From nobody Thu Feb 1 11:16:14 2018 Return-Path: X-Original-To: oauth@ietfa.amsl.com Delivered-To: oauth@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 277B712EC79 for ; Thu, 1 Feb 2018 11:16:12 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.998 X-Spam-Level: X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VAKXammfXvu6 for ; Thu, 1 Feb 2018 11:16:09 -0800 (PST) Received: from mail-pf0-x234.google.com (mail-pf0-x234.google.com [IPv6:2607:f8b0:400e:c00::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7009212ECA0 for ; Thu, 1 Feb 2018 11:15:55 -0800 (PST) Received: by mail-pf0-x234.google.com with SMTP id e11so15953297pff.6 for ; Thu, 01 Feb 2018 11:15:55 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=4w8BU01pagUBXfJaJU8I+hhVl+ai4yPTsqGK7x2893E=; b=t5KJNekodh6Y5Vj2s4eKjQc2ENT5KREMVW57xSD4b55AI2REhoEs133tqWp7KnztV6 sBich3YQSDUJiLZacZFsZ8SBS/tGszOs3j6CDvCNL/hU+khLvdWoPi9oYy9EmLiWtOVI fFnXnLl5bVbYhyXTOohjaF8gaEcUxhc2YO2axGEqPYDDd8eZBZcwKu8gtT5F1SraO2Mq khelJidCTDG1HLD20mNCW4Tj21PJsnD43Tz4ikenXs2UNZusRSkkssgHHxjvRYBbM51+ ZiH3G6fbwFWf8JY2VdClbDBG+Nk43aGtGaK1sJvjPXQkPjIM02pBInZkuRF7Q2UU2Bnz 6r+w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=4w8BU01pagUBXfJaJU8I+hhVl+ai4yPTsqGK7x2893E=; b=WWxKhaEbAW+k19kvoFaGET+2ZufmM+Nn9cA2cMGGBqQQf1fF3Ply+aiIW9cIbOaMjt leOWR/SE1MWyqR2ht+ssURkUx5D3Y4f4rDR4RwqTGPOxUjvWrybfi12hcUybSv7VBdqq cvcqj6pW4Xb91e+C5KxlYl4ZgynTnRFcstFWE6fOzW3vHLs9szQz0gbBKObwsxScKkM/ palraMbQ5j6o4VribVqFeNMuFDjDawEfp7Fbx8nKYpb9sPG9m429/0WAVs/6MQ0hkA1P LKm/ckL4OGMpx0NPqTCQG9adsM6IfivlIGpBAJ/9leSRkjJIgQjS8YgEcVe5Od+gEvSU ru+w== X-Gm-Message-State: AKwxyteqiiooOlU0VOIegEOEk/poifCqLQMUSNfwW4Y32HN5EK+Znlvf cSrdrBLRSraJrDXd23XxomWeRwk5pKBsW6PlDvA= X-Google-Smtp-Source: AH8x226MWGiyTiq9AcfGcTyhFOX0//UP8MwZCS3lhXsUoqOlIX50KGtd8KzLFESwkozQXZzAG2Mb0m5vkvH3ChtOVFo= X-Received: by 10.98.141.25 with SMTP id z25mr37609682pfd.165.1517512554858; Thu, 01 Feb 2018 11:15:54 -0800 (PST) MIME-Version: 1.0 Received: by 10.100.165.33 with HTTP; Thu, 1 Feb 2018 11:15:34 -0800 (PST) In-Reply-To: References: From: Dick Hardt Date: Thu, 1 Feb 2018 11:15:34 -0800 Message-ID: To: Rifaat Shekh-Yusef Cc: oauth , Nat Sakimura , Brian Campbell , Hannes Tschofenig Content-Type: multipart/alternative; boundary="94eb2c0a4dc8c64e2505642b6c5c" Archived-At: Subject: Re: [OAUTH-WG] Distributed OAuth interim meeting summary X-BeenThere: oauth@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: OAUTH WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 01 Feb 2018 19:16:12 -0000 --94eb2c0a4dc8c64e2505642b6c5c Content-Type: text/plain; charset="UTF-8" There seemed to be interest in this problem area from a number of people. While the other referenced drafts solve aspects of the problem, the Distributed OAuth ID is a full solution to a class problems, but may be overly prescriptive in aspects. Here is how I see the different aspects of the problem: How does the resource prove its identity? How does the resource signal it's authorization server? How does the client signal which resource it wants access to? How is the identity of the resource represented in the access token? Am I framing the problem in a way that makes sense to the others of the other specs? On Tue, Jan 16, 2018 at 8:07 AM, Rifaat Shekh-Yusef wrote: > Dick presented the attached Distributed OAuth slides, which is the same > slides he presented > during the IETF meeting in Singapore. > > Eve presented the attached UMA slides, which seems to have a wider scope > that covers > Federation of AS servers, but shares some of what is in the Distributed > OAuth draft. > > > The team then discussed the scope of the authorization: *host level* vs > *granular*. > > It seems that there is a disagreement on the proper authorization scope, > and that > there are few other documents that discuss this same idea that need to be > taken > into considerations: > > * OAuth Response Metadata > https://tools.ietf.org/html/draft-sakimura-oauth-meta-08 > * Resource Indicators for OAuth 2.0 > https://tools.ietf.org/html/draft-campbell-oauth-resource-indicators-02 > * OAuth 2.0: Audience Information > https://tools.ietf.org/html/draft-tschofenig-oauth-audience-00 > > > The decision is to continue the discussion on the mailing list, and take > into considerations the > UMA solution and the above drafts. > > We might schedule another interim meeting to continue that discussion to > try to come to a decision on the way forward before London. > > Regards, > Rifaat > > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth > > --94eb2c0a4dc8c64e2505642b6c5c Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
There seemed to be interest in this problem area from a nu= mber of people.

While the other referenced drafts solve = aspects of the problem, the Distributed OAuth ID is a full solution to a cl= ass problems, but may be overly prescriptive in aspects. Here is how I see = the different aspects of the problem:

How does the= resource prove its identity?
How does the resource signal it'= ;s authorization server?=C2=A0
How does the client signal which r= esource it wants access to?=C2=A0
How is the identity of the reso= urce represented in the access token?

Am I framing= the problem in a way that makes sense to the others of the other specs?

=C2=A0

On Tue, Jan 16, 2018 at 8:07 AM, Rifaat Shekh-Yusef= <rifaat.ietf@gmail.com> wrote:
Dick presented the attached Distributed OAu= th slides, which is the same slides he presented=C2=A0
during the= IETF meeting in Singapore.

Eve presented the = attached UMA slides, which seems to have a wider scope that covers=C2=A0
Federation of AS servers, but shares some of what is in the Distrib= uted OAuth=C2=A0draft.


The team the= n discussed the scope of the authorization: host level vs=C2=A0gr= anular.

It seems that there is a disagreement = on the proper authorization scope, and that=C2=A0
there are few o= ther documents that discuss this same idea that need to be taken
= into considerations:

* OAuth Response Metadata=C2= =A0
* Resource Indicators = for OAuth 2.0
* OAuth 2.0: Audience Information


The decision is to continue the discussion on the mai= ling list, and take into considerations the=C2=A0
UMA solution an= d the above drafts.

We might schedule another inte= rim meeting to continue that discussion to try to come to a decision on the= way forward before London.

