VucyBieSB1bmF1dGhvcml6 ZWQgcGFydGllcy4KICAgICAgICA8L3Q+CiAgICAgIDwvc2VjdGlvbj4KCiAgICAgIDxzZWN0aW9u IHRpdGxlPSdBdXRob3JpemF0aW9uIENvZGVzJz4KICAgICAgICA8dD4KICAgICAgICAgIFRoZSB0 cmFuc21pc3Npb24gb2YgYXV0aG9yaXphdGlvbiBjb2RlcyBTSE9VTEQgYmUgbWFkZSBvdmVyIGEg c2VjdXJlIGNoYW5uZWwsIGFuZCB0aGUKICAgICAgICAgIGNsaWVudCBTSE9VTEQgcmVxdWlyZSB0 aGUgdXNlIG9mIFRMUyB3aXRoIGl0cyByZWRpcmVjdGlvbiBVUkkgaWYgdGhlIFVSSSBpZGVudGlm aWVzIGEKICAgICAgICAgIG5ldHdvcmsgcmVzb3VyY2UuIFNpbmNlIGF1dGhvcml6YXRpb24gY29k ZXMgYXJlIHRyYW5zbWl0dGVkIHZpYSB1c2VyLWFnZW50IHJlZGlyZWN0aW9ucywKICAgICAgICAg IHRoZXkgY291bGQgcG90ZW50aWFsbHkgYmUgZGlzY2xvc2VkIHRocm91Z2ggdXNlci1hZ2VudCBo aXN0b3J5IGFuZCBIVFRQIHJlZmVycmVyIGhlYWRlcnMuCiAgICAgICAgPC90PgogICAgICAgIDx0 PgogICAgICAgICAgQXV0aG9yaXphdGlvbiBjb2RlcyBvcGVyYXRlIGFzIHBsYWludGV4dCBiZWFy ZXIgY3JlZGVudGlhbHMsIHVzZWQgdG8gdmVyaWZ5IHRoYXQgdGhlCiAgICAgICAgICByZXNvdXJj ZSBvd25lciB3aG8gZ3JhbnRlZCBhdXRob3JpemF0aW9uIGF0IHRoZSBhdXRob3JpemF0aW9uIHNl cnZlciBpcyB0aGUgc2FtZQogICAgICAgICAgcmVzb3VyY2Ugb3duZXIgcmV0dXJuaW5nIHRvIHRo ZSBjbGllbnQgdG8gY29tcGxldGUgdGhlIHByb2Nlc3MuIFRoZXJlZm9yZSwgaWYgdGhlIGNsaWVu dAogICAgICAgICAgcmVsaWVzIG9uIHRoZSBhdXRob3JpemF0aW9uIGNvZGUgZm9yIGl0cyBvd24g cmVzb3VyY2Ugb3duZXIgYXV0aGVudGljYXRpb24sIHRoZSBjbGllbnQKICAgICAgICAgIHJlZGly ZWN0aW9uIGVuZHBvaW50IE1VU1QgcmVxdWlyZSB0aGUgdXNlIG9mIFRMUy4KICAgICAgICA8L3Q+ CiAgICAgICAgPHQ+CiAgICAgICAgICBBdXRob3JpemF0aW9uIGNvZGVzIE1VU1QgYmUgc2hvcnQg bGl2ZWQgYW5kIHNpbmdsZSB1c2UuIElmIHRoZSBhdXRob3JpemF0aW9uIHNlcnZlcgogICAgICAg ICAgb2JzZXJ2ZXMgbXVsdGlwbGUgYXR0ZW1wdHMgdG8gZXhjaGFuZ2UgYW4gYXV0aG9yaXphdGlv biBjb2RlIGZvciBhbiBhY2Nlc3MgdG9rZW4sIHRoZQogICAgICAgICAgYXV0aG9yaXphdGlvbiBz ZXJ2ZXIgU0hPVUxEIGF0dGVtcHQgdG8gcmV2b2tlIGFsbCBhY2Nlc3MgdG9rZW5zIGFscmVhZHkg Z3JhbnRlZCBiYXNlZCBvbgogICAgICAgICAgdGhlIGNvbXByb21pc2VkIGF1dGhvcml6YXRpb24g Y29kZS4KICAgICAgICA8L3Q+CiAgICAgICAgPHQ+CiAgICAgICAgICBJZiB0aGUgY2xpZW50IGNh biBiZSBhdXRoZW50aWNhdGVkLCB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXJzIE1VU1QgYXV0aGVu dGljYXRlIHRoZQogICAgICAgICAgY2xpZW50IGFuZCBlbnN1cmUgdGhhdCB0aGUgYXV0aG9yaXph dGlvbiBjb2RlIHdhcyBpc3N1ZWQgdG8gdGhlIHNhbWUgY2xpZW50LgogICAgICAgIDwvdD4KICAg ICAgPC9zZWN0aW9uPgoKICAgICAgPHNlY3Rpb24gdGl0bGU9J0F1dGhvcml6YXRpb24gQ29kZSBS ZWRpcmVjdGlvbiBVUkkgTWFuaXB1bGF0aW9uJz4KICAgICAgICA8dD4KICAgICAgICAgIFdoZW4g cmVxdWVzdGluZyBhdXRob3JpemF0aW9uIHVzaW5nIHRoZSBhdXRob3JpemF0aW9uIGNvZGUgZ3Jh bnQgdHlwZSwgdGhlIGNsaWVudCBjYW4KICAgICAgICAgIHNwZWNpZnkgYSByZWRpcmVjdGlvbiBV UkkgdmlhIHRoZSA8c3Bhbnggc3R5bGU9J3ZlcmInPnJlZGlyZWN0X3VyaTwvc3Bhbng+IHBhcmFt ZXRlci4KICAgICAgICAgIElmIGFuIGF0dGFja2VyIGNhbiBtYW5pcHVsYXRlIHRoZSB2YWx1ZSBv ZiB0aGUgcmVkaXJlY3Rpb24gVVJJLCBpdCBjYW4gY2F1c2UgdGhlCiAgICAgICAgICBhdXRob3Jp emF0aW9uIHNlcnZlciB0byByZWRpcmVjdCB0aGUgcmVzb3VyY2Ugb3duZXIgdXNlci1hZ2VudCB0 byBhIFVSSSB1bmRlciB0aGUgY29udHJvbAogICAgICAgICAgb2YgdGhlIGF0dGFja2VyIHdpdGgg dGhlIGF1dGhvcml6YXRpb24gY29kZS4KICAgICAgICA8L3Q+CiAgICAgICAgPHQ+CiAgICAgICAg ICBBbiBhdHRhY2tlciBjYW4gY3JlYXRlIGFuIGFjY291bnQgYXQgYSBsZWdpdGltYXRlIGNsaWVu dCBhbmQgaW5pdGlhdGUgdGhlIGF1dGhvcml6YXRpb24KICAgICAgICAgIGZsb3cuIFdoZW4gdGhl IGF0dGFja2VyJ3MgdXNlci1hZ2VudCBpcyBzZW50IHRvIHRoZSBhdXRob3JpemF0aW9uIHNlcnZl ciB0byBncmFudCBhY2Nlc3MsCiAgICAgICAgICB0aGUgYXR0YWNrZXIgZ3JhYnMgdGhlIGF1dGhv cml6YXRpb24gVVJJIHByb3ZpZGVkIGJ5IHRoZSBsZWdpdGltYXRlIGNsaWVudCwgYW5kIHJlcGxh Y2VzCiAgICAgICAgICB0aGUgY2xpZW50J3MgcmVkaXJlY3Rpb24gVVJJIHdpdGggYSBVUkkgdW5k ZXIgdGhlIGNvbnRyb2wgb2YgdGhlIGF0dGFja2VyLiBUaGUgYXR0YWNrZXIKICAgICAgICAgIHRo ZW4gdHJpY2tzIHRoZSB2aWN0aW0gaW50byBmb2xsb3dpbmcgdGhlIG1hbmlwdWxhdGVkIGxpbmsg dG8gYXV0aG9yaXplIGFjY2VzcyB0byB0aGUKICAgICAgICAgIGxlZ2l0aW1hdGUgY2xpZW50Lgog ICAgICAgIDwvdD4KICAgICAgICA8dD4KICAgICAgICAgIE9uY2UgYXQgdGhlIGF1dGhvcml6YXRp b24gc2VydmVyLCB0aGUgdmljdGltIGlzIHByb21wdGVkIHdpdGggYSBub3JtYWwsIHZhbGlkIHJl cXVlc3Qgb24KICAgICAgICAgIGJlaGFsZiBvZiBhIGxlZ2l0aW1hdGUgYW5kIHRydXN0ZWQgY2xp ZW50LCBhbmQgYXV0aG9yaXplcyB0aGUgcmVxdWVzdC4gVGhlIHZpY3RpbSBpcwogICAgICAgICAg dGhlbiByZWRpcmVjdGVkIHRvIGFuIGVuZHBvaW50IHVuZGVyIHRoZSBjb250cm9sIG9mIHRoZSBh dHRhY2tlciB3aXRoIHRoZSBhdXRob3JpemF0aW9uCiAgICAgICAgICBjb2RlLiBUaGUgYXR0YWNr ZXIgY29tcGxldGVzIHRoZSBhdXRob3JpemF0aW9uIGZsb3cgYnkgc2VuZGluZyB0aGUgYXV0aG9y aXphdGlvbiBjb2RlIHRvCiAgICAgICAgICB0aGUgY2xpZW50IHVzaW5nIHRoZSBvcmlnaW5hbCBy ZWRpcmVjdGlvbiBVUkkgcHJvdmlkZWQgYnkgdGhlIGNsaWVudC4gVGhlIGNsaWVudAogICAgICAg ICAgZXhjaGFuZ2VzIHRoZSBhdXRob3JpemF0aW9uIGNvZGUgd2l0aCBhbiBhY2Nlc3MgdG9rZW4g YW5kIGxpbmtzIGl0IHRvIHRoZSBhdHRhY2tlcidzCiAgICAgICAgICBjbGllbnQgYWNjb3VudCB3 aGljaCBjYW4gbm93IGdhaW4gYWNjZXNzIHRvIHRoZSBwcm90ZWN0ZWQgcmVzb3VyY2VzIGF1dGhv cml6ZWQgYnkgdGhlCiAgICAgICAgICB2aWN0aW0gKHZpYSB0aGUgY2xpZW50KS4KICAgICAgICA8 L3Q+CiAgICAgICAgPHQ+CiAgICAgICAgICBJbiBvcmRlciB0byBwcmV2ZW50IHN1Y2ggYW4gYXR0 YWNrLCB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgTVVTVCBlbnN1cmUgdGhhdCB0aGUKICAgICAg ICAgIHJlZGlyZWN0aW9uIFVSSSB1c2VkIHRvIG9idGFpbiB0aGUgYXV0aG9yaXphdGlvbiBjb2Rl IGlzIGlkZW50aWNhbCB0byB0aGUgcmVkaXJlY3Rpb24gVVJJCiAgICAgICAgICBwcm92aWRlZCB3 aGVuIGV4Y2hhbmdpbmcgdGhlIGF1dGhvcml6YXRpb24gY29kZSBmb3IgYW4gYWNjZXNzIHRva2Vu LiBUaGUgYXV0aG9yaXphdGlvbgogICAgICAgICAgc2VydmVyIE1VU1QgcmVxdWlyZSBwdWJsaWMg Y2xpZW50cyBhbmQgU0hPVUxEIHJlcXVpcmUgY29uZmlkZW50aWFsIGNsaWVudHMgdG8gcmVnaXN0 ZXIKICAgICAgICAgIHRoZWlyIHJlZGlyZWN0aW9uIFVSSXMuIElmIGEgcmVkaXJlY3Rpb24gVVJJ IGlzIHByb3ZpZGVkIGluIHRoZSByZXF1ZXN0LCB0aGUKICAgICAgICAgIGF1dGhvcml6YXRpb24g c2VydmVyIE1VU1QgdmFsaWRhdGUgaXQgYWdhaW5zdCB0aGUgcmVnaXN0ZXJlZCB2YWx1ZS4KICAg ICAgICA8L3Q+CiAgICAgIDwvc2VjdGlvbj4KCiAgICAgIDxzZWN0aW9uIHRpdGxlPSdSZXNvdXJj ZSBPd25lciBQYXNzd29yZCBDcmVkZW50aWFscyc+CiAgICAgICAgPHQ+CiAgICAgICAgICBUaGUg cmVzb3VyY2Ugb3duZXIgcGFzc3dvcmQgY3JlZGVudGlhbHMgZ3JhbnQgdHlwZSBpcyBvZnRlbiB1 c2VkIGZvciBsZWdhY3kgb3IgbWlncmF0aW9uCiAgICAgICAgICByZWFzb25zLiBJdCByZWR1Y2Vz IHRoZSBvdmVyYWxsIHJpc2sgb2Ygc3RvcmluZyB1c2VybmFtZSBhbmQgcGFzc3dvcmQgYnkgdGhl IGNsaWVudCwgYnV0CiAgICAgICAgICBkb2VzIG5vdCBlbGltaW5hdGUgdGhlIG5lZWQgdG8gZXhw b3NlIGhpZ2hseSBwcml2aWxlZ2VkIGNyZWRlbnRpYWxzIHRvIHRoZSBjbGllbnQuCiAgICAgICAg PC90PgogICAgICAgIDx0PgogICAgICAgICAgVGhpcyBncmFudCB0eXBlIGNhcnJpZXMgYSBoaWdo ZXIgcmlzayB0aGFuIG90aGVyIGdyYW50IHR5cGVzIGJlY2F1c2UgaXQgbWFpbnRhaW5zIHRoZQog ICAgICAgICAgcGFzc3dvcmQgYW50aS1wYXR0ZXJuIHRoaXMgcHJvdG9jb2wgc2Vla3MgdG8gYXZv aWQuIFRoZSBjbGllbnQgY291bGQgYWJ1c2UgdGhlIHBhc3N3b3JkCiAgICAgICAgICBvciB0aGUg cGFzc3dvcmQgY291bGQgdW5pbnRlbnRpb25hbGx5IGJlIGRpc2Nsb3NlZCB0byBhbiBhdHRhY2tl ciAoZS5nLiB2aWEgbG9nIGZpbGVzIG9yCiAgICAgICAgICBvdGhlciByZWNvcmRzIGtlcHQgYnkg dGhlIGNsaWVudCkuCiAgICAgICAgPC90PgogICAgICAgIDx0PgogICAgICAgICAgQWRkaXRpb25h bGx5LCBiZWNhdXNlIHRoZSByZXNvdXJjZSBvd25lciBkb2VzIG5vdCBoYXZlIGNvbnRyb2wgb3Zl ciB0aGUgYXV0aG9yaXphdGlvbgogICAgICAgICAgcHJvY2VzcyAodGhlIHJlc291cmNlIG93bmVy IGludm9sdmVtZW50IGVuZHMgd2hlbiBpdCBoYW5kcyBvdmVyIGl0cyBjcmVkZW50aWFscyB0byB0 aGUKICAgICAgICAgIGNsaWVudCksIHRoZSBjbGllbnQgY2FuIG9idGFpbiBhY2Nlc3MgdG9rZW5z IHdpdGggYSBicm9hZGVyIHNjb3BlIHRoYW4gZGVzaXJlZCBieSB0aGUKICAgICAgICAgIHJlc291 cmNlIG93bmVyLiBUaGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgc2hvdWxkIGNvbnNpZGVyIHRoZSBz Y29wZSBhbmQgbGlmZXRpbWUgb2YKICAgICAgICAgIGFjY2VzcyB0b2tlbnMgaXNzdWVkIHZpYSB0 aGlzIGdyYW50IHR5cGUuCiAgICAgICAgPC90PgogICAgICAgIDx0PgogICAgICAgICAgVGhlIGF1 dGhvcml6YXRpb24gc2VydmVyIGFuZCBjbGllbnQgU0hPVUxEIG1pbmltaXplIHVzZSBvZiB0aGlz IGdyYW50IHR5cGUgYW5kIHV0aWxpemUKICAgICAgICAgIG90aGVyIGdyYW50IHR5cGVzIHdoZW5l dmVyIHBvc3NpYmxlLgogICAgICAgIDwvdD4KICAgICAgPC9zZWN0aW9uPgoKICAgICAgPHNlY3Rp b24gdGl0bGU9J1JlcXVlc3QgQ29uZmlkZW50aWFsaXR5Jz4KICAgICAgICA8dD4KICAgICAgICAg IEFjY2VzcyB0b2tlbnMsIHJlZnJlc2ggdG9rZW5zLCByZXNvdXJjZSBvd25lciBwYXNzd29yZHMs IGFuZCBjbGllbnQgY3JlZGVudGlhbHMgTVVTVCBOT1QKICAgICAgICAgIGJlIHRyYW5zbWl0dGVk IGluIHRoZSBjbGVhci4gQXV0aG9yaXphdGlvbiBjb2RlcyBTSE9VTEQgTk9UIGJlIHRyYW5zbWl0 dGVkIGluIHRoZSBjbGVhci4KICAgICAgICA8L3Q+CiAgICAgICAgPHQ+CiAgICAgICAgICBUaGUg PHNwYW54IHN0eWxlPSd2ZXJiJz5zdGF0ZTwvc3Bhbng+IGFuZCA8c3Bhbnggc3R5bGU9J3ZlcmIn PnNjb3BlPC9zcGFueD4gcGFyYW1ldGVycwogICAgICAgICAgU0hPVUxEIE5PVCBpbmNsdWRlIHNl bnNpdGl2ZSBjbGllbnQgb3IgcmVzb3VyY2Ugb3duZXIgaW5mb3JtYXRpb24gaW4gcGxhaW4gdGV4 dCBhcyB0aGV5CiAgICAgICAgICBjYW4gYmUgdHJhbnNtaXR0ZWQgb3ZlciBpbnNlY3VyZSBjaGFu bmVscyBvciBzdG9yZWQgaW5zZWN1cmVseS4KICAgICAgICA8L3Q+CiAgICAgIDwvc2VjdGlvbj4K CiAgICAgIDxzZWN0aW9uIHRpdGxlPSdFbmRwb2ludHMgQXV0aGVudGljaXR5Jz4KICAgICAgICA8 dD4KICAgICAgICAgIEluIG9yZGVyIHRvIHByZXZlbnQgbWFuLWluLXRoZS1taWRkbGUgYXR0YWNr cywgdGhlIGF1dGhvcml6YXRpb24gc2VydmVyIE1VU1QgcmVxdWlyZSB0aGUKICAgICAgICAgIHVz ZSBvZiBUTFMgd2l0aCBzZXJ2ZXIgYXV0aGVudGljYXRpb24gYXMgZGVmaW5lZCBieSA8eHJlZiB0 YXJnZXQ9J1JGQzI4MTgnIC8+IGZvcgogICAgICAgICAgYW55IHJlcXVlc3Qgc2VudCB0byB0aGUg YXV0aG9yaXphdGlvbiBhbmQgdG9rZW4gZW5kcG9pbnRzLiBUaGUgY2xpZW50IE1VU1QgdmFsaWRh dGUgdGhlCiAgICAgICAgICBhdXRob3JpemF0aW9uIHNlcnZlcidzIFRMUyBjZXJ0aWZpY2F0ZSBh cyBkZWZpbmVkIGJ5IDx4cmVmIHRhcmdldD0nUkZDNjEyNScgLz4sIGFuZCBpbgogICAgICAgICAg YWNjb3JkYW5jZSB3aXRoIGl0cyByZXF1aXJlbWVudHMgZm9yIHNlcnZlciBpZGVudGl0eSBhdXRo ZW50aWNhdGlvbi4KICAgICAgICA8L3Q+CiAgICAgIDwvc2VjdGlvbj4KCiAgICAgIDxzZWN0aW9u IHRpdGxlPSdDcmVkZW50aWFscyBHdWVzc2luZyBBdHRhY2tzJyBhbmNob3I9J2FudGhyb3B5Jz4K ICAgICAgICA8dD4KICAgICAgICAgIFRoZSBhdXRob3JpemF0aW9uIHNlcnZlciBNVVNUIHByZXZl bnQgYXR0YWNrZXJzIGZyb20gZ3Vlc3NpbmcgYWNjZXNzIHRva2VucywKICAgICAgICAgIGF1dGhv cml6YXRpb24gY29kZXMsIHJlZnJlc2ggdG9rZW5zLCByZXNvdXJjZSBvd25lciBwYXNzd29yZHMs IGFuZCBjbGllbnQgY3JlZGVudGlhbHMuCiAgICAgICAgPC90PgogICAgICAgIDx0PgogICAgICAg ICAgVGhlIHByb2JhYmlsaXR5IG9mIGFuIGF0dGFja2VyIGd1ZXNzaW5nIGdlbmVyYXRlZCB0b2tl bnMgKGFuZCBvdGhlciBjcmVkZW50aWFscyBub3QKICAgICAgICAgIGludGVuZGVkIGZvciBoYW5k bGluZyBieSBlbmQtdXNlcnMpIE1VU1QgYmUgbGVzcyB0aGFuIG9yIGVxdWFsIHRvIDJeKC0xMjgp IGFuZCBTSE9VTEQgYmUKICAgICAgICAgIGxlc3MgdGhhbiBvciBlcXVhbCB0byAyXigtMTYwKS4K ICAgICAgICA8L3Q+CiAgICAgICAgPHQ+CiAgICAgICAgICBUaGUgYXV0aG9yaXphdGlvbiBzZXJ2 ZXIgTVVTVCB1dGlsaXplIG90aGVyIG1lYW5zIHRvIHByb3RlY3QgY3JlZGVudGlhbHMgaW50ZW5k ZWQgZm9yCiAgICAgICAgICBlbmQtdXNlciB1c2FnZS4KICAgICAgICA8L3Q+CiAgICAgIDwvc2Vj dGlvbj4KCiAgICAgIDxzZWN0aW9uIHRpdGxlPSdQaGlzaGluZyBBdHRhY2tzJz4KICAgICAgICA8 dD4KICAgICAgICAgIFdpZGUgZGVwbG95bWVudCBvZiB0aGlzIGFuZCBzaW1pbGFyIHByb3RvY29s cyBtYXkgY2F1c2UgZW5kLXVzZXJzIHRvIGJlY29tZSBpbnVyZWQKICAgICAgICAgIHRvIHRoZSBw cmFjdGljZSBvZiBiZWluZyByZWRpcmVjdGVkIHRvIHdlYnNpdGVzIHdoZXJlIHRoZXkgYXJlIGFz a2VkIHRvIGVudGVyIHRoZWlyCiAgICAgICAgICBwYXNzd29yZHMuIElmIGVuZC11c2VycyBhcmUg bm90IGNhcmVmdWwgdG8gdmVyaWZ5IHRoZSBhdXRoZW50aWNpdHkgb2YgdGhlc2Ugd2Vic2l0ZXMK ICAgICAgICAgIGJlZm9yZSBlbnRlcmluZyB0aGVpciBjcmVkZW50aWFscywgaXQgd2lsbCBiZSBw b3NzaWJsZSBmb3IgYXR0YWNrZXJzIHRvIGV4cGxvaXQgdGhpcwogICAgICAgICAgcHJhY3RpY2Ug dG8gc3RlYWwgcmVzb3VyY2Ugb3duZXJzJyBwYXNzd29yZHMuCiAgICAgICAgPC90PgogICAgICAg IDx0PgogICAgICAgICAgU2VydmljZSBwcm92aWRlcnMgc2hvdWxkIGF0dGVtcHQgdG8gZWR1Y2F0 ZSBlbmQtdXNlcnMgYWJvdXQgdGhlIHJpc2tzIHBoaXNoaW5nIGF0dGFja3MKICAgICAgICAgIHBv c2UsIGFuZCBzaG91bGQgcHJvdmlkZSBtZWNoYW5pc21zIHRoYXQgbWFrZSBpdCBlYXN5IGZvciBl bmQtdXNlcnMgdG8gY29uZmlybSB0aGUKICAgICAgICAgIGF1dGhlbnRpY2l0eSBvZiB0aGVpciBz aXRlcy4gQ2xpZW50IGRldmVsb3BlcnMgc2hvdWxkIGNvbnNpZGVyIHRoZSBzZWN1cml0eSBpbXBs aWNhdGlvbnMKICAgICAgICAgIG9mIGhvdyB0aGV5IGludGVyYWN0IHdpdGggdGhlIHVzZXItYWdl bnQgKGUuZy4sIGV4dGVybmFsLCBlbWJlZGRlZCksIGFuZCB0aGUgYWJpbGl0eSBvZgogICAgICAg ICAgdGhlIGVuZC11c2VyIHRvIHZlcmlmeSB0aGUgYXV0aGVudGljaXR5IG9mIHRoZSBhdXRob3Jp emF0aW9uIHNlcnZlci4KICAgICAgICA8L3Q+CiAgICAgICAgPHQ+CiAgICAgICAgICBUbyByZWR1 Y2UgdGhlIHJpc2sgb2YgcGhpc2hpbmcgYXR0YWNrcywgdGhlIGF1dGhvcml6YXRpb24gc2VydmVy cyBNVVNUIHJlcXVpcmUgdGhlIHVzZSBvZgogICAgICAgICAgVExTIG9uIGV2ZXJ5IGVuZHBvaW50 IHVzZWQgZm9yIGVuZC11c2VyIGludGVyYWN0aW9uLgogICAgICAgIDwvdD4KICAgICAgPC9zZWN0 aW9uPgoKICAgICAgPHNlY3Rpb24gdGl0bGU9J0Nyb3NzLVNpdGUgUmVxdWVzdCBGb3JnZXJ5JyBh bmNob3I9J0NTUkYnPgogICAgICAgIDx0PgogICAgICAgICAgQ3Jvc3Mtc2l0ZSByZXF1ZXN0IGZv cmdlcnkgKENTUkYpIGlzIGFuIGV4cGxvaXQgaW4gd2hpY2ggYW4gYXR0YWNrZXIgY2F1c2VzIHRo ZQogICAgICAgICAgdXNlci1hZ2VudCBvZiBhIHZpY3RpbSBlbmQtdXNlciB0byBmb2xsb3cgYSBt YWxpY2lvdXMgVVJJIChlLmcuIHByb3ZpZGVkIHRvIHRoZQogICAgICAgICAgdXNlci1hZ2VudCBh cyBhIG1pc2xlYWRpbmcgbGluaywgaW1hZ2UsIG9yIHJlZGlyZWN0aW9uKSB0byBhIHRydXN0aW5n IHNlcnZlciAodXN1YWxseQogICAgICAgICAgZXN0YWJsaXNoZWQgdmlhIHRoZSBwcmVzZW5jZSBv ZiBhIHZhbGlkIHNlc3Npb24gY29va2llKS4KICAgICAgICA8L3Q+CiAgICAgICAgPHQ+CiAgICAg ICAgICBBIENTUkYgYXR0YWNrIGFnYWluc3QgdGhlIGNsaWVudCdzIHJlZGlyZWN0aW9uIFVSSSBh bGxvd3MgYW4gYXR0YWNrZXIgdG8gaW5qZWN0IHRoZWlyIG93bgogICAgICAgICAgYXV0aG9yaXph dGlvbiBjb2RlIG9yIGFjY2VzcyB0b2tlbiwgd2hpY2ggY2FuIHJlc3VsdCBpbiB0aGUgY2xpZW50 IHVzaW5nIGFuIGFjY2VzcyB0b2tlbgogICAgICAgICAgYXNzb2NpYXRlZCB3aXRoIHRoZSBhdHRh Y2tlcidzIHByb3RlY3RlZCByZXNvdXJjZXMgcmF0aGVyIHRoYW4gdGhlIHZpY3RpbSdzIChlLmcu IHNhdmUKICAgICAgICAgIHRoZSB2aWN0aW0ncyBiYW5rIGFjY291bnQgaW5mb3JtYXRpb24gdG8g YSBwcm90ZWN0ZWQgcmVzb3VyY2UgY29udHJvbGxlZCBieSB0aGUKICAgICAgICAgIGF0dGFja2Vy KS4KICAgICAgICA8L3Q+CiAgICAgICAgPHQ+CiAgICAgICAgICBUaGUgY2xpZW50IE1VU1QgaW1w bGVtZW50IENTUkYgcHJvdGVjdGlvbiBmb3IgaXRzIHJlZGlyZWN0aW9uIFVSSS4gVGhpcyBpcyB0 eXBpY2FsbHkKICAgICAgICAgIGFjY29tcGxpc2hlZCBieSByZXF1aXJpbmcgYW55IHJlcXVlc3Qg c2VudCB0byB0aGUgcmVkaXJlY3Rpb24gVVJJIGVuZHBvaW50IHRvIGluY2x1ZGUgYQogICAgICAg ICAgdmFsdWUgdGhhdCBiaW5kcyB0aGUgcmVxdWVzdCB0byB0aGUgdXNlci1hZ2VudCdzIGF1dGhl bnRpY2F0ZWQgc3RhdGUgKGUuZy4gYSBoYXNoIG9mIHRoZQogICAgICAgICAgc2Vzc2lvbiBjb29r aWUgdXNlZCB0byBhdXRoZW50aWNhdGUgdGhlIHVzZXItYWdlbnQpLiBUaGUgY2xpZW50IFNIT1VM RCB1dGlsaXplIHRoZQogICAgICAgICAgPHNwYW54IHN0eWxlPSd2ZXJiJz5zdGF0ZTwvc3Bhbng+ IHJlcXVlc3QgcGFyYW1ldGVyIHRvIGRlbGl2ZXIgdGhpcyB2YWx1ZSB0byB0aGUKICAgICAgICAg IGF1dGhvcml6YXRpb24gc2VydmVyIHdoZW4gbWFraW5nIGFuIGF1dGhvcml6YXRpb24gcmVxdWVz dC4KICAgICAgICA8L3Q+CiAgICAgICAgPHQ+CiAgICAgICAgICBPbmNlIGF1dGhvcml6YXRpb24g aGFzIGJlZW4gb2J0YWluZWQgZnJvbSB0aGUgZW5kLXVzZXIsIHRoZSBhdXRob3JpemF0aW9uIHNl cnZlcgogICAgICAgICAgcmVkaXJlY3RzIHRoZSBlbmQtdXNlcidzIHVzZXItYWdlbnQgYmFjayB0 byB0aGUgY2xpZW50IHdpdGggdGhlIHJlcXVpcmVkIGJpbmRpbmcgdmFsdWUKICAgICAgICAgIGNv bnRhaW5lZCBpbiB0aGUgPHNwYW54IHN0eWxlPSd2ZXJiJz5zdGF0ZTwvc3Bhbng+IHBhcmFtZXRl ci4gVGhlIGJpbmRpbmcgdmFsdWUgZW5hYmxlcwogICAgICAgICAgdGhlIGNsaWVudCB0byB2ZXJp ZnkgdGhlIHZhbGlkaXR5IG9mIHRoZSByZXF1ZXN0IGJ5IG1hdGNoaW5nIHRoZSBiaW5kaW5nIHZh bHVlIHRvIHRoZQogICAgICAgICAgdXNlci1hZ2VudCdzIGF1dGhlbnRpY2F0ZWQgc3RhdGUuIFRo ZSBiaW5kaW5nIHZhbHVlIHVzZWQgZm9yIENTUkYgcHJvdGVjdGlvbiBNVVNUIGNvbnRhaW4KICAg ICAgICAgIGEgbm9uLWd1ZXNzYWJsZSB2YWx1ZSAoYXMgZGVzY3JpYmVkIGluIDx4cmVmIHRhcmdl dD0nYW50aHJvcHknIC8+KSwgYW5kIHRoZSB1c2VyLWFnZW50J3MKICAgICAgICAgIGF1dGhlbnRp Y2F0ZWQgc3RhdGUgKGUuZy4gc2Vzc2lvbiBjb29raWUsIEhUTUw1IGxvY2FsIHN0b3JhZ2UpIE1V U1QgYmUga2VwdCBpbiBhIGxvY2F0aW9uCiAgICAgICAgICBhY2Nlc3NpYmxlIG9ubHkgdG8gdGhl IGNsaWVudCBhbmQgdGhlIHVzZXItYWdlbnQgKGkuZS4sIHByb3RlY3RlZCBieSBzYW1lLW9yaWdp biBwb2xpY3kpLgogICAgICAgIDwvdD4KICAgICAgICA8dD4KICAgICAgICAgIEEgQ1NSRiBhdHRh Y2sgYWdhaW5zdCB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIncyBhdXRob3JpemF0aW9uIGVuZHBv aW50IGNhbiByZXN1bHQgaW4gYW4KICAgICAgICAgIGF0dGFja2VyIG9idGFpbmluZyBlbmQtdXNl ciBhdXRob3JpemF0aW9uIGZvciBhIG1hbGljaW91cyBjbGllbnQgd2l0aG91dCBpbnZvbHZpbmcg b3IKICAgICAgICAgIGFsZXJ0aW5nIHRoZSBlbmQtdXNlci4KICAgICAgICA8L3Q+CiAgICAgICAg PHQ+CiAgICAgICAgICBUaGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgTVVTVCBpbXBsZW1lbnQgQ1NS RiBwcm90ZWN0aW9uIGZvciBpdHMgYXV0aG9yaXphdGlvbiBlbmRwb2ludCwKICAgICAgICAgIGFu ZCBlbnN1cmUgdGhhdCBhIG1hbGljaW91cyBjbGllbnQgY2Fubm90IG9idGFpbiBhdXRob3JpemF0 aW9uIHdpdGhvdXQgdGhlIGF3YXJlbmVzcyBhbmQKICAgICAgICAgIGV4cGxpY2l0IGNvbnNlbnQg b2YgdGhlIHJlc291cmNlIG93bmVyLgogICAgICAgIDwvdD4KICAgICAgPC9zZWN0aW9uPgoKICAg ICAgPHNlY3Rpb24gdGl0bGU9J0NsaWNramFja2luZyc+CiAgICAgICAgPHQ+CiAgICAgICAgICBJ biBhIGNsaWNramFja2luZyBhdHRhY2ssIGFuIGF0dGFja2VyIHJlZ2lzdGVycyBhIGxlZ2l0aW1h dGUgY2xpZW50IGFuZCB0aGVuIGNvbnN0cnVjdHMgYQogICAgICAgICAgbWFsaWNpb3VzIHNpdGUg aW4gd2hpY2ggaXQgbG9hZHMgdGhlIGF1dGhvcml6YXRpb24gc2VydmVyJ3MgYXV0aG9yaXphdGlv biBlbmRwb2ludCB3ZWIKICAgICAgICAgIHBhZ2UgaW4gYSB0cmFuc3BhcmVudCBpZnJhbWUgb3Zl cmxhaWQgb24gdG9wIG9mIGEgc2V0IG9mIGR1bW15IGJ1dHRvbnMgd2hpY2ggYXJlCiAgICAgICAg ICBjYXJlZnVsbHkgY29uc3RydWN0ZWQgdG8gYmUgcGxhY2VkIGRpcmVjdGx5IHVuZGVyIGltcG9y dGFudCBidXR0b25zIG9uIHRoZSBhdXRob3JpemF0aW9uCiAgICAgICAgICBwYWdlLiBXaGVuIGFu IGVuZC11c2VyIGNsaWNrcyBhIG1pc2xlYWRpbmcgdmlzaWJsZSBidXR0b24sIHRoZSBlbmQtdXNl ciBpcyBhY3R1YWxseQogICAgICAgICAgY2xpY2tpbmcgYW4gaW52aXNpYmxlIGJ1dHRvbiBvbiB0 aGUgYXV0aG9yaXphdGlvbiBwYWdlIChzdWNoIGFzIGFuICJBdXRob3JpemUiIGJ1dHRvbikuCiAg ICAgICAgICBUaGlzIGFsbG93cyBhbiBhdHRhY2tlciB0byB0cmljayBhIHJlc291cmNlIG93bmVy IGludG8gZ3JhbnRpbmcgaXRzIGNsaWVudCBhY2Nlc3Mgd2l0aG91dAogICAgICAgICAgdGhlaXIg a25vd2xlZGdlLgogICAgICAgIDwvdD4KICAgICAgICA8dD4KICAgICAgICAgIFRvIHByZXZlbnQg dGhpcyBmb3JtIG9mIGF0dGFjaywgbmF0aXZlIGFwcGxpY2F0aW9ucyBTSE9VTEQgdXNlIGV4dGVy bmFsIGJyb3dzZXJzIGluc3RlYWQKICAgICAgICAgIG9mIGVtYmVkZGluZyBicm93c2VycyB3aXRo aW4gdGhlIGFwcGxpY2F0aW9uIHdoZW4gcmVxdWVzdGluZyBlbmQtdXNlciBhdXRob3JpemF0aW9u LiBGb3IKICAgICAgICAgIG1vc3QgbmV3ZXIgYnJvd3NlcnMsIGF2b2lkYW5jZSBvZiBpZnJhbWVz IGNhbiBiZSBlbmZvcmNlZCBieSB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIKICAgICAgICAgIHVz aW5nIHRoZSAobm9uLXN0YW5kYXJkKSA8c3Bhbnggc3R5bGU9J3ZlcmInPngtZnJhbWUtb3B0aW9u czwvc3Bhbng+IGhlYWRlci4gVGhpcyBoZWFkZXIKICAgICAgICAgIGNhbiBoYXZlIHR3byB2YWx1 ZXMsIDxzcGFueCBzdHlsZT0ndmVyYic+ZGVueTwvc3Bhbng+IGFuZAogICAgICAgICAgPHNwYW54 IHN0eWxlPSd2ZXJiJz5zYW1lb3JpZ2luPC9zcGFueD4sIHdoaWNoIHdpbGwgYmxvY2sgYW55IGZy YW1pbmcsIG9yIGZyYW1pbmcgYnkgc2l0ZXMKICAgICAgICAgIHdpdGggYSBkaWZmZXJlbnQgb3Jp Z2luLCByZXNwZWN0aXZlbHkuIEZvciBvbGRlciBicm93c2VycywgSmF2YVNjcmlwdCBmcmFtZWJ1 c3RpbmcKICAgICAgICAgIHRlY2huaXF1ZXMgY2FuIGJlIHVzZWQgYnV0IG1heSBub3QgYmUgZWZm ZWN0aXZlIGluIGFsbCBicm93c2Vycy4KICAgICAgICA8L3Q+CiAgICAgIDwvc2VjdGlvbj4KCiAg ICAgIDxzZWN0aW9uIHRpdGxlPSdDb2RlIEluamVjdGlvbiBhbmQgSW5wdXQgVmFsaWRhdGlvbic+ CiAgICAgICAgPHQ+CiAgICAgICAgICBBIGNvZGUgaW5qZWN0aW9uIGF0dGFjayBvY2N1cnMgd2hl biBhbiBpbnB1dCBvciBvdGhlcndpc2UgZXh0ZXJuYWwgdmFyaWFibGUgaXMgdXNlZCBieSBhbgog ICAgICAgICAgYXBwbGljYXRpb24gdW5zYW5pdGl6ZWQgYW5kIGNhdXNlcyBtb2RpZmljYXRpb24g dG8gdGhlIGFwcGxpY2F0aW9uIGxvZ2ljLiBUaGlzIG1heSBhbGxvdwogICAgICAgICAgYW4gYXR0 YWNrZXIgdG8gZ2FpbiBhY2Nlc3MgdG8gdGhlIGFwcGxpY2F0aW9uIGRldmljZSBvciBpdHMgZGF0 YSwgY2F1c2UgZGVuaWFsIG9mCiAgICAgICAgICBzZXJ2aWNlLCBvciBhIHdpZGUgcmFuZ2Ugb2Yg bWFsaWNpb3VzIHNpZGUtZWZmZWN0cy4KICAgICAgICA8L3Q+CiAgICAgICAgPHQ+CiAgICAgICAg ICBUaGUgQXV0aG9yaXphdGlvbiBzZXJ2ZXIgYW5kIGNsaWVudCBNVVNUIHNhbml0aXplIChhbmQg dmFsaWRhdGUgd2hlbiBwb3NzaWJsZSkgYW55IHZhbHVlCiAgICAgICAgICByZWNlaXZlZCwgaW4g cGFydGljdWxhciwgdGhlIHZhbHVlIG9mIHRoZSA8c3Bhbnggc3R5bGU9J3ZlcmInPnN0YXRlPC9z cGFueD4gYW5kCiAgICAgICAgICA8c3Bhbnggc3R5bGU9J3ZlcmInPnJlZGlyZWN0X3VyaTwvc3Bh bng+IHBhcmFtZXRlcnMuCiAgICAgICAgPC90PgogICAgICA8L3NlY3Rpb24+CgogICAgICA8c2Vj dGlvbiB0aXRsZT0nT3BlbiBSZWRpcmVjdG9ycycgYW5jaG9yPSdvcGVuLXJlZGlyZWN0Jz4KICAg ICAgICA8dD4KICAgICAgICAgIFRoZSBhdXRob3JpemF0aW9uIHNlcnZlciBhdXRob3JpemF0aW9u IGVuZHBvaW50IGFuZCB0aGUgY2xpZW50IHJlZGlyZWN0aW9uIGVuZHBvaW50IGNhbgogICAgICAg ICAgYmUgaW1wcm9wZXJseSBjb25maWd1cmVkIGFuZCBvcGVyYXRlIGFzIG9wZW4gcmVkaXJlY3Rv cnMuIEFuIG9wZW4gcmVkaXJlY3RvciBpcyBhbgogICAgICAgICAgZW5kcG9pbnQgdXNpbmcgYSBw YXJhbWV0ZXIgdG8gYXV0b21hdGljYWxseSByZWRpcmVjdCBhIHVzZXItYWdlbnQgdG8gdGhlIGxv Y2F0aW9uCiAgICAgICAgICBzcGVjaWZpZWQgYnkgdGhlIHBhcmFtZXRlciB2YWx1ZSB3aXRob3V0 IGFueSB2YWxpZGF0aW9uLgogICAgICAgIDwvdD4KICAgICAgICA8dD4KICAgICAgICAgIE9wZW4g cmVkaXJlY3RvcnMgY2FuIGJlIHVzZWQgaW4gcGhpc2hpbmcgYXR0YWNrcywgb3IgYnkgYW4gYXR0 YWNrZXIgdG8gZ2V0IGVuZC11c2VycyB0bwogICAgICAgICAgdmlzaXQgbWFsaWNpb3VzIHNpdGVz IGJ5IG1ha2luZyB0aGUgVVJJJ3MgYXV0aG9yaXR5IGxvb2sgbGlrZSBhIGZhbWlsaWFyIGFuZCB0 cnVzdGVkCiAgICAgICAgICBkZXN0aW5hdGlvbi4gSW4gYWRkaXRpb24sIGlmIHRoZSBhdXRob3Jp emF0aW9uIHNlcnZlciBhbGxvd3MgdGhlIGNsaWVudCB0byByZWdpc3RlciBvbmx5CiAgICAgICAg ICBwYXJ0IG9mIHRoZSByZWRpcmVjdGlvbiBVUkksIGFuIGF0dGFja2VyIGNhbiB1c2UgYW4gb3Bl biByZWRpcmVjdG9yIG9wZXJhdGVkIGJ5IHRoZQogICAgICAgICAgY2xpZW50IHRvIGNvbnN0cnVj dCBhIHJlZGlyZWN0aW9uIFVSSSB0aGF0IHdpbGwgcGFzcyB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2 ZXIgdmFsaWRhdGlvbgogICAgICAgICAgYnV0IHdpbGwgc2VuZCB0aGUgYXV0aG9yaXphdGlvbiBj b2RlIG9yIGFjY2VzcyB0b2tlbiB0byBhbiBlbmRwb2ludCB1bmRlciB0aGUgY29udHJvbCBvZgog ICAgICAgICAgdGhlIGF0dGFja2VyLgogICAgICAgIDwvdD4KICAgICAgPC9zZWN0aW9uPgoKICAg ICAgPHNlY3Rpb24gdGl0bGU9J01pc3VzZSBvZiBBY2Nlc3MgVG9rZW4gdG8gSW1wZXJzb25hdGUg UmVzb3VyY2UgT3duZXIgYXQgUHVibGljIENsaWVudCc+Cgk8dD4KCSAgRm9yIHB1YmxpYyBjbGll bnRzIHVzaW5nIGltcGxpY2l0IGZsb3dzLCB0aGlzIHNwZWNpZmljYXRpb24gZG9lcyBub3QgcHJv dmlkZSBhbnkKCSAgbWV0aG9kIGZvciB0aGUgY2xpZW50IHRvIGRldGVybWluZSB3aGF0IGNsaWVu dCBhbiBhY2Nlc3MgdG9rZW4gd2FzIGlzc3VlZCB0by4KCTwvdD4KCTx0PgoJICBBIFJlc291cmNl IE93bmVyIG1heSB3aWxsaW5nbHkgZGVsZWdhdGUgYWNjZXNzIHRvIGEgcmVzb3VyY2UgYnkgZ3Jh bnRpbmcgYW4gYWNjZXNzIHRva2VuCiAgICAgICAgICB0byBhbiBhdHRhY2tlcidzIG1hbGljaW91 cyBjbGllbnQuICBUaGlzIG1heSBiZSBkdWUgdG8gUGhpc2hpbmcgb3Igc29tZSBvdGhlciBwcmV0 ZXh0LgoJICBBbiBhdHRhY2tlciBtYXkgYWxzbyBzdGVhbCBhIHRva2VuIHZpYSBzb21lIG90aGVy IG1lY2hhbmlzbS4gICAKCSAgQW4gYXR0YWNrZXIgbWF5IHRoZW4gYXR0ZW1wdCB0byBpbXBlcnNv bmF0ZSB0aGUgcmVzb3VyY2Ugb3duZXIgYnkgcHJvdmlkaW5nIHRoZSAKCSAgYWNjZXNzIHRva2Vu IHRvIGEgbGVnaXRpbWF0ZSBwdWJsaWMgY2xpZW50LgoJPC90PgoJPHQ+CgkgIEluIHRoZSBpbXBs aWNpdCBmbG93IChyZXNwb25zZV90eXBlPXRva2VuKSwgdGhlIGF0dGFja2VyIGNhbiBlYXNpbHkg c3dpdGNoIHRoZSB0b2tlbgoJICBpbiB0aGUgcmVzcG9uc2UgZnJvbSB0aGUgYXV0aG9yaXphdGlv biBzZXJ2ZXIsCgkgIHJlcGxhY2luZyB0aGUgcmVhbCBhY2Nlc3NfdG9rZW4gd2l0aCB0aGUgb25l IHByZXZpb3VzbHkgaXNzdWVkIHRvIHRoZSBhdHRhY2tlci4KCTwvdD4KCTx0PgoJICBTZXJ2ZXJz IGNvbW11bmljYXRpbmcgd2l0aCBuYXRpdmUgYXBwbGljYXRpb25zIHRoYXQgcmVseSBvbiBiZWlu ZyBwYXNzZWQKCSAgYW4gYWNjZXNzIHRva2VuIGluIHRoZSBiYWNrIGNoYW5uZWwgdG8gaWRlbnRp ZnkgdGhlIHVzZXIgb2YgdGhlIGNsaWVudCBtYXkgCgkgIGJlIHNpbWlsYXJseSBjb21wcm9taXNl ZCBieSBhbiBhdHRhY2tlciBjcmVhdGluZyBhIGNvbXByb21pc2VkIGFwcGxpY2F0aW9uCgkgIHRo YXQgY2FuIGluamVjdCBhcmJpdHJhcnkgc3RvbGVuIGFjY2VzcyB0b2tlbnMuCgk8L3Q+CiAgICAg ICAgPHQ+CgkgIEFueSBwdWJsaWMgY2xpZW50IHRoYXQgbWFrZXMgdGhlIGFzc3VtcHRpb24gdGhh dCBvbmx5IHRoZSByZXNvdXJjZSBvd25lcgoJICBjYW4gcHJlc2VudCB0aGVtIHdpdGggYSB2YWxp ZCBhY2Nlc3MgdG9rZW4gZm9yIHRoZSByZXNvdXJjZQoJICBpcyB2dWxuZXJhYmxlIHRvIHRoaXMg YXR0YWNrLgogICAgICAgIDwvdD4KCTx0PgoJICBUaGlzIGF0dGFjayBtYXkgZXhwb3NlIGluZm9y bWF0aW9uIGFib3V0IHRoZSByZXNvdXJjZSBvd25lcgoJICBhdCB0aGUgbGVnaXRpbWF0ZSBjbGll bnQgdG8gdGhlIGF0dGFja2VyIChtYWxpY2lvdXMgY2xpZW50KS4KCSAgVGhpcyB3aWxsIGFsc28g YWxsb3cgdGhlIGF0dGFja2VyIHRvIHBlcmZvcm0gb3BlcmF0aW9ucwoJICBhdCB0aGUgbGVnaXRp bWF0ZSBjbGllbnQgd2l0aCB0aGUgc2FtZSBwZXJtaXNzaW9ucyBhcyB0aGUgcmVzb3VyY2Ugb3du ZXIKCSAgd2hvIG9yaWdpbmFsbHkgZ3JhbnRlZCB0aGUgYWNjZXNzIHRva2VuIG9yIGF1dGhvcml6 YXRpb24gY29kZS4KCTwvdD4KCTx0PgoJICBBdXRoZW50aWNhdGluZyBSZXNvdXJjZSBPd25lcnMg dG8gY2xpZW50cyBpcyBvdXQgb2Ygc2NvcGUgZm9yIHRoaXMgc3BlY2lmaWNhdGlvbi4KCSAgQW55 IHNwZWNpZmljYXRpb24gdGhhdCB1c2VzIHRoZSBhdXRob3JpemF0aW9uIHByb2Nlc3MgYXMgYSBm b3JtIG9mCgkgIGRlbGVnYXRlZCBlbmQtdXNlciBhdXRoZW50aWNhdGlvbiB0byB0aGUgY2xpZW50 IChlLmcuIHRoaXJkLXBhcnR5IHNpZ24taW4gc2VydmljZSkKCSAgTVVTVCBOT1QgdXNlIHRoZSBp bXBsaWNpdCBmbG93IHdpdGhvdXQgYWRkaXRpb25hbCBzZWN1cml0eSBtZWNoYW5pc21zCgkgIHN1 Y2ggYXMgYXVkaWVuY2UgcmVzdHJpY3RpbmcgdGhlIGFjY2VzcyB0b2tlbgoJICB0aGF0IGVuYWJs ZSB0aGUgY2xpZW50IHRvIGRldGVybWluZSBpZiB0aGUgYWNjZXNzIHRva2VuIHdhcyBpc3N1ZWQg Zm9yIGl0cyB1c2UuCgk8L3Q+CiAgICAgIDwvc2VjdGlvbj4KCiAgICA8L3NlY3Rpb24+CgogICAg PHNlY3Rpb24gdGl0bGU9J0lBTkEgQ29uc2lkZXJhdGlvbnMnPgoKICAgICAgPHNlY3Rpb24gdGl0 bGU9J1RoZSBPQXV0aCBBY2Nlc3MgVG9rZW4gVHlwZSBSZWdpc3RyeScgYW5jaG9yPSd0eXBlLXJl Z2lzdHJ5Jz4KICAgICAgICA8dD4KICAgICAgICAgIFRoaXMgc3BlY2lmaWNhdGlvbiBlc3RhYmxp c2hlcyB0aGUgT0F1dGggYWNjZXNzIHRva2VuIHR5cGUgcmVnaXN0cnkuCiAgICAgICAgPC90Pgog ICAgICAgIDx0PgogICAgICAgICAgQWNjZXNzIHRva2VuIHR5cGVzIGFyZSByZWdpc3RlcmVkIHdp dGggYSBTcGVjaWZpY2F0aW9uIFJlcXVpcmVkCiAgICAgICAgICAoPHhyZWYgdGFyZ2V0PSdSRkM1 MjI2JyAvPikgYWZ0ZXIgYSB0d28gd2VlayByZXZpZXcgcGVyaW9kIG9uIHRoZSBbVEJEXUBpZXRm Lm9yZyBtYWlsaW5nCiAgICAgICAgICBsaXN0LCBvbiB0aGUgYWR2aWNlIG9mIG9uZSBvciBtb3Jl IERlc2lnbmF0ZWQgRXhwZXJ0cy4gSG93ZXZlciwgdG8gYWxsb3cgZm9yIHRoZQogICAgICAgICAg YWxsb2NhdGlvbiBvZiB2YWx1ZXMgcHJpb3IgdG8gcHVibGljYXRpb24sIHRoZSBEZXNpZ25hdGVk IEV4cGVydChzKSBtYXkgYXBwcm92ZQogICAgICAgICAgcmVnaXN0cmF0aW9uIG9uY2UgdGhleSBh cmUgc2F0aXNmaWVkIHRoYXQgc3VjaCBhIHNwZWNpZmljYXRpb24gd2lsbCBiZSBwdWJsaXNoZWQu CiAgICAgICAgPC90PgogICAgICAgIDx0PgogICAgICAgICAgUmVnaXN0cmF0aW9uIHJlcXVlc3Rz IG11c3QgYmUgc2VudCB0byB0aGUgW1RCRF1AaWV0Zi5vcmcgbWFpbGluZyBsaXN0IGZvciByZXZp ZXcgYW5kCiAgICAgICAgICBjb21tZW50LCB3aXRoIGFuIGFwcHJvcHJpYXRlIHN1YmplY3QgKGUu Zy4sICJSZXF1ZXN0IGZvciBhY2Nlc3MgdG9rZW4gdHlwZTogZXhhbXBsZSIpLgogICAgICAgICAg W1sgTm90ZSB0byBSRkMtRURJVE9SOiBUaGUgbmFtZSBvZiB0aGUgbWFpbGluZyBsaXN0IHNob3Vs ZCBiZSBkZXRlcm1pbmVkIGluIGNvbnN1bHRhdGlvbgogICAgICAgICAgd2l0aCB0aGUgSUVTRyBh bmQgSUFOQS4gU3VnZ2VzdGVkIG5hbWU6IG9hdXRoLWV4dC1yZXZpZXcuIF1dCiAgICAgICAgPC90 PgogICAgICAgIDx0PgogICAgICAgICAgV2l0aGluIHRoZSByZXZpZXcgcGVyaW9kLCB0aGUgRGVz aWduYXRlZCBFeHBlcnQocykgd2lsbCBlaXRoZXIgYXBwcm92ZSBvcgogICAgICAgICAgZGVueSB0 aGUgcmVnaXN0cmF0aW9uIHJlcXVlc3QsIGNvbW11bmljYXRpbmcgdGhpcyBkZWNpc2lvbiB0byB0 aGUgcmV2aWV3IGxpc3QgYW5kIElBTkEuCiAgICAgICAgICBEZW5pYWxzIHNob3VsZCBpbmNsdWRl IGFuIGV4cGxhbmF0aW9uIGFuZCwgaWYgYXBwbGljYWJsZSwgc3VnZ2VzdGlvbnMgYXMgdG8gaG93 IHRvIG1ha2UKICAgICAgICAgIHRoZSByZXF1ZXN0IHN1Y2Nlc3NmdWwuCiAgICAgICAgPC90Pgog ICAgICAgIDx0PgogICAgICAgICAgSUFOQSBtdXN0IG9ubHkgYWNjZXB0IHJlZ2lzdHJ5IHVwZGF0 ZXMgZnJvbSB0aGUgRGVzaWduYXRlZCBFeHBlcnQocyksIGFuZCBzaG91bGQgZGlyZWN0CiAgICAg ICAgICBhbGwgcmVxdWVzdHMgZm9yIHJlZ2lzdHJhdGlvbiB0byB0aGUgcmV2aWV3IG1haWxpbmcg bGlzdC4KICAgICAgICA8L3Q+CgogICAgICAgIDxzZWN0aW9uIHRpdGxlPSdSZWdpc3RyYXRpb24g VGVtcGxhdGUnPgogICAgICAgICAgPHQ+CiAgICAgICAgICAgIDxsaXN0IHN0eWxlPSdoYW5naW5n Jz4KICAgICAgICAgICAgICA8dCBoYW5nVGV4dD0nVHlwZSBuYW1lOic+CiAgICAgICAgICAgICAg ICA8dnNwYWNlIC8+CiAgICAgICAgICAgICAgICBUaGUgbmFtZSByZXF1ZXN0ZWQgKGUuZy4sICJl eGFtcGxlIikuCiAgICAgICAgICAgICAgPC90PgogICAgICAgICAgICAgIDx0IGhhbmdUZXh0PSdB ZGRpdGlvbmFsIFRva2VuIEVuZHBvaW50IFJlc3BvbnNlIFBhcmFtZXRlcnM6Jz4KICAgICAgICAg ICAgICAgIDx2c3BhY2UgLz4KICAgICAgICAgICAgICAgIEFkZGl0aW9uYWwgcmVzcG9uc2UgcGFy YW1ldGVycyByZXR1cm5lZCB0b2dldGhlciB3aXRoIHRoZQogICAgICAgICAgICAgICAgPHNwYW54 IHN0eWxlPSd2ZXJiJz5hY2Nlc3NfdG9rZW48L3NwYW54PiBwYXJhbWV0ZXIuIE5ldyBwYXJhbWV0 ZXJzIE1VU1QgYmUKICAgICAgICAgICAgICAgIHNlcGFyYXRlbHkgcmVnaXN0ZXJlZCBpbiB0aGUg T0F1dGggcGFyYW1ldGVycyByZWdpc3RyeSBhcyBkZXNjcmliZWQgYnkKICAgICAgICAgICAgICAg IDx4cmVmIHRhcmdldD0ncGFyYW1ldGVycy1yZWdpc3RyeScgLz4uCiAgICAgICAgICAgICAgPC90 PgogICAgICAgICAgICAgIDx0IGhhbmdUZXh0PSdIVFRQIEF1dGhlbnRpY2F0aW9uIFNjaGVtZShz KTonPgogICAgICAgICAgICAgICAgPHZzcGFjZSAvPgogICAgICAgICAgICAgICAgVGhlIEhUVFAg YXV0aGVudGljYXRpb24gc2NoZW1lIG5hbWUocyksIGlmIGFueSwgdXNlZCB0byBhdXRoZW50aWNh dGUgcHJvdGVjdGVkCiAgICAgICAgICAgICAgICByZXNvdXJjZXMgcmVxdWVzdHMgdXNpbmcgYWNj ZXNzIHRva2VucyBvZiB0aGlzIHR5cGUuCiAgICAgICAgICAgICAgPC90PgogICAgICAgICAgICAg IDx0IGhhbmdUZXh0PSdDaGFuZ2UgY29udHJvbGxlcjonPgogICAgICAgICAgICAgICAgPHZzcGFj ZSAvPgogICAgICAgICAgICAgICAgRm9yIHN0YW5kYXJkcy10cmFjayBSRkNzLCBzdGF0ZSAiSUVU RiIuIEZvciBvdGhlcnMsIGdpdmUgdGhlIG5hbWUgb2YgdGhlCiAgICAgICAgICAgICAgICByZXNw b25zaWJsZSBwYXJ0eS4gT3RoZXIgZGV0YWlscyAoZS5nLiwgcG9zdGFsIGFkZHJlc3MsIGUtbWFp bCBhZGRyZXNzLCBob21lIHBhZ2UKICAgICAgICAgICAgICAgIFVSSSkgbWF5IGFsc28gYmUgaW5j bHVkZWQuCiAgICAgICAgICAgICAgPC90PgogICAgICAgICAgICAgIDx0IGhhbmdUZXh0PSdTcGVj aWZpY2F0aW9uIGRvY3VtZW50KHMpOic+CiAgICAgICAgICAgICAgICA8dnNwYWNlIC8+CiAgICAg ICAgICAgICAgICBSZWZlcmVuY2UgdG8gdGhlIGRvY3VtZW50IHRoYXQgc3BlY2lmaWVzIHRoZSBw YXJhbWV0ZXIsIHByZWZlcmFibHkgaW5jbHVkaW5nIGEgVVJJIHRoYXQKICAgICAgICAgICAgICAg IGNhbiBiZSB1c2VkIHRvIHJldHJpZXZlIGEgY29weSBvZiB0aGUgZG9jdW1lbnQuIEFuIGluZGlj YXRpb24gb2YgdGhlIHJlbGV2YW50CiAgICAgICAgICAgICAgICBzZWN0aW9ucyBtYXkgYWxzbyBi ZSBpbmNsdWRlZCwgYnV0IGlzIG5vdCByZXF1aXJlZC4KICAgICAgICAgICAgICA8L3Q+CiAgICAg ICAgICAgIDwvbGlzdD4KICAgICAgICAgIDwvdD4KICAgICAgICA8L3NlY3Rpb24+CgogICAgICA8 L3NlY3Rpb24+CgogICAgICA8c2VjdGlvbiB0aXRsZT0nVGhlIE9BdXRoIFBhcmFtZXRlcnMgUmVn aXN0cnknIGFuY2hvcj0ncGFyYW1ldGVycy1yZWdpc3RyeSc+CiAgICAgICAgPHQ+CiAgICAgICAg ICBUaGlzIHNwZWNpZmljYXRpb24gZXN0YWJsaXNoZXMgdGhlIE9BdXRoIHBhcmFtZXRlcnMgcmVn aXN0cnkuCiAgICAgICAgPC90PgogICAgICAgIDx0PgogICAgICAgICAgQWRkaXRpb25hbCBwYXJh bWV0ZXJzIGZvciBpbmNsdXNpb24gaW4gdGhlIGF1dGhvcml6YXRpb24gZW5kcG9pbnQgcmVxdWVz dCwgdGhlCiAgICAgICAgICBhdXRob3JpemF0aW9uIGVuZHBvaW50IHJlc3BvbnNlLCB0aGUgdG9r ZW4gZW5kcG9pbnQgcmVxdWVzdCwgb3IgdGhlIHRva2VuIGVuZHBvaW50CiAgICAgICAgICByZXNw b25zZSBhcmUgcmVnaXN0ZXJlZCB3aXRoIGEgU3BlY2lmaWNhdGlvbiBSZXF1aXJlZAogICAgICAg ICAgKDx4cmVmIHRhcmdldD0nUkZDNTIyNicgLz4pIGFmdGVyIGEgdHdvIHdlZWsgcmV2aWV3IHBl cmlvZCBvbiB0aGUgW1RCRF1AaWV0Zi5vcmcgbWFpbGluZwogICAgICAgICAgbGlzdCwgb24gdGhl IGFkdmljZSBvZiBvbmUgb3IgbW9yZSBEZXNpZ25hdGVkIEV4cGVydHMuIEhvd2V2ZXIsIHRvIGFs bG93IGZvciB0aGUKICAgICAgICAgIGFsbG9jYXRpb24gb2YgdmFsdWVzIHByaW9yIHRvIHB1Ymxp Y2F0aW9uLCB0aGUgRGVzaWduYXRlZCBFeHBlcnQocykgbWF5IGFwcHJvdmUKICAgICAgICAgIHJl Z2lzdHJhdGlvbiBvbmNlIHRoZXkgYXJlIHNhdGlzZmllZCB0aGF0IHN1Y2ggYSBzcGVjaWZpY2F0 aW9uIHdpbGwgYmUgcHVibGlzaGVkLgogICAgICAgIDwvdD4KICAgICAgICA8dD4KICAgICAgICAg IFJlZ2lzdHJhdGlvbiByZXF1ZXN0cyBtdXN0IGJlIHNlbnQgdG8gdGhlIFtUQkRdQGlldGYub3Jn IG1haWxpbmcgbGlzdCBmb3IgcmV2aWV3IGFuZAogICAgICAgICAgY29tbWVudCwgd2l0aCBhbiBh cHByb3ByaWF0ZSBzdWJqZWN0IChlLmcuLCAiUmVxdWVzdCBmb3IgcGFyYW1ldGVyOiBleGFtcGxl IikuCiAgICAgICAgICBbWyBOb3RlIHRvIFJGQy1FRElUT1I6IFRoZSBuYW1lIG9mIHRoZSBtYWls aW5nIGxpc3Qgc2hvdWxkIGJlIGRldGVybWluZWQgaW4gY29uc3VsdGF0aW9uCiAgICAgICAgICB3 aXRoIHRoZSBJRVNHIGFuZCBJQU5BLiBTdWdnZXN0ZWQgbmFtZTogb2F1dGgtZXh0LXJldmlldy4g XV0KICAgICAgICA8L3Q+CiAgICAgICAgPHQ+CiAgICAgICAgICBXaXRoaW4gdGhlIHJldmlldyBw ZXJpb2QsIHRoZSBEZXNpZ25hdGVkIEV4cGVydChzKSB3aWxsIGVpdGhlciBhcHByb3ZlIG9yCiAg ICAgICAgICBkZW55IHRoZSByZWdpc3RyYXRpb24gcmVxdWVzdCwgY29tbXVuaWNhdGluZyB0aGlz IGRlY2lzaW9uIHRvIHRoZSByZXZpZXcgbGlzdCBhbmQgSUFOQS4KICAgICAgICAgIERlbmlhbHMg c2hvdWxkIGluY2x1ZGUgYW4gZXhwbGFuYXRpb24gYW5kLCBpZiBhcHBsaWNhYmxlLCBzdWdnZXN0 aW9ucyBhcyB0byBob3cgdG8gbWFrZQogICAgICAgICAgdGhlIHJlcXVlc3Qgc3VjY2Vzc2Z1bC4K ICAgICAgICA8L3Q+CiAgICAgICAgPHQ+CiAgICAgICAgICBJQU5BIG11c3Qgb25seSBhY2NlcHQg cmVnaXN0cnkgdXBkYXRlcyBmcm9tIHRoZSBEZXNpZ25hdGVkIEV4cGVydChzKSwgYW5kIHNob3Vs ZCBkaXJlY3QKICAgICAgICAgIGFsbCByZXF1ZXN0cyBmb3IgcmVnaXN0cmF0aW9uIHRvIHRoZSBy ZXZpZXcgbWFpbGluZyBsaXN0LgogICAgICAgIDwvdD4KCiAgICAgICAgPHNlY3Rpb24gdGl0bGU9 J1JlZ2lzdHJhdGlvbiBUZW1wbGF0ZSc+CiAgICAgICAgICA8dD4KICAgICAgICAgICAgPGxpc3Qg c3R5bGU9J2hhbmdpbmcnPgogICAgICAgICAgICAgIDx0IGhhbmdUZXh0PSdQYXJhbWV0ZXIgbmFt ZTonPgogICAgICAgICAgICAgICAgPHZzcGFjZSAvPgogICAgICAgICAgICAgICAgVGhlIG5hbWUg cmVxdWVzdGVkIChlLmcuLCAiZXhhbXBsZSIpLgogICAgICAgICAgICAgIDwvdD4KICAgICAgICAg ICAgICA8dCBoYW5nVGV4dD0nUGFyYW1ldGVyIHVzYWdlIGxvY2F0aW9uOic+CiAgICAgICAgICAg ICAgICA8dnNwYWNlIC8+CiAgICAgICAgICAgICAgICBUaGUgbG9jYXRpb24ocykgd2hlcmUgcGFy YW1ldGVyIGNhbiBiZSB1c2VkLiBUaGUgcG9zc2libGUgbG9jYXRpb25zIGFyZToKICAgICAgICAg ICAgICAgIGF1dGhvcml6YXRpb24gcmVxdWVzdCwgYXV0aG9yaXphdGlvbiByZXNwb25zZSwgdG9r ZW4gcmVxdWVzdCwgb3IgdG9rZW4gcmVzcG9uc2UuCiAgICAgICAgICAgICAgPC90PgogICAgICAg ICAgICAgIDx0IGhhbmdUZXh0PSdDaGFuZ2UgY29udHJvbGxlcjonPgogICAgICAgICAgICAgICAg PHZzcGFjZSAvPgogICAgICAgICAgICAgICAgRm9yIHN0YW5kYXJkcy10cmFjayBSRkNzLCBzdGF0 ZSAiSUVURiIuIEZvciBvdGhlcnMsIGdpdmUgdGhlIG5hbWUgb2YgdGhlCiAgICAgICAgICAgICAg ICByZXNwb25zaWJsZSBwYXJ0eS4gT3RoZXIgZGV0YWlscyAoZS5nLiwgcG9zdGFsIGFkZHJlc3Ms IGUtbWFpbCBhZGRyZXNzLCBob21lIHBhZ2UKICAgICAgICAgICAgICAgIFVSSSkgbWF5IGFsc28g YmUgaW5jbHVkZWQuCiAgICAgICAgICAgICAgPC90PgogICAgICAgICAgICAgIDx0IGhhbmdUZXh0 PSdTcGVjaWZpY2F0aW9uIGRvY3VtZW50KHMpOic+CiAgICAgICAgICAgICAgICA8dnNwYWNlIC8+ CiAgICAgICAgICAgICAgICBSZWZlcmVuY2UgdG8gdGhlIGRvY3VtZW50IHRoYXQgc3BlY2lmaWVz IHRoZSBwYXJhbWV0ZXIsIHByZWZlcmFibHkgaW5jbHVkaW5nIGEgVVJJIHRoYXQKICAgICAgICAg ICAgICAgIGNhbiBiZSB1c2VkIHRvIHJldHJpZXZlIGEgY29weSBvZiB0aGUgZG9jdW1lbnQuIEFu IGluZGljYXRpb24gb2YgdGhlIHJlbGV2YW50CiAgICAgICAgICAgICAgICBzZWN0aW9ucyBtYXkg YWxzbyBiZSBpbmNsdWRlZCwgYnV0IGlzIG5vdCByZXF1aXJlZC4KICAgICAgICAgICAgICA8L3Q+ CiAgICAgICAgICAgIDwvbGlzdD4KICAgICAgICAgIDwvdD4KICAgICAgICA8L3NlY3Rpb24+Cgog ICAgICAgIDxzZWN0aW9uIHRpdGxlPSdJbml0aWFsIFJlZ2lzdHJ5IENvbnRlbnRzJz4KICAgICAg ICAgIDx0PgogICAgICAgICAgICBUaGUgT0F1dGggUGFyYW1ldGVycyBSZWdpc3RyeSdzIGluaXRp YWwgY29udGVudHMgYXJlOgogICAgICAgICAgPC90PgogICAgICAgICAgPHQ+CiAgICAgICAgICAg IDxsaXN0IHN0eWxlPSdzeW1ib2xzJz4KICAgICAgICAgICAgICA8dD4KICAgICAgICAgICAgICAg IFBhcmFtZXRlciBuYW1lOiBjbGllbnRfaWQKICAgICAgICAgICAgICA8L3Q+CiAgICAgICAgICAg ICAgPHQ+CiAgICAgICAgICAgICAgICBQYXJhbWV0ZXIgdXNhZ2UgbG9jYXRpb246IGF1dGhvcml6 YXRpb24gcmVxdWVzdCwgdG9rZW4gcmVxdWVzdAogICAgICAgICAgICAgIDwvdD4KICAgICAgICAg ICAgICA8dD4KICAgICAgICAgICAgICAgIENoYW5nZSBjb250cm9sbGVyOiBJRVRGCiAgICAgICAg ICAgICAgPC90PgogICAgICAgICAgICAgIDx0PgogICAgICAgICAgICAgICAgU3BlY2lmaWNhdGlv biBkb2N1bWVudChzKTogW1sgdGhpcyBkb2N1bWVudCBdXQogICAgICAgICAgICAgIDwvdD4KICAg ICAgICAgICAgPC9saXN0PgogICAgICAgICAgPC90PgogICAgICAgICAgPHQ+CiAgICAgICAgICAg IDxsaXN0IHN0eWxlPSdzeW1ib2xzJz4KICAgICAgICAgICAgICA8dD4KICAgICAgICAgICAgICAg IFBhcmFtZXRlciBuYW1lOiBjbGllbnRfc2VjcmV0CiAgICAgICAgICAgICAgPC90PgogICAgICAg ICAgICAgIDx0PgogICAgICAgICAgICAgICAgUGFyYW1ldGVyIHVzYWdlIGxvY2F0aW9uOiB0b2tl biByZXF1ZXN0CiAgICAgICAgICAgICAgPC90PgogICAgICAgICAgICAgIDx0PgogICAgICAgICAg ICAgICAgQ2hhbmdlIGNvbnRyb2xsZXI6IElFVEYKICAgICAgICAgICAgICA8L3Q+CiAgICAgICAg ICAgICAgPHQ+CiAgICAgICAgICAgICAgICBTcGVjaWZpY2F0aW9uIGRvY3VtZW50KHMpOiBbWyB0 aGlzIGRvY3VtZW50IF1dCiAgICAgICAgICAgICAgPC90PgogICAgICAgICAgICA8L2xpc3Q+CiAg ICAgICAgICA8L3Q+CiAgICAgICAgICA8dD4KICAgICAgICAgICAgPGxpc3Qgc3R5bGU9J3N5bWJv bHMnPgogICAgICAgICAgICAgIDx0PgogICAgICAgICAgICAgICAgUGFyYW1ldGVyIG5hbWU6IHJl c3BvbnNlX3R5cGUKICAgICAgICAgICAgICA8L3Q+CiAgICAgICAgICAgICAgPHQ+CiAgICAgICAg ICAgICAgICBQYXJhbWV0ZXIgdXNhZ2UgbG9jYXRpb246IGF1dGhvcml6YXRpb24gcmVxdWVzdAog ICAgICAgICAgICAgIDwvdD4KICAgICAgICAgICAgICA8dD4KICAgICAgICAgICAgICAgIENoYW5n ZSBjb250cm9sbGVyOiBJRVRGCiAgICAgICAgICAgICAgPC90PgogICAgICAgICAgICAgIDx0Pgog ICAgICAgICAgICAgICAgU3BlY2lmaWNhdGlvbiBkb2N1bWVudChzKTogW1sgdGhpcyBkb2N1bWVu dCBdXQogICAgICAgICAgICAgIDwvdD4KICAgICAgICAgICAgPC9saXN0PgogICAgICAgICAgPC90 PgogICAgICAgICAgPHQ+CiAgICAgICAgICAgIDxsaXN0IHN0eWxlPSdzeW1ib2xzJz4KICAgICAg ICAgICAgICA8dD4KICAgICAgICAgICAgICAgIFBhcmFtZXRlciBuYW1lOiByZWRpcmVjdF91cmkK ICAgICAgICAgICAgICA8L3Q+CiAgICAgICAgICAgICAgPHQ+CiAgICAgICAgICAgICAgICBQYXJh bWV0ZXIgdXNhZ2UgbG9jYXRpb246IGF1dGhvcml6YXRpb24gcmVxdWVzdCwgdG9rZW4gcmVxdWVz dAogICAgICAgICAgICAgIDwvdD4KICAgICAgICAgICAgICA8dD4KICAgICAgICAgICAgICAgIENo YW5nZSBjb250cm9sbGVyOiBJRVRGCiAgICAgICAgICAgICAgPC90PgogICAgICAgICAgICAgIDx0 PgogICAgICAgICAgICAgICAgU3BlY2lmaWNhdGlvbiBkb2N1bWVudChzKTogW1sgdGhpcyBkb2N1 bWVudCBdXQogICAgICAgICAgICAgIDwvdD4KICAgICAgICAgICAgPC9saXN0PgogICAgICAgICAg PC90PgogICAgICAgICAgPHQ+CiAgICAgICAgICAgIDxsaXN0IHN0eWxlPSdzeW1ib2xzJz4KICAg ICAgICAgICAgICA8dD4KICAgICAgICAgICAgICAgIFBhcmFtZXRlciBuYW1lOiBzY29wZQogICAg ICAgICAgICAgIDwvdD4KICAgICAgICAgICAgICA8dD4KICAgICAgICAgICAgICAgIFBhcmFtZXRl ciB1c2FnZSBsb2NhdGlvbjogYXV0aG9yaXphdGlvbiByZXF1ZXN0LCBhdXRob3JpemF0aW9uIHJl c3BvbnNlLCB0b2tlbgogICAgICAgICAgICAgICAgcmVxdWVzdCwgdG9rZW4gcmVzcG9uc2UKICAg ICAgICAgICAgICA8L3Q+CiAgICAgICAgICAgICAgPHQ+CiAgICAgICAgICAgICAgICBDaGFuZ2Ug Y29udHJvbGxlcjogSUVURgogICAgICAgICAgICAgIDwvdD4KICAgICAgICAgICAgICA8dD4KICAg ICAgICAgICAgICAgIFNwZWNpZmljYXRpb24gZG9jdW1lbnQocyk6IFtbIHRoaXMgZG9jdW1lbnQg XV0KICAgICAgICAgICAgICA8L3Q+CiAgICAgICAgICAgIDwvbGlzdD4KICAgICAgICAgIDwvdD4K ICAgICAgICAgIDx0PgogICAgICAgICAgICA8bGlzdCBzdHlsZT0nc3ltYm9scyc+CiAgICAgICAg ICAgICAgPHQ+CiAgICAgICAgICAgICAgICBQYXJhbWV0ZXIgbmFtZTogc3RhdGUKICAgICAgICAg ICAgICA8L3Q+CiAgICAgICAgICAgICAgPHQ+CiAgICAgICAgICAgICAgICBQYXJhbWV0ZXIgdXNh Z2UgbG9jYXRpb246IGF1dGhvcml6YXRpb24gcmVxdWVzdCwgYXV0aG9yaXphdGlvbiByZXNwb25z ZQogICAgICAgICAgICAgIDwvdD4KICAgICAgICAgICAgICA8dD4KICAgICAgICAgICAgICAgIENo YW5nZSBjb250cm9sbGVyOiBJRVRGCiAgICAgICAgICAgICAgPC90PgogICAgICAgICAgICAgIDx0 PgogICAgICAgICAgICAgICAgU3BlY2lmaWNhdGlvbiBkb2N1bWVudChzKTogW1sgdGhpcyBkb2N1 bWVudCBdXQogICAgICAgICAgICAgIDwvdD4KICAgICAgICAgICAgPC9saXN0PgogICAgICAgICAg PC90PgogICAgICAgICAgPHQ+CiAgICAgICAgICAgIDxsaXN0IHN0eWxlPSdzeW1ib2xzJz4KICAg ICAgICAgICAgICA8dD4KICAgICAgICAgICAgICAgIFBhcmFtZXRlciBuYW1lOiBjb2RlCiAgICAg ICAgICAgICAgPC90PgogICAgICAgICAgICAgIDx0PgogICAgICAgICAgICAgICAgUGFyYW1ldGVy IHVzYWdlIGxvY2F0aW9uOiBhdXRob3JpemF0aW9uIHJlc3BvbnNlLCB0b2tlbiByZXF1ZXN0CiAg ICAgICAgICAgICAgPC90PgogICAgICAgICAgICAgIDx0PgogICAgICAgICAgICAgICAgQ2hhbmdl IGNvbnRyb2xsZXI6IElFVEYKICAgICAgICAgICAgICA8L3Q+CiAgICAgICAgICAgICAgPHQ+CiAg ICAgICAgICAgICAgICBTcGVjaWZpY2F0aW9uIGRvY3VtZW50KHMpOiBbWyB0aGlzIGRvY3VtZW50 IF1dCiAgICAgICAgICAgICAgPC90PgogICAgICAgICAgICA8L2xpc3Q+CiAgICAgICAgICA8L3Q+ CiAgICAgICAgICA8dD4KICAgICAgICAgICAgPGxpc3Qgc3R5bGU9J3N5bWJvbHMnPgogICAgICAg ICAgICAgIDx0PgogICAgICAgICAgICAgICAgUGFyYW1ldGVyIG5hbWU6IGVycm9yX2Rlc2NyaXB0 aW9uCiAgICAgICAgICAgICAgPC90PgogICAgICAgICAgICAgIDx0PgogICAgICAgICAgICAgICAg UGFyYW1ldGVyIHVzYWdlIGxvY2F0aW9uOiBhdXRob3JpemF0aW9uIHJlc3BvbnNlLCB0b2tlbiBy ZXNwb25zZQogICAgICAgICAgICAgIDwvdD4KICAgICAgICAgICAgICA8dD4KICAgICAgICAgICAg ICAgIENoYW5nZSBjb250cm9sbGVyOiBJRVRGCiAgICAgICAgICAgICAgPC90PgogICAgICAgICAg ICAgIDx0PgogICAgICAgICAgICAgICAgU3BlY2lmaWNhdGlvbiBkb2N1bWVudChzKTogW1sgdGhp cyBkb2N1bWVudCBdXQogICAgICAgICAgICAgIDwvdD4KICAgICAgICAgICAgPC9saXN0PgogICAg ICAgICAgPC90PgogICAgICAgICAgPHQ+CiAgICAgICAgICAgIDxsaXN0IHN0eWxlPSdzeW1ib2xz Jz4KICAgICAgICAgICAgICA8dD4KICAgICAgICAgICAgICAgIFBhcmFtZXRlciBuYW1lOiBlcnJv cl91cmkKICAgICAgICAgICAgICA8L3Q+CiAgICAgICAgICAgICAgPHQ+CiAgICAgICAgICAgICAg ICBQYXJhbWV0ZXIgdXNhZ2UgbG9jYXRpb246IGF1dGhvcml6YXRpb24gcmVzcG9uc2UsIHRva2Vu IHJlc3BvbnNlCiAgICAgICAgICAgICAgPC90PgogICAgICAgICAgICAgIDx0PgogICAgICAgICAg ICAgICAgQ2hhbmdlIGNvbnRyb2xsZXI6IElFVEYKICAgICAgICAgICAgICA8L3Q+CiAgICAgICAg ICAgICAgPHQ+CiAgICAgICAgICAgICAgICBTcGVjaWZpY2F0aW9uIGRvY3VtZW50KHMpOiBbWyB0 aGlzIGRvY3VtZW50IF1dCiAgICAgICAgICAgICAgPC90PgogICAgICAgICAgICA8L2xpc3Q+CiAg ICAgICAgICA8L3Q+CiAgICAgICAgICA8dD4KICAgICAgICAgICAgPGxpc3Qgc3R5bGU9J3N5bWJv bHMnPgogICAgICAgICAgICAgIDx0PgogICAgICAgICAgICAgICAgUGFyYW1ldGVyIG5hbWU6IGdy YW50X3R5cGUKICAgICAgICAgICAgICA8L3Q+CiAgICAgICAgICAgICAgPHQ+CiAgICAgICAgICAg ICAgICBQYXJhbWV0ZXIgdXNhZ2UgbG9jYXRpb246IHRva2VuIHJlcXVlc3QKICAgICAgICAgICAg ICA8L3Q+CiAgICAgICAgICAgICAgPHQ+CiAgICAgICAgICAgICAgICBDaGFuZ2UgY29udHJvbGxl cjogSUVURgogICAgICAgICAgICAgIDwvdD4KICAgICAgICAgICAgICA8dD4KICAgICAgICAgICAg ICAgIFNwZWNpZmljYXRpb24gZG9jdW1lbnQocyk6IFtbIHRoaXMgZG9jdW1lbnQgXV0KICAgICAg ICAgICAgICA8L3Q+CiAgICAgICAgICAgIDwvbGlzdD4KICAgICAgICAgIDwvdD4KICAgICAgICAg IDx0PgogICAgICAgICAgICA8bGlzdCBzdHlsZT0nc3ltYm9scyc+CiAgICAgICAgICAgICAgPHQ+ CiAgICAgICAgICAgICAgICBQYXJhbWV0ZXIgbmFtZTogYWNjZXNzX3Rva2VuCiAgICAgICAgICAg ICAgPC90PgogICAgICAgICAgICAgIDx0PgogICAgICAgICAgICAgICAgUGFyYW1ldGVyIHVzYWdl IGxvY2F0aW9uOiBhdXRob3JpemF0aW9uIHJlc3BvbnNlLCB0b2tlbiByZXNwb25zZQogICAgICAg ICAgICAgIDwvdD4KICAgICAgICAgICAgICA8dD4KICAgICAgICAgICAgICAgIENoYW5nZSBjb250 cm9sbGVyOiBJRVRGCiAgICAgICAgICAgICAgPC90PgogICAgICAgICAgICAgIDx0PgogICAgICAg ICAgICAgICAgU3BlY2lmaWNhdGlvbiBkb2N1bWVudChzKTogW1sgdGhpcyBkb2N1bWVudCBdXQog ICAgICAgICAgICAgIDwvdD4KICAgICAgICAgICAgPC9saXN0PgogICAgICAgICAgPC90PgogICAg ICAgICAgPHQ+CiAgICAgICAgICAgIDxsaXN0IHN0eWxlPSdzeW1ib2xzJz4KICAgICAgICAgICAg ICA8dD4KICAgICAgICAgICAgICAgIFBhcmFtZXRlciBuYW1lOiB0b2tlbl90eXBlCiAgICAgICAg ICAgICAgPC90PgogICAgICAgICAgICAgIDx0PgogICAgICAgICAgICAgICAgUGFyYW1ldGVyIHVz YWdlIGxvY2F0aW9uOiBhdXRob3JpemF0aW9uIHJlc3BvbnNlLCB0b2tlbiByZXNwb25zZQogICAg ICAgICAgICAgIDwvdD4KICAgICAgICAgICAgICA8dD4KICAgICAgICAgICAgICAgIENoYW5nZSBj b250cm9sbGVyOiBJRVRGCiAgICAgICAgICAgICAgPC90PgogICAgICAgICAgICAgIDx0PgogICAg ICAgICAgICAgICAgU3BlY2lmaWNhdGlvbiBkb2N1bWVudChzKTogW1sgdGhpcyBkb2N1bWVudCBd XQogICAgICAgICAgICAgIDwvdD4KICAgICAgICAgICAgPC9saXN0PgogICAgICAgICAgPC90Pgog ICAgICAgICAgPHQ+CiAgICAgICAgICAgIDxsaXN0IHN0eWxlPSdzeW1ib2xzJz4KICAgICAgICAg ICAgICA8dD4KICAgICAgICAgICAgICAgIFBhcmFtZXRlciBuYW1lOiBleHBpcmVzX2luCiAgICAg ICAgICAgICAgPC90PgogICAgICAgICAgICAgIDx0PgogICAgICAgICAgICAgICAgUGFyYW1ldGVy IHVzYWdlIGxvY2F0aW9uOiBhdXRob3JpemF0aW9uIHJlc3BvbnNlLCB0b2tlbiByZXNwb25zZQog ICAgICAgICAgICAgIDwvdD4KICAgICAgICAgICAgICA8dD4KICAgICAgICAgICAgICAgIENoYW5n ZSBjb250cm9sbGVyOiBJRVRGCiAgICAgICAgICAgICAgPC90PgogICAgICAgICAgICAgIDx0Pgog ICAgICAgICAgICAgICAgU3BlY2lmaWNhdGlvbiBkb2N1bWVudChzKTogW1sgdGhpcyBkb2N1bWVu dCBdXQogICAgICAgICAgICAgIDwvdD4KICAgICAgICAgICAgPC9saXN0PgogICAgICAgICAgPC90 PgogICAgICAgICAgPHQ+CiAgICAgICAgICAgIDxsaXN0IHN0eWxlPSdzeW1ib2xzJz4KICAgICAg ICAgICAgICA8dD4KICAgICAgICAgICAgICAgIFBhcmFtZXRlciBuYW1lOiB1c2VybmFtZQogICAg ICAgICAgICAgIDwvdD4KICAgICAgICAgICAgICA8dD4KICAgICAgICAgICAgICAgIFBhcmFtZXRl ciB1c2FnZSBsb2NhdGlvbjogdG9rZW4gcmVxdWVzdAogICAgICAgICAgICAgIDwvdD4KICAgICAg ICAgICAgICA8dD4KICAgICAgICAgICAgICAgIENoYW5nZSBjb250cm9sbGVyOiBJRVRGCiAgICAg ICAgICAgICAgPC90PgogICAgICAgICAgICAgIDx0PgogICAgICAgICAgICAgICAgU3BlY2lmaWNh dGlvbiBkb2N1bWVudChzKTogW1sgdGhpcyBkb2N1bWVudCBdXQogICAgICAgICAgICAgIDwvdD4K ICAgICAgICAgICAgPC9saXN0PgogICAgICAgICAgPC90PgogICAgICAgICAgPHQ+CiAgICAgICAg ICAgIDxsaXN0IHN0eWxlPSdzeW1ib2xzJz4KICAgICAgICAgICAgICA8dD4KICAgICAgICAgICAg ICAgIFBhcmFtZXRlciBuYW1lOiBwYXNzd29yZAogICAgICAgICAgICAgIDwvdD4KICAgICAgICAg ICAgICA8dD4KICAgICAgICAgICAgICAgIFBhcmFtZXRlciB1c2FnZSBsb2NhdGlvbjogdG9rZW4g cmVxdWVzdAogICAgICAgICAgICAgIDwvdD4KICAgICAgICAgICAgICA8dD4KICAgICAgICAgICAg ICAgIENoYW5nZSBjb250cm9sbGVyOiBJRVRGCiAgICAgICAgICAgICAgPC90PgogICAgICAgICAg ICAgIDx0PgogICAgICAgICAgICAgICAgU3BlY2lmaWNhdGlvbiBkb2N1bWVudChzKTogW1sgdGhp cyBkb2N1bWVudCBdXQogICAgICAgICAgICAgIDwvdD4KICAgICAgICAgICAgPC9saXN0PgogICAg ICAgICAgPC90PgogICAgICAgICAgPHQ+CiAgICAgICAgICAgIDxsaXN0IHN0eWxlPSdzeW1ib2xz Jz4KICAgICAgICAgICAgICA8dD4KICAgICAgICAgICAgICAgIFBhcmFtZXRlciBuYW1lOiByZWZy ZXNoX3Rva2VuCiAgICAgICAgICAgICAgPC90PgogICAgICAgICAgICAgIDx0PgogICAgICAgICAg ICAgICAgUGFyYW1ldGVyIHVzYWdlIGxvY2F0aW9uOiB0b2tlbiByZXF1ZXN0LCB0b2tlbiByZXNw b25zZQogICAgICAgICAgICAgIDwvdD4KICAgICAgICAgICAgICA8dD4KICAgICAgICAgICAgICAg IENoYW5nZSBjb250cm9sbGVyOiBJRVRGCiAgICAgICAgICAgICAgPC90PgogICAgICAgICAgICAg IDx0PgogICAgICAgICAgICAgICAgU3BlY2lmaWNhdGlvbiBkb2N1bWVudChzKTogW1sgdGhpcyBk b2N1bWVudCBdXQogICAgICAgICAgICAgIDwvdD4KICAgICAgICAgICAgPC9saXN0PgogICAgICAg ICAgPC90PgogICAgICAgIDwvc2VjdGlvbj4KCiAgICAgIDwvc2VjdGlvbj4KCiAgICAgIDxzZWN0 aW9uIHRpdGxlPSdUaGUgT0F1dGggQXV0aG9yaXphdGlvbiBFbmRwb2ludCBSZXNwb25zZSBUeXBl IFJlZ2lzdHJ5JyBhbmNob3I9J3Jlc3BvbnNlLXR5cGUtcmVnaXN0cnknPgogICAgICAgIDx0Pgog ICAgICAgICAgVGhpcyBzcGVjaWZpY2F0aW9uIGVzdGFibGlzaGVzIHRoZSBPQXV0aCBhdXRob3Jp emF0aW9uIGVuZHBvaW50IHJlc3BvbnNlIHR5cGUgcmVnaXN0cnkuCiAgICAgICAgPC90PgogICAg ICAgIDx0PgogICAgICAgICAgICBBZGRpdGlvbmFsIHJlc3BvbnNlIHR5cGUgZm9yIHVzZSB3aXRo IHRoZSBhdXRob3JpemF0aW9uIGVuZHBvaW50IGFyZSByZWdpc3RlcmVkIHdpdGggYQogICAgICAg ICAgICBTcGVjaWZpY2F0aW9uIFJlcXVpcmVkICg8eHJlZiB0YXJnZXQ9J1JGQzUyMjYnIC8+KSBh ZnRlciBhIHR3byB3ZWVrIHJldmlldyBwZXJpb2Qgb24KICAgICAgICAgICAgdGhlIFtUQkRdQGll dGYub3JnIG1haWxpbmcgbGlzdCwgb24gdGhlIGFkdmljZSBvZiBvbmUgb3IgbW9yZSBEZXNpZ25h dGVkIEV4cGVydHMuCiAgICAgICAgICAgIEhvd2V2ZXIsIHRvIGFsbG93IGZvciB0aGUgYWxsb2Nh dGlvbiBvZiB2YWx1ZXMgcHJpb3IgdG8gcHVibGljYXRpb24sIHRoZSBEZXNpZ25hdGVkCiAgICAg ICAgICAgIEV4cGVydChzKSBtYXkgYXBwcm92ZSByZWdpc3RyYXRpb24gb25jZSB0aGV5IGFyZSBz YXRpc2ZpZWQgdGhhdCBzdWNoIGEgc3BlY2lmaWNhdGlvbgogICAgICAgICAgICB3aWxsIGJlIHB1 Ymxpc2hlZC4KICAgICAgICAgIDwvdD4KICAgICAgICAgIDx0PgogICAgICAgICAgICBSZWdpc3Ry YXRpb24gcmVxdWVzdHMgbXVzdCBiZSBzZW50IHRvIHRoZSBbVEJEXUBpZXRmLm9yZyBtYWlsaW5n IGxpc3QgZm9yIHJldmlldyBhbmQKICAgICAgICAgICAgY29tbWVudCwgd2l0aCBhbiBhcHByb3By aWF0ZSBzdWJqZWN0IChlLmcuLCAiUmVxdWVzdCBmb3IgcmVzcG9uc2UgdHlwZTogZXhhbXBsZSIp LgogICAgICAgICAgICBbWyBOb3RlIHRvIFJGQy1FRElUT1I6IFRoZSBuYW1lIG9mIHRoZSBtYWls aW5nIGxpc3Qgc2hvdWxkIGJlIGRldGVybWluZWQgaW4gY29uc3VsdGF0aW9uCiAgICAgICAgICAg IHdpdGggdGhlIElFU0cgYW5kIElBTkEuIFN1Z2dlc3RlZCBuYW1lOiBvYXV0aC1leHQtcmV2aWV3 LiBdXQogICAgICAgICAgPC90PgogICAgICAgICAgPHQ+CiAgICAgICAgICAgIFdpdGhpbiB0aGUg cmV2aWV3IHBlcmlvZCwgdGhlIERlc2lnbmF0ZWQgRXhwZXJ0KHMpIHdpbGwgZWl0aGVyIGFwcHJv dmUgb3IKICAgICAgICAgICAgZGVueSB0aGUgcmVnaXN0cmF0aW9uIHJlcXVlc3QsIGNvbW11bmlj YXRpbmcgdGhpcyBkZWNpc2lvbiB0byB0aGUgcmV2aWV3IGxpc3QgYW5kIElBTkEuCiAgICAgICAg ICAgIERlbmlhbHMgc2hvdWxkIGluY2x1ZGUgYW4gZXhwbGFuYXRpb24gYW5kLCBpZiBhcHBsaWNh YmxlLCBzdWdnZXN0aW9ucyBhcyB0byBob3cgdG8gbWFrZQogICAgICAgICAgICB0aGUgcmVxdWVz dCBzdWNjZXNzZnVsLgogICAgICAgICAgPC90PgogICAgICAgICAgPHQ+CiAgICAgICAgICAgIElB TkEgbXVzdCBvbmx5IGFjY2VwdCByZWdpc3RyeSB1cGRhdGVzIGZyb20gdGhlIERlc2lnbmF0ZWQg RXhwZXJ0KHMpLCBhbmQgc2hvdWxkIGRpcmVjdAogICAgICAgICAgICBhbGwgcmVxdWVzdHMgZm9y IHJlZ2lzdHJhdGlvbiB0byB0aGUgcmV2aWV3IG1haWxpbmcgbGlzdC4KICAgICAgICAgIDwvdD4K CgogICAgICAgICAgPHNlY3Rpb24gdGl0bGU9J1JlZ2lzdHJhdGlvbiBUZW1wbGF0ZSc+CiAgICAg ICAgICA8dD4KICAgICAgICAgICAgPGxpc3Qgc3R5bGU9J2hhbmdpbmcnPgogICAgICAgICAgICAg IDx0IGhhbmdUZXh0PSdSZXNwb25zZSB0eXBlIG5hbWU6Jz4KICAgICAgICAgICAgICAgIDx2c3Bh Y2UgLz4KICAgICAgICAgICAgICAgIFRoZSBuYW1lIHJlcXVlc3RlZCAoZS5nLiwgImV4YW1wbGUi KS4KICAgICAgICAgICAgICA8L3Q+CiAgICAgICAgICAgICAgPHQgaGFuZ1RleHQ9J0NoYW5nZSBj b250cm9sbGVyOic+CiAgICAgICAgICAgICAgICA8dnNwYWNlIC8+CiAgICAgICAgICAgICAgICBG b3Igc3RhbmRhcmRzLXRyYWNrIFJGQ3MsIHN0YXRlICJJRVRGIi4gRm9yIG90aGVycywgZ2l2ZSB0 aGUgbmFtZSBvZiB0aGUKICAgICAgICAgICAgICAgIHJlc3BvbnNpYmxlIHBhcnR5LiBPdGhlciBk ZXRhaWxzIChlLmcuLCBwb3N0YWwgYWRkcmVzcywgZS1tYWlsIGFkZHJlc3MsIGhvbWUgcGFnZQog ICAgICAgICAgICAgICAgVVJJKSBtYXkgYWxzbyBiZSBpbmNsdWRlZC4KICAgICAgICAgICAgICA8 L3Q+CiAgICAgICAgICAgICAgPHQgaGFuZ1RleHQ9J1NwZWNpZmljYXRpb24gZG9jdW1lbnQocyk6 Jz4KICAgICAgICAgICAgICAgIDx2c3BhY2UgLz4KICAgICAgICAgICAgICAgIFJlZmVyZW5jZSB0 byB0aGUgZG9jdW1lbnQgdGhhdCBzcGVjaWZpZXMgdGhlIHR5cGUsIHByZWZlcmFibHkgaW5jbHVk aW5nIGEgVVJJIHRoYXQKICAgICAgICAgICAgICAgIGNhbiBiZSB1c2VkIHRvIHJldHJpZXZlIGEg Y29weSBvZiB0aGUgZG9jdW1lbnQuIEFuIGluZGljYXRpb24gb2YgdGhlIHJlbGV2YW50CiAgICAg ICAgICAgICAgICBzZWN0aW9ucyBtYXkgYWxzbyBiZSBpbmNsdWRlZCwgYnV0IGlzIG5vdCByZXF1 aXJlZC4KICAgICAgICAgICAgICA8L3Q+CiAgICAgICAgICAgIDwvbGlzdD4KICAgICAgICAgIDwv dD4KICAgICAgICA8L3NlY3Rpb24+CgogICAgICAgIDxzZWN0aW9uIHRpdGxlPSdJbml0aWFsIFJl Z2lzdHJ5IENvbnRlbnRzJz4KICAgICAgICAgIDx0PgogICAgICAgICAgICBUaGUgT0F1dGggQXV0 aG9yaXphdGlvbiBFbmRwb2ludCBSZXNwb25zZSBUeXBlIFJlZ2lzdHJ5J3MgaW5pdGlhbCBjb250 ZW50cyBhcmU6CiAgICAgICAgICA8L3Q+CiAgICAgICAgICA8dD4KICAgICAgICAgICAgPGxpc3Qg c3R5bGU9J3N5bWJvbHMnPgogICAgICAgICAgICAgIDx0PgogICAgICAgICAgICAgICAgUmVzcG9u c2UgdHlwZSBuYW1lOiBjb2RlCiAgICAgICAgICAgICAgPC90PgogICAgICAgICAgICAgIDx0Pgog ICAgICAgICAgICAgICAgQ2hhbmdlIGNvbnRyb2xsZXI6IElFVEYKICAgICAgICAgICAgICA8L3Q+ CiAgICAgICAgICAgICAgPHQ+CiAgICAgICAgICAgICAgICBTcGVjaWZpY2F0aW9uIGRvY3VtZW50 KHMpOiBbWyB0aGlzIGRvY3VtZW50IF1dCiAgICAgICAgICAgICAgPC90PgogICAgICAgICAgICA8 L2xpc3Q+CiAgICAgICAgICA8L3Q+CiAgICAgICAgICA8dD4KICAgICAgICAgICAgPGxpc3Qgc3R5 bGU9J3N5bWJvbHMnPgogICAgICAgICAgICAgIDx0PgogICAgICAgICAgICAgICAgUmVzcG9uc2Ug dHlwZSBuYW1lOiB0b2tlbgogICAgICAgICAgICAgIDwvdD4KICAgICAgICAgICAgICA8dD4KICAg ICAgICAgICAgICAgIENoYW5nZSBjb250cm9sbGVyOiBJRVRGCiAgICAgICAgICAgICAgPC90Pgog ICAgICAgICAgICAgIDx0PgogICAgICAgICAgICAgICAgU3BlY2lmaWNhdGlvbiBkb2N1bWVudChz KTogW1sgdGhpcyBkb2N1bWVudCBdXQogICAgICAgICAgICAgIDwvdD4KICAgICAgICAgICAgPC9s aXN0PgogICAgICAgICAgPC90PgogICAgICAgIDwvc2VjdGlvbj4KCiAgICAgIDwvc2VjdGlvbj4K CiAgICAgIDxzZWN0aW9uIHRpdGxlPSdUaGUgT0F1dGggRXh0ZW5zaW9ucyBFcnJvciBSZWdpc3Ry eScgYW5jaG9yPSdlcnJvci1yZWdpc3RyeSc+CiAgICAgICAgPHQ+CiAgICAgICAgICBUaGlzIHNw ZWNpZmljYXRpb24gZXN0YWJsaXNoZXMgdGhlIE9BdXRoIGV4dGVuc2lvbnMgZXJyb3IgcmVnaXN0 cnkuCiAgICAgICAgPC90PgogICAgICAgIDx0PgogICAgICAgICAgQWRkaXRpb25hbCBlcnJvciBj b2RlcyB1c2VkIHRvZ2V0aGVyIHdpdGggb3RoZXIgcHJvdG9jb2wgZXh0ZW5zaW9ucyAoaS5lLiBl eHRlbnNpb24gZ3JhbnQKICAgICAgICAgIHR5cGVzLCBhY2Nlc3MgdG9rZW4gdHlwZXMsIG9yIGV4 dGVuc2lvbiBwYXJhbWV0ZXJzKSBhcmUgcmVnaXN0ZXJlZCB3aXRoIGEgU3BlY2lmaWNhdGlvbgog ICAgICAgICAgUmVxdWlyZWQgKDx4cmVmIHRhcmdldD0nUkZDNTIyNicgLz4pIGFmdGVyIGEgdHdv IHdlZWsgcmV2aWV3IHBlcmlvZCBvbiB0aGUKICAgICAgICAgIFtUQkRdQGlldGYub3JnIG1haWxp bmcgbGlzdCwgb24gdGhlIGFkdmljZSBvZiBvbmUgb3IgbW9yZSBEZXNpZ25hdGVkIEV4cGVydHMu IEhvd2V2ZXIsIHRvCiAgICAgICAgICBhbGxvdyBmb3IgdGhlIGFsbG9jYXRpb24gb2YgdmFsdWVz IHByaW9yIHRvIHB1YmxpY2F0aW9uLCB0aGUgRGVzaWduYXRlZCBFeHBlcnQocykgbWF5CiAgICAg ICAgICBhcHByb3ZlIHJlZ2lzdHJhdGlvbiBvbmNlIHRoZXkgYXJlIHNhdGlzZmllZCB0aGF0IHN1 Y2ggYSBzcGVjaWZpY2F0aW9uIHdpbGwgYmUgcHVibGlzaGVkLgogICAgICAgIDwvdD4KICAgICAg ICA8dD4KICAgICAgICAgIFJlZ2lzdHJhdGlvbiByZXF1ZXN0cyBtdXN0IGJlIHNlbnQgdG8gdGhl IFtUQkRdQGlldGYub3JnIG1haWxpbmcgbGlzdCBmb3IgcmV2aWV3IGFuZAogICAgICAgICAgY29t bWVudCwgd2l0aCBhbiBhcHByb3ByaWF0ZSBzdWJqZWN0IChlLmcuLCAiUmVxdWVzdCBmb3IgZXJy b3IgY29kZTogZXhhbXBsZSIpLgogICAgICAgICAgW1sgTm90ZSB0byBSRkMtRURJVE9SOiBUaGUg bmFtZSBvZiB0aGUgbWFpbGluZyBsaXN0IHNob3VsZCBiZSBkZXRlcm1pbmVkIGluIGNvbnN1bHRh dGlvbgogICAgICAgICAgd2l0aCB0aGUgSUVTRyBhbmQgSUFOQS4gU3VnZ2VzdGVkIG5hbWU6IG9h dXRoLWV4dC1yZXZpZXcuIF1dCiAgICAgICAgPC90PgogICAgICAgIDx0PgogICAgICAgICAgV2l0 aGluIHRoZSByZXZpZXcgcGVyaW9kLCB0aGUgRGVzaWduYXRlZCBFeHBlcnQocykgd2lsbCBlaXRo ZXIgYXBwcm92ZSBvcgogICAgICAgICAgZGVueSB0aGUgcmVnaXN0cmF0aW9uIHJlcXVlc3QsIGNv bW11bmljYXRpbmcgdGhpcyBkZWNpc2lvbiB0byB0aGUgcmV2aWV3IGxpc3QgYW5kIElBTkEuCiAg ICAgICAgICBEZW5pYWxzIHNob3VsZCBpbmNsdWRlIGFuIGV4cGxhbmF0aW9uIGFuZCwgaWYgYXBw bGljYWJsZSwgc3VnZ2VzdGlvbnMgYXMgdG8gaG93IHRvIG1ha2UKICAgICAgICAgIHRoZSByZXF1 ZXN0IHN1Y2Nlc3NmdWwuCiAgICAgICAgPC90PgogICAgICAgIDx0PgogICAgICAgICAgSUFOQSBt dXN0IG9ubHkgYWNjZXB0IHJlZ2lzdHJ5IHVwZGF0ZXMgZnJvbSB0aGUgRGVzaWduYXRlZCBFeHBl cnQocyksIGFuZCBzaG91bGQgZGlyZWN0CiAgICAgICAgICBhbGwgcmVxdWVzdHMgZm9yIHJlZ2lz dHJhdGlvbiB0byB0aGUgcmV2aWV3IG1haWxpbmcgbGlzdC4KICAgICAgICA8L3Q+CgogICAgICAg IDxzZWN0aW9uIHRpdGxlPSdSZWdpc3RyYXRpb24gVGVtcGxhdGUnPgogICAgICAgICAgPHQ+CiAg ICAgICAgICAgIDxsaXN0IHN0eWxlPSdoYW5naW5nJz4KICAgICAgICAgICAgICA8dCBoYW5nVGV4 dD0nRXJyb3IgbmFtZTonPgogICAgICAgICAgICAgICAgPHZzcGFjZSAvPgogICAgICAgICAgICAg ICAgVGhlIG5hbWUgcmVxdWVzdGVkIChlLmcuLCAiZXhhbXBsZSIpLgoJCVZhbHVlcyBmb3IgdGhl IGVycm9yIG5hbWUgTVVTVCBOT1QgaW5jbHVkZQoJCWNoYXJhY3RlcnMgb3V0c2lkZSB0aGUgc2V0 ICV4MjAtMjEgLyAleDIzLTVCIC8gJXg1RC03RS4KICAgICAgICAgICAgICA8L3Q+CiAgICAgICAg ICAgICAgPHQgaGFuZ1RleHQ9J0Vycm9yIHVzYWdlIGxvY2F0aW9uOic+CiAgICAgICAgICAgICAg ICA8dnNwYWNlIC8+CiAgICAgICAgICAgICAgICBUaGUgbG9jYXRpb24ocykgd2hlcmUgdGhlIGVy cm9yIGNhbiBiZSB1c2VkLiBUaGUgcG9zc2libGUgbG9jYXRpb25zIGFyZToKICAgICAgICAgICAg ICAgIGF1dGhvcml6YXRpb24gY29kZSBncmFudCBlcnJvciByZXNwb25zZSAoPHhyZWYgdGFyZ2V0 PSdjb2RlLWF1dGh6LWVycm9yJyAvPiksCiAgICAgICAgICAgICAgICBpbXBsaWNpdCBncmFudCBl cnJvciByZXNwb25zZSAoPHhyZWYgdGFyZ2V0PSdpbXBsaWNpdC1hdXRoei1lcnJvcicgLz4pLAoJ CXRva2VuIGVycm9yIHJlc3BvbnNlICg8eHJlZiB0YXJnZXQ9J3Rva2VuLWVycm9ycycgLz4pLCBv cgoJCXJlc291cmNlIGFjY2VzcyBlcnJvciByZXNwb25zZSAoPHhyZWYgdGFyZ2V0PSdyZXNvdXJj ZS1lcnJvcnMnIC8+KS4KICAgICAgICAgICAgICA8L3Q+CiAgICAgICAgICAgICAgPHQgaGFuZ1Rl eHQ9J1JlbGF0ZWQgcHJvdG9jb2wgZXh0ZW5zaW9uOic+CiAgICAgICAgICAgICAgICA8dnNwYWNl IC8+CiAgICAgICAgICAgICAgICBUaGUgbmFtZSBvZiB0aGUgZXh0ZW5zaW9uIGdyYW50IHR5cGUs IGFjY2VzcyB0b2tlbiB0eXBlLCBvciBleHRlbnNpb24gcGFyYW1ldGVyLAogICAgICAgICAgICAg ICAgdGhlIGVycm9yIGNvZGUgaXMgdXNlZCBpbiBjb25qdW5jdGlvbiB3aXRoLgogICAgICAgICAg ICAgIDwvdD4KICAgICAgICAgICAgICA8dCBoYW5nVGV4dD0nQ2hhbmdlIGNvbnRyb2xsZXI6Jz4K ICAgICAgICAgICAgICAgIDx2c3BhY2UgLz4KICAgICAgICAgICAgICAgIEZvciBzdGFuZGFyZHMt dHJhY2sgUkZDcywgc3RhdGUgIklFVEYiLiBGb3Igb3RoZXJzLCBnaXZlIHRoZSBuYW1lIG9mIHRo ZQogICAgICAgICAgICAgICAgcmVzcG9uc2libGUgcGFydHkuIE90aGVyIGRldGFpbHMgKGUuZy4s IHBvc3RhbCBhZGRyZXNzLCBlLW1haWwgYWRkcmVzcywgaG9tZSBwYWdlCiAgICAgICAgICAgICAg ICBVUkkpIG1heSBhbHNvIGJlIGluY2x1ZGVkLgogICAgICAgICAgICAgIDwvdD4KICAgICAgICAg ICAgICA8dCBoYW5nVGV4dD0nU3BlY2lmaWNhdGlvbiBkb2N1bWVudChzKTonPgogICAgICAgICAg ICAgICAgPHZzcGFjZSAvPgogICAgICAgICAgICAgICAgUmVmZXJlbmNlIHRvIHRoZSBkb2N1bWVu dCB0aGF0IHNwZWNpZmllcyB0aGUgZXJyb3IgY29kZSwgcHJlZmVyYWJseSBpbmNsdWRpbmcgYSBV UkkKICAgICAgICAgICAgICAgIHRoYXQgY2FuIGJlIHVzZWQgdG8gcmV0cmlldmUgYSBjb3B5IG9m IHRoZSBkb2N1bWVudC4gQW4gaW5kaWNhdGlvbiBvZiB0aGUgcmVsZXZhbnQKICAgICAgICAgICAg ICAgIHNlY3Rpb25zIG1heSBhbHNvIGJlIGluY2x1ZGVkLCBidXQgaXMgbm90IHJlcXVpcmVkLgog ICAgICAgICAgICAgIDwvdD4KICAgICAgICAgICAgPC9saXN0PgogICAgICAgICAgPC90PgogICAg ICAgIDwvc2VjdGlvbj4KCiAgICAgIDwvc2VjdGlvbj4KCiAgICA8L3NlY3Rpb24+CgogIDwvbWlk ZGxlPgoKICA8YmFjaz4KCiAgICA8cmVmZXJlbmNlcyB0aXRsZT0nTm9ybWF0aXZlIFJlZmVyZW5j ZXMnPgoKICAgICAgPD9yZmMgaW5jbHVkZT0naHR0cDovL3htbC5yZXNvdXJjZS5vcmcvcHVibGlj L3JmYy9iaWJ4bWwvcmVmZXJlbmNlLlJGQy4yMTE5LnhtbCcgPz4KICAgICAgPD9yZmMgaW5jbHVk ZT0naHR0cDovL3htbC5yZXNvdXJjZS5vcmcvcHVibGljL3JmYy9iaWJ4bWwvcmVmZXJlbmNlLlJG Qy4yMjQ2LnhtbCcgPz4KICAgICAgPD9yZmMgaW5jbHVkZT0naHR0cDovL3htbC5yZXNvdXJjZS5v cmcvcHVibGljL3JmYy9iaWJ4bWwvcmVmZXJlbmNlLlJGQy4yNjE2LnhtbCcgPz4KICAgICAgPD9y ZmMgaW5jbHVkZT0naHR0cDovL3htbC5yZXNvdXJjZS5vcmcvcHVibGljL3JmYy9iaWJ4bWwvcmVm ZXJlbmNlLlJGQy4yNjE3LnhtbCcgPz4KICAgICAgPD9yZmMgaW5jbHVkZT0naHR0cDovL3htbC5y ZXNvdXJjZS5vcmcvcHVibGljL3JmYy9iaWJ4bWwvcmVmZXJlbmNlLlJGQy4yODE4LnhtbCcgPz4K ICAgICAgPD9yZmMgaW5jbHVkZT0naHR0cDovL3htbC5yZXNvdXJjZS5vcmcvcHVibGljL3JmYy9i aWJ4bWwvcmVmZXJlbmNlLlJGQy4zOTg2LnhtbCcgPz4KICAgICAgPD9yZmMgaW5jbHVkZT0naHR0 cDovL3htbC5yZXNvdXJjZS5vcmcvcHVibGljL3JmYy9iaWJ4bWwvcmVmZXJlbmNlLlJGQy40NjI3 LnhtbCcgPz4KICAgICAgPD9yZmMgaW5jbHVkZT0naHR0cDovL3htbC5yZXNvdXJjZS5vcmcvcHVi bGljL3JmYy9iaWJ4bWwvcmVmZXJlbmNlLlJGQy40OTQ5LnhtbCcgPz4KICAgICAgPD9yZmMgaW5j bHVkZT0naHR0cDovL3htbC5yZXNvdXJjZS5vcmcvcHVibGljL3JmYy9iaWJ4bWwvcmVmZXJlbmNl LlJGQy41MjI2LnhtbCcgPz4KICAgICAgPD9yZmMgaW5jbHVkZT0naHR0cDovL3htbC5yZXNvdXJj ZS5vcmcvcHVibGljL3JmYy9iaWJ4bWwvcmVmZXJlbmNlLlJGQy41MjM0LnhtbCcgPz4KICAgICAg PD9yZmMgaW5jbHVkZT0naHR0cDovL3htbC5yZXNvdXJjZS5vcmcvcHVibGljL3JmYy9iaWJ4bWwv cmVmZXJlbmNlLlJGQy41MjQ2LnhtbCcgPz4KICAgICAgPD9yZmMgaW5jbHVkZT0naHR0cDovL3ht bC5yZXNvdXJjZS5vcmcvcHVibGljL3JmYy9iaWJ4bWwvcmVmZXJlbmNlLlJGQy42MTI1LnhtbCcg Pz4KICAgICAgPD9yZmMgaW5jbHVkZT0naHR0cDovL3htbC5yZXNvdXJjZS5vcmcvcHVibGljL3Jm Yy9iaWJ4bWw0L3JlZmVyZW5jZS5XM0MuUkVDLWh0bWw0MDEtMTk5OTEyMjQueG1sJyA/PgoKICAg ICAgPHJlZmVyZW5jZSBhbmNob3I9IlVTQVNDSUkiPgoJPGZyb250PgoJICA8dGl0bGU+Q29kZWQg Q2hhcmFjdGVyIFNldCAtLSA3LWJpdCBBbWVyaWNhbiBTdGFuZGFyZCBDb2RlIGZvciBJbmZvcm1h dGlvbiBJbnRlcmNoYW5nZTwvdGl0bGU+CgkgIDxhdXRob3I+CgkgICAgPG9yZ2FuaXphdGlvbj5B bWVyaWNhbiBOYXRpb25hbCBTdGFuZGFyZHMgSW5zdGl0dXRlPC9vcmdhbml6YXRpb24+CgkgIDwv YXV0aG9yPgoJICA8ZGF0ZSB5ZWFyPSIxOTg2Ii8+Cgk8L2Zyb250PgoJPHNlcmllc0luZm8gbmFt ZT0iQU5TSSIgdmFsdWU9IlgzLjQiLz4KICAgICAgPC9yZWZlcmVuY2U+CgogICAgPC9yZWZlcmVu Y2VzPgoKICAgIDxyZWZlcmVuY2VzIHRpdGxlPSdJbmZvcm1hdGl2ZSBSZWZlcmVuY2VzJz4KCiAg ICAgIDw/cmZjIGluY2x1ZGU9J2h0dHA6Ly94bWwucmVzb3VyY2Uub3JnL3B1YmxpYy9yZmMvYmli eG1sL3JlZmVyZW5jZS5SRkMuNTg0OS54bWwnID8+CiAgICAgIDw/cmZjIGluY2x1ZGU9J2h0dHA6 Ly94bWwucmVzb3VyY2Uub3JnL3B1YmxpYy9yZmMvYmlieG1sMy9yZWZlcmVuY2UuSS1ELmRyYWZ0 LWlldGYtb2F1dGgtdjItYmVhcmVyLTIxLnhtbCcgPz4KICAgICAgPD9yZmMgaW5jbHVkZT0naHR0 cDovL3htbC5yZXNvdXJjZS5vcmcvcHVibGljL3JmYy9iaWJ4bWwzL3JlZmVyZW5jZS5JLUQuZHJh ZnQtaWV0Zi1vYXV0aC1zYW1sMi1iZWFyZXItMTMueG1sJyA/PgogICAgICA8P3JmYyBpbmNsdWRl PSdodHRwOi8veG1sLnJlc291cmNlLm9yZy9wdWJsaWMvcmZjL2JpYnhtbDMvcmVmZXJlbmNlLkkt RC5kcmFmdC1pZXRmLW9hdXRoLXYyLWh0dHAtbWFjLTAxLnhtbCcgPz4KICAgICAgPD9yZmMgaW5j bHVkZT0naHR0cDovL3htbC5yZXNvdXJjZS5vcmcvcHVibGljL3JmYy9iaWJ4bWwzL3JlZmVyZW5j ZS5JLUQuZHJhZnQtaWV0Zi1vYXV0aC12Mi10aHJlYXRtb2RlbC0wNi54bWwnID8+CgogICAgICA8 cmVmZXJlbmNlIGFuY2hvcj0iSS1ELmRyYWZ0LWhhcmR0LW9hdXRoLTAxIj4KICAgICAgICA8ZnJv bnQ+CiAgICAgICAgICA8dGl0bGU+T0F1dGggV2ViIFJlc291cmNlIEF1dGhvcml6YXRpb24gUHJv ZmlsZXM8L3RpdGxlPgogICAgICAgICAgPGF1dGhvciBpbml0aWFscz0iRCIgc3VybmFtZT0iSGFy ZHQiIGZ1bGxuYW1lPSJEaWNrIEhhcmR0IiByb2xlPSJlZGl0b3IiIC8+CiAgICAgICAgICA8YXV0 aG9yIGluaXRpYWxzPSJBIiBzdXJuYW1lPSJUb20iIGZ1bGxuYW1lPSJBbGxlbiBUb20iIC8+CiAg ICAgICAgICA8YXV0aG9yIGluaXRpYWxzPSJCIiBzdXJuYW1lPSJFYXRvbiIgZnVsbG5hbWU9IkJy aWFuIEVhdG9uIiAvPgogICAgICAgICAgPGF1dGhvciBpbml0aWFscz0iWSIgc3VybmFtZT0iR29s YW5kIiBmdWxsbmFtZT0iWWFyb24gR29sYW5kIiAvPgogICAgICAgICAgPGRhdGUgbW9udGg9Ikph bnVhcnkiIGRheT0iMTUiIHllYXI9IjIwMTAiIC8+CiAgICAgICAgPC9mcm9udD4KICAgICAgICA8 Zm9ybWF0IHRhcmdldD0iaHR0cDovL3Rvb2xzLmlldGYub3JnL2h0bWwvZHJhZnQtaGFyZHQtb2F1 dGgtMDEiIHR5cGU9IkhUTUwiIC8+CiAgICAgIDwvcmVmZXJlbmNlPgoKICAgICAgPHJlZmVyZW5j ZSBhbmNob3I9IlVOSUNPREU1Ij4KCTxmcm9udD4KCSAgPHRpdGxlPlRoZSBVbmljb2RlIFN0YW5k YXJkIC0gVmVyc2lvbiA1LjA8L3RpdGxlPgoJICA8YXV0aG9yPgoJICAgIDxvcmdhbml6YXRpb24+ VGhlIFVuaWNvZGUgQ29uc29ydGl1bTwvb3JnYW5pemF0aW9uPgoJICA8L2F1dGhvcj4KCSAgPCEt LSA8cHVibGlzaGVyPkFkZGlzb24tV2VzbGV5PC9wdWJsaXNoZXI+IC0tPgoJICA8ZGF0ZSBtb250 aD0iTm92ZW1iZXIiIHllYXI9IjIwMDYiIC8+Cgk8L2Zyb250PgoJPGZvcm1hdCB0YXJnZXQ9Imh0 dHA6Ly93d3cudW5pY29kZS5vcmcvdmVyc2lvbnMvVW5pY29kZTUuMC4wLyIgdHlwZT0iSFRUUCIg Lz4KICAgICAgPC9yZWZlcmVuY2U+CgogICAgPC9yZWZlcmVuY2VzPgoKICAgIDxzZWN0aW9uIHRp dGxlPSJBdWdtZW50ZWQgQmFja3VzLU5hdXIgRm9ybSAoQUJORikgU3ludGF4Ij4KICAgICAgPHQ+ CglUaGlzIHNlY3Rpb24gcHJvdmlkZXMgQXVnbWVudGVkIEJhY2t1cy1OYXVyIEZvcm0gKEFCTkYp IHN5bnRheAoJZGVzY3JpcHRpb25zIGZvciB0aGUgZWxlbWVudHMgZGVmaW5lZCBpbiB0aGlzIHNw ZWNpZmljYXRpb24KCXVzaW5nIHRoZSBub3RhdGlvbiBvZiA8eHJlZiB0YXJnZXQ9J1JGQzUyMzQn IC8+LgoJVGhlIEFCTkYgYmVsb3cgaXMgZGVmaW5lZCBpbiB0ZXJtcyBvZgoJVW5pY29kZSBjb2Rl IHBvaW50cyA8eHJlZiB0YXJnZXQ9IlVOSUNPREU1Ii8+OwoJdGhlc2UgY2hhcmFjdGVycyBhcmUg dHlwaWNhbGx5IGVuY29kZWQgaW4gVVRGLTguCglFbGVtZW50cyBhcmUgcHJlc2VudGVkIGluIHRo ZSBvcmRlciBmaXJzdCBkZWZpbmVkLgogICAgICA8L3Q+CiAgICAgIDx0PgoJU29tZSBvZiB0aGUg ZGVmaW5pdGlvbnMgdGhhdCBmb2xsb3cgdXNlIHRoZQoJPHNwYW54IHN0eWxlPSd2ZXJiJz5VUkkt cmVmZXJlbmNlPC9zcGFueD4KCWRlZmluaXRpb24gZnJvbSA8eHJlZiB0YXJnZXQ9IlJGQzM5ODYi Lz4uCiAgICAgIDwvdD4KCiAgICAgIDxmaWd1cmU+Cgk8cHJlYW1ibGU+CgkgIFNvbWUgb2YgdGhl IGRlZmluaXRpb25zIHRoYXQgZm9sbG93IHVzZSB0aGVzZSBjb21tb24gZGVmaW5pdGlvbnM6Cgk8 L3ByZWFtYmxlPgoJPGFydHdvcms+PCFbQ0RBVEFbCiAgVlNDSEFSICAgICA9ICV4MjAtN0UKICBO UUNIQVIgICAgID0gJXgyMSAvICV4MjMtNUIgLyAleDVELTdFCiAgTlFTQ0hBUiAgICA9ICV4MjAt MjEgLyAleDIzLTVCIC8gJXg1RC03RQogIFVOSUNPREVOT0NUUkxDSEFSID0gPEFueSBVbmljb2Rl IGNoYXJhY3RlciBvdGhlciB0aGFuICgleDAtMUYgLyAleDdGKT4KXV0+PC9hcnR3b3JrPgogICAg ICA8L2ZpZ3VyZT4KCiAgICAgIDxzZWN0aW9uIHRpdGxlPSciY2xpZW50X2lkIiBTeW50YXgnPgoK CTxmaWd1cmU+CgkgIDxwcmVhbWJsZT4KCSAgICBUaGUgPHNwYW54IHN0eWxlPSd2ZXJiJz5jbGll bnRfaWQ8L3NwYW54PiBlbGVtZW50IGlzIGRlZmluZWQgaW4KCSAgICA8eHJlZiB0YXJnZXQ9ImNs aWVudC1wYXNzd29yZCIvPjoKCSAgPC9wcmVhbWJsZT4KCSAgPGFydHdvcms+PCFbQ0RBVEFbCiAg Y2xpZW50LWlkICAgICA9ICpWU0NIQVIKXV0+PC9hcnR3b3JrPgoJPC9maWd1cmU+CiAgICAgIDwv c2VjdGlvbj4KCiAgICAgIDxzZWN0aW9uIHRpdGxlPSciY2xpZW50X3NlY3JldCIgU3ludGF4Jz4K Cgk8ZmlndXJlPgoJICA8cHJlYW1ibGU+CgkgICAgVGhlIDxzcGFueCBzdHlsZT0ndmVyYic+Y2xp ZW50X3NlY3JldDwvc3Bhbng+IGVsZW1lbnQgaXMgZGVmaW5lZCBpbgoJICAgIDx4cmVmIHRhcmdl dD0iY2xpZW50LXBhc3N3b3JkIi8+OgoJICA8L3ByZWFtYmxlPgoJICA8YXJ0d29yaz48IVtDREFU QVsKICBjbGllbnQtc2VjcmV0ID0gKlZTQ0hBUgpdXT48L2FydHdvcms+Cgk8L2ZpZ3VyZT4KICAg ICAgPC9zZWN0aW9uPgoKICAgICAgPHNlY3Rpb24gdGl0bGU9JyJyZXNwb25zZV90eXBlIiBTeW50 YXgnPgoKCTxmaWd1cmU+CgkgIDxwcmVhbWJsZT4KCSAgICBUaGUgPHNwYW54IHN0eWxlPSd2ZXJi Jz5yZXNwb25zZV90eXBlPC9zcGFueD4gZWxlbWVudCBpcyBkZWZpbmVkIGluCgkgICAgPHhyZWYg dGFyZ2V0PSJyZXNwb25zZS10eXBlIi8+IGFuZAoJICAgIDx4cmVmIHRhcmdldD0icmVzcG9uc2Ut dHlwZS1leHQiLz46CgkgIDwvcHJlYW1ibGU+CgkgIDxhcnR3b3JrPjwhW0NEQVRBWwogIHJlc3Bv bnNlLXR5cGUgPSByZXNwb25zZS1uYW1lICooIFNQIHJlc3BvbnNlLW5hbWUgKQogIHJlc3BvbnNl LW5hbWUgPSAxKnJlc3BvbnNlLWNoYXIKICByZXNwb25zZS1jaGFyID0gIl8iIC8gRElHSVQgLyBB TFBIQQpdXT48L2FydHdvcms+Cgk8L2ZpZ3VyZT4KICAgICAgPC9zZWN0aW9uPgoKICAgICAgPHNl Y3Rpb24gdGl0bGU9JyJzY29wZSIgU3ludGF4Jz4KCgk8ZmlndXJlPgoJICA8cHJlYW1ibGU+Cgkg ICAgVGhlIDxzcGFueCBzdHlsZT0ndmVyYic+c2NvcGU8L3NwYW54PiBlbGVtZW50IGlzIGRlZmlu ZWQgaW4KCSAgICA8eHJlZiB0YXJnZXQ9InNjb3BlIi8+OgoJICA8L3ByZWFtYmxlPgoJICA8YXJ0 d29yaz48IVtDREFUQVsKICBzY29wZSAgICAgICA9IHNjb3BlLXRva2VuICooIFNQIHNjb3BlLXRv a2VuICkKICBzY29wZS10b2tlbiA9IDEqTlFDSEFSCl1dPjwvYXJ0d29yaz4KCTwvZmlndXJlPgog ICAgICA8L3NlY3Rpb24+CgogICAgICA8c2VjdGlvbiB0aXRsZT0nInN0YXRlIiBTeW50YXgnPgoK CTxmaWd1cmU+CgkgIDxwcmVhbWJsZT4KCSAgICBUaGUgPHNwYW54IHN0eWxlPSd2ZXJiJz5zdGF0 ZTwvc3Bhbng+IGVsZW1lbnQgaXMgZGVmaW5lZCBpbgoJICAgIDx4cmVmIHRhcmdldD0iY29kZS1h dXRoei1yZXEiLz4sCgkgICAgPHhyZWYgdGFyZ2V0PSJjb2RlLWF1dGh6LXJlc3AiLz4sCgkgICAg PHhyZWYgdGFyZ2V0PSJjb2RlLWF1dGh6LWVycm9yIi8+LAoJICAgIDx4cmVmIHRhcmdldD0iaW1w bGljaXQtYXV0aHotcmVxIi8+LAoJICAgIDx4cmVmIHRhcmdldD0iaW1wbGljaXQtYXV0aHotcmVz cCIvPiwgYW5kCgkgICAgPHhyZWYgdGFyZ2V0PSJpbXBsaWNpdC1hdXRoei1lcnJvciIvPjoKCSAg PC9wcmVhbWJsZT4KCSAgPGFydHdvcms+PCFbQ0RBVEFbCiAgc3RhdGUgICAgICA9IDEqVlNDSEFS Cl1dPjwvYXJ0d29yaz4KCTwvZmlndXJlPgogICAgICA8L3NlY3Rpb24+CgogICAgICA8c2VjdGlv biB0aXRsZT0nInJlZGlyZWN0X3VyaSIgU3ludGF4Jz4KCgk8ZmlndXJlPgoJICA8cHJlYW1ibGU+ CgkgICAgVGhlIDxzcGFueCBzdHlsZT0ndmVyYic+cmVkaXJlY3RfdXJpPC9zcGFueD4gZWxlbWVu dCBpcyBkZWZpbmVkIGluCgkgICAgPHhyZWYgdGFyZ2V0PSJjb2RlLWF1dGh6LXJlcSIvPiwKCSAg ICA8eHJlZiB0YXJnZXQ9InRva2VuLXJlcSIvPiwgYW5kCgkgICAgPHhyZWYgdGFyZ2V0PSJpbXBs aWNpdC1hdXRoei1yZXEiLz46CgkgIDwvcHJlYW1ibGU+CgkgIDxhcnR3b3JrPjwhW0NEQVRBWwog IHJlZGlyZWN0LXVyaSAgICAgID0gVVJJLXJlZmVyZW5jZQpdXT48L2FydHdvcms+Cgk8L2ZpZ3Vy ZT4KICAgICAgPC9zZWN0aW9uPgoKICAgICAgPHNlY3Rpb24gdGl0bGU9JyJlcnJvciIgU3ludGF4 Jz4KCgk8ZmlndXJlPgoJICA8cHJlYW1ibGU+CgkgICAgVGhlIDxzcGFueCBzdHlsZT0ndmVyYic+ ZXJyb3I8L3NwYW54PiBlbGVtZW50IGlzIGRlZmluZWQgaW4KCSAgICA8eHJlZiB0YXJnZXQ9ImNv ZGUtYXV0aHotZXJyb3IiLz4sCgkgICAgPHhyZWYgdGFyZ2V0PSdpbXBsaWNpdC1hdXRoei1lcnJv cicvPiwKCSAgICA8eHJlZiB0YXJnZXQ9J3Rva2VuLWVycm9ycycvPiwKCSAgICA8eHJlZiB0YXJn ZXQ9J3Jlc291cmNlLWVycm9ycycvPiwgYW5kCgkgICAgPHhyZWYgdGFyZ2V0PSJuZXctZXJyb3Jz Ii8+OgoJICA8L3ByZWFtYmxlPgoJICA8YXJ0d29yaz48IVtDREFUQVsKICBlcnJvciAgICAgICAg ICAgICA9IDEqTlFTQ0hBUgpdXT48L2FydHdvcms+Cgk8L2ZpZ3VyZT4KICAgICAgPC9zZWN0aW9u PgoKICAgICAgPHNlY3Rpb24gdGl0bGU9JyJlcnJvcl9kZXNjcmlwdGlvbiIgU3ludGF4Jz4KCgk8 ZmlndXJlPgoJICA8cHJlYW1ibGU+CgkgICAgVGhlIDxzcGFueCBzdHlsZT0ndmVyYic+ZXJyb3Jf ZGVzY3JpcHRpb248L3NwYW54PiBlbGVtZW50IGlzIGRlZmluZWQgaW4KCSAgICA8eHJlZiB0YXJn ZXQ9ImNvZGUtYXV0aHotZXJyb3IiLz4sCgkgICAgPHhyZWYgdGFyZ2V0PSdpbXBsaWNpdC1hdXRo ei1lcnJvcicvPiwKCSAgICA8eHJlZiB0YXJnZXQ9J3Rva2VuLWVycm9ycycvPiwgYW5kCgkgICAg PHhyZWYgdGFyZ2V0PSdyZXNvdXJjZS1lcnJvcnMnLz46CgkgIDwvcHJlYW1ibGU+CgkgIDxhcnR3 b3JrPjwhW0NEQVRBWwogIGVycm9yLWRlc2NyaXB0aW9uID0gMSpOUVNDSEFSCl1dPjwvYXJ0d29y az4KCTwvZmlndXJlPgogICAgICA8L3NlY3Rpb24+CgogICAgICA8c2VjdGlvbiB0aXRsZT0nImVy cm9yX3VyaSIgU3ludGF4Jz4KCgk8ZmlndXJlPgoJICA8cHJlYW1ibGU+CgkgICAgVGhlIDxzcGFu eCBzdHlsZT0ndmVyYic+ZXJyb3JfdXJpPC9zcGFueD4gZWxlbWVudCBpcyBkZWZpbmVkIGluCgkg ICAgPHhyZWYgdGFyZ2V0PSJjb2RlLWF1dGh6LWVycm9yIi8+LAoJICAgIDx4cmVmIHRhcmdldD0n aW1wbGljaXQtYXV0aHotZXJyb3InLz4sCgkgICAgPHhyZWYgdGFyZ2V0PSd0b2tlbi1lcnJvcnMn Lz4sIGFuZAoJICAgIDx4cmVmIHRhcmdldD0ncmVzb3VyY2UtZXJyb3JzJy8+OgoJICA8L3ByZWFt YmxlPgoJICA8YXJ0d29yaz48IVtDREFUQVsKICBlcnJvci11cmkgICAgICAgICA9IFVSSS1yZWZl cmVuY2UKXV0+PC9hcnR3b3JrPgoJPC9maWd1cmU+CiAgICAgIDwvc2VjdGlvbj4KCiAgICAgIDxz ZWN0aW9uIHRpdGxlPSciZ3JhbnRfdHlwZSIgU3ludGF4Jz4KCgk8ZmlndXJlPgoJICA8cHJlYW1i bGU+CgkgICAgVGhlIDxzcGFueCBzdHlsZT0ndmVyYic+Z3JhbnRfdHlwZTwvc3Bhbng+IGVsZW1l bnQgaXMgZGVmaW5lZCBpbgoJICAgIDx4cmVmIHRhcmdldD0idG9rZW4tcmVxIi8+LAoJICAgIDx4 cmVmIHRhcmdldD0ncGFzc3dvcmQtdG9rLXJlcScvPiwKCSAgICA8eHJlZiB0YXJnZXQ9J2NsaWVu dC1yZXEnLz4sCgkgICAgPHhyZWYgdGFyZ2V0PSJ0b2tlbi1yZWZyZXNoIi8+LCBhbmQKCSAgICA8 eHJlZiB0YXJnZXQ9J2V4dC1ncmFudCcvPjoKCSAgPC9wcmVhbWJsZT4KCSAgPGFydHdvcms+PCFb Q0RBVEFbCiAgZ3JhbnQtdHlwZSA9IGdyYW50LW5hbWUgLyBVUkktcmVmZXJlbmNlCiAgZ3JhbnQt bmFtZSA9IDEqbmFtZS1jaGFyCiAgbmFtZS1jaGFyICA9ICItIiAvICIuIiAvICJfIiAvIERJR0lU IC8gQUxQSEEKXV0+PC9hcnR3b3JrPgoJPC9maWd1cmU+CiAgICAgIDwvc2VjdGlvbj4KCiAgICAg IDxzZWN0aW9uIHRpdGxlPSciY29kZSIgU3ludGF4Jz4KCgk8ZmlndXJlPgoJICA8cHJlYW1ibGU+ CgkgICAgVGhlIDxzcGFueCBzdHlsZT0ndmVyYic+Y29kZTwvc3Bhbng+IGVsZW1lbnQgaXMgZGVm aW5lZCBpbgoJICAgIDx4cmVmIHRhcmdldD0idG9rZW4tcmVxIi8+OgoJICA8L3ByZWFtYmxlPgoJ ICA8YXJ0d29yaz48IVtDREFUQVsKICBjb2RlICAgICAgID0gMSpWU0NIQVIKXV0+PC9hcnR3b3Jr PgoJPC9maWd1cmU+CiAgICAgIDwvc2VjdGlvbj4KCiAgICAgIDxzZWN0aW9uIHRpdGxlPSciYWNj ZXNzX3Rva2VuIiBTeW50YXgnPgoKCTxmaWd1cmU+CgkgIDxwcmVhbWJsZT4KCSAgICBUaGUgPHNw YW54IHN0eWxlPSd2ZXJiJz5hY2Nlc3NfdG9rZW48L3NwYW54PiBlbGVtZW50IGlzIGRlZmluZWQg aW4KCSAgICA8eHJlZiB0YXJnZXQ9ImltcGxpY2l0LWF1dGh6LXJlc3AiLz4gYW5kCgkgICAgPHhy ZWYgdGFyZ2V0PSJ0b2tlbi1yZXNwb25zZSIvPjoKCSAgPC9wcmVhbWJsZT4KCSAgPGFydHdvcms+ PCFbQ0RBVEFbCiAgYWNjZXNzLXRva2VuID0gMSpWU0NIQVIKXV0+PC9hcnR3b3JrPgoJPC9maWd1 cmU+CiAgICAgIDwvc2VjdGlvbj4KCiAgICAgIDxzZWN0aW9uIHRpdGxlPScidG9rZW5fdHlwZSIg U3ludGF4Jz4KCgk8ZmlndXJlPgoJICA8cHJlYW1ibGU+CgkgICAgVGhlIDxzcGFueCBzdHlsZT0n dmVyYic+dG9rZW5fdHlwZTwvc3Bhbng+IGVsZW1lbnQgaXMgZGVmaW5lZCBpbgoJICAgIDx4cmVm IHRhcmdldD0iaW1wbGljaXQtYXV0aHotcmVzcCIvPiwKCSAgICA8eHJlZiB0YXJnZXQ9InRva2Vu LXJlc3BvbnNlIi8+LCBhbmQKCSAgICA8eHJlZiB0YXJnZXQ9Im5ldy10eXBlcyIvPjoKCSAgPC9w cmVhbWJsZT4KCSAgPGFydHdvcms+PCFbQ0RBVEFbCiAgdG9rZW4tdHlwZSA9IHR5cGUtbmFtZSAv IFVSSS1yZWZlcmVuY2UKICB0eXBlLW5hbWUgID0gMSpuYW1lLWNoYXIKICBuYW1lLWNoYXIgID0g Ii0iIC8gIi4iIC8gIl8iIC8gRElHSVQgLyBBTFBIQQpdXT48L2FydHdvcms+Cgk8L2ZpZ3VyZT4K ICAgICAgPC9zZWN0aW9uPgoKICAgICAgPHNlY3Rpb24gdGl0bGU9JyJleHBpcmVzX2luIiBTeW50 YXgnPgoKCTxmaWd1cmU+CgkgIDxwcmVhbWJsZT4KCSAgICBUaGUgPHNwYW54IHN0eWxlPSd2ZXJi Jz5leHBpcmVzX2luPC9zcGFueD4gZWxlbWVudCBpcyBkZWZpbmVkIGluCgkgICAgPHhyZWYgdGFy Z2V0PSJpbXBsaWNpdC1hdXRoei1yZXNwIi8+IGFuZAoJICAgIDx4cmVmIHRhcmdldD0idG9rZW4t cmVzcG9uc2UiLz46CgkgIDwvcHJlYW1ibGU+CgkgIDxhcnR3b3JrPjwhW0NEQVRBWwogIGV4cGly ZXMtaW4gPSAxKkRJR0lUCl1dPjwvYXJ0d29yaz4KCTwvZmlndXJlPgogICAgICA8L3NlY3Rpb24+ CgogICAgICA8c2VjdGlvbiB0aXRsZT0nInVzZXJuYW1lIiBTeW50YXgnPgoKCTxmaWd1cmU+Cgkg IDxwcmVhbWJsZT4KCSAgICBUaGUgPHNwYW54IHN0eWxlPSd2ZXJiJz51c2VybmFtZTwvc3Bhbng+ IGVsZW1lbnQgaXMgZGVmaW5lZCBpbgoJICAgIDx4cmVmIHRhcmdldD0icGFzc3dvcmQtdG9rLXJl cSIvPjoKCSAgPC9wcmVhbWJsZT4KCSAgPGFydHdvcms+PCFbQ0RBVEFbCiAgdXNlcm5hbWUgPSAq VU5JQ09ERU5PQ1RSTENIQVIKXV0+PC9hcnR3b3JrPgoJPC9maWd1cmU+CiAgICAgIDwvc2VjdGlv bj4KCiAgICAgIDxzZWN0aW9uIHRpdGxlPScicGFzc3dvcmQiIFN5bnRheCc+CgoJPGZpZ3VyZT4K CSAgPHByZWFtYmxlPgoJICAgIFRoZSA8c3Bhbnggc3R5bGU9J3ZlcmInPnBhc3N3b3JkPC9zcGFu eD4gZWxlbWVudCBpcyBkZWZpbmVkIGluCgkgICAgPHhyZWYgdGFyZ2V0PSJwYXNzd29yZC10b2st cmVxIi8+OgoJICA8L3ByZWFtYmxlPgoJICA8YXJ0d29yaz48IVtDREFUQVsKICBwYXNzd29yZCA9 ICpVTklDT0RFTk9DVFJMQ0hBUgpdXT48L2FydHdvcms+Cgk8L2ZpZ3VyZT4KICAgICAgPC9zZWN0 aW9uPgoKICAgICAgPHNlY3Rpb24gdGl0bGU9JyJyZWZyZXNoX3Rva2VuIiBTeW50YXgnPgoKCTxm aWd1cmU+CgkgIDxwcmVhbWJsZT4KCSAgICBUaGUgPHNwYW54IHN0eWxlPSd2ZXJiJz5yZWZyZXNo X3Rva2VuPC9zcGFueD4gZWxlbWVudCBpcyBkZWZpbmVkIGluCgkgICAgPHhyZWYgdGFyZ2V0PSJ0 b2tlbi1yZXNwb25zZSIvPiBhbmQKCSAgICA8eHJlZiB0YXJnZXQ9InRva2VuLXJlZnJlc2giLz46 CgkgIDwvcHJlYW1ibGU+CgkgIDxhcnR3b3JrPjwhW0NEQVRBWwogIHJlZnJlc2gtdG9rZW4gPSAx KlZTQ0hBUgpdXT48L2FydHdvcms+Cgk8L2ZpZ3VyZT4KICAgICAgPC9zZWN0aW9uPgoKICAgICAg PHNlY3Rpb24gdGl0bGU9J0VuZHBvaW50IFBhcmFtZXRlciBTeW50YXgnPgoKCTxmaWd1cmU+Cgkg IDxwcmVhbWJsZT4KCSAgICBUaGUgc3ludGF4IGZvciBuZXcgZW5kcG9pbnQgcGFyYW1ldGVycyBp cyBkZWZpbmVkIGluCgkgICAgPHhyZWYgdGFyZ2V0PSJlbmRwb2ludC1wYXJhbXMiLz46CgkgIDwv cHJlYW1ibGU+CgkgIDxhcnR3b3JrPjwhW0NEQVRBWwogIHBhcmFtLW5hbWUgPSAxKm5hbWUtY2hh cgogIG5hbWUtY2hhciAgPSAiLSIgLyAiLiIgLyAiXyIgLyBESUdJVCAvIEFMUEhBCl1dPjwvYXJ0 d29yaz4KCTwvZmlndXJlPgogICAgICA8L3NlY3Rpb24+CgogICAgPC9zZWN0aW9uPgoKICAgIDxz ZWN0aW9uIHRpdGxlPSdBY2tub3dsZWRnZW1lbnRzJz4KICAgICAgPHQ+CiAgICAgICAgVGhlIGlu aXRpYWwgT0F1dGggMi4wIHByb3RvY29sIHNwZWNpZmljYXRpb24gd2FzIGVkaXRlZCBieSBEYXZp ZCBSZWNvcmRvbiwgYmFzZWQgb24gdHdvCiAgICAgICAgcHJldmlvdXMgcHVibGljYXRpb25zOiB0 aGUgT0F1dGggMS4wIGNvbW11bml0eSBzcGVjaWZpY2F0aW9uIDx4cmVmIHRhcmdldD0nUkZDNTg0 OScgLz4sIGFuZAogICAgICAgIE9BdXRoIFdSQVAgKE9BdXRoIFdlYiBSZXNvdXJjZSBBdXRob3Jp emF0aW9uIFByb2ZpbGVzKQogICAgICAgIDx4cmVmIHRhcmdldD0nSS1ELmRyYWZ0LWhhcmR0LW9h dXRoLTAxJyAvPi4KCUVyYW4gSGFtbWVyIHRoZW4gZWRpdGVkIHRoZSBkcmFmdHMgdGhyb3VnaCBk cmFmdCAtMjYuCglUaGUgU2VjdXJpdHkgQ29uc2lkZXJhdGlvbnMgc2VjdGlvbiB3YXMgZHJhZnRl ZAogICAgICAgIGJ5IFRvcnN0ZW4gTG9kZGVyc3RlZHQsIE1hcmsgTWNHbG9pbiwgUGhpbCBIdW50 LCBBbnRob255IE5hZGFsaW4sIGFuZCBKb2huIEJyYWRsZXkuCglUaGUgQUJORiBzZWN0aW9uIHdh cyBkcmFmdGVkIGJ5IE1pY2hhZWwgQi4gSm9uZXMuCiAgICAgIDwvdD4KICAgICAgPHQ+CiAgICAg ICAgVGhlIE9BdXRoIDEuMCBjb21tdW5pdHkgc3BlY2lmaWNhdGlvbiB3YXMgZWRpdGVkIGJ5IEVy YW4gSGFtbWVyIGFuZCBhdXRob3JlZCBieQogICAgICAgIE1hcmsgQXR3b29kLCBEaXJrIEJhbGZh bnosIERhcnJlbiBCb3VuZHMsIFJpY2hhcmQgTS4gQ29ubGFuLCBCbGFpbmUgQ29vaywgTGVhaCBD dWx2ZXIsCiAgICAgICAgQnJlbm8gZGUgTWVkZWlyb3MsIEJyaWFuIEVhdG9uLCBLZWxsYW4gRWxs aW90dC1NY0NyZWEsIExhcnJ5IEhhbGZmLCBFcmFuIEhhbW1lciwKICAgICAgICBCZW4gTGF1cmll LCBDaHJpcyBNZXNzaW5hLCBKb2huIFBhbnplciwgU2FtIFF1aWdsZXksIERhdmlkIFJlY29yZG9u LCBFcmFuIFNhbmRsZXIsCiAgICAgICAgSm9uYXRoYW4gU2VyZ2VudCwgVG9kZCBTaWVsaW5nLCBC cmlhbiBTbGVzaW5za3ksIGFuZCBBbmR5IFNtaXRoLgogICAgICA8L3Q+CiAgICAgIDx0PgogICAg ICAgIFRoZSBPQXV0aCBXUkFQIHNwZWNpZmljYXRpb24gd2FzIGVkaXRlZCBieSBEaWNrIEhhcmR0 IGFuZCBhdXRob3JlZCBieSBCcmlhbiBFYXRvbiwKICAgICAgICBZYXJvbiBZLiBHb2xhbmQsIERp Y2sgSGFyZHQsIGFuZCBBbGxlbiBUb20uCiAgICAgIDwvdD4KICAgICAgPHQ+CiAgICAgICAgVGhp cyBzcGVjaWZpY2F0aW9uIGlzIHRoZSB3b3JrIG9mIHRoZSBPQXV0aCBXb3JraW5nIEdyb3VwIHdo aWNoIGluY2x1ZGVzIGRvemVucyBvZiBhY3RpdmUKICAgICAgICBhbmQgZGVkaWNhdGVkIHBhcnRp Y2lwYW50cy4gSW4gcGFydGljdWxhciwgdGhlIGZvbGxvd2luZyBpbmRpdmlkdWFscyBjb250cmli dXRlZCBpZGVhcywKICAgICAgICBmZWVkYmFjaywgYW5kIHdvcmRpbmcgd2hpY2ggc2hhcGVkIGFu ZCBmb3JtZWQgdGhlIGZpbmFsIHNwZWNpZmljYXRpb246CiAgICAgIDwvdD4KICAgICAgPHQ+CiAg ICAgICAgTWljaGFlbCBBZGFtcywgQW1hbmRhIEFuZ2FuZXMsIEFuZHJldyBBcm5vdHQsIERpcmsg QmFsZmFueiwgQWlkZW4gQmVsbCwgSm9obiBCcmFkbGV5LCBCcmlhbiBDYW1wYmVsbCwKICAgICAg ICBTY290dCBDYW50b3IsIE1hcmNvcyBDYWNlcmVzLCBCbGFpbmUgQ29vaywgUm9nZXIgQ3Jldywg QnJpYW4gRWF0b24sIFdlc2xleSBFZGR5LCBMZWFoIEN1bHZlciwKICAgICAgICBCaWxsIGRlIGhP cmEsIEFuZHJlIERlTWFycmUsIEJyaWFuIEVhdG9uLCBXb2x0ZXIgRWxkZXJpbmcsIEJyaWFuIEVs bGluLCBJZ29yIEZheW5iZXJnLAogICAgICAgIEdlb3JnZSBGbGV0Y2hlciwgVGltIEZyZWVtYW4s IEx1Y2EgRnJvc2luaSwgRXZhbiBHaWxiZXJ0LCBZYXJvbiBZLiBHb2xhbmQsIEJyZW50IEdvbGRt YW4sCiAgICAgICAgS3Jpc3RvZmZlciBHcm9ub3dza2ksIEVyYW4gSGFtbWVyLCBKdXN0aW4gSGFy dCwgRGljayBIYXJkdCwgQ3JhaWcgSGVhdGgsIFBoaWwgSHVudCwgTWljaGFlbCBCLiBKb25lcywK ICAgICAgICBUZXJyeSBKb25lcywgSm9obiBLZW1wLCBNYXJrIEtlbnQsIFJhZmZpIEtyaWtvcmlh biwgQ2hhc2VuIExlIEhhcmEsIFJhc211cyBMZXJkb3JmLAogICAgICAgIFRvcnN0ZW4gTG9kZGVy c3RlZHQsIEh1aS1MYW4gTHUsIENhc2V5IEx1Y2FzLCBQYXVsIE1hZHNlbiwgQWxhc3RhaXIgTWFp ciwgRXZlIE1hbGVyLAogICAgICAgIEphbWVzIE1hbmdlciwgTWFyayBNY0dsb2luLCBMYXVyZW5j ZSBNaWFvLCBXaWxsaWFtIE1pbGxzLCBDaHVjayBNb3J0aW1vcmUsIEFudGhvbnkgTmFkYWxpbiwK ICAgICAgICBKdWxpYW4gUmVzY2hrZSwgSnVzdGluIFJpY2hlciwgUGV0ZXIgU2FpbnQtQW5kcmUs IE5hdCBTYWtpbXVyYSwgUm9iIFNheXJlLAogICAgICAgIE1hcml1cyBTY3VydGVzY3UsIE5haXRp ayBTaGFoLCBMdWtlIFNoZXBhcmQsIFZsYWQgU2t2b3J0c292LCBKdXN0aW4gU21pdGgsIEhhaWJp biBTb25nLAogICAgICAgIE5pdiBTdGVpbmdhcnRlbiwgQ2hyaXN0aWFuIFN0dWVibmVyLCBKZXJl bXkgU3VyaWVsLCBQYXVsIFRhcmphbiwgQ2hyaXN0b3BoZXIgVGhvbWFzLAogICAgICAgIEhlbnJ5 IFMuIFRob21wc29uLCBBbGxlbiBUb20sIEZyYW5rbGluIFRzZSwgTmljayBXYWxrZXIsIFNoYW5l IFdlZWRlbiwgYW5kIFNreWxhciBXb29kd2FyZC4KICAgICAgPC90PgogICAgICA8dD4KICAgICAg ICBUaGlzIGRvY3VtZW50IHdhcyBwcm9kdWNlZCB1bmRlciB0aGUgY2hhaXJtYW5zaGlwIG9mIEJs YWluZSBDb29rLCBQZXRlciBTYWludC1BbmRyZSwKICAgICAgICBIYW5uZXMgVHNjaG9mZW5pZywg QmFycnkgTGVpYmEsIGFuZCBEZXJlayBBdGtpbnMuIFRoZSBhcmVhIGRpcmVjdG9ycyBpbmNsdWRl ZCBMaXNhIER1c3NlYXVsdCwKICAgICAgICBQZXRlciBTYWludC1BbmRyZSwgYW5kIFN0ZXBoZW4g RmFycmVsbC4KICAgICAgPC90PgogICAgPC9zZWN0aW9uPgoKICAgIDxzZWN0aW9uIHRpdGxlPSdE b2N1bWVudCBIaXN0b3J5Jz4KICAgICAgPHQ+CiAgICAgICAgW1sgdG8gYmUgcmVtb3ZlZCBieSB0 aGUgUkZDIGVkaXRvciBiZWZvcmUgcHVibGljYXRpb24gYXMgYW4gUkZDIF1dCiAgICAgIDwvdD4K ICAgICAgPHQ+CiAgICAgICAgLTI5CiAgICAgICAgPGxpc3Qgc3R5bGU9J3N5bWJvbHMnPgoJICA8 dD4KCSAgICBBZGRlZCAiTVVTVCIgdG8gIkEgcHVibGljIGNsaWVudCB0aGF0IHdhcyBub3QgaXNz dWVkIGEgY2xpZW50IHBhc3N3b3JkCgkgICAgTVVTVCB1c2UgdGhlIDxzcGFueCBzdHlsZT0ndmVy Yic+Y2xpZW50X2lkPC9zcGFueD4gcmVxdWVzdCBwYXJhbWV0ZXIgdG8KCSAgICBpZGVudGlmeSBp dHNlbGYgd2hlbiBzZW5kaW5nIHJlcXVlc3RzIHRvIHRoZSB0b2tlbiBlbmRwb2ludCIKCSAgICBh bmQgYWRkZWQgdGV4dCBleHBsYWluaW5nIHdoeSB0aGlzIG11c3QgYmUgc28uCgkgIDwvdD4KCSAg PHQ+CgkgICAgQWRkZWQgdGhhdCB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgTVVTVAoJICAgICJl bnN1cmUgdGhlIGF1dGhvcml6YXRpb24gY29kZSB3YXMgaXNzdWVkIHRvIHRoZSBhdXRoZW50aWNh dGVkIAoJICAgIGNvbmZpZGVudGlhbCBjbGllbnQgb3IgdG8gdGhlIHB1YmxpYyBjbGllbnQgaWRl bnRpZmllZCBieSB0aGUKCSAgICA8c3Bhbnggc3R5bGU9J3ZlcmInPmNsaWVudF9pZDwvc3Bhbng+ IGluIHRoZSByZXF1ZXN0Ii4KCSAgPC90PgoJICA8dD4KCSAgICBBZGRlZCBTZWN1cml0eSBDb25z aWRlcmF0aW9ucyBzZWN0aW9uCgkgICAgIk1pc3VzZSBvZiBBY2Nlc3MgVG9rZW4gdG8gSW1wZXJz b25hdGUgUmVzb3VyY2UgT3duZXIgYXQgUHVibGljIENsaWVudCIuCgkgIDwvdD4KCSAgPHQ+Cgkg ICAgRGVsZXRlZCAiO2NoYXJzZXQ9VVRGLTgiIGZyb20gZXhhbXBsZXMgZm9ybWVybHkgdXNpbmcK CSAgICAiQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQ7Y2hh cnNldD1VVEYtOCIuCgkgIDwvdD4KCSAgPHQ+CgkgICAgQWRkZWQgdGhlIHBocmFzZSAiYW5kIGEg Y2hhcmFjdGVyIGVuY29kaW5nIG9mIFVURi04IiB3aGVuCgkgICAgZGVzY3JpYmluZyBob3cgdG8g c2VuZCByZXF1ZXN0cyB1c2luZyB0aGUgSFRUUCByZXF1ZXN0IGVudGl0eS1ib2R5LAoJICAgIHBl ciBKdWxpYW4gUmVzY2hrZSdzIHN1Z2dlc3Rpb24uCgkgIDwvdD4KCSAgPHQ+CgkgICAgQWRkZWQg IlRoZSBBQk5GIGJlbG93IGlzIGRlZmluZWQgaW4gdGVybXMgb2YgVW5pY29kZSBjb2RlCgkgICAg cG9pbnRzIFtVTklDT0RFNV07IHRoZXNlIGNoYXJhY3RlcnMgYXJlIHR5cGljYWxseSBlbmNvZGVk IGluIFVURi04Ii4KCSAgPC90PgoJICA8dD4KCSAgICBGb3Igc3ltbWV0cnkgd2hlbiB1c2luZyBI VFRQIEJhc2ljIGF1dGhlbnRpY2F0aW9uLCBhbHNvIGFwcGx5CgkgICAgdGhlIDxzcGFueCBzdHls ZT0ndmVyYic+YXBwbGljYXRpb24veC13d3ctZm9ybS11cmxlbmNvZGVkPC9zcGFueD4KCSAgICBl bmNvZGluZyB0byB0aGUgY2xpZW50IHBhc3N3b3JkLCBqdXN0IGFzIHdhcyBhbHJlYWR5IGRvbmUg Zm9yCgkgICAgdGhlIGNsaWVudCBpZGVudGlmaWVyLgoJICA8L3Q+CgkgIDx0PgoJICAgIFJlZHVj ZWQgbXVsdGlwbGUgYmxhbmsgbGluZXMgYXJvdW5kIGFydHdvcmsgZWxlbWVudHMgdG8gc2luZ2xl IGJsYW5rIGxpbmVzLgoJICA8L3Q+CgkgIDx0PgoJICAgIFJlbW92ZWQgRXJhbiBIYW1tZXIncyBu YW1lIGZyb20gdGhlIGF1dGhvciBsaXN0LCBhdCBoaXMgcmVxdWVzdC4KCSAgICBEaWNrIEhhcmR0 IGlzIG5vdyBsaXN0ZWQgYXMgdGhlIGVkaXRvci4KCSAgPC90PgogICAgICAgIDwvbGlzdD4KICAg ICAgPC90PgogICAgICA8dD4KICAgICAgICAtMjgKICAgICAgICA8bGlzdCBzdHlsZT0nc3ltYm9s cyc+CgkgIDx0PgoJICAgIFVwZGF0ZWQgdGhlIEFCTkYgaW4gdGhlIG1hbm5lciBkaXNjdXNzZWQg YnkgdGhlIHdvcmtpbmcKCSAgICBncm91cCwgYWxsb3dpbmcgPHNwYW54IHN0eWxlPSd2ZXJiJz51 c2VybmFtZTwvc3Bhbng+IGFuZAoJICAgIDxzcGFueCBzdHlsZT0ndmVyYic+cGFzc3dvcmQ8L3Nw YW54PiB0byBiZSBVbmljb2RlIGFuZAoJICAgIHJlc3RyaWN0aW5nIDxzcGFueCBzdHlsZT0ndmVy Yic+Y2xpZW50X2lkPC9zcGFueD4gYW5kCgkgICAgPHNwYW54IHN0eWxlPSd2ZXJiJz5jbGllbnRf c2VjcmV0PC9zcGFueD4gdG8gQVNDSUkuCgkgIDwvdD4KCSAgPHQ+CgkgICAgU3BlY2lmaWVkIHRo ZSB1c2Ugb2YgdGhlIGFwcGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJsZW5jb2RlZCBjb250ZW50LXR5 cGUKCSAgICBlbmNvZGluZyBtZXRob2QgdG8gZW5jb2RlIHRoZSA8c3Bhbnggc3R5bGU9J3ZlcmIn PmNsaWVudF9pZDwvc3Bhbng+CgkgICAgd2hlbiB1c2VkIGFzIHRoZSBwYXNzd29yZCBmb3IgSFRU UCBCYXNpYy4KCSAgPC90PgogICAgICAgIDwvbGlzdD4KICAgICAgPC90PgogICAgICA8dD4KICAg ICAgICAtMjcKICAgICAgICA8bGlzdCBzdHlsZT0nc3ltYm9scyc+CgkgIDx0PgoJICAgIEFkZGVk IGNoYXJhY3RlciBzZXQgcmVzdHJpY3Rpb25zIGZvciBlcnJvciwgZXJyb3JfZGVzY3JpcHRpb24s IGFuZCBlcnJvcl91cmkgcGFyYW1ldGVycyBjb25zaXN0ZW50IHdpdGggdGhlIE9BdXRoIEJlYXJl ciBzcGVjLgoJICA8L3Q+CgkgIDx0PgoJICAgIEFkZGVkICJyZXNvdXJjZSBhY2Nlc3MgZXJyb3Ig cmVzcG9uc2UiIGFzIGFuIGVycm9yIHVzYWdlIGxvY2F0aW9uIGluIHRoZSBPQXV0aCBFeHRlbnNp b25zIEVycm9yIFJlZ2lzdHJ5LgoJICA8L3Q+CgkgIDx0PgoJICAgIEFkZGVkIGFuIEFCTkYgZm9y IGFsbCBtZXNzYWdlIGVsZW1lbnRzLgoJICA8L3Q+CgkgIDx0PgoJICAgIENvcnJlY3RlZCBlZGl0 b3JpYWwgaXNzdWVzIGlkZW50aWZpZWQgZHVyaW5nIHJldmlldy4KCSAgPC90PgogICAgICAgIDwv bGlzdD4KICAgICAgPC90PgogICAgPC9zZWN0aW9uPgoKICA8L2JhY2s+Cgo8L3JmYz4K --_007_4E1F6AAD24975D4BA5B16804296739436657C93ATK5EX14MBXC283r_-- From Michael.Jones@microsoft.com Mon Jul 9 06:36:14 2012 Return-Path: X-Original-To: oauth@ietfa.amsl.com Delivered-To: oauth@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2AA4B11E8080 for ; Mon, 9 Jul 2012 06:36:14 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: 0 X-Spam-Level: X-Spam-Status: No, score=x tagged_above=-999 required=5 tests=[] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mnFf1--ii1R3 for ; Mon, 9 Jul 2012 06:36:13 -0700 (PDT) Received: from db3outboundpool.messaging.microsoft.com (db3ehsobe004.messaging.microsoft.com [213.199.154.142]) by ietfa.amsl.com (Postfix) with ESMTP id 6A76121F8618 for ; Mon, 9 Jul 2012 06:36:09 -0700 (PDT) Received: from mail112-db3-R.bigfish.com (10.3.81.238) by DB3EHSOBE001.bigfish.com (10.3.84.21) with Microsoft SMTP Server id 14.1.225.23; Mon, 9 Jul 2012 13:34:16 +0000 Received: from mail112-db3 (localhost [127.0.0.1]) by mail112-db3-R.bigfish.com (Postfix) with ESMTP id 2993DC0584 for ; Mon, 9 Jul 2012 13:34:17 +0000 (UTC) X-Forefront-Antispam-Report: CIP:131.107.125.8; KIP:(null); UIP:(null); IPV:NLI; H:TK5EX14HUBC104.redmond.corp.microsoft.com; RD:none; EFVD:NLI X-SpamScore: 0 X-BigFish: VS0(zzc85fhzz1202hzz8275bh8275dhz2fh793h2a8h668h839hd25hf0ah107ah34h) Received-SPF: pass (mail112-db3: domain of microsoft.com designates 131.107.125.8 as permitted sender) client-ip=131.107.125.8; envelope-from=Michael.Jones@microsoft.com; helo=TK5EX14HUBC104.redmond.corp.microsoft.com ; icrosoft.com ; Received: from mail112-db3 (localhost.localdomain [127.0.0.1]) by mail112-db3 (MessageSwitch) id 1341840854741303_21684; Mon, 9 Jul 2012 13:34:14 +0000 (UTC) Received: from DB3EHSMHS007.bigfish.com (unknown [10.3.81.251]) by mail112-db3.bigfish.com (Postfix) with ESMTP id AC76A1A0048 for ; Mon, 9 Jul 2012 13:34:14 +0000 (UTC) Received: from TK5EX14HUBC104.redmond.corp.microsoft.com (131.107.125.8) by DB3EHSMHS007.bigfish.com (10.3.87.107) with Microsoft SMTP Server (TLS) id 14.1.225.23; Mon, 9 Jul 2012 13:34:11 +0000 Received: from TK5EX14MBXC283.redmond.corp.microsoft.com ([169.254.2.53]) by TK5EX14HUBC104.redmond.corp.microsoft.com ([157.54.80.25]) with mapi id 14.02.0309.003; Mon, 9 Jul 2012 13:36:24 +0000 From: Mike Jones To: "oauth@ietf.org" Thread-Topic: Preliminary OAuth Bearer draft -22 Thread-Index: Ac1d184wC/DmtKOCS6uLorWyabyv0w== Date: Mon, 9 Jul 2012 13:36:22 +0000 Message-ID: <4E1F6AAD24975D4BA5B16804296739436657CD16@TK5EX14MBXC283.redmond.corp.microsoft.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: yes X-MS-TNEF-Correlator: x-originating-ip: [157.54.51.32] Content-Type: multipart/mixed; boundary="_007_4E1F6AAD24975D4BA5B16804296739436657CD16TK5EX14MBXC283r_" MIME-Version: 1.0 X-OriginatorOrg: microsoft.com Subject: [OAUTH-WG] Preliminary OAuth Bearer draft -22 X-BeenThere: oauth@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: OAUTH WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 09 Jul 2012 13:36:14 -0000 --_007_4E1F6AAD24975D4BA5B16804296739436657CD16TK5EX14MBXC283r_ Content-Type: multipart/alternative; boundary="_000_4E1F6AAD24975D4BA5B16804296739436657CD16TK5EX14MBXC283r_" --_000_4E1F6AAD24975D4BA5B16804296739436657CD16TK5EX14MBXC283r_ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable A preliminary version of OAuth Bearer draft -22 is attached for the working= group's consideration and discussion on today's call. The dependency upon= HTTPbis has been removed so that the specification can be approved as an R= FC before HTTPbis finishes. (OAuth Core already had no dependency upon HTT= Pbis.) Changes are: * Removed uses of HTTPbis in favor of RFC 2616 and RFC 2617. * Match formatting of artwork elements with OAuth core specification. -- Mike --_000_4E1F6AAD24975D4BA5B16804296739436657CD16TK5EX14MBXC283r_ Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable

A preliminary version of OAuth Bearer draft -22 is a= ttached for the working group’s consideration and discussion on today= ’s call.  The dependency upon HTTPbis has been removed so that t= he specification can be approved as an RFC before HTTPbis finishes.  (OAuth Core already had no dependency upon HTTPbis.) = Changes are:

  • Removed uses of HTTPbis in favor of RFC 2616 and RFC 2617.
  • Match formatting of artwork elements with OAuth c= ore specification.

 

        &nbs= p;            &= nbsp;           &nbs= p;            &= nbsp;           &nbs= p; -- Mike

 