Regards,
=C2= =A0Rifaat


_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth


--94eb2c0a4dc8c64e2505642b6c5c-- From nobody Fri Feb 2 08:34:50 2018 Return-Path: X-Original-To: oauth@ietf.org Delivered-To: oauth@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id ECDAB12711B; Fri, 2 Feb 2018 08:34:48 -0800 (PST) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: IETF Meeting Session Request Tool To: Cc: rifaat.ietf@gmail.com, ekr@rtfm.com, oauth-chairs@ietf.org, oauth@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 6.71.1 Auto-Submitted: auto-generated Precedence: bulk Message-ID: <151758928892.31810.2153032635879105885.idtracker@ietfa.amsl.com> Date: Fri, 02 Feb 2018 08:34:48 -0800 Archived-At: Subject: [OAUTH-WG] oauth - New Meeting Session Request for IETF 101 X-BeenThere: oauth@ietf.org X-Mailman-Version: 2.1.22 List-Id: OAUTH WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 02 Feb 2018 16:34:49 -0000 A new meeting session request has just been submitted by Rifaat Shekh-Yusef, a Chair of the oauth working group. --------------------------------------------------------- Working Group Name: Web Authorization Protocol Area Name: Security Area Session Requester: Rifaat Shekh-Yusef Number of Sessions: 2 Length of Session(s): 1.5 Hours, 1.5 Hours Number of Attendees: 50 Conflicts to Avoid: First Priority: acme sipcore ace tls core suit teep secevent People who must be present: Eric Rescorla Hannes Tschofenig Rifaat Shekh-Yusef Resources Requested: Special Requests: --------------------------------------------------------- From nobody Fri Feb 2 09:51:07 2018 Return-Path: X-Original-To: oauth@ietf.org Delivered-To: oauth@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id A3556129C5D; Fri, 2 Feb 2018 09:51:05 -0800 (PST) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: IETF Meeting Session Request Tool To: Cc: rifaat.ietf@gmail.com, ekr@rtfm.com, oauth-chairs@ietf.org, oauth@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 6.71.1 Auto-Submitted: auto-generated Precedence: bulk Message-ID: <151759386562.17064.14097429925932482797.idtracker@ietfa.amsl.com> Date: Fri, 02 Feb 2018 09:51:05 -0800 Archived-At: Subject: [OAUTH-WG] oauth - Update to a Meeting Session Request for IETF 101 X-BeenThere: oauth@ietf.org X-Mailman-Version: 2.1.22 List-Id: OAUTH WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 02 Feb 2018 17:51:05 -0000 An update to a meeting session request has just been submitted by Rifaat Shekh-Yusef, a Chair of the oauth working group. --------------------------------------------------------- Working Group Name: Web Authorization Protocol Area Name: Security Area Session Requester: Rifaat Shekh-Yusef Number of Sessions: 2 Length of Session(s): 1.5 Hours, 1.5 Hours Number of Attendees: 50 Conflicts to Avoid: First Priority: acme sipcore ace tls core suit teep secevent tokbind People who must be present: Eric Rescorla Hannes Tschofenig Rifaat Shekh-Yusef Resources Requested: Special Requests: --------------------------------------------------------- From nobody Wed Feb 7 02:06:48 2018 Return-Path: X-Original-To: oauth@ietfa.amsl.com Delivered-To: oauth@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B9734126D74 for ; Wed, 7 Feb 2018 02:06:46 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.92 X-Spam-Level: X-Spam-Status: No, score=-1.92 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4uF6rElaSb0b for ; Wed, 7 Feb 2018 02:06:44 -0800 (PST) Received: from EUR01-DB5-obe.outbound.protection.outlook.com (mail-db5eur01on0078.outbound.protection.outlook.com [104.47.2.78]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D71A0126DC2 for ; Wed, 7 Feb 2018 02:06:43 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector1-arm-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=A/wHEqHPG11aHlOWUcLh1qLXkWLnTxFqqyUIvKKLwEs=; b=QbRJTmmnV8HEtw7dfhmXz6wVr4FmGvU+s33GqucoXsVO7+LnFYhl5Ays5isd07CYEX/w4e9WfL3k8oib1z8XoGlag23wiJpH5/WcLYRxnk7h+zKbh6UNP8wm6dUpNNeaB6cH1YUnY8xuj3Z+Guf9gG6JI1zMYs5X+1YcX5WY28U= Received: from AM4PR0801MB2706.eurprd08.prod.outlook.com (10.167.90.148) by AM4PR0801MB1474.eurprd08.prod.outlook.com (10.168.5.136) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.464.11; Wed, 7 Feb 2018 10:06:41 +0000 Received: from AM4PR0801MB2706.eurprd08.prod.outlook.com ([fe80::b863:80d:692b:e64b]) by AM4PR0801MB2706.eurprd08.prod.outlook.com ([fe80::b863:80d:692b:e64b%14]) with mapi id 15.20.0485.009; Wed, 7 Feb 2018 10:06:41 +0000 From: Hannes Tschofenig To: oauth Thread-Topic: OSCORE Thread-Index: AdOf+vC9Bo7oOstGSpuGdOgV/ndnFQ== Date: Wed, 7 Feb 2018 10:06:41 +0000 Message-ID: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: spf=none (sender IP is ) smtp.mailfrom=Hannes.Tschofenig@arm.com; x-originating-ip: [88.214.162.174] x-ms-publictraffictype: Email x-microsoft-exchange-diagnostics: 1; AM4PR0801MB1474; 7:4A8ryii+fBGAisj/jXbd7JsHzdRIe4BKqdoKsfjgM3fEs+TejmQxiqJ7r9IODFM+1CRCwT0PyzXGIUbIMVG/BOQ1m84e347zIPvaqVln3Ce4NTJ0NN11egkeW09/ov0nPrhv0Lk59xLsAj++MfewarUQ+ujoaQ6bA9Tiz98lGBNT11q8N7vpo4DAlSE4K/j5+pnpV951MbZX/gI1aXm6jpBXnneTo+7hQRdNXN7nY+xv8NfghOltnQVwPQ3ilf/k x-ms-exchange-antispam-srfa-diagnostics: SSOS; x-ms-office365-filtering-ht: Tenant x-ms-office365-filtering-correlation-id: 6a67f750-50d4-4fe6-18f6-08d56e127c1e x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(48565401081)(4534165)(4627221)(201703031133081)(201702281549075)(5600026)(4604075)(3008032)(2017052603307)(7153060)(7193020); SRVR:AM4PR0801MB1474; x-ms-traffictypediagnostic: AM4PR0801MB1474: x-microsoft-antispam-prvs: x-exchange-antispam-report-test: UriScan:(28532068793085)(192374486261705)(21748063052155); x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(6040501)(2401047)(5005006)(8121501046)(3002001)(3231101)(2400082)(944501161)(93006095)(93001095)(10201501046)(6055026)(6041288)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123564045)(20161123560045)(20161123562045)(20161123558120)(6072148)(201708071742011); SRVR:AM4PR0801MB1474; BCL:0; PCL:0; RULEID:; SRVR:AM4PR0801MB1474; x-forefront-prvs: 0576145E86 x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(396003)(376002)(39860400002)(366004)(39380400002)(346002)(189003)(40434004)(199004)(2900100001)(25786009)(6116002)(3846002)(7116003)(790700001)(2906002)(5660300001)(74316002)(33656002)(6916009)(7736002)(97736004)(55016002)(186003)(6436002)(53936002)(9686003)(6306002)(54896002)(5250100002)(106356001)(478600001)(221733001)(59450400001)(6506007)(7696005)(26005)(5890100001)(99286004)(86362001)(3480700004)(81166006)(102836004)(81156014)(8676002)(8936002)(3660700001)(14454004)(966005)(72206003)(3280700002)(105586002)(316002)(68736007)(66066001)(215093002); DIR:OUT; SFP:1101; SCL:1; SRVR:AM4PR0801MB1474; H:AM4PR0801MB2706.eurprd08.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en; received-spf: None (protection.outlook.com: arm.com does not designate permitted sender hosts) x-microsoft-antispam-message-info: GtrkBEue3MFuqxEV7GlBfBupwqZorlS6IUmKJRztvhkEO5Im7qPb4Q3NAimhWZHsEvZOmkOf5YOFIxZ084+0Uw== spamdiagnosticoutput: 1:99 spamdiagnosticmetadata: NSPM Content-Type: multipart/alternative; boundary="_000_AM4PR0801MB2706E520121559D478FB6D99FAFC0AM4PR0801MB2706_" MIME-Version: 1.0 X-OriginatorOrg: arm.com X-MS-Exchange-CrossTenant-Network-Message-Id: 6a67f750-50d4-4fe6-18f6-08d56e127c1e X-MS-Exchange-CrossTenant-originalarrivaltime: 07 Feb 2018 10:06:41.2825 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: f34e5979-57d9-4aaa-ad4d-b122a662184d X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM4PR0801MB1474 Archived-At: Subject: [OAUTH-WG] OSCORE X-BeenThere: oauth@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: OAUTH WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 07 Feb 2018 10:06:47 -0000 --_000_AM4PR0801MB2706E520121559D478FB6D99FAFC0AM4PR0801MB2706_ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Hi guys, You may be interested to hear that a group of people working on Internet of= Things security believe they have found a solution to deal with the challe= nges we had in protecting HTTP requests/responses. Here is the draft: https://tools.ietf.org/html/draft-ietf-core-object-secur= ity-07 (The draft is mostly focused on CoAP but it is supposed to be applicable al= so to HTTP.) Ciao Hannes IMPORTANT NOTICE: The contents of this email and any attachments are confid= ential and may also be privileged. If you are not the intended recipient, p= lease notify the sender immediately and do not disclose the contents to any= other person, use it for any purpose, or store or copy the information in = any medium. Thank you. --_000_AM4PR0801MB2706E520121559D478FB6D99FAFC0AM4PR0801MB2706_ Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable

Hi guys,

 

You may be interested to hear that a group of people= working on Internet of Things security believe they have found a solution = to deal with the challenges we had in protecting HTTP requests/responses.

 

Here is the draft: https://tools.ietf.org/html/draft= -ietf-core-object-security-07

(The draft is mostly focused on CoAP but it is suppo= sed to be applicable also to HTTP.)

 

Ciao
Hannes

IMPORTANT NOTICE: The contents of this email and any attachments are confid= ential and may also be privileged. If you are not the intended recipient, p= lease notify the sender immediately and do not disclose the contents to any= other person, use it for any purpose, or store or copy the information in any medium. Thank you. --_000_AM4PR0801MB2706E520121559D478FB6D99FAFC0AM4PR0801MB2706_-- From nobody Wed Feb 7 07:37:20 2018 Return-Path: X-Original-To: oauth@ietfa.amsl.com Delivered-To: oauth@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AAB5912D87E for ; Wed, 7 Feb 2018 07:37:14 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.815 X-Spam-Level: X-Spam-Status: No, score=-2.815 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, SUBJ_ALL_CAPS=1.506] autolearn=unavailable autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XhH8sHokF9wB for ; Wed, 7 Feb 2018 07:37:10 -0800 (PST) Received: from sesbmg22.ericsson.net (sesbmg22.ericsson.net [193.180.251.48]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 744FC12DA46 for ; Wed, 7 Feb 2018 07:37:07 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; d=ericsson.com; s=mailgw201801; c=relaxed/simple; q=dns/txt; i=@ericsson.com; t=1518017825; h=From:Sender:Reply-To:Subject:Date:Message-ID:To:CC:MIME-Version:Content-Type: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=O4YQdGdChWfQbDrCsGA0hX7FFndNDa5iioNFu7TGiWE=; b=LFOOIzCGXPBEQt20SCotUsfTxEAVpSN0W+62BErFOZAG+XlyhlIuynGGedOTq2QR v5ridXmYb1xlSMEq/Ehw7uDO2++ikIt2Je/gPX2hD8aPEfkVTJTercwYfMJGLxsI PPpqreXmpMuuBKV034BFYzdrA8tQRqfktpgoA7qHVus=; X-AuditID: c1b4fb30-799639c000004778-5c-5a7b1d20b687 Received: from ESESSHC012.ericsson.se (Unknown_Domain [153.88.183.54]) by sesbmg22.ericsson.net (Symantec Mail Security) with SMTP id 45.35.18296.02D1B7A5; Wed, 7 Feb 2018 16:37:05 +0100 (CET) Received: from ESESSMB107.ericsson.se ([169.254.7.108]) by ESESSHC012.ericsson.se ([153.88.183.54]) with mapi id 14.03.0352.000; Wed, 7 Feb 2018 16:37:04 +0100 From: =?utf-8?B?R8O2cmFuIFNlbGFuZGVy?= To: Hannes Tschofenig , "OAuth@ietf.org" CC: "draft-ietf-core-object-security@ietf.org" Thread-Topic: [OAUTH-WG] OSCORE Thread-Index: AQHToB1G/bi42x7glEW+yKQQZgyBfqOZAgKA Date: Wed, 7 Feb 2018 15:37:03 +0000 Message-ID: References: <35cc46fe-3453-e458-af55-a6acb2905e44@ri.se> In-Reply-To: <35cc46fe-3453-e458-af55-a6acb2905e44@ri.se> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: user-agent: Microsoft-MacOutlook/14.7.3.170325 x-originating-ip: [153.88.183.150] Content-Type: text/plain; charset="utf-8" Content-ID: <9A82467727DD824893C4FB4E8C967C67@ericsson.com> Content-Transfer-Encoding: base64 MIME-Version: 1.0 X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFlrCIsWRmVeSWpSXmKPExsUyM2K7ma6ibHWUwcN3zBbT/p1hsbg54xST xcm3r9gcmD3WzFvD6LFkyU+mAKYoLpuU1JzMstQifbsErozFK68yFbwSrpiwdiJ7A+MK4S5G Tg4JAROJ7wfnsHYxcnEICRxmlNi5aTs7hLOYUWLm1KPMIFVsAi4SDxoeMXUxcnCICIRJTGvU BwkzC0RLXJvXwARiCwtISRw4v5wVxBYRkJc4sv4hG4RtJDHhzz0WEJtFQEXiVMtRsBpeAQuJ 11evskDs6meUuHf2ODtIglPAUuLBgd1gexkFxCS+n1rDBLFMXOLWk/lMEFcLSCzZc54ZwhaV ePn4H9hQUQE9ib097WwQcSWJFdsvMYLczCygKbF+F9TN1hKb701ihbAVJaZ0P2SHuEdQ4uTM JywTGMVnIdk2C6F7FpLuWUi6ZyHpXsDIuopRtDi1OCk33chIL7UoM7m4OD9PLy+1ZBMjMO4O bvltsIPx5XPHQ4wCHIxKPLyFfNVRQqyJZcWVuYcYJTiYlUR43dmBQrwpiZVVqUX58UWlOanF hxilOViUxHlPevJGCQmkJ5akZqemFqQWwWSZODilGhg3BGWp665iLrb8717xw6Gr4CtHxdwH uxnrClbFRzJv987RK+Zd7iCvZFh+f4PHjR61H5vO+6yNOf5rXX/BHTvGPvFTp79P5nMNid30 fMbTdQdKch+6ceil9M9edc9DsH3x6Q1nKxlkt3g+LMqzX3H72O4Jn2cvK2rgkuV0VvwfEnhr zsp3S3uVWIozEg21mIuKEwGMr39FtwIAAA== Archived-At: Subject: [OAUTH-WG] OSCORE X-BeenThere: oauth@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: OAUTH WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 07 Feb 2018 15:37:15 -0000 DQpIaSBIYW5uZXMsIGFuZCBhbGwNCg0KVGhhbmtzIGZvciB0aGUgYW5ub3VuY2VtZW50Lg0KDQpU byBiZSBhIGxpdHRsZSBiaXQgbW9yZSBwcmVjaXNlLCB0aGUgc3RhdGVtZW50IGlzIHRoYXQgYSBD b0FQLW1hcHBhYmxlDQpIVFRQIG1lc3NhZ2UgY2FuIGJlIG1hcHBlZCB0byBDb0FQICh1c2luZyBS RkMgODA3NSksIHByb3RlY3RlZCB3aXRoIE9TQ09SRQ0KKGFzIHNwZWNpZmllZCBpbiB0aGUgcmVm ZXJlbmNlZCBkcmFmdCkgYW5kIHRyYW5zcG9ydGVkIHdpdGggSFRUUCAoYXMNCmV4ZW1wbGlmaWVk IGluIHRoZSByZWZlcmVuY2VkIGRyYWZ0KS4gVGhlIG1haW4gdXNlIGNhc2UgaXMgaW4gY29uanVu Y3Rpb24NCndpdGggYW4gSFRUUC1Db0FQIHRyYW5zbGF0aW9uYWwgcHJveHkgKFJGQyA4MDc1KSwg YW5kIHRoZSBtYXBwaW5nIHdvdWxkDQp3aXRoIHRoaXMgY29uc3RydWN0aW9uIHJlc3VsdCBpbiBh IENvQVAtbWFwcGFibGUgSFRUUCByZXF1ZXN0IGJlaW5nDQpwcm90ZWN0ZWQgYnkgYW4gSFRUUCBj bGllbnQgYW5kIHZlcmlmaWVkIGJ5IGEgQ29BUCBzZXJ2ZXIuDQoNClRoaXMgZnVuY3Rpb25hbGl0 eSB3YXMgcHJvcG9zZWQgYnkgT0NGIGZvciB0aGVpciBlbmQtdG8tZW5kIFJFU1QgdXNlDQpjYXNl cy4gSGFwcHkgdG8gaGVhciBhbnkgY29tbWVudHMgb24gdGhlIGNvbnN0cnVjdGlvbiBhcyBkZXNj cmliZWQgaW4gdGhlDQpkcmFmdC4NCg0KDQpOb3RlIHRoYXQgSGFubmVzIHJlZmVyZW5jZWQgdGhl IHdyb25nIHZlcnNpb24gb2YgdGhlIGRyYWZ0LCBoZXJlIGlzIHRoZQ0KbGF0ZXN0Og0KIA0KaHR0 cHM6Ly90b29scy5pZXRmLm9yZy9odG1sL2RyYWZ0LWlldGYtY29yZS1vYmplY3Qtc2VjdXJpdHkt MDgNCg0KDQpHw7ZyYW4NCg0KDQpPbiAyMDE4LTAyLTA3IDExOjA2LCBIYW5uZXMgVHNjaG9mZW5p ZyB3cm90ZToNCj4gSGkgZ3V5cywNCj4NCj4gWW91IG1heSBiZSBpbnRlcmVzdGVkIHRvIGhlYXIg dGhhdCBhIGdyb3VwIG9mIHBlb3BsZSB3b3JraW5nIG9uIEludGVybmV0DQo+IG9mIFRoaW5ncyBz