--_000_4E1F6AAD24975D4BA5B16804296739436657CD16TK5EX14MBXC283r_-- --_007_4E1F6AAD24975D4BA5B16804296739436657CD16TK5EX14MBXC283r_ Content-Type: text/plain; name="draft-ietf-oauth-v2-bearer-22 preliminary.txt" Content-Description: draft-ietf-oauth-v2-bearer-22 preliminary.txt Content-Disposition: attachment; filename="draft-ietf-oauth-v2-bearer-22 preliminary.txt"; size=52136; creation-date="Mon, 09 Jul 2012 13:30:35 GMT"; modification-date="Mon, 09 Jul 2012 13:27:47 GMT" Content-Transfer-Encoding: base64 CgoKT0F1dGggV29ya2luZyBHcm91cCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgIE0uIEpvbmVzCkludGVybmV0LURyYWZ0ICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgIE1pY3Jvc29mdApJbnRlbmRlZCBzdGF0dXM6IFN0YW5k YXJkcyBUcmFjayAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgRC4gSGFyZHQKRXhwaXJl czogSmFudWFyeSAxMCwgMjAxMyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGlu ZGVwZW5kZW50CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICBELiBSZWNvcmRvbgogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgRmFjZWJvb2sKICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgSnVseSA5LCAyMDEy CgoKICAgICAgIFRoZSBPQXV0aCAyLjAgQXV0aG9yaXphdGlvbiBGcmFtZXdvcms6IEJlYXJlciBU b2tlbiBVc2FnZQogICAgICAgICAgICAgICAgICAgICBkcmFmdC1pZXRmLW9hdXRoLXYyLWJlYXJl ci0yMgoKQWJzdHJhY3QKCiAgIFRoaXMgc3BlY2lmaWNhdGlvbiBkZXNjcmliZXMgaG93IHRvIHVz ZSBiZWFyZXIgdG9rZW5zIGluIEhUVFAKICAgcmVxdWVzdHMgdG8gYWNjZXNzIE9BdXRoIDIuMCBw cm90ZWN0ZWQgcmVzb3VyY2VzLiAgQW55IHBhcnR5IGluCiAgIHBvc3Nlc3Npb24gb2YgYSBiZWFy ZXIgdG9rZW4gKGEgImJlYXJlciIpIGNhbiB1c2UgaXQgdG8gZ2V0IGFjY2VzcyB0bwogICB0aGUg YXNzb2NpYXRlZCByZXNvdXJjZXMgKHdpdGhvdXQgZGVtb25zdHJhdGluZyBwb3NzZXNzaW9uIG9m IGEKICAgY3J5cHRvZ3JhcGhpYyBrZXkpLiAgVG8gcHJldmVudCBtaXN1c2UsIGJlYXJlciB0b2tl bnMgbmVlZCB0byBiZQogICBwcm90ZWN0ZWQgZnJvbSBkaXNjbG9zdXJlIGluIHN0b3JhZ2UgYW5k IGluIHRyYW5zcG9ydC4KClN0YXR1cyBvZiB0aGlzIE1lbW8KCiAgIFRoaXMgSW50ZXJuZXQtRHJh ZnQgaXMgc3VibWl0dGVkIGluIGZ1bGwgY29uZm9ybWFuY2Ugd2l0aCB0aGUKICAgcHJvdmlzaW9u cyBvZiBCQ1AgNzggYW5kIEJDUCA3OS4KCiAgIEludGVybmV0LURyYWZ0cyBhcmUgd29ya2luZyBk b2N1bWVudHMgb2YgdGhlIEludGVybmV0IEVuZ2luZWVyaW5nCiAgIFRhc2sgRm9yY2UgKElFVEYp LiAgTm90ZSB0aGF0IG90aGVyIGdyb3VwcyBtYXkgYWxzbyBkaXN0cmlidXRlCiAgIHdvcmtpbmcg ZG9jdW1lbnRzIGFzIEludGVybmV0LURyYWZ0cy4gIFRoZSBsaXN0IG9mIGN1cnJlbnQgSW50ZXJu ZXQtCiAgIERyYWZ0cyBpcyBhdCBodHRwOi8vZGF0YXRyYWNrZXIuaWV0Zi5vcmcvZHJhZnRzL2N1 cnJlbnQvLgoKICAgSW50ZXJuZXQtRHJhZnRzIGFyZSBkcmFmdCBkb2N1bWVudHMgdmFsaWQgZm9y IGEgbWF4aW11bSBvZiBzaXggbW9udGhzCiAgIGFuZCBtYXkgYmUgdXBkYXRlZCwgcmVwbGFjZWQs IG9yIG9ic29sZXRlZCBieSBvdGhlciBkb2N1bWVudHMgYXQgYW55CiAgIHRpbWUuICBJdCBpcyBp bmFwcHJvcHJpYXRlIHRvIHVzZSBJbnRlcm5ldC1EcmFmdHMgYXMgcmVmZXJlbmNlCiAgIG1hdGVy aWFsIG9yIHRvIGNpdGUgdGhlbSBvdGhlciB0aGFuIGFzICJ3b3JrIGluIHByb2dyZXNzLiIKCiAg IFRoaXMgSW50ZXJuZXQtRHJhZnQgd2lsbCBleHBpcmUgb24gSmFudWFyeSAxMCwgMjAxMy4KCkNv cHlyaWdodCBOb3RpY2UKCiAgIENvcHlyaWdodCAoYykgMjAxMiBJRVRGIFRydXN0IGFuZCB0aGUg cGVyc29ucyBpZGVudGlmaWVkIGFzIHRoZQogICBkb2N1bWVudCBhdXRob3JzLiAgQWxsIHJpZ2h0 cyByZXNlcnZlZC4KCiAgIFRoaXMgZG9jdW1lbnQgaXMgc3ViamVjdCB0byBCQ1AgNzggYW5kIHRo ZSBJRVRGIFRydXN0J3MgTGVnYWwKICAgUHJvdmlzaW9ucyBSZWxhdGluZyB0byBJRVRGIERvY3Vt ZW50cwogICAoaHR0cDovL3RydXN0ZWUuaWV0Zi5vcmcvbGljZW5zZS1pbmZvKSBpbiBlZmZlY3Qg b24gdGhlIGRhdGUgb2YKICAgcHVibGljYXRpb24gb2YgdGhpcyBkb2N1bWVudC4gIFBsZWFzZSBy ZXZpZXcgdGhlc2UgZG9jdW1lbnRzCiAgIGNhcmVmdWxseSwgYXMgdGhleSBkZXNjcmliZSB5b3Vy IHJpZ2h0cyBhbmQgcmVzdHJpY3Rpb25zIHdpdGggcmVzcGVjdAoKCgpKb25lcywgZXQgYWwuICAg ICAgICAgICBFeHBpcmVzIEphbnVhcnkgMTAsIDIwMTMgICAgICAgICAgICAgICAgW1BhZ2UgMV0K DApJbnRlcm5ldC1EcmFmdCAgICAgICAgT0F1dGggMi4wIEJlYXJlciBUb2tlbiBVc2FnZSAgICAg ICAgICAgICBKdWx5IDIwMTIKCgogICB0byB0aGlzIGRvY3VtZW50LiAgQ29kZSBDb21wb25lbnRz IGV4dHJhY3RlZCBmcm9tIHRoaXMgZG9jdW1lbnQgbXVzdAogICBpbmNsdWRlIFNpbXBsaWZpZWQg QlNEIExpY2Vuc2UgdGV4dCBhcyBkZXNjcmliZWQgaW4gU2VjdGlvbiA0LmUgb2YKICAgdGhlIFRy dXN0IExlZ2FsIFByb3Zpc2lvbnMgYW5kIGFyZSBwcm92aWRlZCB3aXRob3V0IHdhcnJhbnR5IGFz CiAgIGRlc2NyaWJlZCBpbiB0aGUgU2ltcGxpZmllZCBCU0QgTGljZW5zZS4KCgpUYWJsZSBvZiBD b250ZW50cwoKICAgMS4gIEludHJvZHVjdGlvbiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4g LiAuIC4gLiAuIC4gLiAuIC4gLiAuICAzCiAgICAgMS4xLiAgTm90YXRpb25hbCBDb252ZW50aW9u cyAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAgMwogICAgIDEuMi4gIFRlcm1p bm9sb2d5ICAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gIDMK ICAgICAxLjMuICBPdmVydmlldyAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAu IC4gLiAuIC4gLiAuICA0CiAgIDIuICBBdXRoZW50aWNhdGVkIFJlcXVlc3RzIC4gLiAuIC4gLiAu IC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAgNQogICAgIDIuMS4gIEF1dGhvcml6YXRpb24g UmVxdWVzdCBIZWFkZXIgRmllbGQgLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gIDUKICAgICAyLjIu ICBGb3JtLUVuY29kZWQgQm9keSBQYXJhbWV0ZXIgIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4g LiAuICA2CiAgICAgMi4zLiAgVVJJIFF1ZXJ5IFBhcmFtZXRlciAgLiAuIC4gLiAuIC4gLiAuIC4g LiAuIC4gLiAuIC4gLiAuIC4gLiAgNwogICAzLiAgVGhlIFdXVy1BdXRoZW50aWNhdGUgUmVzcG9u c2UgSGVhZGVyIEZpZWxkIC4gLiAuIC4gLiAuIC4gLiAuIC4gIDgKICAgICAzLjEuICBFcnJvciBD b2RlcyAgLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuICA5CiAg IDQuICBFeGFtcGxlIEFjY2VzcyBUb2tlbiBSZXNwb25zZSAgLiAuIC4gLiAuIC4gLiAuIC4gLiAu IC4gLiAuIC4gLiAxMAogICA1LiAgU2VjdXJpdHkgQ29uc2lkZXJhdGlvbnMgIC4gLiAuIC4gLiAu IC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gMTAKICAgICA1LjEuICBTZWN1cml0eSBUaHJlYXRz IC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIDExCiAgICAgNS4yLiAg VGhyZWF0IE1pdGlnYXRpb24gIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4g LiAxMQogICAgIDUuMy4gIFN1bW1hcnkgb2YgUmVjb21tZW5kYXRpb25zIC4gLiAuIC4gLiAuIC4g LiAuIC4gLiAuIC4gLiAuIC4gMTMKICAgNi4gIElBTkEgQ29uc2lkZXJhdGlvbnMgIC4gLiAuIC4g LiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIDE0CiAgICAgNi4xLiAgT0F1dGggQWNj ZXNzIFRva2VuIFR5cGUgUmVnaXN0cmF0aW9uIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAxNAogICAg ICAgNi4xLjEuICBUaGUgIkJlYXJlciIgT0F1dGggQWNjZXNzIFRva2VuIFR5cGUgLiAuIC4gLiAu IC4gLiAuIC4gMTQKICAgICA2LjIuICBPQXV0aCBFeHRlbnNpb25zIEVycm9yIFJlZ2lzdHJhdGlv biAgLiAuIC4gLiAuIC4gLiAuIC4gLiAuIDE0CiAgICAgICA2LjIuMS4gIFRoZSAiaW52YWxpZF9y ZXF1ZXN0IiBFcnJvciBWYWx1ZSAgLiAuIC4gLiAuIC4gLiAuIC4gLiAxNQogICAgICAgNi4yLjIu ICBUaGUgImludmFsaWRfdG9rZW4iIEVycm9yIFZhbHVlICAuIC4gLiAuIC4gLiAuIC4gLiAuIC4g MTUKICAgICAgIDYuMi4zLiAgVGhlICJpbnN1ZmZpY2llbnRfc2NvcGUiIEVycm9yIFZhbHVlIC4g LiAuIC4gLiAuIC4gLiAuIDE1CiAgIDcuICBSZWZlcmVuY2VzIC4gLiAuIC4gLiAuIC4gLiAuIC4g LiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAxNgogICAgIDcuMS4gIE5vcm1hdGl2ZSBS ZWZlcmVuY2VzIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gMTYKICAgICA3 LjIuICBJbmZvcm1hdGl2ZSBSZWZlcmVuY2VzIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAu IC4gLiAuIDE3CiAgIEFwcGVuZGl4IEEuICBBY2tub3dsZWRnZW1lbnRzICAuIC4gLiAuIC4gLiAu IC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAxOAogICBBcHBlbmRpeCBCLiAgRG9jdW1lbnQgSGlzdG9y eSAgLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gMTgKICAgQXV0aG9ycycgQWRk cmVzc2VzIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIDI2 CgoKCgoKCgoKCgoKCgoKCkpvbmVzLCBldCBhbC4gICAgICAgICAgIEV4cGlyZXMgSmFudWFyeSAx MCwgMjAxMyAgICAgICAgICAgICAgICBbUGFnZSAyXQoMCkludGVybmV0LURyYWZ0ICAgICAgICBP QXV0aCAyLjAgQmVhcmVyIFRva2VuIFVzYWdlICAgICAgICAgICAgIEp1bHkgMjAxMgoKCjEuICBJ bnRyb2R1Y3Rpb24KCiAgIE9BdXRoIGVuYWJsZXMgY2xpZW50cyB0byBhY2Nlc3MgcHJvdGVjdGVk IHJlc291cmNlcyBieSBvYnRhaW5pbmcgYW4KICAgYWNjZXNzIHRva2VuLCB3aGljaCBpcyBkZWZp bmVkIGluIE9BdXRoIDIuMCBBdXRob3JpemF0aW9uCiAgIFtJLUQuaWV0Zi1vYXV0aC12Ml0gYXMg ImEgc3RyaW5nIHJlcHJlc2VudGluZyBhbiBhY2Nlc3MgYXV0aG9yaXphdGlvbgogICBpc3N1ZWQg dG8gdGhlIGNsaWVudCIsIHJhdGhlciB0aGFuIHVzaW5nIHRoZSByZXNvdXJjZSBvd25lcidzCiAg IGNyZWRlbnRpYWxzIGRpcmVjdGx5LgoKICAgVG9rZW5zIGFyZSBpc3N1ZWQgdG8gY2xpZW50cyBi eSBhbiBhdXRob3JpemF0aW9uIHNlcnZlciB3aXRoIHRoZQogICBhcHByb3ZhbCBvZiB0aGUgcmVz b3VyY2Ugb3duZXIuICBUaGUgY2xpZW50IHVzZXMgdGhlIGFjY2VzcyB0b2tlbiB0bwogICBhY2Nl c3MgdGhlIHByb3RlY3RlZCByZXNvdXJjZXMgaG9zdGVkIGJ5IHRoZSByZXNvdXJjZSBzZXJ2ZXIu ICBUaGlzCiAgIHNwZWNpZmljYXRpb24gZGVzY3JpYmVzIGhvdyB0byBtYWtlIHByb3RlY3RlZCBy ZXNvdXJjZSByZXF1ZXN0cyB3aGVuCiAgIHRoZSBPQXV0aCBhY2Nlc3MgdG9rZW4gaXMgYSBiZWFy ZXIgdG9rZW4uCgogICBUaGlzIHNwZWNpZmljYXRpb24gZGVmaW5lcyB0aGUgdXNlIG9mIGJlYXJl ciB0b2tlbnMgb3ZlciBIVFRQLzEuMQogICBbUkZDMjYxNl0gdXNpbmcgVExTIFtSRkM1MjQ2XSB0 byBhY2Nlc3MgcHJvdGVjdGVkIHJlc291cmNlcy4gIFRMUyBpcwogICBtYW5kYXRvcnkgdG8gaW1w bGVtZW50IGFuZCB1c2Ugd2l0aCB0aGlzIHNwZWNpZmljYXRpb247IG90aGVyCiAgIHNwZWNpZmlj YXRpb25zIG1heSBleHRlbmQgdGhpcyBzcGVjaWZpY2F0aW9uIGZvciB1c2Ugd2l0aCBvdGhlcgog ICBwcm90b2NvbHMuICBXaGlsZSBkZXNpZ25lZCBmb3IgdXNlIHdpdGggYWNjZXNzIHRva2VucyBy ZXN1bHRpbmcgZnJvbQogICBPQXV0aCAyLjAgQXV0aG9yaXphdGlvbiBbSS1ELmlldGYtb2F1dGgt djJdIGZsb3dzIHRvIGFjY2VzcyBPQXV0aAogICBwcm90ZWN0ZWQgcmVzb3VyY2VzLCB0aGlzIHNw ZWNpZmljYXRpb24gYWN0dWFsbHkgZGVmaW5lcyBhIGdlbmVyYWwKICAgSFRUUCBhdXRob3JpemF0 aW9uIG1ldGhvZCB0aGF0IGNhbiBiZSB1c2VkIHdpdGggYmVhcmVyIHRva2VucyBmcm9tCiAgIGFu eSBzb3VyY2UgdG8gYWNjZXNzIGFueSByZXNvdXJjZXMgcHJvdGVjdGVkIGJ5IHRob3NlIGJlYXJl ciB0b2tlbnMuCiAgIFRoZSBCZWFyZXIgYXV0aGVudGljYXRpb24gc2NoZW1lIGlzIGludGVuZGVk IHByaW1hcmlseSBmb3Igc2VydmVyCiAgIGF1dGhlbnRpY2F0aW9uIHVzaW5nIHRoZSBXV1ctQXV0 aGVudGljYXRlIGFuZCBBdXRob3JpemF0aW9uIEhUVFAKICAgaGVhZGVycywgYnV0IGRvZXMgbm90 IHByZWNsdWRlIGl0cyB1c2UgZm9yIHByb3h5IGF1dGhlbnRpY2F0aW9uLgoKMS4xLiAgTm90YXRp b25hbCBDb252ZW50aW9ucwoKICAgVGhlIGtleSB3b3JkcyAiTVVTVCIsICJNVVNUIE5PVCIsICJS RVFVSVJFRCIsICJTSEFMTCIsICJTSEFMTCBOT1QiLAogICAiU0hPVUxEIiwgIlNIT1VMRCBOT1Qi LCAiUkVDT01NRU5ERUQiLCAiTUFZIiwgYW5kICJPUFRJT05BTCIgaW4gdGhpcwogICBkb2N1bWVu dCBhcmUgdG8gYmUgaW50ZXJwcmV0ZWQgYXMgZGVzY3JpYmVkIGluIEtleSB3b3JkcyBmb3IgdXNl IGluCiAgIFJGQ3MgdG8gSW5kaWNhdGUgUmVxdWlyZW1lbnQgTGV2ZWxzIFtSRkMyMTE5XS4KCiAg IFRoaXMgZG9jdW1lbnQgdXNlcyB0aGUgQXVnbWVudGVkIEJhY2t1cy1OYXVyIEZvcm0gKEFCTkYp IG5vdGF0aW9uIG9mCiAgIFtSRkM1MjM0XS4gIEFkZGl0aW9uYWxseSwgdGhlIGZvbGxvd2luZyBy dWxlcyBhcmUgaW5jbHVkZWQgZnJvbQogICBIVFRQLzEuMSBbUkZDMjYxN106IGF1dGgtcGFyYW0g YW5kIGF1dGgtc2NoZW1lOyBhbmQgZnJvbSBVbmlmb3JtCiAgIFJlc291cmNlIElkZW50aWZpZXIg KFVSSSkgW1JGQzM5ODZdOiBVUkktUmVmZXJlbmNlLgoKICAgVW5sZXNzIG90aGVyd2lzZSBub3Rl ZCwgYWxsIHRoZSBwcm90b2NvbCBwYXJhbWV0ZXIgbmFtZXMgYW5kIHZhbHVlcwogICBhcmUgY2Fz ZSBzZW5zaXRpdmUuCgoxLjIuICBUZXJtaW5vbG9neQoKCgoKCgoKCkpvbmVzLCBldCBhbC4gICAg ICAgICAgIEV4cGlyZXMgSmFudWFyeSAxMCwgMjAxMyAgICAgICAgICAgICAgICBbUGFnZSAzXQoM CkludGVybmV0LURyYWZ0ICAgICAgICBPQXV0aCAyLjAgQmVhcmVyIFRva2VuIFVzYWdlICAgICAg ICAgICAgIEp1bHkgMjAxMgoKCiAgIEJlYXJlciBUb2tlbgogICAgICBBIHNlY3VyaXR5IHRva2Vu IHdpdGggdGhlIHByb3BlcnR5IHRoYXQgYW55IHBhcnR5IGluIHBvc3Nlc3Npb24gb2YKICAgICAg dGhlIHRva2VuIChhICJiZWFyZXIiKSBjYW4gdXNlIHRoZSB0b2tlbiBpbiBhbnkgd2F5IHRoYXQg YW55IG90aGVyCiAgICAgIHBhcnR5IGluIHBvc3Nlc3Npb24gb2YgaXQgY2FuLiAgVXNpbmcgYSBi ZWFyZXIgdG9rZW4gZG9lcyBub3QKICAgICAgcmVxdWlyZSBhIGJlYXJlciB0byBwcm92ZSBwb3Nz ZXNzaW9uIG9mIGNyeXB0b2dyYXBoaWMga2V5IG1hdGVyaWFsCiAgICAgIChwcm9vZi1vZi1wb3Nz ZXNzaW9uKS4KCiAgIEFsbCBvdGhlciB0ZXJtcyBhcmUgYXMgZGVmaW5lZCBpbiBPQXV0aCAyLjAg QXV0aG9yaXphdGlvbgogICBbSS1ELmlldGYtb2F1dGgtdjJdLgoKMS4zLiAgT3ZlcnZpZXcKCiAg IE9BdXRoIHByb3ZpZGVzIGEgbWV0aG9kIGZvciBjbGllbnRzIHRvIGFjY2VzcyBhIHByb3RlY3Rl ZCByZXNvdXJjZSBvbgogICBiZWhhbGYgb2YgYSByZXNvdXJjZSBvd25lci4gIEluIHRoZSBnZW5l cmFsIGNhc2UsIGJlZm9yZSBhIGNsaWVudCBjYW4KICAgYWNjZXNzIGEgcHJvdGVjdGVkIHJlc291 cmNlLCBpdCBtdXN0IGZpcnN0IG9idGFpbiBhbiBhdXRob3JpemF0aW9uCiAgIGdyYW50IGZyb20g dGhlIHJlc291cmNlIG93bmVyIGFuZCB0aGVuIGV4Y2hhbmdlIHRoZSBhdXRob3JpemF0aW9uCiAg IGdyYW50IGZvciBhbiBhY2Nlc3MgdG9rZW4uICBUaGUgYWNjZXNzIHRva2VuIHJlcHJlc2VudHMg dGhlIGdyYW50J3MKICAgc2NvcGUsIGR1cmF0aW9uLCBhbmQgb3RoZXIgYXR0cmlidXRlcyBncmFu dGVkIGJ5IHRoZSBhdXRob3JpemF0aW9uCiAgIGdyYW50LiAgVGhlIGNsaWVudCBhY2Nlc3NlcyB0 aGUgcHJvdGVjdGVkIHJlc291cmNlIGJ5IHByZXNlbnRpbmcgdGhlCiAgIGFjY2VzcyB0b2tlbiB0 byB0aGUgcmVzb3VyY2Ugc2VydmVyLiAgSW4gc29tZSBjYXNlcywgYSBjbGllbnQgY2FuCiAgIGRp cmVjdGx5IHByZXNlbnQgaXRzIG93biBjcmVkZW50aWFscyB0byBhbiBhdXRob3JpemF0aW9uIHNl cnZlciB0bwogICBvYnRhaW4gYW4gYWNjZXNzIHRva2VuIHdpdGhvdXQgaGF2aW5nIHRvIGZpcnN0 IG9idGFpbiBhbgogICBhdXRob3JpemF0aW9uIGdyYW50IGZyb20gYSByZXNvdXJjZSBvd25lci4K CiAgIFRoZSBhY2Nlc3MgdG9rZW4gcHJvdmlkZXMgYW4gYWJzdHJhY3Rpb24sIHJlcGxhY2luZyBk aWZmZXJlbnQKICAgYXV0aG9yaXphdGlvbiBjb25zdHJ1Y3RzIChlLmcuLCB1c2VybmFtZSBhbmQg cGFzc3dvcmQsIGFzc2VydGlvbikgZm9yCiAgIGEgc2luZ2xlIHRva2VuIHVuZGVyc3Rvb2QgYnkg dGhlIHJlc291cmNlIHNlcnZlci4gIFRoaXMgYWJzdHJhY3Rpb24KICAgZW5hYmxlcyBpc3N1aW5n IGFjY2VzcyB0b2tlbnMgdmFsaWQgZm9yIGEgc2hvcnQgdGltZSBwZXJpb2QsIGFzIHdlbGwKICAg YXMgcmVtb3ZpbmcgdGhlIHJlc291cmNlIHNlcnZlcidzIG5lZWQgdG8gdW5kZXJzdGFuZCBhIHdp ZGUgcmFuZ2Ugb2YKICAgYXV0aGVudGljYXRpb24gc2NoZW1lcy4KCgoKCgoKCgoKCgoKCgoKCgoK CgoKSm9uZXMsIGV0IGFsLiAgICAgICAgICAgRXhwaXJlcyBKYW51YXJ5IDEwLCAyMDEzICAgICAg ICAgICAgICAgIFtQYWdlIDRdCgwKSW50ZXJuZXQtRHJhZnQgICAgICAgIE9BdXRoIDIuMCBCZWFy ZXIgVG9rZW4gVXNhZ2UgICAgICAgICAgICAgSnVseSAyMDEyCgoKICAgICArLS0tLS0tLS0rICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICstLS0tLS0tLS0tLS0tLS0rCiAgICAgfCAgICAg ICAgfC0tKEEpLSBBdXRob3JpemF0aW9uIFJlcXVlc3QgLT58ICAgUmVzb3VyY2UgICAgfAogICAg IHwgICAgICAgIHwgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgfCAgICAgT3duZXIgICAg IHwKICAgICB8ICAgICAgICB8PC0oQiktLSBBdXRob3JpemF0aW9uIEdyYW50IC0tLXwgICAgICAg ICAgICAgICB8CiAgICAgfCAgICAgICAgfCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAr LS0tLS0tLS0tLS0tLS0tKwogICAgIHwgICAgICAgIHwKICAgICB8ICAgICAgICB8ICAgICAgICBB dXRob3JpemF0aW9uIEdyYW50ICYgICstLS0tLS0tLS0tLS0tLS0rCiAgICAgfCAgICAgICAgfC0t KEMpLS0tIENsaWVudCBDcmVkZW50aWFscyAtLT58IEF1dGhvcml6YXRpb24gfAogICAgIHwgQ2xp ZW50IHwgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgfCAgICAgU2VydmVyICAgIHwKICAg ICB8ICAgICAgICB8PC0oRCktLS0tLSBBY2Nlc3MgVG9rZW4gLS0tLS0tLXwgICAgICAgICAgICAg ICB8CiAgICAgfCAgICAgICAgfCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICArLS0tLS0t LS0tLS0tLS0tKwogICAgIHwgICAgICAgIHwKICAgICB8ICAgICAgICB8ICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICstLS0tLS0tLS0tLS0tLS0rCiAgICAgfCAgICAgICAgfC0tKEUpLS0t LS0gQWNjZXNzIFRva2VuIC0tLS0tLT58ICAgIFJlc291cmNlICAgfAogICAgIHwgICAgICAgIHwg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgfCAgICAgU2VydmVyICAgIHwKICAgICB8ICAg ICAgICB8PC0oRiktLS0gUHJvdGVjdGVkIFJlc291cmNlIC0tLXwgICAgICAgICAgICAgICB8CiAg ICAgKy0tLS0tLS0tKyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICArLS0tLS0tLS0tLS0t LS0tKwoKICAgICAgICAgICAgICAgICAgICAgRmlndXJlIDE6IEFic3RyYWN0IFByb3RvY29sIEZs b3cKCiAgIFRoZSBhYnN0cmFjdCBmbG93IGlsbHVzdHJhdGVkIGluIEZpZ3VyZSAxIGRlc2NyaWJl cyB0aGUgb3ZlcmFsbCBPQXV0aAogICAyLjAgcHJvdG9jb2wgYXJjaGl0ZWN0dXJlLiAgVGhlIGZv bGxvd2luZyBzdGVwcyBhcmUgc3BlY2lmaWVkIHdpdGhpbgogICB0aGlzIGRvY3VtZW50OgoKICAg ICAgRSkgVGhlIGNsaWVudCBtYWtlcyBhIHByb3RlY3RlZCByZXNvdXJjZSByZXF1ZXN0IHRvIHRo ZSByZXNvdXJjZQogICAgICBzZXJ2ZXIgYnkgcHJlc2VudGluZyB0aGUgYWNjZXNzIHRva2VuLgoK ICAgICAgRikgVGhlIHJlc291cmNlIHNlcnZlciB2YWxpZGF0ZXMgdGhlIGFjY2VzcyB0b2tlbiwg YW5kIGlmIHZhbGlkLAogICAgICBzZXJ2ZXMgdGhlIHJlcXVlc3QuCgogICBUaGlzIGRvY3VtZW50 IGFsc28gaW1wb3NlcyBzZW1hbnRpYyByZXF1aXJlbWVudHMgdXBvbiB0aGUgYWNjZXNzCiAgIHRv a2VuIHJldHVybmVkIGluIFN0ZXAgRC4KCgoyLiAgQXV0aGVudGljYXRlZCBSZXF1ZXN0cwoKICAg VGhpcyBzZWN0aW9uIGRlZmluZXMgdGhyZWUgbWV0aG9kcyBvZiBzZW5kaW5nIGJlYXJlciBhY2Nl c3MgdG9rZW5zIGluCiAgIHJlc291cmNlIHJlcXVlc3RzIHRvIHJlc291cmNlIHNlcnZlcnMuICBD bGllbnRzIE1VU1QgTk9UIHVzZSBtb3JlCiAgIHRoYW4gb25lIG1ldGhvZCB0byB0cmFuc21pdCB0 aGUgdG9rZW4gaW4gZWFjaCByZXF1ZXN0LgoKMi4xLiAgQXV0aG9yaXphdGlvbiBSZXF1ZXN0IEhl YWRlciBGaWVsZAoKICAgV2hlbiBzZW5kaW5nIHRoZSBhY2Nlc3MgdG9rZW4gaW4gdGhlICJBdXRo b3JpemF0aW9uIiByZXF1ZXN0IGhlYWRlcgogICBmaWVsZCBkZWZpbmVkIGJ5IEhUVFAvMS4xIFtS RkMyNjE3XSwgdGhlIGNsaWVudCB1c2VzIHRoZSAiQmVhcmVyIgogICBhdXRoZW50aWNhdGlvbiBz Y2hlbWUgdG8gdHJhbnNtaXQgdGhlIGFjY2VzcyB0b2tlbi4KCgoKCgoKSm9uZXMsIGV0IGFsLiAg ICAgICAgICAgRXhwaXJlcyBKYW51YXJ5IDEwLCAyMDEzICAgICAgICAgICAgICAgIFtQYWdlIDVd CgwKSW50ZXJuZXQtRHJhZnQgICAgICAgIE9BdXRoIDIuMCBCZWFyZXIgVG9rZW4gVXNhZ2UgICAg ICAgICAgICAgSnVseSAyMDEyCgoKICAgRm9yIGV4YW1wbGU6CgogICAgIEdFVCAvcmVzb3VyY2Ug SFRUUC8xLjEKICAgICBIb3N0OiBzZXJ2ZXIuZXhhbXBsZS5jb20KICAgICBBdXRob3JpemF0aW9u OiBCZWFyZXIgbUZfOS5CNWYtNC4xSnFNCgogICBUaGUgIkF1dGhvcml6YXRpb24iIGhlYWRlciBm aWVsZCB1c2VzIHRoZSBmcmFtZXdvcmsgZGVmaW5lZCBieQogICBIVFRQLzEuMSBbUkZDMjYxN10g YXMgZm9sbG93czoKCiAgICAgYjY0dG9rZW4gICAgPSAxKiggQUxQSEEgLyBESUdJVCAvCiAgICAg ICAgICAgICAgICAgICAgICAgIi0iIC8gIi4iIC8gIl8iIC8gIn4iIC8gIisiIC8gIi8iICkgKiI9 IgogICAgIGNyZWRlbnRpYWxzID0gIkJlYXJlciIgMSpTUCBiNjR0b2tlbgoKICAgQ2xpZW50cyBT SE9VTEQgbWFrZSBhdXRoZW50aWNhdGVkIHJlcXVlc3RzIHdpdGggYSBiZWFyZXIgdG9rZW4gdXNp bmcKICAgdGhlICJBdXRob3JpemF0aW9uIiByZXF1ZXN0IGhlYWRlciBmaWVsZCB3aXRoIHRoZSAi QmVhcmVyIiBIVFRQCiAgIGF1dGhvcml6YXRpb24gc2NoZW1lLiAgUmVzb3VyY2Ugc2VydmVycyBN VVNUIHN1cHBvcnQgdGhpcyBtZXRob2QuCgoyLjIuICBGb3JtLUVuY29kZWQgQm9keSBQYXJhbWV0 ZXIKCiAgIFdoZW4gc2VuZGluZyB0aGUgYWNjZXNzIHRva2VuIGluIHRoZSBIVFRQIHJlcXVlc3Qg ZW50aXR5LWJvZHksIHRoZQogICBjbGllbnQgYWRkcyB0aGUgYWNjZXNzIHRva2VuIHRvIHRoZSBy ZXF1ZXN0IGJvZHkgdXNpbmcgdGhlCiAgICJhY2Nlc3NfdG9rZW4iIHBhcmFtZXRlci4gIFRoZSBj bGllbnQgTVVTVCBOT1QgdXNlIHRoaXMgbWV0aG9kIHVubGVzcwogICBhbGwgb2YgdGhlIGZvbGxv d2luZyBjb25kaXRpb25zIGFyZSBtZXQ6CgogICBvICBUaGUgSFRUUCByZXF1ZXN0IGVudGl0eS1o ZWFkZXIgaW5jbHVkZXMgdGhlICJDb250ZW50LVR5cGUiIGhlYWRlcgogICAgICBmaWVsZCBzZXQg dG8gImFwcGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJsZW5jb2RlZCIuCgogICBvICBUaGUgZW50aXR5 LWJvZHkgZm9sbG93cyB0aGUgZW5jb2RpbmcgcmVxdWlyZW1lbnRzIG9mIHRoZQogICAgICAiYXBw bGljYXRpb24veC13d3ctZm9ybS11cmxlbmNvZGVkIiBjb250ZW50LXR5cGUgYXMgZGVmaW5lZCBi eQogICAgICBIVE1MIDQuMDEgW1czQy5SRUMtaHRtbDQwMS0xOTk5MTIyNF0uCgogICBvICBUaGUg SFRUUCByZXF1ZXN0IGVudGl0eS1ib2R5IGlzIHNpbmdsZS1wYXJ0LgoKICAgbyAgVGhlIGNvbnRl bnQgdG8gYmUgZW5jb2RlZCBpbiB0aGUgZW50aXR5LWJvZHkgTVVTVCBjb25zaXN0IGVudGlyZWx5 CiAgICAgIG9mIEFTQ0lJIFtVU0FTQ0lJXSBjaGFyYWN0ZXJzLgoKICAgbyAgVGhlIEhUVFAgcmVx dWVzdCBtZXRob2QgaXMgb25lIGZvciB3aGljaCB0aGUgcmVxdWVzdCBib2R5IGhhcwogICAgICBk ZWZpbmVkIHNlbWFudGljcy4gIEluIHBhcnRpY3VsYXIsIHRoaXMgbWVhbnMgdGhhdCB0aGUgIkdF VCIKICAgICAgbWV0aG9kIE1VU1QgTk9UIGJlIHVzZWQuCgogICBUaGUgZW50aXR5LWJvZHkgTUFZ IGluY2x1ZGUgb3RoZXIgcmVxdWVzdC1zcGVjaWZpYyBwYXJhbWV0ZXJzLCBpbgogICB3aGljaCBj YXNlLCB0aGUgImFjY2Vzc190b2tlbiIgcGFyYW1ldGVyIE1VU1QgYmUgcHJvcGVybHkgc2VwYXJh dGVkCiAgIGZyb20gdGhlIHJlcXVlc3Qtc3BlY2lmaWMgcGFyYW1ldGVycyB1c2luZyAiJiIgY2hh cmFjdGVyKHMpIChBU0NJSQogICBjb2RlIDM4KS4KCgoKCgoKCkpvbmVzLCBldCBhbC4gICAgICAg ICAgIEV4cGlyZXMgSmFudWFyeSAxMCwgMjAxMyAgICAgICAgICAgICAgICBbUGFnZSA2XQoMCklu dGVybmV0LURyYWZ0ICAgICAgICBPQXV0aCAyLjAgQmVhcmVyIFRva2VuIFVzYWdlICAgICAgICAg ICAgIEp1bHkgMjAxMgoKCiAgIEZvciBleGFtcGxlLCB0aGUgY2xpZW50IG1ha2VzIHRoZSBmb2xs b3dpbmcgSFRUUCByZXF1ZXN0IHVzaW5nCiAgIHRyYW5zcG9ydC1sYXllciBzZWN1cml0eToKCiAg ICAgUE9TVCAvcmVzb3VyY2UgSFRUUC8xLjEKICAgICBIb3N0OiBzZXJ2ZXIuZXhhbXBsZS5jb20K ICAgICBDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJsZW5jb2RlZAoKICAg ICBhY2Nlc3NfdG9rZW49bUZfOS5CNWYtNC4xSnFNCgogICBUaGUgImFwcGxpY2F0aW9uL3gtd3d3 LWZvcm0tdXJsZW5jb2RlZCIgbWV0aG9kIFNIT1VMRCBOT1QgYmUgdXNlZAogICBleGNlcHQgaW4g YXBwbGljYXRpb24gY29udGV4dHMgd2hlcmUgcGFydGljaXBhdGluZyBicm93c2VycyBkbyBub3QK ICAgaGF2ZSBhY2Nlc3MgdG8gdGhlICJBdXRob3JpemF0aW9uIiByZXF1ZXN0IGhlYWRlciBmaWVs ZC4gIFJlc291cmNlCiAgIHNlcnZlcnMgTUFZIHN1cHBvcnQgdGhpcyBtZXRob2QuCgoyLjMuICBV UkkgUXVlcnkgUGFyYW1ldGVyCgogICBXaGVuIHNlbmRpbmcgdGhlIGFjY2VzcyB0b2tlbiBpbiB0 aGUgSFRUUCByZXF1ZXN0IFVSSSwgdGhlIGNsaWVudAogICBhZGRzIHRoZSBhY2Nlc3MgdG9rZW4g dG8gdGhlIHJlcXVlc3QgVVJJIHF1ZXJ5IGNvbXBvbmVudCBhcyBkZWZpbmVkCiAgIGJ5IFVuaWZv cm0gUmVzb3VyY2UgSWRlbnRpZmllciAoVVJJKSBbUkZDMzk4Nl0gdXNpbmcgdGhlCiAgICJhY2Nl c3NfdG9rZW4iIHBhcmFtZXRlci4KCiAgIEZvciBleGFtcGxlLCB0aGUgY2xpZW50IG1ha2VzIHRo ZSBmb2xsb3dpbmcgSFRUUCByZXF1ZXN0IHVzaW5nCiAgIHRyYW5zcG9ydC1sYXllciBzZWN1cml0 eToKCiAgICAgR0VUIC9yZXNvdXJjZT9hY2Nlc3NfdG9rZW49bUZfOS5CNWYtNC4xSnFNIEhUVFAv MS4xCiAgICAgSG9zdDogc2VydmVyLmV4YW1wbGUuY29tCgogICBUaGUgSFRUUCByZXF1ZXN0IFVS SSBxdWVyeSBjYW4gaW5jbHVkZSBvdGhlciByZXF1ZXN0LXNwZWNpZmljCiAgIHBhcmFtZXRlcnMs IGluIHdoaWNoIGNhc2UsIHRoZSAiYWNjZXNzX3Rva2VuIiBwYXJhbWV0ZXIgTVVTVCBiZQogICBw cm9wZXJseSBzZXBhcmF0ZWQgZnJvbSB0aGUgcmVxdWVzdC1zcGVjaWZpYyBwYXJhbWV0ZXJzIHVz aW5nICImIgogICBjaGFyYWN0ZXIocykgKEFTQ0lJIGNvZGUgMzgpLgoKICAgRm9yIGV4YW1wbGU6 CgogICAgaHR0cHM6Ly9zZXJ2ZXIuZXhhbXBsZS5jb20vcmVzb3VyY2U/YWNjZXNzX3Rva2VuPW1G XzkuQjVmLTQuMUpxTSZwPXEKCiAgIENsaWVudHMgdXNpbmcgdGhlIFVSSSBRdWVyeSBQYXJhbWV0 ZXIgbWV0aG9kIFNIT1VMRCBhbHNvIHNlbmQgYQogICBDYWNoZS1Db250cm9sIGhlYWRlciBjb250 YWluaW5nIHRoZSAibm8tc3RvcmUiIG9wdGlvbi4gIFNlcnZlcgogICBzdWNjZXNzICgyWFggc3Rh dHVzKSByZXNwb25zZXMgdG8gdGhlc2UgcmVxdWVzdHMgU0hPVUxEIGNvbnRhaW4gYQogICBDYWNo ZS1Db250cm9sIGhlYWRlciB3aXRoIHRoZSAicHJpdmF0ZSIgb3B0aW9uLgoKICAgQmVjYXVzZSBv ZiB0aGUgc2VjdXJpdHkgd2Vha25lc3NlcyBhc3NvY2lhdGVkIHdpdGggdGhlIFVSSSBtZXRob2QK ICAgKHNlZSBTZWN0aW9uIDUpLCBpbmNsdWRpbmcgdGhlIGhpZ2ggbGlrZWxpaG9vZCB0aGF0IHRo ZSBVUkwKICAgY29udGFpbmluZyB0aGUgYWNjZXNzIHRva2VuIHdpbGwgYmUgbG9nZ2VkLCBpdCBT SE9VTEQgTk9UIGJlIHVzZWQKICAgdW5sZXNzIGl0IGlzIGltcG9zc2libGUgdG8gdHJhbnNwb3J0 IHRoZSBhY2Nlc3MgdG9rZW4gaW4gdGhlCiAgICJBdXRob3JpemF0aW9uIiByZXF1ZXN0IGhlYWRl ciBmaWVsZCBvciB0aGUgSFRUUCByZXF1ZXN0IGVudGl0eS1ib2R5LgogICBSZXNvdXJjZSBzZXJ2 ZXJzIE1BWSBzdXBwb3J0IHRoaXMgbWV0aG9kLgoKCgoKSm9uZXMsIGV0IGFsLiAgICAgICAgICAg RXhwaXJlcyBKYW51YXJ5IDEwLCAyMDEzICAgICAgICAgICAgICAgIFtQYWdlIDddCgwKSW50ZXJu ZXQtRHJhZnQgICAgICAgIE9BdXRoIDIuMCBCZWFyZXIgVG9rZW4gVXNhZ2UgICAgICAgICAgICAg SnVseSAyMDEyCgoKICAgVGhpcyBtZXRob2QgaXMgaW5jbHVkZWQgdG8gZG9jdW1lbnQgY3VycmVu dCB1c2U7IGl0cyB1c2UgaXMgbm90CiAgIHJlY29tbWVuZGVkLCBib3RoIGR1ZSB0byBpdHMgc2Vj dXJpdHkgZGVmaWNpZW5jaWVzIChzZWUgU2VjdGlvbiA1KQogICBhbmQgYmVjYXVzZSBpdCB1c2Vz IGEgcmVzZXJ2ZWQgcXVlcnkgcGFyYW1ldGVyIG5hbWUsIHdoaWNoIGlzIGNvdW50ZXIKICAgdG8g VVJJIG5hbWVzcGFjZSBiZXN0IHByYWN0aWNlcywgcGVyIHRoZSBBcmNoaXRlY3R1cmUgb2YgdGhl IFdvcmxkCiAgIFdpZGUgV2ViIFtXM0MuUkVDLXdlYmFyY2gtMjAwNDEyMTVdLgoKCjMuICBUaGUg V1dXLUF1dGhlbnRpY2F0ZSBSZXNwb25zZSBIZWFkZXIgRmllbGQKCiAgIElmIHRoZSBwcm90ZWN0 ZWQgcmVzb3VyY2UgcmVxdWVzdCBkb2VzIG5vdCBpbmNsdWRlIGF1dGhlbnRpY2F0aW9uCiAgIGNy ZWRlbnRpYWxzIG9yIGRvZXMgbm90IGNvbnRhaW4gYW4gYWNjZXNzIHRva2VuIHRoYXQgZW5hYmxl cyBhY2Nlc3MKICAgdG8gdGhlIHByb3RlY3RlZCByZXNvdXJjZSwgdGhlIHJlc291cmNlIHNlcnZl ciBNVVNUIGluY2x1ZGUgdGhlIEhUVFAKICAgIldXVy1BdXRoZW50aWNhdGUiIHJlc3BvbnNlIGhl YWRlciBmaWVsZDsgaXQgTUFZIGluY2x1ZGUgaXQgaW4KICAgcmVzcG9uc2UgdG8gb3RoZXIgY29u ZGl0aW9ucyBhcyB3ZWxsLiAgVGhlICJXV1ctQXV0aGVudGljYXRlIiBoZWFkZXIKICAgZmllbGQg dXNlcyB0aGUgZnJhbWV3b3JrIGRlZmluZWQgYnkgSFRUUC8xLjEgW1JGQzI2MTddLgoKICAgQWxs IGNoYWxsZW5nZXMgZGVmaW5lZCBieSB0aGlzIHNwZWNpZmljYXRpb24gTVVTVCB1c2UgdGhlIGF1 dGgtc2NoZW1lCiAgIHZhbHVlICJCZWFyZXIiLiAgVGhpcyBzY2hlbWUgTVVTVCBiZSBmb2xsb3dl ZCBieSBvbmUgb3IgbW9yZSBhdXRoLQogICBwYXJhbSB2YWx1ZXMuICBUaGUgYXV0aC1wYXJhbSBh dHRyaWJ1dGVzIHVzZWQgb3IgZGVmaW5lZCBieSB0aGlzCiAgIHNwZWNpZmljYXRpb24gYXJlIGFz IGZvbGxvd3MuICBPdGhlciBhdXRoLXBhcmFtIGF0dHJpYnV0ZXMgTUFZIGJlCiAgIHVzZWQgYXMg d2VsbC4KCiAgIEEgInJlYWxtIiBhdHRyaWJ1dGUgTUFZIGJlIGluY2x1ZGVkIHRvIGluZGljYXRl IHRoZSBzY29wZSBvZgogICBwcm90ZWN0aW9uIGluIHRoZSBtYW5uZXIgZGVzY3JpYmVkIGluIEhU VFAvMS4xIFtSRkMyNjE3XS4gIFRoZQogICAicmVhbG0iIGF0dHJpYnV0ZSBNVVNUIE5PVCBhcHBl YXIgbW9yZSB0aGFuIG9uY2UuCgogICBUaGUgInNjb3BlIiBhdHRyaWJ1dGUgaXMgZGVmaW5lZCBp biBTZWN0aW9uIDMuMyBvZiBPQXV0aCAyLjAKICAgQXV0aG9yaXphdGlvbiBbSS1ELmlldGYtb2F1 dGgtdjJdLiAgVGhlICJzY29wZSIgYXR0cmlidXRlIGlzIGEgc3BhY2UtCiAgIGRlbGltaXRlZCBs aXN0IG9mIGNhc2Ugc2Vuc2l0aXZlIHNjb3BlIHZhbHVlcyBpbmRpY2F0aW5nIHRoZSByZXF1aXJl ZAogICBzY29wZSBvZiB0aGUgYWNjZXNzIHRva2VuIGZvciBhY2Nlc3NpbmcgdGhlIHJlcXVlc3Rl ZCByZXNvdXJjZS4KICAgInNjb3BlIiB2YWx1ZXMgYXJlIGltcGxlbWVudGF0aW9uIGRlZmluZWQ7 IHRoZXJlIGlzIG5vIGNlbnRyYWxpemVkCiAgIHJlZ2lzdHJ5IGZvciB0aGVtOyBhbGxvd2VkIHZh bHVlcyBhcmUgZGVmaW5lZCBieSB0aGUgYXV0aG9yaXphdGlvbgogICBzZXJ2ZXIuICBUaGUgb3Jk ZXIgb2YgInNjb3BlIiB2YWx1ZXMgaXMgbm90IHNpZ25pZmljYW50LiAgSW4gc29tZQogICBjYXNl cywgdGhlICJzY29wZSIgdmFsdWUgd2lsbCBiZSB1c2VkIHdoZW4gcmVxdWVzdGluZyBhIG5ldyBh Y2Nlc3MKICAgdG9rZW4gd2l0aCBzdWZmaWNpZW50IHNjb3BlIG9mIGFjY2VzcyB0byB1dGlsaXpl IHRoZSBwcm90ZWN0ZWQKICAgcmVzb3VyY2UuICBVc2Ugb2YgdGhlICJzY29wZSIgYXR0cmlidXRl IGlzIE9QVElPTkFMLiAgVGhlICJzY29wZSIKICAgYXR0cmlidXRlIE1VU1QgTk9UIGFwcGVhciBt b3JlIHRoYW4gb25jZS4gIFRoZSAic2NvcGUiIHZhbHVlIGlzCiAgIGludGVuZGVkIGZvciBwcm9n cmFtbWF0aWMgdXNlIGFuZCBpcyBub3QgbWVhbnQgdG8gYmUgZGlzcGxheWVkIHRvIGVuZAogICB1 c2Vycy4KCiAgIFR3byBleGFtcGxlIHNjb3BlIHZhbHVlcyBmb2xsb3c7IHRoZXNlIGFyZSB0YWtl biBmcm9tIHRoZSBPcGVuSUQKICAgQ29ubmVjdCBbT3BlbklELk1lc3NhZ2VzXSBhbmQgT0FUQyBP bmxpbmUgTXVsdGltZWRpYSBBdXRob3JpemF0aW9uCiAgIFByb3RvY29sIFtPTUFQXSBPQXV0aCAy LjAgdXNlIGNhc2VzLCByZXNwZWN0aXZlbHk6CgogICAgIHNjb3BlPSJvcGVuaWQgcHJvZmlsZSBl bWFpbCIKICAgICBzY29wZT0idXJuOmV4YW1wbGU6Y2hhbm5lbD1IQk8mdXJuOmV4YW1wbGU6cmF0 aW5nPUcsUEctMTMiCgogICBJZiB0aGUgcHJvdGVjdGVkIHJlc291cmNlIHJlcXVlc3QgaW5jbHVk ZWQgYW4gYWNjZXNzIHRva2VuIGFuZCBmYWlsZWQKCgoKSm9uZXMsIGV0IGFsLiAgICAgICAgICAg RXhwaXJlcyBKYW51YXJ5IDEwLCAyMDEzICAgICAgICAgICAgICAgIFtQYWdlIDhdCgwKSW50ZXJu ZXQtRHJhZnQgICAgICAgIE9BdXRoIDIuMCBCZWFyZXIgVG9rZW4gVXNhZ2UgICAgICAgICAgICAg SnVseSAyMDEyCgoKICAgYXV0aGVudGljYXRpb24sIHRoZSByZXNvdXJjZSBzZXJ2ZXIgU0hPVUxE IGluY2x1ZGUgdGhlICJlcnJvciIKICAgYXR0cmlidXRlIHRvIHByb3ZpZGUgdGhlIGNsaWVudCB3 aXRoIHRoZSByZWFzb24gd2h5IHRoZSBhY2Nlc3MKICAgcmVxdWVzdCB3YXMgZGVjbGluZWQuICBU aGUgcGFyYW1ldGVyIHZhbHVlIGlzIGRlc2NyaWJlZCBpbgogICBTZWN0aW9uIDMuMS4gIEluIGFk ZGl0aW9uLCB0aGUgcmVzb3VyY2Ugc2VydmVyIE1BWSBpbmNsdWRlIHRoZQogICAiZXJyb3JfZGVz Y3JpcHRpb24iIGF0dHJpYnV0ZSB0byBwcm92aWRlIGRldmVsb3BlcnMgYSBodW1hbi1yZWFkYWJs ZQogICBleHBsYW5hdGlvbiB0aGF0IGlzIG5vdCBtZWFudCB0byBiZSBkaXNwbGF5ZWQgdG8gZW5k IHVzZXJzLiAgSXQgYWxzbwogICBNQVkgaW5jbHVkZSB0aGUgImVycm9yX3VyaSIgYXR0cmlidXRl IHdpdGggYW4gYWJzb2x1dGUgVVJJCiAgIGlkZW50aWZ5aW5nIGEgaHVtYW4tcmVhZGFibGUgd2Vi IHBhZ2UgZXhwbGFpbmluZyB0aGUgZXJyb3IuICBUaGUKICAgImVycm9yIiwgImVycm9yX2Rlc2Ny aXB0aW9uIiwgYW5kICJlcnJvcl91cmkiIGF0dHJpYnV0ZXMgTVVTVCBOT1QKICAgYXBwZWFyIG1v cmUgdGhhbiBvbmNlLgoKICAgVmFsdWVzIGZvciB0aGUgInNjb3BlIiBhdHRyaWJ1dGUgTVVTVCBO T1QgaW5jbHVkZSBjaGFyYWN0ZXJzIG91dHNpZGUKICAgdGhlIHNldCAleDIxIC8gJXgyMy01QiAv ICV4NUQtN0Ugc3BlY2lmaWVkIGluIFNlY3Rpb24gQS40IG9mIE9BdXRoCiAgIDIuMCBBdXRob3Jp emF0aW9uIFtJLUQuaWV0Zi1vYXV0aC12Ml0gZm9yIHJlcHJlc2VudGluZyBzY29wZSB2YWx1ZXMK ICAgYW5kICV4MjAgZm9yIGRlbGltaXRlcnMgYmV0d2VlbiBzY29wZSB2YWx1ZXMuICBWYWx1ZXMg Zm9yIHRoZSAiZXJyb3IiCiAgIGFuZCAiZXJyb3JfZGVzY3JpcHRpb24iIGF0dHJpYnV0ZXMgTVVT VCBOT1QgaW5jbHVkZSBjaGFyYWN0ZXJzCiAgIG91dHNpZGUgdGhlIHNldCAleDIwLTIxIC8gJXgy My01QiAvICV4NUQtN0Ugc3BlY2lmaWVkIGluIFNlY3Rpb25zIEEuNwogICBhbmQgQS44IG9mIE9B dXRoIDIuMCBBdXRob3JpemF0aW9uLiAgVmFsdWVzIGZvciB0aGUgImVycm9yX3VyaSIKICAgYXR0 cmlidXRlIE1VU1QgY29uZm9ybSB0byB0aGUgVVJJLVJlZmVyZW5jZSBzeW50YXgsIGFuZCB0aHVz IE1VU1QgTk9UCiAgIGluY2x1ZGUgY2hhcmFjdGVycyBvdXRzaWRlIHRoZSBzZXQgJXgyMSAvICV4 MjMtNUIgLyAleDVELTdFIHNwZWNpZmllZAogICBpbiBTZWN0aW9uIEEuOSBvZiBPQXV0aCAyLjAg QXV0aG9yaXphdGlvbi4KCiAgIEZvciBleGFtcGxlLCBpbiByZXNwb25zZSB0byBhIHByb3RlY3Rl ZCByZXNvdXJjZSByZXF1ZXN0IHdpdGhvdXQKICAgYXV0aGVudGljYXRpb246CgogICAgIEhUVFAv MS4xIDQwMSBVbmF1dGhvcml6ZWQKICAgICBXV1ctQXV0aGVudGljYXRlOiBCZWFyZXIgcmVhbG09 ImV4YW1wbGUiCgogICBBbmQgaW4gcmVzcG9uc2UgdG8gYSBwcm90ZWN0ZWQgcmVzb3VyY2UgcmVx dWVzdCB3aXRoIGFuCiAgIGF1dGhlbnRpY2F0aW9uIGF0dGVtcHQgdXNpbmcgYW4gZXhwaXJlZCBh Y2Nlc3MgdG9rZW46CgogICAgIEhUVFAvMS4xIDQwMSBVbmF1dGhvcml6ZWQKICAgICBXV1ctQXV0 aGVudGljYXRlOiBCZWFyZXIgcmVhbG09ImV4YW1wbGUiLAogICAgICAgICAgICAgICAgICAgICAg IGVycm9yPSJpbnZhbGlkX3Rva2VuIiwKICAgICAgICAgICAgICAgICAgICAgICBlcnJvcl9kZXNj cmlwdGlvbj0iVGhlIGFjY2VzcyB0b2tlbiBleHBpcmVkIgoKMy4xLiAgRXJyb3IgQ29kZXMKCiAg IFdoZW4gYSByZXF1ZXN0IGZhaWxzLCB0aGUgcmVzb3VyY2Ugc2VydmVyIHJlc3BvbmRzIHVzaW5n IHRoZQogICBhcHByb3ByaWF0ZSBIVFRQIHN0YXR1cyBjb2RlICh0eXBpY2FsbHksIDQwMCwgNDAx LCA0MDMsIG9yIDQwNSksIGFuZAogICBpbmNsdWRlcyBvbmUgb2YgdGhlIGZvbGxvd2luZyBlcnJv ciBjb2RlcyBpbiB0aGUgcmVzcG9uc2U6CgogICBpbnZhbGlkX3JlcXVlc3QKICAgICAgICAgVGhl IHJlcXVlc3QgaXMgbWlzc2luZyBhIHJlcXVpcmVkIHBhcmFtZXRlciwgaW5jbHVkZXMgYW4KICAg ICAgICAgdW5zdXBwb3J0ZWQgcGFyYW1ldGVyIG9yIHBhcmFtZXRlciB2YWx1ZSwgcmVwZWF0cyB0 aGUgc2FtZQogICAgICAgICBwYXJhbWV0ZXIsIHVzZXMgbW9yZSB0aGFuIG9uZSBtZXRob2QgZm9y IGluY2x1ZGluZyBhbiBhY2Nlc3MKICAgICAgICAgdG9rZW4sIG9yIGlzIG90aGVyd2lzZSBtYWxm b3JtZWQuICBUaGUgcmVzb3VyY2Ugc2VydmVyIFNIT1VMRAogICAgICAgICByZXNwb25kIHdpdGgg dGhlIEhUVFAgNDAwIChCYWQgUmVxdWVzdCkgc3RhdHVzIGNvZGUuCgoKCkpvbmVzLCBldCBhbC4g ICAgICAgICAgIEV4cGlyZXMgSmFudWFyeSAxMCwgMjAxMyAgICAgICAgICAgICAgICBbUGFnZSA5 XQoMCkludGVybmV0LURyYWZ0ICAgICAgICBPQXV0aCAyLjAgQmVhcmVyIFRva2VuIFVzYWdlICAg ICAgICAgICAgIEp1bHkgMjAxMgoKCiAgIGludmFsaWRfdG9rZW4KICAgICAgICAgVGhlIGFjY2Vz cyB0b2tlbiBwcm92aWRlZCBpcyBleHBpcmVkLCByZXZva2VkLCBtYWxmb3JtZWQsIG9yCiAgICAg ICAgIGludmFsaWQgZm9yIG90aGVyIHJlYXNvbnMuICBUaGUgcmVzb3VyY2UgU0hPVUxEIHJlc3Bv bmQgd2l0aAogICAgICAgICB0aGUgSFRUUCA0MDEgKFVuYXV0aG9yaXplZCkgc3RhdHVzIGNvZGUu ICBUaGUgY2xpZW50IE1BWQogICAgICAgICByZXF1ZXN0IGEgbmV3IGFjY2VzcyB0b2tlbiBhbmQg cmV0cnkgdGhlIHByb3RlY3RlZCByZXNvdXJjZQogICAgICAgICByZXF1ZXN0LgoKICAgaW5zdWZm aWNpZW50X3Njb3BlCiAgICAgICAgIFRoZSByZXF1ZXN0IHJlcXVpcmVzIGhpZ2hlciBwcml2aWxl Z2VzIHRoYW4gcHJvdmlkZWQgYnkgdGhlCiAgICAgICAgIGFjY2VzcyB0b2tlbi4gIFRoZSByZXNv dXJjZSBzZXJ2ZXIgU0hPVUxEIHJlc3BvbmQgd2l0aCB0aGUgSFRUUAogICAgICAgICA0MDMgKEZv cmJpZGRlbikgc3RhdHVzIGNvZGUgYW5kIE1BWSBpbmNsdWRlIHRoZSAic2NvcGUiCiAgICAgICAg IGF0dHJpYnV0ZSB3aXRoIHRoZSBzY29wZSBuZWNlc3NhcnkgdG8gYWNjZXNzIHRoZSBwcm90ZWN0 ZWQKICAgICAgICAgcmVzb3VyY2UuCgogICBJZiB0aGUgcmVxdWVzdCBsYWNrcyBhbnkgYXV0aGVu dGljYXRpb24gaW5mb3JtYXRpb24gKGUuZy4sIHRoZSBjbGllbnQKICAgd2FzIHVuYXdhcmUgYXV0 aGVudGljYXRpb24gaXMgbmVjZXNzYXJ5IG9yIGF0dGVtcHRlZCB1c2luZyBhbgogICB1bnN1cHBv cnRlZCBhdXRoZW50aWNhdGlvbiBtZXRob2QpLCB0aGUgcmVzb3VyY2Ugc2VydmVyIFNIT1VMRCBO T1QKICAgaW5jbHVkZSBhbiBlcnJvciBjb2RlIG9yIG90aGVyIGVycm9yIGluZm9ybWF0aW9uLgoK ICAgRm9yIGV4YW1wbGU6CgogICAgIEhUVFAvMS4xIDQwMSBVbmF1dGhvcml6ZWQKICAgICBXV1ct QXV0aGVudGljYXRlOiBCZWFyZXIgcmVhbG09ImV4YW1wbGUiCgoKNC4gIEV4YW1wbGUgQWNjZXNz IFRva2VuIFJlc3BvbnNlCgogICBUeXBpY2FsbHkgYSBiZWFyZXIgdG9rZW4gaXMgcmV0dXJuZWQg dG8gdGhlIGNsaWVudCBhcyBwYXJ0IG9mIGFuCiAgIE9BdXRoIDIuMCBbSS1ELmlldGYtb2F1dGgt djJdIGFjY2VzcyB0b2tlbiByZXNwb25zZS4gIEFuIGV4YW1wbGUgb2YKICAgc3VjaCBhIHJlc3Bv bnNlIGlzOgoKICAgICBIVFRQLzEuMSAyMDAgT0sKICAgICBDb250ZW50LVR5cGU6IGFwcGxpY2F0 aW9uL2pzb247Y2hhcnNldD1VVEYtOAogICAgIENhY2hlLUNvbnRyb2w6IG5vLXN0b3JlCiAgICAg UHJhZ21hOiBuby1jYWNoZQoKICAgICB7CiAgICAgICAiYWNjZXNzX3Rva2VuIjoibUZfOS5CNWYt NC4xSnFNIiwKICAgICAgICJ0b2tlbl90eXBlIjoiQmVhcmVyIiwKICAgICAgICJleHBpcmVzX2lu IjozNjAwLAogICAgICAgInJlZnJlc2hfdG9rZW4iOiJ0R3p2M0pPa0YwWEc1UXgyVGxLV0lBIgog ICAgIH0KCgo1LiAgU2VjdXJpdHkgQ29uc2lkZXJhdGlvbnMKCiAgIFRoaXMgc2VjdGlvbiBkZXNj cmliZXMgdGhlIHJlbGV2YW50IHNlY3VyaXR5IHRocmVhdHMgcmVnYXJkaW5nIHRva2VuCiAgIGhh bmRsaW5nIHdoZW4gdXNpbmcgYmVhcmVyIHRva2VucyBhbmQgZGVzY3JpYmVzIGhvdyB0byBtaXRp Z2F0ZSB0aGVzZQoKCgpKb25lcywgZXQgYWwuICAgICAgICAgICBFeHBpcmVzIEphbnVhcnkgMTAs IDIwMTMgICAgICAgICAgICAgICBbUGFnZSAxMF0KDApJbnRlcm5ldC1EcmFmdCAgICAgICAgT0F1 dGggMi4wIEJlYXJlciBUb2tlbiBVc2FnZSAgICAgICAgICAgICBKdWx5IDIwMTIKCgogICB0aHJl YXRzLgoKNS4xLiAgU2VjdXJpdHkgVGhyZWF0cwoKICAgVGhlIGZvbGxvd2luZyBsaXN0IHByZXNl bnRzIHNldmVyYWwgY29tbW9uIHRocmVhdHMgYWdhaW5zdCBwcm90b2NvbHMKICAgdXRpbGl6aW5n IHNvbWUgZm9ybSBvZiB0b2tlbnMuICBUaGlzIGxpc3Qgb2YgdGhyZWF0cyBpcyBiYXNlZCBvbiBO SVNUCiAgIFNwZWNpYWwgUHVibGljYXRpb24gODAwLTYzIFtOSVNUODAwLTYzXS4gIFNpbmNlIHRo aXMgZG9jdW1lbnQgYnVpbGRzCiAgIG9uIHRoZSBPQXV0aCAyLjAgQXV0aG9yaXphdGlvbiBzcGVj aWZpY2F0aW9uLCB3ZSBleGNsdWRlIGEgZGlzY3Vzc2lvbgogICBvZiB0aHJlYXRzIHRoYXQgYXJl IGRlc2NyaWJlZCB0aGVyZSBvciBpbiByZWxhdGVkIGRvY3VtZW50cy4KCiAgIFRva2VuIG1hbnVm YWN0dXJlL21vZGlmaWNhdGlvbjogIEFuIGF0dGFja2VyIG1heSBnZW5lcmF0ZSBhIGJvZ3VzCiAg ICAgIHRva2VuIG9yIG1vZGlmeSB0aGUgdG9rZW4gY29udGVudHMgKHN1Y2ggYXMgdGhlIGF1dGhl bnRpY2F0aW9uIG9yCiAgICAgIGF0dHJpYnV0ZSBzdGF0ZW1lbnRzKSBvZiBhbiBleGlzdGluZyB0 b2tlbiwgY2F1c2luZyB0aGUgcmVzb3VyY2UKICAgICAgc2VydmVyIHRvIGdyYW50IGluYXBwcm9w cmlhdGUgYWNjZXNzIHRvIHRoZSBjbGllbnQuICBGb3IgZXhhbXBsZSwKICAgICAgYW4gYXR0YWNr ZXIgbWF5IG1vZGlmeSB0aGUgdG9rZW4gdG8gZXh0ZW5kIHRoZSB2YWxpZGl0eSBwZXJpb2Q7IGEK ICAgICAgbWFsaWNpb3VzIGNsaWVudCBtYXkgbW9kaWZ5IHRoZSBhc3NlcnRpb24gdG8gZ2FpbiBh Y2Nlc3MgdG8KICAgICAgaW5mb3JtYXRpb24gdGhhdCB0aGV5IHNob3VsZCBub3QgYmUgYWJsZSB0 byB2aWV3LgoKICAgVG9rZW4gZGlzY2xvc3VyZTogIFRva2VucyBtYXkgY29udGFpbiBhdXRoZW50 aWNhdGlvbiBhbmQgYXR0cmlidXRlCiAgICAgIHN0YXRlbWVudHMgdGhhdCBpbmNsdWRlIHNlbnNp dGl2ZSBpbmZvcm1hdGlvbi4KCiAgIFRva2VuIHJlZGlyZWN0OiAgQW4gYXR0YWNrZXIgdXNlcyBh IHRva2VuIGdlbmVyYXRlZCBmb3IgY29uc3VtcHRpb24KICAgICAgYnkgb25lIHJlc291cmNlIHNl cnZlciB0byBnYWluIGFjY2VzcyB0byBhIGRpZmZlcmVudCByZXNvdXJjZQogICAgICBzZXJ2ZXIg dGhhdCBtaXN0YWtlbmx5IGJlbGlldmVzIHRoZSB0b2tlbiB0byBiZSBmb3IgaXQuCgogICBUb2tl biByZXBsYXk6ICBBbiBhdHRhY2tlciBhdHRlbXB0cyB0byB1c2UgYSB0b2tlbiB0aGF0IGhhcyBh bHJlYWR5CiAgICAgIGJlZW4gdXNlZCB3aXRoIHRoYXQgcmVzb3VyY2Ugc2VydmVyIGluIHRoZSBw YXN0LgoKNS4yLiAgVGhyZWF0IE1pdGlnYXRpb24KCiAgIEEgbGFyZ2UgcmFuZ2Ugb2YgdGhyZWF0 cyBjYW4gYmUgbWl0aWdhdGVkIGJ5IHByb3RlY3RpbmcgdGhlIGNvbnRlbnRzCiAgIG9mIHRoZSB0 b2tlbiBieSB1c2luZyBhIGRpZ2l0YWwgc2lnbmF0dXJlIG9yIGEgTWVzc2FnZSBBdXRoZW50aWNh dGlvbgogICBDb2RlIChNQUMpLiAgQWx0ZXJuYXRpdmVseSwgYSBiZWFyZXIgdG9rZW4gY2FuIGNv bnRhaW4gYSByZWZlcmVuY2UgdG8KICAgYXV0aG9yaXphdGlvbiBpbmZvcm1hdGlvbiwgcmF0aGVy IHRoYW4gZW5jb2RpbmcgdGhlIGluZm9ybWF0aW9uCiAgIGRpcmVjdGx5LiAgU3VjaCByZWZlcmVu Y2VzIE1VU1QgYmUgaW5mZWFzaWJsZSBmb3IgYW4gYXR0YWNrZXIgdG8KICAgZ3Vlc3M7IHVzaW5n IGEgcmVmZXJlbmNlIG1heSByZXF1aXJlIGFuIGV4dHJhIGludGVyYWN0aW9uIGJldHdlZW4gYQog ICBzZXJ2ZXIgYW5kIHRoZSB0b2tlbiBpc3N1ZXIgdG8gcmVzb2x2ZSB0aGUgcmVmZXJlbmNlIHRv IHRoZQogICBhdXRob3JpemF0aW9uIGluZm9ybWF0aW9uLiAgVGhlIG1lY2hhbmljcyBvZiBzdWNo IGFuIGludGVyYWN0aW9uIGFyZQogICBub3QgZGVmaW5lZCBieSB0aGlzIHNwZWNpZmljYXRpb24u CgogICBUaGlzIGRvY3VtZW50IGRvZXMgbm90IHNwZWNpZnkgdGhlIGVuY29kaW5nIG9yIHRoZSBj b250ZW50cyBvZiB0aGUKICAgdG9rZW47IGhlbmNlIGRldGFpbGVkIHJlY29tbWVuZGF0aW9ucyBh Ym91dCB0aGUgbWVhbnMgb2YgZ3VhcmFudGVlaW5nCiAgIHRva2VuIGludGVncml0eSBwcm90ZWN0 aW9uIGFyZSBvdXRzaWRlIHRoZSBzY29wZSBvZiB0aGlzIGRvY3VtZW50LgogICBUaGUgdG9rZW4g aW50ZWdyaXR5IHByb3RlY3Rpb24gTVVTVCBiZSBzdWZmaWNpZW50IHRvIHByZXZlbnQgdGhlCiAg IHRva2VuIGZyb20gYmVpbmcgbW9kaWZpZWQuCgogICBUbyBkZWFsIHdpdGggdG9rZW4gcmVkaXJl Y3QsIGl0IGlzIGltcG9ydGFudCBmb3IgdGhlIGF1dGhvcml6YXRpb24KICAgc2VydmVyIHRvIGlu Y2x1ZGUgdGhlIGlkZW50aXR5IG9mIHRoZSBpbnRlbmRlZCByZWNpcGllbnRzICh0aGUKCgoKSm9u ZXMsIGV0IGFsLiAgICAgICAgICAgRXhwaXJlcyBKYW51YXJ5IDEwLCAyMDEzICAgICAgICAgICAg ICAgW1BhZ2UgMTFdCgwKSW50ZXJuZXQtRHJhZnQgICAgICAgIE9BdXRoIDIuMCBCZWFyZXIgVG9r ZW4gVXNhZ2UgICAgICAgICAgICAgSnVseSAyMDEyCgoKICAgYXVkaWVuY2UpLCB0eXBpY2FsbHkg YSBzaW5nbGUgcmVzb3VyY2Ugc2VydmVyIChvciBhIGxpc3Qgb2YgcmVzb3VyY2UKICAgc2VydmVy cyksIGluIHRoZSB0b2tlbi4gIFJlc3RyaWN0aW5nIHRoZSB1c2Ugb2YgdGhlIHRva2VuIHRvIGEK ICAgc3BlY2lmaWMgc2NvcGUgaXMgYWxzbyBSRUNPTU1FTkRFRC4KCiAgIFRoZSBhdXRob3JpemF0 aW9uIHNlcnZlciBNVVNUIGltcGxlbWVudCBUTFMuICBXaGljaCB2ZXJzaW9uKHMpIG91Z2h0CiAg IHRvIGJlIGltcGxlbWVudGVkIHdpbGwgdmFyeSBvdmVyIHRpbWUsIGFuZCBkZXBlbmQgb24gdGhl IHdpZGVzcHJlYWQKICAgZGVwbG95bWVudCBhbmQga25vd24gc2VjdXJpdHkgdnVsbmVyYWJpbGl0 aWVzIGF0IHRoZSB0aW1lIG9mCiAgIGltcGxlbWVudGF0aW9uLiAgQXQgdGhlIHRpbWUgb2YgdGhp cyB3cml0aW5nLCBUTFMgdmVyc2lvbiAxLjIKICAgW1JGQzUyNDZdIGlzIHRoZSBtb3N0IHJlY2Vu dCB2ZXJzaW9uLCBidXQgaGFzIHZlcnkgbGltaXRlZCBhY3R1YWwKICAgZGVwbG95bWVudCwgYW5k IG1pZ2h0IG5vdCBiZSByZWFkaWx5IGF2YWlsYWJsZSBpbiBpbXBsZW1lbnRhdGlvbgogICB0b29s a2l0cy4gIFRMUyB2ZXJzaW9uIDEuMCBbUkZDMjI0Nl0gaXMgdGhlIG1vc3Qgd2lkZWx5IGRlcGxv eWVkCiAgIHZlcnNpb24sIGFuZCB3aWxsIGdpdmUgdGhlIGJyb2FkZXN0IGludGVyb3BlcmFiaWxp dHkuCgogICBUbyBwcm90ZWN0IGFnYWluc3QgdG9rZW4gZGlzY2xvc3VyZSwgY29uZmlkZW50aWFs aXR5IHByb3RlY3Rpb24gTVVTVAogICBiZSBhcHBsaWVkIHVzaW5nIFRMUyBbUkZDNTI0Nl0gd2l0 aCBhIGNpcGhlcnN1aXRlIHRoYXQgcHJvdmlkZXMKICAgY29uZmlkZW50aWFsaXR5IGFuZCBpbnRl Z3JpdHkgcHJvdGVjdGlvbi4gIFRoaXMgcmVxdWlyZXMgdGhhdCB0aGUKICAgY29tbXVuaWNhdGlv biBpbnRlcmFjdGlvbiBiZXR3ZWVuIHRoZSBjbGllbnQgYW5kIHRoZSBhdXRob3JpemF0aW9uCiAg IHNlcnZlciwgYXMgd2VsbCBhcyB0aGUgaW50ZXJhY3Rpb24gYmV0d2VlbiB0aGUgY2xpZW50IGFu ZCB0aGUKICAgcmVzb3VyY2Ugc2VydmVyLCB1dGlsaXplIGNvbmZpZGVudGlhbGl0eSBhbmQgaW50 ZWdyaXR5IHByb3RlY3Rpb24uCiAgIFNpbmNlIFRMUyBpcyBtYW5kYXRvcnkgdG8gaW1wbGVtZW50 IGFuZCB0byB1c2Ugd2l0aCB0aGlzCiAgIHNwZWNpZmljYXRpb24sIGl0IGlzIHRoZSBwcmVmZXJy ZWQgYXBwcm9hY2ggZm9yIHByZXZlbnRpbmcgdG9rZW4KICAgZGlzY2xvc3VyZSB2aWEgdGhlIGNv bW11bmljYXRpb24gY2hhbm5lbC4gIEZvciB0aG9zZSBjYXNlcyB3aGVyZSB0aGUKICAgY2xpZW50 IGlzIHByZXZlbnRlZCBmcm9tIG9ic2VydmluZyB0aGUgY29udGVudHMgb2YgdGhlIHRva2VuLCB0 b2tlbgogICBlbmNyeXB0aW9uIE1VU1QgYmUgYXBwbGllZCBpbiBhZGRpdGlvbiB0byB0aGUgdXNh Z2Ugb2YgVExTCiAgIHByb3RlY3Rpb24uICBBcyBhIGZ1cnRoZXIgZGVmZW5zZSBhZ2FpbnN0IHRv a2VuIGRpc2Nsb3N1cmUsIHRoZQogICBjbGllbnQgTVVTVCB2YWxpZGF0ZSB0aGUgVExTIGNlcnRp ZmljYXRlIGNoYWluIHdoZW4gbWFraW5nIHJlcXVlc3RzCiAgIHRvIHByb3RlY3RlZCByZXNvdXJj ZXMsIGluY2x1ZGluZyBjaGVja2luZyB0aGUgQ2VydGlmaWNhdGUgUmV2b2NhdGlvbgogICBMaXN0 IChDUkwpIFtSRkM1MjgwXS4KCiAgIENvb2tpZXMgYXJlIHR5cGljYWxseSB0cmFuc21pdHRlZCBp biB0aGUgY2xlYXIuICBUaHVzLCBhbnkKICAgaW5mb3JtYXRpb24gY29udGFpbmVkIGluIHRoZW0g aXMgYXQgcmlzayBvZiBkaXNjbG9zdXJlLiAgVGhlcmVmb3JlLAogICBiZWFyZXIgdG9rZW5zIE1V U1QgTk9UIGJlIHN0b3JlZCBpbiBjb29raWVzIHRoYXQgY2FuIGJlIHNlbnQgaW4gdGhlCiAgIGNs ZWFyLiAgU2VlIEhUVFAgU3RhdGUgTWFuYWdlbWVudCBNZWNoYW5pc20gW1JGQzYyNjVdIGZvciBz ZWN1cml0eQogICBjb25zaWRlcmF0aW9ucyBhYm91dCBjb29raWVzLgoKICAgSW4gc29tZSBkZXBs b3ltZW50cywgaW5jbHVkaW5nIHRob3NlIHV0aWxpemluZyBsb2FkIGJhbGFuY2VycywgdGhlCiAg IFRMUyBjb25uZWN0aW9uIHRvIHRoZSByZXNvdXJjZSBzZXJ2ZXIgdGVybWluYXRlcyBwcmlvciB0 byB0aGUgYWN0dWFsCiAgIHNlcnZlciB0aGF0IHByb3ZpZGVzIHRoZSByZXNvdXJjZS4gIFRoaXMg Y291bGQgbGVhdmUgdGhlIHRva2VuCiAgIHVucHJvdGVjdGVkIGJldHdlZW4gdGhlIGZyb250IGVu ZCBzZXJ2ZXIgd2hlcmUgdGhlIFRMUyBjb25uZWN0aW9uCiAgIHRlcm1pbmF0ZXMgYW5kIHRoZSBi YWNrIGVuZCBzZXJ2ZXIgdGhhdCBwcm92aWRlcyB0aGUgcmVzb3VyY2UuICBJbgogICBzdWNoIGRl cGxveW1lbnRzLCBzdWZmaWNpZW50IG1lYXN1cmVzIE1VU1QgYmUgZW1wbG95ZWQgdG8gZW5zdXJl CiAgIGNvbmZpZGVudGlhbGl0eSBvZiB0aGUgdG9rZW4gYmV0d2VlbiB0aGUgZnJvbnQgZW5kIGFu ZCBiYWNrIGVuZAogICBzZXJ2ZXJzOyBlbmNyeXB0aW9uIG9mIHRoZSB0b2tlbiBpcyBvbmUgcG9z c2libGUgc3VjaCBtZWFzdXJlLgoKICAgVG8gZGVhbCB3aXRoIHRva2VuIGNhcHR1cmUgYW5kIHJl cGxheSwgdGhlIGZvbGxvd2luZyByZWNvbW1lbmRhdGlvbnMKICAgYXJlIG1hZGU6IEZpcnN0LCB0 aGUgbGlmZXRpbWUgb2YgdGhlIHRva2VuIE1VU1QgYmUgbGltaXRlZDsgb25lIG1lYW5zCiAgIG9m IGFjaGlldmluZyB0aGlzIGlzIGJ5IHB1dHRpbmcgYSB2YWxpZGl0eSB0aW1lIGZpZWxkIGluc2lk ZSB0aGUKICAgcHJvdGVjdGVkIHBhcnQgb2YgdGhlIHRva2VuLiAgTm90ZSB0aGF0IHVzaW5nIHNo b3J0LWxpdmVkIChvbmUgaG91cgoKCgpKb25lcywgZXQgYWwuICAgICAgICAgICBFeHBpcmVzIEph bnVhcnkgMTAsIDIwMTMgICAgICAgICAgICAgICBbUGFnZSAxMl0KDApJbnRlcm5ldC1EcmFmdCAg ICAgICAgT0F1dGggMi4wIEJlYXJlciBUb2tlbiBVc2FnZSAgICAgICAgICAgICBKdWx5IDIwMTIK CgogICBvciBsZXNzKSB0b2tlbnMgcmVkdWNlcyB0aGUgaW1wYWN0IG9mIHRoZW0gYmVpbmcgbGVh a2VkLiAgU2Vjb25kLAogICBjb25maWRlbnRpYWxpdHkgcHJvdGVjdGlvbiBvZiB0aGUgZXhjaGFu Z2VzIGJldHdlZW4gdGhlIGNsaWVudCBhbmQKICAgdGhlIGF1dGhvcml6YXRpb24gc2VydmVyIGFu ZCBiZXR3ZWVuIHRoZSBjbGllbnQgYW5kIHRoZSByZXNvdXJjZQogICBzZXJ2ZXIgTVVTVCBiZSBh cHBsaWVkLiAgQXMgYSBjb25zZXF1ZW5jZSwgbm8gZWF2ZXNkcm9wcGVyIGFsb25nIHRoZQogICBj b21tdW5pY2F0aW9uIHBhdGggaXMgYWJsZSB0byBvYnNlcnZlIHRoZSB0b2tlbiBleGNoYW5nZS4K ICAgQ29uc2VxdWVudGx5LCBzdWNoIGFuIG9uLXBhdGggYWR2ZXJzYXJ5IGNhbm5vdCByZXBsYXkg dGhlIHRva2VuLgogICBGdXJ0aGVybW9yZSwgd2hlbiBwcmVzZW50aW5nIHRoZSB0b2tlbiB0byBh IHJlc291cmNlIHNlcnZlciwgdGhlCiAgIGNsaWVudCBNVVNUIHZlcmlmeSB0aGUgaWRlbnRpdHkg b2YgdGhhdCByZXNvdXJjZSBzZXJ2ZXIsIGFzIHBlcgogICBTZWN0aW9uIDMuMSBvZiBIVFRQIE92 ZXIgVExTIFtSRkMyODE4XS4gIE5vdGUgdGhhdCB0aGUgY2xpZW50IE1VU1QKICAgdmFsaWRhdGUg dGhlIFRMUyBjZXJ0aWZpY2F0ZSBjaGFpbiB3aGVuIG1ha2luZyB0aGVzZSByZXF1ZXN0cyB0bwog ICBwcm90ZWN0ZWQgcmVzb3VyY2VzLiAgUHJlc2VudGluZyB0aGUgdG9rZW4gdG8gYW4gdW5hdXRo ZW50aWNhdGVkIGFuZAogICB1bmF1dGhvcml6ZWQgcmVzb3VyY2Ugc2VydmVyIG9yIGZhaWxpbmcg dG8gdmFsaWRhdGUgdGhlIGNlcnRpZmljYXRlCiAgIGNoYWluIHdpbGwgYWxsb3cgYWR2ZXJzYXJp ZXMgdG8gc3RlYWwgdGhlIHRva2VuIGFuZCBnYWluIHVuYXV0aG9yaXplZAogICBhY2Nlc3MgdG8g cHJvdGVjdGVkIHJlc291cmNlcy4KCjUuMy4gIFN1bW1hcnkgb2YgUmVjb21tZW5kYXRpb25zCgog ICBTYWZlZ3VhcmQgYmVhcmVyIHRva2VuczogIENsaWVudCBpbXBsZW1lbnRhdGlvbnMgTVVTVCBl bnN1cmUgdGhhdAogICAgICBiZWFyZXIgdG9rZW5zIGFyZSBub3QgbGVha2VkIHRvIHVuaW50ZW5k ZWQgcGFydGllcywgYXMgdGhleSB3aWxsCiAgICAgIGJlIGFibGUgdG8gdXNlIHRoZW0gdG8gZ2Fp biBhY2Nlc3MgdG8gcHJvdGVjdGVkIHJlc291cmNlcy4gIFRoaXMKICAgICAgaXMgdGhlIHByaW1h cnkgc2VjdXJpdHkgY29uc2lkZXJhdGlvbiB3aGVuIHVzaW5nIGJlYXJlciB0b2tlbnMgYW5kCiAg ICAgIHVuZGVybGllcyBhbGwgdGhlIG1vcmUgc3BlY2lmaWMgcmVjb21tZW5kYXRpb25zIHRoYXQg Zm9sbG93LgoKICAgVmFsaWRhdGUgVExTIGNlcnRpZmljYXRlIGNoYWluczogIFRoZSBjbGllbnQg TVVTVCB2YWxpZGF0ZSB0aGUgVExTCiAgICAgIGNlcnRpZmljYXRlIGNoYWluIHdoZW4gbWFraW5n IHJlcXVlc3RzIHRvIHByb3RlY3RlZCByZXNvdXJjZXMuCiAgICAgIEZhaWxpbmcgdG8gZG8gc28g bWF5IGVuYWJsZSBETlMgaGlqYWNraW5nIGF0dGFja3MgdG8gc3RlYWwgdGhlCiAgICAgIHRva2Vu IGFuZCBnYWluIHVuaW50ZW5kZWQgYWNjZXNzLgoKICAgQWx3YXlzIHVzZSBUTFMgKGh0dHBzKTog IENsaWVudHMgTVVTVCBhbHdheXMgdXNlIFRMUyBbUkZDNTI0Nl0KICAgICAgKGh0dHBzKSBvciBl cXVpdmFsZW50IHRyYW5zcG9ydCBzZWN1cml0eSB3aGVuIG1ha2luZyByZXF1ZXN0cyB3aXRoCiAg ICAgIGJlYXJlciB0b2tlbnMuICBGYWlsaW5nIHRvIGRvIHNvIGV4cG9zZXMgdGhlIHRva2VuIHRv IG51bWVyb3VzCiAgICAgIGF0dGFja3MgdGhhdCBjb3VsZCBnaXZlIGF0dGFja2VycyB1bmludGVu ZGVkIGFjY2Vzcy4KCiAgIERvbid0IHN0b3JlIGJlYXJlciB0b2tlbnMgaW4gY29va2llczogIElt cGxlbWVudGF0aW9ucyBNVVNUIE5PVCBzdG9yZQogICAgICBiZWFyZXIgdG9rZW5zIHdpdGhpbiBj b29raWVzIHRoYXQgY2FuIGJlIHNlbnQgaW4gdGhlIGNsZWFyICh3aGljaAogICAgICBpcyB0aGUg ZGVmYXVsdCB0cmFuc21pc3Npb24gbW9kZSBmb3IgY29va2llcykuICBJbXBsZW1lbnRhdGlvbnMK ICAgICAgdGhhdCBkbyBzdG9yZSBiZWFyZXIgdG9rZW5zIGluIGNvb2tpZXMgTVVTVCB0YWtlIHBy ZWNhdXRpb25zCiAgICAgIGFnYWluc3QgY3Jvc3Mgc2l0ZSByZXF1ZXN0IGZvcmdlcnkuCgogICBJ c3N1ZSBzaG9ydC1saXZlZCBiZWFyZXIgdG9rZW5zOiAgVG9rZW4gc2VydmVycyBTSE9VTEQgaXNz dWUgc2hvcnQtCiAgICAgIGxpdmVkIChvbmUgaG91ciBvciBsZXNzKSBiZWFyZXIgdG9rZW5zLCBw YXJ0aWN1bGFybHkgd2hlbiBpc3N1aW5nCiAgICAgIHRva2VucyB0byBjbGllbnRzIHRoYXQgcnVu IHdpdGhpbiBhIHdlYiBicm93c2VyIG9yIG90aGVyCiAgICAgIGVudmlyb25tZW50cyB3aGVyZSBp bmZvcm1hdGlvbiBsZWFrYWdlIG1heSBvY2N1ci4gIFVzaW5nIHNob3J0LQogICAgICBsaXZlZCBi ZWFyZXIgdG9rZW5zIGNhbiByZWR1Y2UgdGhlIGltcGFjdCBvZiB0aGVtIGJlaW5nIGxlYWtlZC4K CgoKCgoKCkpvbmVzLCBldCBhbC4gICAgICAgICAgIEV4cGlyZXMgSmFudWFyeSAxMCwgMjAxMyAg ICAgICAgICAgICAgIFtQYWdlIDEzXQoMCkludGVybmV0LURyYWZ0ICAgICAgICBPQXV0aCAyLjAg QmVhcmVyIFRva2VuIFVzYWdlICAgICAgICAgICAgIEp1bHkgMjAxMgoKCiAgIElzc3VlIHNjb3Bl ZCBiZWFyZXIgdG9rZW5zOiAgVG9rZW4gc2VydmVycyBTSE9VTEQgaXNzdWUgYmVhcmVyIHRva2Vu cwogICAgICB0aGF0IGNvbnRhaW4gYW4gYXVkaWVuY2UgcmVzdHJpY3Rpb24sIHNjb3BpbmcgdGhl aXIgdXNlIHRvIHRoZQogICAgICBpbnRlbmRlZCByZWx5aW5nIHBhcnR5IG9yIHNldCBvZiByZWx5 aW5nIHBhcnRpZXMuCgogICBEb24ndCBwYXNzIGJlYXJlciB0b2tlbnMgaW4gcGFnZSBVUkxzOiAg QmVhcmVyIHRva2VucyBTSE9VTEQgTk9UIGJlCiAgICAgIHBhc3NlZCBpbiBwYWdlIFVSTHMgKGZv ciBleGFtcGxlIGFzIHF1ZXJ5IHN0cmluZyBwYXJhbWV0ZXJzKS4KICAgICAgSW5zdGVhZCwgYmVh cmVyIHRva2VucyBTSE9VTEQgYmUgcGFzc2VkIGluIEhUVFAgbWVzc2FnZSBoZWFkZXJzIG9yCiAg ICAgIG1lc3NhZ2UgYm9kaWVzIGZvciB3aGljaCBjb25maWRlbnRpYWxpdHkgbWVhc3VyZXMgYXJl IHRha2VuLgogICAgICBCcm93c2Vycywgd2ViIHNlcnZlcnMsIGFuZCBvdGhlciBzb2Z0d2FyZSBt YXkgbm90IGFkZXF1YXRlbHkKICAgICAgc2VjdXJlIFVSTHMgaW4gdGhlIGJyb3dzZXIgaGlzdG9y eSwgd2ViIHNlcnZlciBsb2dzLCBhbmQgb3RoZXIKICAgICAgZGF0YSBzdHJ1Y3R1cmVzLiAgSWYg YmVhcmVyIHRva2VucyBhcmUgcGFzc2VkIGluIHBhZ2UgVVJMcywKICAgICAgYXR0YWNrZXJzIG1p Z2h0IGJlIGFibGUgdG8gc3RlYWwgdGhlbSBmcm9tIHRoZSBoaXN0b3J5IGRhdGEsIGxvZ3MsCiAg ICAgIG9yIG90aGVyIHVuc2VjdXJlZCBsb2NhdGlvbnMuCgoKNi4gIElBTkEgQ29uc2lkZXJhdGlv bnMKCjYuMS4gIE9BdXRoIEFjY2VzcyBUb2tlbiBUeXBlIFJlZ2lzdHJhdGlvbgoKICAgVGhpcyBz cGVjaWZpY2F0aW9uIHJlZ2lzdGVycyB0aGUgZm9sbG93aW5nIGFjY2VzcyB0b2tlbiB0eXBlIGlu IHRoZQogICBPQXV0aCBBY2Nlc3MgVG9rZW4gVHlwZSBSZWdpc3RyeSBkZWZpbmVkIGluIE9BdXRo IDIuMCBBdXRob3JpemF0aW9uCiAgIFtJLUQuaWV0Zi1vYXV0aC12Ml0uCgo2LjEuMS4gIFRoZSAi QmVhcmVyIiBPQXV0aCBBY2Nlc3MgVG9rZW4gVHlwZQoKICAgVHlwZSBuYW1lOgogICAgICBCZWFy ZXIKCiAgIEFkZGl0aW9uYWwgVG9rZW4gRW5kcG9pbnQgUmVzcG9uc2UgUGFyYW1ldGVyczoKICAg ICAgKG5vbmUpCgogICBIVFRQIEF1dGhlbnRpY2F0aW9uIFNjaGVtZShzKToKICAgICAgQmVhcmVy CgogICBDaGFuZ2UgY29udHJvbGxlcjoKICAgICAgSUVURgoKICAgU3BlY2lmaWNhdGlvbiBkb2N1 bWVudChzKToKICAgICAgW1sgdGhpcyBkb2N1bWVudCBdXQoKNi4yLiAgT0F1dGggRXh0ZW5zaW9u cyBFcnJvciBSZWdpc3RyYXRpb24KCiAgIFRoaXMgc3BlY2lmaWNhdGlvbiByZWdpc3RlcnMgdGhl IGZvbGxvd2luZyBlcnJvciB2YWx1ZXMgaW4gdGhlIE9BdXRoCiAgIEV4dGVuc2lvbnMgRXJyb3Ig UmVnaXN0cnkgZGVmaW5lZCBpbiBPQXV0aCAyLjAgQXV0aG9yaXphdGlvbgogICBbSS1ELmlldGYt b2F1dGgtdjJdLgoKCgoKCgpKb25lcywgZXQgYWwuICAgICAgICAgICBFeHBpcmVzIEphbnVhcnkg MTAsIDIwMTMgICAgICAgICAgICAgICBbUGFnZSAxNF0KDApJbnRlcm5ldC1EcmFmdCAgICAgICAg T0F1dGggMi4wIEJlYXJlciBUb2tlbiBVc2FnZSAgICAgICAgICAgICBKdWx5IDIwMTIKCgo2LjIu MS4gIFRoZSAiaW52YWxpZF9yZXF1ZXN0IiBFcnJvciBWYWx1ZQoKICAgRXJyb3IgbmFtZToKICAg ICAgaW52YWxpZF9yZXF1ZXN0CgogICBFcnJvciB1c2FnZSBsb2NhdGlvbjoKICAgICAgUmVzb3Vy Y2UgYWNjZXNzIGVycm9yIHJlc3BvbnNlCgogICBSZWxhdGVkIHByb3RvY29sIGV4dGVuc2lvbjoK ICAgICAgQmVhcmVyIGFjY2VzcyB0b2tlbiB0eXBlCgogICBDaGFuZ2UgY29udHJvbGxlcjoKICAg ICAgSUVURgoKICAgU3BlY2lmaWNhdGlvbiBkb2N1bWVudChzKToKICAgICAgW1sgdGhpcyBkb2N1 bWVudCBdXQoKNi4yLjIuICBUaGUgImludmFsaWRfdG9rZW4iIEVycm9yIFZhbHVlCgogICBFcnJv ciBuYW1lOgogICAgICBpbnZhbGlkX3Rva2VuCgogICBFcnJvciB1c2FnZSBsb2NhdGlvbjoKICAg ICAgUmVzb3VyY2UgYWNjZXNzIGVycm9yIHJlc3BvbnNlCgogICBSZWxhdGVkIHByb3RvY29sIGV4 dGVuc2lvbjoKICAgICAgQmVhcmVyIGFjY2VzcyB0b2tlbiB0eXBlCgogICBDaGFuZ2UgY29udHJv bGxlcjoKICAgICAgSUVURgoKICAgU3BlY2lmaWNhdGlvbiBkb2N1bWVudChzKToKICAgICAgW1sg dGhpcyBkb2N1bWVudCBdXQoKNi4yLjMuICBUaGUgImluc3VmZmljaWVudF9zY29wZSIgRXJyb3Ig VmFsdWUKCiAgIEVycm9yIG5hbWU6CiAgICAgIGluc3VmZmljaWVudF9zY29wZQoKICAgRXJyb3Ig dXNhZ2UgbG9jYXRpb246CiAgICAgIFJlc291cmNlIGFjY2VzcyBlcnJvciByZXNwb25zZQoKICAg UmVsYXRlZCBwcm90b2NvbCBleHRlbnNpb246CiAgICAgIEJlYXJlciBhY2Nlc3MgdG9rZW4gdHlw ZQoKCgoKCgoKSm9uZXMsIGV0IGFsLiAgICAgICAgICAgRXhwaXJlcyBKYW51YXJ5IDEwLCAyMDEz ICAgICAgICAgICAgICAgW1BhZ2UgMTVdCgwKSW50ZXJuZXQtRHJhZnQgICAgICAgIE9BdXRoIDIu MCBCZWFyZXIgVG9rZW4gVXNhZ2UgICAgICAgICAgICAgSnVseSAyMDEyCgoKICAgQ2hhbmdlIGNv bnRyb2xsZXI6CiAgICAgIElFVEYKCiAgIFNwZWNpZmljYXRpb24gZG9jdW1lbnQocyk6CiAgICAg IFtbIHRoaXMgZG9jdW1lbnQgXV0KCgo3LiAgUmVmZXJlbmNlcwoKNy4xLiAgTm9ybWF0aXZlIFJl ZmVyZW5jZXMKCiAgIFtJLUQuaWV0Zi1vYXV0aC12Ml0KICAgICAgICAgICAgICBIYXJkdCwgRC4g YW5kIEQuIFJlY29yZG9uLCAiVGhlIE9BdXRoIDIuMCBBdXRob3JpemF0aW9uCiAgICAgICAgICAg ICAgRnJhbWV3b3JrIiwgZHJhZnQtaWV0Zi1vYXV0aC12Mi0yOSAod29yayBpbiBwcm9ncmVzcyks CiAgICAgICAgICAgICAgSnVseSAyMDEyLgoKICAgW1JGQzIxMTldICBCcmFkbmVyLCBTLiwgIktl eSB3b3JkcyBmb3IgdXNlIGluIFJGQ3MgdG8gSW5kaWNhdGUKICAgICAgICAgICAgICBSZXF1aXJl bWVudCBMZXZlbHMiLCBCQ1AgMTQsIFJGQyAyMTE5LCBNYXJjaCAxOTk3LgoKICAgW1JGQzIyNDZd ICBEaWVya3MsIFQuIGFuZCBDLiBBbGxlbiwgIlRoZSBUTFMgUHJvdG9jb2wgVmVyc2lvbiAxLjAi LAogICAgICAgICAgICAgIFJGQyAyMjQ2LCBKYW51YXJ5IDE5OTkuCgogICBbUkZDMjYxNl0gIEZp ZWxkaW5nLCBSLiwgR2V0dHlzLCBKLiwgTW9ndWwsIEouLCBGcnlzdHlrLCBILiwKICAgICAgICAg ICAgICBNYXNpbnRlciwgTC4sIExlYWNoLCBQLiwgYW5kIFQuIEJlcm5lcnMtTGVlLCAiSHlwZXJ0 ZXh0CiAgICAgICAgICAgICAgVHJhbnNmZXIgUHJvdG9jb2wgLS0gSFRUUC8xLjEiLCBSRkMgMjYx NiwgSnVuZSAxOTk5LgoKICAgW1JGQzI2MTddICBGcmFua3MsIEouLCBIYWxsYW0tQmFrZXIsIFAu LCBIb3N0ZXRsZXIsIEouLCBMYXdyZW5jZSwgUy4sCiAgICAgICAgICAgICAgTGVhY2gsIFAuLCBM dW90b25lbiwgQS4sIGFuZCBMLiBTdGV3YXJ0LCAiSFRUUAogICAgICAgICAgICAgIEF1dGhlbnRp Y2F0aW9uOiBCYXNpYyBhbmQgRGlnZXN0IEFjY2VzcyBBdXRoZW50aWNhdGlvbiIsCiAgICAgICAg ICAgICAgUkZDIDI2MTcsIEp1bmUgMTk5OS4KCiAgIFtSRkMyODE4XSAgUmVzY29ybGEsIEUuLCAi SFRUUCBPdmVyIFRMUyIsIFJGQyAyODE4LCBNYXkgMjAwMC4KCiAgIFtSRkMzOTg2XSAgQmVybmVy cy1MZWUsIFQuLCBGaWVsZGluZywgUi4sIGFuZCBMLiBNYXNpbnRlciwgIlVuaWZvcm0KICAgICAg ICAgICAgICBSZXNvdXJjZSBJZGVudGlmaWVyIChVUkkpOiBHZW5lcmljIFN5bnRheCIsIFNURCA2 NiwKICAgICAgICAgICAgICBSRkMgMzk4NiwgSmFudWFyeSAyMDA1LgoKICAgW1JGQzUyMzRdICBD cm9ja2VyLCBELiBhbmQgUC4gT3ZlcmVsbCwgIkF1Z21lbnRlZCBCTkYgZm9yIFN5bnRheAogICAg ICAgICAgICAgIFNwZWNpZmljYXRpb25zOiBBQk5GIiwgU1REIDY4LCBSRkMgNTIzNCwgSmFudWFy eSAyMDA4LgoKICAgW1JGQzUyNDZdICBEaWVya3MsIFQuIGFuZCBFLiBSZXNjb3JsYSwgIlRoZSBU cmFuc3BvcnQgTGF5ZXIgU2VjdXJpdHkKICAgICAgICAgICAgICAoVExTKSBQcm90b2NvbCBWZXJz aW9uIDEuMiIsIFJGQyA1MjQ2LCBBdWd1c3QgMjAwOC4KCiAgIFtSRkM1MjgwXSAgQ29vcGVyLCBE LiwgU2FudGVzc29uLCBTLiwgRmFycmVsbCwgUy4sIEJvZXllbiwgUy4sCiAgICAgICAgICAgICAg SG91c2xleSwgUi4sIGFuZCBXLiBQb2xrLCAiSW50ZXJuZXQgWC41MDkgUHVibGljIEtleQogICAg ICAgICAgICAgIEluZnJhc3RydWN0dXJlIENlcnRpZmljYXRlIGFuZCBDZXJ0aWZpY2F0ZSBSZXZv Y2F0aW9uIExpc3QKICAgICAgICAgICAgICAoQ1JMKSBQcm9maWxlIiwgUkZDIDUyODAsIE1heSAy MDA4LgoKCgoKSm9uZXMsIGV0IGFsLiAgICAgICAgICAgRXhwaXJlcyBKYW51YXJ5IDEwLCAyMDEz ICAgICAgICAgICAgICAgW1BhZ2UgMTZdCgwKSW50ZXJuZXQtRHJhZnQgICAgICAgIE9BdXRoIDIu MCBCZWFyZXIgVG9rZW4gVXNhZ2UgICAgICAgICAgICAgSnVseSAyMDEyCgoKICAgW1JGQzYyNjVd ICBCYXJ0aCwgQS4sICJIVFRQIFN0YXRlIE1hbmFnZW1lbnQgTWVjaGFuaXNtIiwgUkZDIDYyNjUs CiAgICAgICAgICAgICAgQXByaWwgMjAxMS4KCiAgIFtVU0FTQ0lJXSAgQW1lcmljYW4gTmF0aW9u YWwgU3RhbmRhcmRzIEluc3RpdHV0ZSwgIkNvZGVkIENoYXJhY3RlcgogICAgICAgICAgICAgIFNl dCAtLSA3LWJpdCBBbWVyaWNhbiBTdGFuZGFyZCBDb2RlIGZvciBJbmZvcm1hdGlvbgogICAgICAg ICAgICAgIEludGVyY2hhbmdlIiwgQU5TSSBYMy40LCAxOTg2LgoKICAgW1czQy5SRUMtaHRtbDQw MS0xOTk5MTIyNF0KICAgICAgICAgICAgICBIb3JzLCBBLiwgUmFnZ2V0dCwgRC4sIGFuZCBJLiBK YWNvYnMsICJIVE1MIDQuMDEKICAgICAgICAgICAgICBTcGVjaWZpY2F0aW9uIiwgV29ybGQgV2lk ZSBXZWIgQ29uc29ydGl1bQogICAgICAgICAgICAgIFJlY29tbWVuZGF0aW9uIFJFQy1odG1sNDAx LTE5OTkxMjI0LCBEZWNlbWJlciAxOTk5LAogICAgICAgICAgICAgIDxodHRwOi8vd3d3LnczLm9y Zy9UUi8xOTk5L1JFQy1odG1sNDAxLTE5OTkxMjI0Pi4KCiAgIFtXM0MuUkVDLXdlYmFyY2gtMjAw NDEyMTVdCiAgICAgICAgICAgICAgSmFjb2JzLCBJLiBhbmQgTi4gV2Fsc2gsICJBcmNoaXRlY3R1 cmUgb2YgdGhlIFdvcmxkIFdpZGUKICAgICAgICAgICAgICBXZWIsIFZvbHVtZSBPbmUiLCBXb3Js ZCBXaWRlIFdlYiBDb25zb3J0aXVtCiAgICAgICAgICAgICAgUmVjb21tZW5kYXRpb24gUkVDLXdl YmFyY2gtMjAwNDEyMTUsIERlY2VtYmVyIDIwMDQsCiAgICAgICAgICAgICAgPGh0dHA6Ly93d3cu dzMub3JnL1RSLzIwMDQvUkVDLXdlYmFyY2gtMjAwNDEyMTU+LgoKNy4yLiAgSW5mb3JtYXRpdmUg UmVmZXJlbmNlcwoKICAgW0ktRC5pZXRmLWh0dHBiaXMtcDEtbWVzc2FnaW5nXQogICAgICAgICAg ICAgIEZpZWxkaW5nLCBSLiwgTGFmb24sIFkuLCBhbmQgSi4gUmVzY2hrZSwgIkhUVFAvMS4xLCBw YXJ0CiAgICAgICAgICAgICAgMTogVVJJcywgQ29ubmVjdGlvbnMsIGFuZCBNZXNzYWdlIFBhcnNp bmciLAogICAgICAgICAgICAgIGRyYWZ0LWlldGYtaHR0cGJpcy1wMS1tZXNzYWdpbmctMTkgKHdv cmsgaW4gcHJvZ3Jlc3MpLAogICAgICAgICAgICAgIE1hcmNoIDIwMTIuCgogICBbSS1ELmlldGYt aHR0cGJpcy1wNy1hdXRoXQogICAgICAgICAgICAgIEZpZWxkaW5nLCBSLiwgTGFmb24sIFkuLCBh bmQgSi4gUmVzY2hrZSwgIkhUVFAvMS4xLCBwYXJ0CiAgICAgICAgICAgICAgNzogQXV0aGVudGlj YXRpb24iLCBkcmFmdC1pZXRmLWh0dHBiaXMtcDctYXV0aC0xOSAod29yayBpbgogICAgICAgICAg ICAgIHByb2dyZXNzKSwgTWFyY2ggMjAxMi4KCiAgIFtOSVNUODAwLTYzXQogICAgICAgICAgICAg IEJ1cnIsIFcuLCBEb2Rzb24sIEQuLCBQZXJsbmVyLCBSLiwgUG9saywgVC4sIEd1cHRhLCBTLiwK ICAgICAgICAgICAgICBhbmQgRS4gTmFiYnVzLCAiTklTVCBTcGVjaWFsIFB1YmxpY2F0aW9uIDgw MC02My0xLAogICAgICAgICAgICAgIElORk9STUFUSU9OIFNFQ1VSSVRZIiwgRGVjZW1iZXIgMjAw OC4KCiAgIFtPTUFQXSAgICAgSHVmZiwgSi4sIFNjaGxhY2h0LCBELiwgTmFkYWxpbiwgQS4sIFNp bW1vbnMsIEouLAogICAgICAgICAgICAgIFJvc2VuYmVyZywgUC4sIE1hZHNlbiwgUC4sIEFjZSwg VC4sIFJpY2tlbHRvbi1BYmRpLCBDLiwKICAgICAgICAgICAgICBhbmQgQi4gQm95ZXIsICJPbmxp bmUgTXVsdGltZWRpYSBBdXRob3JpemF0aW9uIFByb3RvY29sOgogICAgICAgICAgICAgIEFuIElu ZHVzdHJ5IFN0YW5kYXJkIGZvciBBdXRob3JpemVkIEFjY2VzcyB0byBJbnRlcm5ldAogICAgICAg ICAgICAgIE11bHRpbWVkaWEgUmVzb3VyY2VzIiwgQXByaWwgMjAxMi4KCiAgIFtPcGVuSUQuTWVz c2FnZXNdCiAgICAgICAgICAgICAgU2FraW11cmEsIE4uLCBCcmFkbGV5LCBKLiwgSm9uZXMsIE0u LCBkZSBNZWRlaXJvcywgQi4sCiAgICAgICAgICAgICAgTW9ydGltb3JlLCBDLiwgYW5kIEUuIEph eSwgIk9wZW5JRCBDb25uZWN0IE1lc3NhZ2VzIDEuMCIsCiAgICAgICAgICAgICAgTWF5IDIwMTIu CgoKCgpKb25lcywgZXQgYWwuICAgICAgICAgICBFeHBpcmVzIEphbnVhcnkgMTAsIDIwMTMgICAg ICAgICAgICAgICBbUGFnZSAxN10KDApJbnRlcm5ldC1EcmFmdCAgICAgICAgT0F1dGggMi4wIEJl YXJlciBUb2tlbiBVc2FnZSAgICAgICAgICAgICBKdWx5IDIwMTIKCgpBcHBlbmRpeCBBLiAgQWNr bm93bGVkZ2VtZW50cwoKICAgVGhlIGZvbGxvd2luZyBwZW9wbGUgY29udHJpYnV0ZWQgdG8gcHJl bGltaW5hcnkgdmVyc2lvbnMgb2YgdGhpcwogICBkb2N1bWVudDogQmxhaW5lIENvb2sgKEJUKSwg QnJpYW4gRWF0b24gKEdvb2dsZSksIFlhcm9uIFkuIEdvbGFuZAogICAoTWljcm9zb2Z0KSwgQnJl bnQgR29sZG1hbiAoRmFjZWJvb2spLCBSYWZmaSBLcmlrb3JpYW4gKFR3aXR0ZXIpLAogICBMdWtl IFNoZXBhcmQgKEZhY2Vib29rKSwgYW5kIEFsbGVuIFRvbSAoWWFob28hKS4gIFRoZSBjb250ZW50 IGFuZAogICBjb25jZXB0cyB3aXRoaW4gYXJlIGEgcHJvZHVjdCBvZiB0aGUgT0F1dGggY29tbXVu aXR5LCB0aGUgV1JBUAogICBjb21tdW5pdHksIGFuZCB0aGUgT0F1dGggV29ya2luZyBHcm91cC4K CiAgIFRoZSBPQXV0aCBXb3JraW5nIEdyb3VwIGhhcyBkb3plbnMgb2YgdmVyeSBhY3RpdmUgY29u dHJpYnV0b3JzIHdobwogICBwcm9wb3NlZCBpZGVhcyBhbmQgd29yZGluZyBmb3IgdGhpcyBkb2N1 bWVudCwgaW5jbHVkaW5nOiBNaWNoYWVsCiAgIEFkYW1zLCBBbWFuZGEgQW5nYW5lcywgQW5kcmV3 IEFybm90dCwgRGVyZWsgQXRraW5zLCBEaXJrIEJhbGZhbnosCiAgIEpvaG4gQnJhZGxleSwgQnJp YW4gQ2FtcGJlbGwsIEZyYW5jaXNjbyBDb3JlbGxhLCBMZWFoIEN1bHZlciwgQmlsbCBkZQogICBo T3JhLCBCcmVubyBkZSBNZWRlaXJvcywgQnJpYW4gRWxsaW4sIFN0ZXBoZW4gRmFycmVsbCwgSWdv ciBGYXluYmVyZywKICAgR2VvcmdlIEZsZXRjaGVyLCBUaW0gRnJlZW1hbiwgRXZhbiBHaWxiZXJ0 LCBZYXJvbiBZLiBHb2xhbmQsIFRob21hcwogICBIYXJkam9ubywgSnVzdGluIEhhcnQsIFBoaWwg SHVudCwgSm9obiBLZW1wLCBFcmFuIEhhbW1lciwgQ2hhc2VuIExlCiAgIEhhcmEsIERpY2sgSGFy ZHQsIEJhcnJ5IExlaWJhLCBBbW9zIEplZmZyaWVzLCBNaWNoYWVsIEIuIEpvbmVzLAogICBUb3Jz dGVuIExvZGRlcnN0ZWR0LCBQYXVsIE1hZHNlbiwgRXZlIE1hbGVyLCBKYW1lcyBNYW5nZXIsIExh dXJlbmNlCiAgIE1pYW8sIFdpbGxpYW0gSi4gTWlsbHMsIENodWNrIE1vcnRpbW9yZSwgQW50aG9u eSBOYWRhbGluLCBBeGVsCiAgIE5lbm5rZXIsIE1hcmsgTm90dGluZ2hhbSwgRGF2aWQgUmVjb3Jk b24sIEp1bGlhbiBSZXNjaGtlLCBSb2IKICAgUmljaGFyZHMsIEp1c3RpbiBSaWNoZXIsIFBldGVy IFNhaW50LUFuZHJlLCBOYXQgU2FraW11cmEsIFJvYiBTYXlyZSwKICAgTWFyaXVzIFNjdXJ0ZXNj dSwgTmFpdGlrIFNoYWgsIEp1c3RpbiBTbWl0aCwgSmVyZW15IFN1cmllbCwgQ2hyaXN0aWFuCiAg IFN0dWVibmVyLCBEb3VnIFRhbmdyZW4sIFBhdWwgVGFyamFuLCBIYW5uZXMgVHNjaG9mZW5pZywg RnJhbmtsaW4gVHNlLAogICBTZWFuIFR1cm5lciwgUGF1bCBXYWxrZXIsIFNoYW5lIFdlZWRlbiwg U2t5bGFyIFdvb2R3YXJkLCBhbmQgWmFjaGFyeQogICBaZWx0c2FuLgoKCkFwcGVuZGl4IEIuICBE b2N1bWVudCBIaXN0b3J5CgogICBbWyB0byBiZSByZW1vdmVkIGJ5IHRoZSBSRkMgZWRpdG9yIGJl Zm9yZSBwdWJsaWNhdGlvbiBhcyBhbiBSRkMgXV0KCiAgIC0yMgoKICAgbyAgUmVtb3ZlZCB1c2Vz IG9mIEhUVFBiaXMgaW4gZmF2b3Igb2YgUkZDIDI2MTYgYW5kIFJGQyAyNjE3LgoKICAgbyAgTWF0 Y2ggZm9ybWF0dGluZyBvZiBhcnR3b3JrIGVsZW1lbnRzIHdpdGggT0F1dGggY29yZQogICAgICBz cGVjaWZpY2F0aW9uLgoKICAgLTIxCgogICBvICBDaGFuZ2VkICJOT1QgUkVDT01NRU5ERUQiIHRv ICJub3QgcmVjb21tZW5kZWQiIGluIGNhdmVhdCBhYm91dCB0aGUKICAgICAgVVJJIFF1ZXJ5IFBh cmFtZXRlciBtZXRob2QuCgogICBvICBDaGFuZ2VkICJvdGhlciBzcGVjaWZpY2F0aW9ucyBtYXkg ZXh0ZW5kIHRoaXMgc3BlY2lmaWNhdGlvbiBmb3IKICAgICAgdXNlIHdpdGggb3RoZXIgdHJhbnNw b3J0IHByb3RvY29scyIgdG8gIm90aGVyIHNwZWNpZmljYXRpb25zIG1heQogICAgICBleHRlbmQg dGhpcyBzcGVjaWZpY2F0aW9uIGZvciB1c2Ugd2l0aCBvdGhlciBwcm90b2NvbHMiLgoKCgoKCkpv bmVzLCBldCBhbC4gICAgICAgICAgIEV4cGlyZXMgSmFudWFyeSAxMCwgMjAxMyAgICAgICAgICAg ICAgIFtQYWdlIDE4XQoMCkludGVybmV0LURyYWZ0ICAgICAgICBPQXV0aCAyLjAgQmVhcmVyIFRv a2VuIFVzYWdlICAgICAgICAgICAgIEp1bHkgMjAxMgoKCiAgIG8gIENoYW5nZWQgQWNrbm93bGVk Z2VtZW50cyB0byB1c2Ugb25seSBBU0NJSSBjaGFyYWN0ZXJzLCBwZXIgdGhlIFJGQwogICAgICBz dHlsZSBndWlkZS4KCiAgIC0yMAoKICAgbyAgQWRkZWQgY2F2ZWF0IGFib3V0IHVzaW5nIGEgcmVz ZXJ2ZWQgcXVlcnkgcGFyYW1ldGVyIG5hbWUgYmVpbmcKICAgICAgY291bnRlciB0byBVUkkgbmFt ZXNwYWNlIGJlc3QgcHJhY3RpY2VzLgoKICAgbyAgU3BlY2lmaWVkIHVzZSBvZiBDYWNoZS1Db250 cm9sIG9wdGlvbnMgd2hlbiB1c2luZyB0aGUgVVJJIFF1ZXJ5CiAgICAgIFBhcmFtZXRlciBtZXRo b2QuCgogICBvICBDaGFuZ2VkIHRpdGxlIHRvICJUaGUgT0F1dGggMi4wIEF1dGhvcml6YXRpb24g RnJhbWV3b3JrOiBCZWFyZXIKICAgICAgVG9rZW4gVXNhZ2UiLgoKICAgbyAgUmVmZXJlbmNlZCBz eW50YXggZGVmaW5pdGlvbnMgZm9yIHRoZSAic2NvcGUiLCAiZXJyb3IiLAogICAgICAiZXJyb3Jf ZGVzY3JpcHRpb24iLCBhbmQgImVycm9yX3VyaSIgcGFyYW1ldGVycyBpbiB0aGUgT0F1dGggMi4w CiAgICAgIGNvcmUgc3BlYy4KCiAgIG8gIFJlZ2lzdGVyZWQgdGhlICJpbnZhbGlkX3JlcXVlc3Qi LCAiaW52YWxpZF90b2tlbiIsIGFuZAogICAgICAiaW5zdWZmaWNpZW50X3Njb3BlIiBlcnJvciB2 YWx1ZXMgaW4gdGhlIE9BdXRoIEV4dGVuc2lvbnMgRXJyb3IKICAgICAgUmVnaXN0cnkuCgogICBv ICBBY2tub3dsZWRnZWQgYWRkaXRpb25hbCBpbmRpdmlkdWFscy4KCiAgIC0xOQoKICAgbyAgQWRk cmVzc2VkIERJU0NVU1MgaXNzdWVzIGFuZCBjb21tZW50cyByYWlzZWQgZm9yIHdoaWNoIHJlc29s dXRpb25zCiAgICAgIGhhdmUgYmVlbiBhZ3JlZWQgdG8uICBObyBub3JtYXRpdmUgY2hhbmdlcyB3 ZXJlIG1hZGUuICBDaGFuZ2VzCiAgICAgIG1hZGUgd2VyZToKCiAgIG8gIFVzZSBBQk5GIGZyb20g UkZDIDUyMzQuCgogICBvICBBZGRlZCBzZW50ZW5jZSAiVGhlIEJlYXJlciBhdXRoZW50aWNhdGlv biBzY2hlbWUgaXMgaW50ZW5kZWQKICAgICAgcHJpbWFyaWx5IGZvciBzZXJ2ZXIgYXV0aGVudGlj YXRpb24gdXNpbmcgdGhlIFdXVy1BdXRoZW50aWNhdGUgYW5kCiAgICAgIEF1dGhvcml6YXRpb24g SFRUUCBoZWFkZXJzLCBidXQgZG9lcyBub3QgcHJlY2x1ZGUgaXRzIHVzZSBmb3IKICAgICAgcHJv eHkgYXV0aGVudGljYXRpb24iIHRvIHRoZSBpbnRyb2R1Y3Rpb24uCgogICBvICBJbiB0aGUgaW50 cm9kdWN0aW9uLCBzdGF0ZSB0aGF0IHRoaXMgZG9jdW1lbnQgYWxzbyBpbXBvc2VzCiAgICAgIHNl bWFudGljIHJlcXVpcmVtZW50cyB1cG9uIHRoZSBhY2Nlc3MgdG9rZW4uCgogICBvICBSZWZlcmVu Y2UgdGhlICJzY29wZSIgZGVmaW5pdGlvbiBpbiB0aGUgT0F1dGggY29yZSBzcGVjLgoKICAgbyAg QWRkZWQgInNjb3BlIiBleGFtcGxlcy4KCiAgIG8gIFJlZmVyZW5jZSBSRkMgNjI2NSBmb3Igc2Vj dXJpdHkgY29uc2lkZXJhdGlvbnMgYWJvdXQgY29va2llcy4KCiAgIC0xOAoKCgoKSm9uZXMsIGV0 IGFsLiAgICAgICAgICAgRXhwaXJlcyBKYW51YXJ5IDEwLCAyMDEzICAgICAgICAgICAgICAgW1Bh Z2UgMTldCgwKSW50ZXJuZXQtRHJhZnQgICAgICAgIE9BdXRoIDIuMCBCZWFyZXIgVG9rZW4gVXNh Z2UgICAgICAgICAgICAgSnVseSAyMDEyCgoKICAgbyAgQ2hhbmdlZCBleGFtcGxlIGJlYXJlciB0 b2tlbiB2YWx1ZSBmcm9tIHZGOWRmdDRxbVQgdG8gbUZfOS5CNWYtCiAgICAgIDQuMUpxTS4KCiAg IG8gIEFkZGVkIGV4YW1wbGUgYWNjZXNzIHRva2VuIHJlc3BvbnNlIHJldHVybmluZyBhIEJlYXJl ciB0b2tlbi4KCiAgIC0xNwoKICAgbyAgUmVzdG9yZSBSRkMgMjgxOCByZWZlcmVuY2UgZm9yIHNl cnZlciBpZGVudGl0eSB2ZXJpZmljYXRpb24gYW5kCiAgICAgIGFkZCBSRkMgNTI4MCByZWZlcmVu Y2UgZm9yIGNlcnRpZmljYXRlIHJldm9jYXRpb24gbGlzdHMsIHBlciBHZW4tCiAgICAgIEFSVCBy ZXZpZXcgY29tbWVudHMuCgogICAtMTYKCiAgIG8gIFVzZSB0aGUgSFRUUGJpcyBhdXRoLXBhcmFt IHN5bnRheCBmb3IgQmVhcmVyIGNoYWxsZW5nZSBhdHRyaWJ1dGVzLgoKICAgbyAgRHJvcHBlZCB0 aGUgc2VudGVuY2UgIlRoZSAicmVhbG0iIHZhbHVlIGlzIGludGVuZGVkIGZvcgogICAgICBwcm9n cmFtbWF0aWMgdXNlIGFuZCBpcyBub3QgbWVhbnQgdG8gYmUgZGlzcGxheWVkIHRvIGVuZCB1c2Vy cyIuCgogICBvICBSZW9yZGVyZWQgZm9ybS1lbmNvZGVkIGJvZHkgcGFyYW1ldGVyIGRlc2NyaXB0 aW9uIGJ1bGxldHMgZm9yCiAgICAgIGJldHRlciByZWFkYWJpbGl0eS4KCiAgIG8gIEFkZGVkIFtV U0FTQ0lJXSByZWZlcmVuY2UuCgogICAtMTUKCiAgIG8gIENsYXJpZmllZCB0aGF0IGZvcm0tZW5j b2RlZCBjb250ZW50IG11c3QgY29uc2lzdCBlbnRpcmVseSBvZiBBU0NJSQogICAgICBjaGFyYWN0 ZXJzLgoKICAgbyAgQWRkZWQgVExTIHZlcnNpb24gcmVxdWlyZW1lbnRzLgoKICAgbyAgQXBwbGll ZCBlZGl0b3JpYWwgaW1wcm92ZW1lbnRzIHN1Z2dlc3RlZCBieSBNYXJrIE5vdHRpbmdoYW0gZHVy aW5nCiAgICAgIHRoZSBBUFBTIGFyZWEgcmV2aWV3LgoKICAgLTE0CgogICBvICBDaGFuZ2VzIG1h ZGUgaW4gcmVzcG9uc2UgdG8gcmV2aWV3IGNvbW1lbnRzIGJ5IFNlY3VyaXR5IEFyZWEKICAgICAg RGlyZWN0b3IgU3RlcGhlbiBGYXJyZWxsLiAgU3BlY2lmaWNhbGx5OgoKICAgbyAgU3RyZW5ndGhl bmVkIHdhcm5pbmdzIGFib3V0IHBhc3NpbmcgYW4gYWNjZXNzIHRva2VuIGFzIGEgcXVlcnkKICAg ICAgcGFyYW1ldGVyIGFuZCBtb3JlIHByZWNpc2VseSBkZXNjcmliZWQgdGhlIGxpbWl0YXRpb25z IHBsYWNlZCB1cG9uCiAgICAgIHRoZSB1c2Ugb2YgdGhpcyBtZXRob2QuCgogICBvICBDbGFyaWZp ZWQgdGhhdCB0aGUgInJlYWxtIiBhdHRyaWJ1dGUgTUFZIGluY2x1ZGVkIHRvIGluZGljYXRlIHRo ZQogICAgICBzY29wZSBvZiBwcm90ZWN0aW9uIGluIHRoZSBtYW5uZXIgZGVzY3JpYmVkIGluIEhU VFAvMS4xLCBQYXJ0IDcKICAgICAgW0ktRC5pZXRmLWh0dHBiaXMtcDctYXV0aF0uCgogICBvICBO b3JtYXRpdmVseSBzdGF0ZWQgdGhhdCAidGhlIHRva2VuIGludGVncml0eSBwcm90ZWN0aW9uIE1V U1QgYmUKICAgICAgc3VmZmljaWVudCB0byBwcmV2ZW50IHRoZSB0b2tlbiBmcm9tIGJlaW5nIG1v ZGlmaWVkIi4KCgoKSm9uZXMsIGV0IGFsLiAgICAgICAgICAgRXhwaXJlcyBKYW51YXJ5IDEwLCAy MDEzICAgICAgICAgICAgICAgW1BhZ2UgMjBdCgwKSW50ZXJuZXQtRHJhZnQgICAgICAgIE9BdXRo IDIuMCBCZWFyZXIgVG9rZW4gVXNhZ2UgICAgICAgICAgICAgSnVseSAyMDEyCgoKICAgbyAgQWRk ZWQgc3RhdGVtZW50IHRoYXQgIlRMUyBpcyBtYW5kYXRvcnkgdG8gaW1wbGVtZW50IGFuZCB1c2Ug d2l0aAogICAgICB0aGlzIHNwZWNpZmljYXRpb24iIHRvIHRoZSBpbnRyb2R1Y3Rpb24uCgogICBv ICBTdGF0ZWQgdGhhdCBUTFMgTVVTVCBiZSB1c2VkIHdpdGggImEgY2lwaGVyc3VpdGUgdGhhdCBw cm92aWRlcwogICAgICBjb25maWRlbnRpYWxpdHkgYW5kIGludGVncml0eSBwcm90ZWN0aW9uIi4K CiAgIG8gIEFkZGVkICJBcyBhIGZ1cnRoZXIgZGVmZW5zZSBhZ2FpbnN0IHRva2VuIGRpc2Nsb3N1 cmUsIHRoZSBjbGllbnQKICAgICAgTVVTVCB2YWxpZGF0ZSB0aGUgVExTIGNlcnRpZmljYXRlIGNo YWluIHdoZW4gbWFraW5nIHJlcXVlc3RzIHRvCiAgICAgIHByb3RlY3RlZCByZXNvdXJjZXMiIHRv IHRoZSBUaHJlYXQgTWl0aWdhdGlvbiBzZWN0aW9uLgoKICAgbyAgQ2xhcmlmaWVkIHRoYXQgcHV0 dGluZyBhIHZhbGlkaXR5IHRpbWUgZmllbGQgaW5zaWRlIHRoZSBwcm90ZWN0ZWQKICAgICAgcGFy dCBvZiB0aGUgdG9rZW4gaXMgb25lIG1lYW5zLCBidXQgbm90IHRoZSBvbmx5IG1lYW5zLCBvZgog ICAgICBsaW1pdGluZyB0aGUgbGlmZXRpbWUgb2YgdGhlIHRva2VuLgoKICAgbyAgRHJvcHBlZCB0 aGUgY29uZnVzaW5nIHBocmFzZSAiZm9yIGluc3RhbmNlLCB0aHJvdWdoIHRoZSB1c2Ugb2YKICAg ICAgVExTIiBmcm9tIHRoZSBzZW50ZW5jZSBhYm91dCBjb25maWRlbnRpYWxpdHkgcHJvdGVjdGlv biBvZiB0aGUKICAgICAgZXhjaGFuZ2VzLgoKICAgbyAgUmVmZXJlbmNlIFJGQyA2MTI1IGZvciBp ZGVudGl0eSB2ZXJpZmljYXRpb24sIHJhdGhlciB0aGFuIFJGQwogICAgICAyODE4LgoKICAgbyAg U3RhdGVkIHRoYXQgdGhlIHRva2VuIE1VU1QgYmUgcHJvdGVjdGVkIGJldHdlZW4gZnJvbnQgZW5k IGFuZCBiYWNrCiAgICAgIGVuZCBzZXJ2ZXJzIHdoZW4gdGhlIFRMUyBjb25uZWN0aW9uIHRlcm1p bmF0ZXMgYXQgYSBmcm9udCBlbmQKICAgICAgc2VydmVyIHRoYXQgaXMgZGlzdGluY3QgZnJvbSB0 aGUgYWN0dWFsIHNlcnZlciB0aGF0IHByb3ZpZGVzIHRoZQogICAgICByZXNvdXJjZS4KCiAgIG8g IFN0YXRlZCB0aGF0IGJlYXJlciB0b2tlbnMgTVVTVCBOT1QgYmUgc3RvcmVkIGluIGNvb2tpZXMg dGhhdCBjYW4KICAgICAgYmUgc2VudCBpbiB0aGUgY2xlYXIgaW4gdGhlIFRocmVhdCBNaXRpZ2F0 aW9uIHNlY3Rpb24uCgogICBvICBSZXBsYWNlZCBzb2xlIHJlbWFpbmluZyByZWZlcmVuY2UgdG8g W1JGQzI2MTZdIHdpdGggSFRUUGJpcwogICAgICBbSS1ELmlldGYtaHR0cGJpcy1wMS1tZXNzYWdp bmddIHJlZmVyZW5jZS4KCiAgIG8gIFJlcGxhY2VkIGFsbCByZWZlcmVuY2VzIHdoZXJlIHRoZSBy ZWZlcmVuY2UgaXMgdXNlZCBhcyBpZiBpdCB3ZXJlCiAgICAgIHBhcnQgb2YgdGhlIHNlbnRlbmNl IChzdWNoIGFzICJkZWZpbmVkIGJ5IFtJLUQud2hhdGV2ZXJdIikgd2l0aAogICAgICBvbmVzIHdo ZXJlIHRoZSBzcGVjaWZpY2F0aW9uIG5hbWUgaXMgdXNlZCwgZm9sbG93ZWQgYnkgdGhlCiAgICAg IHJlZmVyZW5jZSAoc3VjaCBhcyAiZGVmaW5lZCBieSBXaGF0ZXZlciBbSS1ELndoYXRldmVyXSIp LgoKICAgbyAgT3RoZXIgb24tbm9ybWF0aXZlIGVkaXRvcmlhbCBpbXByb3ZlbWVudHMuCgogICAt MTMKCiAgIG8gIEF0IHRoZSByZXF1ZXN0IG9mIEhhbm5lcyBUc2Nob2ZlbmlnLCBtYWRlIEFCTkYg Y2hhbmdlcyB0byBtYWtlIGl0CiAgICAgIGNsZWFyIHRoYXQgbm8gc3BlY2lhbCBXV1ctQXV0aGVu dGljYXRlIHJlc3BvbnNlIGhlYWRlciBmaWVsZAogICAgICBwYXJzZXJzIGFyZSBuZWVkZWQuICBU aGUgInNjb3BlIiwgImVycm9yLWRlc2NyaXB0aW9uIiwgYW5kCiAgICAgICJlcnJvci11cmkiIHBh cmFtZXRlcnMgYXJlIGFsbCBub3cgZGVmaW5lZCBhcyBxdW90ZWQtc3RyaW5nIGluIHRoZQogICAg ICBBQk5GIChhcyAiZXJyb3IiIGFscmVhZHkgd2FzKS4gIFJlc3RyaWN0aW9ucyBvbiB0aGVzZSB2 YWx1ZXMgdGhhdAogICAgICB3ZXJlIGZvcm1lcmx5IGRlc2NyaWJlZCBpbiB0aGUgQUJORnMgYXJl IG5vdyBkZXNjcmliZWQgaW4KICAgICAgbm9ybWF0aXZlIHRleHQgaW5zdGVhZC4KCgoKSm9uZXMs IGV0IGFsLiAgICAgICAgICAgRXhwaXJlcyBKYW51YXJ5IDEwLCAyMDEzICAgICAgICAgICAgICAg W1BhZ2UgMjFdCgwKSW50ZXJuZXQtRHJhZnQgICAgICAgIE9BdXRoIDIuMCBCZWFyZXIgVG9rZW4g VXNhZ2UgICAgICAgICAgICAgSnVseSAyMDEyCgoKICAgLTEyCgogICBvICBNYWRlIG5vbi1ub3Jt YXRpdmUgZWRpdG9yaWFsIGNoYW5nZXMgdGhhdCBIYW5uZXMgVHNjaG9mZW5pZwogICAgICByZXF1 ZXN0ZWQgYmUgYXBwbGllZCBwcmlvciB0byBmb3J3YXJkaW5nIHRoZSBzcGVjaWZpY2F0aW9uIHRv IHRoZQogICAgICBJRVNHLgoKICAgbyAgQWRkZWQgcmF0aW9uYWxlIGZvciB0aGUgY2hvaWNlIG9m IHRoZSBiNjR0b2tlbiBzeW50YXguCgogICBvICBBZGRlZCByYXRpb25hbGUgc3RhdGluZyB0aGF0 IHJlY2VpdmVycyBhcmUgZnJlZSB0byBwYXJzZSB0aGUKICAgICAgInNjb3BlIiBhdHRyaWJ1dGUg dXNpbmcgYSBzdGFuZGFyZCBxdW90ZWQtc3RyaW5nIHBhcnNlciwgc2luY2UgaXQKICAgICAgd2ls bCBjb3JyZWN0bHkgcHJvY2VzcyBhbGwgbGVnYWwgInNjb3BlIiB2YWx1ZXMuCgogICBvICBBZGRl ZCBhZGRpdGlvbmFsIGFjdGl2ZSB3b3JraW5nIGdyb3VwIGNvbnRyaWJ1dG9ycyB0byB0aGUKICAg ICAgQWNrbm93bGVkZ2VtZW50cyBzZWN0aW9uLgoKICAgLTExCgogICBvICBSZXBsYWNlZCB1c2Vz IG9mIDwiPiB3aXRoIERRVU9URSB0byBwYXNzIEFCTkYgc3ludGF4IGNoZWNrLgoKICAgLTEwCgog ICBvICBSZW1vdmVkIHRoZSAjYXV0aC1wYXJhbSBvcHRpb24gZnJvbSBBdXRob3JpemF0aW9uIGhl YWRlciBzeW50YXgKICAgICAgKGxlYXZpbmcgb25seSB0aGUgYjY0dG9rZW4gc3ludGF4KS4KCiAg IG8gIFJlc3RyaWN0ZWQgdGhlICJzY29wZSIgdmFsdWUgY2hhcmFjdGVyIHNldCB0byAleDIxIC8g JXgyMy01QiAvCiAgICAgICV4NUQtN0UgKHByaW50YWJsZSBBU0NJSSBjaGFyYWN0ZXJzIGV4Y2x1 ZGluZyBkb3VibGUtcXVvdGUgYW5kCiAgICAgIGJhY2tzbGFzaCkuICBJbmRpY2F0ZWQgdGhhdCBz Y29wZSBpcyBpbnRlbmRlZCBmb3IgcHJvZ3JhbW1hdGljIHVzZQogICAgICBhbmQgaXMgbm90IG1l YW50IHRvIGJlIGRpc3BsYXllZCB0byBlbmQgdXNlcnMuCgogICBvICBSZXN0cmljdGVkIHRoZSBj aGFyYWN0ZXIgc2V0IGZvciAiZXJyb3JfZGVzY3JpcHRpb24iIHN0cmluZ3MgdG8gU1AKICAgICAg LyBWQ0hBUiBhbmQgaW5kaWNhdGVkIHRoYXQgdGhleSBhcmUgbm90IG1lYW50IHRvIGJlIGRpc3Bs YXllZCB0bwogICAgICBlbmQgdXNlcnMuCgogICBvICBJbmNsdWRlZCBtb3JlIGRlc2NyaXB0aW9u IGluIHRoZSBBYnN0cmFjdCwgc2luY2UgSGFubmVzIFRzY2hvZmVuaWcKICAgICAgaW5kaWNhdGVk IHRoYXQgdGhlIFJGQyBlZGl0b3Igd291bGQgcmVxdWlyZSB0aGlzLgoKICAgbyAgQ2hhbmdlZCAi QWNjZXNzIEdyYW50IiB0byAiQXV0aG9yaXphdGlvbiBHcmFudCIsIGFzIHdhcyBkb25lIGluCiAg ICAgIHRoZSBjb3JlIHNwZWMuCgogICBvICBTaW1wbGlmaWVkIHRoZSBpbnRyb2R1Y3Rpb24gdG8g dGhlIEF1dGhlbnRpY2F0ZWQgUmVxdWVzdHMgc2VjdGlvbi4KCiAgIC0wOQoKICAgbyAgSW5jb3Jw b3JhdGVkIHdvcmtpbmcgZ3JvdXAgbGFzdCBjYWxsIGNvbW1lbnRzLiAgU3BlY2lmaWMgY2hhbmdl cwogICAgICB3ZXJlOgoKICAgbyAgVXNlIGRlZmluaXRpb25zIGZyb20gW0ktRC5pZXRmLWh0dHBi aXMtcDctYXV0aF0gcmF0aGVyIHRoYW4KICAgICAgW1JGQzI2MTddLgoKCgpKb25lcywgZXQgYWwu ICAgICAgICAgICBFeHBpcmVzIEphbnVhcnkgMTAsIDIwMTMgICAgICAgICAgICAgICBbUGFnZSAy Ml0KDApJbnRlcm5ldC1EcmFmdCAgICAgICAgT0F1dGggMi4wIEJlYXJlciBUb2tlbiBVc2FnZSAg ICAgICAgICAgICBKdWx5IDIwMTIKCgogICBvICBVcGRhdGUgY3JlZGVudGlhbHMgZGVmaW5pdGlv biB0byBjb25mb3JtIHRvCiAgICAgIFtJLUQuaWV0Zi1odHRwYmlzLXA3LWF1dGhdLgoKICAgbyAg RnVydGhlciBjbGFyaWZpZWQgdGhhdCBxdWVyeSBwYXJhbWV0ZXJzIG1heSBvY2N1ciBpbiBhbnkg b3JkZXIuCgogICBvICBTcGVjaWZ5IHRoYXQgZXJyb3JfZGVzY3JpcHRpb24gaXMgVVRGLTggZW5j b2RlZCAobWF0Y2hpbmcgdGhlIGNvcmUKICAgICAgc3BlY2lmaWNhdGlvbikuCgogICBvICBSZWdp c3RlcmVkICJCZWFyZXIiIEF1dGhlbnRpY2F0aW9uIFNjaGVtZSBpbiBBdXRoZW50aWNhdGlvbiBT Y2hlbWUKICAgICAgUmVnaXN0cnkgZGVmaW5lZCBieSBbSS1ELmlldGYtaHR0cGJpcy1wNy1hdXRo XS4KCiAgIG8gIFVwZGF0ZWQgcmVmZXJlbmNlcyB0byBvYXV0aC12MiwgaHR0cGJpcy1wMS1tZXNz YWdpbmcsIGFuZCBodHRwYmlzLQogICAgICBwNy1hdXRoIGRyYWZ0cy4KCiAgIG8gIE90aGVyIHdv cmRpbmcgaW1wcm92ZW1lbnRzIG5vdCBpbnRyb2R1Y2luZyBub3JtYXRpdmUgY2hhbmdlcy4KCiAg IC0wOAoKICAgbyAgVXBkYXRlZCByZWZlcmVuY2VzIHRvIG9hdXRoLXYyIGFuZCBIVFRQYmlzIGRy YWZ0cy4KCiAgIC0wNwoKICAgbyAgQWRkZWQgbWlzc2luZyBjb21tYSBpbiBlcnJvciByZXNwb25z ZSBleGFtcGxlLgoKICAgLTA2CgogICBvICBDaGFuZ2VkIHBhcmFtZXRlciBuYW1lICJiZWFyZXJf dG9rZW4iIHRvICJhY2Nlc3NfdG9rZW4iLCBwZXIKICAgICAgd29ya2luZyBncm91cCBjb25zZW5z dXMuCgogICBvICBDaGFuZ2VkIEhUVFAgc3RhdHVzIGNvZGUgZm9yICJpbnZhbGlkX3JlcXVlc3Qi IGVycm9yIGNvZGUgZnJvbQogICAgICBIVFRQIDQwMSAoVW5hdXRob3JpemVkKSBiYWNrIHRvIEhU VFAgNDAwIChCYWQgUmVxdWVzdCksIHBlciBpbnB1dAogICAgICBmcm9tIEhUVFAgd29ya2luZyBn cm91cCBleHBlcnRzLgoKICAgLTA1CgogICBvICBSZW1vdmVkIE9BdXRoIEVycm9ycyBSZWdpc3Ry eSwgcGVyIGRlc2lnbiB0ZWFtIGlucHV0LgoKICAgbyAgQ2hhbmdlZCBIVFRQIHN0YXR1cyBjb2Rl IGZvciAiaW52YWxpZF9yZXF1ZXN0IiBlcnJvciBjb2RlIGZyb20KICAgICAgSFRUUCA0MDAgKEJh ZCBSZXF1ZXN0KSB0byBIVFRQIDQwMSAoVW5hdXRob3JpemVkKSB0byBtYXRjaCBIVFRQCiAgICAg IHVzYWdlIFtbIGNoYW5nZSBwZW5kaW5nIHdvcmtpbmcgZ3JvdXAgY29uc2Vuc3VzIF1dLgoKICAg byAgQWRkZWQgbWlzc2luZyBxdW90YXRpb24gbWFya3MgaW4gZXJyb3ItdXJpIGRlZmluaXRpb24u CgogICBvICBBZGRlZCBub3RlIHRvIGFkZCBsYW5ndWFnZSBhbmQgZW5jb2RpbmcgaW5mb3JtYXRp b24gdG8KICAgICAgZXJyb3JfZGVzY3JpcHRpb24gaWYgdGhlIGNvcmUgc3BlY2lmaWNhdGlvbiBk b2VzLgoKICAgbyAgRXhwbGljaXRseSByZWZlcmVuY2UgdGhlIEF1Z21lbnRlZCBCYWNrdXMtTmF1 ciBGb3JtIChBQk5GKSBkZWZpbmVkCiAgICAgIGluIFtSRkM1MjM0XS4KCgoKSm9uZXMsIGV0IGFs LiAgICAgICAgICAgRXhwaXJlcyBKYW51YXJ5IDEwLCAyMDEzICAgICAgICAgICAgICAgW1BhZ2Ug MjNdCgwKSW50ZXJuZXQtRHJhZnQgICAgICAgIE9BdXRoIDIuMCBCZWFyZXIgVG9rZW4gVXNhZ2Ug ICAgICAgICAgICAgSnVseSAyMDEyCgoKICAgbyAgVXNlIGF1dGgtcGFyYW0gaW5zdGVhZCBvZiBy ZXBlYXRpbmcgaXRzIGRlZmluaXRpb24sIHdoaWNoIGlzICgKICAgICAgdG9rZW4gIj0iICggdG9r ZW4gLyBxdW90ZWQtc3RyaW5nICkgKS4KCiAgIG8gIENsYXJpZnkgc2VjdXJpdHkgY29uc2lkZXJh dGlvbnMgYWJvdXQgaW5jbHVkaW5nIGFuIGF1ZGllbmNlCiAgICAgIHJlc3RyaWN0aW9uIGluIHRo ZSB0b2tlbiBhbmQgaW5jbHVkZSBhIHJlY29tbWVuZGF0aW9uIHRvIGlzc3VlCiAgICAgIHNjb3Bl ZCBiZWFyZXIgdG9rZW5zIGluIHRoZSBzdW1tYXJ5IG9mIHJlY29tbWVuZGF0aW9ucy4KCiAgIC0w NAoKICAgbyAgRWRpdHMgcmVzcG9uZGluZyB0byB3b3JraW5nIGdyb3VwIGxhc3QgY2FsbCBmZWVk YmFjayBvbiAtMDMuCiAgICAgIFNwZWNpZmljIGVkaXRzIGVudW1lcmF0ZWQgYmVsb3cuCgogICBv ICBBZGRlZCBCZWFyZXIgVG9rZW4gZGVmaW5pdGlvbiBpbiBUZXJtaW5vbG9neSBzZWN0aW9uLgoK ICAgbyAgQ2hhbmdlZCBwYXJhbWV0ZXIgbmFtZSAib2F1dGhfdG9rZW4iIHRvICJiZWFyZXJfdG9r ZW4iLgoKICAgbyAgQWRkZWQgcmVhbG0gcGFyYW1ldGVyIHRvICJXV1ctQXV0aGVudGljYXRlIiBy ZXNwb25zZSB0byBjb21wbHkKICAgICAgd2l0aCBbUkZDMjYxN10uCgogICBvICBSZW1vdmVkICJb IFJXUyAxI2F1dGgtcGFyYW0gXSIgZnJvbSAiY3JlZGVudGlhbHMiIGRlZmluaXRpb24gc2luY2UK ICAgICAgaXQgZGlkIG5vdCBjb21wbHkgd2l0aCB0aGUgQUJORiBpbiBbSS1ELmlldGYtaHR0cGJp cy1wNy1hdXRoXS4KCiAgIG8gIFJlbW92ZWQgcmVzdHJpY3Rpb24gdGhhdCB0aGUgImJlYXJlcl90 b2tlbiIgKGZvcm1lcmx5CiAgICAgICJvYXV0aF90b2tlbiIpIHBhcmFtZXRlciBiZSB0aGUgbGFz dCBwYXJhbWV0ZXIgaW4gdGhlIGVudGl0eS1ib2R5CiAgICAgIGFuZCB0aGUgSFRUUCByZXF1ZXN0 IFVSSSBxdWVyeS4KCiAgIG8gIERvIG5vdCByZXF1aXJlIFdXVy1BdXRoZW50aWNhdGUgUmVzcG9u c2UgaW4gYSByZXBseSB0byBhIG1hbGZvcm1lZAogICAgICByZXF1ZXN0LCBhcyBhbiBIVFRQIDQw MCBCYWQgUmVxdWVzdCByZXNwb25zZSB3aXRob3V0IGEgV1dXLQogICAgICBBdXRoZW50aWNhdGUg aGVhZGVyIGlzIGxpa2VseSB0aGUgcmlnaHQgcmVzcG9uc2UgaW4gc29tZSBjYXNlcyBvZgogICAg ICBtYWxmb3JtZWQgcmVxdWVzdHMuCgogICBvICBSZW1vdmVkIE9BdXRoIFBhcmFtZXRlcnMgcmVn aXN0cnkgZXh0ZW5zaW9uLgoKICAgbyAgTnVtZXJvdXMgZWRpdG9yaWFsIGltcHJvdmVtZW50cyBz dWdnZXN0ZWQgYnkgd29ya2luZyBncm91cAogICAgICBtZW1iZXJzLgoKICAgLTAzCgogICBvICBS ZXN0b3JlZCB0aGUgV1dXLUF1dGhlbnRpY2F0ZSByZXNwb25zZSBoZWFkZXIgZnVuY3Rpb25hbGl0 eQogICAgICBkZWxldGVkIGZyb20gdGhlIGZyYW1ld29yayBzcGVjaWZpY2F0aW9uIGluIGRyYWZ0 IDEyIGJhc2VkIHVwb24KICAgICAgdGhlIHNwZWNpZmljYXRpb24gdGV4dCBmcm9tIGRyYWZ0IDEx LgoKICAgbyAgQXVnbWVudGVkIHRoZSBPQXV0aCBQYXJhbWV0ZXJzIHJlZ2lzdHJ5IGJ5IGFkZGlu ZyB0d28gYWRkaXRpb25hbAogICAgICBwYXJhbWV0ZXIgdXNhZ2UgbG9jYXRpb25zOiAicmVzb3Vy Y2UgcmVxdWVzdCIgYW5kICJyZXNvdXJjZQogICAgICByZXNwb25zZSIuCgogICBvICBSZWdpc3Rl cmVkIHRoZSAib2F1dGhfdG9rZW4iIE9BdXRoIHBhcmFtZXRlciB3aXRoIHVzYWdlIGxvY2F0aW9u CiAgICAgICJyZXNvdXJjZSByZXF1ZXN0Ii4KCgoKSm9uZXMsIGV0IGFsLiAgICAgICAgICAgRXhw aXJlcyBKYW51YXJ5IDEwLCAyMDEzICAgICAgICAgICAgICAgW1BhZ2UgMjRdCgwKSW50ZXJuZXQt RHJhZnQgICAgICAgIE9BdXRoIDIuMCBCZWFyZXIgVG9rZW4gVXNhZ2UgICAgICAgICAgICAgSnVs eSAyMDEyCgoKICAgbyAgUmVnaXN0ZXJlZCB0aGUgImVycm9yIiBPQXV0aCBwYXJhbWV0ZXIuCgog ICBvICBDcmVhdGVkIHRoZSBPQXV0aCBFcnJvciByZWdpc3RyeSBhbmQgcmVnaXN0ZXJlZCBlcnJv cnMuCgogICBvICBDaGFuZ2VkIHRoZSAiT0F1dGgyIiBPQXV0aCBhY2Nlc3MgdG9rZW4gdHlwZSBu YW1lIHRvICJCZWFyZXIiLgoKICAgLTAyCgogICBvICBJbmNvcnBvcmF0ZWQgZmVlZGJhY2sgcmVj ZWl2ZWQgb24gZHJhZnQgMDEuICBNb3N0IGNoYW5nZXMgd2VyZSB0bwogICAgICB0aGUgc2VjdXJp dHkgY29uc2lkZXJhdGlvbnMgc2VjdGlvbi4gIE5vIG5vcm1hdGl2ZSBjaGFuZ2VzIHdlcmUKICAg ICAgbWFkZS4gIFNwZWNpZmljIGNoYW5nZXMgaW5jbHVkZWQ6CgogICBvICBDaGFuZ2VkIHRlcm1p bm9sb2d5IGZyb20gInRva2VuIHJldXNlIiB0byAidG9rZW4gY2FwdHVyZSBhbmQKICAgICAgcmVw bGF5Ii4KCiAgIG8gIFJlbW92ZWQgc2VudGVuY2UgIkVuY3J5cHRpbmcgdGhlIHRva2VuIGNvbnRl bnRzIGlzIGFub3RoZXIKICAgICAgYWx0ZXJuYXRpdmUiIGZyb20gdGhlIHNlY3VyaXR5IGNvbnNp ZGVyYXRpb25zIHNpbmNlIGl0IHdhcwogICAgICByZWR1bmRhbnQgYW5kIHBvdGVudGlhbGx5IGNv bmZ1c2luZy4KCiAgIG8gIENvcnJlY3RlZCBzb21lIHJlZmVyZW5jZXMgdG8gInJlc291cmNlIHNl cnZlciIgdG8gYmUKICAgICAgImF1dGhvcml6YXRpb24gc2VydmVyIiBpbiB0aGUgc2VjdXJpdHkg Y29uc2lkZXJhdGlvbnMuCgogICBvICBHZW5lcmFsaXplZCBzZWN1cml0eSBjb25zaWRlcmF0aW9u cyBsYW5ndWFnZSBhYm91dCBvYnRhaW5pbmcKICAgICAgY29uc2VudCBvZiB0aGUgcmVzb3VyY2Ug b3duZXIuCgogICBvICBCcm9hZGVuZWQgc2NvcGUgb2Ygc2VjdXJpdHkgY29uc2lkZXJhdGlvbnMg ZGVzY3JpcHRpb24gZm9yCiAgICAgIHJlY29tbWVuZGF0aW9uICJEb24ndCBwYXNzIGJlYXJlciB0 b2tlbnMgaW4gcGFnZSBVUkxzIi4KCiAgIG8gIFJlbW92ZWQgdW51c2VkIHJlZmVyZW5jZSB0byBP QXV0aCAxLjAuCgogICBvICBVcGRhdGVkIHJlZmVyZW5jZSB0byBmcmFtZXdvcmsgc3BlY2lmaWNh dGlvbiBhbmQgdXBkYXRlZCBEYXZpZAogICAgICBSZWNvcmRvbidzIGUtbWFpbCBhZGRyZXNzLgoK ICAgbyAgUmVtb3ZlZCBzZWN1cml0eSBjb25zaWRlcmF0aW9ucyB0ZXh0IG9uIGF1dGhlbnRpY2F0 aW5nIGNsaWVudHMuCgogICBvICBSZWdpc3RlcmVkIHRoZSAiT0F1dGgyIiBPQXV0aCBhY2Nlc3Mg dG9rZW4gdHlwZSBhbmQgIm9hdXRoX3Rva2VuIgogICAgICBwYXJhbWV0ZXIuCgogICAtMDEKCiAg IG8gIEZpcnN0IHB1YmxpYyBkcmFmdCwgd2hpY2ggaW5jb3Jwb3JhdGVzIGZlZWRiYWNrIHJlY2Vp dmVkIG9uIC0wMAogICAgICBpbmNsdWRpbmcgZW5oYW5jZWQgU2VjdXJpdHkgQ29uc2lkZXJhdGlv bnMgY29udGVudC4gIFRoaXMgdmVyc2lvbgogICAgICBpcyBpbnRlbmRlZCB0byBhY2NvbXBhbnkg T0F1dGggMi4wIGRyYWZ0IDExLgoKICAgLTAwCgogICBvICBJbml0aWFsIGRyYWZ0IGJhc2VkIG9u IHByZWxpbWluYXJ5IHZlcnNpb24gb2YgT0F1dGggMi4wIGRyYWZ0IDExLgoKCgoKSm9uZXMsIGV0 IGFsLiAgICAgICAgICAgRXhwaXJlcyBKYW51YXJ5IDEwLCAyMDEzICAgICAgICAgICAgICAgW1Bh Z2UgMjVdCgwKSW50ZXJuZXQtRHJhZnQgICAgICAgIE9BdXRoIDIuMCBCZWFyZXIgVG9rZW4gVXNh Z2UgICAgICAgICAgICAgSnVseSAyMDEyCgoKQXV0aG9ycycgQWRkcmVzc2VzCgogICBNaWNoYWVs IEIuIEpvbmVzCiAgIE1pY3Jvc29mdAoKICAgRW1haWw6IG1iakBtaWNyb3NvZnQuY29tCiAgIFVS STogICBodHRwOi8vc2VsZi1pc3N1ZWQuaW5mby8KCgogICBEaWNrIEhhcmR0CiAgIGluZGVwZW5k ZW50CgogICBFbWFpbDogZGljay5oYXJkdEBnbWFpbC5jb20KICAgVVJJOiAgIGh0dHA6Ly9kaWNr aGFyZHQub3JnLwoKCiAgIERhdmlkIFJlY29yZG9uCiAgIEZhY2Vib29rCgogICBFbWFpbDogZHJA ZmIuY29tCiAgIFVSSTogICBodHRwOi8vd3d3LmRhdmlkcmVjb3Jkb24uY29tLwoKCgoKCgoKCgoK CgoKCgoKCgoKCgoKCgoKCgoKCgpKb25lcywgZXQgYWwuICAgICAgICAgICBFeHBpcmVzIEphbnVh cnkgMTAsIDIwMTMgICAgICAgICAgICAgICBbUGFnZSAyNl0KDAo= --_007_4E1F6AAD24975D4BA5B16804296739436657CD16TK5EX14MBXC283r_ Content-Type: text/html; name="draft-ietf-oauth-v2-bearer-22 preliminary.html" Content-Description: draft-ietf-oauth-v2-bearer-22 preliminary.html Content-Disposition: attachment; filename="draft-ietf-oauth-v2-bearer-22 preliminary.html"; size=87253; creation-date="Mon, 09 Jul 2012 13:30:35 GMT"; modification-date="Mon, 09 Jul 2012 13:28:08 GMT" Content-Transfer-Encoding: base64 PCFET0NUWVBFIEhUTUwgUFVCTElDICItLy9XM0MvL0RURCBIVE1MIDQuMDEgVHJhbnNpdGlvbmFs Ly9FTiIgImh0dHA6Ly93d3cudzMub3JnL1RSL2h0bWw0L2xvb3NlLmR0ZCI+CjxodG1sIGxhbmc9 ImVuIj48aGVhZD48dGl0bGU+VGhlIE9BdXRoIDIuMCBBdXRob3JpemF0aW9uIEZyYW1ld29yazog QmVhcmVyIFRva2VuIFVzYWdlPC90aXRsZT4KPG1ldGEgaHR0cC1lcXVpdj0iQ29udGVudC1UeXBl IiBjb250ZW50PSJ0ZXh0L2h0bWw7IGNoYXJzZXQ9dXRmLTgiPgo8bWV0YSBuYW1lPSJkZXNjcmlw dGlvbiIgY29udGVudD0iVGhlIE9BdXRoIDIuMCBBdXRob3JpemF0aW9uIEZyYW1ld29yazogQmVh cmVyIFRva2VuIFVzYWdlIj4KPG1ldGEgbmFtZT0iZ2VuZXJhdG9yIiBjb250ZW50PSJ4bWwycmZj IHYxLjM2IChodHRwOi8veG1sLnJlc291cmNlLm9yZy8pIj4KPHN0eWxlIHR5cGU9J3RleHQvY3Nz Jz48IS0tCiAgICAgICAgYm9keSB7CiAgICAgICAgICAgICAgICBmb250LWZhbWlseTogdmVyZGFu YSwgY2hhcmNvYWwsIGhlbHZldGljYSwgYXJpYWwsIHNhbnMtc2VyaWY7CiAgICAgICAgICAgICAg ICBmb250LXNpemU6IHNtYWxsOyBjb2xvcjogIzAwMDsgYmFja2dyb3VuZC1jb2xvcjogI0ZGRjsK ICAgICAgICAgICAgICAgIG1hcmdpbjogMmVtOwogICAgICAgIH0KICAgICAgICBoMSwgaDIsIGgz LCBoNCwgaDUsIGg2IHsKICAgICAgICAgICAgICAgIGZvbnQtZmFtaWx5OiBoZWx2ZXRpY2EsIG1v bmFjbywgIk1TIFNhbnMgU2VyaWYiLCBhcmlhbCwgc2Fucy1zZXJpZjsKICAgICAgICAgICAgICAg IGZvbnQtd2VpZ2h0OiBib2xkOyBmb250LXN0eWxlOiBub3JtYWw7CiAgICAgICAgfQogICAgICAg IGgxIHsgY29sb3I6ICM5MDA7IGJhY2tncm91bmQtY29sb3I6IHRyYW5zcGFyZW50OyB0ZXh0LWFs aWduOiByaWdodDsgfQogICAgICAgIGgzIHsgY29sb3I6ICMzMzM7IGJhY2tncm91bmQtY29sb3I6 IHRyYW5zcGFyZW50OyB9CgogICAgICAgIHRkLlJGQ2J1ZyB7CiAgICAgICAgICAgICAgICBmb250 LXNpemU6IHgtc21hbGw7IHRleHQtZGVjb3JhdGlvbjogbm9uZTsKICAgICAgICAgICAgICAgIHdp ZHRoOiAzMHB4OyBoZWlnaHQ6IDMwcHg7IHBhZGRpbmctdG9wOiAycHg7CiAgICAgICAgICAgICAg ICB0ZXh0LWFsaWduOiBqdXN0aWZ5OyB2ZXJ0aWNhbC1hbGlnbjogbWlkZGxlOwogICAgICAgICAg ICAgICAgYmFja2dyb3VuZC1jb2xvcjogIzAwMDsKICAgICAgICB9CiAgICAgICAgdGQuUkZDYnVn IHNwYW4uUkZDIHsKICAgICAgICAgICAgICAgIGZvbnQtZmFtaWx5OiBtb25hY28sIGNoYXJjb2Fs LCBnZW5ldmEsICJNUyBTYW5zIFNlcmlmIiwgaGVsdmV0aWNhLCB2ZXJkYW5hLCBzYW5zLXNlcmlm OwogICAgICAgICAgICAgICAgZm9udC13ZWlnaHQ6IGJvbGQ7IGNvbG9yOiAjNjY2OwogICAgICAg IH0KICAgICAgICB0ZC5SRkNidWcgc3Bhbi5ob3RUZXh0IHsKICAgICAgICAgICAgICAgIGZvbnQt ZmFtaWx5OiBjaGFyY29hbCwgbW9uYWNvLCBnZW5ldmEsICJNUyBTYW5zIFNlcmlmIiwgaGVsdmV0 aWNhLCB2ZXJkYW5hLCBzYW5zLXNlcmlmOwogICAgICAgICAgICAgICAgZm9udC13ZWlnaHQ6IG5v cm1hbDsgdGV4dC1hbGlnbjogY2VudGVyOyBjb2xvcjogI0ZGRjsKICAgICAgICB9CgogICAgICAg IHRhYmxlLlRPQ2J1ZyB7IHdpZHRoOiAzMHB4OyBoZWlnaHQ6IDE1cHg7IH0KICAgICAgICB0ZC5U T0NidWcgewogICAgICAgICAgICAgICAgdGV4dC1hbGlnbjogY2VudGVyOyB3aWR0aDogMzBweDsg aGVpZ2h0OiAxNXB4OwogICAgICAgICAgICAgICAgY29sb3I6ICNGRkY7IGJhY2tncm91bmQtY29s b3I6ICM5MDA7CiAgICAgICAgfQogICAgICAgIHRkLlRPQ2J1ZyBhIHsKICAgICAgICAgICAgICAg IGZvbnQtZmFtaWx5OiBtb25hY28sIGNoYXJjb2FsLCBnZW5ldmEsICJNUyBTYW5zIFNlcmlmIiwg aGVsdmV0aWNhLCBzYW5zLXNlcmlmOwogICAgICAgICAgICAgICAgZm9udC13ZWlnaHQ6IGJvbGQ7 IGZvbnQtc2l6ZTogeC1zbWFsbDsgdGV4dC1kZWNvcmF0aW9uOiBub25lOwogICAgICAgICAgICAg ICAgY29sb3I6ICNGRkY7IGJhY2tncm91bmQtY29sb3I6IHRyYW5zcGFyZW50OwogICAgICAgIH0K CiAgICAgICAgdGQuaGVhZGVyIHsKICAgICAgICAgICAgICAgIGZvbnQtZmFtaWx5OiBhcmlhbCwg aGVsdmV0aWNhLCBzYW5zLXNlcmlmOyBmb250LXNpemU6IHgtc21hbGw7CiAgICAgICAgICAgICAg ICB2ZXJ0aWNhbC1hbGlnbjogdG9wOyB3aWR0aDogMzMlOwogICAgICAgICAgICAgICAgY29sb3I6 ICNGRkY7IGJhY2tncm91bmQtY29sb3I6ICM2NjY7CiAgICAgICAgfQogICAgICAgIHRkLmF1dGhv ciB7IGZvbnQtd2VpZ2h0OiBib2xkOyBmb250LXNpemU6IHgtc21hbGw7IG1hcmdpbi1sZWZ0OiA0 ZW07IH0KICAgICAgICB0ZC5hdXRob3ItdGV4dCB7IGZvbnQtc2l6ZTogeC1zbWFsbDsgfQoKICAg ICAgICAvKiBpbmZvIGNvZGUgZnJvbSBTYW50YUtsYXVzcyBhdCBodHRwOi8vd3d3Lm1hZGFib3V0 c3R5bGUuY29tL3Rvb2x0aXAyLmh0bWwgKi8KICAgICAgICBhLmluZm8gewogICAgICAgICAgICAg ICAgLyogVGhpcyBpcyB0aGUga2V5LiAqLwogICAgICAgICAgICAgICAgcG9zaXRpb246IHJlbGF0 aXZlOwogICAgICAgICAgICAgICAgei1pbmRleDogMjQ7CiAgICAgICAgICAgICAgICB0ZXh0LWRl Y29yYXRpb246IG5vbmU7CiAgICAgICAgfQogICAgICAgIGEuaW5mbzpob3ZlciB7CiAgICAgICAg ICAgICAgICB6LWluZGV4OiAyNTsKICAgICAgICAgICAgICAgIGNvbG9yOiAjRkZGOyBiYWNrZ3Jv dW5kLWNvbG9yOiAjOTAwOwogICAgICAgIH0KICAgICAgICBhLmluZm8gc3BhbiB7IGRpc3BsYXk6 IG5vbmU7IH0KICAgICAgICBhLmluZm86aG92ZXIgc3Bhbi5pbmZvIHsKICAgICAgICAgICAgICAg IC8qIFRoZSBzcGFuIHdpbGwgZGlzcGxheSBqdXN0IG9uIDpob3ZlciBzdGF0ZS4gKi8KICAgICAg ICAgICAgICAgIGRpc3BsYXk6IGJsb2NrOwogICAgICAgICAgICAgICAgcG9zaXRpb246IGFic29s dXRlOwogICAgICAgICAgICAgICAgZm9udC1zaXplOiBzbWFsbGVyOwogICAgICAgICAgICAgICAg dG9wOiAyZW07IGxlZnQ6IC01ZW07IHdpZHRoOiAxNWVtOwogICAgICAgICAgICAgICAgcGFkZGlu ZzogMnB4OyBib3JkZXI6IDFweCBzb2xpZCAjMzMzOwogICAgICAgICAgICAgICAgY29sb3I6ICM5 MDA7IGJhY2tncm91bmQtY29sb3I6ICNFRUU7CiAgICAgICAgICAgICAgICB0ZXh0LWFsaWduOiBs ZWZ0OwogICAgICAgIH0KCiAgICAgICAgYSB7IGZvbnQtd2VpZ2h0OiBib2xkOyB9CiAgICAgICAg YTpsaW5rICAgIHsgY29sb3I6ICM5MDA7IGJhY2tncm91bmQtY29sb3I6IHRyYW5zcGFyZW50OyB9 CiAgICAgICAgYTp2aXNpdGVkIHsgY29sb3I6ICM2MzM7IGJhY2tncm91bmQtY29sb3I6IHRyYW5z cGFyZW50OyB9CiAgICAgICAgYTphY3RpdmUgIHsgY29sb3I6ICM2MzM7IGJhY2tncm91bmQtY29s b3I6IHRyYW5zcGFyZW50OyB9CgogICAgICAgIHAgeyBtYXJnaW4tbGVmdDogMmVtOyBtYXJnaW4t cmlnaHQ6IDJlbTsgfQogICAgICAgIHAuY29weXJpZ2h0IHsgZm9udC1zaXplOiB4LXNtYWxsOyB9 CiAgICAgICAgcC50b2MgeyBmb250LXNpemU6IHNtYWxsOyBmb250LXdlaWdodDogYm9sZDsgbWFy Z2luLWxlZnQ6IDNlbTsgfQogICAgICAgIHRhYmxlLnRvYyB7IG1hcmdpbjogMCAwIDAgM2VtOyBw YWRkaW5nOiAwOyBib3JkZXI6IDA7IHZlcnRpY2FsLWFsaWduOiB0ZXh0LXRvcDsgfQogICAgICAg IHRkLnRvYyB7IGZvbnQtc2l6ZTogc21hbGw7IGZvbnQtd2VpZ2h0OiBib2xkOyB2ZXJ0aWNhbC1h bGlnbjogdGV4dC10b3A7IH0KCiAgICAgICAgb2wudGV4dCB7IG1hcmdpbi1sZWZ0OiAyZW07IG1h cmdpbi1yaWdodDogMmVtOyB9CiAgICAgICAgdWwudGV4dCB7IG1hcmdpbi1sZWZ0OiAyZW07IG1h cmdpbi1yaWdodDogMmVtOyB9CiAgICAgICAgbGkgICAgICB7IG1hcmdpbi1sZWZ0OiAzZW07IH0K CiAgICAgICAgLyogUkZDLTI2MjkgPHNwYW54PnMgYW5kIDxhcnR3b3JrPnMuICovCiAgICAgICAg ZW0gICAgIHsgZm9udC1zdHlsZTogaXRhbGljOyB9CiAgICAgICAgc3Ryb25nIHsgZm9udC13ZWln aHQ6IGJvbGQ7IH0KICAgICAgICBkZm4gICAgeyBmb250LXdlaWdodDogYm9sZDsgZm9udC1zdHls ZTogbm9ybWFsOyB9CiAgICAgICAgY2l0ZSAgIHsgZm9udC13ZWlnaHQ6IG5vcm1hbDsgZm9udC1z dHlsZTogbm9ybWFsOyB9CiAgICAgICAgdHQgICAgIHsgY29sb3I6ICMwMzY7IH0KICAgICAgICB0 dCwgcHJlLCBwcmUgZGZuLCBwcmUgZW0sIHByZSBjaXRlLCBwcmUgc3BhbiB7CiAgICAgICAgICAg ICAgICBmb250LWZhbWlseTogIkNvdXJpZXIgTmV3IiwgQ291cmllciwgbW9ub3NwYWNlOyBmb250 LXNpemU6IHNtYWxsOwogICAgICAgIH0KICAgICAgICBwcmUgewogICAgICAgICAgICAgICAgdGV4 dC1hbGlnbjogbGVmdDsgcGFkZGluZzogNHB4OwogICAgICAgICAgICAgICAgY29sb3I6ICMwMDA7 IGJhY2tncm91bmQtY29sb3I6ICNDQ0M7CiAgICAgICAgfQogICAgICAgIHByZSBkZm4gIHsgY29s b3I6ICM5MDA7IH0KICAgICAgICBwcmUgZW0gICB7IGNvbG9yOiAjNjZGOyBiYWNrZ3JvdW5kLWNv bG9yOiAjRkZDOyBmb250LXdlaWdodDogbm9ybWFsOyB9CiAgICAgICAgcHJlIC5rZXkgeyBjb2xv cjogIzMzQzsgZm9udC13ZWlnaHQ6IGJvbGQ7IH0KICAgICAgICBwcmUgLmlkICB7IGNvbG9yOiAj OTAwOyB9CiAgICAgICAgcHJlIC5zdHIgeyBjb2xvcjogIzAwMDsgYmFja2dyb3VuZC1jb2xvcjog I0NGRjsgfQogICAgICAgIHByZSAudmFsIHsgY29sb3I6ICMwNjY7IH0KICAgICAgICBwcmUgLnJl cCB7IGNvbG9yOiAjOTA5OyB9CiAgICAgICAgcHJlIC5vdGggeyBjb2xvcjogIzAwMDsgYmFja2dy b3VuZC1jb2xvcjogI0ZDRjsgfQogICAgICAgIHByZSAuZXJyIHsgYmFja2dyb3VuZC1jb2xvcjog I0ZDQzsgfQoKICAgICAgICAvKiBSRkMtMjYyOSA8dGV4dHRhYmxlPnMuICovCiAgICAgICAgdGFi bGUuYWxsLCB0YWJsZS5mdWxsLCB0YWJsZS5oZWFkZXJzLCB0YWJsZS5ub25lIHsKICAgICAgICAg ICAgICAgIGZvbnQtc2l6ZTogc21hbGw7IHRleHQtYWxpZ246IGNlbnRlcjsgYm9yZGVyLXdpZHRo OiAycHg7CiAgICAgICAgICAgICAgICB2ZXJ0aWNhbC1hbGlnbjogdG9wOyBib3JkZXItY29sbGFw c2U6IGNvbGxhcHNlOwogICAgICAgIH0KICAgICAgICB0YWJsZS5hbGwsIHRhYmxlLmZ1bGwgeyBi b3JkZXItc3R5bGU6IHNvbGlkOyBib3JkZXItY29sb3I6IGJsYWNrOyB9CiAgICAgICAgdGFibGUu aGVhZGVycywgdGFibGUubm9uZSB7IGJvcmRlci1zdHlsZTogbm9uZTsgfQogICAgICAgIHRoIHsK ICAgICAgICAgICAgICAgIGZvbnQtd2VpZ2h0OiBib2xkOyBib3JkZXItY29sb3I6IGJsYWNrOwog ICAgICAgICAgICAgICAgYm9yZGVyLXdpZHRoOiAycHggMnB4IDNweCAycHg7CiAgICAgICAgfQog ICAgICAgIHRhYmxlLmFsbCB0aCwgdGFibGUuZnVsbCB0aCB7IGJvcmRlci1zdHlsZTogc29saWQ7 IH0KICAgICAgICB0YWJsZS5oZWFkZXJzIHRoIHsgYm9yZGVyLXN0eWxlOiBub25lIG5vbmUgc29s aWQgbm9uZTsgfQogICAgICAgIHRhYmxlLm5vbmUgdGggeyBib3JkZXItc3R5bGU6IG5vbmU7IH0K ICAgICAgICB0YWJsZS5hbGwgdGQgewogICAgICAgICAgICAgICAgYm9yZGVyLXN0eWxlOiBzb2xp ZDsgYm9yZGVyLWNvbG9yOiAjMzMzOwogICAgICAgICAgICAgICAgYm9yZGVyLXdpZHRoOiAxcHgg MnB4OwogICAgICAgIH0KICAgICAgICB0YWJsZS5mdWxsIHRkLCB0YWJsZS5oZWFkZXJzIHRkLCB0 YWJsZS5ub25lIHRkIHsgYm9yZGVyLXN0eWxlOiBub25lOyB9CgogICAgICAgIGhyIHsgaGVpZ2h0 OiAxcHg7IH0KICAgICAgICBoci5pbnNlcnQgewogICAgICAgICAgICAgICAgd2lkdGg6IDgwJTsg Ym9yZGVyLXN0eWxlOiBub25lOyBib3JkZXItd2lkdGg6IDA7CiAgICAgICAgICAgICAgICBjb2xv cjogI0NDQzsgYmFja2dyb3VuZC1jb2xvcjogI0NDQzsKICAgICAgICB9Ci0tPjwvc3R5bGU+Cjwv aGVhZD4KPGJvZHk+Cjx0YWJsZSBzdW1tYXJ5PSJsYXlvdXQiIGNlbGxwYWRkaW5nPSIwIiBjZWxs c3BhY2luZz0iMiIgY2xhc3M9IlRPQ2J1ZyIgYWxpZ249InJpZ2h0Ij48dHI+PHRkIGNsYXNzPSJU T0NidWciPjxhIGhyZWY9IiN0b2MiPiZuYnNwO1RPQyZuYnNwOzwvYT48L3RkPjwvdHI+PC90YWJs ZT4KPHRhYmxlIHN1bW1hcnk9ImxheW91dCIgd2lkdGg9IjY2JSIgYm9yZGVyPSIwIiBjZWxscGFk ZGluZz0iMCIgY2VsbHNwYWNpbmc9IjAiPjx0cj48dGQ+PHRhYmxlIHN1bW1hcnk9ImxheW91dCIg d2lkdGg9IjEwMCUiIGJvcmRlcj0iMCIgY2VsbHBhZGRpbmc9IjIiIGNlbGxzcGFjaW5nPSIxIj4K PHRyPjx0ZCBjbGFzcz0iaGVhZGVyIj5PQXV0aCBXb3JraW5nIEdyb3VwPC90ZD48dGQgY2xhc3M9 ImhlYWRlciI+TS4gSm9uZXM8L3RkPjwvdHI+Cjx0cj48dGQgY2xhc3M9ImhlYWRlciI+SW50ZXJu ZXQtRHJhZnQ8L3RkPjx0ZCBjbGFzcz0iaGVhZGVyIj5NaWNyb3NvZnQ8L3RkPjwvdHI+Cjx0cj48 dGQgY2xhc3M9ImhlYWRlciI+SW50ZW5kZWQgc3RhdHVzOiBTdGFuZGFyZHMgVHJhY2s8L3RkPjx0 ZCBjbGFzcz0iaGVhZGVyIj5ELiBIYXJkdDwvdGQ+PC90cj4KPHRyPjx0ZCBjbGFzcz0iaGVhZGVy Ij5FeHBpcmVzOiBKYW51YXJ5IDEwLCAyMDEzPC90ZD48dGQgY2xhc3M9ImhlYWRlciI+aW5kZXBl bmRlbnQ8L3RkPjwvdHI+Cjx0cj48dGQgY2xhc3M9ImhlYWRlciI+Jm5ic3A7PC90ZD48dGQgY2xh c3M9ImhlYWRlciI+RC4gUmVjb3Jkb248L3RkPjwvdHI+Cjx0cj48dGQgY2xhc3M9ImhlYWRlciI+ Jm5ic3A7PC90ZD48dGQgY2xhc3M9ImhlYWRlciI+RmFjZWJvb2s8L3RkPjwvdHI+Cjx0cj48dGQg Y2xhc3M9ImhlYWRlciI+Jm5ic3A7PC90ZD48dGQgY2xhc3M9ImhlYWRlciI+SnVseSA5LCAyMDEy PC90ZD48L3RyPgo8L3RhYmxlPjwvdGQ+PC90cj48L3RhYmxlPgo8aDE+PGJyIC8+VGhlIE9BdXRo IDIuMCBBdXRob3JpemF0aW9uIEZyYW1ld29yazogQmVhcmVyIFRva2VuIFVzYWdlPGJyIC8+ZHJh ZnQtaWV0Zi1vYXV0aC12Mi1iZWFyZXItMjI8L2gxPgoKPGgzPkFic3RyYWN0PC9oMz4KCjxwPgog ICAgICAgIFRoaXMgc3BlY2lmaWNhdGlvbiBkZXNjcmliZXMgaG93IHRvIHVzZSBiZWFyZXIgdG9r ZW5zIGluIEhUVFAKICAgICAgICByZXF1ZXN0cyB0byBhY2Nlc3MgT0F1dGggMi4wIHByb3RlY3Rl ZCByZXNvdXJjZXMuICBBbnkgcGFydHkKICAgICAgICBpbiBwb3NzZXNzaW9uIG9mIGEgYmVhcmVy IHRva2VuIChhICJiZWFyZXIiKSBjYW4gdXNlIGl0IHRvIGdldAogICAgICAgIGFjY2VzcyB0byB0 aGUgYXNzb2NpYXRlZCByZXNvdXJjZXMgKHdpdGhvdXQgZGVtb25zdHJhdGluZyBwb3NzZXNzaW9u CiAgICAgICAgb2YgYSBjcnlwdG9ncmFwaGljIGtleSkuICBUbyBwcmV2ZW50IG1pc3VzZSwgYmVh cmVyIHRva2VucwogICAgICAgIG5lZWQgdG8gYmUgcHJvdGVjdGVkIGZyb20gZGlzY2xvc3VyZSBp biBzdG9yYWdlIGFuZCBpbiB0cmFuc3BvcnQuCiAgICAgIAo8L3A+CjxoMz5TdGF0dXMgb2YgdGhp cyBNZW1vPC9oMz4KPHA+ClRoaXMgSW50ZXJuZXQtRHJhZnQgaXMgc3VibWl0dGVkICBpbiBmdWxs CmNvbmZvcm1hbmNlIHdpdGggdGhlIHByb3Zpc2lvbnMgb2YgQkNQJm5ic3A7NzggYW5kIEJDUCZu YnNwOzc5LjwvcD4KPHA+CkludGVybmV0LURyYWZ0cyBhcmUgd29ya2luZyBkb2N1bWVudHMgb2Yg dGhlIEludGVybmV0IEVuZ2luZWVyaW5nClRhc2sgRm9yY2UgKElFVEYpLiAgTm90ZSB0aGF0IG90 aGVyIGdyb3VwcyBtYXkgYWxzbyBkaXN0cmlidXRlCndvcmtpbmcgZG9jdW1lbnRzIGFzIEludGVy bmV0LURyYWZ0cy4gIFRoZSBsaXN0IG9mIGN1cnJlbnQKSW50ZXJuZXQtRHJhZnRzIGlzIGF0IGh0 dHA6Ly9kYXRhdHJhY2tlci5pZXRmLm9yZy9kcmFmdHMvY3VycmVudC8uPC9wPgo8cD4KSW50ZXJu ZXQtRHJhZnRzIGFyZSBkcmFmdCBkb2N1bWVudHMgdmFsaWQgZm9yIGEgbWF4aW11bSBvZiBzaXgg bW9udGhzCmFuZCBtYXkgYmUgdXBkYXRlZCwgcmVwbGFjZWQsIG9yIG9ic29sZXRlZCBieSBvdGhl ciBkb2N1bWVudHMgYXQgYW55IHRpbWUuCkl0IGlzIGluYXBwcm9wcmlhdGUgdG8gdXNlIEludGVy bmV0LURyYWZ0cyBhcyByZWZlcmVuY2UgbWF0ZXJpYWwgb3IgdG8gY2l0ZQp0aGVtIG90aGVyIHRo YW4gYXMgJmxkcXVvO3dvcmsgaW4gcHJvZ3Jlc3MuJnJkcXVvOzwvcD4KPHA+ClRoaXMgSW50ZXJu ZXQtRHJhZnQgd2lsbCBleHBpcmUgb24gSmFudWFyeSAxMCwgMjAxMy48L3A+Cgo8aDM+Q29weXJp Z2h0IE5vdGljZTwvaDM+CjxwPgpDb3B5cmlnaHQgKGMpIDIwMTIgSUVURiBUcnVzdCBhbmQgdGhl IHBlcnNvbnMgaWRlbnRpZmllZCBhcyB0aGUKZG9jdW1lbnQgYXV0aG9ycy4gIEFsbCByaWdodHMg cmVzZXJ2ZWQuPC9wPgo8cD4KVGhpcyBkb2N1bWVudCBpcyBzdWJqZWN0IHRvIEJDUCA3OCBhbmQg dGhlIElFVEYgVHJ1c3QncyBMZWdhbApQcm92aXNpb25zIFJlbGF0aW5nIHRvIElFVEYgRG9jdW1l bnRzCihodHRwOi8vdHJ1c3RlZS5pZXRmLm9yZy9saWNlbnNlLWluZm8pIGluIGVmZmVjdCBvbiB0 aGUgZGF0ZSBvZgpwdWJsaWNhdGlvbiBvZiB0aGlzIGRvY3VtZW50LiAgUGxlYXNlIHJldmlldyB0 aGVzZSBkb2N1bWVudHMKY2FyZWZ1bGx5LCBhcyB0aGV5IGRlc2NyaWJlIHlvdXIgcmlnaHRzIGFu ZCByZXN0cmljdGlvbnMgd2l0aCByZXNwZWN0CnRvIHRoaXMgZG9jdW1lbnQuIENvZGUgQ29tcG9u ZW50cyBleHRyYWN0ZWQgZnJvbSB0aGlzIGRvY3VtZW50IG11c3QKaW5jbHVkZSBTaW1wbGlmaWVk IEJTRCBMaWNlbnNlIHRleHQgYXMgZGVzY3JpYmVkIGluIFNlY3Rpb24gNC5lIG9mCnRoZSBUcnVz dCBMZWdhbCBQcm92aXNpb25zIGFuZCBhcmUgcHJvdmlkZWQgd2l0aG91dCB3YXJyYW50eSBhcwpk ZXNjcmliZWQgaW4gdGhlIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UuPC9wPgo8YSBuYW1lPSJ0b2Mi PjwvYT48YnIgLz48aHIgLz4KPGgzPlRhYmxlIG9mIENvbnRlbnRzPC9oMz4KPHAgY2xhc3M9InRv YyI+CjxhIGhyZWY9IiNhbmNob3IxIj4xLjwvYT4mbmJzcDsKSW50cm9kdWN0aW9uPGJyIC8+CiZu YnNwOyZuYnNwOyZuYnNwOyZuYnNwOzxhIGhyZWY9IiNhbmNob3IyIj4xLjEuPC9hPiZuYnNwOwpO b3RhdGlvbmFsIENvbnZlbnRpb25zPGJyIC8+CiZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOzxhIGhy ZWY9IiNhbmNob3IzIj4xLjIuPC9hPiZuYnNwOwpUZXJtaW5vbG9neTxiciAvPgombmJzcDsmbmJz cDsmbmJzcDsmbmJzcDs8YSBocmVmPSIjYW5jaG9yNCI+MS4zLjwvYT4mbmJzcDsKT3ZlcnZpZXc8 YnIgLz4KPGEgaHJlZj0iI2FuY2hvcjUiPjIuPC9hPiZuYnNwOwpBdXRoZW50aWNhdGVkIFJlcXVl c3RzPGJyIC8+CiZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOzxhIGhyZWY9IiNhdXRoei1oZWFkZXIi PjIuMS48L2E+Jm5ic3A7CkF1dGhvcml6YXRpb24gUmVxdWVzdCBIZWFkZXIgRmllbGQ8YnIgLz4K Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7PGEgaHJlZj0iI2JvZHktcGFyYW0iPjIuMi48L2E+Jm5i c3A7CkZvcm0tRW5jb2RlZCBCb2R5IFBhcmFtZXRlcjxiciAvPgombmJzcDsmbmJzcDsmbmJzcDsm bmJzcDs8YSBocmVmPSIjcXVlcnktcGFyYW0iPjIuMy48L2E+Jm5ic3A7ClVSSSBRdWVyeSBQYXJh bWV0ZXI8YnIgLz4KPGEgaHJlZj0iI2F1dGhuLWhlYWRlciI+My48L2E+Jm5ic3A7ClRoZSBXV1ct QXV0aGVudGljYXRlIFJlc3BvbnNlIEhlYWRlciBGaWVsZDxiciAvPgombmJzcDsmbmJzcDsmbmJz cDsmbmJzcDs8YSBocmVmPSIjcmVzb3VyY2UtZXJyb3ItY29kZXMiPjMuMS48L2E+Jm5ic3A7CkVy cm9yIENvZGVzPGJyIC8+CjxhIGhyZWY9IiNFeEFjY1Rva1Jlc3AiPjQuPC9hPiZuYnNwOwpFeGFt cGxlIEFjY2VzcyBUb2tlbiBSZXNwb25zZTxiciAvPgo8YSBocmVmPSIjc2VjLWNvbiI+NS48L2E+ Jm5ic3A7ClNlY3VyaXR5IENvbnNpZGVyYXRpb25zPGJyIC8+CiZuYnNwOyZuYnNwOyZuYnNwOyZu YnNwOzxhIGhyZWY9IiN0aHJlYXRzIj41LjEuPC9hPiZuYnNwOwpTZWN1cml0eSBUaHJlYXRzPGJy IC8+CiZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOzxhIGhyZWY9IiNtaXRpZ2F0aW9uIj41LjIuPC9h PiZuYnNwOwpUaHJlYXQgTWl0aWdhdGlvbjxiciAvPgombmJzcDsmbmJzcDsmbmJzcDsmbmJzcDs8 YSBocmVmPSIjYW5jaG9yNiI+NS4zLjwvYT4mbmJzcDsKU3VtbWFyeSBvZiBSZWNvbW1lbmRhdGlv bnM8YnIgLz4KPGEgaHJlZj0iI2FuY2hvcjciPjYuPC9hPiZuYnNwOwpJQU5BIENvbnNpZGVyYXRp b25zPGJyIC8+CiZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOzxhIGhyZWY9IiNhbmNob3I4Ij42LjEu PC9hPiZuYnNwOwpPQXV0aCBBY2Nlc3MgVG9rZW4gVHlwZSBSZWdpc3RyYXRpb248YnIgLz4KJm5i c3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7PGEgaHJlZj0iI2Fu Y2hvcjkiPjYuMS4xLjwvYT4mbmJzcDsKVGhlICJCZWFyZXIiIE9BdXRoIEFjY2VzcyBUb2tlbiBU eXBlPGJyIC8+CiZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOzxhIGhyZWY9IiNhbmNob3IxMCI+Ni4y LjwvYT4mbmJzcDsKT0F1dGggRXh0ZW5zaW9ucyBFcnJvciBSZWdpc3RyYXRpb248YnIgLz4KJm5i c3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7PGEgaHJlZj0iI2Fu Y2hvcjExIj42LjIuMS48L2E+Jm5ic3A7ClRoZSAiaW52YWxpZF9yZXF1ZXN0IiBFcnJvciBWYWx1 ZTxiciAvPgombmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDs8 YSBocmVmPSIjYW5jaG9yMTIiPjYuMi4yLjwvYT4mbmJzcDsKVGhlICJpbnZhbGlkX3Rva2VuIiBF cnJvciBWYWx1ZTxiciAvPgombmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJz cDsmbmJzcDs8YSBocmVmPSIjYW5jaG9yMTMiPjYuMi4zLjwvYT4mbmJzcDsKVGhlICJpbnN1ZmZp Y2llbnRfc2NvcGUiIEVycm9yIFZhbHVlPGJyIC8+CjxhIGhyZWY9IiNyZmMucmVmZXJlbmNlczEi PjcuPC9hPiZuYnNwOwpSZWZlcmVuY2VzPGJyIC8+CiZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOzxh IGhyZWY9IiNyZmMucmVmZXJlbmNlczEiPjcuMS48L2E+Jm5ic3A7Ck5vcm1hdGl2ZSBSZWZlcmVu Y2VzPGJyIC8+CiZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOzxhIGhyZWY9IiNyZmMucmVmZXJlbmNl czIiPjcuMi48L2E+Jm5ic3A7CkluZm9ybWF0aXZlIFJlZmVyZW5jZXM8YnIgLz4KPGEgaHJlZj0i I2FuY2hvcjE2Ij5BcHBlbmRpeCZuYnNwO0EuPC9hPiZuYnNwOwpBY2tub3dsZWRnZW1lbnRzPGJy IC8+CjxhIGhyZWY9IiNhbmNob3IxNyI+QXBwZW5kaXgmbmJzcDtCLjwvYT4mbmJzcDsKRG9jdW1l bnQgSGlzdG9yeTxiciAvPgo8YSBocmVmPSIjcmZjLmF1dGhvcnMiPiYjMTY3OzwvYT4mbmJzcDsK QXV0aG9ycycgQWRkcmVzc2VzPGJyIC8+CjwvcD4KPGJyIGNsZWFyPSJhbGwiIC8+Cgo8YSBuYW1l PSJhbmNob3IxIj48L2E+PGJyIC8+PGhyIC8+Cjx0YWJsZSBzdW1tYXJ5PSJsYXlvdXQiIGNlbGxw YWRkaW5nPSIwIiBjZWxsc3BhY2luZz0iMiIgY2xhc3M9IlRPQ2J1ZyIgYWxpZ249InJpZ2h0Ij48 dHI+PHRkIGNsYXNzPSJUT0NidWciPjxhIGhyZWY9IiN0b2MiPiZuYnNwO1RPQyZuYnNwOzwvYT48 L3RkPjwvdHI+PC90YWJsZT4KPGEgbmFtZT0icmZjLnNlY3Rpb24uMSI+PC9hPjxoMz4xLiZuYnNw OwpJbnRyb2R1Y3Rpb248L2gzPgoKPHA+CiAgICAgICAgT0F1dGggZW5hYmxlcyBjbGllbnRzIHRv IGFjY2VzcyBwcm90ZWN0ZWQgcmVzb3VyY2VzIGJ5CiAgICAgICAgb2J0YWluaW5nIGFuIGFjY2Vz cyB0b2tlbiwgd2hpY2ggaXMgZGVmaW5lZCBpbgoJT0F1dGggMi4wIEF1dGhvcml6YXRpb24gPGEg Y2xhc3M9J2luZm8nIGhyZWY9JyNJLUQuaWV0Zi1vYXV0aC12Mic+W0kmIzgyMDk7RC5pZXRmJiM4 MjA5O29hdXRoJiM4MjA5O3YyXTxzcGFuPiAoPC9zcGFuPjxzcGFuIGNsYXNzPSdpbmZvJz5IYXJk dCwgRC4gYW5kIEQuIFJlY29yZG9uLCAmbGRxdW87VGhlIE9BdXRoIDIuMCBBdXRob3JpemF0aW9u IEZyYW1ld29yaywmcmRxdW87IEp1bHkmbmJzcDsyMDEyLjwvc3Bhbj48c3Bhbj4pPC9zcGFuPjwv YT4KCWFzICJhIHN0cmluZyByZXByZXNlbnRpbmcgYW4gYWNjZXNzCiAgICAgICAgYXV0aG9yaXph dGlvbiBpc3N1ZWQgdG8gdGhlIGNsaWVudCIsIHJhdGhlciB0aGFuIHVzaW5nIHRoZQogICAgICAg IHJlc291cmNlIG93bmVyJ3MgY3JlZGVudGlhbHMgZGlyZWN0bHkuCiAgICAgIAo8L3A+CjxwPgog ICAgICAgIFRva2VucyBhcmUgaXNzdWVkIHRvIGNsaWVudHMgYnkgYW4gYXV0aG9yaXphdGlvbiBz ZXJ2ZXIgd2l0aCB0aGUgYXBwcm92YWwgb2YKICAgICAgICB0aGUgcmVzb3VyY2Ugb3duZXIuIFRo ZSBjbGllbnQgdXNlcyB0aGUgYWNjZXNzIHRva2VuIHRvIGFjY2VzcyB0aGUgcHJvdGVjdGVkIHJl c291cmNlcwogICAgICAgIGhvc3RlZCBieSB0aGUgcmVzb3VyY2Ugc2VydmVyLiBUaGlzIHNwZWNp ZmljYXRpb24gZGVzY3JpYmVzIGhvdyB0byBtYWtlIHByb3RlY3RlZCByZXNvdXJjZQogICAgICAg IHJlcXVlc3RzIHdoZW4gdGhlIE9BdXRoIGFjY2VzcyB0b2tlbiBpcyBhIGJlYXJlciB0b2tlbi4K ICAgICAgCjwvcD4KPHA+CiAgICAgICAgVGhpcyBzcGVjaWZpY2F0aW9uIGRlZmluZXMgdGhlIHVz ZSBvZiBiZWFyZXIgdG9rZW5zIG92ZXIKICAgICAgICBIVFRQLzEuMSA8YSBjbGFzcz0naW5mbycg aHJlZj0nI1JGQzI2MTYnPltSRkMyNjE2XTxzcGFuPiAoPC9zcGFuPjxzcGFuIGNsYXNzPSdpbmZv Jz5GaWVsZGluZywgUi4sIEdldHR5cywgSi4sIE1vZ3VsLCBKLiwgRnJ5c3R5aywgSC4sIE1hc2lu dGVyLCBMLiwgTGVhY2gsIFAuLCBhbmQgVC4gQmVybmVycy1MZWUsICZsZHF1bztIeXBlcnRleHQg VHJhbnNmZXIgUHJvdG9jb2wgLS0gSFRUUC8xLjEsJnJkcXVvOyBKdW5lJm5ic3A7MTk5OS48L3Nw YW4+PHNwYW4+KTwvc3Bhbj48L2E+Cgl1c2luZwoJVExTIDxhIGNsYXNzPSdpbmZvJyBocmVmPScj UkZDNTI0Nic+W1JGQzUyNDZdPHNwYW4+ICg8L3NwYW4+PHNwYW4gY2xhc3M9J2luZm8nPkRpZXJr cywgVC4gYW5kIEUuIFJlc2NvcmxhLCAmbGRxdW87VGhlIFRyYW5zcG9ydCBMYXllciBTZWN1cml0 eSAoVExTKSBQcm90b2NvbCBWZXJzaW9uIDEuMiwmcmRxdW87IEF1Z3VzdCZuYnNwOzIwMDguPC9z cGFuPjxzcGFuPik8L3NwYW4+PC9hPiB0byBhY2Nlc3MgcHJvdGVjdGVkIHJlc291cmNlcy4KCVRM UyBpcyBtYW5kYXRvcnkgdG8gaW1wbGVtZW50CiAgICAgICAgYW5kIHVzZSB3aXRoIHRoaXMgc3Bl Y2lmaWNhdGlvbjsgb3RoZXIgc3BlY2lmaWNhdGlvbnMgbWF5CiAgICAgICAgZXh0ZW5kIHRoaXMg c3BlY2lmaWNhdGlvbiBmb3IgdXNlIHdpdGggb3RoZXIgcHJvdG9jb2xzLgoJV2hpbGUgZGVzaWdu ZWQgZm9yIHVzZSB3aXRoIGFjY2VzcyB0b2tlbnMgcmVzdWx0aW5nIGZyb20KCU9BdXRoIDIuMCBB dXRob3JpemF0aW9uIDxhIGNsYXNzPSdpbmZvJyBocmVmPScjSS1ELmlldGYtb2F1dGgtdjInPltJ JiM4MjA5O0QuaWV0ZiYjODIwOTtvYXV0aCYjODIwOTt2Ml08c3Bhbj4gKDwvc3Bhbj48c3BhbiBj bGFzcz0naW5mbyc+SGFyZHQsIEQuIGFuZCBELiBSZWNvcmRvbiwgJmxkcXVvO1RoZSBPQXV0aCAy LjAgQXV0aG9yaXphdGlvbiBGcmFtZXdvcmssJnJkcXVvOyBKdWx5Jm5ic3A7MjAxMi48L3NwYW4+ PHNwYW4+KTwvc3Bhbj48L2E+CglmbG93cyB0byBhY2Nlc3MgT0F1dGggcHJvdGVjdGVkIHJlc291 cmNlcywgdGhpcwoJc3BlY2lmaWNhdGlvbiBhY3R1YWxseSBkZWZpbmVzIGEgZ2VuZXJhbCBIVFRQ IGF1dGhvcml6YXRpb24KCW1ldGhvZCB0aGF0IGNhbiBiZSB1c2VkIHdpdGggYmVhcmVyIHRva2Vu cyBmcm9tIGFueSBzb3VyY2UKCXRvIGFjY2VzcyBhbnkgcmVzb3VyY2VzIHByb3RlY3RlZCBieSB0 aG9zZSBiZWFyZXIgdG9rZW5zLgoJVGhlIEJlYXJlciBhdXRoZW50aWNhdGlvbiBzY2hlbWUgaXMg aW50ZW5kZWQgcHJpbWFyaWx5IGZvcgoJc2VydmVyIGF1dGhlbnRpY2F0aW9uIHVzaW5nIHRoZSBX V1ctQXV0aGVudGljYXRlIGFuZAoJQXV0aG9yaXphdGlvbiBIVFRQIGhlYWRlcnMsIGJ1dCBkb2Vz IG5vdCBwcmVjbHVkZSBpdHMgdXNlIGZvcgoJcHJveHkgYXV0aGVudGljYXRpb24uCiAgICAgIAo8 L3A+CjxhIG5hbWU9ImFuY2hvcjIiPjwvYT48YnIgLz48aHIgLz4KPHRhYmxlIHN1bW1hcnk9Imxh eW91dCIgY2VsbHBhZGRpbmc9IjAiIGNlbGxzcGFjaW5nPSIyIiBjbGFzcz0iVE9DYnVnIiBhbGln bj0icmlnaHQiPjx0cj48dGQgY2xhc3M9IlRPQ2J1ZyI+PGEgaHJlZj0iI3RvYyI+Jm5ic3A7VE9D Jm5ic3A7PC9hPjwvdGQ+PC90cj48L3RhYmxlPgo8YSBuYW1lPSJyZmMuc2VjdGlvbi4xLjEiPjwv YT48aDM+MS4xLiZuYnNwOwpOb3RhdGlvbmFsIENvbnZlbnRpb25zPC9oMz4KCjxwPgogICAgICAg ICAgVGhlIGtleSB3b3JkcyAiTVVTVCIsICJNVVNUIE5PVCIsICJSRVFVSVJFRCIsICJTSEFMTCIs ICJTSEFMTCBOT1QiLCAiU0hPVUxEIiwgIlNIT1VMRAogICAgICAgICAgTk9UIiwgIlJFQ09NTUVO REVEIiwgIk1BWSIsIGFuZCAiT1BUSU9OQUwiIGluIHRoaXMgZG9jdW1lbnQgYXJlIHRvIGJlIGlu dGVycHJldGVkIGFzCiAgICAgICAgICBkZXNjcmliZWQgaW4KCSAgS2V5IHdvcmRzIGZvciB1c2Ug aW4gUkZDcyB0byBJbmRpY2F0ZSBSZXF1aXJlbWVudCBMZXZlbHMgPGEgY2xhc3M9J2luZm8nIGhy ZWY9JyNSRkMyMTE5Jz5bUkZDMjExOV08c3Bhbj4gKDwvc3Bhbj48c3BhbiBjbGFzcz0naW5mbyc+ QnJhZG5lciwgUy4sICZsZHF1bztLZXkgd29yZHMgZm9yIHVzZSBpbiBSRkNzIHRvIEluZGljYXRl IFJlcXVpcmVtZW50IExldmVscywmcmRxdW87IE1hcmNoJm5ic3A7MTk5Ny48L3NwYW4+PHNwYW4+ KTwvc3Bhbj48L2E+LgogICAgICAgIAo8L3A+CjxwPgogICAgICAgICAgVGhpcyBkb2N1bWVudCB1 c2VzIHRoZSBBdWdtZW50ZWQgQmFja3VzLU5hdXIgRm9ybSAoQUJORikKICAgICAgICAgIG5vdGF0 aW9uIG9mIDxhIGNsYXNzPSdpbmZvJyBocmVmPScjUkZDNTIzNCc+W1JGQzUyMzRdPHNwYW4+ICg8 L3NwYW4+PHNwYW4gY2xhc3M9J2luZm8nPkNyb2NrZXIsIEQuIGFuZCBQLiBPdmVyZWxsLCAmbGRx dW87QXVnbWVudGVkIEJORiBmb3IgU3ludGF4IFNwZWNpZmljYXRpb25zOiBBQk5GLCZyZHF1bzsg SmFudWFyeSZuYnNwOzIwMDguPC9zcGFuPjxzcGFuPik8L3NwYW4+PC9hPi4KCSAgQWRkaXRpb25h bGx5LCB0aGUgZm9sbG93aW5nIHJ1bGVzIGFyZSBpbmNsdWRlZCBmcm9tCgkgIEhUVFAvMS4xIDxh IGNsYXNzPSdpbmZvJyBocmVmPScjUkZDMjYxNyc+W1JGQzI2MTddPHNwYW4+ICg8L3NwYW4+PHNw YW4gY2xhc3M9J2luZm8nPkZyYW5rcywgSi4sIEhhbGxhbS1CYWtlciwgUC4sIEhvc3RldGxlciwg Si4sIExhd3JlbmNlLCBTLiwgTGVhY2gsIFAuLCBMdW90b25lbiwgQS4sIGFuZCBMLiBTdGV3YXJ0 LCAmbGRxdW87SFRUUCBBdXRoZW50aWNhdGlvbjogQmFzaWMgYW5kIERpZ2VzdCBBY2Nlc3MgQXV0 aGVudGljYXRpb24sJnJkcXVvOyBKdW5lJm5ic3A7MTk5OS48L3NwYW4+PHNwYW4+KTwvc3Bhbj48 L2E+OgoJICBhdXRoLXBhcmFtIGFuZCBhdXRoLXNjaGVtZTsgYW5kIGZyb20KCSAgVW5pZm9ybSBS ZXNvdXJjZSBJZGVudGlmaWVyIChVUkkpIDxhIGNsYXNzPSdpbmZvJyBocmVmPScjUkZDMzk4Nic+ W1JGQzM5ODZdPHNwYW4+ICg8L3NwYW4+PHNwYW4gY2xhc3M9J2luZm8nPkJlcm5lcnMtTGVlLCBU LiwgRmllbGRpbmcsIFIuLCBhbmQgTC4gTWFzaW50ZXIsICZsZHF1bztVbmlmb3JtIFJlc291cmNl IElkZW50aWZpZXIgKFVSSSk6IEdlbmVyaWMgU3ludGF4LCZyZHF1bzsgSmFudWFyeSZuYnNwOzIw MDUuPC9zcGFuPjxzcGFuPik8L3NwYW4+PC9hPjoKCSAgVVJJLVJlZmVyZW5jZS4KICAgICAgICAK PC9wPgo8cD4KICAgICAgICAgIFVubGVzcyBvdGhlcndpc2Ugbm90ZWQsIGFsbCB0aGUgcHJvdG9j b2wgcGFyYW1ldGVyIG5hbWVzIGFuZCB2YWx1ZXMgYXJlIGNhc2Ugc2Vuc2l0aXZlLgogICAgICAg IAo8L3A+CjxhIG5hbWU9ImFuY2hvcjMiPjwvYT48YnIgLz48aHIgLz4KPHRhYmxlIHN1bW1hcnk9 ImxheW91dCIgY2VsbHBhZGRpbmc9IjAiIGNlbGxzcGFjaW5nPSIyIiBjbGFzcz0iVE9DYnVnIiBh bGlnbj0icmlnaHQiPjx0cj48dGQgY2xhc3M9IlRPQ2J1ZyI+PGEgaHJlZj0iI3RvYyI+Jm5ic3A7 VE9DJm5ic3A7PC9hPjwvdGQ+PC90cj48L3RhYmxlPgo8YSBuYW1lPSJyZmMuc2VjdGlvbi4xLjIi PjwvYT48aDM+MS4yLiZuYnNwOwpUZXJtaW5vbG9neTwvaDM+Cgo8cD4KICAgICAgICAgIDwvcD4K PGJsb2NrcXVvdGUgY2xhc3M9InRleHQiPjxkbD4KPGR0PkJlYXJlciBUb2tlbjwvZHQ+CjxkZD4K ICAgICAgICAgICAgICAKICAgICAgICAgICAgICBBIHNlY3VyaXR5IHRva2VuIHdpdGggdGhlIHBy b3BlcnR5IHRoYXQgYW55IHBhcnR5IGluCiAgICAgICAgICAgICAgcG9zc2Vzc2lvbiBvZiB0aGUg dG9rZW4gKGEgImJlYXJlciIpIGNhbiB1c2UgdGhlIHRva2VuCiAgICAgICAgICAgICAgaW4gYW55 IHdheSB0aGF0IGFueSBvdGhlciBwYXJ0eSBpbiBwb3NzZXNzaW9uIG9mIGl0IGNhbi4KICAgICAg ICAgICAgICBVc2luZyBhIGJlYXJlciB0b2tlbiBkb2VzIG5vdCByZXF1aXJlIGEgYmVhcmVyIHRv IHByb3ZlCiAgICAgICAgICAgICAgcG9zc2Vzc2lvbiBvZiBjcnlwdG9ncmFwaGljIGtleSBtYXRl cmlhbAogICAgICAgICAgICAgIChwcm9vZi1vZi1wb3NzZXNzaW9uKS4KICAgICAgICAgICAgCjwv ZGQ+CjwvZGw+PC9ibG9ja3F1b3RlPjxwPgogICAgICAgIAo8L3A+CjxwPgogICAgICAgICAgQWxs IG90aGVyIHRlcm1zIGFyZSBhcyBkZWZpbmVkIGluCgkgIE9BdXRoIDIuMCBBdXRob3JpemF0aW9u IDxhIGNsYXNzPSdpbmZvJyBocmVmPScjSS1ELmlldGYtb2F1dGgtdjInPltJJiM4MjA5O0QuaWV0 ZiYjODIwOTtvYXV0aCYjODIwOTt2Ml08c3Bhbj4gKDwvc3Bhbj48c3BhbiBjbGFzcz0naW5mbyc+ SGFyZHQsIEQuIGFuZCBELiBSZWNvcmRvbiwgJmxkcXVvO1RoZSBPQXV0aCAyLjAgQXV0aG9yaXph dGlvbiBGcmFtZXdvcmssJnJkcXVvOyBKdWx5Jm5ic3A7MjAxMi48L3NwYW4+PHNwYW4+KTwvc3Bh bj48L2E+LgogICAgICAgIAo8L3A+CjxhIG5hbWU9ImFuY2hvcjQiPjwvYT48YnIgLz48aHIgLz4K PHRhYmxlIHN1bW1hcnk9ImxheW91dCIgY2VsbHBhZGRpbmc9IjAiIGNlbGxzcGFjaW5nPSIyIiBj bGFzcz0iVE9DYnVnIiBhbGlnbj0icmlnaHQiPjx0cj48dGQgY2xhc3M9IlRPQ2J1ZyI+PGEgaHJl Zj0iI3RvYyI+Jm5ic3A7VE9DJm5ic3A7PC9hPjwvdGQ+PC90cj48L3RhYmxlPgo8YSBuYW1lPSJy ZmMuc2VjdGlvbi4xLjMiPjwvYT48aDM+MS4zLiZuYnNwOwpPdmVydmlldzwvaDM+Cgo8cD4KICAg ICAgICAgIE9BdXRoIHByb3ZpZGVzIGEgbWV0aG9kIGZvciBjbGllbnRzIHRvIGFjY2VzcyBhIHBy b3RlY3RlZCByZXNvdXJjZSBvbiBiZWhhbGYgb2YgYQogICAgICAgICAgcmVzb3VyY2Ugb3duZXIu IEluIHRoZSBnZW5lcmFsIGNhc2UsCgkgIGJlZm9yZSBhIGNsaWVudCBjYW4gYWNjZXNzIGEgcHJv dGVjdGVkIHJlc291cmNlLCBpdCBtdXN0IGZpcnN0IG9idGFpbgogICAgICAgICAgYW4gYXV0aG9y aXphdGlvbiBncmFudCBmcm9tIHRoZSByZXNvdXJjZSBvd25lciBhbmQgdGhlbiBleGNoYW5nZSB0 aGUgYXV0aG9yaXphdGlvbiBncmFudCBmb3IKICAgICAgICAgIGFuIGFjY2VzcyB0b2tlbi4KCSAg VGhlIGFjY2VzcyB0b2tlbiByZXByZXNlbnRzIHRoZSBncmFudCdzIHNjb3BlLCBkdXJhdGlvbiwg YW5kCgkgIG90aGVyIGF0dHJpYnV0ZXMgZ3JhbnRlZCBieSB0aGUgYXV0aG9yaXphdGlvbiBncmFu dC4gVGhlCgkgIGNsaWVudCBhY2Nlc3NlcyB0aGUgcHJvdGVjdGVkIHJlc291cmNlIGJ5IHByZXNl bnRpbmcgdGhlCgkgIGFjY2VzcyB0b2tlbiB0byB0aGUgcmVzb3VyY2Ugc2VydmVyLgoJICBJbiBz b21lIGNhc2VzLCBhIGNsaWVudCBjYW4gZGlyZWN0bHkgcHJlc2VudCBpdHMgb3duCgkgIGNyZWRl bnRpYWxzIHRvIGFuIGF1dGhvcml6YXRpb24gc2VydmVyIHRvIG9idGFpbiBhbiBhY2Nlc3MKCSAg dG9rZW4gd2l0aG91dCBoYXZpbmcgdG8gZmlyc3Qgb2J0YWluIGFuIGF1dGhvcml6YXRpb24gZ3Jh bnQgZnJvbSBhCgkgIHJlc291cmNlIG93bmVyLgogICAgICAgIAo8L3A+CjxwPgogICAgICAgICAg VGhlIGFjY2VzcyB0b2tlbiBwcm92aWRlcyBhbiBhYnN0cmFjdGlvbiwgcmVwbGFjaW5nIGRpZmZl cmVudCBhdXRob3JpemF0aW9uCiAgICAgICAgICBjb25zdHJ1Y3RzIChlLmcuLCB1c2VybmFtZSBh bmQgcGFzc3dvcmQsIGFzc2VydGlvbikgZm9yIGEgc2luZ2xlIHRva2VuIHVuZGVyc3Rvb2QgYnkg dGhlCiAgICAgICAgICByZXNvdXJjZSBzZXJ2ZXIuIFRoaXMgYWJzdHJhY3Rpb24gZW5hYmxlcyBp c3N1aW5nIGFjY2VzcyB0b2tlbnMgdmFsaWQgZm9yIGEgc2hvcnQgdGltZQogICAgICAgICAgcGVy aW9kLCBhcyB3ZWxsIGFzIHJlbW92aW5nIHRoZSByZXNvdXJjZSBzZXJ2ZXIncyBuZWVkIHRvIHVu ZGVyc3RhbmQgYSB3aWRlIHJhbmdlIG9mCiAgICAgICAgICBhdXRoZW50aWNhdGlvbiBzY2hlbWVz LgogICAgICAgIAo8L3A+PGJyIC8+PGhyIGNsYXNzPSJpbnNlcnQiIC8+CjxhIG5hbWU9IkZpZ3Vy ZS0xIj48L2E+CjxkaXYgc3R5bGU9J2Rpc3BsYXk6IHRhYmxlOyB3aWR0aDogMDsgbWFyZ2luLWxl ZnQ6IDNlbTsgbWFyZ2luLXJpZ2h0OiBhdXRvJz48cHJlPgogICstLS0tLS0tLSsgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgKy0tLS0tLS0tLS0tLS0tLSsKICB8ICAgICAgICB8LS0oQSkt IEF1dGhvcml6YXRpb24gUmVxdWVzdCAtJmd0O3wgICBSZXNvdXJjZSAgICB8CiAgfCAgICAgICAg fCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICB8ICAgICBPd25lciAgICAgfAogIHwgICAg ICAgIHwmbHQ7LShCKS0tIEF1dGhvcml6YXRpb24gR3JhbnQgLS0tfCAgICAgICAgICAgICAgIHwK ICB8ICAgICAgICB8ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICstLS0tLS0tLS0tLS0t LS0rCiAgfCAgICAgICAgfAogIHwgICAgICAgIHwgICAgICAgIEF1dGhvcml6YXRpb24gR3JhbnQg JmFtcDsgICstLS0tLS0tLS0tLS0tLS0rCiAgfCAgICAgICAgfC0tKEMpLS0tIENsaWVudCBDcmVk ZW50aWFscyAtLSZndDt8IEF1dGhvcml6YXRpb24gfAogIHwgQ2xpZW50IHwgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgfCAgICAgU2VydmVyICAgIHwKICB8ICAgICAgICB8Jmx0Oy0oRCkt LS0tLSBBY2Nlc3MgVG9rZW4gLS0tLS0tLXwgICAgICAgICAgICAgICB8CiAgfCAgICAgICAgfCAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICArLS0tLS0tLS0tLS0tLS0tKwogIHwgICAgICAg IHwKICB8ICAgICAgICB8ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICstLS0tLS0tLS0t LS0tLS0rCiAgfCAgICAgICAgfC0tKEUpLS0tLS0gQWNjZXNzIFRva2VuIC0tLS0tLSZndDt8ICAg IFJlc291cmNlICAgfAogIHwgICAgICAgIHwgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg fCAgICAgU2VydmVyICAgIHwKICB8ICAgICAgICB8Jmx0Oy0oRiktLS0gUHJvdGVjdGVkIFJlc291 cmNlIC0tLXwgICAgICAgICAgICAgICB8CiAgKy0tLS0tLS0tKyAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICArLS0tLS0tLS0tLS0tLS0tKwo8L3ByZT48L2Rpdj48dGFibGUgYm9yZGVyPSIw IiBjZWxscGFkZGluZz0iMCIgY2VsbHNwYWNpbmc9IjIiIGFsaWduPSJjZW50ZXIiPjx0cj48dGQg YWxpZ249ImNlbnRlciI+PGZvbnQgZmFjZT0ibW9uYWNvLCBNUyBTYW5zIFNlcmlmIiBzaXplPSIx Ij48Yj4mbmJzcDtGaWd1cmUmbmJzcDsxOiBBYnN0cmFjdCBQcm90b2NvbCBGbG93Jm5ic3A7PC9i PjwvZm9udD48YnIgLz48L3RkPjwvdHI+PC90YWJsZT48aHIgY2xhc3M9Imluc2VydCIgLz4KCjxw PgogICAgICAgICAgVGhlIGFic3RyYWN0IGZsb3cgaWxsdXN0cmF0ZWQgaW4gPGEgY2xhc3M9J2lu Zm8nIGhyZWY9JyNGaWd1cmUtMSc+RmlndXJlJm5ic3A7MTxzcGFuPiAoPC9zcGFuPjxzcGFuIGNs YXNzPSdpbmZvJz5BYnN0cmFjdCBQcm90b2NvbCBGbG93PC9zcGFuPjxzcGFuPik8L3NwYW4+PC9h PiBkZXNjcmliZXMgdGhlIG92ZXJhbGwKICAgICAgICAgIE9BdXRoIDIuMCBwcm90b2NvbCBhcmNo aXRlY3R1cmUuIFRoZSBmb2xsb3dpbmcgc3RlcHMgYXJlIHNwZWNpZmllZCB3aXRoaW4gdGhpcwog ICAgICAgICAgZG9jdW1lbnQ6CgogICAgICAgICAgPC9wPgo8YmxvY2txdW90ZSBjbGFzcz0idGV4 dCI+CjxwPgogICAgICAgICAgICAgIEUpIFRoZSBjbGllbnQgbWFrZXMgYSBwcm90ZWN0ZWQgcmVz b3VyY2UgcmVxdWVzdCB0byB0aGUgcmVzb3VyY2Ugc2VydmVyIGJ5IHByZXNlbnRpbmcKICAgICAg ICAgICAgICB0aGUgYWNjZXNzIHRva2VuLgogICAgICAgICAgICAKPC9wPgo8cD4KICAgICAgICAg ICAgICBGKSBUaGUgcmVzb3VyY2Ugc2VydmVyIHZhbGlkYXRlcyB0aGUgYWNjZXNzIHRva2VuLCBh bmQgaWYgdmFsaWQsIHNlcnZlcyB0aGUgcmVxdWVzdC4KICAgICAgICAgICAgCjwvcD4KPC9ibG9j a3F1b3RlPjxwPgogICAgICAgIAo8L3A+CjxwPgoJICBUaGlzIGRvY3VtZW50IGFsc28gaW1wb3Nl cyBzZW1hbnRpYyByZXF1aXJlbWVudHMgdXBvbiB0aGUKCSAgYWNjZXNzIHRva2VuIHJldHVybmVk IGluIFN0ZXAgRC4KCQo8L3A+CjxhIG5hbWU9ImFuY2hvcjUiPjwvYT48YnIgLz48aHIgLz4KPHRh YmxlIHN1bW1hcnk9ImxheW91dCIgY2VsbHBhZGRpbmc9IjAiIGNlbGxzcGFjaW5nPSIyIiBjbGFz cz0iVE9DYnVnIiBhbGlnbj0icmlnaHQiPjx0cj48dGQgY2xhc3M9IlRPQ2J1ZyI+PGEgaHJlZj0i I3RvYyI+Jm5ic3A7VE9DJm5ic3A7PC9hPjwvdGQ+PC90cj48L3RhYmxlPgo8YSBuYW1lPSJyZmMu c2VjdGlvbi4yIj48L2E+PGgzPjIuJm5ic3A7CkF1dGhlbnRpY2F0ZWQgUmVxdWVzdHM8L2gzPgoK PHA+CglUaGlzIHNlY3Rpb24gZGVmaW5lcyB0aHJlZQoJbWV0aG9kcyBvZiBzZW5kaW5nIGJlYXJl ciBhY2Nlc3MgdG9rZW5zIGluIHJlc291cmNlIHJlcXVlc3RzCgl0byByZXNvdXJjZSBzZXJ2ZXJz LiAgQ2xpZW50cyBNVVNUIE5PVCB1c2UgbW9yZSB0aGFuIG9uZQoJbWV0aG9kIHRvIHRyYW5zbWl0 IHRoZSB0b2tlbiBpbiBlYWNoIHJlcXVlc3QuCiAgICAgIAo8L3A+CjxhIG5hbWU9ImF1dGh6LWhl YWRlciI+PC9hPjxiciAvPjxociAvPgo8dGFibGUgc3VtbWFyeT0ibGF5b3V0IiBjZWxscGFkZGlu Zz0iMCIgY2VsbHNwYWNpbmc9IjIiIGNsYXNzPSJUT0NidWciIGFsaWduPSJyaWdodCI+PHRyPjx0 ZCBjbGFzcz0iVE9DYnVnIj48YSBocmVmPSIjdG9jIj4mbmJzcDtUT0MmbmJzcDs8L2E+PC90ZD48 L3RyPjwvdGFibGU+CjxhIG5hbWU9InJmYy5zZWN0aW9uLjIuMSI+PC9hPjxoMz4yLjEuJm5ic3A7 CkF1dGhvcml6YXRpb24gUmVxdWVzdCBIZWFkZXIgRmllbGQ8L2gzPgoKPHA+CgkgIFdoZW4gc2Vu ZGluZyB0aGUgYWNjZXNzIHRva2VuIGluIHRoZSA8dHQ+QXV0aG9yaXphdGlvbjwvdHQ+IHJlcXVl c3QgaGVhZGVyIGZpZWxkCgkgIGRlZmluZWQgYnkKCSAgSFRUUC8xLjEgPGEgY2xhc3M9J2luZm8n IGhyZWY9JyNSRkMyNjE3Jz5bUkZDMjYxN108c3Bhbj4gKDwvc3Bhbj48c3BhbiBjbGFzcz0naW5m byc+RnJhbmtzLCBKLiwgSGFsbGFtLUJha2VyLCBQLiwgSG9zdGV0bGVyLCBKLiwgTGF3cmVuY2Us IFMuLCBMZWFjaCwgUC4sIEx1b3RvbmVuLCBBLiwgYW5kIEwuIFN0ZXdhcnQsICZsZHF1bztIVFRQ IEF1dGhlbnRpY2F0aW9uOiBCYXNpYyBhbmQgRGlnZXN0IEFjY2VzcyBBdXRoZW50aWNhdGlvbiwm cmRxdW87IEp1bmUmbmJzcDsxOTk5Ljwvc3Bhbj48c3Bhbj4pPC9zcGFuPjwvYT4sCgkgIHRoZQoJ ICBjbGllbnQgdXNlcyB0aGUgPHR0PkJlYXJlcjwvdHQ+CgkgIGF1dGhlbnRpY2F0aW9uIHNjaGVt ZSB0byB0cmFuc21pdCB0aGUgYWNjZXNzIHRva2VuLgogICAgICAgIAo8L3A+CjxwPgogICAgICAg ICAgICBGb3IgZXhhbXBsZToKICAgICAgICAgIAo8L3A+PGRpdiBzdHlsZT0nZGlzcGxheTogdGFi bGU7IHdpZHRoOiAwOyBtYXJnaW4tbGVmdDogM2VtOyBtYXJnaW4tcmlnaHQ6IGF1dG8nPjxwcmU+ CiAgR0VUIC9yZXNvdXJjZSBIVFRQLzEuMQogIEhvc3Q6IHNlcnZlci5leGFtcGxlLmNvbQogIEF1 dGhvcml6YXRpb246IEJlYXJlciBtRl85LkI1Zi00LjFKcU0KPC9wcmU+PC9kaXY+CjxwPgogICAg ICAgICAgVGhlIDx0dD5BdXRob3JpemF0aW9uPC90dD4gaGVhZGVyIGZpZWxkIHVzZXMgdGhlIGZy YW1ld29yayBkZWZpbmVkIGJ5CiAgICAgICAgICBIVFRQLzEuMSA8YSBjbGFzcz0naW5mbycgaHJl Zj0nI1JGQzI2MTcnPltSRkMyNjE3XTxzcGFuPiAoPC9zcGFuPjxzcGFuIGNsYXNzPSdpbmZvJz5G cmFua3MsIEouLCBIYWxsYW0tQmFrZXIsIFAuLCBIb3N0ZXRsZXIsIEouLCBMYXdyZW5jZSwgUy4s IExlYWNoLCBQLiwgTHVvdG9uZW4sIEEuLCBhbmQgTC4gU3Rld2FydCwgJmxkcXVvO0hUVFAgQXV0 aGVudGljYXRpb246IEJhc2ljIGFuZCBEaWdlc3QgQWNjZXNzIEF1dGhlbnRpY2F0aW9uLCZyZHF1 bzsgSnVuZSZuYnNwOzE5OTkuPC9zcGFuPjxzcGFuPik8L3NwYW4+PC9hPgoJICBhcyBmb2xsb3dz OgogICAgICAgIAo8L3A+PGRpdiBzdHlsZT0nZGlzcGxheTogdGFibGU7IHdpZHRoOiAwOyBtYXJn aW4tbGVmdDogM2VtOyBtYXJnaW4tcmlnaHQ6IGF1dG8nPjxwcmU+CiAgYjY0dG9rZW4gICAgPSAx KiggQUxQSEEgLyBESUdJVCAvCiAgICAgICAgICAgICAgICAgICAgIi0iIC8gIi4iIC8gIl8iIC8g In4iIC8gIisiIC8gIi8iICkgKiI9IgogIGNyZWRlbnRpYWxzID0gIkJlYXJlciIgMSpTUCBiNjR0 b2tlbgo8L3ByZT48L2Rpdj4KPHA+CgkgIENsaWVudHMgU0hPVUxEIG1ha2UgYXV0aGVudGljYXRl ZCByZXF1ZXN0cyB3aXRoIGEgYmVhcmVyCgkgIHRva2VuIHVzaW5nIHRoZSA8dHQ+QXV0aG9yaXph dGlvbjwvdHQ+CgkgIHJlcXVlc3QgaGVhZGVyIGZpZWxkIHdpdGggdGhlIDx0dD5CZWFyZXI8L3R0 PiBIVFRQIGF1dGhvcml6YXRpb24gc2NoZW1lLgoJICBSZXNvdXJjZSBzZXJ2ZXJzIE1VU1Qgc3Vw cG9ydCB0aGlzIG1ldGhvZC4KCQo8L3A+CjxhIG5hbWU9ImJvZHktcGFyYW0iPjwvYT48YnIgLz48 aHIgLz4KPHRhYmxlIHN1bW1hcnk9ImxheW91dCIgY2VsbHBhZGRpbmc9IjAiIGNlbGxzcGFjaW5n PSIyIiBjbGFzcz0iVE9DYnVnIiBhbGlnbj0icmlnaHQiPjx0cj48dGQgY2xhc3M9IlRPQ2J1ZyI+ PGEgaHJlZj0iI3RvYyI+Jm5ic3A7VE9DJm5ic3A7PC9hPjwvdGQ+PC90cj48L3RhYmxlPgo8YSBu YW1lPSJyZmMuc2VjdGlvbi4yLjIiPjwvYT48aDM+Mi4yLiZuYnNwOwpGb3JtLUVuY29kZWQgQm9k eSBQYXJhbWV0ZXI8L2gzPgoKPHA+CiAgICAgICAgICBXaGVuIHNlbmRpbmcgdGhlIGFjY2VzcyB0 b2tlbiBpbiB0aGUgSFRUUCByZXF1ZXN0CiAgICAgICAgICBlbnRpdHktYm9keSwgdGhlIGNsaWVu dCBhZGRzIHRoZSBhY2Nlc3MgdG9rZW4gdG8gdGhlIHJlcXVlc3QKICAgICAgICAgIGJvZHkgdXNp bmcgdGhlIDx0dD5hY2Nlc3NfdG9rZW48L3R0PgogICAgICAgICAgcGFyYW1ldGVyLiAgVGhlIGNs aWVudCBNVVNUIE5PVCB1c2UgdGhpcyBtZXRob2QgdW5sZXNzCgkgIGFsbCBvZiB0aGUgZm9sbG93 aW5nIGNvbmRpdGlvbnMgYXJlIG1ldDoKICAgICAgICAgIDwvcD4KPHVsIGNsYXNzPSJ0ZXh0Ij4K PGxpPgogICAgICAgICAgICAgIFRoZSBIVFRQIHJlcXVlc3QgZW50aXR5LWhlYWRlciBpbmNsdWRl cyB0aGUgPHR0PkNvbnRlbnQtVHlwZTwvdHQ+CiAgICAgICAgICAgICAgaGVhZGVyIGZpZWxkIHNl dCB0byA8dHQ+YXBwbGljYXRpb24veC13d3ctZm9ybS11cmxlbmNvZGVkPC90dD4uCiAgICAgICAg ICAgIAo8L2xpPgo8bGk+CiAgICAgICAgICAgICAgVGhlIGVudGl0eS1ib2R5IGZvbGxvd3MgdGhl IGVuY29kaW5nIHJlcXVpcmVtZW50cyBvZiB0aGUKICAgICAgICAgICAgICA8dHQ+YXBwbGljYXRp b24veC13d3ctZm9ybS11cmxlbmNvZGVkPC90dD4gY29udGVudC10eXBlIGFzCiAgICAgICAgICAg ICAgZGVmaW5lZCBieQoJICAgICAgSFRNTCA0LjAxIDxhIGNsYXNzPSdpbmZvJyBocmVmPScjVzND LlJFQy1odG1sNDAxLTE5OTkxMjI0Jz5bVzNDLlJFQyYjODIwOTtodG1sNDAxJiM4MjA5OzE5OTkx MjI0XTxzcGFuPiAoPC9zcGFuPjxzcGFuIGNsYXNzPSdpbmZvJz5Ib3JzLCBBLiwgUmFnZ2V0dCwg RC4sIGFuZCBJLiBKYWNvYnMsICZsZHF1bztIVE1MIDQuMDEgU3BlY2lmaWNhdGlvbiwmcmRxdW87 IERlY2VtYmVyJm5ic3A7MTk5OS48L3NwYW4+PHNwYW4+KTwvc3Bhbj48L2E+LgogICAgICAgICAg ICAKPC9saT4KPGxpPgogICAgICAgICAgICAgIFRoZSBIVFRQIHJlcXVlc3QgZW50aXR5LWJvZHkg aXMgc2luZ2xlLXBhcnQuCiAgICAgICAgICAgIAo8L2xpPgo8bGk+CgkgICAgICBUaGUgY29udGVu dCB0byBiZSBlbmNvZGVkIGluIHRoZSBlbnRpdHktYm9keSBNVVNUCgkgICAgICBjb25zaXN0IGVu dGlyZWx5IG9mIEFTQ0lJIDxhIGNsYXNzPSdpbmZvJyBocmVmPScjVVNBU0NJSSc+W1VTQVNDSUld PHNwYW4+ICg8L3NwYW4+PHNwYW4gY2xhc3M9J2luZm8nPkFtZXJpY2FuIE5hdGlvbmFsIFN0YW5k YXJkcyBJbnN0aXR1dGUsICZsZHF1bztDb2RlZCBDaGFyYWN0ZXIgU2V0IC0tIDctYml0IEFtZXJp Y2FuIFN0YW5kYXJkIENvZGUgZm9yIEluZm9ybWF0aW9uIEludGVyY2hhbmdlLCZyZHF1bzsgMTk4 Ni48L3NwYW4+PHNwYW4+KTwvc3Bhbj48L2E+IGNoYXJhY3RlcnMuCgkgICAgCjwvbGk+CjxsaT4K ICAgICAgICAgICAgICBUaGUgSFRUUCByZXF1ZXN0IG1ldGhvZCBpcyBvbmUgZm9yIHdoaWNoIHRo ZSByZXF1ZXN0CiAgICAgICAgICAgICAgYm9keSBoYXMgZGVmaW5lZCBzZW1hbnRpY3MuICBJbiBw YXJ0aWN1bGFyLAogICAgICAgICAgICAgIHRoaXMgbWVhbnMgdGhhdCB0aGUgPHR0PkdFVDwvdHQ+ CiAgICAgICAgICAgICAgbWV0aG9kIE1VU1QgTk9UIGJlIHVzZWQuCiAgICAgICAgICAgIAo8L2xp Pgo8L3VsPjxwPgogICAgICAgIAo8L3A+CjxwPgogICAgICAgICAgVGhlIGVudGl0eS1ib2R5IE1B WSBpbmNsdWRlIG90aGVyIHJlcXVlc3Qtc3BlY2lmaWMKICAgICAgICAgIHBhcmFtZXRlcnMsIGlu IHdoaWNoIGNhc2UsIHRoZSA8dHQ+YWNjZXNzX3Rva2VuPC90dD4gcGFyYW1ldGVyIE1VU1QgYmUg cHJvcGVybHkKICAgICAgICAgIHNlcGFyYXRlZCBmcm9tIHRoZSByZXF1ZXN0LXNwZWNpZmljIHBh cmFtZXRlcnMgdXNpbmcgPHR0PiZhbXA7PC90dD4gY2hhcmFjdGVyKHMpIChBU0NJSSBjb2RlIDM4 KS4KICAgICAgICAKPC9wPgo8cD4KICAgICAgICAgICAgRm9yIGV4YW1wbGUsIHRoZSBjbGllbnQg bWFrZXMgdGhlIGZvbGxvd2luZyBIVFRQIHJlcXVlc3QgdXNpbmcgdHJhbnNwb3J0LWxheWVyCiAg ICAgICAgICAgIHNlY3VyaXR5OgogICAgICAgICAgCjwvcD48ZGl2IHN0eWxlPSdkaXNwbGF5OiB0 YWJsZTsgd2lkdGg6IDA7IG1hcmdpbi1sZWZ0OiAzZW07IG1hcmdpbi1yaWdodDogYXV0byc+PHBy ZT4KICBQT1NUIC9yZXNvdXJjZSBIVFRQLzEuMQogIEhvc3Q6IHNlcnZlci5leGFtcGxlLmNvbQog IENvbnRlbnQtVHlwZTogYXBwbGljYXRpb24veC13d3ctZm9ybS11cmxlbmNvZGVkCgogIGFjY2Vz c190b2tlbj1tRl85LkI1Zi00LjFKcU0KPC9wcmU+PC9kaXY+CjxwPgoJICBUaGUgPHR0PmFwcGxp Y2F0aW9uL3gtd3d3LWZvcm0tdXJsZW5jb2RlZDwvdHQ+CgkgIG1ldGhvZCBTSE9VTEQgTk9UIGJl IHVzZWQgZXhjZXB0IGluIGFwcGxpY2F0aW9uIGNvbnRleHRzCgkgIHdoZXJlIHBhcnRpY2lwYXRp bmcgYnJvd3NlcnMgZG8gbm90IGhhdmUgYWNjZXNzIHRvIHRoZQoJICA8dHQ+QXV0aG9yaXphdGlv bjwvdHQ+IHJlcXVlc3QgaGVhZGVyCgkgIGZpZWxkLgoJICBSZXNvdXJjZSBzZXJ2ZXJzIE1BWSBz dXBwb3J0IHRoaXMgbWV0aG9kLgoJCjwvcD4KPGEgbmFtZT0icXVlcnktcGFyYW0iPjwvYT48YnIg Lz48aHIgLz4KPHRhYmxlIHN1bW1hcnk9ImxheW91dCIgY2VsbHBhZGRpbmc9IjAiIGNlbGxzcGFj aW5nPSIyIiBjbGFzcz0iVE9DYnVnIiBhbGlnbj0icmlnaHQiPjx0cj48dGQgY2xhc3M9IlRPQ2J1 ZyI+PGEgaHJlZj0iI3RvYyI+Jm5ic3A7VE9DJm5ic3A7PC9hPjwvdGQ+PC90cj48L3RhYmxlPgo8 YSBuYW1lPSJyZmMuc2VjdGlvbi4yLjMiPjwvYT48aDM+Mi4zLiZuYnNwOwpVUkkgUXVlcnkgUGFy YW1ldGVyPC9oMz4KCjxwPgogICAgICAgICAgV2hlbiBzZW5kaW5nIHRoZSBhY2Nlc3MgdG9rZW4g aW4gdGhlIEhUVFAgcmVxdWVzdCBVUkksIHRoZSBjbGllbnQgYWRkcyB0aGUgYWNjZXNzCiAgICAg ICAgICB0b2tlbiB0byB0aGUgcmVxdWVzdCBVUkkgcXVlcnkgY29tcG9uZW50IGFzIGRlZmluZWQg YnkKCSAgVW5pZm9ybSBSZXNvdXJjZSBJZGVudGlmaWVyIChVUkkpIDxhIGNsYXNzPSdpbmZvJyBo cmVmPScjUkZDMzk4Nic+W1JGQzM5ODZdPHNwYW4+ICg8L3NwYW4+PHNwYW4gY2xhc3M9J2luZm8n PkJlcm5lcnMtTGVlLCBULiwgRmllbGRpbmcsIFIuLCBhbmQgTC4gTWFzaW50ZXIsICZsZHF1bztV bmlmb3JtIFJlc291cmNlIElkZW50aWZpZXIgKFVSSSk6IEdlbmVyaWMgU3ludGF4LCZyZHF1bzsg SmFudWFyeSZuYnNwOzIwMDUuPC9zcGFuPjxzcGFuPik8L3NwYW4+PC9hPgoJICB1c2luZwogICAg ICAgICAgdGhlIDx0dD5hY2Nlc3NfdG9rZW48L3R0PiBwYXJhbWV0ZXIuCiAgICAgICAgCjwvcD4K PHA+CiAgICAgICAgICAgIEZvciBleGFtcGxlLCB0aGUgY2xpZW50IG1ha2VzIHRoZSBmb2xsb3dp bmcgSFRUUCByZXF1ZXN0IHVzaW5nIHRyYW5zcG9ydC1sYXllcgogICAgICAgICAgICBzZWN1cml0 eToKICAgICAgICAgIAo8L3A+PGRpdiBzdHlsZT0nZGlzcGxheTogdGFibGU7IHdpZHRoOiAwOyBt YXJnaW4tbGVmdDogM2VtOyBtYXJnaW4tcmlnaHQ6IGF1dG8nPjxwcmU+CiAgR0VUIC9yZXNvdXJj ZT9hY2Nlc3NfdG9rZW49bUZfOS5CNWYtNC4xSnFNIEhUVFAvMS4xCiAgSG9zdDogc2VydmVyLmV4 YW1wbGUuY29tCjwvcHJlPjwvZGl2Pgo8cD4KICAgICAgICAgIFRoZSBIVFRQIHJlcXVlc3QgVVJJ IHF1ZXJ5IGNhbiBpbmNsdWRlIG90aGVyCiAgICAgICAgICByZXF1ZXN0LXNwZWNpZmljIHBhcmFt ZXRlcnMsIGluIHdoaWNoIGNhc2UsIHRoZSA8dHQ+YWNjZXNzX3Rva2VuPC90dD4gcGFyYW1ldGVy IE1VU1QgYmUgcHJvcGVybHkKICAgICAgICAgIHNlcGFyYXRlZCBmcm9tIHRoZSByZXF1ZXN0LXNw ZWNpZmljIHBhcmFtZXRlcnMgdXNpbmcgPHR0PiZhbXA7PC90dD4gY2hhcmFjdGVyKHMpIChBU0NJ SSBjb2RlIDM4KS4KICAgICAgICAKPC9wPgo8cD4KICAgICAgICAgICAgRm9yIGV4YW1wbGU6CiAg ICAgICAgICAKPC9wPjxkaXYgc3R5bGU9J2Rpc3BsYXk6IHRhYmxlOyB3aWR0aDogMDsgbWFyZ2lu LWxlZnQ6IDNlbTsgbWFyZ2luLXJpZ2h0OiBhdXRvJz48cHJlPgogaHR0cHM6Ly9zZXJ2ZXIuZXhh bXBsZS5jb20vcmVzb3VyY2U/YWNjZXNzX3Rva2VuPW1GXzkuQjVmLTQuMUpxTSZhbXA7cD1xCjwv cHJlPjwvZGl2Pgo8cD4KCSAgQ2xpZW50cyB1c2luZyB0aGUgVVJJIFF1ZXJ5IFBhcmFtZXRlciBt ZXRob2QgU0hPVUxEIGFsc28gc2VuZCBhCgkgIENhY2hlLUNvbnRyb2wgaGVhZGVyIGNvbnRhaW5p bmcgdGhlICJuby1zdG9yZSIgb3B0aW9uLiAgU2VydmVyIHN1Y2Nlc3MKCSAgKDJYWCBzdGF0dXMp IHJlc3BvbnNlcyB0byB0aGVzZSByZXF1ZXN0cyBTSE9VTEQgY29udGFpbiBhIENhY2hlLUNvbnRy b2wKCSAgaGVhZGVyIHdpdGggdGhlICJwcml2YXRlIiBvcHRpb24uCgkKPC9wPgo8cD4KCSAgQmVj YXVzZSBvZiB0aGUgc2VjdXJpdHkgd2Vha25lc3NlcyBhc3NvY2lhdGVkIHdpdGggdGhlIFVSSQoJ ICBtZXRob2QgKHNlZSA8YSBjbGFzcz0naW5mbycgaHJlZj0nI3NlYy1jb24nPlNlY3Rpb24mbmJz cDs1PHNwYW4+ICg8L3NwYW4+PHNwYW4gY2xhc3M9J2luZm8nPlNlY3VyaXR5IENvbnNpZGVyYXRp b25zPC9zcGFuPjxzcGFuPik8L3NwYW4+PC9hPiksIGluY2x1ZGluZyB0aGUgaGlnaAoJICBsaWtl bGlob29kIHRoYXQgdGhlIFVSTCBjb250YWluaW5nIHRoZSBhY2Nlc3MgdG9rZW4gd2lsbCBiZQoJ ICBsb2dnZWQsIGl0IFNIT1VMRCBOT1QgYmUgdXNlZCB1bmxlc3MgaXQgaXMgaW1wb3NzaWJsZSB0 bwoJICB0cmFuc3BvcnQgdGhlIGFjY2VzcyB0b2tlbiBpbiB0aGUgPHR0PkF1dGhvcml6YXRpb248 L3R0PiByZXF1ZXN0IGhlYWRlciBmaWVsZCBvcgoJICB0aGUgSFRUUCByZXF1ZXN0IGVudGl0eS1i b2R5LgoJICBSZXNvdXJjZSBzZXJ2ZXJzIE1BWSBzdXBwb3J0IHRoaXMgbWV0aG9kLgoJCjwvcD4K PHA+CgkgIFRoaXMgbWV0aG9kIGlzIGluY2x1ZGVkIHRvIGRvY3VtZW50IGN1cnJlbnQgdXNlOyBp dHMgdXNlIGlzCgkgIG5vdCByZWNvbW1lbmRlZCwgYm90aCBkdWUgdG8gaXRzIHNlY3VyaXR5IGRl ZmljaWVuY2llcyAoc2VlCgkgIDxhIGNsYXNzPSdpbmZvJyBocmVmPScjc2VjLWNvbic+U2VjdGlv biZuYnNwOzU8c3Bhbj4gKDwvc3Bhbj48c3BhbiBjbGFzcz0naW5mbyc+U2VjdXJpdHkgQ29uc2lk ZXJhdGlvbnM8L3NwYW4+PHNwYW4+KTwvc3Bhbj48L2E+KSBhbmQgYmVjYXVzZSBpdCB1c2VzIGEK CSAgcmVzZXJ2ZWQgcXVlcnkgcGFyYW1ldGVyIG5hbWUsIHdoaWNoIGlzIGNvdW50ZXIgdG8KCSAg VVJJIG5hbWVzcGFjZSBiZXN0IHByYWN0aWNlcywgcGVyIHRoZQoJICBBcmNoaXRlY3R1cmUgb2Yg dGhlIFdvcmxkIFdpZGUgV2ViIDxhIGNsYXNzPSdpbmZvJyBocmVmPScjVzNDLlJFQy13ZWJhcmNo LTIwMDQxMjE1Jz5bVzNDLlJFQyYjODIwOTt3ZWJhcmNoJiM4MjA5OzIwMDQxMjE1XTxzcGFuPiAo PC9zcGFuPjxzcGFuIGNsYXNzPSdpbmZvJz5KYWNvYnMsIEkuIGFuZCBOLiBXYWxzaCwgJmxkcXVv O0FyY2hpdGVjdHVyZSBvZiB0aGUgV29ybGQgV2lkZSBXZWIsIFZvbHVtZSBPbmUsJnJkcXVvOyBE ZWNlbWJlciZuYnNwOzIwMDQuPC9zcGFuPjxzcGFuPik8L3NwYW4+PC9hPi4KCQo8L3A+CjxhIG5h bWU9ImF1dGhuLWhlYWRlciI+PC9hPjxiciAvPjxociAvPgo8dGFibGUgc3VtbWFyeT0ibGF5b3V0 IiBjZWxscGFkZGluZz0iMCIgY2VsbHNwYWNpbmc9IjIiIGNsYXNzPSJUT0NidWciIGFsaWduPSJy aWdodCI+PHRyPjx0ZCBjbGFzcz0iVE9DYnVnIj48YSBocmVmPSIjdG9jIj4mbmJzcDtUT0MmbmJz cDs8L2E+PC90ZD48L3RyPjwvdGFibGU+CjxhIG5hbWU9InJmYy5zZWN0aW9uLjMiPjwvYT48aDM+ My4mbmJzcDsKVGhlIFdXVy1BdXRoZW50aWNhdGUgUmVzcG9uc2UgSGVhZGVyIEZpZWxkPC9oMz4K CjxwPgoJSWYgdGhlIHByb3RlY3RlZCByZXNvdXJjZSByZXF1ZXN0IGRvZXMgbm90IGluY2x1ZGUK CWF1dGhlbnRpY2F0aW9uIGNyZWRlbnRpYWxzIG9yIGRvZXMgbm90IGNvbnRhaW4gYW4gYWNjZXNz Cgl0b2tlbiB0aGF0IGVuYWJsZXMgYWNjZXNzIHRvIHRoZSBwcm90ZWN0ZWQgcmVzb3VyY2UsCgl0 aGUgcmVzb3VyY2Ugc2VydmVyIE1VU1QgaW5jbHVkZSB0aGUgSFRUUCA8dHQ+V1dXLUF1dGhlbnRp Y2F0ZTwvdHQ+IHJlc3BvbnNlIGhlYWRlciBmaWVsZDsKCWl0IE1BWSBpbmNsdWRlIGl0IGluIHJl c3BvbnNlIHRvIG90aGVyIGNvbmRpdGlvbnMgYXMgd2VsbC4KCVRoZSA8dHQ+V1dXLUF1dGhlbnRp Y2F0ZTwvdHQ+IGhlYWRlcgoJZmllbGQgdXNlcyB0aGUgZnJhbWV3b3JrIGRlZmluZWQgYnkKCUhU VFAvMS4xIDxhIGNsYXNzPSdpbmZvJyBocmVmPScjUkZDMjYxNyc+W1JGQzI2MTddPHNwYW4+ICg8 L3NwYW4+PHNwYW4gY2xhc3M9J2luZm8nPkZyYW5rcywgSi4sIEhhbGxhbS1CYWtlciwgUC4sIEhv c3RldGxlciwgSi4sIExhd3JlbmNlLCBTLiwgTGVhY2gsIFAuLCBMdW90b25lbiwgQS4sIGFuZCBM LiBTdGV3YXJ0LCAmbGRxdW87SFRUUCBBdXRoZW50aWNhdGlvbjogQmFzaWMgYW5kIERpZ2VzdCBB Y2Nlc3MgQXV0aGVudGljYXRpb24sJnJkcXVvOyBKdW5lJm5ic3A7MTk5OS48L3NwYW4+PHNwYW4+ KTwvc3Bhbj48L2E+LgogICAgICAKPC9wPgo8cD4KCUFsbCBjaGFsbGVuZ2VzIGRlZmluZWQgYnkg dGhpcyBzcGVjaWZpY2F0aW9uIE1VU1QgdXNlIHRoZQoJYXV0aC1zY2hlbWUgdmFsdWUgPHR0PkJl YXJlcjwvdHQ+LiAgVGhpcwoJc2NoZW1lIE1VU1QgYmUgZm9sbG93ZWQgYnkgb25lIG9yIG1vcmUg YXV0aC1wYXJhbSB2YWx1ZXMuICBUaGUKCWF1dGgtcGFyYW0gYXR0cmlidXRlcyB1c2VkIG9yIGRl ZmluZWQgYnkgdGhpcyBzcGVjaWZpY2F0aW9uCglhcmUgYXMgZm9sbG93cy4gIE90aGVyIGF1dGgt cGFyYW0gYXR0cmlidXRlcyBNQVkgYmUgdXNlZCBhcwoJd2VsbC4KICAgICAgCjwvcD4KPHA+CglB IDx0dD5yZWFsbTwvdHQ+IGF0dHJpYnV0ZSBNQVkgYmUgaW5jbHVkZWQKCXRvIGluZGljYXRlIHRo ZSBzY29wZSBvZiBwcm90ZWN0aW9uIGluIHRoZSBtYW5uZXIgZGVzY3JpYmVkIGluCglIVFRQLzEu MSA8YSBjbGFzcz0naW5mbycgaHJlZj0nI1JGQzI2MTcnPltSRkMyNjE3XTxzcGFuPiAoPC9zcGFu PjxzcGFuIGNsYXNzPSdpbmZvJz5GcmFua3MsIEouLCBIYWxsYW0tQmFrZXIsIFAuLCBIb3N0ZXRs ZXIsIEouLCBMYXdyZW5jZSwgUy4sIExlYWNoLCBQLiwgTHVvdG9uZW4sIEEuLCBhbmQgTC4gU3Rl d2FydCwgJmxkcXVvO0hUVFAgQXV0aGVudGljYXRpb246IEJhc2ljIGFuZCBEaWdlc3QgQWNjZXNz IEF1dGhlbnRpY2F0aW9uLCZyZHF1bzsgSnVuZSZuYnNwOzE5OTkuPC9zcGFuPjxzcGFuPik8L3Nw YW4+PC9hPi4KCVRoZSA8dHQ+cmVhbG08L3R0PiBhdHRyaWJ1dGUgTVVTVCBOT1QgYXBwZWFyIG1v cmUgdGhhbiBvbmNlLgogICAgICAKPC9wPgo8cD4KCVRoZSA8dHQ+c2NvcGU8L3R0PiBhdHRyaWJ1 dGUgaXMgZGVmaW5lZCBpbgoJU2VjdGlvbiAzLjMgb2YgT0F1dGggMi4wIEF1dGhvcml6YXRpb24g PGEgY2xhc3M9J2luZm8nIGhyZWY9JyNJLUQuaWV0Zi1vYXV0aC12Mic+W0kmIzgyMDk7RC5pZXRm JiM4MjA5O29hdXRoJiM4MjA5O3YyXTxzcGFuPiAoPC9zcGFuPjxzcGFuIGNsYXNzPSdpbmZvJz5I YXJkdCwgRC4gYW5kIEQuIFJlY29yZG9uLCAmbGRxdW87VGhlIE9BdXRoIDIuMCBBdXRob3JpemF0 aW9uIEZyYW1ld29yaywmcmRxdW87IEp1bHkmbmJzcDsyMDEyLjwvc3Bhbj48c3Bhbj4pPC9zcGFu PjwvYT4uCglUaGUgPHR0PnNjb3BlPC90dD4gYXR0cmlidXRlIGlzIGEgc3BhY2UtZGVsaW1pdGVk IGxpc3QKCW9mIGNhc2Ugc2Vuc2l0aXZlIHNjb3BlIHZhbHVlcwoJaW5kaWNhdGluZyB0aGUgcmVx dWlyZWQgc2NvcGUgb2YgdGhlIGFjY2VzcyB0b2tlbiBmb3IgYWNjZXNzaW5nIHRoZSByZXF1ZXN0 ZWQgcmVzb3VyY2UuCgk8dHQ+c2NvcGU8L3R0PiB2YWx1ZXMgYXJlIGltcGxlbWVudGF0aW9uIGRl ZmluZWQ7Cgl0aGVyZSBpcyBubyBjZW50cmFsaXplZCByZWdpc3RyeSBmb3IgdGhlbTsKCWFsbG93 ZWQgdmFsdWVzIGFyZSBkZWZpbmVkIGJ5IHRoZSBhdXRob3JpemF0aW9uIHNlcnZlci4KCVRoZSBv cmRlciBvZiA8dHQ+c2NvcGU8L3R0PiB2YWx1ZXMgaXMgbm90IHNpZ25pZmljYW50LgoJSW4gc29t ZSBjYXNlcywgdGhlIDx0dD5zY29wZTwvdHQ+IHZhbHVlCgl3aWxsIGJlIHVzZWQgd2hlbiByZXF1 ZXN0aW5nIGEgbmV3IGFjY2VzcyB0b2tlbiB3aXRoCglzdWZmaWNpZW50IHNjb3BlIG9mIGFjY2Vz cyB0byB1dGlsaXplIHRoZSBwcm90ZWN0ZWQgcmVzb3VyY2UuCglVc2Ugb2YgdGhlIDx0dD5zY29w ZTwvdHQ+IGF0dHJpYnV0ZSBpcyBPUFRJT05BTC4KCVRoZSA8dHQ+c2NvcGU8L3R0PiBhdHRyaWJ1 dGUgTVVTVCBOT1QgYXBwZWFyIG1vcmUgdGhhbiBvbmNlLgoJVGhlIDx0dD5zY29wZTwvdHQ+IHZh bHVlIGlzIGludGVuZGVkIGZvcgoJcHJvZ3JhbW1hdGljIHVzZSBhbmQgaXMgbm90IG1lYW50IHRv IGJlIGRpc3BsYXllZCB0bwoJZW5kIHVzZXJzLiAKICAgICAgCjwvcD4KPHA+CgkgIFR3byBleGFt cGxlIHNjb3BlIHZhbHVlcyBmb2xsb3c7IHRoZXNlIGFyZSB0YWtlbiBmcm9tIHRoZQoJICBPcGVu SUQgQ29ubmVjdCA8YSBjbGFzcz0naW5mbycgaHJlZj0nI09wZW5JRC5NZXNzYWdlcyc+W09wZW5J RC5NZXNzYWdlc108c3Bhbj4gKDwvc3Bhbj48c3BhbiBjbGFzcz0naW5mbyc+U2FraW11cmEsIE4u LCBCcmFkbGV5LCBKLiwgSm9uZXMsIE0uLCBkZSBNZWRlaXJvcywgQi4sIE1vcnRpbW9yZSwgQy4s IGFuZCBFLiBKYXksICZsZHF1bztPcGVuSUQgQ29ubmVjdCBNZXNzYWdlcyAxLjAsJnJkcXVvOyBN YXkmbmJzcDsyMDEyLjwvc3Bhbj48c3Bhbj4pPC9zcGFuPjwvYT4gYW5kIE9BVEMKCSAgT25saW5l IE11bHRpbWVkaWEgQXV0aG9yaXphdGlvbiBQcm90b2NvbCA8YSBjbGFzcz0naW5mbycgaHJlZj0n I09NQVAnPltPTUFQXTxzcGFuPiAoPC9zcGFuPjxzcGFuIGNsYXNzPSdpbmZvJz5IdWZmLCBKLiwg U2NobGFjaHQsIEQuLCBOYWRhbGluLCBBLiwgU2ltbW9ucywgSi4sIFJvc2VuYmVyZywgUC4sIE1h ZHNlbiwgUC4sIEFjZSwgVC4sIFJpY2tlbHRvbi1BYmRpLCBDLiwgYW5kIEIuIEJveWVyLCAmbGRx dW87T25saW5lIE11bHRpbWVkaWEgQXV0aG9yaXphdGlvbiBQcm90b2NvbDogCSAgICBBbiBJbmR1 c3RyeSBTdGFuZGFyZCBmb3IgQXV0aG9yaXplZCBBY2Nlc3MgdG8gSW50ZXJuZXQgTXVsdGltZWRp YSBSZXNvdXJjZXMsJnJkcXVvOyBBcHJpbCZuYnNwOzIwMTIuPC9zcGFuPjxzcGFuPik8L3NwYW4+ PC9hPiBPQXV0aCAyLjAgdXNlIGNhc2VzLCByZXNwZWN0aXZlbHk6CgkKPC9wPjxkaXYgc3R5bGU9 J2Rpc3BsYXk6IHRhYmxlOyB3aWR0aDogMDsgbWFyZ2luLWxlZnQ6IDNlbTsgbWFyZ2luLXJpZ2h0 OiBhdXRvJz48cHJlPgogIHNjb3BlPSJvcGVuaWQgcHJvZmlsZSBlbWFpbCIKICBzY29wZT0idXJu OmV4YW1wbGU6Y2hhbm5lbD1IQk8mYW1wO3VybjpleGFtcGxlOnJhdGluZz1HLFBHLTEzIgo8L3By ZT48L2Rpdj4KPHA+CglJZiB0aGUgcHJvdGVjdGVkIHJlc291cmNlIHJlcXVlc3QgaW5jbHVkZWQg YW4gYWNjZXNzIHRva2VuIGFuZCBmYWlsZWQgYXV0aGVudGljYXRpb24sIHRoZQoJcmVzb3VyY2Ug c2VydmVyIFNIT1VMRCBpbmNsdWRlIHRoZSA8dHQ+ZXJyb3I8L3R0PiBhdHRyaWJ1dGUgdG8gcHJv dmlkZQoJdGhlIGNsaWVudCB3aXRoIHRoZSByZWFzb24gd2h5IHRoZSBhY2Nlc3MgcmVxdWVzdCB3 YXMgZGVjbGluZWQuIFRoZSBwYXJhbWV0ZXIgdmFsdWUgaXMKCWRlc2NyaWJlZCBpbiA8YSBjbGFz cz0naW5mbycgaHJlZj0nI3Jlc291cmNlLWVycm9yLWNvZGVzJz5TZWN0aW9uJm5ic3A7My4xPHNw YW4+ICg8L3NwYW4+PHNwYW4gY2xhc3M9J2luZm8nPkVycm9yIENvZGVzPC9zcGFuPjxzcGFuPik8 L3NwYW4+PC9hPi4KCUluIGFkZGl0aW9uLCB0aGUgcmVzb3VyY2Ugc2VydmVyIE1BWSBpbmNsdWRl IHRoZSA8dHQ+ZXJyb3JfZGVzY3JpcHRpb248L3R0PiBhdHRyaWJ1dGUgdG8gcHJvdmlkZQoJZGV2 ZWxvcGVycyBhIGh1bWFuLXJlYWRhYmxlIGV4cGxhbmF0aW9uIHRoYXQgaXMgbm90IG1lYW50Cgl0 byBiZSBkaXNwbGF5ZWQgdG8gZW5kIHVzZXJzLgoJSXQgYWxzbyBNQVkgaW5jbHVkZQoJdGhlIDx0 dD5lcnJvcl91cmk8L3R0PiBhdHRyaWJ1dGUgd2l0aAoJYW4gYWJzb2x1dGUgVVJJIGlkZW50aWZ5 aW5nIGEgaHVtYW4tcmVhZGFibGUgd2ViIHBhZ2UgZXhwbGFpbmluZyB0aGUgZXJyb3IuCglUaGUg PHR0PmVycm9yPC90dD4sIDx0dD5lcnJvcl9kZXNjcmlwdGlvbjwvdHQ+LCBhbmQKCTx0dD5lcnJv cl91cmk8L3R0PiBhdHRyaWJ1dGVzIE1VU1QgTk9UIGFwcGVhciBtb3JlIHRoYW4gb25jZS4KICAg ICAgCjwvcD4KPHA+CglWYWx1ZXMgZm9yIHRoZSA8dHQ+c2NvcGU8L3R0PiBhdHRyaWJ1dGUgTVVT VCBOT1QgaW5jbHVkZQoJY2hhcmFjdGVycyBvdXRzaWRlIHRoZSBzZXQgJXgyMSAvICV4MjMtNUIg LyAleDVELTdFCglzcGVjaWZpZWQgaW4gU2VjdGlvbiBBLjQgb2YKCU9BdXRoIDIuMCBBdXRob3Jp emF0aW9uIDxhIGNsYXNzPSdpbmZvJyBocmVmPScjSS1ELmlldGYtb2F1dGgtdjInPltJJiM4MjA5 O0QuaWV0ZiYjODIwOTtvYXV0aCYjODIwOTt2Ml08c3Bhbj4gKDwvc3Bhbj48c3BhbiBjbGFzcz0n aW5mbyc+SGFyZHQsIEQuIGFuZCBELiBSZWNvcmRvbiwgJmxkcXVvO1RoZSBPQXV0aCAyLjAgQXV0 aG9yaXphdGlvbiBGcmFtZXdvcmssJnJkcXVvOyBKdWx5Jm5ic3A7MjAxMi48L3NwYW4+PHNwYW4+ KTwvc3Bhbj48L2E+Cglmb3IgcmVwcmVzZW50aW5nIHNjb3BlIHZhbHVlcyBhbmQgJXgyMCBmb3Ig ZGVsaW1pdGVycyBiZXR3ZWVuIHNjb3BlIHZhbHVlcy4KCVZhbHVlcyBmb3IgdGhlIDx0dD5lcnJv cjwvdHQ+IGFuZCA8dHQ+ZXJyb3JfZGVzY3JpcHRpb248L3R0PiBhdHRyaWJ1dGVzIE1VU1QgTk9U IGluY2x1ZGUKCWNoYXJhY3RlcnMgb3V0c2lkZSB0aGUgc2V0ICV4MjAtMjEgLyAleDIzLTVCIC8g JXg1RC03RQoJc3BlY2lmaWVkIGluIFNlY3Rpb25zIEEuNyBhbmQgQS44IG9mIE9BdXRoIDIuMCBB dXRob3JpemF0aW9uLgoJVmFsdWVzIGZvciB0aGUgPHR0PmVycm9yX3VyaTwvdHQ+IGF0dHJpYnV0 ZQoJTVVTVCBjb25mb3JtIHRvIHRoZSBVUkktUmVmZXJlbmNlIHN5bnRheCwgYW5kIHRodXMgTVVT VCBOT1QgaW5jbHVkZQoJY2hhcmFjdGVycyBvdXRzaWRlIHRoZSBzZXQgJXgyMSAvICV4MjMtNUIg LyAleDVELTdFCglzcGVjaWZpZWQgaW4gU2VjdGlvbiBBLjkgb2YgT0F1dGggMi4wIEF1dGhvcml6 YXRpb24uCiAgICAgIAo8L3A+CjxwPgoJICBGb3IgZXhhbXBsZSwgaW4gcmVzcG9uc2UgdG8gYSBw cm90ZWN0ZWQgcmVzb3VyY2UgcmVxdWVzdCB3aXRob3V0IGF1dGhlbnRpY2F0aW9uOgoJCjwvcD48 ZGl2IHN0eWxlPSdkaXNwbGF5OiB0YWJsZTsgd2lkdGg6IDA7IG1hcmdpbi1sZWZ0OiAzZW07IG1h cmdpbi1yaWdodDogYXV0byc+PHByZT4KICBIVFRQLzEuMSA0MDEgVW5hdXRob3JpemVkCiAgV1dX LUF1dGhlbnRpY2F0ZTogQmVhcmVyIHJlYWxtPSJleGFtcGxlIgo8L3ByZT48L2Rpdj4KPHA+CiAg ICAgICAgICAgIEFuZCBpbiByZXNwb25zZSB0byBhIHByb3RlY3RlZCByZXNvdXJjZSByZXF1ZXN0 IHdpdGggYW4gYXV0aGVudGljYXRpb24gYXR0ZW1wdCB1c2luZyBhbgogICAgICAgICAgICBleHBp cmVkIGFjY2VzcyB0b2tlbjoKICAgICAgICAgIAo8L3A+PGRpdiBzdHlsZT0nZGlzcGxheTogdGFi bGU7IHdpZHRoOiAwOyBtYXJnaW4tbGVmdDogM2VtOyBtYXJnaW4tcmlnaHQ6IGF1dG8nPjxwcmU+ CiAgSFRUUC8xLjEgNDAxIFVuYXV0aG9yaXplZAogIFdXVy1BdXRoZW50aWNhdGU6IEJlYXJlciBy ZWFsbT0iZXhhbXBsZSIsCiAgICAgICAgICAgICAgICAgICAgZXJyb3I9ImludmFsaWRfdG9rZW4i LAogICAgICAgICAgICAgICAgICAgIGVycm9yX2Rlc2NyaXB0aW9uPSJUaGUgYWNjZXNzIHRva2Vu IGV4cGlyZWQiCjwvcHJlPjwvZGl2Pgo8YSBuYW1lPSJyZXNvdXJjZS1lcnJvci1jb2RlcyI+PC9h PjxiciAvPjxociAvPgo8dGFibGUgc3VtbWFyeT0ibGF5b3V0IiBjZWxscGFkZGluZz0iMCIgY2Vs bHNwYWNpbmc9IjIiIGNsYXNzPSJUT0NidWciIGFsaWduPSJyaWdodCI+PHRyPjx0ZCBjbGFzcz0i VE9DYnVnIj48YSBocmVmPSIjdG9jIj4mbmJzcDtUT0MmbmJzcDs8L2E+PC90ZD48L3RyPjwvdGFi bGU+CjxhIG5hbWU9InJmYy5zZWN0aW9uLjMuMSI+PC9hPjxoMz4zLjEuJm5ic3A7CkVycm9yIENv ZGVzPC9oMz4KCjxwPgoJICBXaGVuIGEgcmVxdWVzdCBmYWlscywgdGhlIHJlc291cmNlIHNlcnZl ciByZXNwb25kcyB1c2luZyB0aGUgYXBwcm9wcmlhdGUgSFRUUCBzdGF0dXMKCSAgY29kZSAodHlw aWNhbGx5LCA0MDAsIDQwMSwgNDAzLCBvciA0MDUpLAoJICBhbmQgaW5jbHVkZXMgb25lIG9mIHRo ZSBmb2xsb3dpbmcgZXJyb3IgY29kZXMgaW4KCSAgdGhlIHJlc3BvbnNlOgoKCSAgPC9wPgo8Ymxv Y2txdW90ZSBjbGFzcz0idGV4dCI+PGRsPgo8ZHQ+aW52YWxpZF9yZXF1ZXN0PC9kdD4KPGRkPgoJ ICAgICAgCgkgICAgICBUaGUgcmVxdWVzdCBpcyBtaXNzaW5nIGEgcmVxdWlyZWQgcGFyYW1ldGVy LCBpbmNsdWRlcyBhbiB1bnN1cHBvcnRlZCBwYXJhbWV0ZXIgb3IKCSAgICAgIHBhcmFtZXRlciB2 YWx1ZSwgcmVwZWF0cyB0aGUgc2FtZSBwYXJhbWV0ZXIsIHVzZXMgbW9yZSB0aGFuIG9uZSBtZXRo b2QgZm9yCgkgICAgICBpbmNsdWRpbmcgYW4gYWNjZXNzIHRva2VuLCBvciBpcyBvdGhlcndpc2Ug bWFsZm9ybWVkLiBUaGUgcmVzb3VyY2Ugc2VydmVyIFNIT1VMRAoJICAgICAgcmVzcG9uZCB3aXRo IHRoZSBIVFRQIDQwMCAoQmFkIFJlcXVlc3QpIHN0YXR1cyBjb2RlLgoJICAgIAo8L2RkPgo8ZHQ+ aW52YWxpZF90b2tlbjwvZHQ+CjxkZD4KCSAgICAgIAoJICAgICAgVGhlIGFjY2VzcyB0b2tlbiBw cm92aWRlZCBpcyBleHBpcmVkLCByZXZva2VkLCBtYWxmb3JtZWQsIG9yIGludmFsaWQgZm9yIG90 aGVyCgkgICAgICByZWFzb25zLiBUaGUgcmVzb3VyY2UgU0hPVUxEIHJlc3BvbmQgd2l0aCB0aGUg SFRUUCA0MDEgKFVuYXV0aG9yaXplZCkgc3RhdHVzCgkgICAgICBjb2RlLiBUaGUgY2xpZW50IE1B WSByZXF1ZXN0IGEgbmV3IGFjY2VzcyB0b2tlbiBhbmQgcmV0cnkgdGhlIHByb3RlY3RlZCByZXNv dXJjZQoJICAgICAgcmVxdWVzdC4KCSAgICAKPC9kZD4KPGR0Pmluc3VmZmljaWVudF9zY29wZTwv ZHQ+CjxkZD4KCSAgICAgIAoJICAgICAgVGhlIHJlcXVlc3QgcmVxdWlyZXMgaGlnaGVyIHByaXZp bGVnZXMgdGhhbiBwcm92aWRlZCBieSB0aGUgYWNjZXNzIHRva2VuLiBUaGUKCSAgICAgIHJlc291 cmNlIHNlcnZlciBTSE9VTEQgcmVzcG9uZCB3aXRoIHRoZSBIVFRQIDQwMyAoRm9yYmlkZGVuKSBz dGF0dXMgY29kZSBhbmQgTUFZCgkgICAgICBpbmNsdWRlIHRoZSA8dHQ+c2NvcGU8L3R0PiBhdHRy aWJ1dGUgd2l0aCB0aGUgc2NvcGUgbmVjZXNzYXJ5IHRvCgkgICAgICBhY2Nlc3MgdGhlIHByb3Rl Y3RlZCByZXNvdXJjZS4KCSAgICAKPC9kZD4KPC9kbD48L2Jsb2NrcXVvdGU+PHA+CgkKPC9wPgo8 cD4KCSAgSWYgdGhlIHJlcXVlc3QgbGFja3MgYW55IGF1dGhlbnRpY2F0aW9uIGluZm9ybWF0aW9u IChlLmcuLCB0aGUgY2xpZW50IHdhcyB1bmF3YXJlCgkgIGF1dGhlbnRpY2F0aW9uIGlzIG5lY2Vz c2FyeSBvciBhdHRlbXB0ZWQgdXNpbmcgYW4gdW5zdXBwb3J0ZWQgYXV0aGVudGljYXRpb24gbWV0 aG9kKSwKCSAgdGhlIHJlc291cmNlIHNlcnZlciBTSE9VTEQgTk9UIGluY2x1ZGUgYW4gZXJyb3Ig Y29kZSBvciBvdGhlciBlcnJvciBpbmZvcm1hdGlvbi4KCQo8L3A+CjxwPgoJICAgIEZvciBleGFt cGxlOgoJICAKPC9wPjxkaXYgc3R5bGU9J2Rpc3BsYXk6IHRhYmxlOyB3aWR0aDogMDsgbWFyZ2lu LWxlZnQ6IDNlbTsgbWFyZ2luLXJpZ2h0OiBhdXRvJz48cHJlPgogIEhUVFAvMS4xIDQwMSBVbmF1 dGhvcml6ZWQKICBXV1ctQXV0aGVudGljYXRlOiBCZWFyZXIgcmVhbG09ImV4YW1wbGUiCjwvcHJl PjwvZGl2Pgo8YSBuYW1lPSJFeEFjY1Rva1Jlc3AiPjwvYT48YnIgLz48aHIgLz4KPHRhYmxlIHN1 bW1hcnk9ImxheW91dCIgY2VsbHBhZGRpbmc9IjAiIGNlbGxzcGFjaW5nPSIyIiBjbGFzcz0iVE9D YnVnIiBhbGlnbj0icmlnaHQiPjx0cj48dGQgY2xhc3M9IlRPQ2J1ZyI+PGEgaHJlZj0iI3RvYyI+ Jm5ic3A7VE9DJm5ic3A7PC9hPjwvdGQ+PC90cj48L3RhYmxlPgo8YSBuYW1lPSJyZmMuc2VjdGlv bi40Ij48L2E+PGgzPjQuJm5ic3A7CkV4YW1wbGUgQWNjZXNzIFRva2VuIFJlc3BvbnNlPC9oMz4K CjxwPgoJVHlwaWNhbGx5IGEgYmVhcmVyIHRva2VuIGlzIHJldHVybmVkIHRvIHRoZSBjbGllbnQg YXMgcGFydCBvZgoJYW4gT0F1dGggMi4wIDxhIGNsYXNzPSdpbmZvJyBocmVmPScjSS1ELmlldGYt b2F1dGgtdjInPltJJiM4MjA5O0QuaWV0ZiYjODIwOTtvYXV0aCYjODIwOTt2Ml08c3Bhbj4gKDwv c3Bhbj48c3BhbiBjbGFzcz0naW5mbyc+SGFyZHQsIEQuIGFuZCBELiBSZWNvcmRvbiwgJmxkcXVv O1RoZSBPQXV0aCAyLjAgQXV0aG9yaXphdGlvbiBGcmFtZXdvcmssJnJkcXVvOyBKdWx5Jm5ic3A7 MjAxMi48L3NwYW4+PHNwYW4+KTwvc3Bhbj48L2E+IGFjY2VzcyB0b2tlbgoJcmVzcG9uc2UuICBB biBleGFtcGxlIG9mIHN1Y2ggYSByZXNwb25zZSBpczoKICAgICAgCjwvcD48ZGl2IHN0eWxlPSdk aXNwbGF5OiB0YWJsZTsgd2lkdGg6IDA7IG1hcmdpbi1sZWZ0OiAzZW07IG1hcmdpbi1yaWdodDog YXV0byc+PHByZT4KICBIVFRQLzEuMSAyMDAgT0sKICBDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9u L2pzb247Y2hhcnNldD1VVEYtOAogIENhY2hlLUNvbnRyb2w6IG5vLXN0b3JlCiAgUHJhZ21hOiBu by1jYWNoZQoKICB7CiAgICAiYWNjZXNzX3Rva2VuIjoibUZfOS5CNWYtNC4xSnFNIiwKICAgICJ0 b2tlbl90eXBlIjoiQmVhcmVyIiwKICAgICJleHBpcmVzX2luIjozNjAwLAogICAgInJlZnJlc2hf dG9rZW4iOiJ0R3p2M0pPa0YwWEc1UXgyVGxLV0lBIgogIH0KPC9wcmU+PC9kaXY+CjxhIG5hbWU9 InNlYy1jb24iPjwvYT48YnIgLz48aHIgLz4KPHRhYmxlIHN1bW1hcnk9ImxheW91dCIgY2VsbHBh ZGRpbmc9IjAiIGNlbGxzcGFjaW5nPSIyIiBjbGFzcz0iVE9DYnVnIiBhbGlnbj0icmlnaHQiPjx0 cj48dGQgY2xhc3M9IlRPQ2J1ZyI+PGEgaHJlZj0iI3RvYyI+Jm5ic3A7VE9DJm5ic3A7PC9hPjwv dGQ+PC90cj48L3RhYmxlPgo8YSBuYW1lPSJyZmMuc2VjdGlvbi41Ij48L2E+PGgzPjUuJm5ic3A7 ClNlY3VyaXR5IENvbnNpZGVyYXRpb25zPC9oMz4KCjxwPgoJVGhpcyBzZWN0aW9uIGRlc2NyaWJl cyB0aGUgcmVsZXZhbnQgc2VjdXJpdHkgdGhyZWF0cyByZWdhcmRpbmcKCXRva2VuIGhhbmRsaW5n IHdoZW4gdXNpbmcgYmVhcmVyIHRva2VucyBhbmQgZGVzY3JpYmVzIGhvdyB0bwoJbWl0aWdhdGUg dGhlc2UgdGhyZWF0cy4KICAgICAgCjwvcD4KPGEgbmFtZT0idGhyZWF0cyI+PC9hPjxiciAvPjxo ciAvPgo8dGFibGUgc3VtbWFyeT0ibGF5b3V0IiBjZWxscGFkZGluZz0iMCIgY2VsbHNwYWNpbmc9 IjIiIGNsYXNzPSJUT0NidWciIGFsaWduPSJyaWdodCI+PHRyPjx0ZCBjbGFzcz0iVE9DYnVnIj48 YSBocmVmPSIjdG9jIj4mbmJzcDtUT0MmbmJzcDs8L2E+PC90ZD48L3RyPjwvdGFibGU+CjxhIG5h bWU9InJmYy5zZWN0aW9uLjUuMSI+PC9hPjxoMz41LjEuJm5ic3A7ClNlY3VyaXR5IFRocmVhdHM8 L2gzPgoKPHA+CgkgIFRoZSBmb2xsb3dpbmcgbGlzdCBwcmVzZW50cyBzZXZlcmFsIGNvbW1vbiB0 aHJlYXRzIGFnYWluc3QKCSAgcHJvdG9jb2xzIHV0aWxpemluZyBzb21lIGZvcm0gb2YgdG9rZW5z LiBUaGlzIGxpc3Qgb2YKCSAgdGhyZWF0cyBpcyBiYXNlZCBvbgoJICBOSVNUIFNwZWNpYWwgUHVi bGljYXRpb24gODAwLTYzIDxhIGNsYXNzPSdpbmZvJyBocmVmPScjTklTVDgwMC02Myc+W05JU1Q4 MDAmIzgyMDk7NjNdPHNwYW4+ICg8L3NwYW4+PHNwYW4gY2xhc3M9J2luZm8nPkJ1cnIsIFcuLCBE b2Rzb24sIEQuLCBQZXJsbmVyLCBSLiwgUG9saywgVC4sIEd1cHRhLCBTLiwgYW5kIEUuIE5hYmJ1 cywgJmxkcXVvO05JU1QgU3BlY2lhbCBQdWJsaWNhdGlvbiA4MDAtNjMtMSwgSU5GT1JNQVRJT04g U0VDVVJJVFksJnJkcXVvOyBEZWNlbWJlciZuYnNwOzIwMDguPC9zcGFuPjxzcGFuPik8L3NwYW4+ PC9hPi4KCSAgU2luY2UgdGhpcyBkb2N1bWVudCBidWlsZHMgb24gdGhlCgkgIE9BdXRoIDIuMCBB dXRob3JpemF0aW9uIHNwZWNpZmljYXRpb24sIHdlIGV4Y2x1ZGUgYSBkaXNjdXNzaW9uIG9mIHRo cmVhdHMKCSAgdGhhdCBhcmUgZGVzY3JpYmVkIHRoZXJlIG9yIGluIHJlbGF0ZWQgZG9jdW1lbnRz LgoJCjwvcD4KPHA+CgkgIDwvcD4KPGJsb2NrcXVvdGUgY2xhc3M9InRleHQiPjxkbD4KPGR0PlRv a2VuIG1hbnVmYWN0dXJlL21vZGlmaWNhdGlvbjo8L2R0Pgo8ZGQ+CgkgICAgICBBbiBhdHRhY2tl ciBtYXkgZ2VuZXJhdGUgYSBib2d1cyB0b2tlbiBvciBtb2RpZnkgdGhlCgkgICAgICB0b2tlbiBj b250ZW50cyAoc3VjaCBhcyB0aGUgYXV0aGVudGljYXRpb24gb3IgYXR0cmlidXRlCgkgICAgICBz dGF0ZW1lbnRzKSBvZiBhbiBleGlzdGluZyB0b2tlbiwgY2F1c2luZyB0aGUgcmVzb3VyY2UKCSAg ICAgIHNlcnZlciB0byBncmFudCBpbmFwcHJvcHJpYXRlIGFjY2VzcyB0byB0aGUgY2xpZW50LgoJ ICAgICAgRm9yIGV4YW1wbGUsIGFuIGF0dGFja2VyIG1heSBtb2RpZnkgdGhlIHRva2VuIHRvIGV4 dGVuZAoJICAgICAgdGhlIHZhbGlkaXR5IHBlcmlvZDsgYSBtYWxpY2lvdXMgY2xpZW50IG1heSBt b2RpZnkgdGhlCgkgICAgICBhc3NlcnRpb24gdG8gZ2FpbiBhY2Nlc3MgdG8gaW5mb3JtYXRpb24g dGhhdCB0aGV5CgkgICAgICBzaG91bGQgbm90IGJlIGFibGUgdG8gdmlldy4KCSAgICAKPC9kZD4K PGR0PlRva2VuIGRpc2Nsb3N1cmU6PC9kdD4KPGRkPgoJICAgICAgVG9rZW5zIG1heSBjb250YWlu IGF1dGhlbnRpY2F0aW9uIGFuZCBhdHRyaWJ1dGUKCSAgICAgIHN0YXRlbWVudHMgdGhhdCBpbmNs dWRlIHNlbnNpdGl2ZSBpbmZvcm1hdGlvbi4KCSAgICAKPC9kZD4KPGR0PlRva2VuIHJlZGlyZWN0 OjwvZHQ+CjxkZD4KCSAgICAgIEFuIGF0dGFja2VyIHVzZXMgYSB0b2tlbiBnZW5lcmF0ZWQgZm9y IGNvbnN1bXB0aW9uIGJ5IAoJICAgICAgb25lIHJlc291cmNlIHNlcnZlciB0byBnYWluIGFjY2Vz cyB0byBhIGRpZmZlcmVudAoJICAgICAgcmVzb3VyY2Ugc2VydmVyIHRoYXQgbWlzdGFrZW5seSBi ZWxpZXZlcyB0aGUgdG9rZW4gdG8gYmUKCSAgICAgIGZvciBpdC4KCSAgICAKPC9kZD4KPGR0PlRv a2VuIHJlcGxheTo8L2R0Pgo8ZGQ+CgkgICAgICBBbiBhdHRhY2tlciBhdHRlbXB0cyB0byB1c2Ug YSB0b2tlbiB0aGF0IGhhcyBhbHJlYWR5CgkgICAgICBiZWVuIHVzZWQgd2l0aCB0aGF0IHJlc291 cmNlIHNlcnZlciBpbiB0aGUgcGFzdC4KCSAgICAKPC9kZD4KPC9kbD48L2Jsb2NrcXVvdGU+PHA+ IAoJCjwvcD4KPGEgbmFtZT0ibWl0aWdhdGlvbiI+PC9hPjxiciAvPjxociAvPgo8dGFibGUgc3Vt bWFyeT0ibGF5b3V0IiBjZWxscGFkZGluZz0iMCIgY2VsbHNwYWNpbmc9IjIiIGNsYXNzPSJUT0Ni dWciIGFsaWduPSJyaWdodCI+PHRyPjx0ZCBjbGFzcz0iVE9DYnVnIj48YSBocmVmPSIjdG9jIj4m bmJzcDtUT0MmbmJzcDs8L2E+PC90ZD48L3RyPjwvdGFibGU+CjxhIG5hbWU9InJmYy5zZWN0aW9u LjUuMiI+PC9hPjxoMz41LjIuJm5ic3A7ClRocmVhdCBNaXRpZ2F0aW9uPC9oMz4KCjxwPgoJICBB IGxhcmdlIHJhbmdlIG9mIHRocmVhdHMgY2FuIGJlIG1pdGlnYXRlZCBieSBwcm90ZWN0aW5nIHRo ZQoJICBjb250ZW50cyBvZiB0aGUgdG9rZW4gYnkgdXNpbmcgYSBkaWdpdGFsIHNpZ25hdHVyZSBv ciBhCgkgIE1lc3NhZ2UgQXV0aGVudGljYXRpb24gQ29kZSAoTUFDKS4KCSAgQWx0ZXJuYXRpdmVs eSwgYSBiZWFyZXIgdG9rZW4gY2FuIGNvbnRhaW4gYSByZWZlcmVuY2UgdG8KCSAgYXV0aG9yaXph dGlvbiBpbmZvcm1hdGlvbiwgcmF0aGVyIHRoYW4gZW5jb2RpbmcgdGhlCgkgIGluZm9ybWF0aW9u IGRpcmVjdGx5LiBTdWNoIHJlZmVyZW5jZXMgTVVTVCBiZSBpbmZlYXNpYmxlIGZvcgoJICBhbiBh dHRhY2tlciB0byBndWVzczsgdXNpbmcgYSByZWZlcmVuY2UgbWF5IHJlcXVpcmUgYW4gZXh0cmEK CSAgaW50ZXJhY3Rpb24gYmV0d2VlbiBhIHNlcnZlciBhbmQgdGhlIHRva2VuIGlzc3VlciB0byBy ZXNvbHZlCgkgIHRoZSByZWZlcmVuY2UgdG8gdGhlIGF1dGhvcml6YXRpb24gaW5mb3JtYXRpb24u CgkgIFRoZSBtZWNoYW5pY3Mgb2Ygc3VjaCBhbiBpbnRlcmFjdGlvbiBhcmUgbm90IGRlZmluZWQg YnkgdGhpcwoJICBzcGVjaWZpY2F0aW9uLgoJCjwvcD4KPHA+CgkgIFRoaXMgZG9jdW1lbnQgZG9l cyBub3Qgc3BlY2lmeSB0aGUgZW5jb2Rpbmcgb3IgdGhlIGNvbnRlbnRzCgkgIG9mIHRoZSB0b2tl bjsgaGVuY2UgZGV0YWlsZWQgcmVjb21tZW5kYXRpb25zIGFib3V0IHRoZSBtZWFucwoJICBvZiBn dWFyYW50ZWVpbmcgdG9rZW4gaW50ZWdyaXR5IHByb3RlY3Rpb24gYXJlIG91dHNpZGUgdGhlCgkg IHNjb3BlIG9mIHRoaXMgZG9jdW1lbnQuICBUaGUgdG9rZW4gaW50ZWdyaXR5IHByb3RlY3Rpb24g TVVTVAoJICBiZSBzdWZmaWNpZW50IHRvIHByZXZlbnQgdGhlIHRva2VuIGZyb20gYmVpbmcgbW9k aWZpZWQuCgkKPC9wPgo8cD4KCSAgVG8gZGVhbCB3aXRoIHRva2VuIHJlZGlyZWN0LCBpdCBpcyBp bXBvcnRhbnQgZm9yIHRoZQoJICBhdXRob3JpemF0aW9uIHNlcnZlciB0byBpbmNsdWRlIHRoZSBp ZGVudGl0eSBvZiB0aGUgaW50ZW5kZWQKCSAgcmVjaXBpZW50cyAodGhlIGF1ZGllbmNlKSwgdHlw aWNhbGx5IGEgc2luZ2xlIHJlc291cmNlCgkgIHNlcnZlciAob3IgYSBsaXN0IG9mIHJlc291cmNl IHNlcnZlcnMpLCBpbiB0aGUgdG9rZW4uCgkgIFJlc3RyaWN0aW5nIHRoZSB1c2Ugb2YgdGhlIHRv a2VuIHRvIGEgc3BlY2lmaWMgc2NvcGUgaXMgYWxzbwoJICBSRUNPTU1FTkRFRC4KCQo8L3A+Cjxw PgoJICBUaGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgTVVTVCBpbXBsZW1lbnQgVExTLgoJICBXaGlj aCB2ZXJzaW9uKHMpIG91Z2h0IHRvIGJlIGltcGxlbWVudGVkIHdpbGwgdmFyeSBvdmVyCgkgIHRp bWUsIGFuZCBkZXBlbmQgb24gdGhlIHdpZGVzcHJlYWQgZGVwbG95bWVudCBhbmQga25vd24KCSAg c2VjdXJpdHkgdnVsbmVyYWJpbGl0aWVzIGF0IHRoZSB0aW1lIG9mIGltcGxlbWVudGF0aW9uLgoJ ICBBdCB0aGUgdGltZSBvZiB0aGlzIHdyaXRpbmcsCgkgIFRMUyB2ZXJzaW9uIDEuMiA8YSBjbGFz cz0naW5mbycgaHJlZj0nI1JGQzUyNDYnPltSRkM1MjQ2XTxzcGFuPiAoPC9zcGFuPjxzcGFuIGNs YXNzPSdpbmZvJz5EaWVya3MsIFQuIGFuZCBFLiBSZXNjb3JsYSwgJmxkcXVvO1RoZSBUcmFuc3Bv cnQgTGF5ZXIgU2VjdXJpdHkgKFRMUykgUHJvdG9jb2wgVmVyc2lvbiAxLjIsJnJkcXVvOyBBdWd1 c3QmbmJzcDsyMDA4Ljwvc3Bhbj48c3Bhbj4pPC9zcGFuPjwvYT4KCSAgaXMgdGhlIG1vc3QgcmVj ZW50IHZlcnNpb24sIGJ1dCBoYXMgdmVyeSBsaW1pdGVkIGFjdHVhbAoJICBkZXBsb3ltZW50LCBh bmQgbWlnaHQgbm90IGJlIHJlYWRpbHkgYXZhaWxhYmxlIGluCgkgIGltcGxlbWVudGF0aW9uIHRv b2xraXRzLgoJICBUTFMgdmVyc2lvbiAxLjAgPGEgY2xhc3M9J2luZm8nIGhyZWY9JyNSRkMyMjQ2 Jz5bUkZDMjI0Nl08c3Bhbj4gKDwvc3Bhbj48c3BhbiBjbGFzcz0naW5mbyc+RGllcmtzLCBULiBh bmQgQy4gQWxsZW4sICZsZHF1bztUaGUgVExTIFByb3RvY29sIFZlcnNpb24gMS4wLCZyZHF1bzsg SmFudWFyeSZuYnNwOzE5OTkuPC9zcGFuPjxzcGFuPik8L3NwYW4+PC9hPgoJICBpcyB0aGUgbW9z dCB3aWRlbHkgZGVwbG95ZWQgdmVyc2lvbiwgYW5kIHdpbGwgZ2l2ZSB0aGUKCSAgYnJvYWRlc3Qg aW50ZXJvcGVyYWJpbGl0eS4KCQo8L3A+CjxwPgoJICBUbyBwcm90ZWN0IGFnYWluc3QgdG9rZW4g ZGlzY2xvc3VyZSwgY29uZmlkZW50aWFsaXR5CgkgIHByb3RlY3Rpb24gTVVTVCBiZSBhcHBsaWVk IHVzaW5nCgkgIFRMUyA8YSBjbGFzcz0naW5mbycgaHJlZj0nI1JGQzUyNDYnPltSRkM1MjQ2XTxz cGFuPiAoPC9zcGFuPjxzcGFuIGNsYXNzPSdpbmZvJz5EaWVya3MsIFQuIGFuZCBFLiBSZXNjb3Js YSwgJmxkcXVvO1RoZSBUcmFuc3BvcnQgTGF5ZXIgU2VjdXJpdHkgKFRMUykgUHJvdG9jb2wgVmVy c2lvbiAxLjIsJnJkcXVvOyBBdWd1c3QmbmJzcDsyMDA4Ljwvc3Bhbj48c3Bhbj4pPC9zcGFuPjwv YT4KCSAgd2l0aCBhIGNpcGhlcnN1aXRlIHRoYXQgcHJvdmlkZXMgY29uZmlkZW50aWFsaXR5IGFu ZAoJICBpbnRlZ3JpdHkgcHJvdGVjdGlvbi4gIFRoaXMKCSAgcmVxdWlyZXMgdGhhdCB0aGUgY29t bXVuaWNhdGlvbiBpbnRlcmFjdGlvbiBiZXR3ZWVuIHRoZQoJICBjbGllbnQgYW5kIHRoZSBhdXRo b3JpemF0aW9uIHNlcnZlciwgYXMgd2VsbCBhcyB0aGUKCSAgaW50ZXJhY3Rpb24gYmV0d2VlbiB0 aGUgY2xpZW50IGFuZCB0aGUgcmVzb3VyY2Ugc2VydmVyLAoJICB1dGlsaXplIGNvbmZpZGVudGlh bGl0eSBhbmQgaW50ZWdyaXR5IHByb3RlY3Rpb24uCgkgIFNpbmNlIFRMUyBpcyBtYW5kYXRvcnkg dG8KCSAgaW1wbGVtZW50IGFuZCB0byB1c2Ugd2l0aCB0aGlzIHNwZWNpZmljYXRpb24sIGl0IGlz IHRoZQoJICBwcmVmZXJyZWQgYXBwcm9hY2ggZm9yIHByZXZlbnRpbmcgdG9rZW4gZGlzY2xvc3Vy ZSB2aWEgdGhlCgkgIGNvbW11bmljYXRpb24gY2hhbm5lbC4gRm9yIHRob3NlIGNhc2VzIHdoZXJl IHRoZSBjbGllbnQKCSAgaXMgcHJldmVudGVkIGZyb20gb2JzZXJ2aW5nIHRoZSBjb250ZW50cyBv ZiB0aGUgdG9rZW4sIHRva2VuCgkgIGVuY3J5cHRpb24gTVVTVCBiZSBhcHBsaWVkIGluIGFkZGl0 aW9uIHRvIHRoZSB1c2FnZSBvZiBUTFMKCSAgcHJvdGVjdGlvbi4KCSAgQXMgYSBmdXJ0aGVyIGRl ZmVuc2UgYWdhaW5zdCB0b2tlbiBkaXNjbG9zdXJlLCB0aGUgY2xpZW50CgkgIE1VU1QgdmFsaWRh dGUgdGhlIFRMUyBjZXJ0aWZpY2F0ZSBjaGFpbiB3aGVuIG1ha2luZyByZXF1ZXN0cwoJICB0byBw cm90ZWN0ZWQgcmVzb3VyY2VzLCBpbmNsdWRpbmcgY2hlY2tpbmcgdGhlCgkgIENlcnRpZmljYXRl IFJldm9jYXRpb24gTGlzdCAoQ1JMKSA8YSBjbGFzcz0naW5mbycgaHJlZj0nI1JGQzUyODAnPltS RkM1MjgwXTxzcGFuPiAoPC9zcGFuPjxzcGFuIGNsYXNzPSdpbmZvJz5Db29wZXIsIEQuLCBTYW50 ZXNzb24sIFMuLCBGYXJyZWxsLCBTLiwgQm9leWVuLCBTLiwgSG91c2xleSwgUi4sIGFuZCBXLiBQ b2xrLCAmbGRxdW87SW50ZXJuZXQgWC41MDkgUHVibGljIEtleSBJbmZyYXN0cnVjdHVyZSBDZXJ0 aWZpY2F0ZSBhbmQgQ2VydGlmaWNhdGUgUmV2b2NhdGlvbiBMaXN0IChDUkwpIFByb2ZpbGUsJnJk cXVvOyBNYXkmbmJzcDsyMDA4Ljwvc3Bhbj48c3Bhbj4pPC9zcGFuPjwvYT4uCgkKPC9wPgo8cD4K CSAgQ29va2llcyBhcmUgdHlwaWNhbGx5IHRyYW5zbWl0dGVkIGluIHRoZSBjbGVhci4gIFRodXMs IGFueQoJICBpbmZvcm1hdGlvbiBjb250YWluZWQgaW4gdGhlbSBpcyBhdCByaXNrIG9mIGRpc2Ns b3N1cmUuCgkgIFRoZXJlZm9yZSwgYmVhcmVyIHRva2VucyBNVVNUIE5PVCBiZSBzdG9yZWQgaW4g Y29va2llcyB0aGF0CgkgIGNhbiBiZSBzZW50IGluIHRoZSBjbGVhci4KCSAgU2VlIEhUVFAgU3Rh dGUgTWFuYWdlbWVudCBNZWNoYW5pc20gPGEgY2xhc3M9J2luZm8nIGhyZWY9JyNSRkM2MjY1Jz5b UkZDNjI2NV08c3Bhbj4gKDwvc3Bhbj48c3BhbiBjbGFzcz0naW5mbyc+QmFydGgsIEEuLCAmbGRx dW87SFRUUCBTdGF0ZSBNYW5hZ2VtZW50IE1lY2hhbmlzbSwmcmRxdW87IEFwcmlsJm5ic3A7MjAx MS48L3NwYW4+PHNwYW4+KTwvc3Bhbj48L2E+CgkgIGZvciBzZWN1cml0eSBjb25zaWRlcmF0aW9u cyBhYm91dCBjb29raWVzLgoJCjwvcD4KPHA+CgkgIEluIHNvbWUgZGVwbG95bWVudHMsIGluY2x1 ZGluZyB0aG9zZSB1dGlsaXppbmcgbG9hZAoJICBiYWxhbmNlcnMsIHRoZSBUTFMgY29ubmVjdGlv biB0byB0aGUgcmVzb3VyY2Ugc2VydmVyCgkgIHRlcm1pbmF0ZXMgcHJpb3IgdG8gdGhlIGFjdHVh bCBzZXJ2ZXIgdGhhdCBwcm92aWRlcyB0aGUKCSAgcmVzb3VyY2UuICBUaGlzIGNvdWxkIGxlYXZl IHRoZSB0b2tlbiB1bnByb3RlY3RlZCBiZXR3ZWVuCgkgIHRoZSBmcm9udCBlbmQgc2VydmVyIHdo ZXJlIHRoZSBUTFMgY29ubmVjdGlvbiB0ZXJtaW5hdGVzIGFuZAoJICB0aGUgYmFjayBlbmQgc2Vy dmVyIHRoYXQgcHJvdmlkZXMgdGhlIHJlc291cmNlLiAgSW4gc3VjaAoJICBkZXBsb3ltZW50cywg c3VmZmljaWVudCBtZWFzdXJlcyBNVVNUIGJlIGVtcGxveWVkIHRvIGVuc3VyZQoJICBjb25maWRl bnRpYWxpdHkgb2YgdGhlIHRva2VuIGJldHdlZW4gdGhlIGZyb250IGVuZCBhbmQKCSAgYmFjayBl bmQgc2VydmVyczsgZW5jcnlwdGlvbiBvZiB0aGUgdG9rZW4gaXMgb25lIHBvc3NpYmxlCgkgIHN1 Y2ggbWVhc3VyZS4KCQo8L3A+CjxwPgoJICBUbyBkZWFsIHdpdGggdG9rZW4gY2FwdHVyZSBhbmQg cmVwbGF5LAoJICB0aGUgZm9sbG93aW5nIHJlY29tbWVuZGF0aW9ucyBhcmUKCSAgbWFkZTogRmly c3QsIHRoZSBsaWZldGltZSBvZiB0aGUgdG9rZW4gTVVTVCBiZSBsaW1pdGVkOwoJICBvbmUgbWVh bnMgb2YgYWNoaWV2aW5nIHRoaXMgaXMgYnkKCSAgcHV0dGluZyBhIHZhbGlkaXR5IHRpbWUgZmll bGQgaW5zaWRlIHRoZSBwcm90ZWN0ZWQgcGFydCBvZgoJICB0aGUgdG9rZW4uICBOb3RlIHRoYXQg dXNpbmcgc2hvcnQtbGl2ZWQgKG9uZSBob3VyIG9yIGxlc3MpCgkgIHRva2VucyByZWR1Y2VzIHRo ZSBpbXBhY3Qgb2YgdGhlbSBiZWluZwoJICBsZWFrZWQuICBTZWNvbmQsIGNvbmZpZGVudGlhbGl0 eSBwcm90ZWN0aW9uIG9mIHRoZSBleGNoYW5nZXMKCSAgYmV0d2VlbiB0aGUgY2xpZW50IGFuZCB0 aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgYW5kIGJldHdlZW4KCSAgdGhlIGNsaWVudCBhbmQgdGhl IHJlc291cmNlIHNlcnZlciBNVVNUIGJlIGFwcGxpZWQuCgkgIEFzIGEKCSAgY29uc2VxdWVuY2Us IG5vIGVhdmVzZHJvcHBlciBhbG9uZyB0aGUgY29tbXVuaWNhdGlvbiBwYXRoIGlzCgkgIGFibGUg dG8gb2JzZXJ2ZSB0aGUgdG9rZW4gZXhjaGFuZ2UuIENvbnNlcXVlbnRseSwgc3VjaCBhbgoJICBv bi1wYXRoIGFkdmVyc2FyeSBjYW5ub3QgcmVwbGF5IHRoZSB0b2tlbi4KCSAgRnVydGhlcm1vcmUs IHdoZW4KCSAgcHJlc2VudGluZyB0aGUgdG9rZW4gdG8gYSByZXNvdXJjZSBzZXJ2ZXIsIHRoZSBj bGllbnQgTVVTVAoJICB2ZXJpZnkgdGhlIGlkZW50aXR5IG9mIHRoYXQgcmVzb3VyY2Ugc2VydmVy LCBhcyBwZXIKCSAgU2VjdGlvbiAzLjEgb2YgSFRUUCBPdmVyIFRMUyA8YSBjbGFzcz0naW5mbycg aHJlZj0nI1JGQzI4MTgnPltSRkMyODE4XTxzcGFuPiAoPC9zcGFuPjxzcGFuIGNsYXNzPSdpbmZv Jz5SZXNjb3JsYSwgRS4sICZsZHF1bztIVFRQIE92ZXIgVExTLCZyZHF1bzsgTWF5Jm5ic3A7MjAw MC48L3NwYW4+PHNwYW4+KTwvc3Bhbj48L2E+LgoJICBOb3RlIHRoYXQgdGhlCgkgIGNsaWVudCBN VVNUIHZhbGlkYXRlIHRoZSBUTFMgY2VydGlmaWNhdGUgY2hhaW4gd2hlbiBtYWtpbmcKCSAgdGhl c2UgcmVxdWVzdHMgdG8gcHJvdGVjdGVkIHJlc291cmNlcy4gIFByZXNlbnRpbmcgdGhlIHRva2Vu CgkgIHRvIGFuIHVuYXV0aGVudGljYXRlZCBhbmQgdW5hdXRob3JpemVkIHJlc291cmNlIHNlcnZl ciBvcgoJICBmYWlsaW5nIHRvIHZhbGlkYXRlIHRoZSBjZXJ0aWZpY2F0ZSBjaGFpbiB3aWxsIGFs bG93CgkgIGFkdmVyc2FyaWVzIHRvIHN0ZWFsIHRoZSB0b2tlbiBhbmQgZ2FpbiB1bmF1dGhvcml6 ZWQgYWNjZXNzCgkgIHRvIHByb3RlY3RlZCByZXNvdXJjZXMuCgkKPC9wPgo8YSBuYW1lPSJhbmNo b3I2Ij48L2E+PGJyIC8+PGhyIC8+Cjx0YWJsZSBzdW1tYXJ5PSJsYXlvdXQiIGNlbGxwYWRkaW5n PSIwIiBjZWxsc3BhY2luZz0iMiIgY2xhc3M9IlRPQ2J1ZyIgYWxpZ249InJpZ2h0Ij48dHI+PHRk IGNsYXNzPSJUT0NidWciPjxhIGhyZWY9IiN0b2MiPiZuYnNwO1RPQyZuYnNwOzwvYT48L3RkPjwv dHI+PC90YWJsZT4KPGEgbmFtZT0icmZjLnNlY3Rpb24uNS4zIj48L2E+PGgzPjUuMy4mbmJzcDsK U3VtbWFyeSBvZiBSZWNvbW1lbmRhdGlvbnM8L2gzPgoKPHA+CgkgIDwvcD4KPGJsb2NrcXVvdGUg Y2xhc3M9InRleHQiPjxkbD4KPGR0PlNhZmVndWFyZCBiZWFyZXIgdG9rZW5zOjwvZHQ+CjxkZD4K CSAgICAgIENsaWVudCBpbXBsZW1lbnRhdGlvbnMgTVVTVCBlbnN1cmUgdGhhdCBiZWFyZXIgdG9r ZW5zCgkgICAgICBhcmUgbm90IGxlYWtlZCB0byB1bmludGVuZGVkIHBhcnRpZXMsIGFzIHRoZXkg d2lsbCBiZQoJICAgICAgYWJsZSB0byB1c2UgdGhlbSB0byBnYWluIGFjY2VzcyB0byBwcm90ZWN0 ZWQgcmVzb3VyY2VzLgoJICAgICAgVGhpcyBpcyB0aGUgcHJpbWFyeSBzZWN1cml0eSBjb25zaWRl cmF0aW9uIHdoZW4gdXNpbmcKCSAgICAgIGJlYXJlciB0b2tlbnMgYW5kIHVuZGVybGllcyBhbGwg dGhlIG1vcmUKCSAgICAgIHNwZWNpZmljIHJlY29tbWVuZGF0aW9ucyB0aGF0IGZvbGxvdy4KCSAg ICAKPC9kZD4KPGR0PlZhbGlkYXRlIFRMUyBjZXJ0aWZpY2F0ZSBjaGFpbnM6PC9kdD4KPGRkPgoJ ICAgICAgVGhlIGNsaWVudCBNVVNUIHZhbGlkYXRlIHRoZSBUTFMgY2VydGlmaWNhdGUgY2hhaW4g d2hlbgoJICAgICAgbWFraW5nIHJlcXVlc3RzIHRvIHByb3RlY3RlZCByZXNvdXJjZXMuICBGYWls aW5nIHRvIGRvCgkgICAgICBzbyBtYXkgZW5hYmxlIEROUyBoaWphY2tpbmcgYXR0YWNrcyB0byBz dGVhbCB0aGUgdG9rZW4KCSAgICAgIGFuZCBnYWluIHVuaW50ZW5kZWQgYWNjZXNzLgoJICAgIAo8 L2RkPgo8ZHQ+QWx3YXlzIHVzZSBUTFMgKGh0dHBzKTo8L2R0Pgo8ZGQ+CgkgICAgICBDbGllbnRz IE1VU1QgYWx3YXlzIHVzZQoJICAgICAgVExTIDxhIGNsYXNzPSdpbmZvJyBocmVmPScjUkZDNTI0 Nic+W1JGQzUyNDZdPHNwYW4+ICg8L3NwYW4+PHNwYW4gY2xhc3M9J2luZm8nPkRpZXJrcywgVC4g YW5kIEUuIFJlc2NvcmxhLCAmbGRxdW87VGhlIFRyYW5zcG9ydCBMYXllciBTZWN1cml0eSAoVExT KSBQcm90b2NvbCBWZXJzaW9uIDEuMiwmcmRxdW87IEF1Z3VzdCZuYnNwOzIwMDguPC9zcGFuPjxz cGFuPik8L3NwYW4+PC9hPgoJICAgICAgKGh0dHBzKSBvciBlcXVpdmFsZW50IHRyYW5zcG9ydCBz ZWN1cml0eSB3aGVuIG1ha2luZyByZXF1ZXN0cwoJICAgICAgd2l0aCBiZWFyZXIgdG9rZW5zLiAg RmFpbGluZyB0byBkbyBzbyBleHBvc2VzIHRoZSB0b2tlbgoJICAgICAgdG8gbnVtZXJvdXMgYXR0 YWNrcyB0aGF0IGNvdWxkIGdpdmUgYXR0YWNrZXJzIHVuaW50ZW5kZWQKCSAgICAgIGFjY2Vzcy4K CSAgICAKPC9kZD4KPGR0PkRvbid0IHN0b3JlIGJlYXJlciB0b2tlbnMgaW4gY29va2llczo8L2R0 Pgo8ZGQ+CgkgICAgICBJbXBsZW1lbnRhdGlvbnMgTVVTVCBOT1Qgc3RvcmUgYmVhcmVyIHRva2Vu cyB3aXRoaW4KCSAgICAgIGNvb2tpZXMgdGhhdCBjYW4gYmUgc2VudCBpbiB0aGUgY2xlYXIgKHdo aWNoIGlzIHRoZQoJICAgICAgZGVmYXVsdCB0cmFuc21pc3Npb24gbW9kZSBmb3IgY29va2llcyku CgkgICAgICBJbXBsZW1lbnRhdGlvbnMgdGhhdCBkbyBzdG9yZSBiZWFyZXIgdG9rZW5zIGluIGNv b2tpZXMKCSAgICAgIE1VU1QgdGFrZSBwcmVjYXV0aW9ucyBhZ2FpbnN0IGNyb3NzIHNpdGUgcmVx dWVzdCBmb3JnZXJ5LgoJICAgIAo8L2RkPgo8ZHQ+SXNzdWUgc2hvcnQtbGl2ZWQgYmVhcmVyIHRv a2Vuczo8L2R0Pgo8ZGQ+CgkgICAgICBUb2tlbiBzZXJ2ZXJzIFNIT1VMRCBpc3N1ZSBzaG9ydC1s aXZlZCAob25lIGhvdXIgb3IKCSAgICAgIGxlc3MpIGJlYXJlciB0b2tlbnMsIHBhcnRpY3VsYXJs eSB3aGVuIGlzc3VpbmcgdG9rZW5zIHRvCgkgICAgICBjbGllbnRzIHRoYXQgcnVuIHdpdGhpbiBh IHdlYiBicm93c2VyIG9yIG90aGVyCgkgICAgICBlbnZpcm9ubWVudHMgd2hlcmUgaW5mb3JtYXRp b24gbGVha2FnZSBtYXkgb2NjdXIuICBVc2luZwoJICAgICAgc2hvcnQtbGl2ZWQgYmVhcmVyIHRv a2VucyBjYW4gcmVkdWNlIHRoZSBpbXBhY3Qgb2YgdGhlbQoJICAgICAgYmVpbmcgbGVha2VkLgoJ ICAgIAo8L2RkPgo8ZHQ+SXNzdWUgc2NvcGVkIGJlYXJlciB0b2tlbnM6PC9kdD4KPGRkPgoJICAg ICAgVG9rZW4gc2VydmVycyBTSE9VTEQgaXNzdWUgYmVhcmVyIHRva2VucyB0aGF0IGNvbnRhaW4g YW4gYXVkaWVuY2UKCSAgICAgIHJlc3RyaWN0aW9uLCBzY29waW5nIHRoZWlyIHVzZSB0byB0aGUg aW50ZW5kZWQgcmVseWluZwoJICAgICAgcGFydHkgb3Igc2V0IG9mIHJlbHlpbmcgcGFydGllcy4K CSAgICAKPC9kZD4KPGR0PkRvbid0IHBhc3MgYmVhcmVyIHRva2VucyBpbiBwYWdlIFVSTHM6PC9k dD4KPGRkPgoJICAgICAgQmVhcmVyIHRva2VucyBTSE9VTEQgTk9UIGJlIHBhc3NlZCBpbiBwYWdl IFVSTHMgKGZvcgoJICAgICAgZXhhbXBsZSBhcyBxdWVyeSBzdHJpbmcgcGFyYW1ldGVycykuIElu c3RlYWQsIGJlYXJlcgoJICAgICAgdG9rZW5zIFNIT1VMRCBiZSBwYXNzZWQgaW4gSFRUUCBtZXNz YWdlIGhlYWRlcnMgb3IKCSAgICAgIG1lc3NhZ2UgYm9kaWVzIGZvciB3aGljaCBjb25maWRlbnRp YWxpdHkgbWVhc3VyZXMgYXJlCgkgICAgICB0YWtlbi4gQnJvd3NlcnMsIHdlYiBzZXJ2ZXJzLCBh bmQgb3RoZXIgc29mdHdhcmUgbWF5IG5vdAoJICAgICAgYWRlcXVhdGVseSBzZWN1cmUgVVJMcyBp biB0aGUgYnJvd3NlciBoaXN0b3J5LCB3ZWIKCSAgICAgIHNlcnZlciBsb2dzLCBhbmQgb3RoZXIg ZGF0YSBzdHJ1Y3R1cmVzLiBJZiBiZWFyZXIgdG9rZW5zCgkgICAgICBhcmUgcGFzc2VkIGluIHBh Z2UgVVJMcywgYXR0YWNrZXJzIG1pZ2h0IGJlIGFibGUgdG8KCSAgICAgIHN0ZWFsIHRoZW0gZnJv bSB0aGUgaGlzdG9yeSBkYXRhLCBsb2dzLCBvciBvdGhlcgoJICAgICAgdW5zZWN1cmVkIGxvY2F0 aW9ucy4KCSAgICAKPC9kZD4KPC9kbD48L2Jsb2NrcXVvdGU+PHA+CgkKPC9wPgo8YSBuYW1lPSJh bmNob3I3Ij48L2E+PGJyIC8+PGhyIC8+Cjx0YWJsZSBzdW1tYXJ5PSJsYXlvdXQiIGNlbGxwYWRk aW5nPSIwIiBjZWxsc3BhY2luZz0iMiIgY2xhc3M9IlRPQ2J1ZyIgYWxpZ249InJpZ2h0Ij48dHI+ PHRkIGNsYXNzPSJUT0NidWciPjxhIGhyZWY9IiN0b2MiPiZuYnNwO1RPQyZuYnNwOzwvYT48L3Rk PjwvdHI+PC90YWJsZT4KPGEgbmFtZT0icmZjLnNlY3Rpb24uNiI+PC9hPjxoMz42LiZuYnNwOwpJ QU5BIENvbnNpZGVyYXRpb25zPC9oMz4KCjxhIG5hbWU9ImFuY2hvcjgiPjwvYT48YnIgLz48aHIg Lz4KPHRhYmxlIHN1bW1hcnk9ImxheW91dCIgY2VsbHBhZGRpbmc9IjAiIGNlbGxzcGFjaW5nPSIy IiBjbGFzcz0iVE9DYnVnIiBhbGlnbj0icmlnaHQiPjx0cj48dGQgY2xhc3M9IlRPQ2J1ZyI+PGEg aHJlZj0iI3RvYyI+Jm5ic3A7VE9DJm5ic3A7PC9hPjwvdGQ+PC90cj48L3RhYmxlPgo8YSBuYW1l PSJyZmMuc2VjdGlvbi42LjEiPjwvYT48aDM+Ni4xLiZuYnNwOwpPQXV0aCBBY2Nlc3MgVG9rZW4g VHlwZSBSZWdpc3RyYXRpb248L2gzPgoKPHA+CiAgICAgICAgICBUaGlzIHNwZWNpZmljYXRpb24g cmVnaXN0ZXJzIHRoZSBmb2xsb3dpbmcgYWNjZXNzIHRva2VuIHR5cGUgaW4gdGhlCgkgIE9BdXRo IEFjY2VzcyBUb2tlbiBUeXBlIFJlZ2lzdHJ5IGRlZmluZWQgaW4KCSAgT0F1dGggMi4wIEF1dGhv cml6YXRpb24gPGEgY2xhc3M9J2luZm8nIGhyZWY9JyNJLUQuaWV0Zi1vYXV0aC12Mic+W0kmIzgy MDk7RC5pZXRmJiM4MjA5O29hdXRoJiM4MjA5O3YyXTxzcGFuPiAoPC9zcGFuPjxzcGFuIGNsYXNz PSdpbmZvJz5IYXJkdCwgRC4gYW5kIEQuIFJlY29yZG9uLCAmbGRxdW87VGhlIE9BdXRoIDIuMCBB dXRob3JpemF0aW9uIEZyYW1ld29yaywmcmRxdW87IEp1bHkmbmJzcDsyMDEyLjwvc3Bhbj48c3Bh bj4pPC9zcGFuPjwvYT4uCiAgICAgICAgCjwvcD4KPGEgbmFtZT0iYW5jaG9yOSI+PC9hPjxiciAv PjxociAvPgo8dGFibGUgc3VtbWFyeT0ibGF5b3V0IiBjZWxscGFkZGluZz0iMCIgY2VsbHNwYWNp bmc9IjIiIGNsYXNzPSJUT0NidWciIGFsaWduPSJyaWdodCI+PHRyPjx0ZCBjbGFzcz0iVE9DYnVn Ij48YSBocmVmPSIjdG9jIj4mbmJzcDtUT0MmbmJzcDs8L2E+PC90ZD48L3RyPjwvdGFibGU+Cjxh IG5hbWU9InJmYy5zZWN0aW9uLjYuMS4xIj48L2E+PGgzPjYuMS4xLiZuYnNwOwpUaGUgIkJlYXJl ciIgT0F1dGggQWNjZXNzIFRva2VuIFR5cGU8L2gzPgoKPHA+CiAgICAgICAgICAgIDwvcD4KPGJs b2NrcXVvdGUgY2xhc3M9InRleHQiPjxkbD4KPGR0PlR5cGUgbmFtZTo8L2R0Pgo8ZGQ+CiAgICAg ICAgICAgICAgICAKICAgICAgICAgICAgICAgIEJlYXJlcgogICAgICAgICAgICAgIAo8L2RkPgo8 ZHQ+QWRkaXRpb25hbCBUb2tlbiBFbmRwb2ludCBSZXNwb25zZSBQYXJhbWV0ZXJzOjwvZHQ+Cjxk ZD4KICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgKG5vbmUpCiAgICAgICAgICAgICAg CjwvZGQ+CjxkdD5IVFRQIEF1dGhlbnRpY2F0aW9uIFNjaGVtZShzKTo8L2R0Pgo8ZGQ+CiAgICAg ICAgICAgICAgICAKICAgICAgICAgICAgICAgIEJlYXJlcgogICAgICAgICAgICAgIAo8L2RkPgo8 ZHQ+Q2hhbmdlIGNvbnRyb2xsZXI6PC9kdD4KPGRkPgogICAgICAgICAgICAgICAgCiAgICAgICAg ICAgICAgICBJRVRGCiAgICAgICAgICAgICAgCjwvZGQ+CjxkdD5TcGVjaWZpY2F0aW9uIGRvY3Vt ZW50KHMpOjwvZHQ+CjxkZD4KICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgW1sgdGhp cyBkb2N1bWVudCBdXQogICAgICAgICAgICAgIAo8L2RkPgo8L2RsPjwvYmxvY2txdW90ZT48cD4K ICAgICAgICAgIAo8L3A+CjxhIG5hbWU9ImFuY2hvcjEwIj48L2E+PGJyIC8+PGhyIC8+Cjx0YWJs ZSBzdW1tYXJ5PSJsYXlvdXQiIGNlbGxwYWRkaW5nPSIwIiBjZWxsc3BhY2luZz0iMiIgY2xhc3M9 IlRPQ2J1ZyIgYWxpZ249InJpZ2h0Ij48dHI+PHRkIGNsYXNzPSJUT0NidWciPjxhIGhyZWY9IiN0 b2MiPiZuYnNwO1RPQyZuYnNwOzwvYT48L3RkPjwvdHI+PC90YWJsZT4KPGEgbmFtZT0icmZjLnNl Y3Rpb24uNi4yIj48L2E+PGgzPjYuMi4mbmJzcDsKT0F1dGggRXh0ZW5zaW9ucyBFcnJvciBSZWdp c3RyYXRpb248L2gzPgoKPHA+CiAgICAgICAgICBUaGlzIHNwZWNpZmljYXRpb24gcmVnaXN0ZXJz IHRoZSBmb2xsb3dpbmcgZXJyb3IgdmFsdWVzIGluIHRoZQoJICBPQXV0aCBFeHRlbnNpb25zIEVy cm9yIFJlZ2lzdHJ5IGRlZmluZWQgaW4KCSAgT0F1dGggMi4wIEF1dGhvcml6YXRpb24gPGEgY2xh c3M9J2luZm8nIGhyZWY9JyNJLUQuaWV0Zi1vYXV0aC12Mic+W0kmIzgyMDk7RC5pZXRmJiM4MjA5 O29hdXRoJiM4MjA5O3YyXTxzcGFuPiAoPC9zcGFuPjxzcGFuIGNsYXNzPSdpbmZvJz5IYXJkdCwg RC4gYW5kIEQuIFJlY29yZG9uLCAmbGRxdW87VGhlIE9BdXRoIDIuMCBBdXRob3JpemF0aW9uIEZy YW1ld29yaywmcmRxdW87IEp1bHkmbmJzcDsyMDEyLjwvc3Bhbj48c3Bhbj4pPC9zcGFuPjwvYT4u CiAgICAgICAgCjwvcD4KPGEgbmFtZT0iYW5jaG9yMTEiPjwvYT48YnIgLz48aHIgLz4KPHRhYmxl IHN1bW1hcnk9ImxheW91dCIgY2VsbHBhZGRpbmc9IjAiIGNlbGxzcGFjaW5nPSIyIiBjbGFzcz0i VE9DYnVnIiBhbGlnbj0icmlnaHQiPjx0cj48dGQgY2xhc3M9IlRPQ2J1ZyI+PGEgaHJlZj0iI3Rv YyI+Jm5ic3A7VE9DJm5ic3A7PC9hPjwvdGQ+PC90cj48L3RhYmxlPgo8YSBuYW1lPSJyZmMuc2Vj dGlvbi42LjIuMSI+PC9hPjxoMz42LjIuMS4mbmJzcDsKVGhlICJpbnZhbGlkX3JlcXVlc3QiIEVy cm9yIFZhbHVlPC9oMz4KCjxwPgogICAgICAgICAgICA8L3A+CjxibG9ja3F1b3RlIGNsYXNzPSJ0 ZXh0Ij48ZGw+CjxkdD5FcnJvciBuYW1lOjwvZHQ+CjxkZD4KICAgICAgICAgICAgICAgIAogICAg ICAgICAgICAgICAgaW52YWxpZF9yZXF1ZXN0CiAgICAgICAgICAgICAgCjwvZGQ+CjxkdD5FcnJv ciB1c2FnZSBsb2NhdGlvbjo8L2R0Pgo8ZGQ+CiAgICAgICAgICAgICAgICAKICAgICAgICAgICAg ICAgIFJlc291cmNlIGFjY2VzcyBlcnJvciByZXNwb25zZQogICAgICAgICAgICAgIAo8L2RkPgo8 ZHQ+UmVsYXRlZCBwcm90b2NvbCBleHRlbnNpb246PC9kdD4KPGRkPgogICAgICAgICAgICAgICAg CiAgICAgICAgICAgICAgICBCZWFyZXIgYWNjZXNzIHRva2VuIHR5cGUKICAgICAgICAgICAgICAK PC9kZD4KPGR0PkNoYW5nZSBjb250cm9sbGVyOjwvZHQ+CjxkZD4KICAgICAgICAgICAgICAgIAog ICAgICAgICAgICAgICAgSUVURgogICAgICAgICAgICAgIAo8L2RkPgo8ZHQ+U3BlY2lmaWNhdGlv biBkb2N1bWVudChzKTo8L2R0Pgo8ZGQ+CiAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAg IFtbIHRoaXMgZG9jdW1lbnQgXV0KICAgICAgICAgICAgICAKPC9kZD4KPC9kbD48L2Jsb2NrcXVv dGU+PHA+CiAgICAgICAgICAKPC9wPgo8YSBuYW1lPSJhbmNob3IxMiI+PC9hPjxiciAvPjxociAv Pgo8dGFibGUgc3VtbWFyeT0ibGF5b3V0IiBjZWxscGFkZGluZz0iMCIgY2VsbHNwYWNpbmc9IjIi IGNsYXNzPSJUT0NidWciIGFsaWduPSJyaWdodCI+PHRyPjx0ZCBjbGFzcz0iVE9DYnVnIj48YSBo cmVmPSIjdG9jIj4mbmJzcDtUT0MmbmJzcDs8L2E+PC90ZD48L3RyPjwvdGFibGU+CjxhIG5hbWU9 InJmYy5zZWN0aW9uLjYuMi4yIj48L2E+PGgzPjYuMi4yLiZuYnNwOwpUaGUgImludmFsaWRfdG9r ZW4iIEVycm9yIFZhbHVlPC9oMz4KCjxwPgogICAgICAgICAgICA8L3A+CjxibG9ja3F1b3RlIGNs YXNzPSJ0ZXh0Ij48ZGw+CjxkdD5FcnJvciBuYW1lOjwvZHQ+CjxkZD4KICAgICAgICAgICAgICAg IAogICAgICAgICAgICAgICAgaW52YWxpZF90b2tlbgogICAgICAgICAgICAgIAo8L2RkPgo8ZHQ+ RXJyb3IgdXNhZ2UgbG9jYXRpb246PC9kdD4KPGRkPgogICAgICAgICAgICAgICAgCiAgICAgICAg ICAgICAgICBSZXNvdXJjZSBhY2Nlc3MgZXJyb3IgcmVzcG9uc2UKICAgICAgICAgICAgICAKPC9k ZD4KPGR0PlJlbGF0ZWQgcHJvdG9jb2wgZXh0ZW5zaW9uOjwvZHQ+CjxkZD4KICAgICAgICAgICAg ICAgIAogICAgICAgICAgICAgICAgQmVhcmVyIGFjY2VzcyB0b2tlbiB0eXBlCiAgICAgICAgICAg ICAgCjwvZGQ+CjxkdD5DaGFuZ2UgY29udHJvbGxlcjo8L2R0Pgo8ZGQ+CiAgICAgICAgICAgICAg ICAKICAgICAgICAgICAgICAgIElFVEYKICAgICAgICAgICAgICAKPC9kZD4KPGR0PlNwZWNpZmlj YXRpb24gZG9jdW1lbnQocyk6PC9kdD4KPGRkPgogICAgICAgICAgICAgICAgCiAgICAgICAgICAg ICAgICBbWyB0aGlzIGRvY3VtZW50IF1dCiAgICAgICAgICAgICAgCjwvZGQ+CjwvZGw+PC9ibG9j a3F1b3RlPjxwPgogICAgICAgICAgCjwvcD4KPGEgbmFtZT0iYW5jaG9yMTMiPjwvYT48YnIgLz48 aHIgLz4KPHRhYmxlIHN1bW1hcnk9ImxheW91dCIgY2VsbHBhZGRpbmc9IjAiIGNlbGxzcGFjaW5n PSIyIiBjbGFzcz0iVE9DYnVnIiBhbGlnbj0icmlnaHQiPjx0cj48dGQgY2xhc3M9IlRPQ2J1ZyI+ PGEgaHJlZj0iI3RvYyI+Jm5ic3A7VE9DJm5ic3A7PC9hPjwvdGQ+PC90cj48L3RhYmxlPgo8YSBu YW1lPSJyZmMuc2VjdGlvbi42LjIuMyI+PC9hPjxoMz42LjIuMy4mbmJzcDsKVGhlICJpbnN1ZmZp Y2llbnRfc2NvcGUiIEVycm9yIFZhbHVlPC9oMz4KCjxwPgogICAgICAgICAgICA8L3A+CjxibG9j a3F1b3RlIGNsYXNzPSJ0ZXh0Ij48ZGw+CjxkdD5FcnJvciBuYW1lOjwvZHQ+CjxkZD4KICAgICAg ICAgICAgICAgIAogICAgICAgICAgICAgICAgaW5zdWZmaWNpZW50X3Njb3BlCiAgICAgICAgICAg ICAgCjwvZGQ+CjxkdD5FcnJvciB1c2FnZSBsb2NhdGlvbjo8L2R0Pgo8ZGQ+CiAgICAgICAgICAg ICAgICAKICAgICAgICAgICAgICAgIFJlc291cmNlIGFjY2VzcyBlcnJvciByZXNwb25zZQogICAg ICAgICAgICAgIAo8L2RkPgo8ZHQ+UmVsYXRlZCBwcm90b2NvbCBleHRlbnNpb246PC9kdD4KPGRk PgogICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICBCZWFyZXIgYWNjZXNzIHRva2VuIHR5 cGUKICAgICAgICAgICAgICAKPC9kZD4KPGR0PkNoYW5nZSBjb250cm9sbGVyOjwvZHQ+CjxkZD4K ICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgSUVURgogICAgICAgICAgICAgIAo8L2Rk Pgo8ZHQ+U3BlY2lmaWNhdGlvbiBkb2N1bWVudChzKTo8L2R0Pgo8ZGQ+CiAgICAgICAgICAgICAg ICAKICAgICAgICAgICAgICAgIFtbIHRoaXMgZG9jdW1lbnQgXV0KICAgICAgICAgICAgICAKPC9k ZD4KPC9kbD48L2Jsb2NrcXVvdGU+PHA+CiAgICAgICAgICAKPC9wPgo8YSBuYW1lPSJyZmMucmVm ZXJlbmNlcyI+PC9hPjxiciAvPjxociAvPgo8dGFibGUgc3VtbWFyeT0ibGF5b3V0IiBjZWxscGFk ZGluZz0iMCIgY2VsbHNwYWNpbmc9IjIiIGNsYXNzPSJUT0NidWciIGFsaWduPSJyaWdodCI+PHRy Pjx0ZCBjbGFzcz0iVE9DYnVnIj48YSBocmVmPSIjdG9jIj4mbmJzcDtUT0MmbmJzcDs8L2E+PC90 ZD48L3RyPjwvdGFibGU+CjxhIG5hbWU9InJmYy5zZWN0aW9uLjciPjwvYT48aDM+Ny4mbmJzcDsK UmVmZXJlbmNlczwvaDM+Cgo8YSBuYW1lPSJyZmMucmVmZXJlbmNlczEiPjwvYT48YnIgLz48aHIg Lz4KPHRhYmxlIHN1bW1hcnk9ImxheW91dCIgY2VsbHBhZGRpbmc9IjAiIGNlbGxzcGFjaW5nPSIy IiBjbGFzcz0iVE9DYnVnIiBhbGlnbj0icmlnaHQiPjx0cj48dGQgY2xhc3M9IlRPQ2J1ZyI+PGEg aHJlZj0iI3RvYyI+Jm5ic3A7VE9DJm5ic3A7PC9hPjwvdGQ+PC90cj48L3RhYmxlPgo8aDM+Ny4x LiZuYnNwO05vcm1hdGl2ZSBSZWZlcmVuY2VzPC9oMz4KPHRhYmxlIHdpZHRoPSI5OSUiIGJvcmRl cj0iMCI+Cjx0cj48dGQgY2xhc3M9ImF1dGhvci10ZXh0IiB2YWxpZ249InRvcCI+PGEgbmFtZT0i SS1ELmlldGYtb2F1dGgtdjIiPltJLUQuaWV0Zi1vYXV0aC12Ml08L2E+PC90ZD4KPHRkIGNsYXNz PSJhdXRob3ItdGV4dCI+SGFyZHQsIEQuIGFuZCBELiBSZWNvcmRvbiwgJmxkcXVvOzxhIGhyZWY9 Imh0dHA6Ly90b29scy5pZXRmLm9yZy9odG1sL2RyYWZ0LWlldGYtb2F1dGgtdjItMjkiPlRoZSBP QXV0aCAyLjAgQXV0aG9yaXphdGlvbiBGcmFtZXdvcms8L2E+LCZyZHF1bzsgZHJhZnQtaWV0Zi1v YXV0aC12Mi0yOSAod29yayBpbiBwcm9ncmVzcyksIEp1bHkmbmJzcDsyMDEyICg8YSBocmVmPSJo dHRwOi8vd3d3LmlldGYub3JnL2ludGVybmV0LWRyYWZ0cy9kcmFmdC1pZXRmLW9hdXRoLXYyLTI5 LnR4dCI+VFhUPC9hPiwgPGEgaHJlZj0iaHR0cDovL3d3dy5pZXRmLm9yZy9pbnRlcm5ldC1kcmFm dHMvZHJhZnQtaWV0Zi1vYXV0aC12Mi0yOS5wZGYiPlBERjwvYT4pLjwvdGQ+PC90cj4KPHRyPjx0 ZCBjbGFzcz0iYXV0aG9yLXRleHQiIHZhbGlnbj0idG9wIj48YSBuYW1lPSJSRkMyMTE5Ij5bUkZD MjExOV08L2E+PC90ZD4KPHRkIGNsYXNzPSJhdXRob3ItdGV4dCI+PGEgaHJlZj0ibWFpbHRvOnNv YkBoYXJ2YXJkLmVkdSI+QnJhZG5lciwgUy48L2E+LCAmbGRxdW87PGEgaHJlZj0iaHR0cDovL3Rv b2xzLmlldGYub3JnL2h0bWwvcmZjMjExOSI+S2V5IHdvcmRzIGZvciB1c2UgaW4gUkZDcyB0byBJ bmRpY2F0ZSBSZXF1aXJlbWVudCBMZXZlbHM8L2E+LCZyZHF1bzsgQkNQJm5ic3A7MTQsIFJGQyZu YnNwOzIxMTksIE1hcmNoJm5ic3A7MTk5NyAoPGEgaHJlZj0iaHR0cDovL3d3dy5yZmMtZWRpdG9y Lm9yZy9yZmMvcmZjMjExOS50eHQiPlRYVDwvYT4sIDxhIGhyZWY9Imh0dHA6Ly94bWwucmVzb3Vy Y2Uub3JnL3B1YmxpYy9yZmMvaHRtbC9yZmMyMTE5Lmh0bWwiPkhUTUw8L2E+LCA8YSBocmVmPSJo dHRwOi8veG1sLnJlc291cmNlLm9yZy9wdWJsaWMvcmZjL3htbC9yZmMyMTE5LnhtbCI+WE1MPC9h PikuPC90ZD48L3RyPgo8dHI+PHRkIGNsYXNzPSJhdXRob3ItdGV4dCIgdmFsaWduPSJ0b3AiPjxh IG5hbWU9IlJGQzIyNDYiPltSRkMyMjQ2XTwvYT48L3RkPgo8dGQgY2xhc3M9ImF1dGhvci10ZXh0 Ij48YSBocmVmPSJtYWlsdG86dGRpZXJrc0BjZXJ0aWNvbS5jb20iPkRpZXJrcywgVC48L2E+IGFu ZCA8YSBocmVmPSJtYWlsdG86Y2FsbGVuQGNlcnRpY29tLmNvbSI+Qy4gQWxsZW48L2E+LCAmbGRx dW87PGEgaHJlZj0iaHR0cDovL3Rvb2xzLmlldGYub3JnL2h0bWwvcmZjMjI0NiI+VGhlIFRMUyBQ cm90b2NvbCBWZXJzaW9uIDEuMDwvYT4sJnJkcXVvOyBSRkMmbmJzcDsyMjQ2LCBKYW51YXJ5Jm5i c3A7MTk5OSAoPGEgaHJlZj0iaHR0cDovL3d3dy5yZmMtZWRpdG9yLm9yZy9yZmMvcmZjMjI0Ni50 eHQiPlRYVDwvYT4pLjwvdGQ+PC90cj4KPHRyPjx0ZCBjbGFzcz0iYXV0aG9yLXRleHQiIHZhbGln bj0idG9wIj48YSBuYW1lPSJSRkMyNjE2Ij5bUkZDMjYxNl08L2E+PC90ZD4KPHRkIGNsYXNzPSJh dXRob3ItdGV4dCI+PGEgaHJlZj0ibWFpbHRvOmZpZWxkaW5nQGljcy51Y2kuZWR1Ij5GaWVsZGlu ZywgUi48L2E+LCA8YSBocmVmPSJtYWlsdG86amdAdzMub3JnIj5HZXR0eXMsIEouPC9hPiwgPGEg aHJlZj0ibWFpbHRvOm1vZ3VsQHdybC5kZWMuY29tIj5Nb2d1bCwgSi48L2E+LCA8YSBocmVmPSJt YWlsdG86ZnJ5c3R5a0B3My5vcmciPkZyeXN0eWssIEguPC9hPiwgPGEgaHJlZj0ibWFpbHRvOm1h c2ludGVyQHBhcmMueGVyb3guY29tIj5NYXNpbnRlciwgTC48L2E+LCA8YSBocmVmPSJtYWlsdG86 cGF1bGxlQG1pY3Jvc29mdC5jb20iPkxlYWNoLCBQLjwvYT4sIGFuZCA8YSBocmVmPSJtYWlsdG86 dGltYmxAdzMub3JnIj5ULiBCZXJuZXJzLUxlZTwvYT4sICZsZHF1bzs8YSBocmVmPSJodHRwOi8v dG9vbHMuaWV0Zi5vcmcvaHRtbC9yZmMyNjE2Ij5IeXBlcnRleHQgVHJhbnNmZXIgUHJvdG9jb2wg LS0gSFRUUC8xLjE8L2E+LCZyZHF1bzsgUkZDJm5ic3A7MjYxNiwgSnVuZSZuYnNwOzE5OTkgKDxh IGhyZWY9Imh0dHA6Ly93d3cucmZjLWVkaXRvci5vcmcvcmZjL3JmYzI2MTYudHh0Ij5UWFQ8L2E+ LCA8YSBocmVmPSJodHRwOi8vd3d3LnJmYy1lZGl0b3Iub3JnL3JmYy9yZmMyNjE2LnBzIj5QUzwv YT4sIDxhIGhyZWY9Imh0dHA6Ly93d3cucmZjLWVkaXRvci5vcmcvcmZjL3JmYzI2MTYucGRmIj5Q REY8L2E+LCA8YSBocmVmPSJodHRwOi8veG1sLnJlc291cmNlLm9yZy9wdWJsaWMvcmZjL2h0bWwv cmZjMjYxNi5odG1sIj5IVE1MPC9hPiwgPGEgaHJlZj0iaHR0cDovL3htbC5yZXNvdXJjZS5vcmcv cHVibGljL3JmYy94bWwvcmZjMjYxNi54bWwiPlhNTDwvYT4pLjwvdGQ+PC90cj4KPHRyPjx0ZCBj bGFzcz0iYXV0aG9yLXRleHQiIHZhbGlnbj0idG9wIj48YSBuYW1lPSJSRkMyNjE3Ij5bUkZDMjYx N108L2E+PC90ZD4KPHRkIGNsYXNzPSJhdXRob3ItdGV4dCI+PGEgaHJlZj0ibWFpbHRvOmpvaG5A bWF0aC5ud3UuZWR1Ij5GcmFua3MsIEouPC9hPiwgPGEgaHJlZj0ibWFpbHRvOnBiYWtlckB2ZXJp c2lnbi5jb20iPkhhbGxhbS1CYWtlciwgUC48L2E+LCA8YSBocmVmPSJtYWlsdG86amVmZkBBYmlT b3VyY2UuY29tIj5Ib3N0ZXRsZXIsIEouPC9hPiwgPGEgaHJlZj0ibWFpbHRvOmxhd3JlbmNlQGFn cmFuYXQuY29tIj5MYXdyZW5jZSwgUy48L2E+LCA8YSBocmVmPSJtYWlsdG86cGF1bGxlQG1pY3Jv c29mdC5jb20iPkxlYWNoLCBQLjwvYT4sIEx1b3RvbmVuLCBBLiwgYW5kIDxhIGhyZWY9Im1haWx0 bzpzdGV3YXJ0QE9wZW5NYXJrZXQuY29tIj5MLiBTdGV3YXJ0PC9hPiwgJmxkcXVvOzxhIGhyZWY9 Imh0dHA6Ly90b29scy5pZXRmLm9yZy9odG1sL3JmYzI2MTciPkhUVFAgQXV0aGVudGljYXRpb246 IEJhc2ljIGFuZCBEaWdlc3QgQWNjZXNzIEF1dGhlbnRpY2F0aW9uPC9hPiwmcmRxdW87IFJGQyZu YnNwOzI2MTcsIEp1bmUmbmJzcDsxOTk5ICg8YSBocmVmPSJodHRwOi8vd3d3LnJmYy1lZGl0b3Iu b3JnL3JmYy9yZmMyNjE3LnR4dCI+VFhUPC9hPiwgPGEgaHJlZj0iaHR0cDovL3htbC5yZXNvdXJj ZS5vcmcvcHVibGljL3JmYy9odG1sL3JmYzI2MTcuaHRtbCI+SFRNTDwvYT4sIDxhIGhyZWY9Imh0 dHA6Ly94bWwucmVzb3VyY2Uub3JnL3B1YmxpYy9yZmMveG1sL3JmYzI2MTcueG1sIj5YTUw8L2E+ KS48L3RkPjwvdHI+Cjx0cj48dGQgY2xhc3M9ImF1dGhvci10ZXh0IiB2YWxpZ249InRvcCI+PGEg bmFtZT0iUkZDMjgxOCI+W1JGQzI4MThdPC9hPjwvdGQ+Cjx0ZCBjbGFzcz0iYXV0aG9yLXRleHQi PlJlc2NvcmxhLCBFLiwgJmxkcXVvOzxhIGhyZWY9Imh0dHA6Ly90b29scy5pZXRmLm9yZy9odG1s L3JmYzI4MTgiPkhUVFAgT3ZlciBUTFM8L2E+LCZyZHF1bzsgUkZDJm5ic3A7MjgxOCwgTWF5Jm5i c3A7MjAwMCAoPGEgaHJlZj0iaHR0cDovL3d3dy5yZmMtZWRpdG9yLm9yZy9yZmMvcmZjMjgxOC50 eHQiPlRYVDwvYT4pLjwvdGQ+PC90cj4KPHRyPjx0ZCBjbGFzcz0iYXV0aG9yLXRleHQiIHZhbGln bj0idG9wIj48YSBuYW1lPSJSRkMzOTg2Ij5bUkZDMzk4Nl08L2E+PC90ZD4KPHRkIGNsYXNzPSJh dXRob3ItdGV4dCI+PGEgaHJlZj0ibWFpbHRvOnRpbWJsQHczLm9yZyI+QmVybmVycy1MZWUsIFQu PC9hPiwgPGEgaHJlZj0ibWFpbHRvOmZpZWxkaW5nQGdiaXYuY29tIj5GaWVsZGluZywgUi48L2E+ LCBhbmQgPGEgaHJlZj0ibWFpbHRvOkxNTUBhY20ub3JnIj5MLiBNYXNpbnRlcjwvYT4sICZsZHF1 bzs8YSBocmVmPSJodHRwOi8vdG9vbHMuaWV0Zi5vcmcvaHRtbC9yZmMzOTg2Ij5Vbmlmb3JtIFJl c291cmNlIElkZW50aWZpZXIgKFVSSSk6IEdlbmVyaWMgU3ludGF4PC9hPiwmcmRxdW87IFNURCZu YnNwOzY2LCBSRkMmbmJzcDszOTg2LCBKYW51YXJ5Jm5ic3A7MjAwNSAoPGEgaHJlZj0iaHR0cDov L3d3dy5yZmMtZWRpdG9yLm9yZy9yZmMvcmZjMzk4Ni50eHQiPlRYVDwvYT4sIDxhIGhyZWY9Imh0 dHA6Ly94bWwucmVzb3VyY2Uub3JnL3B1YmxpYy9yZmMvaHRtbC9yZmMzOTg2Lmh0bWwiPkhUTUw8 L2E+LCA8YSBocmVmPSJodHRwOi8veG1sLnJlc291cmNlLm9yZy9wdWJsaWMvcmZjL3htbC9yZmMz OTg2LnhtbCI+WE1MPC9hPikuPC90ZD48L3RyPgo8dHI+PHRkIGNsYXNzPSJhdXRob3ItdGV4dCIg dmFsaWduPSJ0b3AiPjxhIG5hbWU9IlJGQzUyMzQiPltSRkM1MjM0XTwvYT48L3RkPgo8dGQgY2xh c3M9ImF1dGhvci10ZXh0Ij5Dcm9ja2VyLCBELiBhbmQgUC4gT3ZlcmVsbCwgJmxkcXVvOzxhIGhy ZWY9Imh0dHA6Ly90b29scy5pZXRmLm9yZy9odG1sL3JmYzUyMzQiPkF1Z21lbnRlZCBCTkYgZm9y IFN5bnRheCBTcGVjaWZpY2F0aW9uczogQUJORjwvYT4sJnJkcXVvOyBTVEQmbmJzcDs2OCwgUkZD Jm5ic3A7NTIzNCwgSmFudWFyeSZuYnNwOzIwMDggKDxhIGhyZWY9Imh0dHA6Ly93d3cucmZjLWVk aXRvci5vcmcvcmZjL3JmYzUyMzQudHh0Ij5UWFQ8L2E+KS48L3RkPjwvdHI+Cjx0cj48dGQgY2xh c3M9ImF1dGhvci10ZXh0IiB2YWxpZ249InRvcCI+PGEgbmFtZT0iUkZDNTI0NiI+W1JGQzUyNDZd PC9hPjwvdGQ+Cjx0ZCBjbGFzcz0iYXV0aG9yLXRleHQiPkRpZXJrcywgVC4gYW5kIEUuIFJlc2Nv cmxhLCAmbGRxdW87PGEgaHJlZj0iaHR0cDovL3Rvb2xzLmlldGYub3JnL2h0bWwvcmZjNTI0NiI+ VGhlIFRyYW5zcG9ydCBMYXllciBTZWN1cml0eSAoVExTKSBQcm90b2NvbCBWZXJzaW9uIDEuMjwv YT4sJnJkcXVvOyBSRkMmbmJzcDs1MjQ2LCBBdWd1c3QmbmJzcDsyMDA4ICg8YSBocmVmPSJodHRw Oi8vd3d3LnJmYy1lZGl0b3Iub3JnL3JmYy9yZmM1MjQ2LnR4dCI+VFhUPC9hPikuPC90ZD48L3Ry Pgo8dHI+PHRkIGNsYXNzPSJhdXRob3ItdGV4dCIgdmFsaWduPSJ0b3AiPjxhIG5hbWU9IlJGQzUy ODAiPltSRkM1MjgwXTwvYT48L3RkPgo8dGQgY2xhc3M9ImF1dGhvci10ZXh0Ij5Db29wZXIsIEQu LCBTYW50ZXNzb24sIFMuLCBGYXJyZWxsLCBTLiwgQm9leWVuLCBTLiwgSG91c2xleSwgUi4sIGFu ZCBXLiBQb2xrLCAmbGRxdW87PGEgaHJlZj0iaHR0cDovL3Rvb2xzLmlldGYub3JnL2h0bWwvcmZj NTI4MCI+SW50ZXJuZXQgWC41MDkgUHVibGljIEtleSBJbmZyYXN0cnVjdHVyZSBDZXJ0aWZpY2F0 ZSBhbmQgQ2VydGlmaWNhdGUgUmV2b2NhdGlvbiBMaXN0IChDUkwpIFByb2ZpbGU8L2E+LCZyZHF1 bzsgUkZDJm5ic3A7NTI4MCwgTWF5Jm5ic3A7MjAwOCAoPGEgaHJlZj0iaHR0cDovL3d3dy5yZmMt ZWRpdG9yLm9yZy9yZmMvcmZjNTI4MC50eHQiPlRYVDwvYT4pLjwvdGQ+PC90cj4KPHRyPjx0ZCBj bGFzcz0iYXV0aG9yLXRleHQiIHZhbGlnbj0idG9wIj48YSBuYW1lPSJSRkM2MjY1Ij5bUkZDNjI2 NV08L2E+PC90ZD4KPHRkIGNsYXNzPSJhdXRob3ItdGV4dCI+QmFydGgsIEEuLCAmbGRxdW87PGEg aHJlZj0iaHR0cDovL3Rvb2xzLmlldGYub3JnL2h0bWwvcmZjNjI2NSI+SFRUUCBTdGF0ZSBNYW5h Z2VtZW50IE1lY2hhbmlzbTwvYT4sJnJkcXVvOyBSRkMmbmJzcDs2MjY1LCBBcHJpbCZuYnNwOzIw MTEgKDxhIGhyZWY9Imh0dHA6Ly93d3cucmZjLWVkaXRvci5vcmcvcmZjL3JmYzYyNjUudHh0Ij5U WFQ8L2E+KS48L3RkPjwvdHI+Cjx0cj48dGQgY2xhc3M9ImF1dGhvci10ZXh0IiB2YWxpZ249InRv cCI+PGEgbmFtZT0iVVNBU0NJSSI+W1VTQVNDSUldPC9hPjwvdGQ+Cjx0ZCBjbGFzcz0iYXV0aG9y LXRleHQiPkFtZXJpY2FuIE5hdGlvbmFsIFN0YW5kYXJkcyBJbnN0aXR1dGUsICZsZHF1bztDb2Rl ZCBDaGFyYWN0ZXIgU2V0IC0tIDctYml0IEFtZXJpY2FuIFN0YW5kYXJkIENvZGUgZm9yIEluZm9y bWF0aW9uIEludGVyY2hhbmdlLCZyZHF1bzsgQU5TSSZuYnNwO1gzLjQsIDE5ODYuPC90ZD48L3Ry Pgo8dHI+PHRkIGNsYXNzPSJhdXRob3ItdGV4dCIgdmFsaWduPSJ0b3AiPjxhIG5hbWU9IlczQy5S RUMtaHRtbDQwMS0xOTk5MTIyNCI+W1czQy5SRUMtaHRtbDQwMS0xOTk5MTIyNF08L2E+PC90ZD4K PHRkIGNsYXNzPSJhdXRob3ItdGV4dCI+SG9ycywgQS4sIFJhZ2dldHQsIEQuLCBhbmQgSS4gSmFj b2JzLCAmbGRxdW87PGEgaHJlZj0iaHR0cDovL3d3dy53My5vcmcvVFIvMTk5OS9SRUMtaHRtbDQw MS0xOTk5MTIyNCI+SFRNTCA0LjAxIFNwZWNpZmljYXRpb248L2E+LCZyZHF1bzsgV29ybGQgV2lk ZSBXZWIgQ29uc29ydGl1bSBSZWNvbW1lbmRhdGlvbiZuYnNwO1JFQy1odG1sNDAxLTE5OTkxMjI0 LCBEZWNlbWJlciZuYnNwOzE5OTkgKDxhIGhyZWY9Imh0dHA6Ly93d3cudzMub3JnL1RSLzE5OTkv UkVDLWh0bWw0MDEtMTk5OTEyMjQiPkhUTUw8L2E+KS48L3RkPjwvdHI+Cjx0cj48dGQgY2xhc3M9 ImF1dGhvci10ZXh0IiB2YWxpZ249InRvcCI+PGEgbmFtZT0iVzNDLlJFQy13ZWJhcmNoLTIwMDQx MjE1Ij5bVzNDLlJFQy13ZWJhcmNoLTIwMDQxMjE1XTwvYT48L3RkPgo8dGQgY2xhc3M9ImF1dGhv ci10ZXh0Ij5KYWNvYnMsIEkuIGFuZCBOLiBXYWxzaCwgJmxkcXVvOzxhIGhyZWY9Imh0dHA6Ly93 d3cudzMub3JnL1RSLzIwMDQvUkVDLXdlYmFyY2gtMjAwNDEyMTUiPkFyY2hpdGVjdHVyZSBvZiB0 aGUgV29ybGQgV2lkZSBXZWIsIFZvbHVtZSBPbmU8L2E+LCZyZHF1bzsgV29ybGQgV2lkZSBXZWIg Q29uc29ydGl1bSBSZWNvbW1lbmRhdGlvbiZuYnNwO1JFQy13ZWJhcmNoLTIwMDQxMjE1LCBEZWNl bWJlciZuYnNwOzIwMDQgKDxhIGhyZWY9Imh0dHA6Ly93d3cudzMub3JnL1RSLzIwMDQvUkVDLXdl YmFyY2gtMjAwNDEyMTUiPkhUTUw8L2E+KS48L3RkPjwvdHI+CjwvdGFibGU+Cgo8YSBuYW1lPSJy ZmMucmVmZXJlbmNlczIiPjwvYT48YnIgLz48aHIgLz4KPHRhYmxlIHN1bW1hcnk9ImxheW91dCIg Y2VsbHBhZGRpbmc9IjAiIGNlbGxzcGFjaW5nPSIyIiBjbGFzcz0iVE9DYnVnIiBhbGlnbj0icmln aHQiPjx0cj48dGQgY2xhc3M9IlRPQ2J1ZyI+PGEgaHJlZj0iI3RvYyI+Jm5ic3A7VE9DJm5ic3A7 PC9hPjwvdGQ+PC90cj48L3RhYmxlPgo8aDM+Ny4yLiZuYnNwO0luZm9ybWF0aXZlIFJlZmVyZW5j ZXM8L2gzPgo8dGFibGUgd2lkdGg9Ijk5JSIgYm9yZGVyPSIwIj4KPHRyPjx0ZCBjbGFzcz0iYXV0 aG9yLXRleHQiIHZhbGlnbj0idG9wIj48YSBuYW1lPSJJLUQuaWV0Zi1odHRwYmlzLXAxLW1lc3Nh Z2luZyI+W0ktRC5pZXRmLWh0dHBiaXMtcDEtbWVzc2FnaW5nXTwvYT48L3RkPgo8dGQgY2xhc3M9 ImF1dGhvci10ZXh0Ij5GaWVsZGluZywgUi4sIExhZm9uLCBZLiwgYW5kIEouIFJlc2Noa2UsICZs ZHF1bzs8YSBocmVmPSJodHRwOi8vdG9vbHMuaWV0Zi5vcmcvaHRtbC9kcmFmdC1pZXRmLWh0dHBi aXMtcDEtbWVzc2FnaW5nLTE5Ij5IVFRQLzEuMSwgcGFydCAxOiBVUklzLCBDb25uZWN0aW9ucywg YW5kIE1lc3NhZ2UgUGFyc2luZzwvYT4sJnJkcXVvOyBkcmFmdC1pZXRmLWh0dHBiaXMtcDEtbWVz c2FnaW5nLTE5ICh3b3JrIGluIHByb2dyZXNzKSwgTWFyY2gmbmJzcDsyMDEyICg8YSBocmVmPSJo dHRwOi8vd3d3LmlldGYub3JnL2ludGVybmV0LWRyYWZ0cy9kcmFmdC1pZXRmLWh0dHBiaXMtcDEt bWVzc2FnaW5nLTE5LnR4dCI+VFhUPC9hPikuPC90ZD48L3RyPgo8dHI+PHRkIGNsYXNzPSJhdXRo b3ItdGV4dCIgdmFsaWduPSJ0b3AiPjxhIG5hbWU9IkktRC5pZXRmLWh0dHBiaXMtcDctYXV0aCI+ W0ktRC5pZXRmLWh0dHBiaXMtcDctYXV0aF08L2E+PC90ZD4KPHRkIGNsYXNzPSJhdXRob3ItdGV4 dCI+RmllbGRpbmcsIFIuLCBMYWZvbiwgWS4sIGFuZCBKLiBSZXNjaGtlLCAmbGRxdW87PGEgaHJl Zj0iaHR0cDovL3Rvb2xzLmlldGYub3JnL2h0bWwvZHJhZnQtaWV0Zi1odHRwYmlzLXA3LWF1dGgt MTkiPkhUVFAvMS4xLCBwYXJ0IDc6IEF1dGhlbnRpY2F0aW9uPC9hPiwmcmRxdW87IGRyYWZ0LWll dGYtaHR0cGJpcy1wNy1hdXRoLTE5ICh3b3JrIGluIHByb2dyZXNzKSwgTWFyY2gmbmJzcDsyMDEy ICg8YSBocmVmPSJodHRwOi8vd3d3LmlldGYub3JnL2ludGVybmV0LWRyYWZ0cy9kcmFmdC1pZXRm LWh0dHBiaXMtcDctYXV0aC0xOS50eHQiPlRYVDwvYT4pLjwvdGQ+PC90cj4KPHRyPjx0ZCBjbGFz cz0iYXV0aG9yLXRleHQiIHZhbGlnbj0idG9wIj48YSBuYW1lPSJOSVNUODAwLTYzIj5bTklTVDgw MC02M108L2E+PC90ZD4KPHRkIGNsYXNzPSJhdXRob3ItdGV4dCI+QnVyciwgVy4sIERvZHNvbiwg RC4sIFBlcmxuZXIsIFIuLCBQb2xrLCBULiwgR3VwdGEsIFMuLCBhbmQgRS4gTmFiYnVzLCAmbGRx dW87PGEgaHJlZj0iaHR0cDovL2NzcmMubmlzdC5nb3YvcHVibGljYXRpb25zL1B1YnNEcmFmdHMu aHRtbCNTUC04MDAtNjMtUmV2LiUyMDEiPk5JU1QgU3BlY2lhbCBQdWJsaWNhdGlvbiA4MDAtNjMt MSwgSU5GT1JNQVRJT04gU0VDVVJJVFk8L2E+LCZyZHF1bzsgRGVjZW1iZXImbmJzcDsyMDA4Ljwv dGQ+PC90cj4KPHRyPjx0ZCBjbGFzcz0iYXV0aG9yLXRleHQiIHZhbGlnbj0idG9wIj48YSBuYW1l PSJPTUFQIj5bT01BUF08L2E+PC90ZD4KPHRkIGNsYXNzPSJhdXRob3ItdGV4dCI+SHVmZiwgSi4s IFNjaGxhY2h0LCBELiwgTmFkYWxpbiwgQS4sIFNpbW1vbnMsIEouLCBSb3NlbmJlcmcsIFAuLCBN YWRzZW4sIFAuLCBBY2UsIFQuLCBSaWNrZWx0b24tQWJkaSwgQy4sIGFuZCBCLiBCb3llciwgJmxk cXVvOzxhIGhyZWY9Imh0dHA6Ly93d3cub2F0Yy51cy9TdGFuZGFyZHMvRG93bmxvYWQuYXNweCI+ T25saW5lIE11bHRpbWVkaWEgQXV0aG9yaXphdGlvbiBQcm90b2NvbDoKCSAgICBBbiBJbmR1c3Ry eSBTdGFuZGFyZCBmb3IgQXV0aG9yaXplZCBBY2Nlc3MgdG8gSW50ZXJuZXQgTXVsdGltZWRpYSBS ZXNvdXJjZXM8L2E+LCZyZHF1bzsgQXByaWwmbmJzcDsyMDEyLjwvdGQ+PC90cj4KPHRyPjx0ZCBj bGFzcz0iYXV0aG9yLXRleHQiIHZhbGlnbj0idG9wIj48YSBuYW1lPSJPcGVuSUQuTWVzc2FnZXMi PltPcGVuSUQuTWVzc2FnZXNdPC9hPjwvdGQ+Cjx0ZCBjbGFzcz0iYXV0aG9yLXRleHQiPlNha2lt dXJhLCBOLiwgQnJhZGxleSwgSi4sIEpvbmVzLCBNLiwgZGUgTWVkZWlyb3MsIEIuLCBNb3J0aW1v cmUsIEMuLCBhbmQgRS4gSmF5LCAmbGRxdW87PGEgaHJlZj0iaHR0cDovL29wZW5pZC5uZXQvc3Bl Y3Mvb3BlbmlkLWNvbm5lY3QtbWVzc2FnZXMtMV8wLmh0bWwiPk9wZW5JRCBDb25uZWN0IE1lc3Nh Z2VzIDEuMDwvYT4sJnJkcXVvOyBNYXkmbmJzcDsyMDEyLjwvdGQ+PC90cj4KPC90YWJsZT4KCjxh IG5hbWU9ImFuY2hvcjE2Ij48L2E+PGJyIC8+PGhyIC8+Cjx0YWJsZSBzdW1tYXJ5PSJsYXlvdXQi IGNlbGxwYWRkaW5nPSIwIiBjZWxsc3BhY2luZz0iMiIgY2xhc3M9IlRPQ2J1ZyIgYWxpZ249InJp Z2h0Ij48dHI+PHRkIGNsYXNzPSJUT0NidWciPjxhIGhyZWY9IiN0b2MiPiZuYnNwO1RPQyZuYnNw OzwvYT48L3RkPjwvdHI+PC90YWJsZT4KPGEgbmFtZT0icmZjLnNlY3Rpb24uQSI+PC9hPjxoMz5B cHBlbmRpeCBBLiZuYnNwOwpBY2tub3dsZWRnZW1lbnRzPC9oMz4KCjxwPgogICAgICAgIFRoZSBm b2xsb3dpbmcgcGVvcGxlIGNvbnRyaWJ1dGVkIHRvIHByZWxpbWluYXJ5IHZlcnNpb25zIG9mIHRo aXMgZG9jdW1lbnQ6CiAgICAgICAgQmxhaW5lIENvb2sgKEJUKSwgQnJpYW4gRWF0b24gKEdvb2ds ZSksIFlhcm9uIFkuIEdvbGFuZCAoTWljcm9zb2Z0KSwgQnJlbnQgR29sZG1hbiAoRmFjZWJvb2sp LAogICAgICAgIFJhZmZpIEtyaWtvcmlhbiAoVHdpdHRlciksIEx1a2UgU2hlcGFyZCAoRmFjZWJv b2spLCBhbmQgQWxsZW4gVG9tIChZYWhvbyEpLiBUaGUgY29udGVudCBhbmQKICAgICAgICBjb25j ZXB0cyB3aXRoaW4gYXJlIGEgcHJvZHVjdCBvZiB0aGUgT0F1dGggY29tbXVuaXR5LCB0aGUgV1JB UCBjb21tdW5pdHksIGFuZCB0aGUgT0F1dGggV29ya2luZwogICAgICAgIEdyb3VwLgogICAgICAK PC9wPgo8cD4KICAgICAgICBUaGUgT0F1dGggV29ya2luZyBHcm91cCBoYXMgZG96ZW5zIG9mIHZl cnkgYWN0aXZlIGNvbnRyaWJ1dG9ycyB3aG8gcHJvcG9zZWQgaWRlYXMgYW5kCiAgICAgICAgd29y ZGluZyBmb3IgdGhpcyBkb2N1bWVudCwgaW5jbHVkaW5nOgoJTWljaGFlbCBBZGFtcywgQW1hbmRh IEFuZ2FuZXMsIEFuZHJldyBBcm5vdHQsIERlcmVrIEF0a2lucywgRGlyayBCYWxmYW56LAoJSm9o biBCcmFkbGV5LCBCcmlhbiBDYW1wYmVsbCwgRnJhbmNpc2NvIENvcmVsbGEsIExlYWggQ3VsdmVy LCBCaWxsIGRlIGhPcmEsIEJyZW5vIGRlIE1lZGVpcm9zLAoJQnJpYW4gRWxsaW4sIFN0ZXBoZW4g RmFycmVsbCwgSWdvciBGYXluYmVyZywgR2VvcmdlIEZsZXRjaGVyLAoJVGltIEZyZWVtYW4sIEV2 YW4gR2lsYmVydCwgWWFyb24gWS4gR29sYW5kLCBUaG9tYXMgSGFyZGpvbm8sCglKdXN0aW4gSGFy dCwgUGhpbCBIdW50LCBKb2huIEtlbXAsIEVyYW4gSGFtbWVyLAoJQ2hhc2VuIExlIEhhcmEsIERp Y2sgSGFyZHQsIEJhcnJ5IExlaWJhLCBBbW9zIEplZmZyaWVzLCBNaWNoYWVsIEIuIEpvbmVzLAoJ VG9yc3RlbiBMb2RkZXJzdGVkdCwgUGF1bCBNYWRzZW4sIEV2ZSBNYWxlciwgSmFtZXMgTWFuZ2Vy LCBMYXVyZW5jZSBNaWFvLAoJV2lsbGlhbSBKLiBNaWxscywgQ2h1Y2sgTW9ydGltb3JlLCBBbnRo b255IE5hZGFsaW4sIEF4ZWwgTmVubmtlciwgTWFyayBOb3R0aW5naGFtLAoJRGF2aWQgUmVjb3Jk b24sIEp1bGlhbiBSZXNjaGtlLCBSb2IgUmljaGFyZHMsIEp1c3RpbiBSaWNoZXIsIFBldGVyIFNh aW50LUFuZHJlLCBOYXQgU2FraW11cmEsCglSb2IgU2F5cmUsIE1hcml1cyBTY3VydGVzY3UsIE5h aXRpayBTaGFoLCBKdXN0aW4gU21pdGgsCglKZXJlbXkgU3VyaWVsLCBDaHJpc3RpYW4gU3R1ZWJu ZXIsIERvdWcgVGFuZ3JlbiwgUGF1bCBUYXJqYW4sCglIYW5uZXMgVHNjaG9mZW5pZywgRnJhbmts aW4gVHNlLCBTZWFuIFR1cm5lciwgUGF1bCBXYWxrZXIsIFNoYW5lIFdlZWRlbiwKCVNreWxhciBX b29kd2FyZCwgYW5kIFphY2hhcnkgWmVsdHNhbi4KICAgICAgCjwvcD4KPGEgbmFtZT0iYW5jaG9y MTciPjwvYT48YnIgLz48aHIgLz4KPHRhYmxlIHN1bW1hcnk9ImxheW91dCIgY2VsbHBhZGRpbmc9 IjAiIGNlbGxzcGFjaW5nPSIyIiBjbGFzcz0iVE9DYnVnIiBhbGlnbj0icmlnaHQiPjx0cj48dGQg Y2xhc3M9IlRPQ2J1ZyI+PGEgaHJlZj0iI3RvYyI+Jm5ic3A7VE9DJm5ic3A7PC9hPjwvdGQ+PC90 cj48L3RhYmxlPgo8YSBuYW1lPSJyZmMuc2VjdGlvbi5CIj48L2E+PGgzPkFwcGVuZGl4IEIuJm5i c3A7CkRvY3VtZW50IEhpc3Rvcnk8L2gzPgoKPHA+CiAgICAgICAgW1sgdG8gYmUgcmVtb3ZlZCBi eSB0aGUgUkZDIGVkaXRvciBiZWZvcmUgcHVibGljYXRpb24gYXMgYW4gUkZDIF1dCiAgICAgIAo8 L3A+CjxwPgogICAgICAgIC0yMgogICAgICAgIDwvcD4KPHVsIGNsYXNzPSJ0ZXh0Ij4KPGxpPgoJ ICAgIFJlbW92ZWQgdXNlcyBvZiBIVFRQYmlzIGluIGZhdm9yIG9mIFJGQyAyNjE2IGFuZCBSRkMg MjYxNy4KCSAgCjwvbGk+CjxsaT4KCSAgICBNYXRjaCBmb3JtYXR0aW5nIG9mIGFydHdvcmsgZWxl bWVudHMgd2l0aCBPQXV0aCBjb3JlIHNwZWNpZmljYXRpb24uCgkgIAo8L2xpPgo8L3VsPjxwPgog ICAgICAKPC9wPgo8cD4KICAgICAgICAtMjEKICAgICAgICA8L3A+Cjx1bCBjbGFzcz0idGV4dCI+ CjxsaT4KCSAgICBDaGFuZ2VkICJOT1QgUkVDT01NRU5ERUQiIHRvICJub3QgcmVjb21tZW5kZWQi IGluIGNhdmVhdAoJICAgIGFib3V0IHRoZSBVUkkgUXVlcnkgUGFyYW1ldGVyIG1ldGhvZC4KCSAg CjwvbGk+CjxsaT4KCSAgICBDaGFuZ2VkICJvdGhlciBzcGVjaWZpY2F0aW9ucyBtYXkgZXh0ZW5k IHRoaXMKCSAgICBzcGVjaWZpY2F0aW9uIGZvciB1c2Ugd2l0aCBvdGhlciB0cmFuc3BvcnQgcHJv dG9jb2xzIgoJICAgIHRvICJvdGhlciBzcGVjaWZpY2F0aW9ucyBtYXkgZXh0ZW5kIHRoaXMKCSAg ICBzcGVjaWZpY2F0aW9uIGZvciB1c2Ugd2l0aCBvdGhlciBwcm90b2NvbHMiLgoJICAKPC9saT4K PGxpPgoJICAgIENoYW5nZWQgQWNrbm93bGVkZ2VtZW50cyB0byB1c2Ugb25seSBBU0NJSSBjaGFy YWN0ZXJzLCBwZXIKCSAgICB0aGUgUkZDIHN0eWxlIGd1aWRlLgoJICAKPC9saT4KPC91bD48cD4K ICAgICAgCjwvcD4KPHA+CiAgICAgICAgLTIwCiAgICAgICAgPC9wPgo8dWwgY2xhc3M9InRleHQi Pgo8bGk+CgkgICAgQWRkZWQgY2F2ZWF0IGFib3V0IHVzaW5nIGEgcmVzZXJ2ZWQgcXVlcnkgcGFy YW1ldGVyIG5hbWUKCSAgICBiZWluZyBjb3VudGVyIHRvIFVSSSBuYW1lc3BhY2UgYmVzdCBwcmFj dGljZXMuCgkgIAo8L2xpPgo8bGk+CgkgICAgU3BlY2lmaWVkIHVzZSBvZiBDYWNoZS1Db250cm9s IG9wdGlvbnMgd2hlbiB1c2luZyB0aGUKCSAgICBVUkkgUXVlcnkgUGFyYW1ldGVyIG1ldGhvZC4K CSAgCjwvbGk+CjxsaT4KCSAgICBDaGFuZ2VkIHRpdGxlIHRvCgkgICAgIlRoZSBPQXV0aCAyLjAg QXV0aG9yaXphdGlvbiBGcmFtZXdvcms6IEJlYXJlciBUb2tlbiBVc2FnZSIuCgkgIAo8L2xpPgo8 bGk+CgkgICAgUmVmZXJlbmNlZCBzeW50YXggZGVmaW5pdGlvbnMgZm9yIHRoZQoJICAgIDx0dD5z Y29wZTwvdHQ+LAoJICAgIDx0dD5lcnJvcjwvdHQ+LAoJICAgIDx0dD5lcnJvcl9kZXNjcmlwdGlv bjwvdHQ+LCBhbmQKCSAgICA8dHQ+ZXJyb3JfdXJpPC90dD4KCSAgICBwYXJhbWV0ZXJzIGluIHRo ZSBPQXV0aCAyLjAgY29yZSBzcGVjLgoJICAKPC9saT4KPGxpPgoJICAgIFJlZ2lzdGVyZWQgdGhl CgkgICAgPHR0PmludmFsaWRfcmVxdWVzdDwvdHQ+LAoJICAgIDx0dD5pbnZhbGlkX3Rva2VuPC90 dD4sIGFuZAoJICAgIDx0dD5pbnN1ZmZpY2llbnRfc2NvcGU8L3R0PgoJICAgIGVycm9yIHZhbHVl cyBpbiB0aGUgT0F1dGggRXh0ZW5zaW9ucyBFcnJvciBSZWdpc3RyeS4KCSAgCjwvbGk+CjxsaT4K CSAgICBBY2tub3dsZWRnZWQgYWRkaXRpb25hbCBpbmRpdmlkdWFscy4KCSAgCjwvbGk+CjwvdWw+ PHA+CiAgICAgIAo8L3A+CjxwPgogICAgICAgIC0xOQogICAgICAgIDwvcD4KPHVsIGNsYXNzPSJ0 ZXh0Ij4KPGxpPgoJICAgIEFkZHJlc3NlZCBESVNDVVNTIGlzc3VlcyBhbmQgY29tbWVudHMgcmFp c2VkIGZvciB3aGljaAoJICAgIHJlc29sdXRpb25zIGhhdmUgYmVlbiBhZ3JlZWQgdG8uICBObyBu b3JtYXRpdmUgY2hhbmdlcyB3ZXJlCgkgICAgbWFkZS4gIENoYW5nZXMgbWFkZSB3ZXJlOgoJICAK PC9saT4KPGxpPgoJICAgIFVzZSBBQk5GIGZyb20gUkZDIDUyMzQuCgkgIAo8L2xpPgo8bGk+Cgkg ICAgQWRkZWQgc2VudGVuY2UgIlRoZSBCZWFyZXIgYXV0aGVudGljYXRpb24gc2NoZW1lIGlzIGlu dGVuZGVkIHByaW1hcmlseSBmb3IKCSAgICBzZXJ2ZXIgYXV0aGVudGljYXRpb24gdXNpbmcgdGhl IFdXVy1BdXRoZW50aWNhdGUgYW5kCgkgICAgQXV0aG9yaXphdGlvbiBIVFRQIGhlYWRlcnMsIGJ1 dCBkb2VzIG5vdCBwcmVjbHVkZSBpdHMgdXNlIGZvcgoJICAgIHByb3h5IGF1dGhlbnRpY2F0aW9u IiB0byB0aGUgaW50cm9kdWN0aW9uLgoJICAKPC9saT4KPGxpPgoJICAgIEluIHRoZSBpbnRyb2R1 Y3Rpb24sIHN0YXRlIHRoYXQgdGhpcyBkb2N1bWVudCBhbHNvIGltcG9zZXMKCSAgICBzZW1hbnRp YyByZXF1aXJlbWVudHMgdXBvbiB0aGUgYWNjZXNzIHRva2VuLgoJICAKPC9saT4KPGxpPgoJICAg IFJlZmVyZW5jZSB0aGUgPHR0PnNjb3BlPC90dD4gZGVmaW5pdGlvbgoJICAgIGluIHRoZSBPQXV0 aCBjb3JlIHNwZWMuCgkgIAo8L2xpPgo8bGk+CgkgICAgQWRkZWQgPHR0PnNjb3BlPC90dD4gZXhh bXBsZXMuCgkgIAo8L2xpPgo8bGk+CgkgICAgUmVmZXJlbmNlIFJGQyA2MjY1IGZvciBzZWN1cml0 eSBjb25zaWRlcmF0aW9ucyBhYm91dCBjb29raWVzLgoJICAKPC9saT4KPC91bD48cD4KICAgICAg CjwvcD4KPHA+CiAgICAgICAgLTE4CiAgICAgICAgPC9wPgo8dWwgY2xhc3M9InRleHQiPgo8bGk+ CgkgICAgQ2hhbmdlZCBleGFtcGxlIGJlYXJlciB0b2tlbiB2YWx1ZSBmcm9tIHZGOWRmdDRxbVQg dG8KCSAgICBtRl85LkI1Zi00LjFKcU0uCgkgIAo8L2xpPgo8bGk+CgkgICAgQWRkZWQgZXhhbXBs ZSBhY2Nlc3MgdG9rZW4gcmVzcG9uc2UgcmV0dXJuaW5nIGEgQmVhcmVyCgkgICAgdG9rZW4uCgkg IAo8L2xpPgo8L3VsPjxwPgogICAgICAKPC9wPgo8cD4KICAgICAgICAtMTcKICAgICAgICA8L3A+ Cjx1bCBjbGFzcz0idGV4dCI+CjxsaT4KCSAgICBSZXN0b3JlIFJGQyAyODE4IHJlZmVyZW5jZSBm b3Igc2VydmVyIGlkZW50aXR5CgkgICAgdmVyaWZpY2F0aW9uIGFuZCBhZGQgUkZDIDUyODAgcmVm ZXJlbmNlIGZvciBjZXJ0aWZpY2F0ZQoJICAgIHJldm9jYXRpb24gbGlzdHMsIHBlciBHZW4tQVJU IHJldmlldyBjb21tZW50cy4KCSAgCjwvbGk+CjwvdWw+PHA+CiAgICAgIAo8L3A+CjxwPgogICAg ICAgIC0xNgogICAgICAgIDwvcD4KPHVsIGNsYXNzPSJ0ZXh0Ij4KPGxpPgoJICAgIFVzZSB0aGUg SFRUUGJpcyBhdXRoLXBhcmFtIHN5bnRheCBmb3IgQmVhcmVyIGNoYWxsZW5nZQoJICAgIGF0dHJp YnV0ZXMuCgkgIAo8L2xpPgo8bGk+CgkgICAgRHJvcHBlZCB0aGUgc2VudGVuY2UgIlRoZSA8dHQ+ cmVhbG08L3R0PiB2YWx1ZSBpcyBpbnRlbmRlZCBmb3IKCSAgICBwcm9ncmFtbWF0aWMgdXNlIGFu ZCBpcyBub3QgbWVhbnQgdG8gYmUgZGlzcGxheWVkIHRvIGVuZAoJICAgIHVzZXJzIi4KCSAgCjwv bGk+CjxsaT4KCSAgICBSZW9yZGVyZWQgZm9ybS1lbmNvZGVkIGJvZHkgcGFyYW1ldGVyIGRlc2Ny aXB0aW9uIGJ1bGxldHMKCSAgICBmb3IgYmV0dGVyIHJlYWRhYmlsaXR5LgoJICAKPC9saT4KPGxp PgoJICAgIEFkZGVkIDxhIGNsYXNzPSdpbmZvJyBocmVmPScjVVNBU0NJSSc+W1VTQVNDSUldPHNw YW4+ICg8L3NwYW4+PHNwYW4gY2xhc3M9J2luZm8nPkFtZXJpY2FuIE5hdGlvbmFsIFN0YW5kYXJk cyBJbnN0aXR1dGUsICZsZHF1bztDb2RlZCBDaGFyYWN0ZXIgU2V0IC0tIDctYml0IEFtZXJpY2Fu IFN0YW5kYXJkIENvZGUgZm9yIEluZm9ybWF0aW9uIEludGVyY2hhbmdlLCZyZHF1bzsgMTk4Ni48 L3NwYW4+PHNwYW4+KTwvc3Bhbj48L2E+IHJlZmVyZW5jZS4KCSAgCjwvbGk+CjwvdWw+PHA+CiAg ICAgIAo8L3A+CjxwPgogICAgICAgIC0xNQogICAgICAgIDwvcD4KPHVsIGNsYXNzPSJ0ZXh0Ij4K PGxpPgoJICAgIENsYXJpZmllZCB0aGF0IGZvcm0tZW5jb2RlZCBjb250ZW50IG11c3QgY29uc2lz dCBlbnRpcmVseQoJICAgIG9mIEFTQ0lJIGNoYXJhY3RlcnMuCgkgIAo8L2xpPgo8bGk+CgkgICAg QWRkZWQgVExTIHZlcnNpb24gcmVxdWlyZW1lbnRzLgoJICAKPC9saT4KPGxpPgoJICAgIEFwcGxp ZWQgZWRpdG9yaWFsIGltcHJvdmVtZW50cyBzdWdnZXN0ZWQgYnkgTWFyawoJICAgIE5vdHRpbmdo YW0gZHVyaW5nIHRoZSBBUFBTIGFyZWEgcmV2aWV3LgoJICAKPC9saT4KPC91bD48cD4KICAgICAg CjwvcD4KPHA+CiAgICAgICAgLTE0CiAgICAgICAgPC9wPgo8dWwgY2xhc3M9InRleHQiPgo8bGk+ CgkgICAgQ2hhbmdlcyBtYWRlIGluIHJlc3BvbnNlIHRvIHJldmlldyBjb21tZW50cyBieSBTZWN1 cml0eQoJICAgIEFyZWEgRGlyZWN0b3IgU3RlcGhlbiBGYXJyZWxsLiAgU3BlY2lmaWNhbGx5OgoJ ICAKPC9saT4KPGxpPgoJICAgIFN0cmVuZ3RoZW5lZCB3YXJuaW5ncyBhYm91dCBwYXNzaW5nIGFu IGFjY2VzcyB0b2tlbiBhcyBhCgkgICAgcXVlcnkgcGFyYW1ldGVyIGFuZCBtb3JlIHByZWNpc2Vs eSBkZXNjcmliZWQgdGhlCgkgICAgbGltaXRhdGlvbnMgcGxhY2VkIHVwb24gdGhlIHVzZSBvZiB0 aGlzIG1ldGhvZC4KCSAgCjwvbGk+CjxsaT4KCSAgICBDbGFyaWZpZWQgdGhhdCB0aGUgPHR0PnJl YWxtPC90dD4KCSAgICBhdHRyaWJ1dGUgTUFZIGluY2x1ZGVkIHRvIGluZGljYXRlIHRoZSBzY29w ZSBvZiBwcm90ZWN0aW9uCgkgICAgaW4gdGhlIG1hbm5lciBkZXNjcmliZWQgaW4KCSAgICBIVFRQ LzEuMSwgUGFydCA3IDxhIGNsYXNzPSdpbmZvJyBocmVmPScjSS1ELmlldGYtaHR0cGJpcy1wNy1h dXRoJz5bSSYjODIwOTtELmlldGYmIzgyMDk7aHR0cGJpcyYjODIwOTtwNyYjODIwOTthdXRoXTxz cGFuPiAoPC9zcGFuPjxzcGFuIGNsYXNzPSdpbmZvJz5GaWVsZGluZywgUi4sIExhZm9uLCBZLiwg YW5kIEouIFJlc2Noa2UsICZsZHF1bztIVFRQLzEuMSwgcGFydCA3OiBBdXRoZW50aWNhdGlvbiwm cmRxdW87IE1hcmNoJm5ic3A7MjAxMi48L3NwYW4+PHNwYW4+KTwvc3Bhbj48L2E+LgoJICAKPC9s aT4KPGxpPgoJICAgIE5vcm1hdGl2ZWx5IHN0YXRlZCB0aGF0ICJ0aGUgdG9rZW4gaW50ZWdyaXR5 IHByb3RlY3Rpb24KCSAgICBNVVNUIGJlIHN1ZmZpY2llbnQgdG8gcHJldmVudCB0aGUgdG9rZW4g ZnJvbSBiZWluZwoJICAgIG1vZGlmaWVkIi4KCSAgCjwvbGk+CjxsaT4KCSAgICBBZGRlZCBzdGF0 ZW1lbnQgdGhhdCAiVExTIGlzIG1hbmRhdG9yeSB0byBpbXBsZW1lbnQgYW5kCgkgICAgdXNlIHdp dGggdGhpcyBzcGVjaWZpY2F0aW9uIiB0byB0aGUgaW50cm9kdWN0aW9uLgoJICAKPC9saT4KPGxp PgoJICAgIFN0YXRlZCB0aGF0IFRMUyBNVVNUIGJlIHVzZWQgd2l0aCAiYSBjaXBoZXJzdWl0ZSB0 aGF0CgkgICAgcHJvdmlkZXMgY29uZmlkZW50aWFsaXR5IGFuZCBpbnRlZ3JpdHkgcHJvdGVjdGlv biIuCgkgIAo8L2xpPgo8bGk+CgkgICAgQWRkZWQgIkFzIGEgZnVydGhlciBkZWZlbnNlIGFnYWlu c3QgdG9rZW4gZGlzY2xvc3VyZSwgdGhlCgkgICAgY2xpZW50IE1VU1QgdmFsaWRhdGUgdGhlIFRM UyBjZXJ0aWZpY2F0ZSBjaGFpbiB3aGVuIG1ha2luZwoJICAgIHJlcXVlc3RzIHRvIHByb3RlY3Rl ZCByZXNvdXJjZXMiIHRvIHRoZSBUaHJlYXQgTWl0aWdhdGlvbgoJICAgIHNlY3Rpb24uCgkgIAo8 L2xpPgo8bGk+CgkgICAgQ2xhcmlmaWVkIHRoYXQgcHV0dGluZyBhIHZhbGlkaXR5IHRpbWUgZmll bGQgaW5zaWRlIHRoZQoJICAgIHByb3RlY3RlZCBwYXJ0IG9mIHRoZSB0b2tlbiBpcyBvbmUgbWVh bnMsIGJ1dCBub3QgdGhlIG9ubHkKCSAgICBtZWFucywgb2YgbGltaXRpbmcgdGhlIGxpZmV0aW1l IG9mIHRoZSB0b2tlbi4KCSAgCjwvbGk+CjxsaT4KCSAgICBEcm9wcGVkIHRoZSBjb25mdXNpbmcg cGhyYXNlICJmb3IgaW5zdGFuY2UsIHRocm91Z2ggdGhlCgkgICAgdXNlIG9mIFRMUyIgZnJvbSB0 aGUgc2VudGVuY2UgYWJvdXQgY29uZmlkZW50aWFsaXR5CgkgICAgcHJvdGVjdGlvbiBvZiB0aGUg ZXhjaGFuZ2VzLgoJICAKPC9saT4KPGxpPgoJICAgIFJlZmVyZW5jZSBSRkMgNjEyNSBmb3IgaWRl bnRpdHkgdmVyaWZpY2F0aW9uLCByYXRoZXIgdGhhbgoJICAgIFJGQyAyODE4LgoJICAKPC9saT4K PGxpPgoJICAgIFN0YXRlZCB0aGF0IHRoZSB0b2tlbiBNVVNUIGJlIHByb3RlY3RlZCBiZXR3ZWVu IGZyb250IGVuZAoJICAgIGFuZCBiYWNrIGVuZCBzZXJ2ZXJzIHdoZW4gdGhlIFRMUyBjb25uZWN0 aW9uIHRlcm1pbmF0ZXMgYXQKCSAgICBhIGZyb250IGVuZCBzZXJ2ZXIgdGhhdCBpcyBkaXN0aW5j dCBmcm9tIHRoZSBhY3R1YWwgc2VydmVyCgkgICAgdGhhdCBwcm92aWRlcyB0aGUgcmVzb3VyY2Uu CgkgIAo8L2xpPgo8bGk+CgkgICAgU3RhdGVkIHRoYXQgYmVhcmVyIHRva2VucyBNVVNUIE5PVCBi ZSBzdG9yZWQgaW4gY29va2llcwoJICAgIHRoYXQgY2FuIGJlIHNlbnQgaW4gdGhlIGNsZWFyIGlu IHRoZSBUaHJlYXQgTWl0aWdhdGlvbgoJICAgIHNlY3Rpb24uCgkgIAo8L2xpPgo8bGk+CgkgICAg UmVwbGFjZWQgc29sZSByZW1haW5pbmcgcmVmZXJlbmNlIHRvIDxhIGNsYXNzPSdpbmZvJyBocmVm PScjUkZDMjYxNic+W1JGQzI2MTZdPHNwYW4+ICg8L3NwYW4+PHNwYW4gY2xhc3M9J2luZm8nPkZp ZWxkaW5nLCBSLiwgR2V0dHlzLCBKLiwgTW9ndWwsIEouLCBGcnlzdHlrLCBILiwgTWFzaW50ZXIs IEwuLCBMZWFjaCwgUC4sIGFuZCBULiBCZXJuZXJzLUxlZSwgJmxkcXVvO0h5cGVydGV4dCBUcmFu c2ZlciBQcm90b2NvbCAtLSBIVFRQLzEuMSwmcmRxdW87IEp1bmUmbmJzcDsxOTk5Ljwvc3Bhbj48 c3Bhbj4pPC9zcGFuPjwvYT4gd2l0aAoJICAgIEhUVFBiaXMgPGEgY2xhc3M9J2luZm8nIGhyZWY9 JyNJLUQuaWV0Zi1odHRwYmlzLXAxLW1lc3NhZ2luZyc+W0kmIzgyMDk7RC5pZXRmJiM4MjA5O2h0 dHBiaXMmIzgyMDk7cDEmIzgyMDk7bWVzc2FnaW5nXTxzcGFuPiAoPC9zcGFuPjxzcGFuIGNsYXNz PSdpbmZvJz5GaWVsZGluZywgUi4sIExhZm9uLCBZLiwgYW5kIEouIFJlc2Noa2UsICZsZHF1bztI VFRQLzEuMSwgcGFydCAxOiBVUklzLCBDb25uZWN0aW9ucywgYW5kIE1lc3NhZ2UgUGFyc2luZywm cmRxdW87IE1hcmNoJm5ic3A7MjAxMi48L3NwYW4+PHNwYW4+KTwvc3Bhbj48L2E+CgkgICAgcmVm ZXJlbmNlLgoJICAKPC9saT4KPGxpPgoJICAgIFJlcGxhY2VkIGFsbCByZWZlcmVuY2VzIHdoZXJl IHRoZSByZWZlcmVuY2UgaXMgdXNlZCBhcyBpZgoJICAgIGl0IHdlcmUgcGFydCBvZiB0aGUgc2Vu dGVuY2UgKHN1Y2ggYXMgImRlZmluZWQgYnkKCSAgICBbSS1ELndoYXRldmVyXSIpIHdpdGggb25l cyB3aGVyZSB0aGUgc3BlY2lmaWNhdGlvbiBuYW1lIGlzCgkgICAgdXNlZCwgZm9sbG93ZWQgYnkg dGhlIHJlZmVyZW5jZSAoc3VjaCBhcyAiZGVmaW5lZCBieQoJICAgIFdoYXRldmVyIFtJLUQud2hh dGV2ZXJdIikuCgkgIAo8L2xpPgo8bGk+CgkgICAgT3RoZXIgb24tbm9ybWF0aXZlIGVkaXRvcmlh bCBpbXByb3ZlbWVudHMuCgkgIAo8L2xpPgo8L3VsPjxwPgogICAgICAKPC9wPgo8cD4KICAgICAg ICAtMTMKICAgICAgICA8L3A+Cjx1bCBjbGFzcz0idGV4dCI+CjxsaT4KCSAgICBBdCB0aGUgcmVx dWVzdCBvZiBIYW5uZXMgVHNjaG9mZW5pZywgbWFkZSBBQk5GIGNoYW5nZXMgdG8KCSAgICBtYWtl IGl0IGNsZWFyIHRoYXQgbm8gc3BlY2lhbCBXV1ctQXV0aGVudGljYXRlIHJlc3BvbnNlCgkgICAg aGVhZGVyIGZpZWxkIHBhcnNlcnMgYXJlIG5lZWRlZC4gIFRoZSA8dHQ+c2NvcGU8L3R0PiwgPHR0 PmVycm9yLWRlc2NyaXB0aW9uPC90dD4sIGFuZCA8dHQ+ZXJyb3ItdXJpPC90dD4gcGFyYW1ldGVy cyBhcmUgYWxsIG5vdwoJICAgIGRlZmluZWQgYXMgcXVvdGVkLXN0cmluZyBpbiB0aGUgQUJORiAo YXMgPHR0PmVycm9yPC90dD4gYWxyZWFkeSB3YXMpLiAgUmVzdHJpY3Rpb25zIG9uCgkgICAgdGhl c2UgdmFsdWVzIHRoYXQgd2VyZSBmb3JtZXJseSBkZXNjcmliZWQgaW4gdGhlIEFCTkZzIGFyZQoJ ICAgIG5vdyBkZXNjcmliZWQgaW4gbm9ybWF0aXZlIHRleHQgaW5zdGVhZC4KCSAgCjwvbGk+Cjwv dWw+PHA+CiAgICAgIAo8L3A+CjxwPgogICAgICAgIC0xMgogICAgICAgIDwvcD4KPHVsIGNsYXNz PSJ0ZXh0Ij4KPGxpPgoJICAgIE1hZGUgbm9uLW5vcm1hdGl2ZSBlZGl0b3JpYWwgY2hhbmdlcyB0 aGF0IEhhbm5lcwoJICAgIFRzY2hvZmVuaWcgcmVxdWVzdGVkIGJlIGFwcGxpZWQgcHJpb3IgdG8g Zm9yd2FyZGluZyB0aGUKCSAgICBzcGVjaWZpY2F0aW9uIHRvIHRoZSBJRVNHLgoJICAKPC9saT4K PGxpPgoJICAgIEFkZGVkIHJhdGlvbmFsZSBmb3IgdGhlIGNob2ljZSBvZiB0aGUgYjY0dG9rZW4g c3ludGF4LgoJICAKPC9saT4KPGxpPgoJICAgIEFkZGVkIHJhdGlvbmFsZSBzdGF0aW5nIHRoYXQg cmVjZWl2ZXJzIGFyZSBmcmVlIHRvIHBhcnNlCgkgICAgdGhlIDx0dD5zY29wZTwvdHQ+IGF0dHJp YnV0ZSB1c2luZyBhCgkgICAgc3RhbmRhcmQgcXVvdGVkLXN0cmluZyBwYXJzZXIsIHNpbmNlIGl0 IHdpbGwgY29ycmVjdGx5CgkgICAgcHJvY2VzcyBhbGwgbGVnYWwgPHR0PnNjb3BlPC90dD4KCSAg ICB2YWx1ZXMuCgkgIAo8L2xpPgo8bGk+CgkgICAgQWRkZWQgYWRkaXRpb25hbCBhY3RpdmUgd29y a2luZyBncm91cCBjb250cmlidXRvcnMgdG8gdGhlCgkgICAgQWNrbm93bGVkZ2VtZW50cyBzZWN0 aW9uLgoJICAKPC9saT4KPC91bD48cD4KICAgICAgCjwvcD4KPHA+CiAgICAgICAgLTExCiAgICAg ICAgPC9wPgo8dWwgY2xhc3M9InRleHQiPgo8bGk+CgkgICAgUmVwbGFjZWQgdXNlcyBvZiAmbHQ7 IiZndDsgd2l0aCBEUVVPVEUgdG8gcGFzcyBBQk5GIHN5bnRheCBjaGVjay4KCSAgCjwvbGk+Cjwv dWw+PHA+CiAgICAgIAo8L3A+CjxwPgogICAgICAgIC0xMAogICAgICAgIDwvcD4KPHVsIGNsYXNz PSJ0ZXh0Ij4KPGxpPgoJICAgIFJlbW92ZWQgdGhlICNhdXRoLXBhcmFtIG9wdGlvbiBmcm9tIEF1 dGhvcml6YXRpb24gaGVhZGVyCgkgICAgc3ludGF4IChsZWF2aW5nIG9ubHkgdGhlIGI2NHRva2Vu IHN5bnRheCkuCgkgIAo8L2xpPgo8bGk+CgkgICAgUmVzdHJpY3RlZCB0aGUgPHR0PnNjb3BlPC90 dD4gdmFsdWUKCSAgICBjaGFyYWN0ZXIgc2V0IHRvICV4MjEgLyAleDIzLTVCIC8gJXg1RC03RSAo cHJpbnRhYmxlIEFTQ0lJCgkgICAgY2hhcmFjdGVycyBleGNsdWRpbmcgZG91YmxlLXF1b3RlIGFu ZCBiYWNrc2xhc2gpLgoJICAgIEluZGljYXRlZCB0aGF0IHNjb3BlIGlzIGludGVuZGVkIGZvciBw cm9ncmFtbWF0aWMgdXNlIGFuZAoJICAgIGlzIG5vdCBtZWFudCB0byBiZSBkaXNwbGF5ZWQgdG8g ZW5kIHVzZXJzLgoJICAKPC9saT4KPGxpPgoJICAgIFJlc3RyaWN0ZWQgdGhlIGNoYXJhY3RlciBz ZXQgZm9yIDx0dD5lcnJvcl9kZXNjcmlwdGlvbjwvdHQ+IHN0cmluZ3MgdG8gU1AgLwoJICAgIFZD SEFSIGFuZCBpbmRpY2F0ZWQgdGhhdCB0aGV5IGFyZSBub3QgbWVhbnQgdG8gYmUKCSAgICBkaXNw bGF5ZWQgdG8gZW5kIHVzZXJzLgoJICAKPC9saT4KPGxpPgoJICAgIEluY2x1ZGVkIG1vcmUgZGVz Y3JpcHRpb24gaW4gdGhlIEFic3RyYWN0LCBzaW5jZSBIYW5uZXMKCSAgICBUc2Nob2ZlbmlnIGlu ZGljYXRlZCB0aGF0IHRoZSBSRkMgZWRpdG9yIHdvdWxkIHJlcXVpcmUKCSAgICB0aGlzLgoJICAK PC9saT4KPGxpPgogICAgICAgICAgICBDaGFuZ2VkICJBY2Nlc3MgR3JhbnQiIHRvICJBdXRob3Jp emF0aW9uIEdyYW50IiwgYXMgd2FzCiAgICAgICAgICAgIGRvbmUgaW4gdGhlIGNvcmUgc3BlYy4K CSAgCjwvbGk+CjxsaT4KCSAgICBTaW1wbGlmaWVkIHRoZSBpbnRyb2R1Y3Rpb24gdG8gdGhlIEF1 dGhlbnRpY2F0ZWQgUmVxdWVzdHMKCSAgICBzZWN0aW9uLgoJICAKPC9saT4KPC91bD48cD4KICAg ICAgCjwvcD4KPHA+CiAgICAgICAgLTA5CiAgICAgICAgPC9wPgo8dWwgY2xhc3M9InRleHQiPgo8 bGk+CiAgICAgICAgICAgIEluY29ycG9yYXRlZCB3b3JraW5nIGdyb3VwIGxhc3QgY2FsbCBjb21t ZW50cy4gIFNwZWNpZmljIGNoYW5nZXMgd2VyZToKCSAgCjwvbGk+CjxsaT4KCSAgICBVc2UgZGVm aW5pdGlvbnMgZnJvbSA8YSBjbGFzcz0naW5mbycgaHJlZj0nI0ktRC5pZXRmLWh0dHBiaXMtcDct YXV0aCc+W0kmIzgyMDk7RC5pZXRmJiM4MjA5O2h0dHBiaXMmIzgyMDk7cDcmIzgyMDk7YXV0aF08 c3Bhbj4gKDwvc3Bhbj48c3BhbiBjbGFzcz0naW5mbyc+RmllbGRpbmcsIFIuLCBMYWZvbiwgWS4s IGFuZCBKLiBSZXNjaGtlLCAmbGRxdW87SFRUUC8xLjEsIHBhcnQgNzogQXV0aGVudGljYXRpb24s JnJkcXVvOyBNYXJjaCZuYnNwOzIwMTIuPC9zcGFuPjxzcGFuPik8L3NwYW4+PC9hPiByYXRoZXIg dGhhbiA8YSBjbGFzcz0naW5mbycgaHJlZj0nI1JGQzI2MTcnPltSRkMyNjE3XTxzcGFuPiAoPC9z cGFuPjxzcGFuIGNsYXNzPSdpbmZvJz5GcmFua3MsIEouLCBIYWxsYW0tQmFrZXIsIFAuLCBIb3N0 ZXRsZXIsIEouLCBMYXdyZW5jZSwgUy4sIExlYWNoLCBQLiwgTHVvdG9uZW4sIEEuLCBhbmQgTC4g U3Rld2FydCwgJmxkcXVvO0hUVFAgQXV0aGVudGljYXRpb246IEJhc2ljIGFuZCBEaWdlc3QgQWNj ZXNzIEF1dGhlbnRpY2F0aW9uLCZyZHF1bzsgSnVuZSZuYnNwOzE5OTkuPC9zcGFuPjxzcGFuPik8 L3NwYW4+PC9hPi4KCSAgCjwvbGk+CjxsaT4KCSAgICBVcGRhdGUgY3JlZGVudGlhbHMgZGVmaW5p dGlvbiB0byBjb25mb3JtIHRvIDxhIGNsYXNzPSdpbmZvJyBocmVmPScjSS1ELmlldGYtaHR0cGJp cy1wNy1hdXRoJz5bSSYjODIwOTtELmlldGYmIzgyMDk7aHR0cGJpcyYjODIwOTtwNyYjODIwOTth dXRoXTxzcGFuPiAoPC9zcGFuPjxzcGFuIGNsYXNzPSdpbmZvJz5GaWVsZGluZywgUi4sIExhZm9u LCBZLiwgYW5kIEouIFJlc2Noa2UsICZsZHF1bztIVFRQLzEuMSwgcGFydCA3OiBBdXRoZW50aWNh dGlvbiwmcmRxdW87IE1hcmNoJm5ic3A7MjAxMi48L3NwYW4+PHNwYW4+KTwvc3Bhbj48L2E+LgoJ ICAKPC9saT4KPGxpPgoJICAgIEZ1cnRoZXIgY2xhcmlmaWVkIHRoYXQgcXVlcnkgcGFyYW1ldGVy cyBtYXkgb2NjdXIgaW4gYW55IG9yZGVyLgoJICAKPC9saT4KPGxpPgoJICAgIFNwZWNpZnkgdGhh dCBlcnJvcl9kZXNjcmlwdGlvbiBpcyBVVEYtOCBlbmNvZGVkCgkgICAgKG1hdGNoaW5nIHRoZSBj b3JlIHNwZWNpZmljYXRpb24pLgoJICAKPC9saT4KPGxpPgoJICAgIFJlZ2lzdGVyZWQgIkJlYXJl ciIgQXV0aGVudGljYXRpb24gU2NoZW1lIGluCgkgICAgQXV0aGVudGljYXRpb24gU2NoZW1lIFJl Z2lzdHJ5IGRlZmluZWQgYnkKCSAgICA8YSBjbGFzcz0naW5mbycgaHJlZj0nI0ktRC5pZXRmLWh0 dHBiaXMtcDctYXV0aCc+W0kmIzgyMDk7RC5pZXRmJiM4MjA5O2h0dHBiaXMmIzgyMDk7cDcmIzgy MDk7YXV0aF08c3Bhbj4gKDwvc3Bhbj48c3BhbiBjbGFzcz0naW5mbyc+RmllbGRpbmcsIFIuLCBM YWZvbiwgWS4sIGFuZCBKLiBSZXNjaGtlLCAmbGRxdW87SFRUUC8xLjEsIHBhcnQgNzogQXV0aGVu dGljYXRpb24sJnJkcXVvOyBNYXJjaCZuYnNwOzIwMTIuPC9zcGFuPjxzcGFuPik8L3NwYW4+PC9h Pi4KCSAgCjwvbGk+CjxsaT4KICAgICAgICAgICAgVXBkYXRlZCByZWZlcmVuY2VzIHRvIG9hdXRo LXYyLCBodHRwYmlzLXAxLW1lc3NhZ2luZywgYW5kCiAgICAgICAgICAgIGh0dHBiaXMtcDctYXV0 aCBkcmFmdHMuCgkgIAo8L2xpPgo8bGk+CgkgICAgT3RoZXIgd29yZGluZyBpbXByb3ZlbWVudHMg bm90IGludHJvZHVjaW5nIG5vcm1hdGl2ZSBjaGFuZ2VzLgoJICAKPC9saT4KPC91bD48cD4KICAg ICAgCjwvcD4KPHA+CiAgICAgICAgLTA4CiAgICAgICAgPC9wPgo8dWwgY2xhc3M9InRleHQiPgo8 bGk+CiAgICAgICAgICAgIFVwZGF0ZWQgcmVmZXJlbmNlcyB0byBvYXV0aC12MiBhbmQgSFRUUGJp cyBkcmFmdHMuCgkgIAo8L2xpPgo8L3VsPjxwPgogICAgICAKPC9wPgo8cD4KICAgICAgICAtMDcK ICAgICAgICA8L3A+Cjx1bCBjbGFzcz0idGV4dCI+CjxsaT4KICAgICAgICAgICAgQWRkZWQgbWlz c2luZyBjb21tYSBpbiBlcnJvciByZXNwb25zZSBleGFtcGxlLgoJICAKPC9saT4KPC91bD48cD4K ICAgICAgCjwvcD4KPHA+CiAgICAgICAgLTA2CiAgICAgICAgPC9wPgo8dWwgY2xhc3M9InRleHQi Pgo8bGk+CiAgICAgICAgICAgIENoYW5nZWQgcGFyYW1ldGVyIG5hbWUgPHR0PmJlYXJlcl90b2tl bjwvdHQ+IHRvIDx0dD5hY2Nlc3NfdG9rZW48L3R0PiwgcGVyIHdvcmtpbmcgZ3JvdXAKICAgICAg ICAgICAgY29uc2Vuc3VzLgoJICAKPC9saT4KPGxpPgoJICAgIENoYW5nZWQgSFRUUCBzdGF0dXMg Y29kZSBmb3IgPHR0PmludmFsaWRfcmVxdWVzdDwvdHQ+IGVycm9yIGNvZGUgZnJvbSBIVFRQCgkg ICAgNDAxIChVbmF1dGhvcml6ZWQpIGJhY2sgdG8gSFRUUCA0MDAgKEJhZCBSZXF1ZXN0KSwgcGVy CgkgICAgaW5wdXQgZnJvbSBIVFRQIHdvcmtpbmcgZ3JvdXAgZXhwZXJ0cy4KCSAgCjwvbGk+Cjwv dWw+PHA+CiAgICAgIAo8L3A+CjxwPgogICAgICAgIC0wNQogICAgICAgIDwvcD4KPHVsIGNsYXNz PSJ0ZXh0Ij4KPGxpPgoJICAgIFJlbW92ZWQgT0F1dGggRXJyb3JzIFJlZ2lzdHJ5LCBwZXIgZGVz aWduIHRlYW0gaW5wdXQuCgkgIAo8L2xpPgo8bGk+CgkgICAgQ2hhbmdlZCBIVFRQIHN0YXR1cyBj b2RlIGZvciA8dHQ+aW52YWxpZF9yZXF1ZXN0PC90dD4gZXJyb3IgY29kZSBmcm9tIEhUVFAKCSAg ICA0MDAgKEJhZCBSZXF1ZXN0KSB0byBIVFRQIDQwMSAoVW5hdXRob3JpemVkKSB0byBtYXRjaCBI VFRQCgkgICAgdXNhZ2UgW1sgY2hhbmdlIHBlbmRpbmcgd29ya2luZyBncm91cCBjb25zZW5zdXMg XV0uCgkgIAo8L2xpPgo8bGk+CgkgICAgQWRkZWQgbWlzc2luZyBxdW90YXRpb24gbWFya3MgaW4g ZXJyb3ItdXJpIGRlZmluaXRpb24uCgkgIAo8L2xpPgo8bGk+CgkgICAgQWRkZWQgbm90ZSB0byBh ZGQgbGFuZ3VhZ2UgYW5kIGVuY29kaW5nIGluZm9ybWF0aW9uIHRvCgkgICAgZXJyb3JfZGVzY3Jp cHRpb24gaWYgdGhlIGNvcmUgc3BlY2lmaWNhdGlvbiBkb2VzLgoJICAKPC9saT4KPGxpPgoJICAg IEV4cGxpY2l0bHkgcmVmZXJlbmNlIHRoZSBBdWdtZW50ZWQgQmFja3VzLU5hdXIgRm9ybSAoQUJO RikKCSAgICBkZWZpbmVkIGluIDxhIGNsYXNzPSdpbmZvJyBocmVmPScjUkZDNTIzNCc+W1JGQzUy MzRdPHNwYW4+ICg8L3NwYW4+PHNwYW4gY2xhc3M9J2luZm8nPkNyb2NrZXIsIEQuIGFuZCBQLiBP dmVyZWxsLCAmbGRxdW87QXVnbWVudGVkIEJORiBmb3IgU3ludGF4IFNwZWNpZmljYXRpb25zOiBB Qk5GLCZyZHF1bzsgSmFudWFyeSZuYnNwOzIwMDguPC9zcGFuPjxzcGFuPik8L3NwYW4+PC9hPi4K CSAgCjwvbGk+CjxsaT4KCSAgICBVc2UgYXV0aC1wYXJhbSBpbnN0ZWFkIG9mIHJlcGVhdGluZyBp dHMgZGVmaW5pdGlvbiwgd2hpY2gKCSAgICBpcyAoIHRva2VuICI9IiAoIHRva2VuIC8gcXVvdGVk LXN0cmluZyApICkuCgkgIAo8L2xpPgo8bGk+CgkgICAgQ2xhcmlmeSBzZWN1cml0eSBjb25zaWRl cmF0aW9ucyBhYm91dCBpbmNsdWRpbmcgYW4KCSAgICBhdWRpZW5jZSByZXN0cmljdGlvbiBpbiB0 aGUgdG9rZW4gYW5kIGluY2x1ZGUgYQoJICAgIHJlY29tbWVuZGF0aW9uIHRvIGlzc3VlIHNjb3Bl ZCBiZWFyZXIgdG9rZW5zIGluIHRoZQoJICAgIHN1bW1hcnkgb2YgcmVjb21tZW5kYXRpb25zLgoJ ICAKPC9saT4KPC91bD48cD4KICAgICAgCjwvcD4KPHA+CiAgICAgICAgLTA0CiAgICAgICAgPC9w Pgo8dWwgY2xhc3M9InRleHQiPgo8bGk+CgkgICAgRWRpdHMgcmVzcG9uZGluZyB0byB3b3JraW5n IGdyb3VwIGxhc3QgY2FsbCBmZWVkYmFjayBvbgoJICAgIC0wMy4gIFNwZWNpZmljIGVkaXRzIGVu dW1lcmF0ZWQgYmVsb3cuCgkgIAo8L2xpPgo8bGk+CgkgICAgQWRkZWQgQmVhcmVyIFRva2VuIGRl ZmluaXRpb24gaW4gVGVybWlub2xvZ3kgc2VjdGlvbi4KCSAgCjwvbGk+CjxsaT4KICAgICAgICAg ICAgQ2hhbmdlZCBwYXJhbWV0ZXIgbmFtZSA8dHQ+b2F1dGhfdG9rZW48L3R0PiB0byA8dHQ+YmVh cmVyX3Rva2VuPC90dD4uCgkgIAo8L2xpPgo8bGk+CgkgICAgQWRkZWQgcmVhbG0gcGFyYW1ldGVy IHRvIDx0dD5XV1ctQXV0aGVudGljYXRlPC90dD4gcmVzcG9uc2UgdG8gY29tcGx5CgkgICAgd2l0 aCA8YSBjbGFzcz0naW5mbycgaHJlZj0nI1JGQzI2MTcnPltSRkMyNjE3XTxzcGFuPiAoPC9zcGFu PjxzcGFuIGNsYXNzPSdpbmZvJz5GcmFua3MsIEouLCBIYWxsYW0tQmFrZXIsIFAuLCBIb3N0ZXRs ZXIsIEouLCBMYXdyZW5jZSwgUy4sIExlYWNoLCBQLiwgTHVvdG9uZW4sIEEuLCBhbmQgTC4gU3Rl d2FydCwgJmxkcXVvO0hUVFAgQXV0aGVudGljYXRpb246IEJhc2ljIGFuZCBEaWdlc3QgQWNjZXNz IEF1dGhlbnRpY2F0aW9uLCZyZHF1bzsgSnVuZSZuYnNwOzE5OTkuPC9zcGFuPjxzcGFuPik8L3Nw YW4+PC9hPi4KCSAgCjwvbGk+CjxsaT4KCSAgICBSZW1vdmVkICJbIFJXUyAxI2F1dGgtcGFyYW0g XSIgZnJvbSA8dHQ+Y3JlZGVudGlhbHM8L3R0PiBkZWZpbml0aW9uIHNpbmNlIGl0IGRpZAoJICAg IG5vdCBjb21wbHkgd2l0aCB0aGUgQUJORiBpbiA8YSBjbGFzcz0naW5mbycgaHJlZj0nI0ktRC5p ZXRmLWh0dHBiaXMtcDctYXV0aCc+W0kmIzgyMDk7RC5pZXRmJiM4MjA5O2h0dHBiaXMmIzgyMDk7 cDcmIzgyMDk7YXV0aF08c3Bhbj4gKDwvc3Bhbj48c3BhbiBjbGFzcz0naW5mbyc+RmllbGRpbmcs IFIuLCBMYWZvbiwgWS4sIGFuZCBKLiBSZXNjaGtlLCAmbGRxdW87SFRUUC8xLjEsIHBhcnQgNzog QXV0aGVudGljYXRpb24sJnJkcXVvOyBNYXJjaCZuYnNwOzIwMTIuPC9zcGFuPjxzcGFuPik8L3Nw YW4+PC9hPi4KCSAgCjwvbGk+CjxsaT4KCSAgICBSZW1vdmVkIHJlc3RyaWN0aW9uIHRoYXQgdGhl IDx0dD5iZWFyZXJfdG9rZW48L3R0PiAoZm9ybWVybHkgPHR0Pm9hdXRoX3Rva2VuPC90dD4pIHBh cmFtZXRlciBiZSB0aGUgbGFzdAoJICAgIHBhcmFtZXRlciBpbiB0aGUgZW50aXR5LWJvZHkgYW5k IHRoZSBIVFRQIHJlcXVlc3QgVVJJCgkgICAgcXVlcnkuCgkgIAo8L2xpPgo8bGk+CgkgICAgRG8g bm90IHJlcXVpcmUgV1dXLUF1dGhlbnRpY2F0ZSBSZXNwb25zZSBpbiBhIHJlcGx5IHRvIGEKCSAg ICBtYWxmb3JtZWQgcmVxdWVzdCwgYXMgYW4gSFRUUCA0MDAgQmFkIFJlcXVlc3QgcmVzcG9uc2UK CSAgICB3aXRob3V0IGEgV1dXLUF1dGhlbnRpY2F0ZSBoZWFkZXIgaXMgbGlrZWx5IHRoZSByaWdo dAoJICAgIHJlc3BvbnNlIGluIHNvbWUgY2FzZXMgb2YgbWFsZm9ybWVkIHJlcXVlc3RzLgoJICAK PC9saT4KPGxpPgoJICAgIFJlbW92ZWQgT0F1dGggUGFyYW1ldGVycyByZWdpc3RyeSBleHRlbnNp b24uCgkgIAo8L2xpPgo8bGk+CgkgICAgTnVtZXJvdXMgZWRpdG9yaWFsIGltcHJvdmVtZW50cyBz dWdnZXN0ZWQgYnkgd29ya2luZyBncm91cAoJICAgIG1lbWJlcnMuCgkgIAo8L2xpPgo8L3VsPjxw PgogICAgICAKPC9wPgo8cD4KICAgICAgICAtMDMKICAgICAgICA8L3A+Cjx1bCBjbGFzcz0idGV4 dCI+CjxsaT4KCSAgICBSZXN0b3JlZCB0aGUgV1dXLUF1dGhlbnRpY2F0ZSByZXNwb25zZSBoZWFk ZXIKCSAgICBmdW5jdGlvbmFsaXR5IGRlbGV0ZWQgZnJvbSB0aGUgZnJhbWV3b3JrIHNwZWNpZmlj YXRpb24gaW4KCSAgICBkcmFmdCAxMiBiYXNlZCB1cG9uIHRoZSBzcGVjaWZpY2F0aW9uIHRleHQg ZnJvbSBkcmFmdCAxMS4KCSAgCjwvbGk+CjxsaT4KCSAgICBBdWdtZW50ZWQgdGhlIE9BdXRoIFBh cmFtZXRlcnMgcmVnaXN0cnkgYnkgYWRkaW5nIHR3bwoJICAgIGFkZGl0aW9uYWwgcGFyYW1ldGVy IHVzYWdlIGxvY2F0aW9uczogInJlc291cmNlIHJlcXVlc3QiCgkgICAgYW5kICJyZXNvdXJjZSBy ZXNwb25zZSIuCgkgIAo8L2xpPgo8bGk+CiAgICAgICAgICAgIFJlZ2lzdGVyZWQgdGhlICJvYXV0 aF90b2tlbiIgT0F1dGggcGFyYW1ldGVyIHdpdGggdXNhZ2UKICAgICAgICAgICAgbG9jYXRpb24g InJlc291cmNlIHJlcXVlc3QiLgogICAgICAgICAgCjwvbGk+CjxsaT4KICAgICAgICAgICAgUmVn aXN0ZXJlZCB0aGUgImVycm9yIiBPQXV0aCBwYXJhbWV0ZXIuCiAgICAgICAgICAKPC9saT4KPGxp PgoJICAgIENyZWF0ZWQgdGhlIE9BdXRoIEVycm9yIHJlZ2lzdHJ5IGFuZCByZWdpc3RlcmVkIGVy cm9ycy4KCSAgCjwvbGk+CjxsaT4KCSAgICBDaGFuZ2VkIHRoZSAiT0F1dGgyIiBPQXV0aCBhY2Nl c3MgdG9rZW4gdHlwZSBuYW1lIHRvCgkgICAgIkJlYXJlciIuCgkgIAo8L2xpPgo8L3VsPjxwPgog ICAgICAKPC9wPgo8cD4KICAgICAgICAtMDIKICAgICAgICA8L3A+Cjx1bCBjbGFzcz0idGV4dCI+ CjxsaT4KICAgICAgICAgICAgSW5jb3Jwb3JhdGVkIGZlZWRiYWNrIHJlY2VpdmVkIG9uIGRyYWZ0 IDAxLiAgTW9zdCBjaGFuZ2VzCiAgICAgICAgICAgIHdlcmUgdG8gdGhlIHNlY3VyaXR5IGNvbnNp ZGVyYXRpb25zIHNlY3Rpb24uICBObyBub3JtYXRpdmUKICAgICAgICAgICAgY2hhbmdlcyB3ZXJl IG1hZGUuICBTcGVjaWZpYyBjaGFuZ2VzIGluY2x1ZGVkOgogICAgICAgICAgCjwvbGk+CjxsaT4K CSAgICBDaGFuZ2VkIHRlcm1pbm9sb2d5IGZyb20gInRva2VuIHJldXNlIiB0byAidG9rZW4gY2Fw dHVyZQoJICAgIGFuZCByZXBsYXkiLgoJICAKPC9saT4KPGxpPgoJICAgIFJlbW92ZWQgc2VudGVu Y2UgIkVuY3J5cHRpbmcgdGhlIHRva2VuIGNvbnRlbnRzIGlzIGFub3RoZXIKCSAgICBhbHRlcm5h dGl2ZSIgZnJvbSB0aGUgc2VjdXJpdHkgY29uc2lkZXJhdGlvbnMgc2luY2UgaXQgd2FzCgkgICAg cmVkdW5kYW50IGFuZCBwb3RlbnRpYWxseSBjb25mdXNpbmcuCgkgIAo8L2xpPgo8bGk+CgkgICAg Q29ycmVjdGVkIHNvbWUgcmVmZXJlbmNlcyB0byAicmVzb3VyY2Ugc2VydmVyIiB0byBiZQoJICAg ICJhdXRob3JpemF0aW9uIHNlcnZlciIgaW4gdGhlIHNlY3VyaXR5IGNvbnNpZGVyYXRpb25zLgoJ ICAKPC9saT4KPGxpPgoJICAgIEdlbmVyYWxpemVkIHNlY3VyaXR5IGNvbnNpZGVyYXRpb25zIGxh bmd1YWdlIGFib3V0CgkgICAgb2J0YWluaW5nIGNvbnNlbnQgb2YgdGhlIHJlc291cmNlIG93bmVy LgoJICAKPC9saT4KPGxpPgoJICAgIEJyb2FkZW5lZCBzY29wZSBvZiBzZWN1cml0eSBjb25zaWRl cmF0aW9ucyBkZXNjcmlwdGlvbiBmb3IKCSAgICByZWNvbW1lbmRhdGlvbiAiRG9uJ3QgcGFzcyBi ZWFyZXIgdG9rZW5zIGluIHBhZ2UgVVJMcyIuCgkgIAo8L2xpPgo8bGk+CgkgICAgUmVtb3ZlZCB1 bnVzZWQgcmVmZXJlbmNlIHRvIE9BdXRoIDEuMC4KCSAgCjwvbGk+CjxsaT4KCSAgICBVcGRhdGVk IHJlZmVyZW5jZSB0byBmcmFtZXdvcmsgc3BlY2lmaWNhdGlvbiBhbmQgdXBkYXRlZAoJICAgIERh dmlkIFJlY29yZG9uJ3MgZS1tYWlsIGFkZHJlc3MuCgkgIAo8L2xpPgo8bGk+CgkgICAgUmVtb3Zl ZCBzZWN1cml0eSBjb25zaWRlcmF0aW9ucyB0ZXh0IG9uIGF1dGhlbnRpY2F0aW5nCgkgICAgY2xp ZW50cy4KCSAgCjwvbGk+CjxsaT4KCSAgICBSZWdpc3RlcmVkIHRoZSAiT0F1dGgyIiBPQXV0aCBh Y2Nlc3MgdG9rZW4gdHlwZSBhbmQKCSAgICAib2F1dGhfdG9rZW4iIHBhcmFtZXRlci4KCSAgCjwv bGk+CjwvdWw+PHA+CiAgICAgIAo8L3A+CjxwPgogICAgICAgIC0wMQogICAgICAgIDwvcD4KPHVs IGNsYXNzPSJ0ZXh0Ij4KPGxpPgogICAgICAgICAgICBGaXJzdCBwdWJsaWMgZHJhZnQsIHdoaWNo IGluY29ycG9yYXRlcyBmZWVkYmFjayByZWNlaXZlZAogICAgICAgICAgICBvbiAtMDAgaW5jbHVk aW5nIGVuaGFuY2VkIFNlY3VyaXR5IENvbnNpZGVyYXRpb25zIGNvbnRlbnQuCiAgICAgICAgICAg IFRoaXMgdmVyc2lvbiBpcyBpbnRlbmRlZCB0byBhY2NvbXBhbnkgT0F1dGggMi4wIGRyYWZ0IDEx LgogICAgICAgICAgCjwvbGk+CjwvdWw+PHA+CiAgICAgIAo8L3A+CjxwPgogICAgICAgIC0wMAog ICAgICAgIDwvcD4KPHVsIGNsYXNzPSJ0ZXh0Ij4KPGxpPgogICAgICAgICAgICBJbml0aWFsIGRy YWZ0IGJhc2VkIG9uIHByZWxpbWluYXJ5IHZlcnNpb24gb2YgT0F1dGggMi4wIGRyYWZ0IDExLgog ICAgICAgICAgCjwvbGk+CjwvdWw+PHA+CiAgICAgIAo8L3A+CjxhIG5hbWU9InJmYy5hdXRob3Jz Ij48L2E+PGJyIC8+PGhyIC8+Cjx0YWJsZSBzdW1tYXJ5PSJsYXlvdXQiIGNlbGxwYWRkaW5nPSIw IiBjZWxsc3BhY2luZz0iMiIgY2xhc3M9IlRPQ2J1ZyIgYWxpZ249InJpZ2h0Ij48dHI+PHRkIGNs YXNzPSJUT0NidWciPjxhIGhyZWY9IiN0b2MiPiZuYnNwO1RPQyZuYnNwOzwvYT48L3RkPjwvdHI+ PC90YWJsZT4KPGgzPkF1dGhvcnMnIEFkZHJlc3NlczwvaDM+Cjx0YWJsZSB3aWR0aD0iOTklIiBi b3JkZXI9IjAiIGNlbGxwYWRkaW5nPSIwIiBjZWxsc3BhY2luZz0iMCI+Cjx0cj48dGQgY2xhc3M9 ImF1dGhvci10ZXh0Ij4mbmJzcDs8L3RkPgo8dGQgY2xhc3M9ImF1dGhvci10ZXh0Ij5NaWNoYWVs IEIuIEpvbmVzPC90ZD48L3RyPgo8dHI+PHRkIGNsYXNzPSJhdXRob3ItdGV4dCI+Jm5ic3A7PC90 ZD4KPHRkIGNsYXNzPSJhdXRob3ItdGV4dCI+TWljcm9zb2Z0PC90ZD48L3RyPgo8dHI+PHRkIGNs YXNzPSJhdXRob3IiIGFsaWduPSJyaWdodCI+RW1haWw6Jm5ic3A7PC90ZD4KPHRkIGNsYXNzPSJh dXRob3ItdGV4dCI+PGEgaHJlZj0ibWFpbHRvOm1iakBtaWNyb3NvZnQuY29tIj5tYmpAbWljcm9z b2Z0LmNvbTwvYT48L3RkPjwvdHI+Cjx0cj48dGQgY2xhc3M9ImF1dGhvciIgYWxpZ249InJpZ2h0 Ij5VUkk6Jm5ic3A7PC90ZD4KPHRkIGNsYXNzPSJhdXRob3ItdGV4dCI+PGEgaHJlZj0iaHR0cDov L3NlbGYtaXNzdWVkLmluZm8vIj5odHRwOi8vc2VsZi1pc3N1ZWQuaW5mby88L2E+PC90ZD48L3Ry Pgo8dHIgY2VsbHBhZGRpbmc9IjMiPjx0ZD4mbmJzcDs8L3RkPjx0ZD4mbmJzcDs8L3RkPjwvdHI+ Cjx0cj48dGQgY2xhc3M9ImF1dGhvci10ZXh0Ij4mbmJzcDs8L3RkPgo8dGQgY2xhc3M9ImF1dGhv ci10ZXh0Ij5EaWNrIEhhcmR0PC90ZD48L3RyPgo8dHI+PHRkIGNsYXNzPSJhdXRob3ItdGV4dCI+ Jm5ic3A7PC90ZD4KPHRkIGNsYXNzPSJhdXRob3ItdGV4dCI+aW5kZXBlbmRlbnQ8L3RkPjwvdHI+ Cjx0cj48dGQgY2xhc3M9ImF1dGhvciIgYWxpZ249InJpZ2h0Ij5FbWFpbDombmJzcDs8L3RkPgo8 dGQgY2xhc3M9ImF1dGhvci10ZXh0Ij48YSBocmVmPSJtYWlsdG86ZGljay5oYXJkdEBnbWFpbC5j b20iPmRpY2suaGFyZHRAZ21haWwuY29tPC9hPjwvdGQ+PC90cj4KPHRyPjx0ZCBjbGFzcz0iYXV0 aG9yIiBhbGlnbj0icmlnaHQiPlVSSTombmJzcDs8L3RkPgo8dGQgY2xhc3M9ImF1dGhvci10ZXh0 Ij48YSBocmVmPSJodHRwOi8vZGlja2hhcmR0Lm9yZy8iPmh0dHA6Ly9kaWNraGFyZHQub3JnLzwv YT48L3RkPjwvdHI+Cjx0ciBjZWxscGFkZGluZz0iMyI+PHRkPiZuYnNwOzwvdGQ+PHRkPiZuYnNw OzwvdGQ+PC90cj4KPHRyPjx0ZCBjbGFzcz0iYXV0aG9yLXRleHQiPiZuYnNwOzwvdGQ+Cjx0ZCBj bGFzcz0iYXV0aG9yLXRleHQiPkRhdmlkIFJlY29yZG9uPC90ZD48L3RyPgo8dHI+PHRkIGNsYXNz PSJhdXRob3ItdGV4dCI+Jm5ic3A7PC90ZD4KPHRkIGNsYXNzPSJhdXRob3ItdGV4dCI+RmFjZWJv b2s8L3RkPjwvdHI+Cjx0cj48dGQgY2xhc3M9ImF1dGhvciIgYWxpZ249InJpZ2h0Ij5FbWFpbDom bmJzcDs8L3RkPgo8dGQgY2xhc3M9ImF1dGhvci10ZXh0Ij48YSBocmVmPSJtYWlsdG86ZHJAZmIu Y29tIj5kckBmYi5jb208L2E+PC90ZD48L3RyPgo8dHI+PHRkIGNsYXNzPSJhdXRob3IiIGFsaWdu PSJyaWdodCI+VVJJOiZuYnNwOzwvdGQ+Cjx0ZCBjbGFzcz0iYXV0aG9yLXRleHQiPjxhIGhyZWY9 Imh0dHA6Ly93d3cuZGF2aWRyZWNvcmRvbi5jb20vIj5odHRwOi8vd3d3LmRhdmlkcmVjb3Jkb24u Y29tLzwvYT48L3RkPjwvdHI+CjwvdGFibGU+CjwvYm9keT48L2h0bWw+Cg== --_007_4E1F6AAD24975D4BA5B16804296739436657CD16TK5EX14MBXC283r_ Content-Type: application/pdf; name="draft-ietf-oauth-v2-bearer-22 preliminary.pdf" Content-Description: draft-ietf-oauth-v2-bearer-22 preliminary.pdf Content-Disposition: attachment; filename="draft-ietf-oauth-v2-bearer-22 preliminary.pdf"; size=189913; creation-date="Mon, 09 Jul 2012 13:30:35 GMT"; modification-date="Mon, 09 Jul 2012 13:28:33 GMT" Content-Transfer-Encoding: base64 JVBERi0xLjQKMSAwIG9iago8PAovVGl0bGUgKP7/AFQAaABlACAATwBBAHUAdABoACAAMgAuADAA IABBAHUAdABoAG8AcgBpAHoAYQB0AGkAbwBuACAARgByAGEAbQBlAHcAbwByAGsAOgAgAEIAZQBh AHIAZQByACAAVABvAGsAZQBuACAAVQBzAGEAZwBlKQovQ3JlYXRvciAo/v8pCi9Qcm9kdWNlciAo /v8AdwBrAGgAdABtAGwAdABvAHAAZABmKQovQ3JlYXRpb25EYXRlIChEOjIwMTIwNzA5MTUyODIx KzAyJzAwJykKPj4KZW5kb2JqCjMgMCBvYmoKPDwKL1R5cGUgL0V4dEdTdGF0ZQovU0EgdHJ1ZQov U00gMC4wMgovY2EgMS4wCi9DQSAxLjAKL0FJUyBmYWxzZQovU01hc2sgL05vbmU+PgplbmRvYmoK NCAwIG9iagpbL1BhdHRlcm4gL0RldmljZVJHQl0KZW5kb2JqCjEwIDAgb2JqClswIC9YWVogNDcu NTE5OTk5OSAgCjY4OC44Nzk5OTkgIDBdCmVuZG9iagoxMSAwIG9iagpbMCAvWFlaIDQ3LjUxOTk5 OTkgIAoxODEuMDM5OTk5ICAwXQplbmRvYmoKMTIgMCBvYmoKWzAgL1hZWiA0Ny41MTk5OTk5ICAK NTc0LjYzOTk5OSAgMF0KZW5kb2JqCjEzIDAgb2JqClswIC9YWVogNDcuNTE5OTk5OSAgCjQ3OS41 OTk5OTkgIDBdCmVuZG9iagoxNCAwIG9iagpbMCAvWFlaIDQ3LjUxOTk5OTkgIAoxNTEuMjc5OTk5 ICAwXQplbmRvYmoKMTUgMCBvYmoKWzAgL1hZWiA0Ny41MTk5OTk5ICAKMzE5LjI3OTk5OSAgMF0K ZW5kb2JqCjE2IDAgb2JqCjw8Ci9UeXBlIC9Bbm5vdAovU3VidHlwZSAvTGluawovUmVjdCBbNTIy LjcyMDAwMCAgNzgyLjk1OTk5OSAgNTQzLjg0MDAwMCAgNzkwLjYzOTk5OSBdCi9Cb3JkZXIgWzAg MCAwXQovRGVzdCAvZmlsZSMzYSMyZiMyZiMyZnZhciMyZnRtcCMyZkNHSXRlbXA1MDY2Ny5kaXIj MmZkcmFmdCMyZGlldGYjMmRvYXV0aCMyZHYyIzJkYmVhcmVyLmh0bWwuaHRtbCMyM3RvYwo+Pgpl bmRvYmoKMTcgMCBvYmoKPDwKL1R5cGUgL0Fubm90Ci9TdWJ0eXBlIC9MaW5rCi9SZWN0IFs3OC4y Mzk5OTk5ICAxMTQuNzk5OTk5ICA4OC43OTk5OTk5ICAxMjUuMzU5OTk5IF0KL0JvcmRlciBbMCAw IDBdCi9EZXN0IC9maWxlIzNhIzJmIzJmIzJmdmFyIzJmdG1wIzJmQ0dJdGVtcDUwNjY3LmRpciMy ZmRyYWZ0IzJkaWV0ZiMyZG9hdXRoIzJkdjIjMmRiZWFyZXIuaHRtbC5odG1sIzIzYW5jaG9yMQo+ PgplbmRvYmoKMTggMCBvYmoKPDwKL1R5cGUgL0Fubm90Ci9TdWJ0eXBlIC9MaW5rCi9SZWN0IFs5 My41OTk5OTk5ICAxMDMuMjc5OTk5ICAxMTQuNzE5OTk5ICAxMTMuODM5OTk5IF0KL0JvcmRlciBb MCAwIDBdCi9EZXN0IC9maWxlIzNhIzJmIzJmIzJmdmFyIzJmdG1wIzJmQ0dJdGVtcDUwNjY3LmRp ciMyZmRyYWZ0IzJkaWV0ZiMyZG9hdXRoIzJkdjIjMmRiZWFyZXIuaHRtbC5odG1sIzIzYW5jaG9y Mgo+PgplbmRvYmoKMTkgMCBvYmoKPDwKL1R5cGUgL0Fubm90Ci9TdWJ0eXBlIC9MaW5rCi9SZWN0 IFs5My41OTk5OTk5ICA5MS43NTk5OTk5ICAxMTQuNzE5OTk5ICAxMDIuMzE5OTk5IF0KL0JvcmRl ciBbMCAwIDBdCi9EZXN0IC9maWxlIzNhIzJmIzJmIzJmdmFyIzJmdG1wIzJmQ0dJdGVtcDUwNjY3 LmRpciMyZmRyYWZ0IzJkaWV0ZiMyZG9hdXRoIzJkdjIjMmRiZWFyZXIuaHRtbC5odG1sIzIzYW5j aG9yMwo+PgplbmRvYmoKMjAgMCBvYmoKPDwKL1R5cGUgL0Fubm90Ci9TdWJ0eXBlIC9MaW5rCi9S ZWN0IFs5My41OTk5OTk5ICA4MC4yMzk5OTk5ICAxMTQuNzE5OTk5ICA5MC43OTk5OTk5IF0KL0Jv cmRlciBbMCAwIDBdCi9EZXN0IC9maWxlIzNhIzJmIzJmIzJmdmFyIzJmdG1wIzJmQ0dJdGVtcDUw NjY3LmRpciMyZmRyYWZ0IzJkaWV0ZiMyZG9hdXRoIzJkdjIjMmRiZWFyZXIuaHRtbC5odG1sIzIz YW5jaG9yNAo+PgplbmRvYmoKMjEgMCBvYmoKPDwKL1R5cGUgL0Fubm90Ci9TdWJ0eXBlIC9MaW5r Ci9SZWN0IFs3OC4yMzk5OTk5ICA2OC43MTk5OTk5ICA4OC43OTk5OTk5ICA3OS4yNzk5OTk5IF0K L0JvcmRlciBbMCAwIDBdCi9EZXN0IC9maWxlIzNhIzJmIzJmIzJmdmFyIzJmdG1wIzJmQ0dJdGVt cDUwNjY3LmRpciMyZmRyYWZ0IzJkaWV0ZiMyZG9hdXRoIzJkdjIjMmRiZWFyZXIuaHRtbC5odG1s IzIzYW5jaG9yNQo+PgplbmRvYmoKMjIgMCBvYmoKPDwKL1R5cGUgL0Fubm90Ci9TdWJ0eXBlIC9M aW5rCi9SZWN0IFs5My41OTk5OTk5ICA1Ny4xOTk5OTk5ICAxMTQuNzE5OTk5ICA2Ny43NTk5OTk5 IF0KL0JvcmRlciBbMCAwIDBdCi9EZXN0IC9maWxlIzNhIzJmIzJmIzJmdmFyIzJmdG1wIzJmQ0dJ dGVtcDUwNjY3LmRpciMyZmRyYWZ0IzJkaWV0ZiMyZG9hdXRoIzJkdjIjMmRiZWFyZXIuaHRtbC5o dG1sIzIzYXV0aHojMmRoZWFkZXIKPj4KZW5kb2JqCjIzIDAgb2JqCjw8Ci9UeXBlIC9Bbm5vdAov U3VidHlwZSAvTGluawovUmVjdCBbOTMuNTk5OTk5OSAgNDUuNjc5OTk5OSAgMTE0LjcxOTk5OSAg NTYuMjM5OTk5OSBdCi9Cb3JkZXIgWzAgMCAwXQovRGVzdCAvZmlsZSMzYSMyZiMyZiMyZnZhciMy ZnRtcCMyZkNHSXRlbXA1MDY2Ny5kaXIjMmZkcmFmdCMyZGlldGYjMmRvYXV0aCMyZHYyIzJkYmVh cmVyLmh0bWwuaHRtbCMyM2JvZHkjMmRwYXJhbQo+PgplbmRvYmoKMjQgMCBvYmoKPDwKL1R5cGUg L0Fubm90Ci9TdWJ0eXBlIC9MaW5rCi9SZWN0IFs5My41OTk5OTk5ICAzNC4xNTk5OTk5ICAxMTQu NzE5OTk5ICA0NC43MTk5OTk5IF0KL0JvcmRlciBbMCAwIDBdCi9EZXN0IC9maWxlIzNhIzJmIzJm IzJmdmFyIzJmdG1wIzJmQ0dJdGVtcDUwNjY3LmRpciMyZmRyYWZ0IzJkaWV0ZiMyZG9hdXRoIzJk djIjMmRiZWFyZXIuaHRtbC5odG1sIzIzcXVlcnkjMmRwYXJhbQo+PgplbmRvYmoKNSAwIG9iago8 PAovVHlwZSAvUGFnZQovUGFyZW50IDIgMCBSCi9Db250ZW50cyAyNSAwIFIKL1Jlc291cmNlcyAy NyAwIFIKL0Fubm90cyAyOCAwIFIKL01lZGlhQm94IFswIDAgNTk1IDg0Ml0KPj4KZW5kb2JqCjI3 IDAgb2JqCjw8Ci9Db2xvclNwYWNlIDw8Ci9QQ1NwIDQgMCBSCi9DU3AgL0RldmljZVJHQgovQ1Nw ZyAvRGV2aWNlR3JheQo+PgovRXh0R1N0YXRlIDw8Ci9HU2EgMyAwIFIKPj4KL1BhdHRlcm4gPDwK Pj4KL0ZvbnQgPDwKL0Y2IDYgMCBSCi9GNyA3IDAgUgovRjggOCAwIFIKL0Y5IDkgMCBSCj4+Ci9Y T2JqZWN0IDw8Cj4+Cj4+CmVuZG9iagoyOCAwIG9iagpbIDE2IDAgUiAxNyAwIFIgMTggMCBSIDE5 IDAgUiAyMCAwIFIgMjEgMCBSIDIyIDAgUiAyMyAwIFIgMjQgMCBSIF0KZW5kb2JqCjI1IDAgb2Jq Cjw8Ci9MZW5ndGggMjYgMCBSCi9GaWx0ZXIgL0ZsYXRlRGVjb2RlCj4+CnN0cmVhbQp4nO1dy27k Nhbd11doPYDdIvUGBgH8HGAWAxg2MIsgi6AznUHQDsbJIr8/UklVRd0j6pAsSla52+6kbbZE3veL l6xP/3j+Ofn1z+TT3fP/ks/D33fPu/Q6LZr+K0nb7ytzQNfXmU67r6RW2XVZ7Uc/v+7ekrfd0+6p /X/399vuMGu6//7z8++7T/16w1Pd6Ouubsp29jRVWfvrV/NXlaWqui7bn9vxVP7aPfzf3b//lvw+ u9TxX67zdPiy/my+97ZT+rrej6v9pOLXFl9dJd0fpRNVJn/8Z/elxWvJ5fJ03fWqJM/XRW/V9aqk VOuit+p6VVLV66K36npV0hTrorfqelWi2rVWxW/dBVsEdbMygjMLlmnWaFWUtfVnc8EsGxbIE5XW qtw7rNaXZXnROag0Lbrx1lHWvbeqS5V3sHeLj8d1da0P44d5vlrm7/zdFwPmJhu+rD+PYB7Blqve k76KtYoeToDNHDdxOczz1TK/hDkSnS0w22Cw8WUJOk/z+lWMu9B5WjZssjSG+RCtNRAQOShL2fnh uvujioOqPLm8eFhf7b/NVfuR57t/tZHbX4lO/tn+91vy40/te78Y8Ru+ePuy+/RYtqgmL1+SfqGr /q+XHtCrrElefkn+3sHxQ/Ly266LI4cBvR+oTgPZfqA+DeTyiX6Oh5dRBGsBq7KA1doZgKqmUJUS KgORQj5Ryieq/UBzGqjlK4185WY/kJ8GbuUTd3KOewrHg8QWlgXAAP3HGDzItcEElQryKJAViYnq 2VTMAC7JoyQmKo8kTUV5mLGgPJLCA1AhSygiOCmQq5JSLVdRkn4K4IhCro7xJ3pJxoOQqxtKHgA8 l5qzEmqtJFRZTEkAxt9SkZZPoOIAdQAO0CQweBZNOk2q7qgC30uJ5HBwelCziq8APQDSB3/dAam9 iaU7JwmTKu1gNB/lK/70iqYqzWFGnQqotJK2/VECAb4Q4I4hotLHcIlEzaAU1uDJJBxaTqpzOQDW BuYo6RywShVLZhs73/xNHAhDDLtps87ni7lKqzFPItDzNGeAEdC1fAVkFqxXgJmwqEoEguo8PkGP c+qGKTBQB+inOf1gIIp/6KiTq/jUOc6JUTfgLjXcwbxJ3VvGmhnkcEnE5b/R5Hhusj2N25S9nKJx nSVXWusDrr0CK0M2NIz0yCkI4owYpaehTiURlRFsVzBxLeNxXBtWagCYG/nILYc3EnR3MNLHmcog BMRzvUdRhjlLAWBYG2aBpRWyUqKtEAOAF4EZLI6GiNx8JgcBcKDNkLaY85QSccChAtYhNEhQ5AtK 9f2UCQtWtKKd+koXhV3TkIVAjwncHNhcSxIp0JoJNt9YFD8WQTJdtQSp67ET9xXGOykgUlWGVG9O d5D1MIlcBmdF7qHUhRgVWGnICM15kZ3w0iM342epickloA0a6WbKH/adA+l+N2f657GP5M87+E2/ RQeJVsVkvFImV51Uj52KkkwAPaylPBSSuiBVp1e0HBjmGNMWIwzHuGJap5uk9VdTRq4rrBYHlR5s nKFpWsKayWDLEkpw521MWk1TBDQeMngwtFDoM+a4kavcToenkG8ar9zLAcAWauaAHNADIH1kgIFQ OawCkAJvJbaDq2pm5gASAsXkKwqWBUgBF5iDow/MBprCK/CEP7ZDqDWHC0gQZxSIJZXCIZwz/QCo thwYgheYVYYPfgYmz8uRhaFsUNI6oMBwWQdGcSL7SzLKGCgyDHDQKaSHANrw3xD9AMkAO3gClpGu TsktxiEAPE8+9g7oWKVG1wDyAmwB1Lg34a+AFQfmc3sCnARrAUyASf0FCNgURY1V3Zh8AokDkzQE 4HMaB7zmNlsyzrbKecjqIh8Jpb/9RdxAbLniB9iKGAEMvAKhFjeEH9phA3L3chVOjwcpyKsQCJfl JORhNCdQhJAPRRt4G8GlY24GgEVzesdCyjvFESERDw8jOCMBWw46AMbzQ57sfSCfz00SpnJcn3h+ yMNM//R42M5XXk6MJwBA5YBqgFwWrcXFxwFn2rU2KTEN2xKhBK+WYFAIXKCmD1nLBQhW4cWzOgbR W2eSp8fInAY0QB4IApZJIerKhBPrEdz78OQQjAm05/LwjtqwCQtFq6IBIdCwJz2jLB8qqrb4tPNk LkvLkdDBqgBXQFQQUAPljAsQ/q1URsDIU0gnNIoHDnwnQmKnoTOVemOHcC0gdeFJOA9oAHTqoByS G+6OAfSHWC5M1WfQKyDe4xaIB2+8QGV0an2sfdO8OLR5HbTX2GyQu6Jo8GDfVJ55wa1WaL2GPf47 Oamltx+SHGg2mKmDw6RDkIHxADhETGrebdM3r0ULWdxNX2zK43EWj0S4+5aTDn18xgDsnjiYCvBo PM+NsE8OvgdbCRwiUQA12MWfW1QvRlIXYOQlG4BA4ODR4/N0kqfKIA7UL0wwivsjXgeCuDJGlWeR op9/9IqpG1epgLIHV0v/IoaWu2NDm7jhqSx77cYcEL3dRgvW5pZdBHTIDyf71wO8WFdw+jYdDpfb gNSf2xNq6TD1j1FGBbmlOwLoG9AEB9SCljAXMQzsVsQfAYM5OPt5aMDLNrSFLkQMIVKme1moDkAg y8mAOVwCIgO5IQQCg4yS2AKkKxWOi2Zs6R/BoLpWviI4HF1Y1wCt5VtM3HoE2AZawHXY3OBbfRDR 8ZyQB8EOXUMQXECIz7ePYxQXecWJNu067J9+d9ELuGjegbBV9/pe0eVChj3PRhaVF6J4HGS5fMJL k11jugjuJHfXDmQsD+gDNje/cUmPUskLcPzcFcCA9MBZKibNFBtAq81B509wvlguFZiLaHmsCYzi 2QpUFGFSXtqTrtGByEsILi77PhYF4IhX7CkPO4TfjRS1OAHb1IuI6QXHiViB5rkH2KCAdgme//t3 zTnkXhktuOMkLqyJUSGjlX4E3oECfHeAZ98BqhlQlY+ROQc0HTlk/QEBBN1v1NP3FgR4jPrY+cXt oUQNlZv36buiNifrAeoP1RpgNa2JILY8evLvDcMSCC/4rFISuyC3FJJdUBvkwAfaH++Av62OMJd/ LtJrwbcYeHt3QEcmfyXGQZYYHaoRjmxtLEqP4E6aYwKymTifv8I9HwDGucANm/8elUuTTIDAUI1y aBIK8MkBp+v4qbYYuk+9ZVAMv4hTDthi411k/iqUyepUlE2XGG3iAW1VfO/P/7wZuPVs8j7UAJNb 6sPl39/bVCM4GP+GwZCWSokuJucgt8C6gPqV/10HGbCfB8rcBPHziAAH3Hkjm/0cDoPBfS1yDlgl s4TnH/C0Qlk0Y0oat7zBOYJBxI0B6HmEz86AYwM3UrPgpAGcRYCDBXAhHYCKk0hAbO1V73byoDxd 5S57S3nChLpE4z0kgP+xdbziA6oBNJoJUFA8e0IdWEAbl0OfG5g0nh5GKEqEnL2M0ZvOPTxvMYpx zRu/SpBHKwEXJwYc+QxIS2NwbjNFO0qQkBvZeNK5UptO1ZhWG+7+CgkRF7HasZKOKi2scPLkiFoP h0sJpGBH20OvMvsFDDHuet2uRq5yIC+rqTHlR+4jlJIu+ATSIqchNhsVZZbPFptLFuHzEqCAB7bT v+SJ8nExJ/YykFMgEN/aXeQ2qABFDpbkCL4in9nu2Oz2KKZq79RaSdsiQ5IoevDpctoiHZqn+B4S tw6g+7LU6lB3py1aDvdoBlT3+UYd37kLCDcC7oxdJJmLsfMd0GtG7x/HaxgCJHmdDyNY5DCqxatH cDhlZhWGd/I3C92mrQsTW4i1HJqxeMWFK0fA9XnUmYR8ZkTABf8XVBvieSY3Dv49HAF3o0Bt3aFZ cZXCn0Nz2lY+dQWiUQA94ELgNatnMTqZI3iCyv0DQ2IczXUIk5bIVJe5ryeAYgGfyLRE2So8+LiE mqRD8yvfEOWGzn/SCez41Ye8ySWGa+StJBFOH2741tMPqBARvEOTWcGIsjPNc3V6tSzC4a+5GXR7 OLTc82Msq2wJww4EIDNRVOSl7lVKRA5qGGCXYsTOWwlzuTn0L3ehtAcEIRGKJhm0/IHfXqTuFKOG tkrjTsQNqPN9QZ0eP4/4cnesouybxjgCvsg1ndxo8XODG/n4GoSDUz3gJnLIHPyvxfrGnUkMa/o9 /Hqf8OvjdqHXlfikbaMfB05Gy88eHxgGcgKkhTDE54Z8h/Z4NILQhA7339NXlHGlVnpdNMNXcuhC V8ioskga1T7bM+J1VzXm7193zwYjxxOOJQUXI1Jhn2wvAaUlXGnhvWrSZqxtBknKCbFHcB2B9AOt 6/A0QFOSnzAAsggfCNvz0zghcSMHbuUrd2CR7uUjYPhgmcdpTwCi5xZ6zvJS5+4Eswz4yHvdyrsu TvKuWtCMge0JfD0mkkXgIdzahkp01PVi8WDBTcsJoielFe1isDzP2Och0IU8EdyAqXp8GTDy8tiU g1EIwM5nA35WfTMPexdJffNUqG++YX9Vj4lE1VeVm1NfHxZDmw+Is/Rgagihoeg/5xelgKNywhO1 VE4zWDpPB4r1XVghXVixdRdWuLswPPb57jrgw2II/h2MPGgFpCVSKWAOdestSV3wX4ngv9qwMd1r W3kwR5sylfvgv3S3lMohTodARz4RJViAY1I0nMJlERnA9wHsLwgwfiYBRRjr1QBstFCnXt/M19LM 11s380ci2bRz05mKB4ujKDBG6pDgS32FbaFF0p/t6C9AcqgXq5lZLVcLzUGPlIeF4fIJ7pMhLjU+ sfI8a9Ssnnip9sXe+gzWyBjYqDVqWKyw6cTLg8Uom9SyYOI1lK2NWXl8AbVEXpAMCR+GI3yztRVc CG7+gGlLeMeyOTlTbkJCIoY8hPI5nD5nGFQ79/qWQRXCMhwHtmkZDCo5mIbN5aNeTMZNSnTmuBcB s9TS7XLvjrpzoRrZfidvLc9UuWfD8Nfn11DuPyVPu/8Dwso7mWVuZHN0cmVhbQplbmRvYmoKMjYg MCBvYmoKMzY5MgplbmRvYmoKMzEgMCBvYmoKWzEgL1hZWiA0Ny41MTk5OTk5ICAKMTAyLjMxOTk5 OSAgMF0KZW5kb2JqCjMyIDAgb2JqClsxIC9YWVogNDcuNTE5OTk5OSAgCjUzMi4zOTk5OTkgIDBd CmVuZG9iagozMyAwIG9iagpbMSAvWFlaIDQ3LjUxOTk5OTkgIAoyNTAuMTU5OTk5ICAwXQplbmRv YmoKMzQgMCBvYmoKWzEgL1hZWiA0Ny41MTk5OTk5ICAKNzIuNTU5OTk5OSAgMF0KZW5kb2JqCjM1 IDAgb2JqClsxIC9YWVogNDcuNTE5OTk5OSAgCjU3My42Nzk5OTkgIDBdCmVuZG9iagozNiAwIG9i agpbMSAvWFlaIDQ3LjUxOTk5OTkgIAoyNzkuOTE5OTk5ICAwXQplbmRvYmoKMzcgMCBvYmoKPDwK L1R5cGUgL0Fubm90Ci9TdWJ0eXBlIC9MaW5rCi9SZWN0IFs3OC4yMzk5OTk5ICA4MDMuMTIwMDAw ICA4OC43OTk5OTk5ICA4MTMuNjc5OTk5IF0KL0JvcmRlciBbMCAwIDBdCi9EZXN0IC9maWxlIzNh IzJmIzJmIzJmdmFyIzJmdG1wIzJmQ0dJdGVtcDUwNjY3LmRpciMyZmRyYWZ0IzJkaWV0ZiMyZG9h dXRoIzJkdjIjMmRiZWFyZXIuaHRtbC5odG1sIzIzYXV0aG4jMmRoZWFkZXIKPj4KZW5kb2JqCjM4 IDAgb2JqCjw8Ci9UeXBlIC9Bbm5vdAovU3VidHlwZSAvTGluawovUmVjdCBbOTMuNTk5OTk5OSAg NzkxLjU5OTk5OSAgMTE0LjcxOTk5OSAgODAyLjE1OTk5OSBdCi9Cb3JkZXIgWzAgMCAwXQovRGVz dCAvZmlsZSMzYSMyZiMyZiMyZnZhciMyZnRtcCMyZkNHSXRlbXA1MDY2Ny5kaXIjMmZkcmFmdCMy ZGlldGYjMmRvYXV0aCMyZHYyIzJkYmVhcmVyLmh0bWwuaHRtbCMyM3Jlc291cmNlIzJkZXJyb3Ij MmRjb2Rlcwo+PgplbmRvYmoKMzkgMCBvYmoKPDwKL1R5cGUgL0Fubm90Ci9TdWJ0eXBlIC9MaW5r Ci9SZWN0IFs3OC4yMzk5OTk5ICA3ODAuMDc5OTk5ICA4OC43OTk5OTk5ICA3OTAuNjM5OTk5IF0K L0JvcmRlciBbMCAwIDBdCi9EZXN0IC9maWxlIzNhIzJmIzJmIzJmdmFyIzJmdG1wIzJmQ0dJdGVt cDUwNjY3LmRpciMyZmRyYWZ0IzJkaWV0ZiMyZG9hdXRoIzJkdjIjMmRiZWFyZXIuaHRtbC5odG1s IzIzRXhBY2NUb2tSZXNwCj4+CmVuZG9iago0MCAwIG9iago8PAovVHlwZSAvQW5ub3QKL1N1YnR5 cGUgL0xpbmsKL1JlY3QgWzc4LjIzOTk5OTkgIDc2OC41NTk5OTkgIDg4Ljc5OTk5OTkgIDc3OS4x MTk5OTkgXQovQm9yZGVyIFswIDAgMF0KL0Rlc3QgL2ZpbGUjM2EjMmYjMmYjMmZ2YXIjMmZ0bXAj MmZDR0l0ZW1wNTA2NjcuZGlyIzJmZHJhZnQjMmRpZXRmIzJkb2F1dGgjMmR2MiMyZGJlYXJlci5o dG1sLmh0bWwjMjNzZWMjMmRjb24KPj4KZW5kb2JqCjQxIDAgb2JqCjw8Ci9UeXBlIC9Bbm5vdAov U3VidHlwZSAvTGluawovUmVjdCBbOTMuNTk5OTk5OSAgNzU3LjAzOTk5OSAgMTE0LjcxOTk5OSAg NzY3LjU5OTk5OSBdCi9Cb3JkZXIgWzAgMCAwXQovRGVzdCAvZmlsZSMzYSMyZiMyZiMyZnZhciMy ZnRtcCMyZkNHSXRlbXA1MDY2Ny5kaXIjMmZkcmFmdCMyZGlldGYjMmRvYXV0aCMyZHYyIzJkYmVh cmVyLmh0bWwuaHRtbCMyM3RocmVhdHMKPj4KZW5kb2JqCjQyIDAgb2JqCjw8Ci9UeXBlIC9Bbm5v dAovU3VidHlwZSAvTGluawovUmVjdCBbOTMuNTk5OTk5OSAgNzQ1LjUxOTk5OSAgMTE0LjcxOTk5 OSAgNzU2LjA3OTk5OSBdCi9Cb3JkZXIgWzAgMCAwXQovRGVzdCAvZmlsZSMzYSMyZiMyZiMyZnZh ciMyZnRtcCMyZkNHSXRlbXA1MDY2Ny5kaXIjMmZkcmFmdCMyZGlldGYjMmRvYXV0aCMyZHYyIzJk YmVhcmVyLmh0bWwuaHRtbCMyM21pdGlnYXRpb24KPj4KZW5kb2JqCjQzIDAgb2JqCjw8Ci9UeXBl IC9Bbm5vdAovU3VidHlwZSAvTGluawovUmVjdCBbOTMuNTk5OTk5OSAgNzM0ICAxMTQuNzE5OTk5 ICA3NDQuNTU5OTk5IF0KL0JvcmRlciBbMCAwIDBdCi9EZXN0IC9maWxlIzNhIzJmIzJmIzJmdmFy IzJmdG1wIzJmQ0dJdGVtcDUwNjY3LmRpciMyZmRyYWZ0IzJkaWV0ZiMyZG9hdXRoIzJkdjIjMmRi ZWFyZXIuaHRtbC5odG1sIzIzYW5jaG9yNgo+PgplbmRvYmoKNDQgMCBvYmoKPDwKL1R5cGUgL0Fu bm90Ci9TdWJ0eXBlIC9MaW5rCi9SZWN0IFs3OC4yMzk5OTk5ICA3MjIuNDc5OTk5ICA4OC43OTk5 OTk5ICA3MzMuMDM5OTk5IF0KL0JvcmRlciBbMCAwIDBdCi9EZXN0IC9maWxlIzNhIzJmIzJmIzJm dmFyIzJmdG1wIzJmQ0dJdGVtcDUwNjY3LmRpciMyZmRyYWZ0IzJkaWV0ZiMyZG9hdXRoIzJkdjIj MmRiZWFyZXIuaHRtbC5odG1sIzIzYW5jaG9yNwo+PgplbmRvYmoKNDUgMCBvYmoKPDwKL1R5cGUg L0Fubm90Ci9TdWJ0eXBlIC9MaW5rCi9SZWN0IFs5My41OTk5OTk5ICA3MTAuOTU5OTk5ICAxMTQu NzE5OTk5ICA3MjEuNTE5OTk5IF0KL0JvcmRlciBbMCAwIDBdCi9EZXN0IC9maWxlIzNhIzJmIzJm IzJmdmFyIzJmdG1wIzJmQ0dJdGVtcDUwNjY3LmRpciMyZmRyYWZ0IzJkaWV0ZiMyZG9hdXRoIzJk djIjMmRiZWFyZXIuaHRtbC5odG1sIzIzYW5jaG9yOAo+PgplbmRvYmoKNDYgMCBvYmoKPDwKL1R5 cGUgL0Fubm90Ci9TdWJ0eXBlIC9MaW5rCi9SZWN0IFsxMDguOTU5OTk5ICA2OTkuNDM5OTk5ICAx NDAuNjM5OTk5ICA3MDkuOTk5OTk5IF0KL0JvcmRlciBbMCAwIDBdCi9EZXN0IC9maWxlIzNhIzJm IzJmIzJmdmFyIzJmdG1wIzJmQ0dJdGVtcDUwNjY3LmRpciMyZmRyYWZ0IzJkaWV0ZiMyZG9hdXRo IzJkdjIjMmRiZWFyZXIuaHRtbC5odG1sIzIzYW5jaG9yOQo+PgplbmRvYmoKNDcgMCBvYmoKPDwK L1R5cGUgL0Fubm90Ci9TdWJ0eXBlIC9MaW5rCi9SZWN0IFs5My41OTk5OTk5ICA2ODcuOTE5OTk5 ICAxMTQuNzE5OTk5ICA2OTguNDc5OTk5IF0KL0JvcmRlciBbMCAwIDBdCi9EZXN0IC9maWxlIzNh IzJmIzJmIzJmdmFyIzJmdG1wIzJmQ0dJdGVtcDUwNjY3LmRpciMyZmRyYWZ0IzJkaWV0ZiMyZG9h dXRoIzJkdjIjMmRiZWFyZXIuaHRtbC5odG1sIzIzYW5jaG9yMTAKPj4KZW5kb2JqCjQ4IDAgb2Jq Cjw8Ci9UeXBlIC9Bbm5vdAovU3VidHlwZSAvTGluawovUmVjdCBbMTA4Ljk1OTk5OSAgNjc2LjM5 OTk5OSAgMTQwLjYzOTk5OSAgNjg2Ljk1OTk5OSBdCi9Cb3JkZXIgWzAgMCAwXQovRGVzdCAvZmls ZSMzYSMyZiMyZiMyZnZhciMyZnRtcCMyZkNHSXRlbXA1MDY2Ny5kaXIjMmZkcmFmdCMyZGlldGYj MmRvYXV0aCMyZHYyIzJkYmVhcmVyLmh0bWwuaHRtbCMyM2FuY2hvcjExCj4+CmVuZG9iago0OSAw IG9iago8PAovVHlwZSAvQW5ub3QKL1N1YnR5cGUgL0xpbmsKL1JlY3QgWzEwOC45NTk5OTkgIDY2 NC44Nzk5OTkgIDE0MC42Mzk5OTkgIDY3NS40Mzk5OTkgXQovQm9yZGVyIFswIDAgMF0KL0Rlc3Qg L2ZpbGUjM2EjMmYjMmYjMmZ2YXIjMmZ0bXAjMmZDR0l0ZW1wNTA2NjcuZGlyIzJmZHJhZnQjMmRp ZXRmIzJkb2F1dGgjMmR2MiMyZGJlYXJlci5odG1sLmh0bWwjMjNhbmNob3IxMgo+PgplbmRvYmoK NTAgMCBvYmoKPDwKL1R5cGUgL0Fubm90Ci9TdWJ0eXBlIC9MaW5rCi9SZWN0IFsxMDguOTU5OTk5 ICA2NTMuMzU5OTk5ICAxNDAuNjM5OTk5ICA2NjMuOTE5OTk5IF0KL0JvcmRlciBbMCAwIDBdCi9E ZXN0IC9maWxlIzNhIzJmIzJmIzJmdmFyIzJmdG1wIzJmQ0dJdGVtcDUwNjY3LmRpciMyZmRyYWZ0 IzJkaWV0ZiMyZG9hdXRoIzJkdjIjMmRiZWFyZXIuaHRtbC5odG1sIzIzYW5jaG9yMTMKPj4KZW5k b2JqCjUxIDAgb2JqCjw8Ci9UeXBlIC9Bbm5vdAovU3VidHlwZSAvTGluawovUmVjdCBbNzguMjM5 OTk5OSAgNjQxLjgzOTk5OSAgODguNzk5OTk5OSAgNjUyLjM5OTk5OSBdCi9Cb3JkZXIgWzAgMCAw XQovRGVzdCAvZmlsZSMzYSMyZiMyZiMyZnZhciMyZnRtcCMyZkNHSXRlbXA1MDY2Ny5kaXIjMmZk cmFmdCMyZGlldGYjMmRvYXV0aCMyZHYyIzJkYmVhcmVyLmh0bWwuaHRtbCMyM3JmYy5yZWZlcmVu Y2VzMQo+PgplbmRvYmoKNTIgMCBvYmoKPDwKL1R5cGUgL0Fubm90Ci9TdWJ0eXBlIC9MaW5rCi9S ZWN0IFs5My41OTk5OTk5ICA2MzAuMzE5OTk5ICAxMTQuNzE5OTk5ICA2NDAuODc5OTk5IF0KL0Jv cmRlciBbMCAwIDBdCi9EZXN0IC9maWxlIzNhIzJmIzJmIzJmdmFyIzJmdG1wIzJmQ0dJdGVtcDUw NjY3LmRpciMyZmRyYWZ0IzJkaWV0ZiMyZG9hdXRoIzJkdjIjMmRiZWFyZXIuaHRtbC5odG1sIzIz cmZjLnJlZmVyZW5jZXMxCj4+CmVuZG9iago1MyAwIG9iago8PAovVHlwZSAvQW5ub3QKL1N1YnR5 cGUgL0xpbmsKL1JlY3QgWzkzLjU5OTk5OTkgIDYxOC43OTk5OTkgIDExNC43MTk5OTkgIDYyOS4z NTk5OTkgXQovQm9yZGVyIFswIDAgMF0KL0Rlc3QgL2ZpbGUjM2EjMmYjMmYjMmZ2YXIjMmZ0bXAj MmZDR0l0ZW1wNTA2NjcuZGlyIzJmZHJhZnQjMmRpZXRmIzJkb2F1dGgjMmR2MiMyZGJlYXJlci5o dG1sLmh0bWwjMjNyZmMucmVmZXJlbmNlczIKPj4KZW5kb2JqCjU0IDAgb2JqCjw8Ci9UeXBlIC9B bm5vdAovU3VidHlwZSAvTGluawovUmVjdCBbNzguMjM5OTk5OSAgNjA3LjI3OTk5OSAgMTQ3LjM2 MDAwMCAgNjE3LjgzOTk5OSBdCi9Cb3JkZXIgWzAgMCAwXQovRGVzdCAvZmlsZSMzYSMyZiMyZiMy ZnZhciMyZnRtcCMyZkNHSXRlbXA1MDY2Ny5kaXIjMmZkcmFmdCMyZGlldGYjMmRvYXV0aCMyZHYy IzJkYmVhcmVyLmh0bWwuaHRtbCMyM2FuY2hvcjE2Cj4+CmVuZG9iago1NSAwIG9iago8PAovVHlw ZSAvQW5ub3QKL1N1YnR5cGUgL0xpbmsKL1JlY3QgWzc4LjIzOTk5OTkgIDU5NS43NTk5OTkgIDE0 Ny4zNjAwMDAgIDYwNi4zMTk5OTkgXQovQm9yZGVyIFswIDAgMF0KL0Rlc3QgL2ZpbGUjM2EjMmYj MmYjMmZ2YXIjMmZ0bXAjMmZDR0l0ZW1wNTA2NjcuZGlyIzJmZHJhZnQjMmRpZXRmIzJkb2F1dGgj MmR2MiMyZGJlYXJlci5odG1sLmh0bWwjMjNhbmNob3IxNwo+PgplbmRvYmoKNTYgMCBvYmoKPDwK L1R5cGUgL0Fubm90Ci9TdWJ0eXBlIC9MaW5rCi9SZWN0IFs3OC4yMzk5OTk5ICA1ODQuMjQwMDAw ICA4My4wMzk5OTk5ICA1OTQuNzk5OTk5IF0KL0JvcmRlciBbMCAwIDBdCi9EZXN0IC9maWxlIzNh IzJmIzJmIzJmdmFyIzJmdG1wIzJmQ0dJdGVtcDUwNjY3LmRpciMyZmRyYWZ0IzJkaWV0ZiMyZG9h dXRoIzJkdjIjMmRiZWFyZXIuaHRtbC5odG1sIzIzcmZjLmF1dGhvcnMKPj4KZW5kb2JqCjU3IDAg b2JqCjw8Ci9UeXBlIC9Bbm5vdAovU3VidHlwZSAvTGluawovUmVjdCBbNTIyLjcyMDAwMCAgNTI4 LjU1OTk5OSAgNTQzLjg0MDAwMCAgNTM2LjIzOTk5OSBdCi9Cb3JkZXIgWzAgMCAwXQovRGVzdCAv ZmlsZSMzYSMyZiMyZiMyZnZhciMyZnRtcCMyZkNHSXRlbXA1MDY2Ny5kaXIjMmZkcmFmdCMyZGll dGYjMmRvYXV0aCMyZHYyIzJkYmVhcmVyLmh0bWwuaHRtbCMyM3RvYwo+PgplbmRvYmoKNTggMCBv YmoKPDwKL1R5cGUgL0Fubm90Ci9TdWJ0eXBlIC9MaW5rCi9SZWN0IFsyMzkuNTE5OTk5ICA0ODQu Mzk5OTk5ICAzMzkuMzYwMDAwICA0OTQuOTU5OTk5IF0KL0JvcmRlciBbMCAwIDBdCi9EZXN0IC9m aWxlIzNhIzJmIzJmIzJmdmFyIzJmdG1wIzJmQ0dJdGVtcDUwNjY3LmRpciMyZmRyYWZ0IzJkaWV0 ZiMyZG9hdXRoIzJkdjIjMmRiZWFyZXIuaHRtbC5odG1sIzIzSSMyZEQuaWV0ZiMyZG9hdXRoIzJk djIKPj4KZW5kb2JqCjU5IDAgb2JqCjw8Ci9UeXBlIC9Bbm5vdAovU3VidHlwZSAvTGluawovUmVj dCBbMzg2LjM5OTk5OSAgMzgzLjU5OTk5OSAgNDQ0Ljk1OTk5OSAgMzk0LjE1OTk5OSBdCi9Cb3Jk ZXIgWzAgMCAwXQovRGVzdCAvZmlsZSMzYSMyZiMyZiMyZnZhciMyZnRtcCMyZkNHSXRlbXA1MDY2 Ny5kaXIjMmZkcmFmdCMyZGlldGYjMmRvYXV0aCMyZHYyIzJkYmVhcmVyLmh0bWwuaHRtbCMyM1JG QzI2MTYKPj4KZW5kb2JqCjYwIDAgb2JqCjw8Ci9UeXBlIC9Bbm5vdAovU3VidHlwZSAvTGluawov UmVjdCBbNjcuNjc5OTk5OSAgMzcyLjA3OTk5OSAgMTI2LjIzOTk5OSAgMzgyLjYzOTk5OSBdCi9C b3JkZXIgWzAgMCAwXQovRGVzdCAvZmlsZSMzYSMyZiMyZiMyZnZhciMyZnRtcCMyZkNHSXRlbXA1 MDY2Ny5kaXIjMmZkcmFmdCMyZGlldGYjMmRvYXV0aCMyZHYyIzJkYmVhcmVyLmh0bWwuaHRtbCMy M1JGQzUyNDYKPj4KZW5kb2JqCjYxIDAgb2JqCjw8Ci9UeXBlIC9Bbm5vdAovU3VidHlwZSAvTGlu awovUmVjdCBbNjcuNjc5OTk5OSAgMzM3LjUxOTk5OSAgMTY3LjUxOTk5OSAgMzQ4LjA3OTk5OSBd Ci9Cb3JkZXIgWzAgMCAwXQovRGVzdCAvZmlsZSMzYSMyZiMyZiMyZnZhciMyZnRtcCMyZkNHSXRl bXA1MDY2Ny5kaXIjMmZkcmFmdCMyZGlldGYjMmRvYXV0aCMyZHYyIzJkYmVhcmVyLmh0bWwuaHRt bCMyM0kjMmRELmlldGYjMmRvYXV0aCMyZHYyCj4+CmVuZG9iago2MiAwIG9iago8PAovVHlwZSAv QW5ub3QKL1N1YnR5cGUgL0xpbmsKL1JlY3QgWzUyMi43MjAwMDAgIDI0Ni4zMTk5OTkgIDU0My44 NDAwMDAgIDI1My45OTk5OTkgXQovQm9yZGVyIFswIDAgMF0KL0Rlc3QgL2ZpbGUjM2EjMmYjMmYj MmZ2YXIjMmZ0bXAjMmZDR0l0ZW1wNTA2NjcuZGlyIzJmZHJhZnQjMmRpZXRmIzJkb2F1dGgjMmR2 MiMyZGJlYXJlci5odG1sLmh0bWwjMjN0b2MKPj4KZW5kb2JqCjYzIDAgb2JqCjw8Ci9UeXBlIC9B bm5vdAovU3VidHlwZSAvTGluawovUmVjdCBbNjcuNjc5OTk5OSAgMTc5LjExOTk5OSAgMTI2LjIz OTk5OSAgMTg5LjY3OTk5OSBdCi9Cb3JkZXIgWzAgMCAwXQovRGVzdCAvZmlsZSMzYSMyZiMyZiMy ZnZhciMyZnRtcCMyZkNHSXRlbXA1MDY2Ny5kaXIjMmZkcmFmdCMyZGlldGYjMmRvYXV0aCMyZHYy IzJkYmVhcmVyLmh0bWwuaHRtbCMyM1JGQzIxMTkKPj4KZW5kb2JqCjY0IDAgb2JqCjw8Ci9UeXBl IC9Bbm5vdAovU3VidHlwZSAvTGluawovUmVjdCBbNDM3LjI3OTk5OSAgMTU3Ljk5OTk5OSAgNDk1 LjgzOTk5OSAgMTY4LjU1OTk5OSBdCi9Cb3JkZXIgWzAgMCAwXQovRGVzdCAvZmlsZSMzYSMyZiMy ZiMyZnZhciMyZnRtcCMyZkNHSXRlbXA1MDY2Ny5kaXIjMmZkcmFmdCMyZGlldGYjMmRvYXV0aCMy ZHYyIzJkYmVhcmVyLmh0bWwuaHRtbCMyM1JGQzUyMzQKPj4KZW5kb2JqCjY1IDAgb2JqCjw8Ci9U eXBlIC9Bbm5vdAovU3VidHlwZSAvTGluawovUmVjdCBbMzU1LjY4MDAwMCAgMTQ2LjQ3OTk5OSAg NDE0LjI0MDAwMCAgMTU3LjAzOTk5OSBdCi9Cb3JkZXIgWzAgMCAwXQovRGVzdCAvZmlsZSMzYSMy ZiMyZiMyZnZhciMyZnRtcCMyZkNHSXRlbXA1MDY2Ny5kaXIjMmZkcmFmdCMyZGlldGYjMmRvYXV0 aCMyZHYyIzJkYmVhcmVyLmh0bWwuaHRtbCMyM1JGQzI2MTcKPj4KZW5kb2JqCjY2IDAgb2JqCjw8 Ci9UeXBlIC9Bbm5vdAovU3VidHlwZSAvTGluawovUmVjdCBbMzQ5LjkyMDAwMCAgMTM0Ljk1OTk5 OSAgNDA4LjQ4MDAwMCAgMTQ1LjUxOTk5OSBdCi9Cb3JkZXIgWzAgMCAwXQovRGVzdCAvZmlsZSMz YSMyZiMyZiMyZnZhciMyZnRtcCMyZkNHSXRlbXA1MDY2Ny5kaXIjMmZkcmFmdCMyZGlldGYjMmRv YXV0aCMyZHYyIzJkYmVhcmVyLmh0bWwuaHRtbCMyM1JGQzM5ODYKPj4KZW5kb2JqCjY3IDAgb2Jq Cjw8Ci9UeXBlIC9Bbm5vdAovU3VidHlwZSAvTGluawovUmVjdCBbNTIyLjcyMDAwMCAgNjguNzE5 OTk5OSAgNTQzLjg0MDAwMCAgNzYuMzk5OTk5OSBdCi9Cb3JkZXIgWzAgMCAwXQovRGVzdCAvZmls ZSMzYSMyZiMyZiMyZnZhciMyZnRtcCMyZkNHSXRlbXA1MDY2Ny5kaXIjMmZkcmFmdCMyZGlldGYj MmRvYXV0aCMyZHYyIzJkYmVhcmVyLmh0bWwuaHRtbCMyM3RvYwo+PgplbmRvYmoKMjkgMCBvYmoK PDwKL1R5cGUgL1BhZ2UKL1BhcmVudCAyIDAgUgovQ29udGVudHMgNjggMCBSCi9SZXNvdXJjZXMg NzAgMCBSCi9Bbm5vdHMgNzEgMCBSCi9NZWRpYUJveCBbMCAwIDU5NSA4NDJdCj4+CmVuZG9iago3 MCAwIG9iago8PAovQ29sb3JTcGFjZSA8PAovUENTcCA0IDAgUgovQ1NwIC9EZXZpY2VSR0IKL0NT cGcgL0RldmljZUdyYXkKPj4KL0V4dEdTdGF0ZSA8PAovR1NhIDMgMCBSCj4+Ci9QYXR0ZXJuIDw8 Cj4+Ci9Gb250IDw8Ci9GNiA2IDAgUgovRjggOCAwIFIKL0Y5IDkgMCBSCi9GMzAgMzAgMCBSCj4+ Ci9YT2JqZWN0IDw8Cj4+Cj4+CmVuZG9iago3MSAwIG9iagpbIDM3IDAgUiAzOCAwIFIgMzkgMCBS IDQwIDAgUiA0MSAwIFIgNDIgMCBSIDQzIDAgUiA0NCAwIFIgNDUgMCBSIDQ2IDAgUiA0NyAwIFIg NDggMCBSIDQ5IDAgUiA1MCAwIFIgNTEgMCBSIDUyIDAgUiA1MyAwIFIgNTQgMCBSIDU1IDAgUiA1 NiAwIFIgNTcgMCBSIDU4IDAgUiA1OSAwIFIgNjAgMCBSIDYxIDAgUiA2MiAwIFIgNjMgMCBSIDY0 IDAgUiA2NSAwIFIgNjYgMCBSIDY3IDAgUiBdCmVuZG9iago2OCAwIG9iago8PAovTGVuZ3RoIDY5 IDAgUgovRmlsdGVyIC9GbGF0ZURlY29kZQo+PgpzdHJlYW0KeJztXU2P47gRvftX+BxgekRSoiQg CNDb2xMghwCDaSCHRQ7BbDbBomeRzh7y9yNLakusJ7pIuiTTHk9jd9ociyoW6+NVsUh+/POXf+z/ 9fv+49OX/+y/jn8/fdkVD0XVDn/2RffzYd6gmweji8OffaPMg6371q/fdm/7t93n3efu/287ZfsH x7+6f3x/RdH//P71t93H4eW7oeXL01+73/631/u/dP/9uv/p713jz2N/hy982zWt7egoCmW6j6/z j0q3re5/79oL+vHw5X/v/vaH/W8HwvRD0xOvBgLnHz8oU6j6wR4+nUPy2/Ro15lptaps4/193rEx Iz3lvixt/XDgs+2GbsrqQFZRVF170w+7a+94YFX5UHb0atqu+4f79mM/r57+D+z5ZUZza8Y/3t8d mue0tUP/Pc2zd1XF8B1Km9s+G8uxn1dP/5RmIT57aPbR4JuXNfi8PNffnPYwPi/Lhk+WhPjcKlse fu/U1ZHnVtWDyhmXBtJ+pHnWz6unfzF5blVb9OQYVzZaXZieHEqb2z4by7GfV0//K/HZQ7OPBt+8 rMHn5bl25DmQz8uy4ZMlIT4rrczQvyvPXXs50OPSQNqPNM/6efX0LybPXZ+jz3Rlo2uv+w9I27x9 Ppb3fl49/a/EZw/NPhp887IGn5fn+htpD+Hzsmz4ZMml+R2mtQBaorCPLTvOmLru0N5eVfv//rN7 yece2iQAKNX/zGkZWjwA6u3Egz+87D5+sntV7F9+2Q8UfBj+ehmI7khomv3Lz/s/Hmj60/7l190B Lo4Num+opwbTNzRTQ0m/MfTx/DIOfx1O193/ro/TdVVdHafb2l4hp9umXonTlLsH+hXSbzsDWpju ywe2dEatbuefX3dfgqZr6WUnmXWqs3e2mUW2Vd2HQrfjiNVjP+J2YoGdWJAY572dePAkbR3v5rSN s1HR6Zk1aDKj6kcyHFXS8dE+dNs3qDKuxZBu1NPwlWJ6E6WlGHqxMdQ2XB/Fp75hoqx4pjxRLB0s k9QzHR08oyryXv0IHPmBGx50EjB/Q4NSJ0gDDsBk4XseKaPhxZo+QqcCCdF0sp4mbUtWm0GlO3MY rDaehhi71xzsXgci3+2eOmSbpob8DF/jcsln+GZMqTIyjQf2xk2y5iUaGkA/WSUYXehJJeeVbVT7 aL9rid+1ufvd6t23aeDSxf1uFe53Qbb0E+d0VA0uFPwDmMcAx4Rul/o/dIis64IGHnmA2OsE556b 241WyLpyFbLO1x8MClm/G1T9nJ1C1hHG/hMrbKAWAE/B2AO0BODYsnoS4B9YaURCEvAbD4PxNaGk SuC3JiLskcJvbUHwW5uvA21cLvn0NW/8FjHJ+ao0G3Sj7vERGdAhplkdat5cszo05WrW1JCpZk1c 4jVL2ew0K2qSNxFgeK0pBqc1y1Cy2ogphQY8n5xfk1A2tb0bU5q4sakhV2VT4W4sqwztqGwRkwxu DJwURoYLLSDkoKG836JSbxSnsgHxFzph+pqg8fGxIULetQFtROCnjBv4TZ/z08DBTpl3f2EgjXvp wG+iLcBk1tRBoJyMfked+M49bkt2eOUFHF5FHV6Vu8M7csmnblnHbVGTbALULX5p8DvLfCJGp/59 IX0ssowJABsxOPAILNKKRkzCZtnzI2KJhhi7pw6VasrOwuqynjfkZ/gOFM95nW75crWN3QxECpNA vYYZ7OtUtKMrXqn58IHFIfDeu+XPzfJLmMb6AnCuoXCuyR3O1eFwLsdkYcwkb6TU/JJ6QNlWQkSW ENVdptLkjt0GA9VeK3ZrKXZrs8dubTh285m5vLFbjDCtgd1Qc8D80KJtrCyCoko+7WSg8ptf8fnE mn0eZIHp4FHlNtbVIIjm+ewZv4CV08X5MOwiVk6rwrVyU0OuVm7itYSVywvu9VYuSphu28oBchGI 4O4mbNmE6SsFaloToDY1ZGvCtCRQy2vFfTBhMcJ0IRMGWIe+FtbbcQGe3czE77Hht0yBWUTS2UX9 gNWHm7WLEXUBunR3aEyf8zMlg9U2RzCUE5Dp6wIm2ngjEJAtAe0LWIvnlS008SzhYavtCzt1RQo7 p4b8JLpxueST6FxTFH2uNmaSsdKFN5chtWZ8VSbAd4ml6OtXULv9YoquyWLK1JCrglrO5eQaXQ8K GjPJtFoNg0mAhHcNPkuDY8BaM/NtldOQn+oMBqY5bueG5Aci9JCKIb7sFkQHF+oCFuwvqbaVy7oA v8oXHEDeCDkJddFDg9JTC7//FwtIcUMEqENKufWp/UgROmWKwtWpqSFXnWrba9AprPrJQKfacFdo ah6rsvv7RCQbWauAtIRldN5vt2kapWZbDfT8c6YKZdQxAGsuJ6Edq+akJBn9hDIXXgqoJJmWYsQA ykJa+BVetiTuJNKapGU4BPogkr7fXXHkvx8gonEv7WWlP+1tQVa0PcjK0Zjphir7I52ikmvQdFYR ozdUIn+kJuVpGUHM+qhJgy4o6fCWZ0o6vEUtzLGw1rYera0OWlsaau8B/kAqF1LXp8o4K8qCetnx gATMNIMyesxtmxOdwuok0NGQb2Cnhn0LkA784OmARwCewCOUQTAWbOAZxFNqaR+fWNJhcEAHUMo/ AtAFKAXC+OHDIUMgydBpApMppSDao/+BR8IyZj5VL5Wr6zhasGUwDSB0oB6gDew30ITysg5vyUU9 WEVWsGjHGpTxKMjS/1r0dSC4MA0wfN5qQx8xtQynPVB5PM8WFBv4A/iNF8IE88F3KqGUSjXO8Ddy wLDlQVHENUKfU31IEAbOAgwsnQfzTAUXVB1eC3MJr11lcsvCurItY8YLt1MYPu9wnlm7DuoAnQKT 2ZlLsfy8E+cBCW/XEzDd7bk1CTNuvYTeoHHgPeMJ6ID8SPBRCWEDz3Wg4zJRExgpHgahfPCzzw8f Ok3gabymo3yASEmYoGRxONeJGddc5BKsAYPYc2cDwCalY8xAnjIXrM4FcIxH0glujkoy6r6cN6n9 QQHQxbODTTLAUCAOH1GywNiqwryToVjBjg8ZAwQKTBLPwSt2e5kk+oJTPbIo8bbBFw/nKekabm6J 9/roCGAsCYlxCXgGXIcQKT6JixzjHQHrSzGTI4EtKmNcAyvB04viEwl/oxovXQKIBtJHyEFwc7kG HilQPGHpaRVNv94k9zWviUlM5X1dLcgU8iom4jwma8njIj4zGs/kFJwYKoUS3sSY3KThMqhQxO/x URQ/ODAfvC2A1/LratDHNgCfT2QAP/h0CSUMV78TnDprLRBsCfi993rKE2maAI98d0lCRuhMA1u2 kRZW0YkKSLLwTovPZfBFBx7UJ+GBysZLeTz62qrsLRd8ugpeT3Bj7LJzgFFOyGMmrOgIcEwweVzb O7rYEF1IFBxtEkWmZCqSs3S3qaUBE8XnRkPHcm55Ue0YA4VXKoB5oA24O0KR4RpAFzTmgW8I4aDS NXUynTYuy1ZcZT+T0saetvTmkTbEXPXsrUfUPfpsVbrSZQN77vHLS2T8Aqu1nvTGeTJmTOXKWKho n4qa42FOQNSM3gHmksco7EJqSm6PVzrKkIXhUgXht9QsdJK8wHKuJS9cIUqYuzXg06WWhderzbeF 9bLjhgIDA0fD8ch4lWrCW2ayiFVeZ3vUYW+9I+yUywZgPu/6421QuqrfI3ovYXwt0/W4gm2MkAR2 hm+AOEAk7SkmXaMC0+p36FDiqW6szgXsPpZYxoLXQqwpsdXtpvXllnLu/GvjI0mYORTtVTY/gdDx NYgIDWT2IljHHNy3YHLTvWah75npq+ZQvmONaNJQNbXbKRVd1Bh+2f+GzoTYavX0ns9zO42fy4At dHLhx5lWua1cpfu+Qhhek2G/JLvpEMyUb8OTBLqujom5XNZX2WIDBC08IuNDq/h9EiLreN/lpqBz M0CFI7khye4ElkmkgHge8htIE/Yk8woiERfyefo1AsXvrIhBMPyK2aso6GGsHxpkW9w55Jgnyq8G 4wfPrGxy4kInsl1PqLHORhF+jwtv+G/ZnK5TF1E2hWsdBLZMajideZtpkACbEsdVrBi+SfiwRvlE LOB8vpTiDImqbT46k1gYTUi78FY7oCiGVwd2LSjABicvuZwZ4ljFiN0mZyd8D+bhvKDoomc7TX3g 0mhIi4ZbhSTywRea74Rd+B7jJuEwWivJ0szTOaunxHgZg9Hxfgp4GJ+FR1TPTy5fbgBsTwiMYKb4 OCjBTbOhE7pcYBA/UTywSdgUKbED50LgoOw3R0wmJiEKhhq5hPOtrsg3xFu2ef3Sjd3nUR8DV/4+ D5EbPyzFHXCzBlzGgVmJ5Os6Wn+numZpNyzt+BrPIYiN/xGR0bULEguGZWhZ5XaSuq29Pj9hiySb /uFNFvKZN9AwefGndJdwbVapKSzCnTIAi+LP1V2JEkxWfaKdYGnJKuMxtNJKU7tdGkoIjni8Mc5E dKuxdEZiOKDUAJ8hfMA9V7QhX8oyEqSA8QElC7pDRxguJwJBZqP05ccnU7mnamc8GRuY8f4yvHpx xke0utCC/cKQkdcbmSWkFnS9hJWWhFPgJXYC0tcu1DhCeoEKDvgD7GRBIFnzh7d3JGTot9l2xKcg aNCF1eiCO05PyUjC6dfxi/e+RVEJo63r8Nnnk5zAjoSkjUQlbejlNmf6idK6LMzlxLlcrqnSunYY VILxyzWKymVzU4JNRtBAk+8AGlbZVgB+LMChbrLyAgxKORov/iaJdVwSRjXwXnbldZ3LOIYzYZry GBWI7cFsai94um38ke2R4vyyIiw8y3Ao3vVhaRNbGgnJP34eYC0bIXvACgbrYsC0824qoB53vC79 xEI8MHEhXqSkqXVWn2zhWoSEpcZt9uZsc42FVS4/BK1uU/nEAbWO9+wSPE7eqiS8t01gbZYnPWB3 6BpXZwZs9JbYVSVxjRTIxyrr/wkHI1xqj7qxtau4t3XUY1E6ozPFGga1Uq7xkyg8AHSAeRJeQcD4 SWy0kas5a4sIoJPAsW0qnwOO9xLIG+djMXR/OOw0d7gIg8Pjt0dLgFI+ar/QlSGY51jlBk1+t3N8 QTUA/YU1N8gmwfLEOri+tY4grmTcexdyStz58YNpCpBUmEx+7ngZYkVXLhZodePlGILOBMAYf5y2 xIFmAYg6IYWbEJGyoDNhPTMgwlgl9MnlTDieMBHMlbCexW984SPfAEIEdusGpNfib/xMuXdmlYCS X2xI0H7+EX4bfnzyhE/633BJcdu+e6eAgmF6nlpCSXHhcRswx3bivgF9pTW2voXOWdIVCoahzuqR PlItzDoAgHXKcm03N7rQrTs3m+8xlrs4nehO1Y5/kJ/k3wJ0wt9Zz2Pri9/qw/lXZXnMiTwSwfOU jnDvM4XvhY37wpG9sf17x9MfrjMbz1gLNauAh8wADdnHrNdM0FrCFJNGtJcpxqg1mWKMdbv/gaq9 527mEyxQy7vT01lQN6uyoD+xcepewaYGS0Y8RmVSBJTWvUUHFG2st5uviGk6CVgFC1TDMxX3DeGB DleHHS9MkBnnuDjY+geuqUxvMs7p4MDVDad13yesH9Y9e/Q6zKYqmjV5ohQ55TVDs6mqalUW9Kvl U/ebm81hJflYE7SS1QQjiVaTImXpcfYXgk/L8FuZTQT8YEeF/aB2lxgv5wfXdviqdRPSMgOl84WC SW3QSUfY/ezfuuEq29M9/vX1W2qw93n/efd/ydId82VuZHN0cmVhbQplbmRvYmoKNjkgMCBvYmoK NDI3MAplbmRvYmoKNzQgMCBvYmoKWzIgL1hZWiA0Ny41MTk5OTk5ICAKNzM2Ljg3OTk5OSAgMF0K ZW5kb2JqCjc1IDAgb2JqClsyIC9YWVogNDcuNTE5OTk5OSAgCjExOC42Mzk5OTkgIDBdCmVuZG9i ago3NiAwIG9iagpbMiAvWFlaIDQ3LjUxOTk5OTkgIAo3MDYuMTU5OTk5ICAwXQplbmRvYmoKNzcg MCBvYmoKWzIgL1hZWiA0Ny41MTk5OTk5ICAKNTAwLjcxOTk5OSAgMF0KZW5kb2JqCjc4IDAgb2Jq ClsyIC9YWVogNDcuNTE5OTk5OSAgCjg4Ljg3OTk5OTkgIDBdCmVuZG9iago3OSAwIG9iago8PAov VHlwZSAvQW5ub3QKL1N1YnR5cGUgL0xpbmsKL1JlY3QgWzM0OC45NTk5OTkgIDc0Ny40Mzk5OTkg IDQ0OC43OTk5OTkgIDc1Ny45OTk5OTkgXQovQm9yZGVyIFswIDAgMF0KL0Rlc3QgL2ZpbGUjM2Ej MmYjMmYjMmZ2YXIjMmZ0bXAjMmZDR0l0ZW1wNTA2NjcuZGlyIzJmZHJhZnQjMmRpZXRmIzJkb2F1 dGgjMmR2MiMyZGJlYXJlci5odG1sLmh0bWwjMjNJIzJkRC5pZXRmIzJkb2F1dGgjMmR2Mgo+Pgpl bmRvYmoKODAgMCBvYmoKPDwKL1R5cGUgL0Fubm90Ci9TdWJ0eXBlIC9MaW5rCi9SZWN0IFs1MjIu NzIwMDAwICA3MDIuMzE5OTk5ICA1NDMuODQwMDAwICA3MDkuOTk5OTk5IF0KL0JvcmRlciBbMCAw IDBdCi9EZXN0IC9maWxlIzNhIzJmIzJmIzJmdmFyIzJmdG1wIzJmQ0dJdGVtcDUwNjY3LmRpciMy ZmRyYWZ0IzJkaWV0ZiMyZG9hdXRoIzJkdjIjMmRiZWFyZXIuaHRtbC5odG1sIzIzdG9jCj4+CmVu ZG9iago4MSAwIG9iago8PAovVHlwZSAvQW5ub3QKL1N1YnR5cGUgL0xpbmsKL1JlY3QgWzIxNi40 Nzk5OTkgIDI0MC41NTk5OTkgIDI2Mi41NjAwMDAgIDI1MS4xMTk5OTkgXQovQm9yZGVyIFswIDAg MF0KL0Rlc3QgL2ZpbGUjM2EjMmYjMmYjMmZ2YXIjMmZ0bXAjMmZDR0l0ZW1wNTA2NjcuZGlyIzJm ZHJhZnQjMmRpZXRmIzJkb2F1dGgjMmR2MiMyZGJlYXJlci5odG1sLmh0bWwjMjNGaWd1cmUjMmQx Cj4+CmVuZG9iago4MiAwIG9iago8PAovVHlwZSAvQW5ub3QKL1N1YnR5cGUgL0xpbmsKL1JlY3Qg WzUyMi43MjAwMDAgIDg1LjAzOTk5OTkgIDU0My44NDAwMDAgIDkyLjcxOTk5OTkgXQovQm9yZGVy IFswIDAgMF0KL0Rlc3QgL2ZpbGUjM2EjMmYjMmYjMmZ2YXIjMmZ0bXAjMmZDR0l0ZW1wNTA2Njcu ZGlyIzJmZHJhZnQjMmRpZXRmIzJkb2F1dGgjMmR2MiMyZGJlYXJlci5odG1sLmh0bWwjMjN0b2MK Pj4KZW5kb2JqCjcyIDAgb2JqCjw8Ci9UeXBlIC9QYWdlCi9QYXJlbnQgMiAwIFIKL0NvbnRlbnRz IDgzIDAgUgovUmVzb3VyY2VzIDg1IDAgUgovQW5ub3RzIDg2IDAgUgovTWVkaWFCb3ggWzAgMCA1 OTUgODQyXQo+PgplbmRvYmoKODUgMCBvYmoKPDwKL0NvbG9yU3BhY2UgPDwKL1BDU3AgNCAwIFIK L0NTcCAvRGV2aWNlUkdCCi9DU3BnIC9EZXZpY2VHcmF5Cj4+Ci9FeHRHU3RhdGUgPDwKL0dTYSAz IDAgUgo+PgovUGF0dGVybiA8PAo+PgovRm9udCA8PAovRjYgNiAwIFIKL0Y5IDkgMCBSCi9GOCA4 IDAgUgovRjczIDczIDAgUgovRjMwIDMwIDAgUgo+PgovWE9iamVjdCA8PAo+Pgo+PgplbmRvYmoK ODYgMCBvYmoKWyA3OSAwIFIgODAgMCBSIDgxIDAgUiA4MiAwIFIgXQplbmRvYmoKODMgMCBvYmoK PDwKL0xlbmd0aCA4NCAwIFIKL0ZpbHRlciAvRmxhdGVEZWNvZGUKPj4Kc3RyZWFtCnic7V1Lb9w4 Er73r9B5gTgiqSewWCB27AXmMIARA3sYzGGR7OwiSAbrncP8/VVLarfEr9kfxS6q1YpsJG7TFFlV rDep4vu/f/pn8u8/kvcPn/6bfO5/PnzapXdpXndfSdp8vxs26OrO6HT/lVTK3BVl2/r5++41ed09 756b/193qmgf7H80fzxMkbbff3z+ffe+m3zXtXx6+Ln59Geik5+af1+TX35tGr/04+07fN9VddHA kabKNL9+G/6qTFqpu6L53LSn9q/7zv/Z/eMvye97wPRd1QKvOgCHv77TzTP1/kFzEcivx0ebwUyt VV5Uzs/DgY3p4cmS5m8tDqluUDdZ3n5O86a9zO6ytr2hQaHaX5S223V5p/v2t3G+Ocbfk+e3Acy1 6b+cn0cwD2Gr2mk7mAdzNX/fLxXANm4f4PI2zjfH+DbMQnR2wOyCwbUuMeh8eq2/j9r96HyaN1y8 NIa5k5a98Ls+D2GeJG+1SnTWIJ2rKlHJ//7VzPs8z8xF3sycmySrqkQXZta591iXuXJhHc7Xqsrb X5SlP1RV5AflOFzzcfuRR47jfHOML6c/VFVWLTyWLKqqVi08ANuwfYjLYZxvjvHl9MeIzg6YXTC4 1iUGnU+v9Xer3YfOp3nDxUtjmA9uRA1GdZrEZlmi1V5uG6nJD2LzHGbgVfs9hKVrcRj41zMP3r/s 3j8ViUqTl9+SDoJ33Y+XDuh3WpVF8vIl+esepr8lL193e3emb9BtQ3lsMG1DdWzI7B7dGI8vPfpx KF0X9Q1Suq7SSJQOdA1fzzzY4lM3vuspfFRaNPikDVYdLKpqYamPwOVtQ3YG/NJGsLJ6KG33eGob cptIAzLeWz3Ugz0tAGY/kj5Y0ypDQf9oN9izKGUTiIKeAvocdHgEIIUxCkpkmx74CMwCY0isCyD3 wW6AR2BQeMReOQ/AAH0YVAJ94A8Hj7XyHyzImclGgozIweqDIHPJ5o8AtjAtFTF8pLZ7RBGgefTH R3uWDwKr36vxvD7M8mjzaUrpwZmfagecFsYAqtvGgks20hQWm3PyrXHQZfyhqzF/eCslWY2LxtMe 9JbNCaitAJbi8rIso3UOsFUbHO71CWg6JWgbyoNnkHVcqNIpRLUh02BPuEiBNpjFJl3JzqePVBw4 s8OgMC3XOTAGJaGyJRntK/AHX5cV8YdE7KUhT+Cg2IVhQVGNhH+FWlpEO1ZvnhFoaXBywXoCTSkH ofoEhgHWhlm4VAIuIGJU03FfQXdOnTJnYAeCcLEEZOxBdWb3kPGU0xE/YLwWkGeh/oUu6Bj8kZsR bYgKRfycXO9z4Ko8jGlnMoFfXAw0u0s/XTpOyBx3HgKMJR+DTwuOEMwC3jaPPmAMmOVKeThdqDEb dpAOvG1gTHSvpmeQVW3L2Ae7xz0dQwIwkBiq2M2jzULcfAS7ExeqmKweL+5Abx33x7ozTGm7j3/6 82hfx6M/3/WZOGmLZbvtdpKF90hWByR1ZZPSZi0NC2b36NXEuYZufZQ+ch+INOykdYtcnHnk8bQW GMhJdmIJgSvibL61Fquh9LyqQiRYAQHkWj7AQHm4mjBNgIritgMsFFdzNP2D7gcQlacdAFtO5YDw FhYGAgtoCHAkp/NDiC/OnS3AhT/COYj7WkAPSEvxbXS+DNzF5dstPC9DU/LI/DzlGpCldXDQhV5A GyIe9fZ111YgaNLGOOGCHRvuijuiuzPrpHObG3g2SGC/DrMwXOHy8M43TzFpZ4AG6tqcJvKF0Yyu RvzhIfoBplIgVzyTdY2xe71Z19VYV5cQXrRviE6vx3kHzrk86QL4O2aRsEBZ5VwXUDmAG3DyPKme uhhDLiD6K8y4nDO3fNMjQCUDY/PwFsPKKMeDFqKluGct4fUFnLHxUPQBy8Cl0H7EQLoDaMrPHPET E/OcSVufipGwN4VxLss8Ssk3gXTh7rZSI2xvyD2NcUrHFYleGiSZMZEV1RYBEc/tUj3EEPLQg2M7 T/ZUIu0goHJMbWtPjgv0AJaa/saIRwhkW3kPnyaGf+oBqa/HImGRSmcEFOfQAScpNFCrD7Gah7Mx fZ8ojsmennVAbCUOr/+IHt3cypJnpMNt+IXnNTuH7agMrpTXnMf9CNgjvtKbkhHzmhLGozZOVBaS YwhRlldyAiVefghmU5H9mtod760pjAg4ybDqNB5nfjhHyt9C8N3NvfQ9hWLEuCE7wpTqPseHYuzN Qo+Q0OPWdjwFzJpJ39wgx1nASW8gUQsNFFyujQrYV+RaO2AbQMRopWa82PQVHI9gTcLu85Mc85y2 2/YRr2DnRJZyzs1sWQ6K6SheaBrKfKwu5JxNCZul385KSVQK4o4jNw38MCY/3i0RAnFxkTuTco4e tyuUq1brN308JMpB40zXI42y3Mgz4rFhCZ2cq8Mk29YsQe52Xg4KUJ+gYbj14DqIJ36j7E1O30PH 8IXjIuEI8NgddDI0cHc9xq7HCu3therUWPqUnxgAOKbLHC4DlzmqULCwA5S+gPdcYQ8Dehgxm1UU Tuynx7+4ChADhORGJU508npm1Fait8GF0AYsJCUbsMFJa7NJlNOI8/4qz0gLlBFDG7WUup0ghZzX +epzXchrySzrnMqlqi8d6b7lRjxz7rVJmJNqQggEYjvdO78dV5u/DsCNJ2DrocY4TfkygCHkSylR yPGG411+uBCklO8C8Xh3KQY5IFrhURMVQn/f8sJ8WZ2OVV1AfXuuQKJ4jmCzwaWFg9YB5cwccEjY l9rfZJ9gh4Cc0pyHsrbDP31DyFsGPPMb8ML39M2laznwEjEyL5XL9xo5cpzXo7zk6FvW5ULb0FbA H6gpiVyfxCETfp5qnjMU/BVXDz1OleGkiKY0jsUs9vti+9LG/SzKnhYaHI7x9RsAMI7L1vADNSyW ca8qLyL6ozL+y5AthB04YJyEud3AwyQYA+CAMaBqqF2h1mXoBg3croFX80SnddjogScAToyNrYIG W0wVUMymBz4CSwmgA9WhmimsrQDjemALs8BSAjtAVMRvnZCTFxH9UU/wP25HfywFsK1hEQ2z8IeC rXfQlvzNcjAWEekhoT9ytUb/AwrRc/9DgSPA/Y/NIRn34JDacOCg090Nj4bFMu5V5UVEf+jN/9ga 1t6w5T9O0UNEf2Tr8T9E6JFv+jRiw+aPnYcjwB9TASHPpk+j6dNyPfp0EgkhnuM7/gELBcwPx6BB 1KEH5C0DZI5ewYuzgKgHwAHTwqBQVpHzGKV6SD75h1L0kv5HJel/XEk8lqvYtoZFNMzCH/iiFs0W axCgeRLMcvqjSNfofwTkkzU/pxXFlaSWELc46Z4nGHFu1TUAZps1DYNyzT/dd4jTsFjGvfn8R6G2 /MfWsPaGLf9xih4i+sOsx/8QoUe26dOtYe0Nmz6Npk/tC4VuUkwF8skakpBbPDfucTPxXJTzydBw yweWBf2PcvM/toa1N2z55Gj6o16j/xGSTw54P2q6d6FhUMclRIMGGxe0cwA6fwT2TW/HvG755AXp jzLd3s/eGtbesFjGvYH8R5Go9OSFMHm51x+ZVbJuUOqom6U4Tvtk9VBQzuKj3dAdOhoU24OSGPa0 vWdw7NFX7oVrI+EGoWNhFvNkjdGHxANcagswhFTZkD7SMYCEBaNHb7PLM4NCD4DD7tEbcXMGMHtt 8REY9N4icj+oQF2rsizHY8qWjr9WmURajw6LifES/7SAIS9Z5lHrOIAeAnf9Ai5x6mubtBwzHS+m zuuP8eu0bOSQLa90UyuvC8dLdNH6ja7CeRcWnMrGS9m/46xS20YdJSikBBVUAoMAz65Rju8mRLkg F3rQUvFarBphWWunMuC19ngRVYHbgD2KANJ69IK3Vk8pTeohQNxYUH3qUc+R2wZ6J0bIxSO8BCSH lKeU+FUc/LasgDvt+UJxneRrKycZCxg0yuVymTJj/QEUo3oNJNunTh4tHGhSAezqvXKs9BtgATcJ SGiY69xce2IZwB031L0I0BcLv3/+HKSLrXbLjSVPH3NcAmpfb1eQk0diXM3quuFCQlua3F9so1z1 HOwpXYa9KrIx+hJ8u6KrBETu5uhY7O2gl7ZvApvJIG/qZOwpRLkDIiAtNU+SZUVCGXIXQ0A9dh6K zcJSHthGESA5tpTQnsdjbtdxCuUuaarTt+r0XKv7xsPncsdXimW5UKIwUAPksf2AsINLB6NyAeJ0 p2N4hKYiVwtECaNg2pALYAKYiN+hA6Dy5ZbIVMW528jWECuy2iEOaUA+nZelkdsGPD5i7BMA3llq CYuiD2coNG4/DezW2xx3Ou2/nJ+HEPj0//Tw8y5N/kx08lPz72vyy68NCF+GiE2ctEW7SlR+8uzI /pqXun47OuKoNQPa+VxDtxxK2Ss2WNPqtFaAPPpATiDTDmPYp0vwGDJE/jAGTAtnJWx09T2gaw+i gaeBIDAvLIQNat9jzI/A810L56npwmIa1zeq+8VdiXnut+RHCPjOEtelEkECNwNRbK1W9YgdfPyV gIvhYR04yXzvyprEdTwAFtis9ThSErDRGnBJ5g27SXzagJ3Xxeb+rrTFE2Vbudi7JUMD4+CPy10+ k5py8Us7T1rXcfec8MWCqihHVNe15QrF2d2muiBTthuXdTQchAAYm4DjA4nMJ3sQPNjGR/E450m5 yOMa2ZCjOtyQ89QMt9vcf5I5zTLWCHM5MlG2yaffRgpMdQJ/frwpyp7LPGkUhzsgYWVy7YSLu1z0 FOsCUvnH7ERe919AJ/tvHqkO92CHV2Icklwl77RSB0k2HaSFja29tGw+k7om1OMJHa9UBONjzBif 0rZWfdYFFMDAiGS29aotopgwoN1EKbOoRCnr8fB2rgZzRh8ZCdRpkQ8mQa5VTBLkbf7uODzco9jL /eCFqntRAHRWjI7ta0jkARtW4P/AqtjSiqyrTpudFq3mO3ltkFNFC2X/4/P30DTZc/K8+z/kdTyj ZW5kc3RyZWFtCmVuZG9iago4NCAwIG9iagozNzEzCmVuZG9iago4OCAwIG9iagpbMyAvWFlaIDQ3 LjUxOTk5OTkgIAo0NTguNDc5OTk5ICAwXQplbmRvYmoKODkgMCBvYmoKWzMgL1hZWiA0Ny41MTk5 OTk5ICAKODAzLjEyMDAwMCAgMF0KZW5kb2JqCjkwIDAgb2JqClszIC9YWVogNDcuNTE5OTk5OSAg CjQyOC43MTk5OTkgIDBdCmVuZG9iago5MSAwIG9iagpbMyAvWFlaIDQ3LjUxOTk5OTkgIAo3NzMu MzU5OTk5ICAwXQplbmRvYmoKOTIgMCBvYmoKPDwKL1R5cGUgL0Fubm90Ci9TdWJ0eXBlIC9MaW5r Ci9SZWN0IFs1MjIuNzIwMDAwICA3NjkuNTE5OTk5ICA1NDMuODQwMDAwICA3NzcuMTk5OTk5IF0K L0JvcmRlciBbMCAwIDBdCi9EZXN0IC9maWxlIzNhIzJmIzJmIzJmdmFyIzJmdG1wIzJmQ0dJdGVt cDUwNjY3LmRpciMyZmRyYWZ0IzJkaWV0ZiMyZG9hdXRoIzJkdjIjMmRiZWFyZXIuaHRtbC5odG1s IzIzdG9jCj4+CmVuZG9iago5MyAwIG9iago8PAovVHlwZSAvQW5ub3QKL1N1YnR5cGUgL0xpbmsK L1JlY3QgWzExMy43NTk5OTkgIDcyNC4zOTk5OTkgIDE3Mi4zMTk5OTkgIDczNC45NTk5OTkgXQov Qm9yZGVyIFswIDAgMF0KL0Rlc3QgL2ZpbGUjM2EjMmYjMmYjMmZ2YXIjMmZ0bXAjMmZDR0l0ZW1w NTA2NjcuZGlyIzJmZHJhZnQjMmRpZXRmIzJkb2F1dGgjMmR2MiMyZGJlYXJlci5odG1sLmh0bWwj MjNSRkMyNjE3Cj4+CmVuZG9iago5NCAwIG9iago8PAovVHlwZSAvQW5ub3QKL1N1YnR5cGUgL0xp bmsKL1JlY3QgWzQzMS41MTk5OTkgIDU5OC42Mzk5OTkgIDQ5MC4wNzk5OTkgIDYwOS4xOTk5OTkg XQovQm9yZGVyIFswIDAgMF0KL0Rlc3QgL2ZpbGUjM2EjMmYjMmYjMmZ2YXIjMmZ0bXAjMmZDR0l0 ZW1wNTA2NjcuZGlyIzJmZHJhZnQjMmRpZXRmIzJkb2F1dGgjMmR2MiMyZGJlYXJlci5odG1sLmh0 bWwjMjNSRkMyNjE3Cj4+CmVuZG9iago5NSAwIG9iago8PAovVHlwZSAvQW5ub3QKL1N1YnR5cGUg L0xpbmsKL1JlY3QgWzUyMi43MjAwMDAgIDQyNC44Nzk5OTkgIDU0My44NDAwMDAgIDQzMi41NTk5 OTkgXQovQm9yZGVyIFswIDAgMF0KL0Rlc3QgL2ZpbGUjM2EjMmYjMmYjMmZ2YXIjMmZ0bXAjMmZD R0l0ZW1wNTA2NjcuZGlyIzJmZHJhZnQjMmRpZXRmIzJkb2F1dGgjMmR2MiMyZGJlYXJlci5odG1s Lmh0bWwjMjN0b2MKPj4KZW5kb2JqCjk2IDAgb2JqCjw8Ci9UeXBlIC9Bbm5vdAovU3VidHlwZSAv TGluawovUmVjdCBbMTI4LjE1OTk5OSAgMjk3LjE5OTk5OSAgMjk3LjEyMDAwMCAgMzA3Ljc1OTk5 OSBdCi9Cb3JkZXIgWzAgMCAwXQovRGVzdCAvZmlsZSMzYSMyZiMyZiMyZnZhciMyZnRtcCMyZkNH SXRlbXA1MDY2Ny5kaXIjMmZkcmFmdCMyZGlldGYjMmRvYXV0aCMyZHYyIzJkYmVhcmVyLmh0bWwu aHRtbCMyM1czQy5SRUMjMmRodG1sNDAxIzJkMTk5OTEyMjQKPj4KZW5kb2JqCjk3IDAgb2JqCjw8 Ci9UeXBlIC9Bbm5vdAovU3VidHlwZSAvTGluawovUmVjdCBbMTI4LjE1OTk5OSAgMjYyLjYzOTk5 OSAgMTgwICAyNzMuMTk5OTk5IF0KL0JvcmRlciBbMCAwIDBdCi9EZXN0IC9maWxlIzNhIzJmIzJm IzJmdmFyIzJmdG1wIzJmQ0dJdGVtcDUwNjY3LmRpciMyZmRyYWZ0IzJkaWV0ZiMyZG9hdXRoIzJk djIjMmRiZWFyZXIuaHRtbC5odG1sIzIzVVNBU0NJSQo+PgplbmRvYmoKODcgMCBvYmoKPDwKL1R5 cGUgL1BhZ2UKL1BhcmVudCAyIDAgUgovQ29udGVudHMgOTggMCBSCi9SZXNvdXJjZXMgMTAwIDAg UgovQW5ub3RzIDEwMSAwIFIKL01lZGlhQm94IFswIDAgNTk1IDg0Ml0KPj4KZW5kb2JqCjEwMCAw IG9iago8PAovQ29sb3JTcGFjZSA8PAovUENTcCA0IDAgUgovQ1NwIC9EZXZpY2VSR0IKL0NTcGcg L0RldmljZUdyYXkKPj4KL0V4dEdTdGF0ZSA8PAovR1NhIDMgMCBSCj4+Ci9QYXR0ZXJuIDw8Cj4+ Ci9Gb250IDw8Ci9GNiA2IDAgUgovRjggOCAwIFIKL0Y5IDkgMCBSCi9GNzMgNzMgMCBSCi9GMzAg MzAgMCBSCj4+Ci9YT2JqZWN0IDw8Cj4+Cj4+CmVuZG9iagoxMDEgMCBvYmoKWyA5MiAwIFIgOTMg MCBSIDk0IDAgUiA5NSAwIFIgOTYgMCBSIDk3IDAgUiBdCmVuZG9iago5OCAwIG9iago8PAovTGVu Z3RoIDk5IDAgUgovRmlsdGVyIC9GbGF0ZURlY29kZQo+PgpzdHJlYW0KeJztXUtv5DYSvvev0DnA eMSHSApYBBh7PAvsYQFjDOwh2MPC2SQIPMF6c9i/v3p1S6xPVFFqSnL39BiJ22yJLBbrzSry41+/ /iv79c/s48PX/2Qv3e+Hr4f8Li/K9l+WVz8fhg3S3SmZ1/8yJ9SdsU3ry7fDW/Z2eDo8Vf9/OwjT vNj9qr48DpE3P3++/HH42A5+aFu+Pvy9+vS/TGZ/q/77Pfvpn1Xjz11/9QPfDq40FRx5LlT15+vw T6FyJ+5M9blqz+mf9cO/Hf7xQ/ZHDZi8cw3wogVw+OcHVealuKsmV5wF8lv/agWFKqUojAt+Hnas VAePzrR2dw1kppq60kU9nxowXc3ate0VDozQd7qCXtJ2aet51O19P6+B/mv0/DKAuVTdv+BnD+YB bFa1H20N82AsZ2oo63YfNr+9n0vfz2ugfwpzIjwHYA7BEFqXNfA8vtbfvPY4PI/TRoiWfJhbbqmZ P/R5CPMsfjNFpqSW1f/yrFDZf/9dDfy03dDKugpRbnToxdRlRFnUo+Slz8VG5i3qSx/zpP20UoN+ XgP9J+NiI2WL1NLnCCNVS/oUNr99MJdTP6+B/pNxsY/nAMwhGELrsgaex9f6m98ehedx2gjR0qZc XIqKlWr7YISVjnZECVp13jBaZ0pUY0iXieI4zNMyDS+anyEsbUtAw79NvHj/fPj4xWQiz55/yVoI PrS/nlugPyghRPb8c/aXGqYfs+ffD7U90zXIpsH2DappcH2Dpk+0fTw+d9NfB9OFLi8Q04XJV8J0 j2U5YJ/xz57lGPE8i4u5gzaYahZvBFPS1CQp5XGSJUXDp6ZBnxqk457oMDfVYJoGIfoW27SUfUM7 TEFXbPDEA2343DSYvuGRjvuFwC5yOhkYFvqgwwpB4aDTlfcwXUptEiYDCKGvCFgqgB0A+cwCAhgR 9xwgiHc6roC1A6wCQizt436E/ea5Zm8TLzZMUla+4xiTFLJmksoybEHROaBRUpzYcSQNGopxLrFz +nikDYrKOfqKBIoHOO7HOW9qctDHp3HatBMN0CngAxp40B8oNav5SIZRWCQnxCmld0/e63ElE3wq hi8iBmh4xaoAs8jSedzSCXughUFDQOk4ij8XXtgI3qDCH4eFPuiwnXTcRQjp3JdCSGRfKJFRmhJ0 KQRPhsB0QMoAB98prC8sFrwCk4NhS5ZPaadS0ycAjgEXLlcfinAEP1t+LkCr0EdgLgOVCrr+IcVs GzI15bHPFsci7+EQ45Z13yAKApgSBHQFlEytUHgiyVIKV3qzk4ouVJJRSuuNcqb6WAyHlP5agtJG BmJ5LiRkJzgbpRRvKi2wFa5XJSvhU62g8hcxDMoSLCl45WEUO5voRmUIw6SgfmWF3ymPtQU0xbMD sBSYzgFzaaoP3n7i/ROAg52tbOW4mJIP8436iFfAegCUwfzpdEdgB6zytlEshaTQwa4IzvZy3bFO diXAjxRHg0w+UjCAxHjzk0KuIMRIV2GEoqjRggoWhsln4COoIUytIGRhfYtsMH/aIKhrJKnNJiFO RPvAUCKrZDprcsoz5DvlvSCAlLqKMDlsANlHAZNAD4DTObTOrK2V0WsLs0U/GJYBEAQcBBRE+whZ FMAws14B0OkrEiQ/tX0k9aQkxJHpEzgKwAH+Caz+Y7rVd/GcfYXxmllkuaJtPMVzQGN0GRSdi4I+ YPp0LooCpkBI0wZF2TQkpQavUFUgoFOTSonXG+weSueYoxfr0NnSn/r1sewubqRwysfrdxDafLdh lqnps+5chKOJ+7as0Y/uCoD6zkO7APp5Ilgb4zHMdQV7TT4qDs7t1PqdgsDQyXSjLoNEB3YylRco QMDKCSQ+9Eub0DdVJdHzE7aUAh+ZqkMwalBRgZXDuiuYTMLb2vxcADCw+sD8AoqiHMbb/AqmDwoG AAMe5P19eALsUyA6Chg8ER13SEGWOncJF/vWQNYWNCE4EvDEfKKDPsDDWWUU9OdWGYWaCquMAkbd OusCYpwdBU0nGAXEJ6CQSrruiSTyQ8arNYwY8eFSCFTxSot32fjoF6jX+WoNlmGbwEwE4bL6FnLs QHm+M5Mlga2p+5SIFq6SgpE4SYD1PBUk6oJzIixt0ZK2dKtr6WIOfRw69Ij3CcTL73yxSZUXtP88 34PdK5uNpSt0e/htYACMT5hlPfqI0BOLwlDo6cyogCo9ibBNWm5E+GrX7OjLizIX2pfstzBzwnIC 3Wdn3PJ2n9cPbq8itb8jYSCbJOaeaq8uh1A647MlkFCK4PY6Vh2frkSpXUHK0zUlEcIGQRq7xiqP QiBIGiGFeRaApeNT8xaUktFRJGSr8ZKcNZV1t1J9odyIfwWVjyLBUjUqtshFCFREO9g2bLQFEZIi /ROYjMVyTFLtAhECQZ1BMtqV1T8X9kQobP1zxBNs/TPWw7K1zJ2HNFhk8Zmy8CPlLTB60L+BIAlb 7otPwPQsZXt+GEgfxeLlLzA9mA1gDbbBAY1Yzgxl1IGC5/18B5Mfkzlvpciz7asLzn3ftxR5dUt4 Vz/4zFohZz2+TBJnpU9ADk+XIzp4IiDfp9Q6dBooaUzMlvuUEkZEMKBhmxy3FcVUAlPaCBuc7CqC LUXR14JVuGARJFoRdFqoFLLgFmRfP67mCp+/YHcdKI4lQSytoQ2QfJJ6N3nzCmAnfDSm0epkbSAm wG+5LchMjtg+hczkdQJehiB1cYnF7or/nFDUVOwFnVJMD2B7WZJ5ny60lMI8OKUzbxSMikAhqB22 lDbazTtTURfCQxmKCD4XG1YfMAa7attUZqySV57CpADrecG+M79luGCLhHcvFuR1pIgRq5nqXKA6 FzLPlCnq88C7j+5O5LowmRBl+6msWytWEa798FLJaHPnykKr/PiV8d80bZ/Nk/XHon08818sjn0W zZPD4aqvWmhObx7hfDn8drj/Ya3yMtUwviHnv56lTq8xFDNxqMI2YZS9MiH4aB5rPOEy8IDdzkoa 2rzCeUwq5heZgy+1JOuaPWBCwTEFgWTvffYphPZlXZKD9MjaXHXGUoQPsGC/eTzB5v2zZac7bTBM AtTPH9KBZwuBf7/KGRRwEAxb5iToK3wDlkrBNiabigmHUoQ2Syf64I9GwU1a9miUiLqWL/vJPlUW Hq2OZk5MwBI0pF15MqTLfMyQLkVn9FYfiCHdfGX8N03b59GQdnbMkHa269NZakjXX7WAWc+Qbvpc 35CmJcHnxaUud8duL7d8m40xfl14136V5IQUPhLAwXYa48knqJ7aNKB0eeaIbg45H0igmzkSZY6g /Z/IMrT5sUrlZudsZefIwsd8kqArv/fFvoLxHFYv487egoyNVXYLlMl9JH9nJwwpf/oR8U7c6oMa XiwWDlSbw/0zA38qxRl2qtk+s5JU1ZztKlhljq6CVXbEVbDKtWZ9/cF3FdqvjP+mafvsXAWr9Iir ULUe+9TEVWi+aqHRQ1eh7XN1V8HqILXcYu7zDe7LcYTmV1OkSGjit5pRRS1ILQEkpxIelV4/Co9C jgmPQnWMXn0gwqP5yvhvmrbPo/DQ5Zjw0N0mYP2BCI/6K5l7bx7h3EJ4FKeSwDXyX7axiVJkWEYc QbCN977gNIl9EuWvSZYmzaA6Ny9N+3y5gKd4Mb+T6uQjQLDny+vB+dGczoMvw2uLB/0UBDCZJF2q rE8TsXaGRAVGnZ+miZ3OT8rEqtNUCtr1CtqNKmh3VNAOFLQ7KmjnK2jXK2g7qqDtUUFbUND2qKCt r6DdNgrapVTQ123d75WfucQS54V4ggRFfrsfNz74MD4vkm7lK0SnO5+V1/EHec3Ak+WWAbgzVWcj Hl0enlzE7hJ/U9aCE+MCmjFx/YLMC2/+YKBEeAEJ/HIeH3hdDEQQ2GHXuYpSOueT0F4nWMy/sG2J iOUPwfmudz2FTwzRl4Dtc2Fyc3zdgHSTqCltfJGykz31vuuZ5geKlpRATZ1Qc149k5NlcLK3KJBP dxAo0Lwg3inRnfcwFghzPl14H6sctxjgFX7TGww3WDne1oU+kmyLW+fz6bstzcWLZPkDNuZHqzdy Uvmjn3kXI935IpdnQbXaRWufWKYkwa3Yf8Sv1c5HYwqvbSNpsJEht2SvLpBuOLVFyGsQcFNjdy/O 1A9a+CTCm5MJaCbJwff8bXeBe3GHpHpF4cV3ZsikcC/MBQgq/iKEFc8CujzNLpr7fPqVFTseZS2s 9ansYrZM4VBTjBTz+zW0j4Rb2VMSNkUiC+SlgvUcSBEfzwI7U0y5050+cFr4/G00mKyCI6cjJBuV lxGpdtd8nmGam4Z2usX3vZ4Vc90ZAHsd4cfrD35HJ8GZ7GBN8ltt6KHEunlnCuHCeVI4wodhNxb5 myH4SHPCa31LRWp4B5DCxXvALyDqIRE79i7YCZLiAy5YYMZ3yrM6QEqDNjA5bAAEQa0fqFyIBM0x J5jF1vGX5eL1wmD4sBciSpAOcKUmG+YK+dqzXgHQYbufvWMTShT5elIcBeBgCxDlnDQUZvXNjKtO L/7QnTlUeCseZhpuZ5kkY0J6ZsYcsry4zYnBKKAbQJ7SueD93KCjYCnhamC4FxuIDkibTi6kkQev UN9DQKcpalXrmICuMOnTy4LMiMsL7tnSn/pNYN8EdqTA3vzwKa18Wk2zm2a9TvfKetvzTu9Lzoxb EozlrxsJcMqCE05TKKa+GhACS+zdfhHB2gWXnqe4L3ONamFc69jzoc69oUR7CxWRs8QH2hakNayR wY9P8MPyoyyIXcMTbPZAxMFuCXaLUSbxN/oAafP5mvMrfiJuPuWP/nknd8p919UJhc59PXC7rj7Z lZM6769IfSf7WJse/nzujR/aR+EaB0ivU0In6vqvAei3O68ZIZ2mQOJ2XzU37sL7qouy+4fCk3wX cQ91uLOGp0yIp0SdXVMnjHU81UI6uLYYbnKWcGM0Or6GPKLgnYI+Aa/cj4qMpRMtmtu11WmP92on 2p1DcTrGDybabWeKgaH+iZ1oDhVdiC493svciak8WEKtvZl1IY5UiJN56Z9/+JnOp6QkYwGTkgoY erl4d0s2EEg6LJlyVSxZsghA3zQuxjdAH8BW0AB4XYeLTif9IBdBxK2Lyg2AfmAfGWE0S/UebRjO tPrJ3qr5CtMA3v16+bbUMH/Kng7/B/D+dWJlbmRzdHJlYW0KZW5kb2JqCjk5IDAgb2JqCjM4NjAK ZW5kb2JqCjEwMyAwIG9iagpbNCAvWFlaIDQ3LjUxOTk5OTkgIAo3NzYuMjM5OTk5ICAwXQplbmRv YmoKMTA0IDAgb2JqCls0IC9YWVogNDcuNTE5OTk5OSAgCjMxMC42Mzk5OTkgIDBdCmVuZG9iagox MDUgMCBvYmoKWzQgL1hZWiA0Ny41MTk5OTk5ICAKMzQwLjM5OTk5OSAgMF0KZW5kb2JqCjEwNiAw IG9iagpbNCAvWFlaIDQ3LjUxOTk5OTkgIAo4MDYgIDBdCmVuZG9iagoxMDcgMCBvYmoKPDwKL1R5 cGUgL0Fubm90Ci9TdWJ0eXBlIC9MaW5rCi9SZWN0IFs1MjIuNzIwMDAwICA3NzIuMzk5OTk5ICA1 NDMuODQwMDAwICA3ODAuMDc5OTk5IF0KL0JvcmRlciBbMCAwIDBdCi9EZXN0IC9maWxlIzNhIzJm IzJmIzJmdmFyIzJmdG1wIzJmQ0dJdGVtcDUwNjY3LmRpciMyZmRyYWZ0IzJkaWV0ZiMyZG9hdXRo IzJkdjIjMmRiZWFyZXIuaHRtbC5odG1sIzIzdG9jCj4+CmVuZG9iagoxMDggMCBvYmoKPDwKL1R5 cGUgL0Fubm90Ci9TdWJ0eXBlIC9MaW5rCi9SZWN0IFs2Ny42Nzk5OTk5ICA3MTYuNzE5OTk5ICAx MjYuMjM5OTk5ICA3MjcuMjc5OTk5IF0KL0JvcmRlciBbMCAwIDBdCi9EZXN0IC9maWxlIzNhIzJm IzJmIzJmdmFyIzJmdG1wIzJmQ0dJdGVtcDUwNjY3LmRpciMyZmRyYWZ0IzJkaWV0ZiMyZG9hdXRo IzJkdjIjMmRiZWFyZXIuaHRtbC5odG1sIzIzUkZDMzk4Ngo+PgplbmRvYmoKMTA5IDAgb2JqCjw8 Ci9UeXBlIC9Bbm5vdAovU3VidHlwZSAvTGluawovUmVjdCBbNDMxLjUxOTk5OSAgNDUzLjY3OTk5 OSAgNDgzLjM1OTk5OSAgNDY0LjIzOTk5OSBdCi9Cb3JkZXIgWzAgMCAwXQovRGVzdCAvZmlsZSMz YSMyZiMyZiMyZnZhciMyZnRtcCMyZkNHSXRlbXA1MDY2Ny5kaXIjMmZkcmFmdCMyZGlldGYjMmRv YXV0aCMyZHYyIzJkYmVhcmVyLmh0bWwuaHRtbCMyM3NlYyMyZGNvbgo+PgplbmRvYmoKMTEwIDAg b2JqCjw8Ci9UeXBlIC9Bbm5vdAovU3VidHlwZSAvTGluawovUmVjdCBbMjA4Ljc5OTk5OSAgMzcz Ljk5OTk5OSAgMjYwLjYzOTk5OSAgMzg0LjU1OTk5OSBdCi9Cb3JkZXIgWzAgMCAwXQovRGVzdCAv ZmlsZSMzYSMyZiMyZiMyZnZhciMyZnRtcCMyZkNHSXRlbXA1MDY2Ny5kaXIjMmZkcmFmdCMyZGll dGYjMmRvYXV0aCMyZHYyIzJkYmVhcmVyLmh0bWwuaHRtbCMyM3NlYyMyZGNvbgo+PgplbmRvYmoK MTExIDAgb2JqCjw8Ci9UeXBlIC9Bbm5vdAovU3VidHlwZSAvTGluawovUmVjdCBbMTE3LjU5OTk5 OSAgMzUwLjk1OTk5OSAgMjg5LjQzOTk5OSAgMzYxLjUxOTk5OSBdCi9Cb3JkZXIgWzAgMCAwXQov RGVzdCAvZmlsZSMzYSMyZiMyZiMyZnZhciMyZnRtcCMyZkNHSXRlbXA1MDY2Ny5kaXIjMmZkcmFm dCMyZGlldGYjMmRvYXV0aCMyZHYyIzJkYmVhcmVyLmh0bWwuaHRtbCMyM1czQy5SRUMjMmR3ZWJh cmNoIzJkMjAwNDEyMTUKPj4KZW5kb2JqCjExMiAwIG9iago8PAovVHlwZSAvQW5ub3QKL1N1YnR5 cGUgL0xpbmsKL1JlY3QgWzUyMi43MjAwMDAgIDMwNi43OTk5OTkgIDU0My44NDAwMDAgIDMxNC40 Nzk5OTkgXQovQm9yZGVyIFswIDAgMF0KL0Rlc3QgL2ZpbGUjM2EjMmYjMmYjMmZ2YXIjMmZ0bXAj MmZDR0l0ZW1wNTA2NjcuZGlyIzJmZHJhZnQjMmRpZXRmIzJkb2F1dGgjMmR2MiMyZGJlYXJlci5o dG1sLmh0bWwjMjN0b2MKPj4KZW5kb2JqCjExMyAwIG9iago8PAovVHlwZSAvQW5ub3QKL1N1YnR5 cGUgL0xpbmsKL1JlY3QgWzIyMi4yMzk5OTkgIDIyNi4xNTk5OTkgIDI4MC43OTk5OTkgIDIzNi43 MTk5OTkgXQovQm9yZGVyIFswIDAgMF0KL0Rlc3QgL2ZpbGUjM2EjMmYjMmYjMmZ2YXIjMmZ0bXAj MmZDR0l0ZW1wNTA2NjcuZGlyIzJmZHJhZnQjMmRpZXRmIzJkb2F1dGgjMmR2MiMyZGJlYXJlci5o dG1sLmh0bWwjMjNSRkMyNjE3Cj4+CmVuZG9iagoxMTQgMCBvYmoKPDwKL1R5cGUgL0Fubm90Ci9T dWJ0eXBlIC9MaW5rCi9SZWN0IFsxNzYuMTU5OTk5ICAxMzQuOTU5OTk5ICAyMzQuNzE5OTk5ICAx NDUuNTE5OTk5IF0KL0JvcmRlciBbMCAwIDBdCi9EZXN0IC9maWxlIzNhIzJmIzJmIzJmdmFyIzJm dG1wIzJmQ0dJdGVtcDUwNjY3LmRpciMyZmRyYWZ0IzJkaWV0ZiMyZG9hdXRoIzJkdjIjMmRiZWFy ZXIuaHRtbC5odG1sIzIzUkZDMjYxNwo+PgplbmRvYmoKMTE1IDAgb2JqCjw8Ci9UeXBlIC9Bbm5v dAovU3VidHlwZSAvTGluawovUmVjdCBbNDIwICAxMTIuODc5OTk5ICA1MTkuODQwMDAwICAxMjMu NDM5OTk5IF0KL0JvcmRlciBbMCAwIDBdCi9EZXN0IC9maWxlIzNhIzJmIzJmIzJmdmFyIzJmdG1w IzJmQ0dJdGVtcDUwNjY3LmRpciMyZmRyYWZ0IzJkaWV0ZiMyZG9hdXRoIzJkdjIjMmRiZWFyZXIu aHRtbC5odG1sIzIzSSMyZEQuaWV0ZiMyZG9hdXRoIzJkdjIKPj4KZW5kb2JqCjEwMiAwIG9iago8 PAovVHlwZSAvUGFnZQovUGFyZW50IDIgMCBSCi9Db250ZW50cyAxMTYgMCBSCi9SZXNvdXJjZXMg MTE4IDAgUgovQW5ub3RzIDExOSAwIFIKL01lZGlhQm94IFswIDAgNTk1IDg0Ml0KPj4KZW5kb2Jq CjExOCAwIG9iago8PAovQ29sb3JTcGFjZSA8PAovUENTcCA0IDAgUgovQ1NwIC9EZXZpY2VSR0IK L0NTcGcgL0RldmljZUdyYXkKPj4KL0V4dEdTdGF0ZSA8PAovR1NhIDMgMCBSCj4+Ci9QYXR0ZXJu IDw8Cj4+Ci9Gb250IDw8Ci9GNiA2IDAgUgovRjggOCAwIFIKL0Y5IDkgMCBSCi9GNzMgNzMgMCBS Ci9GMzAgMzAgMCBSCj4+Ci9YT2JqZWN0IDw8Cj4+Cj4+CmVuZG9iagoxMTkgMCBvYmoKWyAxMDcg MCBSIDEwOCAwIFIgMTA5IDAgUiAxMTAgMCBSIDExMSAwIFIgMTEyIDAgUiAxMTMgMCBSIDExNCAw IFIgMTE1IDAgUiBdCmVuZG9iagoxMTYgMCBvYmoKPDwKL0xlbmd0aCAxMTcgMCBSCi9GaWx0ZXIg L0ZsYXRlRGVjb2RlCj4+CnN0cmVhbQp4nO1dS4/cuBG+96/ocwCPxYcoCQgCeMYzAXIIMLCBHBY5 BN5sgoW9yGQP+ftRS5qRWJ+ooihSj562kXiG200Wi/Vivfjxz1/+cf7X7+ePD1/+c/7W/fvw5ZTd ZXnV/jln9d8PwwFZ3imZXf6cS6HuTNGMfvtxejm/nJ5Pz/X/v5yEab7Y/VP/x9clsubv799+O31s Fz+1I18e/lr/9L+zPP+l/t+v55/+Xg/+3M13+cCPU1mZGo4sE6r+9fvwVyGrGqrLz/V4Rn+9fPjf p7/94fzbBTB5VzbAixbA4a8fcinK/M5kWbEI5Jf+q/VkqpIiN6Xz5+HESnXw6LOqTPtjXm9d6Qas yy86q9ofzQUHRug7XUMv6bgs7mQzPpjnu2P+C3p+GcBcqe6P82cL5gFsUl6gucDwY7iWVvmdHIGN jPd76ef57pifwhwJzw6YXTC4ziUFnsfP+oc17ofncdpw0ZINc8stF+Z3/TyEeRa/mQtyTVZDW0NW nv/7z3rh5/WW1jI/5/XyUuHSwdRVCmM6pFpcXIqi6g7BwjwZfzupwTzfHfNH4+JSVLKRntLmiFJm +vIzwGaPD/byNs93x/zRuNjGswNmFwyuc0mB5/GztrjYE8/jtOGiJRvmV2VegWqbxza6lpNCXGyC s8hf2eY5TM2K5u8QlnbEoWZfJr54//X08cmcRXb++su5heBD+8/XFugPWqj6l5/Pf7zA9Kfz119P F6OiG5DNQNEPqGag7Ac0/UQ7x+PXbvtpMF1Ic0BMF6pIhOkey3KgDsZ/tsw3j8+zuJi7aIOp5vBG MFUfbE2SWrxusqJo+NQM6LcB+Yn7RIe5iQFRNgNC9LPew0jFzaKy9juy/0jRjFQTp/q5GTD9Mvn4 uQ82/NQuk/XgZ9ys8AnRAiLUBGgtUnIWeJsC510RXia+2NBJda5hHKGTXF7opJAdKDqj59VxVEkP A8AfDOTjR1zMmeORDijK6vQrEo4P4LinR8FvDuYAPinp5mAAJgV8wAAP+sM4Kc5CMqzCIjkJToWm rNgJZZDS/YAABgfInihkFBBh6AAPO5wU7J/CoSXdnbqnpJsTvEtFN5OElimlSk3PHwiCJyoWIchC wOwwEMAgO+ftRtyHy+2ysAT3SvLBscrCvTQ6qCxinuSBeR/FYwCodP/igWUgIG1KQVKAsUMhg+8g TSURILx4AIkCcIBhyitDmANWgbMEC9JxMMtYShlh8RTSIW4GtgsIgcOlVDZCIRQBQP8ebAaiDOgf 2J2X0xQw5EOeZHjS5ZHKa1jYHBDVZ/KJELEjniLQnZBVTXcykzaoCydVypoUjx8oJviysBDSQtjb D1Zl9DJo+QP028/kguj4lM+l0WOBZuuFcu29Mvben1iNy+q17mIwMaDgHMHTAZQPk8Ky2egZnNe4 kMtKjnHQQGCAzgVtCAKDfmJETgMdAunyNsanWMagVK+OK/nIKQNePALkCryEHgiiaMe7El3mqi9x IxiiSPS4caxzrWMNGUAZ4hBskHb/4JNc5KC6bkdISr09RTGsOETyB8D4iw6sQuGQhg4AkQEHweXA 1zhcKITz0pLCHg5cKoU8bHQ4bIox2L7KZmzOaamYxkYtcpujBpDSAeEwnkHUT8whS46CeOsHTJmM n5TlbA0cdXjDbbAKnVTSS52kewHAFBwlBUxQvlUUMAX0QQcU3RysAhE6RalQwKQgtmAvgCA6Bw6A nUOpECB17SUKI1fOzfG7BRpDngMEgeQHccHSqcu1NusrADr9igS1RjkbuQF4n34CVwE4gOjg9B9j 6KjLRUEp4zSUbnEoG45D+6J5ky0glsnenHBzvE8Q4AB5EXClSWLlKV3YLLQNoYJd7GF9s+ZniOMV 5jiO6wVQ5uF7mB/rxzsvHD+PVPhKAPOz15GIrpfjeWJbzZgLm1gObM9v4ogVurTReCBpAKq/W6ZP 6xoxBh4oc4PtwwYzPbQhIA2AB33JS3+IQ4IiTxNl1cImEd5NEoFmPAiCDUOjNmSPwSO2e+DMjZ0Z ITGuRqZwQr4bQcX6/5PHeg+l2UXj8ehPVjyMbmQd/VgUNpXxdhycZYDwg0kD4pQ0XQJoSsxPuehy 33v1Cfq0cz4NBiDrk71+80laATdUBdYzuHTShXpV9Xr9PHKoN2JgQmtigE3xC9jY4K0E4x/8zKDo wZ1LB24OzlHNN7XsLfozxi9JbouDVW7RH/sTwGL0sAFj3aQRBL0u3wQ9KMIkGSub2pZxL0VRXPda 0UmS+O4xILKb24ZHDhO/DKu3+Ns3mIYYeBIFHRmhgU/kLCR8iU+dR95j06/T1PfxSf4xXDa6YmSR x42D5RrM9IFV+DoJPo2JzWJDnPIMz9dmOfgsgorIM+FEegDCYCt8xGMn8r4zSvMJSOHweQcWWyLm 4XsDwPhwp8NankoEYw9bQHF6DOEgjbKoEF3ivOcZ7pvz1RK6I4CCdluXqIy2UIh+EmphagOaDkY8 NA7P/ZBdyJp/vBuI55iQVFI+HTVGIjWv1gMkGQ/pThz+3SdiaC3xakxsaddtpDB9rbaB0f0OLK6F aqjILLJKabVNubj5CgdeQKxjHfFBZQo66un5YdadGUMxRJnWr/ih4QyPaCdUL/D+lYDsOQihJolC 76TgwYMpWVmAZVh8HTtvLAZYIHwaF+964EPsKdIldisKFzgGF/pRVGXLi41caXwsF+GYKrkOl5+V shACdwcZzZOe55W/gRYjx3knXhE+2xThcHDhwjJ/U1rHwMcv+FJYjxgIzy7z+cfjXHiBupFkg3vS bm5Fe2GYa+5Vx+tkj6ru4IzWhWJcZ4wAgZsmBQwpiDVrQmoC7qMpreJVM27oJRnp+YlfSpH2HHIV 4m0fmBTEDJu4FMLevO3Lf2X+KkHdx/jdgaYGRuNxGOxrXehrb6r0e8babeeDm3Kbq9xSNmI9Xtpz q0DKykmSkAjnaHcNZt4UWfMpCzR7Cpd1WJcDYtmywik3Nl73EppZM21hatn5vfpQWfA3MN8s54XK Iqvsw771beaOP0a7R9bDC5ErtC7ZWz1MmiY9Is+URUK7beXpYVzHyNtgbQUsu4QqER0tDG2y3AUY Ihk06EZW3vx7wUqO5ngxNaOUUzgeBx9JrnQrdeQIcILyuTEwKRuqwsISj6MLaI4dEJjks5jmwxHg 8lBP42prlu8hRto/r2F8qX9plE3ZEoRNA/WgD/6wAzrBB9HyfNblXZge5lNAqJYtEgt3CsVQMbqM yB+7zX2I0sOfTyDg6TZgDl4q7SWQrRorvycpjyRY3qs4/12ErfKN5ju3Q5YNSJaJok8aj89AXASk L8e4SvHksE6buZ01xoihCozbVggA3UPfrtMTLOC2wVoxfPwsRpHhSsEgKTPr+KOUjEahIY+QEh/K 4X2RvAIJcAHyicUBDUp4fmBB9wjlz++aFTFMt1BNFbYoA6+Zh5OQl0I8b7NH6WH37jXDeeSlT/55 J0d0I4beKko3YHB083vcjMwKUYUkTwK1PeL67Q0di1f23HDxZlfGeEw4cxgWU68A0zm65h1i3ghe xYyDeAawwCu/LLRoOcEcj2Q/kPSFNMu/NkyRhG80I6jQSEVT2CGpi+4O5vCA7DMPGWDknqUS+qoz vmMNZ0cPAibtks80hWO7R52L4i27EOy8dWpoAlp9RtDJIf7/gGvwOoHMvYTC+WhHgIsjhjN70ybv Cy2Dwlhs6uHPCuDKgJwFvv92hKJFj/s6z5VJXugM6JATnNOzFxaLYMEXlXae5F5q0QO+sttOG+1b owOsr5OYmqReiIcDZGNAmnaA030nKcU3+4ybYxX7zOV1Wyg96yv1NCOn6KJ+hal5EZRYmb1aY4me TNjNq0Q7S/89XlGCbOLkQDD9zvgBdE1EqGzg2+LyZQrY4ZgtdeiW3cTfoZSwjiKKOEzSpuuaKxtc 2XsLY0ElOdv5CRr+adhHENwxqi8/R9OXMncS3V5YLMC6Tvhk37LmBHxrjhiumRitfPg8EVbCIP+k 6fpZVjYlB78kejwjRglj7f1mxGxmxGitbTLc1FZY2mW7sPeySiVlmkTMWWXVC7WpFk6ExUhERBnM +qnRZ5gkK5vvSDc/gzjNm3+i6fPVn1SUS3CXgzBISoCwHlV9+LR7lJiUyuzdRSuDK82rBQ/Gd0Cf noC3xTxWYd3QHk13eIFyNH5JXNC5m9eeV4lypnqJNUbpw1bZnq0NamLGwT1eQwhoMu2R6wzlufz7 c7yX4GquG7lWtirgjxpsdj5MseGjmHklxjYYO2JUVTbHBBeWx1DspbPvwEo8tqPXrUHtsB3j+dZ/ Hi2fkyh7XrkF5LaHvMk1/5ka3mEVRaekKR9bR4VAj5Akkkrn2hYRy3xrS6MIPRwHpgcPQ5VvBMi2 PfRAiIOmIuiUKlti2MZruXW7tTknfQe3tqVhBW1RsocwmK/GPA5qHZNkHXWiitKWDi3Ghs63JJG6 m7ZIpi2itE+La8WH65wYqk84bZQ0ecRNGnG/asQ4bQxsaHcN8FGdICa3Nuaddzn4BLRFehzFxXkN l4fIyH6OI4H2InB21hhv6et1xqaHgPwbHh98IkyApbhK1qyHl4x/NS5JV4GN6gFi1I4lbJc+5dxH 84svOeIvgdGy2av+oSheGPBkOV8oh9zNfY9yYRi/6azYI+i6wvjtC6KD3aVJnGtvY/mMMMTVRLJU a/X0ez+4Fac02c81WXFRwkFx3g5CNPKtuPk0v62iKgHFoLxi5tU/W3YW8QJals6zvV7pVlTW1jvl OMCv4xnjgSwDabdhaq0Q9n4OLNxCXPU7CV2sZNlJY/Mtivpt7ijKIaQmPhHjVodKCnwaIX1GYBlI pae7E/BaCMwRAzBerdGzVI/0+HcbUzLapu1oei6v5cg71XODrV+Fnhse5fvSc46W2bOC1vM70WJg j9W3/FvPI/Z6QP9SViV7PDrt2yxsad2BsSk3wH3JO3wDcqL5r/DVk/NrND1aXmzjVl4nFy1OkuzF wzckqY2CCmu+BR7DEJBuyR/QfBB2H9DU7TgRlNuztszm2GSkgGScNAhak22n5tioA+hxm3RNxjoO dTvJpbEE8tGvJ7mx97OtdTElURykHEO91oauy+jjH7jnS1bjvCm4TsPXbfySadoUSUFON0YeapJb Mt8Slr9ZBZAUn8vK3kXRUZdCS6FeD7gTB7xFFcM0mk90KC8StfEqlM0fAeX5KQrj9q5y9iI/Y6i+ /K2rRJIillWKAPceX5jluorwCHqizCJlE0x4TGKWPI3RWdHXa3C864gSyubig19HVG7vZze6IYlR x3eJZF0gaBnBskkq+ljjMlGXBULv+IxOgAzmX9L2kGQxIh0BLwrO8kIfSrS19okprkSyVfZ21m9K syAtW9snASY+CKX5zcNWLQmcmpR/OjfAxb6RwziGv5wP4LPXFcTpuwqw8Pzindu19L5f2jIICsRh WTAVAmwHtq2oh6fqOOHGhJQc475fLigB9Lias5ogxIGYxO9we2jHnnRZDG9BZnBukSWWhYRkCK2Z JnA8y1opG+dHN61VYe/nfaVYjiST0xpIcNXBtRknGSmtoqng6hO1H9Lc+aW2j/cdJUPnuViHVe/y qvuDTEv+m8cr5u7Jmu2aqeoumUmbvvpHobvqzCGVwqvQUDPcEeWAbGnxifpMB+isavxFzvB9Xgo7 c63tIxoUWWi6LTATKoKbDEKE8Og2dGsRRD7J8bhS6DblRc9o079Af53bFOLysIIpShfZynYTw9fs KU0i2WY0hX2E+AF94/cEbmMqc/bVz6yddZiMhrgqt6bvqpGEdBOIQq0Et2uKfiAqMf7UUjCaZF6m RJM0ykaTITvWGTcggUlyyop0UvhExzXJhKLM7UccIkl/ui+Q7bBRBV+Ju9H2tYq+rP9qN5oLYVd9 AmeOp/AFM2IuxVh5eDy1bez9dEZz39QAhDaoK1R5VMOpMKDdSDFFUqQUpCSfihoU0NTcAhTEFtBG 6JQoMKSUXdDXt5A3B4xW/z2/1GAI08zX/fPtR+g1+vn8fPo/+J7mV2VuZHN0cmVhbQplbmRvYmoK MTE3IDAgb2JqCjQ1MjAKZW5kb2JqCjEyMSAwIG9iagpbNSAvWFlaIDQ3LjUxOTk5OTkgIAoyNTEu MTE5OTk5ICAwXQplbmRvYmoKMTIyIDAgb2JqCls1IC9YWVogNDcuNTE5OTk5OSAgCjI4MC44Nzk5 OTkgIDBdCmVuZG9iagoxMjMgMCBvYmoKPDwKL1R5cGUgL0Fubm90Ci9TdWJ0eXBlIC9MaW5rCi9S ZWN0IFs2Ny42Nzk5OTk5ICA3NTggIDE3OS4wMzk5OTkgIDc2OC41NTk5OTkgXQovQm9yZGVyIFsw IDAgMF0KL0Rlc3QgL2ZpbGUjM2EjMmYjMmYjMmZ2YXIjMmZ0bXAjMmZDR0l0ZW1wNTA2NjcuZGly IzJmZHJhZnQjMmRpZXRmIzJkb2F1dGgjMmR2MiMyZGJlYXJlci5odG1sLmh0bWwjMjNPcGVuSUQu TWVzc2FnZXMKPj4KZW5kb2JqCjEyNCAwIG9iago8PAovVHlwZSAvQW5ub3QKL1N1YnR5cGUgL0xp bmsKL1JlY3QgWzQzNS4zNjAwMDAgIDc1OCAgNDc3LjYwMDAwMCAgNzY4LjU1OTk5OSBdCi9Cb3Jk ZXIgWzAgMCAwXQovRGVzdCAvZmlsZSMzYSMyZiMyZiMyZnZhciMyZnRtcCMyZkNHSXRlbXA1MDY2 Ny5kaXIjMmZkcmFmdCMyZGlldGYjMmRvYXV0aCMyZHYyIzJkYmVhcmVyLmh0bWwuaHRtbCMyM09N QVAKPj4KZW5kb2JqCjEyNSAwIG9iago8PAovVHlwZSAvQW5ub3QKL1N1YnR5cGUgL0xpbmsKL1Jl Y3QgWzQzMi40Nzk5OTkgIDY0MS44Mzk5OTkgIDQ5NC44Nzk5OTkgIDY1Mi4zOTk5OTkgXQovQm9y ZGVyIFswIDAgMF0KL0Rlc3QgL2ZpbGUjM2EjMmYjMmYjMmZ2YXIjMmZ0bXAjMmZDR0l0ZW1wNTA2 NjcuZGlyIzJmZHJhZnQjMmRpZXRmIzJkb2F1dGgjMmR2MiMyZGJlYXJlci5odG1sLmh0bWwjMjNy ZXNvdXJjZSMyZGVycm9yIzJkY29kZXMKPj4KZW5kb2JqCjEyNiAwIG9iago8PAovVHlwZSAvQW5u b3QKL1N1YnR5cGUgL0xpbmsKL1JlY3QgWzM3MS4wMzk5OTkgIDU0OC43MTk5OTkgIDQ3MC44Nzk5 OTkgIDU1OS4yNzk5OTkgXQovQm9yZGVyIFswIDAgMF0KL0Rlc3QgL2ZpbGUjM2EjMmYjMmYjMmZ2 YXIjMmZ0bXAjMmZDR0l0ZW1wNTA2NjcuZGlyIzJmZHJhZnQjMmRpZXRmIzJkb2F1dGgjMmR2MiMy ZGJlYXJlci5odG1sLmh0bWwjMjNJIzJkRC5pZXRmIzJkb2F1dGgjMmR2Mgo+PgplbmRvYmoKMTI3 IDAgb2JqCjw8Ci9UeXBlIC9Bbm5vdAovU3VidHlwZSAvTGluawovUmVjdCBbNTIyLjcyMDAwMCAg MjQ3LjI3OTk5OSAgNTQzLjg0MDAwMCAgMjU0Ljk1OTk5OSBdCi9Cb3JkZXIgWzAgMCAwXQovRGVz dCAvZmlsZSMzYSMyZiMyZiMyZnZhciMyZnRtcCMyZkNHSXRlbXA1MDY2Ny5kaXIjMmZkcmFmdCMy ZGlldGYjMmRvYXV0aCMyZHYyIzJkYmVhcmVyLmh0bWwuaHRtbCMyM3RvYwo+PgplbmRvYmoKMTIw IDAgb2JqCjw8Ci9UeXBlIC9QYWdlCi9QYXJlbnQgMiAwIFIKL0NvbnRlbnRzIDEyOCAwIFIKL1Jl c291cmNlcyAxMzAgMCBSCi9Bbm5vdHMgMTMxIDAgUgovTWVkaWFCb3ggWzAgMCA1OTUgODQyXQo+ PgplbmRvYmoKMTMwIDAgb2JqCjw8Ci9Db2xvclNwYWNlIDw8Ci9QQ1NwIDQgMCBSCi9DU3AgL0Rl dmljZVJHQgovQ1NwZyAvRGV2aWNlR3JheQo+PgovRXh0R1N0YXRlIDw8Ci9HU2EgMyAwIFIKPj4K L1BhdHRlcm4gPDwKPj4KL0ZvbnQgPDwKL0Y2IDYgMCBSCi9GOSA5IDAgUgovRjczIDczIDAgUgov RjggOCAwIFIKL0YzMCAzMCAwIFIKPj4KL1hPYmplY3QgPDwKPj4KPj4KZW5kb2JqCjEzMSAwIG9i agpbIDEyMyAwIFIgMTI0IDAgUiAxMjUgMCBSIDEyNiAwIFIgMTI3IDAgUiBdCmVuZG9iagoxMjgg MCBvYmoKPDwKL0xlbmd0aCAxMjkgMCBSCi9GaWx0ZXIgL0ZsYXRlRGVjb2RlCj4+CnN0cmVhbQp4 nO1dS4/cuBG+96/QOYDHoki9gCCAPWsHyCGA4QFyWOQQeLMJFutFJnvI349are6W6hP1UeyS+jGa gT09HImPYrHeVXz/56//SP71e/L++et/km/dz+evu/QpzevDV5I23+/6DVn1ZLN0/5VUxj4VZdv6 7fvuNXndfdl9af5/3ZmifbH70fzxOETafv/+7bfd+8Pgu0PL1+e/Np/+l2TJX5p/vyQ//r1p/Knr b//A911VF8080tTY5tdf+78am+ZF+7lpT+Wv+4f/vfvbH5Lf9hPLnqp28uYwwf6v74rc7FeUpvVF U349v9r1vgeW73O/41nzK/Ikz9IscVWV2Cr57z93PzeDrzZ0XqWJde4aQ5dNB83Sk2Jk6CK1dWby 5k++z/2hre2Gcklt8qzDp+876/L9iGmaN+2F2z/TtDdIVxj35JpfMtmelU9Z137q51dP/3t8/Lk3 59p2X97Pgzn351aW+8+HOffHqtN2mjC3QXtvLad+fvX0L+esBGfPnH1z8O3LEnAe3+vvw/YgOI/j hg+XhnM+0t0aqNC8Y9Oc1Lyh1w35Tkx+PDZf4iiiab/7czm0eCji68SLH1927z8XiUmTl5+Twwze HX68HCb9Lq8yl7z8lPxxP6c/JS+/7Pb0v2vI2oby3GDbhurc4OQThz4+vfSpxjwK/zrxYrueumFB Y+vJs2Y5abOV3VQ+yMl+bBvyiYbPssEKkJhUdGoyOkopn8jbBndqcAegGXNuOfRq0lOLfW5bagnp 0t9t9ll2YkrZwntBMBa0AVYMfQCgYfIdTHrY+Ew7oZDGzYHtg6n+QDuFicErlYSynKn5IDvNzwcp +kRYJ44E7DYs3wNCeaCfsp7c4UblDv9TIQc/YIB26aX1rb2oB2s3ToIc0PajaOgOEBz2q1A3lw7X gycGqLVE5cxJaha6/T28lBQRWQB/Bc4Hp5nwyic6dXgCJlbTk+yhU5cdy9wVw60ETIRh5cQyyYfw Fdh9oKgjNJbzTNjMSgMiezplGsnJh5eAZBxROSHnCBKB7DAK4BSANID3cY7KzxRnhjBV+QqIPwH7 AFDmQJXnAQgXLN88UwThux0KjwuZciN+9ZE9htbBvkQcGCAY8pVOJtE42c76JBBjpFxLkRCWYjnn wxPFcYyjNgAZ5DxYDJeV1+HrnJBR5gjDIgjlK7Db9vO43DtLZOeLi+AWGsoFUClLJ8a1DdgXLiwg 9mtAWYMYOmsH9GFEQ+UnRsIsyyViYq9wympKh2BroAFmBvTgowLMTF3uYZZXS4o+uBGmkhCStBxh qIEiWVENljuCIoAAQIi4ChJhpQEyi+NS8TlE1uMSFGw4bKfcvAC7FTzBtSM5MfuJ8a4ABYMfRFht TmfKpXJ4gjJ33H4VbbEixz3gqAbvtoawV56IeS35n7RyGWlyUZFsgR7CzgEW8k7lE5mlkgsXIajm E8xSpkgMCJCyUxQgpTpl0xno4bXJtSa5zJRDBtJbnGxQNNr11AWJltajO8/pFDVj2amRfcBqYRQf lepNHTwyMKzkHniiAOrA14ADwUzpsB2QVTDIZjePQRXbSkCYDJ6AbYBR5Exho3AtFB1wHgAxj7I0 sTjuN0OEkUDOPOyk1wBuFQ8Tf4h98cljvQYJMTymcrWO4jrwbCdpUAbbAGweXpFb6eS5nUU/JgWU rDyKUqAoonKtpyj3+phv7w/wkHDBIMIkGiHC0OOCnVL3aMTEgGrFGMW4DZ0rlnJxAdY6Dd9WhB8b XoF94RsFIOSGRqp5qZjNNNxBQB2gU5C9uVV5/lbG6O4cYqGevoWV+QC9KnS1GryiPnkubpYUznf1 cI2QB+hAQFInaU+GG43ENX2Q5JHbaq9FdJWN5ncVTpPV6eA4IPy4eApS4PMoMJI1wmmsHa4ngGHc avhghB8/JuLEEwzaO4WhJ+hCl1FhhjunIZFTeoGrjeCoYNwE5zeMwhe3iIbCmR03oXpYvQJXtmnt hSDYFSAyZBGAXUl2vhE1CLeBowcPFKIqroqfDwwvnlDcXkN0GO0UBeYRCAFRLTAuZyc8FPu2Aksv 5B5t7OWZgARgHY/ymc/3Y9RAjtsaACraOOMehV0kMr0w5WAUtMTpMYtzggscMQA6d7Xflop7l7a7 6yisI/Eb0k3uNGLZN9VTO5PD5YNjrKh6nhssaGbc5ctdi5wUzHfZwFpMOrqxySpZKZUZkthNjZ7u I16N1mCFLpzkRESNxEQ70yj0AIyCJ+Ckgi81IPMFjmpB8ZQryQB2sO2D+zkiLp0HyM/PsEA6tEoo X0zGZoTX7v7zei5Vi8yQPmy5QRczhxvP69HW6FqD+hmDUKPTiH0/sLE89+01YgM3Sz6gonBhgkEh oPyGlA3TRluf176OssHD0vr2kLWF/Cyvh/hwv0K+osflwizQ3ExTsoiQFuTAlPgF0JyIeibo5YcY W+AOnIBy4hcR0yJDelBYoIQcc/E3lUWATE+DLY33JIPri+8LdcLg3l5J++LihAaeapiduUDKo13l E8uIrJmrByj1lsrjZGUxPE73Hs9jhuvx+Vjub6f2xtWFdmpCIt3M32GxSGkQ1mnEId8f5rp6MRpz t7pU3maz93jO/ehSTk2Iq44ZoFvlw63yoVqVIXcqqeRKiTI3UjKH7/6bsrW1jv3ztt17iUZTDddz R7Sd28BviTDfsW39UJa0hyNAIDldpoGhMbmgEY54Hi0Gw0Kn0UkEylYL7lej7l13gLrJzidEWn6g IooFCgd5VkZOVWVcCOaQpkIH6fdqhT6dNZqLw5kCTYHVQb455vCreNKy4XpVCr5QG3ZAropetPFE RqBG8ZqY6k9Q/UhaD7FcB5dsPZUBLrRAtll1Z/zQLOU0BSGNwkxvoKLYhbSurIaHX6camKAooTqH Bt12hXef4Kjz0MiIsp0RDr4IL8hDl3VVqIMQI3BwgqKiPfOwVpoyNmJ/4TECCuJ0QPycHJb7QGMq ZTwQ+i/jN8yzakAN34K56f6sSweWVTyKg7MeLudNO5ZM6xJdZG8nHEubSzSsXHM6F1FvxQhKKe5m FV2qpkcbDdlDms0q+nJPVlEN5bI8OYU11Auw+D2A6RUK6ytP9YYNqdmBQJxwZDOkMlIWYfTiKiq1 rAI6LGKACJgHNzeEWnh7w27WWYJk61hnFUNG6mMl8begwz+C5ncIGTlt2xZS2PDGtpbOGSZ3pHGp iAZVOjzJyyhpAVZQYGTzD3fUVV08FVlBF4hJ6gJpEV7BcQFmXCfjNm6FIkWYGMadUfLcgcS9ZLz4 nO335ZkrsNg8PVbb36wnS+Vrl3YA6M16Irbyxq0nbz6m7A0bNvJMnN3NsEGoTKi+qMG7slO5c25x 4FLYZnFgE3t8i0Oen3IFYeYRqj/PNV/kKuwAuXU+dVC5LzHCyrlIZUBuB90ugRp2er+XQKkUlYkQ fHlBmEe+KEjxStK8PqXj0Asl4RbCDO6yo/fhZdKeiMIm2FYAhHJiVgafuHx2Hw7OC5hCITwFbKMQ r+LZ/VlUm16PaOaEOU+jQ2G8AEKIzW+Ayw+RFcyHacCFtPwySA9Lmugj4JZKuJGVUyl6D26A2R+g HsqSek/ArZ30jlLILLnSZaF6t2UW+THMFST8GFPkJhaSJzax8GUTC+dgUESdwEcWC1W8nyCwcaU5 AB94Md9Fag3qsYJz1Zr5Ne5wbZx+RNxye79X1irqM6XZ9JnDK5s+s0cH6wXQps+QYTd9hgFoTX2m h4VW73i4cGq5NcxtWCZCj+IpEgOoUgxTp2iJncpXMHQQqBRwQkgao6Rv0dNQ3BoGPVLDlqnIUJue bBBHA/RbftRBUKQmAgShbMBhlyAGHMeARePO0duNfPIpbNQwBHoQ8D3+eRAgHfA8D5+eOWhLFKtk rzONpbM2NLGyRwkBVQ6IAwFZF2oQONbQSUz9AMYDcIuJBoitgSdgmMNJ6gVkQidd3AfYsHp4UI9s OzCeZSLfW6tEVZzqMKSwngg7VoTN9kYMjhhPRK8R4PclbZfVsleWuKx2JacHCLg8BXAdI6YGSkWU b+a+Fv4KLJ/bn/m1RQ4YAkS0ywYjzWUBuE0zGLAEEccHjTDZIh2S+oBsnOWuUa2qU+GRHyTAAD6Q NsIN49RPAlQbUxHksJyMo6kHhHWQVhU6hWh1lU4jAhbnR1/yeUDguQFmMXVPyQVFWIoBnqpkEV0p Q2Z+zghOjDOL+bHZKjyKZgjyo45yEPc7R3DkJa51ikmy1ECY0CCUC3lFa0/rHcJZtdYuZFH1jFKd q4TPzHJvesWAPVmrz7fNc8SeX2aQp4+5D7LTNRXAC3MF0xaEtvbKkUsobyvpv/Ov9Q4p9snjA9a5 IlIDyosEYdBbFHl2acjV6PPzTVXSVK4k1MyP88J5UCqNr3AdmXN1jeDCG8MpFaKbu3AYquSFt7ml vWFvDKgTpHyR8sAB5CCirjk8we09EQFmGunnMXt56wdzDrEPsFXNJ9SPdV0br9sds3fc6f1Jj8oW J9E2urbWpWS3HM5jHRljwdjhWa/cbwTuIkbCCKUkIMODswO4QptbheanwARcSo/6tUpVLCpS+kr/ 9xpWUX0f0G+pQqaro1QKRUHQ2YVlMEYqR0mjDNZ40aHuxXD61/LUrpNtpCCHLuO7jPBW4cyk9w7L EQF3o/vAS9wtYgwDx9J1vb26Jn2V8iuHc1uHS2Ur2Y71JBkFulw0x1WTPT6QdKiRqosoFVGrLsJT yyF2nYQ+DYsMwjRis+dP7IZF35X0mFXoZYTLPGAtegqWCs3Nau/UuXWR6hcBboC3rSutroFcP85z 0x4EXtGwNK49IEbgRmiUYtAoksjNJ1fVJ1SoqjtJsnoqyNIkkhqCAyq38soccliszA21fhwXIW8l CoRHUlC3B5LDt6XZaISLcs5GL53A4OlFHKVbyaWXEAlKhSjn4aLuMnYyLVNSkZbhYYgBgTeg1vCa 3bzu93zegPYpveugVRCoesjIxSvF9nF+Q0dBr/J832QMSYZ5UNNaQFlrfgW7RuhOhJf9Vk2NeAvU Oiz7gaQvRc1Cg8Ca9BLP5t37tqfSvTYz0WYmEg2QaBjgZJ5/7wPW/OC0nBN3TzGjx3Qhx+u4oqDJ 3oXcfgFxlX8LKFTi76yl1MVUipfJj3cGdRSlV+kDCnt0dUv6pMrJowzBD6U8DqXsNoUL/roSHNY/ Dhw7bJBUprNGTc0eOrHj2VLRILdmLsxHYPEs19FdO4W3KqrNuw1GtelRa+pK/wAT6207nKVaLvXz OAWfwiUjycAH+YREJU+0ViwgnGtvSbXGu4HjMhQbz6a+AfPhgB0I1NZTZMP18MMJ+4Z7L7faxk3a C5Q8tUsCZX+P2qB7iZgowPzAQGDGg2viQZCni4IgzwfdGyjYVIgV9ylO8528NtMwRdtf9+Pb99jS Tl+SL7v/AzyO2CVlbmRzdHJlYW0KZW5kb2JqCjEyOSAwIG9iago0MDU5CmVuZG9iagoxMzMgMCBv YmoKWzYgL1hZWiA0Ny41MTk5OTk5ICAKNDIyLjk1OTk5OSAgMF0KZW5kb2JqCjEzNCAwIG9iagpb NiAvWFlaIDQ3LjUxOTk5OTkgIAo2NjQuODc5OTk5ICAwXQplbmRvYmoKMTM1IDAgb2JqCls2IC9Y WVogNDcuNTE5OTk5OSAgCjMzMy42Nzk5OTkgIDBdCmVuZG9iagoxMzYgMCBvYmoKWzYgL1hZWiA0 Ny41MTk5OTk5ICAKNjM1LjExOTk5OSAgMF0KZW5kb2JqCjEzNyAwIG9iagpbNiAvWFlaIDQ3LjUx OTk5OTkgIAozMDMuOTE5OTk5ICAwXQplbmRvYmoKMTM4IDAgb2JqCls2IC9YWVogNDcuNTE5OTk5 OSAgCjM5My4xOTk5OTkgIDBdCmVuZG9iagoxMzkgMCBvYmoKPDwKL1R5cGUgL0Fubm90Ci9TdWJ0 eXBlIC9MaW5rCi9SZWN0IFs1MjIuNzIwMDAwICA2MzEuMjc5OTk5ICA1NDMuODQwMDAwICA2Mzgu OTU5OTk5IF0KL0JvcmRlciBbMCAwIDBdCi9EZXN0IC9maWxlIzNhIzJmIzJmIzJmdmFyIzJmdG1w IzJmQ0dJdGVtcDUwNjY3LmRpciMyZmRyYWZ0IzJkaWV0ZiMyZG9hdXRoIzJkdjIjMmRiZWFyZXIu aHRtbC5odG1sIzIzdG9jCj4+CmVuZG9iagoxNDAgMCBvYmoKPDwKL1R5cGUgL0Fubm90Ci9TdWJ0 eXBlIC9MaW5rCi9SZWN0IFs0MjEuOTE5OTk5ICA1OTguNjM5OTk5ICA1MjEuNzU5OTk5ICA2MDku MTk5OTk5IF0KL0JvcmRlciBbMCAwIDBdCi9EZXN0IC9maWxlIzNhIzJmIzJmIzJmdmFyIzJmdG1w IzJmQ0dJdGVtcDUwNjY3LmRpciMyZmRyYWZ0IzJkaWV0ZiMyZG9hdXRoIzJkdjIjMmRiZWFyZXIu aHRtbC5odG1sIzIzSSMyZEQuaWV0ZiMyZG9hdXRoIzJkdjIKPj4KZW5kb2JqCjE0MSAwIG9iago8 PAovVHlwZSAvQW5ub3QKL1N1YnR5cGUgL0xpbmsKL1JlY3QgWzUyMi43MjAwMDAgIDM4OS4zNTk5 OTkgIDU0My44NDAwMDAgIDM5Ny4wMzk5OTkgXQovQm9yZGVyIFswIDAgMF0KL0Rlc3QgL2ZpbGUj M2EjMmYjMmYjMmZ2YXIjMmZ0bXAjMmZDR0l0ZW1wNTA2NjcuZGlyIzJmZHJhZnQjMmRpZXRmIzJk b2F1dGgjMmR2MiMyZGJlYXJlci5odG1sLmh0bWwjMjN0b2MKPj4KZW5kb2JqCjE0MiAwIG9iago8 PAovVHlwZSAvQW5ub3QKL1N1YnR5cGUgL0xpbmsKL1JlY3QgWzUyMi43MjAwMDAgIDMwMC4wNzk5 OTkgIDU0My44NDAwMDAgIDMwNy43NTk5OTkgXQovQm9yZGVyIFswIDAgMF0KL0Rlc3QgL2ZpbGUj M2EjMmYjMmYjMmZ2YXIjMmZ0bXAjMmZDR0l0ZW1wNTA2NjcuZGlyIzJmZHJhZnQjMmRpZXRmIzJk b2F1dGgjMmR2MiMyZGJlYXJlci5odG1sLmh0bWwjMjN0b2MKPj4KZW5kb2JqCjE0MyAwIG9iago8 PAovVHlwZSAvQW5ub3QKL1N1YnR5cGUgL0xpbmsKL1JlY3QgWzQxMy4yNzk5OTkgIDI1NS45MTk5 OTkgIDQ4NS4yNzk5OTkgIDI2Ni40Nzk5OTkgXQovQm9yZGVyIFswIDAgMF0KL0Rlc3QgL2ZpbGUj M2EjMmYjMmYjMmZ2YXIjMmZ0bXAjMmZDR0l0ZW1wNTA2NjcuZGlyIzJmZHJhZnQjMmRpZXRmIzJk b2F1dGgjMmR2MiMyZGJlYXJlci5odG1sLmh0bWwjMjNOSVNUODAwIzJkNjMKPj4KZW5kb2JqCjEz MiAwIG9iago8PAovVHlwZSAvUGFnZQovUGFyZW50IDIgMCBSCi9Db250ZW50cyAxNDQgMCBSCi9S ZXNvdXJjZXMgMTQ2IDAgUgovQW5ub3RzIDE0NyAwIFIKL01lZGlhQm94IFswIDAgNTk1IDg0Ml0K Pj4KZW5kb2JqCjE0NiAwIG9iago8PAovQ29sb3JTcGFjZSA8PAovUENTcCA0IDAgUgovQ1NwIC9E ZXZpY2VSR0IKL0NTcGcgL0RldmljZUdyYXkKPj4KL0V4dEdTdGF0ZSA8PAovR1NhIDMgMCBSCj4+ Ci9QYXR0ZXJuIDw8Cj4+Ci9Gb250IDw8Ci9GNiA2IDAgUgovRjkgOSAwIFIKL0Y3MyA3MyAwIFIK L0Y4IDggMCBSCi9GMzAgMzAgMCBSCj4+Ci9YT2JqZWN0IDw8Cj4+Cj4+CmVuZG9iagoxNDcgMCBv YmoKWyAxMzkgMCBSIDE0MCAwIFIgMTQxIDAgUiAxNDIgMCBSIDE0MyAwIFIgXQplbmRvYmoKMTQ0 IDAgb2JqCjw8Ci9MZW5ndGggMTQ1IDAgUgovRmlsdGVyIC9GbGF0ZURlY29kZQo+PgpzdHJlYW0K eJztXVtv3LgVfp9foecCccSLbkBRIHaSAn0oYMRAHxZ9KLJNi4W9qLsP/fvVaOQZ8XyiPpJDzc1r YzcTZkQenhvPjUcf//ztH8W/fis+Pnz7T/F9/PPh26a8K6tu91OU/e+H6YBu74wutz9Fq8xd3Qyj 3182r8Xr5nHz2P//daPq4cHxj/4f35Yoh9/fvv+6+bhbfLMb+fbw1/7T/wpd/KX/75fip7/3gz+P 822/8LJpu7qHoyyV6f/6PP2r0p0t79r+cz9eyr9uv/zvzd/+UPy6BUxv/2H72A7A6V8/NK2qu7u6 VOookF8Pj46zb5Hl+zydOAq+uipqXZWFsbYwbfHff25+9Isflq5L02lV1a3383RpY8albKGbSt/t Pr5sjK36J/qfqh+v7fAdu0V/reyd7QHTclw3d3oc38/z7Jl/S5kfE5g7M/54PzswT2FrmuHzAPN0 ra7cgomwOeOTveznefbML2HOhGcPzD4YfHRZA8/ztH5xx4PwPM8bPl5yYV5ZlKzpRampC9WYjLJU N60dtFTpylKvNutBRZXu/sX4Hl+TeZ4982eTpbott6gZYZ6s1Wo9gClhc8cPeznM8+yZP5ssuXj2 wOyDwUeXNfA8T+sXF29BeJ7nDR8vZcJzq+t2mFO7/NzqVg341C4MYnwP82SeZ8/82fi57e2BERyH N1pTvoHjwuaOT/ayn+fZM/9KePbA7IPBR5c18DxPa4efA/E8zxs+XnJhfrNOO7DV4s6B3pSqtzvU baGqt2PgMc1uVMPvFJbdiMdufF148P5p8/FrfzSVxdOPYgfBh90fTzugP9RbK/Dp5+KPW5j+VDz9 stlayeOAHgaaw4AZBtrDgJXf2M3x5Wnc/jqYrm17hZiuq+7qMN1bVVeI6aapVsJ0om/3uvDgsJ+u 6N3Rmf2osu73o9Qb59gdLErtoVPtMNLtByzAXx3gTwfENA4gI9omiP0s8dgKOLQVjygtH/kiBxo5 sNuLPQzcDwOVJDCfQ9LzTu/9gZ3nsfssaOz5VgjdAxYYSND7EfM00D3ZpzRQVuxM1XKr92JAf5WP 6PMxt67c/SBxP83vp1oY+CoHJKOqch4FS6tQNlRKSCHKB2fUfLw9mQO0gRTL8kHOAVzEVwHhh0dg WfgGQAoDwA6S2OphXvct4RS2n0Nd2s7V2wg64CMHglbhIGAHEDFAIRcg2C1/5EuOY2x3nprKuxeO dblb1B8wKaWt+pRhc5Xe7q02b7q+kiqok6RdhV8oSuGYQgxyKgCkEg4wN7gMKhMvYTCpVIUBOknO EXAicYyBSoY54IgCNuXnL8wBugDggO1zUxIYF1aRTKdHQ3mJ/GtsRn2m3P9JMioYJPANcxLBpQY7 IiiB67jpBISiUogCA3CAjPFlPYosh5Ju2t9lf34OrnGvx9akWiqLxyM3N6P6PH4ht7aWNB2wIeCQ KnZQfQnna4oykJDiI4AxGODEzYDkd64eZlgZNsP3D+tKtCuwHjwH7nGqv9ZC94eSLseJ0xkvn57H 5QkIVcAjQCeI5tJHYFnzIAyBMaymysNII0esliPmk7Se4CFk7698pTH6vHTMXEooNl5VB5CLBxv4 ocpDXgm7TYCDx0m47uarnAanV+y05Qu2aK3eQP9CeSyecgbUm0RHgK2HXhwsU0bgw5udqLstQmqR eZvsXw7oTg7IVBwOgK3bygHAEKRAgKUkYEbmVWwVPYeFGBeYujIVU8q9lBJBPmlYsnVALMH4kTpn tIaysEPrRRBiLH4Ac7dgpcfjFPEBlIM5QMN4YuYLc8CyGkgpt6+4cwDLckuOLhtsDU6+IZlOywEj 8WEAp4AgYG25LKyC6U8qDSMcboLUSeXOf3bSpwHf58nVyEUH8RxKN+ZSr9s0iKnelLUBCsoQ5Gic LwyMyJ6axFI8MfVq5PE1nlYHa3xU+WB5gLsCGatJkQTEGTDwALCCgILUw7oQUgTXQh4kuCzMAXi+ l7vjsANWETK5Lm7XzAgCHArrVAoMxpZpaxfRk/gNxOJAAcdHNMBwQq8pPrWD0SrgRLDfQwPTUbYm zYNjMozHkXKEd/nmJOgB0QgeM+ahuNDKgZvIyiQkYVDmOONyOADJniT2kfUaunI1TELYGUI3UJqX EryFZeBckke1AqcgB4YGFWxL5UXQmQpa8qmtIytLbOkiKCHMynMMNJPB081ZdqvLxtktsHpC7O9E 0Y50FbMQqkbJBu7n5X7UVrgUnko45zPGmKy9gRiTlatAjAkG0P+HOdp8SK69yyIcHvMiJoSSEnWh pDQQEPCUP8dEXTDKwFcB4zJDwMhn1C2gEDjZAhlk6JNPaiEKFWoHLiglLG0H9QkBIzkAIVgUdY+X OJnjPp9EyUspURIFLEWRjBiDMEEGufXltBaYPyCwCcuCSQt7AcYFSGmsfHoX4lhid+HqEw4cX+po wpagtkDDgFJaBetUbQXzaQ6sVzoc6/Yh37ImXLL5AAS+OU55QTXqUzlguKiDlUOVNLAUbA7YEr8B +kPuFkA3IGKglCQXQgQcgtfA/JAm5GagkTadgklhcxIfdhKHPZZxqyP4NIBxV+EgyqcJVl8CW54m +bYq9SNy9QnU5/k6oAuatBRjAXoMAItXShZWAUuaum85KReRVk+RW4p1VI7xhAJD4GJPIHRWwTCC MwrMDeAgOAog7gDnizwbkMeA1yWkcM5ZAB1UDgAGZqCcw4J4ANPRW6fTxPux8tKFazo7qX65sXx/ 3XhNl5R8/xiMnZSqgn/tyW1CmLiWkgT5r0mRIMTFALKxqmCSIU9Id0tARlGCK95w0hw2gx6V3Axu NxTS8+Xhm0OOA2qTPTGHqAQwDz/zy8M5ribxmmB+tz6+G0HAKue5tcszK1iNz7OoPAEczw4B9QC0 O0NKJwG+LC/tgEkzFEygGuaJeWD+5LtcRybmbe2qnNPUrXjq4ZbmADuK12nEX4fD8rCE214r3uTL UGPQqLcijJsqjcrQSSCgRul6ziwa+kBWP1MvF91ahy1nqhB4sx/5jQCdHN+FKMUQSEj2n+fgm97a uTHHrNnXnXHHDHK4N+W6YQm1psvSKnOA4+wuVKsad8NLLhQXSHrTjpcyB6jfDOZLgE0U3+gnoEFV gtbjnkoGTzbl/jItU0+4/4pH2swhl+BCX4qLBDjjpy+/3xrKqUc6QEa5CiNHOzb4BucQ4LKEpjzc KqL6wcA92xxNRmjDg5BGFPFqOeQCdGi1agbPqzU6mGNyuEC+0mQwB/IGGNc5hE5zT0E1JSHUmTRs PBnQTONXThJu7YSeWkf6iF3j0AU7e0A3Rug7wjt94CO8VStodqBUvEEB1xh52jVA6M7UYghKg+jA mIc9wGEhy7rUczpdSQ9NZQ9Mts7Vjrq0zirIdPH9ZvL1MWpt4+WGHMknUCjUVMI6lwBbIaFNIm9b za0p2B1HyCpW/yrioY11GOTiL+TZvIDxhjPcmD5N00d+SSnhGAN76zwHDO/VipEV7krwu3JnavHF FShXwjx/yy+K5mDLFT2r+jIM9mObp0fvhUPKWYzj42LTYAlNBRI6wK3Sq44beTlKSBKSXglJ0HPZ cEsprHT7fHAC5P2ipWadGQoiQjrz0QJwPKJ5E4GEXh9wViq+Gd4Q8lLtjaiL1cuvxejKtzLZlOv8 CZ2rE17IEF/OEcC6vNjLlw5dkqH4VE5Kyj+hwRAEt7lredbGHEcdZOsIe5bywFW8YFtrR5RPRBje Ypcfl2vkYPF9HKdp3WHzaWV9PEstQPq+Gsqf6JUMp3wJ3XE8Zkrj8hhPfcWfWitZ0wkNt3lnnwxN zDE4k5BgzJHWXkP1B7yLiIr2iV4dcprXK4xa+uJeKZcn5FOLzZ3nHQ0JvReRP7j5nXA7hYdJYBX+ ahle0cMfoWneLM7GhTT9u+LOm+skcW3ryu01v54g4MTxSHIWxV75V7mpCMfV+cknDz4kqCEuMgle sCcCfqQj0GiX2zPQhV8IDVCpnOkS7m7yhDM/UKl4jI1oohRXgmynlFbRzaSEAFc8L7No8n2/m3eq MI8sr1Glg8SAcs14Z2GdoE8O7yHhgsAVm89X/HavFIFJKFOIl0KfaB9bX1K5Ygn8wG/aQvabFw4C PmgTqYQSx5zxmdZL7IBa5QwWaIBxRE9H7AWTraCgky2SVi4oyFEnxi8xBiR7ePlAtgR707Paqkjm V19yGD5Zcn1rHKfvLJWVo1/ETee2rFau0F1PbutERsylvDk44To2zxjx26aezEQWVa+rcCRfrC2d zb5oSrvu0RdfjBpggfA5aL1iTuuhusXyvIBAU0J3IX5P4SQh44spG+SWQLwOymIYUgM9IIW0inmF Vswq7rutG0e0AyDN0MvxpBUIUef8KasHsijlfU/d9x4yzHE1DJQQDCTchgmt6jgyPN4ohx1+F0LG UhkcmJBWfPFOX0pVXPyrgfn1sYT8WQClTtNO+FIz8ivGmJuy3Z/iOawpnufO5p2pcr/IpXhnvE6I Ri4z+l5K3aLvlQJYQPyL2+drGCApjuSl+o3rRPv4HAmd9EAsE66vS8NwJVerUq4kc+c8nnIpXEid 84BenPF9S9J5TLTgrbrxB8gh/y2gta5/soG2tS8Lrozz/nazA72WWJccxNYzpTft7i44npux83v3 o1t3P2Mvm8krTWQTqlJWm41vXJpwTSeQYtKA9iNleNvOekhprDv9vdggyslnhgI1XymcjIJa1Wui oN6mtCbTw/sDx1dBHnZs5gvokmlQup0iQdBGrTrl1EYw5tgcb+ElBkbSzZbzAxlZ123gl511Bdpk W+vRlp+nW/9bvPZgqHqYb/zj+0tq8+rH4nHzf7MqGRtlbmRzdHJlYW0KZW5kb2JqCjE0NSAwIG9i agozNjIzCmVuZG9iagoxNDkgMCBvYmoKWzcgL1hZWiA0Ny41MTk5OTk5ICAKNzkyLjU1OTk5OSAg MF0KZW5kb2JqCjE1MCAwIG9iagpbNyAvWFlaIDQ3LjUxOTk5OTkgIAo3NjIuNzk5OTk5ICAwXQpl bmRvYmoKMTUxIDAgb2JqCjw8Ci9UeXBlIC9Bbm5vdAovU3VidHlwZSAvTGluawovUmVjdCBbNTIy LjcyMDAwMCAgNzU4Ljk1OTk5OSAgNTQzLjg0MDAwMCAgNzY2LjYzOTk5OSBdCi9Cb3JkZXIgWzAg MCAwXQovRGVzdCAvZmlsZSMzYSMyZiMyZiMyZnZhciMyZnRtcCMyZkNHSXRlbXA1MDY2Ny5kaXIj MmZkcmFmdCMyZGlldGYjMmRvYXV0aCMyZHYyIzJkYmVhcmVyLmh0bWwuaHRtbCMyM3RvYwo+Pgpl bmRvYmoKMTUyIDAgb2JqCjw8Ci9UeXBlIC9Bbm5vdAovU3VidHlwZSAvTGluawovUmVjdCBbNjcu Njc5OTk5OSAgNDg4LjIzOTk5OSAgMTI2LjIzOTk5OSAgNDk4Ljc5OTk5OSBdCi9Cb3JkZXIgWzAg MCAwXQovRGVzdCAvZmlsZSMzYSMyZiMyZiMyZnZhciMyZnRtcCMyZkNHSXRlbXA1MDY2Ny5kaXIj MmZkcmFmdCMyZGlldGYjMmRvYXV0aCMyZHYyIzJkYmVhcmVyLmh0bWwuaHRtbCMyM1JGQzUyNDYK Pj4KZW5kb2JqCjE1MyAwIG9iago8PAovVHlwZSAvQW5ub3QKL1N1YnR5cGUgL0xpbmsKL1JlY3Qg WzM5NS4wMzk5OTkgIDQ3Ni43MTk5OTkgIDQ1My41OTk5OTkgIDQ4Ny4yNzk5OTkgXQovQm9yZGVy IFswIDAgMF0KL0Rlc3QgL2ZpbGUjM2EjMmYjMmYjMmZ2YXIjMmZ0bXAjMmZDR0l0ZW1wNTA2Njcu ZGlyIzJmZHJhZnQjMmRpZXRmIzJkb2F1dGgjMmR2MiMyZGJlYXJlci5odG1sLmh0bWwjMjNSRkMy MjQ2Cj4+CmVuZG9iagoxNTQgMCBvYmoKPDwKL1R5cGUgL0Fubm90Ci9TdWJ0eXBlIC9MaW5rCi9S ZWN0IFs2Ny42Nzk5OTk5ICA0MzIuNTU5OTk5ICAxMjYuMjM5OTk5ICA0NDMuMTE5OTk5IF0KL0Jv cmRlciBbMCAwIDBdCi9EZXN0IC9maWxlIzNhIzJmIzJmIzJmdmFyIzJmdG1wIzJmQ0dJdGVtcDUw NjY3LmRpciMyZmRyYWZ0IzJkaWV0ZiMyZG9hdXRoIzJkdjIjMmRiZWFyZXIuaHRtbC5odG1sIzIz UkZDNTI0Ngo+PgplbmRvYmoKMTU1IDAgb2JqCjw8Ci9UeXBlIC9Bbm5vdAovU3VidHlwZSAvTGlu awovUmVjdCBbMjI3LjAzOTk5OSAgMzI4Ljg3OTk5OSAgMjg1LjU5OTk5OSAgMzM5LjQzOTk5OSBd Ci9Cb3JkZXIgWzAgMCAwXQovRGVzdCAvZmlsZSMzYSMyZiMyZiMyZnZhciMyZnRtcCMyZkNHSXRl bXA1MDY2Ny5kaXIjMmZkcmFmdCMyZGlldGYjMmRvYXV0aCMyZHYyIzJkYmVhcmVyLmh0bWwuaHRt bCMyM1JGQzUyODAKPj4KZW5kb2JqCjE1NiAwIG9iago8PAovVHlwZSAvQW5ub3QKL1N1YnR5cGUg L0xpbmsKL1JlY3QgWzMzNS41MTk5OTkgIDI4NC43MTk5OTkgIDM5NC4wNzk5OTkgIDI5NS4yNzk5 OTkgXQovQm9yZGVyIFswIDAgMF0KL0Rlc3QgL2ZpbGUjM2EjMmYjMmYjMmZ2YXIjMmZ0bXAjMmZD R0l0ZW1wNTA2NjcuZGlyIzJmZHJhZnQjMmRpZXRmIzJkb2F1dGgjMmR2MiMyZGJlYXJlci5odG1s Lmh0bWwjMjNSRkM2MjY1Cj4+CmVuZG9iagoxNTcgMCBvYmoKPDwKL1R5cGUgL0Fubm90Ci9TdWJ0 eXBlIC9MaW5rCi9SZWN0IFsxMTQuNzE5OTk5ICA2OC43MTk5OTk5ICAxNzMuMjgwMDAwICA3OS4y Nzk5OTk5IF0KL0JvcmRlciBbMCAwIDBdCi9EZXN0IC9maWxlIzNhIzJmIzJmIzJmdmFyIzJmdG1w IzJmQ0dJdGVtcDUwNjY3LmRpciMyZmRyYWZ0IzJkaWV0ZiMyZG9hdXRoIzJkdjIjMmRiZWFyZXIu aHRtbC5odG1sIzIzUkZDMjgxOAo+PgplbmRvYmoKMTQ4IDAgb2JqCjw8Ci9UeXBlIC9QYWdlCi9Q YXJlbnQgMiAwIFIKL0NvbnRlbnRzIDE1OCAwIFIKL1Jlc291cmNlcyAxNjAgMCBSCi9Bbm5vdHMg MTYxIDAgUgovTWVkaWFCb3ggWzAgMCA1OTUgODQyXQo+PgplbmRvYmoKMTYwIDAgb2JqCjw8Ci9D b2xvclNwYWNlIDw8Ci9QQ1NwIDQgMCBSCi9DU3AgL0RldmljZVJHQgovQ1NwZyAvRGV2aWNlR3Jh eQo+PgovRXh0R1N0YXRlIDw8Ci9HU2EgMyAwIFIKPj4KL1BhdHRlcm4gPDwKPj4KL0ZvbnQgPDwK L0Y2IDYgMCBSCi9GOSA5IDAgUgovRjggOCAwIFIKPj4KL1hPYmplY3QgPDwKPj4KPj4KZW5kb2Jq CjE2MSAwIG9iagpbIDE1MSAwIFIgMTUyIDAgUiAxNTMgMCBSIDE1NCAwIFIgMTU1IDAgUiAxNTYg MCBSIDE1NyAwIFIgXQplbmRvYmoKMTU4IDAgb2JqCjw8Ci9MZW5ndGggMTU5IDAgUgovRmlsdGVy IC9GbGF0ZURlY29kZQo+PgpzdHJlYW0KeJztXcuO28gV3esruA7gNotvAkEAu90OMIsBDDeQxWAW gZ1JYNiDdGYxvx+KUnez6qh0ipe3+JBkY8ZtWipW3brv59u/f/5n8u8/krf3n/+bfDn+ef95l96l ZXv4laTd7zfDB1lzl2fp/lfSmPyuqvunX37snpKn3afdp+7/TztT9V88/tH94/Mr0v73H19+3709 vHx3ePL5/ufupz+TLPmp++9b8suv3cOvx/X2H/ixa9qq20eamrz76/fhX02eNuau6n7unqfuX/cf /s/uH39Jft9vLLtr+s2bwwaHf33TGmPSu2K/5JQtP71+tdtF3mamrBrvz8OF8/y4nyKpsvquB3Pb HT0vyv150rRMqqI/9f55B4PKFN1+U5O5zw/f3j9/Xee7Z/09eH4b7LnNj7+8P1t7HuytPC7f73nw rur4EXdv9vPXs7yu892zvrtnJTh79uzbg+9eYsD59F3/sJ6Hwfk0bvhwyd7zMxtogShG0VZVFElt 6qbjJokpk//9q3vJp550BARq+t/DvRyeeAj06cwX3z/u3n6sEpMmj78lhx28OfzxeNj0m9o0bfL4 Nfnrfk9/Sx6/7fbs6Pgg6x/Urw/y/kHz+qBwP3FY4+GxO7yQ4Tyd+WJ/nrbjiKfOY9Jqf578ZS8f +72Ur5ur6fbvnU+YzP0KLNq4a8Bbyv5Bcea18BX3LRlcBf0KvjZ37/cD3el7d1GABz9t5X7iHb0G 97Xm3Qm0OtB6L7l9P1tIF/B5jpIjX9ojbM8TTiBstsfX7nvHQ+bFaUANQNnSTxT0wYFCW/dKWxct Kj/Zm9TdR+PiifvaIwKbAfY9uDuDRdxPHNGgHbMReMu9u8aCLKvM9hiQm+etNO5VuMSUFS4NAzEB 6wAYcZIFXgJvcVmH5C0usz2id3HmK5wfcaYPZ4FFgR/BPoDpUwDBGoi7FGKZASICng6HcT+BN8UB Ajt7GH06c0+BCoIC7hIwhu8UbooCKAC39eRkz3bE/KPolOohA8HTAsQALzkI+Vc4wUShdc5iYA1Q 8HKqWI2nZI7rqFcCCDXQ8p0Cjh1kVFF5SZ8zGM6kXBaEco4r0XwfcJOU8wXo/wI5x1V12JgGtzBN bV1lcRQn5sxhAMrwAK5uvFwDvQfBLmAGnG0BXnKxztfgHBfEeuscH9cAouMw/eDsFG8bwA4bMS6m GjA4VMRY1lqIiRsDdsClFhDZeOpHlkLNcNgpyIIsp5LPQ/2jdEdqF0g8CLOI02DlWkOuVaqqE2xU 4HKhlx9wk6Bc8bvm9yRwdFF80ZFrbW1fpQtCiTjhQtu92/xhEekRgGOADvRwJyzNGIcJ4IXcFSFQ DQScDhYdb/FLaIxrAhs2X8uD3H8l3M2hsoYIqsNNqwC2Tf0dXEPxKXmvD3JwogLCwD7gE9uRa9S9 gbp1cfR3p36YHT3x57wEAqeqgIS47khtbdgpaux86+NpW4UL5VVqk6GAs3OOwnVFFw8DdGkFjR2t UfBmcWFAvQT5R8ZSZvWIbZILBUQDQPG9V5NSrQk+nHEd+Xi3AsHGr3K8ApaDPQ/0wvVPFROmbGwg czYu8IBQlhPFQAmQYuB2hSA1fEXgV+C0v1BiBsdkGm/bTrQEUYpKjwAJFEMSaiQQgR4UgDAqplVR 2QxFAz/WJRoVpFqeVhPQQwOkN1cVQaC1uKriRD6yKrfREGzC8Th1AiDcSyBwb/HoWZS0AC4cBK4H gS55QRqaJFgEa8BbeLIOrMHDnIAf/BrmSV7ibNqj92iIsczYaw42CklVnBfARjnQZwmcD7OAJwKs cJLezzELrq9yPIazgbPHfW0IF+ccR7Cz8d5PFdKfBXFV6JizwtXGeQSZSBrwWFdW4sRclaK2GcgF ZTZyL60k7UqQN8D1gPGpFwERiQc1+VIV4ZoUpQ4UBSLhAECNYvNxaQEmL/AtXoXF5YkCjYVAmRsO UbhQ1qdyDtBsPBcKiPNws4AfnzNyeBAlo2EeV+b44+NZqPcG3eXbqa1YyDgVcBQefvRIKQ35Ubfe fc2TmlPX9jYAGlyn4wr8PFUiG7bfIjkd89K+XAWn443hXgzDVU1mmmhsVY2FqZKEKO4vBiYj8HfB JzScNYKYFEc7oAcekNTYuoelaAjLtggGmAoTAvSgpH1CGAiyJBT04hMbEXieOH1Qn7ueL7fIMi8P 4vTCPQ3jSxMxe4UXQPIQ1Ty4zXXreZKUeWEAh6kg84R+5QQBAcvlXlbuvRKwXHH67PKFAHlV25R8 XWkRC6WdCdQLrn+7pI3lBnBR44tbVTzoofb8KKoMNR00BF9eey9unhiERgoEd1OHxu+nZuDmNkwF UgzgAaJBw0ygQgtKv2fKVOOagUKwCErSA1QFbr7zi6IZDpjpSQutVFKUx1sFktqcdfXSm+hVaBqb 1JeRv0imeo1CijOXzbVgrmt6BI6GVCuzdeLc7PoaOK4EnG+hlo8xbNVIvvCyspAuf09Py8mFO5RX 3pVsVFneQmGdtYQkBFaUQMovlMbJNxYlDihw1HA3nUdYaMis6lmVAPaRAdlCj6UDOAbBlRMBGHiC 6350l8lgYfwSfETRL9uWz4DWiC/ePEL6GsZMbQwkTlRuo0RKkHZPk79zH0DviyiKSX5QTF6IqEjd uwnIdBhfCaOhqEpS+8EWotqvIMkHVSaNxEIq7zXaeKyIZOKlzZbmBWQ0hMbdLQG4TVPLAlw2EOsV M+KJDsy8tkAY0M2Qo4OkWaGgeJ37fLkSKXitQDBrmFQ8PMzhwQ0EQSP0GBeFZAlsGjpkxpHsCoiK BiMtfcLb9iDZVP7pUD/XIGkKozwxTkMWZM+aDzBUlOuAY7wIlKayo9TmFSXju/FLyu24CTKPO0Ug T1R8QyvWjbbTeSAvcovKcPbIlWFVjERyZP7jWaokwOfR2iay5c72HGKMwFRei7kJ+8ihZZlLdEYj wmX6hqdloXovph8CMlhU4D2NUy0H9yCINArSMBSUxYXwkptb2JpC4MLghX4UYwQA4rY0V6hEE5DG NwAR9GHh1ZM+B8XUZAZjU/92TLR5nAsBKBPsF9Swa8rSe5bxbTMkrkUNxwA1hQS5TgHuOW6BUStO kvwUmkUxMRXBNDZ+XJmdI3G103aL6LHh8gJCD3EMsL7EdnDd16VOQ56NiolSljZMdRZtz9Pl6vVr DbFVv9ycgvtaIi5m0WsEuuJqTQUVh3eUOBz3rIY2yV1B6ZIpbfLg5eVwt1zfEiQhRqnW4Gfhgbpl PO++KScavLFtfDJcpWI7SqMAro7zOcEcowRoOk/WJq9VoZmOXLwE9B7g5fmczwva6/FU0CjFcNwl Im69MVUZr2xCvrXvcDUBgacBGAZAlats41sLSHLYxdn2E8VHW5yXHz4bUCMMUe3/Ue8shzDE66Jx uiDw1HlBVaZgvATn7AK/tECnFeQCjGdtqI5rZCzd5BiBh9h+mxhR6DOPB9zh1nRLXWrHcSmWTWnf nLi5uYJVVGWN9xagqDvKxDANt9xCuVYqPYERiIIZHmsZDCPwTVz5uLOFHGJFZmzq53ZzlOZ5axmq ditcO791gf/86BPREFJF7oWPILuPxjm4c1ywj6Uo3RQOCG9cfEVc/Iw2cWUc+Lr7iMRJBi7ayqL9 AKk2PoiDQkxBc75AJ4KGICwb374kZHtzGaiLqEj9b9LWun2MDIxv+RhApQq5ToI0nJBRoRpjc6i6 LplD5okkT4x7NalN/CvOOZxHv+DV/AodkWbqED2nt6/OveC4oBGUq+lLvZTJ16b2ZQvKzgUzwgVd yRWC0ZLMLcHsYY2+3QuNfYjSpO66830C8kupJSFnFxqSoPF6fi89iqExVZ12LsDcaY9hMEAhsKOj jAbg6egC8527Q8fH/VD9EmSARMxIXsh1NzXuk9vUL9BqFhJjAm0iygwgFH0gPjVchnO2llUQKHX6 om2ua5B07H4TAg6joDsJ+ukrqmxTJxvWNsLw1wJKcV8NcKlbGi/TUTTSeCXNzHllDTcMFiptjcEw AnxXvAwkSvedeRKfD/LEbC/LP47z32SlBQ/sASVoRkZVpQCjWIDq3IDhQTzumeIFTuPZ6a3QynnL agutrsyga2zuEEkj4W0/AkAkCNLNY7/PKddyv53E2SUXUlFCMAKPEHeqjVcUJR4humhAuDmgPYnA ONfItxdUnHuUhYkR6rS0cVugOS+k5glMnLWkqrlvURk1pTEaVIM8OEehlx2Hbud0qhXPYh0G0mxY WPDpXahtAOkvEzwCxUBjTh+M1YDLBojBPnyDNyay9byysFCvG0ddV17Mpv3DAuhaUGZGx0wIlNH1 zjAFrOQp/dScFfX91BDIAp/jPFYib9oIjuxIfcQLi+h4zSl3Qmr0torTJ6To02UHp+X4MT69JyRN dZ78BUF4TWCMrZUsQyK2giC35y41RF9rvDyXbhRFn4ZffzPuv0ge9qqy70UwClGQUcnTe8Z7PwMi hwI9R5B3pOGmplQay9kJUzpx/GecIC43HsYjTRxGzaXQPFq7XnOIiay9cng7N1A1ylsF1Yoe7UBB sjXpCI3ryjVykxsLYsimeF0y4EvBuZT7wJRsVdyZoNE43Tuy8gCCGZ8GEafI6cTmuSdakHZM1TKv MjzRoKobm7x1IpcOz9Aosdj6QL0m8wsQbufxjok8vYL7gTSs2vEGGApDHlPh6RXLqDF6ftSmaJ9J vxwvcmmYSjTWbTuzbS47gjZLLchMLSUU4BHgoQidtTu1nNtYlIucjefWcF1BkF0ioIY5s2/OtRkQ CEvu4Zylh1HMJGMNAVMVXny5qg49OlZf37V1ANPxrbZCgmzUUAp4r0YdGCcPBc9iHKY052zBhVA5 ihdtUkLXTC2sF2rLUPZJcutjqJHaHFetfVpxm+NzV0nlfsAY+gc1WVm33pdQv+Os05TmLjAIaA+w mfTPZZtOTiy9bEsLT1UwaHyVtaSPFAcQj3MtI1031MjgCkwxDT7fXoT+vtDkClMWBIaCkllenceT wy+I5dwU+tGs76KV8aKy+ZZGsABPG9pWbSILNsbmH9uPNyjIpDZtwy8KNDZBIUiMZuQhQKatpiTt 3JbKNJNk+ASkNCwzY1niqhufBCjv1jd1+GRhk9k19jBXzjvejv9ia4MmNCRKVnhvcrUW/lI2TWFD 7NrtEfct+UfKC/jh1toE7KI5n8Qpz0HIDwc3x3NVaPYbUGWAm14n8NPa/FTPlFped9bLZWu7/x9f Aooz1yS55jQ+HDvTBIAodMvrDyhz1GiMrTL/gb+WWzyQTwoWfpQRTFnb2qgdJeICfjc+0g6QjuN6 jCY3Ou3HJarRSvKaZzJfy6yx8DCkfJmy1Dxlig42NQegUuURLkYxL1FDbFW1l8h4xxVqR4YM++Ec 45JV1PX45jgCiFpkUFecz7yaKroqC7019HqRlirgsgJ8F0yJoT7wpdq6C4y28V8BAonTzaM0NpcF XS+gBCHKTBzaVDdO08wZq9Haxq+2qogl7hAHivKk741yYUQpnIsiQDeTFYc75YoudwmHsvGpgi4n yL4S1SdSc6jKpnVsfyFBsllSUgJa5WtweliUV9JRZM8q9wFXHrknnmevus0GVby1FB4BriRO/B/V 5FrrN9l4bgA4TaOUCjWVtdGFOuwI2ssEOLMXSvEKUFm4FOPCcxnjO6APWoBFK+aWE0VQnxM6iix5 k26OqXFy7VL7LAGdXQSpJO5ZAnxit4SVxzXo1hEjztNFY9Oxb02WCx5jUGEU+uIETD+K0vXelKkF sc1lCZ1bY84RKMrhwhj1vwFOJoFRwBtfzNNTdqEqBYXL3nI1XllE4Lgrp1sNEZX5jaLtFn6shSjX E01baKRlHKugD6YNUFdxit9E02ufGDCkKY2+c5AkJhhlNL6jUYANBIsKShQElfsAIJBr3PagyK8h gQOaZK16ZE7TcatgRA7JLAroXKAxNEdDieO+K0GyYmhYeCJ3TJ27o90fg1N3p9UngaSPMuv9gjp9 rMXi90nxQXSeDx5aSNBBqIjO9wmQfDFyzoN7mk9k7E1rcwcuk9zgmpw5asiksva+Ffy4CtU2AT3N uXdU0L+eK1fcjpwl1Xs7/DWSMVK3FlpClu48079PhKyizETRGxurEBkacgMegeCWhEa8JaJKv7xC ItD6aGbfsk4jDZFUZ+EYpeBmusC57ZFcZlMNqcK6XYk6QYsWZpKn88Sa19LpQNCP6bo915L5k4Km xqFOtalJ7pVFt5KkkRhOpZza1TlATIFeJkwy0hCOzYuXvnb3oRL3FLdZnJiv0Kb26eJMtmob6y0b SideqjN01tgguwQ9JnYZjMLMsfW2TOU8hTN7QU83DZgKvLvjhwXKTXoF8WDSEUXUAeOi5kmxNWlu 7V2C/OPHAwX0DxF4zPmYVEFCOXcLbKcYay2WgWfwmXYBU1lbqI0zLW9+NcKUZnKAtgXhQQLfnMbw AY1sTw2E0ZDIanl2xvjDVoJEzXluQSPndsMMdyVJhMGDnqbaTa2Np6DzUl0zwPTQ4OKUr122kXQz cM6jVICBQxE3YLoYRangNmEa4iX3ZnstlBUhmOSrYldwc4bnoPLLX7lmqVsWgjxagygvWoXhlc6C Ou4o2aJF4fCPmy3/uJgt31/ly0Xele3xF1yp+2+f73/epcmfSZb81P33Lfnl1+7h1yFWnFmsx4/q XI+HsnihjsNGq9edH4COUR2oxhh+5MH5yNFx9foge+88yN1V8/cnsV96zqLe93Qsy1L1oHCu5Q/a X2i1/7fLvtCs3DeLrYtm5oPmH5wHRRoZc9N+hk9aqR4UrgcP6n4CYKN8UGNyK7IXiUThAo9i5Mwn hgftfidP3XFN1e/7+MeXH2cEdHqOh39KPu3+D+sEHiZlbmRzdHJlYW0KZW5kb2JqCjE1OSAwIG9i ago1MTM4CmVuZG9iagoxNjMgMCBvYmoKWzggL1hZWiA0Ny41MTk5OTk5ICAKMjY0LjU1OTk5OSAg MF0KZW5kb2JqCjE2NCAwIG9iagpbOCAvWFlaIDQ3LjUxOTk5OTkgIAo4MDcuOTE5OTk5ICAwXQpl bmRvYmoKMTY1IDAgb2JqCls4IC9YWVogNDcuNTE5OTk5OSAgCjM0OS45OTk5OTkgIDBdCmVuZG9i agoxNjYgMCBvYmoKWzggL1hZWiA0Ny41MTk5OTk5ICAKMjk0LjMxOTk5OSAgMF0KZW5kb2JqCjE2 NyAwIG9iagpbOCAvWFlaIDQ3LjUxOTk5OTkgIAoyMDUuMDM5OTk5ICAwXQplbmRvYmoKMTY4IDAg b2JqCls4IC9YWVogNDcuNTE5OTk5OSAgCjE3NS4yNzk5OTkgIDBdCmVuZG9iagoxNjkgMCBvYmoK WzggL1hZWiA0Ny41MTk5OTk5ICAKNzc4LjE1OTk5OSAgMF0KZW5kb2JqCjE3MCAwIG9iagpbOCAv WFlaIDQ3LjUxOTk5OTkgIAozMjAuMjM5OTk5ICAwXQplbmRvYmoKMTcxIDAgb2JqCjw8Ci9UeXBl IC9Bbm5vdAovU3VidHlwZSAvTGluawovUmVjdCBbNTIyLjcyMDAwMCAgNzc0LjMxOTk5OSAgNTQz Ljg0MDAwMCAgNzgxLjk5OTk5OSBdCi9Cb3JkZXIgWzAgMCAwXQovRGVzdCAvZmlsZSMzYSMyZiMy ZiMyZnZhciMyZnRtcCMyZkNHSXRlbXA1MDY2Ny5kaXIjMmZkcmFmdCMyZGlldGYjMmRvYXV0aCMy ZHYyIzJkYmVhcmVyLmh0bWwuaHRtbCMyM3RvYwo+PgplbmRvYmoKMTcyIDAgb2JqCjw8Ci9UeXBl IC9Bbm5vdAovU3VidHlwZSAvTGluawovUmVjdCBbMjUzLjkxOTk5OSAgNjI2LjQ3OTk5OSAgMzEy LjQ3OTk5OSAgNjM3LjAzOTk5OSBdCi9Cb3JkZXIgWzAgMCAwXQovRGVzdCAvZmlsZSMzYSMyZiMy ZiMyZnZhciMyZnRtcCMyZkNHSXRlbXA1MDY2Ny5kaXIjMmZkcmFmdCMyZGlldGYjMmRvYXV0aCMy ZHYyIzJkYmVhcmVyLmh0bWwuaHRtbCMyM1JGQzUyNDYKPj4KZW5kb2JqCjE3MyAwIG9iago8PAov VHlwZSAvQW5ub3QKL1N1YnR5cGUgL0xpbmsKL1JlY3QgWzUyMi43MjAwMDAgIDMxNi4zOTk5OTkg IDU0My44NDAwMDAgIDMyNC4wNzk5OTkgXQovQm9yZGVyIFswIDAgMF0KL0Rlc3QgL2ZpbGUjM2Ej MmYjMmYjMmZ2YXIjMmZ0bXAjMmZDR0l0ZW1wNTA2NjcuZGlyIzJmZHJhZnQjMmRpZXRmIzJkb2F1 dGgjMmR2MiMyZGJlYXJlci5odG1sLmh0bWwjMjN0b2MKPj4KZW5kb2JqCjE3NCAwIG9iago8PAov VHlwZSAvQW5ub3QKL1N1YnR5cGUgL0xpbmsKL1JlY3QgWzUyMi43MjAwMDAgIDI2MC43MTk5OTkg IDU0My44NDAwMDAgIDI2OC4zOTk5OTkgXQovQm9yZGVyIFswIDAgMF0KL0Rlc3QgL2ZpbGUjM2Ej MmYjMmYjMmZ2YXIjMmZ0bXAjMmZDR0l0ZW1wNTA2NjcuZGlyIzJmZHJhZnQjMmRpZXRmIzJkb2F1 dGgjMmR2MiMyZGJlYXJlci5odG1sLmh0bWwjMjN0b2MKPj4KZW5kb2JqCjE3NSAwIG9iago8PAov VHlwZSAvQW5ub3QKL1N1YnR5cGUgL0xpbmsKL1JlY3QgWzI4MS43NTk5OTkgIDIxNS41OTk5OTkg IDM4MS42MDAwMDAgIDIyNi4xNTk5OTkgXQovQm9yZGVyIFswIDAgMF0KL0Rlc3QgL2ZpbGUjM2Ej MmYjMmYjMmZ2YXIjMmZ0bXAjMmZDR0l0ZW1wNTA2NjcuZGlyIzJmZHJhZnQjMmRpZXRmIzJkb2F1 dGgjMmR2MiMyZGJlYXJlci5odG1sLmh0bWwjMjNJIzJkRC5pZXRmIzJkb2F1dGgjMmR2Mgo+Pgpl bmRvYmoKMTc2IDAgb2JqCjw8Ci9UeXBlIC9Bbm5vdAovU3VidHlwZSAvTGluawovUmVjdCBbNTIy LjcyMDAwMCAgMTcxLjQzOTk5OSAgNTQzLjg0MDAwMCAgMTc5LjExOTk5OSBdCi9Cb3JkZXIgWzAg MCAwXQovRGVzdCAvZmlsZSMzYSMyZiMyZiMyZnZhciMyZnRtcCMyZkNHSXRlbXA1MDY2Ny5kaXIj MmZkcmFmdCMyZGlldGYjMmRvYXV0aCMyZHYyIzJkYmVhcmVyLmh0bWwuaHRtbCMyM3RvYwo+Pgpl bmRvYmoKMTYyIDAgb2JqCjw8Ci9UeXBlIC9QYWdlCi9QYXJlbnQgMiAwIFIKL0NvbnRlbnRzIDE3 NyAwIFIKL1Jlc291cmNlcyAxNzkgMCBSCi9Bbm5vdHMgMTgwIDAgUgovTWVkaWFCb3ggWzAgMCA1 OTUgODQyXQo+PgplbmRvYmoKMTc5IDAgb2JqCjw8Ci9Db2xvclNwYWNlIDw8Ci9QQ1NwIDQgMCBS Ci9DU3AgL0RldmljZVJHQgovQ1NwZyAvRGV2aWNlR3JheQo+PgovRXh0R1N0YXRlIDw8Ci9HU2Eg MyAwIFIKPj4KL1BhdHRlcm4gPDwKPj4KL0ZvbnQgPDwKL0Y2IDYgMCBSCi9GOCA4IDAgUgovRjkg OSAwIFIKL0YzMCAzMCAwIFIKPj4KL1hPYmplY3QgPDwKPj4KPj4KZW5kb2JqCjE4MCAwIG9iagpb IDE3MSAwIFIgMTcyIDAgUiAxNzMgMCBSIDE3NCAwIFIgMTc1IDAgUiAxNzYgMCBSIF0KZW5kb2Jq CjE3NyAwIG9iago8PAovTGVuZ3RoIDE3OCAwIFIKL0ZpbHRlciAvRmxhdGVEZWNvZGUKPj4Kc3Ry ZWFtCnic7V1bb9y4FX6fX6HnAnFEUlegKBA7ToF9WCCIgT4s9qFIui0CZ1F3H/bvVyPJI5HfUB/F OdSMx7axa5vRkIfnxnOl3v/9yz+zf/+Rvb/78t/s6/jz7ssuv8nLdvjK8u773XxANzdG5/uvrFHm pqr70a8/dk/Z0+7z7nP3/6edqvoPjj+6f3xeIu+///j6++79sPhuGPly93P325+Zzn7q/vue/fJr N/htnG//wI9d01YdHHmuTPfn4/xPZfJG3VTd79147v65f/g/u3/8Jft9D5i+aXrg1QDg/M93Ki9U q2/2f50C8tP00Q4K02pVVo339/nExozwFJmp1U2P5rLbuinK/X72f5imuMmHXzscVKq4KTp4tTuu 6/2n9+PTPI+e+ffo+W0Gc2vGL+/vFswz2NpqmL6HeVqryNvhkcqGzRmf9jLN8+iZ34VZCM8emH0w +OiSAs/Haf1jPh6I5+O84eMlITzvf/Tiqmx+bvJBBpWyYXDGDzDP5nn0zC/Gz02u+98HmOdrmaYH E2Czxmd7Oczz6Jk/EZ49MPtg8NElBZ6P0/qHPR6E5+O84eMlKTy3ZpjeOPzcFgM4xoHBHp9gnuZ5 9Mwvx8/TkWnzRlsP+AHYrPHZXg7zPHrmT4RnD8w+GHx0SYHn47S2+TkMz8d5w8dLQnjubZ9+Upuf u3Gje4TaMDjjB5hn8zx65hfj527OougRZ/NGN17WzwagDdt8fL6X53kePfMnwrMHZh8MPrqkwPNx Wv9wxkPwfJw3fLxkw/zsdrRghK+y5auik3TV5J33kqky+9+/ukU+96Z6hEOg+u85LMOIxyF4Wvjg 7cPu/aeqQ0D28Fs2QPBu+PEwAP2uUa3KHr5lf93D9Lfs4ftu7/6MA7ofqKcB0w8000DhPjHMcf8w bj8Npuu6eoGYrpv6xWG6KdoXiOmmyl8cptuqfIGYbjtJTIPpCctDNKj78v5uBU8Cnqe4WLtoj6me eEcwpasOUTrX4yZN4aLhQz9QHAb0B/bEiLmFAT2gUuXTI3U/0h4G1EAPZZZGcheUj/1ANS1UHqfq DLY7d+FhoFyA/nYARPmZRwNksEzA/mBapdxZbt0BWLhxt3NPMQCrtEc4f11g8Gnhgz1/tlm38WOS 3PNnZ56N/OkCmwM7tu7+akYcpY+z9Gzg03Eszp4onWWREi4cAavAR+AJd9n81n3izt2tcRUbrPKR 6UKTTxwRTVqV97Qtmme6tA5tdeFqbeMOcNABH4Axd9Jn7TRbpnJZCCADJsNJImAFDoEnACMuuTkx ASOFchVcoV2FjYKo2LQRfIaSyUWESwQXd8o0Vy3d47KnSXdR55Z0x+ADtg+gA7dTynHRBUgDcEqP Ax/lRFRo9Xw8orwAxkBhcC3EOQi2H4EgV8cGMAzXhgCHy+vauHAAYAAHVaABKscFbDQ7FyYFswwP Lpe1kdcj9JiEMjC6tvgURcyFI0BM1ytH3D7QBWgrcb4EGAcCm0GnAziXCz/n/sbFEAxQoYuRILp9 VCCgL/hpAaDD5vhH7uUUe91498KRDKYBN6bWk1KB9y+hL1Rd29sH4xL2AqzNeSziI+tlPYZPAzwS ejjyAyVA17n8EMBCgFQXZQGAARtGODUAB7dRYC9J3C9+rnOe4pPyg42eBXieSIh2qWzRfg2e1NJx 6rGlRY6PdoVfsF48YsIz6xEUYdRKaOkjKhdEO9SBPY2WumgtWiIO4UDhVgxQCqKm8ATMAWjn+KCK HdEeFUgDZj5PIC1J6AlJBUjkIgPKDmL+HwRYtw/em/xZ1RdukocLe8AxzjHITTLXvDQf3AEId3Kj hR9KnAkjxFICHzAp51vuWiZMIhhtfKSMsdDd7W+TiEgUdteQ6r4UqZNwpt4kdwPJTeiynJhkqHJL +gMcZTTrox2hNaaPco00NMm5sQz8EB1HE1G65hCeuazQ20mEuqo4mi6MRSh9T3UOTSqIyEtEeBdo 6/nIqZmKwmZtyg4hriMoIR4D4wo0RQ5F167FoT9xGwSAp9FZ07ig0TxDGsXNz1xelMEhTZLv4McD jaSNHCJyGpTGC0eEXZckPCeTmlD2bkMjektSlyJz95JrATZJOgqGOKpDNLtxdCPoYLSd+eFA1YdI HlvAlVIfqehz/QrGJBDOtbckIwnNwZfYphzxbNV4NApwYZx6oiVc1RZ147n9RPtyOD4mOGQmLa1J zySGyGM8ZULt3gDHGVyWiIiXRCExPMETyjynAGTgOOWQnjXzL6Km28OJmyJ9/hZHklC5ZUEoRTkG afmqCrHTBIVMk1t0eQ1BoSXdxz/iUs7AAcO1NFe521SfXaxjXeXaYsuUoetCGd9eQJ+GFCDQcHeA 2ftyQlMSRQy0EgTpADonIq7CTUUuQdvQhfNYhK914RGgU5OBhS3aLyyKVOjDiQxReF6NZFpqTEVE kKNr3l6JhRZQVM5bLHi5Mwd9femlYNCsKA5Bs9JVsG/NtAPs0lU9kJZTqDR4EPBNA4hrABE3N1SL SJTPTNJ7Jk10LpOTR+Oi2yVXxdoE7iwY5xBR5qXfA0tSSxmhDGjeKSAqyOvxaPBp0w4yiS6CGW25 kQ4VjBAC5S7aeYLmR+wFTineILW+tyuki4QTYn0HQMDheB5VDzmjNCHO0tFkr9QsFTkO6hV1PRGn skQE981oXakgX7DbKpMCKY3F2qlqLKiwBxAzon+cl1LTo3yjBjlIzEtUwnH9wHmZF7BHXGrBTQxP tFVEkTfhl0mkyTIL2DHIH1TFQpGSXMS2zL1xr4DAcYQzBZPCHOurQ3TlDtDkbkDW5O1+RCGxLZX/ EhS51O2qeAUIJWeH9ckrOG5V4Z7IGPE8cmq7ZX1HcisRbv2bMD8sxl8CjAOOIIqPgKK06JLEEyOr ZW7JbkDUi/MYD4Nds04db+oT0amH+4TT3DpIiyeRHeiyWJ4dcWOgQGmkiHLcpFosjaMcWqR2ahti a/PpNlcSnCkzAyY7L1w5a9ZtqRiIAwbOFuV1fIIXnMGy6+06kXp+3vjNldInOc0/3UdMxQMNI+AP HiWASUVixhFJ6FAsr4mRBghMhIsfcNlhinv4RC6G5vGsmJvHItrHYf+09o0b02lyNUVhCyb6cBdz d2HRODrkmly4hL6DiOau/HmobSw/gfqRAIy5hEKx5EWrSRoHIl6TEVCBy41DkCA4UgS2672R+9Q8 U2mxboCQCbhG27ziQDCMXnvz9BtF3ngqk9+x+RbxltL001WnbxHvhyuKeF+1AFxK31RMxZFE3GP9 R5CDQIVGxLRCraMTC8xKbWuqiHvleOUjL1EVcIQF4+pV7veMIo7YJFFirrZ4lEfuUpPTup9TmPUX cwcUlaiAjMiZ4gSmv2xmJg0CWaaYmA8/GjmfJnHQzkrbpVK6Td45Juc5VdPNtxu1jHKMra+Le2V2 YYS1RbEeEWc+4jncugziuhIp3b5quqXWvUTvqvnhjG6fTBNpTFOchBqJsCmuSfQCirCi+4ROffVr YclzwP05gFSJ/pwAr5UjNaISWuJVbBHOocf+EdHN5SkFUwHE5Wbn+gBbcK/ZTCFC/DmiuYAfVq6i 4i+h3dREOrHTtC1tjnl1x+pVH4iIRrQQ3AFVsllDVAJHQOjRLKISD3c+B0RdqAaQyB9sdLqrurW2 vy3pljgTPsJ7rSUuqxDoxt7ouoKI5AF/jRFnZR5RhEkjXlG1PmAWwrlUDQf0IETwVMRhLpLWMMZW bRINrHDDokT4a1TC023tEDPYpkTW06WwZMoJFASfKWXNNyfxNgzBkuFVoW8exwYVQ2/Ijyiqlan/ BLRzpIq4/qa2xDLC8gnwuNe/KC+ieybNJelnig3FRL5CpU5Ekbf+94GfqdeBW2AC95AAG6Y8P069 QSq3CLXRGcSLG+H1x7D9qz7HIl7NSpuWIuKRAXXKcHwKmM4xMT2an34NCckTHYW2sJVBKD4kDota rYhGX0jY7HLzSDHK8FJvPA+4+A/RzK8+kgjwpnhb50bNyIXObakTyIHgblN2cSxF66h5GTKrRCXe eQzOJAaFYE1prf13aCSx/M7a4ywdq+9zcRMKAxrrt/F6+as7KLED+vFS3GE3j14eqHKj8/HL+/uc ZiHPf7n7eZdnf2Y6+6n773v2y68dCN/mrLBy0Z5RmkyVx1+PuOeTgzlnIGEHZnbBBjRo2sEEml2y qGEEn8F5DTwCqV7XRVbtcQacHem3zkdGXgHWqBasgMblN3eVYEhdsRendXecB9N6jK2fxA2jgCu9 ROrapQEgVLtPwDrIZGBoed4K1PjZBfkH1oWoDJAa8AzLeuJYC6tod9JRby7xMQjULRACIPvgzgry AxgC2iWUH1sbwxk5jHCNuu5w7VuA2lzbtFlKyEZcFw9P8EZUOBdhWZ7U3eZsjegLoG/0inFOImot JAx+WjgARhC3igLuQYrok9jkTVobxcPoKugicZnbMt8i7d33zUqTHsOqOHipfcBt0fzFrZCw34an tmkphwq4UJ46MSzbH0mqHueEaGAafSoRYwAc8zOK3ygqF8g9tWTOWHTZSsTAjHXtdgUMQsU0BjAe UnHpYPg7ieUMkFP1p7KJe70BgrY5aBYBp1HErfQUTq7xf0zlKutRPJccItCbrnfD4wew7pvTfGFO 81ncyn1jb5v7b30XMU9BE0b06Mj1fra58ddxXso1dANdDnf/of0K1gavNpc4wyIya5vYwBqe4CU0 wMmw/YjrKqAziFrFAVGXiJff8AYGz6G6xOpn6q2TlP3pdjxoYOVVrNQJUHKyf7imLk0PlIipLdF8 cZ7gH75fi3e4BBQAAD8Ak9G+UUlmb1/IQacOl9eMebyl3iRaLBlR2yRy0xmv7eARVqocBdlDTfe5 uFWLeJy6GkbfixH/0LqPQnnV+Qf+Mkr+ag+JC97Pq6TUoXe7uHNWgYGYMHZEGuxSCIMlmC6litmb uKdITNmOX0AP998Cwjr+yXriVt7G/H3Nrjn05oylobOE7L1r1mhP6GD+yL1rtVTOgHZLK4w762iR Q9FD5EaNye0wuLtRT6ydrddN61mwsBfMlex+itLeD8an3Dvjx0MK2vZnlGwdpJg4oP1I6S/LT4eU 1g675i6XYWDoI0OB+iiLgsKYlCgoumPaijxDbMwVxbmgdd/ZUweGqvr5xh9ff8QGvD5nn3f/BykK 3r1lbmRzdHJlYW0KZW5kb2JqCjE3OCAwIG9iagozODc0CmVuZG9iagoxODIgMCBvYmoKWzkgL1hZ WiA0Ny41MTk5OTk5ICAKMTQ2LjQ3OTk5OSAgMF0KZW5kb2JqCjE4MyAwIG9iagpbOSAvWFlaIDQ3 LjUxOTk5OTkgIAo5MC43OTk5OTk5ICAwXQplbmRvYmoKMTg0IDAgb2JqCls5IC9YWVogNTAuMzk5 OTk5OSAgCjM5LjkxOTk5OTkgIDBdCmVuZG9iagoxODUgMCBvYmoKWzkgL1hZWiA0Ny41MTk5OTk5 ICAKMTIwLjU1OTk5OSAgMF0KZW5kb2JqCjE4NiAwIG9iagpbOSAvWFlaIDQ3LjUxOTk5OTkgIAo3 NzkuMTE5OTk5ICAwXQplbmRvYmoKMTg3IDAgb2JqCls5IC9YWVogNDcuNTE5OTk5OSAgCjY5MC43 OTk5OTkgIDBdCmVuZG9iagoxODggMCBvYmoKWzkgL1hZWiA1MC4zOTk5OTk5ICAKNjEuMDM5OTk5 OSAgMF0KZW5kb2JqCjE4OSAwIG9iagpbOSAvWFlaIDQ3LjUxOTk5OTkgIAo4MDkuODM5OTk5ICAw XQplbmRvYmoKMTkwIDAgb2JqCls5IC9YWVogNDcuNTE5OTk5OSAgCjcyMC41NTk5OTkgIDBdCmVu ZG9iagoxOTEgMCBvYmoKWzkgL1hZWiA0Ny41MTk5OTk5ICAKNTA5LjM1OTk5OSAgMF0KZW5kb2Jq CjE5MiAwIG9iagpbOSAvWFlaIDQ3LjUxOTk5OTkgIAo1MzkuMTIwMDAwICAwXQplbmRvYmoKMTkz IDAgb2JqCls5IC9YWVogNDcuNTE5OTk5OSAgCjM1Ny42Nzk5OTkgIDBdCmVuZG9iagoxOTQgMCBv YmoKWzkgL1hZWiA0Ny41MTk5OTk5ICAKMzI3LjkxOTk5OSAgMF0KZW5kb2JqCjE5NSAwIG9iago8 PAovVHlwZSAvQW5ub3QKL1N1YnR5cGUgL0xpbmsKL1JlY3QgWzUyMi43MjAwMDAgIDc3NS4yNzk5 OTkgIDU0My44NDAwMDAgIDc4Mi45NTk5OTkgXQovQm9yZGVyIFswIDAgMF0KL0Rlc3QgL2ZpbGUj M2EjMmYjMmYjMmZ2YXIjMmZ0bXAjMmZDR0l0ZW1wNTA2NjcuZGlyIzJmZHJhZnQjMmRpZXRmIzJk b2F1dGgjMmR2MiMyZGJlYXJlci5odG1sLmh0bWwjMjN0b2MKPj4KZW5kb2JqCjE5NiAwIG9iago8 PAovVHlwZSAvQW5ub3QKL1N1YnR5cGUgL0xpbmsKL1JlY3QgWzIzOS41MTk5OTkgIDczMS4xMjAw MDAgIDMzOS4zNjAwMDAgIDc0MS42Nzk5OTkgXQovQm9yZGVyIFswIDAgMF0KL0Rlc3QgL2ZpbGUj M2EjMmYjMmYjMmZ2YXIjMmZ0bXAjMmZDR0l0ZW1wNTA2NjcuZGlyIzJmZHJhZnQjMmRpZXRmIzJk b2F1dGgjMmR2MiMyZGJlYXJlci5odG1sLmh0bWwjMjNJIzJkRC5pZXRmIzJkb2F1dGgjMmR2Mgo+ PgplbmRvYmoKMTk3IDAgb2JqCjw8Ci9UeXBlIC9Bbm5vdAovU3VidHlwZSAvTGluawovUmVjdCBb NTIyLjcyMDAwMCAgNjg2Ljk1OTk5OSAgNTQzLjg0MDAwMCAgNjk0LjYzOTk5OSBdCi9Cb3JkZXIg WzAgMCAwXQovRGVzdCAvZmlsZSMzYSMyZiMyZiMyZnZhciMyZnRtcCMyZkNHSXRlbXA1MDY2Ny5k aXIjMmZkcmFmdCMyZGlldGYjMmRvYXV0aCMyZHYyIzJkYmVhcmVyLmh0bWwuaHRtbCMyM3RvYwo+ PgplbmRvYmoKMTk4IDAgb2JqCjw8Ci9UeXBlIC9Bbm5vdAovU3VidHlwZSAvTGluawovUmVjdCBb NTIyLjcyMDAwMCAgNTA1LjUxOTk5OSAgNTQzLjg0MDAwMCAgNTEzLjE5OTk5OSBdCi9Cb3JkZXIg WzAgMCAwXQovRGVzdCAvZmlsZSMzYSMyZiMyZiMyZnZhciMyZnRtcCMyZkNHSXRlbXA1MDY2Ny5k aXIjMmZkcmFmdCMyZGlldGYjMmRvYXV0aCMyZHYyIzJkYmVhcmVyLmh0bWwuaHRtbCMyM3RvYwo+ PgplbmRvYmoKMTk5IDAgb2JqCjw8Ci9UeXBlIC9Bbm5vdAovU3VidHlwZSAvTGluawovUmVjdCBb NTIyLjcyMDAwMCAgMzI0LjA3OTk5OSAgNTQzLjg0MDAwMCAgMzMxLjc1OTk5OSBdCi9Cb3JkZXIg WzAgMCAwXQovRGVzdCAvZmlsZSMzYSMyZiMyZiMyZnZhciMyZnRtcCMyZkNHSXRlbXA1MDY2Ny5k aXIjMmZkcmFmdCMyZGlldGYjMmRvYXV0aCMyZHYyIzJkYmVhcmVyLmh0bWwuaHRtbCMyM3RvYwo+ PgplbmRvYmoKMjAwIDAgb2JqCjw8Ci9UeXBlIC9Bbm5vdAovU3VidHlwZSAvTGluawovUmVjdCBb NTIyLjcyMDAwMCAgMTQyLjYzOTk5OSAgNTQzLjg0MDAwMCAgMTUwLjMxOTk5OSBdCi9Cb3JkZXIg WzAgMCAwXQovRGVzdCAvZmlsZSMzYSMyZiMyZiMyZnZhciMyZnRtcCMyZkNHSXRlbXA1MDY2Ny5k aXIjMmZkcmFmdCMyZGlldGYjMmRvYXV0aCMyZHYyIzJkYmVhcmVyLmh0bWwuaHRtbCMyM3RvYwo+ PgplbmRvYmoKMjAxIDAgb2JqCjw8Ci9UeXBlIC9Bbm5vdAovU3VidHlwZSAvTGluawovUmVjdCBb NTIyLjcyMDAwMCAgODYuOTU5OTk5OSAgNTQzLjg0MDAwMCAgOTQuNjM5OTk5OSBdCi9Cb3JkZXIg WzAgMCAwXQovRGVzdCAvZmlsZSMzYSMyZiMyZiMyZnZhciMyZnRtcCMyZkNHSXRlbXA1MDY2Ny5k aXIjMmZkcmFmdCMyZGlldGYjMmRvYXV0aCMyZHYyIzJkYmVhcmVyLmh0bWwuaHRtbCMyM3RvYwo+ PgplbmRvYmoKMjAyIDAgb2JqCjw8Ci9UeXBlIC9Bbm5vdAovU3VidHlwZSAvTGluawovUmVjdCBb MjI2LjA3OTk5OSAgNTMuMzU5OTk5OSAgNDAwLjc5OTk5OSAgNjEuMDM5OTk5OSBdCi9Cb3JkZXIg WzAgMCAwXQovQSA8PAovVHlwZSAvQWN0aW9uCi9TIC9VUkkKL1VSSSAoaHR0cDovL3Rvb2xzLmll dGYub3JnL2h0bWwvZHJhZnQtaWV0Zi1vYXV0aC12Mi0yOSkKPj4KPj4KZW5kb2JqCjIwMyAwIG9i ago8PAovVHlwZSAvQW5ub3QKL1N1YnR5cGUgL0xpbmsKL1JlY3QgWzE5Ny4yODAwMDAgIDQ0Ljcx OTk5OTkgIDIxMy41OTk5OTkgIDUyLjM5OTk5OTkgXQovQm9yZGVyIFswIDAgMF0KL0EgPDwKL1R5 cGUgL0FjdGlvbgovUyAvVVJJCi9VUkkgKGh0dHA6Ly93d3cuaWV0Zi5vcmcvaW50ZXJuZXQtZHJh ZnRzL2RyYWZ0LWlldGYtb2F1dGgtdjItMjkudHh0KQo+Pgo+PgplbmRvYmoKMjA0IDAgb2JqCjw8 Ci9UeXBlIC9Bbm5vdAovU3VidHlwZSAvTGluawovUmVjdCBbMjE5LjM1OTk5OSAgNDQuNzE5OTk5 OSAgMjM0LjcxOTk5OSAgNTIuMzk5OTk5OSBdCi9Cb3JkZXIgWzAgMCAwXQovQSA8PAovVHlwZSAv QWN0aW9uCi9TIC9VUkkKL1VSSSAoaHR0cDovL3d3dy5pZXRmLm9yZy9pbnRlcm5ldC1kcmFmdHMv ZHJhZnQtaWV0Zi1vYXV0aC12Mi0yOS5wZGYpCj4+Cj4+CmVuZG9iagoyMDUgMCBvYmoKPDwKL1R5 cGUgL0Fubm90Ci9TdWJ0eXBlIC9MaW5rCi9SZWN0IFsxMTguNTYwMDAwICAzMi4yMzk5OTk5ICAx NjYuNTYwMDAwICAzOS45MTk5OTk5IF0KL0JvcmRlciBbMCAwIDBdCi9BIDw8Ci9UeXBlIC9BY3Rp b24KL1MgL1VSSQovVVJJIChtYWlsdG86c29iQGhhcnZhcmQuZWR1KQo+Pgo+PgplbmRvYmoKMjA2 IDAgb2JqCjw8Ci9UeXBlIC9Bbm5vdAovU3VidHlwZSAvTGluawovUmVjdCBbMTc1LjE5OTk5OSAg MzIuMjM5OTk5OSAgNDIxLjkxOTk5OSAgMzkuOTE5OTk5OSBdCi9Cb3JkZXIgWzAgMCAwXQovQSA8 PAovVHlwZSAvQWN0aW9uCi9TIC9VUkkKL1VSSSAoaHR0cDovL3Rvb2xzLmlldGYub3JnL2h0bWwv cmZjMjExOSkKPj4KPj4KZW5kb2JqCjE4MSAwIG9iago8PAovVHlwZSAvUGFnZQovUGFyZW50IDIg MCBSCi9Db250ZW50cyAyMDcgMCBSCi9SZXNvdXJjZXMgMjA5IDAgUgovQW5ub3RzIDIxMCAwIFIK L01lZGlhQm94IFswIDAgNTk1IDg0Ml0KPj4KZW5kb2JqCjIwOSAwIG9iago8PAovQ29sb3JTcGFj ZSA8PAovUENTcCA0IDAgUgovQ1NwIC9EZXZpY2VSR0IKL0NTcGcgL0RldmljZUdyYXkKPj4KL0V4 dEdTdGF0ZSA8PAovR1NhIDMgMCBSCj4+Ci9QYXR0ZXJuIDw8Cj4+Ci9Gb250IDw8Ci9GNiA2IDAg UgovRjggOCAwIFIKL0Y5IDkgMCBSCi9GMzAgMzAgMCBSCj4+Ci9YT2JqZWN0IDw8Cj4+Cj4+CmVu ZG9iagoyMTAgMCBvYmoKWyAxOTUgMCBSIDE5NiAwIFIgMTk3IDAgUiAxOTggMCBSIDE5OSAwIFIg MjAwIDAgUiAyMDEgMCBSIDIwMiAwIFIgMjAzIDAgUiAyMDQgMCBSIDIwNSAwIFIgMjA2IDAgUiBd CmVuZG9iagoyMDcgMCBvYmoKPDwKL0xlbmd0aCAyMDggMCBSCi9GaWx0ZXIgL0ZsYXRlRGVjb2Rl Cj4+CnN0cmVhbQp4nO1dS2/kNhK+96/QOcD0iA9RFBAEsD2eAHtYwLCBHII9LCaPRdAO1pvD/v1Q b7I+UaXWUG63R20k7q6RqopfPVhVUssff3z8d/b7X9nHu8f/Zl+633ePh/yYF1X7ynL388EnSHtU Mq9fmRXqaMqG+uX58JK9HB4OD+7/LwdhmhO7X+4fexF58/PXlz8PH1vhh5byePdP9+7/mcz+4f77 I/v5X474S8evPuD5YCvj9MhzodzHk/9RqLwwzXtHz+nH+uD/HH76LvuzVkwebaO8aBX0P34QopTW HLX79DUqv4ynHk2uKikKY6PvfcZKdfroTOnCHeRehVu690EV1inYvHUYGKHrT0JSuiyPsqWPp54i /Gt4fvN0rlT3ir4PdPZ0K8VRDjp7sqw+5lO6hfRxLSOfU4Q/1TkRzhGdYzrE7LIFztO2fg7oy3Ce 9o2YLyXCWViVN0xl6M/CatUAKkMdCH3Q2eNzivBP5s/Ctnmk1dmXZWzzHnQL6N5aBj6nCP+NcI7o HNMhZpctcJ629XNIX4TztG/EfCkRztoWbSIoQ3/W1rTBVoY6EPqgs8fnFOGfzJ+1LU3Dvwx9Q1tb NceAbgHdW8vA5xThvxHOEZ1jOsTssgXO07Z+DumLcJ72jZgvJcK5tKVsaiYR+nNp3eZhG3qgA6EP Ont8ThH+yfy5tFVZv2919mRVoskDoFtI99Yy8DlF+G+Ec0TnmA4xu2yB87StA39eiPO0b8R8KdU+ mNuq+UD8WeRV3nwgOhD6uKeMfE4R/unqjbwSTeVFfMPRVZMIQLeA7q+l53OK8N8I54jOMR1idtkC 52lbPxP6EpynfSPmS6lwFraTS/zZFTd53+z6OoT0UeeRzynCP50/u+Jy0jdcATcZayHdX0sxxuAk /41wjugc0yFmly1wnrb1M6EvwXnaN2K+FOrcj4UqGJKcNWsxWmeVdO+lzUSR/e9XJ+ShGaWsGNiI 5sfXpaVEBjYvMyfePh0+fjYuoLOn37JWgw/tr6dW6Q/Om2T29Ev2fa3TD9nTH4d6PNURZEMoR4Jq CHYkaHpEy+P+qVv+NkgrUV4h0sqpfG1IF4W6QqQLo68OaVcoXyHSTp1rQ1o4zYrrg9qprcwVYl3Z a8TalcAbYT3i3F6Fcq/o++CizYLjWTDOFdpA1VhvAipp6vJBqm6RqqAw3DQEPRIq9gjNEloprmgZ KKaliJFSNpRqJNiGUFAbVnE58r7lmg8UBWYGrvQIIYgYAQjc0/Xd0VN4Hrzu+aeGYmYIVC4eAWJu AXgA4IZypevF1QCqVBGRs6csRTWMSMh3sxdKX2ZObOKmyoSaiptC1nFTkBLFyxaSrk/RFAQJppiO G+8IQ5mW0yhCXvPEVlQKHAE8bqiU2+mgUdRW3imfKAFW+5kypYuT4DM8pqApIAZiebsAUzA2SAEe YAaKmNRkcUCAUyDNIEDUDIgpaMojBgSwPhxBpUjYkKnTwfIFjzpvShaghNZvEtXqjKNlGaQcUdIN QliaIEEzXncwDAVEgaX4GANQwTArEghrXFB9E89Vt5z5k+Qtqoe4S+BT7S5mhjL5nvVkfvcA0IEH SFkdlV+3eiFssPxXiiiolgStoAW4FPBIoRjv69QO6v4VS4OvTJe5CY17MzJ9Z+2bUv0iU7Rv0rI8 +AYPChHo1SL9tpdXDfU1aDugq6KZBboMWVJNgektYaoiu5mJr0VCHwbNLDRZbAuFeFyoZVQW0iQP cwSAi/Rupgma8nXLBMxyUOC27iwURc2rvfIU216TGZUtFu+2K4pzZEpjU99QpmwDKGj/u6YFuE0A YeNBOn9dD8LFwtrALFB5so0p32W+znwgoatr0bs6X6sjptBkgxnAcgAQPw4ACIEHzxRU59vfV+nt +cBeMOla0Q+WySJd5YsdCOOHj44VHRLgw9sJxPKBzc6keI96K+OClPlE9/lE0jYM1wLW54OBD6gL ZQvWg4RixZ4/X+smHfwYPEWkm8HVK2payPtgBX64ym8EbAwiguysaM1smfXKlAFVDgFVUMVgtfRK S9f1pDB+NawNuqJ3feUFtht2Z4AiaEHzwjuu+ERXR3OS2NALi7z3Qn1HpABhzVWBFRcA34phQDNN LdUR3uN4rRiyU5K7I1LcP/Gux2twIwBc9wczsPds7MOzpMMzk/d3sX2bwzMjRTSrX2h4lq42T1BJ GfW6/rGPxtY6ctE78j4am0y6+2iMiXRjFjvQPhojcfz+RmPG9vlkH42t3H7f6mjMVMOevo/G5r0y YUCVYgioS47GSjmk+X00Nr+49zgaK3XvhftojFvutzQas0N2SnLnGYT09YzGYHF0ZiNonAABpOAe CV+JYQdfeBsZ3FRDVUexNOV3W+IMpvu8Lem8zer++/3f5rzNFmV0q2A7IpxKQLWxovyAI87fOnCI B9seX/JuV/Db8nWdbh/irY0O20fHPsSbzOT7EG8+0qtcLnagfYhH4vj9DfEq0eeTfYhHcuO1D/Eq Nezp+xBv3itTBpQeAuqSQ7zKDGl+H+LNL+49DvGqsvfCfYjHLfcbGuIJt7ihf0hwc9qSJ8qAu8FM jv2OJUy6Yt+yh0kXjaX0gAqZLwZ0xddtJT4siR2MdZWLFyYrnsADNwDys9Tr8IathnqxB5TJqnGT YtiPb6aLZq9OUARYvG/SUL/5THgISMgV3W0ENR8V26XOkiJfUmPNSBH0COnNV78W0+GpkVCrCzqT Vmd+FXRSbPMQCd+WHcoQ0IYaBvZBQ1EGO0Bj6jkIzPVvuFNQMYgzUCyBWEVdqHN2T0rkFuCzIIRT 6OJ4TJXnl/SRinVKEJgSZOG2BucN6ljUG8fzQVvjE06Hx0VPaZwSx9QFcWbzcVMQB4ZnI0K8YiKB 5ytGkjzsUOekCZACEQ05UOcsjxSKgUdDPqe5uNufPKaQR6lY4IFiob+iq+1uRjZxTUGP/qk4Im5+ uKmfB0RO1dOJd99Yyq5DMvB4yARKTzcIcEf2XEaC7Ar9MWR52MJbxbznZEKqpDxACjKFzEg1FeAl IIUeAVLA07p6a+YUPAI0pWboQhGuzENLOWOorlCYMzaY4cw75Wcrh/E514b1KbqYLo3MnQIeA75N CYLyWLBTgmHAQTTBUPDGpf7Q5ZmRoChicErMY87a06Wot3BT9Hu61MonvME93Wkcuhbd0zXEibxc Qq7xDNSNOdxZVtMVsVqZv3GradLCSOhY4GrcJa1W5qTjgsx6c0aaZPo6O2AAFQudSmCRAwULFI4F R1D0Ko3fPS50yTrj10sRvUu6tz7h7blkv0cN6EsAii0gc7i+BUPdyI0e3vhV0m0NKtvP073ARUKj tmsI2xa9pqhk6E6F0G/cnZzGAS4ahjQQqhXbwZ3ffYBLdl8pNnEpMBpbIAW6YmikqdgFnTV0gWzT tyZBsnhgewp4wCl0qBm7GFzOrJb2XXzfzGOKX2yPXJebm3KCppAYgSnfWSNCADtdjNacT+FkNHLL pKL+cJFkWme1+WTKt+uS4ijhIbyRCsCTQpsNtWKiSINEUn8Gxfi2CBWjBGik/Yn7xbaIyWvVsiyC 5/YqGKNM3wzDyVN5TKANBfp/5yXFeqo8XA8EfVeowKDPq6PhfntwgXVKR0FRSmwJilLhw5lzuoXj 9xg+cRCI6ZnMeghKuykEVoXPp4aJuSEr9hsO95O91H+EyTT8ul/en1o6Mzk/ZA+HvwEERUTtZW5k c3RyZWFtCmVuZG9iagoyMDggMCBvYmoKMjc3OQplbmRvYmoKMjEyIDAgb2JqClsxMCAvWFlaIDQ3 LjUxOTk5OTkgIAo1NDQuODc5OTk5ICAwXQplbmRvYmoKMjEzIDAgb2JqClsxMCAvWFlaIDUwLjM5 OTk5OTkgIAo2MzguOTU5OTk5ICAwXQplbmRvYmoKMjE0IDAgb2JqClsxMCAvWFlaIDUwLjM5OTk5 OTkgIAo3MzYuODc5OTk5ICAwXQplbmRvYmoKMjE1IDAgb2JqClsxMCAvWFlaIDQ3LjUxOTk5OTkg IAozNzEuMTE5OTk5ICAwXQplbmRvYmoKMjE2IDAgb2JqClsxMCAvWFlaIDQ3LjUxOTk5OTkgIAox MTAuOTU5OTk5ICAwXQplbmRvYmoKMjE3IDAgb2JqClsxMCAvWFlaIDUwLjM5OTk5OTkgIAo0NjQu MjM5OTk5ICAwXQplbmRvYmoKMjE4IDAgb2JqClsxMCAvWFlaIDUwLjM5OTk5OTkgIAo0MjEuOTk5 OTk5ICAwXQplbmRvYmoKMjE5IDAgb2JqClsxMCAvWFlaIDUwLjM5OTk5OTkgIAo3MDMuMjc5OTk5 ICAwXQplbmRvYmoKMjIwIDAgb2JqClsxMCAvWFlaIDUwLjM5OTk5OTkgIAo2MDUuMzU5OTk5ICAw XQplbmRvYmoKMjIxIDAgb2JqClsxMCAvWFlaIDUwLjM5OTk5OTkgIAo0ODYuMzE5OTk5ICAwXQpl bmRvYmoKMjIyIDAgb2JqClsxMCAvWFlaIDQ3LjUxOTk5OTkgIAozNDEuMzU5OTk5ICAwXQplbmRv YmoKMjIzIDAgb2JqClsxMCAvWFlaIDQ3LjUxOTk5OTkgIAo4MC4yMzk5OTk5ICAwXQplbmRvYmoK MjI0IDAgb2JqClsxMCAvWFlaIDUwLjM5OTk5OTkgIAo4MDIuMTU5OTk5ICAwXQplbmRvYmoKMjI1 IDAgb2JqClsxMCAvWFlaIDUwLjM5OTk5OTkgIAo2MjYuNDc5OTk5ICAwXQplbmRvYmoKMjI2IDAg b2JqClsxMCAvWFlaIDUwLjM5OTk5OTkgIAozOTEuMjc5OTk5ICAwXQplbmRvYmoKMjI3IDAgb2Jq ClsxMCAvWFlaIDUwLjM5OTk5OTkgIAo3MjUuMzU5OTk5ICAwXQplbmRvYmoKMjI4IDAgb2JqClsx MCAvWFlaIDUwLjM5OTk5OTkgIAo2ODIuMTU5OTk5ICAwXQplbmRvYmoKMjI5IDAgb2JqClsxMCAv WFlaIDUwLjM5OTk5OTkgIAo2NjAuMDc5OTk5ICAwXQplbmRvYmoKMjMwIDAgb2JqClsxMCAvWFla IDQ3LjUxOTk5OTkgIAo1MTUuMTIwMDAwICAwXQplbmRvYmoKMjMxIDAgb2JqClsxMCAvWFlaIDUw LjM5OTk5OTkgIAo1NzQuNjM5OTk5ICAwXQplbmRvYmoKMjMyIDAgb2JqClsxMCAvWFlaIDUwLjM5 OTk5OTkgIAo0NDMuMTE5OTk5ICAwXQplbmRvYmoKMjMzIDAgb2JqClsxMCAvWFlaIDUwLjM5OTk5 OTkgIAo3ODkuNjc5OTk5ICAwXQplbmRvYmoKMjM0IDAgb2JqClsxMCAvWFlaIDUwLjM5OTk5OTkg IAo3NjcuNTk5OTk5ICAwXQplbmRvYmoKMjM1IDAgb2JqCjw8Ci9UeXBlIC9Bbm5vdAovU3VidHlw ZSAvTGluawovUmVjdCBbNTIyLjcyMDAwMCAgNTExLjI3OTk5OSAgNTQzLjg0MDAwMCAgNTE4Ljk1 OTk5OSBdCi9Cb3JkZXIgWzAgMCAwXQovRGVzdCAvZmlsZSMzYSMyZiMyZiMyZnZhciMyZnRtcCMy ZkNHSXRlbXA1MDY2Ny5kaXIjMmZkcmFmdCMyZGlldGYjMmRvYXV0aCMyZHYyIzJkYmVhcmVyLmh0 bWwuaHRtbCMyM3RvYwo+PgplbmRvYmoKMjM2IDAgb2JqCjw8Ci9UeXBlIC9Bbm5vdAovU3VidHlw ZSAvTGluawovUmVjdCBbNTIyLjcyMDAwMCAgMzM3LjUxOTk5OSAgNTQzLjg0MDAwMCAgMzQ1LjE5 OTk5OSBdCi9Cb3JkZXIgWzAgMCAwXQovRGVzdCAvZmlsZSMzYSMyZiMyZiMyZnZhciMyZnRtcCMy ZkNHSXRlbXA1MDY2Ny5kaXIjMmZkcmFmdCMyZGlldGYjMmRvYXV0aCMyZHYyIzJkYmVhcmVyLmh0 bWwuaHRtbCMyM3RvYwo+PgplbmRvYmoKMjM3IDAgb2JqCjw8Ci9UeXBlIC9Bbm5vdAovU3VidHlw ZSAvTGluawovUmVjdCBbNTIyLjcyMDAwMCAgNzYuMzk5OTk5OSAgNTQzLjg0MDAwMCAgODQuMDc5 OTk5OSBdCi9Cb3JkZXIgWzAgMCAwXQovRGVzdCAvZmlsZSMzYSMyZiMyZiMyZnZhciMyZnRtcCMy ZkNHSXRlbXA1MDY2Ny5kaXIjMmZkcmFmdCMyZGlldGYjMmRvYXV0aCMyZHYyIzJkYmVhcmVyLmh0 bWwuaHRtbCMyM3RvYwo+PgplbmRvYmoKMjM4IDAgb2JqCjw8Ci9UeXBlIC9Bbm5vdAovU3VidHlw ZSAvTGluawovUmVjdCBbMTY3LjUxOTk5OSAgODA2ICAxODMuODM5OTk5ICA4MTMuNjc5OTk5IF0K L0JvcmRlciBbMCAwIDBdCi9BIDw8Ci9UeXBlIC9BY3Rpb24KL1MgL1VSSQovVVJJIChodHRwOi8v d3d3LnJmYy1lZGl0b3Iub3JnL3JmYy9yZmMyMTE5LnR4dCkKPj4KPj4KZW5kb2JqCjIzOSAwIG9i ago8PAovVHlwZSAvQW5ub3QKL1N1YnR5cGUgL0xpbmsKL1JlY3QgWzE4OS41OTk5OTkgIDgwNiAg MjEyLjYzOTk5OSAgODEzLjY3OTk5OSBdCi9Cb3JkZXIgWzAgMCAwXQovQSA8PAovVHlwZSAvQWN0 aW9uCi9TIC9VUkkKL1VSSSAoaHR0cDovL3htbC5yZXNvdXJjZS5vcmcvcHVibGljL3JmYy9odG1s L3JmYzIxMTkuaHRtbCkKPj4KPj4KZW5kb2JqCjI0MCAwIG9iago8PAovVHlwZSAvQW5ub3QKL1N1 YnR5cGUgL0xpbmsKL1JlY3QgWzIxNi40Nzk5OTkgIDgwNiAgMjMzLjc1OTk5OSAgODEzLjY3OTk5 OSBdCi9Cb3JkZXIgWzAgMCAwXQovQSA8PAovVHlwZSAvQWN0aW9uCi9TIC9VUkkKL1VSSSAoaHR0 cDovL3htbC5yZXNvdXJjZS5vcmcvcHVibGljL3JmYy94bWwvcmZjMjExOS54bWwpCj4+Cj4+CmVu ZG9iagoyNDEgMCBvYmoKPDwKL1R5cGUgL0Fubm90Ci9TdWJ0eXBlIC9MaW5rCi9SZWN0IFsxMTgu NTYwMDAwICA3OTQuNDc5OTk5ICAxNTkuODQwMDAwICA4MDIuMTU5OTk5IF0KL0JvcmRlciBbMCAw IDBdCi9BIDw8Ci9UeXBlIC9BY3Rpb24KL1MgL1VSSQovVVJJIChtYWlsdG86dGRpZXJrc0BjZXJ0 aWNvbS5jb20pCj4+Cj4+CmVuZG9iagoyNDIgMCBvYmoKPDwKL1R5cGUgL0Fubm90Ci9TdWJ0eXBl IC9MaW5rCi9SZWN0IFsxNzguMDc5OTk5ICA3OTQuNDc5OTk5ICAyMTAuNzE5OTk5ICA4MDIuMTU5 OTk5IF0KL0JvcmRlciBbMCAwIDBdCi9BIDw8Ci9UeXBlIC9BY3Rpb24KL1MgL1VSSQovVVJJICht YWlsdG86Y2FsbGVuQGNlcnRpY29tLmNvbSkKPj4KPj4KZW5kb2JqCjI0MyAwIG9iago8PAovVHlw ZSAvQW5ub3QKL1N1YnR5cGUgL0xpbmsKL1JlY3QgWzIyMC4zMTk5OTkgIDc5NC40Nzk5OTkgIDM0 NC4xNTk5OTkgIDgwMi4xNTk5OTkgXQovQm9yZGVyIFswIDAgMF0KL0EgPDwKL1R5cGUgL0FjdGlv bgovUyAvVVJJCi9VUkkgKGh0dHA6Ly90b29scy5pZXRmLm9yZy9odG1sL3JmYzIyNDYpCj4+Cj4+ CmVuZG9iagoyNDQgMCBvYmoKPDwKL1R5cGUgL0Fubm90Ci9TdWJ0eXBlIC9MaW5rCi9SZWN0IFs0 NDguODAwMDAwICA3OTQuNDc5OTk5ICA0NjUuMTIwMDAwICA4MDIuMTU5OTk5IF0KL0JvcmRlciBb MCAwIDBdCi9BIDw8Ci9UeXBlIC9BY3Rpb24KL1MgL1VSSQovVVJJIChodHRwOi8vd3d3LnJmYy1l ZGl0b3Iub3JnL3JmYy9yZmMyMjQ2LnR4dCkKPj4KPj4KZW5kb2JqCjI0NSAwIG9iago8PAovVHlw ZSAvQW5ub3QKL1N1YnR5cGUgL0xpbmsKL1JlY3QgWzExOC41NjAwMDAgIDc4MiAgMTY1LjU5OTk5 OSAgNzg5LjY3OTk5OSBdCi9Cb3JkZXIgWzAgMCAwXQovQSA8PAovVHlwZSAvQWN0aW9uCi9TIC9V UkkKL1VSSSAobWFpbHRvOmZpZWxkaW5nQGljcy51Y2kuZWR1KQo+Pgo+PgplbmRvYmoKMjQ2IDAg b2JqCjw8Ci9UeXBlIC9Bbm5vdAovU3VidHlwZSAvTGluawovUmVjdCBbMTcwLjQwMDAwMCAgNzgy ICAyMDkuNzU5OTk5ICA3ODkuNjc5OTk5IF0KL0JvcmRlciBbMCAwIDBdCi9BIDw8Ci9UeXBlIC9B Y3Rpb24KL1MgL1VSSQovVVJJIChtYWlsdG86amdAdzMub3JnKQo+Pgo+PgplbmRvYmoKMjQ3IDAg b2JqCjw8Ci9UeXBlIC9Bbm5vdAovU3VidHlwZSAvTGluawovUmVjdCBbMjE1LjUxOTk5OSAgNzgy ICAyNTEuMDM5OTk5ICA3ODkuNjc5OTk5IF0KL0JvcmRlciBbMCAwIDBdCi9BIDw8Ci9UeXBlIC9B Y3Rpb24KL1MgL1VSSQovVVJJIChtYWlsdG86bW9ndWxAd3JsLmRlYy5jb20pCj4+Cj4+CmVuZG9i agoyNDggMCBvYmoKPDwKL1R5cGUgL0Fubm90Ci9TdWJ0eXBlIC9MaW5rCi9SZWN0IFsyNTUuODQw MDAwICA3ODIgIDMwMi44Nzk5OTkgIDc4OS42Nzk5OTkgXQovQm9yZGVyIFswIDAgMF0KL0EgPDwK L1R5cGUgL0FjdGlvbgovUyAvVVJJCi9VUkkgKG1haWx0bzpmcnlzdHlrQHczLm9yZykKPj4KPj4K ZW5kb2JqCjI0OSAwIG9iago8PAovVHlwZSAvQW5ub3QKL1N1YnR5cGUgL0xpbmsKL1JlY3QgWzMw OC42Mzk5OTkgIDc4MiAgMzU4LjU2MDAwMCAgNzg5LjY3OTk5OSBdCi9Cb3JkZXIgWzAgMCAwXQov QSA8PAovVHlwZSAvQWN0aW9uCi9TIC9VUkkKL1VSSSAobWFpbHRvOm1hc2ludGVyQHBhcmMueGVy b3guY29tKQo+Pgo+PgplbmRvYmoKMjUwIDAgb2JqCjw8Ci9UeXBlIC9Bbm5vdAovU3VidHlwZSAv TGluawovUmVjdCBbMzYzLjM2MDAwMCAgNzgyICA0MDEuNzU5OTk5ICA3ODkuNjc5OTk5IF0KL0Jv cmRlciBbMCAwIDBdCi9BIDw8Ci9UeXBlIC9BY3Rpb24KL1MgL1VSSQovVVJJIChtYWlsdG86cGF1 bGxlQG1pY3Jvc29mdC5jb20pCj4+Cj4+CmVuZG9iagoyNTEgMCBvYmoKPDwKL1R5cGUgL0Fubm90 Ci9TdWJ0eXBlIC9MaW5rCi9SZWN0IFs0MjMuODM5OTk5ICA3ODIgIDQ4Ni4yMzk5OTkgIDc4OS42 Nzk5OTkgXQovQm9yZGVyIFswIDAgMF0KL0EgPDwKL1R5cGUgL0FjdGlvbgovUyAvVVJJCi9VUkkg KG1haWx0bzp0aW1ibEB3My5vcmcpCj4+Cj4+CmVuZG9iagoyNTIgMCBvYmoKPDwKL1R5cGUgL0Fu bm90Ci9TdWJ0eXBlIC9MaW5rCi9SZWN0IFsxMjIuMzk5OTk5ICA3NzIuMzk5OTk5ICAyOTQuMjQw MDAwICA3ODAuMDc5OTk5IF0KL0JvcmRlciBbMCAwIDBdCi9BIDw8Ci9UeXBlIC9BY3Rpb24KL1Mg L1VSSQovVVJJIChodHRwOi8vdG9vbHMuaWV0Zi5vcmcvaHRtbC9yZmMyNjE2KQo+Pgo+PgplbmRv YmoKMjUzIDAgb2JqCjw8Ci9UeXBlIC9Bbm5vdAovU3VidHlwZSAvTGluawovUmVjdCBbMzg2LjM5 OTk5OSAgNzcyLjM5OTk5OSAgNDAyLjcxOTk5OSAgNzgwLjA3OTk5OSBdCi9Cb3JkZXIgWzAgMCAw XQovQSA8PAovVHlwZSAvQWN0aW9uCi9TIC9VUkkKL1VSSSAoaHR0cDovL3d3dy5yZmMtZWRpdG9y Lm9yZy9yZmMvcmZjMjYxNi50eHQpCj4+Cj4+CmVuZG9iagoyNTQgMCBvYmoKPDwKL1R5cGUgL0Fu bm90Ci9TdWJ0eXBlIC9MaW5rCi9SZWN0IFs0MDguNDc5OTk5ICA3NzIuMzk5OTk5ICA0MTkuMDM5 OTk5ICA3ODAuMDc5OTk5IF0KL0JvcmRlciBbMCAwIDBdCi9BIDw8Ci9UeXBlIC9BY3Rpb24KL1Mg L1VSSQovVVJJIChodHRwOi8vd3d3LnJmYy1lZGl0b3Iub3JnL3JmYy9yZmMyNjE2LnBzKQo+Pgo+ PgplbmRvYmoKMjU1IDAgb2JqCjw8Ci9UeXBlIC9Bbm5vdAovU3VidHlwZSAvTGluawovUmVjdCBb NDIzLjgzOTk5OSAgNzcyLjM5OTk5OSAgNDM5LjE5OTk5OSAgNzgwLjA3OTk5OSBdCi9Cb3JkZXIg WzAgMCAwXQovQSA8PAovVHlwZSAvQWN0aW9uCi9TIC9VUkkKL1VSSSAoaHR0cDovL3d3dy5yZmMt ZWRpdG9yLm9yZy9yZmMvcmZjMjYxNi5wZGYpCj4+Cj4+CmVuZG9iagoyNTYgMCBvYmoKPDwKL1R5 cGUgL0Fubm90Ci9TdWJ0eXBlIC9MaW5rCi9SZWN0IFs0NDQgIDc3Mi4zOTk5OTkgIDQ2Ny4wNDAw MDAgIDc4MC4wNzk5OTkgXQovQm9yZGVyIFswIDAgMF0KL0EgPDwKL1R5cGUgL0FjdGlvbgovUyAv VVJJCi9VUkkgKGh0dHA6Ly94bWwucmVzb3VyY2Uub3JnL3B1YmxpYy9yZmMvaHRtbC9yZmMyNjE2 Lmh0bWwpCj4+Cj4+CmVuZG9iagoyNTcgMCBvYmoKPDwKL1R5cGUgL0Fubm90Ci9TdWJ0eXBlIC9M aW5rCi9SZWN0IFs0NzEuODM5OTk5ICA3NzIuMzk5OTk5ICA0ODkuMTIwMDAwICA3ODAuMDc5OTk5 IF0KL0JvcmRlciBbMCAwIDBdCi9BIDw8Ci9UeXBlIC9BY3Rpb24KL1MgL1VSSQovVVJJIChodHRw Oi8veG1sLnJlc291cmNlLm9yZy9wdWJsaWMvcmZjL3htbC9yZmMyNjE2LnhtbCkKPj4KPj4KZW5k b2JqCjI1OCAwIG9iago8PAovVHlwZSAvQW5ub3QKL1N1YnR5cGUgL0xpbmsKL1JlY3QgWzExOC41 NjAwMDAgIDc1OS45MTk5OTkgIDE1Ny45MjAwMDAgIDc2Ny41OTk5OTkgXQovQm9yZGVyIFswIDAg MF0KL0EgPDwKL1R5cGUgL0FjdGlvbgovUyAvVVJJCi9VUkkgKG1haWx0bzpqb2huQG1hdGgubnd1 LmVkdSkKPj4KPj4KZW5kb2JqCjI1OSAwIG9iago8PAovVHlwZSAvQW5ub3QKL1N1YnR5cGUgL0xp bmsKL1JlY3QgWzE2Mi43MTk5OTkgIDc1OS45MTk5OTkgIDIzNC43MTk5OTkgIDc2Ny41OTk5OTkg XQovQm9yZGVyIFswIDAgMF0KL0EgPDwKL1R5cGUgL0FjdGlvbgovUyAvVVJJCi9VUkkgKG1haWx0 bzpwYmFrZXJAdmVyaXNpZ24uY29tKQo+Pgo+PgplbmRvYmoKMjYwIDAgb2JqCjw8Ci9UeXBlIC9B bm5vdAovU3VidHlwZSAvTGluawovUmVjdCBbMjM5LjUxOTk5OSAgNzU5LjkxOTk5OSAgMjkwLjM5 OTk5OSAgNzY3LjU5OTk5OSBdCi9Cb3JkZXIgWzAgMCAwXQovQSA8PAovVHlwZSAvQWN0aW9uCi9T IC9VUkkKL1VSSSAobWFpbHRvOmplZmZAQWJpU291cmNlLmNvbSkKPj4KPj4KZW5kb2JqCjI2MSAw IG9iago8PAovVHlwZSAvQW5ub3QKL1N1YnR5cGUgL0xpbmsKL1JlY3QgWzI5Ni4xNTk5OTkgIDc1 OS45MTk5OTkgIDM1MC44Nzk5OTkgIDc2Ny41OTk5OTkgXQovQm9yZGVyIFswIDAgMF0KL0EgPDwK L1R5cGUgL0FjdGlvbgovUyAvVVJJCi9VUkkgKG1haWx0bzpsYXdyZW5jZUBhZ3JhbmF0LmNvbSkK Pj4KPj4KZW5kb2JqCjI2MiAwIG9iago8PAovVHlwZSAvQW5ub3QKL1N1YnR5cGUgL0xpbmsKL1Jl Y3QgWzM1NS42ODAwMDAgIDc1OS45MTk5OTkgIDM5NC4wNzk5OTkgIDc2Ny41OTk5OTkgXQovQm9y ZGVyIFswIDAgMF0KL0EgPDwKL1R5cGUgL0FjdGlvbgovUyAvVVJJCi9VUkkgKG1haWx0bzpwYXVs bGVAbWljcm9zb2Z0LmNvbSkKPj4KPj4KZW5kb2JqCjI2MyAwIG9iago8PAovVHlwZSAvQW5ub3QK L1N1YnR5cGUgL0xpbmsKL1JlY3QgWzQ2OCAgNzU5LjkxOTk5OSAgNTEyLjE1OTk5OSAgNzY3LjU5 OTk5OSBdCi9Cb3JkZXIgWzAgMCAwXQovQSA8PAovVHlwZSAvQWN0aW9uCi9TIC9VUkkKL1VSSSAo bWFpbHRvOnN0ZXdhcnRAT3Blbk1hcmtldC5jb20pCj4+Cj4+CmVuZG9iagoyNjQgMCBvYmoKPDwK L1R5cGUgL0Fubm90Ci9TdWJ0eXBlIC9MaW5rCi9SZWN0IFsxMjIuMzk5OTk5ICA3NTEuMjc5OTk5 ICAzODguMzE5OTk5ICA3NTguOTU5OTk5IF0KL0JvcmRlciBbMCAwIDBdCi9BIDw8Ci9UeXBlIC9B Y3Rpb24KL1MgL1VSSQovVVJJIChodHRwOi8vdG9vbHMuaWV0Zi5vcmcvaHRtbC9yZmMyNjE3KQo+ Pgo+PgplbmRvYmoKMjY1IDAgb2JqCjw8Ci9UeXBlIC9Bbm5vdAovU3VidHlwZSAvTGluawovUmVj dCBbNDgxLjQzOTk5OSAgNzUxLjI3OTk5OSAgNDk3Ljc1OTk5OSAgNzU4Ljk1OTk5OSBdCi9Cb3Jk ZXIgWzAgMCAwXQovQSA8PAovVHlwZSAvQWN0aW9uCi9TIC9VUkkKL1VSSSAoaHR0cDovL3d3dy5y ZmMtZWRpdG9yLm9yZy9yZmMvcmZjMjYxNy50eHQpCj4+Cj4+CmVuZG9iagoyNjYgMCBvYmoKPDwK L1R5cGUgL0Fubm90Ci9TdWJ0eXBlIC9MaW5rCi9SZWN0IFs1MDIuNTYwMDAwICA3NTEuMjc5OTk5 ICA1MjUuNjAwMDAwICA3NTguOTU5OTk5IF0KL0JvcmRlciBbMCAwIDBdCi9BIDw8Ci9UeXBlIC9B Y3Rpb24KL1MgL1VSSQovVVJJIChodHRwOi8veG1sLnJlc291cmNlLm9yZy9wdWJsaWMvcmZjL2h0 bWwvcmZjMjYxNy5odG1sKQo+Pgo+PgplbmRvYmoKMjY3IDAgb2JqCjw8Ci9UeXBlIC9Bbm5vdAov U3VidHlwZSAvTGluawovUmVjdCBbMTE4LjU2MDAwMCAgNzQxLjY3OTk5OSAgMTM1Ljg0MDAwMCAg NzQ5LjM1OTk5OSBdCi9Cb3JkZXIgWzAgMCAwXQovQSA8PAovVHlwZSAvQWN0aW9uCi9TIC9VUkkK L1VSSSAoaHR0cDovL3htbC5yZXNvdXJjZS5vcmcvcHVibGljL3JmYy94bWwvcmZjMjYxNy54bWwp Cj4+Cj4+CmVuZG9iagoyNjggMCBvYmoKPDwKL1R5cGUgL0Fubm90Ci9TdWJ0eXBlIC9MaW5rCi9S ZWN0IFsxNzAuNDAwMDAwICA3MjkuMTk5OTk5ICAyMzIuODAwMDAwICA3MzYuODc5OTk5IF0KL0Jv cmRlciBbMCAwIDBdCi9BIDw8Ci9UeXBlIC9BY3Rpb24KL1MgL1VSSQovVVJJIChodHRwOi8vdG9v bHMuaWV0Zi5vcmcvaHRtbC9yZmMyODE4KQo+Pgo+PgplbmRvYmoKMjY5IDAgb2JqCjw8Ci9UeXBl IC9Bbm5vdAovU3VidHlwZSAvTGluawovUmVjdCBbMzI1LjkyMDAwMCAgNzI5LjE5OTk5OSAgMzQy LjI0MDAwMCAgNzM2Ljg3OTk5OSBdCi9Cb3JkZXIgWzAgMCAwXQovQSA8PAovVHlwZSAvQWN0aW9u Ci9TIC9VUkkKL1VSSSAoaHR0cDovL3d3dy5yZmMtZWRpdG9yLm9yZy9yZmMvcmZjMjgxOC50eHQp Cj4+Cj4+CmVuZG9iagoyNzAgMCBvYmoKPDwKL1R5cGUgL0Fubm90Ci9TdWJ0eXBlIC9MaW5rCi9S ZWN0IFsxMTguNTYwMDAwICA3MTcuNjc5OTk5ICAxODMuODQwMDAwICA3MjUuMzU5OTk5IF0KL0Jv cmRlciBbMCAwIDBdCi9BIDw8Ci9UeXBlIC9BY3Rpb24KL1MgL1VSSQovVVJJIChtYWlsdG86dGlt YmxAdzMub3JnKQo+Pgo+PgplbmRvYmoKMjcxIDAgb2JqCjw8Ci9UeXBlIC9Bbm5vdAovU3VidHlw ZSAvTGluawovUmVjdCBbMTg5LjU5OTk5OSAgNzE3LjY3OTk5OSAgMjM2LjYzOTk5OSAgNzI1LjM1 OTk5OSBdCi9Cb3JkZXIgWzAgMCAwXQovQSA8PAovVHlwZSAvQWN0aW9uCi9TIC9VUkkKL1VSSSAo bWFpbHRvOmZpZWxkaW5nQGdiaXYuY29tKQo+Pgo+PgplbmRvYmoKMjcyIDAgb2JqCjw8Ci9UeXBl IC9Bbm5vdAovU3VidHlwZSAvTGluawovUmVjdCBbMjU3Ljc1OTk5OSAgNzE3LjY3OTk5OSAgMzA0 LjgwMDAwMCAgNzI1LjM1OTk5OSBdCi9Cb3JkZXIgWzAgMCAwXQovQSA8PAovVHlwZSAvQWN0aW9u Ci9TIC9VUkkKL1VSSSAobWFpbHRvOkxNTUBhY20ub3JnKQo+Pgo+PgplbmRvYmoKMjczIDAgb2Jq Cjw8Ci9UeXBlIC9Bbm5vdAovU3VidHlwZSAvTGluawovUmVjdCBbMzEzLjQzOTk5OSAgNzE3LjY3 OTk5OSAgNTI4LjQ4MDAwMCAgNzI1LjM1OTk5OSBdCi9Cb3JkZXIgWzAgMCAwXQovQSA8PAovVHlw ZSAvQWN0aW9uCi9TIC9VUkkKL1VSSSAoaHR0cDovL3Rvb2xzLmlldGYub3JnL2h0bWwvcmZjMzk4 NikKPj4KPj4KZW5kb2JqCjI3NCAwIG9iago8PAovVHlwZSAvQW5ub3QKL1N1YnR5cGUgL0xpbmsK L1JlY3QgWzI0Ni4yMzk5OTkgIDcwOC4wNzk5OTkgIDI2Mi41NjAwMDAgIDcxNS43NTk5OTkgXQov Qm9yZGVyIFswIDAgMF0KL0EgPDwKL1R5cGUgL0FjdGlvbgovUyAvVVJJCi9VUkkgKGh0dHA6Ly93 d3cucmZjLWVkaXRvci5vcmcvcmZjL3JmYzM5ODYudHh0KQo+Pgo+PgplbmRvYmoKMjc1IDAgb2Jq Cjw8Ci9UeXBlIC9Bbm5vdAovU3VidHlwZSAvTGluawovUmVjdCBbMjY3LjM2MDAwMCAgNzA4LjA3 OTk5OSAgMjkwLjQwMDAwMCAgNzE1Ljc1OTk5OSBdCi9Cb3JkZXIgWzAgMCAwXQovQSA8PAovVHlw ZSAvQWN0aW9uCi9TIC9VUkkKL1VSSSAoaHR0cDovL3htbC5yZXNvdXJjZS5vcmcvcHVibGljL3Jm Yy9odG1sL3JmYzM5ODYuaHRtbCkKPj4KPj4KZW5kb2JqCjI3NiAwIG9iago8PAovVHlwZSAvQW5u b3QKL1N1YnR5cGUgL0xpbmsKL1JlY3QgWzI5NS4xOTk5OTkgIDcwOC4wNzk5OTkgIDMxMi40ODAw MDAgIDcxNS43NTk5OTkgXQovQm9yZGVyIFswIDAgMF0KL0EgPDwKL1R5cGUgL0FjdGlvbgovUyAv VVJJCi9VUkkgKGh0dHA6Ly94bWwucmVzb3VyY2Uub3JnL3B1YmxpYy9yZmMveG1sL3JmYzM5ODYu eG1sKQo+Pgo+PgplbmRvYmoKMjc3IDAgb2JqCjw8Ci9UeXBlIC9Bbm5vdAovU3VidHlwZSAvTGlu awovUmVjdCBbMjI0LjE1OTk5OSAgNjk1LjU5OTk5OSAgNDMxLjUxOTk5OSAgNzAzLjI3OTk5OSBd Ci9Cb3JkZXIgWzAgMCAwXQovQSA8PAovVHlwZSAvQWN0aW9uCi9TIC9VUkkKL1VSSSAoaHR0cDov L3Rvb2xzLmlldGYub3JnL2h0bWwvcmZjNTIzNCkKPj4KPj4KZW5kb2JqCjI3OCAwIG9iago8PAov VHlwZSAvQW5ub3QKL1N1YnR5cGUgL0xpbmsKL1JlY3QgWzE3My4yODAwMDAgIDY4Ni45NTk5OTkg IDE4OS41OTk5OTkgIDY5NC42Mzk5OTkgXQovQm9yZGVyIFswIDAgMF0KL0EgPDwKL1R5cGUgL0Fj dGlvbgovUyAvVVJJCi9VUkkgKGh0dHA6Ly93d3cucmZjLWVkaXRvci5vcmcvcmZjL3JmYzUyMzQu dHh0KQo+Pgo+PgplbmRvYmoKMjc5IDAgb2JqCjw8Ci9UeXBlIC9Bbm5vdAovU3VidHlwZSAvTGlu awovUmVjdCBbMjIwLjMxOTk5OSAgNjc0LjQ3OTk5OSAgNDYyLjI0MDAwMCAgNjgyLjE1OTk5OSBd Ci9Cb3JkZXIgWzAgMCAwXQovQSA8PAovVHlwZSAvQWN0aW9uCi9TIC9VUkkKL1VSSSAoaHR0cDov L3Rvb2xzLmlldGYub3JnL2h0bWwvcmZjNTI0NikKPj4KPj4KZW5kb2JqCjI4MCAwIG9iago8PAov VHlwZSAvQW5ub3QKL1N1YnR5cGUgL0xpbmsKL1JlY3QgWzE3MC40MDAwMDAgIDY2NC44Nzk5OTkg IDE4Ni43MTk5OTkgIDY3Mi41NTk5OTkgXQovQm9yZGVyIFswIDAgMF0KL0EgPDwKL1R5cGUgL0Fj dGlvbgovUyAvVVJJCi9VUkkgKGh0dHA6Ly93d3cucmZjLWVkaXRvci5vcmcvcmZjL3JmYzUyNDYu dHh0KQo+Pgo+PgplbmRvYmoKMjgxIDAgb2JqCjw8Ci9UeXBlIC9Bbm5vdAovU3VidHlwZSAvTGlu awovUmVjdCBbMTE4LjU2MDAwMCAgNjQzLjc1OTk5OSAgNTEyLjE1OTk5OSAgNjYwLjA4MDAwMCBd Ci9Cb3JkZXIgWzAgMCAwXQovQSA8PAovVHlwZSAvQWN0aW9uCi9TIC9VUkkKL1VSSSAoaHR0cDov L3Rvb2xzLmlldGYub3JnL2h0bWwvcmZjNTI4MCkKPj4KPj4KZW5kb2JqCjI4MiAwIG9iago8PAov VHlwZSAvQW5ub3QKL1N1YnR5cGUgL0xpbmsKL1JlY3QgWzUxMC4yNDAwMDAgIDY0My43NTk5OTkg IDUyNi41NjAwMDAgIDY1MS40Mzk5OTkgXQovQm9yZGVyIFswIDAgMF0KL0EgPDwKL1R5cGUgL0Fj dGlvbgovUyAvVVJJCi9VUkkgKGh0dHA6Ly93d3cucmZjLWVkaXRvci5vcmcvcmZjL3JmYzUyODAu dHh0KQo+Pgo+PgplbmRvYmoKMjgzIDAgb2JqCjw8Ci9UeXBlIC9Bbm5vdAovU3VidHlwZSAvTGlu awovUmVjdCBbMTU5Ljg0MDAwMCAgNjMxLjI3OTk5OSAgMzE3LjI3OTk5OSAgNjM4Ljk1OTk5OSBd Ci9Cb3JkZXIgWzAgMCAwXQovQSA8PAovVHlwZSAvQWN0aW9uCi9TIC9VUkkKL1VSSSAoaHR0cDov L3Rvb2xzLmlldGYub3JnL2h0bWwvcmZjNjI2NSkKPj4KPj4KZW5kb2JqCjI4NCAwIG9iago8PAov VHlwZSAvQW5ub3QKL1N1YnR5cGUgL0xpbmsKL1JlY3QgWzQxMC4zOTk5OTkgIDYzMS4yNzk5OTkg IDQyNi43MTk5OTkgIDYzOC45NTk5OTkgXQovQm9yZGVyIFswIDAgMF0KL0EgPDwKL1R5cGUgL0Fj dGlvbgovUyAvVVJJCi9VUkkgKGh0dHA6Ly93d3cucmZjLWVkaXRvci5vcmcvcmZjL3JmYzYyNjUu dHh0KQo+Pgo+PgplbmRvYmoKMjg1IDAgb2JqCjw8Ci9UeXBlIC9Bbm5vdAovU3VidHlwZSAvTGlu awovUmVjdCBbMjU1Ljg0MDAwMCAgNTkyLjg3OTk5OSAgMzU3LjYwMDAwMCAgNjAwLjU1OTk5OSBd Ci9Cb3JkZXIgWzAgMCAwXQovQSA8PAovVHlwZSAvQWN0aW9uCi9TIC9VUkkKL1VSSSAoaHR0cDov L3d3dy53My5vcmcvVFIvMTk5OS9SRUMtaHRtbDQwMS0xOTk5MTIyNCkKPj4KPj4KZW5kb2JqCjI4 NiAwIG9iago8PAovVHlwZSAvQW5ub3QKL1N1YnR5cGUgL0xpbmsKL1JlY3QgWzM0Ny4wMzk5OTkg IDU4My4yNzk5OTkgIDM3MC4wNzk5OTkgIDU5MC45NTk5OTkgXQovQm9yZGVyIFswIDAgMF0KL0Eg PDwKL1R5cGUgL0FjdGlvbgovUyAvVVJJCi9VUkkgKGh0dHA6Ly93d3cudzMub3JnL1RSLzE5OTkv UkVDLWh0bWw0MDEtMTk5OTEyMjQpCj4+Cj4+CmVuZG9iagoyODcgMCBvYmoKPDwKL1R5cGUgL0Fu bm90Ci9TdWJ0eXBlIC9MaW5rCi9SZWN0IFsyMTAuNzE5OTk5ICA1NjIuMTU5OTk5ICA0MjQuNzk5 OTk5ICA1NjkuODM5OTk5IF0KL0JvcmRlciBbMCAwIDBdCi9BIDw8Ci9UeXBlIC9BY3Rpb24KL1Mg L1VSSQovVVJJIChodHRwOi8vd3d3LnczLm9yZy9UUi8yMDA0L1JFQy13ZWJhcmNoLTIwMDQxMjE1 KQo+Pgo+PgplbmRvYmoKMjg4IDAgb2JqCjw8Ci9UeXBlIC9Bbm5vdAovU3VidHlwZSAvTGluawov UmVjdCBbMzk0LjA3OTk5OSAgNTUyLjU1OTk5OSAgNDE3LjEyMDAwMCAgNTYwLjIzOTk5OSBdCi9C b3JkZXIgWzAgMCAwXQovQSA8PAovVHlwZSAvQWN0aW9uCi9TIC9VUkkKL1VSSSAoaHR0cDovL3d3 dy53My5vcmcvVFIvMjAwNC9SRUMtd2ViYXJjaC0yMDA0MTIxNSkKPj4KPj4KZW5kb2JqCjI4OSAw IG9iago8PAovVHlwZSAvQW5ub3QKL1N1YnR5cGUgL0xpbmsKL1JlY3QgWzI4MS43NTk5OTkgIDQ3 OC42Mzk5OTkgIDUzMS4zNjAwMDAgIDQ4Ni4zMTk5OTkgXQovQm9yZGVyIFswIDAgMF0KL0EgPDwK L1R5cGUgL0FjdGlvbgovUyAvVVJJCi9VUkkgKGh0dHA6Ly90b29scy5pZXRmLm9yZy9odG1sL2Ry YWZ0LWlldGYtaHR0cGJpcy1wMS1tZXNzYWdpbmctMTkpCj4+Cj4+CmVuZG9iagoyOTAgMCBvYmoK PDwKL1R5cGUgL0Fubm90Ci9TdWJ0eXBlIC9MaW5rCi9SZWN0IFszODkuMjc5OTk5ICA0NjkuMDM5 OTk5ICA0MDUuNTk5OTk5ICA0NzYuNzE5OTk5IF0KL0JvcmRlciBbMCAwIDBdCi9BIDw8Ci9UeXBl IC9BY3Rpb24KL1MgL1VSSQovVVJJIChodHRwOi8vd3d3LmlldGYub3JnL2ludGVybmV0LWRyYWZ0 cy9kcmFmdC1pZXRmLWh0dHBiaXMtcDEtbWVzc2FnaW5nLTE5LnR4dCkKPj4KPj4KZW5kb2JqCjI5 MSAwIG9iago8PAovVHlwZSAvQW5ub3QKL1N1YnR5cGUgL0xpbmsKL1JlY3QgWzI4MS43NTk5OTkg IDQ1Ni41NTk5OTkgIDQyMi44Nzk5OTkgIDQ2NC4yMzk5OTkgXQovQm9yZGVyIFswIDAgMF0KL0Eg PDwKL1R5cGUgL0FjdGlvbgovUyAvVVJJCi9VUkkgKGh0dHA6Ly90b29scy5pZXRmLm9yZy9odG1s L2RyYWZ0LWlldGYtaHR0cGJpcy1wNy1hdXRoLTE5KQo+Pgo+PgplbmRvYmoKMjkyIDAgb2JqCjw8 Ci9UeXBlIC9Bbm5vdAovU3VidHlwZSAvTGluawovUmVjdCBbMjY5LjI3OTk5OSAgNDQ3LjkxOTk5 OSAgMjg1LjU5OTk5OSAgNDU1LjU5OTk5OSBdCi9Cb3JkZXIgWzAgMCAwXQovQSA8PAovVHlwZSAv QWN0aW9uCi9TIC9VUkkKL1VSSSAoaHR0cDovL3d3dy5pZXRmLm9yZy9pbnRlcm5ldC1kcmFmdHMv ZHJhZnQtaWV0Zi1odHRwYmlzLXA3LWF1dGgtMTkudHh0KQo+Pgo+PgplbmRvYmoKMjkzIDAgb2Jq Cjw8Ci9UeXBlIC9Bbm5vdAovU3VidHlwZSAvTGluawovUmVjdCBbMTM2Ljc5OTk5OSAgNDI2Ljc5 OTk5OSAgNTMyLjMxOTk5OSAgNDQzLjExOTk5OSBdCi9Cb3JkZXIgWzAgMCAwXQovQSA8PAovVHlw ZSAvQWN0aW9uCi9TIC9VUkkKL1VSSSAoaHR0cDovL2NzcmMubmlzdC5nb3YvcHVibGljYXRpb25z L1B1YnNEcmFmdHMuaHRtbCNTUC04MDAtNjMtUmV2LiAxKQo+Pgo+PgplbmRvYmoKMjk0IDAgb2Jq Cjw8Ci9UeXBlIC9Bbm5vdAovU3VidHlwZSAvTGluawovUmVjdCBbMTM2Ljc5OTk5OSAgMzk2LjA3 OTk5OSAgNTA2LjM5OTk5OSAgNDEyLjM5OTk5OSBdCi9Cb3JkZXIgWzAgMCAwXQovQSA8PAovVHlw ZSAvQWN0aW9uCi9TIC9VUkkKL1VSSSAoaHR0cDovL3d3dy5vYXRjLnVzL1N0YW5kYXJkcy9Eb3du bG9hZC5hc3B4KQo+Pgo+PgplbmRvYmoKMjk1IDAgb2JqCjw8Ci9UeXBlIC9Bbm5vdAovU3VidHlw ZSAvTGluawovUmVjdCBbMTM2Ljc5OTk5OSAgMzc0Ljk1OTk5OSAgNTAzLjUxOTk5OSAgMzkxLjI3 OTk5OSBdCi9Cb3JkZXIgWzAgMCAwXQovQSA8PAovVHlwZSAvQWN0aW9uCi9TIC9VUkkKL1VSSSAo aHR0cDovL29wZW5pZC5uZXQvc3BlY3Mvb3BlbmlkLWNvbm5lY3QtbWVzc2FnZXMtMV8wLmh0bWwp Cj4+Cj4+CmVuZG9iagoyMTEgMCBvYmoKPDwKL1R5cGUgL1BhZ2UKL1BhcmVudCAyIDAgUgovQ29u dGVudHMgMjk2IDAgUgovUmVzb3VyY2VzIDI5OCAwIFIKL0Fubm90cyAyOTkgMCBSCi9NZWRpYUJv eCBbMCAwIDU5NSA4NDJdCj4+CmVuZG9iagoyOTggMCBvYmoKPDwKL0NvbG9yU3BhY2UgPDwKL1BD U3AgNCAwIFIKL0NTcCAvRGV2aWNlUkdCCi9DU3BnIC9EZXZpY2VHcmF5Cj4+Ci9FeHRHU3RhdGUg PDwKL0dTYSAzIDAgUgo+PgovUGF0dGVybiA8PAo+PgovRm9udCA8PAovRjYgNiAwIFIKL0Y5IDkg MCBSCi9GOCA4IDAgUgo+PgovWE9iamVjdCA8PAo+Pgo+PgplbmRvYmoKMjk5IDAgb2JqClsgMjM1 IDAgUiAyMzYgMCBSIDIzNyAwIFIgMjM4IDAgUiAyMzkgMCBSIDI0MCAwIFIgMjQxIDAgUiAyNDIg MCBSIDI0MyAwIFIgMjQ0IDAgUiAyNDUgMCBSIDI0NiAwIFIgMjQ3IDAgUiAyNDggMCBSIDI0OSAw IFIgMjUwIDAgUiAyNTEgMCBSIDI1MiAwIFIgMjUzIDAgUiAyNTQgMCBSIDI1NSAwIFIgMjU2IDAg UiAyNTcgMCBSIDI1OCAwIFIgMjU5IDAgUiAyNjAgMCBSIDI2MSAwIFIgMjYyIDAgUiAyNjMgMCBS IDI2NCAwIFIgMjY1IDAgUiAyNjYgMCBSIDI2NyAwIFIgMjY4IDAgUiAyNjkgMCBSIDI3MCAwIFIg MjcxIDAgUiAyNzIgMCBSIDI3MyAwIFIgMjc0IDAgUiAyNzUgMCBSIDI3NiAwIFIgMjc3IDAgUiAy NzggMCBSIDI3OSAwIFIgMjgwIDAgUiAyODEgMCBSIDI4MiAwIFIgMjgzIDAgUiAyODQgMCBSIDI4 NSAwIFIgMjg2IDAgUiAyODcgMCBSIDI4OCAwIFIgMjg5IDAgUiAyOTAgMCBSIDI5MSAwIFIgMjky IDAgUiAyOTMgMCBSIDI5NCAwIFIgMjk1IDAgUiBdCmVuZG9iagoyOTYgMCBvYmoKPDwKL0xlbmd0 aCAyOTcgMCBSCi9GaWx0ZXIgL0ZsYXRlRGVjb2RlCj4+CnN0cmVhbQp4nO1dSa8cOXK+v19RZwOt Ti65AYYBSd0y4IMBQQJ8GPhg9HhsDKSB5Tn47zu3qkzGV8yP5GNWsiRJmNF77KrMYDAY+/LrP3/6 j8t//f3y6/tP/3P5Y/n3/aeX6k1V9/OfSzX8/WW7oLs3Rlfjn0unzJumnVb/+Pry7fLt5ePLx+H/ v72oZvri8s/wH6+vqKa/f//jby+/zi9/mVc+vf/X4af/u+jLvwz/++vlT/8+LP55ed74ga8vXd8M cFSVMsOvX7a/KlOp9k0z/DysV/LX8cP//fJv/3D52wiYftNNwKsZwO2vvwxfNFa/scNvrwH52/rV AQrTa1U3nffn7YONWeCxF9vabvq5HbZubD3up6rqYb1R08/tiING2QHcSmm5rts3elm/PeeL5/kj ev6ygbk3yx/vzw7MW9jaCZwZ5u27ugkchM1Z3+zl9pwvnudLmDPh2QOzDwbfuRyB5/tn/dVdD8Lz fdrw0VImPLdNPT9eufTcNs0MjnJhEOs3mDfP+eJ5fjZ6bptuZjHKpY226aefETZnfbOX23O+eJ5/ EJ49MPtg8J3LEXi+f9Zf3fUgPN+nDR8tZcKzUn1vZiHj0LMa3tNM73VhEOs3mDfP+eJ5fjZ6HmBQ /fRelzaG9eGXCmFz17d7uT7ni+f5B+HZA7MPBt+5HIHn+2f9VayH4Pk+bfhoyYX5qqb1oLRE6T6N HTBT1U09qHsXVV/+9z+Ht3ycdJsEDUpNf7fAzCseDerbzhfffX759UMzwHb5/JfLDMEv8z+fZ6h/ GcBum8vnP1/+cQTqny6f//oyKozLgp4W2nXBTAvdumDlJ+Zn/P552f9BuG57/Yy47irzdLhWyqgn xLVSVh+E60RT59vOF6cN9Z4NKdWNxKP664bsDEy/Qvd2WmjWhQ/Tgl0XummhljjYfKUWWDKN+IR+ TxcADvlQ9duKR0mnI94U4k11Aw8fdm/e1MMDBxmhR0G0Lnx5+RRE+vdet39MOw/bpcARYufAgOCW E+zkcZxCXyM+HXC1kRemjj41PbzLPTVblX1qI8QuGjyHtB6jqcRFtPbEY7QS/hzHaBtxjE1f+DEO EN/jll2hpzbg0wFXSdat3q7Q0dd4sTK9RVfdFQdvhTxQvwssaRAQUiaqhi3od/LCwA16Fy8PBnE4 bqW/kqRq9XahPJJcBPgG+63kLB+knAQFRB6Y/k1ivxYHZrVUArgi1Jyo5rTaxRIoD6jm/CYXfr+v gETRV9+49KVNXzh99Y3AHFBPw0hBvRdMUWn5CViAt3Qn8lEjOJxP+m0UXBMvDuvKpQ2rCuc9I8Qu bcg7r4CReIyfHb6xSNCNJfCBPUNLYQEcrpLSo+rpJ+D+y08AFQNgppY3gfJiYL3AzxHSjiK5ZpfY Vufdt5Hw9++bsfK04AJKpGh5fLqXghIMyl58BRaMFBL2nXwLZxXxokiB/kSNdCXt6Sw2OX1ogk1e W6GD1W1VNh8cId7ng0XZ5CM+HXAPNQu0PdIsAKUfOFtGs0DXN7Ogq7YL5ZHk1Sy4YR9xS80CFGfv JbJBFEnJo+QCNxyALE41HLpK4DGD40N1jUtO2nSFk1PXuGiwtTgkVGRAoZILizR9lZVpG3kcJxLL eIzZiUVPQaktsfSqbGLRc0Bqw/mlUww1Z9BYwXCQzOjZaGM4tfy00bcubZi6L5w2BoiJXAI1gbIJ zlnAocWpBz30J1LPeK7Zqcc0tUs91hTOWUaI9zmLUpRYqM6C5ESN9ABmJL0YZ5LTeNDZyckawYxs V7hWM0LsajXykFAnlvQFXiFweQWwGnBXnUkbXaAS82jfea0Eu6pd6VcefY0QO6j0xUT2aEPas5wZ oREW72RcDn3jD+RX48RIZw1qxcb//trkGG2uWWwJXn2lzUikpr2paLbdLpRHtSPEzq5BE0L16m08 kVIhq8HbABYljzkCoQP/hssir4JR0jvGN/c0AQm457AQoBgD1uUCbN+28i00ILGVGA9Xv20rrkQh AQkIN4ATP0dAAsMNIN/b+/K9vOiCbVqXH9uuL5sfjxA7xFd2dGHE5/5dSbEt+to9tboq/dT6WqAB Epg+nKgvVQcc0qKgbw7JNGUf0lVB9x8SZFPpMwN3pjng1KwWp9bqwk/NaqKglp1MW7cS/hzH2Hbu MTaVKvwYW2FdlZ1MO+LTAffQqHl9Tdk9K2oOX0mOmte3/G41J3LUxeZ3Xw3+G/YDohPUoMyRTFtU KEst+SN1zmIA1TYusejiiaVtBBrATwLBCJ73Cl+ZFRClVnoCkx1chPIhSIIZIhpFea31ETSpJU0a a8qmSU1pEn1EPJpKUzsC0rcTImYl8bzx5LPTl7G9S19Wq7Lpa4TYQQOGBYCBvRNKHIpQT67/XpBN fiWAXUHW+JlBNq3yk5PVrSCntiubnEaICTn9gAHYViqh3GMrA7DosQVf6juJFPgEd/LKT3BIIdFr MZogInF+uLk17m1qTOHMeYR4/zYFhJuBS1JtABg8XlFP8O8cO97cZ715QsXNLTMpOVTcrAk0swnU FJvgcA0V33adIzbIywchORSJlBs8NOsLE8VA0gCh82fQWi3zO72j1N4LSHoDDglYp44NLAeAcjde i0xzVbh9EkAwsFuqUMJrEY4fkU5P0ogqwWaeJvwOXWt+8PB73VeujGvmIudyZdwIsUN8ZYffm6V2 1n9XEnThZvbkb07NdmWfWiP1sSeLETZWwp+gT86n1t5Cgsqq7UJ5p3bVotvnCAmO+HTAPTQk2B8b EgRdBUKC8hPbkOCrDad1d6B5gHADYQ8N6EB0yYPR8zP0+ol4QY1RlXhfRoqZOFePbttmdduFAq/1 Uj0a0f0swUyERovKUOWaJu4GdyM5qcGXuDylKMaaK8bxeam8NSVvcoEtPSQcfCGHHmy6zr3EVlVl X2LTCVorWw8e8emAe6RsNnl738lqCiMdLSiKszW5MJveZFMvVFNu35VFd1ix/3TFUjFBqqIa6i19 XQ1tiRbf13VLgVMqasEUuPR13aDhZ5uVtPQdHUZOj44C6r53SdI0qnCS7IVISogCnltWf06CT6Ni KTDBdjMuQ/v60tSFczgDNxNiOnDQkhSgghKjCyBjIe2RM7CA0BG8F7weoB/QSBEK6pYx9BxRHkRq fJ9fzLmTnhQ4bRQbcrdWgs4jmgHdpOLVtISYJ2Q/QKVzAFeD5Nv353G1kb3sczWz8Z++1olntNdi WVC9Q1ho7ku7O6WUNYNzw0j/I0bKckBaSBfQBAeJlV/J4SDR3WR8anVTvKpmu1CepBwhdi5B2Q6S EZ8OuFkymqdo7vbUrC771MwcL92g4bkChcZK+LMkpnfiGFtV+DFaIYHKjhyO+HTAPdQ7ufavyeCd XCToTigR/Jc4qiNj5HDdHYpymFQF4k/qu0vMaKNFQvQRQok8UAhKtAwUZvRubKQueEPpa5Wn3H0v 1QiQDPqSjLXiwjHzFMZ2BGZT2K6b7UJ5TGyE2KFonlGI+ZNgOCcYm/gVmuqJrveKkhK4neL9BA81 4fa2L18b0BILLnC8if+YlGRsiUUteqDcYPo4pyWDboQsSQikH2HzJoTJc9i8YNLh5AvJ5WEURs66 ilG9W17zvHYynGWeCZZTgMKuMTOltgvlSTk1N4haj7RsO3nEpwPuoap6k3NaBlfV44bovfoWr9ms wAmNUAm5nomqumTRAUFEyaIfo5nzzEHO1YtNi0xS1SeeteaX11OXPlNufvkIsUPRh4w+y9G+FBTR AKWaVlgFlP1D1/6Erqmgy3Mdmgf0QP+l0wN4mCxhaB2EyZ6naezzTLFTJ+a01HPfTnN21VqALh86 xS6PFrCWSwDzkiqNrqguDziExgblqu6TP2qtzxknsm0WypN6SyL/eoKFq+6VJLgjVfes9TlcdYcc 4GVi50Gq+1piAAwHtEpYkMn/j3GqB6iq4LLhyj2wF66HwwJttZIAesL2QZhwx8iDvP05NudpV7BD hej1ydDxJsdeFv1q585xuYimHd1+gq/xoe18NjoOJKzyUBcoj7B9iTHwOBxiDM8N6U0vGg+ZckuD lpbvq4zADMgMM7YCUgC53eoZ6rYRPFLwoljlwSAw3KBeByxbMLrisxctrXdUfTQ1zlVBtlpdM5Wz MFLjwyt+bGWDKQ2DaNSpEtByBogT/A5wXPAM6qoI8BjRuqIA585Dwo58LzkaDn1X+OD57fLCc2/P IfHhgGGHkJse39UJnW6AD4kxgOMQp1tAJr6nP+5Jsz8EDy3WLwVeF/TLlFo0fojDqNFCFjd1JWVx WZrhCLErr4t2GI34dMA90mFk12qJDA4jCNzyoQ+g6uZ0GK27Q0OcexnAyQKO4Yd0mk3pzjJV+Nlt 6nS3XSjvjqq5ws9GZMAndGcJaCybQWfihatoRYL2z1tS5sixDICdRjsxxsx1aKqJLbs7KS9eMo+T dBMQ8LT1I6gzCSwKHeXAGWWeDLr14rUXaM4DC1kmL/adyxlrXZXNGUeIHWosW3sZ8emAe6j24i8q gcgM5nFAdjBIB+B94OiRC1m1F+ONUS/SUVUSkphbi6lZ3AkOAY4PkvbgGaBGARy86T8kgFGGgw5S gCPB5c+VRvgKFRUaYhEAB08vAJzKT2BshsYQg1XTza3jcVlAEBAuz1yEt8QnV+Mn4DbwICs8lFMh PINmimiIDnimUm++AvcFcpJkTgunIK45FMOVirn8nHIT7gfwi17CQVNsU5hQ/Fvu0EM+6ZBHxNou HAEJ/MCTorlHVBDch5tK+TQ3T/DqSjkOVwgRBPYKaPAQ3JfeD1+9zp7M4U3kaSeMnCqov1hiuexb Cx3SoEHDBEYNXjgIa0DaVkyeJNndmrXGx0igQ0JGHKDSA+LakE2bczNd53sLNrekC/AMLEHnhS45 rYX29l6aqIOMKr5qJYtr01MFsMP9ODtEPi0XHpPXl6VGB7DOa3Q4HLQkB7XDePpIqcDpx4Ib296c M9ZU24XynDMjxM7dS2/cspNTA3wDpATnoz9Csfg5PZ5NJUggXh2DzMGUIrn4/ETUteOND3woKH3A TBKsIu4S4TKOmhpY+aEyyucuYrgE5dBoWoUY3wk2bg7vHQ+OSOUSKAJ9HtSfdQdF8s6A+cGjEgBI jqFW8AwMl9ByqQSlJoDuwNYEpOL1TnCTFTIYzKpR0NtuHYhgnYXyFJARYoe5PFnnuBHBDvxHhovq 6nu21Wt1s9VhGC4k6kAwjI/LpXH/nHvRt0YX0ogGVRcWUF2mpjq6HY5MS6rV7amFGGsJdmYW81Z6 HflrUd/ksUHQFeMTuVKsWTOmGtRqTTVQ7XahPGEyQuyQJ7Z+i+cKAa0OuJ15SNkCT6GGrySMzgW7 GyRNQCN6Pp0j4DVwELwjPH8qFy18Cgi0cghoBwGID0iHo8PafNVd52TSqNa9jT8dC3cFXx6RrCNK y091RmwN/IT+TD89C+J4MTUCLCju0eKpATQSjHDEF3yAU4A7FuATCSmk5ToWcuAwi2OhnVQ/bdYC VmehPF1whNjli8/lWBgR7MC/61hY0aWr5Y/3Z/c8+OcDzijupdO+B9uivj+Nddp2114PBcTZW3lp +Ces1BFkLpCSBW6L5QByBrpIb27izGfU5qLJ7rzIRmQPYJwMBDoebOYdaMowxBd2A08FrgHPkCjS sDv4Sn/8/dn3wzSqv9IRWH4y9RkGUBoQC+DE59OiYI6TNNLgtTxTBRYg9AlGDK9YATiw5+GBuS1j e44FMG4IYbUNLNB6pIRxkHlcaPOokZUwsX8Q7eIaYOLAM2ha3mP61BjQNGGB52nGh46sZzzwo/Nh wF/6oJ61UlnnEzqOmdw4NeFpdLXWXjfbhfLUyBFi97pmqOu07X29fyc0A5/gXinMh+ExElpfiZmH dIpBwvRD4OcBg51B8vKOG7wXEnfkZhgEETBmOENXF14Zm0OsBrhgIc2UkmXCnFx1YkbVyNRcnnHM vMhFk7hpTr70tr2qERC2kIUCnIg3mQfPmHxLQjYMLoBriJcEQWAR4KBFvFjNFOBd5M0sad5wikYX n+rj8xXteReprxiVDVCt6ObwK7zKGzzDgFPah5OfHLhlcnTTSSnEyVCxDl/J4zqcdD6jbzlJvdku lKfz2Xmu4IaxFl2xPuLTtaAPTEFq7M0x99Ohsq+zcoeKgQKbjA6V+qp9oH7FS6Gg1WZO18eNhH66 Ppg29tP14RLq07s+bLdmU9XbhfLE4NX1sV7XH9v1Adw6YYBjAutN6Yr13RctjZfHpc343KKf5jIT nPHmMm/cgZ1D+V48qSZ5tJGbnvTTOmZf+WkdB5FDlFqg7KgFNLeIyDg9d7NQoFowQOzcm7Kt4xGf rjl0pHXc1lfqAR82ZEuAuQwmJiQo0WlFWEsCNji0uAWrNKetd0MINLBFvk/H5AQwDzrCJCUbkPc4 OmI4UY4eDjifhQ+NAgsbpE2GwVM5DOrHDJ/h020DyBKmEADxg8CmHb8eMzXppEm9vC8j6K+4wMc5 HTJ6aOpV3bTNmuTQbhfKE+l2bhi8MuscwuoxDTswIk0Hrz5msNBjZoQ8RiPQ8ZdglP8DRXU3d5ee BnLdFh488WjRRm5ZxQk+JUxSkZcE5wtAQqyUA5iUAR4juFfQwxfeAreXX0Ve6B2fxYOGwb2MdeR7 gcRwnwS8Y0zn8WorCSR4jL6rOhGcC5PPDmorc0Uq+FkltfIrAAw7p4Wyggpt51B/APcfeOq4QkHD ICkTV3l1Fmj1vFCfd6h5iA0T0KKbFuvh9nmU8DEdBOEoYTZBSD1jfInngygVVBqAFLgurc1MYJgJ IV+wLlPsPu7L5K6EDONzc+wFKyi4rHuIcY00RltyB8SAgWGAPc5dPFARCwwDKJlmMwTwS1kPd5bV 72GPecS28joWscEMn0id4MBKsIm60SZq1eoY0Ha7UJ5jYITYQXZAxwluKsfnjIOOiO0z4LXU3A7p uAHSmfofDskB4B1WALBF4sVMBsvhkEiY/Ilw0AGsvL+KLzdDMp/0vnW9ezPwmCmuAgZ8A/0B3UNp BJ2yvNiKMZ66gDFzFPSAFBxewwIdjvjFKPY+ephNvJet1d06J9FsF07xsrW69aIaLjK4TeOLkniX KzyuhKvIu34BDXBBFz/P8JkkH5+9DWcJJ0UbpQWT0EmzGI17J3IMOyllwiF+JaML0Ya7EAMCSYBC GHxHaxNOKqCEZ2T1fq5YhgsPAVcwmrmrKiDJIz6szbtuBjzD0w9iL/kTJqDCnYJGW5CQ8BivG5jz 3D9Ic/sSvF0pjoeERnvgZOMT+eAT4DKi+ZIpXWozOIxxtxl69YV4lGk26BN5puLzUXij45S7Hu9D qqcyktba1YdUbRfK8yHVcxnJKmkeJL5PbRCRYMTVN7egVt124Rwjrr5lshai9vBWJL6pQufkG8x9 WVc8pnS/peEjdG0frdZ/b50GO2Vd8tlYxYuC1/sXeJc8mGUALf8M7fCHkPEWhwEPgQZ+y53b2Q10 QVzurdroElDhBziC8Q5vKVqhtyLHPEb9HtCOcGAH5v5Y+YnY7C2QAt4TLakAJFotEespF4b5Hca/ AF9BNIIa85t8C+SbAaQN3ZyEA76CoHMEeZzS0PZys/BOMuUPckHiA9LtFBwlPBRAh2Q62As8A/bC sQ57kXAgkuVur6bCzkcQqW8ZIMoznXQTkfXkQe7tDrQ1gJTTAzwDsAzPgGvJzxIoBiDlcAAJAWCe WG23d7iAZXpjFoUR9h/ssPIw0MbloIsxDcIZTLQ9rMJmKE9ZbFgQiTt4X4TXztktAaaNL0FuDuSF ktQe1TuEiKnGDwdlh4h1QDLglDMMzv3oWwDJS1UOej12zhJkHRdLvpPaYRDQs4Nz0ASE+DqD7AHG URZwDQEyKv3w7BZOBU2v90J4HGeeMNgec5eUmXDcAbcsng3nOTuYCIcSIv6+I7uT08rwoR4P0F7V QzxjDj67V3LZ2rhsdgnp7DFAmnqO9A8EIM27AN0WRBcgNVkgZJFUa8mapCmUmNyygTvEFXfQZOOv vwH/p9TL8BionmI8hUR7ug7YC1zqxHPup7vrEBJ8nSSjamuAoUs5LLoXgNUjI+dCl6slQGT0YCy9 QVwtyeJNyeEsyCCm04nslQzVdi5HTUEIvbnIYwAh1NJNYeTcwM4olPoIBsrpEp6R4OeBk/M0JNg7 Sk65h3hCKIKu2WybrBPJYwM8cvCJeP6ALBVXEBK4Q5SYwVkWILky4HmJpm1MLlBbEfGgcn5faM2g EDzRFUAK4OYAqq7J8YTX8eamMi5zvmMPU76JWJS8N7bIaUeO9Oo6RDyHfvNj0MiuuyPD8eL1ha8A T8jgujdgNHFN84jIRUIUhod2AgxAoEMIS3HAnic6yH0sCToyt8xy6JXwFe5iTYiFAnvw9CJ53a0M Fe5ZeL0x3pPj5OAZGvm6mD3NLkA4fqxAZ4B+yAOOElTw/iC/yHDax8RodV+5tJwUpeEClWctUK8b IlG+5Q6JQE8kSgDo7UuJn1BYA/bLGQCHA65IBoQE7Jb6TJBl8tfCQwEO4Co0OpAxBN/bq+6vQW8P yHwBDPEUBMAQ2MfxWnoCgdzZLryG2w88wgrXHXgIyD96QUBLPyZ8qHXtkoiv3mcDKvePJASlASEQ LebJEfFOlwflpECeT4CAAGeAp4/mDoZwgSMEjEN+UtxzzxUzbj8lJE/FpyjyhJOEEGyAAUFdIbBb VENhL/H2dcqFAevZg9Mskqy5Ff5wK416V9CLxYn9QQk43J6O3/8dBZqby/AJKkC5lX6QJDO9SyIn 5RsG8BRuY3EmAykZPH4M/hTu+OXb5xkYgPUMbDngGkKhJs/zoD4Ivlv0UEoUcjmObBkSRXnWJ3qs eZkEfW9ASjOorTwDBSiXm/HJkuyVcR8leAwGUzw1DlmkX9t56ZDLGLhkCd6DgGsHXwEtJJ7H3iFm qnUkXLMEp9yPnlwd4Lbk4caAdLJ4j/u1mLCKORpoqd5JFPHDg90cwonsXAm/sgTs9QF49hSt7+lD PP06Bc3x9wxzP6jzP8CRC7AHpH7Ew36IRwXzrwP4O5RBZvQx9je1G2BP8CAkkFlIas9ZeoOqK4Ek cF4khP7jtfUA10SWC55gNQe4aiESxx3ROYRAwpXnLmJuFfFch4DTpBkECUcVEofikXrOJWEzvGyF G/gZwk7FBCKByrhaGCCLkiN1GcSIGjB3fQutOgjIZEnIqeeXjOY/B3jRcoCegU+hWgX+DOpmDrkf NLiTINyy2KIpTlMe7cvgZ/f1CNvV7+hNTTorHu3PsV+4ZpQSU/zqvKYkhdsDyh5jA85VNhueeSdf NjQ6s+edDqA8Sr4BHguO6ADgj5RNOlx75yUwXHm9gxAuAnlya4Cyxh30OXJzeD4f1U0CWr3Me9m1 AHj61hERHMAQzE5MUQlxu5wpAlZ5hXBCG4oASZOQi4P7jU+1Sslwpfr8HXfEMY7A3grmhJY0wAaU xpOggcNDmwEgEp7TwW1vygISVKkAnfaBfQdUZbpwnPLEmfh6/wAUAmBQ7UJzwPEZOaxmTkHxBv5J rvQsCMrAqdEo5BFbbuDyBIaEDltg8TZSghyRIhxgeQZoHbQEmmOIZ9GGVLcme29fyfyqhnG/BCbD ceYZRvKq805RbtA36+EyWWRMbbwYogUuAVZGvJxCIZzlVvHuDbwtEScqLpfid3eW1IEJyQFNOanp dlCK3zR3e0vMPGjAbzeySB55gdbF/M7QUERKkhsPI3I4EqgqPoDL8xURhbxTE49VJGQ4o/1ES7sD KiA9E+ui/KzxDs8jQwBZ5FLjj/dQCYrZOckJbK/bS9+7ewkJO1MvTII3H3EYby4GFPJzjxKoofEJ rDkKUUC0JzjyUpCcYGADe+Q1I/GQBkipIzjqMVFGjHVQt+0hjs0U7TC+VfSd7dIM34A49GP4Y90J Zo/6kzwZrOXj2aof8omlzvjxTrsQYkM0z+yVGD/WYxpI1RWXXBm8dFzDvgMIj4bw9n9cZHy/42mU utlN5Y6nwXGyCeNplmQCvLSb7XmSGIAlvW5MDIC25KRsQZNIUnKyHT7VM3Z6My+uvkPGwAnnlUPG 0yjVXWch2fcCfFgI6PVCCyID6j3gLQm+AUzt4DlFvI8v9HXifa4ydPoDhysWb4F/AeDgu+Xeo/hC vIDTTmg5xCkGivIh2sZnOvCoDo8VwDPii4qO6WJ1BI1Z6B29Cb4Ofy/fBmalmon/LP/88TWV7X28 fHz5f3xmVtVlbmRzdHJlYW0KZW5kb2JqCjI5NyAwIG9iago3NjYyCmVuZG9iagozMDEgMCBvYmoK PDwKL1R5cGUgL0Fubm90Ci9TdWJ0eXBlIC9MaW5rCi9SZWN0IFsxNjIuNzE5OTk5ICAxMjcuMjc5 OTk5ICAyMTQuNTYwMDAwICAxMzcuODM5OTk5IF0KL0JvcmRlciBbMCAwIDBdCi9EZXN0IC9maWxl IzNhIzJmIzJmIzJmdmFyIzJmdG1wIzJmQ0dJdGVtcDUwNjY3LmRpciMyZmRyYWZ0IzJkaWV0ZiMy ZG9hdXRoIzJkdjIjMmRiZWFyZXIuaHRtbC5odG1sIzIzVVNBU0NJSQo+PgplbmRvYmoKMzAwIDAg b2JqCjw8Ci9UeXBlIC9QYWdlCi9QYXJlbnQgMiAwIFIKL0NvbnRlbnRzIDMwMiAwIFIKL1Jlc291 cmNlcyAzMDQgMCBSCi9Bbm5vdHMgMzA1IDAgUgovTWVkaWFCb3ggWzAgMCA1OTUgODQyXQo+Pgpl bmRvYmoKMzA0IDAgb2JqCjw8Ci9Db2xvclNwYWNlIDw8Ci9QQ1NwIDQgMCBSCi9DU3AgL0Rldmlj ZVJHQgovQ1NwZyAvRGV2aWNlR3JheQo+PgovRXh0R1N0YXRlIDw8Ci9HU2EgMyAwIFIKPj4KL1Bh dHRlcm4gPDwKPj4KL0ZvbnQgPDwKL0Y5IDkgMCBSCi9GNzMgNzMgMCBSCi9GNiA2IDAgUgo+Pgov WE9iamVjdCA8PAo+Pgo+PgplbmRvYmoKMzA1IDAgb2JqClsgMzAxIDAgUiBdCmVuZG9iagozMDIg MCBvYmoKPDwKL0xlbmd0aCAzMDMgMCBSCi9GaWx0ZXIgL0ZsYXRlRGVjb2RlCj4+CnN0cmVhbQp4 nO1dS4/cuBG+96/oc4Adi28KCALYEztADgGMNZBDkEPgRRIs4kWMPeTvRw+SLfKjpig2pe6eWRv2 aEipRPFR9VWxqvjuTz/+4/yvX8/vnn/87/mr+/n846l76lQ//zl3w98flgXcPgnejX/OloknbabS r99O38/fT59Pn4f/v5+Ynh50P4ZK/4pu+vvr119O7+aXn+aSH5//Mlz978zPfx7+/Xz+29+Hwp8c vfGGbyfb66EdXcfE8Ot/lr8y0Vn2pIfrobxLfx1v/vfpr787/zI2jD/ZqfFsbuDy1x+YFGIiyq9o 8vcXHvzw5fTuUz808Pzln+e5BT/MP758Oyk+/MI44+cvP51/PzRC/+H85eeTGmunAtZPBTYt+Phl 6KeS1jJsLeNDJzAu9NDB/to8sU6q4bKfLnQ/ldrhf+uuvp4Y00+2V1J0oVLHD2tHd7p3upbTE+fk URnoyune6KVDpWuUfzi09+swqB9+t9NYMMGmwZC+q8WHpO87kxRwNhVMs9Pd8pzewqcCs06k+5gW qKlAXsacp3dIkijckRKFlnZ9ege0YybKusstLH1NWsBUOoG79L1iKhBb2g6P/JHqQ/y69+RIQQ99 SlZni06FWcY/Ju3gM43+hYFJuYRMiQpN3YHfknYQdjI5c2/0cTxtOnvfimsqduGaiue4phKeuw1X KdecKnX8sHZ0A9eUfY5ryt7THa5SrjlW8i56OLT3EK6plB8dxxPZCxPpQ7qObLr0gOPR65lcrRlu TbcMCkjWw4HBNeAS2FLgRWlLGUtXFtlDTJCcF0SgTPujQEiCtALOAt1OygT8XBgpIErOMmZSicds 8hoUzttfg/OfFj3Qh0AUuixlk0gD2gF9CDMV7gAa9CIDGvD56QRZMvRr0bcVxejbSZrr5YjoTJAj g+qSkSOi8/x+vErkyFyp44e1o+vliOhURo4MpYGuSuXIVOkapZZyZKa7vxwRg9xYAwawjEiAgqy4 Anx/TMXIJ+AJwCUQF9PICBqfdgC+BmUtliBdaD8HwvgQMsK0X5ABwTqHZU12NkoGoAFvgXbQvJPk vyjEqsQazDZyPhZ0c4UyRPLoArWVZuuqBY+emfSFL8B7UaFMB69ARNNzF2iQAljydM3gom/RRZ51 cu1fLGCx0q0HLPhMIq5UtS8AqTDPClYRDAXZdmhq1Wugz4D1wGJtpWYKsYAHIgsPRIAHAuGBCPBA xPBALOCByMIDEeCBQHggAjwQMTwQB8EDeffwoEBAbV+Mbwvc08pegSpP8y/oIQFCj2Y9221iBfOh 1CJ6ndyQgsdr6nVPqgYWpCaW+UMMFw25UBtwovRqQ0iQUMAgYKLSY0ljQCAKNOhehjtoVQMsaunX rukE140U15waqQr97Tdp+Js0fAhpqFifTP9XPaluKg3biBTjccu9S9BXIWPa6baWX3RbK3K6rfUO IuNVqttOlTp+WDu6Qbe1XU63tV2g24FuO1a6RnWRbjvRPUC3tZ7z3I1um+51wcTCDUPSXguLld5B hJbSH3fQpmMNRGqgMtD8HTq1wJyXjrZ4TkcqnZfOfCnWCwpMz/TcphUEIFphM0yHgYu06TTzLhUA V0IVp7jbdaS+3VrdwlUHpzI4JaTTcG31N4EIsgvmwpRj4DIEzEBu1jTchJa89y2lXUA/NJLEUokg iaWSGUkslbcGj1eJJJ4rdfywdnS9JJaKZSTxUBroslQST5WuUWwpiWe6+0tiqcyqBIRJsX1L77bb cS/4FO2yk1Yg71q4VMHnV+wC04IYXMpaePemUmSXzTqUVXe7WYfArKYhTQQtNwk/oFF1i8lM6m84 RWgwWzEQK+i2jWw2PuihfJ/8JVzZZNLQJh8aetIGf3oSkTiqxpBQgZpp4xTZ9GZ2A2kXaMVm0YoN aMUiWrEBntgYrdgFWrFZtGIDWrGIVmxAKzZGK/YgtGI9dwKF7SCL5TERLQ28qFGDodcEKYwBsONb aHMsvSlGm/DoDoLpcMj2BJpnaYBD2qsPgpXVivWVW/OWx0u7iYx8o35hTeCK6vg1TbuhL5liF7mp WE5uKubl5niVyM25UscPa0fXy03FcnJzKA10QW5Ola5Rkdyc6e4vNxXzi+te7O0F7Di9o8B4Xm2z vtKdQJi4l9E3AJzkt1stDwrQQRvc+/QOMp6yScPoTdl0yojUjHvMfjJYj5vw/BYxbaIjYSJY/Whr G21dotVtWA+g9sN223bghEgCkROMDMnc9tsuVtxexBfvc+JL+G3d8SoVX9P/On5YO7pBfHGdE19c e7pcg/gaK12jdCS+JroHiC/hAQmdpwA1I3p20jOLtgXQEg+sBYAuaVUpna3ouASvpY32tNYLDaOd TvbQrlo47lyp5iwm8tOcJmb4M1zLcJ2s+ZW7SlZKwQum1WPEyvIR2sbLx2W1WPCyFTV5wQ8/pY/w bdyuJT+QXfJBaxvXjzdWcuDO8VjRgGjFXQruuM1YKf1qx0rL3cZqwdthH39lKS4K6PVNu9Okb+lS hWBNTi1e291u3umuK5t3FelfHm+qegQl7aFT1QEmet7dZIrwTsSd0sYK0JmE6v3uQ++SdqqBZ9YD 2TjuNpFJO3VUdxd1VLOcOqq5Vxs1B3V0qtTxw9rRDeqosjl1VPl0fONVqo6OlbyLHg7tPUQdHcR/ qTqK5gQ6xKNiPbcwwL5ePYhzG48b5thJh8nxXehzMAO9ABoAr6GYJJ1dnBnsBclKg8BuYx7NlktG yKTrX48WIJyCc3+zCgA7KPWgJ8AkuiGCl7ormzMtEjg+3ryT/eZ5hywh5SIi5TNQgG8BaAJ3rMyq F6YqKr0PbrLymMFukOZ0XBydBQYMw6BZQNgMDQDeuNoAqcKaxA3Tzjwt4qbhkT1m3UF4mPTTaacC 9ZccuKrP5cBVvc+BO16lKlDvc+AuHtaOblCBbC4H7lDq6VrIgTtV8i56OLT3EBWoV2sL7XECJwuU JIAVdEzMLltjJPOu4cRk01GIkIFjyGbppr/kRn1lrJnmqwlPMZP2xs2SVaah5SWjmZa5jGY6JLjW EjKazZU6flg7up5paJnLaKalCnQho9lU6RoVZTSb6e7PNLQKWQwqYs0qYppoR2uSA2Tyhaa+p3Ts cMajNX0G/dnpBU1+bxNE1yA1/mE5Ryui2unQEbrfKwRLixQktK85HdOygnmvzS8j4/Ves3jJIIAC RL+LEwot4VYiJZs4Z2vtI+ELYqu2u8wV+MPRY9nCGg2QMN2haem5e+lUzBhNp7koSNzc5HwGGp7R +0sVKSkq3L8r4mQq9jiaRJ/wLpkABSNTmi2h8WSVWiVtPcaZv0VStgI3xD3miNhoxl7H9GaB6U0W 05uA6Q1iehMwvYkxvVlgepPF9CZgeoOY3gRMb2JMbw7C9NbL+BJna3rMU8UA/NMzKf3B/Z5GW3TI IU7pPbLIyJUz7xYzGKb0S+eDXDfH+0u2Mt3nspXp3mcrG6/SOd77bGWLh7WjG+Z4n8tWNpQGupCt bKp0jYqylc10D5jjvV6bnvvkSKHXTUUKhAqfdjrlaYOwpltFoEBGmIoNgopxuZccmDDHKqLBi1OT bLJiVFgyW2RrrVindB4KgOwFSIkmsj3hXbG9oYmOath6mvUWeYZ+W9wEn77zhAEL/DO/ZXmqU0EJ 5o1rsdt7o/GmWeZ1vi1XJGbQ8WJ+W1G9V5wA3IaJhjOOCqZqhbrdICko+hlVnD4FLYWhqti0aHGU Gi3dSVfsApv1drtIwQ4zbX9rkZSoeg/jSr7U8WR9bE8sDo47BRDqTWGKXY48LO6gNgz0cthPhQZB e0PRrg8VSec2nQZ7lbXHqIu1x6ictccob+0ZrxJrz1yp44e1o+utPUblrD1DaaAL1p6p0jUqsvbM dPe39phwKgZmmTrEmfE1zdYCz23a3a8FhqbHpSKpcLvzXDbhIXCwS1/bxneC3homPbkKREKBhYSO YabByz7n6HQ65hh0Q0oMQNWYoI3YNOVeGwX5nKGpJNGDPH+wqdtj5ffh/3Sizu2paVuc71GRkqkd WlmcpGOyJ+mYcJKOwZN0TDhJx8Qn6ZjFSTome5KOCSfpGDxJx4STdEx8ko456CQdEw7GuN/USG87 9FTGw/To8UxcJx/0yBmnWoAAIbqkQ151DNTrT3tg+ksWPtPnsvDZzouE8SoRNXOljh/Wjm4QNX0u C99Q6kVND1n4pkrXqCgL30x3f1FjQ1rgPd0gHo/FM6OT7nl0Fs+SD8L1Ck5JdLgprdcVBHntduKC ZTIsestUbtEzvzjHq3TRz85N8cPa0fWL3jKeWfRDaaDL00U/VbpG8eWin+kesOiZz2b0OPiyiWMe pDRLHfPgDvDl2yd/JW3rIO1D9J4rfZhdDTCoCH2u2Me8zcHUx5wwVtDJtNZOH2qyY0SmlcG8Tkdk tjr9z5pLJitrcpmsrAlc2EAmq7lSxw9rRzdwd53LZDWUeroaMllNlbyLHg7tPYS7m5Bi5V7OBbgV siB9Gw5yS93DCndQdpBj3O6h7Sjdyc0vbFna7ehlD3MKmwr+QTc6j0J1KlndGF6bdpp8T/UiBDWB 5zYioLSfkeevWIwXaC7teJFuy8LQSPe5LKXaQJJYdZEkVuckiTWe41sDkmSq1PHD2tENksSKnCSx ItAVIEnGStcoEUmSie4BksT6Q30PipG4FznxmnZrCqLj6aZX7KJV+J7RDQMNhtaCaKPzHqf1HhoA c61gMfFi333T8Epto78cfEVrG61kRC8vSaN6mUsa1UvPy8erREbMlTp+WDu6Xkb0Ipc0aij1dAUk jZoqeRc9HNp7hIzopU8aVWBLot2CGuw7tLAUgWGIp0TX9Nrr+NudGNsOsmntEiVUYW2q8M0pNaVd m8igj9dYTQ9VHIh7o/DFFlmJKpK73SYGHPgF+9BgxniurN8o06FfCzToqbzLgtkl8wm3cuvwI0sh fVMPOoER9LaKrKLb458KvBTIaShnhrEMMyNXDB3/iACLtk1VDD+5k4A5XO43N1xLtcPataECMCgb bXLwQcP1asdwnXGRHEqdi+R0FasdrlLHD2tH16kdw3XGRXIsDXRTF8m50jVq6SLp6O6udgzv8TtO TVLUNPHVqo8tXaytilTKewS1wRTf6dwjUms46EDNBtjjVjlPtmd/A8laYCKt2BdsogH1Nl7uBdiD DqRK11RNzPNhbky84+YiA3gmTdlQ2ntezdM0Za5Sxw9rRzfIAJ5JUzaWBrppmrK50jVKRTKAH5Km jHfCB7VgQt+C4DlgaDTw2/EApreVKerxHEIF6+I5V+D5Q54DxPMnUK6yiKaHOKn0g27kUPCakkfd KnuCNclYbs+eUJATmMZzTVLgImvaJdNFC2vjytxtYcPjnTSrLdue+aREva4IWm2QQKLAKYuORqKZ CO0WAGoTqB4tAAEdPV3BqprEPEkbT7uaVUYmIAIQ0Q4mK3uBySoT4sM7HUwa/rTSBdbVncfFqo9g srIXmKwyIT5jqaer0hCfudI1SkcwWR0S4jN8mA/5KNihpeVVhfP2IYI0I4zAhlGBimm3w+1fR3uR Y2YP2lX/fg+mrggmpTOZ0vucKwFajTPKkaaDGmtLaeaDa+3aPGYQTU4wocU5bbFZmVNtcJUxqx9T kYOPDhEhU71WuBe0k5p2ITVtVmr2QWr2KDX7IDVtLDXtQmrarNS0QWpalJo2SE0bS017kNTsDwuM rd/tlTJu6uO4HLXbl+PjvFgR+Lgvt/HU7NVlw2QILR2uM6GlQ6mf3uNVsmzmSh0/rB1dv2yYzISW jqWBbhpaOle6Ri1DSx3d/ZcNk2GTNPWRoRWuJr5LuxhtK/KIvWoEWxMXWmGSq7BqFCitLQIyK6Je K9rRwlOR9gApzTx/rZt5FzMI7FRYMoAtwSWGPKYR8j1iAsgGO6oFAct0JsYKY0orFMhUfxFnusuJ M8282NEMxNlUqeOHtaMbxJkyOXGmjKerDIizsdI10ETibKJ7gDjTYm3q7RMBle6oiTSCjz5TtMZH uMVx5dux5wNlGmy30swCOJoscDQBOBoEjiYARxMDR7MAjiYLHE0AjgaBownA0cTA0RwEHI1dXWnk Tn2BRt0gGrHmWPDtJyO0OBa8JN8qvSFI8pGjjvMlj0CGvcuaAxBpebzdsEubbTGsmQYXGH7XZBNZ 9fFCLDk2lTblVYRb0g5sBY6EdG5seine5vwcTPEHXqJpgXhuMAE8J+5F8UwsMJjexiW9oX2J8+Bm RtqXXOaDGCY8qd79QcCQ1NHC9QVi07foFxPaLWyFDlnqS7eDE51jAItefSZv6dAL2uQFKwRcTb02 /D1/Hz6Y6anl7sfXb7X+UZ/Pn0//B4CC4ctlbmRzdHJlYW0KZW5kb2JqCjMwMyAwIG9iago0NzU4 CmVuZG9iagozMDcgMCBvYmoKPDwKL1R5cGUgL0Fubm90Ci9TdWJ0eXBlIC9MaW5rCi9SZWN0IFsx MjguMTU5OTk5ICA3MTAuOTU5OTk5ICAyNjcuMzYwMDAwICA3MjEuNTE5OTk5IF0KL0JvcmRlciBb MCAwIDBdCi9EZXN0IC9maWxlIzNhIzJmIzJmIzJmdmFyIzJmdG1wIzJmQ0dJdGVtcDUwNjY3LmRp ciMyZmRyYWZ0IzJkaWV0ZiMyZG9hdXRoIzJkdjIjMmRiZWFyZXIuaHRtbC5odG1sIzIzSSMyZEQu aWV0ZiMyZGh0dHBiaXMjMmRwNyMyZGF1dGgKPj4KZW5kb2JqCjMwOCAwIG9iago8PAovVHlwZSAv QW5ub3QKL1N1YnR5cGUgL0xpbmsKL1JlY3QgWzMxNC4zOTk5OTkgIDQ4MC41NTk5OTkgIDM3Mi45 NTk5OTkgIDQ5MS4xMTk5OTkgXQovQm9yZGVyIFswIDAgMF0KL0Rlc3QgL2ZpbGUjM2EjMmYjMmYj MmZ2YXIjMmZ0bXAjMmZDR0l0ZW1wNTA2NjcuZGlyIzJmZHJhZnQjMmRpZXRmIzJkb2F1dGgjMmR2 MiMyZGJlYXJlci5odG1sLmh0bWwjMjNSRkMyNjE2Cj4+CmVuZG9iagozMDkgMCBvYmoKPDwKL1R5 cGUgL0Fubm90Ci9TdWJ0eXBlIC9MaW5rCi9SZWN0IFsxMjguMTU5OTk5ICA0NjkuMDM5OTk5ICAz MDQuNzk5OTk5ICA0NzkuNTk5OTk5IF0KL0JvcmRlciBbMCAwIDBdCi9EZXN0IC9maWxlIzNhIzJm IzJmIzJmdmFyIzJmdG1wIzJmQ0dJdGVtcDUwNjY3LmRpciMyZmRyYWZ0IzJkaWV0ZiMyZG9hdXRo IzJkdjIjMmRiZWFyZXIuaHRtbC5odG1sIzIzSSMyZEQuaWV0ZiMyZGh0dHBiaXMjMmRwMSMyZG1l c3NhZ2luZwo+PgplbmRvYmoKMzA2IDAgb2JqCjw8Ci9UeXBlIC9QYWdlCi9QYXJlbnQgMiAwIFIK L0NvbnRlbnRzIDMxMCAwIFIKL1Jlc291cmNlcyAzMTIgMCBSCi9Bbm5vdHMgMzEzIDAgUgovTWVk aWFCb3ggWzAgMCA1OTUgODQyXQo+PgplbmRvYmoKMzEyIDAgb2JqCjw8Ci9Db2xvclNwYWNlIDw8 Ci9QQ1NwIDQgMCBSCi9DU3AgL0RldmljZVJHQgovQ1NwZyAvRGV2aWNlR3JheQo+PgovRXh0R1N0 YXRlIDw8Ci9HU2EgMyAwIFIKPj4KL1BhdHRlcm4gPDwKPj4KL0ZvbnQgPDwKL0Y5IDkgMCBSCi9G NzMgNzMgMCBSCi9GNiA2IDAgUgovRjMwIDMwIDAgUgo+PgovWE9iamVjdCA8PAo+Pgo+PgplbmRv YmoKMzEzIDAgb2JqClsgMzA3IDAgUiAzMDggMCBSIDMwOSAwIFIgXQplbmRvYmoKMzEwIDAgb2Jq Cjw8Ci9MZW5ndGggMzExIDAgUgovRmlsdGVyIC9GbGF0ZURlY29kZQo+PgpzdHJlYW0KeJztXUuP 3LgRvs+v6PMCOxbfIhAEsGftADkEMNZADkEOgRdJsIgXMfaQvx+1HmyRn9RFUUV199hj7I6Gkig+ ilVfFauKb/708z9O//r99Obl5/+ePo+/X35+ap4b44efU9P9+3FeINtnJZvzz6kV6tm6vvTzl6ev p69PH58+dv//+iRs/+L4q7s5faLp//3++benN8PHn4aSn1/+0l397yRPf+7++/X0t793hb+M9Z0f +PLUetu1o2mE6v78z/xPIb0wz12jRFfepH+eH/73019/OP12bph8bvvGi6GB8z9/FMZqLZ5tI3c0 +euVF999enrzwZ+6Jn/652lowY/Dr09fnozs/pBSitOnX05/aBpp/3j69OuTOd/tC9RQ0F4KfuoL 3n/qximntQJbK+R5EKQ23QBP1/ZZNF2BEL6/sL4vdV1BO159fhLCPrfeaNWEmzZ+2Y719s/216p/ 45S8qkK9qn82+uh5bpvo5dDez92kvvuh0lwIJfrJ0H6aDN8PtQ9j38hkMpq3acFPSYFs0idcWqD7 AncpMH2BvtQh+oJ+Dax99z35mbTWRvUFar3t+MqHhDozOpPSb/NCDRnWQfflXdow+Mr2vkiZtgNG LH1FiJRi4LNtWmnaUpzthfmHEYFBhBEhyUykpCpeqFfUS9pfaFjaXwFrCCYChjnty1rDeqZYzouF j9e/aNPe0fQPCxMW8/CKaK70l/4MUBG9AD4wDNHEIq1eJQBoCLQdOAJQBE3dMKrv0wGBiYBBpRmA TiYGCsTbdHlzEKJUlhplGEOaQoDKPCkQoI50UDNGKF2qquHCL26GX9wifnEBvzjELy7gFxfjFzfD L24Rv7iAXxziFxfwi4vxizsIvzifvzhpTkMDGqi0YD3DE4BnQFqBqKVXPHyWhEDYW1KMQjtArgJv RpkIYwpfAQ4A3YeWQkFB98neZqBIeAX4DBTQOJOeF1JECkV+tqBz2wmGCc3YmBuIlGKQ6qC76Qqi EWEGXcKyBKmSgXdpmMGJd7xe7Q1QBMm5Frq3AtaudY8e+AIUCQyBVMVogY8tpXVV+Cy0lFQakOtu lzEloo1j7SrdxmQHowzdXSAqUo1CYoYnoI4C7Z2kVOwdLSEKAAPMXYFpgo9CrjWswAACTQd0X9D0 FXbAwlNVE8xsJewe2goDkBLEqKvtVzyUbILioaRYUDyUlKOCcL5KFI/hpo1ftmO9k+KhRLugeKhz nUO93f8TxaO/KZvo5dDeIxQPJQO7Sg2nGSuctgLR+moVDk8zSWaxMZuF52HTpfvprnW4Tgh25amc ac74QD/1Z6V22Vahk7nPUG4+pE+k0zRac7KXKicxyzbtEItJpzVJrTRZ0co6iXkyFEtStOiRPYtL raldVNMyn95sSEU8IkvoDA0kCxgAvXNA9wU+u920VjBTHGAkA3rDANHGyFy4woMs9HrLYAlBQ+hh p23vBaiZhck0TdL/gi0+BhrK2a+EhtAmQZi7B1Yscydmpx7pTEwQYuj/fPNJpAOQFgiTNE2JpDfg owDbIvCEVOmIgFaUfjYDMpLITL7lGNWu+DyqxrBrFtZeNAvrljQLGzQA24Jm0d+08ct2rDdoFlYv aRZWh3o1aBY2qBLh5dDeQzQLFybwAxAwaTvLYUckC0dnAA5LGLCjAhPNnSg9I4i/thoL0MgxNnua G5OjjjslfG4Nm4y8rwnQ6FbGyx91ES1ThoC7niDiSM+XApyM2gnYKwo23GkTB02quYuKB3y3Jp9W aY+rKt29Wz4EBEKu7gXZVkDcxfvAO4GUlDHJ5OyM0ao1g50QhBkfxPMziOcXIZ4PEM8jxPMB4vkY 4vkZxPOLEM8HiOcR4vmA6XwM8fwxEE83YajB6w6mnMPuUwN68Thq3giupVJSvU0LQLDSQIrFt5k2 r9H9J7WEDPDFYCpc6C69G3oQmRW7Nux1VDEJA2DYD0XvMHo3HD57ZzumWpjVAbkTf1AOzQE5E8dC 5ACBBWoirZ4B9ICG1VDP2PCMlhc8o+USntFywjPnqwTPDDdt/LId653wjJZLeKYrDfUCnulvjo2K 8MxQ7wF4Rq2Lzcc18nCAhPvR4UsETYFfMoPkQZ5IxplkMPyCQAzgZ7QZhO4+x8ZmLi3vNUgli7vA IJcRVlawj7U9zgylFw0A6IbRIhEqJYNKsi2nPDBLm1Wi2u7s+922XAG8VLPOdOjhgmbMIpoxAc0Y RDMmoBkToxkzQzNmEc2YgGYMopkLfDExmjEHoRkbhvoQ6wzOMHy2OKziir01Iza1QI/g8FsA1kwz 3gInYuDEwHhgTGn2RhvabmRtpy3JpLcIiipgXjRAordFSGeJWwUqmEbF7CFjhGpsaVXSKRCqFWCV AmOlY0QzzuymEV79LyOWg+a6xxiv6PGASmnFZLtPHqqUHBHztOEdueytNgqdTWiZ5Jkl0Y60pGII Mr0b3F1gUipI/5IbDWCuNJ38ym1Nxjx82q+Lpe2IocC0hyI0w3ID21s0YLwX3yKpZTLuNGC+a0u8 aUTQXU0jF3TXM1obdMzzVaK7Djdt/LId6w26q/dLuqv3k+56zgqX6K7nm7KJXg7tPUJ3NU1wL/nG w9JokUjHIFVJGXEM7uawkdEcMGNvnvb7IkkI+89hiaQThBSkmbuRanq2mUWr/4FwVkEODXr1V4kQ vxfPyZp+F0ZugCYlwVE0eiNXakY8TUFsKAwztINeMVWIipyH7GCMvaFANqaQW81uwequlFOEAyBw xCDSAIG2qdeR9q+IEfMpL2qmvKhF5UUF5UWh8qKC8qJi5UVdlBcjl5SXrnSqV4Ly0t+UTfRyaO8h yosKygvmDaXxCwAJ2k+wYlIkXu+EDO8dDl5EO8mQ+cxK/FfBogVMgs4ZxqEB0L5qZCKHOvtZJPED feBkc3j81lFevIlX/61yRG3f78mwxVYJczrWXGvMhonY7vFTsKhoM0udPKTfop8ZtxYhXUJTD+OK dTfoNn1CgQmxYKuW4TAHPoRsZwjZLiJkGxCyRYRsA0K2MUK2M4RsFhGyCQjZIEI2ASGbGCHbgxCy nWSkekfODq3ybU+IXcCaoaWQvh6PHoH9urQOzMLikwKdFmSIZg6UWYWbbzfeZ0SXc+z2HBIklQGh abWkii9jwc5VpdwRLcEeChYdLClJrkJ4gk8iuIuzsnFLzsrGTc7K56tUIrjJWXn2sh3rDRLBLTkr d6WhXnBW7m+OjYqclYd6D5AIbZiM1xR6da82wDsO8HqcLb+MzoHAA69AeOWQFCQloeZ0w+qEmssm ZhAcET44dWT2clxlxSPEY83w65HlJAQogVX0WWQ1XF7v1wOaXlP0RvMx6j3N6zLS79F26AKxXBAQ VCdGdDi9a7amtgci3RnX1VdGuQp/OAZRbc9WUxIztH2HfG0ps/B6K3ZQHacdfovpmmZuaLqmzb03 Je6d3svOJZN5iMfo3US3cxDZnUQzsNkDrLxYiK1cshBbOVmIz1eJPWC4aeOX7VjvZA+wYslC3JVO 9QqwEPc3ZRO9HNp7hD3AymACekX2gAyNkfYa5ZDEHCYEcsHXCvCEdNIC3WwOSR9bkLGuZt75TcoK TQF0SMQKBewNTzYxA6gjJWmLPx3iyUFCHEkAVwiEB3rq9YYw+JDRiRMzOCLHiqlhZvgeBLg8ZHsP WpQJYT54EKA1MwxoFjGgCRjQIAY0AQOaGAOaGQbUixhQBwyoEQPqgAF1jAHNQRjQbPASuM35lLS2 kcHgtis5OQl4aR7I4WlLM7Q7cd/IDibfG8HWxKSbYSUvzjW4d7NdxU1lOWgIQVGVMC9lBxbhWIdE WZPUeq/0zSd82pnwaReFTxuET4vCpw3Cp42FTzsTPm5R+LggfBwKHxeEj4uFT3uQ8GnvX/iQ1tIM 8+m9Enid7caCI9qPsVrei5Tcvr1SJSFvRjgO3fQVJ+a9UR46Zg8Z4pumXA5CfbQAdBbzhGs2kN1t YjrET+lX6PSCtN87w4rBqJ+CnJa0msHgWFU1hONCQvolGRBpUoFq0yfA9AznaGbIqYJTa7bvYeqU DjFhK2lZq3NER0GGhteEDl7fwSA8rP1ydArpalQU05+LdXb2prVxbzgAU0YoARkVkqEtwCYRDVz4 mPu3isG/44U7xQtmOPrwspL18N35zsttRDvuCeUiGR5OHY7WeN1wiM3o5vTF6Ob0ktHN6cnodr5K jG7DTRu/bMd6J6ObU0tGt650qleB0a2/KZvo5dDeI4xuLhzjseDSUSXyjQ7aSxF/Rj6tGx1mnuE8 vD2/YoZLS0HQPonFMs5cLPFrzNhIK7AaXIsf3yFt+hXh1BohQtSimtlV9rEn7y7sybdL7Clkj3Vj 9tg5j+lv2vhlO9Yb2JM3S+zJm1CvAfZ0vjk2ykTsqa+3PntqGzHNMBxtckws4I1SqDOYBRc2F2mP KwY7AG5hkgeE4MTQ3aW5BulxQ+t0OXJke7JXoGUJBeBxCWHYGQ52h6TuuNW+vxlsiRcOUXRUQ4HN YrunYx2Xu2InTRYNpO1kSjY8O8YAtx0EoTqZUwK4ANZzRoaogkBN2jhY5fCWggAQmE3a3pybqG3n BsRgGpwRLz0PBQyfXrzH5DIv2KDcHtxVElJaYPenkQmte5FPgO2ER1T5NqE62m95WbN4ls34013r cJ1oGytP5WD0jA/0Xe2UpOviQQXgrtMxBqqElDMf0lfk4mic1vQsVk3EJR1aQ40POFfOJ3NF4/CV TCDXnlDpbK5M76yAphnajJR+pYG8XisSdvbZ5nZ0p4TJo7trfHZTwpCHol1lUj5zCO2OEIsmxJvQ jJYqHhQWSFCy9bs9AcZBMILDg5NUeHDHhQVGuDaZ3TvZDVzb2eRRNLVbEwIZS357XDJuP9DWOtpA XxDocZuQujq2Kdxhz90Mf0DJJHVCt3yS6TZIxCYdKuCqJXGYoJyRbivId0kyW9ty5nZiNjYew4wY Bw6+UyXdFS2pj4lLNSYlzAIGuP2EgIJz97L3hHhEplX5A1KQU6OKM/32nMo5OBTeyT3x6lo2K5qG YNmRKzUjtUGVvBV3Axkqwv+drFv6ZFEV4/9vhageyGGHVBDwiATOXbROpcseZhoPFGAqPscZ30zm bdpxZswQvt9xxqsmOM54JRYcZ7ySo4PL+SpxnBlu2vhlO9Y7Oc542S44znSlU72yTR1n+puyiV4O 7T3CccYrPQ71QrISBheGjCX+3a8vaccxfn136wXCgTwPdWnaCRsGrfmyEB/HL+puvOAYAhM4Q1+9 9qtkR54hmXGOVgE4o110af2eIZshhzqXYbyBltJc+MhzdfcGx9qEyF5fmOKmYaeJjOMEZAjTSVsK CTP1+1QKsYWpeDuDs3YRztoAZy3CWRvgrI3hrJ3BWbMIZ02AswbhrAlw1sRw1h4EZ+0kRdEPHHjA drefDIFXZQ3Q8K6G3ayOo3wBdqE5D/3Z2xykCDADz5mj3TdrnCqE+xtg36QblpIlmED4+J0zF37n 7BK/c27iS84Bv+tv2vhlO9Yb+J1TS/zOqVCvAn53vjk2SkX8rq/3AH7nJhDwnd8RBF6SnPwYlFiQ I5m2aNMsssDccSNfHPpkDdrHlwNGVnGTZrEhtC7mBjt1k4fyozBCJqzwwT2JjUk6lLGqYL63+wBg rgY6OoXTaOI3pGHhYMwr50jtzSmTdKZEDtHeuAUWD4Cm35aX3CEhLhmu19tJmSVZZIGzBuCDAg9Y +rQLGPUCaJN2Ltt5Y+d2pkjXesEBqQXpVreDroKpoyE3fTCBnPkqPRSkGESSasJ5YI8OKYbgpFmH eISdM3GtNT3e+K0KqmvvZFXorhVaFbrS8Wju/iq2Kow3bfyyHesdrQrddYNWhXNpqLdJrArDzbFR zcyqMNZb3arQfWfy0DjIqkA7GhRso1exO9BN3+5JW+BngNKa3jajj5HaDqvwCVLi4YIHVloAI2hj ZRX9h4YzfGkwbr/zaJqGYg/02dzbnSIzrH+gdpCeKZz5pTj0X9VosUoz2yHwzlOT9rn4qcZOpouM 3FizdIf7pLlXF2nu9ZI0n3JY9VepNPdBfF9etmO9QZp7sSTNvQj1CpDm55tjo0Qkzft6D5DmfkMs yW3OyyhJvFsQXEJu+RnwgYTUk0amjxSo0gWpuDF/p1ZQAod4Zpy/CX4MB5nKt6u1ldJhHbITWrIP TnJ9EK6MLFyEUz4zvLRnnu67WLjQPrBwYZoFFi7MxGrFdIbehQ8PN238sh3rnVi40G6BhXelU73a pSy8vzk20M1Z+FBvfRYuzBRTQrPwBWCzPfsmyynMpBZjFPBSyMS2PUMWmpzr5DKg5c2KjYjZH47e HYX5pzvDkqpsuyO7AnZ9jE/hkdm9ONIZzjjCjeQXROoXJC9EPpRrkmDRuIRts0mmJB70u//YXqqr luddnVNaBaTRLiKNNiCNFpFGG5BGGyMNN0MabhFpuIA0HCINF5CGi5GGOwhptPlI46DEA0dik8fb qpJ9FpHZvD36VpW0SYcOyqvAEprR2KTtBVF2tItlwZqhfbtpi0tBInXSUKCHvgh5RQik+fhA/4Ra lUhbxvJdULVSTUOnr4CFok5T8btg98Hz8WDR8J0QpoQPzniQ0akgFG07lADgVOBCDDoQRPhInxZA lFBawMJnpFLxKN8vn6HNtHQiBTJPOrL3KgF/UCm5t1lAhpg1vIqjHl9O0GtBtSRJoS6SEkzGDgTQ GEzDMcm7jJXxssTVTw9qlWTt7/lYuxR69bscoQ10sDttZytwkCw4xZrj0GIO7xmOyL6CI5xo1w/a iMqSpwMphGN/kY9B7ozt0G2y7Apol86gQi7MHIcJeohq6BAZ2atoUU4P6vatcbSJcdgyXhiIauLl 0q+2rED8F6wyEi8uWvyejR9/oNvpPdo8caWyfgzt9bgVZaaNUjU01abdTaeK+mBvJlz8ok6+OG7m b/3Aao+0TXo0qpGzDTrYXPuQUsEwgzOV1yfDospavT4sQ/RbvWHxMq5/1GmvdBEKRm17ppAr8FXA oVyWH8UDJbWpOlDSNHH9C71ePty2vEvW1+2S08ncg3MPSQxALmo5M2BpG5Xrs/nbdUYkIBPJaEOd tRpSZo1656zZ8I6hnmDu6chyrWvWelqJ5V6+WIflznr0SCy33rAMLPdS/4Oz3GoDNbLcS/3Y6xUt ZC/LrdelgeXO5n5cElcIfpy29kpByrdH6+41YmjACQbemTO47t/pazcCwvZdGX99/lK6hfbx9PHp /6FFJAZlbmRzdHJlYW0KZW5kb2JqCjMxMSAwIG9iago1NDI2CmVuZG9iagozMTUgMCBvYmoKPDwK L1R5cGUgL0Fubm90Ci9TdWJ0eXBlIC9MaW5rCi9SZWN0IFsyMjkuOTE5OTk5ICA2OTAuNzk5OTk5 ICAzNjkuMTIwMDAwICA3MDEuMzU5OTk5IF0KL0JvcmRlciBbMCAwIDBdCi9EZXN0IC9maWxlIzNh IzJmIzJmIzJmdmFyIzJmdG1wIzJmQ0dJdGVtcDUwNjY3LmRpciMyZmRyYWZ0IzJkaWV0ZiMyZG9h dXRoIzJkdjIjMmRiZWFyZXIuaHRtbC5odG1sIzIzSSMyZEQuaWV0ZiMyZGh0dHBiaXMjMmRwNyMy ZGF1dGgKPj4KZW5kb2JqCjMxNiAwIG9iago8PAovVHlwZSAvQW5ub3QKL1N1YnR5cGUgL0xpbmsK L1JlY3QgWzQzMS41MTk5OTkgIDY5MC43OTk5OTkgIDQ5MC4wNzk5OTkgIDcwMS4zNTk5OTkgXQov Qm9yZGVyIFswIDAgMF0KL0Rlc3QgL2ZpbGUjM2EjMmYjMmYjMmZ2YXIjMmZ0bXAjMmZDR0l0ZW1w NTA2NjcuZGlyIzJmZHJhZnQjMmRpZXRmIzJkb2F1dGgjMmR2MiMyZGJlYXJlci5odG1sLmh0bWwj MjNSRkMyNjE3Cj4+CmVuZG9iagozMTcgMCBvYmoKPDwKL1R5cGUgL0Fubm90Ci9TdWJ0eXBlIC9M aW5rCi9SZWN0IFszNDIuMjQwMDAwICA2NzkuMjc5OTk5ICA0ODEuNDM5OTk5ICA2ODkuODM5OTk5 IF0KL0JvcmRlciBbMCAwIDBdCi9EZXN0IC9maWxlIzNhIzJmIzJmIzJmdmFyIzJmdG1wIzJmQ0dJ dGVtcDUwNjY3LmRpciMyZmRyYWZ0IzJkaWV0ZiMyZG9hdXRoIzJkdjIjMmRiZWFyZXIuaHRtbC5o dG1sIzIzSSMyZEQuaWV0ZiMyZGh0dHBiaXMjMmRwNyMyZGF1dGgKPj4KZW5kb2JqCjMxOCAwIG9i ago8PAovVHlwZSAvQW5ub3QKL1N1YnR5cGUgL0xpbmsKL1JlY3QgWzE4MS45MTk5OTkgIDYyMS42 Nzk5OTkgIDMyMS4xMjAwMDAgIDYzMi4yMzk5OTkgXQovQm9yZGVyIFswIDAgMF0KL0Rlc3QgL2Zp bGUjM2EjMmYjMmYjMmZ2YXIjMmZ0bXAjMmZDR0l0ZW1wNTA2NjcuZGlyIzJmZHJhZnQjMmRpZXRm IzJkb2F1dGgjMmR2MiMyZGJlYXJlci5odG1sLmh0bWwjMjNJIzJkRC5pZXRmIzJkaHR0cGJpcyMy ZHA3IzJkYXV0aAo+PgplbmRvYmoKMzE5IDAgb2JqCjw8Ci9UeXBlIC9Bbm5vdAovU3VidHlwZSAv TGluawovUmVjdCBbMTI4LjE1OTk5OSAgMjc0LjE1OTk5OSAgMTg2LjcxOTk5OSAgMjg0LjcxOTk5 OSBdCi9Cb3JkZXIgWzAgMCAwXQovRGVzdCAvZmlsZSMzYSMyZiMyZiMyZnZhciMyZnRtcCMyZkNH SXRlbXA1MDY2Ny5kaXIjMmZkcmFmdCMyZGlldGYjMmRvYXV0aCMyZHYyIzJkYmVhcmVyLmh0bWwu aHRtbCMyM1JGQzUyMzQKPj4KZW5kb2JqCjMyMCAwIG9iago8PAovVHlwZSAvQW5ub3QKL1N1YnR5 cGUgL0xpbmsKL1JlY3QgWzEyOC4xNTk5OTkgIDExNC43OTk5OTkgIDE4Ni43MTk5OTkgIDEyNS4z NTk5OTkgXQovQm9yZGVyIFswIDAgMF0KL0Rlc3QgL2ZpbGUjM2EjMmYjMmYjMmZ2YXIjMmZ0bXAj MmZDR0l0ZW1wNTA2NjcuZGlyIzJmZHJhZnQjMmRpZXRmIzJkb2F1dGgjMmR2MiMyZGJlYXJlci5o dG1sLmh0bWwjMjNSRkMyNjE3Cj4+CmVuZG9iagozMjEgMCBvYmoKPDwKL1R5cGUgL0Fubm90Ci9T dWJ0eXBlIC9MaW5rCi9SZWN0IFsyNTAuMDc5OTk5ICA5MC43OTk5OTk5ICAzODkuMjc5OTk5ICAx MDEuMzU5OTk5IF0KL0JvcmRlciBbMCAwIDBdCi9EZXN0IC9maWxlIzNhIzJmIzJmIzJmdmFyIzJm dG1wIzJmQ0dJdGVtcDUwNjY3LmRpciMyZmRyYWZ0IzJkaWV0ZiMyZG9hdXRoIzJkdjIjMmRiZWFy ZXIuaHRtbC5odG1sIzIzSSMyZEQuaWV0ZiMyZGh0dHBiaXMjMmRwNyMyZGF1dGgKPj4KZW5kb2Jq CjMxNCAwIG9iago8PAovVHlwZSAvUGFnZQovUGFyZW50IDIgMCBSCi9Db250ZW50cyAzMjIgMCBS Ci9SZXNvdXJjZXMgMzI0IDAgUgovQW5ub3RzIDMyNSAwIFIKL01lZGlhQm94IFswIDAgNTk1IDg0 Ml0KPj4KZW5kb2JqCjMyNCAwIG9iago8PAovQ29sb3JTcGFjZSA8PAovUENTcCA0IDAgUgovQ1Nw IC9EZXZpY2VSR0IKL0NTcGcgL0RldmljZUdyYXkKPj4KL0V4dEdTdGF0ZSA8PAovR1NhIDMgMCBS Cj4+Ci9QYXR0ZXJuIDw8Cj4+Ci9Gb250IDw8Ci9GOSA5IDAgUgovRjczIDczIDAgUgovRjYgNiAw IFIKL0YzMCAzMCAwIFIKPj4KL1hPYmplY3QgPDwKPj4KPj4KZW5kb2JqCjMyNSAwIG9iagpbIDMx NSAwIFIgMzE2IDAgUiAzMTcgMCBSIDMxOCAwIFIgMzE5IDAgUiAzMjAgMCBSIDMyMSAwIFIgXQpl bmRvYmoKMzIyIDAgb2JqCjw8Ci9MZW5ndGggMzIzIDAgUgovRmlsdGVyIC9GbGF0ZURlY29kZQo+ PgpzdHJlYW0KeJztXU2P5LYRvc+v6LMBj/klkgKCAN71OkAOARa7QA5BDsEaSWDERhY+5O9HHxRb 5GN3URSpUY/Hhr1aqlmiKLLeq2Kx+N2fPv3j8q/fLt+9//Tfyxf35/tPT+yZdf38z4UN/367LhD2 WQo2/nOxXD5rM5V++eXp6+Xr08enj8P/vz5xPVV0fww3l0ew6d/fvvz69N388Ke55NP7vwxX/7uI y5+H/36+/O3vQ+FPTt74g1+ebK+HdjDG5fDX/6z/yiVT8nloFB/KWfzX8cf/fvrrN5dfx4aJZzs1 ns8NXP/1W657qftnzcSOJudU41iNi7HhQo1vulzzZ85Ud+G8ny50P5WKocC6qy9PnOtn23dKMn9T h5W1kzv9dryWdqpxCatKu8gdrsbfrh863hQsqOzb+2Xo3Xff3O+Ur3e65d3np+9+HJ9y+fzPy/xZ vp3/+Dx0heTD34bnqMvnny5/YEy+++Pl889Pdrw9FTATF6ipwFwL5irdteDHuEBOBfJaYEkZ8NgP cUE3Fag7MgT5LiADGgYyvo8L4G3hFwVvC0KhpfAZQAY8BWT0ccH7zHZ8+DzojtWYe55V1qi12LPy 19H0vPGrnEGd8YBpoBt5Y6RLqcKRzuHLwstDAUyO+BeSRQX8x7ggfixXcYEm2/FDVCDip7gve6cK vAtnyS+7RTcXqyFlWPhxMoZ7gdaBbou/Fj6FVjLwceIqcv5Ff+3pjqzC48eupl1xL3fahL2sTNQy 0cdNnTuEs2uJjX6CiAF9BgoRBuOHCq+3YJnOHwAIKjRSwcscA130YyvgIX9Pjn8a/miQhc9wQ9He eTkxzxAu7zyXHnYFfUhOdw5K5UaH7Bvt0tpotNNjGbRbjDRCxVXiPsQRUmO0k52KT6GnMnwYGP40 hYLBHVfh329DzdumieFX08SIlGkycpvZhBiuYtNkuqnDytrJ9abJYH0lTJNR+ix3uIpNk/H/ggWV fXsPMU1MtwzOjlTnsbKG8YxjAIbN9vGc0EU0j6a1JN0yGL8AVjQnArIJkxOqkHQU34VG4hbWHHAV 1M0FtHK7eSdkms7do7d0j8Fj6f4ANpeBkVBAD8Ma+KZ6EU5/xuPH0MOfNvHAAqaBJv4yaEUUDP8j iWgdmt1vmKmHkFe0omLLRHyI8SG2dzKIB/2laHpDenc4jxsWywAkQ+5GEzESlcAXgQAKr58LdTv5 r1KbhyFJiKuxOcmubE6yFJuTbGFz41XE5uabOqysnVzP5vokm+s9m+uRzfWezfUBm5vltmdzknU3 px6tNWj/zXbyxj9EwwZIA2peGnkBmkjHkvoA2EwzD9KghberYuGSXYZagp6ctJKMp6+M1XkGzlQg swd9qQzSCE8hRxniSq6MvWzOhtMfJyb9IWiT6WXMDNQHNcw/0lmDMuJ21IOzAXA8nHGTgjO+rG+O VzGcTTd1WFk7uQucSa4ScDaUerkqhrPppmuUCuBsknsAnAmvi2InP5oJ6CWg3W8woMFegV+80MIp PfVoyxqmTdx0xBV6abWG+6LAYdnEfVEAq7Q9S/fYIWsgdORBhjFSEKzQBO86FumHDF9zi6G8RoDy l5k8MVLZRU3pmLuAof2+FvAYcQUeI1PAYzxAGAXAM93UYWXt5HrgMSwFPIZ5uQyAZ7zpGsUC4Jnk HgA8Ri9dvd0rnkFP6BAEmvJW0Am0GwTawWX8tgVhAODhh1+Q2IW6CfoUnkKuvmWoM5qcxkLhsdiO 7YwX2U7Oii2NTTc8NpUjJZS04SxDeredjZeQOZBRI2CtwI1SYFjSa6nxL+TGCKTbqGHNFTWsTaGG Xbxk41WMGtNNHVbWTq5HDdulUMN2Xm4HqDHedI3qAtSY5B6AGj13Xa3mUbL2YdAEpWCFkh7h5PJK FUZPx3VBS0kNn1BoVXTPMNyCb5Xhtqexl2bKdMRpwTrPDdNqXw+NAeRBD1Xzcyh2pZuKpeimYgvd HK8ixTHf1GFl7eQuikOxFN0cSr1coJvTTdeogG7OctsrDsUWIEwoDkBCUAsF1JDGOdqlRqunAluY ZE8ZuuZx9GYNTwhtfsBjt8el31TGBW3faS330ZSpp534ldYonqI1ii+0ZryKtRNfaM2qsnZyvXbi KVozlHq5QGumm65RAa2Z5R6gncQCBLDAj1YYqI0mUEkGomXE0Z7F97s9eKPEUQd2PB2KDMCzfWtO jlFasFmHhIDEc+lIW+gA0F/kSnXGfKixqEbywJKXg5bSMAqDqpoqliuiKJNEUXqiKJEoSk8UZUgU 5YooyiRRlJ4oSiSK0hNFGRJFeRBRlMd6TDLGUZPoNFoF0Itb8S/U9/G7vOoIYDoiBk2NOAQUA/ri pQlB706irQKawRZHke/1U5pw1vEfaF5MD3fap1jBp/6ykRdVYmBV5300FaI1qviHW0RA8XYwqlcw qpMwqj2MaoRR7WFUhzCqVzCqkzCqPYxqhFHtYVSHMKoPglHtYZRcFceZRqvaAkpbIbJSQGQlvWWP bgcMTjLk8ZHjKipAMTIzWt/DoMuwm4oNiZ2YKPpwCr197hf53Adprht+gzr4bj2+N3HZFuhUyC9x wwDau7lYhu9fD/H7FeL3ScTvPeL3iPi9R/w+RPx+hfh9EvF7j/g9In7vEb8PEb8/CPH7o1dYKuwO ytg9R8so2NfYIksH/gIcctthA81RETWdx4laMsL+6XZAAThkt6teeBcQKiGeGV4/A0forTPgxKVf hjRPS3Zb5KYg2Bt9yUIFcdrvL+DDQJXiOVUFzzt+G8/pmApQdrnBaftRsxNX1OxECjU7saDmeBWh 5nxTh5W1k7ug5jDOEqg5jr5FLqDmdNM1KkDNWW571OyEJ/kGULPFwl5BQGrGhuEC51nB7pKMiKYY nYoMge1BnE0yBJ1mR0qNz033R0ZAxHZzkx4QZwlIrbjRoeuW/GgZGx3e1dLwxl41vOlTGt56TWwZ aPjppg4rayfXa3ijUxre6EWu0aDhx5uuUTrQ8JPcAzS8Fa6r3+wici6+ZruoIh+/mxAHsszEBZC9 sYBLZ4QEtuajO5Wk5je/JSrJWjRYS+WVpJZdQklquSiz8SpSkvNNHVbWTu6iJLUUCSU5lHq5IlaS 003XKLFWkrPc9kpSy2VrHiavgIHVJuEZPeS3Z7jK4EV19iHB1KoRA9UiRKQEi+iV6YLtEzQNhM09 QCUzYvHoDfKwR7iiivMrSLSKU7V4oO6vGep1n8pQr3uvinrIUD/f1GFl7eR6FWdTGeqH0kWuhQz1 003Bgsq+vYeouN6T8pMkDjpx+CltPpY05GEzv7MuHEESlMaNqNg7OpLOHg+p4DEnOxAlSAUPyeJf Mkk7i2bizh0WDzWIlBDRy0Nif/Cxk1HwmPo/Lnh1g6jjNlLn9MILHUrXwm979kQCVVZEjDfjSrZp 0bSQrEIn5a62iGLENSejEamcjEYsORnHq4hazTd1WFk7uQu1MjyVk9H4bVmGQ07G6aZgQWXf3iOo lRGny8lYwy2TkVEN4Ip0F2bkkC+IUaZNcnq7+is+uUfYcJhigDKs5nOK0HHo8xtRz/ewmFTVDkPA ibuFE7hP/TKUT8Vd/0JujmPmUHnKhza6a+9GZBF+PAlDPOaOsia1UD54MN6UkljKIS3Ul0opS6IX 7I7IOBGGPEIAyWeNvL1NYJUeVVCALYNtS+DHhi47a0JBGA8tLZydofLzsWvXmZrh56a7rODYwbMp 3hcyHOvo3U6HUmsYm/s8/QXD+8i1TGPzAz7URjZ20xq17BrwYVkq4MPyJeBjvIqs0fmmDitrJ3ex Ri1LBXwMpYtcBgEf003XqCDgY5bb3hq1fAn4yNhAQh+8lBHBRJujEFtYZUsR+IZA19ag0qR9+rL7 dFbxxYc4Akv21NMH/hTkTSK3PuZkNGoB19X8bVbIq4YTKqXhxJJWaLyKNZzwKu1aWTu5XsMJntJw gnu5HDTceNM1igcabpJ7gIYTZvnEb/42ajC++dteyt92HaZv/raD/W2rrn/ztxEYeDp/2/XjZXtG qth9VslF6mv2pjyyIww2SNKOsN+Zq7TgYzbKcHRiPTPHM63mO02S6C2zpPpW7+OhGRccuheojs7s lsDpDNuy4MzW7QEirzBQ5R4lOGvQCY5+UMxxQT27eTBTvd1sWMpuNt6+XU53Xxm/000dVtZOrreb tUnZzdoscrUBu3m86RpoArt5knuA3Wy8wvt97XLIIFb09thDcg3lYDGtvmgT/yTbMXC5gE6vC00v 8FCeJDt8PY1nr/u6rE3t67LWr1lY2Nc139RhZe3keo1nU/u6hlIvF/Z1TTddo4J9XbPcAzSePXZf V8m2e9rsL9hzSpuntPamM66TmhincwUeXWPfapuctS3yUjQ62+EQNDvqwAgWTfa37NKbvxSdOrc4 /XAVQ7Nn8mYfnuSw6NOmH85gSCBjU76QXdyl51fu0vMUd+n5wl16DtxlvqnDytrJXbhLz1PcZSj1 coG7TDddowLuMsttz1167o+LjT8oHSCUcRA2PXzjoQdCMw4POG2qjxbZ1OmoFkybVyUfVIFtTq9o kCG1tBcI05TM33LtBKad76TTG04xqHLcFSwlwOeFTsTXwwOVmgSidpKFOuMs+XZvCd33uoJNy7y9 9A6tamikVmikkmikPBopRCPl0UiFaKRWaKSSaKQ8GilEI+XRSIVopA5CI394eZ2TT1vkQGqUUKDA RCs4L2D7gjIqOZqz01BK894CilrDDi5IgvgwjkA6dBOXtegjZXLXaHfugeh1qCAKsncB1Ba4EtAN ThMpaEd89EXnFq357Z+c9mUkr/B1F/WvPdLWWEsheQTq9u0B0lVWjui9ac3O9unNioqYJBXxmSd7 g1TEeCpiQipiVlTEJKmI8VTEIBUxnoqYkIqYg6iI8YZxHP7b5JTQDCuXJkAF50iSQJPRsBrhAdCO 7cdGtnFr0QQAWOb2iNgqeZLJ02zxsU0WF445Xl4pHc7TDLZPv24Tp09B9r8C3IGGHePCL1ifaerC 7+XN57bgP1XWCY+Z2wVrnjUmqtAs+jD0fKiTMLQgNvBcK5b3hggZ05QR101TDBraaVN++3FZTU4c PMhAahIWdaQKVcNXzx5TZYl7C06Rb+KGel1qpt3ee8VkfpJdufK97zFNFdM+ye5wnUiyO5Q6E3K6 Ck1Td1OHlbWT60xTxbpEkt2xdJHbxUl255uCBZV9ew8wTYfn+EQIBcHuBR7OY7JXN7FFCnYd/a5C +zN8GbRtQjsEYAEkfiy2g96XCKOQ3tnUJMVTLgHcae/aLpr8tCa+kXYdQHMnRHAVtgzPsn2hOCc6 ILNYX9ZhWqbPJhEZ1KuKi6wFfcfZDaor1rq1HNyK9SsWkUrVP5R6FgGp+t1NHVbWTq5nEalU/WPp IhdS9c83BQsq+/YewiJ8bueD9ukccqw8TnnY/tnEC/Qwi8BVzFHoU/K75OzSIrc10GoE9wa0WFY5 064cxVnn9RtnOqHfOHP7BaerSL/NN3VYWTu5i37jTCb021Dq5cpYv003XaPkWr/NctvrN84WbD1L /p63o0geJbXOtHV/NYLg9AY8eSTOYIMnQMQ9+OoOjZC9jLpt31adhxozajaCri//dnxNoTHJwn6s B5TXgyWG68TBEkOpBzQ4WMLd1GFl7eR6oEwdLDGWLnLhYIn5pmBBZd/eQ4DSZx4/aPsqzeppd1FG AO0Doe3rVYuS6XCMqTgHHV3AIF0cfNrt6HtL6d2TARz+xtntd2S4x75M2jqpwm/xUp7+gkj+ghXz gsU9eofbLXtypwdV20gTwyIE7QsQFRoyb3kZuIw/FKIa+nbiir6dTKHvBJvWXcXoO2NqWFk7uR59 O5ZC3455uQzQd7zpGsUC9J3kHoC+Pg/8eRJpx8HndAoxaLuatekqpB0XBUBIPPs6GQt55B09mIqK DPKvmYvzAbmDteEMQbylU81ChtsKuE+nzeUq2efHwLzRYbe9Km/19sxdJRG79LvQfUpHtNegDtr5 Ha5fOzc7UJUVTG7EzW5uybfuxWvkUqVNfLPCPv2SjdzlyzV7zxyKPm89ImjllQjaxHkDQ2m3EDYb nzfgbuqwsnZyPRG0ifMGxlIvNz5vYL7pGsUDImgPOW9geI5PSH0WIviqNi7QM5qOjainJh6QjXEb DdM3B3eRZnWAbW8eHoBbe6skY6PX6Dc5Ox5q8CrLok5/W9Hb4Jfy3ZaRGv5kbvcqLFf4vHAZW1Va cMmKYbp7HYQy7JCzfe99W2hbfLuSVFvbd2VjNDC5CxnDo+lgqRq7HWvYVm2OwiL5bpPDU9BTCMmP wCQQXTxCqqxDdDZSdwXvS27uqmZKimtSx+E6kbtiKHW5K6aryJQUS1LHdWXt5C6mpEgldRxLvdw4 d8V80zVqnbvCyW1vSoprUkc4EzNj4awgvXSTmQRKcHvGVVyGyClBXVrjINEaMFCQyZXsI9rd8FKL vgV4fWMH+67kZCUZSWtkU6+TtdpGGoHenotks439WcH/1ASPXZ60OpaDTx6ZwdiLM6m0JkbZR+Td M2Ee93S7s8fJ7Bup0opwpFZZUamR8ohU5m/wnoGidEvpiVjD2K64b1L4NJB0CnJ6e1cVfC/wC5Ar I7jpJHcS7XTyCBX28sn03T6KCE/JWKemG0JPXfrtaEKwPQvKG9+j4T3r1Innrnf/wGSK79Fm/R1h 08zUN3Npje5XKfslPlPOTdXx+8cKgHrglJEz+UQTPZGlE74Wv5Gx0RuZGK8ZBOz9GA0cx3pXjKWP uuVGmtribpG8b9otclLBK/luUfDOK0KBmMfG2o2IByNAV6YBpLyjjGnbURN7XclPvLWu+0pqPgmq 2Supac/E+tsDIScHAwwXmQ76Km1jJzpCEbmYyHVwk4hbDcaq0++rZkOdLv4FVKn7popNM338KAep XMWjJ9YeX7NuWb3RQ6hcpbu23WJYKP9RVW4nZNOO6oQN5bdXuZ0ybV9pSnO3/vbnU7lihh1lj+N+ PHpibe7HdfRGD6GIRGfadosWofxHVUSSd007SgoWym+viAbG0/aVlIq+/fkU0ZJp2zuM63A/F/u+ 8sLGzM7Z5asA+ndHvOlqO+SrZbnC9mG8f3tw6aMn1p5JTEVv9BDgIlXXtls6Fm3seFBwUXMkYrOO Um4rtJd/gGNBmLavJEX07SuDy/Dv5evQUq6nR7o/vvxSGrj88fLx6f+ZD7cZZW5kc3RyZWFtCmVu ZG9iagozMjMgMCBvYmoKNTM5NAplbmRvYmoKMzI3IDAgb2JqClsxNCAvWFlaIDQ3LjUxOTk5OTkg IAoyNjguMzk5OTk5ICAwXQplbmRvYmoKMzI4IDAgb2JqClsxNCAvWFlaIDQ3LjUxOTk5OTkgIAoy OTguMTU5OTk5ICAwXQplbmRvYmoKMzI5IDAgb2JqCjw8Ci9UeXBlIC9Bbm5vdAovU3VidHlwZSAv TGluawovUmVjdCBbNTIyLjcyMDAwMCAgMjY0LjU1OTk5OSAgNTQzLjg0MDAwMCAgMjcyLjIzOTk5 OSBdCi9Cb3JkZXIgWzAgMCAwXQovRGVzdCAvZmlsZSMzYSMyZiMyZiMyZnZhciMyZnRtcCMyZkNH SXRlbXA1MDY2Ny5kaXIjMmZkcmFmdCMyZGlldGYjMmRvYXV0aCMyZHYyIzJkYmVhcmVyLmh0bWwu aHRtbCMyM3RvYwo+PgplbmRvYmoKMzMwIDAgb2JqCjw8Ci9UeXBlIC9Bbm5vdAovU3VidHlwZSAv TGluawovUmVjdCBbMTMxLjAzOTk5OSAgMjE0LjYzOTk5OSAgMjE3LjQzOTk5OSAgMjIyLjMxOTk5 OSBdCi9Cb3JkZXIgWzAgMCAwXQovQSA8PAovVHlwZSAvQWN0aW9uCi9TIC9VUkkKL1VSSSAobWFp bHRvOm1iakBtaWNyb3NvZnQuY29tKQo+Pgo+PgplbmRvYmoKMzMxIDAgb2JqCjw8Ci9UeXBlIC9B bm5vdAovU3VidHlwZSAvTGluawovUmVjdCBbMTMxLjAzOTk5OSAgMjA1Ljk5OTk5OSAgMjI3LjAz OTk5OSAgMjEzLjY3OTk5OSBdCi9Cb3JkZXIgWzAgMCAwXQovQSA8PAovVHlwZSAvQWN0aW9uCi9T IC9VUkkKL1VSSSAoaHR0cDovL3NlbGYtaXNzdWVkLmluZm8vKQo+Pgo+PgplbmRvYmoKMzMyIDAg b2JqCjw8Ci9UeXBlIC9Bbm5vdAovU3VidHlwZSAvTGluawovUmVjdCBbMTMxLjAzOTk5OSAgMTY2 LjYzOTk5OSAgMjI4ICAxNzQuMzE5OTk5IF0KL0JvcmRlciBbMCAwIDBdCi9BIDw8Ci9UeXBlIC9B Y3Rpb24KL1MgL1VSSQovVVJJIChtYWlsdG86ZGljay5oYXJkdEBnbWFpbC5jb20pCj4+Cj4+CmVu ZG9iagozMzMgMCBvYmoKPDwKL1R5cGUgL0Fubm90Ci9TdWJ0eXBlIC9MaW5rCi9SZWN0IFsxMzEu MDM5OTk5ICAxNTcuMDM5OTk5ICAyMjAuMzE5OTk5ICAxNjQuNzE5OTk5IF0KL0JvcmRlciBbMCAw IDBdCi9BIDw8Ci9UeXBlIC9BY3Rpb24KL1MgL1VSSQovVVJJIChodHRwOi8vZGlja2hhcmR0Lm9y Zy8pCj4+Cj4+CmVuZG9iagozMzQgMCBvYmoKPDwKL1R5cGUgL0Fubm90Ci9TdWJ0eXBlIC9MaW5r Ci9SZWN0IFsxMzEuMDM5OTk5ICAxMTguNjM5OTk5ICAxNzcuMTIwMDAwICAxMjYuMzE5OTk5IF0K L0JvcmRlciBbMCAwIDBdCi9BIDw8Ci9UeXBlIC9BY3Rpb24KL1MgL1VSSQovVVJJIChtYWlsdG86 ZHJAZmIuY29tKQo+Pgo+PgplbmRvYmoKMzM1IDAgb2JqCjw8Ci9UeXBlIC9Bbm5vdAovU3VidHlw ZSAvTGluawovUmVjdCBbMTMxLjAzOTk5OSAgMTA5LjAzOTk5OSAgMjY5LjI3OTk5OSAgMTE2Ljcx OTk5OSBdCi9Cb3JkZXIgWzAgMCAwXQovQSA8PAovVHlwZSAvQWN0aW9uCi9TIC9VUkkKL1VSSSAo aHR0cDovL3d3dy5kYXZpZHJlY29yZG9uLmNvbS8pCj4+Cj4+CmVuZG9iagozMzggMCBvYmoKPDwv VGl0bGUgKP7/AEEAYgBzAHQAcgBhAGMAdCkKICAvUGFyZW50IDMzNyAwIFIKICAvRGVzdCAvX19X S0FOQ0hPUl80CiAgL0NvdW50IDAKICAvTmV4dCAzMzkgMCBSCj4+CmVuZG9iagozMzkgMCBvYmoK PDwvVGl0bGUgKP7/AFMAdABhAHQAdQBzACAAbwBmACAAdABoAGkAcwAgAE0AZQBtAG8pCiAgL1Bh cmVudCAzMzcgMCBSCiAgL0Rlc3QgL19fV0tBTkNIT1JfNgogIC9Db3VudCAwCiAgL05leHQgMzQw IDAgUgogIC9QcmV2IDMzOCAwIFIKPj4KZW5kb2JqCjM0MCAwIG9iago8PC9UaXRsZSAo/v8AQwBv AHAAeQByAGkAZwBoAHQAIABOAG8AdABpAGMAZSkKICAvUGFyZW50IDMzNyAwIFIKICAvRGVzdCAv X19XS0FOQ0hPUl84CiAgL0NvdW50IDAKICAvTmV4dCAzNDEgMCBSCiAgL1ByZXYgMzM5IDAgUgo+ PgplbmRvYmoKMzQxIDAgb2JqCjw8L1RpdGxlICj+/wBUAGEAYgBsAGUAIABvAGYAIABDAG8AbgB0 AGUAbgB0AHMpCiAgL1BhcmVudCAzMzcgMCBSCiAgL0Rlc3QgL19fV0tBTkNIT1JfYQogIC9Db3Vu dCAwCiAgL05leHQgMzQyIDAgUgogIC9QcmV2IDM0MCAwIFIKPj4KZW5kb2JqCjM0MiAwIG9iago8 PC9UaXRsZSAo/v8AMQAuAKAAIABJAG4AdAByAG8AZAB1AGMAdABpAG8AbikKICAvUGFyZW50IDMz NyAwIFIKICAvRGVzdCAvX19XS0FOQ0hPUl9jCiAgL0NvdW50IDAKICAvTmV4dCAzNDMgMCBSCiAg L1ByZXYgMzQxIDAgUgo+PgplbmRvYmoKMzQzIDAgb2JqCjw8L1RpdGxlICj+/wAxAC4AMQAuAKAA IABOAG8AdABhAHQAaQBvAG4AYQBsACAAQwBvAG4AdgBlAG4AdABpAG8AbgBzKQogIC9QYXJlbnQg MzM3IDAgUgogIC9EZXN0IC9fX1dLQU5DSE9SX2UKICAvQ291bnQgMAogIC9OZXh0IDM0NCAwIFIK ICAvUHJldiAzNDIgMCBSCj4+CmVuZG9iagozNDQgMCBvYmoKPDwvVGl0bGUgKP7/ADEALgAyAC4A oAAgAFQAZQByAG0AaQBuAG8AbABvAGcAeSkKICAvUGFyZW50IDMzNyAwIFIKICAvRGVzdCAvX19X S0FOQ0hPUl9nCiAgL0NvdW50IDAKICAvTmV4dCAzNDUgMCBSCiAgL1ByZXYgMzQzIDAgUgo+Pgpl bmRvYmoKMzQ1IDAgb2JqCjw8L1RpdGxlICj+/wAxAC4AMwAuAKAAIABPAHYAZQByAHYAaQBlAHcp CiAgL1BhcmVudCAzMzcgMCBSCiAgL0Rlc3QgL19fV0tBTkNIT1JfaQogIC9Db3VudCAwCiAgL05l eHQgMzQ2IDAgUgogIC9QcmV2IDM0NCAwIFIKPj4KZW5kb2JqCjM0NiAwIG9iago8PC9UaXRsZSAo /v8AMgAuAKAAIABBAHUAdABoAGUAbgB0AGkAYwBhAHQAZQBkACAAUgBlAHEAdQBlAHMAdABzKQog IC9QYXJlbnQgMzM3IDAgUgogIC9EZXN0IC9fX1dLQU5DSE9SX2sKICAvQ291bnQgMAogIC9OZXh0 IDM0NyAwIFIKICAvUHJldiAzNDUgMCBSCj4+CmVuZG9iagozNDcgMCBvYmoKPDwvVGl0bGUgKP7/ ADIALgAxAC4AoAAgAEEAdQB0AGgAbwByAGkAegBhAHQAaQBvAG4AIABSAGUAcQB1AGUAcwB0ACAA SABlAGEAZABlAHIAIABGAGkAZQBsAGQpCiAgL1BhcmVudCAzMzcgMCBSCiAgL0Rlc3QgL19fV0tB TkNIT1JfbQogIC9Db3VudCAwCiAgL05leHQgMzQ4IDAgUgogIC9QcmV2IDM0NiAwIFIKPj4KZW5k b2JqCjM0OCAwIG9iago8PC9UaXRsZSAo/v8AMgAuADIALgCgACAARgBvAHIAbQAtAEUAbgBjAG8A ZABlAGQAIABCAG8AZAB5ACAAUABhAHIAYQBtAGUAdABlAHIpCiAgL1BhcmVudCAzMzcgMCBSCiAg L0Rlc3QgL19fV0tBTkNIT1JfbwogIC9Db3VudCAwCiAgL05leHQgMzQ5IDAgUgogIC9QcmV2IDM0 NyAwIFIKPj4KZW5kb2JqCjM0OSAwIG9iago8PC9UaXRsZSAo/v8AMgAuADMALgCgACAAVQBSAEkA IABRAHUAZQByAHkAIABQAGEAcgBhAG0AZQB0AGUAcikKICAvUGFyZW50IDMzNyAwIFIKICAvRGVz dCAvX19XS0FOQ0hPUl9xCiAgL0NvdW50IDAKICAvTmV4dCAzNTAgMCBSCiAgL1ByZXYgMzQ4IDAg Ugo+PgplbmRvYmoKMzUwIDAgb2JqCjw8L1RpdGxlICj+/wAzAC4AoAAgAFQAaABlACAAVwBXAFcA LQBBAHUAdABoAGUAbgB0AGkAYwBhAHQAZQAgAFIAZQBzAHAAbwBuAHMAZQAgAEgAZQBhAGQAZQBy ACAARgBpAGUAbABkKQogIC9QYXJlbnQgMzM3IDAgUgogIC9EZXN0IC9fX1dLQU5DSE9SX3MKICAv Q291bnQgMAogIC9OZXh0IDM1MSAwIFIKICAvUHJldiAzNDkgMCBSCj4+CmVuZG9iagozNTEgMCBv YmoKPDwvVGl0bGUgKP7/ADMALgAxAC4AoAAgAEUAcgByAG8AcgAgAEMAbwBkAGUAcykKICAvUGFy ZW50IDMzNyAwIFIKICAvRGVzdCAvX19XS0FOQ0hPUl91CiAgL0NvdW50IDAKICAvTmV4dCAzNTIg MCBSCiAgL1ByZXYgMzUwIDAgUgo+PgplbmRvYmoKMzUyIDAgb2JqCjw8L1RpdGxlICj+/wA0AC4A oAAgAEUAeABhAG0AcABsAGUAIABBAGMAYwBlAHMAcwAgAFQAbwBrAGUAbgAgAFIAZQBzAHAAbwBu AHMAZSkKICAvUGFyZW50IDMzNyAwIFIKICAvRGVzdCAvX19XS0FOQ0hPUl93CiAgL0NvdW50IDAK ICAvTmV4dCAzNTMgMCBSCiAgL1ByZXYgMzUxIDAgUgo+PgplbmRvYmoKMzUzIDAgb2JqCjw8L1Rp dGxlICj+/wA1AC4AoAAgAFMAZQBjAHUAcgBpAHQAeQAgAEMAbwBuAHMAaQBkAGUAcgBhAHQAaQBv AG4AcykKICAvUGFyZW50IDMzNyAwIFIKICAvRGVzdCAvX19XS0FOQ0hPUl95CiAgL0NvdW50IDAK ICAvTmV4dCAzNTQgMCBSCiAgL1ByZXYgMzUyIDAgUgo+PgplbmRvYmoKMzU0IDAgb2JqCjw8L1Rp dGxlICj+/wA1AC4AMQAuAKAAIABTAGUAYwB1AHIAaQB0AHkAIABUAGgAcgBlAGEAdABzKQogIC9Q YXJlbnQgMzM3IDAgUgogIC9EZXN0IC9fX1dLQU5DSE9SXzEwCiAgL0NvdW50IDAKICAvTmV4dCAz NTUgMCBSCiAgL1ByZXYgMzUzIDAgUgo+PgplbmRvYmoKMzU1IDAgb2JqCjw8L1RpdGxlICj+/wA1 AC4AMgAuAKAAIABUAGgAcgBlAGEAdAAgAE0AaQB0AGkAZwBhAHQAaQBvAG4pCiAgL1BhcmVudCAz MzcgMCBSCiAgL0Rlc3QgL19fV0tBTkNIT1JfMTIKICAvQ291bnQgMAogIC9OZXh0IDM1NiAwIFIK ICAvUHJldiAzNTQgMCBSCj4+CmVuZG9iagozNTYgMCBvYmoKPDwvVGl0bGUgKP7/ADUALgAzAC4A oAAgAFMAdQBtAG0AYQByAHkAIABvAGYAIABSAGUAYwBvAG0AbQBlAG4AZABhAHQAaQBvAG4AcykK ICAvUGFyZW50IDMzNyAwIFIKICAvRGVzdCAvX19XS0FOQ0hPUl8xNAogIC9Db3VudCAwCiAgL05l eHQgMzU3IDAgUgogIC9QcmV2IDM1NSAwIFIKPj4KZW5kb2JqCjM1NyAwIG9iago8PC9UaXRsZSAo /v8ANgAuAKAAIABJAEEATgBBACAAQwBvAG4AcwBpAGQAZQByAGEAdABpAG8AbgBzKQogIC9QYXJl bnQgMzM3IDAgUgogIC9EZXN0IC9fX1dLQU5DSE9SXzE2CiAgL0NvdW50IDAKICAvTmV4dCAzNTgg MCBSCiAgL1ByZXYgMzU2IDAgUgo+PgplbmRvYmoKMzU4IDAgb2JqCjw8L1RpdGxlICj+/wA2AC4A MQAuAKAAIABPAEEAdQB0AGgAIABBAGMAYwBlAHMAcwAgAFQAbwBrAGUAbgAgAFQAeQBwAGUAIABS AGUAZwBpAHMAdAByAGEAdABpAG8AbikKICAvUGFyZW50IDMzNyAwIFIKICAvRGVzdCAvX19XS0FO Q0hPUl8xOAogIC9Db3VudCAwCiAgL05leHQgMzU5IDAgUgogIC9QcmV2IDM1NyAwIFIKPj4KZW5k b2JqCjM1OSAwIG9iago8PC9UaXRsZSAo/v8ANgAuADEALgAxAC4AoAAgAFQAaABlACAAIgBCAGUA YQByAGUAcgAiACAATwBBAHUAdABoACAAQQBjAGMAZQBzAHMAIABUAG8AawBlAG4AIABUAHkAcABl KQogIC9QYXJlbnQgMzM3IDAgUgogIC9EZXN0IC9fX1dLQU5DSE9SXzFhCiAgL0NvdW50IDAKICAv TmV4dCAzNjAgMCBSCiAgL1ByZXYgMzU4IDAgUgo+PgplbmRvYmoKMzYwIDAgb2JqCjw8L1RpdGxl ICj+/wA2AC4AMgAuAKAAIABPAEEAdQB0AGgAIABFAHgAdABlAG4AcwBpAG8AbgBzACAARQByAHIA bwByACAAUgBlAGcAaQBzAHQAcgBhAHQAaQBvAG4pCiAgL1BhcmVudCAzMzcgMCBSCiAgL0Rlc3Qg L19fV0tBTkNIT1JfMWMKICAvQ291bnQgMAogIC9OZXh0IDM2MSAwIFIKICAvUHJldiAzNTkgMCBS Cj4+CmVuZG9iagozNjEgMCBvYmoKPDwvVGl0bGUgKP7/ADYALgAyAC4AMQAuAKAAIABUAGgAZQAg ACIAaQBuAHYAYQBsAGkAZABfAHIAZQBxAHUAZQBzAHQAIgAgAEUAcgByAG8AcgAgAFYAYQBsAHUA ZSkKICAvUGFyZW50IDMzNyAwIFIKICAvRGVzdCAvX19XS0FOQ0hPUl8xZQogIC9Db3VudCAwCiAg L05leHQgMzYyIDAgUgogIC9QcmV2IDM2MCAwIFIKPj4KZW5kb2JqCjM2MiAwIG9iago8PC9UaXRs ZSAo/v8ANgAuADIALgAyAC4AoAAgAFQAaABlACAAIgBpAG4AdgBhAGwAaQBkAF8AdABvAGsAZQBu ACIAIABFAHIAcgBvAHIAIABWAGEAbAB1AGUpCiAgL1BhcmVudCAzMzcgMCBSCiAgL0Rlc3QgL19f V0tBTkNIT1JfMWcKICAvQ291bnQgMAogIC9OZXh0IDM2MyAwIFIKICAvUHJldiAzNjEgMCBSCj4+ CmVuZG9iagozNjMgMCBvYmoKPDwvVGl0bGUgKP7/ADYALgAyAC4AMwAuAKAAIABUAGgAZQAgACIA aQBuAHMAdQBmAGYAaQBjAGkAZQBuAHQAXwBzAGMAbwBwAGUAIgAgAEUAcgByAG8AcgAgAFYAYQBs AHUAZSkKICAvUGFyZW50IDMzNyAwIFIKICAvRGVzdCAvX19XS0FOQ0hPUl8xaQogIC9Db3VudCAw CiAgL05leHQgMzY0IDAgUgogIC9QcmV2IDM2MiAwIFIKPj4KZW5kb2JqCjM2NCAwIG9iago8PC9U aXRsZSAo/v8ANwAuAKAAIABSAGUAZgBlAHIAZQBuAGMAZQBzKQogIC9QYXJlbnQgMzM3IDAgUgog IC9EZXN0IC9fX1dLQU5DSE9SXzFrCiAgL0NvdW50IDAKICAvTmV4dCAzNjUgMCBSCiAgL1ByZXYg MzYzIDAgUgo+PgplbmRvYmoKMzY1IDAgb2JqCjw8L1RpdGxlICj+/wA3AC4AMQAuAKAATgBvAHIA bQBhAHQAaQB2AGUAIABSAGUAZgBlAHIAZQBuAGMAZQBzKQogIC9QYXJlbnQgMzM3IDAgUgogIC9E ZXN0IC9fX1dLQU5DSE9SXzFtCiAgL0NvdW50IDAKICAvTmV4dCAzNjYgMCBSCiAgL1ByZXYgMzY0 IDAgUgo+PgplbmRvYmoKMzY2IDAgb2JqCjw8L1RpdGxlICj+/wA3AC4AMgAuAKAASQBuAGYAbwBy AG0AYQB0AGkAdgBlACAAUgBlAGYAZQByAGUAbgBjAGUAcykKICAvUGFyZW50IDMzNyAwIFIKICAv RGVzdCAvX19XS0FOQ0hPUl8xbwogIC9Db3VudCAwCiAgL05leHQgMzY3IDAgUgogIC9QcmV2IDM2 NSAwIFIKPj4KZW5kb2JqCjM2NyAwIG9iago8PC9UaXRsZSAo/v8AQQBwAHAAZQBuAGQAaQB4ACAA QQAuAKAAIABBAGMAawBuAG8AdwBsAGUAZABnAGUAbQBlAG4AdABzKQogIC9QYXJlbnQgMzM3IDAg UgogIC9EZXN0IC9fX1dLQU5DSE9SXzFxCiAgL0NvdW50IDAKICAvTmV4dCAzNjggMCBSCiAgL1By ZXYgMzY2IDAgUgo+PgplbmRvYmoKMzY4IDAgb2JqCjw8L1RpdGxlICj+/wBBAHAAcABlAG4AZABp AHgAIABCAC4AoAAgAEQAbwBjAHUAbQBlAG4AdAAgAEgAaQBzAHQAbwByAHkpCiAgL1BhcmVudCAz MzcgMCBSCiAgL0Rlc3QgL19fV0tBTkNIT1JfMXMKICAvQ291bnQgMAogIC9OZXh0IDM2OSAwIFIK ICAvUHJldiAzNjcgMCBSCj4+CmVuZG9iagozNjkgMCBvYmoKPDwvVGl0bGUgKP7/AEEAdQB0AGgA bwByAHMAJwAgAEEAZABkAHIAZQBzAHMAZQBzKQogIC9QYXJlbnQgMzM3IDAgUgogIC9EZXN0IC9f X1dLQU5DSE9SXzF1CiAgL0NvdW50IDAKICAvUHJldiAzNjggMCBSCj4+CmVuZG9iagozMzcgMCBv YmoKPDwvVGl0bGUgKP7/AFQAaABlACAATwBBAHUAdABoACAAMgAuADAAIABBAHUAdABoAG8AcgBp AHoAYQB0AGkAbwBuACAARgByAGEAbQBlAHcAbwByAGsAOgAgAEIAZQBhAHIAZQByACAAVABvAGsA ZQBuACAAVQBzAGEAZwBlACAAZAByAGEAZgB0AC0AaQBlAHQAZgAtAG8AYQB1AHQAaAAtAHYAMgAt AGIAZQBhAHIAZQByAC0AMgAyKQogIC9QYXJlbnQgMzM2IDAgUgogIC9EZXN0IC9fX1dLQU5DSE9S XzIKICAvQ291bnQgMAogIC9GaXJzdCAzMzggMCBSCiAgL0xhc3QgMzY5IDAgUgo+PgplbmRvYmoK MzM2IDAgb2JqCjw8L1R5cGUgL091dGxpbmVzIC9GaXJzdCAzMzcgMCBSCi9MYXN0IDMzNyAwIFI+ PgplbmRvYmoKMzcwIDAgb2JqCjw8Ci9UeXBlIC9DYXRhbG9nCi9QYWdlcyAyIDAgUgovT3V0bGlu ZXMgMzM2IDAgUgovUGFnZU1vZGUgL1VzZU91dGxpbmVzCi9EZXN0cyA8PAovX19XS0FOQ0hPUl8x OCAxNjMgMCBSCi9maWxlIzNhIzJmIzJmIzJmdmFyIzJmdG1wIzJmQ0dJdGVtcDUwNjY3LmRpciMy ZmRyYWZ0IzJkaWV0ZiMyZG9hdXRoIzJkdjIjMmRiZWFyZXIuaHRtbC5odG1sIzIzdGhyZWF0cyAx MzUgMCBSCi9maWxlIzNhIzJmIzJmIzJmdmFyIzJmdG1wIzJmQ0dJdGVtcDUwNjY3LmRpciMyZmRy YWZ0IzJkaWV0ZiMyZG9hdXRoIzJkdjIjMmRiZWFyZXIuaHRtbC5odG1sIzIzSSMyZEQuaWV0ZiMy ZGh0dHBiaXMjMmRwMSMyZG1lc3NhZ2luZyAyMjEgMCBSCi9maWxlIzNhIzJmIzJmIzJmdmFyIzJm dG1wIzJmQ0dJdGVtcDUwNjY3LmRpciMyZmRyYWZ0IzJkaWV0ZiMyZG9hdXRoIzJkdjIjMmRiZWFy ZXIuaHRtbC5odG1sIzIzSSMyZEQuaWV0ZiMyZGh0dHBiaXMjMmRwNyMyZGF1dGggMjE3IDAgUgov ZmlsZSMzYSMyZiMyZiMyZnZhciMyZnRtcCMyZkNHSXRlbXA1MDY2Ny5kaXIjMmZkcmFmdCMyZGll dGYjMmRvYXV0aCMyZHYyIzJkYmVhcmVyLmh0bWwuaHRtbCMyM1JGQzUyMzQgMjE5IDAgUgovZmls ZSMzYSMyZiMyZiMyZnZhciMyZnRtcCMyZkNHSXRlbXA1MDY2Ny5kaXIjMmZkcmFmdCMyZGlldGYj MmRvYXV0aCMyZHYyIzJkYmVhcmVyLmh0bWwuaHRtbCMyM09wZW5JRC5NZXNzYWdlcyAyMjYgMCBS Ci9maWxlIzNhIzJmIzJmIzJmdmFyIzJmdG1wIzJmQ0dJdGVtcDUwNjY3LmRpciMyZmRyYWZ0IzJk aWV0ZiMyZG9hdXRoIzJkdjIjMmRiZWFyZXIuaHRtbC5odG1sIzIzSSMyZEQuaWV0ZiMyZG9hdXRo IzJkdjIgMTg4IDAgUgovZmlsZSMzYSMyZiMyZiMyZnZhciMyZnRtcCMyZkNHSXRlbXA1MDY2Ny5k aXIjMmZkcmFmdCMyZGlldGYjMmRvYXV0aCMyZHYyIzJkYmVhcmVyLmh0bWwuaHRtbCMyM2FuY2hv cjEwIDE4OSAwIFIKL2ZpbGUjM2EjMmYjMmYjMmZ2YXIjMmZ0bXAjMmZDR0l0ZW1wNTA2NjcuZGly IzJmZHJhZnQjMmRpZXRmIzJkb2F1dGgjMmR2MiMyZGJlYXJlci5odG1sLmh0bWwjMjNhbmNob3Ix MSAxOTAgMCBSCi9maWxlIzNhIzJmIzJmIzJmdmFyIzJmdG1wIzJmQ0dJdGVtcDUwNjY3LmRpciMy ZmRyYWZ0IzJkaWV0ZiMyZG9hdXRoIzJkdjIjMmRiZWFyZXIuaHRtbC5odG1sIzIzYW5jaG9yMTIg MTkyIDAgUgovZmlsZSMzYSMyZiMyZiMyZnZhciMyZnRtcCMyZkNHSXRlbXA1MDY2Ny5kaXIjMmZk cmFmdCMyZGlldGYjMmRvYXV0aCMyZHYyIzJkYmVhcmVyLmh0bWwuaHRtbCMyM2FuY2hvcjEzIDE5 MyAwIFIKL2ZpbGUjM2EjMmYjMmYjMmZ2YXIjMmZ0bXAjMmZDR0l0ZW1wNTA2NjcuZGlyIzJmZHJh ZnQjMmRpZXRmIzJkb2F1dGgjMmR2MiMyZGJlYXJlci5odG1sLmh0bWwjMjNSRkMyMjQ2IDIyNCAw IFIKL2ZpbGUjM2EjMmYjMmYjMmZ2YXIjMmZ0bXAjMmZDR0l0ZW1wNTA2NjcuZGlyIzJmZHJhZnQj MmRpZXRmIzJkb2F1dGgjMmR2MiMyZGJlYXJlci5odG1sLmh0bWwjMjNhbmNob3IxNiAyMTUgMCBS Ci9maWxlIzNhIzJmIzJmIzJmdmFyIzJmdG1wIzJmQ0dJdGVtcDUwNjY3LmRpciMyZmRyYWZ0IzJk aWV0ZiMyZG9hdXRoIzJkdjIjMmRiZWFyZXIuaHRtbC5odG1sIzIzYW5jaG9yMTcgMjE2IDAgUgov X19XS0FOQ0hPUl8yIDEwIDAgUgovZmlsZSMzYSMyZiMyZiMyZnZhciMyZnRtcCMyZkNHSXRlbXA1 MDY2Ny5kaXIjMmZkcmFmdCMyZGlldGYjMmRvYXV0aCMyZHYyIzJkYmVhcmVyLmh0bWwuaHRtbCMy M1JGQzUyNDYgMjI4IDAgUgovX19XS0FOQ0hPUl80IDEyIDAgUgovZmlsZSMzYSMyZiMyZiMyZnZh ciMyZnRtcCMyZkNHSXRlbXA1MDY2Ny5kaXIjMmZkcmFmdCMyZGlldGYjMmRvYXV0aCMyZHYyIzJk YmVhcmVyLmh0bWwuaHRtbCMyM2FuY2hvcjEgMzUgMCBSCi9fX1dLQU5DSE9SXzYgMTMgMCBSCi9m aWxlIzNhIzJmIzJmIzJmdmFyIzJmdG1wIzJmQ0dJdGVtcDUwNjY3LmRpciMyZmRyYWZ0IzJkaWV0 ZiMyZG9hdXRoIzJkdjIjMmRiZWFyZXIuaHRtbC5odG1sIzIzYW5jaG9yMiAzNiAwIFIKL2ZpbGUj M2EjMmYjMmYjMmZ2YXIjMmZ0bXAjMmZDR0l0ZW1wNTA2NjcuZGlyIzJmZHJhZnQjMmRpZXRmIzJk b2F1dGgjMmR2MiMyZGJlYXJlci5odG1sLmh0bWwjMjNhbmNob3IzIDMxIDAgUgovX19XS0FOQ0hP Ul84IDE1IDAgUgovZmlsZSMzYSMyZiMyZiMyZnZhciMyZnRtcCMyZkNHSXRlbXA1MDY2Ny5kaXIj MmZkcmFmdCMyZGlldGYjMmRvYXV0aCMyZHYyIzJkYmVhcmVyLmh0bWwuaHRtbCMyM2FuY2hvcjQg NzQgMCBSCi9maWxlIzNhIzJmIzJmIzJmdmFyIzJmdG1wIzJmQ0dJdGVtcDUwNjY3LmRpciMyZmRy YWZ0IzJkaWV0ZiMyZG9hdXRoIzJkdjIjMmRiZWFyZXIuaHRtbC5odG1sIzIzYW5jaG9yNSA3NSAw IFIKL2ZpbGUjM2EjMmYjMmYjMmZ2YXIjMmZ0bXAjMmZDR0l0ZW1wNTA2NjcuZGlyIzJmZHJhZnQj MmRpZXRmIzJkb2F1dGgjMmR2MiMyZGJlYXJlci5odG1sLmh0bWwjMjNhbmNob3I2IDE2NCAwIFIK L19fV0tBTkNIT1JfMWEgMTY4IDAgUgovZmlsZSMzYSMyZiMyZiMyZnZhciMyZnRtcCMyZkNHSXRl bXA1MDY2Ny5kaXIjMmZkcmFmdCMyZGlldGYjMmRvYXV0aCMyZHYyIzJkYmVhcmVyLmh0bWwuaHRt bCMyM2FuY2hvcjcgMTY1IDAgUgovZmlsZSMzYSMyZiMyZiMyZnZhciMyZnRtcCMyZkNHSXRlbXA1 MDY2Ny5kaXIjMmZkcmFmdCMyZGlldGYjMmRvYXV0aCMyZHYyIzJkYmVhcmVyLmh0bWwuaHRtbCMy M2FuY2hvcjggMTY2IDAgUgovX19XS0FOQ0hPUl8xYyAxODYgMCBSCi9maWxlIzNhIzJmIzJmIzJm dmFyIzJmdG1wIzJmQ0dJdGVtcDUwNjY3LmRpciMyZmRyYWZ0IzJkaWV0ZiMyZG9hdXRoIzJkdjIj MmRiZWFyZXIuaHRtbC5odG1sIzIzYW5jaG9yOSAxNjcgMCBSCi9fX1dLQU5DSE9SXzFlIDE4NyAw IFIKL2ZpbGUjM2EjMmYjMmYjMmZ2YXIjMmZ0bXAjMmZDR0l0ZW1wNTA2NjcuZGlyIzJmZHJhZnQj MmRpZXRmIzJkb2F1dGgjMmR2MiMyZGJlYXJlci5odG1sLmh0bWwjMjNPTUFQIDIxOCAwIFIKL2Zp bGUjM2EjMmYjMmYjMmZ2YXIjMmZ0bXAjMmZDR0l0ZW1wNTA2NjcuZGlyIzJmZHJhZnQjMmRpZXRm IzJkb2F1dGgjMmR2MiMyZGJlYXJlci5odG1sLmh0bWwjMjNhdXRobiMyZGhlYWRlciAxMDUgMCBS Ci9fX1dLQU5DSE9SXzFnIDE5MSAwIFIKL19fV0tBTkNIT1JfMWkgMTk0IDAgUgovZmlsZSMzYSMy ZiMyZiMyZnZhciMyZnRtcCMyZkNHSXRlbXA1MDY2Ny5kaXIjMmZkcmFmdCMyZGlldGYjMmRvYXV0 aCMyZHYyIzJkYmVhcmVyLmh0bWwuaHRtbCMyM1JGQzIxMTkgMTg0IDAgUgovX19XS0FOQ0hPUl8x ayAxODIgMCBSCi9maWxlIzNhIzJmIzJmIzJmdmFyIzJmdG1wIzJmQ0dJdGVtcDUwNjY3LmRpciMy ZmRyYWZ0IzJkaWV0ZiMyZG9hdXRoIzJkdjIjMmRiZWFyZXIuaHRtbC5odG1sIzIzVVNBU0NJSSAy MjUgMCBSCi9fX1dLQU5DSE9SXzFtIDE4MyAwIFIKL2ZpbGUjM2EjMmYjMmYjMmZ2YXIjMmZ0bXAj MmZDR0l0ZW1wNTA2NjcuZGlyIzJmZHJhZnQjMmRpZXRmIzJkb2F1dGgjMmR2MiMyZGJlYXJlci5o dG1sLmh0bWwjMjNxdWVyeSMyZHBhcmFtIDEwNiAwIFIKL19fV0tBTkNIT1JfMW8gMjMwIDAgUgov ZmlsZSMzYSMyZiMyZiMyZnZhciMyZnRtcCMyZkNHSXRlbXA1MDY2Ny5kaXIjMmZkcmFmdCMyZGll dGYjMmRvYXV0aCMyZHYyIzJkYmVhcmVyLmh0bWwuaHRtbCMyM2F1dGh6IzJkaGVhZGVyIDg5IDAg UgovZmlsZSMzYSMyZiMyZiMyZnZhciMyZnRtcCMyZkNHSXRlbXA1MDY2Ny5kaXIjMmZkcmFmdCMy ZGlldGYjMmRvYXV0aCMyZHYyIzJkYmVhcmVyLmh0bWwuaHRtbCMyM3NlYyMyZGNvbiAxMzMgMCBS Ci9fX1dLQU5DSE9SXzFxIDIyMiAwIFIKL19fV0tBTkNIT1JfMXMgMjIzIDAgUgovX19XS0FOQ0hP Ul8xdSAzMjcgMCBSCi9maWxlIzNhIzJmIzJmIzJmdmFyIzJmdG1wIzJmQ0dJdGVtcDUwNjY3LmRp ciMyZmRyYWZ0IzJkaWV0ZiMyZG9hdXRoIzJkdjIjMmRiZWFyZXIuaHRtbC5odG1sIzIzRmlndXJl IzJkMSA3NyAwIFIKL2ZpbGUjM2EjMmYjMmYjMmZ2YXIjMmZ0bXAjMmZDR0l0ZW1wNTA2NjcuZGly IzJmZHJhZnQjMmRpZXRmIzJkb2F1dGgjMmR2MiMyZGJlYXJlci5odG1sLmh0bWwjMjNOSVNUODAw IzJkNjMgMjMyIDAgUgovZmlsZSMzYSMyZiMyZiMyZnZhciMyZnRtcCMyZkNHSXRlbXA1MDY2Ny5k aXIjMmZkcmFmdCMyZGlldGYjMmRvYXV0aCMyZHYyIzJkYmVhcmVyLmh0bWwuaHRtbCMyM3RvYyAx MSAwIFIKL2ZpbGUjM2EjMmYjMmYjMmZ2YXIjMmZ0bXAjMmZDR0l0ZW1wNTA2NjcuZGlyIzJmZHJh ZnQjMmRpZXRmIzJkb2F1dGgjMmR2MiMyZGJlYXJlci5odG1sLmh0bWwjMjNib2R5IzJkcGFyYW0g ODggMCBSCi9maWxlIzNhIzJmIzJmIzJmdmFyIzJmdG1wIzJmQ0dJdGVtcDUwNjY3LmRpciMyZmRy YWZ0IzJkaWV0ZiMyZG9hdXRoIzJkdjIjMmRiZWFyZXIuaHRtbC5odG1sIzIzcmVzb3VyY2UjMmRl cnJvciMyZGNvZGVzIDEyMiAwIFIKL19fV0tBTkNIT1JfYSAxNCAwIFIKL19fV0tBTkNIT1JfYyAz MiAwIFIKL19fV0tBTkNIT1JfZSAzMyAwIFIKL2ZpbGUjM2EjMmYjMmYjMmZ2YXIjMmZ0bXAjMmZD R0l0ZW1wNTA2NjcuZGlyIzJmZHJhZnQjMmRpZXRmIzJkb2F1dGgjMmR2MiMyZGJlYXJlci5odG1s Lmh0bWwjMjNSRkM1MjgwIDIyOSAwIFIKL19fV0tBTkNIT1JfZyAzNCAwIFIKL2ZpbGUjM2EjMmYj MmYjMmZ2YXIjMmZ0bXAjMmZDR0l0ZW1wNTA2NjcuZGlyIzJmZHJhZnQjMmRpZXRmIzJkb2F1dGgj MmR2MiMyZGJlYXJlci5odG1sLmh0bWwjMjNSRkM2MjY1IDIxMyAwIFIKL19fV0tBTkNIT1JfaSA3 NiAwIFIKL19fV0tBTkNIT1JfayA3OCAwIFIKL19fV0tBTkNIT1JfbSA5MSAwIFIKL19fV0tBTkNI T1JfbyA5MCAwIFIKL19fV0tBTkNIT1JfcSAxMDMgMCBSCi9maWxlIzNhIzJmIzJmIzJmdmFyIzJm dG1wIzJmQ0dJdGVtcDUwNjY3LmRpciMyZmRyYWZ0IzJkaWV0ZiMyZG9hdXRoIzJkdjIjMmRiZWFy ZXIuaHRtbC5odG1sIzIzbWl0aWdhdGlvbiAxNDkgMCBSCi9fX1dLQU5DSE9SX3MgMTA0IDAgUgov X19XS0FOQ0hPUl91IDEyMSAwIFIKL19fV0tBTkNIT1JfdyAxMzYgMCBSCi9maWxlIzNhIzJmIzJm IzJmdmFyIzJmdG1wIzJmQ0dJdGVtcDUwNjY3LmRpciMyZmRyYWZ0IzJkaWV0ZiMyZG9hdXRoIzJk djIjMmRiZWFyZXIuaHRtbC5odG1sIzIzUkZDMzk4NiAyMjcgMCBSCi9fX1dLQU5DSE9SX3kgMTM4 IDAgUgovZmlsZSMzYSMyZiMyZiMyZnZhciMyZnRtcCMyZkNHSXRlbXA1MDY2Ny5kaXIjMmZkcmFm dCMyZGlldGYjMmRvYXV0aCMyZHYyIzJkYmVhcmVyLmh0bWwuaHRtbCMyM1JGQzI2MTYgMjMzIDAg UgovZmlsZSMzYSMyZiMyZiMyZnZhciMyZnRtcCMyZkNHSXRlbXA1MDY2Ny5kaXIjMmZkcmFmdCMy ZGlldGYjMmRvYXV0aCMyZHYyIzJkYmVhcmVyLmh0bWwuaHRtbCMyM1JGQzI2MTcgMjM0IDAgUgov ZmlsZSMzYSMyZiMyZiMyZnZhciMyZnRtcCMyZkNHSXRlbXA1MDY2Ny5kaXIjMmZkcmFmdCMyZGll dGYjMmRvYXV0aCMyZHYyIzJkYmVhcmVyLmh0bWwuaHRtbCMyM3JmYy5hdXRob3JzIDMyOCAwIFIK L2ZpbGUjM2EjMmYjMmYjMmZ2YXIjMmZ0bXAjMmZDR0l0ZW1wNTA2NjcuZGlyIzJmZHJhZnQjMmRp ZXRmIzJkb2F1dGgjMmR2MiMyZGJlYXJlci5odG1sLmh0bWwjMjNyZmMucmVmZXJlbmNlczEgMTg1 IDAgUgovX19XS0FOQ0hPUl8xMCAxMzcgMCBSCi9maWxlIzNhIzJmIzJmIzJmdmFyIzJmdG1wIzJm Q0dJdGVtcDUwNjY3LmRpciMyZmRyYWZ0IzJkaWV0ZiMyZG9hdXRoIzJkdjIjMmRiZWFyZXIuaHRt bC5odG1sIzIzcmZjLnJlZmVyZW5jZXMyIDIxMiAwIFIKL2ZpbGUjM2EjMmYjMmYjMmZ2YXIjMmZ0 bXAjMmZDR0l0ZW1wNTA2NjcuZGlyIzJmZHJhZnQjMmRpZXRmIzJkb2F1dGgjMmR2MiMyZGJlYXJl ci5odG1sLmh0bWwjMjNXM0MuUkVDIzJkd2ViYXJjaCMyZDIwMDQxMjE1IDIzMSAwIFIKL19fV0tB TkNIT1JfMTIgMTUwIDAgUgovZmlsZSMzYSMyZiMyZiMyZnZhciMyZnRtcCMyZkNHSXRlbXA1MDY2 Ny5kaXIjMmZkcmFmdCMyZGlldGYjMmRvYXV0aCMyZHYyIzJkYmVhcmVyLmh0bWwuaHRtbCMyM1JG QzI4MTggMjE0IDAgUgovZmlsZSMzYSMyZiMyZiMyZnZhciMyZnRtcCMyZkNHSXRlbXA1MDY2Ny5k aXIjMmZkcmFmdCMyZGlldGYjMmRvYXV0aCMyZHYyIzJkYmVhcmVyLmh0bWwuaHRtbCMyM0V4QWNj VG9rUmVzcCAxMzQgMCBSCi9fX1dLQU5DSE9SXzE0IDE2OSAwIFIKL19fV0tBTkNIT1JfMTYgMTcw IDAgUgovZmlsZSMzYSMyZiMyZiMyZnZhciMyZnRtcCMyZkNHSXRlbXA1MDY2Ny5kaXIjMmZkcmFm dCMyZGlldGYjMmRvYXV0aCMyZHYyIzJkYmVhcmVyLmh0bWwuaHRtbCMyM1czQy5SRUMjMmRodG1s NDAxIzJkMTk5OTEyMjQgMjIwIDAgUgo+Pgo+PgplbmRvYmoKMzI2IDAgb2JqCjw8Ci9UeXBlIC9Q YWdlCi9QYXJlbnQgMiAwIFIKL0NvbnRlbnRzIDM3MSAwIFIKL1Jlc291cmNlcyAzNzMgMCBSCi9B bm5vdHMgMzc0IDAgUgovTWVkaWFCb3ggWzAgMCA1OTUgODQyXQo+PgplbmRvYmoKMzczIDAgb2Jq Cjw8Ci9Db2xvclNwYWNlIDw8Ci9QQ1NwIDQgMCBSCi9DU3AgL0RldmljZVJHQgovQ1NwZyAvRGV2 aWNlR3JheQo+PgovRXh0R1N0YXRlIDw8Ci9HU2EgMyAwIFIKPj4KL1BhdHRlcm4gPDwKPj4KL0Zv bnQgPDwKL0Y2IDYgMCBSCi9GOSA5IDAgUgovRjggOCAwIFIKPj4KL1hPYmplY3QgPDwKPj4KPj4K ZW5kb2JqCjM3NCAwIG9iagpbIDMyOSAwIFIgMzMwIDAgUiAzMzEgMCBSIDMzMiAwIFIgMzMzIDAg UiAzMzQgMCBSIDMzNSAwIFIgXQplbmRvYmoKMzcxIDAgb2JqCjw8Ci9MZW5ndGggMzcyIDAgUgov RmlsdGVyIC9GbGF0ZURlY29kZQo+PgpzdHJlYW0KeJztXUuP3LgRvvev6PMCHvNNCQgC2LN2gBwC GB4ghyCHwJtNsLAXmewhfz9qPdhkfVIXxabUPd6Zwa41lFjiox5fFYvU2z99/sfxX78d3z5+/s/x y/jv4+eDeBC2HX6Oovt9Exeo5kErcfo5NlI/ON+Xfvl2eD4+Hz4dPnX/fz5I11cc/+luTq8Q/e9v X349vB1efhhKPj/+pbv631Ed/9z998vxb3/vCn8a6Z0e+HZoWte1Qwipuz+/xn9KJVrXX3flgv55 evjfh7/+cPz11DD10PSNl0MD4z/fyEaZvkRd1eTnc9UHJ3SrpHXN4nVMWOuxPebYNF48mL573w7a 2K5G92O78kY/qL68GwMnTf+QouXK93+omM7XBfqn4fk5anOrx5/F66TNcdvGce/bHL2rFc3pGtqW lkd9CXS+LtCnba40zgttXmrD0rxsMc7zc/0tKc8b53neWOKltM2TGmhBKFbJljPmKE1rbadOjtIe //vP7i2fetkpkFDZ/8aNGUoWJPT5QsX3T4e3H91RiuPTz8ehBW+Gf56GVr/pmu3c8emn4x9Ojfrj 8emXw0khjQWqL/DnAt0XNOcCQ58YaHx46nqfo3IkdqhTeN1oKtt27DBed7pRCmOPUrb9hWv70q67 shmvvhykdA9Na40W4aZLK7uRbv9sf+37Gse0qvUT3e7q9Gz80tPNsYFT5dDeLx17vf/hskJ9vjAs /XR1b9Fz0yW1PE2Xcnocav2eToYnBWqYDBnN6CN9BKaYEhEfaIHtC0wokEMVKc4lTV/SngsUJTI0 3lJeu/QaS594Rws+UqL0iZkRgf5Cy+AJeA1IAW07VoG5EvQtmkojvAVaSt8iH9mG0XZoYAh+PH5k tQL0hfIh0JDvaikSb86KxNs5ReLdJPDdFVUk/U2XVnYj3aBIvJpTJF4FugoUyenm2CiVKJKe7g6K xDcT630E+aXCmCM3wOJ0jlEJ8HLDayNgLeBX4DVoKdAAvWHoE9BSSmNmyNzqIePVc87MgHzCEPET QZ9AFqEKDDUaNIzXaAXWiL6WV4JSEnPFs4zUrIqjo47jQduBTxTIFDCZPSvSYp1htSc6g2c7fASm psC0xnahvDvq1BstJuSrHJ1eiq20r2SOtBbBHGktZ8xR526NZuN0RczRcNOlld1IdzJHWjUz5kif nJOBbndFzFF/U4mkcmjvHuZIa5ONazP0Bq/z12uWDMwKRCkNM4iAlKtKkD9rAOwCOwFKrqEzAZic V+nrwTIyAGg9FmAiDb5h/BBC94GreJVXQ2Ebq1OpEi01etAZGCGYXJ4f+GHnoRWL6DLcGnbY8bUF jiCvMuioZ0A+tKzFiug6Hpo0s2nze1PgcFdBXyxeRQ0BswnsDowI/a+hDwtkiHU+lqpcxxBaCMIQ IAAsQ+AYwoDQ3mk6dbLlBgSRJrSDV/+8q8GD74K5rIAyfmfczyrqjKDWTpq7nsDU0e0uoG7KISh1 tSJy2tuzC+TdnAvkpxD86Yq6QP1Nl1Z2I93gAnk95wJ5HehqcIG8nnyeUDm0dxcXyE96lYf3GG2p Ege6jVP0uoDwchcQCsJtGU4SH+VdH11DN4IHnlViZ0Kl0l2l//u4YjCGgCNuK0J1jGA7GcGMFQro DR/ThDAvDDNM1T5AinZOCzrdIO0fOI2REavhY9hAFMajQhBJAsDhLRerQXGAqjheTqWMivwAk8t7 L9/RXO4TEIQRqwaJjThDYiPmILEREyQ+XRFIPNx0aWU30p0gsRFzkLgrDXQBEvc3x0YlkHiguz0k NmIymhnZLjUAEA/VbgSRQViBn6lKKIDM5h07QCDwEIpj3Y4lHbm7Q3BvaObSiABW5REh7xBtCHeu xMxSpOJ/N5jpzq1oFUBslMnuzD4oqp6h1ZGh1bOGVgdDq9HQ6mBodWpodWRo9ayh1cHQajS0Ohha nRpavZOh1a+GdkGe+ZaykWGMq7yaQHaIqom8PWfcGDuXcWPslHFzuqIib6eMm6iyG+kGkTdzGTdd 6UTXQMZNf1OJpHJo7y4ibyctr1oKLnhhLMjz+J5iyQqAQQWt8HKivjXiDzt1bhNDs4VNuJjqeJ0G dBHocbOgxwXQ4xD0uAB6XAp6XAR63CzocQH0OAQ9LoAel4IetxPoccG9AA0IGoDl+AzX6DYIZhuV CEkY94NpYKrAWeJjkKBY+CW6LWIlGatYoKz5XA8gyi8NZWC89QNSaX2NCDMwoqJclgFneCvBYvqK qeqm9VNf2FT1UTCvNxtWyWA2rFIzZsOqSb2frojZGG66tLIb6U5mw3bk0Gx0pRNd2VKz0d9UIqkc 2ruH2bDKTpNhKR7hc2h5HMAvXfBJQ5vkrgINlmhGHh4doIzcTl42ef0O27UqbIQtyV3bJYMSt7Ms JHfB0u+VWejSpAJjRjMiL4wZD+lhEGG6N0FvCwjgWuvl0yHCSH+BB1NsirfOQ2UlNSP0nbs/oEos 3JoVqrxgI3TB/pBdckFqzGWNhm2jmFSj0snFPdAZEgKDyBrqGRi9fjYzTFWVpBOvOQHYU81eWgut oCFzZoaV1W2YdVwMPU+EfqQDcKP0/psa4jrq3drF7rJYHhal0Xjx6p0+MSbhVXDfnDu7b87PuW9u Wp84XVH3rb/p0spupBvcN2fm3DdnAl0D7psL/lqoHNq7i/vmw/zdbdSPVWgz6ornX9iwwiZVQO8y lgY22TiDwcV9om18/gOfQ8OmEdaA67caID7rBmwTwHUe8m+UZET0wT6rWjAgKIaQykelbrsEGdtE Qb9mNujXhKBfg0G/JgT9mjTo10RBPz8b9PMh6Ocx6OdD0M+nQb9mp6BfMwGFuzl3LcMjK9jxxUcw 169A4Wo5/xZ+UZpVLJvsGioJg9xIFfNefwE7FJwdxa/aF+QXQOcKJmqTozes8qnCyNhnVZC1wC7Z 1QgkZECVYrhXxX9zoqqg3jReucqx/p3HHtc76xmzz6fU86Eo/pyJKrG5xhDuX5/VlHEAEDAIr5b5 xZoaIJtfIq1h2dYfC4kRoU1Emz/Lab3AoKtfy6Vw8uxSODnnUjg5uRSnK+JSDDddWtmNdCeXwok5 l6IrnegKcCn6m0oklUN793ApnAx5BBCI4pf8CxbBayQFsHtXijKF+M7wyQg8jQIbUSHr6963DF2H hyAwyTu26zdDlAzyPhvVjG9SUcbOVNiXWXCEsf5A52Gfs5juhWMW7F0dp0OvmLpXp+PpRTgd9eCO ieCOmYU7JsAdg3DHBLhjUrhjIrijZ+GODnBHI9zRAe7oFO6YneCOCVlgAw/EyRa8rV7PJvzJoqgk N4nCvorv9uKbccrO+rVcnKgKx/8gIAAaPLhbcLOvBDPOpYKKDYGmQkNglPlQTY0wfQ1mLwgR8CnA 4Ljc9jRf55YF9V68DngLRNnWW4d65t1H5t3PmvdwyqTzaN59MO8+Ne8+Mu9u1ry7YN4dmncXzLtL zbvfybz7EM2A7Tb8ZsiCc9N5Hiiw3bwaKdhdVaATXkHFXYKKjJbyLMXPS8HKdoGrDlyYu0H92h0P baovSkKZfNSx6EBcfsGjeCbqWO82iCrkWMDmWp4ndMtphJIDQ9Zvnc0I1lXYoLlTXkZBPgQvq+yo FzgiRlGOgdQmDQfCQdhks0w0L85Ay4s5oOXD2YVeANAabrq0shvpBqDVzgKtNgCtFoFWG4BWmwCt ge72QMuLu8tE45eSC9Jkq+Ra3mjZqMYCxj6HJfA7QXGDeTUJl+cdCl7O7VDwctqhcLqiEi6nHQpR ZTfSnSTcy7kdCl1poAs7FPqbY6OSHQoD3R0kXC2raLQEBZjlVdQYJPz6XSPyxI2+7FLjmGv+Iz0b SlCVHQpnfTAD8oEzFz7afsndBqPAf4Kx4FwLeG2Bf7L+i8HjgSlV3C+vQ4wrY7sopNvyn1co+DJE QRR3s6VPbyKDbmYNejgS0Rs06CYYdJMadBMZdDNr0E0w6AYNugkW3KQG3exk0G2+ZN3P5pHXCGN9 C1eQT0ZbWvIxswqm9wV9YbZ4PfHK5dOWCDu/YRybWmEDTj117qIIjJuNwITzHb3DCIwLERiXRmDc OQLj7VwEpiud6FqIwPQ3lUgqh/buos7digjM3Z5h+nrU5HqF9nrU5NNK57OeS3elch5O/DmL7u/r iyov45z3K0/J9K2emsqekqkjt/AqI9lIH4xkI5sZI9mE0yyb8TTLyNINN11a2Y10JyPZSDtjJLvS QNdSI9nfHBtlYyM50N3eSDZKTpMBWZZgAvkPYq5fmARphVXGDDjGH3m0xQGOStMn+I2HoJv4vvDm rWCb5b2cb8ob0dfzTXexuybVBgW+aMaZx4DDK7ByyfFeua5nlXBko10+ult/tFUGl/GRZDiq7k7C TBlbLr/rMNNtDgvZ6phhQcRBsqZu/ZkkBfvUMjimIDJXcJwKr/wKJnf92YbZjmwd9WiDzSlw0zP2 NfM+FThq/PfU9wlcYEiFTfu40dnlkKCylLFSw4NswkfaszHH9R5kK3TwIFthZjzIVkyeXjt90Pfs Bg43XVrZjXQnD7IVcsaD7EoDXUk9yP7m2CgZe5AD3e09yFaEj15YVn/xZ7esP83jVqf1805FjeS5 AssDCo//hBfrYhedZMoGrzIA4L2Y8/W7Q15txFU2ImilByXGn8XrRJVnPM+rwpUv7RVlp6Ht7DH2 /X7N1k96chTQ+PManjDGCHSAD8ARgt12bpkxxmUwyC4A1RG1bOSddrkA3juK26WFIVqwVCXbahfa NbE4XbYbi5SPs4HLLFGpTUrVLHwqXLE8EI30O1rgScGo2COi1EYrcOzfzdvXaD8+2PlH2g7gCdqw tafDX5qpDhptMFOBaslMfZw3H9B/cKmiJxYUbF7v3ELvWt93ThMGibSGBxUAbvpHMv+jGYMTG6K2 R4dJigfbjj9BfudQdzcPp5bKB3vStt1sGx8XfD18jtR1SjK1B/g6RvcvE7s4thPn6OWx1B/JWJr3 ZOjMI6AGoAITMNpv0AwRe72nYm5pFfqElnQSW0rUzeOIC0RltEl+K8W+OD+i6efHqIn5Fw5ShWDJ JpxtdODsU6rMueB+OTuMnPyR6gTgDVqg6Bo7DKXxXAEwrYSsKlBFlItx1Q7UGbwFZIV2H9ohFpIw LrwWglsogFSazA7StPhxpsH42lKYtBBTMNdRvYQTwqdHq+KE89eJF1b3LuCEcZURfKaIFw0lCpgP sMaCEq4yho3cYgzPVGHIAElC7wBaOvaJAqJQpSIaOyfE3Dsaa02wWU7GBfdrs8LgokpmYZQCM0e1 OBhCnB+AYtAOaipnMCB4aTUY42XiNxl2Vt8Uv0nhzvhNxgV3KwvnkbsRfqshgptIHEoCZXwgCiJ5 ezAmZSnCuQTGyqleABJSq5pEp6bqRdcOcJOCaBpgD9CGEAkDLgHcAKEhiPPw+G0hvFZlHozZYh4C VbUQmbg0QnQMx5W2SwNCC0ZgXQOdyeCL3Ds6k9ZPFkm2Ni64X4t0dvRAR1OFi6gIHGQIr71QhOOm 2PNtEY5rJ37S0sYF98tPYeRuFaFi18twAQ14FL4jSLUKZicDjmLFCUNWrGhkACuoAhlbxRIZqdkY anW/x+eOhaTreWH858u3UuE9GYzLDxw/Hf4Pedw5TWVuZHN0cmVhbQplbmRvYmoKMzcyIDAgb2Jq CjQyMTkKZW5kb2JqCjM3NSAwIG9iago8PCAvVHlwZSAvRm9udERlc2NyaXB0b3IKL0ZvbnROYW1l IC9RTE9BQUErRGVqYVZ1U2Fucy1Cb2xkCi9GbGFncyA0IAovRm9udEJCb3ggWy0xMDY5LjMzNTkz IC00MTUuMDM5MDYyIDE5NzUuMDk3NjUgMTE3NC4zMTY0MCBdCi9JdGFsaWNBbmdsZSAwIAovQXNj ZW50IDkyOC4yMjI2NTYgCi9EZXNjZW50IC0yMzUuODM5ODQzIAovQ2FwSGVpZ2h0IDkyOC4yMjI2 NTYgCi9TdGVtViA0My45NDUzMTI1IAovRm9udEZpbGUyIDM3NiAwIFIKPj4gZW5kb2JqCjM3NiAw IG9iago8PAovTGVuZ3RoMSAxNjExMiAKL0xlbmd0aCAzNzkgMCBSCi9GaWx0ZXIgL0ZsYXRlRGVj b2RlCj4+CnN0cmVhbQp4nO0bXW8bWfXaSbvlll22C6wQiOVuYKUWzTpLy65QC4iJM0m8dexgT9Lt E4w91/a09ow1M04aHhDiBSSQ4AEQH+KNN34ASOwbvCFekBAvoH1YELwhVloJpKXlnHPvfNlONk3S DyTixr5z53x/3TMnLisxxs6xr7EFxprt5ctvvfq9n8LOt+F3pz/c79370PonYf0X+F0bSMftvlF7 mbGSAdevDGDj/Gee/Dpcu3D9icEovnPuY+wPcP1NpDoMug77OPsgXH8Xrs+OnDtjdoa9B65/CNfC d0YyfO4nQLv0S8Y+9zIrLX6//DpAsDNXzvwIdp9Tnwt/ZL3yM4yVz59bWDi7WC4v/o1V7v2evX2P f+LLl4AS2+pZLhNM3Lt39gN3P1D68ROj0ptfZqV7oBn+lFnv7g8We2d+Blo+wdj7Lzx/4YXnLzzf W2TvRAsfeeevd3/wxFP/eis8e4mVWFB6vfxm+Q20x/sBJijH//l2+Y27f0Y6JfX761/8+Ddfet9n 32aafOEn4VRiZ9M9wHlidPejjD3N7nXudRZ7RCn/U178HesttFgA6w+CzRSvMjAoJxRmfj5c+ny6 /8PSZb0usfOlN/W6zBZL/9brBfZ0Wej1Iqzben2Gvbf8Vb0+y95X/rlen2MXwApqfZ59dOFFvX7y mZ9e/IZeP8U+fe07ev00O3/tT3p9gS1eews4lhbR1y8Rd1yX2LOl3+o16Fb6h14vMFG6q9eLTJQ/ pddn2IfKrl6fZc+Vv6XX59hS+Vd6fZ5dLf9Tr5984erCdb1+ig2uvaDXT7Nnr/1Gry+wc9f+zqpg 6THbZyHzWJ8NWAzRc5F12SX4vMxegtcVWHUAQrAVgIlZBL8hk8xhI2bAbo35AF+BlcmG8BKsldKK 6ErCpwScXXh3AZIfgesrKVcbOO0Cr1uA4wM0yuEAzv1xXIXVLcDbYROA6AKsQ9QkYTikkQAqPryP AaYDdD2AE4AfAHeH7nHGqsF4P/T6g1hc7F4Sl1966Yro7IsVL47iUDojQ9T8bkWYw6FoIVQkWjKS 4a50K3wG9RVEtZ3d0a3A74sVZ3AA4qq85exMRHfg+H0ZCSeUwvPFeNIZel3hBiPH80GyooptUjCC bYXcdny4WAFlhqASWwmG7kEoIgPLIYtjo+yQLyKwYED2vQweuQIvtiPDyAt8cbly5UqRckL3xWm6 SPbFeZL0iLgKgFiHZyJLL/DBnjG4h1GQxODiq2wZXq6msQs0KoAbwGcIbpdEL6QAqQBdCThsEMfj q8vLLhDdnVSiYBJ2ZS8I+7LiS7i9lpMgCagkqGdTB+9hkEoKdAk6BmwPYDGsTydYkdI63NkHmAFh enBvTHrFlBhotZAwMJWQ6u6UJaf1yJJxUkjGg7Th8JqnuwoJB1Z5q82WBQ4RcPwXP1KpOf0CN9/f mc4e3OG0imkHo3BEtr4NewF44N1kQc22iN6IqGXJ5ZFMA7ontV594uJrrxva78pbipuKMRXvBskV kPd9wh/rBFYcAqAa6xjzdBQ4RENZmmuaMUkxHU9dgsM4VNQTCgitZFexLCn/Vewt5aJkiTyHuC59 RiRXF3AcrR+nLOhChI6ISkx3Evv0YDXUmXQxlTHjgDUN5Y8hflX0I8fMJrgzpqxxgUOXsBNpXNIg pljrwN2Y7ioe/BAOhs7mLkg2ISrKJnsUAwOqSrG2zIj28holOoSFqFTSTsiGRs47uB6RP5Wvea6C RIBtHKCHkeq5TBVEEGWVD4q2p61a9P7hWieWU9KO04iOSa4s6jKN9sgeoyNxSLKhR1Xd1xrKHEeX 3pGHQZ9oiVsA0SV6CibxX49OIlXZEg91ibdLEnta0quUnbaWzgGKAVWGzAf5WpRZYLYS+AAf62yI CrBJrmQWy9eAPJ4gnR2SnFNtLsaasoY6S5xD/BnQKSi070f0mdWPo/gippMIT1ZHa1QpWOowXLTJ vj5bFHe0eY9kdHUkDSlOw3RHSYo2dXM+z0ddcoI6dCJ6VDOGdMVTjVySFP3l56zRL5yrilNSQx2K HhW7CY9p+0TvqlMiJdcaZBHmkI+OLkGRz7Q95slmaH8PCc87oJrz1Dsh1VmH6kpGN9mJ0ohM8mX6 9JC6zknSIuG0R1q5hL805zxcSvWexuBwLzltl3JRpnKmPnW+dCjfg5ysE50HSZzswl1vjsUku0N2 9nUmj+GlTi+HKqpMMfJ+VzInO3xupgyowgv6jLSMkiLpoDhJat282u3SSeCT3/P2mmdVnrNc3ofH zdVI9+9Ca5JkW5JJ2DkM094j1BhFimOK6Nvw3tceU+chRhVPq+qDrFQHa9XRORLr87CXWmqDWcSn yRpwhXyacGWzG9BHtuheDfYE9HEtuLMDV6uwu0p+MekO3l+ibLwBa6TYZNtES9FowTvSvgk7SFvQ NV5dB/gG0EJci71GPCyg1gbJmrBG2puwW4dPS8MhRhV2tuEa1+sMu1DFrwFYNuUO4qEsSlIb9jOu RalqxDGRbBOuWkB/Q981gXaN6KH8BvVHuG5oOZXlWkQdbYSUkWYVJKrTFe5uw+cWwLXJnibprKRt kA5rcF/pYpEEyhNKoip8bgFvhFgHuWyyAnKyNaRBfkR9VgkfuV4nKCVZU3sZ1xmViralkgPtv5Ny bpP+dXgJ0t+GHZt8YwL9hG4SO+tEAeXmZI1t0s8kOzSJwwrBoRXRnvU04lo5r1TJXug3lHyVOJlk kfZcTRJqee/Miw6eclgn/SyyVJ2g22BHC+Br6Y6KxxrpWtW2VjRV3KuYqOesWyUd0bNfBK6WjimT bFfUAv10g+TPtFAeMPV7NWezzPsN7d1EHps423OscoNy0SIok3zdTnNkjfJ3U0u+nUZYVgO2dXw2 U8mK9k3yKIE7Su1QtBLeRQ+uUjzVtYTt1BoKgh9CV9UuC861Lj3nxGndLp7c+a4x60bzfaeRq7X5 TkBV4XWCHU3BZbvqaUmdWdmzTr53m/eEnTwdq14+6Xqz7kPVbvVMlO96XerPVQ8YpV1JQH1gkHYm e3Q3O9PHenYSFJ7zkLNDZ7+R8krOooyW6isd6haQWzTHmgefUHzmyXBM573iskfrWHcmqN9Ew+L+ V6aehpP5z6wPxFwfJLrM6xzy9g/J32P9LOWRhbGfrGi6IUueyzKboAXU3G005fUs+pDaVTY9VUAb 9HOSu2RrztQMD3lyqlfJjOvRT51Oe8D9OM2DeGEeNN15Pbh5EJ87DxIPeR7EjzQPKnby3ZxM2awj gTzaBHXehIU/srmSmJkr8f/PlXJzpWzC8L85V+KFE/bRzZX4nKe1x2GuxOfOlTKNHs5ciR8yL3g4 cyXO7neulP3V6TTnSlm+FedKB52+B0+X1PO56iQet+kSZ8Xp0vzpxsOZLvFDrCtyFny8p0ycYmy2 m3n4Uyb+GE+Z+NSUKXvWfZhTJv6uUybx0KZM/D6mTOKBTZk42WAHqL5K0iprm3D/4c2O+FyfP6rZ EZ+ZHYlHNjviB86OshnQg58d8fuYHR1G98HOjpLKevCJMjvx4ceY+OSnNKc58eEnmvjMPrMdb+LD cxOfw+YOpzGhiWfof4FlkwZOfPCqwtgafUELv9eG34xLv0wnLkZSio4cBnuXKuII34KriPXh/ngQ CW80DsJYuqIXBiNhhnJXfwks4UHfupuob93l2XCecd+RoSOUaOlX9/iLh/7w2S/5Hfn7gWKKsxdx R8Sh48qRE94WQW+aCudbMhx5EX2HzovEQIYSePVDxwfVDdAd1AI0sFjYl4aIA+H4+2IswwgQgk4M FvPABI7ogtAcIOOBTOzU7QajMYAjQDwA6mBl6UdgvSUyydIlIOYKJ4qCrucAP+4G3clI+rETozw9 bwhOuogUCUG0g168B+ZfukSShHIcBu6kK4mM64FiXmcSS5SBFxAMcHN3OHFRkj0vHgSTGIQZeZoR cgiVKYHsJAJ4VMcQI4lacwqQaGDkeBjIczkIRSTBDwDtgaha/SnWKByQHaOhY65MR4z2BhBYMwjo ht4k9IGhJEQ3EFFgiGjSuSW7Me6gfr1gCMGGCnUD3/VQj+gq5zaQczrBriQNVBSRAGkQ+EEMbojU LnplnEWAuieigTMc8o7UVgMxIEucgp6BD3ERilEQyrlqi3h/LHsOMKoooYp3R84+ZAugu17Pw0Bz hjGEHiyAqOO6pLkyHSaoE4Jck6ETcmTkysjr+yRGX+UqIGGEOl0gEiFGIk80zQlJcmBABnOG8wlo nESOjBqI5w/3hZcLc47qhBK/f0+wuIjQkOiXJD0kxJwMCWkvCN1ILKV5uIS8kxt8CdN2iUwGnqnr fOlIyCSkOgEfoE12Ay8VTN6JIWOEMx5DejmdocQbSnegjAueOWXgxGLgREBR+gWbYNRl0e2Kie9q gTNROQmnNDzMq1EwxKwmt6GTHDHE6gG5kgCOne5tpw+KQR76AcdQvb+gKrCCggUiymEPhdqwxFqz YYt2c82+YbYsUWuLrVZzp7ZqrYolsw3XS4a4UbM3mtu2AIiW2bBviuaaMBs3xfVaY9UQ1mtbLavd 5s2WqG1u1WsW7NUa1fr2aq2xLlYAr9G0Rb22WbOBqN0kVE2qZrWR2KbVqm7ApblSq9fsmwZfq9kN oAnCtYQptsyWXatu182W2NpubTXbFtBYBbKNWmOtBVysTQuUAELV5tbNVm19wzYAyYZNg9stc9Xa NFvXDQHEmqBySxBIBaQEGsLaQeT2hlmvi5Wa3bZblrmJsGid9UZz0+Jrze3GqmnXmg2xYoEq5krd UrKBKtW6Wds0xKq5aa6jOgkTBFPqZObgiLBuNayWWTdEe8uq1nABdqy1rKpNkGB7sESdxK02G23r i9uwAXAJC4Pf2LCIBShgwr8qSUbqN0BdpGM3W3Yqyo1a2zKE2aq10SNrrSaIi/5srlEEbIM90XkN LS/6CPdmowOgEFsruGqZdSDYRjFggxdgIbqsO105jjG2dXKr0khlVNVOg6JWFQEI4XUfElft0RKO JcgsOnVUdcsObDyODVV6qXxAdMNJpEqvuyuhAkZYSoKQB1hM9ryIMh2OwFGgzjwROUNgBliYRQQF tdIZAlqUillIKJ4chuPQA5S90IuhmAhnAruh9xV9DIf6mCINRKYBcsmKg5I/lNEYTilvVw73KwAb 4llGknh+LwhHWnUyXze+mrQKsegTcTeIeRD2K4Jz6rhO3Dod9f9HnE4fxFUfJI7TB/GsDxLH7IP4 bB+ki3yXKEXJmTGnQc0aFn6SXkkkvRJ/PHolrvzwwHolrhL2RL0SP8VeiWe9kjhmr8QLfcExeiV+ UK8kjt4r8VyvlE/fQrsE5zkUidNql7hul8SJ2iVeEJeeG0+7ZeJ+IE7cMvFTbZm4bpnE8VsmPt0y ieO0THxuyyTup2Xitrmz+WoTxTY3jtUd8Uzzk3RHPOmOxEm6I57vjsSxuiM+tzsSJ+mOMFgLiZI2 PvzAxkfcR+PDD298xBEaH06NT7F3ePeGJk7gv0BNA6/AR+Uk/2dwmeZ2t+F3mWZnLv1Vr0J/Xx3D XvGvhYf/D8PlPe+2t+xBsbpTGQ/Gy7piHus/fjL2Xw11pMdlbmRzdHJlYW0KZW5kb2JqCjM3OSAw IG9iago0MTgyCmVuZG9iagozNzcgMCBvYmoKPDwgL1R5cGUgL0ZvbnQKL1N1YnR5cGUgL0NJREZv bnRUeXBlMgovQmFzZUZvbnQgL0RlamFWdVNhbnMtQm9sZAovQ0lEU3lzdGVtSW5mbyA8PCAvUmVn aXN0cnkgKEFkb2JlKSAvT3JkZXJpbmcgKElkZW50aXR5KSAvU3VwcGxlbWVudCAwID4+Ci9Gb250 RGVzY3JpcHRvciAzNzUgMCBSCi9DSURUb0dJRE1hcCAvSWRlbnRpdHkKL1cgWzAgWzU5NSA0MTIg XQpdCj4+CmVuZG9iagozNzggMCBvYmoKPDwgL0xlbmd0aCAzNjggPj4Kc3RyZWFtCi9DSURJbml0 IC9Qcm9jU2V0IGZpbmRyZXNvdXJjZSBiZWdpbgoxMiBkaWN0IGJlZ2luCmJlZ2luY21hcAovQ0lE U3lzdGVtSW5mbyA8PCAvUmVnaXN0cnkgKEFkb2JlKSAvT3JkZXJpbmcgKFVDUykgL1N1cHBsZW1l bnQgMCA+PiBkZWYKL0NNYXBOYW1lIC9BZG9iZS1JZGVudGl0eS1VQ1MgZGVmCi9DTWFwVHlwZSAy IGRlZgoxIGJlZ2luY29kZXNwYWNlcmFuZ2UKPDAwMDA+IDxGRkZGPgplbmRjb2Rlc3BhY2VyYW5n ZQoyIGJlZ2luYmZyYW5nZQo8MDAwMD4gPDAwMDA+IDwwMDAwPgo8MDAwMT4gPDAwMDE+IDwyMDEx PgplbmRiZnJhbmdlCmVuZGNtYXAKQ01hcE5hbWUgY3VycmVudGRpY3QgL0NNYXAgZGVmaW5lcmVz b3VyY2UgcG9wCmVuZAplbmQKZW5kc3RyZWFtCmVuZG9iagozMCAwIG9iago8PCAvVHlwZSAvRm9u dAovU3VidHlwZSAvVHlwZTAKL0Jhc2VGb250IC9EZWphVnVTYW5zLUJvbGQKL0VuY29kaW5nIC9J ZGVudGl0eS1ICi9EZXNjZW5kYW50Rm9udHMgWzM3NyAwIFJdCi9Ub1VuaWNvZGUgMzc4IDAgUj4+ CmVuZG9iagozODAgMCBvYmoKPDwgL1R5cGUgL0ZvbnREZXNjcmlwdG9yCi9Gb250TmFtZSAvUVFP QUFBK05pbWJ1c1NhbkwtQm9sZAovRmxhZ3MgNCAKL0ZvbnRCQm94IFstMTczIC0zMDcgMTA5NyA5 NzkgXQovSXRhbGljQW5nbGUgMCAKL0FzY2VudCA5NzkgCi9EZXNjZW50IC0zMDcgCi9DYXBIZWln aHQgOTc5IAovU3RlbVYgNjkgCi9Gb250RmlsZTIgMzgxIDAgUgo+PiBlbmRvYmoKMzgxIDAgb2Jq Cjw8Ci9MZW5ndGgxIDY0ODggCi9MZW5ndGggMzg0IDAgUgovRmlsdGVyIC9GbGF0ZURlY29kZQo+ PgpzdHJlYW0KeJx9WAtYU9eW3us8EsAnjyQiYIiBRMQAISQhhLeAgDwjCPKSl4hKREWkiCCIFpVa tT6wrQ/qqEXrWNurba1Wa3tnnF71Wscy3H7eTuvt9dp+39Rp7+f0tkAOs/ZJqNivMznZ5+y9z36s vfb6/7X2IUAIkZJEwpCI5Q2tdY3/Xn8UazYRIkusX1ZVW1eaocX8Fawz1WPFpIVuqVh+guWgevv6 57y3+ywlRD4Dy983NNZU/VPOkUOEKNywvNFe9dwaHDkRy1uxHLi6yr5s9odRGiyfIAQuECABhHCf 8IMoAQGVp3ixPnBxpAB+DwZuEMgYGQnFdjuwXQG2m0mINzaKMplMZrlCLpfLaEmr0WhnS6SeO0Cp tOZHVujdJ00B5Vp9Z9rKY1Z+cDiUORSWZ1EBzJ/mFxrlKGMe3q6YEwpLljBqXLdu7C5n4GqJmsxD KUwmY5QGB9RoJfiT+eAchkg6nUoiUc+mb7Rmk0FOJ1dweoAZ3jGX99taP9iWmtJ9paX8xPOVvsJD /7U58ZWzZF4MN/OaqVTlLePhjqdsku2gta8jFGDR4f/c+fxn+3L0FVsXzU/Xh/sX514dBf1cZaYZ 5ckfu8N/zz8mfiQc5ZFwUiqIQiKncwZzZpTFZNQwKAgrp3X0LQqm0RipVljl0TFSYcg2+wH4mbMN 1yAB4q5HZJtmgb2mRjhS0ddgAbDa+0or+uwxMfY+/jHU15m79/fbCl/b3xV1l2HuGjr3H8l/E3Sr V9QJP0NG70et669sT0/f8WFL84fbM1FCIyF8v7hrHiihtwrw8sY/x1RDrGNUOOv4DmJq4b7Q9jHo hHt0B0AHhEnHnWwZ+5Qr4GzEmxC63VR4iRkzPnKD3GSWcQXCA6a80HAJhAfXftfYH8fZHFm1RbPg BnNjVHjvBiwu76Z2M/YpU8/XEgXOr8beapnBkwnGAYwSiVai0Zg9DUz9MeHBrl0M+OnytbJZUwOC ZzHHOCuECENXHcXCCMCkyZ9wLICHNoMpwTHj0MaU/E0SQm2RatmlapctSCUKFarYjCr3EYv0puJ8 HS9PDoqvzy/vyFTBgi3vrGs6fwmABa9VtUvt4J/zUkv5pmwty/4ZiF+kNdea0rx648IVp1uTAJIv f+OlCt+4DaDNbl1a0VKQ8FznqzUoSTdK8A6EEtaJCnhHuA0GCBUGUfcxqD81SikjkdQ6UA5GMR2N kWrP5CnahVS0TsSGS041tVrROnBFTPiG68kJcbA88VbXhmspbWAwJN/abC709/CcLJF6TJHOXBLX ZFTIefep7jNK+JtQWVIg/OWu0HlyxWoorzgBB/8VfArrVz+CWLNvvn1rRsKG5Tmy5PnQGD64P2Hj yrwZyWkE5UxHVO1CVHkTrSjnM1iiOpX+hvUy9Z2fvJiR8eLNzo5/250NkLnr1uaYytRgAE1qpcVa mRoUlFrJ1UL+oT/19H7el5vb91lP759fyfsbRJV35+d2lUdGVnTn5XRVRKEWu1CMH1GCaS7OMETK FZ4aNarE2AXKUdmcAF+PZf1hnG3kHJM1ynOgZmDjms9RdmQbGED7ZifyEgwID0BJE+3BD47hKxJK CHsVrdmdtpOpQKYyqoA9O3oCBMcX7D7HHQZbf+Nof/SI6aZaiUat6FGmOSSakGBqp2hcgaxoboZI 2bhZ4V3hQzc10iyRK1Qg6sioMZlFkzRzeo0/wMMvhURf8OF8wzNMp2CmfJoi0GpoOnkccvTPL7zU B1NkYBZOQbN9YT5kLan2D1L4TFUHxoYydafPgNA1N0bt2Rigm+zm4eYh9Qk4u29PQaTpaGiYHK50 PJ+WkJDm7cW5Sd2lTk1yFSi1l1OTlHsp7zpZlyoT2la9h/fr59f0x4r6PFTdzDD/4ljMPHz3BhSX 9FNdoV/gzqNW3Z/qFLV6k9nlaGIejnwDBqYbCNiADFPGbyNEckhkZRfjU+BNzDhnF+8oRBso6yrS F8EvD+bSqfrDCXMPL4/IX5nilGlZE0B2skP5NMdOfe13TG5BTgF4mW07cFbkM4kK93MyshOoWJb+ kdi8uUcQIwwNnBIeDJwXhiAaNG+d5Gyjw6yEppFz7OTRJ3SNrbjGalzjJCyICzQjN+L/ELWbdeAG eYIdWoX3mROsHklxZbvgy5yH42gZj9A8/LiQZ22O8RNuQRRNFP1ciEBtcmBsjKe+UE4CKVcZVHIn U5nRb4l8hWhXo9QiutQqT8/x3ADTv/mdFJVRK4O29tVLYUFC8ulmRx1SS86KRoDGFcLb0NiIqmlq FPaC0eKXUVgStvrthSl7lmYfiIk2jhEosi0qBJvjHNRULK3G9b46dpdHDyvysKcPpV7K5RK5aLtU LKMn57Zr90svAFLYgoX5f93Z83VB5gJ+cHRyz1aArT3sk9HJHZeSM7OzM5MvdbBPcEwrYiQEd96A Y1KiULvIQ+Q0BY+8Rn2G6IlVcg4hQpeupWBC24hUcB5MSvubjatOb4hTKqfM0lpCYLExFNbWRBf5 KWa4CY8k4OZ42BaXCp8LB6yhzJLsWyzzuGhHlREMVT0FlrLAaQqZfNJKz5DAKAvIvKeFzXv3/erI 3QWDSSs81bN10XCAIjlNSEI/RpEci3LKnoopUjGKJHNRm1Ylik63yOzJP0t6Zg112SlJB8trX980 P6Hl9eXheZnpIRCcWBK1qH66MGSMTrrSOXxrATiGo0pTNMiDKWXmqMI4alTxiznbmapSKDn+eeeW e335MC04PvxgVH6cMikxsWaeyQhw5FAN1/IFmJZ2ZWW1F0dEFLdnITkaqfxW9CNlohXNRVtXiYCa qGnqT8QAQ/arACOOkqDpQF3tmY7UeEvMjpqougOmH0xFiUEQlFgcZS5JVKkSS/hBx2NbLpQc+6y9 aTAvf8EMyFnEcmCo6MrJ2lQaoS/dnJ21uZxuMY0BmS6XDamNGgpv6nQR1zIZ9esq9OVdZyDXK1Q2 N3XOlD29r74KyjOc1V6IfpYZYhiAHb3PXx3tZttxNCMMMNXMlXHfyVQ77jE65orwX65oMxPRLRlH NzC3oV24+9V/C3ehG/E8xIaMnKPaaUXtvCLKNFfkHyNuoMtzaTUaV7jp/XQzx7XTCsrIgytqBtrT ARLMATmlNfr6g4YfooqTggCCkoqjGquc2hkOXbsoB4qPDm5eM2ibkxQ2E3JtjJejHwzlm7OyO8r0 0NuVv3BTqaihVESEzsmFMB6OsJKJkSkFQxTFm9mEYanOPaPt9PL2j/4AkLrt+qba1zuyJwmP/Svz GzdCgN+M0oTFFb7Mhdr+NVaAvL8JD3f8aV+2tbG/dlU5wMUTub0GXQRARQPOnIz4no6xKBVDDIu1 T4NRtBKpy8LlnCrSyUAaragfKgkNkO8bjDlP+nvu7V0IEFb72rq7fVuAOfbCkTekwuBUiIXAPQ+O LYLwF//47aLGBAxZt7e+dNSdm1q3L85WBBC/4UxD0dbKZFmIf+2SyvqO1h9Gk9ouNBVtPzBHN1Wt s4YU1gC0rEM5e5C3jbhfyNuUbkXPIoZO78MU5Dc3MAh6YVj4u4Ag53pHmmniB0fKuBPobLB/Ca6z Ddc5V9SwVhNE18nIfLwm6FgqIlYMoyJFiCj4Zrew8CLhyev9jrfLy94aPrLzryer3IXB6W/sLnmh ygCG2j1leZ3zFPJpbuz9it74da0A9tvClxcvCl/eXJW1949b9r5Md6it7aPt6XjyUJp1FAykRUjm qO/zJTqXLxg3vyjNBANU/AY84SD1NIY+tMFNC8BLGeoXkF1arV/RZ/jBtCQhCIKTiqJMTohytp+/ Z5LKi6HoyNBmS9PKSq0mAe2wtNTihGlHqV5f2pmb1VlmQA15CfFcDmLHDyWiyJHJxOBSo5WhbHJX sGwGVvvwifB7OAx+mVmeqpmzwmf6WgrmBOjUai+4gQi7zwaPdDGSkPlZALz7EM/jY9r0SarwtEg+ gO5EL54tMp1RgshK4vI5BW7gbcd5HNmAvsON/Wk4lHNzngtdkZozUhZjNIou50ishD8r+lN6RGB4 GTwC5dVUYTv77aiCPys44JozuoELE8a4QKNt1xjUF6kw2sZoDUS0/wJ4SuvjxjHueEV44DlBphL1 IR4V1Gq4EhwxO8AnHekq0JIbdmuK8G1q54W1TZe3pcP6jTVlkNR6ekXHjfjFDHiAx2SfssTF5YBx wQ6kN56TN+Xp82OU8JfVb7YlJbS90dBxLjZ+X23JS8ujAQpyV33oa0n1DzMD1JTcp7aDJ2t+Ja4m SDwfqCLxFCCV+MhExKqM1OWIP62JBlAYJ3jSAIHas0IMPrUwBJXV5UiqnLvPNMgImgUMN0kTHz17 FGJMtVdGv0Q4NSWm+ZsAAnx9MxKZvMVlPnOUkZ7GzOjwmWavaL2tY29dqL/nUvAqPmypGw5l82Cb pzxiuXkRxm0gRsFo3yVo36LvQd/pPGpLXMcWg5zGEPxv+R5r3e1lp9tTwDPM4pddUmX4dBkoHd// 2vdwthMXAZYc+Y8O6/rXskISdTPgouOaZPoXEFm+NRfdz0S7pvaWPDFic17cVIy7/uB4m9oCc8pB /dldJnw4lDmFfY6jHxFcfZ52UcEgc9NhZLmRT7iy0aGn0ay45sM4z3SRoWTivricybj+8aymhTuw ue7khkSAf3zrsKOela0bNrQyPilbLjV99RhQkz5wfc3adY14lCZFY3v5H5GxlMSEJwnxpOokB1Xg Mx8M0I0rzCBVTNSj2em4pLwtODZ0RoApJ+K68LFw/VpktikAt9WUHXkd4ta9t+T8YceDw0eDl0ZU HLRbYux9FeV99hiA+fd0z+08kJV/dH+36c4d09an3w5Abzp1imFOHfDxHv9cgIe47dc3XN5OsY3c IW12svQz0TU/BEeF97/8u3D30TfCZTgFPk+GkZ37ucqR41wFQn3XSBPVoR71rkNEe5ApznM/nrdo eBCsAk7XJ5xzfMekgbJPyBS2QRsTzraP9vwgXIXk7xg7zq7C3unIYJNEH0GnpnOrmCGoFwbeviAM 4HMPFF+5DMUYMQRjMJzjuO+4B8XCAPY2IxOoce4gunv0wGYWqUAqur9nDraUmr1VSDE/dQEjr5xv bwNm06qldZzwENI2n2tout6L5JfcerJ2QUt8OFPMnx0dMlqAeWnblt1QuqTqyJrYhb3XWxrf3ZYJ c8MgnK48CWfXIg/pSLwzBtC6uMYJHEpLz8zv+nxBHRX7zCkb67mpk2bIplg/aNk+OF8VFjAZ9NGJ g90N57sWoMdtfLV8SU8SMrxE4tNUnGLz/2RZMwOquPwwA2WhYhtXnZI8R5aD3nm93dS8/Xj15eHC 5Y2w8MWPn1t+DqEZmxqdrFHOqLFDXIrQyuxqja3K0ASnVVpb7Vq6kjr2Y7YWbYB3ocfb4O26dwkP bU2L4Wvhb7Z1i/lB4UfhJ3TcHs4ngbF7QjvXP+ZBeZrHszbXP2Lgbv+4C/cG7YLX4ZjOuI4GAKyO IcJN4X3hgnATfkJbOszVOj29Fa3Agvvo7cSu5OmnHJOXl5eZs4wyzL3ZpUtzZFqrTj0FVG6p7R90 8WfHSHDb7p7wvCOvX193BsygBe1hup6jOHcTzj0N2QzPYpFU715m8TuMmgYiQaxX8FFmQcEL/5xZ XIFRVXHm12cclxDcPlAKIJz0TiirB+2bZyG4YcmikVB2EARvQY7UQTUFXaKmyDMaGlcNXY2YbPPu FC2dFvs/hNDPrs/+UGvxiLnH2E7ySyX2Ye8Jtwlx34kt3pI2iyNN/MVyeOO+JgGYdnBNRMdYMMKy EBt/gxixroU5g++aSBzWd+PTinXpbADpwvIO7BuKdRas68J0SBpA2rCvB9a1Yr9HOMYApsOufmmY rHQ8TEaso3O24jONX0ySJWdID7YtoXNinRfme8U5msRnFx0D607gewt9h32OYzqM8xVLdxE/fK/H pMJkxpTM3iR1XNPYPWyjd/U9Co9InbhqH5JMduJ1n/wM/pAGvfAyfMeEMQuZSuY55h7zIzuFTWfr 2W3sK+xXnAdXzn3AM3wIb+az+H38p5IgSYqkVzIodZcGSsOkydI86WnpiFuSW6lbs9sRt3+4K9xN 7oXu+91/9pB7qD0sHlUeL3r0O/cDT5EJ1LJdpV//eJSMJeiT8bUXlp15IDOx5MwzZCrMc+U5rI9x 5SVkFhSQ+aSRrCGtZB1ZQZaTerKeBJIyEkGMmAqJjRS5SnoSite832yvJxbxCiTV+Ob/6x9IUsgy 0iT2XY0ljatmA6YGcWQ75lbjqFZ8M981TwNeK0gN1izHXCu2qscxAkkVqcVrGabxmRdjXQPWrMJ8 mthzBbZegyNvmCDX/F9kCsRYKAIvPfKnM2ckOdjHjuM1i3MswhFXi7ksXM0ylKAZR61Cuf7vdhPf OOuzcPxklKKB1P4viHw5Q2VuZHN0cmVhbQplbmRvYmoKMzg0IDAgb2JqCjQ3OTUKZW5kb2JqCjM4 MiAwIG9iago8PCAvVHlwZSAvRm9udAovU3VidHlwZSAvQ0lERm9udFR5cGUyCi9CYXNlRm9udCAv TmltYnVzU2FuTC1Cb2xkCi9DSURTeXN0ZW1JbmZvIDw8IC9SZWdpc3RyeSAoQWRvYmUpIC9PcmRl cmluZyAoSWRlbnRpdHkpIC9TdXBwbGVtZW50IDAgPj4KL0ZvbnREZXNjcmlwdG9yIDM4MCAwIFIK L0NJRFRvR0lETWFwIC9JZGVudGl0eQovVyBbMCBbNDk2IDYwNiA2MDYgNTUyIDI3NiA3NzIgNzE2 IDYwNiAzMzAgNTUyIDI3NiA1NTIgNjA2IDM4NiAyNzYgNDk2IDU1MiA2MDYgNjA2IDg4MiA3NzIg NTUyIDMzMCA3MTYgNzE2IDU1MiA2MDYgNjA2IDMzMCAzMzAgNTUyIDYwNiA1NTIgNjYyIDgyNiA3 MTYgNjA2IDU1MiA3MTYgMjc2IDU1MiAyNzYgNTUyIDcxNiA2MDYgNzE2IDY2MiA2NjIgNzcyIDkz NiA1NTIgNTUyIDU1MiA1NTIgNDcwIDU1MiA2NjIgNTUyIDcxNiAyMzYgXQpdCj4+CmVuZG9iagoz ODMgMCBvYmoKPDwgL0xlbmd0aCA3NzcgPj4Kc3RyZWFtCi9DSURJbml0IC9Qcm9jU2V0IGZpbmRy ZXNvdXJjZSBiZWdpbgoxMiBkaWN0IGJlZ2luCmJlZ2luY21hcAovQ0lEU3lzdGVtSW5mbyA8PCAv UmVnaXN0cnkgKEFkb2JlKSAvT3JkZXJpbmcgKFVDUykgL1N1cHBsZW1lbnQgMCA+PiBkZWYKL0NN YXBOYW1lIC9BZG9iZS1JZGVudGl0eS1VQ1MgZGVmCi9DTWFwVHlwZSAyIGRlZgoxIGJlZ2luY29k ZXNwYWNlcmFuZ2UKPDAwMDA+IDxGRkZGPgplbmRjb2Rlc3BhY2VyYW5nZQoyIGJlZ2luYmZyYW5n ZQo8MDAwMD4gPDAwMDA+IDwwMDAwPgo8MDAwMT4gPDAwM0I+IFs8MDA1ND4gPDAwNjg+IDwwMDY1 PiA8MDAyMD4gPDAwNEY+IDwwMDQxPiA8MDA3NT4gPDAwNzQ+IDwwMDMyPiA8MDAyRT4gPDAwMzA+ IDwwMDZGPiA8MDA3Mj4gPDAwNjk+IDwwMDdBPiA8MDA2MT4gPDAwNkU+IDwwMDQ2PiA8MDA2RD4g PDAwNzc+IDwwMDZCPiA8MDAzQT4gPDAwNDI+IDwwMDU1PiA8MDA3Mz4gPDAwNjc+IDwwMDY0PiA8 MDA2Nj4gPDAwMkQ+IDwwMDc2PiA8MDA2Mj4gPDAwNjM+IDwwMDUzPiA8MDA0RD4gPDAwNDM+IDww MDcwPiA8MDA3OT4gPDAwNEU+IDwwMDZDPiA8MDAzMT4gPDAwNDk+IDwwMDMzPiA8MDA1Mj4gPDAw NzE+IDwwMDQ4PiA8MDA0NT4gPDAwNTA+IDwwMDUxPiA8MDA1Nz4gPDAwMzQ+IDwwMDc4PiA8MDAz NT4gPDAwMzY+IDwwMDIyPiA8MDA1Rj4gPDAwNTY+IDwwMDM3PiA8MDA0ND4gPDAwMjc+IF0KZW5k YmZyYW5nZQplbmRjbWFwCkNNYXBOYW1lIGN1cnJlbnRkaWN0IC9DTWFwIGRlZmluZXJlc291cmNl IHBvcAplbmQKZW5kCmVuZHN0cmVhbQplbmRvYmoKOCAwIG9iago8PCAvVHlwZSAvRm9udAovU3Vi dHlwZSAvVHlwZTAKL0Jhc2VGb250IC9OaW1idXNTYW5MLUJvbGQKL0VuY29kaW5nIC9JZGVudGl0 eS1ICi9EZXNjZW5kYW50Rm9udHMgWzM4MiAwIFJdCi9Ub1VuaWNvZGUgMzgzIDAgUj4+CmVuZG9i agozODUgMCBvYmoKPDwgL1R5cGUgL0ZvbnREZXNjcmlwdG9yCi9Gb250TmFtZSAvUVZPQUFBK0xp YmVyYXRpb25Nb25vCi9GbGFncyA0IAovRm9udEJCb3ggWy0yNC40MTQwNjI1IC0zMDAuMjkyOTY4 IDYwOC44ODY3MTggODMyLjUxOTUzMSBdCi9JdGFsaWNBbmdsZSAwIAovQXNjZW50IDgzMi41MTk1 MzEgCi9EZXNjZW50IC0zMDAuMjkyOTY4IAovQ2FwSGVpZ2h0IDgzMi41MTk1MzEgCi9TdGVtViA0 MS4wMTU2MjUwIAovRm9udEZpbGUyIDM4NiAwIFIKPj4gZW5kb2JqCjM4NiAwIG9iago8PAovTGVu Z3RoMSAxNDEyNCAKL0xlbmd0aCAzODkgMCBSCi9GaWx0ZXIgL0ZsYXRlRGVjb2RlCj4+CnN0cmVh bQp4nKV6CWAc1ZlmvarqbnVL3a0+qu+j+r7vS62rpZZalmTrliVbPmWpZcmHZEttjI057BhzGMwZ GMDDPYCDE5gJhDABzJVJSPCGJMPMbpJdkmEn2XDMsgmZJNgq71/V1bIsDNmZVfm5X1W98/+//3yF IQzDqrDrMALD+oYi8T9799fBk1ugbN2+68CU7xkfBfWPMCxwbLo4PjnxXpcZw4IleJaehgfVV+PQ Pnga7p3Tu0tXXqeI/RXcv4NhqGXX3MT4I9+/dxbDwrXw/tHd41fuwYaxu+H+ObinZ8d3Fw+8/5vP 4P4fYRFrMYI8i27HBFiV4H5BAkYwl3+JcWwKV1YJcBEpxnEBTpIPY/gzLdiV5zD+L9Y61Ia1YLZz OPkb5hrcLTyFb9+KYQ+9988YRtYLCuxsGMJwrB3D8EkBzISJMCyhsClcNoWtHacZJ/orZlqw9rOn 28mz0LKEPUeOkg9i1bAKhUNhS9kU0JrCn7mLWYeeugs9hW9lhtHpO9FpZvhODKFe9A5xDb6HpSJK 2SjUi0fROw8/jCFcxYziLwre5t7AGLjqCWZUtO9Px+EWrWVGiavgnQ1u1FoNdzncHu7KuDNp7koI RdyFKyhVKNDRNv7KxrZCIERpEdJSoUChbeMr420dgZCKwpXHDxxcKM3tvWLP3K7SwjWH7rj96qtK e2d37d0/t3ehdOAq2DxLLfJtoIgIM2CYjbARDpRAiJ/Uw88lImyk5ObFsze9iZj/hv6w+H9kUrlE KhKTApFYUlMjq7kX/QhdwxwRFD77DvH3Lq/HYTfppTVGk93h8biY9bC3ftjbvsre+FEd5R2lU0l+ ukR5zxpiH6UJBNsKG17dWigEAxqKvS0Utr66odDG3uLqOw5ds1DaNbfnir1zpYWDB47feNWB0sLe uf17d83uLV11NUyCvXjhQ9JK1mMZltI8ORNxfkYgvVAr1KrhcrhTcAGFHfxuHcLyclIKtLtGYtIH /blcKu52qlXPIxzhOP41KFAjDFba60+mOja0tPr9KjVZvzjYn0xbbVKZloJOTYP4wvmvO5xum0Or E5FajdlkMVFRl0dvksqBWZFQ96oi/mN2ra9c+IT4s2AYc2CYKpVQsdiywQI1CQ3PdaqyNju7rle+ Vn8lepbpR0HfNk/Q5wN667R2RyCYSKQfHRggTp9ABubXJxZL/S43EhACUiQU3CQSVYmqSEGh7av4 Qxx9gPN64EgQ5kwoWJ4keH5k4jz4AOo8axz28vzw6MXnCfjT0Va/N51oHcy3hEM6DXq+VmmyeH2R hkTK5dFo0XOCt5mDiVgiHPa4TPpaKdJoQ5FVXZOLEfyFvlScttTUaLT+YFNuYPFWFoeHgVtdZC+m 5filvpQTGby8KKKyGp4a1Aq2kl02R3NubOPe2dGxppzdgdB1V//20/1XvERpXd5kqqU1U+f2UVqd xudJJbMt2bTPq9XgltumdxZW2RzIYVtV2DlzG9Leehwdv4X5zdVDA/GYWoVUVCw+OHTwmsGhWFyl VivjsaFBloK/AwpSsOYQ3LDrukgjxUpEayu05R6QVCSRahpuaw9FtAb0nBBYIxYLnxZVCatEApIQ GGlL0NeQHcpk0n7iHpGIRHZHtqG3dx1D4i9nGrKphM+r11lp2mFzmJoSMacdVgnCCHS8DdZUBK6K MSmGuQBGoKqgeFIJCv8tOnTej55gXkO///73T5w4QVhO/OTVV9md3AW9giArYtCCKWRjVZaNugs/ tXgtsWZxBP/RTYT7+E3nf3ac5dS1wKkbYddd2BaYIc6D02Pnd1zhDfsgVVFamdQKHIk8FXoAWylW PF08DzMpvgUrnRqyRy6Xyxy0w5VwujXamhpCaLYB0LP1XQ/19SOfuzU3NDD8kVRmNPsCmbjXbzIr 1YKXxGZjPNazeuf3piYpavFng81NPi+Q6JW6dDYQMplRKDCHI3IPiAOS1ZiNPm865QuYLLUKNLL2 3h0dbV63QoaTDW2RsMUkl4qqVGqbI65oSSe9bi21acuzTLjf6xPS1mikoT61nsSFVTpdKLIa8MFS 85usZAGFAMm2ywiQIpniVE4qwcIXCrVS8CgFMblSnji9A9oHETqbNehPJdsGW1uCAcDv5+SJGLK7 nQ6bTlsl0GiNFpNV9TkhBD4+Cqu8DzS/FnPCOpGDtWsVwa9oaEQkbYAfnjXEy8yd/3YG/cuVY+ua 6q0mpFL7Ay2tG9Dtf2LeYT5BusH6jNOmkOO5xdcEBb0hGm8vjDY3NcMO3PLFp4mz7zF+tcphC4Vg 9qMXPiI7gEZxrA1IJuTluKLutMvU3XLrl6gQiEIV02TjbRXKI7XK7arPrM5EQm6nQV/zoMJqS6bW 9GwvjW1szoF8A1za8+tHtx7ZOJbNGvSMKxJLBIImC4F3ivVGlycWR38c6ehMpIxmJKvWUrTFGQqF Ig63Rud0rurYtePWB3buaG0xm/z+1T0zO6/VoZ8gqdzlbm4d35zLuV2KWlY+bmZGSQPZjSWwIdjZ kvwnl+w3BZeWAwK7r2RmucQoajPpJetrv7yWwxX5RNznpi26shlC+DNlg8SbJ4MFzFIs2fLDzVu2 bcVBfald7kS6pT0aN9NSuUxqtUSjhXqQSA/IVzeSAHDszrDebDTolLWkRKW2O6Lx/Lk0ekFvMRnN 5oTHqzdKZQi0ogbpbj+x+Msr+vsiYUqF9IZkum9w987egWTKaFSr4rGRtYD/J4G3TnI1Nspy9lJG ejKaSzeTqWjK5X5OhWgid0V4KB4hlYt0IpM1UzcwNL2lu6eu3uVRPlRj1Huc8Vi2Ph5zOtnFGQPB xuaO1uZcLG6hEdq5462+QiGdcjtlj1ZptDaHzx/+A5hhjyedbm3paKvPuJ0o1dPY7AtqtLIa2pKK 91jrrPZaJSkUizQquzUWoy0UJZepaym4S8R67xoaRIAAKx2LF9RBs0lRKxTeGzGaVeoaea1CrbE7 0nWc93g/eI9fw4QYlkkhlEJUiRg7/wTx/v33oTk0ez+zmfUxWQtYBxKRBXvsvlQfcIRY0iDCZRRc EhTeUh5BwcCqjrGxLeO9a7IZh132qiLXum+kvtHulCsQUsid9sbsyK5VHcpXxHZHXbavf+LmzeP1 jUYjbnls187WFqMeuOoP1Te2yTakkkZzIr2md7LY25+pM5lTydma9qZcOAIaNOjv6Z6eYvFeBG5P CcYwIxb4PL8rFoA1e0Rt2aNU4OXFk1Ng1vJtm7deed2WrS2tVho57K0t45uv/uPRo2/19d97srcX 9ffd91h3F37qG0e+sm4sEIqEN6w7euTJ00cOj6wNBtDpbzBfQ7KjRxA6cpT5HfO7m2++5ThQEiIU 8ttgzZKg1xzEck+WcBAJFQ8hqkxiVeVBheaqBPHZ27dVSaqrqsUSiVhSLb77hy/83SZCSIpIASmp gcdVN7x2RFAthndIQArhjyg+i/7Z6LDTTrfbQdudViYE3uAjOn8wEgVyhXygkNXoKWaUsrvsvrAl FIqGg34DvuVSdKgAGohFx/uAjjG84Sx69H7mTuaO+yDo4fT1daCv7aAzC8t8JNuS2qYqapvfIQLZ cjgUFa2aUlVskWNJpZPX+QMdqzZv2c540cl9Gze05hy2WoXNEUu0rc23hAI6DfO/V/fc896vBrJZ p1NRO6A3hKMt+b7zSNKVa4qEDHp0aHpVZyiipgQFldrta8qtzcYSYIetUrHJ7A9lsrh3RyTEbAXs sYY2vvhkLhiwGGVSxl4jMZsiYdZi7gEM9QGGmsCj+BIEfU4WKIBSpqJJWD+H7HGFo/UNbYXeYxOT LXnAFG1tbSlO3jTRs7ou43bpnnYXVs2O5XIeX60SjQx9Per3OmiDVsb8HL13vc5o1Gjl8lRy06bD 197/xJFr14+GQqwiCTU2t9ftbm60O9raJ4qHmd/ffAsSi6QSWY0Y9T/McscPO3hE0INtwg5id2KY oKLvVhqyihlwX7q7ispbyULtkjWsmEfW2UIVpVkhg5BvyXKZ4KelVhhVMup3QShiMmvMdmcgGE/V z/b2xxM6A9JqQAcmc3KpTFItFIJKDAby+fWFhvpgQKdjtURXd6+FtjhsbpffT1vVdxgCwZg/HvHp 9TpKZzIzL4HzAe6oJ+h0641yORhibUs2E/QZdN1jfQP5kXAEKWppazza6nHarWaDrqZaoqzVa8Di GJTq6hqzKZkoFPrXtDSzni1thJmcbpe7qY5z0BGqVdodsXjLqnQ6ELQ7bJlYPApiFR6d2HYwcMve 0qa03gBhjviGGlIIIYDZpFZVS1CNjFPyrfUNfoNBbza57NHzJyf37ilFutZMpkIRm0OpRtViUOdK QOBe4N8VgMDWi7H3kola6Y2kkpd6I8vsVLkhqlerAv58y6ZcIubzmE2ah8xeX33Dmt6pW6em8wWr jba25YuTxyd71tRlPC7DU7V6g9MdiTesz7V6fSo1furo5FTHKodTp/N4IKZrXdXankhb6URs04Yj hx984vC160ciIaM5FGlsbm0NBwNgICnQpYBNVpqOgabYyMUAyyIA/Je89/8eehd8f/LZE6yvcuFf uRgwgK0uSx5rRxS1rjjnsQA42XJJrMzDuEKjivClVkRmxOZ4/8AB8EDQjVcO9cc59+S5sntymq2z 1+Kv5FLaEo20F9JJt0OtVKodrmSq0BqJWulaxTd2hKPolpuRHk+hQHCc1KgNeq1GjB47p/I4nRYL pa0ilQqWsUa0a29ffzIFoZROl0oOD1+50N8bjYKPCJtIDAwBRfqAu9PA3eIyvWm/jDeSusQXuZTb n/NKVvpnl/gn01a6uXXrxPUfHPmK88Uanc7va24c6WysD/p1OmS1J1P59rZ4IhmOeH0W2K3TmcuN rC0uDA2wVlv9UjWltbtACfen0za7VG7UR4LNjYVMXSaVCAXsNMQy8+CpJlMm88YNz7jqgmGrTamU Sc2mcCjXEQyYTcpapVQupVTgFLkSsfathbZQAHohlcbra2zus8V9XiMoYVSrMJk9nlCjy60zyBUK mVyhptjAI1PHIgnsDHkDWFINa0lRAi3XSuyFEvgP32X6foBqRJKqaolYJBKA2ZRUS6qQ+i2wgC1a C213WGiKoq02G23R4q/zkUcRLJlyeTaItWP88KKLdopVXmTR61vds3vPceYEyvz1VQeGBoP+V03m uvq1I/sOPPrT6e34s6euPTy6LhASFJDLMzB46OrTN2zd0txoNp37PTp2PexjDW87RUv5Owr/7itM gUySp86NkqdOnmR3+xEfO1ez8ZAI2iUUbDKMuJO58+hzz6Gf/5TpQv8F/X4bMyd4+/w4LmUii/ey /dj9bIPRq7kcImXjy6PEvYte/OTiJIEEhZPM2P1M4iS0fh1aN0FrMbsWtiWsh0KH8ccXN54hriJP McoHF9+HDhhPqS3QVs1mhpZ8K67LMlots/HkFmSyNDaPbTzI/OYMevvQ5k3NTbT11cGhx/6dGWhu 8LnVKuJv167pbWx0OhcZoJfJkkx3rd58KN+y+DHSqt2uRBzWOA/ysr6cpdQCCeaJ1N+d/5Fa8MvP 6Mp+/eX9wj45OrH5UGLn4r+fOYNLzuBzi3cICos/wNOffYdtfze03wHtdWx2waaohDupin5lifbX 6AV1JNbU0rEq39XVkWuKRQ1PoPE7iEWf3aUHZKK7wYJY/P74uTV3sLnST4A8P0cBdoXs3OiTD1GA eRcelt8AZrmcLreu8vsPuRaEvNwOYZthVbuhHcdtBNFhgvtHPM6cYV5+HT3ELHwPBZH/LWYBPY5e YtrxIC5jNqC/Wfx08Sds/wnoPwn++tBfjvK5aynK58zGJTefz7VRClwlFEpllNZq1xtUanE1OgW6 86tQcKlSadA77JF1Qb8aV2jVZpPTGWny+w16qQQ9xfdqc3nwb/SlknarXFr22QYWH7mYGBCqNHqj yQyq1G4yKOTR6GTY7TDoZNKLabpK7+HhpxZvBSx+E+LaPNkPPtqmi1j0CCtpH7WWMxLU8p1XnJqV +Q3RCnJRwkvVMJmHoDUc6V6zuy4WDwRph0bAmYznYffP8NaD1NMWcCdjud1ruiNhterFGqnJEo13 NiTLCRO10ulMJQud8ZjFJKvB7Ye2T69e7Q8iMPlajcOewOUKjc5kMTHrBYTH7bKYNJSYUKr1BotV n3S7wEeRIK+vs3v79KHJ3t50ElSqOhJfO3JDqac/EldTZmNdZmAAQxfOXXCSP75wlEWiCPSKgPyn X2zdCvS6FWQoBzanDlv3BXFwppLuWJl4XuZfiFa6eisML5ljg6j85q1XDLa0JhJOp+a0qbF+Y1dT A7hfWpxyukPRZCYzvqY3nTFZaGtjw/rRuQ8PXvkmWFt3Mt3Rmkw5nCq1stZpB2rFUgm/16THz/zt DTds2BiOKGod9mym37jRB4Rz2PP5beNHIqypkMqQwwYWbbi4fWS4sdFme+LJZ7ryLQkgNtLovP5s QyGfbfAHwTGDMWyJGCsx1wFFVoMeyH9ZXkBzeYdC5FCBriSW2WFyNbLSudymLQfnBoeyWZtD+i0J pXLaE7GujmzW52GzRB5vJtsZdnlAiEyaZyOEbfF6c7Szc2JmeLih3mZFLxWHR9hEsYGzr6son9Nj skJgoFX7vA3Z7oZUwu3SUkgklsqUahX+X+9gRl0QISOrLZPt7WP3dDNogdWcB1WxLJ/zDqkV3qGW AuvT/hzzGZv2iscG+uZNPo/P67RrALIeH7AjH4tbaTZe/5A4fX6YOH1CP9nVEQmBR4MTBCkg7mAz 8IhAkmqDKRxZLTnB2ortvFWVsJnf8lpQQpGAgNJGnHpucR6/6nsvMbczNehTlGNeQ7lbiIPnbzxB tC2uZvfx7IUPiZ9Bb/NFi+xZ6SGl2O0RP9MbY4nVa8afntpu/46Eoswmt9O3PZ1k3kJ/QI8X+4fq Giw0Wr/uNWtrKGKxSuWdHccJMWv5DnO0KnBxuaIcCi2F5RcdrrKyZK2KarmzoQJFforNf+LKWhk4 N4/f9IRQVCUUi8QipQrHH/74RXGNpKZaJpVKpDXiF39FTCZSyVA8XpcMxxIupht9S06p9BqDTpdp jCZDyVTi/ElBgdHqXF5XMBYOujxuA/oADBZougsfkvmKV4xwXjAdalZRsUhMZriLPURSs8m8sn5b fj7xBZk70GuTUy+X1o5EuEwujr4BCu05HCcjI8P73tg2/qJcbrWFo/m2ZMrpVqnVKjeosNZcNEpb lbW4nfmft96KgoFtBqNZo61VkFVaymIByJAfM+vNENcZNTPRMLr5FuZf9gz0peIGHZiZ1NDIVfv7 +sNRFawlGR8agP3dA3LY+UWaaSlCvVzuifoyJb5ys53gXGQbhkdmD23Y2NRsLqd3tmzc35mDMM/j 0Z42NzYPdDc2+v0abWz9utKW/t66jMXyglLphDigIx6Le316g1rlcaWSbS2phNPBpvCLw6NNLXZH JDyy9tCB+5696caNG2JhJJfbHOm6PusGn5eN0ccnDm8AUljpuvq+/p1tdRk2jqxVWm0QRXa2tMbi RrNWw4o4UKOE1pGjxEdlf0HFHn1AYVMwZuJ9Yt3ddzPY3XezEvIn/Dzxj4IfYjK4cWkFWhFBeDKu jIBI4A+hqhDz6xf333Ny/8vM/wqh6pobyce3H+36rBPhF7DOP3Ud24l87BgfgwSsAQkQsJ4i6/Z8 fAZ/WFA4N8r5nz+At6jsV6l4N5KN3X5AZJg3UeP5t1Aj8yY4hud+f/IkKQVPhyJ6iG9xXhrr1zqI BFuIW054f8lQt/p+SfTg1y4exq+FkXfhXnIr4cEi0K7CV/7KVJIKF8350iFNCtiIFrw+j8flcboh AGMvbaG5MUWbLRba5vAUOrs7D6/zWG0Wi8lsirXlCY+wSlxdI6upYo8bCQFCBr3/q1qZoqqavdFq DCGhSFJTq1Df5tJp2F3nwa+4Cfww0KC25VhMVbCUuUzgoUrgr7k9vmi8obHXYbJYVTqdondVIapk /K+iKomiVi6vkRBEjaRWppDXnH9lW29/Omuy4KjqBgLhDfVHYmRk8Rqjxwe2ga6S0BbQYR4zfhjw wPqFMS4TsCzLtnRVzqwrV2qFcr/kYItLwqUSFBlTqi202weUhGhPpUbPIEpJWz3wxOOymtVKCMtc nnRdW3smy2Je+O1qtyvXvH50767163LNDvvibW8QHxSSKa/PZjdZTRa7w+vPtCUSPq/NaoUHDrvf m874/WaTXK5SQ+SYbKpZ37M6naItOl042lY499Jbb2Fo6bQ/vywzuixLdWmG9OIul3KkZcRczJO+ My3gDi2rRMpaVW25VkXueOenL+8WiUghKZAr2GdQhLuf2S3gqsIqsGwEdygtnH4ZfUVl0FtNNqul 0NPTYbHaTBbwd5mrBYXzL+ebmmPZRHu7ibZYzGajFt3G7NUazSaAnqm9AOokEW9uShNtrPU7ASiy kKuxLmyG1WnLvIqlNE7KsVLVLT9VuswBDfBe9UVKjqcCvn1DW4E9X6j5dm19ZlNdJGSzqmoRrjZZ gUN1q6Y6O8MRNfdtRjTcs2Z2z9rBMMGf2jxdPrXZsdOu03l8sWSyPcqaffijLfFoPpmM+zwGHbMO qcGricca9au9PkWtx9XYOPI64NZkqVXa6Pa24uSNR7ZPrSq4QWmO62iL2ahWkWJKa7Y43e7z//D+ fIl4Z09/Xzyq1YCejff279nX2xeOAAphTdHeNWw0RTBfxZ8vR1NIBdEQWFox8xY8vGdxx0XPbQxb vyJ/8rkTnYq36kgtneUleed1pWAspTqpJYfOSjc2rxtb+Mr6sfoGk1n89yIISJ11qe4be9eAl5tI NTTHp7bF69KRELiZ+fYj+7u6a56X+LzNjf19668YGU6nDXrWr01nuwZzTQEfuG7zG1d1g7o32qyZ ZEdbt6IuHKFtSmWu+WBbOGTUg5N/EsmqzcZQoGVHYz1qap6VbSq0R0Jajckciba0dtXFU/4gsIUU WywBcBuARof4bLUVa2G/IPrcmceKhJFohZQtufAVV1fAqog+5PLk29ePTU2vG2vJu9xuVz4/tn7n 5Ni6fN7t+hYERJwz25NtcPtUakrl82Trujvq63xuLcWs+xB/7I2jxwaG7E6nfaj/2PVvvH3s+oE+ 2gquKt03cP2xtx/cuSOXM4DrqjfmcjM7H3xgeqal1WhGyGxsbZmZfuDKP/8Z+HwCPB82N+FaFuFV dsWlAS9NjCoSZBMY+frGsY0HSqOjWWDaGaAmbUkl+wezaYddLkWvoA9uGt/W2GwyI6O+Mbtl0w3E 7vNf39bOfqIEHk440LVqmuiAuW8H3dQIVG1kswTLNewXfTqQWQkk9rJRt8OIQwNDA+15v19F2Z3R eH06HLU7NFrht8W0NZsZ6N85MzzYmKWtgWC+fXCop7el1Yr/dN/WoYHuzny+Ndee725kc2gyqVxu sQbC9YrV7W1caAPKNFLoWLelb6Czq6W1pTXX2nFnJSPyQz4jsjxz9CGjf+zMGbzxV0wVXsCvOcUE BIXFLfgji2+e/yOrtfYxI0Q7WHAXBu6BYEUYyFnA5bFepvIlB9GO7K76ht6+tX6vHyyYTacBR9Dh c/sy8Sh3+MnM4Ku//33TbHdPmE2ECggh6GDxLTAFhA8CJGMTr+F24rvcByA42sp8lVBWcibsd2mc FvjkQ+Z6ThGUkybnjnHqgMCuB5R0cBZyG3ZkWbywInzNVGzjUkS08pCjIvkVv3mlhCwBTbUyhFqZ MOgwmesbxjYeunr9xvpGk5n9wicRyzSEI2wq2WyqywwPzs6PDNdljMZahZUOR5oaAVcQ2/0PqYw9 vu1aBbrXJpVVSyymZKJ/bTJuNopFyIGkMrujrmFtf7rO7qhlT1AhIq7PDlTQfXC4szuVZo+XaUs6 2d051NGQZTMxElJKW/3+eCzd1tIUi5pNyGSORnMtbalY3O+30NVktd7oD2Tq8WTY77ValLXsKYcF jEbY7fWxYNVqnHaf17V4bygUcNlZ3e1whsLhRghm3GqKUnmcKTZT9z4zQroAQasuWr2MoqJwlsRI UbF0Nupiikq4ggta7oszQJepNZ32eNgvCjU6jycWTyTiMY9Hp0GV03IkfjdstVGUuBohFWWzewPe gN9rtwLwkM+z8V1mFFr6vHWZdrQlFwwYDTIpfhP7pY0hGGhGWzvAH/dQ1HH2ywOXO8U8kQ1HbLBl Mc6mvR2hSD3zNzsDIfabSPbbFPJUWbK49JyjnKrDp1DPWaYH/eIsczNz/Cz6BdNzlmjH0eKhxRze tPgG/hp+lD2bZg6RewGpUdDUF3255UdpS98tVU42vvTAWm+IxQurxrxgdU20VecORaIjudZo3O4w 7h1am8mCkvuSQ+y79u1fO5Kuo67JZpGAFBwTC6vAO46GOwqjklRi/bprDp38CyfbT4K++G2Z26pU OST/nLAtpREdqaWD4cr3j9qKo08pKkL75Lsb2G+j7Fa/N+hn/UsVJalWa6y20LtI3JJJe8C+6DRe TzyWSMTiHq9GR2ndoIJbmNHjocBOtKE+EnLYtVQ1zubVbJFwFo2l3C6tpkZynKI8vkxdB/NwcyBo MNfI0E24VGYwBoI55pH2TJ3XBxjDMIwvpg+Y4BZ54x/YD5BX/l04Bzj/Mewcsefk/B/0EZ5avA8Q 8hG02Eb+uOzhLvvrJ89i7Be8GJQSeRb1kmdxFfyOlJ8h9v2LUF7hf49A+R2U26DcBeU6KN+E8iiU 66HcDOXJ8lhc2ykoFH/PttkLJcD/HuPb90Ep8O/XQPmIr7/O/87zv3fDej4pF2wzlIny3BfOwe+t /FrY8bZDeRbKYX5t9/Lz/wnKx1B+AGOwa9oFJc+PhZX3hAh+nENQTkC5nZ97H7zbyu/xfShOfm9P Ag3VcAWxLGDuMPY89m+oHV2Dvotb8Rn8KH4/ESCuIV4m/eTTgoSgQ/Co4ENhXjgifFPkqhJU7ay6 rupT8e3i74g/lYgkDkm9pF9yi+QByTcl/13ygYSptlTfU2OvCde8ILVJp6TXS1+QVcuukuNyjbxO vkq+RV6Sv14rqb2y9l8VRxV3K43KG5X/oHKqWlRHVQ+ox9U/Vn9CraPe4PHTj93Feq/83co/ExpZ er4Ze4WvI0yOmvg6jonQJr5OYAb0AF8noc0/8XUBVoNXxhdiMjzA10XYQSLK16swNfEuXxdjMrKK r1djJnKAr9dgYfJtvi7FrhWc4+syLCD8KcyOSDHcvcSthK0jzILMfB3HZKiHrxNYEhX5OgltvsXX BZgO/ZqvCzETLuXrIuxTvJ6vV2Fe4mm+LsZMxAd8vRqrI7V8vQbbSM7ydSnGkOf4ugwbEV6FtWFz 2B7sADYPEdd2bBorYTR2CkoctG0Uy0BtECtik/DbiY3D2yDUurBZbAILQ60V2wUXvaz3AndXhN8i /F7B9WVbroFeeYjFB6HPMNT7sF54OsO1H4dSgtbj0LaI7YbfeWwnPJvDpr50fqxtbs+B+Znt0yX6 FB2PRjP0YHGS7hwvBemu2Ykw3bprF829XqDniwvF+SuKk2F6TVe+MNg63NXXS88s0ON0aX58srh7 fH4nPTd1aX8MFj0DzlGRW1oJ6nMwMY31cL9z8HpmW3F+vDQzN0v3zM3CA3ap27F9QBJ2C9hgcfu+ XeNQaYVtTsC7WW6D8zBGiCPJl47eujBRnJ0sztMh+nMT/UcXNsK1XVhqGQPqsdzFRorzC2yzWDia ufywlxn0y9bw/8fRMna2c6OUuLHLLWe4sddCiyGuVT/XkyVoiZttlms1fJkZ+2DGKejPkv9iywlu 7BLcl0eeg/o0z5odwMB5bgWTXL/K3hZYxC2j7F9AD0Bu+8xCqTgPD2dm6bXhoTDdP14qzpbo8dlJ enipY9/U1MxEkXs4UZwvjUPjudI08H3HvvmZhcmZCXa2hfDlUMQK7zyI79wlTLiInLa5+T1z5eVi QDmWYldwdOjhmpc4OeW6DJWKVxTpnvFSqbjANp7mXu/B6rEIXPu5KwydLl3BBD9/mKvtZhOT06XS nvpIZP/+/eFxfhkTsIrwxNzuyH9+2BJoqD0cFoocirdD2zKiw9yYu0HkvnTq0oE9xcniwsz2WQB8 eLq0G9qv5ZRUBZQsAMrgvTywp7hfFm4LXI8SLH2cA2gF9AsAnG0AnyIHGnbEOX5cts0uHoSz/Kzj sAm2NwvWCpD3LePtfm49E/A/DZufg3dsnwlujD0c6yaXjf4fXTPAae1CkQVtaRqAvAzWU3OA0IW5 qdL+8fkiC/KFfdt2FCdKdGkO2hbpXQDWWeg6vn2+WNzNwnkfh7X90zMT0/SBuX30+MREcU8JYM82 /6KRw/95MOy6zF7/H2Gwa2k1PAYw7P8CpJEG3WVuZHN0cmVhbQplbmRvYmoKMzg5IDAgb2JqCjky NjAKZW5kb2JqCjM4NyAwIG9iago8PCAvVHlwZSAvRm9udAovU3VidHlwZSAvQ0lERm9udFR5cGUy Ci9CYXNlRm9udCAvTGliZXJhdGlvbk1vbm8KL0NJRFN5c3RlbUluZm8gPDwgL1JlZ2lzdHJ5IChB ZG9iZSkgL09yZGVyaW5nIChJZGVudGl0eSkgL1N1cHBsZW1lbnQgMCA+PgovRm9udERlc2NyaXB0 b3IgMzg1IDAgUgovQ0lEVG9HSURNYXAgL0lkZW50aXR5Ci9EVyA1OTUgPj4KZW5kb2JqCjM4OCAw IG9iago8PCAvTGVuZ3RoIDkxNyA+PgpzdHJlYW0KL0NJREluaXQgL1Byb2NTZXQgZmluZHJlc291 cmNlIGJlZ2luCjEyIGRpY3QgYmVnaW4KYmVnaW5jbWFwCi9DSURTeXN0ZW1JbmZvIDw8IC9SZWdp c3RyeSAoQWRvYmUpIC9PcmRlcmluZyAoVUNTKSAvU3VwcGxlbWVudCAwID4+IGRlZgovQ01hcE5h bWUgL0Fkb2JlLUlkZW50aXR5LVVDUyBkZWYKL0NNYXBUeXBlIDIgZGVmCjEgYmVnaW5jb2Rlc3Bh Y2VyYW5nZQo8MDAwMD4gPEZGRkY+CmVuZGNvZGVzcGFjZXJhbmdlCjIgYmVnaW5iZnJhbmdlCjww MDAwPiA8MDAwMD4gPDAwMDA+CjwwMDAxPiA8MDA0Rj4gWzwwMDIwPiA8MDAyQj4gPDAwMkQ+IDww MDdDPiA8MDAyOD4gPDAwNDE+IDwwMDI5PiA8MDA3NT4gPDAwNzQ+IDwwMDY4PiA8MDA2Rj4gPDAw NzI+IDwwMDY5PiA8MDA3QT4gPDAwNjE+IDwwMDZFPiA8MDA1Mj4gPDAwNjU+IDwwMDcxPiA8MDA3 Mz4gPDAwM0U+IDwwMDYzPiA8MDA0Rj4gPDAwNzc+IDwwMDNDPiA8MDA0Mj4gPDAwNDc+IDwwMDI2 PiA8MDA0Mz4gPDAwNkM+IDwwMDY0PiA8MDA1Mz4gPDAwNzY+IDwwMDQ0PiA8MDA1ND4gPDAwNkI+ IDwwMDQ1PiA8MDA0Nj4gPDAwNTA+IDwwMDJGPiA8MDA0OD4gPDAwMzE+IDwwMDJFPiA8MDAzQT4g PDAwNzg+IDwwMDZEPiA8MDA3MD4gPDAwNUY+IDwwMDM5PiA8MDAzNT4gPDAwNjY+IDwwMDM0PiA8 MDA0QT4gPDAwNEQ+IDwwMDYyPiA8MDAzNj4gPDAwM0Q+IDwwMDJBPiA8MDA0Qz4gPDAwNDk+IDww MDIyPiA8MDA3RT4gPDAwNzk+IDwwMDNGPiA8MDA1Nz4gPDAwNjc+IDwwMDJDPiA8MDAzMz4gPDAw MzA+IDwwMDU1PiA8MDAzMj4gPDAwNEI+IDwwMDZBPiA8MDAzQj4gPDAwMzg+IDwwMDdCPiA8MDA1 OD4gPDAwNTE+IDwwMDdEPiBdCmVuZGJmcmFuZ2UKZW5kY21hcApDTWFwTmFtZSBjdXJyZW50ZGlj dCAvQ01hcCBkZWZpbmVyZXNvdXJjZSBwb3AKZW5kCmVuZAplbmRzdHJlYW0KZW5kb2JqCjczIDAg b2JqCjw8IC9UeXBlIC9Gb250Ci9TdWJ0eXBlIC9UeXBlMAovQmFzZUZvbnQgL0xpYmVyYXRpb25N b25vCi9FbmNvZGluZyAvSWRlbnRpdHktSAovRGVzY2VuZGFudEZvbnRzIFszODcgMCBSXQovVG9V bmljb2RlIDM4OCAwIFI+PgplbmRvYmoKMzkwIDAgb2JqCjw8IC9UeXBlIC9Gb250RGVzY3JpcHRv cgovRm9udE5hbWUgL1FBUEFBQStCaXRzdHJlYW1WZXJhU2Fucy1Cb2xkCi9GbGFncyA0IAovRm9u dEJCb3ggWy0xOTkuMjE4NzUwIC0yMzUuODM5ODQzIDE0MTYuOTkyMTggOTI4LjIyMjY1NiBdCi9J dGFsaWNBbmdsZSAwIAovQXNjZW50IDkyOC4yMjI2NTYgCi9EZXNjZW50IC0yMzUuODM5ODQzIAov Q2FwSGVpZ2h0IDkyOC4yMjI2NTYgCi9TdGVtViAxMjUuOTc2NTYyIAovRm9udEZpbGUyIDM5MSAw IFIKPj4gZW5kb2JqCjM5MSAwIG9iago8PAovTGVuZ3RoMSAxNTEyOCAKL0xlbmd0aCAzOTQgMCBS Ci9GaWx0ZXIgL0ZsYXRlRGVjb2RlCj4+CnN0cmVhbQp4nLV6CXxURZp41esjIZxNLm5eEkKIhNyH RAJ0kk7SkHRCdyckIRvS6SNp6Is+EgKEQy4RURARRAbDKeuow7DqzGBkdpZxZxXBYZSZUQQEhnVm ja7jzroK6cp+Ve+9Tiei4+/3/2833V2v6qvvvqoCwgihSLQRyRCqNmRkv7rjf4pg5jH41LU5umyd f90cC+M/ITTxbrvVZGnL0aYhNOljmMtvh4lxssjLCE2eAM8z2p3+1U/sSsqG53kI4VyH22z6L9Pd OoSmeGD9kNO02oOWoDaEpo6CZ95lclp/1nDxl/AMOKd+irB8H9eLFEiuKJe/gxApFn45A+Y4WyTH jYyUyZRyjpNvROgn4xC/CImvYrvfh3jE3+OUMSQGH4xw4tswjcVlDtnI03Kb4jhIGYFQtCpBlZyg SrDJUb9PNrn/Dnk6YszXX3qVqbAjCiHFCsUVBgcw9B2laCEqsoGMU1wh1+7p5GcoRuvAbaVN8QUa i6YDocQIZbwyPq4griA/LzdlpkweH6caF6FM4FNmRnMF+TLbaVMrxq2m06dbTabW07j9HXiRA+SZ dy5hfOkd+QcPb/60b9NmjDdv6vt088M4Hl+8RPaRfRcvXbqIV+KVly5SaWwDtxRNQDMBoWRlhDIF sKvGFeQnZMfHxatmpsxMEtnIATYKFE0rvf515NEPPvzwA9yxzu9d6Whr913q6MS4s+OSr73NoX9w 8lR8+bfYim2Xfztlaj65UJGUuGXLnz/ZsgUnJSyiFD8BbchBG1FMGwqmNlXCF9hIjuFl2IWN9/pw lOzNCqysuJdHvoId4A3cXLyZ+hPV32XcTg7gzaSbYuuFtSLAJq714k1kg+LK3dl07UWgNF6+Fk2B B1VCngq0SN9JIGc8pRmbX5CfExcfpxhPDigjx8bOmJG+aoEak4PYVtO0zPUrm4V7IVjnxs/ufrBg UmJsNK5d+kzwA3nLcVNmOu5YDRQmIyQ7rjiMYhkFeFOD5agSElNm5qmSVDkqLgevIk9gfnrTz8nF 9+sbzpxRHCb/MoBIsg4UNYAa6t/HVzHC80V+ZX3AL8Umqj5W4rOAGkTWl5Gemb5Tu5iyqGmsXz8+ NiZVlhE3Mqq+4USwX97yc2duFsYyOfWm+oHbihTAFvKm2BgwYzagAtwyftCbqL25X60uWrCgaHVg fhHGRfMDmD9+9Ohx8jG5fuz48WOytbVLe47U1tXVHulZWovRoUOkj/QdgheOwTGHDgG1ZeBHY5Qx KAbNEHWRR90pUXBWyr0sW3BkyaNkJ6kdF9c3BN7dug3jbVvf9S2rP+KdP2/efK933nyM58+T9XL1 3/QdNadn4BPHsBzL4Ds9s/9to+FIjxFePUcMRtBbD0iqlLdQOSEOY2ME/PRdQGlKzCQBMz24HXMY R0ao4mYkZrjVC7GNHFzS2OQ4b7HhV7gXPU2PPJr+SOG8yUnRMbiu9iCXeq/naGt6RmcH0KkfuCXP A40mUAklA8UIIVqgCoueZBBXnreoYlH1fr3RqN9vqFqkrq1dupRc/jG8cEZ9nVFeRD7KmjhhacOh w3UNGE+akE2u8mNU+NBBHIdj4XusCrQKHsGNB63KwnPHi5Rn+pG33OuB5PSRGAeKryAORlA4pn9M o+Flbjp2En3wJtmruNKP5OjubMhQLH8tHbgtfxOkGY0yAAFwHyuGeV5e8qDCCmaCODnMbjAToaKu CJmIO7qqYC7OmLPEUqbBdrK/orFx08sOF8Y7tuPE90pKd/lbzbU+vy+AM7ZvxV/j5BStJjkFLyp3 pW4PbjppS8+wWY79+h+W4SnG1BQcF5+OVVPGjsa4o0uIA1FqJjOTVxnzTR+VE2ysmAi2VjI5cQJO mI5tkNvicBspJ53ylv67MuW9HibfLUUUyDcJJcHG2IQ4MYlJhqJ+mQBhoKBJASwZoYjqf320TveY Z3VH98b1G9eTd59/AePnT+BEHPncj8geXDivxb5QPY7Lsa1fsADSWSnpy5wwCT97EOirDv/ouZ4n bQuKAMoJfK4A7bYC9ZxhvhIfD9qLBxelOSJFFSeGJE1NNDfl5QrBIo/3r3A027KyZ85oXYDHtzTj LVvIXXfH6nUrvB6/PS8Xz5jpWPCfLS1ruoKtLid40xeZEyZMnJybFjchasSM6pof/1Nj4/hxM/C4 vImTpk4pzJwQNyZy2pIlJ87U1eKx46gmjyIkvwGZfxo8UL/C+QIfITvngHJoMEVwOm7PvfNcgjYp EZeVB5atcHRt2rhhDR6176kFC97Gk8kdPBnfLF6woLQdAio5pRJXzI6P6+j83Rr7ytNA6QWEIl4B XaQDJTHl0vybW5CbJ+keHsVhbHhmlp8tWd606ldWCyYHOJyYpLOB10Hyn87r2wsehEF7cZ2x3ddY LzvZ9mA+5ORbwTquYvSY0ZM7CnKx0fhc8EOu4mw+DOsOsczdnJWJC+aCdzQRjWKMvAuyVa5Y+RIF 7efQRJuXoOLARMowE+XJpBQaJ6bQkzR3Xdq6bdvWS4GG+sWQWf7xx6R3hanV3NzY0PQTg77PUzR/ 3kN+j5BTz0EawUd77t092pOe0XqyX0W+fPwJrBqXgOMLJk6uqjwhU+oN+57V1WCDft8+g57aaCIp gwrWglSSt9OoTMpjLlMwERx/DtQOG0ktb245+K5n2QOzJkTJW4KR3Nf38nu1iz+dOqVyOmDZAXnr c7A0SAqhFherDBONZUjqn4A1TnTERMkB5IIDyM4+XaOjwr3u9wY8jpX29gOGJVhvPHbw6J7yMqzR rG9uXt68apXHgROf3K3RyJJTWlqfuu7z4xjVTJyaD5UuL9diy8v9GjLGP9RC8YyNm4UnTVeNw80t /7xFT3N4BfjIVJB0FJU0mv3DCTJZQgVu6n0Dz4ZPE/mAdL3RS7ogxvtl8qCc67/XI+P6CVgTegll Cuuwoqg3yxIwe8vkZcGTy0k3l4ovcKmkO3gKP/MOHke+oB0Cl8zpQ10CZJvv6hJUP7BLeObJ8C5B GRM8JbYJwB9kZyViPU8iUBELYUqSSkUJQJjF05ijYRGdIKPUuRtdebm5eV1HyQauEqc8+gjGZRW7 qxcUqS8T22sPFsxtli2Yk9ZuS5uNySbyVfCC4orZ/Pt9zcvnjF+g3kjqsc+TOgtTystIHfPzsawu S82cyEF0WImW/D6BOytWXy+rxWvCK7Tg5+SArFMovkIhDs4erNDHj1Hn/uYrqtkmyDBlYFNWk2Jp ksnDCQHZ5eAZTtcfx+mCF+Qtd4MHB9BdzhZew0YO1jqV0NNxD9K+LvhvtLcL/oabC9brCm4X98gv SHUvtEM+Nujl2oLPUHhyjfwHuSZAu3Evd5u7IVUWN+cPPsbdINckTDfvQ13CxR2/d1XCRl6ge2So d2BAsYPZNQ6l0ugSUkNSkipabNthmEODjlo4WTA2C6nxyzLSMU7PWHbllm9eYeFD/lu3sG1daQnG e54kvw9u4opx/q6dOTmyvTh1lq7ygVnk10Efzs4yt2Rnki5u4gxT62N/XLESK640L7/kWlwlehnj ZhSKpzKIfpWcRHuBHImfXm4DnvrMfoz3P0NuE7IBb7rinl9UNN+tuLJ+41/6ujfi4F35ObIcP5hn teTnM81Af3Ue8MYyzUj+A8qRGkiwEPjLjh3z5+FNz/WQ18nZw89Bu7HpF9U1NdW/kG3o30T+5eCz UCfn01MOucJOOdG0LiuSxEqcTBtSGgUQt9RLxUTLTj5PTCNPXGSHGtyGV154G69wvI3nkD3kNj0C LW9+lZ2AJr9zATvpsQbDMWhP8NWfLSOnlXI4BH2xYaN4BgJZ4CQauZfpSMyoLFPghCK8ChpDhH3w 4bCL9JBS8lfyN1KquHLvvLyIfqB1ct/bQ7syiKlmqGes100Or1dUI7RripY6QzHQuPE0XWiXNQYu bdu6ddulQOOyE/558+fP87MYOxp8RRnFThXHTpAg6T92IiNdVmCsO/ycsQ4LMUbtC/GkyAHeOejZ EKZpDk4YScxNuS9JIz65EL945Qp5KrhCfiD4hOzlfj35C/kCj8OLpM4JqgP1b9gbzaSHBIt/Qxx4 7Z0/47Xwe4ps7f+GbOWKuCTyCq4M3gj+CreSw2KW7IIsKZzaBL2x1gwfwj3Ba5yO6Mhi2qb1/xQ/ GyTBo/g9Mgf2HYYujAOek4WoihX7CtYBhZfXAqkT+ED2RrBjdvrsLKw6sB+feJ5c3bi2e22X29G6 U1+NcbV+p6F5+UoIxDufjIxUPrLjb//1yA7aPuOM8sQkTUlHB8RQbHwalXgv0J4DnhbqwZRSDyZW weTwHiwvvAej51/5hbWBjrZHi4vnzO44/o3djvfsJe898fjuxx/fvqW7u7RkTsb2fR+3te/ejces 2bxJcZL8On/qFGh/quclJMUnZNvaXv+6cw2ePDkPa6qSUx54QFc2M3l6Qqa9/Z9urF49PkbMORFz w7yRtmFJrHH/D2zEdfgv5Cly6m/kFOveb8qmgwuW9l+VJd/rpbtTIAXtApvQ82IsazBjhaQFOYe1 MrJd/1o1dRrOJpfIwTNnbNY/KGM+nTy1RDeA+ntkLRjpXmtYCt60HvSUpPgcakSmeBIIOymGNBch tW5gumSpfwY1cXdsWTk5WTZbDhw9s3Jwx3JjbfVLy1vGFVdVNt3ZtRP/6DD5hlx77gjGvb/AZbZW E3cTLyx5eMvC4uKFWx4uWchdIn1p8bG42fR65qQJeOu2D77Y/SR+8zxegb3vvzeOnoPOy16QtbNT fgS1ZRJ7y9o/u/AZ1IMr3Gz6YXczZKockas0v0PHn0ePOuTquXPCHQzrEAbPDVF4M34M78Sbg38g eRDlZ+S6u7NptwR14HMJMpZC7pBbg2fJDi4lmKW48sE9ufwsy7YDA8q5LPdPpTyFXAizxBsn9s4s 7XNFj366ft267r7gf+OnsfH5k532HHjZV586RU6TFfIz/asC/o+v+30YJ2Vm+6xbtp58YfM2iz8z m9XwMQNFsq/Bj9VoCZUr/DQhOnKESI7mnpS8uMFbo9CZgv7OFAxILUzza7zY8MsC5uqaByuTZ/ZO HPO7mmrojwOVKclda96va2iyepuWzV04K+WVGdHvAFDBqsrpCdjvfcvY2EgOliYk4flFry2ckYg1 ZYrXbqfERE+YlF6qGyVvrK1fF6iuyXygYK72Sb1x7Ohpn6XGxtNjbmrZotEjljbWb27TVebmPFiw ePeSJXj0uOC2qckpWaWZ2eq41Jl5JXm0VaVWx6eFux1qc3xatDZdO02+lE0F32fnYur2sQmnOSf5 BE8M7lXG3Lzbc5NC7SRfcl8LUDiBNjd5CdzXwb14IvkEgL+8qWi5Cfq107sL8H+e+n+B1BUXSIcC UFuCdPkGKQuH3WNQG1xcVmswvNjSotJUVjX++85d+PAhHIGTjvS83ktet7eY8EZLbk5OrsVKTZ6A Y9Ji4nFL8xvZEydBR/XhF0/uwb9+kxwgu373PlaN4f6TxkQxvGh8gOTdUHvHszvBTLRQiM7wDi5Z yldiqx4hBigty8zu0TFh2Q045t5yFD6E8UOFjhWFc+cWku4dpZpdu7AKj921S1O+fX91Jd67j0BL 9NQ+XeUzjdlZTQ3ZWVnZDU1Z2dwherZ1FT70UKHL/VDhhll1xo1vmM3YZD630Vg364Hm5btveLxe z43dy5sfwLMbMuHVUJ+VjjMzqRffgS8d1J8hdxl36OUB/chbSDc5Se/0oL6CzM1gNdazJg9Tt2xY qU2hxpch4d6I1dQ1Q+qsllbeT8QbI1ZRud8PrbStR4EWh0zgBRmh29dxAkXVOEF9GKglywcvDWQv 5+at687Ny8vtXguH8Yd7jpCr5I80xx15Ds/CyUd6uD4c7/d6/VCC/+TzQ2hPJLveuoDxhbegx/Bd eOutC0IGV3JCzyn2IuyfrJ9TEjc5BgpxwmgMfhKX4zL8FHc3qMSEcNxd7iqZjm8CBie5xu5GFUyn sqToy7j9f65Y8GbyLtmJA0KNUa4K3bdKlZs21bPxL4NZsolkWvBl1ljf4BKCRf2fc5XBV8L6YYVk LbqF9cD3dELHbAM73QWNJQsn6KThd8cp4aWENiqKu3sOPnuC3h9fv44ffurR7Wu6obb/+7ru1auv PZSXk/opV++GKs7uj+3vvsvuj8sgu+AND3/+2aZNkUoVTsQcwgO7iI3d+o5mvNHATBI6XOBx/wFy UTdv9XxYv9tL/vLoo1BRS4s30+owUMz1ifkkBydxY64H/3pNceUbel/zE8gncuV4etLGCcB7AQ2e BDHaZHLyh2e0i/Ai7QGcunGhGmP1AvLlVx9fv3r15o2vPrv1p4+u37pNNXKc5RuGJTpfDLoEqRQc 36BeuFC9AafuX6zVLjpAvvz89q3rH/3p1mdf3bh59er1j+mZaaAP+qwbwGMk1HbRVKoYfAK6ASM+ GfwNs1MfF9PfE9zJBRA30EvK2F3ZaOGOQBUjXBCwiy7h7szhuPjT+baZyVi8MnzlZkfnpzgjfbsS kY/A77eRZyPcih7weyswEFb5qf/jsJsRdgWdl8OuAGeKh+REocRJtYjlzXhxT4qkRun6mr6ZrWQL 8nIb6/NzMc7Nb2zIycMHpxWX1r+0wuFw/Li+tHja5XXlZRhPmVa4/PEnTvpXrGzYt8SQn2szb960 d/369Q0ru/fu23/22IkNG0tKcWnJhvWnTr564+c/W7s4JRkfO07+mMJNXldWXlG2tqu8rKycNJan pOLudf/2m/Xr8KzUss3BxdFW82FzQ92irpLiaXyh+eChV/c9vNnSCoxkpC852pqdh4sXrl938ti5 V0+e6KaHstqlPa1efzf5Yt/T4t+A4HP2Rrpl+dh5/03/2DX8BR46NRIKEcApQ5OwJ8JJoFsYCR3p QE7k3tBfk6RXlfwisnFvgQ8EUJQSxoob8NmDPpFFocvcXdSrOINelL2HJsu+RC8qNqB6xVnUBHM9 8nOonjuHXlSeARibMFYUoOkKJ6qXn0crAMfRyDr0AoMvQBPheUeEBVUos1AUxalMhX2wJj+FmhiO TtQr0yM3/VVOhOdr8LsBPsBT5HuoCGBfBBxNilSgoWfjw4rzaG/EV7BvLUqB5w3y2ei8HIRiNICe 8jjqhecxnA8q+yl0Gj47YZ7y1i3LQXdEnK3K2SgF5HUqc4Au0FbuAZ3cHdjFQWyI+44rLgz0cecG ekHzcLCHDjgWzt9mdAi9is6jy3CCS8U1eDt+E3/DZXPlXAv3Evc691vZWFmLbJ/shjxbXit/Xv6v 8j8p4hQGxR7FP8L59kPFn5WcUqsMKA8pryqDEXMj6iM6I/ZGXI5MjFRHWiNfi3w78g+RfSPQiLwR Px3xyxG/G3EnKifqQNRLUX8emTiyZKRxpGfkppHnRn4w8pNRUaNmjyoZZRkVZBauQjaac8L+ehj+ isNjQvOFIRgM5+NCccwhOdKJYxmaEJqXh40VcIbQi2MlikPN4jgC+oafiuNINCbSI45Hogkjtovj 0SOikR8wY/kIePKPeE4cYzQzKloccygy6iFxLEOZoXl52FiBJkSViGMlSotaJo4jUMtILI4j0ZRJ G8TxSJQ55SVxPHr8zKjtJW5Pl9fe1u7nZ5lT+ezMzBy+tYunf4n1e60mZxqvdZnTebXDwesplI/X W31Wb4fVkh6C4eusXhNvMLl8fLHbYdFbHVaTz8pnpWdlhmAoCIWYQyF+EM3RUfcjOjpqGFm7jzfx fq/JYnWavCt5t+3beEZH1Vi9TrvPZ3e7KHy71WsFem1ek8tvtaTxNq/VSjea203eNmsa73fzJlcX 77F6fbDB3eo32V12VxvQMQPjFNLfbuVtbhcwZjKb3U4PgFMAfztgd9jNVheIPyuxjEIkpgIyC2/y +dxmuwno8Ra3OeC0uvwmP+XHZndYffwsipFt4A1um7/T5LUmpjJOvFaP120JmK0MjcUOotlbA34r 42HIhjTe7jI7AhbKSafd3+4O+IEZp10kROG9gjYBbcAH8FScNN5pZVJ7Aq0Ou689LYxGGqWZ4fby PiuYAqDtwKoo/jDSlDlA66GK9ouqY4Q6293Ob2+gZrAFvC4gaGUbLW7e507jfYHWFVazn84IOnY4 3J1UILPbZbFTOXyF1KBGWDS1ujusTAbBlxgLIUdwuf1gCJ8wS+3iGfQBYY33tZtArFarqDdgxO7i TUMkdbvAM7y80+213ldw3t/lsdpMQChdYmvoutPURSk43Ra7zU6dzeTwg/vBANCaLBYmvaA+IO4x eYGzgMPkZaQsVp+9zcUYaXN0edp9dBP1UpMZkPjoDokj33BKgtdZBKWZHPdHIO6R+BjEBuy5HF28 fYirgzheK/3fHgyWDnxUldQ2UohYwe+sAvOdbq/FxyeGojGR0pYW+EQavImi0sA6lWLUtFohnije ANiBitDhtodYs672Q9zwJo8HgszU6rDSBUF6wD3MMO0mP99u8gFGq2uoVoDcoI9b+IDLIrKcODS3 JAoyfr9lfZDPILqZ6aihTLyDZhGIGQnQYzKvNLWBaBCPLncoh/xw1xpCChIXMGl12AS2KjR8WbXO yBuqy4xL1XoNrzXwNfrqOm2pppRPVBvgOTGNX6o1VlTXGnmA0Kt1xga+uoxX6xr4xVpdaRqvqa/R awwGvlrPa6tqKrUamNPqSiprS7W6cr4Y9umqjXyltkprBKTGarZVRKXVGCiyKo2+pAIe1cXaSq2x IY0v0xp1FGcZIFXzNWq9UVtSW6nW8zW1+ppqgwZwlAJanVZXpgcqmioNCAGISqprGvTa8gpjGmwy wmQab9SrSzVVav3iNMphNYis5xlIOnAJOHhNHd1sqFBXVvLFWqPBqNeoqygs1U65rrqK6qhWV6o2 aqt1fLEGRFEXV2oE3kCUkkq1tiqNL1VXqcs1hkEiFEwUZ1AddEO5RqfRqyvTeEONpkRLB6BHrV5T YmSQoHvQRCVjt6RaZ9AsqYUJgJNIgEEqNIwECKCGfyWMMya+DsSleIzVemOIlaVagyaNV+u1BspC mb4a2KX2hB1UxlrQJzWeTuSX2ojOfds7AIruFgUs1agrAaGBsvEtWOZfmtVmq8dP/VsMciFJsoQq ZNE05rlCMgA3LndB+ApzbAg+DfHFKpCQ5QZDjBbnNDEJ0zQCHg5VSUjClg4rZEIfTSkQI26aVDrt PhbvUA6dbrH++UwOIAa7QlCQM00O2OYLsTk0qKTC6PHaYUun1+6HlMKbAjDrta8RS7JXLFnDJaBU hvPvtfo8ULHsHVZHVzrAemldY5zYXTa31ymKztRn9hdKudTPtzHkFhDc7W1Lb/f7PYUZGZ2dnemt EoV0SIWoBLmRB3UhL7KjNtQOTSOPZkHbnQq/2dBoZqIcGLUCBI+KAcaPfPDxwsHShJwoDWa1yAXw 6TBSIwe8eWhaJVw+9mSFXyvs6YBvC0B+Gw+P6hiECUYG+HaxncXAmwN2UAwOBknx8CgLcGQBZ9/G I2GRcMwJ4fj/J+doFPWDJaWw3y+tne2kIz+bscCKE369aCXMueGY8UP4oZ8ahtPJMPrg2w3rEv52 tmYV5WtjlFyAj3JJcdnYqjVE0Qw7KA9tMJfGeHMzLl1sv4dh84kU3IDVD2t2eKKfNlEes6hxCaef cUFpuRltQW4zg3MCpIBdwkChBd4d8GuGnS7R+rNQIioL4UhkFqR7LezXx/gywx6TKB8PHzoTACpW touuSPqxwcjB7EYxSzwOUqD+SPn3o06mESujOKgTOuOBbzdQCTA+B7mxMAn8zOdaYdXPViUa300h jdmNWtcBuywhnXQyP2gH6ADbRzXjZHPhEkn4vUN8U+A2wHSYFmYdOnYye0q29gBUK8Ptg91p3yFH WkjODMDkhScfi1JHCLdd1OpQ63+/1JLmBG49IY/2D/O6QYk6mT6cP4iCFA02kMHLvNXH9gxStLBv SiON/VJNrAAIM8MnwIT7MZXXzewiWMjMaFsYx3aR08JQhBrFnSbA6mY5YtAO4XlpUAvfzggugPeL EeEbAivFy6DWwvNA+D6eyW0SrdUqambQ3wSN2Nk+0/fYlGIWcoaXeZFb1PIPtTiF6WL82lgmoLjT v6Wt79tP9dIVksHJotDOYlrKbJR/v5j9hBmBW6pXS5jtw71PkNzDqAg6CwAWE9snSWVh3FKbucI0 0gZwVKJ2cc4blktNzIsEH5ZoDNeR7+/KFJ7rLEM8zcTs9MM5GEpnuD7ux1uaaHMH22f/nqzuFTOQ lfHlHIJXmvGFvFKKm+FVxCrmO+sQzXcyqSxsf+J9amNiSO7hOyi8VHkTh3maEDuVw2pNK4t9dxi/ ATEeJCt0wKr9PlqzotVM1y4xoj3wFiqZiWVXa2hHuO0Fvr8/YtpZtufZr0/k0cq86bt9RZDufnmc rgYY1FAt30+zfJj2wu34/xKzPrE/40VppKiTIop2Eo5QL+IVdwzF6GGevRK+20SrCfXRxfQ7vA/5 v8ha3y1VqxgrfrE+2oZoqwJpGK1qpIMnSqsanoxoKXSYeramhTkeejs9rNTBUynMljL7qNkKXU9k kbkUxhRjNapluAQcevimuBtghuLm2TN9WgzwOsBF92pQPaOhAWwGBqlnuKtgthJ+NSIc3VECM7Xw TMfliHanAj0d7DKyGKL7KC8Cp0aYH6Q6lCstoyhxVgVPesBfIa6qAbeW4aP8pzFN0bEuxGeZyKma 6YhipjhLgKNK9kRna+G3BuAMTJ9qJrPArY7JUAbrgiwaxoFgCYGjEvitAdoUohz4MjIuKCWjCJnG JKTylLL9lOpiNitwVi1amY4HsaSLuhT4oPqvC1E2MPkr4c0z+Y0wY2S2UQN+Ca/kO+UMQ1XIj2qZ fGqmh2pGoZitUS1SfVaGIPVhVilh+qJ2o5yXMkpqphHDfSWRsA21zv28Q6JQzuTTME1VMmgD6FED 8NrQjOCPWiZriahbAafg94JPVIZpt4TJSC27BKhqRJ9SM90NlUKIEMr/oBSCBdTid0mYzgatrxOt WxKydTXzsm9rZSmLRQ2DUjNbG0JaKGPxWyVyXhvmYZIda0X/rA5xNlS/UhxJcD8kdwi4JNpDLVjK /KlS5NAQ0sbfxzuYvzRQ48zs/OMP5e+hlTy8kxzsUMN70bSwnBveGQjZuJzBOofBDc4KeVqoX4Nn oPBe7n5VTDo5Cz3+YCcsdSNCDhfOSuGdsIX17EJP6At1KUIdcYc6lU62OljfhdOhk0GEn/98jK4g WUDcMRyX0GeaWOdAqfnuo83vq1TDT4weVvsFKp1s7Be7FCpfQISl82uGnZK9w05Zf88Gkix/T/9e Zm+PeMayMw3T/jJdxOtF0nltUCdUAza25hxm9UHvo9gK0fC+lOqgLYxzi2hxN+sv0tn5yw/cFMKp NgM0RN/p4A/DZUgXu8L/BZUSoTllbmRzdHJlYW0KZW5kb2JqCjM5NCAwIG9iago4NTM4CmVuZG9i agozOTIgMCBvYmoKPDwgL1R5cGUgL0ZvbnQKL1N1YnR5cGUgL0NJREZvbnRUeXBlMgovQmFzZUZv bnQgL0JpdHN0cmVhbVZlcmFTYW5zLUJvbGQKL0NJRFN5c3RlbUluZm8gPDwgL1JlZ2lzdHJ5IChB ZG9iZSkgL09yZGVyaW5nIChJZGVudGl0eSkgL1N1cHBsZW1lbnQgMCA+PgovRm9udERlc2NyaXB0 b3IgMzkwIDAgUgovQ0lEVG9HSURNYXAgL0lkZW50aXR5Ci9XIFswIFs1OTUgMzQ1IDY3NyA4NDMg NzI4IDY5MCAzNzcgMzY5IDcwNiA0NzQgNDg5IDY4MiA3MTAgNzA2IDU4OCAzNDAgODMwIDY2OSAz NDAgNjQ3IDY3MyA1OTAgNjkwIDEwMzQgNzEwIDY0NyA2OTAgOTE2IDc2OCA3MDYgNzY0IDcxMCA1 NzcgODMwIDY3OCA0MTIgNjc4IDc1NiA3MjcgODA2IDg0MyAxMDk0IDcxMCA2OTAgNjQwIDY2MCA2 OTAgNzE0IDk4NyA0MzIgNjkwIDUxNyA0OTYgNzY4IDY5MCA4MjMgNDk2IDMwNCA0NTMgNDUzIDY5 MCA2OTAgMzk3IDcxMCA2OTAgNzY1IDM3NyA3NjkgNjMyIDgxNCAzNjkgMzYyIDQ1MyA0NTMgNzE4 IDM0MCA5OTIgXQpdCj4+CmVuZG9iagozOTMgMCBvYmoKPDwgL0xlbmd0aCA4OTYgPj4Kc3RyZWFt Ci9DSURJbml0IC9Qcm9jU2V0IGZpbmRyZXNvdXJjZSBiZWdpbgoxMiBkaWN0IGJlZ2luCmJlZ2lu Y21hcAovQ0lEU3lzdGVtSW5mbyA8PCAvUmVnaXN0cnkgKEFkb2JlKSAvT3JkZXJpbmcgKFVDUykg L1N1cHBsZW1lbnQgMCA+PiBkZWYKL0NNYXBOYW1lIC9BZG9iZS1JZGVudGl0eS1VQ1MgZGVmCi9D TWFwVHlwZSAyIGRlZgoxIGJlZ2luY29kZXNwYWNlcmFuZ2UKPDAwMDA+IDxGRkZGPgplbmRjb2Rl c3BhY2VyYW5nZQoyIGJlZ2luYmZyYW5nZQo8MDAwMD4gPDAwMDA+IDwwMDAwPgo8MDAwMT4gPDAw NEM+IFs8MDAyMD4gPDAwNTQ+IDwwMDRGPiA8MDA0Mz4gPDAwMzE+IDwwMDJFPiA8MDA0OT4gPDAw NkU+IDwwMDc0PiA8MDA3Mj4gPDAwNkY+IDwwMDY0PiA8MDA3NT4gPDAwNjM+IDwwMDY5PiA8MDA0 RT4gPDAwNjE+IDwwMDZDPiA8MDA3Nj4gPDAwNjU+IDwwMDczPiA8MDAzMj4gPDAwNkQ+IDwwMDY3 PiA8MDA3OT4gPDAwMzM+IDwwMDc3PiA8MDA0MT4gPDAwNjg+IDwwMDUyPiA8MDA3MT4gPDAwN0E+ IDwwMDQ4PiA8MDA0Nj4gPDAwMkQ+IDwwMDQ1PiA8MDA0Mj4gPDAwNTA+IDwwMDU1PiA8MDA1MT4g PDAwNTc+IDwwMDcwPiA8MDAzND4gPDAwNzg+IDwwMDZCPiA8MDAzNT4gPDAwNTM+IDwwMDREPiA8 MDA2Nj4gPDAwMzY+IDwwMDIyPiA8MDA1Rj4gPDAwNTY+IDwwMDM3PiA8MDA0ND4gPDAwQTc+IDww MDI3PiA8MDA1Qj4gPDAwNUQ+IDwwMDM5PiA8MDAzOD4gPDAwM0E+IDwwMDYyPiA8MDAzMD4gPDAw NTg+IDwwMDJDPiA8MDA0Qj4gPDAwNEM+IDwwMDQ3PiA8MDA0QT4gPDAwMkY+IDwwMDI4PiA8MDAy OT4gPDAwNTk+IDwwMDZBPiA8MDA0MD4gXQplbmRiZnJhbmdlCmVuZGNtYXAKQ01hcE5hbWUgY3Vy cmVudGRpY3QgL0NNYXAgZGVmaW5lcmVzb3VyY2UgcG9wCmVuZAplbmQKZW5kc3RyZWFtCmVuZG9i ago2IDAgb2JqCjw8IC9UeXBlIC9Gb250Ci9TdWJ0eXBlIC9UeXBlMAovQmFzZUZvbnQgL0JpdHN0 cmVhbVZlcmFTYW5zLUJvbGQKL0VuY29kaW5nIC9JZGVudGl0eS1ICi9EZXNjZW5kYW50Rm9udHMg WzM5MiAwIFJdCi9Ub1VuaWNvZGUgMzkzIDAgUj4+CmVuZG9iagozOTUgMCBvYmoKPDwgL1R5cGUg L0ZvbnREZXNjcmlwdG9yCi9Gb250TmFtZSAvUUZQQUFBK0xpYmVyYXRpb25TYW5zCi9GbGFncyA0 IAovRm9udEJCb3ggWy0yMDMuMTI1MDAwIC0zMDMuMjIyNjU2IDEwNTAuMjkyOTYgOTEwLjE1NjI1 MCBdCi9JdGFsaWNBbmdsZSAwIAovQXNjZW50IDkwNS4yNzM0MzcgCi9EZXNjZW50IC0yMTEuOTE0 MDYyIAovQ2FwSGVpZ2h0IDkwNS4yNzM0MzcgCi9TdGVtViA3My4yNDIxODc1IAovRm9udEZpbGUy IDM5NiAwIFIKPj4gZW5kb2JqCjM5NiAwIG9iago8PAovTGVuZ3RoMSA5MDMyIAovTGVuZ3RoIDM5 OSAwIFIKL0ZpbHRlciAvRmxhdGVEZWNvZGUKPj4Kc3RyZWFtCnicpVkHeFzVlb73zZsZtelV0pQ3 vdc3b0ajPuq9Ws1NHksjjWyrII0xNgRbtjHGtEAKIesvIaQ5hjWbxIEk1IRNnGIChE2yWTZf8i2w +20gZJOFFCwNe97TjDwWhN1k535P77z7bjn3nP+0J4QRQkXoGOIh1D8cCP+x4tQp6LkDrj2zBw7P vPStugag30BIe306lZyeub9Tj1D5NPRF09AhKRHcBM9n4dmans/c8Piv5Dvg+Rl4vnhgcSp564t3 qRGqyMDzzvnkDUsoiPbD8wvwTC0k51ODv3iDhOf/AiZGEI98DH8Y8VER/5N8GiFcuXHnvYhmCHkR nygVkAT7Ix9AxCMD6IYrKPcLJYabUSMyXSH4L2UHMS2sx1/Zg9Cnf/kzhMhq/iq7GyKgtSBETPNh JyREiJaZZDaTzNRCUFkr/kQ2zR9556EW8jkYt+fd1/k/438cGRGcHguEXHMIHHa2MfZYlGthjZpt QvtGv8W8MU6l3OiPqTfG8X+G/cHt24+f+Nwjx0+MjXu8OOCfGD+5ev7cieMTYwH/s9hoakjsmjxy dPdkQ8JAmYyJhsndN57cs7uhzqAjLn3+1lv37IkwGFdF9yZP3fLA506dnNxFhzBN7548eerBo+nZ 7k6X0+nq7J5NHz2W3t/d6/Zi7PX0du/fB2cB+fKHQAZCVIGQiWfiWTCNcY5nR+5sQp6JvPsz6zc/ +F2i4edEdP2CTCQtKRUWYUJYVCISSSQXCQk+m53mr75zlCScLqfFpFHzBWqN2QIP2RDC6JZ3X+e9 TlajGEhMlhMBHc6JSkbLBBqBRgnNAgJkYOuYJbe3JS9XGa4uK6ks97obGpiw3apU4IuYwKDw83AB xaswUk53hGnb0ZhwuxVKsnp9aCASNZpEYo0KZtUNEStrf2+x2k0WjVZIatR6nUGnCtoc5TqRBGtU AX9HR4p4EXg1vvtbws33onKEbKxmzYzMwtAxWkWrLCzvNKs6wu1ye2P//KGTzA3f+15FeUN5hVZf VCoowm8TPz7x+9+fWB/pM1KYTwrgwOguwOmb/MuAb4Sj1+JDI7PItohbBV20TAkE+4DrDBazxx0O Ncy2NDlsUhH+GhYWa8s93rZEmLHYFcqLIAiQAG815rBVlJeVYJ0+RLe1D68HiAstTMRilksxVmvc 7tra7vXj/MvZm00mk04vVwpZ3ooREp4CBFSD/i28QkZYLCg2mMwzHY0p8l1sC2928v/j1bdKy8TF ZWXi0tIyUckfXs0mL61LZZJSUalYJigSsk3w9mNvs6QAmlSCi4SiMolI+udLvKM2JhKIxWuiQTpi W1vlr66tNtbVh2rolpZKymjQ6ys1vPm1j2gqQWdGqrKl1WJi6PoahncUTBaNvvs6qSf7kAoxcCCi wBalthynwkjOCvMiFlwLQVKPb/rQm8vjE3UNRhN+7eadO2riet2TCqXNHo01t8aqHE6FCmvUDls0 Ut9aFXM6VCrCkH319jswtpjaW/fP3U0EMDZb2trT+27/0PBgOAQAVahC4aHhIzcPDYfCCqVSHg4N D4HETwPTp4FfH+tlIgyHeIZm+QELUNGFAFGxXOc8h0Z2F4t2DvSkXKPS61zOuFqpKJNrtYZ6j7dS XybGvHqz1Ww26XVaLScqg6Iu4DPoADU8PvF5ksQAjiDd3Dq4fhk4OQMekAe4LAXdYyEHO9b8ecHs vScBVS+/lO3EP8JvzmeP8i+vJQlRNrB+Hyvx20DOdTCP85QKhlbxYOZtFy9e5FMPP/zOr8jqK9/d OCfvTTgn2LxJttUNwmabR1dyR1dfe3RoKhkvjktE5RVub30e65zBs3jnlVNGlzMaad+eaPS4lQri Qj8TMRslIkC6t65hcP1O3rDZbrWYtJoivlpTadAZFX6HTVcOslBrfIH2rqn1AJxlJDvK+y3ZjTrR HOvNc6YYKwAHw2w6I/PG61ihk6cjuQcaYKViHRlru4rItQfWbEEcYd3V0UFHwD19TV5fm6oLh6xm OIRKZwC3UtWR7ujyB1QajDXKcLCvZ2l5dDjAuTk4+EMbDm/xOp+2wuEKM0xriDaaJDKMZRLKGA61 MAztclaUZ8ewUmE1h0O1Fd1Ol0zqsNXWjl5w2Rw6g1RuMbe2pGduPZ6e7epw2HCESWopg75SqSCL VRq9wWq3r33nleUM79LSUH+E1sKPZvoHlw72D4TCShWcIzTQBzqehVj4AMTCVsBBXg5577A19Gny oS/vNhgTY5JtiZ+zPs/28RPHLxzfm+zsAKE8WmG100xz6/ix3Xvq6g0UNpkSjXsnjw21t8VjXo8+ u4MYCTQk+gZ2Te776slTY9s9PuJSPgiCoj3e2oaeKO11Gwwy6ZYwKBZpVfoKffaBbEXQ4zWZFMp8 GAVcnMyOgVfpRXE0URDlWQBYlBouXF2D4dyhNzFMhz/Y88Sueh6F0h/o6V3KjI35+ZyKWZBfwBva JgHmbmck1LjU2xPwKxVPlIl0hlC4sy7COFxqDVbK7dYo094dDhl0ojLCfNNsursbzub1pAipTFOu M+qyE3yBw2o16NSqYp5cXl6pM5TTdqtWXVbidLV3pdLHpvv6ooxeh6WyYHDb6KlMH6tkDdbrqmID /aDlcwgJCIgRVZwlc4xvHAdbNnMFuyNns+BFcB4CeYPGtIw/unEesUQslomzHz2VvVvABgKICzIp 9+r8FXxIUFpSXFwk5PGKhGXFpSVFeOlt3sM0E/HRwUjIGwjb1xp5z0iUCq0aWqS6KhagGfvaNogY AaWRMpkB2lKDwURRRiXvxXeOAu+Pg/ZuRi+zOSwNnurxZ19+GXopyEfScCLIV/nmnL3nzZORsbhU bugLf/+h+UXz4yUatcnodLhm62qzv8PP6fSRWE+fcmL8W8aEP2AwisQdbbfzWs+uWVKDg/EaA8V6 ybF33yC14P/cXNZTmPRoCvyJbKvZqArhIgQFS+3WeHzgYHtrxadkBipM9/Qe+N1NN9ttzYmJsdTp nTuqYlo1/qako+NWXyjs9uj0JP7jaFsHzVTqA/5On88XsNjV2rvvwpX37Z9rajLoMPb4evrm9h3W njk/0IdFEpu9PpEEqcRBKo+CLxzZgvj3eMSrSr+a9Ia3mHze4xU23qNYZ4xVDQ6nJ7t6q6ptDvmn 1Z0dx+LhoMWsUmC11umqrmlLNIK3h+xpf/qHX9mf1j9YrNWaLS6v70h1DThElcMWiyY8Pq/Xbbfq dQAeT291rdMF3lIiMhmjdK9xzOkqEqoUJmMoRBlVSplYKVWrLGaa7v1oXw9uaLhd6dbr5NJioc3e 5dXpFSqRRArZi1Sh1prMHi9I4kmQwE2ADxY1ENuefJrNbaF/B36B6CeW2H4FY1LtwG/hFx54gNU2 2Ag/BTPkyHZVehaoILYWAmxXLvdP4Uh0x66bbr5n/Xf4x589c3p6qir2DHa6O7tm00cAZ9WLk7tb Wx0O4vkv33Lr9p2+AH/V6do2unriq3fNTjc1UoYrX7Za29u4TJ7NglYAbZ1ocgPTsTywYswWRyx0 FDgpFZfSshypCtWdB6BjMwgK8x4MxuNPfW5wGLucTY0j28b+GxCk03t81YzLbaTkSv4TxfpKhu7r WfxhelalqpFIJGILZbHRVrtaU1bGE+jNFn8gXmMZaWrwulWq7zRX1/r85ZVBv3J05L59bc1Oh0RC kDXNAb9BJxEJixRKkyUsa4xGnHaNatfkP2T9A04XuJKlIpKPxWX6SsgDGJcHbF92mjKEgzXVzARJ CIvLK7y+zolAEPQGdk7U8n+ALGz9YWHzeSZS4KhVhek35Pl47uInPlFaYtRF6EGj1VwhU2vkLm2l SEoKXuI9ttbJe+zEkepIyGHVqHg8wW08Hsa4pEyhMhgcyRNsVg3a4P0AtFF31fK5im/T8nPhblNJ hSWBsCDrwwqxiDJGI717Eo2SR4sNBprp7EoeG5+IVZVXYLncZPR5GDpeVbOjvY2hKaP4G+J4fK6X BvsRiQnzrr7+WBxMCTORA2UtdQ3+gE6Pve7ervTMDfPbhhrrvG6uZIAcy1dd2yzezkSAppnePhbT I+++wfst5Hke1L1RC7EOSyG1baQ9DJsHRZhrqrfcqfCWEo/ZEgV5THho2+EfTe7F+K4jw0NhLqHJ 1XMPE7nQt/4v7NGDwda2KsZuUSoUSqs9Em1rCoaMlER2Ie3znbkNlxMM9vmTxRqVVg3xDX/2ioKN dQaVpqhYCZlxZXklXrquf4BmNFqNmqGHhw6vDPSFgxoVBCmaHhxmz8nFCKhOr+azXKR49lne/uef X/vY88+DRneBff0JMp0Uq9GcbVBbIkfhUa/xj3msbU2NHAU2tbWRfzJbOjrmFz6e/fNHPuL8hsig o4NdnTMj7W0RWq8zUvF4/8BkbXVttCoQMlsVSpezo2NvcuX47p2JRodN+4SkvJJNfob2NrU43FI5 gCja3jbY2NQI5kHbbSCAWya6u6NVegrv3PGIrcrrN5rkconIaAj6m1u8bkgG5ZoymZitNNxsoj3d 0Rbwq1RYoXa6auv7TWGXs7JSLMJYKjcYnG5/g9NVWSmHJSTgUnR6tzteDXLzQ41xkfvCwFkehFYV 8cJTWR15inztSiX52tmzaCPD4FMwiq1EZCauEjHBRSbXBU8/TbzzNHHn+gp/df1hYhu44Y3xZHZj PIxUmXLXOdK3di8vvPYj3n381bPZ2k9mVWdhtAYqkV+Dfrk6B3IWtshh6xxT9hfZl7+NV7P3XMJi XPb97D34FH4i20J4CXF2B/78+lvrP2Z342fHeGsw3wPzC0sBJq/3GL5aFl+tlImddocrGK6p7bNA MabQamX9Lc0RWXb4mVeLZWKZpKyM4JWVSEVScek/PbW3byAa1xkIXHQrDxM11cc9JLN+vhLCt89q LS4xQ7HjchqJfSw/IDJSAqcvYXMak4zP2FghnMWz2W/j3i/gsfvJ2lfOv3ZFez9gewBwa/mLX6sK neAHfK3arJMt2OZoapnYPpMe397YZLPbbU1N2yf2T28fb2qy2x6FXNbhjMU7euM1dpdCqVK4HPGq rrbqKhd4buJbPzxzx7ZRmx1ju3V02x1nLv/kjtuHhywmk2Vo+PY7fvLF6xZaEvpKnT7RsnDdFx5c XGxu1RkMutbmxUU489ez7+BVyOOk4IlUOQMUWliDszB4leSXlIqkihu9Fdrxl88xHq/NbjIbG5ub Emy2NwvyKgMZNLLyuupvr7qlrYFxswLNb5RvJtUs3dU5ODjQl2hwOeRyiGTB6pg/aIMMS/j1YhNV Ex8e3J8eHorHjAa2cI1V1dXX1Uer3F4N8cujB7ePd3XU1zXUtTaP1QS8lEEGwdFg9PirZd0tzTTk 8OB9g+H2jt3tjYl4DROlmRBNg6uN38/qvQ90WQ7nmCjwQYX5GacqNszkzwVxLl9sRXIxZTP25yuW /NFUeb9TbqRq68e3r5wc315do9MXf1OoUdpt0WjXaUiezBaaqakPz+wNV0XZLwu4qeX4oc6usq+V uJz1tQP9EwdHR6LRinKoJazWWFXfSEODy6lW4Fv2dveyGSk2GWORtuYuWZU/QIG/wS3NJ/uCfl15 SfHZUsgbAv6upeZGXFe/IN7V2hLwQa6hM4Yiza099dGox2ugJGSJzujxxeK5nIvN4jWQY4Nls37D tFVzmJcXxtXEi7wje2+282nivht27WhsYAs/t6cxsQN/+E9qjctdW9uTrcHPDdXWOmxKOdG5/hh/ tVJPM13du1saE9GowyFd/wzvjcaA3wT6W/+TSmGzhEN5r3QP8FPM+jrWIwE/KjzLk6+9+TTvP8nX 1t/61Pp3wDGxMeckVAd6iK0uyNgQJkwblWUe15EY19jgqmS/KnB1JWulPPu1kVTz3noyu3Lj4HA4 H0UvQEiFgpIMbRs6cnnvniexSGykAsHW9miVxS6HijdXQTYFg5RRJiHM6z/weaYrdHpNuVRGFmkg p7FaHeRvshOGSr2yQjXr9505k/23pYF+htZq2SAaGRq+IdM/EAxDBq5RR8LDg2jj2xKu574RcRn0 mYv8y+9EuK/nb5BywHAVGi/IkwtRvPl9YMvLQmeVL6u3BtBNRyXHZmtT0+7J64caEzRttaof1tVW 7+yor/G6tVpCZbX7AtFoLNnTF43pDJSxtmZibPHXRw7/o1xpYZOMRISxQEyVS61mJtIaYmi3U1dO /OKJO+/eNekPyKQWczw2ULnT5cUWc2trevbOgM2urRCJLeb6uomx/QcmxuvrTKYLFx7pa22labbk Yj9L1dZ3tdfVe3zlFTJYOBZh/z2BN67Lfz5276Sk9m32Hy7v/WVHhaf47Bc7wWYXzBHWZ/tQc9Fz CL1LC09xKxX+fMQbqEUQR0n+KCLJFXQLEUdGuN8FdyS8ExUDPUqcR6dJhM7gS+g2eD7N9sGcWbif FJxH52Ds4/CegucxuMfh+UmYs4N/CZ1j++BZD/1j3FowFvbaRb6C/Ox7oM/BOw37TwZ4fxauARjz dbiz6/dxa7zCrXMS9j8D9z3AtxIdQRcwiX34Rmj/SkSIw8THiHPEFd4nSSF5J/k6+Qe+k78qEAjk AqNgUvCm0C68TbheJCl6qOipop8W/aZYVDxSvL/4+eLflAyW/LzUVBor/WLpV8tqOAn5EFst5SW/ 9afDo5v9u9FTORojCa7L0QQS4l05mocq8N/laBLG/DRH81EZkV9fgMSEJ0cL0RFeMEcXISXvJzm6 GInJohxdinTkYI4uQ37yco4WoaP8KzlajDyCl2B3TIKnQU9wnLA0Rgasz9EEEuPeHM1DEZzK0SSM eTRH85EW/3uOFiAdIcrRQvQWUZ2ji5CT91COLkY63q9zdCmqIjU5ugztJBdytAhlySs5WgxYuhE1 o0W0hA6jZTQHkTiNMohCX4IrjILQYkANQVY9DfcOlIS3XqA60QKagtyRQgl0ABpVMHuFe0rBPQX3 67m57MgemNWEWmG1BNoGdD/qg945bnwSrgyMTsLYFJqH+zLaD32LaOYD90fNi0uHl+dm0xnqS1Q4 GIxRQ6lpqiOZ8VKdC1N+KnHgAMW9XqGWUyup5etT036qp7OpdSixrbO/j5pboZJUZjk5nZpPLu+n FmeunY+A6Tm0lzsIu/UcMLQA2w/D0wIwjnrm9qaWk5m5xQVqOLkAHSyrs+ggiIQ9AhpKzR48kAQi AaOn4N0Cd8BlWMPHieQDV0+sTKUWplPLlI96z0Z/LWOj3NiVzZEhkB6rXTSaWl5hh4X8wdj7L/s+ i34QD/8/jW5gZ5ZbJcOtvTFyjlt7BEYMc6MGuJmsQDPcbgvcqG3vs2M/7DgD81nxXx05xa2dgeeN lReBTudUsw8UuMxxMM3Ny59thUVcgWT/F/QA5GbnVjKpZeicW6BG/MN+aiCZSS1kqOTCNLVtc2L/ zMzcVIrrnEotZ5IweDGTBr3vO7g8tzI9N8XutuJ/PxSxxrsM5rt4jRKuIqd5cXlpcYNdBJJjJXY9 J4debniGs1NuynAmdX2K6k1mMqkVdnCae72EqlEA2iGu+WHStRxM5fb3c9Q8jETpTGapOhA4dOiQ P5ljYwq48E8tzgf+9mUz4KGWOCykOBTPwtgNRPu5NefB5D5w68zhpdR0amVudgEA709n5mH8COek 8qBkAbAB3vcH9gx3Z+G2ws3IAOtJDqB50K8AcPYCfFIcaNgVF3PrsmMO5EC4kNs1CYdgZ7NgzQP5 YIFuD3H8TMFfCg6/CO/YOVPcGkuc6qYLVv9reQY4jaykWNBm0gDkAljPLAJCVxZnMoeSyykW5CsH 9+5LTWWozCKMTVEHAKwLMDU5u5xKzbNwPshh7VB6bipNHV48SCWnplJLGYA9O/wvrez/28Fw4H3O +n+EwYFNbnIYQOh/ABwvAsRlbmRzdHJlYW0KZW5kb2JqCjM5OSAwIG9iago1OTA4CmVuZG9iagoz OTcgMCBvYmoKPDwgL1R5cGUgL0ZvbnQKL1N1YnR5cGUgL0NJREZvbnRUeXBlMgovQmFzZUZvbnQg L0xpYmVyYXRpb25TYW5zCi9DSURTeXN0ZW1JbmZvIDw8IC9SZWdpc3RyeSAoQWRvYmUpIC9PcmRl cmluZyAoSWRlbnRpdHkpIC9TdXBwbGVtZW50IDAgPj4KL0ZvbnREZXNjcmlwdG9yIDM5NSAwIFIK L0NJRFRvR0lETWFwIC9JZGVudGl0eQovVyBbMCBbMzYyIDc3MiA2NjIgNTUyIDI3NiA1NTIgMjc2 IDkzNiA1NTIgMzMwIDQ5NiAyMjAgNTUyIDU1MiA3NzIgNTUyIDgyNiAyNzYgNDk2IDU1MiA0OTYg Mjc2IDMzMCA3MTYgNTUyIDI3NiA0OTYgNTUyIDI3NiA2NjIgNjA2IDcxNiA2NjIgNDk2IDQ5NiA1 NTIgNTUyIDI3NiA1NTIgNTUyIDcxNiA2MDYgNTUyIDIyMCA1NTIgXQpdCj4+CmVuZG9iagozOTgg MCBvYmoKPDwgL0xlbmd0aCA2NzIgPj4Kc3RyZWFtCi9DSURJbml0IC9Qcm9jU2V0IGZpbmRyZXNv dXJjZSBiZWdpbgoxMiBkaWN0IGJlZ2luCmJlZ2luY21hcAovQ0lEU3lzdGVtSW5mbyA8PCAvUmVn aXN0cnkgKEFkb2JlKSAvT3JkZXJpbmcgKFVDUykgL1N1cHBsZW1lbnQgMCA+PiBkZWYKL0NNYXBO YW1lIC9BZG9iZS1JZGVudGl0eS1VQ1MgZGVmCi9DTWFwVHlwZSAyIGRlZgoxIGJlZ2luY29kZXNw YWNlcmFuZ2UKPDAwMDA+IDxGRkZGPgplbmRjb2Rlc3BhY2VyYW5nZQoyIGJlZ2luYmZyYW5nZQo8 MDAwMD4gPDAwMDA+IDwwMDAwPgo8MDAwMT4gPDAwMkM+IFs8MDA0Rj4gPDAwNDE+IDwwMDc1PiA8 MDA3ND4gPDAwNjg+IDwwMDIwPiA8MDA1Nz4gPDAwNkY+IDwwMDcyPiA8MDA2Qj4gPDAwNjk+IDww MDZFPiA8MDA2Nz4gPDAwNDc+IDwwMDcwPiA8MDA0RD4gPDAwMkU+IDwwMDRBPiA8MDA2NT4gPDAw NzM+IDwwMDQ5PiA8MDAyRD4gPDAwNDQ+IDwwMDYxPiA8MDA2Nj4gPDAwNjM+IDwwMDY0PiA8MDAz QT4gPDAwNTM+IDwwMDU0PiA8MDA0OD4gPDAwNDU+IDwwMDc4PiA8MDA3OT4gPDAwMzE+IDwwMDMw PiA8MDAyQz4gPDAwMzI+IDwwMDMzPiA8MDA1Mj4gPDAwNDY+IDwwMDYyPiA8MDA2Qz4gPDAwMzk+ IF0KZW5kYmZyYW5nZQplbmRjbWFwCkNNYXBOYW1lIGN1cnJlbnRkaWN0IC9DTWFwIGRlZmluZXJl c291cmNlIHBvcAplbmQKZW5kCmVuZHN0cmVhbQplbmRvYmoKNyAwIG9iago8PCAvVHlwZSAvRm9u dAovU3VidHlwZSAvVHlwZTAKL0Jhc2VGb250IC9MaWJlcmF0aW9uU2FucwovRW5jb2RpbmcgL0lk ZW50aXR5LUgKL0Rlc2NlbmRhbnRGb250cyBbMzk3IDAgUl0KL1RvVW5pY29kZSAzOTggMCBSPj4K ZW5kb2JqCjQwMCAwIG9iago8PCAvVHlwZSAvRm9udERlc2NyaXB0b3IKL0ZvbnROYW1lIC9RS1BB QUErQml0c3RyZWFtVmVyYVNhbnMtUm9tYW4KL0ZsYWdzIDQgCi9Gb250QkJveCBbLTE4My4xMDU0 NjggLTIzNS44Mzk4NDMgMTI4Ny4xMDkzNyA5MjguMjIyNjU2IF0KL0l0YWxpY0FuZ2xlIDAgCi9B c2NlbnQgOTI4LjIyMjY1NiAKL0Rlc2NlbnQgLTIzNS44Mzk4NDMgCi9DYXBIZWlnaHQgOTI4LjIy MjY1NiAKL1N0ZW1WIDY5LjgyNDIxODcgCi9Gb250RmlsZTIgNDAxIDAgUgo+PiBlbmRvYmoKNDAx IDAgb2JqCjw8Ci9MZW5ndGgxIDE1MTEyIAovTGVuZ3RoIDQwNCAwIFIKL0ZpbHRlciAvRmxhdGVE ZWNvZGUKPj4Kc3RyZWFtCnictXoJWFTXvfg5994ZEOOCgCSm+bzDiLggKEioWpcRBhkcBpwZFlGB YRYYnc1ZRGIiLlEkmqAxmqiEEGJ9ftQYa5M8NDFtYhLXpFXr1xKbtEqtzatNfOnyDDKX9zvn3hkG tGm+7/3/M947557zO799OxcRRghFow2IRajIkJ7xZtXfzTCzA67SWkeDzfCG8AcY/xGhR87WWU0W W5EmFaFxR2Du8TqYGLk2ejE8wzqaUOf0r215fdpOhB6NRggbHW6zadxU/gRCP1gO60ecprUetAzl I/QYrCPeZXJau989+xY8T4Lr9whzI/FOJEOcbBF3ESFhofjLGFALY4tmmOFylo3mGIbbgNAboxFf gKTPQrvfhxYg/h4jjxfi8f4oJ+6BaSwtM8gm7OVssoMgZRRCcbGK2GRFrMLGoT4f+2jfTWFv1Mi7 33jlkxHu70WI+1J2lcCxigRFrDJWIee+Dn51IfiV7Gpn71XZVIL3JEBZ5PEoER4AZGLKRKU8Sp4A w8zYx7Mfzx6bOJazdOG5857cW1J64sTCivI175vNzMHgcqatrbgIV1a/FmySxwfbLJkzMF6zlvD4 PuBqAJwij5kEV4Ly/S74cNX32uXxXwJdd/8N9gy3DmUCbAJQTUkCqvLEsYnwb2xCfJQ8JQkms+Ah MyP78SwCAf8mZk8EnjISx7LbdUZjxTM5apwxfc/8Dw36dU/9psJU47CZa2o2LsrDMzJ/suAn2kKM V3s+tVUs5eYfnRQfh6dMMaqUE/mRU7S6ba3LluMxoye89/gjj06bqi+YnDJx1ITFms0vl5XgUaOI FCeFUu4gcBiPJiCUTIUAhWQC8djRUXKlPGUiJtoifMeLXGLfiROzl5avu7ihsXHDxXXlS5kfYn3J rt16o1G/e1eJ/nDwqDym05wxvaNDuCvc7ejAGen49vmAzxc4f8HnB8szyNN/g2sEquOQkmhGAQrI BtTZCWCVFD5lYtxoUQFREu0orrHv+PA623/areYaS619pfC3A214zwt9N57e9J+M3rDtwLLKEUxl xc9rrHjcI1lHp4xNxK2tOAaPea0d73r+wxcrKsrKXyae4OnvYW8BZYVkEeoHRLKxEnklWCSWyX6c 8MTe0umKi35mhs/Piop1ukK9YYXwwh780h4cVbKkmMs6MiUxAXu8n3zq8eLE+NTOCWPGvPIKHolj 217Go+MIvXRQ8l3wkgRCj6oxQXRTZVZm1kzQNHP3mCU5BacLl04cO1ZWdkoev2/S5FpzS186e6lF 905pCbHSE6CvacD1CIIPS8bIJixnZQMmojWwVBa4TaYiS5IqKksyJPPeH0pKVQvc+1Ysw11d8yur ml632PCG9fcwg/XGF6uXLTdYqiuX/W3tWiYzM3Ndzaw5GLscb07WBjd22qZnYFxT3XGqunrM+kVq PDYxrTMlPm79eiJbNrD2jayNyhZLpCJ6hCAADWYR+WJxPV4nbJk4wX/q1NUlS5qaZG3CBy3B9uaU lP3FRZeZ6hY8j0i3GqQLgHSj0PgB6YirZZOAAAniGFHAWHALxrenpLS0ZM/u0hKMS0p332nehvG2 5jvfNDU3N7G/9/nPnSNOdu5MwPdya6twW/hraxvGba04Dse3toZyAVB7QC5I+N65gKs+GkoFIv8V YGMaQxhSimiRJJFhYgIsCZQ1U/RntqOra07Z0icvNG7Y0HjhyaVlwbM0eIxGGkjs20zlt7cPW9Mz MIRPNI7u6JieIYyl0XOBRpIoB1sAchDtEz1FCpEJQiSyBbxy4tSX9UaI1xXLt8Yljn2MfXPMsCiM Lbb3gsdBBFsGiMBxNA+ADAdBhlFUhqEhPyQlpCQAHfbmoLAPtgxKCrNPnGDSI4Ke0Q/OCNbDQAyk KEVInsVVo4dIDo2j/7CSZZWlXX+62f2nm13Cte7//qabq+7by64k1712dm/fSrLz9f4erhx2JpIK kRkbcpmQ+okXHu2aN/epF8pLwO1zy5YGPjBb8UnmUND0SlFxVeWPmXX32o/YZmSsXSt5RSuwFENz Oc7EWAnecfIEk/yX4FFm1Z3gmRPy+D477gn+PXiEUQY/hz3nEJLNgdoznO5REMpwV547z3xx/nww 6bzsarCVsfROZc4EZxEdAzz3LMDHiL5HUw7RdDLJNYmEZ0gLeLfwbKEWY23hs8IP8dneTY0YN27q Fc7L0oO/xAWapi0FmkOQc6594VkdPEy8DzJ4BY0eYrkhjoaHOGIiRKUSp0c6G+Mb5IlzurqY9AhP C74x2A3Nnd/+E6j6+m/IumV3pJgFKnGMSDmOAf/gxZhN5kXKbMrnGzZjvHnD57/bSMTZ+Ds869Q7 GL9zSjgjfPjOqVPvyLT4tYPCTeHmawcPvoYfxY8efO3Hl38tvCK8cvnX+PJlXINNv75MdDgadF4H OmSIpTBWYOIuClbJvCt8xSQL624ysy5vC1ZtuyobGXyEPdo7FTcKG8FWe0H3BcAvqXKQqkhupN9Q gcmSooYUZfLFzcz7fVrv2Y8zTSnJGDx9S5V9VX3DKvvSPz/zTJJy2bgtWzs7O9ecPzPHUVhQsEa7 WKHIuTh93CPYF3h/ud7geeyZHUD1GvB4FAmkW8uGxHjtyhVBIFJshWhrCWsvSdQeyeexo8WMRyKN ZLw4qETM9lZdMcbFutZWqEHFrb1bn356a++9p7divPVpWfG+A8InwsWXDmB84CU8E2ce2Nf+8Vmh SWj6+CzGZz/GDbjh7MfAy1yhBGpuNYoFDRKvgARN4iWb+Homs7tIU/Dkbod2ypRMhTDnNK7Elafr zs6dh/dPmLDVyOn6XmAdJOqOCd8w6+RjCBYslc5EJSiR1LJsZl3TAtXCBVvbX9QsLtC8JB/zp+vX b9260XPzLz03rn/Rc+M2kf0jtpMhHRvtm7AYMrHY3clM6ISAucpMJRdQOgiU3CKluEwpQKKUks0O tu9drMFYs3hv+5aFCzBesFA+5vaNni+u3+j5y82eG7duXb+OBsXGTKA1U8qSUowkgo4Vg/qvUCGN iBa2Q298Yc8Sg2HJnheM+q7GDcK9mpLSJcXFOsNbFRWzy5c++el6+Hz65NLy2V3M3DNuJ8ZO95mz TpfL+V/C9Wd2jBox/mepCQlVlT9fZp6RQSsRh9m2l2dk1HSKeSfqMeBwCvAnVZ9E0MfMgao08wG5 nZusrq7a/EZVJT4xa1Zgp95wYtbsNc/Bz4l5S8ueaCgrYZufnDMb44Z1N0jZai/SiWWLaevQQW4J lTCS/+fOI74B0UF8Q050jUlMzRVdQFjeC7nXyB65106s39Y/Bp8Gf5ZRf2aVcXeuHNyoF44Iv8AL yPpAT0w7YuiG5fHf3kZirsS7qdXpyrnzkB17aW9uwb9nGpnNdAUi08I8GrzJbD5I8mV/v+wYzZe0 w8jkxeyiSFaQ/ALWS1bg3X/HWTufw/i5ncIFYSF+Bf/04nl88aJQLJhk6ffqd2zH6Th1x/ZDb74t bBTWv/U2BjqAl7tN8Y5Fk2nvEsqYA8MURYqCeABJB6FeHajh3A4Sgx3Cu3jq7oL8/ILdwtXzDHfr qSfxAtU68JBtzb3BPzPngp/nLtyxPXchYxPm/TDb65mVjQ9VV/+0eYk+TmGpfRHcAxPZSRZNgTwQ 6kZTeDEVJIeaYSUneiOpELIUm8+/Sehvasa4uQnjTX6fbVWg/mnh9dPwwYYta9fIaq5WTk/DrW1C t/Bb6JDT06qv5E+YgC/9EtfiWrgnJQPVw2BtkkPlVONQ6BSH2V8Eb1zBQjBTdrW0dyMcmlj0DNTX 7TRHTUcLBqKdJg1QUDI5p8wUPTYhQkuk7tLzCysfKEXEgZnt4KcG/c6dBj3WG4Qfb15UgDc0fvHF hsb8gg27DEue3vrPu5shpxn0zxfggvzNmwo0moJNm/MLmI+gGDZt0xbqtE1Nhdqy8RXlG4/bazGu tR/fWF4xXlljee4zUrA+e85So8TzAwtUqgUBn5gWSBbYANm2CSThQRKUnSUdNuIiu2ZwqFhSsIB5 HFE+icDXtTrd4jOr7KPmlC91/GHTZtB9D2ah6zx0WLhZWKjD87YVFxUVb2vWQVIY3zUhLh43bcFx pWnpYKatt2/u2E7TMSlko0YxL65Y0dFetWJFVXvHihViXICWxR6CtNDSdY49FhxH+gbmbt88OMgK eZ3Bnk4JXgnwwyLglefYiqCHKQ4eO09A8zuD2VJ3khmCJF0p3JTn8Ghm74fCneDKD2VX743nrvdO 5a7fG0+0dAdsfJpTinmZVCtynr1z5QqpWZxSIKfz/oXMcTGGSYpgojuDdyFnf+uEtTnAVwNkkOGk KoNLkX+QSTiLsAp3dgsnhZPd+GeCtxtPxpO56uDvg+/jLiGfKWDGCqtxC6F/lP2SdQJ2GcWhzIrL ZGX0jjeSJIP3kzv75et4vvD+6/R+/y6ak5LpHaOBXbKrNEMdCeWp/r2CjWajETQbka5WrIZZ587b 6m4Uzt/yw2xIT7uF/254onPx4g9APignXAXNGShbESvLSs4kqhdwgbAPW8/jgr6DnZwvvyu/9yqx Uit4nA88jlQdEhfgaslyqdJkh076EsmZQzoQUufY+TsNS/CLLwl/rqqx2g1Ws+uU1YyXrfjx0bdf KC5aYnjRWFnl9VktS2+Cq+G8fDaZN9Xs/LzhCYzjYyeeznh4HF68uOVpKJGHfjR7tW/e3DFxyW+O jx1NQuYpYyli+q8JpTRTjxDra2y8qIOxtIMm7zGWGN7Mm2GfmIzp+4wdv6mqbsUZ0/fJJ5H3GlDD sVvyBLF6i6VbyvTcSmoR2hWDL59nftNXBfoE1YhdsMwI64koSdROYpySJW2YkvQCnKgt8Ffp/Kdk n10wf+68T7p/XqBeVP+78/gsRuvX4wU5wWeEXVrSA2h3Me8mLspfL9Thxj0ZM4LNsqt45arfPrti BVMU/Co3Z/Om3IXAVxPYpANsEnoXE4pv+i6G5PnkQb3ATOldDD2kQyXg8v3W2spD5RU/mv0fT9xw rMS7dgt/XrWmofGJ+jXeI1WVObn71/VYrDu2/6PO5ZQd/Cj70UcXqAKWGZnjH0ld5XrrM/dq/PDD 6b/KS1Lm5jQ658/lH55WXf2Tj73euHiiFQto7SDta0fQvpbNJGYgGsli5QKDhSzh6tVzwUpZcl8P +0lf5mGhHVefJvouh3PgNYg8MSNg0txixWp2ZVDLvNn3FPNm0MpVH+67tvswmwzYaQWnUU7gxSin dfwKCRSI82B3uJrnQm9yCHh6KNQVkKiHyM69iGfjWT3k9onQLAgfCR8IkE3GcF+Rq3eqbHTvHckT 5OOl/QqQiXiKkiahafgp3IinfSQ0XhAaIRP1RbN3Yd/4PsSh3utk70/7e2STYW+C6J1id5wVS4NV Qd4QHb9QVnb6/fKyCzufF24Jf2x5HgOawB37KoxX2e+w2/uWC9de2LPnBUyk9gl3pdPKxPtPK3FY SepTSqjUSoeX+w4t83HM3z9PGj1mtHhkwT8SDzG19gccXnp/JXz+NYMZjH99GZvI4YWeZu51nYDs 0we2vgWyRYPlqFJBMVw3bsMHuoN3LkAk7Wdsfd9A7j8jaVG2Usw85GRKFInpIbMNc8FH2XHCP4OZ 5KjZzNQH8/t6mF8GZ4gd3cDZFIvnWfi3sRv7cKBb4BnULSwXln7GJEhNd2bfXWZdcAv7GKEZOmVB h6AQ7c4UBD++grvxZ5eDZ8DWidyXpHuTodX9PVGTqWZ5NAM9jvIGdwo0jCI6A1psKYB84J2nMpn4 FWm3Qq9ESdDJLpXNyMiYUVaSMWNGRsnLlVAzW19dvgJXrXjl3t1SaKVhrQwa2BmZJWxTe19FO3uo r+HlqsoVVW3ty1ZA8O/CmoKnN2sWL9Zs3qTVbMBO1zvvOlwux7vvuJ2MCc4Om7ZoCgo0WzYuXtz4 7d/kI2D9FPRlLue7J11Osdu9wVlAC8lSrQ0laGBSEcrm4UM8SeGfs48E26dOmzqt9/ldeO9e4euq anNtRXX1qiM2C3nrckRftMRISvTzo6Kj8Lbm//oGDnGxo/kLGYkP4+XLWg8sXwaJGjzktvAYFy8c ofkV4pmLv/db4UhLC3hyC/C0V+rKBr0JJJoO5zVWemFD9Rnya/Iq8CDtUpppx4KHFWp12rP2VSNn V5Q7rm/etK35utC3rfnwf+AfwAI7B1qVV1dUYdD4q9CsMA1dyvi4pibh67L0tG3Nf/nT9h3S+RK8 e9Qo6WxYDjUliuqLZBbFMXz4zh0BJlu+7WshOj1DT3Xx4tlPQd5GZDFuofzrr+Xxd79okXMtUldM Os9k8kZakaWIlQ+WIpGKCa1y7OjEsQqQnTstvM2MCTz7bLvw6ocff/whrtq1ZZNn9VPrtwt/3fbM M9tw3MoSw1W861Cw0TAlFeNPL2Indn56ccKEvN9Uzpi+b59wSbi8bx+OH4MYnEXSMa1tkCGTaYaM ZZUszrpw4UJ8R4IAqS64WjiArcDpcgiB8eFuTMq9Pm5PXzF75t5c9lhfrezq/nvuzv3cLoDuRpWy a9whElXQIyXgLCy7du8uF90ryBj2jrBL2P02vnQIX0KDYeOyKGy3jOkVODl7520h/ZCQ/jZ2Ekbb IMcmyt4DbsmbBAWrYFkF9EzACb2UcfTKUtCLSxQ+N+Lk3Do8wd5ei38ovKrH84QDde21wrXaV+uE j3C1UXgP223sFuE42ySY8CuCab9wfJ9Qg9vItQ/r9uNXCN1uXC27xnZIf/1QJNAvZZFcbMfhO530 7zlw1d+6NaFq1I/+Qf5wNfQDndhjUYfAHzCRVPrAniinAIkoZk1/TX9N1KHwX4ZCnxLuE2Tjevp7 ZWPQSWYWep+bitzMdrBGPDrJ3UarORtazVxC6dwttI5VomzuJlpNYGF9NVtAf0/Kt6NSmDvKdcCY Q+e4K+gcWZdrkU/WgEbLEtFewHkNfpu4d9Fcdjw6xh6F3mc8Okjgoi4ALZgHmDbCA7McnWN6kEU+ GfA8BddewJOIDsO1Ha6NspFAYz/M9wHccXQHLgT753DJwANczPL+vQB3Ha5WZlb/NSYTfcQFAL6F 8tUE8xYuE5XDvraoL1Gu/BbMX0PHCb+giz7ZfHheh+YS3qP2g7yJqI1D/bfht4XyPh6dkWciH5uF swBuufxN1C1dbeQX9JqAJiE99CJvwfcOVGkr3oav4P9h0pgy5nnmBPMPdgw7izWwq9i97CVuBDeZ s3AerpP7hPtKxsgmyAKyLtlF2e9kX8r+KWfl6XK//A35B1EpUYGoZ6M6ok5GXYjqjuqNToieHq2J ro7+afSvor+I/mrYlGENw/YOe33Y6WE9MThmUow7ZmvMqzG/iLk6PGf4huHPDr82/K/D+x+a95Dx oVUPbXxoz0OXHvoj9YgStIh0mRF/OYz8jMUjw/OzwzAYxcETlv7OKENV0piNmOcixjLoXizSWA49 a6E0joL8+7o0jkYjox3SeDh6eNhmaTxiWBzyAGbMQX5A/mEHpDFGE2NGSWMGxcQslcZsxDwXMZah h2PM0liO0mKypHEUqo75hzSORj8Y55PGw9H0H7wqjUeMmRizLsftafDaa+v8/CTzZD5j+vRMvqaB J3+F9XutJmcqr3GZ03iVw8HrCZSP11t9Vu8aqyUtDMOXWr0m3mBy+cJTZIZMTNO7nSaX3uqwmnxW fkbajOnfi96ImAcRHBEzhKTdx5t4v9dksTpN3lW823Y/nhExxVav0+7z2d0uAl9n9VqBXq3X5PJb Lam8zWu1ko3mOpO31prK+928ydXAe6xeH2xw1/hNdpfdVQt0zMA4gfTXWXmb2wWMmcxmt9MD4ATA XwfYHXaz1QWCTkrKIxBJkwGZhTf5fG6z3QT0eIvbHHBaXX6Tn/BjszusPn4SwUg38Aa3zV9v8lqT JlNOvFaP120JmK0UjcUOotlrAn4r5WHQhlTe7jI7AhbCSb3dX+cO+IEZp10iROC9ojYBbcAH8ESc VN5ppVJ7AjUOu68uNYJGKqGZ7vbyPiuYAqDtwKok/hDShDlA6yGK9kuqo4Tq69zO+zcQM9gCXhcQ tNKNFjfvc6fyvkDNSqvZT2ZEHTsc7noikNntstiJHL7ZxKBGWDTVuNdYqQyiL1EWwo7gcvvBED5x ltjFM+AD4hrvqzOBWDVWSW/AiN3FmwZJ6naBZ3h5p9trfaDgvL/BY7WZgFBaiK3B605TA6HgdFvs NjtxNpPDD+4HA0Brslio9KL6gLjH5AXOAg6Tl5KyWH32WhdlpNbR4KnzkU3ES01mQOIjO0Ic+YZS Er3OIirN5HgwAmlPiI8BbMCey9HA2we5OojjtZL/5UFhycBHVElsEwoRK/idVWS+3u21+PikcDQm EdqhBT6JBG+SpDSwjlaKmhorxBPBGwA7EBHWuO1h1qxr/RA3vMnjgSAz1TisZEGUHnAPMUydyc/X mXyA0eoarBUgN+DjFj7gskgsJw3OLUmijN9tWZ/bQaKbmo4YysQ7SBaBmAkBekzmVaZaEA3i0eUO 55Dv71qDSEHiAiatDpvIVr6azyvSGXlDUZ6xTKVX8xoDX6wvKtXkqnP5JJUBnpNS+TKNMb+oxMgD hF6lMy7li/J4lW4pv1ijy03l1eXFerXBwBfpeU1hsVajhjmNLkdbkqvRLeIXwj5dkZHXago1RkBq LKJbJVQatYEgK1Trc/LhUbVQo9UYl6byeRqjjuDMA6QqvlilN2pySrQqPV9coi8uMqgBRy6g1Wl0 eXqgoi5UgxCAKKeoeKlesyjfmAqbjDCZyhv1qlx1oUq/OJVwWAQi63kKkgZcAg5eXUo2G/JVWi2/ UGM0GPVqVSGBJdpZpCsqJDoq0eWqjJoiHb9QDaKoFmrVIm8gSo5WpSlM5XNVhapFasMAEQImiTOg DrJhkVqn1qu0qbyhWJ2jIQPQo0avzjFSSNA9aEJL2c0p0hnUS0pgAuBCJMAg+WpKAgRQwb8cyhkV XwfiEjzGIr0xzEqZxqBO5VV6jYGwkKcvAnaJPWEHkbEE9EmMp5P4JTYic/d7B0CR3ZKAuWqVFhAa CBv3wVL/Uq81Wz1+4t9SkItJkiZUMYumUs8VkwG48SIXhK84R4fg0xBftAKJWW4gxEhxTpWSMEkj 4OFQlcQkbFljhUzoIykFYsRNkkq93UfjHcqh0y3VP5/JAcRgVxgKcqbJAdt8YTYHB1WoMHq8dthS 77X7IaXwpgDMeu1PSCXZK5WsoRIQKkP591p9HqhY9jVWR0MawHpJXaOc2F02t9cpiU7VZ/bPDuVS P19LkVtAcLe3Nq3O7/fMTk+vr69PqwlRSINUiHKQG5rEBuRFdlSL6pAf8dCEm9Fk+M2AJnM6yoRR DUDwaCHA+JEPLi+yIhNyolSY1SAXwKfBSIUc8OWhhQ/h8tEnK/xaYc8auFsA8n48PCqlECYYGeDu gtX7oUIwIYhpgNsN8+SJUHFQOEKLvAxKg2v6/0P5RqCY7y0hgf1uKe10Jxn56YwFVogkXrQK5tzI 9r34IVcxxemkGH1wd8N6CH8dXbNK8tVSSi7AR7gkuGx01RqmaIYdhIdamEulvLkply6630Ox+SQK bsDqhzU7PJGrVpLHLGk8hNNPuSC03JS2KLeZwjkBUsQewkCgRd4d8GuGnS7JopNQEsoL40iiFiR7 LfTXR/kywx6TJB8PF5kJABUr3UVWQvqxwchB7UYwh3gcoED8kPDvR/VUI1ZKcUAnZMYDdzdQCVA+ B7ixUAn81OdqYNVPV0M0/jWFVGo3Yl0H7LKEdVJP/aAOoAN0H9GMk85FShTC7x3kmyK3AarD1Ajr kLGT2jNkaw9A1VDcPtid+i/kSA3LmQ6YvPDko5HnCOO2S1odbP3vljqkOZFbT9ij/UO8bkCieqoP 5/eiEIoGG8jgpd7qo3sGKFrondBIpb9EEysBwkzxiTCRfkzkdVO7iBYyU9oWyrFd4nR2OEKN0k4T YHXTHDFgh8i8NKCF+zOCC+D9UkT4BsGG4mVAa5F5IHIfT+U2SdaqkTQz4G+iRux0n+k7bEowiznD S73ILWn5+1qcwDRQfm00ExDcafdp67v2E700hGVw0ii005gOZTbCv1/KfuKMyC3RqyXC9pHeJ0ru oVREnQUAi4nuC0llodwSm7kiNFILcESiOmnOG5FLTdSLRB8O0RiqI9+/lSky11kGeZqJ2un7czCY zlB9PIi3VMnmDrrP/h1Z3StlICvlyzkIb2jGF/bKUNwMrSJWKd9ZB2m+nkplofuTHlAbk8JyD91B 4EOVN2mIp4mxox1Sa2po7Lsj+A1I8RCywhpYtT9Aa1a0luraJUW0B75iJTPR7GoN74i0vcj3d0dM Hc32PP31STxaqTf9a18RpXtQHierAQo1WMsP0iwfob1IO/5fYtZHs2iodg9EXSiiSCfhCPciXmnH YIwe6tmr4F4rWU2sjy6q36F9yP+PrPWvpaqRYsUv1UfbIG3lIzWlVYR08ERoFcGTEZVBh6mnaxqY 46G308NKKTzlwmwutY+KrpD1JBqZZTAmGItQCcUl4tDDneBeCjMEN0+fydNigNcBLrJXjcopDTVg M1BIPcVdCLNa+FVLcGRHDsyUwDMZL0KkOxXp6WCXkcYQ2Ud4ETk1wvwA1cFcaSjFEGeF8KQH/PnS qgpwayg+wn8q1RQZ68J85kmcqqiOCGaCMwc40tInMlsCv8UAZ6D6VFGZRW51VIY8WBdlUVMOREuI HOXAbzHQJhCLgC8j5YJQMkqQqVRCIk8u3U+oLqazImdFkpXJeABLmqRLkQ+i/9IwZQOVXwtfnspv hBkjtY0K8IfwhnxnEcVQGPajEiqfiuqhiFJYSNeIFok+tWFIfYRVcqi+iN0I57mUkopqxPBASULY BlvnQd4RorCIyqemmtJSaAPoUQ3wmvCM6I8aKmuOpFsRp+j3ok9oI7SbQ2Ukll0CVNWST6mo7gZL IUYI4X9ACtECKumeE6GzAevrJOvmhG1dRL3sfq2U0VhUUygVtbUhrIU8Gr+FEuclER4WsmOJ5J9F Yc4G6zcURyG475M7RFwh2oMtmEv9SStxaAhr49/jHchfaqhxZnr+8Yfz9+BKHtlJDnSokb1oakTO jewMxGy8iMI6h8ANzIp5WqxfA2egyF7uQVUsdHIWe/yBTjjUjYg5XDwrRXbCFtqziz2hL9yliHXE He5U6unqQH0XT4dOChF5/vNRuqJkAWnHUFxin2minQOh5nuANr+rUg09MXpo7Rep1NOxX+pSiHwB CZbMPzHklOwdcsr6dzYIyfLv9O+l9vZIZyw71TDpL9MkvF4UOq8N6IRowEbXnEOsPuB9BNtsNLQv JTqojeDcIlncTfuLNHr+8gM3s+FUmw4aIt808IehMqRJXeH/Ai+gEt5lbmRzdHJlYW0KZW5kb2Jq CjQwNCAwIG9iago4NTE4CmVuZG9iago0MDIgMCBvYmoKPDwgL1R5cGUgL0ZvbnQKL1N1YnR5cGUg L0NJREZvbnRUeXBlMgovQmFzZUZvbnQgL0JpdHN0cmVhbVZlcmFTYW5zLVJvbWFuCi9DSURTeXN0 ZW1JbmZvIDw8IC9SZWdpc3RyeSAoQWRvYmUpIC9PcmRlcmluZyAoSWRlbnRpdHkpIC9TdXBwbGVt ZW50IDAgPj4KL0ZvbnREZXNjcmlwdG9yIDQwMCAwIFIKL0NJRFRvR0lETWFwIC9JZGVudGl0eQov VyBbMCBbNTk1IDYwNiA2MjkgMjc2IDUxNyAzMTUgNjMwIDYxMCA1NDUgMzQ5IDYwOCAzODkgNjA3 IDYyOSA2MzAgNDA4IDYzMCA4MTEgNjI5IDU3NCA3NDYgNTk4IDYzMCA3ODEgNjc5IDYzMSAzMTUg NjMxIDU4NyAzODcgNDU2IDM4NyA2MzAgOTY2IDU4NyAzMTUgMjc2IDI5MyAzNTggNzY0IDY4MSA2 OTMgNjMxIDYzMSA2MzEgNjI3IDU3MSA3NDIgMzM0IDMzNCA1ODcgNTE0IDUxNCAyOTMgNjMxIDYz MSAyNzYgMjczIDU1MyA2ODkgNjMwIDYzMSA1MjEgMzM0IDk4MSA4NTYgNzI2IDc4MSA2MDYgNjUx IDY4MCA2NzkgOTQzIDYzMSA0OTYgNjMxIDM4NyAzODcgNzY5IDM5OCA2ODAgODMxIDgzMSA4MzEg ODMxIF0KXQo+PgplbmRvYmoKNDAzIDAgb2JqCjw8IC9MZW5ndGggOTUyID4+CnN0cmVhbQovQ0lE SW5pdCAvUHJvY1NldCBmaW5kcmVzb3VyY2UgYmVnaW4KMTIgZGljdCBiZWdpbgpiZWdpbmNtYXAK L0NJRFN5c3RlbUluZm8gPDwgL1JlZ2lzdHJ5IChBZG9iZSkgL09yZGVyaW5nIChVQ1MpIC9TdXBw bGVtZW50IDAgPj4gZGVmCi9DTWFwTmFtZSAvQWRvYmUtSWRlbnRpdHktVUNTIGRlZgovQ01hcFR5 cGUgMiBkZWYKMSBiZWdpbmNvZGVzcGFjZXJhbmdlCjwwMDAwPiA8RkZGRj4KZW5kY29kZXNwYWNl cmFuZ2UKMiBiZWdpbmJmcmFuZ2UKPDAwMDA+IDwwMDAwPiA8MDAwMD4KPDAwMDE+IDwwMDU0PiBb PDAwNTQ+IDwwMDY4PiA8MDA2OT4gPDAwNzM+IDwwMDIwPiA8MDA3MD4gPDAwNjU+IDwwMDYzPiA8 MDA2Nj4gPDAwNjE+IDwwMDc0PiA8MDA2Rj4gPDAwNkU+IDwwMDY0PiA8MDA3Mj4gPDAwNjI+IDww MDc3PiA8MDA3NT4gPDAwNkI+IDwwMDQ4PiA8MDA1MD4gPDAwNzE+IDwwMDRGPiA8MDA0MT4gPDAw MzI+IDwwMDJFPiA8MDAzMD4gPDAwNzk+IDwwMDI4PiA8MDAyMj4gPDAwMjk+IDwwMDY3PiA8MDA2 RD4gPDAwNzY+IDwwMDJDPiA8MDA2Qz4gPDAwNDk+IDwwMDJEPiA8MDA0ND4gPDAwNDI+IDwwMDQz PiA8MDAzNz4gPDAwMzg+IDwwMDM5PiA8MDA0NT4gPDAwNDY+IDwwMDRFPiA8MDAzQT4gPDAwMkY+ IDwwMDc4PiA8MjAxQz4gPDIwMUQ+IDwwMDRBPiA8MDAzMT4gPDAwMzM+IDwwMDZBPiA8MDAyNz4g PDAwNEM+IDwwMDUyPiA8MDA1Mz4gPDAwMzQ+IDwwMDdBPiA8MDAzQj4gPDAwNTc+IDwwMDREPiA8 MDA1NT4gPDAwNTE+IDwwMDU5PiA8MDA0Qj4gPDAwNTg+IDwwMDU2PiA8MDAyNT4gPDAwMzU+IDww MDVGPiA8MDAzNj4gPDAwNUI+IDwwMDVEPiA8MDA0Nz4gPDAwMjE+IDwwMDVBPiA8MDAzQz4gPDAw M0U+IDwwMDIzPiA8MDAzRD4gXQplbmRiZnJhbmdlCmVuZGNtYXAKQ01hcE5hbWUgY3VycmVudGRp Y3QgL0NNYXAgZGVmaW5lcmVzb3VyY2UgcG9wCmVuZAplbmQKZW5kc3RyZWFtCmVuZG9iago5IDAg b2JqCjw8IC9UeXBlIC9Gb250Ci9TdWJ0eXBlIC9UeXBlMAovQmFzZUZvbnQgL0JpdHN0cmVhbVZl cmFTYW5zLVJvbWFuCi9FbmNvZGluZyAvSWRlbnRpdHktSAovRGVzY2VuZGFudEZvbnRzIFs0MDIg MCBSXQovVG9Vbmljb2RlIDQwMyAwIFI+PgplbmRvYmoKMiAwIG9iago8PAovVHlwZSAvUGFnZXMK L0tpZHMgClsKNSAwIFIKMjkgMCBSCjcyIDAgUgo4NyAwIFIKMTAyIDAgUgoxMjAgMCBSCjEzMiAw IFIKMTQ4IDAgUgoxNjIgMCBSCjE4MSAwIFIKMjExIDAgUgozMDAgMCBSCjMwNiAwIFIKMzE0IDAg UgozMjYgMCBSCl0KL0NvdW50IDE1Ci9Qcm9jU2V0IFsvUERGIC9UZXh0IC9JbWFnZUIgL0ltYWdl Q10KPj4KZW5kb2JqCnhyZWYKMCA0MDUKMDAwMDAwMDAwMCA2NTUzNSBmIAowMDAwMDAwMDA5IDAw MDAwIG4gCjAwMDAxODE1MjEgMDAwMDAgbiAKMDAwMDAwMDI0NyAwMDAwMCBuIAowMDAwMDAwMzQy IDAwMDAwIG4gCjAwMDAwMDI3ODQgMDAwMDAgbiAKMDAwMDE2MzE5MyAwMDAwMCBuIAowMDAwMTcw NzUxIDAwMDAwIG4gCjAwMDAxNDE2NzUgMDAwMDAgbiAKMDAwMDE4MTM3MCAwMDAwMCBuIAowMDAw MDAwMzc5IDAwMDAwIG4gCjAwMDAwMDA0MzEgMDAwMDAgbiAKMDAwMDAwMDQ4MyAwMDAwMCBuIAow MDAwMDAwNTM1IDAwMDAwIG4gCjAwMDAwMDA1ODcgMDAwMDAgbiAKMDAwMDAwMDYzOSAwMDAwMCBu IAowMDAwMDAwNjkxIDAwMDAwIG4gCjAwMDAwMDA5MTggMDAwMDAgbiAKMDAwMDAwMTE0OSAwMDAw MCBuIAowMDAwMDAxMzgwIDAwMDAwIG4gCjAwMDAwMDE2MTEgMDAwMDAgbiAKMDAwMDAwMTg0MiAw MDAwMCBuIAowMDAwMDAyMDczIDAwMDAwIG4gCjAwMDAwMDIzMTEgMDAwMDAgbiAKMDAwMDAwMjU0 NyAwMDAwMCBuIAowMDAwMDAzMTg0IDAwMDAwIG4gCjAwMDAwMDY5NTEgMDAwMDAgbiAKMDAwMDAw MjkwNSAwMDAwMCBuIAowMDAwMDAzMTAxIDAwMDAwIG4gCjAwMDAwMTQ1MjYgMDAwMDAgbiAKMDAw MDEzNTEyNSAwMDAwMCBuIAowMDAwMDA2OTcyIDAwMDAwIG4gCjAwMDAwMDcwMjQgMDAwMDAgbiAK MDAwMDAwNzA3NiAwMDAwMCBuIAowMDAwMDA3MTI4IDAwMDAwIG4gCjAwMDAwMDcxODAgMDAwMDAg biAKMDAwMDAwNzIzMiAwMDAwMCBuIAowMDAwMDA3Mjg0IDAwMDAwIG4gCjAwMDAwMDc1MjIgMDAw MDAgbiAKMDAwMDAwNzc3MCAwMDAwMCBuIAowMDAwMDA4MDA2IDAwMDAwIG4gCjAwMDAwMDgyMzkg MDAwMDAgbiAKMDAwMDAwODQ3MCAwMDAwMCBuIAowMDAwMDA4NzA0IDAwMDAwIG4gCjAwMDAwMDg5 MjggMDAwMDAgbiAKMDAwMDAwOTE1OSAwMDAwMCBuIAowMDAwMDA5MzkwIDAwMDAwIG4gCjAwMDAw MDk2MjEgMDAwMDAgbiAKMDAwMDAwOTg1MyAwMDAwMCBuIAowMDAwMDEwMDg1IDAwMDAwIG4gCjAw MDAwMTAzMTcgMDAwMDAgbiAKMDAwMDAxMDU0OSAwMDAwMCBuIAowMDAwMDEwNzg4IDAwMDAwIG4g CjAwMDAwMTEwMjcgMDAwMDAgbiAKMDAwMDAxMTI2NiAwMDAwMCBuIAowMDAwMDExNDk4IDAwMDAw IG4gCjAwMDAwMTE3MzAgMDAwMDAgbiAKMDAwMDAxMTk2NSAwMDAwMCBuIAowMDAwMDEyMTkyIDAw MDAwIG4gCjAwMDAwMTI0MzkgMDAwMDAgbiAKMDAwMDAxMjY3MCAwMDAwMCBuIAowMDAwMDEyOTAx IDAwMDAwIG4gCjAwMDAwMTMxNDggMDAwMDAgbiAKMDAwMDAxMzM3NSAwMDAwMCBuIAowMDAwMDEz NjA2IDAwMDAwIG4gCjAwMDAwMTM4MzcgMDAwMDAgbiAKMDAwMDAxNDA2OCAwMDAwMCBuIAowMDAw MDE0Mjk5IDAwMDAwIG4gCjAwMDAwMTUwODMgMDAwMDAgbiAKMDAwMDAxOTQyOCAwMDAwMCBuIAow MDAwMDE0NjQ4IDAwMDAwIG4gCjAwMDAwMTQ4NDYgMDAwMDAgbiAKMDAwMDAyMDY0NCAwMDAwMCBu IAowMDAwMTUyNjQxIDAwMDAwIG4gCjAwMDAwMTk0NDkgMDAwMDAgbiAKMDAwMDAxOTUwMSAwMDAw MCBuIAowMDAwMDE5NTUzIDAwMDAwIG4gCjAwMDAwMTk2MDUgMDAwMDAgbiAKMDAwMDAxOTY1NyAw MDAwMCBuIAowMDAwMDE5NzA5IDAwMDAwIG4gCjAwMDAwMTk5NTYgMDAwMDAgbiAKMDAwMDAyMDE4 MyAwMDAwMCBuIAowMDAwMDIwNDE3IDAwMDAwIG4gCjAwMDAwMjEwMjQgMDAwMDAgbiAKMDAwMDAy NDgxMiAwMDAwMCBuIAowMDAwMDIwNzY2IDAwMDAwIG4gCjAwMDAwMjA5NzYgMDAwMDAgbiAKMDAw MDAyNjQzMyAwMDAwMCBuIAowMDAwMDI0ODMzIDAwMDAwIG4gCjAwMDAwMjQ4ODUgMDAwMDAgbiAK MDAwMDAyNDkzNyAwMDAwMCBuIAowMDAwMDI0OTg5IDAwMDAwIG4gCjAwMDAwMjUwNDEgMDAwMDAg biAKMDAwMDAyNTI2OCAwMDAwMCBuIAowMDAwMDI1NDk5IDAwMDAwIG4gCjAwMDAwMjU3MzAgMDAw MDAgbiAKMDAwMDAyNTk1NyAwMDAwMCBuIAowMDAwMDI2MjA5IDAwMDAwIG4gCjAwMDAwMjY4MzEg MDAwMDAgbiAKMDAwMDAzMDc2NiAwMDAwMCBuIAowMDAwMDI2NTU3IDAwMDAwIG4gCjAwMDAwMjY3 NjggMDAwMDAgbiAKMDAwMDAzMzEwNiAwMDAwMCBuIAowMDAwMDMwNzg3IDAwMDAwIG4gCjAwMDAw MzA4NDAgMDAwMDAgbiAKMDAwMDAzMDg5MyAwMDAwMCBuIAowMDAwMDMwOTQ2IDAwMDAwIG4gCjAw MDAwMzA5OTIgMDAwMDAgbiAKMDAwMDAzMTIyMCAwMDAwMCBuIAowMDAwMDMxNDUyIDAwMDAwIG4g CjAwMDAwMzE2ODYgMDAwMDAgbiAKMDAwMDAzMTkyMCAwMDAwMCBuIAowMDAwMDMyMTczIDAwMDAw IG4gCjAwMDAwMzI0MDEgMDAwMDAgbiAKMDAwMDAzMjYzMyAwMDAwMCBuIAowMDAwMDMyODY1IDAw MDAwIG4gCjAwMDAwMzM1MzYgMDAwMDAgbiAKMDAwMDAzODEzMyAwMDAwMCBuIAowMDAwMDMzMjMy IDAwMDAwIG4gCjAwMDAwMzM0NDMgMDAwMDAgbiAKMDAwMDAzOTQ0MSAwMDAwMCBuIAowMDAwMDM4 MTU1IDAwMDAwIG4gCjAwMDAwMzgyMDggMDAwMDAgbiAKMDAwMDAzODI2MSAwMDAwMCBuIAowMDAw MDM4NDk0IDAwMDAwIG4gCjAwMDAwMzg3MTYgMDAwMDAgbiAKMDAwMDAzODk2NSAwMDAwMCBuIAow MDAwMDM5MjEzIDAwMDAwIG4gCjAwMDAwMzk4MzkgMDAwMDAgbiAKMDAwMDA0Mzk3NSAwMDAwMCBu IAowMDAwMDM5NTY3IDAwMDAwIG4gCjAwMDAwMzk3NzggMDAwMDAgbiAKMDAwMDA0NTQ4NCAwMDAw MCBuIAowMDAwMDQzOTk3IDAwMDAwIG4gCjAwMDAwNDQwNTAgMDAwMDAgbiAKMDAwMDA0NDEwMyAw MDAwMCBuIAowMDAwMDQ0MTU2IDAwMDAwIG4gCjAwMDAwNDQyMDkgMDAwMDAgbiAKMDAwMDA0NDI2 MiAwMDAwMCBuIAowMDAwMDQ0MzE1IDAwMDAwIG4gCjAwMDAwNDQ1NDMgMDAwMDAgbiAKMDAwMDA0 NDc5MSAwMDAwMCBuIAowMDAwMDQ1MDE5IDAwMDAwIG4gCjAwMDAwNDUyNDcgMDAwMDAgbiAKMDAw MDA0NTg4MiAwMDAwMCBuIAowMDAwMDQ5NTgyIDAwMDAwIG4gCjAwMDAwNDU2MTAgMDAwMDAgbiAK MDAwMDA0NTgyMSAwMDAwMCBuIAowMDAwMDUxMzMwIDAwMDAwIG4gCjAwMDAwNDk2MDQgMDAwMDAg biAKMDAwMDA0OTY1NyAwMDAwMCBuIAowMDAwMDQ5NzEwIDAwMDAwIG4gCjAwMDAwNDk5MzggMDAw MDAgbiAKMDAwMDA1MDE3MCAwMDAwMCBuIAowMDAwMDUwNDAyIDAwMDAwIG4gCjAwMDAwNTA2MzQg MDAwMDAgbiAKMDAwMDA1MDg2NiAwMDAwMCBuIAowMDAwMDUxMDk4IDAwMDAwIG4gCjAwMDAwNTE3 MjAgMDAwMDAgbiAKMDAwMDA1NjkzNSAwMDAwMCBuIAowMDAwMDUxNDU2IDAwMDAwIG4gCjAwMDAw NTE2NDMgMDAwMDAgbiAKMDAwMDA1ODc3MyAwMDAwMCBuIAowMDAwMDU2OTU3IDAwMDAwIG4gCjAw MDAwNTcwMTAgMDAwMDAgbiAKMDAwMDA1NzA2MyAwMDAwMCBuIAowMDAwMDU3MTE2IDAwMDAwIG4g CjAwMDAwNTcxNjkgMDAwMDAgbiAKMDAwMDA1NzIyMiAwMDAwMCBuIAowMDAwMDU3Mjc1IDAwMDAw IG4gCjAwMDAwNTczMjggMDAwMDAgbiAKMDAwMDA1NzM4MSAwMDAwMCBuIAowMDAwMDU3NjA5IDAw MDAwIG4gCjAwMDAwNTc4NDEgMDAwMDAgbiAKMDAwMDA1ODA2OSAwMDAwMCBuIAowMDAwMDU4Mjk3 IDAwMDAwIG4gCjAwMDAwNTg1NDUgMDAwMDAgbiAKMDAwMDA1OTE2NyAwMDAwMCBuIAowMDAwMDYz MTE4IDAwMDAwIG4gCjAwMDAwNTg4OTkgMDAwMDAgbiAKMDAwMDA1OTA5OCAwMDAwMCBuIAowMDAw MDY2NDg0IDAwMDAwIG4gCjAwMDAwNjMxNDAgMDAwMDAgbiAKMDAwMDA2MzE5MyAwMDAwMCBuIAow MDAwMDYzMjQ2IDAwMDAwIG4gCjAwMDAwNjMyOTkgMDAwMDAgbiAKMDAwMDA2MzM1MiAwMDAwMCBu IAowMDAwMDYzNDA1IDAwMDAwIG4gCjAwMDAwNjM0NTggMDAwMDAgbiAKMDAwMDA2MzUxMSAwMDAw MCBuIAowMDAwMDYzNTY0IDAwMDAwIG4gCjAwMDAwNjM2MTcgMDAwMDAgbiAKMDAwMDA2MzY3MCAw MDAwMCBuIAowMDAwMDYzNzIzIDAwMDAwIG4gCjAwMDAwNjM3NzYgMDAwMDAgbiAKMDAwMDA2Mzgy OSAwMDAwMCBuIAowMDAwMDY0MDU3IDAwMDAwIG4gCjAwMDAwNjQzMDUgMDAwMDAgbiAKMDAwMDA2 NDUzMyAwMDAwMCBuIAowMDAwMDY0NzYxIDAwMDAwIG4gCjAwMDAwNjQ5ODkgMDAwMDAgbiAKMDAw MDA2NTIxNyAwMDAwMCBuIAowMDAwMDY1NDQ1IDAwMDAwIG4gCjAwMDAwNjU2NTYgMDAwMDAgbiAK MDAwMDA2NTg4MCAwMDAwMCBuIAowMDAwMDY2MTA0IDAwMDAwIG4gCjAwMDAwNjYyODggMDAwMDAg biAKMDAwMDA2NjkyNiAwMDAwMCBuIAowMDAwMDY5NzgyIDAwMDAwIG4gCjAwMDAwNjY2MTAgMDAw MDAgbiAKMDAwMDA2NjgwOSAwMDAwMCBuIAowMDAwMDgzMjkxIDAwMDAwIG4gCjAwMDAwNjk4MDQg MDAwMDAgbiAKMDAwMDA2OTg1OCAwMDAwMCBuIAowMDAwMDY5OTEyIDAwMDAwIG4gCjAwMDAwNjk5 NjYgMDAwMDAgbiAKMDAwMDA3MDAyMCAwMDAwMCBuIAowMDAwMDcwMDc0IDAwMDAwIG4gCjAwMDAw NzAxMjggMDAwMDAgbiAKMDAwMDA3MDE4MiAwMDAwMCBuIAowMDAwMDcwMjM2IDAwMDAwIG4gCjAw MDAwNzAyOTAgMDAwMDAgbiAKMDAwMDA3MDM0NCAwMDAwMCBuIAowMDAwMDcwMzk4IDAwMDAwIG4g CjAwMDAwNzA0NTIgMDAwMDAgbiAKMDAwMDA3MDUwNiAwMDAwMCBuIAowMDAwMDcwNTYwIDAwMDAw IG4gCjAwMDAwNzA2MTQgMDAwMDAgbiAKMDAwMDA3MDY2OCAwMDAwMCBuIAowMDAwMDcwNzIyIDAw MDAwIG4gCjAwMDAwNzA3NzYgMDAwMDAgbiAKMDAwMDA3MDgzMCAwMDAwMCBuIAowMDAwMDcwODg0 IDAwMDAwIG4gCjAwMDAwNzA5MzggMDAwMDAgbiAKMDAwMDA3MDk5MiAwMDAwMCBuIAowMDAwMDcx MDQ2IDAwMDAwIG4gCjAwMDAwNzEyNzQgMDAwMDAgbiAKMDAwMDA3MTUwMiAwMDAwMCBuIAowMDAw MDcxNzMwIDAwMDAwIG4gCjAwMDAwNzE5MjYgMDAwMDAgbiAKMDAwMDA3MjEzMyAwMDAwMCBuIAow MDAwMDcyMzM4IDAwMDAwIG4gCjAwMDAwNzI1MjcgMDAwMDAgbiAKMDAwMDA3MjcxNSAwMDAwMCBu IAowMDAwMDcyOTExIDAwMDAwIG4gCjAwMDAwNzMxMTQgMDAwMDAgbiAKMDAwMDA3MzI5NiAwMDAw MCBuIAowMDAwMDczNDY3IDAwMDAwIG4gCjAwMDAwNzM2NDYgMDAwMDAgbiAKMDAwMDA3MzgyMiAw MDAwMCBuIAowMDAwMDc0MDA3IDAwMDAwIG4gCjAwMDAwNzQxODkgMDAwMDAgbiAKMDAwMDA3NDM2 MyAwMDAwMCBuIAowMDAwMDc0NTU5IDAwMDAwIG4gCjAwMDAwNzQ3NjIgMDAwMDAgbiAKMDAwMDA3 NDk2NCAwMDAwMCBuIAowMDAwMDc1MTY3IDAwMDAwIG4gCjAwMDAwNzUzNzQgMDAwMDAgbiAKMDAw MDA3NTU4NiAwMDAwMCBuIAowMDAwMDc1NzcyIDAwMDAwIG4gCjAwMDAwNzU5NjAgMDAwMDAgbiAK MDAwMDA3NjE0NyAwMDAwMCBuIAowMDAwMDc2MzM2IDAwMDAwIG4gCjAwMDAwNzY1MjUgMDAwMDAg biAKMDAwMDA3NjcwOSAwMDAwMCBuIAowMDAwMDc2OTA1IDAwMDAwIG4gCjAwMDAwNzcxMDggMDAw MDAgbiAKMDAwMDA3NzMyMiAwMDAwMCBuIAowMDAwMDc3NTM0IDAwMDAwIG4gCjAwMDAwNzc3MzAg MDAwMDAgbiAKMDAwMDA3NzkzMyAwMDAwMCBuIAowMDAwMDc4MTE0IDAwMDAwIG4gCjAwMDAwNzgz MDAgMDAwMDAgbiAKMDAwMDA3ODQ4MCAwMDAwMCBuIAowMDAwMDc4Njc2IDAwMDAwIG4gCjAwMDAw Nzg4NzkgMDAwMDAgbiAKMDAwMDA3OTA5MyAwMDAwMCBuIAowMDAwMDc5MzA1IDAwMDAwIG4gCjAw MDAwNzk1MDEgMDAwMDAgbiAKMDAwMDA3OTcwNCAwMDAwMCBuIAowMDAwMDc5OTAwIDAwMDAwIG4g CjAwMDAwODAxMDMgMDAwMDAgbiAKMDAwMDA4MDI5OSAwMDAwMCBuIAowMDAwMDgwNTAyIDAwMDAw IG4gCjAwMDAwODA2OTggMDAwMDAgbiAKMDAwMDA4MDkwMSAwMDAwMCBuIAowMDAwMDgxMTA5IDAw MDAwIG4gCjAwMDAwODEzMTcgMDAwMDAgbiAKMDAwMDA4MTUyNSAwMDAwMCBuIAowMDAwMDgxNzMz IDAwMDAwIG4gCjAwMDAwODE5NTYgMDAwMDAgbiAKMDAwMDA4MjE5MiAwMDAwMCBuIAowMDAwMDgy NDEwIDAwMDAwIG4gCjAwMDAwODI2NDEgMDAwMDAgbiAKMDAwMDA4Mjg2OSAwMDAwMCBuIAowMDAw MDgzMDczIDAwMDAwIG4gCjAwMDAwODQxMTMgMDAwMDAgbiAKMDAwMDA5MTg1MiAwMDAwMCBuIAow MDAwMDgzNDE3IDAwMDAwIG4gCjAwMDAwODM2MDQgMDAwMDAgbiAKMDAwMDA5MjEwNiAwMDAwMCBu IAowMDAwMDkxODc0IDAwMDAwIG4gCjAwMDAwOTI0NTAgMDAwMDAgbiAKMDAwMDA5NzI4NSAwMDAw MCBuIAowMDAwMDkyMjMyIDAwMDAwIG4gCjAwMDAwOTI0MjEgMDAwMDAgbiAKMDAwMDA5ODA1OCAw MDAwMCBuIAowMDAwMDk3MzA3IDAwMDAwIG4gCjAwMDAwOTc1NjQgMDAwMDAgbiAKMDAwMDA5Nzc5 NiAwMDAwMCBuIAowMDAwMDk4NDMwIDAwMDAwIG4gCjAwMDAxMDM5MzMgMDAwMDAgbiAKMDAwMDA5 ODE4NCAwMDAwMCBuIAowMDAwMDk4Mzg1IDAwMDAwIG4gCjAwMDAxMDU2NzkgMDAwMDAgbiAKMDAw MDEwMzk1NSAwMDAwMCBuIAowMDAwMTA0MjEyIDAwMDAwIG4gCjAwMDAxMDQ0NDQgMDAwMDAgbiAK MDAwMDEwNDcwMSAwMDAwMCBuIAowMDAwMTA0OTU4IDAwMDAwIG4gCjAwMDAxMDUxOTAgMDAwMDAg biAKMDAwMDEwNTQyMiAwMDAwMCBuIAowMDAwMTA2MDgzIDAwMDAwIG4gCjAwMDAxMTE1NTQgMDAw MDAgbiAKMDAwMDEwNTgwNSAwMDAwMCBuIAowMDAwMTA2MDA2IDAwMDAwIG4gCjAwMDAxMjUyMDgg MDAwMDAgbiAKMDAwMDExMTU3NiAwMDAwMCBuIAowMDAwMTExNjMwIDAwMDAwIG4gCjAwMDAxMTE2 ODQgMDAwMDAgbiAKMDAwMDExMTkxMiAwMDAwMCBuIAowMDAwMTEyMDk4IDAwMDAwIG4gCjAwMDAx MTIyODQgMDAwMDAgbiAKMDAwMDExMjQ2NiAwMDAwMCBuIAowMDAwMTEyNjQ5IDAwMDAwIG4gCjAw MDAxMTI4MjcgMDAwMDAgbiAKMDAwMDExODc4OCAwMDAwMCBuIAowMDAwMTE4NDk2IDAwMDAwIG4g CjAwMDAxMTMwMTggMDAwMDAgbiAKMDAwMDExMzEzNSAwMDAwMCBuIAowMDAwMTEzMjkwIDAwMDAw IG4gCjAwMDAxMTM0MzkgMDAwMDAgbiAKMDAwMDExMzU5MCAwMDAwMCBuIAowMDAwMTEzNzM5IDAw MDAwIG4gCjAwMDAxMTM5MTIgMDAwMDAgbiAKMDAwMDExNDA2MyAwMDAwMCBuIAowMDAwMTE0MjA4 IDAwMDAwIG4gCjAwMDAxMTQzNzcgMDAwMDAgbiAKMDAwMDExNDU3NCAwMDAwMCBuIAowMDAwMTE0 NzU3IDAwMDAwIG4gCjAwMDAxMTQ5MjQgMDAwMDAgbiAKMDAwMDExNTEzMyAwMDAwMCBuIAowMDAw MTE1Mjg0IDAwMDAwIG4gCjAwMDAxMTU0NjcgMDAwMDAgbiAKMDAwMDExNTYzOCAwMDAwMCBuIAow MDAwMTE1ODAwIDAwMDAwIG4gCjAwMDAxMTU5NjQgMDAwMDAgbiAKMDAwMDExNjE0NiAwMDAwMCBu IAowMDAwMTE2MzEwIDAwMDAwIG4gCjAwMDAxMTY1MTIgMDAwMDAgbiAKMDAwMDExNjcxOCAwMDAw MCBuIAowMDAwMTE2OTE4IDAwMDAwIG4gCjAwMDAxMTcxMTggMDAwMDAgbiAKMDAwMDExNzMxNCAw MDAwMCBuIAowMDAwMTE3NTIwIDAwMDAwIG4gCjAwMDAxMTc2NjYgMDAwMDAgbiAKMDAwMDExNzgz NCAwMDAwMCBuIAowMDAwMTE4MDA2IDAwMDAwIG4gCjAwMDAxMTgxODIgMDAwMDAgbiAKMDAwMDEx ODM1OCAwMDAwMCBuIAowMDAwMTE4ODU0IDAwMDAwIG4gCjAwMDAxMjU1OTggMDAwMDAgbiAKMDAw MDEyOTg5NCAwMDAwMCBuIAowMDAwMTI1MzM0IDAwMDAwIG4gCjAwMDAxMjU1MjEgMDAwMDAgbiAK MDAwMDEyOTkxNiAwMDAwMCBuIAowMDAwMTMwMTgzIDAwMDAwIG4gCjAwMDAxMzQ0ODAgMDAwMDAg biAKMDAwMDEzNDcwNSAwMDAwMCBuIAowMDAwMTM0NDU4IDAwMDAwIG4gCjAwMDAxMzUyNjkgMDAw MDAgbiAKMDAwMDEzNTQ4MCAwMDAwMCBuIAowMDAwMTQwMzg5IDAwMDAwIG4gCjAwMDAxNDA4NDYg MDAwMDAgbiAKMDAwMDE0MDM2NyAwMDAwMCBuIAowMDAwMTQxODE4IDAwMDAwIG4gCjAwMDAxNDIw ODQgMDAwMDAgbiAKMDAwMDE1MTQ1OSAwMDAwMCBuIAowMDAwMTUxNjcyIDAwMDAwIG4gCjAwMDAx NTE0MzcgMDAwMDAgbiAKMDAwMDE1Mjc4NCAwMDAwMCBuIAowMDAwMTUzMDU4IDAwMDAwIG4gCjAw MDAxNjE3MTEgMDAwMDAgbiAKMDAwMDE2MjI0NSAwMDAwMCBuIAowMDAwMTYxNjg5IDAwMDAwIG4g CjAwMDAxNjMzNDMgMDAwMDAgbiAKMDAwMDE2MzYwOSAwMDAwMCBuIAowMDAwMTY5NjMxIDAwMDAw IG4gCjAwMDAxNzAwMjcgMDAwMDAgbiAKMDAwMDE2OTYwOSAwMDAwMCBuIAowMDAwMTcwODkzIDAw MDAwIG4gCjAwMDAxNzExNjggMDAwMDAgbiAKMDAwMDE3OTgwMSAwMDAwMCBuIAowMDAwMTgwMzY2 IDAwMDAwIG4gCjAwMDAxNzk3NzkgMDAwMDAgbiAKdHJhaWxlcgo8PAovU2l6ZSA0MDUKL0luZm8g MSAwIFIKL1Jvb3QgMzcwIDAgUgo+PgpzdGFydHhyZWYKMTgxNzI5CiUlRU9GCg== --_007_4E1F6AAD24975D4BA5B16804296739436657CD16TK5EX14MBXC283r_ Content-Type: text/xml; name="draft-ietf-oauth-v2-bearer-22 preliminary.xml" Content-Description: draft-ietf-oauth-v2-bearer-22 preliminary.xml Content-Disposition: attachment; filename="draft-ietf-oauth-v2-bearer-22 preliminary.xml"; size=60943; creation-date="Mon, 09 Jul 2012 13:30:35 GMT"; modification-date="Mon, 09 Jul 2012 13:25:16 GMT" Content-Transfer-Encoding: base64 PD94bWwgdmVyc2lvbj0nMS4wJyBlbmNvZGluZz0nVVRGLTgnID8+CjwhRE9DVFlQRSByZmMgU1lT VEVNICdyZmMyNjI5LmR0ZCc+Cjw/eG1sLXN0eWxlc2hlZXQgdHlwZT0ndGV4dC94c2wnIGhyZWY9 J3JmYzI2MjkueHNsdCcgPz4KCjxyZmMgY2F0ZWdvcnk9J3N0ZCcgaXByPSd0cnVzdDIwMDkwMicg ZG9jTmFtZT0nZHJhZnQtaWV0Zi1vYXV0aC12Mi1iZWFyZXItMjInPgogIDw/cmZjIHN0cmljdD0n eWVzJyA/PgogIDw/cmZjIHRvYz0neWVzJyA/PgogIDw/cmZjIHRvY2RlcHRoPSczJyA/PgogIDw/ cmZjIHN5bXJlZnM9J3llcycgPz4KICA8P3JmYyBzb3J0cmVmcz0neWVzJyA/PgogIDw/cmZjIGNv bXBhY3Q9J3llcycgPz4KICA8P3JmYyBzdWJjb21wYWN0PSdubycgPz4KCiAgPGZyb250PgogICAg PHRpdGxlIGFiYnJldj0nT0F1dGggMi4wIEJlYXJlciBUb2tlbiBVc2FnZSc+VGhlIE9BdXRoIDIu MCBBdXRob3JpemF0aW9uIEZyYW1ld29yazogQmVhcmVyIFRva2VuIFVzYWdlPC90aXRsZT4KCiAg ICA8YXV0aG9yIGZ1bGxuYW1lPSJNaWNoYWVsIEIuIEpvbmVzIiBzdXJuYW1lPSJKb25lcyIgaW5p dGlhbHM9Ik0uQi4iPiA8IS0tIHJvbGU9ImVkaXRvciIgLS0+CiAgICAgIDxvcmdhbml6YXRpb24+ TWljcm9zb2Z0PC9vcmdhbml6YXRpb24+CiAgICAgIDxhZGRyZXNzPgogICAgICAgIDxlbWFpbD5t YmpAbWljcm9zb2Z0LmNvbTwvZW1haWw+CiAgICAgICAgPHVyaT5odHRwOi8vc2VsZi1pc3N1ZWQu aW5mby88L3VyaT4KICAgICAgPC9hZGRyZXNzPgogICAgPC9hdXRob3I+CiAgICA8YXV0aG9yIGZ1 bGxuYW1lPSdEaWNrIEhhcmR0JyBzdXJuYW1lPSdIYXJkdCcgaW5pdGlhbHM9J0QnPgogICAgICA8 b3JnYW5pemF0aW9uPmluZGVwZW5kZW50PC9vcmdhbml6YXRpb24+CiAgICAgIDxhZGRyZXNzPgog ICAgICAgIDxlbWFpbD5kaWNrLmhhcmR0QGdtYWlsLmNvbTwvZW1haWw+CiAgICAgICAgPHVyaT5o dHRwOi8vZGlja2hhcmR0Lm9yZy88L3VyaT4KICAgICAgPC9hZGRyZXNzPgogICAgPC9hdXRob3I+ CiAgICA8YXV0aG9yIGZ1bGxuYW1lPSdEYXZpZCBSZWNvcmRvbicgc3VybmFtZT0nUmVjb3Jkb24n IGluaXRpYWxzPSdEJz4KICAgICAgPG9yZ2FuaXphdGlvbj5GYWNlYm9vazwvb3JnYW5pemF0aW9u PgogICAgICA8YWRkcmVzcz4KICAgICAgICA8ZW1haWw+ZHJAZmIuY29tPC9lbWFpbD4KICAgICAg ICA8dXJpPmh0dHA6Ly93d3cuZGF2aWRyZWNvcmRvbi5jb20vPC91cmk+CiAgICAgIDwvYWRkcmVz cz4KICAgIDwvYXV0aG9yPgoKICAgIDxkYXRlIHllYXI9IjIwMTIiIG1vbnRoPSJKdWx5IiBkYXk9 IjkiIC8+CgogICAgPGFyZWE+U2VjdXJpdHk8L2FyZWE+CiAgICA8d29ya2dyb3VwPk9BdXRoIFdv cmtpbmcgR3JvdXA8L3dvcmtncm91cD4KCiAgICA8YWJzdHJhY3Q+CiAgICAgIDx0PgogICAgICAg IFRoaXMgc3BlY2lmaWNhdGlvbiBkZXNjcmliZXMgaG93IHRvIHVzZSBiZWFyZXIgdG9rZW5zIGlu IEhUVFAKICAgICAgICByZXF1ZXN0cyB0byBhY2Nlc3MgT0F1dGggMi4wIHByb3RlY3RlZCByZXNv dXJjZXMuICBBbnkgcGFydHkKICAgICAgICBpbiBwb3NzZXNzaW9uIG9mIGEgYmVhcmVyIHRva2Vu IChhICJiZWFyZXIiKSBjYW4gdXNlIGl0IHRvIGdldAogICAgICAgIGFjY2VzcyB0byB0aGUgYXNz b2NpYXRlZCByZXNvdXJjZXMgKHdpdGhvdXQgZGVtb25zdHJhdGluZyBwb3NzZXNzaW9uCiAgICAg ICAgb2YgYSBjcnlwdG9ncmFwaGljIGtleSkuICBUbyBwcmV2ZW50IG1pc3VzZSwgYmVhcmVyIHRv a2VucwogICAgICAgIG5lZWQgdG8gYmUgcHJvdGVjdGVkIGZyb20gZGlzY2xvc3VyZSBpbiBzdG9y YWdlIGFuZCBpbiB0cmFuc3BvcnQuCiAgICAgIDwvdD4KICAgIDwvYWJzdHJhY3Q+CiAgPC9mcm9u dD4KCiAgPG1pZGRsZT4KCiAgICA8c2VjdGlvbiB0aXRsZT0nSW50cm9kdWN0aW9uJz4KICAgICAg PHQ+CiAgICAgICAgT0F1dGggZW5hYmxlcyBjbGllbnRzIHRvIGFjY2VzcyBwcm90ZWN0ZWQgcmVz b3VyY2VzIGJ5CiAgICAgICAgb2J0YWluaW5nIGFuIGFjY2VzcyB0b2tlbiwgd2hpY2ggaXMgZGVm aW5lZCBpbgoJT0F1dGggMi4wIEF1dGhvcml6YXRpb24gPHhyZWYgdGFyZ2V0PSJJLUQuaWV0Zi1v YXV0aC12MiIvPgoJYXMgImEgc3RyaW5nIHJlcHJlc2VudGluZyBhbiBhY2Nlc3MKICAgICAgICBh dXRob3JpemF0aW9uIGlzc3VlZCB0byB0aGUgY2xpZW50IiwgcmF0aGVyIHRoYW4gdXNpbmcgdGhl CiAgICAgICAgcmVzb3VyY2Ugb3duZXIncyBjcmVkZW50aWFscyBkaXJlY3RseS4KICAgICAgPC90 PgogICAgICA8dD4KICAgICAgICBUb2tlbnMgYXJlIGlzc3VlZCB0byBjbGllbnRzIGJ5IGFuIGF1 dGhvcml6YXRpb24gc2VydmVyIHdpdGggdGhlIGFwcHJvdmFsIG9mCiAgICAgICAgdGhlIHJlc291 cmNlIG93bmVyLiBUaGUgY2xpZW50IHVzZXMgdGhlIGFjY2VzcyB0b2tlbiB0byBhY2Nlc3MgdGhl IHByb3RlY3RlZCByZXNvdXJjZXMKICAgICAgICBob3N0ZWQgYnkgdGhlIHJlc291cmNlIHNlcnZl ci4gVGhpcyBzcGVjaWZpY2F0aW9uIGRlc2NyaWJlcyBob3cgdG8gbWFrZSBwcm90ZWN0ZWQgcmVz b3VyY2UKICAgICAgICByZXF1ZXN0cyB3aGVuIHRoZSBPQXV0aCBhY2Nlc3MgdG9rZW4gaXMgYSBi ZWFyZXIgdG9rZW4uCiAgICAgIDwvdD4KICAgICAgPHQ+CiAgICAgICAgVGhpcyBzcGVjaWZpY2F0 aW9uIGRlZmluZXMgdGhlIHVzZSBvZiBiZWFyZXIgdG9rZW5zIG92ZXIKICAgICAgICBIVFRQLzEu MSA8eHJlZiB0YXJnZXQ9J1JGQzI2MTYnIC8+Cgl1c2luZwoJVExTIDx4cmVmIHRhcmdldD0nUkZD NTI0NicgLz4gdG8gYWNjZXNzIHByb3RlY3RlZCByZXNvdXJjZXMuCglUTFMgaXMgbWFuZGF0b3J5 IHRvIGltcGxlbWVudAogICAgICAgIGFuZCB1c2Ugd2l0aCB0aGlzIHNwZWNpZmljYXRpb247IG90 aGVyIHNwZWNpZmljYXRpb25zIG1heQogICAgICAgIGV4dGVuZCB0aGlzIHNwZWNpZmljYXRpb24g Zm9yIHVzZSB3aXRoIG90aGVyIHByb3RvY29scy4KCVdoaWxlIGRlc2lnbmVkIGZvciB1c2Ugd2l0 aCBhY2Nlc3MgdG9rZW5zIHJlc3VsdGluZyBmcm9tCglPQXV0aCAyLjAgQXV0aG9yaXphdGlvbiA8 eHJlZiB0YXJnZXQ9IkktRC5pZXRmLW9hdXRoLXYyIiAvPgoJZmxvd3MgdG8gYWNjZXNzIE9BdXRo IHByb3RlY3RlZCByZXNvdXJjZXMsIHRoaXMKCXNwZWNpZmljYXRpb24gYWN0dWFsbHkgZGVmaW5l cyBhIGdlbmVyYWwgSFRUUCBhdXRob3JpemF0aW9uCgltZXRob2QgdGhhdCBjYW4gYmUgdXNlZCB3 aXRoIGJlYXJlciB0b2tlbnMgZnJvbSBhbnkgc291cmNlCgl0byBhY2Nlc3MgYW55IHJlc291cmNl cyBwcm90ZWN0ZWQgYnkgdGhvc2UgYmVhcmVyIHRva2Vucy4KCVRoZSBCZWFyZXIgYXV0aGVudGlj YXRpb24gc2NoZW1lIGlzIGludGVuZGVkIHByaW1hcmlseSBmb3IKCXNlcnZlciBhdXRoZW50aWNh dGlvbiB1c2luZyB0aGUgV1dXLUF1dGhlbnRpY2F0ZSBhbmQKCUF1dGhvcml6YXRpb24gSFRUUCBo ZWFkZXJzLCBidXQgZG9lcyBub3QgcHJlY2x1ZGUgaXRzIHVzZSBmb3IKCXByb3h5IGF1dGhlbnRp Y2F0aW9uLgogICAgICA8L3Q+CgogICAgICA8c2VjdGlvbiB0aXRsZT0nTm90YXRpb25hbCBDb252 ZW50aW9ucyc+CiAgICAgICAgPHQ+CiAgICAgICAgICBUaGUga2V5IHdvcmRzICJNVVNUIiwgIk1V U1QgTk9UIiwgIlJFUVVJUkVEIiwgIlNIQUxMIiwgIlNIQUxMIE5PVCIsICJTSE9VTEQiLCAiU0hP VUxECiAgICAgICAgICBOT1QiLCAiUkVDT01NRU5ERUQiLCAiTUFZIiwgYW5kICJPUFRJT05BTCIg aW4gdGhpcyBkb2N1bWVudCBhcmUgdG8gYmUgaW50ZXJwcmV0ZWQgYXMKICAgICAgICAgIGRlc2Ny aWJlZCBpbgoJICBLZXkgd29yZHMgZm9yIHVzZSBpbiBSRkNzIHRvIEluZGljYXRlIFJlcXVpcmVt ZW50IExldmVscyA8eHJlZiB0YXJnZXQ9J1JGQzIxMTknIC8+LgogICAgICAgIDwvdD4KICAgICAg ICA8dD4KICAgICAgICAgIFRoaXMgZG9jdW1lbnQgdXNlcyB0aGUgQXVnbWVudGVkIEJhY2t1cy1O YXVyIEZvcm0gKEFCTkYpCiAgICAgICAgICBub3RhdGlvbiBvZiA8eHJlZiB0YXJnZXQ9J1JGQzUy MzQnIC8+LgoJICBBZGRpdGlvbmFsbHksIHRoZSBmb2xsb3dpbmcgcnVsZXMgYXJlIGluY2x1ZGVk IGZyb20KCSAgSFRUUC8xLjEgPHhyZWYgdGFyZ2V0PSdSRkMyNjE3JyAvPjoKCSAgYXV0aC1wYXJh bSBhbmQgYXV0aC1zY2hlbWU7IGFuZCBmcm9tCgkgIFVuaWZvcm0gUmVzb3VyY2UgSWRlbnRpZmll ciAoVVJJKSA8eHJlZiB0YXJnZXQ9J1JGQzM5ODYnIC8+OgoJICBVUkktUmVmZXJlbmNlLgogICAg ICAgIDwvdD4KICAgICAgICA8dD4KICAgICAgICAgIFVubGVzcyBvdGhlcndpc2Ugbm90ZWQsIGFs bCB0aGUgcHJvdG9jb2wgcGFyYW1ldGVyIG5hbWVzIGFuZCB2YWx1ZXMgYXJlIGNhc2Ugc2Vuc2l0 aXZlLgogICAgICAgIDwvdD4KICAgICAgPC9zZWN0aW9uPgoKICAgICAgPHNlY3Rpb24gdGl0bGU9 J1Rlcm1pbm9sb2d5Jz4KICAgICAgICA8dD4KICAgICAgICAgIDxsaXN0IHN0eWxlPSdoYW5naW5n Jz4KICAgICAgICAgICAgPHQgaGFuZ1RleHQ9IkJlYXJlciBUb2tlbiI+CiAgICAgICAgICAgICAg PHZzcGFjZSAvPgogICAgICAgICAgICAgIEEgc2VjdXJpdHkgdG9rZW4gd2l0aCB0aGUgcHJvcGVy dHkgdGhhdCBhbnkgcGFydHkgaW4KICAgICAgICAgICAgICBwb3NzZXNzaW9uIG9mIHRoZSB0b2tl biAoYSAiYmVhcmVyIikgY2FuIHVzZSB0aGUgdG9rZW4KICAgICAgICAgICAgICBpbiBhbnkgd2F5 IHRoYXQgYW55IG90aGVyIHBhcnR5IGluIHBvc3Nlc3Npb24gb2YgaXQgY2FuLgogICAgICAgICAg ICAgIFVzaW5nIGEgYmVhcmVyIHRva2VuIGRvZXMgbm90IHJlcXVpcmUgYSBiZWFyZXIgdG8gcHJv dmUKICAgICAgICAgICAgICBwb3NzZXNzaW9uIG9mIGNyeXB0b2dyYXBoaWMga2V5IG1hdGVyaWFs CiAgICAgICAgICAgICAgKHByb29mLW9mLXBvc3Nlc3Npb24pLgogICAgICAgICAgICA8L3Q+CiAg ICAgICAgICA8L2xpc3Q+CiAgICAgICAgPC90PgogICAgICAgIDx0PgogICAgICAgICAgQWxsIG90 aGVyIHRlcm1zIGFyZSBhcyBkZWZpbmVkIGluCgkgIE9BdXRoIDIuMCBBdXRob3JpemF0aW9uIDx4 cmVmIHRhcmdldD0iSS1ELmlldGYtb2F1dGgtdjIiIC8+LgogICAgICAgIDwvdD4KICAgICAgPC9z ZWN0aW9uPgoKICAgICAgPHNlY3Rpb24gdGl0bGU9J092ZXJ2aWV3Jz4KICAgICAgICA8dD4KICAg ICAgICAgIE9BdXRoIHByb3ZpZGVzIGEgbWV0aG9kIGZvciBjbGllbnRzIHRvIGFjY2VzcyBhIHBy b3RlY3RlZCByZXNvdXJjZSBvbiBiZWhhbGYgb2YgYQogICAgICAgICAgcmVzb3VyY2Ugb3duZXIu IEluIHRoZSBnZW5lcmFsIGNhc2UsCgkgIGJlZm9yZSBhIGNsaWVudCBjYW4gYWNjZXNzIGEgcHJv dGVjdGVkIHJlc291cmNlLCBpdCBtdXN0IGZpcnN0IG9idGFpbgogICAgICAgICAgYW4gYXV0aG9y aXphdGlvbiBncmFudCBmcm9tIHRoZSByZXNvdXJjZSBvd25lciBhbmQgdGhlbiBleGNoYW5nZSB0 aGUgYXV0aG9yaXphdGlvbiBncmFudCBmb3IKICAgICAgICAgIGFuIGFjY2VzcyB0b2tlbi4KCSAg VGhlIGFjY2VzcyB0b2tlbiByZXByZXNlbnRzIHRoZSBncmFudCdzIHNjb3BlLCBkdXJhdGlvbiwg YW5kCgkgIG90aGVyIGF0dHJpYnV0ZXMgZ3JhbnRlZCBieSB0aGUgYXV0aG9yaXphdGlvbiBncmFu dC4gVGhlCgkgIGNsaWVudCBhY2Nlc3NlcyB0aGUgcHJvdGVjdGVkIHJlc291cmNlIGJ5IHByZXNl bnRpbmcgdGhlCgkgIGFjY2VzcyB0b2tlbiB0byB0aGUgcmVzb3VyY2Ugc2VydmVyLgoJICBJbiBz b21lIGNhc2VzLCBhIGNsaWVudCBjYW4gZGlyZWN0bHkgcHJlc2VudCBpdHMgb3duCgkgIGNyZWRl bnRpYWxzIHRvIGFuIGF1dGhvcml6YXRpb24gc2VydmVyIHRvIG9idGFpbiBhbiBhY2Nlc3MKCSAg dG9rZW4gd2l0aG91dCBoYXZpbmcgdG8gZmlyc3Qgb2J0YWluIGFuIGF1dGhvcml6YXRpb24gZ3Jh bnQgZnJvbSBhCgkgIHJlc291cmNlIG93bmVyLgogICAgICAgIDwvdD4KICAgICAgICA8dD4KICAg ICAgICAgIFRoZSBhY2Nlc3MgdG9rZW4gcHJvdmlkZXMgYW4gYWJzdHJhY3Rpb24sIHJlcGxhY2lu ZyBkaWZmZXJlbnQgYXV0aG9yaXphdGlvbgogICAgICAgICAgY29uc3RydWN0cyAoZS5nLiwgdXNl cm5hbWUgYW5kIHBhc3N3b3JkLCBhc3NlcnRpb24pIGZvciBhIHNpbmdsZSB0b2tlbiB1bmRlcnN0 b29kIGJ5IHRoZQogICAgICAgICAgcmVzb3VyY2Ugc2VydmVyLiBUaGlzIGFic3RyYWN0aW9uIGVu YWJsZXMgaXNzdWluZyBhY2Nlc3MgdG9rZW5zIHZhbGlkIGZvciBhIHNob3J0IHRpbWUKICAgICAg ICAgIHBlcmlvZCwgYXMgd2VsbCBhcyByZW1vdmluZyB0aGUgcmVzb3VyY2Ugc2VydmVyJ3MgbmVl ZCB0byB1bmRlcnN0YW5kIGEgd2lkZSByYW5nZSBvZgogICAgICAgICAgYXV0aGVudGljYXRpb24g c2NoZW1lcy4KICAgICAgICA8L3Q+CiAgICAgICAgPGZpZ3VyZSB0aXRsZT0nQWJzdHJhY3QgUHJv dG9jb2wgRmxvdycgYW5jaG9yPSdGaWd1cmUtMSc+CiAgICAgICAgICA8YXJ0d29yaz48IVtDREFU QVsKICArLS0tLS0tLS0rICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICstLS0tLS0tLS0t LS0tLS0rCiAgfCAgICAgICAgfC0tKEEpLSBBdXRob3JpemF0aW9uIFJlcXVlc3QgLT58ICAgUmVz b3VyY2UgICAgfAogIHwgICAgICAgIHwgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgfCAg ICAgT3duZXIgICAgIHwKICB8ICAgICAgICB8PC0oQiktLSBBdXRob3JpemF0aW9uIEdyYW50IC0t LXwgICAgICAgICAgICAgICB8CiAgfCAgICAgICAgfCAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICArLS0tLS0tLS0tLS0tLS0tKwogIHwgICAgICAgIHwKICB8ICAgICAgICB8ICAgICAgICBB dXRob3JpemF0aW9uIEdyYW50ICYgICstLS0tLS0tLS0tLS0tLS0rCiAgfCAgICAgICAgfC0tKEMp LS0tIENsaWVudCBDcmVkZW50aWFscyAtLT58IEF1dGhvcml6YXRpb24gfAogIHwgQ2xpZW50IHwg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgfCAgICAgU2VydmVyICAgIHwKICB8ICAgICAg ICB8PC0oRCktLS0tLSBBY2Nlc3MgVG9rZW4gLS0tLS0tLXwgICAgICAgICAgICAgICB8CiAgfCAg ICAgICAgfCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICArLS0tLS0tLS0tLS0tLS0tKwog IHwgICAgICAgIHwKICB8ICAgICAgICB8ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICst LS0tLS0tLS0tLS0tLS0rCiAgfCAgICAgICAgfC0tKEUpLS0tLS0gQWNjZXNzIFRva2VuIC0tLS0t LT58ICAgIFJlc291cmNlICAgfAogIHwgICAgICAgIHwgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgfCAgICAgU2VydmVyICAgIHwKICB8ICAgICAgICB8PC0oRiktLS0gUHJvdGVjdGVkIFJl c291cmNlIC0tLXwgICAgICAgICAgICAgICB8CiAgKy0tLS0tLS0tKyAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICArLS0tLS0tLS0tLS0tLS0tKwpdXT48L2FydHdvcms+CiAgICAgICAgPC9m aWd1cmU+CiAgICAgICAgPHQ+CiAgICAgICAgICBUaGUgYWJzdHJhY3QgZmxvdyBpbGx1c3RyYXRl ZCBpbiA8eHJlZiB0YXJnZXQ9J0ZpZ3VyZS0xJyAvPiBkZXNjcmliZXMgdGhlIG92ZXJhbGwKICAg ICAgICAgIE9BdXRoIDIuMCBwcm90b2NvbCBhcmNoaXRlY3R1cmUuIFRoZSBmb2xsb3dpbmcgc3Rl cHMgYXJlIHNwZWNpZmllZCB3aXRoaW4gdGhpcwogICAgICAgICAgZG9jdW1lbnQ6CgogICAgICAg ICAgPGxpc3Q+CiAgICAgICAgICAgIDx0PgogICAgICAgICAgICAgIEUpIFRoZSBjbGllbnQgbWFr ZXMgYSBwcm90ZWN0ZWQgcmVzb3VyY2UgcmVxdWVzdCB0byB0aGUgcmVzb3VyY2Ugc2VydmVyIGJ5 IHByZXNlbnRpbmcKICAgICAgICAgICAgICB0aGUgYWNjZXNzIHRva2VuLgogICAgICAgICAgICA8 L3Q+CiAgICAgICAgICAgIDx0PgogICAgICAgICAgICAgIEYpIFRoZSByZXNvdXJjZSBzZXJ2ZXIg dmFsaWRhdGVzIHRoZSBhY2Nlc3MgdG9rZW4sIGFuZCBpZiB2YWxpZCwgc2VydmVzIHRoZSByZXF1 ZXN0LgogICAgICAgICAgICA8L3Q+CiAgICAgICAgICA8L2xpc3Q+CiAgICAgICAgPC90PgoJPHQ+ CgkgIFRoaXMgZG9jdW1lbnQgYWxzbyBpbXBvc2VzIHNlbWFudGljIHJlcXVpcmVtZW50cyB1cG9u IHRoZQoJICBhY2Nlc3MgdG9rZW4gcmV0dXJuZWQgaW4gU3RlcCBELgoJPC90PgogICAgICA8L3Nl Y3Rpb24+CiAgICA8L3NlY3Rpb24+CgogICAgPHNlY3Rpb24gdGl0bGU9J0F1dGhlbnRpY2F0ZWQg UmVxdWVzdHMnPgogICAgICA8dD4KCVRoaXMgc2VjdGlvbiBkZWZpbmVzIHRocmVlCgltZXRob2Rz IG9mIHNlbmRpbmcgYmVhcmVyIGFjY2VzcyB0b2tlbnMgaW4gcmVzb3VyY2UgcmVxdWVzdHMKCXRv IHJlc291cmNlIHNlcnZlcnMuICBDbGllbnRzIE1VU1QgTk9UIHVzZSBtb3JlIHRoYW4gb25lCglt ZXRob2QgdG8gdHJhbnNtaXQgdGhlIHRva2VuIGluIGVhY2ggcmVxdWVzdC4KICAgICAgPC90PgoK ICAgICAgPHNlY3Rpb24gdGl0bGU9J0F1dGhvcml6YXRpb24gUmVxdWVzdCBIZWFkZXIgRmllbGQn IGFuY2hvcj0nYXV0aHotaGVhZGVyJz4KICAgICAgICA8dD4KCSAgV2hlbiBzZW5kaW5nIHRoZSBh Y2Nlc3MgdG9rZW4gaW4gdGhlIDxzcGFueAoJICBzdHlsZT0ndmVyYic+QXV0aG9yaXphdGlvbjwv c3Bhbng+IHJlcXVlc3QgaGVhZGVyIGZpZWxkCgkgIGRlZmluZWQgYnkKCSAgSFRUUC8xLjEgPHhy ZWYgdGFyZ2V0PSdSRkMyNjE3Jy8+LAoJICB0aGUKCSAgY2xpZW50IHVzZXMgdGhlIDxzcGFueCBz dHlsZT0ndmVyYic+QmVhcmVyPC9zcGFueD4KCSAgYXV0aGVudGljYXRpb24gc2NoZW1lIHRvIHRy YW5zbWl0IHRoZSBhY2Nlc3MgdG9rZW4uCiAgICAgICAgPC90PgogICAgICAgIDxmaWd1cmU+CiAg ICAgICAgICA8cHJlYW1ibGU+CiAgICAgICAgICAgIEZvciBleGFtcGxlOgogICAgICAgICAgPC9w cmVhbWJsZT4KICAgICAgICAgIDxhcnR3b3JrPjwhW0NEQVRBWwogIEdFVCAvcmVzb3VyY2UgSFRU UC8xLjEKICBIb3N0OiBzZXJ2ZXIuZXhhbXBsZS5jb20KICBBdXRob3JpemF0aW9uOiBCZWFyZXIg bUZfOS5CNWYtNC4xSnFNCl1dPjwvYXJ0d29yaz4KICAgICAgICA8L2ZpZ3VyZT4KICAgICAgICA8 dD4KICAgICAgICAgIFRoZSA8c3Bhbnggc3R5bGU9J3ZlcmInPkF1dGhvcml6YXRpb248L3NwYW54 PiBoZWFkZXIgZmllbGQgdXNlcyB0aGUgZnJhbWV3b3JrIGRlZmluZWQgYnkKICAgICAgICAgIEhU VFAvMS4xIDx4cmVmIHRhcmdldD0nUkZDMjYxNycvPgoJICBhcyBmb2xsb3dzOgogICAgICAgIDwv dD4KICAgICAgICA8ZmlndXJlPgogICAgICAgICAgPGFydHdvcms+PCFbQ0RBVEFbCiAgYjY0dG9r ZW4gICAgPSAxKiggQUxQSEEgLyBESUdJVCAvCiAgICAgICAgICAgICAgICAgICAgIi0iIC8gIi4i IC8gIl8iIC8gIn4iIC8gIisiIC8gIi8iICkgKiI9IgogIGNyZWRlbnRpYWxzID0gIkJlYXJlciIg MSpTUCBiNjR0b2tlbgpdXT48L2FydHdvcms+CiAgICAgICAgPC9maWd1cmU+Cgk8dD4KCSAgQ2xp ZW50cyBTSE9VTEQgbWFrZSBhdXRoZW50aWNhdGVkIHJlcXVlc3RzIHdpdGggYSBiZWFyZXIKCSAg dG9rZW4gdXNpbmcgdGhlIDxzcGFueCBzdHlsZT0ndmVyYic+QXV0aG9yaXphdGlvbjwvc3Bhbng+ CgkgIHJlcXVlc3QgaGVhZGVyIGZpZWxkIHdpdGggdGhlIDxzcGFueAoJICBzdHlsZT0ndmVyYic+ QmVhcmVyPC9zcGFueD4gSFRUUCBhdXRob3JpemF0aW9uIHNjaGVtZS4KCSAgUmVzb3VyY2Ugc2Vy dmVycyBNVVNUIHN1cHBvcnQgdGhpcyBtZXRob2QuCgk8L3Q+CiAgICAgIDwvc2VjdGlvbj4KCiAg ICAgIDxzZWN0aW9uIHRpdGxlPSdGb3JtLUVuY29kZWQgQm9keSBQYXJhbWV0ZXInIGFuY2hvcj0n Ym9keS1wYXJhbSc+CiAgICAgICAgPHQ+CiAgICAgICAgICBXaGVuIHNlbmRpbmcgdGhlIGFjY2Vz cyB0b2tlbiBpbiB0aGUgSFRUUCByZXF1ZXN0CiAgICAgICAgICBlbnRpdHktYm9keSwgdGhlIGNs aWVudCBhZGRzIHRoZSBhY2Nlc3MgdG9rZW4gdG8gdGhlIHJlcXVlc3QKICAgICAgICAgIGJvZHkg dXNpbmcgdGhlIDxzcGFueCBzdHlsZT0ndmVyYic+YWNjZXNzX3Rva2VuPC9zcGFueD4KICAgICAg ICAgIHBhcmFtZXRlci4gIFRoZSBjbGllbnQgTVVTVCBOT1QgdXNlIHRoaXMgbWV0aG9kIHVubGVz cwoJICBhbGwgb2YgdGhlIGZvbGxvd2luZyBjb25kaXRpb25zIGFyZSBtZXQ6CiAgICAgICAgICA8 bGlzdCBzdHlsZT0nc3ltYm9scyc+CiAgICAgICAgICAgIDx0PgogICAgICAgICAgICAgIFRoZSBI VFRQIHJlcXVlc3QgZW50aXR5LWhlYWRlciBpbmNsdWRlcyB0aGUgPHNwYW54IHN0eWxlPSd2ZXJi Jz5Db250ZW50LVR5cGU8L3NwYW54PgogICAgICAgICAgICAgIGhlYWRlciBmaWVsZCBzZXQgdG8g PHNwYW54IHN0eWxlPSd2ZXJiJz5hcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQ8L3Nw YW54Pi4KICAgICAgICAgICAgPC90PgogICAgICAgICAgICA8dD4KICAgICAgICAgICAgICBUaGUg ZW50aXR5LWJvZHkgZm9sbG93cyB0aGUgZW5jb2RpbmcgcmVxdWlyZW1lbnRzIG9mIHRoZQogICAg ICAgICAgICAgIDxzcGFueCBzdHlsZT0ndmVyYic+YXBwbGljYXRpb24veC13d3ctZm9ybS11cmxl bmNvZGVkPC9zcGFueD4gY29udGVudC10eXBlIGFzCiAgICAgICAgICAgICAgZGVmaW5lZCBieQoJ ICAgICAgSFRNTCA0LjAxIDx4cmVmIHRhcmdldD0nVzNDLlJFQy1odG1sNDAxLTE5OTkxMjI0JyAv Pi4KICAgICAgICAgICAgPC90PgogICAgICAgICAgICA8dD4KICAgICAgICAgICAgICBUaGUgSFRU UCByZXF1ZXN0IGVudGl0eS1ib2R5IGlzIHNpbmdsZS1wYXJ0LgogICAgICAgICAgICA8L3Q+Cgkg ICAgPHQ+CgkgICAgICBUaGUgY29udGVudCB0byBiZSBlbmNvZGVkIGluIHRoZSBlbnRpdHktYm9k eSBNVVNUCgkgICAgICBjb25zaXN0IGVudGlyZWx5IG9mIEFTQ0lJIDx4cmVmIHRhcmdldD0iVVNB U0NJSSIgLz4gY2hhcmFjdGVycy4KCSAgICA8L3Q+CiAgICAgICAgICAgIDx0PgogICAgICAgICAg ICAgIFRoZSBIVFRQIHJlcXVlc3QgbWV0aG9kIGlzIG9uZSBmb3Igd2hpY2ggdGhlIHJlcXVlc3QK ICAgICAgICAgICAgICBib2R5IGhhcyBkZWZpbmVkIHNlbWFudGljcy4gIEluIHBhcnRpY3VsYXIs CiAgICAgICAgICAgICAgdGhpcyBtZWFucyB0aGF0IHRoZSA8c3Bhbnggc3R5bGU9J3ZlcmInPkdF VDwvc3Bhbng+CiAgICAgICAgICAgICAgbWV0aG9kIE1VU1QgTk9UIGJlIHVzZWQuCiAgICAgICAg ICAgIDwvdD4KICAgICAgICAgIDwvbGlzdD4KICAgICAgICA8L3Q+CiAgICAgICAgPHQ+CiAgICAg ICAgICBUaGUgZW50aXR5LWJvZHkgTUFZIGluY2x1ZGUgb3RoZXIgcmVxdWVzdC1zcGVjaWZpYwog ICAgICAgICAgcGFyYW1ldGVycywgaW4gd2hpY2ggY2FzZSwgdGhlIDxzcGFueAogICAgICAgICAg c3R5bGU9J3ZlcmInPmFjY2Vzc190b2tlbjwvc3Bhbng+IHBhcmFtZXRlciBNVVNUIGJlIHByb3Bl cmx5CiAgICAgICAgICBzZXBhcmF0ZWQgZnJvbSB0aGUgcmVxdWVzdC1zcGVjaWZpYyBwYXJhbWV0 ZXJzIHVzaW5nIDxzcGFueAogICAgICAgICAgc3R5bGU9J3ZlcmInPiZhbXA7PC9zcGFueD4gY2hh cmFjdGVyKHMpIChBU0NJSSBjb2RlIDM4KS4KICAgICAgICA8L3Q+CiAgICAgICAgPGZpZ3VyZT4K ICAgICAgICAgIDxwcmVhbWJsZT4KICAgICAgICAgICAgRm9yIGV4YW1wbGUsIHRoZSBjbGllbnQg bWFrZXMgdGhlIGZvbGxvd2luZyBIVFRQIHJlcXVlc3QgdXNpbmcgdHJhbnNwb3J0LWxheWVyCiAg ICAgICAgICAgIHNlY3VyaXR5OgogICAgICAgICAgPC9wcmVhbWJsZT4KICAgICAgICAgIDxhcnR3 b3JrPjwhW0NEQVRBWwogIFBPU1QgL3Jlc291cmNlIEhUVFAvMS4xCiAgSG9zdDogc2VydmVyLmV4 YW1wbGUuY29tCiAgQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29k ZWQKCiAgYWNjZXNzX3Rva2VuPW1GXzkuQjVmLTQuMUpxTQpdXT48L2FydHdvcms+CiAgICAgICAg PC9maWd1cmU+Cgk8dD4KCSAgVGhlIDxzcGFueCBzdHlsZT0ndmVyYic+YXBwbGljYXRpb24veC13 d3ctZm9ybS11cmxlbmNvZGVkPC9zcGFueD4KCSAgbWV0aG9kIFNIT1VMRCBOT1QgYmUgdXNlZCBl eGNlcHQgaW4gYXBwbGljYXRpb24gY29udGV4dHMKCSAgd2hlcmUgcGFydGljaXBhdGluZyBicm93 c2VycyBkbyBub3QgaGF2ZSBhY2Nlc3MgdG8gdGhlCgkgIDxzcGFueCBzdHlsZT0ndmVyYic+QXV0 aG9yaXphdGlvbjwvc3Bhbng+IHJlcXVlc3QgaGVhZGVyCgkgIGZpZWxkLgoJICBSZXNvdXJjZSBz ZXJ2ZXJzIE1BWSBzdXBwb3J0IHRoaXMgbWV0aG9kLgoJPC90PgogICAgICA8L3NlY3Rpb24+Cgog ICAgICA8c2VjdGlvbiB0aXRsZT0nVVJJIFF1ZXJ5IFBhcmFtZXRlcicgYW5jaG9yPSdxdWVyeS1w YXJhbSc+CiAgICAgICAgPHQ+CiAgICAgICAgICBXaGVuIHNlbmRpbmcgdGhlIGFjY2VzcyB0b2tl biBpbiB0aGUgSFRUUCByZXF1ZXN0IFVSSSwgdGhlIGNsaWVudCBhZGRzIHRoZSBhY2Nlc3MKICAg ICAgICAgIHRva2VuIHRvIHRoZSByZXF1ZXN0IFVSSSBxdWVyeSBjb21wb25lbnQgYXMgZGVmaW5l ZCBieQoJICBVbmlmb3JtIFJlc291cmNlIElkZW50aWZpZXIgKFVSSSkgPHhyZWYgdGFyZ2V0PSdS RkMzOTg2JyAvPgoJICB1c2luZwogICAgICAgICAgdGhlIDxzcGFueCBzdHlsZT0ndmVyYic+YWNj ZXNzX3Rva2VuPC9zcGFueD4gcGFyYW1ldGVyLgogICAgICAgIDwvdD4KICAgICAgICA8ZmlndXJl PgogICAgICAgICAgPHByZWFtYmxlPgogICAgICAgICAgICBGb3IgZXhhbXBsZSwgdGhlIGNsaWVu dCBtYWtlcyB0aGUgZm9sbG93aW5nIEhUVFAgcmVxdWVzdCB1c2luZyB0cmFuc3BvcnQtbGF5ZXIK ICAgICAgICAgICAgc2VjdXJpdHk6CiAgICAgICAgICA8L3ByZWFtYmxlPgogICAgICAgICAgPGFy dHdvcms+PCFbQ0RBVEFbCiAgR0VUIC9yZXNvdXJjZT9hY2Nlc3NfdG9rZW49bUZfOS5CNWYtNC4x SnFNIEhUVFAvMS4xCiAgSG9zdDogc2VydmVyLmV4YW1wbGUuY29tCl1dPjwvYXJ0d29yaz4KICAg ICAgICA8L2ZpZ3VyZT4KICAgICAgICA8dD4KICAgICAgICAgIFRoZSBIVFRQIHJlcXVlc3QgVVJJ IHF1ZXJ5IGNhbiBpbmNsdWRlIG90aGVyCiAgICAgICAgICByZXF1ZXN0LXNwZWNpZmljIHBhcmFt ZXRlcnMsIGluIHdoaWNoIGNhc2UsIHRoZSA8c3BhbngKICAgICAgICAgIHN0eWxlPSd2ZXJiJz5h Y2Nlc3NfdG9rZW48L3NwYW54PiBwYXJhbWV0ZXIgTVVTVCBiZSBwcm9wZXJseQogICAgICAgICAg c2VwYXJhdGVkIGZyb20gdGhlIHJlcXVlc3Qtc3BlY2lmaWMgcGFyYW1ldGVycyB1c2luZyA8c3Bh bngKICAgICAgICAgIHN0eWxlPSd2ZXJiJz4mYW1wOzwvc3Bhbng+IGNoYXJhY3RlcihzKSAoQVND SUkgY29kZSAzOCkuCiAgICAgICAgPC90PgogICAgICAgIDxmaWd1cmU+CiAgICAgICAgICA8cHJl YW1ibGU+CiAgICAgICAgICAgIEZvciBleGFtcGxlOgogICAgICAgICAgPC9wcmVhbWJsZT4KICAg ICAgICAgIDxhcnR3b3JrPjwhW0NEQVRBWwogaHR0cHM6Ly9zZXJ2ZXIuZXhhbXBsZS5jb20vcmVz b3VyY2U/YWNjZXNzX3Rva2VuPW1GXzkuQjVmLTQuMUpxTSZwPXEKXV0+PC9hcnR3b3JrPgogICAg ICAgIDwvZmlndXJlPgoJPHQ+CgkgIENsaWVudHMgdXNpbmcgdGhlIFVSSSBRdWVyeSBQYXJhbWV0 ZXIgbWV0aG9kIFNIT1VMRCBhbHNvIHNlbmQgYQoJICBDYWNoZS1Db250cm9sIGhlYWRlciBjb250 YWluaW5nIHRoZSAibm8tc3RvcmUiIG9wdGlvbi4gIFNlcnZlciBzdWNjZXNzCgkgICgyWFggc3Rh dHVzKSByZXNwb25zZXMgdG8gdGhlc2UgcmVxdWVzdHMgU0hPVUxEIGNvbnRhaW4gYSBDYWNoZS1D b250cm9sCgkgIGhlYWRlciB3aXRoIHRoZSAicHJpdmF0ZSIgb3B0aW9uLgoJPC90PgoJPHQ+Cgkg IEJlY2F1c2Ugb2YgdGhlIHNlY3VyaXR5IHdlYWtuZXNzZXMgYXNzb2NpYXRlZCB3aXRoIHRoZSBV UkkKCSAgbWV0aG9kIChzZWUgPHhyZWYgdGFyZ2V0PSJzZWMtY29uIiAvPiksIGluY2x1ZGluZyB0 aGUgaGlnaAoJICBsaWtlbGlob29kIHRoYXQgdGhlIFVSTCBjb250YWluaW5nIHRoZSBhY2Nlc3Mg dG9rZW4gd2lsbCBiZQoJICBsb2dnZWQsIGl0IFNIT1VMRCBOT1QgYmUgdXNlZCB1bmxlc3MgaXQg aXMgaW1wb3NzaWJsZSB0bwoJICB0cmFuc3BvcnQgdGhlIGFjY2VzcyB0b2tlbiBpbiB0aGUgPHNw YW54CgkgIHN0eWxlPSd2ZXJiJz5BdXRob3JpemF0aW9uPC9zcGFueD4gcmVxdWVzdCBoZWFkZXIg ZmllbGQgb3IKCSAgdGhlIEhUVFAgcmVxdWVzdCBlbnRpdHktYm9keS4KCSAgUmVzb3VyY2Ugc2Vy dmVycyBNQVkgc3VwcG9ydCB0aGlzIG1ldGhvZC4KCTwvdD4KCTx0PgoJICBUaGlzIG1ldGhvZCBp cyBpbmNsdWRlZCB0byBkb2N1bWVudCBjdXJyZW50IHVzZTsgaXRzIHVzZSBpcwoJICBub3QgcmVj b21tZW5kZWQsIGJvdGggZHVlIHRvIGl0cyBzZWN1cml0eSBkZWZpY2llbmNpZXMgKHNlZQoJICA8 eHJlZiB0YXJnZXQ9InNlYy1jb24iIC8+KSBhbmQgYmVjYXVzZSBpdCB1c2VzIGEKCSAgcmVzZXJ2 ZWQgcXVlcnkgcGFyYW1ldGVyIG5hbWUsIHdoaWNoIGlzIGNvdW50ZXIgdG8KCSAgVVJJIG5hbWVz cGFjZSBiZXN0IHByYWN0aWNlcywgcGVyIHRoZQoJICBBcmNoaXRlY3R1cmUgb2YgdGhlIFdvcmxk IFdpZGUgV2ViIDx4cmVmIHRhcmdldD0nVzNDLlJFQy13ZWJhcmNoLTIwMDQxMjE1JyAvPi4KCTwv dD4KICAgICAgPC9zZWN0aW9uPgoKICAgIDwvc2VjdGlvbj4KCiAgICA8c2VjdGlvbiB0aXRsZT0n VGhlIFdXVy1BdXRoZW50aWNhdGUgUmVzcG9uc2UgSGVhZGVyIEZpZWxkJyBhbmNob3I9J2F1dGhu LWhlYWRlcic+CiAgICAgIDx0PgoJSWYgdGhlIHByb3RlY3RlZCByZXNvdXJjZSByZXF1ZXN0IGRv ZXMgbm90IGluY2x1ZGUKCWF1dGhlbnRpY2F0aW9uIGNyZWRlbnRpYWxzIG9yIGRvZXMgbm90IGNv bnRhaW4gYW4gYWNjZXNzCgl0b2tlbiB0aGF0IGVuYWJsZXMgYWNjZXNzIHRvIHRoZSBwcm90ZWN0 ZWQgcmVzb3VyY2UsCgl0aGUgcmVzb3VyY2Ugc2VydmVyIE1VU1QgaW5jbHVkZSB0aGUgSFRUUCA8 c3BhbngKCXN0eWxlPSd2ZXJiJz5XV1ctQXV0aGVudGljYXRlPC9zcGFueD4gcmVzcG9uc2UgaGVh ZGVyIGZpZWxkOwoJaXQgTUFZIGluY2x1ZGUgaXQgaW4gcmVzcG9uc2UgdG8gb3RoZXIgY29uZGl0 aW9ucyBhcyB3ZWxsLgoJVGhlIDxzcGFueCBzdHlsZT0ndmVyYic+V1dXLUF1dGhlbnRpY2F0ZTwv c3Bhbng+IGhlYWRlcgoJZmllbGQgdXNlcyB0aGUgZnJhbWV3b3JrIGRlZmluZWQgYnkKCUhUVFAv MS4xIDx4cmVmIHRhcmdldD0nUkZDMjYxNycvPi4KICAgICAgPC90PgogICAgICA8dD4KCUFsbCBj aGFsbGVuZ2VzIGRlZmluZWQgYnkgdGhpcyBzcGVjaWZpY2F0aW9uIE1VU1QgdXNlIHRoZQoJYXV0 aC1zY2hlbWUgdmFsdWUgPHNwYW54IHN0eWxlPSd2ZXJiJz5CZWFyZXI8L3NwYW54Pi4gIFRoaXMK CXNjaGVtZSBNVVNUIGJlIGZvbGxvd2VkIGJ5IG9uZSBvciBtb3JlIGF1dGgtcGFyYW0gdmFsdWVz LiAgVGhlCglhdXRoLXBhcmFtIGF0dHJpYnV0ZXMgdXNlZCBvciBkZWZpbmVkIGJ5IHRoaXMgc3Bl Y2lmaWNhdGlvbgoJYXJlIGFzIGZvbGxvd3MuICBPdGhlciBhdXRoLXBhcmFtIGF0dHJpYnV0ZXMg TUFZIGJlIHVzZWQgYXMKCXdlbGwuCiAgICAgIDwvdD4KICAgICAgPHQ+CglBIDxzcGFueCBzdHls ZT0ndmVyYic+cmVhbG08L3NwYW54PiBhdHRyaWJ1dGUgTUFZIGJlIGluY2x1ZGVkCgl0byBpbmRp Y2F0ZSB0aGUgc2NvcGUgb2YgcHJvdGVjdGlvbiBpbiB0aGUgbWFubmVyIGRlc2NyaWJlZCBpbgoJ SFRUUC8xLjEgPHhyZWYgdGFyZ2V0PSdSRkMyNjE3Jy8+LgoJVGhlIDxzcGFueCBzdHlsZT0ndmVy Yic+cmVhbG08L3NwYW54PiBhdHRyaWJ1dGUgTVVTVCBOT1QgYXBwZWFyIG1vcmUgdGhhbiBvbmNl LgogICAgICA8L3Q+CiAgICAgIDx0PgoJVGhlIDxzcGFueCBzdHlsZT0ndmVyYic+c2NvcGU8L3Nw YW54PiBhdHRyaWJ1dGUgaXMgZGVmaW5lZCBpbgoJU2VjdGlvbiAzLjMgb2YgT0F1dGggMi4wIEF1 dGhvcml6YXRpb24gPHhyZWYgdGFyZ2V0PSJJLUQuaWV0Zi1vYXV0aC12MiIvPi4KCVRoZSA8c3Bh bnggc3R5bGU9J3ZlcmInPnNjb3BlPC9zcGFueD4gYXR0cmlidXRlIGlzIGEgc3BhY2UtZGVsaW1p dGVkIGxpc3QKCW9mIGNhc2Ugc2Vuc2l0aXZlIHNjb3BlIHZhbHVlcwoJaW5kaWNhdGluZyB0aGUg cmVxdWlyZWQgc2NvcGUgb2YgdGhlIGFjY2VzcyB0b2tlbiBmb3IgYWNjZXNzaW5nIHRoZSByZXF1 ZXN0ZWQgcmVzb3VyY2UuCgk8c3Bhbnggc3R5bGU9J3ZlcmInPnNjb3BlPC9zcGFueD4gdmFsdWVz IGFyZSBpbXBsZW1lbnRhdGlvbiBkZWZpbmVkOwoJdGhlcmUgaXMgbm8gY2VudHJhbGl6ZWQgcmVn aXN0cnkgZm9yIHRoZW07CglhbGxvd2VkIHZhbHVlcyBhcmUgZGVmaW5lZCBieSB0aGUgYXV0aG9y aXphdGlvbiBzZXJ2ZXIuCglUaGUgb3JkZXIgb2YgPHNwYW54IHN0eWxlPSd2ZXJiJz5zY29wZTwv c3Bhbng+IHZhbHVlcyBpcyBub3Qgc2lnbmlmaWNhbnQuCglJbiBzb21lIGNhc2VzLCB0aGUgPHNw YW54IHN0eWxlPSd2ZXJiJz5zY29wZTwvc3Bhbng+IHZhbHVlCgl3aWxsIGJlIHVzZWQgd2hlbiBy ZXF1ZXN0aW5nIGEgbmV3IGFjY2VzcyB0b2tlbiB3aXRoCglzdWZmaWNpZW50IHNjb3BlIG9mIGFj Y2VzcyB0byB1dGlsaXplIHRoZSBwcm90ZWN0ZWQgcmVzb3VyY2UuCglVc2Ugb2YgdGhlIDxzcGFu eCBzdHlsZT0ndmVyYic+c2NvcGU8L3NwYW54PiBhdHRyaWJ1dGUgaXMgT1BUSU9OQUwuCglUaGUg PHNwYW54IHN0eWxlPSd2ZXJiJz5zY29wZTwvc3Bhbng+IGF0dHJpYnV0ZSBNVVNUIE5PVCBhcHBl YXIgbW9yZSB0aGFuIG9uY2UuCglUaGUgPHNwYW54IHN0eWxlPSd2ZXJiJz5zY29wZTwvc3Bhbng+ IHZhbHVlIGlzIGludGVuZGVkIGZvcgoJcHJvZ3JhbW1hdGljIHVzZSBhbmQgaXMgbm90IG1lYW50 IHRvIGJlIGRpc3BsYXllZCB0bwoJZW5kIHVzZXJzLiAKICAgICAgPC90PgogICAgICA8ZmlndXJl PgoJPHByZWFtYmxlPgoJICBUd28gZXhhbXBsZSBzY29wZSB2YWx1ZXMgZm9sbG93OyB0aGVzZSBh cmUgdGFrZW4gZnJvbSB0aGUKCSAgT3BlbklEIENvbm5lY3QgPHhyZWYgdGFyZ2V0PSJPcGVuSUQu TWVzc2FnZXMiIC8+IGFuZCBPQVRDCgkgIE9ubGluZSBNdWx0aW1lZGlhIEF1dGhvcml6YXRpb24g UHJvdG9jb2wgPHhyZWYgdGFyZ2V0PSJPTUFQIgoJICAvPiBPQXV0aCAyLjAgdXNlIGNhc2VzLCBy ZXNwZWN0aXZlbHk6Cgk8L3ByZWFtYmxlPgoJPGFydHdvcms+PCFbQ0RBVEFbCiAgc2NvcGU9Im9w ZW5pZCBwcm9maWxlIGVtYWlsIgogIHNjb3BlPSJ1cm46ZXhhbXBsZTpjaGFubmVsPUhCTyZ1cm46 ZXhhbXBsZTpyYXRpbmc9RyxQRy0xMyIKXV0+PC9hcnR3b3JrPgogICAgICA8L2ZpZ3VyZT4KICAg ICAgPHQ+CglJZiB0aGUgcHJvdGVjdGVkIHJlc291cmNlIHJlcXVlc3QgaW5jbHVkZWQgYW4gYWNj ZXNzIHRva2VuIGFuZCBmYWlsZWQgYXV0aGVudGljYXRpb24sIHRoZQoJcmVzb3VyY2Ugc2VydmVy IFNIT1VMRCBpbmNsdWRlIHRoZSA8c3Bhbnggc3R5bGU9J3ZlcmInPmVycm9yPC9zcGFueD4gYXR0 cmlidXRlIHRvIHByb3ZpZGUKCXRoZSBjbGllbnQgd2l0aCB0aGUgcmVhc29uIHdoeSB0aGUgYWNj ZXNzIHJlcXVlc3Qgd2FzIGRlY2xpbmVkLiBUaGUgcGFyYW1ldGVyIHZhbHVlIGlzCglkZXNjcmli ZWQgaW4gPHhyZWYgdGFyZ2V0PSdyZXNvdXJjZS1lcnJvci1jb2RlcycgLz4uCglJbiBhZGRpdGlv biwgdGhlIHJlc291cmNlIHNlcnZlciBNQVkgaW5jbHVkZSB0aGUgPHNwYW54CglzdHlsZT0ndmVy Yic+ZXJyb3JfZGVzY3JpcHRpb248L3NwYW54PiBhdHRyaWJ1dGUgdG8gcHJvdmlkZQoJZGV2ZWxv cGVycyBhIGh1bWFuLXJlYWRhYmxlIGV4cGxhbmF0aW9uIHRoYXQgaXMgbm90IG1lYW50Cgl0byBi ZSBkaXNwbGF5ZWQgdG8gZW5kIHVzZXJzLgoJSXQgYWxzbyBNQVkgaW5jbHVkZQoJdGhlIDxzcGFu eCBzdHlsZT0ndmVyYic+ZXJyb3JfdXJpPC9zcGFueD4gYXR0cmlidXRlIHdpdGgKCWFuIGFic29s dXRlIFVSSSBpZGVudGlmeWluZyBhIGh1bWFuLXJlYWRhYmxlIHdlYiBwYWdlIGV4cGxhaW5pbmcg dGhlIGVycm9yLgoJVGhlIDxzcGFueCBzdHlsZT0ndmVyYic+ZXJyb3I8L3NwYW54PiwgPHNwYW54 IHN0eWxlPSd2ZXJiJz5lcnJvcl9kZXNjcmlwdGlvbjwvc3Bhbng+LCBhbmQKCTxzcGFueCBzdHls ZT0ndmVyYic+ZXJyb3JfdXJpPC9zcGFueD4gYXR0cmlidXRlcyBNVVNUIE5PVCBhcHBlYXIgbW9y ZSB0aGFuIG9uY2UuCiAgICAgIDwvdD4KICAgICAgPHQ+CglWYWx1ZXMgZm9yIHRoZSA8c3Bhbngg c3R5bGU9J3ZlcmInPnNjb3BlPC9zcGFueD4gYXR0cmlidXRlIE1VU1QgTk9UIGluY2x1ZGUKCWNo YXJhY3RlcnMgb3V0c2lkZSB0aGUgc2V0ICV4MjEgLyAleDIzLTVCIC8gJXg1RC03RQoJc3BlY2lm aWVkIGluIFNlY3Rpb24gQS40IG9mCglPQXV0aCAyLjAgQXV0aG9yaXphdGlvbiA8eHJlZiB0YXJn ZXQ9IkktRC5pZXRmLW9hdXRoLXYyIi8+Cglmb3IgcmVwcmVzZW50aW5nIHNjb3BlIHZhbHVlcyBh bmQgJXgyMCBmb3IgZGVsaW1pdGVycyBiZXR3ZWVuIHNjb3BlIHZhbHVlcy4KCVZhbHVlcyBmb3Ig dGhlIDxzcGFueCBzdHlsZT0ndmVyYic+ZXJyb3I8L3NwYW54PiBhbmQgPHNwYW54CglzdHlsZT0n dmVyYic+ZXJyb3JfZGVzY3JpcHRpb248L3NwYW54PiBhdHRyaWJ1dGVzIE1VU1QgTk9UIGluY2x1 ZGUKCWNoYXJhY3RlcnMgb3V0c2lkZSB0aGUgc2V0ICV4MjAtMjEgLyAleDIzLTVCIC8gJXg1RC03 RQoJc3BlY2lmaWVkIGluIFNlY3Rpb25zIEEuNyBhbmQgQS44IG9mIE9BdXRoIDIuMCBBdXRob3Jp emF0aW9uLgoJVmFsdWVzIGZvciB0aGUgPHNwYW54IHN0eWxlPSd2ZXJiJz5lcnJvcl91cmk8L3Nw YW54PiBhdHRyaWJ1dGUKCU1VU1QgY29uZm9ybSB0byB0aGUgVVJJLVJlZmVyZW5jZSBzeW50YXgs IGFuZCB0aHVzIE1VU1QgTk9UIGluY2x1ZGUKCWNoYXJhY3RlcnMgb3V0c2lkZSB0aGUgc2V0ICV4 MjEgLyAleDIzLTVCIC8gJXg1RC03RQoJc3BlY2lmaWVkIGluIFNlY3Rpb24gQS45IG9mIE9BdXRo IDIuMCBBdXRob3JpemF0aW9uLgogICAgICA8L3Q+CiAgICAgIDxmaWd1cmU+Cgk8cHJlYW1ibGU+ CgkgIEZvciBleGFtcGxlLCBpbiByZXNwb25zZSB0byBhIHByb3RlY3RlZCByZXNvdXJjZSByZXF1 ZXN0IHdpdGhvdXQgYXV0aGVudGljYXRpb246Cgk8L3ByZWFtYmxlPgoJPGFydHdvcms+PCFbQ0RB VEFbCiAgSFRUUC8xLjEgNDAxIFVuYXV0aG9yaXplZAogIFdXVy1BdXRoZW50aWNhdGU6IEJlYXJl ciByZWFsbT0iZXhhbXBsZSIKXV0+PC9hcnR3b3JrPgogICAgICAgIDwvZmlndXJlPgogICAgICAg IDxmaWd1cmU+CiAgICAgICAgICA8cHJlYW1ibGU+CiAgICAgICAgICAgIEFuZCBpbiByZXNwb25z ZSB0byBhIHByb3RlY3RlZCByZXNvdXJjZSByZXF1ZXN0IHdpdGggYW4gYXV0aGVudGljYXRpb24g YXR0ZW1wdCB1c2luZyBhbgogICAgICAgICAgICBleHBpcmVkIGFjY2VzcyB0b2tlbjoKICAgICAg ICAgIDwvcHJlYW1ibGU+CiAgICAgICAgICA8YXJ0d29yaz48IVtDREFUQVsKICBIVFRQLzEuMSA0 MDEgVW5hdXRob3JpemVkCiAgV1dXLUF1dGhlbnRpY2F0ZTogQmVhcmVyIHJlYWxtPSJleGFtcGxl IiwKICAgICAgICAgICAgICAgICAgICBlcnJvcj0iaW52YWxpZF90b2tlbiIsCiAgICAgICAgICAg ICAgICAgICAgZXJyb3JfZGVzY3JpcHRpb249IlRoZSBhY2Nlc3MgdG9rZW4gZXhwaXJlZCIKXV0+ PC9hcnR3b3JrPgogICAgICA8L2ZpZ3VyZT4KCiAgICAgIDxzZWN0aW9uIHRpdGxlPSdFcnJvciBD b2RlcycgYW5jaG9yPSdyZXNvdXJjZS1lcnJvci1jb2Rlcyc+Cgk8dD4KCSAgV2hlbiBhIHJlcXVl c3QgZmFpbHMsIHRoZSByZXNvdXJjZSBzZXJ2ZXIgcmVzcG9uZHMgdXNpbmcgdGhlIGFwcHJvcHJp YXRlIEhUVFAgc3RhdHVzCgkgIGNvZGUgKHR5cGljYWxseSwgNDAwLCA0MDEsIDQwMywgb3IgNDA1 KSwKCSAgYW5kIGluY2x1ZGVzIG9uZSBvZiB0aGUgZm9sbG93aW5nIGVycm9yIGNvZGVzIGluCgkg IHRoZSByZXNwb25zZToKCgkgIDxsaXN0IHN0eWxlPSdoYW5naW5nJyBoYW5nSW5kZW50PSc2Jz4K CSAgICA8dCBoYW5nVGV4dD0naW52YWxpZF9yZXF1ZXN0Jz4KCSAgICAgIDx2c3BhY2UgLz4KCSAg ICAgIFRoZSByZXF1ZXN0IGlzIG1pc3NpbmcgYSByZXF1aXJlZCBwYXJhbWV0ZXIsIGluY2x1ZGVz IGFuIHVuc3VwcG9ydGVkIHBhcmFtZXRlciBvcgoJICAgICAgcGFyYW1ldGVyIHZhbHVlLCByZXBl YXRzIHRoZSBzYW1lIHBhcmFtZXRlciwgdXNlcyBtb3JlIHRoYW4gb25lIG1ldGhvZCBmb3IKCSAg ICAgIGluY2x1ZGluZyBhbiBhY2Nlc3MgdG9rZW4sIG9yIGlzIG90aGVyd2lzZSBtYWxmb3JtZWQu IFRoZSByZXNvdXJjZSBzZXJ2ZXIgU0hPVUxECgkgICAgICByZXNwb25kIHdpdGggdGhlIEhUVFAg NDAwIChCYWQgUmVxdWVzdCkgc3RhdHVzIGNvZGUuCgkgICAgPC90PgoJICAgIDx0IGhhbmdUZXh0 PSdpbnZhbGlkX3Rva2VuJz4KCSAgICAgIDx2c3BhY2UgLz4KCSAgICAgIFRoZSBhY2Nlc3MgdG9r ZW4gcHJvdmlkZWQgaXMgZXhwaXJlZCwgcmV2b2tlZCwgbWFsZm9ybWVkLCBvciBpbnZhbGlkIGZv ciBvdGhlcgoJICAgICAgcmVhc29ucy4gVGhlIHJlc291cmNlIFNIT1VMRCByZXNwb25kIHdpdGgg dGhlIEhUVFAgNDAxIChVbmF1dGhvcml6ZWQpIHN0YXR1cwoJICAgICAgY29kZS4gVGhlIGNsaWVu dCBNQVkgcmVxdWVzdCBhIG5ldyBhY2Nlc3MgdG9rZW4gYW5kIHJldHJ5IHRoZSBwcm90ZWN0ZWQg cmVzb3VyY2UKCSAgICAgIHJlcXVlc3QuCgkgICAgPC90PgoJICAgIDx0IGhhbmdUZXh0PSdpbnN1 ZmZpY2llbnRfc2NvcGUnPgoJICAgICAgPHZzcGFjZSAvPgoJICAgICAgVGhlIHJlcXVlc3QgcmVx dWlyZXMgaGlnaGVyIHByaXZpbGVnZXMgdGhhbiBwcm92aWRlZCBieSB0aGUgYWNjZXNzIHRva2Vu LiBUaGUKCSAgICAgIHJlc291cmNlIHNlcnZlciBTSE9VTEQgcmVzcG9uZCB3aXRoIHRoZSBIVFRQ IDQwMyAoRm9yYmlkZGVuKSBzdGF0dXMgY29kZSBhbmQgTUFZCgkgICAgICBpbmNsdWRlIHRoZSA8 c3Bhbnggc3R5bGU9J3ZlcmInPnNjb3BlPC9zcGFueD4gYXR0cmlidXRlIHdpdGggdGhlIHNjb3Bl IG5lY2Vzc2FyeSB0bwoJICAgICAgYWNjZXNzIHRoZSBwcm90ZWN0ZWQgcmVzb3VyY2UuCgkgICAg PC90PgoJICA8L2xpc3Q+Cgk8L3Q+Cgk8dD4KCSAgSWYgdGhlIHJlcXVlc3QgbGFja3MgYW55IGF1 dGhlbnRpY2F0aW9uIGluZm9ybWF0aW9uIChlLmcuLCB0aGUgY2xpZW50IHdhcyB1bmF3YXJlCgkg IGF1dGhlbnRpY2F0aW9uIGlzIG5lY2Vzc2FyeSBvciBhdHRlbXB0ZWQgdXNpbmcgYW4gdW5zdXBw b3J0ZWQgYXV0aGVudGljYXRpb24gbWV0aG9kKSwKCSAgdGhlIHJlc291cmNlIHNlcnZlciBTSE9V TEQgTk9UIGluY2x1ZGUgYW4gZXJyb3IgY29kZSBvciBvdGhlciBlcnJvciBpbmZvcm1hdGlvbi4K CTwvdD4KCTxmaWd1cmU+CgkgIDxwcmVhbWJsZT4KCSAgICBGb3IgZXhhbXBsZToKCSAgPC9wcmVh bWJsZT4KCSAgPGFydHdvcms+PCFbQ0RBVEFbCiAgSFRUUC8xLjEgNDAxIFVuYXV0aG9yaXplZAog IFdXVy1BdXRoZW50aWNhdGU6IEJlYXJlciByZWFsbT0iZXhhbXBsZSIKXV0+PC9hcnR3b3JrPgoJ PC9maWd1cmU+CiAgICAgIDwvc2VjdGlvbj4KCiAgICA8L3NlY3Rpb24+CgogICAgPHNlY3Rpb24g dGl0bGU9IkV4YW1wbGUgQWNjZXNzIFRva2VuIFJlc3BvbnNlIiBhbmNob3I9IkV4QWNjVG9rUmVz cCI+CiAgICAgIDx0PgoJVHlwaWNhbGx5IGEgYmVhcmVyIHRva2VuIGlzIHJldHVybmVkIHRvIHRo ZSBjbGllbnQgYXMgcGFydCBvZgoJYW4gT0F1dGggMi4wIDx4cmVmIHRhcmdldD0iSS1ELmlldGYt b2F1dGgtdjIiIC8+IGFjY2VzcyB0b2tlbgoJcmVzcG9uc2UuICBBbiBleGFtcGxlIG9mIHN1Y2gg YSByZXNwb25zZSBpczoKICAgICAgPC90PgogICAgICA8ZmlndXJlPjxhcnR3b3JrPjwhW0NEQVRB WwogIEhUVFAvMS4xIDIwMCBPSwogIENvbnRlbnQtVHlwZTogYXBwbGljYXRpb24vanNvbjtjaGFy c2V0PVVURi04CiAgQ2FjaGUtQ29udHJvbDogbm8tc3RvcmUKICBQcmFnbWE6IG5vLWNhY2hlCgog IHsKICAgICJhY2Nlc3NfdG9rZW4iOiJtRl85LkI1Zi00LjFKcU0iLAogICAgInRva2VuX3R5cGUi OiJCZWFyZXIiLAogICAgImV4cGlyZXNfaW4iOjM2MDAsCiAgICAicmVmcmVzaF90b2tlbiI6InRH enYzSk9rRjBYRzVReDJUbEtXSUEiCiAgfQpdXT48L2FydHdvcms+PC9maWd1cmU+CgogICAgPC9z ZWN0aW9uPgoKICAgIDxzZWN0aW9uIHRpdGxlPSdTZWN1cml0eSBDb25zaWRlcmF0aW9ucycgYW5j aG9yPSJzZWMtY29uIj4KCiAgICAgIDx0PgoJVGhpcyBzZWN0aW9uIGRlc2NyaWJlcyB0aGUgcmVs ZXZhbnQgc2VjdXJpdHkgdGhyZWF0cyByZWdhcmRpbmcKCXRva2VuIGhhbmRsaW5nIHdoZW4gdXNp bmcgYmVhcmVyIHRva2VucyBhbmQgZGVzY3JpYmVzIGhvdyB0bwoJbWl0aWdhdGUgdGhlc2UgdGhy ZWF0cy4KICAgICAgPC90PgoKICAgICAgPHNlY3Rpb24gdGl0bGU9IlNlY3VyaXR5IFRocmVhdHMi IGFuY2hvcj0idGhyZWF0cyI+CgoJPHQ+CgkgIFRoZSBmb2xsb3dpbmcgbGlzdCBwcmVzZW50cyBz ZXZlcmFsIGNvbW1vbiB0aHJlYXRzIGFnYWluc3QKCSAgcHJvdG9jb2xzIHV0aWxpemluZyBzb21l IGZvcm0gb2YgdG9rZW5zLiBUaGlzIGxpc3Qgb2YKCSAgdGhyZWF0cyBpcyBiYXNlZCBvbgoJICBO SVNUIFNwZWNpYWwgUHVibGljYXRpb24gODAwLTYzIDx4cmVmIHRhcmdldD0iTklTVDgwMC02MyIv Pi4KCSAgU2luY2UgdGhpcyBkb2N1bWVudCBidWlsZHMgb24gdGhlCgkgIE9BdXRoIDIuMCBBdXRo b3JpemF0aW9uIHNwZWNpZmljYXRpb24sIHdlIGV4Y2x1ZGUgYSBkaXNjdXNzaW9uIG9mIHRocmVh dHMKCSAgdGhhdCBhcmUgZGVzY3JpYmVkIHRoZXJlIG9yIGluIHJlbGF0ZWQgZG9jdW1lbnRzLgoJ PC90PgoKCTx0PgoJICA8bGlzdCBzdHlsZT0iaGFuZ2luZyI+CgkgICAgPHQgaGFuZ1RleHQ9IlRv a2VuIG1hbnVmYWN0dXJlL21vZGlmaWNhdGlvbjoiPgoJICAgICAgQW4gYXR0YWNrZXIgbWF5IGdl bmVyYXRlIGEgYm9ndXMgdG9rZW4gb3IgbW9kaWZ5IHRoZQoJICAgICAgdG9rZW4gY29udGVudHMg KHN1Y2ggYXMgdGhlIGF1dGhlbnRpY2F0aW9uIG9yIGF0dHJpYnV0ZQoJICAgICAgc3RhdGVtZW50 cykgb2YgYW4gZXhpc3RpbmcgdG9rZW4sIGNhdXNpbmcgdGhlIHJlc291cmNlCgkgICAgICBzZXJ2 ZXIgdG8gZ3JhbnQgaW5hcHByb3ByaWF0ZSBhY2Nlc3MgdG8gdGhlIGNsaWVudC4KCSAgICAgIEZv ciBleGFtcGxlLCBhbiBhdHRhY2tlciBtYXkgbW9kaWZ5IHRoZSB0b2tlbiB0byBleHRlbmQKCSAg ICAgIHRoZSB2YWxpZGl0eSBwZXJpb2Q7IGEgbWFsaWNpb3VzIGNsaWVudCBtYXkgbW9kaWZ5IHRo ZQoJICAgICAgYXNzZXJ0aW9uIHRvIGdhaW4gYWNjZXNzIHRvIGluZm9ybWF0aW9uIHRoYXQgdGhl eQoJICAgICAgc2hvdWxkIG5vdCBiZSBhYmxlIHRvIHZpZXcuCgkgICAgPC90PgoJICAgIDx0IGhh bmdUZXh0PSJUb2tlbiBkaXNjbG9zdXJlOiI+CgkgICAgICBUb2tlbnMgbWF5IGNvbnRhaW4gYXV0 aGVudGljYXRpb24gYW5kIGF0dHJpYnV0ZQoJICAgICAgc3RhdGVtZW50cyB0aGF0IGluY2x1ZGUg c2Vuc2l0aXZlIGluZm9ybWF0aW9uLgoJICAgIDwvdD4KCSAgICA8dCBoYW5nVGV4dD0iVG9rZW4g cmVkaXJlY3Q6Ij4KCSAgICAgIEFuIGF0dGFja2VyIHVzZXMgYSB0b2tlbiBnZW5lcmF0ZWQgZm9y IGNvbnN1bXB0aW9uIGJ5IAoJICAgICAgb25lIHJlc291cmNlIHNlcnZlciB0byBnYWluIGFjY2Vz cyB0byBhIGRpZmZlcmVudAoJICAgICAgcmVzb3VyY2Ugc2VydmVyIHRoYXQgbWlzdGFrZW5seSBi ZWxpZXZlcyB0aGUgdG9rZW4gdG8gYmUKCSAgICAgIGZvciBpdC4KCSAgICA8L3Q+CgkgICAgPHQg aGFuZ1RleHQ9IlRva2VuIHJlcGxheToiPgoJICAgICAgQW4gYXR0YWNrZXIgYXR0ZW1wdHMgdG8g dXNlIGEgdG9rZW4gdGhhdCBoYXMgYWxyZWFkeQoJICAgICAgYmVlbiB1c2VkIHdpdGggdGhhdCBy ZXNvdXJjZSBzZXJ2ZXIgaW4gdGhlIHBhc3QuCgkgICAgPC90PgoJICA8L2xpc3Q+IAoJPC90Pgog ICAgICA8L3NlY3Rpb24+IAoKICAgICAgPHNlY3Rpb24gdGl0bGU9IlRocmVhdCBNaXRpZ2F0aW9u IiBhbmNob3I9Im1pdGlnYXRpb24iPiAKCgk8dD4KCSAgQSBsYXJnZSByYW5nZSBvZiB0aHJlYXRz IGNhbiBiZSBtaXRpZ2F0ZWQgYnkgcHJvdGVjdGluZyB0aGUKCSAgY29udGVudHMgb2YgdGhlIHRv a2VuIGJ5IHVzaW5nIGEgZGlnaXRhbCBzaWduYXR1cmUgb3IgYQoJICBNZXNzYWdlIEF1dGhlbnRp Y2F0aW9uIENvZGUgKE1BQykuCgkgIEFsdGVybmF0aXZlbHksIGEgYmVhcmVyIHRva2VuIGNhbiBj b250YWluIGEgcmVmZXJlbmNlIHRvCgkgIGF1dGhvcml6YXRpb24gaW5mb3JtYXRpb24sIHJhdGhl ciB0aGFuIGVuY29kaW5nIHRoZQoJICBpbmZvcm1hdGlvbiBkaXJlY3RseS4gU3VjaCByZWZlcmVu Y2VzIE1VU1QgYmUgaW5mZWFzaWJsZSBmb3IKCSAgYW4gYXR0YWNrZXIgdG8gZ3Vlc3M7IHVzaW5n IGEgcmVmZXJlbmNlIG1heSByZXF1aXJlIGFuIGV4dHJhCgkgIGludGVyYWN0aW9uIGJldHdlZW4g YSBzZXJ2ZXIgYW5kIHRoZSB0b2tlbiBpc3N1ZXIgdG8gcmVzb2x2ZQoJICB0aGUgcmVmZXJlbmNl IHRvIHRoZSBhdXRob3JpemF0aW9uIGluZm9ybWF0aW9uLgoJICBUaGUgbWVjaGFuaWNzIG9mIHN1 Y2ggYW4gaW50ZXJhY3Rpb24gYXJlIG5vdCBkZWZpbmVkIGJ5IHRoaXMKCSAgc3BlY2lmaWNhdGlv bi4KCTwvdD4KCTx0PgoJICBUaGlzIGRvY3VtZW50IGRvZXMgbm90IHNwZWNpZnkgdGhlIGVuY29k aW5nIG9yIHRoZSBjb250ZW50cwoJICBvZiB0aGUgdG9rZW47IGhlbmNlIGRldGFpbGVkIHJlY29t bWVuZGF0aW9ucyBhYm91dCB0aGUgbWVhbnMKCSAgb2YgZ3VhcmFudGVlaW5nIHRva2VuIGludGVn cml0eSBwcm90ZWN0aW9uIGFyZSBvdXRzaWRlIHRoZQoJICBzY29wZSBvZiB0aGlzIGRvY3VtZW50 LiAgVGhlIHRva2VuIGludGVncml0eSBwcm90ZWN0aW9uIE1VU1QKCSAgYmUgc3VmZmljaWVudCB0 byBwcmV2ZW50IHRoZSB0b2tlbiBmcm9tIGJlaW5nIG1vZGlmaWVkLgoJPC90PgoJPHQ+CgkgIFRv IGRlYWwgd2l0aCB0b2tlbiByZWRpcmVjdCwgaXQgaXMgaW1wb3J0YW50IGZvciB0aGUKCSAgYXV0 aG9yaXphdGlvbiBzZXJ2ZXIgdG8gaW5jbHVkZSB0aGUgaWRlbnRpdHkgb2YgdGhlIGludGVuZGVk CgkgIHJlY2lwaWVudHMgKHRoZSBhdWRpZW5jZSksIHR5cGljYWxseSBhIHNpbmdsZSByZXNvdXJj ZQoJICBzZXJ2ZXIgKG9yIGEgbGlzdCBvZiByZXNvdXJjZSBzZXJ2ZXJzKSwgaW4gdGhlIHRva2Vu LgoJICBSZXN0cmljdGluZyB0aGUgdXNlIG9mIHRoZSB0b2tlbiB0byBhIHNwZWNpZmljIHNjb3Bl IGlzIGFsc28KCSAgUkVDT01NRU5ERUQuCgk8L3Q+Cgk8dD4KCSAgVGhlIGF1dGhvcml6YXRpb24g c2VydmVyIE1VU1QgaW1wbGVtZW50IFRMUy4KCSAgV2hpY2ggdmVyc2lvbihzKSBvdWdodCB0byBi ZSBpbXBsZW1lbnRlZCB3aWxsIHZhcnkgb3ZlcgoJICB0aW1lLCBhbmQgZGVwZW5kIG9uIHRoZSB3 aWRlc3ByZWFkIGRlcGxveW1lbnQgYW5kIGtub3duCgkgIHNlY3VyaXR5IHZ1bG5lcmFiaWxpdGll cyBhdCB0aGUgdGltZSBvZiBpbXBsZW1lbnRhdGlvbi4KCSAgQXQgdGhlIHRpbWUgb2YgdGhpcyB3 cml0aW5nLAoJICBUTFMgdmVyc2lvbiAxLjIgPHhyZWYgdGFyZ2V0PSdSRkM1MjQ2JyAvPgoJICBp cyB0aGUgbW9zdCByZWNlbnQgdmVyc2lvbiwgYnV0IGhhcyB2ZXJ5IGxpbWl0ZWQgYWN0dWFsCgkg IGRlcGxveW1lbnQsIGFuZCBtaWdodCBub3QgYmUgcmVhZGlseSBhdmFpbGFibGUgaW4KCSAgaW1w bGVtZW50YXRpb24gdG9vbGtpdHMuCgkgIFRMUyB2ZXJzaW9uIDEuMCA8eHJlZiB0YXJnZXQ9J1JG QzIyNDYnIC8+CgkgIGlzIHRoZSBtb3N0IHdpZGVseSBkZXBsb3llZCB2ZXJzaW9uLCBhbmQgd2ls bCBnaXZlIHRoZQoJICBicm9hZGVzdCBpbnRlcm9wZXJhYmlsaXR5LgoJPC90PgoJPHQ+CgkgIFRv IHByb3RlY3QgYWdhaW5zdCB0b2tlbiBkaXNjbG9zdXJlLCBjb25maWRlbnRpYWxpdHkKCSAgcHJv dGVjdGlvbiBNVVNUIGJlIGFwcGxpZWQgdXNpbmcKCSAgVExTIDx4cmVmIHRhcmdldD0nUkZDNTI0 NicgLz4KCSAgd2l0aCBhIGNpcGhlcnN1aXRlIHRoYXQgcHJvdmlkZXMgY29uZmlkZW50aWFsaXR5 IGFuZAoJICBpbnRlZ3JpdHkgcHJvdGVjdGlvbi4gIFRoaXMKCSAgcmVxdWlyZXMgdGhhdCB0aGUg Y29tbXVuaWNhdGlvbiBpbnRlcmFjdGlvbiBiZXR3ZWVuIHRoZQoJICBjbGllbnQgYW5kIHRoZSBh dXRob3JpemF0aW9uIHNlcnZlciwgYXMgd2VsbCBhcyB0aGUKCSAgaW50ZXJhY3Rpb24gYmV0d2Vl biB0aGUgY2xpZW50IGFuZCB0aGUgcmVzb3VyY2Ugc2VydmVyLAoJICB1dGlsaXplIGNvbmZpZGVu dGlhbGl0eSBhbmQgaW50ZWdyaXR5IHByb3RlY3Rpb24uCgkgIFNpbmNlIFRMUyBpcyBtYW5kYXRv cnkgdG8KCSAgaW1wbGVtZW50IGFuZCB0byB1c2Ugd2l0aCB0aGlzIHNwZWNpZmljYXRpb24sIGl0 IGlzIHRoZQoJICBwcmVmZXJyZWQgYXBwcm9hY2ggZm9yIHByZXZlbnRpbmcgdG9rZW4gZGlzY2xv c3VyZSB2aWEgdGhlCgkgIGNvbW11bmljYXRpb24gY2hhbm5lbC4gRm9yIHRob3NlIGNhc2VzIHdo ZXJlIHRoZSBjbGllbnQKCSAgaXMgcHJldmVudGVkIGZyb20gb2JzZXJ2aW5nIHRoZSBjb250ZW50 cyBvZiB0aGUgdG9rZW4sIHRva2VuCgkgIGVuY3J5cHRpb24gTVVTVCBiZSBhcHBsaWVkIGluIGFk ZGl0aW9uIHRvIHRoZSB1c2FnZSBvZiBUTFMKCSAgcHJvdGVjdGlvbi4KCSAgQXMgYSBmdXJ0aGVy IGRlZmVuc2UgYWdhaW5zdCB0b2tlbiBkaXNjbG9zdXJlLCB0aGUgY2xpZW50CgkgIE1VU1QgdmFs aWRhdGUgdGhlIFRMUyBjZXJ0aWZpY2F0ZSBjaGFpbiB3aGVuIG1ha2luZyByZXF1ZXN0cwoJICB0 byBwcm90ZWN0ZWQgcmVzb3VyY2VzLCBpbmNsdWRpbmcgY2hlY2tpbmcgdGhlCgkgIENlcnRpZmlj YXRlIFJldm9jYXRpb24gTGlzdCAoQ1JMKSA8eHJlZiB0YXJnZXQ9J1JGQzUyODAnIC8+LgoJPC90 PgoJPHQ+CgkgIENvb2tpZXMgYXJlIHR5cGljYWxseSB0cmFuc21pdHRlZCBpbiB0aGUgY2xlYXIu ICBUaHVzLCBhbnkKCSAgaW5mb3JtYXRpb24gY29udGFpbmVkIGluIHRoZW0gaXMgYXQgcmlzayBv ZiBkaXNjbG9zdXJlLgoJICBUaGVyZWZvcmUsIGJlYXJlciB0b2tlbnMgTVVTVCBOT1QgYmUgc3Rv cmVkIGluIGNvb2tpZXMgdGhhdAoJICBjYW4gYmUgc2VudCBpbiB0aGUgY2xlYXIuCgkgIFNlZSBI VFRQIFN0YXRlIE1hbmFnZW1lbnQgTWVjaGFuaXNtIDx4cmVmIHRhcmdldD0nUkZDNjI2NScgLz4K CSAgZm9yIHNlY3VyaXR5IGNvbnNpZGVyYXRpb25zIGFib3V0IGNvb2tpZXMuCgk8L3Q+Cgk8dD4K CSAgSW4gc29tZSBkZXBsb3ltZW50cywgaW5jbHVkaW5nIHRob3NlIHV0aWxpemluZyBsb2FkCgkg IGJhbGFuY2VycywgdGhlIFRMUyBjb25uZWN0aW9uIHRvIHRoZSByZXNvdXJjZSBzZXJ2ZXIKCSAg dGVybWluYXRlcyBwcmlvciB0byB0aGUgYWN0dWFsIHNlcnZlciB0aGF0IHByb3ZpZGVzIHRoZQoJ ICByZXNvdXJjZS4gIFRoaXMgY291bGQgbGVhdmUgdGhlIHRva2VuIHVucHJvdGVjdGVkIGJldHdl ZW4KCSAgdGhlIGZyb250IGVuZCBzZXJ2ZXIgd2hlcmUgdGhlIFRMUyBjb25uZWN0aW9uIHRlcm1p bmF0ZXMgYW5kCgkgIHRoZSBiYWNrIGVuZCBzZXJ2ZXIgdGhhdCBwcm92aWRlcyB0aGUgcmVzb3Vy Y2UuICBJbiBzdWNoCgkgIGRlcGxveW1lbnRzLCBzdWZmaWNpZW50IG1lYXN1cmVzIE1VU1QgYmUg ZW1wbG95ZWQgdG8gZW5zdXJlCgkgIGNvbmZpZGVudGlhbGl0eSBvZiB0aGUgdG9rZW4gYmV0d2Vl biB0aGUgZnJvbnQgZW5kIGFuZAoJICBiYWNrIGVuZCBzZXJ2ZXJzOyBlbmNyeXB0aW9uIG9mIHRo ZSB0b2tlbiBpcyBvbmUgcG9zc2libGUKCSAgc3VjaCBtZWFzdXJlLgoJPC90PgoJPHQ+CgkgIFRv IGRlYWwgd2l0aCB0b2tlbiBjYXB0dXJlIGFuZCByZXBsYXksCgkgIHRoZSBmb2xsb3dpbmcgcmVj b21tZW5kYXRpb25zIGFyZQoJICBtYWRlOiBGaXJzdCwgdGhlIGxpZmV0aW1lIG9mIHRoZSB0b2tl biBNVVNUIGJlIGxpbWl0ZWQ7CgkgIG9uZSBtZWFucyBvZiBhY2hpZXZpbmcgdGhpcyBpcyBieQoJ ICBwdXR0aW5nIGEgdmFsaWRpdHkgdGltZSBmaWVsZCBpbnNpZGUgdGhlIHByb3RlY3RlZCBwYXJ0 IG9mCgkgIHRoZSB0b2tlbi4gIE5vdGUgdGhhdCB1c2luZyBzaG9ydC1saXZlZCAob25lIGhvdXIg b3IgbGVzcykKCSAgdG9rZW5zIHJlZHVjZXMgdGhlIGltcGFjdCBvZiB0aGVtIGJlaW5nCgkgIGxl YWtlZC4gIFNlY29uZCwgY29uZmlkZW50aWFsaXR5IHByb3RlY3Rpb24gb2YgdGhlIGV4Y2hhbmdl cwoJICBiZXR3ZWVuIHRoZSBjbGllbnQgYW5kIHRoZSBhdXRob3JpemF0aW9uIHNlcnZlciBhbmQg YmV0d2VlbgoJICB0aGUgY2xpZW50IGFuZCB0aGUgcmVzb3VyY2Ugc2VydmVyIE1VU1QgYmUgYXBw bGllZC4KCSAgQXMgYQoJICBjb25zZXF1ZW5jZSwgbm8gZWF2ZXNkcm9wcGVyIGFsb25nIHRoZSBj b21tdW5pY2F0aW9uIHBhdGggaXMKCSAgYWJsZSB0byBvYnNlcnZlIHRoZSB0b2tlbiBleGNoYW5n ZS4gQ29uc2VxdWVudGx5LCBzdWNoIGFuCgkgIG9uLXBhdGggYWR2ZXJzYXJ5IGNhbm5vdCByZXBs YXkgdGhlIHRva2VuLgoJICBGdXJ0aGVybW9yZSwgd2hlbgoJICBwcmVzZW50aW5nIHRoZSB0b2tl biB0byBhIHJlc291cmNlIHNlcnZlciwgdGhlIGNsaWVudCBNVVNUCgkgIHZlcmlmeSB0aGUgaWRl bnRpdHkgb2YgdGhhdCByZXNvdXJjZSBzZXJ2ZXIsIGFzIHBlcgoJICBTZWN0aW9uIDMuMSBvZiBI VFRQIE92ZXIgVExTIDx4cmVmIHRhcmdldD0nUkZDMjgxOCcgLz4uCgkgIE5vdGUgdGhhdCB0aGUK CSAgY2xpZW50IE1VU1QgdmFsaWRhdGUgdGhlIFRMUyBjZXJ0aWZpY2F0ZSBjaGFpbiB3aGVuIG1h a2luZwoJICB0aGVzZSByZXF1ZXN0cyB0byBwcm90ZWN0ZWQgcmVzb3VyY2VzLiAgUHJlc2VudGlu ZyB0aGUgdG9rZW4KCSAgdG8gYW4gdW5hdXRoZW50aWNhdGVkIGFuZCB1bmF1dGhvcml6ZWQgcmVz b3VyY2Ugc2VydmVyIG9yCgkgIGZhaWxpbmcgdG8gdmFsaWRhdGUgdGhlIGNlcnRpZmljYXRlIGNo YWluIHdpbGwgYWxsb3cKCSAgYWR2ZXJzYXJpZXMgdG8gc3RlYWwgdGhlIHRva2VuIGFuZCBnYWlu IHVuYXV0aG9yaXplZCBhY2Nlc3MKCSAgdG8gcHJvdGVjdGVkIHJlc291cmNlcy4KCTwvdD4KICAg ICAgPC9zZWN0aW9uPiAKIAogICAgICA8c2VjdGlvbiB0aXRsZT0iU3VtbWFyeSBvZiBSZWNvbW1l bmRhdGlvbnMiPgoJPHQ+CgkgIDxsaXN0IHN0eWxlPSJoYW5naW5nIj4KCSAgICA8dCBoYW5nVGV4 dD0iU2FmZWd1YXJkIGJlYXJlciB0b2tlbnM6Ij4KCSAgICAgIENsaWVudCBpbXBsZW1lbnRhdGlv bnMgTVVTVCBlbnN1cmUgdGhhdCBiZWFyZXIgdG9rZW5zCgkgICAgICBhcmUgbm90IGxlYWtlZCB0 byB1bmludGVuZGVkIHBhcnRpZXMsIGFzIHRoZXkgd2lsbCBiZQoJICAgICAgYWJsZSB0byB1c2Ug dGhlbSB0byBnYWluIGFjY2VzcyB0byBwcm90ZWN0ZWQgcmVzb3VyY2VzLgoJICAgICAgVGhpcyBp cyB0aGUgcHJpbWFyeSBzZWN1cml0eSBjb25zaWRlcmF0aW9uIHdoZW4gdXNpbmcKCSAgICAgIGJl YXJlciB0b2tlbnMgYW5kIHVuZGVybGllcyBhbGwgdGhlIG1vcmUKCSAgICAgIHNwZWNpZmljIHJl Y29tbWVuZGF0aW9ucyB0aGF0IGZvbGxvdy4KCSAgICA8L3Q+CgkgICAgPHQgaGFuZ1RleHQ9IlZh bGlkYXRlIFRMUyBjZXJ0aWZpY2F0ZSBjaGFpbnM6Ij4KCSAgICAgIFRoZSBjbGllbnQgTVVTVCB2 YWxpZGF0ZSB0aGUgVExTIGNlcnRpZmljYXRlIGNoYWluIHdoZW4KCSAgICAgIG1ha2luZyByZXF1 ZXN0cyB0byBwcm90ZWN0ZWQgcmVzb3VyY2VzLiAgRmFpbGluZyB0byBkbwoJICAgICAgc28gbWF5 IGVuYWJsZSBETlMgaGlqYWNraW5nIGF0dGFja3MgdG8gc3RlYWwgdGhlIHRva2VuCgkgICAgICBh bmQgZ2FpbiB1bmludGVuZGVkIGFjY2Vzcy4KCSAgICA8L3Q+CgkgICAgPHQgaGFuZ1RleHQ9IkFs d2F5cyB1c2UgVExTIChodHRwcyk6Ij4KCSAgICAgIENsaWVudHMgTVVTVCBhbHdheXMgdXNlCgkg ICAgICBUTFMgPHhyZWYgdGFyZ2V0PSdSRkM1MjQ2JyAvPgoJICAgICAgKGh0dHBzKSBvciBlcXVp dmFsZW50IHRyYW5zcG9ydCBzZWN1cml0eSB3aGVuIG1ha2luZyByZXF1ZXN0cwoJICAgICAgd2l0 aCBiZWFyZXIgdG9rZW5zLiAgRmFpbGluZyB0byBkbyBzbyBleHBvc2VzIHRoZSB0b2tlbgoJICAg ICAgdG8gbnVtZXJvdXMgYXR0YWNrcyB0aGF0IGNvdWxkIGdpdmUgYXR0YWNrZXJzIHVuaW50ZW5k ZWQKCSAgICAgIGFjY2Vzcy4KCSAgICA8L3Q+CgkgICAgPHQgaGFuZ1RleHQ9IkRvbid0IHN0b3Jl IGJlYXJlciB0b2tlbnMgaW4gY29va2llczoiPgoJICAgICAgSW1wbGVtZW50YXRpb25zIE1VU1Qg Tk9UIHN0b3JlIGJlYXJlciB0b2tlbnMgd2l0aGluCgkgICAgICBjb29raWVzIHRoYXQgY2FuIGJl IHNlbnQgaW4gdGhlIGNsZWFyICh3aGljaCBpcyB0aGUKCSAgICAgIGRlZmF1bHQgdHJhbnNtaXNz aW9uIG1vZGUgZm9yIGNvb2tpZXMpLgoJICAgICAgSW1wbGVtZW50YXRpb25zIHRoYXQgZG8gc3Rv cmUgYmVhcmVyIHRva2VucyBpbiBjb29raWVzCgkgICAgICBNVVNUIHRha2UgcHJlY2F1dGlvbnMg YWdhaW5zdCBjcm9zcyBzaXRlIHJlcXVlc3QgZm9yZ2VyeS4KCSAgICA8L3Q+CgkgICAgPHQgaGFu Z1RleHQ9Iklzc3VlIHNob3J0LWxpdmVkIGJlYXJlciB0b2tlbnM6Ij4KCSAgICAgIFRva2VuIHNl cnZlcnMgU0hPVUxEIGlzc3VlIHNob3J0LWxpdmVkIChvbmUgaG91ciBvcgoJICAgICAgbGVzcykg YmVhcmVyIHRva2VucywgcGFydGljdWxhcmx5IHdoZW4gaXNzdWluZyB0b2tlbnMgdG8KCSAgICAg IGNsaWVudHMgdGhhdCBydW4gd2l0aGluIGEgd2ViIGJyb3dzZXIgb3Igb3RoZXIKCSAgICAgIGVu dmlyb25tZW50cyB3aGVyZSBpbmZvcm1hdGlvbiBsZWFrYWdlIG1heSBvY2N1ci4gIFVzaW5nCgkg ICAgICBzaG9ydC1saXZlZCBiZWFyZXIgdG9rZW5zIGNhbiByZWR1Y2UgdGhlIGltcGFjdCBvZiB0 aGVtCgkgICAgICBiZWluZyBsZWFrZWQuCgkgICAgPC90PgoJICAgIDx0IGhhbmdUZXh0PSJJc3N1 ZSBzY29wZWQgYmVhcmVyIHRva2VuczoiPgoJICAgICAgVG9rZW4gc2VydmVycyBTSE9VTEQgaXNz dWUgYmVhcmVyIHRva2VucyB0aGF0IGNvbnRhaW4gYW4gYXVkaWVuY2UKCSAgICAgIHJlc3RyaWN0 aW9uLCBzY29waW5nIHRoZWlyIHVzZSB0byB0aGUgaW50ZW5kZWQgcmVseWluZwoJICAgICAgcGFy dHkgb3Igc2V0IG9mIHJlbHlpbmcgcGFydGllcy4KCSAgICA8L3Q+CgkgICAgPHQgaGFuZ1RleHQ9 IkRvbid0IHBhc3MgYmVhcmVyIHRva2VucyBpbiBwYWdlIFVSTHM6Ij4KCSAgICAgIEJlYXJlciB0 b2tlbnMgU0hPVUxEIE5PVCBiZSBwYXNzZWQgaW4gcGFnZSBVUkxzIChmb3IKCSAgICAgIGV4YW1w bGUgYXMgcXVlcnkgc3RyaW5nIHBhcmFtZXRlcnMpLiBJbnN0ZWFkLCBiZWFyZXIKCSAgICAgIHRv a2VucyBTSE9VTEQgYmUgcGFzc2VkIGluIEhUVFAgbWVzc2FnZSBoZWFkZXJzIG9yCgkgICAgICBt ZXNzYWdlIGJvZGllcyBmb3Igd2hpY2ggY29uZmlkZW50aWFsaXR5IG1lYXN1cmVzIGFyZQoJICAg ICAgdGFrZW4uIEJyb3dzZXJzLCB3ZWIgc2VydmVycywgYW5kIG90aGVyIHNvZnR3YXJlIG1heSBu b3QKCSAgICAgIGFkZXF1YXRlbHkgc2VjdXJlIFVSTHMgaW4gdGhlIGJyb3dzZXIgaGlzdG9yeSwg d2ViCgkgICAgICBzZXJ2ZXIgbG9ncywgYW5kIG90aGVyIGRhdGEgc3RydWN0dXJlcy4gSWYgYmVh cmVyIHRva2VucwoJICAgICAgYXJlIHBhc3NlZCBpbiBwYWdlIFVSTHMsIGF0dGFja2VycyBtaWdo dCBiZSBhYmxlIHRvCgkgICAgICBzdGVhbCB0aGVtIGZyb20gdGhlIGhpc3RvcnkgZGF0YSwgbG9n cywgb3Igb3RoZXIKCSAgICAgIHVuc2VjdXJlZCBsb2NhdGlvbnMuCgkgICAgPC90PgoJICA8L2xp c3Q+Cgk8L3Q+CiAgICAgIDwvc2VjdGlvbj4KICAgIDwvc2VjdGlvbj4KCiAgICA8c2VjdGlvbiB0 aXRsZT0nSUFOQSBDb25zaWRlcmF0aW9ucyc+ICAgCgogICAgICA8c2VjdGlvbiB0aXRsZT0nT0F1 dGggQWNjZXNzIFRva2VuIFR5cGUgUmVnaXN0cmF0aW9uJz4KICAgICAgICA8dD4KICAgICAgICAg IFRoaXMgc3BlY2lmaWNhdGlvbiByZWdpc3RlcnMgdGhlIGZvbGxvd2luZyBhY2Nlc3MgdG9rZW4g dHlwZSBpbiB0aGUKCSAgT0F1dGggQWNjZXNzIFRva2VuIFR5cGUgUmVnaXN0cnkgZGVmaW5lZCBp bgoJICBPQXV0aCAyLjAgQXV0aG9yaXphdGlvbiA8eHJlZiB0YXJnZXQ9IkktRC5pZXRmLW9hdXRo LXYyIi8+LgogICAgICAgIDwvdD4KCiAgICAgICAgPHNlY3Rpb24gdGl0bGU9J1RoZSAiQmVhcmVy IiBPQXV0aCBBY2Nlc3MgVG9rZW4gVHlwZSc+CiAgICAgICAgICA8dD4KICAgICAgICAgICAgPGxp c3Qgc3R5bGU9J2hhbmdpbmcnPgogICAgICAgICAgICAgIDx0IGhhbmdUZXh0PSdUeXBlIG5hbWU6 Jz4KICAgICAgICAgICAgICAgIDx2c3BhY2UgLz4KICAgICAgICAgICAgICAgIEJlYXJlcgogICAg ICAgICAgICAgIDwvdD4KICAgICAgICAgICAgICA8dCBoYW5nVGV4dD0nQWRkaXRpb25hbCBUb2tl biBFbmRwb2ludCBSZXNwb25zZSBQYXJhbWV0ZXJzOic+CiAgICAgICAgICAgICAgICA8dnNwYWNl IC8+CiAgICAgICAgICAgICAgICAobm9uZSkKICAgICAgICAgICAgICA8L3Q+CiAgICAgICAgICAg ICAgPHQgaGFuZ1RleHQ9J0hUVFAgQXV0aGVudGljYXRpb24gU2NoZW1lKHMpOic+CiAgICAgICAg ICAgICAgICA8dnNwYWNlIC8+CiAgICAgICAgICAgICAgICBCZWFyZXIKICAgICAgICAgICAgICA8 L3Q+CiAgICAgICAgICAgICAgPHQgaGFuZ1RleHQ9J0NoYW5nZSBjb250cm9sbGVyOic+CiAgICAg ICAgICAgICAgICA8dnNwYWNlIC8+CiAgICAgICAgICAgICAgICBJRVRGCiAgICAgICAgICAgICAg PC90PgogICAgICAgICAgICAgIDx0IGhhbmdUZXh0PSdTcGVjaWZpY2F0aW9uIGRvY3VtZW50KHMp Oic+CiAgICAgICAgICAgICAgICA8dnNwYWNlIC8+CiAgICAgICAgICAgICAgICBbWyB0aGlzIGRv Y3VtZW50IF1dCiAgICAgICAgICAgICAgPC90PgogICAgICAgICAgICA8L2xpc3Q+CiAgICAgICAg ICA8L3Q+CiAgICAgICAgPC9zZWN0aW9uPgogICAgICA8L3NlY3Rpb24+CgogICAgICA8c2VjdGlv biB0aXRsZT0nT0F1dGggRXh0ZW5zaW9ucyBFcnJvciBSZWdpc3RyYXRpb24nPgogICAgICAgIDx0 PgogICAgICAgICAgVGhpcyBzcGVjaWZpY2F0aW9uIHJlZ2lzdGVycyB0aGUgZm9sbG93aW5nIGVy cm9yIHZhbHVlcyBpbiB0aGUKCSAgT0F1dGggRXh0ZW5zaW9ucyBFcnJvciBSZWdpc3RyeSBkZWZp bmVkIGluCgkgIE9BdXRoIDIuMCBBdXRob3JpemF0aW9uIDx4cmVmIHRhcmdldD0iSS1ELmlldGYt b2F1dGgtdjIiLz4uCiAgICAgICAgPC90PgoKICAgICAgICA8c2VjdGlvbiB0aXRsZT0nVGhlICJp bnZhbGlkX3JlcXVlc3QiIEVycm9yIFZhbHVlJz4KICAgICAgICAgIDx0PgogICAgICAgICAgICA8 bGlzdCBzdHlsZT0naGFuZ2luZyc+CiAgICAgICAgICAgICAgPHQgaGFuZ1RleHQ9J0Vycm9yIG5h bWU6Jz4KICAgICAgICAgICAgICAgIDx2c3BhY2UgLz4KICAgICAgICAgICAgICAgIGludmFsaWRf cmVxdWVzdAogICAgICAgICAgICAgIDwvdD4KICAgICAgICAgICAgICA8dCBoYW5nVGV4dD0nRXJy b3IgdXNhZ2UgbG9jYXRpb246Jz4KICAgICAgICAgICAgICAgIDx2c3BhY2UgLz4KICAgICAgICAg ICAgICAgIFJlc291cmNlIGFjY2VzcyBlcnJvciByZXNwb25zZQogICAgICAgICAgICAgIDwvdD4K ICAgICAgICAgICAgICA8dCBoYW5nVGV4dD0nUmVsYXRlZCBwcm90b2NvbCBleHRlbnNpb246Jz4K ICAgICAgICAgICAgICAgIDx2c3BhY2UgLz4KICAgICAgICAgICAgICAgIEJlYXJlciBhY2Nlc3Mg dG9rZW4gdHlwZQogICAgICAgICAgICAgIDwvdD4KICAgICAgICAgICAgICA8dCBoYW5nVGV4dD0n Q2hhbmdlIGNvbnRyb2xsZXI6Jz4KICAgICAgICAgICAgICAgIDx2c3BhY2UgLz4KICAgICAgICAg ICAgICAgIElFVEYKICAgICAgICAgICAgICA8L3Q+CiAgICAgICAgICAgICAgPHQgaGFuZ1RleHQ9 J1NwZWNpZmljYXRpb24gZG9jdW1lbnQocyk6Jz4KICAgICAgICAgICAgICAgIDx2c3BhY2UgLz4K ICAgICAgICAgICAgICAgIFtbIHRoaXMgZG9jdW1lbnQgXV0KICAgICAgICAgICAgICA8L3Q+CiAg ICAgICAgICAgIDwvbGlzdD4KICAgICAgICAgIDwvdD4KICAgICAgICA8L3NlY3Rpb24+CgogICAg ICAgIDxzZWN0aW9uIHRpdGxlPSdUaGUgImludmFsaWRfdG9rZW4iIEVycm9yIFZhbHVlJz4KICAg ICAgICAgIDx0PgogICAgICAgICAgICA8bGlzdCBzdHlsZT0naGFuZ2luZyc+CiAgICAgICAgICAg ICAgPHQgaGFuZ1RleHQ9J0Vycm9yIG5hbWU6Jz4KICAgICAgICAgICAgICAgIDx2c3BhY2UgLz4K ICAgICAgICAgICAgICAgIGludmFsaWRfdG9rZW4KICAgICAgICAgICAgICA8L3Q+CiAgICAgICAg ICAgICAgPHQgaGFuZ1RleHQ9J0Vycm9yIHVzYWdlIGxvY2F0aW9uOic+CiAgICAgICAgICAgICAg ICA8dnNwYWNlIC8+CiAgICAgICAgICAgICAgICBSZXNvdXJjZSBhY2Nlc3MgZXJyb3IgcmVzcG9u c2UKICAgICAgICAgICAgICA8L3Q+CiAgICAgICAgICAgICAgPHQgaGFuZ1RleHQ9J1JlbGF0ZWQg cHJvdG9jb2wgZXh0ZW5zaW9uOic+CiAgICAgICAgICAgICAgICA8dnNwYWNlIC8+CiAgICAgICAg ICAgICAgICBCZWFyZXIgYWNjZXNzIHRva2VuIHR5cGUKICAgICAgICAgICAgICA8L3Q+CiAgICAg ICAgICAgICAgPHQgaGFuZ1RleHQ9J0NoYW5nZSBjb250cm9sbGVyOic+CiAgICAgICAgICAgICAg ICA8dnNwYWNlIC8+CiAgICAgICAgICAgICAgICBJRVRGCiAgICAgICAgICAgICAgPC90PgogICAg ICAgICAgICAgIDx0IGhhbmdUZXh0PSdTcGVjaWZpY2F0aW9uIGRvY3VtZW50KHMpOic+CiAgICAg ICAgICAgICAgICA8dnNwYWNlIC8+CiAgICAgICAgICAgICAgICBbWyB0aGlzIGRvY3VtZW50IF1d CiAgICAgICAgICAgICAgPC90PgogICAgICAgICAgICA8L2xpc3Q+CiAgICAgICAgICA8L3Q+CiAg ICAgICAgPC9zZWN0aW9uPgoKICAgICAgICA8c2VjdGlvbiB0aXRsZT0nVGhlICJpbnN1ZmZpY2ll bnRfc2NvcGUiIEVycm9yIFZhbHVlJz4KICAgICAgICAgIDx0PgogICAgICAgICAgICA8bGlzdCBz dHlsZT0naGFuZ2luZyc+CiAgICAgICAgICAgICAgPHQgaGFuZ1RleHQ9J0Vycm9yIG5hbWU6Jz4K ICAgICAgICAgICAgICAgIDx2c3BhY2UgLz4KICAgICAgICAgICAgICAgIGluc3VmZmljaWVudF9z Y29wZQogICAgICAgICAgICAgIDwvdD4KICAgICAgICAgICAgICA8dCBoYW5nVGV4dD0nRXJyb3Ig dXNhZ2UgbG9jYXRpb246Jz4KICAgICAgICAgICAgICAgIDx2c3BhY2UgLz4KICAgICAgICAgICAg ICAgIFJlc291cmNlIGFjY2VzcyBlcnJvciByZXNwb25zZQogICAgICAgICAgICAgIDwvdD4KICAg ICAgICAgICAgICA8dCBoYW5nVGV4dD0nUmVsYXRlZCBwcm90b2NvbCBleHRlbnNpb246Jz4KICAg ICAgICAgICAgICAgIDx2c3BhY2UgLz4KICAgICAgICAgICAgICAgIEJlYXJlciBhY2Nlc3MgdG9r ZW4gdHlwZQogICAgICAgICAgICAgIDwvdD4KICAgICAgICAgICAgICA8dCBoYW5nVGV4dD0nQ2hh bmdlIGNvbnRyb2xsZXI6Jz4KICAgICAgICAgICAgICAgIDx2c3BhY2UgLz4KICAgICAgICAgICAg ICAgIElFVEYKICAgICAgICAgICAgICA8L3Q+CiAgICAgICAgICAgICAgPHQgaGFuZ1RleHQ9J1Nw ZWNpZmljYXRpb24gZG9jdW1lbnQocyk6Jz4KICAgICAgICAgICAgICAgIDx2c3BhY2UgLz4KICAg ICAgICAgICAgICAgIFtbIHRoaXMgZG9jdW1lbnQgXV0KICAgICAgICAgICAgICA8L3Q+CiAgICAg ICAgICAgIDwvbGlzdD4KICAgICAgICAgIDwvdD4KICAgICAgICA8L3NlY3Rpb24+CiAgICAgIDwv c2VjdGlvbj4KCiAgICA8L3NlY3Rpb24+IAoKICA8L21pZGRsZT4KCiAgPGJhY2s+CgogICAgPHJl ZmVyZW5jZXMgdGl0bGU9J05vcm1hdGl2ZSBSZWZlcmVuY2VzJz4KCiAgICAgIDw/cmZjIGluY2x1 ZGU9J2h0dHA6Ly94bWwucmVzb3VyY2Uub3JnL3B1YmxpYy9yZmMvYmlieG1sL3JlZmVyZW5jZS5S RkMuMjExOS54bWwnID8+CiAgICAgIDw/cmZjIGluY2x1ZGU9J2h0dHA6Ly94bWwucmVzb3VyY2Uu b3JnL3B1YmxpYy9yZmMvYmlieG1sL3JlZmVyZW5jZS5SRkMuMjI0Ni54bWwnID8+CiAgICAgIDw/ cmZjIGluY2x1ZGU9J2h0dHA6Ly94bWwucmVzb3VyY2Uub3JnL3B1YmxpYy9yZmMvYmlieG1sL3Jl ZmVyZW5jZS5SRkMuMjYxNi54bWwnID8+CiAgICAgIDw/cmZjIGluY2x1ZGU9J2h0dHA6Ly94bWwu cmVzb3VyY2Uub3JnL3B1YmxpYy9yZmMvYmlieG1sL3JlZmVyZW5jZS5SRkMuMjYxNy54bWwnID8+ CiAgICAgIDw/cmZjIGluY2x1ZGU9J2h0dHA6Ly94bWwucmVzb3VyY2Uub3JnL3B1YmxpYy9yZmMv YmlieG1sL3JlZmVyZW5jZS5SRkMuMjgxOC54bWwnID8+CiAgICAgIDw/cmZjIGluY2x1ZGU9J2h0 dHA6Ly94bWwucmVzb3VyY2Uub3JnL3B1YmxpYy9yZmMvYmlieG1sL3JlZmVyZW5jZS5SRkMuMzk4 Ni54bWwnID8+CiAgICAgIDw/cmZjIGluY2x1ZGU9J2h0dHA6Ly94bWwucmVzb3VyY2Uub3JnL3B1 YmxpYy9yZmMvYmlieG1sL3JlZmVyZW5jZS5SRkMuNTIzNC54bWwnID8+CiAgICAgIDw/cmZjIGlu Y2x1ZGU9J2h0dHA6Ly94bWwucmVzb3VyY2Uub3JnL3B1YmxpYy9yZmMvYmlieG1sL3JlZmVyZW5j ZS5SRkMuNTI0Ni54bWwnID8+CiAgICAgIDw/cmZjIGluY2x1ZGU9J2h0dHA6Ly94bWwucmVzb3Vy Y2Uub3JnL3B1YmxpYy9yZmMvYmlieG1sL3JlZmVyZW5jZS5SRkMuNTI4MC54bWwnID8+CiAgICAg IDw/cmZjIGluY2x1ZGU9J2h0dHA6Ly94bWwucmVzb3VyY2Uub3JnL3B1YmxpYy9yZmMvYmlieG1s L3JlZmVyZW5jZS5SRkMuNjI2NS54bWwnID8+CiAgICAgIDw/cmZjIGluY2x1ZGU9J2h0dHA6Ly94 bWwucmVzb3VyY2Uub3JnL3B1YmxpYy9yZmMvYmlieG1sNC9yZWZlcmVuY2UuVzNDLlJFQy1odG1s NDAxLTE5OTkxMjI0LnhtbCcgPz4KICAgICAgPD9yZmMgaW5jbHVkZT0naHR0cDovL3htbC5yZXNv dXJjZS5vcmcvcHVibGljL3JmYy9iaWJ4bWw0L3JlZmVyZW5jZS5XM0MuUkVDLXdlYmFyY2gtMjAw NDEyMTUueG1sJyA/PgoKICAgICAgPHJlZmVyZW5jZSBhbmNob3I9J0ktRC5pZXRmLW9hdXRoLXYy Jz4KCTxmcm9udD4KCSAgPHRpdGxlPlRoZSBPQXV0aCAyLjAgQXV0aG9yaXphdGlvbiBGcmFtZXdv cms8L3RpdGxlPgoKCSAgPGF1dGhvciBpbml0aWFscz0nRCcgc3VybmFtZT0nSGFyZHQnIGZ1bGxu YW1lPSdEaWNrIEhhcmR0Jz4KCSAgICA8b3JnYW5pemF0aW9uIC8+CgkgIDwvYXV0aG9yPgoKCSAg PGF1dGhvciBpbml0aWFscz0nRCcgc3VybmFtZT0nUmVjb3Jkb24nIGZ1bGxuYW1lPSdEYXZpZCBS ZWNvcmRvbic+CgkgICAgPG9yZ2FuaXphdGlvbiAvPgoJICA8L2F1dGhvcj4KCgkgIDxkYXRlIG1v bnRoPSdKdWx5JyBkYXk9JzknIHllYXI9JzIwMTInIC8+CgoJICA8YWJzdHJhY3Q+PHQ+VGhlIE9B dXRoIDIuMCBhdXRob3JpemF0aW9uIGZyYW1ld29yayBlbmFibGVzIGEgdGhpcmQtcGFydHkgYXBw bGljYXRpb24gdG8gb2J0YWluIGxpbWl0ZWQgYWNjZXNzIHRvIGFuIEhUVFAgc2VydmljZSwgZWl0 aGVyIG9uIGJlaGFsZiBvZiBhIHJlc291cmNlIG93bmVyIGJ5IG9yY2hlc3RyYXRpbmcgYW4gYXBw cm92YWwgaW50ZXJhY3Rpb24gYmV0d2VlbiB0aGUgcmVzb3VyY2Ugb3duZXIgYW5kIHRoZSBIVFRQ IHNlcnZpY2UsIG9yIGJ5IGFsbG93aW5nIHRoZSB0aGlyZC1wYXJ0eSBhcHBsaWNhdGlvbiB0byBv YnRhaW4gYWNjZXNzIG9uIGl0cyBvd24gYmVoYWxmLiAgVGhpcyBzcGVjaWZpY2F0aW9uIHJlcGxh Y2VzIGFuZCBvYnNvbGV0ZXMgdGhlIE9BdXRoIDEuMCBwcm90b2NvbCBkZXNjcmliZWQgaW4gUkZD IDU4NDkuPC90PjwvYWJzdHJhY3Q+CgoJPC9mcm9udD4KCgk8c2VyaWVzSW5mbyBuYW1lPSdJbnRl cm5ldC1EcmFmdCcgdmFsdWU9J2RyYWZ0LWlldGYtb2F1dGgtdjItMjknIC8+Cgk8Zm9ybWF0IHR5 cGU9J1RYVCcKCQl0YXJnZXQ9J2h0dHA6Ly93d3cuaWV0Zi5vcmcvaW50ZXJuZXQtZHJhZnRzL2Ry YWZ0LWlldGYtb2F1dGgtdjItMjkudHh0JyAvPgoJPGZvcm1hdCB0eXBlPSdQREYnCgkJdGFyZ2V0 PSdodHRwOi8vd3d3LmlldGYub3JnL2ludGVybmV0LWRyYWZ0cy9kcmFmdC1pZXRmLW9hdXRoLXYy LTI5LnBkZicgLz4KICAgICAgPC9yZWZlcmVuY2U+CgogICAgICA8cmVmZXJlbmNlIGFuY2hvcj0i VVNBU0NJSSI+Cgk8ZnJvbnQ+CgkgIDx0aXRsZT5Db2RlZCBDaGFyYWN0ZXIgU2V0IC0tIDctYml0 IEFtZXJpY2FuIFN0YW5kYXJkIENvZGUgZm9yIEluZm9ybWF0aW9uIEludGVyY2hhbmdlPC90aXRs ZT4KCSAgPGF1dGhvcj4KCSAgICA8b3JnYW5pemF0aW9uPkFtZXJpY2FuIE5hdGlvbmFsIFN0YW5k YXJkcyBJbnN0aXR1dGU8L29yZ2FuaXphdGlvbj4KCSAgPC9hdXRob3I+CgkgIDxkYXRlIHllYXI9 IjE5ODYiLz4KCTwvZnJvbnQ+Cgk8c2VyaWVzSW5mbyBuYW1lPSJBTlNJIiB2YWx1ZT0iWDMuNCIv PgogICAgICA8L3JlZmVyZW5jZT4KCiAgICA8L3JlZmVyZW5jZXM+CgogICAgPHJlZmVyZW5jZXMg dGl0bGU9IkluZm9ybWF0aXZlIFJlZmVyZW5jZXMiPgoKICAgICAgPD9yZmMgaW5jbHVkZT0naHR0 cDovL3htbC5yZXNvdXJjZS5vcmcvcHVibGljL3JmYy9iaWJ4bWwzL3JlZmVyZW5jZS5JLUQuZHJh ZnQtaWV0Zi1odHRwYmlzLXAxLW1lc3NhZ2luZy0xOS54bWwnPz4KICAgICAgPD9yZmMgaW5jbHVk ZT0naHR0cDovL3htbC5yZXNvdXJjZS5vcmcvcHVibGljL3JmYy9iaWJ4bWwzL3JlZmVyZW5jZS5J LUQuZHJhZnQtaWV0Zi1odHRwYmlzLXA3LWF1dGgtMTkueG1sJz8+CgogICAgICA8cmVmZXJlbmNl IGFuY2hvcj0iTklTVDgwMC02MyI+CiAgICAgICAgPGZyb250PgogICAgICAgICAgPHRpdGxlPk5J U1QgU3BlY2lhbCBQdWJsaWNhdGlvbiA4MDAtNjMtMSwgSU5GT1JNQVRJT04gU0VDVVJJVFk8L3Rp dGxlPgogICAgICAgICAgPGF1dGhvciBmdWxsbmFtZT0iV2lsbGlhbSBFLiBCdXJyIiBpbml0aWFs cz0iVy4iIHN1cm5hbWU9IkJ1cnIiPgogICAgICAgICAgICA8b3JnYW5pemF0aW9uPk5JU1Q8L29y Z2FuaXphdGlvbj4KICAgICAgICAgIDwvYXV0aG9yPgogICAgICAgICAgPGF1dGhvciBmdWxsbmFt ZT0iRG9ubmEgRi4gRG9kc29uIiBpbml0aWFscz0iRC4iIHN1cm5hbWU9IkRvZHNvbiI+CiAgICAg ICAgICAgIDxvcmdhbml6YXRpb24+TklTVDwvb3JnYW5pemF0aW9uPgogICAgICAgICAgPC9hdXRo b3I+CiAgICAgICAgICA8YXV0aG9yIGZ1bGxuYW1lPSJSYXkgQS4gUGVybG5lciIgaW5pdGlhbHM9 IlIuIiBzdXJuYW1lPSJQZXJsbmVyIj4KICAgICAgICAgICAgPG9yZ2FuaXphdGlvbj5OSVNUPC9v cmdhbml6YXRpb24+CiAgICAgICAgICA8L2F1dGhvcj4KICAgICAgICAgIDxhdXRob3IgZnVsbG5h bWU9IlcuIFRpbW90aHkgUG9sayIgaW5pdGlhbHM9IlQuIiBzdXJuYW1lPSJQb2xrIj4KICAgICAg ICAgICAgPG9yZ2FuaXphdGlvbj5OSVNUPC9vcmdhbml6YXRpb24+CiAgICAgICAgICA8L2F1dGhv cj4KICAgICAgICAgIDxhdXRob3IgZnVsbG5hbWU9IlNhcmJhcmkgR3VwdGEiIGluaXRpYWxzPSJT LiIgc3VybmFtZT0iR3VwdGEiPgogICAgICAgICAgICA8b3JnYW5pemF0aW9uPk5JU1Q8L29yZ2Fu aXphdGlvbj4KICAgICAgICAgIDwvYXV0aG9yPgogICAgICAgICAgPGF1dGhvciBmdWxsbmFtZT0i RW1hZCBBLiBOYWJidXMiIGluaXRpYWxzPSJFLiIgc3VybmFtZT0iTmFiYnVzIj4KICAgICAgICAg ICAgPG9yZ2FuaXphdGlvbj5OSVNUPC9vcmdhbml6YXRpb24+CiAgICAgICAgICA8L2F1dGhvcj4K ICAgICAgICAgIDxkYXRlIG1vbnRoPSJEZWNlbWJlciIgeWVhcj0iMjAwOCIvPgogICAgICAgIDwv ZnJvbnQ+CiAgICAgICAgPGZvcm1hdCB0YXJnZXQ9Imh0dHA6Ly9jc3JjLm5pc3QuZ292L3B1Ymxp Y2F0aW9ucy9QdWJzRHJhZnRzLmh0bWwjU1AtODAwLTYzLVJldi4lMjAxIiB0eXBlPSJIVE1MIi8+ CiAgICAgIDwvcmVmZXJlbmNlPgoKICAgICAgPHJlZmVyZW5jZSBhbmNob3I9Ik9wZW5JRC5NZXNz YWdlcyI+CiAgICAgICAgPGZyb250PgogICAgICAgICAgPHRpdGxlPk9wZW5JRCBDb25uZWN0IE1l c3NhZ2VzIDEuMDwvdGl0bGU+CgogICAgICAgICAgPGF1dGhvciBmdWxsbmFtZT0iTmF0IFNha2lt dXJhIiBpbml0aWFscz0iTi4iIHN1cm5hbWU9IlNha2ltdXJhIj4KICAgICAgICAgICAgPG9yZ2Fu aXphdGlvbiBhYmJyZXY9Ik5SSSI+Tm9tdXJhIFJlc2VhcmNoIEluc3RpdHV0ZSwgTHRkLjwvb3Jn YW5pemF0aW9uPgogICAgICAgICAgPC9hdXRob3I+CgogICAgICAgICAgPGF1dGhvciBmdWxsbmFt ZT0iSm9obiBCcmFkbGV5IiBpbml0aWFscz0iSi4iIHN1cm5hbWU9IkJyYWRsZXkiPgogICAgICAg ICAgICA8b3JnYW5pemF0aW9uIGFiYnJldj0iUGluZyBJZGVudGl0eSI+UGluZyBJZGVudGl0eTwv b3JnYW5pemF0aW9uPgogICAgICAgICAgPC9hdXRob3I+CgogICAgICAgICAgPGF1dGhvciBmdWxs bmFtZT0iTWljaGFlbCBCLiBKb25lcyIgaW5pdGlhbHM9Ik0uQi4iIHN1cm5hbWU9IkpvbmVzIj4K ICAgICAgICAgICAgPG9yZ2FuaXphdGlvbiBhYmJyZXY9Ik1pY3Jvc29mdCI+TWljcm9zb2Z0PC9v cmdhbml6YXRpb24+CiAgICAgICAgICA8L2F1dGhvcj4KCiAgICAgICAgICA8YXV0aG9yIGZ1bGxu YW1lPSJCcmVubyBkZSBNZWRlaXJvcyIgaW5pdGlhbHM9IkIuIiBzdXJuYW1lPSJkZSBNZWRlaXJv cyI+CiAgICAgICAgICAgIDxvcmdhbml6YXRpb24gYWJicmV2PSJHb29nbGUiPkdvb2dsZTwvb3Jn YW5pemF0aW9uPgogICAgICAgICAgPC9hdXRob3I+CgoJICA8YXV0aG9yIGZ1bGxuYW1lPSJDaHVj ayBNb3J0aW1vcmUiIGluaXRpYWxzPSJDLiIgc3VybmFtZT0iTW9ydGltb3JlIj4KCSAgICA8b3Jn YW5pemF0aW9uIGFiYnJldj0iU2FsZXNmb3JjZSI+U2FsZXNmb3JjZTwvb3JnYW5pemF0aW9uPgoJ ICA8L2F1dGhvcj4KCiAgICAgICAgICA8YXV0aG9yIGZ1bGxuYW1lPSJFZG11bmQgSmF5IiBpbml0 aWFscz0iRS4iIHN1cm5hbWU9IkpheSI+CiAgICAgICAgICAgIDxvcmdhbml6YXRpb24gYWJicmV2 PSJJbGx1bWlsYSI+SWxsdW1pbGE8L29yZ2FuaXphdGlvbj4KICAgICAgICAgIDwvYXV0aG9yPgoK ICAgICAgICAgIDxkYXRlIGRheT0iMjUiIG1vbnRoPSJNYXkiIHllYXI9IjIwMTIiIC8+CiAgICAg ICAgPC9mcm9udD4KCiAgICAgICAgPGZvcm1hdCB0YXJnZXQ9Imh0dHA6Ly9vcGVuaWQubmV0L3Nw ZWNzL29wZW5pZC1jb25uZWN0LW1lc3NhZ2VzLTFfMC5odG1sIgogICAgICAgICAgICAgICAgdHlw ZT0iSFRNTCIgLz4KICAgICAgPC9yZWZlcmVuY2U+CgogICAgICA8cmVmZXJlbmNlIGFuY2hvcj0i T01BUCI+CiAgICAgICAgPGZyb250PgogICAgICAgICAgPHRpdGxlPk9ubGluZSBNdWx0aW1lZGlh IEF1dGhvcml6YXRpb24gUHJvdG9jb2w6CgkgICAgQW4gSW5kdXN0cnkgU3RhbmRhcmQgZm9yIEF1 dGhvcml6ZWQgQWNjZXNzIHRvIEludGVybmV0IE11bHRpbWVkaWEgUmVzb3VyY2VzPC90aXRsZT4K CiAgICAgICAgICA8YXV0aG9yIGZ1bGxuYW1lPSJKb2VsIEh1ZmYiIGluaXRpYWxzPSJKLiIgc3Vy bmFtZT0iSHVmZiI+CiAgICAgICAgICAgIDxvcmdhbml6YXRpb24+QWRvYmUgU3lzdGVtczwvb3Jn YW5pemF0aW9uPgogICAgICAgICAgPC9hdXRob3I+CgoJICA8YXV0aG9yIGZ1bGxuYW1lPSJEYXZp ZCBTY2hsYWNodCIgaW5pdGlhbHM9IkQuIiBzdXJuYW1lPSJTY2hsYWNodCI+CgkgICAgPG9yZ2Fu aXphdGlvbj5EaXJlY1RWPC9vcmdhbml6YXRpb24+CgkgIDwvYXV0aG9yPgoKICAgICAgICAgIDxh dXRob3IgZnVsbG5hbWU9IkFudGhvbnkgTmFkYWxpbiIgaW5pdGlhbHM9IkEuIiBzdXJuYW1lPSJO YWRhbGluIj4KICAgICAgICAgICAgPG9yZ2FuaXphdGlvbj5NaWNyb3NvZnQ8L29yZ2FuaXphdGlv bj4KICAgICAgICAgIDwvYXV0aG9yPgoKICAgICAgICAgIDxhdXRob3IgZnVsbG5hbWU9IkpvaG4g U2ltbW9ucyIgaW5pdGlhbHM9IkouIiBzdXJuYW1lPSJTaW1tb25zIj4KICAgICAgICAgICAgPG9y Z2FuaXphdGlvbj5NaWNyb3NvZnQ8L29yZ2FuaXphdGlvbj4KICAgICAgICAgIDwvYXV0aG9yPgoK ICAgICAgICAgIDxhdXRob3IgZnVsbG5hbWU9IlBldGVyIFJvc2VuYmVyZyIgaW5pdGlhbHM9IlAu IiBzdXJuYW1lPSJSb3NlbmJlcmciPgogICAgICAgICAgICA8b3JnYW5pemF0aW9uPk5CQyBVbml2 ZXJzYWw8L29yZ2FuaXphdGlvbj4KICAgICAgICAgIDwvYXV0aG9yPgoKICAgICAgICAgIDxhdXRo b3IgZnVsbG5hbWU9IlBhdWwgTWFkc2VuIiBpbml0aWFscz0iUC4iIHN1cm5hbWU9Ik1hZHNlbiI+ CiAgICAgICAgICAgIDxvcmdhbml6YXRpb24+UGluZyBJZGVudGl0eTwvb3JnYW5pemF0aW9uPgog ICAgICAgICAgPC9hdXRob3I+CgogICAgICAgICAgPGF1dGhvciBmdWxsbmFtZT0iVGltIEFjZSIg aW5pdGlhbHM9IlQuIiBzdXJuYW1lPSJBY2UiPgogICAgICAgICAgICA8b3JnYW5pemF0aW9uPlN5 bmFjb3I8L29yZ2FuaXphdGlvbj4KICAgICAgICAgIDwvYXV0aG9yPgoKICAgICAgICAgIDxhdXRo b3IgZnVsbG5hbWU9IkN5cmlsIFJpY2tlbHRvbi1BYmRpIiBpbml0aWFscz0iQy4iIHN1cm5hbWU9 IlJpY2tlbHRvbi1BYmRpIj4KICAgICAgICAgICAgPG9yZ2FuaXphdGlvbj5UdXJuZXI8L29yZ2Fu aXphdGlvbj4KICAgICAgICAgIDwvYXV0aG9yPgoKICAgICAgICAgIDxhdXRob3IgZnVsbG5hbWU9 IkJpbGwgQm95ZXIiIGluaXRpYWxzPSJCLiIgc3VybmFtZT0iQm95ZXIiPgogICAgICAgICAgICA8 b3JnYW5pemF0aW9uPlZpYWNvbTwvb3JnYW5pemF0aW9uPgogICAgICAgICAgPC9hdXRob3I+Cgog ICAgICAgICAgPGRhdGUgZGF5PSIyIiBtb250aD0iQXByaWwiIHllYXI9IjIwMTIiIC8+CiAgICAg ICAgPC9mcm9udD4KCiAgICAgICAgPGZvcm1hdCB0YXJnZXQ9Imh0dHA6Ly93d3cub2F0Yy51cy9T dGFuZGFyZHMvRG93bmxvYWQuYXNweCIgdHlwZT0iSFRNTCIgLz4KICAgICAgPC9yZWZlcmVuY2U+ CiAgICA8L3JlZmVyZW5jZXM+IAoKICAgIDxzZWN0aW9uIHRpdGxlPSdBY2tub3dsZWRnZW1lbnRz Jz4KICAgICAgPHQ+CiAgICAgICAgVGhlIGZvbGxvd2luZyBwZW9wbGUgY29udHJpYnV0ZWQgdG8g cHJlbGltaW5hcnkgdmVyc2lvbnMgb2YgdGhpcyBkb2N1bWVudDoKICAgICAgICBCbGFpbmUgQ29v ayAoQlQpLCBCcmlhbiBFYXRvbiAoR29vZ2xlKSwgWWFyb24gWS4gR29sYW5kIChNaWNyb3NvZnQp LCBCcmVudCBHb2xkbWFuIChGYWNlYm9vayksCiAgICAgICAgUmFmZmkgS3Jpa29yaWFuIChUd2l0 dGVyKSwgTHVrZSBTaGVwYXJkIChGYWNlYm9vayksIGFuZCBBbGxlbiBUb20gKFlhaG9vISkuIFRo ZSBjb250ZW50IGFuZAogICAgICAgIGNvbmNlcHRzIHdpdGhpbiBhcmUgYSBwcm9kdWN0IG9mIHRo ZSBPQXV0aCBjb21tdW5pdHksIHRoZSBXUkFQIGNvbW11bml0eSwgYW5kIHRoZSBPQXV0aCBXb3Jr aW5nCiAgICAgICAgR3JvdXAuCiAgICAgIDwvdD4KICAgICAgPHQ+CiAgICAgICAgVGhlIE9BdXRo IFdvcmtpbmcgR3JvdXAgaGFzIGRvemVucyBvZiB2ZXJ5IGFjdGl2ZSBjb250cmlidXRvcnMgd2hv IHByb3Bvc2VkIGlkZWFzIGFuZAogICAgICAgIHdvcmRpbmcgZm9yIHRoaXMgZG9jdW1lbnQsIGlu Y2x1ZGluZzoKCU1pY2hhZWwgQWRhbXMsIEFtYW5kYSBBbmdhbmVzLCBBbmRyZXcgQXJub3R0LCBE ZXJlayBBdGtpbnMsIERpcmsgQmFsZmFueiwKCUpvaG4gQnJhZGxleSwgQnJpYW4gQ2FtcGJlbGws IEZyYW5jaXNjbyBDb3JlbGxhLCBMZWFoIEN1bHZlciwgQmlsbCBkZSBoT3JhLCBCcmVubyBkZSBN ZWRlaXJvcywKCUJyaWFuIEVsbGluLCBTdGVwaGVuIEZhcnJlbGwsIElnb3IgRmF5bmJlcmcsIEdl b3JnZSBGbGV0Y2hlciwKCVRpbSBGcmVlbWFuLCBFdmFuIEdpbGJlcnQsIFlhcm9uIFkuIEdvbGFu ZCwgVGhvbWFzIEhhcmRqb25vLAoJSnVzdGluIEhhcnQsIFBoaWwgSHVudCwgSm9obiBLZW1wLCBF cmFuIEhhbW1lciwKCUNoYXNlbiBMZSBIYXJhLCBEaWNrIEhhcmR0LCBCYXJyeSBMZWliYSwgQW1v cyBKZWZmcmllcywgTWljaGFlbCBCLiBKb25lcywKCVRvcnN0ZW4gTG9kZGVyc3RlZHQsIFBhdWwg TWFkc2VuLCBFdmUgTWFsZXIsIEphbWVzIE1hbmdlciwgTGF1cmVuY2UgTWlhbywKCVdpbGxpYW0g Si4gTWlsbHMsIENodWNrIE1vcnRpbW9yZSwgQW50aG9ueSBOYWRhbGluLCBBeGVsIE5lbm5rZXIs IE1hcmsgTm90dGluZ2hhbSwKCURhdmlkIFJlY29yZG9uLCBKdWxpYW4gUmVzY2hrZSwgUm9iIFJp Y2hhcmRzLCBKdXN0aW4gUmljaGVyLCBQZXRlciBTYWludC1BbmRyZSwgTmF0IFNha2ltdXJhLAoJ Um9iIFNheXJlLCBNYXJpdXMgU2N1cnRlc2N1LCBOYWl0aWsgU2hhaCwgSnVzdGluIFNtaXRoLAoJ SmVyZW15IFN1cmllbCwgQ2hyaXN0aWFuIFN0dWVibmVyLCBEb3VnIFRhbmdyZW4sIFBhdWwgVGFy amFuLAoJSGFubmVzIFRzY2hvZmVuaWcsIEZyYW5rbGluIFRzZSwgU2VhbiBUdXJuZXIsIFBhdWwg V2Fsa2VyLCBTaGFuZSBXZWVkZW4sCglTa3lsYXIgV29vZHdhcmQsIGFuZCBaYWNoYXJ5IFplbHRz YW4uCiAgICAgIDwvdD4KICAgIDwvc2VjdGlvbj4KCiAgICA8c2VjdGlvbiB0aXRsZT0nRG9jdW1l bnQgSGlzdG9yeSc+CiAgICAgIDx0PgogICAgICAgIFtbIHRvIGJlIHJlbW92ZWQgYnkgdGhlIFJG QyBlZGl0b3IgYmVmb3JlIHB1YmxpY2F0aW9uIGFzIGFuIFJGQyBdXQogICAgICA8L3Q+CiAgICAg IDx0PgogICAgICAgIC0yMgogICAgICAgIDxsaXN0IHN0eWxlPSdzeW1ib2xzJz4KCSAgPHQ+Cgkg ICAgUmVtb3ZlZCB1c2VzIG9mIEhUVFBiaXMgaW4gZmF2b3Igb2YgUkZDIDI2MTYgYW5kIFJGQyAy NjE3LgoJICA8L3Q+CgkgIDx0PgoJICAgIE1hdGNoIGZvcm1hdHRpbmcgb2YgYXJ0d29yayBlbGVt ZW50cyB3aXRoIE9BdXRoIGNvcmUgc3BlY2lmaWNhdGlvbi4KCSAgPC90PgogICAgICAgIDwvbGlz dD4KICAgICAgPC90PgogICAgICA8dD4KICAgICAgICAtMjEKICAgICAgICA8bGlzdCBzdHlsZT0n c3ltYm9scyc+CgkgIDx0PgoJICAgIENoYW5nZWQgIk5PVCBSRUNPTU1FTkRFRCIgdG8gIm5vdCBy ZWNvbW1lbmRlZCIgaW4gY2F2ZWF0CgkgICAgYWJvdXQgdGhlIFVSSSBRdWVyeSBQYXJhbWV0ZXIg bWV0aG9kLgoJICA8L3Q+CgkgIDx0PgoJICAgIENoYW5nZWQgIm90aGVyIHNwZWNpZmljYXRpb25z IG1heSBleHRlbmQgdGhpcwoJICAgIHNwZWNpZmljYXRpb24gZm9yIHVzZSB3aXRoIG90aGVyIHRy YW5zcG9ydCBwcm90b2NvbHMiCgkgICAgdG8gIm90aGVyIHNwZWNpZmljYXRpb25zIG1heSBleHRl bmQgdGhpcwoJICAgIHNwZWNpZmljYXRpb24gZm9yIHVzZSB3aXRoIG90aGVyIHByb3RvY29scyIu CgkgIDwvdD4KCSAgPHQ+CgkgICAgQ2hhbmdlZCBBY2tub3dsZWRnZW1lbnRzIHRvIHVzZSBvbmx5 IEFTQ0lJIGNoYXJhY3RlcnMsIHBlcgoJICAgIHRoZSBSRkMgc3R5bGUgZ3VpZGUuCgkgIDwvdD4K ICAgICAgICA8L2xpc3Q+CiAgICAgIDwvdD4KICAgICAgPHQ+CiAgICAgICAgLTIwCiAgICAgICAg PGxpc3Qgc3R5bGU9J3N5bWJvbHMnPgoJICA8dD4KCSAgICBBZGRlZCBjYXZlYXQgYWJvdXQgdXNp bmcgYSByZXNlcnZlZCBxdWVyeSBwYXJhbWV0ZXIgbmFtZQoJICAgIGJlaW5nIGNvdW50ZXIgdG8g VVJJIG5hbWVzcGFjZSBiZXN0IHByYWN0aWNlcy4KCSAgPC90PgoJICA8dD4KCSAgICBTcGVjaWZp ZWQgdXNlIG9mIENhY2hlLUNvbnRyb2wgb3B0aW9ucyB3aGVuIHVzaW5nIHRoZQoJICAgIFVSSSBR dWVyeSBQYXJhbWV0ZXIgbWV0aG9kLgoJICA8L3Q+CgkgIDx0PgoJICAgIENoYW5nZWQgdGl0bGUg dG8KCSAgICAiVGhlIE9BdXRoIDIuMCBBdXRob3JpemF0aW9uIEZyYW1ld29yazogQmVhcmVyIFRv a2VuIFVzYWdlIi4KCSAgPC90PgoJICA8dD4KCSAgICBSZWZlcmVuY2VkIHN5bnRheCBkZWZpbml0 aW9ucyBmb3IgdGhlCgkgICAgPHNwYW54IHN0eWxlPSd2ZXJiJz5zY29wZTwvc3Bhbng+LAoJICAg IDxzcGFueCBzdHlsZT0ndmVyYic+ZXJyb3I8L3NwYW54PiwKCSAgICA8c3Bhbnggc3R5bGU9J3Zl cmInPmVycm9yX2Rlc2NyaXB0aW9uPC9zcGFueD4sIGFuZAoJICAgIDxzcGFueCBzdHlsZT0ndmVy Yic+ZXJyb3JfdXJpPC9zcGFueD4KCSAgICBwYXJhbWV0ZXJzIGluIHRoZSBPQXV0aCAyLjAgY29y ZSBzcGVjLgoJICA8L3Q+CgkgIDx0PgoJICAgIFJlZ2lzdGVyZWQgdGhlCgkgICAgPHNwYW54IHN0 eWxlPSd2ZXJiJz5pbnZhbGlkX3JlcXVlc3Q8L3NwYW54PiwKCSAgICA8c3Bhbnggc3R5bGU9J3Zl cmInPmludmFsaWRfdG9rZW48L3NwYW54PiwgYW5kCgkgICAgPHNwYW54IHN0eWxlPSd2ZXJiJz5p bnN1ZmZpY2llbnRfc2NvcGU8L3NwYW54PgoJICAgIGVycm9yIHZhbHVlcyBpbiB0aGUgT0F1dGgg RXh0ZW5zaW9ucyBFcnJvciBSZWdpc3RyeS4KCSAgPC90PgoJICA8dD4KCSAgICBBY2tub3dsZWRn ZWQgYWRkaXRpb25hbCBpbmRpdmlkdWFscy4KCSAgPC90PgogICAgICAgIDwvbGlzdD4KICAgICAg PC90PgogICAgICA8dD4KICAgICAgICAtMTkKICAgICAgICA8bGlzdCBzdHlsZT0nc3ltYm9scyc+ CgkgIDx0PgoJICAgIEFkZHJlc3NlZCBESVNDVVNTIGlzc3VlcyBhbmQgY29tbWVudHMgcmFpc2Vk IGZvciB3aGljaAoJICAgIHJlc29sdXRpb25zIGhhdmUgYmVlbiBhZ3JlZWQgdG8uICBObyBub3Jt YXRpdmUgY2hhbmdlcyB3ZXJlCgkgICAgbWFkZS4gIENoYW5nZXMgbWFkZSB3ZXJlOgoJICA8L3Q+ CgkgIDx0PgoJICAgIFVzZSBBQk5GIGZyb20gUkZDIDUyMzQuCgkgIDwvdD4KCSAgPHQ+CgkgICAg QWRkZWQgc2VudGVuY2UgIlRoZSBCZWFyZXIgYXV0aGVudGljYXRpb24gc2NoZW1lIGlzIGludGVu ZGVkIHByaW1hcmlseSBmb3IKCSAgICBzZXJ2ZXIgYXV0aGVudGljYXRpb24gdXNpbmcgdGhlIFdX Vy1BdXRoZW50aWNhdGUgYW5kCgkgICAgQXV0aG9yaXphdGlvbiBIVFRQIGhlYWRlcnMsIGJ1dCBk b2VzIG5vdCBwcmVjbHVkZSBpdHMgdXNlIGZvcgoJICAgIHByb3h5IGF1dGhlbnRpY2F0aW9uIiB0 byB0aGUgaW50cm9kdWN0aW9uLgoJICA8L3Q+CgkgIDx0PgoJICAgIEluIHRoZSBpbnRyb2R1Y3Rp b24sIHN0YXRlIHRoYXQgdGhpcyBkb2N1bWVudCBhbHNvIGltcG9zZXMKCSAgICBzZW1hbnRpYyBy ZXF1aXJlbWVudHMgdXBvbiB0aGUgYWNjZXNzIHRva2VuLgoJICA8L3Q+CgkgIDx0PgoJICAgIFJl ZmVyZW5jZSB0aGUgPHNwYW54IHN0eWxlPSd2ZXJiJz5zY29wZTwvc3Bhbng+IGRlZmluaXRpb24K CSAgICBpbiB0aGUgT0F1dGggY29yZSBzcGVjLgoJICA8L3Q+CgkgIDx0PgoJICAgIEFkZGVkIDxz cGFueCBzdHlsZT0ndmVyYic+c2NvcGU8L3NwYW54PiBleGFtcGxlcy4KCSAgPC90PgoJICA8dD4K CSAgICBSZWZlcmVuY2UgUkZDIDYyNjUgZm9yIHNlY3VyaXR5IGNvbnNpZGVyYXRpb25zIGFib3V0 IGNvb2tpZXMuCgkgIDwvdD4KICAgICAgICA8L2xpc3Q+CiAgICAgIDwvdD4KICAgICAgPHQ+CiAg ICAgICAgLTE4CiAgICAgICAgPGxpc3Qgc3R5bGU9J3N5bWJvbHMnPgoJICA8dD4KCSAgICBDaGFu Z2VkIGV4YW1wbGUgYmVhcmVyIHRva2VuIHZhbHVlIGZyb20gdkY5ZGZ0NHFtVCB0bwoJICAgIG1G XzkuQjVmLTQuMUpxTS4KCSAgPC90PgoJICA8dD4KCSAgICBBZGRlZCBleGFtcGxlIGFjY2VzcyB0 b2tlbiByZXNwb25zZSByZXR1cm5pbmcgYSBCZWFyZXIKCSAgICB0b2tlbi4KCSAgPC90PgogICAg ICAgIDwvbGlzdD4KICAgICAgPC90PgogICAgICA8dD4KICAgICAgICAtMTcKICAgICAgICA8bGlz dCBzdHlsZT0nc3ltYm9scyc+CgkgIDx0PgoJICAgIFJlc3RvcmUgUkZDIDI4MTggcmVmZXJlbmNl IGZvciBzZXJ2ZXIgaWRlbnRpdHkKCSAgICB2ZXJpZmljYXRpb24gYW5kIGFkZCBSRkMgNTI4MCBy ZWZlcmVuY2UgZm9yIGNlcnRpZmljYXRlCgkgICAgcmV2b2NhdGlvbiBsaXN0cywgcGVyIEdlbi1B UlQgcmV2aWV3IGNvbW1lbnRzLgoJICA8L3Q+CiAgICAgICAgPC9saXN0PgogICAgICA8L3Q+CiAg ICAgIDx0PgogICAgICAgIC0xNgogICAgICAgIDxsaXN0IHN0eWxlPSdzeW1ib2xzJz4KCSAgPHQ+ CgkgICAgVXNlIHRoZSBIVFRQYmlzIGF1dGgtcGFyYW0gc3ludGF4IGZvciBCZWFyZXIgY2hhbGxl bmdlCgkgICAgYXR0cmlidXRlcy4KCSAgPC90PgoJICA8dD4KCSAgICBEcm9wcGVkIHRoZSBzZW50 ZW5jZSAiVGhlIDxzcGFueAoJICAgIHN0eWxlPSd2ZXJiJz5yZWFsbTwvc3Bhbng+IHZhbHVlIGlz IGludGVuZGVkIGZvcgoJICAgIHByb2dyYW1tYXRpYyB1c2UgYW5kIGlzIG5vdCBtZWFudCB0byBi ZSBkaXNwbGF5ZWQgdG8gZW5kCgkgICAgdXNlcnMiLgoJICA8L3Q+CgkgIDx0PgoJICAgIFJlb3Jk ZXJlZCBmb3JtLWVuY29kZWQgYm9keSBwYXJhbWV0ZXIgZGVzY3JpcHRpb24gYnVsbGV0cwoJICAg IGZvciBiZXR0ZXIgcmVhZGFiaWxpdHkuCgkgIDwvdD4KCSAgPHQ+CgkgICAgQWRkZWQgPHhyZWYg dGFyZ2V0PSJVU0FTQ0lJIiAvPiByZWZlcmVuY2UuCgkgIDwvdD4KICAgICAgICA8L2xpc3Q+CiAg ICAgIDwvdD4KICAgICAgPHQ+CiAgICAgICAgLTE1CiAgICAgICAgPGxpc3Qgc3R5bGU9J3N5bWJv bHMnPgoJICA8dD4KCSAgICBDbGFyaWZpZWQgdGhhdCBmb3JtLWVuY29kZWQgY29udGVudCBtdXN0 IGNvbnNpc3QgZW50aXJlbHkKCSAgICBvZiBBU0NJSSBjaGFyYWN0ZXJzLgoJICA8L3Q+CgkgIDx0 PgoJICAgIEFkZGVkIFRMUyB2ZXJzaW9uIHJlcXVpcmVtZW50cy4KCSAgPC90PgoJICA8dD4KCSAg ICBBcHBsaWVkIGVkaXRvcmlhbCBpbXByb3ZlbWVudHMgc3VnZ2VzdGVkIGJ5IE1hcmsKCSAgICBO b3R0aW5naGFtIGR1cmluZyB0aGUgQVBQUyBhcmVhIHJldmlldy4KCSAgPC90PgogICAgICAgIDwv bGlzdD4KICAgICAgPC90PgogICAgICA8dD4KICAgICAgICAtMTQKICAgICAgICA8bGlzdCBzdHls ZT0nc3ltYm9scyc+CgkgIDx0PgoJICAgIENoYW5nZXMgbWFkZSBpbiByZXNwb25zZSB0byByZXZp ZXcgY29tbWVudHMgYnkgU2VjdXJpdHkKCSAgICBBcmVhIERpcmVjdG9yIFN0ZXBoZW4gRmFycmVs bC4gIFNwZWNpZmljYWxseToKCSAgPC90PgoJICA8dD4KCSAgICBTdHJlbmd0aGVuZWQgd2Fybmlu Z3MgYWJvdXQgcGFzc2luZyBhbiBhY2Nlc3MgdG9rZW4gYXMgYQoJICAgIHF1ZXJ5IHBhcmFtZXRl ciBhbmQgbW9yZSBwcmVjaXNlbHkgZGVzY3JpYmVkIHRoZQoJICAgIGxpbWl0YXRpb25zIHBsYWNl ZCB1cG9uIHRoZSB1c2Ugb2YgdGhpcyBtZXRob2QuCgkgIDwvdD4KCSAgPHQ+CgkgICAgQ2xhcmlm aWVkIHRoYXQgdGhlIDxzcGFueCBzdHlsZT0ndmVyYic+cmVhbG08L3NwYW54PgoJICAgIGF0dHJp YnV0ZSBNQVkgaW5jbHVkZWQgdG8gaW5kaWNhdGUgdGhlIHNjb3BlIG9mIHByb3RlY3Rpb24KCSAg ICBpbiB0aGUgbWFubmVyIGRlc2NyaWJlZCBpbgoJICAgIEhUVFAvMS4xLCBQYXJ0IDcgPHhyZWYg dGFyZ2V0PSdJLUQuaWV0Zi1odHRwYmlzLXA3LWF1dGgnIC8+LgoJICA8L3Q+CgkgIDx0PgoJICAg IE5vcm1hdGl2ZWx5IHN0YXRlZCB0aGF0ICJ0aGUgdG9rZW4gaW50ZWdyaXR5IHByb3RlY3Rpb24K CSAgICBNVVNUIGJlIHN1ZmZpY2llbnQgdG8gcHJldmVudCB0aGUgdG9rZW4gZnJvbSBiZWluZwoJ ICAgIG1vZGlmaWVkIi4KCSAgPC90PgoJICA8dD4KCSAgICBBZGRlZCBzdGF0ZW1lbnQgdGhhdCAi VExTIGlzIG1hbmRhdG9yeSB0byBpbXBsZW1lbnQgYW5kCgkgICAgdXNlIHdpdGggdGhpcyBzcGVj aWZpY2F0aW9uIiB0byB0aGUgaW50cm9kdWN0aW9uLgoJICA8L3Q+CgkgIDx0PgoJICAgIFN0YXRl ZCB0aGF0IFRMUyBNVVNUIGJlIHVzZWQgd2l0aCAiYSBjaXBoZXJzdWl0ZSB0aGF0CgkgICAgcHJv dmlkZXMgY29uZmlkZW50aWFsaXR5IGFuZCBpbnRlZ3JpdHkgcHJvdGVjdGlvbiIuCgkgIDwvdD4K CSAgPHQ+CgkgICAgQWRkZWQgIkFzIGEgZnVydGhlciBkZWZlbnNlIGFnYWluc3QgdG9rZW4gZGlz Y2xvc3VyZSwgdGhlCgkgICAgY2xpZW50IE1VU1QgdmFsaWRhdGUgdGhlIFRMUyBjZXJ0aWZpY2F0 ZSBjaGFpbiB3aGVuIG1ha2luZwoJICAgIHJlcXVlc3RzIHRvIHByb3RlY3RlZCByZXNvdXJjZXMi IHRvIHRoZSBUaHJlYXQgTWl0aWdhdGlvbgoJICAgIHNlY3Rpb24uCgkgIDwvdD4KCSAgPHQ+Cgkg ICAgQ2xhcmlmaWVkIHRoYXQgcHV0dGluZyBhIHZhbGlkaXR5IHRpbWUgZmllbGQgaW5zaWRlIHRo ZQoJICAgIHByb3RlY3RlZCBwYXJ0IG9mIHRoZSB0b2tlbiBpcyBvbmUgbWVhbnMsIGJ1dCBub3Qg dGhlIG9ubHkKCSAgICBtZWFucywgb2YgbGltaXRpbmcgdGhlIGxpZmV0aW1lIG9mIHRoZSB0b2tl bi4KCSAgPC90PgoJICA8dD4KCSAgICBEcm9wcGVkIHRoZSBjb25mdXNpbmcgcGhyYXNlICJmb3Ig aW5zdGFuY2UsIHRocm91Z2ggdGhlCgkgICAgdXNlIG9mIFRMUyIgZnJvbSB0aGUgc2VudGVuY2Ug YWJvdXQgY29uZmlkZW50aWFsaXR5CgkgICAgcHJvdGVjdGlvbiBvZiB0aGUgZXhjaGFuZ2VzLgoJ ICA8L3Q+CgkgIDx0PgoJICAgIFJlZmVyZW5jZSBSRkMgNjEyNSBmb3IgaWRlbnRpdHkgdmVyaWZp Y2F0aW9uLCByYXRoZXIgdGhhbgoJICAgIFJGQyAyODE4LgoJICA8L3Q+CgkgIDx0PgoJICAgIFN0 YXRlZCB0aGF0IHRoZSB0b2tlbiBNVVNUIGJlIHByb3RlY3RlZCBiZXR3ZWVuIGZyb250IGVuZAoJ ICAgIGFuZCBiYWNrIGVuZCBzZXJ2ZXJzIHdoZW4gdGhlIFRMUyBjb25uZWN0aW9uIHRlcm1pbmF0 ZXMgYXQKCSAgICBhIGZyb250IGVuZCBzZXJ2ZXIgdGhhdCBpcyBkaXN0aW5jdCBmcm9tIHRoZSBh Y3R1YWwgc2VydmVyCgkgICAgdGhhdCBwcm92aWRlcyB0aGUgcmVzb3VyY2UuCgkgIDwvdD4KCSAg PHQ+CgkgICAgU3RhdGVkIHRoYXQgYmVhcmVyIHRva2VucyBNVVNUIE5PVCBiZSBzdG9yZWQgaW4g Y29va2llcwoJICAgIHRoYXQgY2FuIGJlIHNlbnQgaW4gdGhlIGNsZWFyIGluIHRoZSBUaHJlYXQg TWl0aWdhdGlvbgoJICAgIHNlY3Rpb24uCgkgIDwvdD4KCSAgPHQ+CgkgICAgUmVwbGFjZWQgc29s ZSByZW1haW5pbmcgcmVmZXJlbmNlIHRvIDx4cmVmIHRhcmdldD0nUkZDMjYxNicgLz4gd2l0aAoJ ICAgIEhUVFBiaXMgPHhyZWYgdGFyZ2V0PSdJLUQuaWV0Zi1odHRwYmlzLXAxLW1lc3NhZ2luZycg Lz4KCSAgICByZWZlcmVuY2UuCgkgIDwvdD4KCSAgPHQ+CgkgICAgUmVwbGFjZWQgYWxsIHJlZmVy ZW5jZXMgd2hlcmUgdGhlIHJlZmVyZW5jZSBpcyB1c2VkIGFzIGlmCgkgICAgaXQgd2VyZSBwYXJ0 IG9mIHRoZSBzZW50ZW5jZSAoc3VjaCBhcyAiZGVmaW5lZCBieQoJICAgIFtJLUQud2hhdGV2ZXJd Iikgd2l0aCBvbmVzIHdoZXJlIHRoZSBzcGVjaWZpY2F0aW9uIG5hbWUgaXMKCSAgICB1c2VkLCBm b2xsb3dlZCBieSB0aGUgcmVmZXJlbmNlIChzdWNoIGFzICJkZWZpbmVkIGJ5CgkgICAgV2hhdGV2 ZXIgW0ktRC53aGF0ZXZlcl0iKS4KCSAgPC90PgoJICA8dD4KCSAgICBPdGhlciBvbi1ub3JtYXRp dmUgZWRpdG9yaWFsIGltcHJvdmVtZW50cy4KCSAgPC90PgogICAgICAgIDwvbGlzdD4KICAgICAg PC90PgogICAgICA8dD4KICAgICAgICAtMTMKICAgICAgICA8bGlzdCBzdHlsZT0nc3ltYm9scyc+ CgkgIDx0PgoJICAgIEF0IHRoZSByZXF1ZXN0IG9mIEhhbm5lcyBUc2Nob2ZlbmlnLCBtYWRlIEFC TkYgY2hhbmdlcyB0bwoJICAgIG1ha2UgaXQgY2xlYXIgdGhhdCBubyBzcGVjaWFsIFdXVy1BdXRo ZW50aWNhdGUgcmVzcG9uc2UKCSAgICBoZWFkZXIgZmllbGQgcGFyc2VycyBhcmUgbmVlZGVkLiAg VGhlIDxzcGFueAoJICAgIHN0eWxlPSd2ZXJiJz5zY29wZTwvc3Bhbng+LCA8c3BhbngKCSAgICBz dHlsZT0ndmVyYic+ZXJyb3ItZGVzY3JpcHRpb248L3NwYW54PiwgYW5kIDxzcGFueAoJICAgIHN0 eWxlPSd2ZXJiJz5lcnJvci11cmk8L3NwYW54PiBwYXJhbWV0ZXJzIGFyZSBhbGwgbm93CgkgICAg ZGVmaW5lZCBhcyBxdW90ZWQtc3RyaW5nIGluIHRoZSBBQk5GIChhcyA8c3BhbngKCSAgICBzdHls ZT0ndmVyYic+ZXJyb3I8L3NwYW54PiBhbHJlYWR5IHdhcykuICBSZXN0cmljdGlvbnMgb24KCSAg ICB0aGVzZSB2YWx1ZXMgdGhhdCB3ZXJlIGZvcm1lcmx5IGRlc2NyaWJlZCBpbiB0aGUgQUJORnMg YXJlCgkgICAgbm93IGRlc2NyaWJlZCBpbiBub3JtYXRpdmUgdGV4dCBpbnN0ZWFkLgoJICA8L3Q+ CiAgICAgICAgPC9saXN0PgogICAgICA8L3Q+CiAgICAgIDx0PgogICAgICAgIC0xMgogICAgICAg IDxsaXN0IHN0eWxlPSdzeW1ib2xzJz4KCSAgPHQ+CgkgICAgTWFkZSBub24tbm9ybWF0aXZlIGVk aXRvcmlhbCBjaGFuZ2VzIHRoYXQgSGFubmVzCgkgICAgVHNjaG9mZW5pZyByZXF1ZXN0ZWQgYmUg YXBwbGllZCBwcmlvciB0byBmb3J3YXJkaW5nIHRoZQoJICAgIHNwZWNpZmljYXRpb24gdG8gdGhl IElFU0cuCgkgIDwvdD4KCSAgPHQ+CgkgICAgQWRkZWQgcmF0aW9uYWxlIGZvciB0aGUgY2hvaWNl IG9mIHRoZSBiNjR0b2tlbiBzeW50YXguCgkgIDwvdD4KCSAgPHQ+CgkgICAgQWRkZWQgcmF0aW9u YWxlIHN0YXRpbmcgdGhhdCByZWNlaXZlcnMgYXJlIGZyZWUgdG8gcGFyc2UKCSAgICB0aGUgPHNw YW54IHN0eWxlPSd2ZXJiJz5zY29wZTwvc3Bhbng+IGF0dHJpYnV0ZSB1c2luZyBhCgkgICAgc3Rh bmRhcmQgcXVvdGVkLXN0cmluZyBwYXJzZXIsIHNpbmNlIGl0IHdpbGwgY29ycmVjdGx5CgkgICAg cHJvY2VzcyBhbGwgbGVnYWwgPHNwYW54IHN0eWxlPSd2ZXJiJz5zY29wZTwvc3Bhbng+CgkgICAg dmFsdWVzLgoJICA8L3Q+CgkgIDx0PgoJICAgIEFkZGVkIGFkZGl0aW9uYWwgYWN0aXZlIHdvcmtp bmcgZ3JvdXAgY29udHJpYnV0b3JzIHRvIHRoZQoJICAgIEFja25vd2xlZGdlbWVudHMgc2VjdGlv bi4KCSAgPC90PgogICAgICAgIDwvbGlzdD4KICAgICAgPC90PgogICAgICA8dD4KICAgICAgICAt MTEKICAgICAgICA8bGlzdCBzdHlsZT0nc3ltYm9scyc+CgkgIDx0PgoJICAgIFJlcGxhY2VkIHVz ZXMgb2YgJmx0OyImZ3Q7IHdpdGggRFFVT1RFIHRvIHBhc3MgQUJORiBzeW50YXggY2hlY2suCgkg IDwvdD4KICAgICAgICA8L2xpc3Q+CiAgICAgIDwvdD4KICAgICAgPHQ+CiAgICAgICAgLTEwCiAg ICAgICAgPGxpc3Qgc3R5bGU9J3N5bWJvbHMnPgoJICA8dD4KCSAgICBSZW1vdmVkIHRoZSAjYXV0 aC1wYXJhbSBvcHRpb24gZnJvbSBBdXRob3JpemF0aW9uIGhlYWRlcgoJICAgIHN5bnRheCAobGVh dmluZyBvbmx5IHRoZSBiNjR0b2tlbiBzeW50YXgpLgoJICA8L3Q+CgkgIDx0PgoJICAgIFJlc3Ry aWN0ZWQgdGhlIDxzcGFueCBzdHlsZT0ndmVyYic+c2NvcGU8L3NwYW54PiB2YWx1ZQoJICAgIGNo YXJhY3RlciBzZXQgdG8gJXgyMSAvICV4MjMtNUIgLyAleDVELTdFIChwcmludGFibGUgQVNDSUkK CSAgICBjaGFyYWN0ZXJzIGV4Y2x1ZGluZyBkb3VibGUtcXVvdGUgYW5kIGJhY2tzbGFzaCkuCgkg ICAgSW5kaWNhdGVkIHRoYXQgc2NvcGUgaXMgaW50ZW5kZWQgZm9yIHByb2dyYW1tYXRpYyB1c2Ug YW5kCgkgICAgaXMgbm90IG1lYW50IHRvIGJlIGRpc3BsYXllZCB0byBlbmQgdXNlcnMuCgkgIDwv dD4KCSAgPHQ+CgkgICAgUmVzdHJpY3RlZCB0aGUgY2hhcmFjdGVyIHNldCBmb3IgPHNwYW54Cgkg ICAgc3R5bGU9J3ZlcmInPmVycm9yX2Rlc2NyaXB0aW9uPC9zcGFueD4gc3RyaW5ncyB0byBTUCAv CgkgICAgVkNIQVIgYW5kIGluZGljYXRlZCB0aGF0IHRoZXkgYXJlIG5vdCBtZWFudCB0byBiZQoJ ICAgIGRpc3BsYXllZCB0byBlbmQgdXNlcnMuCgkgIDwvdD4KCSAgPHQ+CgkgICAgSW5jbHVkZWQg bW9yZSBkZXNjcmlwdGlvbiBpbiB0aGUgQWJzdHJhY3QsIHNpbmNlIEhhbm5lcwoJICAgIFRzY2hv ZmVuaWcgaW5kaWNhdGVkIHRoYXQgdGhlIFJGQyBlZGl0b3Igd291bGQgcmVxdWlyZQoJICAgIHRo aXMuCgkgIDwvdD4KICAgICAgICAgIDx0PgogICAgICAgICAgICBDaGFuZ2VkICJBY2Nlc3MgR3Jh bnQiIHRvICJBdXRob3JpemF0aW9uIEdyYW50IiwgYXMgd2FzCiAgICAgICAgICAgIGRvbmUgaW4g dGhlIGNvcmUgc3BlYy4KCSAgPC90PgoJICA8dD4KCSAgICBTaW1wbGlmaWVkIHRoZSBpbnRyb2R1 Y3Rpb24gdG8gdGhlIEF1dGhlbnRpY2F0ZWQgUmVxdWVzdHMKCSAgICBzZWN0aW9uLgoJICA8L3Q+ CiAgICAgICAgPC9saXN0PgogICAgICA8L3Q+CiAgICAgIDx0PgogICAgICAgIC0wOQogICAgICAg IDxsaXN0IHN0eWxlPSdzeW1ib2xzJz4KICAgICAgICAgIDx0PgogICAgICAgICAgICBJbmNvcnBv cmF0ZWQgd29ya2luZyBncm91cCBsYXN0IGNhbGwgY29tbWVudHMuICBTcGVjaWZpYyBjaGFuZ2Vz IHdlcmU6CgkgIDwvdD4KCSAgPHQ+CgkgICAgVXNlIGRlZmluaXRpb25zIGZyb20gPHhyZWYKCSAg ICB0YXJnZXQ9J0ktRC5pZXRmLWh0dHBiaXMtcDctYXV0aCcgLz4gcmF0aGVyIHRoYW4gPHhyZWYK CSAgICB0YXJnZXQ9J1JGQzI2MTcnIC8+LgoJICA8L3Q+CgkgIDx0PgoJICAgIFVwZGF0ZSBjcmVk ZW50aWFscyBkZWZpbml0aW9uIHRvIGNvbmZvcm0gdG8gPHhyZWYKCSAgICB0YXJnZXQ9J0ktRC5p ZXRmLWh0dHBiaXMtcDctYXV0aCcgLz4uCgkgIDwvdD4KCSAgPHQ+CgkgICAgRnVydGhlciBjbGFy aWZpZWQgdGhhdCBxdWVyeSBwYXJhbWV0ZXJzIG1heSBvY2N1ciBpbiBhbnkgb3JkZXIuCgkgIDwv dD4KCSAgPHQ+CgkgICAgU3BlY2lmeSB0aGF0IGVycm9yX2Rlc2NyaXB0aW9uIGlzIFVURi04IGVu Y29kZWQKCSAgICAobWF0Y2hpbmcgdGhlIGNvcmUgc3BlY2lmaWNhdGlvbikuCgkgIDwvdD4KCSAg PHQ+CgkgICAgUmVnaXN0ZXJlZCAiQmVhcmVyIiBBdXRoZW50aWNhdGlvbiBTY2hlbWUgaW4KCSAg ICBBdXRoZW50aWNhdGlvbiBTY2hlbWUgUmVnaXN0cnkgZGVmaW5lZCBieQoJICAgIDx4cmVmIHRh cmdldD0nSS1ELmlldGYtaHR0cGJpcy1wNy1hdXRoJyAvPi4KCSAgPC90PgogICAgICAgICAgPHQ+ CiAgICAgICAgICAgIFVwZGF0ZWQgcmVmZXJlbmNlcyB0byBvYXV0aC12MiwgaHR0cGJpcy1wMS1t ZXNzYWdpbmcsIGFuZAogICAgICAgICAgICBodHRwYmlzLXA3LWF1dGggZHJhZnRzLgoJICA8L3Q+ CgkgIDx0PgoJICAgIE90aGVyIHdvcmRpbmcgaW1wcm92ZW1lbnRzIG5vdCBpbnRyb2R1Y2luZyBu b3JtYXRpdmUgY2hhbmdlcy4KCSAgPC90PgogICAgICAgIDwvbGlzdD4KICAgICAgPC90PgogICAg ICA8dD4KICAgICAgICAtMDgKICAgICAgICA8bGlzdCBzdHlsZT0nc3ltYm9scyc+CiAgICAgICAg ICA8dD4KICAgICAgICAgICAgVXBkYXRlZCByZWZlcmVuY2VzIHRvIG9hdXRoLXYyIGFuZCBIVFRQ YmlzIGRyYWZ0cy4KCSAgPC90PgogICAgICAgIDwvbGlzdD4KICAgICAgPC90PgogICAgICA8dD4K ICAgICAgICAtMDcKICAgICAgICA8bGlzdCBzdHlsZT0nc3ltYm9scyc+CiAgICAgICAgICA8dD4K ICAgICAgICAgICAgQWRkZWQgbWlzc2luZyBjb21tYSBpbiBlcnJvciByZXNwb25zZSBleGFtcGxl LgoJICA8L3Q+CiAgICAgICAgPC9saXN0PgogICAgICA8L3Q+CiAgICAgIDx0PgogICAgICAgIC0w NgogICAgICAgIDxsaXN0IHN0eWxlPSdzeW1ib2xzJz4KICAgICAgICAgIDx0PgogICAgICAgICAg ICBDaGFuZ2VkIHBhcmFtZXRlciBuYW1lIDxzcGFueAogICAgICAgICAgICBzdHlsZT0idmVyYiI+ YmVhcmVyX3Rva2VuPC9zcGFueD4gdG8gPHNwYW54CiAgICAgICAgICAgIHN0eWxlPSJ2ZXJiIj5h Y2Nlc3NfdG9rZW48L3NwYW54PiwgcGVyIHdvcmtpbmcgZ3JvdXAKICAgICAgICAgICAgY29uc2Vu c3VzLgoJICA8L3Q+CgkgIDx0PgoJICAgIENoYW5nZWQgSFRUUCBzdGF0dXMgY29kZSBmb3IgPHNw YW54CgkgICAgc3R5bGU9InZlcmIiPmludmFsaWRfcmVxdWVzdDwvc3Bhbng+IGVycm9yIGNvZGUg ZnJvbSBIVFRQCgkgICAgNDAxIChVbmF1dGhvcml6ZWQpIGJhY2sgdG8gSFRUUCA0MDAgKEJhZCBS ZXF1ZXN0KSwgcGVyCgkgICAgaW5wdXQgZnJvbSBIVFRQIHdvcmtpbmcgZ3JvdXAgZXhwZXJ0cy4K CSAgPC90PgogICAgICAgIDwvbGlzdD4KICAgICAgPC90PgogICAgICA8dD4KICAgICAgICAtMDUK ICAgICAgICA8bGlzdCBzdHlsZT0nc3ltYm9scyc+CgkgIDx0PgoJICAgIFJlbW92ZWQgT0F1dGgg RXJyb3JzIFJlZ2lzdHJ5LCBwZXIgZGVzaWduIHRlYW0gaW5wdXQuCgkgIDwvdD4KCSAgPHQ+Cgkg ICAgQ2hhbmdlZCBIVFRQIHN0YXR1cyBjb2RlIGZvciA8c3BhbngKCSAgICBzdHlsZT0idmVyYiI+ aW52YWxpZF9yZXF1ZXN0PC9zcGFueD4gZXJyb3IgY29kZSBmcm9tIEhUVFAKCSAgICA0MDAgKEJh ZCBSZXF1ZXN0KSB0byBIVFRQIDQwMSAoVW5hdXRob3JpemVkKSB0byBtYXRjaCBIVFRQCgkgICAg dXNhZ2UgW1sgY2hhbmdlIHBlbmRpbmcgd29ya2luZyBncm91cCBjb25zZW5zdXMgXV0uCgkgIDwv dD4KCSAgPHQ+CgkgICAgQWRkZWQgbWlzc2luZyBxdW90YXRpb24gbWFya3MgaW4gZXJyb3ItdXJp IGRlZmluaXRpb24uCgkgIDwvdD4KCSAgPHQ+CgkgICAgQWRkZWQgbm90ZSB0byBhZGQgbGFuZ3Vh Z2UgYW5kIGVuY29kaW5nIGluZm9ybWF0aW9uIHRvCgkgICAgZXJyb3JfZGVzY3JpcHRpb24gaWYg dGhlIGNvcmUgc3BlY2lmaWNhdGlvbiBkb2VzLgoJICA8L3Q+CgkgIDx0PgoJICAgIEV4cGxpY2l0 bHkgcmVmZXJlbmNlIHRoZSBBdWdtZW50ZWQgQmFja3VzLU5hdXIgRm9ybSAoQUJORikKCSAgICBk ZWZpbmVkIGluIDx4cmVmIHRhcmdldD0nUkZDNTIzNCcgLz4uCgkgIDwvdD4KCSAgPHQ+CgkgICAg VXNlIGF1dGgtcGFyYW0gaW5zdGVhZCBvZiByZXBlYXRpbmcgaXRzIGRlZmluaXRpb24sIHdoaWNo CgkgICAgaXMgKCB0b2tlbiAiPSIgKCB0b2tlbiAvIHF1b3RlZC1zdHJpbmcgKSApLgoJICA8L3Q+ CgkgIDx0PgoJICAgIENsYXJpZnkgc2VjdXJpdHkgY29uc2lkZXJhdGlvbnMgYWJvdXQgaW5jbHVk aW5nIGFuCgkgICAgYXVkaWVuY2UgcmVzdHJpY3Rpb24gaW4gdGhlIHRva2VuIGFuZCBpbmNsdWRl IGEKCSAgICByZWNvbW1lbmRhdGlvbiB0byBpc3N1ZSBzY29wZWQgYmVhcmVyIHRva2VucyBpbiB0 aGUKCSAgICBzdW1tYXJ5IG9mIHJlY29tbWVuZGF0aW9ucy4KCSAgPC90PgogICAgICAgIDwvbGlz dD4KICAgICAgPC90PgogICAgICA8dD4KICAgICAgICAtMDQKICAgICAgICA8bGlzdCBzdHlsZT0n c3ltYm9scyc+CgkgIDx0PgoJICAgIEVkaXRzIHJlc3BvbmRpbmcgdG8gd29ya2luZyBncm91cCBs YXN0IGNhbGwgZmVlZGJhY2sgb24KCSAgICAtMDMuICBTcGVjaWZpYyBlZGl0cyBlbnVtZXJhdGVk IGJlbG93LgoJICA8L3Q+CgkgIDx0PgoJICAgIEFkZGVkIEJlYXJlciBUb2tlbiBkZWZpbml0aW9u IGluIFRlcm1pbm9sb2d5IHNlY3Rpb24uCgkgIDwvdD4KICAgICAgICAgIDx0PgogICAgICAgICAg ICBDaGFuZ2VkIHBhcmFtZXRlciBuYW1lIDxzcGFueAogICAgICAgICAgICBzdHlsZT0idmVyYiI+ b2F1dGhfdG9rZW48L3NwYW54PiB0byA8c3BhbngKICAgICAgICAgICAgc3R5bGU9InZlcmIiPmJl YXJlcl90b2tlbjwvc3Bhbng+LgoJICA8L3Q+CgkgIDx0PgoJICAgIEFkZGVkIHJlYWxtIHBhcmFt ZXRlciB0byA8c3BhbngKCSAgICBzdHlsZT0ndmVyYic+V1dXLUF1dGhlbnRpY2F0ZTwvc3Bhbng+ IHJlc3BvbnNlIHRvIGNvbXBseQoJICAgIHdpdGggPHhyZWYgdGFyZ2V0PSdSRkMyNjE3JyAvPi4K CSAgPC90PgoJICA8dD4KCSAgICBSZW1vdmVkICJbIFJXUyAxI2F1dGgtcGFyYW0gXSIgZnJvbSA8 c3BhbngKCSAgICBzdHlsZT0idmVyYiI+Y3JlZGVudGlhbHM8L3NwYW54PiBkZWZpbml0aW9uIHNp bmNlIGl0IGRpZAoJICAgIG5vdCBjb21wbHkgd2l0aCB0aGUgQUJORiBpbiA8eHJlZgoJICAgIHRh cmdldD0nSS1ELmlldGYtaHR0cGJpcy1wNy1hdXRoJyAvPi4KCSAgPC90PgoJICA8dD4KCSAgICBS ZW1vdmVkIHJlc3RyaWN0aW9uIHRoYXQgdGhlIDxzcGFueAoJICAgIHN0eWxlPSJ2ZXJiIj5iZWFy ZXJfdG9rZW48L3NwYW54PiAoZm9ybWVybHkgPHNwYW54CgkgICAgc3R5bGU9InZlcmIiPm9hdXRo X3Rva2VuPC9zcGFueD4pIHBhcmFtZXRlciBiZSB0aGUgbGFzdAoJICAgIHBhcmFtZXRlciBpbiB0 aGUgZW50aXR5LWJvZHkgYW5kIHRoZSBIVFRQIHJlcXVlc3QgVVJJCgkgICAgcXVlcnkuCgkgIDwv dD4KCSAgPHQ+CgkgICAgRG8gbm90IHJlcXVpcmUgV1dXLUF1dGhlbnRpY2F0ZSBSZXNwb25zZSBp biBhIHJlcGx5IHRvIGEKCSAgICBtYWxmb3JtZWQgcmVxdWVzdCwgYXMgYW4gSFRUUCA0MDAgQmFk IFJlcXVlc3QgcmVzcG9uc2UKCSAgICB3aXRob3V0IGEgV1dXLUF1dGhlbnRpY2F0ZSBoZWFkZXIg aXMgbGlrZWx5IHRoZSByaWdodAoJICAgIHJlc3BvbnNlIGluIHNvbWUgY2FzZXMgb2YgbWFsZm9y bWVkIHJlcXVlc3RzLgoJICA8L3Q+CgkgIDx0PgoJICAgIFJlbW92ZWQgT0F1dGggUGFyYW1ldGVy cyByZWdpc3RyeSBleHRlbnNpb24uCgkgIDwvdD4KCSAgPHQ+CgkgICAgTnVtZXJvdXMgZWRpdG9y aWFsIGltcHJvdmVtZW50cyBzdWdnZXN0ZWQgYnkgd29ya2luZyBncm91cAoJICAgIG1lbWJlcnMu CgkgIDwvdD4KICAgICAgICA8L2xpc3Q+CiAgICAgIDwvdD4KICAgICAgPHQ+CiAgICAgICAgLTAz CiAgICAgICAgPGxpc3Qgc3R5bGU9J3N5bWJvbHMnPgoJICA8dD4KCSAgICBSZXN0b3JlZCB0aGUg V1dXLUF1dGhlbnRpY2F0ZSByZXNwb25zZSBoZWFkZXIKCSAgICBmdW5jdGlvbmFsaXR5IGRlbGV0 ZWQgZnJvbSB0aGUgZnJhbWV3b3JrIHNwZWNpZmljYXRpb24gaW4KCSAgICBkcmFmdCAxMiBiYXNl ZCB1cG9uIHRoZSBzcGVjaWZpY2F0aW9uIHRleHQgZnJvbSBkcmFmdCAxMS4KCSAgPC90PgoJICA8 dD4KCSAgICBBdWdtZW50ZWQgdGhlIE9BdXRoIFBhcmFtZXRlcnMgcmVnaXN0cnkgYnkgYWRkaW5n IHR3bwoJICAgIGFkZGl0aW9uYWwgcGFyYW1ldGVyIHVzYWdlIGxvY2F0aW9uczogInJlc291cmNl IHJlcXVlc3QiCgkgICAgYW5kICJyZXNvdXJjZSByZXNwb25zZSIuCgkgIDwvdD4KICAgICAgICAg IDx0PgogICAgICAgICAgICBSZWdpc3RlcmVkIHRoZSAib2F1dGhfdG9rZW4iIE9BdXRoIHBhcmFt ZXRlciB3aXRoIHVzYWdlCiAgICAgICAgICAgIGxvY2F0aW9uICJyZXNvdXJjZSByZXF1ZXN0Ii4K ICAgICAgICAgIDwvdD4KICAgICAgICAgIDx0PgogICAgICAgICAgICBSZWdpc3RlcmVkIHRoZSAi ZXJyb3IiIE9BdXRoIHBhcmFtZXRlci4KICAgICAgICAgIDwvdD4KCSAgPHQ+CgkgICAgQ3JlYXRl ZCB0aGUgT0F1dGggRXJyb3IgcmVnaXN0cnkgYW5kIHJlZ2lzdGVyZWQgZXJyb3JzLgoJICA8L3Q+ CgkgIDx0PgoJICAgIENoYW5nZWQgdGhlICJPQXV0aDIiIE9BdXRoIGFjY2VzcyB0b2tlbiB0eXBl IG5hbWUgdG8KCSAgICAiQmVhcmVyIi4KCSAgPC90PgogICAgICAgIDwvbGlzdD4KICAgICAgPC90 PgogICAgICA8dD4KICAgICAgICAtMDIKICAgICAgICA8bGlzdCBzdHlsZT0nc3ltYm9scyc+CiAg ICAgICAgICA8dD4KICAgICAgICAgICAgSW5jb3Jwb3JhdGVkIGZlZWRiYWNrIHJlY2VpdmVkIG9u IGRyYWZ0IDAxLiAgTW9zdCBjaGFuZ2VzCiAgICAgICAgICAgIHdlcmUgdG8gdGhlIHNlY3VyaXR5 IGNvbnNpZGVyYXRpb25zIHNlY3Rpb24uICBObyBub3JtYXRpdmUKICAgICAgICAgICAgY2hhbmdl cyB3ZXJlIG1hZGUuICBTcGVjaWZpYyBjaGFuZ2VzIGluY2x1ZGVkOgogICAgICAgICAgPC90PgoJ ICA8dD4KCSAgICBDaGFuZ2VkIHRlcm1pbm9sb2d5IGZyb20gInRva2VuIHJldXNlIiB0byAidG9r ZW4gY2FwdHVyZQoJICAgIGFuZCByZXBsYXkiLgoJICA8L3Q+CgkgIDx0PgoJICAgIFJlbW92ZWQg c2VudGVuY2UgIkVuY3J5cHRpbmcgdGhlIHRva2VuIGNvbnRlbnRzIGlzIGFub3RoZXIKCSAgICBh bHRlcm5hdGl2ZSIgZnJvbSB0aGUgc2VjdXJpdHkgY29uc2lkZXJhdGlvbnMgc2luY2UgaXQgd2Fz CgkgICAgcmVkdW5kYW50IGFuZCBwb3RlbnRpYWxseSBjb25mdXNpbmcuCgkgIDwvdD4KCSAgPHQ+ CgkgICAgQ29ycmVjdGVkIHNvbWUgcmVmZXJlbmNlcyB0byAicmVzb3VyY2Ugc2VydmVyIiB0byBi ZQoJICAgICJhdXRob3JpemF0aW9uIHNlcnZlciIgaW4gdGhlIHNlY3VyaXR5IGNvbnNpZGVyYXRp b25zLgoJICA8L3Q+CgkgIDx0PgoJICAgIEdlbmVyYWxpemVkIHNlY3VyaXR5IGNvbnNpZGVyYXRp b25zIGxhbmd1YWdlIGFib3V0CgkgICAgb2J0YWluaW5nIGNvbnNlbnQgb2YgdGhlIHJlc291cmNl IG93bmVyLgoJICA8L3Q+CgkgIDx0PgoJICAgIEJyb2FkZW5lZCBzY29wZSBvZiBzZWN1cml0eSBj b25zaWRlcmF0aW9ucyBkZXNjcmlwdGlvbiBmb3IKCSAgICByZWNvbW1lbmRhdGlvbiAiRG9uJ3Qg cGFzcyBiZWFyZXIgdG9rZW5zIGluIHBhZ2UgVVJMcyIuCgkgIDwvdD4KCSAgPHQ+CgkgICAgUmVt b3ZlZCB1bnVzZWQgcmVmZXJlbmNlIHRvIE9BdXRoIDEuMC4KCSAgPC90PgoJICA8dD4KCSAgICBV cGRhdGVkIHJlZmVyZW5jZSB0byBmcmFtZXdvcmsgc3BlY2lmaWNhdGlvbiBhbmQgdXBkYXRlZAoJ ICAgIERhdmlkIFJlY29yZG9uJ3MgZS1tYWlsIGFkZHJlc3MuCgkgIDwvdD4KCSAgPHQ+CgkgICAg UmVtb3ZlZCBzZWN1cml0eSBjb25zaWRlcmF0aW9ucyB0ZXh0IG9uIGF1dGhlbnRpY2F0aW5nCgkg ICAgY2xpZW50cy4KCSAgPC90PgoJICA8dD4KCSAgICBSZWdpc3RlcmVkIHRoZSAiT0F1dGgyIiBP QXV0aCBhY2Nlc3MgdG9rZW4gdHlwZSBhbmQKCSAgICAib2F1dGhfdG9rZW4iIHBhcmFtZXRlci4K CSAgPC90PgogICAgICAgIDwvbGlzdD4KICAgICAgPC90PgogICAgICA8dD4KICAgICAgICAtMDEK ICAgICAgICA8bGlzdCBzdHlsZT0nc3ltYm9scyc+CiAgICAgICAgICA8dD4KICAgICAgICAgICAg Rmlyc3QgcHVibGljIGRyYWZ0LCB3aGljaCBpbmNvcnBvcmF0ZXMgZmVlZGJhY2sgcmVjZWl2ZWQK ICAgICAgICAgICAgb24gLTAwIGluY2x1ZGluZyBlbmhhbmNlZCBTZWN1cml0eSBDb25zaWRlcmF0 aW9ucyBjb250ZW50LgogICAgICAgICAgICBUaGlzIHZlcnNpb24gaXMgaW50ZW5kZWQgdG8gYWNj b21wYW55IE9BdXRoIDIuMCBkcmFmdCAxMS4KICAgICAgICAgIDwvdD4KICAgICAgICA8L2xpc3Q+ CiAgICAgIDwvdD4KICAgICAgPHQ+CiAgICAgICAgLTAwCiAgICAgICAgPGxpc3Qgc3R5bGU9J3N5 bWJvbHMnPgogICAgICAgICAgPHQ+CiAgICAgICAgICAgIEluaXRpYWwgZHJhZnQgYmFzZWQgb24g cHJlbGltaW5hcnkgdmVyc2lvbiBvZiBPQXV0aCAyLjAgZHJhZnQgMTEuCiAgICAgICAgICA8L3Q+ CiAgICAgICAgPC9saXN0PgogICAgICA8L3Q+CiAgICA8L3NlY3Rpb24+ICAgICAKCiAgPC9iYWNr PgoKPC9yZmM+Cg== --_007_4E1F6AAD24975D4BA5B16804296739436657CD16TK5EX14MBXC283r_-- From julian.reschke@gmx.de Mon Jul 9 06:55:01 2012 Return-Path: X-Original-To: oauth@ietfa.amsl.com Delivered-To: oauth@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4A3CB21F85F0 for ; Mon, 9 Jul 2012 06:55:01 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -104.805 X-Spam-Level: X-Spam-Status: No, score=-104.805 tagged_above=-999 required=5 tests=[AWL=-2.206, BAYES_00=-2.599, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jNMniVj5cgeU for ; Mon, 9 Jul 2012 06:55:00 -0700 (PDT) Received: from mailout-de.gmx.net (mailout-de.gmx.net [213.165.64.22]) by ietfa.amsl.com (Postfix) with SMTP id CA0AA21F85F7 for ; Mon, 9 Jul 2012 06:54:59 -0700 (PDT) Received: (qmail invoked by alias); 09 Jul 2012 13:55:23 -0000 Received: from mail.greenbytes.de (EHLO [192.168.1.140]) [217.91.35.233] by mail.gmx.net (mp038) with SMTP; 09 Jul 2012 15:55:23 +0200 X-Authenticated: #1915285 X-Provags-ID: V01U2FsdGVkX18Sn+IuZpUSrz3VoomGVhIQbK8TCLc/SvgXffpzNg jc6qcfq5ec1sQd Message-ID: <4FFAE2C8.5000109@gmx.de> Date: Mon, 09 Jul 2012 15:55:20 +0200 From: Julian Reschke User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:13.0) Gecko/20120614 Thunderbird/13.0.1 MIME-Version: 1.0 To: Mike Jones References: <4E1F6AAD24975D4BA5B16804296739436657C93A@TK5EX14MBXC283.redmond.corp.microsoft.com> In-Reply-To: <4E1F6AAD24975D4BA5B16804296739436657C93A@TK5EX14MBXC283.redmond.corp.microsoft.com> Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 8bit X-Y-GMX-Trusted: 0 Cc: "oauth@ietf.org" Subject: Re: [OAUTH-WG] Preliminary OAuth Core draft -29 X-BeenThere: oauth@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: OAUTH WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 09 Jul 2012 13:55:01 -0000 On 2012-07-09 09:08, Mike Jones wrote: > A preliminary version of OAuth core draft -29 is attached for the > working group’s consideration and discussion on today’s call. I believe > that this addresses all issues that have been raised, including Julian’s > issues about the ABNF, character sets, and form encoding. Changes are: > > * Added "MUST" to "A public client that was not issued a client > password MUST use the client_idrequest parameter to identify itself > when sending requests to the token endpoint" and added text > explaining why this must be so. > * Added that the authorization server MUST "ensure the authorization > code was issued to the authenticated confidential client or to the > public client identified by the client_idin the request". > * Added Security Considerations section "Misuse of Access Token to > Impersonate Resource Owner at Public Client". > * Deleted ";charset=UTF-8" from examples formerly using "Content-Type: > application/x-www-form-urlencoded;charset=UTF-8". > * Added the phrase "and a character encoding of UTF-8" when describing > how to send requests using the HTTP request entity-body, per Julian > Reschke's suggestion. I still think that citing HTML4 here doesn't work; the definition of the media type in HTML4 is known to be insufficient. What's the reason for not citing the HTML4 working draft here? > * Added "The ABNF below is defined in terms of Unicode code points > [UNICODE5]; these characters are typically encoded in UTF-8". > * For symmetry when using HTTP Basic authentication, also apply the > application/x-www-form-urlencodedencoding to the client password, > just as was already done for the client identifier. That's kind of surprising; what's the rational for this? Also, given the complexity of x-www-form-urlencoded, I really really believe there should be examples of using it with non-ASCII characters. Finally, the ABNF still fails to address my concerns from a few weeks ago: Best regards, Julian From julian.reschke@gmx.de Mon Jul 9 07:03:59 2012 Return-Path: X-Original-To: oauth@ietfa.amsl.com Delivered-To: oauth@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A17DF21F85EA for ; Mon, 9 Jul 2012 07:03:59 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -104.749 X-Spam-Level: X-Spam-Status: No, score=-104.749 tagged_above=-999 required=5 tests=[AWL=-2.150, BAYES_00=-2.599, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CddS0Qe-9GnF for ; Mon, 9 Jul 2012 07:03:59 -0700 (PDT) Received: from mailout-de.gmx.net (mailout-de.gmx.net [213.165.64.23]) by ietfa.amsl.com (Postfix) with SMTP id A375B21F85E4 for ; Mon, 9 Jul 2012 07:03:58 -0700 (PDT) Received: (qmail invoked by alias); 09 Jul 2012 14:04:20 -0000 Received: from mail.greenbytes.de (EHLO [192.168.1.140]) [217.91.35.233] by mail.gmx.net (mp037) with SMTP; 09 Jul 2012 16:04:20 +0200 X-Authenticated: #1915285 X-Provags-ID: V01U2FsdGVkX1/T9p4+E23TNgIAvDYkbLYjeXej9A9cF6xQuhvpty MiDNvUpNScQ0Hc Message-ID: <4FFAE4E1.3070102@gmx.de> Date: Mon, 09 Jul 2012 16:04:17 +0200 From: Julian Reschke User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:13.0) Gecko/20120614 Thunderbird/13.0.1 MIME-Version: 1.0 To: Mike Jones References: <4E1F6AAD24975D4BA5B16804296739436657C93A@TK5EX14MBXC283.redmond.corp.microsoft.com> <4FFAE2C8.5000109@gmx.de> In-Reply-To: <4FFAE2C8.5000109@gmx.de> Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 8bit X-Y-GMX-Trusted: 0 Cc: "oauth@ietf.org" Subject: Re: [OAUTH-WG] Preliminary OAuth Core draft -29 X-BeenThere: oauth@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: OAUTH WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 09 Jul 2012 14:03:59 -0000 On 2012-07-09 15:55, Julian Reschke wrote: > On 2012-07-09 09:08, Mike Jones wrote: >> A preliminary version of OAuth core draft -29 is attached for the >> working group’s consideration and discussion on today’s call. I believe >> that this addresses all issues that have been raised, including Julian’s >> issues about the ABNF, character sets, and form encoding. Changes are: >> >> * Added "MUST" to "A public client that was not issued a client >> password MUST use the client_idrequest parameter to identify itself >> when sending requests to the token endpoint" and added text >> explaining why this must be so. >> * Added that the authorization server MUST "ensure the authorization >> code was issued to the authenticated confidential client or to the >> public client identified by the client_idin the request". >> * Added Security Considerations section "Misuse of Access Token to >> Impersonate Resource Owner at Public Client". >> * Deleted ";charset=UTF-8" from examples formerly using "Content-Type: >> application/x-www-form-urlencoded;charset=UTF-8". >> * Added the phrase "and a character encoding of UTF-8" when describing >> how to send requests using the HTTP request entity-body, per Julian >> Reschke's suggestion. > > I still think that citing HTML4 here doesn't work; the definition of the > media type in HTML4 is known to be insufficient. What's the reason for > not citing the HTML4 working draft here? > ... s/4/5/, of course. Best regards, Julian From Michael.Jones@microsoft.com Mon Jul 9 07:48:38 2012 Return-Path: X-Original-To: oauth@ietfa.amsl.com Delivered-To: oauth@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A8AF211E8080 for ; Mon, 9 Jul 2012 07:48:38 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -3.791 X-Spam-Level: X-Spam-Status: No, score=-3.791 tagged_above=-999 required=5 tests=[AWL=-0.192, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yWuEb4ghFEu8 for ; Mon, 9 Jul 2012 07:48:37 -0700 (PDT) Received: from co1outboundpool.messaging.microsoft.com (co1ehsobe001.messaging.microsoft.com [216.32.180.184]) by ietfa.amsl.com (Postfix) with ESMTP id 9234A11E8072 for ; Mon, 9 Jul 2012 07:48:37 -0700 (PDT) Received: from mail122-co1-R.bigfish.com (10.243.78.250) by CO1EHSOBE006.bigfish.com (10.243.66.69) with Microsoft SMTP Server id 14.1.225.23; Mon, 9 Jul 2012 14:46:46 +0000 Received: from mail122-co1 (localhost [127.0.0.1]) by mail122-co1-R.bigfish.com (Postfix) with ESMTP id 95A524401B2; Mon, 9 Jul 2012 14:46:45 +0000 (UTC) X-Forefront-Antispam-Report: CIP:131.107.125.8; KIP:(null); UIP:(null); IPV:NLI; H:TK5EX14MLTC104.redmond.corp.microsoft.com; RD:none; EFVD:NLI X-SpamScore: -29 X-BigFish: VS-29(zz98dI9371I936eI542M1432Izz1202hzz1033IL8275dhz2fh2a8h668h839h944hd25hf0ah107ah) Received-SPF: pass (mail122-co1: domain of microsoft.com designates 131.107.125.8 as permitted sender) client-ip=131.107.125.8; envelope-from=Michael.Jones@microsoft.com; helo=TK5EX14MLTC104.redmond.corp.microsoft.com ; icrosoft.com ; Received: from mail122-co1 (localhost.localdomain [127.0.0.1]) by mail122-co1 (MessageSwitch) id 134184520290731_8225; Mon, 9 Jul 2012 14:46:42 +0000 (UTC) Received: from CO1EHSMHS007.bigfish.com (unknown [10.243.78.236]) by mail122-co1.bigfish.com (Postfix) with ESMTP id 13E31340044; Mon, 9 Jul 2012 14:46:42 +0000 (UTC) Received: from TK5EX14MLTC104.redmond.corp.microsoft.com (131.107.125.8) by CO1EHSMHS007.bigfish.com (10.243.66.17) with Microsoft SMTP Server (TLS) id 14.1.225.23; Mon, 9 Jul 2012 14:46:40 +0000 Received: from TK5EX14MBXC283.redmond.corp.microsoft.com ([169.254.2.53]) by TK5EX14MLTC104.redmond.corp.microsoft.com ([157.54.79.159]) with mapi id 14.02.0298.005; Mon, 9 Jul 2012 14:48:56 +0000 From: Mike Jones To: Julian Reschke Thread-Topic: [OAUTH-WG] Preliminary OAuth Core draft -29 Thread-Index: Ac1doaVzn0rH3CgzRNqCMkZEFAvQfwAONTcAAAFQgLA= Date: Mon, 9 Jul 2012 14:48:54 +0000 Message-ID: <4E1F6AAD24975D4BA5B16804296739436657CE30@TK5EX14MBXC283.redmond.corp.microsoft.com> References: <4E1F6AAD24975D4BA5B16804296739436657C93A@TK5EX14MBXC283.redmond.corp.microsoft.com> <4FFAE2C8.5000109@gmx.de> In-Reply-To: <4FFAE2C8.5000109@gmx.de> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [157.54.51.32] Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OriginatorOrg: microsoft.com Cc: "oauth@ietf.org" Subject: Re: [OAUTH-WG] Preliminary OAuth Core draft -29 X-BeenThere: oauth@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: OAUTH WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 09 Jul 2012 14:48:38 -0000 HTML5 is not cited because it's a working draft - not an approved standard.= In what way is "the definition of the media type in HTML4 is known to be = insufficient"? People have been successfully implementing form-urlencoding= with it for quite some time. :-) Is there a specific wording change that = you'd suggest that we make that doesn't involve citing a working draft, rat= her than an approved standard? I'm not sure what aspect of https://www.ietf.org/mail-archive/web/oauth/cur= rent/msg09219.html you feel hasn't been addressed. The restriction prohibi= ting colon has been removed from the ABNF, like you asked. Using form-urle= ncoding when passing parameters through HTTP Basic enables a wider repertoi= re of characters to be used - again, something you'd asked for. I used your example from http://greenbytes.de/tech/webdav/rfc5323.html#rfc.= section.5.15.1 when wording the statement that "The ABNF below is defined i= n terms of Unicode code points". That covers the topics raised in your mes= sage about the ABNF. So I really don't understand in what way that stateme= nt fails to address your concerns. I've done my best to intuit your intent based on your brief comments and ad= dress it, and apparently come up short in some way(s) that I can't identify= from your response below. Again, if you could propose specific wording ch= anges, that would remove the ambiguity from your remarks and we could stop = going back and forth on this. I hope you can be on the call in ~2 hours as well. Thank you, -- Mike -----Original Message----- From: Julian Reschke [mailto:julian.reschke@gmx.de]=20 Sent: Monday, July 09, 2012 6:55 AM To: Mike Jones Cc: oauth@ietf.org Subject: Re: [OAUTH-WG] Preliminary OAuth Core draft -29 On 2012-07-09 09:08, Mike Jones wrote: > A preliminary version of OAuth core draft -29 is attached for the=20 > working group's consideration and discussion on today's call. I=20 > believe that this addresses all issues that have been raised,=20 > including Julian's issues about the ABNF, character sets, and form encodi= ng. Changes are: > > * Added "MUST" to "A public client that was not issued a client > password MUST use the client_idrequest parameter to identify itself > when sending requests to the token endpoint" and added text > explaining why this must be so. > * Added that the authorization server MUST "ensure the authorization > code was issued to the authenticated confidential client or to the > public client identified by the client_idin the request". > * Added Security Considerations section "Misuse of Access Token to > Impersonate Resource Owner at Public Client". > * Deleted ";charset=3DUTF-8" from examples formerly using "Content-Type= : > application/x-www-form-urlencoded;charset=3DUTF-8". > * Added the phrase "and a character encoding of UTF-8" when describing > how to send requests using the HTTP request entity-body, per Julian > Reschke's suggestion. I still think that citing HTML4 here doesn't work; the definition of the me= dia type in HTML4 is known to be insufficient. What's the reason for not ci= ting the HTML4 working draft here? > * Added "The ABNF below is defined in terms of Unicode code points > [UNICODE5]; these characters are typically encoded in UTF-8". > * For symmetry when using HTTP Basic authentication, also apply the > application/x-www-form-urlencodedencoding to the client password, > just as was already done for the client identifier. That's kind of surprising; what's the rational for this? Also, given the complexity of x-www-form-urlencoded, I really really believ= e there should be examples of using it with non-ASCII characters. Finally, the ABNF still fails to address my concerns from a few weeks ago: Best regards, Julian From julian.reschke@gmx.de Mon Jul 9 08:01:13 2012 Return-Path: X-Original-To: oauth@ietfa.amsl.com Delivered-To: oauth@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AD08921F861B for ; Mon, 9 Jul 2012 08:01:13 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -104.695 X-Spam-Level: X-Spam-Status: No, score=-104.695 tagged_above=-999 required=5 tests=[AWL=-2.096, BAYES_00=-2.599, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id i75y6+yKpcjB for ; Mon, 9 Jul 2012 08:01:12 -0700 (PDT) Received: from mailout-de.gmx.net (mailout-de.gmx.net [213.165.64.23]) by ietfa.amsl.com (Postfix) with SMTP id 4102B21F867E for ; Mon, 9 Jul 2012 08:01:12 -0700 (PDT) Received: (qmail invoked by alias); 09 Jul 2012 15:01:36 -0000 Received: from mail.greenbytes.de (EHLO [192.168.1.140]) [217.91.35.233] by mail.gmx.net (mp035) with SMTP; 09 Jul 2012 17:01:36 +0200 X-Authenticated: #1915285 X-Provags-ID: V01U2FsdGVkX190tthYbzp0zgVaLOrEmzqzsm0gOHJ86nf25heG2s CUBBKH8j3GutbK Message-ID: <4FFAF24D.5050805@gmx.de> Date: Mon, 09 Jul 2012 17:01:33 +0200 From: Julian Reschke User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:13.0) Gecko/20120614 Thunderbird/13.0.1 MIME-Version: 1.0 To: Mike Jones References: <4E1F6AAD24975D4BA5B16804296739436657C93A@TK5EX14MBXC283.redmond.corp.microsoft.com> <4FFAE2C8.5000109@gmx.de> <4E1F6AAD24975D4BA5B16804296739436657CE30@TK5EX14MBXC283.redmond.corp.microsoft.com> In-Reply-To: <4E1F6AAD24975D4BA5B16804296739436657CE30@TK5EX14MBXC283.redmond.corp.microsoft.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Y-GMX-Trusted: 0 Cc: "oauth@ietf.org" Subject: Re: [OAUTH-WG] Preliminary OAuth Core draft -29 X-BeenThere: oauth@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: OAUTH WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 09 Jul 2012 15:01:13 -0000 On 2012-07-09 16:48, Mike Jones wrote: > HTML5 is not cited because it's a working draft - not an approved standard. In what way is "the definition of the media type in HTML4 is known to be insufficient"? People have been successfully implementing form-urlencoding with it for quite some time. :-) Is there a specific wording change that you'd suggest that we make that doesn't involve citing a working draft, rather than an approved standard? For instance, the HTML4 "definition" doesn't even mention what to do with non-ASCII characters. I understand that it's not particularly attractive, but citing HTML4 just because it's a "standard" isn't really helpful for people who actually follow the link and try to understand what needs to be implemented. > I'm not sure what aspect of https://www.ietf.org/mail-archive/web/oauth/current/msg09219.html you feel hasn't been addressed. The restriction prohibiting colon has been removed from the ABNF, like you asked. Using form-urlencoding when passing parameters through HTTP Basic enables a wider repertoire of characters to be used - again, something you'd asked for. Sorry, I missed that one; I was looking at the UNICODENOCTRLCHAR = where you had asked for a better way to define it, and that's also in the link I sent. With respect to the original question: you now say that *all* ABNF productions define the syntax in terms of Unicode code points. It that's the case all is well; but I didn't want to propose that because I don't have sufficient knowledge of the contexts where these protocol elements are used. > ... Best regards, Julian From Michael.Jones@microsoft.com Mon Jul 9 08:36:22 2012 Return-Path: X-Original-To: oauth@ietfa.amsl.com Delivered-To: oauth@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 863E011E80D6 for ; Mon, 9 Jul 2012 08:36:22 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -3.788 X-Spam-Level: X-Spam-Status: No, score=-3.788 tagged_above=-999 required=5 tests=[AWL=-0.189, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id I1hX0stHD7o8 for ; Mon, 9 Jul 2012 08:36:21 -0700 (PDT) Received: from ch1outboundpool.messaging.microsoft.com (ch1ehsobe002.messaging.microsoft.com [216.32.181.182]) by ietfa.amsl.com (Postfix) with ESMTP id F142D11E80C8 for ; Mon, 9 Jul 2012 08:36:20 -0700 (PDT) Received: from mail27-ch1-R.bigfish.com (10.43.68.234) by CH1EHSOBE010.bigfish.com (10.43.70.60) with Microsoft SMTP Server id 14.1.225.23; Mon, 9 Jul 2012 15:34:29 +0000 Received: from mail27-ch1 (localhost [127.0.0.1]) by mail27-ch1-R.bigfish.com (Postfix) with ESMTP id DF2D330024E; Mon, 9 Jul 2012 15:34:28 +0000 (UTC) X-Forefront-Antispam-Report: CIP:131.107.125.8; KIP:(null); UIP:(null); IPV:NLI; H:TK5EX14MLTC101.redmond.corp.microsoft.com; RD:none; EFVD:NLI X-SpamScore: -28 X-BigFish: VS-28(zz98dI9371I936eI542Mzz1202hzz1033IL8275dhz2fh2a8h668h839h944hd25hf0ah107ah) Received-SPF: pass (mail27-ch1: domain of microsoft.com designates 131.107.125.8 as permitted sender) client-ip=131.107.125.8; envelope-from=Michael.Jones@microsoft.com; helo=TK5EX14MLTC101.redmond.corp.microsoft.com ; icrosoft.com ; Received: from mail27-ch1 (localhost.localdomain [127.0.0.1]) by mail27-ch1 (MessageSwitch) id 134184806693945_8297; Mon, 9 Jul 2012 15:34:26 +0000 (UTC) Received: from CH1EHSMHS024.bigfish.com (snatpool1.int.messaging.microsoft.com [10.43.68.244]) by mail27-ch1.bigfish.com (Postfix) with ESMTP id 14E972E0045; Mon, 9 Jul 2012 15:34:26 +0000 (UTC) Received: from TK5EX14MLTC101.redmond.corp.microsoft.com (131.107.125.8) by CH1EHSMHS024.bigfish.com (10.43.70.24) with Microsoft SMTP Server (TLS) id 14.1.225.23; Mon, 9 Jul 2012 15:34:25 +0000 Received: from TK5EX14MBXC283.redmond.corp.microsoft.com ([169.254.2.53]) by TK5EX14MLTC101.redmond.corp.microsoft.com ([157.54.79.178]) with mapi id 14.02.0298.005; Mon, 9 Jul 2012 15:36:18 +0000 From: Mike Jones To: Julian Reschke Thread-Topic: [OAUTH-WG] Preliminary OAuth Core draft -29 Thread-Index: Ac1doaVzn0rH3CgzRNqCMkZEFAvQfwAONTcAAAFQgLAAAP+GgAABKLdA Date: Mon, 9 Jul 2012 15:36:17 +0000 Message-ID: <4E1F6AAD24975D4BA5B16804296739436657CF31@TK5EX14MBXC283.redmond.corp.microsoft.com> References: <4E1F6AAD24975D4BA5B16804296739436657C93A@TK5EX14MBXC283.redmond.corp.microsoft.com> <4FFAE2C8.5000109@gmx.de> <4E1F6AAD24975D4BA5B16804296739436657CE30@TK5EX14MBXC283.redmond.corp.microsoft.com> <4FFAF24D.5050805@gmx.de> In-Reply-To: <4FFAF24D.5050805@gmx.de> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [157.54.51.32] Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OriginatorOrg: microsoft.com Cc: "oauth@ietf.org" Subject: Re: [OAUTH-WG] Preliminary OAuth Core draft -29 X-BeenThere: oauth@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: OAUTH WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 09 Jul 2012 15:36:22 -0000 What's the syntax for defining UNICODENOCTRLCHAR in a better way? I'd be e= ager to incorporate that. I failed to find that part from your link. -- Mike -----Original Message----- From: Julian Reschke [mailto:julian.reschke@gmx.de]=20 Sent: Monday, July 09, 2012 8:02 AM To: Mike Jones Cc: oauth@ietf.org Subject: Re: [OAUTH-WG] Preliminary OAuth Core draft -29 On 2012-07-09 16:48, Mike Jones wrote: > HTML5 is not cited because it's a working draft - not an approved standar= d. In what way is "the definition of the media type in HTML4 is known to b= e insufficient"? People have been successfully implementing form-urlencodi= ng with it for quite some time. :-) Is there a specific wording change tha= t you'd suggest that we make that doesn't involve citing a working draft, r= ather than an approved standard? For instance, the HTML4 "definition" doesn't even mention what to do with n= on-ASCII characters. I understand that it's not particularly attractive, but citing HTML4 just b= ecause it's a "standard" isn't really helpful for people who actually follo= w the link and try to understand what needs to be implemented. > I'm not sure what aspect of https://www.ietf.org/mail-archive/web/oauth/c= urrent/msg09219.html you feel hasn't been addressed. The restriction prohi= biting colon has been removed from the ABNF, like you asked. Using form-ur= lencoding when passing parameters through HTTP Basic enables a wider repert= oire of characters to be used - again, something you'd asked for. Sorry, I missed that one; I was looking at the UNICODENOCTRLCHAR =3D where you had asked for a better way to define it, and that's also in the l= ink I sent. With respect to the original question: you now say that *all* ABNF producti= ons define the syntax in terms of Unicode code points. It that's the case a= ll is well; but I didn't want to propose that because I don't have sufficie= nt knowledge of the contexts where these protocol elements are used. > ... Best regards, Julian From ve7jtb@ve7jtb.com Mon Jul 9 08:45:10 2012 Return-Path: X-Original-To: oauth@ietfa.amsl.com Delivered-To: oauth@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2668721F85F4 for ; Mon, 9 Jul 2012 08:45:10 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -3.48 X-Spam-Level: X-Spam-Status: No, score=-3.48 tagged_above=-999 required=5 tests=[AWL=0.118, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id T76JEeu-m5aT for ; Mon, 9 Jul 2012 08:45:09 -0700 (PDT) Received: from mail-gg0-f172.google.com (mail-gg0-f172.google.com [209.85.161.172]) by ietfa.amsl.com (Postfix) with ESMTP id C782B21F85A0 for ; Mon, 9 Jul 2012 08:45:08 -0700 (PDT) Received: by ggnc4 with SMTP id c4so11215434ggn.31 for ; Mon, 09 Jul 2012 08:45:33 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=subject:mime-version:content-type:from:in-reply-to:date:cc :message-id:references:to:x-mailer:x-gm-message-state; bh=GbVNniY5IEYIEnJ+uGb71aYbZNA4RapCIAtJjLQMFmA=; b=dPkwfr3y3uQPhvb8bUB/FmdCAzFC9h8qCF0MeJtNbnlFtKO8DGQ3ZePEYner1DsQe5 XL7FtLUNfXoPwIkX893Eo3wou/nIHk2RYs5gjfCLkjSNZ3maXWcnxPD3+UeLCoh2+ovB 1hcOPoi6kvNV7xYppNq1mYO5PR/AaBcALHWlAnu+bZ0s+A3cAGg1FynyTIAoqmqzMypC Oibq+rqjwjEV8n+wXDGS1evPJFUk5gXklMYWa8CCRv8ZkeFmL4p3xI77MzSYB7fDTRvy GuHmCdotMfCC2g3VVh4siaPvhJ4EIS2uGxA6X2UipePAZeRMYrz/pEqTClQQtdyuRH7g NKMA== Received: by 10.236.170.199 with SMTP id p47mr46666426yhl.12.1341848733630; Mon, 09 Jul 2012 08:45:33 -0700 (PDT) Received: from [192.168.1.211] (190-20-12-246.baf.movistar.cl. [190.20.12.246]) by mx.google.com with ESMTPS id n15sm30286648anh.6.2012.07.09.08.45.20 (version=TLSv1/SSLv3 cipher=OTHER); Mon, 09 Jul 2012 08:45:32 -0700 (PDT) Mime-Version: 1.0 (Apple Message framework v1278) Content-Type: multipart/signed; boundary="Apple-Mail=_59A0D889-7074-460E-92DC-334D0FC68F86"; protocol="application/pkcs7-signature"; micalg=sha1 From: John Bradley In-Reply-To: <4E1F6AAD24975D4BA5B16804296739436657C93A@TK5EX14MBXC283.redmond.corp.microsoft.com> Date: Mon, 9 Jul 2012 11:44:56 -0400 Message-Id: References: <4E1F6AAD24975D4BA5B16804296739436657C93A@TK5EX14MBXC283.redmond.corp.microsoft.com> To: Mike Jones X-Mailer: Apple Mail (2.1278) X-Gm-Message-State: ALoCoQmU+agTvg+FLxCcS4bgw6sHzKyaZpZdkOH1EO0TuMBCDGHt6fz5DciinGmEPLSZcCk2edVs Cc: "oauth@ietf.org" Subject: Re: [OAUTH-WG] Preliminary OAuth Core draft -29 X-BeenThere: oauth@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: OAUTH WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 09 Jul 2012 15:45:10 -0000 --Apple-Mail=_59A0D889-7074-460E-92DC-334D0FC68F86 Content-Type: multipart/alternative; boundary="Apple-Mail=_13B9A033-2A82-4E27-BB36-DE1A66029089" --Apple-Mail=_13B9A033-2A82-4E27-BB36-DE1A66029089 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=windows-1252 Given we are making the changes to the public client code flow. I would change the name of the security consideration to: > Misuse of Access Token to Impersonate Resource Owner in Implicit Flow Sorry I forgot to change that when I sent it. John B. On 2012-07-09, at 3:08 AM, Mike Jones wrote: > A preliminary version of OAuth core draft -29 is attached for the = working group=92s consideration and discussion on today=92s call. I = believe that this addresses all issues that have been raised, including = Julian=92s issues about the ABNF, character sets, and form encoding. = Changes are: > =20 > Added "MUST" to "A public client that was not issued a client password = MUST use the client_id request parameter to identify itself when sending = requests to the token endpoint" and added text explaining why this must = be so. > Added that the authorization server MUST "ensure the authorization = code was issued to the authenticated confidential client or to the = public client identified by the client_id in the request". > Added Security Considerations section "Misuse of Access Token to = Impersonate Resource Owner at Public Client". > Deleted ";charset=3DUTF-8" from examples formerly using "Content-Type: = application/x-www-form-urlencoded;charset=3DUTF-8". > Added the phrase "and a character encoding of UTF-8" when describing = how to send requests using the HTTP request entity-body, per Julian = Reschke's suggestion. > Added "The ABNF below is defined in terms of Unicode code points = [UNICODE5]; these characters are typically encoded in UTF-8". > For symmetry when using HTTP Basic authentication, also apply the = application/x-www-form-urlencoded encoding to the client password, just = as was already done for the client identifier. > Reduced multiple blank lines around artwork elements to single blank = lines. > Removed Eran Hammer's name from the author list, at his request. Dick = Hardt is now listed as the editor. > =20 > Best = wishes, > -- Mike > =20 > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth --Apple-Mail=_13B9A033-2A82-4E27-BB36-DE1A66029089 Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=windows-1252 Given we are making the changes to the public = client code flow.