ZWN1cml0eSBiZWxpZXZlIHRoZXkgaGF2ZSBmb3VuZCBhIHNvbHV0aW9uIHRvIGRlYWwgd2l0aCB0 aGUNCj4gY2hhbGxlbmdlcyB3ZSBoYWQgaW4gcHJvdGVjdGluZyBIVFRQIHJlcXVlc3RzL3Jlc3Bv bnNlcy4NCj4NCj4gSGVyZSBpcyB0aGUgZHJhZnQ6DQo+IGh0dHBzOi8vdG9vbHMuaWV0Zi5vcmcv aHRtbC9kcmFmdC1pZXRmLWNvcmUtb2JqZWN0LXNlY3VyaXR5LTA3DQo+DQo+IChUaGUgZHJhZnQg aXMgbW9zdGx5IGZvY3VzZWQgb24gQ29BUCBidXQgaXQgaXMgc3VwcG9zZWQgdG8gYmUgYXBwbGlj YWJsZQ0KPiBhbHNvIHRvIEhUVFAuKQ0KPg0KPiBDaWFvDQo+IEhhbm5lcw0KPg0KPiBJTVBPUlRB TlQgTk9USUNFOiBUaGUgY29udGVudHMgb2YgdGhpcyBlbWFpbCBhbmQgYW55IGF0dGFjaG1lbnRz IGFyZQ0KPiBjb25maWRlbnRpYWwgYW5kIG1heSBhbHNvIGJlIHByaXZpbGVnZWQuIElmIHlvdSBh cmUgbm90IHRoZSBpbnRlbmRlZA0KPiByZWNpcGllbnQsIHBsZWFzZSBub3RpZnkgdGhlIHNlbmRl ciBpbW1lZGlhdGVseSBhbmQgZG8gbm90IGRpc2Nsb3NlIHRoZQ0KPiBjb250ZW50cyB0byBhbnkg b3RoZXIgcGVyc29uLCB1c2UgaXQgZm9yIGFueSBwdXJwb3NlLCBvciBzdG9yZSBvciBjb3B5DQo+ IHRoZSBpbmZvcm1hdGlvbiBpbiBhbnkgbWVkaXVtLiBUaGFuayB5b3UuDQo+DQo+DQo+IF9fX19f X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fDQo+IE9BdXRoIG1haWxp bmcgbGlzdA0KPiBPQXV0aEBpZXRmLm9yZw0KPiBodHRwczovL3d3dy5pZXRmLm9yZy9tYWlsbWFu L2xpc3RpbmZvL29hdXRoDQo+DQoNCg0KDQoNCg== From nobody Wed Feb 7 07:47:55 2018 Return-Path: X-Original-To: oauth@ietfa.amsl.com Delivered-To: oauth@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9FCAB12D7F6; Wed, 7 Feb 2018 07:47:53 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.405 X-Spam-Level: X-Spam-Status: No, score=-1.405 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H5=-1, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, SUBJ_ALL_CAPS=1.506] autolearn=no autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MzWnVbCm-cIN; Wed, 7 Feb 2018 07:47:51 -0800 (PST) Received: from EUR01-VE1-obe.outbound.protection.outlook.com (mail-ve1eur01on0069.outbound.protection.outlook.com [104.47.1.69]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1BEE6126E3A; Wed, 7 Feb 2018 07:47:50 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector1-arm-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=kzHhZa6GzIDoPfLmmFNGQCp6tEhWDbK0Xsipoblbf/4=; b=Z/7LshQHrEu5BJdex331JzDksVYu0m/mqzd5xmkGnwXA1RiiCs0xJuVhWPM+6ba7gVdq7O5k/T/TcP2yg2Dgqdj0h+70y6G4HspChnTkxKWf5/JtsTnHrkao0mgtRfej2EbHLLUjtqjhcARlGpag+yNPsN8ss3jvgeYGl5S2BzY= Received: from AM4PR0801MB2706.eurprd08.prod.outlook.com (10.167.90.148) by AM4PR0801MB1425.eurprd08.prod.outlook.com (10.168.5.17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.464.11; Wed, 7 Feb 2018 15:47:47 +0000 Received: from AM4PR0801MB2706.eurprd08.prod.outlook.com ([fe80::b863:80d:692b:e64b]) by AM4PR0801MB2706.eurprd08.prod.outlook.com ([fe80::b863:80d:692b:e64b%14]) with mapi id 15.20.0485.009; Wed, 7 Feb 2018 15:47:47 +0000 From: Hannes Tschofenig To: =?utf-8?B?R8O2cmFuIFNlbGFuZGVy?= , "OAuth@ietf.org" CC: "draft-ietf-core-object-security@ietf.org" Thread-Topic: [OAUTH-WG] OSCORE Thread-Index: AdOf+vC9Bo7oOstGSpuGdOgV/ndnFaOZAgKAo5ii+kA= Date: Wed, 7 Feb 2018 15:47:47 +0000 Message-ID: References: <35cc46fe-3453-e458-af55-a6acb2905e44@ri.se> In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: spf=none (sender IP is ) smtp.mailfrom=Hannes.Tschofenig@arm.com; x-originating-ip: [88.214.160.174] x-ms-publictraffictype: Email x-microsoft-exchange-diagnostics: 1; AM4PR0801MB1425; 6:11hSzXdGkqrPR5+9VsjAIqAoPq0/nJORxNseiT5ffyUgug/cnNqR3/ymTaLGINO3zvZF18dhE8WVZjxBnwVkHCFfyxsFsQwH7TUn49OqxdXxoSCkUqFuRFDMnDWcOyq7CY9ggzvp1ReYRyzVkq7RZcJ8Jbi51/TC2WARL8NYE/EWdXKZ9GwkMrzrklbAye8TxGdfFcvdAFj/1u6MmHLLgNfy0PSBKri6/YsSftM3ZFzp1W1M0sGFlQo2s+7REP/aqeBkN/v9zn7h2uk80Ty7igFMItTeStUBnuEhGKmF5kz/QJLbkshkSwm9BLXLHrjahhdAg7umAIHZxPdJ1EWQqXQFTF0u7Fpk7TDOWOw8SPMnFPhyaf73TbCIU4EBM1Tn; 5:9hvqVeld5yvGoiDFP8ev/U54+FZzXkhVyq1toFKlDPIXOlfjXbrYrQzyHQJwF4QCYH2GOk6BzpoRvi+ZfWRJAHPAUQHbULnk3AnI8/wQp0oImsBVj4IQewnmLhjl6xo8cX40QkTQtLaW5H2ptySXIRDZaqJYivBvYHnsWsX97KE=; 24:OGC91wgJPGoFdTwZuIiBQXzRWBodBuz6g2alo1M+CVxkE23kPwChy1RCxngkJ+j0ZUjYUaOq4ejSgThUS3LiqkWJIF9sexc7WZfvKLl6pxk=; 7:Q7PlNbARxjyFLlE3asf+dP8KfJix9jCO8dP92Az1THV4D2DfSsi6XAq4nsFbvf1wTxREf9i8nPDNPhT6fnAWyl4igrj3R7X923hA2XkbaqaxhhAL2YMxT9Gy4n+D6lUspkC+GK5/YBxQ8IlbniEruwrLPLVF/qWrIk44rP7a1C/gqxcqgGUV+ANgN98jNyVgNpk1/9fc0ZHXdVotyN+dPEJ4iwF+FfiA+i+AxB2KP/OnpmJvWC/x1xYwG2LT2ngv x-ms-exchange-antispam-srfa-diagnostics: SSOS; x-ms-office365-filtering-ht: Tenant x-ms-office365-filtering-correlation-id: 02d47a02-a42d-4314-f9d0-08d56e4222f0 x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(48565401081)(4534165)(4627221)(201703031133081)(201702281549075)(5600026)(4604075)(3008032)(2017052603307)(7153060)(7193020); SRVR:AM4PR0801MB1425; x-ms-traffictypediagnostic: AM4PR0801MB1425: x-microsoft-antispam-prvs: x-exchange-antispam-report-test: UriScan:(37575265505322)(278428928389397)(192374486261705); x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(6040501)(2401047)(5005006)(8121501046)(3002001)(10201501046)(3231101)(2400082)(944501161)(93006095)(93001095)(6055026)(6041288)(20161123560045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123564045)(20161123562045)(20161123558120)(6072148)(201708071742011); SRVR:AM4PR0801MB1425; BCL:0; PCL:0; RULEID:; SRVR:AM4PR0801MB1425; x-forefront-prvs: 0576145E86 x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(346002)(39860400002)(396003)(366004)(39380400002)(376002)(13464003)(199004)(377424004)(40434004)(189003)(51914003)(3280700002)(81166006)(81156014)(229853002)(68736007)(8676002)(2501003)(5890100001)(9686003)(99286004)(55016002)(8936002)(2900100001)(186003)(97736004)(6436002)(6306002)(2950100002)(74316002)(305945005)(7736002)(106356001)(33656002)(110136005)(5250100002)(5660300001)(25786009)(66066001)(316002)(59450400001)(102836004)(966005)(86362001)(53546011)(6506007)(6116002)(72206003)(3846002)(26005)(76176011)(4326008)(478600001)(105586002)(2906002)(6246003)(53936002)(14454004)(7696005)(3660700001); DIR:OUT; SFP:1101; SCL:1; SRVR:AM4PR0801MB1425; H:AM4PR0801MB2706.eurprd08.