I would change the name of the = security consideration to:
  • Misuse of = Access Token to Impersonate Resource Owner in Implicit = Flow

=
Sorry I forgot to change that when I sent = it.

John B.

On = 2012-07-09, at 3:08 AM, Mike Jones wrote:

A preliminary version of OAuth = core draft -29 is attached for the working group=92s consideration and = discussion on today=92s call.  I believe that this addresses all = issues that have been raised, including Julian=92s issues about the = ABNF, character sets, and form encoding.  Changes = are:
 
  • Added "MUST" to "A public client that was not = issued a client password MUST use the  request = parameter to identify itself when sending requests to the token = endpoint" and added text explaining why this must be = so.
  • Added that the = authorization server MUST "ensure the authorization code was issued to = the authenticated confidential client or to the public client identified = by the  in the = request".
  • Added Security Considerations section "Misuse of = Access Token to Impersonate Resource Owner at Public = Client".
  • Deleted ";charset=3DUTF-8" from examples formerly = using "Content-Type: = application/x-www-form-urlencoded;charset=3DUTF-8".
    • =
  • Added the phrase "and a = character encoding of UTF-8" when describing how to send requests using = the HTTP request entity-body, per Julian Reschke's = suggestion.
  • Added "The ABNF below is defined in terms of = Unicode code points [UNICODE5]; these characters are typically encoded = in UTF-8".
  • For symmetry when using HTTP Basic = authentication, also apply the  encoding to the client = password, just as was already done for the client = identifier.
  • Reduced multiple blank lines around artwork = elements to single blank lines.
  • Removed Eran Hammer's name = from the author list, at his request. Dick Hardt is now listed as the = editor.
 
            =             &n= bsp;           &nbs= p;            =            Best = wishes,
OAuth@ietf.org
Subject: Re: [OAUTH-WG] Preliminary OAuth Core draft -29 X-BeenThere: oauth@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: OAUTH WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 09 Jul 2012 15:50:06 -0000 On 2012-07-09 17:36, Mike Jones wrote: > What's the syntax for defining UNICODENOCTRLCHAR in a better way? I'd be eager to incorporate that. I failed to find that part from your link. > ... Just change UNICODENOCTRLCHAR = to UNICODENOCTRLCHAR = %x20-7E / %x80-D7FF / %xE000-FFFD / %x10000-10FFFF (inspired by ). Best regards, Julian From Michael.Jones@microsoft.com Mon Jul 9 09:15:23 2012 Return-Path: X-Original-To: oauth@ietfa.amsl.com Delivered-To: oauth@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3ECCB11E80D1 for ; Mon, 9 Jul 2012 09:15:23 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -5.286 X-Spam-Level: X-Spam-Status: No, score=-5.286 tagged_above=-999 required=5 tests=[AWL=1.313, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LPfQRLQfaF8i for ; Mon, 9 Jul 2012 09:15:22 -0700 (PDT) Received: from tx2outboundpool.messaging.microsoft.com (tx2ehsobe003.messaging.microsoft.com [65.55.88.13]) by ietfa.amsl.com (Postfix) with ESMTP id 54DF511E80BE for ; Mon, 9 Jul 2012 09:15:22 -0700 (PDT) Received: from mail21-tx2-R.bigfish.com (10.9.14.242) by TX2EHSOBE003.bigfish.com (10.9.40.23) with Microsoft SMTP Server id 14.1.225.23; Mon, 9 Jul 2012 16:13:30 +0000 Received: from mail21-tx2 (localhost [127.0.0.1]) by mail21-tx2-R.bigfish.com (Postfix) with ESMTP id 90F91180136; Mon, 9 Jul 2012 16:13:30 +0000 (UTC) X-Forefront-Antispam-Report: CIP:131.107.125.8; KIP:(null); UIP:(null); IPV:NLI; H:TK5EX14HUBC101.redmond.corp.microsoft.com; RD:none; EFVD:NLI X-SpamScore: -28 X-BigFish: VS-28(zz98dI9371I936eI542Mzz1202hzz1033IL8275dhz2fh2a8h668h839h944hd25hf0ah107ah) Received-SPF: pass (mail21-tx2: domain of microsoft.com designates 131.107.125.8 as permitted sender) client-ip=131.107.125.8; envelope-from=Michael.Jones@microsoft.com; helo=TK5EX14HUBC101.redmond.corp.microsoft.com ; icrosoft.com ; Received: from mail21-tx2 (localhost.localdomain [127.0.0.1]) by mail21-tx2 (MessageSwitch) id 1341850409533576_10893; Mon, 9 Jul 2012 16:13:29 +0000 (UTC) Received: from TX2EHSMHS036.bigfish.com (unknown [10.9.14.244]) by mail21-tx2.bigfish.com (Postfix) with ESMTP id 7F8B3460047; Mon, 9 Jul 2012 16:13:29 +0000 (UTC) Received: from TK5EX14HUBC101.redmond.corp.microsoft.com (131.107.125.8) by TX2EHSMHS036.bigfish.com (10.9.99.136) with Microsoft SMTP Server (TLS) id 14.1.225.23; Mon, 9 Jul 2012 16:13:29 +0000 Received: from TK5EX14MBXC283.redmond.corp.microsoft.com ([169.254.2.53]) by TK5EX14HUBC101.redmond.corp.microsoft.com ([157.54.7.153]) with mapi id 14.02.0309.003; Mon, 9 Jul 2012 16:15:44 +0000 From: Mike Jones To: Julian Reschke Thread-Topic: [OAUTH-WG] Preliminary OAuth Core draft -29 Thread-Index: Ac1doaVzn0rH3CgzRNqCMkZEFAvQfwAONTcAAAFQgLAAAP+GgAABKLdAAACMVgAAAOC2wA== Date: Mon, 9 Jul 2012 16:15:43 +0000 Message-ID: <4E1F6AAD24975D4BA5B16804296739436657D0AD@TK5EX14MBXC283.redmond.corp.microsoft.com> References: <4E1F6AAD24975D4BA5B16804296739436657C93A@TK5EX14MBXC283.redmond.corp.microsoft.com> <4FFAE2C8.5000109@gmx.de> <4E1F6AAD24975D4BA5B16804296739436657CE30@TK5EX14MBXC283.redmond.corp.microsoft.com> <4FFAF24D.5050805@gmx.de> <4E1F6AAD24975D4BA5B16804296739436657CF31@TK5EX14MBXC283.redmond.corp.microsoft.com> <4FFAFDC2.1040507@gmx.de> In-Reply-To: <4FFAFDC2.1040507@gmx.de> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [157.54.51.75] Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OriginatorOrg: microsoft.com Cc: "oauth@ietf.org" Subject: Re: [OAUTH-WG] Preliminary OAuth Core draft -29 X-BeenThere: oauth@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: OAUTH WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 09 Jul 2012 16:15:23 -0000 OK - will do -----Original Message----- From: Julian Reschke [mailto:julian.reschke@gmx.de]=20 Sent: Monday, July 09, 2012 8:50 AM To: Mike Jones Cc: oauth@ietf.org Subject: Re: [OAUTH-WG] Preliminary OAuth Core draft -29 On 2012-07-09 17:36, Mike Jones wrote: > What's the syntax for defining UNICODENOCTRLCHAR in a better way? I'd be= eager to incorporate that. I failed to find that part from your link. > ... Just change UNICODENOCTRLCHAR =3D to UNICODENOCTRLCHAR =3D %x20-7E / %x80-D7FF / %xE000-FFFD / %x10000-10FFFF (inspired by ). Best regards, Julian From dick.hardt@gmail.com Mon Jul 9 10:31:28 2012 Return-Path: X-Original-To: oauth@ietfa.amsl.com Delivered-To: oauth@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AA6FE11E8150 for ; Mon, 9 Jul 2012 10:31:28 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -3.582 X-Spam-Level: X-Spam-Status: No, score=-3.582 tagged_above=-999 required=5 tests=[AWL=0.016, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uYuLz2iHxpQ2 for ; Mon, 9 Jul 2012 10:31:28 -0700 (PDT) Received: from mail-pb0-f44.google.com (mail-pb0-f44.google.com [209.85.160.44]) by ietfa.amsl.com (Postfix) with ESMTP id DC16511E80C2 for ; Mon, 9 Jul 2012 10:31:27 -0700 (PDT) Received: by pbcwy7 with SMTP id wy7so20134709pbc.31 for ; Mon, 09 Jul 2012 10:31:53 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=subject:mime-version:content-type:from:in-reply-to:date:cc :message-id:references:to:x-mailer; bh=rbphmG4tZlVcnROJ00bBCU+aJIoOofD1zrKZWGwzl28=; b=dV4p7E8Z6vK39ZsVZ48bWqBE10dN80qeyNGD2sPag0n9ZMuvg/0EMG5OyMN8vLvmRb 2JISxLUjCkfyJhDol556M1+R3KKNMh7JBjcjQHIefAE9y+raFkVfuYiET5R6tjU+7W7i jQk6T8YSadYhuM9WL+qEWmBC8a/D3kWbNnwNmXEvQybiWdIumppeE4wAXfjiovPd0TzP aqyupRbqVUNdbFqI75+XW50sM3ygP8ahyTBEqMng+W/XOQW6Mitz4aPKJHIqnBJkY0I5 e+GTmuAzPMcP2ousjA9kGA+niVOQAcVkDYI2Krn7guk6Sr1b1BnFYyy/lk+WtgZJ6uwd ST4g== Received: by 10.68.223.129 with SMTP id qu1mr60951658pbc.165.1341855113275; Mon, 09 Jul 2012 10:31:53 -0700 (PDT) Received: from [10.0.0.4] (c-24-5-69-173.hsd1.ca.comcast.net. [24.5.69.173]) by mx.google.com with ESMTPS id to1sm28106102pbc.27.2012.07.09.10.31.51 (version=TLSv1/SSLv3 cipher=OTHER); Mon, 09 Jul 2012 10:31:52 -0700 (PDT) Mime-Version: 1.0 (Apple Message framework v1278) Content-Type: multipart/alternative; boundary="Apple-Mail=_B54EE103-AFEB-4627-9F46-4059B4FDAE56" From: Dick Hardt In-Reply-To: <4E1F6AAD24975D4BA5B16804296739436657C93A@TK5EX14MBXC283.redmond.corp.microsoft.com> Date: Mon, 9 Jul 2012 10:31:49 -0700 Message-Id: <6AD425FB-9453-489D-9282-6EC125D535D5@gmail.com> References: <4E1F6AAD24975D4BA5B16804296739436657C93A@TK5EX14MBXC283.redmond.corp.microsoft.com> To: Mike Jones X-Mailer: Apple Mail (2.1278) Cc: "oauth@ietf.org" Subject: Re: [OAUTH-WG] Preliminary OAuth Core draft -29 X-BeenThere: oauth@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: OAUTH WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 09 Jul 2012 17:31:28 -0000 --Apple-Mail=_B54EE103-AFEB-4627-9F46-4059B4FDAE56 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=windows-1252 Hi Mike Reading over the spec, I think some more color in 4.2 on the risks of = the Implicit Grant and where it makes sense and where it does not is in = order.=20 Also, this should be in Section 9. Thoughts? -- Dick On Jul 9, 2012, at 12:08 AM, Mike Jones wrote: > A preliminary version of OAuth core draft -29 is attached for the = working group=92s consideration and discussion on today=92s call. I = believe that this addresses all issues that have been raised, including = Julian=92s issues about the ABNF, character sets, and form encoding. = Changes are: > =20 > Added "MUST" to "A public client that was not issued a client password = MUST use the client_id request parameter to identify itself when sending = requests to the token endpoint" and added text explaining why this must = be so. > Added that the authorization server MUST "ensure the authorization = code was issued to the authenticated confidential client or to the = public client identified by the client_id in the request". > Added Security Considerations section "Misuse of Access Token to = Impersonate Resource Owner at Public Client". > Deleted ";charset=3DUTF-8" from examples formerly using "Content-Type: = application/x-www-form-urlencoded;charset=3DUTF-8". > Added the phrase "and a character encoding of UTF-8" when describing = how to send requests using the HTTP request entity-body, per Julian = Reschke's suggestion. > Added "The ABNF below is defined in terms of Unicode code points = [UNICODE5]; these characters are typically encoded in UTF-8". > For symmetry when using HTTP Basic authentication, also apply the = application/x-www-form-urlencoded encoding to the client password, just = as was already done for the client identifier. > Reduced multiple blank lines around artwork elements to single blank = lines. > Removed Eran Hammer's name from the author list, at his request. Dick = Hardt is now listed as the editor. > =20 > Best = wishes, > -- Mike > =20 > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth --Apple-Mail=_B54EE103-AFEB-4627-9F46-4059B4FDAE56 Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=windows-1252
Hi Mike

Reading over = the spec, I think some more color in 4.2 on the risks of the Implicit = Grant and where it makes sense and where it does not is in = order. 
Also, this should be in = Section 9.

Thoughts?

-- Dick

On Jul 9, 2012, at 12:08 AM, Mike = Jones wrote:

A preliminary version of OAuth = core draft -29 is attached for the working group=92s consideration and = discussion on today=92s call.  I believe that this addresses all = issues that have been raised, including Julian=92s issues about the = ABNF, character sets, and form encoding.  Changes = are:
 
  • Added "MUST" to "A public client that was not = issued a client password MUST use the  request = parameter to identify itself when sending requests to the token = endpoint" and added text explaining why this must be = so.
  • Added that the = authorization server MUST "ensure the authorization code was issued to = the authenticated confidential client or to the public client identified = by the  in the = request".
  • Added Security Considerations section "Misuse of = Access Token to Impersonate Resource Owner at Public = Client".
  • Deleted ";charset=3DUTF-8" from examples formerly = using "Content-Type: = application/x-www-form-urlencoded;charset=3DUTF-8".
    • =
  • Added the phrase "and a = character encoding of UTF-8" when describing how to send requests using = the HTTP request entity-body, per Julian Reschke's = suggestion.
  • Added "The ABNF below is defined in terms of = Unicode code points [UNICODE5]; these characters are typically encoded = in UTF-8".
  • For symmetry when using HTTP Basic = authentication, also apply the  encoding to the client = password, just as was already done for the client = identifier.
  • Reduced multiple blank lines around artwork = elements to single blank lines.
  • Removed Eran Hammer's name = from the author list, at his request. Dick Hardt is now listed as the = editor.
 
            =             &n= bsp;           &nbs= p;            =            Best = wishes,
OAuth@ietf.org
List-Id: OAUTH WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 09 Jul 2012 18:20:27 -0000 ---551393103-1747083013-1341858018=:75878 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: quoted-printable Is this on? =A0Is there a dial-in or hangout link?=0A=0A=0A________________= ________________=0A From: Hannes Tschofenig =0AT= o: OAuth WG =0ASent: Sunday, July 8, 2012 11:03 AM=0ASubje= ct: [OAUTH-WG] 'Finishing up design team' Conference Call=0A =0AI don't kn= ow why Google Hangout does not forward my invitation to the oauth@ietf.org = mailing list. =0A=0ASo, send me private mail if you plan to participate. = =0A=0A-------- Original Message --------=0ASubject: Hannes Tschofenig invit= ed you to "'Finishing up design team'=0AConference=A0 Call"=0ADate: Sun, 08= Jul 2012 08:43:39 -0700 (PDT)=0AFrom: Hannes Tschofenig (Google+) =0AReply-To: Hannes Tschofenig (Google+) =0A=0AHannes Tschofenig invited you to "'Finishin= g up design team' Conference=0ACall"=0ATomorrow, July 9, 8:00 PM GMT+03:00= =0A12 people invited=0AAs discussed at the last conference call we will try= it with Google=0Ahangout=0Athis time instead of the conventional conferenc= e bridge.=0A=0ADate: 9th July 2012 (Monday)=0ATime: 1pm EDT=0A=0AAgenda: We= will do a status check on these documents:=0A*=A0 =A0 draft-ietf-oauth-v2= =0A*=A0 =A0 draft-ietf-oauth-v2-bearer=0A*=A0 =A0 draft-ietf-oauth-v2-threa= tmodel=0A*=A0 =A0 draft-ietf-oauth-urn-sub-ns=0A*=A0 =A0 draft-ietf-oauth-a= ssertions=0A=0A=0A_______________________________________________=0AOAuth m= ailing list=0AOAuth@ietf.org=0Ahttps://www.ietf.org/mailman/listinfo/oauth ---551393103-1747083013-1341858018=:75878 Content-Type: text/html; charset=iso-8859-1 Content-Transfer-Encoding: quoted-printable
Is this on= ?  Is there a dial-in or hangout link?

From:<= /b> Hannes Tschofenig <Hannes.Tschofenig@gmx.net>
To: OAuth WG <oauth@ietf.org>
= Sent: Sunday, July 8, 201= 2 11:03 AM
Subject: [O= AUTH-WG] 'Finishing up design team' Conference Call
=0AI don't know why Google Hangout does not forward my invitation to the <= a ymailto=3D"mailto:oauth@ietf.org" href=3D"mailto:oauth@ietf.org">oauth@ie= tf.org mailing list.

So, send me private mail if you plan to pa= rticipate.

-------- Original Message --------
Subject: Hannes Ts= chofenig invited you to "'Finishing up design team'
Conference  Cal= l"
Date: Sun, 08 Jul 2012 08:43:39 -0700 (PDT)
From: Hannes Tschofeni= g (Google+) <noreply-d883e609@plus.google.c= om>
Reply-To: Hannes Tschofenig (Google+) <noreply-d883e609@plus.google.com>

Hannes Tschofenig= invited you to "'Finishing up design team' Conference
Call"
Tomorrow= , July 9, 8:00 PM GMT+03:00
12 people invited
As discussed at the las= t conference call we will try it with Google
hangout
this time instead= of the conventional conference bridge.

Date: 9th July 2012 (Monday)=
Time: 1pm EDT

Agenda: We will do a status check on these documen= ts:
*    draft-ietf-oauth-v2
*    draft-ietf-oaut= h-v2-bearer
*    draft-ietf-oauth-v2-threatmodel
*  &n= bsp; draft-ietf-oauth-urn-sub-ns
*    draft-ietf-oauth-asserti= ons


_______________________________________________
OAuth mai= ling list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth<= br>

---551393103-1747083013-1341858018=:75878-- From hannes.tschofenig@nsn.com Mon Jul 9 11:49:55 2012 Return-Path: X-Original-To: oauth@ietfa.amsl.com Delivered-To: oauth@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2AA2511E80E1 for ; Mon, 9 Jul 2012 11:49:55 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -107.482 X-Spam-Level: X-Spam-Status: No, score=-107.482 tagged_above=-999 required=5 tests=[AWL=1.116, BAYES_00=-2.599, GB_I_INVITATION=-2, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5XCaVq0S+50r for ; Mon, 9 Jul 2012 11:49:54 -0700 (PDT) Received: from demumfd001.nsn-inter.net (demumfd001.nsn-inter.net [93.183.12.32]) by ietfa.amsl.com (Postfix) with ESMTP id 8464011E80E9 for ; Mon, 9 Jul 2012 11:49:53 -0700 (PDT) Received: from demuprx017.emea.nsn-intra.net ([10.150.129.56]) by demumfd001.nsn-inter.net (8.12.11.20060308/8.12.11) with ESMTP id q69IoHpe030436 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Mon, 9 Jul 2012 20:50:17 +0200 Received: from DEMUEXC048.nsn-intra.net ([10.159.32.94]) by demuprx017.emea.nsn-intra.net (8.12.11.20060308/8.12.11) with ESMTP id q69IoH39005172; Mon, 9 Jul 2012 20:50:17 +0200 Received: from FIESEXC035.nsn-intra.net ([10.159.0.25]) by DEMUEXC048.nsn-intra.net with Microsoft SMTPSVC(6.0.3790.4675); Mon, 9 Jul 2012 20:50:17 +0200 Received: from 10.159.32.93 ([10.159.32.93]) by FIESEXC035.nsn-intra.net ([10.159.0.182]) with Microsoft Exchange Server HTTP-DAV ; Mon, 9 Jul 2012 18:50:14 +0000 MIME-Version: 1.0 Message-ID: <4d9f01cd5e03$acf26cd7$5d209f0a@nsnintra.net> From: "Tschofenig, Hannes (NSN - FI/Espoo)" thread-index: Ac1eA6zyZiofX39oTJWWCVKOUS2DWw== Thread-Topic: [OAUTH-WG] 'Finishing up design team' Conference Call Date: Mon, 9 Jul 2012 21:50:14 +0300 To: "William Mills" , "Hannes Tschofenig" , "OAuth WG" Content-Type: multipart/alternative; boundary="_34F723D5-2F32-DA2B-7853-DFEE851C3F24_"; charset="iso-8859-1" X-OriginalArrivalTime: 09 Jul 2012 18:50:17.0058 (UTC) FILETIME=[AE95D420:01CD5E03] X-purgate-type: clean X-purgate-Ad: Categorized by eleven eXpurgate (R) http://www.eleven.de X-purgate: clean X-purgate: This mail is considered clean (visit http://www.eleven.de for further information) X-purgate-size: 6044 X-purgate-ID: 151667::1341859817-00003CDD-7132B3A4/0-0/0-0 Subject: Re: [OAUTH-WG] 'Finishing up design team' Conference Call X-BeenThere: oauth@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: OAUTH WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 09 Jul 2012 18:49:55 -0000 --_34F723D5-2F32-DA2B-7853-DFEE851C3F24_ Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="iso-8859-1" Hi Bill, the call started at 8pm Helsinki time. You were an hour too late. Ciao Hannes Sent from my Windows Phone -----Original Message----- From: ext William Mills Sent: 7/9/2012 9:20 PM To: Hannes Tschofenig; OAuth WG Subject: Re: [OAUTH-WG] 'Finishing up design team' Conference Call Is this on? Is there a dial-in or hangout link? =20 From: Hannes Tschofenig To: OAuth WG =20 Sent: Sunday, July 8, 2012 11:03 AM Subject: [OAUTH-WG] 'Finishing up design team' Conference Call =20 I don't know why Google Hangout does not forward my invitation to the oauth= @ietf.org mailing list.=20 So, send me private mail if you plan to participate.=20 -------- Original Message -------- Subject: Hannes Tschofenig invited you to "'Finishing up design team' Conference Call" Date: Sun, 08 Jul 2012 08:43:39 -0700 (PDT) From: Hannes Tschofenig (Google+) Reply-To: Hannes Tschofenig (Google+) Hannes Tschofenig invited you to "'Finishing up design team' Conference Call" Tomorrow, July 9, 8:00 PM GMT+03:00 12 people invited As discussed at the last conference call we will try it with Google hangout this time instead of the conventional conference bridge. Date: 9th July 2012 (Monday) Time: 1pm EDT Agenda: We will do a status check on these documents: * draft-ietf-oauth-v2 * draft-ietf-oauth-v2-bearer * draft-ietf-oauth-v2-threatmodel * draft-ietf-oauth-urn-sub-ns * draft-ietf-oauth-assertions _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth = --_34F723D5-2F32-DA2B-7853-DFEE851C3F24_ Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset="iso-8859-1"
Hi Bill, the call started at 8pm Helsinki time. You = were an hour too late.
Ciao
Hannes

Sent from my Windows Phone<= br>
From: ext William Mills
Sent: <= /span>7/9/= 2012 9:20 PM
To: Hannes Tschofenig; OAuth WG
Subject: Re: [OAUTH-WG] 'Finishing up design team' Conference  Call<= /span>

Is this on?  Is there a dial-in or hangout link?

From: Hannes Tschofenig <Hannes.Tschofenig@gm= x.net>
To: OAuth WG= <oauth@ietf.org>
Sent: Sunday, July 8, 2012 11:03 AM
Subject: [OAUTH-WG] 'Finishing up design team' Conference = Call

=0A= I don't know why Google Hangout does not forward my invitation to the oauth@ietf.o= rg mailing list.

So, send me private mail if you plan to partic= ipate.

-------- Original Message --------
Subject: Hannes Tschof= enig invited you to "'Finishing up design team'
Conference  Call"Date: Sun, 08 Jul 2012 08:43:39 -0700 (PDT)
From: Hannes Tschofenig (G= oogle+) <noreply-d883e609@plus.google.com>
Reply-To: Hannes Tschofenig (Google+) <noreply-d883e609@plus.google.com>

Hannes Tschofenig inv= ited you to "'Finishing up design team' Conference
Call"
Tomorrow, Ju= ly 9, 8:00 PM GMT+03:00
12 people invited
As discussed at the last=0A= conference call we will try it with Google
hangout
this time instead= of the conventional conference bridge.

Date: 9th July 2012 (Monday)=
Time: 1pm EDT

Agenda: We will do a status check on these documen= ts:
*    draft-ietf-oauth-v2
*    draft-ietf-oaut= h-v2-bearer
*    draft-ietf-oauth-v2-threatmodel
*  &n= bsp; draft-ietf-oauth-urn-sub-ns
*    draft-ietf-oauth-asserti= ons


_______________________________________________
OAuth mai= ling list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth<= br>

= --_34F723D5-2F32-DA2B-7853-DFEE851C3F24_-- From wmills_92105@yahoo.com Mon Jul 9 11:51:16 2012 Return-Path: X-Original-To: oauth@ietfa.amsl.com Delivered-To: oauth@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E8FA111E80E2 for ; Mon, 9 Jul 2012 11:51:16 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.598 X-Spam-Level: X-Spam-Status: No, score=-4.598 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, GB_I_INVITATION=-2, HTML_MESSAGE=0.001] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id R2UGSoX29V5U for ; Mon, 9 Jul 2012 11:51:15 -0700 (PDT) Received: from nm5-vm0.bullet.mail.ne1.yahoo.com (nm5-vm0.bullet.mail.ne1.yahoo.com [98.138.90.251]) by ietfa.amsl.com (Postfix) with SMTP id 212FC11E80E1 for ; Mon, 9 Jul 2012 11:51:13 -0700 (PDT) Received: from [98.138.90.53] by nm5.bullet.mail.ne1.yahoo.com with NNFMP; 09 Jul 2012 18:51:38 -0000 Received: from [98.138.88.238] by tm6.bullet.mail.ne1.yahoo.com with NNFMP; 09 Jul 2012 18:51:38 -0000 Received: from [127.0.0.1] by omp1038.mail.ne1.yahoo.com with NNFMP; 09 Jul 2012 18:51:36 -0000 X-Yahoo-Newman-Property: ymail-3 X-Yahoo-Newman-Id: 629774.78291.bm@omp1038.mail.ne1.yahoo.com Received: (qmail 85680 invoked by uid 60001); 9 Jul 2012 18:51:36 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024; t=1341859896; bh=haSNobbZ33C4WD5wVr1smQr/L/GHsYkTDWBMS8+iWhU=; h=X-YMail-OSG:Received:X-Mailer:References:Message-ID:Date:From:Reply-To:Subject:To:In-Reply-To:MIME-Version:Content-Type; b=IXSGrUng2uXHspc5PzkhQnB0jK+E6xqU3FxhghvIKon+niD334IwQ1wjuYnsm7xBcfcfAAlupuMTbeWOeGxC2ouubjuTr2x6lD8rCtf6TyMHZ6JvlPjEmCce+pHZIdU7m3PmBmQzd+7nw+fY/mMRR8D4bzeOABeD5A/BzgoFQsU= DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=X-YMail-OSG:Received:X-Mailer:References:Message-ID:Date:From:Reply-To:Subject:To:In-Reply-To:MIME-Version:Content-Type; b=CD9aRnmcLD0Hqbi/wm9uuvk8w6zyOEqOltiuuat7/YEod4TVtKISyFjstW5r1+9FZoZeU6abiLNhxyeK1S2xjee0Y0NGd3SD4F6/8PqZYNZvnxWTSnhCL+Xa10LtexTmNLPbdfG8x3ULObxNqWzPXvJarhZhZ2dNs5nKDXUeVj4=; X-YMail-OSG: N6JW9a0VM1nMxDeYp0CUID7PSkSc_O4QOzX2fl9Go8.aBb7 w4B248BdUtzCCyqxJZ_mD5vzLD_._NkjB_6WAoO1dTow23P_B1vGuFfvjTwt RYKi5Z.aGWPx5moCd03R6T9i8sg01o0cZlPuXhFdCuIETQ83BXlAQIRMjIWC 3ukV2r1uStS0k_U9WaQh.iNkqlkqr9sAkdO0fyZn9_VgPMEDLr_gd.JXfRXN TGk2Rgb2WKoDbiewL81SEr9Y.CF4sKM9cMX3nRJzh63BORRmOSPaKmBfC6Da tdAFolyCyNzCefiF8xFOywdM0tGZEFdsqYJNaG9JN114WekYgNB._W1ywFbF aGgOK34_E4ZCF6PEJQNvOxIO8MeXkKFPY5Aci8.jYVr4i6nBr0BkW7qlaB6E HCz1y9BgPOB_Kdx9V_BBvsOr6ODKo30kCPdd8aEHeUIZcTuNCmdx9MPzMKHe argKC00TWbJdJejEa4Ps8khCZjV920gN11Zvs9dz3OZKaIJBG0ZuDtI.N6sL gEQ-- Received: from [209.131.62.115] by web31810.mail.mud.yahoo.com via HTTP; Mon, 09 Jul 2012 11:51:36 PDT X-Mailer: YahooMailWebService/0.8.120.356233 References: <4d9f01cd5e03$acf26cd7$5d209f0a@nsnintra.net> Message-ID: <1341859896.49921.YahooMailNeo@web31810.mail.mud.yahoo.com> Date: Mon, 9 Jul 2012 11:51:36 -0700 (PDT) From: William Mills To: "Tschofenig, Hannes \(NSN - FI/Espoo\)" , Hannes Tschofenig , OAuth WG In-Reply-To: <4d9f01cd5e03$acf26cd7$5d209f0a@nsnintra.net> MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="1935884094-1991525948-1341859896=:49921" Subject: Re: [OAUTH-WG] 'Finishing up design team' Conference Call X-BeenThere: oauth@ietf.org X-Mailman-Version: 2.1.12 Precedence: list Reply-To: William Mills List-Id: OAUTH WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 09 Jul 2012 18:51:17 -0000 --1935884094-1991525948-1341859896=:49921 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: quoted-printable Ah... sigh. =A0I did reply yesterday, but never got connection information.= =0A=0A=0A________________________________=0A From: "Tschofenig, Hannes (NSN= - FI/Espoo)" =0ATo: William Mills ; Hannes Tschofenig ; OAuth WG =0ASent: Monday, July 9, 2012 11:50 AM=0ASubject: RE: [OAUTH-WG]= 'Finishing up design team' Conference Call=0A =0A=0AHi Bill, the call sta= rted at 8pm Helsinki time. You were an hour too late.=0ACiao=0AHannes=0A=0A= Sent from my Windows Phone=0A=0A________________________________=0AFrom: ex= t William Mills=0ASent: 7/9/2012 9:20 PM=0ATo: Hannes Tschofenig; OAuth WG= =0ASubject: Re: [OAUTH-WG] 'Finishing up design team' Conference=A0 Call=0A= =0A=0AIs this on? =A0Is there a dial-in or hangout link?=0A=0A=0A__________= ______________________=0A From: Hannes Tschofenig =0ATo: OAuth WG =0ASent: Sunday, July 8, 2012 11:03 AM= =0ASubject: [OAUTH-WG] 'Finishing up design team' Conference Call=0A =0AI = don't know why Google Hangout does not forward my invitation to the oauth@i= etf.org mailing list. =0A=0ASo, send me private mail if you plan to partici= pate. =0A=0A-------- Original Message --------=0ASubject: Hannes Tschofenig= invited you to "'Finishing up design team'=0AConference=A0 Call"=0ADate: S= un, 08 Jul 2012 08:43:39 -0700 (PDT)=0AFrom: Hannes Tschofenig (Google+) =0AReply-To: Hannes Tschofenig (Google+) =0A=0AHannes Tschofenig invited you to "'Fi= nishing up design team' Conference=0ACall"=0ATomorrow, July 9, 8:00 PM GMT+= 03:00=0A12 people invited=0AAs discussed at the last=0A conference call we = will try it with Google=0Ahangout=0Athis time instead of the conventional c= onference bridge.=0A=0ADate: 9th July 2012 (Monday)=0ATime: 1pm EDT=0A=0AAg= enda: We will do a status check on these documents:=0A*=A0 =A0 draft-ietf-o= auth-v2=0A*=A0 =A0 draft-ietf-oauth-v2-bearer=0A*=A0 =A0 draft-ietf-oauth-v= 2-threatmodel=0A*=A0 =A0 draft-ietf-oauth-urn-sub-ns=0A*=A0 =A0 draft-ietf-= oauth-assertions=0A=0A=0A_______________________________________________=0A= OAuth mailing list=0AOAuth@ietf.org=0Ahttps://www.ietf.org/mailman/listinfo= /oauth --1935884094-1991525948-1341859896=:49921 Content-Type: text/html; charset=iso-8859-1 Content-Transfer-Encoding: quoted-printable
Ah... sigh= .  I did reply yesterday, but never got connection information.=

=
From: "Tschofenig, Hannes (NSN - FI/Espoo)" <hann= es.tschofenig@nsn.com>
To: William Mills <wmills_92105@yahoo.com>; Hannes Tschofenig <= ;Hannes.Tschofenig@gmx.net>; OAuth WG <oauth@ietf.org>
Sent: Monday, July 9, 2012 11:50= AM
Subject: RE: [OAUT= H-WG] 'Finishing up design team' Conference Call

=0A
Hi Bill, the call started at 8pm Helsinki time. You = were an hour too late.
Ciao
Hannes

Sent from my Windows Phone<= br>
From: ext William Mills
= Sent: 7/9/2012 9:20 PM
To: Hannes Tschofenig; OAuth WG
Subject: Re: [OAUTH-WG] 'Finishing up design team' Conference=   Call

Is this on?  Is there a dial-in o= r hangout link?

From: Hannes Tsch= ofenig <Hannes.Tschofenig@gmx.net>
To: OAuth WG <oauth@ietf.org>
Sent: Sunday, July 8, 2012 11:03 AM
<= b>Subject: [OAUTH-WG] 'Finishi= ng up design team' Conference Call

=0AI don't know = why Google Hangout does not forward my invitation to the oauth@ietf.org mailing list.

So, send me private mail= if you plan to participate.

-------- Original Message --------
= Subject: Hannes Tschofenig invited you to "'Finishing up design team'
Co= nference  Call"
Date: Sun, 08 Jul 2012 08:43:39 -0700 (PDT)
From= : Hannes Tschofenig (Google+) <noreply-d883e609@plus.google.com>
Reply-To= : Hannes Tschofenig (Google+) <noreply-d883e609@plus.google.com>

Hann= es Tschofenig invited you to "'Finishing up design team' Conference
Call"
Tomorrow, July 9, 8:00 PM GMT+03:00
12 people in= vited
As discussed at the last=0A conference call we will try it with Go= ogle
hangout
this time instead of the conventional conference bridge.=

Date: 9th July 2012 (Monday)
Time: 1pm EDT

Agenda: We wil= l do a status check on these documents:
*    draft-ietf-oauth-= v2
*    draft-ietf-oauth-v2-bearer
*    draft-iet= f-oauth-v2-threatmodel
*    draft-ietf-oauth-urn-sub-ns
*&n= bsp;   draft-ietf-oauth-assertions


________________________= _______________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listin= fo/oauth




<= /div>
--1935884094-1991525948-1341859896=:49921-- From tonynad@microsoft.com Mon Jul 9 11:57:12 2012 Return-Path: X-Original-To: oauth@ietfa.amsl.com Delivered-To: oauth@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 56A0421F8848 for ; Mon, 9 Jul 2012 11:57:12 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -0.681 X-Spam-Level: X-Spam-Status: No, score=-0.681 tagged_above=-999 required=5 tests=[AWL=-0.214, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1, UNRESOLVED_TEMPLATE=3.132] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EtUxJPwbwYO9 for ; Mon, 9 Jul 2012 11:57:11 -0700 (PDT) Received: from co1outboundpool.messaging.microsoft.com (co1ehsobe003.messaging.microsoft.com [216.32.180.186]) by ietfa.amsl.com (Postfix) with ESMTP id DA5D821F8842 for ; Mon, 9 Jul 2012 11:57:11 -0700 (PDT) Received: from mail177-co1-R.bigfish.com (10.243.78.229) by CO1EHSOBE013.bigfish.com (10.243.66.76) with Microsoft SMTP Server id 14.1.225.23; Mon, 9 Jul 2012 18:55:20 +0000 Received: from mail177-co1 (localhost [127.0.0.1]) by mail177-co1-R.bigfish.com (Postfix) with ESMTP id 0ADD8CC0108 for ; Mon, 9 Jul 2012 18:55:20 +0000 (UTC) X-Forefront-Antispam-Report: CIP:131.107.125.8; KIP:(null); UIP:(null); IPV:NLI; H:TK5EX14MLTC101.redmond.corp.microsoft.com; RD:none; EFVD:NLI X-SpamScore: -18 X-BigFish: VS-18(z1725nz9371I148cI542Mzz1202h1082kzz1033IL8275dhz2fh2a8h683h839h944hd25hf0ah107ah) Received-SPF: pass (mail177-co1: domain of microsoft.com designates 131.107.125.8 as permitted sender) client-ip=131.107.125.8; envelope-from=tonynad@microsoft.com; helo=TK5EX14MLTC101.redmond.corp.microsoft.com ; icrosoft.com ; X-Forefront-Antispam-Report-Untrusted: CIP:157.56.240.21; KIP:(null); UIP:(null); (null); H:BL2PRD0310HT001.namprd03.prod.outlook.com; R:internal; EFV:INT Received: from mail177-co1 (localhost.localdomain [127.0.0.1]) by mail177-co1 (MessageSwitch) id 1341860117717249_14890; Mon, 9 Jul 2012 18:55:17 +0000 (UTC) Received: from CO1EHSMHS002.bigfish.com (unknown [10.243.78.243]) by mail177-co1.bigfish.com (Postfix) with ESMTP id A3460480067 for ; Mon, 9 Jul 2012 18:55:17 +0000 (UTC) Received: from TK5EX14MLTC101.redmond.corp.microsoft.com (131.107.125.8) by CO1EHSMHS002.bigfish.com (10.243.66.12) with Microsoft SMTP Server (TLS) id 14.1.225.23; Mon, 9 Jul 2012 18:55:16 +0000 Received: from va3outboundpool.messaging.microsoft.com (157.54.51.81) by mail.microsoft.com (157.54.79.178) with Microsoft SMTP Server (TLS) id 14.2.298.5; Mon, 9 Jul 2012 18:57:32 +0000 Received: from mail270-va3-R.bigfish.com (10.7.14.243) by VA3EHSOBE009.bigfish.com (10.7.40.29) with Microsoft SMTP Server id 14.1.225.23; Mon, 9 Jul 2012 18:55:14 +0000 Received: from mail270-va3 (localhost [127.0.0.1]) by mail270-va3-R.bigfish.com (Postfix) with ESMTP id 570782400B5 for ; Mon, 9 Jul 2012 18:55:14 +0000 (UTC) Received: from mail270-va3 (localhost.localdomain [127.0.0.1]) by mail270-va3 (MessageSwitch) id 1341860112697964_9653; Mon, 9 Jul 2012 18:55:12 +0000 (UTC) Received: from VA3EHSMHS042.bigfish.com (unknown [10.7.14.236]) by mail270-va3.bigfish.com (Postfix) with ESMTP id A8D14380047; Mon, 9 Jul 2012 18:55:12 +0000 (UTC) Received: from BL2PRD0310HT001.namprd03.prod.outlook.com (157.56.240.21) by VA3EHSMHS042.bigfish.com (10.7.99.52) with Microsoft SMTP Server (TLS) id 14.1.225.23; Mon, 9 Jul 2012 18:55:12 +0000 Received: from BL2PRD0310MB362.namprd03.prod.outlook.com ([169.254.12.220]) by BL2PRD0310HT001.namprd03.prod.outlook.com ([10.255.97.36]) with mapi id 14.16.0164.004; Mon, 9 Jul 2012 18:57:28 +0000 From: Anthony Nadalin To: Hannes Tschofenig , OAuth WG Thread-Topic: [OAUTH-WG] Holder-of-the-Key for OAuth Thread-Index: AQHNXf7R8o8oKGDddUekOoP+IJtc+pchTCgQ Date: Mon, 9 Jul 2012 18:57:28 +0000 Message-ID: References: <8FB1BC31-D183-47A0-9792-4FDF460AFAA1@gmx.net> In-Reply-To: <8FB1BC31-D183-47A0-9792-4FDF460AFAA1@gmx.net> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [131.107.174.57] Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OrganizationHeadersPreserved: BL2PRD0310HT001.namprd03.prod.outlook.com X-FOPE-CONNECTOR: Id%0$Dn%*$RO%0$TLS%0$FQDN%$TlsDn% X-FOPE-CONNECTOR: Id%59$Dn%GMX.NET$RO%2$TLS%6$FQDN%131.107.125.5$TlsDn% X-FOPE-CONNECTOR: Id%59$Dn%IETF.ORG$RO%2$TLS%6$FQDN%131.107.125.5$TlsDn% X-CrossPremisesHeadersPromoted: TK5EX14MLTC101.redmond.corp.microsoft.com X-CrossPremisesHeadersFiltered: TK5EX14MLTC101.redmond.corp.microsoft.com X-OriginatorOrg: microsoft.com Subject: Re: [OAUTH-WG] Holder-of-the-Key for OAuth X-BeenThere: oauth@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: OAUTH WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 09 Jul 2012 18:57:12 -0000 Hannes, thanks for drafting this, couple of comments: 1. HOK is one of Proof of Possession methods, should we consider others? 2. This seems just to handle asymmetric keys, need to also handle symmetric= keys -----Original Message----- From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On Behalf Of H= annes Tschofenig Sent: Monday, July 09, 2012 11:15 AM To: OAuth WG Subject: [OAUTH-WG] Holder-of-the-Key for OAuth Hi guys,=20 today I submitted a short document that illustrates the concept of holder-o= f-the-key for OAuth.=20 Here is the document:=20 https://datatracker.ietf.org/doc/draft-tschofenig-oauth-hotk Your feedback is welcome=20 Ciao Hannes _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth From Hannes.Tschofenig@gmx.net Mon Jul 9 11:57:44 2012 Return-Path: X-Original-To: oauth@ietfa.amsl.com Delivered-To: oauth@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F3E0611E812C for ; Mon, 9 Jul 2012 11:57:43 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -102.601 X-Spam-Level: X-Spam-Status: No, score=-102.601 tagged_above=-999 required=5 tests=[AWL=-0.002, BAYES_00=-2.599, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EcpQPaO7PqXX for ; Mon, 9 Jul 2012 11:57:43 -0700 (PDT) Received: from mailout-de.gmx.net (mailout-de.gmx.net [213.165.64.22]) by ietfa.amsl.com (Postfix) with SMTP id 0ED9F11E8118 for ; Mon, 9 Jul 2012 11:57:42 -0700 (PDT) Received: (qmail invoked by alias); 09 Jul 2012 18:58:07 -0000 Received: from a88-115-216-191.elisa-laajakaista.fi (EHLO [192.168.100.110]) [88.115.216.191] by mail.gmx.net (mp072) with SMTP; 09 Jul 2012 20:58:07 +0200 X-Authenticated: #29516787 X-Provags-ID: V01U2FsdGVkX1+DbDdW6u+DiP1AImW/Ne6YuaSyM5IaaaK13Ghubv DzUPUDjRsHmeUg Mime-Version: 1.0 (Apple Message framework v1084) Content-Type: text/plain; charset=us-ascii From: Hannes Tschofenig In-Reply-To: <1341859896.49921.YahooMailNeo@web31810.mail.mud.yahoo.com> Date: Mon, 9 Jul 2012 21:58:07 +0300 Content-Transfer-Encoding: quoted-printable Message-Id: References: <4d9f01cd5e03$acf26cd7$5d209f0a@nsnintra.net> <1341859896.49921.YahooMailNeo@web31810.mail.mud.yahoo.com> To: William Mills X-Mailer: Apple Mail (2.1084) X-Y-GMX-Trusted: 0 Cc: OAuth WG Subject: Re: [OAUTH-WG] 'Finishing up design team' Conference Call X-BeenThere: oauth@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: OAUTH WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 09 Jul 2012 18:57:44 -0000 Hi Bill,=20 it seems that Google Hangout isn't quite what some folks want.=20 So, I guess we will not be using it in future calls anymore.=20 For the call next Monday we thought about switching to something else. = Have to figure out what. On Jul 9, 2012, at 9:51 PM, William Mills wrote: > Ah... sigh. I did reply yesterday, but never got connection = information. >=20 Ciao Hannes From hannes.tschofenig@gmx.net Mon Jul 9 12:04:53 2012 Return-Path: X-Original-To: oauth@ietfa.amsl.com Delivered-To: oauth@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 27C9411E8165 for ; Mon, 9 Jul 2012 12:04:53 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -102.601 X-Spam-Level: X-Spam-Status: No, score=-102.601 tagged_above=-999 required=5 tests=[AWL=-0.002, BAYES_00=-2.599, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oGr1LFWgIMT2 for ; Mon, 9 Jul 2012 12:04:52 -0700 (PDT) Received: from mailout-de.gmx.net (mailout-de.gmx.net [213.165.64.22]) by ietfa.amsl.com (Postfix) with SMTP id 1FF8B11E814F for ; Mon, 9 Jul 2012 12:04:51 -0700 (PDT) Received: (qmail invoked by alias); 09 Jul 2012 19:05:16 -0000 Received: from a88-115-216-191.elisa-laajakaista.fi (EHLO [192.168.100.110]) [88.115.216.191] by mail.gmx.net (mp038) with SMTP; 09 Jul 2012 21:05:16 +0200 X-Authenticated: #29516787 X-Provags-ID: V01U2FsdGVkX185X0FrOys523nJyaoTFl9RsGgB3QRozwA4H2xO6D VVwWAvk7jKge1b Mime-Version: 1.0 (Apple Message framework v1084) Content-Type: text/plain; charset=us-ascii From: Hannes Tschofenig In-Reply-To: Date: Mon, 9 Jul 2012 22:05:15 +0300 Content-Transfer-Encoding: quoted-printable Message-Id: <22194120-0613-48A7-9825-FD3BAD76062A@gmx.net> References: <8FB1BC31-D183-47A0-9792-4FDF460AFAA1@gmx.net> To: Anthony Nadalin X-Mailer: Apple Mail (2.1084) X-Y-GMX-Trusted: 0 Cc: OAuth WG Subject: Re: [OAUTH-WG] Holder-of-the-Key for OAuth X-BeenThere: oauth@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: OAUTH WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 09 Jul 2012 19:04:53 -0000 Hi Tony,=20 I had to start somewhere. I had chosen the asymmetric version since it = provides good security properties and there is already the BrowserID/OBC = work that I had in the back of my mind. I am particularly interested to = illustrate that you can accomplish the same, if not better, = characteristics than BrowserID by using OAuth instead of starting from = scratch.=20 Regarding the symmetric keys: The asymmetric key can be re-used but with = a symmetric key holder-of-the-key you would have to request a fresh one = every time in order to accomplish comparable security benefits.=20 Ciao Hannes On Jul 9, 2012, at 9:57 PM, Anthony Nadalin wrote: > Hannes, thanks for drafting this, couple of comments: >=20 > 1. HOK is one of Proof of Possession methods, should we consider = others? > 2. This seems just to handle asymmetric keys, need to also handle = symmetric keys >=20 >=20 > -----Original Message----- > From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On Behalf = Of Hannes Tschofenig > Sent: Monday, July 09, 2012 11:15 AM > To: OAuth WG > Subject: [OAUTH-WG] Holder-of-the-Key for OAuth >=20 > Hi guys,=20 >=20 > today I submitted a short document that illustrates the concept of = holder-of-the-key for OAuth.=20 > Here is the document:=20 > https://datatracker.ietf.org/doc/draft-tschofenig-oauth-hotk >=20 > Your feedback is welcome=20 >=20 > Ciao > Hannes >=20 > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth >=20 >=20 >=20 >=20 >=20 From jricher@mitre.org Mon Jul 9 13:21:36 2012 Return-Path: X-Original-To: oauth@ietfa.amsl.com Delivered-To: oauth@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id ABB2D11E80FC for ; Mon, 9 Jul 2012 13:21:36 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -6.538 X-Spam-Level: X-Spam-Status: No, score=-6.538 tagged_above=-999 required=5 tests=[AWL=0.060, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-4] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rm4NFTx0qssK for ; Mon, 9 Jul 2012 13:21:34 -0700 (PDT) Received: from smtpksrv1.mitre.org (smtpksrv1.mitre.org [198.49.146.77]) by ietfa.amsl.com (Postfix) with ESMTP id 913EC11E80E4 for ; Mon, 9 Jul 2012 13:21:34 -0700 (PDT) Received: from smtpksrv1.mitre.org (localhost.localdomain [127.0.0.1]) by localhost (Postfix) with SMTP id DAD5421B1410 for ; Mon, 9 Jul 2012 16:21:59 -0400 (EDT) Received: from IMCCAS04.MITRE.ORG (imccas04.mitre.org [129.83.29.81]) by smtpksrv1.mitre.org (Postfix) with ESMTP id C43D121B13FD for ; Mon, 9 Jul 2012 16:21:59 -0400 (EDT) Received: from [129.83.50.26] (129.83.31.51) by IMCCAS04.MITRE.ORG (129.83.29.81) with Microsoft SMTP Server (TLS) id 14.2.283.3; Mon, 9 Jul 2012 16:21:59 -0400 Message-ID: <4FFB3D35.3080306@mitre.org> Date: Mon, 9 Jul 2012 16:21:09 -0400 From: Justin Richer User-Agent: Mozilla/5.0 (X11; Linux i686; rv:13.0) Gecko/20120615 Thunderbird/13.0.1 MIME-Version: 1.0 To: References: <4E1F6AAD24975D4BA5B16804296739436657C93A@TK5EX14MBXC283.redmond.corp.microsoft.com> <6AD425FB-9453-489D-9282-6EC125D535D5@gmail.com> In-Reply-To: <6AD425FB-9453-489D-9282-6EC125D535D5@gmail.com> Content-Type: multipart/alternative; boundary="------------030907010009080005030107" X-Originating-IP: [129.83.31.51] Subject: Re: [OAUTH-WG] Preliminary OAuth Core draft -29 X-BeenThere: oauth@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: OAUTH WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 09 Jul 2012 20:21:36 -0000 --------------030907010009080005030107 Content-Type: text/plain; charset="ISO-8859-1"; format=flowed Content-Transfer-Encoding: 7bit Implicit grant makes perfect sense when the user agent and client are collapsed into a single entity. In other words, if your client is inside the user agent then doing a code flow doesn't actually buy you any extra security. This is the driving design decision behind having it in there, and from my perspective that's clear from the current text. In a similar manner, the client credentials flow came about from collapsing the client with the resource owner, effectively putting the resource owner inside the client. In this case the authorization step doesn't make any sense and doing a code flow doesn't buy you any greater security, either. -- Justin On 07/09/2012 01:31 PM, Dick Hardt wrote: > Hi Mike > > Reading over the spec, I think some more color in 4.2 on the risks of > the Implicit Grant and where it makes sense and where it does not is > in order. > Also, this should be in Section 9. > > Thoughts? > > -- Dick > > On Jul 9, 2012, at 12:08 AM, Mike Jones wrote: > >> A preliminary version of OAuth core draft -29 is attached for the >> working group's consideration and discussion on today's call. I >> believe that this addresses all issues that have been raised, >> including Julian's issues about the ABNF, character sets, and form >> encoding. Changes are: >> >> * Added "MUST" to "A public client that was not issued a client >> password MUST use theclient_idrequest parameter to identify >> itself when sending requests to the token endpoint" and added >> text explaining why this must be so. >> * Added that the authorization server MUST "ensure the >> authorization code was issued to the authenticated confidential >> client or to the public client identified by theclient_idin the >> request". >> * Added Security Considerations section "Misuse of Access Token to >> Impersonate Resource Owner at Public Client". >> * Deleted ";charset=UTF-8" from examples formerly using >> "Content-Type: application/x-www-form-urlencoded;charset=UTF-8". >> * Added the phrase "and a character encoding of UTF-8" when >> describing how to send requests using the HTTP request >> entity-body, per Julian Reschke's suggestion. >> * Added "The ABNF below is defined in terms of Unicode code points >> [UNICODE5]; these characters are typically encoded in UTF-8". >> * For symmetry when using HTTP Basic authentication, also apply >> theapplication/x-www-form-urlencodedencoding to the client >> password, just as was already done for the client identifier. >> * Reduced multiple blank lines around artwork elements to single >> blank lines. >> * Removed Eran Hammer's name from the author list, at his request. >> Dick Hardt is now listed as the editor. >> >> Best wishes, >> -- Mike >> > preliminary.html>> preliminary.pdf>> preliminary.xml>_______________________________________________ >> OAuth mailing list >> OAuth@ietf.org >> https://www.ietf.org/mailman/listinfo/oauth > > > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth --------------030907010009080005030107 Content-Type: text/html; charset="ISO-8859-1" Content-Transfer-Encoding: 7bit
Implicit grant makes perfect sense when the user agent and client are collapsed into a single entity. In other words, if your client is inside the user agent then doing a code flow doesn't actually buy you any extra security. This is the driving design decision behind having it in there, and from my perspective that's clear from the current text.

In a similar manner, the client credentials flow came about from collapsing the client with the resource owner, effectively putting the resource owner inside the client. In this case the authorization step doesn't make any sense and doing a code flow doesn't buy you any greater security, either.

 -- Justin

On 07/09/2012 01:31 PM, Dick Hardt wrote:
Hi Mike

Reading over the spec, I think some more color in 4.2 on the risks of the Implicit Grant and where it makes sense and where it does not is in order. 
Also, this should be in Section 9.

Thoughts?

-- Dick

On Jul 9, 2012, at 12:08 AM, Mike Jones wrote:

A preliminary version of OAuth core draft -29 is attached for the working group’s consideration and discussion on today’s call.  I believe that this addresses all issues that have been raised, including Julian’s issues about the ABNF, character sets, and form encoding.  Changes are:
 
  • Added "MUST" to "A public client that was not issued a client password MUST use the client_id request parameter to identify itself when sending requests to the token endpoint" and added text explaining why this must be so.
  • Added that the authorization server MUST "ensure the authorization code was issued to the authenticated confidential client or to the public client identified by the client_id in the request".
  • Added Security Considerations section "Misuse of Access Token to Impersonate Resource Owner at Public Client".
  • Deleted ";charset=UTF-8" from examples formerly using "Content-Type: application/x-www-form-urlencoded;charset=UTF-8".
  • Added the phrase "and a character encoding of UTF-8" when describing how to send requests using the HTTP request entity-body, per Julian Reschke's suggestion.
  • Added "The ABNF below is defined in terms of Unicode code points [UNICODE5]; these characters are typically encoded in UTF-8".
  • For symmetry when using HTTP Basic authentication, also apply the application/x-www-form-urlencoded encoding to the client password, just as was already done for the client identifier.
  • Reduced multiple blank lines around artwork elements to single blank lines.
  • Removed Eran Hammer's name from the author list, at his request. Dick Hardt is now listed as the editor.
 
                                                            Best wishes,
                                                            -- Mike
 
<draft-ietf-oauth-v2-29 preliminary.txt><draft-ietf-oauth-v2-29 preliminary.html><draft-ietf-oauth-v2-29 preliminary.pdf><draft-ietf-oauth-v2-29 preliminary.xml>_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth



_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth


--------------030907010009080005030107-- From dick.hardt@gmail.com Mon Jul 9 13:30:42 2012 Return-Path: X-Original-To: oauth@ietfa.amsl.com Delivered-To: oauth@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3474C11E81C2 for ; Mon, 9 Jul 2012 13:30:42 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -3.583 X-Spam-Level: X-Spam-Status: No, score=-3.583 tagged_above=-999 required=5 tests=[AWL=0.016, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Et1ouCyMqLkt for ; Mon, 9 Jul 2012 13:30:41 -0700 (PDT) Received: from mail-gg0-f172.google.com (mail-gg0-f172.google.com [209.85.161.172]) by ietfa.amsl.com (Postfix) with ESMTP id A4D1511E8171 for ; Mon, 9 Jul 2012 13:30:41 -0700 (PDT) Received: by ggnc4 with SMTP id c4so11553897ggn.31 for ; Mon, 09 Jul 2012 13:31:07 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=subject:mime-version:content-type:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to:x-mailer; bh=8D9swjzKIiOBFsJY0FGleb1OM6Gv3a8mv4LmrKVYtrI=; b=CgBLmvBygDkYulDNs6Lgrr7+DVNULJiICy6mixnxkmkaZcgBMIp+117rJikB7H6Alu 3imCp8V5HajmHWYnZFAc/KJPhs1D1b7Gxb3qhGMvwS4lbrlEC/sRyp/sbe4ZMqdbtUx+ TSA+tQ9XXOfFKRPuKT5os6A1bQWf7OrY/GI0kpH3o868y4W8fPiOvP15SG6gFNJpY8h0 EjmNXUxy6t7yNtplVTXe85F9v0GIF8Z86m14k/7bS5IAqMrBHrSjCXS4KgCbXg6nvhi4 5rv60t2hgYNreMmV/33dyvQFg2V52U4MfzhWYUVVprT/w771YIzENMl4HP9+wm3R1Pg4 bQDA== Received: by 10.66.75.162 with SMTP id d2mr68201369paw.59.1341865866656; Mon, 09 Jul 2012 13:31:06 -0700 (PDT) Received: from [10.0.0.4] (c-24-5-69-173.hsd1.ca.comcast.net. [24.5.69.173]) by mx.google.com with ESMTPS id gk2sm16923386pbc.8.2012.07.09.13.31.03 (version=TLSv1/SSLv3 cipher=OTHER); Mon, 09 Jul 2012 13:31:04 -0700 (PDT) Mime-Version: 1.0 (Apple Message framework v1278) Content-Type: text/plain; charset=iso-8859-1 From: Dick Hardt In-Reply-To: <4FFB3D35.3080306@mitre.org> Date: Mon, 9 Jul 2012 13:31:02 -0700 Content-Transfer-Encoding: quoted-printable Message-Id: <0FAF862E-3CB4-4A2E-B2FA-9C72159BCD68@gmail.com> References: <4E1F6AAD24975D4BA5B16804296739436657C93A@TK5EX14MBXC283.redmond.corp.microsoft.com> <6AD425FB-9453-489D-9282-6EC125D535D5@gmail.com> <4FFB3D35.3080306@mitre.org> To: Justin Richer X-Mailer: Apple Mail (2.1278) Cc: oauth@ietf.org Subject: Re: [OAUTH-WG] Preliminary OAuth Core draft -29 X-BeenThere: oauth@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: OAUTH WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 09 Jul 2012 20:30:42 -0000 On Jul 9, 2012, at 1:21 PM, Justin Richer wrote: > Implicit grant makes perfect sense when the user agent and client are = collapsed into a single entity. In other words, if your client is inside = the user agent then doing a code flow doesn't actually buy you any extra = security. It protects the client from an attacker replacing the access token. > This is the driving design decision behind having it in there, and = from my perspective that's clear from the current text. I think the reasons for implicit flow are captured in 1.3.2, and it = would be useful to point to them in 4.2=20 >=20 > In a similar manner, the client credentials flow came about from = collapsing the client with the resource owner, effectively putting the = resource owner inside the client. It can be thought of like that, but that is not where it came from. > In this case the authorization step doesn't make any sense and doing a = code flow doesn't buy you any greater security, either. One can think of the client credential flow as the client already having = the code and that the authorization happened out of band. No need to = change any copy. On 07/09/2012 01:31 PM, Dick Hardt wrote: > Hi Mike >=20 > Reading over the spec, I think some more color in 4.2 on the risks of = the Implicit Grant and where it makes sense and where it does not is in = order.=20 > Also, this should be in Section 9. >=20 > Thoughts? >=20 > -- Dick From tonynad@microsoft.com Mon Jul 9 14:17:40 2012 Return-Path: X-Original-To: oauth@ietfa.amsl.com Delivered-To: oauth@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E22D611E81FB for ; Mon, 9 Jul 2012 14:17:40 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -0.667 X-Spam-Level: X-Spam-Status: No, score=-0.667 tagged_above=-999 required=5 tests=[AWL=-0.200, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1, UNRESOLVED_TEMPLATE=3.132] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RlH0XxxawbPC for ; Mon, 9 Jul 2012 14:17:40 -0700 (PDT) Received: from co1outboundpool.messaging.microsoft.com (co1ehsobe003.messaging.microsoft.com [216.32.180.186]) by ietfa.amsl.com (Postfix) with ESMTP id 4513311E81EF for ; Mon, 9 Jul 2012 14:17:40 -0700 (PDT) Received: from mail166-co1-R.bigfish.com (10.243.78.241) by CO1EHSOBE005.bigfish.com (10.243.66.68) with Microsoft SMTP Server id 14.1.225.23; Mon, 9 Jul 2012 21:15:49 +0000 Received: from mail166-co1 (localhost [127.0.0.1]) by mail166-co1-R.bigfish.com (Postfix) with ESMTP id CD05B1C00CE for ; Mon, 9 Jul 2012 21:15:48 +0000 (UTC) X-Forefront-Antispam-Report: CIP:131.107.125.8; KIP:(null); UIP:(null); IPV:NLI; H:TK5EX14HUBC107.redmond.corp.microsoft.com; RD:none; EFVD:NLI X-SpamScore: -20 X-BigFish: VS-20(z1725nz98dI9371I148cI542M1432Izz1202h1082kzz1033IL8275dhz2fh2a8h683h839h944hd25hf0ah107ah) Received-SPF: pass (mail166-co1: domain of microsoft.com designates 131.107.125.8 as permitted sender) client-ip=131.107.125.8; envelope-from=tonynad@microsoft.com; helo=TK5EX14HUBC107.redmond.corp.microsoft.com ; icrosoft.com ; X-Forefront-Antispam-Report-Untrusted: CIP:157.56.240.21; KIP:(null); UIP:(null); (null); H:BL2PRD0310HT002.namprd03.prod.outlook.com; R:internal; EFV:INT Received: from mail166-co1 (localhost.localdomain [127.0.0.1]) by mail166-co1 (MessageSwitch) id 1341868546845266_5191; Mon, 9 Jul 2012 21:15:46 +0000 (UTC) Received: from CO1EHSMHS024.bigfish.com (unknown [10.243.78.226]) by mail166-co1.bigfish.com (Postfix) with ESMTP id CCBA58C0048 for ; Mon, 9 Jul 2012 21:15:46 +0000 (UTC) Received: from TK5EX14HUBC107.redmond.corp.microsoft.com (131.107.125.8) by CO1EHSMHS024.bigfish.com (10.243.66.34) with Microsoft SMTP Server (TLS) id 14.1.225.23; Mon, 9 Jul 2012 21:15:46 +0000 Received: from co1outboundpool.messaging.microsoft.com (157.54.51.114) by mail.microsoft.com (157.54.80.67) with Microsoft SMTP Server (TLS) id 14.2.309.3; Mon, 9 Jul 2012 21:17:44 +0000 Received: from mail79-co1-R.bigfish.com (10.243.78.248) by CO1EHSOBE016.bigfish.com (10.243.66.79) with Microsoft SMTP Server id 14.1.225.23; Mon, 9 Jul 2012 21:15:27 +0000 Received: from mail79-co1 (localhost [127.0.0.1]) by mail79-co1-R.bigfish.com (Postfix) with ESMTP id 2346CDC00B8 for ; Mon, 9 Jul 2012 21:15:27 +0000 (UTC) Received: from mail79-co1 (localhost.localdomain [127.0.0.1]) by mail79-co1 (MessageSwitch) id 1341868524767219_14284; Mon, 9 Jul 2012 21:15:24 +0000 (UTC) Received: from CO1EHSMHS006.bigfish.com (unknown [10.243.78.254]) by mail79-co1.bigfish.com (Postfix) with ESMTP id AF874C80044; Mon, 9 Jul 2012 21:15:24 +0000 (UTC) Received: from BL2PRD0310HT002.namprd03.prod.outlook.com (157.56.240.21) by CO1EHSMHS006.bigfish.com (10.243.66.16) with Microsoft SMTP Server (TLS) id 14.1.225.23; Mon, 9 Jul 2012 21:15:24 +0000 Received: from BL2PRD0310MB362.namprd03.prod.outlook.com ([169.254.12.220]) by BL2PRD0310HT002.namprd03.prod.outlook.com ([10.255.97.37]) with mapi id 14.16.0164.004; Mon, 9 Jul 2012 21:17:33 +0000 From: Anthony Nadalin To: Hannes Tschofenig Thread-Topic: [OAUTH-WG] Holder-of-the-Key for OAuth Thread-Index: AQHNXf7R8o8oKGDddUekOoP+IJtc+pchTCgQgAADZYCAAATKkA== Date: Mon, 9 Jul 2012 21:17:33 +0000 Message-ID: References: <8FB1BC31-D183-47A0-9792-4FDF460AFAA1@gmx.net> <22194120-0613-48A7-9825-FD3BAD76062A@gmx.net> In-Reply-To: <22194120-0613-48A7-9825-FD3BAD76062A@gmx.net> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [131.107.174.57] Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OrganizationHeadersPreserved: BL2PRD0310HT002.namprd03.prod.outlook.com X-FOPE-CONNECTOR: Id%0$Dn%*$RO%0$TLS%0$FQDN%$TlsDn% X-FOPE-CONNECTOR: Id%59$Dn%GMX.NET$RO%2$TLS%6$FQDN%131.107.125.5$TlsDn% X-FOPE-CONNECTOR: Id%59$Dn%IETF.ORG$RO%2$TLS%6$FQDN%131.107.125.5$TlsDn% X-CrossPremisesHeadersPromoted: TK5EX14HUBC107.redmond.corp.microsoft.com X-CrossPremisesHeadersFiltered: TK5EX14HUBC107.redmond.corp.microsoft.com X-OriginatorOrg: microsoft.com Cc: OAuth WG Subject: Re: [OAUTH-WG] Holder-of-the-Key for OAuth X-BeenThere: oauth@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: OAUTH WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 09 Jul 2012 21:17:41 -0000 > Regarding the symmetric keys: The asymmetric key can be re-used but with = a symmetric key holder-of-the-key you would have to request a fresh one eve= ry time in order to accomplish comparable security benefits. We have use cases for asymmetric, symmetric and for nonce (entropy), and th= us would have to distinguish between these types requested and returned. Al= so do you always see the proof token being embedded in the message or also = part of the auth code? -----Original Message----- From: Hannes Tschofenig [mailto:hannes.tschofenig@gmx.net]=20 Sent: Monday, July 09, 2012 12:05 PM To: Anthony Nadalin Cc: Hannes Tschofenig; OAuth WG Subject: Re: [OAUTH-WG] Holder-of-the-Key for OAuth Hi Tony,=20 I had to start somewhere. I had chosen the asymmetric version since it prov= ides good security properties and there is already the BrowserID/OBC work t= hat I had in the back of my mind. I am particularly interested to illustrat= e that you can accomplish the same, if not better, characteristics than Bro= wserID by using OAuth instead of starting from scratch.=20 Regarding the symmetric keys: The asymmetric key can be re-used but with a = symmetric key holder-of-the-key you would have to request a fresh one every= time in order to accomplish comparable security benefits.=20 Ciao Hannes On Jul 9, 2012, at 9:57 PM, Anthony Nadalin wrote: > Hannes, thanks for drafting this, couple of comments: >=20 > 1. HOK is one of Proof of Possession methods, should we consider others? > 2. This seems just to handle asymmetric keys, need to also handle symmetr= ic keys >=20 >=20 > -----Original Message----- > From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On Behalf Of= Hannes Tschofenig > Sent: Monday, July 09, 2012 11:15 AM > To: OAuth WG > Subject: [OAUTH-WG] Holder-of-the-Key for OAuth >=20 > Hi guys,=20 >=20 > today I submitted a short document that illustrates the concept of holder= -of-the-key for OAuth.=20 > Here is the document:=20 > https://datatracker.ietf.org/doc/draft-tschofenig-oauth-hotk >=20 > Your feedback is welcome=20 >=20 > Ciao > Hannes >=20 > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth >=20 >=20 >=20 >=20 >=20 From James.H.Manger@team.telstra.com Mon Jul 9 20:54:18 2012 Return-Path: X-Original-To: oauth@ietfa.amsl.com Delivered-To: oauth@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 925FA11E8117 for ; Mon, 9 Jul 2012 20:54:18 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -0.997 X-Spam-Level: X-Spam-Status: No, score=-0.997 tagged_above=-999 required=5 tests=[AWL=-0.096, BAYES_00=-2.599, HELO_EQ_AU=0.377, HOST_EQ_AU=0.327, RELAY_IS_203=0.994] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8Tjg5hBBcVix for ; Mon, 9 Jul 2012 20:54:17 -0700 (PDT) Received: from ipxbno.tcif.telstra.com.au (ipxbno.tcif.telstra.com.au [203.35.82.204]) by ietfa.amsl.com (Postfix) with ESMTP id 7550111E8114 for ; Mon, 9 Jul 2012 20:54:16 -0700 (PDT) X-IronPort-AV: E=Sophos;i="4.77,557,1336312800"; d="scan'208";a="80230474" Received: from unknown (HELO ipcdni.tcif.telstra.com.au) ([10.97.216.212]) by ipobni.tcif.telstra.com.au with ESMTP; 10 Jul 2012 13:54:43 +1000 X-IronPort-AV: E=McAfee;i="5400,1158,6767"; a="70403293" Received: from wsmsg3755.srv.dir.telstra.com ([172.49.40.196]) by ipcdni.tcif.telstra.com.au with ESMTP; 10 Jul 2012 13:54:41 +1000 Received: from WSMSG3153V.srv.dir.telstra.com ([172.49.40.159]) by WSMSG3755.srv.dir.telstra.com ([172.49.40.196]) with mapi; Tue, 10 Jul 2012 13:54:41 +1000 From: "Manger, James H" To: Hannes Tschofenig , OAuth WG Date: Tue, 10 Jul 2012 13:54:40 +1000 Thread-Topic: [OAUTH-WG] Holder-of-the-Key for OAuth Thread-Index: Ac1d/sNpIiKMbIZfTA6266bkh2moQAATVlaQ Message-ID: <255B9BB34FB7D647A506DC292726F6E114F7977420@WSMSG3153V.srv.dir.telstra.com> References: <8FB1BC31-D183-47A0-9792-4FDF460AFAA1@gmx.net> In-Reply-To: <8FB1BC31-D183-47A0-9792-4FDF460AFAA1@gmx.net> Accept-Language: en-US, en-AU Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: acceptlanguage: en-US, en-AU Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 MIME-Version: 1.0 Subject: Re: [OAUTH-WG] Holder-of-the-Key for OAuth X-BeenThere: oauth@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: OAUTH WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 10 Jul 2012 03:54:18 -0000 SGFubmVzLA0KDQo+IHRvZGF5IEkgc3VibWl0dGVkIGEgc2hvcnQgZG9jdW1lbnQgdGhhdCBpbGx1 c3RyYXRlcyB0aGUgY29uY2VwdCBvZg0KPiBob2xkZXItb2YtdGhlLWtleSBmb3IgT0F1dGguDQo+ IEhlcmUgaXMgdGhlIGRvY3VtZW50Og0KPiBodHRwczovL2RhdGF0cmFja2VyLmlldGYub3JnL2Rv Yy9kcmFmdC10c2Nob2ZlbmlnLW9hdXRoLWhvdGsNCg0KDQpBIGRpZmZlcmVudCBhcHByb2FjaCB3 b3VsZCBiZSBmb3IgdGhlIHNlcnZpY2UgdG8gaXNzdWUgYSBwcml2YXRlIGFzeW1tZXRyaWMga2V5 IHRvIHRoZSBjbGllbnQgYXBwLCBhbG9uZyB3aXRoIGEgY2VydGlmaWNhdGUsIGluIHRoZSBhY2Nl c3MgdG9rZW4gcmVzcG9uc2UuIFRoaXMgaXMgYSBzbGlnaHRseSBiZXR0ZXIgbWF0Y2ggdG8gdGhl IE9BdXRoMiBtb2RlbCBvZiB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2aWNlIGlzc3VpbmcgdGVtcG9y YXJ5IGNyZWRlbnRpYWxzIGZvciBhY2Nlc3NpbmcgcmVzb3VyY2VzIG9uIGEgdXNlcuKAmXMgYmVo YWxmLg0KDQpXaGVuIHRoZSB0b2tlbl90eXBlIGlzICJ0bHNfY2xpZW50X2NlcnQiIChwcm9iYWJs eSBhIGJldHRlciBsYWJlbCB0aGFuICJob3RrIiksIHRoZSBjbGllbnQgY2FuIGFjY2VzcyBwcm90 ZWN0ZWQgcmVzb3VyY2VzIHVzaW5nIFRMUyB3aXRoIGNsaWVudCBhdXRoZW50aWNhdGlvbjsgdXNp bmcgdGhlIGtleSBmcm9tIHRoZSAicHJpdmF0ZV9rZXkiIGZpZWxkLiBUaGUgImFjY2Vzc190b2tl biIgZmllbGQgaG9sZHMgYSBiYXNlNjR1cmwtZW5jb2RlZCBjZXJ0aWZpY2F0ZSB0byBpbmNsdWRl IGluIHRoZSBUTFMgaGFuZHNoYWtlLg0KDQpBbiBleGFtcGxlIGFjY2VzcyB0b2tlbiByZXNwb25z ZSBjb3VsZCBiZToNCg0KICBIVFRQLzEuMSAyMDAgT0sNCiAgQ29udGVudC1UeXBlOiBhcHBsaWNh dGlvbi9qc29uO2NoYXJzZXQ9VVRGLTgNCiAgQ2FjaGUtQ29udHJvbDogbm8tc3RvcmUNCiAgUHJh Z21hOiBuby1jYWNoZQ0KDQogIHsNCiAgICAidG9rZW5fdHlwZSI6InRsc19jbGllbnRfY2VydCIs DQogICAgImFjY2Vzc190b2tlbiI6Ik1JSUdjRENDQmRtZ0F3SUJBZ0lLReKApiIsDQogICAgInBy aXZhdGVfa2V5Ijp7DQogICAgICAiYWxnIjoiUlNBIiwgIm1vZCI6Ik92eDfigKYiLCAicCI6Ijdk ReKApiIsICJxIjoiZkoz4oCmIiwg4oCmDQogICAgfSwNCiAgICAiZXhwaXJlc19pbiI6MzYwMCwN CiAgICAicmVmcmVzaF90b2tlbiI6InRHenYzSk9rRjBYRzVReDJUbEtXSUEiDQogIH0NCg0KDQpU aGUgc3VnZ2VzdGlvbiBhYm92ZSBwYXNzZXMgdGhlICJhY2Nlc3NfdG9rZW4iIHRvIHRoZSBwcm90 ZWN0ZWQgcmVzb3VyY2UgaW4gdGhlIFRMUyBwcm90b2NvbCBpbiB0aGUgZm9ybSBvZiBhIGNlcnRp ZmljYXRlLg0KZHJhZnQtdHNjaG9mZW5pZy1vYXV0aC1ob3RrIHNheXMgdGhlIGNsaWVudCAicHJl c2VudHMgdGhlIGFjY2VzcyB0b2tlbiB0byB0aGUgcmVzb3VyY2Ugc2VydmVyIiwgYnV0IGl0IHdh c24ndCBjbGVhciB0byBtZSBob3cgaXQgd2FzIGRvbmUuIFdlcmUgeW91IGV4cGVjdGluZyB0aGUg Y2xpZW50IHRvIHVzZSB0aGUgQkVBUkVSIEhUVFAgYXV0aCBzY2hlbWUgaW5zaWRlIHRoZSBjbGll bnQtYXV0aGVudGljYXRlZCBUTFMgY29ubmVjdGlvbj8NCg0KLS0NCkphbWVzIE1hbmdlcg0KDQo= From ve7jtb@ve7jtb.com Tue Jul 10 03:34:29 2012 Return-Path: X-Original-To: oauth@ietfa.amsl.com Delivered-To: oauth@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9321E21F877C for ; Tue, 10 Jul 2012 03:34:29 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -3.599 X-Spam-Level: X-Spam-Status: No, score=-3.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iX8kfw-9XwYN for ; Tue, 10 Jul 2012 03:34:29 -0700 (PDT) Received: from mail-qc0-f172.google.com (mail-qc0-f172.google.com [209.85.216.172]) by ietfa.amsl.com (Postfix) with ESMTP id D366A21F877B for ; Tue, 10 Jul 2012 03:34:28 -0700 (PDT) Received: by qcac10 with SMTP id c10so6853447qca.31 for ; Tue, 10 Jul 2012 03:34:55 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=subject:mime-version:content-type:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to:x-mailer :x-gm-message-state; bh=BtO1F0vVT+w7Z3q+2XcT2gnoPjbf5Qm8Wb2ThDyKam0=; b=H+HmcfQWh5We7LhxGtCXcc/Bd10nX1WUH3OTCVAlW4B4rz6rSt719P+y6dONY8FTGI 76SP7pO8nOsY8eJkUKJmSJjhBh9YMJDu/fLVHzpZ+OmtrIeeyKzE6Ae4uhx97obYhWYd GBHBnz4pj7dFd+tCF+32Dg+qHa+l6YUXQH7xrlWmOxhA5hc9OeUGXOCPl5DA76BLVnVw uovVsAcM+Ob9LnmvwbSSX37E7slvkJYQ1pe/gEU7cBRzIlmv+qks5KuiGMcdxWJzB7AA BQhfnrKMOqdRoQHXl9g+UPdUr3CBP0jvX/awoEeG4M6Ey9VA8zG9xBU/Jp32YxOFIKDJ Wdmw== Received: by 10.229.114.217 with SMTP id f25mr22969939qcq.127.1341916495805; Tue, 10 Jul 2012 03:34:55 -0700 (PDT) Received: from [192.168.10.59] (ip-64-134-185-225.public.wayport.net. [64.134.185.225]) by mx.google.com with ESMTPS id o7sm52397232qaq.17.2012.07.10.03.34.51 (version=TLSv1/SSLv3 cipher=OTHER); Tue, 10 Jul 2012 03:34:55 -0700 (PDT) Mime-Version: 1.0 (Apple Message framework v1278) Content-Type: text/plain; charset=us-ascii From: John Bradley In-Reply-To: <22194120-0613-48A7-9825-FD3BAD76062A@gmx.net> Date: Tue, 10 Jul 2012 06:33:40 -0400 Content-Transfer-Encoding: quoted-printable Message-Id: References: <8FB1BC31-D183-47A0-9792-4FDF460AFAA1@gmx.net> <22194120-0613-48A7-9825-FD3BAD76062A@gmx.net> To: Hannes Tschofenig X-Mailer: Apple Mail (2.1278) X-Gm-Message-State: ALoCoQkj0svArzJhydJZZ0RiWJsunhu8A43ecoO76uDhrHuTSxCT6WvWaETN18Mu/t5vYBhplnkR Cc: OAuth WG Subject: Re: [OAUTH-WG] Holder-of-the-Key for OAuth X-BeenThere: oauth@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: OAUTH WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 10 Jul 2012 10:34:29 -0000 I agree that there are use-cases for all of the proof of possession = mechanisms. Presentment methods also need to be considered. =20 TLS client auth may not always be the best option. Sometimes message = signing is more appropriate. One question is if we want to do a generic proof of possession for JWT = that is useful outside OAuth, or something OAuth specific. The = answer may be a combined approach. I think this is a good start to get discussion going. John B. On 2012-07-09, at 3:05 PM, Hannes Tschofenig wrote: > Hi Tony,=20 >=20 > I had to start somewhere. I had chosen the asymmetric version since it = provides good security properties and there is already the BrowserID/OBC = work that I had in the back of my mind. I am particularly interested to = illustrate that you can accomplish the same, if not better, = characteristics than BrowserID by using OAuth instead of starting from = scratch.=20 >=20 > Regarding the symmetric keys: The asymmetric key can be re-used but = with a symmetric key holder-of-the-key you would have to request a fresh = one every time in order to accomplish comparable security benefits.=20 >=20 > Ciao > Hannes >=20 > On Jul 9, 2012, at 9:57 PM, Anthony Nadalin wrote: >=20 >> Hannes, thanks for drafting this, couple of comments: >>=20 >> 1. HOK is one of Proof of Possession methods, should we consider = others? >> 2. This seems just to handle asymmetric keys, need to also handle = symmetric keys >>=20 >>=20 >> -----Original Message----- >> From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On = Behalf Of Hannes Tschofenig >> Sent: Monday, July 09, 2012 11:15 AM >> To: OAuth WG >> Subject: [OAUTH-WG] Holder-of-the-Key for OAuth >>=20 >> Hi guys,=20 >>=20 >> today I submitted a short document that illustrates the concept of = holder-of-the-key for OAuth.=20 >> Here is the document:=20 >> https://datatracker.ietf.org/doc/draft-tschofenig-oauth-hotk >>=20 >> Your feedback is welcome=20 >>=20 >> Ciao >> Hannes >>=20 >> _______________________________________________ >> OAuth mailing list >> OAuth@ietf.org >> https://www.ietf.org/mailman/listinfo/oauth >>=20 >>=20 >>=20 >>=20 >>=20 >=20 > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth From tonynad@microsoft.com Tue Jul 10 07:29:41 2012 Return-Path: X-Original-To: oauth@ietfa.amsl.com Delivered-To: oauth@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BB2C311E80E2 for ; Tue, 10 Jul 2012 07:29:41 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -0.654 X-Spam-Level: X-Spam-Status: No, score=-0.654 tagged_above=-999 required=5 tests=[AWL=-0.187, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1, UNRESOLVED_TEMPLATE=3.132] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1ACHtRCQpOck for ; Tue, 10 Jul 2012 07:29:41 -0700 (PDT) Received: from am1outboundpool.messaging.microsoft.com (am1ehsobe003.messaging.microsoft.com [213.199.154.206]) by ietfa.amsl.com (Postfix) with ESMTP id BCB2411E80C8 for ; Tue, 10 Jul 2012 07:29:40 -0700 (PDT) Received: from mail10-am1-R.bigfish.com (10.3.201.237) by AM1EHSOBE009.bigfish.com (10.3.204.29) with Microsoft SMTP Server id 14.1.225.23; Tue, 10 Jul 2012 14:27:48 +0000 Received: from mail10-am1 (localhost [127.0.0.1]) by mail10-am1-R.bigfish.com (Postfix) with ESMTP id 8948E14010D for ; Tue, 10 Jul 2012 14:27:48 +0000 (UTC) X-Forefront-Antispam-Report: CIP:131.107.125.8; KIP:(null); UIP:(null); IPV:NLI; H:TK5EX14MLTC101.redmond.corp.microsoft.com; RD:none; EFVD:NLI X-SpamScore: -21 X-BigFish: VS-21(z1725nz98dI9371I936eI148cI542M1432Izz1202h1082kzz1033IL8275dhz2fh2a8h683h839h944hd25hf0ah107ah) Received-SPF: pass (mail10-am1: domain of microsoft.com designates 131.107.125.8 as permitted sender) client-ip=131.107.125.8; envelope-from=tonynad@microsoft.com; helo=TK5EX14MLTC101.redmond.corp.microsoft.com ; icrosoft.com ; X-Forefront-Antispam-Report-Untrusted: CIP:157.56.240.21; KIP:(null); UIP:(null); (null); H:BL2PRD0310HT003.namprd03.prod.outlook.com; R:internal; EFV:INT Received: from mail10-am1 (localhost.localdomain [127.0.0.1]) by mail10-am1 (MessageSwitch) id 1341930466402546_6394; Tue, 10 Jul 2012 14:27:46 +0000 (UTC) Received: from AM1EHSMHS018.bigfish.com (unknown [10.3.201.249]) by mail10-am1.bigfish.com (Postfix) with ESMTP id 529C5460156 for ; Tue, 10 Jul 2012 14:27:46 +0000 (UTC) Received: from TK5EX14MLTC101.redmond.corp.microsoft.com (131.107.125.8) by AM1EHSMHS018.bigfish.com (10.3.207.156) with Microsoft SMTP Server (TLS) id 14.1.225.23; Tue, 10 Jul 2012 14:27:45 +0000 Received: from va3outboundpool.messaging.microsoft.com (157.54.51.81) by mail.microsoft.com (157.54.79.178) with Microsoft SMTP Server (TLS) id 14.2.298.5; Tue, 10 Jul 2012 14:29:55 +0000 Received: from mail250-va3-R.bigfish.com (10.7.14.239) by VA3EHSOBE005.bigfish.com (10.7.40.25) with Microsoft SMTP Server id 14.1.225.23; Tue, 10 Jul 2012 14:26:50 +0000 Received: from mail250-va3 (localhost [127.0.0.1]) by mail250-va3-R.bigfish.com (Postfix) with ESMTP id 0643516801DB for ; Tue, 10 Jul 2012 14:26:50 +0000 (UTC) Received: from mail250-va3 (localhost.localdomain [127.0.0.1]) by mail250-va3 (MessageSwitch) id 1341930408249728_29625; Tue, 10 Jul 2012 14:26:48 +0000 (UTC) Received: from VA3EHSMHS002.bigfish.com (unknown [10.7.14.245]) by mail250-va3.bigfish.com (Postfix) with ESMTP id 3A9B81A40043; Tue, 10 Jul 2012 14:26:48 +0000 (UTC) Received: from BL2PRD0310HT003.namprd03.prod.outlook.com (157.56.240.21) by VA3EHSMHS002.bigfish.com (10.7.99.12) with Microsoft SMTP Server (TLS) id 14.1.225.23; Tue, 10 Jul 2012 14:26:46 +0000 Received: from BL2PRD0310MB362.namprd03.prod.outlook.com ([169.254.12.220]) by BL2PRD0310HT003.namprd03.prod.outlook.com ([10.255.97.38]) with mapi id 14.16.0175.005; Tue, 10 Jul 2012 14:29:05 +0000 From: Anthony Nadalin To: John Bradley , Hannes Tschofenig Thread-Topic: [OAUTH-WG] Holder-of-the-Key for OAuth Thread-Index: AQHNXf7R8o8oKGDddUekOoP+IJtc+pchTCgQgAADZYCAAQNmAIAAQKzA Date: Tue, 10 Jul 2012 14:29:05 +0000 Message-ID: References: <8FB1BC31-D183-47A0-9792-4FDF460AFAA1@gmx.net> <22194120-0613-48A7-9825-FD3BAD76062A@gmx.net> In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [131.107.174.57] Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OrganizationHeadersPreserved: BL2PRD0310HT003.namprd03.prod.outlook.com X-FOPE-CONNECTOR: Id%0$Dn%*$RO%0$TLS%0$FQDN%$TlsDn% X-FOPE-CONNECTOR: Id%59$Dn%VE7JTB.COM$RO%2$TLS%6$FQDN%131.107.125.5$TlsDn% X-FOPE-CONNECTOR: Id%59$Dn%GMX.NET$RO%2$TLS%6$FQDN%131.107.125.5$TlsDn% X-FOPE-CONNECTOR: Id%59$Dn%IETF.ORG$RO%2$TLS%6$FQDN%131.107.125.5$TlsDn% X-CrossPremisesHeadersPromoted: TK5EX14MLTC101.redmond.corp.microsoft.com X-CrossPremisesHeadersFiltered: TK5EX14MLTC101.redmond.corp.microsoft.com X-OriginatorOrg: microsoft.com Cc: OAuth WG Subject: Re: [OAUTH-WG] Holder-of-the-Key for OAuth X-BeenThere: oauth@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: OAUTH WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 10 Jul 2012 14:29:41 -0000 > One question is if we want to do a generic proof of possession for JWT th= at is useful outside OAuth, or something OAuth specific. The answer may= be a combined approach. Depends if we want OAuth to support the concept of a request/response for a= proof token and keep the actual binding for a separate specification, in m= ost of our cases the keying material is opaque (and just a blob), where we = care about the key material is in the key agreement (entropy) cases. -----Original Message----- From: John Bradley [mailto:ve7jtb@ve7jtb.com]=20 Sent: Tuesday, July 10, 2012 3:34 AM To: Hannes Tschofenig Cc: Anthony Nadalin; OAuth WG Subject: Re: [OAUTH-WG] Holder-of-the-Key for OAuth I agree that there are use-cases for all of the proof of possession mechani= sms. Presentment methods also need to be considered. =20 TLS client auth may not always be the best option. Sometimes message signi= ng is more appropriate. One question is if we want to do a generic proof of possession for JWT that= is useful outside OAuth, or something OAuth specific. The answer may b= e a combined approach. I think this is a good start to get discussion going. John B. On 2012-07-09, at 3:05 PM, Hannes Tschofenig wrote: > Hi Tony,=20 >=20 > I had to start somewhere. I had chosen the asymmetric version since it pr= ovides good security properties and there is already the BrowserID/OBC work= that I had in the back of my mind. I am particularly interested to illustr= ate that you can accomplish the same, if not better, characteristics than B= rowserID by using OAuth instead of starting from scratch.=20 >=20 > Regarding the symmetric keys: The asymmetric key can be re-used but with = a symmetric key holder-of-the-key you would have to request a fresh one eve= ry time in order to accomplish comparable security benefits.=20 >=20 > Ciao > Hannes >=20 > On Jul 9, 2012, at 9:57 PM, Anthony Nadalin wrote: >=20 >> Hannes, thanks for drafting this, couple of comments: >>=20 >> 1. HOK is one of Proof of Possession methods, should we consider others? >> 2. This seems just to handle asymmetric keys, need to also handle symmet= ric keys >>=20 >>=20 >> -----Original Message----- >> From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On Behalf O= f Hannes Tschofenig >> Sent: Monday, July 09, 2012 11:15 AM >> To: OAuth WG >> Subject: [OAUTH-WG] Holder-of-the-Key for OAuth >>=20 >> Hi guys,=20 >>=20 >> today I submitted a short document that illustrates the concept of holde= r-of-the-key for OAuth.=20 >> Here is the document:=20 >> https://datatracker.ietf.org/doc/draft-tschofenig-oauth-hotk >>=20 >> Your feedback is welcome=20 >>=20 >> Ciao >> Hannes >>=20 >> _______________________________________________ >> OAuth mailing list >> OAuth@ietf.org >> https://www.ietf.org/mailman/listinfo/oauth >>=20 >>=20 >>=20 >>=20 >>=20 >=20 > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth From hannes.tschofenig@gmx.net Tue Jul 10 09:11:37 2012 Return-Path: X-Original-To: oauth@ietfa.amsl.com Delivered-To: oauth@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9DDF511E8194 for ; Tue, 10 Jul 2012 09:11:37 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -102.616 X-Spam-Level: X-Spam-Status: No, score=-102.616 tagged_above=-999 required=5 tests=[AWL=-0.017, BAYES_00=-2.599, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eLwqP80yHb8m for ; Tue, 10 Jul 2012 09:11:37 -0700 (PDT) Received: from mailout-de.gmx.net (mailout-de.gmx.net [213.165.64.22]) by ietfa.amsl.com (Postfix) with SMTP id 8400E11E8193 for ; Tue, 10 Jul 2012 09:11:36 -0700 (PDT) Received: (qmail invoked by alias); 10 Jul 2012 16:12:03 -0000 Received: from a88-115-216-191.elisa-laajakaista.fi (EHLO [192.168.100.106]) [88.115.216.191] by mail.gmx.net (mp028) with SMTP; 10 Jul 2012 18:12:03 +0200 X-Authenticated: #29516787 X-Provags-ID: V01U2FsdGVkX1/faj41jrrfLppoJBvUWcEA/yYAujZEjOnmrJXi5h kP4UcE2wzLG6Zk Mime-Version: 1.0 (Apple Message framework v1084) Content-Type: text/plain; charset=us-ascii From: Hannes Tschofenig In-Reply-To: Date: Tue, 10 Jul 2012 19:11:55 +0300 Content-Transfer-Encoding: quoted-printable Message-Id: <6D7E3A30-873A-41DD-8ADA-A3334E023576@gmx.net> References: <8FB1BC31-D183-47A0-9792-4FDF460AFAA1@gmx.net> <22194120-0613-48A7-9825-FD3BAD76062A@gmx.net> To: Anthony Nadalin X-Mailer: Apple Mail (2.1084) X-Y-GMX-Trusted: 0 Cc: OAuth WG Subject: Re: [OAUTH-WG] Holder-of-the-Key for OAuth X-BeenThere: oauth@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: OAUTH WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 10 Jul 2012 16:11:37 -0000 If we do not bind the key to the channel than we will run into all sorts = of problems. The current MAC specification illustrates that quite = nicely. On top of that you can re-use the established security channel = for the actual data exchange.=20 On Jul 10, 2012, at 5:29 PM, Anthony Nadalin wrote: >> One question is if we want to do a generic proof of possession for = JWT that is useful outside OAuth, or something OAuth specific. The = answer may be a combined approach. >=20 > Depends if we want OAuth to support the concept of a request/response = for a proof token and keep the actual binding for a separate = specification, in most of our cases the keying material is opaque (and = just a blob), where we care about the key material is in the key = agreement (entropy) cases. >=20 > -----Original Message----- > From: John Bradley [mailto:ve7jtb@ve7jtb.com]=20 > Sent: Tuesday, July 10, 2012 3:34 AM > To: Hannes Tschofenig > Cc: Anthony Nadalin; OAuth WG > Subject: Re: [OAUTH-WG] Holder-of-the-Key for OAuth >=20 > I agree that there are use-cases for all of the proof of possession = mechanisms. >=20 > Presentment methods also need to be considered. =20 >=20 > TLS client auth may not always be the best option. Sometimes message = signing is more appropriate. >=20 > One question is if we want to do a generic proof of possession for JWT = that is useful outside OAuth, or something OAuth specific. The = answer may be a combined approach. >=20 > I think this is a good start to get discussion going. >=20 > John B. > On 2012-07-09, at 3:05 PM, Hannes Tschofenig wrote: >=20 >> Hi Tony,=20 >>=20 >> I had to start somewhere. I had chosen the asymmetric version since = it provides good security properties and there is already the = BrowserID/OBC work that I had in the back of my mind. I am particularly = interested to illustrate that you can accomplish the same, if not = better, characteristics than BrowserID by using OAuth instead of = starting from scratch.=20 >>=20 >> Regarding the symmetric keys: The asymmetric key can be re-used but = with a symmetric key holder-of-the-key you would have to request a fresh = one every time in order to accomplish comparable security benefits.=20 >>=20 >> Ciao >> Hannes >>=20 >> On Jul 9, 2012, at 9:57 PM, Anthony Nadalin wrote: >>=20 >>> Hannes, thanks for drafting this, couple of comments: >>>=20 >>> 1. HOK is one of Proof of Possession methods, should we consider = others? >>> 2. This seems just to handle asymmetric keys, need to also handle = symmetric keys >>>=20 >>>=20 >>> -----Original Message----- >>> From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On = Behalf Of Hannes Tschofenig >>> Sent: Monday, July 09, 2012 11:15 AM >>> To: OAuth WG >>> Subject: [OAUTH-WG] Holder-of-the-Key for OAuth >>>=20 >>> Hi guys,=20 >>>=20 >>> today I submitted a short document that illustrates the concept of = holder-of-the-key for OAuth.=20 >>> Here is the document:=20 >>> https://datatracker.ietf.org/doc/draft-tschofenig-oauth-hotk >>>=20 >>> Your feedback is welcome=20 >>>=20 >>> Ciao >>> Hannes >>>=20 >>> _______________________________________________ >>> OAuth mailing list >>> OAuth@ietf.org >>> https://www.ietf.org/mailman/listinfo/oauth >>>=20 >>>=20 >>>=20 >>>=20 >>>=20 >>=20 >> _______________________________________________ >> OAuth mailing list >> OAuth@ietf.org >> https://www.ietf.org/mailman/listinfo/oauth >=20 >=20 >=20 >=20 >=20 >=20 From tonynad@microsoft.com Tue Jul 10 09:36:30 2012 Return-Path: X-Original-To: oauth@ietfa.amsl.com Delivered-To: oauth@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BE8F211E8197 for ; Tue, 10 Jul 2012 09:36:30 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -0.643 X-Spam-Level: X-Spam-Status: No, score=-0.643 tagged_above=-999 required=5 tests=[AWL=-0.176, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1, UNRESOLVED_TEMPLATE=3.132] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9WMvOzbFou60 for ; Tue, 10 Jul 2012 09:36:30 -0700 (PDT) Received: from ch1outboundpool.messaging.microsoft.com (ch1ehsobe002.messaging.microsoft.com [216.32.181.182]) by ietfa.amsl.com (Postfix) with ESMTP id D9C5111E80CE for ; Tue, 10 Jul 2012 09:36:29 -0700 (PDT) Received: from mail195-ch1-R.bigfish.com (10.43.68.225) by CH1EHSOBE007.bigfish.com (10.43.70.57) with Microsoft SMTP Server id 14.1.225.23; Tue, 10 Jul 2012 16:34:37 +0000 Received: from mail195-ch1 (localhost [127.0.0.1]) by mail195-ch1-R.bigfish.com (Postfix) with ESMTP id A173BC00B0 for ; Tue, 10 Jul 2012 16:34:37 +0000 (UTC) X-Forefront-Antispam-Report: CIP:131.107.125.8; KIP:(null); UIP:(null); IPV:NLI; H:TK5EX14MLTC102.redmond.corp.microsoft.com; RD:none; EFVD:NLI X-SpamScore: -21 X-BigFish: VS-21(z1725nz98dI9371I936eI148cI542M1432Izz1202h1082kzz1033IL8275dhz2fh2a8h683h839h944hd25hf0ah107ah) Received-SPF: pass (mail195-ch1: domain of microsoft.com designates 131.107.125.8 as permitted sender) client-ip=131.107.125.8; envelope-from=tonynad@microsoft.com; helo=TK5EX14MLTC102.redmond.corp.microsoft.com ; icrosoft.com ; X-Forefront-Antispam-Report-Untrusted: CIP:157.56.240.21; KIP:(null); UIP:(null); (null); H:BL2PRD0310HT002.namprd03.prod.outlook.com; R:internal; EFV:INT Received: from mail195-ch1 (localhost.localdomain [127.0.0.1]) by mail195-ch1 (MessageSwitch) id 134193807516917_1408; Tue, 10 Jul 2012 16:34:35 +0000 (UTC) Received: from CH1EHSMHS011.bigfish.com (snatpool2.int.messaging.microsoft.com [10.43.68.232]) by mail195-ch1.bigfish.com (Postfix) with ESMTP id ED13B3C004A for ; Tue, 10 Jul 2012 16:34:34 +0000 (UTC) Received: from TK5EX14MLTC102.redmond.corp.microsoft.com (131.107.125.8) by CH1EHSMHS011.bigfish.com (10.43.70.11) with Microsoft SMTP Server (TLS) id 14.1.225.23; Tue, 10 Jul 2012 16:34:33 +0000 Received: from db3outboundpool.messaging.microsoft.com (157.54.51.81) by mail.microsoft.com (157.54.79.180) with Microsoft SMTP Server (TLS) id 14.2.298.5; Tue, 10 Jul 2012 16:36:51 +0000 Received: from mail120-db3-R.bigfish.com (10.3.81.227) by DB3EHSOBE006.bigfish.com (10.3.84.26) with Microsoft SMTP Server id 14.1.225.23; Tue, 10 Jul 2012 16:34:29 +0000 Received: from mail120-db3 (localhost [127.0.0.1]) by mail120-db3-R.bigfish.com (Postfix) with ESMTP id D87EC1001C1 for ; Tue, 10 Jul 2012 16:34:29 +0000 (UTC) Received: from mail120-db3 (localhost.localdomain [127.0.0.1]) by mail120-db3 (MessageSwitch) id 1341938068661425_15823; Tue, 10 Jul 2012 16:34:28 +0000 (UTC) Received: from DB3EHSMHS004.bigfish.com (unknown [10.3.81.253]) by mail120-db3.bigfish.com (Postfix) with ESMTP id 940CA3A0277; Tue, 10 Jul 2012 16:34:28 +0000 (UTC) Received: from BL2PRD0310HT002.namprd03.prod.outlook.com (157.56.240.21) by DB3EHSMHS004.bigfish.com (10.3.87.104) with Microsoft SMTP Server (TLS) id 14.1.225.23; Tue, 10 Jul 2012 16:34:27 +0000 Received: from BL2PRD0310MB362.namprd03.prod.outlook.com ([169.254.12.220]) by BL2PRD0310HT002.namprd03.prod.outlook.com ([10.255.97.37]) with mapi id 14.16.0164.004; Tue, 10 Jul 2012 16:36:28 +0000 From: Anthony Nadalin To: Hannes Tschofenig Thread-Topic: [OAUTH-WG] Holder-of-the-Key for OAuth Thread-Index: AQHNXf7R8o8oKGDddUekOoP+IJtc+pchTCgQgAADZYCAAQNmAIAAQKzAgAAd1oCAAAah4A== Date: Tue, 10 Jul 2012 16:36:27 +0000 Message-ID: References: <8FB1BC31-D183-47A0-9792-4FDF460AFAA1@gmx.net> <22194120-0613-48A7-9825-FD3BAD76062A@gmx.net> <6D7E3A30-873A-41DD-8ADA-A3334E023576@gmx.net> In-Reply-To: <6D7E3A30-873A-41DD-8ADA-A3334E023576@gmx.net> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [131.107.174.57] Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OrganizationHeadersPreserved: BL2PRD0310HT002.namprd03.prod.outlook.com X-FOPE-CONNECTOR: Id%0$Dn%*$RO%0$TLS%0$FQDN%$TlsDn% X-FOPE-CONNECTOR: Id%59$Dn%GMX.NET$RO%2$TLS%6$FQDN%131.107.125.5$TlsDn% X-FOPE-CONNECTOR: Id%59$Dn%VE7JTB.COM$RO%2$TLS%6$FQDN%131.107.125.5$TlsDn% X-FOPE-CONNECTOR: Id%59$Dn%IETF.ORG$RO%2$TLS%6$FQDN%131.107.125.5$TlsDn% X-CrossPremisesHeadersPromoted: TK5EX14MLTC102.redmond.corp.microsoft.com X-CrossPremisesHeadersFiltered: TK5EX14MLTC102.redmond.corp.microsoft.com X-OriginatorOrg: microsoft.com Cc: OAuth WG Subject: Re: [OAUTH-WG] Holder-of-the-Key for OAuth X-BeenThere: oauth@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: OAUTH WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 10 Jul 2012 16:36:30 -0000 The key does not have to be bound to the channel, that is just one option, = the key can be a negotiated key -----Original Message----- From: Hannes Tschofenig [mailto:hannes.tschofenig@gmx.net]=20 Sent: Tuesday, July 10, 2012 9:12 AM To: Anthony Nadalin Cc: Hannes Tschofenig; John Bradley; OAuth WG Subject: Re: [OAUTH-WG] Holder-of-the-Key for OAuth If we do not bind the key to the channel than we will run into all sorts of= problems. The current MAC specification illustrates that quite nicely. On = top of that you can re-use the established security channel for the actual = data exchange.=20 On Jul 10, 2012, at 5:29 PM, Anthony Nadalin wrote: >> One question is if we want to do a generic proof of possession for JWT t= hat is useful outside OAuth, or something OAuth specific. The answer ma= y be a combined approach. >=20 > Depends if we want OAuth to support the concept of a request/response for= a proof token and keep the actual binding for a separate specification, in= most of our cases the keying material is opaque (and just a blob), where w= e care about the key material is in the key agreement (entropy) cases. >=20 > -----Original Message----- > From: John Bradley [mailto:ve7jtb@ve7jtb.com]=20 > Sent: Tuesday, July 10, 2012 3:34 AM > To: Hannes Tschofenig > Cc: Anthony Nadalin; OAuth WG > Subject: Re: [OAUTH-WG] Holder-of-the-Key for OAuth >=20 > I agree that there are use-cases for all of the proof of possession mecha= nisms. >=20 > Presentment methods also need to be considered. =20 >=20 > TLS client auth may not always be the best option. Sometimes message sig= ning is more appropriate. >=20 > One question is if we want to do a generic proof of possession for JWT th= at is useful outside OAuth, or something OAuth specific. The answer may= be a combined approach. >=20 > I think this is a good start to get discussion going. >=20 > John B. > On 2012-07-09, at 3:05 PM, Hannes Tschofenig wrote: >=20 >> Hi Tony,=20 >>=20 >> I had to start somewhere. I had chosen the asymmetric version since it p= rovides good security properties and there is already the BrowserID/OBC wor= k that I had in the back of my mind. I am particularly interested to illust= rate that you can accomplish the same, if not better, characteristics than = BrowserID by using OAuth instead of starting from scratch.=20 >>=20 >> Regarding the symmetric keys: The asymmetric key can be re-used but with= a symmetric key holder-of-the-key you would have to request a fresh one ev= ery time in order to accomplish comparable security benefits.=20 >>=20 >> Ciao >> Hannes >>=20 >> On Jul 9, 2012, at 9:57 PM, Anthony Nadalin wrote: >>=20 >>> Hannes, thanks for drafting this, couple of comments: >>>=20 >>> 1. HOK is one of Proof of Possession methods, should we consider others= ? >>> 2. This seems just to handle asymmetric keys, need to also handle symme= tric keys >>>=20 >>>=20 >>> -----Original Message----- >>> From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On Behalf = Of Hannes Tschofenig >>> Sent: Monday, July 09, 2012 11:15 AM >>> To: OAuth WG >>> Subject: [OAUTH-WG] Holder-of-the-Key for OAuth >>>=20 >>> Hi guys,=20 >>>=20 >>> today I submitted a short document that illustrates the concept of hold= er-of-the-key for OAuth.=20 >>> Here is the document:=20 >>> https://datatracker.ietf.org/doc/draft-tschofenig-oauth-hotk >>>=20 >>> Your feedback is welcome=20 >>>=20 >>> Ciao >>> Hannes >>>=20 >>> _______________________________________________ >>> OAuth mailing list >>> OAuth@ietf.org >>> https://www.ietf.org/mailman/listinfo/oauth >>>=20 >>>=20 >>>=20 >>>=20 >>>=20 >>=20 >> _______________________________________________ >> OAuth mailing list >> OAuth@ietf.org >> https://www.ietf.org/mailman/listinfo/oauth >=20 >=20 >=20 >=20 >=20 >=20 From wmills_92105@yahoo.com Tue Jul 10 09:53:13 2012 Return-Path: X-Original-To: oauth@ietfa.amsl.com Delivered-To: oauth@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F2F6621F85FF for ; Tue, 10 Jul 2012 09:53:12 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -3.598 X-Spam-Level: X-Spam-Status: No, score=-3.598 tagged_above=-999 required=5 tests=[AWL=-1.000, BAYES_00=-2.599, HTML_MESSAGE=0.001] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ba2JiI1xJg1P for ; Tue, 10 Jul 2012 09:53:12 -0700 (PDT) Received: from nm36-vm7.bullet.mail.ne1.yahoo.com (nm36-vm7.bullet.mail.ne1.yahoo.com [98.138.229.119]) by ietfa.amsl.com (Postfix) with SMTP id 1BAFB21F8596 for ; Tue, 10 Jul 2012 09:53:11 -0700 (PDT) Received: from [98.138.90.48] by nm36.bullet.mail.ne1.yahoo.com with NNFMP; 10 Jul 2012 16:53:35 -0000 Received: from [98.138.88.236] by tm1.bullet.mail.ne1.yahoo.com with NNFMP; 10 Jul 2012 16:53:35 -0000 Received: from [127.0.0.1] by omp1036.mail.ne1.yahoo.com with NNFMP; 10 Jul 2012 16:53:35 -0000 X-Yahoo-Newman-Property: ymail-3 X-Yahoo-Newman-Id: 402120.79323.bm@omp1036.mail.ne1.yahoo.com Received: (qmail 20221 invoked by uid 60001); 10 Jul 2012 16:53:35 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024; t=1341939214; bh=UpcSb8DcpQZbr2zXTYaT3gonn5QqFfbHQGp+mV5G5To=; h=X-YMail-OSG:Received:X-Mailer:References:Message-ID:Date:From:Reply-To:Subject:To:In-Reply-To:MIME-Version:Content-Type; b=1iKlrbYJA8oejj01DJ3++7jpAsGdwAIZPPmghuyZ22quZ/VmPO6kFwVw4HkyTR948DSCMmehXvevRqd0B28CK8I5uRnDJvfmHWXl6AVQQ1LjppVsR95eRscsrYJFRNd61oHo5By4I29DIgFKc1X7rwicW++qOzpbCZljjhzuaCA= DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=X-YMail-OSG:Received:X-Mailer:References:Message-ID:Date:From:Reply-To:Subject:To:In-Reply-To:MIME-Version:Content-Type; b=UtgMfC/Av8HQvr5LQ2MmI6rnwN6HMuZXdEYhWsi8DWj8tr/nrC4peRS04EPnH/dCW2rmPbE3jde+11ZW0/pT1YzQ9iMuOqf7CCQpDftkkKNydKwzKb6/rcEntyPYuUx61cH8kiPfQWjUdpzInAcBl6LHQEKKYQhWYiEcwLSFv3M=; X-YMail-OSG: WP3LUXQVM1mAoM8zz5XjMDOlpuHVMOQwySkWblDxMvd7RHz 87Xgs9vklisM7MHkT9c4nl7kkeA6.sILcOBVS06mkKnvf.llPERdCdZVR9yj BoA7RGEyEbnyguZOe6xkk5ojz6.v3a0w5oSu_rPFui_WCiQGO3GGEdj9W4gx e2xWXd81N3N_IrdrbmwFyzXKVqHwSfFqu7BV6q2uUqwG9HDSwvjs4MVuAhD8 jDFE0t2rSCL_.udzV1Qzuj92cs1P7H5vn0VdgWBdSS1sNlF_ewoiBpE.K1O. BlCC9rpvBW7f5V9IsYmnZxQ7b6QAJ8Yx.n43pgYm30AHLL.q3lUWI0mmw94b nXZGtTEfxhvu3liRju0e9gO1kmaHe04UPZqXEF0Lm_pgkiMbaym4raatjM5m qNoyMRsq7EaNP2MbQYywnjqBKHitaByqp5JAvn_PmyHTHy9cWlfBggrCwGti fCQxppvz7cQ78eETP6.E8umJX Received: from [99.31.212.42] by web31811.mail.mud.yahoo.com via HTTP; Tue, 10 Jul 2012 09:53:34 PDT X-Mailer: YahooMailWebService/0.8.120.356233 References: <8FB1BC31-D183-47A0-9792-4FDF460AFAA1@gmx.net> <255B9BB34FB7D647A506DC292726F6E114F7977420@WSMSG3153V.srv.dir.telstra.com> Message-ID: <1341939214.6093.YahooMailNeo@web31811.mail.mud.yahoo.com> Date: Tue, 10 Jul 2012 09:53:34 -0700 (PDT) From: William Mills To: "Manger, James H" , Hannes Tschofenig , OAuth WG In-Reply-To: <255B9BB34FB7D647A506DC292726F6E114F7977420@WSMSG3153V.srv.dir.telstra.com> MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="764183289-1902743316-1341939214=:6093" Subject: Re: [OAUTH-WG] Holder-of-the-Key for OAuth X-BeenThere: oauth@ietf.org X-Mailman-Version: 2.1.12 Precedence: list Reply-To: William Mills List-Id: OAUTH WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 10 Jul 2012 16:53:13 -0000 --764183289-1902743316-1341939214=:6093 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable The server would need to issue a key pair and not just the private key. =C2= =A0Are you saying the private key is for the certificate, and that certific= ate is part of the access_token?=0A=0A=0A=0A_______________________________= _=0A From: "Manger, James H" =0ATo: Hannes= Tschofenig ; OAuth WG =0ASent:= Monday, July 9, 2012 8:54 PM=0ASubject: Re: [OAUTH-WG] Holder-of-the-Key f= or OAuth=0A =0AHannes,=0A=0A> today I submitted a short document that illus= trates the concept of=0A> holder-of-the-key for OAuth.=0A> Here is the docu= ment:=0A> https://datatracker.ietf.org/doc/draft-tschofenig-oauth-hotk =0A= =0A=0AA different approach would be for the service to issue a private asym= metric key to the client app, along with a certificate, in the access token= response. This is a slightly better match to the OAuth2 model of the autho= rization service issuing temporary credentials for accessing resources on a= user=E2=80=99s behalf.=0A=0AWhen the token_type is "tls_client_cert" (prob= ably a better label than "hotk"), the client can access protected resources= using TLS with client authentication; using the key from the "private_key"= field. The "access_token" field holds a base64url-encoded certificate to i= nclude in the TLS handshake.=0A=0AAn example access token response could be= :=0A=0A=C2=A0 HTTP/1.1 200 OK=0A=C2=A0 Content-Type: application/json;chars= et=3DUTF-8=0A=C2=A0 Cache-Control: no-store=0A=C2=A0 Pragma: no-cache=0A=0A= =C2=A0 {=0A=C2=A0 =C2=A0 "token_type":"tls_client_cert",=0A=C2=A0 =C2=A0 "a= ccess_token":"MIIGcDCCBdmgAwIBAgIKE=E2=80=A6",=0A=C2=A0 =C2=A0 "private_key= ":{=0A=C2=A0 =C2=A0 =C2=A0 "alg":"RSA", "mod":"Ovx7=E2=80=A6", "p":"7dE=E2= =80=A6", "q":"fJ3=E2=80=A6", =E2=80=A6=0A=C2=A0 =C2=A0 },=0A=C2=A0 =C2=A0 "= expires_in":3600,=0A=C2=A0 =C2=A0 "refresh_token":"tGzv3JOkF0XG5Qx2TlKWIA"= =0A=C2=A0 }=0A=0A=0AThe suggestion above passes the "access_token" to the p= rotected resource in the TLS protocol in the form of a certificate.=0Adraft= -tschofenig-oauth-hotk says the client "presents the access token to the re= source server", but it wasn't clear to me how it was done. Were you expecti= ng the client to use the BEARER HTTP auth scheme inside the client-authenti= cated TLS connection?=0A=0A--=0AJames Manger=0A=0A_________________________= ______________________=0AOAuth mailing list=0AOAuth@ietf.org=0Ahttps://www.= ietf.org/mailman/listinfo/oauth --764183289-1902743316-1341939214=:6093 Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: quoted-printable
The server= would need to issue a key pair and not just the private key.  Are you= saying the private key is for the certificate, and that certificate is par= t of the access_token?

<= br>
From: "Manger, James H" <James.H.Manger@team.telstra.c= om>
To: Hannes Tsch= ofenig <hannes.tschofenig@gmx.net>; OAuth WG <oauth@ietf.org> <= br> Sent: Monday, July 9, = 2012 8:54 PM
Subject: Re: [OAUT= H-WG] Holder-of-the-Key for OAuth

=0AHannes,

= > today I submitted a short document that illustrates the concept of
= > holder-of-the-key for OAuth.
> Here is the document:
> https://datatracker.ietf.org/doc/draft-tschofenig-oauth-hotk= =0A


A different approach would be for the service to issue a= private asymmetric key to the client app, along with a certificate, in the= access token response. This is a slightly better match to the OAuth2 model= of the authorization service issuing temporary credentials for accessing r= esources on a user=E2=80=99s behalf.

When the token_type is "tls_cli= ent_cert" (probably a better label than "hotk"), the client can access prot= ected resources using TLS with client authentication; using the key from th= e "private_key" field. The "access_token" field holds a base64url-encoded c= ertificate to include in the TLS handshake.

An example access token = response could be:

  HTTP/1.1 200 OK
  Content-Type: ap= plication/json;charset=3DUTF-8
  Cache-Control: no-store
  = Pragma: no-cache

  {
    "token_type":"tls_client_= cert",
    "access_token":"MIIGcDCCBdmgAwIBAgIKE=E2=80=A6",    "private_key":{
      "alg":"RSA", "mod":"Ovx7=E2= =80=A6", "p":"7dE=E2=80=A6", "q":"fJ3=E2=80=A6", =E2=80=A6
   = },
    "expires_in":3600,
    "refresh_token":"t= Gzv3JOkF0XG5Qx2TlKWIA"
  }


The suggestion above passes t= he "access_token" to the protected resource in the TLS protocol in the form= of a certificate.
draft-tschofenig-oauth-hotk says the client "presents= the access token to the resource server", but it wasn't clear to me how it= was done. Were you expecting the client to use the BEARER HTTP auth scheme= inside the client-authenticated TLS connection?

--
James Manger<= br>
_______________________________________________
OAuth mailing lis= t
OA= uth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth

<= br>
=20
--764183289-1902743316-1341939214=:6093-- From ve7jtb@ve7jtb.com Tue Jul 10 09:54:14 2012 Return-Path: X-Original-To: oauth@ietfa.amsl.com Delivered-To: oauth@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7C0DB21F8661 for ; Tue, 10 Jul 2012 09:54:14 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.203 X-Spam-Level: X-Spam-Status: No, score=-2.203 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, MIME_QP_LONG_LINE=1.396, RCVD_IN_DNSWL_LOW=-1] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lY6+IzgEUWZJ for ; Tue, 10 Jul 2012 09:54:13 -0700 (PDT) Received: from mail-yx0-f172.google.com (mail-yx0-f172.google.com [209.85.213.172]) by ietfa.amsl.com (Postfix) with ESMTP id A7DB121F85FF for ; Tue, 10 Jul 2012 09:54:13 -0700 (PDT) Received: by yenq13 with SMTP id q13so214397yen.31 for ; Tue, 10 Jul 2012 09:54:41 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=references:in-reply-to:mime-version:content-transfer-encoding :content-type:message-id:cc:x-mailer:from:subject:date:to :x-gm-message-state; bh=BdpsJHh/Db+h2pVuBAeU8zQiQ1nCY59IvPC4J34R3dw=; b=ArySsqnKe1TTlHQ53nbHYVSXej8iFkFY9YmBqMAd1YhlWNvZhOeEH2CwGjhOqeciO/ g5I7z32P0kfI81NHjD6zbw8+Q5i9bJ3jGYnT29U7C2Vf1kWsCf7WsYPd5gPStVOSKH3Z XZYF8M+CFQM/MbQtgfdVvwL7zq0gqui77dzmogYYIfp6imFzZy55NesWFTmFQgZjdYYZ HDiCvfYu/273M/y+oSWNiOezYGe0bg3AKLyLFQw+jef1rtyhEifbvL9TC0G9Y3xBm7+Z YVm/zcru3J/XJxTXmxdm+kR0m1CkMDF3Rl/VfCzaGUt/vMHQziWxMHnNhOYKmBc+rTEN ZFGw== Received: by 10.68.131.10 with SMTP id oi10mr70285380pbb.122.1341939281007; Tue, 10 Jul 2012 09:54:41 -0700 (PDT) Received: from [10.2.2.172] (75-147-25-205-NewEngland.hfc.comcastbusiness.net. [75.147.25.205]) by mx.google.com with ESMTPS id mt9sm30189415pbb.14.2012.07.10.09.54.37 (version=TLSv1/SSLv3 cipher=OTHER); Tue, 10 Jul 2012 09:54:39 -0700 (PDT) References: <8FB1BC31-D183-47A0-9792-4FDF460AFAA1@gmx.net> <22194120-0613-48A7-9825-FD3BAD76062A@gmx.net> <6D7E3A30-873A-41DD-8ADA-A3334E023576@gmx.net> In-Reply-To: <6D7E3A30-873A-41DD-8ADA-A3334E023576@gmx.net> Mime-Version: 1.0 (1.0) Content-Transfer-Encoding: 7bit Content-Type: multipart/signed; micalg=sha1; boundary=Apple-Mail-31FBA15E-8F88-41A9-A944-FCF810F8643E; protocol="application/pkcs7-signature" Message-Id: <397384FE-394C-4C4B-8962-56E4F86579C1@ve7jtb.com> X-Mailer: iPhone Mail (9B206) From: John Bradley Date: Tue, 10 Jul 2012 12:54:30 -0400 To: Hannes Tschofenig X-Gm-Message-State: ALoCoQnZRAjZH2dGefmh4T9r2574/dsPxNnjNmcZLLH+7iw8mA5aiWNWtv6xv+q4aeG2F/cgQE73 Cc: OAuth WG Subject: Re: [OAUTH-WG] Holder-of-the-Key for OAuth X-BeenThere: oauth@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: OAUTH WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 10 Jul 2012 16:54:14 -0000 --Apple-Mail-31FBA15E-8F88-41A9-A944-FCF810F8643E Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii Binding the key to the channel is arguably the most secure.=20 SSL offloading and other factors may prevent that from working in all cases.= =20 I suspect that we will need two OAuth bindings. One for TLS and one for sign= ed message.=20 John B. =20 Sent from my iPhone On 2012-07-10, at 12:11 PM, Hannes Tschofenig wr= ote: > If we do not bind the key to the channel than we will run into all sorts o= f problems. The current MAC specification illustrates that quite nicely. On t= op of that you can re-use the established security channel for the actual da= ta exchange.=20 >=20 > On Jul 10, 2012, at 5:29 PM, Anthony Nadalin wrote: >=20 >>> One question is if we want to do a generic proof of possession for JWT t= hat is useful outside OAuth, or something OAuth specific. The answer may= be a combined approach. >>=20 >> Depends if we want OAuth to support the concept of a request/response for= a proof token and keep the actual binding for a separate specification, in m= ost of our cases the keying material is opaque (and just a blob), where we c= are about the key material is in the key agreement (entropy) cases. >>=20 >> -----Original Message----- >> From: John Bradley [mailto:ve7jtb@ve7jtb.com]=20 >> Sent: Tuesday, July 10, 2012 3:34 AM >> To: Hannes Tschofenig >> Cc: Anthony Nadalin; OAuth WG >> Subject: Re: [OAUTH-WG] Holder-of-the-Key for OAuth >>=20 >> I agree that there are use-cases for all of the proof of possession mecha= nisms. >>=20 >> Presentment methods also need to be considered. =20 >>=20 >> TLS client auth may not always be the best option. Sometimes message sig= ning is more appropriate. >>=20 >> One question is if we want to do a generic proof of possession for JWT th= at is useful outside OAuth, or something OAuth specific. The answer may b= e a combined approach. >>=20 >> I think this is a good start to get discussion going. >>=20 >> John B. >> On 2012-07-09, at 3:05 PM, Hannes Tschofenig wrote: >>=20 >>> Hi Tony,=20 >>>=20 >>> I had to start somewhere. I had chosen the asymmetric version since it p= rovides good security properties and there is already the BrowserID/OBC work= that I had in the back of my mind. I am particularly interested to illustra= te that you can accomplish the same, if not better, characteristics than Bro= wserID by using OAuth instead of starting from scratch.=20 >>>=20 >>> Regarding the symmetric keys: The asymmetric key can be re-used but with= a symmetric key holder-of-the-key you would have to request a fresh one eve= ry time in order to accomplish comparable security benefits.=20 >>>=20 >>> Ciao >>> Hannes >>>=20 >>> On Jul 9, 2012, at 9:57 PM, Anthony Nadalin wrote: >>>=20 >>>> Hannes, thanks for drafting this, couple of comments: >>>>=20 >>>> 1. HOK is one of Proof of Possession methods, should we consider others= ? >>>> 2. This seems just to handle asymmetric keys, need to also handle symme= tric keys >>>>=20 >>>>=20 >>>> -----Original Message----- >>>> From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On Behalf O= f Hannes Tschofenig >>>> Sent: Monday, July 09, 2012 11:15 AM >>>> To: OAuth WG >>>> Subject: [OAUTH-WG] Holder-of-the-Key for OAuth >>>>=20 >>>> Hi guys,=20 >>>>=20 >>>> today I submitted a short document that illustrates the concept of hold= er-of-the-key for OAuth.=20 >>>> Here is the document:=20 >>>> https://datatracker.ietf.org/doc/draft-tschofenig-oauth-hotk >>>>=20 >>>> Your feedback is welcome=20 >>>>=20 >>>> Ciao >>>> Hannes >>>>=20 >>>> _______________________________________________ >>>> OAuth mailing list >>>> OAuth@ietf.org >>>> https://www.ietf.org/mailman/listinfo/oauth >>>>=20 >>>>=20 >>>>=20 >>>>=20 >>>>=20 >>>=20 >>> _______________________________________________ >>> OAuth mailing list >>> OAuth@ietf.org >>> https://www.ietf.org/mailman/listinfo/oauth >>=20 >>=20 >>=20 >>=20 >>=20 >>=20 >=20 --Apple-Mail-31FBA15E-8F88-41A9-A944-FCF810F8643E Content-Disposition: attachment; filename=smime.p7s Content-Type: application/pkcs7-signature; name=smime.p7s Content-Transfer-Encoding: base64 MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIVvjCCBjQw ggQcoAMCAQICASAwDQYJKoZIhvcNAQEFBQAwfTELMAkGA1UEBhMCSUwxFjAUBgNVBAoTDVN0YXJ0 Q29tIEx0ZC4xKzApBgNVBAsTIlNlY3VyZSBEaWdpdGFsIENlcnRpZmljYXRlIFNpZ25pbmcxKTAn BgNVBAMTIFN0YXJ0Q29tIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA3MTAyNDIxMDI1NVoX DTE3MTAyNDIxMDI1NVowgYwxCzAJBgNVBAYTAklMMRYwFAYDVQQKEw1TdGFydENvbSBMdGQuMSsw KQYDVQQLEyJTZWN1cmUgRGlnaXRhbCBDZXJ0aWZpY2F0ZSBTaWduaW5nMTgwNgYDVQQDEy9TdGFy dENvbSBDbGFzcyAyIFByaW1hcnkgSW50ZXJtZWRpYXRlIENsaWVudCBDQTCCASIwDQYJKoZIhvcN AQEBBQADggEPADCCAQoCggEBAMsohUWcASz7GfKrpTOMKqANy9BV7V0igWdGxA8IU77L3aTxErQ+ fcxtDYZ36Z6GH0YFn7fq5RADteP0AYzrCA+EQTfi8q1+kA3m0nwtwXG94M5sIqsvs7lRP1aycBke /s5g9hJHryZ2acScnzczjBCAo7X1v5G3yw8MDP2m2RCye0KfgZ4nODerZJVzhAlOD9YejvAXZqHk sw56HzElVIoYSZ3q4+RJuPXXfIoyby+Y2m1E+YzX5iCZXBx05gk6MKAW1vaw4/v2OOLy6FZH3XHH tOkzUreG//CsFnB9+uaYSlR65cdGzTsmoIK8WH1ygoXhRBm98SD7Hf/r3FELNvUCAwEAAaOCAa0w ggGpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBSuVYNv7DHKufcd +q9rMfPIHeOsuzAfBgNVHSMEGDAWgBROC+8apEBbpRdphzDKNGhD0EGu8jBmBggrBgEFBQcBAQRa MFgwJwYIKwYBBQUHMAGGG2h0dHA6Ly9vY3NwLnN0YXJ0c3NsLmNvbS9jYTAtBggrBgEFBQcwAoYh aHR0cDovL3d3dy5zdGFydHNzbC5jb20vc2ZzY2EuY3J0MFsGA1UdHwRUMFIwJ6AloCOGIWh0dHA6 Ly93d3cuc3RhcnRzc2wuY29tL3Nmc2NhLmNybDAnoCWgI4YhaHR0cDovL2NybC5zdGFydHNzbC5j b20vc2ZzY2EuY3JsMIGABgNVHSAEeTB3MHUGCysGAQQBgbU3AQIBMGYwLgYIKwYBBQUHAgEWImh0 dHA6Ly93d3cuc3RhcnRzc2wuY29tL3BvbGljeS5wZGYwNAYIKwYBBQUHAgEWKGh0dHA6Ly93d3cu c3RhcnRzc2wuY29tL2ludGVybWVkaWF0ZS5wZGYwDQYJKoZIhvcNAQEFBQADggIBADqpJw3I07QW ke9plNBpxUxcffc7nUrIQpJHDci91DFG7fVhHRkMZ1J+BKg5UNUxIFJ2Z9B90Micc/NXcs7kPBRd n6XGO/vPc87Y6R+cWS9Nc9+fp3Enmsm94OxOwI9wn8qnr/6o3mD4noP9JphwUPTXwHovjavRnhUQ HLfo/i2NG0XXgTHXS2Xm0kVUozXqpYpAdumMiB/vezj1QHQJDmUdPYMcp+reg9901zkyT3fDW/iv JVv6pWtkh6Pw2ytZT7mvg7YhX3V50Nv860cV11mocUVcqBLv0gcT+HBDYtbuvexNftwNQKD5193A 7zN4vG7CTYkXxytSjKuXrpEatEiFPxWgb84nVj25SU5q/r1Xhwby6mLhkbaXslkVtwEWT3Van49r KjlK4XrUKYYWtnfzq6aSak5u0Vpxd1rY79tWhD3EdCvOhNz/QplNa+VkIsrcp7+8ZhP1l1b2U6Ma xIVteuVMD3X0vziIwr7jxYae9FZjbxlpUemqXjcC0QaFfN7qI0JsQMALL7iGRBg7K0CoOBzECdD3 fuZil5kU/LP9cr1BK31U0Uy651bFnAMMMkqhAChIbn0ei72VnbpSsrrSdF0BAGYQ8vyHae5aCg+H 75dVCV33K6FuxZrf09yTz+Vx/PkdRUYkXmZz/OTfyJXsUOUXrym6KvI2rYpccSk5MIIHtTCCBp2g AwIBAgICHlwwDQYJKoZIhvcNAQEFBQAwgYwxCzAJBgNVBAYTAklMMRYwFAYDVQQKEw1TdGFydENv bSBMdGQuMSswKQYDVQQLEyJTZWN1cmUgRGlnaXRhbCBDZXJ0aWZpY2F0ZSBTaWduaW5nMTgwNgYD VQQDEy9TdGFydENvbSBDbGFzcyAyIFByaW1hcnkgSW50ZXJtZWRpYXRlIENsaWVudCBDQTAeFw0x MjAzMTgwNDMyNDhaFw0xNDAzMTkxMTA3MzJaMIGbMRkwFwYDVQQNExBHclRNNkxTN1gzNTc3OHM5 MQswCQYDVQQGEwJDTDEiMCAGA1UECBMZTWV0cm9wb2xpdGFuYSBkZSBTYW50aWFnbzEWMBQGA1UE BxMNSXNsYSBkZSBNYWlwbzEVMBMGA1UEAxMMSm9obiBCcmFkbGV5MR4wHAYJKoZIhvcNAQkBFg9q YnJhZGxleUBtZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCySuUEj3esFMs5 AZLAhPpyjp0DD+vAM+tFeXr8XahzgoOf5A3oJ0V4ejTwfzjpUlL0IOMsq+cr2NvHGzjBip6cp09v eODO3yhztv1le1aQ6CzGAx/p0Fn8g+biVYGkJtKvex4MYNcSmITaVNleejtzbk6C5HgTpBqFykcA FmN4RYrrmYwfbmCahF/kxjWTeq67nL4UJgIcTaLBTmPOr6YjceYbn35QwUvHV+NX7NOyVHDbpxAM L+56nCN5hKnxLbqF9aKlVbBCPiOz8LtGg+2+3aLJ5T4tIfzWMbjCUBae2I4bVa2hdS5dZJwTGFyI p4pYKd6bL2qqbFF8moFE54aVAgMBAAGjggQOMIIECjAJBgNVHRMEAjAAMAsGA1UdDwQEAwIEsDAd BgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwQwHQYDVR0OBBYEFD8Dv8LEoSfOmqZmUvP2JpAz Lbh5MB8GA1UdIwQYMBaAFK5Vg2/sMcq59x36r2sx88gd46y7MH4GA1UdEQR3MHWBD2picmFkbGV5 QG1lLmNvbYEPamJyYWRsZXlAbWUuY29tgRBqYnJhZGxleUBtYWMuY29tgRF2ZTdqdGJAdmU3anRi LmNvbYETamJyYWRsZXlAd2luZ2FhLmNvbYEXam9obi5icmFkbGV5QHdpbmdhYS5jb20wggIhBgNV HSAEggIYMIICFDCCAhAGCysGAQQBgbU3AQICMIIB/zAuBggrBgEFBQcCARYiaHR0cDovL3d3dy5z dGFydHNzbC5jb20vcG9saWN5LnBkZjA0BggrBgEFBQcCARYoaHR0cDovL3d3dy5zdGFydHNzbC5j b20vaW50ZXJtZWRpYXRlLnBkZjCB9wYIKwYBBQUHAgIwgeowJxYgU3RhcnRDb20gQ2VydGlmaWNh dGlvbiBBdXRob3JpdHkwAwIBARqBvlRoaXMgY2VydGlmaWNhdGUgd2FzIGlzc3VlZCBhY2NvcmRp bmcgdG8gdGhlIENsYXNzIDIgVmFsaWRhdGlvbiByZXF1aXJlbWVudHMgb2YgdGhlIFN0YXJ0Q29t IENBIHBvbGljeSwgcmVsaWFuY2Ugb25seSBmb3IgdGhlIGludGVuZGVkIHB1cnBvc2UgaW4gY29t cGxpYW5jZSBvZiB0aGUgcmVseWluZyBwYXJ0eSBvYmxpZ2F0aW9ucy4wgZwGCCsGAQUFBwICMIGP MCcWIFN0YXJ0Q29tIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MAMCAQIaZExpYWJpbGl0eSBhbmQg d2FycmFudGllcyBhcmUgbGltaXRlZCEgU2VlIHNlY3Rpb24gIkxlZ2FsIGFuZCBMaW1pdGF0aW9u cyIgb2YgdGhlIFN0YXJ0Q29tIENBIHBvbGljeS4wNgYDVR0fBC8wLTAroCmgJ4YlaHR0cDovL2Ny bC5zdGFydHNzbC5jb20vY3J0dTItY3JsLmNybDCBjgYIKwYBBQUHAQEEgYEwfzA5BggrBgEFBQcw AYYtaHR0cDovL29jc3Auc3RhcnRzc2wuY29tL3N1Yi9jbGFzczIvY2xpZW50L2NhMEIGCCsGAQUF BzAChjZodHRwOi8vYWlhLnN0YXJ0c3NsLmNvbS9jZXJ0cy9zdWIuY2xhc3MyLmNsaWVudC5jYS5j cnQwIwYDVR0SBBwwGoYYaHR0cDovL3d3dy5zdGFydHNzbC5jb20vMA0GCSqGSIb3DQEBBQUAA4IB AQARx8Pg+Yetf5bfNo/8qxHiDAsAvRRNozPXhIieDpr0XeRvxkNtNSd5L25uCmp4lA/YgVzRTmBC cndd4Ifqn0jzya+bU2opDDxa9+CVLRohLX29+lOBclI90g7Ykk9GpoG1d/fOR1cnByRf3900yssZ 4a9oVP19Q11B0dTgEjWlVSmAqvv3pPstNz8RF8fyIWnX4KZ1WQnpjaIl1ZSniHXteZvFshPQJ1Lh JKT9VbwsWyf+ZXPqEHvdW2HCMawiS7nhanilG6rUpf6kBOdGTekdFrXPebEkyars4RcQ1wJWb5sC fJSthtSKU1L1RVNhLz/d1WwqI26kFo5k7686AmpUMIIHyTCCBbGgAwIBAgIBATANBgkqhkiG9w0B AQUFADB9MQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMiU2Vj dXJlIERpZ2l0YWwgQ2VydGlmaWNhdGUgU2lnbmluZzEpMCcGA1UEAxMgU3RhcnRDb20gQ2VydGlm aWNhdGlvbiBBdXRob3JpdHkwHhcNMDYwOTE3MTk0NjM2WhcNMzYwOTE3MTk0NjM2WjB9MQswCQYD VQQGEwJJTDEWMBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMiU2VjdXJlIERpZ2l0YWwg Q2VydGlmaWNhdGUgU2lnbmluZzEpMCcGA1UEAxMgU3RhcnRDb20gQ2VydGlmaWNhdGlvbiBBdXRo b3JpdHkwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDBiNsJvGxGfHiflXu1M5DycmLW wTYgIiRezul38kMKogZkpMyONvg45iPwbm2xPN1yo4UcodM9tDMr0y+v/uqwQVlntsQGfQqedIXW eUyAN3rfOQVSWff0G0ZDpNKFhdLDcfN1YjS6LIp/Ho/u7TTQEceWzVI9ujPW3U3eCztKS5/CJi/6 tRYccjV3yjxd5srhJosaNnZcAdt0FCX+7bWgiA/deMotHweXMAEtcnn6RtYTKqi5pquDSR3l8u/d 5AGOGAqPY1MWhWKpDhk6zLVmpsJrdAfkK+F2PrRt2PZE4XNiHzvEvqBTViVsUQn3qqvKv3b9bZvz ndu/PWa8DFaqr5hIlTpL36dYUNk4dalb6kMMAv+Z6+hsTXBbKWWc3apdzK8BMewM69KN6Oqce+Zu 9ydmDBpI125C4z/eIT574Q1w+2OqqGwaVLRcJXrJosmLFqa7LH4XXgVNWG4SHQHuEhANxjJ/GP/8 9PrNbpHoNkm+Gkhpi8KWTRoSsmkXwQqQ1vp5Iki/untp+HDH+no32NgN0nZPV/+Qt+OR0t3vwmC3 Zzrd/qqc8NSLf3Iizsafl7b4r4qgEKjZ+xjGtrVcUjyJthkqcwEKDwOzEmDyei+B26Nu/yYwl/WL 3YlXtq09s68rxbd2AvCl1iuahhQqcvbjM4xdCUsT37uMdBNSSwIDAQABo4ICUjCCAk4wDAYDVR0T BAUwAwEB/zALBgNVHQ8EBAMCAa4wHQYDVR0OBBYEFE4L7xqkQFulF2mHMMo0aEPQQa7yMGQGA1Ud HwRdMFswLKAqoCiGJmh0dHA6Ly9jZXJ0LnN0YXJ0Y29tLm9yZy9zZnNjYS1jcmwuY3JsMCugKaAn hiVodHRwOi8vY3JsLnN0YXJ0Y29tLm9yZy9zZnNjYS1jcmwuY3JsMIIBXQYDVR0gBIIBVDCCAVAw ggFMBgsrBgEEAYG1NwEBATCCATswLwYIKwYBBQUHAgEWI2h0dHA6Ly9jZXJ0LnN0YXJ0Y29tLm9y Zy9wb2xpY3kucGRmMDUGCCsGAQUFBwIBFilodHRwOi8vY2VydC5zdGFydGNvbS5vcmcvaW50ZXJt ZWRpYXRlLnBkZjCB0AYIKwYBBQUHAgIwgcMwJxYgU3RhcnQgQ29tbWVyY2lhbCAoU3RhcnRDb20p IEx0ZC4wAwIBARqBl0xpbWl0ZWQgTGlhYmlsaXR5LCByZWFkIHRoZSBzZWN0aW9uICpMZWdhbCBM aW1pdGF0aW9ucyogb2YgdGhlIFN0YXJ0Q29tIENlcnRpZmljYXRpb24gQXV0aG9yaXR5IFBvbGlj eSBhdmFpbGFibGUgYXQgaHR0cDovL2NlcnQuc3RhcnRjb20ub3JnL3BvbGljeS5wZGYwEQYJYIZI AYb4QgEBBAQDAgAHMDgGCWCGSAGG+EIBDQQrFilTdGFydENvbSBGcmVlIFNTTCBDZXJ0aWZpY2F0 aW9uIEF1dGhvcml0eTANBgkqhkiG9w0BAQUFAAOCAgEAFmyZ9GYMNPXQhV59CuzaEE44HF7fpiUF S5Eyweg78T3dRAlbB0mKKctmArexmvclmAk8jhvh3TaHK0u7aNM5Zj2gJsfyOZEdUauCe37Vzlrk 4gNXcGmXCPleWKYK34wGmkUWFjgKXlf2Ysd6AgXmvB618p70qSmD+LIU424oh0TDkBreOKk8rENN ZEXO3SipXPJzewT4F+irsfMuXGRuczE6Eri8sxHkfY+BUZo7jYn0TZNmezwD7dOaHZrzZVD1oNB1 ny+v8OqCQ5j4aZyJecRDjkZy42Q2Eq/3JR44iZB3fsNrarnDy0RLrHiQi+fHLB5LEUTINFInzQpd n4XBidUaePKVEFMy3YCEZnXZtWgo+2EuvoSoOMCZEoalHmdkrQYuL6lwhceWD3yJZfWOQ1QOq92l gDmUYMA0yZZwLKMS9R9Ie70cfmu3nZD0Ijuu+PwqyvqCUqDvr0tVk+vBtfAii6w0TiYiBKGHLHVK t+V9E9e4DGTANtLJL4YSjCMJwRuCO3NJo2pXh5Tl1njFmUNj403gdy3hZZlyaQQaRwnmDwFWJPsf vw55qVguucQJAX6Vum0ABj6y6koQOdjQK/W/7HW/lwLFCRsI3FU34oH7N4RDYiDK51ZLZer+bMEk kyShNOsF/5oirpt9P/FlUQqmMGqz9IgcgA38corog14xggNsMIIDaAIBATCBkzCBjDELMAkGA1UE BhMCSUwxFjAUBgNVBAoTDVN0YXJ0Q29tIEx0ZC4xKzApBgNVBAsTIlNlY3VyZSBEaWdpdGFsIENl cnRpZmljYXRlIFNpZ25pbmcxODA2BgNVBAMTL1N0YXJ0Q29tIENsYXNzIDIgUHJpbWFyeSBJbnRl cm1lZGlhdGUgQ2xpZW50IENBAgIeXDAJBgUrDgMCGgUAoIIBrTAYBgkqhkiG9w0BCQMxCwYJKoZI hvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0xMjA3MTAxNjU0MzlaMCMGCSqGSIb3DQEJBDEWBBTQwg/e EHSBVWUiyQPrJ3kmbvaNRDCBpAYJKwYBBAGCNxAEMYGWMIGTMIGMMQswCQYDVQQGEwJJTDEWMBQG A1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMiU2VjdXJlIERpZ2l0YWwgQ2VydGlmaWNhdGUg U2lnbmluZzE4MDYGA1UEAxMvU3RhcnRDb20gQ2xhc3MgMiBQcmltYXJ5IEludGVybWVkaWF0ZSBD bGllbnQgQ0ECAh5cMIGmBgsqhkiG9w0BCRACCzGBlqCBkzCBjDELMAkGA1UEBhMCSUwxFjAUBgNV BAoTDVN0YXJ0Q29tIEx0ZC4xKzApBgNVBAsTIlNlY3VyZSBEaWdpdGFsIENlcnRpZmljYXRlIFNp Z25pbmcxODA2BgNVBAMTL1N0YXJ0Q29tIENsYXNzIDIgUHJpbWFyeSBJbnRlcm1lZGlhdGUgQ2xp ZW50IENBAgIeXDANBgkqhkiG9w0BAQEFAASCAQCuqfRV/Rx68axnB/bEmZ0LydTVPp8iPEgiE/Az J8D2GfZjqg/7SGnPCVYH7StV2irrcYkidJGh+XIGoWIbvZjvW+ma5SGDPnn1Kdsf9i3GxH92nflJ XIWg7pyhj3muSgn6QAnAwdI7hZaoqbtiO1QOnHkAlvgG+zEjwLwLt9RlKyFG152FRJz9Ow9dG/q4 xIROzw9PbKjRzT9+SM7kdlWlESUByMZeYnnKJ2OmWil5rthgm1qmR96Yw00o+8chv9ZV/k3lnG38 nmMizPGFzsGkPZQSsbIKetlJPN3HIfMvNmekdDGAqHGJ4Eyii7UNvX3m+fw+GjDaUOgDxtnfz0g/ AAAAAAAA --Apple-Mail-31FBA15E-8F88-41A9-A944-FCF810F8643E-- From phil.hunt@oracle.com Tue Jul 10 09:56:26 2012 Return-Path: X-Original-To: oauth@ietfa.amsl.com Delivered-To: oauth@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 10F6521F8650 for ; Tue, 10 Jul 2012 09:56:26 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -10.326 X-Spam-Level: X-Spam-Status: No, score=-10.326 tagged_above=-999 required=5 tests=[AWL=0.273, BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yO9WDuqyf1Yy for ; Tue, 10 Jul 2012 09:56:20 -0700 (PDT) Received: from acsinet15.oracle.com (acsinet15.oracle.com [141.146.126.227]) by ietfa.amsl.com (Postfix) with ESMTP id F123621F8634 for ; Tue, 10 Jul 2012 09:56:19 -0700 (PDT) Received: from ucsinet21.oracle.com (ucsinet21.oracle.com [156.151.31.93]) by acsinet15.oracle.com (Sentrion-MTA-4.2.2/Sentrion-MTA-4.2.2) with ESMTP id q6AGuiaB015611 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Tue, 10 Jul 2012 16:56:45 GMT Received: from acsmt358.oracle.com (acsmt358.oracle.com [141.146.40.158]) by ucsinet21.oracle.com (8.14.4+Sun/8.14.4) with ESMTP id q6AGuhXs006570 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 10 Jul 2012 16:56:44 GMT Received: from abhmt114.oracle.com (abhmt114.oracle.com [141.146.116.66]) by acsmt358.oracle.com (8.12.11.20060308/8.12.11) with ESMTP id q6AGuh7x005146; Tue, 10 Jul 2012 11:56:43 -0500 Received: from [192.168.1.8] (/24.85.226.208) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Tue, 10 Jul 2012 09:56:43 -0700 Mime-Version: 1.0 (Apple Message framework v1278) Content-Type: text/plain; charset=us-ascii From: Phil Hunt In-Reply-To: Date: Tue, 10 Jul 2012 09:56:44 -0700 Content-Transfer-Encoding: quoted-printable Message-Id: References: <8FB1BC31-D183-47A0-9792-4FDF460AFAA1@gmx.net> <22194120-0613-48A7-9825-FD3BAD76062A@gmx.net> To: Hannes Tschofenig X-Mailer: Apple Mail (2.1278) X-Source-IP: ucsinet21.oracle.com [156.151.31.93] Cc: OAuth WG Subject: Re: [OAUTH-WG] Holder-of-the-Key for OAuth X-BeenThere: oauth@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: OAUTH WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 10 Jul 2012 16:56:26 -0000 Hannes, Thanks for your proposal. I'm glad to see work on this starting. I think use cases may demand more than just channel security. A lot of = cases do not have end-to-end TLS channels available. So while this could = be stated to be an improvement it may not achieve the end-to-end = authentication of clients being looked for. One aspect of the MAC draft that I did like was that it involved a = changing authorization value which essentially gave a message centric = security model. Would it be appropriate to start a discussion on the use cases the WG = would like to address? Phil @independentid www.independentid.com phil.hunt@oracle.com On 2012-07-10, at 3:33 AM, John Bradley wrote: > I agree that there are use-cases for all of the proof of possession = mechanisms. >=20 > Presentment methods also need to be considered. =20 >=20 > TLS client auth may not always be the best option. Sometimes message = signing is more appropriate. >=20 > One question is if we want to do a generic proof of possession for JWT = that is useful outside OAuth, or something OAuth specific. The = answer may be a combined approach. >=20 > I think this is a good start to get discussion going. >=20 > John B. > On 2012-07-09, at 3:05 PM, Hannes Tschofenig wrote: >=20 >> Hi Tony,=20 >>=20 >> I had to start somewhere. I had chosen the asymmetric version since = it provides good security properties and there is already the = BrowserID/OBC work that I had in the back of my mind. I am particularly = interested to illustrate that you can accomplish the same, if not = better, characteristics than BrowserID by using OAuth instead of = starting from scratch.=20 >>=20 >> Regarding the symmetric keys: The asymmetric key can be re-used but = with a symmetric key holder-of-the-key you would have to request a fresh = one every time in order to accomplish comparable security benefits.=20 >>=20 >> Ciao >> Hannes >>=20 >> On Jul 9, 2012, at 9:57 PM, Anthony Nadalin wrote: >>=20 >>> Hannes, thanks for drafting this, couple of comments: >>>=20 >>> 1. HOK is one of Proof of Possession methods, should we consider = others? >>> 2. This seems just to handle asymmetric keys, need to also handle = symmetric keys >>>=20 >>>=20 >>> -----Original Message----- >>> From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On = Behalf Of Hannes Tschofenig >>> Sent: Monday, July 09, 2012 11:15 AM >>> To: OAuth WG >>> Subject: [OAUTH-WG] Holder-of-the-Key for OAuth >>>=20 >>> Hi guys,=20 >>>=20 >>> today I submitted a short document that illustrates the concept of = holder-of-the-key for OAuth.=20 >>> Here is the document:=20 >>> https://datatracker.ietf.org/doc/draft-tschofenig-oauth-hotk >>>=20 >>> Your feedback is welcome=20 >>>=20 >>> Ciao >>> Hannes >>>=20 >>> _______________________________________________ >>> OAuth mailing list >>> OAuth@ietf.org >>> https://www.ietf.org/mailman/listinfo/oauth >>>=20 >>>=20 >>>=20 >>>=20 >>>=20 >>=20 >> _______________________________________________ >> OAuth mailing list >> OAuth@ietf.org >> https://www.ietf.org/mailman/listinfo/oauth >=20 > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth From ve7jtb@ve7jtb.com Tue Jul 10 09:58:35 2012 Return-Path: X-Original-To: oauth@ietfa.amsl.com Delivered-To: oauth@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3FB4121F8688 for ; Tue, 10 Jul 2012 09:58:35 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.203 X-Spam-Level: X-Spam-Status: No, score=-2.203 tagged_above=-999 required=5 tests=[AWL=-0.000, BAYES_00=-2.599, HTML_MESSAGE=0.001, MIME_QP_LONG_LINE=1.396, RCVD_IN_DNSWL_LOW=-1] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aUPVBTk1Gp8U for ; Tue, 10 Jul 2012 09:58:34 -0700 (PDT) Received: from mail-yw0-f44.google.com (mail-yw0-f44.google.com [209.85.213.44]) by ietfa.amsl.com (Postfix) with ESMTP id 69A3921F867D for ; Tue, 10 Jul 2012 09:58:34 -0700 (PDT) Received: by yhq56 with SMTP id 56so214197yhq.31 for ; Tue, 10 Jul 2012 09:59:02 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=references:in-reply-to:mime-version:content-transfer-encoding :content-type:message-id:cc:x-mailer:from:subject:date:to :x-gm-message-state; bh=wXmijUqE7hZn/GOVJ+DU8duKwZykzKgv9v3cOnVX3Es=; b=mMEk9ZTrG//NA3OuMyR04dJQ/fmjLaAT8WoSGJw9SDT2b4XMzZVNHMNmX3duWTctfs nqsEXjzStYYjeRKq2xcsk4b3WJsd6v1a5mk/zUKSi0LchEq5Cf4t1HM+wLd/KeG6Jy/x +qyaI8NU24ThAmAyRLZgWt/l0QCBK0qphVlg+a7HuyPSNZQsvPz/fwGP9cZYlQ1wjPY3 k9+PGdwwPuJDoVIBMWT5P79QOGPtwXACnwHecJWoY72dONcuIlSMFP9NuHv3RlvmALIP lV3nRNGZwwi3Id/IJNgcK2vr3FYaNAsBS/DyPNr+4P7T7hxfr7yuKwXbnvnrEBN0kgz6 J4OQ== Received: by 10.68.218.103 with SMTP id pf7mr71450806pbc.67.1341939541883; Tue, 10 Jul 2012 09:59:01 -0700 (PDT) Received: from [10.2.2.172] (75-147-25-205-NewEngland.hfc.comcastbusiness.net. [75.147.25.205]) by mx.google.com with ESMTPS id ip5sm30214055pbc.3.2012.07.10.09.58.58 (version=TLSv1/SSLv3 cipher=OTHER); Tue, 10 Jul 2012 09:59:00 -0700 (PDT) References: <8FB1BC31-D183-47A0-9792-4FDF460AFAA1@gmx.net> <255B9BB34FB7D647A506DC292726F6E114F7977420@WSMSG3153V.srv.dir.telstra.com> <1341939214.6093.YahooMailNeo@web31811.mail.mud.yahoo.com> In-Reply-To: <1341939214.6093.YahooMailNeo@web31811.mail.mud.yahoo.com> Mime-Version: 1.0 (1.0) Content-Transfer-Encoding: 7bit Content-Type: multipart/signed; micalg=sha1; boundary=Apple-Mail-798898F1-5992-44C4-B0AC-461C72F55495; protocol="application/pkcs7-signature" Message-Id: <62CBC4E5-EA67-4312-8263-6143CD7DC5C6@ve7jtb.com> X-Mailer: iPhone Mail (9B206) From: John Bradley Date: Tue, 10 Jul 2012 12:58:57 -0400 To: William Mills X-Gm-Message-State: ALoCoQkQThwfuQyHR64M09Gp7wn1w3Q7X3Ky7zWxC5ucODYGSYKxObyz7vGRk3CoClJBgDg0CF0J Cc: OAuth WG Subject: Re: [OAUTH-WG] Holder-of-the-Key for OAuth X-BeenThere: oauth@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: OAUTH WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 10 Jul 2012 16:58:35 -0000 --Apple-Mail-798898F1-5992-44C4-B0AC-461C72F55495 Content-Transfer-Encoding: 7bit Content-Type: multipart/alternative; boundary=Apple-Mail-7E22DBA1-BCE9-4F24-99A8-F59E8926D769 --Apple-Mail-7E22DBA1-BCE9-4F24-99A8-F59E8926D769 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=utf-8 We should be supporting both the client providing the key pair and a server g= enerated pair.=20 In higher security the private key may be stored in hardware.=20 There are more possible attacks if the key is sent to the client.=20 John B.=20 Sent from my iPhone On 2012-07-10, at 12:53 PM, William Mills wrote: > The server would need to issue a key pair and not just the private key. A= re you saying the private key is for the certificate, and that certificate i= s part of the access_token? >=20 >=20 > From: "Manger, James H" > To: Hannes Tschofenig ; OAuth WG =20 > Sent: Monday, July 9, 2012 8:54 PM > Subject: Re: [OAUTH-WG] Holder-of-the-Key for OAuth >=20 > Hannes, >=20 > > today I submitted a short document that illustrates the concept of > > holder-of-the-key for OAuth. > > Here is the document: > > https://datatracker.ietf.org/doc/draft-tschofenig-oauth-hotk=20 >=20 >=20 > A different approach would be for the service to issue a private asymmetri= c key to the client app, along with a certificate, in the access token respo= nse. This is a slightly better match to the OAuth2 model of the authorizatio= n service issuing temporary credentials for accessing resources on a user=E2= =80=99s behalf. >=20 > When the token_type is "tls_client_cert" (probably a better label than "ho= tk"), the client can access protected resources using TLS with client authen= tication; using the key from the "private_key" field. The "access_token" fie= ld holds a base64url-encoded certificate to include in the TLS handshake. >=20 > An example access token response could be: >=20 > HTTP/1.1 200 OK > Content-Type: application/json;charset=3DUTF-8 > Cache-Control: no-store > Pragma: no-cache >=20 > { > "token_type":"tls_client_cert", > "access_token":"MIIGcDCCBdmgAwIBAgIKE=E2=80=A6", > "private_key":{ > "alg":"RSA", "mod":"Ovx7=E2=80=A6", "p":"7dE=E2=80=A6", "q":"fJ3=E2=80= =A6", =E2=80=A6 > }, > "expires_in":3600, > "refresh_token":"tGzv3JOkF0XG5Qx2TlKWIA" > } >=20 >=20 > The suggestion above passes the "access_token" to the protected resource i= n the TLS protocol in the form of a certificate. > draft-tschofenig-oauth-hotk says the client "presents the access token to t= he resource server", but it wasn't clear to me how it was done. Were you exp= ecting the client to use the BEARER HTTP auth scheme inside the client-authe= nticated TLS connection? >=20 > -- > James Manger >=20 > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth >=20 >=20 > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth --Apple-Mail-7E22DBA1-BCE9-4F24-99A8-F59E8926D769 Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=utf-8
We should be supporting bo= th the client providing the key pair and a server generated pair. 

In higher security the private key may be stored in har= dware. 

There are more possible attacks if the= key is sent to the client. 

John B. 
=
Sent from my iPhone

On 2012-07-10, at 12:53 PM, William Mi= lls <wmills_92105@yahoo.com= > wrote:

The server would need to issue a k= ey pair and not just the private key.  Are you saying the private key i= s for the certificate, and that certificate is part of the access_token?


From: "Manger= , James H" <James.H.Ma= nger@team.telstra.com>
To:<= /span> Hannes Tschofenig <hannes.tschofenig@gmx.net>; OAuth WG <oauth@ietf.org>
Se= nt: Monday, July 9, 2012 8:54 PM
Subject: Re: [OAUTH= -WG] Holder-of-the-Key for OAuth

Hannes,

> today I submitted a short document that illustrates the c= oncept of
> holder-of-the-key for OAuth.
> Here is the document:=
> https://datatracker.ietf.org/doc/draft-tschofenig-oa= uth-hotk


A different approach would be for the service to issue a pri= vate asymmetric key to the client app, along with a certificate, in the acce= ss token response. This is a slightly better match to the OAuth2 model of th= e authorization service issuing temporary credentials for accessing resource= s on a user=E2=80=99s behalf.

When the token_type is "tls_client_cert= " (probably a better label than "hotk"), the client can access protected res= ources using TLS with client authentication; using the key from the "private= _key" field. The "access_token" field holds a base64url-encoded certificate t= o include in the TLS handshake.

An example access token response coul= d be:

  HTTP/1.1 200 OK
  Content-Type: application/json= ;charset=3DUTF-8
  Cache-Control: no-store
  Pragma: no-cach= e

  {
    "token_type":"tls_client_cert",
 =   "access_token":"MIIGcDCCBdmgAwIBAgIKE=E2=80=A6",
    "private_key":{
      "alg":"RSA", "mod":"Ovx7=E2=80= =A6", "p":"7dE=E2=80=A6", "q":"fJ3=E2=80=A6", =E2=80=A6
    },<= br>    "expires_in":3600,
    "refresh_token":"tGzv3J= OkF0XG5Qx2TlKWIA"
  }


The suggestion above passes the "ac= cess_token" to the protected resource in the TLS protocol in the form of a c= ertificate.
draft-tschofenig-oauth-hotk says the client "presents the acc= ess token to the resource server", but it wasn't clear to me how it was done= . Were you expecting the client to use the BEARER HTTP auth scheme inside th= e client-authenticated TLS connection?

--
James Manger

____= ___________________________________________
OAuth mailing list
OAuth@ietf.org<= /a>
https://www.ietf.org/mailman/listinfo/oauth


=20
_____________= __________________________________
OAuth mailing list=
OAuth@ietf.org
https://www.ietf.= org/mailman/listinfo/oauth
= --Apple-Mail-7E22DBA1-BCE9-4F24-99A8-F59E8926D769-- --Apple-Mail-798898F1-5992-44C4-B0AC-461C72F55495 Content-Disposition: attachment; filename=smime.p7s Content-Type: application/pkcs7-signature; name=smime.p7s Content-Transfer-Encoding: base64 MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIVvjCCBjQw ggQcoAMCAQICASAwDQYJKoZIhvcNAQEFBQAwfTELMAkGA1UEBhMCSUwxFjAUBgNVBAoTDVN0YXJ0 Q29tIEx0ZC4xKzApBgNVBAsTIlNlY3VyZSBEaWdpdGFsIENlcnRpZmljYXRlIFNpZ25pbmcxKTAn BgNVBAMTIFN0YXJ0Q29tIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA3MTAyNDIxMDI1NVoX DTE3MTAyNDIxMDI1NVowgYwxCzAJBgNVBAYTAklMMRYwFAYDVQQKEw1TdGFydENvbSBMdGQuMSsw KQYDVQQLEyJTZWN1cmUgRGlnaXRhbCBDZXJ0aWZpY2F0ZSBTaWduaW5nMTgwNgYDVQQDEy9TdGFy dENvbSBDbGFzcyAyIFByaW1hcnkgSW50ZXJtZWRpYXRlIENsaWVudCBDQTCCASIwDQYJKoZIhvcN AQEBBQADggEPADCCAQoCggEBAMsohUWcASz7GfKrpTOMKqANy9BV7V0igWdGxA8IU77L3aTxErQ+ fcxtDYZ36Z6GH0YFn7fq5RADteP0AYzrCA+EQTfi8q1+kA3m0nwtwXG94M5sIqsvs7lRP1aycBke /s5g9hJHryZ2acScnzczjBCAo7X1v5G3yw8MDP2m2RCye0KfgZ4nODerZJVzhAlOD9YejvAXZqHk sw56HzElVIoYSZ3q4+RJuPXXfIoyby+Y2m1E+YzX5iCZXBx05gk6MKAW1vaw4/v2OOLy6FZH3XHH tOkzUreG//CsFnB9+uaYSlR65cdGzTsmoIK8WH1ygoXhRBm98SD7Hf/r3FELNvUCAwEAAaOCAa0w ggGpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBSuVYNv7DHKufcd +q9rMfPIHeOsuzAfBgNVHSMEGDAWgBROC+8apEBbpRdphzDKNGhD0EGu8jBmBggrBgEFBQcBAQRa MFgwJwYIKwYBBQUHMAGGG2h0dHA6Ly9vY3NwLnN0YXJ0c3NsLmNvbS9jYTAtBggrBgEFBQcwAoYh aHR0cDovL3d3dy5zdGFydHNzbC5jb20vc2ZzY2EuY3J0MFsGA1UdHwRUMFIwJ6AloCOGIWh0dHA6 Ly93d3cuc3RhcnRzc2wuY29tL3Nmc2NhLmNybDAnoCWgI4YhaHR0cDovL2NybC5zdGFydHNzbC5j b20vc2ZzY2EuY3JsMIGABgNVHSAEeTB3MHUGCysGAQQBgbU3AQIBMGYwLgYIKwYBBQUHAgEWImh0 dHA6Ly93d3cuc3RhcnRzc2wuY29tL3BvbGljeS5wZGYwNAYIKwYBBQUHAgEWKGh0dHA6Ly93d3cu c3RhcnRzc2wuY29tL2ludGVybWVkaWF0ZS5wZGYwDQYJKoZIhvcNAQEFBQADggIBADqpJw3I07QW ke9plNBpxUxcffc7nUrIQpJHDci91DFG7fVhHRkMZ1J+BKg5UNUxIFJ2Z9B90Micc/NXcs7kPBRd n6XGO/vPc87Y6R+cWS9Nc9+fp3Enmsm94OxOwI9wn8qnr/6o3mD4noP9JphwUPTXwHovjavRnhUQ HLfo/i2NG0XXgTHXS2Xm0kVUozXqpYpAdumMiB/vezj1QHQJDmUdPYMcp+reg9901zkyT3fDW/iv JVv6pWtkh6Pw2ytZT7mvg7YhX3V50Nv860cV11mocUVcqBLv0gcT+HBDYtbuvexNftwNQKD5193A 7zN4vG7CTYkXxytSjKuXrpEatEiFPxWgb84nVj25SU5q/r1Xhwby6mLhkbaXslkVtwEWT3Van49r KjlK4XrUKYYWtnfzq6aSak5u0Vpxd1rY79tWhD3EdCvOhNz/QplNa+VkIsrcp7+8ZhP1l1b2U6Ma xIVteuVMD3X0vziIwr7jxYae9FZjbxlpUemqXjcC0QaFfN7qI0JsQMALL7iGRBg7K0CoOBzECdD3 fuZil5kU/LP9cr1BK31U0Uy651bFnAMMMkqhAChIbn0ei72VnbpSsrrSdF0BAGYQ8vyHae5aCg+H 75dVCV33K6FuxZrf09yTz+Vx/PkdRUYkXmZz/OTfyJXsUOUXrym6KvI2rYpccSk5MIIHtTCCBp2g AwIBAgICHlwwDQYJKoZIhvcNAQEFBQAwgYwxCzAJBgNVBAYTAklMMRYwFAYDVQQKEw1TdGFydENv bSBMdGQuMSswKQYDVQQLEyJTZWN1cmUgRGlnaXRhbCBDZXJ0aWZpY2F0ZSBTaWduaW5nMTgwNgYD VQQDEy9TdGFydENvbSBDbGFzcyAyIFByaW1hcnkgSW50ZXJtZWRpYXRlIENsaWVudCBDQTAeFw0x MjAzMTgwNDMyNDhaFw0xNDAzMTkxMTA3MzJaMIGbMRkwFwYDVQQNExBHclRNNkxTN1gzNTc3OHM5 MQswCQYDVQQGEwJDTDEiMCAGA1UECBMZTWV0cm9wb2xpdGFuYSBkZSBTYW50aWFnbzEWMBQGA1UE BxMNSXNsYSBkZSBNYWlwbzEVMBMGA1UEAxMMSm9obiBCcmFkbGV5MR4wHAYJKoZIhvcNAQkBFg9q YnJhZGxleUBtZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCySuUEj3esFMs5 AZLAhPpyjp0DD+vAM+tFeXr8XahzgoOf5A3oJ0V4ejTwfzjpUlL0IOMsq+cr2NvHGzjBip6cp09v eODO3yhztv1le1aQ6CzGAx/p0Fn8g+biVYGkJtKvex4MYNcSmITaVNleejtzbk6C5HgTpBqFykcA FmN4RYrrmYwfbmCahF/kxjWTeq67nL4UJgIcTaLBTmPOr6YjceYbn35QwUvHV+NX7NOyVHDbpxAM L+56nCN5hKnxLbqF9aKlVbBCPiOz8LtGg+2+3aLJ5T4tIfzWMbjCUBae2I4bVa2hdS5dZJwTGFyI p4pYKd6bL2qqbFF8moFE54aVAgMBAAGjggQOMIIECjAJBgNVHRMEAjAAMAsGA1UdDwQEAwIEsDAd BgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwQwHQYDVR0OBBYEFD8Dv8LEoSfOmqZmUvP2JpAz Lbh5MB8GA1UdIwQYMBaAFK5Vg2/sMcq59x36r2sx88gd46y7MH4GA1UdEQR3MHWBD2picmFkbGV5 QG1lLmNvbYEPamJyYWRsZXlAbWUuY29tgRBqYnJhZGxleUBtYWMuY29tgRF2ZTdqdGJAdmU3anRi LmNvbYETamJyYWRsZXlAd2luZ2FhLmNvbYEXam9obi5icmFkbGV5QHdpbmdhYS5jb20wggIhBgNV HSAEggIYMIICFDCCAhAGCysGAQQBgbU3AQICMIIB/zAuBggrBgEFBQcCARYiaHR0cDovL3d3dy5z dGFydHNzbC5jb20vcG9saWN5LnBkZjA0BggrBgEFBQcCARYoaHR0cDovL3d3dy5zdGFydHNzbC5j b20vaW50ZXJtZWRpYXRlLnBkZjCB9wYIKwYBBQUHAgIwgeowJxYgU3RhcnRDb20gQ2VydGlmaWNh dGlvbiBBdXRob3JpdHkwAwIBARqBvlRoaXMgY2VydGlmaWNhdGUgd2FzIGlzc3VlZCBhY2NvcmRp bmcgdG8gdGhlIENsYXNzIDIgVmFsaWRhdGlvbiByZXF1aXJlbWVudHMgb2YgdGhlIFN0YXJ0Q29t IENBIHBvbGljeSwgcmVsaWFuY2Ugb25seSBmb3IgdGhlIGludGVuZGVkIHB1cnBvc2UgaW4gY29t cGxpYW5jZSBvZiB0aGUgcmVseWluZyBwYXJ0eSBvYmxpZ2F0aW9ucy4wgZwGCCsGAQUFBwICMIGP MCcWIFN0YXJ0Q29tIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MAMCAQIaZExpYWJpbGl0eSBhbmQg d2FycmFudGllcyBhcmUgbGltaXRlZCEgU2VlIHNlY3Rpb24gIkxlZ2FsIGFuZCBMaW1pdGF0aW9u cyIgb2YgdGhlIFN0YXJ0Q29tIENBIHBvbGljeS4wNgYDVR0fBC8wLTAroCmgJ4YlaHR0cDovL2Ny bC5zdGFydHNzbC5jb20vY3J0dTItY3JsLmNybDCBjgYIKwYBBQUHAQEEgYEwfzA5BggrBgEFBQcw AYYtaHR0cDovL29jc3Auc3RhcnRzc2wuY29tL3N1Yi9jbGFzczIvY2xpZW50L2NhMEIGCCsGAQUF BzAChjZodHRwOi8vYWlhLnN0YXJ0c3NsLmNvbS9jZXJ0cy9zdWIuY2xhc3MyLmNsaWVudC5jYS5j cnQwIwYDVR0SBBwwGoYYaHR0cDovL3d3dy5zdGFydHNzbC5jb20vMA0GCSqGSIb3DQEBBQUAA4IB AQARx8Pg+Yetf5bfNo/8qxHiDAsAvRRNozPXhIieDpr0XeRvxkNtNSd5L25uCmp4lA/YgVzRTmBC cndd4Ifqn0jzya+bU2opDDxa9+CVLRohLX29+lOBclI90g7Ykk9GpoG1d/fOR1cnByRf3900yssZ 4a9oVP19Q11B0dTgEjWlVSmAqvv3pPstNz8RF8fyIWnX4KZ1WQnpjaIl1ZSniHXteZvFshPQJ1Lh JKT9VbwsWyf+ZXPqEHvdW2HCMawiS7nhanilG6rUpf6kBOdGTekdFrXPebEkyars4RcQ1wJWb5sC fJSthtSKU1L1RVNhLz/d1WwqI26kFo5k7686AmpUMIIHyTCCBbGgAwIBAgIBATANBgkqhkiG9w0B AQUFADB9MQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMiU2Vj dXJlIERpZ2l0YWwgQ2VydGlmaWNhdGUgU2lnbmluZzEpMCcGA1UEAxMgU3RhcnRDb20gQ2VydGlm aWNhdGlvbiBBdXRob3JpdHkwHhcNMDYwOTE3MTk0NjM2WhcNMzYwOTE3MTk0NjM2WjB9MQswCQYD VQQGEwJJTDEWMBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMiU2VjdXJlIERpZ2l0YWwg Q2VydGlmaWNhdGUgU2lnbmluZzEpMCcGA1UEAxMgU3RhcnRDb20gQ2VydGlmaWNhdGlvbiBBdXRo b3JpdHkwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDBiNsJvGxGfHiflXu1M5DycmLW wTYgIiRezul38kMKogZkpMyONvg45iPwbm2xPN1yo4UcodM9tDMr0y+v/uqwQVlntsQGfQqedIXW eUyAN3rfOQVSWff0G0ZDpNKFhdLDcfN1YjS6LIp/Ho/u7TTQEceWzVI9ujPW3U3eCztKS5/CJi/6 tRYccjV3yjxd5srhJosaNnZcAdt0FCX+7bWgiA/deMotHweXMAEtcnn6RtYTKqi5pquDSR3l8u/d 5AGOGAqPY1MWhWKpDhk6zLVmpsJrdAfkK+F2PrRt2PZE4XNiHzvEvqBTViVsUQn3qqvKv3b9bZvz ndu/PWa8DFaqr5hIlTpL36dYUNk4dalb6kMMAv+Z6+hsTXBbKWWc3apdzK8BMewM69KN6Oqce+Zu 9ydmDBpI125C4z/eIT574Q1w+2OqqGwaVLRcJXrJosmLFqa7LH4XXgVNWG4SHQHuEhANxjJ/GP/8 9PrNbpHoNkm+Gkhpi8KWTRoSsmkXwQqQ1vp5Iki/untp+HDH+no32NgN0nZPV/+Qt+OR0t3vwmC3 Zzrd/qqc8NSLf3Iizsafl7b4r4qgEKjZ+xjGtrVcUjyJthkqcwEKDwOzEmDyei+B26Nu/yYwl/WL 3YlXtq09s68rxbd2AvCl1iuahhQqcvbjM4xdCUsT37uMdBNSSwIDAQABo4ICUjCCAk4wDAYDVR0T BAUwAwEB/zALBgNVHQ8EBAMCAa4wHQYDVR0OBBYEFE4L7xqkQFulF2mHMMo0aEPQQa7yMGQGA1Ud HwRdMFswLKAqoCiGJmh0dHA6Ly9jZXJ0LnN0YXJ0Y29tLm9yZy9zZnNjYS1jcmwuY3JsMCugKaAn hiVodHRwOi8vY3JsLnN0YXJ0Y29tLm9yZy9zZnNjYS1jcmwuY3JsMIIBXQYDVR0gBIIBVDCCAVAw ggFMBgsrBgEEAYG1NwEBATCCATswLwYIKwYBBQUHAgEWI2h0dHA6Ly9jZXJ0LnN0YXJ0Y29tLm9y Zy9wb2xpY3kucGRmMDUGCCsGAQUFBwIBFilodHRwOi8vY2VydC5zdGFydGNvbS5vcmcvaW50ZXJt ZWRpYXRlLnBkZjCB0AYIKwYBBQUHAgIwgcMwJxYgU3RhcnQgQ29tbWVyY2lhbCAoU3RhcnRDb20p IEx0ZC4wAwIBARqBl0xpbWl0ZWQgTGlhYmlsaXR5LCByZWFkIHRoZSBzZWN0aW9uICpMZWdhbCBM aW1pdGF0aW9ucyogb2YgdGhlIFN0YXJ0Q29tIENlcnRpZmljYXRpb24gQXV0aG9yaXR5IFBvbGlj eSBhdmFpbGFibGUgYXQgaHR0cDovL2NlcnQuc3RhcnRjb20ub3JnL3BvbGljeS5wZGYwEQYJYIZI AYb4QgEBBAQDAgAHMDgGCWCGSAGG+EIBDQQrFilTdGFydENvbSBGcmVlIFNTTCBDZXJ0aWZpY2F0 aW9uIEF1dGhvcml0eTANBgkqhkiG9w0BAQUFAAOCAgEAFmyZ9GYMNPXQhV59CuzaEE44HF7fpiUF S5Eyweg78T3dRAlbB0mKKctmArexmvclmAk8jhvh3TaHK0u7aNM5Zj2gJsfyOZEdUauCe37Vzlrk 4gNXcGmXCPleWKYK34wGmkUWFjgKXlf2Ysd6AgXmvB618p70qSmD+LIU424oh0TDkBreOKk8rENN ZEXO3SipXPJzewT4F+irsfMuXGRuczE6Eri8sxHkfY+BUZo7jYn0TZNmezwD7dOaHZrzZVD1oNB1 ny+v8OqCQ5j4aZyJecRDjkZy42Q2Eq/3JR44iZB3fsNrarnDy0RLrHiQi+fHLB5LEUTINFInzQpd n4XBidUaePKVEFMy3YCEZnXZtWgo+2EuvoSoOMCZEoalHmdkrQYuL6lwhceWD3yJZfWOQ1QOq92l gDmUYMA0yZZwLKMS9R9Ie70cfmu3nZD0Ijuu+PwqyvqCUqDvr0tVk+vBtfAii6w0TiYiBKGHLHVK t+V9E9e4DGTANtLJL4YSjCMJwRuCO3NJo2pXh5Tl1njFmUNj403gdy3hZZlyaQQaRwnmDwFWJPsf vw55qVguucQJAX6Vum0ABj6y6koQOdjQK/W/7HW/lwLFCRsI3FU34oH7N4RDYiDK51ZLZer+bMEk kyShNOsF/5oirpt9P/FlUQqmMGqz9IgcgA38corog14xggNsMIIDaAIBATCBkzCBjDELMAkGA1UE BhMCSUwxFjAUBgNVBAoTDVN0YXJ0Q29tIEx0ZC4xKzApBgNVBAsTIlNlY3VyZSBEaWdpdGFsIENl cnRpZmljYXRlIFNpZ25pbmcxODA2BgNVBAMTL1N0YXJ0Q29tIENsYXNzIDIgUHJpbWFyeSBJbnRl cm1lZGlhdGUgQ2xpZW50IENBAgIeXDAJBgUrDgMCGgUAoIIBrTAYBgkqhkiG9w0BCQMxCwYJKoZI hvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0xMjA3MTAxNjU4NjBaMCMGCSqGSIb3DQEJBDEWBBSGftsU jwWAmN09Nz46Avg7oM2bSjCBpAYJKwYBBAGCNxAEMYGWMIGTMIGMMQswCQYDVQQGEwJJTDEWMBQG A1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMiU2VjdXJlIERpZ2l0YWwgQ2VydGlmaWNhdGUg U2lnbmluZzE4MDYGA1UEAxMvU3RhcnRDb20gQ2xhc3MgMiBQcmltYXJ5IEludGVybWVkaWF0ZSBD bGllbnQgQ0ECAh5cMIGmBgsqhkiG9w0BCRACCzGBlqCBkzCBjDELMAkGA1UEBhMCSUwxFjAUBgNV BAoTDVN0YXJ0Q29tIEx0ZC4xKzApBgNVBAsTIlNlY3VyZSBEaWdpdGFsIENlcnRpZmljYXRlIFNp Z25pbmcxODA2BgNVBAMTL1N0YXJ0Q29tIENsYXNzIDIgUHJpbWFyeSBJbnRlcm1lZGlhdGUgQ2xp ZW50IENBAgIeXDANBgkqhkiG9w0BAQEFAASCAQCK71Qqwe8rxZJOXxy+whzI9ZwrCZFinxg4toaS 06PyFSUdY8e1jpE26Rw0Ww1QekAS7hZsEIuYJDPbNoLOAd2CMb1m5HcYeVpdT9E7iOQUbOixdoRB mXZ5NpBokX+wz0mHAaHABv4/+Mt3QWmCMoZtaBFNQ0k1XWNHOu6DqhNgCR78vdxbdWwlz3Oc1F8h CeTolFZOg7jmYES+/2QrmD1N5gCGi1bHE6M9UAGbHq7BbaBruAMbylNzCDdvRWfU7AR1XK6mvKjB wPRI9DhLpq5JXh0cg+AvFb2yXbFOfkGJ/8C63fOhxRbgO/5neQ1QstYgB9jfkA7rek0R9DdQqeoQ AAAAAAAA --Apple-Mail-798898F1-5992-44C4-B0AC-461C72F55495-- From tonynad@microsoft.com Tue Jul 10 10:01:58 2012 Return-Path: X-Original-To: oauth@ietfa.amsl.com Delivered-To: oauth@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 62FD421F8690 for ; Tue, 10 Jul 2012 10:01:58 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -0.634 X-Spam-Level: X-Spam-Status: No, score=-0.634 tagged_above=-999 required=5 tests=[AWL=-0.167, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1, UNRESOLVED_TEMPLATE=3.132] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IJdqV+9JRTRX for ; Tue, 10 Jul 2012 10:01:57 -0700 (PDT) Received: from co1outboundpool.messaging.microsoft.com (co1ehsobe004.messaging.microsoft.com [216.32.180.187]) by ietfa.amsl.com (Postfix) with ESMTP id 3C53021F865A for ; Tue, 10 Jul 2012 10:01:57 -0700 (PDT) Received: from mail192-co1-R.bigfish.com (10.243.78.241) by CO1EHSOBE005.bigfish.com (10.243.66.68) with Microsoft SMTP Server id 14.1.225.23; Tue, 10 Jul 2012 17:00:05 +0000 Received: from mail192-co1 (localhost [127.0.0.1]) by mail192-co1-R.bigfish.com (Postfix) with ESMTP id 46805480203 for ; Tue, 10 Jul 2012 17:00:05 +0000 (UTC) X-Forefront-Antispam-Report: CIP:131.107.125.8; KIP:(null); UIP:(null); IPV:NLI; H:TK5EX14MLTC103.redmond.corp.microsoft.com; RD:none; EFVD:NLI X-SpamScore: -21 X-BigFish: VS-21(z1725nz98dI9371I936eI148cI542M1432Izz1202h1082kzz8275ch1033IL8275dhz2fh2a8h683h839h944hd25hf0ah107ah) Received-SPF: pass (mail192-co1: domain of microsoft.com designates 131.107.125.8 as permitted sender) client-ip=131.107.125.8; envelope-from=tonynad@microsoft.com; helo=TK5EX14MLTC103.redmond.corp.microsoft.com ; icrosoft.com ; X-Forefront-Antispam-Report-Untrusted: CIP:157.56.240.21; KIP:(null); UIP:(null); (null); H:BL2PRD0310HT005.namprd03.prod.outlook.com; R:internal; EFV:INT Received: from mail192-co1 (localhost.localdomain [127.0.0.1]) by mail192-co1 (MessageSwitch) id 1341939603617274_27107; Tue, 10 Jul 2012 17:00:03 +0000 (UTC) Received: from CO1EHSMHS009.bigfish.com (unknown [10.243.78.239]) by mail192-co1.bigfish.com (Postfix) with ESMTP id 8B7DB340044 for ; Tue, 10 Jul 2012 17:00:03 +0000 (UTC) Received: from TK5EX14MLTC103.redmond.corp.microsoft.com (131.107.125.8) by CO1EHSMHS009.bigfish.com (10.243.66.19) with Microsoft SMTP Server (TLS) id 14.1.225.23; Tue, 10 Jul 2012 16:59:59 +0000 Received: from CH1EHSOBE010.bigfish.com (157.54.51.81) by mail.microsoft.com (157.54.79.174) with Microsoft SMTP Server (TLS) id 14.2.298.5; Tue, 10 Jul 2012 17:02:07 +0000 Received: from mail256-ch1-R.bigfish.com (10.43.68.247) by CH1EHSOBE010.bigfish.com (10.43.70.60) with Microsoft SMTP Server id 14.1.225.23; Tue, 10 Jul 2012 16:59:10 +0000 Received: from mail256-ch1 (localhost [127.0.0.1]) by mail256-ch1-R.bigfish.com (Postfix) with ESMTP id D26FE1A402C5 for ; Tue, 10 Jul 2012 16:59:09 +0000 (UTC) Received: from mail256-ch1 (localhost.localdomain [127.0.0.1]) by mail256-ch1 (MessageSwitch) id 1341939547649447_24029; Tue, 10 Jul 2012 16:59:07 +0000 (UTC) Received: from CH1EHSMHS022.bigfish.com (snatpool2.int.messaging.microsoft.com [10.43.68.236]) by mail256-ch1.bigfish.com (Postfix) with ESMTP id 9CDDBFC0045; Tue, 10 Jul 2012 16:59:07 +0000 (UTC) Received: from BL2PRD0310HT005.namprd03.prod.outlook.com (157.56.240.21) by CH1EHSMHS022.bigfish.com (10.43.70.22) with Microsoft SMTP Server (TLS) id 14.1.225.23; Tue, 10 Jul 2012 16:59:07 +0000 Received: from BL2PRD0310MB362.namprd03.prod.outlook.com ([169.254.12.220]) by BL2PRD0310HT005.namprd03.prod.outlook.com ([10.255.97.40]) with mapi id 14.16.0152.000; Tue, 10 Jul 2012 17:01:25 +0000 From: Anthony Nadalin To: John Bradley , Hannes Tschofenig Thread-Topic: [OAUTH-WG] Holder-of-the-Key for OAuth Thread-Index: AQHNXf7R8o8oKGDddUekOoP+IJtc+pchTCgQgAADZYCAAQNmAIAAQKzAgAAd1oCAAAvlAIAAAbiQ Date: Tue, 10 Jul 2012 17:01:24 +0000 Message-ID: References: <8FB1BC31-D183-47A0-9792-4FDF460AFAA1@gmx.net> <22194120-0613-48A7-9825-FD3BAD76062A@gmx.net> <6D7E3A30-873A-41DD-8ADA-A3334E023576@gmx.net> <397384FE-394C-4C4B-8962-56E4F86579C1@ve7jtb.com> In-Reply-To: <397384FE-394C-4C4B-8962-56E4F86579C1@ve7jtb.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [131.107.174.57] Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OrganizationHeadersPreserved: BL2PRD0310HT005.namprd03.prod.outlook.com X-FOPE-CONNECTOR: Id%0$Dn%*$RO%0$TLS%0$FQDN%$TlsDn% X-FOPE-CONNECTOR: Id%59$Dn%VE7JTB.COM$RO%2$TLS%6$FQDN%131.107.125.5$TlsDn% X-FOPE-CONNECTOR: Id%59$Dn%GMX.NET$RO%2$TLS%6$FQDN%131.107.125.5$TlsDn% X-FOPE-CONNECTOR: Id%59$Dn%IETF.ORG$RO%2$TLS%6$FQDN%131.107.125.5$TlsDn% X-CrossPremisesHeadersPromoted: TK5EX14MLTC103.redmond.corp.microsoft.com X-CrossPremisesHeadersFiltered: TK5EX14MLTC103.redmond.corp.microsoft.com X-OriginatorOrg: microsoft.com Cc: OAuth WG Subject: Re: [OAUTH-WG] Holder-of-the-Key for OAuth X-BeenThere: oauth@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: OAUTH WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 10 Jul 2012 17:01:58 -0000 > Binding the key to the channel is arguably the most secure Not really, there are hardware options that give good security properties -----Original Message----- From: John Bradley [mailto:ve7jtb@ve7jtb.com]=20 Sent: Tuesday, July 10, 2012 9:55 AM To: Hannes Tschofenig Cc: Anthony Nadalin; Hannes Tschofenig; OAuth WG Subject: Re: [OAUTH-WG] Holder-of-the-Key for OAuth Binding the key to the channel is arguably the most secure.=20 SSL offloading and other factors may prevent that from working in all cases= .=20 I suspect that we will need two OAuth bindings. One for TLS and one for sig= ned message.=20 John B. =20 Sent from my iPhone On 2012-07-10, at 12:11 PM, Hannes Tschofenig w= rote: > If we do not bind the key to the channel than we will run into all sorts = of problems. The current MAC specification illustrates that quite nicely. O= n top of that you can re-use the established security channel for the actua= l data exchange.=20 >=20 > On Jul 10, 2012, at 5:29 PM, Anthony Nadalin wrote: >=20 >>> One question is if we want to do a generic proof of possession for JWT = that is useful outside OAuth, or something OAuth specific. The answer m= ay be a combined approach. >>=20 >> Depends if we want OAuth to support the concept of a request/response fo= r a proof token and keep the actual binding for a separate specification, i= n most of our cases the keying material is opaque (and just a blob), where = we care about the key material is in the key agreement (entropy) cases. >>=20 >> -----Original Message----- >> From: John Bradley [mailto:ve7jtb@ve7jtb.com]=20 >> Sent: Tuesday, July 10, 2012 3:34 AM >> To: Hannes Tschofenig >> Cc: Anthony Nadalin; OAuth WG >> Subject: Re: [OAUTH-WG] Holder-of-the-Key for OAuth >>=20 >> I agree that there are use-cases for all of the proof of possession mech= anisms. >>=20 >> Presentment methods also need to be considered. =20 >>=20 >> TLS client auth may not always be the best option. Sometimes message si= gning is more appropriate. >>=20 >> One question is if we want to do a generic proof of possession for JWT t= hat is useful outside OAuth, or something OAuth specific. The answer ma= y be a combined approach. >>=20 >> I think this is a good start to get discussion going. >>=20 >> John B. >> On 2012-07-09, at 3:05 PM, Hannes Tschofenig wrote: >>=20 >>> Hi Tony,=20 >>>=20 >>> I had to start somewhere. I had chosen the asymmetric version since it = provides good security properties and there is already the BrowserID/OBC wo= rk that I had in the back of my mind. I am particularly interested to illus= trate that you can accomplish the same, if not better, characteristics than= BrowserID by using OAuth instead of starting from scratch.=20 >>>=20 >>> Regarding the symmetric keys: The asymmetric key can be re-used but wit= h a symmetric key holder-of-the-key you would have to request a fresh one e= very time in order to accomplish comparable security benefits.=20 >>>=20 >>> Ciao >>> Hannes >>>=20 >>> On Jul 9, 2012, at 9:57 PM, Anthony Nadalin wrote: >>>=20 >>>> Hannes, thanks for drafting this, couple of comments: >>>>=20 >>>> 1. HOK is one of Proof of Possession methods, should we consider other= s? >>>> 2. This seems just to handle asymmetric keys, need to also handle symm= etric keys >>>>=20 >>>>=20 >>>> -----Original Message----- >>>> From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On Behalf= Of Hannes Tschofenig >>>> Sent: Monday, July 09, 2012 11:15 AM >>>> To: OAuth WG >>>> Subject: [OAUTH-WG] Holder-of-the-Key for OAuth >>>>=20 >>>> Hi guys,=20 >>>>=20 >>>> today I submitted a short document that illustrates the concept of hol= der-of-the-key for OAuth.=20 >>>> Here is the document:=20 >>>> https://datatracker.ietf.org/doc/draft-tschofenig-oauth-hotk >>>>=20 >>>> Your feedback is welcome=20 >>>>=20 >>>> Ciao >>>> Hannes >>>>=20 >>>> _______________________________________________ >>>> OAuth mailing list >>>> OAuth@ietf.org >>>> https://www.ietf.org/mailman/listinfo/oauth >>>>=20 >>>>=20 >>>>=20 >>>>=20 >>>>=20 >>>=20 >>> _______________________________________________ >>> OAuth mailing list >>> OAuth@ietf.org >>> https://www.ietf.org/mailman/listinfo/oauth >>=20 >>=20 >>=20 >>=20 >>=20 >>=20 >=20 From ve7jtb@ve7jtb.com Tue Jul 10 10:03:38 2012 Return-Path: X-Original-To: oauth@ietfa.amsl.com Delivered-To: oauth@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 783C421F8762 for ; Tue, 10 Jul 2012 10:03:38 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.203 X-Spam-Level: X-Spam-Status: No, score=-2.203 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599, MIME_QP_LONG_LINE=1.396, RCVD_IN_DNSWL_LOW=-1] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2yCTcovocZoZ for ; Tue, 10 Jul 2012 10:03:37 -0700 (PDT) Received: from mail-pb0-f44.google.com (mail-pb0-f44.google.com [209.85.160.44]) by ietfa.amsl.com (Postfix) with ESMTP id DD3B521F875E for ; Tue, 10 Jul 2012 10:03:37 -0700 (PDT) Received: by pbcwy7 with SMTP id wy7so591681pbc.31 for ; Tue, 10 Jul 2012 10:04:06 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=references:in-reply-to:mime-version:content-transfer-encoding :content-type:message-id:cc:x-mailer:from:subject:date:to :x-gm-message-state; bh=QMjlZnyjojRtFiEYPxco8dVluFyFqcg7RfwbRlKHL2g=; b=F4ynI+hdFj9MnQ9p6e/mPS2kazSTg+KGzX0kmLkMqHqaSayYCrhmtiLc8Fe/8KFKs1 k/vgrauKM2Y/KHsEIY4TcncQKG0ncl+Ks7sRjHtXisYMIusSCM+ozi6kQ6UihQFHZwHc m6+YtAix9pI5QwetH/RDCHJXpTjbZTdXCQ5rQF3+a2XDT6boAVqxPZgey9fQrQ0QFf1c odg04pgz+QpBrXnj/SOoBu8+1d1qtoIyGdyN7CEKafBW7XKNDIam96hHKf2H/Gc+kR8Y aJHN7FDsydOp5mIRt9yCdaOvRLQ3hfQCGfS/VcNrRYV38gHtR1GSHgqM8bBq69Iwgn69 t2HQ== Received: by 10.68.136.68 with SMTP id py4mr70813032pbb.151.1341939846005; Tue, 10 Jul 2012 10:04:06 -0700 (PDT) Received: from [10.2.2.172] (75-147-25-205-NewEngland.hfc.comcastbusiness.net. [75.147.25.205]) by mx.google.com with ESMTPS id os3sm30193165pbb.41.2012.07.10.10.04.03 (version=TLSv1/SSLv3 cipher=OTHER); Tue, 10 Jul 2012 10:04:04 -0700 (PDT) References: <8FB1BC31-D183-47A0-9792-4FDF460AFAA1@gmx.net> <22194120-0613-48A7-9825-FD3BAD76062A@gmx.net> <6D7E3A30-873A-41DD-8ADA-A3334E023576@gmx.net> <397384FE-394C-4C4B-8962-56E4F86579C1@ve7jtb.com> In-Reply-To: Mime-Version: 1.0 (1.0) Content-Transfer-Encoding: 7bit Content-Type: multipart/signed; micalg=sha1; boundary=Apple-Mail-621027DF-8F37-4B3D-9A69-32C0AC78F922; protocol="application/pkcs7-signature" Message-Id: X-Mailer: iPhone Mail (9B206) From: John Bradley Date: Tue, 10 Jul 2012 13:04:01 -0400 To: Anthony Nadalin X-Gm-Message-State: ALoCoQl/XzhOf/MUlDpOTl3YmJAWUiQgDWETK2RHEkVpQ9t3X8gcRSUDn9Y4eB5pS7WjJ9vXxyFp Cc: OAuth WG Subject: Re: [OAUTH-WG] Holder-of-the-Key for OAuth X-BeenThere: oauth@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: OAUTH WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 10 Jul 2012 17:03:38 -0000 --Apple-Mail-621027DF-8F37-4B3D-9A69-32C0AC78F922 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii When I say arguably, I expect you to argue. =20 John B.=20 Sent from my iPhone On 2012-07-10, at 1:01 PM, Anthony Nadalin wrote: >> Binding the key to the channel is arguably the most secure >=20 > Not really, there are hardware options that give good security properties >=20 > -----Original Message----- > From: John Bradley [mailto:ve7jtb@ve7jtb.com]=20 > Sent: Tuesday, July 10, 2012 9:55 AM > To: Hannes Tschofenig > Cc: Anthony Nadalin; Hannes Tschofenig; OAuth WG > Subject: Re: [OAUTH-WG] Holder-of-the-Key for OAuth >=20 > Binding the key to the channel is arguably the most secure.=20 >=20 > SSL offloading and other factors may prevent that from working in all case= s.=20 >=20 > I suspect that we will need two OAuth bindings. One for TLS and one for si= gned message.=20 >=20 > John B. =20 >=20 > Sent from my iPhone >=20 > On 2012-07-10, at 12:11 PM, Hannes Tschofenig w= rote: >=20 >> If we do not bind the key to the channel than we will run into all sorts o= f problems. The current MAC specification illustrates that quite nicely. On t= op of that you can re-use the established security channel for the actual da= ta exchange.=20 >>=20 >> On Jul 10, 2012, at 5:29 PM, Anthony Nadalin wrote: >>=20 >>>> One question is if we want to do a generic proof of possession for JWT t= hat is useful outside OAuth, or something OAuth specific. The answer may= be a combined approach. >>>=20 >>> Depends if we want OAuth to support the concept of a request/response fo= r a proof token and keep the actual binding for a separate specification, in= most of our cases the keying material is opaque (and just a blob), where we= care about the key material is in the key agreement (entropy) cases. >>>=20 >>> -----Original Message----- >>> From: John Bradley [mailto:ve7jtb@ve7jtb.com]=20 >>> Sent: Tuesday, July 10, 2012 3:34 AM >>> To: Hannes Tschofenig >>> Cc: Anthony Nadalin; OAuth WG >>> Subject: Re: [OAUTH-WG] Holder-of-the-Key for OAuth >>>=20 >>> I agree that there are use-cases for all of the proof of possession mech= anisms. >>>=20 >>> Presentment methods also need to be considered. =20 >>>=20 >>> TLS client auth may not always be the best option. Sometimes message si= gning is more appropriate. >>>=20 >>> One question is if we want to do a generic proof of possession for JWT t= hat is useful outside OAuth, or something OAuth specific. The answer may= be a combined approach. >>>=20 >>> I think this is a good start to get discussion going. >>>=20 >>> John B. >>> On 2012-07-09, at 3:05 PM, Hannes Tschofenig wrote: >>>=20 >>>> Hi Tony,=20 >>>>=20 >>>> I had to start somewhere. I had chosen the asymmetric version since it p= rovides good security properties and there is already the BrowserID/OBC work= that I had in the back of my mind. I am particularly interested to illustra= te that you can accomplish the same, if not better, characteristics than Bro= wserID by using OAuth instead of starting from scratch.=20 >>>>=20 >>>> Regarding the symmetric keys: The asymmetric key can be re-used but wit= h a symmetric key holder-of-the-key you would have to request a fresh one ev= ery time in order to accomplish comparable security benefits.=20 >>>>=20 >>>> Ciao >>>> Hannes >>>>=20 >>>> On Jul 9, 2012, at 9:57 PM, Anthony Nadalin wrote: >>>>=20 >>>>> Hannes, thanks for drafting this, couple of comments: >>>>>=20 >>>>> 1. HOK is one of Proof of Possession methods, should we consider other= s? >>>>> 2. This seems just to handle asymmetric keys, need to also handle symm= etric keys >>>>>=20 >>>>>=20 >>>>> -----Original Message----- >>>>> From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On Behalf= Of Hannes Tschofenig >>>>> Sent: Monday, July 09, 2012 11:15 AM >>>>> To: OAuth WG >>>>> Subject: [OAUTH-WG] Holder-of-the-Key for OAuth >>>>>=20 >>>>> Hi guys,=20 >>>>>=20 >>>>> today I submitted a short document that illustrates the concept of hol= der-of-the-key for OAuth.=20 >>>>> Here is the document:=20 >>>>> https://datatracker.ietf.org/doc/draft-tschofenig-oauth-hotk >>>>>=20 >>>>> Your feedback is welcome=20 >>>>>=20 >>>>> Ciao >>>>> Hannes >>>>>=20 >>>>> _______________________________________________ >>>>> OAuth mailing list >>>>> OAuth@ietf.org >>>>> https://www.ietf.org/mailman/listinfo/oauth >>>>>=20 >>>>>=20 >>>>>=20 >>>>>=20 >>>>>=20 >>>>=20 >>>> _______________________________________________ >>>> OAuth mailing list >>>> OAuth@ietf.org >>>> https://www.ietf.org/mailman/listinfo/oauth >>>=20 >>>=20 >>>=20 >>>=20 >>>=20 >>>=20 >>=20 >=20 >=20 --Apple-Mail-621027DF-8F37-4B3D-9A69-32C0AC78F922 Content-Disposition: attachment; filename=smime.p7s Content-Type: application/pkcs7-signature; name=smime.p7s Content-Transfer-Encoding: base64 MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIVvjCCBjQw ggQcoAMCAQICASAwDQYJKoZIhvcNAQEFBQAwfTELMAkGA1UEBhMCSUwxFjAUBgNVBAoTDVN0YXJ0 Q29tIEx0ZC4xKzApBgNVBAsTIlNlY3VyZSBEaWdpdGFsIENlcnRpZmljYXRlIFNpZ25pbmcxKTAn BgNVBAMTIFN0YXJ0Q29tIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA3MTAyNDIxMDI1NVoX DTE3MTAyNDIxMDI1NVowgYwxCzAJBgNVBAYTAklMMRYwFAYDVQQKEw1TdGFydENvbSBMdGQuMSsw KQYDVQQLEyJTZWN1cmUgRGlnaXRhbCBDZXJ0aWZpY2F0ZSBTaWduaW5nMTgwNgYDVQQDEy9TdGFy dENvbSBDbGFzcyAyIFByaW1hcnkgSW50ZXJtZWRpYXRlIENsaWVudCBDQTCCASIwDQYJKoZIhvcN AQEBBQADggEPADCCAQoCggEBAMsohUWcASz7GfKrpTOMKqANy9BV7V0igWdGxA8IU77L3aTxErQ+ fcxtDYZ36Z6GH0YFn7fq5RADteP0AYzrCA+EQTfi8q1+kA3m0nwtwXG94M5sIqsvs7lRP1aycBke /s5g9hJHryZ2acScnzczjBCAo7X1v5G3yw8MDP2m2RCye0KfgZ4nODerZJVzhAlOD9YejvAXZqHk sw56HzElVIoYSZ3q4+RJuPXXfIoyby+Y2m1E+YzX5iCZXBx05gk6MKAW1vaw4/v2OOLy6FZH3XHH tOkzUreG//CsFnB9+uaYSlR65cdGzTsmoIK8WH1ygoXhRBm98SD7Hf/r3FELNvUCAwEAAaOCAa0w ggGpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBSuVYNv7DHKufcd +q9rMfPIHeOsuzAfBgNVHSMEGDAWgBROC+8apEBbpRdphzDKNGhD0EGu8jBmBggrBgEFBQcBAQRa MFgwJwYIKwYBBQUHMAGGG2h0dHA6Ly9vY3NwLnN0YXJ0c3NsLmNvbS9jYTAtBggrBgEFBQcwAoYh aHR0cDovL3d3dy5zdGFydHNzbC5jb20vc2ZzY2EuY3J0MFsGA1UdHwRUMFIwJ6AloCOGIWh0dHA6 Ly93d3cuc3RhcnRzc2wuY29tL3Nmc2NhLmNybDAnoCWgI4YhaHR0cDovL2NybC5zdGFydHNzbC5j b20vc2ZzY2EuY3JsMIGABgNVHSAEeTB3MHUGCysGAQQBgbU3AQIBMGYwLgYIKwYBBQUHAgEWImh0 dHA6Ly93d3cuc3RhcnRzc2wuY29tL3BvbGljeS5wZGYwNAYIKwYBBQUHAgEWKGh0dHA6Ly93d3cu c3RhcnRzc2wuY29tL2ludGVybWVkaWF0ZS5wZGYwDQYJKoZIhvcNAQEFBQADggIBADqpJw3I07QW ke9plNBpxUxcffc7nUrIQpJHDci91DFG7fVhHRkMZ1J+BKg5UNUxIFJ2Z9B90Micc/NXcs7kPBRd n6XGO/vPc87Y6R+cWS9Nc9+fp3Enmsm94OxOwI9wn8qnr/6o3mD4noP9JphwUPTXwHovjavRnhUQ HLfo/i2NG0XXgTHXS2Xm0kVUozXqpYpAdumMiB/vezj1QHQJDmUdPYMcp+reg9901zkyT3fDW/iv JVv6pWtkh6Pw2ytZT7mvg7YhX3V50Nv860cV11mocUVcqBLv0gcT+HBDYtbuvexNftwNQKD5193A 7zN4vG7CTYkXxytSjKuXrpEatEiFPxWgb84nVj25SU5q/r1Xhwby6mLhkbaXslkVtwEWT3Van49r KjlK4XrUKYYWtnfzq6aSak5u0Vpxd1rY79tWhD3EdCvOhNz/QplNa+VkIsrcp7+8ZhP1l1b2U6Ma xIVteuVMD3X0vziIwr7jxYae9FZjbxlpUemqXjcC0QaFfN7qI0JsQMALL7iGRBg7K0CoOBzECdD3 fuZil5kU/LP9cr1BK31U0Uy651bFnAMMMkqhAChIbn0ei72VnbpSsrrSdF0BAGYQ8vyHae5aCg+H 75dVCV33K6FuxZrf09yTz+Vx/PkdRUYkXmZz/OTfyJXsUOUXrym6KvI2rYpccSk5MIIHtTCCBp2g AwIBAgICHlwwDQYJKoZIhvcNAQEFBQAwgYwxCzAJBgNVBAYTAklMMRYwFAYDVQQKEw1TdGFydENv bSBMdGQuMSswKQYDVQQLEyJTZWN1cmUgRGlnaXRhbCBDZXJ0aWZpY2F0ZSBTaWduaW5nMTgwNgYD VQQDEy9TdGFydENvbSBDbGFzcyAyIFByaW1hcnkgSW50ZXJtZWRpYXRlIENsaWVudCBDQTAeFw0x MjAzMTgwNDMyNDhaFw0xNDAzMTkxMTA3MzJaMIGbMRkwFwYDVQQNExBHclRNNkxTN1gzNTc3OHM5 MQswCQYDVQQGEwJDTDEiMCAGA1UECBMZTWV0cm9wb2xpdGFuYSBkZSBTYW50aWFnbzEWMBQGA1UE BxMNSXNsYSBkZSBNYWlwbzEVMBMGA1UEAxMMSm9obiBCcmFkbGV5MR4wHAYJKoZIhvcNAQkBFg9q YnJhZGxleUBtZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCySuUEj3esFMs5 AZLAhPpyjp0DD+vAM+tFeXr8XahzgoOf5A3oJ0V4ejTwfzjpUlL0IOMsq+cr2NvHGzjBip6cp09v eODO3yhztv1le1aQ6CzGAx/p0Fn8g+biVYGkJtKvex4MYNcSmITaVNleejtzbk6C5HgTpBqFykcA FmN4RYrrmYwfbmCahF/kxjWTeq67nL4UJgIcTaLBTmPOr6YjceYbn35QwUvHV+NX7NOyVHDbpxAM L+56nCN5hKnxLbqF9aKlVbBCPiOz8LtGg+2+3aLJ5T4tIfzWMbjCUBae2I4bVa2hdS5dZJwTGFyI p4pYKd6bL2qqbFF8moFE54aVAgMBAAGjggQOMIIECjAJBgNVHRMEAjAAMAsGA1UdDwQEAwIEsDAd BgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwQwHQYDVR0OBBYEFD8Dv8LEoSfOmqZmUvP2JpAz Lbh5MB8GA1UdIwQYMBaAFK5Vg2/sMcq59x36r2sx88gd46y7MH4GA1UdEQR3MHWBD2picmFkbGV5 QG1lLmNvbYEPamJyYWRsZXlAbWUuY29tgRBqYnJhZGxleUBtYWMuY29tgRF2ZTdqdGJAdmU3anRi LmNvbYETamJyYWRsZXlAd2luZ2FhLmNvbYEXam9obi5icmFkbGV5QHdpbmdhYS5jb20wggIhBgNV HSAEggIYMIICFDCCAhAGCysGAQQBgbU3AQICMIIB/zAuBggrBgEFBQcCARYiaHR0cDovL3d3dy5z dGFydHNzbC5jb20vcG9saWN5LnBkZjA0BggrBgEFBQcCARYoaHR0cDovL3d3dy5zdGFydHNzbC5j b20vaW50ZXJtZWRpYXRlLnBkZjCB9wYIKwYBBQUHAgIwgeowJxYgU3RhcnRDb20gQ2VydGlmaWNh dGlvbiBBdXRob3JpdHkwAwIBARqBvlRoaXMgY2VydGlmaWNhdGUgd2FzIGlzc3VlZCBhY2NvcmRp bmcgdG8gdGhlIENsYXNzIDIgVmFsaWRhdGlvbiByZXF1aXJlbWVudHMgb2YgdGhlIFN0YXJ0Q29t IENBIHBvbGljeSwgcmVsaWFuY2Ugb25seSBmb3IgdGhlIGludGVuZGVkIHB1cnBvc2UgaW4gY29t cGxpYW5jZSBvZiB0aGUgcmVseWluZyBwYXJ0eSBvYmxpZ2F0aW9ucy4wgZwGCCsGAQUFBwICMIGP MCcWIFN0YXJ0Q29tIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MAMCAQIaZExpYWJpbGl0eSBhbmQg d2FycmFudGllcyBhcmUgbGltaXRlZCEgU2VlIHNlY3Rpb24gIkxlZ2FsIGFuZCBMaW1pdGF0aW9u cyIgb2YgdGhlIFN0YXJ0Q29tIENBIHBvbGljeS4wNgYDVR0fBC8wLTAroCmgJ4YlaHR0cDovL2Ny bC5zdGFydHNzbC5jb20vY3J0dTItY3JsLmNybDCBjgYIKwYBBQUHAQEEgYEwfzA5BggrBgEFBQcw AYYtaHR0cDovL29jc3Auc3RhcnRzc2wuY29tL3N1Yi9jbGFzczIvY2xpZW50L2NhMEIGCCsGAQUF BzAChjZodHRwOi8vYWlhLnN0YXJ0c3NsLmNvbS9jZXJ0cy9zdWIuY2xhc3MyLmNsaWVudC5jYS5j cnQwIwYDVR0SBBwwGoYYaHR0cDovL3d3dy5zdGFydHNzbC5jb20vMA0GCSqGSIb3DQEBBQUAA4IB AQARx8Pg+Yetf5bfNo/8qxHiDAsAvRRNozPXhIieDpr0XeRvxkNtNSd5L25uCmp4lA/YgVzRTmBC cndd4Ifqn0jzya+bU2opDDxa9+CVLRohLX29+lOBclI90g7Ykk9GpoG1d/fOR1cnByRf3900yssZ 4a9oVP19Q11B0dTgEjWlVSmAqvv3pPstNz8RF8fyIWnX4KZ1WQnpjaIl1ZSniHXteZvFshPQJ1Lh JKT9VbwsWyf+ZXPqEHvdW2HCMawiS7nhanilG6rUpf6kBOdGTekdFrXPebEkyars4RcQ1wJWb5sC fJSthtSKU1L1RVNhLz/d1WwqI26kFo5k7686AmpUMIIHyTCCBbGgAwIBAgIBATANBgkqhkiG9w0B AQUFADB9MQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMiU2Vj dXJlIERpZ2l0YWwgQ2VydGlmaWNhdGUgU2lnbmluZzEpMCcGA1UEAxMgU3RhcnRDb20gQ2VydGlm aWNhdGlvbiBBdXRob3JpdHkwHhcNMDYwOTE3MTk0NjM2WhcNMzYwOTE3MTk0NjM2WjB9MQswCQYD VQQGEwJJTDEWMBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMiU2VjdXJlIERpZ2l0YWwg Q2VydGlmaWNhdGUgU2lnbmluZzEpMCcGA1UEAxMgU3RhcnRDb20gQ2VydGlmaWNhdGlvbiBBdXRo b3JpdHkwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDBiNsJvGxGfHiflXu1M5DycmLW wTYgIiRezul38kMKogZkpMyONvg45iPwbm2xPN1yo4UcodM9tDMr0y+v/uqwQVlntsQGfQqedIXW eUyAN3rfOQVSWff0G0ZDpNKFhdLDcfN1YjS6LIp/Ho/u7TTQEceWzVI9ujPW3U3eCztKS5/CJi/6 tRYccjV3yjxd5srhJosaNnZcAdt0FCX+7bWgiA/deMotHweXMAEtcnn6RtYTKqi5pquDSR3l8u/d 5AGOGAqPY1MWhWKpDhk6zLVmpsJrdAfkK+F2PrRt2PZE4XNiHzvEvqBTViVsUQn3qqvKv3b9bZvz ndu/PWa8DFaqr5hIlTpL36dYUNk4dalb6kMMAv+Z6+hsTXBbKWWc3apdzK8BMewM69KN6Oqce+Zu 9ydmDBpI125C4z/eIT574Q1w+2OqqGwaVLRcJXrJosmLFqa7LH4XXgVNWG4SHQHuEhANxjJ/GP/8 9PrNbpHoNkm+Gkhpi8KWTRoSsmkXwQqQ1vp5Iki/untp+HDH+no32NgN0nZPV/+Qt+OR0t3vwmC3 Zzrd/qqc8NSLf3Iizsafl7b4r4qgEKjZ+xjGtrVcUjyJthkqcwEKDwOzEmDyei+B26Nu/yYwl/WL 3YlXtq09s68rxbd2AvCl1iuahhQqcvbjM4xdCUsT37uMdBNSSwIDAQABo4ICUjCCAk4wDAYDVR0T BAUwAwEB/zALBgNVHQ8EBAMCAa4wHQYDVR0OBBYEFE4L7xqkQFulF2mHMMo0aEPQQa7yMGQGA1Ud HwRdMFswLKAqoCiGJmh0dHA6Ly9jZXJ0LnN0YXJ0Y29tLm9yZy9zZnNjYS1jcmwuY3JsMCugKaAn hiVodHRwOi8vY3JsLnN0YXJ0Y29tLm9yZy9zZnNjYS1jcmwuY3JsMIIBXQYDVR0gBIIBVDCCAVAw ggFMBgsrBgEEAYG1NwEBATCCATswLwYIKwYBBQUHAgEWI2h0dHA6Ly9jZXJ0LnN0YXJ0Y29tLm9y Zy9wb2xpY3kucGRmMDUGCCsGAQUFBwIBFilodHRwOi8vY2VydC5zdGFydGNvbS5vcmcvaW50ZXJt ZWRpYXRlLnBkZjCB0AYIKwYBBQUHAgIwgcMwJxYgU3RhcnQgQ29tbWVyY2lhbCAoU3RhcnRDb20p IEx0ZC4wAwIBARqBl0xpbWl0ZWQgTGlhYmlsaXR5LCByZWFkIHRoZSBzZWN0aW9uICpMZWdhbCBM aW1pdGF0aW9ucyogb2YgdGhlIFN0YXJ0Q29tIENlcnRpZmljYXRpb24gQXV0aG9yaXR5IFBvbGlj eSBhdmFpbGFibGUgYXQgaHR0cDovL2NlcnQuc3RhcnRjb20ub3JnL3BvbGljeS5wZGYwEQYJYIZI AYb4QgEBBAQDAgAHMDgGCWCGSAGG+EIBDQQrFilTdGFydENvbSBGcmVlIFNTTCBDZXJ0aWZpY2F0 aW9uIEF1dGhvcml0eTANBgkqhkiG9w0BAQUFAAOCAgEAFmyZ9GYMNPXQhV59CuzaEE44HF7fpiUF S5Eyweg78T3dRAlbB0mKKctmArexmvclmAk8jhvh3TaHK0u7aNM5Zj2gJsfyOZEdUauCe37Vzlrk 4gNXcGmXCPleWKYK34wGmkUWFjgKXlf2Ysd6AgXmvB618p70qSmD+LIU424oh0TDkBreOKk8rENN ZEXO3SipXPJzewT4F+irsfMuXGRuczE6Eri8sxHkfY+BUZo7jYn0TZNmezwD7dOaHZrzZVD1oNB1 ny+v8OqCQ5j4aZyJecRDjkZy42Q2Eq/3JR44iZB3fsNrarnDy0RLrHiQi+fHLB5LEUTINFInzQpd n4XBidUaePKVEFMy3YCEZnXZtWgo+2EuvoSoOMCZEoalHmdkrQYuL6lwhceWD3yJZfWOQ1QOq92l gDmUYMA0yZZwLKMS9R9Ie70cfmu3nZD0Ijuu+PwqyvqCUqDvr0tVk+vBtfAii6w0TiYiBKGHLHVK t+V9E9e4DGTANtLJL4YSjCMJwRuCO3NJo2pXh5Tl1njFmUNj403gdy3hZZlyaQQaRwnmDwFWJPsf vw55qVguucQJAX6Vum0ABj6y6koQOdjQK/W/7HW/lwLFCRsI3FU34oH7N4RDYiDK51ZLZer+bMEk kyShNOsF/5oirpt9P/FlUQqmMGqz9IgcgA38corog14xggNsMIIDaAIBATCBkzCBjDELMAkGA1UE BhMCSUwxFjAUBgNVBAoTDVN0YXJ0Q29tIEx0ZC4xKzApBgNVBAsTIlNlY3VyZSBEaWdpdGFsIENl cnRpZmljYXRlIFNpZ25pbmcxODA2BgNVBAMTL1N0YXJ0Q29tIENsYXNzIDIgUHJpbWFyeSBJbnRl cm1lZGlhdGUgQ2xpZW50IENBAgIeXDAJBgUrDgMCGgUAoIIBrTAYBgkqhkiG9w0BCQMxCwYJKoZI hvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0xMjA3MTAxNzA0MDRaMCMGCSqGSIb3DQEJBDEWBBS4sLvt 8w5VFM++/Es1zI3ge8Bj9zCBpAYJKwYBBAGCNxAEMYGWMIGTMIGMMQswCQYDVQQGEwJJTDEWMBQG A1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMiU2VjdXJlIERpZ2l0YWwgQ2VydGlmaWNhdGUg U2lnbmluZzE4MDYGA1UEAxMvU3RhcnRDb20gQ2xhc3MgMiBQcmltYXJ5IEludGVybWVkaWF0ZSBD bGllbnQgQ0ECAh5cMIGmBgsqhkiG9w0BCRACCzGBlqCBkzCBjDELMAkGA1UEBhMCSUwxFjAUBgNV BAoTDVN0YXJ0Q29tIEx0ZC4xKzApBgNVBAsTIlNlY3VyZSBEaWdpdGFsIENlcnRpZmljYXRlIFNp Z25pbmcxODA2BgNVBAMTL1N0YXJ0Q29tIENsYXNzIDIgUHJpbWFyeSBJbnRlcm1lZGlhdGUgQ2xp ZW50IENBAgIeXDANBgkqhkiG9w0BAQEFAASCAQB+Ijp6LzP0sT6KA3byu428ld1rzHlxC+a1duYM U3bGD1Ca/vCRF4tTe8kY0OmbMvFhNOw5AJiWpFl/CqBEQb4Pkwb/rdr8yWqHkAO3fFJa3P71BFpI LOeBTfwiBcbnwMqVo2y6ZtOV46DSlIGy6/T3QWtfPtBtb6UEGx59WncmQbA7+P1iBzY7qVsDQIqt 7OAEwIwjdx84dvAu8to6cLGOlvuogoumRh4uSRfIC8uJaubkl3Jp77VilqAsZWoC6KNW24eG4Scy nhrLCbcRKQxgHDZ2vjeVmn7Nmwt3StLZSW5aVD70S3FToN/0oqnkKkNnH2w2HW+VOQi8/13FaGjH AAAAAAAA --Apple-Mail-621027DF-8F37-4B3D-9A69-32C0AC78F922-- From prateek.mishra@oracle.com Tue Jul 10 10:42:13 2012 Return-Path: X-Original-To: oauth@ietfa.amsl.com Delivered-To: oauth@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A255921F8766 for ; Tue, 10 Jul 2012 10:42:13 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -10.598 X-Spam-Level: X-Spam-Status: No, score=-10.598 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-8] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2LYB4j8vBw9u for ; Tue, 10 Jul 2012 10:42:03 -0700 (PDT) Received: from rcsinet15.oracle.com (rcsinet15.oracle.com [148.87.113.117]) by ietfa.amsl.com (Postfix) with ESMTP id 1C63121F875C for ; Tue, 10 Jul 2012 10:42:03 -0700 (PDT) Received: from ucsinet21.oracle.com (ucsinet21.oracle.com [156.151.31.93]) by rcsinet15.oracle.com (Sentrion-MTA-4.2.2/Sentrion-MTA-4.2.2) with ESMTP id q6AHgUkC020518 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK) for ; Tue, 10 Jul 2012 17:42:31 GMT Received: from acsmt358.oracle.com (acsmt358.oracle.com [141.146.40.158]) by ucsinet21.oracle.com (8.14.4+Sun/8.14.4) with ESMTP id q6AHgTfa004095 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Tue, 10 Jul 2012 17:42:30 GMT Received: from abhmt112.oracle.com (abhmt112.oracle.com [141.146.116.64]) by acsmt358.oracle.com (8.12.11.20060308/8.12.11) with ESMTP id q6AHgTrH007201 for ; Tue, 10 Jul 2012 12:42:29 -0500 Received: from [10.152.55.24] (/10.152.55.24) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Tue, 10 Jul 2012 10:42:29 -0700 Message-ID: <4FFC6983.8030704@oracle.com> Date: Tue, 10 Jul 2012 13:42:27 -0400 From: prateek mishra Organization: Oracle Corporation User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:13.0) Gecko/20120614 Thunderbird/13.0.1 MIME-Version: 1.0 To: oauth@ietf.org References: <8FB1BC31-D183-47A0-9792-4FDF460AFAA1@gmx.net> <22194120-0613-48A7-9825-FD3BAD76062A@gmx.net> <6D7E3A30-873A-41DD-8ADA-A3334E023576@gmx.net> <397384FE-394C-4C4B-8962-56E4F86579C1@ve7jtb.com> In-Reply-To: Content-Type: multipart/alternative; boundary="------------080106090406000003010700" X-Source-IP: ucsinet21.oracle.com [156.151.31.93] Subject: Re: [OAUTH-WG] Holder-of-the-Key for OAuth X-BeenThere: oauth@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: OAUTH WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 10 Jul 2012 17:42:13 -0000 This is a multi-part message in MIME format. --------------080106090406000003010700 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit As Phil Hunt suggests, there is a need for a discussion of the use-cases involved How to bind the key to the requestor may have several variations, I would hope the work would cover a broad range Given the importance of the symmetric key case, I would also be interested in key establishment methods as well > When I say arguably, I expect you to argue. > > John B. > > Sent from my iPhone > > On 2012-07-10, at 1:01 PM, Anthony Nadalin wrote: > >>> Binding the key to the channel is arguably the most secure >> Not really, there are hardware options that give good security properties >> >> -----Original Message----- >> From: John Bradley [mailto:ve7jtb@ve7jtb.com] >> Sent: Tuesday, July 10, 2012 9:55 AM >> To: Hannes Tschofenig >> Cc: Anthony Nadalin; Hannes Tschofenig; OAuth WG >> Subject: Re: [OAUTH-WG] Holder-of-the-Key for OAuth >> >> Binding the key to the channel is arguably the most secure. >> >> SSL offloading and other factors may prevent that from working in all cases. >> >> I suspect that we will need two OAuth bindings. One for TLS and one for signed message. >> >> John B. >> >> Sent from my iPhone >> >> On 2012-07-10, at 12:11 PM, Hannes Tschofenig wrote: >> >>> If we do not bind the key to the channel than we will run into all sorts of problems. The current MAC specification illustrates that quite nicely. On top of that you can re-use the established security channel for the actual data exchange. >>> >>> On Jul 10, 2012, at 5:29 PM, Anthony Nadalin wrote: >>> >>>>> One question is if we want to do a generic proof of possession for JWT that is useful outside OAuth, or something OAuth specific. The answer may be a combined approach. >>>> Depends if we want OAuth to support the concept of a request/response for a proof token and keep the actual binding for a separate specification, in most of our cases the keying material is opaque (and just a blob), where we care about the key material is in the key agreement (entropy) cases. >>>> >>>> -----Original Message----- >>>> From: John Bradley [mailto:ve7jtb@ve7jtb.com] >>>> Sent: Tuesday, July 10, 2012 3:34 AM >>>> To: Hannes Tschofenig >>>> Cc: Anthony Nadalin; OAuth WG >>>> Subject: Re: [OAUTH-WG] Holder-of-the-Key for OAuth >>>> >>>> I agree that there are use-cases for all of the proof of possession mechanisms. >>>> >>>> Presentment methods also need to be considered. >>>> >>>> TLS client auth may not always be the best option. Sometimes message signing is more appropriate. >>>> >>>> One question is if we want to do a generic proof of possession for JWT that is useful outside OAuth, or something OAuth specific. The answer may be a combined approach. >>>> >>>> I think this is a good start to get discussion going. >>>> >>>> John B. >>>> On 2012-07-09, at 3:05 PM, Hannes Tschofenig wrote: >>>> >>>>> Hi Tony, >>>>> >>>>> I had to start somewhere. I had chosen the asymmetric version since it provides good security properties and there is already the BrowserID/OBC work that I had in the back of my mind. I am particularly interested to illustrate that you can accomplish the same, if not better, characteristics than BrowserID by using OAuth instead of starting from scratch. >>>>> >>>>> Regarding the symmetric keys: The asymmetric key can be re-used but with a symmetric key holder-of-the-key you would have to request a fresh one every time in order to accomplish comparable security benefits. >>>>> >>>>> Ciao >>>>> Hannes >>>>> >>>>> On Jul 9, 2012, at 9:57 PM, Anthony Nadalin wrote: >>>>> >>>>>> Hannes, thanks for drafting this, couple of comments: >>>>>> >>>>>> 1. HOK is one of Proof of Possession methods, should we consider others? >>>>>> 2. This seems just to handle asymmetric keys, need to also handle symmetric keys >>>>>> >>>>>> >>>>>> -----Original Message----- >>>>>> From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On Behalf Of Hannes Tschofenig >>>>>> Sent: Monday, July 09, 2012 11:15 AM >>>>>> To: OAuth WG >>>>>> Subject: [OAUTH-WG] Holder-of-the-Key for OAuth >>>>>> >>>>>> Hi guys, >>>>>> >>>>>> today I submitted a short document that illustrates the concept of holder-of-the-key for OAuth. >>>>>> Here is the document: >>>>>> https://datatracker.ietf.org/doc/draft-tschofenig-oauth-hotk >>>>>> >>>>>> Your feedback is welcome >>>>>> >>>>>> Ciao >>>>>> Hannes >>>>>> >>>>>> _______________________________________________ >>>>>> OAuth mailing list >>>>>> OAuth@ietf.org >>>>>> https://www.ietf.org/mailman/listinfo/oauth >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>> _______________________________________________ >>>>> OAuth mailing list >>>>> OAuth@ietf.org >>>>> https://www.ietf.org/mailman/listinfo/oauth >>>> >>>> >>>> >>>> >>>> >> >> >> >> _______________________________________________ >> OAuth mailing list >> OAuth@ietf.org >> https://www.ietf.org/mailman/listinfo/oauth --------------080106090406000003010700 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit As Phil Hunt suggests, there is a need for a discussion of the use-cases involved

How to bind the key to the requestor may have several variations, I would hope the work would cover a broad range

Given the importance of the symmetric key case, I would also be interested in key establishment methods as well


When I say arguably,  I expect you to argue.  

John B. 

Sent from my iPhone

On 2012-07-10, at 1:01 PM, Anthony Nadalin <tonynad@microsoft.com> wrote:


Binding the key to the channel is arguably the most secure

Not really, there are hardware options that give good security properties

-----Original Message-----
From: John Bradley [mailto:ve7jtb@ve7jtb.com] 
Sent: Tuesday, July 10, 2012 9:55 AM
To: Hannes Tschofenig
Cc: Anthony Nadalin; Hannes Tschofenig; OAuth WG
Subject: Re: [OAUTH-WG] Holder-of-the-Key for OAuth

Binding the key to the channel is arguably the most secure. 

SSL offloading and other factors may prevent that from working in all cases. 

I suspect that we will need two OAuth bindings. One for TLS and one for signed message. 

John B.  

Sent from my iPhone

On 2012-07-10, at 12:11 PM, Hannes Tschofenig <hannes.tschofenig@gmx.net> wrote:


If we do not bind the key to the channel than we will run into all sorts of problems. The current MAC specification illustrates that quite nicely. On top of that you can re-use the established security channel for the actual data exchange. 

On Jul 10, 2012, at 5:29 PM, Anthony Nadalin wrote:


One question is if we want to do a generic proof of possession for JWT that is useful outside OAuth,  or something OAuth specific.    The answer may be a combined approach.

Depends if we want OAuth to support the concept of a request/response for a proof token and keep the actual binding for a separate specification, in most of our cases the keying material is opaque (and just a blob), where we care about the key material  is in the key agreement (entropy) cases.

-----Original Message-----
From: John Bradley [mailto:ve7jtb@ve7jtb.com] 
Sent: Tuesday, July 10, 2012 3:34 AM
To: Hannes Tschofenig
Cc: Anthony Nadalin; OAuth WG
Subject: Re: [OAUTH-WG] Holder-of-the-Key for OAuth

I agree that there are use-cases for all of the proof of possession mechanisms.

Presentment methods also need to be considered.   

TLS client auth may not always be the best option.  Sometimes message signing is more appropriate.

One question is if we want to do a generic proof of possession for JWT that is useful outside OAuth,  or something OAuth specific.    The answer may be a combined approach.

I think this is a good start to get discussion going.

John B.
On 2012-07-09, at 3:05 PM, Hannes Tschofenig wrote:


Hi Tony, 

I had to start somewhere. I had chosen the asymmetric version since it provides good security properties and there is already the BrowserID/OBC work that I had in the back of my mind. I am particularly interested to illustrate that you can accomplish the same, if not better, characteristics than BrowserID by using OAuth instead of starting from scratch. 

Regarding the symmetric keys: The asymmetric key can be re-used but with a symmetric key holder-of-the-key you would have to request a fresh one every time in order to accomplish comparable security benefits. 

Ciao
Hannes

On Jul 9, 2012, at 9:57 PM, Anthony Nadalin wrote:


Hannes, thanks for drafting this, couple of comments:

1. HOK is one of Proof of Possession methods, should we consider others?
2. This seems just to handle asymmetric keys, need to also handle symmetric keys


-----Original Message-----
From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On Behalf Of Hannes Tschofenig
Sent: Monday, July 09, 2012 11:15 AM
To: OAuth WG
Subject: [OAUTH-WG] Holder-of-the-Key for OAuth

Hi guys, 

today I submitted a short document that illustrates the concept of holder-of-the-key for OAuth. 
Here is the document: 
https://datatracker.ietf.org/doc/draft-tschofenig-oauth-hotk

Your feedback is welcome 

Ciao
Hannes

_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth






_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth








        

        



        

        

        

        
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth


      

    

    

    

  


--------------080106090406000003010700--

From hannes.tschofenig@nsn.com  Tue Jul 10 10:45:07 2012
Return-Path: 
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 01CC521F87A3 for ; Tue, 10 Jul 2012 10:45:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -106.695
X-Spam-Level: 
X-Spam-Status: No, score=-106.695 tagged_above=-999 required=5 tests=[AWL=-0.097, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id h7mkj9N9IqKf for ; Tue, 10 Jul 2012 10:45:06 -0700 (PDT)
Received: from demumfd001.nsn-inter.net (demumfd001.nsn-inter.net [93.183.12.32]) by ietfa.amsl.com (Postfix) with ESMTP id 0BE7221F875C for ; Tue, 10 Jul 2012 10:45:04 -0700 (PDT)
Received: from demuprx017.emea.nsn-intra.net ([10.150.129.56]) by demumfd001.nsn-inter.net (8.12.11.20060308/8.12.11) with ESMTP id q6AHjTZP015365 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Tue, 10 Jul 2012 19:45:29 +0200
Received: from demuexc023.nsn-intra.net (demuexc023.nsn-intra.net [10.150.128.36]) by demuprx017.emea.nsn-intra.net (8.12.11.20060308/8.12.11) with ESMTP id q6AHjTjb000336; Tue, 10 Jul 2012 19:45:29 +0200
Received: from FIESEXC035.nsn-intra.net ([10.159.0.25]) by demuexc023.nsn-intra.net with Microsoft SMTPSVC(6.0.3790.4675);  Tue, 10 Jul 2012 19:45:29 +0200
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01CD5EC3.CB9037B9"
Date: Tue, 10 Jul 2012 20:47:16 +0300
Message-ID: <999913AB42CC9341B05A99BBF358718D01A4937B@FIESEXC035.nsn-intra.net>
In-Reply-To: <4FFC6983.8030704@oracle.com>
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: [OAUTH-WG] Holder-of-the-Key for OAuth
Thread-Index: Ac1ew26bi9K2BKxZTTuTzirkICxbmwAAHZ+w
References: <8FB1BC31-D183-47A0-9792-4FDF460AFAA1@gmx.net><22194120-0613-48A7-9825-FD3BAD76062A@gmx.net><6D7E3A30-873A-41DD-8ADA-A3334E023576@gmx.net><397384FE-394C-4C4B-8962-56E4F86579C1@ve7jtb.com> <4FFC6983.8030704@oracle.com>
From: "Tschofenig, Hannes (NSN - FI/Espoo)" 
To: "ext prateek mishra" , 
X-OriginalArrivalTime: 10 Jul 2012 17:45:29.0955 (UTC) FILETIME=[CC1ABB30:01CD5EC3]
X-purgate-type: clean
X-purgate-Ad: Categorized by eleven eXpurgate (R) http://www.eleven.de
X-purgate: clean
X-purgate: This mail is considered clean (visit http://www.eleven.de for further information)
X-purgate-size: 19773
X-purgate-ID: 151667::1341942329-00003CDD-3DC39484/0-0/0-0
Subject: Re: [OAUTH-WG] Holder-of-the-Key for OAuth
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG 
List-Unsubscribe: , 
List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: , 
X-List-Received-Date: Tue, 10 Jul 2012 17:45:07 -0000

This is a multi-part message in MIME format.

------_=_NextPart_001_01CD5EC3.CB9037B9
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

Hi Prateek,=20

=20

why do you care about the symmetric key case?=20

Specifying more variants requires more code and decreases
interoperability.=20

=20

Ciao
Hannes

=20

=20

From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On Behalf
Of ext prateek mishra
Sent: Tuesday, July 10, 2012 8:42 PM
To: oauth@ietf.org
Subject: Re: [OAUTH-WG] Holder-of-the-Key for OAuth

=20

As Phil Hunt suggests, there is a need for a discussion of the use-cases
involved

How to bind the key to the requestor may have several variations, I
would hope the work would cover a broad range

Given the importance of the symmetric key case, I would also be
interested in key establishment methods as well





When I say arguably,  I expect you to argue. =20
=20
John B.=20
=20
Sent from my iPhone
=20
On 2012-07-10, at 1:01 PM, Anthony Nadalin 
  wrote:
=20

		Binding the key to the channel is arguably the most
secure

	=20
	Not really, there are hardware options that give good security
properties
	=20
	-----Original Message-----
	From: John Bradley [mailto:ve7jtb@ve7jtb.com]=20
	Sent: Tuesday, July 10, 2012 9:55 AM
	To: Hannes Tschofenig
	Cc: Anthony Nadalin; Hannes Tschofenig; OAuth WG
	Subject: Re: [OAUTH-WG] Holder-of-the-Key for OAuth
	=20
	Binding the key to the channel is arguably the most secure.=20
	=20
	SSL offloading and other factors may prevent that from working
in all cases.=20
	=20
	I suspect that we will need two OAuth bindings. One for TLS and
one for signed message.=20
	=20
	John B. =20
	=20
	Sent from my iPhone
	=20
	On 2012-07-10, at 12:11 PM, Hannes Tschofenig
   wrote:
	=20

		If we do not bind the key to the channel than we will
run into all sorts of problems. The current MAC specification
illustrates that quite nicely. On top of that you can re-use the
established security channel for the actual data exchange.=20
		=20
		On Jul 10, 2012, at 5:29 PM, Anthony Nadalin wrote:
		=20

				One question is if we want to do a
generic proof of possession for JWT that is useful outside OAuth,  or
something OAuth specific.    The answer may be a combined approach.

			=20
			Depends if we want OAuth to support the concept
of a request/response for a proof token and keep the actual binding for
a separate specification, in most of our cases the keying material is
opaque (and just a blob), where we care about the key material  is in
the key agreement (entropy) cases.
			=20
			-----Original Message-----
			From: John Bradley [mailto:ve7jtb@ve7jtb.com]=20
			Sent: Tuesday, July 10, 2012 3:34 AM
			To: Hannes Tschofenig
			Cc: Anthony Nadalin; OAuth WG
			Subject: Re: [OAUTH-WG] Holder-of-the-Key for
OAuth
			=20
			I agree that there are use-cases for all of the
proof of possession mechanisms.
			=20
			Presentment methods also need to be considered.

			=20
			TLS client auth may not always be the best
option.  Sometimes message signing is more appropriate.
			=20
			One question is if we want to do a generic proof
of possession for JWT that is useful outside OAuth,  or something OAuth
specific.    The answer may be a combined approach.
			=20
			I think this is a good start to get discussion
going.
			=20
			John B.
			On 2012-07-09, at 3:05 PM, Hannes Tschofenig
wrote:
			=20

				Hi Tony,=20
				=20
				I had to start somewhere. I had chosen
the asymmetric version since it provides good security properties and
there is already the BrowserID/OBC work that I had in the back of my
mind. I am particularly interested to illustrate that you can accomplish
the same, if not better, characteristics than BrowserID by using OAuth
instead of starting from scratch.=20
				=20
				Regarding the symmetric keys: The
asymmetric key can be re-used but with a symmetric key holder-of-the-key
you would have to request a fresh one every time in order to accomplish
comparable security benefits.=20
				=20
				Ciao
				Hannes
				=20
				On Jul 9, 2012, at 9:57 PM, Anthony
Nadalin wrote:
				=20

				Hannes, thanks for drafting this, couple
of comments:
				=20
				1. HOK is one of Proof of Possession
methods, should we consider others?
				2. This seems just to handle asymmetric
keys, need to also handle symmetric keys
				=20
				=20
				-----Original Message-----
				From: oauth-bounces@ietf.org
[mailto:oauth-bounces@ietf.org] On Behalf Of Hannes Tschofenig
				Sent: Monday, July 09, 2012 11:15 AM
				To: OAuth WG
				Subject: [OAUTH-WG] Holder-of-the-Key
for OAuth
				=20
				Hi guys,=20
				=20
				today I submitted a short document that
illustrates the concept of holder-of-the-key for OAuth.=20
				Here is the document:=20
=09
https://datatracker.ietf.org/doc/draft-tschofenig-oauth-hotk
				=20
				Your feedback is welcome=20
				=20
				Ciao
				Hannes
				=20
=09
_______________________________________________
				OAuth mailing list
				OAuth@ietf.org
=09
https://www.ietf.org/mailman/listinfo/oauth
				=20
				=20
				=20
				=20
				=20

				=20
=09
_______________________________________________
				OAuth mailing list
				OAuth@ietf.org
=09
https://www.ietf.org/mailman/listinfo/oauth

			=20
			=20
			=20
			=20
			=20
			=20

		=20

	=20
	=20

=09
=09
=09
=09

	_______________________________________________
	OAuth mailing list
	OAuth@ietf.org
	https://www.ietf.org/mailman/listinfo/oauth

=20


------_=_NextPart_001_01CD5EC3.CB9037B9
Content-Type: text/html;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable


Hi Prateek, 
 
why do you care about the symmetric key case? =

Specifying more variants requires more code and decreases =
interoperability. 
 
Ciao
Hannes
 
 
From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On =
Behalf Of ext prateek mishra
Sent: Tuesday, July 10, 2012 =
8:42 PM
To: oauth@ietf.org
Subject: Re: [OAUTH-WG] =
Holder-of-the-Key for OAuth
 
As Phil Hunt =
suggests, there is a need for a discussion of the use-cases =
involved

How to bind the key to the requestor may have several =
variations, I would hope the work would cover a broad range

Given =
the importance of the symmetric key case, I would also be interested in =
key establishment methods as =
well



When I say arguably,  I =
expect you to argue.  =

 
John B. =

 
Sent from my =
iPhone
 
On 2012-07-10, =
at 1:01 PM, Anthony Nadalin <tonynad@microsoft.com> =
wrote:
 
Binding the key to =
the channel is arguably the most =
secure
 
Not =
really, there are hardware options that give good security =
properties
 
-----Original=
 Message-----
From: John Bradley [mailto:ve7jtb@ve7jtb.com] =

Sent: Tuesday, July 10, 2012 9:55 =
AM
To: Hannes Tschofenig
Cc: =
Anthony Nadalin; Hannes Tschofenig; OAuth =
WG
Subject: Re: [OAUTH-WG] Holder-of-the-Key for =
OAuth
 
Binding the key =
to the channel is arguably the most secure. =

 
SSL offloading and =
other factors may prevent that from working in all cases. =

 
I suspect that we will =
need two OAuth bindings. One for TLS and one for signed message. =

 
John B.  =

 
Sent from my =
iPhone
 
On 2012-07-10, =
at 12:11 PM, Hannes Tschofenig <hannes.tschofenig@gmx.net&g=
t; wrote:
 
If we do not bind =
the key to the channel than we will run into all sorts of problems. The =
current MAC specification illustrates that quite nicely. On top of that =
you can re-use the established security channel for the actual data =
exchange. 
 
On Jul 10, =
2012, at 5:29 PM, Anthony Nadalin =
wrote:
 
One question is if =
we want to do a generic proof of possession for JWT that is useful =
outside OAuth,  or something OAuth specific.    The =
answer may be a combined =
approach.
 
D=
epends if we want OAuth to support the concept of a request/response for =
a proof token and keep the actual binding for a separate specification, =
in most of our cases the keying material is opaque (and just a blob), =
where we care about the key material  is in the key agreement =
(entropy) =
cases.
 
-----Original =
Message-----
From: John Bradley [mailto:ve7jtb@ve7jtb.com] =

Sent: Tuesday, July 10, 2012 3:34 =
AM
To: Hannes Tschofenig
Cc: =
Anthony Nadalin; OAuth WG
Subject: Re: [OAUTH-WG] =
Holder-of-the-Key for =
OAuth
 
I agree that =
there are use-cases for all of the proof of possession =
mechanisms.
 
Presentment =
methods also need to be considered.   =

 
TLS client auth may =
not always be the best option.  Sometimes message signing is more =
appropriate.
 
One =
question is if we want to do a generic proof of possession for JWT that =
is useful outside OAuth,  or something OAuth =
specific.    The answer may be a combined =
approach.
 
I think this =
is a good start to get discussion =
going.
 
John =
B.
On 2012-07-09, at 3:05 PM, Hannes Tschofenig =
wrote:
 
Hi Tony, =

 
I had to start =
somewhere. I had chosen the asymmetric version since it provides good =
security properties and there is already the BrowserID/OBC work that I =
had in the back of my mind. I am particularly interested to illustrate =
that you can accomplish the same, if not better, characteristics than =
BrowserID by using OAuth instead of starting from scratch. =

 
Regarding the =
symmetric keys: The asymmetric key can be re-used but with a symmetric =
key holder-of-the-key you would have to request a fresh one every time =
in order to accomplish comparable security benefits. =

 
Ciao
Hannes
 
On Jul 9, =
2012, at 9:57 PM, Anthony Nadalin =
wrote:
 
Hannes, thanks for =
drafting this, couple of =
comments:
 
1. HOK is one =
of Proof of Possession methods, should we consider =
others?
2. This seems just to handle asymmetric =
keys, need to also handle symmetric =
keys
 
 
-----Original Message-----
From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org]=
 On Behalf Of Hannes Tschofenig
Sent: Monday, July =
09, 2012 11:15 AM
To: OAuth =
WG
Subject: [OAUTH-WG] Holder-of-the-Key for =
OAuth
 
Hi guys, =

 
today I submitted a =
short document that illustrates the concept of holder-of-the-key for =
OAuth. 
Here is the document: =

htt=
ps://datatracker.ietf.org/doc/draft-tschofenig-oauth-hotk<=
/pre>
 
Your feedback is welcome =

 
Ciao
Hannes
 
______________=
_________________________________
OAuth mailing =
list
OAuth@ietf.org
https://www.ietf.org=
/mailman/listinfo/oauth
 
<=
pre> 
 
 
 
 =

_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org=
/mailman/listinfo/oauth
 =

 
 
=
 
 
 =

 
&nb=
sp;
 



_______________________=
________________________
OAuth mailing =
list
OAuth@ietf.org
https://www.ietf.org=
/mailman/listinfo/oauth
 

------_=_NextPart_001_01CD5EC3.CB9037B9--

From tonynad@microsoft.com  Tue Jul 10 10:58:42 2012
Return-Path: 
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CA06921F8627 for ; Tue, 10 Jul 2012 10:58:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.624
X-Spam-Level: 
X-Spam-Status: No, score=-0.624 tagged_above=-999 required=5 tests=[AWL=-0.158, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1, UNRESOLVED_TEMPLATE=3.132]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 48kQVGGuwUYW for ; Tue, 10 Jul 2012 10:58:41 -0700 (PDT)
Received: from db3outboundpool.messaging.microsoft.com (db3ehsobe004.messaging.microsoft.com [213.199.154.142]) by ietfa.amsl.com (Postfix) with ESMTP id 0767421F8622 for ; Tue, 10 Jul 2012 10:58:40 -0700 (PDT)
Received: from mail14-db3-R.bigfish.com (10.3.81.239) by DB3EHSOBE003.bigfish.com (10.3.84.23) with Microsoft SMTP Server id 14.1.225.23; Tue, 10 Jul 2012 17:56:49 +0000
Received: from mail14-db3 (localhost [127.0.0.1])	by mail14-db3-R.bigfish.com (Postfix) with ESMTP id 19A9FA0480	for ; Tue, 10 Jul 2012 17:56:49 +0000 (UTC)
X-Forefront-Antispam-Report: CIP:131.107.125.8; KIP:(null); UIP:(null); IPV:NLI; H:TK5EX14MLTC104.redmond.corp.microsoft.com; RD:none; EFVD:NLI
X-SpamScore: -20
X-BigFish: VS-20(z1725nz98dI9371I936eIc85fh148cI542Mzz1202h1082kzz8275ch1033IL8275bh8275dhz2fh2a8h683h839hd25hf0ah107ah)
Received-SPF: pass (mail14-db3: domain of microsoft.com designates 131.107.125.8 as permitted sender) client-ip=131.107.125.8; envelope-from=tonynad@microsoft.com; helo=TK5EX14MLTC104.redmond.corp.microsoft.com ; icrosoft.com ; 
X-Forefront-Antispam-Report-Untrusted: CIP:157.56.240.21; KIP:(null); UIP:(null); (null); H:BL2PRD0310HT003.namprd03.prod.outlook.com; R:internal; EFV:INT
Received: from mail14-db3 (localhost.localdomain [127.0.0.1]) by mail14-db3 (MessageSwitch) id 1341943006910770_31512; Tue, 10 Jul 2012 17:56:46 +0000 (UTC)
Received: from DB3EHSMHS010.bigfish.com (unknown [10.3.81.245])	by mail14-db3.bigfish.com (Postfix) with ESMTP id DC1A03C004B	for ; Tue, 10 Jul 2012 17:56:46 +0000 (UTC)
Received: from TK5EX14MLTC104.redmond.corp.microsoft.com (131.107.125.8) by DB3EHSMHS010.bigfish.com (10.3.87.110) with Microsoft SMTP Server (TLS) id 14.1.225.23; Tue, 10 Jul 2012 17:56:46 +0000
Received: from co1outboundpool.messaging.microsoft.com (157.54.51.81) by mail.microsoft.com (157.54.79.159) with Microsoft SMTP Server (TLS) id 14.2.298.5; Tue, 10 Jul 2012 17:58:45 +0000
Received: from mail185-co1-R.bigfish.com (10.243.78.245) by CO1EHSOBE005.bigfish.com (10.243.66.68) with Microsoft SMTP Server id 14.1.225.23; Tue, 10 Jul 2012 17:55:51 +0000
Received: from mail185-co1 (localhost [127.0.0.1])	by mail185-co1-R.bigfish.com (Postfix) with ESMTP id 790532C0190	for ; Tue, 10 Jul 2012 17:55:51 +0000 (UTC)
Received: from mail185-co1 (localhost.localdomain [127.0.0.1]) by mail185-co1 (MessageSwitch) id 1341942949802178_22291; Tue, 10 Jul 2012 17:55:49 +0000 (UTC)
Received: from CO1EHSMHS025.bigfish.com (unknown [10.243.78.226])	by mail185-co1.bigfish.com (Postfix) with ESMTP id C14EB1C0044; Tue, 10 Jul 2012 17:55:49 +0000 (UTC)
Received: from BL2PRD0310HT003.namprd03.prod.outlook.com (157.56.240.21) by CO1EHSMHS025.bigfish.com (10.243.66.35) with Microsoft SMTP Server (TLS) id 14.1.225.23; Tue, 10 Jul 2012 17:55:49 +0000
Received: from BL2PRD0310MB362.namprd03.prod.outlook.com ([169.254.12.220]) by BL2PRD0310HT003.namprd03.prod.outlook.com ([10.255.97.38]) with mapi id 14.16.0175.005; Tue, 10 Jul 2012 17:58:08 +0000
From: Anthony Nadalin 
To: "Tschofenig, Hannes (NSN - FI/Espoo)" , ext prateek mishra , "oauth@ietf.org" 
Thread-Topic: [OAUTH-WG] Holder-of-the-Key for OAuth
Thread-Index: AQHNXf7R8o8oKGDddUekOoP+IJtc+pchTCgQgAADZYCAAQNmAIAAQKzAgAAd1oCAAAvlAIAAAbiQgAAA8YCAAAq9gIAAAVgAgAACB3A=
Date: Tue, 10 Jul 2012 17:58:08 +0000
Message-ID: 
References: <8FB1BC31-D183-47A0-9792-4FDF460AFAA1@gmx.net><22194120-0613-48A7-9825-FD3BAD76062A@gmx.net><6D7E3A30-873A-41DD-8ADA-A3334E023576@gmx.net><397384FE-394C-4C4B-8962-56E4F86579C1@ve7jtb.com> <4FFC6983.8030704@oracle.com> <999913AB42CC9341B05A99BBF358718D01A4937B@FIESEXC035.nsn-intra.net>
In-Reply-To: <999913AB42CC9341B05A99BBF358718D01A4937B@FIESEXC035.nsn-intra.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-originating-ip: [131.107.174.57]
Content-Type: multipart/alternative; boundary="_000_B26C1EF377CB694EAB6BDDC8E624B6E74F97B58ABL2PRD0310MB362_"
MIME-Version: 1.0
X-OrganizationHeadersPreserved: BL2PRD0310HT003.namprd03.prod.outlook.com
X-FOPE-CONNECTOR: Id%0$Dn%*$RO%0$TLS%0$FQDN%$TlsDn%
X-FOPE-CONNECTOR: Id%59$Dn%NSN.COM$RO%2$TLS%6$FQDN%131.107.125.5$TlsDn%
X-FOPE-CONNECTOR: Id%59$Dn%ORACLE.COM$RO%2$TLS%6$FQDN%131.107.125.5$TlsDn%
X-FOPE-CONNECTOR: Id%59$Dn%IETF.ORG$RO%2$TLS%6$FQDN%131.107.125.5$TlsDn%
X-CrossPremisesHeadersPromoted: TK5EX14MLTC104.redmond.corp.microsoft.com
X-CrossPremisesHeadersFiltered: TK5EX14MLTC104.redmond.corp.microsoft.com
X-OriginatorOrg: microsoft.com
Subject: Re: [OAUTH-WG] Holder-of-the-Key for OAuth
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG 
List-Unsubscribe: , 
List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: , 
X-List-Received-Date: Tue, 10 Jul 2012 17:58:42 -0000

--_000_B26C1EF377CB694EAB6BDDC8E624B6E74F97B58ABL2PRD0310MB362_
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

So one of our cases is that we want to use a proof key to protect the symme=
tric key that is used to protect messages, so yes this would be application=
 specific but that is the nature of OAuth in general, not much interop exce=
pt at the application level

From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On Behalf Of T=
schofenig, Hannes (NSN - FI/Espoo)
Sent: Tuesday, July 10, 2012 10:47 AM
To: ext prateek mishra; oauth@ietf.org
Subject: Re: [OAUTH-WG] Holder-of-the-Key for OAuth

Hi Prateek,

why do you care about the symmetric key case?
Specifying more variants requires more code and decreases interoperability.

Ciao
Hannes


From: oauth-bounces@ietf.org [mailto:oauth-b=
ounces@ietf.org] On Behalf Of ext p=
rateek mishra
Sent: Tuesday, July 10, 2012 8:42 PM
To: oauth@ietf.org
Subject: Re: [OAUTH-WG] Holder-of-the-Key for OAuth

As Phil Hunt suggests, there is a need for a discussion of the use-cases in=
volved

How to bind the key to the requestor may have several variations, I would h=
ope the work would cover a broad range

Given the importance of the symmetric key case, I would also be interested =
in key establishment methods as well



When I say arguably,  I expect you to argue.



John B.



Sent from my iPhone



On 2012-07-10, at 1:01 PM, Anthony Nadalin  wrote:



Binding the key to the channel is arguably the most secure



Not really, there are hardware options that give good security properties



-----Original Message-----

From: John Bradley [mailto:ve7jtb@ve7jtb.com]

Sent: Tuesday, July 10, 2012 9:55 AM

To: Hannes Tschofenig

Cc: Anthony Nadalin; Hannes Tschofenig; OAuth WG

Subject: Re: [OAUTH-WG] Holder-of-the-Key for OAuth



Binding the key to the channel is arguably the most secure.



SSL offloading and other factors may prevent that from working in all cases=
.



I suspect that we will need two OAuth bindings. One for TLS and one for sig=
ned message.



John B.



Sent from my iPhone



On 2012-07-10, at 12:11 PM, Hannes Tschofenig  wrote:



If we do not bind the key to the channel than we will run into all sorts of=
 problems. The current MAC specification illustrates that quite nicely. On =
top of that you can re-use the established security channel for the actual =
data exchange.



On Jul 10, 2012, at 5:29 PM, Anthony Nadalin wrote:



One question is if we want to do a generic proof of possession for JWT that=
 is useful outside OAuth,  or something OAuth specific.    The answer may b=
e a combined approach.



Depends if we want OAuth to support the concept of a request/response for a=
 proof token and keep the actual binding for a separate specification, in m=
ost of our cases the keying material is opaque (and just a blob), where we =
care about the key material  is in the key agreement (entropy) cases.



-----Original Message-----

From: John Bradley [mailto:ve7jtb@ve7jtb.com]

Sent: Tuesday, July 10, 2012 3:34 AM

To: Hannes Tschofenig

Cc: Anthony Nadalin; OAuth WG

Subject: Re: [OAUTH-WG] Holder-of-the-Key for OAuth



I agree that there are use-cases for all of the proof of possession mechani=
sms.



Presentment methods also need to be considered.



TLS client auth may not always be the best option.  Sometimes message signi=
ng is more appropriate.



One question is if we want to do a generic proof of possession for JWT that=
 is useful outside OAuth,  or something OAuth specific.    The answer may b=
e a combined approach.



I think this is a good start to get discussion going.



John B.

On 2012-07-09, at 3:05 PM, Hannes Tschofenig wrote:



Hi Tony,



I had to start somewhere. I had chosen the asymmetric version since it prov=
ides good security properties and there is already the BrowserID/OBC work t=
hat I had in the back of my mind. I am particularly interested to illustrat=
e that you can accomplish the same, if not better, characteristics than Bro=
wserID by using OAuth instead of starting from scratch.



Regarding the symmetric keys: The asymmetric key can be re-used but with a =
symmetric key holder-of-the-key you would have to request a fresh one every=
 time in order to accomplish comparable security benefits.



Ciao

Hannes



On Jul 9, 2012, at 9:57 PM, Anthony Nadalin wrote:



Hannes, thanks for drafting this, couple of comments:



1. HOK is one of Proof of Possession methods, should we consider others?

2. This seems just to handle asymmetric keys, need to also handle symmetric=
 keys





-----Original Message-----

From: oauth-bounces@ietf.org [mailto:oauth-b=
ounces@ietf.org] On Behalf Of Hannes Tschofenig

Sent: Monday, July 09, 2012 11:15 AM

To: OAuth WG

Subject: [OAUTH-WG] Holder-of-the-Key for OAuth



Hi guys,



today I submitted a short document that illustrates the concept of holder-o=
f-the-key for OAuth.

Here is the document:

https://datatracker.ietf.org/doc/draft-tschofenig-oauth-hotk



Your feedback is welcome



Ciao

Hannes



_______________________________________________

OAuth mailing list

OAuth@ietf.org

https://www.ietf.org/mailman/listinfo/oauth













_______________________________________________

OAuth mailing list

OAuth@ietf.org

https://www.ietf.org/mailman/listinfo/oauth





















_______________________________________________

OAuth mailing list

OAuth@ietf.org

https://www.ietf.org/mailman/listinfo/oauth


--_000_B26C1EF377CB694EAB6BDDC8E624B6E74F97B58ABL2PRD0310MB362_
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable











So one of our cases is th=
at we want to use a proof key to protect the symmetric key that is used to =
protect messages, so yes this would be application specific
 but that is the nature of OAuth in general, not much interop except at the=
 application level


 <=
/p>





From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf=
.org]
On Behalf Of Tschofenig, Hannes (NSN - FI/Espoo)

Sent: Tuesday, July 10, 2012 10:47 AM

To: ext prateek mishra; oauth@ietf.org

Subject: Re: [OAUTH-WG] Holder-of-the-Key for OAuth






 


Hi Prateek,



 


why do you care about the=
 symmetric key case?



Specifying more variants =
requires more code and decreases interoperability.



 <=
/p>

Ciao

Hannes


 <=
/p>

 <=
/p>







From:
oauth-bounces@ietf.org 
[mailto:oauth-bounces@ietf.org] On Behalf Of ext prateek mishra<=
br>
Sent: Tuesday, July 10, 2012 8:42 PM

To: oauth@ietf.org

Subject: Re: [OAUTH-WG] Holder-of-the-Key for OAuth






 


As =
Phil Hunt suggests, there is a need for a discussion of the use-cases invol=
ved



How to bind the key to the requestor may have several variations, I would h=
ope the work would cover a broad range



Given the importance of the symmetric key case, I would also be interested =
in key establishment methods as well








When I say arguably,  I expect you to argue.&nb=
sp; 


 


John B. 


 


Sent from my iPhone


 


On 2012-07-10, at 1:01 PM, Anthony Nadalin <tonynad@microsoft.com> wrote:<=
o:p>


 






Binding the key to the channel is arguably the most =
secure




 


Not really, there are hardware options that give goo=
d security properties


 


-----Original Message-----


From: John Bradley [mailto:ve7jtb@ve7jtb.com] 


Sent: Tuesday, July 10, 2012 9:55 AM


To: Hannes Tschofenig


Cc: Anthony Nadalin; Hannes Tschofenig; OAuth WG


Subject: Re: [OAUTH-WG] Holder-of-the-Key for OAuth<=
o:p>


 


Binding the key to the channel is arguably the most =
secure. 


 


SSL offloading and other factors may prevent that fr=
om working in all cases. 


 


I suspect that we will need two OAuth bindings. One =
for TLS and one for signed message. 


 


John B.  


 


Sent from my iPhone


 


On 2012-07-10, at 12:11 PM, Hannes Tschofenig <hannes.tschofenig@gmx.net> wrote:


 




If we do not bind the key to the channel than we wil=
l run into all sorts of problems. The current MAC specification illustrates=
 that quite nicely. On top of that you can re-use the established security =
channel for the actual data exchange. 


 


On Jul 10, 2012, at 5:29 PM, Anthony Nadalin wrote:<=
o:p>


 






One question is if we want to do a generic proof of =
possession for JWT that is useful outside OAuth,  or something OAuth s=
pecific.    The answer may be a combined approach.




 


Depends if we want OAuth to support the concept of a=
 request/response for a proof token and keep the actual binding for a separ=
ate specification, in most of our cases the keying material is opaque (and =
just a blob), where we care about the key material  is in the key agre=
ement (entropy) cases.


 


-----Original Message-----


From: John Bradley [mailto:ve7jtb@ve7jtb.com] 


Sent: Tuesday, July 10, 2012 3:34 AM


To: Hannes Tschofenig


Cc: Anthony Nadalin; OAuth WG

Subject: Re: [OAUTH-WG] Holder-of-the-Key for OAuth<=
o:p>


 


I agree that there are use-cases for all of the proo=
f of possession mechanisms.


 


Presentment methods also need to be considered. =
;  


 


TLS client auth may not always be the best option.&n=
bsp; Sometimes message signing is more appropriate.


 


One question is if we want to do a generic proof of =
possession for JWT that is useful outside OAuth,  or something OAuth s=
pecific.    The answer may be a combined approach.


 


I think this is a good start to get discussion going=
.


 


John B.


On 2012-07-09, at 3:05 PM, Hannes Tschofenig wrote:<=
o:p>


 




Hi Tony, 


 


I had to start somewhere. I had chosen the asymmetri=
c version since it provides good security properties and there is already t=
he BrowserID/OBC work that I had in the back of my mind. I am particularly =
interested to illustrate that you can accomplish the same, if not better, c=
haracteristics than BrowserID by using OAuth instead of starting from scrat=
ch. 


 


Regarding the symmetric keys: The asymmetric key can=
 be re-used but with a symmetric key holder-of-the-key you would have to re=
quest a fresh one every time in order to accomplish comparable security ben=
efits. 


 


Ciao


Hannes


 


On Jul 9, 2012, at 9:57 PM, Anthony Nadalin wrote:


 




Hannes, thanks for drafting this, couple of comments=
:


 


1. HOK is one of Proof of Possession methods, should=
 we consider others?


2. This seems just to handle asymmetric keys, need t=
o also handle symmetric keys


 


 


-----Original Message-----


From: oaut=
h-bounces@ietf.org [mailto:oa=
uth-bounces@ietf.org] On Behalf Of Hannes Tschofenig<=
/pre>

Sent: Monday, July 09, 2012 11:15 AM


To: OAuth WG


Subject: [OAUTH-WG] Holder-of-the-Key for OAuth=



 


Hi guys, 


 


today I submitted a short document that illustrates =
the concept of holder-of-the-key for OAuth. 


Here is the document: 


https://datatracker.ietf.org/doc/draft-tschofenig-oaut=
h-hotk


 


Your feedback is welcome 


 


Ciao


Hannes


 


_______________________________________________=



OAuth mailing list


OAuth@ietf.org=



https://www.ietf.org/mailman/listinfo/oauth


 


 


 


 


 




 


_______________________________________________=



OAuth mailing list


OAuth@ietf.org=



https://www.ietf.org/mailman/listinfo/oauth




 


 


 


 


 


 




 




 


 








_______________________________________________=



OAuth mailing list


OAuth@ietf.org=



https://www.ietf.org/mailman/listinfo/oauth




 








--_000_B26C1EF377CB694EAB6BDDC8E624B6E74F97B58ABL2PRD0310MB362_--

From derek@ihtfp.com  Tue Jul 10 11:05:34 2012
Return-Path: 
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9F29121F8764 for ; Tue, 10 Jul 2012 11:05:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -101.396
X-Spam-Level: 
X-Spam-Status: No, score=-101.396 tagged_above=-999 required=5 tests=[AWL=-0.897, BAYES_05=-1.11, HELO_MISMATCH_ORG=0.611, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Dw37v16eXzhe for ; Tue, 10 Jul 2012 11:05:34 -0700 (PDT)
Received: from mail2.ihtfp.org (MAIL2.IHTFP.ORG [204.107.200.7]) by ietfa.amsl.com (Postfix) with ESMTP id CCBEB21F8732 for ; Tue, 10 Jul 2012 11:05:33 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mail2.ihtfp.org (Postfix) with ESMTP id B39352602A6 for ; Tue, 10 Jul 2012 14:06:00 -0400 (EDT)
Received: from mail2.ihtfp.org ([127.0.0.1]) by localhost (mail2.ihtfp.org [127.0.0.1]) (amavisd-maia, port 10024) with ESMTP id 01810-05 for ; Tue, 10 Jul 2012 14:05:59 -0400 (EDT)
Received: from mocana.ihtfp.org (unknown [IPv6:fe80::224:d7ff:fee7:8924]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "cliodev.ihtfp.com", Issuer "IHTFP Consulting Certification Authority" (not verified)) by mail2.ihtfp.org (Postfix) with ESMTPS id C2CEB2602A4 for ; Tue, 10 Jul 2012 14:05:59 -0400 (EDT)
Received: (from warlord@localhost) by mocana.ihtfp.org (8.14.5/8.14.5/Submit) id q6AI5sI8019367; Tue, 10 Jul 2012 14:05:54 -0400
From: Derek Atkins 
To: oauth@ietf.org
Date: Tue, 10 Jul 2012 14:05:52 -0400
Message-ID: 
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/23.3 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Virus-Scanned: Maia Mailguard 1.0.2a
Subject: [OAUTH-WG] Change in editorship of OAuth Core Spec
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG 
List-Unsubscribe: , 
List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: , 
X-List-Received-Date: Tue, 10 Jul 2012 18:05:34 -0000

Hi,

Eran Hammer has decided to step down as Editor of the OAuth Core
specification.  I would like to personally thank Eran for all his years
of hard work and effort to the draft as well as to the working group at
large.

Dick Hardt has agreed to take over the editor role to see the draft to
completion.

Thanks to Eran and Dick!

-derek, for the chairs
-- 
       Derek Atkins                 617-623-3745
       derek@ihtfp.com             www.ihtfp.com
       Computer and Internet Security Consultant

From prateek.mishra@oracle.com  Tue Jul 10 12:00:00 2012
Return-Path: 
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2756B21F868A for ; Tue, 10 Jul 2012 12:00:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.598
X-Spam-Level: 
X-Spam-Status: No, score=-10.598 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Mht+XDvuRxVx for ; Tue, 10 Jul 2012 11:59:57 -0700 (PDT)
Received: from acsinet15.oracle.com (acsinet15.oracle.com [141.146.126.227]) by ietfa.amsl.com (Postfix) with ESMTP id DC3AA21F8685 for ; Tue, 10 Jul 2012 11:59:56 -0700 (PDT)
Received: from ucsinet21.oracle.com (ucsinet21.oracle.com [156.151.31.93]) by acsinet15.oracle.com (Sentrion-MTA-4.2.2/Sentrion-MTA-4.2.2) with ESMTP id q6AJ0N0h017200 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Tue, 10 Jul 2012 19:00:23 GMT
Received: from acsmt358.oracle.com (acsmt358.oracle.com [141.146.40.158]) by ucsinet21.oracle.com (8.14.4+Sun/8.14.4) with ESMTP id q6AJ0M2t022192 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 10 Jul 2012 19:00:22 GMT
Received: from abhmt105.oracle.com (abhmt105.oracle.com [141.146.116.57]) by acsmt358.oracle.com (8.12.11.20060308/8.12.11) with ESMTP id q6AJ0LPG000803; Tue, 10 Jul 2012 14:00:21 -0500
Received: from [10.152.55.24] (/10.152.55.24) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Tue, 10 Jul 2012 12:00:21 -0700
Message-ID: <4FFC7BC4.5030902@oracle.com>
Date: Tue, 10 Jul 2012 15:00:20 -0400
From: prateek mishra 
Organization: Oracle Corporation
User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:13.0) Gecko/20120614 Thunderbird/13.0.1
MIME-Version: 1.0
To: "Tschofenig, Hannes (NSN - FI/Espoo)" 
References: <8FB1BC31-D183-47A0-9792-4FDF460AFAA1@gmx.net><22194120-0613-48A7-9825-FD3BAD76062A@gmx.net><6D7E3A30-873A-41DD-8ADA-A3334E023576@gmx.net><397384FE-394C-4C4B-8962-56E4F86579C1@ve7jtb.com> <4FFC6983.8030704@oracle.com> <999913AB42CC9341B05A99BBF358718D01A4937B@FIESEXC035.nsn-intra.net>
In-Reply-To: <999913AB42CC9341B05A99BBF358718D01A4937B@FIESEXC035.nsn-intra.net>
Content-Type: multipart/alternative; boundary="------------050908060903030906050002"
X-Source-IP: ucsinet21.oracle.com [156.151.31.93]
Cc: oauth@ietf.org
Subject: Re: [OAUTH-WG] Holder-of-the-Key for OAuth
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG 
List-Unsubscribe: , 
List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: , 
X-List-Received-Date: Tue, 10 Jul 2012 19:00:00 -0000

This is a multi-part message in MIME format.
--------------050908060903030906050002
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit

Hannes,

we have a variety of use-cases wherein a single server ("client") 
repeatedly interacts with a resource server for business purposes. These 
interactions may be on-behalf-of
a single user or even multiple users. In such a use-case, use of 
assymetric signature imposes an unacceptable performance penalty and 
there is a lot of interest in being able
to use symmetric signature instead.

- prateek
>
> Hi Prateek,
>
> why do you care about the symmetric key case?
>
> Specifying more variants requires more code and decreases 
> interoperability.
>
> Ciao
> Hannes
>
> *From:*oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] *On 
> Behalf Of *ext prateek mishra
> *Sent:* Tuesday, July 10, 2012 8:42 PM
> *To:* oauth@ietf.org
> *Subject:* Re: [OAUTH-WG] Holder-of-the-Key for OAuth
>
> As Phil Hunt suggests, there is a need for a discussion of the 
> use-cases involved
>
> How to bind the key to the requestor may have several variations, I 
> would hope the work would cover a broad range
>
> Given the importance of the symmetric key case, I would also be 
> interested in key establishment methods as well
>
>
>
> When I say arguably,  I expect you to argue.
>   
> John B.
>   
> Sent from my iPhone
>   
> On 2012-07-10, at 1:01 PM, Anthony Nadalin    wrote:
>   
>
>         Binding the key to the channel is arguably the most secure
>
>       
>
>     Not really, there are hardware options that give good security properties
>
>       
>
>     -----Original Message-----
>
>     From: John Bradley [mailto:ve7jtb@ve7jtb.com]
>
>     Sent: Tuesday, July 10, 2012 9:55 AM
>
>     To: Hannes Tschofenig
>
>     Cc: Anthony Nadalin; Hannes Tschofenig; OAuth WG
>
>     Subject: Re: [OAUTH-WG] Holder-of-the-Key for OAuth
>
>       
>
>     Binding the key to the channel is arguably the most secure.
>
>       
>
>     SSL offloading and other factors may prevent that from working in all cases.
>
>       
>
>     I suspect that we will need two OAuth bindings. One for TLS and one for signed message.
>
>       
>
>     John B.
>
>       
>
>     Sent from my iPhone
>
>       
>
>     On 2012-07-10, at 12:11 PM, Hannes Tschofenig    wrote:
>
>       
>
>         If we do not bind the key to the channel than we will run into all sorts of problems. The current MAC specification illustrates that quite nicely. On top of that you can re-use the established security channel for the actual data exchange.
>
>           
>
>         On Jul 10, 2012, at 5:29 PM, Anthony Nadalin wrote:
>
>           
>
>                 One question is if we want to do a generic proof of possession for JWT that is useful outside OAuth,  or something OAuth specific.    The answer may be a combined approach.
>
>               
>
>             Depends if we want OAuth to support the concept of a request/response for a proof token and keep the actual binding for a separate specification, in most of our cases the keying material is opaque (and just a blob), where we care about the key material  is in the key agreement (entropy) cases.
>
>               
>
>             -----Original Message-----
>
>             From: John Bradley [mailto:ve7jtb@ve7jtb.com]
>
>             Sent: Tuesday, July 10, 2012 3:34 AM
>
>             To: Hannes Tschofenig
>
>             Cc: Anthony Nadalin; OAuth WG
>
>             Subject: Re: [OAUTH-WG] Holder-of-the-Key for OAuth
>
>               
>
>             I agree that there are use-cases for all of the proof of possession mechanisms.
>
>               
>
>             Presentment methods also need to be considered.
>
>               
>
>             TLS client auth may not always be the best option.  Sometimes message signing is more appropriate.
>
>               
>
>             One question is if we want to do a generic proof of possession for JWT that is useful outside OAuth,  or something OAuth specific.    The answer may be a combined approach.
>
>               
>
>             I think this is a good start to get discussion going.
>
>               
>
>             John B.
>
>             On 2012-07-09, at 3:05 PM, Hannes Tschofenig wrote:
>
>               
>
>                 Hi Tony,
>
>                   
>
>                 I had to start somewhere. I had chosen the asymmetric version since it provides good security properties and there is already the BrowserID/OBC work that I had in the back of my mind. I am particularly interested to illustrate that you can accomplish the same, if not better, characteristics than BrowserID by using OAuth instead of starting from scratch.
>
>                   
>
>                 Regarding the symmetric keys: The asymmetric key can be re-used but with a symmetric key holder-of-the-key you would have to request a fresh one every time in order to accomplish comparable security benefits.
>
>                   
>
>                 Ciao
>
>                 Hannes
>
>                   
>
>                 On Jul 9, 2012, at 9:57 PM, Anthony Nadalin wrote:
>
>                   
>
>                     Hannes, thanks for drafting this, couple of comments:
>
>                       
>
>                     1. HOK is one of Proof of Possession methods, should we consider others?
>
>                     2. This seems just to handle asymmetric keys, need to also handle symmetric keys
>
>                       
>
>                       
>
>                     -----Original Message-----
>
>                     From:oauth-bounces@ietf.org    [mailto:oauth-bounces@ietf.org] On Behalf Of Hannes Tschofenig
>
>                     Sent: Monday, July 09, 2012 11:15 AM
>
>                     To: OAuth WG
>
>                     Subject: [OAUTH-WG] Holder-of-the-Key for OAuth
>
>                       
>
>                     Hi guys,
>
>                       
>
>                     today I submitted a short document that illustrates the concept of holder-of-the-key for OAuth.
>
>                     Here is the document:
>
>                     https://datatracker.ietf.org/doc/draft-tschofenig-oauth-hotk
>
>                       
>
>                     Your feedback is welcome
>
>                       
>
>                     Ciao
>
>                     Hannes
>
>                       
>
>                     _______________________________________________
>
>                     OAuth mailing list
>
>                     OAuth@ietf.org  
>
>                     https://www.ietf.org/mailman/listinfo/oauth
>
>                       
>
>                       
>
>                       
>
>                       
>
>                       
>
>                   
>
>                 _______________________________________________
>
>                 OAuth mailing list
>
>                 OAuth@ietf.org  
>
>                 https://www.ietf.org/mailman/listinfo/oauth
>
>               
>
>               
>
>               
>
>               
>
>               
>
>               
>
>           
>
>       
>
>       
>
>
>
>
>     _______________________________________________
>
>     OAuth mailing list
>
>     OAuth@ietf.org  
>
>     https://www.ietf.org/mailman/listinfo/oauth
>



--------------050908060903030906050002
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit


  
    
  
  
    Hannes,

    

    we have a variety of use-cases wherein a single server ("client")
    repeatedly interacts with a resource server for business purposes.
    These interactions may be on-behalf-of

    a single user or even multiple users. In such a use-case, use of
    assymetric signature imposes an unacceptable performance penalty and
    there is a lot of interest in being able

    to use symmetric signature instead.

    

    - prateek

    

      
      
      
      

        
Hi
            Prateek, 

        
 

        
why do you care about the symmetric key case? 

        
Specifying more variants requires more code and
            decreases interoperability. 

        
 

        
Ciao

            Hannes

        
 

        
 

        

          

            

              
From: oauth-bounces@ietf.org
                  [mailto:oauth-bounces@ietf.org] On Behalf Of ext
                  prateek mishra

                  Sent: Tuesday, July 10, 2012 8:42 PM

                  To: oauth@ietf.org

                  Subject: Re: [OAUTH-WG] Holder-of-the-Key for
                  OAuth

            

          

          
 

          
As Phil Hunt suggests, there is a need
            for a discussion of the use-cases involved

            

            How to bind the key to the requestor may have several
            variations, I would hope the work would cover a broad range

            

            Given the importance of the symmetric key case, I would also
            be interested in key establishment methods as well

            

            

            

            

          
When I say arguably,  I expect you to argue.  

          
 

          
John B. 

          
 

          
Sent from my iPhone

          
 

          
On 2012-07-10, at 1:01 PM, Anthony Nadalin <tonynad@microsoft.com> wrote:

          
 

          

            

              
Binding the key to the channel is arguably the most secure

            

            
 

            
Not really, there are hardware options that give good security properties

            
 

            
-----Original Message-----

            
From: John Bradley [mailto:ve7jtb@ve7jtb.com] 

            
Sent: Tuesday, July 10, 2012 9:55 AM

            
To: Hannes Tschofenig

            
Cc: Anthony Nadalin; Hannes Tschofenig; OAuth WG

            
Subject: Re: [OAUTH-WG] Holder-of-the-Key for OAuth

            
 

            
Binding the key to the channel is arguably the most secure. 

            
 

            
SSL offloading and other factors may prevent that from working in all cases. 

            
 

            
I suspect that we will need two OAuth bindings. One for TLS and one for signed message. 

            
 

            
John B.  

            
 

            
Sent from my iPhone

            
 

            
On 2012-07-10, at 12:11 PM, Hannes Tschofenig <hannes.tschofenig@gmx.net> wrote:

            
 

            

              
If we do not bind the key to the channel than we will run into all sorts of problems. The current MAC specification illustrates that quite nicely. On top of that you can re-use the established security channel for the actual data exchange. 

              
 

              
On Jul 10, 2012, at 5:29 PM, Anthony Nadalin wrote:

              
 

              

                

                  
One question is if we want to do a generic proof of possession for JWT that is useful outside OAuth,  or something OAuth specific.    The answer may be a combined approach.

                

                
 

                
Depends if we want OAuth to support the concept of a request/response for a proof token and keep the actual binding for a separate specification, in most of our cases the keying material is opaque (and just a blob), where we care about the key material  is in the key agreement (entropy) cases.

                
 

                
-----Original Message-----

                
From: John Bradley [mailto:ve7jtb@ve7jtb.com] 

                
Sent: Tuesday, July 10, 2012 3:34 AM

                
To: Hannes Tschofenig

                
Cc: Anthony Nadalin; OAuth WG

                
Subject: Re: [OAUTH-WG] Holder-of-the-Key for OAuth

                
 

                
I agree that there are use-cases for all of the proof of possession mechanisms.

                
 

                
Presentment methods also need to be considered.   

                
 

                
TLS client auth may not always be the best option.  Sometimes message signing is more appropriate.

                
 

                
One question is if we want to do a generic proof of possession for JWT that is useful outside OAuth,  or something OAuth specific.    The answer may be a combined approach.

                
 

                
I think this is a good start to get discussion going.

                
 

                
John B.

                
On 2012-07-09, at 3:05 PM, Hannes Tschofenig wrote:

                
 

                

                  
Hi Tony, 

                  
 

                  
I had to start somewhere. I had chosen the asymmetric version since it provides good security properties and there is already the BrowserID/OBC work that I had in the back of my mind. I am particularly interested to illustrate that you can accomplish the same, if not better, characteristics than BrowserID by using OAuth instead of starting from scratch. 

                  
 

                  
Regarding the symmetric keys: The asymmetric key can be re-used but with a symmetric key holder-of-the-key you would have to request a fresh one every time in order to accomplish comparable security benefits. 

                  
 

                  
Ciao

                  
Hannes

                  
 

                  
On Jul 9, 2012, at 9:57 PM, Anthony Nadalin wrote:

                  
 

                  

                    
Hannes, thanks for drafting this, couple of comments:

                    
 

                    
1. HOK is one of Proof of Possession methods, should we consider others?

                    
2. This seems just to handle asymmetric keys, need to also handle symmetric keys

                    
 

                    
 

                    
-----Original Message-----

                    
From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On Behalf Of Hannes Tschofenig

                    
Sent: Monday, July 09, 2012 11:15 AM

                    
To: OAuth WG

                    
Subject: [OAUTH-WG] Holder-of-the-Key for OAuth

                    
 

                    
Hi guys, 

                    
 

                    
today I submitted a short document that illustrates the concept of holder-of-the-key for OAuth. 

                    
Here is the document: 

                    
https://datatracker.ietf.org/doc/draft-tschofenig-oauth-hotk

                    
 

                    
Your feedback is welcome 

                    
 

                    
Ciao

                    
Hannes

                    
 

                    
_______________________________________________

                    
OAuth mailing list

                    
OAuth@ietf.org

                    
https://www.ietf.org/mailman/listinfo/oauth

                    
 

                    
 

                    
 

                    
 

                    
 

                  

                  
 

                  
_______________________________________________

                  
OAuth mailing list

                  
OAuth@ietf.org

                  
https://www.ietf.org/mailman/listinfo/oauth

                

                
 

                
 

                
 

                
 

                
 

                
 

              

              
 

            

            
 

            
 

            


              

              

              

            
_______________________________________________

            
OAuth mailing list

            
OAuth@ietf.org

            
https://www.ietf.org/mailman/listinfo/oauth

          

          
 

        

      

    

    

    

  


--------------050908060903030906050002--

From wmills_92105@yahoo.com  Tue Jul 10 13:26:52 2012
Return-Path: 
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CD27D11E80BC for ; Tue, 10 Jul 2012 13:26:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.598
X-Spam-Level: 
X-Spam-Status: No, score=-3.598 tagged_above=-999 required=5 tests=[AWL=-1.000, BAYES_00=-2.599, HTML_MESSAGE=0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jNTtxr+yXJC1 for ; Tue, 10 Jul 2012 13:26:51 -0700 (PDT)
Received: from nm3-vm0.bullet.mail.sp2.yahoo.com (nm3-vm0.bullet.mail.sp2.yahoo.com [98.139.90.230]) by ietfa.amsl.com (Postfix) with SMTP id 7FF9D11E80A6 for ; Tue, 10 Jul 2012 13:26:51 -0700 (PDT)
Received: from [98.139.91.63] by nm3.bullet.mail.sp2.yahoo.com with NNFMP; 10 Jul 2012 20:27:20 -0000
Received: from [98.139.91.51] by tm3.bullet.mail.sp2.yahoo.com with NNFMP; 10 Jul 2012 20:26:20 -0000
Received: from [127.0.0.1] by omp1051.mail.sp2.yahoo.com with NNFMP; 10 Jul 2012 20:26:20 -0000
X-Yahoo-Newman-Property: ymail-3
X-Yahoo-Newman-Id: 109073.62855.bm@omp1051.mail.sp2.yahoo.com
Received: (qmail 45665 invoked by uid 60001); 10 Jul 2012 20:26:19 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024; t=1341951979; bh=pPR53DOHRa1ht7gIO3eoocvk1TRPqea0906gbwRbfRE=; h=X-YMail-OSG:Received:X-Mailer:References:Message-ID:Date:From:Reply-To:Subject:To:Cc:In-Reply-To:MIME-Version:Content-Type; b=x12gGyVigmMKToM0JpddOCsaslrl9CLRm/1xtaBfUTgGWeG4hMy1MaQ0eVO89h2mXRk7dwWZXwBxIO4L8/FYeket90Qd+fZxz4TvMhIdHjZqqQGT12WJhoeLhmEehGirRKsX1kpxBPigu4vH+1m45PYYHqQdfsznhF7GdRBuFfw=
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=X-YMail-OSG:Received:X-Mailer:References:Message-ID:Date:From:Reply-To:Subject:To:Cc:In-Reply-To:MIME-Version:Content-Type; b=T0JL7ZzTzl9BQZwdQuL2H9GFjB3guDvgTNgCRBWRllUBmTZyWNqoPeccIdtpeKOFI2Ndy/QX4RVxXcD/h464QQDnPUv+FYbIPipSfK0Y/msNMvhAx++3JiaJAmKJl02k+YOXg+03iU6aZsT6gb+BOgpvtM1JVCiKHzuDQ5vRsMU=;
X-YMail-OSG: c.fWYAAVM1mW9BCbkcPTvbA4CxW5YrYWMled3xmKuDj.6iJ gyuLjD73gwF9r57rS4xRyCS4eejgKFYB0mKUGOyPxiZTmAlNy8VEQQmUSpXA MtQrKBnsVCEUewehxClAdFSp42M1FArQUg2xhaQtmrFACv_gdiX6BJ0peho8 _sfJwLafXD257oBL8OXyz_l36ZluMTr2veSHQ_GIsR5axINX44CKw.CsR.WN Q5Lpt_jdXWCYmL116VZsVpTOWh9U8VqO3yvHAY4NnN0KQoI27PpD6QuOy.Ic 1_aYjSrm6Ypn0.FqWCbr7z1VV3UaNAFYfaoEGaf3VMFm2x5FILnytKD9jsmI 8qRRTCreZwDp1eLvr8a90UP7skU2UlqqbUl26.2gS2XcDrCqHbdHtkFA9VVm c4RsU3fwN3OL3ZrKgQw5_BkNDfgmTzUiDNvTflbGNnqkSlPPJ3IOy7X6EmmZ iRlO_pkFhBgF0055XiuT3XiMv6p_BLhZdGjgBTPMMmEU-
Received: from [209.131.62.115] by web31803.mail.mud.yahoo.com via HTTP; Tue, 10 Jul 2012 13:26:19 PDT
X-Mailer: YahooMailWebService/0.8.120.356233
References: <8FB1BC31-D183-47A0-9792-4FDF460AFAA1@gmx.net><22194120-0613-48A7-9825-FD3BAD76062A@gmx.net><6D7E3A30-873A-41DD-8ADA-A3334E023576@gmx.net><397384FE-394C-4C4B-8962-56E4F86579C1@ve7jtb.com> <4FFC6983.8030704@oracle.com> <999913AB42CC9341B05A99BBF358718D01A4937B@FIESEXC035.nsn-intra.net> <4FFC7BC4.5030902@oracle.com>
Message-ID: <1341951979.14398.YahooMailNeo@web31803.mail.mud.yahoo.com>
Date: Tue, 10 Jul 2012 13:26:19 -0700 (PDT)
From: William Mills 
To: prateek mishra , "Tschofenig, Hannes \(NSN - FI/Espoo\)" 
In-Reply-To: <4FFC7BC4.5030902@oracle.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="1502656925-748498821-1341951979=:14398"
Cc: "oauth@ietf.org" 
Subject: Re: [OAUTH-WG] Holder-of-the-Key for OAuth
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: William Mills 
List-Id: OAUTH WG 
List-Unsubscribe: , 
List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: , 
X-List-Received-Date: Tue, 10 Jul 2012 20:26:52 -0000

--1502656925-748498821-1341951979=:14398
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable

OK, but why do you need holder-of-key then? =A0I think holder-of-key gets s=
ignificantly weird in the symmetric key case. =A0 In the PKI case the token=
 has (public_key, token, signature(public_key, token, serversecret)). =A0Ho=
w will the server assert something in the credential that's useful in place=
 of a plublic key (or certificate)? =A0I think the best case there is that =
the server is asserting a client name which the protected resource uses to =
look up the symmetric key to use for the signature check, but that could ju=
st be included in token anyway without holder-of-key.=0A=0AI really don't s=
ee how this works with symmetric keys in any useful way that's not easier v=
ia another method like MAC tokens?=0A=0A=0A=0A_____________________________=
___=0A From: prateek mishra =0ATo: "Tschofenig, =
Hannes (NSN - FI/Espoo)"  =0ACc: oauth@ietf.org =
=0ASent: Tuesday, July 10, 2012 12:00 PM=0ASubject: Re: [OAUTH-WG] Holder-o=
f-the-Key for OAuth=0A =0A=0AHannes,=0A=0Awe have a variety of use-cases wh=
erein a single server ("client")=0A    repeatedly interacts with a resource=
 server for business purposes.=0A    These interactions may be on-behalf-of=
=0Aa single user or even multiple users. In such a use-case, use of=0A    a=
ssymetric signature imposes an unacceptable performance penalty and=0A    t=
here is a lot of interest in being able=0Ato use symmetric signature instea=
d.=0A=0A- prateek=0A=0A =0A>Hi Prateek, =0A>=A0=0A>why do you care about th=
e symmetric key case? =0A>Specifying more variants requires more code and d=
ecreases interoperability. =0A>=A0=0A>Ciao=0A>Hannes=0A>=A0=0A>=A0=0A>From:=
oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On Behalf Of ext pra=
teek mishra=0A>Sent: Tuesday, July 10, 2012 8:42 PM=0A>To: oauth@ietf.org=
=0A>Subject: Re: [OAUTH-WG] Holder-of-the-Key for OAuth=0A>=A0=0A>As Phil H=
unt suggests, there is a need for a discussion of the use-cases involved=0A=
>=0A>How to bind the key to the requestor may have several=0A            va=
riations, I would hope the work would cover a broad range=0A>=0A>Given the =
importance of the symmetric key case, I would also=0A            be interes=
ted in key establishment methods as well=0A>=0A>=0A>=0A>=0A>When I say argu=
ably,=A0 I expect you to argue.=A0 =0A>=A0=0A>John B. =0A>=A0=0A>Sent from =
my iPhone=0A>=A0=0A>On 2012-07-10, at 1:01 PM, Anthony Nadalin  wrote:=0A>=A0=0A>Binding the key to the channel is arguably the=
 most secure=0A>>=A0=0A>>Not really, there are hardware options that give g=
ood security properties=0A>>=A0=0A>>-----Original Message-----=0A>>From: Jo=
hn Bradley [mailto:ve7jtb@ve7jtb.com] =0A>>Sent: Tuesday, July 10, 2012 9:5=
5 AM=0A>>To: Hannes Tschofenig=0A>>Cc: Anthony Nadalin; Hannes Tschofenig; =
OAuth WG=0A>>Subject: Re: [OAUTH-WG] Holder-of-the-Key for OAuth=0A>>=A0=0A=
>>Binding the key to the channel is arguably the most secure. =0A>>=A0=0A>>=
SSL offloading and other factors may prevent that from working in all cases=
. =0A>>=A0=0A>>I suspect that we will need two OAuth bindings. One for TLS =
and one for signed message. =0A>>=A0=0A>>John B.=A0 =0A>>=A0=0A>>Sent from =
my iPhone=0A>>=A0=0A>>On 2012-07-10, at 12:11 PM, Hannes Tschofenig  wrote:=0A>>=A0=0A>>If we do not bind the key to the ch=
annel than we will run into all sorts of problems. The current MAC specific=
ation illustrates that quite nicely. On top of that you can re-use the esta=
blished security channel for the actual data exchange. =0A>>>=A0=0A>>>On Ju=
l 10, 2012, at 5:29 PM, Anthony Nadalin wrote:=0A>>>=A0=0A>>>One question i=
s if we want to do a generic proof of possession for JWT that is useful out=
side OAuth,=A0 or something OAuth specific.=A0=A0=A0 The answer may be a co=
mbined approach.=0A>>>>=A0=0A>>>>Depends if we want OAuth to support the co=
ncept of a request/response for a proof token and keep the actual binding f=
or a separate specification, in most of our cases the keying material is op=
aque (and just a blob), where we care about the key material=A0 is in the k=
ey agreement (entropy) cases.=0A>>>>=A0=0A>>>>-----Original Message-----=0A=
>>>>From: John Bradley [mailto:ve7jtb@ve7jtb.com] =0A>>>>Sent: Tuesday, Jul=
y 10, 2012 3:34 AM=0A>>>>To: Hannes Tschofenig=0A>>>>Cc: Anthony Nadalin; O=
Auth WG=0A>>>>Subject: Re: [OAUTH-WG] Holder-of-the-Key for OAuth=0A>>>>=A0=
=0A>>>>I agree that there are use-cases for all of the proof of possession =
mechanisms.=0A>>>>=A0=0A>>>>Presentment methods also need to be considered.=
=A0=A0 =0A>>>>=A0=0A>>>>TLS client auth may not always be the best option.=
=A0 Sometimes message signing is more appropriate.=0A>>>>=A0=0A>>>>One ques=
tion is if we want to do a generic proof of possession for JWT that is usef=
ul outside OAuth,=A0 or something OAuth specific.=A0=A0=A0 The answer may b=
e a combined approach.=0A>>>>=A0=0A>>>>I think this is a good start to get =
discussion going.=0A>>>>=A0=0A>>>>John B.=0A>>>>On 2012-07-09, at 3:05 PM, =
Hannes Tschofenig wrote:=0A>>>>=A0=0A>>>>Hi Tony, =0A>>>>>=A0=0A>>>>>I had =
to start somewhere. I had chosen the asymmetric version since it provides g=
ood security properties and there is already the BrowserID/OBC work that I =
had in the back of my mind. I am particularly interested to illustrate that=
 you can accomplish the same, if not better, characteristics than BrowserID=
 by using OAuth instead of starting from scratch. =0A>>>>>=A0=0A>>>>>Regard=
ing the symmetric keys: The asymmetric key can be re-used but with a symmet=
ric key holder-of-the-key you would have to request a fresh one every time =
in order to accomplish comparable security benefits. =0A>>>>>=A0=0A>>>>>Cia=
o=0A>>>>>Hannes=0A>>>>>=A0=0A>>>>>On Jul 9, 2012, at 9:57 PM, Anthony Nadal=
in wrote:=0A>>>>>=A0=0A>>>>>Hannes, thanks for drafting this, couple of com=
ments:=0A>>>>>>=A0=0A>>>>>>1. HOK is one of Proof of Possession methods, sh=
ould we consider others?=0A>>>>>>2. This seems just to handle asymmetric ke=
ys, need to also handle symmetric keys=0A>>>>>>=A0=0A>>>>>>=A0=0A>>>>>>----=
-Original Message-----=0A>>>>>>From: oauth-bounces@ietf.org [mailto:oauth-b=
ounces@ietf.org] On Behalf Of Hannes Tschofenig=0A>>>>>>Sent: Monday, July =
09, 2012 11:15 AM=0A>>>>>>To: OAuth WG=0A>>>>>>Subject: [OAUTH-WG] Holder-o=
f-the-Key for OAuth=0A>>>>>>=A0=0A>>>>>>Hi guys, =0A>>>>>>=A0=0A>>>>>>today=
 I submitted a short document that illustrates the concept of holder-of-the=
-key for OAuth. =0A>>>>>>Here is the document: =0A>>>>>>https://datatracker=
.ietf.org/doc/draft-tschofenig-oauth-hotk=0A>>>>>>=A0=0A>>>>>>Your feedback=
 is welcome =0A>>>>>>=A0=0A>>>>>>Ciao=0A>>>>>>Hannes=0A>>>>>>=A0=0A>>>>>>__=
_____________________________________________=0A>>>>>>OAuth mailing list=0A=
>>>>>>OAuth@ietf.org=0A>>>>>>https://www.ietf.org/mailman/listinfo/oauth=0A=
>>>>>>=A0=0A>>>>>>=A0=0A>>>>>>=A0=0A>>>>>>=A0=0A>>>>>>=A0=0A>>>>>=A0=0A>>>>=
>_______________________________________________=0A>>>>>OAuth mailing list=
=0A>>>>>OAuth@ietf.org=0A>>>>>https://www.ietf.org/mailman/listinfo/oauth=
=0A>>>>=A0=0A>>>>=A0=0A>>>>=A0=0A>>>>=A0=0A>>>>=A0=0A>>>>=A0=0A>>>=A0=0A>>=
=A0=0A>>=A0=0A>>=0A>>=0A>>=0A>>=0A>>_______________________________________=
________=0A>>OAuth mailing list=0A>>OAuth@ietf.org=0A>>https://www.ietf.org=
/mailman/listinfo/oauth=0A>=A0=0A=0A=0A____________________________________=
___________=0AOAuth mailing list=0AOAuth@ietf.org=0Ahttps://www.ietf.org/ma=
ilman/listinfo/oauth
--1502656925-748498821-1341951979=:14398
Content-Type: text/html; charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable


OK, but wh=
y do you need holder-of-key then?  I think holder-of-key gets signific=
antly weird in the symmetric key case.   In the PKI case the token has=
 (public_key, token, signature(public_key, token, serversecret)).  How=
 will the server assert something in the credential that's useful in place =
of a plublic key (or certificate)?  I think the best case there is tha=
t the server is asserting a client name which the protected resource uses t=
o look up the symmetric key to use for the signature check, but that could =
just be included in token anyway without holder-of-key.

I really don't see how this works with symm=
etric keys in any useful way that's not easier via another method like MAC =
tokens?


  
 
 
  
  From: prateek mishra <prateek.mishra@oracle.com>
 To: "Tschofenig, Hannes (NSN - FI/Espoo)" <=
hannes.tschofenig@nsn.com> 
Cc:=
 oauth@ietf.org 
 Sent:=
 Tuesday, July 10, 2012 12:00 PM
 Subject: Re: [OAUTH-WG] Holder-of-the-Key for OAuth  
 
=0A
=0A  =0A=0A    =0A  =0A  <=
div>=0A    Hannes,
=0A    
=0A    we have a variety of use-cases wher=
ein a single server ("client")=0A    repeatedly interacts with a resource s=
erver for business purposes.=0A    These interactions may be on-behalf-of=0A    a single user or even multiple users. In such a use-case, use of=
=0A    assymetric signature imposes an unacceptable performance penalty and=
=0A    there is a lot of interest in being able
=0A    to use symmetric =
signature instead.
=0A    
=0A    - prateek
=0A    
=0A      =0A      =0A      =0A      
=0A        
Hi=0A            Prateek,  =0A        
  
 =0A        
why do you care about the symmetric key case? 
 =0A        =

Specifying more variants requires more code and=0A =
           decreases interoperability. 
 =0A        
  
 =0A        
Ciao<=
br>=0A            Hannes
 =0A        
 &=
nbsp;
 =0A        
  
 =
=0A        
=0A          
=0A            
=0A          =
    
From: oauth-bounces@ietf=
.org=0A                  [mailto:oauth-bounces@ietf.org=
] On Behalf Of ext=0A                  prateek mishra
=0A        =
          Sent: Tuesday, July 10, 2012 8:42 PM
=0A               =
   To: oauth@ietf.org
=0A                  Subject: Re:=
 [OAUTH-WG] Holder-of-the-Key for=0A                  OAuth
 =
=0A            
=0A          
=0A          
  
 =0A          
As Phil Hunt suggests, there is a need=0A            for a discussion of =
the use-cases involved
=0A            
=0A            How to bind the=
 key to the requestor may have several=0A            variations, I would ho=
pe the work would cover a broad range
=0A            
=0A            =
Given the importance of the symmetric key case, I would also=0A            =
be interested in key establishment methods as well
=0A            
=
=0A            
=0A            
=0A            
 =0A          When I say arguably,  I expect you to argue.   =0A      =
    
  
 =0A          
John B. 
 =0A          
 =
 
 =0A          
Sent from my iPhone
 =0A          
=
  
 =0A          
On 2012-07-10, at 1:01 PM, Anthony Nadalin =
<tonynad@microsoft.com>=
 wrote:
 =0A          
  
 =0A          
=0A            
=0A              
Binding t=
he key to the channel is arguably the most secure
 =0A            =0A            
  
 =0A            
Not really, =
there are hardware options that give good security properties
 =0A    =
        
  
 =0A            
-----Original Message----- =0A            
From: John Bradley [mailto:ve7jtb@ve7jtb.com] 
 =0A            
Sent: Tuesday,=
 July 10, 2012 9:55 AM
 =0A            
To: Hannes Tschofenig =0A            
Cc: Anthony Nadalin; Hannes Tschofenig; OAuth WG =0A            
Subject: Re: [OAUTH-WG] Holder-of-the-Key for OAuth =0A            
  
 =0A            
Binding the key =
to the channel is arguably the most secure. 
 =0A            
 &nb=
sp;
 =0A            
SSL offloading and other factors may prevent =
that from working in all cases. 
 =0A            
  
 =
=0A            
I suspect that we will need two OAuth bindings. One for=
 TLS and one for signed message. 
 =0A            
  
 =
=0A            
John B.  
 =0A            
  
 =
=0A            
Sent from my iPhone
 =0A            
   =0A            
On 2012-07-10, at 12:11 PM, Hannes Tschofenig <hannes.tschofenig@gmx.net=
> wrote:
 =0A            
  
 =0A            =0A              If we do not bind the key to the channel than we will run into all sorts=
 of problems. The current MAC specification illustrates that quite nicely. =
On top of that you can re-use the established security channel for the actu=
al data exchange. 
 =0A              
  
 =0A           =
   
On Jul 10, 2012, at 5:29 PM, Anthony Nadalin wrote:
 =0A      =
        
  
 =0A              
=0A                
=0A                  
One question is =
if we want to do a generic proof of possession for JWT that is useful outsi=
de OAuth,  or something OAuth specific.    The answer m=
ay be a combined approach.
 =0A                
=0A       =
         
  
 =0A                
Depends if we want OAut=
h to support the concept of a request/response for a proof token and keep t=
he actual binding for a separate specification, in most of our cases the ke=
ying material is opaque (and just a blob), where we care about the key mate=
rial  is in the key agreement (entropy) cases.
 =0A              =
  
  
 =0A                
-----Original Message----- =0A                
From: John Bradley [mailto:ve7jtb@ve7jtb.com] 
 =0A                
Sent: T=
uesday, July 10, 2012 3:34 AM
 =0A                
To: Hannes Tsch=
ofenig
 =0A                
Cc: Anthony Nadalin; OAuth WG
 =
=0A                
Subject: Re: [OAUTH-WG] Holder-of-the-Key for OAuth=

 =0A                
  
 =0A                
I agre=
e that there are use-cases for all of the proof of possession mechanisms. =0A                
  
 =0A                
Presentm=
ent methods also need to be considered.   
 =0A             =
   
  
 =0A                
TLS client auth may not alway=
s be the best option.  Sometimes message signing is more appropriate.<=
/pre> =0A                
  
 =0A                
One que=
stion is if we want to do a generic proof of possession for JWT that is use=
ful outside OAuth,  or something OAuth specific.    The=
 answer may be a combined approach.
 =0A                
   =0A                
I think this is a good start to get discussion=
 going.
 =0A                
  
 =0A                John B.
 =0A                
On 2012-07-09, at 3:05 PM, Hannes Ts=
chofenig wrote:
 =0A                
  
 =0A            =
    
=0A        =
          
Hi Tony, 
 =0A                  
  
 =0A =
                 
I had to start somewhere. I had chosen the asymmetric=
 version since it provides good security properties and there is already th=
e BrowserID/OBC work that I had in the back of my mind. I am particularly i=
nterested to illustrate that you can accomplish the same, if not better, ch=
aracteristics than BrowserID by using OAuth instead of starting from scratc=
h. 
 =0A                  
  
 =0A                  Regarding the symmetric keys: The asymmetric key can be re-used but with a=
 symmetric key holder-of-the-key you would have to request a fresh one ever=
y time in order to accomplish comparable security benefits. 
 =0A     =
             
  
 =0A                  
Ciao
 =0A   =
               
Hannes
 =0A                  
  
 =
=0A                  
On Jul 9, 2012, at 9:57 PM, Anthony Nadalin wrote=
:
 =0A                  
  
 =0A                  =0A                  =
  
Hannes, thanks for drafting this, couple of comments:
 =0A     =
               
  
 =0A                    
1. HOK is one=
 of Proof of Possession methods, should we consider others?
 =0A      =
              
2. This seems just to handle asymmetric keys, need to al=
so handle symmetric keys
 =0A                    
  
 =
=0A                    
  
 =0A                    
-----=
Original Message-----
 =0A                    
From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On Behalf Of=
 Hannes Tschofenig
 =0A                    
Sent: Monday, July 09,=
 2012 11:15 AM
 =0A                    
To: OAuth WG
 =0A    =
                
Subject: [OAUTH-WG] Holder-of-the-Key for OAuth
 =
=0A                    
  
 =0A                    
Hi gu=
ys, 
 =0A                    
  
 =0A                   =
 
today I submitted a short document that illustrates the concept of ho=
lder-of-the-key for OAuth. 
 =0A                    
Here is the d=
ocument: 
 =0A                    
https://datatracker.ietf.org/doc/draft-tschofenig-oauth-hotk
 =
=0A                    
  
 =0A                    
Your =
feedback is welcome 
 =0A                    
  
 =0A   =
                 
Ciao
 =0A                    
Hannes
 =
=0A                    
  
 =0A                    
_____=
__________________________________________
 =0A                    OAuth mailing list
 =0A                    
OAuth@ietf.org
 =0A                    
https://www.ietf.org/mailman/listinfo/oauth
 =0A                =
    
  
 =0A                    
  
 =0A       =
             
  
 =0A                    
  
 =
=0A                    
  
 =0A                  =0A                  
  
 =0A                  
________=
_______________________________________
 =0A                  
OAu=
th mailing list
 =0A                  
OAuth@ietf.org
 =0A                  
https:/=
/www.ietf.org/mailman/listinfo/oauth
 =0A                =0A                
  
 =0A                
   =0A                
  
 =0A                
  <=
/pre> =0A                
  
 =0A                
  =

 =0A              
=0A              
  
 =
=0A            
=0A            
  
 =0A          =
  
  
 =0A            
=0A              
=0A              
=0A              
 =0A     =
       
_______________________________________________
 =0A      =
      
OAuth mailing list
 =0A            
OAuth@ietf.org
 =0A            
https=
://www.ietf.org/mailman/listinfo/oauth
 =0A          
=
=0A          
  
 =0A        
=0A      
=0A    
=0A=
    
=0A    
=0A  
=0A=0A

_____________________________=
__________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.=
org/mailman/listinfo/oauth


 
 
  

--1502656925-748498821-1341951979=:14398--

From phil.hunt@oracle.com  Tue Jul 10 14:36:42 2012
Return-Path: 
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3E5CF11E80C4 for ; Tue, 10 Jul 2012 14:36:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.638
X-Spam-Level: 
X-Spam-Status: No, score=-9.638 tagged_above=-999 required=5 tests=[AWL=-0.436, BAYES_00=-2.599, HTML_MESSAGE=0.001, MIME_QP_LONG_LINE=1.396, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HHixH6++acVb for ; Tue, 10 Jul 2012 14:36:40 -0700 (PDT)
Received: from rcsinet15.oracle.com (rcsinet15.oracle.com [148.87.113.117]) by ietfa.amsl.com (Postfix) with ESMTP id 7A17421F8648 for ; Tue, 10 Jul 2012 14:36:40 -0700 (PDT)
Received: from ucsinet21.oracle.com (ucsinet21.oracle.com [156.151.31.93]) by rcsinet15.oracle.com (Sentrion-MTA-4.2.2/Sentrion-MTA-4.2.2) with ESMTP id q6ALb83m024760 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Tue, 10 Jul 2012 21:37:08 GMT
Received: from acsmt358.oracle.com (acsmt358.oracle.com [141.146.40.158]) by ucsinet21.oracle.com (8.14.4+Sun/8.14.4) with ESMTP id q6ALb7pU007290 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 10 Jul 2012 21:37:07 GMT
Received: from abhmt114.oracle.com (abhmt114.oracle.com [141.146.116.66]) by acsmt358.oracle.com (8.12.11.20060308/8.12.11) with ESMTP id q6ALb6aQ027822; Tue, 10 Jul 2012 16:37:06 -0500
Received: from [192.168.1.8] (/24.85.226.208) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Tue, 10 Jul 2012 14:37:06 -0700
Mime-Version: 1.0 (Apple Message framework v1278)
Content-Type: multipart/alternative; boundary="Apple-Mail=_F0C5B3AD-0DB1-4B50-8347-63C932DE69D5"
From: Phil Hunt 
In-Reply-To: <1341951979.14398.YahooMailNeo@web31803.mail.mud.yahoo.com>
Date: Tue, 10 Jul 2012 14:37:04 -0700
Message-Id: <72E0EDCF-C50D-4F90-B7AD-C0D9B21BA550@oracle.com>
References: <8FB1BC31-D183-47A0-9792-4FDF460AFAA1@gmx.net><22194120-0613-48A7-9825-FD3BAD76062A@gmx.net><6D7E3A30-873A-41DD-8ADA-A3334E023576@gmx.net><397384FE-394C-4C4B-8962-56E4F86579C1@ve7jtb.com> <4FFC6983.8030704@oracle.com> <999913AB42CC9341B05A99BBF358718D01A4937B@FIESEXC035.nsn-intra.net> <4FFC7BC4.5030902@oracle.com> <1341951979.14398.YahooMailNeo@web31803.mail.mud.yahoo.com>
To: William Mills 
X-Mailer: Apple Mail (2.1278)
X-Source-IP: ucsinet21.oracle.com [156.151.31.93]
Cc: "oauth@ietf.org" 
Subject: Re: [OAUTH-WG] Holder-of-the-Key for OAuth
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG 
List-Unsubscribe: , 
List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: , 
X-List-Received-Date: Tue, 10 Jul 2012 21:36:42 -0000

--Apple-Mail=_F0C5B3AD-0DB1-4B50-8347-63C932DE69D5
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
	charset=iso-8859-1

I don't have much data on how many request/responses an oauth web client =
does per connection. But if we force a new TLS connection for each =
access token (which may only be used for 1 or 2 request/responses) we =
will have a scalability issue. I do agree the approach is relatively =
simple and workable for native apps since there is less of a client =
performance issue.=20

For web app clients, I'd rather keep TLS security a separate =
issue/layer.  For example, a long-lived private key (symmetric or =
asymmetric) could be issued to the client so that it can establish 2-way =
TLS connections that can be used for 1000s of requests per connection.  =
Then a separate authorization header HoK access token is used to =
authenticate each request/response.

Speaking of the authorization header, it's not clear in section 3.2 =
whether in fact an authorization header is sent. The implication seems =
to be that the resource server must have a way to pull the information =
from the TLS end-point or get it from the authorization header which 3.2 =
doesn't speak to.

Phil

@independentid
www.independentid.com
phil.hunt@oracle.com





On 2012-07-10, at 1:26 PM, William Mills wrote:

> OK, but why do you need holder-of-key then?  I think holder-of-key =
gets significantly weird in the symmetric key case.   In the PKI case =
the token has (public_key, token, signature(public_key, token, =
serversecret)).  How will the server assert something in the credential =
that's useful in place of a plublic key (or certificate)?  I think the =
best case there is that the server is asserting a client name which the =
protected resource uses to look up the symmetric key to use for the =
signature check, but that could just be included in token anyway without =
holder-of-key.
>=20
> I really don't see how this works with symmetric keys in any useful =
way that's not easier via another method like MAC tokens?
>=20
>=20
> From: prateek mishra 
> To: "Tschofenig, Hannes (NSN - FI/Espoo)" =20=

> Cc: oauth@ietf.org=20
> Sent: Tuesday, July 10, 2012 12:00 PM
> Subject: Re: [OAUTH-WG] Holder-of-the-Key for OAuth
>=20
> Hannes,
>=20
> we have a variety of use-cases wherein a single server ("client") =
repeatedly interacts with a resource server for business purposes. These =
interactions may be on-behalf-of
> a single user or even multiple users. In such a use-case, use of =
assymetric signature imposes an unacceptable performance penalty and =
there is a lot of interest in being able
> to use symmetric signature instead.
>=20
> - prateek
>> Hi Prateek,
>> =20
>> why do you care about the symmetric key case?
>> Specifying more variants requires more code and decreases =
interoperability.
>> =20
>> Ciao
>> Hannes
>> =20
>> =20
>> From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On =
Behalf Of ext prateek mishra
>> Sent: Tuesday, July 10, 2012 8:42 PM
>> To: oauth@ietf.org
>> Subject: Re: [OAUTH-WG] Holder-of-the-Key for OAuth
>> =20
>> As Phil Hunt suggests, there is a need for a discussion of the =
use-cases involved
>>=20
>> How to bind the key to the requestor may have several variations, I =
would hope the work would cover a broad range
>>=20
>> Given the importance of the symmetric key case, I would also be =
interested in key establishment methods as well
>>=20
>>=20
>>=20
>> When I say arguably,  I expect you to argue. =20
>>  =20
>> John B.=20
>>  =20
>> Sent from my iPhone
>>  =20
>> On 2012-07-10, at 1:01 PM, Anthony Nadalin  =
wrote:
>>  =20
>> Binding the key to the channel is arguably the most secure
>>  =20
>> Not really, there are hardware options that give good security =
properties
>>  =20
>> -----Original Message-----
>> From: John Bradley [mailto:ve7jtb@ve7jtb.com]=20
>> Sent: Tuesday, July 10, 2012 9:55 AM
>> To: Hannes Tschofenig
>> Cc: Anthony Nadalin; Hannes Tschofenig; OAuth WG
>> Subject: Re: [OAUTH-WG] Holder-of-the-Key for OAuth
>>  =20
>> Binding the key to the channel is arguably the most secure.=20
>>  =20
>> SSL offloading and other factors may prevent that from working in all =
cases.=20
>>  =20
>> I suspect that we will need two OAuth bindings. One for TLS and one =
for signed message.=20
>>  =20
>> John B. =20
>>  =20
>> Sent from my iPhone
>>  =20
>> On 2012-07-10, at 12:11 PM, Hannes Tschofenig =
 wrote:
>>  =20
>> If we do not bind the key to the channel than we will run into all =
sorts of problems. The current MAC specification illustrates that quite =
nicely. On top of that you can re-use the established security channel =
for the actual data exchange.=20
>>  =20
>> On Jul 10, 2012, at 5:29 PM, Anthony Nadalin wrote:
>>  =20
>> One question is if we want to do a generic proof of possession for =
JWT that is useful outside OAuth,  or something OAuth specific.    The =
answer may be a combined approach.
>>  =20
>> Depends if we want OAuth to support the concept of a request/response =
for a proof token and keep the actual binding for a separate =
specification, in most of our cases the keying material is opaque (and =
just a blob), where we care about the key material  is in the key =
agreement (entropy) cases.
>>  =20
>> -----Original Message-----
>> From: John Bradley [mailto:ve7jtb@ve7jtb.com]=20
>> Sent: Tuesday, July 10, 2012 3:34 AM
>> To: Hannes Tschofenig
>> Cc: Anthony Nadalin; OAuth WG
>> Subject: Re: [OAUTH-WG] Holder-of-the-Key for OAuth
>>  =20
>> I agree that there are use-cases for all of the proof of possession =
mechanisms.
>>  =20
>> Presentment methods also need to be considered.  =20
>>  =20
>> TLS client auth may not always be the best option.  Sometimes message =
signing is more appropriate.
>>  =20
>> One question is if we want to do a generic proof of possession for =
JWT that is useful outside OAuth,  or something OAuth specific.    The =
answer may be a combined approach.
>>  =20
>> I think this is a good start to get discussion going.
>>  =20
>> John B.
>> On 2012-07-09, at 3:05 PM, Hannes Tschofenig wrote:
>>  =20
>> Hi Tony,=20
>>  =20
>> I had to start somewhere. I had chosen the asymmetric version since =
it provides good security properties and there is already the =
BrowserID/OBC work that I had in the back of my mind. I am particularly =
interested to illustrate that you can accomplish the same, if not =
better, characteristics than BrowserID by using OAuth instead of =
starting from scratch.=20
>>  =20
>> Regarding the symmetric keys: The asymmetric key can be re-used but =
with a symmetric key holder-of-the-key you would have to request a fresh =
one every time in order to accomplish comparable security benefits.=20
>>  =20
>> Ciao
>> Hannes
>>  =20
>> On Jul 9, 2012, at 9:57 PM, Anthony Nadalin wrote:
>>  =20
>> Hannes, thanks for drafting this, couple of comments:
>>  =20
>> 1. HOK is one of Proof of Possession methods, should we consider =
others?
>> 2. This seems just to handle asymmetric keys, need to also handle =
symmetric keys
>>  =20
>>  =20
>> -----Original Message-----
>> From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On =
Behalf Of Hannes Tschofenig
>> Sent: Monday, July 09, 2012 11:15 AM
>> To: OAuth WG
>> Subject: [OAUTH-WG] Holder-of-the-Key for OAuth
>>  =20
>> Hi guys,=20
>>  =20
>> today I submitted a short document that illustrates the concept of =
holder-of-the-key for OAuth.=20
>> Here is the document:=20
>> https://datatracker.ietf.org/doc/draft-tschofenig-oauth-hotk
>>  =20
>> Your feedback is welcome=20
>>  =20
>> Ciao
>> Hannes
>>  =20
>> _______________________________________________
>> OAuth mailing list
>> OAuth@ietf.org
>> https://www.ietf.org/mailman/listinfo/oauth
>>  =20
>>  =20
>>  =20
>>  =20
>>  =20
>>  =20
>> _______________________________________________
>> OAuth mailing list
>> OAuth@ietf.org
>> https://www.ietf.org/mailman/listinfo/oauth
>>  =20
>>  =20
>>  =20
>>  =20
>>  =20
>>  =20
>>  =20
>>  =20
>>  =20
>>=20
>>=20
>>=20
>> _______________________________________________
>> OAuth mailing list
>> OAuth@ietf.org
>> https://www.ietf.org/mailman/listinfo/oauth
>> =20
>=20
>=20
>=20
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth
>=20
>=20
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth


--Apple-Mail=_F0C5B3AD-0DB1-4B50-8347-63C932DE69D5
Content-Transfer-Encoding: quoted-printable
Content-Type: text/html;
	charset=iso-8859-1

I =
don't have much data on how many request/responses an oauth web client =
does per connection. But if we force a new TLS connection for each =
access token (which may only be used for 1 or 2 request/responses) we =
will have a scalability issue. I do agree the approach is relatively =
simple and workable for native apps since there is less of a client =
performance issue. 

For web app clients, =
I'd rather keep TLS security a separate issue/layer.  For example, =
a long-lived private key (symmetric or asymmetric) could be issued to =
the client so that it can establish 2-way TLS connections that can be =
used for 1000s of requests per connection.  Then a separate =
authorization header HoK access token is used to authenticate each =
request/response.

Speaking of the authorization =
header, it's not clear in section 3.2 whether in fact an authorization =
header is sent. The implication seems to be that the resource server =
must have a way to pull the information from the TLS end-point or get it =
from the authorization header which 3.2 doesn't speak =
to.

=


Phil

@independentid
www.independentid.com
phil.hunt@oracle.com








On 2012-07-10, at 1:26 PM, William Mills wrote:

OK, but why do you =
need holder-of-key then?  I think holder-of-key gets significantly =
weird in the symmetric key case.   In the PKI case the token has =
(public_key, token, signature(public_key, token, serversecret)). =
 How will the server assert something in the credential that's =
useful in place of a plublic key (or certificate)?  I think the =
best case there is that the server is asserting a client name which the =
protected resource uses to look up the symmetric key to use for the =
signature check, but that could just be included in token anyway without =
holder-of-key.

I =
really don't see how this works with symmetric keys in any useful way =
that's not easier via another method like MAC =
tokens?


  
 
 
  
  From: prateek mishra <prateek.mishra@oracle.com>=
;
 To: "Tschofenig, =
Hannes (NSN - FI/Espoo)" <hannes.tschofenig@nsn.com>=
; 
Cc: oauth@ietf.org 
 Sent: Tuesday, July 10, 2012 =
12:00 PM
 Subject: =
Re: [OAUTH-WG] Holder-of-the-Key for OAuth
  
 



 =20

   =20
 =20
  

    Hannes,

    

    we have a variety of use-cases wherein a single server ("client")
    repeatedly interacts with a resource server for business purposes.
    These interactions may be on-behalf-of

    a single user or even multiple users. In such a use-case, use of
    assymetric signature imposes an unacceptable performance penalty and
    there is a lot of interest in being able

    to use symmetric signature instead.

    

    - prateek

    

     =20
     =20
      
      

        
Hi
            Prateek, 
=20
        
  
=20
        
why do you care =
about the symmetric key case? 
=20
        
Specifying more =
variants requires more code and
            decreases interoperability. 
=20
        
 =
 
=20
        
Ciao

            Hannes
=20
        
 =
 
=20
        
 =
 
=20
        

          

            

              
From: oauth-bounces@ietf.org
                  [mailto:oauth-bounces@ietf.org] =
On Behalf Of ext
                  prateek mishra

                  Sent: Tuesday, July 10, 2012 8:42 PM

                  To: oauth@ietf.org

                  Subject: Re: [OAUTH-WG] Holder-of-the-Key for
                  OAuth
=20
            

          

          
  
=20
          
As Phil Hunt suggests, =
there is a need
            for a discussion of the use-cases involved

            

            How to bind the key to the requestor may have several
            variations, I would hope the work would cover a broad =
range

            

            Given the importance of the symmetric key case, I would also
            be interested in key establishment methods as well

            

            

            

            
=20
          
When I say arguably,  I expect you to argue.  =

=20
          
  
=20
          
John B. 
=20
          
  
=20
          
Sent from my iPhone
=20
          
  
=20
          
On 2012-07-10, at 1:01 PM, Anthony Nadalin <tonynad@microsoft.com> =
wrote:
=20
          
  
=20
          

            

              
Binding the key to the channel is arguably the most =
secure
=20
            

            
  
=20
            
Not really, there are hardware options that give good =
security properties
=20
            
  
=20
            
-----Original Message-----
=20
            
From: John Bradley [mailto:ve7jtb@ve7jtb.com] 
=20=

            
Sent: Tuesday, July 10, 2012 9:55 AM
=20
            
To: Hannes Tschofenig
=20
            
Cc: Anthony Nadalin; Hannes Tschofenig; OAuth WG
=20=

            
Subject: Re: [OAUTH-WG] Holder-of-the-Key for =
OAuth
=20
            
  
=20
            
Binding the key to the channel is arguably the most =
secure. 
=20
            
  
=20
            
SSL offloading and other factors may prevent that from =
working in all cases. 
=20
            
  
=20
            
I suspect that we will need two OAuth bindings. One for =
TLS and one for signed message. 
=20
            
  
=20
            
John B.  
=20
            
  
=20
            
Sent from my iPhone
=20
            
  
=20
            
On 2012-07-10, at 12:11 PM, Hannes Tschofenig <hannes.tschofenig@gmx.net>=
; wrote:
=20
            
  
=20
            

              
If we do not bind the key to the channel than we will =
run into all sorts of problems. The current MAC specification =
illustrates that quite nicely. On top of that you can re-use the =
established security channel for the actual data exchange. 
=20
              
  
=20
              
On Jul 10, 2012, at 5:29 PM, Anthony Nadalin =
wrote:
=20
              
  
=20
              
=

                

                  
One question is if we want to do a generic proof =
of possession for JWT that is useful outside OAuth,  or something =
OAuth specific.    The answer may be a combined =
approach.
=20
                

                
  
=20
                
Depends if we want OAuth to support the concept of =
a request/response for a proof token and keep the actual binding for a =
separate specification, in most of our cases the keying material is =
opaque (and just a blob), where we care about the key material  is =
in the key agreement (entropy) cases.
=20
                
  
=20
                
-----Original Message-----
=20
                
From: John Bradley [mailto:ve7jtb@ve7jtb.com] 
=20=

                
Sent: Tuesday, July 10, 2012 3:34 AM
=20
                
To: Hannes Tschofenig
=20
                
Cc: Anthony Nadalin; OAuth WG
=20
                
Subject: Re: [OAUTH-WG] Holder-of-the-Key for =
OAuth
=20
                
  
=20
                
I agree that there are use-cases for all of the =
proof of possession mechanisms.
=20
                
  
=20
                
Presentment methods also need to be =
considered.   
=20
                
  
=20
                
TLS client auth may not always be the best =
option.  Sometimes message signing is more appropriate.
=20
                
  
=20
                
One question is if we want to do a generic proof of =
possession for JWT that is useful outside OAuth,  or something =
OAuth specific.    The answer may be a combined =
approach.
=20
                
  
=20
                
I think this is a good start to get discussion =
going.
=20
                
  
=20
                
John B.
=20
                
On 2012-07-09, at 3:05 PM, Hannes Tschofenig =
wrote:
=20
                
  
=20
                

                  
Hi Tony, 
=20
                  
  
=20
                  
I had to start somewhere. I had chosen the =
asymmetric version since it provides good security properties and there =
is already the BrowserID/OBC work that I had in the back of my mind. I =
am particularly interested to illustrate that you can accomplish the =
same, if not better, characteristics than BrowserID by using OAuth =
instead of starting from scratch. 
=20
                  
  
=20
                  
Regarding the symmetric keys: The asymmetric key =
can be re-used but with a symmetric key holder-of-the-key you would have =
to request a fresh one every time in order to accomplish comparable =
security benefits. 
=20
                  
  
=20
                  
Ciao
=20
                  
Hannes
=20
                  
  
=20
                  
On Jul 9, 2012, at 9:57 PM, Anthony Nadalin =
wrote:
=20
                  
  
=20
                  

                    
Hannes, thanks for drafting this, couple of =
comments:
=20
                    
  
=20
                    
1. HOK is one of Proof of Possession methods, =
should we consider others?
=20
                    
2. This seems just to handle asymmetric keys, =
need to also handle symmetric keys
=20
                    
  
=20
                    
  
=20
                    
-----Original Message-----
=20
                    
From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] =
On Behalf Of Hannes Tschofenig
=20
                    
Sent: Monday, July 09, 2012 11:15 AM
=20
                    
To: OAuth WG
=20
                    
Subject: [OAUTH-WG] Holder-of-the-Key for =
OAuth
=20
                    
  
=20
                    
Hi guys, 
=20
                    
  
=20
                    
today I submitted a short document that =
illustrates the concept of holder-of-the-key for OAuth. 
=20
                    
Here is the document: 
=20
                    
http=
s://datatracker.ietf.org/doc/draft-tschofenig-oauth-hotk
=20
                    
  
=20
                    
Your feedback is welcome 
=20
                    
  
=20
                    
Ciao
=20
                    
Hannes
=20
                    
  
=20
                    =

_______________________________________________
=20
                    
OAuth mailing list
=20
                    
OAuth@ietf.org
=20
                    
https://www.ietf.org/=
mailman/listinfo/oauth
=20
                    
  
=20
                    
  
=20
                    
  
=20
                    
  
=20
                    
  
=20
                  

                  
  
=20
                  =

_______________________________________________
=20
                  
OAuth mailing list
=20
                  
OAuth@ietf.org
=20
                  
https://www.ietf.org/=
mailman/listinfo/oauth
=20
                

                
  
=20
                
  
=20
                
  
=20
                
  
=20
                
  
=20
                
  
=20
              

              
  
=20
            

            
  
=20
            
  
=20
            


              

              

              
=20
            
_______________________________________________
=20=

            
OAuth mailing list
=20
            
OAuth@ietf.org
=20=

            
https://www.ietf.org/=
mailman/listinfo/oauth
=20
          

          
  
=20
        

      

    

    

    

  




_______________________________________________
OAuth =
mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth

<=
br> 
 
  =

_______________________________________________
OAuth =
mailing list
OAuth@ietf.org
https://www.ietf.org/=
mailman/listinfo/oauth

<=
/body>=

--Apple-Mail=_F0C5B3AD-0DB1-4B50-8347-63C932DE69D5--

From James.H.Manger@team.telstra.com  Tue Jul 10 17:44:35 2012
Return-Path: 
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8FF9411E8107 for ; Tue, 10 Jul 2012 17:44:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.96
X-Spam-Level: 
X-Spam-Status: No, score=-0.96 tagged_above=-999 required=5 tests=[AWL=-0.060,  BAYES_00=-2.599, HELO_EQ_AU=0.377, HOST_EQ_AU=0.327, HTML_MESSAGE=0.001, RELAY_IS_203=0.994]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TNxMk3pkbZhW for ; Tue, 10 Jul 2012 17:44:34 -0700 (PDT)
Received: from ipxbvo.tcif.telstra.com.au (ipxbvo.tcif.telstra.com.au [203.35.135.204]) by ietfa.amsl.com (Postfix) with ESMTP id C8C9E11E80A1 for ; Tue, 10 Jul 2012 17:44:33 -0700 (PDT)
X-IronPort-AV: E=Sophos;i="4.77,564,1336312800"; d="scan'208,217";a="81814468"
Received: from unknown (HELO ipcdvi.tcif.telstra.com.au) ([10.97.217.212]) by ipobvi.tcif.telstra.com.au with ESMTP; 11 Jul 2012 10:45:03 +1000
X-IronPort-AV: E=McAfee;i="5400,1158,6768"; a="75136258"
Received: from wsmsg3703.srv.dir.telstra.com ([172.49.40.171]) by ipcdvi.tcif.telstra.com.au with ESMTP; 11 Jul 2012 10:45:00 +1000
Received: from WSMSG3153V.srv.dir.telstra.com ([172.49.40.159]) by WSMSG3703.srv.dir.telstra.com ([172.49.40.171]) with mapi; Wed, 11 Jul 2012 10:45:01 +1000
From: "Manger, James H" 
To: OAuth WG 
Date: Wed, 11 Jul 2012 10:44:59 +1000
Thread-Topic: [OAUTH-WG] Holder-of-the-Key for OAuth
Thread-Index: Ac1evI2efezHiGEaTqeWeT0ddoM7uQAPi3hw
Message-ID: <255B9BB34FB7D647A506DC292726F6E114F7977D9C@WSMSG3153V.srv.dir.telstra.com>
References: <8FB1BC31-D183-47A0-9792-4FDF460AFAA1@gmx.net> <255B9BB34FB7D647A506DC292726F6E114F7977420@WSMSG3153V.srv.dir.telstra.com> <1341939214.6093.YahooMailNeo@web31811.mail.mud.yahoo.com>
In-Reply-To: <1341939214.6093.YahooMailNeo@web31811.mail.mud.yahoo.com>
Accept-Language: en-US, en-AU
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
acceptlanguage: en-US, en-AU
Content-Type: multipart/alternative; boundary="_000_255B9BB34FB7D647A506DC292726F6E114F7977D9CWSMSG3153Vsrv_"
MIME-Version: 1.0
Subject: Re: [OAUTH-WG] Holder-of-the-Key for OAuth
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG 
List-Unsubscribe: , 
List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: , 
X-List-Received-Date: Wed, 11 Jul 2012 00:44:35 -0000

--_000_255B9BB34FB7D647A506DC292726F6E114F7977D9CWSMSG3153Vsrv_
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64

V2lsbGlhbSBNaWxscyB3cm90ZToNCj4gVGhlIHNlcnZlciB3b3VsZCBuZWVkIHRvIGlzc3VlIGEg
a2V5IHBhaXIgYW5kIG5vdCBqdXN0IHRoZSBwcml2YXRlIGtleS4gIEFyZSB5b3Ugc2F5aW5nIHRo
ZSBwcml2YXRlIGtleSBpcyBmb3IgdGhlIGNlcnRpZmljYXRlLCBhbmQgdGhhdCBjZXJ0aWZpY2F0
ZSBpcyBwYXJ0IG9mIHRoZSBhY2Nlc3NfdG9rZW4/DQoNClllcy4gVGhlIEFTIGlzc3VlcyB0ZW1w
b3JhcnkgY3JlZGVudGlhbHMgZm9yIHRoZSBjbGllbnQgYXBwIHRvIHVzZS4gSW4gdGhpcyBjYXNl
IHRoZSBjcmVkZW50aWFscyBhcmUgYSBwdWJsaWMvcHJpdmF0ZSBrZXkgcGFpciBhbmQgYXNzb2Np
YXRlZCBjZXJ0aWZpY2F0ZSB0byBiZSB1c2VkIGluIFRMUy4gVGhlIGNlcnQgKHdoaWNoIGluY2x1
ZGVzIHRoZSBwdWJsaWMga2V5IGFuZCBhbnkgaW5mbyB0aGUgQVMgd2FudHMpIGlzIHJldHVybmVk
IGluIHRoZSDigJxhY2Nlc3NfdG9rZW7igJ0gZmllbGQuIFRoZSBwcml2YXRlIGtleSBpcyByZXR1
cm5lZCBpbiBhIHNlcGFyYXRlIGZpZWxkLg0KDQoNCkpvaG4gQnJhZGxleSB3cm90ZToNCg0KPiBJ
IHN1c3BlY3QgdGhhdCB3ZSB3aWxsIG5lZWQgdHdvIE9BdXRoIGJpbmRpbmdzLiBPbmUgZm9yIFRM
UyBhbmQgb25lIGZvciBzaWduZWQgbWVzc2FnZS4NCg0KDQpJIGFncmVlLiBGb3IgaW5zdGFuY2Us
IHNldCDigJx0b2tlbl90eXBl4oCdOuKAnXRsc19jbGllbnRfY2VydOKAnSB3aGVuIHRoZSBjbGll
bnQgaGFzIHRvIHVzZSBUTFM7IHNldCDigJx0b2tlbl90eXBl4oCdOuKAnWNtc+KAnSB3aGVuIHRo
ZSBjbGllbnQgaGFzIHRvIGRpZ2l0YWxseSBzaWduIG1lc3NhZ2VzIHVzaW5nIENyeXB0byBNZXNz
YWdlIFN5bnRheCAoQ01TKTsg4oCmLg0KDQoNCj4gV2Ugc2hvdWxkIGJlIHN1cHBvcnRpbmcgYm90
aCB0aGUgY2xpZW50IHByb3ZpZGluZyB0aGUga2V5IHBhaXIgYW5kIGEgc2VydmVyIGdlbmVyYXRl
ZCBwYWlyLg0KDQpPay4gRG8geW91IGV4cGVjdCBhIGNsaWVudCBhcHAgdG8gdXNlIGEgc2VwYXJh
dGUga2V5IHBhaXIgZm9yIGVhY2ggYXV0aG9yaXphdGlvbj8gT3IgZG8geW91IGV4cGVjdCBhIGNs
aWVudCBhcHAgdG8gaGF2ZSBvbmUga2V5IHBhaXIgZm9yIGFsbCBhY3Rpb25zIChvbiBiZWhhbGYg
b2YgYWxsIHVzZXJzKSBhbmQgdXNlIHRoZSBhY2Nlc3NfdG9rZW4gdG8gZGlzdGluZ3Vpc2ggdGhl
IGF1dGhvcml6YXRpb24gaW4gZWFjaCByZXF1ZXN0PyBPciBzb21ldGhpbmcgaW4gYmV0d2Vlbj8N
Cg0KLS0NCkphbWVzIE1hbmdlcg0KDQpfX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fXw0K
RnJvbTogIk1hbmdlciwgSmFtZXMgSCIgPEphbWVzLkguTWFuZ2VyQHRlYW0udGVsc3RyYS5jb20+
DQpUbzogSGFubmVzIFRzY2hvZmVuaWcgPGhhbm5lcy50c2Nob2ZlbmlnQGdteC5uZXQ+OyBPQXV0
aCBXRyA8b2F1dGhAaWV0Zi5vcmc+DQpTZW50OiBNb25kYXksIEp1bHkgOSwgMjAxMiA4OjU0IFBN
DQpTdWJqZWN0OiBSZTogW09BVVRILVdHXSBIb2xkZXItb2YtdGhlLUtleSBmb3IgT0F1dGgNCg0K
SGFubmVzLA0KDQo+IHRvZGF5IEkgc3VibWl0dGVkIGEgc2hvcnQgZG9jdW1lbnQgdGhhdCBpbGx1
c3RyYXRlcyB0aGUgY29uY2VwdCBvZg0KPiBob2xkZXItb2YtdGhlLWtleSBmb3IgT0F1dGguDQo+
IEhlcmUgaXMgdGhlIGRvY3VtZW50Og0KPiBodHRwczovL2RhdGF0cmFja2VyLmlldGYub3JnL2Rv
Yy9kcmFmdC10c2Nob2ZlbmlnLW9hdXRoLWhvdGsNCg0KDQpBIGRpZmZlcmVudCBhcHByb2FjaCB3
b3VsZCBiZSBmb3IgdGhlIHNlcnZpY2UgdG8gaXNzdWUgYSBwcml2YXRlIGFzeW1tZXRyaWMga2V5
IHRvIHRoZSBjbGllbnQgYXBwLCBhbG9uZyB3aXRoIGEgY2VydGlmaWNhdGUsIGluIHRoZSBhY2Nl
c3MgdG9rZW4gcmVzcG9uc2UuIFRoaXMgaXMgYSBzbGlnaHRseSBiZXR0ZXIgbWF0Y2ggdG8gdGhl
IE9BdXRoMiBtb2RlbCBvZiB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2aWNlIGlzc3VpbmcgdGVtcG9y
YXJ5IGNyZWRlbnRpYWxzIGZvciBhY2Nlc3NpbmcgcmVzb3VyY2VzIG9uIGEgdXNlcuKAmXMgYmVo
YWxmLg0KDQpXaGVuIHRoZSB0b2tlbl90eXBlIGlzICJ0bHNfY2xpZW50X2NlcnQiIChwcm9iYWJs
eSBhIGJldHRlciBsYWJlbCB0aGFuICJob3RrIiksIHRoZSBjbGllbnQgY2FuIGFjY2VzcyBwcm90
ZWN0ZWQgcmVzb3VyY2VzIHVzaW5nIFRMUyB3aXRoIGNsaWVudCBhdXRoZW50aWNhdGlvbjsgdXNp
bmcgdGhlIGtleSBmcm9tIHRoZSAicHJpdmF0ZV9rZXkiIGZpZWxkLiBUaGUgImFjY2Vzc190b2tl
biIgZmllbGQgaG9sZHMgYSBiYXNlNjR1cmwtZW5jb2RlZCBjZXJ0aWZpY2F0ZSB0byBpbmNsdWRl
IGluIHRoZSBUTFMgaGFuZHNoYWtlLg0KDQpBbiBleGFtcGxlIGFjY2VzcyB0b2tlbiByZXNwb25z
ZSBjb3VsZCBiZToNCg0KICBIVFRQLzEuMSAyMDAgT0sNCiAgQ29udGVudC1UeXBlOiBhcHBsaWNh
dGlvbi9qc29uO2NoYXJzZXQ9VVRGLTgNCiAgQ2FjaGUtQ29udHJvbDogbm8tc3RvcmUNCiAgUHJh
Z21hOiBuby1jYWNoZQ0KDQogIHsNCiAgICAidG9rZW5fdHlwZSI6InRsc19jbGllbnRfY2VydCIs
DQogICAgImFjY2Vzc190b2tlbiI6Ik1JSUdjRENDQmRtZ0F3SUJBZ0lLReKApiIsDQogICAgInBy
aXZhdGVfa2V5Ijp7DQogICAgICAiYWxnIjoiUlNBIiwgIm1vZCI6Ik92eDfigKYiLCAicCI6Ijdk
ReKApiIsICJxIjoiZkoz4oCmIiwg4oCmDQogICAgfSwNCiAgICAiZXhwaXJlc19pbiI6MzYwMCwN
CiAgICAicmVmcmVzaF90b2tlbiI6InRHenYzSk9rRjBYRzVReDJUbEtXSUEiDQogIH0NCg0KDQpU
aGUgc3VnZ2VzdGlvbiBhYm92ZSBwYXNzZXMgdGhlICJhY2Nlc3NfdG9rZW4iIHRvIHRoZSBwcm90
ZWN0ZWQgcmVzb3VyY2UgaW4gdGhlIFRMUyBwcm90b2NvbCBpbiB0aGUgZm9ybSBvZiBhIGNlcnRp
ZmljYXRlLg0KZHJhZnQtdHNjaG9mZW5pZy1vYXV0aC1ob3RrIHNheXMgdGhlIGNsaWVudCAicHJl
c2VudHMgdGhlIGFjY2VzcyB0b2tlbiB0byB0aGUgcmVzb3VyY2Ugc2VydmVyIiwgYnV0IGl0IHdh
c24ndCBjbGVhciB0byBtZSBob3cgaXQgd2FzIGRvbmUuIFdlcmUgeW91IGV4cGVjdGluZyB0aGUg
Y2xpZW50IHRvIHVzZSB0aGUgQkVBUkVSIEhUVFAgYXV0aCBzY2hlbWUgaW5zaWRlIHRoZSBjbGll
bnQtYXV0aGVudGljYXRlZCBUTFMgY29ubmVjdGlvbj8NCg0KLS0NCkphbWVzIE1hbmdlcg0KDQpf
X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fXw0KT0F1dGggbWFp
bGluZyBsaXN0DQpPQXV0aEBpZXRmLm9yZzxtYWlsdG86T0F1dGhAaWV0Zi5vcmc+DQpodHRwczov
L3d3dy5pZXRmLm9yZy9tYWlsbWFuL2xpc3RpbmZvL29hdXRoDQoNCg==

--_000_255B9BB34FB7D647A506DC292726F6E114F7977D9CWSMSG3153Vsrv_
Content-Type: text/html; charset="utf-8"
Content-Transfer-Encoding: base64

PGh0bWwgeG1sbnM6dj0idXJuOnNjaGVtYXMtbWljcm9zb2Z0LWNvbTp2bWwiIHhtbG5zOm89InVy
bjpzY2hlbWFzLW1pY3Jvc29mdC1jb206b2ZmaWNlOm9mZmljZSIgeG1sbnM6dz0idXJuOnNjaGVt
YXMtbWljcm9zb2Z0LWNvbTpvZmZpY2U6d29yZCIgeG1sbnM6bT0iaHR0cDovL3NjaGVtYXMubWlj
cm9zb2Z0LmNvbS9vZmZpY2UvMjAwNC8xMi9vbW1sIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv
VFIvUkVDLWh0bWw0MCI+PGhlYWQ+PG1ldGEgaHR0cC1lcXVpdj1Db250ZW50LVR5cGUgY29udGVu
dD0idGV4dC9odG1sOyBjaGFyc2V0PXV0Zi04Ij48bWV0YSBuYW1lPUdlbmVyYXRvciBjb250ZW50
PSJNaWNyb3NvZnQgV29yZCAxMiAoZmlsdGVyZWQgbWVkaXVtKSI+PCEtLVtpZiAhbXNvXT48c3R5
bGU+dlw6KiB7YmVoYXZpb3I6dXJsKCNkZWZhdWx0I1ZNTCk7fQ0Kb1w6KiB7YmVoYXZpb3I6dXJs
KCNkZWZhdWx0I1ZNTCk7fQ0Kd1w6KiB7YmVoYXZpb3I6dXJsKCNkZWZhdWx0I1ZNTCk7fQ0KLnNo
YXBlIHtiZWhhdmlvcjp1cmwoI2RlZmF1bHQjVk1MKTt9DQo8L3N0eWxlPjwhW2VuZGlmXS0tPjxz
dHlsZT48IS0tDQovKiBGb250IERlZmluaXRpb25zICovDQpAZm9udC1mYWNlDQoJe2ZvbnQtZmFt
aWx5OiJDYW1icmlhIE1hdGgiOw0KCXBhbm9zZS0xOjIgNCA1IDMgNSA0IDYgMyAyIDQ7fQ0KQGZv
bnQtZmFjZQ0KCXtmb250LWZhbWlseTpDYWxpYnJpOw0KCXBhbm9zZS0xOjIgMTUgNSAyIDIgMiA0
IDMgMiA0O30NCkBmb250LWZhY2UNCgl7Zm9udC1mYW1pbHk6Q29uc29sYXM7DQoJcGFub3NlLTE6
MiAxMSA2IDkgMiAyIDQgMyAyIDQ7fQ0KLyogU3R5bGUgRGVmaW5pdGlvbnMgKi8NCnAuTXNvTm9y
bWFsLCBsaS5Nc29Ob3JtYWwsIGRpdi5Nc29Ob3JtYWwNCgl7bWFyZ2luOjBjbTsNCgltYXJnaW4t
Ym90dG9tOi4wMDAxcHQ7DQoJZm9udC1zaXplOjEyLjBwdDsNCglmb250LWZhbWlseToiVGltZXMg
TmV3IFJvbWFuIiwic2VyaWYiO30NCmE6bGluaywgc3Bhbi5Nc29IeXBlcmxpbmsNCgl7bXNvLXN0
eWxlLXByaW9yaXR5Ojk5Ow0KCWNvbG9yOmJsdWU7DQoJdGV4dC1kZWNvcmF0aW9uOnVuZGVybGlu
ZTt9DQphOnZpc2l0ZWQsIHNwYW4uTXNvSHlwZXJsaW5rRm9sbG93ZWQNCgl7bXNvLXN0eWxlLXBy
aW9yaXR5Ojk5Ow0KCWNvbG9yOnB1cnBsZTsNCgl0ZXh0LWRlY29yYXRpb246dW5kZXJsaW5lO30N
CnAuTXNvUGxhaW5UZXh0LCBsaS5Nc29QbGFpblRleHQsIGRpdi5Nc29QbGFpblRleHQNCgl7bXNv
LXN0eWxlLXByaW9yaXR5Ojk5Ow0KCW1zby1zdHlsZS1saW5rOiJQbGFpbiBUZXh0IENoYXIiOw0K
CW1hcmdpbjowY207DQoJbWFyZ2luLWJvdHRvbTouMDAwMXB0Ow0KCWZvbnQtc2l6ZToxMC41cHQ7
DQoJZm9udC1mYW1pbHk6Q29uc29sYXM7fQ0Kc3Bhbi5FbWFpbFN0eWxlMTcNCgl7bXNvLXN0eWxl
LXR5cGU6cGVyc29uYWwtcmVwbHk7DQoJZm9udC1mYW1pbHk6IkNhbGlicmkiLCJzYW5zLXNlcmlm
IjsNCgljb2xvcjojMUY0OTdEO30NCnNwYW4uUGxhaW5UZXh0Q2hhcg0KCXttc28tc3R5bGUtbmFt
ZToiUGxhaW4gVGV4dCBDaGFyIjsNCgltc28tc3R5bGUtcHJpb3JpdHk6OTk7DQoJbXNvLXN0eWxl
LWxpbms6IlBsYWluIFRleHQiOw0KCWZvbnQtZmFtaWx5OkNvbnNvbGFzO30NCi5Nc29DaHBEZWZh
dWx0DQoJe21zby1zdHlsZS10eXBlOmV4cG9ydC1vbmx5Ow0KCWZvbnQtc2l6ZToxMC4wcHQ7fQ0K
QHBhZ2UgV29yZFNlY3Rpb24xDQoJe3NpemU6NjEyLjBwdCA3OTIuMHB0Ow0KCW1hcmdpbjo3Mi4w
cHQgNzIuMHB0IDcyLjBwdCA3Mi4wcHQ7fQ0KZGl2LldvcmRTZWN0aW9uMQ0KCXtwYWdlOldvcmRT
ZWN0aW9uMTt9DQotLT48L3N0eWxlPjwhLS1baWYgZ3RlIG1zbyA5XT48eG1sPg0KPG86c2hhcGVk
ZWZhdWx0cyB2OmV4dD0iZWRpdCIgc3BpZG1heD0iMTAyNiIgLz4NCjwveG1sPjwhW2VuZGlmXS0t
PjwhLS1baWYgZ3RlIG1zbyA5XT48eG1sPg0KPG86c2hhcGVsYXlvdXQgdjpleHQ9ImVkaXQiPg0K
PG86aWRtYXAgdjpleHQ9ImVkaXQiIGRhdGE9IjEiIC8+DQo8L286c2hhcGVsYXlvdXQ+PC94bWw+
PCFbZW5kaWZdLS0+PC9oZWFkPjxib2R5IGxhbmc9RU4tQVUgbGluaz1ibHVlIHZsaW5rPXB1cnBs
ZT48ZGl2IGNsYXNzPVdvcmRTZWN0aW9uMT48cCBjbGFzcz1Nc29Ob3JtYWw+PHNwYW4gc3R5bGU9
J2ZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6IkNhbGlicmkiLCJzYW5zLXNlcmlmIjtjb2xv
cjojMUY0OTdEJz5XaWxsaWFtIE1pbGxzIHdyb3RlOjxvOnA+PC9vOnA+PC9zcGFuPjwvcD48cCBj
bGFzcz1Nc29Ob3JtYWwgc3R5bGU9J2JhY2tncm91bmQ6d2hpdGUnPjxzcGFuIHN0eWxlPSdjb2xv
cjpibGFjayc+Jmd0OyBUaGUgc2VydmVyIHdvdWxkIG5lZWQgdG8gaXNzdWUgYSBrZXkgcGFpciBh
bmQgbm90IGp1c3QgdGhlIHByaXZhdGUga2V5LiAmbmJzcDtBcmUgeW91IHNheWluZyB0aGUgcHJp
dmF0ZSBrZXkgaXMgZm9yIHRoZSBjZXJ0aWZpY2F0ZSwgYW5kIHRoYXQgY2VydGlmaWNhdGUgaXMg
cGFydCBvZiB0aGUgYWNjZXNzX3Rva2VuPzxvOnA+PC9vOnA+PC9zcGFuPjwvcD48cCBjbGFzcz1N
c29Ob3JtYWw+PHNwYW4gc3R5bGU9J2ZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6IkNhbGli
cmkiLCJzYW5zLXNlcmlmIjtjb2xvcjojMUY0OTdEJz48bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48
L3A+PHAgY2xhc3M9TXNvTm9ybWFsPjxzcGFuIHN0eWxlPSdmb250LXNpemU6MTEuMHB0O2ZvbnQt
ZmFtaWx5OiJDYWxpYnJpIiwic2Fucy1zZXJpZiI7Y29sb3I6IzFGNDk3RCc+WWVzLiBUaGUgQVMg
aXNzdWVzIHRlbXBvcmFyeSBjcmVkZW50aWFscyBmb3IgdGhlIGNsaWVudCBhcHAgdG8gdXNlLiBJ
biB0aGlzIGNhc2UgdGhlIGNyZWRlbnRpYWxzIGFyZSBhIHB1YmxpYy9wcml2YXRlIGtleSBwYWly
IGFuZCBhc3NvY2lhdGVkIGNlcnRpZmljYXRlIHRvIGJlIHVzZWQgaW4gVExTLiBUaGUgY2VydCAo
d2hpY2ggaW5jbHVkZXMgdGhlIHB1YmxpYyBrZXkgYW5kIGFueSBpbmZvIHRoZSBBUyB3YW50cykg
aXMgcmV0dXJuZWQgaW4gdGhlIOKAnGFjY2Vzc190b2tlbuKAnSBmaWVsZC4gVGhlIHByaXZhdGUg
a2V5IGlzIHJldHVybmVkIGluIGEgc2VwYXJhdGUgZmllbGQuPG86cD48L286cD48L3NwYW4+PC9w
PjxwIGNsYXNzPU1zb05vcm1hbD48c3BhbiBzdHlsZT0nZm9udC1zaXplOjExLjBwdDtmb250LWZh
bWlseToiQ2FsaWJyaSIsInNhbnMtc2VyaWYiO2NvbG9yOiMxRjQ5N0QnPjxvOnA+Jm5ic3A7PC9v
OnA+PC9zcGFuPjwvcD48cCBjbGFzcz1Nc29Ob3JtYWw+PHNwYW4gc3R5bGU9J2ZvbnQtc2l6ZTox
MS4wcHQ7Zm9udC1mYW1pbHk6IkNhbGlicmkiLCJzYW5zLXNlcmlmIjtjb2xvcjojMUY0OTdEJz48
bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+PHAgY2xhc3M9TXNvTm9ybWFsPjxzcGFuIHN0eWxl
PSdmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiJDYWxpYnJpIiwic2Fucy1zZXJpZiI7Y29s
b3I6IzFGNDk3RCc+Sm9obiBCcmFkbGV5IHdyb3RlOjxvOnA+PC9vOnA+PC9zcGFuPjwvcD48cCBj
bGFzcz1Nc29QbGFpblRleHQ+Jmd0OyBJIHN1c3BlY3QgdGhhdCB3ZSB3aWxsIG5lZWQgdHdvIE9B
dXRoIGJpbmRpbmdzLiBPbmUgZm9yIFRMUyBhbmQgb25lIGZvciBzaWduZWQgbWVzc2FnZS4gPG86
cD48L286cD48L3A+PHAgY2xhc3M9TXNvUGxhaW5UZXh0PjxvOnA+Jm5ic3A7PC9vOnA+PC9wPjxw
IGNsYXNzPU1zb05vcm1hbD48c3BhbiBzdHlsZT0nZm9udC1zaXplOjExLjBwdDtmb250LWZhbWls
eToiQ2FsaWJyaSIsInNhbnMtc2VyaWYiO2NvbG9yOiMxRjQ5N0QnPkkgYWdyZWUuIEZvciBpbnN0
YW5jZSwgc2V0IOKAnHRva2VuX3R5cGXigJ064oCddGxzX2NsaWVudF9jZXJ04oCdIHdoZW4gdGhl
IGNsaWVudCBoYXMgdG8gdXNlIFRMUzsgc2V0IOKAnHRva2VuX3R5cGXigJ064oCdY21z4oCdIHdo
ZW4gdGhlIGNsaWVudCBoYXMgdG8gZGlnaXRhbGx5IHNpZ24gbWVzc2FnZXMgdXNpbmcgQ3J5cHRv
IE1lc3NhZ2UgU3ludGF4IChDTVMpOyDigKYuPG86cD48L286cD48L3NwYW4+PC9wPjxwIGNsYXNz
PU1zb05vcm1hbD48c3BhbiBzdHlsZT0nZm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseToiQ2Fs
aWJyaSIsInNhbnMtc2VyaWYiO2NvbG9yOiMxRjQ5N0QnPjxvOnA+Jm5ic3A7PC9vOnA+PC9zcGFu
PjwvcD48cCBjbGFzcz1Nc29Ob3JtYWw+PHNwYW4gc3R5bGU9J2ZvbnQtc2l6ZToxMS4wcHQ7Zm9u
dC1mYW1pbHk6IkNhbGlicmkiLCJzYW5zLXNlcmlmIjtjb2xvcjojMUY0OTdEJz48bzpwPiZuYnNw
OzwvbzpwPjwvc3Bhbj48L3A+PHAgY2xhc3M9TXNvTm9ybWFsPiZndDsgV2Ugc2hvdWxkIGJlIHN1
cHBvcnRpbmcgYm90aCB0aGUgY2xpZW50IHByb3ZpZGluZyB0aGUga2V5IHBhaXIgYW5kIGEgc2Vy
dmVyIGdlbmVyYXRlZCBwYWlyLjxzcGFuIHN0eWxlPSdmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFt
aWx5OiJDYWxpYnJpIiwic2Fucy1zZXJpZiI7Y29sb3I6IzFGNDk3RCc+PG86cD48L286cD48L3Nw
YW4+PC9wPjxwIGNsYXNzPU1zb05vcm1hbD48c3BhbiBzdHlsZT0nZm9udC1zaXplOjExLjBwdDtm
b250LWZhbWlseToiQ2FsaWJyaSIsInNhbnMtc2VyaWYiO2NvbG9yOiMxRjQ5N0QnPjxvOnA+Jm5i
c3A7PC9vOnA+PC9zcGFuPjwvcD48cCBjbGFzcz1Nc29Ob3JtYWw+PHNwYW4gc3R5bGU9J2ZvbnQt
c2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6IkNhbGlicmkiLCJzYW5zLXNlcmlmIjtjb2xvcjojMUY0
OTdEJz5Pay4gRG8geW91IGV4cGVjdCBhIGNsaWVudCBhcHAgdG8gdXNlIGEgc2VwYXJhdGUga2V5
IHBhaXIgZm9yIGVhY2ggYXV0aG9yaXphdGlvbj8gT3IgZG8geW91IGV4cGVjdCBhIGNsaWVudCBh
cHAgdG8gaGF2ZSBvbmUga2V5IHBhaXIgZm9yIGFsbCBhY3Rpb25zIChvbiBiZWhhbGYgb2YgYWxs
IHVzZXJzKSBhbmQgdXNlIHRoZSBhY2Nlc3NfdG9rZW4gdG8gZGlzdGluZ3Vpc2ggdGhlIGF1dGhv
cml6YXRpb24gaW4gZWFjaCByZXF1ZXN0PyBPciBzb21ldGhpbmcgaW4gYmV0d2Vlbj88bzpwPjwv
bzpwPjwvc3Bhbj48L3A+PHAgY2xhc3M9TXNvTm9ybWFsPjxzcGFuIHN0eWxlPSdmb250LXNpemU6
MTEuMHB0O2ZvbnQtZmFtaWx5OiJDYWxpYnJpIiwic2Fucy1zZXJpZiI7Y29sb3I6IzFGNDk3RCc+
PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9wPjxkaXY+PHAgY2xhc3M9TXNvTm9ybWFsPjxzcGFu
IHN0eWxlPSdmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiJDYWxpYnJpIiwic2Fucy1zZXJp
ZiI7Y29sb3I6IzFGNDk3RCc+LS08bzpwPjwvbzpwPjwvc3Bhbj48L3A+PHAgY2xhc3M9TXNvTm9y
bWFsPjxzcGFuIHN0eWxlPSdmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiJDYWxpYnJpIiwi
c2Fucy1zZXJpZiI7Y29sb3I6IzFGNDk3RCc+SmFtZXMgTWFuZ2VyPG86cD48L286cD48L3NwYW4+
PC9wPjwvZGl2PjxkaXYgc3R5bGU9J2JvcmRlcjpub25lO2JvcmRlci1sZWZ0OnNvbGlkIGJsdWUg
MS41cHQ7cGFkZGluZzowY20gMGNtIDBjbSA0LjBwdCc+PGRpdj48ZGl2PjxwIGNsYXNzPU1zb05v
cm1hbCBzdHlsZT0nYmFja2dyb3VuZDp3aGl0ZSc+PHNwYW4gc3R5bGU9J2NvbG9yOmJsYWNrJz48
bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+PC9kaXY+PGRpdj48ZGl2PjxkaXY+PGRpdiBjbGFz
cz1Nc29Ob3JtYWwgYWxpZ249Y2VudGVyIHN0eWxlPSd0ZXh0LWFsaWduOmNlbnRlcjtiYWNrZ3Jv
dW5kOndoaXRlJz48c3BhbiBzdHlsZT0nZm9udC1zaXplOjEwLjBwdDtmb250LWZhbWlseToiQXJp
YWwiLCJzYW5zLXNlcmlmIjtjb2xvcjpibGFjayc+PGhyIHNpemU9MSB3aWR0aD0iMTAwJSIgYWxp
Z249Y2VudGVyPjwvc3Bhbj48L2Rpdj48cCBjbGFzcz1Nc29Ob3JtYWwgc3R5bGU9J2JhY2tncm91
bmQ6d2hpdGUnPjxiPjxzcGFuIHN0eWxlPSdmb250LXNpemU6MTAuMHB0O2ZvbnQtZmFtaWx5OiJB
cmlhbCIsInNhbnMtc2VyaWYiO2NvbG9yOmJsYWNrJz5Gcm9tOjwvc3Bhbj48L2I+PHNwYW4gc3R5
bGU9J2ZvbnQtc2l6ZToxMC4wcHQ7Zm9udC1mYW1pbHk6IkFyaWFsIiwic2Fucy1zZXJpZiI7Y29s
b3I6YmxhY2snPiAmcXVvdDtNYW5nZXIsIEphbWVzIEgmcXVvdDsgJmx0O0phbWVzLkguTWFuZ2Vy
QHRlYW0udGVsc3RyYS5jb20mZ3Q7PGJyPjxiPlRvOjwvYj4gSGFubmVzIFRzY2hvZmVuaWcgJmx0
O2hhbm5lcy50c2Nob2ZlbmlnQGdteC5uZXQmZ3Q7OyBPQXV0aCBXRyAmbHQ7b2F1dGhAaWV0Zi5v
cmcmZ3Q7IDxicj48Yj5TZW50OjwvYj4gTW9uZGF5LCBKdWx5IDksIDIwMTIgODo1NCBQTTxicj48
Yj5TdWJqZWN0OjwvYj4gUmU6IFtPQVVUSC1XR10gSG9sZGVyLW9mLXRoZS1LZXkgZm9yIE9BdXRo
PC9zcGFuPjxzcGFuIHN0eWxlPSdjb2xvcjpibGFjayc+PG86cD48L286cD48L3NwYW4+PC9wPjwv
ZGl2PjxwIGNsYXNzPU1zb05vcm1hbCBzdHlsZT0nbWFyZ2luLWJvdHRvbToxMi4wcHQ7YmFja2dy
b3VuZDp3aGl0ZSc+PHNwYW4gc3R5bGU9J2NvbG9yOmJsYWNrJz48YnI+SGFubmVzLDxicj48YnI+
Jmd0OyB0b2RheSBJIHN1Ym1pdHRlZCBhIHNob3J0IGRvY3VtZW50IHRoYXQgaWxsdXN0cmF0ZXMg
dGhlIGNvbmNlcHQgb2Y8YnI+Jmd0OyBob2xkZXItb2YtdGhlLWtleSBmb3IgT0F1dGguPGJyPiZn
dDsgSGVyZSBpcyB0aGUgZG9jdW1lbnQ6PGJyPiZndDsgPGEgaHJlZj0iaHR0cHM6Ly9kYXRhdHJh
Y2tlci5pZXRmLm9yZy9kb2MvZHJhZnQtdHNjaG9mZW5pZy1vYXV0aC1ob3RrIiB0YXJnZXQ9Il9i
bGFuayI+aHR0cHM6Ly9kYXRhdHJhY2tlci5pZXRmLm9yZy9kb2MvZHJhZnQtdHNjaG9mZW5pZy1v
YXV0aC1ob3RrIDwvYT48YnI+PGJyPjxicj5BIGRpZmZlcmVudCBhcHByb2FjaCB3b3VsZCBiZSBm
b3IgdGhlIHNlcnZpY2UgdG8gaXNzdWUgYSBwcml2YXRlIGFzeW1tZXRyaWMga2V5IHRvIHRoZSBj
bGllbnQgYXBwLCBhbG9uZyB3aXRoIGEgY2VydGlmaWNhdGUsIGluIHRoZSBhY2Nlc3MgdG9rZW4g
cmVzcG9uc2UuIFRoaXMgaXMgYSBzbGlnaHRseSBiZXR0ZXIgbWF0Y2ggdG8gdGhlIE9BdXRoMiBt
b2RlbCBvZiB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2aWNlIGlzc3VpbmcgdGVtcG9yYXJ5IGNyZWRl
bnRpYWxzIGZvciBhY2Nlc3NpbmcgcmVzb3VyY2VzIG9uIGEgdXNlcuKAmXMgYmVoYWxmLjxicj48
YnI+V2hlbiB0aGUgdG9rZW5fdHlwZSBpcyAmcXVvdDt0bHNfY2xpZW50X2NlcnQmcXVvdDsgKHBy
b2JhYmx5IGEgYmV0dGVyIGxhYmVsIHRoYW4gJnF1b3Q7aG90ayZxdW90OyksIHRoZSBjbGllbnQg
Y2FuIGFjY2VzcyBwcm90ZWN0ZWQgcmVzb3VyY2VzIHVzaW5nIFRMUyB3aXRoIGNsaWVudCBhdXRo
ZW50aWNhdGlvbjsgdXNpbmcgdGhlIGtleSBmcm9tIHRoZSAmcXVvdDtwcml2YXRlX2tleSZxdW90
OyBmaWVsZC4gVGhlICZxdW90O2FjY2Vzc190b2tlbiZxdW90OyBmaWVsZCBob2xkcyBhIGJhc2U2
NHVybC1lbmNvZGVkIGNlcnRpZmljYXRlIHRvIGluY2x1ZGUgaW4gdGhlIFRMUyBoYW5kc2hha2Uu
PGJyPjxicj5BbiBleGFtcGxlIGFjY2VzcyB0b2tlbiByZXNwb25zZSBjb3VsZCBiZTo8YnI+PGJy
PiZuYnNwOyBIVFRQLzEuMSAyMDAgT0s8YnI+Jm5ic3A7IENvbnRlbnQtVHlwZTogYXBwbGljYXRp
b24vanNvbjtjaGFyc2V0PVVURi04PGJyPiZuYnNwOyBDYWNoZS1Db250cm9sOiBuby1zdG9yZTxi
cj4mbmJzcDsgUHJhZ21hOiBuby1jYWNoZTxicj48YnI+Jm5ic3A7IHs8YnI+Jm5ic3A7ICZuYnNw
OyAmcXVvdDt0b2tlbl90eXBlJnF1b3Q7OiZxdW90O3Rsc19jbGllbnRfY2VydCZxdW90Oyw8YnI+
Jm5ic3A7ICZuYnNwOyAmcXVvdDthY2Nlc3NfdG9rZW4mcXVvdDs6JnF1b3Q7TUlJR2NEQ0NCZG1n
QXdJQkFnSUtF4oCmJnF1b3Q7LDxicj4mbmJzcDsgJm5ic3A7ICZxdW90O3ByaXZhdGVfa2V5JnF1
b3Q7Ons8YnI+Jm5ic3A7ICZuYnNwOyAmbmJzcDsgJnF1b3Q7YWxnJnF1b3Q7OiZxdW90O1JTQSZx
dW90OywgJnF1b3Q7bW9kJnF1b3Q7OiZxdW90O092eDfigKYmcXVvdDssICZxdW90O3AmcXVvdDs6
JnF1b3Q7N2RF4oCmJnF1b3Q7LCAmcXVvdDtxJnF1b3Q7OiZxdW90O2ZKM+KApiZxdW90Oywg4oCm
PGJyPiZuYnNwOyAmbmJzcDsgfSw8YnI+Jm5ic3A7ICZuYnNwOyAmcXVvdDtleHBpcmVzX2luJnF1
b3Q7OjM2MDAsPGJyPiZuYnNwOyAmbmJzcDsgJnF1b3Q7cmVmcmVzaF90b2tlbiZxdW90OzomcXVv
dDt0R3p2M0pPa0YwWEc1UXgyVGxLV0lBJnF1b3Q7PGJyPiZuYnNwOyB9PGJyPjxicj48YnI+VGhl
IHN1Z2dlc3Rpb24gYWJvdmUgcGFzc2VzIHRoZSAmcXVvdDthY2Nlc3NfdG9rZW4mcXVvdDsgdG8g
dGhlIHByb3RlY3RlZCByZXNvdXJjZSBpbiB0aGUgVExTIHByb3RvY29sIGluIHRoZSBmb3JtIG9m
IGEgY2VydGlmaWNhdGUuPGJyPmRyYWZ0LXRzY2hvZmVuaWctb2F1dGgtaG90ayBzYXlzIHRoZSBj
bGllbnQgJnF1b3Q7cHJlc2VudHMgdGhlIGFjY2VzcyB0b2tlbiB0byB0aGUgcmVzb3VyY2Ugc2Vy
dmVyJnF1b3Q7LCBidXQgaXQgd2Fzbid0IGNsZWFyIHRvIG1lIGhvdyBpdCB3YXMgZG9uZS4gV2Vy
ZSB5b3UgZXhwZWN0aW5nIHRoZSBjbGllbnQgdG8gdXNlIHRoZSBCRUFSRVIgSFRUUCBhdXRoIHNj
aGVtZSBpbnNpZGUgdGhlIGNsaWVudC1hdXRoZW50aWNhdGVkIFRMUyBjb25uZWN0aW9uPzxicj48
YnI+LS08YnI+SmFtZXMgTWFuZ2VyPGJyPjxicj5fX19fX19fX19fX19fX19fX19fX19fX19fX19f
X19fX19fX19fX19fX19fX19fXzxicj5PQXV0aCBtYWlsaW5nIGxpc3Q8YnI+PGEgaHJlZj0ibWFp
bHRvOk9BdXRoQGlldGYub3JnIj5PQXV0aEBpZXRmLm9yZzwvYT48YnI+PGEgaHJlZj0iaHR0cHM6
Ly93d3cuaWV0Zi5vcmcvbWFpbG1hbi9saXN0aW5mby9vYXV0aCIgdGFyZ2V0PSJfYmxhbmsiPmh0
dHBzOi8vd3d3LmlldGYub3JnL21haWxtYW4vbGlzdGluZm8vb2F1dGg8L2E+PGJyPjxicj48bzpw
PjwvbzpwPjwvc3Bhbj48L3A+PC9kaXY+PC9kaXY+PC9kaXY+PC9kaXY+PC9kaXY+PC9ib2R5Pjwv
aHRtbD4=

--_000_255B9BB34FB7D647A506DC292726F6E114F7977D9CWSMSG3153Vsrv_--

From ve7jtb@ve7jtb.com  Tue Jul 10 18:04:31 2012
Return-Path: 
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 39EAE11E80F9 for ; Tue, 10 Jul 2012 18:04:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.599
X-Spam-Level: 
X-Spam-Status: No, score=-3.599 tagged_above=-999 required=5 tests=[AWL=-0.001, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id baUGJ8cwY0Y5 for ; Tue, 10 Jul 2012 18:04:29 -0700 (PDT)
Received: from mail-qa0-f51.google.com (mail-qa0-f51.google.com [209.85.216.51]) by ietfa.amsl.com (Postfix) with ESMTP id 1755E11E80A1 for ; Tue, 10 Jul 2012 18:04:16 -0700 (PDT)
Received: by qaea16 with SMTP id a16so593126qae.10 for ; Tue, 10 Jul 2012 18:04:45 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=subject:mime-version:content-type:from:in-reply-to:date:cc :message-id:references:to:x-mailer:x-gm-message-state; bh=fz9XHoc76PEVFERXMnbZN5PRp7vKVhiiaqezDb1/zg8=; b=VKNvesv7n2qqPEzfpplwgEydW4NBwbz/ksEv7BSDAH8czuu9LhfjOD3llDyH7P2GC7 M2VQ+bgt77KJVBqM4ZaAUc9qUrmxdZqJ602+oJLm8A7hY5bYklhZzWv2miDOLMFTs0Dm PIdx+4uFWi1KqVrTIT0du7/uiekPUfa0iW+GGylJ64orJRxdbLnQNoU4+GGNf3g4H4dh yetGxrHHUnZn1g5v7cbXShkta0aKAUBijCXCt/WLHiA9RPYRb+Dbz+3sCKleLVHp/JSw FgPkuI4lqSQiN4ElMfczpdENGPkDt2Dy8RxwVnISaTIRSsAVkraEfim/rHYsvTOBP+GL xBEg==
Received: by 10.224.101.3 with SMTP id a3mr12196559qao.66.1341968685594; Tue, 10 Jul 2012 18:04:45 -0700 (PDT)
Received: from [192.168.5.185] (ip-64-134-65-40.public.wayport.net. [64.134.65.40]) by mx.google.com with ESMTPS id gy9sm1213243qab.22.2012.07.10.18.04.41 (version=TLSv1/SSLv3 cipher=OTHER); Tue, 10 Jul 2012 18:04:44 -0700 (PDT)
Mime-Version: 1.0 (Apple Message framework v1278)
Content-Type: multipart/alternative; boundary="Apple-Mail=_925C0F96-EB1D-499C-B1E9-6B148529D249"
From: John Bradley 
In-Reply-To: <255B9BB34FB7D647A506DC292726F6E114F7977D9C@WSMSG3153V.srv.dir.telstra.com>
Date: Tue, 10 Jul 2012 21:04:40 -0400
Message-Id: 
References: <8FB1BC31-D183-47A0-9792-4FDF460AFAA1@gmx.net> <255B9BB34FB7D647A506DC292726F6E114F7977420@WSMSG3153V.srv.dir.telstra.com> <1341939214.6093.YahooMailNeo@web31811.mail.mud.yahoo.com> <255B9BB34FB7D647A506DC292726F6E114F7977D9C@WSMSG3153V.srv.dir.telstra.com>
To: "Manger, James H" 
X-Mailer: Apple Mail (2.1278)
X-Gm-Message-State: ALoCoQmJJWUbK7bwZ2/4LSLLvQQqMDKdgqXmd4SHOGRoKwiHaecTfW5zZWCaRx3QA2SKJajUGxpa
Cc: OAuth WG 
Subject: Re: [OAUTH-WG] Holder-of-the-Key for OAuth
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG 
List-Unsubscribe: , 
List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: , 
X-List-Received-Date: Wed, 11 Jul 2012 01:04:31 -0000

--Apple-Mail=_925C0F96-EB1D-499C-B1E9-6B148529D249
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
	charset=windows-1252

inline

On 2012-07-10, at 8:44 PM, Manger, James H wrote:

> William Mills wrote:
> > The server would need to issue a key pair and not just the private =
key.  Are you saying the private key is for the certificate, and that =
certificate is part of the access_token?
> =20
> Yes. The AS issues temporary credentials for the client app to use. In =
this case the credentials are a public/private key pair and associated =
certificate to be used in TLS. The cert (which includes the public key =
and any info the AS wants) is returned in the =93access_token=94 field. =
The private key is returned in a separate field.
> =20
> =20
> John Bradley wrote:
> > I suspect that we will need two OAuth bindings. One for TLS and one =
for signed message.
> =20
> I agree. For instance, set =93token_type=94:=94tls_client_cert=94 when =
the client has to use TLS; set =93token_type=94:=94cms=94 when the =
client has to digitally sign messages using Crypto Message Syntax (CMS); =
=85.
> =20
Perhaps JWT/JOSE rather than CMS:)

Though there will need to be discussions about what part of the message =
needs to be signed.

> =20
> > We should be supporting both the client providing the key pair and a =
server generated pair.
> =20
> Ok. Do you expect a client app to use a separate key pair for each =
authorization? Or do you expect a client app to have one key pair for =
all actions (on behalf of all users) and use the access_token to =
distinguish the authorization in each request? Or something in between?
> =20
Using a separate key pair per authorization is not required for =
asymmetric keys.
The idea is that the presenter of the token needs to prove that they =
know the proof key.

The only reason to change the key would be privacy, to prevent =
correlation.

If we look at how openID Connect used id_tokens a ephemeral key =
generated by the user agent on a per client basis may be useful.

The Client and the token issuer should sort out the proof mechanism and =
key rotation.

The protected resource should only care about the proof based on the =
token it receives. =20

I think part of this is a JWT/JOSE issue and part of this ia a OAuth =
binding or bindings issue.

John B.

> --
> James Manger
> =20
> From: "Manger, James H" 
> To: Hannes Tschofenig ; OAuth WG =
=20
> Sent: Monday, July 9, 2012 8:54 PM
> Subject: Re: [OAUTH-WG] Holder-of-the-Key for OAuth
>=20
> Hannes,
>=20
> > today I submitted a short document that illustrates the concept of
> > holder-of-the-key for OAuth.
> > Here is the document:
> > https://datatracker.ietf.org/doc/draft-tschofenig-oauth-hotk=20
>=20
>=20
> A different approach would be for the service to issue a private =
asymmetric key to the client app, along with a certificate, in the =
access token response. This is a slightly better match to the OAuth2 =
model of the authorization service issuing temporary credentials for =
accessing resources on a user=92s behalf.
>=20
> When the token_type is "tls_client_cert" (probably a better label than =
"hotk"), the client can access protected resources using TLS with client =
authentication; using the key from the "private_key" field. The =
"access_token" field holds a base64url-encoded certificate to include in =
the TLS handshake.
>=20
> An example access token response could be:
>=20
>   HTTP/1.1 200 OK
>   Content-Type: application/json;charset=3DUTF-8
>   Cache-Control: no-store
>   Pragma: no-cache
>=20
>   {
>     "token_type":"tls_client_cert",
>     "access_token":"MIIGcDCCBdmgAwIBAgIKE=85",
>     "private_key":{
>       "alg":"RSA", "mod":"Ovx7=85", "p":"7dE=85", "q":"fJ3=85", =85
>     },
>     "expires_in":3600,
>     "refresh_token":"tGzv3JOkF0XG5Qx2TlKWIA"
>   }
>=20
>=20
> The suggestion above passes the "access_token" to the protected =
resource in the TLS protocol in the form of a certificate.
> draft-tschofenig-oauth-hotk says the client "presents the access token =
to the resource server", but it wasn't clear to me how it was done. Were =
you expecting the client to use the BEARER HTTP auth scheme inside the =
client-authenticated TLS connection?
>=20
> --
> James Manger
>=20
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth
>=20
>=20
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth


--Apple-Mail=_925C0F96-EB1D-499C-B1E9-6B148529D249
Content-Transfer-Encoding: quoted-printable
Content-Type: text/html;
	charset=windows-1252

inline

On 2012-07-10, at 8:44 PM, =
Manger, James H wrote:

> The server would need to =
issue a key pair and not just the private key.  Are you saying the =
private key is for the certificate, and that certificate is part of the =
access_token?
Yes. =
The AS issues temporary credentials for the client app to use. In this =
case the credentials are a public/private key pair and associated =
certificate to be used in TLS. The cert (which includes the public key =
and any info the AS wants) is returned in the =93access_token=94 field. =
The private key is returned in a separate =
field.
John =
Bradley wrote:
> I suspect that we will need two =
OAuth bindings. One for TLS and one for signed =
message.
 
I agree. For instance, set =
=93token_type=94:=94tls_client_cert=94 when the client has to use TLS; =
set =93token_type=94:=94cms=94 when the client has to digitally sign =
messages using Crypto Message Syntax (CMS); =
=85.
> We should be =
supporting both the client providing the key pair and a server generated =
pair.
Ok. =
Do you expect a client app to use a separate key pair for each =
authorization? Or do you expect a client app to have one key pair for =
all actions (on behalf of all users) and use the access_token to =
distinguish the authorization in each request? Or something in =
between?
James =
Manger
 
 "Manger, James H" <James.H.Manger@team.telstr=
a.com>
To: Hannes Tschofenig <hannes.tschofenig@gmx.net>=
;; OAuth WG <oauth@ietf.org> 
Sent: Monday, July 9, 2012 8:54 =
PM
Subject: Re: [OAUTH-WG] =
Holder-of-the-Key for OAuth
Hannes,

> today =
I submitted a short document that illustrates the concept of
> =
holder-of-the-key for OAuth.
> Here is the document:
>  


A different =
approach would be for the service to issue a private asymmetric key to =
the client app, along with a certificate, in the access token response. =
This is a slightly better match to the OAuth2 model of the authorization =
service issuing temporary credentials for accessing resources on a =
user=92s behalf.

When the token_type is "tls_client_cert" =
(probably a better label than "hotk"), the client can access protected =
resources using TLS with client authentication; using the key from the =
"private_key" field. The "access_token" field holds a base64url-encoded =
certificate to include in the TLS handshake.

An example access =
token response could be:

  HTTP/1.1 200 OK
  =
Content-Type: application/json;charset=3DUTF-8
  Cache-Control: =
no-store
  Pragma: no-cache

  {
    =
"token_type":"tls_client_cert",
    =
"access_token":"MIIGcDCCBdmgAwIBAgIKE=85",
    =
"private_key":{
      "alg":"RSA", "mod":"Ovx7=85", =
"p":"7dE=85", "q":"fJ3=85", =85
    },
    =
"expires_in":3600,
    =
"refresh_token":"tGzv3JOkF0XG5Qx2TlKWIA"
  }


The =
suggestion above passes the "access_token" to the protected resource in =
the TLS protocol in the form of a =
certificate.
draft-tschofenig-oauth-hotk says the client "presents =
the access token to the resource server", but it wasn't clear to me how =
it was done. Were you expecting the client to use the BEARER HTTP auth =
scheme inside the client-authenticated TLS =
connection?

--
James =
Manger

_______________________________________________
OAuth =
mailing list
OAuth@ietf.org
OAuth@ietf.org
https://www.ietf.org/=
mailman/listinfo/oauth

=

--Apple-Mail=_925C0F96-EB1D-499C-B1E9-6B148529D249--

From hannes.tschofenig@gmx.net  Tue Jul 10 23:24:15 2012
Return-Path: 
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6C75711E8098 for ; Tue, 10 Jul 2012 23:24:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.334
X-Spam-Level: 
X-Spam-Status: No, score=-102.334 tagged_above=-999 required=5 tests=[AWL=0.265, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AQf11JJwNHBP for ; Tue, 10 Jul 2012 23:24:14 -0700 (PDT)
Received: from mailout-de.gmx.net (mailout-de.gmx.net [213.165.64.22]) by ietfa.amsl.com (Postfix) with SMTP id 1CD5311E80E8 for ; Tue, 10 Jul 2012 23:24:13 -0700 (PDT)
Received: (qmail invoked by alias); 11 Jul 2012 06:24:42 -0000
Received: from unknown (EHLO [10.255.128.232]) [194.251.119.201] by mail.gmx.net (mp038) with SMTP; 11 Jul 2012 08:24:42 +0200
X-Authenticated: #29516787
X-Provags-ID: V01U2FsdGVkX18pxlB9kekp1lS9WFeA1T1DJGQ0SDCsunwvnQLIte qSwSn5o35FXPXp
Mime-Version: 1.0 (Apple Message framework v1084)
Content-Type: text/plain; charset=us-ascii
From: Hannes Tschofenig 
In-Reply-To: <1341951979.14398.YahooMailNeo@web31803.mail.mud.yahoo.com>
Date: Wed, 11 Jul 2012 09:23:18 +0300
Content-Transfer-Encoding: quoted-printable
Message-Id: <8DD974A3-44A8-4E3F-AF43-E6511A6100B0@gmx.net>
References: <8FB1BC31-D183-47A0-9792-4FDF460AFAA1@gmx.net><22194120-0613-48A7-9825-FD3BAD76062A@gmx.net><6D7E3A30-873A-41DD-8ADA-A3334E023576@gmx.net><397384FE-394C-4C4B-8962-56E4F86579C1@ve7jtb.com> <4FFC6983.8030704@oracle.com> <999913AB42CC9341B05A99BBF358718D01A4937B@FIESEXC035.nsn-intra.net> <4FFC7BC4.5030902@oracle.com> <1341951979.14398.YahooMailNeo@web31803.mail.mud.yahoo.com>
To: William Mills 
X-Mailer: Apple Mail (2.1084)
X-Y-GMX-Trusted: 0
Cc: "oauth@ietf.org" 
Subject: Re: [OAUTH-WG] Holder-of-the-Key for OAuth
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG 
List-Unsubscribe: , 
List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: , 
X-List-Received-Date: Wed, 11 Jul 2012 06:24:15 -0000

I also fail to see the value of a symmetric holder-of-the-key solution =
and I don't buy the performance argument either (particularly since we =
are using a short key length here.

I hope that this is not the "let us replicate all the work we had done =
in some other crazy enterprise identity management solution so far." =
approach.=20


On Jul 10, 2012, at 11:26 PM, William Mills wrote:

> OK, but why do you need holder-of-key then?  I think holder-of-key =
gets significantly weird in the symmetric key case.   In the PKI case =
the token has (public_key, token, signature(public_key, token, =
serversecret)).  How will the server assert something in the credential =
that's useful in place of a plublic key (or certificate)?  I think the =
best case there is that the server is asserting a client name which the =
protected resource uses to look up the symmetric key to use for the =
signature check, but that could just be included in token anyway without =
holder-of-key.
>=20
> I really don't see how this works with symmetric keys in any useful =
way that's not easier via another method like MAC tokens?
>=20
>=20
> From: prateek mishra 
> To: "Tschofenig, Hannes (NSN - FI/Espoo)" =20=

> Cc: oauth@ietf.org=20
> Sent: Tuesday, July 10, 2012 12:00 PM
> Subject: Re: [OAUTH-WG] Holder-of-the-Key for OAuth
>=20
> Hannes,
>=20
> we have a variety of use-cases wherein a single server ("client") =
repeatedly interacts with a resource server for business purposes. These =
interactions may be on-behalf-of
> a single user or even multiple users. In such a use-case, use of =
assymetric signature imposes an unacceptable performance penalty and =
there is a lot of interest in being able
> to use symmetric signature instead.
>=20
> - prateek
>> Hi Prateek,
>> =20
>> why do you care about the symmetric key case?
>> Specifying more variants requires more code and decreases =
interoperability.
>> =20
>> Ciao
>> Hannes
>> =20
>> =20
>> From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On =
Behalf Of ext prateek mishra
>> Sent: Tuesday, July 10, 2012 8:42 PM
>> To: oauth@ietf.org
>> Subject: Re: [OAUTH-WG] Holder-of-the-Key for OAuth
>> =20
>> As Phil Hunt suggests, there is a need for a discussion of the =
use-cases involved
>>=20
>> How to bind the key to the requestor may have several variations, I =
would hope the work would cover a broad range
>>=20
>> Given the importance of the symmetric key case, I would also be =
interested in key establishment methods as well
>>=20
>>=20
>>=20
>> When I say arguably,  I expect you to argue. =20
>>  =20
>> John B.=20
>>  =20
>> Sent from my iPhone
>>  =20
>> On 2012-07-10, at 1:01 PM, Anthony Nadalin  =
wrote:
>>  =20
>> Binding the key to the channel is arguably the most secure
>>  =20
>> Not really, there are hardware options that give good security =
properties
>>  =20
>> -----Original Message-----
>> From: John Bradley [mailto:ve7jtb@ve7jtb.com]=20
>> Sent: Tuesday, July 10, 2012 9:55 AM
>> To: Hannes Tschofenig
>> Cc: Anthony Nadalin; Hannes Tschofenig; OAuth WG
>> Subject: Re: [OAUTH-WG] Holder-of-the-Key for OAuth
>>  =20
>> Binding the key to the channel is arguably the most secure.=20
>>  =20
>> SSL offloading and other factors may prevent that from working in all =
cases.=20
>>  =20
>> I suspect that we will need two OAuth bindings. One for TLS and one =
for signed message.=20
>>  =20
>> John B. =20
>>  =20
>> Sent from my iPhone
>>  =20
>> On 2012-07-10, at 12:11 PM, Hannes Tschofenig =
 wrote:
>>  =20
>> If we do not bind the key to the channel than we will run into all =
sorts of problems. The current MAC specification illustrates that quite =
nicely. On top of that you can re-use the established security channel =
for the actual data exchange.=20
>>  =20
>> On Jul 10, 2012, at 5:29 PM, Anthony Nadalin wrote:
>>  =20
>> One question is if we want to do a generic proof of possession for =
JWT that is useful outside OAuth,  or something OAuth specific.    The =
answer may be a combined approach.
>>  =20
>> Depends if we want OAuth to support the concept of a request/response =
for a proof token and keep the actual binding for a separate =
specification, in most of our cases the keying material is opaque (and =
just a blob), where we care about the key material  is in the key =
agreement (entropy) cases.
>>  =20
>> -----Original Message-----
>> From: John Bradley [mailto:ve7jtb@ve7jtb.com]=20
>> Sent: Tuesday, July 10, 2012 3:34 AM
>> To: Hannes Tschofenig
>> Cc: Anthony Nadalin; OAuth WG
>> Subject: Re: [OAUTH-WG] Holder-of-the-Key for OAuth
>>  =20
>> I agree that there are use-cases for all of the proof of possession =
mechanisms.
>>  =20
>> Presentment methods also need to be considered.  =20
>>  =20
>> TLS client auth may not always be the best option.  Sometimes message =
signing is more appropriate.
>>  =20
>> One question is if we want to do a generic proof of possession for =
JWT that is useful outside OAuth,  or something OAuth specific.    The =
answer may be a combined approach.
>>  =20
>> I think this is a good start to get discussion going.
>>  =20
>> John B.
>> On 2012-07-09, at 3:05 PM, Hannes Tschofenig wrote:
>>  =20
>> Hi Tony,=20
>>  =20
>> I had to start somewhere. I had chosen the asymmetric version since =
it provides good security properties and there is already the =
BrowserID/OBC work that I had in the back of my mind. I am particularly =
interested to illustrate that you can accomplish the same, if not =
better, characteristics than BrowserID by using OAuth instead of =
starting from scratch.=20
>>  =20
>> Regarding the symmetric keys: The asymmetric key can be re-used but =
with a symmetric key holder-of-the-key you would have to request a fresh =
one every time in order to accomplish comparable security benefits.=20
>>  =20
>> Ciao
>> Hannes
>>  =20
>> On Jul 9, 2012, at 9:57 PM, Anthony Nadalin wrote:
>>  =20
>> Hannes, thanks for drafting this, couple of comments:
>>  =20
>> 1. HOK is one of Proof of Possession methods, should we consider =
others?
>> 2. This seems just to handle asymmetric keys, need to also handle =
symmetric keys
>>  =20
>>  =20
>> -----Original Message-----
>> From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On =
Behalf Of Hannes Tschofenig
>> Sent: Monday, July 09, 2012 11:15 AM
>> To: OAuth WG
>> Subject: [OAUTH-WG] Holder-of-the-Key for OAuth
>>  =20
>> Hi guys,=20
>>  =20
>> today I submitted a short document that illustrates the concept of =
holder-of-the-key for OAuth.=20
>> Here is the document:=20
>> https://datatracker.ietf.org/doc/draft-tschofenig-oauth-hotk
>>  =20
>> Your feedback is welcome=20
>>  =20
>> Ciao
>> Hannes
>>  =20
>> _______________________________________________
>> OAuth mailing list
>> OAuth@ietf.org
>> https://www.ietf.org/mailman/listinfo/oauth
>>  =20
>>  =20
>>  =20
>>  =20
>>  =20
>>  =20
>> _______________________________________________
>> OAuth mailing list
>> OAuth@ietf.org
>> https://www.ietf.org/mailman/listinfo/oauth
>>  =20
>>  =20
>>  =20
>>  =20
>>  =20
>>  =20
>>  =20
>>  =20
>>  =20
>>=20
>>=20
>>=20
>> _______________________________________________
>> OAuth mailing list
>> OAuth@ietf.org
>> https://www.ietf.org/mailman/listinfo/oauth
>> =20
>=20
>=20
>=20
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth
>=20
>=20
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth


From James.H.Manger@team.telstra.com  Wed Jul 11 00:37:13 2012
Return-Path: 
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0D5B521F8621 for ; Wed, 11 Jul 2012 00:37:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.959
X-Spam-Level: 
X-Spam-Status: No, score=-0.959 tagged_above=-999 required=5 tests=[AWL=-0.058, BAYES_00=-2.599, HELO_EQ_AU=0.377, HOST_EQ_AU=0.327, RELAY_IS_203=0.994]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id t7EtKjqspA6E for ; Wed, 11 Jul 2012 00:37:12 -0700 (PDT)
Received: from ipxano.tcif.telstra.com.au (ipxano.tcif.telstra.com.au [203.35.82.200]) by ietfa.amsl.com (Postfix) with ESMTP id B779821F8620 for ; Wed, 11 Jul 2012 00:37:11 -0700 (PDT)
X-IronPort-AV: E=Sophos;i="4.77,566,1336312800"; d="scan'208";a="86771348"
Received: from unknown (HELO ipcbni.tcif.telstra.com.au) ([10.97.216.204]) by ipoani.tcif.telstra.com.au with ESMTP; 11 Jul 2012 17:37:40 +1000
X-IronPort-AV: E=McAfee;i="5400,1158,6768"; a="76234287"
Received: from wsmsg3752.srv.dir.telstra.com ([172.49.40.173]) by ipcbni.tcif.telstra.com.au with ESMTP; 11 Jul 2012 17:37:39 +1000
Received: from WSMSG3153V.srv.dir.telstra.com ([172.49.40.159]) by WSMSG3752.srv.dir.telstra.com ([172.49.40.173]) with mapi; Wed, 11 Jul 2012 17:37:39 +1000
From: "Manger, James H" 
To: John Bradley 
Date: Wed, 11 Jul 2012 17:37:38 +1000
Thread-Topic: [OAUTH-WG] Holder-of-the-Key for OAuth
Thread-Index: Ac1fASt8SN/qqllmRiGJfhDr0JBzTgAL7cbg
Message-ID: <255B9BB34FB7D647A506DC292726F6E114F7A12C10@WSMSG3153V.srv.dir.telstra.com>
References: <8FB1BC31-D183-47A0-9792-4FDF460AFAA1@gmx.net> <255B9BB34FB7D647A506DC292726F6E114F7977420@WSMSG3153V.srv.dir.telstra.com> <1341939214.6093.YahooMailNeo@web31811.mail.mud.yahoo.com> <255B9BB34FB7D647A506DC292726F6E114F7977D9C@WSMSG3153V.srv.dir.telstra.com> 
In-Reply-To: 
Accept-Language: en-US, en-AU
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
acceptlanguage: en-US, en-AU
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Cc: OAuth WG 
Subject: Re: [OAUTH-WG] Holder-of-the-Key for OAuth
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG 
List-Unsubscribe: , 
List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: , 
X-List-Received-Date: Wed, 11 Jul 2012 07:37:13 -0000

Pj5Kb2huIEJyYWRsZXkgd3JvdGU6DQo+Pj4gSSBzdXNwZWN0IHRoYXQgd2Ugd2lsbCBuZWVkIHR3
byBPQXV0aCBiaW5kaW5ncy4gT25lIGZvciBUTFMgYW5kIG9uZSBmb3Igc2lnbmVkIG1lc3NhZ2Uu
DQo+PsKgDQo+PkkgYWdyZWUuIEZvciBpbnN0YW5jZSwgc2V0IOKAnHRva2VuX3R5cGXigJ064oCd
dGxzX2NsaWVudF9jZXJ04oCdIHdoZW4gdGhlIGNsaWVudCBoYXMgdG8gdXNlIFRMUzsgc2V0IOKA
nHRva2VuX3R5cGXigJ064oCdY21z4oCdIHdoZW4gdGhlIGNsaWVudCBoYXMgdG8gZGlnaXRhbGx5
IHNpZ24gbWVzc2FnZXMgdXNpbmcgQ3J5cHRvIE1lc3NhZ2UgU3ludGF4IChDTVMpOyDigKYuDQrC
oA0KPiBQZXJoYXBzIEpXVC9KT1NFIHJhdGhlciB0aGFuIENNUzopDQo+DQo+IFRob3VnaCB0aGVy
ZSB3aWxsIG5lZWQgdG8gYmUgZGlzY3Vzc2lvbnMgYWJvdXQgd2hhdCBwYXJ0IG9mIHRoZSBtZXNz
YWdlIG5lZWRzIHRvIGJlIHNpZ25lZC4NCg0KSSB3YXMgYWJvdXQgdG8gbGlzdCBKT1NFIGFzIHRo
ZSBleGFtcGxlLCBidXQgYmF1bGtlZCBwcmVjaXNlbHkgYmVjYXVzZSBvZiB0aGlzIGlzc3VlLiBJ
dCB3YXNuJ3Qgb2J2aW91cyBob3cgYSByZXF1ZXN0IHRvIGEgcHJvdGVjdGVkIHJlc291cmNlIHdv
dWxkIGJlIHdyYXBwZWQgaW4gYSBKT1NFIG1lc3NhZ2UuIEF0IGxlYXN0IHdpdGggQ01TIChvciBX
Uy0qLCBvciBYTUwgRFNpZywgb3IgU09BUOKApikgeW91IGNhbiBndWVzcyB0aGF0IHRoZSByZXF1
ZXN0IGlzIGEgUE9TVCBvZiBhIHNpZ25lZCBibG9iLg0KDQotLQ0KSmFtZXMgTWFuZ2VyDQo=

From hannes.tschofenig@gmx.net  Wed Jul 11 03:13:25 2012
Return-Path: 
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8183421F85F9 for ; Wed, 11 Jul 2012 03:13:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.368
X-Spam-Level: 
X-Spam-Status: No, score=-102.368 tagged_above=-999 required=5 tests=[AWL=0.231, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kvrram8S7-pw for ; Wed, 11 Jul 2012 03:13:24 -0700 (PDT)
Received: from mailout-de.gmx.net (mailout-de.gmx.net [213.165.64.23]) by ietfa.amsl.com (Postfix) with SMTP id 1874C21F8504 for ; Wed, 11 Jul 2012 03:13:22 -0700 (PDT)
Received: (qmail invoked by alias); 11 Jul 2012 10:13:52 -0000
Received: from unknown (EHLO [10.255.128.232]) [194.251.119.201] by mail.gmx.net (mp001) with SMTP; 11 Jul 2012 12:13:52 +0200
X-Authenticated: #29516787
X-Provags-ID: V01U2FsdGVkX1+fD+cQP4ufN6ilvBXNW2l3ymzH1x/Am4ywgwzLWe uOycXy5nC/Pifi
Mime-Version: 1.0 (Apple Message framework v1084)
Content-Type: text/plain; charset=us-ascii
From: Hannes Tschofenig 
In-Reply-To: 
Date: Wed, 11 Jul 2012 13:13:49 +0300
Content-Transfer-Encoding: quoted-printable
Message-Id: <14F8323B-DE1A-4B0E-8114-BD5B359D5D91@gmx.net>
References: <8FB1BC31-D183-47A0-9792-4FDF460AFAA1@gmx.net>  <22194120-0613-48A7-9825-FD3BAD76062A@gmx.net> 
To: Anthony Nadalin 
X-Mailer: Apple Mail (2.1084)
X-Y-GMX-Trusted: 0
Cc: OAuth WG 
Subject: Re: [OAUTH-WG] Holder-of-the-Key for OAuth
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG 
List-Unsubscribe: , 
List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: , 
X-List-Received-Date: Wed, 11 Jul 2012 10:13:25 -0000

Hi Tony,=20

On Jul 10, 2012, at 12:17 AM, Anthony Nadalin wrote:

>> Regarding the symmetric keys: The asymmetric key can be re-used but =
with a symmetric key holder-of-the-key you would have to request a fresh =
one every time in order to accomplish comparable security benefits.
>=20
> We have use cases for asymmetric, symmetric and for nonce (entropy),

I tried to describe the difference between the various approaches in =
this document:=20
=
http://www.potaroo.net/ietf/all-ids/draft-tschofenig-oauth-signature-thoug=
hts-00.txt

There is a small performance improvement when using symmetric key =
techniques compared to short-lived asymmetric keys but asymmetric keys =
provide security benefits (since the resource server nor the =
authorization server ever get to see the private key).=20

Do you really need both?=20

And: Could you explain the nonce-based technique?=20


> and thus would have to distinguish between these types requested and =
returned.

Certainly true.=20

I currently use the pk-info parameter to allow the client to hint =
support for this extension in the request, and the "token_type":"hotk" =
in the response as a confirmation that the server-side understands it =
and had included the public key into the access token.=20

Ciao
Hannes

>=20
> -----Original Message-----
> From: Hannes Tschofenig [mailto:hannes.tschofenig@gmx.net]=20
> Sent: Monday, July 09, 2012 12:05 PM
> To: Anthony Nadalin
> Cc: Hannes Tschofenig; OAuth WG
> Subject: Re: [OAUTH-WG] Holder-of-the-Key for OAuth
>=20
> Hi Tony,=20
>=20
> I had to start somewhere. I had chosen the asymmetric version since it =
provides good security properties and there is already the BrowserID/OBC =
work that I had in the back of my mind. I am particularly interested to =
illustrate that you can accomplish the same, if not better, =
characteristics than BrowserID by using OAuth instead of starting from =
scratch.=20
>=20
> Regarding the symmetric keys: The asymmetric key can be re-used but =
with a symmetric key holder-of-the-key you would have to request a fresh =
one every time in order to accomplish comparable security benefits.=20
>=20
> Ciao
> Hannes
>=20
> On Jul 9, 2012, at 9:57 PM, Anthony Nadalin wrote:
>=20
>> Hannes, thanks for drafting this, couple of comments:
>>=20
>> 1. HOK is one of Proof of Possession methods, should we consider =
others?
>> 2. This seems just to handle asymmetric keys, need to also handle =
symmetric keys
>>=20
>>=20
>> -----Original Message-----
>> From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On =
Behalf Of Hannes Tschofenig
>> Sent: Monday, July 09, 2012 11:15 AM
>> To: OAuth WG
>> Subject: [OAUTH-WG] Holder-of-the-Key for OAuth
>>=20
>> Hi guys,=20
>>=20
>> today I submitted a short document that illustrates the concept of =
holder-of-the-key for OAuth.=20
>> Here is the document:=20
>> https://datatracker.ietf.org/doc/draft-tschofenig-oauth-hotk
>>=20
>> Your feedback is welcome=20
>>=20
>> Ciao
>> Hannes
>>=20
>> _______________________________________________
>> OAuth mailing list
>> OAuth@ietf.org
>> https://www.ietf.org/mailman/listinfo/oauth
>>=20
>>=20
>>=20
>>=20
>>=20
>=20
>=20
>=20
>=20
>=20
>=20


From ve7jtb@ve7jtb.com  Wed Jul 11 03:37:34 2012
Return-Path: 
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B048F21F8656 for ; Wed, 11 Jul 2012 03:37:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.599
X-Spam-Level: 
X-Spam-Status: No, score=-3.599 tagged_above=-999 required=5 tests=[AWL=0.000,  BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id h6wqCPZXVLk2 for ; Wed, 11 Jul 2012 03:37:33 -0700 (PDT)
Received: from mail-qa0-f51.google.com (mail-qa0-f51.google.com [209.85.216.51]) by ietfa.amsl.com (Postfix) with ESMTP id B606021F860E for ; Wed, 11 Jul 2012 03:37:23 -0700 (PDT)
Received: by qaea16 with SMTP id a16so764134qae.10 for ; Wed, 11 Jul 2012 03:37:53 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=subject:mime-version:content-type:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to:x-mailer :x-gm-message-state; bh=mOt92uF7FEZfUYWR6wSnz2gX3s6Uwt7yBYMTq1+Dii4=; b=ASROfffy3kUejmnriiGatoLxSMLgWbQLnhanXPtccEivLuKeXP1rE5CiQoNxw2OwaQ PHtMMSataTV+H4ZUUORs1XTPbKtXeweaoim6LSzTWvF2sxoXbJ+REyoCdCtxWwUy3kSf cCUFRRvccDRQizD3WgNPuO0DG0MVTntxGtTnCBrA8i9YIzGSUp5D/adk42U7QDIUOSp3 /5nneM7C4UiwKcyB4oNNPvzZp6trRIuRdqsL25lIYLRBQiaKlYZ6ZsWCDZduTS/44DDS SKpXaQKozkbO+a/noQNX8oVdHs+5FJFSU4i7q520YDmP09g3wr5aUNvB8BECF0cIC8jI XNSg==
Received: by 10.229.111.74 with SMTP id r10mr19668788qcp.24.1342003073595; Wed, 11 Jul 2012 03:37:53 -0700 (PDT)
Received: from [192.168.5.185] (ip-64-134-65-40.public.wayport.net. [64.134.65.40]) by mx.google.com with ESMTPS id et8sm2744321qab.9.2012.07.11.03.37.52 (version=TLSv1/SSLv3 cipher=OTHER); Wed, 11 Jul 2012 03:37:52 -0700 (PDT)
Mime-Version: 1.0 (Apple Message framework v1278)
Content-Type: text/plain; charset=windows-1252
From: John Bradley 
In-Reply-To: <255B9BB34FB7D647A506DC292726F6E114F7A12C10@WSMSG3153V.srv.dir.telstra.com>
Date: Wed, 11 Jul 2012 06:37:51 -0400
Content-Transfer-Encoding: quoted-printable
Message-Id: 
References: <8FB1BC31-D183-47A0-9792-4FDF460AFAA1@gmx.net> <255B9BB34FB7D647A506DC292726F6E114F7977420@WSMSG3153V.srv.dir.telstra.com> <1341939214.6093.YahooMailNeo@web31811.mail.mud.yahoo.com> <255B9BB34FB7D647A506DC292726F6E114F7977D9C@WSMSG3153V.srv.dir.telstra.com>  <255B9BB34FB7D647A506DC292726F6E114F7A12C10@WSMSG3153V.srv.dir.telstra.com>
To: "Manger, James H" 
X-Mailer: Apple Mail (2.1278)
X-Gm-Message-State: ALoCoQm8fVNf3JLlbWfYbyGJtHKnj47CtFajE2RTZH9rnCWcfrcYdKZ4h6ReTKd17Qea5xt6DCd/
Cc: OAuth WG 
Subject: Re: [OAUTH-WG] Holder-of-the-Key for OAuth
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG 
List-Unsubscribe: , 
List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: , 
X-List-Received-Date: Wed, 11 Jul 2012 10:37:35 -0000

The POST of a signed blob would work with JOSE or CMS signing the blob.

I suspect that would be more of a application level signing than OAuth =
though.
Though worth talking about.

I suspect a OAuth level signing might look a bit like HMAC.

The access_token might be:
1 a JWT including a JWK structure for the proof key (public key or key =
reference).
2 a opaque token that is used by the Protected resource to look up the =
actual token via a STS like mechanism.  =20
3 a SAML token in JOSE is also a possibility for some people.

The above choice should be opaque to the client.

For asymmetric binding the key to TLS seems like a good idea.  There are =
however many practical key management issues that clients may have =
(especially if multiple keys are used) and it may not be end to end. =20

Another OAuth binding might be to use a token collection.  One being the =
access token and another being a JWT/JWS containing one or more hashes =
of the HTTP message or message components.

I don't want to reinvent SOAP, or WS-Security, however I also don't want =
to reject all of the use-cases out of hand.

The common uses need to be dead simple for clients.

John B.



On 2012-07-11, at 3:37 AM, Manger, James H wrote:

>>> John Bradley wrote:
>>>> I suspect that we will need two OAuth bindings. One for TLS and one =
for signed message.
>>> =20
>>> I agree. For instance, set =93token_type=94:=94tls_client_cert=94 =
when the client has to use TLS; set =93token_type=94:=94cms=94 when the =
client has to digitally sign messages using Crypto Message Syntax (CMS); =
=85.
> =20
>> Perhaps JWT/JOSE rather than CMS:)
>>=20
>> Though there will need to be discussions about what part of the =
message needs to be signed.
>=20
> I was about to list JOSE as the example, but baulked precisely because =
of this issue. It wasn't obvious how a request to a protected resource =
would be wrapped in a JOSE message. At least with CMS (or WS-*, or XML =
DSig, or SOAP=85) you can guess that the request is a POST of a signed =
blob.
>=20
> --
> James Manger


From hannes.tschofenig@gmx.net  Wed Jul 11 03:48:26 2012
Return-Path: 
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A50B721F85A0 for ; Wed, 11 Jul 2012 03:48:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.384
X-Spam-Level: 
X-Spam-Status: No, score=-102.384 tagged_above=-999 required=5 tests=[AWL=0.215, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KTeT-wsGp1qd for ; Wed, 11 Jul 2012 03:48:26 -0700 (PDT)
Received: from mailout-de.gmx.net (mailout-de.gmx.net [213.165.64.23]) by ietfa.amsl.com (Postfix) with SMTP id 6E95A21F8569 for ; Wed, 11 Jul 2012 03:48:25 -0700 (PDT)
Received: (qmail invoked by alias); 11 Jul 2012 10:48:54 -0000
Received: from unknown (EHLO [10.255.128.232]) [194.251.119.201] by mail.gmx.net (mp001) with SMTP; 11 Jul 2012 12:48:54 +0200
X-Authenticated: #29516787
X-Provags-ID: V01U2FsdGVkX18LjGM1bQELQP75WF0L4zibL8GibpmnDhmW6gS1DK SrEUn2agGtUyGo
Mime-Version: 1.0 (Apple Message framework v1084)
Content-Type: text/plain; charset=windows-1252
From: Hannes Tschofenig 
In-Reply-To: 
Date: Wed, 11 Jul 2012 13:48:49 +0300
Content-Transfer-Encoding: quoted-printable
Message-Id: <208DC624-7422-4166-B579-9328F09218D1@gmx.net>
References: <8FB1BC31-D183-47A0-9792-4FDF460AFAA1@gmx.net> <255B9BB34FB7D647A506DC292726F6E114F7977420@WSMSG3153V.srv.dir.telstra.com> <1341939214.6093.YahooMailNeo@web31811.mail.mud.yahoo.com> <255B9BB34FB7D647A506DC292726F6E114F7977D9C@WSMSG3153V.srv.dir.telstra.com>  <255B9BB34FB7D647A506DC292726F6E114F7A12C10@WSMSG3153V.srv.dir.telstra.com> 
To: John Bradley 
X-Mailer: Apple Mail (2.1084)
X-Y-GMX-Trusted: 0
Cc: OAuth WG 
Subject: Re: [OAUTH-WG] Holder-of-the-Key for OAuth
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG 
List-Unsubscribe: , 
List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: , 
X-List-Received-Date: Wed, 11 Jul 2012 10:48:26 -0000

It is certainly a plus that we can now make use of the JSON work. This =
will improve interoperability and avoid making implementation mistakes =
if developers use libraries (with the JOSE features).=20
=20
On Jul 11, 2012, at 1:37 PM, John Bradley wrote:

> The POST of a signed blob would work with JOSE or CMS signing the =
blob.
>=20
> I suspect that would be more of a application level signing than OAuth =
though.
> Though worth talking about.
>=20
> I suspect a OAuth level signing might look a bit like HMAC.
>=20
> The access_token might be:
> 1 a JWT including a JWK structure for the proof key (public key or key =
reference).
> 2 a opaque token that is used by the Protected resource to look up the =
actual token via a STS like mechanism.  =20
> 3 a SAML token in JOSE is also a possibility for some people.
>=20
> The above choice should be opaque to the client.
>=20
> For asymmetric binding the key to TLS seems like a good idea.  There =
are however many practical key management issues that clients may have =
(especially if multiple keys are used) and it may not be end to end. =20
>=20
> Another OAuth binding might be to use a token collection.  One being =
the access token and another being a JWT/JWS containing one or more =
hashes of the HTTP message or message components.
>=20
> I don't want to reinvent SOAP, or WS-Security, however I also don't =
want to reject all of the use-cases out of hand.
>=20
> The common uses need to be dead simple for clients.
>=20
> John B.
>=20
>=20
>=20
> On 2012-07-11, at 3:37 AM, Manger, James H wrote:
>=20
>>>> John Bradley wrote:
>>>>> I suspect that we will need two OAuth bindings. One for TLS and =
one for signed message.
>>>>=20
>>>> I agree. For instance, set =93token_type=94:=94tls_client_cert=94 =
when the client has to use TLS; set =93token_type=94:=94cms=94 when the =
client has to digitally sign messages using Crypto Message Syntax (CMS); =
=85.
>>=20
>>> Perhaps JWT/JOSE rather than CMS:)
>>>=20
>>> Though there will need to be discussions about what part of the =
message needs to be signed.
>>=20
>> I was about to list JOSE as the example, but baulked precisely =
because of this issue. It wasn't obvious how a request to a protected =
resource would be wrapped in a JOSE message. At least with CMS (or WS-*, =
or XML DSig, or SOAP=85) you can guess that the request is a POST of a =
signed blob.
>>=20
>> --
>> James Manger
>=20
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth


From hannes.tschofenig@gmx.net  Wed Jul 11 03:57:24 2012
Return-Path: 
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E27FC21F867E for ; Wed, 11 Jul 2012 03:57:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.409
X-Spam-Level: 
X-Spam-Status: No, score=-102.409 tagged_above=-999 required=5 tests=[AWL=0.190, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id H7D04wfmyIpA for ; Wed, 11 Jul 2012 03:57:24 -0700 (PDT)
Received: from mailout-de.gmx.net (mailout-de.gmx.net [213.165.64.22]) by ietfa.amsl.com (Postfix) with SMTP id EAFFD21F867D for ; Wed, 11 Jul 2012 03:57:23 -0700 (PDT)
Received: (qmail invoked by alias); 11 Jul 2012 10:57:53 -0000
Received: from unknown (EHLO [10.255.128.232]) [194.251.119.201] by mail.gmx.net (mp020) with SMTP; 11 Jul 2012 12:57:53 +0200
X-Authenticated: #29516787
X-Provags-ID: V01U2FsdGVkX1/H+NR9hFLHyHB9K5+I/EMaNyUjVSOC7Q8ArSLWx5 XRXzkNufHiyNmk
Content-Type: text/plain; charset=us-ascii
Mime-Version: 1.0 (Apple Message framework v1084)
From: Hannes Tschofenig 
Date: Wed, 11 Jul 2012 13:57:47 +0300
Content-Transfer-Encoding: quoted-printable
Message-Id: <0B69E351-2826-4F26-A65A-40B4551827AB@gmx.net>
References: <1CA8C4CB-1FD8-4498-9988-41B6334F58FD@gmx.net>
To: OAuth WG 
X-Mailer: Apple Mail (2.1084)
X-Y-GMX-Trusted: 0
Subject: [OAUTH-WG] Fwd: draft-ietf-tls-oob-pubkey: The Open Issue
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG 
List-Unsubscribe: , 
List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: , 
X-List-Received-Date: Wed, 11 Jul 2012 10:57:25 -0000

It would be good to get your feedback here as well as this document =
relates to the the holder-of-the-key concept (with the exchange of the =
raw public key in TLS).=20

Ciao
Hannes

Begin forwarded message:

> From: Hannes Tschofenig 
> Date: July 11, 2012 1:56:40 PM GMT+03:00
> To: tls@ietf.org
> Cc: Hannes Tschofenig 
> Subject: draft-ietf-tls-oob-pubkey: The Open Issue
>=20
> Hi all,=20
>=20
> draft-ietf-tls-oob-pubkey specifies a new TLS certificate type for =
exchanging raw public keys in Transport Layer Security (TLS) and =
Datagram Transport Layer Security (DTLS) for use with out-of-band public =
key validation.
>=20
> Here is the latest draft:=20
> http://tools.ietf.org/html/draft-ietf-tls-oob-pubkey-03
>=20
> I would be great to get your feedback on an open issue that concerns =
the semantic of the exchange. I believe there are three use cases we =
would like to support with this work. Below, I provide high level =
message exchanges to explain those:=20
>=20
> I) Server uses Raw Public Keys (client authentication happens at some =
other layer)
> (the DANE use case)
>=20
> client_hello,=20
> raw-public-key-indicator=3D"Server, when you send me your raw public =
key? I support this out-of-band key validation using DANE." ->
>=20
>                          <-  server_hello,
>                              raw-public-key=3D"OK. The certificate =
structure below contains my raw public key.",
>                              certificate, // with raw public key =
inside=20
>                              server_key_exchange,
>                              server_hello_done
>=20
> client_key_exchange,
> change_cipher_spec,
> finished                  ->
>=20
>                          <- change_cipher_spec,
>                             finished
>=20
> Application Data        <------->     Application Data
>=20
>=20
> II) Client and Server use Raw Public Keys
> (the smart object use case - CORE working group)
>=20
> client_hello,=20
> raw-public-key=3D"Server, please send me your raw public key and I =
will then send you mine. Are you OK processing my raw public key for =
client authentication?" ->
>=20
>                          <-  server_hello,
>                              raw-public-key=3D"Below you find my raw =
public key and please send me your raw public key for client=20
> 							   =
authentication",
>                              certificate, // raw public key
>                              server_key_exchange,
>                              certificate_request,
>                              server_hello_done
>=20
> certificate, // with client's raw public key
> client_key_exchange,
> certificate_verify,
> change_cipher_spec,
> finished                  ->
>=20
>                          <- change_cipher_spec,
>                             finished
>=20
> Application Data        <------->     Application Data
>=20
>=20
> II) Hybrid Scenario
> (the OAuth Holder-of-the-Key Use case)
>=20
> client_hello,=20
> raw-public-key=3D"I would like to use my raw public key for client =
authentication with OAuth. I also process X.509 for server-side =
authentication." ->
>=20
>                          <-  server_hello,
>                              raw-public-key=3D"Please send me your raw =
public key. I use X.509 for server-side authentication",
>                              certificate,  // with X.509 cert.
>                              server_key_exchange,
>                              certificate_request,
>                              server_hello_done
>=20
> certificate, // with client's raw public key
> client_key_exchange,
> certificate_verify,
> change_cipher_spec,
> finished                  ->
>=20
>                          <- change_cipher_spec,
>                             finished
>=20
> Application Data        <------->     Application Data
> --------
>=20
> QUESTION: Are these all the message exchanges we need? Are there some =
problems with the exchanges?=20
>=20
> Ciao
> Hannes
>=20


From ve7jtb@ve7jtb.com  Wed Jul 11 04:19:41 2012
Return-Path: 
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 66C6521F8627 for ; Wed, 11 Jul 2012 04:19:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.599
X-Spam-Level: 
X-Spam-Status: No, score=-3.599 tagged_above=-999 required=5 tests=[AWL=0.000,  BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sq+4sRJm7nqL for ; Wed, 11 Jul 2012 04:19:40 -0700 (PDT)
Received: from mail-qc0-f172.google.com (mail-qc0-f172.google.com [209.85.216.172]) by ietfa.amsl.com (Postfix) with ESMTP id 7164721F8622 for ; Wed, 11 Jul 2012 04:19:40 -0700 (PDT)
Received: by qcac10 with SMTP id c10so686920qca.31 for ; Wed, 11 Jul 2012 04:20:10 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=subject:mime-version:content-type:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to:x-mailer :x-gm-message-state; bh=yzHQouzhpD0kZvw/PRrueDLNIPBJn1VIzJPDpGCrfJU=; b=pLXPiwyf2nbi7Jr0KC/JZro6RPcyX/T5Bq/3yDY1MiH6+deXpUp2mb7VCIiVytCoOd oz/O4Twvjo3f2XeaTTjQqj5RYAYiU1AMXM2mPWD+ctNQT7H7W+5OPLJ26Q5k8+UjHF27 zJ0rvZgE6c7ZKSC8t5AY6UYul/aYiKOgyk2CN/ew6qXdm4uCpM6LDDKfrYUeOEDsPsKH QGmxcaLvZVk+SFZWMWnave+K6wUFd+b4KD/JONqgEeLZUoIOSNZft76BGWrlwu4TG4yL 5z81bTMBkXjETn5JJYOJF47pDndcCkpoxReIGSRg7o/Q/wQCEyWKKYHHVNowMsYhnZ0U 4RNA==
Received: by 10.229.135.141 with SMTP id n13mr25865219qct.105.1342005610339; Wed, 11 Jul 2012 04:20:10 -0700 (PDT)
Received: from [192.168.5.185] (ip-64-134-65-40.public.wayport.net. [64.134.65.40]) by mx.google.com with ESMTPS id f14sm2832929qak.20.2012.07.11.04.20.08 (version=TLSv1/SSLv3 cipher=OTHER); Wed, 11 Jul 2012 04:20:09 -0700 (PDT)
Mime-Version: 1.0 (Apple Message framework v1278)
Content-Type: text/plain; charset=windows-1252
From: John Bradley 
In-Reply-To: <208DC624-7422-4166-B579-9328F09218D1@gmx.net>
Date: Wed, 11 Jul 2012 07:20:07 -0400
Content-Transfer-Encoding: quoted-printable
Message-Id: <23C24333-2077-42AC-AACF-0B3AF16F2B9B@ve7jtb.com>
References: <8FB1BC31-D183-47A0-9792-4FDF460AFAA1@gmx.net> <255B9BB34FB7D647A506DC292726F6E114F7977420@WSMSG3153V.srv.dir.telstra.com> <1341939214.6093.YahooMailNeo@web31811.mail.mud.yahoo.com> <255B9BB34FB7D647A506DC292726F6E114F7977D9C@WSMSG3153V.srv.dir.telstra.com>  <255B9BB34FB7D647A506DC292726F6E114F7A12C10@WSMSG3153V.srv.dir.telstra.com>  <208DC624-7422-4166-B579-9328F09218D1@gmx.net>
To: Hannes Tschofenig 
X-Mailer: Apple Mail (2.1278)
X-Gm-Message-State: ALoCoQmtCOYmz5ZLbgoeqdOvYVQMI/+NW+0X98uB7rlgnle+8b5PRVbzhJ40KrVFT3Ux+CvckF12
Cc: OAuth WG 
Subject: Re: [OAUTH-WG] Holder-of-the-Key for OAuth
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG 
List-Unsubscribe: , 
List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: , 
X-List-Received-Date: Wed, 11 Jul 2012 11:19:41 -0000

JWT is a OAuth WG item so we can do a proof semantic for that that works =
with the OAuth bindings but is not necessarily specific to OAuth.   =
Connect and Browser ID may want to use it as well for JWT outside of =
OAuth.

John B.


On 2012-07-11, at 6:48 AM, Hannes Tschofenig wrote:

> It is certainly a plus that we can now make use of the JSON work. This =
will improve interoperability and avoid making implementation mistakes =
if developers use libraries (with the JOSE features).=20
>=20
> On Jul 11, 2012, at 1:37 PM, John Bradley wrote:
>=20
>> The POST of a signed blob would work with JOSE or CMS signing the =
blob.
>>=20
>> I suspect that would be more of a application level signing than =
OAuth though.
>> Though worth talking about.
>>=20
>> I suspect a OAuth level signing might look a bit like HMAC.
>>=20
>> The access_token might be:
>> 1 a JWT including a JWK structure for the proof key (public key or =
key reference).
>> 2 a opaque token that is used by the Protected resource to look up =
the actual token via a STS like mechanism.  =20
>> 3 a SAML token in JOSE is also a possibility for some people.
>>=20
>> The above choice should be opaque to the client.
>>=20
>> For asymmetric binding the key to TLS seems like a good idea.  There =
are however many practical key management issues that clients may have =
(especially if multiple keys are used) and it may not be end to end. =20
>>=20
>> Another OAuth binding might be to use a token collection.  One being =
the access token and another being a JWT/JWS containing one or more =
hashes of the HTTP message or message components.
>>=20
>> I don't want to reinvent SOAP, or WS-Security, however I also don't =
want to reject all of the use-cases out of hand.
>>=20
>> The common uses need to be dead simple for clients.
>>=20
>> John B.
>>=20
>>=20
>>=20
>> On 2012-07-11, at 3:37 AM, Manger, James H wrote:
>>=20
>>>>> John Bradley wrote:
>>>>>> I suspect that we will need two OAuth bindings. One for TLS and =
one for signed message.
>>>>>=20
>>>>> I agree. For instance, set =93token_type=94:=94tls_client_cert=94 =
when the client has to use TLS; set =93token_type=94:=94cms=94 when the =
client has to digitally sign messages using Crypto Message Syntax (CMS); =
=85.
>>>=20
>>>> Perhaps JWT/JOSE rather than CMS:)
>>>>=20
>>>> Though there will need to be discussions about what part of the =
message needs to be signed.
>>>=20
>>> I was about to list JOSE as the example, but baulked precisely =
because of this issue. It wasn't obvious how a request to a protected =
resource would be wrapped in a JOSE message. At least with CMS (or WS-*, =
or XML DSig, or SOAP=85) you can guess that the request is a POST of a =
signed blob.
>>>=20
>>> --
>>> James Manger
>>=20
>> _______________________________________________
>> OAuth mailing list
>> OAuth@ietf.org
>> https://www.ietf.org/mailman/listinfo/oauth
>=20


From ve7jtb@ve7jtb.com  Wed Jul 11 04:32:35 2012
Return-Path: 
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B663821F863D for ; Wed, 11 Jul 2012 04:32:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.599
X-Spam-Level: 
X-Spam-Status: No, score=-3.599 tagged_above=-999 required=5 tests=[AWL=0.000,  BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id X5XKux-nS3YG for ; Wed, 11 Jul 2012 04:32:35 -0700 (PDT)
Received: from mail-qc0-f172.google.com (mail-qc0-f172.google.com [209.85.216.172]) by ietfa.amsl.com (Postfix) with ESMTP id AE05F21F8631 for ; Wed, 11 Jul 2012 04:32:34 -0700 (PDT)
Received: by qcac10 with SMTP id c10so693693qca.31 for ; Wed, 11 Jul 2012 04:33:04 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=subject:mime-version:content-type:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to:x-mailer :x-gm-message-state; bh=TeRzRrn7PYvEQUFZtwg/NntvtkrLQeMneOL4mqOZZZI=; b=cJ+P7+I/GSfER5gfccmj1Iu7BgeNexWyg3BiQwzlu/Ya1BCyCR9QViy+HMi0uMCvPK zlMYuommZUyoTvqBZdHp3n+LMS3eX42sBgAw1BOUTAMGh3DiYkRNTCPvdv3u900rUEH0 YcI9lIx59g9mglK8LthpA8aTj6hfSwr8vvNeHO8IFO/gs8RzYWfoxzmGgeO/otMj5CsQ zRMumRPGQHxP1VVEYZyMBggdyxeSHOQML52xsbMaZ3FZpbyn80jFgrVENfsi0WPH+A34 qkjFwu+7jGC3N19l0XzpItgOturDpxsMBNKB/6hRau52wl50NMYT+GEidOpitbGHh9AH XzBA==
Received: by 10.229.136.147 with SMTP id r19mr8975477qct.75.1342006384681; Wed, 11 Jul 2012 04:33:04 -0700 (PDT)
Received: from [192.168.5.185] (ip-64-134-65-40.public.wayport.net. [64.134.65.40]) by mx.google.com with ESMTPS id he6sm2870581qab.13.2012.07.11.04.33.03 (version=TLSv1/SSLv3 cipher=OTHER); Wed, 11 Jul 2012 04:33:04 -0700 (PDT)
Mime-Version: 1.0 (Apple Message framework v1278)
Content-Type: text/plain; charset=windows-1252
From: John Bradley 
In-Reply-To: <208DC624-7422-4166-B579-9328F09218D1@gmx.net>
Date: Wed, 11 Jul 2012 07:33:02 -0400
Content-Transfer-Encoding: quoted-printable
Message-Id: 
References: <8FB1BC31-D183-47A0-9792-4FDF460AFAA1@gmx.net> <255B9BB34FB7D647A506DC292726F6E114F7977420@WSMSG3153V.srv.dir.telstra.com> <1341939214.6093.YahooMailNeo@web31811.mail.mud.yahoo.com> <255B9BB34FB7D647A506DC292726F6E114F7977D9C@WSMSG3153V.srv.dir.telstra.com>  <255B9BB34FB7D647A506DC292726F6E114F7A12C10@WSMSG3153V.srv.dir.telstra.com>  <208DC624-7422-4166-B579-9328F09218D1@gmx.net>
To: Hannes Tschofenig 
X-Mailer: Apple Mail (2.1278)
X-Gm-Message-State: ALoCoQn1YCSxpTwcQiRK7azRLQbHQQqWba38/rgjuFwOaqmb/aZwN239+KSWiOGP6PVc4N6CKRct
Cc: OAuth WG 
Subject: Re: [OAUTH-WG] Holder-of-the-Key for OAuth
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG 
List-Unsubscribe: , 
List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: , 
X-List-Received-Date: Wed, 11 Jul 2012 11:32:35 -0000

On the specifics of OAuth bindings.

We may profit by stepping back a bit and agreeing on what threats we are =
attempting to mitigate.

One threat that is on a number of peoples minds is the complete failure =
of PKIX.
Another is the simple fact that many clients don't validate server =
certificates and ignore warnings.

One of the issues people had with MAC was that while it protected the =
client from MTM in the connection to the protected resource it basically =
did nothing to stop the same attack between the client and token =
endpoint where the attacker gets the MAC token and secret.

Agreeing on what attacks against OAuth we are trying to prevent may help =
focus our discussions on bindings. =20

We need to be careful not to just push the problem around, from endpoint =
to endpoint.

John B.


On 2012-07-11, at 6:48 AM, Hannes Tschofenig wrote:

> It is certainly a plus that we can now make use of the JSON work. This =
will improve interoperability and avoid making implementation mistakes =
if developers use libraries (with the JOSE features).=20
>=20
> On Jul 11, 2012, at 1:37 PM, John Bradley wrote:
>=20
>> The POST of a signed blob would work with JOSE or CMS signing the =
blob.
>>=20
>> I suspect that would be more of a application level signing than =
OAuth though.
>> Though worth talking about.
>>=20
>> I suspect a OAuth level signing might look a bit like HMAC.
>>=20
>> The access_token might be:
>> 1 a JWT including a JWK structure for the proof key (public key or =
key reference).
>> 2 a opaque token that is used by the Protected resource to look up =
the actual token via a STS like mechanism.  =20
>> 3 a SAML token in JOSE is also a possibility for some people.
>>=20
>> The above choice should be opaque to the client.
>>=20
>> For asymmetric binding the key to TLS seems like a good idea.  There =
are however many practical key management issues that clients may have =
(especially if multiple keys are used) and it may not be end to end. =20
>>=20
>> Another OAuth binding might be to use a token collection.  One being =
the access token and another being a JWT/JWS containing one or more =
hashes of the HTTP message or message components.
>>=20
>> I don't want to reinvent SOAP, or WS-Security, however I also don't =
want to reject all of the use-cases out of hand.
>>=20
>> The common uses need to be dead simple for clients.
>>=20
>> John B.
>>=20
>>=20
>>=20
>> On 2012-07-11, at 3:37 AM, Manger, James H wrote:
>>=20
>>>>> John Bradley wrote:
>>>>>> I suspect that we will need two OAuth bindings. One for TLS and =
one for signed message.
>>>>>=20
>>>>> I agree. For instance, set =93token_type=94:=94tls_client_cert=94 =
when the client has to use TLS; set =93token_type=94:=94cms=94 when the =
client has to digitally sign messages using Crypto Message Syntax (CMS); =
=85.
>>>=20
>>>> Perhaps JWT/JOSE rather than CMS:)
>>>>=20
>>>> Though there will need to be discussions about what part of the =
message needs to be signed.
>>>=20
>>> I was about to list JOSE as the example, but baulked precisely =
because of this issue. It wasn't obvious how a request to a protected =
resource would be wrapped in a JOSE message. At least with CMS (or WS-*, =
or XML DSig, or SOAP=85) you can guess that the request is a POST of a =
signed blob.
>>>=20
>>> --
>>> James Manger
>>=20
>> _______________________________________________
>> OAuth mailing list
>> OAuth@ietf.org
>> https://www.ietf.org/mailman/listinfo/oauth
>=20


From prateek.mishra@oracle.com  Wed Jul 11 09:23:53 2012
Return-Path: 
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3EA0D11E80C6 for ; Wed, 11 Jul 2012 09:23:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.599
X-Spam-Level: 
X-Spam-Status: No, score=-10.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MUS9SAsjQPOs for ; Wed, 11 Jul 2012 09:23:52 -0700 (PDT)
Received: from rcsinet15.oracle.com (rcsinet15.oracle.com [148.87.113.117]) by ietfa.amsl.com (Postfix) with ESMTP id EAA9211E8088 for ; Wed, 11 Jul 2012 09:23:48 -0700 (PDT)
Received: from acsinet22.oracle.com (acsinet22.oracle.com [141.146.126.238]) by rcsinet15.oracle.com (Sentrion-MTA-4.2.2/Sentrion-MTA-4.2.2) with ESMTP id q6BGOGF8029002 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Wed, 11 Jul 2012 16:24:16 GMT
Received: from acsmt357.oracle.com (acsmt357.oracle.com [141.146.40.157]) by acsinet22.oracle.com (8.14.4+Sun/8.14.4) with ESMTP id q6BGOFSP011075 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 11 Jul 2012 16:24:16 GMT
Received: from abhmt120.oracle.com (abhmt120.oracle.com [141.146.116.72]) by acsmt357.oracle.com (8.12.11.20060308/8.12.11) with ESMTP id q6BGOFl6020325; Wed, 11 Jul 2012 11:24:15 -0500
Received: from [192.168.2.3] (/66.31.108.94) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Wed, 11 Jul 2012 09:24:15 -0700
Message-ID: <4FFDA8AE.1000000@oracle.com>
Date: Wed, 11 Jul 2012 12:24:14 -0400
From: prateek mishra 
Organization: Oracle Corporation
User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:13.0) Gecko/20120614 Thunderbird/13.0.1
MIME-Version: 1.0
To: Hannes Tschofenig 
References: <8FB1BC31-D183-47A0-9792-4FDF460AFAA1@gmx.net><22194120-0613-48A7-9825-FD3BAD76062A@gmx.net><6D7E3A30-873A-41DD-8ADA-A3334E023576@gmx.net><397384FE-394C-4C4B-8962-56E4F86579C1@ve7jtb.com> <4FFC6983.8030704@oracle.com> <999913AB42CC9341B05A99BBF358718D01A4937B@FIESEXC035.nsn-intra.net> <4FFC7BC4.5030902@oracle.com> <1341951979.14398.YahooMailNeo@web31803.mail.mud.yahoo.com> <8DD974A3-44A8-4E3F-AF43-E6511A6100B0@gmx.net>
In-Reply-To: <8DD974A3-44A8-4E3F-AF43-E6511A6100B0@gmx.net>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Source-IP: acsinet22.oracle.com [141.146.126.238]
Cc: "oauth@ietf.org" 
Subject: Re: [OAUTH-WG] Holder-of-the-Key for OAuth
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG 
List-Unsubscribe: , 
List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: , 
X-List-Received-Date: Wed, 11 Jul 2012 16:23:53 -0000

Hmmm, well actually, I am referencing something like the symmetric key 
generation (ephemeral) within TLS, I certainly dont view that as "crazy 
enterprise identity management" :-)

If a client (with a public-private key pair) and resource have a 
multi-step interaction, and this is a common use-case for us, there is a 
lot of value in being able to agree  on a symmetric key for the session

Anyway, jumping into a lot of technical detail is probably not the best 
approach at this stage

There have been suggestions for use-cases (Phil Hunt) and threat model 
(John Bradley) for HoK and I would endorse those
> I also fail to see the value of a symmetric holder-of-the-key solution and I don't buy the performance argument either (particularly since we are using a short key length here.
>
> I hope that this is not the "let us replicate all the work we had done in some other crazy enterprise identity management solution so far." approach.
>
>
> On Jul 10, 2012, at 11:26 PM, William Mills wrote:
>
>> OK, but why do you need holder-of-key then?  I think holder-of-key gets significantly weird in the symmetric key case.   In the PKI case the token has (public_key, token, signature(public_key, token, serversecret)).  How will the server assert something in the credential that's useful in place of a plublic key (or certificate)?  I think the best case there is that the server is asserting a client name which the protected resource uses to look up the symmetric key to use for the signature check, but that could just be included in token anyway without holder-of-key.
>>
>> I really don't see how this works with symmetric keys in any useful way that's not easier via another method like MAC tokens?
>>
>>
>> From: prateek mishra 
>> To: "Tschofenig, Hannes (NSN - FI/Espoo)" 
>> Cc: oauth@ietf.org
>> Sent: Tuesday, July 10, 2012 12:00 PM
>> Subject: Re: [OAUTH-WG] Holder-of-the-Key for OAuth
>>
>> Hannes,
>>
>> we have a variety of use-cases wherein a single server ("client") repeatedly interacts with a resource server for business purposes. These interactions may be on-behalf-of
>> a single user or even multiple users. In such a use-case, use of assymetric signature imposes an unacceptable performance penalty and there is a lot of interest in being able
>> to use symmetric signature instead.
>>
>> - prateek
>>> Hi Prateek,
>>>   
>>> why do you care about the symmetric key case?
>>> Specifying more variants requires more code and decreases interoperability.
>>>   
>>> Ciao
>>> Hannes
>>>   
>>>   
>>> From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On Behalf Of ext prateek mishra
>>> Sent: Tuesday, July 10, 2012 8:42 PM
>>> To: oauth@ietf.org
>>> Subject: Re: [OAUTH-WG] Holder-of-the-Key for OAuth
>>>   
>>> As Phil Hunt suggests, there is a need for a discussion of the use-cases involved
>>>
>>> How to bind the key to the requestor may have several variations, I would hope the work would cover a broad range
>>>
>>> Given the importance of the symmetric key case, I would also be interested in key establishment methods as well
>>>
>>>
>>>
>>> When I say arguably,  I expect you to argue.
>>>    
>>> John B.
>>>    
>>> Sent from my iPhone
>>>    
>>> On 2012-07-10, at 1:01 PM, Anthony Nadalin  wrote:
>>>    
>>> Binding the key to the channel is arguably the most secure
>>>    
>>> Not really, there are hardware options that give good security properties
>>>    
>>> -----Original Message-----
>>> From: John Bradley [mailto:ve7jtb@ve7jtb.com]
>>> Sent: Tuesday, July 10, 2012 9:55 AM
>>> To: Hannes Tschofenig
>>> Cc: Anthony Nadalin; Hannes Tschofenig; OAuth WG
>>> Subject: Re: [OAUTH-WG] Holder-of-the-Key for OAuth
>>>    
>>> Binding the key to the channel is arguably the most secure.
>>>    
>>> SSL offloading and other factors may prevent that from working in all cases.
>>>    
>>> I suspect that we will need two OAuth bindings. One for TLS and one for signed message.
>>>    
>>> John B.
>>>    
>>> Sent from my iPhone
>>>    
>>> On 2012-07-10, at 12:11 PM, Hannes Tschofenig  wrote:
>>>    
>>> If we do not bind the key to the channel than we will run into all sorts of problems. The current MAC specification illustrates that quite nicely. On top of that you can re-use the established security channel for the actual data exchange.
>>>    
>>> On Jul 10, 2012, at 5:29 PM, Anthony Nadalin wrote:
>>>    
>>> One question is if we want to do a generic proof of possession for JWT that is useful outside OAuth,  or something OAuth specific.    The answer may be a combined approach.
>>>    
>>> Depends if we want OAuth to support the concept of a request/response for a proof token and keep the actual binding for a separate specification, in most of our cases the keying material is opaque (and just a blob), where we care about the key material  is in the key agreement (entropy) cases.
>>>    
>>> -----Original Message-----
>>> From: John Bradley [mailto:ve7jtb@ve7jtb.com]
>>> Sent: Tuesday, July 10, 2012 3:34 AM
>>> To: Hannes Tschofenig
>>> Cc: Anthony Nadalin; OAuth WG
>>> Subject: Re: [OAUTH-WG] Holder-of-the-Key for OAuth
>>>    
>>> I agree that there are use-cases for all of the proof of possession mechanisms.
>>>    
>>> Presentment methods also need to be considered.
>>>    
>>> TLS client auth may not always be the best option.  Sometimes message signing is more appropriate.
>>>    
>>> One question is if we want to do a generic proof of possession for JWT that is useful outside OAuth,  or something OAuth specific.    The answer may be a combined approach.
>>>    
>>> I think this is a good start to get discussion going.
>>>    
>>> John B.
>>> On 2012-07-09, at 3:05 PM, Hannes Tschofenig wrote:
>>>    
>>> Hi Tony,
>>>    
>>> I had to start somewhere. I had chosen the asymmetric version since it provides good security properties and there is already the BrowserID/OBC work that I had in the back of my mind. I am particularly interested to illustrate that you can accomplish the same, if not better, characteristics than BrowserID by using OAuth instead of starting from scratch.
>>>    
>>> Regarding the symmetric keys: The asymmetric key can be re-used but with a symmetric key holder-of-the-key you would have to request a fresh one every time in order to accomplish comparable security benefits.
>>>    
>>> Ciao
>>> Hannes
>>>    
>>> On Jul 9, 2012, at 9:57 PM, Anthony Nadalin wrote:
>>>    
>>> Hannes, thanks for drafting this, couple of comments:
>>>    
>>> 1. HOK is one of Proof of Possession methods, should we consider others?
>>> 2. This seems just to handle asymmetric keys, need to also handle symmetric keys
>>>    
>>>    
>>> -----Original Message-----
>>> From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On Behalf Of Hannes Tschofenig
>>> Sent: Monday, July 09, 2012 11:15 AM
>>> To: OAuth WG
>>> Subject: [OAUTH-WG] Holder-of-the-Key for OAuth
>>>    
>>> Hi guys,
>>>    
>>> today I submitted a short document that illustrates the concept of holder-of-the-key for OAuth.
>>> Here is the document:
>>> https://datatracker.ietf.org/doc/draft-tschofenig-oauth-hotk
>>>    
>>> Your feedback is welcome
>>>    
>>> Ciao
>>> Hannes
>>>    
>>> _______________________________________________
>>> OAuth mailing list
>>> OAuth@ietf.org
>>> https://www.ietf.org/mailman/listinfo/oauth
>>>    
>>>    
>>>    
>>>    
>>>    
>>>    
>>> _______________________________________________
>>> OAuth mailing list
>>> OAuth@ietf.org
>>> https://www.ietf.org/mailman/listinfo/oauth
>>>    
>>>    
>>>    
>>>    
>>>    
>>>    
>>>    
>>>    
>>>    
>>>
>>>
>>>
>>> _______________________________________________
>>> OAuth mailing list
>>> OAuth@ietf.org
>>> https://www.ietf.org/mailman/listinfo/oauth
>>>   
>>
>>
>> _______________________________________________
>> OAuth mailing list
>> OAuth@ietf.org
>> https://www.ietf.org/mailman/listinfo/oauth
>>
>>
>> _______________________________________________
>> OAuth mailing list
>> OAuth@ietf.org
>> https://www.ietf.org/mailman/listinfo/oauth



From barryleiba.mailing.lists@gmail.com  Wed Jul 11 09:44:56 2012
Return-Path: 
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E4E5121F85F8 for ; Wed, 11 Jul 2012 09:44:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.851
X-Spam-Level: 
X-Spam-Status: No, score=-102.851 tagged_above=-999 required=5 tests=[AWL=0.126, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VRfsjuZAnJYV for ; Wed, 11 Jul 2012 09:44:56 -0700 (PDT)
Received: from mail-lb0-f172.google.com (mail-lb0-f172.google.com [209.85.217.172]) by ietfa.amsl.com (Postfix) with ESMTP id 201FA21F85F0 for ; Wed, 11 Jul 2012 09:44:55 -0700 (PDT)
Received: by lbbgo11 with SMTP id go11so2133483lbb.31 for ; Wed, 11 Jul 2012 09:45:26 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:content-type; bh=jWSG1hnu4vecHJbpYwv3nsfOfYHGbukTNBGfrN1BaVQ=; b=hquDThrtiGh2+82d8W6hlOu44NplDFU3Se7olEfc6JqvxuvkM2AKdSFUP0zVWIceNA MZQSln4OpE3HRQf+L5sQCFEmf3kPieTdynNpA1EnONZtpzi0qH0irAJ5laCVj8mqhK7B cpXXAXyFPYKWsxDy2/1U4jMWo9A7rH8OSdHtpB+28f93Kqm+UX4iPWMYrjPz00xM1XJe gjeqqyUcAgdYt2uvZK7Ugqbzs+fw9yX68kzhh4gy1AOnWpOpIso+U7TFD/wcpjSROnYf LYRaDD0EblGL/nCTkdo97fSO2mkU1f3EVxSOe4BMWPpSMGh8m/gcrIL4alJHswhmePyN iBAw==
MIME-Version: 1.0
Received: by 10.112.10.198 with SMTP id k6mr22593459lbb.83.1342025126170; Wed, 11 Jul 2012 09:45:26 -0700 (PDT)
Sender: barryleiba.mailing.lists@gmail.com
Received: by 10.112.17.133 with HTTP; Wed, 11 Jul 2012 09:45:26 -0700 (PDT)
In-Reply-To: 
References: 
Date: Wed, 11 Jul 2012 12:45:26 -0400
X-Google-Sender-Auth: 75rImXr3L6dbhni_k1Hkvuo5L0c
Message-ID: 
From: Barry Leiba 
To: oauth@ietf.org
Content-Type: text/plain; charset=ISO-8859-1
Subject: Re: [OAUTH-WG] Change in editorship of OAuth Core Spec
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG 
List-Unsubscribe: , 
List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: , 
X-List-Received-Date: Wed, 11 Jul 2012 16:44:57 -0000

> Eran Hammer has decided to step down as Editor of the OAuth Core
> specification.  I would like to personally thank Eran for all his years
> of hard work and effort to the draft as well as to the working group at
> large.

As former chair, I want to add my thanks.  Eran has done a *lot* of
work on the OAuth documents over the last years, and deserves much
appreciation for it.

Barry

From wmills_92105@yahoo.com  Wed Jul 11 09:51:33 2012
Return-Path: 
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0DDA111E8110 for ; Wed, 11 Jul 2012 09:51:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.265
X-Spam-Level: 
X-Spam-Status: No, score=-3.265 tagged_above=-999 required=5 tests=[AWL=-0.667, BAYES_00=-2.599, HTML_MESSAGE=0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VLldswLCybSL for ; Wed, 11 Jul 2012 09:51:31 -0700 (PDT)
Received: from nm23-vm0.bullet.mail.bf1.yahoo.com (nm23-vm0.bullet.mail.bf1.yahoo.com [98.139.212.191]) by ietfa.amsl.com (Postfix) with SMTP id C2FE111E810B for ; Wed, 11 Jul 2012 09:51:30 -0700 (PDT)
Received: from [98.139.212.152] by nm23.bullet.mail.bf1.yahoo.com with NNFMP; 11 Jul 2012 16:52:01 -0000
Received: from [98.139.212.232] by tm9.bullet.mail.bf1.yahoo.com with NNFMP; 11 Jul 2012 16:52:01 -0000
Received: from [127.0.0.1] by omp1041.mail.bf1.yahoo.com with NNFMP; 11 Jul 2012 16:52:01 -0000
X-Yahoo-Newman-Property: ymail-3
X-Yahoo-Newman-Id: 341838.69401.bm@omp1041.mail.bf1.yahoo.com
Received: (qmail 25633 invoked by uid 60001); 11 Jul 2012 16:52:00 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024; t=1342025520; bh=YoueFk1/mEkcPZko8V4r5cQdj1msuv+mTLKfk5JX8is=; h=X-YMail-OSG:Received:X-Mailer:References:Message-ID:Date:From:Reply-To:Subject:To:Cc:In-Reply-To:MIME-Version:Content-Type; b=n32gCPmLR8pfsYYrDE92Psok1i/bnelkJhthFGcs86aQI6jzrPLTOp4awHgiLcDbnm1UNs3oFNqWL+lagrvKvHQ6DYOXKMKe1w1Vt/tHMwpJ7sRptyxzUe93sJzg17zYhSoeNhJDcJiK7ZClXJbO2VChRStjhLLiul/Lfjyqbf4=
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=X-YMail-OSG:Received:X-Mailer:References:Message-ID:Date:From:Reply-To:Subject:To:Cc:In-Reply-To:MIME-Version:Content-Type; b=IBouzK85uIWE5VfWfRurL9Tr07dD4VFT68wj/9LaxDvzBf+BSC7/hswp4bupb89lS0ovoObLEWhi46cvMXj9CSoPgHFo5b4fnjntQkeL1gLsyMqPs9vX3LQqFEw57je077ouFgErRms9ZIm/dsWdxX4tIIqj/KgoV3Pmc2nKRuc=;
X-YMail-OSG: 8LIgMQUVM1kk1ANta6JsXboMFokw7a6aPvkhVNh6vWVr.Zb 7fOoEkvqWbj8NezlK7owSek10WJW2Jk6frLlXkrUAD8dhwQE5kit0qoEzbkm OBHtUHm91L32Mt0lOelkf8DjicBqsOfazIwd8R0OFdLLEqGgrSKb41NUJU1S 8ohuM5c_Zs9tfqz6tGkoppmfQlW.VmM52dNUAKW9mjd1y4WH5uGrsjX_HJKN 0.AHaS3DmgHmBAbzyv2NR_2nFTG4hjLJky4HIBCQFldcQKXs82qntkeKa8ny h3f4zLkMc90mUmO1ZOnxT0u12AIK61Sq_DnB6ENAx5xzqN3yEFL_OT5g_ozN kQcoYw5NGrxvAPMOtDcJdGyUgWhb93LXjwkMaqHMwgOHC31rsHk8jYOVkMlr KuxMrDnVBYsbHcD5UcUX4YQDNt_lf28hylxipCl.KpImnujOO5MbsXizsqYd uDvxCqhDaF4iPRSg7y6Y3XB37CHksj5yrA3RGMB1osvQ-
Received: from [209.131.62.115] by web31801.mail.mud.yahoo.com via HTTP; Wed, 11 Jul 2012 09:52:00 PDT
X-Mailer: YahooMailWebService/0.8.120.356233
References: <8FB1BC31-D183-47A0-9792-4FDF460AFAA1@gmx.net><22194120-0613-48A7-9825-FD3BAD76062A@gmx.net><6D7E3A30-873A-41DD-8ADA-A3334E023576@gmx.net><397384FE-394C-4C4B-8962-56E4F86579C1@ve7jtb.com> <4FFC6983.8030704@oracle.com> <999913AB42CC9341B05A99BBF358718D01A4937B@FIESEXC035.nsn-intra.net> <4FFC7BC4.5030902@oracle.com> <1341951979.14398.YahooMailNeo@web31803.mail.mud.yahoo.com> <8DD974A3-44A8-4E3F-AF43-E6511A6100B0@gmx.net>
Message-ID: <1342025520.18462.YahooMailNeo@web31801.mail.mud.yahoo.com>
Date: Wed, 11 Jul 2012 09:52:00 -0700 (PDT)
From: William Mills 
To: Hannes Tschofenig 
In-Reply-To: <8DD974A3-44A8-4E3F-AF43-E6511A6100B0@gmx.net>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="-368338466-1308052632-1342025520=:18462"
Cc: "oauth@ietf.org" 
Subject: Re: [OAUTH-WG] Holder-of-the-Key for OAuth
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: William Mills 
List-Id: OAUTH WG 
List-Unsubscribe: , 
List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: , 
X-List-Received-Date: Wed, 11 Jul 2012 16:51:33 -0000

---368338466-1308052632-1342025520=:18462
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable

Having re-read this I think I now understand how symmetric would work. =A0I=
n the HOK model as I think of it we have 3 basic parts: =A0opaque token stu=
ff, asserted client key, and server signature. =A0The asserted client key c=
ould be:=0A=0A-a public key=0A-a certificate=0A-an encrypted symmetric key=
=0A-other?=0A=0AFor symmetric key it would act as a key distribution for cl=
ients to the endpoints, so it would be doing a similar thing for symmetric =
keys that it would for PK, e.g. key distribution and trust. =A0In the end t=
he token itself can contain the asserted key, MAC tokens can support this c=
oncept now in fact. =A0The relying endpoint would extract the secret from t=
he token to check the signature. =A0For the PK case you don't have to encry=
pt the asserted key, which is a little cheaper.=0A=0A-bill=0A=0A=0A________=
________________________=0A From: Hannes Tschofenig =0ATo: William Mills  =0ACc: Hannes Tschofenig =
; prateek mishra ; "T=
schofenig, Hannes (NSN - FI/Espoo)" ; "oauth@iet=
f.org"  =0ASent: Tuesday, July 10, 2012 11:23 PM=0ASubject:=
 Re: [OAUTH-WG] Holder-of-the-Key for OAuth=0A =0AI also fail to see the va=
lue of a symmetric holder-of-the-key solution and I don't buy the performan=
ce argument either (particularly since we are using a short key length here=
.=0A=0AI hope that this is not the "let us replicate all the work we had do=
ne in some other crazy enterprise identity management solution so far." app=
roach. =0A=0A=0AOn Jul 10, 2012, at 11:26 PM, William Mills wrote:=0A=0A> O=
K, but why do you need holder-of-key then?=A0 I think holder-of-key gets si=
gnificantly weird in the symmetric key case.=A0  In the PKI case the token =
has (public_key, token, signature(public_key, token, serversecret)).=A0 How=
 will the server assert something in the credential that's useful in place =
of a plublic key (or certificate)?=A0 I think the best case there is that t=
he server is asserting a client name which the protected resource uses to l=
ook up the symmetric key to use for the signature check, but that could jus=
t be included in token anyway without holder-of-key.=0A> =0A> I really don'=
t see how this works with symmetric keys in any useful way that's not easie=
r via another method like MAC tokens?=0A> =0A> =0A> From: prateek mishra =0A> To: "Tschofenig, Hannes (NSN - FI/Espoo)"  =0A> Cc: oauth@ietf.org =0A> Sent: Tuesday, July 1=
0, 2012 12:00 PM=0A> Subject: Re: [OAUTH-WG] Holder-of-the-Key for OAuth=0A=
> =0A> Hannes,=0A> =0A> we have a variety of use-cases wherein a single ser=
ver ("client") repeatedly interacts with a resource server for business pur=
poses. These interactions may be on-behalf-of=0A> a single user or even mul=
tiple users. In such a use-case, use of assymetric signature imposes an una=
cceptable performance penalty and there is a lot of interest in being able=
=0A> to use symmetric signature instead.=0A> =0A> - prateek=0A>> Hi Prateek=
,=0A>>=A0 =0A>> why do you care about the symmetric key case?=0A>> Specifyi=
ng more variants requires more code and decreases interoperability.=0A>>=A0=
 =0A>> Ciao=0A>> Hannes=0A>>=A0 =0A>>=A0 =0A>> From: oauth-bounces@ietf.org=
 [mailto:oauth-bounces@ietf.org] On Behalf Of ext prateek mishra=0A>> Sent:=
 Tuesday, July 10, 2012 8:42 PM=0A>> To: oauth@ietf.org=0A>> Subject: Re: [=
OAUTH-WG] Holder-of-the-Key for OAuth=0A>>=A0 =0A>> As Phil Hunt suggests, =
there is a need for a discussion of the use-cases involved=0A>> =0A>> How t=
o bind the key to the requestor may have several variations, I would hope t=
he work would cover a broad range=0A>> =0A>> Given the importance of the sy=
mmetric key case, I would also be interested in key establishment methods a=
s well=0A>> =0A>> =0A>> =0A>> When I say arguably,=A0 I expect you to argue=
.=A0 =0A>>=A0 =0A>> John B. =0A>>=A0 =0A>> Sent from my iPhone=0A>>=A0 =0A>=
> On 2012-07-10, at 1:01 PM, Anthony Nadalin  wrote:=
=0A>>=A0 =0A>> Binding the key to the channel is arguably the most secure=
=0A>>=A0 =0A>> Not really, there are hardware options that give good securi=
ty properties=0A>>=A0 =0A>> -----Original Message-----=0A>> From: John Brad=
ley [mailto:ve7jtb@ve7jtb.com] =0A>> Sent: Tuesday, July 10, 2012 9:55 AM=
=0A>> To: Hannes Tschofenig=0A>> Cc: Anthony Nadalin; Hannes Tschofenig; OA=
uth WG=0A>> Subject: Re: [OAUTH-WG] Holder-of-the-Key for OAuth=0A>>=A0 =0A=
>> Binding the key to the channel is arguably the most secure. =0A>>=A0 =0A=
>> SSL offloading and other factors may prevent that from working in all ca=
ses. =0A>>=A0 =0A>> I suspect that we will need two OAuth bindings. One for=
 TLS and one for signed message. =0A>>=A0 =0A>> John B.=A0 =0A>>=A0 =0A>> S=
ent from my iPhone=0A>>=A0 =0A>> On 2012-07-10, at 12:11 PM, Hannes Tschofe=
nig  wrote:=0A>>=A0 =0A>> If we do not bind the =
key to the channel than we will run into all sorts of problems. The current=
 MAC specification illustrates that quite nicely. On top of that you can re=
-use the established security channel for the actual data exchange. =0A>>=
=A0 =0A>> On Jul 10, 2012, at 5:29 PM, Anthony Nadalin wrote:=0A>>=A0 =0A>>=
 One question is if we want to do a generic proof of possession for JWT tha=
t is useful outside OAuth,=A0 or something OAuth specific.=A0 =A0 The answe=
r may be a combined approach.=0A>>=A0 =0A>> Depends if we want OAuth to sup=
port the concept of a request/response for a proof token and keep the actua=
l binding for a separate specification, in most of our cases the keying mat=
erial is opaque (and just a blob), where we care about the key material=A0 =
is in the key agreement (entropy) cases.=0A>>=A0 =0A>> -----Original Messag=
e-----=0A>> From: John Bradley [mailto:ve7jtb@ve7jtb.com] =0A>> Sent: Tuesd=
ay, July 10, 2012 3:34 AM=0A>> To: Hannes Tschofenig=0A>> Cc: Anthony Nadal=
in; OAuth WG=0A>> Subject: Re: [OAUTH-WG] Holder-of-the-Key for OAuth=0A>>=
=A0 =0A>> I agree that there are use-cases for all of the proof of possessi=
on mechanisms.=0A>>=A0 =0A>> Presentment methods also need to be considered=
.=A0 =0A>>=A0 =0A>> TLS client auth may not always be the best option.=A0 S=
ometimes message signing is more appropriate.=0A>>=A0 =0A>> One question is=
 if we want to do a generic proof of possession for JWT that is useful outs=
ide OAuth,=A0 or something OAuth specific.=A0 =A0 The answer may be a combi=
ned approach.=0A>>=A0 =0A>> I think this is a good start to get discussion =
going.=0A>>=A0 =0A>> John B.=0A>> On 2012-07-09, at 3:05 PM, Hannes Tschofe=
nig wrote:=0A>>=A0 =0A>> Hi Tony, =0A>>=A0 =0A>> I had to start somewhere. =
I had chosen the asymmetric version since it provides good security propert=
ies and there is already the BrowserID/OBC work that I had in the back of m=
y mind. I am particularly interested to illustrate that you can accomplish =
the same, if not better, characteristics than BrowserID by using OAuth inst=
ead of starting from scratch. =0A>>=A0 =0A>> Regarding the symmetric keys: =
The asymmetric key can be re-used but with a symmetric key holder-of-the-ke=
y you would have to request a fresh one every time in order to accomplish c=
omparable security benefits. =0A>>=A0 =0A>> Ciao=0A>> Hannes=0A>>=A0 =0A>> =
On Jul 9, 2012, at 9:57 PM, Anthony Nadalin wrote:=0A>>=A0 =0A>> Hannes, th=
anks for drafting this, couple of comments:=0A>>=A0 =0A>> 1. HOK is one of =
Proof of Possession methods, should we consider others?=0A>> 2. This seems =
just to handle asymmetric keys, need to also handle symmetric keys=0A>>=A0 =
=0A>>=A0 =0A>> -----Original Message-----=0A>> From: oauth-bounces@ietf.org=
 [mailto:oauth-bounces@ietf.org] On Behalf Of Hannes Tschofenig=0A>> Sent: =
Monday, July 09, 2012 11:15 AM=0A>> To: OAuth WG=0A>> Subject: [OAUTH-WG] H=
older-of-the-Key for OAuth=0A>>=A0 =0A>> Hi guys, =0A>>=A0 =0A>> today I su=
bmitted a short document that illustrates the concept of holder-of-the-key =
for OAuth. =0A>> Here is the document: =0A>> https://datatracker.ietf.org/d=
oc/draft-tschofenig-oauth-hotk=0A>>=A0 =0A>> Your feedback is welcome =0A>>=
=A0 =0A>> Ciao=0A>> Hannes=0A>>=A0 =0A>> __________________________________=
_____________=0A>> OAuth mailing list=0A>> OAuth@ietf.org=0A>> https://www.=
ietf.org/mailman/listinfo/oauth=0A>>=A0 =0A>>=A0 =0A>>=A0 =0A>>=A0 =0A>>=A0=
 =0A>>=A0 =0A>> _______________________________________________=0A>> OAuth =
mailing list=0A>> OAuth@ietf.org=0A>> https://www.ietf.org/mailman/listinfo=
/oauth=0A>>=A0 =0A>>=A0 =0A>>=A0 =0A>>=A0 =0A>>=A0 =0A>>=A0 =0A>>=A0 =0A>>=
=A0 =0A>>=A0 =0A>> =0A>> =0A>> =0A>> ______________________________________=
_________=0A>> OAuth mailing list=0A>> OAuth@ietf.org=0A>> https://www.ietf=
.org/mailman/listinfo/oauth=0A>>=A0 =0A> =0A> =0A> =0A> ___________________=
____________________________=0A> OAuth mailing list=0A> OAuth@ietf.org=0A> =
https://www.ietf.org/mailman/listinfo/oauth=0A> =0A> =0A> _________________=
______________________________=0A> OAuth mailing list=0A> OAuth@ietf.org=0A=
> https://www.ietf.org/mailman/listinfo/oauth
---368338466-1308052632-1342025520=:18462
Content-Type: text/html; charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable


Having re-=
read this I think I now understand how symmetric would work.  In the H=
OK model as I think of it we have 3 basic parts:  opaque token stuff, =
asserted client key, and server signature.  The asserted client key co=
uld be:

-=09a public key
-=09a certificate
-<=
span class=3D"Apple-tab-span" style=3D"white-space:pre">=09an encryp=
ted symmetric key
-=09other?

For symme=
tric key it would act as a key distribution for clients to the endpoints, s=
o it would be doing a similar thing for symmetric keys that it would for PK=
, e.g. key
 distribution and trust.  In the end=
 the token itself can contain the asserted key, MAC tokens can support this=
 concept now in fact.  The relying endpoint would extract the secret f=
rom the token to check the signature.  For the PK case you don't have to encrypt the asserted key, which=
 is a little cheaper.
-bill

  
 
 
  
  From: Hannes Tschofenig <hannes.tschofenig@gmx.net>
=
 To: William Mills
 <wmills_92105@yahoo.com> 
C=
c: Hannes Tschofenig <hannes.tschofenig@gmx.net>; prateek =
mishra <prateek.mishra@oracle.com>; "Tschofenig, Hannes (NSN - FI/Esp=
oo)" <hannes.tschofenig@nsn.com>; "oauth@ietf.org" <oauth@ietf.org=
> 
 Sent: Tuesday, J=
uly 10, 2012 11:23 PM
 Subject: Re: [OAUTH-WG] Holder-of-the-Key for OAuth
  
 
=
=0AI also fail to see the value of a symmetric holder-of-the-key solution a=
nd I don't buy the performance argument either (particularly since we are u=
sing a short key length here.

I hope that this is not the "let us re=
plicate all the work we had done in some other crazy enterprise identity ma=
nagement solution so far." approach. 


On Jul 10, 2012, at 11:26 =
PM, William Mills wrote:

> OK, but why do you need holder-of-key =
then?  I think holder-of-key gets significantly weird in the symmetric=
 key case.   In the PKI case the token has (public_key, token, signatu=
re(public_key, token, serversecret)).  How will the server assert some=
thing in the credential that's useful in place of a plublic key (or certifi=
cate)?  I think the best case there is that the server is asserting a =
client name which the protected resource uses to look up the symmetric key =
to use for the signature check, but that could just be included in
 token anyway without holder-of-key.
> 
> I really don't see ho=
w this works with symmetric keys in any useful way that's not easier via an=
other method like MAC tokens?
> 
> 
> From: prateek mishr=
a <prateek.mishra@oracle.com>
> To: "Tschofe=
nig, Hannes (NSN - FI/Espoo)" <hannes.tschofenig@nsn.com<=
/a>> 
> Cc: oauth@ietf.org 
> Sent: Tuesday, July 10, 2012 12:0=
0 PM
> Subject: Re: [OAUTH-WG] Holder-of-the-Key for OAuth
> > Hannes,
> 
> we have a variety of use-cases wherein a si=
ngle server ("client") repeatedly interacts with a resource server for busi=
ness purposes. These interactions may be on-behalf-of
> a single user=
 or
 even multiple users. In such a use-case, use of assymetric signature impos=
es an unacceptable performance penalty and there is a lot of interest in be=
ing able
> to use symmetric signature instead.
> 
> - pra=
teek
>> Hi Prateek,
>>  
>> why do you care=
 about the symmetric key case?
>> Specifying more variants require=
s more code and decreases interoperability.
>>  
>> =
Ciao
>> Hannes
>>  
>>  
>> F=
rom: oauth-bounces@ietf.org [mailto:oauth-bounces@iet=
f.org] On Behalf Of ext prateek mishra
>> Sent: Tuesday, July =
10, 2012 8:42 PM
>> To: oauth@ietf.org
>> Subject: Re: [OAU=
TH-WG]
 Holder-of-the-Key for OAuth
>>  
>> As Phil Hunt su=
ggests, there is a need for a discussion of the use-cases involved
>&=
gt; 
>> How to bind the key to the requestor may have several vari=
ations, I would hope the work would cover a broad range
>> 
>=
;> Given the importance of the symmetric key case, I would also be inter=
ested in key establishment methods as well
>> 
>> 
>=
;> 
>> When I say arguably,  I expect you to argue.  =

>>   
>> John B. 
>>   
>> S=
ent from my iPhone
>>   
>> On 2012-07-10, at 1:01 P=
M, Anthony Nadalin <tonynad@microsoft.com> wrote:
>&=
gt;   
>> Binding the key to the channel is arguably the most=
 secure
>>   
>> Not really, there are hardware
 options that give good security properties
>>   
>>=
 -----Original Message-----
>> From: John Bradley [mailto:ve7jtb@ve=
7jtb.com] 
>> Sent: Tuesday, July 10, 2012 9:55 AM
>>=
 To: Hannes Tschofenig
>> Cc: Anthony Nadalin; Hannes Tschofenig; =
OAuth WG
>> Subject: Re: [OAUTH-WG] Holder-of-the-Key for OAuth>>   
>> Binding the key to the channel is arguably th=
e most secure. 
>>   
>> SSL offloading and other fa=
ctors may prevent that from working in all cases. 
>>   
&=
gt;> I suspect that we will need two OAuth bindings. One for TLS and one=
 for signed message. 
>>   
>> John B.  
>=
;>   
>> Sent from my iPhone
>>   
>&g=
t; On 2012-07-10, at 12:11 PM, Hannes Tschofenig <hannes.tschofenig@gmx.net> wrote:
>>   >> If we do not bind the key to the channel than we will run into a=
ll sorts of problems. The current MAC specification illustrates that quite =
nicely. On top of that you can re-use the established security channel for =
the actual data exchange. 
>>   
>> On Jul 10, 2012,=
 at 5:29 PM, Anthony Nadalin wrote:
>>   
>> One que=
stion is if we want to do a generic proof of possession for JWT that is use=
ful outside OAuth,  or something OAuth specific.    The answ=
er may be a combined approach.
>>   
>> Depends if w=
e want OAuth to support the concept of a request/response for a proof token=
 and keep the actual binding for a separate specification, in most of our c=
ases the keying material is opaque (and just a blob), where we care
 about the key material  is in the key agreement (entropy) cases.
&=
gt;>   
>> -----Original Message-----
>> From: Jo=
hn Bradley [mailto:ve7jtb@ve7jtb.com] 
>> Sent: Tuesday, July 1=
0, 2012 3:34 AM
>> To: Hannes Tschofenig
>> Cc: Anthony N=
adalin; OAuth WG
>> Subject: Re: [OAUTH-WG] Holder-of-the-Key for =
OAuth
>>   
>> I agree that there are use-cases for =
all of the proof of possession mechanisms.
>>   
>> =
Presentment methods also need to be considered.   
>>   =

>> TLS client auth may not always be the best option.  Somet=
imes message signing is more appropriate.
>>   
>> O=
ne question is if we want to do a generic proof of possession for JWT that =
is useful outside OAuth,  or something OAuth specific.   
 The answer may be a combined approach.
>>   
>> I t=
hink this is a good start to get discussion going.
>>   
&=
gt;> John B.
>> On 2012-07-09, at 3:05 PM, Hannes Tschofenig wr=
ote:
>>   
>> Hi Tony, 
>>   
>&=
gt; I had to start somewhere. I had chosen the asymmetric version since it =
provides good security properties and there is already the BrowserID/OBC wo=
rk that I had in the back of my mind. I am particularly interested to illus=
trate that you can accomplish the same, if not better, characteristics than=
 BrowserID by using OAuth instead of starting from scratch. 
>>&nb=
sp;  
>> Regarding the symmetric keys: The asymmetric key can be r=
e-used but with a symmetric key holder-of-the-key you would have to request=
 a fresh one every time in order to accomplish comparable security benefits=
. 
>>   
>> Ciao
>>
 Hannes
>>   
>> On Jul 9, 2012, at 9:57 PM, Anthony=
 Nadalin wrote:
>>   
>> Hannes, thanks for drafting=
 this, couple of comments:
>>   
>> 1. HOK is one of=
 Proof of Possession methods, should we consider others?
>> 2. Thi=
s seems just to handle asymmetric keys, need to also handle symmetric keys<=
br>>>   
>>   
>> -----Original Message--=
---
>> From: oauth-bounces@ietf.org [mailto:=
oauth-bounces@ietf.org] On Behalf Of Hannes Tschofenig
>> Sent=
: Monday, July 09, 2012 11:15 AM
>> To: OAuth WG
>> Subje=
ct: [OAUTH-WG] Holder-of-the-Key for OAuth
>>   
>> =
Hi guys, 
>>   
>> today I submitted a short documen=
t
 that illustrates the concept of holder-of-the-key for OAuth. 
>> =
Here is the document: 
>> https://datatracker.ietf=
.org/doc/draft-tschofenig-oauth-hotk
>>   
>> Yo=
ur feedback is welcome 
>>   
>> Ciao
>> Ha=
nnes
>>   
>> ______________________________________=
_________
>> OAuth mailing list
>> OAuth@ietf.org
>>=
; https://www.ietf.org/mailman/listinfo/oauth
>>   
>=
;>   
>>   
>>   
>>   >>   
>> ____________________________________________=
___
>> OAuth mailing list
>> OAuth@iet=
f.org
>> https://www.ietf.org/mailman/listinfo/oauth
>=
;>   
>>   
>>   
>>   >>   
>>   
>>   
>> =
;  
>>   
>> 
>> 
>> 
>> =
_______________________________________________
>> OAuth mailing l=
ist
>> OAuth@ietf.org
>> https://www.ietf.org/mailman/listinf=
o/oauth
>>  
> 
> 
> 
> _________=
______________________________________
> OAuth mailing list
> <=
a ymailto=3D"mailto:OAuth@ietf.org"
 href=3D"mailto:OAuth@ietf.org">OAuth@ietf.org
> https://www.ietf.=
org/mailman/listinfo/oauth
> 
> 
> __________________=
_____________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth



  
  

---368338466-1308052632-1342025520=:18462--

From hannes.tschofenig@gmx.net  Thu Jul 12 00:54:20 2012
Return-Path: 
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 04C0A21F875B for ; Thu, 12 Jul 2012 00:54:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.438
X-Spam-Level: 
X-Spam-Status: No, score=-102.438 tagged_above=-999 required=5 tests=[AWL=0.161, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id j5SSs2lYO6Js for ; Thu, 12 Jul 2012 00:54:19 -0700 (PDT)
Received: from mailout-de.gmx.net (mailout-de.gmx.net [213.165.64.22]) by ietfa.amsl.com (Postfix) with SMTP id D66DF21F8742 for ; Thu, 12 Jul 2012 00:54:18 -0700 (PDT)
Received: (qmail invoked by alias); 12 Jul 2012 07:54:49 -0000
Received: from unknown (EHLO [10.255.128.232]) [194.251.119.201] by mail.gmx.net (mp070) with SMTP; 12 Jul 2012 09:54:49 +0200
X-Authenticated: #29516787
X-Provags-ID: V01U2FsdGVkX18netw6/Dsneo97R8OqyhzcBJ8fgqRo00fHbLH39b KjbMRCslVls43p
From: Hannes Tschofenig 
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: quoted-printable
Date: Thu, 12 Jul 2012 10:54:48 +0300
Message-Id: <213AE838-274D-4809-B841-CCCC51C7B3CD@gmx.net>
To: tls@ietf.org, IETF CoRE 
Mime-Version: 1.0 (Apple Message framework v1084)
X-Mailer: Apple Mail (2.1084)
X-Y-GMX-Trusted: 0
Cc: OAuth WG 
Subject: [OAUTH-WG] draft-ietf-tls-oob-pubkey: My summary
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG 
List-Unsubscribe: , 
List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: , 
X-List-Received-Date: Thu, 12 Jul 2012 07:54:20 -0000

Hi Erk, Hi Robert, Hi Nikos,=20

thanks for your quick response.  Here is an attempt to summarize your =
input.=20

--------

I use three types of indications in the message exchange below for =
improved clarity, namely:=20

(a) 'cert-receive=3D(value-1, value-2, ..., value-n)' with the meaning: =
"I accept certificate of the following types (value-1, ..., value-n) if =
you send them to me." The list is ordered by preference.=20

(b) 'cert-send=3D(value-1, value-2, ..., value-n)' with the meaning: "I =
could send you certificate of the following types  (value-1, ..., =
value-n) if you ask." The list is ordered by preference.=20

(c) cert-info=3D(value) with the meaning: "The certificate payload in =
this message contains a certificate of the following type".=20

I) Server uses Raw Public Keys (client authentication happens at some =
other layer) (the DANE use case)

client_hello,
cert-receive=3D(Raw, X.509) // (1)
cert-send=3D()             -> // (2)

                         <-  server_hello,
                             cert-info=3D(Raw),// (3)
                             certificate, // (4)
                             server_key_exchange,
                             server_hello_done=20

client_key_exchange,
change_cipher_spec,
finished                  ->

                         <- change_cipher_spec,
                            finished

Application Data        <------->     Application Data

Legend:=20

(1) Client accepts to receive two types of certificates, preferring raw =
public keys.
(2) The client does not have a raw public key nor an X.509 certificate =
for client authentication.=20
(3) The server decides to sends his raw public key and indicates this in =
the cert-info field.=20
(4) The certificate payload contains the raw public key.=20

II) Client and Server use Raw Public Keys (the smart object use case - =
CORE working group)


client_hello,
cert-receive=3D(Raw) // (1)
cert-send=3D(Raw)             -> // (2)

                         <-  server_hello,
                             cert-info=3D(Raw),// (3)
                             certificate, // (4)
                             certificate_request, // (5)
                             cert-receive=3D(Raw) // (6)
                             server_key_exchange,
                             server_hello_done=20

cert-info=3D(Raw), // (7)
certificate, // (8)
client_key_exchange,
change_cipher_spec,
finished                  ->

                         <- change_cipher_spec,
                            finished

Application Data        <------->     Application Data


Legend:=20

(1) Client accepts to receive raw public keys.
(2) The client does have a raw public key for client authentication.=20
(3) The server decides to sends his raw public key and indicates this in =
the cert-info field.=20
(4) The certificate payload contains the raw public key.=20
(5) The server wants to use client authentication and and sends a =
cert-request.=20
(6) The certificate request asks for a certificate of type 'raw' =
(knowing that the client supports it from (2)).=20
(7) The client indicates that the certificate payload contains a raw =
public key
(8) Here is the payload of the certificate itself.=20

III) Hybrid Scenario (the OAuth Holder-of-the-Key Use case)

client_hello,
cert-receive=3D(X.509, Raw) // (1)
cert-send=3D(Raw)             -> // (2)

                         <-  server_hello,
                             cert-info=3D(X.509),// (3)
                             certificate, // (4)
                             certificate_request, // (5)
                             cert-receive=3D(Raw) // (6)
                             server_key_exchange,
                             server_hello_done=20

cert-info=3D(Raw), // (7)
certificate, // (8)
client_key_exchange,
change_cipher_spec,
finished                  ->

                         <- change_cipher_spec,
                            finished

Application Data        <------->     Application Data

Legend:=20

(1) Client accepts to receive X.509 certs and raw public keys, in this =
order of preference. (Could also be X.509 only in this example)
(2) The client does have a raw public key for client authentication.=20
(3) The server decides to sends his X.509 cert and indicates this in the =
cert-info field.=20
(4) The certificate payload contains the X.509 cert.=20
(5) The server wants to use client authentication and sends a =
cert-request.=20
(6) The certificate request asks for a certificate of type 'raw' =
(knowing that the client supports it from (2)).=20
(7) The client indicates that the certificate payload contains a raw =
public key.
(8) Here is the payload of the certificate itself.=20
=20
--------

Do these indications clarify the semantic?
I personally believe so.=20

Ciao
Hannes


From julian.reschke@gmx.de  Thu Jul 12 01:31:35 2012
Return-Path: 
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B590221F87A4 for ; Thu, 12 Jul 2012 01:31:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -105.167
X-Spam-Level: 
X-Spam-Status: No, score=-105.167 tagged_above=-999 required=5 tests=[AWL=-2.568, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mVTfykyApRz1 for ; Thu, 12 Jul 2012 01:31:35 -0700 (PDT)
Received: from mailout-de.gmx.net (mailout-de.gmx.net [213.165.64.22]) by ietfa.amsl.com (Postfix) with SMTP id 1491221F87A9 for ; Thu, 12 Jul 2012 01:31:33 -0700 (PDT)
Received: (qmail invoked by alias); 12 Jul 2012 08:32:06 -0000
Received: from p5DD96972.dip.t-dialin.net (EHLO [192.168.178.36]) [93.217.105.114] by mail.gmx.net (mp037) with SMTP; 12 Jul 2012 10:32:06 +0200
X-Authenticated: #1915285
X-Provags-ID: V01U2FsdGVkX1/h9IdYnTXhRJTOvlrZ6iB7JKy7WAaQweFyoPN7tz Cr/0QIFv3CUg8m
Message-ID: <4FFE8B56.6030306@gmx.de>
Date: Thu, 12 Jul 2012 10:31:18 +0200
From: Julian Reschke 
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:13.0) Gecko/20120614 Thunderbird/13.0.1
MIME-Version: 1.0
To: Mike Jones 
References: <4E1F6AAD24975D4BA5B16804296739436657C93A@TK5EX14MBXC283.redmond.corp.microsoft.com> <4FFAE2C8.5000109@gmx.de> <4E1F6AAD24975D4BA5B16804296739436657CE30@TK5EX14MBXC283.redmond.corp.microsoft.com> <4FFAF24D.5050805@gmx.de>
In-Reply-To: <4FFAF24D.5050805@gmx.de>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Y-GMX-Trusted: 0
Cc: "oauth@ietf.org" 
Subject: Re: [OAUTH-WG] Preliminary OAuth Core draft -29
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG 
List-Unsubscribe: , 
List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: , 
X-List-Received-Date: Thu, 12 Jul 2012 08:31:35 -0000

On 2012-07-09 17:01, Julian Reschke wrote:
> On 2012-07-09 16:48, Mike Jones wrote:
>> HTML5 is not cited because it's a working draft - not an approved
>> standard.  In what way is "the definition of the media type in HTML4
>> is known to be insufficient"?  People have been successfully
>> implementing form-urlencoding with it for quite some time. :-)  Is
>> there a specific wording change that you'd suggest that we make that
>> doesn't involve citing a working draft, rather than an approved standard?
>
> For instance, the HTML4 "definition" doesn't even mention what to do
> with non-ASCII characters.
>
> I understand that it's not particularly attractive, but citing HTML4
> just because it's a "standard" isn't really helpful for people who
> actually follow the link and try to understand what needs to be
> implemented.
> ...

Here's an attempt to describe the encoding in terms of HTML4, plus 
additional instruction. This would need to be referenced anyway where 
the spec currently refers to the HTML4 media type definition:

-- snip --
Appendix X. Use of the application/x-www-form-urlencoded Media Type

At the time of publication of this specification, the 
"application/x-www-form-urlencoded" media type was defined in Section 
17.13.4 of [HTML4], but not registered in the IANA media types registry 
(). Furthermore, 
the definition is incomplete as it does not consider non-US-ASCII 
characters.

To address this shortcoming, when generating payloads using this media 
type, names and values MUST be encoded using the "UTF-8" character 
encoding scheme ([RFC3629]) first; the resulting octet sequence then 
needs to be further encoded using the escaping rules defined in [HTML4].

When parsing data from a payload using this media type, the names and 
values resulting from reversing the name/value encoding consequently 
need to be treated as octet sequences, to be decoded using the "UTF-8" 
character encoding scheme.

Example: A value consisting of the six Unicode code points (1) U+0020 
(SPACE), (2) U+0025 (PERCENT SIGN), (3) U+0026 (AMPERSAND), (4) U+002B 
(PLUS SIGN), (5) U+00A3 (POUND SIGN), and (6) U+20AC (EURO SIGN) would 
be encoded into the octet sequence below (using hexadecimal notation):

   20 25 26 2B C2 A3 E2 82 AC

and then represented in the payload as:

   +%25%26%2B%C2%A3%E2%82%AC

-- snip --

Best regards, Julian

From Michael.Jones@microsoft.com  Thu Jul 12 07:45:53 2012
Return-Path: 
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 76FFD21F879A for ; Thu, 12 Jul 2012 07:45:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.79
X-Spam-Level: 
X-Spam-Status: No, score=-3.79 tagged_above=-999 required=5 tests=[AWL=-0.191,  BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id McrjLl2IRvIo for ; Thu, 12 Jul 2012 07:45:52 -0700 (PDT)
Received: from am1outboundpool.messaging.microsoft.com (am1ehsobe006.messaging.microsoft.com [213.199.154.209]) by ietfa.amsl.com (Postfix) with ESMTP id 2548F21F8759 for ; Thu, 12 Jul 2012 07:45:52 -0700 (PDT)
Received: from mail109-am1-R.bigfish.com (10.3.201.247) by AM1EHSOBE003.bigfish.com (10.3.204.23) with Microsoft SMTP Server id 14.1.225.23; Thu, 12 Jul 2012 14:46:22 +0000
Received: from mail109-am1 (localhost [127.0.0.1])	by mail109-am1-R.bigfish.com (Postfix) with ESMTP id B105A3A04AD; Thu, 12 Jul 2012 14:46:22 +0000 (UTC)
X-Forefront-Antispam-Report: CIP:131.107.125.8; KIP:(null); UIP:(null); IPV:NLI; H:TK5EX14HUBC106.redmond.corp.microsoft.com; RD:none; EFVD:NLI
X-SpamScore: -30
X-BigFish: VS-30(zz98dI9371I936eI542M1432I4015Izz1202hzz1033IL8275dhz2fh2a8h668h839h944hd25hf0ah107ah)
Received-SPF: pass (mail109-am1: domain of microsoft.com designates 131.107.125.8 as permitted sender) client-ip=131.107.125.8; envelope-from=Michael.Jones@microsoft.com; helo=TK5EX14HUBC106.redmond.corp.microsoft.com ; icrosoft.com ; 
Received: from mail109-am1 (localhost.localdomain [127.0.0.1]) by mail109-am1 (MessageSwitch) id 1342104381542122_29006; Thu, 12 Jul 2012 14:46:21 +0000 (UTC)
Received: from AM1EHSMHS012.bigfish.com (unknown [10.3.201.254])	by mail109-am1.bigfish.com (Postfix) with ESMTP id 7898140004E; Thu, 12 Jul 2012 14:46:21 +0000 (UTC)
Received: from TK5EX14HUBC106.redmond.corp.microsoft.com (131.107.125.8) by AM1EHSMHS012.bigfish.com (10.3.207.112) with Microsoft SMTP Server (TLS) id 14.1.225.23; Thu, 12 Jul 2012 14:46:20 +0000
Received: from TK5EX14MBXC284.redmond.corp.microsoft.com ([169.254.1.142]) by TK5EX14HUBC106.redmond.corp.microsoft.com ([157.54.80.61]) with mapi id 14.02.0309.003; Thu, 12 Jul 2012 14:46:13 +0000
From: Mike Jones 
To: Julian Reschke 
Thread-Topic: [OAUTH-WG] Preliminary OAuth Core draft -29
Thread-Index: Ac1doaVzn0rH3CgzRNqCMkZEFAvQfwAONTcAAAFQgLAAAP+GgACJPrQAAA0VsXA=
Date: Thu, 12 Jul 2012 14:46:13 +0000
Message-ID: <4E1F6AAD24975D4BA5B16804296739436658DC1D@TK5EX14MBXC284.redmond.corp.microsoft.com>
References: <4E1F6AAD24975D4BA5B16804296739436657C93A@TK5EX14MBXC283.redmond.corp.microsoft.com> <4FFAE2C8.5000109@gmx.de> <4E1F6AAD24975D4BA5B16804296739436657CE30@TK5EX14MBXC283.redmond.corp.microsoft.com> <4FFAF24D.5050805@gmx.de> <4FFE8B56.6030306@gmx.de>
In-Reply-To: <4FFE8B56.6030306@gmx.de>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-originating-ip: [157.54.51.32]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
Cc: "oauth@ietf.org" 
Subject: Re: [OAUTH-WG] Preliminary OAuth Core draft -29
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG 
List-Unsubscribe: , 
List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: , 
X-List-Received-Date: Thu, 12 Jul 2012 14:45:53 -0000

Thanks, Julian.  Dick and I will integrate this into the draft.

				-- Mike

-----Original Message-----
From: Julian Reschke [mailto:julian.reschke@gmx.de]=20
Sent: Thursday, July 12, 2012 1:31 AM
To: Mike Jones
Cc: oauth@ietf.org
Subject: Re: [OAUTH-WG] Preliminary OAuth Core draft -29

On 2012-07-09 17:01, Julian Reschke wrote:
> On 2012-07-09 16:48, Mike Jones wrote:
>> HTML5 is not cited because it's a working draft - not an approved=20
>> standard.  In what way is "the definition of the media type in HTML4=20
>> is known to be insufficient"?  People have been successfully=20
>> implementing form-urlencoding with it for quite some time. :-)  Is=20
>> there a specific wording change that you'd suggest that we make that=20
>> doesn't involve citing a working draft, rather than an approved standard=
?
>
> For instance, the HTML4 "definition" doesn't even mention what to do=20
> with non-ASCII characters.
>
> I understand that it's not particularly attractive, but citing HTML4=20
> just because it's a "standard" isn't really helpful for people who=20
> actually follow the link and try to understand what needs to be=20
> implemented.
> ...

Here's an attempt to describe the encoding in terms of HTML4, plus addition=
al instruction. This would need to be referenced anyway where the spec curr=
ently refers to the HTML4 media type definition:

-- snip --
Appendix X. Use of the application/x-www-form-urlencoded Media Type

At the time of publication of this specification, the "application/x-www-fo=
rm-urlencoded" media type was defined in Section
17.13.4 of [HTML4], but not registered in the IANA media types registry (). Furthermore, the d=
efinition is incomplete as it does not consider non-US-ASCII characters.

To address this shortcoming, when generating payloads using this media type=
, names and values MUST be encoded using the "UTF-8" character encoding sch=
eme ([RFC3629]) first; the resulting octet sequence then needs to be furthe=
r encoded using the escaping rules defined in [HTML4].

When parsing data from a payload using this media type, the names and value=
s resulting from reversing the name/value encoding consequently need to be =
treated as octet sequences, to be decoded using the "UTF-8"=20
character encoding scheme.

Example: A value consisting of the six Unicode code points (1) U+0020 (SPAC=
E), (2) U+0025 (PERCENT SIGN), (3) U+0026 (AMPERSAND), (4) U+002B (PLUS SIG=
N), (5) U+00A3 (POUND SIGN), and (6) U+20AC (EURO SIGN) would be encoded in=
to the octet sequence below (using hexadecimal notation):

   20 25 26 2B C2 A3 E2 82 AC

and then represented in the payload as:

   +%25%26%2B%C2%A3%E2%82%AC

-- snip --

Best regards, Julian



From James.H.Manger@team.telstra.com  Thu Jul 12 08:39:53 2012
Return-Path: 
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5FD2F11E80BC for ; Thu, 12 Jul 2012 08:39:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.958
X-Spam-Level: 
X-Spam-Status: No, score=-0.958 tagged_above=-999 required=5 tests=[AWL=-0.057, BAYES_00=-2.599, HELO_EQ_AU=0.377, HOST_EQ_AU=0.327, RELAY_IS_203=0.994]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZOm7les6w3yl for ; Thu, 12 Jul 2012 08:39:52 -0700 (PDT)
Received: from ipxcno.tcif.telstra.com.au (ipxcno.tcif.telstra.com.au [203.35.82.208]) by ietfa.amsl.com (Postfix) with ESMTP id 60B9F11E8098 for ; Thu, 12 Jul 2012 08:39:50 -0700 (PDT)
X-IronPort-AV: E=Sophos;i="4.77,575,1336312800"; d="scan'208";a="80841234"
Received: from unknown (HELO ipccni.tcif.telstra.com.au) ([10.97.216.208]) by ipocni.tcif.telstra.com.au with ESMTP; 13 Jul 2012 01:40:21 +1000
X-IronPort-AV: E=McAfee;i="5400,1158,6769"; a="76468336"
Received: from wsmsg3701.srv.dir.telstra.com ([172.49.40.169]) by ipccni.tcif.telstra.com.au with ESMTP; 13 Jul 2012 01:40:20 +1000
Received: from WSMSG3153V.srv.dir.telstra.com ([172.49.40.159]) by WSMSG3701.srv.dir.telstra.com ([172.49.40.169]) with mapi; Fri, 13 Jul 2012 01:40:20 +1000
From: "Manger, James H" 
To: Hannes Tschofenig 
Date: Fri, 13 Jul 2012 01:40:18 +1000
Thread-Topic: [OAUTH-WG] draft-ietf-tls-oob-pubkey: My summary
Thread-Index: Ac1gA6rgdKoYPtxlRWCzkT7lZ+icVwAP5p9g
Message-ID: <255B9BB34FB7D647A506DC292726F6E114F7AB4406@WSMSG3153V.srv.dir.telstra.com>
References: <213AE838-274D-4809-B841-CCCC51C7B3CD@gmx.net>
In-Reply-To: <213AE838-274D-4809-B841-CCCC51C7B3CD@gmx.net>
Accept-Language: en-US, en-AU
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
acceptlanguage: en-US, en-AU
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Cc: OAuth WG 
Subject: Re: [OAUTH-WG] draft-ietf-tls-oob-pubkey: My summary
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG 
List-Unsubscribe: , 
List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: , 
X-List-Received-Date: Thu, 12 Jul 2012 15:39:53 -0000

PiBJSUkpIEh5YnJpZCBTY2VuYXJpbyAodGhlIE9BdXRoIEhvbGRlci1vZi10aGUtS2V5IFVzZSBj
YXNlKQ0KPiANCj4gY2xpZW50X2hlbGxvLA0KPiBjZXJ0LXJlY2VpdmU9KFguNTA5LCBSYXcpIC8v
ICgxKQ0KPiBjZXJ0LXNlbmQ9KFJhdykgICAgICAgICAgICAgLT4gLy8gKDIpDQo+IA0KPiAgICAg
ICAgICAgICAgICAgICAgICAgICAgPC0gIHNlcnZlcl9oZWxsbywNCj4gICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICBjZXJ0LWluZm89KFguNTA5KSwvLyAoMykNCj4gICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICBjZXJ0aWZpY2F0ZSwgLy8gKDQpDQo+ICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgY2VydGlmaWNhdGVfcmVxdWVzdCwgLy8gKDUpDQo+ICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgY2VydC1yZWNlaXZlPShSYXcpIC8vICg2KQ0KPiAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgIHNlcnZlcl9rZXlfZXhjaGFuZ2UsDQo+ICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgc2VydmVyX2hlbGxvX2RvbmUNCj4gDQo+IGNlcnQtaW5mbz0oUmF3KSwgLy8gKDcp
DQo+IGNlcnRpZmljYXRlLCAvLyAoOCkNCj4gY2xpZW50X2tleV9leGNoYW5nZSwNCj4gY2hhbmdl
X2NpcGhlcl9zcGVjLA0KPiBmaW5pc2hlZCAgICAgICAgICAgICAgICAgIC0+DQo+IA0KPiAgICAg
ICAgICAgICAgICAgICAgICAgICAgPC0gY2hhbmdlX2NpcGhlcl9zcGVjLA0KPiAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgZmluaXNoZWQNCj4gDQo+IEFwcGxpY2F0aW9uIERhdGEgICAgICAg
IDwtLS0tLS0tPiAgICAgQXBwbGljYXRpb24gRGF0YQ0KPiANCj4gTGVnZW5kOg0KPiANCj4gKDEp
IENsaWVudCBhY2NlcHRzIHRvIHJlY2VpdmUgWC41MDkgY2VydHMgYW5kIHJhdyBwdWJsaWMga2V5
cywgaW4gdGhpcw0KPiBvcmRlciBvZiBwcmVmZXJlbmNlLiAoQ291bGQgYWxzbyBiZSBYLjUwOSBv
bmx5IGluIHRoaXMgZXhhbXBsZSkNCj4gKDIpIFRoZSBjbGllbnQgZG9lcyBoYXZlIGEgcmF3IHB1
YmxpYyBrZXkgZm9yIGNsaWVudCBhdXRoZW50aWNhdGlvbi4NCj4gKDMpIFRoZSBzZXJ2ZXIgZGVj
aWRlcyB0byBzZW5kcyBoaXMgWC41MDkgY2VydCBhbmQgaW5kaWNhdGVzIHRoaXMgaW4NCj4gdGhl
IGNlcnQtaW5mbyBmaWVsZC4NCj4gKDQpIFRoZSBjZXJ0aWZpY2F0ZSBwYXlsb2FkIGNvbnRhaW5z
IHRoZSBYLjUwOSBjZXJ0Lg0KPiAoNSkgVGhlIHNlcnZlciB3YW50cyB0byB1c2UgY2xpZW50IGF1
dGhlbnRpY2F0aW9uIGFuZCBzZW5kcyBhIGNlcnQtDQo+IHJlcXVlc3QuDQo+ICg2KSBUaGUgY2Vy
dGlmaWNhdGUgcmVxdWVzdCBhc2tzIGZvciBhIGNlcnRpZmljYXRlIG9mIHR5cGUgJ3JhdycNCj4g
KGtub3dpbmcgdGhhdCB0aGUgY2xpZW50IHN1cHBvcnRzIGl0IGZyb20gKDIpKS4NCj4gKDcpIFRo
ZSBjbGllbnQgaW5kaWNhdGVzIHRoYXQgdGhlIGNlcnRpZmljYXRlIHBheWxvYWQgY29udGFpbnMg
YSByYXcNCj4gcHVibGljIGtleS4NCj4gKDgpIEhlcmUgaXMgdGhlIHBheWxvYWQgb2YgdGhlIGNl
cnRpZmljYXRlIGl0c2VsZi4NCg0KDQpTbyB0aGUgT0F1dGggY2xpZW50IGNvbXBsZXRlcyBhIFRM
UyBoYW5kc2hha2Ugd2l0aCBhIHByb3RlY3RlZCByZXNvdXJjZSB1c2luZyBhIHJhdyBrZXksIGJ1
dCB0aGUgcHJvdGVjdGVkIHJlc291cmNlIGRvZXNuJ3QgZ2V0IGFueSBhdXRob3JpemF0aW9uIGZv
ciB0aGF0IHJhdyBrZXkgdW50aWwgaXQgc2VlcyBhbiBhY2Nlc3NfdG9rZW4gd2hpY2ggYXBwZWFy
IHdoZXJlPyBJbiBhbiBIVFRQIGhlYWRlciBzb21ld2hlcmUgaW4gdGhlIEFwcCBEYXRhIHNvbWUg
dGltZSBhZnRlciB0aGUgVExTIGhhbmRzaGFrZSBmaW5pc2hlcz8NCg0KLS0NCkphbWVzIE1hbmdl
cg0K

From dick.hardt@gmail.com  Thu Jul 12 09:16:30 2012
Return-Path: 
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5B53921F86D3 for ; Thu, 12 Jul 2012 09:16:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.584
X-Spam-Level: 
X-Spam-Status: No, score=-3.584 tagged_above=-999 required=5 tests=[AWL=0.015,  BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id R086DC1FI6sv for ; Thu, 12 Jul 2012 09:16:29 -0700 (PDT)
Received: from mail-pb0-f44.google.com (mail-pb0-f44.google.com [209.85.160.44]) by ietfa.amsl.com (Postfix) with ESMTP id 9CFDB21F86D0 for ; Thu, 12 Jul 2012 09:16:29 -0700 (PDT)
Received: by pbcwy7 with SMTP id wy7so4208938pbc.31 for ; Thu, 12 Jul 2012 09:17:03 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=subject:mime-version:content-type:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to:x-mailer; bh=YDvGM0rtb7qyKrnuL9Qo/wnnXkBuNG5soYT9UeUoAQo=; b=fBDRocK9T4PFstHQQBJgj3PZpOixuRwzUct7djs2+MM9xGaMjPHJY+cV/PgwJY2A2M LrngQa5YPVf9seLrhouXrLmtEh5kDH2RrKoZXIkEkHYswk4gvL5Djnia/Dn4rxwivpEu mHzdsyjNxwAo3ztmMhtAj4vbZX0Li/+4YAq1YC0HNPg97qyVSbyGdRwSAU4e2d0D8oYt 7kSNJfNNid393ZUqmlq78xf5FS7lBe8GO4ppV3zLRWypDOUyjbD6ag2IuxGTMQF9nrfj VeWxdqejTOi4JbQpWrSNnTWksTPPT8iMddEpM83dn0U0uLkbcfth5sV9FmGUREZKyXBP VoqA==
Received: by 10.68.194.169 with SMTP id hx9mr6828418pbc.8.1342109823208; Thu, 12 Jul 2012 09:17:03 -0700 (PDT)
Received: from [10.0.0.4] (c-24-5-69-173.hsd1.ca.comcast.net. [24.5.69.173]) by mx.google.com with ESMTPS id gh9sm4122615pbc.20.2012.07.12.09.17.01 (version=TLSv1/SSLv3 cipher=OTHER); Thu, 12 Jul 2012 09:17:02 -0700 (PDT)
Mime-Version: 1.0 (Apple Message framework v1278)
Content-Type: text/plain; charset=us-ascii
From: Dick Hardt 
In-Reply-To: <4FFE8B56.6030306@gmx.de>
Date: Thu, 12 Jul 2012 09:17:00 -0700
Content-Transfer-Encoding: quoted-printable
Message-Id: <792D4868-D54D-4127-B0AF-ED2FEC14EC09@gmail.com>
References: <4E1F6AAD24975D4BA5B16804296739436657C93A@TK5EX14MBXC283.redmond.corp.microsoft.com> <4FFAE2C8.5000109@gmx.de> <4E1F6AAD24975D4BA5B16804296739436657CE30@TK5EX14MBXC283.redmond.corp.microsoft.com> <4FFAF24D.5050805@gmx.de> <4FFE8B56.6030306@gmx.de>
To: Julian Reschke 
X-Mailer: Apple Mail (2.1278)
Cc: "oauth@ietf.org" 
Subject: Re: [OAUTH-WG] Preliminary OAuth Core draft -29
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG 
List-Unsubscribe: , 
List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: , 
X-List-Received-Date: Thu, 12 Jul 2012 16:16:30 -0000

Much appreciated Julian!

On Jul 12, 2012, at 1:31 AM, Julian Reschke wrote:

> On 2012-07-09 17:01, Julian Reschke wrote:
>> On 2012-07-09 16:48, Mike Jones wrote:
>>> HTML5 is not cited because it's a working draft - not an approved
>>> standard.  In what way is "the definition of the media type in HTML4
>>> is known to be insufficient"?  People have been successfully
>>> implementing form-urlencoding with it for quite some time. :-)  Is
>>> there a specific wording change that you'd suggest that we make that
>>> doesn't involve citing a working draft, rather than an approved =
standard?
>>=20
>> For instance, the HTML4 "definition" doesn't even mention what to do
>> with non-ASCII characters.
>>=20
>> I understand that it's not particularly attractive, but citing HTML4
>> just because it's a "standard" isn't really helpful for people who
>> actually follow the link and try to understand what needs to be
>> implemented.
>> ...
>=20
> Here's an attempt to describe the encoding in terms of HTML4, plus =
additional instruction. This would need to be referenced anyway where =
the spec currently refers to the HTML4 media type definition:
>=20
> -- snip --
> Appendix X. Use of the application/x-www-form-urlencoded Media Type
>=20
> At the time of publication of this specification, the =
"application/x-www-form-urlencoded" media type was defined in Section =
17.13.4 of [HTML4], but not registered in the IANA media types registry =
(). Furthermore, =
the definition is incomplete as it does not consider non-US-ASCII =
characters.
>=20
> To address this shortcoming, when generating payloads using this media =
type, names and values MUST be encoded using the "UTF-8" character =
encoding scheme ([RFC3629]) first; the resulting octet sequence then =
needs to be further encoded using the escaping rules defined in [HTML4].
>=20
> When parsing data from a payload using this media type, the names and =
values resulting from reversing the name/value encoding consequently =
need to be treated as octet sequences, to be decoded using the "UTF-8" =
character encoding scheme.
>=20
> Example: A value consisting of the six Unicode code points (1) U+0020 =
(SPACE), (2) U+0025 (PERCENT SIGN), (3) U+0026 (AMPERSAND), (4) U+002B =
(PLUS SIGN), (5) U+00A3 (POUND SIGN), and (6) U+20AC (EURO SIGN) would =
be encoded into the octet sequence below (using hexadecimal notation):
>=20
>  20 25 26 2B C2 A3 E2 82 AC
>=20
> and then represented in the payload as:
>=20
>  +%25%26%2B%C2%A3%E2%82%AC
>=20
> -- snip --
>=20
> Best regards, Julian
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth


From internet-drafts@ietf.org  Thu Jul 12 17:02:18 2012
Return-Path: 
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 15EB521F85DD; Thu, 12 Jul 2012 17:02:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.522
X-Spam-Level: 
X-Spam-Status: No, score=-102.522 tagged_above=-999 required=5 tests=[AWL=0.077, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2AKADZnuYxAi; Thu, 12 Jul 2012 17:02:17 -0700 (PDT)
Received: from ietfa.amsl.com (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8A23721F85DF; Thu, 12 Jul 2012 17:02:17 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
From: internet-drafts@ietf.org
To: i-d-announce@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 4.30p3
Message-ID: <20120713000217.29511.66905.idtracker@ietfa.amsl.com>
Date: Thu, 12 Jul 2012 17:02:17 -0700
Cc: oauth@ietf.org
Subject: [OAUTH-WG] I-D Action: draft-ietf-oauth-v2-29.txt
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG 
List-Unsubscribe: , 
List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: , 
X-List-Received-Date: Fri, 13 Jul 2012 00:02:18 -0000

A New Internet-Draft is available from the on-line Internet-Drafts director=
ies.
 This draft is a work item of the Web Authorization Protocol Working Group =
of the IETF.

	Title           : The OAuth 2.0 Authorization Framework
	Author(s)       : Dick Hardt
                          David Recordon
	Filename        : draft-ietf-oauth-v2-29.txt
	Pages           : 72
	Date            : 2012-07-12

Abstract:
   The OAuth 2.0 authorization framework enables a third-party
   application to obtain limited access to an HTTP service, either on
   behalf of a resource owner by orchestrating an approval interaction
   between the resource owner and the HTTP service, or by allowing the
   third-party application to obtain access on its own behalf.  This
   specification replaces and obsoletes the OAuth 1.0 protocol described
   in RFC 5849.


The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/doc/draft-ietf-oauth-v2

There's also a htmlized version available at:
http://tools.ietf.org/html/draft-ietf-oauth-v2-29

A diff from previous version is available at:
http://tools.ietf.org/rfcdiff?url2=3Ddraft-ietf-oauth-v2-29


Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/


From dick.hardt@gmail.com  Thu Jul 12 17:08:36 2012
Return-Path: 
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8E2D311E80E6 for ; Thu, 12 Jul 2012 17:08:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.285
X-Spam-Level: 
X-Spam-Status: No, score=-3.285 tagged_above=-999 required=5 tests=[AWL=-0.287, BAYES_00=-2.599, HTML_MESSAGE=0.001, J_CHICKENPOX_22=0.6, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id X5+tXg7bZBDP for ; Thu, 12 Jul 2012 17:08:36 -0700 (PDT)
Received: from mail-pb0-f44.google.com (mail-pb0-f44.google.com [209.85.160.44]) by ietfa.amsl.com (Postfix) with ESMTP id 041D411E80CC for ; Thu, 12 Jul 2012 17:08:35 -0700 (PDT)
Received: by pbcwy7 with SMTP id wy7so4772369pbc.31 for ; Thu, 12 Jul 2012 17:09:10 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=subject:mime-version:content-type:from:in-reply-to:date:cc :message-id:references:to:x-mailer; bh=HK0u5klcBoHWBuHPHEf9fcHgRg3M450JjO4hFYPAUhA=; b=y+TMlKoSgMsxq5KoyL5AdVzFflDyWWQ+687dVccoipy5ailfRFba2iqmYm6nxHbtqc mPJyTbaMKx8H8qD5mtYOAswxFndJmmqUK9RvY/kCVbdCaLe6+0BYii0OunZG/IE/6OPy vC9uHRwL4+N4v2H6w0mr6r9MTvdbK2/0cJupkNMCcpBot8dPLpucVkIyp2tv9kVKOKPZ Qhe6jzcOXjWC0OYmCj8LW1Izk2IFylXI9DzH6S58HV242fJyc9ZYwY7/pytEN9PLz6aL ogbBmwqgeo2hIehuvVZAYgG9aC9lZkIBrnjOwa/T3cNQWA8Hi67CxiysSD0aA8tGALb1 OVOQ==
Received: by 10.68.223.34 with SMTP id qr2mr9725170pbc.10.1342138150594; Thu, 12 Jul 2012 17:09:10 -0700 (PDT)
Received: from [10.0.0.4] (c-24-5-69-173.hsd1.ca.comcast.net. [24.5.69.173]) by mx.google.com with ESMTPS id ny4sm4775251pbb.57.2012.07.12.17.09.08 (version=TLSv1/SSLv3 cipher=OTHER); Thu, 12 Jul 2012 17:09:09 -0700 (PDT)
Mime-Version: 1.0 (Apple Message framework v1278)
Content-Type: multipart/alternative; boundary="Apple-Mail=_97513805-5610-4F2F-B6D4-2239C0EC1385"
From: Dick Hardt 
In-Reply-To: 
Date: Thu, 12 Jul 2012 17:09:07 -0700
Message-Id: 
References: 
To: "Honton, Charles" 
X-Mailer: Apple Mail (2.1278)
Cc: draft-ietf-oauth-v2@tools.ietf.org, "oauth@ietf.org WG" 
Subject: Re: [OAUTH-WG] Mail regarding draft-ietf-oauth-v2
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG 
List-Unsubscribe: , 
List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: , 
X-List-Received-Date: Fri, 13 Jul 2012 00:08:36 -0000

--Apple-Mail=_97513805-5610-4F2F-B6D4-2239C0EC1385
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
	charset=us-ascii

Charles

Thanks for the suggestion. I just did publish a new draft that included =
a number of items that had been discussed and I would like to get some =
feedback on your suggestion before incorporating it (or not).

Does anyone have feedback on the change below? (+/-)

-- Dick

On Jul 12, 2012, at 1:45 PM, Honton, Charles wrote:

> E. Hammer, D. Recordon, D. Hardt, et.al,
>=20
> I'm looking at draft 28 =
(http://tools.ietf.org/html/draft-ietf-oauth-v2-28).
>=20
> In Section 5.2 the error code should probably include:
>=20
> 	server_error
>                The authorization server encountered an unexpected
>                condition which prevented it from fulfilling the =
request.
>          temporarily_unavailable
>                The authorization server is currently unable to handle
>                the request due to a temporary overloading or =
maintenance
>                of the server.
>=20
>=20
> Regards,
> chas
>=20


--Apple-Mail=_97513805-5610-4F2F-B6D4-2239C0EC1385
Content-Transfer-Encoding: 7bit
Content-Type: text/html;
	charset=us-ascii

Charles

Thanks for the suggestion. I just did publish a new draft that included a number of items that had been discussed and I would like to get some feedback on your suggestion before incorporating it (or not).

Does anyone have feedback on the change below? (+/-)

-- Dick

On Jul 12, 2012, at 1:45 PM, Honton, Charles wrote:








E. Hammer, D. Recordon, D. Hardt, et.al,













In Section 5.2 the error code should probably include:









	server_error
               The authorization server encountered an unexpected
               condition which prevented it from fulfilling the request.
         temporarily_unavailable
               The authorization server is currently unable to handle
               the request due to a temporary overloading or maintenance
               of the server.














Regards,




chas












--Apple-Mail=_97513805-5610-4F2F-B6D4-2239C0EC1385--

From internet-drafts@ietf.org  Thu Jul 12 17:20:54 2012
Return-Path: 
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A2E3F11E80FE; Thu, 12 Jul 2012 17:20:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.512
X-Spam-Level: 
X-Spam-Status: No, score=-102.512 tagged_above=-999 required=5 tests=[AWL=0.087, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YonU2+GqKmtb; Thu, 12 Jul 2012 17:20:52 -0700 (PDT)
Received: from ietfa.amsl.com (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D49E211E80BD; Thu, 12 Jul 2012 17:20:52 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
From: internet-drafts@ietf.org
To: i-d-announce@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 4.30p3
Message-ID: <20120713002052.16663.51427.idtracker@ietfa.amsl.com>
Date: Thu, 12 Jul 2012 17:20:52 -0700
Cc: oauth@ietf.org
Subject: [OAUTH-WG] I-D Action: draft-ietf-oauth-v2-bearer-22.txt
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG 
List-Unsubscribe: , 
List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: , 
X-List-Received-Date: Fri, 13 Jul 2012 00:20:54 -0000

A New Internet-Draft is available from the on-line Internet-Drafts director=
ies.
 This draft is a work item of the Web Authorization Protocol Working Group =
of the IETF.

	Title           : The OAuth 2.0 Authorization Framework: Bearer Token Usage
	Author(s)       : Michael B. Jones
                          Dick Hardt
                          David Recordon
	Filename        : draft-ietf-oauth-v2-bearer-22.txt
	Pages           : 26
	Date            : 2012-07-12

Abstract:
   This specification describes how to use bearer tokens in HTTP
   requests to access OAuth 2.0 protected resources.  Any party in
   possession of a bearer token (a "bearer") can use it to get access to
   the associated resources (without demonstrating possession of a
   cryptographic key).  To prevent misuse, bearer tokens need to be
   protected from disclosure in storage and in transport.


The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/doc/draft-ietf-oauth-v2-bearer

There's also a htmlized version available at:
http://tools.ietf.org/html/draft-ietf-oauth-v2-bearer-22

A diff from previous version is available at:
http://tools.ietf.org/rfcdiff?url2=3Ddraft-ietf-oauth-v2-bearer-22


Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/


From Michael.Jones@microsoft.com  Thu Jul 12 17:25:56 2012
Return-Path: 
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8199111E80B6 for ; Thu, 12 Jul 2012 17:25:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.788
X-Spam-Level: 
X-Spam-Status: No, score=-3.788 tagged_above=-999 required=5 tests=[AWL=-0.190, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UWZZuf7ZZRXw for ; Thu, 12 Jul 2012 17:25:55 -0700 (PDT)
Received: from ch1outboundpool.messaging.microsoft.com (ch1ehsobe003.messaging.microsoft.com [216.32.181.183]) by ietfa.amsl.com (Postfix) with ESMTP id 2AACE11E8098 for ; Thu, 12 Jul 2012 17:25:55 -0700 (PDT)
Received: from mail9-ch1-R.bigfish.com (10.43.68.249) by CH1EHSOBE004.bigfish.com (10.43.70.54) with Microsoft SMTP Server id 14.1.225.23; Fri, 13 Jul 2012 00:26:29 +0000
Received: from mail9-ch1 (localhost [127.0.0.1])	by mail9-ch1-R.bigfish.com (Postfix) with ESMTP id 4D0EB403FB; Fri, 13 Jul 2012 00:26:29 +0000 (UTC)
X-Forefront-Antispam-Report: CIP:131.107.125.8; KIP:(null); UIP:(null); IPV:NLI; H:TK5EX14MLTC102.redmond.corp.microsoft.com; RD:none; EFVD:NLI
X-SpamScore: -19
X-BigFish: VS-19(zzc89bhc857hzz1202hzz1033IL8275eh8275bh8275dha1495iz2fh2a8h668h839hd25hf0ah107ah)
Received-SPF: pass (mail9-ch1: domain of microsoft.com designates 131.107.125.8 as permitted sender) client-ip=131.107.125.8; envelope-from=Michael.Jones@microsoft.com; helo=TK5EX14MLTC102.redmond.corp.microsoft.com ; icrosoft.com ; 
Received: from mail9-ch1 (localhost.localdomain [127.0.0.1]) by mail9-ch1 (MessageSwitch) id 134213918731296_6983; Fri, 13 Jul 2012 00:26:27 +0000 (UTC)
Received: from CH1EHSMHS037.bigfish.com (snatpool2.int.messaging.microsoft.com [10.43.68.236])	by mail9-ch1.bigfish.com (Postfix) with ESMTP id 0570C1A0047; Fri, 13 Jul 2012 00:26:27 +0000 (UTC)
Received: from TK5EX14MLTC102.redmond.corp.microsoft.com (131.107.125.8) by CH1EHSMHS037.bigfish.com (10.43.69.246) with Microsoft SMTP Server (TLS) id 14.1.225.23; Fri, 13 Jul 2012 00:26:26 +0000
Received: from TK5EX14MBXC285.redmond.corp.microsoft.com ([169.254.3.222]) by TK5EX14MLTC102.redmond.corp.microsoft.com ([157.54.79.180]) with mapi id 14.02.0298.005; Fri, 13 Jul 2012 00:26:24 +0000
From: Mike Jones 
To: "oauth@ietf.org" 
Thread-Topic: OAuth Core -29 and OAuth Bearer -22 specs published
Thread-Index: Ac1gjhZwVHhn22y2T/WdpE7Ba6CGRA==
Date: Fri, 13 Jul 2012 00:26:24 +0000
Message-ID: <4E1F6AAD24975D4BA5B168042967394366723810@TK5EX14MBXC285.redmond.corp.microsoft.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-originating-ip: [157.54.51.70]
Content-Type: multipart/alternative; boundary="_000_4E1F6AAD24975D4BA5B168042967394366723810TK5EX14MBXC285r_"
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
Cc: Julian Reschke 
Subject: [OAUTH-WG] OAuth Core -29 and OAuth Bearer -22 specs published
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG 
List-Unsubscribe: , 
List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: , 
X-List-Received-Date: Fri, 13 Jul 2012 00:25:56 -0000

--_000_4E1F6AAD24975D4BA5B168042967394366723810TK5EX14MBXC285r_
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64

TmV3IHZlcnNpb25zIG9mIHRoZSBPQXV0aCBDb3JlIGFuZCBCZWFyZXIgc3BlY3MgaGF2ZSBiZWVu
IHB1Ymxpc2hlZCB0aGF0IGFyZSBpbnRlbmRlZCB0byBhZGRyZXNzIGFsbCBvdXRzdGFuZGluZyBp
c3N1ZXMuICAoQWx0aG91Z2ggc2VlIERpY2sgSGFyZHTigJlzIGZvcndhcmRlZCBub3RlIGZyb20g
Q2hhcmxlcyBIb250b24sIHdoaWNoIG1heSByZXN1bHQgaW4gYW4gYWRkaXRpb25hbCBpc3N1ZS4p
DQoNClRoZSBzcGVjaWZpY2F0aW9ucyBhcmUgYXZhaWxhYmxlIGF0Og0KDQrCtyAgICAgICAgaHR0
cDovL3Rvb2xzLmlldGYub3JnL2h0bWwvZHJhZnQtaWV0Zi1vYXV0aC12Mi0yOQ0KDQrCtyAgICAg
ICAgaHR0cDovL3Rvb2xzLmlldGYub3JnL2h0bWwvZHJhZnQtaWV0Zi1vYXV0aC12Mi1iZWFyZXIt
MjINCg0KQ2hhbmdlcyBpbiBodHRwOi8vdG9vbHMuaWV0Zi5vcmcvaHRtbC9kcmFmdC1pZXRmLW9h
dXRoLXYyLTI5IGFyZToNCg0KICAqICAgQWRkZWQgIk1VU1QiIHRvICJBIHB1YmxpYyBjbGllbnQg
dGhhdCB3YXMgbm90IGlzc3VlZCBhIGNsaWVudCBwYXNzd29yZCBNVVNUIHVzZSB0aGUgY2xpZW50
X2lkIHJlcXVlc3QgcGFyYW1ldGVyIHRvIGlkZW50aWZ5IGl0c2VsZiB3aGVuIHNlbmRpbmcgcmVx
dWVzdHMgdG8gdGhlIHRva2VuIGVuZHBvaW50IiBhbmQgYWRkZWQgdGV4dCBleHBsYWluaW5nIHdo
eSB0aGlzIG11c3QgYmUgc28uDQogICogICBBZGRlZCB0aGF0IHRoZSBhdXRob3JpemF0aW9uIHNl
cnZlciBNVVNUICJlbnN1cmUgdGhlIGF1dGhvcml6YXRpb24gY29kZSB3YXMgaXNzdWVkIHRvIHRo
ZSBhdXRoZW50aWNhdGVkIGNvbmZpZGVudGlhbCBjbGllbnQgb3IgdG8gdGhlIHB1YmxpYyBjbGll
bnQgaWRlbnRpZmllZCBieSB0aGUgY2xpZW50X2lkIGluIHRoZSByZXF1ZXN0Ii4NCiAgKiAgIEFk
ZGVkIFNlY3VyaXR5IENvbnNpZGVyYXRpb25zIHNlY3Rpb24gIk1pc3VzZSBvZiBBY2Nlc3MgVG9r
ZW4gdG8gSW1wZXJzb25hdGUgUmVzb3VyY2UgT3duZXIgaW4gSW1wbGljaXQgRmxvdyIuDQogICog
ICBBZGRlZCByZWZlcmVuY2VzIGluIHRoZSAiSW1wbGljaXQiIGFuZCAiSW1wbGljaXQgR3JhbnQi
IHNlY3Rpb25zIHRvIHBhcnRpY3VsYXJseSBwZXJ0aW5lbnQgc2VjdXJpdHkgY29uc2lkZXJhdGlv
bnMuDQogICogICBBZGRlZCBhcHBlbmRpeCAiVXNlIG9mIGFwcGxpY2F0aW9uL3gtd3d3LWZvcm0t
dXJsZW5jb2RlZCBNZWRpYSBUeXBlIiBhbmQgcmVmZXJlbmNlZCBpdCBpbiBwbGFjZXMgdGhhdCB0
aGlzIGVuY29kaW5nIGlzIHVzZWQuDQogICogICBEZWxldGVkICI7Y2hhcnNldD1VVEYtOCIgZnJv
bSBleGFtcGxlcyBmb3JtZXJseSB1c2luZyAiQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LXd3
dy1mb3JtLXVybGVuY29kZWQ7Y2hhcnNldD1VVEYtOCIuDQogICogICBBZGRlZCB0aGUgcGhyYXNl
ICJ3aXRoIGEgY2hhcmFjdGVyIGVuY29kaW5nIG9mIFVURi04IiB3aGVuIGRlc2NyaWJpbmcgaG93
IHRvIHNlbmQgcmVxdWVzdHMgdXNpbmcgdGhlIEhUVFAgcmVxdWVzdCBlbnRpdHktYm9keS4NCiAg
KiAgIEZvciBzeW1tZXRyeSB3aGVuIHVzaW5nIEhUVFAgQmFzaWMgYXV0aGVudGljYXRpb24sIGFs
c28gYXBwbHkgdGhlIGFwcGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJsZW5jb2RlZCBlbmNvZGluZyB0
byB0aGUgY2xpZW50IHBhc3N3b3JkLCBqdXN0IGFzIHdhcyBhbHJlYWR5IGRvbmUgZm9yIHRoZSBj
bGllbnQgaWRlbnRpZmllci4NCiAgKiAgIEFkZGVkICJUaGUgQUJORiBiZWxvdyBpcyBkZWZpbmVk
IGluIHRlcm1zIG9mIFVuaWNvZGUgY29kZSBwb2ludHMgW1czQy5SRUPigJF4bWzigJEyMDA4MTEy
Nl07IHRoZXNlIGNoYXJhY3RlcnMgYXJlIHR5cGljYWxseSBlbmNvZGVkIGluIFVURi04Ii4NCiAg
KiAgIFJlcGxhY2VkIFVOSUNPREVOT0NUUkxDSEFSIGluIEFCTkYgd2l0aCBVTklDT0RFQ0hBUk5P
Q1JMRiA9ICV4MDkgLyAleDIwLTdFIC8gJXg4MC1EN0ZGIC8gJXhFMDAwLUZGRkQgLyAleDEwMDAw
LTEwRkZGRi4NCiAgKiAgIENvcnJlY3RlZCBpbmNvcnJlY3QgdXNlcyBvZiAid2hpY2giLg0KICAq
ICAgUmVkdWNlZCBtdWx0aXBsZSBibGFuayBsaW5lcyBhcm91bmQgYXJ0d29yayBlbGVtZW50cyB0
byBzaW5nbGUgYmxhbmsgbGluZXMuDQogICogICBSZW1vdmVkIEVyYW4gSGFtbWVyJ3MgbmFtZSBm
cm9tIHRoZSBhdXRob3IgbGlzdCwgYXQgaGlzIHJlcXVlc3QuIERpY2sgSGFyZHQgaXMgbm93IGxp
c3RlZCBhcyB0aGUgZWRpdG9yLg0KDQpDaGFuZ2VzIGluIGh0dHA6Ly90b29scy5pZXRmLm9yZy9o
dG1sL2RyYWZ0LWlldGYtb2F1dGgtdjItYmVhcmVyLTIyIGFyZToNCg0KICAqICAgUmVtb3ZlZCB1
c2VzIG9mIEhUVFBiaXMgaW4gZmF2b3Igb2YgUkZDIDI2MTYgYW5kIFJGQyAyNjE3LCBzaW5jZSBI
VFRQYmlzIGlzIG5vdCBhbiBhcHByb3ZlZCBzdGFuZGFyZC4NCiAgKiAgIE1hdGNoIGZvcm1hdHRp
bmcgb2YgYXJ0d29yayBlbGVtZW50cyB3aXRoIE9BdXRoIGNvcmUgc3BlY2lmaWNhdGlvbi4NCg0K
SFRNTC1mb3JtYXR0ZWQgdmVyc2lvbnMgYXJlIGF2YWlsYWJsZSBhdDoNCg0KwrcgICAgICAgIGh0
dHA6Ly9zZWxmLWlzc3VlZC5pbmZvL2RvY3MvZHJhZnQtaWV0Zi1vYXV0aC12Mi0yOS5odG1sDQoN
CsK3ICAgICAgICBodHRwOi8vc2VsZi1pc3N1ZWQuaW5mby9kb2NzL2RyYWZ0LWlldGYtb2F1dGgt
djItYmVhcmVyLTIyLmh0bWwNCg0KVGhhbmtzIHRvIERpY2sgSGFyZHQgZm9yIGVkaXRpbmcgdGhl
IENvcmUgc3BlY2lmaWNhdGlvbi4gIFRoYW5rcyB0byBKdWxpYW4gUmVzY2hrZSBmb3Igc3VwcGx5
aW5nIHRoZSB0ZXh0IGluIENvcmUgQXBwZW5kaXggQiBvbiB0aGUgdXNlIG9mIHRoZSBhcHBsaWNh
dGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQgZW5jb2RpbmcuDQoNCiAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC0tIE1pa2UNCg0K

--_000_4E1F6AAD24975D4BA5B168042967394366723810TK5EX14MBXC285r_
Content-Type: text/html; charset="utf-8"
Content-Transfer-Encoding: base64

PGh0bWwgeG1sbnM6dj0idXJuOnNjaGVtYXMtbWljcm9zb2Z0LWNvbTp2bWwiIHhtbG5zOm89InVy
bjpzY2hlbWFzLW1pY3Jvc29mdC1jb206b2ZmaWNlOm9mZmljZSIgeG1sbnM6dz0idXJuOnNjaGVt
YXMtbWljcm9zb2Z0LWNvbTpvZmZpY2U6d29yZCIgeG1sbnM6bT0iaHR0cDovL3NjaGVtYXMubWlj
cm9zb2Z0LmNvbS9vZmZpY2UvMjAwNC8xMi9vbW1sIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv
VFIvUkVDLWh0bWw0MCI+DQo8aGVhZD4NCjxtZXRhIGh0dHAtZXF1aXY9IkNvbnRlbnQtVHlwZSIg
Y29udGVudD0idGV4dC9odG1sOyBjaGFyc2V0PXV0Zi04Ij4NCjxtZXRhIG5hbWU9IkdlbmVyYXRv
ciIgY29udGVudD0iTWljcm9zb2Z0IFdvcmQgMTQgKGZpbHRlcmVkIG1lZGl1bSkiPg0KPHN0eWxl
PjwhLS0NCi8qIEZvbnQgRGVmaW5pdGlvbnMgKi8NCkBmb250LWZhY2UNCgl7Zm9udC1mYW1pbHk6
V2luZ2RpbmdzOw0KCXBhbm9zZS0xOjUgMCAwIDAgMCAwIDAgMCAwIDA7fQ0KQGZvbnQtZmFjZQ0K
CXtmb250LWZhbWlseTpXaW5nZGluZ3M7DQoJcGFub3NlLTE6NSAwIDAgMCAwIDAgMCAwIDAgMDt9
DQpAZm9udC1mYWNlDQoJe2ZvbnQtZmFtaWx5OkNhbGlicmk7DQoJcGFub3NlLTE6MiAxNSA1IDIg
MiAyIDQgMyAyIDQ7fQ0KQGZvbnQtZmFjZQ0KCXtmb250LWZhbWlseTpWZXJkYW5hOw0KCXBhbm9z
ZS0xOjIgMTEgNiA0IDMgNSA0IDQgMiA0O30NCi8qIFN0eWxlIERlZmluaXRpb25zICovDQpwLk1z
b05vcm1hbCwgbGkuTXNvTm9ybWFsLCBkaXYuTXNvTm9ybWFsDQoJe21hcmdpbjowaW47DQoJbWFy
Z2luLWJvdHRvbTouMDAwMXB0Ow0KCWZvbnQtc2l6ZToxMS4wcHQ7DQoJZm9udC1mYW1pbHk6IkNh
bGlicmkiLCJzYW5zLXNlcmlmIjt9DQphOmxpbmssIHNwYW4uTXNvSHlwZXJsaW5rDQoJe21zby1z
dHlsZS1wcmlvcml0eTo5OTsNCgljb2xvcjpibHVlOw0KCXRleHQtZGVjb3JhdGlvbjp1bmRlcmxp
bmU7fQ0KYTp2aXNpdGVkLCBzcGFuLk1zb0h5cGVybGlua0ZvbGxvd2VkDQoJe21zby1zdHlsZS1w
cmlvcml0eTo5OTsNCgljb2xvcjpwdXJwbGU7DQoJdGV4dC1kZWNvcmF0aW9uOnVuZGVybGluZTt9
DQp0dA0KCXttc28tc3R5bGUtcHJpb3JpdHk6OTk7DQoJZm9udC1mYW1pbHk6IkNvdXJpZXIgTmV3
IjsNCgljb2xvcjojMDAzMzY2O30NCnAuTXNvTGlzdFBhcmFncmFwaCwgbGkuTXNvTGlzdFBhcmFn
cmFwaCwgZGl2Lk1zb0xpc3RQYXJhZ3JhcGgNCgl7bXNvLXN0eWxlLXByaW9yaXR5OjM0Ow0KCW1h
cmdpbi10b3A6MGluOw0KCW1hcmdpbi1yaWdodDowaW47DQoJbWFyZ2luLWJvdHRvbTowaW47DQoJ
bWFyZ2luLWxlZnQ6LjVpbjsNCgltYXJnaW4tYm90dG9tOi4wMDAxcHQ7DQoJZm9udC1zaXplOjEx
LjBwdDsNCglmb250LWZhbWlseToiQ2FsaWJyaSIsInNhbnMtc2VyaWYiO30NCnNwYW4uRW1haWxT
dHlsZTE5DQoJe21zby1zdHlsZS10eXBlOnBlcnNvbmFsLWNvbXBvc2U7DQoJZm9udC1mYW1pbHk6
IkNhbGlicmkiLCJzYW5zLXNlcmlmIjsNCgljb2xvcjp3aW5kb3d0ZXh0O30NCi5Nc29DaHBEZWZh
dWx0DQoJe21zby1zdHlsZS10eXBlOmV4cG9ydC1vbmx5Ow0KCWZvbnQtc2l6ZToxMC4wcHQ7fQ0K
QHBhZ2UgV29yZFNlY3Rpb24xDQoJe3NpemU6OC41aW4gMTEuMGluOw0KCW1hcmdpbjoxLjBpbiAx
LjBpbiAxLjBpbiAxLjBpbjt9DQpkaXYuV29yZFNlY3Rpb24xDQoJe3BhZ2U6V29yZFNlY3Rpb24x
O30NCi8qIExpc3QgRGVmaW5pdGlvbnMgKi8NCkBsaXN0IGwwDQoJe21zby1saXN0LWlkOjE1MDg3
MTU1MDsNCgltc28tbGlzdC10ZW1wbGF0ZS1pZHM6LTIwODc1MjMxODA7fQ0KQGxpc3QgbDA6bGV2
ZWwxDQoJe21zby1sZXZlbC1udW1iZXItZm9ybWF0OmJ1bGxldDsNCgltc28tbGV2ZWwtdGV4dDrv
grc7DQoJbXNvLWxldmVsLXRhYi1zdG9wOi41aW47DQoJbXNvLWxldmVsLW51bWJlci1wb3NpdGlv
bjpsZWZ0Ow0KCXRleHQtaW5kZW50Oi0uMjVpbjsNCgltc28tYW5zaS1mb250LXNpemU6MTAuMHB0
Ow0KCWZvbnQtZmFtaWx5OlN5bWJvbDt9DQpAbGlzdCBsMDpsZXZlbDINCgl7bXNvLWxldmVsLW51
bWJlci1mb3JtYXQ6YnVsbGV0Ow0KCW1zby1sZXZlbC10ZXh0Om87DQoJbXNvLWxldmVsLXRhYi1z
dG9wOjEuMGluOw0KCW1zby1sZXZlbC1udW1iZXItcG9zaXRpb246bGVmdDsNCgl0ZXh0LWluZGVu
dDotLjI1aW47DQoJbXNvLWFuc2ktZm9udC1zaXplOjEwLjBwdDsNCglmb250LWZhbWlseToiQ291
cmllciBOZXciOw0KCW1zby1iaWRpLWZvbnQtZmFtaWx5OiJUaW1lcyBOZXcgUm9tYW4iO30NCkBs
aXN0IGwwOmxldmVsMw0KCXttc28tbGV2ZWwtbnVtYmVyLWZvcm1hdDpidWxsZXQ7DQoJbXNvLWxl
dmVsLXRleHQ674KnOw0KCW1zby1sZXZlbC10YWItc3RvcDoxLjVpbjsNCgltc28tbGV2ZWwtbnVt
YmVyLXBvc2l0aW9uOmxlZnQ7DQoJdGV4dC1pbmRlbnQ6LS4yNWluOw0KCW1zby1hbnNpLWZvbnQt
c2l6ZToxMC4wcHQ7DQoJZm9udC1mYW1pbHk6V2luZ2RpbmdzO30NCkBsaXN0IGwwOmxldmVsNA0K
CXttc28tbGV2ZWwtbnVtYmVyLWZvcm1hdDpidWxsZXQ7DQoJbXNvLWxldmVsLXRleHQ674KnOw0K
CW1zby1sZXZlbC10YWItc3RvcDoyLjBpbjsNCgltc28tbGV2ZWwtbnVtYmVyLXBvc2l0aW9uOmxl
ZnQ7DQoJdGV4dC1pbmRlbnQ6LS4yNWluOw0KCW1zby1hbnNpLWZvbnQtc2l6ZToxMC4wcHQ7DQoJ
Zm9udC1mYW1pbHk6V2luZ2RpbmdzO30NCkBsaXN0IGwwOmxldmVsNQ0KCXttc28tbGV2ZWwtbnVt
YmVyLWZvcm1hdDpidWxsZXQ7DQoJbXNvLWxldmVsLXRleHQ674KnOw0KCW1zby1sZXZlbC10YWIt
c3RvcDoyLjVpbjsNCgltc28tbGV2ZWwtbnVtYmVyLXBvc2l0aW9uOmxlZnQ7DQoJdGV4dC1pbmRl
bnQ6LS4yNWluOw0KCW1zby1hbnNpLWZvbnQtc2l6ZToxMC4wcHQ7DQoJZm9udC1mYW1pbHk6V2lu
Z2RpbmdzO30NCkBsaXN0IGwwOmxldmVsNg0KCXttc28tbGV2ZWwtbnVtYmVyLWZvcm1hdDpidWxs
ZXQ7DQoJbXNvLWxldmVsLXRleHQ674KnOw0KCW1zby1sZXZlbC10YWItc3RvcDozLjBpbjsNCglt
c28tbGV2ZWwtbnVtYmVyLXBvc2l0aW9uOmxlZnQ7DQoJdGV4dC1pbmRlbnQ6LS4yNWluOw0KCW1z
by1hbnNpLWZvbnQtc2l6ZToxMC4wcHQ7DQoJZm9udC1mYW1pbHk6V2luZ2RpbmdzO30NCkBsaXN0
IGwwOmxldmVsNw0KCXttc28tbGV2ZWwtbnVtYmVyLWZvcm1hdDpidWxsZXQ7DQoJbXNvLWxldmVs
LXRleHQ674KnOw0KCW1zby1sZXZlbC10YWItc3RvcDozLjVpbjsNCgltc28tbGV2ZWwtbnVtYmVy
LXBvc2l0aW9uOmxlZnQ7DQoJdGV4dC1pbmRlbnQ6LS4yNWluOw0KCW1zby1hbnNpLWZvbnQtc2l6
ZToxMC4wcHQ7DQoJZm9udC1mYW1pbHk6V2luZ2RpbmdzO30NCkBsaXN0IGwwOmxldmVsOA0KCXtt
c28tbGV2ZWwtbnVtYmVyLWZvcm1hdDpidWxsZXQ7DQoJbXNvLWxldmVsLXRleHQ674KnOw0KCW1z
by1sZXZlbC10YWItc3RvcDo0LjBpbjsNCgltc28tbGV2ZWwtbnVtYmVyLXBvc2l0aW9uOmxlZnQ7
DQoJdGV4dC1pbmRlbnQ6LS4yNWluOw0KCW1zby1hbnNpLWZvbnQtc2l6ZToxMC4wcHQ7DQoJZm9u
dC1mYW1pbHk6V2luZ2RpbmdzO30NCkBsaXN0IGwwOmxldmVsOQ0KCXttc28tbGV2ZWwtbnVtYmVy
LWZvcm1hdDpidWxsZXQ7DQoJbXNvLWxldmVsLXRleHQ674KnOw0KCW1zby1sZXZlbC10YWItc3Rv
cDo0LjVpbjsNCgltc28tbGV2ZWwtbnVtYmVyLXBvc2l0aW9uOmxlZnQ7DQoJdGV4dC1pbmRlbnQ6
LS4yNWluOw0KCW1zby1hbnNpLWZvbnQtc2l6ZToxMC4wcHQ7DQoJZm9udC1mYW1pbHk6V2luZ2Rp
bmdzO30NCkBsaXN0IGwxDQoJe21zby1saXN0LWlkOjg4NTkyMDU0NzsNCgltc28tbGlzdC10ZW1w
bGF0ZS1pZHM6LTEwNTg3NzA2NzY7fQ0KQGxpc3QgbDE6bGV2ZWwxDQoJe21zby1sZXZlbC1udW1i
ZXItZm9ybWF0OmJ1bGxldDsNCgltc28tbGV2ZWwtdGV4dDrvgrc7DQoJbXNvLWxldmVsLXRhYi1z
dG9wOi41aW47DQoJbXNvLWxldmVsLW51bWJlci1wb3NpdGlvbjpsZWZ0Ow0KCXRleHQtaW5kZW50
Oi0uMjVpbjsNCgltc28tYW5zaS1mb250LXNpemU6MTAuMHB0Ow0KCWZvbnQtZmFtaWx5OlN5bWJv
bDt9DQpAbGlzdCBsMTpsZXZlbDINCgl7bXNvLWxldmVsLW51bWJlci1mb3JtYXQ6YnVsbGV0Ow0K
CW1zby1sZXZlbC10ZXh0Om87DQoJbXNvLWxldmVsLXRhYi1zdG9wOjEuMGluOw0KCW1zby1sZXZl
bC1udW1iZXItcG9zaXRpb246bGVmdDsNCgl0ZXh0LWluZGVudDotLjI1aW47DQoJbXNvLWFuc2kt
Zm9udC1zaXplOjEwLjBwdDsNCglmb250LWZhbWlseToiQ291cmllciBOZXciOw0KCW1zby1iaWRp
LWZvbnQtZmFtaWx5OiJUaW1lcyBOZXcgUm9tYW4iO30NCkBsaXN0IGwxOmxldmVsMw0KCXttc28t
bGV2ZWwtbnVtYmVyLWZvcm1hdDpidWxsZXQ7DQoJbXNvLWxldmVsLXRleHQ674KnOw0KCW1zby1s
ZXZlbC10YWItc3RvcDoxLjVpbjsNCgltc28tbGV2ZWwtbnVtYmVyLXBvc2l0aW9uOmxlZnQ7DQoJ
dGV4dC1pbmRlbnQ6LS4yNWluOw0KCW1zby1hbnNpLWZvbnQtc2l6ZToxMC4wcHQ7DQoJZm9udC1m
YW1pbHk6V2luZ2RpbmdzO30NCkBsaXN0IGwxOmxldmVsNA0KCXttc28tbGV2ZWwtbnVtYmVyLWZv
cm1hdDpidWxsZXQ7DQoJbXNvLWxldmVsLXRleHQ674KnOw0KCW1zby1sZXZlbC10YWItc3RvcDoy
LjBpbjsNCgltc28tbGV2ZWwtbnVtYmVyLXBvc2l0aW9uOmxlZnQ7DQoJdGV4dC1pbmRlbnQ6LS4y
NWluOw0KCW1zby1hbnNpLWZvbnQtc2l6ZToxMC4wcHQ7DQoJZm9udC1mYW1pbHk6V2luZ2Rpbmdz
O30NCkBsaXN0IGwxOmxldmVsNQ0KCXttc28tbGV2ZWwtbnVtYmVyLWZvcm1hdDpidWxsZXQ7DQoJ
bXNvLWxldmVsLXRleHQ674KnOw0KCW1zby1sZXZlbC10YWItc3RvcDoyLjVpbjsNCgltc28tbGV2
ZWwtbnVtYmVyLXBvc2l0aW9uOmxlZnQ7DQoJdGV4dC1pbmRlbnQ6LS4yNWluOw0KCW1zby1hbnNp
LWZvbnQtc2l6ZToxMC4wcHQ7DQoJZm9udC1mYW1pbHk6V2luZ2RpbmdzO30NCkBsaXN0IGwxOmxl
dmVsNg0KCXttc28tbGV2ZWwtbnVtYmVyLWZvcm1hdDpidWxsZXQ7DQoJbXNvLWxldmVsLXRleHQ6
74KnOw0KCW1zby1sZXZlbC10YWItc3RvcDozLjBpbjsNCgltc28tbGV2ZWwtbnVtYmVyLXBvc2l0
aW9uOmxlZnQ7DQoJdGV4dC1pbmRlbnQ6LS4yNWluOw0KCW1zby1hbnNpLWZvbnQtc2l6ZToxMC4w
cHQ7DQoJZm9udC1mYW1pbHk6V2luZ2RpbmdzO30NCkBsaXN0IGwxOmxldmVsNw0KCXttc28tbGV2
ZWwtbnVtYmVyLWZvcm1hdDpidWxsZXQ7DQoJbXNvLWxldmVsLXRleHQ674KnOw0KCW1zby1sZXZl
bC10YWItc3RvcDozLjVpbjsNCgltc28tbGV2ZWwtbnVtYmVyLXBvc2l0aW9uOmxlZnQ7DQoJdGV4
dC1pbmRlbnQ6LS4yNWluOw0KCW1zby1hbnNpLWZvbnQtc2l6ZToxMC4wcHQ7DQoJZm9udC1mYW1p
bHk6V2luZ2RpbmdzO30NCkBsaXN0IGwxOmxldmVsOA0KCXttc28tbGV2ZWwtbnVtYmVyLWZvcm1h
dDpidWxsZXQ7DQoJbXNvLWxldmVsLXRleHQ674KnOw0KCW1zby1sZXZlbC10YWItc3RvcDo0LjBp
bjsNCgltc28tbGV2ZWwtbnVtYmVyLXBvc2l0aW9uOmxlZnQ7DQoJdGV4dC1pbmRlbnQ6LS4yNWlu
Ow0KCW1zby1hbnNpLWZvbnQtc2l6ZToxMC4wcHQ7DQoJZm9udC1mYW1pbHk6V2luZ2RpbmdzO30N
CkBsaXN0IGwxOmxldmVsOQ0KCXttc28tbGV2ZWwtbnVtYmVyLWZvcm1hdDpidWxsZXQ7DQoJbXNv
LWxldmVsLXRleHQ674KnOw0KCW1zby1sZXZlbC10YWItc3RvcDo0LjVpbjsNCgltc28tbGV2ZWwt
bnVtYmVyLXBvc2l0aW9uOmxlZnQ7DQoJdGV4dC1pbmRlbnQ6LS4yNWluOw0KCW1zby1hbnNpLWZv
bnQtc2l6ZToxMC4wcHQ7DQoJZm9udC1mYW1pbHk6V2luZ2RpbmdzO30NCkBsaXN0IGwyDQoJe21z
by1saXN0LWlkOjEwMzQzODU0MjY7DQoJbXNvLWxpc3QtdHlwZTpoeWJyaWQ7DQoJbXNvLWxpc3Qt
dGVtcGxhdGUtaWRzOjk0ODc1MjQxMCA2NzY5ODY4OSA2NzY5ODY5MSA2NzY5ODY5MyA2NzY5ODY4
OSA2NzY5ODY5MSA2NzY5ODY5MyA2NzY5ODY4OSA2NzY5ODY5MSA2NzY5ODY5Mzt9DQpAbGlzdCBs
MjpsZXZlbDENCgl7bXNvLWxldmVsLW51bWJlci1mb3JtYXQ6YnVsbGV0Ow0KCW1zby1sZXZlbC10
ZXh0Ou+CtzsNCgltc28tbGV2ZWwtdGFiLXN0b3A6bm9uZTsNCgltc28tbGV2ZWwtbnVtYmVyLXBv
c2l0aW9uOmxlZnQ7DQoJdGV4dC1pbmRlbnQ6LS4yNWluOw0KCWZvbnQtZmFtaWx5OlN5bWJvbDt9
DQpAbGlzdCBsMjpsZXZlbDINCgl7bXNvLWxldmVsLW51bWJlci1mb3JtYXQ6YnVsbGV0Ow0KCW1z
by1sZXZlbC10ZXh0Om87DQoJbXNvLWxldmVsLXRhYi1zdG9wOm5vbmU7DQoJbXNvLWxldmVsLW51
bWJlci1wb3NpdGlvbjpsZWZ0Ow0KCXRleHQtaW5kZW50Oi0uMjVpbjsNCglmb250LWZhbWlseToi
Q291cmllciBOZXciO30NCkBsaXN0IGwyOmxldmVsMw0KCXttc28tbGV2ZWwtbnVtYmVyLWZvcm1h
dDpidWxsZXQ7DQoJbXNvLWxldmVsLXRleHQ674KnOw0KCW1zby1sZXZlbC10YWItc3RvcDpub25l
Ow0KCW1zby1sZXZlbC1udW1iZXItcG9zaXRpb246bGVmdDsNCgl0ZXh0LWluZGVudDotLjI1aW47
DQoJZm9udC1mYW1pbHk6V2luZ2RpbmdzO30NCkBsaXN0IGwyOmxldmVsNA0KCXttc28tbGV2ZWwt
bnVtYmVyLWZvcm1hdDpidWxsZXQ7DQoJbXNvLWxldmVsLXRleHQ674K3Ow0KCW1zby1sZXZlbC10
YWItc3RvcDpub25lOw0KCW1zby1sZXZlbC1udW1iZXItcG9zaXRpb246bGVmdDsNCgl0ZXh0LWlu
ZGVudDotLjI1aW47DQoJZm9udC1mYW1pbHk6U3ltYm9sO30NCkBsaXN0IGwyOmxldmVsNQ0KCXtt
c28tbGV2ZWwtbnVtYmVyLWZvcm1hdDpidWxsZXQ7DQoJbXNvLWxldmVsLXRleHQ6bzsNCgltc28t
bGV2ZWwtdGFiLXN0b3A6bm9uZTsNCgltc28tbGV2ZWwtbnVtYmVyLXBvc2l0aW9uOmxlZnQ7DQoJ
dGV4dC1pbmRlbnQ6LS4yNWluOw0KCWZvbnQtZmFtaWx5OiJDb3VyaWVyIE5ldyI7fQ0KQGxpc3Qg
bDI6bGV2ZWw2DQoJe21zby1sZXZlbC1udW1iZXItZm9ybWF0OmJ1bGxldDsNCgltc28tbGV2ZWwt
dGV4dDrvgqc7DQoJbXNvLWxldmVsLXRhYi1zdG9wOm5vbmU7DQoJbXNvLWxldmVsLW51bWJlci1w
b3NpdGlvbjpsZWZ0Ow0KCXRleHQtaW5kZW50Oi0uMjVpbjsNCglmb250LWZhbWlseTpXaW5nZGlu
Z3M7fQ0KQGxpc3QgbDI6bGV2ZWw3DQoJe21zby1sZXZlbC1udW1iZXItZm9ybWF0OmJ1bGxldDsN
Cgltc28tbGV2ZWwtdGV4dDrvgrc7DQoJbXNvLWxldmVsLXRhYi1zdG9wOm5vbmU7DQoJbXNvLWxl
dmVsLW51bWJlci1wb3NpdGlvbjpsZWZ0Ow0KCXRleHQtaW5kZW50Oi0uMjVpbjsNCglmb250LWZh
bWlseTpTeW1ib2w7fQ0KQGxpc3QgbDI6bGV2ZWw4DQoJe21zby1sZXZlbC1udW1iZXItZm9ybWF0
OmJ1bGxldDsNCgltc28tbGV2ZWwtdGV4dDpvOw0KCW1zby1sZXZlbC10YWItc3RvcDpub25lOw0K
CW1zby1sZXZlbC1udW1iZXItcG9zaXRpb246bGVmdDsNCgl0ZXh0LWluZGVudDotLjI1aW47DQoJ
Zm9udC1mYW1pbHk6IkNvdXJpZXIgTmV3Ijt9DQpAbGlzdCBsMjpsZXZlbDkNCgl7bXNvLWxldmVs
LW51bWJlci1mb3JtYXQ6YnVsbGV0Ow0KCW1zby1sZXZlbC10ZXh0Ou+CpzsNCgltc28tbGV2ZWwt
dGFiLXN0b3A6bm9uZTsNCgltc28tbGV2ZWwtbnVtYmVyLXBvc2l0aW9uOmxlZnQ7DQoJdGV4dC1p
bmRlbnQ6LS4yNWluOw0KCWZvbnQtZmFtaWx5OldpbmdkaW5nczt9DQpAbGlzdCBsMw0KCXttc28t
bGlzdC1pZDoxMzA4MzY0OTc3Ow0KCW1zby1saXN0LXRlbXBsYXRlLWlkczozNTg3OTIyOTg7fQ0K
QGxpc3QgbDM6bGV2ZWwxDQoJe21zby1sZXZlbC1udW1iZXItZm9ybWF0OmJ1bGxldDsNCgltc28t
bGV2ZWwtdGV4dDrvgrc7DQoJbXNvLWxldmVsLXRhYi1zdG9wOi41aW47DQoJbXNvLWxldmVsLW51
bWJlci1wb3NpdGlvbjpsZWZ0Ow0KCXRleHQtaW5kZW50Oi0uMjVpbjsNCgltc28tYW5zaS1mb250
LXNpemU6MTAuMHB0Ow0KCWZvbnQtZmFtaWx5OlN5bWJvbDt9DQpAbGlzdCBsMzpsZXZlbDINCgl7
bXNvLWxldmVsLW51bWJlci1mb3JtYXQ6YnVsbGV0Ow0KCW1zby1sZXZlbC10ZXh0Ou+CtzsNCglt
c28tbGV2ZWwtdGFiLXN0b3A6MS4waW47DQoJbXNvLWxldmVsLW51bWJlci1wb3NpdGlvbjpsZWZ0
Ow0KCXRleHQtaW5kZW50Oi0uMjVpbjsNCgltc28tYW5zaS1mb250LXNpemU6MTAuMHB0Ow0KCWZv
bnQtZmFtaWx5OlN5bWJvbDt9DQpAbGlzdCBsMzpsZXZlbDMNCgl7bXNvLWxldmVsLW51bWJlci1m
b3JtYXQ6YnVsbGV0Ow0KCW1zby1sZXZlbC10ZXh0Ou+CtzsNCgltc28tbGV2ZWwtdGFiLXN0b3A6
MS41aW47DQoJbXNvLWxldmVsLW51bWJlci1wb3NpdGlvbjpsZWZ0Ow0KCXRleHQtaW5kZW50Oi0u
MjVpbjsNCgltc28tYW5zaS1mb250LXNpemU6MTAuMHB0Ow0KCWZvbnQtZmFtaWx5OlN5bWJvbDt9
DQpAbGlzdCBsMzpsZXZlbDQNCgl7bXNvLWxldmVsLW51bWJlci1mb3JtYXQ6YnVsbGV0Ow0KCW1z
by1sZXZlbC10ZXh0Ou+CtzsNCgltc28tbGV2ZWwtdGFiLXN0b3A6Mi4waW47DQoJbXNvLWxldmVs
LW51bWJlci1wb3NpdGlvbjpsZWZ0Ow0KCXRleHQtaW5kZW50Oi0uMjVpbjsNCgltc28tYW5zaS1m
b250LXNpemU6MTAuMHB0Ow0KCWZvbnQtZmFtaWx5OlN5bWJvbDt9DQpAbGlzdCBsMzpsZXZlbDUN
Cgl7bXNvLWxldmVsLW51bWJlci1mb3JtYXQ6YnVsbGV0Ow0KCW1zby1sZXZlbC10ZXh0Ou+CtzsN
Cgltc28tbGV2ZWwtdGFiLXN0b3A6Mi41aW47DQoJbXNvLWxldmVsLW51bWJlci1wb3NpdGlvbjps
ZWZ0Ow0KCXRleHQtaW5kZW50Oi0uMjVpbjsNCgltc28tYW5zaS1mb250LXNpemU6MTAuMHB0Ow0K
CWZvbnQtZmFtaWx5OlN5bWJvbDt9DQpAbGlzdCBsMzpsZXZlbDYNCgl7bXNvLWxldmVsLW51bWJl
ci1mb3JtYXQ6YnVsbGV0Ow0KCW1zby1sZXZlbC10ZXh0Ou+CtzsNCgltc28tbGV2ZWwtdGFiLXN0
b3A6My4waW47DQoJbXNvLWxldmVsLW51bWJlci1wb3NpdGlvbjpsZWZ0Ow0KCXRleHQtaW5kZW50
Oi0uMjVpbjsNCgltc28tYW5zaS1mb250LXNpemU6MTAuMHB0Ow0KCWZvbnQtZmFtaWx5OlN5bWJv
bDt9DQpAbGlzdCBsMzpsZXZlbDcNCgl7bXNvLWxldmVsLW51bWJlci1mb3JtYXQ6YnVsbGV0Ow0K
CW1zby1sZXZlbC10ZXh0Ou+CtzsNCgltc28tbGV2ZWwtdGFiLXN0b3A6My41aW47DQoJbXNvLWxl
dmVsLW51bWJlci1wb3NpdGlvbjpsZWZ0Ow0KCXRleHQtaW5kZW50Oi0uMjVpbjsNCgltc28tYW5z
aS1mb250LXNpemU6MTAuMHB0Ow0KCWZvbnQtZmFtaWx5OlN5bWJvbDt9DQpAbGlzdCBsMzpsZXZl
bDgNCgl7bXNvLWxldmVsLW51bWJlci1mb3JtYXQ6YnVsbGV0Ow0KCW1zby1sZXZlbC10ZXh0Ou+C
tzsNCgltc28tbGV2ZWwtdGFiLXN0b3A6NC4waW47DQoJbXNvLWxldmVsLW51bWJlci1wb3NpdGlv
bjpsZWZ0Ow0KCXRleHQtaW5kZW50Oi0uMjVpbjsNCgltc28tYW5zaS1mb250LXNpemU6MTAuMHB0
Ow0KCWZvbnQtZmFtaWx5OlN5bWJvbDt9DQpAbGlzdCBsMzpsZXZlbDkNCgl7bXNvLWxldmVsLW51
bWJlci1mb3JtYXQ6YnVsbGV0Ow0KCW1zby1sZXZlbC10ZXh0Ou+CtzsNCgltc28tbGV2ZWwtdGFi
LXN0b3A6NC41aW47DQoJbXNvLWxldmVsLW51bWJlci1wb3NpdGlvbjpsZWZ0Ow0KCXRleHQtaW5k
ZW50Oi0uMjVpbjsNCgltc28tYW5zaS1mb250LXNpemU6MTAuMHB0Ow0KCWZvbnQtZmFtaWx5OlN5
bWJvbDt9DQpAbGlzdCBsNA0KCXttc28tbGlzdC1pZDoxODU5MTUzOTEwOw0KCW1zby1saXN0LXR5
cGU6aHlicmlkOw0KCW1zby1saXN0LXRlbXBsYXRlLWlkczo1MDAzMzMwNTIgNjc2OTg2ODkgNjc2
OTg2OTEgNjc2OTg2OTMgNjc2OTg2ODkgNjc2OTg2OTEgNjc2OTg2OTMgNjc2OTg2ODkgNjc2OTg2
OTEgNjc2OTg2OTM7fQ0KQGxpc3QgbDQ6bGV2ZWwxDQoJe21zby1sZXZlbC1udW1iZXItZm9ybWF0
OmJ1bGxldDsNCgltc28tbGV2ZWwtdGV4dDrvgrc7DQoJbXNvLWxldmVsLXRhYi1zdG9wOm5vbmU7
DQoJbXNvLWxldmVsLW51bWJlci1wb3NpdGlvbjpsZWZ0Ow0KCXRleHQtaW5kZW50Oi0uMjVpbjsN
Cglmb250LWZhbWlseTpTeW1ib2w7fQ0KQGxpc3QgbDQ6bGV2ZWwyDQoJe21zby1sZXZlbC1udW1i
ZXItZm9ybWF0OmJ1bGxldDsNCgltc28tbGV2ZWwtdGV4dDpvOw0KCW1zby1sZXZlbC10YWItc3Rv
cDpub25lOw0KCW1zby1sZXZlbC1udW1iZXItcG9zaXRpb246bGVmdDsNCgl0ZXh0LWluZGVudDot
LjI1aW47DQoJZm9udC1mYW1pbHk6IkNvdXJpZXIgTmV3Ijt9DQpAbGlzdCBsNDpsZXZlbDMNCgl7
bXNvLWxldmVsLW51bWJlci1mb3JtYXQ6YnVsbGV0Ow0KCW1zby1sZXZlbC10ZXh0Ou+CpzsNCglt
c28tbGV2ZWwtdGFiLXN0b3A6bm9uZTsNCgltc28tbGV2ZWwtbnVtYmVyLXBvc2l0aW9uOmxlZnQ7
DQoJdGV4dC1pbmRlbnQ6LS4yNWluOw0KCWZvbnQtZmFtaWx5OldpbmdkaW5nczt9DQpAbGlzdCBs
NDpsZXZlbDQNCgl7bXNvLWxldmVsLW51bWJlci1mb3JtYXQ6YnVsbGV0Ow0KCW1zby1sZXZlbC10
ZXh0Ou+CtzsNCgltc28tbGV2ZWwtdGFiLXN0b3A6bm9uZTsNCgltc28tbGV2ZWwtbnVtYmVyLXBv
c2l0aW9uOmxlZnQ7DQoJdGV4dC1pbmRlbnQ6LS4yNWluOw0KCWZvbnQtZmFtaWx5OlN5bWJvbDt9
DQpAbGlzdCBsNDpsZXZlbDUNCgl7bXNvLWxldmVsLW51bWJlci1mb3JtYXQ6YnVsbGV0Ow0KCW1z
by1sZXZlbC10ZXh0Om87DQoJbXNvLWxldmVsLXRhYi1zdG9wOm5vbmU7DQoJbXNvLWxldmVsLW51
bWJlci1wb3NpdGlvbjpsZWZ0Ow0KCXRleHQtaW5kZW50Oi0uMjVpbjsNCglmb250LWZhbWlseToi
Q291cmllciBOZXciO30NCkBsaXN0IGw0OmxldmVsNg0KCXttc28tbGV2ZWwtbnVtYmVyLWZvcm1h
dDpidWxsZXQ7DQoJbXNvLWxldmVsLXRleHQ674KnOw0KCW1zby1sZXZlbC10YWItc3RvcDpub25l
Ow0KCW1zby1sZXZlbC1udW1iZXItcG9zaXRpb246bGVmdDsNCgl0ZXh0LWluZGVudDotLjI1aW47
DQoJZm9udC1mYW1pbHk6V2luZ2RpbmdzO30NCkBsaXN0IGw0OmxldmVsNw0KCXttc28tbGV2ZWwt
bnVtYmVyLWZvcm1hdDpidWxsZXQ7DQoJbXNvLWxldmVsLXRleHQ674K3Ow0KCW1zby1sZXZlbC10
YWItc3RvcDpub25lOw0KCW1zby1sZXZlbC1udW1iZXItcG9zaXRpb246bGVmdDsNCgl0ZXh0LWlu
ZGVudDotLjI1aW47DQoJZm9udC1mYW1pbHk6U3ltYm9sO30NCkBsaXN0IGw0OmxldmVsOA0KCXtt
c28tbGV2ZWwtbnVtYmVyLWZvcm1hdDpidWxsZXQ7DQoJbXNvLWxldmVsLXRleHQ6bzsNCgltc28t
bGV2ZWwtdGFiLXN0b3A6bm9uZTsNCgltc28tbGV2ZWwtbnVtYmVyLXBvc2l0aW9uOmxlZnQ7DQoJ
dGV4dC1pbmRlbnQ6LS4yNWluOw0KCWZvbnQtZmFtaWx5OiJDb3VyaWVyIE5ldyI7fQ0KQGxpc3Qg
bDQ6bGV2ZWw5DQoJe21zby1sZXZlbC1udW1iZXItZm9ybWF0OmJ1bGxldDsNCgltc28tbGV2ZWwt
dGV4dDrvgqc7DQoJbXNvLWxldmVsLXRhYi1zdG9wOm5vbmU7DQoJbXNvLWxldmVsLW51bWJlci1w
b3NpdGlvbjpsZWZ0Ow0KCXRleHQtaW5kZW50Oi0uMjVpbjsNCglmb250LWZhbWlseTpXaW5nZGlu
Z3M7fQ0KQGxpc3QgbDUNCgl7bXNvLWxpc3QtaWQ6MTkwMDI0NDYyODsNCgltc28tbGlzdC10ZW1w
bGF0ZS1pZHM6LTY3NjcxMjI4Njt9DQpAbGlzdCBsNTpsZXZlbDENCgl7bXNvLWxldmVsLW51bWJl
ci1mb3JtYXQ6YnVsbGV0Ow0KCW1zby1sZXZlbC10ZXh0Ou+CtzsNCgltc28tbGV2ZWwtdGFiLXN0
b3A6LjVpbjsNCgltc28tbGV2ZWwtbnVtYmVyLXBvc2l0aW9uOmxlZnQ7DQoJdGV4dC1pbmRlbnQ6
LS4yNWluOw0KCW1zby1hbnNpLWZvbnQtc2l6ZToxMC4wcHQ7DQoJZm9udC1mYW1pbHk6U3ltYm9s
O30NCkBsaXN0IGw1OmxldmVsMg0KCXttc28tbGV2ZWwtbnVtYmVyLWZvcm1hdDpidWxsZXQ7DQoJ
bXNvLWxldmVsLXRleHQ674K3Ow0KCW1zby1sZXZlbC10YWItc3RvcDoxLjBpbjsNCgltc28tbGV2
ZWwtbnVtYmVyLXBvc2l0aW9uOmxlZnQ7DQoJdGV4dC1pbmRlbnQ6LS4yNWluOw0KCW1zby1hbnNp
LWZvbnQtc2l6ZToxMC4wcHQ7DQoJZm9udC1mYW1pbHk6U3ltYm9sO30NCkBsaXN0IGw1OmxldmVs
Mw0KCXttc28tbGV2ZWwtbnVtYmVyLWZvcm1hdDpidWxsZXQ7DQoJbXNvLWxldmVsLXRleHQ674K3
Ow0KCW1zby1sZXZlbC10YWItc3RvcDoxLjVpbjsNCgltc28tbGV2ZWwtbnVtYmVyLXBvc2l0aW9u
OmxlZnQ7DQoJdGV4dC1pbmRlbnQ6LS4yNWluOw0KCW1zby1hbnNpLWZvbnQtc2l6ZToxMC4wcHQ7
DQoJZm9udC1mYW1pbHk6U3ltYm9sO30NCkBsaXN0IGw1OmxldmVsNA0KCXttc28tbGV2ZWwtbnVt
YmVyLWZvcm1hdDpidWxsZXQ7DQoJbXNvLWxldmVsLXRleHQ674K3Ow0KCW1zby1sZXZlbC10YWIt
c3RvcDoyLjBpbjsNCgltc28tbGV2ZWwtbnVtYmVyLXBvc2l0aW9uOmxlZnQ7DQoJdGV4dC1pbmRl
bnQ6LS4yNWluOw0KCW1zby1hbnNpLWZvbnQtc2l6ZToxMC4wcHQ7DQoJZm9udC1mYW1pbHk6U3lt
Ym9sO30NCkBsaXN0IGw1OmxldmVsNQ0KCXttc28tbGV2ZWwtbnVtYmVyLWZvcm1hdDpidWxsZXQ7
DQoJbXNvLWxldmVsLXRleHQ674K3Ow0KCW1zby1sZXZlbC10YWItc3RvcDoyLjVpbjsNCgltc28t
bGV2ZWwtbnVtYmVyLXBvc2l0aW9uOmxlZnQ7DQoJdGV4dC1pbmRlbnQ6LS4yNWluOw0KCW1zby1h
bnNpLWZvbnQtc2l6ZToxMC4wcHQ7DQoJZm9udC1mYW1pbHk6U3ltYm9sO30NCkBsaXN0IGw1Omxl
dmVsNg0KCXttc28tbGV2ZWwtbnVtYmVyLWZvcm1hdDpidWxsZXQ7DQoJbXNvLWxldmVsLXRleHQ6
74K3Ow0KCW1zby1sZXZlbC10YWItc3RvcDozLjBpbjsNCgltc28tbGV2ZWwtbnVtYmVyLXBvc2l0
aW9uOmxlZnQ7DQoJdGV4dC1pbmRlbnQ6LS4yNWluOw0KCW1zby1hbnNpLWZvbnQtc2l6ZToxMC4w
cHQ7DQoJZm9udC1mYW1pbHk6U3ltYm9sO30NCkBsaXN0IGw1OmxldmVsNw0KCXttc28tbGV2ZWwt
bnVtYmVyLWZvcm1hdDpidWxsZXQ7DQoJbXNvLWxldmVsLXRleHQ674K3Ow0KCW1zby1sZXZlbC10
YWItc3RvcDozLjVpbjsNCgltc28tbGV2ZWwtbnVtYmVyLXBvc2l0aW9uOmxlZnQ7DQoJdGV4dC1p
bmRlbnQ6LS4yNWluOw0KCW1zby1hbnNpLWZvbnQtc2l6ZToxMC4wcHQ7DQoJZm9udC1mYW1pbHk6
U3ltYm9sO30NCkBsaXN0IGw1OmxldmVsOA0KCXttc28tbGV2ZWwtbnVtYmVyLWZvcm1hdDpidWxs
ZXQ7DQoJbXNvLWxldmVsLXRleHQ674K3Ow0KCW1zby1sZXZlbC10YWItc3RvcDo0LjBpbjsNCglt
c28tbGV2ZWwtbnVtYmVyLXBvc2l0aW9uOmxlZnQ7DQoJdGV4dC1pbmRlbnQ6LS4yNWluOw0KCW1z
by1hbnNpLWZvbnQtc2l6ZToxMC4wcHQ7DQoJZm9udC1mYW1pbHk6U3ltYm9sO30NCkBsaXN0IGw1
OmxldmVsOQ0KCXttc28tbGV2ZWwtbnVtYmVyLWZvcm1hdDpidWxsZXQ7DQoJbXNvLWxldmVsLXRl
eHQ674K3Ow0KCW1zby1sZXZlbC10YWItc3RvcDo0LjVpbjsNCgltc28tbGV2ZWwtbnVtYmVyLXBv
c2l0aW9uOmxlZnQ7DQoJdGV4dC1pbmRlbnQ6LS4yNWluOw0KCW1zby1hbnNpLWZvbnQtc2l6ZTox
MC4wcHQ7DQoJZm9udC1mYW1pbHk6U3ltYm9sO30NCm9sDQoJe21hcmdpbi1ib3R0b206MGluO30N
CnVsDQoJe21hcmdpbi1ib3R0b206MGluO30NCi0tPjwvc3R5bGU+PCEtLVtpZiBndGUgbXNvIDld
Pjx4bWw+DQo8bzpzaGFwZWRlZmF1bHRzIHY6ZXh0PSJlZGl0IiBzcGlkbWF4PSIxMDI2IiAvPg0K
PC94bWw+PCFbZW5kaWZdLS0+PCEtLVtpZiBndGUgbXNvIDldPjx4bWw+DQo8bzpzaGFwZWxheW91
dCB2OmV4dD0iZWRpdCI+DQo8bzppZG1hcCB2OmV4dD0iZWRpdCIgZGF0YT0iMSIgLz4NCjwvbzpz
aGFwZWxheW91dD48L3htbD48IVtlbmRpZl0tLT4NCjwvaGVhZD4NCjxib2R5IGxhbmc9IkVOLVVT
IiBsaW5rPSJibHVlIiB2bGluaz0icHVycGxlIj4NCjxkaXYgY2xhc3M9IldvcmRTZWN0aW9uMSI+
DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj5OZXcgdmVyc2lvbnMgb2YgdGhlIE9BdXRoIENvcmUgYW5k
IEJlYXJlciBzcGVjcyBoYXZlIGJlZW4gcHVibGlzaGVkIHRoYXQgYXJlIGludGVuZGVkIHRvIGFk
ZHJlc3MgYWxsIG91dHN0YW5kaW5nIGlzc3Vlcy4mbmJzcDsgKEFsdGhvdWdoIHNlZSBEaWNrIEhh
cmR04oCZcyBmb3J3YXJkZWQgbm90ZSBmcm9tIENoYXJsZXMgSG9udG9uLCB3aGljaCBtYXkgcmVz
dWx0IGluIGFuIGFkZGl0aW9uYWwgaXNzdWUuKTxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1z
b05vcm1hbCI+PG86cD4mbmJzcDs8L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj5UaGUg
c3BlY2lmaWNhdGlvbnMgYXJlIGF2YWlsYWJsZSBhdDo8bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNz
PSJNc29MaXN0UGFyYWdyYXBoIiBzdHlsZT0idGV4dC1pbmRlbnQ6LS4yNWluO21zby1saXN0Omw0
IGxldmVsMSBsZm8yIj48IVtpZiAhc3VwcG9ydExpc3RzXT48c3BhbiBzdHlsZT0iZm9udC1mYW1p
bHk6U3ltYm9sIj48c3BhbiBzdHlsZT0ibXNvLWxpc3Q6SWdub3JlIj7CtzxzcGFuIHN0eWxlPSJm
b250OjcuMHB0ICZxdW90O1RpbWVzIE5ldyBSb21hbiZxdW90OyI+Jm5ic3A7Jm5ic3A7Jm5ic3A7
Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7DQo8L3NwYW4+PC9zcGFuPjwvc3Bhbj48IVtlbmRpZl0+
PGEgaHJlZj0iaHR0cDovL3Rvb2xzLmlldGYub3JnL2h0bWwvZHJhZnQtaWV0Zi1vYXV0aC12Mi0y
OSI+aHR0cDovL3Rvb2xzLmlldGYub3JnL2h0bWwvZHJhZnQtaWV0Zi1vYXV0aC12Mi0yOTwvYT48
bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29MaXN0UGFyYWdyYXBoIiBzdHlsZT0idGV4dC1p
bmRlbnQ6LS4yNWluO21zby1saXN0Omw0IGxldmVsMSBsZm8yIj48IVtpZiAhc3VwcG9ydExpc3Rz
XT48c3BhbiBzdHlsZT0iZm9udC1mYW1pbHk6U3ltYm9sIj48c3BhbiBzdHlsZT0ibXNvLWxpc3Q6
SWdub3JlIj7CtzxzcGFuIHN0eWxlPSJmb250OjcuMHB0ICZxdW90O1RpbWVzIE5ldyBSb21hbiZx
dW90OyI+Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7DQo8L3NwYW4+
PC9zcGFuPjwvc3Bhbj48IVtlbmRpZl0+PGEgaHJlZj0iaHR0cDovL3Rvb2xzLmlldGYub3JnL2h0
bWwvZHJhZnQtaWV0Zi1vYXV0aC12Mi1iZWFyZXItMjIiPmh0dHA6Ly90b29scy5pZXRmLm9yZy9o
dG1sL2RyYWZ0LWlldGYtb2F1dGgtdjItYmVhcmVyLTIyPC9hPjxvOnA+PC9vOnA+PC9wPg0KPHAg
Y2xhc3M9Ik1zb05vcm1hbCI+PG86cD4mbmJzcDs8L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9y
bWFsIj5DaGFuZ2VzIGluIDxhIGhyZWY9Imh0dHA6Ly90b29scy5pZXRmLm9yZy9odG1sL2RyYWZ0
LWlldGYtb2F1dGgtdjItMjkiPg0KaHR0cDovL3Rvb2xzLmlldGYub3JnL2h0bWwvZHJhZnQtaWV0
Zi1vYXV0aC12Mi0yOTwvYT4gYXJlOjxvOnA+PC9vOnA+PC9wPg0KPHVsIHN0eWxlPSJtYXJnaW4t
dG9wOjBpbiIgdHlwZT0iZGlzYyI+DQo8bGkgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9ImNvbG9y
OmJsYWNrO21zby1saXN0OmwwIGxldmVsMSBsZm81Ij48c3BhbiBsYW5nPSJFTiIgc3R5bGU9ImZv
bnQtZmFtaWx5OiZxdW90O1ZlcmRhbmEmcXVvdDssJnF1b3Q7c2Fucy1zZXJpZiZxdW90OyI+QWRk
ZWQgJnF1b3Q7TVVTVCZxdW90OyB0byAmcXVvdDtBIHB1YmxpYyBjbGllbnQgdGhhdCB3YXMgbm90
IGlzc3VlZCBhIGNsaWVudCBwYXNzd29yZCBNVVNUIHVzZSB0aGUNCjwvc3Bhbj48dHQ+PHNwYW4g
bGFuZz0iRU4iIHN0eWxlPSJmb250LXNpemU6MTIuMHB0Ij5jbGllbnRfaWQ8L3NwYW4+PC90dD48
c3BhbiBsYW5nPSJFTiIgc3R5bGU9ImZvbnQtZmFtaWx5OiZxdW90O1ZlcmRhbmEmcXVvdDssJnF1
b3Q7c2Fucy1zZXJpZiZxdW90OyI+IHJlcXVlc3QgcGFyYW1ldGVyIHRvIGlkZW50aWZ5IGl0c2Vs
ZiB3aGVuIHNlbmRpbmcgcmVxdWVzdHMgdG8gdGhlIHRva2VuIGVuZHBvaW50JnF1b3Q7IGFuZCBh
ZGRlZCB0ZXh0IGV4cGxhaW5pbmcgd2h5IHRoaXMgbXVzdCBiZQ0KIHNvLjxvOnA+PC9vOnA+PC9z
cGFuPjwvbGk+PGxpIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJjb2xvcjpibGFjazttc28tbGlz
dDpsMCBsZXZlbDEgbGZvNSI+PHNwYW4gbGFuZz0iRU4iIHN0eWxlPSJmb250LWZhbWlseTomcXVv
dDtWZXJkYW5hJnF1b3Q7LCZxdW90O3NhbnMtc2VyaWYmcXVvdDsiPkFkZGVkIHRoYXQgdGhlIGF1
dGhvcml6YXRpb24gc2VydmVyIE1VU1QgJnF1b3Q7ZW5zdXJlIHRoZSBhdXRob3JpemF0aW9uIGNv
ZGUgd2FzIGlzc3VlZCB0byB0aGUgYXV0aGVudGljYXRlZCBjb25maWRlbnRpYWwgY2xpZW50IG9y
IHRvIHRoZQ0KIHB1YmxpYyBjbGllbnQgaWRlbnRpZmllZCBieSB0aGUgPC9zcGFuPjx0dD48c3Bh
biBsYW5nPSJFTiIgc3R5bGU9ImZvbnQtc2l6ZToxMi4wcHQiPmNsaWVudF9pZDwvc3Bhbj48L3R0
PjxzcGFuIGxhbmc9IkVOIiBzdHlsZT0iZm9udC1mYW1pbHk6JnF1b3Q7VmVyZGFuYSZxdW90Oywm
cXVvdDtzYW5zLXNlcmlmJnF1b3Q7Ij4gaW4gdGhlIHJlcXVlc3QmcXVvdDsuPG86cD48L286cD48
L3NwYW4+PC9saT48bGkgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9ImNvbG9yOmJsYWNrO21zby1s
aXN0OmwwIGxldmVsMSBsZm81Ij48c3BhbiBsYW5nPSJFTiIgc3R5bGU9ImZvbnQtZmFtaWx5OiZx
dW90O1ZlcmRhbmEmcXVvdDssJnF1b3Q7c2Fucy1zZXJpZiZxdW90OyI+QWRkZWQgU2VjdXJpdHkg
Q29uc2lkZXJhdGlvbnMgc2VjdGlvbiAmcXVvdDtNaXN1c2Ugb2YgQWNjZXNzIFRva2VuIHRvIElt
cGVyc29uYXRlIFJlc291cmNlIE93bmVyIGluIEltcGxpY2l0IEZsb3cmcXVvdDsuDQo8bzpwPjwv
bzpwPjwvc3Bhbj48L2xpPjxsaSBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0iY29sb3I6YmxhY2s7
bXNvLWxpc3Q6bDAgbGV2ZWwxIGxmbzUiPjxzcGFuIGxhbmc9IkVOIiBzdHlsZT0iZm9udC1mYW1p
bHk6JnF1b3Q7VmVyZGFuYSZxdW90OywmcXVvdDtzYW5zLXNlcmlmJnF1b3Q7Ij5BZGRlZCByZWZl
cmVuY2VzIGluIHRoZSAmcXVvdDtJbXBsaWNpdCZxdW90OyBhbmQgJnF1b3Q7SW1wbGljaXQgR3Jh
bnQmcXVvdDsgc2VjdGlvbnMgdG8gcGFydGljdWxhcmx5IHBlcnRpbmVudCBzZWN1cml0eSBjb25z
aWRlcmF0aW9ucy4NCjxvOnA+PC9vOnA+PC9zcGFuPjwvbGk+PGxpIGNsYXNzPSJNc29Ob3JtYWwi
IHN0eWxlPSJjb2xvcjpibGFjazttc28tbGlzdDpsMCBsZXZlbDEgbGZvNSI+PHNwYW4gbGFuZz0i
RU4iIHN0eWxlPSJmb250LWZhbWlseTomcXVvdDtWZXJkYW5hJnF1b3Q7LCZxdW90O3NhbnMtc2Vy
aWYmcXVvdDsiPkFkZGVkIGFwcGVuZGl4ICZxdW90O1VzZSBvZiBhcHBsaWNhdGlvbi94LXd3dy1m
b3JtLXVybGVuY29kZWQgTWVkaWEgVHlwZSZxdW90OyBhbmQgcmVmZXJlbmNlZCBpdCBpbiBwbGFj
ZXMgdGhhdCB0aGlzIGVuY29kaW5nIGlzIHVzZWQuPG86cD48L286cD48L3NwYW4+PC9saT48bGkg
Y2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9ImNvbG9yOmJsYWNrO21zby1saXN0OmwwIGxldmVsMSBs
Zm81Ij48c3BhbiBsYW5nPSJFTiIgc3R5bGU9ImZvbnQtZmFtaWx5OiZxdW90O1ZlcmRhbmEmcXVv
dDssJnF1b3Q7c2Fucy1zZXJpZiZxdW90OyI+RGVsZXRlZCAmcXVvdDs7Y2hhcnNldD1VVEYtOCZx
dW90OyBmcm9tIGV4YW1wbGVzIGZvcm1lcmx5IHVzaW5nICZxdW90O0NvbnRlbnQtVHlwZTogYXBw
bGljYXRpb24veC13d3ctZm9ybS11cmxlbmNvZGVkO2NoYXJzZXQ9VVRGLTgmcXVvdDsuPG86cD48
L286cD48L3NwYW4+PC9saT48bGkgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9ImNvbG9yOmJsYWNr
O21zby1saXN0OmwwIGxldmVsMSBsZm81Ij48c3BhbiBsYW5nPSJFTiIgc3R5bGU9ImZvbnQtZmFt
aWx5OiZxdW90O1ZlcmRhbmEmcXVvdDssJnF1b3Q7c2Fucy1zZXJpZiZxdW90OyI+QWRkZWQgdGhl
IHBocmFzZSAmcXVvdDt3aXRoIGEgY2hhcmFjdGVyIGVuY29kaW5nIG9mIFVURi04JnF1b3Q7IHdo
ZW4gZGVzY3JpYmluZyBob3cgdG8gc2VuZCByZXF1ZXN0cyB1c2luZyB0aGUgSFRUUCByZXF1ZXN0
IGVudGl0eS1ib2R5LjxvOnA+PC9vOnA+PC9zcGFuPjwvbGk+PGxpIGNsYXNzPSJNc29Ob3JtYWwi
IHN0eWxlPSJjb2xvcjpibGFjazttc28tbGlzdDpsMCBsZXZlbDEgbGZvNSI+PHNwYW4gbGFuZz0i
RU4iIHN0eWxlPSJmb250LWZhbWlseTomcXVvdDtWZXJkYW5hJnF1b3Q7LCZxdW90O3NhbnMtc2Vy
aWYmcXVvdDsiPkZvciBzeW1tZXRyeSB3aGVuIHVzaW5nIEhUVFAgQmFzaWMgYXV0aGVudGljYXRp
b24sIGFsc28gYXBwbHkgdGhlDQo8L3NwYW4+PHR0PjxzcGFuIGxhbmc9IkVOIiBzdHlsZT0iZm9u
dC1zaXplOjEyLjBwdCI+YXBwbGljYXRpb24veC13d3ctZm9ybS11cmxlbmNvZGVkPC9zcGFuPjwv
dHQ+PHNwYW4gbGFuZz0iRU4iIHN0eWxlPSJmb250LWZhbWlseTomcXVvdDtWZXJkYW5hJnF1b3Q7
LCZxdW90O3NhbnMtc2VyaWYmcXVvdDsiPiBlbmNvZGluZyB0byB0aGUgY2xpZW50IHBhc3N3b3Jk
LCBqdXN0IGFzIHdhcyBhbHJlYWR5IGRvbmUgZm9yIHRoZSBjbGllbnQgaWRlbnRpZmllci48bzpw
PjwvbzpwPjwvc3Bhbj48L2xpPjxsaSBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0iY29sb3I6Ymxh
Y2s7bXNvLWxpc3Q6bDAgbGV2ZWwxIGxmbzUiPjxzcGFuIGxhbmc9IkVOIiBzdHlsZT0iZm9udC1m
YW1pbHk6JnF1b3Q7VmVyZGFuYSZxdW90OywmcXVvdDtzYW5zLXNlcmlmJnF1b3Q7Ij5BZGRlZCAm
cXVvdDtUaGUgQUJORiBiZWxvdyBpcyBkZWZpbmVkIGluIHRlcm1zIG9mIFVuaWNvZGUgY29kZSBw
b2ludHMgW1czQy5SRUPigJF4bWzigJEyMDA4MTEyNl07IHRoZXNlIGNoYXJhY3RlcnMgYXJlIHR5
cGljYWxseSBlbmNvZGVkIGluIFVURi04JnF1b3Q7LjxvOnA+PC9vOnA+PC9zcGFuPjwvbGk+PGxp
IGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJjb2xvcjpibGFjazttc28tbGlzdDpsMCBsZXZlbDEg
bGZvNSI+PHNwYW4gbGFuZz0iRU4iIHN0eWxlPSJmb250LWZhbWlseTomcXVvdDtWZXJkYW5hJnF1
b3Q7LCZxdW90O3NhbnMtc2VyaWYmcXVvdDsiPlJlcGxhY2VkIFVOSUNPREVOT0NUUkxDSEFSIGlu
IEFCTkYgd2l0aCBVTklDT0RFQ0hBUk5PQ1JMRiA9ICV4MDkgLyAleDIwLTdFIC8gJXg4MC1EN0ZG
IC8gJXhFMDAwLUZGRkQgLyAleDEwMDAwLTEwRkZGRi48bzpwPjwvbzpwPjwvc3Bhbj48L2xpPjxs
aSBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0iY29sb3I6YmxhY2s7bXNvLWxpc3Q6bDAgbGV2ZWwx
IGxmbzUiPjxzcGFuIGxhbmc9IkVOIiBzdHlsZT0iZm9udC1mYW1pbHk6JnF1b3Q7VmVyZGFuYSZx
dW90OywmcXVvdDtzYW5zLXNlcmlmJnF1b3Q7Ij5Db3JyZWN0ZWQgaW5jb3JyZWN0IHVzZXMgb2Yg
JnF1b3Q7d2hpY2gmcXVvdDsuPG86cD48L286cD48L3NwYW4+PC9saT48bGkgY2xhc3M9Ik1zb05v
cm1hbCIgc3R5bGU9ImNvbG9yOmJsYWNrO21zby1saXN0OmwwIGxldmVsMSBsZm81Ij48c3BhbiBs
YW5nPSJFTiIgc3R5bGU9ImZvbnQtZmFtaWx5OiZxdW90O1ZlcmRhbmEmcXVvdDssJnF1b3Q7c2Fu
cy1zZXJpZiZxdW90OyI+UmVkdWNlZCBtdWx0aXBsZSBibGFuayBsaW5lcyBhcm91bmQgYXJ0d29y
ayBlbGVtZW50cyB0byBzaW5nbGUgYmxhbmsgbGluZXMuPG86cD48L286cD48L3NwYW4+PC9saT48
bGkgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9ImNvbG9yOmJsYWNrO21zby1saXN0OmwwIGxldmVs
MSBsZm81Ij48c3BhbiBsYW5nPSJFTiIgc3R5bGU9ImZvbnQtZmFtaWx5OiZxdW90O1ZlcmRhbmEm
cXVvdDssJnF1b3Q7c2Fucy1zZXJpZiZxdW90OyI+UmVtb3ZlZCBFcmFuIEhhbW1lcidzIG5hbWUg
ZnJvbSB0aGUgYXV0aG9yIGxpc3QsIGF0IGhpcyByZXF1ZXN0LiBEaWNrIEhhcmR0IGlzIG5vdyBs
aXN0ZWQgYXMgdGhlIGVkaXRvci48bzpwPjwvbzpwPjwvc3Bhbj48L2xpPjwvdWw+DQo8cCBjbGFz
cz0iTXNvTm9ybWFsIj48bzpwPiZuYnNwOzwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwi
PkNoYW5nZXMgaW4gPGEgaHJlZj0iaHR0cDovL3Rvb2xzLmlldGYub3JnL2h0bWwvZHJhZnQtaWV0
Zi1vYXV0aC12Mi1iZWFyZXItMjIiPg0KaHR0cDovL3Rvb2xzLmlldGYub3JnL2h0bWwvZHJhZnQt
aWV0Zi1vYXV0aC12Mi1iZWFyZXItMjI8L2E+IGFyZTo8bzpwPjwvbzpwPjwvcD4NCjx1bCBzdHls
ZT0ibWFyZ2luLXRvcDowaW4iIHR5cGU9ImRpc2MiPg0KPGxpIGNsYXNzPSJNc29Ob3JtYWwiIHN0
eWxlPSJjb2xvcjpibGFjazttc28tbGlzdDpsMSBsZXZlbDEgbGZvOCI+PHNwYW4gbGFuZz0iRU4i
IHN0eWxlPSJmb250LWZhbWlseTomcXVvdDtWZXJkYW5hJnF1b3Q7LCZxdW90O3NhbnMtc2VyaWYm
cXVvdDsiPlJlbW92ZWQgdXNlcyBvZiBIVFRQYmlzIGluIGZhdm9yIG9mIFJGQyAyNjE2IGFuZCBS
RkMgMjYxNywgc2luY2UgSFRUUGJpcyBpcyBub3QgYW4gYXBwcm92ZWQgc3RhbmRhcmQuPG86cD48
L286cD48L3NwYW4+PC9saT48bGkgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9ImNvbG9yOmJsYWNr
O21zby1saXN0OmwxIGxldmVsMSBsZm84Ij48c3BhbiBsYW5nPSJFTiIgc3R5bGU9ImZvbnQtZmFt
aWx5OiZxdW90O1ZlcmRhbmEmcXVvdDssJnF1b3Q7c2Fucy1zZXJpZiZxdW90OyI+TWF0Y2ggZm9y
bWF0dGluZyBvZiBhcnR3b3JrIGVsZW1lbnRzIHdpdGggT0F1dGggY29yZSBzcGVjaWZpY2F0aW9u
LjxvOnA+PC9vOnA+PC9zcGFuPjwvbGk+PC91bD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxvOnA+
Jm5ic3A7PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+SFRNTC1mb3JtYXR0ZWQgdmVy
c2lvbnMgYXJlIGF2YWlsYWJsZSBhdDo8bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29MaXN0
UGFyYWdyYXBoIiBzdHlsZT0idGV4dC1pbmRlbnQ6LS4yNWluO21zby1saXN0OmwyIGxldmVsMSBs
Zm8xMCI+PCFbaWYgIXN1cHBvcnRMaXN0c10+PHNwYW4gc3R5bGU9ImZvbnQtZmFtaWx5OlN5bWJv
bCI+PHNwYW4gc3R5bGU9Im1zby1saXN0Oklnbm9yZSI+wrc8c3BhbiBzdHlsZT0iZm9udDo3LjBw
dCAmcXVvdDtUaW1lcyBOZXcgUm9tYW4mcXVvdDsiPiZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZu
YnNwOyZuYnNwOyZuYnNwOw0KPC9zcGFuPjwvc3Bhbj48L3NwYW4+PCFbZW5kaWZdPjxhIGhyZWY9
Imh0dHA6Ly9zZWxmLWlzc3VlZC5pbmZvL2RvY3MvZHJhZnQtaWV0Zi1vYXV0aC12Mi0yOS5odG1s
Ij5odHRwOi8vc2VsZi1pc3N1ZWQuaW5mby9kb2NzL2RyYWZ0LWlldGYtb2F1dGgtdjItMjkuaHRt
bDwvYT48bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29MaXN0UGFyYWdyYXBoIiBzdHlsZT0i
dGV4dC1pbmRlbnQ6LS4yNWluO21zby1saXN0OmwyIGxldmVsMSBsZm8xMCI+PCFbaWYgIXN1cHBv
cnRMaXN0c10+PHNwYW4gc3R5bGU9ImZvbnQtZmFtaWx5OlN5bWJvbCI+PHNwYW4gc3R5bGU9Im1z
by1saXN0Oklnbm9yZSI+wrc8c3BhbiBzdHlsZT0iZm9udDo3LjBwdCAmcXVvdDtUaW1lcyBOZXcg
Um9tYW4mcXVvdDsiPiZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOw0K
PC9zcGFuPjwvc3Bhbj48L3NwYW4+PCFbZW5kaWZdPjxhIGhyZWY9Imh0dHA6Ly9zZWxmLWlzc3Vl
ZC5pbmZvL2RvY3MvZHJhZnQtaWV0Zi1vYXV0aC12Mi1iZWFyZXItMjIuaHRtbCI+aHR0cDovL3Nl
bGYtaXNzdWVkLmluZm8vZG9jcy9kcmFmdC1pZXRmLW9hdXRoLXYyLWJlYXJlci0yMi5odG1sPC9h
PjxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PG86cD4mbmJzcDs8L286cD48
L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj5UaGFua3MgdG8gRGljayBIYXJkdCBmb3IgZWRpdGlu
ZyB0aGUgQ29yZSBzcGVjaWZpY2F0aW9uLiZuYnNwOyBUaGFua3MgdG8gSnVsaWFuIFJlc2Noa2Ug
Zm9yIHN1cHBseWluZyB0aGUgdGV4dCBpbiBDb3JlIEFwcGVuZGl4IEIgb24gdGhlIHVzZSBvZiB0
aGUgYXBwbGljYXRpb24veC13d3ctZm9ybS11cmxlbmNvZGVkIGVuY29kaW5nLjxvOnA+PC9vOnA+
PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PG86cD4mbmJzcDs8L286cD48L3A+DQo8cCBjbGFz
cz0iTXNvTm9ybWFsIj4mbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsm
bmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJz
cDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsm
bmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJz
cDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsgJm5ic3A7
Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5i
c3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7IC0tIE1pa2U8bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJN
c29Ob3JtYWwiPjxvOnA+Jm5ic3A7PC9vOnA+PC9wPg0KPC9kaXY+DQo8L2JvZHk+DQo8L2h0bWw+
DQo=

--_000_4E1F6AAD24975D4BA5B168042967394366723810TK5EX14MBXC285r_--

From asanso@adobe.com  Fri Jul 13 01:25:22 2012
Return-Path: 
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1D07021F8769 for ; Fri, 13 Jul 2012 01:25:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -106.148
X-Spam-Level: 
X-Spam-Status: No, score=-106.148 tagged_above=-999 required=5 tests=[AWL=-0.150, BAYES_00=-2.599, HTML_MESSAGE=0.001, J_CHICKENPOX_22=0.6, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZN9teLumNg7y for ; Fri, 13 Jul 2012 01:25:21 -0700 (PDT)
Received: from exprod6og116.obsmtp.com (exprod6og116.obsmtp.com [64.18.1.37]) by ietfa.amsl.com (Postfix) with ESMTP id 12F7E21F8789 for ; Fri, 13 Jul 2012 01:25:18 -0700 (PDT)
Received: from outbound-smtp-2.corp.adobe.com ([193.104.215.16]) by exprod6ob116.postini.com ([64.18.5.12]) with SMTP ID DSNKT//bir07D1+LeqOqMFO6YSf9r+qf/Bc9@postini.com; Fri, 13 Jul 2012 01:25:56 PDT
Received: from inner-relay-4.eur.adobe.com (inner-relay-4b [10.128.4.237]) by outbound-smtp-2.corp.adobe.com (8.12.10/8.12.10) with ESMTP id q6D8PiEF027524; Fri, 13 Jul 2012 01:25:45 -0700 (PDT)
Received: from nahub02.corp.adobe.com (nahub02.corp.adobe.com [10.8.189.98]) by inner-relay-4.eur.adobe.com (8.12.10/8.12.9) with ESMTP id q6D8PfYr004643; Fri, 13 Jul 2012 01:25:44 -0700 (PDT)
Received: from eurcas01.eur.adobe.com (10.128.4.27) by nahub02.corp.adobe.com (10.8.189.98) with Microsoft SMTP Server (TLS) id 8.3.192.1; Fri, 13 Jul 2012 01:25:41 -0700
Received: from eurmbx01.eur.adobe.com ([10.128.4.32]) by eurcas01.eur.adobe.com ([10.128.4.27]) with mapi; Fri, 13 Jul 2012 09:25:39 +0100
From: Antonio Sanso 
To: Dick Hardt 
Date: Fri, 13 Jul 2012 09:25:38 +0100
Thread-Topic: [OAUTH-WG] Mail regarding draft-ietf-oauth-v2
Thread-Index: Ac1g0RWpvaSJ0VhnQEiB9SsUF2GNyw==
Message-ID: <43E77D43-8443-4BB8-B3AD-96BAAC91B13F@adobe.com>
References:  
In-Reply-To: 
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
acceptlanguage: en-US
Content-Type: multipart/alternative; boundary="_000_43E77D4384434BB8B3AD96BAAC91B13Fadobecom_"
MIME-Version: 1.0
Cc: "draft-ietf-oauth-v2@tools.ietf.org" , "Honton, Charles" , "oauth@ietf.org WG" 
Subject: Re: [OAUTH-WG] Mail regarding draft-ietf-oauth-v2
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG 
List-Unsubscribe: , 
List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: , 
X-List-Received-Date: Fri, 13 Jul 2012 08:25:22 -0000

--_000_43E77D4384434BB8B3AD96BAAC91B13Fadobecom_
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

Hi Charles, Dick

I think this has been already discussed in [0]

Regards

Antonio

[0] http://www.ietf.org/mail-archive/web/oauth/current/msg08261.html

On Jul 13, 2012, at 2:09 AM, Dick Hardt wrote:

Charles

Thanks for the suggestion. I just did publish a new draft that included a n=
umber of items that had been discussed and I would like to get some feedbac=
k on your suggestion before incorporating it (or not).

Does anyone have feedback on the change below? (+/-)

-- Dick

On Jul 12, 2012, at 1:45 PM, Honton, Charles wrote:

E. Hammer, D. Recordon, D. Hardt, et.al,

I'm looking at draft 28 (http://tools.ietf.org/html/draft-ietf-oauth-v2-28)=
.

In Section 5.2 the error code should probably include:


        server_error
               The authorization server encountered an unexpected
               condition which prevented it from fulfilling the request.
         temporarily_unavailable
               The authorization server is currently unable to handle
               the request due to a temporary overloading or maintenance
               of the server.