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en; received-spf: None (protection.outlook.com: arm.com does not designate permitted sender hosts) x-microsoft-antispam-message-info: 8ytFDlqA+kpMeI9qbT5y2D0YOu8zS0bwpycT//uwbMiqp9jHCq1Q6Uj9Y/Mei7/ZXJxPtq3UadOiam3KXgRIcA== spamdiagnosticoutput: 1:99 spamdiagnosticmetadata: NSPM Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 MIME-Version: 1.0 X-OriginatorOrg: arm.com X-MS-Exchange-CrossTenant-Network-Message-Id: 02d47a02-a42d-4314-f9d0-08d56e4222f0 X-MS-Exchange-CrossTenant-originalarrivaltime: 07 Feb 2018 15:47:47.4658 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: f34e5979-57d9-4aaa-ad4d-b122a662184d X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM4PR0801MB1425 Archived-At: Subject: Re: [OAUTH-WG] OSCORE X-BeenThere: oauth@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: OAUTH WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 07 Feb 2018 15:47:54 -0000 SGkgR8O2cmFuLA0KDQpNYXliZSB5b3UgY2FuIHRoZW4gYW5zd2VyIHRoZSBxdWVzdGlvbiB3aGV0 aGVyIHRoaXMgaXMgdXNlZnVsIC8gYXBwbGljYWJsZSB0byBhIEhUVFAuIEFza2VkIGRpZmZlcmVu dGx5LCB1bmRlciB3aGF0IGNvbmRpdGlvbnMgZG9lcyB0aGUgT1NDT1JFIG5vdCB3b3JrIGZvciBI VFRQLiBUaGlzIHdvdWxkIGhlbHAgdGhlIGZvbGtzIGluIHRoZSBncm91cCwgaW5jbHVkaW5nIG1l LCB0byBkZXRlcm1pbmUgd2hldGhlciB0aGlzIGFjdHVhbGx5IHNvbWV0aGluZyB3ZSBzaG91bGQg YmUgbG9va2luZyBpbnRvIGF0IGFsbC4gTm90ZSB0aGF0IHR5cGljYWwgYXBwbGljYXRpb25zIHRo YXQgdXNlIE9BdXRoIGRvIG5vdCB1c2UgQ29BUCAtLSBvbmx5IEhUVFAuDQoNCkluIE9BdXRoIHdl IGhhZCBmb3Igc2V2ZXJhbCB5ZWFycyB0cmllZCB0byBnZXQgSFRUUCBtZXNzYWdlIHByb3RlY3Rp b24gd29ya2luZyBhbmQgd2UgaGF2ZSwgdW5mb3J0dW5hdGVseSwgZmFpbGVkIHRvIGZpbmQgYSBz dWl0YWJsZSBzb2x1dGlvbi4NCg0KQ2lhbw0KSGFubmVzDQoNCg0KLS0tLS1PcmlnaW5hbCBNZXNz YWdlLS0tLS0NCkZyb206IEfDtnJhbiBTZWxhbmRlciBbbWFpbHRvOmdvcmFuLnNlbGFuZGVyQGVy aWNzc29uLmNvbV0NClNlbnQ6IDA3IEZlYnJ1YXJ5IDIwMTggMTU6MzcNClRvOiBIYW5uZXMgVHNj aG9mZW5pZzsgT0F1dGhAaWV0Zi5vcmcNCkNjOiBkcmFmdC1pZXRmLWNvcmUtb2JqZWN0LXNlY3Vy aXR5QGlldGYub3JnDQpTdWJqZWN0OiBbT0FVVEgtV0ddIE9TQ09SRQ0KDQoNCkhpIEhhbm5lcywg YW5kIGFsbA0KDQpUaGFua3MgZm9yIHRoZSBhbm5vdW5jZW1lbnQuDQoNClRvIGJlIGEgbGl0dGxl IGJpdCBtb3JlIHByZWNpc2UsIHRoZSBzdGF0ZW1lbnQgaXMgdGhhdCBhIENvQVAtbWFwcGFibGUg SFRUUCBtZXNzYWdlIGNhbiBiZSBtYXBwZWQgdG8gQ29BUCAodXNpbmcgUkZDIDgwNzUpLCBwcm90 ZWN0ZWQgd2l0aCBPU0NPUkUgKGFzIHNwZWNpZmllZCBpbiB0aGUgcmVmZXJlbmNlZCBkcmFmdCkg YW5kIHRyYW5zcG9ydGVkIHdpdGggSFRUUCAoYXMgZXhlbXBsaWZpZWQgaW4gdGhlIHJlZmVyZW5j ZWQgZHJhZnQpLiBUaGUgbWFpbiB1c2UgY2FzZSBpcyBpbiBjb25qdW5jdGlvbiB3aXRoIGFuIEhU VFAtQ29BUCB0cmFuc2xhdGlvbmFsIHByb3h5IChSRkMgODA3NSksIGFuZCB0aGUgbWFwcGluZyB3 b3VsZCB3aXRoIHRoaXMgY29uc3RydWN0aW9uIHJlc3VsdCBpbiBhIENvQVAtbWFwcGFibGUgSFRU UCByZXF1ZXN0IGJlaW5nIHByb3RlY3RlZCBieSBhbiBIVFRQIGNsaWVudCBhbmQgdmVyaWZpZWQg YnkgYSBDb0FQIHNlcnZlci4NCg0KVGhpcyBmdW5jdGlvbmFsaXR5IHdhcyBwcm9wb3NlZCBieSBP Q0YgZm9yIHRoZWlyIGVuZC10by1lbmQgUkVTVCB1c2UgY2FzZXMuIEhhcHB5IHRvIGhlYXIgYW55 IGNvbW1lbnRzIG9uIHRoZSBjb25zdHJ1Y3Rpb24gYXMgZGVzY3JpYmVkIGluIHRoZSBkcmFmdC4N Cg0KDQpOb3RlIHRoYXQgSGFubmVzIHJlZmVyZW5jZWQgdGhlIHdyb25nIHZlcnNpb24gb2YgdGhl IGRyYWZ0LCBoZXJlIGlzIHRoZQ0KbGF0ZXN0Og0KDQpodHRwczovL3Rvb2xzLmlldGYub3JnL2h0 bWwvZHJhZnQtaWV0Zi1jb3JlLW9iamVjdC1zZWN1cml0eS0wOA0KDQoNCkfDtnJhbg0KDQoNCk9u IDIwMTgtMDItMDcgMTE6MDYsIEhhbm5lcyBUc2Nob2ZlbmlnIHdyb3RlOg0KPiBIaSBndXlzLA0K Pg0KPiBZb3UgbWF5IGJlIGludGVyZXN0ZWQgdG8gaGVhciB0aGF0IGEgZ3JvdXAgb2YgcGVvcGxl IHdvcmtpbmcgb24NCj4gSW50ZXJuZXQgb2YgVGhpbmdzIHNlY3VyaXR5IGJlbGlldmUgdGhleSBo YXZlIGZvdW5kIGEgc29sdXRpb24gdG8gZGVhbA0KPiB3aXRoIHRoZSBjaGFsbGVuZ2VzIHdlIGhh ZCBpbiBwcm90ZWN0aW5nIEhUVFAgcmVxdWVzdHMvcmVzcG9uc2VzLg0KPg0KPiBIZXJlIGlzIHRo ZSBkcmFmdDoNCj4gaHR0cHM6Ly90b29scy5pZXRmLm9yZy9odG1sL2RyYWZ0LWlldGYtY29yZS1v YmplY3Qtc2VjdXJpdHktMDcNCj4NCj4gKFRoZSBkcmFmdCBpcyBtb3N0bHkgZm9jdXNlZCBvbiBD b0FQIGJ1dCBpdCBpcyBzdXBwb3NlZCB0byBiZQ0KPiBhcHBsaWNhYmxlIGFsc28gdG8gSFRUUC4p DQo+DQo+IENpYW8NCj4gSGFubmVzDQo+DQo+IElNUE9SVEFOVCBOT1RJQ0U6IFRoZSBjb250ZW50 cyBvZiB0aGlzIGVtYWlsIGFuZCBhbnkgYXR0YWNobWVudHMgYXJlDQo+IGNvbmZpZGVudGlhbCBh bmQgbWF5IGFsc28gYmUgcHJpdmlsZWdlZC4gSWYgeW91IGFyZSBub3QgdGhlIGludGVuZGVkDQo+ IHJlY2lwaWVudCwgcGxlYXNlIG5vdGlmeSB0aGUgc2VuZGVyIGltbWVkaWF0ZWx5IGFuZCBkbyBu b3QgZGlzY2xvc2UNCj4gdGhlIGNvbnRlbnRzIHRvIGFueSBvdGhlciBwZXJzb24sIHVzZSBpdCBm b3IgYW55IHB1cnBvc2UsIG9yIHN0b3JlIG9yDQo+IGNvcHkgdGhlIGluZm9ybWF0aW9uIGluIGFu eSBtZWRpdW0uIFRoYW5rIHlvdS4NCj4NCj4NCj4gX19fX19fX19fX19fX19fX19fX19fX19fX19f