Regards,
chas


_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth


--_000_43E77D4384434BB8B3AD96BAAC91B13Fadobecom_
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

Hi Charles, Dick

<=
/div>
I think this has been already discussed in [0]

Regards

Antonio


On Jul 13, 2012, at 2:09 AM, Dick Hardt wrote:
__________________________________=
_____________
OAuth mailing list
OA=
uth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth

=

--_000_43E77D4384434BB8B3AD96BAAC91B13Fadobecom_--

From Hannes.Tschofenig@gmx.net  Fri Jul 13 03:42:55 2012
Return-Path: 
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8ECFA21F86D0 for ; Fri, 13 Jul 2012 03:42:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.475
X-Spam-Level: 
X-Spam-Status: No, score=-102.475 tagged_above=-999 required=5 tests=[AWL=0.124, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tzI1e7i80E+j for ; Fri, 13 Jul 2012 03:42:54 -0700 (PDT)
Received: from mailout-de.gmx.net (mailout-de.gmx.net [213.165.64.23]) by ietfa.amsl.com (Postfix) with SMTP id 0DE6821F8628 for ; Fri, 13 Jul 2012 03:42:53 -0700 (PDT)
Received: (qmail invoked by alias); 13 Jul 2012 10:43:29 -0000
Received: from unknown (EHLO [10.255.128.232]) [194.251.119.201] by mail.gmx.net (mp041) with SMTP; 13 Jul 2012 12:43:29 +0200
X-Authenticated: #29516787
X-Provags-ID: V01U2FsdGVkX1/7YOY1pK77qEirKN2bpFn/Y1LPanVMzsbvO0B72b rVs40FG2524az3
From: Hannes Tschofenig 
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: quoted-printable
Date: Fri, 13 Jul 2012 13:43:17 +0300
Message-Id: 
To: OAuth WG 
Mime-Version: 1.0 (Apple Message framework v1084)
X-Mailer: Apple Mail (2.1084)
X-Y-GMX-Trusted: 0
Subject: [OAUTH-WG] Design Team Conference Call - Monday, 16th July (1pm EST)
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG 
List-Unsubscribe: , 
List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: , 
X-List-Received-Date: Fri, 13 Jul 2012 10:42:55 -0000

Hi all,=20

for our conference call next week Nat offered his conference bridge =
(since we had some problems with Google+).=20

Date: 16hh July 2012 (Monday)
Time: 1pm EDT

Agenda: We will do a status check on these documents:
*    draft-ietf-oauth-v2
*    draft-ietf-oauth-v2-bearer
*    draft-ietf-oauth-v2-threatmodel
*    draft-ietf-oauth-urn-sub-ns
*    draft-ietf-oauth-assertions

I expect this to be a short call since we are just making sure that all =
drafts are submitted prior to the deadline.=20

Conference Bridge:=20
https://www3.gotomeeting.com/join/695548174

Participants are advised to try the link before the call because it is =
going to download and install the software.=20

Use your microphone and speakers (VoIP) - a headset is recommended. Or, =
call in using your telephone.

Dial +1 (773) 897-3000
Access Code: 695-548-174
Audio PIN: Shown after joining the meeting

Meeting ID: 695-548-174

Nat or Mike will be the host for the call and they will start it.=20

Ciao
Hannes


From ve7jtb@ve7jtb.com  Fri Jul 13 04:04:35 2012
Return-Path: 
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 05EC421F86B7 for ; Fri, 13 Jul 2012 04:04:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.298
X-Spam-Level: 
X-Spam-Status: No, score=-3.298 tagged_above=-999 required=5 tests=[AWL=-0.300, BAYES_00=-2.599, HTML_MESSAGE=0.001, J_CHICKENPOX_22=0.6, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eLXxacO8jTmt for ; Fri, 13 Jul 2012 04:04:34 -0700 (PDT)
Received: from mail-qc0-f172.google.com (mail-qc0-f172.google.com [209.85.216.172]) by ietfa.amsl.com (Postfix) with ESMTP id 0162521F86B6 for ; Fri, 13 Jul 2012 04:04:33 -0700 (PDT)
Received: by qcac10 with SMTP id c10so2271741qca.31 for ; Fri, 13 Jul 2012 04:05:09 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=subject:mime-version:content-type:from:in-reply-to:date:cc :message-id:references:to:x-mailer:x-gm-message-state; bh=s5q42PpB61j4L5BwKjtrfSqqtq35TxKb+Zsk4r0yr2c=; b=N2KKkx3ZjeSSSWvygF1SdoPAiHYKOH6aobbtGAHAcsgIvw0iwtXG6LvuvN+C9PN9S3 +4f7/xGY4nFTgsqZvazTtMYyI4Bwo7PTnan1m7jPANgeFPMjk6CyZHud8mLI1SjwgC8r SmaBDR1kMCL7w6EORdTw378HlQJjNhAgh2Jn/gK9pktsVPdkEKAm+AoXrQ4++BuwO0wx oF4l76S+wlmXwJbj2ZUCDAWYvx8FLCj8HK122IdlTGtjzlchX0x+yE61jn7GFpPJ213J DpIfQ4PXZQz4y+rEcSluU1cmGs2Q/coom5WOhGFRExwYyz/MsV0V9Mf1gf4oux2+7W9q pcCQ==
Received: by 10.229.136.81 with SMTP id q17mr313576qct.115.1342177509417; Fri, 13 Jul 2012 04:05:09 -0700 (PDT)
Received: from [192.168.4.149] (ip-64-134-65-40.public.wayport.net. [64.134.65.40]) by mx.google.com with ESMTPS id z9sm10693844qae.15.2012.07.13.04.05.06 (version=TLSv1/SSLv3 cipher=OTHER); Fri, 13 Jul 2012 04:05:08 -0700 (PDT)
Mime-Version: 1.0 (Apple Message framework v1278)
Content-Type: multipart/alternative; boundary="Apple-Mail=_87E665AD-C85F-4CF6-A27D-90229D085B23"
From: John Bradley 
In-Reply-To: 
Date: Fri, 13 Jul 2012 07:04:58 -0400
Message-Id: <6785B651-064E-4E81-9E6C-38A47C499E29@ve7jtb.com>
References:  
To: Dick Hardt 
X-Mailer: Apple Mail (2.1278)
X-Gm-Message-State: ALoCoQn/T40Gw0TqBuShYSeB0SqqXz9HF4vlMHkJfEQhphTxiK1ORGeiKARma6AA4IZwwiEMJ2e/
Cc: draft-ietf-oauth-v2@tools.ietf.org, "Honton, Charles" , "oauth@ietf.org WG" 
Subject: Re: [OAUTH-WG] Mail regarding draft-ietf-oauth-v2
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG 
List-Unsubscribe: , 
List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: , 
X-List-Received-Date: Fri, 13 Jul 2012 11:04:35 -0000

--Apple-Mail=_87E665AD-C85F-4CF6-A27D-90229D085B23
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
	charset=us-ascii

FRom what I can see in a similar discussion Eran pointed out that this =
is a direct communication, communication between the client and token =
endpoint.

Server Error and temporarily unavailable are not OAuth specific and are =
handled by existing HTTP error codes.

I don't see a need for a change.

Unless something else dramatic comes up I would like to see draft 29 go =
to the RFC editor.

(Though one person mentioned to me that 30 is a nicer number:)

John B.

On 2012-07-12, at 8:09 PM, Dick Hardt wrote:

> Charles
>=20
> Thanks for the suggestion. I just did publish a new draft that =
included a number of items that had been discussed and I would like to =
get some feedback on your suggestion before incorporating it (or not).
>=20
> Does anyone have feedback on the change below? (+/-)
>=20
> -- Dick
>=20
> On Jul 12, 2012, at 1:45 PM, Honton, Charles wrote:
>=20
>> E. Hammer, D. Recordon, D. Hardt, et.al,
>>=20
>> I'm looking at draft 28 =
(http://tools.ietf.org/html/draft-ietf-oauth-v2-28).
>>=20
>> In Section 5.2 the error code should probably include:
>>=20
>> 	server_error
>>                The authorization server encountered an unexpected
>>                condition which prevented it from fulfilling the =
request.
>>          temporarily_unavailable
>>                The authorization server is currently unable to handle
>>                the request due to a temporary overloading or =
maintenance
>>                of the server.
>>=20
>>=20
>> Regards,
>> chas
>>=20
>=20
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth


--Apple-Mail=_87E665AD-C85F-4CF6-A27D-90229D085B23
Content-Transfer-Encoding: quoted-printable
Content-Type: text/html;
	charset=us-ascii

FRom =
what I can see in a similar discussion Eran pointed out that this is a =
direct communication, communication between the client and token =
endpoint.

Server Error and temporarily unavailable =
are not OAuth specific and are handled by existing HTTP error =
codes.

I don't see a need for a =
change.

Unless something else dramatic comes up =
I would like to see draft 29 go to the RFC =
editor.

(Though one person mentioned to me that =
30 is a nicer number:)

John =
B.

On 2012-07-12, at 8:09 PM, Dick Hardt =
wrote:








E. Hammer, D. Recordon, D. Hardt, et.al,













In Section 5.2 the error code should probably include:









	server_error
               The authorization server encountered an unexpected
               condition which prevented it from fulfilling the request.
         temporarily_unavailable
               The authorization server is currently unable to handle
               the request due to a temporary overloading or maintenance
               of the server.














Regards,




chas









=


_________________________________=
______________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/=
mailman/listinfo/oauth

=

--Apple-Mail=_87E665AD-C85F-4CF6-A27D-90229D085B23--

From hannes.tschofenig@gmx.net  Fri Jul 13 04:46:38 2012
Return-Path: 
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 32F4521F85E1 for ; Fri, 13 Jul 2012 04:46:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.484
X-Spam-Level: 
X-Spam-Status: No, score=-102.484 tagged_above=-999 required=5 tests=[AWL=0.115, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iOu135uoB543 for ; Fri, 13 Jul 2012 04:46:36 -0700 (PDT)
Received: from mailout-de.gmx.net (mailout-de.gmx.net [213.165.64.23]) by ietfa.amsl.com (Postfix) with SMTP id EF91E21F86FC for ; Fri, 13 Jul 2012 04:46:35 -0700 (PDT)
Received: (qmail invoked by alias); 13 Jul 2012 11:47:11 -0000
Received: from unknown (EHLO [10.255.128.232]) [194.251.119.201] by mail.gmx.net (mp039) with SMTP; 13 Jul 2012 13:47:11 +0200
X-Authenticated: #29516787
X-Provags-ID: V01U2FsdGVkX18z1kQg6gQz/m1JJ0PyGc9/Te/lp/ZT5SProeziNk k8IZnuxAsyExcw
Mime-Version: 1.0 (Apple Message framework v1084)
Content-Type: text/plain; charset=us-ascii
From: Hannes Tschofenig 
In-Reply-To: <255B9BB34FB7D647A506DC292726F6E114F7AB4406@WSMSG3153V.srv.dir.telstra.com>
Date: Fri, 13 Jul 2012 14:47:07 +0300
Content-Transfer-Encoding: quoted-printable
Message-Id: 
References: <213AE838-274D-4809-B841-CCCC51C7B3CD@gmx.net> <255B9BB34FB7D647A506DC292726F6E114F7AB4406@WSMSG3153V.srv.dir.telstra.com>
To: "Manger, James H" 
X-Mailer: Apple Mail (2.1084)
X-Y-GMX-Trusted: 0
Cc: OAuth WG 
Subject: Re: [OAUTH-WG] draft-ietf-tls-oob-pubkey: My summary
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG 
List-Unsubscribe: , 
List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: , 
X-List-Received-Date: Fri, 13 Jul 2012 11:46:38 -0000

Hi James,=20

>=20
> So the OAuth client completes a TLS handshake with a protected =
resource using a raw key, but the protected resource doesn't get any =
authorization for that raw key until it sees an access_token which =
appear where? In an HTTP header somewhere in the App Data some time =
after the TLS handshake finishes?
>=20
The access token is conveyed in the HTTP exchange (similar to what =
bearer does). As such, the authorization decision would be done when the =
resource server receives the access token.=20

Ciao
Hannes

> --
> James Manger


From ve7jtb@ve7jtb.com  Fri Jul 13 05:12:38 2012
Return-Path: 
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 810F021F8720 for ; Fri, 13 Jul 2012 05:12:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.549
X-Spam-Level: 
X-Spam-Status: No, score=-3.549 tagged_above=-999 required=5 tests=[AWL=0.050,  BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ia3tIyh9x8+q for ; Fri, 13 Jul 2012 05:12:37 -0700 (PDT)
Received: from mail-qc0-f172.google.com (mail-qc0-f172.google.com [209.85.216.172]) by ietfa.amsl.com (Postfix) with ESMTP id 7CA4A21F86C6 for ; Fri, 13 Jul 2012 05:12:37 -0700 (PDT)
Received: by qcac10 with SMTP id c10so2304894qca.31 for ; Fri, 13 Jul 2012 05:13:13 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=subject:mime-version:content-type:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to:x-mailer :x-gm-message-state; bh=y76rMYUYmMI+8fZtryMkkdDq6V9Xcao3M5toLQdNUUE=; b=PnVd76GCoE66uwtcEGj35X5JiPB6+nFRkGUdd5/FqpH9q7aOU4DLzgnOzjvmIqb2IU KipdrPJhtjuu5i/cgM+ev+lgtx1kEPGTOsEbhqgV/sSx17+jZTmnvsd2cN6WNcfjNRo2 ngWFqoALYT32aH9uRwH6zyM2BSxMc3pFBFEZ84AX0f/Yph6rF8OOt3l3i/ena9jh1bgd I7qyqIX1qPweHWwoU6K11OqdjymFEHsoyHqk0rCbLlK+fZSlJm4YpeQEi51W0V+y8kXh Ce4/DowldKMWgC8NbpbmN8gz5gw2k3O4bMtXHTGdF4/kNjHz1ejZRAU0YBgSiW4o7nxc fP0w==
Received: by 10.224.78.69 with SMTP id j5mr2292429qak.37.1342181592971; Fri, 13 Jul 2012 05:13:12 -0700 (PDT)
Received: from [192.168.4.149] (ip-64-134-65-40.public.wayport.net. [64.134.65.40]) by mx.google.com with ESMTPS id bh13sm10901683qab.21.2012.07.13.05.13.11 (version=TLSv1/SSLv3 cipher=OTHER); Fri, 13 Jul 2012 05:13:12 -0700 (PDT)
Mime-Version: 1.0 (Apple Message framework v1278)
Content-Type: text/plain; charset=us-ascii
From: John Bradley 
In-Reply-To: <255B9BB34FB7D647A506DC292726F6E114F7AB4406@WSMSG3153V.srv.dir.telstra.com>
Date: Fri, 13 Jul 2012 08:13:07 -0400
Content-Transfer-Encoding: quoted-printable
Message-Id: <6A196EDE-3AF5-4B17-8F8D-2DA8FD9036AC@ve7jtb.com>
References: <213AE838-274D-4809-B841-CCCC51C7B3CD@gmx.net> <255B9BB34FB7D647A506DC292726F6E114F7AB4406@WSMSG3153V.srv.dir.telstra.com>
To: "Manger, James H" 
X-Mailer: Apple Mail (2.1278)
X-Gm-Message-State: ALoCoQl/mfscR5SReOYiGCR6k+r1QlxJWNLEkVf3XUI/gdXmYtdPIVaNwMdhQKaGAnmOfMu23Exm
Cc: OAuth WG 
Subject: Re: [OAUTH-WG] draft-ietf-tls-oob-pubkey: My summary
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG 
List-Unsubscribe: , 
List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: , 
X-List-Received-Date: Fri, 13 Jul 2012 12:12:38 -0000

It sucks for TLS hinting:)

In principal the client needs to know what keypair to use for the TLS =
session before it is initiated.

The protected resource establishes the session with client auth =
accepting any client key.

The protected resource compares the client key passed in from TLS with =
the one in the token as part of token validation, and accepts or rejects =
the token.

It is different from "normal" TLS client auth in that it is not the TLS =
layer making the access decision.

John B.
On 2012-07-12, at 11:40 AM, Manger, James H wrote:

>> III) Hybrid Scenario (the OAuth Holder-of-the-Key Use case)
>>=20
>> client_hello,
>> cert-receive=3D(X.509, Raw) // (1)
>> cert-send=3D(Raw)             -> // (2)
>>=20
>>                         <-  server_hello,
>>                             cert-info=3D(X.509),// (3)
>>                             certificate, // (4)
>>                             certificate_request, // (5)
>>                             cert-receive=3D(Raw) // (6)
>>                             server_key_exchange,
>>                             server_hello_done
>>=20
>> cert-info=3D(Raw), // (7)
>> certificate, // (8)
>> client_key_exchange,
>> change_cipher_spec,
>> finished                  ->
>>=20
>>                         <- change_cipher_spec,
>>                            finished
>>=20
>> Application Data        <------->     Application Data
>>=20
>> Legend:
>>=20
>> (1) Client accepts to receive X.509 certs and raw public keys, in =
this
>> order of preference. (Could also be X.509 only in this example)
>> (2) The client does have a raw public key for client authentication.
>> (3) The server decides to sends his X.509 cert and indicates this in
>> the cert-info field.
>> (4) The certificate payload contains the X.509 cert.
>> (5) The server wants to use client authentication and sends a cert-
>> request.
>> (6) The certificate request asks for a certificate of type 'raw'
>> (knowing that the client supports it from (2)).
>> (7) The client indicates that the certificate payload contains a raw
>> public key.
>> (8) Here is the payload of the certificate itself.
>=20
>=20
> So the OAuth client completes a TLS handshake with a protected =
resource using a raw key, but the protected resource doesn't get any =
authorization for that raw key until it sees an access_token which =
appear where? In an HTTP header somewhere in the App Data some time =
after the TLS handshake finishes?
>=20
> --
> James Manger
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth


From hannes.tschofenig@gmx.net  Fri Jul 13 05:35:13 2012
Return-Path: 
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 63DA621F87E9 for ; Fri, 13 Jul 2012 05:35:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.614
X-Spam-Level: 
X-Spam-Status: No, score=-102.614 tagged_above=-999 required=5 tests=[AWL=-0.015, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9n+4U2C3S0QB for ; Fri, 13 Jul 2012 05:35:12 -0700 (PDT)
Received: from mailout-de.gmx.net (mailout-de.gmx.net [213.165.64.22]) by ietfa.amsl.com (Postfix) with SMTP id 1EEB921F87E7 for ; Fri, 13 Jul 2012 05:35:11 -0700 (PDT)
Received: (qmail invoked by alias); 13 Jul 2012 12:35:46 -0000
Received: from a88-115-216-191.elisa-laajakaista.fi (EHLO [192.168.100.106]) [88.115.216.191] by mail.gmx.net (mp038) with SMTP; 13 Jul 2012 14:35:46 +0200
X-Authenticated: #29516787
X-Provags-ID: V01U2FsdGVkX1/u5Tpx6cXuFUJd6H5VpsmPrcagpLhiZEzF5z+wI4 dYkIDeoxrB+bTy
Mime-Version: 1.0 (Apple Message framework v1084)
Content-Type: text/plain; charset=us-ascii
From: Hannes Tschofenig 
In-Reply-To: <6A196EDE-3AF5-4B17-8F8D-2DA8FD9036AC@ve7jtb.com>
Date: Fri, 13 Jul 2012 15:35:44 +0300
Content-Transfer-Encoding: quoted-printable
Message-Id: 
References: <213AE838-274D-4809-B841-CCCC51C7B3CD@gmx.net> <255B9BB34FB7D647A506DC292726F6E114F7AB4406@WSMSG3153V.srv.dir.telstra.com> <6A196EDE-3AF5-4B17-8F8D-2DA8FD9036AC@ve7jtb.com>
To: John Bradley 
X-Mailer: Apple Mail (2.1084)
X-Y-GMX-Trusted: 0
Cc: OAuth WG 
Subject: Re: [OAUTH-WG] draft-ietf-tls-oob-pubkey: My summary
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG 
List-Unsubscribe: , 
List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: , 
X-List-Received-Date: Fri, 13 Jul 2012 12:35:13 -0000

Hi John,=20

authorization decisions are not made by the TLS library - they are made =
by the application.=20

For example, in the HTTPS case the authorization decision that is made =
by the client is to compare the content of the cert with the domain part =
of the HTTP URI. Similar authorization decisions are being made by many =
applications using HTTP, see http://tools.ietf.org/html/rfc6125.

So, there is nothing unusual here.=20


Ciao
Hannes


On Jul 13, 2012, at 3:13 PM, John Bradley wrote:

> It sucks for TLS hinting:)
>=20
> In principal the client needs to know what keypair to use for the TLS =
session before it is initiated.
>=20
> The protected resource establishes the session with client auth =
accepting any client key.
>=20
> The protected resource compares the client key passed in from TLS with =
the one in the token as part of token validation, and accepts or rejects =
the token.
>=20
> It is different from "normal" TLS client auth in that it is not the =
TLS layer making the access decision.
>=20
> John B.
> On 2012-07-12, at 11:40 AM, Manger, James H wrote:
>=20
>>> III) Hybrid Scenario (the OAuth Holder-of-the-Key Use case)
>>>=20
>>> client_hello,
>>> cert-receive=3D(X.509, Raw) // (1)
>>> cert-send=3D(Raw)             -> // (2)
>>>=20
>>>                        <-  server_hello,
>>>                            cert-info=3D(X.509),// (3)
>>>                            certificate, // (4)
>>>                            certificate_request, // (5)
>>>                            cert-receive=3D(Raw) // (6)
>>>                            server_key_exchange,
>>>                            server_hello_done
>>>=20
>>> cert-info=3D(Raw), // (7)
>>> certificate, // (8)
>>> client_key_exchange,
>>> change_cipher_spec,
>>> finished                  ->
>>>=20
>>>                        <- change_cipher_spec,
>>>                           finished
>>>=20
>>> Application Data        <------->     Application Data
>>>=20
>>> Legend:
>>>=20
>>> (1) Client accepts to receive X.509 certs and raw public keys, in =
this
>>> order of preference. (Could also be X.509 only in this example)
>>> (2) The client does have a raw public key for client authentication.
>>> (3) The server decides to sends his X.509 cert and indicates this in
>>> the cert-info field.
>>> (4) The certificate payload contains the X.509 cert.
>>> (5) The server wants to use client authentication and sends a cert-
>>> request.
>>> (6) The certificate request asks for a certificate of type 'raw'
>>> (knowing that the client supports it from (2)).
>>> (7) The client indicates that the certificate payload contains a raw
>>> public key.
>>> (8) Here is the payload of the certificate itself.
>>=20
>>=20
>> So the OAuth client completes a TLS handshake with a protected =
resource using a raw key, but the protected resource doesn't get any =
authorization for that raw key until it sees an access_token which =
appear where? In an HTTP header somewhere in the App Data some time =
after the TLS handshake finishes?
>>=20
>> --
>> James Manger
>> _______________________________________________
>> OAuth mailing list
>> OAuth@ietf.org
>> https://www.ietf.org/mailman/listinfo/oauth
>=20


From ve7jtb@ve7jtb.com  Fri Jul 13 06:31:49 2012
Return-Path: 
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 087C721F8821 for ; Fri, 13 Jul 2012 06:31:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.901
X-Spam-Level: 
X-Spam-Status: No, score=-2.901 tagged_above=-999 required=5 tests=[AWL=0.698,  BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uYs1C29YUi4k for ; Fri, 13 Jul 2012 06:31:47 -0700 (PDT)
Received: from mail-pb0-f44.google.com (mail-pb0-f44.google.com [209.85.160.44]) by ietfa.amsl.com (Postfix) with ESMTP id 71BFF21F8804 for ; Fri, 13 Jul 2012 06:31:47 -0700 (PDT)
Received: by pbcwy7 with SMTP id wy7so5820286pbc.31 for ; Fri, 13 Jul 2012 06:32:23 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=subject:mime-version:content-type:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to:x-mailer :x-gm-message-state; bh=y4N5AwFVBcyl/UJdbRbuWdRX7Bv+pHUC5GHe5AxfwaA=; b=MHtF/54hB7tNmBoJ+azSmJdzh2lZf/p4cwCFmDLTf8kLYyVV8eWOdfuvc0wS8pmCad CYI9hu3i1irE0KuDagO4z0my7vysQbKNGkeVbyxf3iIiFNEwqZdz8U7AXjWPxoMdeLES wOVDFnlJnfkpLY9LijrTqMtHKcH2zVR9tq00FVEZ3EzL5Kc/Qzz/hv3nqyvfUkU0lYoA YKof6s3Q6jXykRxOBslEgZwMLEi6Bm3nhcbbbxvfkPxA7rB2B7NLi+sRlEVpXhUvPYl9 XEjBx8f+yOQRLv1pbuC/eh6bEs4g7B7UVj549ExI7hldDk43RlMSTUzZNQOHUl1Rj2sI EQYw==
Received: by 10.68.221.38 with SMTP id qb6mr3751621pbc.144.1342186343509; Fri, 13 Jul 2012 06:32:23 -0700 (PDT)
Received: from [10.2.2.165] (75-147-25-205-NewEngland.hfc.comcastbusiness.net. [75.147.25.205]) by mx.google.com with ESMTPS id ms9sm3243996pbb.43.2012.07.13.06.32.20 (version=TLSv1/SSLv3 cipher=OTHER); Fri, 13 Jul 2012 06:32:22 -0700 (PDT)
Mime-Version: 1.0 (Apple Message framework v1278)
Content-Type: text/plain; charset=us-ascii
From: John Bradley 
In-Reply-To: 
Date: Fri, 13 Jul 2012 09:32:18 -0400
Content-Transfer-Encoding: quoted-printable
Message-Id: <70FA7F7B-0ED2-4CE6-986B-673CC7410937@ve7jtb.com>
References: <213AE838-274D-4809-B841-CCCC51C7B3CD@gmx.net> <255B9BB34FB7D647A506DC292726F6E114F7AB4406@WSMSG3153V.srv.dir.telstra.com> <6A196EDE-3AF5-4B17-8F8D-2DA8FD9036AC@ve7jtb.com> 
To: Hannes Tschofenig 
X-Mailer: Apple Mail (2.1278)
X-Gm-Message-State: ALoCoQm6iGv0s8ekqkoBAuNPTQOdn6rixhhkEmQuXXFHIFupGksj5Q+h7JV8xvkMraZHwwQhVt05
Cc: OAuth WG 
Subject: Re: [OAUTH-WG] draft-ietf-tls-oob-pubkey: My summary
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG 
List-Unsubscribe: , 
List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: , 
X-List-Received-Date: Fri, 13 Jul 2012 13:31:49 -0000

I am not saying it is unusual in a bad way.

Some people think of TLS client auth happening at the TLS layer.   That =
is common in  server to server connections.

Decisions based on the client cert can happen at the app layer, as they =
do in SAML HoK.

I think people have less experience with doing that though.

John B.
On 2012-07-13, at 8:35 AM, Hannes Tschofenig wrote:

> Hi John,=20
>=20
> authorization decisions are not made by the TLS library - they are =
made by the application.=20
>=20
> For example, in the HTTPS case the authorization decision that is made =
by the client is to compare the content of the cert with the domain part =
of the HTTP URI. Similar authorization decisions are being made by many =
applications using HTTP, see http://tools.ietf.org/html/rfc6125.
>=20
> So, there is nothing unusual here.=20
>=20
>=20
> Ciao
> Hannes
>=20
>=20
> On Jul 13, 2012, at 3:13 PM, John Bradley wrote:
>=20
>> It sucks for TLS hinting:)
>>=20
>> In principal the client needs to know what keypair to use for the TLS =
session before it is initiated.
>>=20
>> The protected resource establishes the session with client auth =
accepting any client key.
>>=20
>> The protected resource compares the client key passed in from TLS =
with the one in the token as part of token validation, and accepts or =
rejects the token.
>>=20
>> It is different from "normal" TLS client auth in that it is not the =
TLS layer making the access decision.
>>=20
>> John B.
>> On 2012-07-12, at 11:40 AM, Manger, James H wrote:
>>=20
>>>> III) Hybrid Scenario (the OAuth Holder-of-the-Key Use case)
>>>>=20
>>>> client_hello,
>>>> cert-receive=3D(X.509, Raw) // (1)
>>>> cert-send=3D(Raw)             -> // (2)
>>>>=20
>>>>                       <-  server_hello,
>>>>                           cert-info=3D(X.509),// (3)
>>>>                           certificate, // (4)
>>>>                           certificate_request, // (5)
>>>>                           cert-receive=3D(Raw) // (6)
>>>>                           server_key_exchange,
>>>>                           server_hello_done
>>>>=20
>>>> cert-info=3D(Raw), // (7)
>>>> certificate, // (8)
>>>> client_key_exchange,
>>>> change_cipher_spec,
>>>> finished                  ->
>>>>=20
>>>>                       <- change_cipher_spec,
>>>>                          finished
>>>>=20
>>>> Application Data        <------->     Application Data
>>>>=20
>>>> Legend:
>>>>=20
>>>> (1) Client accepts to receive X.509 certs and raw public keys, in =
this
>>>> order of preference. (Could also be X.509 only in this example)
>>>> (2) The client does have a raw public key for client =
authentication.
>>>> (3) The server decides to sends his X.509 cert and indicates this =
in
>>>> the cert-info field.
>>>> (4) The certificate payload contains the X.509 cert.
>>>> (5) The server wants to use client authentication and sends a cert-
>>>> request.
>>>> (6) The certificate request asks for a certificate of type 'raw'
>>>> (knowing that the client supports it from (2)).
>>>> (7) The client indicates that the certificate payload contains a =
raw
>>>> public key.
>>>> (8) Here is the payload of the certificate itself.
>>>=20
>>>=20
>>> So the OAuth client completes a TLS handshake with a protected =
resource using a raw key, but the protected resource doesn't get any =
authorization for that raw key until it sees an access_token which =
appear where? In an HTTP header somewhere in the App Data some time =
after the TLS handshake finishes?
>>>=20
>>> --
>>> James Manger
>>> _______________________________________________
>>> OAuth mailing list
>>> OAuth@ietf.org
>>> https://www.ietf.org/mailman/listinfo/oauth
>>=20
>=20


From phil.hunt@oracle.com  Fri Jul 13 07:39:37 2012
Return-Path: 
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DB7C921F87C1 for ; Fri, 13 Jul 2012 07:39:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.623
X-Spam-Level: 
X-Spam-Status: No, score=-9.623 tagged_above=-999 required=5 tests=[AWL=-0.420, BAYES_00=-2.599, MIME_QP_LONG_LINE=1.396, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nglEmCh5ulTr for ; Fri, 13 Jul 2012 07:39:37 -0700 (PDT)
Received: from rcsinet15.oracle.com (rcsinet15.oracle.com [148.87.113.117]) by ietfa.amsl.com (Postfix) with ESMTP id E4D4321F87B2 for ; Fri, 13 Jul 2012 07:39:36 -0700 (PDT)
Received: from ucsinet21.oracle.com (ucsinet21.oracle.com [156.151.31.93]) by rcsinet15.oracle.com (Sentrion-MTA-4.2.2/Sentrion-MTA-4.2.2) with ESMTP id q6DEe8Nu027990 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Fri, 13 Jul 2012 14:40:09 GMT
Received: from acsmt356.oracle.com (acsmt356.oracle.com [141.146.40.156]) by ucsinet21.oracle.com (8.14.4+Sun/8.14.4) with ESMTP id q6DEe71w021719 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 13 Jul 2012 14:40:08 GMT
Received: from abhmt101.oracle.com (abhmt101.oracle.com [141.146.116.53]) by acsmt356.oracle.com (8.12.11.20060308/8.12.11) with ESMTP id q6DEe714019721; Fri, 13 Jul 2012 09:40:07 -0500
Received: from [192.168.1.125] (/174.7.250.104) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Fri, 13 Jul 2012 07:40:07 -0700
References: <213AE838-274D-4809-B841-CCCC51C7B3CD@gmx.net> <255B9BB34FB7D647A506DC292726F6E114F7AB4406@WSMSG3153V.srv.dir.telstra.com> <6A196EDE-3AF5-4B17-8F8D-2DA8FD9036AC@ve7jtb.com>  <70FA7F7B-0ED2-4CE6-986B-673CC7410937@ve7jtb.com>
In-Reply-To: <70FA7F7B-0ED2-4CE6-986B-673CC7410937@ve7jtb.com>
Mime-Version: 1.0 (1.0)
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset=us-ascii
Message-Id: 
X-Mailer: iPhone Mail (9B206)
From: Phil Hunt 
Date: Fri, 13 Jul 2012 07:40:04 -0700
To: John Bradley 
X-Source-IP: ucsinet21.oracle.com [156.151.31.93]
Cc: OAuth WG 
Subject: Re: [OAUTH-WG] draft-ietf-tls-oob-pubkey: My summary
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG 
List-Unsubscribe: , 
List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: , 
X-List-Received-Date: Fri, 13 Jul 2012 14:39:38 -0000

At the moment there is no hok proof in the token itself. It seems to be boun=
d in tls.=20

The spec isn't clear yet that a token is passed in 3.2. But I assumed that i=
s what Hannes intended.=20

Still since there is no comment about passing the token I guessed it would e=
ssentially be a bearer token backed by a client authenticated tls.=20

Phil

On 2012-07-13, at 6:32, John Bradley  wrote:

> I am not saying it is unusual in a bad way.
>=20
> Some people think of TLS client auth happening at the TLS layer.   That is=
 common in  server to server connections.
>=20
> Decisions based on the client cert can happen at the app layer, as they do=
 in SAML HoK.
>=20
> I think people have less experience with doing that though.
>=20
> John B.
> On 2012-07-13, at 8:35 AM, Hannes Tschofenig wrote:
>=20
>> Hi John,=20
>>=20
>> authorization decisions are not made by the TLS library - they are made b=
y the application.=20
>>=20
>> For example, in the HTTPS case the authorization decision that is made by=
 the client is to compare the content of the cert with the domain part of th=
e HTTP URI. Similar authorization decisions are being made by many applicati=
ons using HTTP, see http://tools.ietf.org/html/rfc6125.
>>=20
>> So, there is nothing unusual here.=20
>>=20
>>=20
>> Ciao
>> Hannes
>>=20
>>=20
>> On Jul 13, 2012, at 3:13 PM, John Bradley wrote:
>>=20
>>> It sucks for TLS hinting:)
>>>=20
>>> In principal the client needs to know what keypair to use for the TLS se=
ssion before it is initiated.
>>>=20
>>> The protected resource establishes the session with client auth acceptin=
g any client key.
>>>=20
>>> The protected resource compares the client key passed in from TLS with t=
he one in the token as part of token validation, and accepts or rejects the t=
oken.
>>>=20
>>> It is different from "normal" TLS client auth in that it is not the TLS l=
ayer making the access decision.
>>>=20
>>> John B.
>>> On 2012-07-12, at 11:40 AM, Manger, James H wrote:
>>>=20
>>>>> III) Hybrid Scenario (the OAuth Holder-of-the-Key Use case)
>>>>>=20
>>>>> client_hello,
>>>>> cert-receive=3D(X.509, Raw) // (1)
>>>>> cert-send=3D(Raw)             -> // (2)
>>>>>=20
>>>>>                      <-  server_hello,
>>>>>                          cert-info=3D(X.509),// (3)
>>>>>                          certificate, // (4)
>>>>>                          certificate_request, // (5)
>>>>>                          cert-receive=3D(Raw) // (6)
>>>>>                          server_key_exchange,
>>>>>                          server_hello_done
>>>>>=20
>>>>> cert-info=3D(Raw), // (7)
>>>>> certificate, // (8)
>>>>> client_key_exchange,
>>>>> change_cipher_spec,
>>>>> finished                  ->
>>>>>=20
>>>>>                      <- change_cipher_spec,
>>>>>                         finished
>>>>>=20
>>>>> Application Data        <------->     Application Data
>>>>>=20
>>>>> Legend:
>>>>>=20
>>>>> (1) Client accepts to receive X.509 certs and raw public keys, in this=

>>>>> order of preference. (Could also be X.509 only in this example)
>>>>> (2) The client does have a raw public key for client authentication.
>>>>> (3) The server decides to sends his X.509 cert and indicates this in
>>>>> the cert-info field.
>>>>> (4) The certificate payload contains the X.509 cert.
>>>>> (5) The server wants to use client authentication and sends a cert-
>>>>> request.
>>>>> (6) The certificate request asks for a certificate of type 'raw'
>>>>> (knowing that the client supports it from (2)).
>>>>> (7) The client indicates that the certificate payload contains a raw
>>>>> public key.
>>>>> (8) Here is the payload of the certificate itself.
>>>>=20
>>>>=20
>>>> So the OAuth client completes a TLS handshake with a protected resource=
 using a raw key, but the protected resource doesn't get any authorization f=
or that raw key until it sees an access_token which appear where? In an HTTP=
 header somewhere in the App Data some time after the TLS handshake finishes=
?
>>>>=20
>>>> --
>>>> James Manger
>>>> _______________________________________________
>>>> OAuth mailing list
>>>> OAuth@ietf.org
>>>> https://www.ietf.org/mailman/listinfo/oauth
>>>=20
>>=20
>=20
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth

From ve7jtb@ve7jtb.com  Fri Jul 13 08:01:00 2012
Return-Path: 
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 299F521F85BB for ; Fri, 13 Jul 2012 08:01:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.075
X-Spam-Level: 
X-Spam-Status: No, score=-3.075 tagged_above=-999 required=5 tests=[AWL=0.524,  BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SUm+NgKZSIdz for ; Fri, 13 Jul 2012 08:00:59 -0700 (PDT)
Received: from mail-gg0-f172.google.com (mail-gg0-f172.google.com [209.85.161.172]) by ietfa.amsl.com (Postfix) with ESMTP id 4C91821F85AF for ; Fri, 13 Jul 2012 08:00:59 -0700 (PDT)
Received: by mail-gg0-f172.google.com with SMTP id c4so4001959ggn.31 for ; Fri, 13 Jul 2012 08:01:35 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=subject:mime-version:content-type:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to:x-mailer :x-gm-message-state; bh=TTjsYFN+mt2k2BeMzmdhUoSTM1FGXxpsOy65/PB6Z4Y=; b=CszDcEYndjks9SkYldHBnQWkEz26HQgTh0fxKJTA6pPZ+mKM4ffO+spqXjlNtiMjiE I2CbmH2uZbl1stZu4BFZTdlD0gUTZQdOWwl0HGgbyJRLqTDnI0DG7rzQ4EDSor857xFC Q7Cdmhw75l5p3abT9gelCI1aQnmM3L+G+c4AD4B+VLbUcTSyXDwdAUCROCytXt5nEvT5 sULS0uf+7+1TCwWlw5BD9+UbwA2sOQAlOEfdnX8eLmGY6GFj4lGEuElG7wK4m03P9V/x ttxk/VP1jxPCInJmuULYG31WmMjGYpk4p8PkfeoixGuSrQLhFR5JBAfGEoewUMOTWxay 11OA==
Received: by 10.68.134.161 with SMTP id pl1mr4256871pbb.29.1342191694875; Fri, 13 Jul 2012 08:01:34 -0700 (PDT)
Received: from [10.2.2.165] (75-147-25-205-NewEngland.hfc.comcastbusiness.net. [75.147.25.205]) by mx.google.com with ESMTPS id oo6sm6164547pbc.22.2012.07.13.08.01.33 (version=TLSv1/SSLv3 cipher=OTHER); Fri, 13 Jul 2012 08:01:34 -0700 (PDT)
Mime-Version: 1.0 (Apple Message framework v1278)
Content-Type: text/plain; charset=us-ascii
From: John Bradley 
In-Reply-To: 
Date: Fri, 13 Jul 2012 11:01:27 -0400
Content-Transfer-Encoding: quoted-printable
Message-Id: 
References: <213AE838-274D-4809-B841-CCCC51C7B3CD@gmx.net> <255B9BB34FB7D647A506DC292726F6E114F7AB4406@WSMSG3153V.srv.dir.telstra.com> <6A196EDE-3AF5-4B17-8F8D-2DA8FD9036AC@ve7jtb.com>  <70FA7F7B-0ED2-4CE6-986B-673CC7410937@ve7jtb.com> 
To: Phil Hunt 
X-Mailer: Apple Mail (2.1278)
X-Gm-Message-State: ALoCoQnUgpJkRMFQQ1DmEkpUNy3DxNElZ2By5kkb2nJcmTw4ejkzcjKD8LKloEGtMz65+O4C88T+
Cc: OAuth WG 
Subject: Re: [OAUTH-WG] draft-ietf-tls-oob-pubkey: My summary
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG 
List-Unsubscribe: , 
List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: , 
X-List-Received-Date: Fri, 13 Jul 2012 15:01:00 -0000

I think having the proof in the token works for SAML and JWT.

I would like to also allow for an opaque token that the RS may deference =
to get the key.

John B.
On 2012-07-13, at 10:40 AM, Phil Hunt wrote:

> At the moment there is no hok proof in the token itself. It seems to =
be bound in tls.=20
>=20
> The spec isn't clear yet that a token is passed in 3.2. But I assumed =
that is what Hannes intended.=20
>=20
> Still since there is no comment about passing the token I guessed it =
would essentially be a bearer token backed by a client authenticated =
tls.=20
>=20
> Phil
>=20
> On 2012-07-13, at 6:32, John Bradley  wrote:
>=20
>> I am not saying it is unusual in a bad way.
>>=20
>> Some people think of TLS client auth happening at the TLS layer.   =
That is common in  server to server connections.
>>=20
>> Decisions based on the client cert can happen at the app layer, as =
they do in SAML HoK.
>>=20
>> I think people have less experience with doing that though.
>>=20
>> John B.
>> On 2012-07-13, at 8:35 AM, Hannes Tschofenig wrote:
>>=20
>>> Hi John,=20
>>>=20
>>> authorization decisions are not made by the TLS library - they are =
made by the application.=20
>>>=20
>>> For example, in the HTTPS case the authorization decision that is =
made by the client is to compare the content of the cert with the domain =
part of the HTTP URI. Similar authorization decisions are being made by =
many applications using HTTP, see http://tools.ietf.org/html/rfc6125.
>>>=20
>>> So, there is nothing unusual here.=20
>>>=20
>>>=20
>>> Ciao
>>> Hannes
>>>=20
>>>=20
>>> On Jul 13, 2012, at 3:13 PM, John Bradley wrote:
>>>=20
>>>> It sucks for TLS hinting:)
>>>>=20
>>>> In principal the client needs to know what keypair to use for the =
TLS session before it is initiated.
>>>>=20
>>>> The protected resource establishes the session with client auth =
accepting any client key.
>>>>=20
>>>> The protected resource compares the client key passed in from TLS =
with the one in the token as part of token validation, and accepts or =
rejects the token.
>>>>=20
>>>> It is different from "normal" TLS client auth in that it is not the =
TLS layer making the access decision.
>>>>=20
>>>> John B.
>>>> On 2012-07-12, at 11:40 AM, Manger, James H wrote:
>>>>=20
>>>>>> III) Hybrid Scenario (the OAuth Holder-of-the-Key Use case)
>>>>>>=20
>>>>>> client_hello,
>>>>>> cert-receive=3D(X.509, Raw) // (1)
>>>>>> cert-send=3D(Raw)             -> // (2)
>>>>>>=20
>>>>>>                     <-  server_hello,
>>>>>>                         cert-info=3D(X.509),// (3)
>>>>>>                         certificate, // (4)
>>>>>>                         certificate_request, // (5)
>>>>>>                         cert-receive=3D(Raw) // (6)
>>>>>>                         server_key_exchange,
>>>>>>                         server_hello_done
>>>>>>=20
>>>>>> cert-info=3D(Raw), // (7)
>>>>>> certificate, // (8)
>>>>>> client_key_exchange,
>>>>>> change_cipher_spec,
>>>>>> finished                  ->
>>>>>>=20
>>>>>>                     <- change_cipher_spec,
>>>>>>                        finished
>>>>>>=20
>>>>>> Application Data        <------->     Application Data
>>>>>>=20
>>>>>> Legend:
>>>>>>=20
>>>>>> (1) Client accepts to receive X.509 certs and raw public keys, in =
this
>>>>>> order of preference. (Could also be X.509 only in this example)
>>>>>> (2) The client does have a raw public key for client =
authentication.
>>>>>> (3) The server decides to sends his X.509 cert and indicates this =
in
>>>>>> the cert-info field.
>>>>>> (4) The certificate payload contains the X.509 cert.
>>>>>> (5) The server wants to use client authentication and sends a =
cert-
>>>>>> request.
>>>>>> (6) The certificate request asks for a certificate of type 'raw'
>>>>>> (knowing that the client supports it from (2)).
>>>>>> (7) The client indicates that the certificate payload contains a =
raw
>>>>>> public key.
>>>>>> (8) Here is the payload of the certificate itself.
>>>>>=20
>>>>>=20
>>>>> So the OAuth client completes a TLS handshake with a protected =
resource using a raw key, but the protected resource doesn't get any =
authorization for that raw key until it sees an access_token which =
appear where? In an HTTP header somewhere in the App Data some time =
after the TLS handshake finishes?
>>>>>=20
>>>>> --
>>>>> James Manger
>>>>> _______________________________________________
>>>>> OAuth mailing list
>>>>> OAuth@ietf.org
>>>>> https://www.ietf.org/mailman/listinfo/oauth
>>>>=20
>>>=20
>>=20
>> _______________________________________________
>> OAuth mailing list
>> OAuth@ietf.org
>> https://www.ietf.org/mailman/listinfo/oauth


From ve7jtb@ve7jtb.com  Fri Jul 13 09:07:42 2012
Return-Path: 
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B5E3711E8087 for ; Fri, 13 Jul 2012 09:07:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.88
X-Spam-Level: 
X-Spam-Status: No, score=-2.88 tagged_above=-999 required=5 tests=[AWL=0.118,  BAYES_00=-2.599, HTML_MESSAGE=0.001, J_CHICKENPOX_22=0.6, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id M30o5OAqpr8d for ; Fri, 13 Jul 2012 09:07:41 -0700 (PDT)
Received: from mail-pb0-f44.google.com (mail-pb0-f44.google.com [209.85.160.44]) by ietfa.amsl.com (Postfix) with ESMTP id 7725421F8722 for ; Fri, 13 Jul 2012 09:07:41 -0700 (PDT)
Received: by pbcwy7 with SMTP id wy7so6010106pbc.31 for ; Fri, 13 Jul 2012 09:08:18 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=subject:mime-version:content-type:from:in-reply-to:date:cc :message-id:references:to:x-mailer:x-gm-message-state; bh=T8yFO4memFJ4icwxnGD8z0lh74HsqZNfphqPSM/yYds=; b=BR7X8ONT9Qi8sH8v1lv3mfRMvW0roOiNO2fA5xNDDJimtMlwRI9Ik0XKQlcBBbXQw1 wEynmNf3a3R/KjuQ/iYMlM4bD6l1joOPX1TcYpTMOuYVuJ/c7RdcWfhqloxDp/sSoRbw rkYIZ9JOlVcucCa0z1CC9hZSWhfBdoLmvKwd7RpMSazxPc0N0sQ3r+0nLYu+M4wx1eos yBE3cF6LUWhqSDABM2YQQBnEhd168w5fUFogIg5oq3I0VEattj3s1YxzdHybX7ZSh2Rw Dm6RDa/fyGSrAqd1GdGylwX1Tg0D3pcUtMiVE0Hhz3HDyfOi3QXMtIpatWDAFV3S7n42 1muw==
Received: by 10.68.217.3 with SMTP id ou3mr4636704pbc.117.1342195697720; Fri, 13 Jul 2012 09:08:17 -0700 (PDT)
Received: from [10.2.2.165] (75-147-25-205-NewEngland.hfc.comcastbusiness.net. [75.147.25.205]) by mx.google.com with ESMTPS id qd2sm2442810pbb.29.2012.07.13.09.08.15 (version=TLSv1/SSLv3 cipher=OTHER); Fri, 13 Jul 2012 09:08:16 -0700 (PDT)
Mime-Version: 1.0 (Apple Message framework v1278)
Content-Type: multipart/alternative; boundary="Apple-Mail=_4D264747-A835-4AE2-8B4D-E5C6A89CC7F9"
From: John Bradley 
In-Reply-To: 
Date: Fri, 13 Jul 2012 12:08:13 -0400
Message-Id: 
References: 
To: "Honton, Charles" 
X-Mailer: Apple Mail (2.1278)
X-Gm-Message-State: ALoCoQlENXXfdxd8fQ/X0J9mwpTDvvW5lR7VbrSbVlgOQfZ1yXxr51YMoBlLKvn8zTD5BqzxajUq
Cc: "draft-ietf-oauth-v2@tools.ietf.org" , "oauth@ietf.org WG" 
Subject: Re: [OAUTH-WG] Mail regarding draft-ietf-oauth-v2
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG 
List-Unsubscribe: , 
List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: , 
X-List-Received-Date: Fri, 13 Jul 2012 16:07:42 -0000

--Apple-Mail=_4D264747-A835-4AE2-8B4D-E5C6A89CC7F9
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
	charset=us-ascii

4.2.2.1 and 4.1.2.1 are error codes that are returned to the client =
through the browser via a 302 redirect.

You can't send a 5xx error via a 302 redirect.

That is why those need error messages specific to OAuth. =20

Errors not being sent via redirect use normal http error codes.

I thought that was clear.  Is there some general confusion on this?

John B.
On 2012-07-13, at 11:55 AM, Honton, Charles wrote:

> Great! Because this question has come up multiple times, perhaps the =
rfc could explain the use of 5xx return code in addition to error_code.
>=20
> I must be missing something.  Why are  server_error and =
temporarily_unavailable specified in sections 4.2.2.1 and 4.1.2.1?  Is =
there a distinction between 5xx return code and error_code in these =
cases?
>=20
> Chas
>=20
> From: John Bradley 
> Date: Friday, July 13, 2012 4:04 AM
> To: Dick Hardt 
> Cc: Charles Honton , =
"draft-ietf-oauth-v2@tools.ietf.org" =
, "oauth@ietf.org WG" =

> Subject: Re: [OAUTH-WG] Mail regarding draft-ietf-oauth-v2
>=20
> FRom what I can see in a similar discussion Eran pointed out that this =
is a direct communication, communication between the client and token =
endpoint.
>=20
> Server Error and temporarily unavailable are not OAuth specific and =
are handled by existing HTTP error codes.
>=20
> I don't see a need for a change.
>=20
> Unless something else dramatic comes up I would like to see draft 29 =
go to the RFC editor.
>=20
> (Though one person mentioned to me that 30 is a nicer number:)
>=20
> John B.
>=20
> On 2012-07-12, at 8:09 PM, Dick Hardt wrote:
>=20
>> Charles
>>=20
>> Thanks for the suggestion. I just did publish a new draft that =
included a number of items that had been discussed and I would like to =
get some feedback on your suggestion before incorporating it (or not).
>>=20
>> Does anyone have feedback on the change below? (+/-)
>>=20
>> -- Dick
>>=20
>> On Jul 12, 2012, at 1:45 PM, Honton, Charles wrote:
>>=20
>>> E. Hammer, D. Recordon, D. Hardt, et.al,
>>>=20
>>> I'm looking at draft 28 =
(http://tools.ietf.org/html/draft-ietf-oauth-v2-28).
>>>=20
>>> In Section 5.2 the error code should probably include:
>>>=20
>>> 	server_error
>>>                The authorization server encountered an unexpected
>>>                condition which prevented it from fulfilling the =
request.
>>>          temporarily_unavailable
>>>                The authorization server is currently unable to =
handle
>>>                the request due to a temporary overloading or =
maintenance
>>>                of the server.
>>>=20
>>>=20
>>> Regards,
>>> chas
>>>=20
>>=20
>> _______________________________________________
>> OAuth mailing list
>> OAuth@ietf.org
>> https://www.ietf.org/mailman/listinfo/oauth
>=20


--Apple-Mail=_4D264747-A835-4AE2-8B4D-E5C6A89CC7F9
Content-Transfer-Encoding: 7bit
Content-Type: text/html;
	charset=us-ascii

4.2.2.1 and 4.1.2.1 are error codes that are returned to the client through the browser via a 302 redirect.

You can't send a 5xx error via a 302 redirect.

That is why those need error messages specific to OAuth.  

Errors not being sent via redirect use normal http error codes.

I thought that was clear.  Is there some general confusion on this?

John B.
On 2012-07-13, at 11:55 AM, Honton, Charles wrote:








Great! Because this question has come up multiple times, perhaps the rfc could explain the use of 5xx return code in addition to error_code.







I must be missing something.  Why are  server_error and temporarily_unavailable specified in sections 4.2.2.1 and 4.1.2.1?  Is there a distinction between 5xx return code and error_code in these cases?







Chas









From: John Bradley <ve7jtb@ve7jtb.com>

Date: Friday, July 13, 2012 4:04 AM

To: Dick Hardt <dick.hardt@gmail.com>

Cc: Charles Honton <charles_honton@intuit.com>, "draft-ietf-oauth-v2@tools.ietf.org" <draft-ietf-oauth-v2@tools.ietf.org>,
 "oauth@ietf.org WG" <oauth@ietf.org>

Subject: Re: [OAUTH-WG] Mail regarding draft-ietf-oauth-v2












FRom what I can see in a similar discussion Eran pointed out that this is a direct communication, communication between the client and token endpoint.






Server Error and temporarily unavailable are not OAuth specific and are handled by existing HTTP error codes.







I don't see a need for a change.







Unless something else dramatic comes up I would like to see draft 29 go to the RFC editor.







(Though one person mentioned to me that 30 is a nicer number:)







John B.







On 2012-07-12, at 8:09 PM, Dick Hardt wrote:







Charles






Thanks for the suggestion. I just did publish a new draft that included a number of items that had been discussed and I would like to get some feedback on your suggestion before incorporating it (or not).







Does anyone have feedback on the change below? (+/-)







-- Dick









On Jul 12, 2012, at 1:45 PM, Honton, Charles wrote:








E. Hammer, D. Recordon, D. Hardt, et.al,













In Section 5.2 the error code should probably include:









	server_error
               The authorization server encountered an unexpected
               condition which prevented it from fulfilling the request.
         temporarily_unavailable
               The authorization server is currently unable to handle
               the request due to a temporary overloading or maintenance
               of the server.














Regards,




chas




















_______________________________________________

OAuth mailing list

OAuth@ietf.org

https://www.ietf.org/mailman/listinfo/oauth




















--Apple-Mail=_4D264747-A835-4AE2-8B4D-E5C6A89CC7F9--

From wmills_92105@yahoo.com  Fri Jul 13 09:56:24 2012
Return-Path: 
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BD25C11E8103 for ; Fri, 13 Jul 2012 09:56:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.798
X-Spam-Level: 
X-Spam-Status: No, score=-2.798 tagged_above=-999 required=5 tests=[AWL=-0.799, BAYES_00=-2.599, J_CHICKENPOX_22=0.6]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Le2SqOhkdqzy for ; Fri, 13 Jul 2012 09:56:24 -0700 (PDT)
Received: from nm11-vm0.bullet.mail.ac4.yahoo.com (nm11-vm0.bullet.mail.ac4.yahoo.com [98.139.53.196]) by ietfa.amsl.com (Postfix) with SMTP id B683B11E80E1 for ; Fri, 13 Jul 2012 09:56:23 -0700 (PDT)
Received: from [98.139.52.196] by nm11.bullet.mail.ac4.yahoo.com with NNFMP; 13 Jul 2012 16:56:56 -0000
Received: from [98.139.52.145] by tm9.bullet.mail.ac4.yahoo.com with NNFMP; 13 Jul 2012 16:56:56 -0000
Received: from [127.0.0.1] by omp1028.mail.ac4.yahoo.com with NNFMP; 13 Jul 2012 16:56:56 -0000
X-Yahoo-Newman-Property: ymail-3
X-Yahoo-Newman-Id: 835563.19363.bm@omp1028.mail.ac4.yahoo.com
Received: (qmail 2419 invoked by uid 60001); 13 Jul 2012 16:56:56 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024; t=1342198616; bh=lt8DUb2UbwAsLH+0mGRMrSIVUerfMIMUanjR2MT7QfQ=; h=X-YMail-OSG:Received:X-Mailer:References:Message-ID:Date:From:Reply-To:Subject:To:Cc:In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding; b=nkfTa7AJMWtNySx8tnANd0IC3E6hTBtLXro4MflN13+JoyAq6xXwr3+gKmIk5dwDqtg9XRuvegVyh0mN4+erH3CA2ULwmY4bOLLB7GZkNw4oindd0Jp7k9QpjulG6idOL1j4zm8LOXSjpDZ6pXAHmYubIanJLmin0s3iVx04dsA=
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=X-YMail-OSG:Received:X-Mailer:References:Message-ID:Date:From:Reply-To:Subject:To:Cc:In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding; b=6VVJvEP0tCxlALu1Yn75RSERIHyW52Vf59rtbnm3Hf1jy7y3Ivhtshf491igX0yey5Uckhrlg5guM1bLCbAa3G2DRQ3EdmwRLm5a763/LMcc61szE2sRur6JvCCDuJxeJr5BUTOp5cl5O7rpTmdaLkPHduvJQrqD1LBZfSzWCbE=;
X-YMail-OSG: DF0C7YgVM1lT7IWYoDopwACFRfZtUGP3yYdmNh6jmEKZeN5 Wx.VlLKX5yMpznES.idMbyQ.pOHEzU__6glSBnHXYwFCnXHdo6XvNiniV1Yu pANbq2ZIHHvRkSLS32vp3sjxWVsw8.UI4NzH_wmm_V1AygcHC5tTJpkY3sOW x.jlZQKaoN9JSx0VMJjYyFx99JFdmg7OWrrMKkjjNtVqgBM7OZBtjcJsgcSI zr38pzQ1A59CPXtfCyBSuK4I3j6izvgD4ryPijJ1g1yvhXQkKLOoKJQpkIOX IdEmK00kMTEkKZKiO9nmTLCYMrCVPplenqR.SiDDX1PDAiEunn5LO5fzTvu3 v2kPgsolUoG7kNRBjj1AEPi6WdS3oG0RaiPrAeZECpg6vxujaH9hR5XFmeVB T7ejWY9lEd4r9EHwIP4226JReD6lYZChibQ92fAu9xT4SCCxVQUcnLtIUETi Kss9z.TkN_McMVoiI1u2iCWaDtB9WqTz9RCSEZ8fbIQLrY7GG4Bz2ISiEgDp kth4-
Received: from [99.31.212.42] by web31812.mail.mud.yahoo.com via HTTP; Fri, 13 Jul 2012 09:56:55 PDT
X-Mailer: YahooMailWebService/0.8.120.356233
References:   <6785B651-064E-4E81-9E6C-38A47C499E29@ve7jtb.com>
Message-ID: <1342198615.80652.YahooMailNeo@web31812.mail.mud.yahoo.com>
Date: Fri, 13 Jul 2012 09:56:55 -0700 (PDT)
From: William Mills 
To: John Bradley , Dick Hardt 
In-Reply-To: <6785B651-064E-4E81-9E6C-38A47C499E29@ve7jtb.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable
Cc: "draft-ietf-oauth-v2@tools.ietf.org" , "Honton, Charles" , "oauth@ietf.org WG" 
Subject: Re: [OAUTH-WG] Mail regarding draft-ietf-oauth-v2
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: William Mills 
List-Id: OAUTH WG 
List-Unsubscribe: , 
List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: , 
X-List-Received-Date: Fri, 13 Jul 2012 16:56:25 -0000

I agree that we don't want things like Internal=A0Server=A0Error (500) dupl=
icated in OAuth specific errors. =A0The only thing I might add to 5.2 is so=
mething like "Other HTTP status codes such as=A0500 (Internal Server Error)=
 may be returned with no OAuth specific parameters."=0A=0A-bill=0A=0A=0A___=
_____________________________=0AFrom: John Bradley =0ATo=
: Dick Hardt  =0ACc: draft-ietf-oauth-v2@tools.ietf.o=
rg; "Honton, Charles" ; "oauth@ietf.org WG"  =0ASent: Friday, July 13, 2012 4:04 AM=0ASubject: Re: [OAUTH-W=
G] Mail regarding draft-ietf-oauth-v2=0A=0A=0AFRom what I can see in a simi=
lar discussion Eran pointed out that this is a direct communication, commun=
ication between the client and token endpoint.=0A=0AServer Error and tempor=
arily unavailable are not OAuth specific and are handled by existing HTTP e=
rror codes.=0A=0AI don't see a need for a change.=0A=0AUnless something els=
e dramatic comes up I would like to see draft 29 go to the RFC editor.=0A=
=0A(Though one person mentioned to me that 30 is a nicer number:)=0A=0AJohn=
 B.=0A=0A=0AOn 2012-07-12, at 8:09 PM, Dick Hardt wrote:=0A=0ACharles=0A>=
=0A>=0A>Thanks for the suggestion. I just did publish a new draft that incl=
uded a number of items that had been discussed and I would like to get some=
 feedback on your suggestion before incorporating it (or not).=0A>=0A>=0A>D=
oes anyone have feedback on the change below? (+/-)=0A>=0A>=0A>-- Dick=0A>=
=0A>=0A>On Jul 12, 2012, at 1:45 PM, Honton, Charles wrote:=0A>=0A>E. Hamme=
r, D. Recordon, D. Hardt, et.al,=0A>>=0A>>=0A>>I'm looking at draft 28 (htt=
p://tools.ietf.org/html/draft-ietf-oauth-v2-28).=0A>>=0A>>=0A>>In Section 5=
.2 the error code should probably include:=0A>>=0A>>=0A>>server_error The a=
uthorization server encountered an unexpected condition which prevented it =
from fulfilling the request. temporarily_unavailable The authorization serv=
er is currently unable to handle the request due to a temporary overloading=
 or maintenance of the server.=0A>>=0A>>=0A>>=0A>>=0A>>Regards,=0A>>chas=0A=
>>=0A>>=0A>_______________________________________________=0A>OAuth mailing=
 list=0A>OAuth@ietf.org=0A>https://www.ietf.org/mailman/listinfo/oauth=0A>=
=0A=0A_______________________________________________=0AOAuth mailing list=
=0AOAuth@ietf.org=0Ahttps://www.ietf.org/mailman/listinfo/oauth

From wmills_92105@yahoo.com  Fri Jul 13 13:42:30 2012
Return-Path: 
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5919511E810A for ; Fri, 13 Jul 2012 13:42:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.098
X-Spam-Level: 
X-Spam-Status: No, score=-3.098 tagged_above=-999 required=5 tests=[AWL=-0.500, BAYES_00=-2.599, HTML_MESSAGE=0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id spMtOVeQD4rZ for ; Fri, 13 Jul 2012 13:42:28 -0700 (PDT)
Received: from nm32-vm4.bullet.mail.bf1.yahoo.com (nm32-vm4.bullet.mail.bf1.yahoo.com [72.30.239.140]) by ietfa.amsl.com (Postfix) with SMTP id 3CEF611E80C7 for ; Fri, 13 Jul 2012 13:42:28 -0700 (PDT)
Received: from [98.139.212.145] by nm32.bullet.mail.bf1.yahoo.com with NNFMP; 13 Jul 2012 20:43:05 -0000
Received: from [98.139.215.250] by tm2.bullet.mail.bf1.yahoo.com with NNFMP; 13 Jul 2012 20:43:04 -0000
Received: from [127.0.0.1] by omp1063.mail.bf1.yahoo.com with NNFMP; 13 Jul 2012 20:43:04 -0000
X-Yahoo-Newman-Property: ymail-3
X-Yahoo-Newman-Id: 946246.47956.bm@omp1063.mail.bf1.yahoo.com
Received: (qmail 80488 invoked by uid 60001); 13 Jul 2012 20:43:04 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024; t=1342212184; bh=FmvaRItc3lfSH026VnqVuU2BSPe7dn0TT+gN4+Knvjw=; h=X-YMail-OSG:Received:X-Mailer:References:Message-ID:Date:From:Reply-To:Subject:To:Cc:In-Reply-To:MIME-Version:Content-Type; b=Dy9tMmMKK7nAoAc9JVH+tGWl407F5reiDTVIdDkX23wSmSlgckZ6ROWzrptVIJhMQQ76YADScDUh3dAGmo7sH0JM+7W4lIu+ucyNtXYjeElLXTxwGZvEGZr48/TLhCz5PG4dP2u8ZKIGrZaQ7odFCCy79zcsOCYpSVdDWIaTsAw=
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=X-YMail-OSG:Received:X-Mailer:References:Message-ID:Date:From:Reply-To:Subject:To:Cc:In-Reply-To:MIME-Version:Content-Type; b=sSKLyYDUYVrBv7JCnEHfTxRhf4+u8tGtLYu0s0gCoxxZ1poolqfVXkVj/gVhMCa9RPiI1Z41Rdkz3LSNHfdQcA/jJIfusB9zLmfa9yUwQ3Fl+U9E9uahO9K/lhErdKu9+Bp4uk+JizOB1BKuz4/o5/YMa6LjRGKIo6S0tzDXJVA=;
X-YMail-OSG: p6PZgOoVM1mbiMtmRaCF_hcEtRcqKDIA8tplkmNKv4bxjbR h080f8WtWvf6RxLvT2peHgUlbteEU9WUs3ePQSGRozMB5_xvy.PV1TV3KI0o sAcAqbU.T4IuCzU6p3BhHrO2YwPKO74.xh1NBAiT3J1sNJ0bVdP83Z.6AS7k Eup5z22VhgR1UZlPwGbJFu1U8eiDytMCr2c7bHwOJixsrZEQAj0_aqdL5AnD TNBozjNLm4r8fA.eUAiTKCWkhtwR5DyOxWKZtnNmVQZ2cGbcK7CRbBVt9Pnl ZVJUQmTSTinmsuQSDiWR9VuHtQZiUCuA8HJj.hSnX7jB_Gz1SOBBBFtUXaig wbdapw.IazBTBkT6qLAzV64HWYp1UvfPeYg8r1nDO9bdGzDJ_aghjD0m4ULP y81tQUeuBH0U6ECFG42FfllQiJkMVC6DwWkxZ6gbXyQH3iQGjcz5080pnTPm rnTwaZCtp.xxnawVV2cA7SyHEechMfyimh03QQZf2Nz0-
Received: from [209.131.62.115] by web31806.mail.mud.yahoo.com via HTTP; Fri, 13 Jul 2012 13:43:04 PDT
X-Mailer: YahooMailWebService/0.8.120.356233
References: <8FB1BC31-D183-47A0-9792-4FDF460AFAA1@gmx.net><22194120-0613-48A7-9825-FD3BAD76062A@gmx.net><6D7E3A30-873A-41DD-8ADA-A3334E023576@gmx.net><397384FE-394C-4C4B-8962-56E4F86579C1@ve7jtb.com> <4FFC6983.8030704@oracle.com> <999913AB42CC9341B05A99BBF358718D01A4937B@FIESEXC035.nsn-intra.net> <4FFC7BC4.5030902@oracle.com> <1341951979.14398.YahooMailNeo@web31803.mail.mud.yahoo.com> <8DD974A3-44A8-4E3F-AF43-E6511A6100B0@gmx.net> <1342025520.18462.YahooMailNeo@web31801.mail.mud.yahoo.com>
Message-ID: <1342212184.51204.YahooMailNeo@web31806.mail.mud.yahoo.com>
Date: Fri, 13 Jul 2012 13:43:04 -0700 (PDT)
From: William Mills 
To: William Mills , Hannes Tschofenig 
In-Reply-To: <1342025520.18462.YahooMailNeo@web31801.mail.mud.yahoo.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="-1055047407-201487617-1342212184=:51204"
Cc: "oauth@ietf.org" 
Subject: Re: [OAUTH-WG] Holder-of-the-Key for OAuth
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: William Mills 
List-Id: OAUTH WG 
List-Unsubscribe: , 
List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: , 
X-List-Received-Date: Fri, 13 Jul 2012 20:42:30 -0000

---1055047407-201487617-1342212184=:51204
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable

The more I think about this the more I think that HoK is really more or an =
informational type RFC if anything. =A0If you really want a cleartext part =
so as not to encrypt a certificate or=A0something=A0then OK, but in the end=
 all our extant token types can support the HoK token payload. =A0In profil=
es where we already have a transaction signature nothing more is needed. =
=A0 And if you want to apply it to=A0something=A0like Bearer, then you=A0sh=
ould=A0be using MAC instead.=0A=0AWe could theoretically wedge it in to the=
 client authentication mechanism, but why?=0A=0A=0A=0A_____________________=
___________=0A From: William Mills =0ATo: Hannes Ts=
chofenig  =0ACc: "oauth@ietf.org"  =0ASent: Wednesday, July 11, 2012 9:52 AM=0ASubject: Re: [OAUTH-WG] Hold=
er-of-the-Key for OAuth=0A =0A=0AHaving re-read this I think I now understa=
nd how symmetric would work. =A0In the HOK model as I think of it we have 3=
 basic parts: =A0opaque token stuff, asserted client key, and server signat=
ure. =A0The asserted client key could be:=0A=0A-a public key=0A-a certifica=
te=0A-an encrypted symmetric key=0A-other?=0A=0AFor symmetric key it would =
act as a key distribution for clients to the endpoints, so it would be doin=
g a similar thing for symmetric keys that it would for PK, e.g. key distrib=
ution and trust. =A0In the end the token itself can contain the asserted ke=
y, MAC tokens can support this concept now in fact. =A0The relying endpoint=
 would extract the secret from the token to check the signature. =A0For the=
 PK case you don't have to encrypt the asserted key, which is a little chea=
per.=0A=0A-bill=0A=0A=0A________________________________=0A From: Hannes Ts=
chofenig =0ATo: William Mills  =0ACc: Hannes Tschofenig ; prateek mishra=
 ; "Tschofenig, Hannes (NSN - FI/Espoo)" ; "oauth@ietf.org"  =0ASent: Tuesday, J=
uly 10, 2012 11:23 PM=0ASubject: Re: [OAUTH-WG] Holder-of-the-Key for OAuth=
=0A =0AI also fail to see the value of a symmetric holder-of-the-key soluti=
on and I don't buy the performance argument either (particularly since we a=
re using a short key length here.=0A=0AI hope that this is not the "let us =
replicate all the work we had done in some other crazy enterprise identity =
management solution so far." approach. =0A=0A=0AOn Jul 10, 2012, at 11:26 P=
M, William Mills wrote:=0A=0A> OK, but why do you need holder-of-key then?=
=A0 I think holder-of-key gets significantly weird in the symmetric key cas=
e.=A0  In the PKI case the token has (public_key, token, signature(public_k=
ey, token, serversecret)).=A0 How will the server assert something in the c=
redential that's useful in place of a plublic key (or certificate)?=A0 I th=
ink the best case there is that the server is asserting a client name which=
 the protected resource uses to look up the symmetric key to use for the si=
gnature check, but that could just be included in=0A token anyway without h=
older-of-key.=0A> =0A> I really don't see how this works with symmetric key=
s in any useful way that's not easier via another method like MAC tokens?=
=0A> =0A> =0A> From: prateek mishra =0A> To: "Ts=
chofenig, Hannes (NSN - FI/Espoo)"  =0A> Cc: oau=
th@ietf.org =0A> Sent: Tuesday, July 10, 2012 12:00 PM=0A> Subject: Re: [OA=
UTH-WG] Holder-of-the-Key for OAuth=0A> =0A> Hannes,=0A> =0A> we have a var=
iety of use-cases wherein a single server ("client") repeatedly interacts w=
ith a resource server for business purposes. These interactions may be on-b=
ehalf-of=0A> a single user or=0A even multiple users. In such a use-case, u=
se of assymetric signature imposes an unacceptable performance penalty and =
there is a lot of interest in being able=0A> to use symmetric signature ins=
tead.=0A> =0A> - prateek=0A>> Hi Prateek,=0A>>=A0 =0A>> why do you care abo=
ut the symmetric key case?=0A>> Specifying more variants requires more code=
 and decreases interoperability.=0A>>=A0 =0A>> Ciao=0A>> Hannes=0A>>=A0 =0A=
>>=A0 =0A>> From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On=
 Behalf Of ext prateek mishra=0A>> Sent: Tuesday, July 10, 2012 8:42 PM=0A>=
> To: oauth@ietf.org=0A>> Subject: Re: [OAUTH-WG]=0A Holder-of-the-Key for =
OAuth=0A>>=A0 =0A>> As Phil Hunt suggests, there is a need for a discussion=
 of the use-cases involved=0A>> =0A>> How to bind the key to the requestor =
may have several variations, I would hope the work would cover a broad rang=
e=0A>> =0A>> Given the importance of the symmetric key case, I would also b=
e interested in key establishment methods as well=0A>> =0A>> =0A>> =0A>> Wh=
en I say arguably,=A0 I expect you to argue.=A0 =0A>>=A0 =0A>> John B. =0A>=
>=A0 =0A>> Sent from my iPhone=0A>>=A0 =0A>> On 2012-07-10, at 1:01 PM, Ant=
hony Nadalin  wrote:=0A>>=A0 =0A>> Binding the key t=
o the channel is arguably the most secure=0A>>=A0 =0A>> Not really, there a=
re hardware=0A options that give good security properties=0A>>=A0 =0A>> ---=
--Original Message-----=0A>> From: John Bradley [mailto:ve7jtb@ve7jtb.com] =
=0A>> Sent: Tuesday, July 10, 2012 9:55 AM=0A>> To: Hannes Tschofenig=0A>> =
Cc: Anthony Nadalin; Hannes Tschofenig; OAuth WG=0A>> Subject: Re: [OAUTH-W=
G] Holder-of-the-Key for OAuth=0A>>=A0 =0A>> Binding the key to the channel=
 is arguably the most secure. =0A>>=A0 =0A>> SSL offloading and other facto=
rs may prevent that from working in all cases. =0A>>=A0 =0A>> I suspect tha=
t we will need two OAuth bindings. One for TLS and one for signed message. =
=0A>>=A0 =0A>> John B.=A0 =0A>>=A0 =0A>> Sent from my iPhone=0A>>=A0 =0A>> =
On 2012-07-10, at 12:11 PM, Hannes Tschofenig  w=
rote:=0A>>=A0 =0A>> If we do not bind the key to the channel than we will r=
un into all sorts of problems. The current MAC specification illustrates th=
at quite nicely. On top of that you can re-use the established security cha=
nnel for the actual data exchange. =0A>>=A0 =0A>> On Jul 10, 2012, at 5:29 =
PM, Anthony Nadalin wrote:=0A>>=A0 =0A>> One question is if we want to do a=
 generic proof of possession for JWT that is useful outside OAuth,=A0 or so=
mething OAuth specific.=A0 =A0 The answer may be a combined approach.=0A>>=
=A0 =0A>> Depends if we want OAuth to support the concept of a request/resp=
onse for a proof token and keep the actual binding for a separate specifica=
tion, in most of our cases the keying material is opaque (and just a blob),=
 where we care=0A about the key material=A0 is in the key agreement (entrop=
y) cases.=0A>>=A0 =0A>> -----Original Message-----=0A>> From: John Bradley =
[mailto:ve7jtb@ve7jtb.com] =0A>> Sent: Tuesday, July 10, 2012 3:34 AM=0A>> =
To: Hannes Tschofenig=0A>> Cc: Anthony Nadalin; OAuth WG=0A>> Subject: Re: =
[OAUTH-WG] Holder-of-the-Key for OAuth=0A>>=A0 =0A>> I agree that there are=
 use-cases for all of the proof of possession mechanisms.=0A>>=A0 =0A>> Pre=
sentment methods also need to be considered.=A0 =0A>>=A0 =0A>> TLS client a=
uth may not always be the best option.=A0 Sometimes message signing is more=
 appropriate.=0A>>=A0 =0A>> One question is if we want to do a generic proo=
f of possession for JWT that is useful outside OAuth,=A0 or something OAuth=
 specific.=A0 =A0=0A The answer may be a combined approach.=0A>>=A0 =0A>> I=
 think this is a good start to get discussion going.=0A>>=A0 =0A>> John B.=
=0A>> On 2012-07-09, at 3:05 PM, Hannes Tschofenig wrote:=0A>>=A0 =0A>> Hi =
Tony, =0A>>=A0 =0A>> I had to start somewhere. I had chosen the asymmetric =
version since it provides good security properties and there is already the=
 BrowserID/OBC work that I had in the back of my mind. I am particularly in=
terested to illustrate that you can accomplish the same, if not better, cha=
racteristics than BrowserID by using OAuth instead of starting from scratch=
. =0A>>=A0 =0A>> Regarding the symmetric keys: The asymmetric key can be re=
-used but with a symmetric key holder-of-the-key you would have to request =
a fresh one every time in order to accomplish comparable security benefits.=
 =0A>>=A0 =0A>> Ciao=0A>>=0A Hannes=0A>>=A0 =0A>> On Jul 9, 2012, at 9:57 P=
M, Anthony Nadalin wrote:=0A>>=A0 =0A>> Hannes, thanks for drafting this, c=
ouple of comments:=0A>>=A0 =0A>> 1. HOK is one of Proof of Possession metho=
ds, should we consider others?=0A>> 2. This seems just to handle asymmetric=
 keys, need to also handle symmetric keys=0A>>=A0 =0A>>=A0 =0A>> -----Origi=
nal Message-----=0A>> From: oauth-bounces@ietf.org [mailto:oauth-bounces@ie=
tf.org] On Behalf Of Hannes Tschofenig=0A>> Sent: Monday, July 09, 2012 11:=
15 AM=0A>> To: OAuth WG=0A>> Subject: [OAUTH-WG] Holder-of-the-Key for OAut=
h=0A>>=A0 =0A>> Hi guys, =0A>>=A0 =0A>> today I submitted a short document=
=0A that illustrates the concept of holder-of-the-key for OAuth. =0A>> Here=
 is the document: =0A>> https://datatracker.ietf.org/doc/draft-tschofenig-o=
auth-hotk=0A>>=A0 =0A>> Your feedback is welcome =0A>>=A0 =0A>> Ciao=0A>> H=
annes=0A>>=A0 =0A>> _______________________________________________=0A>> OA=
uth mailing list=0A>> OAuth@ietf.org=0A>> https://www.ietf.org/mailman/list=
info/oauth=0A>>=A0 =0A>>=A0 =0A>>=A0 =0A>>=A0 =0A>>=A0 =0A>>=A0 =0A>> _____=
__________________________________________=0A>> OAuth mailing list=0A>> OAu=
th@ietf.org=0A>> https://www.ietf.org/mailman/listinfo/oauth=0A>>=A0 =0A>>=
=A0 =0A>>=A0 =0A>>=A0 =0A>>=A0 =0A>>=A0 =0A>>=A0 =0A>>=A0 =0A>>=A0 =0A>> =
=0A>> =0A>> =0A>> _______________________________________________=0A>> OAut=
h mailing list=0A>> OAuth@ietf.org=0A>> https://www.ietf.org/mailman/listin=
fo/oauth=0A>>=A0 =0A> =0A> =0A> =0A> ______________________________________=
_________=0A> OAuth mailing list=0A> OAuth@ietf.org=0A> https://www.ietf.or=
g/mailman/listinfo/oauth=0A> =0A> =0A> ____________________________________=
___________=0A> OAuth mailing list=0A> OAuth@ietf.org=0A> https://www.ietf.=
org/mailman/listinfo/oauth=0A=0A=0A=0A=0A__________________________________=
_____________=0AOAuth mailing list=0AOAuth@ietf.org=0Ahttps://www.ietf.org/=
mailman/listinfo/oauth
---1055047407-201487617-1342212184=:51204
Content-Type: text/html; charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable


The more I think about this the more I think that HoK is really more=
 or an informational type RFC if anything.  If you really want a clear=
text part so as not to encrypt a certificate or something then OK, but in the end all our extant token types can sup=
port the HoK token payload.  In profiles where we already have a trans=
action signature nothing more is needed.   And if you want to apply it=
 to something like Bearer, then you should be using MAC=
 instead.

=

We could theoretically wedge it in to the=
 client authentication mechanism, but why?


  
 
 
  
  From: William Mills <wmills_92105@yaho=
o.com>
 To: Hannes T=
schofenig <hannes.tschofenig@gmx.net> 
Cc: "oauth@ietf.org" <oauth@ietf.org> 
 <=
span style=3D"font-weight: bold;">Sent: Wednesday, July 11, 2012=
 9:52 AM
 Subject: Re: =
[OAUTH-WG] Holder-of-the-Key for OAuth
  
 
=0A
Having re-read this I think I now understand=
 how symmetric would work.  In the HOK model as I think of it we have =
3 basic parts:  opaque token stuff, asserted client key, and server si=
gnature.  The asserted client key could be:

-=09a public key
-=09a certificate
-=09an e=
ncrypted symmetric key
-=09other?

For symmetric key it would act as a key distribution for clients t=
o the
 endpoints, so it would be doing a similar thing for symmetric keys that it=
 would for PK, e.g. key=0A distribution and trust.  In the end the token itself can contain the asserted key, MAC=
 tokens can support this concept now in fact.  The relying endpoint wo=
uld extract the secret from the token to check the signature.  =
For the PK case you don't have to encrypt t=
he asserted key, which is a little cheaper.

-bi=
ll

  
 
  
  =
From: Hannes Tschofenig <ha=
nnes.tschofenig@gmx.net>
 To: William Mills=0A <wmills_92105@yahoo.com> 
Cc: Hannes Tschofenig <hannes.tschofen=
ig@gmx.net>; prateek mishra <prateek.mishra@oracle.com>; "Tschofen=
ig, Hannes (NSN - FI/Espoo)" <hannes.tschofenig@nsn.com>; "oauth@ietf=
.org" <oauth@ietf.org> 
 Sent=
: Tuesday, July 10, 2012 11:23 PM
 Subject: Re: [OAUTH-WG] Holder-of-the-Key for OAuth  
 
=0AI also fail to see the value of a symmetric holder=
-of-the-key solution and I don't buy the performance argument either (parti=
cularly since we are using a short key length here.

I hope that this=
 is not the "let us replicate all the work we had done in some other crazy =
enterprise identity management solution so far." approach. 


On J=
ul 10, 2012, at 11:26 PM, William Mills wrote:

> OK, but why do y=
ou need holder-of-key then?  I think holder-of-key gets significantly =
weird in the symmetric key case.   In the PKI case the token has (publ=
ic_key, token, signature(public_key, token, serversecret)).  How will =
the server assert something in the credential that's useful in place of a p=
lublic key (or certificate)?  I think the best case there is that the =
server is asserting a client name which the protected resource uses to look=
 up the symmetric key to use for the signature check, but that could just b=
e included in=0A token anyway without holder-of-key.
> 
> I rea=
lly don't see how this works with symmetric keys in any useful way that's n=
ot easier via another method like MAC tokens?
> 
> 
> Fro=
m: prateek mishra <pra=
teek.mishra@oracle.com>
> To: "Tschofenig, Hannes (NSN - FI/Es=
poo)" <hannes.tschofen=
ig@nsn.com> 
> Cc: oauth@ietf.org<=
/a> 
> Sent: Tuesday, July 10, 2012 12:00 PM
> Subject: Re: [OA=
UTH-WG] Holder-of-the-Key for OAuth
> 
> Hannes,
> 
&g=
t; we have a variety of use-cases wherein a single server ("client") repeat=
edly interacts with a resource
 server for business purposes. These interactions may be on-behalf-of
&g=
t; a single user or=0A even multiple users. In such a use-case, use of assy=
metric signature imposes an unacceptable performance penalty and there is a=
 lot of interest in being able
> to use symmetric signature instead.<=
br>> 
> - prateek
>> Hi Prateek,
>>  
&g=
t;> why do you care about the symmetric key case?
>> Specifying=
 more variants requires more code and decreases interoperability.
>&g=
t;  
>> Ciao
>> Hannes
>>  
>>=
;  
>> From: oaut=
h-bounces@ietf.org [mailto:=
oauth-bounces@ietf.org] On Behalf Of ext prateek mishra
>> Sen=
t: Tuesday, July 10, 2012 8:42 PM
>> To: oauth@ietf.org
>=
;> Subject: Re: [OAUTH-WG]=0A Holder-of-the-Key for OAuth
>>&nb=
sp; 
>> As Phil Hunt suggests, there is a need for a discussion of=
 the use-cases involved
>> 
>> How to bind the key to the=
 requestor may have several variations, I would hope the work would cover a=
 broad range
>> 
>> Given the importance of the symmetric=
 key case, I would also be interested in key establishment methods as well<=
br>>> 
>> 
>> 
>> When I say arguably,&nbs=
p; I expect you to argue.  
>>   
>> John B. >>   
>> Sent from my iPhone
>>   
&=
gt;> On 2012-07-10, at 1:01 PM, Anthony Nadalin <tonynad@microsoft.com> wrote:
>> =
;  
>> Binding the key to the channel is arguably the most secure<=
br>>>   
>>
 Not really, there are hardware=0A options that give good security properti=
es
>>   
>> -----Original Message-----
>> F=
rom: John Bradley [mailto:ve7jtb@ve7jtb.c=
om] 
>> Sent: Tuesday, July 10, 2012 9:55 AM
>> To: H=
annes Tschofenig
>> Cc: Anthony Nadalin; Hannes Tschofenig; OAuth =
WG
>> Subject: Re: [OAUTH-WG] Holder-of-the-Key for OAuth
>&=
gt;   
>> Binding the key to the channel is arguably the most=
 secure. 
>>   
>> SSL offloading and other factors =
may prevent that from working in all cases. 
>>   
>>=
; I suspect that we will need two OAuth bindings. One for TLS and one for s=
igned message. 
>>   
>> John B.  
>>&=
nbsp;  
>> Sent from my iPhone
>>   
>> On =
2012-07-10, at 12:11 PM, Hannes
 Tschofenig <hannes.ts=
chofenig@gmx.net> wrote:
>>   
>> If we do no=
t bind the key to the channel than we will run into all sorts of problems. =
The current MAC specification illustrates that quite nicely. On top of that=
 you can re-use the established security channel for the actual data exchan=
ge. 
>>   
>> On Jul 10, 2012, at 5:29 PM, Anthony N=
adalin wrote:
>>   
>> One question is if we want to=
 do a generic proof of possession for JWT that is useful outside OAuth,&nbs=
p; or something OAuth specific.    The answer may be a combined a=
pproach.
>>   
>> Depends if we want OAuth to suppor=
t the concept of a request/response for a proof token and keep the actual b=
inding for a separate specification, in most of our cases the keying
 material is opaque (and just a blob), where we care=0A about the key mater=
ial  is in the key agreement (entropy) cases.
>>   
&=
gt;> -----Original Message-----
>> From: John Bradley [mailto:<=
a rel=3D"nofollow" ymailto=3D"mailto:ve7jtb@ve7jtb.com" target=3D"_blank" h=
ref=3D"mailto:ve7jtb@ve7jtb.com">ve7jtb@ve7jtb.com] 
>> Sent: =
Tuesday, July 10, 2012 3:34 AM
>> To: Hannes Tschofenig
>>=
; Cc: Anthony Nadalin; OAuth WG
>> Subject: Re: [OAUTH-WG] Holder-=
of-the-Key for OAuth
>>   
>> I agree that there are=
 use-cases for all of the proof of possession mechanisms.
>> =
  
>> Presentment methods also need to be considered.   
&=
gt;>   
>> TLS client auth may not always be the best opti=
on.  Sometimes message signing is more appropriate.
>>  =
 
>> One question is if we want to do a generic proof of possessio=
n for JWT that is useful outside OAuth,  or
 something OAuth specific.   =0A The answer may be a combined app=
roach.
>>   
>> I think this is a good start to get =
discussion going.
>>   
>> John B.
>> On 20=
12-07-09, at 3:05 PM, Hannes Tschofenig wrote:
>>   
>&=
gt; Hi Tony, 
>>   
>> I had to start somewhere. I h=
ad chosen the asymmetric version since it provides good security properties=
 and there is already the BrowserID/OBC work that I had in the back of my m=
ind. I am particularly interested to illustrate that you can accomplish the=
 same, if not better, characteristics than BrowserID by using OAuth instead=
 of starting from scratch. 
>>   
>> Regarding the s=
ymmetric keys: The asymmetric key can be re-used but with a symmetric key h=
older-of-the-key you would have to request a fresh one every time in order =
to accomplish comparable security benefits. 
>>   
>>=
; Ciao
>>=0A Hannes
>>   
>> On Jul 9, 2012=
, at 9:57 PM, Anthony Nadalin wrote:
>>   
>> Hannes=
, thanks for drafting this, couple of comments:
>>   
>=
> 1. HOK is one of Proof of Possession methods, should we consider other=
s?
>> 2. This seems just to handle asymmetric keys, need to also h=
andle symmetric keys
>>   
>>   
>> --=
---Original Message-----
>> From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On Behalf Of Hannes Tschofenig=

>> Sent: Monday, July 09, 2012 11:15 AM
>> To: OAuth WG<=
br>>> Subject: [OAUTH-WG] Holder-of-the-Key for OAuth
>>&nbs=
p;  
>> Hi guys,
 
>>   
>> today I submitted a short document=0A tha=
t illustrates the concept of holder-of-the-key for OAuth. 
>> Here=
 is the document: 
>> https://d=
atatracker.ietf.org/doc/draft-tschofenig-oauth-hotk
>>   =

>> Your feedback is welcome 
>>   
>> Ciao=

>> Hannes
>>   
>> _______________________=
________________________
>> OAuth mailing list
>> OAuth@ietf.org
>> https:=
//www.ietf.org/mailman/listinfo/oauth
>>   
>>&n=
bsp;  
>>   
>>   
>>   
>&=
gt;   
>> _______________________________________________
=
>>
 OAuth mailing list
>> OAuth@ietf.org<=
/a>
>> https://www.ietf.org/mailman/listinfo/oauth=

>>   
>>   
>>   
>>=
;   
>>   
>>   
>>   
&g=
t;>   
>>   
>> 
>> 
>> >> _______________________________________________
>> OAut=
h mailing list
>> OAuth@ietf.org>> https://www.ietf.org/mailman/listinfo/oauth<=
br>>>  
> 
> 
> 
>
 _______________________________________________
> OAuth mailing list=

> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth
> 
> 
&=
gt; _______________________________________________
> OAuth mailing l=
ist
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth



 <=
/div> 
  

_______________________________________=
________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth

<=
br> 
 
  

---1055047407-201487617-1342212184=:51204--

From Michael.Jones@microsoft.com  Fri Jul 13 16:41:32 2012
Return-Path: 
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2DE1721F859A for ; Fri, 13 Jul 2012 16:41:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.81
X-Spam-Level: 
X-Spam-Status: No, score=-3.81 tagged_above=-999 required=5 tests=[AWL=-0.211,  BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id krvspM+8PiZH for ; Fri, 13 Jul 2012 16:41:31 -0700 (PDT)
Received: from co1outboundpool.messaging.microsoft.com (co1ehsobe005.messaging.microsoft.com [216.32.180.188]) by ietfa.amsl.com (Postfix) with ESMTP id 359AA21F8595 for ; Fri, 13 Jul 2012 16:41:31 -0700 (PDT)
Received: from mail172-co1-R.bigfish.com (10.243.78.252) by CO1EHSOBE015.bigfish.com (10.243.66.78) with Microsoft SMTP Server id 14.1.225.23; Fri, 13 Jul 2012 23:42:08 +0000
Received: from mail172-co1 (localhost [127.0.0.1])	by mail172-co1-R.bigfish.com (Postfix) with ESMTP id E410570015F; Fri, 13 Jul 2012 23:42:07 +0000 (UTC)
X-Forefront-Antispam-Report: CIP:131.107.125.8; KIP:(null); UIP:(null); IPV:NLI; H:TK5EX14HUBC102.redmond.corp.microsoft.com; RD:none; EFVD:NLI
X-SpamScore: -27
X-BigFish: VS-27(zz9371I542M14ffIzz1202hzz1033IL8275dhz2fh2a8h668h839h944hd25hf0ah107ah)
Received-SPF: pass (mail172-co1: domain of microsoft.com designates 131.107.125.8 as permitted sender) client-ip=131.107.125.8; envelope-from=Michael.Jones@microsoft.com; helo=TK5EX14HUBC102.redmond.corp.microsoft.com ; icrosoft.com ; 
Received: from mail172-co1 (localhost.localdomain [127.0.0.1]) by mail172-co1 (MessageSwitch) id 1342222926209823_8136; Fri, 13 Jul 2012 23:42:06 +0000 (UTC)
Received: from CO1EHSMHS027.bigfish.com (unknown [10.243.78.225])	by mail172-co1.bigfish.com (Postfix) with ESMTP id 319166C005C; Fri, 13 Jul 2012 23:42:06 +0000 (UTC)
Received: from TK5EX14HUBC102.redmond.corp.microsoft.com (131.107.125.8) by CO1EHSMHS027.bigfish.com (10.243.66.37) with Microsoft SMTP Server (TLS) id 14.1.225.23; Fri, 13 Jul 2012 23:42:06 +0000
Received: from TK5EX14MBXC285.redmond.corp.microsoft.com ([169.254.3.222]) by TK5EX14HUBC102.redmond.corp.microsoft.com ([157.54.7.154]) with mapi id 14.02.0309.003; Fri, 13 Jul 2012 23:42:05 +0000
From: Mike Jones 
To: Hannes Tschofenig , "oauth@ietf.org WG" 
Thread-Topic: [OAUTH-WG] Meeting slot for the Vancouver IETF meeting requested
Thread-Index: AQHNQJPQNMAQIgZ/gke413DmiJD+qZcoH9Bw
Date: Fri, 13 Jul 2012 23:42:04 +0000
Message-ID: <4E1F6AAD24975D4BA5B16804296739436672BBBE@TK5EX14MBXC285.redmond.corp.microsoft.com>
References: <09CE58C6-9409-4E28-B4CA-DC76C37B898E@gmx.net>
In-Reply-To: <09CE58C6-9409-4E28-B4CA-DC76C37B898E@gmx.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-originating-ip: [157.54.51.74]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
Subject: Re: [OAUTH-WG] Meeting slot for the Vancouver IETF meeting requested
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG 
List-Unsubscribe: , 
List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: , 
X-List-Received-Date: Fri, 13 Jul 2012 23:41:32 -0000

I'm willing to do 5 minutes on the status of the Core and Bearer documents.

I'm willing to give an update on JWT and the JWT Bearer - probably 15 minut=
es.  It's probably good that we're a day after the JOSE WG meeting, given t=
he JWT dependency upon the JOSE specs.

I'm willing to be part of a discussion on the Assertions draft, but would a=
ppreciate doing this with Brian and/or Chuck - I'm guessing 15 minutes for =
that as well.  (I'm not certain this will be needed, but I'd like to review=
 the recent changes before saying that it's not.)

Looking forward to seeing many of you in Vancouver!

				-- Mike

-----Original Message-----
From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On Behalf Of H=
annes Tschofenig
Sent: Saturday, June 02, 2012 12:46 AM
To: oauth@ietf.org WG
Subject: [OAUTH-WG] Meeting slot for the Vancouver IETF meeting requested

Hi all,=20

I have requested a 2,5 hour slot for the upcoming meeting.=20

While the next meeting is still a bit away it is nevertheless useful to hea=
r=20
* whether you plan to attend the next meeting, and=20
* whether you want to present something.=20

I could imagine that these documents will be discussed:
* draft-ietf-oauth-dyn-reg
* draft-ietf-oauth-json-web-token
* draft-ietf-oauth-jwt-bearer
* draft-ietf-oauth-revocation
* draft-ietf-oauth-use-cases

To the draft authors of these docuemnts: Please think about the open issues=
 and drop a mail to the list so that we make some progress already before t=
he face-to-face meeting.=20

I am assume that the following documents do not require any discussion time=
 at the upcoming IETF meeting anymore:
* draft-ietf-oauth-assertions
* draft-ietf-oauth-saml2-bearer
* draft-ietf-oauth-urn-sub-ns
* draft-ietf-oauth-v2
* draft-ietf-oauth-v2-bearer

Ciao
Hannes

_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth



From Michael.Jones@microsoft.com  Sat Jul 14 12:59:29 2012
Return-Path: 
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E0FBD21F85D5 for ; Sat, 14 Jul 2012 12:59:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.503
X-Spam-Level: 
X-Spam-Status: No, score=-3.503 tagged_above=-999 required=5 tests=[AWL=-0.505, BAYES_00=-2.599, HTML_MESSAGE=0.001, J_CHICKENPOX_22=0.6, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id f5wmZUvnOntN for ; Sat, 14 Jul 2012 12:59:28 -0700 (PDT)
Received: from am1outboundpool.messaging.microsoft.com (am1ehsobe005.messaging.microsoft.com [213.199.154.208]) by ietfa.amsl.com (Postfix) with ESMTP id AE32721F85CE for ; Sat, 14 Jul 2012 12:59:27 -0700 (PDT)
Received: from mail13-am1-R.bigfish.com (10.3.201.234) by AM1EHSOBE008.bigfish.com (10.3.204.28) with Microsoft SMTP Server id 14.1.225.23; Sat, 14 Jul 2012 20:00:06 +0000
Received: from mail13-am1 (localhost [127.0.0.1])	by mail13-am1-R.bigfish.com (Postfix) with ESMTP id 7784420566; Sat, 14 Jul 2012 20:00:06 +0000 (UTC)
X-Forefront-Antispam-Report: CIP:131.107.125.8; KIP:(null); UIP:(null); IPV:NLI; H:TK5EX14MLTC103.redmond.corp.microsoft.com; RD:none; EFVD:NLI
X-SpamScore: -24
X-BigFish: VS-24(zz98dI9371I936eIc85fh1447Izz1202hzz1033IL8275bh8275dhz2fh2a8h668h839hd25hf0ah107ah)
Received-SPF: pass (mail13-am1: domain of microsoft.com designates 131.107.125.8 as permitted sender) client-ip=131.107.125.8; envelope-from=Michael.Jones@microsoft.com; helo=TK5EX14MLTC103.redmond.corp.microsoft.com ; icrosoft.com ; 
Received: from mail13-am1 (localhost.localdomain [127.0.0.1]) by mail13-am1 (MessageSwitch) id 134229600484113_18253; Sat, 14 Jul 2012 20:00:04 +0000 (UTC)
Received: from AM1EHSMHS016.bigfish.com (unknown [10.3.201.250])	by mail13-am1.bigfish.com (Postfix) with ESMTP id 082B916003F; Sat, 14 Jul 2012 20:00:04 +0000 (UTC)
Received: from TK5EX14MLTC103.redmond.corp.microsoft.com (131.107.125.8) by AM1EHSMHS016.bigfish.com (10.3.207.154) with Microsoft SMTP Server (TLS) id 14.1.225.23; Sat, 14 Jul 2012 20:00:03 +0000
Received: from TK5EX14MBXC285.redmond.corp.microsoft.com ([169.254.3.222]) by TK5EX14MLTC103.redmond.corp.microsoft.com ([157.54.79.174]) with mapi id 14.02.0298.005; Sat, 14 Jul 2012 20:00:00 +0000
From: Mike Jones 
To: John Bradley , Dick Hardt 
Thread-Topic: [OAUTH-WG] Mail regarding draft-ietf-oauth-v2
Thread-Index: AQHNYIvC/ieHaUgV50Sr+iVNhMLxO5cnDZYAgAInpBA=
Date: Sat, 14 Jul 2012 19:59:59 +0000
Message-ID: <4E1F6AAD24975D4BA5B168042967394366730A85@TK5EX14MBXC285.redmond.corp.microsoft.com>
References:   <6785B651-064E-4E81-9E6C-38A47C499E29@ve7jtb.com>
In-Reply-To: <6785B651-064E-4E81-9E6C-38A47C499E29@ve7jtb.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-originating-ip: [157.54.51.32]
Content-Type: multipart/alternative; boundary="_000_4E1F6AAD24975D4BA5B168042967394366730A85TK5EX14MBXC285r_"
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
Cc: "draft-ietf-oauth-v2@tools.ietf.org" , "Honton, Charles" , "oauth@ietf.org WG" 
Subject: Re: [OAUTH-WG] Mail regarding draft-ietf-oauth-v2
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG 
List-Unsubscribe: , 
List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: , 
X-List-Received-Date: Sat, 14 Jul 2012 19:59:30 -0000

--_000_4E1F6AAD24975D4BA5B168042967394366730A85TK5EX14MBXC285r_
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

I'd also like to see Core -29 and Bearer -22 go to the RFC Editor.

                                                            -- Mike

From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On Behalf Of J=
ohn Bradley
Sent: Friday, July 13, 2012 4:05 AM
To: Dick Hardt
Cc: draft-ietf-oauth-v2@tools.ietf.org; Honton, Charles; oauth@ietf.org WG
Subject: Re: [OAUTH-WG] Mail regarding draft-ietf-oauth-v2

FRom what I can see in a similar discussion Eran pointed out that this is a=
 direct communication, communication between the client and token endpoint.

Server Error and temporarily unavailable are not OAuth specific and are han=
dled by existing HTTP error codes.

I don't see a need for a change.

Unless something else dramatic comes up I would like to see draft 29 go to =
the RFC editor.

(Though one person mentioned to me that 30 is a nicer number:)

John B.

On 2012-07-12, at 8:09 PM, Dick Hardt wrote:


Charles

Thanks for the suggestion. I just did publish a new draft that included a n=
umber of items that had been discussed and I would like to get some feedbac=
k on your suggestion before incorporating it (or not).

Does anyone have feedback on the change below? (+/-)

-- Dick

On Jul 12, 2012, at 1:45 PM, Honton, Charles wrote:


E. Hammer, D. Recordon, D. Hardt, et.al,

I'm looking at draft 28 (http://tools.ietf.org/html/draft-ietf-oauth-v2-28)=
.

In Section 5.2 the error code should probably include:


       server_error

               The authorization server encountered an unexpected

               condition which prevented it from fulfilling the request.

         temporarily_unavailable

               The authorization server is currently unable to handle

               the request due to a temporary overloading or maintenance

               of the server.


Regards,
chas


_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth


--_000_4E1F6AAD24975D4BA5B168042967394366730A85TK5EX14MBXC285r_
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable











I’d also like to se=
e Core -29 and Bearer -22 go to the RFC Editor.


 <=
/p>

    &=
nbsp;           &nbs=
p;            &=
nbsp;           &nbs=
p;            &=
nbsp;     -- Mike


 <=
/p>





From: oauth-bo=
unces@ietf.org [mailto:oauth-bounces@ietf.org]
On Behalf Of John Bradley

Sent: Friday, July 13, 2012 4:05 AM

To: Dick Hardt

Cc: draft-ietf-oauth-v2@tools.ietf.org; Honton, Charles; oauth@ietf.=
org WG

Subject: Re: [OAUTH-WG] Mail regarding draft-ietf-oauth-v2






 


FRom what I can see in a similar discussion Eran poi=
nted out that this is a direct communication, communication between the cli=
ent and token endpoint.




 






Server Error and temporarily unavailable are not OAu=
th specific and are handled by existing HTTP error codes.






 






I don't see a need for a change.






 






Unless something else dramatic comes up I would like=
 to see draft 29 go to the RFC editor.






 






(Though one person mentioned to me that 30 is a nice=
r number:)






 






John B.






 






On 2012-07-12, at 8:09 PM, Dick Hardt wrote:













Charles




 






Thanks for the suggestion. I just did publish a new =
draft that included a number of items that had been discussed and I would l=
ike to get some feedback on your suggestion before incorporating it (or not=
).






 






Does anyone have feedback on the change below? (+=
;/-)






 






-- Dick








 






On Jul 12, 2012, at 1:45 PM, Honton, Charles wrote:<=
o:p>















E. Hammer, D. Recordon, D. =
Hardt, et.al,






 





I'm looking at draft 28 (http://tools.ie=
tf.org/html/draft-ietf-oauth-v2-28).






 





In Section 5.2 the error co=
de should probably include:






 



       server_error


           =
;    The authorization server encountered an unexpected=



           =
;    condition which prevented it from fulfilling the reques=
t.


         temporarily_unav=
ailable


           &nbs=
p;   The authorization server is currently unable to handle<=
o:p>


           =
;    the request due to a temporary overloading or maintenan=
ce


           =
;    of the server.





 





Regards,<=
/p>







chas






 







 








_______________________________________________

OAuth mailing list

OAuth@ietf.org

https://www.ietf.or=
g/mailman/listinfo/oauth




 








--_000_4E1F6AAD24975D4BA5B168042967394366730A85TK5EX14MBXC285r_--

From dick.hardt@gmail.com  Sat Jul 14 17:18:21 2012
Return-Path: 
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1D42621F84B5 for ; Sat, 14 Jul 2012 17:18:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.267
X-Spam-Level: 
X-Spam-Status: No, score=-3.267 tagged_above=-999 required=5 tests=[AWL=-0.269, BAYES_00=-2.599, HTML_MESSAGE=0.001, J_CHICKENPOX_22=0.6, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QOGN6WFcbqzT for ; Sat, 14 Jul 2012 17:18:19 -0700 (PDT)
Received: from mail-pb0-f44.google.com (mail-pb0-f44.google.com [209.85.160.44]) by ietfa.amsl.com (Postfix) with ESMTP id 3D32221F84AF for ; Sat, 14 Jul 2012 17:18:12 -0700 (PDT)
Received: by pbcwy7 with SMTP id wy7so8140314pbc.31 for ; Sat, 14 Jul 2012 17:18:52 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=subject:mime-version:content-type:from:in-reply-to:date:cc :message-id:references:to:x-mailer; bh=CdiMR4mXyz7vNoMXa8QqNyrkj6HyFO9BQrSTY6f4Xjs=; b=ioPO07PNpuZSjJKHxwsuWuCwyz/61kgwGYlQRpNVjAHZQ0TM0jOFM2s19zpNoIyTwq DVxvKHiVtR3kWirgHpAQprKk/jQbb5fGR5U2Ds42Q2VJlTUFK10sRDORtn9+0qGTfLh6 wnngt5OZgPIYleOP7igQ1nnEztfenNJ0iwyfRsdm+vX0lLips3KwOIVgV7mPyTj6x8ts DeRmqkX2lRdmgXWRrVNVS+5LW2YsicrQn96CLS+edaypnz/oPTjSXj4vEJ0ts14E1U19 suV5Oj3dGRbwa3nfBa9/6jOvk1kroZgHFWF7XsxhI9Bw+7ND1PRcHfK7IsII1deL1Z1Z vXug==
Received: by 10.66.87.66 with SMTP id v2mr12026377paz.71.1342311532471; Sat, 14 Jul 2012 17:18:52 -0700 (PDT)
Received: from [10.0.0.4] (c-24-5-69-173.hsd1.ca.comcast.net. [24.5.69.173]) by mx.google.com with ESMTPS id gh9sm8874529pbc.20.2012.07.14.17.18.50 (version=TLSv1/SSLv3 cipher=OTHER); Sat, 14 Jul 2012 17:18:51 -0700 (PDT)
Mime-Version: 1.0 (Apple Message framework v1278)
Content-Type: multipart/alternative; boundary="Apple-Mail=_084FFCD4-0940-4893-A613-BBE55C24522E"
From: Dick Hardt 
In-Reply-To: 
Date: Sat, 14 Jul 2012 17:18:49 -0700
Message-Id: 
References: 
To: "Honton, Charles" 
X-Mailer: Apple Mail (2.1278)
Cc: draft-ietf-oauth-v2@tools.ietf.org, "oauth@ietf.org WG" 
Subject: Re: [OAUTH-WG] Mail regarding draft-ietf-oauth-v2
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG 
List-Unsubscribe: , 
List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: , 
X-List-Received-Date: Sun, 15 Jul 2012 00:18:21 -0000

--Apple-Mail=_084FFCD4-0940-4893-A613-BBE55C24522E
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
	charset=windows-1252

Great suggestion Charles. I think this is a good clarification. I'll =
adjust the copy you sent to be what follows in a new draft published =
tomorrow evening (Sunday PT) unless someone objects.

-- Dick

In both sections 4.1.2.1 and 4.2.2.1:
=20
  server_error
       The authorization server encountered an unexpected
       condition which prevented it from fulfilling the request.=20
       This error code is needed because a 500 Internal Server
       Error HTTP status code cannot be returned to the client
       via a HTTP redirect.
  temporarily_unavailable
       The authorization server is currently unable to handle
       the request due to a temporary overloading or maintenance
       of the server.  This error code is needed because a 503 Service
       Unavailable HTTP status code cannot be returned to the client
       via a HTTP redirect.
=20

On Jul 13, 2012, at 9:45 AM, Honton, Charles wrote:

> Just to make sure I understand=85
>=20
> If  the Authorization Server returns a 5xx,  the User-Agent will =
immediately display a error message.
>=20
> If  the Authorization Server returns an error code in the redirect,  =
the Client can take alternative actions or appropriately message the =
error.
>=20
> If this is correct, perhaps a slight change in wording will explain =
the lack of symmetry in the error codes.=20
>=20
> In both sections 4.1.2.1 and 4.2.2.1:
>=20
> 	server_error
>                The authorization server encountered an unexpected
>                condition which prevented it from fulfilling the =
request.=20
> 	       Using this error code allows the Client to handle this=20
>                condition instead of the User-Agent
>          temporarily_unavailable
>                The authorization server is currently unable to handle
>                the request due to a temporary overloading or =
maintenance
>                of the server.  Using this error code allows the Client=20=

>                to handle this condition instead of the User-Agent
>=20
> Thanks,
> chas
>=20
> From: John Bradley 
> Date: Friday, July 13, 2012 9:08 AM
> To: Charles Honton 
> Cc: Dick Hardt , =
"draft-ietf-oauth-v2@tools.ietf.org" =
, "oauth@ietf.org WG" =

> Subject: Re: [OAUTH-WG] Mail regarding draft-ietf-oauth-v2
>=20
> 4.2.2.1 and 4.1.2.1 are error codes that are returned to the client =
through the browser via a 302 redirect.
>=20
> You can't send a 5xx error via a 302 redirect.
>=20
> That is why those need error messages specific to OAuth. =20
>=20
> Errors not being sent via redirect use normal http error codes.
>=20
> I thought that was clear.  Is there some general confusion on this?
>=20
> John B.
> On 2012-07-13, at 11:55 AM, Honton, Charles wrote:
>=20
>> Great! Because this question has come up multiple times, perhaps the =
rfc could explain the use of 5xx return code in addition to error_code.
>>=20
>> I must be missing something.  Why are  server_error and =
temporarily_unavailable specified in sections 4.2.2.1 and 4.1.2.1?  Is =
there a distinction between 5xx return code and error_code in these =
cases?
>>=20
>> Chas
>>=20
>> From: John Bradley 
>> Date: Friday, July 13, 2012 4:04 AM
>> To: Dick Hardt 
>> Cc: Charles Honton , =
"draft-ietf-oauth-v2@tools.ietf.org" =
, "oauth@ietf.org WG" =

>> Subject: Re: [OAUTH-WG] Mail regarding draft-ietf-oauth-v2
>>=20
>> FRom what I can see in a similar discussion Eran pointed out that =
this is a direct communication, communication between the client and =
token endpoint.
>>=20
>> Server Error and temporarily unavailable are not OAuth specific and =
are handled by existing HTTP error codes.
>>=20
>> I don't see a need for a change.
>>=20
>> Unless something else dramatic comes up I would like to see draft 29 =
go to the RFC editor.
>>=20
>> (Though one person mentioned to me that 30 is a nicer number:)
>>=20
>> John B.
>>=20
>> On 2012-07-12, at 8:09 PM, Dick Hardt wrote:
>>=20
>>> Charles
>>>=20
>>> Thanks for the suggestion. I just did publish a new draft that =
included a number of items that had been discussed and I would like to =
get some feedback on your suggestion before incorporating it (or not).
>>>=20
>>> Does anyone have feedback on the change below? (+/-)
>>>=20
>>> -- Dick
>>>=20
>>> On Jul 12, 2012, at 1:45 PM, Honton, Charles wrote:
>>>=20
>>>> E. Hammer, D. Recordon, D. Hardt, et.al,
>>>>=20
>>>> I'm looking at draft 28 =
(http://tools.ietf.org/html/draft-ietf-oauth-v2-28).
>>>>=20
>>>> In Section 5.2 the error code should probably include:
>>>>=20
>>>> 	server_error
>>>>                The authorization server encountered an unexpected
>>>>                condition which prevented it from fulfilling the =
request.
>>>>          temporarily_unavailable
>>>>                The authorization server is currently unable to =
handle
>>>>                the request due to a temporary overloading or =
maintenance
>>>>                of the server.
>>>>=20
>>>>=20
>>>> Regards,
>>>> chas
>>>>=20
>>>=20
>>> _______________________________________________
>>> OAuth mailing list
>>> OAuth@ietf.org
>>> https://www.ietf.org/mailman/listinfo/oauth
>>=20
>=20


--Apple-Mail=_084FFCD4-0940-4893-A613-BBE55C24522E
Content-Transfer-Encoding: quoted-printable
Content-Type: text/html;
	charset=windows-1252

In both sections 4.1.2.1 and =
4.2.2.1:
       =
  =
temporarily_unavailable
       The =
authorization server is currently unable to =
handle
       of =
the server.  This error code is needed because a 503 =
Service
       via a HTTP =
redirect.







Just to make sure I =
understand=85







If  the Authorization =
Server returns a 5xx,  the User-Agent will immediately display =
a error message.







If  the Authorization =
Server returns an error code in the redirect,  the Client can take =
alternative actions or appropriately message the error.







If this is correct, perhaps a =
slight change in wording will explain the lack of symmetry in the error =
codes. 







In both sections 4.1.2.1 and =
4.2.2.1:









	server_error
               The authorization server encountered an unexpected
               condition which prevented it from fulfilling the =
request. 


	       Using this error code =
allows the Client to handle this 


               condition =
instead of the User-Agent
         temporarily_unavailable
               The authorization server is currently unable to handle
               the request due to a temporary overloading or maintenance
               of the server.  Using this error code allows the =
Client 


               to handle =
this condition instead of the User-Agent









Thanks,


chas









From: John Bradley <ve7jtb@ve7jtb.com>

Date: Friday, July 13, 2012 9:08 =
AM

To: Charles Honton <charles_honton@intuit.com>=
;

Cc: Dick Hardt <dick.hardt@gmail.com>, "draft-ietf-oauth-v2@too=
ls.ietf.org" <draft-ietf-oauth-v2@too=
ls.ietf.org>,
 "oauth@ietf.org WG" <oauth@ietf.org>

Subject: Re: [OAUTH-WG] Mail =
regarding draft-ietf-oauth-v2












4.2.2.1 and 4.1.2.1 are error codes that are returned to the client =
through the browser via a 302 redirect.






You can't send a 5xx error via a 302 redirect.







That is why those need error messages specific to OAuth. =
 







Errors not being sent via redirect use normal http error =
codes.







I thought that was clear.  Is there some general confusion on =
this?







John B.






On 2012-07-13, at 11:55 AM, Honton, Charles wrote:








Great! Because this question has come up multiple times, perhaps =
the rfc could explain the use of 5xx return code in addition to =
error_code.







I must be missing something.  Why are =
 server_error and =
temporarily_unavailable specified in sections 4.2.2.1 and =
4.1.2.1?  Is there a distinction between 5xx return code and =
error_code in these cases?







Chas









From: John Bradley <ve7jtb@ve7jtb.com>

Date: Friday, July 13, 2012 4:04 =
AM

To: Dick Hardt <dick.hardt@gmail.com>

Cc: Charles Honton <charles_honton@intuit.com>=
;, "draft-ietf-oauth-v2@too=
ls.ietf.org" <draft-ietf-oauth-v2@too=
ls.ietf.org>,
 "oauth@ietf.org WG" <oauth@ietf.org>

Subject: Re: [OAUTH-WG] Mail =
regarding draft-ietf-oauth-v2












FRom what I can see in a similar discussion Eran pointed out that this =
is a direct communication, communication between the client and token =
endpoint.






Server Error and temporarily unavailable are not OAuth specific and =
are handled by existing HTTP error codes.







I don't see a need for a change.







Unless something else dramatic comes up I would like to see draft =
29 go to the RFC editor.







(Though one person mentioned to me that 30 is a nicer =
number:)







John B.







On 2012-07-12, at 8:09 PM, Dick Hardt wrote:







Charles






Thanks for the suggestion. I just did publish a new draft that =
included a number of items that had been discussed and I would like to =
get some feedback on your suggestion before incorporating it (or =
not).







Does anyone have feedback on the change below? (+/-)







-- Dick









On Jul 12, 2012, at 1:45 PM, Honton, Charles wrote:








E. Hammer, D. Recordon, D. Hardt, et.al,













In Section 5.2 the error code should probably include:









	server_error
               The authorization server encountered an unexpected
               condition which prevented it from fulfilling the request.
         temporarily_unavailable
               The authorization server is currently unable to handle
               the request due to a temporary overloading or maintenance
               of the server.














Regards,




chas




















_______________________________________________

OAuth mailing list

OAuth@ietf.org

https://www.ietf.org/=
mailman/listinfo/oauth



































=

--Apple-Mail=_084FFCD4-0940-4893-A613-BBE55C24522E--

From ve7jtb@ve7jtb.com  Sat Jul 14 17:39:04 2012
Return-Path: 
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B946921F85DF for ; Sat, 14 Jul 2012 17:39:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.998
X-Spam-Level: 
X-Spam-Status: No, score=-2.998 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001, J_CHICKENPOX_22=0.6, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ynpwdt+s9-4x for ; Sat, 14 Jul 2012 17:39:03 -0700 (PDT)
Received: from mail-ob0-f172.google.com (mail-ob0-f172.google.com [209.85.214.172]) by ietfa.amsl.com (Postfix) with ESMTP id 5B93721F85DD for ; Sat, 14 Jul 2012 17:39:03 -0700 (PDT)
Received: by obbwc20 with SMTP id wc20so7913347obb.31 for ; Sat, 14 Jul 2012 17:39:43 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=subject:mime-version:content-type:from:in-reply-to:date:cc :message-id:references:to:x-mailer:x-gm-message-state; bh=847ao+OAombGbLiscUNkv3Qd50vzTgxVKKK64J7cZvI=; b=iofOvI0VkfpmysC4oNXbXmmQlGhqB3banJG/CK5A5zNK6qfTY5sqsDWKCnjDZ9wY0x uf7pwwC5lm3b2qNB9ansLRwW5jdd/qpiXJuftWoXQGS6/c2GFWHP32WygYokkefZCR29 8WVdaS94TduhCAsXnkTpffF4JqHkbwSq4zQB46EeqQh/BqydBCXjsKxVH7AKes/K5KZF U4/+9EiCwZdeWvaNUV3aGEZHhwRb5q0ZpBiUFeXqUaIED7aVCgOPVeaLXdoKq0vE7TMN RHJRx1wD0onjvQuGunCpG8KvcZqRaBAqPtcWSf2fhGylw3UhuzwkEXnkQTKTITG1nQhE Hv6A==
Received: by 10.60.21.103 with SMTP id u7mr8548934oee.49.1342312783433; Sat, 14 Jul 2012 17:39:43 -0700 (PDT)
Received: from [172.17.10.155] ([66.110.180.66]) by mx.google.com with ESMTPS id u5sm10116894obk.2.2012.07.14.17.39.41 (version=TLSv1/SSLv3 cipher=OTHER); Sat, 14 Jul 2012 17:39:42 -0700 (PDT)
Mime-Version: 1.0 (Apple Message framework v1278)
Content-Type: multipart/alternative; boundary="Apple-Mail=_BBD79A4B-FEB6-4CBC-A26A-E9774F0A4D9C"
From: John Bradley 
In-Reply-To: 
Date: Sat, 14 Jul 2012 18:39:39 -0600
Message-Id: 
References:  
To: Dick Hardt 
X-Mailer: Apple Mail (2.1278)
X-Gm-Message-State: ALoCoQn3/2DS0SIzQUxO2TiMSl6TsnHGKKVfpg2PYcyZmsdSJAkEp33tJgdEzTjgaqa7xFGJXrur
Cc: draft-ietf-oauth-v2@tools.ietf.org, "Honton, Charles" , "oauth@ietf.org WG" 
Subject: Re: [OAUTH-WG] Mail regarding draft-ietf-oauth-v2
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG 
List-Unsubscribe: , 
List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: , 
X-List-Received-Date: Sun, 15 Jul 2012 00:39:04 -0000

--Apple-Mail=_BBD79A4B-FEB6-4CBC-A26A-E9774F0A4D9C
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
	charset=windows-1252

I am OK with that wording.  It is not a change just a clarification that =
may make things clearer to developers.

John B.
On 2012-07-14, at 6:18 PM, Dick Hardt wrote:

> Great suggestion Charles. I think this is a good clarification. I'll =
adjust the copy you sent to be what follows in a new draft published =
tomorrow evening (Sunday PT) unless someone objects.
>=20
> -- Dick
>=20
> In both sections 4.1.2.1 and 4.2.2.1:
> =20
>   server_error
>        The authorization server encountered an unexpected
>        condition which prevented it from fulfilling the request.=20
>        This error code is needed because a 500 Internal Server
>        Error HTTP status code cannot be returned to the client
>        via a HTTP redirect.
>   temporarily_unavailable
>        The authorization server is currently unable to handle
>        the request due to a temporary overloading or maintenance
>        of the server.  This error code is needed because a 503 Service
>        Unavailable HTTP status code cannot be returned to the client
>        via a HTTP redirect.
> =20
>=20
> On Jul 13, 2012, at 9:45 AM, Honton, Charles wrote:
>=20
>> Just to make sure I understand=85
>>=20
>> If  the Authorization Server returns a 5xx,  the User-Agent will =
immediately display a error message.
>>=20
>> If  the Authorization Server returns an error code in the redirect,  =
the Client can take alternative actions or appropriately message the =
error.
>>=20
>> If this is correct, perhaps a slight change in wording will explain =
the lack of symmetry in the error codes.=20
>>=20
>> In both sections 4.1.2.1 and 4.2.2.1:
>>=20
>> 	server_error
>>                The authorization server encountered an unexpected
>>                condition which prevented it from fulfilling the =
request.=20
>> 	       Using this error code allows the Client to handle this=20
>>                condition instead of the User-Agent
>>          temporarily_unavailable
>>                The authorization server is currently unable to handle
>>                the request due to a temporary overloading or =
maintenance
>>                of the server.  Using this error code allows the =
Client=20
>>                to handle this condition instead of the User-Agent
>>=20
>> Thanks,
>> chas
>>=20
>> From: John Bradley 
>> Date: Friday, July 13, 2012 9:08 AM
>> To: Charles Honton 
>> Cc: Dick Hardt , =
"draft-ietf-oauth-v2@tools.ietf.org" =
, "oauth@ietf.org WG" =

>> Subject: Re: [OAUTH-WG] Mail regarding draft-ietf-oauth-v2
>>=20
>> 4.2.2.1 and 4.1.2.1 are error codes that are returned to the client =
through the browser via a 302 redirect.
>>=20
>> You can't send a 5xx error via a 302 redirect.
>>=20
>> That is why those need error messages specific to OAuth. =20
>>=20
>> Errors not being sent via redirect use normal http error codes.
>>=20
>> I thought that was clear.  Is there some general confusion on this?
>>=20
>> John B.
>> On 2012-07-13, at 11:55 AM, Honton, Charles wrote:
>>=20
>>> Great! Because this question has come up multiple times, perhaps the =
rfc could explain the use of 5xx return code in addition to error_code.
>>>=20
>>> I must be missing something.  Why are  server_error and =
temporarily_unavailable specified in sections 4.2.2.1 and 4.1.2.1?  Is =
there a distinction between 5xx return code and error_code in these =
cases?
>>>=20
>>> Chas
>>>=20
>>> From: John Bradley 
>>> Date: Friday, July 13, 2012 4:04 AM
>>> To: Dick Hardt 
>>> Cc: Charles Honton , =
"draft-ietf-oauth-v2@tools.ietf.org" =
, "oauth@ietf.org WG" =

>>> Subject: Re: [OAUTH-WG] Mail regarding draft-ietf-oauth-v2
>>>=20
>>> FRom what I can see in a similar discussion Eran pointed out that =
this is a direct communication, communication between the client and =
token endpoint.
>>>=20
>>> Server Error and temporarily unavailable are not OAuth specific and =
are handled by existing HTTP error codes.
>>>=20
>>> I don't see a need for a change.
>>>=20
>>> Unless something else dramatic comes up I would like to see draft 29 =
go to the RFC editor.
>>>=20
>>> (Though one person mentioned to me that 30 is a nicer number:)
>>>=20
>>> John B.
>>>=20
>>> On 2012-07-12, at 8:09 PM, Dick Hardt wrote:
>>>=20
>>>> Charles
>>>>=20
>>>> Thanks for the suggestion. I just did publish a new draft that =
included a number of items that had been discussed and I would like to =
get some feedback on your suggestion before incorporating it (or not).
>>>>=20
>>>> Does anyone have feedback on the change below? (+/-)
>>>>=20
>>>> -- Dick
>>>>=20
>>>> On Jul 12, 2012, at 1:45 PM, Honton, Charles wrote:
>>>>=20
>>>>> E. Hammer, D. Recordon, D. Hardt, et.al,
>>>>>=20
>>>>> I'm looking at draft 28 =
(http://tools.ietf.org/html/draft-ietf-oauth-v2-28).
>>>>>=20
>>>>> In Section 5.2 the error code should probably include:
>>>>>=20
>>>>> 	server_error
>>>>>                The authorization server encountered an unexpected
>>>>>                condition which prevented it from fulfilling the =
request.
>>>>>          temporarily_unavailable
>>>>>                The authorization server is currently unable to =
handle
>>>>>                the request due to a temporary overloading or =
maintenance
>>>>>                of the server.
>>>>>=20
>>>>>=20
>>>>> Regards,
>>>>> chas
>>>>>=20
>>>>=20
>>>> _______________________________________________
>>>> OAuth mailing list
>>>> OAuth@ietf.org
>>>> https://www.ietf.org/mailman/listinfo/oauth
>>>=20
>>=20
>=20


--Apple-Mail=_BBD79A4B-FEB6-4CBC-A26A-E9774F0A4D9C
Content-Transfer-Encoding: quoted-printable
Content-Type: text/html;
	charset=windows-1252

I am =
OK with that wording.  It is not a change just a clarification that =
may make things clearer to developers.

John =
B.
On 2012-07-14, at 6:18 PM, Dick Hardt wrote:

Great suggestion Charles. =
I think this is a good clarification. I'll adjust the copy you sent to =
be what follows in a new draft published tomorrow evening (Sunday PT) =
unless someone objects.

-- =
Dick

In both =
sections 4.1.2.1 and 4.2.2.1:
 
         =
  =
temporarily_unavailable
       The =
authorization server is currently unable to =
handle
       of =
the server.  This error code is needed because a 503 =
Service
       via a HTTP =
redirect.







Just to make sure I =
understand=85







If  the Authorization =
Server returns a 5xx,  the User-Agent will immediately display =
a error message.







If  the Authorization =
Server returns an error code in the redirect,  the Client can take =
alternative actions or appropriately message the error.







If this is correct, perhaps a =
slight change in wording will explain the lack of symmetry in the error =
codes. 







In both sections 4.1.2.1 and =
4.2.2.1:









	server_error
               The authorization server encountered an unexpected
               condition which prevented it from fulfilling the =
request. 


	       Using this error code =
allows the Client to handle this 


               condition =
instead of the User-Agent
         temporarily_unavailable
               The authorization server is currently unable to handle
               the request due to a temporary overloading or maintenance
               of the server.  Using this error code allows the =
Client 


               to handle =
this condition instead of the User-Agent









Thanks,


chas









From: John Bradley <ve7jtb@ve7jtb.com>

Date: Friday, July 13, 2012 9:08 =
AM

To: Charles Honton <charles_honton@intuit.com>=
;

Cc: Dick Hardt <dick.hardt@gmail.com>, "draft-ietf-oauth-v2@too=
ls.ietf.org" <draft-ietf-oauth-v2@too=
ls.ietf.org>,
 "oauth@ietf.org WG" <oauth@ietf.org>

Subject: Re: [OAUTH-WG] Mail =
regarding draft-ietf-oauth-v2












4.2.2.1 and 4.1.2.1 are error codes that are returned to the client =
through the browser via a 302 redirect.






You can't send a 5xx error via a 302 redirect.







That is why those need error messages specific to OAuth. =
 







Errors not being sent via redirect use normal http error =
codes.







I thought that was clear.  Is there some general confusion on =
this?







John B.






On 2012-07-13, at 11:55 AM, Honton, Charles wrote:








Great! Because this question has come up multiple times, perhaps =
the rfc could explain the use of 5xx return code in addition to =
error_code.







I must be missing something.  Why are =
 server_error and =
temporarily_unavailable specified in sections 4.2.2.1 and =
4.1.2.1?  Is there a distinction between 5xx return code and =
error_code in these cases?







Chas









From: John Bradley <ve7jtb@ve7jtb.com>

Date: Friday, July 13, 2012 4:04 =
AM

To: Dick Hardt <dick.hardt@gmail.com>

Cc: Charles Honton <charles_honton@intuit.com>=
;, "draft-ietf-oauth-v2@too=
ls.ietf.org" <draft-ietf-oauth-v2@too=
ls.ietf.org>,
 "oauth@ietf.org WG" <oauth@ietf.org>

Subject: Re: [OAUTH-WG] Mail =
regarding draft-ietf-oauth-v2












FRom what I can see in a similar discussion Eran pointed out that this =
is a direct communication, communication between the client and token =
endpoint.






Server Error and temporarily unavailable are not OAuth specific and =
are handled by existing HTTP error codes.







I don't see a need for a change.







Unless something else dramatic comes up I would like to see draft =
29 go to the RFC editor.







(Though one person mentioned to me that 30 is a nicer =
number:)







John B.







On 2012-07-12, at 8:09 PM, Dick Hardt wrote:







Charles






Thanks for the suggestion. I just did publish a new draft that =
included a number of items that had been discussed and I would like to =
get some feedback on your suggestion before incorporating it (or =
not).







Does anyone have feedback on the change below? (+/-)







-- Dick









On Jul 12, 2012, at 1:45 PM, Honton, Charles wrote:








E. Hammer, D. Recordon, D. Hardt, et.al,













In Section 5.2 the error code should probably include:









	server_error
               The authorization server encountered an unexpected
               condition which prevented it from fulfilling the request.
         temporarily_unavailable
               The authorization server is currently unable to handle
               the request due to a temporary overloading or maintenance
               of the server.














Regards,




chas




















_______________________________________________

OAuth mailing list

OAuth@ietf.org

https://www.ietf.org/=
mailman/listinfo/oauth




































=

--Apple-Mail=_BBD79A4B-FEB6-4CBC-A26A-E9774F0A4D9C--

From Michael.Jones@microsoft.com  Sat Jul 14 17:42:37 2012
Return-Path: 
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 520D821F85F0 for ; Sat, 14 Jul 2012 17:42:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.498
X-Spam-Level: 
X-Spam-Status: No, score=-3.498 tagged_above=-999 required=5 tests=[AWL=-0.500, BAYES_00=-2.599, HTML_MESSAGE=0.001, J_CHICKENPOX_22=0.6, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zLNDIMJFcaZe for ; Sat, 14 Jul 2012 17:42:33 -0700 (PDT)
Received: from db3outboundpool.messaging.microsoft.com (db3ehsobe001.messaging.microsoft.com [213.199.154.139]) by ietfa.amsl.com (Postfix) with ESMTP id A382021F85EF for ; Sat, 14 Jul 2012 17:42:32 -0700 (PDT)
Received: from mail77-db3-R.bigfish.com (10.3.81.230) by DB3EHSOBE004.bigfish.com (10.3.84.24) with Microsoft SMTP Server id 14.1.225.23; Sun, 15 Jul 2012 00:43:12 +0000
Received: from mail77-db3 (localhost [127.0.0.1])	by mail77-db3-R.bigfish.com (Postfix) with ESMTP id 34FA4100357; Sun, 15 Jul 2012 00:43:12 +0000 (UTC)
X-Forefront-Antispam-Report: CIP:131.107.125.8; KIP:(null); UIP:(null); IPV:NLI; H:TK5EX14MLTC104.redmond.corp.microsoft.com; RD:none; EFVD:NLI
X-SpamScore: -30
X-BigFish: VS-30(zz98dI9371I1503M936eIc85fh4015I1447Izz1202hzz1033IL8275bh8275dhz2fh2a8h668h839hd25hf0ah107ah)
Received-SPF: pass (mail77-db3: domain of microsoft.com designates 131.107.125.8 as permitted sender) client-ip=131.107.125.8; envelope-from=Michael.Jones@microsoft.com; helo=TK5EX14MLTC104.redmond.corp.microsoft.com ; icrosoft.com ; 
Received: from mail77-db3 (localhost.localdomain [127.0.0.1]) by mail77-db3 (MessageSwitch) id 1342312989890661_1315; Sun, 15 Jul 2012 00:43:09 +0000 (UTC)
Received: from DB3EHSMHS018.bigfish.com (unknown [10.3.81.234])	by mail77-db3.bigfish.com (Postfix) with ESMTP id CCD72140043; Sun, 15 Jul 2012 00:43:09 +0000 (UTC)
Received: from TK5EX14MLTC104.redmond.corp.microsoft.com (131.107.125.8) by DB3EHSMHS018.bigfish.com (10.3.87.118) with Microsoft SMTP Server (TLS) id 14.1.225.23; Sun, 15 Jul 2012 00:43:09 +0000
Received: from TK5EX14MBXC285.redmond.corp.microsoft.com ([169.254.3.222]) by TK5EX14MLTC104.redmond.corp.microsoft.com ([157.54.79.159]) with mapi id 14.02.0298.005; Sun, 15 Jul 2012 00:43:07 +0000
From: Mike Jones 
To: John Bradley , Dick Hardt 
Thread-Topic: [OAUTH-WG] Mail regarding draft-ietf-oauth-v2
Thread-Index: AQHNYh9n/ieHaUgV50Sr+iVNhMLxO5cpgGOAgAAAM4A=
Date: Sun, 15 Jul 2012 00:43:06 +0000
Message-ID: <4E1F6AAD24975D4BA5B168042967394366730EC2@TK5EX14MBXC285.redmond.corp.microsoft.com>
References:   
In-Reply-To: 
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-originating-ip: [157.54.51.32]
Content-Type: multipart/alternative; boundary="_000_4E1F6AAD24975D4BA5B168042967394366730EC2TK5EX14MBXC285r_"
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
Cc: "draft-ietf-oauth-v2@tools.ietf.org" , "Honton, Charles" , "oauth@ietf.org WG" 
Subject: Re: [OAUTH-WG] Mail regarding draft-ietf-oauth-v2
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG 
List-Unsubscribe: , 
List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: , 
X-List-Received-Date: Sun, 15 Jul 2012 00:42:37 -0000

--_000_4E1F6AAD24975D4BA5B168042967394366730EC2TK5EX14MBXC285r_
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

I'm good with this change.

BTW, I suggest we put parenthesis around the new sentences, making it clear=
 that they are an aside, rather than a normative part of the error code def=
initions.  So the text would then read:


  server_error

       The authorization server encountered an unexpected

       condition which prevented it from fulfilling the request.

       (This error code is needed because a 500 Internal Server

       Error HTTP status code cannot be returned to the client

       via a HTTP redirect.)

  temporarily_unavailable

       The authorization server is currently unable to handle

       the request due to a temporary overloading or maintenance

       of the server.  (This error code is needed because a 503 Service

       Unavailable HTTP status code cannot be returned to the client

       via a HTTP redirect.)

                                                            -- Mike

From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On Behalf Of J=
ohn Bradley
Sent: Saturday, July 14, 2012 5:40 PM
To: Dick Hardt
Cc: draft-ietf-oauth-v2@tools.ietf.org; Honton, Charles; oauth@ietf.org WG
Subject: Re: [OAUTH-WG] Mail regarding draft-ietf-oauth-v2

I am OK with that wording.  It is not a change just a clarification that ma=
y make things clearer to developers.

John B.
On 2012-07-14, at 6:18 PM, Dick Hardt wrote:


Great suggestion Charles. I think this is a good clarification. I'll adjust=
 the copy you sent to be what follows in a new draft published tomorrow eve=
ning (Sunday PT) unless someone objects.

-- Dick

In both sections 4.1.2.1 and 4.2.2.1:


  server_error

       The authorization server encountered an unexpected

       condition which prevented it from fulfilling the request.

       This error code is needed because a 500 Internal Server

       Error HTTP status code cannot be returned to the client

       via a HTTP redirect.

  temporarily_unavailable

       The authorization server is currently unable to handle

       the request due to a temporary overloading or maintenance

       of the server.  This error code is needed because a 503 Service

       Unavailable HTTP status code cannot be returned to the client

       via a HTTP redirect.


On Jul 13, 2012, at 9:45 AM, Honton, Charles wrote:


Just to make sure I understand...

If  the Authorization Server returns a 5xx,  the User-Agent will immediatel=
y display a error message.

If  the Authorization Server returns an error code in the redirect,  the Cl=
ient can take alternative actions or appropriately message the error.

If this is correct, perhaps a slight change in wording will explain the lac=
k of symmetry in the error codes.

In both sections 4.1.2.1 and 4.2.2.1:


       server_error

               The authorization server encountered an unexpected

               condition which prevented it from fulfilling the request.

              Using this error code allows the Client to handle this

               condition instead of the User-Agent

         temporarily_unavailable

               The authorization server is currently unable to handle

               the request due to a temporary overloading or maintenance

               of the server.  Using this error code allows the Client

               to handle this condition instead of the User-Agent

Thanks,
chas

From: John Bradley >
Date: Friday, July 13, 2012 9:08 AM
To: Charles Honton >
Cc: Dick Hardt >, "draft-=
ietf-oauth-v2@tools.ietf.org" >, "oauth@ietf.org WG" >
Subject: Re: [OAUTH-WG] Mail regarding draft-ietf-oauth-v2

4.2.2.1 and 4.1.2.1 are error codes that are returned to the client through=
 the browser via a 302 redirect.

You can't send a 5xx error via a 302 redirect.

That is why those need error messages specific to OAuth.

Errors not being sent via redirect use normal http error codes.

I thought that was clear.  Is there some general confusion on this?

John B.
On 2012-07-13, at 11:55 AM, Honton, Charles wrote:


Great! Because this question has come up multiple times, perhaps the rfc co=
uld explain the use of 5xx return code in addition to error_code.

I must be missing something.  Why are  server_error and temporarily_unavail=
able specified in sections 4.2.2.1 and 4.1.2.1?  Is there a distinction bet=
ween 5xx return code and error_code in these cases?

Chas

From: John Bradley >
Date: Friday, July 13, 2012 4:04 AM
To: Dick Hardt >
Cc: Charles Honton >, "draft-ietf-oauth-v2@tools.ietf.org" >, "oauth@ietf.org WG" >
Subject: Re: [OAUTH-WG] Mail regarding draft-ietf-oauth-v2

FRom what I can see in a similar discussion Eran pointed out that this is a=
 direct communication, communication between the client and token endpoint.

Server Error and temporarily unavailable are not OAuth specific and are han=
dled by existing HTTP error codes.

I don't see a need for a change.

Unless something else dramatic comes up I would like to see draft 29 go to =
the RFC editor.

(Though one person mentioned to me that 30 is a nicer number:)

John B.

On 2012-07-12, at 8:09 PM, Dick Hardt wrote:


Charles

Thanks for the suggestion. I just did publish a new draft that included a n=
umber of items that had been discussed and I would like to get some feedbac=
k on your suggestion before incorporating it (or not).

Does anyone have feedback on the change below? (+/-)

-- Dick

On Jul 12, 2012, at 1:45 PM, Honton, Charles wrote:


E. Hammer, D. Recordon, D. Hardt, et.al,

I'm looking at draft 28 (http://tools.ietf.org/html/draft-ietf-oauth-v2-28)=
.

In Section 5.2 the error code should probably include:


       server_error

               The authorization server encountered an unexpected

               condition which prevented it from fulfilling the request.

         temporarily_unavailable

               The authorization server is currently unable to handle

               the request due to a temporary overloading or maintenance

               of the server.


Regards,
chas


_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth





--_000_4E1F6AAD24975D4BA5B168042967394366730EC2TK5EX14MBXC285r_
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable











I’m good with this =
change.


 <=
/p>

BTW, I suggest we put par=
enthesis around the new sentences, making it clear that they are an aside, =
rather than a normative part of the error code definitions. 
 So the text would then read:


 <=
/p>

  server_error


       The authorization server enc=
ountered an unexpected


       condition which prevented it=
 from fulfilling the request. 


       (This error =
code is needed because a 500 Internal Server


       Error HTTP status code can=
not be returned to the client


       via a HTTP redirect.)


  temporarily_unavailable=



       The aut=
horization server is currently unable to handle

       the req=
uest due to a temporary overloading or maintenance=



       of the =
server.  (This error code is needed because a 5=
03 Service


       Unavailable HTTP status co=
de cannot be returned to the client


       via a HTTP redirect.)


 <=
/p>

    &=
nbsp;           &nbs=
p;            &=
nbsp;           &nbs=
p;            &=
nbsp;     -- Mike


 <=
/p>





From: oauth-bo=
unces@ietf.org [mailto:oauth-bounces@ietf.org]
On Behalf Of John Bradley

Sent: Saturday, July 14, 2012 5:40 PM

To: Dick Hardt

Cc: draft-ietf-oauth-v2@tools.ietf.org; Honton, Charles; oauth@ietf.=
org WG

Subject: Re: [OAUTH-WG] Mail regarding draft-ietf-oauth-v2






 


I am OK with that wording.  It is not a change =
just a clarification that may make things clearer to developers.=





 






John B.






On 2012-07-14, at 6:18 PM, Dick Hardt wrote:















Great suggestion Charles. I think this is a good cla=
rification. I'll adjust the copy you sent to be what follows in a new draft=
 published tomorrow evening (Sunday PT) unless someone objects.<=
/p>





 






-- Dick






 








In both sections 4.1.2.1 an=
d 4.2.2.1:






 



  server_error


       The authorization server enc=
ountered an unexpected


       condition which prevented it=
 from fulfilling the request. 


       This error code is needed because a 500 Internal =
Server


       Error HTTP status code can=
not be returned to the client


       via a HTTP redirect.


  temporarily_unavailable=



       The aut=
horization server is currently unable to handle

       the req=
uest due to a temporary overloading or maintenance=



       of the =
server.  =
This error code is needed because a 503 Service


       Unavailable HTTP status co=
de cannot be returned to the client


       via a HTTP redirect.




 <=
/p>





 






On Jul 13, 2012, at 9:45 AM, Honton, Charles wrote:<=
o:p>















Just to make sure I underst=
and…






 





If  the Authoriza=
tion Server returns a 5xx,  the User-Agent will immediately displ=
ay a error message.






 





If  the Authoriza=
tion Server returns an error code in the redirect,  the Client can tak=
e alternative actions or appropriately message the error.=







 





If this is correct, perhaps=
 a slight change in wording will explain the lack of symmetry in the error =
codes. 






 





In both sections 4.1.2.1 an=
d 4.2.2.1:






 





       server_error


           =
;    The authorization server encountered an unexpected=



           =
;    condition which prevented it from fulfilling the reques=
t. 


            =
  Using t=
his error code allows the Client to handle this 


  &n=
bsp;            cond=
ition instead of the User-Agent


       &n=
bsp; temporarily_unavailable


       &n=
bsp;       The authorization server is curren=
tly unable to handle


       &n=
bsp;       the request due to a temporary ove=
rloading or maintenance


       &n=
bsp;       of the server.  Using this error code allow=
s the Client 


  &n=
bsp;            to h=
andle this condition instead of the User-Agent






 





Thanks,





chas






 





From:
John Bradley <ve7jtb@ve7jtb.com>

Date: Friday, July 13, 2012 9:08 AM

To: Charles Honton <=
charles_honton@intuit.com>

Cc: Dick Hardt <dick.hard=
t@gmail.com>, "draft-ietf-oauth-v2@tools.ietf.org" <draft-ietf-oauth-v2@tools.ietf.org>=
;,
 "oauth@ietf.org WG" <oauth@ietf.org>

Subject: Re: [OAUTH-WG] Mail regarding draft-ietf-oauth-v2






 







4.2.2.1 and 4.1.2.1 are err=
or codes that are returned to the client through the browser via a 302 redi=
rect.





 





You can't send a 5xx error =
via a 302 redirect.






 





That is why those need erro=
r messages specific to OAuth.  






 





Errors not being sent via r=
edirect use normal http error codes.






 





I thought that was clear. &=
nbsp;Is there some general confusion on this?






 





John B.







On 2012-07-13, at 11:55 AM,=
 Honton, Charles wrote:















Great! Because this questio=
n has come up multiple times, perhaps the rfc could explain the use of 5xx =
return code in addition to error_code.






 





I must be missing something=
.  Why are  server_error and
temporarily_unavailable specified in sections 4.2.2.1 and 4.1.2=
.1?  Is there a distinction between 5xx return code and error_code in =
these cases?






 





Chas






 





From:
John Bradley <ve7jtb@ve7jtb.com>

Date: Friday, July 13, 2012 4:04 AM

To: Dick Hardt <dick.hard=
t@gmail.com>

Cc: Charles Honton <=
charles_honton@intuit.com>, "draft-ietf-oauth-v2@tools.ietf.org" <draft-ietf-oauth-v2@tools.i=
etf.org>,
 "oauth@ietf.org WG" <oauth@ietf.org>

Subject: Re: [OAUTH-WG] Mail regarding draft-ietf-oauth-v2






 







FRom what I can see in a si=
milar discussion Eran pointed out that this is a direct communication, comm=
unication between the client and token endpoint.





 





Server Error and temporaril=
y unavailable are not OAuth specific and are handled by existing HTTP error=
 codes.






 





I don't see a need for a ch=
ange.






 





Unless something else drama=
tic comes up I would like to see draft 29 go to the RFC editor.<=
/span>






 





(Though one person mentione=
d to me that 30 is a nicer number:)






 





John B.





 





On 2012-07-12, at 8:09 PM, =
Dick Hardt wrote:













Charles





 





Thanks for the suggestion. =
I just did publish a new draft that included a number of items that had bee=
n discussed and I would like to get some feedback on your
 suggestion before incorporating it (or not).






 





Does anyone have feedback o=
n the change below? (+/-)






 





-- Dick







 





On Jul 12, 2012, at 1:45 PM=
, Honton, Charles wrote:















E. Hammer, D. Recordon, D. =
Hardt, et.al,






 





I'm looking at draft 28 (http://tools.ie=
tf.org/html/draft-ietf-oauth-v2-28).






 





In Section 5.2 the error co=
de should probably include:






 



       server_error


           =
;    The authorization server encountered an unexpected=



           =
;    condition which prevented it from fulfilling the reques=
t.


         temporarily_unav=
ailable


           &nbs=
p;   The authorization server is currently unable to handle<=
o:p>


           =
;    the request due to a temporary overloading or maintenan=
ce


           =
;    of the server.





 





Regards,<=
/p>







chas






 







 







___________________________=
____________________

OAuth mailing list

OAuth@ietf.org

https://www.ietf.or=
g/mailman/listinfo/oauth




 











 













 






 








--_000_4E1F6AAD24975D4BA5B168042967394366730EC2TK5EX14MBXC285r_--

From tonynad@microsoft.com  Sat Jul 14 20:36:29 2012
Return-Path: 
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 304DC11E8086 for ; Sat, 14 Jul 2012 20:36:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.467
X-Spam-Level: 
X-Spam-Status: No, score=-0.467 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1, UNRESOLVED_TEMPLATE=3.132]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0hgofmLkELM6 for ; Sat, 14 Jul 2012 20:36:26 -0700 (PDT)
Received: from am1outboundpool.messaging.microsoft.com (am1ehsobe002.messaging.microsoft.com [213.199.154.205]) by ietfa.amsl.com (Postfix) with ESMTP id C416411E8079 for ; Sat, 14 Jul 2012 20:36:25 -0700 (PDT)
Received: from mail91-am1-R.bigfish.com (10.3.201.247) by AM1EHSOBE006.bigfish.com (10.3.204.26) with Microsoft SMTP Server id 14.1.225.23; Sun, 15 Jul 2012 03:37:05 +0000
Received: from mail91-am1 (localhost [127.0.0.1])	by mail91-am1-R.bigfish.com (Postfix) with ESMTP id 4E43B1004B0	for ; Sun, 15 Jul 2012 03:37:05 +0000 (UTC)
X-Forefront-Antispam-Report: CIP:131.107.125.8; KIP:(null); UIP:(null); IPV:NLI; H:TK5EX14MLTC101.redmond.corp.microsoft.com; RD:none; EFVD:NLI
X-SpamScore: -24
X-BigFish: VS-24(zz9371I542M14ffIzz1202h1082kzz1033IL8275dhz2fh2a8h683h839h944hd25hf0ah107ah)
Received-SPF: pass (mail91-am1: domain of microsoft.com designates 131.107.125.8 as permitted sender) client-ip=131.107.125.8; envelope-from=tonynad@microsoft.com; helo=TK5EX14MLTC101.redmond.corp.microsoft.com ; icrosoft.com ; 
X-Forefront-Antispam-Report-Untrusted: CIP:157.56.240.21; KIP:(null); UIP:(null); (null); H:BL2PRD0310HT001.namprd03.prod.outlook.com; R:internal; EFV:INT
Received: from mail91-am1 (localhost.localdomain [127.0.0.1]) by mail91-am1 (MessageSwitch) id 1342323423544807_3321; Sun, 15 Jul 2012 03:37:03 +0000 (UTC)
Received: from AM1EHSMHS018.bigfish.com (unknown [10.3.201.229])	by mail91-am1.bigfish.com (Postfix) with ESMTP id 833DC2A0047	for ; Sun, 15 Jul 2012 03:37:03 +0000 (UTC)
Received: from TK5EX14MLTC101.redmond.corp.microsoft.com (131.107.125.8) by AM1EHSMHS018.bigfish.com (10.3.207.156) with Microsoft SMTP Server (TLS) id 14.1.225.23; Sun, 15 Jul 2012 03:37:03 +0000
Received: from db3outboundpool.messaging.microsoft.com (157.54.51.112) by mail.microsoft.com (157.54.79.178) with Microsoft SMTP Server (TLS) id 14.2.298.5; Sun, 15 Jul 2012 03:37:00 +0000
Received: from mail35-db3-R.bigfish.com (10.3.81.231) by DB3EHSOBE002.bigfish.com (10.3.84.22) with Microsoft SMTP Server id 14.1.225.23; Sun, 15 Jul 2012 03:36:58 +0000
Received: from mail35-db3 (localhost [127.0.0.1])	by mail35-db3-R.bigfish.com (Postfix) with ESMTP id A2963420672	for ; Sun, 15 Jul 2012 03:36:58 +0000 (UTC)
Received: from mail35-db3 (localhost.localdomain [127.0.0.1]) by mail35-db3 (MessageSwitch) id 1342323416342314_11641; Sun, 15 Jul 2012 03:36:56 +0000 (UTC)
Received: from DB3EHSMHS017.bigfish.com (unknown [10.3.81.254])	by mail35-db3.bigfish.com (Postfix) with ESMTP id 518B732003F; Sun, 15 Jul 2012 03:36:56 +0000 (UTC)
Received: from BL2PRD0310HT001.namprd03.prod.outlook.com (157.56.240.21) by DB3EHSMHS017.bigfish.com (10.3.87.117) with Microsoft SMTP Server (TLS) id 14.1.225.23; Sun, 15 Jul 2012 03:36:56 +0000
Received: from BL2PRD0310MB362.namprd03.prod.outlook.com ([169.254.12.220]) by BL2PRD0310HT001.namprd03.prod.outlook.com ([10.255.97.36]) with mapi id 14.16.0175.005; Sun, 15 Jul 2012 03:36:54 +0000
From: Anthony Nadalin 
To: Mike Jones , Hannes Tschofenig , "oauth@ietf.org WG" 
Thread-Topic: [OAUTH-WG] Meeting slot for the Vancouver IETF meeting requested
Thread-Index: AQHNQJPZ5j9pYLHhLUKueklu+DoRpJcoIQ4AgADsgMA=
Date: Sun, 15 Jul 2012 03:36:54 +0000
Message-ID: 
References: <09CE58C6-9409-4E28-B4CA-DC76C37B898E@gmx.net> <4E1F6AAD24975D4BA5B16804296739436672BBBE@TK5EX14MBXC285.redmond.corp.microsoft.com>
In-Reply-To: <4E1F6AAD24975D4BA5B16804296739436672BBBE@TK5EX14MBXC285.redmond.corp.microsoft.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-originating-ip: [71.4.29.66]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OrganizationHeadersPreserved: BL2PRD0310HT001.namprd03.prod.outlook.com
X-FOPE-CONNECTOR: Id%0$Dn%*$RO%0$TLS%0$FQDN%$TlsDn%
X-FOPE-CONNECTOR: Id%59$Dn%GMX.NET$RO%2$TLS%6$FQDN%131.107.125.5$TlsDn%
X-FOPE-CONNECTOR: Id%59$Dn%IETF.ORG$RO%2$TLS%6$FQDN%131.107.125.5$TlsDn%
X-CrossPremisesHeadersPromoted: TK5EX14MLTC101.redmond.corp.microsoft.com
X-CrossPremisesHeadersFiltered: TK5EX14MLTC101.redmond.corp.microsoft.com
X-OriginatorOrg: microsoft.com
Subject: Re: [OAUTH-WG] Meeting slot for the Vancouver IETF meeting requested
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG 
List-Unsubscribe: , 
List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: , 
X-List-Received-Date: Sun, 15 Jul 2012 03:36:29 -0000

How about a few min on proof-of-possession requirements? I can present our =
use cases and requirements

-----Original Message-----
From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On Behalf Of M=
ike Jones
Sent: Friday, July 13, 2012 4:42 PM
To: Hannes Tschofenig; oauth@ietf.org WG
Subject: Re: [OAUTH-WG] Meeting slot for the Vancouver IETF meeting request=
ed

I'm willing to do 5 minutes on the status of the Core and Bearer documents.

I'm willing to give an update on JWT and the JWT Bearer - probably 15 minut=
es.  It's probably good that we're a day after the JOSE WG meeting, given t=
he JWT dependency upon the JOSE specs.

I'm willing to be part of a discussion on the Assertions draft, but would a=
ppreciate doing this with Brian and/or Chuck - I'm guessing 15 minutes for =
that as well.  (I'm not certain this will be needed, but I'd like to review=
 the recent changes before saying that it's not.)

Looking forward to seeing many of you in Vancouver!

				-- Mike

-----Original Message-----
From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On Behalf Of H=
annes Tschofenig
Sent: Saturday, June 02, 2012 12:46 AM
To: oauth@ietf.org WG
Subject: [OAUTH-WG] Meeting slot for the Vancouver IETF meeting requested

Hi all,=20

I have requested a 2,5 hour slot for the upcoming meeting.=20

While the next meeting is still a bit away it is nevertheless useful to hea=
r=20
* whether you plan to attend the next meeting, and=20
* whether you want to present something.=20

I could imagine that these documents will be discussed:
* draft-ietf-oauth-dyn-reg
* draft-ietf-oauth-json-web-token
* draft-ietf-oauth-jwt-bearer
* draft-ietf-oauth-revocation
* draft-ietf-oauth-use-cases

To the draft authors of these docuemnts: Please think about the open issues=
 and drop a mail to the list so that we make some progress already before t=
he face-to-face meeting.=20

I am assume that the following documents do not require any discussion time=
 at the upcoming IETF meeting anymore:
* draft-ietf-oauth-assertions
* draft-ietf-oauth-saml2-bearer
* draft-ietf-oauth-urn-sub-ns
* draft-ietf-oauth-v2
* draft-ietf-oauth-v2-bearer

Ciao
Hannes

_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth


_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth






From ve7jtb@ve7jtb.com  Sun Jul 15 07:59:07 2012
Return-Path: 
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3D14321F8609 for ; Sun, 15 Jul 2012 07:59:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.299
X-Spam-Level: 
X-Spam-Status: No, score=-3.299 tagged_above=-999 required=5 tests=[AWL=0.300,  BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Iv8xhPMZ7BuT for ; Sun, 15 Jul 2012 07:59:06 -0700 (PDT)
Received: from mail-ob0-f172.google.com (mail-ob0-f172.google.com [209.85.214.172]) by ietfa.amsl.com (Postfix) with ESMTP id 2E11221F85B8 for ; Sun, 15 Jul 2012 07:59:06 -0700 (PDT)
Received: by obbwc20 with SMTP id wc20so8961699obb.31 for ; Sun, 15 Jul 2012 07:59:48 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=subject:mime-version:content-type:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to:x-mailer :x-gm-message-state; bh=OffSD5D6UdoPe9ITHpE2gt1WTRPrGNYsaLKvjW+uzuA=; b=jPleR6NCFyc3RULlRhASekziW46s4sDSkQMMw8SLVmNTYUAY6P40vRr6qdjEGiGy/5 cqq8IE8tzEYCpL0ZgaTY7Mr0D7JgHh8oKXUMqgfj+w18t0kxJUcEIPZyNniUBW0lgheW 1dtVKyj9Y0qnvOU5iWvKDpQNdGwXaAW3G2E/4rj77TKf+nDUNtchAuSqFSUiriNjnWzn kVdRtXXeTbIu+68rwMsI0SY4Uu+gh5u/3yZB76+B7xCZurxHaHbOGHDr6G5Ww3T7SXus 4RAcJnhgidCjxUpRRK1HxlZUE6vNVoIzO1MAu8F6NEVbn8E88CIU2vRL3M/EhDsBVcOs EPaw==
Received: by 10.60.30.132 with SMTP id s4mr11107098oeh.6.1342364387963; Sun, 15 Jul 2012 07:59:47 -0700 (PDT)
Received: from [172.17.10.155] ([66.110.180.66]) by mx.google.com with ESMTPS id q7sm11430591obo.17.2012.07.15.07.59.46 (version=TLSv1/SSLv3 cipher=OTHER); Sun, 15 Jul 2012 07:59:47 -0700 (PDT)
Mime-Version: 1.0 (Apple Message framework v1278)
Content-Type: text/plain; charset=us-ascii
From: John Bradley 
In-Reply-To: 
Date: Sun, 15 Jul 2012 08:59:36 -0600
Content-Transfer-Encoding: quoted-printable
Message-Id: <6DEBD33A-815E-460D-934E-A684AED2BA6B@ve7jtb.com>
References: <09CE58C6-9409-4E28-B4CA-DC76C37B898E@gmx.net> <4E1F6AAD24975D4BA5B16804296739436672BBBE@TK5EX14MBXC285.redmond.corp.microsoft.com> 
To: Anthony Nadalin 
X-Mailer: Apple Mail (2.1278)
X-Gm-Message-State: ALoCoQkPUS8FnX/dVWTL3GHbDfSx5shbwoYGINjcNrftb7yvT4+JqO8F1I5KUHOfMFHJbzL/7sYH
Cc: "oauth@ietf.org WG" 
Subject: Re: [OAUTH-WG] Meeting slot for the Vancouver IETF meeting requested
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG 
List-Unsubscribe: , 
List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: , 
X-List-Received-Date: Sun, 15 Jul 2012 14:59:07 -0000

Yes we need to get clearer on the the threats and use cases.

I think Phil Hunt has some though there is likely overlap.

Part of the problem with MAC was people never agreed on the threats it =
was mitigating.

I can present something or coordinate with Tony or Phil.

John B.

On 2012-07-14, at 9:36 PM, Anthony Nadalin wrote:

> How about a few min on proof-of-possession requirements? I can present =
our use cases and requirements
>=20
> -----Original Message-----
> From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On Behalf =
Of Mike Jones
> Sent: Friday, July 13, 2012 4:42 PM
> To: Hannes Tschofenig; oauth@ietf.org WG
> Subject: Re: [OAUTH-WG] Meeting slot for the Vancouver IETF meeting =
requested
>=20
> I'm willing to do 5 minutes on the status of the Core and Bearer =
documents.
>=20
> I'm willing to give an update on JWT and the JWT Bearer - probably 15 =
minutes.  It's probably good that we're a day after the JOSE WG meeting, =
given the JWT dependency upon the JOSE specs.
>=20
> I'm willing to be part of a discussion on the Assertions draft, but =
would appreciate doing this with Brian and/or Chuck - I'm guessing 15 =
minutes for that as well.  (I'm not certain this will be needed, but I'd =
like to review the recent changes before saying that it's not.)
>=20
> Looking forward to seeing many of you in Vancouver!
>=20
> 				-- Mike
>=20
> -----Original Message-----
> From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On Behalf =
Of Hannes Tschofenig
> Sent: Saturday, June 02, 2012 12:46 AM
> To: oauth@ietf.org WG
> Subject: [OAUTH-WG] Meeting slot for the Vancouver IETF meeting =
requested
>=20
> Hi all,=20
>=20
> I have requested a 2,5 hour slot for the upcoming meeting.=20
>=20
> While the next meeting is still a bit away it is nevertheless useful =
to hear=20
> * whether you plan to attend the next meeting, and=20
> * whether you want to present something.=20
>=20
> I could imagine that these documents will be discussed:
> * draft-ietf-oauth-dyn-reg
> * draft-ietf-oauth-json-web-token
> * draft-ietf-oauth-jwt-bearer
> * draft-ietf-oauth-revocation
> * draft-ietf-oauth-use-cases
>=20
> To the draft authors of these docuemnts: Please think about the open =
issues and drop a mail to the list so that we make some progress already =
before the face-to-face meeting.=20
>=20
> I am assume that the following documents do not require any discussion =
time at the upcoming IETF meeting anymore:
> * draft-ietf-oauth-assertions
> * draft-ietf-oauth-saml2-bearer
> * draft-ietf-oauth-urn-sub-ns
> * draft-ietf-oauth-v2
> * draft-ietf-oauth-v2-bearer
>=20
> Ciao
> Hannes
>=20
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth
>=20
>=20
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth
>=20
>=20
>=20
>=20
>=20
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth


From phil.hunt@oracle.com  Sun Jul 15 10:46:44 2012
Return-Path: 
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C913421F8579 for ; Sun, 15 Jul 2012 10:46:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.602
X-Spam-Level: 
X-Spam-Status: No, score=-9.602 tagged_above=-999 required=5 tests=[AWL=-0.399, BAYES_00=-2.599, MIME_QP_LONG_LINE=1.396, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cDAqstQbf5Fz for ; Sun, 15 Jul 2012 10:46:44 -0700 (PDT)
Received: from rcsinet15.oracle.com (rcsinet15.oracle.com [148.87.113.117]) by ietfa.amsl.com (Postfix) with ESMTP id 2A5E721F857A for ; Sun, 15 Jul 2012 10:46:43 -0700 (PDT)
Received: from ucsinet21.oracle.com (ucsinet21.oracle.com [156.151.31.93]) by rcsinet15.oracle.com (Sentrion-MTA-4.2.2/Sentrion-MTA-4.2.2) with ESMTP id q6FHlPBo027098 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Sun, 15 Jul 2012 17:47:25 GMT
Received: from acsmt356.oracle.com (acsmt356.oracle.com [141.146.40.156]) by ucsinet21.oracle.com (8.14.4+Sun/8.14.4) with ESMTP id q6FHlOHf025640 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Sun, 15 Jul 2012 17:47:24 GMT
Received: from abhmt115.oracle.com (abhmt115.oracle.com [141.146.116.67]) by acsmt356.oracle.com (8.12.11.20060308/8.12.11) with ESMTP id q6FHlN5M020426; Sun, 15 Jul 2012 12:47:23 -0500
Received: from [192.168.1.125] (/174.7.250.104) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Sun, 15 Jul 2012 10:47:23 -0700
References: <09CE58C6-9409-4E28-B4CA-DC76C37B898E@gmx.net> <4E1F6AAD24975D4BA5B16804296739436672BBBE@TK5EX14MBXC285.redmond.corp.microsoft.com>  <6DEBD33A-815E-460D-934E-A684AED2BA6B@ve7jtb.com>
In-Reply-To: <6DEBD33A-815E-460D-934E-A684AED2BA6B@ve7jtb.com>
Mime-Version: 1.0 (1.0)
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset=us-ascii
Message-Id: <8429D59C-E6D2-4848-BE90-A94C6ED024FE@oracle.com>
X-Mailer: iPhone Mail (9B206)
From: Phil Hunt 
Date: Sun, 15 Jul 2012 10:47:22 -0700
To: John Bradley 
X-Source-IP: ucsinet21.oracle.com [156.151.31.93]
Cc: "oauth@ietf.org WG" 
Subject: Re: [OAUTH-WG] Meeting slot for the Vancouver IETF meeting requested
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG 
List-Unsubscribe: , 
List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: , 
X-List-Received-Date: Sun, 15 Jul 2012 17:46:44 -0000

Sounds like a great idea. I can put together a few slides.=20

Phil

On 2012-07-15, at 7:59, John Bradley  wrote:

> Yes we need to get clearer on the the threats and use cases.
>=20
> I think Phil Hunt has some though there is likely overlap.
>=20
> Part of the problem with MAC was people never agreed on the threats it was=
 mitigating.
>=20
> I can present something or coordinate with Tony or Phil.
>=20
> John B.
>=20
> On 2012-07-14, at 9:36 PM, Anthony Nadalin wrote:
>=20
>> How about a few min on proof-of-possession requirements? I can present ou=
r use cases and requirements
>>=20
>> -----Original Message-----
>> From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On Behalf Of=
 Mike Jones
>> Sent: Friday, July 13, 2012 4:42 PM
>> To: Hannes Tschofenig; oauth@ietf.org WG
>> Subject: Re: [OAUTH-WG] Meeting slot for the Vancouver IETF meeting reque=
sted
>>=20
>> I'm willing to do 5 minutes on the status of the Core and Bearer document=
s.
>>=20
>> I'm willing to give an update on JWT and the JWT Bearer - probably 15 min=
utes.  It's probably good that we're a day after the JOSE WG meeting, given t=
he JWT dependency upon the JOSE specs.
>>=20
>> I'm willing to be part of a discussion on the Assertions draft, but would=
 appreciate doing this with Brian and/or Chuck - I'm guessing 15 minutes for=
 that as well.  (I'm not certain this will be needed, but I'd like to review=
 the recent changes before saying that it's not.)
>>=20
>> Looking forward to seeing many of you in Vancouver!
>>=20
>>                -- Mike
>>=20
>> -----Original Message-----
>> From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On Behalf Of=
 Hannes Tschofenig
>> Sent: Saturday, June 02, 2012 12:46 AM
>> To: oauth@ietf.org WG
>> Subject: [OAUTH-WG] Meeting slot for the Vancouver IETF meeting requested=

>>=20
>> Hi all,=20
>>=20
>> I have requested a 2,5 hour slot for the upcoming meeting.=20
>>=20
>> While the next meeting is still a bit away it is nevertheless useful to h=
ear=20
>> * whether you plan to attend the next meeting, and=20
>> * whether you want to present something.=20
>>=20
>> I could imagine that these documents will be discussed:
>> * draft-ietf-oauth-dyn-reg
>> * draft-ietf-oauth-json-web-token
>> * draft-ietf-oauth-jwt-bearer
>> * draft-ietf-oauth-revocation
>> * draft-ietf-oauth-use-cases
>>=20
>> To the draft authors of these docuemnts: Please think about the open issu=
es and drop a mail to the list so that we make some progress already before t=
he face-to-face meeting.=20
>>=20
>> I am assume that the following documents do not require any discussion ti=
me at the upcoming IETF meeting anymore:
>> * draft-ietf-oauth-assertions
>> * draft-ietf-oauth-saml2-bearer
>> * draft-ietf-oauth-urn-sub-ns
>> * draft-ietf-oauth-v2
>> * draft-ietf-oauth-v2-bearer
>>=20
>> Ciao
>> Hannes
>>=20
>> _______________________________________________
>> OAuth mailing list
>> OAuth@ietf.org
>> https://www.ietf.org/mailman/listinfo/oauth
>>=20
>>=20
>> _______________________________________________
>> OAuth mailing list
>> OAuth@ietf.org
>> https://www.ietf.org/mailman/listinfo/oauth
>>=20
>>=20
>>=20
>>=20
>>=20
>> _______________________________________________
>> OAuth mailing list
>> OAuth@ietf.org
>> https://www.ietf.org/mailman/listinfo/oauth
>=20
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth

From hannes.tschofenig@gmx.net  Sun Jul 15 10:57:03 2012
Return-Path: 
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DA48521F8522 for ; Sun, 15 Jul 2012 10:57:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.628
X-Spam-Level: 
X-Spam-Status: No, score=-102.628 tagged_above=-999 required=5 tests=[AWL=-0.029, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LodMXEo3oEBI for ; Sun, 15 Jul 2012 10:57:02 -0700 (PDT)
Received: from mailout-de.gmx.net (mailout-de.gmx.net [213.165.64.23]) by ietfa.amsl.com (Postfix) with SMTP id 99D9121F850C for ; Sun, 15 Jul 2012 10:56:54 -0700 (PDT)
Received: (qmail invoked by alias); 15 Jul 2012 17:57:35 -0000
Received: from a88-115-216-191.elisa-laajakaista.fi (EHLO [192.168.100.106]) [88.115.216.191] by mail.gmx.net (mp041) with SMTP; 15 Jul 2012 19:57:35 +0200
X-Authenticated: #29516787
X-Provags-ID: V01U2FsdGVkX19SUmkk+mRSKrYaKXpDWRsaEwgMf5slLQzF6IvoAF xCK1r+JWYZtgI6
Mime-Version: 1.0 (Apple Message framework v1084)
Content-Type: text/plain; charset=us-ascii
From: Hannes Tschofenig 
In-Reply-To: <6DEBD33A-815E-460D-934E-A684AED2BA6B@ve7jtb.com>
Date: Sun, 15 Jul 2012 20:57:32 +0300
Content-Transfer-Encoding: quoted-printable
Message-Id: 
References: <09CE58C6-9409-4E28-B4CA-DC76C37B898E@gmx.net> <4E1F6AAD24975D4BA5B16804296739436672BBBE@TK5EX14MBXC285.redmond.corp.microsoft.com>  <6DEBD33A-815E-460D-934E-A684AED2BA6B@ve7jtb.com>
To: John Bradley 
X-Mailer: Apple Mail (2.1084)
X-Y-GMX-Trusted: 0
Cc: "oauth@ietf.org WG" 
Subject: Re: [OAUTH-WG] Meeting slot for the Vancouver IETF meeting requested
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG 
List-Unsubscribe: , 
List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: , 
X-List-Received-Date: Sun, 15 Jul 2012 17:57:04 -0000

Hi all,=20

I have uploaded an agenda for the meeting.=20

I am assuming that all these items do not require discussion time =
anymore:=20
* draft-ietf-oauth-assertions
* draft-ietf-oauth-saml2-bearer
* draft-ietf-oauth-urn-sub-ns
* draft-ietf-oauth-v2
* draft-ietf-oauth-v2-bearer

Hence, we can focus on the new items. As discussed in the mail below I =
put a separate slot for discussion of the holder-of-the-key/MAC token =
security discussion on the agenda. I would suggest that a couple of us =
meeting during the IETF week to work together on a presentation that =
provides some concrete suggestions for next steps to the rest of the =
group.=20

I also put the following persons on the spot for the presentations of =
working group items:

- OAuth Dynamic Client Registration Protocol (Thomas)
- JSON Web Token (JWT) (Mike)
- JSON Web Token (JWT) Bearer Token Profiles for OAuth 2.0 (Mike)
- Token Revocation (Torsten)
- SAML 2.0 Bearer Assertion Profiles for OAuth 2.0 (Brian)
- OAuth Use Cases (Zachary)

Let me know if you want someone else to give the presentation.=20

As a preparation for the meeting it would be good if you could=20
(a) identify the open issues with your document, and=20
(b) find one or two reviewers to have a look at your document during the =
next two weeks.=20

Ciao
Hannes

On Jul 15, 2012, at 5:59 PM, John Bradley wrote:

> Yes we need to get clearer on the the threats and use cases.
>=20
> I think Phil Hunt has some though there is likely overlap.
>=20
> Part of the problem with MAC was people never agreed on the threats it =
was mitigating.
>=20
> I can present something or coordinate with Tony or Phil.
>=20
> John B.
>=20
> On 2012-07-14, at 9:36 PM, Anthony Nadalin wrote:
>=20
>> How about a few min on proof-of-possession requirements? I can =
present our use cases and requirements
>>=20
>> -----Original Message-----
>> From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On =
Behalf Of Mike Jones
>> Sent: Friday, July 13, 2012 4:42 PM
>> To: Hannes Tschofenig; oauth@ietf.org WG
>> Subject: Re: [OAUTH-WG] Meeting slot for the Vancouver IETF meeting =
requested
>>=20
>> I'm willing to do 5 minutes on the status of the Core and Bearer =
documents.
>>=20
>> I'm willing to give an update on JWT and the JWT Bearer - probably 15 =
minutes.  It's probably good that we're a day after the JOSE WG meeting, =
given the JWT dependency upon the JOSE specs.
>>=20
>> I'm willing to be part of a discussion on the Assertions draft, but =
would appreciate doing this with Brian and/or Chuck - I'm guessing 15 =
minutes for that as well.  (I'm not certain this will be needed, but I'd =
like to review the recent changes before saying that it's not.)
>>=20
>> Looking forward to seeing many of you in Vancouver!
>>=20
>> 				-- Mike
>>=20
>> -----Original Message-----
>> From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On =
Behalf Of Hannes Tschofenig
>> Sent: Saturday, June 02, 2012 12:46 AM
>> To: oauth@ietf.org WG
>> Subject: [OAUTH-WG] Meeting slot for the Vancouver IETF meeting =
requested
>>=20
>> Hi all,=20
>>=20
>> I have requested a 2,5 hour slot for the upcoming meeting.=20
>>=20
>> While the next meeting is still a bit away it is nevertheless useful =
to hear=20
>> * whether you plan to attend the next meeting, and=20
>> * whether you want to present something.=20
>>=20
>> I could imagine that these documents will be discussed:
>> * draft-ietf-oauth-dyn-reg
>> * draft-ietf-oauth-json-web-token
>> * draft-ietf-oauth-jwt-bearer
>> * draft-ietf-oauth-revocation
>> * draft-ietf-oauth-use-cases
>>=20
>> To the draft authors of these docuemnts: Please think about the open =
issues and drop a mail to the list so that we make some progress already =
before the face-to-face meeting.=20
>>=20
>> I am assume that the following documents do not require any =
discussion time at the upcoming IETF meeting anymore:
>> * draft-ietf-oauth-assertions
>> * draft-ietf-oauth-saml2-bearer
>> * draft-ietf-oauth-urn-sub-ns
>> * draft-ietf-oauth-v2
>> * draft-ietf-oauth-v2-bearer
>>=20
>> Ciao
>> Hannes
>>=20
>> _______________________________________________
>> OAuth mailing list
>> OAuth@ietf.org
>> https://www.ietf.org/mailman/listinfo/oauth
>>=20
>>=20
>> _______________________________________________
>> OAuth mailing list
>> OAuth@ietf.org
>> https://www.ietf.org/mailman/listinfo/oauth
>>=20
>>=20
>>=20
>>=20
>>=20
>> _______________________________________________
>> OAuth mailing list
>> OAuth@ietf.org
>> https://www.ietf.org/mailman/listinfo/oauth
>=20


From ve7jtb@ve7jtb.com  Sun Jul 15 10:58:29 2012
Return-Path: 
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4700521F84A6 for ; Sun, 15 Jul 2012 10:58:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.449
X-Spam-Level: 
X-Spam-Status: No, score=-3.449 tagged_above=-999 required=5 tests=[AWL=0.150,  BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id M4OjUEGGqUOE for ; Sun, 15 Jul 2012 10:58:28 -0700 (PDT)
Received: from mail-ob0-f172.google.com (mail-ob0-f172.google.com [209.85.214.172]) by ietfa.amsl.com (Postfix) with ESMTP id 7C37621F84A0 for ; Sun, 15 Jul 2012 10:58:28 -0700 (PDT)
Received: by obbwc20 with SMTP id wc20so9163421obb.31 for ; Sun, 15 Jul 2012 10:59:10 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=subject:mime-version:content-type:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to:x-mailer :x-gm-message-state; bh=hWlFmyjtn/Sw8DFkygNOoO9pEqukxwVxoPVlir+jMRE=; b=j5qHYcn1GJbZLBhDQhggTzRidaFUEwjlhYhFep+RhBxTTjHK2D+5rcttGAaMz+jwHL Q+3XmAnTdqv7/mGsNN8Dv4mSpNmNqaPpr0lNJSffj79qbGhMaeHD5ozZo76ickRgxa71 sDJjOdNA6t6ruyw2t90Vtz0QmAuesQaDrzrsjn5WKThlH9tEGLcfGSzA+KmkP0jFxHLE Tghk56aFPsBHVj0Z+bSCQxoyWlzYFS4R0y8kjne+hEBqqdj4jqCsh2OLuh+mKKdT1Fbn gKFSGGFaoqgSq36rtFhyeVWwk79QADbA5WKF8sdBl8A9KFroQYnLlfoN3BceqXxknTle gyCw==
Received: by 10.60.31.237 with SMTP id d13mr11610200oei.27.1342375150588; Sun, 15 Jul 2012 10:59:10 -0700 (PDT)
Received: from [172.17.10.155] ([66.110.180.66]) by mx.google.com with ESMTPS id k3sm8906937obw.4.2012.07.15.10.59.09 (version=TLSv1/SSLv3 cipher=OTHER); Sun, 15 Jul 2012 10:59:10 -0700 (PDT)
Mime-Version: 1.0 (Apple Message framework v1278)
Content-Type: text/plain; charset=us-ascii
From: John Bradley 
In-Reply-To: <8429D59C-E6D2-4848-BE90-A94C6ED024FE@oracle.com>
Date: Sun, 15 Jul 2012 11:59:08 -0600
Content-Transfer-Encoding: quoted-printable
Message-Id: <0AF2EBBB-5FA0-40D0-9806-A8C8F2ACAAE5@ve7jtb.com>
References: <09CE58C6-9409-4E28-B4CA-DC76C37B898E@gmx.net> <4E1F6AAD24975D4BA5B16804296739436672BBBE@TK5EX14MBXC285.redmond.corp.microsoft.com>  <6DEBD33A-815E-460D-934E-A684AED2BA6B@ve7jtb.com> <8429D59C-E6D2-4848-BE90-A94C6ED024FE@oracle.com>
To: Phil Hunt 
X-Mailer: Apple Mail (2.1278)
X-Gm-Message-State: ALoCoQkjieEiybPs+GmdlsXN0ui1ILZXZ8Nq2Qtt1gECuex7Fc5wJxU9BZBDIXEOew/UZC5dxWq2
Cc: "oauth@ietf.org WG" 
Subject: Re: [OAUTH-WG] Meeting slot for the Vancouver IETF meeting requested
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG 
List-Unsubscribe: , 
List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: , 
X-List-Received-Date: Sun, 15 Jul 2012 17:58:29 -0000

Good working with you and Tony is the stuff of dreams:)

We can sync up off list and try to reduce duplication.

Are we all at CIS this week?

John B.
On 2012-07-15, at 11:47 AM, Phil Hunt wrote:

> Sounds like a great idea. I can put together a few slides.=20
>=20
> Phil
>=20
> On 2012-07-15, at 7:59, John Bradley  wrote:
>=20
>> Yes we need to get clearer on the the threats and use cases.
>>=20
>> I think Phil Hunt has some though there is likely overlap.
>>=20
>> Part of the problem with MAC was people never agreed on the threats =
it was mitigating.
>>=20
>> I can present something or coordinate with Tony or Phil.
>>=20
>> John B.
>>=20
>> On 2012-07-14, at 9:36 PM, Anthony Nadalin wrote:
>>=20
>>> How about a few min on proof-of-possession requirements? I can =
present our use cases and requirements
>>>=20
>>> -----Original Message-----
>>> From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On =
Behalf Of Mike Jones
>>> Sent: Friday, July 13, 2012 4:42 PM
>>> To: Hannes Tschofenig; oauth@ietf.org WG
>>> Subject: Re: [OAUTH-WG] Meeting slot for the Vancouver IETF meeting =
requested
>>>=20
>>> I'm willing to do 5 minutes on the status of the Core and Bearer =
documents.
>>>=20
>>> I'm willing to give an update on JWT and the JWT Bearer - probably =
15 minutes.  It's probably good that we're a day after the JOSE WG =
meeting, given the JWT dependency upon the JOSE specs.
>>>=20
>>> I'm willing to be part of a discussion on the Assertions draft, but =
would appreciate doing this with Brian and/or Chuck - I'm guessing 15 =
minutes for that as well.  (I'm not certain this will be needed, but I'd =
like to review the recent changes before saying that it's not.)
>>>=20
>>> Looking forward to seeing many of you in Vancouver!
>>>=20
>>>               -- Mike
>>>=20
>>> -----Original Message-----
>>> From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On =
Behalf Of Hannes Tschofenig
>>> Sent: Saturday, June 02, 2012 12:46 AM
>>> To: oauth@ietf.org WG
>>> Subject: [OAUTH-WG] Meeting slot for the Vancouver IETF meeting =
requested
>>>=20
>>> Hi all,=20
>>>=20
>>> I have requested a 2,5 hour slot for the upcoming meeting.=20
>>>=20
>>> While the next meeting is still a bit away it is nevertheless useful =
to hear=20
>>> * whether you plan to attend the next meeting, and=20
>>> * whether you want to present something.=20
>>>=20
>>> I could imagine that these documents will be discussed:
>>> * draft-ietf-oauth-dyn-reg
>>> * draft-ietf-oauth-json-web-token
>>> * draft-ietf-oauth-jwt-bearer
>>> * draft-ietf-oauth-revocation
>>> * draft-ietf-oauth-use-cases
>>>=20
>>> To the draft authors of these docuemnts: Please think about the open =
issues and drop a mail to the list so that we make some progress already =
before the face-to-face meeting.=20
>>>=20
>>> I am assume that the following documents do not require any =
discussion time at the upcoming IETF meeting anymore:
>>> * draft-ietf-oauth-assertions
>>> * draft-ietf-oauth-saml2-bearer
>>> * draft-ietf-oauth-urn-sub-ns
>>> * draft-ietf-oauth-v2
>>> * draft-ietf-oauth-v2-bearer
>>>=20
>>> Ciao
>>> Hannes
>>>=20
>>> _______________________________________________
>>> OAuth mailing list
>>> OAuth@ietf.org
>>> https://www.ietf.org/mailman/listinfo/oauth
>>>=20
>>>=20
>>> _______________________________________________
>>> OAuth mailing list
>>> OAuth@ietf.org
>>> https://www.ietf.org/mailman/listinfo/oauth
>>>=20
>>>=20
>>>=20
>>>=20
>>>=20
>>> _______________________________________________
>>> OAuth mailing list
>>> OAuth@ietf.org
>>> https://www.ietf.org/mailman/listinfo/oauth
>>=20
>> _______________________________________________
>> OAuth mailing list
>> OAuth@ietf.org
>> https://www.ietf.org/mailman/listinfo/oauth


From phil.hunt@oracle.com  Sun Jul 15 11:07:16 2012
Return-Path: 
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CBD2821F852C for ; Sun, 15 Jul 2012 11:07:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.59
X-Spam-Level: 
X-Spam-Status: No, score=-9.59 tagged_above=-999 required=5 tests=[AWL=-0.387,  BAYES_00=-2.599, MIME_QP_LONG_LINE=1.396, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JWzRQK3AKrnP for ; Sun, 15 Jul 2012 11:07:16 -0700 (PDT)
Received: from rcsinet15.oracle.com (rcsinet15.oracle.com [148.87.113.117]) by ietfa.amsl.com (Postfix) with ESMTP id E776021F852B for ; Sun, 15 Jul 2012 11:07:15 -0700 (PDT)
Received: from acsinet22.oracle.com (acsinet22.oracle.com [141.146.126.238]) by rcsinet15.oracle.com (Sentrion-MTA-4.2.2/Sentrion-MTA-4.2.2) with ESMTP id q6FI7uLr003234 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Sun, 15 Jul 2012 18:07:57 GMT
Received: from acsmt357.oracle.com (acsmt357.oracle.com [141.146.40.157]) by acsinet22.oracle.com (8.14.4+Sun/8.14.4) with ESMTP id q6FI7uhr029598 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Sun, 15 Jul 2012 18:07:56 GMT
Received: from abhmt115.oracle.com (abhmt115.oracle.com [141.146.116.67]) by acsmt357.oracle.com (8.12.11.20060308/8.12.11) with ESMTP id q6FI7uih006501; Sun, 15 Jul 2012 13:07:56 -0500
Received: from [192.168.1.125] (/174.7.250.104) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Sun, 15 Jul 2012 11:07:55 -0700
References: <09CE58C6-9409-4E28-B4CA-DC76C37B898E@gmx.net> <4E1F6AAD24975D4BA5B16804296739436672BBBE@TK5EX14MBXC285.redmond.corp.microsoft.com>  <6DEBD33A-815E-460D-934E-A684AED2BA6B@ve7jtb.com> <8429D59C-E6D2-4848-BE90-A94C6ED024FE@oracle.com> <0AF2EBBB-5FA0-40D0-9806-A8C8F2ACAAE5@ve7jtb.com>
In-Reply-To: <0AF2EBBB-5FA0-40D0-9806-A8C8F2ACAAE5@ve7jtb.com>
Mime-Version: 1.0 (1.0)
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset=us-ascii
Message-Id: 
X-Mailer: iPhone Mail (9B206)
From: Phil Hunt 
Date: Sun, 15 Jul 2012 11:07:55 -0700
To: John Bradley 
X-Source-IP: acsinet22.oracle.com [141.146.126.238]
Cc: "oauth@ietf.org WG" 
Subject: Re: [OAUTH-WG] Meeting slot for the Vancouver IETF meeting requested
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG 
List-Unsubscribe: , 
List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: , 
X-List-Received-Date: Sun, 15 Jul 2012 18:07:16 -0000

Unfortunately I won't be at CIS. Should be lots of time to meet in vancouver=
 and we can do a summary in the session if agenda permits.=20

Phil

On 2012-07-15, at 10:59, John Bradley  wrote:

> Good working with you and Tony is the stuff of dreams:)
>=20
> We can sync up off list and try to reduce duplication.
>=20
> Are we all at CIS this week?
>=20
> John B.
> On 2012-07-15, at 11:47 AM, Phil Hunt wrote:
>=20
>> Sounds like a great idea. I can put together a few slides.=20
>>=20
>> Phil
>>=20
>> On 2012-07-15, at 7:59, John Bradley  wrote:
>>=20
>>> Yes we need to get clearer on the the threats and use cases.
>>>=20
>>> I think Phil Hunt has some though there is likely overlap.
>>>=20
>>> Part of the problem with MAC was people never agreed on the threats it w=
as mitigating.
>>>=20
>>> I can present something or coordinate with Tony or Phil.
>>>=20
>>> John B.
>>>=20
>>> On 2012-07-14, at 9:36 PM, Anthony Nadalin wrote:
>>>=20
>>>> How about a few min on proof-of-possession requirements? I can present o=
ur use cases and requirements
>>>>=20
>>>> -----Original Message-----
>>>> From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On Behalf O=
f Mike Jones
>>>> Sent: Friday, July 13, 2012 4:42 PM
>>>> To: Hannes Tschofenig; oauth@ietf.org WG
>>>> Subject: Re: [OAUTH-WG] Meeting slot for the Vancouver IETF meeting req=
uested
>>>>=20
>>>> I'm willing to do 5 minutes on the status of the Core and Bearer docume=
nts.
>>>>=20
>>>> I'm willing to give an update on JWT and the JWT Bearer - probably 15 m=
inutes.  It's probably good that we're a day after the JOSE WG meeting, give=
n the JWT dependency upon the JOSE specs.
>>>>=20
>>>> I'm willing to be part of a discussion on the Assertions draft, but wou=
ld appreciate doing this with Brian and/or Chuck - I'm guessing 15 minutes f=
or that as well.  (I'm not certain this will be needed, but I'd like to revi=
ew the recent changes before saying that it's not.)
>>>>=20
>>>> Looking forward to seeing many of you in Vancouver!
>>>>=20
>>>>              -- Mike
>>>>=20
>>>> -----Original Message-----
>>>> From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On Behalf O=
f Hannes Tschofenig
>>>> Sent: Saturday, June 02, 2012 12:46 AM
>>>> To: oauth@ietf.org WG
>>>> Subject: [OAUTH-WG] Meeting slot for the Vancouver IETF meeting request=
ed
>>>>=20
>>>> Hi all,=20
>>>>=20
>>>> I have requested a 2,5 hour slot for the upcoming meeting.=20
>>>>=20
>>>> While the next meeting is still a bit away it is nevertheless useful to=
 hear=20
>>>> * whether you plan to attend the next meeting, and=20
>>>> * whether you want to present something.=20
>>>>=20
>>>> I could imagine that these documents will be discussed:
>>>> * draft-ietf-oauth-dyn-reg
>>>> * draft-ietf-oauth-json-web-token
>>>> * draft-ietf-oauth-jwt-bearer
>>>> * draft-ietf-oauth-revocation
>>>> * draft-ietf-oauth-use-cases
>>>>=20
>>>> To the draft authors of these docuemnts: Please think about the open is=
sues and drop a mail to the list so that we make some progress already befor=
e the face-to-face meeting.=20
>>>>=20
>>>> I am assume that the following documents do not require any discussion t=
ime at the upcoming IETF meeting anymore:
>>>> * draft-ietf-oauth-assertions
>>>> * draft-ietf-oauth-saml2-bearer
>>>> * draft-ietf-oauth-urn-sub-ns
>>>> * draft-ietf-oauth-v2
>>>> * draft-ietf-oauth-v2-bearer
>>>>=20
>>>> Ciao
>>>> Hannes
>>>>=20
>>>> _______________________________________________
>>>> OAuth mailing list
>>>> OAuth@ietf.org
>>>> https://www.ietf.org/mailman/listinfo/oauth
>>>>=20
>>>>=20
>>>> _______________________________________________
>>>> OAuth mailing list
>>>> OAuth@ietf.org
>>>> https://www.ietf.org/mailman/listinfo/oauth
>>>>=20
>>>>=20
>>>>=20
>>>>=20
>>>>=20
>>>> _______________________________________________
>>>> OAuth mailing list
>>>> OAuth@ietf.org
>>>> https://www.ietf.org/mailman/listinfo/oauth
>>>=20
>>> _______________________________________________
>>> OAuth mailing list
>>> OAuth@ietf.org
>>> https://www.ietf.org/mailman/listinfo/oauth
>=20

From tonynad@microsoft.com  Sun Jul 15 11:40:06 2012
Return-Path: 
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AFFB721F851C for ; Sun, 15 Jul 2012 11:40:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.966
X-Spam-Level: 
X-Spam-Status: No, score=-1.966 tagged_above=-999 required=5 tests=[AWL=1.500,  BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-4, UNRESOLVED_TEMPLATE=3.132]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ApxGAHffQRn5 for ; Sun, 15 Jul 2012 11:40:05 -0700 (PDT)
Received: from va3outboundpool.messaging.microsoft.com (va3ehsobe006.messaging.microsoft.com [216.32.180.16]) by ietfa.amsl.com (Postfix) with ESMTP id 690AB21F851A for ; Sun, 15 Jul 2012 11:40:05 -0700 (PDT)
Received: from mail27-va3-R.bigfish.com (10.7.14.252) by VA3EHSOBE010.bigfish.com (10.7.40.12) with Microsoft SMTP Server id 14.1.225.23; Sun, 15 Jul 2012 18:40:47 +0000
Received: from mail27-va3 (localhost [127.0.0.1])	by mail27-va3-R.bigfish.com (Postfix) with ESMTP id B7D2B3A0325	for ; Sun, 15 Jul 2012 18:40:46 +0000 (UTC)
X-Forefront-Antispam-Report: CIP:131.107.125.8; KIP:(null); UIP:(null); IPV:NLI; H:TK5EX14HUBC104.redmond.corp.microsoft.com; RD:none; EFVD:NLI
X-SpamScore: -28
X-BigFish: VS-28(zzbb2dI98dI9371I936eIc85fh542M1432I14ffIzz1202h1082kzz1033IL8275bh8275dhz2fh2a8h683h839hd25hf0ah107ah)
Received-SPF: pass (mail27-va3: domain of microsoft.com designates 131.107.125.8 as permitted sender) client-ip=131.107.125.8; envelope-from=tonynad@microsoft.com; helo=TK5EX14HUBC104.redmond.corp.microsoft.com ; icrosoft.com ; 
X-Forefront-Antispam-Report-Untrusted: CIP:157.56.240.21; KIP:(null); UIP:(null); (null); H:BL2PRD0310HT004.namprd03.prod.outlook.com; R:internal; EFV:INT
Received: from mail27-va3 (localhost.localdomain [127.0.0.1]) by mail27-va3 (MessageSwitch) id 1342377645156032_2461; Sun, 15 Jul 2012 18:40:45 +0000 (UTC)
Received: from VA3EHSMHS027.bigfish.com (unknown [10.7.14.236])	by mail27-va3.bigfish.com (Postfix) with ESMTP id C02B246005B	for ; Sun, 15 Jul 2012 18:40:44 +0000 (UTC)
Received: from TK5EX14HUBC104.redmond.corp.microsoft.com (131.107.125.8) by VA3EHSMHS027.bigfish.com (10.7.99.37) with Microsoft SMTP Server (TLS) id 14.1.225.23; Sun, 15 Jul 2012 18:40:44 +0000
Received: from va3outboundpool.messaging.microsoft.com (157.54.51.114) by mail.microsoft.com (157.54.80.25) with Microsoft SMTP Server (TLS) id 14.2.309.3; Sun, 15 Jul 2012 18:40:42 +0000
Received: from mail60-va3-R.bigfish.com (10.7.14.249) by VA3EHSOBE002.bigfish.com (10.7.40.22) with Microsoft SMTP Server id 14.1.225.23; Sun, 15 Jul 2012 18:40:41 +0000
Received: from mail60-va3 (localhost [127.0.0.1])	by mail60-va3-R.bigfish.com (Postfix) with ESMTP id 39D663202E5	for ; Sun, 15 Jul 2012 18:40:41 +0000 (UTC)
Received: from mail60-va3 (localhost.localdomain [127.0.0.1]) by mail60-va3 (MessageSwitch) id 1342377638798214_12516; Sun, 15 Jul 2012 18:40:38 +0000 (UTC)
Received: from VA3EHSMHS018.bigfish.com (unknown [10.7.14.249])	by mail60-va3.bigfish.com (Postfix) with ESMTP id B9CAF3C007B; Sun, 15 Jul 2012 18:40:38 +0000 (UTC)
Received: from BL2PRD0310HT004.namprd03.prod.outlook.com (157.56.240.21) by VA3EHSMHS018.bigfish.com (10.7.99.28) with Microsoft SMTP Server (TLS) id 14.1.225.23; Sun, 15 Jul 2012 18:40:39 +0000
Received: from BL2PRD0310MB362.namprd03.prod.outlook.com ([169.254.12.220]) by BL2PRD0310HT004.namprd03.prod.outlook.com ([10.255.97.39]) with mapi id 14.16.0175.005; Sun, 15 Jul 2012 18:40:38 +0000
From: Anthony Nadalin 
To: John Bradley , Phil Hunt 
Thread-Topic: [OAUTH-WG] Meeting slot for the Vancouver IETF meeting requested
Thread-Index: AQHNQJPZ5j9pYLHhLUKueklu+DoRpJcoIQ4AgADsgMCAAaYwAIAALuAAgAADSQCAAAuXwQ==
Date: Sun, 15 Jul 2012 18:40:36 +0000
Message-ID: 
References: <09CE58C6-9409-4E28-B4CA-DC76C37B898E@gmx.net> <4E1F6AAD24975D4BA5B16804296739436672BBBE@TK5EX14MBXC285.redmond.corp.microsoft.com>  <6DEBD33A-815E-460D-934E-A684AED2BA6B@ve7jtb.com> <8429D59C-E6D2-4848-BE90-A94C6ED024FE@oracle.com>, <0AF2EBBB-5FA0-40D0-9806-A8C8F2ACAAE5@ve7jtb.com>
In-Reply-To: <0AF2EBBB-5FA0-40D0-9806-A8C8F2ACAAE5@ve7jtb.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-originating-ip: [166.147.93.28]
Content-Type: multipart/alternative; boundary="_000_B26C1EF377CB694EAB6BDDC8E624B6E7554FBB40BL2PRD0310MB362_"
MIME-Version: 1.0
X-OrganizationHeadersPreserved: BL2PRD0310HT004.namprd03.prod.outlook.com
X-FOPE-CONNECTOR: Id%0$Dn%*$RO%0$TLS%0$FQDN%$TlsDn%
X-FOPE-CONNECTOR: Id%59$Dn%VE7JTB.COM$RO%2$TLS%6$FQDN%131.107.125.5$TlsDn%
X-FOPE-CONNECTOR: Id%59$Dn%ORACLE.COM$RO%2$TLS%6$FQDN%131.107.125.5$TlsDn%
X-FOPE-CONNECTOR: Id%59$Dn%IETF.ORG$RO%2$TLS%6$FQDN%131.107.125.5$TlsDn%
X-CrossPremisesHeadersPromoted: TK5EX14HUBC104.redmond.corp.microsoft.com
X-CrossPremisesHeadersFiltered: TK5EX14HUBC104.redmond.corp.microsoft.com
X-OriginatorOrg: microsoft.com
Cc: "oauth@ietf.org WG" 
Subject: Re: [OAUTH-WG] Meeting slot for the Vancouver IETF meeting requested
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG 
List-Unsubscribe: , 
List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: , 
X-List-Received-Date: Sun, 15 Jul 2012 18:40:06 -0000

--_000_B26C1EF377CB694EAB6BDDC8E624B6E7554FBB40BL2PRD0310MB362_
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

I will not be at CIS

Sent from my Windows Phone
________________________________
From: John Bradley
Sent: 7/15/2012 10:59 AM
To: Phil Hunt
Cc: Anthony Nadalin; oauth@ietf.org WG
Subject: Re: [OAUTH-WG] Meeting slot for the Vancouver IETF meeting request=
ed

Good working with you and Tony is the stuff of dreams:)

We can sync up off list and try to reduce duplication.

Are we all at CIS this week?

John B.
On 2012-07-15, at 11:47 AM, Phil Hunt wrote:

> Sounds like a great idea. I can put together a few slides.
>
> Phil
>
> On 2012-07-15, at 7:59, John Bradley  wrote:
>
>> Yes we need to get clearer on the the threats and use cases.
>>
>> I think Phil Hunt has some though there is likely overlap.
>>
>> Part of the problem with MAC was people never agreed on the threats it w=
as mitigating.
>>
>> I can present something or coordinate with Tony or Phil.
>>
>> John B.
>>
>> On 2012-07-14, at 9:36 PM, Anthony Nadalin wrote:
>>
>>> How about a few min on proof-of-possession requirements? I can present =
our use cases and requirements
>>>
>>> -----Original Message-----
>>> From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On Behalf =
Of Mike Jones
>>> Sent: Friday, July 13, 2012 4:42 PM
>>> To: Hannes Tschofenig; oauth@ietf.org WG
>>> Subject: Re: [OAUTH-WG] Meeting slot for the Vancouver IETF meeting req=
uested
>>>
>>> I'm willing to do 5 minutes on the status of the Core and Bearer docume=
nts.
>>>
>>> I'm willing to give an update on JWT and the JWT Bearer - probably 15 m=
inutes.  It's probably good that we're a day after the JOSE WG meeting, giv=
en the JWT dependency upon the JOSE specs.
>>>
>>> I'm willing to be part of a discussion on the Assertions draft, but wou=
ld appreciate doing this with Brian and/or Chuck - I'm guessing 15 minutes =
for that as well.  (I'm not certain this will be needed, but I'd like to re=
view the recent changes before saying that it's not.)
>>>
>>> Looking forward to seeing many of you in Vancouver!
>>>
>>>               -- Mike
>>>
>>> -----Original Message-----
>>> From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On Behalf =
Of Hannes Tschofenig
>>> Sent: Saturday, June 02, 2012 12:46 AM
>>> To: oauth@ietf.org WG
>>> Subject: [OAUTH-WG] Meeting slot for the Vancouver IETF meeting request=
ed
>>>
>>> Hi all,
>>>
>>> I have requested a 2,5 hour slot for the upcoming meeting.
>>>
>>> While the next meeting is still a bit away it is nevertheless useful to=
 hear
>>> * whether you plan to attend the next meeting, and
>>> * whether you want to present something.
>>>
>>> I could imagine that these documents will be discussed:
>>> * draft-ietf-oauth-dyn-reg
>>> * draft-ietf-oauth-json-web-token
>>> * draft-ietf-oauth-jwt-bearer
>>> * draft-ietf-oauth-revocation
>>> * draft-ietf-oauth-use-cases
>>>
>>> To the draft authors of these docuemnts: Please think about the open is=
sues and drop a mail to the list so that we make some progress already befo=
re the face-to-face meeting.
>>>
>>> I am assume that the following documents do not require any discussion =
time at the upcoming IETF meeting anymore:
>>> * draft-ietf-oauth-assertions
>>> * draft-ietf-oauth-saml2-bearer
>>> * draft-ietf-oauth-urn-sub-ns
>>> * draft-ietf-oauth-v2
>>> * draft-ietf-oauth-v2-bearer
>>>
>>> Ciao
>>> Hannes
>>>
>>> _______________________________________________
>>> OAuth mailing list
>>> OAuth@ietf.org
>>> https://www.ietf.org/mailman/listinfo/oauth
>>>
>>>
>>> _______________________________________________
>>> OAuth mailing list
>>> OAuth@ietf.org
>>> https://www.ietf.org/mailman/listinfo/oauth
>>>
>>>
>>>
>>>
>>>
>>> _______________________________________________
>>> OAuth mailing list
>>> OAuth@ietf.org
>>> https://www.ietf.org/mailman/listinfo/oauth
>>
>> _______________________________________________
>> OAuth mailing list
>> OAuth@ietf.org
>> https://www.ietf.org/mailman/listinfo/oauth





--_000_B26C1EF377CB694EAB6BDDC8E624B6E7554FBB40BL2PRD0310MB362_
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable













I will not be=
 at CIS



Sent from my Windows Phone







From:
John B=
radley

Sent:
7/15/2=
012 10:59 AM

To:
Phil H=
unt

Cc:
Anthon=
y Nadalin; oauth@ietf.org WG

Subject:
Re: [O=
AUTH-WG] Meeting slot for the Vancouver IETF meeting requested







Good working with you and Tony is the stuff of dre=
ams:)



We can sync up off list and try to reduce duplication.



Are we all at CIS this week?



John B.

On 2012-07-15, at 11:47 AM, Phil Hunt wrote:



> Sounds like a great idea. I can put together a few slides. 

> 

> Phil

> 

> On 2012-07-15, at 7:59, John Bradley <ve7jtb@ve7jtb.com> wrote:<=
br>
> 

>> Yes we need to get clearer on the the threats and use cases.

>> 

>> I think Phil Hunt has some though there is likely overlap.

>> 

>> Part of the problem with MAC was people never agreed on the threat=
s it was mitigating.

>> 

>> I can present something or coordinate with Tony or Phil.

>> 

>> John B.

>> 

>> On 2012-07-14, at 9:36 PM, Anthony Nadalin wrote:

>> 

>>> How about a few min on proof-of-possession requirements? I can=
 present our use cases and requirements

>>> 

>>> -----Original Message-----

>>> From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On Behalf Of Mike Jones

>>> Sent: Friday, July 13, 2012 4:42 PM

>>> To: Hannes Tschofenig; oauth@ietf.org WG

>>> Subject: Re: [OAUTH-WG] Meeting slot for the Vancouver IETF me=
eting requested

>>> 

>>> I'm willing to do 5 minutes on the status of the Core and Bear=
er documents.

>>> 

>>> I'm willing to give an update on JWT and the JWT Bearer - prob=
ably 15 minutes.  It's probably good that we're a day after the JOSE W=
G meeting, given the JWT dependency upon the JOSE specs.

>>> 

>>> I'm willing to be part of a discussion on the Assertions draft=
, but would appreciate doing this with Brian and/or Chuck - I'm guessing 15=
 minutes for that as well.  (I'm not certain this will be needed, but =
I'd like to review the recent changes before saying
 that it's not.)

>>> 

>>> Looking forward to seeing many of you in Vancouver!

>>> 

>>>          &nb=
sp;    -- Mike

>>> 

>>> -----Original Message-----

>>> From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On Behalf Of Hannes Tschofenig=


>>> Sent: Saturday, June 02, 2012 12:46 AM

>>> To: oauth@ietf.org WG

>>> Subject: [OAUTH-WG] Meeting slot for the Vancouver IETF meetin=
g requested

>>> 

>>> Hi all, 

>>> 

>>> I have requested a 2,5 hour slot for the upcoming meeting. 
>>> 

>>> While the next meeting is still a bit away it is nevertheless =
useful to hear 

>>> * whether you plan to attend the next meeting, and 

>>> * whether you want to present something. 

>>> 

>>> I could imagine that these documents will be discussed:

>>> * draft-ietf-oauth-dyn-reg

>>> * draft-ietf-oauth-json-web-token

>>> * draft-ietf-oauth-jwt-bearer

>>> * draft-ietf-oauth-revocation

>>> * draft-ietf-oauth-use-cases

>>> 

>>> To the draft authors of these docuemnts: Please think about th=
e open issues and drop a mail to the list so that we make some progress alr=
eady before the face-to-face meeting.


>>> 

>>> I am assume that the following documents do not require any di=
scussion time at the upcoming IETF meeting anymore:

>>> * draft-ietf-oauth-assertions

>>> * draft-ietf-oauth-saml2-bearer

>>> * draft-ietf-oauth-urn-sub-ns

>>> * draft-ietf-oauth-v2

>>> * draft-ietf-oauth-v2-bearer

>>> 

>>> Ciao

>>> Hannes

>>> 

>>> _______________________________________________

>>> OAuth mailing list

>>> OAuth@ietf.org

>>> https:=
//www.ietf.org/mailman/listinfo/oauth

>>> 

>>> 

>>> _______________________________________________

>>> OAuth mailing list

>>> OAuth@ietf.org

>>> https:=
//www.ietf.org/mailman/listinfo/oauth

>>> 

>>> 

>>> 

>>> 

>>> 

>>> _______________________________________________

>>> OAuth mailing list

>>> OAuth@ietf.org

>>> https:=
//www.ietf.org/mailman/listinfo/oauth

>> 

>> _______________________________________________

>> OAuth mailing list

>> OAuth@ietf.org

>> https://ww=
w.ietf.org/mailman/listinfo/oauth















--_000_B26C1EF377CB694EAB6BDDC8E624B6E7554FBB40BL2PRD0310MB362_--

From internet-drafts@ietf.org  Sun Jul 15 19:56:47 2012
Return-Path: 
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5801D21F8528; Sun, 15 Jul 2012 19:56:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.515
X-Spam-Level: 
X-Spam-Status: No, score=-102.515 tagged_above=-999 required=5 tests=[AWL=0.084, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SMsSNj6nwNeS; Sun, 15 Jul 2012 19:56:46 -0700 (PDT)
Received: from ietfa.amsl.com (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CC5DA21F850D; Sun, 15 Jul 2012 19:56:46 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
From: internet-drafts@ietf.org
To: i-d-announce@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 4.30p3
Message-ID: <20120716025646.523.47517.idtracker@ietfa.amsl.com>
Date: Sun, 15 Jul 2012 19:56:46 -0700
Cc: oauth@ietf.org
Subject: [OAUTH-WG] I-D Action: draft-ietf-oauth-v2-30.txt
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG 
List-Unsubscribe: , 
List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: , 
X-List-Received-Date: Mon, 16 Jul 2012 02:56:47 -0000

A New Internet-Draft is available from the on-line Internet-Drafts director=
ies.
 This draft is a work item of the Web Authorization Protocol Working Group =
of the IETF.

	Title           : The OAuth 2.0 Authorization Framework
	Author(s)       : Dick Hardt
                          David Recordon
	Filename        : draft-ietf-oauth-v2-30.txt
	Pages           : 72
	Date            : 2012-07-15

Abstract:
   The OAuth 2.0 authorization framework enables a third-party
   application to obtain limited access to an HTTP service, either on
   behalf of a resource owner by orchestrating an approval interaction
   between the resource owner and the HTTP service, or by allowing the
   third-party application to obtain access on its own behalf.  This
   specification replaces and obsoletes the OAuth 1.0 protocol described
   in RFC 5849.


The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/doc/draft-ietf-oauth-v2

There's also a htmlized version available at:
http://tools.ietf.org/html/draft-ietf-oauth-v2-30

A diff from previous version is available at:
http://tools.ietf.org/rfcdiff?url2=3Ddraft-ietf-oauth-v2-30


Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/


From Michael.Jones@microsoft.com  Sun Jul 15 20:04:36 2012
Return-Path: 
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 98C4A11E80A1 for ; Sun, 15 Jul 2012 20:04:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.793
X-Spam-Level: 
X-Spam-Status: No, score=-3.793 tagged_above=-999 required=5 tests=[AWL=-0.195, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AWEKtv9Fno4R for ; Sun, 15 Jul 2012 20:04:35 -0700 (PDT)
Received: from db3outboundpool.messaging.microsoft.com (db3ehsobe005.messaging.microsoft.com [213.199.154.143]) by ietfa.amsl.com (Postfix) with ESMTP id 39F9D11E80AE for ; Sun, 15 Jul 2012 20:04:34 -0700 (PDT)
Received: from mail113-db3-R.bigfish.com (10.3.81.243) by DB3EHSOBE002.bigfish.com (10.3.84.22) with Microsoft SMTP Server id 14.1.225.23; Mon, 16 Jul 2012 03:05:18 +0000
Received: from mail113-db3 (localhost [127.0.0.1])	by mail113-db3-R.bigfish.com (Postfix) with ESMTP id 986E012042E	for ; Mon, 16 Jul 2012 03:05:17 +0000 (UTC)
X-Forefront-Antispam-Report: CIP:131.107.125.8; KIP:(null); UIP:(null); IPV:NLI; H:TK5EX14HUBC103.redmond.corp.microsoft.com; RD:none; EFVD:NLI
X-SpamScore: -19
X-BigFish: VS-19(zzc85fhzz1202hzz1033IL8275eh8275bh8275dha1495iz2fh2a8h668h839hd25hf0ah107ah)
Received-SPF: pass (mail113-db3: domain of microsoft.com designates 131.107.125.8 as permitted sender) client-ip=131.107.125.8; envelope-from=Michael.Jones@microsoft.com; helo=TK5EX14HUBC103.redmond.corp.microsoft.com ; icrosoft.com ; 
Received: from mail113-db3 (localhost.localdomain [127.0.0.1]) by mail113-db3 (MessageSwitch) id 1342407914391713_23010; Mon, 16 Jul 2012 03:05:14 +0000 (UTC)
Received: from DB3EHSMHS017.bigfish.com (unknown [10.3.81.230])	by mail113-db3.bigfish.com (Postfix) with ESMTP id 53C3040043	for ; Mon, 16 Jul 2012 03:05:14 +0000 (UTC)
Received: from TK5EX14HUBC103.redmond.corp.microsoft.com (131.107.125.8) by DB3EHSMHS017.bigfish.com (10.3.87.117) with Microsoft SMTP Server (TLS) id 14.1.225.23; Mon, 16 Jul 2012 03:05:14 +0000
Received: from TK5EX14MBXC285.redmond.corp.microsoft.com ([169.254.3.222]) by TK5EX14HUBC103.redmond.corp.microsoft.com ([157.54.86.9]) with mapi id 14.02.0309.003; Mon, 16 Jul 2012 03:05:12 +0000
From: Mike Jones 
To: "oauth@ietf.org" 
Thread-Topic: OAuth Core draft -30 published
Thread-Index: Ac1i/9CUNcM3adG3RQS8gXzUNN+AZw==
Date: Mon, 16 Jul 2012 03:05:12 +0000
Message-ID: <4E1F6AAD24975D4BA5B168042967394366731A56@TK5EX14MBXC285.redmond.corp.microsoft.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-originating-ip: [157.54.51.37]
Content-Type: multipart/alternative; boundary="_000_4E1F6AAD24975D4BA5B168042967394366731A56TK5EX14MBXC285r_"
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
Subject: [OAUTH-WG] OAuth Core draft -30 published
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG 
List-Unsubscribe: , 
List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: , 
X-List-Received-Date: Mon, 16 Jul 2012 03:04:36 -0000

--_000_4E1F6AAD24975D4BA5B168042967394366731A56TK5EX14MBXC285r_
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

Draft -30 of the OAuth Core spec has been published.  The only change was:

*        Added text explaining why the server_error and temporarily_unavail=
able error codes are needed.

The draft is available at:

*        http://tools.ietf.org/html/draft-ietf-oauth-v2-30
An HTML-formatted version is available at:

*        http://self-issued.info/docs/draft-ietf-oauth-v2-30.html

Thanks to Dick Hardt for quickly resolving this issue.

                                                            -- Mike


--_000_4E1F6AAD24975D4BA5B168042967394366731A56TK5EX14MBXC285r_
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable











Draft -30 of the OAuth Core spec has been published.=
  The only change was:


·       
Added t=
ext explaining why the
server_error and
temporarily_unavailable error codes are needed.


 


The draft is available at:


·       
http://tools.ietf.org/html/draft-ietf-oauth-v2-30


An HTML-formatted version is available at:


·       
http://self-issued.info/docs/draft-ietf-oauth-v2-3=
0.html


 


Thanks to Dick Hardt for quickly resolving this issu=
e.


 


        &nbs=
p;            &=
nbsp;           &nbs=
p;            &=
nbsp;           &nbs=
p; -- Mike


 






--_000_4E1F6AAD24975D4BA5B168042967394366731A56TK5EX14MBXC285r_--

From sakimura@gmail.com  Mon Jul 16 09:38:52 2012
Return-Path: 
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6F0B421F8656 for ; Mon, 16 Jul 2012 09:38:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.465
X-Spam-Level: 
X-Spam-Status: No, score=-3.465 tagged_above=-999 required=5 tests=[AWL=0.133,  BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YG2a10xyReWz for ; Mon, 16 Jul 2012 09:38:51 -0700 (PDT)
Received: from mail-bk0-f44.google.com (mail-bk0-f44.google.com [209.85.214.44]) by ietfa.amsl.com (Postfix) with ESMTP id C7D4C21F8621 for ; Mon, 16 Jul 2012 09:38:41 -0700 (PDT)
Received: by bkty7 with SMTP id y7so4450228bkt.31 for ; Mon, 16 Jul 2012 09:39:26 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=7II/DNUt+g3SmcmI3E3vi5Ha0kHPYAiLYBRx4bAuFro=; b=apYOrj5IKUosXEwQFwg58na+avgvg4P1zjznCm/7F8B1XOQWAkvZvIlmoftwyYjgec FOcS7HaoZx9Q8IAeLkLhYYiJ63jt30R6WyHcn/ldZARv8yl5MIuA+VkUTuIUh6w9QlEo k8s1N7ewxU6iMonxfoHBhPzT3gc145lEhWMoKS7PHkkSpDbrV33OhcFooNmL5iJIUAgQ kUpUFUqsbT0ke4TYyHR0/ub28n33ZvpTBdkJ+9ikJm977n0U+Tf97frVlMEPQKNpG2dl do64nFLQs3tWLWRFrN+D+vGtmTgUgjl6g8Ly09R7VBorF4chjDnY0F+oa6iRMdkqUkcR vhGQ==
MIME-Version: 1.0
Received: by 10.204.152.220 with SMTP id h28mr5112939bkw.30.1342456766057; Mon, 16 Jul 2012 09:39:26 -0700 (PDT)
Received: by 10.204.124.13 with HTTP; Mon, 16 Jul 2012 09:39:26 -0700 (PDT)
In-Reply-To: 
References: 
Date: Mon, 16 Jul 2012 10:39:26 -0600
Message-ID: 
From: Nat Sakimura 
To: Hannes Tschofenig 
Content-Type: multipart/alternative; boundary=0015175cd17eaacc2c04c4f51281
Cc: OAuth WG 
Subject: Re: [OAUTH-WG] Design Team Conference Call - Monday, 16th July (1pm EST)
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG 
List-Unsubscribe: , 
List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: , 
X-List-Received-Date: Mon, 16 Jul 2012 16:38:52 -0000

--0015175cd17eaacc2c04c4f51281
Content-Type: text/plain; charset=ISO-8859-1

Mike, please start the bridge.
I am bound to the Cloud Identity Summit.

On Fri, Jul 13, 2012 at 4:43 AM, Hannes Tschofenig <
Hannes.Tschofenig@gmx.net> wrote:

> Hi all,
>
> for our conference call next week Nat offered his conference bridge (since
> we had some problems with Google+).
>
> Date: 16hh July 2012 (Monday)
> Time: 1pm EDT
>
> Agenda: We will do a status check on these documents:
> *    draft-ietf-oauth-v2
> *    draft-ietf-oauth-v2-bearer
> *    draft-ietf-oauth-v2-threatmodel
> *    draft-ietf-oauth-urn-sub-ns
> *    draft-ietf-oauth-assertions
>
> I expect this to be a short call since we are just making sure that all
> drafts are submitted prior to the deadline.
>
> Conference Bridge:
> https://www3.gotomeeting.com/join/695548174
>
> Participants are advised to try the link before the call because it is
> going to download and install the software.
>
> Use your microphone and speakers (VoIP) - a headset is recommended. Or,
> call in using your telephone.
>
> Dial +1 (773) 897-3000
> Access Code: 695-548-174
> Audio PIN: Shown after joining the meeting
>
> Meeting ID: 695-548-174
>
> Nat or Mike will be the host for the call and they will start it.
>
> Ciao
> Hannes
>
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth
>



-- 
Nat Sakimura (=nat)
Chairman, OpenID Foundation
http://nat.sakimura.org/
@_nat_en

--0015175cd17eaacc2c04c4f51281
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

Mike, please start the bridge.=A0
I am bound to the Cloud Identity Summ=
it.=A0

On Fri, Jul 13, 2012 at 4:4=
3 AM, Hannes Tschofenig <Hannes.Tschofenig@gmx.net> =
wrote:


Hi all,



for our conference call next week Nat offered his conference bridge (since =
we had some problems with Google+).



Date: 16hh July 2012 (Monday)

Time: 1pm EDT



Agenda: We will do a status check on these documents:

* =A0 =A0draft-ietf-oauth-v2

* =A0 =A0draft-ietf-oauth-v2-bearer

* =A0 =A0draft-ietf-oauth-v2-threatmodel

* =A0 =A0draft-ietf-oauth-urn-sub-ns

* =A0 =A0draft-ietf-oauth-assertions



I expect this to be a short call since we are just making sure that all dra=
fts are submitted prior to the deadline.



Conference Bridge:

h=
ttps://www3.gotomeeting.com/join/695548174



Participants are advised to try the link before the call because it is goin=
g to download and install the software.



Use your microphone and speakers (VoIP) - a headset is recommended. Or, cal=
l in using your telephone.



Dial +1 =
(773) 897-3000

Access Code: 695-548-174

Audio PIN: Shown after joining the meeting



Meeting ID: 695-548-174



Nat or Mike will be the host for the call and they will start it.



Ciao

Hannes



_______________________________________________

OAuth mailing list

OAuth@ietf.org

h=
ttps://www.ietf.org/mailman/listinfo/oauth





-- 
Nat Sakimura=
 (=3Dnat)
Chairman, OpenID Foundation
http://nat.sakimura.org/
@_nat_en





--0015175cd17eaacc2c04c4f51281--

From Michael.Jones@microsoft.com  Mon Jul 16 09:45:29 2012
Return-Path: 
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E182921F8661 for ; Mon, 16 Jul 2012 09:45:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.791
X-Spam-Level: 
X-Spam-Status: No, score=-3.791 tagged_above=-999 required=5 tests=[AWL=-0.193, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ja12f6Ma1FGy for ; Mon, 16 Jul 2012 09:45:28 -0700 (PDT)
Received: from va3outboundpool.messaging.microsoft.com (va3ehsobe010.messaging.microsoft.com [216.32.180.30]) by ietfa.amsl.com (Postfix) with ESMTP id E17A921F865E for ; Mon, 16 Jul 2012 09:45:27 -0700 (PDT)
Received: from mail76-va3-R.bigfish.com (10.7.14.243) by VA3EHSOBE011.bigfish.com (10.7.40.61) with Microsoft SMTP Server id 14.1.225.23; Mon, 16 Jul 2012 16:46:12 +0000
Received: from mail76-va3 (localhost [127.0.0.1])	by mail76-va3-R.bigfish.com (Postfix) with ESMTP id 4A747200211; Mon, 16 Jul 2012 16:46:12 +0000 (UTC)
X-Forefront-Antispam-Report: CIP:131.107.125.8; KIP:(null); UIP:(null); IPV:NLI; H:TK5EX14MLTC101.redmond.corp.microsoft.com; RD:none; EFVD:NLI
X-SpamScore: -35
X-BigFish: VS-35(zbebPz98dI9371Ic85fhc25dL14ffIzz1202hzz8275ch1033IL8275bh8275dhz2fh2a8h668h839hd25hf0ah107ah)
Received-SPF: pass (mail76-va3: domain of microsoft.com designates 131.107.125.8 as permitted sender) client-ip=131.107.125.8; envelope-from=Michael.Jones@microsoft.com; helo=TK5EX14MLTC101.redmond.corp.microsoft.com ; icrosoft.com ; 
Received: from mail76-va3 (localhost.localdomain [127.0.0.1]) by mail76-va3 (MessageSwitch) id 1342457169643302_4039; Mon, 16 Jul 2012 16:46:09 +0000 (UTC)
Received: from VA3EHSMHS009.bigfish.com (unknown [10.7.14.238])	by mail76-va3.bigfish.com (Postfix) with ESMTP id 8D8B5100227; Mon, 16 Jul 2012 16:46:09 +0000 (UTC)
Received: from TK5EX14MLTC101.redmond.corp.microsoft.com (131.107.125.8) by VA3EHSMHS009.bigfish.com (10.7.99.19) with Microsoft SMTP Server (TLS) id 14.1.225.23; Mon, 16 Jul 2012 16:46:06 +0000
Received: from TK5EX14MBXC285.redmond.corp.microsoft.com ([169.254.3.222]) by TK5EX14MLTC101.redmond.corp.microsoft.com ([157.54.79.178]) with mapi id 14.02.0298.005; Mon, 16 Jul 2012 16:46:02 +0000
From: Mike Jones 
To: Nat Sakimura , Hannes Tschofenig 
Thread-Topic: [OAUTH-WG] Design Team Conference Call - Monday,	16th July (1pm EST)
Thread-Index: AQHNY3Gc5Wa1sQTPT0SerT23evn1mpcsHarg
Date: Mon, 16 Jul 2012 16:46:02 +0000
Message-ID: <4E1F6AAD24975D4BA5B168042967394366733834@TK5EX14MBXC285.redmond.corp.microsoft.com>
References:  
In-Reply-To: 
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-originating-ip: [157.54.51.75]
Content-Type: multipart/alternative; boundary="_000_4E1F6AAD24975D4BA5B168042967394366733834TK5EX14MBXC285r_"
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
Cc: OAuth WG 
Subject: Re: [OAUTH-WG] Design Team Conference Call - Monday, 16th July (1pm EST)
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG 
List-Unsubscribe: , 
List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: , 
X-List-Received-Date: Mon, 16 Jul 2012 16:45:30 -0000

--_000_4E1F6AAD24975D4BA5B168042967394366733834TK5EX14MBXC285r_
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

Started, and ready for people to call in at the top of the hour...

I recommend that people join at https://www3.gotomeeting.com/join/695548174=
 a few minutes early, since there may be some download time when you start =
GotoMeeting.

                                                            -- Mike

From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On Behalf Of N=
at Sakimura
Sent: Monday, July 16, 2012 9:39 AM
To: Hannes Tschofenig
Cc: OAuth WG
Subject: Re: [OAUTH-WG] Design Team Conference Call - Monday, 16th July (1p=
m EST)

Mike, please start the bridge.
I am bound to the Cloud Identity Summit.

On Fri, Jul 13, 2012 at 4:43 AM, Hannes Tschofenig > wrote:
Hi all,

for our conference call next week Nat offered his conference bridge (since =
we had some problems with Google+).

Date: 16hh July 2012 (Monday)
Time: 1pm EDT

Agenda: We will do a status check on these documents:
*    draft-ietf-oauth-v2
*    draft-ietf-oauth-v2-bearer
*    draft-ietf-oauth-v2-threatmodel
*    draft-ietf-oauth-urn-sub-ns
*    draft-ietf-oauth-assertions

I expect this to be a short call since we are just making sure that all dra=
fts are submitted prior to the deadline.

Conference Bridge:
https://www3.gotomeeting.com/join/695548174

Participants are advised to try the link before the call because it is goin=
g to download and install the software.

Use your microphone and speakers (VoIP) - a headset is recommended. Or, cal=
l in using your telephone.

Dial +1 (773) 897-3000
Access Code: 695-548-174
Audio PIN: Shown after joining the meeting

Meeting ID: 695-548-174

Nat or Mike will be the host for the call and they will start it.

Ciao
Hannes

_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth



--
Nat Sakimura (=3Dnat)
Chairman, OpenID Foundation
http://nat.sakimura.org/
@_nat_en


--_000_4E1F6AAD24975D4BA5B168042967394366733834TK5EX14MBXC285r_
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable











Started, and ready for pe=
ople to call in at the top of the hour…


 <=
/p>

I recommend that people j=
oin at
https://www3.gotomeeting.com/join/695548174 a few minutes early, since there may be some download
 time when you start GotoMeeting.


 <=
/p>

    &=
nbsp;           &nbs=
p;            &=
nbsp;           &nbs=
p;            &=
nbsp;     -- Mike


 <=
/p>

From: oauth-bo=
unces@ietf.org [mailto:oauth-bounces@ietf.org]
On Behalf Of Nat Sakimura

Sent: Monday, July 16, 2012 9:39 AM

To: Hannes Tschofenig

Cc: OAuth WG

Subject: Re: [OAUTH-WG] Design Team Conference Call - Monday, 16th J=
uly (1pm EST)


 


Mike, please start the bridge. 




I am bound to the Cloud Identity Summit. <=
/o:p>






 




On Fri, Jul 13, 2012 at 4:43 AM, Hannes Tschofenig &=
lt;Hannes.Ts=
chofenig@gmx.net> wrote:


Hi all,



for our conference call next week Nat offered his conference bridge (since =
we had some problems with Google+).



Date: 16hh July 2012 (Monday)

Time: 1pm EDT



Agenda: We will do a status check on these documents:

*    draft-ietf-oauth-v2

*    draft-ietf-oauth-v2-bearer

*    draft-ietf-oauth-v2-threatmodel

*    draft-ietf-oauth-urn-sub-ns

*    draft-ietf-oauth-assertions



I expect this to be a short call since we are just making sure that all dra=
fts are submitted prior to the deadline.



Conference Bridge:

h=
ttps://www3.gotomeeting.com/join/695548174



Participants are advised to try the link before the call because it is goin=
g to download and install the software.



Use your microphone and speakers (VoIP) - a headset is recommended. Or, cal=
l in using your telephone.



Dial +1 (773) 897-3000<=
br>
Access Code: 695-548-174

Audio PIN: Shown after joining the meeting



Meeting ID: 695-548-174



Nat or Mike will be the host for the call and they will start it.



Ciao

Hannes



_______________________________________________

OAuth mailing list

OAuth@ietf.org

h=
ttps://www.ietf.org/mailman/listinfo/oauth













 




-- 

Nat Sakimura (=3Dnat)




Chairman, OpenID Foundation

http://nat.sakimura.=
org/

@_nat_en




 








--_000_4E1F6AAD24975D4BA5B168042967394366733834TK5EX14MBXC285r_--

From internet-drafts@ietf.org  Mon Jul 16 10:41:03 2012
Return-Path: 
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AF9F711E8263; Mon, 16 Jul 2012 10:41:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.425
X-Spam-Level: 
X-Spam-Status: No, score=-102.425 tagged_above=-999 required=5 tests=[AWL=0.174, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id b37LmluNwqv4; Mon, 16 Jul 2012 10:41:02 -0700 (PDT)
Received: from ietfa.amsl.com (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CC3B911E8255; Mon, 16 Jul 2012 10:41:02 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
From: internet-drafts@ietf.org
To: i-d-announce@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 4.30p3
Message-ID: <20120716174102.991.34719.idtracker@ietfa.amsl.com>
Date: Mon, 16 Jul 2012 10:41:02 -0700
Cc: oauth@ietf.org
Subject: [OAUTH-WG] I-D Action: draft-ietf-oauth-urn-sub-ns-06.txt
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG 
List-Unsubscribe: , 
List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: , 
X-List-Received-Date: Mon, 16 Jul 2012 17:41:04 -0000

A New Internet-Draft is available from the on-line Internet-Drafts director=
ies.
 This draft is a work item of the Web Authorization Protocol Working Group =
of the IETF.

	Title           : An IETF URN Sub-Namespace for OAuth
	Author(s)       : Brian Campbell
                          Hannes Tschofenig
	Filename        : draft-ietf-oauth-urn-sub-ns-06.txt
	Pages           : 7
	Date            : 2012-07-16

Abstract:
   This document establishes an IETF URN Sub-namespace for use with
   OAuth related specifications.


The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/doc/draft-ietf-oauth-urn-sub-ns

There's also a htmlized version available at:
http://tools.ietf.org/html/draft-ietf-oauth-urn-sub-ns-06

A diff from previous version is available at:
http://tools.ietf.org/rfcdiff?url2=3Ddraft-ietf-oauth-urn-sub-ns-06


Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/


From bcampbell@pingidentity.com  Mon Jul 16 10:45:13 2012
Return-Path: 
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 80E0911E825E for ; Mon, 16 Jul 2012 10:45:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.986
X-Spam-Level: 
X-Spam-Status: No, score=-5.986 tagged_above=-999 required=5 tests=[AWL=-0.009, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FbIrolNJhW8l for ; Mon, 16 Jul 2012 10:45:12 -0700 (PDT)
Received: from na3sys009aog117.obsmtp.com (na3sys009aog117.obsmtp.com [74.125.149.242]) by ietfa.amsl.com (Postfix) with ESMTP id 57BDE11E8158 for ; Mon, 16 Jul 2012 10:45:12 -0700 (PDT)
Received: from mail-vb0-f42.google.com ([209.85.212.42]) (using TLSv1) by na3sys009aob117.postini.com ([74.125.148.12]) with SMTP ID DSNKUARTVVd31Rrx561W3JfggFehv5H9YJfe@postini.com; Mon, 16 Jul 2012 10:45:57 PDT
Received: by vbbfs19 with SMTP id fs19so4354461vbb.29 for ; Mon, 16 Jul 2012 10:45:56 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :content-type:x-gm-message-state; bh=SO4DBquiPMftrUXC3Q2wg51TwGCXtVw+P+jP4uK4aaY=; b=kVm6BNLDHjE5g8phArgTbX2EfH1NsTV6QoXY569yRgjMD/ikMKFEiqmog9zbaxhZTC x+mIaH1SAyysNqVm8e7mV47W7Fkg6dInWT0Rh/aHugkzjoRrejbsEkHfTpFon6gzCRhI v3zJFxHqxtVGxR3/v8AfnhCTJPyIt41abjgFDbe9VaVTbUKi0vWV2U14gKMWgaTrYiZb LOrHZJfwBTvpoNoJtV/LdOfP2lP+CPc3OQqgZSUf8ejvtaAvtyuYIpQaXbDPuSznraby ydlPi037F4QecQfZ3IWT6jmSDn3EGWs7DHq7iehbH/BXUTShwxOr40DMTGtSCKy3iIoX qxZw==
Received: by 10.52.176.232 with SMTP id cl8mr4896096vdc.115.1342460756190; Mon, 16 Jul 2012 10:45:56 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.52.22.75 with HTTP; Mon, 16 Jul 2012 10:45:26 -0700 (PDT)
In-Reply-To: <20120716174102.991.34719.idtracker@ietfa.amsl.com>
References: <20120716174102.991.34719.idtracker@ietfa.amsl.com>
From: Brian Campbell 
Date: Mon, 16 Jul 2012 11:45:26 -0600
Message-ID: 
To: oauth 
Content-Type: text/plain; charset=ISO-8859-1
X-Gm-Message-State: ALoCoQmAFmTsATkQou0xIIbue5H+6QNia2WdfJZlOHgXjqBYroNcNFcahlUuGe5g9Ov5g4AhmMTv
Subject: [OAUTH-WG] Fwd:  I-D Action: draft-ietf-oauth-urn-sub-ns-06.txt
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG 
List-Unsubscribe: , 
List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: , 
X-List-Received-Date: Mon, 16 Jul 2012 17:45:13 -0000

Draft -06 of An IETF URN Sub-Namespace for OAuth has been published.
The only changes in this draft are to address editorial comments made
in the Gen-ART LC Review at
http://www.ietf.org/mail-archive/web/gen-art/current/msg07576.html -
the comment was a typo (from should be form) rather than a missing
word.

Thanks,
Brian


---------- Forwarded message ----------
From:  
Date: Mon, Jul 16, 2012 at 11:41 AM
Subject: [OAUTH-WG] I-D Action: draft-ietf-oauth-urn-sub-ns-06.txt
To: i-d-announce@ietf.org
Cc: oauth@ietf.org



A New Internet-Draft is available from the on-line Internet-Drafts directories.
 This draft is a work item of the Web Authorization Protocol Working
Group of the IETF.

        Title           : An IETF URN Sub-Namespace for OAuth
        Author(s)       : Brian Campbell
                          Hannes Tschofenig
        Filename        : draft-ietf-oauth-urn-sub-ns-06.txt
        Pages           : 7
        Date            : 2012-07-16

Abstract:
   This document establishes an IETF URN Sub-namespace for use with
   OAuth related specifications.


The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/doc/draft-ietf-oauth-urn-sub-ns

There's also a htmlized version available at:
http://tools.ietf.org/html/draft-ietf-oauth-urn-sub-ns-06

A diff from previous version is available at:
http://tools.ietf.org/rfcdiff?url2=draft-ietf-oauth-urn-sub-ns-06


Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/

_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth

From hannes.tschofenig@gmx.net  Mon Jul 16 10:45:48 2012
Return-Path: 
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DE23A11E8275 for ; Mon, 16 Jul 2012 10:45:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.628
X-Spam-Level: 
X-Spam-Status: No, score=-102.628 tagged_above=-999 required=5 tests=[AWL=-0.029, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zerUSYSPLWnG for ; Mon, 16 Jul 2012 10:45:48 -0700 (PDT)
Received: from mailout-de.gmx.net (mailout-de.gmx.net [213.165.64.23]) by ietfa.amsl.com (Postfix) with SMTP id DEA5611E8158 for ; Mon, 16 Jul 2012 10:45:46 -0700 (PDT)
Received: (qmail invoked by alias); 16 Jul 2012 17:39:32 -0000
Received: from a88-115-216-191.elisa-laajakaista.fi (EHLO [192.168.100.102]) [88.115.216.191] by mail.gmx.net (mp071) with SMTP; 16 Jul 2012 19:39:32 +0200
X-Authenticated: #29516787
X-Provags-ID: V01U2FsdGVkX1+tDtwLw7KtWohJYHKx9Vqd/xXjE5mCgF8ffClX+a SSJU6OELmJ2vbj
From: Hannes Tschofenig 
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: quoted-printable
Date: Mon, 16 Jul 2012 20:39:30 +0300
Message-Id: 
To: Stephen Farrell 
Mime-Version: 1.0 (Apple Message framework v1084)
X-Mailer: Apple Mail (2.1084)
X-Y-GMX-Trusted: 0
Cc: "oauth@ietf.org WG" 
Subject: [OAUTH-WG] draft-ietf-oauth-v2-30 and draft-ietf-oauth-v2-bearer-22
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG 
List-Unsubscribe: , 
List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: , 
X-List-Received-Date: Mon, 16 Jul 2012 17:45:49 -0000

Hi Stephen,=20

I had just gotten the confirmation from the authors of =
draft-ietf-oauth-v2-30 and draft-ietf-oauth-v2-bearer-22 that all =
remaining open issues had been closed. The evaluation record also shows =
happy IESG members.=20

Please advance the status of these two documents.=20

Ciao
Hannes


From stephen.farrell@cs.tcd.ie  Mon Jul 16 10:50:40 2012
Return-Path: 
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 314E111E827B for ; Mon, 16 Jul 2012 10:50:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.471
X-Spam-Level: 
X-Spam-Status: No, score=-102.471 tagged_above=-999 required=5 tests=[AWL=0.128, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id j4N5F1l4GGRG for ; Mon, 16 Jul 2012 10:50:39 -0700 (PDT)
Received: from scss.tcd.ie (hermes.scss.tcd.ie [IPv6:2001:770:10:200:889f:cdff:fe8d:ccd2]) by ietfa.amsl.com (Postfix) with ESMTP id 5E48411E827E for ; Mon, 16 Jul 2012 10:50:39 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by hermes.scss.tcd.ie (Postfix) with ESMTP id 2FD401714F1; Mon, 16 Jul 2012 18:51:24 +0100 (IST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.tcd.ie; h= content-transfer-encoding:content-type:in-reply-to:references :subject:mime-version:user-agent:from:date:message-id:received :received:x-virus-scanned; s=cs; t=1342461083; bh=Ou/wiNwO0ulUvV RmBJ9V+AyUjakCexv04Je1TLEMjWo=; b=1o9IzIWX82Sg6lG/HfT+97H8EgpFTe LeQYJznRPPsAhvEPgigPJNvJ8t2a0mdQGoO8HS0eUDxFe5gGLraEX+OilJw490mY 374jxDwYwcy2fWikvvvSfLHStkV88O2iZxc6oV8r1pqN9Cg+etzHYfjglwnME3Ia nS00syv/d9EaKVtciV3wOtGYrwF1IEx/s1B63RiYgqoy05rKdFEegeB6gbiybcGd YspuRbkD9VPBsIaaz9VEY1t/7Yt2PEA97ZJOXL4Q9e4AIHn5sCHH8i9V/wRAFYxc gjiS7B4FAT6fM5jGyquz4VKWQn0QZYQVj6X7b2U7EneulohP6F2Cq9Zw==
X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie
Received: from scss.tcd.ie ([127.0.0.1]) by localhost (scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10027) with ESMTP id jgdTTNZ8M-Iq; Mon, 16 Jul 2012 18:51:23 +0100 (IST)
Received: from [IPv6:2001:770:10:203:940c:8dba:53d9:2f28] (unknown [IPv6:2001:770:10:203:940c:8dba:53d9:2f28]) by smtp.scss.tcd.ie (Postfix) with ESMTPSA id CF6791714EC; Mon, 16 Jul 2012 18:51:23 +0100 (IST)
Message-ID: <5004549C.1030206@cs.tcd.ie>
Date: Mon, 16 Jul 2012 18:51:24 +0100
From: Stephen Farrell 
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:13.0) Gecko/20120615 Thunderbird/13.0.1
MIME-Version: 1.0
To: Hannes Tschofenig 
References: 
In-Reply-To: 
X-Enigmail-Version: 1.4.3
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Cc: "oauth@ietf.org WG" 
Subject: Re: [OAUTH-WG] draft-ietf-oauth-v2-30 and draft-ietf-oauth-v2-bearer-22
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG 
List-Unsubscribe: , 
List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: , 
X-List-Received-Date: Mon, 16 Jul 2012 17:50:40 -0000

Hi Hannes,

That's great thanks. And thanks all for the good work.

Since there've been a good few changes and a bit of time
has elapsed I'll give the other IESG members who previously
commented on these a few days to check if the changes are
ok, and then I can shoot 'em along.

Cheers,
S.

PS: A few days probably means a week really, since there's
a packed telechat agenda this week of about 500 wonderful
pages of I-D, so I wouldn't expect folks to have much
chance to look at this before Friday;-)

On 07/16/2012 06:39 PM, Hannes Tschofenig wrote:
> Hi Stephen, 
> 
> I had just gotten the confirmation from the authors of draft-ietf-oauth-v2-30 and draft-ietf-oauth-v2-bearer-22 that all remaining open issues had been closed. The evaluation record also shows happy IESG members. 
> 
> Please advance the status of these two documents. 
> 
> Ciao
> Hannes
> 
> 
> 


From hannes.tschofenig@gmx.net  Mon Jul 16 11:07:07 2012
Return-Path: 
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 87FD111E8272 for ; Mon, 16 Jul 2012 11:07:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.627
X-Spam-Level: 
X-Spam-Status: No, score=-102.627 tagged_above=-999 required=5 tests=[AWL=-0.028, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3XRRUIm80GVV for ; Mon, 16 Jul 2012 11:07:07 -0700 (PDT)
Received: from mailout-de.gmx.net (mailout-de.gmx.net [213.165.64.23]) by ietfa.amsl.com (Postfix) with SMTP id 9460811E8150 for ; Mon, 16 Jul 2012 11:07:06 -0700 (PDT)
Received: (qmail invoked by alias); 16 Jul 2012 18:07:12 -0000
Received: from a88-115-216-191.elisa-laajakaista.fi (EHLO [192.168.100.102]) [88.115.216.191] by mail.gmx.net (mp029) with SMTP; 16 Jul 2012 20:07:12 +0200
X-Authenticated: #29516787
X-Provags-ID: V01U2FsdGVkX18BkiUqb1gBisRKAtRT5DWLzL6CghPg/6b05KAU/E qhJ+RfxtFTppua
From: Hannes Tschofenig 
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: quoted-printable
Date: Mon, 16 Jul 2012 21:07:11 +0300
Message-Id: 
To: "oauth@ietf.org WG" 
Mime-Version: 1.0 (Apple Message framework v1084)
X-Mailer: Apple Mail (2.1084)
X-Y-GMX-Trusted: 0
Subject: [OAUTH-WG] draft-tschofenig-oauth-hotk-01
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG 
List-Unsubscribe: , 
List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: , 
X-List-Received-Date: Mon, 16 Jul 2012 18:07:07 -0000

Hi all,=20

I had just submitted an updated version of the holder-of-the-key =
document and you can find it here:=20
http://tools.ietf.org/html/draft-tschofenig-oauth-hotk-01

John, Tony, and Phil joined me as co-authors and the document now also =
describes the symmetric key case (even though I am not entirely =
convinced about it) but there was good discussion feedback on the =
mailing list about it and so it makes sense to illustrate a strawman =
solution.=20

Ciao
Hannes


From rtroll@google.com  Mon Jul 16 11:46:08 2012
Return-Path: 
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8B86511E80D3 for ; Mon, 16 Jul 2012 11:46:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.976
X-Spam-Level: 
X-Spam-Status: No, score=-102.976 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rJtfhjvEyL1r for ; Mon, 16 Jul 2012 11:46:07 -0700 (PDT)
Received: from mail-qc0-f172.google.com (mail-qc0-f172.google.com [209.85.216.172]) by ietfa.amsl.com (Postfix) with ESMTP id 5315B11E8072 for ; Mon, 16 Jul 2012 11:46:07 -0700 (PDT)
Received: by qcac10 with SMTP id c10so3935333qca.31 for ; Mon, 16 Jul 2012 11:46:52 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlers.com; s=googlers; h=mime-version:date:message-id:subject:from:to:content-type :x-system-of-record; bh=KaA9UzoHhpMYWG9afuXKY2GTruJ2AJO5HMXie7CJsho=; b=gVxX6Jo1BFUFOBtKaWndkPKBEMj51axcaY/hCOppcf13d3wepbyNN5+QvqWoDh3eF5 +3W5Kffcn7dDR/mPsuiJNatV4++25YuTiP9hkyrSWBs4BNG9i/jTUank8pS/FfAwyaTj lXglHaA2UEX5SQRWfSb+u5XkGwPK6BFuM5YhI=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:date:message-id:subject:from:to:content-type :x-system-of-record:x-gm-message-state; bh=KaA9UzoHhpMYWG9afuXKY2GTruJ2AJO5HMXie7CJsho=; b=dU/fx2AllThyFDp59feb6omBmCfc03jTs7BMxuOljej4+l/hzMpdLVfMhNqBvLsQY9 qhDd5vGReED9UjQ+SdDrw6IN/Yn40RlwD1Nb0eVTU8ODgI4bIjNqLJ9TAAjHGWzreBCR gVRmPhYKfyDItnECzQ4dYui/rCz0cfKLywVxWfw/PyZUkOZiyMfpIPQhu6XPU6nDUaPj moC99wJWGbSdwJGavRXtnU8eUuZUbbOMYXQxbssLB6w81Ye1vGQUIL/VuJEhTGrRNy1t GLMShHk4a7KrTd7S/QprI8sDVZd6z8kWfZBCJUOm8h7C5YiGB7KiHJlt5xlotW6mwSK2 mQQw==
Received: by 10.224.70.195 with SMTP id e3mr23066803qaj.86.1342464412137; Mon, 16 Jul 2012 11:46:52 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.224.70.195 with SMTP id e3mr23066771qaj.86.1342464411857; Mon, 16 Jul 2012 11:46:51 -0700 (PDT)
Received: by 10.229.201.230 with HTTP; Mon, 16 Jul 2012 11:46:51 -0700 (PDT)
Date: Mon, 16 Jul 2012 11:46:51 -0700
Message-ID: 
From: Ryan Troll 
To: oauth@ietf.org
Content-Type: multipart/alternative; boundary=bcaec51a8dee6471ac04c4f6daad
X-System-Of-Record: true
X-Gm-Message-State: ALoCoQlyojEANwCDoRnUgh/bU1oztMfsS9HT33AuLgAJm16m1YfJrx3YnJhyTmYxfb9sFor/RpG6IgAKKDlbtUmNUvLCAHMOXSlNGjg7hrwmxMumGom1LQ/ItYGQH3MZMWZaAOSiOT22nnZlqp7ITiaJ33TGV3mZ0+ejplYH6JKCv2RuYh6s8yg=
Subject: [OAUTH-WG] SASL / OAuth Binding Request: User Field
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG 
List-Unsubscribe: , 
List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: , 
X-List-Received-Date: Mon, 16 Jul 2012 18:52:18 -0000

--bcaec51a8dee6471ac04c4f6daad
Content-Type: text/plain; charset=ISO-8859-1

I'd like to discuss the possibility of adding a "user" field to the
SASL/OAuth request.  This is based on draft-ietf-kitten-sasl-oauth-00.txt.

*Background*
The contents of this field may be used by the resource provider as a hint
to aid in request routing, and/or data location, without the need
for decrypting the provided access token.  The contents of the user field
is not used to grant access of any kind.


*Proposed Addition*
The text of this addition could look something like this:

Section 3.1 addition / update:

user:  Contains the user ID of the user being authorized

In authorization schemes that use signatures, the client MUST send host,
port number and user key/values, and the server MUST fail authorization
requests requiring signatures that do not have host, port, and user values.


Section 3.2 addition:

If the user field is present, the ID in the user field must match the ID
obtained from the credential for the request to succeed.



*Rationale for Presence of User Field in the Request*
This data is not required by all resource providers, and as such could be a
provider-specific requirement, placed (for example) in the query string.
 By documenting the user field, we encourage resource providers that do
require it to find it in the same location - encouraging inter-operability.

The user identity could be determined via the access token, rather than
requiring it in the request.  However, using the access token to determine
the identity can result in the resource provider decoding the token
multiple times, or making multiple requests to the access provider.  By
pulling this attribute out into the protocol, we may be able to simplify
the resource provider work required when moving to OAuth.


*Rationale for Location of User Field*
This data could be transmitted as part of the path, or a query string
parameter, or in the post body.  This approach, using a header, was
proposed as there are currently no path, query string, or post fields
defined.  Those three locations remain untouched by this proposal.
*
*
*
*
Comments?
-R

--bcaec51a8dee6471ac04c4f6daad
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable


I'd like to discuss the possibility of adding a "user" f=
ield to the SASL/OAuth request. =A0This is based on draft-ietf-kitten-sasl-=
oauth-00.txt.

Background
The cont=
ents of this field may be used by the resource provider as a hint to aid in=
 request routing, and/or data location, without the need for=A0decrypting=
=A0the provided access token. =A0The contents of the user field is not used=
 to grant access of any kind.




Proposed Addition
The t=
ext of this addition could look something like this:

Section 3.1 addition / update:


user: =A0Contains the user ID of the user being authorized

In author=
ization schemes that use signatures, the client MUST send host, port number=
 and user key/values, and the server MUST fail authorization requests requi=
ring signatures that do not have host, port, and user values.



Section 3.2 addition:

If=
 the user field is present, the ID in the user field must match the ID obta=
ined from the credential for the request to succeed.




Rationale for Presence of User =
Field in the Request
This data is not required by all resourc=
e providers, and as such could be a provider-specific requirement, placed (=
for example) in the query string. =A0By documenting the user field, we enco=
urage resource providers that do require it to find it in the same location=
 - encouraging inter-operability.



The user identity could be determined via the access to=
ken, rather than requiring it in the request. =A0However, using the access =
token to determine the identity can result in the resource provider decodin=
g the token multiple times, or making multiple requests to the access provi=
der. =A0By pulling this attribute out into the protocol, we may be able to =
simplify the resource provider work required when moving to OAuth.




Rationale for Location of User Field<=
/i>
This data could be transmitted as part of the path, or a quer=
y string parameter, or in the post body. =A0This approach, using a header, =
was proposed as there are currently no path, query string, or post fields d=
efined. =A0Those three locations remain untouched by this proposal.




Comments?
-R




--bcaec51a8dee6471ac04c4f6daad--

From internet-drafts@ietf.org  Mon Jul 16 11:59:29 2012
Return-Path: 
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BF9E311E812E; Mon, 16 Jul 2012 11:59:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.47
X-Spam-Level: 
X-Spam-Status: No, score=-102.47 tagged_above=-999 required=5 tests=[AWL=0.129, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id v4e-NtL98qu3; Mon, 16 Jul 2012 11:59:27 -0700 (PDT)
Received: from ietfa.amsl.com (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D007011E80E5; Mon, 16 Jul 2012 11:59:26 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
From: internet-drafts@ietf.org
To: i-d-announce@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 4.30p3
Message-ID: <20120716185926.24161.69833.idtracker@ietfa.amsl.com>
Date: Mon, 16 Jul 2012 11:59:26 -0700
Cc: oauth@ietf.org
Subject: [OAUTH-WG] I-D Action: draft-ietf-oauth-use-cases-01.txt
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG 
List-Unsubscribe: , 
List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: , 
X-List-Received-Date: Mon, 16 Jul 2012 18:59:29 -0000

A New Internet-Draft is available from the on-line Internet-Drafts director=
ies.
 This draft is a work item of the Web Authorization Protocol Working Group =
of the IETF.

	Title           : OAuth Use Cases
	Author(s)       : George Fletcher
                          Torsten Lodderstedt
                          Zachary Zeltsan
	Filename        : draft-ietf-oauth-use-cases-01.txt
	Pages           : 23
	Date            : 2012-07-16

Abstract:
   This document lists the OAuth use cases.  The provided list is based
   on the Internet Drafts of the OAUTH working group and discussions on
   the group's mailing list.


The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/doc/draft-ietf-oauth-use-cases

There's also a htmlized version available at:
http://tools.ietf.org/html/draft-ietf-oauth-use-cases-01

A diff from previous version is available at:
http://tools.ietf.org/rfcdiff?url2=3Ddraft-ietf-oauth-use-cases-01


Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/


From internet-drafts@ietf.org  Mon Jul 16 16:15:50 2012
Return-Path: 
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B8DD111E80E1; Mon, 16 Jul 2012 16:15:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.523
X-Spam-Level: 
X-Spam-Status: No, score=-102.523 tagged_above=-999 required=5 tests=[AWL=0.076, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wixO0Lbw9T7i; Mon, 16 Jul 2012 16:15:50 -0700 (PDT)
Received: from ietfa.amsl.com (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D5DD111E8088; Mon, 16 Jul 2012 16:15:49 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
From: internet-drafts@ietf.org
To: i-d-announce@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 4.30p3
Message-ID: <20120716231549.9334.15784.idtracker@ietfa.amsl.com>
Date: Mon, 16 Jul 2012 16:15:49 -0700
Cc: oauth@ietf.org
Subject: [OAUTH-WG] I-D Action: draft-ietf-oauth-json-web-token-02.txt
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG 
List-Unsubscribe: , 
List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: , 
X-List-Received-Date: Mon, 16 Jul 2012 23:15:51 -0000

A New Internet-Draft is available from the on-line Internet-Drafts director=
ies.
 This draft is a work item of the Web Authorization Protocol Working Group =
of the IETF.

	Title           : JSON Web Token (JWT)
	Author(s)       : Michael B. Jones
                          John Bradley
                          Nat Sakimura
	Filename        : draft-ietf-oauth-json-web-token-02.txt
	Pages           : 24
	Date            : 2012-07-16

Abstract:
   JSON Web Token (JWT) is a means of representing claims to be
   transferred between two parties.  The claims in a JWT are encoded as
   a JavaScript Object Notation (JSON) object that is digitally signed
   or MACed using JSON Web Signature (JWS) and/or encrypted using JSON
   Web Encryption (JWE).

   The suggested pronunciation of JWT is the same as the English word
   "jot".


The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/doc/draft-ietf-oauth-json-web-token

There's also a htmlized version available at:
http://tools.ietf.org/html/draft-ietf-oauth-json-web-token-02

A diff from previous version is available at:
http://tools.ietf.org/rfcdiff?url2=3Ddraft-ietf-oauth-json-web-token-02


Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/


From phil.hunt@oracle.com  Mon Jul 16 18:28:09 2012
Return-Path: 
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BD15C21F85D3 for ; Mon, 16 Jul 2012 18:28:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.276
X-Spam-Level: 
X-Spam-Status: No, score=-10.276 tagged_above=-999 required=5 tests=[AWL=0.322, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gWbOBtS8d6dY for ; Mon, 16 Jul 2012 18:28:08 -0700 (PDT)
Received: from acsinet15.oracle.com (acsinet15.oracle.com [141.146.126.227]) by ietfa.amsl.com (Postfix) with ESMTP id 2587D21F85CD for ; Mon, 16 Jul 2012 18:28:08 -0700 (PDT)
Received: from ucsinet21.oracle.com (ucsinet21.oracle.com [156.151.31.93]) by acsinet15.oracle.com (Sentrion-MTA-4.2.2/Sentrion-MTA-4.2.2) with ESMTP id q6H1SqDt026829 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK) for ; Tue, 17 Jul 2012 01:28:53 GMT
Received: from acsmt356.oracle.com (acsmt356.oracle.com [141.146.40.156]) by ucsinet21.oracle.com (8.14.4+Sun/8.14.4) with ESMTP id q6H1SpWs023907 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Tue, 17 Jul 2012 01:28:51 GMT
Received: from abhmt106.oracle.com (abhmt106.oracle.com [141.146.116.58]) by acsmt356.oracle.com (8.12.11.20060308/8.12.11) with ESMTP id q6H1So1L000501 for ; Mon, 16 Jul 2012 20:28:51 -0500
Received: from [192.168.1.8] (/174.7.250.104) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Mon, 16 Jul 2012 18:28:50 -0700
From: Phil Hunt 
Content-Type: multipart/alternative; boundary="Apple-Mail=_C43CA75C-D5C7-46F8-9A26-1C086FCC7B78"
Date: Mon, 16 Jul 2012 18:28:49 -0700
Message-Id: <421480EA-B719-4164-88A3-96C850489B68@oracle.com>
To: "oauth@ietf.org WG" 
Mime-Version: 1.0 (Apple Message framework v1278)
X-Mailer: Apple Mail (2.1278)
X-Source-IP: ucsinet21.oracle.com [156.151.31.93]
Subject: [OAUTH-WG] High-level observations on HoK Issues
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG 
List-Unsubscribe: , 
List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: , 
X-List-Received-Date: Tue, 17 Jul 2012 01:28:09 -0000

--Apple-Mail=_C43CA75C-D5C7-46F8-9A26-1C086FCC7B78
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
	charset=us-ascii

Some observations about requirements and issues for designing an OAuth =
HoK proposal. =20

Note: I have intentionally tried to stay away from specifics like token =
types, encryption types and have only at most delved into asymmetric vs. =
symmetric keys.  I see positives in many combinations for different =
scenarios.  That said, I'm not yet sure that one proposal can meet all =
high level requirements.

I am happy to present this for discussion at the OAuth WG meeting in =
Vancouver.

Players at The Party
Most crypto cases discuss scenarios involving a sender and receiver. For =
these scenarios, there may be 3 identities in play.  Plus a 4th during =
setup.
The client application (that accesses the resource).=20
A client applicaiton may have its own client credential (backed by PKI =
key pair or other credential). Many clients may share the same =
credential so...
Sometimes we are more interested in uniquely identifying an instance of =
a client (if the client keys are not unique).
The resource server being accessed.
Delegation token (access token). An authority granted by an =
authorization server for a client to access on a users behalf
Authorization server (a server that does secure communication with the =
client for the purpose of issuing access tokens and potentially =
exchanging secrets).

Public vs. Confidential Clients
In OAuth scenarios, there are two sets of broad clients to consider: =
Public and Confidential. Here are some characterizations that occur to =
me.

Public
In many cases public clients are light weight. While they can do TLS, =
their ability to generate key pairs might be limited. Symmetric keys may =
be easier?
Public clients generate requests primarily based on user input actions. =
While latency is an issue, overall throughput is low.
A public client typically only has access tokens representing delegated =
authorizations for a single user.
Public clients are difficult to uniquely identify. In OAuth, such =
clients may only be identified by a self asserted client_id which by =
itself cannot be verified.
Confidential
Confidential clients are often web apps that can serve many users and =
other service providers directly.
Confidential clients usually have many access tokens (100s to millions) =
representing delegated authorizations for many many users.
A single confidential client may generate 1000s of requests per second =
using 1000s of different access tokens.=20
Connection pooling is an important scaling factor.
Confidential clients usually have client credential that can be well =
protected.  It may be reasonable to expect a client to have a private =
key.
Confidential clients often have unique client credentials (though not =
guaranteed).

Authentication vs. Uniqueness
Typically in HoK the drive is "authentication". I would contend that =
this isn't the case in OAuth. The "authentication" step was already =
performed in the authorization steps (or done externally). In most cases =
we simply want to verify that the client issued a token is the one using =
an access token.=20
In OAuth, client credentials are often shared by multiple client =
software instances.
Many OAuth threats are mitigated when a token or code can be bound to a =
specific "instance" of a client. =20
Binding a token to a "client" credential may not be sufficient. Even =
while a strong client authentication credential helps mitigate risk, =
binding tokens to "instances" of clients is better.

TLS vs. Open Channel
There are many cases where transport security may not be needed or not =
desired. Since a particular access token could be used for many things, =
it is not necessarily true that an access token intended for a low-risk =
service is only used at a low-risk service. =20
Bearer tokens can be sniffed over open (non-TLS) connections, this poses =
a particular risk for sniffing attacks.
For some applications the oauth token may be more valuable than the =
resource. Some applications may wish to secure only the access token.
TLS One-way provides a way for clients to authenticate the service and =
to secure and protect traffic integrity.
Two-way TLS provides bi-directional authentication but has limited use =
in practice as service providers often terminate TLS at load balancers.  =
TLS channel information may not be available to the web tier.
Their is some discussion that even with TLS, rogue proxies could be used =
as an attack vector. Therefore a secure token is still desirable.
Message vs. Channel HoK
There are three forms of HoK that can be used:
Channel HoK - In channel HoK, the client proves identity as suggested by =
Hannes HoTK draft.
A client HoK channel could be bound to the client or could be bound to a =
oauth authorize token context.
There may  trade-offs in connection pooling for using client bound vs. =
access token bound HoK.
Client bound Keys may be long-lived. Access token keys are shorter lived
Long lived keys should be asymmetric.

Message HoK - In message HoK, a proof contained within the authorization =
header token protects the credential from sniffing because it binds the =
client instance to the token.  Message HoK tokens can be used in =
non-secure channels, in TLS channels, and in Channel HoK scenarios.
An HoK message token should bind an *instance* of a client to the token. =
=20
The key establishes some sort of proof about the client being the same =
client that originally requested the access token.  It does not =
necessarily need to prove the client's identity
The keys can be ephemeral.=20
Since keys last only as long as an access token many scenarios may only =
require symmetric keys.
Asymmetric message keys add limited value if the Channel HoK is already =
asymmetric (confirm?)
I suspect that unique keys should be generated by the client and not by =
the server so the client may detect "insertion" attacks. (confirm?)
Message authentication (a signature of the request) provides message =
integrity when used over non-secure channel.
Message authentication could also be designed to prevent replay attacks.
Note: I think Hannes HoTK proposal is interesting. It actually inserts =
another dimension into these observations which I think is important for =
public clients (e.g. mobile apps).  It doesn't break down into message =
vs. channel, but rather uses access token scoped channel security to =
achieve some features of both.  Still I have concerns about performance =
for client web apps (confidential clients).

Phil

@independentid
www.independentid.com
phil.hunt@oracle.com






--Apple-Mail=_C43CA75C-D5C7-46F8-9A26-1C086FCC7B78
Content-Transfer-Encoding: quoted-printable
Content-Type: text/html;
	charset=us-ascii


Some observations about requirements and issues for designing =
an OAuth HoK proposal.  

Note: I have intentionally tried to stay away from specifics =
like token types, encryption types and have only at most delved into =
asymmetric vs. symmetric keys.  I see positives in many =
combinations for different scenarios.  That said, I'm not yet sure =
that one proposal can meet all high level requirements.

I am happy to present this for =
discussion at the OAuth WG meeting in Vancouver.

Players at The =
Party
Most crypto cases discuss scenarios =
involving a sender and receiver. For these scenarios, there may be 3 =
identities in play.  Plus a 4th during setup.
  1. The client application (that =
accesses the resource). 
    1. A client applicaiton may have =
its own client credential (backed by PKI key pair or other credential). =
Many clients may share the same credential so...
    2. Sometimes we =
are more interested in uniquely identifying an instance of a client (if =
the client keys are not unique).
  2. The resource server being =
accessed.
  3. Delegation token (access token). An authority granted =
by an authorization server for a client to access on a users =
behalf
  4. Authorization server (a server that does secure =
communication with the client for the purpose of issuing access tokens =
and potentially exchanging secrets).

Public vs. Confidential =
Clients
In OAuth scenarios, there are two sets =
of broad clients to consider: Public and Confidential. Here are some =
characterizations that occur to me.

Public
  • In many cases public =
clients are light weight. While they can do TLS, their ability to =
generate key pairs might be limited. Symmetric keys may be =
easier?
  • Public clients generate requests primarily based on user =
input actions. While latency is an issue, overall throughput is =
low.
  • A public client typically only has access tokens =
representing delegated authorizations for a single user.
  • Public =
clients are difficult to uniquely identify. In OAuth, such clients may =
only be identified by a self asserted client_id which by itself cannot =
be verified.
Confidential
  • Confidential clients are often web apps that can =
serve many users and other service providers =
directly.
  • Confidential clients usually have many access tokens =
(100s to millions) representing delegated authorizations for many many =
users.
  • A single confidential client may generate 1000s of =
requests per second using 1000s of different access =
tokens. 
  • Connection pooling is an important scaling =
factor.
  • Confidential clients usually have client credential that =
can be well protected.  It may be reasonable to expect a client to =
have a private key.
  • Confidential clients often have unique =
client credentials (though not guaranteed).

Authentication vs. =
Uniqueness
Typically in HoK the drive is =
"authentication". I would contend that this isn't the case in =
OAuth. The "authentication" step was already performed in the =
authorization steps (or done externally). In most cases we simply =
want to verify that the client issued a token is the one using an access =
token. 
  • In OAuth, client credentials =
are often shared by multiple client software instances.
  • Many =
OAuth threats are mitigated when a token or code can be bound to a =
specific "instance" of a client.  
  • Binding a token to a =
"client" credential may not be sufficient. Even while a strong =
client authentication credential helps mitigate risk, binding tokens to =
"instances" of clients is better.

TLS vs. Open Channel
There are many cases where transport security may not be =
needed or not desired. Since a particular access token could be used for =
many things, it is not necessarily true that an access token intended =
for a low-risk service is only used at a low-risk service. =
 
  • Bearer tokens can be sniffed over =
open (non-TLS) connections, this poses a particular risk for sniffing =
attacks.
  • For some applications the oauth token may be more =
valuable than the resource. Some applications may wish to secure only =
the access token.
  • TLS One-way provides a way for clients to =
authenticate the service and to secure and protect traffic =
integrity.
  • Two-way TLS provides bi-directional authentication =
but has limited use in practice as service providers often terminate TLS =
at load balancers.  TLS channel information may not be available to =
the web tier.
  • Their is some discussion that even with TLS, rogue =
proxies could be used as an attack vector. Therefore a secure token is =
still desirable.
Message vs. Channel =
HoK
There are three forms of HoK that can be =
used:
  • Channel HoK - In channel =
HoK, the client proves identity as suggested by Hannes HoTK =
draft.
    • A client HoK channel could be bound to the client or =
could be bound to a oauth authorize token context.
    • There may =
 trade-offs in connection pooling for using client bound vs. access =
token bound HoK.
    • Client bound Keys may be long-lived. Access =
token keys are shorter lived
    • Long lived keys should be =
asymmetric.

  • Message HoK - In message HoK, a =
proof contained within the authorization header token protects the =
credential from sniffing because it binds the client instance to the =
token.  Message HoK tokens can be used in non-secure channels, =
in TLS channels, and in Channel HoK scenarios.
    • An HoK =
message token should bind an *instance* of a client to the token. =
 
    • The key establishes some sort of proof about the client =
being the same client that originally requested the access token. =
 It does not necessarily need to prove the client's =
identity
    • The keys can be ephemeral. 
    • Since keys =
last only as long as an access token many scenarios may only require =
symmetric keys.
    • Asymmetric message keys add limited value if the =
Channel HoK is already asymmetric (confirm?)
    • I suspect that =
unique keys should be generated by the client and not by the server so =
the client may detect "insertion" attacks. (confirm?)
    • Message =
authentication (a signature of the request) provides message integrity =
when used over non-secure channel.
    • Message authentication could =
also be designed to prevent replay attacks.


Note: I think Hannes HoTK proposal =
is interesting. It actually inserts another dimension into these =
observations which I think is important for public clients (e.g. mobile =
apps).  It doesn't break down into message vs. channel, but rather =
uses access token scoped channel security to achieve some features of =
both.  Still I have concerns about performance for client web apps =
(confidential =
clients).

Phil

@independ=
entid
phil.hunt@oracle.com








=

--Apple-Mail=_C43CA75C-D5C7-46F8-9A26-1C086FCC7B78--

From Michael.Jones@microsoft.com  Mon Jul 16 18:47:51 2012
Return-Path: 
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 67B0621F8685 for ; Mon, 16 Jul 2012 18:47:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.787
X-Spam-Level: 
X-Spam-Status: No, score=-3.787 tagged_above=-999 required=5 tests=[AWL=-0.189, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XWx9-ggYmY2e for ; Mon, 16 Jul 2012 18:47:50 -0700 (PDT)
Received: from db3outboundpool.messaging.microsoft.com (db3ehsobe004.messaging.microsoft.com [213.199.154.142]) by ietfa.amsl.com (Postfix) with ESMTP id 2E68921F867F for ; Mon, 16 Jul 2012 18:47:49 -0700 (PDT)
Received: from mail98-db3-R.bigfish.com (10.3.81.241) by DB3EHSOBE006.bigfish.com (10.3.84.26) with Microsoft SMTP Server id 14.1.225.23; Tue, 17 Jul 2012 01:48:34 +0000
Received: from mail98-db3 (localhost [127.0.0.1])	by mail98-db3-R.bigfish.com (Postfix) with ESMTP id 4B27A480273	for ; Tue, 17 Jul 2012 01:48:34 +0000 (UTC)
X-Forefront-Antispam-Report: CIP:131.107.125.8; KIP:(null); UIP:(null); IPV:NLI; H:TK5EX14MLTC103.redmond.corp.microsoft.com; RD:none; EFVD:NLI
X-SpamScore: -19
X-BigFish: VS-19(zzc89bhc857hzz1202hzz1033IL8275eh8275bh8275dha1495iz2fh2a8h668h839hd25hf0ah107ah)
Received-SPF: pass (mail98-db3: domain of microsoft.com designates 131.107.125.8 as permitted sender) client-ip=131.107.125.8; envelope-from=Michael.Jones@microsoft.com; helo=TK5EX14MLTC103.redmond.corp.microsoft.com ; icrosoft.com ; 
Received: from mail98-db3 (localhost.localdomain [127.0.0.1]) by mail98-db3 (MessageSwitch) id 1342489711554932_5149; Tue, 17 Jul 2012 01:48:31 +0000 (UTC)
Received: from DB3EHSMHS009.bigfish.com (unknown [10.3.81.254])	by mail98-db3.bigfish.com (Postfix) with ESMTP id 81564600B0	for ; Tue, 17 Jul 2012 01:48:31 +0000 (UTC)
Received: from TK5EX14MLTC103.redmond.corp.microsoft.com (131.107.125.8) by DB3EHSMHS009.bigfish.com (10.3.87.109) with Microsoft SMTP Server (TLS) id 14.1.225.23; Tue, 17 Jul 2012 01:48:31 +0000
Received: from TK5EX14MBXC285.redmond.corp.microsoft.com ([169.254.3.222]) by TK5EX14MLTC103.redmond.corp.microsoft.com ([157.54.79.174]) with mapi id 14.02.0298.005; Tue, 17 Jul 2012 01:48:06 +0000
From: Mike Jones 
To: "oauth@ietf.org" 
Thread-Topic: Pre-IETF 84 versions of JOSE and JWT specifications
Thread-Index: Ac1jvjT7zTFgSk+wSl6bNtMEpoNWqQ==
Date: Tue, 17 Jul 2012 01:48:05 +0000
Message-ID: <4E1F6AAD24975D4BA5B1680429673943667349BA@TK5EX14MBXC285.redmond.corp.microsoft.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-originating-ip: [157.54.51.74]
Content-Type: multipart/alternative; boundary="_000_4E1F6AAD24975D4BA5B1680429673943667349BATK5EX14MBXC285r_"
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
Subject: [OAUTH-WG] Pre-IETF 84 versions of JOSE and JWT specifications
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG 
List-Unsubscribe: , 
List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: , 
X-List-Received-Date: Tue, 17 Jul 2012 01:47:51 -0000

--_000_4E1F6AAD24975D4BA5B1680429673943667349BATK5EX14MBXC285r_
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64

SeKAmXZlIG1hZGUgYSBtaW5vciByZWxlYXNlIG9mIHRoZSBKU09OIFdFQiB7U2lnbmF0dXJlLEVu
Y3J5cHRpb24sS2V5LEFsZ29yaXRobXMsVG9rZW59IChKV1MsIEpXRSwgSldLLCBKV0EsIEpXVCkg
d29ya2luZyBncm91cCBzcGVjaWZpY2F0aW9ucyBhbmQgdGhlIEpXUyBhbmQgSldFIEpTT04gU2Vy
aWFsaXphdGlvbiAoSldTLUpTLCBKV0UtSlMpIGluZGl2aWR1YWwgc3VibWlzc2lvbiBzcGVjaWZp
Y2F0aW9ucyBpbiBwcmVwYXJhdGlvbiBmb3IgSUVURiA4NCBpbiBWYW5jb3V2ZXIsIEJDPGh0dHA6
Ly93d3cuaWV0Zi5vcmcvbWVldGluZy84NC9pbmRleC5odG1sPi4gIFRoZXNlIHZlcnNpb25zIGlu
Y29ycG9yYXRlIGZlZWRiYWNrIGZyb20gd29ya2luZyBncm91cCBtZW1iZXJzIHNpbmNlIHRoZSBt
YWpvciByZWxlYXNlIG9uIEp1bHkgNnRoPGh0dHA6Ly9zZWxmLWlzc3VlZC5pbmZvLz9wPTc1OT4s
IGFuZCB1cGRhdGUgdGhlIGxpc3RzIG9mIG9wZW4gaXNzdWVzIGluIHByZXBhcmF0aW9uIGZvciBk
aXNjdXNzaW9ucyBpbiBWYW5jb3V2ZXIgKGFuZCBvbiB0aGUgd29ya2luZyBncm91cCBtYWlsaW5n
IGxpc3RzKS4NCg0KT25lIHNpZ25pZmljYW50IGFkZGl0aW9uIGlzIHRoYXQgdGhlIEpXVCBhbmQg
SldFLUpTIHNwZWNzIGJvdGggbm93IGNvbnRhaW4gY29tcGxldGUsIHRlc3RhYmxlIGV4YW1wbGVz
IHdpdGggZW5jcnlwdGVkIHJlc3VsdHMuICBObyBub3JtYXRpdmUgY2hhbmdlcyB3ZXJlIG1hZGUu
DQoNClRoZSB3b3JraW5nIGdyb3VwIHNwZWNpZmljYXRpb25zIGFyZSBhdmFpbGFibGUgYXQ6DQoN
CsK3ICAgICAgICBodHRwOi8vdG9vbHMuaWV0Zi5vcmcvaHRtbC9kcmFmdC1pZXRmLWpvc2UtanNv
bi13ZWItc2lnbmF0dXJlLTA0DQoNCsK3ICAgICAgICBodHRwOi8vdG9vbHMuaWV0Zi5vcmcvaHRt
bC9kcmFmdC1pZXRmLWpvc2UtanNvbi13ZWItZW5jcnlwdGlvbi0wNA0KDQrCtyAgICAgICAgaHR0
cDovL3Rvb2xzLmlldGYub3JnL2h0bWwvZHJhZnQtaWV0Zi1qb3NlLWpzb24td2ViLWtleS0wNA0K
DQrCtyAgICAgICAgaHR0cDovL3Rvb2xzLmlldGYub3JnL2h0bWwvZHJhZnQtaWV0Zi1qb3NlLWpz
b24td2ViLWFsZ29yaXRobXMtMDQNCg0KwrcgICAgICAgIGh0dHA6Ly90b29scy5pZXRmLm9yZy9o
dG1sL2RyYWZ0LWlldGYtb2F1dGgtanNvbi13ZWItdG9rZW4tMDINCg0KVGhlIGluZGl2aWR1YWwg
c3VibWlzc2lvbiBzcGVjaWZpY2F0aW9ucyBhcmUgYXZhaWxhYmxlIGF0Og0KDQrCtyAgICAgICAg
aHR0cDovL3Rvb2xzLmlldGYub3JnL2h0bWwvZHJhZnQtam9uZXMtam9zZS1qd3MtanNvbi1zZXJp
YWxpemF0aW9uLTAxDQoNCsK3ICAgICAgICBodHRwOi8vdG9vbHMuaWV0Zi5vcmcvaHRtbC9kcmFm
dC1qb25lcy1qb3NlLWp3ZS1qc29uLXNlcmlhbGl6YXRpb24tMDENCg0KVGhlIGRvY3VtZW50IGhp
c3RvcnkgZW50cmllcyAoYWxzbyBpbiB0aGUgc3BlY2lmaWNhdGlvbnMpIGFyZSBhcyBmb2xsb3dz
Og0KDQpodHRwOi8vdG9vbHMuaWV0Zi5vcmcvaHRtbC9kcmFmdC1pZXRmLWpvc2UtanNvbi13ZWIt
c2lnbmF0dXJlLTA0DQoNCiAgKiAgIENvbXBsZXRlZCBKU09OIFNlY3VyaXR5IENvbnNpZGVyYXRp
b25zIHNlY3Rpb24sIGluY2x1ZGluZyBjb25zaWRlcmF0aW9ucyBhYm91dCByZWplY3RpbmcgaW5w
dXQgd2l0aCBkdXBsaWNhdGUgbWVtYmVyIG5hbWVzLg0KICAqICAgQ29tcGxldGVkIHNlY3VyaXR5
IGNvbnNpZGVyYXRpb25zIG9uIHRoZSB1c2Ugb2YgYSBTSEEtMSBoYXNoIHdoZW4gY29tcHV0aW5n
IHg1dCAoeC41MDkgY2VydGlmaWNhdGUgdGh1bWJwcmludCkgdmFsdWVzLg0KICAqICAgUmVmZXIg
dG8gdGhlIHJlZ2lzdHJpZXMgYXMgdGhlIHByaW1hcnkgc291cmNlcyBvZiBkZWZpbmVkIHZhbHVl
cyBhbmQgdGhlbiBzZWNvbmRhcmlseSByZWZlcmVuY2UgdGhlIHNlY3Rpb25zIGRlZmluaW5nIHRo
ZSBpbml0aWFsIGNvbnRlbnRzIG9mIHRoZSByZWdpc3RyaWVzLg0KICAqICAgTm9ybWF0aXZlbHkg
cmVmZXJlbmNlIFhNTCBEU0lHIDIuMCBbVzNDLkNS4oCReG1sZHNpZ+KAkWNvcmUy4oCRMjAxMjAx
MjRdIGZvciBpdHMgc2VjdXJpdHkgY29uc2lkZXJhdGlvbnMuDQogICogICBBZGRlZCB0aGlzIGxh
bmd1YWdlIHRvIFJlZ2lzdHJhdGlvbiBUZW1wbGF0ZXM6ICJUaGlzIG5hbWUgaXMgY2FzZSBzZW5z
aXRpdmUuIE5hbWVzIHRoYXQgbWF0Y2ggb3RoZXIgcmVnaXN0ZXJlZCBuYW1lcyBpbiBhIGNhc2Ug
aW5zZW5zaXRpdmUgbWFubmVyIFNIT1VMRCBOT1QgYmUgYWNjZXB0ZWQuIg0KICAqICAgUmVmZXJl
bmNlIGRyYWZ0LWpvbmVzLWpvc2UtandzLWpzb24tc2VyaWFsaXphdGlvbiBpbnN0ZWFkIG9mIGRy
YWZ0LWpvbmVzLWpzb24td2ViLXNpZ25hdHVyZS1qc29uLXNlcmlhbGl6YXRpb24uDQogICogICBE
ZXNjcmliZWQgYWRkaXRpb25hbCBvcGVuIGlzc3Vlcy4NCiAgKiAgIEFwcGxpZWQgZWRpdG9yaWFs
IHN1Z2dlc3Rpb25zLg0KDQpodHRwOi8vdG9vbHMuaWV0Zi5vcmcvaHRtbC9kcmFmdC1pZXRmLWpv
c2UtanNvbi13ZWItZW5jcnlwdGlvbi0wNA0KDQogICogICBSZWZlciB0byB0aGUgcmVnaXN0cmll
cyBhcyB0aGUgcHJpbWFyeSBzb3VyY2VzIG9mIGRlZmluZWQgdmFsdWVzIGFuZCB0aGVuIHNlY29u
ZGFyaWx5IHJlZmVyZW5jZSB0aGUgc2VjdGlvbnMgZGVmaW5pbmcgdGhlIGluaXRpYWwgY29udGVu
dHMgb2YgdGhlIHJlZ2lzdHJpZXMuDQogICogICBOb3JtYXRpdmVseSByZWZlcmVuY2UgWE1MIEVu
Y3J5cHRpb24gMS4xIFtXM0MuQ1LigJF4bWxlbmPigJFjb3JlMeKAkTIwMTIwMzEzXSBmb3IgaXRz
IHNlY3VyaXR5IGNvbnNpZGVyYXRpb25zLg0KICAqICAgUmVmZXJlbmNlIGRyYWZ0LWpvbmVzLWpv
c2UtandlLWpzb24tc2VyaWFsaXphdGlvbiBpbnN0ZWFkIG9mIGRyYWZ0LWpvbmVzLWpzb24td2Vi
LWVuY3J5cHRpb24tanNvbi1zZXJpYWxpemF0aW9uLg0KICAqICAgRGVzY3JpYmVkIGFkZGl0aW9u
YWwgb3BlbiBpc3N1ZXMuDQogICogICBBcHBsaWVkIGVkaXRvcmlhbCBzdWdnZXN0aW9ucy4NCg0K
aHR0cDovL3Rvb2xzLmlldGYub3JnL2h0bWwvZHJhZnQtaWV0Zi1qb3NlLWpzb24td2ViLWtleS0w
NA0KDQogICogICBSZWZlciB0byB0aGUgcmVnaXN0cmllcyBhcyB0aGUgcHJpbWFyeSBzb3VyY2Vz
IG9mIGRlZmluZWQgdmFsdWVzIGFuZCB0aGVuIHNlY29uZGFyaWx5IHJlZmVyZW5jZSB0aGUgc2Vj
dGlvbnMgZGVmaW5pbmcgdGhlIGluaXRpYWwgY29udGVudHMgb2YgdGhlIHJlZ2lzdHJpZXMuDQog
ICogICBOb3JtYXRpdmVseSByZWZlcmVuY2UgWE1MIERTSUcgMi4wIFtXM0MuQ1LigJF4bWxkc2ln
4oCRY29yZTLigJEyMDEyMDEyNF0gZm9yIGl0cyBzZWN1cml0eSBjb25zaWRlcmF0aW9ucy4NCiAg
KiAgIEFkZGVkIHRoaXMgbGFuZ3VhZ2UgdG8gUmVnaXN0cmF0aW9uIFRlbXBsYXRlczogIlRoaXMg
bmFtZSBpcyBjYXNlIHNlbnNpdGl2ZS4gTmFtZXMgdGhhdCBtYXRjaCBvdGhlciByZWdpc3RlcmVk
IG5hbWVzIGluIGEgY2FzZSBpbnNlbnNpdGl2ZSBtYW5uZXIgU0hPVUxEIE5PVCBiZSBhY2NlcHRl
ZC4iDQogICogICBEZXNjcmliZWQgYWRkaXRpb25hbCBvcGVuIGlzc3Vlcy4NCiAgKiAgIEFwcGxp
ZWQgZWRpdG9yaWFsIHN1Z2dlc3Rpb25zLg0KDQpodHRwOi8vdG9vbHMuaWV0Zi5vcmcvaHRtbC9k
cmFmdC1pZXRmLWpvc2UtanNvbi13ZWItYWxnb3JpdGhtcy0wNA0KDQogICogICBBZGRlZCB0ZXh0
IHJlcXVpcmluZyB0aGF0IGFueSBsZWFkaW5nIHplcm8gYnl0ZXMgYmUgcmV0YWluZWQgaW4gYmFz
ZTY0dXJsIGVuY29kZWQga2V5IHZhbHVlIHJlcHJlc2VudGF0aW9ucyBmb3IgZml4ZWQtbGVuZ3Ro
IHZhbHVlcy4NCiAgKiAgIEFkZGVkIHRoaXMgbGFuZ3VhZ2UgdG8gUmVnaXN0cmF0aW9uIFRlbXBs
YXRlczogIlRoaXMgbmFtZSBpcyBjYXNlIHNlbnNpdGl2ZS4gTmFtZXMgdGhhdCBtYXRjaCBvdGhl
ciByZWdpc3RlcmVkIG5hbWVzIGluIGEgY2FzZSBpbnNlbnNpdGl2ZSBtYW5uZXIgU0hPVUxEIE5P
VCBiZSBhY2NlcHRlZC4iDQogICogICBEZXNjcmliZWQgYWRkaXRpb25hbCBvcGVuIGlzc3Vlcy4N
CiAgKiAgIEFwcGxpZWQgZWRpdG9yaWFsIHN1Z2dlc3Rpb25zLg0KDQpodHRwOi8vdG9vbHMuaWV0
Zi5vcmcvaHRtbC9kcmFmdC1pZXRmLW9hdXRoLWpzb24td2ViLXRva2VuLTAyDQoNCiAgKiAgIEFk
ZGVkIGFuIGV4YW1wbGUgb2YgYW4gZW5jcnlwdGVkIEpXVC4NCiAgKiAgIEFkZGVkIHRoaXMgbGFu
Z3VhZ2UgdG8gUmVnaXN0cmF0aW9uIFRlbXBsYXRlczogIlRoaXMgbmFtZSBpcyBjYXNlIHNlbnNp
dGl2ZS4gTmFtZXMgdGhhdCBtYXRjaCBvdGhlciByZWdpc3RlcmVkIG5hbWVzIGluIGEgY2FzZSBp
bnNlbnNpdGl2ZSBtYW5uZXIgU0hPVUxEIE5PVCBiZSBhY2NlcHRlZC4iDQogICogICBBcHBsaWVk
IGVkaXRvcmlhbCBzdWdnZXN0aW9ucy4NCg0KaHR0cDovL3Rvb2xzLmlldGYub3JnL2h0bWwvZHJh
ZnQtam9uZXMtam9zZS1qd3MtanNvbi1zZXJpYWxpemF0aW9uLTAxDQoNCiAgKiAgIEdlbmVyYWxp
emVkIGxhbmd1YWdlIHRvIHJlZmVyIHRvIE1lc3NhZ2UgQXV0aGVudGljYXRpb24gQ29kZXMgKE1B
Q3MpIHJhdGhlciB0aGFuIEhhc2gtYmFzZWQgTWVzc2FnZSBBdXRoZW50aWNhdGlvbiBDb2RlcyAo
SE1BQ3MpLg0KDQpodHRwOi8vdG9vbHMuaWV0Zi5vcmcvaHRtbC9kcmFmdC1qb25lcy1qb3NlLWp3
ZS1qc29uLXNlcmlhbGl6YXRpb24tMDENCg0KICAqICAgQWRkZWQgYSBjb21wbGV0ZSBKV0UtSlMg
ZXhhbXBsZS4NCiAgKiAgIEdlbmVyYWxpemVkIGxhbmd1YWdlIHRvIHJlZmVyIHRvIE1lc3NhZ2Ug
QXV0aGVudGljYXRpb24gQ29kZXMgKE1BQ3MpIHJhdGhlciB0aGFuIEhhc2gtYmFzZWQgTWVzc2Fn
ZSBBdXRoZW50aWNhdGlvbiBDb2RlcyAoSE1BQ3MpLg0KDQogICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtLSBNaWtlDQoNCg0K

--_000_4E1F6AAD24975D4BA5B1680429673943667349BATK5EX14MBXC285r_
Content-Type: text/html; charset="utf-8"
Content-Transfer-Encoding: base64

PGh0bWwgeG1sbnM6dj0idXJuOnNjaGVtYXMtbWljcm9zb2Z0LWNvbTp2bWwiIHhtbG5zOm89InVy
bjpzY2hlbWFzLW1pY3Jvc29mdC1jb206b2ZmaWNlOm9mZmljZSIgeG1sbnM6dz0idXJuOnNjaGVt
YXMtbWljcm9zb2Z0LWNvbTpvZmZpY2U6d29yZCIgeG1sbnM6bT0iaHR0cDovL3NjaGVtYXMubWlj
cm9zb2Z0LmNvbS9vZmZpY2UvMjAwNC8xMi9vbW1sIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv
VFIvUkVDLWh0bWw0MCI+DQo8aGVhZD4NCjxtZXRhIGh0dHAtZXF1aXY9IkNvbnRlbnQtVHlwZSIg
Y29udGVudD0idGV4dC9odG1sOyBjaGFyc2V0PXV0Zi04Ij4NCjxtZXRhIG5hbWU9IkdlbmVyYXRv
ciIgY29udGVudD0iTWljcm9zb2Z0IFdvcmQgMTQgKGZpbHRlcmVkIG1lZGl1bSkiPg0KPHN0eWxl
PjwhLS0NCi8qIEZvbnQgRGVmaW5pdGlvbnMgKi8NCkBmb250LWZhY2UNCgl7Zm9udC1mYW1pbHk6
V2luZ2RpbmdzOw0KCXBhbm9zZS0xOjUgMCAwIDAgMCAwIDAgMCAwIDA7fQ0KQGZvbnQtZmFjZQ0K
CXtmb250LWZhbWlseTpXaW5nZGluZ3M7DQoJcGFub3NlLTE6NSAwIDAgMCAwIDAgMCAwIDAgMDt9
DQpAZm9udC1mYWNlDQoJe2ZvbnQtZmFtaWx5OkNhbGlicmk7DQoJcGFub3NlLTE6MiAxNSA1IDIg
MiAyIDQgMyAyIDQ7fQ0KQGZvbnQtZmFjZQ0KCXtmb250LWZhbWlseTpWZXJkYW5hOw0KCXBhbm9z
ZS0xOjIgMTEgNiA0IDMgNSA0IDQgMiA0O30NCi8qIFN0eWxlIERlZmluaXRpb25zICovDQpwLk1z
b05vcm1hbCwgbGkuTXNvTm9ybWFsLCBkaXYuTXNvTm9ybWFsDQoJe21hcmdpbjowaW47DQoJbWFy
Z2luLWJvdHRvbTouMDAwMXB0Ow0KCWZvbnQtc2l6ZToxMS4wcHQ7DQoJZm9udC1mYW1pbHk6IkNh
bGlicmkiLCJzYW5zLXNlcmlmIjt9DQphOmxpbmssIHNwYW4uTXNvSHlwZXJsaW5rDQoJe21zby1z
dHlsZS1wcmlvcml0eTo5OTsNCgljb2xvcjpibHVlOw0KCXRleHQtZGVjb3JhdGlvbjp1bmRlcmxp
bmU7fQ0KYTp2aXNpdGVkLCBzcGFuLk1zb0h5cGVybGlua0ZvbGxvd2VkDQoJe21zby1zdHlsZS1w
cmlvcml0eTo5OTsNCgljb2xvcjpwdXJwbGU7DQoJdGV4dC1kZWNvcmF0aW9uOnVuZGVybGluZTt9
DQp0dA0KCXttc28tc3R5bGUtcHJpb3JpdHk6OTk7DQoJZm9udC1mYW1pbHk6IkNvdXJpZXIgTmV3
IjsNCgljb2xvcjojMDAzMzY2O30NCnAuTXNvTGlzdFBhcmFncmFwaCwgbGkuTXNvTGlzdFBhcmFn
cmFwaCwgZGl2Lk1zb0xpc3RQYXJhZ3JhcGgNCgl7bXNvLXN0eWxlLXByaW9yaXR5OjM0Ow0KCW1h
cmdpbi10b3A6MGluOw0KCW1hcmdpbi1yaWdodDowaW47DQoJbWFyZ2luLWJvdHRvbTowaW47DQoJ
bWFyZ2luLWxlZnQ6LjVpbjsNCgltYXJnaW4tYm90dG9tOi4wMDAxcHQ7DQoJZm9udC1zaXplOjEx
LjBwdDsNCglmb250LWZhbWlseToiQ2FsaWJyaSIsInNhbnMtc2VyaWYiO30NCnNwYW4uRW1haWxT
dHlsZTE3DQoJe21zby1zdHlsZS10eXBlOnBlcnNvbmFsLWNvbXBvc2U7DQoJZm9udC1mYW1pbHk6
IkNhbGlicmkiLCJzYW5zLXNlcmlmIjsNCgljb2xvcjp3aW5kb3d0ZXh0O30NCi5Nc29DaHBEZWZh
dWx0DQoJe21zby1zdHlsZS10eXBlOmV4cG9ydC1vbmx5Ow0KCWZvbnQtc2l6ZToxMC4wcHQ7DQoJ
Zm9udC1mYW1pbHk6IkNhbGlicmkiLCJzYW5zLXNlcmlmIjt9DQpAcGFnZSBXb3JkU2VjdGlvbjEN
Cgl7c2l6ZTo4LjVpbiAxMS4waW47DQoJbWFyZ2luOjEuMGluIDEuMGluIDEuMGluIDEuMGluO30N
CmRpdi5Xb3JkU2VjdGlvbjENCgl7cGFnZTpXb3JkU2VjdGlvbjE7fQ0KLyogTGlzdCBEZWZpbml0
aW9ucyAqLw0KQGxpc3QgbDANCgl7bXNvLWxpc3QtaWQ6MzI5MjYyMTk0Ow0KCW1zby1saXN0LXRl
bXBsYXRlLWlkczotNzg0MjcwOTM4O30NCkBsaXN0IGwwOmxldmVsMQ0KCXttc28tbGV2ZWwtbnVt
YmVyLWZvcm1hdDpidWxsZXQ7DQoJbXNvLWxldmVsLXRleHQ674K3Ow0KCW1zby1sZXZlbC10YWIt
c3RvcDouNWluOw0KCW1zby1sZXZlbC1udW1iZXItcG9zaXRpb246bGVmdDsNCgl0ZXh0LWluZGVu
dDotLjI1aW47DQoJbXNvLWFuc2ktZm9udC1zaXplOjEwLjBwdDsNCglmb250LWZhbWlseTpTeW1i
b2w7fQ0KQGxpc3QgbDA6bGV2ZWwyDQoJe21zby1sZXZlbC1udW1iZXItZm9ybWF0OmJ1bGxldDsN
Cgltc28tbGV2ZWwtdGV4dDpvOw0KCW1zby1sZXZlbC10YWItc3RvcDoxLjBpbjsNCgltc28tbGV2
ZWwtbnVtYmVyLXBvc2l0aW9uOmxlZnQ7DQoJdGV4dC1pbmRlbnQ6LS4yNWluOw0KCW1zby1hbnNp
LWZvbnQtc2l6ZToxMC4wcHQ7DQoJZm9udC1mYW1pbHk6IkNvdXJpZXIgTmV3IjsNCgltc28tYmlk
aS1mb250LWZhbWlseToiVGltZXMgTmV3IFJvbWFuIjt9DQpAbGlzdCBsMDpsZXZlbDMNCgl7bXNv
LWxldmVsLW51bWJlci1mb3JtYXQ6YnVsbGV0Ow0KCW1zby1sZXZlbC10ZXh0Ou+CpzsNCgltc28t
bGV2ZWwtdGFiLXN0b3A6MS41aW47DQoJbXNvLWxldmVsLW51bWJlci1wb3NpdGlvbjpsZWZ0Ow0K
CXRleHQtaW5kZW50Oi0uMjVpbjsNCgltc28tYW5zaS1mb250LXNpemU6MTAuMHB0Ow0KCWZvbnQt
ZmFtaWx5OldpbmdkaW5nczt9DQpAbGlzdCBsMDpsZXZlbDQNCgl7bXNvLWxldmVsLW51bWJlci1m
b3JtYXQ6YnVsbGV0Ow0KCW1zby1sZXZlbC10ZXh0Ou+CpzsNCgltc28tbGV2ZWwtdGFiLXN0b3A6
Mi4waW47DQoJbXNvLWxldmVsLW51bWJlci1wb3NpdGlvbjpsZWZ0Ow0KCXRleHQtaW5kZW50Oi0u
MjVpbjsNCgltc28tYW5zaS1mb250LXNpemU6MTAuMHB0Ow0KCWZvbnQtZmFtaWx5OldpbmdkaW5n
czt9DQpAbGlzdCBsMDpsZXZlbDUNCgl7bXNvLWxldmVsLW51bWJlci1mb3JtYXQ6YnVsbGV0Ow0K
CW1zby1sZXZlbC10ZXh0Ou+CpzsNCgltc28tbGV2ZWwtdGFiLXN0b3A6Mi41aW47DQoJbXNvLWxl
dmVsLW51bWJlci1wb3NpdGlvbjpsZWZ0Ow0KCXRleHQtaW5kZW50Oi0uMjVpbjsNCgltc28tYW5z
aS1mb250LXNpemU6MTAuMHB0Ow0KCWZvbnQtZmFtaWx5OldpbmdkaW5nczt9DQpAbGlzdCBsMDps
ZXZlbDYNCgl7bXNvLWxldmVsLW51bWJlci1mb3JtYXQ6YnVsbGV0Ow0KCW1zby1sZXZlbC10ZXh0
Ou+CpzsNCgltc28tbGV2ZWwtdGFiLXN0b3A6My4waW47DQoJbXNvLWxldmVsLW51bWJlci1wb3Np
dGlvbjpsZWZ0Ow0KCXRleHQtaW5kZW50Oi0uMjVpbjsNCgltc28tYW5zaS1mb250LXNpemU6MTAu
MHB0Ow0KCWZvbnQtZmFtaWx5OldpbmdkaW5nczt9DQpAbGlzdCBsMDpsZXZlbDcNCgl7bXNvLWxl
dmVsLW51bWJlci1mb3JtYXQ6YnVsbGV0Ow0KCW1zby1sZXZlbC10ZXh0Ou+CpzsNCgltc28tbGV2
ZWwtdGFiLXN0b3A6My41aW47DQoJbXNvLWxldmVsLW51bWJlci1wb3NpdGlvbjpsZWZ0Ow0KCXRl
eHQtaW5kZW50Oi0uMjVpbjsNCgltc28tYW5zaS1mb250LXNpemU6MTAuMHB0Ow0KCWZvbnQtZmFt
aWx5OldpbmdkaW5nczt9DQpAbGlzdCBsMDpsZXZlbDgNCgl7bXNvLWxldmVsLW51bWJlci1mb3Jt
YXQ6YnVsbGV0Ow0KCW1zby1sZXZlbC10ZXh0Ou+CpzsNCgltc28tbGV2ZWwtdGFiLXN0b3A6NC4w
aW47DQoJbXNvLWxldmVsLW51bWJlci1wb3NpdGlvbjpsZWZ0Ow0KCXRleHQtaW5kZW50Oi0uMjVp
bjsNCgltc28tYW5zaS1mb250LXNpemU6MTAuMHB0Ow0KCWZvbnQtZmFtaWx5OldpbmdkaW5nczt9
DQpAbGlzdCBsMDpsZXZlbDkNCgl7bXNvLWxldmVsLW51bWJlci1mb3JtYXQ6YnVsbGV0Ow0KCW1z
by1sZXZlbC10ZXh0Ou+CpzsNCgltc28tbGV2ZWwtdGFiLXN0b3A6NC41aW47DQoJbXNvLWxldmVs
LW51bWJlci1wb3NpdGlvbjpsZWZ0Ow0KCXRleHQtaW5kZW50Oi0uMjVpbjsNCgltc28tYW5zaS1m
b250LXNpemU6MTAuMHB0Ow0KCWZvbnQtZmFtaWx5OldpbmdkaW5nczt9DQpAbGlzdCBsMQ0KCXtt
c28tbGlzdC1pZDo4ODI5ODc0Njc7DQoJbXNvLWxpc3QtdHlwZTpoeWJyaWQ7DQoJbXNvLWxpc3Qt
dGVtcGxhdGUtaWRzOjc2ODM1NzA2MCA2NzY5ODY4OSA2NzY5ODY5MSA2NzY5ODY5MyA2NzY5ODY4
OSA2NzY5ODY5MSA2NzY5ODY5MyA2NzY5ODY4OSA2NzY5ODY5MSA2NzY5ODY5Mzt9DQpAbGlzdCBs
MTpsZXZlbDENCgl7bXNvLWxldmVsLW51bWJlci1mb3JtYXQ6YnVsbGV0Ow0KCW1zby1sZXZlbC10
ZXh0Ou+CtzsNCgltc28tbGV2ZWwtdGFiLXN0b3A6bm9uZTsNCgltc28tbGV2ZWwtbnVtYmVyLXBv
c2l0aW9uOmxlZnQ7DQoJdGV4dC1pbmRlbnQ6LS4yNWluOw0KCWZvbnQtZmFtaWx5OlN5bWJvbDt9
DQpAbGlzdCBsMTpsZXZlbDINCgl7bXNvLWxldmVsLW51bWJlci1mb3JtYXQ6YnVsbGV0Ow0KCW1z
by1sZXZlbC10ZXh0Om87DQoJbXNvLWxldmVsLXRhYi1zdG9wOm5vbmU7DQoJbXNvLWxldmVsLW51
bWJlci1wb3NpdGlvbjpsZWZ0Ow0KCXRleHQtaW5kZW50Oi0uMjVpbjsNCglmb250LWZhbWlseToi
Q291cmllciBOZXciO30NCkBsaXN0IGwxOmxldmVsMw0KCXttc28tbGV2ZWwtbnVtYmVyLWZvcm1h
dDpidWxsZXQ7DQoJbXNvLWxldmVsLXRleHQ674KnOw0KCW1zby1sZXZlbC10YWItc3RvcDpub25l
Ow0KCW1zby1sZXZlbC1udW1iZXItcG9zaXRpb246bGVmdDsNCgl0ZXh0LWluZGVudDotLjI1aW47
DQoJZm9udC1mYW1pbHk6V2luZ2RpbmdzO30NCkBsaXN0IGwxOmxldmVsNA0KCXttc28tbGV2ZWwt
bnVtYmVyLWZvcm1hdDpidWxsZXQ7DQoJbXNvLWxldmVsLXRleHQ674K3Ow0KCW1zby1sZXZlbC10
YWItc3RvcDpub25lOw0KCW1zby1sZXZlbC1udW1iZXItcG9zaXRpb246bGVmdDsNCgl0ZXh0LWlu
ZGVudDotLjI1aW47DQoJZm9udC1mYW1pbHk6U3ltYm9sO30NCkBsaXN0IGwxOmxldmVsNQ0KCXtt
c28tbGV2ZWwtbnVtYmVyLWZvcm1hdDpidWxsZXQ7DQoJbXNvLWxldmVsLXRleHQ6bzsNCgltc28t
bGV2ZWwtdGFiLXN0b3A6bm9uZTsNCgltc28tbGV2ZWwtbnVtYmVyLXBvc2l0aW9uOmxlZnQ7DQoJ
dGV4dC1pbmRlbnQ6LS4yNWluOw0KCWZvbnQtZmFtaWx5OiJDb3VyaWVyIE5ldyI7fQ0KQGxpc3Qg
bDE6bGV2ZWw2DQoJe21zby1sZXZlbC1udW1iZXItZm9ybWF0OmJ1bGxldDsNCgltc28tbGV2ZWwt
dGV4dDrvgqc7DQoJbXNvLWxldmVsLXRhYi1zdG9wOm5vbmU7DQoJbXNvLWxldmVsLW51bWJlci1w
b3NpdGlvbjpsZWZ0Ow0KCXRleHQtaW5kZW50Oi0uMjVpbjsNCglmb250LWZhbWlseTpXaW5nZGlu
Z3M7fQ0KQGxpc3QgbDE6bGV2ZWw3DQoJe21zby1sZXZlbC1udW1iZXItZm9ybWF0OmJ1bGxldDsN
Cgltc28tbGV2ZWwtdGV4dDrvgrc7DQoJbXNvLWxldmVsLXRhYi1zdG9wOm5vbmU7DQoJbXNvLWxl
dmVsLW51bWJlci1wb3NpdGlvbjpsZWZ0Ow0KCXRleHQtaW5kZW50Oi0uMjVpbjsNCglmb250LWZh
bWlseTpTeW1ib2w7fQ0KQGxpc3QgbDE6bGV2ZWw4DQoJe21zby1sZXZlbC1udW1iZXItZm9ybWF0
OmJ1bGxldDsNCgltc28tbGV2ZWwtdGV4dDpvOw0KCW1zby1sZXZlbC10YWItc3RvcDpub25lOw0K
CW1zby1sZXZlbC1udW1iZXItcG9zaXRpb246bGVmdDsNCgl0ZXh0LWluZGVudDotLjI1aW47DQoJ
Zm9udC1mYW1pbHk6IkNvdXJpZXIgTmV3Ijt9DQpAbGlzdCBsMTpsZXZlbDkNCgl7bXNvLWxldmVs
LW51bWJlci1mb3JtYXQ6YnVsbGV0Ow0KCW1zby1sZXZlbC10ZXh0Ou+CpzsNCgltc28tbGV2ZWwt
dGFiLXN0b3A6bm9uZTsNCgltc28tbGV2ZWwtbnVtYmVyLXBvc2l0aW9uOmxlZnQ7DQoJdGV4dC1p
bmRlbnQ6LS4yNWluOw0KCWZvbnQtZmFtaWx5OldpbmdkaW5nczt9DQpAbGlzdCBsMg0KCXttc28t
bGlzdC1pZDo5NDA4MzYzMDk7DQoJbXNvLWxpc3QtdGVtcGxhdGUtaWRzOi04NzE0MDY4Njt9DQpA
bGlzdCBsMjpsZXZlbDENCgl7bXNvLWxldmVsLW51bWJlci1mb3JtYXQ6YnVsbGV0Ow0KCW1zby1s
ZXZlbC10ZXh0Ou+CtzsNCgltc28tbGV2ZWwtdGFiLXN0b3A6LjVpbjsNCgltc28tbGV2ZWwtbnVt
YmVyLXBvc2l0aW9uOmxlZnQ7DQoJdGV4dC1pbmRlbnQ6LS4yNWluOw0KCW1zby1hbnNpLWZvbnQt
c2l6ZToxMC4wcHQ7DQoJZm9udC1mYW1pbHk6U3ltYm9sO30NCkBsaXN0IGwyOmxldmVsMg0KCXtt
c28tbGV2ZWwtbnVtYmVyLWZvcm1hdDpidWxsZXQ7DQoJbXNvLWxldmVsLXRleHQ6bzsNCgltc28t
bGV2ZWwtdGFiLXN0b3A6MS4waW47DQoJbXNvLWxldmVsLW51bWJlci1wb3NpdGlvbjpsZWZ0Ow0K
CXRleHQtaW5kZW50Oi0uMjVpbjsNCgltc28tYW5zaS1mb250LXNpemU6MTAuMHB0Ow0KCWZvbnQt
ZmFtaWx5OiJDb3VyaWVyIE5ldyI7DQoJbXNvLWJpZGktZm9udC1mYW1pbHk6IlRpbWVzIE5ldyBS
b21hbiI7fQ0KQGxpc3QgbDI6bGV2ZWwzDQoJe21zby1sZXZlbC1udW1iZXItZm9ybWF0OmJ1bGxl
dDsNCgltc28tbGV2ZWwtdGV4dDrvgqc7DQoJbXNvLWxldmVsLXRhYi1zdG9wOjEuNWluOw0KCW1z
by1sZXZlbC1udW1iZXItcG9zaXRpb246bGVmdDsNCgl0ZXh0LWluZGVudDotLjI1aW47DQoJbXNv
LWFuc2ktZm9udC1zaXplOjEwLjBwdDsNCglmb250LWZhbWlseTpXaW5nZGluZ3M7fQ0KQGxpc3Qg
bDI6bGV2ZWw0DQoJe21zby1sZXZlbC1udW1iZXItZm9ybWF0OmJ1bGxldDsNCgltc28tbGV2ZWwt
dGV4dDrvgqc7DQoJbXNvLWxldmVsLXRhYi1zdG9wOjIuMGluOw0KCW1zby1sZXZlbC1udW1iZXIt
cG9zaXRpb246bGVmdDsNCgl0ZXh0LWluZGVudDotLjI1aW47DQoJbXNvLWFuc2ktZm9udC1zaXpl
OjEwLjBwdDsNCglmb250LWZhbWlseTpXaW5nZGluZ3M7fQ0KQGxpc3QgbDI6bGV2ZWw1DQoJe21z
by1sZXZlbC1udW1iZXItZm9ybWF0OmJ1bGxldDsNCgltc28tbGV2ZWwtdGV4dDrvgqc7DQoJbXNv
LWxldmVsLXRhYi1zdG9wOjIuNWluOw0KCW1zby1sZXZlbC1udW1iZXItcG9zaXRpb246bGVmdDsN
Cgl0ZXh0LWluZGVudDotLjI1aW47DQoJbXNvLWFuc2ktZm9udC1zaXplOjEwLjBwdDsNCglmb250
LWZhbWlseTpXaW5nZGluZ3M7fQ0KQGxpc3QgbDI6bGV2ZWw2DQoJe21zby1sZXZlbC1udW1iZXIt
Zm9ybWF0OmJ1bGxldDsNCgltc28tbGV2ZWwtdGV4dDrvgqc7DQoJbXNvLWxldmVsLXRhYi1zdG9w
OjMuMGluOw0KCW1zby1sZXZlbC1udW1iZXItcG9zaXRpb246bGVmdDsNCgl0ZXh0LWluZGVudDot
LjI1aW47DQoJbXNvLWFuc2ktZm9udC1zaXplOjEwLjBwdDsNCglmb250LWZhbWlseTpXaW5nZGlu
Z3M7fQ0KQGxpc3QgbDI6bGV2ZWw3DQoJe21zby1sZXZlbC1udW1iZXItZm9ybWF0OmJ1bGxldDsN
Cgltc28tbGV2ZWwtdGV4dDrvgqc7DQoJbXNvLWxldmVsLXRhYi1zdG9wOjMuNWluOw0KCW1zby1s
ZXZlbC1udW1iZXItcG9zaXRpb246bGVmdDsNCgl0ZXh0LWluZGVudDotLjI1aW47DQoJbXNvLWFu
c2ktZm9udC1zaXplOjEwLjBwdDsNCglmb250LWZhbWlseTpXaW5nZGluZ3M7fQ0KQGxpc3QgbDI6
bGV2ZWw4DQoJe21zby1sZXZlbC1udW1iZXItZm9ybWF0OmJ1bGxldDsNCgltc28tbGV2ZWwtdGV4
dDrvgqc7DQoJbXNvLWxldmVsLXRhYi1zdG9wOjQuMGluOw0KCW1zby1sZXZlbC1udW1iZXItcG9z
aXRpb246bGVmdDsNCgl0ZXh0LWluZGVudDotLjI1aW47DQoJbXNvLWFuc2ktZm9udC1zaXplOjEw
LjBwdDsNCglmb250LWZhbWlseTpXaW5nZGluZ3M7fQ0KQGxpc3QgbDI6bGV2ZWw5DQoJe21zby1s
ZXZlbC1udW1iZXItZm9ybWF0OmJ1bGxldDsNCgltc28tbGV2ZWwtdGV4dDrvgqc7DQoJbXNvLWxl
dmVsLXRhYi1zdG9wOjQuNWluOw0KCW1zby1sZXZlbC1udW1iZXItcG9zaXRpb246bGVmdDsNCgl0
ZXh0LWluZGVudDotLjI1aW47DQoJbXNvLWFuc2ktZm9udC1zaXplOjEwLjBwdDsNCglmb250LWZh
bWlseTpXaW5nZGluZ3M7fQ0KQGxpc3QgbDMNCgl7bXNvLWxpc3QtaWQ6MTA0MTkwNjQ4MDsNCglt
c28tbGlzdC10ZW1wbGF0ZS1pZHM6LTg0MDIzNzA4ODt9DQpAbGlzdCBsMzpsZXZlbDENCgl7bXNv
LWxldmVsLW51bWJlci1mb3JtYXQ6YnVsbGV0Ow0KCW1zby1sZXZlbC10ZXh0Ou+CtzsNCgltc28t
bGV2ZWwtdGFiLXN0b3A6LjVpbjsNCgltc28tbGV2ZWwtbnVtYmVyLXBvc2l0aW9uOmxlZnQ7DQoJ
dGV4dC1pbmRlbnQ6LS4yNWluOw0KCW1zby1hbnNpLWZvbnQtc2l6ZToxMC4wcHQ7DQoJZm9udC1m
YW1pbHk6U3ltYm9sO30NCkBsaXN0IGwzOmxldmVsMg0KCXttc28tbGV2ZWwtbnVtYmVyLWZvcm1h
dDpidWxsZXQ7DQoJbXNvLWxldmVsLXRleHQ6bzsNCgltc28tbGV2ZWwtdGFiLXN0b3A6MS4waW47
DQoJbXNvLWxldmVsLW51bWJlci1wb3NpdGlvbjpsZWZ0Ow0KCXRleHQtaW5kZW50Oi0uMjVpbjsN
Cgltc28tYW5zaS1mb250LXNpemU6MTAuMHB0Ow0KCWZvbnQtZmFtaWx5OiJDb3VyaWVyIE5ldyI7
DQoJbXNvLWJpZGktZm9udC1mYW1pbHk6IlRpbWVzIE5ldyBSb21hbiI7fQ0KQGxpc3QgbDM6bGV2
ZWwzDQoJe21zby1sZXZlbC1udW1iZXItZm9ybWF0OmJ1bGxldDsNCgltc28tbGV2ZWwtdGV4dDrv
gqc7DQoJbXNvLWxldmVsLXRhYi1zdG9wOjEuNWluOw0KCW1zby1sZXZlbC1udW1iZXItcG9zaXRp
b246bGVmdDsNCgl0ZXh0LWluZGVudDotLjI1aW47DQoJbXNvLWFuc2ktZm9udC1zaXplOjEwLjBw
dDsNCglmb250LWZhbWlseTpXaW5nZGluZ3M7fQ0KQGxpc3QgbDM6bGV2ZWw0DQoJe21zby1sZXZl
bC1udW1iZXItZm9ybWF0OmJ1bGxldDsNCgltc28tbGV2ZWwtdGV4dDrvgqc7DQoJbXNvLWxldmVs
LXRhYi1zdG9wOjIuMGluOw0KCW1zby1sZXZlbC1udW1iZXItcG9zaXRpb246bGVmdDsNCgl0ZXh0
LWluZGVudDotLjI1aW47DQoJbXNvLWFuc2ktZm9udC1zaXplOjEwLjBwdDsNCglmb250LWZhbWls
eTpXaW5nZGluZ3M7fQ0KQGxpc3QgbDM6bGV2ZWw1DQoJe21zby1sZXZlbC1udW1iZXItZm9ybWF0
OmJ1bGxldDsNCgltc28tbGV2ZWwtdGV4dDrvgqc7DQoJbXNvLWxldmVsLXRhYi1zdG9wOjIuNWlu
Ow0KCW1zby1sZXZlbC1udW1iZXItcG9zaXRpb246bGVmdDsNCgl0ZXh0LWluZGVudDotLjI1aW47
DQoJbXNvLWFuc2ktZm9udC1zaXplOjEwLjBwdDsNCglmb250LWZhbWlseTpXaW5nZGluZ3M7fQ0K
QGxpc3QgbDM6bGV2ZWw2DQoJe21zby1sZXZlbC1udW1iZXItZm9ybWF0OmJ1bGxldDsNCgltc28t
bGV2ZWwtdGV4dDrvgqc7DQoJbXNvLWxldmVsLXRhYi1zdG9wOjMuMGluOw0KCW1zby1sZXZlbC1u
dW1iZXItcG9zaXRpb246bGVmdDsNCgl0ZXh0LWluZGVudDotLjI1aW47DQoJbXNvLWFuc2ktZm9u
dC1zaXplOjEwLjBwdDsNCglmb250LWZhbWlseTpXaW5nZGluZ3M7fQ0KQGxpc3QgbDM6bGV2ZWw3
DQoJe21zby1sZXZlbC1udW1iZXItZm9ybWF0OmJ1bGxldDsNCgltc28tbGV2ZWwtdGV4dDrvgqc7
DQoJbXNvLWxldmVsLXRhYi1zdG9wOjMuNWluOw0KCW1zby1sZXZlbC1udW1iZXItcG9zaXRpb246
bGVmdDsNCgl0ZXh0LWluZGVudDotLjI1aW47DQoJbXNvLWFuc2ktZm9udC1zaXplOjEwLjBwdDsN
Cglmb250LWZhbWlseTpXaW5nZGluZ3M7fQ0KQGxpc3QgbDM6bGV2ZWw4DQoJe21zby1sZXZlbC1u
dW1iZXItZm9ybWF0OmJ1bGxldDsNCgltc28tbGV2ZWwtdGV4dDrvgqc7DQoJbXNvLWxldmVsLXRh
Yi1zdG9wOjQuMGluOw0KCW1zby1sZXZlbC1udW1iZXItcG9zaXRpb246bGVmdDsNCgl0ZXh0LWlu
ZGVudDotLjI1aW47DQoJbXNvLWFuc2ktZm9udC1zaXplOjEwLjBwdDsNCglmb250LWZhbWlseTpX
aW5nZGluZ3M7fQ0KQGxpc3QgbDM6bGV2ZWw5DQoJe21zby1sZXZlbC1udW1iZXItZm9ybWF0OmJ1
bGxldDsNCgltc28tbGV2ZWwtdGV4dDrvgqc7DQoJbXNvLWxldmVsLXRhYi1zdG9wOjQuNWluOw0K
CW1zby1sZXZlbC1udW1iZXItcG9zaXRpb246bGVmdDsNCgl0ZXh0LWluZGVudDotLjI1aW47DQoJ
bXNvLWFuc2ktZm9udC1zaXplOjEwLjBwdDsNCglmb250LWZhbWlseTpXaW5nZGluZ3M7fQ0KQGxp
c3QgbDQNCgl7bXNvLWxpc3QtaWQ6MTQxNjg1NDg5NjsNCgltc28tbGlzdC10ZW1wbGF0ZS1pZHM6
MjIxMjU5MTcwO30NCkBsaXN0IGw0OmxldmVsMQ0KCXttc28tbGV2ZWwtbnVtYmVyLWZvcm1hdDpi
dWxsZXQ7DQoJbXNvLWxldmVsLXRleHQ674K3Ow0KCW1zby1sZXZlbC10YWItc3RvcDouNWluOw0K
CW1zby1sZXZlbC1udW1iZXItcG9zaXRpb246bGVmdDsNCgl0ZXh0LWluZGVudDotLjI1aW47DQoJ
bXNvLWFuc2ktZm9udC1zaXplOjEwLjBwdDsNCglmb250LWZhbWlseTpTeW1ib2w7fQ0KQGxpc3Qg
bDQ6bGV2ZWwyDQoJe21zby1sZXZlbC1udW1iZXItZm9ybWF0OmJ1bGxldDsNCgltc28tbGV2ZWwt
dGV4dDpvOw0KCW1zby1sZXZlbC10YWItc3RvcDoxLjBpbjsNCgltc28tbGV2ZWwtbnVtYmVyLXBv
c2l0aW9uOmxlZnQ7DQoJdGV4dC1pbmRlbnQ6LS4yNWluOw0KCW1zby1hbnNpLWZvbnQtc2l6ZTox
MC4wcHQ7DQoJZm9udC1mYW1pbHk6IkNvdXJpZXIgTmV3IjsNCgltc28tYmlkaS1mb250LWZhbWls
eToiVGltZXMgTmV3IFJvbWFuIjt9DQpAbGlzdCBsNDpsZXZlbDMNCgl7bXNvLWxldmVsLW51bWJl
ci1mb3JtYXQ6YnVsbGV0Ow0KCW1zby1sZXZlbC10ZXh0Ou+CpzsNCgltc28tbGV2ZWwtdGFiLXN0
b3A6MS41aW47DQoJbXNvLWxldmVsLW51bWJlci1wb3NpdGlvbjpsZWZ0Ow0KCXRleHQtaW5kZW50
Oi0uMjVpbjsNCgltc28tYW5zaS1mb250LXNpemU6MTAuMHB0Ow0KCWZvbnQtZmFtaWx5Oldpbmdk
aW5nczt9DQpAbGlzdCBsNDpsZXZlbDQNCgl7bXNvLWxldmVsLW51bWJlci1mb3JtYXQ6YnVsbGV0
Ow0KCW1zby1sZXZlbC10ZXh0Ou+CpzsNCgltc28tbGV2ZWwtdGFiLXN0b3A6Mi4waW47DQoJbXNv
LWxldmVsLW51bWJlci1wb3NpdGlvbjpsZWZ0Ow0KCXRleHQtaW5kZW50Oi0uMjVpbjsNCgltc28t
YW5zaS1mb250LXNpemU6MTAuMHB0Ow0KCWZvbnQtZmFtaWx5OldpbmdkaW5nczt9DQpAbGlzdCBs
NDpsZXZlbDUNCgl7bXNvLWxldmVsLW51bWJlci1mb3JtYXQ6YnVsbGV0Ow0KCW1zby1sZXZlbC10
ZXh0Ou+CpzsNCgltc28tbGV2ZWwtdGFiLXN0b3A6Mi41aW47DQoJbXNvLWxldmVsLW51bWJlci1w
b3NpdGlvbjpsZWZ0Ow0KCXRleHQtaW5kZW50Oi0uMjVpbjsNCgltc28tYW5zaS1mb250LXNpemU6
MTAuMHB0Ow0KCWZvbnQtZmFtaWx5OldpbmdkaW5nczt9DQpAbGlzdCBsNDpsZXZlbDYNCgl7bXNv
LWxldmVsLW51bWJlci1mb3JtYXQ6YnVsbGV0Ow0KCW1zby1sZXZlbC10ZXh0Ou+CpzsNCgltc28t
bGV2ZWwtdGFiLXN0b3A6My4waW47DQoJbXNvLWxldmVsLW51bWJlci1wb3NpdGlvbjpsZWZ0Ow0K
CXRleHQtaW5kZW50Oi0uMjVpbjsNCgltc28tYW5zaS1mb250LXNpemU6MTAuMHB0Ow0KCWZvbnQt
ZmFtaWx5OldpbmdkaW5nczt9DQpAbGlzdCBsNDpsZXZlbDcNCgl7bXNvLWxldmVsLW51bWJlci1m
b3JtYXQ6YnVsbGV0Ow0KCW1zby1sZXZlbC10ZXh0Ou+CpzsNCgltc28tbGV2ZWwtdGFiLXN0b3A6
My41aW47DQoJbXNvLWxldmVsLW51bWJlci1wb3NpdGlvbjpsZWZ0Ow0KCXRleHQtaW5kZW50Oi0u
MjVpbjsNCgltc28tYW5zaS1mb250LXNpemU6MTAuMHB0Ow0KCWZvbnQtZmFtaWx5OldpbmdkaW5n
czt9DQpAbGlzdCBsNDpsZXZlbDgNCgl7bXNvLWxldmVsLW51bWJlci1mb3JtYXQ6YnVsbGV0Ow0K
CW1zby1sZXZlbC10ZXh0Ou+CpzsNCgltc28tbGV2ZWwtdGFiLXN0b3A6NC4waW47DQoJbXNvLWxl
dmVsLW51bWJlci1wb3NpdGlvbjpsZWZ0Ow0KCXRleHQtaW5kZW50Oi0uMjVpbjsNCgltc28tYW5z
aS1mb250LXNpemU6MTAuMHB0Ow0KCWZvbnQtZmFtaWx5OldpbmdkaW5nczt9DQpAbGlzdCBsNDps
ZXZlbDkNCgl7bXNvLWxldmVsLW51bWJlci1mb3JtYXQ6YnVsbGV0Ow0KCW1zby1sZXZlbC10ZXh0
Ou+CpzsNCgltc28tbGV2ZWwtdGFiLXN0b3A6NC41aW47DQoJbXNvLWxldmVsLW51bWJlci1wb3Np
dGlvbjpsZWZ0Ow0KCXRleHQtaW5kZW50Oi0uMjVpbjsNCgltc28tYW5zaS1mb250LXNpemU6MTAu
MHB0Ow0KCWZvbnQtZmFtaWx5OldpbmdkaW5nczt9DQpAbGlzdCBsNQ0KCXttc28tbGlzdC1pZDox
NTQ2NTk5MTgyOw0KCW1zby1saXN0LXR5cGU6aHlicmlkOw0KCW1zby1saXN0LXRlbXBsYXRlLWlk
czotMjA0NDQyODYzMCA2NzY5ODY4OSA2NzY5ODY5MSA2NzY5ODY5MyA2NzY5ODY4OSA2NzY5ODY5
MSA2NzY5ODY5MyA2NzY5ODY4OSA2NzY5ODY5MSA2NzY5ODY5Mzt9DQpAbGlzdCBsNTpsZXZlbDEN
Cgl7bXNvLWxldmVsLW51bWJlci1mb3JtYXQ6YnVsbGV0Ow0KCW1zby1sZXZlbC10ZXh0Ou+CtzsN
Cgltc28tbGV2ZWwtdGFiLXN0b3A6bm9uZTsNCgltc28tbGV2ZWwtbnVtYmVyLXBvc2l0aW9uOmxl
ZnQ7DQoJdGV4dC1pbmRlbnQ6LS4yNWluOw0KCWZvbnQtZmFtaWx5OlN5bWJvbDt9DQpAbGlzdCBs
NTpsZXZlbDINCgl7bXNvLWxldmVsLW51bWJlci1mb3JtYXQ6YnVsbGV0Ow0KCW1zby1sZXZlbC10
ZXh0Om87DQoJbXNvLWxldmVsLXRhYi1zdG9wOm5vbmU7DQoJbXNvLWxldmVsLW51bWJlci1wb3Np
dGlvbjpsZWZ0Ow0KCXRleHQtaW5kZW50Oi0uMjVpbjsNCglmb250LWZhbWlseToiQ291cmllciBO
ZXciO30NCkBsaXN0IGw1OmxldmVsMw0KCXttc28tbGV2ZWwtbnVtYmVyLWZvcm1hdDpidWxsZXQ7
DQoJbXNvLWxldmVsLXRleHQ674KnOw0KCW1zby1sZXZlbC10YWItc3RvcDpub25lOw0KCW1zby1s
ZXZlbC1udW1iZXItcG9zaXRpb246bGVmdDsNCgl0ZXh0LWluZGVudDotLjI1aW47DQoJZm9udC1m
YW1pbHk6V2luZ2RpbmdzO30NCkBsaXN0IGw1OmxldmVsNA0KCXttc28tbGV2ZWwtbnVtYmVyLWZv
cm1hdDpidWxsZXQ7DQoJbXNvLWxldmVsLXRleHQ674K3Ow0KCW1zby1sZXZlbC10YWItc3RvcDpu
b25lOw0KCW1zby1sZXZlbC1udW1iZXItcG9zaXRpb246bGVmdDsNCgl0ZXh0LWluZGVudDotLjI1
aW47DQoJZm9udC1mYW1pbHk6U3ltYm9sO30NCkBsaXN0IGw1OmxldmVsNQ0KCXttc28tbGV2ZWwt
bnVtYmVyLWZvcm1hdDpidWxsZXQ7DQoJbXNvLWxldmVsLXRleHQ6bzsNCgltc28tbGV2ZWwtdGFi
LXN0b3A6bm9uZTsNCgltc28tbGV2ZWwtbnVtYmVyLXBvc2l0aW9uOmxlZnQ7DQoJdGV4dC1pbmRl
bnQ6LS4yNWluOw0KCWZvbnQtZmFtaWx5OiJDb3VyaWVyIE5ldyI7fQ0KQGxpc3QgbDU6bGV2ZWw2
DQoJe21zby1sZXZlbC1udW1iZXItZm9ybWF0OmJ1bGxldDsNCgltc28tbGV2ZWwtdGV4dDrvgqc7
DQoJbXNvLWxldmVsLXRhYi1zdG9wOm5vbmU7DQoJbXNvLWxldmVsLW51bWJlci1wb3NpdGlvbjps
ZWZ0Ow0KCXRleHQtaW5kZW50Oi0uMjVpbjsNCglmb250LWZhbWlseTpXaW5nZGluZ3M7fQ0KQGxp
c3QgbDU6bGV2ZWw3DQoJe21zby1sZXZlbC1udW1iZXItZm9ybWF0OmJ1bGxldDsNCgltc28tbGV2
ZWwtdGV4dDrvgrc7DQoJbXNvLWxldmVsLXRhYi1zdG9wOm5vbmU7DQoJbXNvLWxldmVsLW51bWJl
ci1wb3NpdGlvbjpsZWZ0Ow0KCXRleHQtaW5kZW50Oi0uMjVpbjsNCglmb250LWZhbWlseTpTeW1i
b2w7fQ0KQGxpc3QgbDU6bGV2ZWw4DQoJe21zby1sZXZlbC1udW1iZXItZm9ybWF0OmJ1bGxldDsN
Cgltc28tbGV2ZWwtdGV4dDpvOw0KCW1zby1sZXZlbC10YWItc3RvcDpub25lOw0KCW1zby1sZXZl
bC1udW1iZXItcG9zaXRpb246bGVmdDsNCgl0ZXh0LWluZGVudDotLjI1aW47DQoJZm9udC1mYW1p
bHk6IkNvdXJpZXIgTmV3Ijt9DQpAbGlzdCBsNTpsZXZlbDkNCgl7bXNvLWxldmVsLW51bWJlci1m
b3JtYXQ6YnVsbGV0Ow0KCW1zby1sZXZlbC10ZXh0Ou+CpzsNCgltc28tbGV2ZWwtdGFiLXN0b3A6
bm9uZTsNCgltc28tbGV2ZWwtbnVtYmVyLXBvc2l0aW9uOmxlZnQ7DQoJdGV4dC1pbmRlbnQ6LS4y
NWluOw0KCWZvbnQtZmFtaWx5OldpbmdkaW5nczt9DQpAbGlzdCBsNg0KCXttc28tbGlzdC1pZDox
ODc5NjU5MTY2Ow0KCW1zby1saXN0LXRlbXBsYXRlLWlkczoxNjg1NzE4ODA0O30NCkBsaXN0IGw2
OmxldmVsMQ0KCXttc28tbGV2ZWwtbnVtYmVyLWZvcm1hdDpidWxsZXQ7DQoJbXNvLWxldmVsLXRl
eHQ674K3Ow0KCW1zby1sZXZlbC10YWItc3RvcDouNWluOw0KCW1zby1sZXZlbC1udW1iZXItcG9z
aXRpb246bGVmdDsNCgl0ZXh0LWluZGVudDotLjI1aW47DQoJbXNvLWFuc2ktZm9udC1zaXplOjEw
LjBwdDsNCglmb250LWZhbWlseTpTeW1ib2w7fQ0KQGxpc3QgbDY6bGV2ZWwyDQoJe21zby1sZXZl
bC1udW1iZXItZm9ybWF0OmJ1bGxldDsNCgltc28tbGV2ZWwtdGV4dDpvOw0KCW1zby1sZXZlbC10
YWItc3RvcDoxLjBpbjsNCgltc28tbGV2ZWwtbnVtYmVyLXBvc2l0aW9uOmxlZnQ7DQoJdGV4dC1p
bmRlbnQ6LS4yNWluOw0KCW1zby1hbnNpLWZvbnQtc2l6ZToxMC4wcHQ7DQoJZm9udC1mYW1pbHk6
IkNvdXJpZXIgTmV3IjsNCgltc28tYmlkaS1mb250LWZhbWlseToiVGltZXMgTmV3IFJvbWFuIjt9
DQpAbGlzdCBsNjpsZXZlbDMNCgl7bXNvLWxldmVsLW51bWJlci1mb3JtYXQ6YnVsbGV0Ow0KCW1z
by1sZXZlbC10ZXh0Ou+CpzsNCgltc28tbGV2ZWwtdGFiLXN0b3A6MS41aW47DQoJbXNvLWxldmVs
LW51bWJlci1wb3NpdGlvbjpsZWZ0Ow0KCXRleHQtaW5kZW50Oi0uMjVpbjsNCgltc28tYW5zaS1m
b250LXNpemU6MTAuMHB0Ow0KCWZvbnQtZmFtaWx5OldpbmdkaW5nczt9DQpAbGlzdCBsNjpsZXZl
bDQNCgl7bXNvLWxldmVsLW51bWJlci1mb3JtYXQ6YnVsbGV0Ow0KCW1zby1sZXZlbC10ZXh0Ou+C
pzsNCgltc28tbGV2ZWwtdGFiLXN0b3A6Mi4waW47DQoJbXNvLWxldmVsLW51bWJlci1wb3NpdGlv
bjpsZWZ0Ow0KCXRleHQtaW5kZW50Oi0uMjVpbjsNCgltc28tYW5zaS1mb250LXNpemU6MTAuMHB0
Ow0KCWZvbnQtZmFtaWx5OldpbmdkaW5nczt9DQpAbGlzdCBsNjpsZXZlbDUNCgl7bXNvLWxldmVs
LW51bWJlci1mb3JtYXQ6YnVsbGV0Ow0KCW1zby1sZXZlbC10ZXh0Ou+CpzsNCgltc28tbGV2ZWwt
dGFiLXN0b3A6Mi41aW47DQoJbXNvLWxldmVsLW51bWJlci1wb3NpdGlvbjpsZWZ0Ow0KCXRleHQt
aW5kZW50Oi0uMjVpbjsNCgltc28tYW5zaS1mb250LXNpemU6MTAuMHB0Ow0KCWZvbnQtZmFtaWx5
OldpbmdkaW5nczt9DQpAbGlzdCBsNjpsZXZlbDYNCgl7bXNvLWxldmVsLW51bWJlci1mb3JtYXQ6
YnVsbGV0Ow0KCW1zby1sZXZlbC10ZXh0Ou+CpzsNCgltc28tbGV2ZWwtdGFiLXN0b3A6My4waW47
DQoJbXNvLWxldmVsLW51bWJlci1wb3NpdGlvbjpsZWZ0Ow0KCXRleHQtaW5kZW50Oi0uMjVpbjsN
Cgltc28tYW5zaS1mb250LXNpemU6MTAuMHB0Ow0KCWZvbnQtZmFtaWx5OldpbmdkaW5nczt9DQpA
bGlzdCBsNjpsZXZlbDcNCgl7bXNvLWxldmVsLW51bWJlci1mb3JtYXQ6YnVsbGV0Ow0KCW1zby1s
ZXZlbC10ZXh0Ou+CpzsNCgltc28tbGV2ZWwtdGFiLXN0b3A6My41aW47DQoJbXNvLWxldmVsLW51
bWJlci1wb3NpdGlvbjpsZWZ0Ow0KCXRleHQtaW5kZW50Oi0uMjVpbjsNCgltc28tYW5zaS1mb250
LXNpemU6MTAuMHB0Ow0KCWZvbnQtZmFtaWx5OldpbmdkaW5nczt9DQpAbGlzdCBsNjpsZXZlbDgN
Cgl7bXNvLWxldmVsLW51bWJlci1mb3JtYXQ6YnVsbGV0Ow0KCW1zby1sZXZlbC10ZXh0Ou+CpzsN
Cgltc28tbGV2ZWwtdGFiLXN0b3A6NC4waW47DQoJbXNvLWxldmVsLW51bWJlci1wb3NpdGlvbjps
ZWZ0Ow0KCXRleHQtaW5kZW50Oi0uMjVpbjsNCgltc28tYW5zaS1mb250LXNpemU6MTAuMHB0Ow0K
CWZvbnQtZmFtaWx5OldpbmdkaW5nczt9DQpAbGlzdCBsNjpsZXZlbDkNCgl7bXNvLWxldmVsLW51
bWJlci1mb3JtYXQ6YnVsbGV0Ow0KCW1zby1sZXZlbC10ZXh0Ou+CpzsNCgltc28tbGV2ZWwtdGFi
LXN0b3A6NC41aW47DQoJbXNvLWxldmVsLW51bWJlci1wb3NpdGlvbjpsZWZ0Ow0KCXRleHQtaW5k
ZW50Oi0uMjVpbjsNCgltc28tYW5zaS1mb250LXNpemU6MTAuMHB0Ow0KCWZvbnQtZmFtaWx5Oldp
bmdkaW5nczt9DQpAbGlzdCBsNw0KCXttc28tbGlzdC1pZDoxOTA5NzI1Njc3Ow0KCW1zby1saXN0
LXRlbXBsYXRlLWlkczotMTQ3OTY3MTQzMDt9DQpAbGlzdCBsNzpsZXZlbDENCgl7bXNvLWxldmVs
LW51bWJlci1mb3JtYXQ6YnVsbGV0Ow0KCW1zby1sZXZlbC10ZXh0Ou+CtzsNCgltc28tbGV2ZWwt
dGFiLXN0b3A6LjVpbjsNCgltc28tbGV2ZWwtbnVtYmVyLXBvc2l0aW9uOmxlZnQ7DQoJdGV4dC1p
bmRlbnQ6LS4yNWluOw0KCW1zby1hbnNpLWZvbnQtc2l6ZToxMC4wcHQ7DQoJZm9udC1mYW1pbHk6
U3ltYm9sO30NCkBsaXN0IGw3OmxldmVsMg0KCXttc28tbGV2ZWwtbnVtYmVyLWZvcm1hdDpidWxs
ZXQ7DQoJbXNvLWxldmVsLXRleHQ6bzsNCgltc28tbGV2ZWwtdGFiLXN0b3A6MS4waW47DQoJbXNv
LWxldmVsLW51bWJlci1wb3NpdGlvbjpsZWZ0Ow0KCXRleHQtaW5kZW50Oi0uMjVpbjsNCgltc28t
YW5zaS1mb250LXNpemU6MTAuMHB0Ow0KCWZvbnQtZmFtaWx5OiJDb3VyaWVyIE5ldyI7DQoJbXNv
LWJpZGktZm9udC1mYW1pbHk6IlRpbWVzIE5ldyBSb21hbiI7fQ0KQGxpc3QgbDc6bGV2ZWwzDQoJ
e21zby1sZXZlbC1udW1iZXItZm9ybWF0OmJ1bGxldDsNCgltc28tbGV2ZWwtdGV4dDrvgqc7DQoJ
bXNvLWxldmVsLXRhYi1zdG9wOjEuNWluOw0KCW1zby1sZXZlbC1udW1iZXItcG9zaXRpb246bGVm
dDsNCgl0ZXh0LWluZGVudDotLjI1aW47DQoJbXNvLWFuc2ktZm9udC1zaXplOjEwLjBwdDsNCglm
b250LWZhbWlseTpXaW5nZGluZ3M7fQ0KQGxpc3QgbDc6bGV2ZWw0DQoJe21zby1sZXZlbC1udW1i
ZXItZm9ybWF0OmJ1bGxldDsNCgltc28tbGV2ZWwtdGV4dDrvgqc7DQoJbXNvLWxldmVsLXRhYi1z
dG9wOjIuMGluOw0KCW1zby1sZXZlbC1udW1iZXItcG9zaXRpb246bGVmdDsNCgl0ZXh0LWluZGVu
dDotLjI1aW47DQoJbXNvLWFuc2ktZm9udC1zaXplOjEwLjBwdDsNCglmb250LWZhbWlseTpXaW5n
ZGluZ3M7fQ0KQGxpc3QgbDc6bGV2ZWw1DQoJe21zby1sZXZlbC1udW1iZXItZm9ybWF0OmJ1bGxl
dDsNCgltc28tbGV2ZWwtdGV4dDrvgqc7DQoJbXNvLWxldmVsLXRhYi1zdG9wOjIuNWluOw0KCW1z
by1sZXZlbC1udW1iZXItcG9zaXRpb246bGVmdDsNCgl0ZXh0LWluZGVudDotLjI1aW47DQoJbXNv
LWFuc2ktZm9udC1zaXplOjEwLjBwdDsNCglmb250LWZhbWlseTpXaW5nZGluZ3M7fQ0KQGxpc3Qg
bDc6bGV2ZWw2DQoJe21zby1sZXZlbC1udW1iZXItZm9ybWF0OmJ1bGxldDsNCgltc28tbGV2ZWwt
dGV4dDrvgqc7DQoJbXNvLWxldmVsLXRhYi1zdG9wOjMuMGluOw0KCW1zby1sZXZlbC1udW1iZXIt
cG9zaXRpb246bGVmdDsNCgl0ZXh0LWluZGVudDotLjI1aW47DQoJbXNvLWFuc2ktZm9udC1zaXpl
OjEwLjBwdDsNCglmb250LWZhbWlseTpXaW5nZGluZ3M7fQ0KQGxpc3QgbDc6bGV2ZWw3DQoJe21z
by1sZXZlbC1udW1iZXItZm9ybWF0OmJ1bGxldDsNCgltc28tbGV2ZWwtdGV4dDrvgqc7DQoJbXNv
LWxldmVsLXRhYi1zdG9wOjMuNWluOw0KCW1zby1sZXZlbC1udW1iZXItcG9zaXRpb246bGVmdDsN
Cgl0ZXh0LWluZGVudDotLjI1aW47DQoJbXNvLWFuc2ktZm9udC1zaXplOjEwLjBwdDsNCglmb250
LWZhbWlseTpXaW5nZGluZ3M7fQ0KQGxpc3QgbDc6bGV2ZWw4DQoJe21zby1sZXZlbC1udW1iZXIt
Zm9ybWF0OmJ1bGxldDsNCgltc28tbGV2ZWwtdGV4dDrvgqc7DQoJbXNvLWxldmVsLXRhYi1zdG9w
OjQuMGluOw0KCW1zby1sZXZlbC1udW1iZXItcG9zaXRpb246bGVmdDsNCgl0ZXh0LWluZGVudDot
LjI1aW47DQoJbXNvLWFuc2ktZm9udC1zaXplOjEwLjBwdDsNCglmb250LWZhbWlseTpXaW5nZGlu
Z3M7fQ0KQGxpc3QgbDc6bGV2ZWw5DQoJe21zby1sZXZlbC1udW1iZXItZm9ybWF0OmJ1bGxldDsN
Cgltc28tbGV2ZWwtdGV4dDrvgqc7DQoJbXNvLWxldmVsLXRhYi1zdG9wOjQuNWluOw0KCW1zby1s
ZXZlbC1udW1iZXItcG9zaXRpb246bGVmdDsNCgl0ZXh0LWluZGVudDotLjI1aW47DQoJbXNvLWFu
c2ktZm9udC1zaXplOjEwLjBwdDsNCglmb250LWZhbWlseTpXaW5nZGluZ3M7fQ0Kb2wNCgl7bWFy
Z2luLWJvdHRvbTowaW47fQ0KdWwNCgl7bWFyZ2luLWJvdHRvbTowaW47fQ0KLS0+PC9zdHlsZT48
IS0tW2lmIGd0ZSBtc28gOV0+PHhtbD4NCjxvOnNoYXBlZGVmYXVsdHMgdjpleHQ9ImVkaXQiIHNw
aWRtYXg9IjEwMjYiIC8+DQo8L3htbD48IVtlbmRpZl0tLT48IS0tW2lmIGd0ZSBtc28gOV0+PHht
bD4NCjxvOnNoYXBlbGF5b3V0IHY6ZXh0PSJlZGl0Ij4NCjxvOmlkbWFwIHY6ZXh0PSJlZGl0IiBk
YXRhPSIxIiAvPg0KPC9vOnNoYXBlbGF5b3V0PjwveG1sPjwhW2VuZGlmXS0tPg0KPC9oZWFkPg0K
PGJvZHkgbGFuZz0iRU4tVVMiIGxpbms9ImJsdWUiIHZsaW5rPSJwdXJwbGUiPg0KPGRpdiBjbGFz
cz0iV29yZFNlY3Rpb24xIj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPknigJl2ZSBtYWRlIGEgbWlu
b3IgcmVsZWFzZSBvZiB0aGUgSlNPTiBXRUIge1NpZ25hdHVyZSxFbmNyeXB0aW9uLEtleSxBbGdv
cml0aG1zLFRva2VufSAoSldTLCBKV0UsIEpXSywgSldBLCBKV1QpIHdvcmtpbmcgZ3JvdXAgc3Bl
Y2lmaWNhdGlvbnMgYW5kIHRoZSBKV1MgYW5kIEpXRSBKU09OIFNlcmlhbGl6YXRpb24gKEpXUy1K
UywgSldFLUpTKSBpbmRpdmlkdWFsIHN1Ym1pc3Npb24gc3BlY2lmaWNhdGlvbnMgaW4NCiBwcmVw
YXJhdGlvbiBmb3IgPGEgaHJlZj0iaHR0cDovL3d3dy5pZXRmLm9yZy9tZWV0aW5nLzg0L2luZGV4
Lmh0bWwiPklFVEYgODQgaW4gVmFuY291dmVyLCBCQzwvYT4uJm5ic3A7IFRoZXNlIHZlcnNpb25z
IGluY29ycG9yYXRlIGZlZWRiYWNrIGZyb20gd29ya2luZyBncm91cCBtZW1iZXJzIHNpbmNlIHRo
ZQ0KPGEgaHJlZj0iaHR0cDovL3NlbGYtaXNzdWVkLmluZm8vP3A9NzU5Ij5tYWpvciByZWxlYXNl
IG9uIEp1bHkgNjxzdXA+dGg8L3N1cD48L2E+LCBhbmQgdXBkYXRlIHRoZSBsaXN0cyBvZiBvcGVu
IGlzc3VlcyBpbiBwcmVwYXJhdGlvbiBmb3IgZGlzY3Vzc2lvbnMgaW4gVmFuY291dmVyIChhbmQg
b24gdGhlIHdvcmtpbmcgZ3JvdXAgbWFpbGluZyBsaXN0cykuPG86cD48L286cD48L3A+DQo8cCBj
bGFzcz0iTXNvTm9ybWFsIj48bzpwPiZuYnNwOzwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3Jt
YWwiPk9uZSBzaWduaWZpY2FudCBhZGRpdGlvbiBpcyB0aGF0IHRoZSBKV1QgYW5kIEpXRS1KUyBz
cGVjcyBib3RoIG5vdyBjb250YWluIGNvbXBsZXRlLCB0ZXN0YWJsZSBleGFtcGxlcyB3aXRoIGVu
Y3J5cHRlZCByZXN1bHRzLiZuYnNwOyBObyBub3JtYXRpdmUgY2hhbmdlcyB3ZXJlIG1hZGUuPG86
cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48bzpwPiZuYnNwOzwvbzpwPjwvcD4N
CjxwIGNsYXNzPSJNc29Ob3JtYWwiPlRoZSB3b3JraW5nIGdyb3VwIHNwZWNpZmljYXRpb25zIGFy
ZSBhdmFpbGFibGUgYXQ6PG86cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTGlzdFBhcmFncmFw
aCIgc3R5bGU9InRleHQtaW5kZW50Oi0uMjVpbjttc28tbGlzdDpsNSBsZXZlbDEgbGZvMSI+PCFb
aWYgIXN1cHBvcnRMaXN0c10+PHNwYW4gc3R5bGU9ImZvbnQtZmFtaWx5OlN5bWJvbCI+PHNwYW4g
c3R5bGU9Im1zby1saXN0Oklnbm9yZSI+wrc8c3BhbiBzdHlsZT0iZm9udDo3LjBwdCAmcXVvdDtU
aW1lcyBOZXcgUm9tYW4mcXVvdDsiPiZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNw
OyZuYnNwOw0KPC9zcGFuPjwvc3Bhbj48L3NwYW4+PCFbZW5kaWZdPjxhIGhyZWY9Imh0dHA6Ly90
b29scy5pZXRmLm9yZy9odG1sL2RyYWZ0LWlldGYtam9zZS1qc29uLXdlYi1zaWduYXR1cmUtMDQi
Pmh0dHA6Ly90b29scy5pZXRmLm9yZy9odG1sL2RyYWZ0LWlldGYtam9zZS1qc29uLXdlYi1zaWdu
YXR1cmUtMDQ8L2E+PG86cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTGlzdFBhcmFncmFwaCIg
c3R5bGU9InRleHQtaW5kZW50Oi0uMjVpbjttc28tbGlzdDpsNSBsZXZlbDEgbGZvMSI+PCFbaWYg
IXN1cHBvcnRMaXN0c10+PHNwYW4gc3R5bGU9ImZvbnQtZmFtaWx5OlN5bWJvbCI+PHNwYW4gc3R5
bGU9Im1zby1saXN0Oklnbm9yZSI+wrc8c3BhbiBzdHlsZT0iZm9udDo3LjBwdCAmcXVvdDtUaW1l
cyBOZXcgUm9tYW4mcXVvdDsiPiZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZu
YnNwOw0KPC9zcGFuPjwvc3Bhbj48L3NwYW4+PCFbZW5kaWZdPjxhIGhyZWY9Imh0dHA6Ly90b29s
cy5pZXRmLm9yZy9odG1sL2RyYWZ0LWlldGYtam9zZS1qc29uLXdlYi1lbmNyeXB0aW9uLTA0Ij5o
dHRwOi8vdG9vbHMuaWV0Zi5vcmcvaHRtbC9kcmFmdC1pZXRmLWpvc2UtanNvbi13ZWItZW5jcnlw
dGlvbi0wNDwvYT48bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29MaXN0UGFyYWdyYXBoIiBz
dHlsZT0idGV4dC1pbmRlbnQ6LS4yNWluO21zby1saXN0Omw1IGxldmVsMSBsZm8xIj48IVtpZiAh
c3VwcG9ydExpc3RzXT48c3BhbiBzdHlsZT0iZm9udC1mYW1pbHk6U3ltYm9sIj48c3BhbiBzdHls
ZT0ibXNvLWxpc3Q6SWdub3JlIj7CtzxzcGFuIHN0eWxlPSJmb250OjcuMHB0ICZxdW90O1RpbWVz
IE5ldyBSb21hbiZxdW90OyI+Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5i
c3A7DQo8L3NwYW4+PC9zcGFuPjwvc3Bhbj48IVtlbmRpZl0+PGEgaHJlZj0iaHR0cDovL3Rvb2xz
LmlldGYub3JnL2h0bWwvZHJhZnQtaWV0Zi1qb3NlLWpzb24td2ViLWtleS0wNCI+aHR0cDovL3Rv
b2xzLmlldGYub3JnL2h0bWwvZHJhZnQtaWV0Zi1qb3NlLWpzb24td2ViLWtleS0wNDwvYT48bzpw
PjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29MaXN0UGFyYWdyYXBoIiBzdHlsZT0idGV4dC1pbmRl
bnQ6LS4yNWluO21zby1saXN0Omw1IGxldmVsMSBsZm8xIj48IVtpZiAhc3VwcG9ydExpc3RzXT48
c3BhbiBzdHlsZT0iZm9udC1mYW1pbHk6U3ltYm9sIj48c3BhbiBzdHlsZT0ibXNvLWxpc3Q6SWdu
b3JlIj7CtzxzcGFuIHN0eWxlPSJmb250OjcuMHB0ICZxdW90O1RpbWVzIE5ldyBSb21hbiZxdW90
OyI+Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7DQo8L3NwYW4+PC9z
cGFuPjwvc3Bhbj48IVtlbmRpZl0+PGEgaHJlZj0iaHR0cDovL3Rvb2xzLmlldGYub3JnL2h0bWwv
ZHJhZnQtaWV0Zi1qb3NlLWpzb24td2ViLWFsZ29yaXRobXMtMDQiPmh0dHA6Ly90b29scy5pZXRm
Lm9yZy9odG1sL2RyYWZ0LWlldGYtam9zZS1qc29uLXdlYi1hbGdvcml0aG1zLTA0PC9hPjxvOnA+
PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb0xpc3RQYXJhZ3JhcGgiIHN0eWxlPSJ0ZXh0LWluZGVu
dDotLjI1aW47bXNvLWxpc3Q6bDUgbGV2ZWwxIGxmbzEiPjwhW2lmICFzdXBwb3J0TGlzdHNdPjxz
cGFuIHN0eWxlPSJmb250LWZhbWlseTpTeW1ib2wiPjxzcGFuIHN0eWxlPSJtc28tbGlzdDpJZ25v
cmUiPsK3PHNwYW4gc3R5bGU9ImZvbnQ6Ny4wcHQgJnF1b3Q7VGltZXMgTmV3IFJvbWFuJnF1b3Q7
Ij4mbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsNCjwvc3Bhbj48L3Nw
YW4+PC9zcGFuPjwhW2VuZGlmXT48YSBocmVmPSJodHRwOi8vdG9vbHMuaWV0Zi5vcmcvaHRtbC9k
cmFmdC1pZXRmLW9hdXRoLWpzb24td2ViLXRva2VuLTAyIj5odHRwOi8vdG9vbHMuaWV0Zi5vcmcv
aHRtbC9kcmFmdC1pZXRmLW9hdXRoLWpzb24td2ViLXRva2VuLTAyPC9hPjxvOnA+PC9vOnA+PC9w
Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PG86cD4mbmJzcDs8L286cD48L3A+DQo8cCBjbGFzcz0i
TXNvTm9ybWFsIj5UaGUgaW5kaXZpZHVhbCBzdWJtaXNzaW9uIHNwZWNpZmljYXRpb25zIGFyZSBh
dmFpbGFibGUgYXQ6PG86cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTGlzdFBhcmFncmFwaCIg
c3R5bGU9InRleHQtaW5kZW50Oi0uMjVpbjttc28tbGlzdDpsMSBsZXZlbDEgbGZvMiI+PCFbaWYg
IXN1cHBvcnRMaXN0c10+PHNwYW4gc3R5bGU9ImZvbnQtZmFtaWx5OlN5bWJvbCI+PHNwYW4gc3R5
bGU9Im1zby1saXN0Oklnbm9yZSI+wrc8c3BhbiBzdHlsZT0iZm9udDo3LjBwdCAmcXVvdDtUaW1l
cyBOZXcgUm9tYW4mcXVvdDsiPiZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZu
YnNwOw0KPC9zcGFuPjwvc3Bhbj48L3NwYW4+PCFbZW5kaWZdPjxhIGhyZWY9Imh0dHA6Ly90b29s
cy5pZXRmLm9yZy9odG1sL2RyYWZ0LWpvbmVzLWpvc2UtandzLWpzb24tc2VyaWFsaXphdGlvbi0w
MSI+aHR0cDovL3Rvb2xzLmlldGYub3JnL2h0bWwvZHJhZnQtam9uZXMtam9zZS1qd3MtanNvbi1z
ZXJpYWxpemF0aW9uLTAxPC9hPjxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb0xpc3RQYXJh
Z3JhcGgiIHN0eWxlPSJ0ZXh0LWluZGVudDotLjI1aW47bXNvLWxpc3Q6bDEgbGV2ZWwxIGxmbzIi
PjwhW2lmICFzdXBwb3J0TGlzdHNdPjxzcGFuIHN0eWxlPSJmb250LWZhbWlseTpTeW1ib2wiPjxz
cGFuIHN0eWxlPSJtc28tbGlzdDpJZ25vcmUiPsK3PHNwYW4gc3R5bGU9ImZvbnQ6Ny4wcHQgJnF1
b3Q7VGltZXMgTmV3IFJvbWFuJnF1b3Q7Ij4mbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsm
bmJzcDsmbmJzcDsNCjwvc3Bhbj48L3NwYW4+PC9zcGFuPjwhW2VuZGlmXT48YSBocmVmPSJodHRw
Oi8vdG9vbHMuaWV0Zi5vcmcvaHRtbC9kcmFmdC1qb25lcy1qb3NlLWp3ZS1qc29uLXNlcmlhbGl6
YXRpb24tMDEiPmh0dHA6Ly90b29scy5pZXRmLm9yZy9odG1sL2RyYWZ0LWpvbmVzLWpvc2Utandl
LWpzb24tc2VyaWFsaXphdGlvbi0wMTwvYT48bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29O
b3JtYWwiPjxvOnA+Jm5ic3A7PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+VGhlIGRv
Y3VtZW50IGhpc3RvcnkgZW50cmllcyAoYWxzbyBpbiB0aGUgc3BlY2lmaWNhdGlvbnMpIGFyZSBh
cyBmb2xsb3dzOjxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PG86cD4mbmJz
cDs8L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48YSBocmVmPSJodHRwOi8vdG9vbHMu
aWV0Zi5vcmcvaHRtbC9kcmFmdC1pZXRmLWpvc2UtanNvbi13ZWItc2lnbmF0dXJlLTA0Ij5odHRw
Oi8vdG9vbHMuaWV0Zi5vcmcvaHRtbC9kcmFmdC1pZXRmLWpvc2UtanNvbi13ZWItc2lnbmF0dXJl
LTA0PC9hPjxvOnA+PC9vOnA+PC9wPg0KPHVsIHN0eWxlPSJtYXJnaW4tdG9wOjBpbiIgdHlwZT0i
ZGlzYyI+DQo8bGkgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9ImNvbG9yOmJsYWNrO21zby1saXN0
Omw0IGxldmVsMSBsZm8zIj48c3BhbiBsYW5nPSJFTiIgc3R5bGU9ImZvbnQtc2l6ZToxMC4wcHQ7
Zm9udC1mYW1pbHk6JnF1b3Q7VmVyZGFuYSZxdW90OywmcXVvdDtzYW5zLXNlcmlmJnF1b3Q7Ij5D
b21wbGV0ZWQgSlNPTiBTZWN1cml0eSBDb25zaWRlcmF0aW9ucyBzZWN0aW9uLCBpbmNsdWRpbmcg
Y29uc2lkZXJhdGlvbnMgYWJvdXQgcmVqZWN0aW5nIGlucHV0IHdpdGggZHVwbGljYXRlIG1lbWJl
cg0KIG5hbWVzLiA8bzpwPjwvbzpwPjwvc3Bhbj48L2xpPjxsaSBjbGFzcz0iTXNvTm9ybWFsIiBz
dHlsZT0iY29sb3I6YmxhY2s7bXNvLWxpc3Q6bDQgbGV2ZWwxIGxmbzMiPjxzcGFuIGxhbmc9IkVO
IiBzdHlsZT0iZm9udC1zaXplOjEwLjBwdDtmb250LWZhbWlseTomcXVvdDtWZXJkYW5hJnF1b3Q7
LCZxdW90O3NhbnMtc2VyaWYmcXVvdDsiPkNvbXBsZXRlZCBzZWN1cml0eSBjb25zaWRlcmF0aW9u
cyBvbiB0aGUgdXNlIG9mIGEgU0hBLTEgaGFzaCB3aGVuIGNvbXB1dGluZw0KPC9zcGFuPjx0dD48
c3BhbiBsYW5nPSJFTiIgc3R5bGU9ImZvbnQtc2l6ZToxMi4wcHQiPng1dDwvc3Bhbj48L3R0Pjxz
cGFuIGxhbmc9IkVOIiBzdHlsZT0iZm9udC1zaXplOjEwLjBwdDtmb250LWZhbWlseTomcXVvdDtW
ZXJkYW5hJnF1b3Q7LCZxdW90O3NhbnMtc2VyaWYmcXVvdDsiPiAoeC41MDkgY2VydGlmaWNhdGUg
dGh1bWJwcmludCkgdmFsdWVzLg0KPG86cD48L286cD48L3NwYW4+PC9saT48bGkgY2xhc3M9Ik1z
b05vcm1hbCIgc3R5bGU9ImNvbG9yOmJsYWNrO21zby1saXN0Omw0IGxldmVsMSBsZm8zIj48c3Bh
biBsYW5nPSJFTiIgc3R5bGU9ImZvbnQtc2l6ZToxMC4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7VmVy
ZGFuYSZxdW90OywmcXVvdDtzYW5zLXNlcmlmJnF1b3Q7Ij5SZWZlciB0byB0aGUgcmVnaXN0cmll
cyBhcyB0aGUgcHJpbWFyeSBzb3VyY2VzIG9mIGRlZmluZWQgdmFsdWVzIGFuZCB0aGVuIHNlY29u
ZGFyaWx5IHJlZmVyZW5jZSB0aGUgc2VjdGlvbnMgZGVmaW5pbmcNCiB0aGUgaW5pdGlhbCBjb250
ZW50cyBvZiB0aGUgcmVnaXN0cmllcy4gPG86cD48L286cD48L3NwYW4+PC9saT48bGkgY2xhc3M9
Ik1zb05vcm1hbCIgc3R5bGU9ImNvbG9yOmJsYWNrO21zby1saXN0Omw0IGxldmVsMSBsZm8zIj48
c3BhbiBsYW5nPSJFTiIgc3R5bGU9ImZvbnQtc2l6ZToxMC4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7
VmVyZGFuYSZxdW90OywmcXVvdDtzYW5zLXNlcmlmJnF1b3Q7Ij5Ob3JtYXRpdmVseSByZWZlcmVu
Y2UgWE1MIERTSUcgMi4wIFtXM0MuQ1LigJF4bWxkc2ln4oCRY29yZTLigJEyMDEyMDEyNF0gZm9y
IGl0cyBzZWN1cml0eSBjb25zaWRlcmF0aW9ucy4NCjxvOnA+PC9vOnA+PC9zcGFuPjwvbGk+PGxp
IGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJjb2xvcjpibGFjazttc28tbGlzdDpsNCBsZXZlbDEg
bGZvMyI+PHNwYW4gbGFuZz0iRU4iIHN0eWxlPSJmb250LXNpemU6MTAuMHB0O2ZvbnQtZmFtaWx5
OiZxdW90O1ZlcmRhbmEmcXVvdDssJnF1b3Q7c2Fucy1zZXJpZiZxdW90OyI+QWRkZWQgdGhpcyBs
YW5ndWFnZSB0byBSZWdpc3RyYXRpb24gVGVtcGxhdGVzOiAmcXVvdDtUaGlzIG5hbWUgaXMgY2Fz
ZSBzZW5zaXRpdmUuIE5hbWVzIHRoYXQgbWF0Y2ggb3RoZXIgcmVnaXN0ZXJlZCBuYW1lcw0KIGlu
IGEgY2FzZSBpbnNlbnNpdGl2ZSBtYW5uZXIgU0hPVUxEIE5PVCBiZSBhY2NlcHRlZC4mcXVvdDsg
PG86cD48L286cD48L3NwYW4+PC9saT48bGkgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9ImNvbG9y
OmJsYWNrO21zby1saXN0Omw0IGxldmVsMSBsZm8zIj48c3BhbiBsYW5nPSJFTiIgc3R5bGU9ImZv
bnQtc2l6ZToxMC4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7VmVyZGFuYSZxdW90OywmcXVvdDtzYW5z
LXNlcmlmJnF1b3Q7Ij5SZWZlcmVuY2UgZHJhZnQtam9uZXMtam9zZS1qd3MtanNvbi1zZXJpYWxp
emF0aW9uIGluc3RlYWQgb2YgZHJhZnQtam9uZXMtanNvbi13ZWItc2lnbmF0dXJlLWpzb24tc2Vy
aWFsaXphdGlvbi48bzpwPjwvbzpwPjwvc3Bhbj48L2xpPjxsaSBjbGFzcz0iTXNvTm9ybWFsIiBz
dHlsZT0iY29sb3I6YmxhY2s7bXNvLWxpc3Q6bDQgbGV2ZWwxIGxmbzMiPjxzcGFuIGxhbmc9IkVO
IiBzdHlsZT0iZm9udC1zaXplOjEwLjBwdDtmb250LWZhbWlseTomcXVvdDtWZXJkYW5hJnF1b3Q7
LCZxdW90O3NhbnMtc2VyaWYmcXVvdDsiPkRlc2NyaWJlZCBhZGRpdGlvbmFsIG9wZW4gaXNzdWVz
Lg0KPG86cD48L286cD48L3NwYW4+PC9saT48bGkgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9ImNv
bG9yOmJsYWNrO21zby1saXN0Omw0IGxldmVsMSBsZm8zIj48c3BhbiBsYW5nPSJFTiIgc3R5bGU9
ImZvbnQtc2l6ZToxMC4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7VmVyZGFuYSZxdW90OywmcXVvdDtz
YW5zLXNlcmlmJnF1b3Q7Ij5BcHBsaWVkIGVkaXRvcmlhbCBzdWdnZXN0aW9ucy48bzpwPjwvbzpw
Pjwvc3Bhbj48L2xpPjwvdWw+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48bzpwPiZuYnNwOzwvbzpw
PjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxhIGhyZWY9Imh0dHA6Ly90b29scy5pZXRmLm9y
Zy9odG1sL2RyYWZ0LWlldGYtam9zZS1qc29uLXdlYi1lbmNyeXB0aW9uLTA0Ij5odHRwOi8vdG9v
bHMuaWV0Zi5vcmcvaHRtbC9kcmFmdC1pZXRmLWpvc2UtanNvbi13ZWItZW5jcnlwdGlvbi0wNDwv
YT48bzpwPjwvbzpwPjwvcD4NCjx1bCBzdHlsZT0ibWFyZ2luLXRvcDowaW4iIHR5cGU9ImRpc2Mi
Pg0KPGxpIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJjb2xvcjpibGFjazttc28tbGlzdDpsMiBs
ZXZlbDEgbGZvNCI+PHNwYW4gbGFuZz0iRU4iIHN0eWxlPSJmb250LXNpemU6MTAuMHB0O2ZvbnQt
ZmFtaWx5OiZxdW90O1ZlcmRhbmEmcXVvdDssJnF1b3Q7c2Fucy1zZXJpZiZxdW90OyI+UmVmZXIg
dG8gdGhlIHJlZ2lzdHJpZXMgYXMgdGhlIHByaW1hcnkgc291cmNlcyBvZiBkZWZpbmVkIHZhbHVl
cyBhbmQgdGhlbiBzZWNvbmRhcmlseSByZWZlcmVuY2UgdGhlIHNlY3Rpb25zIGRlZmluaW5nDQog
dGhlIGluaXRpYWwgY29udGVudHMgb2YgdGhlIHJlZ2lzdHJpZXMuIDxvOnA+PC9vOnA+PC9zcGFu
PjwvbGk+PGxpIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJjb2xvcjpibGFjazttc28tbGlzdDps
MiBsZXZlbDEgbGZvNCI+PHNwYW4gbGFuZz0iRU4iIHN0eWxlPSJmb250LXNpemU6MTAuMHB0O2Zv
bnQtZmFtaWx5OiZxdW90O1ZlcmRhbmEmcXVvdDssJnF1b3Q7c2Fucy1zZXJpZiZxdW90OyI+Tm9y
bWF0aXZlbHkgcmVmZXJlbmNlIFhNTCBFbmNyeXB0aW9uIDEuMSBbVzNDLkNS4oCReG1sZW5j4oCR
Y29yZTHigJEyMDEyMDMxM10gZm9yIGl0cyBzZWN1cml0eSBjb25zaWRlcmF0aW9ucy4NCjxvOnA+
PC9vOnA+PC9zcGFuPjwvbGk+PGxpIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJjb2xvcjpibGFj
azttc28tbGlzdDpsMiBsZXZlbDEgbGZvNCI+PHNwYW4gbGFuZz0iRU4iIHN0eWxlPSJmb250LXNp
emU6MTAuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O1ZlcmRhbmEmcXVvdDssJnF1b3Q7c2Fucy1zZXJp
ZiZxdW90OyI+UmVmZXJlbmNlIGRyYWZ0LWpvbmVzLWpvc2UtandlLWpzb24tc2VyaWFsaXphdGlv
biBpbnN0ZWFkIG9mIGRyYWZ0LWpvbmVzLWpzb24td2ViLWVuY3J5cHRpb24tanNvbi1zZXJpYWxp
emF0aW9uLg0KPG86cD48L286cD48L3NwYW4+PC9saT48bGkgY2xhc3M9Ik1zb05vcm1hbCIgc3R5
bGU9ImNvbG9yOmJsYWNrO21zby1saXN0OmwyIGxldmVsMSBsZm80Ij48c3BhbiBsYW5nPSJFTiIg
c3R5bGU9ImZvbnQtc2l6ZToxMC4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7VmVyZGFuYSZxdW90Oywm
cXVvdDtzYW5zLXNlcmlmJnF1b3Q7Ij5EZXNjcmliZWQgYWRkaXRpb25hbCBvcGVuIGlzc3Vlcy4N
CjxvOnA+PC9vOnA+PC9zcGFuPjwvbGk+PGxpIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJjb2xv
cjpibGFjazttc28tbGlzdDpsMiBsZXZlbDEgbGZvNCI+PHNwYW4gbGFuZz0iRU4iIHN0eWxlPSJm
b250LXNpemU6MTAuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O1ZlcmRhbmEmcXVvdDssJnF1b3Q7c2Fu
cy1zZXJpZiZxdW90OyI+QXBwbGllZCBlZGl0b3JpYWwgc3VnZ2VzdGlvbnMuPG86cD48L286cD48
L3NwYW4+PC9saT48L3VsPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PG86cD4mbmJzcDs8L286cD48
L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48YSBocmVmPSJodHRwOi8vdG9vbHMuaWV0Zi5vcmcv
aHRtbC9kcmFmdC1pZXRmLWpvc2UtanNvbi13ZWIta2V5LTA0Ij5odHRwOi8vdG9vbHMuaWV0Zi5v
cmcvaHRtbC9kcmFmdC1pZXRmLWpvc2UtanNvbi13ZWIta2V5LTA0PC9hPjxvOnA+PC9vOnA+PC9w
Pg0KPHVsIHN0eWxlPSJtYXJnaW4tdG9wOjBpbiIgdHlwZT0iZGlzYyI+DQo8bGkgY2xhc3M9Ik1z
b05vcm1hbCIgc3R5bGU9ImNvbG9yOmJsYWNrO21zby1saXN0OmwzIGxldmVsMSBsZm81Ij48c3Bh
biBsYW5nPSJFTiIgc3R5bGU9ImZvbnQtc2l6ZToxMC4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7VmVy
ZGFuYSZxdW90OywmcXVvdDtzYW5zLXNlcmlmJnF1b3Q7Ij5SZWZlciB0byB0aGUgcmVnaXN0cmll
cyBhcyB0aGUgcHJpbWFyeSBzb3VyY2VzIG9mIGRlZmluZWQgdmFsdWVzIGFuZCB0aGVuIHNlY29u
ZGFyaWx5IHJlZmVyZW5jZSB0aGUgc2VjdGlvbnMgZGVmaW5pbmcNCiB0aGUgaW5pdGlhbCBjb250
ZW50cyBvZiB0aGUgcmVnaXN0cmllcy4gPG86cD48L286cD48L3NwYW4+PC9saT48bGkgY2xhc3M9
Ik1zb05vcm1hbCIgc3R5bGU9ImNvbG9yOmJsYWNrO21zby1saXN0OmwzIGxldmVsMSBsZm81Ij48
c3BhbiBsYW5nPSJFTiIgc3R5bGU9ImZvbnQtc2l6ZToxMC4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7
VmVyZGFuYSZxdW90OywmcXVvdDtzYW5zLXNlcmlmJnF1b3Q7Ij5Ob3JtYXRpdmVseSByZWZlcmVu
Y2UgWE1MIERTSUcgMi4wIFtXM0MuQ1LigJF4bWxkc2ln4oCRY29yZTLigJEyMDEyMDEyNF0gZm9y
IGl0cyBzZWN1cml0eSBjb25zaWRlcmF0aW9ucy4NCjxvOnA+PC9vOnA+PC9zcGFuPjwvbGk+PGxp
IGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJjb2xvcjpibGFjazttc28tbGlzdDpsMyBsZXZlbDEg
bGZvNSI+PHNwYW4gbGFuZz0iRU4iIHN0eWxlPSJmb250LXNpemU6MTAuMHB0O2ZvbnQtZmFtaWx5
OiZxdW90O1ZlcmRhbmEmcXVvdDssJnF1b3Q7c2Fucy1zZXJpZiZxdW90OyI+QWRkZWQgdGhpcyBs
YW5ndWFnZSB0byBSZWdpc3RyYXRpb24gVGVtcGxhdGVzOiAmcXVvdDtUaGlzIG5hbWUgaXMgY2Fz
ZSBzZW5zaXRpdmUuIE5hbWVzIHRoYXQgbWF0Y2ggb3RoZXIgcmVnaXN0ZXJlZCBuYW1lcw0KIGlu
IGEgY2FzZSBpbnNlbnNpdGl2ZSBtYW5uZXIgU0hPVUxEIE5PVCBiZSBhY2NlcHRlZC4mcXVvdDsg
PG86cD48L286cD48L3NwYW4+PC9saT48bGkgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9ImNvbG9y
OmJsYWNrO21zby1saXN0OmwzIGxldmVsMSBsZm81Ij48c3BhbiBsYW5nPSJFTiIgc3R5bGU9ImZv
bnQtc2l6ZToxMC4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7VmVyZGFuYSZxdW90OywmcXVvdDtzYW5z
LXNlcmlmJnF1b3Q7Ij5EZXNjcmliZWQgYWRkaXRpb25hbCBvcGVuIGlzc3Vlcy4NCjxvOnA+PC9v
OnA+PC9zcGFuPjwvbGk+PGxpIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJjb2xvcjpibGFjaztt
c28tbGlzdDpsMyBsZXZlbDEgbGZvNSI+PHNwYW4gbGFuZz0iRU4iIHN0eWxlPSJmb250LXNpemU6
MTAuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O1ZlcmRhbmEmcXVvdDssJnF1b3Q7c2Fucy1zZXJpZiZx
dW90OyI+QXBwbGllZCBlZGl0b3JpYWwgc3VnZ2VzdGlvbnMuPG86cD48L286cD48L3NwYW4+PC9s
aT48L3VsPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PG86cD4mbmJzcDs8L286cD48L3A+DQo8cCBj
bGFzcz0iTXNvTm9ybWFsIj48YSBocmVmPSJodHRwOi8vdG9vbHMuaWV0Zi5vcmcvaHRtbC9kcmFm
dC1pZXRmLWpvc2UtanNvbi13ZWItYWxnb3JpdGhtcy0wNCI+aHR0cDovL3Rvb2xzLmlldGYub3Jn
L2h0bWwvZHJhZnQtaWV0Zi1qb3NlLWpzb24td2ViLWFsZ29yaXRobXMtMDQ8L2E+PG86cD48L286
cD48L3A+DQo8dWwgc3R5bGU9Im1hcmdpbi10b3A6MGluIiB0eXBlPSJkaXNjIj4NCjxsaSBjbGFz
cz0iTXNvTm9ybWFsIiBzdHlsZT0iY29sb3I6YmxhY2s7bXNvLWxpc3Q6bDAgbGV2ZWwxIGxmbzYi
PjxzcGFuIGxhbmc9IkVOIiBzdHlsZT0iZm9udC1zaXplOjEwLjBwdDtmb250LWZhbWlseTomcXVv
dDtWZXJkYW5hJnF1b3Q7LCZxdW90O3NhbnMtc2VyaWYmcXVvdDsiPkFkZGVkIHRleHQgcmVxdWly
aW5nIHRoYXQgYW55IGxlYWRpbmcgemVybyBieXRlcyBiZSByZXRhaW5lZCBpbiBiYXNlNjR1cmwg
ZW5jb2RlZCBrZXkgdmFsdWUgcmVwcmVzZW50YXRpb25zIGZvciBmaXhlZC1sZW5ndGgNCiB2YWx1
ZXMuIDxvOnA+PC9vOnA+PC9zcGFuPjwvbGk+PGxpIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJj
b2xvcjpibGFjazttc28tbGlzdDpsMCBsZXZlbDEgbGZvNiI+PHNwYW4gbGFuZz0iRU4iIHN0eWxl
PSJmb250LXNpemU6MTAuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O1ZlcmRhbmEmcXVvdDssJnF1b3Q7
c2Fucy1zZXJpZiZxdW90OyI+QWRkZWQgdGhpcyBsYW5ndWFnZSB0byBSZWdpc3RyYXRpb24gVGVt
cGxhdGVzOiAmcXVvdDtUaGlzIG5hbWUgaXMgY2FzZSBzZW5zaXRpdmUuIE5hbWVzIHRoYXQgbWF0
Y2ggb3RoZXIgcmVnaXN0ZXJlZCBuYW1lcw0KIGluIGEgY2FzZSBpbnNlbnNpdGl2ZSBtYW5uZXIg
U0hPVUxEIE5PVCBiZSBhY2NlcHRlZC4mcXVvdDsgPG86cD48L286cD48L3NwYW4+PC9saT48bGkg
Y2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9ImNvbG9yOmJsYWNrO21zby1saXN0OmwwIGxldmVsMSBs
Zm82Ij48c3BhbiBsYW5nPSJFTiIgc3R5bGU9ImZvbnQtc2l6ZToxMC4wcHQ7Zm9udC1mYW1pbHk6
JnF1b3Q7VmVyZGFuYSZxdW90OywmcXVvdDtzYW5zLXNlcmlmJnF1b3Q7Ij5EZXNjcmliZWQgYWRk
aXRpb25hbCBvcGVuIGlzc3Vlcy4NCjxvOnA+PC9vOnA+PC9zcGFuPjwvbGk+PGxpIGNsYXNzPSJN
c29Ob3JtYWwiIHN0eWxlPSJjb2xvcjpibGFjazttc28tbGlzdDpsMCBsZXZlbDEgbGZvNiI+PHNw
YW4gbGFuZz0iRU4iIHN0eWxlPSJmb250LXNpemU6MTAuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O1Zl
cmRhbmEmcXVvdDssJnF1b3Q7c2Fucy1zZXJpZiZxdW90OyI+QXBwbGllZCBlZGl0b3JpYWwgc3Vn
Z2VzdGlvbnMuPG86cD48L286cD48L3NwYW4+PC9saT48L3VsPg0KPHAgY2xhc3M9Ik1zb05vcm1h
bCI+PG86cD4mbmJzcDs8L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48YSBocmVmPSJo
dHRwOi8vdG9vbHMuaWV0Zi5vcmcvaHRtbC9kcmFmdC1pZXRmLW9hdXRoLWpzb24td2ViLXRva2Vu
LTAyIj5odHRwOi8vdG9vbHMuaWV0Zi5vcmcvaHRtbC9kcmFmdC1pZXRmLW9hdXRoLWpzb24td2Vi
LXRva2VuLTAyPC9hPjxvOnA+PC9vOnA+PC9wPg0KPHVsIHN0eWxlPSJtYXJnaW4tdG9wOjBpbiIg
dHlwZT0iZGlzYyI+DQo8bGkgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9ImNvbG9yOmJsYWNrO21z
by1saXN0Omw2IGxldmVsMSBsZm83Ij48c3BhbiBsYW5nPSJFTiIgc3R5bGU9ImZvbnQtc2l6ZTox
MC4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7VmVyZGFuYSZxdW90OywmcXVvdDtzYW5zLXNlcmlmJnF1
b3Q7Ij5BZGRlZCBhbiBleGFtcGxlIG9mIGFuIGVuY3J5cHRlZCBKV1QuDQo8bzpwPjwvbzpwPjwv
c3Bhbj48L2xpPjxsaSBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0iY29sb3I6YmxhY2s7bXNvLWxp
c3Q6bDYgbGV2ZWwxIGxmbzciPjxzcGFuIGxhbmc9IkVOIiBzdHlsZT0iZm9udC1zaXplOjEwLjBw
dDtmb250LWZhbWlseTomcXVvdDtWZXJkYW5hJnF1b3Q7LCZxdW90O3NhbnMtc2VyaWYmcXVvdDsi
PkFkZGVkIHRoaXMgbGFuZ3VhZ2UgdG8gUmVnaXN0cmF0aW9uIFRlbXBsYXRlczogJnF1b3Q7VGhp
cyBuYW1lIGlzIGNhc2Ugc2Vuc2l0aXZlLiBOYW1lcyB0aGF0IG1hdGNoIG90aGVyIHJlZ2lzdGVy
ZWQgbmFtZXMNCiBpbiBhIGNhc2UgaW5zZW5zaXRpdmUgbWFubmVyIFNIT1VMRCBOT1QgYmUgYWNj
ZXB0ZWQuJnF1b3Q7IDxvOnA+PC9vOnA+PC9zcGFuPjwvbGk+PGxpIGNsYXNzPSJNc29Ob3JtYWwi
IHN0eWxlPSJjb2xvcjpibGFjazttc28tbGlzdDpsNiBsZXZlbDEgbGZvNyI+PHNwYW4gbGFuZz0i
RU4iIHN0eWxlPSJmb250LXNpemU6MTAuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O1ZlcmRhbmEmcXVv
dDssJnF1b3Q7c2Fucy1zZXJpZiZxdW90OyI+QXBwbGllZCBlZGl0b3JpYWwgc3VnZ2VzdGlvbnMu
PG86cD48L286cD48L3NwYW4+PC9saT48L3VsPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PG86cD4m
bmJzcDs8L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48YSBocmVmPSJodHRwOi8vdG9v
bHMuaWV0Zi5vcmcvaHRtbC9kcmFmdC1qb25lcy1qb3NlLWp3cy1qc29uLXNlcmlhbGl6YXRpb24t
MDEiPmh0dHA6Ly90b29scy5pZXRmLm9yZy9odG1sL2RyYWZ0LWpvbmVzLWpvc2UtandzLWpzb24t
c2VyaWFsaXphdGlvbi0wMTwvYT48bzpwPjwvbzpwPjwvcD4NCjx1bCBzdHlsZT0ibWFyZ2luLXRv
cDowaW4iIHR5cGU9ImRpc2MiPg0KPGxpIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJjb2xvcjpi
bGFjazttc28tbGlzdDpsNyBsZXZlbDEgbGZvOCI+PHNwYW4gbGFuZz0iRU4iIHN0eWxlPSJmb250
LXNpemU6MTAuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O1ZlcmRhbmEmcXVvdDssJnF1b3Q7c2Fucy1z
ZXJpZiZxdW90OyI+R2VuZXJhbGl6ZWQgbGFuZ3VhZ2UgdG8gcmVmZXIgdG8gTWVzc2FnZSBBdXRo
ZW50aWNhdGlvbiBDb2RlcyAoTUFDcykgcmF0aGVyIHRoYW4gSGFzaC1iYXNlZCBNZXNzYWdlIEF1
dGhlbnRpY2F0aW9uDQogQ29kZXMgKEhNQUNzKS48bzpwPjwvbzpwPjwvc3Bhbj48L2xpPjwvdWw+
DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48bzpwPiZuYnNwOzwvbzpwPjwvcD4NCjxwIGNsYXNzPSJN
c29Ob3JtYWwiPjxhIGhyZWY9Imh0dHA6Ly90b29scy5pZXRmLm9yZy9odG1sL2RyYWZ0LWpvbmVz
LWpvc2UtandlLWpzb24tc2VyaWFsaXphdGlvbi0wMSI+aHR0cDovL3Rvb2xzLmlldGYub3JnL2h0
bWwvZHJhZnQtam9uZXMtam9zZS1qd2UtanNvbi1zZXJpYWxpemF0aW9uLTAxPC9hPjxvOnA+PC9v
OnA+PC9wPg0KPHVsIHN0eWxlPSJtYXJnaW4tdG9wOjBpbiIgdHlwZT0iZGlzYyI+DQo8bGkgY2xh
c3M9Ik1zb05vcm1hbCIgc3R5bGU9ImNvbG9yOmJsYWNrO21zby1saXN0Omw3IGxldmVsMSBsZm84
Ij48c3BhbiBsYW5nPSJFTiIgc3R5bGU9ImZvbnQtc2l6ZToxMC4wcHQ7Zm9udC1mYW1pbHk6JnF1
b3Q7VmVyZGFuYSZxdW90OywmcXVvdDtzYW5zLXNlcmlmJnF1b3Q7Ij5BZGRlZCBhIGNvbXBsZXRl
IEpXRS1KUyBleGFtcGxlLg0KPG86cD48L286cD48L3NwYW4+PC9saT48bGkgY2xhc3M9Ik1zb05v
cm1hbCIgc3R5bGU9ImNvbG9yOmJsYWNrO21zby1saXN0Omw3IGxldmVsMSBsZm84Ij48c3BhbiBs
YW5nPSJFTiIgc3R5bGU9ImZvbnQtc2l6ZToxMC4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7VmVyZGFu
YSZxdW90OywmcXVvdDtzYW5zLXNlcmlmJnF1b3Q7Ij5HZW5lcmFsaXplZCBsYW5ndWFnZSB0byBy
ZWZlciB0byBNZXNzYWdlIEF1dGhlbnRpY2F0aW9uIENvZGVzIChNQUNzKSByYXRoZXIgdGhhbiBI
YXNoLWJhc2VkIE1lc3NhZ2UgQXV0aGVudGljYXRpb24NCiBDb2RlcyAoSE1BQ3MpLjxvOnA+PC9v
OnA+PC9zcGFuPjwvbGk+PC91bD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxvOnA+Jm5ic3A7PC9v
OnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5i
c3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7
Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5i
c3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7
Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5i
c3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7
Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7IC0tIE1pa2U8bzpwPjwv
bzpwPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxvOnA+Jm5ic3A7PC9vOnA+PC9wPg0KPHAg
Y2xhc3M9Ik1zb05vcm1hbCI+PG86cD4mbmJzcDs8L286cD48L3A+DQo8L2Rpdj4NCjwvYm9keT4N
CjwvaHRtbD4NCg==

--_000_4E1F6AAD24975D4BA5B1680429673943667349BATK5EX14MBXC285r_--

From alexey.melnikov@isode.com  Tue Jul 17 04:03:50 2012
Return-Path: 
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 50A8A21F8669; Tue, 17 Jul 2012 04:03:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.968
X-Spam-Level: 
X-Spam-Status: No, score=-102.968 tagged_above=-999 required=5 tests=[AWL=-0.369, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wa6Oo756JizT; Tue, 17 Jul 2012 04:03:49 -0700 (PDT)
Received: from waldorf.isode.com (cl-125.lon-03.gb.sixxs.net [IPv6:2a00:14f0:e000:7c::2]) by ietfa.amsl.com (Postfix) with ESMTP id 955DF21F866E; Tue, 17 Jul 2012 04:03:49 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; t=1342523110; d=isode.com; s=selector; i=@isode.com; bh=0xR9BM5UhMk50togy3sX1tAAxFSuGkqrTBzKVJL4JS4=; h=From:Sender:Reply-To:Subject:Date:Message-ID:To:Cc:MIME-Version: In-Reply-To:References:Content-Type:Content-Transfer-Encoding: Content-ID:Content-Description; b=bYw5R9vQ/m2hBQawIcAOtUMXVOG+VVEFKD/hr0U3rBlM2UV2HzoLSAWyywY98VXlmMyZdq //cfWdoFGFph+cFUthEeYlSdPSyytFeP84xMusEkRFobS0bezcOWFk+CR1dcEDtufVjADl K4cUrgK++uvz29xse3IRidHHfq1cIqg=;
Received: from [172.16.1.29] (shiny.isode.com [62.3.217.250])  by waldorf.isode.com (submission channel) via TCP with ESMTPSA  id ; Tue, 17 Jul 2012 12:05:10 +0100
X-SMTP-Protocol-Errors: PIPELINING
Message-ID: <500546C5.6080102@isode.com>
Date: Tue, 17 Jul 2012 12:04:38 +0100
From: Alexey Melnikov 
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:13.0) Gecko/20120614 Thunderbird/13.0.1
To: "draft-ietf-oauth-v2-bearer.all@tools.ietf.org" 
References: <4F2575CE.9040001@isode.com> <4E1F6AAD24975D4BA5B16804296739436638B7AD@TK5EX14MBXC284.redmond.corp.microsoft.com> <4F27C37C.1090008@isode.com> <4F843A22.4020908@isode.com> <4F843DA1.8080703@isode.com>
In-Reply-To: <4F843DA1.8080703@isode.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Cc: General Area Review Team , "oauth@ietf.org" , The IESG 
Subject: [OAUTH-WG] Gen-ART Telechat review of draft-ietf-oauth-v2-bearer-22.txt
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG 
List-Unsubscribe: , 
List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: , 
X-List-Received-Date: Tue, 17 Jul 2012 11:03:50 -0000

I am still Ok with -22, but I have 1 new comment raised by introduction 
of the base64 ABNF non terminal:

I think it would be worth adding a comment for b64token that points to 
the base64 RFC. The current ABNF is too permissive (arbitrary number of 
"=" allowed at the end) and there are enough broken base64 parsers 
around (parsers that ignore everything after a "=", parsers that support 
arbitrary number of "=" at the end, etc.), so we shouldn't encourage 
creation of new ones.


From stephen.farrell@cs.tcd.ie  Tue Jul 17 04:11:39 2012
Return-Path: 
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7031B21F86C9; Tue, 17 Jul 2012 04:11:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.399
X-Spam-Level: 
X-Spam-Status: No, score=-102.399 tagged_above=-999 required=5 tests=[AWL=0.200, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id h1g97t7x-maX; Tue, 17 Jul 2012 04:11:38 -0700 (PDT)
Received: from scss.tcd.ie (hermes.scss.tcd.ie [IPv6:2001:770:10:200:889f:cdff:fe8d:ccd2]) by ietfa.amsl.com (Postfix) with ESMTP id 7097A21F866E; Tue, 17 Jul 2012 04:11:37 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by hermes.scss.tcd.ie (Postfix) with ESMTP id 2D4071714E2; Tue, 17 Jul 2012 12:12:24 +0100 (IST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.tcd.ie; h= content-transfer-encoding:content-type:in-reply-to:references :subject:mime-version:user-agent:from:date:message-id:received :received:x-virus-scanned; s=cs; t=1342523543; bh=wMGtZOQgJFHYz8 HsJTO7fW2tkQ95OEeEhhfPCdZGQVQ=; b=ZbhLWU6djSVdePSvkh+C7/Ixov6PSh yZO/14jcytIvYXGZc1D8V912akUuZDwhPDe9Z037B3t8wpPfDLVPcYnTurX/8wgY /rs7LHnl3UJ4kirlXvW5yTvNJLEUpQtrwj1gv6EfkXx2msp/akk6PV4ZMZPOIK0K cI6niUZumitYfPAbm7Ehi9JPQvAzZqppZMnc1LaTzOujZwEj5njGAqw7NppQWvuq iTziE0tveY8ssx6dtunSJvHPVYlrOop+RgRhxJLD1uc2A6ho9SqXWy2Tx/yNyP31 tf8vIy4htx3p+oSRJ7g59nz4Si8RwTGAgiKO/QI16fndRbr+1ZwdfhSw==
X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie
Received: from scss.tcd.ie ([127.0.0.1]) by localhost (scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10027) with ESMTP id 0LMrt-N5eVSw; Tue, 17 Jul 2012 12:12:23 +0100 (IST)
Received: from [10.87.48.11] (unknown [86.45.63.34]) by smtp.scss.tcd.ie (Postfix) with ESMTPSA id A6BA61714C4; Tue, 17 Jul 2012 12:12:23 +0100 (IST)
Message-ID: <50054897.3070108@cs.tcd.ie>
Date: Tue, 17 Jul 2012 12:12:23 +0100
From: Stephen Farrell 
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:13.0) Gecko/20120615 Thunderbird/13.0.1
MIME-Version: 1.0
To: "draft-ietf-oauth-v2-bearer.all@tools.ietf.org" 
References: <4F2575CE.9040001@isode.com> <4E1F6AAD24975D4BA5B16804296739436638B7AD@TK5EX14MBXC284.redmond.corp.microsoft.com> <4F27C37C.1090008@isode.com> <4F843A22.4020908@isode.com> <4F843DA1.8080703@isode.com> <500546C5.6080102@isode.com>
In-Reply-To: <500546C5.6080102@isode.com>
X-Enigmail-Version: 1.4.3
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Cc: General Area Review Team , "oauth@ietf.org" , The IESG 
Subject: Re: [OAUTH-WG] Gen-ART Telechat review of draft-ietf-oauth-v2-bearer-22.txt
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG 
List-Unsubscribe: , 
List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: , 
X-List-Received-Date: Tue, 17 Jul 2012 11:11:39 -0000

Folks. Please don't develop any new revisions for these
documents right now. I know you can't officially post
'em anyway, but I don't want us to get tempted to roll
new versions handling unrelated comments. (Alexey's
comments are not unrelated.)

I'd like to handle any tweaks needed as RFC editor notes
if possible.

S

On 07/17/2012 12:04 PM, Alexey Melnikov wrote:
> I am still Ok with -22, but I have 1 new comment raised by introduction
> of the base64 ABNF non terminal:
> 
> I think it would be worth adding a comment for b64token that points to
> the base64 RFC. The current ABNF is too permissive (arbitrary number of
> "=" allowed at the end) and there are enough broken base64 parsers
> around (parsers that ignore everything after a "=", parsers that support
> arbitrary number of "=" at the end, etc.), so we shouldn't encourage
> creation of new ones.
> 


From wmills_92105@yahoo.com  Mon Jul 16 15:04:39 2012
Return-Path: 
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CBF5611E82AE for ; Mon, 16 Jul 2012 15:04:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.998
X-Spam-Level: 
X-Spam-Status: No, score=-2.998 tagged_above=-999 required=5 tests=[AWL=-0.400, BAYES_00=-2.599, HTML_MESSAGE=0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id o5c-D1nTI5S5 for ; Mon, 16 Jul 2012 15:04:39 -0700 (PDT)
Received: from nm21-vm0.bullet.mail.ac4.yahoo.com (nm21-vm0.bullet.mail.ac4.yahoo.com [98.139.53.216]) by ietfa.amsl.com (Postfix) with SMTP id 657C511E82AD for ; Mon, 16 Jul 2012 15:04:39 -0700 (PDT)
Received: from [98.139.52.194] by nm21.bullet.mail.ac4.yahoo.com with NNFMP; 16 Jul 2012 22:05:20 -0000
Received: from [98.139.52.145] by tm7.bullet.mail.ac4.yahoo.com with NNFMP; 16 Jul 2012 22:05:19 -0000
Received: from [127.0.0.1] by omp1028.mail.ac4.yahoo.com with NNFMP; 16 Jul 2012 22:05:19 -0000
X-Yahoo-Newman-Property: ymail-3
X-Yahoo-Newman-Id: 983462.27088.bm@omp1028.mail.ac4.yahoo.com
Received: (qmail 64759 invoked by uid 60001); 16 Jul 2012 22:05:19 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024; t=1342476319; bh=wKopkLO9Q3LYkOA04WnLFeNw2GUw+BnMx+Z9pK+RagQ=; h=X-YMail-OSG:Received:X-Mailer:References:Message-ID:Date:From:Reply-To:Subject:To:In-Reply-To:MIME-Version:Content-Type; b=WT2+VC7Z9sohmza+ivnEy4gAI0dRnBIqZ9OqN81YPXFsVcKnpzlfX1ZArmP7bj66vLk0krVR1gbyZsOP38nRXx+HMLHbNlKL9fw02mbFEpWSKZOAzI4+7/q2UNJnLXHR2wo3EyelxdnfHvDT/VQZj7+Y/pCxH1/hu61bkBVGr3U=
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=X-YMail-OSG:Received:X-Mailer:References:Message-ID:Date:From:Reply-To:Subject:To:In-Reply-To:MIME-Version:Content-Type; b=FZflKINgkPrXLcrAWrtV8eRMBtR7IdaekVxz8pJlAisHh8B0UqdRZVDt1k56NLSLd9yxT/FOF6GdGA6Wa8XqYBOM4q90VLBEWbXUSUKPmG+L9dPoDlqIu1B6byIlXecLqAF6TJZoQ0HSJBiEftykiDBTzWFxFy7oPAjVj8bK9bU=;
X-YMail-OSG: iz85rrkVM1mq.wfvgXjGs75yXUxxV8fFP.KCPecZnvSeI.3 mFNPGaSuzgZMV4MUVb6MiGI74DdoUXxzCg2ROi7fL7YP4RK7d0pRnCqQdQ5H uOnK7hsxwJjNzlhQu_D4KC184s3aX2WCW9XKj1RHYnfWvibyu9uT4Ph9QykD XywaL1tjGzdbOXd5n88j848aYamGkzKphdoDSAggIsTBoYG_k7ALgTGhXsUr kMx__Xq3kFI1pGmrKoeI.cjo5accEtB1pjXSf4GkJCYuG68LIMhfdkz7J0yg WJphRyyx9_zxxGlq0td7TS.n79QeFE6Ms_WCAlv6RTssJ9g05JTxnqeZG3NN 5wAO5UjnNwzwMHXiGlIBgdtvwR0hUuU1Ard3MBfENDFNf.BnqQFaLA.UARFl a92lJZh2.._lSKwYN0QUJCjVU.5SgofCH.Stwx3eBc5uu_vrhMJ1wwzAjK5u P6xGQMj1tjdjeEeJAPiwo2OEnP5M.Up4E9CmNgb2lj6P51LOIdSBANAbr1db I.Uxc
Received: from [209.131.62.115] by web31804.mail.mud.yahoo.com via HTTP; Mon, 16 Jul 2012 15:05:19 PDT
X-Mailer: YahooMailWebService/0.8.120.356233
References: 
Message-ID: <1342476319.1571.YahooMailNeo@web31804.mail.mud.yahoo.com>
Date: Mon, 16 Jul 2012 15:05:19 -0700 (PDT)
From: William Mills 
To: Ryan Troll , "kitten@ietf.org" 
In-Reply-To: 
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="835683298-867654983-1342476319=:1571"
X-Mailman-Approved-At: Tue, 17 Jul 2012 06:08:00 -0700
Subject: Re: [OAUTH-WG] SASL / OAuth Binding Request: User Field
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: William Mills 
List-Id: OAUTH WG 
List-Unsubscribe: , 
List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: , 
X-List-Received-Date: Mon, 16 Jul 2012 22:04:40 -0000

--835683298-867654983-1342476319=:1571
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable

(Routing this to Kitten WG)=0A=0AI don't have much of a preference here, on=
 the one hand I think a plaintext hint is very reasonable, on the other I s=
uspect people will be tempted to use it for more than that which would be b=
ad. =A0In the HTTP space it's easy for anyone using OAuth to put a plaintex=
t cookie with the same function, but I dont' really want to try to bring a =
cookie carrying mechanism into the draft.=0A=0A-bill=0A=0ABCC: OAuth WG=0A=
=0A=0A________________________________=0A From: Ryan Troll =0ATo: oauth@ietf.org =0ASent: Monday, July 16, 2012 11:46 AM=0ASubjec=
t: [OAUTH-WG] SASL / OAuth Binding Request: User Field=0A =0A=0AI'd like to=
 discuss the possibility of adding a "user" field to the SASL/OAuth request=
. =A0This is based on draft-ietf-kitten-sasl-oauth-00.txt.=0A=0ABackground=
=0AThe contents of this field may be used by the resource provider as a hin=
t to aid in request routing, and/or data location, without the need for=A0d=
ecrypting=A0the provided access token. =A0The contents of the user field is=
 not used to grant access of any kind.=0A=0A=0AProposed Addition=0AThe text=
 of this addition could look something like this:=0A=0ASection 3.1 addition=
 / update:=0A=0Auser: =A0Contains the user ID of the user being authorized=
=0A>=0A>In authorization schemes that use signatures, the client MUST send =
host, port number and user key/values, and the server MUST fail authorizati=
on requests requiring signatures that do not have host, port, and user valu=
es.=0A=0ASection 3.2 addition:=0A=0AIf the user field is present, the ID in=
 the user field must match the ID obtained from the credential for the requ=
est to succeed.=0A=0A=0ARationale for Presence of User Field in the Request=
=0AThis data is not required by all resource providers, and as such could b=
e a provider-specific requirement, placed (for example) in the query string=
. =A0By documenting the user field, we encourage resource providers that do=
 require it to find it in the same location - encouraging inter-operability=
.=0A=0AThe user identity could be determined via the access token, rather t=
han requiring it in the request. =A0However, using the access token to dete=
rmine the identity can result in the resource provider decoding the token m=
ultiple times, or making multiple requests to the access provider. =A0By pu=
lling this attribute out into the protocol, we may be able to simplify the =
resource provider work required when moving to OAuth.=0A=0A=0ARationale for=
 Location of User Field=0AThis data could be transmitted as part of the pat=
h, or a query string parameter, or in the post body. =A0This approach, usin=
g a header, was proposed as there are currently no path, query string, or p=
ost fields defined. =A0Those three locations remain untouched by this propo=
sal.=0A=0A=0AComments?=0A-R=0A=0A=0A_______________________________________=
________=0AOAuth mailing list=0AOAuth@ietf.org=0Ahttps://www.ietf.org/mailm=
an/listinfo/oauth
--835683298-867654983-1342476319=:1571
Content-Type: text/html; charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable


(Routing t=
his to Kitten WG)

I don't have=
 much of a preference here, on the one hand I think a plaintext hint is ver=
y reasonable, on the other I suspect people will be tempted to use it for m=
ore than that which would be bad.  In the HTTP space it's easy for any=
one using OAuth to put a plaintext cookie with the same function, but I don=
t' really want to try to bring a cookie carrying mechanism into the draft.<=
/div>

-bill

BCC: OAuth WG

  
 
 
  
  From: Ryan Troll <rtroll@googlers.com>
 To: oauth@ietf.org 
 Sent: Monday, July 16, 2012 11:46 AM=

 Subject: [OAUTH-WG] S=
ASL / OAuth Binding Request: User Field
  
 
=0A
I'd like to discuss the possibility of adding a "use=
r" field to the SASL/OAuth request.  This is based on draft-ietf-kitte=
n-sasl-oauth-00.txt.