X19fX19fX19fX19fX19fX19fX18NCj4gT0F1dGggbWFpbGluZyBsaXN0DQo+IE9BdXRoQGlldGYu b3JnDQo+IGh0dHBzOi8vd3d3LmlldGYub3JnL21haWxtYW4vbGlzdGluZm8vb2F1dGgNCj4NCg0K DQoNCg0KSU1QT1JUQU5UIE5PVElDRTogVGhlIGNvbnRlbnRzIG9mIHRoaXMgZW1haWwgYW5kIGFu eSBhdHRhY2htZW50cyBhcmUgY29uZmlkZW50aWFsIGFuZCBtYXkgYWxzbyBiZSBwcml2aWxlZ2Vk LiBJZiB5b3UgYXJlIG5vdCB0aGUgaW50ZW5kZWQgcmVjaXBpZW50LCBwbGVhc2Ugbm90aWZ5IHRo ZSBzZW5kZXIgaW1tZWRpYXRlbHkgYW5kIGRvIG5vdCBkaXNjbG9zZSB0aGUgY29udGVudHMgdG8g YW55IG90aGVyIHBlcnNvbiwgdXNlIGl0IGZvciBhbnkgcHVycG9zZSwgb3Igc3RvcmUgb3IgY29w eSB0aGUgaW5mb3JtYXRpb24gaW4gYW55IG1lZGl1bS4gVGhhbmsgeW91Lg0K From nobody Wed Feb 7 08:00:52 2018 Return-Path: X-Original-To: oauth@ietfa.amsl.com Delivered-To: oauth@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 36FBE1243FE for ; Wed, 7 Feb 2018 08:00:51 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.815 X-Spam-Level: X-Spam-Status: No, score=-2.815 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, SUBJ_ALL_CAPS=1.506] autolearn=unavailable autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6Am3iURso6QF for ; Wed, 7 Feb 2018 08:00:49 -0800 (PST) Received: from sessmg22.ericsson.net (sessmg22.ericsson.net [193.180.251.58]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0E2E51201F8 for ; Wed, 7 Feb 2018 08:00:47 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; d=ericsson.com; s=mailgw201801; c=relaxed/simple; q=dns/txt; i=@ericsson.com; t=1518019245; h=From:Sender:Reply-To:Subject:Date:Message-ID:To:CC:MIME-Version:Content-Type: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=ytjY7qncmON8Y0P2IKeH/YV1kgqrPfcKC8ok7y8oP7A=; b=NS53EOrWJstYY8gGmt/2s4SVcsNan7ClMZfHGLvpj7dDK05F2lOQirSep9ZVTfWu BOH6qtbuoUsUlaTM2e7p+V7yujz8+uIonrbC2xAlYNgEFq8nuJdxr2zNMBmkiB36 alsIv515tDI9V2PiB4WorglqtYyQ82c9Lvw/CVD5/fE=; X-AuditID: c1b4fb3a-347ff700000067b4-fc-5a7b22adc7f0 Received: from ESESSHC015.ericsson.se (Unknown_Domain [153.88.183.63]) by sessmg22.ericsson.net (Symantec Mail Security) with SMTP id BC.E8.26548.DA22B7A5; Wed, 7 Feb 2018 17:00:45 +0100 (CET) Received: from ESESSMB107.ericsson.se ([169.254.7.108]) by ESESSHC015.ericsson.se ([153.88.183.63]) with mapi id 14.03.0352.000; Wed, 7 Feb 2018 17:00:01 +0100 From: =?utf-8?B?R8O2cmFuIFNlbGFuZGVy?= To: Hannes Tschofenig , "OAuth@ietf.org" , Dave Thaler CC: "draft-ietf-core-object-security@ietf.org" Thread-Topic: [OAUTH-WG] OSCORE Thread-Index: AQHToB1G/bi42x7glEW+yKQQZgyBfqOZAgKAgAADAICAAANpAA== Date: Wed, 7 Feb 2018 16:00:00 +0000 Message-ID: References: <35cc46fe-3453-e458-af55-a6acb2905e44@ri.se> In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: user-agent: Microsoft-MacOutlook/14.7.3.170325 x-originating-ip: [153.88.183.150] Content-Type: text/plain; charset="utf-8" Content-ID: <011B6F565F703C4FA2013B397F75B042@ericsson.com> Content-Transfer-Encoding: base64 MIME-Version: 1.0 X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFlrLIsWRmVeSWpSXmKPExsUyM2K7ve5apeoog54PmhbT/p1hsbi04gir xc0Zp5gsTr59xebA4rFm3hpGjyVLfjJ5tO74yx7AHMVlk5Kak1mWWqRvl8CV8XTbX8aCVyoV 94/eY2tg/KDcxcjJISFgIvF6+im2LkYuDiGBw4wS9ybOYIZwFjNKrHp2kR2kik3AReJBwyMm EFtEoFri8puvjCA2s0C0xLV5DUBxDg5hATmJRb2RECXyEkfWP2SDsJ0kDk1+ygZSwiKgInHp mRxImFfAQmL7qSlQq6YySayefABsPKdAosT805NYQWxGATGJ76fWMEGsEpe49WQ+E8TRAhJL 9pxnhrBFJV4+/gdWLyqgJ7G3p50NIq4ksWL7JUaQvcwCmhLrd+lDjLGW+Hf/MTuErSgxpfsh O8Q9ghInZz5hmcAoPgvJtlkI3bOQdM9C0j0LSfcCRtZVjKLFqcXFuelGRnqpRZnJxcX5eXp5 qSWbGIGReHDLb6sdjAefOx5iFOBgVOLhNQRGqBBrYllxZe4hRgkOZiURXnd2oBBvSmJlVWpR fnxRaU5q8SFGaQ4WJXFepzSLKCGB9MSS1OzU1ILUIpgsEwenVANj0fF/u6YIHXykVhjZrqBa eXFyqM+VnYaNbDOiSjbzlS1mrLzqm1h3/MSNVQaZXk/uLTZ2OzLt3tn0SLFaxUXbzvQc93O4 8/KCVI80R+rBDt9be79M2rqgPb/E6UxAbmfzFVb2oD8+vufif/xfamj8ZVVf0Yb7u7Yc/Lth amPb5HZf0WPXl5wIVGIpzkg01GIuKk4EAOyhZgTAAgAA Archived-At: Subject: Re: [OAUTH-WG] OSCORE X-BeenThere: oauth@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: OAUTH WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 07 Feb 2018 16:00:51 -0000 SGkgSGFubmVzLA0KDQpJbmNsdWRpbmcgRGF2ZSB3aG8gbWF5IHdhbnQgdG8gcHJvdmlkZSBzb21l IGJhY2tncm91bmQgdG8gdGhlIHVzZSBjYXNlLg0KDQpBcyBJIHNhaWQsIHRoaXMgd2FzIGEgcHJv cG9zZWQgY29uc3RydWN0aW9uIGFuZCB3YXMgc3RyYWlnaHRmb3J3YXJkIHRvDQppbmNsdWRlIGlu IHRoZSBkcmFmdC4gSeKAmW0gbm90IHRoZSByaWdodCBwZXJzb24gdG8gYW5zd2VyIHdoZXRoZXIg dGhpcyBpcw0KdXNlZnVsIGZvciBPQXV0aCwgYnV0IEnigJltIGludGVyZXN0ZWQgaW4gdGhlIGFu c3dlci4NCg0KR8O2cmFuDQoNCg0KT24gMjAxOC0wMi0wNyAxNTo0NywgIkhhbm5lcyBUc2Nob2Zl bmlnIiA8SGFubmVzLlRzY2hvZmVuaWdAYXJtLmNvbT4gd3JvdGU6DQoNCj5IaSBHw7ZyYW4sDQo+ DQo+TWF5YmUgeW91IGNhbiB0aGVuIGFuc3dlciB0aGUgcXVlc3Rpb24gd2hldGhlciB0aGlzIGlz IHVzZWZ1bCAvDQo+YXBwbGljYWJsZSB0byBhIEhUVFAuIEFza2VkIGRpZmZlcmVudGx5LCB1bmRl ciB3aGF0IGNvbmRpdGlvbnMgZG9lcyB0aGUNCj5PU0NPUkUgbm90IHdvcmsgZm9yIEhUVFAuIFRo aXMgd291bGQgaGVscCB0aGUgZm9sa3MgaW4gdGhlIGdyb3VwLA0KPmluY2x1ZGluZyBtZSwgdG8g ZGV0ZXJtaW5lIHdoZXRoZXIgdGhpcyBhY3R1YWxseSBzb21ldGhpbmcgd2Ugc2hvdWxkIGJlDQo+ bG9va2luZyBpbnRvIGF0IGFsbC4gTm90ZSB0aGF0IHR5cGljYWwgYXBwbGljYXRpb25zIHRoYXQg dXNlIE9BdXRoIGRvIG5vdA0KPnVzZSBDb0FQIC0tIG9ubHkgSFRUUC4NCj4NCj5JbiBPQXV0aCB3 ZSBoYWQgZm9yIHNldmVyYWwgeWVhcnMgdHJpZWQgdG8gZ2V0IEhUVFAgbWVzc2FnZSBwcm90ZWN0 aW9uDQo+d29ya2luZyBhbmQgd2UgaGF2ZSwgdW5mb3J0dW5hdGVseSwgZmFpbGVkIHRvIGZpbmQg YSBzdWl0YWJsZSBzb2x1dGlvbi4NCj4NCj5DaWFvDQo+SGFubmVzDQo+DQo+DQo+LS0tLS1Pcmln aW5hbCBNZXNzYWdlLS0tLS0NCj5Gcm9tOiBHw7ZyYW4gU2VsYW5kZXIgW21haWx0bzpnb3Jhbi5z ZWxhbmRlckBlcmljc3Nvbi5jb21dDQo+U2VudDogMDcgRmVicnVhcnkgMjAxOCAxNTozNw0KPlRv OiBIYW5uZXMgVHNjaG9mZW5pZzsgT0F1dGhAaWV0Zi5vcmcNCj5DYzogZHJhZnQtaWV0Zi1jb3Jl LW9iamVjdC1zZWN1cml0eUBpZXRmLm9yZw0KPlN1YmplY3Q6IFtPQVVUSC1XR10gT1NDT1JFDQo+ DQo+DQo+SGkgSGFubmVzLCBhbmQgYWxsDQo+DQo+VGhhbmtzIGZvciB0aGUgYW5ub3VuY2VtZW50 Lg0KPg0KPlRvIGJlIGEgbGl0dGxlIGJpdCBtb3JlIHByZWNpc2UsIHRoZSBzdGF0ZW1lbnQgaXMg dGhhdCBhIENvQVAtbWFwcGFibGUNCj5IVFRQIG1lc3NhZ2UgY2FuIGJlIG1hcHBlZCB0byBDb0FQ ICh1c2luZyBSRkMgODA3NSksIHByb3RlY3RlZCB3aXRoDQo+T1NDT1JFIChhcyBzcGVjaWZpZWQg aW4gdGhlIHJlZmVyZW5jZWQgZHJhZnQpIGFuZCB0cmFuc3BvcnRlZCB3aXRoIEhUVFANCj4oYXMg ZXhlbXBsaWZpZWQgaW4gdGhlIHJlZmVyZW5jZWQgZHJhZnQpLiBUaGUgbWFpbiB1c2UgY2FzZSBp cyBpbg0KPmNvbmp1bmN0aW9uIHdpdGggYW4gSFRUUC1Db0FQIHRyYW5zbGF0aW9uYWwgcHJveHkg KFJGQyA4MDc1KSwgYW5kIHRoZQ0KPm1hcHBpbmcgd291bGQgd2l0aCB0aGlzIGNvbnN0cnVjdGlv biByZXN1bHQgaW4gYSBDb0FQLW1hcHBhYmxlIEhUVFANCj5yZXF1ZXN0IGJlaW5nIHByb3RlY3Rl ZCBieSBhbiBIVFRQIGNsaWVudCBhbmQgdmVyaWZpZWQgYnkgYSBDb0FQIHNlcnZlci4NCj4NCj5U aGlzIGZ1bmN0aW9uYWxpdHkgd2FzIHByb3Bvc2VkIGJ5IE9DRiBmb3IgdGhlaXIgZW5kLXRvLWVu ZCBSRVNUIHVzZQ0KPmNhc2VzLiBIYXBweSB0byBoZWFyIGFueSBjb21tZW50cyBvbiB0aGUgY29u c3RydWN0aW9uIGFzIGRlc2NyaWJlZCBpbiB0aGUNCj5kcmFmdC4NCj4NCj4NCj5Ob3RlIHRoYXQg SGFubmVzIHJlZmVyZW5jZWQgdGhlIHdyb25nIHZlcnNpb24gb2YgdGhlIGRyYWZ0LCBoZXJlIGlz IHRoZQ0KPmxhdGVzdDoNCj4NCj5odHRwczovL3Rvb2xzLmlldGYub3JnL2h0bWwvZHJhZnQtaWV0 Zi1jb3JlLW9iamVjdC1zZWN1cml0eS0wOA0KPg0KPg0KPkfDtnJhbg0KPg0KPg0KPk9uIDIwMTgt MDItMDcgMTE6MDYsIEhhbm5lcyBUc2Nob2ZlbmlnIHdyb3RlOg0KPj4gSGkgZ3V5cywNCj4+DQo+ PiBZb3UgbWF5IGJlIGludGVyZXN0ZWQgdG8gaGVhciB0aGF0IGEgZ3JvdXAgb2YgcGVvcGxlIHdv cmtpbmcgb24NCj4+IEludGVybmV0IG9mIFRoaW5ncyBzZWN1cml0eSBiZWxpZXZlIHRoZXkgaGF2 ZSBmb3VuZCBhIHNvbHV0aW9uIHRvIGRlYWwNCj4+IHdpdGggdGhlIGNoYWxsZW5nZXMgd2UgaGFk IGluIHByb3RlY3RpbmcgSFRUUCByZXF1ZXN0cy9yZXNwb25zZXMuDQo+Pg0KPj4gSGVyZSBpcyB0 aGUgZHJhZnQ6DQo+PiBodHRwczovL3Rvb2xzLmlldGYub3JnL2h0bWwvZHJhZnQtaWV0Zi1jb3Jl LW9iamVjdC1zZWN1cml0eS0wNw0KPj4NCj4+IChUaGUgZHJhZnQgaXMgbW9zdGx5IGZvY3VzZWQg b24gQ29BUCBidXQgaXQgaXMgc3VwcG9zZWQgdG8gYmUNCj4+IGFwcGxpY2FibGUgYWxzbyB0byBI VFRQLikNCj4+DQo+PiBDaWFvDQo+PiBIYW5uZXMNCj4+DQo+PiBJTVBPUlRBTlQgTk9USUNFOiBU aGUgY29udGVudHMgb2YgdGhpcyBlbWFpbCBhbmQgYW55IGF0dGFjaG1lbnRzIGFyZQ0KPj4gY29u ZmlkZW50aWFsIGFuZCBtYXkgYWxzbyBiZSBwcml2aWxlZ2VkLiBJZiB5b3UgYXJlIG5vdCB0aGUg aW50ZW5kZWQNCj4+IHJlY2lwaWVudCwgcGxlYXNlIG5vdGlmeSB0aGUgc2VuZGVyIGltbWVkaWF0 ZWx5IGFuZCBkbyBub3QgZGlzY2xvc2UNCj4+IHRoZSBjb250ZW50cyB0byBhbnkgb3RoZXIgcGVy c29uLCB1c2UgaXQgZm9yIGFueSBwdXJwb3NlLCBvciBzdG9yZSBvcg0KPj4gY29weSB0aGUgaW5m b3JtYXRpb24gaW4gYW55IG1lZGl1bS4gVGhhbmsgeW91Lg0KPj4NCj4+DQo+PiBfX19fX19fX19f X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fXw0KPj4gT0F1dGggbWFpbGluZyBs aXN0DQo+PiBPQXV0aEBpZXRmLm9yZw0KPj4gaHR0cHM6Ly93d3cuaWV0Zi5vcmcvbWFpbG1hbi9s aXN0aW5mby9vYXV0aA0KPj4NCj4NCj4NCj4NCj4NCj5JTVBPUlRBTlQgTk9USUNFOiBUaGUgY29u dGVudHMgb2YgdGhpcyBlbWFpbCBhbmQgYW55IGF0dGFjaG1lbnRzIGFyZQ0KPmNvbmZpZGVudGlh bCBhbmQgbWF5IGFsc28gYmUgcHJpdmlsZWdlZC4gSWYgeW91IGFyZSBub3QgdGhlIGludGVuZGVk DQo+cmVjaXBpZW50LCBwbGVhc2Ugbm90aWZ5IHRoZSBzZW5kZXIgaW1tZWRpYXRlbHkgYW5kIGRv IG5vdCBkaXNjbG9zZSB0aGUNCj5jb250ZW50cyB0byBhbnkgb3RoZXIgcGVyc29uLCB1c2UgaXQg Zm9yIGFueSBwdXJwb3NlLCBvciBzdG9yZSBvciBjb3B5DQo+dGhlIGluZm9ybWF0aW9uIGluIGFu eSBtZWRpdW0uIFRoYW5rIHlvdS4NCg0K From nobody Wed Feb 7 09:26:49 2018 Return-Path: X-Original-To: oauth@ietfa.amsl.com Delivered-To: oauth@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 76C7712D867; Wed, 7 Feb 2018 09:26:46 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -0.515 X-Spam-Level: X-Spam-Status: No, score=-0.515 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, SUBJ_ALL_CAPS=1.506] autolearn=no autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6U77zn3t1z0B; Wed, 7 Feb 2018 09:26:44 -0800 (PST) Received: from NAM01-SN1-obe.outbound.protection.outlook.com (mail-sn1nam01on0095.outbound.protection.outlook.com [104.47.32.95]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 023DD1270A3; Wed, 7 Feb 2018 09:26:43 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=9QCfMiV/eEpYd7tI5vy495TCm1331uRDxtpcdUWD1tQ=; b=WHQq6Q2FUvu98PvlGy/QPlicqxwzIiUG2U8aEsPHqgE9763VEpXtfSBn09gxLvvNQVfSJKlYh4biVFD9o8P5VMFMcSrU2Lm2YSmRDWZf3YySYinO6EmKM1JgVd5hLdMlw+eVcSvaq88y3PL6c0K4AFhKuoK080ymG9HExmwWxTo= Received: from CY4PR21MB0856.namprd21.prod.outlook.com (10.173.192.145) by CY4PR21MB0791.namprd21.prod.outlook.com (10.175.121.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.506.3; Wed, 7 Feb 2018 17:26:41 +0000 Received: from CY4PR21MB0856.namprd21.prod.outlook.com ([fe80::a5aa:5aa0:e32d:9321]) by CY4PR21MB0856.namprd21.prod.outlook.com ([fe80::a5aa:5aa0:e32d:9321%3]) with mapi id 15.20.0506.007; Wed, 7 Feb 2018 17:26:41 +0000 From: Dave Thaler To: =?utf-8?B?R8O2cmFuIFNlbGFuZGVy?