Background
T=
he contents of this field may be used by the resource provider as a hint to=
 aid in request routing, and/or data location, without the need for de=
crypting the provided access token.  The contents of the user fie=
ld is not used to grant access of any kind.
=0A

Proposed Addition
The text of this addition co=
uld look something like this:

Section 3.1 addition=
 / update:

=0Auser:  Contains the user ID of the =
user being authorized

In authorization schemes that use signatures, =
the client MUST send host, port number and user key/values, and the server =
MUST fail authorization requests requiring signatures that do not have host=
, port, and user values.
=0A

Section 3=
.2 addition:

If the user field is present, the ID in the use=
r field must match the ID obtained from the credential for the request to s=
ucceed.
=0A


Rational=
e for Presence of User Field in the Request
This data is not =
required by all resource providers, and as such could be a provider-specifi=
c requirement, placed (for example) in the query string.  By documenti=
ng the user field, we encourage resource providers that do require it to fi=
nd it in the same location - encouraging inter-operability.
=0A
The user identity could be determined via the access token, ra=
ther than requiring it in the request.  However, using the access toke=
n to determine the identity can result in the resource provider decoding th=
e token multiple times, or making multiple requests to the access provider.=
  By pulling this attribute out into the protocol, we may be able to s=
implify the resource provider work required when moving to OAuth.
=0A<=
div>

Rationale for Location of User Field
This data could be transmitted as part of the path, or a query=
 string parameter, or in the post body.  This approach, using a header=
, was proposed as there are currently no path, query string, or post fields=
 defined.  Those three locations remain untouched by this proposal.=0A


Comments?
=
-R


=0A

________________________=
_______________________
OAuth mailing list
OAuth@ietf.org
https://www.=
ietf.org/mailman/listinfo/oauth


 
 
  

--835683298-867654983-1342476319=:1571--

From Michael.Jones@microsoft.com  Tue Jul 17 09:09:57 2012
Return-Path: 
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 267CC21F86B2; Tue, 17 Jul 2012 09:09:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.087
X-Spam-Level: 
X-Spam-Status: No, score=-4.087 tagged_above=-999 required=5 tests=[AWL=-0.489, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2o5tMSEj2BqS; Tue, 17 Jul 2012 09:09:56 -0700 (PDT)
Received: from va3outboundpool.messaging.microsoft.com (va3ehsobe010.messaging.microsoft.com [216.32.180.30]) by ietfa.amsl.com (Postfix) with ESMTP id D4B9421F8501; Tue, 17 Jul 2012 09:09:55 -0700 (PDT)
Received: from mail36-va3-R.bigfish.com (10.7.14.237) by VA3EHSOBE007.bigfish.com (10.7.40.11) with Microsoft SMTP Server id 14.1.225.23; Tue, 17 Jul 2012 16:10:43 +0000
Received: from mail36-va3 (localhost [127.0.0.1])	by mail36-va3-R.bigfish.com (Postfix) with ESMTP id 3ED571C015E; Tue, 17 Jul 2012 16:10:43 +0000 (UTC)
X-Forefront-Antispam-Report: CIP:131.107.125.8; KIP:(null); UIP:(null); IPV:NLI; H:TK5EX14HUBC101.redmond.corp.microsoft.com; RD:none; EFVD:NLI
X-SpamScore: -30
X-BigFish: VS-30(zzbb2dI98dI9371Ic85fh146fI1b0bM1432Izz1202hzz1033IL8275dhz2fh2a8h668h839hd25hf0ah107ah)
Received-SPF: pass (mail36-va3: domain of microsoft.com designates 131.107.125.8 as permitted sender) client-ip=131.107.125.8; envelope-from=Michael.Jones@microsoft.com; helo=TK5EX14HUBC101.redmond.corp.microsoft.com ; icrosoft.com ; 
Received: from mail36-va3 (localhost.localdomain [127.0.0.1]) by mail36-va3 (MessageSwitch) id 1342541441393790_17963; Tue, 17 Jul 2012 16:10:41 +0000 (UTC)
Received: from VA3EHSMHS010.bigfish.com (unknown [10.7.14.237])	by mail36-va3.bigfish.com (Postfix) with ESMTP id 529AC10004C; Tue, 17 Jul 2012 16:10:41 +0000 (UTC)
Received: from TK5EX14HUBC101.redmond.corp.microsoft.com (131.107.125.8) by VA3EHSMHS010.bigfish.com (10.7.99.20) with Microsoft SMTP Server (TLS) id 14.1.225.23; Tue, 17 Jul 2012 16:10:39 +0000
Received: from TK5EX14MBXC285.redmond.corp.microsoft.com ([169.254.3.222]) by TK5EX14HUBC101.redmond.corp.microsoft.com ([157.54.7.153]) with mapi id 14.02.0309.003; Tue, 17 Jul 2012 16:10:27 +0000
From: Mike Jones 
To: Stephen Farrell , "draft-ietf-oauth-v2-bearer.all@tools.ietf.org" 
Thread-Topic: [OAUTH-WG] Gen-ART Telechat review of draft-ietf-oauth-v2-bearer-22.txt
Thread-Index: AQHNZAv7bvGrH6BloUOOejSa/vxJ05ctUfyAgABTR3I=
Date: Tue, 17 Jul 2012 16:10:26 +0000
Message-ID: <4E1F6AAD24975D4BA5B1680429673943667370D7@TK5EX14MBXC285.redmond.corp.microsoft.com>
References: <4F2575CE.9040001@isode.com> <4E1F6AAD24975D4BA5B16804296739436638B7AD@TK5EX14MBXC284.redmond.corp.microsoft.com> <4F27C37C.1090008@isode.com> <4F843A22.4020908@isode.com> <4F843DA1.8080703@isode.com> <500546C5.6080102@isode.com>,<50054897.3070108@cs.tcd.ie>
In-Reply-To: <50054897.3070108@cs.tcd.ie>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Content-Type: multipart/alternative; boundary="_000_4E1F6AAD24975D4BA5B1680429673943667370D7TK5EX14MBXC285r_"
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
Cc: General Area Review Team , "oauth@ietf.org" , The IESG 
Subject: Re: [OAUTH-WG] Gen-ART Telechat review of	draft-ietf-oauth-v2-bearer-22.txt
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG 
List-Unsubscribe: , 
List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: , 
X-List-Received-Date: Tue, 17 Jul 2012 16:09:57 -0000

--_000_4E1F6AAD24975D4BA5B1680429673943667370D7TK5EX14MBXC285r_
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

FYI, the b64 token definition is identical to the one in draft-ietf-httpbis=
-p7-auth-20.  If it works there, it should work for OAuth Bearer.

-- Mike

________________________________
From: Stephen Farrell
Sent: 7/17/2012 4:12 AM
To: draft-ietf-oauth-v2-bearer.all@tools.ietf.org
Cc: General Area Review Team; oauth@ietf.org; The IESG
Subject: Re: [OAUTH-WG] Gen-ART Telechat review of draft-ietf-oauth-v2-bear=
er-22.txt


Folks. Please don't develop any new revisions for these
documents right now. I know you can't officially post
'em anyway, but I don't want us to get tempted to roll
new versions handling unrelated comments. (Alexey's
comments are not unrelated.)

I'd like to handle any tweaks needed as RFC editor notes
if possible.

S

On 07/17/2012 12:04 PM, Alexey Melnikov wrote:
> I am still Ok with -22, but I have 1 new comment raised by introduction
> of the base64 ABNF non terminal:
>
> I think it would be worth adding a comment for b64token that points to
> the base64 RFC. The current ABNF is too permissive (arbitrary number of
> "=3D" allowed at the end) and there are enough broken base64 parsers
> around (parsers that ignore everything after a "=3D", parsers that suppor=
t
> arbitrary number of "=3D" at the end, etc.), so we shouldn't encourage
> creation of new ones.
>

_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth


--_000_4E1F6AAD24975D4BA5B1680429673943667370D7TK5EX14MBXC285r_
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable













FYI, the b64 =
token definition is identical to the one in draft-ietf-httpbis-p7-auth-20.&=
nbsp; If it works there, it should work for OAuth Bearer.



-- Mike









From:
Stephe=
n Farrell

Sent:
7/17/2=
012 4:12 AM

To:
draft-=
ietf-oauth-v2-bearer.all@tools.ietf.org

Cc:
Genera=
l Area Review Team; oauth@ietf.org; The IESG

Subject:
Re: [O=
AUTH-WG] Gen-ART Telechat review of draft-ietf-oauth-v2-bearer-22.txt









Folks. Please don't develop any new revisions for these

documents right now. I know you can't officially post

'em anyway, but I don't want us to get tempted to roll

new versions handling unrelated comments. (Alexey's

comments are not unrelated.)



I'd like to handle any tweaks needed as RFC editor notes

if possible.



S



On 07/17/2012 12:04 PM, Alexey Melnikov wrote:

> I am still Ok with -22, but I have 1 new comment raised by introductio=
n

> of the base64 ABNF non terminal:

> 

> I think it would be worth adding a comment for b64token that points to=


> the base64 RFC. The current ABNF is too permissive (arbitrary number o=
f

> "=3D" allowed at the end) and there are enough broken base64=
 parsers

> around (parsers that ignore everything after a "=3D", parser=
s that support

> arbitrary number of "=3D" at the end, etc.), so we shouldn't=
 encourage

> creation of new ones.

> 



_______________________________________________

OAuth mailing list

OAuth@ietf.org

https://www.ietf.or=
g/mailman/listinfo/oauth









--_000_4E1F6AAD24975D4BA5B1680429673943667370D7TK5EX14MBXC285r_--

From julian.reschke@gmx.de  Tue Jul 17 09:40:37 2012
Return-Path: 
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DB13B21F8505 for ; Tue, 17 Jul 2012 09:40:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -104.66
X-Spam-Level: 
X-Spam-Status: No, score=-104.66 tagged_above=-999 required=5 tests=[AWL=-2.061, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DOkqgMafy2bL for ; Tue, 17 Jul 2012 09:40:37 -0700 (PDT)
Received: from mailout-de.gmx.net (mailout-de.gmx.net [213.165.64.23]) by ietfa.amsl.com (Postfix) with SMTP id 6C4B621F8656 for ; Tue, 17 Jul 2012 09:40:33 -0700 (PDT)
Received: (qmail invoked by alias); 17 Jul 2012 16:41:19 -0000
Received: from mail.greenbytes.de (EHLO [192.168.1.140]) [217.91.35.233] by mail.gmx.net (mp019) with SMTP; 17 Jul 2012 18:41:19 +0200
X-Authenticated: #1915285
X-Provags-ID: V01U2FsdGVkX19Wv2MlmoBW60Y7g2nspdbEGvbE5luXNNq20seyZ+ BfwL1On2aeMzxO
Message-ID: <50059598.3030304@gmx.de>
Date: Tue, 17 Jul 2012 18:40:56 +0200
From: Julian Reschke 
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:13.0) Gecko/20120614 Thunderbird/13.0.1
MIME-Version: 1.0
To: Mike Jones 
References: <4F2575CE.9040001@isode.com> <4E1F6AAD24975D4BA5B16804296739436638B7AD@TK5EX14MBXC284.redmond.corp.microsoft.com> <4F27C37C.1090008@isode.com> <4F843A22.4020908@isode.com> <4F843DA1.8080703@isode.com> <500546C5.6080102@isode.com>, <50054897.3070108@cs.tcd.ie> <4E1F6AAD24975D4BA5B1680429673943667370D7@TK5EX14MBXC285.redmond.corp.microsoft.com>
In-Reply-To: <4E1F6AAD24975D4BA5B1680429673943667370D7@TK5EX14MBXC285.redmond.corp.microsoft.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Y-GMX-Trusted: 0
Cc: The IESG , General Area Review Team , "oauth@ietf.org" , "draft-ietf-oauth-v2-bearer.all@tools.ietf.org" 
Subject: Re: [OAUTH-WG] Gen-ART Telechat review of	draft-ietf-oauth-v2-bearer-22.txt
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG 
List-Unsubscribe: , 
List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: , 
X-List-Received-Date: Tue, 17 Jul 2012 16:40:38 -0000

On 2012-07-17 18:10, Mike Jones wrote:
> FYI, the b64 token definition is identical to the one in
> draft-ietf-httpbis-p7-auth-20.  If it works there, it should work for
> OAuth Bearer.
> ...

+1; not every constraint needs to be expressed in the ABNF. "b64token" 
is here so recipients can parse the header field; it's up to the auth 
scheme to state what the addition constraints are; and that can happen 
in prose.

Best regards, Julian

From alexey.melnikov@isode.com  Tue Jul 17 10:01:30 2012
Return-Path: 
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 61AF321F86AA; Tue, 17 Jul 2012 10:01:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.962
X-Spam-Level: 
X-Spam-Status: No, score=-102.962 tagged_above=-999 required=5 tests=[AWL=-0.363, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1wu2lnqzGo0m; Tue, 17 Jul 2012 10:01:29 -0700 (PDT)
Received: from waldorf.isode.com (cl-125.lon-03.gb.sixxs.net [IPv6:2a00:14f0:e000:7c::2]) by ietfa.amsl.com (Postfix) with ESMTP id 8AD3321F86B0; Tue, 17 Jul 2012 10:01:29 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; t=1342544570; d=isode.com; s=selector; i=@isode.com; bh=KLBT/ln+kyKS/0sfkykjjUEq5EHMrBcmcOpy7Tk8ZqA=; h=From:Sender:Reply-To:Subject:Date:Message-ID:To:Cc:MIME-Version: In-Reply-To:References:Content-Type:Content-Transfer-Encoding: Content-ID:Content-Description; b=Pj8OB66ZsT+nKD7muOclguNRgKSwKQ32WwbqQCPxnud8zpjuipGnZMKe1sTH0FMdrhRuoo BynQrkU53XCEekDKNaRZJyuCIt362NHpekJAujYtW9mQX+Wp22idDg5dv8vlT7SGzyTqwN 7copXTNr7CyNttxjlK+rkm3Gh/7hNP8=;
Received: from [172.16.1.29] (shiny.isode.com [62.3.217.250])  by waldorf.isode.com (submission channel) via TCP with ESMTPSA  id ; Tue, 17 Jul 2012 18:02:50 +0100
X-SMTP-Protocol-Errors: PIPELINING
Message-ID: <50059A95.7050904@isode.com>
Date: Tue, 17 Jul 2012 18:02:13 +0100
From: Alexey Melnikov 
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:13.0) Gecko/20120614 Thunderbird/13.0.1
To: Julian Reschke , Mike Jones 
References: <4F2575CE.9040001@isode.com> <4E1F6AAD24975D4BA5B16804296739436638B7AD@TK5EX14MBXC284.redmond.corp.microsoft.com> <4F27C37C.1090008@isode.com> <4F843A22.4020908@isode.com> <4F843DA1.8080703@isode.com> <500546C5.6080102@isode.com>, <50054897.3070108@cs.tcd.ie> <4E1F6AAD24975D4BA5B1680429673943667370D7@TK5EX14MBXC285.redmond.corp.microsoft.com> <50059598.3030304@gmx.de>
In-Reply-To: <50059598.3030304@gmx.de>
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Cc: General Area Review Team , The IESG , "draft-ietf-oauth-v2-bearer.all@tools.ietf.org" , "oauth@ietf.org" 
Subject: Re: [OAUTH-WG] [Gen-art] Gen-ART Telechat review of draft-ietf-oauth-v2-bearer-22.txt
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG 
List-Unsubscribe: , 
List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: , 
X-List-Received-Date: Tue, 17 Jul 2012 17:01:30 -0000

On 17/07/2012 17:40, Julian Reschke wrote:
> On 2012-07-17 18:10, Mike Jones wrote:
>> FYI, the b64 token definition is identical to the one in
>> draft-ietf-httpbis-p7-auth-20.  If it works there, it should work for
>> OAuth Bearer.
>> ...
>
> +1; not every constraint needs to be expressed in the ABNF. "b64token" 
> is here so recipients can parse the header field; it's up to the auth 
> scheme to state what the addition constraints are; and that can happen 
> in prose.

I didn't say that it has to be expressed in ABNF (although I obviously 
wouldn't mind). I would like an ABNF comment pointing to the document 
which defines base64.


From Michael.Jones@microsoft.com  Tue Jul 17 10:15:26 2012
Return-Path: 
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 143B011E8091; Tue, 17 Jul 2012 10:15:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.786
X-Spam-Level: 
X-Spam-Status: No, score=-3.786 tagged_above=-999 required=5 tests=[AWL=-0.187, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Fqm6jJkIzdmQ; Tue, 17 Jul 2012 10:15:25 -0700 (PDT)
Received: from va3outboundpool.messaging.microsoft.com (va3ehsobe001.messaging.microsoft.com [216.32.180.11]) by ietfa.amsl.com (Postfix) with ESMTP id 146D511E808E; Tue, 17 Jul 2012 10:15:24 -0700 (PDT)
Received: from mail1-va3-R.bigfish.com (10.7.14.252) by VA3EHSOBE002.bigfish.com (10.7.40.22) with Microsoft SMTP Server id 14.1.225.23; Tue, 17 Jul 2012 17:16:12 +0000
Received: from mail1-va3 (localhost [127.0.0.1])	by mail1-va3-R.bigfish.com (Postfix) with ESMTP id CB57F18010A; Tue, 17 Jul 2012 17:16:11 +0000 (UTC)
X-Forefront-Antispam-Report: CIP:131.107.125.8; KIP:(null); UIP:(null); IPV:NLI; H:TK5EX14HUBC107.redmond.corp.microsoft.com; RD:none; EFVD:NLI
X-SpamScore: -35
X-BigFish: VS-35(zzbb2dI98dI9371I936eI1b0bM542M1432Izz1202hzz1033ILz2fh2a8h668h839h944hd25hf0ah107ah)
Received-SPF: pass (mail1-va3: domain of microsoft.com designates 131.107.125.8 as permitted sender) client-ip=131.107.125.8; envelope-from=Michael.Jones@microsoft.com; helo=TK5EX14HUBC107.redmond.corp.microsoft.com ; icrosoft.com ; 
Received: from mail1-va3 (localhost.localdomain [127.0.0.1]) by mail1-va3 (MessageSwitch) id 1342545369416345_11995; Tue, 17 Jul 2012 17:16:09 +0000 (UTC)
Received: from VA3EHSMHS010.bigfish.com (unknown [10.7.14.247])	by mail1-va3.bigfish.com (Postfix) with ESMTP id 57BC8200047; Tue, 17 Jul 2012 17:16:09 +0000 (UTC)
Received: from TK5EX14HUBC107.redmond.corp.microsoft.com (131.107.125.8) by VA3EHSMHS010.bigfish.com (10.7.99.20) with Microsoft SMTP Server (TLS) id 14.1.225.23; Tue, 17 Jul 2012 17:16:06 +0000
Received: from TK5EX14MBXC285.redmond.corp.microsoft.com ([169.254.3.222]) by TK5EX14HUBC107.redmond.corp.microsoft.com ([157.54.80.67]) with mapi id 14.02.0309.003; Tue, 17 Jul 2012 17:16:00 +0000
From: Mike Jones 
To: Alexey Melnikov , Julian Reschke 
Thread-Topic: [Gen-art] [OAUTH-WG] Gen-ART Telechat review of draft-ietf-oauth-v2-bearer-22.txt
Thread-Index: AQHNZD3vCk3C3nvT8kKfnQJiKzoYkJcttNUg
Date: Tue, 17 Jul 2012 17:15:59 +0000
Message-ID: <4E1F6AAD24975D4BA5B16804296739436673743F@TK5EX14MBXC285.redmond.corp.microsoft.com>
References: <4F2575CE.9040001@isode.com> <4E1F6AAD24975D4BA5B16804296739436638B7AD@TK5EX14MBXC284.redmond.corp.microsoft.com> <4F27C37C.1090008@isode.com> <4F843A22.4020908@isode.com> <4F843DA1.8080703@isode.com> <500546C5.6080102@isode.com>, <50054897.3070108@cs.tcd.ie> <4E1F6AAD24975D4BA5B1680429673943667370D7@TK5EX14MBXC285.redmond.corp.microsoft.com> <50059598.3030304@gmx.de> <50059A95.7050904@isode.com>
In-Reply-To: <50059A95.7050904@isode.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-originating-ip: [157.54.51.76]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
Cc: General Area Review Team , The IESG , "draft-ietf-oauth-v2-bearer.all@tools.ietf.org" , "oauth@ietf.org" 
Subject: Re: [OAUTH-WG] [Gen-art] Gen-ART Telechat review of draft-ietf-oauth-v2-bearer-22.txt
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG 
List-Unsubscribe: , 
List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: , 
X-List-Received-Date: Tue, 17 Jul 2012 17:15:26 -0000

For clarity of discussion, the definition in question is:
     b64token    =3D 1*( ALPHA / DIGIT /
                       "-" / "." / "_" / "~" / "+" / "/" ) *"=3D"

Note that b64token is a liberal syntax intended to permit base64 encoded co=
ntent (hence the inclusion of the "+" and "/" characters and the optional t=
railing "=3D" characters), base64url encoded content (hence the inclusion o=
f the "-" and "_" characters) and other URL-safe productions (hence the inc=
lusion of the "." and "~" characters).

Its use is definitely not intended to be restricted to base64 encoded conte=
nt, per RFC 4648. If it were so restricted (by not allowing ".", for instan=
ce), this would exclude the use of JWTs as bearer tokens, for instance, whi=
ch is something we *definitely* want to allow.

As a result, I don't think adding a reference to RFC 4648 is either necessa=
ry or appropriate.

Julian may be able to provide more background.

				Best wishes,
				-- Mike

-----Original Message-----
From: Alexey Melnikov [mailto:alexey.melnikov@isode.com]=20
Sent: Tuesday, July 17, 2012 10:02 AM
To: Julian Reschke; Mike Jones
Cc: The IESG; General Area Review Team; oauth@ietf.org; draft-ietf-oauth-v2=
-bearer.all@tools.ietf.org; Stephen Farrell
Subject: Re: [Gen-art] [OAUTH-WG] Gen-ART Telechat review of draft-ietf-oau=
th-v2-bearer-22.txt

On 17/07/2012 17:40, Julian Reschke wrote:
> On 2012-07-17 18:10, Mike Jones wrote:
>> FYI, the b64 token definition is identical to the one in=20
>> draft-ietf-httpbis-p7-auth-20.  If it works there, it should work for=20
>> OAuth Bearer.
>> ...
>
> +1; not every constraint needs to be expressed in the ABNF. "b64token"=20
> is here so recipients can parse the header field; it's up to the auth=20
> scheme to state what the addition constraints are; and that can happen=20
> in prose.

I didn't say that it has to be expressed in ABNF (although I obviously woul=
dn't mind). I would like an ABNF comment pointing to the document which def=
ines base64.




From julian.reschke@gmx.de  Tue Jul 17 10:31:44 2012
Return-Path: 
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 088BF21F85C4 for ; Tue, 17 Jul 2012 10:31:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -104.658
X-Spam-Level: 
X-Spam-Status: No, score=-104.658 tagged_above=-999 required=5 tests=[AWL=-2.059, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UMRTGsGkAb6K for ; Tue, 17 Jul 2012 10:31:43 -0700 (PDT)
Received: from mailout-de.gmx.net (mailout-de.gmx.net [213.165.64.23]) by ietfa.amsl.com (Postfix) with SMTP id 0D34421F85F2 for ; Tue, 17 Jul 2012 10:31:42 -0700 (PDT)
Received: (qmail invoked by alias); 17 Jul 2012 17:32:30 -0000
Received: from mail.greenbytes.de (EHLO [192.168.1.140]) [217.91.35.233] by mail.gmx.net (mp035) with SMTP; 17 Jul 2012 19:32:30 +0200
X-Authenticated: #1915285
X-Provags-ID: V01U2FsdGVkX1+xK9ZD5T+xTwXLa3g9JqeEYzE1EXMWQ1/GDJ8cQR TUQ7wfpnMrdMeB
Message-ID: <5005A19A.9050104@gmx.de>
Date: Tue, 17 Jul 2012 19:32:10 +0200
From: Julian Reschke 
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:13.0) Gecko/20120614 Thunderbird/13.0.1
MIME-Version: 1.0
To: Mike Jones 
References: <4F2575CE.9040001@isode.com> <4E1F6AAD24975D4BA5B16804296739436638B7AD@TK5EX14MBXC284.redmond.corp.microsoft.com> <4F27C37C.1090008@isode.com> <4F843A22.4020908@isode.com> <4F843DA1.8080703@isode.com> <500546C5.6080102@isode.com>, <50054897.3070108@cs.tcd.ie> <4E1F6AAD24975D4BA5B1680429673943667370D7@TK5EX14MBXC285.redmond.corp.microsoft.com> <50059598.3030304@gmx.de> <50059A95.7050904@isode.com> <4E1F6AAD24975D4BA5B16804296739436673743F@TK5EX14MBXC285.redmond.corp.microsoft.com>
In-Reply-To: <4E1F6AAD24975D4BA5B16804296739436673743F@TK5EX14MBXC285.redmond.corp.microsoft.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Y-GMX-Trusted: 0
Cc: General Area Review Team , The IESG , "draft-ietf-oauth-v2-bearer.all@tools.ietf.org" , "oauth@ietf.org" 
Subject: Re: [OAUTH-WG] [Gen-art] Gen-ART Telechat review of draft-ietf-oauth-v2-bearer-22.txt
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG 
List-Unsubscribe: , 
List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: , 
X-List-Received-Date: Tue, 17 Jul 2012 17:31:44 -0000

On 2012-07-17 19:15, Mike Jones wrote:
> For clarity of discussion, the definition in question is:
>       b64token    = 1*( ALPHA / DIGIT /
>                         "-" / "." / "_" / "~" / "+" / "/" ) *"="
>
> Note that b64token is a liberal syntax intended to permit base64 encoded content (hence the inclusion of the "+" and "/" characters and the optional trailing "=" characters), base64url encoded content (hence the inclusion of the "-" and "_" characters) and other URL-safe productions (hence the inclusion of the "." and "~" characters).
>
> Its use is definitely not intended to be restricted to base64 encoded content, per RFC 4648. If it were so restricted (by not allowing ".", for instance), this would exclude the use of JWTs as bearer tokens, for instance, which is something we *definitely* want to allow.
>
> As a result, I don't think adding a reference to RFC 4648 is either necessary or appropriate.
>
> Julian may be able to provide more background.

That is correct, in that the constraint on the token contents seems to 
be defined elsewhere.

That being said, by changing the reference from HTTPbis to 2617 you 
broke the spec:

    The "Authorization" header field uses the framework defined by
    HTTP/1.1 [RFC2617] as follows:

      b64token    = 1*( ALPHA / DIGIT /
                        "-" / "." / "_" / "~" / "+" / "/" ) *"="
      credentials = "Bearer" 1*SP b64token

...because in RFC 2617, exactly that syntax is not allowed:

      credentials = auth-scheme #auth-param
      auth-param     = token "=" ( token | quoted-string )

I have to say that I'm a bit surprised by that change (was there any 
public discussion about it?). It is probably possible to fix this 
without having to reference HTTPbis, but, I'm not totally sure about why 
you would want that.

(Note that the spec can be approved before HTTPbis, it just would have 
to wait for RFC publication a bit longer)

Best regards, Julian

From Michael.Jones@microsoft.com  Tue Jul 17 10:38:48 2012
Return-Path: 
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 33CA621F85F8; Tue, 17 Jul 2012 10:38:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.784
X-Spam-Level: 
X-Spam-Status: No, score=-3.784 tagged_above=-999 required=5 tests=[AWL=-0.185, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id e2gi5mEkVbK8; Tue, 17 Jul 2012 10:38:47 -0700 (PDT)
Received: from ch1outboundpool.messaging.microsoft.com (ch1ehsobe003.messaging.microsoft.com [216.32.181.183]) by ietfa.amsl.com (Postfix) with ESMTP id 6DF2021F85EA; Tue, 17 Jul 2012 10:38:47 -0700 (PDT)
Received: from mail211-ch1-R.bigfish.com (10.43.68.237) by CH1EHSOBE018.bigfish.com (10.43.70.68) with Microsoft SMTP Server id 14.1.225.23; Tue, 17 Jul 2012 17:39:35 +0000
Received: from mail211-ch1 (localhost [127.0.0.1])	by mail211-ch1-R.bigfish.com (Postfix) with ESMTP id C8DD42204A6; Tue, 17 Jul 2012 17:39:34 +0000 (UTC)
X-Forefront-Antispam-Report: CIP:131.107.125.8; KIP:(null); UIP:(null); IPV:NLI; H:TK5EX14HUBC101.redmond.corp.microsoft.com; RD:none; EFVD:NLI
X-SpamScore: -30
X-BigFish: VS-30(zz98dI9371I936eI542M1432I4015Izz1202hzz1033IL8275dhz2fh2a8h668h839h944hd25hf0ah107ah)
Received-SPF: pass (mail211-ch1: domain of microsoft.com designates 131.107.125.8 as permitted sender) client-ip=131.107.125.8; envelope-from=Michael.Jones@microsoft.com; helo=TK5EX14HUBC101.redmond.corp.microsoft.com ; icrosoft.com ; 
Received: from mail211-ch1 (localhost.localdomain [127.0.0.1]) by mail211-ch1 (MessageSwitch) id 1342546772661880_21884; Tue, 17 Jul 2012 17:39:32 +0000 (UTC)
Received: from CH1EHSMHS022.bigfish.com (snatpool2.int.messaging.microsoft.com [10.43.68.235])	by mail211-ch1.bigfish.com (Postfix) with ESMTP id 9CDBD2E003F;	Tue, 17 Jul 2012 17:39:32 +0000 (UTC)
Received: from TK5EX14HUBC101.redmond.corp.microsoft.com (131.107.125.8) by CH1EHSMHS022.bigfish.com (10.43.70.22) with Microsoft SMTP Server (TLS) id 14.1.225.23; Tue, 17 Jul 2012 17:39:31 +0000
Received: from TK5EX14MBXC285.redmond.corp.microsoft.com ([169.254.3.222]) by TK5EX14HUBC101.redmond.corp.microsoft.com ([157.54.7.153]) with mapi id 14.02.0309.003; Tue, 17 Jul 2012 17:39:29 +0000
From: Mike Jones 
To: Julian Reschke 
Thread-Topic: [OAUTH-WG] [Gen-art] Gen-ART Telechat review of draft-ietf-oauth-v2-bearer-22.txt
Thread-Index: AQHNZEIp/Z9tuz7yc02oRy4cnST7lJctvLCQ
Date: Tue, 17 Jul 2012 17:39:28 +0000
Message-ID: <4E1F6AAD24975D4BA5B168042967394366737562@TK5EX14MBXC285.redmond.corp.microsoft.com>
References: <4F2575CE.9040001@isode.com> <4E1F6AAD24975D4BA5B16804296739436638B7AD@TK5EX14MBXC284.redmond.corp.microsoft.com> <4F27C37C.1090008@isode.com> <4F843A22.4020908@isode.com> <4F843DA1.8080703@isode.com> <500546C5.6080102@isode.com>, <50054897.3070108@cs.tcd.ie> <4E1F6AAD24975D4BA5B1680429673943667370D7@TK5EX14MBXC285.redmond.corp.microsoft.com> <50059598.3030304@gmx.de> <50059A95.7050904@isode.com> <4E1F6AAD24975D4BA5B16804296739436673743F@TK5EX14MBXC285.redmond.corp.microsoft.com> <5005A19A.9050104@gmx.de>
In-Reply-To: <5005A19A.9050104@gmx.de>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-originating-ip: [157.54.51.76]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
Cc: General Area Review Team , The IESG , "draft-ietf-oauth-v2-bearer.all@tools.ietf.org" , "oauth@ietf.org" 
Subject: Re: [OAUTH-WG] [Gen-art] Gen-ART Telechat review of draft-ietf-oauth-v2-bearer-22.txt
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG 
List-Unsubscribe: , 
List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: , 
X-List-Received-Date: Tue, 17 Jul 2012 17:38:48 -0000

Yes, the decision to remove normative references to HTTPbis was made during=
 the public OAuth status call on Monday, July 9th, as the call participants=
 wanted to be able to publish the RFC before HTTPbis is published as an RFC=
.

The sense on that call was that HTTPbis wouldn't be an RFC until near the e=
nd of this year or later.  If you have more data on that, it would be great=
 to learn what the actual expected timeline is.

				Thanks,
				-- Mike

-----Original Message-----
From: Julian Reschke [mailto:julian.reschke@gmx.de]=20
Sent: Tuesday, July 17, 2012 10:32 AM
To: Mike Jones
Cc: Alexey Melnikov; General Area Review Team; The IESG; draft-ietf-oauth-v=
2-bearer.all@tools.ietf.org; oauth@ietf.org
Subject: Re: [OAUTH-WG] [Gen-art] Gen-ART Telechat review of draft-ietf-oau=
th-v2-bearer-22.txt

On 2012-07-17 19:15, Mike Jones wrote:
> For clarity of discussion, the definition in question is:
>       b64token    =3D 1*( ALPHA / DIGIT /
>                         "-" / "." / "_" / "~" / "+" / "/" ) *"=3D"
>
> Note that b64token is a liberal syntax intended to permit base64 encoded =
content (hence the inclusion of the "+" and "/" characters and the optional=
 trailing "=3D" characters), base64url encoded content (hence the inclusion=
 of the "-" and "_" characters) and other URL-safe productions (hence the i=
nclusion of the "." and "~" characters).
>
> Its use is definitely not intended to be restricted to base64 encoded con=
tent, per RFC 4648. If it were so restricted (by not allowing ".", for inst=
ance), this would exclude the use of JWTs as bearer tokens, for instance, w=
hich is something we *definitely* want to allow.
>
> As a result, I don't think adding a reference to RFC 4648 is either neces=
sary or appropriate.
>
> Julian may be able to provide more background.

That is correct, in that the constraint on the token contents seems to be d=
efined elsewhere.

That being said, by changing the reference from HTTPbis to 2617 you broke t=
he spec:

    The "Authorization" header field uses the framework defined by
    HTTP/1.1 [RFC2617] as follows:

      b64token    =3D 1*( ALPHA / DIGIT /
                        "-" / "." / "_" / "~" / "+" / "/" ) *"=3D"
      credentials =3D "Bearer" 1*SP b64token

...because in RFC 2617, exactly that syntax is not allowed:

      credentials =3D auth-scheme #auth-param
      auth-param     =3D token "=3D" ( token | quoted-string )

I have to say that I'm a bit surprised by that change (was there any public=
 discussion about it?). It is probably possible to fix this without having =
to reference HTTPbis, but, I'm not totally sure about why you would want th=
at.

(Note that the spec can be approved before HTTPbis, it just would have to w=
ait for RFC publication a bit longer)

Best regards, Julian



From julian.reschke@gmx.de  Tue Jul 17 10:48:11 2012
Return-Path: 
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C694C21F860E for ; Tue, 17 Jul 2012 10:48:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -104.56
X-Spam-Level: 
X-Spam-Status: No, score=-104.56 tagged_above=-999 required=5 tests=[AWL=-1.961, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JQAa6Mzniwx1 for ; Tue, 17 Jul 2012 10:48:11 -0700 (PDT)
Received: from mailout-de.gmx.net (mailout-de.gmx.net [213.165.64.23]) by ietfa.amsl.com (Postfix) with SMTP id 588B221F858D for ; Tue, 17 Jul 2012 10:48:10 -0700 (PDT)
Received: (qmail invoked by alias); 17 Jul 2012 17:48:46 -0000
Received: from mail.greenbytes.de (EHLO [192.168.1.140]) [217.91.35.233] by mail.gmx.net (mp069) with SMTP; 17 Jul 2012 19:48:46 +0200
X-Authenticated: #1915285
X-Provags-ID: V01U2FsdGVkX18Q24UE9bEQL1mnNf9TwMMGlwZI5izm3UTl1D6zUk 6J0dA/CAWImv7w
Message-ID: <5005A564.9000300@gmx.de>
Date: Tue, 17 Jul 2012 19:48:20 +0200
From: Julian Reschke 
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:13.0) Gecko/20120614 Thunderbird/13.0.1
MIME-Version: 1.0
To: Mike Jones 
References: <4F2575CE.9040001@isode.com> <4E1F6AAD24975D4BA5B16804296739436638B7AD@TK5EX14MBXC284.redmond.corp.microsoft.com> <4F27C37C.1090008@isode.com> <4F843A22.4020908@isode.com> <4F843DA1.8080703@isode.com> <500546C5.6080102@isode.com>, <50054897.3070108@cs.tcd.ie> <4E1F6AAD24975D4BA5B1680429673943667370D7@TK5EX14MBXC285.redmond.corp.microsoft.com> <50059598.3030304@gmx.de> <50059A95.7050904@isode.com> <4E1F6AAD24975D4BA5B16804296739436673743F@TK5EX14MBXC285.redmond.corp.microsoft.com> <5005A19A.9050104@gmx.de> <4E1F6AAD24975D4BA5B168042967394366737562@TK5EX14MBXC285.redmond.corp.microsoft.com>
In-Reply-To: <4E1F6AAD24975D4BA5B168042967394366737562@TK5EX14MBXC285.redmond.corp.microsoft.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Y-GMX-Trusted: 0
Cc: General Area Review Team , The IESG , "draft-ietf-oauth-v2-bearer.all@tools.ietf.org" , "oauth@ietf.org" 
Subject: Re: [OAUTH-WG] [Gen-art] Gen-ART Telechat review of draft-ietf-oauth-v2-bearer-22.txt
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG 
List-Unsubscribe: , 
List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: , 
X-List-Received-Date: Tue, 17 Jul 2012 17:48:12 -0000

On 2012-07-17 19:39, Mike Jones wrote:
> Yes, the decision to remove normative references to HTTPbis was made during the public OAuth status call on Monday, July 9th, as the call participants wanted to be able to publish the RFC before HTTPbis is published as an RFC.

Well, it would have been nice to see this recorded in a mail to the 
mailing list.

> The sense on that call was that HTTPbis wouldn't be an RFC until near the end of this year or later.  If you have more data on that, it would be great to learn what the actual expected timeline is.

We all know well that it's extremely hard to make predictions like 
these, right?

So again: if you simply replace the dependency then you need to add 
prose explaining why you are using syntax that is not allowed per RFC 
2617. I would think it's easier to leave things as they were (and as 
last-called both in the WG LC and the IETF LC), and let the spec sit in 
the RFC Editor queue a bit longer (it would still be approved as 
Proposed Standard, just not published).

Best regards, Julian

From Michael.Jones@microsoft.com  Tue Jul 17 10:53:49 2012
Return-Path: 
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A9C6921F86B2; Tue, 17 Jul 2012 10:53:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.782
X-Spam-Level: 
X-Spam-Status: No, score=-3.782 tagged_above=-999 required=5 tests=[AWL=-0.183, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 12qHySIiUgg2; Tue, 17 Jul 2012 10:53:44 -0700 (PDT)
Received: from db3outboundpool.messaging.microsoft.com (db3ehsobe005.messaging.microsoft.com [213.199.154.143]) by ietfa.amsl.com (Postfix) with ESMTP id C69BE21F863E; Tue, 17 Jul 2012 10:53:43 -0700 (PDT)
Received: from mail56-db3-R.bigfish.com (10.3.81.254) by DB3EHSOBE001.bigfish.com (10.3.84.21) with Microsoft SMTP Server id 14.1.225.23; Tue, 17 Jul 2012 17:54:31 +0000
Received: from mail56-db3 (localhost [127.0.0.1])	by mail56-db3-R.bigfish.com (Postfix) with ESMTP id DA33D4E04ED; Tue, 17 Jul 2012 17:54:30 +0000 (UTC)
X-Forefront-Antispam-Report: CIP:131.107.125.8; KIP:(null); UIP:(null); IPV:NLI; H:TK5EX14MLTC104.redmond.corp.microsoft.com; RD:none; EFVD:NLI
X-SpamScore: -29
X-BigFish: VS-29(zz98dI9371I936eI542M4015Izz1202hzz1033IL8275dhz2fh2a8h668h839h944hd25hf0ah107ah)
Received-SPF: pass (mail56-db3: domain of microsoft.com designates 131.107.125.8 as permitted sender) client-ip=131.107.125.8; envelope-from=Michael.Jones@microsoft.com; helo=TK5EX14MLTC104.redmond.corp.microsoft.com ; icrosoft.com ; 
Received: from mail56-db3 (localhost.localdomain [127.0.0.1]) by mail56-db3 (MessageSwitch) id 1342547669175765_20945; Tue, 17 Jul 2012 17:54:29 +0000 (UTC)
Received: from DB3EHSMHS018.bigfish.com (unknown [10.3.81.225])	by mail56-db3.bigfish.com (Postfix) with ESMTP id 1E8E7160048; Tue, 17 Jul 2012 17:54:29 +0000 (UTC)
Received: from TK5EX14MLTC104.redmond.corp.microsoft.com (131.107.125.8) by DB3EHSMHS018.bigfish.com (10.3.87.118) with Microsoft SMTP Server (TLS) id 14.1.225.23; Tue, 17 Jul 2012 17:54:20 +0000
Received: from TK5EX14MBXC285.redmond.corp.microsoft.com ([169.254.3.222]) by TK5EX14MLTC104.redmond.corp.microsoft.com ([157.54.79.159]) with mapi id 14.02.0298.005; Tue, 17 Jul 2012 17:54:10 +0000
From: Mike Jones 
To: Julian Reschke 
Thread-Topic: [OAUTH-WG] [Gen-art] Gen-ART Telechat review of draft-ietf-oauth-v2-bearer-22.txt
Thread-Index: AQHNZEIp/Z9tuz7yc02oRy4cnST7lJctvLCQgAADgACAAAEJQA==
Date: Tue, 17 Jul 2012 17:54:10 +0000
Message-ID: <4E1F6AAD24975D4BA5B16804296739436673760A@TK5EX14MBXC285.redmond.corp.microsoft.com>
References: <4F2575CE.9040001@isode.com> <4E1F6AAD24975D4BA5B16804296739436638B7AD@TK5EX14MBXC284.redmond.corp.microsoft.com> <4F27C37C.1090008@isode.com> <4F843A22.4020908@isode.com> <4F843DA1.8080703@isode.com> <500546C5.6080102@isode.com>, <50054897.3070108@cs.tcd.ie> <4E1F6AAD24975D4BA5B1680429673943667370D7@TK5EX14MBXC285.redmond.corp.microsoft.com> <50059598.3030304@gmx.de> <50059A95.7050904@isode.com> <4E1F6AAD24975D4BA5B16804296739436673743F@TK5EX14MBXC285.redmond.corp.microsoft.com> <5005A19A.9050104@gmx.de> <4E1F6AAD24975D4BA5B168042967394366737562@TK5EX14MBXC285.redmond.corp.microsoft.com> <5005A564.9000300@gmx.de>
In-Reply-To: <5005A564.9000300@gmx.de>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-originating-ip: [157.54.51.76]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
Cc: General Area Review Team , The IESG , "draft-ietf-oauth-v2-bearer.all@tools.ietf.org" , "oauth@ietf.org" 
Subject: Re: [OAUTH-WG] [Gen-art] Gen-ART Telechat review of draft-ietf-oauth-v2-bearer-22.txt
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG 
List-Unsubscribe: , 
List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: , 
X-List-Received-Date: Tue, 17 Jul 2012 17:53:49 -0000

The change and the reason for it were called out to the working group in ht=
tp://www.ietf.org/mail-archive/web/oauth/current/msg09594.html.

What additional text would you propose that the RFC editor add to explain t=
he deviance from RFC 2617?

				Thanks,
				-- Mike

-----Original Message-----
From: Julian Reschke [mailto:julian.reschke@gmx.de]=20
Sent: Tuesday, July 17, 2012 10:48 AM
To: Mike Jones
Cc: General Area Review Team; The IESG; draft-ietf-oauth-v2-bearer.all@tool=
s.ietf.org; oauth@ietf.org
Subject: Re: [OAUTH-WG] [Gen-art] Gen-ART Telechat review of draft-ietf-oau=
th-v2-bearer-22.txt

On 2012-07-17 19:39, Mike Jones wrote:
> Yes, the decision to remove normative references to HTTPbis was made duri=
ng the public OAuth status call on Monday, July 9th, as the call participan=
ts wanted to be able to publish the RFC before HTTPbis is published as an R=
FC.

Well, it would have been nice to see this recorded in a mail to the mailing=
 list.

> The sense on that call was that HTTPbis wouldn't be an RFC until near the=
 end of this year or later.  If you have more data on that, it would be gre=
at to learn what the actual expected timeline is.

We all know well that it's extremely hard to make predictions like these, r=
ight?

So again: if you simply replace the dependency then you need to add prose e=
xplaining why you are using syntax that is not allowed per RFC 2617. I woul=
d think it's easier to leave things as they were (and as last-called both i=
n the WG LC and the IETF LC), and let the spec sit in the RFC Editor queue =
a bit longer (it would still be approved as Proposed Standard, just not pub=
lished).

Best regards, Julian



From alexey.melnikov@isode.com  Tue Jul 17 10:57:08 2012
Return-Path: 
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 022DF21F86B2; Tue, 17 Jul 2012 10:57:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.957
X-Spam-Level: 
X-Spam-Status: No, score=-102.957 tagged_above=-999 required=5 tests=[AWL=-0.358, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NHzt2Scnck+4; Tue, 17 Jul 2012 10:57:07 -0700 (PDT)
Received: from statler.isode.com (statler.isode.com [62.3.217.254]) by ietfa.amsl.com (Postfix) with ESMTP id 2772521F863E; Tue, 17 Jul 2012 10:57:07 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; t=1342547874; d=isode.com; s=selector; i=@isode.com; bh=5P83iUVCAG+WnWmVsN04N0M/8nuqyPQ2/O4HMC7Mdtk=; h=From:Sender:Reply-To:Subject:Date:Message-ID:To:Cc:MIME-Version: In-Reply-To:References:Content-Type:Content-Transfer-Encoding: Content-ID:Content-Description; b=tojbabbdowUbiyx5maojwX4xRGxME+sOJvcEKL7DhfaA5MzcL8aHowzSvXcnngIiuluvx6 CgZ0mgYBhpYzo4F/s/LWbx7kt6kiXtsAcQenL3Z2cYs5yGh+J/PJuGbwgG5XbfIDo+ukEI B4KXUjko3x90FuXlSbpfq+sz0mMTtoE=;
Received: from [172.16.1.29] (shiny.isode.com [62.3.217.250])  by statler.isode.com (submission channel) via TCP with ESMTPSA  id ; Tue, 17 Jul 2012 18:57:53 +0100
X-SMTP-Protocol-Errors: PIPELINING
Message-ID: <5005A79A.6010504@isode.com>
Date: Tue, 17 Jul 2012 18:57:46 +0100
From: Alexey Melnikov 
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:13.0) Gecko/20120614 Thunderbird/13.0.1
To: Mike Jones 
References: <4F2575CE.9040001@isode.com> <4E1F6AAD24975D4BA5B16804296739436638B7AD@TK5EX14MBXC284.redmond.corp.microsoft.com> <4F27C37C.1090008@isode.com> <4F843A22.4020908@isode.com> <4F843DA1.8080703@isode.com> <500546C5.6080102@isode.com>, <50054897.3070108@cs.tcd.ie> <4E1F6AAD24975D4BA5B1680429673943667370D7@TK5EX14MBXC285.redmond.corp.microsoft.com> <50059598.3030304@gmx.de> <50059A95.7050904@isode.com> <4E1F6AAD24975D4BA5B16804296739436673743F@TK5EX14MBXC285.redmond.corp.microsoft.com>
In-Reply-To: <4E1F6AAD24975D4BA5B16804296739436673743F@TK5EX14MBXC285.redmond.corp.microsoft.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Cc: "draft-ietf-oauth-v2-bearer.all@tools.ietf.org" , Julian Reschke , General Area Review Team , The IESG , "oauth@ietf.org" 
Subject: Re: [OAUTH-WG] [Gen-art] Gen-ART Telechat review of draft-ietf-oauth-v2-bearer-22.txt
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG 
List-Unsubscribe: , 
List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: , 
X-List-Received-Date: Tue, 17 Jul 2012 17:57:08 -0000

On 17/07/2012 18:15, Mike Jones wrote:
> For clarity of discussion, the definition in question is:
>       b64token    = 1*( ALPHA / DIGIT /
>                         "-" / "." / "_" / "~" / "+" / "/" ) *"="
>
> Note that b64token is a liberal syntax intended to permit base64 encoded content (hence the inclusion of the "+" and "/" characters and the optional trailing "=" characters), base64url encoded content (hence the inclusion of the "-" and "_" characters) and other URL-safe productions (hence the inclusion of the "." and "~" characters).
>
> Its use is definitely not intended to be restricted to base64 encoded content, per RFC 4648. If it were so restricted (by not allowing ".", for instance), this would exclude the use of JWTs as bearer tokens, for instance, which is something we *definitely* want to allow.
>
> As a result, I don't think adding a reference to RFC 4648 is either necessary or appropriate.

In this case, can you please rename the production to something which is 
clearly not a base64 string.

> Julian may be able to provide more background.
>
> 				Best wishes,
> 				-- Mike
>
> -----Original Message-----
> From: Alexey Melnikov [mailto:alexey.melnikov@isode.com]
> Sent: Tuesday, July 17, 2012 10:02 AM
> To: Julian Reschke; Mike Jones
> Cc: The IESG; General Area Review Team; oauth@ietf.org; draft-ietf-oauth-v2-bearer.all@tools.ietf.org; Stephen Farrell
> Subject: Re: [Gen-art] [OAUTH-WG] Gen-ART Telechat review of draft-ietf-oauth-v2-bearer-22.txt
>
> On 17/07/2012 17:40, Julian Reschke wrote:
>> On 2012-07-17 18:10, Mike Jones wrote:
>>> FYI, the b64 token definition is identical to the one in
>>> draft-ietf-httpbis-p7-auth-20.  If it works there, it should work for
>>> OAuth Bearer.
>>> ...
>> +1; not every constraint needs to be expressed in the ABNF. "b64token"
>> is here so recipients can parse the header field; it's up to the auth
>> scheme to state what the addition constraints are; and that can happen
>> in prose.
> I didn't say that it has to be expressed in ABNF (although I obviously wouldn't mind). I would like an ABNF comment pointing to the document which defines base64.
>
>
>



From Michael.Jones@microsoft.com  Tue Jul 17 11:00:40 2012
Return-Path: 
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1C0E421F8665; Tue, 17 Jul 2012 11:00:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.781
X-Spam-Level: 
X-Spam-Status: No, score=-3.781 tagged_above=-999 required=5 tests=[AWL=-0.182, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mQHap1G1+tlA; Tue, 17 Jul 2012 11:00:39 -0700 (PDT)
Received: from va3outboundpool.messaging.microsoft.com (va3ehsobe004.messaging.microsoft.com [216.32.180.14]) by ietfa.amsl.com (Postfix) with ESMTP id 415E521F865D; Tue, 17 Jul 2012 11:00:39 -0700 (PDT)
Received: from mail260-va3-R.bigfish.com (10.7.14.236) by VA3EHSOBE008.bigfish.com (10.7.40.28) with Microsoft SMTP Server id 14.1.225.23; Tue, 17 Jul 2012 18:01:26 +0000
Received: from mail260-va3 (localhost [127.0.0.1])	by mail260-va3-R.bigfish.com (Postfix) with ESMTP id C3562401D4; Tue, 17 Jul 2012 18:01:26 +0000 (UTC)
X-Forefront-Antispam-Report: CIP:131.107.125.8; KIP:(null); UIP:(null); IPV:NLI; H:TK5EX14HUBC104.redmond.corp.microsoft.com; RD:none; EFVD:NLI
X-SpamScore: -35
X-BigFish: VS-35(zzbb2dI98dI9371I936eI1b0bM542M1432Izz1202hzz1033ILz2fh2a8h668h839h944hd25hf0ah107ah)
Received-SPF: pass (mail260-va3: domain of microsoft.com designates 131.107.125.8 as permitted sender) client-ip=131.107.125.8; envelope-from=Michael.Jones@microsoft.com; helo=TK5EX14HUBC104.redmond.corp.microsoft.com ; icrosoft.com ; 
Received: from mail260-va3 (localhost.localdomain [127.0.0.1]) by mail260-va3 (MessageSwitch) id 1342548085226865_4450; Tue, 17 Jul 2012 18:01:25 +0000 (UTC)
Received: from VA3EHSMHS021.bigfish.com (unknown [10.7.14.250])	by mail260-va3.bigfish.com (Postfix) with ESMTP id 2AC0B5C0045; Tue, 17 Jul 2012 18:01:25 +0000 (UTC)
Received: from TK5EX14HUBC104.redmond.corp.microsoft.com (131.107.125.8) by VA3EHSMHS021.bigfish.com (10.7.99.31) with Microsoft SMTP Server (TLS) id 14.1.225.23; Tue, 17 Jul 2012 18:01:22 +0000
Received: from TK5EX14MBXC285.redmond.corp.microsoft.com ([169.254.3.222]) by TK5EX14HUBC104.redmond.corp.microsoft.com ([157.54.80.25]) with mapi id 14.02.0309.003; Tue, 17 Jul 2012 18:01:17 +0000
From: Mike Jones 
To: Alexey Melnikov 
Thread-Topic: [Gen-art] [OAUTH-WG] Gen-ART Telechat review of draft-ietf-oauth-v2-bearer-22.txt
Thread-Index: Ac1kRijpF5cCJJLkSgmQJ43ndyagEQ==
Date: Tue, 17 Jul 2012 18:01:16 +0000
Message-ID: <4E1F6AAD24975D4BA5B16804296739436673769B@TK5EX14MBXC285.redmond.corp.microsoft.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-originating-ip: [157.54.51.76]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
Cc: "draft-ietf-oauth-v2-bearer.all@tools.ietf.org" , Julian Reschke , General Area Review Team , The IESG , "oauth@ietf.org" 
Subject: Re: [OAUTH-WG] [Gen-art] Gen-ART Telechat review of draft-ietf-oauth-v2-bearer-22.txt
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG 
List-Unsubscribe: , 
List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: , 
X-List-Received-Date: Tue, 17 Jul 2012 18:00:40 -0000

You should actually probably make that name change request to the HTTPbis w=
orking group.  I suspect that if they decide to change the name, that we co=
uld direct the RFC editor to make the same name change as HTTPbis does.

				-- Mike

-----Original Message-----
From: Alexey Melnikov [mailto:alexey.melnikov@isode.com]=20
Sent: Tuesday, July 17, 2012 10:58 AM
To: Mike Jones
Cc: Julian Reschke; The IESG; General Area Review Team; oauth@ietf.org; dra=
ft-ietf-oauth-v2-bearer.all@tools.ietf.org; Stephen Farrell
Subject: Re: [Gen-art] [OAUTH-WG] Gen-ART Telechat review of draft-ietf-oau=
th-v2-bearer-22.txt

On 17/07/2012 18:15, Mike Jones wrote:
> For clarity of discussion, the definition in question is:
>       b64token    =3D 1*( ALPHA / DIGIT /
>                         "-" / "." / "_" / "~" / "+" / "/" ) *"=3D"
>
> Note that b64token is a liberal syntax intended to permit base64 encoded =
content (hence the inclusion of the "+" and "/" characters and the optional=
 trailing "=3D" characters), base64url encoded content (hence the inclusion=
 of the "-" and "_" characters) and other URL-safe productions (hence the i=
nclusion of the "." and "~" characters).
>
> Its use is definitely not intended to be restricted to base64 encoded con=
tent, per RFC 4648. If it were so restricted (by not allowing ".", for inst=
ance), this would exclude the use of JWTs as bearer tokens, for instance, w=
hich is something we *definitely* want to allow.
>
> As a result, I don't think adding a reference to RFC 4648 is either neces=
sary or appropriate.

In this case, can you please rename the production to something which is cl=
early not a base64 string.

> Julian may be able to provide more background.
>
> 				Best wishes,
> 				-- Mike
>
> -----Original Message-----
> From: Alexey Melnikov [mailto:alexey.melnikov@isode.com]
> Sent: Tuesday, July 17, 2012 10:02 AM
> To: Julian Reschke; Mike Jones
> Cc: The IESG; General Area Review Team; oauth@ietf.org;=20
> draft-ietf-oauth-v2-bearer.all@tools.ietf.org; Stephen Farrell
> Subject: Re: [Gen-art] [OAUTH-WG] Gen-ART Telechat review of=20
> draft-ietf-oauth-v2-bearer-22.txt
>
> On 17/07/2012 17:40, Julian Reschke wrote:
>> On 2012-07-17 18:10, Mike Jones wrote:
>>> FYI, the b64 token definition is identical to the one in=20
>>> draft-ietf-httpbis-p7-auth-20.  If it works there, it should work=20
>>> for OAuth Bearer.
>>> ...
>> +1; not every constraint needs to be expressed in the ABNF. "b64token"
>> is here so recipients can parse the header field; it's up to the auth=20
>> scheme to state what the addition constraints are; and that can=20
>> happen in prose.
> I didn't say that it has to be expressed in ABNF (although I obviously wo=
uldn't mind). I would like an ABNF comment pointing to the document which d=
efines base64.
>
>
>





From julian.reschke@gmx.de  Tue Jul 17 11:08:54 2012
Return-Path: 
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EAAB321F86B3 for ; Tue, 17 Jul 2012 11:08:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -104.471
X-Spam-Level: 
X-Spam-Status: No, score=-104.471 tagged_above=-999 required=5 tests=[AWL=-1.872, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SJz2zQ1FeViQ for ; Tue, 17 Jul 2012 11:08:53 -0700 (PDT)
Received: from mailout-de.gmx.net (mailout-de.gmx.net [213.165.64.23]) by ietfa.amsl.com (Postfix) with SMTP id E630A21F85C4 for ; Tue, 17 Jul 2012 11:08:52 -0700 (PDT)
Received: (qmail invoked by alias); 17 Jul 2012 18:03:26 -0000
Received: from mail.greenbytes.de (EHLO [192.168.1.140]) [217.91.35.233] by mail.gmx.net (mp001) with SMTP; 17 Jul 2012 20:03:26 +0200
X-Authenticated: #1915285
X-Provags-ID: V01U2FsdGVkX19Jp1EfJWBJ34VesUPXd4N2IJLCooxoFVzcQ/Yttn oAD4dffrWdl+OE
Message-ID: <5005A8D8.6010602@gmx.de>
Date: Tue, 17 Jul 2012 20:03:04 +0200
From: Julian Reschke 
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:14.0) Gecko/20120713 Thunderbird/14.0
MIME-Version: 1.0
To: Mike Jones 
References: <4F2575CE.9040001@isode.com> <4E1F6AAD24975D4BA5B16804296739436638B7AD@TK5EX14MBXC284.redmond.corp.microsoft.com> <4F27C37C.1090008@isode.com> <4F843A22.4020908@isode.com> <4F843DA1.8080703@isode.com> <500546C5.6080102@isode.com>, <50054897.3070108@cs.tcd.ie> <4E1F6AAD24975D4BA5B1680429673943667370D7@TK5EX14MBXC285.redmond.corp.microsoft.com> <50059598.3030304@gmx.de> <50059A95.7050904@isode.com> <4E1F6AAD24975D4BA5B16804296739436673743F@TK5EX14MBXC285.redmond.corp.microsoft.com> <5005A19A.9050104@gmx.de> <4E1F6AAD24975D4BA5B168042967394366737562@TK5EX14MBXC285.redmond.corp.microsoft.com> <5005A564.9000300@gmx.de> <4E1F6AAD24975D4BA5B16804296739436673760A@TK5EX14MBXC285.redmond.corp.microsoft.com>
In-Reply-To: <4E1F6AAD24975D4BA5B16804296739436673760A@TK5EX14MBXC285.redmond.corp.microsoft.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Y-GMX-Trusted: 0
Cc: General Area Review Team , The IESG , "draft-ietf-oauth-v2-bearer.all@tools.ietf.org" , "oauth@ietf.org" 
Subject: Re: [OAUTH-WG] [Gen-art] Gen-ART Telechat review of draft-ietf-oauth-v2-bearer-22.txt
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG 
List-Unsubscribe: , 
List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: , 
X-List-Received-Date: Tue, 17 Jul 2012 18:08:54 -0000

On 2012-07-17 19:54, Mike Jones wrote:
> The change and the reason for it were called out to the working group in http://www.ietf.org/mail-archive/web/oauth/current/msg09594.html.

Indeed, as fait accompli. There were four days between the telco and the 
publication of the new draft for actually reporting the planned changes 
to the WG.

> What additional text would you propose that the RFC editor add to explain the deviance from RFC 2617?

I would propose to undo the change.

Best regards, Julian




From julian.reschke@gmx.de  Tue Jul 17 11:10:22 2012
Return-Path: 
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0D19C21F86E1 for ; Tue, 17 Jul 2012 11:10:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -104.364
X-Spam-Level: 
X-Spam-Status: No, score=-104.364 tagged_above=-999 required=5 tests=[AWL=-1.765, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id My0dvrB98sdq for ; Tue, 17 Jul 2012 11:10:21 -0700 (PDT)
Received: from mailout-de.gmx.net (mailout-de.gmx.net [213.165.64.22]) by ietfa.amsl.com (Postfix) with SMTP id E807121F86CE for ; Tue, 17 Jul 2012 11:10:20 -0700 (PDT)
Received: (qmail invoked by alias); 17 Jul 2012 18:07:38 -0000
Received: from mail.greenbytes.de (EHLO [192.168.1.140]) [217.91.35.233] by mail.gmx.net (mp002) with SMTP; 17 Jul 2012 20:07:38 +0200
X-Authenticated: #1915285
X-Provags-ID: V01U2FsdGVkX18P56ESUSIPWzerRAZjdaXVEpDmShCti4ZbRnhs6Q iSCAP7uPSzPwKM
Message-ID: <5005A9D4.5010003@gmx.de>
Date: Tue, 17 Jul 2012 20:07:16 +0200
From: Julian Reschke 
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:14.0) Gecko/20120713 Thunderbird/14.0
MIME-Version: 1.0
To: Mike Jones 
References: <4E1F6AAD24975D4BA5B16804296739436673769B@TK5EX14MBXC285.redmond.corp.microsoft.com>
In-Reply-To: <4E1F6AAD24975D4BA5B16804296739436673769B@TK5EX14MBXC285.redmond.corp.microsoft.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Y-GMX-Trusted: 0
Cc: "draft-ietf-oauth-v2-bearer.all@tools.ietf.org" , General Area Review Team , The IESG , "oauth@ietf.org" 
Subject: Re: [OAUTH-WG] [Gen-art] Gen-ART Telechat review of draft-ietf-oauth-v2-bearer-22.txt
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG 
List-Unsubscribe: , 
List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: , 
X-List-Received-Date: Tue, 17 Jul 2012 18:10:22 -0000

On 2012-07-17 20:01, Mike Jones wrote:
> You should actually probably make that name change request to the HTTPbis working group.  I suspect that if they decide to change the name, that we could direct the RFC editor to make the same name change as HTTPbis does.
> ...

HTTPbis describes the production as:

"The "b64token" syntax allows the 66 unreserved URI characters 
([RFC3986]), plus a few others, so that it can hold a base64, base64url 
(URL and filename safe alphabet), base32, or base16 (hex) encoding, with 
or without padding, but excluding whitespace ([RFC4648])." -- 


I think that's sufficiently clear, and "b64token" is actually a good 
name for that ABNF production.

Best regards, Julian

From julian.reschke@gmx.de  Tue Jul 17 11:41:50 2012
Return-Path: 
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5443121F86BB for ; Tue, 17 Jul 2012 11:41:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -104.876
X-Spam-Level: 
X-Spam-Status: No, score=-104.876 tagged_above=-999 required=5 tests=[AWL=-2.277, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wbwd-4P33xMs for ; Tue, 17 Jul 2012 11:41:49 -0700 (PDT)
Received: from mailout-de.gmx.net (mailout-de.gmx.net [213.165.64.22]) by ietfa.amsl.com (Postfix) with SMTP id 6231721F86B3 for ; Tue, 17 Jul 2012 11:41:41 -0700 (PDT)
Received: (qmail invoked by alias); 17 Jul 2012 18:42:25 -0000
Received: from p54BB24B4.dip.t-dialin.net (EHLO [192.168.178.36]) [84.187.36.180] by mail.gmx.net (mp034) with SMTP; 17 Jul 2012 20:42:25 +0200
X-Authenticated: #1915285
X-Provags-ID: V01U2FsdGVkX18cSEAN5Ikc3B2L7Sak3JWF0JuBjLOYtcNzDY1CKp 6mYV+uIK7sZnPs
Message-ID: <5005B209.4080008@gmx.de>
Date: Tue, 17 Jul 2012 20:42:17 +0200
From: Julian Reschke 
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:14.0) Gecko/20120713 Thunderbird/14.0
MIME-Version: 1.0
To: Mike Jones 
References: <4F2575CE.9040001@isode.com> <4E1F6AAD24975D4BA5B16804296739436638B7AD@TK5EX14MBXC284.redmond.corp.microsoft.com> <4F27C37C.1090008@isode.com> <4F843A22.4020908@isode.com> <4F843DA1.8080703@isode.com> <500546C5.6080102@isode.com>, <50054897.3070108@cs.tcd.ie> <4E1F6AAD24975D4BA5B1680429673943667370D7@TK5EX14MBXC285.redmond.corp.microsoft.com> <50059598.3030304@gmx.de> <50059A95.7050904@isode.com> <4E1F6AAD24975D4BA5B16804296739436673743F@TK5EX14MBXC285.redmond.corp.microsoft.com> <5005A19A.9050104@gmx.de> <4E1F6AAD24975D4BA5B168042967394366737562@TK5EX14MBXC285.redmond.corp.microsoft.com> <5005A564.9000300@gmx.de> <4E1F6AAD24975D4BA5B16804296739436673760A@TK5EX14MBXC285.redmond.corp.microsoft.com> <5005A8D8.6010602@gmx.de>
In-Reply-To: <5005A8D8.6010602@gmx.de>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Y-GMX-Trusted: 0
Cc: General Area Review Team , The IESG , "draft-ietf-oauth-v2-bearer.all@tools.ietf.org" , "oauth@ietf.org" 
Subject: Re: [OAUTH-WG] [Gen-art] Gen-ART Telechat review of draft-ietf-oauth-v2-bearer-22.txt
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG 
List-Unsubscribe: , 
List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: , 
X-List-Received-Date: Tue, 17 Jul 2012 18:41:50 -0000

On 2012-07-17 20:03, Julian Reschke wrote:
> On 2012-07-17 19:54, Mike Jones wrote:
>> The change and the reason for it were called out to the working group
>> in http://www.ietf.org/mail-archive/web/oauth/current/msg09594.html.
>
> Indeed, as fait accompli. There were four days between the telco and the
> publication of the new draft for actually reporting the planned changes
> to the WG.
 > ...

Apologies, I now see that you indeed posted the proposed draft earlier. 
I didn't notice that.

I *did* participate in the beginning of the telco, and I'm still a bit 
surprised the topic didn't come up when I asked whether I can drop out 
of the call (after discussing the media type issue).

Best regards, Julian


From dick.hardt@gmail.com  Tue Jul 17 15:08:31 2012
Return-Path: 
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1E21E21F851B for ; Tue, 17 Jul 2012 15:08:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.552
X-Spam-Level: 
X-Spam-Status: No, score=-3.552 tagged_above=-999 required=5 tests=[AWL=0.047,  BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id X3d02RX5OYLS for ; Tue, 17 Jul 2012 15:08:30 -0700 (PDT)
Received: from mail-pb0-f44.google.com (mail-pb0-f44.google.com [209.85.160.44]) by ietfa.amsl.com (Postfix) with ESMTP id 7203F21F851A for ; Tue, 17 Jul 2012 15:08:30 -0700 (PDT)
Received: by pbcwy7 with SMTP id wy7so1504203pbc.31 for ; Tue, 17 Jul 2012 15:09:19 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=subject:mime-version:content-type:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to:x-mailer; bh=kXxA/ZFD5HR0O9g9TsQXV9vgD6kbHlgwZ+wxHTtWZ8s=; b=wZEfigxlfo10vb+DzfKAcv4n25lcxLhz/M4aWYvRREHhAq2yo1XxTtW+Lxb2/mxuf8 qnIpYW4agPN5ZHruNpwuOKCWBD5ApP+R8CKzW3iRD7OuOYDHFWBkSY+UaK7MrW4b9D5P AU0376OSDlkM6VIrrTQMDCWpBQMe3h3AqG9fc3P/O5iLiGDBPX8yqizLa6roNZEmVjhI 2mKxrahbs1Mz3kapeLyh7dB7RVzOASEghRzugNmThdLOJi65fhVSRDpl0QnHA+yWtIi5 WNsmHZAvrvKYgW10NYPMHbNHXVqtA7LjPp6F4rJ9ebRzNg1/r2Scwh+FYyQDXjhYBqQT nt6Q==
Received: by 10.68.134.201 with SMTP id pm9mr2164735pbb.49.1342562959022; Tue, 17 Jul 2012 15:09:19 -0700 (PDT)
Received: from [10.0.0.4] (c-24-5-69-173.hsd1.ca.comcast.net. [24.5.69.173]) by mx.google.com with ESMTPS id ku7sm14793917pbc.31.2012.07.17.15.09.15 (version=TLSv1/SSLv3 cipher=OTHER); Tue, 17 Jul 2012 15:09:16 -0700 (PDT)
Mime-Version: 1.0 (Apple Message framework v1278)
Content-Type: text/plain; charset=iso-8859-1
From: Dick Hardt 
In-Reply-To: 
Date: Tue, 17 Jul 2012 15:09:14 -0700
Content-Transfer-Encoding: quoted-printable
Message-Id: <6C34F5DD-9CA7-40B0-B2DE-FB5E0A0D94D4@gmail.com>
References: 
To: Michael Scalia 
X-Mailer: Apple Mail (2.1278)
Cc: "oauth@ietf.org WG" 
Subject: Re: [OAUTH-WG] draft-ietf-oauth-v2
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG 
List-Unsubscribe: , 
List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: , 
X-List-Received-Date: Tue, 17 Jul 2012 22:08:31 -0000

Thanks for the feedback Michael.

4.1.2 is where the authorization code is first talked about, and it =
makes sense to discuss how it is generated and used at that point. I can =
see how it might also be useful to put it in 4.1.3. Note that this is =
this is RECOMMENDED as opposed to MUST so it does not flow into "The =
authorization server MUST" list of points.

Personally, I don't see a need to change. Anyone else have an opinion on =
this?

-- Dick

On Jul 17, 2012, at 2:22 PM, Michael Scalia wrote:

> Dear OAuth Authors,
>=20
> I'm not sure if this is the right way to suggest an edit to the =
current OAuth draft.  Please let me know if I should use a different =
route.
>=20
> Section 4.1.2 Authorization Response includes the text, "If an =
authorization code is used more than once, the authorization server MUST =
deny the request and SHOULD revoke (when possible) all tokens previously =
issued based on that authorization code.  The authorization code is =
bound to the client identifier and redirection URI."
>=20
> I believe this text is in the wrong place.  A client does not supply =
the authorization code to the authorization endpoint.  It supplies it to =
the token endpoint.  This should move to 4.1.3. Access Token Request, in =
the list of bulleted items under "The authorization server MUST".
>=20
> Thanks for all your work on this protocol.
>=20
> Regards,
> Michael Scalia


From dick.hardt@gmail.com  Tue Jul 17 15:55:39 2012
Return-Path: 
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A351211E80D9 for ; Tue, 17 Jul 2012 15:55:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.554
X-Spam-Level: 
X-Spam-Status: No, score=-3.554 tagged_above=-999 required=5 tests=[AWL=0.044,  BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vzHQie0E53b8 for ; Tue, 17 Jul 2012 15:55:39 -0700 (PDT)
Received: from mail-pb0-f44.google.com (mail-pb0-f44.google.com [209.85.160.44]) by ietfa.amsl.com (Postfix) with ESMTP id E1D0711E80CC for ; Tue, 17 Jul 2012 15:55:38 -0700 (PDT)
Received: by pbcwy7 with SMTP id wy7so1559671pbc.31 for ; Tue, 17 Jul 2012 15:56:27 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=subject:mime-version:content-type:from:in-reply-to:date:cc :message-id:references:to:x-mailer; bh=ahh/D1UmE1Q+0CEVaEcA2sTn67rmgQE3gHQ2qzDKwNo=; b=DLAEChDz+emfhn9JrCs9br2WytUxDeiZpZEzuGTuD4ZWLddqm5UMKhbnPNeCnzMn/K 0a4/JrKJbksdy+d2BYIId150T7Jms6gJobqZYUiIc6KQlrAqk8rzni5Q/2XxALZvHhUV Ctx7GBGtVelhn0jC4fN2wG2x4CDKuq1wB2rPd+riEeT70WXPGcsZNcyQfJGU3Y/PQ+Gl ucj6xQgbw/b23byt5vgtuqS2dTu+VAP0YhC64BwQzCUG42eP9xb1SE2ZU9GprB42/nCK TGNKG3CueDg8s/+k4ZaTU2QRm0J7t2SnR1YQ/kxEbjutU7R8j8cswXXbHO0uJIWOW2VC CjTA==
Received: by 10.66.81.202 with SMTP id c10mr163709pay.20.1342565787541; Tue, 17 Jul 2012 15:56:27 -0700 (PDT)
Received: from [10.0.0.4] (c-24-5-69-173.hsd1.ca.comcast.net. [24.5.69.173]) by mx.google.com with ESMTPS id gl1sm14857340pbc.71.2012.07.17.15.56.25 (version=TLSv1/SSLv3 cipher=OTHER); Tue, 17 Jul 2012 15:56:26 -0700 (PDT)
Mime-Version: 1.0 (Apple Message framework v1278)
Content-Type: multipart/alternative; boundary="Apple-Mail=_3FE7E759-232C-41FB-85F2-ECD3600203F1"
From: Dick Hardt 
In-Reply-To: 
Date: Tue, 17 Jul 2012 15:56:24 -0700
Message-Id: 
References:  <6C34F5DD-9CA7-40B0-B2DE-FB5E0A0D94D4@gmail.com> 
To: Michael Scalia 
X-Mailer: Apple Mail (2.1278)
Cc: "oauth@ietf.org WG" 
Subject: Re: [OAUTH-WG] draft-ietf-oauth-v2
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG 
List-Unsubscribe: , 
List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: , 
X-List-Received-Date: Tue, 17 Jul 2012 22:55:39 -0000

--Apple-Mail=_3FE7E759-232C-41FB-85F2-ECD3600203F1
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
	charset=iso-8859-1

Thanks for the implementation feedback Michael.

-- Dick

On Jul 17, 2012, at 3:46 PM, Michael Scalia wrote:

> Thanks for your response, Dick, and for pointing out that this is =
RECOMMENDED.  I'll just say one more thing about this.  While =
implementing the token endpoint of an authorization server, I naturally =
looked for the things I needed to account for in the request under 4.1.3 =
 Access Token Request.  I missed this because it wasn't with the other =
information about access token requests.  Others may miss it as well, =
for the same reason.  Just happened to notice this today under 4.1.2 =
while re-reading the spec.
>=20
> Regards,
> Michael
>=20
> On Tue, Jul 17, 2012 at 6:09 PM, Dick Hardt  =
wrote:
> Thanks for the feedback Michael.
>=20
> 4.1.2 is where the authorization code is first talked about, and it =
makes sense to discuss how it is generated and used at that point. I can =
see how it might also be useful to put it in 4.1.3. Note that this is =
this is RECOMMENDED as opposed to MUST so it does not flow into "The =
authorization server MUST" list of points.
>=20
> Personally, I don't see a need to change. Anyone else have an opinion =
on this?
>=20
> -- Dick
>=20
> On Jul 17, 2012, at 2:22 PM, Michael Scalia wrote:
>=20
> > Dear OAuth Authors,
> >
> > I'm not sure if this is the right way to suggest an edit to the =
current OAuth draft.  Please let me know if I should use a different =
route.
> >
> > Section 4.1.2 Authorization Response includes the text, "If an =
authorization code is used more than once, the authorization server MUST =
deny the request and SHOULD revoke (when possible) all tokens previously =
issued based on that authorization code.  The authorization code is =
bound to the client identifier and redirection URI."
> >
> > I believe this text is in the wrong place.  A client does not supply =
the authorization code to the authorization endpoint.  It supplies it to =
the token endpoint.  This should move to 4.1.3. Access Token Request, in =
the list of bulleted items under "The authorization server MUST".
> >
> > Thanks for all your work on this protocol.
> >
> > Regards,
> > Michael Scalia
>=20
>=20


--Apple-Mail=_3FE7E759-232C-41FB-85F2-ECD3600203F1
Content-Transfer-Encoding: 7bit
Content-Type: text/html;
	charset=iso-8859-1

Thanks for the implementation feedback Michael.

-- Dick

On Jul 17, 2012, at 3:46 PM, Michael Scalia wrote:

Thanks for your response, Dick, and for pointing out that this is RECOMMENDED.  I'll just say one more thing about this.  While implementing the token endpoint of an authorization server, I naturally looked for the things I needed to account for in the request under 4.1.3 
Access Token Request.  I missed this because it wasn't with the other information about access token requests.  Others may miss it as well, for the same reason.  Just happened to notice this today under 4.1.2 while re-reading the spec.


Regards,
Michael

On Tue, Jul 17, 2012 at 6:09 PM, Dick Hardt <dick.hardt@gmail.com> wrote:


Thanks for the feedback Michael.



4.1.2 is where the authorization code is first talked about, and it makes sense to discuss how it is generated and used at that point. I can see how it might also be useful to put it in 4.1.3. Note that this is this is RECOMMENDED as opposed to MUST so it does not flow into "The authorization server MUST" list of points.




Personally, I don't see a need to change. Anyone else have an opinion on this?



-- Dick




On Jul 17, 2012, at 2:22 PM, Michael Scalia wrote:



> Dear OAuth Authors,

>

> I'm not sure if this is the right way to suggest an edit to the current OAuth draft.  Please let me know if I should use a different route.

>

> Section 4.1.2 Authorization Response includes the text, "If an authorization code is used more than once, the authorization server MUST deny the request and SHOULD revoke (when possible) all tokens previously issued based on that authorization code.  The authorization code is bound to the client identifier and redirection URI."


>

> I believe this text is in the wrong place.  A client does not supply the authorization code to the authorization endpoint.  It supplies it to the token endpoint.  This should move to 4.1.3. Access Token Request, in the list of bulleted items under "The authorization server MUST".


>

> Thanks for all your work on this protocol.

>

> Regards,

> Michael Scalia









--Apple-Mail=_3FE7E759-232C-41FB-85F2-ECD3600203F1--

From ve7jtb@ve7jtb.com  Tue Jul 17 17:18:15 2012
Return-Path: 
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 56CEE11E80EB for ; Tue, 17 Jul 2012 17:18:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.498
X-Spam-Level: 
X-Spam-Status: No, score=-3.498 tagged_above=-999 required=5 tests=[AWL=0.100,  BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id l-ZBKWE6kqSC for ; Tue, 17 Jul 2012 17:18:14 -0700 (PDT)
Received: from mail-ob0-f172.google.com (mail-ob0-f172.google.com [209.85.214.172]) by ietfa.amsl.com (Postfix) with ESMTP id 7940911E80F1 for ; Tue, 17 Jul 2012 17:18:14 -0700 (PDT)
Received: by obbwc20 with SMTP id wc20so1493516obb.31 for ; Tue, 17 Jul 2012 17:19:03 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=subject:mime-version:content-type:from:in-reply-to:date:cc :message-id:references:to:x-mailer:x-gm-message-state; bh=oL+O49R5QCQQEqqiBm/aqxU27cZCtao1qBBVTn/AuIU=; b=HScWQYgLmwIyIJcm3EBIDwlRZ6zHaF/YVe29LNwDtK49FLILeKO78ROvK+Om0r5/Jq mPiKFvHNnCfe64O1a0sX0okB5m9YRSRfxqcMuwF3U8T/fq/ePhKON/4zs3Izww0ohrZA L1aYfuu7sTnXKjUuJkLXxXOsdE1sdKGxPhL7HBcLGqz/CqCC1p6uDqCcjYE9UPfZz4Dk n0+g/0/nH/h8SaO9L4Chg7Et9kS/YaHHO5HqNZ377GE3gjPZd/MAs3mZiK7Gli1tARox VuEarBaw85IS8wPEmLf+f/U7ELRn8p4kuwrJiEj/UGcB4RrWk0TxLCBVOwQMjwmwrda9 PFIg==
Received: by 10.182.8.6 with SMTP id n6mr6259554oba.39.1342570742848; Tue, 17 Jul 2012 17:19:02 -0700 (PDT)
Received: from [172.17.10.233] ([66.110.180.66]) by mx.google.com with ESMTPS id o4sm12523755oef.11.2012.07.17.17.19.00 (version=TLSv1/SSLv3 cipher=OTHER); Tue, 17 Jul 2012 17:19:02 -0700 (PDT)
Mime-Version: 1.0 (Apple Message framework v1278)
Content-Type: multipart/alternative; boundary="Apple-Mail=_D7071F89-2F13-49BB-8D62-925C00FF84EB"
From: John Bradley 
In-Reply-To: 
Date: Tue, 17 Jul 2012 18:18:58 -0600
Message-Id: <67223838-8A20-45FB-B9A9-427732A4D05F@ve7jtb.com>
References:  <6C34F5DD-9CA7-40B0-B2DE-FB5E0A0D94D4@gmail.com>  
To: Dick Hardt 
X-Mailer: Apple Mail (2.1278)
X-Gm-Message-State: ALoCoQmwBCbcxqoAcBonXsR3tPKH9ef18KH7H0K6GvymNSsOIDqPk2Q5PKb3Lbgzk0Qku3umLqRr
Cc: Michael Scalia , "oauth@ietf.org WG" 
Subject: Re: [OAUTH-WG] draft-ietf-oauth-v2
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG 
List-Unsubscribe: , 
List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: , 
X-List-Received-Date: Wed, 18 Jul 2012 00:18:15 -0000

--Apple-Mail=_D7071F89-2F13-49BB-8D62-925C00FF84EB
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
	charset=iso-8859-1

I think mentioning it when code is first described is sufficient.

The token endpoint is normally part of a Authorization server and must =
both produce and consume the code.

I understand the request, but duplicating text for every step in a flow =
that parameter is used would cause the spec to be much larger.

I don't see a need for a change at this point in the process.

Regards
John Bradley
On 2012-07-17, at 4:56 PM, Dick Hardt wrote:

> Thanks for the implementation feedback Michael.
>=20
> -- Dick
>=20
> On Jul 17, 2012, at 3:46 PM, Michael Scalia wrote:
>=20
>> Thanks for your response, Dick, and for pointing out that this is =
RECOMMENDED.  I'll just say one more thing about this.  While =
implementing the token endpoint of an authorization server, I naturally =
looked for the things I needed to account for in the request under 4.1.3 =
 Access Token Request.  I missed this because it wasn't with the other =
information about access token requests.  Others may miss it as well, =
for the same reason.  Just happened to notice this today under 4.1.2 =
while re-reading the spec.
>>=20
>> Regards,
>> Michael
>>=20
>> On Tue, Jul 17, 2012 at 6:09 PM, Dick Hardt  =
wrote:
>> Thanks for the feedback Michael.
>>=20
>> 4.1.2 is where the authorization code is first talked about, and it =
makes sense to discuss how it is generated and used at that point. I can =
see how it might also be useful to put it in 4.1.3. Note that this is =
this is RECOMMENDED as opposed to MUST so it does not flow into "The =
authorization server MUST" list of points.
>>=20
>> Personally, I don't see a need to change. Anyone else have an opinion =
on this?
>>=20
>> -- Dick
>>=20
>> On Jul 17, 2012, at 2:22 PM, Michael Scalia wrote:
>>=20
>> > Dear OAuth Authors,
>> >
>> > I'm not sure if this is the right way to suggest an edit to the =
current OAuth draft.  Please let me know if I should use a different =
route.
>> >
>> > Section 4.1.2 Authorization Response includes the text, "If an =
authorization code is used more than once, the authorization server MUST =
deny the request and SHOULD revoke (when possible) all tokens previously =
issued based on that authorization code.  The authorization code is =
bound to the client identifier and redirection URI."
>> >
>> > I believe this text is in the wrong place.  A client does not =
supply the authorization code to the authorization endpoint.  It =
supplies it to the token endpoint.  This should move to 4.1.3. Access =
Token Request, in the list of bulleted items under "The authorization =
server MUST".
>> >
>> > Thanks for all your work on this protocol.
>> >
>> > Regards,
>> > Michael Scalia
>>=20
>>=20
>=20
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth


--Apple-Mail=_D7071F89-2F13-49BB-8D62-925C00FF84EB
Content-Transfer-Encoding: quoted-printable
Content-Type: text/html;
	charset=iso-8859-1

I =
think mentioning it when code is first described is =
sufficient.

The token endpoint is normally part of a =
Authorization server and must both produce and consume the =
code.

I understand the request, but duplicating =
text for every step in a flow that parameter is used would cause the =
spec to be much larger.

I don't see a need for =
a change at this point in the =
process.

Regards
John =
Bradley
On 2012-07-17, at 4:56 PM, Dick Hardt =
wrote:

Thanks for the =
implementation feedback Michael.

-- =
Dick

On Jul 17, 2012, at 3:46 PM, Michael Scalia =
wrote:

Thanks for your response, Dick, and for pointing out that =
this is RECOMMENDED.  I'll just say one more thing about this. =
 While implementing the token endpoint of an authorization server, =
I naturally looked for the things I needed to account for in the request =
under 4.1.3 
Access Token Request.  I missed this because it wasn't with the =
other information about access token requests.  Others may miss it =
as well, for the same reason.  Just happened to notice this today =
under 4.1.2 while re-reading the spec.


Regards,
Michael

On Tue, Jul 17, 2012 at 6:09 PM, Dick Hardt <dick.hardt@gmail.com> wrote:


Thanks for the =
feedback Michael.



4.1.2 is where the authorization code is first talked about, and it =
makes sense to discuss how it is generated and used at that point. I can =
see how it might also be useful to put it in 4.1.3. Note that this is =
this is RECOMMENDED as opposed to MUST so it does not flow into "The =
authorization server MUST" list of points.




Personally, I don't see a need to change. Anyone else have an opinion on =
this?



-- Dick




On Jul 17, 2012, at 2:22 PM, Michael Scalia wrote:



> Dear OAuth Authors,

>

> I'm not sure if this is the right way to suggest an edit to the =
current OAuth draft.  Please let me know if I should use a =
different route.

>

> Section 4.1.2 Authorization Response includes the text, "If an =
authorization code is used more than once, the authorization server MUST =
deny the request and SHOULD revoke (when possible) all tokens previously =
issued based on that authorization code.  The authorization code is =
bound to the client identifier and redirection URI."


>

> I believe this text is in the wrong place.  A client does not =
supply the authorization code to the authorization endpoint.  It =
supplies it to the token endpoint.  This should move to 4.1.3. =
Access Token Request, in the list of bulleted items under "The =
authorization server MUST".


>

> Thanks for all your work on this protocol.

>

> Regards,

> Michael Scalia






=


_________________________________=
______________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/=
mailman/listinfo/oauth

=

--Apple-Mail=_D7071F89-2F13-49BB-8D62-925C00FF84EB--

From James.H.Manger@team.telstra.com  Tue Jul 17 17:27:27 2012
Return-Path: 
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C238C11E80F6; Tue, 17 Jul 2012 17:27:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.956
X-Spam-Level: 
X-Spam-Status: No, score=-0.956 tagged_above=-999 required=5 tests=[AWL=-0.055, BAYES_00=-2.599, HELO_EQ_AU=0.377, HOST_EQ_AU=0.327, RELAY_IS_203=0.994]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id treaI7iuDqP1; Tue, 17 Jul 2012 17:27:27 -0700 (PDT)
Received: from ipxano.tcif.telstra.com.au (ipxano.tcif.telstra.com.au [203.35.82.200]) by ietfa.amsl.com (Postfix) with ESMTP id 4909411E80F5; Tue, 17 Jul 2012 17:27:25 -0700 (PDT)
X-IronPort-AV: E=Sophos;i="4.77,606,1336312800"; d="scan'208";a="87682939"
Received: from unknown (HELO ipcbni.tcif.telstra.com.au) ([10.97.216.204]) by ipoani.tcif.telstra.com.au with ESMTP; 18 Jul 2012 10:28:14 +1000
X-IronPort-AV: E=McAfee;i="5400,1158,6775"; a="77242677"
Received: from wsmsg3751.srv.dir.telstra.com ([172.49.40.172]) by ipcbni.tcif.telstra.com.au with ESMTP; 18 Jul 2012 10:28:13 +1000
Received: from WSMSG3153V.srv.dir.telstra.com ([172.49.40.159]) by WSMSG3751.srv.dir.telstra.com ([172.49.40.172]) with mapi; Wed, 18 Jul 2012 10:28:12 +1000
From: "Manger, James H" 
To: Julian Reschke , Alexey Melnikov 
Date: Wed, 18 Jul 2012 10:28:10 +1000
Thread-Topic: [OAUTH-WG] [Gen-art] Gen-ART Telechat review of draft-ietf-oauth-v2-bearer-22.txt
Thread-Index: Ac1kR5MkkfAq4EaNRjmv2hIjueeUCAAMpy3g
Message-ID: <255B9BB34FB7D647A506DC292726F6E114F7C98546@WSMSG3153V.srv.dir.telstra.com>
References: <4E1F6AAD24975D4BA5B16804296739436673769B@TK5EX14MBXC285.redmond.corp.microsoft.com> <5005A9D4.5010003@gmx.de>
In-Reply-To: <5005A9D4.5010003@gmx.de>
Accept-Language: en-US, en-AU
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
acceptlanguage: en-US, en-AU
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Cc: General Area Review Team , The IESG , "draft-ietf-oauth-v2-bearer.all@tools.ietf.org" , "oauth@ietf.org" 
Subject: Re: [OAUTH-WG] [Gen-art] Gen-ART Telechat review of	draft-ietf-oauth-v2-bearer-22.txt
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG 
List-Unsubscribe: , 
List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: , 
X-List-Received-Date: Wed, 18 Jul 2012 00:27:27 -0000

Pj4gY2FuIHlvdSBwbGVhc2UgcmVuYW1lIHRoZSBwcm9kdWN0aW9uIHRvIHNvbWV0aGluZyB3aGlj
aCBpcyBjbGVhcmx5IG5vdCBhIGJhc2U2NCBzdHJpbmcuDQoNCj4gSFRUUGJpcyBkZXNjcmliZXMg
dGhlIHByb2R1Y3Rpb24gYXM6DQo+IA0KPiAiVGhlICJiNjR0b2tlbiIgc3ludGF4IGFsbG93cyB0
aGUgNjYgdW5yZXNlcnZlZCBVUkkgY2hhcmFjdGVycw0KPiAoW1JGQzM5ODZdKSwgcGx1cyBhIGZl
dyBvdGhlcnMsIHNvIHRoYXQgaXQgY2FuIGhvbGQgYSBiYXNlNjQsIGJhc2U2NHVybA0KPiAoVVJM
IGFuZCBmaWxlbmFtZSBzYWZlIGFscGhhYmV0KSwgYmFzZTMyLCBvciBiYXNlMTYgKGhleCkgZW5j
b2RpbmcsDQo+IHdpdGgNCj4gb3Igd2l0aG91dCBwYWRkaW5nLCBidXQgZXhjbHVkaW5nIHdoaXRl
c3BhY2UgKFtSRkM0NjQ4XSkuIiAtLQ0KPiA8aHR0cDovL2dyZWVuYnl0ZXMuZGUvdGVjaC93ZWJk
YXYvZHJhZnQtaWV0Zi1odHRwYmlzLXA3LWF1dGgtDQo+IDIwLmh0bWwjcmZjLnNlY3Rpb24uMi4x
LnAuND4NCj4gDQo+IEkgdGhpbmsgdGhhdCdzIHN1ZmZpY2llbnRseSBjbGVhciwgYW5kICJiNjR0
b2tlbiIgaXMgYWN0dWFsbHkgYSBnb29kDQo+IG5hbWUgZm9yIHRoYXQgQUJORiBwcm9kdWN0aW9u
Lg0KDQpUaGUgKnRleHQqIGlzIGNsZWFyLCBidXQgQWxleGV5IGlzbid0IHRoZSBmaXJzdCAob3Ig
bGFzdCkgcGVyc29uIHNlZSB0aGUgbGFiZWwgImI2NHRva2VuIiBhbmQgYXNzdW1lIGl0IGFsd2F5
cyBob2xkcyBhIGJhc2U2NC1lbmNvZGluZy4NCkhvdyBhYm91dCByZW5hbWluZyB0aGUgcHJvZHVj
dGlvbiB0byAidG9rZW42OCIsIHJlZmxlY3RpbmcgdGhlIGZhY3QgdGhhdCBpdCBzdXBwb3J0cyBh
biBhbHBoYWJldCBvZiA2OCBjaGFyYWN0ZXJzIChwbHVzIGVxdWFsIHNpZ25zIGF0IHRoZSBlbmQp
Pw0KDQotLQ0KSmFtZXMgTWFuZ2VyDQo=

From alexey.melnikov@isode.com  Wed Jul 18 04:37:04 2012
Return-Path: 
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2372421F86B7; Wed, 18 Jul 2012 04:37:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.996
X-Spam-Level: 
X-Spam-Status: No, score=-102.996 tagged_above=-999 required=5 tests=[AWL=-0.397, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UpN8SmL9icwr; Wed, 18 Jul 2012 04:37:03 -0700 (PDT)
Received: from statler.isode.com (statler.isode.com [62.3.217.254]) by ietfa.amsl.com (Postfix) with ESMTP id 3631A21F869D; Wed, 18 Jul 2012 04:37:03 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; t=1342611471; d=isode.com; s=selector; i=@isode.com; bh=CXrghOeFzyerB+sc1r3pz2TSl+uOF5/2rE3b8GzbZCo=; h=From:Sender:Reply-To:Subject:Date:Message-ID:To:Cc:MIME-Version: In-Reply-To:References:Content-Type:Content-Transfer-Encoding: Content-ID:Content-Description; b=Gd9QP7M5IfM4PTpUgw4rxZBV9kmfjFHuvdfQtJW3oNxIBgjAukFuImZoeFKctsNwHPqArh lpMhhbZZ/DBZ3QH0+ZocI4vt9BiYI/pXY3c6hcwoNYHtYL1QG2SzwrdLTYgppWb/MkA9ZP uH/VS32pXHE/fRIqvhQR3BJaT7ULcOY=;
Received: from [172.16.1.29] (shiny.isode.com [62.3.217.250])  by statler.isode.com (submission channel) via TCP with ESMTPSA  id ; Wed, 18 Jul 2012 12:37:51 +0100
X-SMTP-Protocol-Errors: PIPELINING
Message-ID: <5006A010.60408@isode.com>
Date: Wed, 18 Jul 2012 12:37:52 +0100
From: Alexey Melnikov 
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:13.0) Gecko/20120614 Thunderbird/13.0.1
To: Mike Jones 
References: <4E1F6AAD24975D4BA5B16804296739436673769B@TK5EX14MBXC285.redmond.corp.microsoft.com>
In-Reply-To: <4E1F6AAD24975D4BA5B16804296739436673769B@TK5EX14MBXC285.redmond.corp.microsoft.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Cc: "draft-ietf-oauth-v2-bearer.all@tools.ietf.org" , Julian Reschke , General Area Review Team , The IESG , "oauth@ietf.org" 
Subject: Re: [OAUTH-WG] [Gen-art] Gen-ART Telechat review of draft-ietf-oauth-v2-bearer-22.txt
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG 
List-Unsubscribe: , 
List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: , 
X-List-Received-Date: Wed, 18 Jul 2012 11:37:04 -0000

On 17/07/2012 19:01, Mike Jones wrote:
> You should actually probably make that name change request to the HTTPbis working group.  I suspect that if they decide to change the name, that we could direct the RFC editor to make the same name change as HTTPbis does.
It looks like the discussion of changing this in HTTPBIS is in progress 
now.
> 				-- Mike
>
> -----Original Message-----
> From: Alexey Melnikov [mailto:alexey.melnikov@isode.com]
> Sent: Tuesday, July 17, 2012 10:58 AM
> To: Mike Jones
> Cc: Julian Reschke; The IESG; General Area Review Team; oauth@ietf.org; draft-ietf-oauth-v2-bearer.all@tools.ietf.org; Stephen Farrell
> Subject: Re: [Gen-art] [OAUTH-WG] Gen-ART Telechat review of draft-ietf-oauth-v2-bearer-22.txt
>
> On 17/07/2012 18:15, Mike Jones wrote:
>> For clarity of discussion, the definition in question is:
>>        b64token    = 1*( ALPHA / DIGIT /
>>                          "-" / "." / "_" / "~" / "+" / "/" ) *"="
>>
>> Note that b64token is a liberal syntax intended to permit base64 encoded content (hence the inclusion of the "+" and "/" characters and the optional trailing "=" characters), base64url encoded content (hence the inclusion of the "-" and "_" characters) and other URL-safe productions (hence the inclusion of the "." and "~" characters).
>>
>> Its use is definitely not intended to be restricted to base64 encoded content, per RFC 4648. If it were so restricted (by not allowing ".", for instance), this would exclude the use of JWTs as bearer tokens, for instance, which is something we *definitely* want to allow.
>>
>> As a result, I don't think adding a reference to RFC 4648 is either necessary or appropriate.
> In this case, can you please rename the production to something which is clearly not a base64 string.
>
>> Julian may be able to provide more background.
>>
>> 				Best wishes,
>> 				-- Mike
>>
>> -----Original Message-----
>> From: Alexey Melnikov [mailto:alexey.melnikov@isode.com]
>> Sent: Tuesday, July 17, 2012 10:02 AM
>> To: Julian Reschke; Mike Jones
>> Cc: The IESG; General Area Review Team; oauth@ietf.org;
>> draft-ietf-oauth-v2-bearer.all@tools.ietf.org; Stephen Farrell
>> Subject: Re: [Gen-art] [OAUTH-WG] Gen-ART Telechat review of
>> draft-ietf-oauth-v2-bearer-22.txt
>>
>> On 17/07/2012 17:40, Julian Reschke wrote:
>>> On 2012-07-17 18:10, Mike Jones wrote:
>>>> FYI, the b64 token definition is identical to the one in
>>>> draft-ietf-httpbis-p7-auth-20.  If it works there, it should work
>>>> for OAuth Bearer.
>>>> ...
>>> +1; not every constraint needs to be expressed in the ABNF. "b64token"
>>> is here so recipients can parse the header field; it's up to the auth
>>> scheme to state what the addition constraints are; and that can
>>> happen in prose.
>> I didn't say that it has to be expressed in ABNF (although I obviously wouldn't mind). I would like an ABNF comment pointing to the document which defines base64.


From stephen.farrell@cs.tcd.ie  Fri Jul 20 07:51:10 2012
Return-Path: 
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E422021F866D for ; Fri, 20 Jul 2012 07:51:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.2
X-Spam-Level: 
X-Spam-Status: No, score=-102.2 tagged_above=-999 required=5 tests=[AWL=-0.399, BAYES_00=-2.599, SARE_SUB_RAND_LETTRS4=0.799, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CoKRUR4VDTcA for ; Fri, 20 Jul 2012 07:51:10 -0700 (PDT)
Received: from scss.tcd.ie (hermes.scss.tcd.ie [IPv6:2001:770:10:200:889f:cdff:fe8d:ccd2]) by ietfa.amsl.com (Postfix) with ESMTP id CC9D621F8669 for ; Fri, 20 Jul 2012 07:51:09 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by hermes.scss.tcd.ie (Postfix) with ESMTP id 3CE1717148B for ; Fri, 20 Jul 2012 15:52:05 +0100 (IST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.tcd.ie; h= content-transfer-encoding:content-type:subject:mime-version :user-agent:from:date:message-id:received:received: x-virus-scanned; s=cs; t=1342795924; bh=BRrA9B3uzMBxTePT6iB0BPQR 4sdgZbbpJb7THpKqud8=; b=MeViDIzwLd5QLkPztVJopH7G88jWG4tThGsMRe9L 3MOMrwi5NFbzpNQOUgeBAx1uLntyrg9T+OGHhHCbWrIgi8Z6oY6iwkAYJ8CZubXH PmnHyKxU6F36BQ1yfH3wNipyoTZkH1fKALrLkHm3LEz6C62H2cYGqL4z4TwaSXRU cTnhg4+0tf0YA0ZLPWgfNmFqdVjHGWED1hT1dDmS/GF9/EQhm+zmOW3US61F35X3 C3qvShOvwcWA46WzOYvYBF3FVJC5wd/PcBwTbm6kD9vUR1/cNumpJPpL/NNJfmLM JxID6W7/bymwiyDgkLXRZvY12Ps+w2pMpG3GSozdoUpmTw==
X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie
Received: from scss.tcd.ie ([127.0.0.1]) by localhost (scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10027) with ESMTP id rJpoQQwmkWtn for ; Fri, 20 Jul 2012 15:52:04 +0100 (IST)
Received: from [IPv6:2001:770:10:203:e08f:9c9a:c76d:2d13] (unknown [IPv6:2001:770:10:203:e08f:9c9a:c76d:2d13]) by smtp.scss.tcd.ie (Postfix) with ESMTPSA id C8A42171475 for ; Fri, 20 Jul 2012 15:52:04 +0100 (IST)
Message-ID: <50097096.3010308@cs.tcd.ie>
Date: Fri, 20 Jul 2012 15:52:06 +0100
From: Stephen Farrell 
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:14.0) Gecko/20120714 Thunderbird/14.0
MIME-Version: 1.0
To: "oauth@ietf.org" 
X-Enigmail-Version: 1.4.3
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Subject: [OAUTH-WG] draft-ietf-oauth-urbn-sub-ns
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG 
List-Unsubscribe: , 
List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: , 
X-List-Received-Date: Fri, 20 Jul 2012 14:51:11 -0000

Hi,

This draft was approved on yesterday's IESG telechat.

Before sending it off to the RFC editor would you take
a look at the comments [1] and let me know if there are
any changes worth making.

If they're tiny but worth doing, (which they probably are)
I can put them in as an RFC editor note, so there's no need
for a new version. (And you couldn't post one anyway right
now since we're in the pre-meeting blackout phase.)

And of course, sooner is better than later...

Thanks,
S.

[1] https://datatracker.ietf.org/doc/draft-ietf-oauth-urn-sub-ns/ballot/

From stephen.farrell@cs.tcd.ie  Sun Jul 22 15:34:00 2012
Return-Path: 
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3005321F864F; Sun, 22 Jul 2012 15:34:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -103.932
X-Spam-Level: 
X-Spam-Status: No, score=-103.932 tagged_above=-999 required=5 tests=[AWL=-1.333, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZIEaLHbBcbVq; Sun, 22 Jul 2012 15:33:58 -0700 (PDT)
Received: from scss.tcd.ie (hermes.scss.tcd.ie [IPv6:2001:770:10:200:889f:cdff:fe8d:ccd2]) by ietfa.amsl.com (Postfix) with ESMTP id B786E21F85C6; Sun, 22 Jul 2012 15:33:58 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by hermes.scss.tcd.ie (Postfix) with ESMTP id BA94F157E9A; Sun, 22 Jul 2012 23:33:54 +0100 (IST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.tcd.ie; h= content-transfer-encoding:content-type:subject:mime-version :user-agent:from:date:message-id:received:received: x-virus-scanned; s=cs; t=1342996434; bh=KFVm42J1lK5bRFuUh8JyZ+iM aTUN3CmIaI3V42VIhFk=; b=n2xboGdZhL8XK+WHpYCHdOqAnh2CtzMHjY5trY2h ULRxH3dnuEhInsUSoO0HxHPdolbSFVbActfFOYUwL2fDQsRiOxwY3mVGxDe5fm5+ U5Dq2kpc5QTuYIDbUjBOPd6CBYX2pZIxyHQDaJaPx6DvPIbQ8sc4dVMHhPw6yIHV U27UmZy8Xnj55tA0LRSA+C/mnULRWOdeKe1HhkVdcMOVgK67Khdj+RG/1IHNlXxs sCxyMTzeaqvdgMxv36NTGxmOmueI7Hmq7zjEh8tSOtsKZZsAR+xOd1EFsV5DWLbs KF/y3M0XQ766ZtF2R2vIleseywxIpvi0rThc/dpa9Z8/Kg==
X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie
Received: from scss.tcd.ie ([127.0.0.1]) by localhost (scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10027) with ESMTP id HfbGbwtBY-eo; Sun, 22 Jul 2012 23:33:54 +0100 (IST)
Received: from [10.87.48.8] (unknown [86.45.58.178]) by smtp.scss.tcd.ie (Postfix) with ESMTPSA id 1C723157BFE; Sun, 22 Jul 2012 23:33:53 +0100 (IST)
Message-ID: <500C7FD1.4050408@cs.tcd.ie>
Date: Sun, 22 Jul 2012 23:33:53 +0100
From: Stephen Farrell 
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:14.0) Gecko/20120714 Thunderbird/14.0
MIME-Version: 1.0
To: "oauth@ietf.org" , IETF-Discussion 
X-Enigmail-Version: 1.4.3
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Subject: [OAUTH-WG] oauth-bearer and rfc 2617/httpbis authentication framework
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG 
List-Unsubscribe: , 
List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: , 
X-List-Received-Date: Sun, 22 Jul 2012 22:34:00 -0000

Hi all,

I'd like to check that some recent minor changes to this
document [1] don't cause technical or process-grief.

The version [2] of the oauth bearer draft that underwent
IETF LC and IESG evaluation had a normative dependency
on the httpbis wg's authentication framework. [3]

After resolving IESG discuss positions the authors and
wg chairs felt that it would be better to replace the
normative reference to the httpbis wg draft [3] with one
to RFC 2617 [4] so that the OAuth drafts wouldn't be held
in the RFC editor queue waiting on the httpbis wg to get
done.

I believe there is no impact on interop resulting from
this change but there has been some disagreement about
making it and how it was made. After some offlist discussion
I think we now have an RFC editor note [5] that means that
the current scheme of referring to RFC 2617 is ok.

If there are no problems with this in the next week I'll
move the document [1] along as-is.

Thanks,
Stephen.

[1] http://tools.ietf.org/html/draft-ietf-oauth-v2-bearer
[2] http://tools.ietf.org/html/draft-ietf-oauth-v2-bearer-18
[3] http://tools.ietf.org/html/draft-ietf-httpbis-p7-auth
[4] http://tools.ietf.org/html/rfc2617
[5] https://datatracker.ietf.org/doc/draft-ietf-oauth-v2-bearer/writeup/


From julian.reschke@gmx.de  Mon Jul 23 00:57:14 2012
Return-Path: 
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E991521F869A for ; Mon, 23 Jul 2012 00:57:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -105.097
X-Spam-Level: 
X-Spam-Status: No, score=-105.097 tagged_above=-999 required=5 tests=[AWL=-2.498, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id N4qwZl+FV8hV for ; Mon, 23 Jul 2012 00:57:14 -0700 (PDT)
Received: from mailout-de.gmx.net (mailout-de.gmx.net [213.165.64.23]) by ietfa.amsl.com (Postfix) with SMTP id E82BC21F8670 for ; Mon, 23 Jul 2012 00:57:13 -0700 (PDT)
Received: (qmail invoked by alias); 23 Jul 2012 07:57:12 -0000
Received: from p5DD97081.dip.t-dialin.net (EHLO [192.168.178.36]) [93.217.112.129] by mail.gmx.net (mp069) with SMTP; 23 Jul 2012 09:57:12 +0200
X-Authenticated: #1915285
X-Provags-ID: V01U2FsdGVkX1+Cy2Bcl3+Crwy6BdDcCRFiSgTPGXsCs/AA/hZ6Ec yCG9btavvqelDY
Message-ID: <500D03C9.9030305@gmx.de>
Date: Mon, 23 Jul 2012 09:56:57 +0200
From: Julian Reschke 
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:14.0) Gecko/20120713 Thunderbird/14.0
MIME-Version: 1.0
To: Stephen Farrell 
References: <500C7FD1.4050408@cs.tcd.ie>
In-Reply-To: <500C7FD1.4050408@cs.tcd.ie>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Y-GMX-Trusted: 0
Cc: "oauth@ietf.org" , IETF-Discussion 
Subject: Re: [OAUTH-WG] oauth-bearer and rfc 2617/httpbis authentication framework
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG 
List-Unsubscribe: , 
List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: , 
X-List-Received-Date: Mon, 23 Jul 2012 07:57:15 -0000

On 2012-07-23 00:33, Stephen Farrell wrote:
>
> Hi all,
>
> I'd like to check that some recent minor changes to this
> document [1] don't cause technical or process-grief.
>
> The version [2] of the oauth bearer draft that underwent
> IETF LC and IESG evaluation had a normative dependency
> on the httpbis wg's authentication framework. [3]
>
> After resolving IESG discuss positions the authors and
> wg chairs felt that it would be better to replace the
> normative reference to the httpbis wg draft [3] with one
> to RFC 2617 [4] so that the OAuth drafts wouldn't be held
> in the RFC editor queue waiting on the httpbis wg to get
> done.
>
> I believe there is no impact on interop resulting from
> this change but there has been some disagreement about
> making it and how it was made. After some offlist discussion
> I think we now have an RFC editor note [5] that means that
> the current scheme of referring to RFC 2617 is ok.
> ...

Quoting:

> NEW:
>
>    The "Authorization" header for this scheme follows the usage
>    of the Basic scheme [RFC2617]. Note that, as with Basic, this
>    is compatible with the the general authentication framework
>    being developed for HTTP 1.1 [I-D.ietf-httpbis-p7-auth], though
>    does not follow the preferred practice outlined therein in
>    order to reflect existing deployments. The syntax for Bearer
>    credentials is as follows:

That helps, but it still hides the fact that the syntax is not 
compatible with the RFC 2617 framework.

Also, s/header/header field/

Proposal:

"The syntax of the "Authorization" header field for this scheme follows 
the usage of the Basic scheme defined in Section 2 of [RFC2617]. Note 
that, as with Basic, it does not conform to the generic syntax defined 
in Section 1.2 of [RFC2617], but that it is compatible with the the 
general authentication framework being developed for HTTP 1.1 
[I-D.ietf-httpbis-p7-auth], although it does not follow the preferred 
practice outlined therein in order to reflect existing deployments.

The syntax for Bearer credentials is as follows: ..."

Best regards, Julian



From stephen.farrell@cs.tcd.ie  Mon Jul 23 04:33:58 2012
Return-Path: 
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E89E721F8710; Mon, 23 Jul 2012 04:33:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -103.571
X-Spam-Level: 
X-Spam-Status: No, score=-103.571 tagged_above=-999 required=5 tests=[AWL=-0.972, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nA0NKqq9Q7Lj; Mon, 23 Jul 2012 04:33:57 -0700 (PDT)
Received: from scss.tcd.ie (hermes.scss.tcd.ie [IPv6:2001:770:10:200:889f:cdff:fe8d:ccd2]) by ietfa.amsl.com (Postfix) with ESMTP id 3EDF721F8712; Mon, 23 Jul 2012 04:33:57 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by hermes.scss.tcd.ie (Postfix) with ESMTP id 9CADA157E9D; Mon, 23 Jul 2012 12:33:56 +0100 (IST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.tcd.ie; h= content-transfer-encoding:content-type:in-reply-to:references :subject:mime-version:user-agent:from:date:message-id:received :received:x-virus-scanned; s=cs; t=1343043236; bh=zlZVW7JnCAAOdA FCo3QjL6Cwgi5N0InfZKwshhb1c08=; b=Rz+B7GlBMZcglxfCDggSX5w/QjKA/j 4IeJEOb+ilqnziqo7EW42A6CASy1BzEZvCQrPphNIGj69ZoZ2Q0QrI2d3zZFvzwc 2NNeLApyqYoTo8UFoNh84WiuYN5p7IEBICyofrgl4Helh3qyylgmp4KJcTcEPzem tnid7Ot41Mq2a+GFsSeFMx/zafZRGWjemqDZ5kcUchp+CPaN3XzKqcQ5IBjLv1qR d8/YToOceD8HZ7oYznetIA1VZC3FQYSt7Boto+M7gWuf0/Zt9yuFCRugmOx1QAfA UUWh53HsLEm9tu4oy5KFCcPjGcaEXxyRU1lNpucAyZcOpJKiVFVtYRrQ==
X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie
Received: from scss.tcd.ie ([127.0.0.1]) by localhost (scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10027) with ESMTP id eK+TMG3t9T04; Mon, 23 Jul 2012 12:33:56 +0100 (IST)
Received: from [10.87.48.8] (unknown [86.45.58.178]) by smtp.scss.tcd.ie (Postfix) with ESMTPSA id B4F3A157B8D; Mon, 23 Jul 2012 12:33:49 +0100 (IST)
Message-ID: <500D369B.2070603@cs.tcd.ie>
Date: Mon, 23 Jul 2012 12:33:47 +0100
From: Stephen Farrell 
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:14.0) Gecko/20120714 Thunderbird/14.0
MIME-Version: 1.0
To: Julian Reschke 
References: <500C7FD1.4050408@cs.tcd.ie> <500D03C9.9030305@gmx.de>
In-Reply-To: <500D03C9.9030305@gmx.de>
X-Enigmail-Version: 1.4.3
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Cc: "oauth@ietf.org" , IETF-Discussion 
Subject: Re: [OAUTH-WG] oauth-bearer and rfc 2617/httpbis authentication framework
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG 
List-Unsubscribe: , 
List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: , 
X-List-Received-Date: Mon, 23 Jul 2012 11:33:59 -0000

Hiya,

On 07/23/2012 08:56 AM, Julian Reschke wrote:
> On 2012-07-23 00:33, Stephen Farrell wrote:
>>
>> Hi all,
>>
>> I'd like to check that some recent minor changes to this
>> document [1] don't cause technical or process-grief.
>>
>> The version [2] of the oauth bearer draft that underwent
>> IETF LC and IESG evaluation had a normative dependency
>> on the httpbis wg's authentication framework. [3]
>>
>> After resolving IESG discuss positions the authors and
>> wg chairs felt that it would be better to replace the
>> normative reference to the httpbis wg draft [3] with one
>> to RFC 2617 [4] so that the OAuth drafts wouldn't be held
>> in the RFC editor queue waiting on the httpbis wg to get
>> done.
>>
>> I believe there is no impact on interop resulting from
>> this change but there has been some disagreement about
>> making it and how it was made. After some offlist discussion
>> I think we now have an RFC editor note [5] that means that
>> the current scheme of referring to RFC 2617 is ok.
>> ...
> 
> Quoting:
> 
>> NEW:
>>
>>    The "Authorization" header for this scheme follows the usage
>>    of the Basic scheme [RFC2617]. Note that, as with Basic, this
>>    is compatible with the the general authentication framework
>>    being developed for HTTP 1.1 [I-D.ietf-httpbis-p7-auth], though
>>    does not follow the preferred practice outlined therein in
>>    order to reflect existing deployments. The syntax for Bearer
>>    credentials is as follows:
> 
> That helps, but it still hides the fact that the syntax is not
> compatible with the RFC 2617 framework.

"hides" isn't a goal:-)

> Also, s/header/header field/
> 
> Proposal:
> 
> "The syntax of the "Authorization" header field for this scheme follows
> the usage of the Basic scheme defined in Section 2 of [RFC2617]. Note
> that, as with Basic, it does not conform to the generic syntax defined
> in Section 1.2 of [RFC2617], but that it is compatible with the the
> general authentication framework being developed for HTTP 1.1
> [I-D.ietf-httpbis-p7-auth], although it does not follow the preferred
> practice outlined therein in order to reflect existing deployments.
> 
> The syntax for Bearer credentials is as follows: ..."

That looks better. I've updated the RFC editor note to
use your text.

Thanks,
S.

> 
> Best regards, Julian
> 
> 
> 
> 

From hannes.tschofenig@gmx.net  Mon Jul 23 05:56:50 2012
Return-Path: 
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D8EA811E8089 for ; Mon, 23 Jul 2012 05:56:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.616
X-Spam-Level: 
X-Spam-Status: No, score=-102.616 tagged_above=-999 required=5 tests=[AWL=-0.017, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ttiFkzuwgQey for ; Mon, 23 Jul 2012 05:56:50 -0700 (PDT)
Received: from mailout-de.gmx.net (mailout-de.gmx.net [213.165.64.23]) by ietfa.amsl.com (Postfix) with SMTP id E892611E807F for ; Mon, 23 Jul 2012 05:56:49 -0700 (PDT)
Received: (qmail invoked by alias); 23 Jul 2012 12:56:49 -0000
Received: from a88-115-216-191.elisa-laajakaista.fi (EHLO [192.168.100.110]) [88.115.216.191] by mail.gmx.net (mp039) with SMTP; 23 Jul 2012 14:56:49 +0200
X-Authenticated: #29516787
X-Provags-ID: V01U2FsdGVkX18bffJF5AEbrfZJBAuN9wkn/TuDbVEJNEOPBZlIRo J/pvxFr/pdgtQ5
Mime-Version: 1.0 (Apple Message framework v1084)
Content-Type: text/plain; charset=us-ascii
From: Hannes Tschofenig 
In-Reply-To: <500C7FD1.4050408@cs.tcd.ie>
Date: Mon, 23 Jul 2012 15:56:44 +0300
Content-Transfer-Encoding: 7bit
Message-Id: <920BB269-9539-4DB1-A7DB-DE1D2DC78F13@gmx.net>
References: <500C7FD1.4050408@cs.tcd.ie>
To: Stephen Farrell 
X-Mailer: Apple Mail (2.1084)
X-Y-GMX-Trusted: 0
Cc: "oauth@ietf.org WG" 
Subject: Re: [OAUTH-WG] oauth-bearer and rfc 2617/httpbis authentication framework
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG 
List-Unsubscribe: , 
List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: , 
X-List-Received-Date: Mon, 23 Jul 2012 12:56:51 -0000

Thank you Stephen for getting this RFC Editor note in. 

On Jul 23, 2012, at 1:33 AM, Stephen Farrell wrote:

> 
> Hi all,
> 
> I'd like to check that some recent minor changes to this
> document [1] don't cause technical or process-grief.
> 
> The version [2] of the oauth bearer draft that underwent
> IETF LC and IESG evaluation had a normative dependency
> on the httpbis wg's authentication framework. [3]
> 
> After resolving IESG discuss positions the authors and
> wg chairs felt that it would be better to replace the
> normative reference to the httpbis wg draft [3] with one
> to RFC 2617 [4] so that the OAuth drafts wouldn't be held
> in the RFC editor queue waiting on the httpbis wg to get
> done.
> 
> I believe there is no impact on interop resulting from
> this change but there has been some disagreement about
> making it and how it was made. After some offlist discussion
> I think we now have an RFC editor note [5] that means that
> the current scheme of referring to RFC 2617 is ok.
> 
> If there are no problems with this in the next week I'll
> move the document [1] along as-is.
> 
> Thanks,
> Stephen.
> 
> [1] http://tools.ietf.org/html/draft-ietf-oauth-v2-bearer
> [2] http://tools.ietf.org/html/draft-ietf-oauth-v2-bearer-18
> [3] http://tools.ietf.org/html/draft-ietf-httpbis-p7-auth
> [4] http://tools.ietf.org/html/rfc2617
> [5] https://datatracker.ietf.org/doc/draft-ietf-oauth-v2-bearer/writeup/
> 
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth


From hannes.tschofenig@gmx.net  Mon Jul 23 05:58:04 2012
Return-Path: 
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9900321F85D8 for ; Mon, 23 Jul 2012 05:58:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.616
X-Spam-Level: 
X-Spam-Status: No, score=-102.616 tagged_above=-999 required=5 tests=[AWL=-0.017, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fVu0putsN365 for ; Mon, 23 Jul 2012 05:58:04 -0700 (PDT)
Received: from mailout-de.gmx.net (mailout-de.gmx.net [213.165.64.22]) by ietfa.amsl.com (Postfix) with SMTP id E4F6121F8592 for ; Mon, 23 Jul 2012 05:58:03 -0700 (PDT)
Received: (qmail invoked by alias); 23 Jul 2012 12:58:02 -0000
Received: from a88-115-216-191.elisa-laajakaista.fi (EHLO [192.168.100.110]) [88.115.216.191] by mail.gmx.net (mp036) with SMTP; 23 Jul 2012 14:58:02 +0200
X-Authenticated: #29516787
X-Provags-ID: V01U2FsdGVkX1/19MNegdH1UNaxoIHgasKppzBjdv05iEtVVUmy9a QSlTYvDgmn7Gom
From: Hannes Tschofenig 
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Date: Mon, 23 Jul 2012 15:58:00 +0300
Message-Id: <9B29A741-1F17-4C3E-9704-03056B3159F0@gmx.net>
To: "oauth@ietf.org WG" 
Mime-Version: 1.0 (Apple Message framework v1084)
X-Mailer: Apple Mail (2.1084)
X-Y-GMX-Trusted: 0
Subject: [OAUTH-WG] No design team call today
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG 
List-Unsubscribe: , 
List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: , 
X-List-Received-Date: Mon, 23 Jul 2012 12:58:04 -0000

.... given the IETF meeting next week. 

Please read through the WG documents to be properly prepared. 

Ciao
Hannes


From hardjono@mit.edu  Mon Jul 23 08:02:25 2012
Return-Path: 
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 626B211E8099 for ; Mon, 23 Jul 2012 08:02:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.599
X-Spam-Level: 
X-Spam-Status: No, score=-3.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KcI+yl8KaOom for ; Mon, 23 Jul 2012 08:02:24 -0700 (PDT)
Received: from dmz-mailsec-scanner-8.mit.edu (DMZ-MAILSEC-SCANNER-8.MIT.EDU [18.7.68.37]) by ietfa.amsl.com (Postfix) with ESMTP id 490C211E8091 for ; Mon, 23 Jul 2012 08:02:24 -0700 (PDT)
X-AuditID: 12074425-b7f9b6d0000008c4-e9-500d677f3857
Received: from mailhub-auth-1.mit.edu ( [18.9.21.35]) by dmz-mailsec-scanner-8.mit.edu (Symantec Messaging Gateway) with SMTP id 95.1A.02244.F776D005; Mon, 23 Jul 2012 11:02:23 -0400 (EDT)
Received: from outgoing-exchange-2.mit.edu (OUTGOING-EXCHANGE-2.MIT.EDU [18.9.28.16]) by mailhub-auth-1.mit.edu (8.13.8/8.9.2) with ESMTP id q6NF2NfF016484;  Mon, 23 Jul 2012 11:02:23 -0400
Received: from OC11EXEDGE4.EXCHANGE.MIT.EDU (OC11EXEDGE4.EXCHANGE.MIT.EDU [18.9.3.27]) by outgoing-exchange-2.mit.edu (8.13.8/8.12.4) with ESMTP id q6NF2MbY020523; Mon, 23 Jul 2012 11:02:23 -0400
Received: from OC11EXHUB9.exchange.mit.edu (18.9.3.23) by OC11EXEDGE4.EXCHANGE.MIT.EDU (18.9.3.27) with Microsoft SMTP Server (TLS) id 14.1.355.2; Mon, 23 Jul 2012 11:02:03 -0400
Received: from OC11EXPO24.exchange.mit.edu ([169.254.1.248]) by OC11EXHUB9.exchange.mit.edu ([18.9.3.23]) with mapi id 14.01.0355.002; Mon, 23 Jul 2012 11:02:22 -0400
From: Thomas Hardjono 
To: Hannes Tschofenig 
Thread-Topic: [OAUTH-WG] Meeting slot for the Vancouver IETF meeting requested
Thread-Index: AQHNYrNOPm2BiWc2rkWw5TG//XC74Jc3AcYA
Date: Mon, 23 Jul 2012 15:02:21 +0000
Message-ID: <5E393DF26B791A428E5F003BB6C5342A108171DC@OC11EXPO24.exchange.mit.edu>
References: <09CE58C6-9409-4E28-B4CA-DC76C37B898E@gmx.net> <4E1F6AAD24975D4BA5B16804296739436672BBBE@TK5EX14MBXC285.redmond.corp.microsoft.com>  <6DEBD33A-815E-460D-934E-A684AED2BA6B@ve7jtb.com> 
In-Reply-To: 
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator: 
x-originating-ip: [18.111.90.244]
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=SHA1; boundary="----=_NextPart_000_000A_01CD68C2.A19D5800"
MIME-Version: 1.0
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFupik+LIzCtJLcpLzFFi42IR4hRV1q1P5w0wmPpexWLpznusFiffvmJz YPJYvGk/m8eSJT+ZApiiuGxSUnMyy1KL9O0SuDIm/b3PWnA2vWLxtQtMDYx/Y7oYOTkkBEwk Vu6ZyQJhi0lcuLeerYuRi0NIYB+jxMw1b9khnAOMEv0XV7FAOFcZJd7tXQflbGOUuDh9HROE s4pRomfZcrBhbAIaEud+72UHsUUEDCWuz5zO2sXIwcEs4CNx+L4vSFhYwFei5dIuFoiSAInm d82MELaRxN+Vj8HiLAKqEisfXWECsXkFgiQuvl0Bdd9ZJomHm/ezgiQ4Bawl5jb2gxUxAj3x /dQaMJtZQFzi1pP5TBDPiUg8vHiaDebRf7seQtmKEuv+fWGHqO9llJh4pARimaDEyZlPWCYw SsxCMmoWkrJZSMpmgb2mJ9G2kRGiRF5i+9s5zBC2tcSMXwfZIGxFiSndD9khbFOJ10c/Mi5g 5FjFKJuSW6Wbm5iZU5yarFucnJiXl1qka6GXm1mil5pSuokRFOXsLqo7GCccUjrEKMDBqMTD a1XFEyDEmlhWXJl7iFGSg0lJlLc+lDdAiC8pP6UyI7E4I76oNCe1+BCjBAezkgjv5evcAUK8 KYmVValF+TApaQ4WJXHeGyk3/YUE0hNLUrNTUwtSi2CyMhwcShK869OAhgoWpaanVqRl5pQg pJk4OEGG8wANT08FquEtLkjMLc5Mh8ifYlSUEue9B9IsAJLIKM2D64Ul4VeM4kCvCPNeBqni ASZwuO5XQIOZgAZLZ3GBDC5JREhJNTB6PFh2+IfYkZ1BpqxT1x06xZdwcufdBsGVKb89r2bM u1yqnrm2SUNE+GCTuPBKr6e/f/KuXLTlT1FeiqzMxvrXB7bddJ+jZRngcmGBpKv/yyi1kxL3 51RN+h92cjXj7XUyPpPf8e/sM5uw2/ySYN+/D+016bva9iSdXHNXtn6G/3/30jkz4owPKbEU ZyQaajEXFScCAD3LHkCdAwAA
Cc: "oauth@ietf.org WG" 
Subject: Re: [OAUTH-WG] Meeting slot for the Vancouver IETF meeting requested
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG 
List-Unsubscribe: , 
List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: , 
X-List-Received-Date: Mon, 23 Jul 2012 15:02:25 -0000

------=_NextPart_000_000A_01CD68C2.A19D5800
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: 7bit

Hannes, Derek,

Would it possible to postpone presentation/discussion of the Dyn-Reg
draft (Dynamic Client Registration Protocol) to the Atlanta/November
IETF meeting?

The reason is that none of the proposers will be attending the
Vancouver IETF in-person.

Thanks.

/thomas/

__________________________________________


> -----Original Message-----
> From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On
Behalf
> Of Hannes Tschofenig
> Sent: Sunday, July 15, 2012 1:58 PM
> To: John Bradley
> Cc: oauth@ietf.org WG
> Subject: Re: [OAUTH-WG] Meeting slot for the Vancouver IETF meeting
> requested
> 
> Hi all,
> 
> I have uploaded an agenda for the meeting.
> 
> I am assuming that all these items do not require discussion time
> anymore:
> * draft-ietf-oauth-assertions
> * draft-ietf-oauth-saml2-bearer
> * draft-ietf-oauth-urn-sub-ns
> * draft-ietf-oauth-v2
> * draft-ietf-oauth-v2-bearer
> 
> Hence, we can focus on the new items. As discussed in the mail below
I
> put a separate slot for discussion of the holder-of-the-key/MAC
token
> security discussion on the agenda. I would suggest that a couple of
us
> meeting during the IETF week to work together on a presentation that
> provides some concrete suggestions for next steps to the rest of the
> group.
> 
> I also put the following persons on the spot for the presentations
of
> working group items:
> 
> - OAuth Dynamic Client Registration Protocol (Thomas)
> - JSON Web Token (JWT) (Mike)
> - JSON Web Token (JWT) Bearer Token Profiles for OAuth 2.0 (Mike)
> - Token Revocation (Torsten)
> - SAML 2.0 Bearer Assertion Profiles for OAuth 2.0 (Brian)
> - OAuth Use Cases (Zachary)
> 
> Let me know if you want someone else to give the presentation.
> 
> As a preparation for the meeting it would be good if you could
> (a) identify the open issues with your document, and
> (b) find one or two reviewers to have a look at your document during
> the next two weeks.
> 
> Ciao
> Hannes
> 
> On Jul 15, 2012, at 5:59 PM, John Bradley wrote:
> 
> > Yes we need to get clearer on the the threats and use cases.
> >
> > I think Phil Hunt has some though there is likely overlap.
> >
> > Part of the problem with MAC was people never agreed on the
threats
> it was mitigating.
> >
> > I can present something or coordinate with Tony or Phil.
> >
> > John B.
> >
> > On 2012-07-14, at 9:36 PM, Anthony Nadalin wrote:
> >
> >> How about a few min on proof-of-possession requirements? I can
> present our use cases and requirements
> >>
> >> -----Original Message-----
> >> From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On
> Behalf Of Mike Jones
> >> Sent: Friday, July 13, 2012 4:42 PM
> >> To: Hannes Tschofenig; oauth@ietf.org WG
> >> Subject: Re: [OAUTH-WG] Meeting slot for the Vancouver IETF
meeting
> requested
> >>
> >> I'm willing to do 5 minutes on the status of the Core and Bearer
> documents.
> >>
> >> I'm willing to give an update on JWT and the JWT Bearer -
probably
> 15 minutes.  It's probably good that we're a day after the JOSE WG
> meeting, given the JWT dependency upon the JOSE specs.
> >>
> >> I'm willing to be part of a discussion on the Assertions draft,
but
> would appreciate doing this with Brian and/or Chuck - I'm guessing
15
> minutes for that as well.  (I'm not certain this will be needed, but
> I'd like to review the recent changes before saying that it's not.)
> >>
> >> Looking forward to seeing many of you in Vancouver!
> >>
> >> 				-- Mike
> >>
> >> -----Original Message-----
> >> From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On
> Behalf Of Hannes Tschofenig
> >> Sent: Saturday, June 02, 2012 12:46 AM
> >> To: oauth@ietf.org WG
> >> Subject: [OAUTH-WG] Meeting slot for the Vancouver IETF meeting
> requested
> >>
> >> Hi all,
> >>
> >> I have requested a 2,5 hour slot for the upcoming meeting.
> >>
> >> While the next meeting is still a bit away it is nevertheless
useful
> to hear
> >> * whether you plan to attend the next meeting, and
> >> * whether you want to present something.
> >>
> >> I could imagine that these documents will be discussed:
> >> * draft-ietf-oauth-dyn-reg
> >> * draft-ietf-oauth-json-web-token
> >> * draft-ietf-oauth-jwt-bearer
> >> * draft-ietf-oauth-revocation
> >> * draft-ietf-oauth-use-cases
> >>
> >> To the draft authors of these docuemnts: Please think about the
open
> issues and drop a mail to the list so that we make some progress
> already before the face-to-face meeting.
> >>
> >> I am assume that the following documents do not require any
> discussion time at the upcoming IETF meeting anymore:
> >> * draft-ietf-oauth-assertions
> >> * draft-ietf-oauth-saml2-bearer
> >> * draft-ietf-oauth-urn-sub-ns
> >> * draft-ietf-oauth-v2
> >> * draft-ietf-oauth-v2-bearer
> >>
> >> Ciao
> >> Hannes
> >>
> >> _______________________________________________
> >> OAuth mailing list
> >> OAuth@ietf.org
> >> https://www.ietf.org/mailman/listinfo/oauth
> >>
> >>
> >> _______________________________________________
> >> OAuth mailing list
> >> OAuth@ietf.org
> >> https://www.ietf.org/mailman/listinfo/oauth
> >>
> >>
> >>
> >>
> >>
> >> _______________________________________________
> >> OAuth mailing list
> >> OAuth@ietf.org
> >> https://www.ietf.org/mailman/listinfo/oauth
> >
> 
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth

------=_NextPart_000_000A_01CD68C2.A19D5800
Content-Type: application/pkcs7-signature; name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"

MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIP4DCCBBow
ggMCAhEAi1t1VoRUhQsAz684SM6xpDANBgkqhkiG9w0BAQUFADCByjELMAkGA1UEBhMCVVMxFzAV
BgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTow
OAYDVQQLEzEoYykgMTk5OSBWZXJpU2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5
MUUwQwYDVQQDEzxWZXJpU2lnbiBDbGFzcyAxIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24g
QXV0aG9yaXR5IC0gRzMwHhcNOTkxMDAxMDAwMDAwWhcNMzYwNzE2MjM1OTU5WjCByjELMAkGA1UE
BhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBO
ZXR3b3JrMTowOAYDVQQLEzEoYykgMTk5OSBWZXJpU2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVk
IHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJpU2lnbiBDbGFzcyAxIFB1YmxpYyBQcmltYXJ5IENlcnRp
ZmljYXRpb24gQXV0aG9yaXR5IC0gRzMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDd
hNS5tPmn2PMEeJzePdxsExbZet0kUWbAxyZZDawGCMKU0TMf8IM1H24byN6qbhVOVCfvxG0a7Avj
DvBEpVfHQFgeo0cfcexg9m2UyBg57f5CGFbf5ExJEHhOAXY1YxI23Wa8AQQ2o1Vo1aI2CayrISZU
Bq0/yhTgrMqtBh2V4vid8eBg/8J/dStMzNr+h5kh6rr+PlTX0ll42zxuz6ATABq4J6HkvmeWyqDF
s5zdyXWe6zCaX6PN2a54GT8j6VzbKb2tVcgbVIxj9uim6sc3ElyjKR4C2dsfO7TXD1ZHgRUESq+D
J9HFWIjB3faqp6MY2miqbRFR4b9la5+WdtE9AgMBAAEwDQYJKoZIhvcNAQEFBQADggEBAKtmjdez
useatuZV0AXxnzGNWqrZqkYmD3Htpa1TVmIBRypE6f4/dAsTm7n0TRuy0V+yttKIXLOfzcvUp9lg
lYQ6+ME3HWHK57DF5ZHaVKasMYGul97NCKy4wJeAf25ypOdpE5VlH8STPP15jwTUPk/q957OzWd8
T2UC/5GFVHPH/zb3hi3s0F5P/xGfcgbWuBrxTA0mZeJEgB7Hn+Pd6Ara7KUggGlooU9+4WvPB0H6
g468ON2wLhGxa7JCzJq8+UgieUoZD7IcPiB02WrDvvIoeBNWeU9tUOobsLVXsTdmWCPz3A/fCofE
74YF1TgUYJmjS94GlnEs8tu2H6TvP+4wggTMMIIDtKADAgECAhB4Uq7mlIth1FJ90gEtCu8wMA0G
CSqGSIb3DQEBBQUAMIHdMQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAd
BgNVBAsTFlZlcmlTaWduIFRydXN0IE5ldHdvcmsxOzA5BgNVBAsTMlRlcm1zIG9mIHVzZSBhdCBo
dHRwczovL3d3dy52ZXJpc2lnbi5jb20vcnBhIChjKTA5MR4wHAYDVQQLExVQZXJzb25hIE5vdCBW
YWxpZGF0ZWQxNzA1BgNVBAMTLlZlcmlTaWduIENsYXNzIDEgSW5kaXZpZHVhbCBTdWJzY3JpYmVy
IENBIC0gRzMwHhcNMTIwMzA2MDAwMDAwWhcNMTMwMzA2MjM1OTU5WjCCARMxFzAVBgNVBAoTDlZl
cmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMUYwRAYDVQQLEz13
d3cudmVyaXNpZ24uY29tL3JlcG9zaXRvcnkvUlBBIEluY29ycC4gYnkgUmVmLixMSUFCLkxURChj
KTk4MR4wHAYDVQQLExVQZXJzb25hIE5vdCBWYWxpZGF0ZWQxNDAyBgNVBAsTK0RpZ2l0YWwgSUQg
Q2xhc3MgMSAtIE1pY3Jvc29mdCBGdWxsIFNlcnZpY2UxGDAWBgNVBAMUD1Rob21hcyBIYXJkam9u
bzEfMB0GCSqGSIb3DQEJARYQaGFyZGpvbm9AbWl0LmVkdTCBnzANBgkqhkiG9w0BAQEFAAOBjQAw
gYkCgYEAmPCe+VCa3OQBiPsHUyh69qmKngwP6dHrXQtHphyr1P9LnMHdF+DletpaSm1b4HXjqbzm
Ne/dj5169ZzwMjFdl3cVYGbZTvILmHNXH0kSlYl4NM/59ri+UBnV3oBnXg+g3Vhet6MDWJn/7exV
AY4u5SpM7I+b+yQwDlTT90rJbXcCAwEAAaOB0jCBzzAJBgNVHRMEAjAAMEQGA1UdIAQ9MDswOQYL
YIZIAYb4RQEHFwEwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYTAL
BgNVHQ8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwQGCCsGAQUFBwMCMFAGA1UdHwRJMEcwRaBD
oEGGP2h0dHA6Ly9pbmRjMWRpZ2l0YWxpZC1nMy1jcmwudmVyaXNpZ24uY29tL0luZEMxRGlnaXRh
bElELUczLmNybDANBgkqhkiG9w0BAQUFAAOCAQEAthQJhe+BCY99zTBcAG73fFOmROKAFQyQLxzV
mJLBy8HV2hNXVA8qL87UpbBLcWT3+qDmMYn70X3Hhj+givCw0hLLeEpOWWRtXSuGt7MNrjQR1sNz
Zl+NJQN+S9kl1AzYMec19OE8D+5A8WbOna8aWhGmMISqwJ3FBt6VUFIosTUGTHLI9H+LrgENQMif
jCrY2PoLZvsgdQRtwhYTMbbeSLWuHILpZn2zEluSU6drzaTBPIA5uOUAtwCPRfocAzTh/mvfJ51y
MNoLjFeZaovhhUdeBYJaI78y55A0nBsGyYQvYdESuqJf1UCGIK76M3c37q5YZOvmVA6sIloOcWk1
wzCCBu4wggXWoAMCAQICEHEVZgVK5JEhTem8RPms09wwDQYJKoZIhvcNAQEFBQAwgcoxCzAJBgNV
BAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEfMB0GA1UECxMWVmVyaVNpZ24gVHJ1c3Qg
TmV0d29yazE6MDgGA1UECxMxKGMpIDE5OTkgVmVyaVNpZ24sIEluYy4gLSBGb3IgYXV0aG9yaXpl
ZCB1c2Ugb25seTFFMEMGA1UEAxM8VmVyaVNpZ24gQ2xhc3MgMSBQdWJsaWMgUHJpbWFyeSBDZXJ0
aWZpY2F0aW9uIEF1dGhvcml0eSAtIEczMB4XDTA5MDUwMTAwMDAwMFoXDTE5MDQzMDIzNTk1OVow
gd0xCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEfMB0GA1UECxMWVmVyaVNp
Z24gVHJ1c3QgTmV0d29yazE7MDkGA1UECxMyVGVybXMgb2YgdXNlIGF0IGh0dHBzOi8vd3d3LnZl
cmlzaWduLmNvbS9ycGEgKGMpMDkxHjAcBgNVBAsTFVBlcnNvbmEgTm90IFZhbGlkYXRlZDE3MDUG
A1UEAxMuVmVyaVNpZ24gQ2xhc3MgMSBJbmRpdmlkdWFsIFN1YnNjcmliZXIgQ0EgLSBHMzCCASIw
DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAO3ER98qKB18Bmu71yEyyWwTj+mxjUFONPfaC+Nq
+mWIIAsRE+mb4ElOi2/VAdBfDUeRilpMdD4/xpEJu0w0no1uoYJRYvdpdliWB6+eFBgHT1q9n9Ix
slQZc0ZqGUIR7BJzIY313DDN5dlWCjHFNm0pFJe9LdqJRxmI2EsEPeu2PGcedAATDdCG2pNn+DMD
rho8a2l49sAsjuGDP3f5mf/+n1JawrSHCthsqUfBVCllQz5KwJYfwa33d69ssQRevsG2lC2XkC0n
0rse6YNqhPbEsq4jBmUmpSdYKwcitG+mYkgad/LVUCeaKdOW+yj1uiR2YuOMWev7btVCxL5Bx/UC
AwEAAaOCArkwggK1MDQGCCsGAQUFBwEBBCgwJjAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AudmVy
aXNpZ24uY29tMBIGA1UdEwEB/wQIMAYBAf8CAQAwcAYDVR0gBGkwZzBlBgtghkgBhvhFAQcXATBW
MCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy52ZXJpc2lnbi5jb20vY3BzMCoGCCsGAQUFBwICMB4a
HGh0dHBzOi8vd3d3LnZlcmlzaWduLmNvbS9ycGEwNAYDVR0fBC0wKzApoCegJYYjaHR0cDovL2Ny
bC52ZXJpc2lnbi5jb20vcGNhMS1nMy5jcmwwDgYDVR0PAQH/BAQDAgEGMG4GCCsGAQUFBwEMBGIw
YKFeoFwwWjBYMFYWCWltYWdlL2dpZjAhMB8wBwYFKw4DAhoEFEtruSiWBgy70FI4mymsSweLIQUY
MCYWJGh0dHA6Ly9sb2dvLnZlcmlzaWduLmNvbS92c2xvZ28xLmdpZjAuBgNVHREEJzAlpCMwITEf
MB0GA1UEAxMWUHJpdmF0ZUxhYmVsNC0yMDQ4LTExODAdBgNVHQ4EFgQUeUdhCEH9OASiS+e1zPVD
9kkrEfgwgfEGA1UdIwSB6TCB5qGB0KSBzTCByjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlT
aWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykg
MTk5OSBWZXJpU2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxW
ZXJpU2lnbiBDbGFzcyAxIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0g
RzOCEQCLW3VWhFSFCwDPrzhIzrGkMA0GCSqGSIb3DQEBBQUAA4IBAQA5Tc9BmYG1qQW1UjjpOYSJ
bOQ0qFrn2GwJTCQaulmkhztzIfGTgc+/aGNaZ/41hSuhw12jSsI6Gd0w1sxN7/HSgZfKVFpDvzeL
eo4ZjQ9DqIzyr2CzFYqzlZw84J6zJ5ikNXIX5fwqXYfTig3C0UUq+MD0rCqTOtWuEnAI6/s74nfs
6CtkNXbNutrg0csU1nFYm77VPn222egkxSRmTF2RH3azFz5/DcYhiS+zN7ih/1yybUneZVJC+w6I
0u1KHb9L4/jMcvpIDmWOScjW+JmYO7eUPjFxBof6bFlTLtffK+1fYwCsFe0DuFUWjMZoA+ciqHML
sbyg2lJY3QoOf8GCMYIEuDCCBLQCAQEwgfIwgd0xCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJp
U2lnbiwgSW5jLjEfMB0GA1UECxMWVmVyaVNpZ24gVHJ1c3QgTmV0d29yazE7MDkGA1UECxMyVGVy
bXMgb2YgdXNlIGF0IGh0dHBzOi8vd3d3LnZlcmlzaWduLmNvbS9ycGEgKGMpMDkxHjAcBgNVBAsT
FVBlcnNvbmEgTm90IFZhbGlkYXRlZDE3MDUGA1UEAxMuVmVyaVNpZ24gQ2xhc3MgMSBJbmRpdmlk
dWFsIFN1YnNjcmliZXIgQ0EgLSBHMwIQeFKu5pSLYdRSfdIBLQrvMDAJBgUrDgMCGgUAoIIDGzAY
BgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0xMjA3MjMxNTAyMjBaMCMG
CSqGSIb3DQEJBDEWBBTZBvF8cDBfguVtI9FVkSdJV5CL+DCBqwYJKoZIhvcNAQkPMYGdMIGaMAsG
CWCGSAFlAwQBKjALBglghkgBZQMEARYwCgYIKoZIhvcNAwcwCwYJYIZIAWUDBAECMA4GCCqGSIb3
DQMCAgIAgDAHBgUrDgMCBzANBggqhkiG9w0DAgIBQDANBggqhkiG9w0DAgIBKDAHBgUrDgMCGjAL
BglghkgBZQMEAgMwCwYJYIZIAWUDBAICMAsGCWCGSAFlAwQCATCCAQMGCSsGAQQBgjcQBDGB9TCB
8jCB3TELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJp
U2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2UgYXQgaHR0cHM6Ly93d3cu
dmVyaXNpZ24uY29tL3JwYSAoYykwOTEeMBwGA1UECxMVUGVyc29uYSBOb3QgVmFsaWRhdGVkMTcw
NQYDVQQDEy5WZXJpU2lnbiBDbGFzcyAxIEluZGl2aWR1YWwgU3Vic2NyaWJlciBDQSAtIEczAhB4
Uq7mlIth1FJ90gEtCu8wMIIBBQYLKoZIhvcNAQkQAgsxgfWggfIwgd0xCzAJBgNVBAYTAlVTMRcw
FQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEfMB0GA1UECxMWVmVyaVNpZ24gVHJ1c3QgTmV0d29yazE7
MDkGA1UECxMyVGVybXMgb2YgdXNlIGF0IGh0dHBzOi8vd3d3LnZlcmlzaWduLmNvbS9ycGEgKGMp
MDkxHjAcBgNVBAsTFVBlcnNvbmEgTm90IFZhbGlkYXRlZDE3MDUGA1UEAxMuVmVyaVNpZ24gQ2xh
c3MgMSBJbmRpdmlkdWFsIFN1YnNjcmliZXIgQ0EgLSBHMwIQeFKu5pSLYdRSfdIBLQrvMDANBgkq
hkiG9w0BAQEFAASBgF2cP/l5Au3lTlsJ8oR33kbYhwx5B1cFxA/d+Cart9h04Exiha3vljLG495m
8rb+ip8Au/GsYdCosDEfF8I7r25XmcdkgBoVd4LlhFuHCc2nsMiw5xWYR4v4dUH2/k4p5WE0MN9E
OPVb/eOybkLhmEEeStnp8qrHC6TdX+9N2VT4AAAAAAAA

------=_NextPart_000_000A_01CD68C2.A19D5800--

From iesg-secretary@ietf.org  Mon Jul 23 09:56:40 2012
Return-Path: 
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8E3F611E80C0; Mon, 23 Jul 2012 09:56:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.599
X-Spam-Level: 
X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4JIT-8okzfvs; Mon, 23 Jul 2012 09:56:40 -0700 (PDT)
Received: from ietfa.amsl.com (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BC5A411E80C9; Mon, 23 Jul 2012 09:56:39 -0700 (PDT)
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: The IESG 
To: IETF-Announce 
X-Test-IDTracker: no
X-IETF-IDTracker: 4.30p3
Message-ID: <20120723165639.15186.25777.idtracker@ietfa.amsl.com>
Date: Mon, 23 Jul 2012 09:56:39 -0700
Cc: oauth chair , oauth mailing list , RFC Editor 
Subject: [OAUTH-WG] Document Action: 'An IETF URN Sub-Namespace for OAuth' to	Informational RFC (draft-ietf-oauth-urn-sub-ns-06.txt)
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG 
List-Unsubscribe: , 
List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: , 
X-List-Received-Date: Mon, 23 Jul 2012 16:56:40 -0000

The IESG has approved the following document:
- 'An IETF URN Sub-Namespace for OAuth'
  (draft-ietf-oauth-urn-sub-ns-06.txt) as Informational RFC

This document is the product of the Web Authorization Protocol Working
Group.

The IESG contact persons are Stephen Farrell and Sean Turner.

A URL of this Internet Draft is:
http://datatracker.ietf.org/doc/draft-ietf-oauth-urn-sub-ns/




Technical Summary

  This document establishes an IETF URN Sub-namespace for use with
  OAuth related specifications.

Working Group Summary

  There was no significant controversy in the working group, to my
  knowledge. I suppose there really wasn't an argument about how to
  spell "oauth". 

Document Quality

  The document is as long and short as it needs to be to register a
  URN entry with IANA. 

Personnel

  Document Shepherd: Derek Atkins
  Responsible AD: Stephen Farrell


IANA Note

 OLD:
- Establishment of a new registry for URNs subordinate to
      urn:ietf:params:oauth.  Instructions for a registrant to request
      the registration of such a URN are in Section 3.

NEW: 
- Establishment of a new registry called the "oAuth URI" registry for 
URNs subordinate to urn:ietf:params:oauth.  The registry "oAuth URI" 
will be added to a new top-level registry called "OAuth Parameters"
as defined by draft-ietf-oauth-v2.  Instructions for a registrant 
to request the registration of such a URN are in Section 3.



From jricher@mitre.org  Mon Jul 23 10:05:30 2012
Return-Path: 
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A456911E80D6 for ; Mon, 23 Jul 2012 10:05:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.544
X-Spam-Level: 
X-Spam-Status: No, score=-6.544 tagged_above=-999 required=5 tests=[AWL=0.055,  BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Bhh1DEkbpp4e for ; Mon, 23 Jul 2012 10:05:30 -0700 (PDT)
Received: from smtpksrv1.mitre.org (smtpksrv1.mitre.org [198.49.146.77]) by ietfa.amsl.com (Postfix) with ESMTP id 67E6011E80C1 for ; Mon, 23 Jul 2012 10:05:25 -0700 (PDT)
Received: from smtpksrv1.mitre.org (localhost.localdomain [127.0.0.1]) by localhost (Postfix) with SMTP id A8B7C21B19ED; Mon, 23 Jul 2012 13:05:24 -0400 (EDT)
Received: from IMCCAS04.MITRE.ORG (imccas04.mitre.org [129.83.29.81]) by smtpksrv1.mitre.org (Postfix) with ESMTP id 8AEB921B19E5; Mon, 23 Jul 2012 13:05:24 -0400 (EDT)
Received: from IMCMBX02.MITRE.ORG ([169.254.2.164]) by IMCCAS04.MITRE.ORG ([129.83.29.81]) with mapi id 14.02.0309.002; Mon, 23 Jul 2012 13:05:24 -0400
From: "Richer, Justin P." 
To: Barry Leiba 
Thread-Topic: [OAUTH-WG] Change in editorship of OAuth Core Spec
Thread-Index: AQHNX4ScgjRxfX/+YkWMKbwfyGJK9Zc3bsCA
Date: Mon, 23 Jul 2012 17:05:23 +0000
Message-ID: 
References:  
In-Reply-To: 
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-originating-ip: [172.31.63.178]
Content-Type: text/plain; charset="us-ascii"
Content-ID: <3FE6AC23EE0C5441A6ECE7CCAF0BB4FF@imc.mitre.org>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: "" 
Subject: Re: [OAUTH-WG] Change in editorship of OAuth Core Spec
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG 
List-Unsubscribe: , 
List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: , 
X-List-Received-Date: Mon, 23 Jul 2012 17:05:30 -0000

>> Eran Hammer has decided to step down as Editor of the OAuth Core
>> specification.  I would like to personally thank Eran for all his years
>> of hard work and effort to the draft as well as to the working group at
>> large.
>=20
> As former chair, I want to add my thanks.  Eran has done a *lot* of
> work on the OAuth documents over the last years, and deserves much
> appreciation for it.

Late to the party, but I also want to publicly thank Eran for what has been=
 a nearly thankless job over the last few years. It's very difficult wrangl=
ing a pack of angry nerds and trying to express a group consensus, to be su=
re. In the end I think we have a specification document that is readable, m=
akes sense, and will ultimately be one of the most useful protocols on the =
internet over the next few years. I know it hasn't been easy, and things pr=
obably could have gone a lot better than they did, but even still: Thank yo=
u.

 -- Justin=

From bcampbell@pingidentity.com  Mon Jul 23 10:09:50 2012
Return-Path: 
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6C9B721F8319 for ; Mon, 23 Jul 2012 10:09:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.985
X-Spam-Level: 
X-Spam-Status: No, score=-5.985 tagged_above=-999 required=5 tests=[AWL=-0.008, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xYye+o4LCvIk for ; Mon, 23 Jul 2012 10:09:49 -0700 (PDT)
Received: from na3sys009aog123.obsmtp.com (na3sys009aog123.obsmtp.com [74.125.149.149]) by ietfa.amsl.com (Postfix) with ESMTP id 6822221F844C for ; Mon, 23 Jul 2012 10:09:49 -0700 (PDT)
Received: from mail-vc0-f170.google.com ([209.85.220.170]) (using TLSv1) by na3sys009aob123.postini.com ([74.125.148.12]) with SMTP ID DSNKUA2FR9OmX6xFEcjNz4+Yv5JWXH6F4O7Z@postini.com; Mon, 23 Jul 2012 10:09:49 PDT
Received: by vcbgb30 with SMTP id gb30so8382733vcb.1 for ; Mon, 23 Jul 2012 10:09:27 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type:content-transfer-encoding:x-gm-message-state; bh=VfEy71sWOftHh0vdLRgHMYAEGc37CWyx+6qz+FVfDnk=; b=eC7w4icC1DtHPzQu2/aAFJTYudvAwMwFO2y4XPHNO0dIZPK1iBFlDZoLKY1VQF0pYr rdYcLTL9Sfl2HuTNwZgitnGVU881QuSANl+tmgpMFI22k/1cikp9Vxrl54rgjtYYEoaJ YCKjVXMHHBW5OzZ2Wgum/MSHJ5P8tJHeJwCH102PI2KZylFi7YQl8VefkhBrZTgsSIVg bfpcLVdWvlrp/LGxuxelcFtfU6Jx+gUV4YRmhjizuWhKf60o+Lp9GZS5omouwjINCfvd ZHp3AfGjHk1HVAlgXzMoffxPCOeon4F53O57jQzamsr1X5jk0g/FjKNiZMacON4172HB mwyw==
Received: by 10.52.65.145 with SMTP id x17mr11416224vds.117.1343063367244; Mon, 23 Jul 2012 10:09:27 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.52.162.130 with HTTP; Mon, 23 Jul 2012 10:08:56 -0700 (PDT)
In-Reply-To: 
References:   
From: Brian Campbell 
Date: Mon, 23 Jul 2012 11:08:56 -0600
Message-ID: 
To: "Richer, Justin P." 
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
X-Gm-Message-State: ALoCoQnvwccDwArbCpd60WolO6koWR5UNDYR0uFTbBSSVH1u8u+et9dCovfzpC9ppH3t/q76/Drd
Cc: Barry Leiba , "" 
Subject: Re: [OAUTH-WG] Change in editorship of OAuth Core Spec
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG 
List-Unsubscribe: , 
List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: , 
X-List-Received-Date: Mon, 23 Jul 2012 17:09:50 -0000

+1

Well said Justin. And thank you Eran.

On Mon, Jul 23, 2012 at 11:05 AM, Richer, Justin P.  wro=
te:
>>> Eran Hammer has decided to step down as Editor of the OAuth Core
>>> specification.  I would like to personally thank Eran for all his years
>>> of hard work and effort to the draft as well as to the working group at
>>> large.
>>
>> As former chair, I want to add my thanks.  Eran has done a *lot* of
>> work on the OAuth documents over the last years, and deserves much
>> appreciation for it.
>
> Late to the party, but I also want to publicly thank Eran for what has be=
en a nearly thankless job over the last few years. It's very difficult wran=
gling a pack of angry nerds and trying to express a group consensus, to be =
sure. In the end I think we have a specification document that is readable,=
 makes sense, and will ultimately be one of the most useful protocols on th=
e internet over the next few years. I know it hasn't been easy, and things =
probably could have gone a lot better than they did, but even still: Thank =
you.
>
>  -- Justin
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth

From stpeter@stpeter.im  Mon Jul 23 10:11:44 2012
Return-Path: 
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 411BD11E80DE for ; Mon, 23 Jul 2012 10:11:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.566
X-Spam-Level: 
X-Spam-Status: No, score=-102.566 tagged_above=-999 required=5 tests=[AWL=0.033, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id t1gLAMRbwV9u for ; Mon, 23 Jul 2012 10:11:43 -0700 (PDT)
Received: from stpeter.im (mailhost.stpeter.im [207.210.219.225]) by ietfa.amsl.com (Postfix) with ESMTP id A903D11E80AE for ; Mon, 23 Jul 2012 10:11:43 -0700 (PDT)
Received: from [64.101.72.115] (unknown [64.101.72.115]) (Authenticated sender: stpeter) by stpeter.im (Postfix) with ESMTPSA id 272104005A; Mon, 23 Jul 2012 11:31:02 -0600 (MDT)
Message-ID: <500D85CD.2020800@stpeter.im>
Date: Mon, 23 Jul 2012 11:11:41 -0600
From: Peter Saint-Andre 
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:13.0) Gecko/20120614 Thunderbird/13.0.1
MIME-Version: 1.0
To: Brian Campbell 
References:    
In-Reply-To: 
X-Enigmail-Version: 1.4.3
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
Cc: Barry Leiba , "" 
Subject: Re: [OAUTH-WG] Change in editorship of OAuth Core Spec
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG 
List-Unsubscribe: , 
List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: , 
X-List-Received-Date: Mon, 23 Jul 2012 17:11:44 -0000

Indeed. Many thanks to Eran!

On 7/23/12 11:08 AM, Brian Campbell wrote:
> +1
> 
> Well said Justin. And thank you Eran.
> 
> On Mon, Jul 23, 2012 at 11:05 AM, Richer, Justin P.  wrote:
>>>> Eran Hammer has decided to step down as Editor of the OAuth Core
>>>> specification.  I would like to personally thank Eran for all his years
>>>> of hard work and effort to the draft as well as to the working group at
>>>> large.
>>>
>>> As former chair, I want to add my thanks.  Eran has done a *lot* of
>>> work on the OAuth documents over the last years, and deserves much
>>> appreciation for it.
>>
>> Late to the party, but I also want to publicly thank Eran for what has been a nearly thankless job over the last few years. It's very difficult wrangling a pack of angry nerds and trying to express a group consensus, to be sure. In the end I think we have a specification document that is readable, makes sense, and will ultimately be one of the most useful protocols on the internet over the next few years. I know it hasn't been easy, and things probably could have gone a lot better than they did, but even still: Thank you.
>>
>>  -- Justin
>> _______________________________________________
>> OAuth mailing list
>> OAuth@ietf.org
>> https://www.ietf.org/mailman/listinfo/oauth
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth
> 

From torsten@lodderstedt.net  Mon Jul 23 10:14:24 2012
Return-Path: 
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E57C821F847B for ; Mon, 23 Jul 2012 10:14:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.052
X-Spam-Level: 
X-Spam-Status: No, score=-2.052 tagged_above=-999 required=5 tests=[AWL=0.196,  BAYES_00=-2.599, HELO_EQ_DE=0.35, HTML_MESSAGE=0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HiJTxg6T+vFt for ; Mon, 23 Jul 2012 10:14:23 -0700 (PDT)
Received: from smtprelay02.ispgateway.de (smtprelay02.ispgateway.de [80.67.29.24]) by ietfa.amsl.com (Postfix) with ESMTP id 41F3C21F85A8 for ; Mon, 23 Jul 2012 10:14:22 -0700 (PDT)
Received: from [79.253.52.115] (helo=android-15e9366c46879293.fritz.box) by smtprelay02.ispgateway.de with esmtpsa (TLSv1:RC4-MD5:128) (Exim 4.68) (envelope-from ) id 1StMD5-0001Ms-Oa; Mon, 23 Jul 2012 19:14:19 +0200
References:     <500D85CD.2020800@stpeter.im>
User-Agent: K-9 Mail for Android
In-Reply-To: <500D85CD.2020800@stpeter.im>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----VQEKW9EKD74ZX1CF3HPMCA13C71DCB"
From: Torsten Lodderstedt 
Date: Mon, 23 Jul 2012 19:14:12 +0200
To: Peter Saint-Andre , Brian Campbell 
Message-ID: 
X-Df-Sender: dG9yc3RlbkBsb2RkZXJzdGVkdC1vbmxpbmUuZGU=
Cc: Barry Leiba , "" 
Subject: Re: [OAUTH-WG] Change in editorship of OAuth Core Spec
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG 
List-Unsubscribe: , 
List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: , 
X-List-Received-Date: Mon, 23 Jul 2012 17:14:24 -0000

------VQEKW9EKD74ZX1CF3HPMCA13C71DCB
Content-Type: text/plain;
 charset=UTF-8
Content-Transfer-Encoding: 8bit

+1



Peter Saint-Andre  schrieb:

Indeed. Many thanks to Eran!

On 7/23/12 11:08 AM, Brian Campbell wrote:
> +1
> 
> Well said Justin. And thank you Eran.
> 
> On Mon, Jul 23, 2012 at 11:05 AM, Richer, Justin P.  wrote:
>>>> Eran Hammer has decided to step down as Editor of the OAuth Core
>>>> specification. I would like to personally thank Eran for all his years
>>>> of hard work and effort to the draft as well as to the working group at
>>>> large.
>>>
>>> As former chair, I want to add my thanks. Eran has done a *lot* of
>>> work on the OAuth documents over the last years, and deserves much
>>> appreciation for it.
>>
>> Late to the party, but I also want to publicly thank Eran for what has been a nearly thankless job over the last few years. It's very difficult wrangling a pack of angry nerds and trying to express a group consensus, to be sure. In the end I think we have a specification document that is readable, makes sense, and will ultimately be one of the most useful protocols on the internet over the next few years. I know it hasn't been easy, and things probably could have gone a lot better than they did, but even still: Thank you.
>>
>> -- Justin
>>_____________________________________________

>> OAuth mailing list
>> OAuth@ietf.org
>> https://www.ietf.org/mailman/listinfo/oauth
>_____________________________________________

> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth
> 
_____________________________________________

OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth


------VQEKW9EKD74ZX1CF3HPMCA13C71DCB
Content-Type: text/html;
 charset=utf-8
Content-Transfer-Encoding: 8bit

+1





Peter Saint-Andre <stpeter@stpeter.im> schrieb:


Indeed. Many thanks to Eran!

On 7/23/12 11:08 AM, Brian Campbell wrote:
> +1
> 
> Well said Justin. And thank you Eran.
> 
> On Mon, Jul 23, 2012 at 11:05 AM, Richer, Justin P. <jricher@mitre.org> wrote:
>>>> Eran Hammer has decided to step down as Editor of the OAuth Core
>>>> specification.  I would like to personally thank Eran for all his years
>>>> of hard work and effort to the draft as well as to the working group at
>>>> large.
>>>
>>> As former chair, I want to add my thanks.  Eran has done a *lot* of
>>> work on the OAuth documents over the last years, and deserves much
>>> appreciation for it.
>>
>> Late to the party, but I also want to publicly thank Eran for what has been a nearly th
 ankless
job over the last few years. It's very difficult wrangling a pack of angry nerds and trying to express a group consensus, to be sure. In the end I think we have a specification document that is readable, makes sense, and will ultimately be one of the most useful protocols on the internet over the next few years. I know it hasn't been easy, and things probably could have gone a lot better than they did, but even still: Thank you.
>>
>>  -- Justin
>>

>> OAuth mailing list
>> OAuth@ietf.org
>> https://www.ietf.org/mailman/listinfo/oauth
>

> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth
> 

OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth

------VQEKW9EKD74ZX1CF3HPMCA13C71DCB--


From ve7jtb@ve7jtb.com  Mon Jul 23 10:20:57 2012
Return-Path: 
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4C3E521F85EF for ; Mon, 23 Jul 2012 10:20:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.482
X-Spam-Level: 
X-Spam-Status: No, score=-3.482 tagged_above=-999 required=5 tests=[AWL=0.116,  BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EGY5DnTTmTmR for ; Mon, 23 Jul 2012 10:20:56 -0700 (PDT)
Received: from mail-gh0-f172.google.com (mail-gh0-f172.google.com [209.85.160.172]) by ietfa.amsl.com (Postfix) with ESMTP id 5CAA921F85ED for ; Mon, 23 Jul 2012 10:20:56 -0700 (PDT)
Received: by ghbg16 with SMTP id g16so6259722ghb.31 for ; Mon, 23 Jul 2012 10:20:56 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=subject:mime-version:content-type:from:in-reply-to:date:cc :message-id:references:to:x-mailer:x-gm-message-state; bh=cZ1ubrQPJAPQVqCaiKnfZyrDuR4TXDlYVgBH8cRBnzQ=; b=DY9s1Fqggf794qpF1rMOOSf7yV+wdKSa1uFFSIzcIN/6CmfXtT14zIUfpyxRHqH/Dr i4GUYM3hdoHGWDfpSWAYHRSu0ZtE84wr5ngPDpRte5no4grN3jMa3Ndbvg8StG6Av5CG NcVh3XK3pQ9GE+KVF6LFmJ1XImyrOfvmxFEIWOYJP/sUimcp0HlHNfyodIN0cjkj5biE vEr97EsK8Ce547b3uR+Qunt8O9ZuJWm1+DiKG9Snh7GsncfO8Ep2eB/v/qQJJ4RpwUK/ 0hIhXDHBUmTbrGQDcFSqRsswhiOV0Id9fHXhxbX4ZG4+Y9jwKvgWSIy5ICShxXbBOXF9 GWrg==
Received: by 10.236.175.104 with SMTP id y68mr7866983yhl.83.1343064055914; Mon, 23 Jul 2012 10:20:55 -0700 (PDT)
Received: from [192.168.1.211] (190-20-0-15.baf.movistar.cl. [190.20.0.15]) by mx.google.com with ESMTPS id e19sm12946767ann.10.2012.07.23.10.20.52 (version=TLSv1/SSLv3 cipher=OTHER); Mon, 23 Jul 2012 10:20:54 -0700 (PDT)
Mime-Version: 1.0 (Apple Message framework v1278)
Content-Type: multipart/signed; boundary="Apple-Mail=_01F811A0-7DB1-4B17-B8F8-231E2B8598C0"; protocol="application/pkcs7-signature"; micalg=sha1
From: John Bradley 
In-Reply-To: 
Date: Mon, 23 Jul 2012 13:20:46 -0400
Message-Id: <80AD696E-EF75-4097-A554-F3A7FF09B9E5@ve7jtb.com>
References:     <500D85CD.2020800@stpeter.im> 
To: Torsten Lodderstedt 
X-Mailer: Apple Mail (2.1278)
X-Gm-Message-State: ALoCoQn00JR+pvyN8pIblJHZ4bJpzVWD5gfLA1JM9l/v68l1qgBq8k/daFgSzalzOenE51BelTTE
Cc: "" , Barry Leiba 
Subject: Re: [OAUTH-WG] Change in editorship of OAuth Core Spec
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG 
List-Unsubscribe: , 
List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: , 
X-List-Received-Date: Mon, 23 Jul 2012 17:20:57 -0000

--Apple-Mail=_01F811A0-7DB1-4B17-B8F8-231E2B8598C0
Content-Type: multipart/alternative;
	boundary="Apple-Mail=_56478668-C416-42E6-BF6D-F6F530F3F2E9"


--Apple-Mail=_56478668-C416-42E6-BF6D-F6F530F3F2E9
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
	charset=us-ascii

I also want to thank Eran for all of his work.

We would not have OAuth without his contributions.

John B.
On 2012-07-23, at 1:14 PM, Torsten Lodderstedt wrote:

> +1
>=20
>=20
>=20
> Peter Saint-Andre  schrieb:
> Indeed. Many thanks to Eran!
>=20
> On 7/23/12 11:08 AM, Brian Campbell wrote:
> > +1
> >=20
> > Well said Justin. And thank you Eran.
> >=20
> > On Mon, Jul 23, 2012 at 11:05 AM, Richer, Justin P. =
 wrote:
> >>>> Eran Hammer has decided to step down as Editor of the OAuth Core
> >>>> specification.  I would like to personally thank Eran for all his =
years
> >>>> of hard work and effort to the draft as well as to the working =
group at
> >>>> large.
> >>>
> >>> As former chair, I want to add my thanks.  Eran has done a *lot* =
of
> >>> work on the OAuth documents over the last years, and deserves much
> >>> appreciation for it.
> >>
> >> Late to the party, but I also want to publicly thank Eran for what =
has been a nearly th
>  ankless
> job over the last few years. It's very difficult wrangling a pack of =
angry nerds and trying to express a group consensus, to be sure. In the =
end I think we have a specification document that is readable, makes =
sense, and will ultimately be one of the most useful protocols on the =
internet over the next few years. I know it hasn't been easy, and things =
probably could have gone a lot better than they did, but even still: =
Thank you.
> >>
> >>  -- Justin
> >>
>=20
> >> OAuth mailing list
> >> OAuth@ietf.org
> >> https://www.ietf.org/mailman/listinfo/oauth
> >
>=20
> > OAuth mailing list
> > OAuth@ietf.org
> > https://www.ietf.org/mailman/listinfo/oauth
> >=20
>=20
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth


--Apple-Mail=_56478668-C416-42E6-BF6D-F6F530F3F2E9
Content-Transfer-Encoding: quoted-printable
Content-Type: text/html;
	charset=us-ascii

I =
also want to thank Eran for all of his work.

We would =
not have OAuth without his contributions.

John =
B.
On 2012-07-23, at 1:14 PM, Torsten Lodderstedt =
wrote:

+1





Peter Saint-Andre <stpeter@stpeter.im> =
schrieb:


Indeed. Many thanks to Eran!

On 7/23/12 11:08 AM, =
Brian Campbell wrote:
> +1
> 
> Well said Justin. And =
thank you Eran.
> 
> On Mon, Jul 23, 2012 at 11:05 AM, =
Richer, Justin P. <jricher@mitre.org> =
wrote:
>>>> Eran Hammer has decided to step down as =
Editor of the OAuth Core
>>>> specification.  I would =
like to personally thank Eran for all his years
>>>> of =
hard work and effort to the draft as well as to the working group =
at
>>>> large.
>>>
>>> As former =
chair, I want to add my thanks.  Eran has done a *lot* =
of
>>> work on the OAuth documents over the last years, and =
deserves much
>>> appreciation for =
it.
>>
>> Late to the party, but I also want to =
publicly thank Eran for what has been a nearly th
 ankless
job over the last few years. It's very difficult wrangling a pack of =
angry nerds and trying to express a group consensus, to be sure. In the =
end I think we have a specification document that is readable, makes =
sense, and will ultimately be one of the most useful protocols on the =
internet over the next few years. I know it hasn't been easy, and things =
probably could have gone a lot better than they did, but even still: =
Thank you.
>>
>>  -- =
Justin
>>

>> OAuth mailing list
>> OAuth@ietf.org
>> https://www.ietf.org/=
mailman/listinfo/oauth
>

> OAuth mailing =
list
> OAuth@ietf.org
> =
https://www.ietf.org/=
mailman/listinfo/oauth
> 

OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/=
mailman/listinfo/oauth
_____________=
__________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/=
mailman/listinfo/oauth

=

--Apple-Mail=_56478668-C416-42E6-BF6D-F6F530F3F2E9--

--Apple-Mail=_01F811A0-7DB1-4B17-B8F8-231E2B8598C0
Content-Disposition: attachment;
	filename=smime.p7s
Content-Type: application/pkcs7-signature;
	name=smime.p7s
Content-Transfer-Encoding: base64

MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIPnzCCB7Uw
ggadoAMCAQICAh5cMA0GCSqGSIb3DQEBBQUAMIGMMQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3Rh
cnRDb20gTHRkLjErMCkGA1UECxMiU2VjdXJlIERpZ2l0YWwgQ2VydGlmaWNhdGUgU2lnbmluZzE4
MDYGA1UEAxMvU3RhcnRDb20gQ2xhc3MgMiBQcmltYXJ5IEludGVybWVkaWF0ZSBDbGllbnQgQ0Ew
HhcNMTIwMzE4MDQzMjQ4WhcNMTQwMzE5MTEwNzMyWjCBmzEZMBcGA1UEDRMQR3JUTTZMUzdYMzU3
NzhzOTELMAkGA1UEBhMCQ0wxIjAgBgNVBAgTGU1ldHJvcG9saXRhbmEgZGUgU2FudGlhZ28xFjAU
BgNVBAcTDUlzbGEgZGUgTWFpcG8xFTATBgNVBAMTDEpvaG4gQnJhZGxleTEeMBwGCSqGSIb3DQEJ
ARYPamJyYWRsZXlAbWUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAskrlBI93
rBTLOQGSwIT6co6dAw/rwDPrRXl6/F2oc4KDn+QN6CdFeHo08H846VJS9CDjLKvnK9jbxxs4wYqe
nKdPb3jgzt8oc7b9ZXtWkOgsxgMf6dBZ/IPm4lWBpCbSr3seDGDXEpiE2lTZXno7c25OguR4E6Qa
hcpHABZjeEWK65mMH25gmoRf5MY1k3quu5y+FCYCHE2iwU5jzq+mI3HmG59+UMFLx1fjV+zTslRw
26cQDC/uepwjeYSp8S26hfWipVWwQj4js/C7RoPtvt2iyeU+LSH81jG4wlAWntiOG1WtoXUuXWSc
ExhciKeKWCnemy9qqmxRfJqBROeGlQIDAQABo4IEDjCCBAowCQYDVR0TBAIwADALBgNVHQ8EBAMC
BLAwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMEMB0GA1UdDgQWBBQ/A7/CxKEnzpqmZlLz
9iaQMy24eTAfBgNVHSMEGDAWgBSuVYNv7DHKufcd+q9rMfPIHeOsuzB+BgNVHREEdzB1gQ9qYnJh
ZGxleUBtZS5jb22BD2picmFkbGV5QG1lLmNvbYEQamJyYWRsZXlAbWFjLmNvbYERdmU3anRiQHZl
N2p0Yi5jb22BE2picmFkbGV5QHdpbmdhYS5jb22BF2pvaG4uYnJhZGxleUB3aW5nYWEuY29tMIIC
IQYDVR0gBIICGDCCAhQwggIQBgsrBgEEAYG1NwECAjCCAf8wLgYIKwYBBQUHAgEWImh0dHA6Ly93
d3cuc3RhcnRzc2wuY29tL3BvbGljeS5wZGYwNAYIKwYBBQUHAgEWKGh0dHA6Ly93d3cuc3RhcnRz
c2wuY29tL2ludGVybWVkaWF0ZS5wZGYwgfcGCCsGAQUFBwICMIHqMCcWIFN0YXJ0Q29tIENlcnRp
ZmljYXRpb24gQXV0aG9yaXR5MAMCAQEagb5UaGlzIGNlcnRpZmljYXRlIHdhcyBpc3N1ZWQgYWNj
b3JkaW5nIHRvIHRoZSBDbGFzcyAyIFZhbGlkYXRpb24gcmVxdWlyZW1lbnRzIG9mIHRoZSBTdGFy
dENvbSBDQSBwb2xpY3ksIHJlbGlhbmNlIG9ubHkgZm9yIHRoZSBpbnRlbmRlZCBwdXJwb3NlIGlu
IGNvbXBsaWFuY2Ugb2YgdGhlIHJlbHlpbmcgcGFydHkgb2JsaWdhdGlvbnMuMIGcBggrBgEFBQcC
AjCBjzAnFiBTdGFydENvbSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTADAgECGmRMaWFiaWxpdHkg
YW5kIHdhcnJhbnRpZXMgYXJlIGxpbWl0ZWQhIFNlZSBzZWN0aW9uICJMZWdhbCBhbmQgTGltaXRh
dGlvbnMiIG9mIHRoZSBTdGFydENvbSBDQSBwb2xpY3kuMDYGA1UdHwQvMC0wK6ApoCeGJWh0dHA6
Ly9jcmwuc3RhcnRzc2wuY29tL2NydHUyLWNybC5jcmwwgY4GCCsGAQUFBwEBBIGBMH8wOQYIKwYB
BQUHMAGGLWh0dHA6Ly9vY3NwLnN0YXJ0c3NsLmNvbS9zdWIvY2xhc3MyL2NsaWVudC9jYTBCBggr
BgEFBQcwAoY2aHR0cDovL2FpYS5zdGFydHNzbC5jb20vY2VydHMvc3ViLmNsYXNzMi5jbGllbnQu
Y2EuY3J0MCMGA1UdEgQcMBqGGGh0dHA6Ly93d3cuc3RhcnRzc2wuY29tLzANBgkqhkiG9w0BAQUF
AAOCAQEAEcfD4PmHrX+W3zaP/KsR4gwLAL0UTaMz14SIng6a9F3kb8ZDbTUneS9ubgpqeJQP2IFc
0U5gQnJ3XeCH6p9I88mvm1NqKQw8WvfglS0aIS19vfpTgXJSPdIO2JJPRqaBtXf3zkdXJwckX9/d
NMrLGeGvaFT9fUNdQdHU4BI1pVUpgKr796T7LTc/ERfH8iFp1+CmdVkJ6Y2iJdWUp4h17XmbxbIT
0CdS4SSk/VW8LFsn/mVz6hB73VthwjGsIku54Wp4pRuq1KX+pATnRk3pHRa1z3mxJMmq7OEXENcC
Vm+bAnyUrYbUilNS9UVTYS8/3dVsKiNupBaOZO+vOgJqVDCCB+IwggXKoAMCAQICAQ4wDQYJKoZI
hvcNAQEFBQAwfTELMAkGA1UEBhMCSUwxFjAUBgNVBAoTDVN0YXJ0Q29tIEx0ZC4xKzApBgNVBAsT
IlNlY3VyZSBEaWdpdGFsIENlcnRpZmljYXRlIFNpZ25pbmcxKTAnBgNVBAMTIFN0YXJ0Q29tIENl
cnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA3MTAyNDIxMDI1NFoXDTEyMTAyMjIxMDI1NFowgYwx
CzAJBgNVBAYTAklMMRYwFAYDVQQKEw1TdGFydENvbSBMdGQuMSswKQYDVQQLEyJTZWN1cmUgRGln
aXRhbCBDZXJ0aWZpY2F0ZSBTaWduaW5nMTgwNgYDVQQDEy9TdGFydENvbSBDbGFzcyAyIFByaW1h
cnkgSW50ZXJtZWRpYXRlIENsaWVudCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
AMsohUWcASz7GfKrpTOMKqANy9BV7V0igWdGxA8IU77L3aTxErQ+fcxtDYZ36Z6GH0YFn7fq5RAD
teP0AYzrCA+EQTfi8q1+kA3m0nwtwXG94M5sIqsvs7lRP1aycBke/s5g9hJHryZ2acScnzczjBCA
o7X1v5G3yw8MDP2m2RCye0KfgZ4nODerZJVzhAlOD9YejvAXZqHksw56HzElVIoYSZ3q4+RJuPXX
fIoyby+Y2m1E+YzX5iCZXBx05gk6MKAW1vaw4/v2OOLy6FZH3XHHtOkzUreG//CsFnB9+uaYSlR6
5cdGzTsmoIK8WH1ygoXhRBm98SD7Hf/r3FELNvUCAwEAAaOCA1swggNXMAwGA1UdEwQFMAMBAf8w
CwYDVR0PBAQDAgGmMB0GA1UdDgQWBBSuVYNv7DHKufcd+q9rMfPIHeOsuzCBqAYDVR0jBIGgMIGd
gBROC+8apEBbpRdphzDKNGhD0EGu8qGBgaR/MH0xCzAJBgNVBAYTAklMMRYwFAYDVQQKEw1TdGFy
dENvbSBMdGQuMSswKQYDVQQLEyJTZWN1cmUgRGlnaXRhbCBDZXJ0aWZpY2F0ZSBTaWduaW5nMSkw
JwYDVQQDEyBTdGFydENvbSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eYIBATAJBgNVHRIEAjAAMD0G
CCsGAQUFBwEBBDEwLzAtBggrBgEFBQcwAoYhaHR0cDovL3d3dy5zdGFydHNzbC5jb20vc2ZzY2Eu
Y3J0MGAGA1UdHwRZMFcwLKAqoCiGJmh0dHA6Ly9jZXJ0LnN0YXJ0Y29tLm9yZy9zZnNjYS1jcmwu
Y3JsMCegJaAjhiFodHRwOi8vY3JsLnN0YXJ0c3NsLmNvbS9zZnNjYS5jcmwwggFdBgNVHSAEggFU
MIIBUDCCAUwGCysGAQQBgbU3AQEEMIIBOzAvBggrBgEFBQcCARYjaHR0cDovL2NlcnQuc3RhcnRj
b20ub3JnL3BvbGljeS5wZGYwNQYIKwYBBQUHAgEWKWh0dHA6Ly9jZXJ0LnN0YXJ0Y29tLm9yZy9p
bnRlcm1lZGlhdGUucGRmMIHQBggrBgEFBQcCAjCBwzAnFiBTdGFydCBDb21tZXJjaWFsIChTdGFy
dENvbSkgTHRkLjADAgEBGoGXTGltaXRlZCBMaWFiaWxpdHksIHJlYWQgdGhlIHNlY3Rpb24gKkxl
Z2FsIExpbWl0YXRpb25zKiBvZiB0aGUgU3RhcnRDb20gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkg
UG9saWN5IGF2YWlsYWJsZSBhdCBodHRwOi8vY2VydC5zdGFydGNvbS5vcmcvcG9saWN5LnBkZjAR
BglghkgBhvhCAQEEBAMCAAcwUAYJYIZIAYb4QgENBEMWQVN0YXJ0Q29tIENsYXNzIDIgUHJpbWFy
eSBJbnRlcm1lZGlhdGUgRnJlZSBTU0wgRW1haWwgQ2VydGlmaWNhdGVzMA0GCSqGSIb3DQEBBQUA
A4ICAQAe9xAX/vbphHkvkDdNrslXWdO7fD3JaqnTT3jmmDu55r7UpW1H/v/J40UBXsw9DKU8TylE
4RwZT5HDAMW42f1x498AzM4FOnL/pUTTvr6BiRlrify5ZovkDYVWjy1GYTJ+hPiBEv0HmHnDxjhn
JIIkEvJ+niMHLLEdpNMhZnxMiTFRAtIF4WeYcpgXBjAxsEDRKBvw40K+r3N4lykySQNp2ElIJ8H1
z2BmhxtppUdWpOVJ4Q1Gvn9jfV1qnMhFCDY+X1X8DrkKrTcpDExcGlefweQs7+DYUK3spiQkJpN7
qpPYlfy2GYHedv7lGa1ZAghMI/4882QVAK2zq6M60nHpOUMtYD61XtAs3ZD5L3yn9LCdeK2j4ZbQ
3uRdwvxAMFWwXyUK/ALP4lCu9QhxbnETOkBWT3FJul4/FUgzM0RRCEGhuQWiOFSoa35XJTcYf/4E
/ZuvOXhK04nUpe7DYTMWzRqL04yyoJQVHKHKSboytueydKuqFZKdJA9gi77OnPBYL/yxkXGgkLC9
tsi77oT4AgZry0/6lgX56ak+f/umQihNPgtKSQQjEYq9S8MlOHzpUM0vxsghATYsdUPBw6r6ZxDH
jXoUAD03DUMEbKsWvqFB7nJNVesngbu8miw1EYLA+fHfTaCidoV3CL75jKqM/KE87qrh9Fqti9bK
qnkvpTGCA2wwggNoAgEBMIGTMIGMMQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3RhcnRDb20gTHRk
LjErMCkGA1UECxMiU2VjdXJlIERpZ2l0YWwgQ2VydGlmaWNhdGUgU2lnbmluZzE4MDYGA1UEAxMv
U3RhcnRDb20gQ2xhc3MgMiBQcmltYXJ5IEludGVybWVkaWF0ZSBDbGllbnQgQ0ECAh5cMAkGBSsO
AwIaBQCgggGtMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTEyMDcy
MzE3MjA0NlowIwYJKoZIhvcNAQkEMRYEFBdNZYSqNZDGg00K6S01npqP9G9kMIGkBgkrBgEEAYI3
EAQxgZYwgZMwgYwxCzAJBgNVBAYTAklMMRYwFAYDVQQKEw1TdGFydENvbSBMdGQuMSswKQYDVQQL
EyJTZWN1cmUgRGlnaXRhbCBDZXJ0aWZpY2F0ZSBTaWduaW5nMTgwNgYDVQQDEy9TdGFydENvbSBD
bGFzcyAyIFByaW1hcnkgSW50ZXJtZWRpYXRlIENsaWVudCBDQQICHlwwgaYGCyqGSIb3DQEJEAIL
MYGWoIGTMIGMMQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMi
U2VjdXJlIERpZ2l0YWwgQ2VydGlmaWNhdGUgU2lnbmluZzE4MDYGA1UEAxMvU3RhcnRDb20gQ2xh
c3MgMiBQcmltYXJ5IEludGVybWVkaWF0ZSBDbGllbnQgQ0ECAh5cMA0GCSqGSIb3DQEBAQUABIIB
AClyvx/epBu3JUi3Ji4pBrRu4HczBp/ryS/U5cffP04UKZ/LepVWkm3VkZlmy0qgn/ljz27Fi0ZP
2HLxpxINUcAm275pmeCfRHgLQvRYn0ojruhgdGoC34NBzFihlXtBODkUvm3+JKd2RPr8EFJAASnk
5SXMTYLu/NjgrkW539KLBOkuxvB1QwXu184eztA8Vjigq/HpdlD+FofHAL8+CfiqLP28bU9Y0nHv
SlJke0w6ycfEPOqYsvnYmLcjrhaZMYfgi7BkZ/zoxeFKJBMVNhz3hWTo9GQPWr1YNNE5VIMBgx0F
oCAEfxCUrqf9ctY+Gz5rTtr9DclROeZPh5KWOjUAAAAAAAA=

--Apple-Mail=_01F811A0-7DB1-4B17-B8F8-231E2B8598C0--

From aiden449@gmail.com  Mon Jul 23 12:48:05 2012
Return-Path: 
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A26AE21F84B6 for ; Mon, 23 Jul 2012 12:48:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.598
X-Spam-Level: 
X-Spam-Status: No, score=-3.598 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TNR74MY3tNrq for ; Mon, 23 Jul 2012 12:48:04 -0700 (PDT)
Received: from mail-qc0-f172.google.com (mail-qc0-f172.google.com [209.85.216.172]) by ietfa.amsl.com (Postfix) with ESMTP id 17B7D21F84B5 for ; Mon, 23 Jul 2012 12:48:04 -0700 (PDT)
Received: by qcac10 with SMTP id c10so3796541qca.31 for ; Mon, 23 Jul 2012 12:48:03 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=d3+axAqqhHUgZ8J7xSqa/bbqVUboF/3aAV1ak/T8k8U=; b=mCqGybZz+GUpo4GjFLixoFDwPTJvWJ0HrvXtBSuUbA25giK/oVj1KknRkcS/f6veab g5ryvHHg6+SLlh1itI0qEHVu5RU/gO9032GqFYa9LDFSUjOaX0eqoOG4llBUxinUK2nB +iI+O/8tI8iexmO3TKHTAr/5y/2i4cyRnxuPG5pevNcvxYVJPrQKZy6dhMPtnQAk3gx4 ScuT4tVg/xU4/bm/84lltv4pcUu3yU8GjfRRQ6wFWLd46aKu2XvFISRhk5g3t5mQTH4P m0FuSo/ZRt0jDUy0c46qTpSqlvRNFSLdecFDKdsQF7nKtRDnW9rlx1cmJt1NKTqGBZWi PiqQ==
MIME-Version: 1.0
Received: by 10.224.45.8 with SMTP id c8mr26481358qaf.29.1343072883542; Mon, 23 Jul 2012 12:48:03 -0700 (PDT)
Received: by 10.224.115.211 with HTTP; Mon, 23 Jul 2012 12:48:03 -0700 (PDT)
In-Reply-To: <80AD696E-EF75-4097-A554-F3A7FF09B9E5@ve7jtb.com>
References:     <500D85CD.2020800@stpeter.im>  <80AD696E-EF75-4097-A554-F3A7FF09B9E5@ve7jtb.com>
Date: Mon, 23 Jul 2012 20:48:03 +0100
Message-ID: 
From: Aiden Bell 
To: John Bradley 
Content-Type: multipart/alternative; boundary=20cf3066791921888104c584865f
Cc: "" 
Subject: Re: [OAUTH-WG] Change in editorship of OAuth Core Spec
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG 
List-Unsubscribe: , 
List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: , 
X-List-Received-Date: Mon, 23 Jul 2012 19:48:05 -0000

--20cf3066791921888104c584865f
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

Thanks Eran, can't be an easy job :)

On 23 July 2012 18:20, John Bradley  wrote:

> I also want to thank Eran for all of his work.
>
> We would not have OAuth without his contributions.
>
> John B.
> On 2012-07-23, at 1:14 PM, Torsten Lodderstedt wrote:
>
> +1
>
>
>
> Peter Saint-Andre  schrieb:
>>
>> Indeed. Many thanks to Eran!
>>
>> On 7/23/12 11:08 AM, Brian Campbell wrote:
>> > +1
>> >
>> > Well said Justin. And thank you Eran.
>> >
>> > On Mon, Jul 23, 2012 at 11:05 AM, Richer, Justin P.  wrote:
>> >>>> Eran Hammer has decided to step down as Editor of the OAuth Core
>> >>>> specification.  I would like to personally thank Eran for all his y=
ears
>> >>>> of hard work and effort to the draft as well as to the working grou=
p at
>> >>>> large.
>> >>>
>> >>> As former chair, I want to add my thanks.  Eran has done a *lot* of
>> >>> work on the OAuth documents over the last years, and deserves much
>> >>> appreciation for it.
>> >>
>> >> Late to the party, but I also want to publicly thank Eran for what ha=
s been a nearly th
>>  ankless
>> job over the last few years. It's very difficult wrangling a pack of ang=
ry nerds and trying to express a group consensus, to be sure. In the end I =
think we have a specification document that is readable, makes sense, and w=
ill ultimately be one of the most useful protocols on the internet over the=
 next few years. I know it hasn't been easy, and things probably could have=
 gone a lot better than they did, but even still: Thank you.
>> >>
>> >>  -- Justin
>> >>
>> ------------------------------
>>
>> >> OAuth mailing list
>> >> OAuth@ietf.org
>> >> https://www.ietf.org/mailman/listinfo/oauth
>> >
>> ------------------------------
>>
>> > OAuth mailing list
>> > OAuth@ietf.org
>> > https://www.ietf.org/mailman/listinfo/oauth
>> >
>> ------------------------------
>>
>> OAuth mailing list
>> OAuth@ietf.org
>> https://www.ietf.org/mailman/listinfo/oauth
>>
>> _______________________________________________
>
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth
>
>
>
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth
>
>


--=20
------------------------------------------------------------------
Never send sensitive or private information via email unless it is
encrypted. http://www.gnupg.org

--20cf3066791921888104c584865f
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

Thanks Eran, can't be an easy job :)

=
On 23 July 2012 18:20, John Bradley <ve7jtb@ve7jtb.com> wrot=
e:


I also w=
ant to thank Eran for all of his work.

We would not have=
 OAuth without his contributions.



John B.
On 2012-07-=
23, at 1:14 PM, Torsten Lodderstedt wrote:

+1






Peter Saint-Andre <stpeter@stpeter.im> schrieb:



Indeed. Many thanks to Eran!

On 7/23/12 11:08 AM, Brian Campbel=
l wrote:
> +1
> 
> Well said Justin. And thank you Eran.<=
br>
> 
> On Mon, Jul 23, 2012 at 11:05 AM, Richer, Justin P. <jricher@mitre.org>=
 wrote:
>>>> Eran Hammer has decided to step down as Editor =
of the OAuth Core

>>>> specification.  I would like to personally thank Eran for =
all his years
>>>> of hard work and effort to the draft as w=
ell as to the working group at
>>>> large.
>>>
>>> As former chair, I want to add my thanks.  Eran has done a *lo=
t* of
>>> work on the OAuth documents over the last years, and =
deserves much
>>> appreciation for it.
>>
>> =
Late to the party, but I also want to publicly thank Eran for what has been=
 a nearly th
 ankless
job over the last few years. It's very difficult wrangling a pack of an=
gry nerds and trying to express a group consensus, to be sure. In the end I=
 think we have a specification document that is readable, makes sense, and =
will ultimately be one of the most useful protocols on the internet over th=
e next few years. I know it hasn't been easy, and things probably could=
 have gone a lot better than they did, but even still: Thank you.

>>
>>  -- Justin
>>

>> OAuth mailing l=
ist
>> OAuth@i=
etf.org
>> https://www.ietf.org/mailman/listinfo/oauth

>

> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman=
/listinfo/oauth

> 

OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/=
oauth


________________________________=
_______________

OAuth mailing list
OAuth@ietf.org
https://www.ietf.o=
rg/mailman/listinfo/oauth




______________________________=
_________________

OAuth mailing list

OAuth@ietf.org

h=
ttps://www.ietf.org/mailman/listinfo/oauth





-- 
--------=
----------------------------------------------------------
Never send se=
nsitive or private information via email unless it is encrypted. http://www.gnupg.org



--20cf3066791921888104c584865f--

From torsten@lodderstedt.net  Wed Jul 25 09:19:04 2012
Return-Path: 
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C457221F86E4 for ; Wed, 25 Jul 2012 09:19:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.077
X-Spam-Level: 
X-Spam-Status: No, score=-2.077 tagged_above=-999 required=5 tests=[AWL=0.171,  BAYES_00=-2.599, HELO_EQ_DE=0.35, HTML_MESSAGE=0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SC+oPH4uoYvf for ; Wed, 25 Jul 2012 09:19:03 -0700 (PDT)
Received: from smtprelay05.ispgateway.de (smtprelay05.ispgateway.de [80.67.31.98]) by ietfa.amsl.com (Postfix) with ESMTP id E79AC21F86D1 for ; Wed, 25 Jul 2012 09:19:02 -0700 (PDT)
Received: from [79.253.54.1] (helo=[192.168.71.42]) by smtprelay05.ispgateway.de with esmtpsa (TLSv1:AES256-SHA:256) (Exim 4.68) (envelope-from ) id 1Su4Ie-0003EM-AK; Wed, 25 Jul 2012 18:19:00 +0200
Message-ID: <50101C74.6060005@lodderstedt.net>
Date: Wed, 25 Jul 2012 18:19:00 +0200
From: Torsten Lodderstedt 
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:14.0) Gecko/20120713 Thunderbird/14.0
MIME-Version: 1.0
To: Hannes Tschofenig 
References: <09CE58C6-9409-4E28-B4CA-DC76C37B898E@gmx.net> <4E1F6AAD24975D4BA5B16804296739436672BBBE@TK5EX14MBXC285.redmond.corp.microsoft.com>  <6DEBD33A-815E-460D-934E-A684AED2BA6B@ve7jtb.com>  <5E393DF26B791A428E5F003BB6C5342A108171DC@OC11EXPO24.exchange.mit.edu>
In-Reply-To: <5E393DF26B791A428E5F003BB6C5342A108171DC@OC11EXPO24.exchange.mit.edu>
Content-Type: multipart/alternative; boundary="------------090107050103050407070505"
X-Df-Sender: dG9yc3RlbkBsb2RkZXJzdGVkdC1vbmxpbmUuZGU=
Cc: Derek Atkins , "oauth@ietf.org WG" 
Subject: Re: [OAUTH-WG] Meeting slot for the Vancouver IETF meeting requested
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG 
List-Unsubscribe: , 
List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: , 
X-List-Received-Date: Wed, 25 Jul 2012 16:19:05 -0000

This is a multi-part message in MIME format.
--------------090107050103050407070505
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit

Hi Hannes,

I'm unfortunately had to cancel my trip to IETF-84. Phil will cover the 
status of the threat model document. But none of the authors of the 
Revocation Draft will be attending. So I would ask you to postpone the 
presentation of this I-D to the next IETF meeting as well.

best regards,
Torsten.

Am 23.07.2012 17:02, schrieb Thomas Hardjono:
> Hannes, Derek,
>
> Would it possible to postpone presentation/discussion of the Dyn-Reg
> draft (Dynamic Client Registration Protocol) to the Atlanta/November
> IETF meeting?
>
> The reason is that none of the proposers will be attending the
> Vancouver IETF in-person.
>
> Thanks.
>
> /thomas/
>
> __________________________________________
>
>
>> -----Original Message-----
>> From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On
> Behalf
>> Of Hannes Tschofenig
>> Sent: Sunday, July 15, 2012 1:58 PM
>> To: John Bradley
>> Cc: oauth@ietf.org WG
>> Subject: Re: [OAUTH-WG] Meeting slot for the Vancouver IETF meeting
>> requested
>>
>> Hi all,
>>
>> I have uploaded an agenda for the meeting.
>>
>> I am assuming that all these items do not require discussion time
>> anymore:
>> * draft-ietf-oauth-assertions
>> * draft-ietf-oauth-saml2-bearer
>> * draft-ietf-oauth-urn-sub-ns
>> * draft-ietf-oauth-v2
>> * draft-ietf-oauth-v2-bearer
>>
>> Hence, we can focus on the new items. As discussed in the mail below
> I
>> put a separate slot for discussion of the holder-of-the-key/MAC
> token
>> security discussion on the agenda. I would suggest that a couple of
> us
>> meeting during the IETF week to work together on a presentation that
>> provides some concrete suggestions for next steps to the rest of the
>> group.
>>
>> I also put the following persons on the spot for the presentations
> of
>> working group items:
>>
>> - OAuth Dynamic Client Registration Protocol (Thomas)
>> - JSON Web Token (JWT) (Mike)
>> - JSON Web Token (JWT) Bearer Token Profiles for OAuth 2.0 (Mike)
>> - Token Revocation (Torsten)
>> - SAML 2.0 Bearer Assertion Profiles for OAuth 2.0 (Brian)
>> - OAuth Use Cases (Zachary)
>>
>> Let me know if you want someone else to give the presentation.
>>
>> As a preparation for the meeting it would be good if you could
>> (a) identify the open issues with your document, and
>> (b) find one or two reviewers to have a look at your document during
>> the next two weeks.
>>
>> Ciao
>> Hannes
>>
>> On Jul 15, 2012, at 5:59 PM, John Bradley wrote:
>>
>>> Yes we need to get clearer on the the threats and use cases.
>>>
>>> I think Phil Hunt has some though there is likely overlap.
>>>
>>> Part of the problem with MAC was people never agreed on the
> threats
>> it was mitigating.
>>> I can present something or coordinate with Tony or Phil.
>>>
>>> John B.
>>>
>>> On 2012-07-14, at 9:36 PM, Anthony Nadalin wrote:
>>>
>>>> How about a few min on proof-of-possession requirements? I can
>> present our use cases and requirements
>>>> -----Original Message-----
>>>> From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On
>> Behalf Of Mike Jones
>>>> Sent: Friday, July 13, 2012 4:42 PM
>>>> To: Hannes Tschofenig; oauth@ietf.org WG
>>>> Subject: Re: [OAUTH-WG] Meeting slot for the Vancouver IETF
> meeting
>> requested
>>>> I'm willing to do 5 minutes on the status of the Core and Bearer
>> documents.
>>>> I'm willing to give an update on JWT and the JWT Bearer -
> probably
>> 15 minutes.  It's probably good that we're a day after the JOSE WG
>> meeting, given the JWT dependency upon the JOSE specs.
>>>> I'm willing to be part of a discussion on the Assertions draft,
> but
>> would appreciate doing this with Brian and/or Chuck - I'm guessing
> 15
>> minutes for that as well.  (I'm not certain this will be needed, but
>> I'd like to review the recent changes before saying that it's not.)
>>>> Looking forward to seeing many of you in Vancouver!
>>>>
>>>> 				-- Mike
>>>>
>>>> -----Original Message-----
>>>> From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On
>> Behalf Of Hannes Tschofenig
>>>> Sent: Saturday, June 02, 2012 12:46 AM
>>>> To: oauth@ietf.org WG
>>>> Subject: [OAUTH-WG] Meeting slot for the Vancouver IETF meeting
>> requested
>>>> Hi all,
>>>>
>>>> I have requested a 2,5 hour slot for the upcoming meeting.
>>>>
>>>> While the next meeting is still a bit away it is nevertheless
> useful
>> to hear
>>>> * whether you plan to attend the next meeting, and
>>>> * whether you want to present something.
>>>>
>>>> I could imagine that these documents will be discussed:
>>>> * draft-ietf-oauth-dyn-reg
>>>> * draft-ietf-oauth-json-web-token
>>>> * draft-ietf-oauth-jwt-bearer
>>>> * draft-ietf-oauth-revocation
>>>> * draft-ietf-oauth-use-cases
>>>>
>>>> To the draft authors of these docuemnts: Please think about the
> open
>> issues and drop a mail to the list so that we make some progress
>> already before the face-to-face meeting.
>>>> I am assume that the following documents do not require any
>> discussion time at the upcoming IETF meeting anymore:
>>>> * draft-ietf-oauth-assertions
>>>> * draft-ietf-oauth-saml2-bearer
>>>> * draft-ietf-oauth-urn-sub-ns
>>>> * draft-ietf-oauth-v2
>>>> * draft-ietf-oauth-v2-bearer
>>>>
>>>> Ciao
>>>> Hannes
>>>>
>>>> _______________________________________________
>>>> OAuth mailing list
>>>> OAuth@ietf.org
>>>> https://www.ietf.org/mailman/listinfo/oauth
>>>>
>>>>
>>>> _______________________________________________
>>>> OAuth mailing list
>>>> OAuth@ietf.org
>>>> https://www.ietf.org/mailman/listinfo/oauth
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> OAuth mailing list
>>>> OAuth@ietf.org
>>>> https://www.ietf.org/mailman/listinfo/oauth
>> _______________________________________________
>> OAuth mailing list
>> OAuth@ietf.org
>> https://www.ietf.org/mailman/listinfo/oauth
>>
>>
>> _______________________________________________
>> OAuth mailing list
>> OAuth@ietf.org
>> https://www.ietf.org/mailman/listinfo/oauth


--------------090107050103050407070505
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit


  
    
  
  
    Hi Hannes,

    

    I'm unfortunately had to cancel my trip to IETF-84. Phil will cover
    the status of the threat model document. But none of the authors of
    the Revocation Draft will be attending. So I would ask you to
    postpone the presentation of this I-D to the next IETF meeting as
    well.

    

    best regards,

    Torsten.

     

    
Am 23.07.2012 17:02, schrieb Thomas
      Hardjono:

    

    

      
Hannes, Derek,

Would it possible to postpone presentation/discussion of the Dyn-Reg
draft (Dynamic Client Registration Protocol) to the Atlanta/November
IETF meeting?

The reason is that none of the proposers will be attending the
Vancouver IETF in-person.

Thanks.

/thomas/

__________________________________________




      

        
-----Original Message-----
From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On


      

      
Behalf


      

        
Of Hannes Tschofenig
Sent: Sunday, July 15, 2012 1:58 PM
To: John Bradley
Cc: oauth@ietf.org WG
Subject: Re: [OAUTH-WG] Meeting slot for the Vancouver IETF meeting
requested

Hi all,

I have uploaded an agenda for the meeting.

I am assuming that all these items do not require discussion time
anymore:
* draft-ietf-oauth-assertions
* draft-ietf-oauth-saml2-bearer
* draft-ietf-oauth-urn-sub-ns
* draft-ietf-oauth-v2
* draft-ietf-oauth-v2-bearer

Hence, we can focus on the new items. As discussed in the mail below


      

      
I


      

        
put a separate slot for discussion of the holder-of-the-key/MAC


      

      
token


      

        
security discussion on the agenda. I would suggest that a couple of


      

      
us


      

        
meeting during the IETF week to work together on a presentation that
provides some concrete suggestions for next steps to the rest of the
group.

I also put the following persons on the spot for the presentations


      

      
of


      

        
working group items:

- OAuth Dynamic Client Registration Protocol (Thomas)
- JSON Web Token (JWT) (Mike)
- JSON Web Token (JWT) Bearer Token Profiles for OAuth 2.0 (Mike)
- Token Revocation (Torsten)
- SAML 2.0 Bearer Assertion Profiles for OAuth 2.0 (Brian)
- OAuth Use Cases (Zachary)

Let me know if you want someone else to give the presentation.

As a preparation for the meeting it would be good if you could
(a) identify the open issues with your document, and
(b) find one or two reviewers to have a look at your document during
the next two weeks.

Ciao
Hannes

On Jul 15, 2012, at 5:59 PM, John Bradley wrote:



        

          
Yes we need to get clearer on the the threats and use cases.

I think Phil Hunt has some though there is likely overlap.

Part of the problem with MAC was people never agreed on the


        

      

      
threats


      

        
it was mitigating.


        

          
I can present something or coordinate with Tony or Phil.

John B.

On 2012-07-14, at 9:36 PM, Anthony Nadalin wrote:



          

            
How about a few min on proof-of-possession requirements? I can


          

        

        
present our use cases and requirements


        

          

            
-----Original Message-----
From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On


          

        

        
Behalf Of Mike Jones


        

          

            
Sent: Friday, July 13, 2012 4:42 PM
To: Hannes Tschofenig; oauth@ietf.org WG
Subject: Re: [OAUTH-WG] Meeting slot for the Vancouver IETF


          

        

      

      
meeting


      

        
requested


        

          

            
I'm willing to do 5 minutes on the status of the Core and Bearer


          

        

        
documents.


        

          

            
I'm willing to give an update on JWT and the JWT Bearer -


          

        

      

      
probably


      

        
15 minutes.  It's probably good that we're a day after the JOSE WG
meeting, given the JWT dependency upon the JOSE specs.


        

          

            
I'm willing to be part of a discussion on the Assertions draft,


          

        

      

      
but


      

        
would appreciate doing this with Brian and/or Chuck - I'm guessing


      

      
15


      

        
minutes for that as well.  (I'm not certain this will be needed, but
I'd like to review the recent changes before saying that it's not.)


        

          

            
Looking forward to seeing many of you in Vancouver!

				-- Mike

-----Original Message-----
From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On


          

        

        
Behalf Of Hannes Tschofenig


        

          

            
Sent: Saturday, June 02, 2012 12:46 AM
To: oauth@ietf.org WG
Subject: [OAUTH-WG] Meeting slot for the Vancouver IETF meeting


          

        

        
requested


        

          

            
Hi all,

I have requested a 2,5 hour slot for the upcoming meeting.

While the next meeting is still a bit away it is nevertheless


          

        

      

      
useful


      

        
to hear


        

          

            
* whether you plan to attend the next meeting, and
* whether you want to present something.

I could imagine that these documents will be discussed:
* draft-ietf-oauth-dyn-reg
* draft-ietf-oauth-json-web-token
* draft-ietf-oauth-jwt-bearer
* draft-ietf-oauth-revocation
* draft-ietf-oauth-use-cases

To the draft authors of these docuemnts: Please think about the


          

        

      

      
open


      

        
issues and drop a mail to the list so that we make some progress
already before the face-to-face meeting.


        

          

            
I am assume that the following documents do not require any


          

        

        
discussion time at the upcoming IETF meeting anymore:


        

          

            
* draft-ietf-oauth-assertions
* draft-ietf-oauth-saml2-bearer
* draft-ietf-oauth-urn-sub-ns
* draft-ietf-oauth-v2
* draft-ietf-oauth-v2-bearer

Ciao
Hannes

_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth


_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth





_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth


          

          

        

        
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth


        

        

        

        
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth


      

    

    

  


--------------090107050103050407070505--

From lear@cisco.com  Wed Jul 25 09:20:20 2012
Return-Path: 
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4438121F8690 for ; Wed, 25 Jul 2012 09:20:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -110.599
X-Spam-Level: 
X-Spam-Status: No, score=-110.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SYJCGMQX5EEP for ; Wed, 25 Jul 2012 09:20:18 -0700 (PDT)
Received: from mtv-iport-3.cisco.com (mtv-iport-3.cisco.com [173.36.130.14]) by ietfa.amsl.com (Postfix) with ESMTP id 8911B21F869C for ; Wed, 25 Jul 2012 09:20:18 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=lear@cisco.com; l=631; q=dns/txt; s=iport; t=1343233218; x=1344442818; h=message-id:date:from:mime-version:to:cc:subject: references:in-reply-to:content-transfer-encoding; bh=f1reyJd6FrpNHN1U6++xtRYk7qkYPXh73MD5htJxZRE=; b=VX6dZc3KxFsgStGlf/SVzR70Hs6vQTsIpZPra7JzIki/j8PrXhoCd4aL 0GJXEzSbyczefNRiuS3Pb0fE5M+M1ftfT+I5+H69FQlvzwdNN7jFvKkyd 3vSkYUBdamDjI8uWtiBYGaIxvH46LWG1HESiJFHa79hj0sxSbPPCSyF6T A=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AgAFABccEFCrRDoJ/2dsb2JhbABFhXGzc4EHgiABAQEEEgEQVQEQCxgCAgUWCwICCQMCAQIBRQYNAQcBAR6HapsqjRmTPIEgkA+BEgOVSY4ngWaCYQ
X-IronPort-AV: E=Sophos;i="4.77,653,1336348800"; d="scan'208";a="50423275"
Received: from mtv-core-4.cisco.com ([171.68.58.9]) by mtv-iport-3.cisco.com with ESMTP; 25 Jul 2012 16:20:17 +0000
Received: from elear-mac.local ([10.154.208.42]) by mtv-core-4.cisco.com (8.14.5/8.14.5) with ESMTP id q6PGKHpC001886 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 25 Jul 2012 16:20:17 GMT
Message-ID: <50101CBF.9010208@cisco.com>
Date: Wed, 25 Jul 2012 18:20:15 +0200
From: Eliot Lear 
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:14.0) Gecko/20120713 Thunderbird/14.0
MIME-Version: 1.0
To: "Richer, Justin P." 
References:   
In-Reply-To: 
X-Enigmail-Version: 1.4.3
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
Cc: Barry Leiba , "" 
Subject: Re: [OAUTH-WG] Change in editorship of OAuth Core Spec
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG 
List-Unsubscribe: , 
List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: , 
X-List-Received-Date: Wed, 25 Jul 2012 16:20:20 -0000

Indeed.  Erin, thank you so much.

Eliot


On 7/23/12 7:05 PM, Richer, Justin P. wrote:
> Late to the party, but I also want to publicly thank Eran for what has been a nearly thankless job over the last few years. It's very difficult wrangling a pack of angry nerds and trying to express a group consensus, to be sure. In the end I think we have a specification document that is readable, makes sense, and will ultimately be one of the most useful protocols on the internet over the next few years. I know it hasn't been easy, and things probably could have gone a lot better than they did, but even still: Thank you.
>
>


From bcampbell@pingidentity.com  Wed Jul 25 11:03:35 2012
Return-Path: 
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A312D21F8717 for ; Wed, 25 Jul 2012 11:03:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.984
X-Spam-Level: 
X-Spam-Status: No, score=-5.984 tagged_above=-999 required=5 tests=[AWL=-0.007, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EhIYrBlC89tr for ; Wed, 25 Jul 2012 11:03:33 -0700 (PDT)
Received: from na3sys009aog108.obsmtp.com (na3sys009aog108.obsmtp.com [74.125.149.199]) by ietfa.amsl.com (Postfix) with ESMTP id 8200D21F8713 for ; Wed, 25 Jul 2012 11:03:33 -0700 (PDT)
Received: from mail-vb0-f54.google.com ([209.85.212.54]) (using TLSv1) by na3sys009aob108.postini.com ([74.125.148.12]) with SMTP ID DSNKUBA09OXoAQrKSV9w4Q1K4VoFq4yNtizl@postini.com; Wed, 25 Jul 2012 11:03:33 PDT
Received: by vbmv11 with SMTP id v11so1435479vbm.27 for ; Wed, 25 Jul 2012 11:03:32 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type:content-transfer-encoding:x-gm-message-state; bh=JsL37V7Z1dgcGzAUtAznrFOsKjDb8S22ykgjvtqWkT8=; b=l9ntpCjmkjtCPvL8LIp7D2FVa09DY591kxyB9BwBpQSWbySqpqZW5x13YzAGFLiv8t EMZ2nAk7h9Ghbj+eyv5T++XARVw21AVuOoJi8IznTSyPEFCsFYk35xx0NHSbDzL688mp ap2wIKsGRqP3wUs30qzWf2OghhGr+kk6WM8k/S4AIm8QQR0mEshsdGTI0NGmKhzKSXD6 HSDKJnxTxntgfzD62gUrz62uyTDRYKmTpvzaFrjUxAvZOp6t9lPdsIS+cqEvz2MoGn3/ LaliJ4eWI++Y1xZidPz08LSzr+e7NzJppNDFVFwY6WI8bJC5rNQy1Zt0DEJLInkqvvhp yerA==
Received: by 10.220.221.72 with SMTP id ib8mr10115708vcb.25.1343239412099; Wed, 25 Jul 2012 11:03:32 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.52.162.130 with HTTP; Wed, 25 Jul 2012 11:03:01 -0700 (PDT)
In-Reply-To: <6CC027AE-A714-4938-9D96-6B46B4F76E2A@oracle.com>
References:   <6CC027AE-A714-4938-9D96-6B46B4F76E2A@oracle.com>
From: Brian Campbell 
Date: Wed, 25 Jul 2012 12:03:01 -0600
Message-ID: 
To: Phil Hunt 
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
X-Gm-Message-State: ALoCoQl8Jdn4qB/u6OUoNlWv3wEC3fhA5HRsZeHh48G7B1CbrZ4OElP7hnIxpHjlkz4dEK8Ziy7O
Cc: "oauth@ietf.org WG" 
Subject: Re: [OAUTH-WG] Clarification enhancement for saml2 bearer spec
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG 
List-Unsubscribe: , 
List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: , 
X-List-Received-Date: Wed, 25 Jul 2012 18:03:36 -0000

I'm really inclined to keep it such that that is an option. We've got
product features that allow for it an assertion grant to be used alone
now and I think they are really useful in some cases.  And I think
this use case is different enough from the authorization code
situation that the fix for the code swapping there doesn't really
apply here.

Just one point of clarification: when an assertion is used as a grant
alone with no client identification or authentication, the assertion
doesn't authenticate the client. The client is anonymous. The issuer
of the assertion may give some clues about the client or the security
domain of the client. But it doesn't necessarily directly identify the
client.

Sorry (as usual) for the delayed response. And I've still got it on my
queue to propose some new text for the points of confusion you raised
in the beginning of this thread.


On Tue, Jul 3, 2012 at 3:47 PM, Phil Hunt  wrote:
>
> On 2012-07-03, at 2:12 PM, Brian Campbell wrote:
>
>> Thanks for the feedback Phil.
>>
>> In the case of =A72.1, "Using SAML Assertions as Authorization Grants"
>> the intent was to allow for such a SAML grant to be used with or
>> without client authentication. Whether or not client authentication is
>> required (and what type of authentication) would be a
>> deployment/policy decision of the AS. But both are possible from the
>> spec.
>>
> Yes. This makes sense. However in light of the recent discussion about be=
arer
> codes and tokens I'm a little more nervous of convolving the grant and cl=
ient
> authentication together. It's really the token server that should properl=
y
> authenticate the client and obscuring that act by combining in a single g=
rant
> may serve to confuse. There is also the issue of offering too many choice=
s.
>
> Just an opinion, but I can live with your suggestion that grant can be us=
ed alone.

From bcampbell@pingidentity.com  Wed Jul 25 12:08:24 2012
Return-Path: 
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 72B3921F8675 for ; Wed, 25 Jul 2012 12:08:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.984
X-Spam-Level: 
X-Spam-Status: No, score=-5.984 tagged_above=-999 required=5 tests=[AWL=-0.007, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JMqpOL3q-eJw for ; Wed, 25 Jul 2012 12:08:23 -0700 (PDT)
Received: from na3sys009aog117.obsmtp.com (na3sys009aog117.obsmtp.com [74.125.149.242]) by ietfa.amsl.com (Postfix) with ESMTP id 963DF21F8746 for ; Wed, 25 Jul 2012 12:08:23 -0700 (PDT)
Received: from mail-vb0-f46.google.com ([209.85.212.46]) (using TLSv1) by na3sys009aob117.postini.com ([74.125.148.12]) with SMTP ID DSNKUBBEHbWJoBTcoi7LhqvrX21d62AsW1XG@postini.com; Wed, 25 Jul 2012 12:08:23 PDT
Received: by vbbff1 with SMTP id ff1so1014590vbb.5 for ; Wed, 25 Jul 2012 12:08:12 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:from:date:message-id:subject:to:content-type :content-transfer-encoding:x-gm-message-state; bh=TSaNJ7TV6yynvVG2cRZRXtD95kJdwLejoE+Maesar20=; b=QPd0Hkxo6RtStynBe30d7986rM4SJGtrtU+fyB25isqt5Na29gC0spGKVe4rrWHOjj LynSCox+jh2lBgW9a6ouAXAFoITnP0pIVuD/4Ese/CgEIa6FYS2/Y0Rp2A0ffuLT4PmZ w9wQVkkgAsVfQDOlQ4le/1fQ5YgrbJHZFf4JGUwWt1CgYcC1AoVbuioPg7Iu8giFtrgg YCN92OdtE//+1Y8AJ1wxNtS0kheNkcwgV+bOGcfAbtdQu56g6xDKKe7SiXxTcU/3y5P6 HfGFOOwxgRosAXwVY2mme3im0asZ9tjGjmnGyoqUIwDLdEuMHTgJY43l1RJbqw5UqiWq /rag==
Received: by 10.52.180.230 with SMTP id dr6mr16464694vdc.130.1343243292326; Wed, 25 Jul 2012 12:08:12 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.52.162.130 with HTTP; Wed, 25 Jul 2012 12:07:42 -0700 (PDT)
From: Brian Campbell 
Date: Wed, 25 Jul 2012 13:07:42 -0600
Message-ID: 
To: oauth 
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
X-Gm-Message-State: ALoCoQm0TZJue6pooUR6dvYzEsci5OyNCZT6oevkYYcm5RbRVzdwpucNfplDcKFqDpG/7dwdlUJI
Subject: [OAUTH-WG] overreach of the scope of when client_id is required from public clients?
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG 
List-Unsubscribe: , 
List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: , 
X-List-Received-Date: Wed, 25 Jul 2012 19:08:24 -0000

In -29 the quoted text below was introduced to =A73.2.1 Client
Authentication [1] to protect clients against authorization code
substitution. However, the text's placement under 3.2. Token Endpoint
[2] and some of the wording suggest that public clients must use
client_id on all requests to the token endpoint, regardless of grant
type, even though the change was introduced only to mitigate an issue
with the authentication code.

"A public client that was not issued a client password MUST use the
   "client_id" request parameter to identify itself when sending
   requests to the token endpoint.  This allows the authorization server
   to ensure that the code was issued to the same client.  Sending
   "client_id" prevents the client from inadvertently accepting a code
   intended for a client with a different "client_id".  This protects
   the client from substitution of the authentication code.  (It
   provides no additional security for the protected resource.)"

Was the change intended to be that broad? I think it goes too far.
There are cases, like extension grants and even the resource owner
credentials grant type, where it's useful to allow requests from
unidentified clients.

Could that text (or the spirit of it) be moved somewhere under the
specific sections on the Authorization Code Grant so that it only
applies to that grant type?


A somewhat related issue is the following text from =A72.3. Client Authenti=
cation

 "the authorization server MUST NOT rely
   on public client authentication for the purpose of identifying the
   client."

which seems to contradict the text from  =A73.2.1 above as well as the
following from 4.1.3. Access Token Request [3]

"o  ensure the authorization code was issued to the authenticated
      confidential client or to the public client identified by the
      "client_id" in the request,

Should the text in =A72.3 be loosened or somehow qualified so it doesn't
read like a contradiction?

Thanks,
Brian


[1] http://tools.ietf.org/html/draft-ietf-oauth-v2-30#section-3.2.1
[2] http://tools.ietf.org/html/draft-ietf-oauth-v2-30#section-3.2
[3] http://tools.ietf.org/html/draft-ietf-oauth-v2-30#section-2.3
[3] http://tools.ietf.org/html/draft-ietf-oauth-v2-30#section-4.1.3

From ve7jtb@ve7jtb.com  Wed Jul 25 15:21:10 2012
Return-Path: 
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 13DB621F85F9 for ; Wed, 25 Jul 2012 15:21:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.203
X-Spam-Level: 
X-Spam-Status: No, score=-2.203 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, MIME_QP_LONG_LINE=1.396, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id t1v9pnTlJ3Wy for ; Wed, 25 Jul 2012 15:21:09 -0700 (PDT)
Received: from mail-gh0-f172.google.com (mail-gh0-f172.google.com [209.85.160.172]) by ietfa.amsl.com (Postfix) with ESMTP id 3310521F85F6 for ; Wed, 25 Jul 2012 15:21:08 -0700 (PDT)
Received: by ghbg16 with SMTP id g16so1430643ghb.31 for ; Wed, 25 Jul 2012 15:21:08 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=references:in-reply-to:mime-version:content-transfer-encoding :content-type:message-id:cc:x-mailer:from:subject:date:to :x-gm-message-state; bh=nkd9oQ6oAPHEb8TzyHGQHKbFfGBWg8Kny0U6bTvwL0k=; b=ktQUPVMMDcSrQ1VTA/aUT6TMXV+Z12GiyaS7rNyZJlA2scNTODXn6GfmLamSHiHeOC WVsOTcBEF36n7PS3gKK8my+TyLHD/YAoKwfutHBLFDuC+NkvL3fWXoo1f+2UB78BNykb mWoeqATZfNuEIk7Tg8ROzbylgaJi8GoYqqSY7MMOcj+LzF+AV0XV0lc8Z0Y+ds+KnDuc 3RB1Ng+TFiplFdM5DaiUsJqdkTBaOft3wQ2WcF9IRtrKGxJbhcir9i2rQCyieU32unpd GacZgd6gs1pDFI2pvRfrzzaTuQE/GYa6T1+RXkhWun6KgLv/KdVp45ihSV/BX0l5lytl 4r0Q==
Received: by 10.101.175.29 with SMTP id c29mr7689543anp.13.1343254868530; Wed, 25 Jul 2012 15:21:08 -0700 (PDT)
Received: from [10.3.2.152] ([204.244.10.42]) by mx.google.com with ESMTPS id n15sm19869568anh.6.2012.07.25.15.21.06 (version=TLSv1/SSLv3 cipher=OTHER); Wed, 25 Jul 2012 15:21:07 -0700 (PDT)
References: 
In-Reply-To: 
Mime-Version: 1.0 (1.0)
Content-Transfer-Encoding: 7bit
Content-Type: multipart/signed; micalg=sha1; boundary=Apple-Mail-165D295C-998F-4604-B8F4-22A402AE99ED; protocol="application/pkcs7-signature"
Message-Id: 
X-Mailer: iPad Mail (9B206)
From: John Bradley 
Date: Wed, 25 Jul 2012 15:21:04 -0700
To: Brian Campbell 
X-Gm-Message-State: ALoCoQnWxFo4cof4SW9oRCjbc+PZAUFL9ptASjplC68bEijePa7WEIyd6VThlpqYebVasi5wIsMd
Cc: oauth 
Subject: Re: [OAUTH-WG] overreach of the scope of when client_id is required from public clients?
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG 
List-Unsubscribe: , 
List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: , 
X-List-Received-Date: Wed, 25 Jul 2012 22:21:10 -0000

--Apple-Mail-165D295C-998F-4604-B8F4-22A402AE99ED
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
	charset=utf-8

The client_id of a public client is self asserted in the request to the toke=
n endpoint, the authorization server can reject it if it is wrong without re=
lying on it to be correct.

I agree that the word identify in both places seems like a contradiction on t=
he surface.

4.1.3 could be softened from 'identified by' to 'indicated by'

For your first point, are there public clients without client_id?

If so how would a user revoke access?

One reading of 4.3 step c is that the server must authenticate the client.

If the intent really is to allow totally anonymous clients then I see your p=
oint.

Thoughts from others?

John B.=20

Sent from my iPad

On 2012-07-25, at 12:07 PM, Brian Campbell  wrot=
e:

> In -29 the quoted text below was introduced to =C2=A73.2.1 Client
> Authentication [1] to protect clients against authorization code
> substitution. However, the text's placement under 3.2. Token Endpoint
> [2] and some of the wording suggest that public clients must use
> client_id on all requests to the token endpoint, regardless of grant
> type, even though the change was introduced only to mitigate an issue
> with the authentication code.
>=20
> "A public client that was not issued a client password MUST use the
>   "client_id" request parameter to identify itself when sending
>   requests to the token endpoint.  This allows the authorization server
>   to ensure that the code was issued to the same client.  Sending
>   "client_id" prevents the client from inadvertently accepting a code
>   intended for a client with a different "client_id".  This protects
>   the client from substitution of the authentication code.  (It
>   provides no additional security for the protected resource.)"
>=20
> Was the change intended to be that broad? I think it goes too far.
> There are cases, like extension grants and even the resource owner
> credentials grant type, where it's useful to allow requests from
> unidentified clients.
>=20
> Could that text (or the spirit of it) be moved somewhere under the
> specific sections on the Authorization Code Grant so that it only
> applies to that grant type?
>=20
>=20
> A somewhat related issue is the following text from =C2=A72.3. Client Auth=
entication
>=20
> "the authorization server MUST NOT rely
>   on public client authentication for the purpose of identifying the
>   client."
>=20
> which seems to contradict the text from  =C2=A73.2.1 above as well as the
> following from 4.1.3. Access Token Request [3]
>=20
> "o  ensure the authorization code was issued to the authenticated
>      confidential client or to the public client identified by the
>      "client_id" in the request,
>=20
> Should the text in =C2=A72.3 be loosened or somehow qualified so it doesn'=
t
> read like a contradiction?
>=20
> Thanks,
> Brian
>=20
>=20
> [1] http://tools.ietf.org/html/draft-ietf-oauth-v2-30#section-3.2.1
> [2] http://tools.ietf.org/html/draft-ietf-oauth-v2-30#section-3.2
> [3] http://tools.ietf.org/html/draft-ietf-oauth-v2-30#section-2.3
> [3] http://tools.ietf.org/html/draft-ietf-oauth-v2-30#section-4.1.3
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth

--Apple-Mail-165D295C-998F-4604-B8F4-22A402AE99ED
Content-Disposition: attachment;
	filename=smime.p7s
Content-Type: application/pkcs7-signature;
	name=smime.p7s
Content-Transfer-Encoding: base64

MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIVvjCCBjQw
ggQcoAMCAQICASAwDQYJKoZIhvcNAQEFBQAwfTELMAkGA1UEBhMCSUwxFjAUBgNVBAoTDVN0YXJ0
Q29tIEx0ZC4xKzApBgNVBAsTIlNlY3VyZSBEaWdpdGFsIENlcnRpZmljYXRlIFNpZ25pbmcxKTAn
BgNVBAMTIFN0YXJ0Q29tIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA3MTAyNDIxMDI1NVoX
DTE3MTAyNDIxMDI1NVowgYwxCzAJBgNVBAYTAklMMRYwFAYDVQQKEw1TdGFydENvbSBMdGQuMSsw
KQYDVQQLEyJTZWN1cmUgRGlnaXRhbCBDZXJ0aWZpY2F0ZSBTaWduaW5nMTgwNgYDVQQDEy9TdGFy
dENvbSBDbGFzcyAyIFByaW1hcnkgSW50ZXJtZWRpYXRlIENsaWVudCBDQTCCASIwDQYJKoZIhvcN
AQEBBQADggEPADCCAQoCggEBAMsohUWcASz7GfKrpTOMKqANy9BV7V0igWdGxA8IU77L3aTxErQ+
fcxtDYZ36Z6GH0YFn7fq5RADteP0AYzrCA+EQTfi8q1+kA3m0nwtwXG94M5sIqsvs7lRP1aycBke
/s5g9hJHryZ2acScnzczjBCAo7X1v5G3yw8MDP2m2RCye0KfgZ4nODerZJVzhAlOD9YejvAXZqHk
sw56HzElVIoYSZ3q4+RJuPXXfIoyby+Y2m1E+YzX5iCZXBx05gk6MKAW1vaw4/v2OOLy6FZH3XHH
tOkzUreG//CsFnB9+uaYSlR65cdGzTsmoIK8WH1ygoXhRBm98SD7Hf/r3FELNvUCAwEAAaOCAa0w
ggGpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBSuVYNv7DHKufcd
+q9rMfPIHeOsuzAfBgNVHSMEGDAWgBROC+8apEBbpRdphzDKNGhD0EGu8jBmBggrBgEFBQcBAQRa
MFgwJwYIKwYBBQUHMAGGG2h0dHA6Ly9vY3NwLnN0YXJ0c3NsLmNvbS9jYTAtBggrBgEFBQcwAoYh
aHR0cDovL3d3dy5zdGFydHNzbC5jb20vc2ZzY2EuY3J0MFsGA1UdHwRUMFIwJ6AloCOGIWh0dHA6
Ly93d3cuc3RhcnRzc2wuY29tL3Nmc2NhLmNybDAnoCWgI4YhaHR0cDovL2NybC5zdGFydHNzbC5j
b20vc2ZzY2EuY3JsMIGABgNVHSAEeTB3MHUGCysGAQQBgbU3AQIBMGYwLgYIKwYBBQUHAgEWImh0
dHA6Ly93d3cuc3RhcnRzc2wuY29tL3BvbGljeS5wZGYwNAYIKwYBBQUHAgEWKGh0dHA6Ly93d3cu
c3RhcnRzc2wuY29tL2ludGVybWVkaWF0ZS5wZGYwDQYJKoZIhvcNAQEFBQADggIBADqpJw3I07QW
ke9plNBpxUxcffc7nUrIQpJHDci91DFG7fVhHRkMZ1J+BKg5UNUxIFJ2Z9B90Micc/NXcs7kPBRd
n6XGO/vPc87Y6R+cWS9Nc9+fp3Enmsm94OxOwI9wn8qnr/6o3mD4noP9JphwUPTXwHovjavRnhUQ
HLfo/i2NG0XXgTHXS2Xm0kVUozXqpYpAdumMiB/vezj1QHQJDmUdPYMcp+reg9901zkyT3fDW/iv
JVv6pWtkh6Pw2ytZT7mvg7YhX3V50Nv860cV11mocUVcqBLv0gcT+HBDYtbuvexNftwNQKD5193A
7zN4vG7CTYkXxytSjKuXrpEatEiFPxWgb84nVj25SU5q/r1Xhwby6mLhkbaXslkVtwEWT3Van49r
KjlK4XrUKYYWtnfzq6aSak5u0Vpxd1rY79tWhD3EdCvOhNz/QplNa+VkIsrcp7+8ZhP1l1b2U6Ma
xIVteuVMD3X0vziIwr7jxYae9FZjbxlpUemqXjcC0QaFfN7qI0JsQMALL7iGRBg7K0CoOBzECdD3
fuZil5kU/LP9cr1BK31U0Uy651bFnAMMMkqhAChIbn0ei72VnbpSsrrSdF0BAGYQ8vyHae5aCg+H
75dVCV33K6FuxZrf09yTz+Vx/PkdRUYkXmZz/OTfyJXsUOUXrym6KvI2rYpccSk5MIIHtTCCBp2g
AwIBAgICHlwwDQYJKoZIhvcNAQEFBQAwgYwxCzAJBgNVBAYTAklMMRYwFAYDVQQKEw1TdGFydENv
bSBMdGQuMSswKQYDVQQLEyJTZWN1cmUgRGlnaXRhbCBDZXJ0aWZpY2F0ZSBTaWduaW5nMTgwNgYD
VQQDEy9TdGFydENvbSBDbGFzcyAyIFByaW1hcnkgSW50ZXJtZWRpYXRlIENsaWVudCBDQTAeFw0x
MjAzMTgwNDMyNDhaFw0xNDAzMTkxMTA3MzJaMIGbMRkwFwYDVQQNExBHclRNNkxTN1gzNTc3OHM5
MQswCQYDVQQGEwJDTDEiMCAGA1UECBMZTWV0cm9wb2xpdGFuYSBkZSBTYW50aWFnbzEWMBQGA1UE
BxMNSXNsYSBkZSBNYWlwbzEVMBMGA1UEAxMMSm9obiBCcmFkbGV5MR4wHAYJKoZIhvcNAQkBFg9q
YnJhZGxleUBtZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCySuUEj3esFMs5
AZLAhPpyjp0DD+vAM+tFeXr8XahzgoOf5A3oJ0V4ejTwfzjpUlL0IOMsq+cr2NvHGzjBip6cp09v
eODO3yhztv1le1aQ6CzGAx/p0Fn8g+biVYGkJtKvex4MYNcSmITaVNleejtzbk6C5HgTpBqFykcA
FmN4RYrrmYwfbmCahF/kxjWTeq67nL4UJgIcTaLBTmPOr6YjceYbn35QwUvHV+NX7NOyVHDbpxAM
L+56nCN5hKnxLbqF9aKlVbBCPiOz8LtGg+2+3aLJ5T4tIfzWMbjCUBae2I4bVa2hdS5dZJwTGFyI
p4pYKd6bL2qqbFF8moFE54aVAgMBAAGjggQOMIIECjAJBgNVHRMEAjAAMAsGA1UdDwQEAwIEsDAd
BgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwQwHQYDVR0OBBYEFD8Dv8LEoSfOmqZmUvP2JpAz
Lbh5MB8GA1UdIwQYMBaAFK5Vg2/sMcq59x36r2sx88gd46y7MH4GA1UdEQR3MHWBD2picmFkbGV5
QG1lLmNvbYEPamJyYWRsZXlAbWUuY29tgRBqYnJhZGxleUBtYWMuY29tgRF2ZTdqdGJAdmU3anRi
LmNvbYETamJyYWRsZXlAd2luZ2FhLmNvbYEXam9obi5icmFkbGV5QHdpbmdhYS5jb20wggIhBgNV
HSAEggIYMIICFDCCAhAGCysGAQQBgbU3AQICMIIB/zAuBggrBgEFBQcCARYiaHR0cDovL3d3dy5z
dGFydHNzbC5jb20vcG9saWN5LnBkZjA0BggrBgEFBQcCARYoaHR0cDovL3d3dy5zdGFydHNzbC5j
b20vaW50ZXJtZWRpYXRlLnBkZjCB9wYIKwYBBQUHAgIwgeowJxYgU3RhcnRDb20gQ2VydGlmaWNh
dGlvbiBBdXRob3JpdHkwAwIBARqBvlRoaXMgY2VydGlmaWNhdGUgd2FzIGlzc3VlZCBhY2NvcmRp
bmcgdG8gdGhlIENsYXNzIDIgVmFsaWRhdGlvbiByZXF1aXJlbWVudHMgb2YgdGhlIFN0YXJ0Q29t
IENBIHBvbGljeSwgcmVsaWFuY2Ugb25seSBmb3IgdGhlIGludGVuZGVkIHB1cnBvc2UgaW4gY29t
cGxpYW5jZSBvZiB0aGUgcmVseWluZyBwYXJ0eSBvYmxpZ2F0aW9ucy4wgZwGCCsGAQUFBwICMIGP
MCcWIFN0YXJ0Q29tIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MAMCAQIaZExpYWJpbGl0eSBhbmQg
d2FycmFudGllcyBhcmUgbGltaXRlZCEgU2VlIHNlY3Rpb24gIkxlZ2FsIGFuZCBMaW1pdGF0aW9u
cyIgb2YgdGhlIFN0YXJ0Q29tIENBIHBvbGljeS4wNgYDVR0fBC8wLTAroCmgJ4YlaHR0cDovL2Ny
bC5zdGFydHNzbC5jb20vY3J0dTItY3JsLmNybDCBjgYIKwYBBQUHAQEEgYEwfzA5BggrBgEFBQcw
AYYtaHR0cDovL29jc3Auc3RhcnRzc2wuY29tL3N1Yi9jbGFzczIvY2xpZW50L2NhMEIGCCsGAQUF
BzAChjZodHRwOi8vYWlhLnN0YXJ0c3NsLmNvbS9jZXJ0cy9zdWIuY2xhc3MyLmNsaWVudC5jYS5j
cnQwIwYDVR0SBBwwGoYYaHR0cDovL3d3dy5zdGFydHNzbC5jb20vMA0GCSqGSIb3DQEBBQUAA4IB
AQARx8Pg+Yetf5bfNo/8qxHiDAsAvRRNozPXhIieDpr0XeRvxkNtNSd5L25uCmp4lA/YgVzRTmBC
cndd4Ifqn0jzya+bU2opDDxa9+CVLRohLX29+lOBclI90g7Ykk9GpoG1d/fOR1cnByRf3900yssZ
4a9oVP19Q11B0dTgEjWlVSmAqvv3pPstNz8RF8fyIWnX4KZ1WQnpjaIl1ZSniHXteZvFshPQJ1Lh
JKT9VbwsWyf+ZXPqEHvdW2HCMawiS7nhanilG6rUpf6kBOdGTekdFrXPebEkyars4RcQ1wJWb5sC
fJSthtSKU1L1RVNhLz/d1WwqI26kFo5k7686AmpUMIIHyTCCBbGgAwIBAgIBATANBgkqhkiG9w0B
AQUFADB9MQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMiU2Vj
dXJlIERpZ2l0YWwgQ2VydGlmaWNhdGUgU2lnbmluZzEpMCcGA1UEAxMgU3RhcnRDb20gQ2VydGlm
aWNhdGlvbiBBdXRob3JpdHkwHhcNMDYwOTE3MTk0NjM2WhcNMzYwOTE3MTk0NjM2WjB9MQswCQYD
VQQGEwJJTDEWMBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMiU2VjdXJlIERpZ2l0YWwg
Q2VydGlmaWNhdGUgU2lnbmluZzEpMCcGA1UEAxMgU3RhcnRDb20gQ2VydGlmaWNhdGlvbiBBdXRo
b3JpdHkwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDBiNsJvGxGfHiflXu1M5DycmLW
wTYgIiRezul38kMKogZkpMyONvg45iPwbm2xPN1yo4UcodM9tDMr0y+v/uqwQVlntsQGfQqedIXW
eUyAN3rfOQVSWff0G0ZDpNKFhdLDcfN1YjS6LIp/Ho/u7TTQEceWzVI9ujPW3U3eCztKS5/CJi/6
tRYccjV3yjxd5srhJosaNnZcAdt0FCX+7bWgiA/deMotHweXMAEtcnn6RtYTKqi5pquDSR3l8u/d
5AGOGAqPY1MWhWKpDhk6zLVmpsJrdAfkK+F2PrRt2PZE4XNiHzvEvqBTViVsUQn3qqvKv3b9bZvz
ndu/PWa8DFaqr5hIlTpL36dYUNk4dalb6kMMAv+Z6+hsTXBbKWWc3apdzK8BMewM69KN6Oqce+Zu
9ydmDBpI125C4z/eIT574Q1w+2OqqGwaVLRcJXrJosmLFqa7LH4XXgVNWG4SHQHuEhANxjJ/GP/8
9PrNbpHoNkm+Gkhpi8KWTRoSsmkXwQqQ1vp5Iki/untp+HDH+no32NgN0nZPV/+Qt+OR0t3vwmC3
Zzrd/qqc8NSLf3Iizsafl7b4r4qgEKjZ+xjGtrVcUjyJthkqcwEKDwOzEmDyei+B26Nu/yYwl/WL
3YlXtq09s68rxbd2AvCl1iuahhQqcvbjM4xdCUsT37uMdBNSSwIDAQABo4ICUjCCAk4wDAYDVR0T
BAUwAwEB/zALBgNVHQ8EBAMCAa4wHQYDVR0OBBYEFE4L7xqkQFulF2mHMMo0aEPQQa7yMGQGA1Ud
HwRdMFswLKAqoCiGJmh0dHA6Ly9jZXJ0LnN0YXJ0Y29tLm9yZy9zZnNjYS1jcmwuY3JsMCugKaAn
hiVodHRwOi8vY3JsLnN0YXJ0Y29tLm9yZy9zZnNjYS1jcmwuY3JsMIIBXQYDVR0gBIIBVDCCAVAw
ggFMBgsrBgEEAYG1NwEBATCCATswLwYIKwYBBQUHAgEWI2h0dHA6Ly9jZXJ0LnN0YXJ0Y29tLm9y
Zy9wb2xpY3kucGRmMDUGCCsGAQUFBwIBFilodHRwOi8vY2VydC5zdGFydGNvbS5vcmcvaW50ZXJt
ZWRpYXRlLnBkZjCB0AYIKwYBBQUHAgIwgcMwJxYgU3RhcnQgQ29tbWVyY2lhbCAoU3RhcnRDb20p
IEx0ZC4wAwIBARqBl0xpbWl0ZWQgTGlhYmlsaXR5LCByZWFkIHRoZSBzZWN0aW9uICpMZWdhbCBM
aW1pdGF0aW9ucyogb2YgdGhlIFN0YXJ0Q29tIENlcnRpZmljYXRpb24gQXV0aG9yaXR5IFBvbGlj
eSBhdmFpbGFibGUgYXQgaHR0cDovL2NlcnQuc3RhcnRjb20ub3JnL3BvbGljeS5wZGYwEQYJYIZI
AYb4QgEBBAQDAgAHMDgGCWCGSAGG+EIBDQQrFilTdGFydENvbSBGcmVlIFNTTCBDZXJ0aWZpY2F0
aW9uIEF1dGhvcml0eTANBgkqhkiG9w0BAQUFAAOCAgEAFmyZ9GYMNPXQhV59CuzaEE44HF7fpiUF
S5Eyweg78T3dRAlbB0mKKctmArexmvclmAk8jhvh3TaHK0u7aNM5Zj2gJsfyOZEdUauCe37Vzlrk
4gNXcGmXCPleWKYK34wGmkUWFjgKXlf2Ysd6AgXmvB618p70qSmD+LIU424oh0TDkBreOKk8rENN
ZEXO3SipXPJzewT4F+irsfMuXGRuczE6Eri8sxHkfY+BUZo7jYn0TZNmezwD7dOaHZrzZVD1oNB1
ny+v8OqCQ5j4aZyJecRDjkZy42Q2Eq/3JR44iZB3fsNrarnDy0RLrHiQi+fHLB5LEUTINFInzQpd
n4XBidUaePKVEFMy3YCEZnXZtWgo+2EuvoSoOMCZEoalHmdkrQYuL6lwhceWD3yJZfWOQ1QOq92l
gDmUYMA0yZZwLKMS9R9Ie70cfmu3nZD0Ijuu+PwqyvqCUqDvr0tVk+vBtfAii6w0TiYiBKGHLHVK
t+V9E9e4DGTANtLJL4YSjCMJwRuCO3NJo2pXh5Tl1njFmUNj403gdy3hZZlyaQQaRwnmDwFWJPsf
vw55qVguucQJAX6Vum0ABj6y6koQOdjQK/W/7HW/lwLFCRsI3FU34oH7N4RDYiDK51ZLZer+bMEk
kyShNOsF/5oirpt9P/FlUQqmMGqz9IgcgA38corog14xggNsMIIDaAIBATCBkzCBjDELMAkGA1UE
BhMCSUwxFjAUBgNVBAoTDVN0YXJ0Q29tIEx0ZC4xKzApBgNVBAsTIlNlY3VyZSBEaWdpdGFsIENl
cnRpZmljYXRlIFNpZ25pbmcxODA2BgNVBAMTL1N0YXJ0Q29tIENsYXNzIDIgUHJpbWFyeSBJbnRl
cm1lZGlhdGUgQ2xpZW50IENBAgIeXDAJBgUrDgMCGgUAoIIBrTAYBgkqhkiG9w0BCQMxCwYJKoZI
hvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0xMjA3MjUyMjIxMDZaMCMGCSqGSIb3DQEJBDEWBBTCr88k
PiL/tH/1zNCRA9Uo77zpUzCBpAYJKwYBBAGCNxAEMYGWMIGTMIGMMQswCQYDVQQGEwJJTDEWMBQG
A1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMiU2VjdXJlIERpZ2l0YWwgQ2VydGlmaWNhdGUg
U2lnbmluZzE4MDYGA1UEAxMvU3RhcnRDb20gQ2xhc3MgMiBQcmltYXJ5IEludGVybWVkaWF0ZSBD
bGllbnQgQ0ECAh5cMIGmBgsqhkiG9w0BCRACCzGBlqCBkzCBjDELMAkGA1UEBhMCSUwxFjAUBgNV
BAoTDVN0YXJ0Q29tIEx0ZC4xKzApBgNVBAsTIlNlY3VyZSBEaWdpdGFsIENlcnRpZmljYXRlIFNp
Z25pbmcxODA2BgNVBAMTL1N0YXJ0Q29tIENsYXNzIDIgUHJpbWFyeSBJbnRlcm1lZGlhdGUgQ2xp
ZW50IENBAgIeXDANBgkqhkiG9w0BAQEFAASCAQBiXrZ5DC6RewKO81JMQcb/17UtbSR4q5sUMm4S
MWKQuRd3DzLO8BGCR9II+5TCAI8F9CQqLtxtqKZ/Bbq75mHXTX/wYjv6aujYFzl492HWjJBfGrRF
upKHvje2evDCImP6aG5Z85BI80jlauptkvJYieIHFHKRE6knuJSVjILQrwlA/84PlyMqGK+O4KJj
uuFVKhsCj+Gt9lbGi9eRd3ejVjG4ubL5n0YXOAwgPcN5JfU+XwIdbzYayGBwoIbxhMFwmNXHyuav
9YVY00BSfcRoXOsMvqQ6Ma6gNX1P3keVSYizXtpOGcnPF0e4OUUcws8Fhz+ozqslljGTWW1OsU8j
AAAAAAAA
--Apple-Mail-165D295C-998F-4604-B8F4-22A402AE99ED--

From bcampbell@pingidentity.com  Thu Jul 26 09:29:40 2012
Return-Path: 
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 485A521F85A5 for ; Thu, 26 Jul 2012 09:29:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.984
X-Spam-Level: 
X-Spam-Status: No, score=-5.984 tagged_above=-999 required=5 tests=[AWL=-0.007, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id j3FlgBMucTkv for ; Thu, 26 Jul 2012 09:29:39 -0700 (PDT)
Received: from na3sys009aog134.obsmtp.com (na3sys009aog134.obsmtp.com [74.125.149.83]) by ietfa.amsl.com (Postfix) with ESMTP id CEA3421F8599 for ; Thu, 26 Jul 2012 09:29:38 -0700 (PDT)
Received: from mail-vc0-f174.google.com ([209.85.220.174]) (using TLSv1) by na3sys009aob134.postini.com ([74.125.148.12]) with SMTP ID DSNKUBFwcojWHRD58sszeSMzvdhR7kcxmxaU@postini.com; Thu, 26 Jul 2012 09:29:38 PDT
Received: by vcbfk26 with SMTP id fk26so1842367vcb.19 for ; Thu, 26 Jul 2012 09:29:37 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type:content-transfer-encoding:x-gm-message-state; bh=Y3kJbapS2liJMBfOvp0JzyvGQ7zZNnMMzsD51dxDA5c=; b=RIIzkScn6r0eyQWYSTL2Y28yI900+LexnfR48qG6nQkqdxLf2dAjzhpuuhCNsh0Fnf 3guOg3nWmCF8Db+On7Mx2FFIQNhOkzQphO5V+8mStxDSH0d42LDKWvIUDvc5S8MLeKF8 z8qHn4gwMdls/U2NV83Ka4nscPLWd8sVxuXUfE/Wn6AHnIXjYrClzOjxy0usz0K4z+ax i0HxwKy8NmjWS7wl+T4odJo6dIN7YfBPo6CE0bimfe5XPTQ/Y81uJS5L+E7sRJRGzl5N QDqkKr16E4D+slMxVvi06cLyZctobjt/2fJLYnEp1+zsgh4uN/I6UO+GNCAktRfdTDvv ZoWA==
Received: by 10.220.221.72 with SMTP id ib8mr13594983vcb.25.1343320177553; Thu, 26 Jul 2012 09:29:37 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.52.162.130 with HTTP; Thu, 26 Jul 2012 09:29:07 -0700 (PDT)
In-Reply-To: 
References:  
From: Brian Campbell 
Date: Thu, 26 Jul 2012 10:29:07 -0600
Message-ID: 
To: oauth 
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
X-Gm-Message-State: ALoCoQn/Gxmo1qi9CrStCiDoAkfZHl9PR6rrTxfi9uDBfGaP0wPAjr/7t3O4E1dETM2ni1lcf4oY
Cc: Derek Atkins 
Subject: Re: [OAUTH-WG] overreach of the scope of when client_id is required from public clients?
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG 
List-Unsubscribe: , 
List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: , 
X-List-Received-Date: Thu, 26 Jul 2012 16:29:40 -0000

Yes, the intent is to allow totally anonymous clients. There are cases
where that is very useful and where user revocation isn't applicable
(i.e. only an access token is issued).

The changes in -29 were introduced to protect clients against
authorization code substitution. Those changes are breaking changes to
the code flow (in some cases) but it was felt that the security
benefits warranted the change even this late in the process. However,
by placing that text in =A73.2.1, and having it apply to all requests to
the token endpoint, the change impacts a lot more than just the
authorization code grant and introduces breaking changes to
functionality not subject to the authorization code substitution issue
that the change was made to address.

That inadvertent breaking changes isn't just theoretical either. It
breaks https://datatracker.ietf.org/doc/draft-ietf-oauth-saml2-bearer/
and https://datatracker.ietf.org/doc/draft-ietf-oauth-jwt-bearer/ -
see the example at the end of section 4 of each for requests to the
token endpoint that legitimately have no client identification. The
change also breaks features that have been available in our product
for nearly a year (and presumably other products/services
implementations as well).

I realize it's late in the process to bring this up but the
aforementioned change was also introduced very late and had a broader
impact than what was intended. I'd strongly suggest that the text in
the last paragraph of =A73.2.1 be moved (and slightly adjusted for
context) into =A74.1.3 right after, or as part of, the paragraph about
client authentication.  And the the last paragraph of =A73.2.1 should be
reverted to what it was in -28.

At this stage I don't know how that kind of thing is best handled - an
RFC editor note? But I believe it needs to be taken care of somehow
before publication.

Thanks,
Brian

On Wed, Jul 25, 2012 at 4:21 PM, John Bradley  wrote:
> The client_id of a public client is self asserted in the request to the t=
oken endpoint, the authorization server can reject it if it is wrong withou=
t relying on it to be correct.
>
> I agree that the word identify in both places seems like a contradiction =
on the surface.
>
> 4.1.3 could be softened from 'identified by' to 'indicated by'
>
> For your first point, are there public clients without client_id?
>
> If so how would a user revoke access?
>
> One reading of 4.3 step c is that the server must authenticate the client=
.
>
> If the intent really is to allow totally anonymous clients then I see you=
r point.
>
> Thoughts from others?
>
> John B.
>
> Sent from my iPad
>
> On 2012-07-25, at 12:07 PM, Brian Campbell  w=
rote:
>
>> In -29 the quoted text below was introduced to =A73.2.1 Client
>> Authentication [1] to protect clients against authorization code
>> substitution. However, the text's placement under 3.2. Token Endpoint
>> [2] and some of the wording suggest that public clients must use
>> client_id on all requests to the token endpoint, regardless of grant
>> type, even though the change was introduced only to mitigate an issue
>> with the authentication code.
>>
>> "A public client that was not issued a client password MUST use the
>>   "client_id" request parameter to identify itself when sending
>>   requests to the token endpoint.  This allows the authorization server
>>   to ensure that the code was issued to the same client.  Sending
>>   "client_id" prevents the client from inadvertently accepting a code
>>   intended for a client with a different "client_id".  This protects
>>   the client from substitution of the authentication code.  (It
>>   provides no additional security for the protected resource.)"
>>
>> Was the change intended to be that broad? I think it goes too far.
>> There are cases, like extension grants and even the resource owner
>> credentials grant type, where it's useful to allow requests from
>> unidentified clients.
>>
>> Could that text (or the spirit of it) be moved somewhere under the
>> specific sections on the Authorization Code Grant so that it only
>> applies to that grant type?
>>
>>
>> A somewhat related issue is the following text from =A72.3. Client Authe=
ntication
>>
>> "the authorization server MUST NOT rely
>>   on public client authentication for the purpose of identifying the
>>   client."
>>
>> which seems to contradict the text from  =A73.2.1 above as well as the
>> following from 4.1.3. Access Token Request [3]
>>
>> "o  ensure the authorization code was issued to the authenticated
>>      confidential client or to the public client identified by the
>>      "client_id" in the request,
>>
>> Should the text in =A72.3 be loosened or somehow qualified so it doesn't
>> read like a contradiction?
>>
>> Thanks,
>> Brian
>>
>>
>> [1] http://tools.ietf.org/html/draft-ietf-oauth-v2-30#section-3.2.1
>> [2] http://tools.ietf.org/html/draft-ietf-oauth-v2-30#section-3.2
>> [3] http://tools.ietf.org/html/draft-ietf-oauth-v2-30#section-2.3
>> [3] http://tools.ietf.org/html/draft-ietf-oauth-v2-30#section-4.1.3
>> _______________________________________________
>> OAuth mailing list
>> OAuth@ietf.org
>> https://www.ietf.org/mailman/listinfo/oauth

From ve7jtb@ve7jtb.com  Thu Jul 26 09:39:30 2012
Return-Path: 
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 87ADE21F8601 for ; Thu, 26 Jul 2012 09:39:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.599
X-Spam-Level: 
X-Spam-Status: No, score=-3.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Nj8vl4f7kCch for ; Thu, 26 Jul 2012 09:39:29 -0700 (PDT)
Received: from mail-pb0-f44.google.com (mail-pb0-f44.google.com [209.85.160.44]) by ietfa.amsl.com (Postfix) with ESMTP id A42A021F8607 for ; Thu, 26 Jul 2012 09:39:28 -0700 (PDT)
Received: by pbcwy7 with SMTP id wy7so3539085pbc.31 for ; Thu, 26 Jul 2012 09:39:22 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=subject:mime-version:content-type:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to:x-mailer :x-gm-message-state; bh=eCgGKk1MbGigeLbncI+Eao6rACu92RUw6TDeZVN11yg=; b=LcLRJcuIC9t7rrR5EmhF3xZB/0xhCiUm0HfGI2WOxNK8tR6HXL/4otf6Hbh/G/nspS PPbHYBmvI9nPZ+XbcNeYEARoIo2ggmqZWTPfZc4Tg0QCIsLq1yoeVrCiaiuETqArX45W JsdXnwU9HIDHr4bBQT+lJmgARZP+xi9kLd2NH3tcrgtJFPDie2vxPlMwUOataXSZHWxD 3reHVhifIi/q0V4Bw8ym8ppwE4CND7SFtCg1RjPZsB/mUFWP27K9vVWric/GbdSu8RIB p7TVzvtHsZUKe5VYzhXZtOR2E+EppNFYFaGA9LfrD5yOBv1PX09EUQciy4Lg32IUv/4F gDGA==
Received: by 10.68.203.73 with SMTP id ko9mr6548538pbc.66.1343320762633; Thu, 26 Jul 2012 09:39:22 -0700 (PDT)
Received: from [192.168.111.114] (S01060014bf06f566.vc.shawcable.net. [24.84.116.132]) by mx.google.com with ESMTPS id ku7sm31371pbc.31.2012.07.26.09.39.21 (version=TLSv1/SSLv3 cipher=OTHER); Thu, 26 Jul 2012 09:39:21 -0700 (PDT)
Mime-Version: 1.0 (Apple Message framework v1280)
Content-Type: text/plain; charset=iso-8859-1
From: John Bradley 
In-Reply-To: 
Date: Thu, 26 Jul 2012 09:39:19 -0700
Content-Transfer-Encoding: quoted-printable
Message-Id: 
References: 
To: Brian Campbell 
X-Mailer: Apple Mail (2.1280)
X-Gm-Message-State: ALoCoQkf3KOAk8h1IMwdQ+NiIGtle9V9a6eZ4CECv88iPJa7dfexTpll4LySVzwUbh5dv+tUDJIr
Cc: oauth 
Subject: Re: [OAUTH-WG] overreach of the scope of when client_id is required from public clients?
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG 
List-Unsubscribe: , 
List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: , 
X-List-Received-Date: Thu, 26 Jul 2012 16:39:30 -0000

In thinking some more about this.  Affecting grants other than code was =
unintentional, and due to document structure.

I will talk to Brian today and come up with some wording that could go =
to the RFC editor to make that clear.

John B.
On 2012-07-25, at 12:07 PM, Brian Campbell wrote:

> In -29 the quoted text below was introduced to =A73.2.1 Client
> Authentication [1] to protect clients against authorization code
> substitution. However, the text's placement under 3.2. Token Endpoint
> [2] and some of the wording suggest that public clients must use
> client_id on all requests to the token endpoint, regardless of grant
> type, even though the change was introduced only to mitigate an issue
> with the authentication code.
>=20
> "A public client that was not issued a client password MUST use the
>   "client_id" request parameter to identify itself when sending
>   requests to the token endpoint.  This allows the authorization =
server
>   to ensure that the code was issued to the same client.  Sending
>   "client_id" prevents the client from inadvertently accepting a code
>   intended for a client with a different "client_id".  This protects
>   the client from substitution of the authentication code.  (It
>   provides no additional security for the protected resource.)"
>=20
> Was the change intended to be that broad? I think it goes too far.
> There are cases, like extension grants and even the resource owner
> credentials grant type, where it's useful to allow requests from
> unidentified clients.
>=20
> Could that text (or the spirit of it) be moved somewhere under the
> specific sections on the Authorization Code Grant so that it only
> applies to that grant type?
>=20
>=20
> A somewhat related issue is the following text from =A72.3. Client =
Authentication
>=20
> "the authorization server MUST NOT rely
>   on public client authentication for the purpose of identifying the
>   client."
>=20
> which seems to contradict the text from  =A73.2.1 above as well as the
> following from 4.1.3. Access Token Request [3]
>=20
> "o  ensure the authorization code was issued to the authenticated
>      confidential client or to the public client identified by the
>      "client_id" in the request,
>=20
> Should the text in =A72.3 be loosened or somehow qualified so it =
doesn't
> read like a contradiction?
>=20
> Thanks,
> Brian
>=20
>=20
> [1] http://tools.ietf.org/html/draft-ietf-oauth-v2-30#section-3.2.1
> [2] http://tools.ietf.org/html/draft-ietf-oauth-v2-30#section-3.2
> [3] http://tools.ietf.org/html/draft-ietf-oauth-v2-30#section-2.3
> [3] http://tools.ietf.org/html/draft-ietf-oauth-v2-30#section-4.1.3
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth


From Michael.Jones@microsoft.com  Thu Jul 26 10:21:32 2012
Return-Path: 
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 673CD21F8649 for ; Thu, 26 Jul 2012 10:21:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.776
X-Spam-Level: 
X-Spam-Status: No, score=-3.776 tagged_above=-999 required=5 tests=[AWL=-0.177, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gvqoir2wCtmF for ; Thu, 26 Jul 2012 10:21:31 -0700 (PDT)
Received: from ch1outboundpool.messaging.microsoft.com (ch1ehsobe002.messaging.microsoft.com [216.32.181.182]) by ietfa.amsl.com (Postfix) with ESMTP id 4D5E121F8618 for ; Thu, 26 Jul 2012 10:21:31 -0700 (PDT)
Received: from mail34-ch1-R.bigfish.com (10.43.68.225) by CH1EHSOBE004.bigfish.com (10.43.70.54) with Microsoft SMTP Server id 14.1.225.23; Thu, 26 Jul 2012 17:21:30 +0000
Received: from mail34-ch1 (localhost [127.0.0.1])	by mail34-ch1-R.bigfish.com (Postfix) with ESMTP id 3FE593600AB; Thu, 26 Jul 2012 17:21:30 +0000 (UTC)
X-Forefront-Antispam-Report: CIP:131.107.125.8; KIP:(null); UIP:(null); IPV:NLI; H:TK5EX14HUBC105.redmond.corp.microsoft.com; RD:none; EFVD:NLI
X-SpamScore: -31
X-BigFish: VS-31(zz98dI9371I936eI148cI542M1432I4015Izz1202hzz1033IL8275dhz2fh2a8h668h839hd25hf0ah107ah)
Received-SPF: pass (mail34-ch1: domain of microsoft.com designates 131.107.125.8 as permitted sender) client-ip=131.107.125.8; envelope-from=Michael.Jones@microsoft.com; helo=TK5EX14HUBC105.redmond.corp.microsoft.com ; icrosoft.com ; 
Received: from mail34-ch1 (localhost.localdomain [127.0.0.1]) by mail34-ch1 (MessageSwitch) id 1343323288251127_21857; Thu, 26 Jul 2012 17:21:28 +0000 (UTC)
Received: from CH1EHSMHS002.bigfish.com (snatpool2.int.messaging.microsoft.com [10.43.68.232])	by mail34-ch1.bigfish.com (Postfix) with ESMTP id 3740F2007D; Thu, 26 Jul 2012 17:21:28 +0000 (UTC)
Received: from TK5EX14HUBC105.redmond.corp.microsoft.com (131.107.125.8) by CH1EHSMHS002.bigfish.com (10.43.70.2) with Microsoft SMTP Server (TLS) id 14.1.225.23; Thu, 26 Jul 2012 17:21:27 +0000
Received: from TK5EX14MBXC285.redmond.corp.microsoft.com ([169.254.3.222]) by TK5EX14HUBC105.redmond.corp.microsoft.com ([157.54.80.48]) with mapi id 14.02.0309.003; Thu, 26 Jul 2012 17:21:20 +0000
From: Mike Jones 
To: John Bradley , Brian Campbell 
Thread-Topic: [OAUTH-WG] overreach of the scope of when client_id is required from public clients?
Thread-Index: Ac1rUw/VBLuJ3NCHQoOlzzDy0BZCqA==
Date: Thu, 26 Jul 2012 17:21:19 +0000
Message-ID: <4E1F6AAD24975D4BA5B168042967394366745039@TK5EX14MBXC285.redmond.corp.microsoft.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-originating-ip: [157.54.51.70]
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
Cc: oauth 
Subject: Re: [OAUTH-WG] overreach of the scope of when client_id is required from public clients?
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG 
List-Unsubscribe: , 
List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: , 
X-List-Received-Date: Thu, 26 Jul 2012 17:21:32 -0000

I agree that we need to mitigate this unintended side effect of the change.=
  Stephen and chairs, I don't know where we are with the RFC editor submiss=
ion process, but if you need to do anything to put a hold on that, it might=
 be a good idea.

The fact that this change breaks https://datatracker.ietf.org/doc/draft-iet=
f-oauth-saml2-bearer/
and https://datatracker.ietf.org/doc/draft-ietf-oauth-jwt-bearer/ is pretty=
 clear evidence that we can't just let this go.

Thanks for looking into a mitigating change, John.

				-- Mike

-----Original Message-----
From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On Behalf Of J=
ohn Bradley
Sent: Thursday, July 26, 2012 9:39 AM
To: Brian Campbell
Cc: oauth
Subject: Re: [OAUTH-WG] overreach of the scope of when client_id is require=
d from public clients?

In thinking some more about this.  Affecting grants other than code was uni=
ntentional, and due to document structure.

I will talk to Brian today and come up with some wording that could go to t=
he RFC editor to make that clear.

John B.
On 2012-07-25, at 12:07 PM, Brian Campbell wrote:

> In -29 the quoted text below was introduced to =A73.2.1 Client=20
> Authentication [1] to protect clients against authorization code=20
> substitution. However, the text's placement under 3.2. Token Endpoint=20
> [2] and some of the wording suggest that public clients must use=20
> client_id on all requests to the token endpoint, regardless of grant=20
> type, even though the change was introduced only to mitigate an issue=20
> with the authentication code.
>=20
> "A public client that was not issued a client password MUST use the
>   "client_id" request parameter to identify itself when sending
>   requests to the token endpoint.  This allows the authorization server
>   to ensure that the code was issued to the same client.  Sending
>   "client_id" prevents the client from inadvertently accepting a code
>   intended for a client with a different "client_id".  This protects
>   the client from substitution of the authentication code.  (It
>   provides no additional security for the protected resource.)"
>=20
> Was the change intended to be that broad? I think it goes too far.
> There are cases, like extension grants and even the resource owner=20
> credentials grant type, where it's useful to allow requests from=20
> unidentified clients.
>=20
> Could that text (or the spirit of it) be moved somewhere under the=20
> specific sections on the Authorization Code Grant so that it only=20
> applies to that grant type?
>=20
>=20
> A somewhat related issue is the following text from =A72.3. Client=20
> Authentication
>=20
> "the authorization server MUST NOT rely
>   on public client authentication for the purpose of identifying the
>   client."
>=20
> which seems to contradict the text from  =A73.2.1 above as well as the=20
> following from 4.1.3. Access Token Request [3]
>=20
> "o  ensure the authorization code was issued to the authenticated
>      confidential client or to the public client identified by the
>      "client_id" in the request,
>=20
> Should the text in =A72.3 be loosened or somehow qualified so it doesn't=
=20
> read like a contradiction?
>=20
> Thanks,
> Brian
>=20
>=20
> [1] http://tools.ietf.org/html/draft-ietf-oauth-v2-30#section-3.2.1
> [2] http://tools.ietf.org/html/draft-ietf-oauth-v2-30#section-3.2
> [3] http://tools.ietf.org/html/draft-ietf-oauth-v2-30#section-2.3
> [3] http://tools.ietf.org/html/draft-ietf-oauth-v2-30#section-4.1.3
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth

_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth



From ve7jtb@ve7jtb.com  Thu Jul 26 13:33:37 2012
Return-Path: 
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8A39021F8598 for ; Thu, 26 Jul 2012 13:33:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.901
X-Spam-Level: 
X-Spam-Status: No, score=-2.901 tagged_above=-999 required=5 tests=[AWL=0.698,  BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id z+R2w9uKtCAd for ; Thu, 26 Jul 2012 13:33:36 -0700 (PDT)
Received: from mail-yx0-f172.google.com (mail-yx0-f172.google.com [209.85.213.172]) by ietfa.amsl.com (Postfix) with ESMTP id B7A1E21F857D for ; Thu, 26 Jul 2012 13:33:36 -0700 (PDT)
Received: by yenq13 with SMTP id q13so2683451yen.31 for ; Thu, 26 Jul 2012 13:33:36 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=from:mime-version:content-type:subject:date:references:cc:to :message-id:x-mailer:x-gm-message-state; bh=RG4vWjH7+M3kzLc4PqQt9+a1e2TIGCYOgrKpRB+rFlw=; b=BeMi07ysrdNcTxwnKk5Yj+RYvV/vw/GRrzgEwS1IfdqdJMhwH8VYf1upIyISK4CdL1 HNLK+KxwlWczO5jr+AWWWA0iILRR0hnLBA1eN1KrDymt5lmGfxQ2WqJ6DSZg0r1+tuO2 /kNdkzTQzG8rfLWfm/WxsrXEh9y1gqDc4ha4iDv5Hr31KGwyCLzSiFZExaF35ds5ca+w 7vmfCktv356joK2WprUBrgs/+O+a7LccwB62bvkCyQP/7IgPFF0UJGDMdAJsNjUR1oeU /1ZX1EnhjWlu16gBm6R37izMhbsJe7yn9gZ+ld/qm42ThUslzFlcW836GpyeVo9bMoB9 Y/Zw==
Received: by 10.50.41.201 with SMTP id h9mr2782014igl.37.1343334815800; Thu, 26 Jul 2012 13:33:35 -0700 (PDT)
Received: from [10.3.2.150] ([204.244.10.42]) by mx.google.com with ESMTPS id z8sm4247633igi.5.2012.07.26.13.33.34 (version=TLSv1/SSLv3 cipher=OTHER); Thu, 26 Jul 2012 13:33:35 -0700 (PDT)
From: John Bradley 
Mime-Version: 1.0 (Apple Message framework v1280)
Content-Type: multipart/alternative; boundary="Apple-Mail=_5AAB15D6-E7B7-498C-BD29-DC94A2D60D3E"
Date: Thu, 26 Jul 2012 13:33:33 -0700
References: 
To: oauth WG 
Message-Id: <17659C91-EE05-49A1-8541-44C1B6B6EBAA@ve7jtb.com>
X-Mailer: Apple Mail (2.1280)
X-Gm-Message-State: ALoCoQn0Igm3IPD4boBIWYD9Fz2T8/r4r5Iu8UxY7250MQ/kYQoS6b9UeEwYxKHAfopuqjw37rn8
Subject: [OAUTH-WG] Proposed note to RFC Editor
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG 
List-Unsubscribe: , 
List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: , 
X-List-Received-Date: Thu, 26 Jul 2012 20:33:37 -0000

--Apple-Mail=_5AAB15D6-E7B7-498C-BD29-DC94A2D60D3E
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
	charset=iso-8859-1

The changes introduced in Draft 29 had unintended consequences on parts =
of the spec caused by=20
Sec 4.3,  4.4 and 6 referencing Sec 3.2.1 as part of client =
authentication.

This change restricts the requirement to send client_id to only Sec =
4.1.4 for clients that are not authenticated per Sec 3.2.1




Section 3.2.1


  A public client that was not issued a client password MUST use the
  "client_id" request parameter to identify itself when sending
  requests to the token endpoint.  This allows the authorization server
  to ensure that the code was issued to the same client.  Sending
  "client_id" prevents the client from inadvertently accepting a code
  intended for a client with a different "client_id".  This protects
  the client from substitution of the authentication code.  (It
  provides no additional security for the protected resource.)


Change  to

  A client MAY use the "client_id" request parameter to identify itself
  when sending requests to the token endpoint.
  In the "authorization_code" grant_type request to the token endpoint,
  an unauthenticated client sends "client_id" to prevent itself from
  inadvertently accepting a code
  intended for a client with a different "client_id".  This protects
  the client from substitution of the authentication code.  (It
  provides no additional security for the protected resource.)


** This allows any client to send client ID and explains the threat to =
code.


4.1.3.  Access Token Request



Add
  client_id
        REQUIRED if the client is NOT authenticating with the
        authorization server as described in Section 3.2.1




** This makes client_id only REQUIRED for the code flow if the client is =
not otherwise authenticated.

Change


     ensure the authorization code was issued to the authenticated
     confidential client or to the public client identified by the
     "client_id" in the request,


To:
     ensure the authorization code was issued to the authenticated
     confidential client, or if the client is public, ensure the code =
was=20
     issued to "client_id" in the request,


** That removes the implication of authentication.




--Apple-Mail=_5AAB15D6-E7B7-498C-BD29-DC94A2D60D3E
Content-Transfer-Encoding: quoted-printable
Content-Type: text/html;
	charset=iso-8859-1

The =
changes introduced in Draft 29 had unintended consequences on parts of =
the spec caused by 
Sec 4.3,  4.4 and 6 referencing =
Sec 3.2.1 as part of client =
authentication.

This change restricts the =
requirement to send client_id to only Sec 4.1.4 for clients that are not =
authenticated per Sec =
3.2.1




  requests to the token =
endpoint.  This allows the authorization =
server
  to ensure that the code was issued to =
the same client.  Sending
  "client_id" =
prevents the client from inadvertently accepting a =
code
  intended for a client with a different =
"client_id".  This protects
  the client =
from substitution of the authentication code. =
 (It
  provides no additional security for =
the protected resource.)


Change =
 to

  A client MAY use the "client_id" =
request parameter to identify itself
  when sending =
requests to the token endpoint.
  In the =
"authorization_code" grant_type request to the token =
endpoint,
  an unauthenticated client sends =
"client_id" to prevent itself from
  inadvertently =
accepting a code
  intended for a client with a =
different "client_id".  This protects
  the =
client from substitution of the authentication code. =
 (It
  provides no additional security for =
the protected resource.)


** This allows any client =
to send client ID and explains the threat to =
code.


4.1.3.  Access Token =
Request



Add
  client_id<=
br>
        REQUIRED =
if the client is NOT authenticating with =
the
        authoriz=
ation server as described in Section =
3.2.1




** This makes client_id =
only REQUIRED for the code flow if the client is not otherwise =
authenticated.

Change


  &nbs=
p;  ensure the authorization code was issued to the =
authenticated
     confidential =
client or to the public client identified by =
the
     "client_id" in the =
request,


To:
    &=
nbsp;ensure the authorization code was issued to the =
authenticated
     confidential client, or =
if the client is public, ensure the code was 
  =
   issued to "client_id" in the =
request,


** That removes the implication of =
authentication.



=

--Apple-Mail=_5AAB15D6-E7B7-498C-BD29-DC94A2D60D3E--

From bcampbell@pingidentity.com  Thu Jul 26 13:56:38 2012
Return-Path: 
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4EABC11E80B3 for ; Thu, 26 Jul 2012 13:56:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.984
X-Spam-Level: 
X-Spam-Status: No, score=-5.984 tagged_above=-999 required=5 tests=[AWL=-0.007, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nSYjLFrU55aD for ; Thu, 26 Jul 2012 13:56:37 -0700 (PDT)
Received: from na3sys009aog102.obsmtp.com (na3sys009aog102.obsmtp.com [74.125.149.69]) by ietfa.amsl.com (Postfix) with ESMTP id 7873111E8080 for ; Thu, 26 Jul 2012 13:56:37 -0700 (PDT)
Received: from mail-vb0-f54.google.com ([209.85.212.54]) (using TLSv1) by na3sys009aob102.postini.com ([74.125.148.12]) with SMTP ID DSNKUBGvBG7rZqLIZf4dNCEY0XaE30ggxc1c@postini.com; Thu, 26 Jul 2012 13:56:37 PDT
Received: by vbmv11 with SMTP id v11so2571315vbm.13 for ; Thu, 26 Jul 2012 13:56:36 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type:x-gm-message-state; bh=T9O+RmrwDitsfp+RHuygDBuuQ6PTTb7n0xbpdGvPS2c=; b=blqHbs5lR/irAYSn9UN9G1mORNk4h3FplDfdt+hD3AnUIpx2zfnCvG1ynLkPH8sg8P vYdA438SGIIQn+03QwdgcrB6Z9NQAK23lkRmw9Hfd+52OAG/PLWBbtsHXK0eUEQO9Tdk Tn1v7DeTjRx53BBt4VXCX/Vf0G1pvN+lRcjlEvCngM1zBDl1bUTuXAw9Gnoc1a2gPnct vzANcggEkl9bHKcPBc8y8i/qj8DiLcoxhaXVt8N+ZLECNZMGEct5FCe7g6Cv1CKlwY/X NvYETn1KcJlHZvsKONg5xFhIG/l4uibt+TVDS72F5ZGj2O76VZQ4en3gXOsYz+glOX/8 aWiQ==
Received: by 10.220.242.77 with SMTP id lh13mr119633vcb.53.1343336196103; Thu, 26 Jul 2012 13:56:36 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.52.162.130 with HTTP; Thu, 26 Jul 2012 13:56:05 -0700 (PDT)
In-Reply-To: <17659C91-EE05-49A1-8541-44C1B6B6EBAA@ve7jtb.com>
References:  <17659C91-EE05-49A1-8541-44C1B6B6EBAA@ve7jtb.com>
From: Brian Campbell 
Date: Thu, 26 Jul 2012 14:56:05 -0600
Message-ID: 
To: John Bradley 
Content-Type: text/plain; charset=ISO-8859-1
X-Gm-Message-State: ALoCoQnswhlypNd6017i8llSne2l3dAUf49Zln83W7UN1WDPPXW/F4dCZxNJ4GtLmUmbfONUITbg
Cc: oauth WG 
Subject: Re: [OAUTH-WG] Proposed note to RFC Editor
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG 
List-Unsubscribe: , 
List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: , 
X-List-Received-Date: Thu, 26 Jul 2012 20:56:38 -0000

I agree with the proposed changes and they do adequately address the
concerns I raised in a previous message about the unintended breaking
changes introduced in 29. Thanks for writing that up John.

On Thu, Jul 26, 2012 at 2:33 PM, John Bradley  wrote:
> The changes introduced in Draft 29 had unintended consequences on parts of
> the spec caused by
> Sec 4.3,  4.4 and 6 referencing Sec 3.2.1 as part of client authentication.
>
> This change restricts the requirement to send client_id to only Sec 4.1.4
> for clients that are not authenticated per Sec 3.2.1
>
>
>
>
> Section 3.2.1
>
>
>   A public client that was not issued a client password MUST use the
>   "client_id" request parameter to identify itself when sending
>   requests to the token endpoint.  This allows the authorization server
>   to ensure that the code was issued to the same client.  Sending
>   "client_id" prevents the client from inadvertently accepting a code
>   intended for a client with a different "client_id".  This protects
>   the client from substitution of the authentication code.  (It
>   provides no additional security for the protected resource.)
>
>
> Change  to
>
>   A client MAY use the "client_id" request parameter to identify itself
>   when sending requests to the token endpoint.
>   In the "authorization_code" grant_type request to the token endpoint,
>   an unauthenticated client sends "client_id" to prevent itself from
>   inadvertently accepting a code
>   intended for a client with a different "client_id".  This protects
>   the client from substitution of the authentication code.  (It
>   provides no additional security for the protected resource.)
>
>
> ** This allows any client to send client ID and explains the threat to code.
>
>
> 4.1.3.  Access Token Request
>
>
>
> Add
>   client_id
>         REQUIRED if the client is NOT authenticating with the
>         authorization server as described in Section 3.2.1
>
>
>
>
> ** This makes client_id only REQUIRED for the code flow if the client is not
> otherwise authenticated.
>
> Change
>
>
>      ensure the authorization code was issued to the authenticated
>      confidential client or to the public client identified by the
>      "client_id" in the request,
>
>
> To:
>      ensure the authorization code was issued to the authenticated
>      confidential client, or if the client is public, ensure the code was
>      issued to "client_id" in the request,
>
>
> ** That removes the implication of authentication.
>
>
>

From Michael.Jones@microsoft.com  Thu Jul 26 15:06:46 2012
Return-Path: 
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 247E111E80BF for ; Thu, 26 Jul 2012 15:06:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.786
X-Spam-Level: 
X-Spam-Status: No, score=-3.786 tagged_above=-999 required=5 tests=[AWL=-0.187, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1BnlXi8AKzzF for ; Thu, 26 Jul 2012 15:06:44 -0700 (PDT)
Received: from va3outboundpool.messaging.microsoft.com (va3ehsobe003.messaging.microsoft.com [216.32.180.13]) by ietfa.amsl.com (Postfix) with ESMTP id B518011E80C1 for ; Thu, 26 Jul 2012 15:06:42 -0700 (PDT)
Received: from mail201-va3-R.bigfish.com (10.7.14.238) by VA3EHSOBE009.bigfish.com (10.7.40.29) with Microsoft SMTP Server id 14.1.225.23; Thu, 26 Jul 2012 22:06:41 +0000
Received: from mail201-va3 (localhost [127.0.0.1])	by mail201-va3-R.bigfish.com (Postfix) with ESMTP id CD19A7001B7; Thu, 26 Jul 2012 22:06:41 +0000 (UTC)
X-Forefront-Antispam-Report: CIP:131.107.125.8; KIP:(null); UIP:(null); IPV:NLI; H:TK5EX14MLTC101.redmond.corp.microsoft.com; RD:none; EFVD:NLI
X-SpamScore: -9
X-BigFish: VS-9(zz98dI9371I148cI542M1432Izz1202hzz8275bhz2fh2a8h668h839h944hd25hf0ah107ah)
Received-SPF: pass (mail201-va3: domain of microsoft.com designates 131.107.125.8 as permitted sender) client-ip=131.107.125.8; envelope-from=Michael.Jones@microsoft.com; helo=TK5EX14MLTC101.redmond.corp.microsoft.com ; icrosoft.com ; 
Received: from mail201-va3 (localhost.localdomain [127.0.0.1]) by mail201-va3 (MessageSwitch) id 1343340384155125_24433; Thu, 26 Jul 2012 22:06:24 +0000 (UTC)
Received: from VA3EHSMHS031.bigfish.com (unknown [10.7.14.252])	by mail201-va3.bigfish.com (Postfix) with ESMTP id 12D64400087; Thu, 26 Jul 2012 22:06:24 +0000 (UTC)
Received: from TK5EX14MLTC101.redmond.corp.microsoft.com (131.107.125.8) by VA3EHSMHS031.bigfish.com (10.7.99.41) with Microsoft SMTP Server (TLS) id 14.1.225.23; Thu, 26 Jul 2012 22:06:23 +0000
Received: from TK5EX14MBXC285.redmond.corp.microsoft.com ([169.254.3.222]) by TK5EX14MLTC101.redmond.corp.microsoft.com ([157.54.79.178]) with mapi id 14.02.0298.005; Thu, 26 Jul 2012 22:06:22 +0000
From: Mike Jones 
To: Brian Campbell , John Bradley 
Thread-Topic: Proposed note to RFC Editor
Thread-Index: AQHNa23ygVhF0cAy2Uu7T5DKHU/DhJc8C0mAgAATdAA=
Date: Thu, 26 Jul 2012 22:06:21 +0000
Message-ID: <4E1F6AAD24975D4BA5B16804296739436674593C@TK5EX14MBXC285.redmond.corp.microsoft.com>
References:  <17659C91-EE05-49A1-8541-44C1B6B6EBAA@ve7jtb.com> 
In-Reply-To: 
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-originating-ip: [157.54.51.75]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
Cc: oauth WG 
Subject: Re: [OAUTH-WG] Proposed note to RFC Editor
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG 
List-Unsubscribe: , 
List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: , 
X-List-Received-Date: Thu, 26 Jul 2012 22:06:46 -0000

+1

Given that the current spec inadvertently broke both the SAML profile and J=
WT profile, I believe we need to make these changes.

				-- Mike

-----Original Message-----
From: Brian Campbell [mailto:bcampbell@pingidentity.com]=20
Sent: Thursday, July 26, 2012 1:56 PM
To: John Bradley
Cc: oauth WG; Mike Jones
Subject: Re: Proposed note to RFC Editor

I agree with the proposed changes and they do adequately address the concer=
ns I raised in a previous message about the unintended breaking changes int=
roduced in 29. Thanks for writing that up John.

On Thu, Jul 26, 2012 at 2:33 PM, John Bradley  wrote:
> The changes introduced in Draft 29 had unintended consequences on=20
> parts of the spec caused by Sec 4.3,  4.4 and 6 referencing Sec 3.2.1=20
> as part of client authentication.
>
> This change restricts the requirement to send client_id to only Sec=20
> 4.1.4 for clients that are not authenticated per Sec 3.2.1
>
>
>
>
> Section 3.2.1
>
>
>   A public client that was not issued a client password MUST use the
>   "client_id" request parameter to identify itself when sending
>   requests to the token endpoint.  This allows the authorization server
>   to ensure that the code was issued to the same client.  Sending
>   "client_id" prevents the client from inadvertently accepting a code
>   intended for a client with a different "client_id".  This protects
>   the client from substitution of the authentication code.  (It
>   provides no additional security for the protected resource.)
>
>
> Change  to
>
>   A client MAY use the "client_id" request parameter to identify itself
>   when sending requests to the token endpoint.
>   In the "authorization_code" grant_type request to the token endpoint,
>   an unauthenticated client sends "client_id" to prevent itself from
>   inadvertently accepting a code
>   intended for a client with a different "client_id".  This protects
>   the client from substitution of the authentication code.  (It
>   provides no additional security for the protected resource.)
>
>
> ** This allows any client to send client ID and explains the threat to co=
de.
>
>
> 4.1.3.  Access Token Request
>
>
>
> Add
>   client_id
>         REQUIRED if the client is NOT authenticating with the
>         authorization server as described in Section 3.2.1
>
>
>
>
> ** This makes client_id only REQUIRED for the code flow if the client=20
> is not otherwise authenticated.
>
> Change
>
>
>      ensure the authorization code was issued to the authenticated
>      confidential client or to the public client identified by the
>      "client_id" in the request,
>
>
> To:
>      ensure the authorization code was issued to the authenticated
>      confidential client, or if the client is public, ensure the code was
>      issued to "client_id" in the request,
>
>
> ** That removes the implication of authentication.
>
>
>



From dick.hardt@gmail.com  Thu Jul 26 15:35:54 2012
Return-Path: 
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B6E4811E80BF for ; Thu, 26 Jul 2012 15:35:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.559
X-Spam-Level: 
X-Spam-Status: No, score=-3.559 tagged_above=-999 required=5 tests=[AWL=0.040,  BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id r82DGonIciIQ for ; Thu, 26 Jul 2012 15:35:54 -0700 (PDT)
Received: from mail-pb0-f44.google.com (mail-pb0-f44.google.com [209.85.160.44]) by ietfa.amsl.com (Postfix) with ESMTP id F3EA211E80AE for ; Thu, 26 Jul 2012 15:35:53 -0700 (PDT)
Received: by pbcwy7 with SMTP id wy7so3965822pbc.31 for ; Thu, 26 Jul 2012 15:35:53 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=subject:mime-version:content-type:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to:x-mailer; bh=e1qsaua4N3hKbB8bEfu/pr1pagCA51dar0gbD+zYPKc=; b=SoeUWw8MroYwRIGJTD4GabJDjp7/G2/Hd3e6EiujYNRUM+2pcLR3eLRSy5dFJWQ94O WHIKTNbiH27cgSn3oMKFASb7sIEzyEEraVmvuMKXoVq8Gm6Sa8JcjgIHP872BefdY3ey 9vex5E0Esz4mOqQ9/cM+QgEHnm+8vDBtwl9omEqLgQXJlskxwg7KoCvIEzMP41TlhPJu YKRr1/+Y7PFOhFr/Z0yMcIpz5ef+aaaWDlqd3wTNL4yQI061XdWWBQRhDdaj6QwxbChb wvWPXLrWN7drcZi97nNlx7t1qLAY/DUPKRlHv/zNrYi6f/gRFTPd4STSuoFkREqwpoKt x3Cg==
Received: by 10.68.232.229 with SMTP id tr5mr8514144pbc.101.1343342153717; Thu, 26 Jul 2012 15:35:53 -0700 (PDT)
Received: from [10.0.0.4] (c-24-5-69-173.hsd1.ca.comcast.net. [24.5.69.173]) by mx.google.com with ESMTPS id pp2sm533781pbb.1.2012.07.26.15.35.52 (version=TLSv1/SSLv3 cipher=OTHER); Thu, 26 Jul 2012 15:35:53 -0700 (PDT)
Mime-Version: 1.0 (Apple Message framework v1278)
Content-Type: text/plain; charset=us-ascii
From: Dick Hardt 
In-Reply-To: <4E1F6AAD24975D4BA5B16804296739436674593C@TK5EX14MBXC285.redmond.corp.microsoft.com>
Date: Thu, 26 Jul 2012 15:35:50 -0700
Content-Transfer-Encoding: quoted-printable
Message-Id: <078ADCF7-3179-4AEE-87C8-8B1218A84801@gmail.com>
References:  <17659C91-EE05-49A1-8541-44C1B6B6EBAA@ve7jtb.com>  <4E1F6AAD24975D4BA5B16804296739436674593C@TK5EX14MBXC285.redmond.corp.microsoft.com>
To: Mike Jones 
X-Mailer: Apple Mail (2.1278)
Cc: oauth WG 
Subject: Re: [OAUTH-WG] Proposed note to RFC Editor
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG 
List-Unsubscribe: , 
List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: , 
X-List-Received-Date: Thu, 26 Jul 2012 22:35:54 -0000

+1

On Jul 26, 2012, at 3:06 PM, Mike Jones wrote:

> +1
>=20
> Given that the current spec inadvertently broke both the SAML profile =
and JWT profile, I believe we need to make these changes.
>=20
> 				-- Mike
>=20
> -----Original Message-----
> From: Brian Campbell [mailto:bcampbell@pingidentity.com]=20
> Sent: Thursday, July 26, 2012 1:56 PM
> To: John Bradley
> Cc: oauth WG; Mike Jones
> Subject: Re: Proposed note to RFC Editor
>=20
> I agree with the proposed changes and they do adequately address the =
concerns I raised in a previous message about the unintended breaking =
changes introduced in 29. Thanks for writing that up John.
>=20
> On Thu, Jul 26, 2012 at 2:33 PM, John Bradley  =
wrote:
>> The changes introduced in Draft 29 had unintended consequences on=20
>> parts of the spec caused by Sec 4.3,  4.4 and 6 referencing Sec 3.2.1=20=

>> as part of client authentication.
>>=20
>> This change restricts the requirement to send client_id to only Sec=20=

>> 4.1.4 for clients that are not authenticated per Sec 3.2.1
>>=20
>>=20
>>=20
>>=20
>> Section 3.2.1
>>=20
>>=20
>>  A public client that was not issued a client password MUST use the
>>  "client_id" request parameter to identify itself when sending
>>  requests to the token endpoint.  This allows the authorization =
server
>>  to ensure that the code was issued to the same client.  Sending
>>  "client_id" prevents the client from inadvertently accepting a code
>>  intended for a client with a different "client_id".  This protects
>>  the client from substitution of the authentication code.  (It
>>  provides no additional security for the protected resource.)
>>=20
>>=20
>> Change  to
>>=20
>>  A client MAY use the "client_id" request parameter to identify =
itself
>>  when sending requests to the token endpoint.
>>  In the "authorization_code" grant_type request to the token =
endpoint,
>>  an unauthenticated client sends "client_id" to prevent itself from
>>  inadvertently accepting a code
>>  intended for a client with a different "client_id".  This protects
>>  the client from substitution of the authentication code.  (It
>>  provides no additional security for the protected resource.)
>>=20
>>=20
>> ** This allows any client to send client ID and explains the threat =
to code.
>>=20
>>=20
>> 4.1.3.  Access Token Request
>>=20
>>=20
>>=20
>> Add
>>  client_id
>>        REQUIRED if the client is NOT authenticating with the
>>        authorization server as described in Section 3.2.1
>>=20
>>=20
>>=20
>>=20
>> ** This makes client_id only REQUIRED for the code flow if the client=20=

>> is not otherwise authenticated.
>>=20
>> Change
>>=20
>>=20
>>     ensure the authorization code was issued to the authenticated
>>     confidential client or to the public client identified by the
>>     "client_id" in the request,
>>=20
>>=20
>> To:
>>     ensure the authorization code was issued to the authenticated
>>     confidential client, or if the client is public, ensure the code =
was
>>     issued to "client_id" in the request,
>>=20
>>=20
>> ** That removes the implication of authentication.
>>=20
>>=20
>>=20
>=20
>=20
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth


From sakimura@gmail.com  Thu Jul 26 18:08:00 2012
Return-Path: 
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 294A121F8474 for ; Thu, 26 Jul 2012 18:08:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.476
X-Spam-Level: 
X-Spam-Status: No, score=-3.476 tagged_above=-999 required=5 tests=[AWL=0.124,  BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1It7lXSRSwBi for ; Thu, 26 Jul 2012 18:07:59 -0700 (PDT)
Received: from mail-vb0-f42.google.com (mail-vb0-f42.google.com [209.85.212.42]) by ietfa.amsl.com (Postfix) with ESMTP id 6F56F21F8472 for ; Thu, 26 Jul 2012 18:07:59 -0700 (PDT)
Received: by vbbfs19 with SMTP id fs19so2037106vbb.15 for ; Thu, 26 Jul 2012 18:07:58 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=references:from:in-reply-to:mime-version:date:message-id:subject:to :cc:content-type; bh=wL8O+9mMUDr8oFe3Hxn62KkQXHlLwrv+QjcyqH3Smxk=; b=yfWLIGt3cDfLWKZkzwAU+/LRl27uFu4N7nradh4MlYDzZqFUIn7Ws9Dy7D3R0jNO1s rhAI6G555GIMxO1jMegln3facwvKaUt6OEDjDR3gek9pWGgHV1+Fqnqhjt1TNDPMiIBm nRp0jaMh1u2Bv/SNM76nol4j3R7uuwp30w0a+l9cv5Jk2KnYNbvEcKrH4R8GkLKx/bEN Yy7ESJnUjO9Ao/CPpIe284ydt+wlMWeKGxokq+sEU/nv7Ogy5hOPNWT82sfaXBS/TYmy jTqF/frgy/U61Yfkw/EdIbbUGPAICVttTUsqSqpvB/LZze+rdkMqpg6TmmQNsF+r/HFn dgEg==
Received: by 10.220.242.73 with SMTP id lh9mr843484vcb.4.1343351278778; Thu, 26 Jul 2012 18:07:58 -0700 (PDT)
References:  <17659C91-EE05-49A1-8541-44C1B6B6EBAA@ve7jtb.com>  <4E1F6AAD24975D4BA5B16804296739436674593C@TK5EX14MBXC285.redmond.corp.microsoft.com> <078ADCF7-3179-4AEE-87C8-8B1218A84801@gmail.com>
From: Nat Sakimura 
In-Reply-To: <078ADCF7-3179-4AEE-87C8-8B1218A84801@gmail.com>
Mime-Version: 1.0 (1.0)
Date: Fri, 27 Jul 2012 10:07:56 +0900
Message-ID: <7442382443261020608@unknownmsgid>
To: Dick Hardt 
Content-Type: text/plain; charset=ISO-8859-1
Cc: oauth WG 
Subject: Re: [OAUTH-WG] Proposed note to RFC Editor
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG 
List-Unsubscribe: , 
List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: , 
X-List-Received-Date: Fri, 27 Jul 2012 01:08:00 -0000

+1

=nat via iPhone

On 2012/07/27, at 7:36, Dick Hardt  wrote:

> +1
>
> On Jul 26, 2012, at 3:06 PM, Mike Jones wrote:
>
>> +1
>>
>> Given that the current spec inadvertently broke both the SAML profile and JWT profile, I believe we need to make these changes.
>>
>>                -- Mike
>>
>> -----Original Message-----
>> From: Brian Campbell [mailto:bcampbell@pingidentity.com]
>> Sent: Thursday, July 26, 2012 1:56 PM
>> To: John Bradley
>> Cc: oauth WG; Mike Jones
>> Subject: Re: Proposed note to RFC Editor
>>
>> I agree with the proposed changes and they do adequately address the concerns I raised in a previous message about the unintended breaking changes introduced in 29. Thanks for writing that up John.
>>
>> On Thu, Jul 26, 2012 at 2:33 PM, John Bradley  wrote:
>>> The changes introduced in Draft 29 had unintended consequences on
>>> parts of the spec caused by Sec 4.3,  4.4 and 6 referencing Sec 3.2.1
>>> as part of client authentication.
>>>
>>> This change restricts the requirement to send client_id to only Sec
>>> 4.1.4 for clients that are not authenticated per Sec 3.2.1
>>>
>>>
>>>
>>>
>>> Section 3.2.1
>>>
>>>
>>> A public client that was not issued a client password MUST use the
>>> "client_id" request parameter to identify itself when sending
>>> requests to the token endpoint.  This allows the authorization server
>>> to ensure that the code was issued to the same client.  Sending
>>> "client_id" prevents the client from inadvertently accepting a code
>>> intended for a client with a different "client_id".  This protects
>>> the client from substitution of the authentication code.  (It
>>> provides no additional security for the protected resource.)
>>>
>>>
>>> Change  to
>>>
>>> A client MAY use the "client_id" request parameter to identify itself
>>> when sending requests to the token endpoint.
>>> In the "authorization_code" grant_type request to the token endpoint,
>>> an unauthenticated client sends "client_id" to prevent itself from
>>> inadvertently accepting a code
>>> intended for a client with a different "client_id".  This protects
>>> the client from substitution of the authentication code.  (It
>>> provides no additional security for the protected resource.)
>>>
>>>
>>> ** This allows any client to send client ID and explains the threat to code.
>>>
>>>
>>> 4.1.3.  Access Token Request
>>>
>>>
>>>
>>> Add
>>> client_id
>>>       REQUIRED if the client is NOT authenticating with the
>>>       authorization server as described in Section 3.2.1
>>>
>>>
>>>
>>>
>>> ** This makes client_id only REQUIRED for the code flow if the client
>>> is not otherwise authenticated.
>>>
>>> Change
>>>
>>>
>>>    ensure the authorization code was issued to the authenticated
>>>    confidential client or to the public client identified by the
>>>    "client_id" in the request,
>>>
>>>
>>> To:
>>>    ensure the authorization code was issued to the authenticated
>>>    confidential client, or if the client is public, ensure the code was
>>>    issued to "client_id" in the request,
>>>
>>>
>>> ** That removes the implication of authentication.
>>>
>>>
>>>
>>
>>
>> _______________________________________________
>> OAuth mailing list
>> OAuth@ietf.org
>> https://www.ietf.org/mailman/listinfo/oauth
>
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth

From James.H.Manger@team.telstra.com  Thu Jul 26 18:30:02 2012
Return-Path: 
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 29E4C21F85A0 for ; Thu, 26 Jul 2012 18:30:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.189
X-Spam-Level: 
X-Spam-Status: No, score=-1.189 tagged_above=-999 required=5 tests=[AWL=-0.288, BAYES_00=-2.599, HELO_EQ_AU=0.377, HOST_EQ_AU=0.327, RELAY_IS_203=0.994]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Scx6U0VV3VR7 for ; Thu, 26 Jul 2012 18:30:01 -0700 (PDT)
Received: from ipxbno.tcif.telstra.com.au (ipxbno.tcif.telstra.com.au [203.35.82.204]) by ietfa.amsl.com (Postfix) with ESMTP id 4F31221F850C for ; Thu, 26 Jul 2012 18:30:01 -0700 (PDT)
X-IronPort-AV: E=Sophos;i="4.77,663,1336312800"; d="scan'208";a="82624893"
Received: from unknown (HELO ipcdni.tcif.telstra.com.au) ([10.97.216.212]) by ipobni.tcif.telstra.com.au with ESMTP; 27 Jul 2012 11:30:00 +1000
X-IronPort-AV: E=McAfee;i="5400,1158,6784"; a="73146502"
Received: from wsmsg3757.srv.dir.telstra.com ([172.49.40.85]) by ipcdni.tcif.telstra.com.au with ESMTP; 27 Jul 2012 11:29:59 +1000
Received: from WSMSG3153V.srv.dir.telstra.com ([172.49.40.159]) by wsmsg3757.srv.dir.telstra.com ([172.49.40.85]) with mapi; Fri, 27 Jul 2012 11:29:59 +1000
From: "Manger, James H" 
To: Brian Campbell , John Bradley , oauth WG 
Date: Fri, 27 Jul 2012 11:29:57 +1000
Thread-Topic: Proposed note to RFC Editor
Thread-Index: AQHNa23ygVhF0cAy2Uu7T5DKHU/DhJc8C0mAgAATdACAACwSsA==
Message-ID: <255B9BB34FB7D647A506DC292726F6E114F807439C@WSMSG3153V.srv.dir.telstra.com>
References:  <17659C91-EE05-49A1-8541-44C1B6B6EBAA@ve7jtb.com>  <4E1F6AAD24975D4BA5B16804296739436674593C@TK5EX14MBXC285.redmond.corp.microsoft.com>
In-Reply-To: <4E1F6AAD24975D4BA5B16804296739436674593C@TK5EX14MBXC285.redmond.corp.microsoft.com>
Accept-Language: en-US, en-AU
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
acceptlanguage: en-US, en-AU
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Subject: Re: [OAUTH-WG] Proposed note to RFC Editor
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG 
List-Unsubscribe: , 
List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: , 
X-List-Received-Date: Fri, 27 Jul 2012 01:30:02 -0000

Pj4gVGhlIGNoYW5nZXMgaW50cm9kdWNlZCBpbiBEcmFmdCAyOSBoYWQgdW5pbnRlbmRlZCBjb25z
ZXF1ZW5jZXMgb24NCj4+IHBhcnRzIG9mIHRoZSBzcGVjIGNhdXNlZCBieSBTZWMgNC4zLCAgNC40
IGFuZCA2IHJlZmVyZW5jaW5nIFNlYyAzLjIuMQ0KPj4gYXMgcGFydCBvZiBjbGllbnQgYXV0aGVu
dGljYXRpb24uDQoNCj4gdGhpcyBjaGFuZ2UgYnJlYWtzIGh0dHBzOi8vZGF0YXRyYWNrZXIuaWV0
Zi5vcmcvZG9jL2RyYWZ0LWlldGYtb2F1dGgtc2FtbDItYmVhcmVyLw0KYW5kIGh0dHBzOi8vZGF0
YXRyYWNrZXIuaWV0Zi5vcmcvZG9jL2RyYWZ0LWlldGYtb2F1dGgtand0LWJlYXJlci8NCg0KDQpB
biB1bmRlcmx5aW5nIGNhdXNlIG9mIHRoaXMgaXNzdWUgaXMgdGhhdCBhIHNpbmdsZSBVUkkgKHRo
ZSB0b2tlbiBlbmRwb2ludCkgaXMgb3ZlcmxvYWRlZCBmb3IgYSBkb3plbiBkaWZmZXJlbnQgdGFz
a3MgYnkgYSBidW5jaCBvZiBzcGVjcyDigJQgYW5kIHRoZSBsaXN0IG9mIHRhc2tzIGlzIHN0aWxs
IGdyb3dpbmcuDQoNCk9BdXRoMiBoYXMgYnVpbHQgYSBSUEMtc3R5bGUgQVBJLCBidXQgYWxtb3N0
IHByZXRlbmRzIG5vdCB0byBoYXZlIGRvbmUgc28gYnkgdXNpbmcgZ3JhbnRfdHlwZSBuYW1lcy9V
UklzIGFuZCBhIHBhcmFtZXRlciByZWdpc3RyeSBpbnN0ZWFkIG9mIGEgbW9yZSBmb3JtYWwgU09B
UC1zdHlsZSBzdHJ1Y3R1cmUuDQoNCkpvaG7igJlzIHByb3Bvc2VkIG5vdGUgdG8gdGhlIFJGQyBl
ZGl0b3Igc2hvdWxkIGFkZHJlc3MgdGhlIGltbWVkaWF0ZSBpc3N1ZS4gUGVyaGFwcyBmdXR1cmUg
ZW5oYW5jZW1lbnRzLCB0aG91Z2gsIGNvdWxkIGNvbnNpZGVyIGEgbW9yZSBSRVNUZnVsIGFwcHJv
YWNoLiBJIHRoaW5rIHRoYXQgd291bGQgc2lnbmlmaWNhbnRseSBjbGFyaWZ5IHNvbWUgb2YgdGhl
IGNvbXBsZXhpdGllcyBPQXV0aDIgZ3JhcHBsZXMgd2l0aCBhbmQgbWluaW1pc2UgY2xhc2hlcyBi
ZXR3ZWVuIHRoZSB2YXJpb3VzIGZsb3dzLg0KDQotLQ0KSmFtZXMgTWFuZ2VyDQo=

From ve7jtb@ve7jtb.com  Thu Jul 26 22:24:17 2012
Return-Path: 
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8EF8111E80C0 for ; Thu, 26 Jul 2012 22:24:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.599
X-Spam-Level: 
X-Spam-Status: No, score=-3.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bbPJoXuVCHbF for ; Thu, 26 Jul 2012 22:24:16 -0700 (PDT)
Received: from mail-pb0-f44.google.com (mail-pb0-f44.google.com [209.85.160.44]) by ietfa.amsl.com (Postfix) with ESMTP id 9F52221F8422 for ; Thu, 26 Jul 2012 22:24:16 -0700 (PDT)
Received: by pbcwy7 with SMTP id wy7so4476139pbc.31 for ; Thu, 26 Jul 2012 22:24:16 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=subject:mime-version:content-type:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to:x-mailer :x-gm-message-state; bh=b6EBwxUvIPHC/1vT43+VfEo8YKHHsRBLZSSt/nW/8CU=; b=pJDeahk/QGzo0FHwzYhABlKjzu1sU3Xv+HDW3zdxT2K845vibApkPnanO2+osOYPPM MpOkScv114WMpOLe8d0LQ5LZt72KjaUhnUaYh3a3Hjgzw7/g5sh0PsUoXulCVFR0lVx4 szSDl5t8vA4zVFPVfTVGqqqsnhXCbhG6SbVowmCFtiZQUPjzRtmnfo82J+G+OflV+cEo wPMG06/n49Qd/uq+b0KULIyucc6hXFZFykVZABQ7iD+J7YYDi60PGdQVBMytOeyGND9/ UPMe1PZ69oXnmXZRddXLYDCoiVd2uMG5RV8UsAgWoNzv9dssb4p4AGxB7xbnPn0hUOe3 W+qg==
Received: by 10.68.229.2 with SMTP id sm2mr10756333pbc.57.1343366656225; Thu, 26 Jul 2012 22:24:16 -0700 (PDT)
Received: from [172.20.10.4] (out-bc-177.wireless.telus.com. [209.121.225.177]) by mx.google.com with ESMTPS id qp9sm1172247pbc.9.2012.07.26.22.24.13 (version=TLSv1/SSLv3 cipher=OTHER); Thu, 26 Jul 2012 22:24:15 -0700 (PDT)
Mime-Version: 1.0 (Apple Message framework v1280)
Content-Type: text/plain; charset=windows-1252
From: John Bradley 
In-Reply-To: <255B9BB34FB7D647A506DC292726F6E114F807439C@WSMSG3153V.srv.dir.telstra.com>
Date: Thu, 26 Jul 2012 22:24:13 -0700
Content-Transfer-Encoding: quoted-printable
Message-Id: <6F9FACE8-8666-4DB1-8C94-4C8BC383C887@ve7jtb.com>
References:  <17659C91-EE05-49A1-8541-44C1B6B6EBAA@ve7jtb.com>  <4E1F6AAD24975D4BA5B16804296739436674593C@TK5EX14MBXC285.redmond.corp.microsoft.com> <255B9BB34FB7D647A506DC292726F6E114F807439C@WSMSG3153V.srv.dir.telstra.com>
To: "Manger, James H" 
X-Mailer: Apple Mail (2.1280)
X-Gm-Message-State: ALoCoQkN84zplCfmmnFykwhWCNc/vepbmAwcyRqZ64wcOf3QRehkFPatABJtfyBUYR9lFR/DkzHN
Cc: oauth WG 
Subject: Re: [OAUTH-WG] Proposed note to RFC Editor
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG 
List-Unsubscribe: , 
List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: , 
X-List-Received-Date: Fri, 27 Jul 2012 05:24:17 -0000

Understood, however at this point major reworking of the token endpoint =
is going to have to wait on the next release of OAuth.

I suspect that there will eventually be a 2.1.

For now this should let us close the book on this 3 year odyssey and =
address some of the other issues like JWT etc.

John B.


On 2012-07-26, at 6:29 PM, Manger, James H wrote:

>>> The changes introduced in Draft 29 had unintended consequences on
>>> parts of the spec caused by Sec 4.3,  4.4 and 6 referencing Sec =
3.2.1
>>> as part of client authentication.
>=20
>> this change breaks =
https://datatracker.ietf.org/doc/draft-ietf-oauth-saml2-bearer/
> and https://datatracker.ietf.org/doc/draft-ietf-oauth-jwt-bearer/
>=20
>=20
> An underlying cause of this issue is that a single URI (the token =
endpoint) is overloaded for a dozen different tasks by a bunch of specs =
=97 and the list of tasks is still growing.
>=20
> OAuth2 has built a RPC-style API, but almost pretends not to have done =
so by using grant_type names/URIs and a parameter registry instead of a =
more formal SOAP-style structure.
>=20
> John=92s proposed note to the RFC editor should address the immediate =
issue. Perhaps future enhancements, though, could consider a more =
RESTful approach. I think that would significantly clarify some of the =
complexities OAuth2 grapples with and minimise clashes between the =
various flows.
>=20
> --
> James Manger


From torsten@lodderstedt.net  Thu Jul 26 22:41:18 2012
Return-Path: 
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5A93811E80B7 for ; Thu, 26 Jul 2012 22:41:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.248
X-Spam-Level: 
X-Spam-Status: No, score=-2.248 tagged_above=-999 required=5 tests=[AWL=0.000,  BAYES_00=-2.599, HELO_EQ_DE=0.35, HTML_MESSAGE=0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 854GgfBzhZf1 for ; Thu, 26 Jul 2012 22:41:17 -0700 (PDT)
Received: from smtprelay06.ispgateway.de (smtprelay06.ispgateway.de [80.67.31.102]) by ietfa.amsl.com (Postfix) with ESMTP id D283711E80BB for ; Thu, 26 Jul 2012 22:41:16 -0700 (PDT)
Received: from [80.187.96.98] (helo=[10.200.224.67]) by smtprelay06.ispgateway.de with esmtpsa (TLSv1:RC4-MD5:128) (Exim 4.68) (envelope-from ) id 1SudIX-0008Oa-7z; Fri, 27 Jul 2012 07:41:15 +0200
References:  <17659C91-EE05-49A1-8541-44C1B6B6EBAA@ve7jtb.com>
User-Agent: K-9 Mail for Android
In-Reply-To: <17659C91-EE05-49A1-8541-44C1B6B6EBAA@ve7jtb.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----SN1VGI7LYL2502WM4HFCGFTGUIGWA9"
From: Torsten Lodderstedt 
Date: Fri, 27 Jul 2012 07:40:44 +0200
To: John Bradley ,oauth WG 
Message-ID: <9c44c748-b5c2-4f9a-aa86-a245475cb33a@email.android.com>
X-Df-Sender: dG9yc3RlbkBsb2RkZXJzdGVkdC1vbmxpbmUuZGU=
Subject: Re: [OAUTH-WG] Proposed note to RFC Editor
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG 
List-Unsubscribe: , 
List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: , 
X-List-Received-Date: Fri, 27 Jul 2012 05:41:18 -0000

------SN1VGI7LYL2502WM4HFCGFTGUIGWA9
Content-Type: text/plain;
 charset=UTF-8
Content-Transfer-Encoding: 8bit

Hi John,

I would expect sending a client_id is a MUST for public clients in the authz code grant type. That's not how I read the proposed text for section 3.1.

regards,
Torsten.



John Bradley  schrieb:

The changes introduced in Draft 29 had unintended consequences on parts of the spec caused by 

Sec 4.3,  4.4 and 6 referencing Sec 3.2.1 as part of client authentication.


This change restricts the requirement to send client_id to only Sec 4.1.4 for clients that are not authenticated per Sec 3.2.1





Section 3.2.1



  A public client that was not issued a client password MUST use the

  "client_id" request parameter to identify itself when sending

  requests to the token endpoint.  This allows the authorization server

  to ensure that the code was issued to the same client.  Sending

  "client_id" prevents the client from inadvertently accepting a code

  intended for a client with a different "client_id".  This protects

  the client from substitution of the authentication code.  (It

  provides no additional security for the protected resource.)



Change  to


  A client MAY use the "client_id" request parameter to identify itself

  when sending requests to the token endpoint.

  In the "authorization_code" grant_type request to the token endpoint,

  an unauthenticated client sends "client_id" to prevent itself from

  inadvertently accepting a code

  intended for a client with a different "client_id".  This protects

  the client from substitution of the authentication code.  (It

  provides no additional security for the protected resource.)



** This allows any client to send client ID and explains the threat to code.



4.1.3.  Access Token Request




Add

  client_id

        REQUIRED if the client is NOT authenticating with the

        authorization server as described in Section 3.2.1





** This makes client_id only REQUIRED for the code flow if the client is not otherwise authenticated.


Change



     ensure the authorization code was issued to the authenticated

     confidential client or to the public client identified by the

     "client_id" in the request,



To:

     ensure the authorization code was issued to the authenticated

     confidential client, or if the client is public, ensure the code was 

     issued to "client_id" in the request,



** That removes the implication of authentication.





------SN1VGI7LYL2502WM4HFCGFTGUIGWA9
Content-Type: text/html;
 charset=utf-8
Content-Transfer-Encoding: 8bit

Hi John,



I would expect sending a client_id is a MUST for public clients in the authz code grant type. That's not how I read the proposed text for section 3.1.



regards,

Torsten.





John Bradley <ve7jtb@ve7jtb.com> schrieb:

The changes introduced in Draft 29 had unintended consequences on parts of the spec caused by 
Sec 4.3,  4.4 and 6 referencing Sec 3.2.1 as part of client authentication.

This change restricts the requirement to send client_id to only Sec 4.1.4 for clients that are not authenticated per Sec 3.2.1




Section
3.2.1


  A public client that was not issued a client password MUST use the
  "client_id" request parameter to identify itself when sending
  requests to the token endpoint.  This allows the authorization server
  to ensure that the code was issued to the same client.  Sending
  "client_id" prevents the client from inadvertently accepting a code
  intended for a client with a different "client_id".  This protects
  the client from substitution of the authentication code.  (It
  provides no additional security for the protected resource.)


Change  to

  A client MAY use the "client_id" request parameter to identify itself
  when sending requests to the token endpoint.
  In
  the
"authorization_code" grant_type request to the token endpoint,
  an unauthenticated client sends "client_id" to prevent itself from
  inadvertently accepting a code
  intended for a client with a different "client_id".  This protects
  the client from substitution of the authentication code.  (It
  provides no additional security for the protected resource.)


** This allows any client to send client ID and explains the threat to code.


4.1.3.  Access Token Request



Add
  client_id
        REQUIRED if the client is NOT authenticating with the
        authorization server as described in Section 3.2.1




** This makes client_id
  only
REQUIRED for the code flow if the client is not otherwise authenticated.

Change


     ensure the authorization code was issued to the authenticated
     confidential client or to the public client identified by the
     "client_id" in the request,


To:
     ensure the authorization code was issued to the authenticated
     confidential client, or if the client is public, ensure the code was 
     issued to "client_id" in the request,


** That removes the implication of authentication.




------SN1VGI7LYL2502WM4HFCGFTGUIGWA9--


From bcampbell@pingidentity.com  Fri Jul 27 06:48:19 2012
Return-Path: 
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5E04E21F86B6 for ; Fri, 27 Jul 2012 06:48:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.984
X-Spam-Level: 
X-Spam-Status: No, score=-5.984 tagged_above=-999 required=5 tests=[AWL=-0.006, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JrcaLdEFvGsr for ; Fri, 27 Jul 2012 06:48:18 -0700 (PDT)
Received: from na3sys009aog112.obsmtp.com (na3sys009aog112.obsmtp.com [74.125.149.207]) by ietfa.amsl.com (Postfix) with ESMTP id 844F021F86AA for ; Fri, 27 Jul 2012 06:48:18 -0700 (PDT)
Received: from mail-vc0-f178.google.com ([209.85.220.178]) (using TLSv1) by na3sys009aob112.postini.com ([74.125.148.12]) with SMTP ID DSNKUBKcIQxcSqejt+W+FKj+EKm4pn1Velcm@postini.com; Fri, 27 Jul 2012 06:48:18 PDT
Received: by vcbf13 with SMTP id f13so3282009vcb.37 for ; Fri, 27 Jul 2012 06:48:16 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type:x-gm-message-state; bh=K1bWNQz1A+S4uh7nEwpUdgwW0RqxenG0LkifikAtsng=; b=lGL3uAOESCA+nSDDzPCSIp/Ps80tdLTbP3+08NfzqCNDZTBTICaD9pAAgTtq296/YH 0al4DDE2CObSPjvrKhZz3nUdMX3mvp6jtQZ3zSHtAQM/PJWgCCNHEATm9/5HQ7T6rd4V I6MeeywMK+HOItUofxKrhGx+ywGxrNCJ1PJhjiEYm1LX4YaQHAp1XK1LAGSEoDi/tVeJ FTVXl2sSnWurQjtzJBXcvyQcXmGyINTjVn2SooV1nezVIqtaf2YIAdm40EsNl10xuNd6 4rNeWVPhPIwvxQOsBt5r62FsSoor6lTUWMPhmCDHZDMyh9DFr6s7UnHtdrJK6ddRt0wc 3Zqw==
Received: by 10.52.65.145 with SMTP id x17mr2113341vds.117.1343396896607; Fri, 27 Jul 2012 06:48:16 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.52.162.130 with HTTP; Fri, 27 Jul 2012 06:47:46 -0700 (PDT)
In-Reply-To: <9c44c748-b5c2-4f9a-aa86-a245475cb33a@email.android.com>
References:  <17659C91-EE05-49A1-8541-44C1B6B6EBAA@ve7jtb.com> <9c44c748-b5c2-4f9a-aa86-a245475cb33a@email.android.com>
From: Brian Campbell 
Date: Fri, 27 Jul 2012 07:47:46 -0600
Message-ID: 
To: Torsten Lodderstedt 
Content-Type: text/plain; charset=ISO-8859-1
X-Gm-Message-State: ALoCoQn3m5GSeUaLtGO4VSUqPk3Sou8mQx4q533WLRLqKEMgV+A8DbXrydrTLnAHdI8IlPEgwuGI
Cc: oauth WG 
Subject: Re: [OAUTH-WG] Proposed note to RFC Editor
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG 
List-Unsubscribe: , 
List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: , 
X-List-Received-Date: Fri, 27 Jul 2012 13:48:19 -0000

Hey Torsten,

The requirement that public clients send their client_id with an authz
code grant is in 4.1.3 (Where the Access Token Request for the code
grant is defined) of John's proposed text:

4.1.3.  Access Token Request

   client_id
         REQUIRED if the client is NOT authenticating with the
         authorization server as described in Section 3.2.1




On Thu, Jul 26, 2012 at 11:40 PM, Torsten Lodderstedt
 wrote:
> Hi John,
>
> I would expect sending a client_id is a MUST for public clients in the authz
> code grant type. That's not how I read the proposed text for section 3.1.
>
> regards,
> Torsten.
>
>
>
> John Bradley  schrieb:
>>
>> The changes introduced in Draft 29 had unintended consequences on parts of
>> the spec caused by
>> Sec 4.3,  4.4 and 6 referencing Sec 3.2.1 as part of client
>> authentication.
>>
>> This change restricts the requirement to send client_id to only Sec 4.1.4
>> for clients that are not authenticated per Sec 3.2.1
>>
>>
>>
>>
>> Section 3.2.1
>>
>>
>>   A public client that was not issued a client password MUST use the
>>   "client_id" request parameter to identify itself when sending
>>   requests to the token endpoint.  This allows the authorization server
>>   to ensure that the code was issued to the same client.  Sending
>>   "client_id" prevents the client from inadvertently accepting a code
>>   intended for a client with a different "client_id".  This protects
>>   the client from substitution of the authentication code.  (It
>>   provides no additional security for the protected resource.)
>>
>>
>> Change  to
>>
>>   A client MAY use the "client_id" request parameter to identify itself
>>   when sending requests to the token endpoint.
>>   In the "authorization_code" grant_type request to the token endpoint,
>>   an unauthenticated client sends "client_id" to prevent itself from
>>   inadvertently accepting a code
>>   intended for a client with a different "client_id".  This protects
>>   the client from substitution of the authentication code.  (It
>>   provides no additional security for the protected resource.)
>>
>>
>> ** This allows any client to send client ID and explains the threat to
>> code.
>>
>>
>> 4.1.3.  Access Token Request
>>
>>
>>
>> Add
>>   client_id
>>         REQUIRED if the client is NOT authenticating with the
>>         authorization server as described in Section 3.2.1
>>
>>
>>
>>
>> ** This makes client_id only REQUIRED for the code flow if the client is
>> not otherwise authenticated.
>>
>> Change
>>
>>
>>      ensure the authorization code was issued to the authenticated
>>      confidential client or to the public client identified by the
>>      "client_id" in the request,
>>
>>
>> To:
>>      ensure the authorization code was issued to the authenticated
>>      confidential client, or if the client is public, ensure the code was
>>      issued to "client_id" in the request,
>>
>>
>> ** That removes the implication of authentication.
>>
>>
>>
>
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth
>

From torsten@lodderstedt.net  Fri Jul 27 07:36:10 2012
Return-Path: 
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8E26A21F866D for ; Fri, 27 Jul 2012 07:36:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.249
X-Spam-Level: 
X-Spam-Status: No, score=-2.249 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HELO_EQ_DE=0.35]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Q1zlDBXd1AD1 for ; Fri, 27 Jul 2012 07:36:10 -0700 (PDT)
Received: from smtprelay03.ispgateway.de (smtprelay03.ispgateway.de [80.67.29.28]) by ietfa.amsl.com (Postfix) with ESMTP id A566621F866A for ; Fri, 27 Jul 2012 07:36:09 -0700 (PDT)
Received: from [80.67.16.117] (helo=webmail.df.eu) by smtprelay03.ispgateway.de with esmtpa (Exim 4.68) (envelope-from ) id 1SuleA-0002RU-TC; Fri, 27 Jul 2012 16:36:06 +0200
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Date: Fri, 27 Jul 2012 16:36:06 +0200
From: Torsten Lodderstedt 
To: Brian Campbell 
In-Reply-To: 
References:  <17659C91-EE05-49A1-8541-44C1B6B6EBAA@ve7jtb.com> <9c44c748-b5c2-4f9a-aa86-a245475cb33a@email.android.com> 
Message-ID: <496c11afb3158504ff894734b1d13531@lodderstedt-online.de>
X-Sender: torsten@lodderstedt.net
User-Agent: Roundcube Webmail/0.6
X-Df-Sender: dG9yc3RlbkBsb2RkZXJzdGVkdC1vbmxpbmUuZGU=
Cc: oauth WG 
Subject: Re: [OAUTH-WG] Proposed note to RFC Editor
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG 
List-Unsubscribe: , 
List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: , 
X-List-Received-Date: Fri, 27 Jul 2012 14:36:10 -0000

Hi Brian,

I know. But there is this sentence in 3.2.1,

----------
In the "authorization_code" grant_type request to the token endpoint,
an unauthenticated client sends "client_id" to prevent itself from
inadvertently accepting a code
intended for a client with a different "client_id".
-----------

which explicitely discusses the authz code w/o saying this behavior is 
mandatory. People might "feel" a contradiction or difference to 4.1.3. I 
would suggest to either remove this sentence in 3.2.1 or change it to:

----------
In the "authorization_code" grant_type request to the token endpoint,
an unauthenticated client MUST send its "client_id" to prevent itself 
from
inadvertently accepting a code
intended for a client with a different "client_id".
-----------

regards,
Torsten.

Am 27.07.2012 15:47, schrieb Brian Campbell:
> Hey Torsten,
>
> The requirement that public clients send their client_id with an 
> authz
> code grant is in 4.1.3 (Where the Access Token Request for the code
> grant is defined) of John's proposed text:
>
> 4.1.3.  Access Token Request
>
>    client_id
>          REQUIRED if the client is NOT authenticating with the
>          authorization server as described in Section 3.2.1
>
>
>
>
> On Thu, Jul 26, 2012 at 11:40 PM, Torsten Lodderstedt
>  wrote:
>> Hi John,
>>
>> I would expect sending a client_id is a MUST for public clients in 
>> the authz
>> code grant type. That's not how I read the proposed text for section 
>> 3.1.
>>
>> regards,
>> Torsten.
>>
>>
>>
>> John Bradley  schrieb:
>>>
>>> The changes introduced in Draft 29 had unintended consequences on 
>>> parts of
>>> the spec caused by
>>> Sec 4.3,  4.4 and 6 referencing Sec 3.2.1 as part of client
>>> authentication.
>>>
>>> This change restricts the requirement to send client_id to only Sec 
>>> 4.1.4
>>> for clients that are not authenticated per Sec 3.2.1
>>>
>>>
>>>
>>>
>>> Section 3.2.1
>>>
>>>
>>>   A public client that was not issued a client password MUST use 
>>> the
>>>   "client_id" request parameter to identify itself when sending
>>>   requests to the token endpoint.  This allows the authorization 
>>> server
>>>   to ensure that the code was issued to the same client.  Sending
>>>   "client_id" prevents the client from inadvertently accepting a 
>>> code
>>>   intended for a client with a different "client_id".  This 
>>> protects
>>>   the client from substitution of the authentication code.  (It
>>>   provides no additional security for the protected resource.)
>>>
>>>
>>> Change  to
>>>
>>>   A client MAY use the "client_id" request parameter to identify 
>>> itself
>>>   when sending requests to the token endpoint.
>>>   In the "authorization_code" grant_type request to the token 
>>> endpoint,
>>>   an unauthenticated client sends "client_id" to prevent itself 
>>> from
>>>   inadvertently accepting a code
>>>   intended for a client with a different "client_id".  This 
>>> protects
>>>   the client from substitution of the authentication code.  (It
>>>   provides no additional security for the protected resource.)
>>>
>>>
>>> ** This allows any client to send client ID and explains the threat 
>>> to
>>> code.
>>>
>>>
>>> 4.1.3.  Access Token Request
>>>
>>>
>>>
>>> Add
>>>   client_id
>>>         REQUIRED if the client is NOT authenticating with the
>>>         authorization server as described in Section 3.2.1
>>>
>>>
>>>
>>>
>>> ** This makes client_id only REQUIRED for the code flow if the 
>>> client is
>>> not otherwise authenticated.
>>>
>>> Change
>>>
>>>
>>>      ensure the authorization code was issued to the authenticated
>>>      confidential client or to the public client identified by the
>>>      "client_id" in the request,
>>>
>>>
>>> To:
>>>      ensure the authorization code was issued to the authenticated
>>>      confidential client, or if the client is public, ensure the 
>>> code was
>>>      issued to "client_id" in the request,
>>>
>>>
>>> ** That removes the implication of authentication.
>>>
>>>
>>>
>>
>> _______________________________________________
>> OAuth mailing list
>> OAuth@ietf.org
>> https://www.ietf.org/mailman/listinfo/oauth
>>

From bcampbell@pingidentity.com  Fri Jul 27 08:08:56 2012
Return-Path: 
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6727D21F87CC for ; Fri, 27 Jul 2012 08:08:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.983
X-Spam-Level: 
X-Spam-Status: No, score=-5.983 tagged_above=-999 required=5 tests=[AWL=-0.006, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zOJTmgNpLsy2 for ; Fri, 27 Jul 2012 08:08:55 -0700 (PDT)
Received: from na3sys009aog101.obsmtp.com (na3sys009aog101.obsmtp.com [74.125.149.67]) by ietfa.amsl.com (Postfix) with ESMTP id 6E97521F87C3 for ; Fri, 27 Jul 2012 08:08:55 -0700 (PDT)
Received: from mail-vc0-f176.google.com ([209.85.220.176]) (using TLSv1) by na3sys009aob101.postini.com ([74.125.148.12]) with SMTP ID DSNKUBKvBhtb+qyzLhfN0y7NITxOOU5eMhCU@postini.com; Fri, 27 Jul 2012 08:08:55 PDT
Received: by vcbfl11 with SMTP id fl11so2579513vcb.7 for ; Fri, 27 Jul 2012 08:08:52 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type:x-gm-message-state; bh=agZLexQTedxG0jhAbzYiI1JspFxwOzkHQJJyEdJ0Kyw=; b=L4dg68J3QT1C5SlhhgNyNkRSDqxn6mpUr1PhcWYtSBXjefNHZY5JME1XpLvEB8YcTH F9pimqjh/jos3Nzzld29u0SK1ddLpGjACu/miyv9GBl3SV5THCAtq7u+JYPuKh6AQxo2 NOYaosuZSKGbWl9tqr7k+MPWoMbX24Ywr58w4b9hwQiwFllDb25uwIhyW01M5RZ4S8yv qfzr0wB3v4f6a1Y3Ra15b71LtyU65GeerWlfNO4izDABVeawKtmkeBQSXozm/Ls9wsmB bH0NtAo3HzJifeaybIY1AMv8zK4pvXkzDnIkqvBZ04EkmRPpalj/69v+FswQoXAAdRiE qQ0g==
Received: by 10.52.94.147 with SMTP id dc19mr2418414vdb.74.1343401732404; Fri, 27 Jul 2012 08:08:52 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.52.162.130 with HTTP; Fri, 27 Jul 2012 08:08:22 -0700 (PDT)
In-Reply-To: <496c11afb3158504ff894734b1d13531@lodderstedt-online.de>
References:  <17659C91-EE05-49A1-8541-44C1B6B6EBAA@ve7jtb.com> <9c44c748-b5c2-4f9a-aa86-a245475cb33a@email.android.com>  <496c11afb3158504ff894734b1d13531@lodderstedt-online.de>
From: Brian Campbell 
Date: Fri, 27 Jul 2012 09:08:22 -0600
Message-ID: 
To: Torsten Lodderstedt 
Content-Type: text/plain; charset=ISO-8859-1
X-Gm-Message-State: ALoCoQmI12S623b2zQxUjSacJmaulMITknRkLEk2ycaer8FwYIu7+rpMZMADWrZAXOzb5/FkL3nh
Cc: oauth WG 
Subject: Re: [OAUTH-WG] Proposed note to RFC Editor
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG 
List-Unsubscribe: , 
List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: , 
X-List-Received-Date: Fri, 27 Jul 2012 15:08:56 -0000

Fair enough. I read 3.2.1 as being more informative and explanatory
while 4.1.3 has the actual normative requirements. But I see what you
are saying too.

On Fri, Jul 27, 2012 at 8:36 AM, Torsten Lodderstedt
 wrote:
> Hi Brian,
>
> I know. But there is this sentence in 3.2.1,
>
> ----------
>
> In the "authorization_code" grant_type request to the token endpoint,
> an unauthenticated client sends "client_id" to prevent itself from
> inadvertently accepting a code
> intended for a client with a different "client_id".
> -----------
>
> which explicitely discusses the authz code w/o saying this behavior is
> mandatory. People might "feel" a contradiction or difference to 4.1.3. I
> would suggest to either remove this sentence in 3.2.1 or change it to:
>
> ----------
>
> In the "authorization_code" grant_type request to the token endpoint,
> an unauthenticated client MUST send its "client_id" to prevent itself from
>
> inadvertently accepting a code
> intended for a client with a different "client_id".
> -----------
>
> regards,
> Torsten.
>
> Am 27.07.2012 15:47, schrieb Brian Campbell:
>
>> Hey Torsten,
>>
>> The requirement that public clients send their client_id with an authz
>> code grant is in 4.1.3 (Where the Access Token Request for the code
>> grant is defined) of John's proposed text:
>>
>> 4.1.3.  Access Token Request
>>
>>    client_id
>>          REQUIRED if the client is NOT authenticating with the
>>          authorization server as described in Section 3.2.1
>>
>>
>>
>>
>> On Thu, Jul 26, 2012 at 11:40 PM, Torsten Lodderstedt
>>  wrote:
>>>
>>> Hi John,
>>>
>>> I would expect sending a client_id is a MUST for public clients in the
>>> authz
>>> code grant type. That's not how I read the proposed text for section 3.1.
>>>
>>> regards,
>>> Torsten.
>>>
>>>
>>>
>>> John Bradley  schrieb:
>>>>
>>>>
>>>> The changes introduced in Draft 29 had unintended consequences on parts
>>>> of
>>>> the spec caused by
>>>> Sec 4.3,  4.4 and 6 referencing Sec 3.2.1 as part of client
>>>> authentication.
>>>>
>>>> This change restricts the requirement to send client_id to only Sec
>>>> 4.1.4
>>>> for clients that are not authenticated per Sec 3.2.1
>>>>
>>>>
>>>>
>>>>
>>>> Section 3.2.1
>>>>
>>>>
>>>>   A public client that was not issued a client password MUST use the
>>>>   "client_id" request parameter to identify itself when sending
>>>>   requests to the token endpoint.  This allows the authorization server
>>>>   to ensure that the code was issued to the same client.  Sending
>>>>   "client_id" prevents the client from inadvertently accepting a code
>>>>   intended for a client with a different "client_id".  This protects
>>>>   the client from substitution of the authentication code.  (It
>>>>   provides no additional security for the protected resource.)
>>>>
>>>>
>>>> Change  to
>>>>
>>>>   A client MAY use the "client_id" request parameter to identify itself
>>>>   when sending requests to the token endpoint.
>>>>   In the "authorization_code" grant_type request to the token endpoint,
>>>>   an unauthenticated client sends "client_id" to prevent itself from
>>>>   inadvertently accepting a code
>>>>   intended for a client with a different "client_id".  This protects
>>>>   the client from substitution of the authentication code.  (It
>>>>   provides no additional security for the protected resource.)
>>>>
>>>>
>>>> ** This allows any client to send client ID and explains the threat to
>>>> code.
>>>>
>>>>
>>>> 4.1.3.  Access Token Request
>>>>
>>>>
>>>>
>>>> Add
>>>>   client_id
>>>>         REQUIRED if the client is NOT authenticating with the
>>>>         authorization server as described in Section 3.2.1
>>>>
>>>>
>>>>
>>>>
>>>> ** This makes client_id only REQUIRED for the code flow if the client is
>>>> not otherwise authenticated.
>>>>
>>>> Change
>>>>
>>>>
>>>>      ensure the authorization code was issued to the authenticated
>>>>      confidential client or to the public client identified by the
>>>>      "client_id" in the request,
>>>>
>>>>
>>>> To:
>>>>      ensure the authorization code was issued to the authenticated
>>>>      confidential client, or if the client is public, ensure the code
>>>> was
>>>>      issued to "client_id" in the request,
>>>>
>>>>
>>>> ** That removes the implication of authentication.
>>>>
>>>>
>>>>
>>>
>>> _______________________________________________
>>> OAuth mailing list
>>> OAuth@ietf.org
>>> https://www.ietf.org/mailman/listinfo/oauth
>>>
>

From Anil.Saldhana@redhat.com  Fri Jul 27 08:34:05 2012
Return-Path: 
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C5D9521F871E for ; Fri, 27 Jul 2012 08:34:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -110.598
X-Spam-Level: 
X-Spam-Status: No, score=-110.598 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-8, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ycK64-GghyOE for ; Fri, 27 Jul 2012 08:34:02 -0700 (PDT)
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by ietfa.amsl.com (Postfix) with ESMTP id BC7C521F8723 for ; Fri, 27 Jul 2012 08:34:02 -0700 (PDT)
Received: from int-mx02.intmail.prod.int.phx2.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.12]) by mx1.redhat.com (8.14.4/8.14.4) with ESMTP id q6RFY1Ai030539 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK) for ; Fri, 27 Jul 2012 11:34:01 -0400
Received: from [10.3.236.21] (vpn-236-21.phx2.redhat.com [10.3.236.21]) by int-mx02.intmail.prod.int.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id q6RFXxsl008356 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Fri, 27 Jul 2012 11:34:00 -0400
Message-ID: <5012B4E7.1090505@redhat.com>
Date: Fri, 27 Jul 2012 10:33:59 -0500
From: Anil Saldhana 
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:14.0) Gecko/20120717 Thunderbird/14.0
MIME-Version: 1.0
To: oauth@ietf.org
References: <4E1F6AAD24975D4BA5B1680429673943667349BA@TK5EX14MBXC285.redmond.corp.microsoft.com>
In-Reply-To: <4E1F6AAD24975D4BA5B1680429673943667349BA@TK5EX14MBXC285.redmond.corp.microsoft.com>
Content-Type: multipart/alternative; boundary="------------020104030207080502040202"
X-Scanned-By: MIMEDefang 2.67 on 10.5.11.12
Subject: Re: [OAUTH-WG] Pre-IETF 84 versions of JOSE and JWT specifications
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG 
List-Unsubscribe: , 
List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: , 
X-List-Received-Date: Fri, 27 Jul 2012 15:34:05 -0000

This is a multi-part message in MIME format.
--------------020104030207080502040202
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 8bit

Mike,
   I am wondering if it is possible to change Integrity Check from "int" 
to something else in JWE?  int is a keyword in many programming 
languages and would not translate directly to classes in Java etc.

intc,intk?

Regards,
Anil

On 07/16/2012 08:48 PM, Mike Jones wrote:
>
> I've made a minor release of the JSON WEB 
> {Signature,Encryption,Key,Algorithms,Token} (JWS, JWE, JWK, JWA, JWT) 
> working group specifications and the JWS and JWE JSON Serialization 
> (JWS-JS, JWE-JS) individual submission specifications in preparation 
> for IETF 84 in Vancouver, BC 
> .  These versions 
> incorporate feedback from working group members since the major 
> release on July 6^th , and update the 
> lists of open issues in preparation for discussions in Vancouver (and 
> on the working group mailing lists).
>
> One significant addition is that the JWT and JWE-JS specs both now 
> contain complete, testable examples with encrypted results.  No 
> normative changes were made.
>
> The working group specifications are available at:
>
> ·http://tools.ietf.org/html/draft-ietf-jose-json-web-signature-04
>
> ·http://tools.ietf.org/html/draft-ietf-jose-json-web-encryption-04
>
> ·http://tools.ietf.org/html/draft-ietf-jose-json-web-key-04
>
> ·http://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-04
>
> ·http://tools.ietf.org/html/draft-ietf-oauth-json-web-token-02
>
> The individual submission specifications are available at:
>
> ·http://tools.ietf.org/html/draft-jones-jose-jws-json-serialization-01
>
> ·http://tools.ietf.org/html/draft-jones-jose-jwe-json-serialization-01
>
> The document history entries (also in the specifications) are as follows:
>
> http://tools.ietf.org/html/draft-ietf-jose-json-web-signature-04
>
>   * Completed JSON Security Considerations section, including
>     considerations about rejecting input with duplicate member names.
>   * Completed security considerations on the use of a SHA-1 hash when
>     computing x5t(x.509 certificate thumbprint) values.
>   * Refer to the registries as the primary sources of defined values
>     and then secondarily reference the sections defining the initial
>     contents of the registries.
>   * Normatively reference XML DSIG 2.0 [W3C.CR-xmldsig-core2-20120124]
>     for its security considerations.
>   * Added this language to Registration Templates: "This name is case
>     sensitive. Names that match other registered names in a case
>     insensitive manner SHOULD NOT be accepted."
>   * Reference draft-jones-jose-jws-json-serialization instead of
>     draft-jones-json-web-signature-json-serialization.
>   * Described additional open issues.
>   * Applied editorial suggestions.
>
> http://tools.ietf.org/html/draft-ietf-jose-json-web-encryption-04
>
>   * Refer to the registries as the primary sources of defined values
>     and then secondarily reference the sections defining the initial
>     contents of the registries.
>   * Normatively reference XML Encryption 1.1
>     [W3C.CR-xmlenc-core1-20120313] for its security considerations.
>   * Reference draft-jones-jose-jwe-json-serialization instead of
>     draft-jones-json-web-encryption-json-serialization.
>   * Described additional open issues.
>   * Applied editorial suggestions.
>
> http://tools.ietf.org/html/draft-ietf-jose-json-web-key-04
>
>   * Refer to the registries as the primary sources of defined values
>     and then secondarily reference the sections defining the initial
>     contents of the registries.
>   * Normatively reference XML DSIG 2.0 [W3C.CR-xmldsig-core2-20120124]
>     for its security considerations.
>   * Added this language to Registration Templates: "This name is case
>     sensitive. Names that match other registered names in a case
>     insensitive manner SHOULD NOT be accepted."
>   * Described additional open issues.
>   * Applied editorial suggestions.
>
> http://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-04
>
>   * Added text requiring that any leading zero bytes be retained in
>     base64url encoded key value representations for fixed-length values.
>   * Added this language to Registration Templates: "This name is case
>     sensitive. Names that match other registered names in a case
>     insensitive manner SHOULD NOT be accepted."
>   * Described additional open issues.
>   * Applied editorial suggestions.
>
> http://tools.ietf.org/html/draft-ietf-oauth-json-web-token-02
>
>   * Added an example of an encrypted JWT.
>   * Added this language to Registration Templates: "This name is case
>     sensitive. Names that match other registered names in a case
>     insensitive manner SHOULD NOT be accepted."
>   * Applied editorial suggestions.
>
> http://tools.ietf.org/html/draft-jones-jose-jws-json-serialization-01
>
>   * Generalized language to refer to Message Authentication Codes
>     (MACs) rather than Hash-based Message Authentication Codes (HMACs).
>
> http://tools.ietf.org/html/draft-jones-jose-jwe-json-serialization-01
>
>   * Added a complete JWE-JS example.
>   * Generalized language to refer to Message Authentication Codes
>     (MACs) rather than Hash-based Message Authentication Codes (HMACs).
>
> -- Mike
>
>
>
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth


--------------020104030207080502040202
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit


  
    
  
  
    
Mike,

        I am wondering if it is possible to change Integrity Check from
      "int" to something else in JWE?  int is a keyword in many
      programming languages and would not translate directly to classes
      in Java etc. 

      

      intc,intk?

      

      Regards,

      Anil

      

      On 07/16/2012 08:48 PM, Mike Jones wrote:

    

    

      
      
      
      

        
I’ve made a minor release of the JSON WEB
          {Signature,Encryption,Key,Algorithms,Token} (JWS, JWE, JWK,
          JWA, JWT) working group specifications and the JWS and JWE
          JSON Serialization (JWS-JS, JWE-JS) individual submission
          specifications in preparation for IETF 84 in
            Vancouver, BC.  These versions incorporate feedback from
          working group members since the
          major release on July
            6th, and update the lists of open issues in
          preparation for discussions in Vancouver (and on the working
          group mailing lists).

        
 

        
One significant addition is that the JWT
          and JWE-JS specs both now contain complete, testable examples
          with encrypted results.  No normative changes were made.

        
 

        
The working group specifications are
          available at:

        
·       
              http://tools.ietf.org/html/draft-ietf-jose-json-web-signature-04

        
·       
              http://tools.ietf.org/html/draft-ietf-jose-json-web-encryption-04

        
·       
              http://tools.ietf.org/html/draft-ietf-jose-json-web-key-04

        
·       
              http://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-04

        
·       
              http://tools.ietf.org/html/draft-ietf-oauth-json-web-token-02

        
 

        
The individual submission specifications
          are available at:

        
·       
              http://tools.ietf.org/html/draft-jones-jose-jws-json-serialization-01

        
·       
              http://tools.ietf.org/html/draft-jones-jose-jwe-json-serialization-01

        
 

        
The document history entries (also in the
          specifications) are as follows:

        
 

        
http://tools.ietf.org/html/draft-ietf-jose-json-web-signature-04

        
    
          
  • Completed JSON Security Considerations section,
              including considerations about rejecting input with
              duplicate member names. 
    • 
          
  • Completed security considerations on the use of
              a SHA-1 hash when computing
            x5t (x.509 certificate thumbprint) values.
              
    • 
          
  • Refer to the registries as the primary sources
              of defined values and then secondarily reference the
              sections defining the initial contents of the registries.
              
    • 
          
  • Normatively reference XML DSIG 2.0
              [W3C.CR‑xmldsig‑core2‑20120124] for its security
              considerations.
              
    • 
          
  • Added this language to Registration Templates:
              "This name is case sensitive. Names that match other
              registered names in a case insensitive manner SHOULD NOT
              be accepted." 
    • 
          
  • Reference
              draft-jones-jose-jws-json-serialization instead of
              draft-jones-json-web-signature-json-serialization.
    • 
          
  • Described additional open issues.
              
    • 
          
  • Applied editorial suggestions.
    • 
        

        
 

        
http://tools.ietf.org/html/draft-ietf-jose-json-web-encryption-04

        
    
          
  • Refer to the registries as the primary sources
              of defined values and then secondarily reference the
              sections defining the initial contents of the registries.
              
    • 
          
  • Normatively reference XML Encryption 1.1
              [W3C.CR‑xmlenc‑core1‑20120313] for its security
              considerations.
              
    • 
          
  • Reference
              draft-jones-jose-jwe-json-serialization instead of
              draft-jones-json-web-encryption-json-serialization.
              
    • 
          
  • Described additional open issues.
              
    • 
          
  • Applied editorial suggestions.
    • 
        

        
 

        
http://tools.ietf.org/html/draft-ietf-jose-json-web-key-04

        
    
          
  • Refer to the registries as the primary sources
              of defined values and then secondarily reference the
              sections defining the initial contents of the registries.
              
    • 
          
  • Normatively reference XML DSIG 2.0
              [W3C.CR‑xmldsig‑core2‑20120124] for its security
              considerations.
              
    • 
          
  • Added this language to Registration Templates:
              "This name is case sensitive. Names that match other
              registered names in a case insensitive manner SHOULD NOT
              be accepted." 
    • 
          
  • Described additional open issues.
              
    • 
          
  • Applied editorial suggestions.
    • 
        

        
 

        
http://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-04

        
    
          
  • Added text requiring that any leading zero bytes
              be retained in base64url encoded key value representations
              for fixed-length values. 
    • 
          
  • Added this language to Registration Templates:
              "This name is case sensitive. Names that match other
              registered names in a case insensitive manner SHOULD NOT
              be accepted." 
    • 
          
  • Described additional open issues.
              
    • 
          
  • Applied editorial suggestions.
    • 
        

        
 

        
http://tools.ietf.org/html/draft-ietf-oauth-json-web-token-02

        
    
          
  • Added an example of an encrypted JWT.
              
    • 
          
  • Added this language to Registration Templates:
              "This name is case sensitive. Names that match other
              registered names in a case insensitive manner SHOULD NOT
              be accepted." 
    • 
          
  • Applied editorial suggestions.
    • 
        

        
 

        
http://tools.ietf.org/html/draft-jones-jose-jws-json-serialization-01

        
    
          
  • Generalized language to refer to Message
              Authentication Codes (MACs) rather than Hash-based Message
              Authentication Codes (HMACs).
    • 
        

        
 

        
http://tools.ietf.org/html/draft-jones-jose-jwe-json-serialization-01

        
    
          
  • Added a complete JWE-JS example.
              
    • 
          
  • Generalized language to refer to Message
              Authentication Codes (MACs) rather than Hash-based Message
              Authentication Codes (HMACs).
    • 
        

        
 

        
                                                           
          -- Mike

        
 

        
 

      

      

      

      

      
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth


    

    

  


--------------020104030207080502040202--

From ve7jtb@ve7jtb.com  Fri Jul 27 09:42:23 2012
Return-Path: 
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E960311E8089 for ; Fri, 27 Jul 2012 09:42:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.599
X-Spam-Level: 
X-Spam-Status: No, score=-3.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ooDp4uNI4q6i for ; Fri, 27 Jul 2012 09:42:23 -0700 (PDT)
Received: from mail-yx0-f172.google.com (mail-yx0-f172.google.com [209.85.213.172]) by ietfa.amsl.com (Postfix) with ESMTP id 181C621F872D for ; Fri, 27 Jul 2012 09:42:22 -0700 (PDT)
Received: by yenq13 with SMTP id q13so3709268yen.31 for ; Fri, 27 Jul 2012 09:42:22 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=subject:mime-version:content-type:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to:x-mailer :x-gm-message-state; bh=3hTBCWlRDtNbCOy9iJ5Qm9FJPP/YUziiymWSHyuaq3c=; b=Ltev/ZbVliXLULMc5tHMVTEl28wF2Ap3IVysEO53+8CCWRWmoyXWy+0M8XxwwsG0pp nukWweYnI1Znv9GvoQKh2/43Ypz/z4q/e8gitkY5EqH4NEr5XY8gDjgec3N+7B8r1wyN vxmrlX3eqjrp9bpSQq6AYnolFy0iHlXY03JX1xILDph2fabkuIGjdoHQqxaM2sz8oBd3 0WfLqZd8NJ096Q16+bFBPnNhGncck9zXqepc4hbMiZr16fYXqaO/eM5DApYV9fLgqgMZ TwzWO3/Ha2ea2Oi4gH0ZSvTkD79bbTm3aNVT1q6dbk5AyK1aoIjQXmcS//MNr9Gq59yF Nmiw==
Received: by 10.66.73.69 with SMTP id j5mr6899529pav.8.1343407342143; Fri, 27 Jul 2012 09:42:22 -0700 (PDT)
Received: from [172.20.10.4] (out-bc-143.wireless.telus.com. [209.121.225.143]) by mx.google.com with ESMTPS id gf3sm2197612pbc.74.2012.07.27.09.42.19 (version=TLSv1/SSLv3 cipher=OTHER); Fri, 27 Jul 2012 09:42:21 -0700 (PDT)
Mime-Version: 1.0 (Apple Message framework v1280)
Content-Type: text/plain; charset=us-ascii
From: John Bradley 
In-Reply-To: <496c11afb3158504ff894734b1d13531@lodderstedt-online.de>
Date: Fri, 27 Jul 2012 09:42:20 -0700
Content-Transfer-Encoding: quoted-printable
Message-Id: 
References:  <17659C91-EE05-49A1-8541-44C1B6B6EBAA@ve7jtb.com> <9c44c748-b5c2-4f9a-aa86-a245475cb33a@email.android.com>  <496c11afb3158504ff894734b1d13531@lodderstedt-online.de>
To: Torsten Lodderstedt 
X-Mailer: Apple Mail (2.1280)
X-Gm-Message-State: ALoCoQk9FtZDVRKw4ydJiX6TqzdhfFM831rEiPATVbtyc3oxAdUHhv6XmmNQ/1Z1A9Y9r9rp28hg
Cc: oauth WG 
Subject: Re: [OAUTH-WG] Proposed note to RFC Editor
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG 
List-Unsubscribe: , 
List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: , 
X-List-Received-Date: Fri, 27 Jul 2012 16:42:24 -0000

The text in 3.2.1 is informational to explain why there is a  REQUIRED =
is in 4.1.3.=20

Putting the explanation in the parameter description seems awkward that =
is why I left it in 3.2.1 where the description that public clients can =
send client_id originally lived.

I also note that there is no other normative text in Sec 3.2.1 other =
than the first MUST that refers to sec 2.3, the rest of the text reads =
as an explanation of rationale for client authentication.   That is why =
I phrased it that way.

I personally try to make normative requirements once as I get enough =
stick about long specs:)

I am OK with making it normative by adding a MUST,  though I will leave =
it up to the Editor to decide on if  duplicating normative text is the =
preferred style.


On 2012-07-27, at 7:36 AM, Torsten Lodderstedt wrote:

> Hi Brian,
>=20
> I know. But there is this sentence in 3.2.1,
>=20
> ----------
> In the "authorization_code" grant_type request to the token endpoint,
> an unauthenticated client sends "client_id" to prevent itself from
> inadvertently accepting a code
> intended for a client with a different "client_id".
> -----------
>=20
> which explicitely discusses the authz code w/o saying this behavior is =
mandatory. People might "feel" a contradiction or difference to 4.1.3. I =
would suggest to either remove this sentence in 3.2.1 or change it to:
>=20
> ----------
> In the "authorization_code" grant_type request to the token endpoint,
> an unauthenticated client MUST send its "client_id" to prevent itself =
from
> inadvertently accepting a code
> intended for a client with a different "client_id".
> -----------
>=20
> regards,
> Torsten.
>=20
> Am 27.07.2012 15:47, schrieb Brian Campbell:
>> Hey Torsten,
>>=20
>> The requirement that public clients send their client_id with an =
authz
>> code grant is in 4.1.3 (Where the Access Token Request for the code
>> grant is defined) of John's proposed text:
>>=20
>> 4.1.3.  Access Token Request
>>=20
>>   client_id
>>         REQUIRED if the client is NOT authenticating with the
>>         authorization server as described in Section 3.2.1
>>=20
>>=20
>>=20
>>=20
>> On Thu, Jul 26, 2012 at 11:40 PM, Torsten Lodderstedt
>>  wrote:
>>> Hi John,
>>>=20
>>> I would expect sending a client_id is a MUST for public clients in =
the authz
>>> code grant type. That's not how I read the proposed text for section =
3.1.
>>>=20
>>> regards,
>>> Torsten.
>>>=20
>>>=20
>>>=20
>>> John Bradley  schrieb:
>>>>=20
>>>> The changes introduced in Draft 29 had unintended consequences on =
parts of
>>>> the spec caused by
>>>> Sec 4.3,  4.4 and 6 referencing Sec 3.2.1 as part of client
>>>> authentication.
>>>>=20
>>>> This change restricts the requirement to send client_id to only Sec =
4.1.4
>>>> for clients that are not authenticated per Sec 3.2.1
>>>>=20
>>>>=20
>>>>=20
>>>>=20
>>>> Section 3.2.1
>>>>=20
>>>>=20
>>>>  A public client that was not issued a client password MUST use the
>>>>  "client_id" request parameter to identify itself when sending
>>>>  requests to the token endpoint.  This allows the authorization =
server
>>>>  to ensure that the code was issued to the same client.  Sending
>>>>  "client_id" prevents the client from inadvertently accepting a =
code
>>>>  intended for a client with a different "client_id".  This protects
>>>>  the client from substitution of the authentication code.  (It
>>>>  provides no additional security for the protected resource.)
>>>>=20
>>>>=20
>>>> Change  to
>>>>=20
>>>>  A client MAY use the "client_id" request parameter to identify =
itself
>>>>  when sending requests to the token endpoint.
>>>>  In the "authorization_code" grant_type request to the token =
endpoint,
>>>>  an unauthenticated client sends "client_id" to prevent itself from
>>>>  inadvertently accepting a code
>>>>  intended for a client with a different "client_id".  This protects
>>>>  the client from substitution of the authentication code.  (It
>>>>  provides no additional security for the protected resource.)
>>>>=20
>>>>=20
>>>> ** This allows any client to send client ID and explains the threat =
to
>>>> code.
>>>>=20
>>>>=20
>>>> 4.1.3.  Access Token Request
>>>>=20
>>>>=20
>>>>=20
>>>> Add
>>>>  client_id
>>>>        REQUIRED if the client is NOT authenticating with the
>>>>        authorization server as described in Section 3.2.1
>>>>=20
>>>>=20
>>>>=20
>>>>=20
>>>> ** This makes client_id only REQUIRED for the code flow if the =
client is
>>>> not otherwise authenticated.
>>>>=20
>>>> Change
>>>>=20
>>>>=20
>>>>     ensure the authorization code was issued to the authenticated
>>>>     confidential client or to the public client identified by the
>>>>     "client_id" in the request,
>>>>=20
>>>>=20
>>>> To:
>>>>     ensure the authorization code was issued to the authenticated
>>>>     confidential client, or if the client is public, ensure the =
code was
>>>>     issued to "client_id" in the request,
>>>>=20
>>>>=20
>>>> ** That removes the implication of authentication.
>>>>=20
>>>>=20
>>>>=20
>>>=20
>>> _______________________________________________
>>> OAuth mailing list
>>> OAuth@ietf.org
>>> https://www.ietf.org/mailman/listinfo/oauth
>>>=20


From Michael.Jones@microsoft.com  Fri Jul 27 10:58:21 2012
Return-Path: 
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E9F8E21F8566 for ; Fri, 27 Jul 2012 10:58:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.782
X-Spam-Level: 
X-Spam-Status: No, score=-3.782 tagged_above=-999 required=5 tests=[AWL=-0.184, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id C1GyfrtW3XW0 for ; Fri, 27 Jul 2012 10:58:20 -0700 (PDT)
Received: from am1outboundpool.messaging.microsoft.com (am1ehsobe004.messaging.microsoft.com [213.199.154.207]) by ietfa.amsl.com (Postfix) with ESMTP id 5F42E21F8565 for ; Fri, 27 Jul 2012 10:58:19 -0700 (PDT)
Received: from mail63-am1-R.bigfish.com (10.3.201.241) by AM1EHSOBE008.bigfish.com (10.3.204.28) with Microsoft SMTP Server id 14.1.225.23; Fri, 27 Jul 2012 17:58:18 +0000
Received: from mail63-am1 (localhost [127.0.0.1])	by mail63-am1-R.bigfish.com (Postfix) with ESMTP id 2D3952000E6; Fri, 27 Jul 2012 17:58:18 +0000 (UTC)
X-Forefront-Antispam-Report: CIP:131.107.125.8; KIP:(null); UIP:(null); IPV:NLI; H:TK5EX14MLTC103.redmond.corp.microsoft.com; RD:none; EFVD:NLI
X-SpamScore: -27
X-BigFish: VS-27(zzbb2dI98dI9371Ic89bhc857h1453Mzz1202hzz1033IL8275eh8275bh8275dha1495iz2fh2a8h668h839hd25hf0ah107ah)
Received-SPF: pass (mail63-am1: domain of microsoft.com designates 131.107.125.8 as permitted sender) client-ip=131.107.125.8; envelope-from=Michael.Jones@microsoft.com; helo=TK5EX14MLTC103.redmond.corp.microsoft.com ; icrosoft.com ; 
Received: from mail63-am1 (localhost.localdomain [127.0.0.1]) by mail63-am1 (MessageSwitch) id 1343411896513403_30239; Fri, 27 Jul 2012 17:58:16 +0000 (UTC)
Received: from AM1EHSMHS014.bigfish.com (unknown [10.3.201.248])	by mail63-am1.bigfish.com (Postfix) with ESMTP id 7AAF7420043; Fri, 27 Jul 2012 17:58:16 +0000 (UTC)
Received: from TK5EX14MLTC103.redmond.corp.microsoft.com (131.107.125.8) by AM1EHSMHS014.bigfish.com (10.3.207.152) with Microsoft SMTP Server (TLS) id 14.1.225.23; Fri, 27 Jul 2012 17:58:16 +0000
Received: from TK5EX14MBXC285.redmond.corp.microsoft.com ([169.254.3.222]) by TK5EX14MLTC103.redmond.corp.microsoft.com ([157.54.79.174]) with mapi id 14.02.0298.005; Fri, 27 Jul 2012 17:58:12 +0000
From: Mike Jones 
To: Anil Saldhana , "oauth@ietf.org" 
Thread-Topic: [OAUTH-WG] Pre-IETF 84 versions of JOSE and JWT specifications
Thread-Index: Ac1jvjT7zTFgSk+wSl6bNtMEpoNWqQITwjGAAAR7pTA=
Date: Fri, 27 Jul 2012 17:58:12 +0000
Message-ID: <4E1F6AAD24975D4BA5B168042967394366746735@TK5EX14MBXC285.redmond.corp.microsoft.com>
References: <4E1F6AAD24975D4BA5B1680429673943667349BA@TK5EX14MBXC285.redmond.corp.microsoft.com> <5012B4E7.1090505@redhat.com>
In-Reply-To: <5012B4E7.1090505@redhat.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-originating-ip: [157.54.51.33]
Content-Type: multipart/alternative; boundary="_000_4E1F6AAD24975D4BA5B168042967394366746735TK5EX14MBXC285r_"
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
Subject: Re: [OAUTH-WG] Pre-IETF 84 versions of JOSE and JWT specifications
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG 
List-Unsubscribe: , 
List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: , 
X-List-Received-Date: Fri, 27 Jul 2012 17:58:22 -0000

--_000_4E1F6AAD24975D4BA5B168042967394366746735TK5EX14MBXC285r_
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64

SeKAmWQgc3VnZ2VzdCByZXByZXNlbnRpbmcgdGhhdCBtZW1iZXIgd2l0aCBhIHN0cnVjdC9jbGFz
cyBtZW1iZXIgbmFtZSBsaWtlIOKAnGludGVncml0eV92YWx1ZeKAnSB0aGVuLiAgQWxzbywgcGVy
IGFuIG9wZW4gaXNzdWUgaW4gdGhlIEpXRSBzcGVjLCB0aGVyZeKAmXMgYSBwb3NzaWJpbGl0eSBv
ZiB0aGlzIGZpZWxkIGNoYW5naW5nLCBzbyBzdGF5IHR1bmVk4oCmDQoNCkFyZSB5b3UgZG9pbmcg
YSBKYXZhIGltcGxlbWVudGF0aW9uIG9mIHRoZSBKT1NFIHNwZWNzPyAgQW5kIEpXVD8NCg0KQnkg
dGhlIHdheSwgeW91IHNob3VsZCBkaXNjdXNzIEpXRSBpc3N1ZXMgb24gdGhlIGpvc2VAaWV0Zi5v
cmc8bWFpbHRvOmpvc2VAaWV0Zi5vcmc+IGxpc3QsIHJhdGhlciB0aGFuIHRoZSBPQXV0aCBsaXN0
Lg0KDQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICBCZXN0IHdpc2hlcywNCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgIC0tIE1pa2UNCg0KRnJvbTogb2F1dGgtYm91bmNlc0Bp
ZXRmLm9yZyBbbWFpbHRvOm9hdXRoLWJvdW5jZXNAaWV0Zi5vcmddIE9uIEJlaGFsZiBPZiBBbmls
IFNhbGRoYW5hDQpTZW50OiBGcmlkYXksIEp1bHkgMjcsIDIwMTIgODozNCBBTQ0KVG86IG9hdXRo
QGlldGYub3JnDQpTdWJqZWN0OiBSZTogW09BVVRILVdHXSBQcmUtSUVURiA4NCB2ZXJzaW9ucyBv
ZiBKT1NFIGFuZCBKV1Qgc3BlY2lmaWNhdGlvbnMNCg0KTWlrZSwNCiAgSSBhbSB3b25kZXJpbmcg
aWYgaXQgaXMgcG9zc2libGUgdG8gY2hhbmdlIEludGVncml0eSBDaGVjayBmcm9tICJpbnQiIHRv
IHNvbWV0aGluZyBlbHNlIGluIEpXRT8gIGludCBpcyBhIGtleXdvcmQgaW4gbWFueSBwcm9ncmFt
bWluZyBsYW5ndWFnZXMgYW5kIHdvdWxkIG5vdCB0cmFuc2xhdGUgZGlyZWN0bHkgdG8gY2xhc3Nl
cyBpbiBKYXZhIGV0Yy4NCg0KaW50YyxpbnRrPw0KDQpSZWdhcmRzLA0KQW5pbA0KDQpPbiAwNy8x
Ni8yMDEyIDA4OjQ4IFBNLCBNaWtlIEpvbmVzIHdyb3RlOg0KSeKAmXZlIG1hZGUgYSBtaW5vciBy
ZWxlYXNlIG9mIHRoZSBKU09OIFdFQiB7U2lnbmF0dXJlLEVuY3J5cHRpb24sS2V5LEFsZ29yaXRo
bXMsVG9rZW59IChKV1MsIEpXRSwgSldLLCBKV0EsIEpXVCkgd29ya2luZyBncm91cCBzcGVjaWZp
Y2F0aW9ucyBhbmQgdGhlIEpXUyBhbmQgSldFIEpTT04gU2VyaWFsaXphdGlvbiAoSldTLUpTLCBK
V0UtSlMpIGluZGl2aWR1YWwgc3VibWlzc2lvbiBzcGVjaWZpY2F0aW9ucyBpbiBwcmVwYXJhdGlv
biBmb3IgSUVURiA4NCBpbiBWYW5jb3V2ZXIsIEJDPGh0dHA6Ly93d3cuaWV0Zi5vcmcvbWVldGlu
Zy84NC9pbmRleC5odG1sPi4gIFRoZXNlIHZlcnNpb25zIGluY29ycG9yYXRlIGZlZWRiYWNrIGZy
b20gd29ya2luZyBncm91cCBtZW1iZXJzIHNpbmNlIHRoZSBtYWpvciByZWxlYXNlIG9uIEp1bHkg
NnRoPGh0dHA6Ly9zZWxmLWlzc3VlZC5pbmZvLz9wPTc1OT4sIGFuZCB1cGRhdGUgdGhlIGxpc3Rz
IG9mIG9wZW4gaXNzdWVzIGluIHByZXBhcmF0aW9uIGZvciBkaXNjdXNzaW9ucyBpbiBWYW5jb3V2
ZXIgKGFuZCBvbiB0aGUgd29ya2luZyBncm91cCBtYWlsaW5nIGxpc3RzKS4NCg0KT25lIHNpZ25p
ZmljYW50IGFkZGl0aW9uIGlzIHRoYXQgdGhlIEpXVCBhbmQgSldFLUpTIHNwZWNzIGJvdGggbm93
IGNvbnRhaW4gY29tcGxldGUsIHRlc3RhYmxlIGV4YW1wbGVzIHdpdGggZW5jcnlwdGVkIHJlc3Vs
dHMuICBObyBub3JtYXRpdmUgY2hhbmdlcyB3ZXJlIG1hZGUuDQoNClRoZSB3b3JraW5nIGdyb3Vw
IHNwZWNpZmljYXRpb25zIGFyZSBhdmFpbGFibGUgYXQ6DQoNCiYjNjE2MjMgICAgICAgIGh0dHA6
Ly90b29scy5pZXRmLm9yZy9odG1sL2RyYWZ0LWlldGYtam9zZS1qc29uLXdlYi1zaWduYXR1cmUt
MDQNCg0KJiM2MTYyMyAgICAgICAgaHR0cDovL3Rvb2xzLmlldGYub3JnL2h0bWwvZHJhZnQtaWV0
Zi1qb3NlLWpzb24td2ViLWVuY3J5cHRpb24tMDQNCg0KJiM2MTYyMyAgICAgICAgaHR0cDovL3Rv
b2xzLmlldGYub3JnL2h0bWwvZHJhZnQtaWV0Zi1qb3NlLWpzb24td2ViLWtleS0wNA0KDQomIzYx
NjIzICAgICAgICBodHRwOi8vdG9vbHMuaWV0Zi5vcmcvaHRtbC9kcmFmdC1pZXRmLWpvc2UtanNv
bi13ZWItYWxnb3JpdGhtcy0wNA0KDQomIzYxNjIzICAgICAgICBodHRwOi8vdG9vbHMuaWV0Zi5v
cmcvaHRtbC9kcmFmdC1pZXRmLW9hdXRoLWpzb24td2ViLXRva2VuLTAyDQoNClRoZSBpbmRpdmlk
dWFsIHN1Ym1pc3Npb24gc3BlY2lmaWNhdGlvbnMgYXJlIGF2YWlsYWJsZSBhdDoNCg0KJiM2MTYy
MyAgICAgICAgaHR0cDovL3Rvb2xzLmlldGYub3JnL2h0bWwvZHJhZnQtam9uZXMtam9zZS1qd3Mt
anNvbi1zZXJpYWxpemF0aW9uLTAxDQoNCiYjNjE2MjMgICAgICAgIGh0dHA6Ly90b29scy5pZXRm
Lm9yZy9odG1sL2RyYWZ0LWpvbmVzLWpvc2UtandlLWpzb24tc2VyaWFsaXphdGlvbi0wMQ0KDQpU
aGUgZG9jdW1lbnQgaGlzdG9yeSBlbnRyaWVzIChhbHNvIGluIHRoZSBzcGVjaWZpY2F0aW9ucykg
YXJlIGFzIGZvbGxvd3M6DQoNCmh0dHA6Ly90b29scy5pZXRmLm9yZy9odG1sL2RyYWZ0LWlldGYt
am9zZS1qc29uLXdlYi1zaWduYXR1cmUtMDQNCiYjNjE2MjMgICAgICAgIENvbXBsZXRlZCBKU09O
IFNlY3VyaXR5IENvbnNpZGVyYXRpb25zIHNlY3Rpb24sIGluY2x1ZGluZyBjb25zaWRlcmF0aW9u
cyBhYm91dCByZWplY3RpbmcgaW5wdXQgd2l0aCBkdXBsaWNhdGUgbWVtYmVyIG5hbWVzLg0KJiM2
MTYyMyAgICAgICAgQ29tcGxldGVkIHNlY3VyaXR5IGNvbnNpZGVyYXRpb25zIG9uIHRoZSB1c2Ug
b2YgYSBTSEEtMSBoYXNoIHdoZW4gY29tcHV0aW5nIHg1dCAoeC41MDkgY2VydGlmaWNhdGUgdGh1
bWJwcmludCkgdmFsdWVzLg0KJiM2MTYyMyAgICAgICAgUmVmZXIgdG8gdGhlIHJlZ2lzdHJpZXMg
YXMgdGhlIHByaW1hcnkgc291cmNlcyBvZiBkZWZpbmVkIHZhbHVlcyBhbmQgdGhlbiBzZWNvbmRh
cmlseSByZWZlcmVuY2UgdGhlIHNlY3Rpb25zIGRlZmluaW5nIHRoZSBpbml0aWFsIGNvbnRlbnRz
IG9mIHRoZSByZWdpc3RyaWVzLg0KJiM2MTYyMyAgICAgICAgTm9ybWF0aXZlbHkgcmVmZXJlbmNl
IFhNTCBEU0lHIDIuMCBbVzNDLkNS4oCReG1sZHNpZ+KAkWNvcmUy4oCRMjAxMjAxMjRdIGZvciBp
dHMgc2VjdXJpdHkgY29uc2lkZXJhdGlvbnMuDQomIzYxNjIzICAgICAgICBBZGRlZCB0aGlzIGxh
bmd1YWdlIHRvIFJlZ2lzdHJhdGlvbiBUZW1wbGF0ZXM6ICJUaGlzIG5hbWUgaXMgY2FzZSBzZW5z
aXRpdmUuIE5hbWVzIHRoYXQgbWF0Y2ggb3RoZXIgcmVnaXN0ZXJlZCBuYW1lcyBpbiBhIGNhc2Ug
aW5zZW5zaXRpdmUgbWFubmVyIFNIT1VMRCBOT1QgYmUgYWNjZXB0ZWQuIg0KJiM2MTYyMyAgICAg
ICAgUmVmZXJlbmNlIGRyYWZ0LWpvbmVzLWpvc2UtandzLWpzb24tc2VyaWFsaXphdGlvbiBpbnN0
ZWFkIG9mIGRyYWZ0LWpvbmVzLWpzb24td2ViLXNpZ25hdHVyZS1qc29uLXNlcmlhbGl6YXRpb24u
DQomIzYxNjIzICAgICAgICBEZXNjcmliZWQgYWRkaXRpb25hbCBvcGVuIGlzc3Vlcy4NCiYjNjE2
MjMgICAgICAgIEFwcGxpZWQgZWRpdG9yaWFsIHN1Z2dlc3Rpb25zLg0KDQpodHRwOi8vdG9vbHMu
aWV0Zi5vcmcvaHRtbC9kcmFmdC1pZXRmLWpvc2UtanNvbi13ZWItZW5jcnlwdGlvbi0wNA0KJiM2
MTYyMyAgICAgICAgUmVmZXIgdG8gdGhlIHJlZ2lzdHJpZXMgYXMgdGhlIHByaW1hcnkgc291cmNl
cyBvZiBkZWZpbmVkIHZhbHVlcyBhbmQgdGhlbiBzZWNvbmRhcmlseSByZWZlcmVuY2UgdGhlIHNl
Y3Rpb25zIGRlZmluaW5nIHRoZSBpbml0aWFsIGNvbnRlbnRzIG9mIHRoZSByZWdpc3RyaWVzLg0K
JiM2MTYyMyAgICAgICAgTm9ybWF0aXZlbHkgcmVmZXJlbmNlIFhNTCBFbmNyeXB0aW9uIDEuMSBb
VzNDLkNS4oCReG1sZW5j4oCRY29yZTHigJEyMDEyMDMxM10gZm9yIGl0cyBzZWN1cml0eSBjb25z
aWRlcmF0aW9ucy4NCiYjNjE2MjMgICAgICAgIFJlZmVyZW5jZSBkcmFmdC1qb25lcy1qb3NlLWp3
ZS1qc29uLXNlcmlhbGl6YXRpb24gaW5zdGVhZCBvZiBkcmFmdC1qb25lcy1qc29uLXdlYi1lbmNy
eXB0aW9uLWpzb24tc2VyaWFsaXphdGlvbi4NCiYjNjE2MjMgICAgICAgIERlc2NyaWJlZCBhZGRp
dGlvbmFsIG9wZW4gaXNzdWVzLg0KJiM2MTYyMyAgICAgICAgQXBwbGllZCBlZGl0b3JpYWwgc3Vn
Z2VzdGlvbnMuDQoNCmh0dHA6Ly90b29scy5pZXRmLm9yZy9odG1sL2RyYWZ0LWlldGYtam9zZS1q
c29uLXdlYi1rZXktMDQNCiYjNjE2MjMgICAgICAgIFJlZmVyIHRvIHRoZSByZWdpc3RyaWVzIGFz
IHRoZSBwcmltYXJ5IHNvdXJjZXMgb2YgZGVmaW5lZCB2YWx1ZXMgYW5kIHRoZW4gc2Vjb25kYXJp
bHkgcmVmZXJlbmNlIHRoZSBzZWN0aW9ucyBkZWZpbmluZyB0aGUgaW5pdGlhbCBjb250ZW50cyBv
ZiB0aGUgcmVnaXN0cmllcy4NCiYjNjE2MjMgICAgICAgIE5vcm1hdGl2ZWx5IHJlZmVyZW5jZSBY
TUwgRFNJRyAyLjAgW1czQy5DUuKAkXhtbGRzaWfigJFjb3JlMuKAkTIwMTIwMTI0XSBmb3IgaXRz
IHNlY3VyaXR5IGNvbnNpZGVyYXRpb25zLg0KJiM2MTYyMyAgICAgICAgQWRkZWQgdGhpcyBsYW5n
dWFnZSB0byBSZWdpc3RyYXRpb24gVGVtcGxhdGVzOiAiVGhpcyBuYW1lIGlzIGNhc2Ugc2Vuc2l0
aXZlLiBOYW1lcyB0aGF0IG1hdGNoIG90aGVyIHJlZ2lzdGVyZWQgbmFtZXMgaW4gYSBjYXNlIGlu
c2Vuc2l0aXZlIG1hbm5lciBTSE9VTEQgTk9UIGJlIGFjY2VwdGVkLiINCiYjNjE2MjMgICAgICAg
IERlc2NyaWJlZCBhZGRpdGlvbmFsIG9wZW4gaXNzdWVzLg0KJiM2MTYyMyAgICAgICAgQXBwbGll
ZCBlZGl0b3JpYWwgc3VnZ2VzdGlvbnMuDQoNCmh0dHA6Ly90b29scy5pZXRmLm9yZy9odG1sL2Ry
YWZ0LWlldGYtam9zZS1qc29uLXdlYi1hbGdvcml0aG1zLTA0DQomIzYxNjIzICAgICAgICBBZGRl
ZCB0ZXh0IHJlcXVpcmluZyB0aGF0IGFueSBsZWFkaW5nIHplcm8gYnl0ZXMgYmUgcmV0YWluZWQg
aW4gYmFzZTY0dXJsIGVuY29kZWQga2V5IHZhbHVlIHJlcHJlc2VudGF0aW9ucyBmb3IgZml4ZWQt
bGVuZ3RoIHZhbHVlcy4NCiYjNjE2MjMgICAgICAgIEFkZGVkIHRoaXMgbGFuZ3VhZ2UgdG8gUmVn
aXN0cmF0aW9uIFRlbXBsYXRlczogIlRoaXMgbmFtZSBpcyBjYXNlIHNlbnNpdGl2ZS4gTmFtZXMg
dGhhdCBtYXRjaCBvdGhlciByZWdpc3RlcmVkIG5hbWVzIGluIGEgY2FzZSBpbnNlbnNpdGl2ZSBt
YW5uZXIgU0hPVUxEIE5PVCBiZSBhY2NlcHRlZC4iDQomIzYxNjIzICAgICAgICBEZXNjcmliZWQg
YWRkaXRpb25hbCBvcGVuIGlzc3Vlcy4NCiYjNjE2MjMgICAgICAgIEFwcGxpZWQgZWRpdG9yaWFs
IHN1Z2dlc3Rpb25zLg0KDQpodHRwOi8vdG9vbHMuaWV0Zi5vcmcvaHRtbC9kcmFmdC1pZXRmLW9h
dXRoLWpzb24td2ViLXRva2VuLTAyDQomIzYxNjIzICAgICAgICBBZGRlZCBhbiBleGFtcGxlIG9m
IGFuIGVuY3J5cHRlZCBKV1QuDQomIzYxNjIzICAgICAgICBBZGRlZCB0aGlzIGxhbmd1YWdlIHRv
IFJlZ2lzdHJhdGlvbiBUZW1wbGF0ZXM6ICJUaGlzIG5hbWUgaXMgY2FzZSBzZW5zaXRpdmUuIE5h
bWVzIHRoYXQgbWF0Y2ggb3RoZXIgcmVnaXN0ZXJlZCBuYW1lcyBpbiBhIGNhc2UgaW5zZW5zaXRp
dmUgbWFubmVyIFNIT1VMRCBOT1QgYmUgYWNjZXB0ZWQuIg0KJiM2MTYyMyAgICAgICAgQXBwbGll
ZCBlZGl0b3JpYWwgc3VnZ2VzdGlvbnMuDQoNCmh0dHA6Ly90b29scy5pZXRmLm9yZy9odG1sL2Ry
YWZ0LWpvbmVzLWpvc2UtandzLWpzb24tc2VyaWFsaXphdGlvbi0wMQ0KJiM2MTYyMyAgICAgICAg
R2VuZXJhbGl6ZWQgbGFuZ3VhZ2UgdG8gcmVmZXIgdG8gTWVzc2FnZSBBdXRoZW50aWNhdGlvbiBD
b2RlcyAoTUFDcykgcmF0aGVyIHRoYW4gSGFzaC1iYXNlZCBNZXNzYWdlIEF1dGhlbnRpY2F0aW9u
IENvZGVzIChITUFDcykuDQoNCmh0dHA6Ly90b29scy5pZXRmLm9yZy9odG1sL2RyYWZ0LWpvbmVz
LWpvc2UtandlLWpzb24tc2VyaWFsaXphdGlvbi0wMQ0KJiM2MTYyMyAgICAgICAgQWRkZWQgYSBj
b21wbGV0ZSBKV0UtSlMgZXhhbXBsZS4NCiYjNjE2MjMgICAgICAgIEdlbmVyYWxpemVkIGxhbmd1
YWdlIHRvIHJlZmVyIHRvIE1lc3NhZ2UgQXV0aGVudGljYXRpb24gQ29kZXMgKE1BQ3MpIHJhdGhl
ciB0aGFuIEhhc2gtYmFzZWQgTWVzc2FnZSBBdXRoZW50aWNhdGlvbiBDb2RlcyAoSE1BQ3MpLg0K
DQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAtLSBNaWtlDQoNCg0KDQoNCg0KDQpfX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f
X19fX19fX19fX19fX19fXw0KDQpPQXV0aCBtYWlsaW5nIGxpc3QNCg0KT0F1dGhAaWV0Zi5vcmc8
bWFpbHRvOk9BdXRoQGlldGYub3JnPg0KDQpodHRwczovL3d3dy5pZXRmLm9yZy9tYWlsbWFuL2xp
c3RpbmZvL29hdXRoDQoNCg==

--_000_4E1F6AAD24975D4BA5B168042967394366746735TK5EX14MBXC285r_
Content-Type: text/html; charset="utf-8"
Content-Transfer-Encoding: base64

PGh0bWwgeG1sbnM6dj0idXJuOnNjaGVtYXMtbWljcm9zb2Z0LWNvbTp2bWwiIHhtbG5zOm89InVy
bjpzY2hlbWFzLW1pY3Jvc29mdC1jb206b2ZmaWNlOm9mZmljZSIgeG1sbnM6dz0idXJuOnNjaGVt
YXMtbWljcm9zb2Z0LWNvbTpvZmZpY2U6d29yZCIgeG1sbnM6bT0iaHR0cDovL3NjaGVtYXMubWlj
cm9zb2Z0LmNvbS9vZmZpY2UvMjAwNC8xMi9vbW1sIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv
VFIvUkVDLWh0bWw0MCI+DQo8aGVhZD4NCjxtZXRhIGh0dHAtZXF1aXY9IkNvbnRlbnQtVHlwZSIg
Y29udGVudD0idGV4dC9odG1sOyBjaGFyc2V0PXV0Zi04Ij4NCjxtZXRhIG5hbWU9IkdlbmVyYXRv
ciIgY29udGVudD0iTWljcm9zb2Z0IFdvcmQgMTQgKGZpbHRlcmVkIG1lZGl1bSkiPg0KPHN0eWxl
PjwhLS0NCi8qIEZvbnQgRGVmaW5pdGlvbnMgKi8NCkBmb250LWZhY2UNCgl7Zm9udC1mYW1pbHk6
V2luZ2RpbmdzOw0KCXBhbm9zZS0xOjUgMCAwIDAgMCAwIDAgMCAwIDA7fQ0KQGZvbnQtZmFjZQ0K
CXtmb250LWZhbWlseTpXaW5nZGluZ3M7DQoJcGFub3NlLTE6NSAwIDAgMCAwIDAgMCAwIDAgMDt9
DQpAZm9udC1mYWNlDQoJe2ZvbnQtZmFtaWx5OkNhbGlicmk7DQoJcGFub3NlLTE6MiAxNSA1IDIg
MiAyIDQgMyAyIDQ7fQ0KQGZvbnQtZmFjZQ0KCXtmb250LWZhbWlseTpUYWhvbWE7DQoJcGFub3Nl
LTE6MiAxMSA2IDQgMyA1IDQgNCAyIDQ7fQ0KQGZvbnQtZmFjZQ0KCXtmb250LWZhbWlseTpWZXJk
YW5hOw0KCXBhbm9zZS0xOjIgMTEgNiA0IDMgNSA0IDQgMiA0O30NCkBmb250LWZhY2UNCgl7Zm9u
dC1mYW1pbHk6Q29uc29sYXM7DQoJcGFub3NlLTE6MiAxMSA2IDkgMiAyIDQgMyAyIDQ7fQ0KLyog
U3R5bGUgRGVmaW5pdGlvbnMgKi8NCnAuTXNvTm9ybWFsLCBsaS5Nc29Ob3JtYWwsIGRpdi5Nc29O
b3JtYWwNCgl7bWFyZ2luOjBpbjsNCgltYXJnaW4tYm90dG9tOi4wMDAxcHQ7DQoJZm9udC1zaXpl
OjExLjBwdDsNCglmb250LWZhbWlseToiQ2FsaWJyaSIsInNhbnMtc2VyaWYiOw0KCWNvbG9yOmJs
YWNrO30NCmE6bGluaywgc3Bhbi5Nc29IeXBlcmxpbmsNCgl7bXNvLXN0eWxlLXByaW9yaXR5Ojk5
Ow0KCWNvbG9yOmJsdWU7DQoJdGV4dC1kZWNvcmF0aW9uOnVuZGVybGluZTt9DQphOnZpc2l0ZWQs
IHNwYW4uTXNvSHlwZXJsaW5rRm9sbG93ZWQNCgl7bXNvLXN0eWxlLXByaW9yaXR5Ojk5Ow0KCWNv
bG9yOnB1cnBsZTsNCgl0ZXh0LWRlY29yYXRpb246dW5kZXJsaW5lO30NCnByZQ0KCXttc28tc3R5
bGUtcHJpb3JpdHk6OTk7DQoJbXNvLXN0eWxlLWxpbms6IkhUTUwgUHJlZm9ybWF0dGVkIENoYXIi
Ow0KCW1hcmdpbjowaW47DQoJbWFyZ2luLWJvdHRvbTouMDAwMXB0Ow0KCWZvbnQtc2l6ZToxMC4w
cHQ7DQoJZm9udC1mYW1pbHk6IkNvdXJpZXIgTmV3IjsNCgljb2xvcjpibGFjazt9DQp0dA0KCXtt
c28tc3R5bGUtcHJpb3JpdHk6OTk7DQoJZm9udC1mYW1pbHk6IkNvdXJpZXIgTmV3IjsNCgljb2xv
cjojMDAzMzY2O30NCnAuTXNvTGlzdFBhcmFncmFwaCwgbGkuTXNvTGlzdFBhcmFncmFwaCwgZGl2
Lk1zb0xpc3RQYXJhZ3JhcGgNCgl7bXNvLXN0eWxlLXByaW9yaXR5OjM0Ow0KCW1hcmdpbi10b3A6
MGluOw0KCW1hcmdpbi1yaWdodDowaW47DQoJbWFyZ2luLWJvdHRvbTowaW47DQoJbWFyZ2luLWxl
ZnQ6LjVpbjsNCgltYXJnaW4tYm90dG9tOi4wMDAxcHQ7DQoJZm9udC1zaXplOjExLjBwdDsNCglm
b250LWZhbWlseToiQ2FsaWJyaSIsInNhbnMtc2VyaWYiOw0KCWNvbG9yOmJsYWNrO30NCnNwYW4u
RW1haWxTdHlsZTE5DQoJe21zby1zdHlsZS10eXBlOnBlcnNvbmFsOw0KCWZvbnQtZmFtaWx5OiJD
YWxpYnJpIiwic2Fucy1zZXJpZiI7DQoJY29sb3I6d2luZG93dGV4dDt9DQpzcGFuLkhUTUxQcmVm
b3JtYXR0ZWRDaGFyDQoJe21zby1zdHlsZS1uYW1lOiJIVE1MIFByZWZvcm1hdHRlZCBDaGFyIjsN
Cgltc28tc3R5bGUtcHJpb3JpdHk6OTk7DQoJbXNvLXN0eWxlLWxpbms6IkhUTUwgUHJlZm9ybWF0
dGVkIjsNCglmb250LWZhbWlseToiQ29uc29sYXMiLCJzZXJpZiI7DQoJY29sb3I6YmxhY2s7fQ0K
c3Bhbi5FbWFpbFN0eWxlMjINCgl7bXNvLXN0eWxlLXR5cGU6cGVyc29uYWwtcmVwbHk7DQoJZm9u
dC1mYW1pbHk6IkNhbGlicmkiLCJzYW5zLXNlcmlmIjsNCgljb2xvcjojMUY0OTdEO30NCi5Nc29D
aHBEZWZhdWx0DQoJe21zby1zdHlsZS10eXBlOmV4cG9ydC1vbmx5Ow0KCWZvbnQtc2l6ZToxMC4w
cHQ7fQ0KQHBhZ2UgV29yZFNlY3Rpb24xDQoJe3NpemU6OC41aW4gMTEuMGluOw0KCW1hcmdpbjox
LjBpbiAxLjBpbiAxLjBpbiAxLjBpbjt9DQpkaXYuV29yZFNlY3Rpb24xDQoJe3BhZ2U6V29yZFNl
Y3Rpb24xO30NCi8qIExpc3QgRGVmaW5pdGlvbnMgKi8NCkBsaXN0IGwwDQoJe21zby1saXN0LWlk
OjMyOTI2MjE5NDsNCgltc28tbGlzdC10ZW1wbGF0ZS1pZHM6LTc4NDI3MDkzODt9DQpAbGlzdCBs
MDpsZXZlbDENCgl7bXNvLWxldmVsLW51bWJlci1mb3JtYXQ6YnVsbGV0Ow0KCW1zby1sZXZlbC10
ZXh0OiImXCM2MTYyMyI7DQoJbXNvLWxldmVsLXRhYi1zdG9wOi41aW47DQoJbXNvLWxldmVsLW51
bWJlci1wb3NpdGlvbjpsZWZ0Ow0KCXRleHQtaW5kZW50Oi0uMjVpbjsNCgltc28tYW5zaS1mb250
LXNpemU6MTAuMHB0Ow0KCWZvbnQtZmFtaWx5OlN5bWJvbDt9DQpAbGlzdCBsMDpsZXZlbDINCgl7
bXNvLWxldmVsLW51bWJlci1mb3JtYXQ6YnVsbGV0Ow0KCW1zby1sZXZlbC10ZXh0Om87DQoJbXNv
LWxldmVsLXRhYi1zdG9wOjEuMGluOw0KCW1zby1sZXZlbC1udW1iZXItcG9zaXRpb246bGVmdDsN
Cgl0ZXh0LWluZGVudDotLjI1aW47DQoJbXNvLWFuc2ktZm9udC1zaXplOjEwLjBwdDsNCglmb250
LWZhbWlseToiQ291cmllciBOZXciOw0KCW1zby1iaWRpLWZvbnQtZmFtaWx5OiJUaW1lcyBOZXcg
Um9tYW4iO30NCkBsaXN0IGwwOmxldmVsMw0KCXttc28tbGV2ZWwtbnVtYmVyLWZvcm1hdDpidWxs
ZXQ7DQoJbXNvLWxldmVsLXRleHQ6IiZcIzYxNjA3IjsNCgltc28tbGV2ZWwtdGFiLXN0b3A6MS41
aW47DQoJbXNvLWxldmVsLW51bWJlci1wb3NpdGlvbjpsZWZ0Ow0KCXRleHQtaW5kZW50Oi0uMjVp
bjsNCgltc28tYW5zaS1mb250LXNpemU6MTAuMHB0Ow0KCWZvbnQtZmFtaWx5OldpbmdkaW5nczt9
DQpAbGlzdCBsMDpsZXZlbDQNCgl7bXNvLWxldmVsLW51bWJlci1mb3JtYXQ6YnVsbGV0Ow0KCW1z
by1sZXZlbC10ZXh0OiImXCM2MTYwNyI7DQoJbXNvLWxldmVsLXRhYi1zdG9wOjIuMGluOw0KCW1z
by1sZXZlbC1udW1iZXItcG9zaXRpb246bGVmdDsNCgl0ZXh0LWluZGVudDotLjI1aW47DQoJbXNv
LWFuc2ktZm9udC1zaXplOjEwLjBwdDsNCglmb250LWZhbWlseTpXaW5nZGluZ3M7fQ0KQGxpc3Qg
bDA6bGV2ZWw1DQoJe21zby1sZXZlbC1udW1iZXItZm9ybWF0OmJ1bGxldDsNCgltc28tbGV2ZWwt
dGV4dDoiJlwjNjE2MDciOw0KCW1zby1sZXZlbC10YWItc3RvcDoyLjVpbjsNCgltc28tbGV2ZWwt
bnVtYmVyLXBvc2l0aW9uOmxlZnQ7DQoJdGV4dC1pbmRlbnQ6LS4yNWluOw0KCW1zby1hbnNpLWZv
bnQtc2l6ZToxMC4wcHQ7DQoJZm9udC1mYW1pbHk6V2luZ2RpbmdzO30NCkBsaXN0IGwwOmxldmVs
Ng0KCXttc28tbGV2ZWwtbnVtYmVyLWZvcm1hdDpidWxsZXQ7DQoJbXNvLWxldmVsLXRleHQ6IiZc
IzYxNjA3IjsNCgltc28tbGV2ZWwtdGFiLXN0b3A6My4waW47DQoJbXNvLWxldmVsLW51bWJlci1w
b3NpdGlvbjpsZWZ0Ow0KCXRleHQtaW5kZW50Oi0uMjVpbjsNCgltc28tYW5zaS1mb250LXNpemU6
MTAuMHB0Ow0KCWZvbnQtZmFtaWx5OldpbmdkaW5nczt9DQpAbGlzdCBsMDpsZXZlbDcNCgl7bXNv
LWxldmVsLW51bWJlci1mb3JtYXQ6YnVsbGV0Ow0KCW1zby1sZXZlbC10ZXh0OiImXCM2MTYwNyI7
DQoJbXNvLWxldmVsLXRhYi1zdG9wOjMuNWluOw0KCW1zby1sZXZlbC1udW1iZXItcG9zaXRpb246
bGVmdDsNCgl0ZXh0LWluZGVudDotLjI1aW47DQoJbXNvLWFuc2ktZm9udC1zaXplOjEwLjBwdDsN
Cglmb250LWZhbWlseTpXaW5nZGluZ3M7fQ0KQGxpc3QgbDA6bGV2ZWw4DQoJe21zby1sZXZlbC1u
dW1iZXItZm9ybWF0OmJ1bGxldDsNCgltc28tbGV2ZWwtdGV4dDoiJlwjNjE2MDciOw0KCW1zby1s
ZXZlbC10YWItc3RvcDo0LjBpbjsNCgltc28tbGV2ZWwtbnVtYmVyLXBvc2l0aW9uOmxlZnQ7DQoJ
dGV4dC1pbmRlbnQ6LS4yNWluOw0KCW1zby1hbnNpLWZvbnQtc2l6ZToxMC4wcHQ7DQoJZm9udC1m
YW1pbHk6V2luZ2RpbmdzO30NCkBsaXN0IGwwOmxldmVsOQ0KCXttc28tbGV2ZWwtbnVtYmVyLWZv
cm1hdDpidWxsZXQ7DQoJbXNvLWxldmVsLXRleHQ6IiZcIzYxNjA3IjsNCgltc28tbGV2ZWwtdGFi
LXN0b3A6NC41aW47DQoJbXNvLWxldmVsLW51bWJlci1wb3NpdGlvbjpsZWZ0Ow0KCXRleHQtaW5k
ZW50Oi0uMjVpbjsNCgltc28tYW5zaS1mb250LXNpemU6MTAuMHB0Ow0KCWZvbnQtZmFtaWx5Oldp
bmdkaW5nczt9DQpAbGlzdCBsMQ0KCXttc28tbGlzdC1pZDo4ODI5ODc0Njc7DQoJbXNvLWxpc3Qt
dHlwZTpoeWJyaWQ7DQoJbXNvLWxpc3QtdGVtcGxhdGUtaWRzOjc2ODM1NzA2MCA2NzY5ODY4OSA2
NzY5ODY5MSA2NzY5ODY5MyA2NzY5ODY4OSA2NzY5ODY5MSA2NzY5ODY5MyA2NzY5ODY4OSA2NzY5
ODY5MSA2NzY5ODY5Mzt9DQpAbGlzdCBsMTpsZXZlbDENCgl7bXNvLWxldmVsLW51bWJlci1mb3Jt
YXQ6YnVsbGV0Ow0KCW1zby1sZXZlbC10ZXh0OiImXCM2MTYyMyI7DQoJbXNvLWxldmVsLXRhYi1z
dG9wOm5vbmU7DQoJbXNvLWxldmVsLW51bWJlci1wb3NpdGlvbjpsZWZ0Ow0KCXRleHQtaW5kZW50
Oi0uMjVpbjsNCglmb250LWZhbWlseTpTeW1ib2w7fQ0KQGxpc3QgbDE6bGV2ZWwyDQoJe21zby1s
ZXZlbC1udW1iZXItZm9ybWF0OmJ1bGxldDsNCgltc28tbGV2ZWwtdGV4dDpvOw0KCW1zby1sZXZl
bC10YWItc3RvcDpub25lOw0KCW1zby1sZXZlbC1udW1iZXItcG9zaXRpb246bGVmdDsNCgl0ZXh0
LWluZGVudDotLjI1aW47DQoJZm9udC1mYW1pbHk6IkNvdXJpZXIgTmV3Ijt9DQpAbGlzdCBsMTps
ZXZlbDMNCgl7bXNvLWxldmVsLW51bWJlci1mb3JtYXQ6YnVsbGV0Ow0KCW1zby1sZXZlbC10ZXh0
OiImXCM2MTYwNyI7DQoJbXNvLWxldmVsLXRhYi1zdG9wOm5vbmU7DQoJbXNvLWxldmVsLW51bWJl
ci1wb3NpdGlvbjpsZWZ0Ow0KCXRleHQtaW5kZW50Oi0uMjVpbjsNCglmb250LWZhbWlseTpXaW5n
ZGluZ3M7fQ0KQGxpc3QgbDE6bGV2ZWw0DQoJe21zby1sZXZlbC1udW1iZXItZm9ybWF0OmJ1bGxl
dDsNCgltc28tbGV2ZWwtdGV4dDoiJlwjNjE2MjMiOw0KCW1zby1sZXZlbC10YWItc3RvcDpub25l
Ow0KCW1zby1sZXZlbC1udW1iZXItcG9zaXRpb246bGVmdDsNCgl0ZXh0LWluZGVudDotLjI1aW47
DQoJZm9udC1mYW1pbHk6U3ltYm9sO30NCkBsaXN0IGwxOmxldmVsNQ0KCXttc28tbGV2ZWwtbnVt
YmVyLWZvcm1hdDpidWxsZXQ7DQoJbXNvLWxldmVsLXRleHQ6bzsNCgltc28tbGV2ZWwtdGFiLXN0
b3A6bm9uZTsNCgltc28tbGV2ZWwtbnVtYmVyLXBvc2l0aW9uOmxlZnQ7DQoJdGV4dC1pbmRlbnQ6
LS4yNWluOw0KCWZvbnQtZmFtaWx5OiJDb3VyaWVyIE5ldyI7fQ0KQGxpc3QgbDE6bGV2ZWw2DQoJ
e21zby1sZXZlbC1udW1iZXItZm9ybWF0OmJ1bGxldDsNCgltc28tbGV2ZWwtdGV4dDoiJlwjNjE2
MDciOw0KCW1zby1sZXZlbC10YWItc3RvcDpub25lOw0KCW1zby1sZXZlbC1udW1iZXItcG9zaXRp
b246bGVmdDsNCgl0ZXh0LWluZGVudDotLjI1aW47DQoJZm9udC1mYW1pbHk6V2luZ2RpbmdzO30N
CkBsaXN0IGwxOmxldmVsNw0KCXttc28tbGV2ZWwtbnVtYmVyLWZvcm1hdDpidWxsZXQ7DQoJbXNv
LWxldmVsLXRleHQ6IiZcIzYxNjIzIjsNCgltc28tbGV2ZWwtdGFiLXN0b3A6bm9uZTsNCgltc28t
bGV2ZWwtbnVtYmVyLXBvc2l0aW9uOmxlZnQ7DQoJdGV4dC1pbmRlbnQ6LS4yNWluOw0KCWZvbnQt
ZmFtaWx5OlN5bWJvbDt9DQpAbGlzdCBsMTpsZXZlbDgNCgl7bXNvLWxldmVsLW51bWJlci1mb3Jt
YXQ6YnVsbGV0Ow0KCW1zby1sZXZlbC10ZXh0Om87DQoJbXNvLWxldmVsLXRhYi1zdG9wOm5vbmU7
DQoJbXNvLWxldmVsLW51bWJlci1wb3NpdGlvbjpsZWZ0Ow0KCXRleHQtaW5kZW50Oi0uMjVpbjsN
Cglmb250LWZhbWlseToiQ291cmllciBOZXciO30NCkBsaXN0IGwxOmxldmVsOQ0KCXttc28tbGV2
ZWwtbnVtYmVyLWZvcm1hdDpidWxsZXQ7DQoJbXNvLWxldmVsLXRleHQ6IiZcIzYxNjA3IjsNCglt
c28tbGV2ZWwtdGFiLXN0b3A6bm9uZTsNCgltc28tbGV2ZWwtbnVtYmVyLXBvc2l0aW9uOmxlZnQ7
DQoJdGV4dC1pbmRlbnQ6LS4yNWluOw0KCWZvbnQtZmFtaWx5OldpbmdkaW5nczt9DQpAbGlzdCBs
Mg0KCXttc28tbGlzdC1pZDo5NDA4MzYzMDk7DQoJbXNvLWxpc3QtdGVtcGxhdGUtaWRzOi04NzE0
MDY4Njt9DQpAbGlzdCBsMjpsZXZlbDENCgl7bXNvLWxldmVsLW51bWJlci1mb3JtYXQ6YnVsbGV0
Ow0KCW1zby1sZXZlbC10ZXh0OiImXCM2MTYyMyI7DQoJbXNvLWxldmVsLXRhYi1zdG9wOi41aW47
DQoJbXNvLWxldmVsLW51bWJlci1wb3NpdGlvbjpsZWZ0Ow0KCXRleHQtaW5kZW50Oi0uMjVpbjsN
Cgltc28tYW5zaS1mb250LXNpemU6MTAuMHB0Ow0KCWZvbnQtZmFtaWx5OlN5bWJvbDt9DQpAbGlz
dCBsMjpsZXZlbDINCgl7bXNvLWxldmVsLW51bWJlci1mb3JtYXQ6YnVsbGV0Ow0KCW1zby1sZXZl
bC10ZXh0Om87DQoJbXNvLWxldmVsLXRhYi1zdG9wOjEuMGluOw0KCW1zby1sZXZlbC1udW1iZXIt
cG9zaXRpb246bGVmdDsNCgl0ZXh0LWluZGVudDotLjI1aW47DQoJbXNvLWFuc2ktZm9udC1zaXpl
OjEwLjBwdDsNCglmb250LWZhbWlseToiQ291cmllciBOZXciOw0KCW1zby1iaWRpLWZvbnQtZmFt
aWx5OiJUaW1lcyBOZXcgUm9tYW4iO30NCkBsaXN0IGwyOmxldmVsMw0KCXttc28tbGV2ZWwtbnVt
YmVyLWZvcm1hdDpidWxsZXQ7DQoJbXNvLWxldmVsLXRleHQ6IiZcIzYxNjA3IjsNCgltc28tbGV2
ZWwtdGFiLXN0b3A6MS41aW47DQoJbXNvLWxldmVsLW51bWJlci1wb3NpdGlvbjpsZWZ0Ow0KCXRl
eHQtaW5kZW50Oi0uMjVpbjsNCgltc28tYW5zaS1mb250LXNpemU6MTAuMHB0Ow0KCWZvbnQtZmFt
aWx5OldpbmdkaW5nczt9DQpAbGlzdCBsMjpsZXZlbDQNCgl7bXNvLWxldmVsLW51bWJlci1mb3Jt
YXQ6YnVsbGV0Ow0KCW1zby1sZXZlbC10ZXh0OiImXCM2MTYwNyI7DQoJbXNvLWxldmVsLXRhYi1z
dG9wOjIuMGluOw0KCW1zby1sZXZlbC1udW1iZXItcG9zaXRpb246bGVmdDsNCgl0ZXh0LWluZGVu
dDotLjI1aW47DQoJbXNvLWFuc2ktZm9udC1zaXplOjEwLjBwdDsNCglmb250LWZhbWlseTpXaW5n
ZGluZ3M7fQ0KQGxpc3QgbDI6bGV2ZWw1DQoJe21zby1sZXZlbC1udW1iZXItZm9ybWF0OmJ1bGxl
dDsNCgltc28tbGV2ZWwtdGV4dDoiJlwjNjE2MDciOw0KCW1zby1sZXZlbC10YWItc3RvcDoyLjVp
bjsNCgltc28tbGV2ZWwtbnVtYmVyLXBvc2l0aW9uOmxlZnQ7DQoJdGV4dC1pbmRlbnQ6LS4yNWlu
Ow0KCW1zby1hbnNpLWZvbnQtc2l6ZToxMC4wcHQ7DQoJZm9udC1mYW1pbHk6V2luZ2RpbmdzO30N
CkBsaXN0IGwyOmxldmVsNg0KCXttc28tbGV2ZWwtbnVtYmVyLWZvcm1hdDpidWxsZXQ7DQoJbXNv
LWxldmVsLXRleHQ6IiZcIzYxNjA3IjsNCgltc28tbGV2ZWwtdGFiLXN0b3A6My4waW47DQoJbXNv
LWxldmVsLW51bWJlci1wb3NpdGlvbjpsZWZ0Ow0KCXRleHQtaW5kZW50Oi0uMjVpbjsNCgltc28t
YW5zaS1mb250LXNpemU6MTAuMHB0Ow0KCWZvbnQtZmFtaWx5OldpbmdkaW5nczt9DQpAbGlzdCBs
MjpsZXZlbDcNCgl7bXNvLWxldmVsLW51bWJlci1mb3JtYXQ6YnVsbGV0Ow0KCW1zby1sZXZlbC10
ZXh0OiImXCM2MTYwNyI7DQoJbXNvLWxldmVsLXRhYi1zdG9wOjMuNWluOw0KCW1zby1sZXZlbC1u
dW1iZXItcG9zaXRpb246bGVmdDsNCgl0ZXh0LWluZGVudDotLjI1aW47DQoJbXNvLWFuc2ktZm9u
dC1zaXplOjEwLjBwdDsNCglmb250LWZhbWlseTpXaW5nZGluZ3M7fQ0KQGxpc3QgbDI6bGV2ZWw4
DQoJe21zby1sZXZlbC1udW1iZXItZm9ybWF0OmJ1bGxldDsNCgltc28tbGV2ZWwtdGV4dDoiJlwj
NjE2MDciOw0KCW1zby1sZXZlbC10YWItc3RvcDo0LjBpbjsNCgltc28tbGV2ZWwtbnVtYmVyLXBv
c2l0aW9uOmxlZnQ7DQoJdGV4dC1pbmRlbnQ6LS4yNWluOw0KCW1zby1hbnNpLWZvbnQtc2l6ZTox
MC4wcHQ7DQoJZm9udC1mYW1pbHk6V2luZ2RpbmdzO30NCkBsaXN0IGwyOmxldmVsOQ0KCXttc28t
bGV2ZWwtbnVtYmVyLWZvcm1hdDpidWxsZXQ7DQoJbXNvLWxldmVsLXRleHQ6IiZcIzYxNjA3IjsN
Cgltc28tbGV2ZWwtdGFiLXN0b3A6NC41aW47DQoJbXNvLWxldmVsLW51bWJlci1wb3NpdGlvbjps
ZWZ0Ow0KCXRleHQtaW5kZW50Oi0uMjVpbjsNCgltc28tYW5zaS1mb250LXNpemU6MTAuMHB0Ow0K
CWZvbnQtZmFtaWx5OldpbmdkaW5nczt9DQpAbGlzdCBsMw0KCXttc28tbGlzdC1pZDoxMDQxOTA2
NDgwOw0KCW1zby1saXN0LXRlbXBsYXRlLWlkczotODQwMjM3MDg4O30NCkBsaXN0IGwzOmxldmVs
MQ0KCXttc28tbGV2ZWwtbnVtYmVyLWZvcm1hdDpidWxsZXQ7DQoJbXNvLWxldmVsLXRleHQ6IiZc
IzYxNjIzIjsNCgltc28tbGV2ZWwtdGFiLXN0b3A6LjVpbjsNCgltc28tbGV2ZWwtbnVtYmVyLXBv
c2l0aW9uOmxlZnQ7DQoJdGV4dC1pbmRlbnQ6LS4yNWluOw0KCW1zby1hbnNpLWZvbnQtc2l6ZTox
MC4wcHQ7DQoJZm9udC1mYW1pbHk6U3ltYm9sO30NCkBsaXN0IGwzOmxldmVsMg0KCXttc28tbGV2
ZWwtbnVtYmVyLWZvcm1hdDpidWxsZXQ7DQoJbXNvLWxldmVsLXRleHQ6bzsNCgltc28tbGV2ZWwt
dGFiLXN0b3A6MS4waW47DQoJbXNvLWxldmVsLW51bWJlci1wb3NpdGlvbjpsZWZ0Ow0KCXRleHQt
aW5kZW50Oi0uMjVpbjsNCgltc28tYW5zaS1mb250LXNpemU6MTAuMHB0Ow0KCWZvbnQtZmFtaWx5
OiJDb3VyaWVyIE5ldyI7DQoJbXNvLWJpZGktZm9udC1mYW1pbHk6IlRpbWVzIE5ldyBSb21hbiI7
fQ0KQGxpc3QgbDM6bGV2ZWwzDQoJe21zby1sZXZlbC1udW1iZXItZm9ybWF0OmJ1bGxldDsNCglt
c28tbGV2ZWwtdGV4dDoiJlwjNjE2MDciOw0KCW1zby1sZXZlbC10YWItc3RvcDoxLjVpbjsNCglt
c28tbGV2ZWwtbnVtYmVyLXBvc2l0aW9uOmxlZnQ7DQoJdGV4dC1pbmRlbnQ6LS4yNWluOw0KCW1z
by1hbnNpLWZvbnQtc2l6ZToxMC4wcHQ7DQoJZm9udC1mYW1pbHk6V2luZ2RpbmdzO30NCkBsaXN0
IGwzOmxldmVsNA0KCXttc28tbGV2ZWwtbnVtYmVyLWZvcm1hdDpidWxsZXQ7DQoJbXNvLWxldmVs
LXRleHQ6IiZcIzYxNjA3IjsNCgltc28tbGV2ZWwtdGFiLXN0b3A6Mi4waW47DQoJbXNvLWxldmVs
LW51bWJlci1wb3NpdGlvbjpsZWZ0Ow0KCXRleHQtaW5kZW50Oi0uMjVpbjsNCgltc28tYW5zaS1m
b250LXNpemU6MTAuMHB0Ow0KCWZvbnQtZmFtaWx5OldpbmdkaW5nczt9DQpAbGlzdCBsMzpsZXZl
bDUNCgl7bXNvLWxldmVsLW51bWJlci1mb3JtYXQ6YnVsbGV0Ow0KCW1zby1sZXZlbC10ZXh0OiIm
XCM2MTYwNyI7DQoJbXNvLWxldmVsLXRhYi1zdG9wOjIuNWluOw0KCW1zby1sZXZlbC1udW1iZXIt
cG9zaXRpb246bGVmdDsNCgl0ZXh0LWluZGVudDotLjI1aW47DQoJbXNvLWFuc2ktZm9udC1zaXpl
OjEwLjBwdDsNCglmb250LWZhbWlseTpXaW5nZGluZ3M7fQ0KQGxpc3QgbDM6bGV2ZWw2DQoJe21z
by1sZXZlbC1udW1iZXItZm9ybWF0OmJ1bGxldDsNCgltc28tbGV2ZWwtdGV4dDoiJlwjNjE2MDci
Ow0KCW1zby1sZXZlbC10YWItc3RvcDozLjBpbjsNCgltc28tbGV2ZWwtbnVtYmVyLXBvc2l0aW9u
OmxlZnQ7DQoJdGV4dC1pbmRlbnQ6LS4yNWluOw0KCW1zby1hbnNpLWZvbnQtc2l6ZToxMC4wcHQ7
DQoJZm9udC1mYW1pbHk6V2luZ2RpbmdzO30NCkBsaXN0IGwzOmxldmVsNw0KCXttc28tbGV2ZWwt
bnVtYmVyLWZvcm1hdDpidWxsZXQ7DQoJbXNvLWxldmVsLXRleHQ6IiZcIzYxNjA3IjsNCgltc28t
bGV2ZWwtdGFiLXN0b3A6My41aW47DQoJbXNvLWxldmVsLW51bWJlci1wb3NpdGlvbjpsZWZ0Ow0K
CXRleHQtaW5kZW50Oi0uMjVpbjsNCgltc28tYW5zaS1mb250LXNpemU6MTAuMHB0Ow0KCWZvbnQt
ZmFtaWx5OldpbmdkaW5nczt9DQpAbGlzdCBsMzpsZXZlbDgNCgl7bXNvLWxldmVsLW51bWJlci1m
b3JtYXQ6YnVsbGV0Ow0KCW1zby1sZXZlbC10ZXh0OiImXCM2MTYwNyI7DQoJbXNvLWxldmVsLXRh
Yi1zdG9wOjQuMGluOw0KCW1zby1sZXZlbC1udW1iZXItcG9zaXRpb246bGVmdDsNCgl0ZXh0LWlu
ZGVudDotLjI1aW47DQoJbXNvLWFuc2ktZm9udC1zaXplOjEwLjBwdDsNCglmb250LWZhbWlseTpX
aW5nZGluZ3M7fQ0KQGxpc3QgbDM6bGV2ZWw5DQoJe21zby1sZXZlbC1udW1iZXItZm9ybWF0OmJ1
bGxldDsNCgltc28tbGV2ZWwtdGV4dDoiJlwjNjE2MDciOw0KCW1zby1sZXZlbC10YWItc3RvcDo0
LjVpbjsNCgltc28tbGV2ZWwtbnVtYmVyLXBvc2l0aW9uOmxlZnQ7DQoJdGV4dC1pbmRlbnQ6LS4y
NWluOw0KCW1zby1hbnNpLWZvbnQtc2l6ZToxMC4wcHQ7DQoJZm9udC1mYW1pbHk6V2luZ2Rpbmdz
O30NCkBsaXN0IGw0DQoJe21zby1saXN0LWlkOjE0MTY4NTQ4OTY7DQoJbXNvLWxpc3QtdGVtcGxh
dGUtaWRzOjIyMTI1OTE3MDt9DQpAbGlzdCBsNDpsZXZlbDENCgl7bXNvLWxldmVsLW51bWJlci1m
b3JtYXQ6YnVsbGV0Ow0KCW1zby1sZXZlbC10ZXh0OiImXCM2MTYyMyI7DQoJbXNvLWxldmVsLXRh
Yi1zdG9wOi41aW47DQoJbXNvLWxldmVsLW51bWJlci1wb3NpdGlvbjpsZWZ0Ow0KCXRleHQtaW5k
ZW50Oi0uMjVpbjsNCgltc28tYW5zaS1mb250LXNpemU6MTAuMHB0Ow0KCWZvbnQtZmFtaWx5OlN5
bWJvbDt9DQpAbGlzdCBsNDpsZXZlbDINCgl7bXNvLWxldmVsLW51bWJlci1mb3JtYXQ6YnVsbGV0
Ow0KCW1zby1sZXZlbC10ZXh0Om87DQoJbXNvLWxldmVsLXRhYi1zdG9wOjEuMGluOw0KCW1zby1s
ZXZlbC1udW1iZXItcG9zaXRpb246bGVmdDsNCgl0ZXh0LWluZGVudDotLjI1aW47DQoJbXNvLWFu
c2ktZm9udC1zaXplOjEwLjBwdDsNCglmb250LWZhbWlseToiQ291cmllciBOZXciOw0KCW1zby1i
aWRpLWZvbnQtZmFtaWx5OiJUaW1lcyBOZXcgUm9tYW4iO30NCkBsaXN0IGw0OmxldmVsMw0KCXtt
c28tbGV2ZWwtbnVtYmVyLWZvcm1hdDpidWxsZXQ7DQoJbXNvLWxldmVsLXRleHQ6IiZcIzYxNjA3
IjsNCgltc28tbGV2ZWwtdGFiLXN0b3A6MS41aW47DQoJbXNvLWxldmVsLW51bWJlci1wb3NpdGlv
bjpsZWZ0Ow0KCXRleHQtaW5kZW50Oi0uMjVpbjsNCgltc28tYW5zaS1mb250LXNpemU6MTAuMHB0
Ow0KCWZvbnQtZmFtaWx5OldpbmdkaW5nczt9DQpAbGlzdCBsNDpsZXZlbDQNCgl7bXNvLWxldmVs
LW51bWJlci1mb3JtYXQ6YnVsbGV0Ow0KCW1zby1sZXZlbC10ZXh0OiImXCM2MTYwNyI7DQoJbXNv
LWxldmVsLXRhYi1zdG9wOjIuMGluOw0KCW1zby1sZXZlbC1udW1iZXItcG9zaXRpb246bGVmdDsN
Cgl0ZXh0LWluZGVudDotLjI1aW47DQoJbXNvLWFuc2ktZm9udC1zaXplOjEwLjBwdDsNCglmb250
LWZhbWlseTpXaW5nZGluZ3M7fQ0KQGxpc3QgbDQ6bGV2ZWw1DQoJe21zby1sZXZlbC1udW1iZXIt
Zm9ybWF0OmJ1bGxldDsNCgltc28tbGV2ZWwtdGV4dDoiJlwjNjE2MDciOw0KCW1zby1sZXZlbC10
YWItc3RvcDoyLjVpbjsNCgltc28tbGV2ZWwtbnVtYmVyLXBvc2l0aW9uOmxlZnQ7DQoJdGV4dC1p
bmRlbnQ6LS4yNWluOw0KCW1zby1hbnNpLWZvbnQtc2l6ZToxMC4wcHQ7DQoJZm9udC1mYW1pbHk6
V2luZ2RpbmdzO30NCkBsaXN0IGw0OmxldmVsNg0KCXttc28tbGV2ZWwtbnVtYmVyLWZvcm1hdDpi
dWxsZXQ7DQoJbXNvLWxldmVsLXRleHQ6IiZcIzYxNjA3IjsNCgltc28tbGV2ZWwtdGFiLXN0b3A6
My4waW47DQoJbXNvLWxldmVsLW51bWJlci1wb3NpdGlvbjpsZWZ0Ow0KCXRleHQtaW5kZW50Oi0u
MjVpbjsNCgltc28tYW5zaS1mb250LXNpemU6MTAuMHB0Ow0KCWZvbnQtZmFtaWx5OldpbmdkaW5n
czt9DQpAbGlzdCBsNDpsZXZlbDcNCgl7bXNvLWxldmVsLW51bWJlci1mb3JtYXQ6YnVsbGV0Ow0K
CW1zby1sZXZlbC10ZXh0OiImXCM2MTYwNyI7DQoJbXNvLWxldmVsLXRhYi1zdG9wOjMuNWluOw0K
CW1zby1sZXZlbC1udW1iZXItcG9zaXRpb246bGVmdDsNCgl0ZXh0LWluZGVudDotLjI1aW47DQoJ
bXNvLWFuc2ktZm9udC1zaXplOjEwLjBwdDsNCglmb250LWZhbWlseTpXaW5nZGluZ3M7fQ0KQGxp
c3QgbDQ6bGV2ZWw4DQoJe21zby1sZXZlbC1udW1iZXItZm9ybWF0OmJ1bGxldDsNCgltc28tbGV2
ZWwtdGV4dDoiJlwjNjE2MDciOw0KCW1zby1sZXZlbC10YWItc3RvcDo0LjBpbjsNCgltc28tbGV2
ZWwtbnVtYmVyLXBvc2l0aW9uOmxlZnQ7DQoJdGV4dC1pbmRlbnQ6LS4yNWluOw0KCW1zby1hbnNp
LWZvbnQtc2l6ZToxMC4wcHQ7DQoJZm9udC1mYW1pbHk6V2luZ2RpbmdzO30NCkBsaXN0IGw0Omxl
dmVsOQ0KCXttc28tbGV2ZWwtbnVtYmVyLWZvcm1hdDpidWxsZXQ7DQoJbXNvLWxldmVsLXRleHQ6
IiZcIzYxNjA3IjsNCgltc28tbGV2ZWwtdGFiLXN0b3A6NC41aW47DQoJbXNvLWxldmVsLW51bWJl
ci1wb3NpdGlvbjpsZWZ0Ow0KCXRleHQtaW5kZW50Oi0uMjVpbjsNCgltc28tYW5zaS1mb250LXNp
emU6MTAuMHB0Ow0KCWZvbnQtZmFtaWx5OldpbmdkaW5nczt9DQpAbGlzdCBsNQ0KCXttc28tbGlz
dC1pZDoxNTQ2NTk5MTgyOw0KCW1zby1saXN0LXR5cGU6aHlicmlkOw0KCW1zby1saXN0LXRlbXBs
YXRlLWlkczotMjA0NDQyODYzMCA2NzY5ODY4OSA2NzY5ODY5MSA2NzY5ODY5MyA2NzY5ODY4OSA2
NzY5ODY5MSA2NzY5ODY5MyA2NzY5ODY4OSA2NzY5ODY5MSA2NzY5ODY5Mzt9DQpAbGlzdCBsNTps
ZXZlbDENCgl7bXNvLWxldmVsLW51bWJlci1mb3JtYXQ6YnVsbGV0Ow0KCW1zby1sZXZlbC10ZXh0
OiImXCM2MTYyMyI7DQoJbXNvLWxldmVsLXRhYi1zdG9wOm5vbmU7DQoJbXNvLWxldmVsLW51bWJl
ci1wb3NpdGlvbjpsZWZ0Ow0KCXRleHQtaW5kZW50Oi0uMjVpbjsNCglmb250LWZhbWlseTpTeW1i
b2w7fQ0KQGxpc3QgbDU6bGV2ZWwyDQoJe21zby1sZXZlbC1udW1iZXItZm9ybWF0OmJ1bGxldDsN
Cgltc28tbGV2ZWwtdGV4dDpvOw0KCW1zby1sZXZlbC10YWItc3RvcDpub25lOw0KCW1zby1sZXZl
bC1udW1iZXItcG9zaXRpb246bGVmdDsNCgl0ZXh0LWluZGVudDotLjI1aW47DQoJZm9udC1mYW1p
bHk6IkNvdXJpZXIgTmV3Ijt9DQpAbGlzdCBsNTpsZXZlbDMNCgl7bXNvLWxldmVsLW51bWJlci1m
b3JtYXQ6YnVsbGV0Ow0KCW1zby1sZXZlbC10ZXh0OiImXCM2MTYwNyI7DQoJbXNvLWxldmVsLXRh
Yi1zdG9wOm5vbmU7DQoJbXNvLWxldmVsLW51bWJlci1wb3NpdGlvbjpsZWZ0Ow0KCXRleHQtaW5k
ZW50Oi0uMjVpbjsNCglmb250LWZhbWlseTpXaW5nZGluZ3M7fQ0KQGxpc3QgbDU6bGV2ZWw0DQoJ
e21zby1sZXZlbC1udW1iZXItZm9ybWF0OmJ1bGxldDsNCgltc28tbGV2ZWwtdGV4dDoiJlwjNjE2
MjMiOw0KCW1zby1sZXZlbC10YWItc3RvcDpub25lOw0KCW1zby1sZXZlbC1udW1iZXItcG9zaXRp
b246bGVmdDsNCgl0ZXh0LWluZGVudDotLjI1aW47DQoJZm9udC1mYW1pbHk6U3ltYm9sO30NCkBs
aXN0IGw1OmxldmVsNQ0KCXttc28tbGV2ZWwtbnVtYmVyLWZvcm1hdDpidWxsZXQ7DQoJbXNvLWxl
dmVsLXRleHQ6bzsNCgltc28tbGV2ZWwtdGFiLXN0b3A6bm9uZTsNCgltc28tbGV2ZWwtbnVtYmVy
LXBvc2l0aW9uOmxlZnQ7DQoJdGV4dC1pbmRlbnQ6LS4yNWluOw0KCWZvbnQtZmFtaWx5OiJDb3Vy
aWVyIE5ldyI7fQ0KQGxpc3QgbDU6bGV2ZWw2DQoJe21zby1sZXZlbC1udW1iZXItZm9ybWF0OmJ1
bGxldDsNCgltc28tbGV2ZWwtdGV4dDoiJlwjNjE2MDciOw0KCW1zby1sZXZlbC10YWItc3RvcDpu
b25lOw0KCW1zby1sZXZlbC1udW1iZXItcG9zaXRpb246bGVmdDsNCgl0ZXh0LWluZGVudDotLjI1
aW47DQoJZm9udC1mYW1pbHk6V2luZ2RpbmdzO30NCkBsaXN0IGw1OmxldmVsNw0KCXttc28tbGV2
ZWwtbnVtYmVyLWZvcm1hdDpidWxsZXQ7DQoJbXNvLWxldmVsLXRleHQ6IiZcIzYxNjIzIjsNCglt
c28tbGV2ZWwtdGFiLXN0b3A6bm9uZTsNCgltc28tbGV2ZWwtbnVtYmVyLXBvc2l0aW9uOmxlZnQ7
DQoJdGV4dC1pbmRlbnQ6LS4yNWluOw0KCWZvbnQtZmFtaWx5OlN5bWJvbDt9DQpAbGlzdCBsNTps
ZXZlbDgNCgl7bXNvLWxldmVsLW51bWJlci1mb3JtYXQ6YnVsbGV0Ow0KCW1zby1sZXZlbC10ZXh0
Om87DQoJbXNvLWxldmVsLXRhYi1zdG9wOm5vbmU7DQoJbXNvLWxldmVsLW51bWJlci1wb3NpdGlv
bjpsZWZ0Ow0KCXRleHQtaW5kZW50Oi0uMjVpbjsNCglmb250LWZhbWlseToiQ291cmllciBOZXci
O30NCkBsaXN0IGw1OmxldmVsOQ0KCXttc28tbGV2ZWwtbnVtYmVyLWZvcm1hdDpidWxsZXQ7DQoJ
bXNvLWxldmVsLXRleHQ6IiZcIzYxNjA3IjsNCgltc28tbGV2ZWwtdGFiLXN0b3A6bm9uZTsNCglt
c28tbGV2ZWwtbnVtYmVyLXBvc2l0aW9uOmxlZnQ7DQoJdGV4dC1pbmRlbnQ6LS4yNWluOw0KCWZv
bnQtZmFtaWx5OldpbmdkaW5nczt9DQpAbGlzdCBsNg0KCXttc28tbGlzdC1pZDoxODc5NjU5MTY2
Ow0KCW1zby1saXN0LXRlbXBsYXRlLWlkczoxNjg1NzE4ODA0O30NCkBsaXN0IGw2OmxldmVsMQ0K
CXttc28tbGV2ZWwtbnVtYmVyLWZvcm1hdDpidWxsZXQ7DQoJbXNvLWxldmVsLXRleHQ6IiZcIzYx
NjIzIjsNCgltc28tbGV2ZWwtdGFiLXN0b3A6LjVpbjsNCgltc28tbGV2ZWwtbnVtYmVyLXBvc2l0
aW9uOmxlZnQ7DQoJdGV4dC1pbmRlbnQ6LS4yNWluOw0KCW1zby1hbnNpLWZvbnQtc2l6ZToxMC4w
cHQ7DQoJZm9udC1mYW1pbHk6U3ltYm9sO30NCkBsaXN0IGw2OmxldmVsMg0KCXttc28tbGV2ZWwt
bnVtYmVyLWZvcm1hdDpidWxsZXQ7DQoJbXNvLWxldmVsLXRleHQ6bzsNCgltc28tbGV2ZWwtdGFi
LXN0b3A6MS4waW47DQoJbXNvLWxldmVsLW51bWJlci1wb3NpdGlvbjpsZWZ0Ow0KCXRleHQtaW5k
ZW50Oi0uMjVpbjsNCgltc28tYW5zaS1mb250LXNpemU6MTAuMHB0Ow0KCWZvbnQtZmFtaWx5OiJD
b3VyaWVyIE5ldyI7DQoJbXNvLWJpZGktZm9udC1mYW1pbHk6IlRpbWVzIE5ldyBSb21hbiI7fQ0K
QGxpc3QgbDY6bGV2ZWwzDQoJe21zby1sZXZlbC1udW1iZXItZm9ybWF0OmJ1bGxldDsNCgltc28t
bGV2ZWwtdGV4dDoiJlwjNjE2MDciOw0KCW1zby1sZXZlbC10YWItc3RvcDoxLjVpbjsNCgltc28t
bGV2ZWwtbnVtYmVyLXBvc2l0aW9uOmxlZnQ7DQoJdGV4dC1pbmRlbnQ6LS4yNWluOw0KCW1zby1h
bnNpLWZvbnQtc2l6ZToxMC4wcHQ7DQoJZm9udC1mYW1pbHk6V2luZ2RpbmdzO30NCkBsaXN0IGw2
OmxldmVsNA0KCXttc28tbGV2ZWwtbnVtYmVyLWZvcm1hdDpidWxsZXQ7DQoJbXNvLWxldmVsLXRl
eHQ6IiZcIzYxNjA3IjsNCgltc28tbGV2ZWwtdGFiLXN0b3A6Mi4waW47DQoJbXNvLWxldmVsLW51
bWJlci1wb3NpdGlvbjpsZWZ0Ow0KCXRleHQtaW5kZW50Oi0uMjVpbjsNCgltc28tYW5zaS1mb250
LXNpemU6MTAuMHB0Ow0KCWZvbnQtZmFtaWx5OldpbmdkaW5nczt9DQpAbGlzdCBsNjpsZXZlbDUN
Cgl7bXNvLWxldmVsLW51bWJlci1mb3JtYXQ6YnVsbGV0Ow0KCW1zby1sZXZlbC10ZXh0OiImXCM2
MTYwNyI7DQoJbXNvLWxldmVsLXRhYi1zdG9wOjIuNWluOw0KCW1zby1sZXZlbC1udW1iZXItcG9z
aXRpb246bGVmdDsNCgl0ZXh0LWluZGVudDotLjI1aW47DQoJbXNvLWFuc2ktZm9udC1zaXplOjEw
LjBwdDsNCglmb250LWZhbWlseTpXaW5nZGluZ3M7fQ0KQGxpc3QgbDY6bGV2ZWw2DQoJe21zby1s
ZXZlbC1udW1iZXItZm9ybWF0OmJ1bGxldDsNCgltc28tbGV2ZWwtdGV4dDoiJlwjNjE2MDciOw0K
CW1zby1sZXZlbC10YWItc3RvcDozLjBpbjsNCgltc28tbGV2ZWwtbnVtYmVyLXBvc2l0aW9uOmxl
ZnQ7DQoJdGV4dC1pbmRlbnQ6LS4yNWluOw0KCW1zby1hbnNpLWZvbnQtc2l6ZToxMC4wcHQ7DQoJ
Zm9udC1mYW1pbHk6V2luZ2RpbmdzO30NCkBsaXN0IGw2OmxldmVsNw0KCXttc28tbGV2ZWwtbnVt
YmVyLWZvcm1hdDpidWxsZXQ7DQoJbXNvLWxldmVsLXRleHQ6IiZcIzYxNjA3IjsNCgltc28tbGV2
ZWwtdGFiLXN0b3A6My41aW47DQoJbXNvLWxldmVsLW51bWJlci1wb3NpdGlvbjpsZWZ0Ow0KCXRl
eHQtaW5kZW50Oi0uMjVpbjsNCgltc28tYW5zaS1mb250LXNpemU6MTAuMHB0Ow0KCWZvbnQtZmFt
aWx5OldpbmdkaW5nczt9DQpAbGlzdCBsNjpsZXZlbDgNCgl7bXNvLWxldmVsLW51bWJlci1mb3Jt
YXQ6YnVsbGV0Ow0KCW1zby1sZXZlbC10ZXh0OiImXCM2MTYwNyI7DQoJbXNvLWxldmVsLXRhYi1z
dG9wOjQuMGluOw0KCW1zby1sZXZlbC1udW1iZXItcG9zaXRpb246bGVmdDsNCgl0ZXh0LWluZGVu
dDotLjI1aW47DQoJbXNvLWFuc2ktZm9udC1zaXplOjEwLjBwdDsNCglmb250LWZhbWlseTpXaW5n
ZGluZ3M7fQ0KQGxpc3QgbDY6bGV2ZWw5DQoJe21zby1sZXZlbC1udW1iZXItZm9ybWF0OmJ1bGxl
dDsNCgltc28tbGV2ZWwtdGV4dDoiJlwjNjE2MDciOw0KCW1zby1sZXZlbC10YWItc3RvcDo0LjVp
bjsNCgltc28tbGV2ZWwtbnVtYmVyLXBvc2l0aW9uOmxlZnQ7DQoJdGV4dC1pbmRlbnQ6LS4yNWlu
Ow0KCW1zby1hbnNpLWZvbnQtc2l6ZToxMC4wcHQ7DQoJZm9udC1mYW1pbHk6V2luZ2RpbmdzO30N
CkBsaXN0IGw3DQoJe21zby1saXN0LWlkOjE5MDk3MjU2Nzc7DQoJbXNvLWxpc3QtdGVtcGxhdGUt
aWRzOi0xNDc5NjcxNDMwO30NCkBsaXN0IGw3OmxldmVsMQ0KCXttc28tbGV2ZWwtbnVtYmVyLWZv
cm1hdDpidWxsZXQ7DQoJbXNvLWxldmVsLXRleHQ6IiZcIzYxNjIzIjsNCgltc28tbGV2ZWwtdGFi
LXN0b3A6LjVpbjsNCgltc28tbGV2ZWwtbnVtYmVyLXBvc2l0aW9uOmxlZnQ7DQoJdGV4dC1pbmRl
bnQ6LS4yNWluOw0KCW1zby1hbnNpLWZvbnQtc2l6ZToxMC4wcHQ7DQoJZm9udC1mYW1pbHk6U3lt
Ym9sO30NCkBsaXN0IGw3OmxldmVsMg0KCXttc28tbGV2ZWwtbnVtYmVyLWZvcm1hdDpidWxsZXQ7
DQoJbXNvLWxldmVsLXRleHQ6bzsNCgltc28tbGV2ZWwtdGFiLXN0b3A6MS4waW47DQoJbXNvLWxl
dmVsLW51bWJlci1wb3NpdGlvbjpsZWZ0Ow0KCXRleHQtaW5kZW50Oi0uMjVpbjsNCgltc28tYW5z
aS1mb250LXNpemU6MTAuMHB0Ow0KCWZvbnQtZmFtaWx5OiJDb3VyaWVyIE5ldyI7DQoJbXNvLWJp
ZGktZm9udC1mYW1pbHk6IlRpbWVzIE5ldyBSb21hbiI7fQ0KQGxpc3QgbDc6bGV2ZWwzDQoJe21z
by1sZXZlbC1udW1iZXItZm9ybWF0OmJ1bGxldDsNCgltc28tbGV2ZWwtdGV4dDoiJlwjNjE2MDci
Ow0KCW1zby1sZXZlbC10YWItc3RvcDoxLjVpbjsNCgltc28tbGV2ZWwtbnVtYmVyLXBvc2l0aW9u
OmxlZnQ7DQoJdGV4dC1pbmRlbnQ6LS4yNWluOw0KCW1zby1hbnNpLWZvbnQtc2l6ZToxMC4wcHQ7
DQoJZm9udC1mYW1pbHk6V2luZ2RpbmdzO30NCkBsaXN0IGw3OmxldmVsNA0KCXttc28tbGV2ZWwt
bnVtYmVyLWZvcm1hdDpidWxsZXQ7DQoJbXNvLWxldmVsLXRleHQ6IiZcIzYxNjA3IjsNCgltc28t
bGV2ZWwtdGFiLXN0b3A6Mi4waW47DQoJbXNvLWxldmVsLW51bWJlci1wb3NpdGlvbjpsZWZ0Ow0K
CXRleHQtaW5kZW50Oi0uMjVpbjsNCgltc28tYW5zaS1mb250LXNpemU6MTAuMHB0Ow0KCWZvbnQt
ZmFtaWx5OldpbmdkaW5nczt9DQpAbGlzdCBsNzpsZXZlbDUNCgl7bXNvLWxldmVsLW51bWJlci1m
b3JtYXQ6YnVsbGV0Ow0KCW1zby1sZXZlbC10ZXh0OiImXCM2MTYwNyI7DQoJbXNvLWxldmVsLXRh
Yi1zdG9wOjIuNWluOw0KCW1zby1sZXZlbC1udW1iZXItcG9zaXRpb246bGVmdDsNCgl0ZXh0LWlu
ZGVudDotLjI1aW47DQoJbXNvLWFuc2ktZm9udC1zaXplOjEwLjBwdDsNCglmb250LWZhbWlseTpX
aW5nZGluZ3M7fQ0KQGxpc3QgbDc6bGV2ZWw2DQoJe21zby1sZXZlbC1udW1iZXItZm9ybWF0OmJ1
bGxldDsNCgltc28tbGV2ZWwtdGV4dDoiJlwjNjE2MDciOw0KCW1zby1sZXZlbC10YWItc3RvcDoz
LjBpbjsNCgltc28tbGV2ZWwtbnVtYmVyLXBvc2l0aW9uOmxlZnQ7DQoJdGV4dC1pbmRlbnQ6LS4y
NWluOw0KCW1zby1hbnNpLWZvbnQtc2l6ZToxMC4wcHQ7DQoJZm9udC1mYW1pbHk6V2luZ2Rpbmdz
O30NCkBsaXN0IGw3OmxldmVsNw0KCXttc28tbGV2ZWwtbnVtYmVyLWZvcm1hdDpidWxsZXQ7DQoJ
bXNvLWxldmVsLXRleHQ6IiZcIzYxNjA3IjsNCgltc28tbGV2ZWwtdGFiLXN0b3A6My41aW47DQoJ
bXNvLWxldmVsLW51bWJlci1wb3NpdGlvbjpsZWZ0Ow0KCXRleHQtaW5kZW50Oi0uMjVpbjsNCglt
c28tYW5zaS1mb250LXNpemU6MTAuMHB0Ow0KCWZvbnQtZmFtaWx5OldpbmdkaW5nczt9DQpAbGlz
dCBsNzpsZXZlbDgNCgl7bXNvLWxldmVsLW51bWJlci1mb3JtYXQ6YnVsbGV0Ow0KCW1zby1sZXZl
bC10ZXh0OiImXCM2MTYwNyI7DQoJbXNvLWxldmVsLXRhYi1zdG9wOjQuMGluOw0KCW1zby1sZXZl
bC1udW1iZXItcG9zaXRpb246bGVmdDsNCgl0ZXh0LWluZGVudDotLjI1aW47DQoJbXNvLWFuc2kt
Zm9udC1zaXplOjEwLjBwdDsNCglmb250LWZhbWlseTpXaW5nZGluZ3M7fQ0KQGxpc3QgbDc6bGV2
ZWw5DQoJe21zby1sZXZlbC1udW1iZXItZm9ybWF0OmJ1bGxldDsNCgltc28tbGV2ZWwtdGV4dDoi
JlwjNjE2MDciOw0KCW1zby1sZXZlbC10YWItc3RvcDo0LjVpbjsNCgltc28tbGV2ZWwtbnVtYmVy
LXBvc2l0aW9uOmxlZnQ7DQoJdGV4dC1pbmRlbnQ6LS4yNWluOw0KCW1zby1hbnNpLWZvbnQtc2l6
ZToxMC4wcHQ7DQoJZm9udC1mYW1pbHk6V2luZ2RpbmdzO30NCm9sDQoJe21hcmdpbi1ib3R0b206
MGluO30NCnVsDQoJe21hcmdpbi1ib3R0b206MGluO30NCi0tPjwvc3R5bGU+PCEtLVtpZiBndGUg
bXNvIDldPjx4bWw+DQo8bzpzaGFwZWRlZmF1bHRzIHY6ZXh0PSJlZGl0IiBzcGlkbWF4PSIxMDI2
IiAvPg0KPC94bWw+PCFbZW5kaWZdLS0+PCEtLVtpZiBndGUgbXNvIDldPjx4bWw+DQo8bzpzaGFw
ZWxheW91dCB2OmV4dD0iZWRpdCI+DQo8bzppZG1hcCB2OmV4dD0iZWRpdCIgZGF0YT0iMSIgLz4N
CjwvbzpzaGFwZWxheW91dD48L3htbD48IVtlbmRpZl0tLT4NCjwvaGVhZD4NCjxib2R5IGJnY29s
b3I9IndoaXRlIiBsYW5nPSJFTi1VUyIgbGluaz0iYmx1ZSIgdmxpbms9InB1cnBsZSI+DQo8ZGl2
IGNsYXNzPSJXb3JkU2VjdGlvbjEiPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9
ImNvbG9yOiMxRjQ5N0QiPknigJlkIHN1Z2dlc3QgcmVwcmVzZW50aW5nIHRoYXQgbWVtYmVyIHdp
dGggYSBzdHJ1Y3QvY2xhc3MgbWVtYmVyIG5hbWUgbGlrZSDigJxpbnRlZ3JpdHlfdmFsdWXigJ0g
dGhlbi4mbmJzcDsgQWxzbywgcGVyIGFuIG9wZW4gaXNzdWUgaW4gdGhlIEpXRSBzcGVjLCB0aGVy
ZeKAmXMgYSBwb3NzaWJpbGl0eSBvZiB0aGlzIGZpZWxkIGNoYW5naW5nLCBzbyBzdGF5IHR1bmVk
4oCmPG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5
bGU9ImNvbG9yOiMxRjQ5N0QiPjxvOnA+Jm5ic3A7PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNz
PSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJjb2xvcjojMUY0OTdEIj5BcmUgeW91IGRvaW5nIGEg
SmF2YSBpbXBsZW1lbnRhdGlvbiBvZiB0aGUgSk9TRSBzcGVjcz8mbmJzcDsgQW5kIEpXVD88bzpw
PjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iY29s
b3I6IzFGNDk3RCI+PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05v
cm1hbCI+PHNwYW4gc3R5bGU9ImNvbG9yOiMxRjQ5N0QiPkJ5IHRoZSB3YXksIHlvdSBzaG91bGQg
ZGlzY3VzcyBKV0UgaXNzdWVzIG9uIHRoZQ0KPGEgaHJlZj0ibWFpbHRvOmpvc2VAaWV0Zi5vcmci
Pmpvc2VAaWV0Zi5vcmc8L2E+IGxpc3QsIHJhdGhlciB0aGFuIHRoZSBPQXV0aCBsaXN0LjxvOnA+
PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJjb2xv
cjojMUY0OTdEIj48bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9y
bWFsIj48c3BhbiBzdHlsZT0iY29sb3I6IzFGNDk3RCI+Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7
Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5i
c3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7
Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5i
c3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7
Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5i
c3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7IEJlc3Qgd2lzaGVz
LDxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxl
PSJjb2xvcjojMUY0OTdEIj4mbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJz
cDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsm
bmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJz
cDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsm
bmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJz
cDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsm
bmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsgLS0gTWlrZTxvOnA+PC9vOnA+PC9zcGFuPjwv
cD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJjb2xvcjojMUY0OTdEIj48bzpw
PiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+DQo8ZGl2Pg0KPGRpdiBzdHlsZT0iYm9yZGVyOm5vbmU7
Ym9yZGVyLXRvcDpzb2xpZCAjQjVDNERGIDEuMHB0O3BhZGRpbmc6My4wcHQgMGluIDBpbiAwaW4i
Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PGI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMC4wcHQ7
Zm9udC1mYW1pbHk6JnF1b3Q7VGFob21hJnF1b3Q7LCZxdW90O3NhbnMtc2VyaWYmcXVvdDs7Y29s
b3I6d2luZG93dGV4dCI+RnJvbTo8L3NwYW4+PC9iPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTAu
MHB0O2ZvbnQtZmFtaWx5OiZxdW90O1RhaG9tYSZxdW90OywmcXVvdDtzYW5zLXNlcmlmJnF1b3Q7
O2NvbG9yOndpbmRvd3RleHQiPiBvYXV0aC1ib3VuY2VzQGlldGYub3JnIFttYWlsdG86b2F1dGgt
Ym91bmNlc0BpZXRmLm9yZ10NCjxiPk9uIEJlaGFsZiBPZiA8L2I+QW5pbCBTYWxkaGFuYTxicj4N
CjxiPlNlbnQ6PC9iPiBGcmlkYXksIEp1bHkgMjcsIDIwMTIgODozNCBBTTxicj4NCjxiPlRvOjwv
Yj4gb2F1dGhAaWV0Zi5vcmc8YnI+DQo8Yj5TdWJqZWN0OjwvYj4gUmU6IFtPQVVUSC1XR10gUHJl
LUlFVEYgODQgdmVyc2lvbnMgb2YgSk9TRSBhbmQgSldUIHNwZWNpZmljYXRpb25zPG86cD48L286
cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8L2Rpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxvOnA+
Jm5ic3A7PC9vOnA+PC9wPg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPk1pa2UsPGJyPg0K
Jm5ic3A7IEkgYW0gd29uZGVyaW5nIGlmIGl0IGlzIHBvc3NpYmxlIHRvIGNoYW5nZSBJbnRlZ3Jp
dHkgQ2hlY2sgZnJvbSAmcXVvdDtpbnQmcXVvdDsgdG8gc29tZXRoaW5nIGVsc2UgaW4gSldFPyZu
YnNwOyBpbnQgaXMgYSBrZXl3b3JkIGluIG1hbnkgcHJvZ3JhbW1pbmcgbGFuZ3VhZ2VzIGFuZCB3
b3VsZCBub3QgdHJhbnNsYXRlIGRpcmVjdGx5IHRvIGNsYXNzZXMgaW4gSmF2YSBldGMuDQo8YnI+
DQo8YnI+DQppbnRjLGludGs/PGJyPg0KPGJyPg0KUmVnYXJkcyw8YnI+DQpBbmlsPGJyPg0KPGJy
Pg0KT24gMDcvMTYvMjAxMiAwODo0OCBQTSwgTWlrZSBKb25lcyB3cm90ZTo8bzpwPjwvbzpwPjwv
cD4NCjwvZGl2Pg0KPGJsb2NrcXVvdGUgc3R5bGU9Im1hcmdpbi10b3A6NS4wcHQ7bWFyZ2luLWJv
dHRvbTo1LjBwdCI+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj5J4oCZdmUgbWFkZSBhIG1pbm9yIHJl
bGVhc2Ugb2YgdGhlIEpTT04gV0VCIHtTaWduYXR1cmUsRW5jcnlwdGlvbixLZXksQWxnb3JpdGht
cyxUb2tlbn0gKEpXUywgSldFLCBKV0ssIEpXQSwgSldUKSB3b3JraW5nIGdyb3VwIHNwZWNpZmlj
YXRpb25zIGFuZCB0aGUgSldTIGFuZCBKV0UgSlNPTiBTZXJpYWxpemF0aW9uIChKV1MtSlMsIEpX
RS1KUykgaW5kaXZpZHVhbCBzdWJtaXNzaW9uIHNwZWNpZmljYXRpb25zIGluDQogcHJlcGFyYXRp
b24gZm9yIDxhIGhyZWY9Imh0dHA6Ly93d3cuaWV0Zi5vcmcvbWVldGluZy84NC9pbmRleC5odG1s
Ij5JRVRGIDg0IGluIFZhbmNvdXZlciwgQkM8L2E+LiZuYnNwOyBUaGVzZSB2ZXJzaW9ucyBpbmNv
cnBvcmF0ZSBmZWVkYmFjayBmcm9tIHdvcmtpbmcgZ3JvdXAgbWVtYmVycyBzaW5jZSB0aGUNCjxh
IGhyZWY9Imh0dHA6Ly9zZWxmLWlzc3VlZC5pbmZvLz9wPTc1OSI+bWFqb3IgcmVsZWFzZSBvbiBK
dWx5IDY8c3VwPnRoPC9zdXA+PC9hPiwgYW5kIHVwZGF0ZSB0aGUgbGlzdHMgb2Ygb3BlbiBpc3N1
ZXMgaW4gcHJlcGFyYXRpb24gZm9yIGRpc2N1c3Npb25zIGluIFZhbmNvdXZlciAoYW5kIG9uIHRo
ZSB3b3JraW5nIGdyb3VwIG1haWxpbmcgbGlzdHMpLjxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9
Ik1zb05vcm1hbCI+Jm5ic3A7PG86cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj5P
bmUgc2lnbmlmaWNhbnQgYWRkaXRpb24gaXMgdGhhdCB0aGUgSldUIGFuZCBKV0UtSlMgc3BlY3Mg
Ym90aCBub3cgY29udGFpbiBjb21wbGV0ZSwgdGVzdGFibGUgZXhhbXBsZXMgd2l0aCBlbmNyeXB0
ZWQgcmVzdWx0cy4mbmJzcDsgTm8gbm9ybWF0aXZlIGNoYW5nZXMgd2VyZSBtYWRlLjxvOnA+PC9v
OnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+Jm5ic3A7PG86cD48L286cD48L3A+DQo8cCBj
bGFzcz0iTXNvTm9ybWFsIj5UaGUgd29ya2luZyBncm91cCBzcGVjaWZpY2F0aW9ucyBhcmUgYXZh
aWxhYmxlIGF0OjxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb0xpc3RQYXJhZ3JhcGgiIHN0
eWxlPSJ0ZXh0LWluZGVudDotLjI1aW47bXNvLWxpc3Q6bDUgbGV2ZWwxIGxmbzEiPjwhW2lmICFz
dXBwb3J0TGlzdHNdPjxzcGFuIHN0eWxlPSJmb250LWZhbWlseTpTeW1ib2wiPjxzcGFuIHN0eWxl
PSJtc28tbGlzdDpJZ25vcmUiPiZhbXA7IzYxNjIzPHNwYW4gc3R5bGU9ImZvbnQ6Ny4wcHQgJnF1
b3Q7VGltZXMgTmV3IFJvbWFuJnF1b3Q7Ij4mbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsm
bmJzcDsmbmJzcDsNCjwvc3Bhbj48L3NwYW4+PC9zcGFuPjwhW2VuZGlmXT48YSBocmVmPSJodHRw
Oi8vdG9vbHMuaWV0Zi5vcmcvaHRtbC9kcmFmdC1pZXRmLWpvc2UtanNvbi13ZWItc2lnbmF0dXJl
LTA0Ij5odHRwOi8vdG9vbHMuaWV0Zi5vcmcvaHRtbC9kcmFmdC1pZXRmLWpvc2UtanNvbi13ZWIt
c2lnbmF0dXJlLTA0PC9hPjxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb0xpc3RQYXJhZ3Jh
cGgiIHN0eWxlPSJ0ZXh0LWluZGVudDotLjI1aW47bXNvLWxpc3Q6bDUgbGV2ZWwxIGxmbzEiPjwh
W2lmICFzdXBwb3J0TGlzdHNdPjxzcGFuIHN0eWxlPSJmb250LWZhbWlseTpTeW1ib2wiPjxzcGFu
IHN0eWxlPSJtc28tbGlzdDpJZ25vcmUiPiZhbXA7IzYxNjIzPHNwYW4gc3R5bGU9ImZvbnQ6Ny4w
cHQgJnF1b3Q7VGltZXMgTmV3IFJvbWFuJnF1b3Q7Ij4mbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsm
bmJzcDsmbmJzcDsmbmJzcDsNCjwvc3Bhbj48L3NwYW4+PC9zcGFuPjwhW2VuZGlmXT48YSBocmVm
PSJodHRwOi8vdG9vbHMuaWV0Zi5vcmcvaHRtbC9kcmFmdC1pZXRmLWpvc2UtanNvbi13ZWItZW5j
cnlwdGlvbi0wNCI+aHR0cDovL3Rvb2xzLmlldGYub3JnL2h0bWwvZHJhZnQtaWV0Zi1qb3NlLWpz
b24td2ViLWVuY3J5cHRpb24tMDQ8L2E+PG86cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTGlz
dFBhcmFncmFwaCIgc3R5bGU9InRleHQtaW5kZW50Oi0uMjVpbjttc28tbGlzdDpsNSBsZXZlbDEg
bGZvMSI+PCFbaWYgIXN1cHBvcnRMaXN0c10+PHNwYW4gc3R5bGU9ImZvbnQtZmFtaWx5OlN5bWJv
bCI+PHNwYW4gc3R5bGU9Im1zby1saXN0Oklnbm9yZSI+JmFtcDsjNjE2MjM8c3BhbiBzdHlsZT0i
Zm9udDo3LjBwdCAmcXVvdDtUaW1lcyBOZXcgUm9tYW4mcXVvdDsiPiZuYnNwOyZuYnNwOyZuYnNw
OyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOw0KPC9zcGFuPjwvc3Bhbj48L3NwYW4+PCFbZW5kaWZd
PjxhIGhyZWY9Imh0dHA6Ly90b29scy5pZXRmLm9yZy9odG1sL2RyYWZ0LWlldGYtam9zZS1qc29u
LXdlYi1rZXktMDQiPmh0dHA6Ly90b29scy5pZXRmLm9yZy9odG1sL2RyYWZ0LWlldGYtam9zZS1q
c29uLXdlYi1rZXktMDQ8L2E+PG86cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTGlzdFBhcmFn
cmFwaCIgc3R5bGU9InRleHQtaW5kZW50Oi0uMjVpbjttc28tbGlzdDpsNSBsZXZlbDEgbGZvMSI+
PCFbaWYgIXN1cHBvcnRMaXN0c10+PHNwYW4gc3R5bGU9ImZvbnQtZmFtaWx5OlN5bWJvbCI+PHNw
YW4gc3R5bGU9Im1zby1saXN0Oklnbm9yZSI+JmFtcDsjNjE2MjM8c3BhbiBzdHlsZT0iZm9udDo3
LjBwdCAmcXVvdDtUaW1lcyBOZXcgUm9tYW4mcXVvdDsiPiZuYnNwOyZuYnNwOyZuYnNwOyZuYnNw
OyZuYnNwOyZuYnNwOyZuYnNwOw0KPC9zcGFuPjwvc3Bhbj48L3NwYW4+PCFbZW5kaWZdPjxhIGhy
ZWY9Imh0dHA6Ly90b29scy5pZXRmLm9yZy9odG1sL2RyYWZ0LWlldGYtam9zZS1qc29uLXdlYi1h
bGdvcml0aG1zLTA0Ij5odHRwOi8vdG9vbHMuaWV0Zi5vcmcvaHRtbC9kcmFmdC1pZXRmLWpvc2Ut
anNvbi13ZWItYWxnb3JpdGhtcy0wNDwvYT48bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29M
aXN0UGFyYWdyYXBoIiBzdHlsZT0idGV4dC1pbmRlbnQ6LS4yNWluO21zby1saXN0Omw1IGxldmVs
MSBsZm8xIj48IVtpZiAhc3VwcG9ydExpc3RzXT48c3BhbiBzdHlsZT0iZm9udC1mYW1pbHk6U3lt
Ym9sIj48c3BhbiBzdHlsZT0ibXNvLWxpc3Q6SWdub3JlIj4mYW1wOyM2MTYyMzxzcGFuIHN0eWxl
PSJmb250OjcuMHB0ICZxdW90O1RpbWVzIE5ldyBSb21hbiZxdW90OyI+Jm5ic3A7Jm5ic3A7Jm5i
c3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7DQo8L3NwYW4+PC9zcGFuPjwvc3Bhbj48IVtlbmRp
Zl0+PGEgaHJlZj0iaHR0cDovL3Rvb2xzLmlldGYub3JnL2h0bWwvZHJhZnQtaWV0Zi1vYXV0aC1q
c29uLXdlYi10b2tlbi0wMiI+aHR0cDovL3Rvb2xzLmlldGYub3JnL2h0bWwvZHJhZnQtaWV0Zi1v
YXV0aC1qc29uLXdlYi10b2tlbi0wMjwvYT48bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29O
b3JtYWwiPiZuYnNwOzxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+VGhlIGlu
ZGl2aWR1YWwgc3VibWlzc2lvbiBzcGVjaWZpY2F0aW9ucyBhcmUgYXZhaWxhYmxlIGF0OjxvOnA+
PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb0xpc3RQYXJhZ3JhcGgiIHN0eWxlPSJ0ZXh0LWluZGVu
dDotLjI1aW47bXNvLWxpc3Q6bDEgbGV2ZWwxIGxmbzIiPjwhW2lmICFzdXBwb3J0TGlzdHNdPjxz
cGFuIHN0eWxlPSJmb250LWZhbWlseTpTeW1ib2wiPjxzcGFuIHN0eWxlPSJtc28tbGlzdDpJZ25v
cmUiPiZhbXA7IzYxNjIzPHNwYW4gc3R5bGU9ImZvbnQ6Ny4wcHQgJnF1b3Q7VGltZXMgTmV3IFJv
bWFuJnF1b3Q7Ij4mbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsNCjwv
c3Bhbj48L3NwYW4+PC9zcGFuPjwhW2VuZGlmXT48YSBocmVmPSJodHRwOi8vdG9vbHMuaWV0Zi5v
cmcvaHRtbC9kcmFmdC1qb25lcy1qb3NlLWp3cy1qc29uLXNlcmlhbGl6YXRpb24tMDEiPmh0dHA6
Ly90b29scy5pZXRmLm9yZy9odG1sL2RyYWZ0LWpvbmVzLWpvc2UtandzLWpzb24tc2VyaWFsaXph
dGlvbi0wMTwvYT48bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29MaXN0UGFyYWdyYXBoIiBz
dHlsZT0idGV4dC1pbmRlbnQ6LS4yNWluO21zby1saXN0OmwxIGxldmVsMSBsZm8yIj48IVtpZiAh
c3VwcG9ydExpc3RzXT48c3BhbiBzdHlsZT0iZm9udC1mYW1pbHk6U3ltYm9sIj48c3BhbiBzdHls
ZT0ibXNvLWxpc3Q6SWdub3JlIj4mYW1wOyM2MTYyMzxzcGFuIHN0eWxlPSJmb250OjcuMHB0ICZx
dW90O1RpbWVzIE5ldyBSb21hbiZxdW90OyI+Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7
Jm5ic3A7Jm5ic3A7DQo8L3NwYW4+PC9zcGFuPjwvc3Bhbj48IVtlbmRpZl0+PGEgaHJlZj0iaHR0
cDovL3Rvb2xzLmlldGYub3JnL2h0bWwvZHJhZnQtam9uZXMtam9zZS1qd2UtanNvbi1zZXJpYWxp
emF0aW9uLTAxIj5odHRwOi8vdG9vbHMuaWV0Zi5vcmcvaHRtbC9kcmFmdC1qb25lcy1qb3NlLWp3
ZS1qc29uLXNlcmlhbGl6YXRpb24tMDE8L2E+PG86cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNv
Tm9ybWFsIj4mbmJzcDs8bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPlRoZSBk
b2N1bWVudCBoaXN0b3J5IGVudHJpZXMgKGFsc28gaW4gdGhlIHNwZWNpZmljYXRpb25zKSBhcmUg
YXMgZm9sbG93czo8bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPiZuYnNwOzxv
OnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PGEgaHJlZj0iaHR0cDovL3Rvb2xz
LmlldGYub3JnL2h0bWwvZHJhZnQtaWV0Zi1qb3NlLWpzb24td2ViLXNpZ25hdHVyZS0wNCI+aHR0
cDovL3Rvb2xzLmlldGYub3JnL2h0bWwvZHJhZnQtaWV0Zi1qb3NlLWpzb24td2ViLXNpZ25hdHVy
ZS0wNDwvYT48bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtYXJn
aW4tbGVmdDouNWluO3RleHQtaW5kZW50Oi0uMjVpbjttc28tbGlzdDpsNCBsZXZlbDEgbGZvMyI+
DQo8IVtpZiAhc3VwcG9ydExpc3RzXT48c3BhbiBzdHlsZT0iZm9udC1zaXplOjEwLjBwdDtmb250
LWZhbWlseTpTeW1ib2wiPjxzcGFuIHN0eWxlPSJtc28tbGlzdDpJZ25vcmUiPiZhbXA7IzYxNjIz
PHNwYW4gc3R5bGU9ImZvbnQ6Ny4wcHQgJnF1b3Q7VGltZXMgTmV3IFJvbWFuJnF1b3Q7Ij4mbmJz
cDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsNCjwvc3Bhbj48L3NwYW4+PC9z
cGFuPjwhW2VuZGlmXT48c3BhbiBsYW5nPSJFTiIgc3R5bGU9ImZvbnQtc2l6ZToxMC4wcHQ7Zm9u
dC1mYW1pbHk6JnF1b3Q7VmVyZGFuYSZxdW90OywmcXVvdDtzYW5zLXNlcmlmJnF1b3Q7Ij5Db21w
bGV0ZWQgSlNPTiBTZWN1cml0eSBDb25zaWRlcmF0aW9ucyBzZWN0aW9uLCBpbmNsdWRpbmcgY29u
c2lkZXJhdGlvbnMgYWJvdXQgcmVqZWN0aW5nIGlucHV0IHdpdGggZHVwbGljYXRlIG1lbWJlciBu
YW1lcy4NCjwvc3Bhbj48bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxl
PSJtYXJnaW4tbGVmdDouNWluO3RleHQtaW5kZW50Oi0uMjVpbjttc28tbGlzdDpsNCBsZXZlbDEg
bGZvMyI+DQo8IVtpZiAhc3VwcG9ydExpc3RzXT48c3BhbiBzdHlsZT0iZm9udC1zaXplOjEwLjBw
dDtmb250LWZhbWlseTpTeW1ib2wiPjxzcGFuIHN0eWxlPSJtc28tbGlzdDpJZ25vcmUiPiZhbXA7
IzYxNjIzPHNwYW4gc3R5bGU9ImZvbnQ6Ny4wcHQgJnF1b3Q7VGltZXMgTmV3IFJvbWFuJnF1b3Q7
Ij4mbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsNCjwvc3Bhbj48L3Nw
YW4+PC9zcGFuPjwhW2VuZGlmXT48c3BhbiBsYW5nPSJFTiIgc3R5bGU9ImZvbnQtc2l6ZToxMC4w
cHQ7Zm9udC1mYW1pbHk6JnF1b3Q7VmVyZGFuYSZxdW90OywmcXVvdDtzYW5zLXNlcmlmJnF1b3Q7
Ij5Db21wbGV0ZWQgc2VjdXJpdHkgY29uc2lkZXJhdGlvbnMgb24gdGhlIHVzZSBvZiBhIFNIQS0x
IGhhc2ggd2hlbiBjb21wdXRpbmcNCjwvc3Bhbj48dHQ+PHNwYW4gbGFuZz0iRU4iIHN0eWxlPSJm
b250LXNpemU6MTIuMHB0Ij54NXQ8L3NwYW4+PC90dD48c3BhbiBsYW5nPSJFTiIgc3R5bGU9ImZv
bnQtc2l6ZToxMC4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7VmVyZGFuYSZxdW90OywmcXVvdDtzYW5z
LXNlcmlmJnF1b3Q7Ij4gKHguNTA5IGNlcnRpZmljYXRlIHRodW1icHJpbnQpIHZhbHVlcy4NCjwv
c3Bhbj48bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtYXJnaW4t
bGVmdDouNWluO3RleHQtaW5kZW50Oi0uMjVpbjttc28tbGlzdDpsNCBsZXZlbDEgbGZvMyI+DQo8
IVtpZiAhc3VwcG9ydExpc3RzXT48c3BhbiBzdHlsZT0iZm9udC1zaXplOjEwLjBwdDtmb250LWZh
bWlseTpTeW1ib2wiPjxzcGFuIHN0eWxlPSJtc28tbGlzdDpJZ25vcmUiPiZhbXA7IzYxNjIzPHNw
YW4gc3R5bGU9ImZvbnQ6Ny4wcHQgJnF1b3Q7VGltZXMgTmV3IFJvbWFuJnF1b3Q7Ij4mbmJzcDsm
bmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsNCjwvc3Bhbj48L3NwYW4+PC9zcGFu
PjwhW2VuZGlmXT48c3BhbiBsYW5nPSJFTiIgc3R5bGU9ImZvbnQtc2l6ZToxMC4wcHQ7Zm9udC1m
YW1pbHk6JnF1b3Q7VmVyZGFuYSZxdW90OywmcXVvdDtzYW5zLXNlcmlmJnF1b3Q7Ij5SZWZlciB0
byB0aGUgcmVnaXN0cmllcyBhcyB0aGUgcHJpbWFyeSBzb3VyY2VzIG9mIGRlZmluZWQgdmFsdWVz
IGFuZCB0aGVuIHNlY29uZGFyaWx5IHJlZmVyZW5jZSB0aGUgc2VjdGlvbnMgZGVmaW5pbmcgdGhl
IGluaXRpYWwgY29udGVudHMgb2YgdGhlIHJlZ2lzdHJpZXMuDQo8L3NwYW4+PG86cD48L286cD48
L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibWFyZ2luLWxlZnQ6LjVpbjt0ZXh0LWlu
ZGVudDotLjI1aW47bXNvLWxpc3Q6bDQgbGV2ZWwxIGxmbzMiPg0KPCFbaWYgIXN1cHBvcnRMaXN0
c10+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMC4wcHQ7Zm9udC1mYW1pbHk6U3ltYm9sIj48c3Bh
biBzdHlsZT0ibXNvLWxpc3Q6SWdub3JlIj4mYW1wOyM2MTYyMzxzcGFuIHN0eWxlPSJmb250Ojcu
MHB0ICZxdW90O1RpbWVzIE5ldyBSb21hbiZxdW90OyI+Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7
Jm5ic3A7Jm5ic3A7Jm5ic3A7DQo8L3NwYW4+PC9zcGFuPjwvc3Bhbj48IVtlbmRpZl0+PHNwYW4g
bGFuZz0iRU4iIHN0eWxlPSJmb250LXNpemU6MTAuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O1ZlcmRh
bmEmcXVvdDssJnF1b3Q7c2Fucy1zZXJpZiZxdW90OyI+Tm9ybWF0aXZlbHkgcmVmZXJlbmNlIFhN
TCBEU0lHIDIuMCBbVzNDLkNS4oCReG1sZHNpZ+KAkWNvcmUy4oCRMjAxMjAxMjRdIGZvciBpdHMg
c2VjdXJpdHkgY29uc2lkZXJhdGlvbnMuDQo8L3NwYW4+PG86cD48L286cD48L3A+DQo8cCBjbGFz
cz0iTXNvTm9ybWFsIiBzdHlsZT0ibWFyZ2luLWxlZnQ6LjVpbjt0ZXh0LWluZGVudDotLjI1aW47
bXNvLWxpc3Q6bDQgbGV2ZWwxIGxmbzMiPg0KPCFbaWYgIXN1cHBvcnRMaXN0c10+PHNwYW4gc3R5
bGU9ImZvbnQtc2l6ZToxMC4wcHQ7Zm9udC1mYW1pbHk6U3ltYm9sIj48c3BhbiBzdHlsZT0ibXNv
LWxpc3Q6SWdub3JlIj4mYW1wOyM2MTYyMzxzcGFuIHN0eWxlPSJmb250OjcuMHB0ICZxdW90O1Rp
bWVzIE5ldyBSb21hbiZxdW90OyI+Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7
Jm5ic3A7DQo8L3NwYW4+PC9zcGFuPjwvc3Bhbj48IVtlbmRpZl0+PHNwYW4gbGFuZz0iRU4iIHN0
eWxlPSJmb250LXNpemU6MTAuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O1ZlcmRhbmEmcXVvdDssJnF1
b3Q7c2Fucy1zZXJpZiZxdW90OyI+QWRkZWQgdGhpcyBsYW5ndWFnZSB0byBSZWdpc3RyYXRpb24g
VGVtcGxhdGVzOiAmcXVvdDtUaGlzIG5hbWUgaXMgY2FzZSBzZW5zaXRpdmUuIE5hbWVzIHRoYXQg
bWF0Y2ggb3RoZXIgcmVnaXN0ZXJlZCBuYW1lcyBpbiBhIGNhc2UgaW5zZW5zaXRpdmUgbWFubmVy
IFNIT1VMRA0KIE5PVCBiZSBhY2NlcHRlZC4mcXVvdDsgPC9zcGFuPjxvOnA+PC9vOnA+PC9wPg0K
PHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1hcmdpbi1sZWZ0Oi41aW47dGV4dC1pbmRlbnQ6
LS4yNWluO21zby1saXN0Omw0IGxldmVsMSBsZm8zIj4NCjwhW2lmICFzdXBwb3J0TGlzdHNdPjxz
cGFuIHN0eWxlPSJmb250LXNpemU6MTAuMHB0O2ZvbnQtZmFtaWx5OlN5bWJvbCI+PHNwYW4gc3R5
bGU9Im1zby1saXN0Oklnbm9yZSI+JmFtcDsjNjE2MjM8c3BhbiBzdHlsZT0iZm9udDo3LjBwdCAm
cXVvdDtUaW1lcyBOZXcgUm9tYW4mcXVvdDsiPiZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNw
OyZuYnNwOyZuYnNwOw0KPC9zcGFuPjwvc3Bhbj48L3NwYW4+PCFbZW5kaWZdPjxzcGFuIGxhbmc9
IkVOIiBzdHlsZT0iZm9udC1zaXplOjEwLjBwdDtmb250LWZhbWlseTomcXVvdDtWZXJkYW5hJnF1
b3Q7LCZxdW90O3NhbnMtc2VyaWYmcXVvdDsiPlJlZmVyZW5jZSBkcmFmdC1qb25lcy1qb3NlLWp3
cy1qc29uLXNlcmlhbGl6YXRpb24gaW5zdGVhZCBvZiBkcmFmdC1qb25lcy1qc29uLXdlYi1zaWdu
YXR1cmUtanNvbi1zZXJpYWxpemF0aW9uLjwvc3Bhbj48bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNz
PSJNc29Ob3JtYWwiIHN0eWxlPSJtYXJnaW4tbGVmdDouNWluO3RleHQtaW5kZW50Oi0uMjVpbjtt
c28tbGlzdDpsNCBsZXZlbDEgbGZvMyI+DQo8IVtpZiAhc3VwcG9ydExpc3RzXT48c3BhbiBzdHls
ZT0iZm9udC1zaXplOjEwLjBwdDtmb250LWZhbWlseTpTeW1ib2wiPjxzcGFuIHN0eWxlPSJtc28t
bGlzdDpJZ25vcmUiPiZhbXA7IzYxNjIzPHNwYW4gc3R5bGU9ImZvbnQ6Ny4wcHQgJnF1b3Q7VGlt
ZXMgTmV3IFJvbWFuJnF1b3Q7Ij4mbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsm
bmJzcDsNCjwvc3Bhbj48L3NwYW4+PC9zcGFuPjwhW2VuZGlmXT48c3BhbiBsYW5nPSJFTiIgc3R5
bGU9ImZvbnQtc2l6ZToxMC4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7VmVyZGFuYSZxdW90OywmcXVv
dDtzYW5zLXNlcmlmJnF1b3Q7Ij5EZXNjcmliZWQgYWRkaXRpb25hbCBvcGVuIGlzc3Vlcy4NCjwv
c3Bhbj48bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtYXJnaW4t
bGVmdDouNWluO3RleHQtaW5kZW50Oi0uMjVpbjttc28tbGlzdDpsNCBsZXZlbDEgbGZvMyI+DQo8
IVtpZiAhc3VwcG9ydExpc3RzXT48c3BhbiBzdHlsZT0iZm9udC1zaXplOjEwLjBwdDtmb250LWZh
bWlseTpTeW1ib2wiPjxzcGFuIHN0eWxlPSJtc28tbGlzdDpJZ25vcmUiPiZhbXA7IzYxNjIzPHNw
YW4gc3R5bGU9ImZvbnQ6Ny4wcHQgJnF1b3Q7VGltZXMgTmV3IFJvbWFuJnF1b3Q7Ij4mbmJzcDsm
bmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsNCjwvc3Bhbj48L3NwYW4+PC9zcGFu
PjwhW2VuZGlmXT48c3BhbiBsYW5nPSJFTiIgc3R5bGU9ImZvbnQtc2l6ZToxMC4wcHQ7Zm9udC1m
YW1pbHk6JnF1b3Q7VmVyZGFuYSZxdW90OywmcXVvdDtzYW5zLXNlcmlmJnF1b3Q7Ij5BcHBsaWVk
IGVkaXRvcmlhbCBzdWdnZXN0aW9ucy48L3NwYW4+PG86cD48L286cD48L3A+DQo8cCBjbGFzcz0i
TXNvTm9ybWFsIj4mbmJzcDs8bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxh
IGhyZWY9Imh0dHA6Ly90b29scy5pZXRmLm9yZy9odG1sL2RyYWZ0LWlldGYtam9zZS1qc29uLXdl
Yi1lbmNyeXB0aW9uLTA0Ij5odHRwOi8vdG9vbHMuaWV0Zi5vcmcvaHRtbC9kcmFmdC1pZXRmLWpv
c2UtanNvbi13ZWItZW5jcnlwdGlvbi0wNDwvYT48bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJN
c29Ob3JtYWwiIHN0eWxlPSJtYXJnaW4tbGVmdDouNWluO3RleHQtaW5kZW50Oi0uMjVpbjttc28t
bGlzdDpsMiBsZXZlbDEgbGZvNCI+DQo8IVtpZiAhc3VwcG9ydExpc3RzXT48c3BhbiBzdHlsZT0i
Zm9udC1zaXplOjEwLjBwdDtmb250LWZhbWlseTpTeW1ib2wiPjxzcGFuIHN0eWxlPSJtc28tbGlz
dDpJZ25vcmUiPiZhbXA7IzYxNjIzPHNwYW4gc3R5bGU9ImZvbnQ6Ny4wcHQgJnF1b3Q7VGltZXMg
TmV3IFJvbWFuJnF1b3Q7Ij4mbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJz
cDsNCjwvc3Bhbj48L3NwYW4+PC9zcGFuPjwhW2VuZGlmXT48c3BhbiBsYW5nPSJFTiIgc3R5bGU9
ImZvbnQtc2l6ZToxMC4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7VmVyZGFuYSZxdW90OywmcXVvdDtz
YW5zLXNlcmlmJnF1b3Q7Ij5SZWZlciB0byB0aGUgcmVnaXN0cmllcyBhcyB0aGUgcHJpbWFyeSBz
b3VyY2VzIG9mIGRlZmluZWQgdmFsdWVzIGFuZCB0aGVuIHNlY29uZGFyaWx5IHJlZmVyZW5jZSB0
aGUgc2VjdGlvbnMgZGVmaW5pbmcgdGhlIGluaXRpYWwgY29udGVudHMgb2YgdGhlIHJlZ2lzdHJp
ZXMuDQo8L3NwYW4+PG86cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0i
bWFyZ2luLWxlZnQ6LjVpbjt0ZXh0LWluZGVudDotLjI1aW47bXNvLWxpc3Q6bDIgbGV2ZWwxIGxm
bzQiPg0KPCFbaWYgIXN1cHBvcnRMaXN0c10+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMC4wcHQ7
Zm9udC1mYW1pbHk6U3ltYm9sIj48c3BhbiBzdHlsZT0ibXNvLWxpc3Q6SWdub3JlIj4mYW1wOyM2
MTYyMzxzcGFuIHN0eWxlPSJmb250OjcuMHB0ICZxdW90O1RpbWVzIE5ldyBSb21hbiZxdW90OyI+
Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7DQo8L3NwYW4+PC9zcGFu
Pjwvc3Bhbj48IVtlbmRpZl0+PHNwYW4gbGFuZz0iRU4iIHN0eWxlPSJmb250LXNpemU6MTAuMHB0
O2ZvbnQtZmFtaWx5OiZxdW90O1ZlcmRhbmEmcXVvdDssJnF1b3Q7c2Fucy1zZXJpZiZxdW90OyI+
Tm9ybWF0aXZlbHkgcmVmZXJlbmNlIFhNTCBFbmNyeXB0aW9uIDEuMSBbVzNDLkNS4oCReG1sZW5j
4oCRY29yZTHigJEyMDEyMDMxM10gZm9yIGl0cyBzZWN1cml0eSBjb25zaWRlcmF0aW9ucy4NCjwv
c3Bhbj48bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtYXJnaW4t
bGVmdDouNWluO3RleHQtaW5kZW50Oi0uMjVpbjttc28tbGlzdDpsMiBsZXZlbDEgbGZvNCI+DQo8
IVtpZiAhc3VwcG9ydExpc3RzXT48c3BhbiBzdHlsZT0iZm9udC1zaXplOjEwLjBwdDtmb250LWZh
bWlseTpTeW1ib2wiPjxzcGFuIHN0eWxlPSJtc28tbGlzdDpJZ25vcmUiPiZhbXA7IzYxNjIzPHNw
YW4gc3R5bGU9ImZvbnQ6Ny4wcHQgJnF1b3Q7VGltZXMgTmV3IFJvbWFuJnF1b3Q7Ij4mbmJzcDsm
bmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsNCjwvc3Bhbj48L3NwYW4+PC9zcGFu
PjwhW2VuZGlmXT48c3BhbiBsYW5nPSJFTiIgc3R5bGU9ImZvbnQtc2l6ZToxMC4wcHQ7Zm9udC1m
YW1pbHk6JnF1b3Q7VmVyZGFuYSZxdW90OywmcXVvdDtzYW5zLXNlcmlmJnF1b3Q7Ij5SZWZlcmVu
Y2UgZHJhZnQtam9uZXMtam9zZS1qd2UtanNvbi1zZXJpYWxpemF0aW9uIGluc3RlYWQgb2YgZHJh
ZnQtam9uZXMtanNvbi13ZWItZW5jcnlwdGlvbi1qc29uLXNlcmlhbGl6YXRpb24uDQo8L3NwYW4+
PG86cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibWFyZ2luLWxlZnQ6
LjVpbjt0ZXh0LWluZGVudDotLjI1aW47bXNvLWxpc3Q6bDIgbGV2ZWwxIGxmbzQiPg0KPCFbaWYg
IXN1cHBvcnRMaXN0c10+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMC4wcHQ7Zm9udC1mYW1pbHk6
U3ltYm9sIj48c3BhbiBzdHlsZT0ibXNvLWxpc3Q6SWdub3JlIj4mYW1wOyM2MTYyMzxzcGFuIHN0
eWxlPSJmb250OjcuMHB0ICZxdW90O1RpbWVzIE5ldyBSb21hbiZxdW90OyI+Jm5ic3A7Jm5ic3A7
Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7DQo8L3NwYW4+PC9zcGFuPjwvc3Bhbj48IVtl
bmRpZl0+PHNwYW4gbGFuZz0iRU4iIHN0eWxlPSJmb250LXNpemU6MTAuMHB0O2ZvbnQtZmFtaWx5
OiZxdW90O1ZlcmRhbmEmcXVvdDssJnF1b3Q7c2Fucy1zZXJpZiZxdW90OyI+RGVzY3JpYmVkIGFk
ZGl0aW9uYWwgb3BlbiBpc3N1ZXMuDQo8L3NwYW4+PG86cD48L286cD48L3A+DQo8cCBjbGFzcz0i
TXNvTm9ybWFsIiBzdHlsZT0ibWFyZ2luLWxlZnQ6LjVpbjt0ZXh0LWluZGVudDotLjI1aW47bXNv
LWxpc3Q6bDIgbGV2ZWwxIGxmbzQiPg0KPCFbaWYgIXN1cHBvcnRMaXN0c10+PHNwYW4gc3R5bGU9
ImZvbnQtc2l6ZToxMC4wcHQ7Zm9udC1mYW1pbHk6U3ltYm9sIj48c3BhbiBzdHlsZT0ibXNvLWxp
c3Q6SWdub3JlIj4mYW1wOyM2MTYyMzxzcGFuIHN0eWxlPSJmb250OjcuMHB0ICZxdW90O1RpbWVz
IE5ldyBSb21hbiZxdW90OyI+Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5i
c3A7DQo8L3NwYW4+PC9zcGFuPjwvc3Bhbj48IVtlbmRpZl0+PHNwYW4gbGFuZz0iRU4iIHN0eWxl
PSJmb250LXNpemU6MTAuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O1ZlcmRhbmEmcXVvdDssJnF1b3Q7
c2Fucy1zZXJpZiZxdW90OyI+QXBwbGllZCBlZGl0b3JpYWwgc3VnZ2VzdGlvbnMuPC9zcGFuPjxv
OnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+Jm5ic3A7PG86cD48L286cD48L3A+
DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48YSBocmVmPSJodHRwOi8vdG9vbHMuaWV0Zi5vcmcvaHRt
bC9kcmFmdC1pZXRmLWpvc2UtanNvbi13ZWIta2V5LTA0Ij5odHRwOi8vdG9vbHMuaWV0Zi5vcmcv
aHRtbC9kcmFmdC1pZXRmLWpvc2UtanNvbi13ZWIta2V5LTA0PC9hPjxvOnA+PC9vOnA+PC9wPg0K
PHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1hcmdpbi1sZWZ0Oi41aW47dGV4dC1pbmRlbnQ6
LS4yNWluO21zby1saXN0OmwzIGxldmVsMSBsZm81Ij4NCjwhW2lmICFzdXBwb3J0TGlzdHNdPjxz
cGFuIHN0eWxlPSJmb250LXNpemU6MTAuMHB0O2ZvbnQtZmFtaWx5OlN5bWJvbCI+PHNwYW4gc3R5
bGU9Im1zby1saXN0Oklnbm9yZSI+JmFtcDsjNjE2MjM8c3BhbiBzdHlsZT0iZm9udDo3LjBwdCAm
cXVvdDtUaW1lcyBOZXcgUm9tYW4mcXVvdDsiPiZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNw
OyZuYnNwOyZuYnNwOw0KPC9zcGFuPjwvc3Bhbj48L3NwYW4+PCFbZW5kaWZdPjxzcGFuIGxhbmc9
IkVOIiBzdHlsZT0iZm9udC1zaXplOjEwLjBwdDtmb250LWZhbWlseTomcXVvdDtWZXJkYW5hJnF1
b3Q7LCZxdW90O3NhbnMtc2VyaWYmcXVvdDsiPlJlZmVyIHRvIHRoZSByZWdpc3RyaWVzIGFzIHRo
ZSBwcmltYXJ5IHNvdXJjZXMgb2YgZGVmaW5lZCB2YWx1ZXMgYW5kIHRoZW4gc2Vjb25kYXJpbHkg
cmVmZXJlbmNlIHRoZSBzZWN0aW9ucyBkZWZpbmluZyB0aGUgaW5pdGlhbCBjb250ZW50cyBvZiB0
aGUgcmVnaXN0cmllcy4NCjwvc3Bhbj48bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3Jt
YWwiIHN0eWxlPSJtYXJnaW4tbGVmdDouNWluO3RleHQtaW5kZW50Oi0uMjVpbjttc28tbGlzdDps
MyBsZXZlbDEgbGZvNSI+DQo8IVtpZiAhc3VwcG9ydExpc3RzXT48c3BhbiBzdHlsZT0iZm9udC1z
aXplOjEwLjBwdDtmb250LWZhbWlseTpTeW1ib2wiPjxzcGFuIHN0eWxlPSJtc28tbGlzdDpJZ25v
cmUiPiZhbXA7IzYxNjIzPHNwYW4gc3R5bGU9ImZvbnQ6Ny4wcHQgJnF1b3Q7VGltZXMgTmV3IFJv
bWFuJnF1b3Q7Ij4mbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsNCjwv
c3Bhbj48L3NwYW4+PC9zcGFuPjwhW2VuZGlmXT48c3BhbiBsYW5nPSJFTiIgc3R5bGU9ImZvbnQt
c2l6ZToxMC4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7VmVyZGFuYSZxdW90OywmcXVvdDtzYW5zLXNl
cmlmJnF1b3Q7Ij5Ob3JtYXRpdmVseSByZWZlcmVuY2UgWE1MIERTSUcgMi4wIFtXM0MuQ1LigJF4
bWxkc2ln4oCRY29yZTLigJEyMDEyMDEyNF0gZm9yIGl0cyBzZWN1cml0eSBjb25zaWRlcmF0aW9u
cy4NCjwvc3Bhbj48bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJt
YXJnaW4tbGVmdDouNWluO3RleHQtaW5kZW50Oi0uMjVpbjttc28tbGlzdDpsMyBsZXZlbDEgbGZv
NSI+DQo8IVtpZiAhc3VwcG9ydExpc3RzXT48c3BhbiBzdHlsZT0iZm9udC1zaXplOjEwLjBwdDtm
b250LWZhbWlseTpTeW1ib2wiPjxzcGFuIHN0eWxlPSJtc28tbGlzdDpJZ25vcmUiPiZhbXA7IzYx
NjIzPHNwYW4gc3R5bGU9ImZvbnQ6Ny4wcHQgJnF1b3Q7VGltZXMgTmV3IFJvbWFuJnF1b3Q7Ij4m
bmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsNCjwvc3Bhbj48L3NwYW4+
PC9zcGFuPjwhW2VuZGlmXT48c3BhbiBsYW5nPSJFTiIgc3R5bGU9ImZvbnQtc2l6ZToxMC4wcHQ7
Zm9udC1mYW1pbHk6JnF1b3Q7VmVyZGFuYSZxdW90OywmcXVvdDtzYW5zLXNlcmlmJnF1b3Q7Ij5B
ZGRlZCB0aGlzIGxhbmd1YWdlIHRvIFJlZ2lzdHJhdGlvbiBUZW1wbGF0ZXM6ICZxdW90O1RoaXMg
bmFtZSBpcyBjYXNlIHNlbnNpdGl2ZS4gTmFtZXMgdGhhdCBtYXRjaCBvdGhlciByZWdpc3RlcmVk
IG5hbWVzIGluIGEgY2FzZSBpbnNlbnNpdGl2ZSBtYW5uZXIgU0hPVUxEDQogTk9UIGJlIGFjY2Vw
dGVkLiZxdW90OyA8L3NwYW4+PG86cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBz
dHlsZT0ibWFyZ2luLWxlZnQ6LjVpbjt0ZXh0LWluZGVudDotLjI1aW47bXNvLWxpc3Q6bDMgbGV2
ZWwxIGxmbzUiPg0KPCFbaWYgIXN1cHBvcnRMaXN0c10+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZTox
MC4wcHQ7Zm9udC1mYW1pbHk6U3ltYm9sIj48c3BhbiBzdHlsZT0ibXNvLWxpc3Q6SWdub3JlIj4m
YW1wOyM2MTYyMzxzcGFuIHN0eWxlPSJmb250OjcuMHB0ICZxdW90O1RpbWVzIE5ldyBSb21hbiZx
dW90OyI+Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7DQo8L3NwYW4+
PC9zcGFuPjwvc3Bhbj48IVtlbmRpZl0+PHNwYW4gbGFuZz0iRU4iIHN0eWxlPSJmb250LXNpemU6
MTAuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O1ZlcmRhbmEmcXVvdDssJnF1b3Q7c2Fucy1zZXJpZiZx
dW90OyI+RGVzY3JpYmVkIGFkZGl0aW9uYWwgb3BlbiBpc3N1ZXMuDQo8L3NwYW4+PG86cD48L286
cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibWFyZ2luLWxlZnQ6LjVpbjt0ZXh0
LWluZGVudDotLjI1aW47bXNvLWxpc3Q6bDMgbGV2ZWwxIGxmbzUiPg0KPCFbaWYgIXN1cHBvcnRM
aXN0c10+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMC4wcHQ7Zm9udC1mYW1pbHk6U3ltYm9sIj48
c3BhbiBzdHlsZT0ibXNvLWxpc3Q6SWdub3JlIj4mYW1wOyM2MTYyMzxzcGFuIHN0eWxlPSJmb250
OjcuMHB0ICZxdW90O1RpbWVzIE5ldyBSb21hbiZxdW90OyI+Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5i
c3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7DQo8L3NwYW4+PC9zcGFuPjwvc3Bhbj48IVtlbmRpZl0+PHNw
YW4gbGFuZz0iRU4iIHN0eWxlPSJmb250LXNpemU6MTAuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O1Zl
cmRhbmEmcXVvdDssJnF1b3Q7c2Fucy1zZXJpZiZxdW90OyI+QXBwbGllZCBlZGl0b3JpYWwgc3Vn
Z2VzdGlvbnMuPC9zcGFuPjxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+Jm5i
c3A7PG86cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48YSBocmVmPSJodHRwOi8v
dG9vbHMuaWV0Zi5vcmcvaHRtbC9kcmFmdC1pZXRmLWpvc2UtanNvbi13ZWItYWxnb3JpdGhtcy0w
NCI+aHR0cDovL3Rvb2xzLmlldGYub3JnL2h0bWwvZHJhZnQtaWV0Zi1qb3NlLWpzb24td2ViLWFs
Z29yaXRobXMtMDQ8L2E+PG86cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHls
ZT0ibWFyZ2luLWxlZnQ6LjVpbjt0ZXh0LWluZGVudDotLjI1aW47bXNvLWxpc3Q6bDAgbGV2ZWwx
IGxmbzYiPg0KPCFbaWYgIXN1cHBvcnRMaXN0c10+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMC4w
cHQ7Zm9udC1mYW1pbHk6U3ltYm9sIj48c3BhbiBzdHlsZT0ibXNvLWxpc3Q6SWdub3JlIj4mYW1w
OyM2MTYyMzxzcGFuIHN0eWxlPSJmb250OjcuMHB0ICZxdW90O1RpbWVzIE5ldyBSb21hbiZxdW90
OyI+Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7DQo8L3NwYW4+PC9z
cGFuPjwvc3Bhbj48IVtlbmRpZl0+PHNwYW4gbGFuZz0iRU4iIHN0eWxlPSJmb250LXNpemU6MTAu
MHB0O2ZvbnQtZmFtaWx5OiZxdW90O1ZlcmRhbmEmcXVvdDssJnF1b3Q7c2Fucy1zZXJpZiZxdW90
OyI+QWRkZWQgdGV4dCByZXF1aXJpbmcgdGhhdCBhbnkgbGVhZGluZyB6ZXJvIGJ5dGVzIGJlIHJl
dGFpbmVkIGluIGJhc2U2NHVybCBlbmNvZGVkIGtleSB2YWx1ZSByZXByZXNlbnRhdGlvbnMgZm9y
IGZpeGVkLWxlbmd0aCB2YWx1ZXMuDQo8L3NwYW4+PG86cD48L286cD48L3A+DQo8cCBjbGFzcz0i
TXNvTm9ybWFsIiBzdHlsZT0ibWFyZ2luLWxlZnQ6LjVpbjt0ZXh0LWluZGVudDotLjI1aW47bXNv
LWxpc3Q6bDAgbGV2ZWwxIGxmbzYiPg0KPCFbaWYgIXN1cHBvcnRMaXN0c10+PHNwYW4gc3R5bGU9
ImZvbnQtc2l6ZToxMC4wcHQ7Zm9udC1mYW1pbHk6U3ltYm9sIj48c3BhbiBzdHlsZT0ibXNvLWxp
c3Q6SWdub3JlIj4mYW1wOyM2MTYyMzxzcGFuIHN0eWxlPSJmb250OjcuMHB0ICZxdW90O1RpbWVz
IE5ldyBSb21hbiZxdW90OyI+Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5i
c3A7DQo8L3NwYW4+PC9zcGFuPjwvc3Bhbj48IVtlbmRpZl0+PHNwYW4gbGFuZz0iRU4iIHN0eWxl
PSJmb250LXNpemU6MTAuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O1ZlcmRhbmEmcXVvdDssJnF1b3Q7
c2Fucy1zZXJpZiZxdW90OyI+QWRkZWQgdGhpcyBsYW5ndWFnZSB0byBSZWdpc3RyYXRpb24gVGVt
cGxhdGVzOiAmcXVvdDtUaGlzIG5hbWUgaXMgY2FzZSBzZW5zaXRpdmUuIE5hbWVzIHRoYXQgbWF0
Y2ggb3RoZXIgcmVnaXN0ZXJlZCBuYW1lcyBpbiBhIGNhc2UgaW5zZW5zaXRpdmUgbWFubmVyIFNI
T1VMRA0KIE5PVCBiZSBhY2NlcHRlZC4mcXVvdDsgPC9zcGFuPjxvOnA+PC9vOnA+PC9wPg0KPHAg
Y2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1hcmdpbi1sZWZ0Oi41aW47dGV4dC1pbmRlbnQ6LS4y
NWluO21zby1saXN0OmwwIGxldmVsMSBsZm82Ij4NCjwhW2lmICFzdXBwb3J0TGlzdHNdPjxzcGFu
IHN0eWxlPSJmb250LXNpemU6MTAuMHB0O2ZvbnQtZmFtaWx5OlN5bWJvbCI+PHNwYW4gc3R5bGU9
Im1zby1saXN0Oklnbm9yZSI+JmFtcDsjNjE2MjM8c3BhbiBzdHlsZT0iZm9udDo3LjBwdCAmcXVv
dDtUaW1lcyBOZXcgUm9tYW4mcXVvdDsiPiZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZu
YnNwOyZuYnNwOw0KPC9zcGFuPjwvc3Bhbj48L3NwYW4+PCFbZW5kaWZdPjxzcGFuIGxhbmc9IkVO
IiBzdHlsZT0iZm9udC1zaXplOjEwLjBwdDtmb250LWZhbWlseTomcXVvdDtWZXJkYW5hJnF1b3Q7
LCZxdW90O3NhbnMtc2VyaWYmcXVvdDsiPkRlc2NyaWJlZCBhZGRpdGlvbmFsIG9wZW4gaXNzdWVz
Lg0KPC9zcGFuPjxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1h
cmdpbi1sZWZ0Oi41aW47dGV4dC1pbmRlbnQ6LS4yNWluO21zby1saXN0OmwwIGxldmVsMSBsZm82
Ij4NCjwhW2lmICFzdXBwb3J0TGlzdHNdPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTAuMHB0O2Zv
bnQtZmFtaWx5OlN5bWJvbCI+PHNwYW4gc3R5bGU9Im1zby1saXN0Oklnbm9yZSI+JmFtcDsjNjE2
MjM8c3BhbiBzdHlsZT0iZm9udDo3LjBwdCAmcXVvdDtUaW1lcyBOZXcgUm9tYW4mcXVvdDsiPiZu
YnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOw0KPC9zcGFuPjwvc3Bhbj48
L3NwYW4+PCFbZW5kaWZdPjxzcGFuIGxhbmc9IkVOIiBzdHlsZT0iZm9udC1zaXplOjEwLjBwdDtm
b250LWZhbWlseTomcXVvdDtWZXJkYW5hJnF1b3Q7LCZxdW90O3NhbnMtc2VyaWYmcXVvdDsiPkFw
cGxpZWQgZWRpdG9yaWFsIHN1Z2dlc3Rpb25zLjwvc3Bhbj48bzpwPjwvbzpwPjwvcD4NCjxwIGNs
YXNzPSJNc29Ob3JtYWwiPiZuYnNwOzxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1h
bCI+PGEgaHJlZj0iaHR0cDovL3Rvb2xzLmlldGYub3JnL2h0bWwvZHJhZnQtaWV0Zi1vYXV0aC1q
c29uLXdlYi10b2tlbi0wMiI+aHR0cDovL3Rvb2xzLmlldGYub3JnL2h0bWwvZHJhZnQtaWV0Zi1v
YXV0aC1qc29uLXdlYi10b2tlbi0wMjwvYT48bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29O
b3JtYWwiIHN0eWxlPSJtYXJnaW4tbGVmdDouNWluO3RleHQtaW5kZW50Oi0uMjVpbjttc28tbGlz
dDpsNiBsZXZlbDEgbGZvNyI+DQo8IVtpZiAhc3VwcG9ydExpc3RzXT48c3BhbiBzdHlsZT0iZm9u
dC1zaXplOjEwLjBwdDtmb250LWZhbWlseTpTeW1ib2wiPjxzcGFuIHN0eWxlPSJtc28tbGlzdDpJ
Z25vcmUiPiZhbXA7IzYxNjIzPHNwYW4gc3R5bGU9ImZvbnQ6Ny4wcHQgJnF1b3Q7VGltZXMgTmV3
IFJvbWFuJnF1b3Q7Ij4mbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsN
Cjwvc3Bhbj48L3NwYW4+PC9zcGFuPjwhW2VuZGlmXT48c3BhbiBsYW5nPSJFTiIgc3R5bGU9ImZv
bnQtc2l6ZToxMC4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7VmVyZGFuYSZxdW90OywmcXVvdDtzYW5z
LXNlcmlmJnF1b3Q7Ij5BZGRlZCBhbiBleGFtcGxlIG9mIGFuIGVuY3J5cHRlZCBKV1QuDQo8L3Nw
YW4+PG86cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibWFyZ2luLWxl
ZnQ6LjVpbjt0ZXh0LWluZGVudDotLjI1aW47bXNvLWxpc3Q6bDYgbGV2ZWwxIGxmbzciPg0KPCFb
aWYgIXN1cHBvcnRMaXN0c10+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMC4wcHQ7Zm9udC1mYW1p
bHk6U3ltYm9sIj48c3BhbiBzdHlsZT0ibXNvLWxpc3Q6SWdub3JlIj4mYW1wOyM2MTYyMzxzcGFu
IHN0eWxlPSJmb250OjcuMHB0ICZxdW90O1RpbWVzIE5ldyBSb21hbiZxdW90OyI+Jm5ic3A7Jm5i
c3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7DQo8L3NwYW4+PC9zcGFuPjwvc3Bhbj48
IVtlbmRpZl0+PHNwYW4gbGFuZz0iRU4iIHN0eWxlPSJmb250LXNpemU6MTAuMHB0O2ZvbnQtZmFt
aWx5OiZxdW90O1ZlcmRhbmEmcXVvdDssJnF1b3Q7c2Fucy1zZXJpZiZxdW90OyI+QWRkZWQgdGhp
cyBsYW5ndWFnZSB0byBSZWdpc3RyYXRpb24gVGVtcGxhdGVzOiAmcXVvdDtUaGlzIG5hbWUgaXMg
Y2FzZSBzZW5zaXRpdmUuIE5hbWVzIHRoYXQgbWF0Y2ggb3RoZXIgcmVnaXN0ZXJlZCBuYW1lcyBp
biBhIGNhc2UgaW5zZW5zaXRpdmUgbWFubmVyIFNIT1VMRA0KIE5PVCBiZSBhY2NlcHRlZC4mcXVv
dDsgPC9zcGFuPjxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1h
cmdpbi1sZWZ0Oi41aW47dGV4dC1pbmRlbnQ6LS4yNWluO21zby1saXN0Omw2IGxldmVsMSBsZm83
Ij4NCjwhW2lmICFzdXBwb3J0TGlzdHNdPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTAuMHB0O2Zv
bnQtZmFtaWx5OlN5bWJvbCI+PHNwYW4gc3R5bGU9Im1zby1saXN0Oklnbm9yZSI+JmFtcDsjNjE2
MjM8c3BhbiBzdHlsZT0iZm9udDo3LjBwdCAmcXVvdDtUaW1lcyBOZXcgUm9tYW4mcXVvdDsiPiZu
YnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOw0KPC9zcGFuPjwvc3Bhbj48
L3NwYW4+PCFbZW5kaWZdPjxzcGFuIGxhbmc9IkVOIiBzdHlsZT0iZm9udC1zaXplOjEwLjBwdDtm
b250LWZhbWlseTomcXVvdDtWZXJkYW5hJnF1b3Q7LCZxdW90O3NhbnMtc2VyaWYmcXVvdDsiPkFw
cGxpZWQgZWRpdG9yaWFsIHN1Z2dlc3Rpb25zLjwvc3Bhbj48bzpwPjwvbzpwPjwvcD4NCjxwIGNs
YXNzPSJNc29Ob3JtYWwiPiZuYnNwOzxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1h
bCI+PGEgaHJlZj0iaHR0cDovL3Rvb2xzLmlldGYub3JnL2h0bWwvZHJhZnQtam9uZXMtam9zZS1q
d3MtanNvbi1zZXJpYWxpemF0aW9uLTAxIj5odHRwOi8vdG9vbHMuaWV0Zi5vcmcvaHRtbC9kcmFm
dC1qb25lcy1qb3NlLWp3cy1qc29uLXNlcmlhbGl6YXRpb24tMDE8L2E+PG86cD48L286cD48L3A+
DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibWFyZ2luLWxlZnQ6LjVpbjt0ZXh0LWluZGVu
dDotLjI1aW47bXNvLWxpc3Q6bDcgbGV2ZWwxIGxmbzgiPg0KPCFbaWYgIXN1cHBvcnRMaXN0c10+
PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMC4wcHQ7Zm9udC1mYW1pbHk6U3ltYm9sIj48c3BhbiBz
dHlsZT0ibXNvLWxpc3Q6SWdub3JlIj4mYW1wOyM2MTYyMzxzcGFuIHN0eWxlPSJmb250OjcuMHB0
ICZxdW90O1RpbWVzIE5ldyBSb21hbiZxdW90OyI+Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5i
c3A7Jm5ic3A7Jm5ic3A7DQo8L3NwYW4+PC9zcGFuPjwvc3Bhbj48IVtlbmRpZl0+PHNwYW4gbGFu
Zz0iRU4iIHN0eWxlPSJmb250LXNpemU6MTAuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O1ZlcmRhbmEm
cXVvdDssJnF1b3Q7c2Fucy1zZXJpZiZxdW90OyI+R2VuZXJhbGl6ZWQgbGFuZ3VhZ2UgdG8gcmVm
ZXIgdG8gTWVzc2FnZSBBdXRoZW50aWNhdGlvbiBDb2RlcyAoTUFDcykgcmF0aGVyIHRoYW4gSGFz
aC1iYXNlZCBNZXNzYWdlIEF1dGhlbnRpY2F0aW9uIENvZGVzIChITUFDcykuPC9zcGFuPjxvOnA+
PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+Jm5ic3A7PG86cD48L286cD48L3A+DQo8
cCBjbGFzcz0iTXNvTm9ybWFsIj48YSBocmVmPSJodHRwOi8vdG9vbHMuaWV0Zi5vcmcvaHRtbC9k
cmFmdC1qb25lcy1qb3NlLWp3ZS1qc29uLXNlcmlhbGl6YXRpb24tMDEiPmh0dHA6Ly90b29scy5p
ZXRmLm9yZy9odG1sL2RyYWZ0LWpvbmVzLWpvc2UtandlLWpzb24tc2VyaWFsaXphdGlvbi0wMTwv
YT48bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtYXJnaW4tbGVm
dDouNWluO3RleHQtaW5kZW50Oi0uMjVpbjttc28tbGlzdDpsNyBsZXZlbDEgbGZvOCI+DQo8IVtp
ZiAhc3VwcG9ydExpc3RzXT48c3BhbiBzdHlsZT0iZm9udC1zaXplOjEwLjBwdDtmb250LWZhbWls
eTpTeW1ib2wiPjxzcGFuIHN0eWxlPSJtc28tbGlzdDpJZ25vcmUiPiZhbXA7IzYxNjIzPHNwYW4g
c3R5bGU9ImZvbnQ6Ny4wcHQgJnF1b3Q7VGltZXMgTmV3IFJvbWFuJnF1b3Q7Ij4mbmJzcDsmbmJz
cDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsNCjwvc3Bhbj48L3NwYW4+PC9zcGFuPjwh
W2VuZGlmXT48c3BhbiBsYW5nPSJFTiIgc3R5bGU9ImZvbnQtc2l6ZToxMC4wcHQ7Zm9udC1mYW1p
bHk6JnF1b3Q7VmVyZGFuYSZxdW90OywmcXVvdDtzYW5zLXNlcmlmJnF1b3Q7Ij5BZGRlZCBhIGNv
bXBsZXRlIEpXRS1KUyBleGFtcGxlLg0KPC9zcGFuPjxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9
Ik1zb05vcm1hbCIgc3R5bGU9Im1hcmdpbi1sZWZ0Oi41aW47dGV4dC1pbmRlbnQ6LS4yNWluO21z
by1saXN0Omw3IGxldmVsMSBsZm84Ij4NCjwhW2lmICFzdXBwb3J0TGlzdHNdPjxzcGFuIHN0eWxl
PSJmb250LXNpemU6MTAuMHB0O2ZvbnQtZmFtaWx5OlN5bWJvbCI+PHNwYW4gc3R5bGU9Im1zby1s
aXN0Oklnbm9yZSI+JmFtcDsjNjE2MjM8c3BhbiBzdHlsZT0iZm9udDo3LjBwdCAmcXVvdDtUaW1l
cyBOZXcgUm9tYW4mcXVvdDsiPiZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZu
YnNwOw0KPC9zcGFuPjwvc3Bhbj48L3NwYW4+PCFbZW5kaWZdPjxzcGFuIGxhbmc9IkVOIiBzdHls
ZT0iZm9udC1zaXplOjEwLjBwdDtmb250LWZhbWlseTomcXVvdDtWZXJkYW5hJnF1b3Q7LCZxdW90
O3NhbnMtc2VyaWYmcXVvdDsiPkdlbmVyYWxpemVkIGxhbmd1YWdlIHRvIHJlZmVyIHRvIE1lc3Nh
Z2UgQXV0aGVudGljYXRpb24gQ29kZXMgKE1BQ3MpIHJhdGhlciB0aGFuIEhhc2gtYmFzZWQgTWVz
c2FnZSBBdXRoZW50aWNhdGlvbiBDb2RlcyAoSE1BQ3MpLjwvc3Bhbj48bzpwPjwvbzpwPjwvcD4N
CjxwIGNsYXNzPSJNc29Ob3JtYWwiPiZuYnNwOzxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1z
b05vcm1hbCI+Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7
Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5i
c3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7
Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5i
c3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7
Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5i
c3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7IC0tIE1pa2U8bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJN
c29Ob3JtYWwiPiZuYnNwOzxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+Jm5i
c3A7PG86cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9u
dC1zaXplOjEyLjBwdDtmb250LWZhbWlseTomcXVvdDtUaW1lcyBOZXcgUm9tYW4mcXVvdDssJnF1
b3Q7c2VyaWYmcXVvdDsiPjxicj4NCjxicj4NCjxicj4NCjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4N
CjxwcmU+X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX188bzpw
PjwvbzpwPjwvcHJlPg0KPHByZT5PQXV0aCBtYWlsaW5nIGxpc3Q8bzpwPjwvbzpwPjwvcHJlPg0K
PHByZT48YSBocmVmPSJtYWlsdG86T0F1dGhAaWV0Zi5vcmciPk9BdXRoQGlldGYub3JnPC9hPjxv
OnA+PC9vOnA+PC9wcmU+DQo8cHJlPjxhIGhyZWY9Imh0dHBzOi8vd3d3LmlldGYub3JnL21haWxt
YW4vbGlzdGluZm8vb2F1dGgiPmh0dHBzOi8vd3d3LmlldGYub3JnL21haWxtYW4vbGlzdGluZm8v
b2F1dGg8L2E+PG86cD48L286cD48L3ByZT4NCjwvYmxvY2txdW90ZT4NCjxwIGNsYXNzPSJNc29O
b3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTIuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O1Rp
bWVzIE5ldyBSb21hbiZxdW90OywmcXVvdDtzZXJpZiZxdW90OyI+PG86cD4mbmJzcDs8L286cD48
L3NwYW4+PC9wPg0KPC9kaXY+DQo8L2JvZHk+DQo8L2h0bWw+DQo=

--_000_4E1F6AAD24975D4BA5B168042967394366746735TK5EX14MBXC285r_--

From torsten@lodderstedt.net  Sat Jul 28 14:56:32 2012
Return-Path: 
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6202E21F8653 for ; Sat, 28 Jul 2012 14:56:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.249
X-Spam-Level: 
X-Spam-Status: No, score=-2.249 tagged_above=-999 required=5 tests=[AWL=0.000,  BAYES_00=-2.599, HELO_EQ_DE=0.35]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AvVprQQhIX-X for ; Sat, 28 Jul 2012 14:56:31 -0700 (PDT)
Received: from smtprelay06.ispgateway.de (smtprelay06.ispgateway.de [80.67.31.95]) by ietfa.amsl.com (Postfix) with ESMTP id 759F921F8604 for ; Sat, 28 Jul 2012 14:56:31 -0700 (PDT)
Received: from [91.2.89.152] (helo=[192.168.71.42]) by smtprelay06.ispgateway.de with esmtpsa (TLSv1:AES256-SHA:256) (Exim 4.68) (envelope-from ) id 1SvEzt-0001tc-Fb; Sat, 28 Jul 2012 23:56:29 +0200
Message-ID: <5014600B.2030406@lodderstedt.net>
Date: Sat, 28 Jul 2012 23:56:27 +0200
From: Torsten Lodderstedt 
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:14.0) Gecko/20120713 Thunderbird/14.0
MIME-Version: 1.0
To: John Bradley 
References:  <17659C91-EE05-49A1-8541-44C1B6B6EBAA@ve7jtb.com> <9c44c748-b5c2-4f9a-aa86-a245475cb33a@email.android.com>  <496c11afb3158504ff894734b1d13531@lodderstedt-online.de> 
In-Reply-To: 
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Df-Sender: dG9yc3RlbkBsb2RkZXJzdGVkdC1vbmxpbmUuZGU=
Cc: oauth WG 
Subject: Re: [OAUTH-WG] Proposed note to RFC Editor
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG 
List-Unsubscribe: , 
List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: , 
X-List-Received-Date: Sat, 28 Jul 2012 21:56:32 -0000

Hi John,

I would prefer to make it a MUST.

regards,
Torsten.
Am 27.07.2012 18:42, schrieb John Bradley:
> The text in 3.2.1 is informational to explain why there is a  REQUIRED is in 4.1.3.
>
> Putting the explanation in the parameter description seems awkward that is why I left it in 3.2.1 where the description that public clients can send client_id originally lived.
>
> I also note that there is no other normative text in Sec 3.2.1 other than the first MUST that refers to sec 2.3, the rest of the text reads as an explanation of rationale for client authentication.   That is why I phrased it that way.
>
> I personally try to make normative requirements once as I get enough stick about long specs:)
>
> I am OK with making it normative by adding a MUST,  though I will leave it up to the Editor to decide on if  duplicating normative text is the preferred style.
>
>
> On 2012-07-27, at 7:36 AM, Torsten Lodderstedt wrote:
>
>> Hi Brian,
>>
>> I know. But there is this sentence in 3.2.1,
>>
>> ----------
>> In the "authorization_code" grant_type request to the token endpoint,
>> an unauthenticated client sends "client_id" to prevent itself from
>> inadvertently accepting a code
>> intended for a client with a different "client_id".
>> -----------
>>
>> which explicitely discusses the authz code w/o saying this behavior is mandatory. People might "feel" a contradiction or difference to 4.1.3. I would suggest to either remove this sentence in 3.2.1 or change it to:
>>
>> ----------
>> In the "authorization_code" grant_type request to the token endpoint,
>> an unauthenticated client MUST send its "client_id" to prevent itself from
>> inadvertently accepting a code
>> intended for a client with a different "client_id".
>> -----------
>>
>> regards,
>> Torsten.
>>
>> Am 27.07.2012 15:47, schrieb Brian Campbell:
>>> Hey Torsten,
>>>
>>> The requirement that public clients send their client_id with an authz
>>> code grant is in 4.1.3 (Where the Access Token Request for the code
>>> grant is defined) of John's proposed text:
>>>
>>> 4.1.3.  Access Token Request
>>>
>>>    client_id
>>>          REQUIRED if the client is NOT authenticating with the
>>>          authorization server as described in Section 3.2.1
>>>
>>>
>>>
>>>
>>> On Thu, Jul 26, 2012 at 11:40 PM, Torsten Lodderstedt
>>>  wrote:
>>>> Hi John,
>>>>
>>>> I would expect sending a client_id is a MUST for public clients in the authz
>>>> code grant type. That's not how I read the proposed text for section 3.1.
>>>>
>>>> regards,
>>>> Torsten.
>>>>
>>>>
>>>>
>>>> John Bradley  schrieb:
>>>>> The changes introduced in Draft 29 had unintended consequences on parts of
>>>>> the spec caused by
>>>>> Sec 4.3,  4.4 and 6 referencing Sec 3.2.1 as part of client
>>>>> authentication.
>>>>>
>>>>> This change restricts the requirement to send client_id to only Sec 4.1.4
>>>>> for clients that are not authenticated per Sec 3.2.1
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> Section 3.2.1
>>>>>
>>>>>
>>>>>   A public client that was not issued a client password MUST use the
>>>>>   "client_id" request parameter to identify itself when sending
>>>>>   requests to the token endpoint.  This allows the authorization server
>>>>>   to ensure that the code was issued to the same client.  Sending
>>>>>   "client_id" prevents the client from inadvertently accepting a code
>>>>>   intended for a client with a different "client_id".  This protects
>>>>>   the client from substitution of the authentication code.  (It
>>>>>   provides no additional security for the protected resource.)
>>>>>
>>>>>
>>>>> Change  to
>>>>>
>>>>>   A client MAY use the "client_id" request parameter to identify itself
>>>>>   when sending requests to the token endpoint.
>>>>>   In the "authorization_code" grant_type request to the token endpoint,
>>>>>   an unauthenticated client sends "client_id" to prevent itself from
>>>>>   inadvertently accepting a code
>>>>>   intended for a client with a different "client_id".  This protects
>>>>>   the client from substitution of the authentication code.  (It
>>>>>   provides no additional security for the protected resource.)
>>>>>
>>>>>
>>>>> ** This allows any client to send client ID and explains the threat to
>>>>> code.
>>>>>
>>>>>
>>>>> 4.1.3.  Access Token Request
>>>>>
>>>>>
>>>>>
>>>>> Add
>>>>>   client_id
>>>>>         REQUIRED if the client is NOT authenticating with the
>>>>>         authorization server as described in Section 3.2.1
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> ** This makes client_id only REQUIRED for the code flow if the client is
>>>>> not otherwise authenticated.
>>>>>
>>>>> Change
>>>>>
>>>>>
>>>>>      ensure the authorization code was issued to the authenticated
>>>>>      confidential client or to the public client identified by the
>>>>>      "client_id" in the request,
>>>>>
>>>>>
>>>>> To:
>>>>>      ensure the authorization code was issued to the authenticated
>>>>>      confidential client, or if the client is public, ensure the code was
>>>>>      issued to "client_id" in the request,
>>>>>
>>>>>
>>>>> ** That removes the implication of authentication.
>>>>>
>>>>>
>>>>>
>>>> _______________________________________________
>>>> OAuth mailing list
>>>> OAuth@ietf.org
>>>> https://www.ietf.org/mailman/listinfo/oauth
>>>>


From hannes.tschofenig@gmx.net  Mon Jul 30 09:33:29 2012
Return-Path: 
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1DDEB11E809A for ; Mon, 30 Jul 2012 09:33:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.599
X-Spam-Level: 
X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Vf-7RD5ANHsz for ; Mon, 30 Jul 2012 09:33:28 -0700 (PDT)
Received: from mailout-de.gmx.net (mailout-de.gmx.net [213.165.64.22]) by ietfa.amsl.com (Postfix) with SMTP id C00C821F85C3 for ; Mon, 30 Jul 2012 09:33:27 -0700 (PDT)
Received: (qmail invoked by alias); 30 Jul 2012 16:33:26 -0000
Received: from dhcp-172b.meeting.ietf.org (EHLO dhcp-172b.meeting.ietf.org) [130.129.23.43] by mail.gmx.net (mp028) with SMTP; 30 Jul 2012 18:33:26 +0200
X-Authenticated: #29516787
X-Provags-ID: V01U2FsdGVkX1+0js8Are+0egT4dZOQO9P4W2ApCMpK5YPeWP3lvK O8sYDMvipWXuDD
From: Hannes Tschofenig 
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: quoted-printable
Date: Mon, 30 Jul 2012 09:33:25 -0700
Message-Id: 
To: "oauth@ietf.org WG" 
Mime-Version: 1.0 (Apple Message framework v1084)
X-Mailer: Apple Mail (2.1084)
X-Y-GMX-Trusted: 0
Subject: [OAUTH-WG] Informal OAuth Chat @ IETF#84
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG 
List-Unsubscribe: , 
List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: , 
X-List-Received-Date: Mon, 30 Jul 2012 16:33:29 -0000

Hi all,=20

for those who are attending the IETF meeting in Vancouver I am proposing =
to have an informal chat about ongoing activities.=20

I am proposing to meet after the Monday IAB technical plenary (which =
finishes at 19:30).  I reserved the room Constable on the 4th floor.=20

Ciao
Hannes


From tonynad@microsoft.com  Mon Jul 30 09:38:59 2012
Return-Path: 
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 770E011E80D9 for ; Mon, 30 Jul 2012 09:38:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.467
X-Spam-Level: 
X-Spam-Status: No, score=-0.467 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1, UNRESOLVED_TEMPLATE=3.132]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ud1g1X+Z7UNK for ; Mon, 30 Jul 2012 09:38:59 -0700 (PDT)
Received: from db3outboundpool.messaging.microsoft.com (db3ehsobe004.messaging.microsoft.com [213.199.154.142]) by ietfa.amsl.com (Postfix) with ESMTP id 9A19821F8655 for ; Mon, 30 Jul 2012 09:38:58 -0700 (PDT)
Received: from mail109-db3-R.bigfish.com (10.3.81.240) by DB3EHSOBE002.bigfish.com (10.3.84.22) with Microsoft SMTP Server id 14.1.225.23; Mon, 30 Jul 2012 16:38:57 +0000
Received: from mail109-db3 (localhost [127.0.0.1])	by mail109-db3-R.bigfish.com (Postfix) with ESMTP id 7B73F6032B	for ; Mon, 30 Jul 2012 16:38:57 +0000 (UTC)
X-Forefront-Antispam-Report: CIP:131.107.125.8; KIP:(null); UIP:(null); IPV:NLI; H:TK5EX14MLTC101.redmond.corp.microsoft.com; RD:none; EFVD:NLI
X-SpamScore: -24
X-BigFish: VS-24(zz9371I542M14ffIzz1202h1082kzz1033IL8275dhz2fh2a8h683h839h944hd25hf0ah107ah)
Received-SPF: pass (mail109-db3: domain of microsoft.com designates 131.107.125.8 as permitted sender) client-ip=131.107.125.8; envelope-from=tonynad@microsoft.com; helo=TK5EX14MLTC101.redmond.corp.microsoft.com ; icrosoft.com ; 
X-Forefront-Antispam-Report-Untrusted: CIP:157.56.240.21; KIP:(null); UIP:(null); (null); H:BL2PRD0310HT005.namprd03.prod.outlook.com; R:internal; EFV:INT
Received: from mail109-db3 (localhost.localdomain [127.0.0.1]) by mail109-db3 (MessageSwitch) id 1343666336252549_1658; Mon, 30 Jul 2012 16:38:56 +0000 (UTC)
Received: from DB3EHSMHS004.bigfish.com (unknown [10.3.81.227])	by mail109-db3.bigfish.com (Postfix) with ESMTP id 31A3F320048	for ; Mon, 30 Jul 2012 16:38:56 +0000 (UTC)
Received: from TK5EX14MLTC101.redmond.corp.microsoft.com (131.107.125.8) by DB3EHSMHS004.bigfish.com (10.3.87.104) with Microsoft SMTP Server (TLS) id 14.1.225.23; Mon, 30 Jul 2012 16:38:55 +0000
Received: from tx2outboundpool.messaging.microsoft.com (157.54.51.114) by mail.microsoft.com (157.54.79.178) with Microsoft SMTP Server (TLS) id 14.2.298.5; Mon, 30 Jul 2012 16:38:02 +0000
Received: from mail152-tx2-R.bigfish.com (10.9.14.254) by TX2EHSOBE007.bigfish.com (10.9.40.27) with Microsoft SMTP Server id 14.1.225.23; Mon, 30 Jul 2012 16:35:36 +0000
Received: from mail152-tx2 (localhost [127.0.0.1])	by mail152-tx2-R.bigfish.com (Postfix) with ESMTP id 18D0F4800DD	for ; Mon, 30 Jul 2012 16:35:36 +0000 (UTC)
Received: from mail152-tx2 (localhost.localdomain [127.0.0.1]) by mail152-tx2 (MessageSwitch) id 134366613470917_30704; Mon, 30 Jul 2012 16:35:34 +0000 (UTC)
Received: from TX2EHSMHS014.bigfish.com (unknown [10.9.14.249])	by mail152-tx2.bigfish.com (Postfix) with ESMTP id 0E7D13C0064; Mon, 30 Jul 2012 16:35:34 +0000 (UTC)
Received: from BL2PRD0310HT005.namprd03.prod.outlook.com (157.56.240.21) by TX2EHSMHS014.bigfish.com (10.9.99.114) with Microsoft SMTP Server (TLS) id 14.1.225.23; Mon, 30 Jul 2012 16:35:32 +0000
Received: from BL2PRD0310MB362.namprd03.prod.outlook.com ([169.254.12.232]) by BL2PRD0310HT005.namprd03.prod.outlook.com ([10.255.97.40]) with mapi id 14.16.0175.005; Mon, 30 Jul 2012 16:35:32 +0000
From: Anthony Nadalin 
To: Hannes Tschofenig , "oauth@ietf.org WG" 
Thread-Topic: [OAUTH-WG] Informal OAuth Chat @ IETF#84
Thread-Index: AQHNbnEbjTDdWcP4KUu9G3r8TfjtCpdCBbvQ
Date: Mon, 30 Jul 2012 16:35:32 +0000
Message-ID: 
References: 
In-Reply-To: 
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-originating-ip: [130.129.23.123]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OrganizationHeadersPreserved: BL2PRD0310HT005.namprd03.prod.outlook.com
X-FOPE-CONNECTOR: Id%0$Dn%*$RO%0$TLS%0$FQDN%$TlsDn%
X-FOPE-CONNECTOR: Id%59$Dn%GMX.NET$RO%2$TLS%6$FQDN%131.107.125.5$TlsDn%
X-FOPE-CONNECTOR: Id%59$Dn%IETF.ORG$RO%2$TLS%6$FQDN%131.107.125.5$TlsDn%
X-CrossPremisesHeadersPromoted: TK5EX14MLTC101.redmond.corp.microsoft.com
X-CrossPremisesHeadersFiltered: TK5EX14MLTC101.redmond.corp.microsoft.com
X-OriginatorOrg: microsoft.com
Subject: Re: [OAUTH-WG] Informal OAuth Chat @ IETF#84
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG 
List-Unsubscribe: , 
List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: , 
X-List-Received-Date: Mon, 30 Jul 2012 16:38:59 -0000

You providing beer?=20

-----Original Message-----
From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On Behalf Of H=
annes Tschofenig
Sent: Monday, July 30, 2012 9:33 AM
To: oauth@ietf.org WG
Subject: [OAUTH-WG] Informal OAuth Chat @ IETF#84

Hi all,=20

for those who are attending the IETF meeting in Vancouver I am proposing to=
 have an informal chat about ongoing activities.=20

I am proposing to meet after the Monday IAB technical plenary (which finish=
es at 19:30).  I reserved the room Constable on the 4th floor.=20

Ciao
Hannes

_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth






From leifj@mnt.se  Mon Jul 30 09:45:18 2012
Return-Path: 
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id ECD1911E80F9 for ; Mon, 30 Jul 2012 09:45:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level: 
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JzVqt25HtVVg for ; Mon, 30 Jul 2012 09:45:17 -0700 (PDT)
Received: from backup-server.nordu.net (backup-server.nordu.net [IPv6:2001:948:4:1::66]) by ietfa.amsl.com (Postfix) with ESMTP id A13A611E80E1 for ; Mon, 30 Jul 2012 09:45:16 -0700 (PDT)
Received: from [130.129.8.54] (dhcp-9036.meeting.ietf.org [130.129.8.54]) (authenticated bits=0) by backup-server.nordu.net (8.14.3/8.14.3) with ESMTP id q6UGj96j026082 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Mon, 30 Jul 2012 18:45:14 +0200 (CEST)
Message-ID: <5016BA14.30703@mnt.se>
Date: Mon, 30 Jul 2012 18:45:08 +0200
From: Leif Johansson 
User-Agent: Mozilla/5.0 (X11; Linux i686; rv:14.0) Gecko/20120714 Thunderbird/14.0
MIME-Version: 1.0
To: oauth@ietf.org
References:  
In-Reply-To: 
X-Enigmail-Version: 1.4.3
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Subject: Re: [OAUTH-WG] Informal OAuth Chat @ IETF#84
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG 
List-Unsubscribe: , 
List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: , 
X-List-Received-Date: Mon, 30 Jul 2012 16:45:19 -0000

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 07/30/2012 06:35 PM, Anthony Nadalin wrote:
> You providing beer?
> 

OAUTH provides enough buzz as it is

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAlAWuhQACgkQ8Jx8FtbMZneXGgCeKp/ASjnJLuAon0jtkIMD2fc3
K8cAnRIy3lvcja0Vh4zwvIwgcb+rnWEf
=VjmD
-----END PGP SIGNATURE-----

From derek@ihtfp.com  Mon Jul 30 10:55:41 2012
Return-Path: 
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 85FC911E8113 for ; Mon, 30 Jul 2012 10:55:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -101.966
X-Spam-Level: 
X-Spam-Status: No, score=-101.966 tagged_above=-999 required=5 tests=[AWL=0.022, BAYES_00=-2.599, HELO_MISMATCH_ORG=0.611, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zNlPrXwwdwOW for ; Mon, 30 Jul 2012 10:55:40 -0700 (PDT)
Received: from mail2.ihtfp.org (MAIL2.IHTFP.ORG [204.107.200.7]) by ietfa.amsl.com (Postfix) with ESMTP id 4102221F851C for ; Mon, 30 Jul 2012 10:55:38 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mail2.ihtfp.org (Postfix) with ESMTP id 92E57260252; Mon, 30 Jul 2012 13:55:37 -0400 (EDT)
Received: from mail2.ihtfp.org ([127.0.0.1]) by localhost (mail2.ihtfp.org [127.0.0.1]) (amavisd-maia, port 10024) with ESMTP id 19854-01; Mon, 30 Jul 2012 13:55:33 -0400 (EDT)
Received: from mocana.ihtfp.org (unknown [IPv6:fe80::224:d7ff:fee7:8924]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "cliodev.ihtfp.com", Issuer "IHTFP Consulting Certification Authority" (not verified)) by mail2.ihtfp.org (Postfix) with ESMTPS id B960726021F; Mon, 30 Jul 2012 13:55:33 -0400 (EDT)
Received: (from warlord@localhost) by mocana.ihtfp.org (8.14.5/8.14.5/Submit) id q6UHtUaU030592; Mon, 30 Jul 2012 13:55:30 -0400
From: Derek Atkins 
To: Torsten Lodderstedt 
References: <09CE58C6-9409-4E28-B4CA-DC76C37B898E@gmx.net> <4E1F6AAD24975D4BA5B16804296739436672BBBE@TK5EX14MBXC285.redmond.corp.microsoft.com>  <6DEBD33A-815E-460D-934E-A684AED2BA6B@ve7jtb.com>  <5E393DF26B791A428E5F003BB6C5342A108171DC@OC11EXPO24.exchange.mit.edu> <50101C74.6060005@lodderstedt.net>
Date: Mon, 30 Jul 2012 13:55:28 -0400
In-Reply-To: <50101C74.6060005@lodderstedt.net> (Torsten Lodderstedt's message of "Wed, 25 Jul 2012 18:19:00 +0200")
Message-ID: 
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/23.3 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Virus-Scanned: Maia Mailguard 1.0.2a
Cc: Derek Atkins , "oauth@ietf.org WG" 
Subject: Re: [OAUTH-WG] Meeting slot for the Vancouver IETF meeting requested
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG 
List-Unsubscribe: , 
List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: , 
X-List-Received-Date: Mon, 30 Jul 2012 17:55:42 -0000

We will have a WebEx available if you can attend remotely?
That's my plan, as I cannot make Vancouver this week.

-derek

Torsten Lodderstedt  writes:

> Hi Hannes,
>
> I'm unfortunately had to cancel my trip to IETF-84. Phil will cover the status
> of the threat model document. But none of the authors of the Revocation Draft
> will be attending. So I would ask you to postpone the presentation of this I-D
> to the next IETF meeting as well.
>
> best regards,
> Torsten.
>  
> Am 23.07.2012 17:02, schrieb Thomas Hardjono:
>
>     Hannes, Derek,
>     
>     Would it possible to postpone presentation/discussion of the Dyn-Reg
>     draft (Dynamic Client Registration Protocol) to the Atlanta/November
>     IETF meeting?
>     
>     The reason is that none of the proposers will be attending the
>     Vancouver IETF in-person.
>     
>     Thanks.
>     
>     /thomas/
>     
>     __________________________________________
>
>         -----Original Message-----
>         From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On
>         
>     Behalf
>     
>         Of Hannes Tschofenig
>         Sent: Sunday, July 15, 2012 1:58 PM
>         To: John Bradley
>         Cc: oauth@ietf.org WG
>         Subject: Re: [OAUTH-WG] Meeting slot for the Vancouver IETF meeting
>         requested
>         
>         Hi all,
>         
>         I have uploaded an agenda for the meeting.
>         
>         I am assuming that all these items do not require discussion time
>         anymore:
>         * draft-ietf-oauth-assertions
>         * draft-ietf-oauth-saml2-bearer
>         * draft-ietf-oauth-urn-sub-ns
>         * draft-ietf-oauth-v2
>         * draft-ietf-oauth-v2-bearer
>         
>         Hence, we can focus on the new items. As discussed in the mail below
>         
>     I
>     
>         put a separate slot for discussion of the holder-of-the-key/MAC
>         
>     token
>     
>         security discussion on the agenda. I would suggest that a couple of
>         
>     us
>     
>         meeting during the IETF week to work together on a presentation that
>         provides some concrete suggestions for next steps to the rest of the
>         group.
>         
>         I also put the following persons on the spot for the presentations
>         
>     of
>     
>         working group items:
>         
>         - OAuth Dynamic Client Registration Protocol (Thomas)
>         - JSON Web Token (JWT) (Mike)
>         - JSON Web Token (JWT) Bearer Token Profiles for OAuth 2.0 (Mike)
>         - Token Revocation (Torsten)
>         - SAML 2.0 Bearer Assertion Profiles for OAuth 2.0 (Brian)
>         - OAuth Use Cases (Zachary)
>         
>         Let me know if you want someone else to give the presentation.
>         
>         As a preparation for the meeting it would be good if you could
>         (a) identify the open issues with your document, and
>         (b) find one or two reviewers to have a look at your document during
>         the next two weeks.
>         
>         Ciao
>         Hannes
>         
>         On Jul 15, 2012, at 5:59 PM, John Bradley wrote:
>
>             Yes we need to get clearer on the the threats and use cases.
>             
>             I think Phil Hunt has some though there is likely overlap.
>             
>             Part of the problem with MAC was people never agreed on the
>             
>     threats
>     
>         it was mitigating.
>         
>             I can present something or coordinate with Tony or Phil.
>             
>             John B.
>             
>             On 2012-07-14, at 9:36 PM, Anthony Nadalin wrote:
>
>                 How about a few min on proof-of-possession requirements? I can
>                 
>         present our use cases and requirements
>         
>                 -----Original Message-----
>                 From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On
>                 
>         Behalf Of Mike Jones
>         
>                 Sent: Friday, July 13, 2012 4:42 PM
>                 To: Hannes Tschofenig; oauth@ietf.org WG
>                 Subject: Re: [OAUTH-WG] Meeting slot for the Vancouver IETF
>                 
>     meeting
>     
>         requested
>         
>                 I'm willing to do 5 minutes on the status of the Core and Bearer
>                 
>         documents.
>         
>                 I'm willing to give an update on JWT and the JWT Bearer -
>                 
>     probably
>     
>         15 minutes.  It's probably good that we're a day after the JOSE WG
>         meeting, given the JWT dependency upon the JOSE specs.
>         
>                 I'm willing to be part of a discussion on the Assertions draft,
>                 
>     but
>     
>         would appreciate doing this with Brian and/or Chuck - I'm guessing
>         
>     15
>     
>         minutes for that as well.  (I'm not certain this will be needed, but
>         I'd like to review the recent changes before saying that it's not.)
>         
>                 Looking forward to seeing many of you in Vancouver!
>                 
>                                                 -- Mike
>                 
>                 -----Original Message-----
>                 From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On
>                 
>         Behalf Of Hannes Tschofenig
>         
>                 Sent: Saturday, June 02, 2012 12:46 AM
>                 To: oauth@ietf.org WG
>                 Subject: [OAUTH-WG] Meeting slot for the Vancouver IETF meeting
>                 
>         requested
>         
>                 Hi all,
>                 
>                 I have requested a 2,5 hour slot for the upcoming meeting.
>                 
>                 While the next meeting is still a bit away it is nevertheless
>                 
>     useful
>     
>         to hear
>         
>                 * whether you plan to attend the next meeting, and
>                 * whether you want to present something.
>                 
>                 I could imagine that these documents will be discussed:
>                 * draft-ietf-oauth-dyn-reg
>                 * draft-ietf-oauth-json-web-token
>                 * draft-ietf-oauth-jwt-bearer
>                 * draft-ietf-oauth-revocation
>                 * draft-ietf-oauth-use-cases
>                 
>                 To the draft authors of these docuemnts: Please think about the
>                 
>     open
>     
>         issues and drop a mail to the list so that we make some progress
>         already before the face-to-face meeting.
>         
>                 I am assume that the following documents do not require any
>                 
>         discussion time at the upcoming IETF meeting anymore:
>         
>                 * draft-ietf-oauth-assertions
>                 * draft-ietf-oauth-saml2-bearer
>                 * draft-ietf-oauth-urn-sub-ns
>                 * draft-ietf-oauth-v2
>                 * draft-ietf-oauth-v2-bearer
>                 
>                 Ciao
>                 Hannes
>                 
>                 _______________________________________________
>                 OAuth mailing list
>                 OAuth@ietf.org
>                 https://www.ietf.org/mailman/listinfo/oauth
>
>                 _______________________________________________
>                 OAuth mailing list
>                 OAuth@ietf.org
>                 https://www.ietf.org/mailman/listinfo/oauth
>
>                 _______________________________________________
>                 OAuth mailing list
>                 OAuth@ietf.org
>                 https://www.ietf.org/mailman/listinfo/oauth
>                 
>         _______________________________________________
>         OAuth mailing list
>         OAuth@ietf.org
>         https://www.ietf.org/mailman/listinfo/oauth
>
>         _______________________________________________
>         OAuth mailing list
>         OAuth@ietf.org
>         https://www.ietf.org/mailman/listinfo/oauth
>

-- 
       Derek Atkins                 617-623-3745
       derek@ihtfp.com             www.ihtfp.com
       Computer and Internet Security Consultant

From igor.faynberg@alcatel-lucent.com  Mon Jul 30 12:56:57 2012
Return-Path: 
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9507711E81C5 for ; Mon, 30 Jul 2012 12:56:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -8.054
X-Spam-Level: 
X-Spam-Status: No, score=-8.054 tagged_above=-999 required=5 tests=[AWL=-1.455, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 30IyHJKXBR3q for ; Mon, 30 Jul 2012 12:56:56 -0700 (PDT)
Received: from ihemail3.lucent.com (ihemail3.lucent.com [135.245.0.37]) by ietfa.amsl.com (Postfix) with ESMTP id A67C111E815A for ; Mon, 30 Jul 2012 12:56:56 -0700 (PDT)
Received: from usnavsmail2.ndc.alcatel-lucent.com (usnavsmail2.ndc.alcatel-lucent.com [135.3.39.10]) by ihemail3.lucent.com (8.13.8/IER-o) with ESMTP id q6UJutw9004348 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL) for ; Mon, 30 Jul 2012 14:56:56 -0500 (CDT)
Received: from umail.lucent.com (umail-ce2.ndc.lucent.com [135.3.40.63]) by usnavsmail2.ndc.alcatel-lucent.com (8.14.3/8.14.3/GMO) with ESMTP id q6UJutjN023266 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT) for ; Mon, 30 Jul 2012 14:56:55 -0500
Received: from [135.244.39.34] (faynberg.lra.lucent.com [135.244.39.34]) by umail.lucent.com (8.13.8/TPES) with ESMTP id q6UJusYv000436; Mon, 30 Jul 2012 14:56:55 -0500 (CDT)
Message-ID: <5016E706.3060400@alcatel-lucent.com>
Date: Mon, 30 Jul 2012 15:56:54 -0400
From: Igor Faynberg 
Organization: Alcatel-Lucent
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.18) Gecko/20110616 Thunderbird/3.1.11
MIME-Version: 1.0
To: oauth@ietf.org
References: 	<17659C91-EE05-49A1-8541-44C1B6B6EBAA@ve7jtb.com>	<9c44c748-b5c2-4f9a-aa86-a245475cb33a@email.android.com>		<496c11afb3158504ff894734b1d13531@lodderstedt-online.de>	 <5014600B.2030406@lodderstedt.net>
In-Reply-To: <5014600B.2030406@lodderstedt.net>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Scanned-By: MIMEDefang 2.57 on 135.245.2.37
X-Scanned-By: MIMEDefang 2.64 on 135.3.39.10
Subject: Re: [OAUTH-WG] Proposed note to RFC Editor
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: igor.faynberg@alcatel-lucent.com
List-Id: OAUTH WG 
List-Unsubscribe: , 
List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: , 
X-List-Received-Date: Mon, 30 Jul 2012 19:56:57 -0000

+1

Reason: Clarity is always good!

Igor

On 7/28/2012 5:56 PM, Torsten Lodderstedt wrote:
> Hi John,
>
> I would prefer to make it a MUST.
>
> regards,
> Torsten.
> Am 27.07.2012 18:42, schrieb John Bradley:
>> The text in 3.2.1 is informational to explain why there is a  
>> REQUIRED is in 4.1.3.
>>
>> Putting the explanation in the parameter description seems awkward 
>> that is why I left it in 3.2.1 where the description that public 
>> clients can send client_id originally lived.
>>
>> I also note that there is no other normative text in Sec 3.2.1 other 
>> than the first MUST that refers to sec 2.3, the rest of the text 
>> reads as an explanation of rationale for client authentication.   
>> That is why I phrased it that way.
>>
>> I personally try to make normative requirements once as I get enough 
>> stick about long specs:)
>>
>> I am OK with making it normative by adding a MUST,  though I will 
>> leave it up to the Editor to decide on if  duplicating normative text 
>> is the preferred style.
>>
>>
>> On 2012-07-27, at 7:36 AM, Torsten Lodderstedt wrote:
>>
>>> Hi Brian,
>>>
>>> I know. But there is this sentence in 3.2.1,
>>>
>>> ----------
>>> In the "authorization_code" grant_type request to the token endpoint,
>>> an unauthenticated client sends "client_id" to prevent itself from
>>> inadvertently accepting a code
>>> intended for a client with a different "client_id".
>>> -----------
>>>
>>> which explicitely discusses the authz code w/o saying this behavior 
>>> is mandatory. People might "feel" a contradiction or difference to 
>>> 4.1.3. I would suggest to either remove this sentence in 3.2.1 or 
>>> change it to:
>>>
>>> ----------
>>> In the "authorization_code" grant_type request to the token endpoint,
>>> an unauthenticated client MUST send its "client_id" to prevent 
>>> itself from
>>> inadvertently accepting a code
>>> intended for a client with a different "client_id".
>>> -----------
>>>
>>> regards,
>>> Torsten.
>>>
>>> Am 27.07.2012 15:47, schrieb Brian Campbell:
>>>> Hey Torsten,
>>>>
>>>> The requirement that public clients send their client_id with an authz
>>>> code grant is in 4.1.3 (Where the Access Token Request for the code
>>>> grant is defined) of John's proposed text:
>>>>
>>>> 4.1.3.  Access Token Request
>>>>
>>>>    client_id
>>>>          REQUIRED if the client is NOT authenticating with the
>>>>          authorization server as described in Section 3.2.1
>>>>
>>>>
>>>>
>>>>
>>>> On Thu, Jul 26, 2012 at 11:40 PM, Torsten Lodderstedt
>>>>  wrote:
>>>>> Hi John,
>>>>>
>>>>> I would expect sending a client_id is a MUST for public clients in 
>>>>> the authz
>>>>> code grant type. That's not how I read the proposed text for 
>>>>> section 3.1.
>>>>>
>>>>> regards,
>>>>> Torsten.
>>>>>
>>>>>
>>>>>
>>>>> John Bradley  schrieb:
>>>>>> The changes introduced in Draft 29 had unintended consequences on 
>>>>>> parts of
>>>>>> the spec caused by
>>>>>> Sec 4.3,  4.4 and 6 referencing Sec 3.2.1 as part of client
>>>>>> authentication.
>>>>>>
>>>>>> This change restricts the requirement to send client_id to only 
>>>>>> Sec 4.1.4
>>>>>> for clients that are not authenticated per Sec 3.2.1
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> Section 3.2.1
>>>>>>
>>>>>>
>>>>>>   A public client that was not issued a client password MUST use the
>>>>>>   "client_id" request parameter to identify itself when sending
>>>>>>   requests to the token endpoint.  This allows the authorization 
>>>>>> server
>>>>>>   to ensure that the code was issued to the same client.  Sending
>>>>>>   "client_id" prevents the client from inadvertently accepting a 
>>>>>> code
>>>>>>   intended for a client with a different "client_id".  This protects
>>>>>>   the client from substitution of the authentication code.  (It
>>>>>>   provides no additional security for the protected resource.)
>>>>>>
>>>>>>
>>>>>> Change  to
>>>>>>
>>>>>>   A client MAY use the "client_id" request parameter to identify 
>>>>>> itself
>>>>>>   when sending requests to the token endpoint.
>>>>>>   In the "authorization_code" grant_type request to the token 
>>>>>> endpoint,
>>>>>>   an unauthenticated client sends "client_id" to prevent itself from
>>>>>>   inadvertently accepting a code
>>>>>>   intended for a client with a different "client_id".  This protects
>>>>>>   the client from substitution of the authentication code.  (It
>>>>>>   provides no additional security for the protected resource.)
>>>>>>
>>>>>>
>>>>>> ** This allows any client to send client ID and explains the 
>>>>>> threat to
>>>>>> code.
>>>>>>
>>>>>>
>>>>>> 4.1.3.  Access Token Request
>>>>>>
>>>>>>
>>>>>>
>>>>>> Add
>>>>>>   client_id
>>>>>>         REQUIRED if the client is NOT authenticating with the
>>>>>>         authorization server as described in Section 3.2.1
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> ** This makes client_id only REQUIRED for the code flow if the 
>>>>>> client is
>>>>>> not otherwise authenticated.
>>>>>>
>>>>>> Change
>>>>>>
>>>>>>
>>>>>>      ensure the authorization code was issued to the authenticated
>>>>>>      confidential client or to the public client identified by the
>>>>>>      "client_id" in the request,
>>>>>>
>>>>>>
>>>>>> To:
>>>>>>      ensure the authorization code was issued to the authenticated
>>>>>>      confidential client, or if the client is public, ensure the 
>>>>>> code was
>>>>>>      issued to "client_id" in the request,
>>>>>>
>>>>>>
>>>>>> ** That removes the implication of authentication.
>>>>>>
>>>>>>
>>>>>>
>>>>> _______________________________________________
>>>>> OAuth mailing list
>>>>> OAuth@ietf.org
>>>>> https://www.ietf.org/mailman/listinfo/oauth
>>>>>
>
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth

From leifj@mnt.se  Mon Jul 30 13:30:39 2012
Return-Path: 
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B5BF411E8134 for ; Mon, 30 Jul 2012 13:30:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level: 
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lnWRSMuC3H8C for ; Mon, 30 Jul 2012 13:30:39 -0700 (PDT)
Received: from backup-server.nordu.net (backup-server.nordu.net [IPv6:2001:948:4:1::66]) by ietfa.amsl.com (Postfix) with ESMTP id BDD2611E8133 for ; Mon, 30 Jul 2012 13:30:38 -0700 (PDT)
Received: from [130.129.18.31] (dhcp-121f.meeting.ietf.org [130.129.18.31]) (authenticated bits=0) by backup-server.nordu.net (8.14.3/8.14.3) with ESMTP id q6UKUWGH015397 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Mon, 30 Jul 2012 22:30:37 +0200 (CEST)
Message-ID: <5016EEE7.1050401@mnt.se>
Date: Mon, 30 Jul 2012 22:30:31 +0200
From: Leif Johansson 
User-Agent: Mozilla/5.0 (X11; Linux i686; rv:14.0) Gecko/20120714 Thunderbird/14.0
MIME-Version: 1.0
To: oauth@ietf.org
References:  
In-Reply-To: 
X-Enigmail-Version: 1.4.3
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Subject: Re: [OAUTH-WG] Informal OAuth Chat @ IETF#84
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG 
List-Unsubscribe: , 
List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: , 
X-List-Received-Date: Mon, 30 Jul 2012 20:30:39 -0000

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 07/30/2012 06:35 PM, Anthony Nadalin wrote:
> You providing beer?
> 
> -----Original Message----- From: oauth-bounces@ietf.org
> [mailto:oauth-bounces@ietf.org] On Behalf Of Hannes Tschofenig 
> Sent: Monday, July 30, 2012 9:33 AM To: oauth@ietf.org WG Subject:
> [OAUTH-WG] Informal OAuth Chat @ IETF#84
> 
> Hi all,
> 
> for those who are attending the IETF meeting in Vancouver I am
> proposing to have an informal chat about ongoing activities.
> 
> I am proposing to meet after the Monday IAB technical plenary
> (which finishes at 19:30).  I reserved the room Constable on the
> 4th floor.
> 

Is there any way we can do this in the break before the plenary
instead? My brain will be toast by 19:30

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAlAW7ucACgkQ8Jx8FtbMZnegQACgxb8llX8S84irE5Wk7DVM5nmL
dloAnioNKJiRXVQihvlJ31Bqz/0Qj8sr
=hsLb
-----END PGP SIGNATURE-----

From llynch@civil-tongue.net  Mon Jul 30 13:37:36 2012
Return-Path: 
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A78ED21F84A7 for ; Mon, 30 Jul 2012 13:37:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.599
X-Spam-Level: 
X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id o4-8ws7vD2-h for ; Mon, 30 Jul 2012 13:37:36 -0700 (PDT)
Received: from hiroshima.bogus.com (hiroshima.bogus.com [IPv6:2001:418:1::80]) by ietfa.amsl.com (Postfix) with ESMTP id EF2C321F849B for ; Mon, 30 Jul 2012 13:37:35 -0700 (PDT)
Received: from hiroshima.bogus.com (localhost [127.0.0.1]) by hiroshima.bogus.com (8.14.3/8.14.3) with ESMTP id q6UKbZcn073781 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Mon, 30 Jul 2012 13:37:35 -0700 (PDT) (envelope-from llynch@civil-tongue.net)
Received: from localhost (llynch@localhost) by hiroshima.bogus.com (8.14.3/8.14.3/Submit) with ESMTP id q6UKbZRV073778; Mon, 30 Jul 2012 13:37:35 -0700 (PDT) (envelope-from llynch@civil-tongue.net)
Date: Mon, 30 Jul 2012 13:37:35 -0700 (PDT)
From: Lucy Lynch 
X-X-Sender: llynch@hiroshima.bogus.com
To: Leif Johansson 
In-Reply-To: <5016EEE7.1050401@mnt.se>
Message-ID: 
References:   <5016EEE7.1050401@mnt.se>
User-Agent: Alpine 2.00 (BSF 1167 2008-08-23)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
Cc: oauth@ietf.org
Subject: Re: [OAUTH-WG] Informal OAuth Chat @ IETF#84
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG 
List-Unsubscribe: , 
List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: , 
X-List-Received-Date: Mon, 30 Jul 2012 20:37:36 -0000

On Mon, 30 Jul 2012, Leif Johansson wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 07/30/2012 06:35 PM, Anthony Nadalin wrote:
>> You providing beer?
>>
>> -----Original Message----- From: oauth-bounces@ietf.org
>> [mailto:oauth-bounces@ietf.org] On Behalf Of Hannes Tschofenig
>> Sent: Monday, July 30, 2012 9:33 AM To: oauth@ietf.org WG Subject:
>> [OAUTH-WG] Informal OAuth Chat @ IETF#84
>>
>> Hi all,
>>
>> for those who are attending the IETF meeting in Vancouver I am
>> proposing to have an informal chat about ongoing activities.
>>
>> I am proposing to meet after the Monday IAB technical plenary
>> (which finishes at 19:30).  I reserved the room Constable on the
>> 4th floor.
>>
>
> Is there any way we can do this in the break before the plenary
> instead? My brain will be toast by 19:30

better for me as well my week is pretty booked, so late additions are hard 
to accomedate.

> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.11 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>
> iEYEARECAAYFAlAW7ucACgkQ8Jx8FtbMZnegQACgxb8llX8S84irE5Wk7DVM5nmL
> dloAnioNKJiRXVQihvlJ31Bqz/0Qj8sr
> =hsLb
> -----END PGP SIGNATURE-----
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth
>

From ve7jtb@ve7jtb.com  Mon Jul 30 13:40:17 2012
Return-Path: 
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 42E0911E8126 for ; Mon, 30 Jul 2012 13:40:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.599
X-Spam-Level: 
X-Spam-Status: No, score=-3.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZHcYTvx8KFUK for ; Mon, 30 Jul 2012 13:40:16 -0700 (PDT)
Received: from mail-gg0-f172.google.com (mail-gg0-f172.google.com [209.85.161.172]) by ietfa.amsl.com (Postfix) with ESMTP id 0A83511E8159 for ; Mon, 30 Jul 2012 13:40:15 -0700 (PDT)
Received: by ggnc4 with SMTP id c4so5733435ggn.31 for ; Mon, 30 Jul 2012 13:40:15 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=subject:mime-version:content-type:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to:x-mailer :x-gm-message-state; bh=0pdxxoziHNMrjZN722t8DimN1dscf/t8FbtQmScjt7w=; b=DSzd2hxedxzTBafuKJWUh3fYOwk965DcIQv07B/YfxWi8xdbIyhneXF6YTD1C/B5Ns WyjNnKjwzXwKdb5BfZQFR46xgvBqQ+I48GPc6LU3Sa9z16I+AX7SNht6c5TOGim8m6c1 pqJqyeAtbVVDWrRREdZMCWYxXtcvJrvNuzsagAjI6SJxPdgM+RyMKG00DZhYoZY86tWM 6ZPudzHBsMWh4ghd31/N26kpNGRvrX9DPDS2lmZm3V2MeT84SOT2AAaDYBi7E3B03Dju 3QFzdncNYlXuI96UdIPpNaYBsoEEFFR1b1tS5d5FIqFfTR4eblXhzskPaeRU8w7w4Uci DhBA==
Received: by 10.68.116.203 with SMTP id jy11mr37670010pbb.129.1343680814992; Mon, 30 Jul 2012 13:40:14 -0700 (PDT)
Received: from dhcp-1592.meeting.ietf.org (dhcp-1592.meeting.ietf.org. [130.129.21.146]) by mx.google.com with ESMTPS id ka5sm8554819pbb.37.2012.07.30.13.40.13 (version=TLSv1/SSLv3 cipher=OTHER); Mon, 30 Jul 2012 13:40:14 -0700 (PDT)
Mime-Version: 1.0 (Apple Message framework v1280)
Content-Type: text/plain; charset=us-ascii
From: John Bradley 
In-Reply-To: 
Date: Mon, 30 Jul 2012 13:40:12 -0700
Content-Transfer-Encoding: quoted-printable
Message-Id: 
References:   <5016EEE7.1050401@mnt.se> 
To: Lucy Lynch 
X-Mailer: Apple Mail (2.1280)
X-Gm-Message-State: ALoCoQlZDpPa0RVEGcQJ5T0oWmP624irR/VpBBlytQHuk84HFy5jYLgFJNyNc4Cvugz3ro7AQPz4
Cc: oauth@ietf.org
Subject: Re: [OAUTH-WG] Informal OAuth Chat @ IETF#84
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG 
List-Unsubscribe: , 
List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: , 
X-List-Received-Date: Mon, 30 Jul 2012 20:40:17 -0000

fine with me.

On 2012-07-30, at 1:37 PM, Lucy Lynch wrote:

> On Mon, 30 Jul 2012, Leif Johansson wrote:
>=20
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>=20
>> On 07/30/2012 06:35 PM, Anthony Nadalin wrote:
>>> You providing beer?
>>>=20
>>> -----Original Message----- From: oauth-bounces@ietf.org
>>> [mailto:oauth-bounces@ietf.org] On Behalf Of Hannes Tschofenig
>>> Sent: Monday, July 30, 2012 9:33 AM To: oauth@ietf.org WG Subject:
>>> [OAUTH-WG] Informal OAuth Chat @ IETF#84
>>>=20
>>> Hi all,
>>>=20
>>> for those who are attending the IETF meeting in Vancouver I am
>>> proposing to have an informal chat about ongoing activities.
>>>=20
>>> I am proposing to meet after the Monday IAB technical plenary
>>> (which finishes at 19:30).  I reserved the room Constable on the
>>> 4th floor.
>>>=20
>>=20
>> Is there any way we can do this in the break before the plenary
>> instead? My brain will be toast by 19:30
>=20
> better for me as well my week is pretty booked, so late additions are =
hard to accomedate.
>=20
>> -----BEGIN PGP SIGNATURE-----
>> Version: GnuPG v1.4.11 (GNU/Linux)
>> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>>=20
>> iEYEARECAAYFAlAW7ucACgkQ8Jx8FtbMZnegQACgxb8llX8S84irE5Wk7DVM5nmL
>> dloAnioNKJiRXVQihvlJ31Bqz/0Qj8sr
>> =3DhsLb
>> -----END PGP SIGNATURE-----
>> _______________________________________________
>> OAuth mailing list
>> OAuth@ietf.org
>> https://www.ietf.org/mailman/listinfo/oauth
>>=20
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth


From kwiereng@cisco.com  Mon Jul 30 13:41:10 2012
Return-Path: 
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E098521F8585 for ; Mon, 30 Jul 2012 13:41:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.599
X-Spam-Level: 
X-Spam-Status: No, score=-10.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id E70kPAcPIDvq for ; Mon, 30 Jul 2012 13:41:10 -0700 (PDT)
Received: from rcdn-iport-2.cisco.com (rcdn-iport-2.cisco.com [173.37.86.73]) by ietfa.amsl.com (Postfix) with ESMTP id A611321F8491 for ; Mon, 30 Jul 2012 13:41:09 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=kwiereng@cisco.com; l=1742; q=dns/txt; s=iport; t=1343680869; x=1344890469; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-id:content-transfer-encoding: mime-version; bh=6NrCr20avTaVOKCrI/Y4zFvwlJKNIlBn/7BAiR+vunA=; b=GpjrM/K7UXx40lCV6s1R+9dYToMTPmakIsXEMH+Y1xIWpOkVOzWDZXTA D+K/4GD1FnH54C9KTLxQokQ24XdUgaddTpV0ouWjCRu0luug4nnlYqFrq b9vMZSZQS5mXbZSosEQrxdviJIy/hjlmMA2Pzw1D7l115msBwxxCdG4Wn w=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: Av8EAAPxFlCtJV2Y/2dsb2JhbABFuVmBB4IgAQEBAwEBAQEPASc0CwUHBAIBCBEEAQEBHgkHJwsUCQgCBA4FIodlBguabaAUi1CGKWADlUmBFI0TgWaCXw
X-IronPort-AV: E=Sophos;i="4.77,681,1336348800"; d="scan'208";a="106727932"
Received: from rcdn-core-1.cisco.com ([173.37.93.152]) by rcdn-iport-2.cisco.com with ESMTP; 30 Jul 2012 20:41:09 +0000
Received: from xhc-rcd-x04.cisco.com (xhc-rcd-x04.cisco.com [173.37.183.78]) by rcdn-core-1.cisco.com (8.14.5/8.14.5) with ESMTP id q6UKf94P027737 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Mon, 30 Jul 2012 20:41:09 GMT
Received: from xmb-aln-x12.cisco.com ([169.254.7.132]) by xhc-rcd-x04.cisco.com ([173.37.183.78]) with mapi id 14.02.0298.004; Mon, 30 Jul 2012 15:41:08 -0500
From: "Klaas Wierenga (kwiereng)" 
To: "oauth@ietf.org" 
Thread-Topic: [OAUTH-WG] Informal OAuth Chat @ IETF#84
Thread-Index: AQHNbnEQ3sSwnO0BAUihok2rgTV/ppdCWZsAgABBqICAAAH5gIAAAPwA
Date: Mon, 30 Jul 2012 20:41:08 +0000
Message-ID: <2535AFEB-FE12-40E5-9E71-0F78F1436CD4@cisco.com>
References:   <5016EEE7.1050401@mnt.se> 
In-Reply-To: 
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-originating-ip: [10.82.208.223]
x-tm-as-product-ver: SMEX-10.2.0.1135-7.000.1014-19074.001
x-tm-as-result: No--42.297100-8.000000-31
x-tm-as-user-approved-sender: No
x-tm-as-user-blocked-sender: No
Content-Type: text/plain; charset="us-ascii"
Content-ID: <55B18447A510A74CB1B34422CC5F2C2B@cisco.com>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Subject: Re: [OAUTH-WG] Informal OAuth Chat @ IETF#84
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG 
List-Unsubscribe: , 
List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: , 
X-List-Received-Date: Mon, 30 Jul 2012 20:41:11 -0000

On Jul 30, 2012, at 10:37 PM, Lucy Lynch wrote:

> On Mon, 30 Jul 2012, Leif Johansson wrote:
>=20
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>=20
>> On 07/30/2012 06:35 PM, Anthony Nadalin wrote:
>>> You providing beer?
>>>=20
>>> -----Original Message----- From: oauth-bounces@ietf.org
>>> [mailto:oauth-bounces@ietf.org] On Behalf Of Hannes Tschofenig
>>> Sent: Monday, July 30, 2012 9:33 AM To: oauth@ietf.org WG Subject:
>>> [OAUTH-WG] Informal OAuth Chat @ IETF#84
>>>=20
>>> Hi all,
>>>=20
>>> for those who are attending the IETF meeting in Vancouver I am
>>> proposing to have an informal chat about ongoing activities.
>>>=20
>>> I am proposing to meet after the Monday IAB technical plenary
>>> (which finishes at 19:30).  I reserved the room Constable on the
>>> 4th floor.
>>>=20
>>=20
>> Is there any way we can do this in the break before the plenary
>> instead? My brain will be toast by 19:30
>=20
> better for me as well my week is pretty booked, so late additions are har=
d to accomedate.

same here, unfortunately I can not do after the plenary, before would work =
for me.

Klaas

>=20
>> -----BEGIN PGP SIGNATURE-----
>> Version: GnuPG v1.4.11 (GNU/Linux)
>> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>>=20
>> iEYEARECAAYFAlAW7ucACgkQ8Jx8FtbMZnegQACgxb8llX8S84irE5Wk7DVM5nmL
>> dloAnioNKJiRXVQihvlJ31Bqz/0Qj8sr
>> =3DhsLb
>> -----END PGP SIGNATURE-----
>> _______________________________________________
>> OAuth mailing list
>> OAuth@ietf.org
>> https://www.ietf.org/mailman/listinfo/oauth
>>=20
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth


From phil.hunt@oracle.com  Mon Jul 30 13:43:53 2012
Return-Path: 
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6231B21F8491 for ; Mon, 30 Jul 2012 13:43:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.203
X-Spam-Level: 
X-Spam-Status: No, score=-9.203 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, MIME_QP_LONG_LINE=1.396, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hFHpFccvqzPh for ; Mon, 30 Jul 2012 13:43:52 -0700 (PDT)
Received: from rcsinet15.oracle.com (rcsinet15.oracle.com [148.87.113.117]) by ietfa.amsl.com (Postfix) with ESMTP id 4875D21F8585 for ; Mon, 30 Jul 2012 13:43:52 -0700 (PDT)
Received: from acsinet22.oracle.com (acsinet22.oracle.com [141.146.126.238]) by rcsinet15.oracle.com (Sentrion-MTA-4.2.2/Sentrion-MTA-4.2.2) with ESMTP id q6UKhkqt019955 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Mon, 30 Jul 2012 20:43:47 GMT
Received: from acsmt357.oracle.com (acsmt357.oracle.com [141.146.40.157]) by acsinet22.oracle.com (8.14.4+Sun/8.14.4) with ESMTP id q6UKhkQu003906 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 30 Jul 2012 20:43:46 GMT
Received: from abhmt119.oracle.com (abhmt119.oracle.com [141.146.116.71]) by acsmt357.oracle.com (8.12.11.20060308/8.12.11) with ESMTP id q6UKhkf7007066; Mon, 30 Jul 2012 15:43:46 -0500
Received: from [25.65.76.225] (/74.198.150.225) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Mon, 30 Jul 2012 13:43:43 -0700
References:   <5016EEE7.1050401@mnt.se>  <2535AFEB-FE12-40E5-9E71-0F78F1436CD4@cisco.com>
In-Reply-To: <2535AFEB-FE12-40E5-9E71-0F78F1436CD4@cisco.com>
Mime-Version: 1.0 (1.0)
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset=us-ascii
Message-Id: <1B31798A-8E83-4FFF-A91C-8D7582E64AE6@oracle.com>
X-Mailer: iPhone Mail (9B206)
From: Phil Hunt 
Date: Mon, 30 Jul 2012 13:43:42 -0700
To: "Klaas Wierenga (kwiereng)" 
X-Source-IP: acsinet22.oracle.com [141.146.126.238]
Cc: "oauth@ietf.org" 
Subject: Re: [OAUTH-WG] Informal OAuth Chat @ IETF#84
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG 
List-Unsubscribe: , 
List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: , 
X-List-Received-Date: Mon, 30 Jul 2012 20:43:53 -0000

I can't do it before 5

Phil

On 2012-07-30, at 13:41, "Klaas Wierenga (kwiereng)"  wr=
ote:

>=20
> On Jul 30, 2012, at 10:37 PM, Lucy Lynch wrote:
>=20
>> On Mon, 30 Jul 2012, Leif Johansson wrote:
>>=20
>>> -----BEGIN PGP SIGNED MESSAGE-----
>>> Hash: SHA1
>>>=20
>>> On 07/30/2012 06:35 PM, Anthony Nadalin wrote:
>>>> You providing beer?
>>>>=20
>>>> -----Original Message----- From: oauth-bounces@ietf.org
>>>> [mailto:oauth-bounces@ietf.org] On Behalf Of Hannes Tschofenig
>>>> Sent: Monday, July 30, 2012 9:33 AM To: oauth@ietf.org WG Subject:
>>>> [OAUTH-WG] Informal OAuth Chat @ IETF#84
>>>>=20
>>>> Hi all,
>>>>=20
>>>> for those who are attending the IETF meeting in Vancouver I am
>>>> proposing to have an informal chat about ongoing activities.
>>>>=20
>>>> I am proposing to meet after the Monday IAB technical plenary
>>>> (which finishes at 19:30).  I reserved the room Constable on the
>>>> 4th floor.
>>>>=20
>>>=20
>>> Is there any way we can do this in the break before the plenary
>>> instead? My brain will be toast by 19:30
>>=20
>> better for me as well my week is pretty booked, so late additions are har=
d to accomedate.
>=20
> same here, unfortunately I can not do after the plenary, before would work=
 for me.
>=20
> Klaas
>=20
>>=20
>>> -----BEGIN PGP SIGNATURE-----
>>> Version: GnuPG v1.4.11 (GNU/Linux)
>>> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>>>=20
>>> iEYEARECAAYFAlAW7ucACgkQ8Jx8FtbMZnegQACgxb8llX8S84irE5Wk7DVM5nmL
>>> dloAnioNKJiRXVQihvlJ31Bqz/0Qj8sr
>>> =3DhsLb
>>> -----END PGP SIGNATURE-----
>>> _______________________________________________
>>> OAuth mailing list
>>> OAuth@ietf.org
>>> https://www.ietf.org/mailman/listinfo/oauth
>>>=20
>> _______________________________________________
>> OAuth mailing list
>> OAuth@ietf.org
>> https://www.ietf.org/mailman/listinfo/oauth
>=20
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth

From leifj@mnt.se  Mon Jul 30 13:49:42 2012
Return-Path: 
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AE2FE11E81AA for ; Mon, 30 Jul 2012 13:49:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level: 
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cw5oOWmm7s0C for ; Mon, 30 Jul 2012 13:49:42 -0700 (PDT)
Received: from backup-server.nordu.net (backup-server.nordu.net [IPv6:2001:948:4:1::66]) by ietfa.amsl.com (Postfix) with ESMTP id CED5211E81A9 for ; Mon, 30 Jul 2012 13:49:41 -0700 (PDT)
Received: from [130.129.18.31] (dhcp-121f.meeting.ietf.org [130.129.18.31]) (authenticated bits=0) by backup-server.nordu.net (8.14.3/8.14.3) with ESMTP id q6UKnYwd007880 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Mon, 30 Jul 2012 22:49:40 +0200 (CEST)
Message-ID: <5016F35E.9010901@mnt.se>
Date: Mon, 30 Jul 2012 22:49:34 +0200
From: Leif Johansson 
User-Agent: Mozilla/5.0 (X11; Linux i686; rv:14.0) Gecko/20120714 Thunderbird/14.0
MIME-Version: 1.0
To: oauth@ietf.org
References:   <5016EEE7.1050401@mnt.se>  <2535AFEB-FE12-40E5-9E71-0F78F1436CD4@cisco.com> <1B31798A-8E83-4FFF-A91C-8D7582E64AE6@oracle.com>
In-Reply-To: <1B31798A-8E83-4FFF-A91C-8D7582E64AE6@oracle.com>
X-Enigmail-Version: 1.4.3
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Subject: Re: [OAUTH-WG] Informal OAuth Chat @ IETF#84
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG 
List-Unsubscribe: , 
List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: , 
X-List-Received-Date: Mon, 30 Jul 2012 20:49:42 -0000

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 07/30/2012 10:43 PM, Phil Hunt wrote:
> I can't do it before 5

Maybe find another day Hannes?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAlAW814ACgkQ8Jx8FtbMZndKcwCeLgJdj4EEZOtmrStdXzCHaVXf
exQAn2PQ//shnMa86u1YOEHrnC193UBJ
=/Jyp
-----END PGP SIGNATURE-----

From hannes.tschofenig@gmx.net  Mon Jul 30 16:20:20 2012
Return-Path: 
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A4FB811E80D5 for ; Mon, 30 Jul 2012 16:20:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.599
X-Spam-Level: 
X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ejcr2-Wa5-hX for ; Mon, 30 Jul 2012 16:20:20 -0700 (PDT)
Received: from mailout-de.gmx.net (mailout-de.gmx.net [213.165.64.22]) by ietfa.amsl.com (Postfix) with SMTP id 1171F21F851C for ; Mon, 30 Jul 2012 16:20:18 -0700 (PDT)
Received: (qmail invoked by alias); 30 Jul 2012 23:20:17 -0000
Received: from dhcp-172b.meeting.ietf.org (EHLO dhcp-172b.meeting.ietf.org) [130.129.23.43] by mail.gmx.net (mp030) with SMTP; 31 Jul 2012 01:20:17 +0200
X-Authenticated: #29516787
X-Provags-ID: V01U2FsdGVkX19u8EsKBC9u0M6PA9qo51B62fZ24QqkwIgFiYdFvj axuyE6yn4ean2+
Mime-Version: 1.0 (Apple Message framework v1084)
Content-Type: text/plain; charset=us-ascii
From: Hannes Tschofenig 
In-Reply-To: 
Date: Mon, 30 Jul 2012 16:20:14 -0700
Content-Transfer-Encoding: quoted-printable
Message-Id: 
References: 
To: "oauth@ietf.org WG" 
X-Mailer: Apple Mail (2.1084)
X-Y-GMX-Trusted: 0
Subject: Re: [OAUTH-WG] Informal OAuth Chat @ IETF#84
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG 
List-Unsubscribe: , 
List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: , 
X-List-Received-Date: Mon, 30 Jul 2012 23:20:20 -0000

Thanks for the feedback.=20

I therefore propose to meet=20
* before the IAB plenary in front of the Regency C/D room at 17:10, AND
* after the IAB plenary at the Constable room for those who are =
available.=20

Ciao
Hannes


On Jul 30, 2012, at 9:33 AM, Hannes Tschofenig wrote:

> Hi all,=20
>=20
> for those who are attending the IETF meeting in Vancouver I am =
proposing to have an informal chat about ongoing activities.=20
>=20
> I am proposing to meet after the Monday IAB technical plenary (which =
finishes at 19:30).  I reserved the room Constable on the 4th floor.=20
>=20
> Ciao
> Hannes
>=20


From bcampbell@pingidentity.com  Mon Jul 30 16:39:20 2012
Return-Path: 
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4DFD111E8109 for ; Mon, 30 Jul 2012 16:39:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.983
X-Spam-Level: 
X-Spam-Status: No, score=-5.983 tagged_above=-999 required=5 tests=[AWL=-0.006, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TWx9cs4A2NUU for ; Mon, 30 Jul 2012 16:39:19 -0700 (PDT)
Received: from na3sys009aog133.obsmtp.com (na3sys009aog133.obsmtp.com [74.125.149.82]) by ietfa.amsl.com (Postfix) with ESMTP id 62B0611E80BA for ; Mon, 30 Jul 2012 16:39:19 -0700 (PDT)
Received: from mail-vb0-f48.google.com ([209.85.212.48]) (using TLSv1) by na3sys009aob133.postini.com ([74.125.148.12]) with SMTP ID DSNKUBcbJtFt4K31aK5oLOGnTyIwj/QpdZRj@postini.com; Mon, 30 Jul 2012 16:39:19 PDT
Received: by vbjk17 with SMTP id k17so6229575vbj.35 for ; Mon, 30 Jul 2012 16:39:18 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :content-type:x-gm-message-state; bh=McGGZDsEbWbIP8na5TQUexwPdQXccq+R3RGbYLotOKY=; b=ZuzHUDGUwRylJy9MT2oAxy7PwSuyv8vKxMbGbRFIGxNDpp02owkP8u6NiEjEp0tWJq AVtgWn0T//euFWYLxPIDJ2r/qu3GBMZM5dmt48+ALC+6sVKOGFbFnfQLjGB5FhujAuWX TraSIYIQBv2Sj9BczNhEOfpsiUQrJ+4tBicI4B72IcP9UiMhPSOY0O6ysPC4lQEoQdKI Xd65/j4dxU8FCnt09x7+1m83dvQekN3SJ/aLGLb9/pq1BAvh25au4MMRm6WP3KgI8P4P nDfYpPEB0Rt1ojTepi1zk06XmYSBjHxJSTQ1xRIctFFwc9rSeamaCqMkRwiWJsU/wjUM wyGg==
Received: by 10.52.33.204 with SMTP id t12mr11161462vdi.91.1343691558175; Mon, 30 Jul 2012 16:39:18 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.58.145.132 with HTTP; Mon, 30 Jul 2012 16:38:47 -0700 (PDT)
In-Reply-To: <5016F35E.9010901@mnt.se>
References:   <5016EEE7.1050401@mnt.se>  <2535AFEB-FE12-40E5-9E71-0F78F1436CD4@cisco.com> <1B31798A-8E83-4FFF-A91C-8D7582E64AE6@oracle.com> <5016F35E.9010901@mnt.se>
From: Brian Campbell 
Date: Mon, 30 Jul 2012 16:38:47 -0700
Message-ID: 
To: oauth@ietf.org
Content-Type: text/plain; charset=ISO-8859-1
X-Gm-Message-State: ALoCoQlBTjQbmlVu6vufUupr5uQhHV3c5WI+HCPiAB9sD7c5ReYC5+viDHh8UVcz4y/Ux1dGn3qd
Subject: Re: [OAUTH-WG] Informal OAuth Chat @ IETF#84
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG 
List-Unsubscribe: , 
List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: , 
X-List-Received-Date: Mon, 30 Jul 2012 23:39:20 -0000

Is there any consensus about this?

On Mon, Jul 30, 2012 at 2:49 PM, Leif Johansson  wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 07/30/2012 10:43 PM, Phil Hunt wrote:
>> I can't do it before 5
>
> Maybe find another day Hannes?
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.11 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>
> iEYEARECAAYFAlAW814ACgkQ8Jx8FtbMZndKcwCeLgJdj4EEZOtmrStdXzCHaVXf
> exQAn2PQ//shnMa86u1YOEHrnC193UBJ
> =/Jyp
> -----END PGP SIGNATURE-----
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth

From sakimura@gmail.com  Mon Jul 30 18:26:34 2012
Return-Path: 
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CEF1211E80DB for ; Mon, 30 Jul 2012 18:26:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.484
X-Spam-Level: 
X-Spam-Status: No, score=-3.484 tagged_above=-999 required=5 tests=[AWL=0.115,  BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4fA8dKztXduP for ; Mon, 30 Jul 2012 18:26:33 -0700 (PDT)
Received: from mail-vc0-f172.google.com (mail-vc0-f172.google.com [209.85.220.172]) by ietfa.amsl.com (Postfix) with ESMTP id 24A7C11E80CC for ; Mon, 30 Jul 2012 18:26:33 -0700 (PDT)
Received: by vcbfo14 with SMTP id fo14so5576484vcb.31 for ; Mon, 30 Jul 2012 18:26:32 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=references:from:in-reply-to:mime-version:date:message-id:subject:to :cc:content-type; bh=58a+Z5bf7KHY2n+W7MqOXbMkoFSMX9OPqrtOa/+sLL0=; b=sl7KnH+W87cQs8dTV1+QjjZgadobJlMKXGbv/4iXEEUt/zD2RTnyiC93adqPZIaVFJ wtCh71RpVtwKsxie+qfP5kT542v1Wew1K1BlFKv0AVzQDVsDAUQbZHseBgm9jwq/nTvp p8bR076ZPu8/w8RQ+4s7M+YiJlaPEH7zV1LxuJx1q680tp2XNeQ2aI40BgdXXEf8X7YH RJ7Jl8b6OUWuojFQQ+373byMi0Nta8aCqM8H1xgWIUp11EL3LbPGoYZPqQTyrprlaPyU tPZOshuDqCnAVj5EfS6oxW7ydW//3INi3e0Ud/A4dnOv2qBHBCneQixCERTPAbZrpH/H t81w==
Received: by 10.58.91.148 with SMTP id ce20mr1059212veb.16.1343697992565; Mon, 30 Jul 2012 18:26:32 -0700 (PDT)
References:   <5016EEE7.1050401@mnt.se>  <2535AFEB-FE12-40E5-9E71-0F78F1436CD4@cisco.com> <1B31798A-8E83-4FFF-A91C-8D7582E64AE6@oracle.com> <5016F35E.9010901@mnt.se> 
From: Nat Sakimura 
In-Reply-To: 
Mime-Version: 1.0 (1.0)
Date: Mon, 30 Jul 2012 18:26:30 -0700
Message-ID: <6059214728901470322@unknownmsgid>
To: Brian Campbell 
Content-Type: text/plain; charset=ISO-8859-1
Cc: "oauth@ietf.org" 
Subject: Re: [OAUTH-WG] Informal OAuth Chat @ IETF#84
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG 
List-Unsubscribe: , 
List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: , 
X-List-Received-Date: Tue, 31 Jul 2012 01:26:35 -0000

Let me know if we are meeting after the plenary.

=nat via iPhone

On 2012/07/30, at 16:39, Brian Campbell  wrote:

> Is there any consensus about this?
>
> On Mon, Jul 30, 2012 at 2:49 PM, Leif Johansson  wrote:
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> On 07/30/2012 10:43 PM, Phil Hunt wrote:
>>> I can't do it before 5
>>
>> Maybe find another day Hannes?
>> -----BEGIN PGP SIGNATURE-----
>> Version: GnuPG v1.4.11 (GNU/Linux)
>> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>>
>> iEYEARECAAYFAlAW814ACgkQ8Jx8FtbMZndKcwCeLgJdj4EEZOtmrStdXzCHaVXf
>> exQAn2PQ//shnMa86u1YOEHrnC193UBJ
>> =/Jyp
>> -----END PGP SIGNATURE-----
>> _______________________________________________
>> OAuth mailing list
>> OAuth@ietf.org
>> https://www.ietf.org/mailman/listinfo/oauth
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth

From ve7jtb@ve7jtb.com  Mon Jul 30 18:29:30 2012
Return-Path: 
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4F83511E80F2 for ; Mon, 30 Jul 2012 18:29:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.599
X-Spam-Level: 
X-Spam-Status: No, score=-3.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OB1U1I310QK7 for ; Mon, 30 Jul 2012 18:29:29 -0700 (PDT)
Received: from mail-yw0-f44.google.com (mail-yw0-f44.google.com [209.85.213.44]) by ietfa.amsl.com (Postfix) with ESMTP id 561C611E80DB for ; Mon, 30 Jul 2012 18:29:24 -0700 (PDT)
Received: by yhq56 with SMTP id 56so5971901yhq.31 for ; Mon, 30 Jul 2012 18:29:24 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=subject:mime-version:content-type:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to:x-mailer :x-gm-message-state; bh=EJn3xFCUCN9cabbdZ2De/U6CyicEn7L7a4BQElaCcD4=; b=Y47clipg+xrGb0GeJ5LjcOQHYPOopFcsSif65v+u9RguMTKhWEuZktOClhvuWcF7qG QpRGUIIzGxUIOIFOeChmfR8V7zsFXN51Ozm1UlLrLTNtTeDCigdqbBvk4o2RmZ/Y+8y2 50DJq0lFyBqPvC7Nib0CgK4YdU9SwYQTiJ9tG2N3MgGdzOxRb5sZXZi3mjcINcQ/HfyG 3GB58ghGKoJQ7MCBmbEyBGE+XaHDn71db74FZcSTpycBYMIazo+TePRuyXhamngap5Ce syHc6zwdDnaWmAO/JV0YxaZGqRCy89DqCfL/CT6w5Z+g8A63jpRI2PLDtHRawGmgz+V4 rwgA==
Received: by 10.66.83.39 with SMTP id n7mr28349268pay.82.1343698163838; Mon, 30 Jul 2012 18:29:23 -0700 (PDT)
Received: from dhcp-52f7.meeting.ietf.org (dhcp-52f7.meeting.ietf.org. [130.129.82.247]) by mx.google.com with ESMTPS id kh1sm8973353pbc.23.2012.07.30.18.29.22 (version=TLSv1/SSLv3 cipher=OTHER); Mon, 30 Jul 2012 18:29:23 -0700 (PDT)
Mime-Version: 1.0 (Apple Message framework v1280)
Content-Type: text/plain; charset=us-ascii
From: John Bradley 
In-Reply-To: <6059214728901470322@unknownmsgid>
Date: Mon, 30 Jul 2012 18:29:22 -0700
Content-Transfer-Encoding: quoted-printable
Message-Id: <2D98749F-C591-4680-A6AE-7EA04C69D1E2@ve7jtb.com>
References:   <5016EEE7.1050401@mnt.se>  <2535AFEB-FE12-40E5-9E71-0F78F1436CD4@cisco.com> <1B31798A-8E83-4FFF-A91C-8D7582E64AE6@oracle.com> <5016F35E.9010901@mnt.se>  <6059214728901470322@unknownmsgid>
To: Nat Sakimura 
X-Mailer: Apple Mail (2.1280)
X-Gm-Message-State: ALoCoQmpwEm/cEqGXB0MSd5jDV04uUDZNTYqgxkDnE9yfbpx4q9pcm8x9kndmO2PA0lGA1IKlABX
Cc: "oauth@ietf.org" 
Subject: Re: [OAUTH-WG] Informal OAuth Chat @ IETF#84
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG 
List-Unsubscribe: , 
List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: , 
X-List-Received-Date: Tue, 31 Jul 2012 01:29:30 -0000

Some of us met before the Plenary.   I have Dinner plans, but people can =
keep Hannes company.

He seems a touch stressed, but it is all good.

John B.
On 2012-07-30, at 6:26 PM, Nat Sakimura wrote:

> Let me know if we are meeting after the plenary.
>=20
> =3Dnat via iPhone
>=20
> On 2012/07/30, at 16:39, Brian Campbell  =
wrote:
>=20
>> Is there any consensus about this?
>>=20
>> On Mon, Jul 30, 2012 at 2:49 PM, Leif Johansson  wrote:
>>> -----BEGIN PGP SIGNED MESSAGE-----
>>> Hash: SHA1
>>>=20
>>> On 07/30/2012 10:43 PM, Phil Hunt wrote:
>>>> I can't do it before 5
>>>=20
>>> Maybe find another day Hannes?
>>> -----BEGIN PGP SIGNATURE-----
>>> Version: GnuPG v1.4.11 (GNU/Linux)
>>> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>>>=20
>>> iEYEARECAAYFAlAW814ACgkQ8Jx8FtbMZndKcwCeLgJdj4EEZOtmrStdXzCHaVXf
>>> exQAn2PQ//shnMa86u1YOEHrnC193UBJ
>>> =3D/Jyp
>>> -----END PGP SIGNATURE-----
>>> _______________________________________________
>>> OAuth mailing list
>>> OAuth@ietf.org
>>> https://www.ietf.org/mailman/listinfo/oauth
>> _______________________________________________
>> OAuth mailing list
>> OAuth@ietf.org
>> https://www.ietf.org/mailman/listinfo/oauth
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth


From internet-drafts@ietf.org  Mon Jul 30 23:01:30 2012
Return-Path: 
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EEA8311E810E; Mon, 30 Jul 2012 23:01:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.543
X-Spam-Level: 
X-Spam-Status: No, score=-102.543 tagged_above=-999 required=5 tests=[AWL=0.056, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id T-28CI2VYRTV; Mon, 30 Jul 2012 23:01:30 -0700 (PDT)
Received: from ietfa.amsl.com (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7840011E8110; Mon, 30 Jul 2012 23:01:30 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
From: internet-drafts@ietf.org
To: i-d-announce@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 4.33
Message-ID: <20120731060130.8389.93990.idtracker@ietfa.amsl.com>
Date: Mon, 30 Jul 2012 23:01:30 -0700
Cc: oauth@ietf.org
Subject: [OAUTH-WG] I-D Action: draft-ietf-oauth-json-web-token-03.txt
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG 
List-Unsubscribe: , 
List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: , 
X-List-Received-Date: Tue, 31 Jul 2012 06:01:31 -0000

A New Internet-Draft is available from the on-line Internet-Drafts director=
ies.
 This draft is a work item of the Web Authorization Protocol Working Group =
of the IETF.

	Title           : JSON Web Token (JWT)
	Author(s)       : Michael B. Jones
                          John Bradley
                          Nat Sakimura
	Filename        : draft-ietf-oauth-json-web-token-03.txt
	Pages           : 24
	Date            : 2012-07-30

Abstract:
   JSON Web Token (JWT) is a means of representing claims to be
   transferred between two parties.  The claims in a JWT are encoded as
   a JavaScript Object Notation (JSON) object that is digitally signed
   or MACed using JSON Web Signature (JWS) and/or encrypted using JSON
   Web Encryption (JWE).

   The suggested pronunciation of JWT is the same as the English word
   "jot".


The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/doc/draft-ietf-oauth-json-web-token

There's also a htmlized version available at:
http://tools.ietf.org/html/draft-ietf-oauth-json-web-token-03

A diff from the previous version is available at:
http://www.ietf.org/rfcdiff?url2=3Ddraft-ietf-oauth-json-web-token-03


Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/


From Michael.Jones@microsoft.com  Mon Jul 30 23:45:26 2012
Return-Path: 
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A07B411E80F2 for ; Mon, 30 Jul 2012 23:45:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.8
X-Spam-Level: 
X-Spam-Status: No, score=-3.8 tagged_above=-999 required=5 tests=[AWL=-0.202,  BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id x8DEQOKBvUFv for ; Mon, 30 Jul 2012 23:45:24 -0700 (PDT)
Received: from ch1outboundpool.messaging.microsoft.com (ch1ehsobe006.messaging.microsoft.com [216.32.181.186]) by ietfa.amsl.com (Postfix) with ESMTP id 7F1B711E80A3 for ; Mon, 30 Jul 2012 23:45:24 -0700 (PDT)
Received: from mail19-ch1-R.bigfish.com (10.43.68.253) by CH1EHSOBE011.bigfish.com (10.43.70.61) with Microsoft SMTP Server id 14.1.225.23; Tue, 31 Jul 2012 06:45:23 +0000
Received: from mail19-ch1 (localhost [127.0.0.1])	by mail19-ch1-R.bigfish.com (Postfix) with ESMTP id D19A13E0123	for ; Tue, 31 Jul 2012 06:45:23 +0000 (UTC)
X-Forefront-Antispam-Report: CIP:131.107.125.8; KIP:(null); UIP:(null); IPV:NLI; H:TK5EX14HUBC105.redmond.corp.microsoft.com; RD:none; EFVD:NLI
X-SpamScore: -19
X-BigFish: VS-19(zzc85fhzz1202hzz1033IL8275eh8275bh8275dha1495iz2fh2a8h668h839hd25hf0ah107ah)
Received-SPF: pass (mail19-ch1: domain of microsoft.com designates 131.107.125.8 as permitted sender) client-ip=131.107.125.8; envelope-from=Michael.Jones@microsoft.com; helo=TK5EX14HUBC105.redmond.corp.microsoft.com ; icrosoft.com ; 
Received: from mail19-ch1 (localhost.localdomain [127.0.0.1]) by mail19-ch1 (MessageSwitch) id 1343717120785359_11432; Tue, 31 Jul 2012 06:45:20 +0000 (UTC)
Received: from CH1EHSMHS008.bigfish.com (snatpool2.int.messaging.microsoft.com [10.43.68.233])	by mail19-ch1.bigfish.com (Postfix) with ESMTP id BD6C31A0048 for ; Tue, 31 Jul 2012 06:45:20 +0000 (UTC)
Received: from TK5EX14HUBC105.redmond.corp.microsoft.com (131.107.125.8) by CH1EHSMHS008.bigfish.com (10.43.70.8) with Microsoft SMTP Server (TLS) id 14.1.225.23; Tue, 31 Jul 2012 06:45:20 +0000
Received: from TK5EX14MBXC285.redmond.corp.microsoft.com ([169.254.3.222]) by TK5EX14HUBC105.redmond.corp.microsoft.com ([157.54.80.48]) with mapi id 14.02.0309.003; Tue, 31 Jul 2012 06:45:19 +0000
From: Mike Jones 
To: "oauth@ietf.org" 
Thread-Topic: IETF 84 versions of JOSE and JWT specifications
Thread-Index: Ac1u6AwYnaVLVMKTS4ukR+7tYO+uyA==
Date: Tue, 31 Jul 2012 06:45:18 +0000
Message-ID: <4E1F6AAD24975D4BA5B16804296739436674D168@TK5EX14MBXC285.redmond.corp.microsoft.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-originating-ip: [157.54.51.35]
Content-Type: multipart/alternative; boundary="_000_4E1F6AAD24975D4BA5B16804296739436674D168TK5EX14MBXC285r_"
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
Subject: [OAUTH-WG] IETF 84 versions of JOSE and JWT specifications
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG 
List-Unsubscribe: , 
List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: , 
X-List-Received-Date: Tue, 31 Jul 2012 06:45:26 -0000

--_000_4E1F6AAD24975D4BA5B16804296739436674D168TK5EX14MBXC285r_
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

I've made a minor release of the JSON WEB {Signature,Encryption,Key,Algorit=
hms,Token} (JWS, JWE, JWK, JWA, JWT) specifications to support the working =
group discussions at IETF 84 in Vancouver, BC.  This release incorporates working group feedback since the =
minor release on July 16th and updates th=
e lists of open issues in the JWE and JWA specifications.

The specifications are available at:

*        http://tools.ietf.org/html/draft-ietf-jose-json-web-signature-05

*        http://tools.ietf.org/html/draft-ietf-jose-json-web-encryption-05

*        http://tools.ietf.org/html/draft-ietf-jose-json-web-key-05

*        http://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-05

*        http://tools.ietf.org/html/draft-ietf-oauth-json-web-token-03

The document history entries (also in the specifications) are as follows:

http://tools.ietf.org/html/draft-ietf-jose-json-web-signature-05

  *   Added statement that "StringOrURI values are compared as case-sensiti=
ve strings with no transformations or canonicalizations applied".
  *   Indented artwork elements to better distinguish them from the body te=
xt.

http://tools.ietf.org/html/draft-ietf-jose-json-web-encryption-05

  *   Support both direct encryption using a shared or agreed upon symmetri=
c key, and the use of a shared or agreed upon symmetric key to key wrap the=
 CMK.
  *   Added statement that "StringOrURI values are compared as case-sensiti=
ve strings with no transformations or canonicalizations applied".
  *   Updated open issues.
  *   Indented artwork elements to better distinguish them from the body te=
xt.

http://tools.ietf.org/html/draft-ietf-jose-json-web-key-05

  *   Indented artwork elements to better distinguish them from the body te=
xt.

http://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-05

  *   Support both direct encryption using a shared or agreed upon symmetri=
c key, and the use of a shared or agreed upon symmetric key to key wrap the=
 CMK. Specifically, added the alg values dir, ECDH-ES+A128KW, and ECDH-ES+A=
256KW to finish filling in this set of capabilities.
  *   Updated open issues.

http://tools.ietf.org/html/draft-ietf-oauth-json-web-token-03

  *   Added statement that "StringOrURI values are compared as case-sensiti=
ve strings with no transformations or canonicalizations applied".
  *   Indented artwork elements to better distinguish them from the body te=
xt.

                                                            -- Mike




--_000_4E1F6AAD24975D4BA5B16804296739436674D168TK5EX14MBXC285r_
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable











I’ve made a minor release of the JSON WEB {Sig=
nature,Encryption,Key,Algorithms,Token} (JWS, JWE, JWK, JWA, JWT) specifica=
tions to support the working group discussions at
IETF 84 in Vancouver,=
 BC.  This release incorporates working group feedback since the
minor release on July 16t=
h and updates the lists of open issues in the JWE and JWA specifi=
cations.


 


The specifications are available at:


·       
http://tools.ietf.org/html/draft-ietf-jose=
-json-web-signature-05


·       
http://tools.ietf.org/html/draft-ietf-jos=
e-json-web-encryption-05


·       
http://tools.ietf.org/html/draft-ietf-jose-json-=
web-key-05


·       
http://tools.ietf.org/html/draft-ietf-jos=
e-json-web-algorithms-05


·       
http://tools.ietf.org/html/draft-ietf-oauth-j=
son-web-token-03


 


The document history entries (also in the specificat=
ions) are as follows:


 


http://tools.ietf.org/html/draft-ietf-jose-json-we=
b-signature-05


    

  • Added statement that "StringOrURI values are compared as case-sensi=
tive strings with no transformations or canonicalizations applied".

  • Indented artwork elements to better distinguish t=
hem from the body text.


 


http://tools.ietf.org/html/draft-ietf-jose-json-w=
eb-encryption-05


    

  • Support both direct encryption using a shared or agreed upon symmetric k=
ey, and the use of a shared or agreed upon symmetric key to
 key wrap the CMK. 
  • Added statement that "Str=
ingOrURI values are compared as case-sensitive strings with no transformati=
ons or canonicalizations applied".

  • Updated open issues.

  • Indented artwork elements to better distinguish t=
hem from the body text.


 


http://tools.ietf.org/html/draft-ietf-jose-json-web-key-=
05


    

  • Indented artwork elements to better distinguish them from the body text.=



 


http://tools.ietf.org/html/draft-ietf-jose-json-w=
eb-algorithms-05


    

  • Support both direct encryption using a shared or agreed upon symmetric k=
ey, and the use of a shared or agreed upon symmetric key to
 key wrap the CMK. Specifically, added the alg v=
alues
dir,
ECDH-ES+A128KW, and
ECDH-ES+A256KW to finish filling in this set o=
f capabilities.

  • Updated open issues.


 


http://tools.ietf.org/html/draft-ietf-oauth-json-web-=
token-03


    

  • Added statement that "StringOrURI values are compared as case-sensi=
tive strings with no transformations or canonicalizations applied".

  • Indented artwork elements to better distinguish t=
hem from the body text.


 


        &nbs=
p;            &=
nbsp;           &nbs=
p;            &=
nbsp;           &nbs=
p; -- Mike


 


 


 






--_000_4E1F6AAD24975D4BA5B16804296739436674D168TK5EX14MBXC285r_--

From hannes.tschofenig@gmx.net  Tue Jul 31 13:07:34 2012
Return-Path: 
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B8C3921F88E0 for ; Tue, 31 Jul 2012 13:07:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.599
X-Spam-Level: 
X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id K+BZhzyVEedw for ; Tue, 31 Jul 2012 13:07:34 -0700 (PDT)
Received: from mailout-de.gmx.net (mailout-de.gmx.net [213.165.64.23]) by ietfa.amsl.com (Postfix) with SMTP id CA07221F88D4 for ; Tue, 31 Jul 2012 13:07:33 -0700 (PDT)
Received: (qmail invoked by alias); 31 Jul 2012 20:07:31 -0000
Received: from dhcp-172b.meeting.ietf.org (EHLO dhcp-172b.meeting.ietf.org) [130.129.23.43] by mail.gmx.net (mp035) with SMTP; 31 Jul 2012 22:07:31 +0200
X-Authenticated: #29516787
X-Provags-ID: V01U2FsdGVkX1/zy+w5/hTzY0oy7RFXc1Dt5WW2X9Lhd9myEnHYKg LgLiZ3vJMHxzol
From: Hannes Tschofenig 
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Date: Tue, 31 Jul 2012 13:07:29 -0700
Message-Id: 
To: "oauth@ietf.org WG" 
Mime-Version: 1.0 (Apple Message framework v1084)
X-Mailer: Apple Mail (2.1084)
X-Y-GMX-Trusted: 0
Subject: [OAUTH-WG] Presentation slides, please
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG 
List-Unsubscribe: , 
List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: , 
X-List-Received-Date: Tue, 31 Jul 2012 20:07:34 -0000

Hi all, 

please send me your presentation slides for the OAuth working group session. 

Here is the agenda again:

-----

1. Working Group Status (Chairs)

2. JSON Web Token (JWT) (Mike)
http://datatracker.ietf.org/doc/draft-ietf-oauth-json-web-token/

3. JSON Web Token (JWT) Bearer Token Profiles for OAuth 2.0 (Mike)
http://datatracker.ietf.org/doc/draft-ietf-oauth-jwt-bearer/

4. SAML 2.0 Bearer Assertion Profiles for OAuth 2.0 (Brian)
http://datatracker.ietf.org/doc/draft-ietf-oauth-saml2-bearer/

5. OAuth Use Cases (Zachary)
http://datatracker.ietf.org/doc/draft-ietf-oauth-use-cases/

6. OAuth Security (Phil)
http://datatracker.ietf.org/doc/draft-ietf-oauth-v2-http-mac/
http://datatracker.ietf.org/doc/draft-tschofenig-oauth-hotk/

-----

Ciao
Hannes


From bcampbell@pingidentity.com  Tue Jul 31 15:59:45 2012
Return-Path: 
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4FCD111E8165 for ; Tue, 31 Jul 2012 15:59:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.983
X-Spam-Level: 
X-Spam-Status: No, score=-5.983 tagged_above=-999 required=5 tests=[AWL=-0.006, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PpH+6MFX6Yi2 for ; Tue, 31 Jul 2012 15:59:44 -0700 (PDT)
Received: from na3sys009aog133.obsmtp.com (na3sys009aog133.obsmtp.com [74.125.149.82]) by ietfa.amsl.com (Postfix) with ESMTP id 1B1FC11E8153 for ; Tue, 31 Jul 2012 15:59:43 -0700 (PDT)
Received: from mail-vc0-f181.google.com ([209.85.220.181]) (using TLSv1) by na3sys009aob133.postini.com ([74.125.148.12]) with SMTP ID DSNKUBhjXo+VaoUfBgmdS2md21+Php4VNe0J@postini.com; Tue, 31 Jul 2012 15:59:43 PDT
Received: by vcbfl17 with SMTP id fl17so6915775vcb.40 for ; Tue, 31 Jul 2012 15:59:41 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type:x-gm-message-state; bh=F/NKoC67H5wHiLc0fyCGqtC3PNt1Oi3/J2+dRVJT9nQ=; b=LkX5Ea783sxiS15E+8572bcW1Y9hZFk1fejyfk8aNTUpIdxJRXR9wSHEopIT4jiMoP wHX36qplA9XF8uIaav21vHB88DPAsmcxk7NhEDDyEZoqIvtZg2SIsFUPYxEmsgsTgVpE jRQyiBmD/LK+siOaxX12VlnNtDfU7Qjg43jM6xUUUilMMfA82qzplaT80BN3SdJAX8pn o+p1XffLUxlYne8KivFh9fqEjoYWclztse88ZyDGgH4vTXTVv4VKOIO0+xd2BgoEYQlW m8xVIEkUMAg8XYoCtlF1Dpdoh9CoCyA8iReG8Ixp5B3dazS9RBfqPt1n5Q5ORc5kl8SU s6Ig==
Received: by 10.52.97.227 with SMTP id ed3mr13481538vdb.103.1343775581576; Tue, 31 Jul 2012 15:59:41 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.58.76.133 with HTTP; Tue, 31 Jul 2012 15:59:10 -0700 (PDT)
In-Reply-To: 
References: 
From: Brian Campbell 
Date: Tue, 31 Jul 2012 15:59:10 -0700
Message-ID: 
To: Hannes Tschofenig 
Content-Type: multipart/mixed; boundary=20cf307abeed329ed904c62822f0
X-Gm-Message-State: ALoCoQn8NQ/BmEi5R0cN+jPuZsYwqzNY1cKXiimp/Ymb8Lc4J88PkKKxLeFQhLEvk0VdyAtNjjpl
Cc: "oauth@ietf.org WG" 
Subject: Re: [OAUTH-WG] Presentation slides, please
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG 
List-Unsubscribe: , 
List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: , 
X-List-Received-Date: Tue, 31 Jul 2012 22:59:45 -0000

--20cf307abeed329ed904c62822f0
Content-Type: text/plain; charset=ISO-8859-1

My two slides are attached as a PDF.

On Tue, Jul 31, 2012 at 1:07 PM, Hannes Tschofenig
 wrote:
> Hi all,
>
> please send me your presentation slides for the OAuth working group session.
>
> Here is the agenda again:
>
> -----
>
> 1. Working Group Status (Chairs)
>
> 2. JSON Web Token (JWT) (Mike)
> http://datatracker.ietf.org/doc/draft-ietf-oauth-json-web-token/
>
> 3. JSON Web Token (JWT) Bearer Token Profiles for OAuth 2.0 (Mike)
> http://datatracker.ietf.org/doc/draft-ietf-oauth-jwt-bearer/
>
> 4. SAML 2.0 Bearer Assertion Profiles for OAuth 2.0 (Brian)
> http://datatracker.ietf.org/doc/draft-ietf-oauth-saml2-bearer/
>
> 5. OAuth Use Cases (Zachary)
> http://datatracker.ietf.org/doc/draft-ietf-oauth-use-cases/
>
> 6. OAuth Security (Phil)
> http://datatracker.ietf.org/doc/draft-ietf-oauth-v2-http-mac/
> http://datatracker.ietf.org/doc/draft-tschofenig-oauth-hotk/
>
> -----
>
> Ciao
> Hannes
>
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth

--20cf307abeed329ed904c62822f0
Content-Type: application/pdf; name="oauth-assertions-ietf84.pdf"
Content-Disposition: attachment; filename="oauth-assertions-ietf84.pdf"
Content-Transfer-Encoding: base64
X-Attachment-Id: f_h5bl9ezn0

JVBERi0xLjMKJcTl8uXrp/Og0MTGCjQgMCBvYmoKPDwgL0xlbmd0aCA1IDAgUiAvRmlsdGVyIC9G
bGF0ZURlY29kZSA+PgpzdHJlYW0KeAHFWNtu3DYQfedXDFCgkIuuLN5ECggKxG4KpGhRB16gD0Ef
0q1d2/XGieQ0/5n+UI9EzkiWZGfbPtRrQFxyOEOeOXPRvqdX9J5sjf+ywp+hoJuywR95V1F7QT/T
Wzo+7TTtOtLDp9v1G3zwSW5PwaehkrlbmWPFlm4nZvpvV3T5FTXeePoItTfJyOk5Vf1HnZ/iXNVw
phCDq7QbFjYPp2qt0yFckwe7PfUyoYnWaSgqrXamarTaY1w33moYdK7xsapwiHPcv7a+whkOMOcT
NA1Z71S25IypfLTQrpta10HTnqIxTQ39urQ+xhiyoR7qWod0YusMJINNX1X/Fajlr2SCLW1wDeZk
x2TuanBLrWMW9KRNRXUsa+Mrq9htZxft7uLd/Yc3t9Rew3gv1H9YELpHDbjP8cu9pm/vgMlTrBD1
p53pWVGVptdaOgIzYGQwoQmk0AORrHEE5SdbyubxMBX4pnWgjanUFpa3W10CMNpe0msqnh/1XjRU
dIvBBc+0PLi/PhrOUNwdqWHT2/yd8vO7/JQdb3jrngei9eNMl+z5g0VZ6+XdXC2v/JQX5BYf8sHu
r/IKSxpWWuaF6ggeDWWgAiK/0PZ7erGFM0Au11QgGCIDlO5HVXwMbhBvAXdEhNam6eGmBLcpK8Vw
/8bHaAWZy3yg+/zcAOTkEoGKl5KoKjYAJImIlg88w7IAIIlsRKbrRGObxFQhxkQlfJoZsQFGaege
A2vko1rhown1AiCPwNONdROAhI+9K7Y3anDEmjqPKJjRO7gyOqSDNXWvVXEuzPjxhwMYkW7LnDnh
618cqbQiUApZR0RZmHeL5XlkqWK5aRJZKcLmkXUmFjkYLq8z12/zxUSrGOSjHBJA+Ybg0RDZ/z2A
1FATngwgY+LCoQap3zR24s//O3468foeUCci5HSCUPyVpwR+EW9lqt1oFrOPhtIA2GOp3VTL1P5E
KKkUSimnrYXSwepS6vqMOh2XmXD9dIep85w3dK5xKHK2QVdhI20wJ3XsMHXOLmhmnS9DGNJQnOfp
6WW5Iftc6dWjjTiUZVDberQlKCHgcsylF1yW0nvSSvIVykjy5dA9Zd6IyP4dZ6Ml9YSfGIw1bcX/
clyFc/aNCh7eurIJVd8pMCSzzJzoBEgO6ka0rvrWre9GxIbxrgxDdLOJKSIvc/J5sc0D7icop7ov
GI3IA1SmFJFf5y0M3HOpiL+zSJ5RRZeq31D6h2wn3YFUPIlXLI1ILtig1hsxXJ0ZJ1dfgVfuDsap
7c1B8KKjrAJaT3IRjaDPZlwyg0cNXlvXx4lj0okX0e+tdEyPJPwvGTYgippt1b/uFR9WtI7py57C
c0R40n9h22r/NSJgLBBgjvUs7ttdqktnfIjrLQEVz7g15FInrSl3tVJqv5mebIyi2QHY03KABn5F
3fN9DVuJ+7NWeq0/JQNIYygzkgoyf4eUPrD1k+QChhC9dIoC6frEhKQEKUYcTGJAVkQN6+XedDyx
bEohNGkgRUvLuznK5Cy8MPahcrrbOSt2sktMdhLSso1NzFFThUQ9jI70WnGibZoxjsb3Jm3Ao+iG
PnXFieMV2tGJO8Gg46uKq/ItVCGeZpH52angW4k6ucz42nCfU6LsXuLFBjpZEtwEyYUbRXaE/a9/
gKAaEXQmlrEOZtLKTTPRs+OcsR+JR4W3zJQ5xnh84MsUb7ME3AyvwoTcCL/it5WhAOFNbvjFZbuj
/pcKfPDQLpbIk4hSfJE3tVSdCw1LnJBf/Q1QIYe1CmVuZHN0cmVhbQplbmRvYmoKNSAwIG9iagox
MzIwCmVuZG9iagoyIDAgb2JqCjw8IC9UeXBlIC9QYWdlIC9QYXJlbnQgMyAwIFIgL1Jlc291cmNl
cyA2IDAgUiAvQ29udGVudHMgNCAwIFIgL01lZGlhQm94IFswIDAgNzkyIDYxMl0KPj4KZW5kb2Jq
CjYgMCBvYmoKPDwgL1Byb2NTZXQgWyAvUERGIC9UZXh0IC9JbWFnZUIgL0ltYWdlQyAvSW1hZ2VJ
IF0gL0NvbG9yU3BhY2UgPDwgL0NzMiAxMCAwIFIKL0NzMSA3IDAgUiA+PiAvRm9udCA8PCAvVFQx
LjAgMTEgMCBSIC9UVDIuMCAxMiAwIFIgPj4gL1hPYmplY3QgPDwgL0ltMSA4IDAgUgo+PiA+Pgpl
bmRvYmoKOCAwIG9iago8PCAvTGVuZ3RoIDkgMCBSIC9UeXBlIC9YT2JqZWN0IC9TdWJ0eXBlIC9J
bWFnZSAvV2lkdGggMjgwIC9IZWlnaHQgMTYwIC9JbnRlcnBvbGF0ZQp0cnVlIC9Db2xvclNwYWNl
IDEwIDAgUiAvU01hc2sgMTMgMCBSIC9CaXRzUGVyQ29tcG9uZW50IDggL0ZpbHRlciAvRmxhdGVE
ZWNvZGUKPj4Kc3RyZWFtCngB7Vy9lhu5ztzX2dChU4cOHTp1OOGETh06dLjphhtu7ifwI9xXubdm
6ptyHYBkU1L/SR/6zOkFQRAFFItqjUbenz/rKgaKgWKgGCgGioFioBgoBoqBYqAYKAaKgWKgGCgG
ioFioBgoBoqBYqAYKAaKgWKgGCgGioFioBgoBoqBYqAYKAaKgWKgGCgGioFioBgoBoqBYqAYKAaK
gWKgGCgGioFi4DAG/vrrr8Owf/48EP1A6AMJL+gtGICWeG2RfDHnG/gBB/lA6EVaKuC+GKCW/v77
70OO0oHoB0Lfl0Kq2kUGgpZ4mn79+rW4cJWAA9EPhF6FukpyHgaopaaidijyQPQDoXcgtiD2ZABa
4tNH7+iCsWkxB6IfCL0ppZV8fwb8BZl2OER0blTYgegHQm9EZqU9igE/OONHEmZXL/JA9AOhV6ex
Eh7LALTUfPQ0nRTeigUfiH4g9IoEVqozMNA8LNlJj99XKT4DNbXtuLRvRz8Q+vbiK8OpGODDRXeX
q+uZARKepm7sRbieXygyfNbtW9APhL6l7Fp7QgZck4uiVYAMLId9dV8Hoh8IfTVdtfCcDLiW3NYx
oaEhYmTL4MIrGnREt5WZhoYrojuc28LaDvoKomrJmRlwWbodtESZeYDbrreLmvUkbu+A7nBu7wB9
EUUVfH4GoB+/soSCh0O/Y7liZE827tBaOzAcV6AytHAG/UDomfIq5o4YoJZcnJKiTwUnp5oBkjSM
RR48gy9U/qZTszBCgA8d/Y8//vAh7N2ggZXRQzE1vGsGxjqUXF2cWiKnPDkengE/vpDZlFNGL6YZ
wAJ8iuiQ8X//88HFnCO1SsYq0Cggow84qam7Y0CCkUF1Zf24hzFaEozmsMlMiBS0Y/Visp+e4OeQ
MsY50lHKEGFhDlB5vUj5fS0az+hNNsp5pwxIGDQoA7+7HiSSxQDP5nZgiVO6e9qAhZjgCUMPYEIF
YOgy1lFSgIywUP5ghGGA5qxieuiBihreOwN5310Y0kM2xqprxv/zzz9Ol4AUPM6peIb5UBlo+DAf
Ih2lnMEXEiV7en5FesAA3ako+wEY8H2XGBaNxQCkZQzvz8/PP378+Pfff/2f/hE6RGo4MCbRezJu
HiUWs5h5PmAR/QHEc3gL3LVDynBoqBraljYG0vUpZtCqgcHIjx8/Pj09ffv2DY8keLzrkHaQSlOT
6GMZ56Ok/ANjEhphk+hOxXY26tku+YGZuR2871wGQSkVPhqgbTwp3A97oCVOLQYo4fv373GOvnz5
gnOkzOia6MqjqRlDq3pGU8Y95wyiYnqICoDRA+Lh9TsitxaACtsaaOf86EutcVN2K8ChWQMfRjhH
FHkO6Hl6/iCzd+/effjw4fPnz3hfxyW6o2uiA1qrMCt7YIzRezLGqsHUKtBjiB76dgIgUbpvB7Rz
Zt8sdQdjhzIcWhKV8/v371+/fpV/0VgMQGY8iXCIPn36hIeRgLiQd77Nwyl2aEUOjAF6T6vKNghQ
zMAYQGNqkJwLewFbCABdqBGV7b+fbgG6Q071QiPcNy0gQAd6oWRcOEp4avQiteRlb16vcSSfROEQ
hYUcEhpHCcNxTsaHJL6kp1KPwfJe2CDzIvQg7ST6ugIgqKBRnux1gXbO5hvhTbm9UUmCFpMyOIXh
60l6OUqTelaGpjF5iLg2QDshzeQeoPph9E6HklwUrFXBCEMVswr6WgJgp34PZa8FtHMe30F1pC3w
2dUL8+TBZiWq5yI9N1PBiWx+iJQ8YMnPJRma/h6K+5mqJ2NGKptwYQyWeJhjhWxKO0jlyz1tb8nt
AsiIjqvZ24F2zqDKaeDOvnr3FctzaIdTDSEg67m5Bb48BORDFAK0Vn56MrQis+FrMdvTpBZ6vGwY
iwuVQYYvhxPXYhItQbDsAfotAnit6DeKI+apW4B2XuuNkEMxyb7CnbOrFOnQjuIFuM2YrGfFyGCk
hjLCBwsCVYCMPAWPQysyG46O2UUZZyzlxNTMco/HEg23Q79OAF6b2yzYy9bsdUA7r0K1utRF8HiP
HnNjqUKB0YPIfnpm9OylEqL3JFKkjGZJGVph2VCq+VOgJTKUdpBEMTJ8+WChwmiEIbIpYS/JpQJg
Tt2biAJlGGMuBdo53ksNTYWhR6pTxFxdsCcUljK7wUiPp62jxL/7KIkMXwKnHyKfoo27FmZDMTQE
zU88mmsZ2VNgb4mgc0AvlZbIIDSGvSU5uZbQyAG9VPMCcAiVKkOI8sjg1DzQzpGqnA36kC2oERke
o1VXlJ3zNCG8DAW4M+uZVXkMPX6IlEplyNMzPCHtDB3WYtjTnnBZWxhmLAUMEjKVrx0Eq1Rf5bbn
WUSfEYCSyFANAUsBbsDGNQO0c0yvC/lZuQ9l0/D7RcU38wS4EBNmfRj0nBfC478T5QDPBjsHyOOz
sAN0mO3JWNlo9IbIxisETKadDAvJNXwDj2z00o4FoLQycv7QLIYKpsH7GGjnWXURim9W7jEhwKcm
WxC0UsFDW55sKEaGYuAZ6BlhzSeRltMIQ6G40bQd2pP09OYxSMhr4NSUR/aSI4bxvQBlk6Elbsj2
MDl7yXsCwEK/mNPvmPWh25piBk71gLbzo+XeFar1gjnFyt2fPR4Je7ERZgirlDZgKUxGCNAQAa5n
JYTfn0Tup+2ZlW1s5FlB69c0cO7f8/SvbQdcL0B2z3D/AGIwtTV6FoAjqn53wg5+zrqfAbz39Ax/
Rl/LMwBVnV6knDJ8ljamNOvGq3v0DtaDc1ol9ykt0WzTQ2jXMxvHF+fyd+cYrIRNOKFkI8Q3oXuH
SKA5LfMoIBs5AD02gZpOR3RbQE2nz4aAHrpLF0t8lWylDQaHcir+JcvrhamBpB16XXsAuucUmnpj
4uW/ThT98sgYh/kqLuGdR0lbDAPfncMXuT2bIGR4tmakOxnsS5rQLmaU4RkcV/aikQOQU506XLB3
RgfcURdkttEXXAcdBbY3HaIMCUl6yJ48hZgQxhhFylAYsLwXDBGjsJ7R87/i/z74DPO7BwRoluG9
q8iQYYyuVW7IboKKgWPRVcaKBjrqXeAk/FvmtZ5KPUT4V2xtJhUQtfWTRjMMTl7SHoaym331oH1h
yKmEA0PLGXMpdA9RaWUMahhAY1MGje+APqOKK2LQVO/iP09b6+x4nh4i/Fe0cOMSgEobMwZFElSk
oTIobNBUE1qpZCjnpIEwXk3oAMpIVfu29PeLQJi6qKpcwLHoN0plsBx99S78bwHwxh6PJD8Cq9g9
RPgHpW43BVzoRwrJhs9mpdET9EbnYkeEzvlzDTMe5UFwExpOfFSIyyNZKu+hC4Eq3sPcqUg3/vzz
Ty8DNj7t9wwKbjp9tmkPnADC5ejb6QeZAdS7+L8FwL+7XP23pB7ibv5MKaB9K10hTXuwg8qDnBko
exCmbDTC0AsYTHlYExpOnCB8VMg769SqycyKXzQg45cT+/49i8FdHmEpiTzZUAwM2SEsDAn0+rHo
SOEoaYcLHyjhrd3O5ygQRX5uvGv7SCz+zyFgb0bPKkaG9gseOd2Q3YPo+bUQhtuOKHtsjCFAAhjI
Hxg6qNvCmndiiZQMLAxREu7iH07PBjsMBSojBLyu+P0WwmcB7T3icQAlo19cwHVoJl/ljgZ711Hn
iBStdfcNBZNoChcMdN08SsLVDvYM51/7SOcgOQLGs70CchmMDP6Z5GAA6sL7dlzNJE0ngQJcGHKh
lAwgepSQWwB0XHA2cyrYDY8UqDIoktBAQX78ARoPAnxlFxdsNAsnd5/xK95Be+8C6EbPI/yShV+7
+P80QMt4ieArFe5iJvN2hYfvK7h3oBFk4hKraLx5lLRN2VB5YQsUCf9i2kGM8iuhDE3JyFOL0FyC
O3kgFcqTDWHB8EuRcAYbnGMfqWRO+R3x2gieYi3PRkjOAnKY8vshgnTx2z2meMGG3nis0LtDI0BA
V9uAxkW9kQE9EwEH6C0+Z+CHFSgefQGFrxJ8oQD/pEutccgGL7LRlzYUgkEvzMlUGMLZE56jN6Ez
4VzSS5iT9CInoRGmSCbvJRS0DK4FA7ywBUolg8Fa4kM5FcyE8DvndGpKQ4RxO6jqEDAGErSHIQOG
gsYZQWY4g3QxxC8pXIjGUYOXdIvNE0Sx8UUbYsalZyKSr/IBXU6Czy7QF/KjI3TNC63xtUJ0IeA6
O7MKDr0MDJEcuD35YRaX0AeGwsapFCZjHJ8RtdAN2LjGqRAQsnHIL1q4qBT2mvXlJo8MOeWhIc6h
nxwjDwxcAOUzQnpWNgbwTmeYykNB8xAhwPdatj4x0+57qutsHiJ/z4OOcFHSaBONQOqCVjFrGczM
Vwm+ULARQOM00b7urrcWzmpohEP0uNZRGig5dwFcOgerFOOG20o7SMIYrPKFHPLeO0rNhQOnOMch
UhiN3n0MHZKE+j2nHyKIB1OLEvXd91SX2t41zg5PDZLggqRxQd4oJmhvsbzrAoDCi8uBDtIgb9/u
edtZRRJ0NK4KAbccJe7vpJLZBRDdGKz1MALR4/ZgeQDybJzivadnR1GqplOc80nkMQT1u6caQIck
WhUMKdlfM8c77rPItpbSUDCky+Rviv7lWDvbqAGIapC8Td6vY5VYPUES2rdVHjp7C32JbF8r50wG
LvQ7ll+9UNAwcLmeVWE2EBkKwNAPUZ4NS5RT/ia0ZmG4reU0BH3dIaKwkUrPEWEx/+AelIaFyEbp
7nxeFuHQBV8r2M4LoW/72LRvYZVY87JUJVcs0Vr1BWMmD7tW7zNLBKG19MgvQ3pufuygmpWHHnHu
b+cYo8x5rU9htgftC7VEhqBxiCbfzvUkh5y7Ka1Xw6b++QadVXCChZcWRqyLxDkfjORZXUEni9mY
hPfFYMIJQgUEvwJgSM94q88wrXJoOcV5eDunABlCkYeGhgHaZxXjhqBveRK5QpB88iitDu1lbGer
Qe1F3uLwkMWS6+oh1oxEEdkLw1SoMAwZ0Azr5WQG3LmqFxZyhqGWyy+PjKBn+WH4hQzinIfIcyLS
h277lPw0MnRA5BDBGykZmXmUvEi3EaCu1zq/1wn1ulVsEHc1RZvDdVklVk+oQOTVC/DCGOllv63+
LTPFY4p2L/NigFLJ8AK03J2KpMG767kZAKc490PkSQTXzKBZGQzL0DmnoLdQMuD4ZiYUxuGm0Ncd
jUtXsUG0o4sMe2s3vklWScTq6RmzvalQG4YsMvjl7BmD/IMpooScYdgrSRUyQHoOvytxVpzn34mY
R6BhKH82FOnQCiMu7oK+/XcibXcwAKqnkqraBzpUstGQDTq32z1kidUTbfPbRNprJ19OL1vOgbEi
NOvJWCqJhoaMl57D70rivPk7kZKEnME/KAZTgtafEVmSoLd4ErloUa2eSjtDexnb2WyQu4Bv5emP
yOx6XVxiNfUczhFiWBI5z5pxf57teVaBZnJBeJ1uK8DjpWccJfpfvi398SO/8eKR3qCndTtA+JQv
Z5hDMxK4m253EA/K4FMJxs7QoZKNhugL79/wSoUXJbwkwljr7VwumGSO9TxziJDHpeISylMeeSO0
kgsxezTlhmzXMwnHHRcCFBPsSQiF0dBQaTP01tsdBICSdlNagN5niAZBMl4u0CYM/RF5C3RgAain
58VDJHnIkE4GhoJhrAstUIeAU343aFPPuINtUIErx8DDK6eFPzuzJyznqgC9w3YHCaFO1ICW94cO
lWw01Lfy+P2ljVCYFmSCyazncIiCErJU6On5XW9uI3476MWaQyUe7+2oqWZ806klnscj3UYMrx22
O2hpT6UF6H2G/pW8rRGxieEoQdtwYq+13WHoU4rpObXWI+Wc/78caIkMT+g2AxQmI8egcbwmI4Aa
xh0xzWuQBPGanTfwexmg9W1P7PIhX7zZU2lbK/nw/Nh9HSUcInx2hM9gXR5uUypZMDnGPW5rLVCA
hYtPJULTo5jmwlBDMwZO97vN5fhIAb+BUszcAirZk/fsnO0iT4Y+XANVwCoMQDA8SthifHb08tHV
6/9nwOXRs11sHkN/0wMn/1wCFMDhwiGiobsvdFtp5ZQnGGGoeBj4h2kSMx5D/izAM0ILfQlsXpqV
Ab/sRWMAvcpWVpJjGYAA8Csn3m/wYyt8goQrKMcF47bEE+LlDwYeOpATDhHEDDg8F3ARlzaHDuG2
srlzDK0lMIBOaP79KNPeTKUMDjp2albGInQupjx3xwBeiiESnCZceDzhgp6lARlNIXFWMTJysP/h
HkoGFt5c5Qt+6jxngCc7hZgNxnOJ0NEaIJqfiMKJKYdgBmbO+Sc9M9B3p5kqODPAtzd4n4OLb28g
b4rZJTSQjest2FwlLeHpg3OKGCmZuLizMPgxi5gMB3/T2fMzGPeADk8mgR5M8SghZzMtc85PzUP3
Sir/3TGgj3GgagiGgn8V1P/dpKIsJE1lo6kl/93EiaJf6DmbPKpBnqbh6DgjiHG4bCNg/hQ3EUkW
pi6FzsWU564ZcDFTKlkwknE2PPgKLTl6Ti6PUOTJhqPzdMzsCzLffpSug54pr2LujoGeoqThbEDM
vDB1o5aIrmzBCENVAj9tfqyBTwL5ZhLOef4FrbQXGbdAzxdZkXfEwEWKkoax6sZDRIqI3tMw/WGW
w9vRkUe/KwUIHmE1GwyHnnkneUdiqFJvYQAq4u9KTTllJzwrammMniUNz1rogvaTInux8fl3krfs
Tq29IwakqCCe5tBlvIqWxuihhnXfUwk6Hx95ZKze+B0ppEqdZCArCvqRhGjjvq6MVZvQw6khrpxb
KJnQggiI8m/UuBgo42EYyIqSiqAu2C7j1X81IHqQMXHp3E7Jgma/fs+Nr/IIfhjNVCNNBoKiXNV+
iDbSEtEpYz9BsLc7ROSh2Xg+RKu/ejR3oZwPwEBQFFW9tYzF24HoTegdXj3UexkPxoAUxecRv316
3V9qrmDmQHRBw0DvOzd+BVe15OQMUFG448vbvPgVUHh2qLyJvtGbydAOoPl3pbe+X/5BU72dCyzV
cJ4BKgrfaIWQ+BXufQ4RKzwQ/UDo+d2pyDtigF/P5rs7fYV7t/oPRD8Qejd6C2g3Bnpf296ngAPR
D4Teh9tCKQaKgWKgGCgGioFioBgoBoqBYqAYKAaKgWKgGCgGioFioBgoBoqBYqAYKAaKgWKgGCgG
ioFioBgoBoqBYqAYKAaKgWKgGCgGHpiB9++fxj8fPjx9+PB8WgbGxV80e6oeL6p8Phi7eao2Ucx8
8TnyVZxPHz8+8+fA1lDbu3dfxj+IObDCMfRM/ePuOHu2HtfqK/R+znMUirxuiKM0lsqmszP7dTaN
OSEz9c/sy9l6XKuv0PsJ31qs1emxLxEzXZxNY3WOwumYHx4rNt842TMKnGnwWJXOdHFshSK8aczU
f/5dyK2t1Vfo/YGfR8eqdGa/jq0wa8w9M/UHLTWHZ+txrb5Cs/U8cvGsaM/s19k05u3P1B+01Bye
rce1+grN1jly8axoz+zX2TTm7c/UH7TUHJ6tx7X6Cs2erU1s5VqdHtvaTBfHVuinJtsz9QctNYdn
63GtvkKzZ2uzzlGW9CGeGb0hZubnkPp7oDN9hTMyM0TaHuJR/slOT76DM12ckHxt+r3Xr0aCMZDN
5HnpZQhAhw9ndhAtI+zwUgcFzHRx5hYm60fY4GfAz9mmZvo9v+qc1cfoaKYLxHjjp7Jn6h+/gJ+5
u0z1ZL931NR8R4gc/GSu9vTMdIGYPUu6CGum/jpHF1G6c/DtO3iG5+9MF3WOdpbWAG5mv86gq0EL
YWqyo5O/GM508djn6IR/mgxK8+HMftU5csb2sWf25dHP0ZHft790l2f2q87RpazeHj+zL499jo79
dyuX7uDMftU5upTV2+Nn9qXO0e08r5VhZr/qHK3F9nyemX2pczTP59aRM/tV52jrXcj5Z/bl3s8R
6g8/+Gzh9ecZ/x6n3tdlVezpmVEgXxm4idg4GG87+NvYs+aMNdMFYvLCk3juvf5LaYR+IKrFnzNv
WWh5ZgfP/4Sd6eLMm3Lv9QdRLQ7x9Fw8ROdXnbc5s4Pn72imiwc4R2hh8cc397T2p09f6xydcHf+
P5yjRxLe5891jk54jKb+NeK9P48e6Rw9PX1/pHZwJGZeydHymUU42cWZW5jchUXtnblHf/19fq5z
5HycxZ7R4Zk1NlP/4iE6/8ud5FLnSFScypjRYZ2j82zZ5DnCx+PnqXlcyYwCz/9CN9NFnaOxEvac
fX7+MfN4rXO056YA697P0eTfJRe1dy/CmzxHd/QljRkF3sXzCI0s/ux8uufhIJjwg7+wwKM7DP24
P9gYzoMeGIn3da8/P97uMr7jozz8fPnyDT+fP387sMiLoBe1p4CL0lZwMVAMFAPFQDFQDBQDxUAx
UAwUA8VAMVAMFAPFQDFQDBQDxUAxUAwUA8VAMVAMFAPFQDFQDBQDxUAxUAwUA8VAMVAMFAPFQDFQ
DBQDxUAxUAwUA8VAMVAMFAMrMvA/W5eHowplbmRzdHJlYW0KZW5kb2JqCjkgMCBvYmoKNjMzNgpl
bmRvYmoKMTMgMCBvYmoKPDwgL0xlbmd0aCAxNCAwIFIgL1R5cGUgL1hPYmplY3QgL1N1YnR5cGUg
L0ltYWdlIC9XaWR0aCAyODAgL0hlaWdodCAxNjAgL0NvbG9yU3BhY2UKL0RldmljZUdyYXkgL0lu
dGVycG9sYXRlIHRydWUgL0JpdHNQZXJDb21wb25lbnQgOCAvRmlsdGVyIC9GbGF0ZURlY29kZSA+
PgpzdHJlYW0KeAHtmdF24zgMQ/v/P92xHcsEJZKCnMTS6XBfQkqXEIhtu9uZn5/8JxPIBDKBTCAT
yAQygUwgE8gEMoFMIBPIBDKBTCAT+IMJ/NI70SQN0k8/D/7+slvQJA0+vy394rYDGQxN0iBt8nnw
2IFKhiZp8Plt6RfLDv1vJZqkQdrk8+C1Q/dbiSZp8Plt6Rdhh04wNEmDtMnnQbVDGAxN0uDz29Iv
VjsEwdAkDdImnwebHdxgaJIGn9+WftHYwQmGJmmQNvk8aO5gBkOTNPj8tvSLzg5GMDRJg7TJ50F3
hyYYmqTB57elXwx2qIKhSRqkTT4PhjuoYAjy9RsEAf70f9d4Pgp8sbMDBEOQG7JpE+DOoIvl6u4O
l3+CPJB+LJvki1wujcsQtexBU+QgdNlYr6A22W1T4Ci0Xh6XI26VvxDM9RPh2t0pdpCL5fgZSaJj
mGMNjj/183n3BbJ+eSxAB3P+rBzbmqB9f68bdhtCh5MiPCPCBogzVB0vdEjECHVbrHThAs7/jKwW
dxHD3BWd7reSgPMrf7HLm49QN5fOVoQDCM6vPavgzEOoc9DZymBEg/M726ryZSPUqdLZGneoBuf3
ltXKlYVQZ5XO1jpjLTj/pLXaeGoR6qTR2Q7MQQucf1ZbNRzVCNUbOtuRMWqD80+1VdOPRqjO1NkO
m2EPnH+OVh03iFC1o7MdV+M+OP9GrLpeBKEqV2e7UAIROP+uWA2cFCT+DATkCiTkcM3qZZXxBksZ
JaMAXzEcPpPad6TeN8KAI0qiQNyDhV78M/77hMXNf9cefH3U5XcfXlu9zgL7tZ1/2R0GUdVffnlx
+SoMaBc3/mV7EERVfvnhxeWrMKBd3PiX7UEQdfnll5eWr7NQ/dLOB83ti/EjKoa6IWXGXiRFP4yd
q22/55LCdRaqZ/4a8PX/zAxJOvoGBlsxTuPfAw6xzWWYsbz4jX0+pCkmy06e8LFrhfutnzHOeG9N
P0eTR+05Ir5Oai1bSlM2M/1UmwyCMcD+kbVePWUx089qk0dvuTLB/mEr1c60zPST1uRx0vpywP5x
LWVN1Mz03jJ5nNXOXLB/oaVsXjPTO9vkcaq9BWD/CqU8GpnptWfyOEd3Idi/FCmfFWZ65Zs8bsRf
B+xfF6mILMz0z8jkcVccdsE+8JKKufLc5M/Y5HHLbEPI7Mgu1UMnBzKwLbNNb9vzvh9L+AvVW5mx
vw3vv9Nx6zDbcEoU9db27vC+rXuJF5THKRC6/Fy9rcKJTdmZepTzP0S93iVGKIOzIML/IPJHcqG/
5Ld4mO+P8i+4m2YBl/3c9u0tcf13o4vKlh1NAReuOuuCc56MwwbJtcvgX29lnCZpsHpgrdbdorFJ
kzTYPLHSgbOFYZEmadB4ZJ0jcwvTHk3SoPnMKofGFo41mqRB56E1jpstXFs0SYPuUytcVFsElmiS
BoPH5l+pLUI7NEmD4XOzL2GLjhWapMHOg3Ovry26NmiSBrtPzgTOLQgLNEmDxKPzkGML6nmapEHq
2UkQ+YeumzuapMFJK+ezmUAmkAlkAplAJpAJZAKZQCaQCWQC/2cC5x9wvD5uRKDmsRnUwtG2HhTz
/yaXFlIe6CkB1Tw2glAVjrY1JQFQq3CeABOXSiFGzVs1j41J+4c42tb+nH3TKpwnNm6cKgXjvnek
5rHpDVb3ONrWFdxtW4XzpDtZAKVQDgc+1Tw2Axo7iqNtPSjmq9FCygM9JaCax0YQqsLRtqYkAGoV
zhNg4lIpxKh5q+axMWn/EEfb2p+zb1qF88TGjVOlYNz3jtQ8Nr3B6h5H27qCu22rcJ50JwugFMrh
wKeax2ZAY0dxtK0HxXw1Wkh5oKcEVPPYCEJVONrWlARArcJ5AkxcKoUYNW/fnS+iSqdpCsV+agF2
CjmlgBdkrealIadbTCT2qr3nTt5XUQrco4pS89IoZqQRib0amURWq0iHTFzLzD0bal6a+NHgViT2
KgDDK60iXTikLmXmng01L416Y6QRib0amURWq0iHTFzLzD0bal6a+NHgViT2KgDDK60iXTikLmXm
ng01L416Y6QRib0amURWq0iHTFzLzD0bal6a+NHgViT2KgDDK60iXTikLmXmng01L416Y6QRib0a
mURWq0iHTFzLzD0bal6a+NHgViT2KgDDK60iXTikLmXmng01L416Y6QRib0amURWq0iHTFzLzD0b
787X7pTeh3Kp32B65YMZqJh35yu56jfh+pbtlatb6SoF9lng1Dw2wIyUKPGp76OR9wurfJTDgU81
j82ABqIokblIMpmLZIFV5oJpSJ25SBZYZS6YhtSZi2SBVeaCaUi9Si7iKKtMIBPIBDKBTCATyAQy
gUwgE8gEMoFMIBPIBDKBdxP4BwlVoyoKZW5kc3RyZWFtCmVuZG9iagoxNCAwIG9iagoxNzgxCmVu
ZG9iagoxNSAwIG9iago8PCAvTGVuZ3RoIDE2IDAgUiAvTiAzIC9BbHRlcm5hdGUgL0RldmljZVJH
QiAvRmlsdGVyIC9GbGF0ZURlY29kZSA+PgpzdHJlYW0KeAGdlndUU9kWh8+9N73QEiIgJfQaegkg
0jtIFQRRiUmAUAKGhCZ2RAVGFBEpVmRUwAFHhyJjRRQLg4Ji1wnyEFDGwVFEReXdjGsJ7601896a
/cdZ39nnt9fZZ+9917oAUPyCBMJ0WAGANKFYFO7rwVwSE8vE9wIYEAEOWAHA4WZmBEf4RALU/L09
mZmoSMaz9u4ugGS72yy/UCZz1v9/kSI3QyQGAApF1TY8fiYX5QKUU7PFGTL/BMr0lSkyhjEyFqEJ
oqwi48SvbPan5iu7yZiXJuShGlnOGbw0noy7UN6aJeGjjAShXJgl4GejfAdlvVRJmgDl9yjT0/ic
TAAwFJlfzOcmoWyJMkUUGe6J8gIACJTEObxyDov5OWieAHimZ+SKBIlJYqYR15hp5ejIZvrxs1P5
YjErlMNN4Yh4TM/0tAyOMBeAr2+WRQElWW2ZaJHtrRzt7VnW5mj5v9nfHn5T/T3IevtV8Sbsz55B
jJ5Z32zsrC+9FgD2JFqbHbO+lVUAtG0GQOXhrE/vIADyBQC03pzzHoZsXpLE4gwnC4vs7GxzAZ9r
LivoN/ufgm/Kv4Y595nL7vtWO6YXP4EjSRUzZUXlpqemS0TMzAwOl89k/fcQ/+PAOWnNycMsnJ/A
F/GF6FVR6JQJhIlou4U8gViQLmQKhH/V4X8YNicHGX6daxRodV8AfYU5ULhJB8hvPQBDIwMkbj96
An3rWxAxCsi+vGitka9zjzJ6/uf6Hwtcim7hTEEiU+b2DI9kciWiLBmj34RswQISkAd0oAo0gS4w
AixgDRyAM3AD3iAAhIBIEAOWAy5IAmlABLJBPtgACkEx2AF2g2pwANSBetAEToI2cAZcBFfADXAL
DIBHQAqGwUswAd6BaQiC8BAVokGqkBakD5lC1hAbWgh5Q0FQOBQDxUOJkBCSQPnQJqgYKoOqoUNQ
PfQjdBq6CF2D+qAH0CA0Bv0BfYQRmALTYQ3YALaA2bA7HAhHwsvgRHgVnAcXwNvhSrgWPg63whfh
G/AALIVfwpMIQMgIA9FGWAgb8URCkFgkAREha5EipAKpRZqQDqQbuY1IkXHkAwaHoWGYGBbGGeOH
WYzhYlZh1mJKMNWYY5hWTBfmNmYQM4H5gqVi1bGmWCesP3YJNhGbjS3EVmCPYFuwl7ED2GHsOxwO
x8AZ4hxwfrgYXDJuNa4Etw/XjLuA68MN4SbxeLwq3hTvgg/Bc/BifCG+Cn8cfx7fjx/GvyeQCVoE
a4IPIZYgJGwkVBAaCOcI/YQRwjRRgahPdCKGEHnEXGIpsY7YQbxJHCZOkxRJhiQXUiQpmbSBVElq
Il0mPSa9IZPJOmRHchhZQF5PriSfIF8lD5I/UJQoJhRPShxFQtlOOUq5QHlAeUOlUg2obtRYqpi6
nVpPvUR9Sn0vR5Mzl/OX48mtk6uRa5Xrl3slT5TXl3eXXy6fJ18hf0r+pvy4AlHBQMFTgaOwVqFG
4bTCPYVJRZqilWKIYppiiWKD4jXFUSW8koGStxJPqUDpsNIlpSEaQtOledK4tE20Otpl2jAdRzek
+9OT6cX0H+i99AllJWVb5SjlHOUa5bPKUgbCMGD4M1IZpYyTjLuMj/M05rnP48/bNq9pXv+8KZX5
Km4qfJUilWaVAZWPqkxVb9UU1Z2qbapP1DBqJmphatlq+9Uuq43Pp893ns+dXzT/5PyH6rC6iXq4
+mr1w+o96pMamhq+GhkaVRqXNMY1GZpumsma5ZrnNMe0aFoLtQRa5VrntV4wlZnuzFRmJbOLOaGt
ru2nLdE+pN2rPa1jqLNYZ6NOs84TXZIuWzdBt1y3U3dCT0svWC9fr1HvoT5Rn62fpL9Hv1t/ysDQ
INpgi0GbwaihiqG/YZ5ho+FjI6qRq9Eqo1qjO8Y4Y7ZxivE+41smsImdSZJJjclNU9jU3lRgus+0
zwxr5mgmNKs1u8eisNxZWaxG1qA5wzzIfKN5m/krCz2LWIudFt0WXyztLFMt6ywfWSlZBVhttOqw
+sPaxJprXWN9x4Zq42Ozzqbd5rWtqS3fdr/tfTuaXbDdFrtOu8/2DvYi+yb7MQc9h3iHvQ732HR2
KLuEfdUR6+jhuM7xjOMHJ3snsdNJp9+dWc4pzg3OowsMF/AX1C0YctFx4bgccpEuZC6MX3hwodRV
25XjWuv6zE3Xjed2xG3E3dg92f24+ysPSw+RR4vHlKeT5xrPC16Il69XkVevt5L3Yu9q76c+Oj6J
Po0+E752vqt9L/hh/QL9dvrd89fw5/rX+08EOASsCegKpARGBFYHPgsyCRIFdQTDwQHBu4IfL9Jf
JFzUFgJC/EN2hTwJNQxdFfpzGC4sNKwm7Hm4VXh+eHcELWJFREPEu0iPyNLIR4uNFksWd0bJR8VF
1UdNRXtFl0VLl1gsWbPkRoxajCCmPRYfGxV7JHZyqffS3UuH4+ziCuPuLjNclrPs2nK15anLz66Q
X8FZcSoeGx8d3xD/iRPCqeVMrvRfuXflBNeTu4f7kufGK+eN8V34ZfyRBJeEsoTRRJfEXYljSa5J
FUnjAk9BteB1sl/ygeSplJCUoykzqdGpzWmEtPi000IlYYqwK10zPSe9L8M0ozBDuspp1e5VE6JA
0ZFMKHNZZruYjv5M9UiMJJslg1kLs2qy3mdHZZ/KUcwR5vTkmuRuyx3J88n7fjVmNXd1Z752/ob8
wTXuaw6thdauXNu5Tnddwbrh9b7rj20gbUjZ8MtGy41lG99uit7UUaBRsL5gaLPv5sZCuUJR4b0t
zlsObMVsFWzt3WazrWrblyJe0fViy+KK4k8l3JLr31l9V/ndzPaE7b2l9qX7d+B2CHfc3em681iZ
Ylle2dCu4F2t5czyovK3u1fsvlZhW3FgD2mPZI+0MqiyvUqvakfVp+qk6oEaj5rmvep7t+2d2sfb
17/fbX/TAY0DxQc+HhQcvH/I91BrrUFtxWHc4azDz+ui6rq/Z39ff0TtSPGRz0eFR6XHwo911TvU
1zeoN5Q2wo2SxrHjccdv/eD1Q3sTq+lQM6O5+AQ4ITnx4sf4H++eDDzZeYp9qukn/Z/2ttBailqh
1tzWibakNml7THvf6YDTnR3OHS0/m/989Iz2mZqzymdLz5HOFZybOZ93fvJCxoXxi4kXhzpXdD66
tOTSna6wrt7LgZevXvG5cqnbvfv8VZerZ645XTt9nX297Yb9jdYeu56WX+x+aem172296XCz/Zbj
rY6+BX3n+l37L972un3ljv+dGwOLBvruLr57/17cPel93v3RB6kPXj/Mejj9aP1j7OOiJwpPKp6q
P6391fjXZqm99Oyg12DPs4hnj4a4Qy//lfmvT8MFz6nPK0a0RupHrUfPjPmM3Xqx9MXwy4yX0+OF
vyn+tveV0auffnf7vWdiycTwa9HrmT9K3qi+OfrW9m3nZOjk03dp76anit6rvj/2gf2h+2P0x5Hp
7E/4T5WfjT93fAn88ngmbWbm3/eE8/sKZW5kc3RyZWFtCmVuZG9iagoxNiAwIG9iagoyNjEyCmVu
ZG9iagoxMCAwIG9iagpbIC9JQ0NCYXNlZCAxNSAwIFIgXQplbmRvYmoKMTcgMCBvYmoKPDwgL0xl
bmd0aCAxOCAwIFIgL04gMyAvQWx0ZXJuYXRlIC9EZXZpY2VSR0IgL0ZpbHRlciAvRmxhdGVEZWNv
ZGUgPj4Kc3RyZWFtCngBhVXfb9tUFD6Jb1KkFj8gWEeHisWvVVNbuRsarcYGSZOl7UoWpenYKiTk
OjeJqRsH2+m2qk97gTcG/AFA2QMPSDwhDQZie9n2wLRJU4cqqklIe+jEDyEm7QVV4bt2YidTxFz1
+ss53znnO+de20Q9X2m1mhlViJarrp3PJJWTpxaUnk2K0rPUSwPUq+lOLZHLzRIuwRX3zuvhHYoI
y+2R7v5O9iO/eovc0YkiT8BuFR19GfgMUczUa7ZLFL8H+/hptwbc8xzw0zYEAqsCl32cEnjRxyc9
TiE/CY7QKusVrQi8Bjy82GYvt2FfAxjIk+FVbhu6ImaRs62SYXLP4S+Pcbcx/w8um3X07F2DWPuc
pbljuA+J3iv2VL6JP9e19BzwS7Bfr7lJYX8F+I/60nwCeB9R9KmSfXTe50dfX60U3gbeBXvRcKcL
TftqdTF7HBix0fUl65jIIzjXdWcSs6QXgO9W+LTYY+iRqMhTaeBh4MFKfaqZX5pxVuaE3cuzWpnM
AiOPZL+nzeSAB4A/tK28qAXN0jo3M6IW8ktXa26uqUHarppZUQv9Mpk7Xo/IKW27lcKUH8sOunah
GcsWSsbR6SZ/rWZ6ZxHa2AW7nhfakJ/d0ux0Bhh52D+8Oi/mBhzbXdRSYrajwEfoREQjThYtYtWp
SjukUJ4ylMS9RjY8JTLIhIXDy2ExIk/SEmzdeTmP48eEjLIXvS2iUaU7x69wv8mxWD9T2QH8H2Kz
7DAbZxOksDfYm+wIS8E6wQ4FCnJtOhUq030o9fO8T3VUFjpOUPL8QH0oiFHO2e8a+s2P/oaasEsr
9CNP0DE0W+0TIAcTaHU30j6na2s/7A48yga7+M7tvmtrdPxx843di23HNrBuxrbC+NivsS38bVIC
O2B6ipahyvB2wgl4Ix09XAHTJQ3rb+BZ0NpS2rGjper5gdAjJsE/yD7M0rnh0Kr+ov6pbqhfqBfU
3ztqhBk7piR9Kn0r/Sh9J30v/UyKdFm6Iv0kXZW+kS4FObvvvZ8l2HuvX2ET3YpdaNVrnzUnU07K
e+QX5ZT8vPyyPBuwFLlfHpOn5L3w7An2zQz9Hb0YdAqzak21ey3xBBg0DyUGnQbXxlTFhKt0Flnb
n5OmUjbIxtj0I6d2XJzllop4Op6KJ0iJ74tPxMfiMwK3nrz4XvgmsKYD9f6TEzA6OuBtLEwlyDPi
nTpxVkX0CnSb0M1dfgbfDqJJq3bWNsoVV9mvqq8pCXzKuDJd1UeHFc00Fc/lKDZ3uL3Ci6MkvoMi
juhB3vu+RXbdDG3uW0SH/8I761ZoW6gTfe0Q9b8a2obwTnzmM6KLB/W6veLno0jkBpFTOrDf+x3p
S+LddLfReID3Vc8nRDsfNxr/rjcaO18i/xbRZfM/WQBxeAplbmRzdHJlYW0KZW5kb2JqCjE4IDAg
b2JqCjEwNDcKZW5kb2JqCjcgMCBvYmoKWyAvSUNDQmFzZWQgMTcgMCBSIF0KZW5kb2JqCjIwIDAg
b2JqCjw8IC9MZW5ndGggMjEgMCBSIC9GaWx0ZXIgL0ZsYXRlRGVjb2RlID4+CnN0cmVhbQp4AbVa
2Y7cxhV9r68o5yHgBG6KxaUXvwSy7MAOrMjKdJCHKAiU9siSrNbSHFnQh+Z/cms55xa37pGjaGyQ
Xay6+06+s4/tO9us5b+ykn+13bhduZN/tmsre7qxf7ev7b0HvbOH3rrw1x/8gW7TxX1Hu+nireHa
K64BcGNfZWj8r+f22R/srqs7+0HAvoxIHlzbyv+Z6wdCVxVo2mw3beXa8GA1XFq7TSIW1ByO1u9Z
b53rmk4guE7OrtfmKPebalM1rrauq1thVoi4Fv69BBRQlyAKWw2AY03YSmum3e7KZtPuBAbPZmvP
g9zWbmvjYmddXdn1tlzXXdVQrj/enA43b2/fP31lTi+EDL/J/3FjDkFYu/f90dlv3iSil9RmVG21
V1tV1h5q2VpRnSAJKJzd7EoXNb12Zed5EQxf722zCxvCZdXszF7w7veurOTk/pn9hy0eXQWYxf0r
L+zaFu/Twu3zdGPT9ffYEReMHunxhDc3WDnh5vZFAvMmXV+na39lIuKvBO4/7f7P9tt90OOUN9fl
vEX7qe1ebPg8m8Wjtzev7fd9//6mt4Jl/3IRR9vVItsovGSn4bKqqyS8pvSuI8IrvlBI8KpL6gF4
I7pR8E702dWus4LFRhW1C1iiEQSlzhtAwGAiA8kC5VJvUkhQDHVmBH+Flqi3d1h5D/XwUX+bNAfD
eKaajZo84cnhFcA8jTemOIkdxF04xoVD2mQLYOAjMZp4SKwm3tgrE8z1RLp+xiOCOf2EJQLiee6O
tBriFLOPGAgY3JCIE+jjXj76GeLiCjGSLAqFNx+BgnvSKVOQBWzpSddbUMpTJ979G8/I+StQxhVw
4bHPOZ6r1hIQ2npLj1CDqrytJo/ILYlsQ7sgW02B+MnIa5AGinCI7PTKNYVPOMRJoU3OS1CLSgUG
ai4jYrQlwTfFJ9pljKcknfr/CVxOqPsk7mwRz5uCJqxqJzLw2QOZXFXHPn9U5Tr83x+M5pGk8qql
yl1ddiGz+FyW/VjVddn4nJMCVgiLZjEs5viyvHVXfLuyrda72onVJbTJ9s7HybLdtc5tAqP+2m6E
5V2121aSMQbxMyMkBU/J94HlrQ+ezcaneiJPPOeGT4OC5OPVFPTSr1KYvDe6foBtTm/KtJWmSGsF
FrgZdtIXTrQO4DvSJF/AEhmAVnx2OpATOtivRAtYJPUGoBhwsIWUEPSyE8Yz4mncctK4PrFpYDj2
5LGCDHfxxhQdVhxuatxAVmQUwjyKPNRJUk6XNHPBilzTSJxspAartrarm1jGOl8ZSlksYJC0TbVo
dCg5aHRdJw5adb4mGDpaMLrgaOLS00pGiWEZQ5gStMWqY4EB2zXFk+KOcMSNfAyQfkE4bF0r3piD
MygpH0DQNIHjkRY00SYCFE3qKUyKsYtweBiHru8//AHYsEZLTMakqR071BM+cjMJxCaaLZ2kfwPK
Jnvo5LzhKXqRppGE1BTcNMEOkyTrQMl6QIP+s1QK4cyKKAkWjxAuVrmhZ+GfltymKBh6tFBji96T
+tuuLeuqG6k/FcVvnr73ncNZw0SEVYg7gdiODYo9ikanaaY0BbmlrGgm3oLUoSd8Si9IJyEt3knW
M5UN7YHQqYp7iwUwc36urVggQCV315YZNUbJ1TMu5rTlXFNu663X1lp9PzprcUlbGWzVv3Tj5Xa9
qRNEIx0looktxLIWdZ9Bm6W0811sJ3l2qoDi5QcR2F0gZ3RutuVGAugUmvS9q6nnU8Oae05PrgYm
VJVbyQc+oA6rh+g3jVbKzsVG3aablYxitm1eK0kLaeZbSAH/6Si2ZSPDC69lj+hO1VHw50t80C8k
r7kw8BhgoOJFpPfpGQhWlOjUb23ut2kCMDnP/K7uwz3wH+CKv03xkSGY0Q9bNAITCh5NrQENJksS
bUHo+DjN3MVYBOpSjWFS0W4LBik2yRcPZ4fYjQM+KDjfXo06m3jIFFQPeQRYlkaUISWGLWRVpJr0
N3lEZnlaQuVsQO58q9nIgAeJR904BGSNXMwKJIDqGBOrmZ97kQC5oDZxjvrEIKQtV+ViYebjAkv1
bq05pipliil/Mu/xNyuZeDZINTpW+p3GuQtjpQkKkyAnFG3pGx1fQwZMSYbnW6YUFPKecMpIHODK
AEuCQhw1DzDkQWGfihNaFCXP8o4rtBK1ZlpmUrIpqGSeP9DMjvT9aWUF9fI8ByKL05fM8UjaxyOx
kTahJA6jlG7yRHSEAEJI/xMNhWWoJDIm4wJ6flsQCqmATc7iHgdW4P4XimbSSSf6MhUzgJswGo1c
eDKLMYUa0jnByGhxISeMAd2JLvXKrNiTxqyWJl5iC7os2q93QmRlsVq2MN9BPvskDVx/BPNfM3j2
lOFBaYz2QClQWxDH1B24l0kv1h4GE/HzcUZqJ7I3G2fE+32l9j/EmUUUozjzW4uPGGdyLNTTKM7M
lOe0Xy0VEOsh89lKOyoKW1dUFNVLLwcYqm71K0cKq3RnijSAUI+ldVDBBE2adcDC6SYHKzwG/Axt
jFuMelq4qm8m+rNJMkMS8cOogYIscit2JNpNwYKJElMmRpuzqDXByFEUUOMs2SYJvCEQRtB4eCZE
kUoeBvypEghWpJjiZhai+FQAnIkyeQtA6w1RZsZmp6YxoY5iwJP0qsYUf0qRidMW7PiWpBI+hEtd
sfj8C1jlI+ydSGzAeOhQlrqUWkZWrOPu0ggtvEtLjZCZ6VECCoTzAYphIzSqecYdFyZzUvVcQvIJ
jRBVQlelJihVKhbyRg1Bw8yMj1GBcKguwoH66aHLgWuZCMLPy+IYIvloGTW30DFJXTqkFTlDDA9x
LxMgWNKSSwMcxAXxER7lR3gAc+5JcngqDGApqhPBEQz2kANEQO322NvxEIM2Ug7FSZ/kXuFxNtSE
RCnvXjTj0ziXmiXJB4lFUkvWyBkYgsDwmyTiAWu4z2JjahQkCYgWKcADqj0dVdFjB4n/hdDJMNBM
n3Bwx9xKOBQgwQCVgFN95eXapJtyUpNeLNf8pxrTcs085jc8OYr8pVq0j0UUn7NcGzDChHe5XHtI
y5l8TrCcszn9ODOKmWoHStY2MSnOFC9R5pMa6vQApRIgDYB7APnDxLdwmOaJrZlvxzEwgx3qVqM9
HqBMDpMCpnpsIcKEyBSLsVhLVH07Q/KIgezzJT0pBs5lwfAwOPlPFHhGFQ8zVApq9SJOQNJcYt7M
J9+7tJumXMvkezj54FzCT+MwS+b7uTiwlcJlUAmIF8Uvq9xsYyLxtm7LTXhDHl+sqcd+cWUyJOGr
uwWPvYAk+z4o4fqNLdYcHqMfdWRfCQ15ouBkypsKUKuDmANjL60G+oaJaN6mmqn40y/YxSW80ZIH
agry/V+7q9wu5Lqy8XfyvvWisjL+3LYpN/XWv1Nd5o8uBYe0BVL1bRrzzDaS0Z2x9XIjaQr66rn3
W4M5+Xgm0q8qOFQ7ENXUW+ZUb1X1bStDA5knqmjG/UruMxfNuPFfmMx9RTe039xXcoe8m68kJIvf
0g11/KljTxVYxowK7KKvGPGVa6qYps1Mw1KTBgc3uP4OaelRGgf+DQs/4OYb3ODQuayZzEayZqoB
JyhJDCuhnnmDpMO2o3NnQ0q6/R8zqnLHlcKAXxvlETx8YOaqz9MtEskwgMcvewISWOT/oV9UToCE
Jbl+PpS/mstD6jVFrJkYeqW99MzNTMDUJzYz31IjeEK98omWQ8kasjfp3ERUX46mwsREU8owJCtD
EuBeGBAXeObUjxGkR9obHMoRCcwkdDIFxzvwz44FCw/pU9f7EeDs8xDsHnuXthnzvWmWtrJBdHhL
LHGlCeVCCo+0k9C6jaOuBBHqna0Ib040HF2icMky9JALRb1T6eukwglf9G2rAYnxXb2R76ydf3vl
Xy7Jx8vyrrvxqVR+DL8oskUtYkPl8/i/I4qgcQplbmRzdHJlYW0KZW5kb2JqCjIxIDAgb2JqCjI5
MzkKZW5kb2JqCjE5IDAgb2JqCjw8IC9UeXBlIC9QYWdlIC9QYXJlbnQgMyAwIFIgL1Jlc291cmNl
cyAyMiAwIFIgL0NvbnRlbnRzIDIwIDAgUiAvTWVkaWFCb3gKWzAgMCA3OTIgNjEyXSA+PgplbmRv
YmoKMjIgMCBvYmoKPDwgL1Byb2NTZXQgWyAvUERGIC9UZXh0IC9JbWFnZUIgL0ltYWdlQyAvSW1h
Z2VJIF0gL0NvbG9yU3BhY2UgPDwgL0NzMiAxMCAwIFIKL0NzMSA3IDAgUiA+PiAvRm9udCA8PCAv
VFQyLjAgMTIgMCBSIC9UVDMuMSAyNCAwIFIgL1RUMS4wIDExIDAgUiAvVFQ0LjEgMjYgMCBSCj4+
IC9YT2JqZWN0IDw8IC9JbTEgOCAwIFIgPj4gPj4KZW5kb2JqCjMgMCBvYmoKPDwgL1R5cGUgL1Bh
Z2VzIC9NZWRpYUJveCBbMCAwIDc5MiA2MTJdIC9Db3VudCAyIC9LaWRzIFsgMiAwIFIgMTkgMCBS
IF0gPj4KZW5kb2JqCjI3IDAgb2JqCjw8IC9UeXBlIC9DYXRhbG9nIC9QYWdlcyAzIDAgUiAvVmVy
c2lvbiAvMS40ID4+CmVuZG9iagoxMSAwIG9iago8PCAvVHlwZSAvRm9udCAvU3VidHlwZSAvVHJ1
ZVR5cGUgL0Jhc2VGb250IC9CV0pOUlorQXJpYWwtQm9sZE1UIC9Gb250RGVzY3JpcHRvcgoyOCAw
IFIgL0VuY29kaW5nIC9NYWNSb21hbkVuY29kaW5nIC9GaXJzdENoYXIgMzIgL0xhc3RDaGFyIDEx
OSAvV2lkdGhzIFsgMjc4CjAgMCAwIDAgMCA3MjIgMCAwIDAgMCAwIDAgMCAyNzggMjc4IDU1NiAw
IDU1NiAwIDAgMCAwIDAgMCAwIDMzMyAwIDU4NCAwIDU4NAowIDAgNzIyIDcyMiAwIDAgMCA2MTEg
MCAwIDI3OCAwIDAgNjExIDgzMyAwIDc3OCA2NjcgMCAwIDY2NyAwIDAgMCAwIDAgMCAwCjAgMCAw
IDAgMCAwIDU1NiAwIDAgMCA1NTYgMzMzIDAgNjExIDI3OCAwIDU1NiAyNzggODg5IDYxMSA2MTEg
NjExIDAgMzg5IDU1NgozMzMgNjExIDAgNzc4IF0gPj4KZW5kb2JqCjI4IDAgb2JqCjw8IC9UeXBl
IC9Gb250RGVzY3JpcHRvciAvRm9udE5hbWUgL0JXSk5SWitBcmlhbC1Cb2xkTVQgL0ZsYWdzIDMy
IC9Gb250QkJveApbLTYyOCAtMzc2IDIwMDAgMTAxMV0gL0l0YWxpY0FuZ2xlIDAgL0FzY2VudCA5
MDUgL0Rlc2NlbnQgLTIxMiAvQ2FwSGVpZ2h0CjcxNiAvU3RlbVYgMTQ1IC9MZWFkaW5nIDMzIC9Y
SGVpZ2h0IDUxOSAvU3RlbUggMTIxIC9BdmdXaWR0aCA0NzkgL01heFdpZHRoCjIwMDAgL0ZvbnRG
aWxlMiAyOSAwIFIgPj4KZW5kb2JqCjI5IDAgb2JqCjw8IC9MZW5ndGggMzAgMCBSIC9MZW5ndGgx
IDE4NzcyIC9GaWx0ZXIgL0ZsYXRlRGVjb2RlID4+CnN0cmVhbQp4AZ17CXxURdZvVd2tby/pJb0n
TXenk87SCQlJQwhEcgMhggEJqwkaCUhY3EgEBJ0RcAUCanBfh+iMgOhI00FMUIa4jNvMfDJug844
5htxXEZGvhlFR0n3+9ft4PJ98977vXeTqlN1q04tp06dOufU7TVXrO0gZrKJCES76LLFnUR/QpsA
Xr7oyjUhPUuySwlRFi7rXH5ZJu/fQoh0yfJLr1qWyYd7CCmsXNGxeGkmT04DjluBF5k8jQPmr7hs
zfpMPvgF4PZLV100Uh6ehvy0yxavH+mf/An50OWLL+vI1J+O/klR56rVazL5aS8Arui8omOkPm0h
xP56puxMnEUIRTpC/kFqya1EJozYSDmZT4j8DXuOSMjzcondet1zocOLrLVfGnwGHfnhD2oDPPG8
2HnbN9+cHrYRgwt1Vb0+LwCeMil1LpliI998883VtkxPvOTME9k/b1O9RXic7ENAx4hDCL0IILTw
eJ9iqdT6AR1OHSbdscqB9KDweHJClf6+7I7KTc8Ij5FFpAqvH0vO568f69MaePXH+qomZmD5GB0m
DZlixVkZrPcDrRyBEetIahbgrQg7EY4gyBjQY+R9hDSCIOwRHk42BtHwI2jIWu8UHsEUNcSvIaQR
BIz+EczlEfL5yBsRo/p5n2rm3f9cx8oRfg4sK2IbwiaEfQivIUhkFeKdCGkEAamHUfYwYcLDwkNJ
W9BWbxR+RjYiMOE+YqWUBNH6PX02nTb39lmzK7V6m3AnaUZgJCHMJIMIDM3uANoOwlC9KVk2Ridh
U58xq9KG+tsw6G0YyDZ02YuY6nkNKV5/W1+2mw/++qTVruP9JFkRzyT6bN7KZlBhPaFCh3A5WCgo
bAAcBXgRYABwibCUWPRxan1WW+Um9FeH6nWCixSjuF5wk0rABsFPcvRqa5NZmX7WJotKKjHjKYJX
r2IVLCSOqgZBSVYGQ08Lmk78LX2qiY9vS9Lmqjws3CgoxIlam1DLE7QeFoxYY6M+k3l9qqWyp94s
zMM054EsQYyRgso81oTLk2io3i5MFXKJG2WXCAHiAmwURulwt/AQaUT+wb5obnDwaeF2Hes23ii6
n5RhrUl9lqzKwXpVmITShHALFuAWvfOevuj4SlIfFYpIBQIDjTcitREpm9CNVDdWrRsr1Y2V6sag
usF9RNiKkq2oUy5cTTqFdaQHYSfSnK1cSRCUbwZXMr+ockDwCV4QxvY0SEnx1t+nZvGReZOObL2a
t8+cVVl3WFhNZiEwTHlNn8dbueppoUSfSmmfN4cjdCbBrocFT2Zp0JKbL8lhIReE4IQJCKOSrmCi
Pog8Z+QgoexVdpQTib3B3uLLzV5DnsPfjMDfjcD/yMD0IDua2RTsdQ6H6nPZh2hsEXuP7ESKsafZ
86QCDbzL+vnqs3fYAKkDPIb8UsABwCrAQ8nwy8F+1t8HgLHfn7S4+WTZ88lY+UgiWDCS8OSMJBzu
yvoC9hx7luSiiT8A5gM+ywZJHuARQC/gIFtDXgZ8ko0lEwEPjMAX2DOcxdlT7CAZD9iXzOJDSCQV
DvYlZQ6eSJJMrrk8+Ax7gj1G/Kj6y2TUj8I9fdH8oPVptEfZI2xNMhB01BvZQ7SFfoFKveQYh8TB
Hk5W80Z6ks+EggOsh/Vo3mqtQCvTdgkVBRVlFbuEUEGoLFQd2hWqt7FbIEB2Muxftg1xNQkxcA+C
htDDtibF6kT9MObE58XIJsS9eqodcaeeIohteoqXntRTdexGMguBoY0NCBsRNiFcS0TEVyP8BOGn
CNfob9YgtRZhHaRJJzA6gdEJjE4doxMYncDoBEanjsF77gRGp47RDox2YLQDo13HaAdGOzDagdGu
Y/DxtgOjXcdoBkYzMJqB0axjNAOjGRjNwGjWMZqB0QyMZh1DA4YGDA0Ymo6hAUMDhgYMTcfQgKEB
Q9MxKoBRAYwKYFToGBXAqABGBTAqdIwKYFQAo0LHCAEjBIwQMEI6RggYIWCEgBHSMULACAEjpGPY
gGEDhg0YNh3DBgwbMGzAsOkYNmDYgGHTMYaAMQSMIWAM6RhDwBgCxhAwhnSMIWAMAWOIrdsvHK3/
NVCOAuUoUI7qKEeBchQoR4FyVEc5CpSjQDk6MnVOCM4wg8AdBO4gcAd13EHgDgJ3ELiDOu4gag4C
d1DHTQAjAYwEMBI6RgIYCWAkgJHQMRLASAAjoWP0AqMXGL3A6NUxeoHRC4xeYPTqGL3A6AVGr47R
A4weYPQAo0fH6AFGDzB6gNGjY/QAowcYPTrG//PSsGtpiwFnLdtEi3W4kXymww3kmA6vIft1+FOy
S4c/Idfp8GpSrcN1JKpDLLUO15CggSaD1dZ6N0TALIRFCKsQdiLsQziCoOip15B6HyHNxmp5olWZ
pexU9ilHFGmfMqQwqzxL3invk4/I0j55SGah+hxm0eUoRAu5FXiUbET8OQIOEcR1eqqOxdFvHHJ2
LP7iLK7ZT4Q+L6GvldAjJXRfCb21hNar7Gwq6pIuRKoZCEBbNHN0UvAYQnW0cBIk0y0HP/MEk9Fx
wX76TAYUazFkP0PYj7AL4TqEaoRKhDKEAoQgQnW0BGgtWt5Ik88AFiKEEUII1cTthprosBu0AWah
u/p+bSEq76ewCHhPJwsrAPqThbMAnkoWLgnWq/QgKeRaEX0Sm+oxwH3J4HEU/zIDHk8Gn0ZuTzIY
B2hLFo4GOD9Z+LtgvYXOJ0GRo84bgXOx4Dw/JxlcgGqzk8FigFiyMMprl6CjApQWQ6M+Doi0jp2f
6SmSDE5E7bxksIbXNpBCvvBUJmX68CSkeV7ow4A+H6AtItVMwRPB24OfYbx/A2HBHu+E+kWA1wr6
6QLNGHym7GeoXB9M1ht5fZwP+0dggsMng7sKtgbvR1u04GDw3uDo4C1l/Qa8vhnj3qp3kQxeF+pn
j2nZwU3BiuCasuPB1cFzgouDc4JtBXifDF4QfIYPk7TSFvbYwWAzGpyOWRQkg2cXYCwYYmPwqqAW
LAzWhJ7h9CXjedfg5LJnOAVIZab3UtC3pAC9J4Pzq/upXStRTio9yvnKZGWiElHylFFKQHEaHAab
IctgNhgNBoNsEA3MQAzO/vSQFuN2glPWzQVZ5BlRT9sYTyNCTBg1MHIOSWQLTaxp7mTalBi8iDQt
CSVOzY30U+PshQkpMpkmHE2kad7kxPhYU7+SnpOojjUllObzW/ZTeksr3ibYln5K5rX00zR/dWNO
wjEFheTGm3MGCKW+G29ubSVe95V13jrHJHtNY8O/idr1l+0Nse8f7w+TgcRdTXNbEnsDrYlKnkgH
WpsS184NXdAywKzMMrVhgGVx0NoyIHYy69Q5/L3Y2dCKasf1auDmLFQjhRygmmEyCfFqkCeTeTWs
UaZeFOioF+YA9YwWEtXrRY0WvZ5Ieb39x0JTG/aHEKFOASHH9DrHCsgP6oBjgNuwP4oItSIh2sJr
0ZZISB9Ysd5QMIgqZYhQhULf0xsKUr2zRPn3VQpGqoz9rspYvS8hMx69GR6hGWfRmTrOItT5npD/
f6mOyTHaN2bthuendkSmtkemdiC0J7ZducKb2LQkFNq/YS0vCCWEaPuSi1ZwuLgjsTbS0ZDYEGkI
7R+j4/234ud58ZhIw37y/NR5Lfuf1zoakmO0MVMjixta++pqW+p/1NfW7/pqqf03fdXyxlp4X3U6
3n/rq54X1/G+6nlf9byvOq1O72vqSs73zS37DWRy6xSsK4d9zGQED7fnhFsnu22dkzhDD0wMezfk
HBIJ3UNMsdaEOTI5YUHgRWX1ZfW8CPuMF2XhtXWkyLthYjjnEN0zUmTDa3tkMjmzEITjNyXGzm5K
hOcubOGsktBAgn+3Zqv5oxd7ydSVDfhHfo0e1qxec6ZFDgmv+T+fNf/uWbt27eo1iNbGVhPSlCiZ
25QYNxsjURR01d7Qinejz7wTBP3dflWd2p8eRGEMg6BreHc8FaMxUFAzEpkorFfuVRi3Itb0+QOV
qw5Db9iIAHOYrUvClcCL1vXlFcBaQpXysRkIc5Xnk/5wJXroqwYqhwUZqNnLkOgp6Cnrqe4t6C3r
rZZRenAXXgZ38aM0Wb5LIGtiq88QA8k1rSA2hsX7eyiZG9A77uWJWKw1tprq9DpT/3uov0f2e8Ji
jvqzWm+e01unMGKeBNF5KdYj0/tanuNPJqHjgs46Et6iVianv+LR9w9ycBUdIrl62E1yxShsLJI+
fiakVqaP8zIO2aeQ5PAg8TDyJMnj5A+0iIZIH/2GeMjX1EfHkOngzq9gT+wjw+ROmPfzyF3UQfJh
jc4n06mIOjGynd6fvjL9CTmL3EYeTj9Fr0vvRfmt5EXyNUbwZ5yY1eRc1J9POsgnwoekNX0fMZDN
xEQmkjnUTRaTt/H3JcZxO7mD/Ir+NP01enWS69BeLakn9eln06dJCdku9kjH1CfJDvI0ldMXpVdC
Q8oj3SyWfjv9PomSVvJz8jjGFKOD4jQSJpeQG8k91Ce8iNSd5BckRc2sTZgiHUFP08kCcjlZR7rJ
XvIqddBm6Zh0Mv2T9EfgwmxShDGtJJ/QsXQme0Q0pyel3yXnkwHyMubL/wbF88Xd0vmpuvSD6edg
fT9FjfQZ+qxUKd0yfG36ofQT8FdGyRhQ5Fz0s4RcT54lr5D/Iv9gG9MbyTQyFz3/mgZoiEZB8beZ
j21gG4Q3yGjMtg2jXUt2kgRJkkPkaXIYtPkjGSIfUifNoefQJXQH/Qczs6XsNeF+4YDwpkjFR0Hv
CCkAjdaQR8hB8lvyO/IaldB+BW2mF9NV9G76IB1iCfYZ+0o0iNeL34rDUjQ1lPo2fW76S9jcfjKD
XE02grY/J33kAPkP8ha8kv8kp6iNjqcr6EM0QYfoZ0xleWwW62R3wXr+pXCusEN4VhwrThYvEX8n
vivdJG1TFiup07tSt6d+mfp9+qn078E7WWg/CgfOSnItuOIRcoS8gdbfIe+Rv3D+QfsT6UJ6IXpZ
TbfQO+gv6a/p7+mnmCU0DvzlsYmsAb2uYleATtex29kd6P017umAk+I99jf2pSAJecI4oUt4SEgI
/cJR4a+iTYyKo8Ux4ixxoZjGylRKZ0tzpT3SY9Jz0km5Vl4qd8ofK9cpNxh+O1wy/OcUSa1IJVJ9
4F0DOOlqUOJnBE5A0OJp8ioo+h8Y8RD5Aqvgp2FaiHHX0EbaRGfS8+gFtINeRzfT2+g99H76MH0C
M8AcmIKxx1g9m8sWsw52A9vMboYv4wA7xF5hb8OhcgIj9wgRISaMEaYLC4XzhcsxhzVw5d0Ayu4Q
9gqvCW8IHwkfCyewah5xlLhWvFq8V9wtHhB/L82QLsPfw9IRaVD6vXRaOi0z2S/nyuXyxfIe+S+K
rIxTmpWtypvKPw2dNJeWYOQh8P53D/NhD45ie5lT3EhP4HUAVocVM49hHeZiV/yT1AkprEsWL8fY
XMwnZnN0WRMTUATX0KfJWPprslFmAhRDcYgk6Z/YkPg8O4u8RdupT9wtXC69ysLkMUijHvYMe5pO
JgdYLVvAHhAI/RCn4ofg9/XkDnoJXU0eoyfoBHoNraYbyZvMLcylN5Da9MNMpCqdTk8SjIBcKy4l
F343hX+boDXwzn+S+ploEX8K+dRP7sKKPk7ep4+Sb6iU/gzSTYA0Wgwpsx38fiPhUq8N+2wj9qMP
EuRS+TVygMrwoVfLk8SryUnyL/KJdAgcNRnS9KPUSvFn4gfp6nQZdhh2GdmDfbeCnI0d8yG45DDy
PHcBdroRsgTOR9JMFsJ5dg2k3o50Iv1A+vr0VelV5DfA/YaW0m9oL3ZEPzBq4fd6GbvkHboN+/Ds
fzu9/+vL1FIySD6lXlpAK7EfTkhXSj3SXumA9Cvpd/IYUPsGcj84+i/gZiNmcBH5PfmUfEUNWBsf
KSVxjHc8xt5CLmWtwmEyhfpJJ/ZsEeT45JGZrEYr14F6D2A/H8beOAk5cQH5FfxnjHowo4vQvwHt
NIHOi8hqsgsreD3tw5ulkNol5G+YdxYdD/dAKdHQ0l2QWoMY05/IX0HttD6uUsiFBroAbX1FziNL
0cM40kz3YwUOkhpI1gbht6B3PrWRyTSP/gJ47dihWXB+10gfUEZKU+emx7OVwmGcMWm878XplUPO
ol0YhRXzGCYuOouMTc3BGN6ggpigr+ujuJd1pDcL61KXkt+QR7Emmnil0kCIVj9Pq5t0Vu3ECTXj
q8fGqyrHVJSPLiuNlRQXFUYL8iN54VBwVCA3x+/zetwuZ7bDbrNmWcwmo2pQZEkUGCWlUyON7aFE
tD0hRiPTppXxfGQxXiz+wYv2RAivGn9cJxHieItR9KOaGmou+281tUxN7bua1BaqJbVlpaGpkVDi
dw2RUD9dOBvWROLmhkhrKHFCT8/U0z162oJ0OAyE0FTvioZQgraHpiYar1zRPbW9oayU7jcZp0Sm
dBjLSsl+owlJE1IJT6RzP/VMonqCeaZO2M+IwYIpJvyRhqkJXwSoaEYomLp4aaJ5dsvUhpxwuLWs
NEGnXBRZkiBc+43pVcgUvZuEPCWh6N2EVkK7TZBtof2lg93b+21kSXvMvDSydPEFLQlhMdqYmrDH
0G9DwnP1ce/3WTQOPXnzD0tzhO6p3pUhXrm7e3MoMTi75Qe4OWHeQmsr2gAuK2hs725E19uxUk3c
pEqwG1tbEvRGdAljoUCfVWZ+GUumoP3iUEKNTI6s6L64HUvj706QOVeFk36/NpAeIv6poe55LZFw
oi4n0rq4IXe/k3TPuarPp4V8Py4pK91vs2cIuz/LOpIwW36Y6ADRM2V6Sq/OU01zvqMs5WOMTIc+
nghdFMJIWiKY03gedYwn3ReNxwLgaaXASizFiqxMqFPau20T+HtMkSakAlsk1P0lAQdETnz24zeL
R97IBbYvCS/kfPIdqyXo4jPpRCyWKCnhLKJMwZpijJP0/Niy0iv72bhIpw2+kXEwBEkzaLu4dUI5
yB8O8wXe1q+RJcgkNs1uyeRDZElOkmjlsJdYOy/BAmZKXPN5yaYzJd+ht0fAyQe434K4Eobod/9W
mzt76ooJCer+PxR3ZMqb5kaaYN2Epna3j3Bt07wf5TLlnKCgG8pGUonsKS1CDsM7nmI5gl4Kprxg
4XdVkGkxJ8QC/Mt80NgdAphSf0FDjQlb+7RM3GoMh0e2zP/E6VcMP0DqT5/kWDr4Hm1kFokJsZFx
ZkadmPij/I9GZ+4WmuZB4rCmeQu7u40/KmuELOvuboyEGrvbuxf3pzctiYRske4Btpvt7u6cCimU
WdD+9KFtOYnG7a2Yygo6AWzLyOT9Ebpl9n6NboH5OgAXU2jLvJYko2xK++TW1jIo4fA21cCeeYks
BLyd1aSHxdVkAUIV20teER8ni3hAOa9zl/gBuRv1tgM+KO8lO+Qa0iotIHcinAOc6Qj1wPOi/Dbe
HvJbOVQCZAPe7UCYg7ANF4+bUVaBukHkb0Y7KhiH6uxDoNXL0MkxWpyNnKHOPNwx9sNHgGYh4QU0
iB89CnL8Ap+3SaAbmHTI2+WPRY+zcDYRfAdg13MOPf73ka6JocgJC4TAAvAg9uIE5/e5uTgFCfcg
Y6xhpPIQ8L0DGUetdDRtpX/ExdgfhZCwXMwXj0lR6WLpHvk5pVF5wvBn9UPj30yXmP5mrjW/bjFY
/pJ1XtZr1pnWI/Yl9n84lmXfC/8fmpL4BAW4yicfYDQlK/2sTssmkpgSiFERU5T4DLKUYsIzNEpU
GA9e4o3ZTtUO155r+6J25nAtqUPadhrRmIqwPWwvQARvIzkdEgZPaxL5loTEQd7DwvS70i7pDcxg
NJyeTFtvshvL/XZfeXWwuuLB/F1Zj/oeCT2av2u0WRXliE/0RAqEkkA0PL7ijsgJ4a9+U26uPxCw
+HzeSCRUXl4xfrzFUlke8Qml43P9ghgNBagA4gny+PJIKJDr91nUscWLs+nYs2UTNRH/hOj9Nne5
m7n76Q2axVh6vxWfA/TYem2irZ+O0qyV91uNQWOFUTD6amb+1BvD/NpmDg+3nbAhnGv7K6mrm3mi
7oTdU+OoqaF2B6CnRs9tthlqFQQO98tsyryWvuMRGoEfFvfHcT/gU4CCDRH3ErS1jqkgbbStQIkW
ynIkVBgdGx9XHeVxVSUUDlnJHlftkWXF7abV48bGo5E82eX0CDJid1XluGpp195rVre+3J36e/cl
e3Y3zXjr1796++KHfpvvT0XHh8rvHI7OmDd76pQZWvHi9nVLJ189re+dsy5pnnHfuvtv/s+5rQ9N
u3Hgue2tvR2pf2rLJ2y+pqR0pWCeUK+NmzGlNH5OauOY7mnnr47X8r1yO6LHqQ9rl6+52HhiZFGr
zogVWF+fuPzKM0QioMyYiiqs/u3crE59BMT0cPojNhHrLZDxWgCO4OlMcDLGtSdwFv0b80vC39DK
7ZfqrcwEiU/NPAFuqqvdLI2OXWN7YUyFQquoQC95I7XDJ332jROGClmQ/kjMkgahBYbI7VrTeuMW
4266V9mr7s56Sn1ZNSywt7pb/QuCy+0r3Cv8y4OGGlYjj1PHWaaz6fJUtdGyW/0Ne0V+QX3B8g77
o/ym+qbFbvOGvMwLV5JW4HDHvbsMlqC13MqsGnLWXUQKHJsF29yf5zxm8oXfeO778XbxAZ+IdfEw
poK2kbY2Wulx222KHMkjdlv1OE+erMh2m1tft3F2WzTKKt9af2vPurfeTn2DuKrZHYjPqsoAafCe
A6lFqfaDd8FI2kV/dvCuT+rnXZbC8yx01kuhkbNn67EuVbDQzKBBgNZpi570HvQP5LwqvuQ96j3q
O+o3TMmZkjslsMB3v3ind6+4K9cg+0OkSK72TxOneKf4pvgN+d58X75fcEfFBeIW7wM5D+Q+ENib
uzdgcJCALRAKjAlcGbgh0BN4O2AIcKq4na54gNnM1oANVGchfFWgYRG5Zw4UIv3soT5GzVZ+yRIJ
msvNzMwpZ96VLanHwMOzMGR/0HrMto75Rp0h3xd8vbtqa2faQMLhWNdxiJFYW1et3YG9VRVr4y47
EkgPJu01fAxJqw60LFuNaLDVSAY7oL0m4zVrzWw6zaTm+HJYTjblti0awj/fa7StaXbLYZIDxS0X
IZAeGj9+fCvtasNq2cPjHNXjzuwypWBc/sgWlEVZEc2nC229n/0qNqGjtWWFIfWxjxpefOfrs2dW
pU6d7aZS6ts7qPrH/XXnzb+w4+Kf5H786qdPXNS3pP6L5ijn1FewCf4Ca5nL1tFajjCeyvJ40aju
ExiTozQkVUhM2mf43WNcnrZxIVp7CtxUh52UjZ2Eodlf4XsJji8Lh6f/ObKzYIftFmdIFKfShZpN
lqgieaRFkkBDWfY447c/JiSq5bNlJlYL/bRbU+VqDEOWReRu0EyadF2IUZ8yc4rOyrV+38wTfu9w
LUaAAQxjAKQtFqNtXQVwnNkpFWeczhZODE9hh3fTJ/9B+1IfpL5IcccjRrJLnCmmMZJlms3KqAoP
WDMTZD4SiY/EwkcC98ofZEGoFvlYjLQazMOuC0kyH0wWEQVBZ5HvxtPGBzLTNoxxnSDeOv8PR1SN
4dipaxH71fBk4e+74EhzIu9LzTwJivPT7Ag8owrkS/0AUdLHNLW6Ji4XIVI4I6tFY+Oyhgi5Y1pz
uBBliIpJiVgiFRnLzeNJtVRnvphczDqEZdIKw3Ljx4L1HJkyg0oFo6qKikppiCgQRYqsiiIm4ZQk
2WDU/IFJRt6FyR+IGwuYIMgiv2nVsmSFSSJcpwazx+PHXlmMO0C0AYfeJsi2fpavqUGVVqibVKYe
YvlERA01JFHJZ7rwojMC1neqreuLti7v8LlTOxpwEnEK1dXOPAEOL8e+iekic/M1L2we7Y0BKLba
2s0vvJDZFgfUuGrBwcN3QlPCBGf+KKjAA0RIp5IG0XgonQKlTu+XReyKzL7I7KpwWMAfDWcLgnQk
9atNwwevSr3IJtKakldfpDNTfdKh090sNDzEz/a7QPkloHw25EMpOabVrSuhK7LWl/xVPCWKatil
ykWl4QK3I+ia5WIVrn0u5nI5I3kFjmxDyFkAFTGnsFPeBLdXU1HhPjM1c9GimuLmfrZdC1eM1kY3
j24f3Tl60+ie0b2jDaHRFaPZaGdeiISyK7JZdj/b1lc2Zm6GWFwnmWlr6zoVg3T+oo2fKMOg1XCt
vaa8rUsXK670pmSgxsXFip+DTfuzuSRpRSWc6zVcdHxHKyu/DDGGIC8g3bPDlaMYP6Dd/JiGZJfC
EFaV1eP4KV0YjQj28EgmGrmLnfPEY5sXrlp0U0/bQ1eek/owZaFFz/2yZMZ5TeeU/n4vdfTGJs/V
rnpVOhS44N5Fyx+PFT6zcenhLouBiS+mfimp553dMF+VhgdS61Vz27mTLyjh++1uSP4bQGeVXKHV
GSRRlgqUkKHCcMTwvkEsN/TgAthABLEAJ4VKDEodvm1g8hwBmh7zh0wVJmYS1RAYuAK7hVPN+EOq
nWtrgxya+UUb1+k4xcBckMjDtYIEftLPdxeUO4S7IQ0msqXDD0iHvk498vXwDj627YgOYGwCWTVA
JCxgZZzLgMG+SIEOtTqnJ04kTWqWNklDkhSU2qVO6aQkbpL4ySYQAxPeoQT+8iEiDMIJpB80R5ET
yeXimJ2Z5e26YkTprMOIIKKuwMJxxWM7LZIOfdOIcTwIGj0iPQG19izN36zwtkWhQCIGUfIrTPjh
9OUxA98zzbm2FJ842CfTNG817HqQFrEh6Ylvp3/F54iJyj7M0cy8mskkRA1RkyAKVAAPaWruhLgx
NGFiXOWK3wjUfpE7Gm8RyarB+IH6mRH7wWjMZrmiTQ0aI6xUDKnlxuVshdihXmxcx9aLv1D3Gp9U
DxlPqd8Y3TvFHnWn8UX1FeMf2DHxbfUd40fsY/FD9VOjZZ263ng92y5er2439jClxdTBLhaXqyuM
V7KrRKWBNYkNapPxPMN5aotR8RrLs+JsghhXJxrrshSBmUVZVY0u5hc9qjJyfgZBKKMqmRWlUs4y
V2Jj2wRmaDZY4iYe6bPMMlniBi2rMG7iEV49oNl4wmQQoPVTphhhGEE+1eEk94ycz220/ITtTQgr
T01Of3qiVoZeQqJBVSsF0SkIIq5bjZUCQ5KhGcEsMmY2QtoqhmAWzeqnlj7udzsEDZSz1fltGXby
zJ0XlyoVTdlooIbDG7EKh00hk5n1s/GaA3ykoSLRUIlUBrlIQTOWMWtx2H7RdSIWs9X+3YYDxjbc
NdxV6/faIETxwna8C4MHxPgxWq6Ifi9VRyRo9lwIT0N6aL8pxMUltAg8Oh/iDrCrDWxDKTjHjssF
+w76NDygCn0mdSL1Ho7NP0NoeoWPv2kUr/t2Aw/Yh63pj6SPoCdbYe09rM2/W7rbcI/5nizRQJUs
g1XxFnrXq+scyjr7etdN4lbDVvNNWTc6tjq3uLZ4tnhv8psVh8Gp+F0Ov9PvdfmV7DKL6itTBHfh
PiMlRpsxBIuGy9FQRUALtAc6A5sCvQE5FDgZYAFbYS+hXKevwLZFpb7cDc+P7LOZJ3Qp2pbRcblW
gql2QQbGIe6qx1WFoN+ScIhQpwM2ScZKaZ1S+cvlW/vg7L0xtSF1ODWQ2kDH/HX//g/ee+qpIfbm
0D2dydiE1OWp+1IPplbRW+mKf6XS6fTpr7/l+tKd2LdfY29xOqzTCmRpwDngFc6W6HLpbYk57AWW
rCySY+OyzUoMmJ5C+aHOzwkYrds1dzBQMTI/KWCz/nCf5/5QzM20Zc6G74UcRBxXebooX7yQ54xw
j0R8DFMbke130j/SrDkb9i65+9yLX3n24X1XTrlw2the6ZA7/N6+zf0r7a7hP4jPpdpHL6lvXmEx
Qlack/6r+A+sayk9qp01YO8PHCx6sVRUshWXJ9vj8sY6pI6iNfJ6y5qid8xvR8ytxvlZ8/NaIyvM
yxzLwyuLlpeuC9wUuCtsduiG5KhgnEOtw+ePz86bHXk279mI2JXXFbk279rIf+b9Z0SOGUss+Xn5
kRpLPNJkbLI05E2JXGzpiFxluTpvq6U7b5dxt2VPXrZqVC1yHgxso8/izlPyIkaLSD0LvJovFF/l
pau8O2ELHWId0JcHNbO/JphDc8qcAplGQWxtuj8Ur6AaLiPbaQ/thT9gENcNfxc1f40NNlJZier9
PO2hHi3bE/c0KYVR/+hgYa8tYWO2Jvq5PXPy+MpeHzms8S3PfqKNb9VPat0A/CJ2BTcIumJftMWO
Z+AVsePYi5k9pp/feZCvOYFJoMfREfhBMrsmD+QBwNtXkg6eO6pZHTWWkKPGqAcrf/exlmXGO0uN
0cuDfu5n1B0enzEkXBOMEyxj88aCjtMtU/IaI7uMj+YZScZwB5tkF+gGnX7oF+Lgh+WODSF6pChs
dYUb625R5yIxEiLn0JB/5+Zbd5w1Iz7w9/bNGz9/FDqrR0kdy77mmmunl5eOp4nX1m5PkyOpT1Nv
0/dyd2y5anZ8eo5j9MQFVz3R+fyyf7xq6bpobF5NvKB82WWHt2340yX48A37ZXr6Y9yLTiIRfDPW
pa1Q/IZcKeD2n5MzLXd6wR9t79vVcb5G33nRZb7l0Zuit/lu9++CofiS/+UcsyxbXG7Z5y6Ui12t
vnXsJrZLflJ+UTYfib9jY4H8yjH2Uku+Fhsdz9fyihD5AvFV+afzWX6jbhBWZFnjZwUotxYTgX8F
xECglFYRDW+5LGFkfljLtdeFtRwbIq8/HsY3HU+KihleF75jUaZDFOsQNUpRQ9OcplFjooZitcjS
GjTvNDPI7TREt5YFa9I/K07j7dhXt1RQSquKw4s89H0PneVZ5FnlETy+qpX1ZzQEcFPXiTauzsCi
vAK549xNBaEfg14DQa/zlq7cxDInX7I8QLtaT2QyAyQ/PfhUTiA+L39pPmuLtcIWikElFLKgBXGl
owuaYBctxJJXYpEFp9sTBg8UwpWTp3MC7MmMOITBx5kBtr9uYtKOdOz1157pbxJyClKfmmyKMO0X
bb84vOD+2349o3lV0zx64bhP86tbGmZMrbKZ2F9G33dH69anUv3bb5yRW+0zNDYmtyy8uSm3IJQ7
e+rE1OuOSm9h7cQFldHq/A6QvB7cUAhucJJc+vMBYkt/rTWaau5V77PcZdsj7TY+rT5t6fcbDE46
jZ0tNxpnjdpjOSgf9L9kfNn8tvGY+WvlK4sl15rr0jBzlwazzeo64nrNJXA1uc86qk6HWR5AdrNm
tmY5mrPas1iW18HlwkFfTpxWOXSXQCAElwBw8oozMFaWgd5cHWpWsAlOHe4aZWSRw4GV7xNNDi/n
gHyTQsK03BWehYPfXz5q0ahVo3aOEkdZwwbNYo0bfIGRVY5xfxHUVSwud8FALGhOr1bkrPNqo6yI
wFpezoNYulhr3bAuNhwYFGo4+OBQSYeox2HyTFUYWRxF/2II95ODkCR8MkkPB4k+1ThJz9aH6/QP
flqPc87gzgrNmaWBSlm80yzefZYGYukfBbXqJhoUVVgXVbrSCvOaSiOuPxupqiRCWBco2Rn54WHf
UO+4T/al/nbjSup84wR1yMOacN3iyQsLhfULLqitpXRO+X0PPbnjPcjeWOql1OFrtk2jl169ccqU
1QSU9UI8/BUnj5v0a5XjRFoihmwhe6u4ySsZxCNe5nLbmdPhtmdlW4ktK5viY3inarCa6CJTGiYC
XwijTO1WN027qZtnR8Gzj2t7uByynUa1qs4wC2qhYCiyldsX2Zm9n4qw9LOjzLmI9LoHuY8VPKGa
426fZ/0AWwmXMbypsa7amdxPfLqt9os233GY9rV13L5AqENUU2nFM7K/sqt0mVrpUXTvp6vKFYFK
FfE+UHPv2vWro1MmnTX29ddTHz0gRptvumFu/gu2mtlN751+SpjO538bNIlWaBJuktRiVhrEBx5V
rMo2mU62/5n+i6qK5JbyWYt9hV2ilGU77Y5suCaplc80ICjQz50uIz6cNhmjBlUL5cf3qTStUtWv
+wjdefnxHm+vl3V6T3rZ5154xJ1RN98emhV1e130pIu6fJ66Wn3W0Ay5TQFuRerUSE7XPbiWeaKG
u5C5aDHo9gz8wnbIFViZmG6cswO8vlyZfGzL4cUPzAqkPgrNPqvx8qrUR9Kh4Q93TuvccuvwDjZm
98KxDVtvGv4Mk8am0v22SHLP07oBomJkdXZjnaY2q2yTmlAH1aPq56oUVNvVjWovXkiCrMDlL1gJ
1Qi3uATSBj+tLMEHZmRKlIp8dmo4Py76DCPz0melzwOmIpZQNxJ1OxEC8opYNh80AhzC3IUlHqRi
6vS354jRb9/FCm3FCi3CCE3kn9wR8V6fxV4n8D6u8ZXFFZgd2XKhukzeZzxifFn9jfFdo3Gu0C4w
i+JVG+XzDFfK0kH1ffGEeFr8UpbOVc41LJOvEbeL94sPSPfJ9yn3GYxB0SHHxJhUIpcoJYZyS5PY
JBkhj6H+GIySUYV/xgT7mV+BmEwGBTqy0ST2s8s0v1RuqAlCt+ywMFOUbiIUP84iPnPdT0aOF76a
PvguvRA93FIADXR7IWMxGOC4PnMLwKf2clINjzhfuJlArsBpwi1LWAf4V+xb4TCfThem7oTK/PvU
l9fDQDhFr0z9dPhC+t7W1OPo+vvVnKvb1VoxX0tY0WyTlMAXQ0elzzPG9EapFy+kjIOdCVHKRZW+
anCz/49V0zfaFfpYsEYjtvMG2Lf34BQppBMHSDGw29AXJJXZJbvNcSFuiHvjkQY21TDV2xAxh4Ty
4rlqe/Gm4p3Fv5B3K7vMT8pPmhPFR4uHirNIcXlxMwqOFL9fLBdr/tx4HfKb9EJJCYuKP8BFS9Ko
cO1AGyUqNru9MCc3N1oIu0W22qIOu7ZwbLudrgIj9bNGzerPiQZy8W5VLm3Ppbl4d6AgGi2k/bQ4
iR8FY7Z9VrWOQ20cxl2IqoVaPUItQn5hvFCbcFa8vPC1wvcLBWthsHBToUAKQ4UVhelCsdBX9EFm
w47YcjgEuHMabkj43mIQW6e62jg4s3V1IxHe2h94jK6A+YcNHMsOu7hu4NE1BHxCguWOwzs0spW/
39UbqLBtcNldFY0PX7D24SLs7UDh7IkrRqc+GlU3rn5FWeojMbrj0Xnz589bdEHDPcOtbNHPRtdO
23ZXirHG+xeWNt5w7/Bp8Ad8EmIr1sxNdmpeJduTvdCwwiDixwZYLVuDocH6iQ2uVi7a7EqWRTab
TDALGY26iS7acFODRv53os1oipphgRcnLRbulMtIODM9Ca3sxxJOp9T/EHKZjaE7lCEVwj8SaTqR
IOjE1tRH+bNrpq+JQVBI295ou29WkI16vGN88w3JVFCMPnBgyoobfsLl2hzoOPdhphbcjd6tTfuY
fmT4Kvsrl/gS+xgGok/yqazVtiB7gbvVeze7R77HcLe5X32L/VH6k/qWGUa2/LHFttvwG/Zb+XnD
i2ZprWGrfINBAG+BC00eTiKnqDhrFH97TifuEbLCxOdvyWiVXN3o0u+ndAc96cL9XdeUFk1daVvm
WOZe6RVpWyu/1MuOO7D2xOUkkbz8aIF+YZfRBud0Dz/wXzSeeuWz21JfddPQXZdffuedl19+F8vb
TuXu1Euf/1fq+RvSe362Z0/vA3v28PluS10q3o352nALfJ82enz2tGzmiAs1lprseE6DMN0yPbsh
51856gJ5gbHVscC9wNuae0r5Vw5+gSL7+awkxcln5TaZ8AWTJ2zwd46io+zFWVnWqM3Gt41m6iSb
0JMvUJeZJ6z9WrC87fiZ6eKIwt+ZswkztiyTlxlXYs7LvCtzZT5pzu58zvAHQAMuhP/jB7PeRuWq
Jy4eoCx1eqDl1llYYvcty5Zcd9NFy7dgaZuXpv6cGk6dSr3TOH/4E2Gg77EH+3Y/vBMMuRnep2p9
7nu0orslqmbRudIyaa0klDtaslZkdTpwlWI1B83sVnPazOrMs3Dt1M/WacWKAv4WmGwsIqpNrVA7
VVH1b3TsdLBFjo2OfY6jDtFhI1E47fj8GX6S1gsfoc9eN0BzM4oK9JTv2PlUm29mRlUBJSAaavC1
GHcFd+HDeA986WN1/3DleNAB7J2hREZpke20l3P0lEsa2lvPO/usiXPKxejdlzSM/XJ0/d7Uf2GO
FeBnG+ZYwp7TBmW7HDEUeuyeyD2Oe5x3F95ZoirORidzPG0ZyHop/GHka8upPLnYMt/SYbnTdLdj
d96AWamPaPkN0eV5S6ObHZudN+Vdn69WR6fKjaZzLLOsjeHJsO/zC6PV5rFhbs2OzVdko2RXw15L
oTkvLy+i5OdppavN651Xua4sXluyxXVDyX2uO0sO5B2IWDbRWz3bvfeWPFqSKJU9YbcWjsTdWi5+
l+Sm70MtrDKEmwtuLWAFmjcQL/BzQ07zQOo2l9KKUlpeSktHhSts1FZFw/wc4pJZh6iSOZf4pYQv
tr6fH6unIW11q21Egui+e+5TO0FGfJNjZUpl6qbRvHHhxvA82upZSld6TsG75mGiP5zHirItZlbk
XwQvRGORqdlP/Y3ZCvRK/HPH45nQ1pUzQPLSv+krKoFZmoHcc9A3Kp/nh/qC+XE9Dz8Lz2s5SFxi
oePyGvPusdyR90Lem3lyOM9sEUXc5qQHn4TlQ6q4DdTnKasD1I0EPZ9XEOdQC+DsI7jv4V4TsR3X
PicpPpm16T4UUa+Z7UZNSrWZ8KAuEk+KjE/BraFpd5VHQ7seDZaHRxtbHfdwq9yjFRQjQrtWT1A3
gEXPfL8GxdTqp83+tJ+NTF53o4C2sdjxGNexv+AGcSbLCTJi7OiOTRxdXXjaMjev+elXNNXkqLMW
IQr3pz87aKkxO801PJk0c0/Kp/tNNbp5g59KtEIeZnwi/CYVtjCYLvM1w49cIvxrSm4kV1C/4/KL
LqsucLqmpx4/f8O7H777ZlHqK/uillUVodwofba15YvP3xmm5bE584tyy0Mup71p0oJ7u5+5ZduY
SZOD7sgoV+6yc5puuu31BHZRMP0x2yE9iDPhd1pxiIRoxFhsnZB1TlarVfG5iFdwu4jHkQ2fi4M5
qVdQFaNi9nJyW4mn15PwCO0Ag/AhwIxJuigXmX3Exb+EWQNvkQnu+XJCyukiSAlu6BR5hajHMd9V
59zp3OcU2p2bnD3Oo86TTok4bc6Qs8IpOn3+9b0j6uIVTYlqyImJ+p2bMz04vjVjBeGaxfaFbgVB
vELiwvI8DlvSXjViBbVRmDxObhbiWxAQjbuZ7JGxVWML7OzqQVNhbuE53iU/nXF1jUm99lrqF6ND
qXnXxXJz3i2pmj11zJ30taE3fpHaCvrcDCkzV4xCP3hA85xnX26/SxJU2SfXslo7fvdn/4gpuuVj
F01uYnQ5YeDByou6XIQLyCy3riVkTMH/g5agGjir6waQgZ6ER/7H6sEPDaDMEfOd2pzRDtrCY3UH
CiYZzkwbjlckhXMnHF55yd4Z1BecUzftihLq2zl/yYV772K9Ke9Qx8RZa4/TQZgUmCe+xcL9ehR3
M4XaGGKi+B0SMyqSmkPcbJRox+WPUx1ltJvNjpgQkyOmGqFGniZMk+8R7pHVLD769aVnx/EtlyhK
omoyiuYc4hfdklP1GV1mc4QUiYVSmVpkLDSPwTXxJLWRnM3OlqYp09V1ZL24TlqPC5l15s1ki7hZ
2qJuMW42v0PeEd+S3sKtzVvmT8mn4nHpOG5ujpv/Rf4lnpK+Vk6p/zKeMpfhluwNTc2ZEBejiHB9
9K6eM/IctK5MGeE5/nunPt8Efu8y+BSgSUOUkZAHDBTaHS+HwaHbUi4kTND/cTkjQ+AoIpVVfKvG
7/bOXM5w5bUm58BzJlEK9adn9sm4mOlPz9AqBWIOAUsw4+pQNAuS0aSo+IWpoki4zGaMyvoFDcGt
Uh2cQLjZNuCnw/ybHJldRkwIGhFo1oEQ9VleGMBn5/pmwHcGw/jOYNjvG/bqF9ltGEzmsoXH/E8f
EMZkr+FfWRHYxpBW/HspgJHfZEHxihEupQ6YNEsNZvx10lKDCX8NEWXSzPzNSYgovOEAuaEk1hrg
jMDi8k+/zuWX29n8n4bxDUJrKkHtLz1Frft/Q12px1L/eOqAGB2exvp5+PZd9tjwfMK1Mv1JF5I/
ZFL/LY4gL4AX7cSB23AXvt4L4ru9fPympxg34+W4aKnE9zvjSAO+y5+Or+pn4Pv3WfiGfTaZg18T
zcevjM7DN4kL0QpFC7BO8fBfMpHJ551z7pyFsforVi6+tGzyqkuXzpyHov8FTzi3hQplbmRzdHJl
YW0KZW5kb2JqCjMwIDAgb2JqCjEzNjM0CmVuZG9iagoxMiAwIG9iago8PCAvVHlwZSAvRm9udCAv
U3VidHlwZSAvVHJ1ZVR5cGUgL0Jhc2VGb250IC9QSlBaTkkrQXJpYWxNVCAvRm9udERlc2NyaXB0
b3IKMzEgMCBSIC9FbmNvZGluZyAvTWFjUm9tYW5FbmNvZGluZyAvRmlyc3RDaGFyIDMyIC9MYXN0
Q2hhciAyMTMgL1dpZHRocyBbIDI3OAowIDAgNTU2IDAgMCAwIDAgMzMzIDMzMyAwIDAgMjc4IDMz
MyAyNzggMjc4IDU1NiA1NTYgNTU2IDU1NiA1NTYgNTU2IDAgMCA1NTYKNTU2IDI3OCAwIDAgMCAw
IDU1NiAwIDY2NyA2NjcgNzIyIDcyMiA2NjcgNjExIDAgNzIyIDI3OCAwIDAgNTU2IDgzMyA3MjIg
Nzc4CjY2NyAwIDcyMiA2NjcgNjExIDcyMiAwIDAgMCAwIDAgMCAwIDAgMCA1NTYgMCA1NTYgNTU2
IDUwMCA1NTYgNTU2IDI3OCA1NTYKNTU2IDIyMiAyMjIgNTAwIDIyMiA4MzMgNTU2IDU1NiA1NTYg
NTU2IDMzMyA1MDAgMjc4IDU1NiA1MDAgNzIyIDAgNTAwIDAgMAowIDAgMCAwIDAgMCAwIDAgMCAw
IDAgMCAwIDAgMCAwIDAgMCAwIDAgMCAwIDAgMCAwIDAgMCAwIDAgMCAwIDAgMCAwIDAgMCAwCjAg
MCAwIDAgMCAwIDAgMCAwIDAgMCAwIDAgMCAwIDAgMCAwIDAgMCAwIDAgMCAwIDAgMCAwIDAgMCAw
IDAgMCAwIDAgMCAwIDAKMCAwIDAgMCAwIDAgMCAwIDAgMCAwIDAgMzMzIDMzMyAwIDIyMiBdID4+
CmVuZG9iagozMSAwIG9iago8PCAvVHlwZSAvRm9udERlc2NyaXB0b3IgL0ZvbnROYW1lIC9QSlBa
TkkrQXJpYWxNVCAvRmxhZ3MgMzIgL0ZvbnRCQm94IFstNjY1IC0zMjUgMjAwMCAxMDA2XQovSXRh
bGljQW5nbGUgMCAvQXNjZW50IDkwNSAvRGVzY2VudCAtMjEyIC9DYXBIZWlnaHQgNzE2IC9TdGVt
ViA5NSAvTGVhZGluZwozMyAvWEhlaWdodCA1MTkgL1N0ZW1IIDg0IC9BdmdXaWR0aCA0NDEgL01h
eFdpZHRoIDIwMDAgL0ZvbnRGaWxlMiAzMiAwIFIgPj4KZW5kb2JqCjMyIDAgb2JqCjw8IC9MZW5n
dGggMzMgMCBSIC9MZW5ndGgxIDMxMjA4IC9GaWx0ZXIgL0ZsYXRlRGVjb2RlID4+CnN0cmVhbQp4
Acy9eWAURdo/XlXdc18995mZSSaZkEy4knAEImmOgIrcBBIkEgTkEjkCKAoaPEARBd0VzxXwxINl
CAEDsktWWV0PFnZ13VVXQUVXXVHWZVlFMvP7VPUE0N3v+75//jJU9dPV1d11PM9Tz1XN0iXLZhEr
aSESUWcsmL6IiL/QVELorTOWL41r57YAIfqJVy2avUA7d19NiO7r2VevuEo7j8wkZOqv58yajqP4
O4u87xwUaKe0EsfCOQuWXqedB/nzydULZ+Suh4+h/OYF06/LvZ/8Fefxa6YvmKXVX/E7fr5oYfPS
3Hkhjk8sWjIrV5/WE2L5tXatK7fzVxCikm9JNfkFMRBGFNKTTCJEniPnER3O+XUd23Dvt+tPT3NU
/8sYNoqbH/ukuJQDL8uLNp7Z0TlbIUYrTk2iPr+A+wyDMqPJUIWc2XHmekV7E7/S9afuJROlbruS
gdiR/VIJOYbEpJLWVF5sr1Qs5bUOjKntUmKXy1vuGNxdiuOJPUUeR74QaQfSASSZTJOiuKogvwmp
BWkH0gGkI0h6QpDzq3GkhUibkY4h6aU8KdIajymDi6Ug7g2ivw7JT75ByiJJJIa8J9IYpGlIG5A2
I+lFPV6yEOkmpANIJ5H0RJX8rfdWoO3+1jvFYde8q8vF6XTtdGqjON01uUE7jhqnHYddolUboFXr
XakV9xiiHYvLtKOrqLwFD99ltpV3DPZJPnTSh4YvQk7ZQeKglMTIFslL0khMQlNFiSq5dhUmyzcf
kGRCJSZRMpPEsh0SbbU5ywebWZZ9Q1wkxr5mJ7Qr7MQuu7N88+BL2cdkB9IBJIl9jN9H7CNyEzvG
xxx5DdJmpANIh5G+QdKzY/gdxe9D9iFxsA9IT6QapGlIm5EOIH2DZGAfIFfYXznGiJzDNUiM/RW5
wt5Ht95H7mDvAXqPvZftYG+19qsq3yuAVM8cECvKAf5wDnD5ytvZH1u/LwFGJTHTwKgXpQIyiFRI
Ba1FvWPtUqC1em6snX2yK56KbRnci71N0kgMLXkbb36bxJHGIjUhLULSA3oH0DukBWkj0hakNBKw
DLmCFGevI72J9A7phaQijUUysiOteE07O9yaHBIb7GO/Z68SP0b8EPudOL7JXhHHN9hvxfE1HKO4
/jp7pTUaI4MtuE5wj4KjgmNPXNex3+wqdMWyg53sAEYwhrwnUg3SGKRpSBuQ9OwAK2idGXPhIS+S
10HDMdZKvhDHp8hjRqLOi6nJoUDAOM+SAy4ChGxzfHOSqclND+KUZ8m77wXEs+St6wHxLHn9akA8
S169HBDPkjPnAeJZcso0QDxLjpkICFk7e/SFwuJYvzHzaXywg12LUboWo3QtRulaIrNr+Y98L/M2
PtxaWooRe0hNlZTGWvbRlv20ZTxteYy2zKItN9KW1bSlmrZcQVtStCVCW6K0RaUtL9L+GIoWqrb9
6LRKDdCW12nLdtrSTFuStKWIthTSljjtp7az/NZLQHU41IrDrsGc6Fj+rosGgfs4WD5GNB84nw+e
cAD5YaSsOFNRKV6gVQ5G+bFgV2mNdt5jQPnCwRezl3Hjy5iGl8lRJBkT9DLQ6GU85GU8zoG8Bmka
UgfSN0hZJD1qF6AfG0TuQN4TqQZpGtJNSN8g6UVzvkFTGFmInDdxh2hYT+Q1SGP4GXsZvwL88lm+
mqdElJRysbQhQh1ROiaajbJ+xOcDX3Y5jc52atvzb9t3/7YR02ATu5ttIHmYiI2544bW7/Ni7fSB
1uSLscFeej+JysA6WkWStAjH/qRZnPchESMvryQR9hyO5a2RSbjN0Zosi+2jdn7Xntj3keOxLyLt
DODnkRdjf463y7Q19ieUPLcn9nbkjthrPduNKNmfbKc47IuLqnsj/WPbXxdVV+PCQ62xG/lhT2xV
ZERsfkRcmKVduKIZZ6ojNj45JXYxnjcscmVMbcYz98RqIlfEqrVaffg9e2K90ISUBpaisSUR8dJE
VDywrl87naOWGTYZ6g1jDH0N5YYyQ74hZsgzhA0eo8uoGO1Gq9FsNBr1RtnIjMToac8eU1N81fPo
xeKnB0JTIgtYAYehnM0gJ4waGbmUpN3SSDZywhA6Mt0xg4y8Mp4+PSHRTs3jpqR1iSE07RpJRk4c
ku6fGtluyI5P90uNTBvGXl6/k9K7G1CaZre3UzKxvp1medFt4bRraP1eQqnztrvC/NjttrsaGkjA
t7wmUOMa5KwaPuy/ZE2isGlY6vxf4DyYCqTy0ptGTqhPP5vXkC7nQDavYWT6ZxPiU+v30m/pydph
e+k/+KGhfq80iH5bO56XS4OGNTSMbKeTRD0Sp/9APWAMDqhnxMLM65G4MarVe0irV4T7Ua+QH1DP
ZCJFol6RySTqyZTX29lcWDtsZyEy1PHHSbOo0+yPX1jn9SLUKUKGOr4W8rqo87qvhddJDxKPiURQ
JYoMVWiIRESVCA2JKqLlO0WVnrkqd5yrcod4k6S1RtThGR5jO9ZVx3YMdS4YyP8ZnDUklaK7BjbM
mFo7K1HblKidhdSUvnP5nEC65cp4fOeMBn4hnpaSTVfOmMOP02elGxKzhqVnJIbFdw4U9/3k8lR+
eWBi2E4ytXZi/c6p6qxhrQPVgbWJ6cMado0YW9nvR++649y7Ksf+l3eN5Q+r5O8aIe77ybv68csj
+Lv68Xf14+8aoY4Q7yICx8fW7zSSIQ1DMX/8uItZzMDXpnB+wxCfsmiQQN6B+YEbw/sgrWwjllRD
2poYkrYhcbzuPrj7YH4JNMUv2VHsyF0K3DgwP7yPbstdUlDsTAwhqaXLmpeRQO3cYdq/ZvyhaOky
PhVanuJl//UPVWrT6vRhXLYemS6dMDJdM25K/U6DAaVNwxpQNqCrzGKpbc92aIU9UDiAV5SkcxV5
WTUvM5lyFf8TF0SbUIzR2QtB48VdVI3SpaS5QUpHR05kYAUTp2AYpk6p3wdZii8SzQ3oYDNN0eau
p/F+CJhoJQTdbu5KS5floNxYLM0dRdXmFEk1dw1J1+NSfLBEJsZqaQqsTbePBJFCuqdJUE4S6D/Z
vyF9zo+ZudnP+XV+ZF+C0bXnEiHbyHY6l2wnB8hL9CTu2kH2kjbCRaBh5BGykvycrMWyNgUld5Dx
+OlQ/nMazLZBM9mKBXMrOYS6k8mNZB/x0UD2C3ITuU16C3fdRmykgAwmY8lCche9LLuMTCVH5VtI
P3IZuYYsoi3Z+uzd2XuzT5AnyV7pd9lOYiEhMgO/Q9mvdX/J/pV0xx33kQfJUXqvaTdR8ZYW1PwF
WUIekhplmp2dPYMW5JNr0QaZjCKHaAdL4emzyN9ogK6UhuIpj2fT2YOoFSGNZA55iOyjfegIlq+b
mh2VPUR8eMd1eOqDpJXswa+d/Iq8R626k9knsidJkJSRS9CfNvJ72iFlOldnajBuOoxSCanClYXk
1+RVcoQm6G/YQp1VV65Tdddn3yYe0pvUobVP487P6L/ZjfjdJL0iD88OIXaMyz18tMlvyUc0RHvS
MXQSK2EL2aPSEmLEG3vjN5PMxXg/gKd/CDTaw6zssPS4/Jz8gz4vcyxrx4wkycPkF+Q31Iaexmkz
vZm+Qz9hQ9k09jD7WPq5/Iz8R8N09PoKsoDcRZ4j/6Yu2p+Oo5fTOXQlXUvvoQ/SQ/QI/ZwNZhPZ
fPaNNEdaLP1KHoLfBLlZvkW3Rnen/vNMfeZg5g+Zf2fLs2vIOODDarT+PvIoeraXHCbv4neUfEx1
1ELt+MVpPq2jN+B3I72LPka30WdoG95yhH5Mv8CS9C/6A8NKy/QsDOGHi0AJtgQS5s/ZI+wwfkfY
V+x7yS8VSCmpj1QtNUgL0aq10kb8dksfySH5sJzFOJfrNuk267bpntO9pDuptxpuxhr/5tnHO0s7
P8yQzO2ZTZnWTFv2I+LFHGL1gApWjdZPx28e5nsTMG4HeYtaMXYhWkoH0cswMtPoPLqYXoeRvJU+
RJ8Ubf8l3Y9R+jP9Bm22sYhocw/Whw1hY/C7gs1iiyGM3cva2DvsjGSQLJJD8kql0gipUZolLZVW
SJuktPSm9IH0sXRaOotfVjbLMblATsopeYQ8TV4mPyr/Tf6bbqruDd2nerN+gX6Nvl3/D0g1gwxj
DeMMjYYNhj2Gt41NwM6XyW7yAjDw3B89Jq2WaqXd5G5WIQehwvwe+DyNzJRGMWAq20ZvZ6toGyvU
XacfyAbS0eSknMRYv8I2s9NsoDSKjqQTyDzWW3ug3iM/C6hafpmckPejb7/Hk6/TW+mN7Bu9lbRC
RqqCjPRbqZeckt4g70lHqUHeSt6XzdRPT7CnpbHAgl/Jg3T1JF96hPxSWkxXkd2slhDzD8b1wOPR
9FnwhYm0nH4nZSEGjwYW9ZM+IbeQ+ewv5ATo+HZyP50pzyZ3kwq6kvyNPAWqKNFdoy/Ve+lrbK68
jrlpG2HyM+hdFS2kks5DbqWN0kP6b9i7ZBk5LJvJh9LzaP1h9ktplHxSN57OAQWsImvI4uxqskJX
L/+RziYSnUSK5GPgbiulcjkfx5vAVaaCp+0Bde8DHxgsjUJJAJhzGfCiDhziIfweAJ+QgUFzQeOT
wcV+T9r0E1k7ma2zU3AdWGreyIwnU7JPkQezs8k12XtJd/CDtdmVeOI28inZQLbR2zI3kEVQJd8F
bV+mG84O64Znu7N17F02gW368fxitItogHyJ3y8xM4N0L5J18p/JBFKTXZ/9E7C7Gzjsg+RKCKzH
0cuv8YaLpQ5SkRnNdmaHS4vQ36NkXPbpbIyayZzs1WQM2U+eNOjIdEMKc5ymf0R/byCz2PjsUmlW
Zi7GYQNGQcVoLQP/uUMdWjdxsFoz6KLqgQOq+vfrU1lR3rtXzx7dy1KlJd2Kk0WFiYL8eCyaFwmH
ggG/z+txu5yKw26zWswmo0GvkyVGSVltYnhTPJ1sSsvJxMUXd+fniekomH5BQVM6jqLhP66TjvP7
puPSj2qqqHnVT2qqWk31XE2qxKtJdfeyeG0inj40LBFvp1PG1QO+a1iiIZ4+IeBRAt4oYBvg/Hzc
EK8NzBkWT9OmeG16+PI562qbhnUvozst5qGJobPM3cvITrMFoAVQ2p9YtJP6B1EBMH/tgJ2MGG3o
YjqUGFabDiZwKx4jFdVOn5keO66+dlg4P7+he1maDp2RuDJNuKSUElXIUPGatH5o2iBeE58LGSdN
7ozvLOtYt75dIVc2pawzEzOnT61PS9PxjNq0M4X3Dkv7rz8eOH+Kh0MmW3vh1bC0rjYwN84rr1u3
Np7eMq7+gnvD+fwJDQ14Bu5lRcOb1g3Hq9djpkZyWTzNbmuoT9Pb8EoIlkWiV1r/NKm3qGlePG1K
DEnMWTevCVMTWpcm41fkt4ZC6t7sMRKqja+bWJ/IT9eEEw3Th0V2esi68St2BdV48MdXupftVJza
wO60O3KA1XYhMAuDrl0TkKjOoZHjz40s5W1MXAJJMB2fEUdL6hPoU3+ezepP1s3ojwnAXwPFXemZ
mJG5adPQpnXKAF6OLtK0rkhJxNf9iwADEie++nHJ9FyJvkj5F+EXOZ6cQ7U0nd4Fp1OpdGkpRxHD
UMwp2jhInPfpXra8nSUSixToz1xpIGMxttMbBvTE8Ofn8wm+s10lV+Ik3TKuXjuPkyvDrUTtCdma
NfErHV1XvHX8SkvXlXO3NyWAyW1cnyXetDF57p9D8blr5wxIU9//cHmWdn3khMRIiMbx2nVNOawd
OfFHZ9p1PqAYN1zLQWn30HopzFDGIRaWxFVNQu6qAnG53pqWi/BPL5B6ZrvBCKwUJTQ+PK00Xazl
Deb8/BzN/G83tWdP8rvE4fxtuW6kB6RyDdWanR74o/MfNc+6Tho5ESyHQbJft878o2tANa2Vl+QO
wHgo+vnxoWlSB8oswj+oHP15aginVQwZrkwEFYnihnDu9EcVw7mbGvDHsbN72XDwzHXrhifiw9c1
rZvenm25MhFXEuv2spfYS+sW1YLbaYjTnt13Zzg9fH0DRmwOHQDyYGTIzgS9fdxOld4+YUr9Xpg4
4rdPrG9llA1tGtLAp4UNnVifGxYxIRz1MYfwmABj+BovNxMve5asFKmKPIvjYJTvy12rw/WjSNVI
k5BCSLwMciOpQ529OE7RTcp26iaRTbpXyVVIjwJ+TP6EbAP8BOocQJ1N+mfJAzh/RF9FZuD6o4C3
4jgV9XpxWG7OfoR6lyKtgQY5FsfhSCNxvxvHIUhr6avkdvpq9jFcx5Hcgmeu5eVIw3LHi9H+23C9
BvcVouwWwCE8nxuB8nFtAtII3AsfEQaAEw2Bh0lPl+MYxwqplXADkfYncU0XfzoMmAEyu4mYobtY
oe/AhYM/B/w2TgHxzIXkhrzghbbhh0RBhEzKr4QhmeZxozLgOPSYApLgxT/5K8R5EeT9Yqz2JaSU
pKAjdCc9IKv0gqZQTipIJelD+kKv6g+tZAAZiPrVP3nG//9PL4IjADMkGurFWH1Gk3QF3U3/Qk+z
HpJVul7eoFupLzOYjBNMC0wPmz3mLyy7reOtp231tl32vvZt9hPKzc7Jzn+4lrqf9WS9k7yf+5h/
fmBKsDJkD50I3x/ZkDc97/3o7NiueO/8SwrKErbEN4X7ii4qdhY/3m1JyerUnrKPu1/bw9ZjGtoA
sYVPrw7OKswwyXfmO4uQwWJIzsaljrOqjvxA4nIHahJv9m9yg+4tzGaM9lbXdsvrn8dMsimPTXa8
4H4h8qr71ch3eXrKvMQkSx5i0umdBNKRQkwWgxI2Ww1KwOYwKH67S+/0292Sx2/3Ma/fHmTegC3E
vGFzRPKEzXmSJ2CL6p0BW0zvDJvN4XARMXng5LMFAkV+u8fvt3tZkUeSiGIocurb6R61v91us5nN
JhIOBPx+YvZ6PE5lkN2g10tsEAn83Ob/ua3Irjqrxtg325l9Wb7552HTz/FcMK/dzqo4EL+dbd0V
f2ZOIKWcbkydOK4cP3c8VV2tVCsiJzUcrNZypbO6s9pZ1RP5Wl2P1Crl4NoeAX5w/OSvdy/a2LjY
7070qXDn98l3V0g8VXgTUr43X0q48yV3vjt/9uRnXr008w3tOXnTZDpw8v2Tt78xkvoyb07eNCnz
yuRldMDIzG+D9Nn76Pz76PbMBJ7uy9x3X2YSfTYzidXQ+ejEysw41oQZUshFqrnYAUeZy2BUlHZa
sYtsthtxVJ2GzfYriKRIcUmSnnf+Yr3ocefpE8rpE+heTTVvLU0yZ2W/vv0q9Ab8vAqlR+/7/agp
+1evKL4okaKpzLj99Dtq//q9zh+ONKzb9OKvMrEMH8Tz75+lWruxbgozmRVKXCbeAvNmieLYBk/m
FXasXW2KwuoAfNfmcAjgeJvNJoCvVIfZzOoc9hgm63lXro3cJvSTdroTxFlZnMSvwgepXGGdq2kq
VXBR8fWr908ZdTgzjh6jH+3fu2ndlD/+0Pne15lvM0a08tnMh/QWWFLMZPRuM9D+OeDQWDVJpWrG
qJlWEzPclFI10fc3DBgDLXMhdKYtIJEtlq0PYLRONZ46rpwAGpAanisnlM4T1Omq6t2rok+F16M3
FPft22/PobGTy6v6SocOLb4zOSo4/XK8dzBtZ/PYAlBamRpcxBZJbBQdhVcmCAvpFqFCUF50VyA1
WjneqHxGeo460bsXWUwb3X3yvYNZCW3fvZtz7X3I1qL1EilSA4w3tlpr4g4ib8H1LbJo5enGRswn
HsEbte/QoUP8XljIWBXwQyIT9hIp+2Grp4q1Zz9U456q+yXKpM3SDrholxMKcqNgDRIxS58T9jnm
7Rm8XN51PfoPWjihaLjC8b4RGM9xJpXy0gpKn9mYqQ/qvjqDJzBSB47h1HUAH/No3U7Gl2PVHIrK
Ok/UZvOb2rOfi7nngBrkk29yEivHBuKzWpFbeRnpiYk/hOwQ+sN7FN6p/88nncKT9HV40mfAIgF8
rQYtFkBOovASolitPOdl5x55/plt+nhQiQAtW1nc8muI8z4kF5IDDpUrZf1adrvldsdrdp3JYAmw
Wvdl3kuDQ8MT3VO9U4Pjw/MN8y0z3Fd75webwivYtfrllusda/UPGDYprwXeY+/o37G87wid63iz
Sc1PVPYyUWJSTMy0MeZs5pxItaM0DqWUkY3RV+/MsSLwocUpPpW867RxMcx7/fkfRWpocCuuvhXl
Pp8LyK9PFBQn3YqvoryvU0kmCgz6uvlvbVneunTIvLe2vr3inr3PrFz5zDM3rry0kb1FZXrR89N2
ZbLvZTKZl7c/8AL9Reb+b07CZjbv67lrOK4cxQT+gLkzkx1qXFJtzsr58k1sA3vQKD8vUxPR65hk
0lEro6+bRevNvE+ExnEvnFCCugF8qTrFhEbEhIJNY0IxymqQT1fXnIj5CVl1qs1RqesaiV46Goed
kemCln20mt5GNNJYnAKLztmHMTLVozpBiDX+KuoEBdJG0pjKTzj1ekMfUGEF+6Ft8FsT7/+451L5
hkErY78c8ToWPcqlBtmAvkXpqzlcMjkVW8Dt1tfZ2rOn2pxOAXytmhQFUNSji3IU9fMK0Si/Go3Y
cSUKBEXezl5Urczs9yOmw8lYPAZu0PPtQzw/RHqe4I2t4flBGBXCOTLgL7S6XEy8UDU5nIC09xxT
LS43q4t6eBl/disezUnFYmF1AL5SxSj+t7dxGuHv428TL1P7DtQN1L+oO6B/0fCq8bWI4RJrg3Wi
fb51pv161/XuO1z7XZ+GPg2fDFkPWF5wszBctHlKVNH/GkZhA5DfiKMJsxWKmhWjXv96JOSJRELG
SAjcwhiKSLao0s6e2DXGSeHADezmPSBiOByUWc3N/rcw2hzX6YtsNSQ/hfZXrc7dNTDeLmQ3MZnt
Y4UQJjbs1JAdfOV0irMXLESd1TUnOhuPO118ZpGttfdI2cFqNE4rSIBTQH/SSBuXNDQUefOT/TDj
ffv2qQTqCyYMugA7xgKmN8iGs/2Yv+jxh77Z9uANNz9C97q/+8Nbpy9++qXHpka3bx9cPaPjxoOf
XjX/Z4+scx9+98vt9c/uf+L26b2BKZOyn8k+YEqKNuQmzhIMqByLAxFCOaqmrDihJQmzzWF1RM3m
Em80IkdLIroSW8JmDQSx/MXBelhd3JDks8irJ3tyhnaoJ/8RV1VNDRaRE8CWE68or7iqlIOpcp6A
LGo3nc1nq7Wtscm1kPmWh6XxvquVeZ6ZvmW2FZ41tnWeO8JP2sy6uMT9vhaL1WaXDRTvxVLzxC4V
HXgRZrUSYqN92qxWrxzYx54gQTZHLUYrdWimzdU8Lb4wzuIBjsnxFkNzUvCmJCVJJcnQ4lMv8CvJ
jd0D7bR/a/Atuo/2x0LSoVrOc6uydnpvbg5TJ8Qscp51KiWWIMwjphGdU8R8atMJUgULA7XSxQ3u
fj7Os8TEGfqdA7vmkE+iwYecJAqSk9pi982/acdjqyou87gsze1r5s1d72nL//KX170+/6qZN2/M
fP7Ob7L0lsCDa9M3r9zqeZRdt2rGzbfeGt/96uzWmdMe6RH91d0dmX99BhYbAg9QdPvA32w0qfZ1
1VvnWB+yPmN9zaq7TLrM9nNZcgHHiVUvGXRmi2QgVhD765IMwVOWbIRZbbJBehFhLUYI0VtUM5Fl
VCGvm+V2dtULOp1ZzYtVmrs4IQC+MLE6AF+LFcrcTvupNoNakKg0tOT3MWx0YCnGqNo8lYQpLM4k
nB8T9wA4vofPAtttb6frxUh/lUo1CkZ4irOXauUziKPgg5BTT0Mo5YNcVbW2R0rW5FEMt/Dq2bDm
u6rA495WLRVVUkH3KknOy6vmj2jAZKCO6rGqlipry9gqq5qsshZEcOxexSukGqAY9KEVTkiuTslJ
2abOW9kvfvbKK22ZPnTak9Kes5c+mdkKor6vk8uifO3P1z0FHjtJoxxEA6B/Nj4INGI3R73eiItz
TotDlqMRm50SQwDrhZAIBCCojK/7nEr4+gck6jwIyuCEUeISvNch8pGhFXnr8ja5n3a/bH3H+n7Y
aHIH7KUhydRL18uyD3xMAnUobrPX5Xa/bnd47G6P3WEDiahu3hDVvgWCpt2hemmuUS84ZPoWJx9w
NTXOm+ecpixUblI2KLICIgkIIglQElACDI3ViCSwMe7aT/sg8u0+IFX/Vvvu/0YsCEi5kFjOk0sj
lyhBI6KjjdAsGsEWjq819kjpMIsEMyqoBnSzGNLWj8gGtOLmygRkAeL1GCAJJOt+5X3w6pvbtq+f
vL7bM3ezdztfGHPrPR3UuPSuU7/rpC3KujsPPvZQ65gaH/vH85nlUzOn//DqPa3HuB44ATMXBM/z
Q0vvxYg2e21WEo724BiKVZDV9ejhyo/qdd2iLlvUZOXsDaLXKSApgJSDS/d81QegLVscEBcdAXAq
TfQXAK8F4JQm/kmFXitf5bziiV7MLeAu8U/IgCLTBEFgQ+pEFcYkJw++IBoiRD/eEAC8IceFXMgB
UZZ7Pxc+8NqzagGvyF/LhUP+Qp7znp7vXxfq4V1UYGNOGuUwx8R+fXy0xHeJ75LkZ9YveulMveAM
WkVXykuNiy1LrMts1/vvJOvoenmNcbXlVusa213+N52vuF0FoO7WSDzED/F4T37oHge/PaZGS+JW
Eg0QK5qxpQc935Jo8wETNbWz2aqSanaocchb0PEcioM52uk9e8oDzWkoLrjeWtjs7RKj4l7Vy7wb
e58TKE81noAOw/lzjj27qhp78s5xlpHDML6yYl1dTBY3NNBksk8lEOtCPkxQ4vacZ9WS5zwL19N5
i67+7EDHl/MXrL0rc/rddzOn77lyzfw5t91x1ezbB1yyccLqbdtvvulpKVzywLwt7x3dctX9JWUH
b9+fJZR2bPgNnTjn1lumzVh769nsqI1jnmq5+dltXZoEx8koKaW/1GS2FywxEGCRE+R3Wkwyp0PB
WgGcVLvxGQ04xZQ6hezvDDjLUpZuUa5XjrFLdruHjKVULOI2BTId5XRewEUYzmwOphrLgWKNJ8rF
wGC2OSIqh94+pHzwW450Qp25oBHnOZdaKliXU2Dx/+OtP37XT16FN51/kVo5IHSZT01c7pucuEq6
2rcgNDtxfWhVdH3ozuhDvmdC+0Nf+j6Ln467L/I96tvukwaUzNSzYs71EkCmQH5cH+8WHWOfxllc
hHePvjWWczY2p403AoFxVcQCwcz5Y6a2sQxaX/82sruo2XkOl5yqkzk3ps7jEiQ2jkpcPznHubie
oolm0F6hoojlfRDrU1msB2PCkQCZ4D/jCkuSCnHNK3Bp0XbfyukTVo3tS/u+uGDPWWp4ZcOJG67/
x2PPv8feeHLpda3PrFy1lU5Qrr/mspv+ssgamDSfGv9ylCoPZT6BZv+3zK5fHpAqH95z8JH1O3Zw
nNkL4XMNIkS4Zas/uDismAYT01fLUjXVy9CbsaoQFsdYbDXmNPvF6EgNZDEx5YIc3FCfJaS9UKGl
hkOHzj4NVZohToTIVmjSUdgyb1V7Yi7CbGVoZZhdGZoVZvOt0+1sCgRt1tc+zM7CQaNBJkqx00ls
JR4axdjvUBP5BfnVMXOsuqAgXp2fHyVXRK8xX+GfV6hcEYc4PS8xeYrQALlhBmsE7AzVSieGuVo5
DdEYmHnc6RcaT2MjVm6YbPpwiw0f5vPyr8xFJzsz8A7AwBj19S58sf8T1zY/FNgb/Pcbf6Zkyi31
fUOs/RCdW+iaN2rAwNSTVw6Yu3njg75D7335VNNjS0df2nR15n7eY0StEF0D5CUDsdPZe6jdAesN
BJNv23LAd4L0UHJKbeCkx1cFfZ1O5D2VXsps4xxTk3K7tFF5TfeKvkM5qViMugaEhIxV5ljSyj+t
/7T9026SrbJNtktwq+pkGdKsUW8wWAEbEfsA+wWsRapDaJJxg9WDS0wCG/9OBf/GOhKXrR7cZYrq
dMaoXtK3s0WqCTsEvlDhE2D7qAUsxqK6rHEyyyCNH4sQi6OytFGmMmIuVctYa4fhqFXaaKVWfq44
DIcN7CZDi4EZfuZ458/C8rM4CM6JfwHgSCioAO8DNdWhEzXHxfSc4PaQLkMgPwo0gjS2Vjl40H7w
4FqddgR9jExbEJEVhdupTXZIRsM+KFok+x0nmwa6hK/v/C8BiwqshLAPSslivUFiFX9g9R881/nw
1nfpPx4cXhCp0O07M5zuzwxjU+imvdfedSdfvzcBN7/ATDlhcy+l7r1ExpyM4HYPWR6emJS4KtFs
utWknxtapltkarbcorvFoi/2maRAcWnUl2cyuV3R0tKSEhLJi2LcYlB4iTGQ1Fu5vU4POVat4Ku2
3sWZnF7PR15v5E8HiBnXe/giqp9YlLRG+B1WM69n5Xjh5bWsobK8aFyYCeL8OuaUs+8cwOui5Ay0
lXMA7AScoeM5gBpTA6dyutAGqBF64mhxMgrqhvaX0x5xBUQCmqmu6umswtpGoUVi5LmFoMKZD5tJ
l15hZwmaX66pjskEhNxyjYwAb2LJbW80XzX7tg2TW36zPvMzetHq/peOHH7zo5n36YIrkkOnDJh4
3/rMdt2+hr2zrniqonh/y+ydTb2l8U7fVaMuWVjywxaDtf/84eNXIPCEkquyf9MtB8/II2/tnsHm
5TEsPVw8Ev37XJ3GoTgpt81A1MTSvBZya95G8pDuOelJ216pzfaq7Qg5nvfPPKfdlefMy5NK9d2c
pZF4bIRtkmeyd1Jwjm5+3g2uO10PSQ/aH4pso0+wbc4/2bk/JqR4lJAMyvywtVuVWO66d6tSHITK
YXfUKoWjsklJOi4lyThWw1DMn4wbqRFymL7OGIzOwGiPVqDKjTqBgUbOtXMsjxrzgRLCLVKIG11C
/Xo5UVAI/uMqrCiX/YYk50PM63FxMUFue+mizMufnsj8+eEddOhLf6VlAw9UvPSzZz6ZuuCzNY9/
zFjvb374Db3mj5/CTnjsje5b7n0s8809L2a+WLefc/JHwXumAKMdGLtP1Z7xGB1q1LDTqUQdxIgm
m2hMqOUmgVQmM8coE5RaTTDlDAIsKRTLU/7PqPdv4KCYmu+6UC/6U9TLoSGXo7jBAql3r6Er1L5S
2ICIbB1ismV9MBAKML3FDDowS3qvz+Nz+yR9WPLnU5cdWcAYyac+szMfEZMwXpfibzVt5Bjqh03b
5fUw4GdRfnnOtlEMrHyUfv/clBsbljaPvv6eQ7dldtKqe57sXTvq/qtHb8+8qdvnzbvsyszhg09n
Ms9ML9/et3ftF0999u9SvlfpMXAGHh9pIfepXr0uajQaDESSOZmbTVELMRr4Sp+nuCoNE6VL4+a4
jZlDNtn0fx4zTrc/JlfrwMs1BBLE2cjNdQKPTh1PnRu0HJ3CVu2EEpNLj8mFZx+VUmf/JN2q27c9
U/N8xradUxHEQfk29MFE7lJTog8bDPRcN9CFR+Kw4DIWsvwf2q1aBJ8RyA4mk/mP5pv5lHP81/7O
t/84BAWNxTRyHnNh27dJH5z9lKU7x/J2D9jeeRVa/QQwuECM/F/2EhsGOeT2VspS1GTeYj5iZmYd
YxYjMCZuMIDFfi0YIoBvYQ/gXFYYkHAOeY7TpZ4KTtvYYqM2ZtFmh8+cGQ8l/wNXzXVXcGt09wIM
92nM1Rq30bhtrK3JtsgmD2wIpBoXd7FakDr6qzRqnJf3WbiLoDsItKdgqpg+pATyJ15iZ156qVOv
29f5FJtyZjjb1TkKo3AAE7gaoyCRN3dTBBAxbuzd1f8iYfTdVVGpHbv30o7dSrRjokg75kW1YyAk
jpCylcq4bqNuh06S4hAONsBLkyZyT1jQx8J8fZLoXHEUbiSSsCmLkYTCrq05X3WtOdwaoy0+qhhl
Ehcc+TH5HXS/q/PcMtLaAvGhsWHxkurO3PIMuwuwgE99hfPAS3wpRh/56luKPurIAtVKGeZYR4xx
LmSwp1WHgaGpcVT7H2apa+073YWN5xiQ/j8Y0GeNGhVpjcj3bnqJ/REN+ed2vOIBxDk40BKFHe+y
wBizpzUcMNptsC5jTUD3AWCAvla7ccjq4hShc1glbKpkRpPFTowmZrbo+bhZ4ElBjvV5D69lUYBE
n3VZ+jU/HkrOaiPK1SXutuE+lpqODuXIkQ5uyE3BfAM+lyJdbpyYQYy4XuSSyGWR60Ru5FSQ4HPC
BJlKEDMA23muyZhmIXeAdWkiKG74To1xfE7CPRE3uyodItNZJULtYHJGcDvecf5MAfBHmV9kkxDB
oLBJqo1o/EC8CP3RHku48p861ROsQCB+tdaZRq03uIRykYfVmwhzGD0sbJSXW9dYf4ehtF5ivcQh
lchFtjJ7vXS5vNx2nX2tzWhhOmOVra99DBspDTOoxlG2IXbzA+xBaZNhk3Gb9LRB72IOu72Xjnl0
OmaELttLZwRotI53jKcqhFqj0WS2ALPtdmyFNbEmV4uLufaxbbA/9W7VxeHy7a2arSZzXLXeZKGW
feiknVpwhbVDFDbBfBB3LFIorPiTXojrmnQtOhAL27bLyYk/yH2djdUBkL2QdgGHzp0cb4TsWyN8
48Ipzh3jIUjEXAZeu0r4wnGAC/O8qPsrYs3+AJ/CO1An3hGS7si0FWJwN4jBnCt+t9Nu5vJvzlT5
9p78KntZvjBX7ulXZS/vJ8Dd3VGaM0mmGiArk8XwATQ0gPtQn79vP5oPFoRQdecDiJu9vJcvCOsk
1b2YmbQjU6/b98O391w89mHp7Jnh8hs/9JGP/cCJ8RFw5xgoxURX7XQBvTVOagxYfcI69bmazyEj
lI24wQi1wwiVSjKaZMZMBqMsxfV6EJDGUQDkmLZOoySwWTXEUU3XGLfQuGWspcmyyNJi0VmMWFeB
XrCJgm3/Lzwhx7llwZt+xLlzYrGZT1gXu4JpWPDqxTnjcI5XQ6GFl6xqrSxmSLOicD/wsReszkpj
HBkwuKF3Ly6IYA7ajOrwKqhXHXuGVxnVcg0srzIUBIXXeE8QYLkG8tKE5ku2JKoMdg+Sm5+f2uMG
mKeBeQC9HPxup1czKQuR5xzpYAorKF9BqPORVyW279WzGUzYavkmTFbLDy1cEpwBGfoD3duIPwqT
19WxIQf1KB5P2B8Oy7Iieyx+S1h+xr/H/opd8vsDYRbPU51j3GP8aqheV2+arNQ5p7mn+KcFJoUm
h+/0P8iUYFSSXFGLyZuMQ4zgAjlndAC0dQHAScGPAXwpOAYAzcoE4AwQA7zDEGrJo3mOJJ9DvZgh
jXUEI13SsyY+59ZOfiJkaK6NQHqGCO1WSH65zIU9IUP3U2AiQWgDgwhNZtDbad836PDn2jJ7DhzO
7Nv2O5r35/dpeMUX9/w+82f2Ol1Af/FS5sm/Hs1s2f07OuXXmX9nDtNKGt5FLT/LfKpJz3InsNuG
mKxWtWyWc76HjVRGei5XLvfIFivsYXbiD3AhkBhdSSMQCrgu/ORgpafUMO+iMRQPUfwLBWz/6/r1
E6HqP2XC4IXLmBArRiuLxeDwgcmJVZpUAW1NiMJRKBIsP98JsZg7ioQUzEruHXX1vQ1fZ17L3E5v
2P9o42W9b83codtnd83as+DFTGfn8xJdf9PUW7w2jjlbQeNQ1DAGBfSsmu+y2Kmrb2RK7CrjghgU
IL5eGEVuEHkh8F5MvHAI89WOq7CiBAxCA1zt2Y93uUKVOJ7cVVBcCTvZx7vyiiuV3BFWZ3GO63/Z
lZfUrqO+uI4jv65eAqDIfmnk0vgEy9TIgsgS03X2FY7bzLc77rc942h3fG7/m0PBahd3OjxOp8Pp
sJpc2FMS8pn1sKHZrLqAyeTzh4JRuIY7tJAHhEDlF4j5DAQcDrsxmrQ/AuFRC7YAcFos0EKcLOA9
0+t57/WN8cJFhS2FUmFB4P86xxq2/zd+lBi47T8E55zwGDwe4AoTXzByc53CCgM1Xfh6NVcv93hw
8hAralfG11fhozIbVUeVQxngdA1AUQNdLFYMOyJZQsEqJ/iTC8muRqqUAg9SDOkcw+HrRJfyDw3L
nZB6MKBTQqCWcELmb2XrDr55/etvjepWd1n21Et110zunj/yI7r1tk2j738800u3b8zvVjzyTl5R
4ehlmcW0963r+1sMncukin4rRswRsRNT4UH5OzT9XsyrFs+QZsjN0lJZLiruI1VFhkqXGC7Lq40N
KxxePEFqMEzNm9ztDrc9wU1pnPUA8TSgqAtIdgHFXQAqYw61yhqAyhqAyhqAyqfV4bxSN1uykBVK
xUV9Hdg7WVTbc0p8UqKu6GrLPNt8+1WeWYEVlutt1ztWKcsKm4vWSOssd9jWOe5Sbiu8pehe2ybH
Jm80FyTRPT/pCidDpmQJTRJSEnLJ5b2T2ITGiK37ivAdYRYu8tm6R4uLaJHOh4XwlKrZAKPdTdGo
TxI8LwVLTCNS7tAIE5kfvmHtF1a7FxXabRZdPrT7MDZWYF+FnhYVFqAMql64ewhPZHUbwIdOYEeb
sGWIVVahcToWAeqL6Eaqh906rbq781fq8Gq0+FJTkpTQEs7C7XZWB+CUauNPKgmVo080CQr9SlwC
gOEDAwSQMzW6JnK+Huw9Q1NkG0cdB87B/ifsTucNIvBup47z7BTvEcwj6KGwOWFBJbCRn/sDz3f3
izIYRTROVlgsHCzcw+LLWU28Hr9P9gsLFWzkhcmpL9im/W7VwmcnjJ06MHP1uLmzb/z2549/v0a3
z7H9mfTWqv703fqW69f88ItXM/98kP5ZueauyUOah9XOTvinp/o9Pmvhb2bOfXO1/c67V18+pqJi
freBu5cvO9y89AuCbvWCtrIPXNGAPTA2HYtiwKFCY0ML3EzNu4TaQukL+jhlPblriSJQVagv4Caq
RahSxpzt7lvBGyHPfNylUJ1FiTAGZFDCATzRuOfB82IKNGeIlErn8cbPODPQWH/vXtzNzO0AzJ3J
k9dlwjrb9u1n/slbuxWrP9eiPeRd1Zx01Mv1xteMso8zPh9kqEp5oHG4fKlxueMp3ecOg5UwJxzM
bXqTJwmhQ5PPAOTkMybUPZwfUyN80WaNcR+N+8b6WJNvka8FnzixJeNmCg1BEwfNQmXDqWauFADH
FABntCXPLMQznGuKNYCc5mZu9HLx7LwdAZERoxSs+0KZ1qQBEXiZQkBEhTMnBfSBKKT51Zxy00sz
Mz+8/fvMmUUvjdi+6p09un1nd36QOfv43dT2hTTmbOuB3Ve+JKL2sh9lsHss83fo2CAWCgdHSIfA
wqGD+euPd8UVShjgmPxMZu7NN/O18dLs53JEHoS4636su1pmsplKg7ZQaYmttBTqibdfeEDpJaWN
tsbSeba5pU291tnWlDzkezj0jM3brcuECXaDGD4+jk8Fn+22J/hit4PBw93+6P2gm3GYjyJ86pQK
f5i+zgV67XIL9OFjX8fPY/5YIFVWWlklV5VdIl9cNsnYkLrKODe13LoWARnf275POftV2qms9Cys
9JfnewLTShaWsJJIT3uNfQNierN23Wb7Dvs38OqJ+EGElX4puCkA2J15FJddeALteu76hSNM8rez
Z/cE7kM8kwFIe0oNCWStLTaXRyRLyXRlOsGqCMNAUT448lddrPkrzSBTKHPugQvHRVQWgFNCOATw
V04X+rpC8SKca1RQ2M4uV+3FKo+qiSd7JXckdVVcwuDsCCz7nT0C6M3LVFsUjt2qjiq2pYpWYVU/
pQ7mT/QXBQp6Fh7QH9azmL5Gz/R2YYZHt7CCB8Q6Dr0VsNBe9QgSw5ouHJ/63v3PawaLYcFNKWBI
wL3Gc0Zz6AupTz/lHPo4ose0gB3BsRoXn1isseuuwB1u7oXczn0UZHGRHgyK+4dhnuQ/OPm42ddQ
PAgMDvzM54Vrz59IStwPpXn5UEmqnrl33o79I5ov7jP/vdm0ovb2m1bkpQPXHLnj9mfHKiZ/wf6I
/8qDC6eWL5g757Fk3i11w5+7bfTq0R67LVRYZL6m+0UNiwOL7xypTr+0x3Unf7jtov70g24Rpduo
nhc3XT7momuB0WuA0Vyj45GnLerDVGd1FOr66Gp1uppYOsZiMfhOIkMii2IbY/oB7mpfNVysl4Ua
jY22ekej74rQPOPVtjmOa3zXhDpi71rf878X/Nj9lf+r4Cd5x2LZWDCu6+no6emlq3GousscY3VX
6d7L+5d8RrEqXrusZyQc0Ruo2RuxWwKFRyxUsajQ+lossmajtggctQjrNIRJbucRVpWTAoeEeMmx
FMAxwUJ5idqTz6dlKfQjeB5Rn8iCqVZIRYx1UKx7W2ianqRyjNZgpzVCrWHN5AwawFk1j6MXFahC
BdujLo4qVKAKanyHqnCA86o+/moKfELu4a+gweiIfj9iXkAcWMFGKZ1QL7Hkda1sQBWOQPgn/C18
2cNat4QsRkBmhRPrG4R4BUFcxYj8Px86QLs/3bZk55U7FquZb3+1fz6rrLtn+fNPLlv+PGyH/9ow
ZsPrzZlvMu/8gm46UHfnoTeOvHII68DY7OfSCfCrEJ2iWbbUSvtNDuqwUG76WwTeJ7siFkMgImO3
ttdg5L03iN4bIJEAhnaDnBt0UofefkUIJsrBRkTdNYqouxEmK41FhrqH+ie4J/ib3E3+h9nD0kO2
J5QnQlajLWiex+ZK83TLrItsLbanrLtNe8y7rVYfjD2fMMleMM2x0HGTQ3IgCO9ZdUUvYY9sQrM2
wkB5DHZJE3E4LFh4u9oYQdML7UY+2PaCMPpXaEnFKDbocLckOCqckXx2LhZzEhJzcknEW3jYQGOG
Grgn7bySwcwrGQR7NfQOVx7MrbOYFY34G5fktkKJQKz+DSeWnEqdWCL6DgM8wo2UxuP4J6QVzFsD
HDqgbWihIsL4nGTCZ06q3pn3zS/fy/x7yRd3bP9rbEfwpim3P/vErfPuprf5XzhM86j5ecpW79ga
nn/1y2+985JYY4Zjzo6CIuGVpHXqE2Ym24pslbZhNl0fT5/IZDbRPN4zITKbzdTNMs3wNEU6Ym/r
/uT+IPip+1PPN/6/Bz8VlOeLxVIhTq4jQ5x2DT1Yoa2HbwDrYxvJam3DPZdEJpsn2WbbPtX/zXeG
nrIr1CvZLXB2hYEPTuwMAXMPVPCwEUeRohxxUgUhDU3OFidIk+OERqBOF6ccqHNYtDiTdeo5BmFH
ClgtSiFA8BF32vmI4/xrQaUAvlOH8NlxLnUVHoD3+Kgha5D5FI0xSIaoQDnBpw2IfucIKaZNLEsG
sfoYgtHKsRdQWuPiUSfOURcnOrHZoBquhxPYqYF0ns64FSy/D+fFYMbahIHm6IUhOv1nHbzpT8vm
vX1L06aeuzrjzy9b/uS2G67buubR9T88vplK68YNZnZY6l1vvv6bV9578yCXC0aCi0ZBZ17M2QTV
HyMRLwxijbpGU51lljRft9A0y2JEpBHfuSFG4rg6nkN5EZ4Xu97VnfGcDsm9XQOCvSODXaNCgyPj
XIiXj0x3LQhNj1ynv857mp0OKPighsPm94/1cclL8kUcG5UtClMUORwxG7Ab71keOtjFzTpADRh3
bEqh97lB4X4VKvpfhdAJQAuuBPClmBQAHaqpuLQyDVdJKIazXUXJSn5UB/NlNkZjvgql0KAWllZ2
zRTMzpgdbabQEcAagSGEHQQmPCV8pi7kiY2pUZ3HYcRIpU4LSV+IdNxNkAvmq+5cXJ2LKeFarVhC
6WLuMxUkppl7PIZ8EUVF87l9o0AvXbGv7Ou9X2BPkOevf8I3J85+bm69bcb6zvfYOGv/SXesfIZO
8j/eRmNg9lbaLfNh5nslvmPfHHrfmqFzngIXcWMKW6CF+qlNjXpM1BHsGewVxNaT4MPWR2zP2Iwh
WzdbOtgRlIN8PLqFYpV5RptkdUTM1MtSHreMr/iZN3uoJ+tWZX+RjC8Z3Au2xAexd/9KYbpMRWKV
GwkNqpxMgqoNZEI8Qi/oJvSCAk44pIyPIuqDcMTS5eGYj3MuowngMxHAhZIzLwgx7PFAcD/dR/LJ
aeznx6egcu5+sdJgVPl2LKUaOtgJuD9gg4atqOZEFd8AAO+rB7FcJoPeCAlJgamEOPWOML7JkCpd
jc1BoJMlMDD2qeDRMliSwNYw0l4vj2lt3bzZHbpl+WVTw/3Lxw87fFh6aP3i+ZXDJ7t+YR7edOX6
s1eBIoZkxklfgiJ4HNpCtcli0XnKLEWeyyy1Hr0pL5hXZkl6yhJVlr6eSy3DPZMM9ZY5ljPmf3nt
PRJlxYMSg4ovK95YtqXM0De/b0lN2XDL8Pzakon5E0vmGmbkzyhpKmspe6/48/yvE98UO/0+vbed
7WzrFnEbxEqixKGu8XWkhXSQI1DZ2tkqtVwXiTjMtQURq9nnrSiqMBcFAkf8VPGr/iZ/i18uw5Cz
ujLhG/cLtiYkSsHW/IKt+YHRYmPBlxpb47UgbXaxNQBn1Us5PfuXOmgRKYgVHnAcdhx1ZB1yzFHj
GIOFTlCMAzwMIZ+IqEQuNCotOJeX6+scwVTZ0nzO3lKjc95Uzt4Q2fQTDtd5/DSPgwXhiICy49qO
NJhJF/u5QxyrT7++xaAaHmjAJ7APlCRORckL4xGv2mEpH7p01e0BO12efv/kNX+4a//1T816f8uv
v3zwqVUrt22//rpt9aFxReUzp/RL30mrP3iA0vUPtJyd993h656TSv/QceDNl195mWucaxFQwz3m
Hjp9L7YEdezy+ithEj/G92Do64rkPvgqyT6bLIoG+IOVfqPT6vRIOoRlRnQGD9z+RSa1om9l1kQ7
TNSHEWZ1PjAwhCV0E7mHEwhiZ79SnXzgEACFQTTBYSBK4a3jpGICSSHnCwx8PYAQ3iDOT8MPB2C0
UIH9lX0r076TPrbIt8WX9mV9so95ijQXg4I2nER/SByYcwy7O0FqgqFyQPULKtXESjiHQatdjoYz
mjyIcHe8B5+GwcvJaO8ITOM5jQLrUs7bkMpNrCYQopib+TRxEJYQjTrteruhyK63hqnNCLrExopU
ajWBw0JzIGNGYfaAA0dEsem9zrVtN3Ys/+XItmXzx95VDZHw23sbn3ikcxrbuvaGCXev6nwRNHk7
JgqXIPUZyCH1ClNf3oMxpo2mLaa0qcN01HTSZCCmmGmRqcW0OVd0zJQ1mWPYgYUvu2Afk166EaZ7
HaIC9YYiHZE3y1vktNwhH5P1HfJJmRE5Lh/BmSxrsjKrA5AbN0ScYcpkuOGQC86GaxpnA6DZPgCc
hR8OYyiPNv509OBQFraPGi3skNuN+CKxZHFKBB9iHb+9ra1N/vvhwz945eQP74GtZx/D3sYBos8u
8ie1VtYV6QbKFfiUkc5v1OkMssxknZtQm4VJHiv24FkMvIcWvSHidGwER/f7QZW2IrN5o4XGLDWW
MRYJWsYZtR/HhJybVygKFqFTWiC9QPtACBhyI+8HtpoAFyxBt2d7Pu/QOaoWcgp0A4R51M4a9tli
UjOK6wToFUKweN9EqqhYqxi1aBm7UXEkjYo5TE12Q5hoGMG3PSJmUdsNwu0gPKZ9TVtmTkHfWL++
bRWD779E/uIPf/j+hgftl9wrT/1hy8FRMzm9Ahek7zAuFjZdDes12Uo/ST/FJDls/9Sd1sMVy8kO
tm/NhA8bjQaAuDQApPy5KlwAddK1ZubSx935lXCEnNzlKq5ErZNtOLpg3URBvihQb0WJXpZ1sr6f
aQSmQt/dXG++Vlpmfk/6RG94Sk8T+qShyFil72+qsY2xNcgN+npDg2mVvEL3oOkV/R/ld/TH9V8Y
/q3/3uh1mc0IZ5CZHrGqJiNOTEZjkUEPp6NegglZZ4b7FzudcQI3NpF1eoMRFEuw64Q6VARK8rnR
FcDv61Dz40I7ECYAQ2gjBCBLEWFF0BUJ7EJjQDlAT7W3oH10GFQvZpwITCZQEEHrQp3Al1443Qet
to/yR1x14VxDJB3F9y5B9DnN3VrQKM5Z9iGewpYPbzDfg4JjQOzfMmDajdWSyHNmZdtIBG+ZbpUY
4rW4CxK6B/AfJn3VbCrLqzIZsUMFE/Zha14VDm+3xsVhZ35uV4rw/y6Gb0A4AfTZjtZ84aps9fHD
h60Kr84P4swqDjstOf9jAw9F4K9yfSBTo8eHt3k81SLDXadbA/zmr3aGtepwM2vWjxQUJBHwwre8
JqgBFEqf/SIzjx74MLP1Jhjn9tN0ZnnnTBa7PnM5x8tbkPUT9PrJHp1gUMCgjl39+mshLZV9tGOv
3tqxQAt5UYuw3Djgmt6sO6qTxyA7qZNiukVw02d1+OIp36msMXj+JExnh+qFZLOZ0A6omexCbs81
fCGDndGMATkjgjbXmjyGneKY5S6WBSArRGgAOd5FRss/5l3cDgBpTLAvzrL4Gf/jATG3tImAGPQd
a6g+CZkpQV/lXn7Ne8pdi0JrAEn9RR1lsVUWycfl46aP/J/GdX/SnY4zvzGeMAXCcZMkJaIRvZeL
FAaqTyDu1nykiG4s2lLEisDH7EUbES8t8+454e4SGhrMdBytnR7OmqGYYe8mZ89OxpHaKdgYxEKs
obim+Se59pbTYmijag0UbQzTsHhcmC/O4nFh8Ticf606+ePCYpUMC8UbpRltcQ7DuqOvw7lm+Qu3
43n4UnZFoogeIaC9LYTFEHg+BusVv0eYZvgW5XP0Jzgu8Qn640/JTcsp1cMfTMQyQoT8QYKFRe30
ul0/5cB8XhBpd/xc3NqPTH046RwteDO0fwjPkKAFEYNcOYPuWqitHnfSY3WGqcvm7Vqoc6oL5tfL
pWeEWyDTlmshR1+4cG8tf2re8vtjN77+6LO7ElMHLfp5W/3My1YPkJP3jZ52Zf2+HXs6i9kvrp42
4L4nOu9nrdddN/ahezrf5bTCZa7PgC8+ukp16yS9m21T2pVPpL+5T0qn3XqspSfVaiDMCoU+oBwJ
HAtkA3Lc6LF7fC7IXFTvs5ltdqu9MCDkrICQuSxC2rIIaQsLXU7asoil21LAJ1MY2YS0ZRHSFs6/
1ybUIqQtnJ9G7Dhf+oRAZ6FZBNSMxl4TBPNxyStwMsAWBbYE0oGOgBxArLbXJ2jzNLYTa5R3ngQv
FLg0EjwvcEE0xyxrApdm4+OvcP1UgBvtF1svNIJDDiqEUgS2xDdkXPjHP1LA5TCsweekMJ/eaTIb
zQZEpCpJWDfC1GF25SaZh5+CnTYuFrOcs+KKidWmeO1jyz5o2jpWMbeVzr+4+Wk5ef+O2kWjyld1
NrM11ywYfO+bnSJmdxhsB8WYRRsJ0vl78IUPLCFu7i3gADzfn6vNHAqKCy6DOWgdob/YOEnfYJyt
n2s0VioDXAN8fQK1ykjXSF9tYKpuqmm80uhq9I0PLNAtMM1UFrgW+GYGrqVek15nu1yaqJtovtx6
tTRLN8t8tdXsj8gGJ1iGpzAsdJ+wQAMDJDPNpGMQxpycIZCv6pzccPmkaJ8A+DwIgE86gA7VXVhU
2Qv7EAyKIQ6TTu+j4BG8/BJuSgBsLyRWOzgQEbHx2A4K7kPQCOTChJCjWsF/+CcOMM8qHsnZASO9
Q9ykgEk9N3knYFBoxIcczhWc/w4At/fwZcs0QTfBdKXuSpPM1yZe0a30A1FiF6AwLVyoFA174o7f
vk99N/z9zqOZE3tb165p3XXb2lZ8aLD47uWZjzoP/f1mGqW2N9948w+/feN1NGgtPEn5mEEX9nBe
qd5tVborFykjFbkmno6zWLzEmsgr95bnDclbFN8YNw7wDwhf6r803GC83DrVPzU8zzjfOldZ4J8f
7oi/5fkg8EHorehxz/HosXg27kvIKSXl7SMPUOCvU6Yon1r+npdRLE47jD/cdK73wXRO7MHCI2aq
mFVzk7nFLMfFFMbFdEJu+ww7RzHWZjGRONf2DAA4F9mnfRMCJZ+rCT7Y5qXUXcEqXEWE/HeLeZeh
XHDjnKFcmIrPGcpPC258gaFceLjBIoHKNBiDoZxe6ObTGDEM5T81k0Mr4vTIeW2XldzdxVSxMUFs
jSp2Ylsd9F1tR8/aJwbcO+f2I/OWHb1hyoYezqeWX/fc00ubd2bm6n61bty49dkHHs/8cOdlAzp/
kJ44dPCNP73x+p+5Be/izFzpGOZQIRHaV73bwlKsNDCQjWQrrPoab01wZHBjdEtUV+muDNdEh7mH
hWHwDs9wzwg3RVuib+v/5PpM/4X1y4BSwgqsKcRu9bFewoZbp7C57F3r+4FPfF8EPwufZQ4q2zwh
WFjteg8scsTut1cQbl91UMWhOpocLQ45KgwRUTF7DmGIABPI2VcdwhDhEIYIlGIh5ZTj8PGVj7MK
IYeI6jWCeyx1/qd9tZCTGbejIhc2CIMgMIOwlxuCedEfWx/+i2218xRXw34yMfgCC74mIezgwl4E
c8OPrKplpffX/SrzzcK3bvzt4sc685+/rvmpHcuXPZ6Zy4wDR9Me1LAlc8tTd58ZKm0/dOjlV99+
51W+wt2GqXkFs+Ikr6kDe7qpItOEXCkPxQdpr5KXynqT02gymmxup8lGJCO1CJIgZlO3jdiZURB3
UzcrcP6/Nftzst53qvMCzR7BOmIdukCiEM4eokWraUL+aNeILs+BYDtYTKohSDSeWsIj3jnOws6m
KXJEeW2tXYR4Ni7hOxY0mUCzqOGrQc7bHhs0t+byKwYNGTLwCk9UTm5dfPGAp4tH1DQt6Xybj0IN
PAI7MQq9JL96g1zgKRhgutQ0rHBSwayClaa7TbcWPuV+ruwlyWbyhwL+XiPL3vHrwohZZko5NQem
GqeappqnWqZap9rmGeeZ5pnnWeZZ59nakm3FjuJkYXFhSd/CKeYGy8zkzG5LE0sR2PQz8yPWe7vd
X3ZfryfMz1gfL34C/wvMb5M+uLA1SbSgC0h0AYVdgKjDWYiowwFRhwOiDgfyoGWormjVFGNxkdUs
h+JJr2zpkRfiTqCCYBkf/FiwJjgmOC24I3g4qHcEY8GFwaNBORbcEGTBX2FuvMALYetWIZEzmLgR
4qvgm8KMUAXf48FSs8vjq+RHVbE7KyntMTXv6jyWF/EaIBVxF7QwTPCQbFgaOIt080VMjvSwxBAz
UxhU3YHKcn57T2GvFfItX4FhuwW1II/zO4NxfldQKI5BYe8Own3daigsxa27I1VHSimgz0CVrA6A
FlcmAD4OAL7cw8m0NCRelQ/re1N5RzmrKW8pZ+Xcbl9IxDtzH+aJa6PM6gTAG8AB7Qsx8UKHYMAO
0TxHnDcVjOCMiiYCElHgOTNjwdEutTbYO2ecB5HnTFL88ysKwnaWjM65vlOpxanze8b4FRgdUanm
xGJ4w7gRY4kI5+EHCMX4JyKVhIVZLe4eTcDwm3QqLsWtSPoCWzxMTN0MYarrjizqwWm+PREmBfgU
h7EEpo1uxSazPiXj02lKHpez+GeUqrWMa6Cp0tTq1TCDdf01YucsIpvPfRkDX7jC15grYfrkAveF
YUKwifLYSGEBrWl13HHDyuv6FP3slQfHDO5fes+EVb+a4kxbm+eunOfz9QzfeuD+SXNfWXX4XXpR
ZP6SWcMuSgSKyi9ZPXrEim6x1MU3zA6Mnzq+XyKS5zYXVgxeOXXK5snPczotzH7LSnUP4nsA2Lti
Bg4mktzuAQ8KgBZ84ASOZTOViE/Bjnszlm7J4lAKEGZpcxVZadZgrDXVNhkWYSflRmyDheS0xZA2
dBiO4NtifLHmihsAvlgL4FsRFIESro+Jku8EpqGEmyw1mYyv/YAE58IFTao07GPzSID23QkbxXnz
JKZSfLALMYbHOYeH34x/tw1zWlGhvMbV1lSqyA8WD9cZ9ww4+4kvXIjIG6aELqu+8uqyW2/dtXu3
O9UtunWzMmjWY2zGemq4OnPX+s6fjSoL8TG6BbzsGP8aPR2zl4QwNiZo7izu9vEgz5NqhctTmXLT
QqPbZ6VunwV+FSeGiVT4igJ+rk6EhK7iF1qK38WZNuzuUDv5CPiFliLM9kI/8Xv4KOA8Zw32C4UT
56d5UJu+LuunHX7qH41PC8AewFWT0MkQWxTaEkqHsiE5BJM0vyJMwvwbVHHTEdMxfMivy7TJAW3h
yFmjoaFo1mbNGGwSuolJGINNo4M/MglguTjxn0oIVhA+7jXV2sohiCgkK3abw8ZgwOJb5aCIyNYw
sRmdmgkQu+AgGIEecl7NYkwOzIB+4SHry2GpZuWfrnh8jGJpszivGTfu7oFtj7RdvGBMn2Z2b+eu
u3r/f21dDWwUxxWenfuZ2dm/2x/8dwecDbYPDtWWOAIul3pDk5iAAAe7hAOstFIBuTghTgMEZEGL
UiAoCmpaqURVhIpUAUpVIIAxkJakSaWklQVtaZpS0SCBGgeFBrUOLXXt6zdzPptKOd/Ozq7xsvP2
zZvZ9973TdvjHQf20Ra4SzWCRxQZwtMR2q3xfIHKGCeCx7W4IPCwxTQamynVL9aUvQZ8/yBUQ452
cnqWPDsvppE6t0VI+265LTpeM3NcFsgdu3UKexhktce/+DDUp9XmSAYFjoZCHZ4cUoECR1fDnZkv
AZ+FwjFnkYzeIFrIPLGYtIlVwEEX+Gp9g7aBdvNu/XmyTdtGt/Pn9W1ir7aX7om8yPbx/fpr5KD+
ffEzclj8gpxlJ8X75NfiKvmj+JTcECNkWMxBc0QVqRAZ0iDmixUELrRY6FXkYlCl3Li/DaxdRDad
4J6GQ0eaaiGp1vA2AlnIc2o6K6WiztJYzDRgAJuuZSEbbIPZwSxpam3FOUWAIeCDrNdFoOsCIUJ4
GBEu0XAjAlMWzsFwF2dCB/gm1gRsdR0PwxCeeApSwOSZEK4soMC0ZKinaajVGbd+L/su4CajXaNd
NVW3b8pkUXTWlgm/oqucipMQEzgLYThVPlLZfCIzqatQq831JR7Eh4vu52M9v7xZjxyzT8+NPR1t
GH1h4+bOrXSf9KXD74/M8LPQDi86tYyT8uTMVFmfUhKYKiGuK4q+CSMrsh8lkZObliV+gUwumDH8
AkOrrLmhOhZuRAOFEIO0HUjDMmGwkEkO8hyw47vw5CjvVMnQuRh1BgcTHwwmrijIFPRPZpKq1smG
yc6QRA8MtNnRWYIucde6L4OHB0OigjFJqiA16Jcq8GfdCfXptblEChnp6NJ3wrPTZ+aicVP340m9
2othGZO4AXwX9xIEZJwsxZPGVLzB1rPZPGuDapV9mS+0H460xUO2jC81vuq0uUu8tc5KbxP7Jt/o
bY/vYM/xc/HzTr/3eXxEzxhuhmSsRjvjNHpNwQIy39vG9/CDkR+ZR7Sj9KiBRBnSHz9vvwd/95/1
oeiQ87E3HP+PnjJU/rmpyoQqbVU6qvTG1TYpbCfqEZczOMSdelu+xtksYmlmPaL8H4TzpZWyoH2z
ZQXrRQR+XBhug8i6ndGVYp3b4/a5+13hiih0UT6O0oORHb0kapmM3ILBfxhfKXrkS+IH50rfZIjA
XgwGi8V0ITjeUUQCGfkDxaWnYiD5Gig+Fm4Qjp1+x2XAcbqel0UEEMEYG8+53rIDoLQ4nDtZwQP8
OdZQK/cUEEgxL8od17QtdXse7LjE5squ4yGD3yYiuJuwNAnL/I4VsQa0I6FIrxDaZrEL4NEB+rVQ
BwfbZncX6DnkkZGIaV9XfmLAubQjZ7S7/l0MikhArV423NVVNdrVi6/sZF1Vf5voWXJOIn/QdCUJ
GaxRfW/vsvsxXZLmdLL7QSv32ol3mZ3Iy03W5bb0xPSO1aettJmmb4KKRMNmFy+fJs1OGqnV1xVB
CCBgC7AQUq4D6C9evHySSd4QnKgFJmyuwoTx4vWTLF06640TJpyTF+rHVBDXhrW6/AZrlld8gyyg
kvQE/9PExdXV5N9Vqqu5xeunRDqaluxxBZiNEtDMLl7p91rIHGzo4Cd96eovYCvNAUuoPoUwkwZF
2RO/UhqVGZHGiLZ07ML5Y63RucfOHZr3YP/xsdMXjs36EwzMj2+6v6FPjx787SDdMHKV9p357yVY
mlpkD/wdlqZG+9f4ODRVBA4W00hVO17ciPuhh1h6aKYdNTNHwka25lpN1SBc3nKnXsCUSUiecrCK
mhyQnkq1ZIJVznEBisYQREDpTHMuIQvQZngVVpXXaDSajdYD5gPWPPtV18h4GX9xRcEr+IUp3V63
3z1le3yrtd3dEeyY8j1rv/uS95L/YnBQHDXeTFxwzwe3xMfB59Zo4l5QTE0rd8UK30glo87DzgsI
/ldP3H7pBRH5/Up7wIzkOGYC/QCjQnXg+/WeCHAAmjzXrDcEXnGEL9OBjbhsP0klUrQpdTFFsRJb
6xkHsgiDAdoZGq1e6NEnvYtANg5oi/odrY48koTSd5akFabNZnOFGWk3iyYFdceiU03Ip8M1TifT
fVB6CG9UcnZgMJGUHVWJ4ZvVoFjtvV1TlbitagAyYlIoNV+Gq/j94SrJugV1zuc5NNqGJlVBky4A
xzhEjOKQVMwJPQqKfwVKUdQBqYjx4cwUAFFKoJOCdMgCpIigUcFvlB4dlSs7OTxJisIZdbuChXPy
iyvdhpgx9tSvrmXrpmdvnB7reWhmc9+q3NjGY4nMzOQmZ2o0M/rqlu/2baWbRt47vqjQIb08HZF/
0jXI9DHkHD1cdwgvmPQz9plPP2If+fQSu+TTi+yiT4+z4z49xA759AA74NOdbKdPR/hIQHt4T0DX
8DUBNbkZ0MDnDLNKg0Sce3bkHrUtqpl5i+QtYCvawyZ/M9uF5VoiTPMXBHksg5GHkQora3L2Fo0t
4HlQx+YjkQNAlFVX9R5RdgfIecSEkeuPibkEj6NGWiWiHNFDZXWwl2qDL/wKcl5Onu3t7dWwqQ9I
iafMUBQ3yJlitffVteDt9Oy1c+bnItoPy7Xou7/76Z58+6xHK9c+MVmDpNoin9DlsfeVpP4SLleS
usPvBFgNTwvodXbdp5fZZZ++xd7y6Ql2wqeH2WGfvsJe8eluttunz7BnfLqerw9oB+8Yl5RjGhES
vO5L2ZgWRGZDWBp/nckTzRoESEleA2VO3oS8Gq3KryD2LsVlbaEURMMQWSNJ4734W0pacAHnpcMQ
TD8QFYI4so75s8r+A/VGaf//wpqQU28v5FaKniNmrriIJQNwuf7E29Oza+cgA/vDciX6bwho4eOz
2iqe7JisyXlRT+QT7UElq+fChj+wG4yeZO8w+g+u/YD/hNNv890cQMH1mODBKwUJjDd4mmowyHby
4Ngvt041r9p8bfuEMoy3Cq2cbA8pP3b53GUCQPm2+77obgk+iHHKT7FR4u6/4BPiXAQzPMlaX2Kr
95AXN8lRX2KmryOY9kwwz0ve+UnO+TLj/CKsB/YIeZS0kcVYEWsJWYr1t5aR5YjjtWPFpZVYq6YT
a2Gtwmo5q0kB/FDrsOZPeRUjcIBCnvITl8z57Uva1yx/LPvQs93f6FnW+T+BiaJUCmVuZHN0cmVh
bQplbmRvYmoKMzMgMCBvYmoKMjE4ODAKZW5kb2JqCjI0IDAgb2JqCjw8IC9UeXBlIC9Gb250IC9T
dWJ0eXBlIC9UcnVlVHlwZSAvQmFzZUZvbnQgL0JIU1RCRitXaW5nZGluZ3MtUmVndWxhciAvRm9u
dERlc2NyaXB0b3IKMzQgMCBSIC9Ub1VuaWNvZGUgMzUgMCBSIC9GaXJzdENoYXIgMzMgL0xhc3RD
aGFyIDM0IC9XaWR0aHMgWyA3NDcgNDU4IF0gPj4KZW5kb2JqCjM1IDAgb2JqCjw8IC9MZW5ndGgg
MzYgMCBSIC9GaWx0ZXIgL0ZsYXRlRGVjb2RlID4+CnN0cmVhbQp4AV2QvW7EIBCEe55iy0txwnaR
axBSdKeTXORHcfIAGBYHKQaEceG3z0KsS3QFSMx8A8Pyc3/pvcvA31LQA2awzpuES1iTRhhxcp61
HRin836qmp5VZJzCw7ZknHtvAwjBAPg7RZacNjg8mTDiQ9Fek8Hk/ASHz/NQlWGN8Rtn9BkaJiUY
tHTds4ovakbgNXrsDfkub0dK/REfW0SgRpRofyvpYHCJSmNSfkImmkaK61Uy9ObO2gOj1V8qMdG1
kuBHDZa2yu/OPdcVTp2IU6f/XHmhTOLWXK8pUek6rvqf0tN5vE00hlh61fUD8hN78gplbmRzdHJl
YW0KZW5kb2JqCjM2IDAgb2JqCjIzOQplbmRvYmoKMzQgMCBvYmoKPDwgL1R5cGUgL0ZvbnREZXNj
cmlwdG9yIC9Gb250TmFtZSAvQkhTVEJGK1dpbmdkaW5ncy1SZWd1bGFyIC9GbGFncyA0IC9Gb250
QkJveApbMCAtMjExIDEzNTkgODk5XSAvSXRhbGljQW5nbGUgMCAvQXNjZW50IDg5OSAvRGVzY2Vu
dCAtMjExIC9DYXBIZWlnaHQgODIzCi9TdGVtViAwIC9YSGVpZ2h0IDcyMyAvQXZnV2lkdGggODkw
IC9NYXhXaWR0aCAxNDQzIC9Gb250RmlsZTIgMzcgMCBSID4+CmVuZG9iagozNyAwIG9iago8PCAv
TGVuZ3RoIDM4IDAgUiAvTGVuZ3RoMSA0MDAwIC9GaWx0ZXIgL0ZsYXRlRGVjb2RlID4+CnN0cmVh
bQp4Ac1XfVBc1RU/99739j1gAwsBQrPRvM0TGgMbQj6EfEg2wK7AjhYCmewmsdnlIwFDDJLIJH5k
sNEaF9LZNtQZrRqiohiDvg1RSSbtpFFSZmzHOqMdbVJtZ3B0rDjjVEy/Av299whN0tq/ew/n/c49
57xzz7n3Pu7dPR33NpOTukiQr3FntJ2slloPmNfYuUez+9JxInnVtvbtO+1+0mdE0tbtbfu22f3U
vcC3WpqjTXaf/gm8pQUKu8+WA29q2bnH9ENLrcTD2barcdqeao6r7ozunR6fLqKv3R3d2QxES9uD
R0H7rt0moqWtwaOkvaN52p+FiISZ81UtlYihK5iTCukQpRInF6SVUH8hbYXNJJSlvFIttU1sTVsz
obpV6/3+wcOTpjB6sBT1TdYkf6wUoeu0/E0D3lOKJmuIUnqIpt5J/njGYlrNJnxOCgQgZKSrvkpt
mN9yonIp4IAF7LgNL9vwkg0DNrxow3M2HLXhiA1VNlTacJsNZTb4bCi1YY0NK21w2CDZIGxgvu8h
p4vgC+Dfg38HfhP8Ovg18KvgQfBx8AD4RfAR8DPgp8E94APgRvBW8DB71Q49aMMxG16wod+G5214
xoYKG9bZcKsNJTYoNsg2cBvI58NIH4LfB4+CfwU+Dx4BvwE+CR4CvwLuA/8EvA/cVLk0MykzqTg+
zDp9VUr8qBI/rMQPKfFdSrxNiW9T4s1KfIsS36TEw0o8pNykLlA19UZ1njpXzVGz1Uw1Q3WpqapT
TVZV1aFKKldJJWO2CPJgXRkLGmcbKdigGd/U6cMsuXaTIetlzMgIUrC+LMcoyTf4wWFG9aFhNpVg
7EePuI2M8tApYmzqkUPuaQyHKTv/P1vONapgzb4zNJ8Vk4LnsiFl/lsK7ME6aOOWNm5q45Y2h52o
oaXBaHfkBromyPUddr3iW/vM32qWWxNKqFQWLt9i4xBPSUY9EbcnXJbtai+1ilvtydnvPi0RG6CU
/LDh1MuMWWCzbu867zrTJOEzgikV6rRpU87+1R73aTYwbXJBnY6ptL6s/6fHu9+aTBEVUSML8Yf4
Jkg/owY8nwQ3gZ+gXurlQ5DgQ8vABqRq+lQepaXUYemX0QPACvorJu6HlmYNNcDeAO8RYClsjUAG
WyP1sh4LH6SHEfsrPsTP8XOWdS3iVpseNvEheRR6c+QD9Ap9xM4iwv10GNZT9K75FiL30iBdYgtB
3ewTNs5roGWE8RFnB7x7ke8v6EP6C8tkpSzGzsAngz9k5WKP1gWfEdC7VhQz0u2sje1iHewxxBzj
gq9A1F38IO/jBj8nwlKpPOrIcBQrbYjC8J9aUDoqNKPdQXUYuYHuwRllRzUjj9BvGWe1rJ61sMdZ
H3IYYeOgr7mXr8Wsm/RTEZGc0mfyDvlZ0Khjg/K06kBsmRw0lzTKpeWoyo8xalFZE91F91l0P2p8
gB6kH9AR6qOj9BIl6DT90hyTLtBHdAmzkwYy6ypmK9lGUBjUwfazhzEf3VfRIfYUG2Knkd/b7H0+
H1Xb1Ibq7SwP8Cf5Sf42/zX/mI/xz/lXgkSS2CoaxG7RL46Jd8Q7UqXUJx2VLkoXZSYb1kxlODId
dzq6QT1KkrJDeVj5sfK08nryYpqDugpQVzVtRFX7UMkDdJBi1qolUMlJeg00Sp+bdYCmpisxq1nJ
KliAbQCF2SYWYTvZbrZ3pqLn2QtsgJ1ELe+DPmAX2J/Yn9mXFl3iDp7N82fqq+F1fCPfwR/nT/Cn
+MvYkUP8DP+Af4Qax/gEakwRGSJL3Cj8IgCqF5vFXnFADIpz4oIYx7o5pVulUmmDdCdqPy+NSZ9h
Jbks5Fx5hbwK1CLfLe+Xu+VnsKPH5XGHE/vHpNmO1Y5HHUccQ44PHZeVLCVbWQBarBQpdUqb0qkc
U8aUT9XjSeuSWpM6kgvoGC2hN677jl/D7n6T3+kopLnsAnbDPSINXhrmc4Q7lbakVj5kZqfUsYVY
qT/QJZFEQek8bRSbqU1uECnKFzTAdksPsZdFgI5Tv9LJzoiIGBf9cq5jtb0/+JPimLJPiSifItOv
xWG5RVnM1sndbICvxRfdwWrpGzZB38fIe/giOk+P0UHWiQOnVz3OZuELHuHzWbf8rDgh9Qm/vJ/d
jBV0y6PiEVpBWbitLKQF2OsyZYLJV1xSvHzZ0qIlhYu9BfmLbl743bzcm/QFHm3+jTfMc8/9Ts6c
7KzM2RnprrTUWc6U5CRVcciS4IwK/Hogohl5EUPK0ysrvWZfj0IRvUoRMTSoAtf6GJr5XhSmazx9
8Nx2nafP9vTNeDKXtobWeAs0v64Zv6nQcbXYVBuCfKhCD2vGuCXfbslSntWZhY7Hgzc0f05LhWaw
iOY3Ap0tMX+kwlvAEinJ5Xp5c7K3gBLJKRBTIBkBvT3BAqXMEnjAvyrBSZ2FGo1qvcJvVOl4FWFE
rj/aZNTUhvwVbo8n7C0wWHmj3mCQeWblWy5Ubg1jOMoNxRpGazVQDnVriYKzsZ5hFzVE8p1NelN0
S8gQUcTwG+n5xm16hXHbfWM53oJh9kJ9yEgqt24Ip6h6qitR1VVRETZHw3H5qOU+B+5z7htzi5g/
p1Uz0I3FHtWMvtqQGeyK1WP6hMMI6i0Irg95kLXu79HMMtaHrAoQlOUUInFTZ5ZpF9ys+01N5C7N
SNLL9JbYXREs1tyYQev3eU7MrfadmvojVfu1WH1I9xhr3Xo4WjEvkUmx9fuGqnxa1bUWb0HClW7P
dCI1bVpwzrpaaMYq2DZLstxNCVlfmWpmZqRXGT7ssUYNmYR0g+eWmI/mEoo1lmBF0MIMM9qK+YvE
XKtQnSHnunQtNkHYCPr4F9dqotMaR65rgkyjuV1mtpzBoldkIz/fWLTI3ClKOZYWmZVa/RXegk4j
qLe7NCOIKaOaEF4KryrElHs85ip3D/uoAR2jqzZk9zVqcJ8gXyGuOjxiWs5esWRtMC1dVywzr0d0
bOeTOA6Jsgw1b+YvzZU929+yymDZ/8PcbNvx+fi1hCTnxmpCedFYtzsvEusJY1cH8FXHYgFdC8Qi
sejwVFeDrrn0WCIYjLX78TXaJQ1Pne12G76ecAvDpBrL7NkwZpeHhJubOxMSd4uw17zFdcl/o0Hx
Em4PZJ3i5j9VJ85a/BAjD85d81w3Wx7OpgbIXfiZ1IXbiMA1VvelKe8x6T32HH5YTpE8JU6xT4gK
J8dd47T2SzyLlixL96TnetI9XYIud3GaJHn07yVd0qg52iD1ynfIyymFMn9OgvdQEjnYPxBgHH9F
S2Yvp2VLKSuT9AU0yDZPTLAtk89PTEz287EJtnmy3xTZZjMOO8MvS07khDiMFyNdwRr/HQcpDPIa
ONVcNmi6Hpoqwe3hvzWB1DgTSmNrR2Nb8y3K7nvujXY0m7+FGWWAzeagHKKyyrr6skD+xta7tzeB
d3vXN2+/ty3aQfQvRJG3JgplbmRzdHJlYW0KZW5kb2JqCjM4IDAgb2JqCjI1NzkKZW5kb2JqCjI2
IDAgb2JqCjw8IC9UeXBlIC9Gb250IC9TdWJ0eXBlIC9UcnVlVHlwZSAvQmFzZUZvbnQgL0VVQkRU
RStIZWx2ZXRpY2EgL0ZvbnREZXNjcmlwdG9yCjM5IDAgUiAvVG9Vbmljb2RlIDQwIDAgUiAvRmly
c3RDaGFyIDMzIC9MYXN0Q2hhciAzMyAvV2lkdGhzIFsgMTM5IF0gPj4KZW5kb2JqCjQwIDAgb2Jq
Cjw8IC9MZW5ndGggNDEgMCBSIC9GaWx0ZXIgL0ZsYXRlRGVjb2RlID4+CnN0cmVhbQp4AV2QwW7D
IBBE73zFHpNDhO0zQqpSRfKhbVQnH4BhsZBqQGt88N8XiJNKPeyBmXkwLD/37713CfiVgh4wgXXe
EC5hJY0w4uQ8azswTqf9VDU9q8h4hodtSTj33gYQggHw74wsiTY4vJkw4rFoX2SQnJ/gcD8PVRnW
GH9wRp+gYVKCQZuv+1DxU80IvKKn3mTfpe2Uqb/EbYsIuVEm2kclHQwuUWkk5SdkommkuFwkQ2/+
WTsw2j3ZtVLUaTpb80+noOWLr0p6Jcpt6h5q0VLAeXytKoZYHqzzC37acEoKZW5kc3RyZWFtCmVu
ZG9iago0MSAwIG9iagoyMjIKZW5kb2JqCjM5IDAgb2JqCjw8IC9UeXBlIC9Gb250RGVzY3JpcHRv
ciAvRm9udE5hbWUgL0VVQkRURStIZWx2ZXRpY2EgL0ZsYWdzIDQgL0ZvbnRCQm94IFstOTUxIC00
ODEgMTQ0NSAxMTIyXQovSXRhbGljQW5nbGUgMCAvQXNjZW50IDc3MCAvRGVzY2VudCAtMjMwIC9D
YXBIZWlnaHQgNzE3IC9TdGVtViA5OCAvWEhlaWdodAo1MjMgL1N0ZW1IIDg1IC9BdmdXaWR0aCAt
NDQxIC9NYXhXaWR0aCAxNTAwIC9Gb250RmlsZTIgNDIgMCBSID4+CmVuZG9iago0MiAwIG9iago8
PCAvTGVuZ3RoIDQzIDAgUiAvTGVuZ3RoMSA1MDY0IC9GaWx0ZXIgL0ZsYXRlRGVjb2RlID4+CnN0
cmVhbQp4Ab1Yf3AU1R3/vv1xdyGhJgHkknDsXpcjv4VEpUAoOY67kBDAQIDeIchdkotJJJLBkAoO
9MaClQtSFaEKjkp/WCFFNheGbqDSwOgo06qoo1XrjFJ/dToy9hetimb7eXvJSZjK5A/GffP2+/O9
93mf9+7t7nVu2BilsRQjkepWRTqaybrGPQpR0tge6Uja2b+DzG3s6lSTtlxAJK5r7ri1PWk7HiIa
47p13aah9tnvwd/SEo00JeP0JeQM7kja7AbIKS3tnXcm7eyjkI516xuH4tlvwra1R+4cGp/ega3e
HmmPJvPH8XZTOtbf0TlkV0NO79gQHcpnQeB7mRi8Aj1IaXQb2aFloqwhsv91jIskRHkc123d5xvW
XjPnAmU5LHvt4p9a8sypOf/9LPplfvoDjs/hSBvO59JWOFhIlMEQP5/+QCpitcNNMKi+2KAa1ErU
G1GLi+c5KcaepPtRn0AVqZV10ybUHaiPoEop7SCsftadkBze42wT5bKF3nRJWT4+R3GOSVdeNZjt
6GPKW873T7AcrN45lpMYS2nzxrAn2OPURAr7FXnYZqqmAravr3CdEkboIHWgxlBF687YwcTkcuUk
KyGPxNBmKk2W2DHl47JS5cMyQ2AJ5XS+IUGcmgzLe40y4HpM+b3rVuUkak8ydKgQGceUg651yu7J
BtuXUB50GQxtHkiKjS40Paa0F+5Vmsqs+KK9htCTUGYhvtKbrsyY6VZudH2gTMs3HAx2qWuRUlT2
ojIFDZGmolOPN0uZ5NqtzEZosiuQPxv1BDvE9lMR25/wLFSOQ8V0+2oKZ+412F191QVlHoNt9s6o
LthbWJ3vKVykeAqr8vOhr3zBvs1+s32evdxebC+wT7W77Xn28Y5sR6bjO44MxxiHw2E32G8SlYrt
BOuhStDS0+ewOWSDPQ2ndIIdtpyHf+uQHIKDHOMN8z1sXkbjDdZzNJNrUI7ZLM1msMN9SddhryJx
TbICmQLXccOdBOYQaCHp7D7DRtuv7ap0VmbPzZpV5f+mW9iKDN+Lv/lyMpe+t7Y+qB9yhfRyrpiu
0HC6c1j5Rtm5EaGor7i4dtmmvq6OtuZAVAuEtUAUNax3d7U49ViDqva2dfCAqotTww2NLVxGonqH
FvXrbZpf7e2y2l0WbubhLs3fS82B5cHeZm/Un+jydgW0iD/U1+DbsGbEWDtSY23w/Z+xfLyzDXys
BqvdZWOt4eEGPtYaPtYaPlaDt8Eai08+0Frvu6MTu1MNtNaqekG9XrN0VVBXIyG/wZ6E07+R5AHK
lJ+hAjlGudI0UojMt1Df5nJwhfmR/DxlDrab/xArsKj9vAqDlXNogO6j/XSEbPQU9AK6hR6mM6wN
v+3VdJTeYJPpOpy9Ehm0iP7ITPMVaqZfIr+TTtMe6qUMtGmnCYjuYh5zM2wv9AbaZv6cptBMuoee
oVnodRedNw+afYguoxV0iHrQ/g9ME3qlcebT5gfkoKXocxsir5iLzCOUTSXkozp4t9FJ5hHfNlvI
SRVA9yg9TgfoFH3C7mZHzRazyzxrnsNWddIkqkfZwo6yc+IR6R7zUfNv5iCYKKAijBqm3fQL9H8E
ZQBHa4DdxjrZbrZH8Ap3C0el7fLEwa/AQyEtQKmm9XQvGOinZ+mf9Dn7VHCKmWKn+Jx5o/kvSqda
zJLPJEpdKD9B2YU5nWA2Np3NZ3VsC3uI7WGvCUXCCiEo/FC4U/hIXCKuFjeJr0l3SAl5p/ywLX3w
gnnCfN58nSaSi26mDbQVsztNZ+nf9AUT0dck5mEVzMduQYmx/UI/O8D6hTo2wM4Kh9i77H32Kbso
yEKGMEEoFjqF3UKPcFp4SWwV94iPiO+KF6S5siAfkD+0eex/HmwY3DH4kllhnjM/wxHrIDdWxkdL
aC1FMNsOuoF+hFkcRjmCVXuWnqMzVnmfTaLz9BlYIJbNclk5W4yyhN3Emlkre4wdRzlpYfmPgIUQ
0oQsYaIwSagXGoR2ISa8LsTEPLFIXCiuEo+gvCC+IV4UL0qyNE6aIC2Qamin1C7tQ3lSekpKSC/L
s+S58hJ5pRyTd8g7xUb5FfkN21bbLlvC9qnt7zgWF9nX23didc5gz57CXv76ktgUoC+n26mR+VkD
7cVqHGARimN3NbF7wVcHFZhrxK3iAmE6dsNJugu7dR9toR3iajpgvikeoj9hp6xDlzH6teQjl/wz
rM7dNB27aKh4C4sKC/KneqZo33WrOPIn5eXmOCdeO2H8uOyszLEZ6WPSHHabLIkCo5KAVhVW9alh
XZqqVVeXcluLwBG5xBHGT1nVq0bm6CpvF0FoRKYXmc2XZXqTmd5UJstU59Cc0hI1oKn6i35NNdiq
pUHo9/m1kKqft/TFln6/pY+F7najgRpwtvhVnYXVgF7V1RIPhP2lJazfCzrGlJbwg8NL6bxjneZH
tuCApfk8I6Dnav6AnqNBR0z0BCJNet3SYMCf53aH4INrWRBjlJa06sBJ3RlNWlO34aWGMNciq4O6
GAnpQpj3lVWsT9T8+sTNHzq/Noe1wM5LgrrgqYpE41W6N9wNcrkZ5lZkJ6zaehXdCttDQZ1tHwLB
MbYBKYebfCZ4wm2qnqb5tJZ4Wxjk0rJgItebax2+OtUFEzneHMsoLel3bq1wY/b9pfNK53FZ4XZu
TcqPf5z0vzrApXPrs+9B1i5LEcA4A1oNcOpqozWIBrAz+S06k+KNM8ETrhDDNFuBZ74uYM+IHl32
1ET0WP0wjBZ/Ely4zZ9Iy8m1HkK+EPLD8czZWCnkZ2pq/AKe1mHt/CcjPZEhj82TeYF4kC90aq/o
LDKsd/GHpQezbnFqLXx9u6w1ha05A5c4YHNqOGZ9PB7gdUG3robgwNtkSa1BaXXBXsZ2hQxmbjfI
7+rHO6q49haES/hWa/VjfBilJXAUuaFdV6JWYeQqvlfUuBqvaYqrVWoLNpPksSQC0XhoGhisD4In
Wo4RvaG8lBoNhWajn2m8HzRBejyEHtqGeoC0XNO+QtL0EjxMxal1waVBPebP073+EFYB23egLqgP
YOeGQsgqSyEF4i2tziHM5cBcVoT49cle8O4SQxeheJz3WR/U3PpAPJ4X57+3pG0wutzhHXIYxFM4
5QaL1aEthObOs9bArbkBK8Q5vQFbenhH4Z39ygzPSOFGy+8B7QyL4ZlXieFZo2F49qgYrkghHcHw
HGCu4Ax//9tjeO4IhiuvzLA3hRsg5wGt12LYd5UYnj8ahv2jYjiQQjqC4SpgDnCGF3x7DFePYLjm
ygwvTOEGyFqgXWgxvOgqMbx4NAwvGRXDN6WQjmC4Dphv4gwv/fYYXjaC4forM7w8hRsgVwDtcovh
lVeJ4R+MhuHgqBgOpZCOYHgVMIc4wzenGPbm6XTpORy77Nilq34wr76EcrwpydnkYy4o/PMZH9C4
MvBlkQHpTnkI79v8XyYB7+AkncW3m4j/gCqT/8s4puHhierINIjOonIbuviOQRIqQbe/Q8fRgmhl
8XH0IkNOL7s+y52Vj+qTdhlf/kV+5ov5hrT4Ir7xkWFdZhTfLP/vQpwJ9o23t5ZPL6+yEhi+wpLo
bfhfigIrfP7lgeLq6LquaGdrYwQ5yShPRpwmmUMXd6R0pk7j9v8AkMplDAplbmRzdHJlYW0KZW5k
b2JqCjQzIDAgb2JqCjI3MTcKZW5kb2JqCjQ0IDAgb2JqCihvYXV0aC1hc3NlcnRpb25zLWlldGY4
NC5wcHR4KQplbmRvYmoKNDUgMCBvYmoKKE1hYyBPUyBYIDEwLjcuNCBRdWFydHogUERGQ29udGV4
dCkKZW5kb2JqCjQ2IDAgb2JqCihCcmlhbiBDYW1wYmVsbCkKZW5kb2JqCjQ3IDAgb2JqCigpCmVu
ZG9iago0OCAwIG9iagooUG93ZXJQb2ludCkKZW5kb2JqCjQ5IDAgb2JqCihEOjIwMTIwNzMxMjI1
NjU4WjAwJzAwJykKZW5kb2JqCjUwIDAgb2JqCigpCmVuZG9iago1MSAwIG9iagpbICgpIF0KZW5k
b2JqCjEgMCBvYmoKPDwgL1RpdGxlIDQ0IDAgUiAvQXV0aG9yIDQ2IDAgUiAvU3ViamVjdCA0NyAw
IFIgL1Byb2R1Y2VyIDQ1IDAgUiAvQ3JlYXRvcgo0OCAwIFIgL0NyZWF0aW9uRGF0ZSA0OSAwIFIg
L01vZERhdGUgNDkgMCBSIC9LZXl3b3JkcyA1MCAwIFIgL0FBUEw6S2V5d29yZHMKNTEgMCBSID4+
CmVuZG9iagp4cmVmCjAgNTIKMDAwMDAwMDAwMCA2NTUzNSBmIAowMDAwMDYyMzYyIDAwMDAwIG4g
CjAwMDAwMDE0MzYgMDAwMDAgbiAKMDAwMDAxNzU5MyAwMDAwMCBuIAowMDAwMDAwMDIyIDAwMDAw
IG4gCjAwMDAwMDE0MTYgMDAwMDAgbiAKMDAwMDAwMTU0MCAwMDAwMCBuIAowMDAwMDE0MjA5IDAw
MDAwIG4gCjAwMDAwMDE3MTYgMDAwMDAgbiAKMDAwMDAwODI1MSAwMDAwMCBuIAowMDAwMDEzMDAx
IDAwMDAwIG4gCjAwMDAwMTc3NDcgMDAwMDAgbiAKMDAwMDAzMjE4MCAwMDAwMCBuIAowMDAwMDA4
MjcxIDAwMDAwIG4gCjAwMDAwMTAyNDQgMDAwMDAgbiAKMDAwMDAxMDI2NSAwMDAwMCBuIAowMDAw
MDEyOTgwIDAwMDAwIG4gCjAwMDAwMTMwMzggMDAwMDAgbiAKMDAwMDAxNDE4OCAwMDAwMCBuIAow
MDAwMDE3MjgxIDAwMDAwIG4gCjAwMDAwMTQyNDUgMDAwMDAgbiAKMDAwMDAxNzI2MCAwMDAwMCBu
IAowMDAwMDE3Mzg4IDAwMDAwIG4gCjAwMDAwMDAwMDAgMDAwMDAgbiAKMDAwMDA1NTA5MyAwMDAw
MCBuIAowMDAwMDAwMDAwIDAwMDAwIG4gCjAwMDAwNTg1MzcgMDAwMDAgbiAKMDAwMDAxNzY4MyAw
MDAwMCBuIAowMDAwMDE4MTY2IDAwMDAwIG4gCjAwMDAwMTg0MzMgMDAwMDAgbiAKMDAwMDAzMjE1
OCAwMDAwMCBuIAowMDAwMDMyODQwIDAwMDAwIG4gCjAwMDAwMzMxMDAgMDAwMDAgbiAKMDAwMDA1
NTA3MSAwMDAwMCBuIAowMDAwMDU1NjA1IDAwMDAwIG4gCjAwMDAwNTUyNzAgMDAwMDAgbiAKMDAw
MDA1NTU4NSAwMDAwMCBuIAowMDAwMDU1ODQ3IDAwMDAwIG4gCjAwMDAwNTg1MTYgMDAwMDAgbiAK
MDAwMDA1OTAyMCAwMDAwMCBuIAowMDAwMDU4NzAyIDAwMDAwIG4gCjAwMDAwNTkwMDAgMDAwMDAg
biAKMDAwMDA1OTI3MCAwMDAwMCBuIAowMDAwMDYyMDc3IDAwMDAwIG4gCjAwMDAwNjIwOTggMDAw
MDAgbiAKMDAwMDA2MjE0NSAwMDAwMCBuIAowMDAwMDYyMTk3IDAwMDAwIG4gCjAwMDAwNjIyMzAg
MDAwMDAgbiAKMDAwMDA2MjI0OSAwMDAwMCBuIAowMDAwMDYyMjc4IDAwMDAwIG4gCjAwMDAwNjIz
MjAgMDAwMDAgbiAKMDAwMDA2MjMzOSAwMDAwMCBuIAp0cmFpbGVyCjw8IC9TaXplIDUyIC9Sb290
IDI3IDAgUiAvSW5mbyAxIDAgUiAvSUQgWyA8MjlmNWI0Mzg3YjAyMzdlMjkxMGRiZDhmZjQ3MDk2
NDc+CjwyOWY1YjQzODdiMDIzN2UyOTEwZGJkOGZmNDcwOTY0Nz4gXSA+PgpzdGFydHhyZWYKNjI1
MzcKJSVFT0YK
--20cf307abeed329ed904c62822f0--