= , Hannes Tschofenig , "OAuth@ietf.org" CC: "draft-ietf-core-object-security@ietf.org" Thread-Topic: [OAUTH-WG] OSCORE Thread-Index: AQHToB1G/bi42x7glEW+yKQQZgyBfqOZAgKAgAADAICAAANpAIAAJ3cg Date: Wed, 7 Feb 2018 17:26:41 +0000 Message-ID: References: <35cc46fe-3453-e458-af55-a6acb2905e44@ri.se> In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: msip_labels: MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Enabled=True; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SiteId=72f988bf-86f1-41af-91ab-2d7cd011db47; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Owner=dthaler@ntdev.microsoft.com; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SetDate=2018-02-07T17:26:42.2465029Z; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Name=General; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Application=Microsoft Azure Information Protection; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Extended_MSFT_Method=Automatic; Sensitivity=General x-originating-ip: [73.254.202.27] x-ms-publictraffictype: Email x-microsoft-exchange-diagnostics: 1; CY4PR21MB0791; 7:mxnWtYsV2V01qydnqsJd8KFZYJ8E07pxsp8yF0beDvv7Sb4nXgDE/qEh0/agQ3MP8ZnLiL9PsolsbqWvRJBlQmdUAyFM3gXEvNTGAO17q990MCxj+0DI35OoflgSiyXNH3Dv4D4W9+iR6il8rzto9OmDwe1SnLAnBH1d03OqVw3X+9V1IrsMyUv3dJcozRQxsc4nZ/suYrKbypWqwSZWy2t6MRS6jproc7uokRdvxwTO7H2dyux+etw4/4ICvLvy x-ms-exchange-antispam-srfa-diagnostics: SSOS; x-ms-office365-filtering-ht: Tenant x-ms-office365-filtering-correlation-id: 4aafd44c-0e31-4a55-1ec4-08d56e4ff404 x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(4534165)(4627221)(201703031133081)(201702281549075)(48565401081)(5600026)(4604075)(3008032)(2017052603307)(7193020); SRVR:CY4PR21MB0791; x-ms-traffictypediagnostic: CY4PR21MB0791: x-ld-processed: 72f988bf-86f1-41af-91ab-2d7cd011db47,ExtAddr x-microsoft-antispam-prvs: x-exchange-antispam-report-test: UriScan:(37575265505322)(28532068793085)(180628864354917)(278428928389397)(89211679590171)(192374486261705)(189930954265078)(219752817060721); x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(61425038)(6040501)(2401047)(8121501046)(5005006)(93006095)(93001095)(3002001)(10201501046)(3231101)(2400082)(944501161)(6055026)(61426038)(61427038)(6041288)(20161123558120)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123564045)(20161123560045)(20161123562045)(6072148)(201708071742011); SRVR:CY4PR21MB0791; BCL:0; PCL:0; RULEID:; SRVR:CY4PR21MB0791; x-forefront-prvs: 0576145E86 x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(396003)(39380400002)(346002)(366004)(39860400002)(376002)(189003)(199004)(51914003)(377424004)(13464003)(966005)(7736002)(3280700002)(478600001)(8990500004)(105586002)(93886005)(66066001)(10090500001)(10290500003)(2900100001)(106356001)(6116002)(575784001)(7696005)(86362001)(8676002)(53546011)(110136005)(6506007)(99286004)(33656002)(3846002)(26005)(76176011)(3660700001)(74316002)(59450400001)(8936002)(81166006)(6346003)(102836004)(81156014)(186003)(5250100002)(2501003)(5660300001)(316002)(22452003)(2950100002)(14454004)(25786009)(5890100001)(4326008)(97736004)(68736007)(2906002)(6436002)(6246003)(229853002)(55016002)(86612001)(6306002)(305945005)(53936002)(9686003); DIR:OUT; SFP:1102; SCL:1; SRVR:CY4PR21MB0791; H:CY4PR21MB0856.namprd21.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en; received-spf: None (protection.outlook.com: microsoft.com does not designate permitted sender hosts) authentication-results: spf=none (sender IP is ) smtp.mailfrom=dthaler@microsoft.com; x-microsoft-antispam-message-info: wUCMIdKF3vtRrp6sntFq2K2bvXV9TMK69eHOpZpM/5/BM9kwvThi1Kz44jVbK0ZgKF7LEYVI/+ry7vZ2b1/kjg== spamdiagnosticoutput: 1:99 spamdiagnosticmetadata: NSPM Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 MIME-Version: 1.0 X-OriginatorOrg: microsoft.com X-MS-Exchange-CrossTenant-Network-Message-Id: 4aafd44c-0e31-4a55-1ec4-08d56e4ff404 X-MS-Exchange-CrossTenant-originalarrivaltime: 07 Feb 2018 17:26:41.6384 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47 X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR21MB0791 Archived-At: Subject: Re: [OAUTH-WG] OSCORE X-BeenThere: oauth@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: OAUTH WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 07 Feb 2018 17:26:46 -0000 QXMgR8O2cmFuIHNhaWQsIHllcyB0aGUgb3JpZ2luYWwgcmF0aW9uYWxlIHdhcyBlbmQtdG8tZW5k IGNvbW11bmljYXRpb24gdGhyb3VnaCBwcm94aWVzIHdoZXJlIGVhY2ggbGVnIG1pZ2h0IGJlIENv QVAgb3IgbWlnaHQgYmUgSFRUUCwNCnRoZSBtb3N0IGNvbW1vbiBjYXNlIGJlaW5nIGEgc2luZ2xl IENPQVAtdG8tSFRUUCBvciBIVFRQLXRvLUNPQVAgcHJveHkuICAgRm9yIHRoZSBzdWJzZXQgb2Yg SFRUUCB0aGF0IGlzIG1hcHBhYmxlIHRvIENvQVANCihpLmUuLCBzaW1wbGUgUkVTVGZ1bCBjYWxs cyksIEknbSBub3QgYXdhcmUgb2YgYW55IHJlYXNvbiBpdCB3b3VsZG4ndCB3b3JrIHdpdGggYSBz aW1wbGUgSFRUUCBwcm94eSB3aGVyZSBhbGwgbGVncyBhcmUgSFRUUC4NCkl0IHdvdWxkIGJlIGdv b2QgaWYgc29tZW9uZSBjb3VsZCB0cnkgdGhhdCBhbmQgdmVyaWZ5IGl0IHRob3VnaC4uLiBtYXli ZSBhIGhhY2thdGhvbiBwcm9qZWN0Lg0KDQotLS0tLU9yaWdpbmFsIE1lc3NhZ2UtLS0tLQ0KRnJv bTogR8O2cmFuIFNlbGFuZGVyIFttYWlsdG86Z29yYW4uc2VsYW5kZXJAZXJpY3Nzb24uY29tXSAN ClNlbnQ6IFdlZG5lc2RheSwgRmVicnVhcnkgNywgMjAxOCA4OjAwIEFNDQpUbzogSGFubmVzIFRz Y2hvZmVuaWcgPEhhbm5lcy5Uc2Nob2ZlbmlnQGFybS5jb20+OyBPQXV0aEBpZXRmLm9yZzsgRGF2 ZSBUaGFsZXIgPGR0aGFsZXJAbWljcm9zb2Z0LmNvbT4NCkNjOiBkcmFmdC1pZXRmLWNvcmUtb2Jq ZWN0LXNlY3VyaXR5QGlldGYub3JnDQpTdWJqZWN0OiBSZTogW09BVVRILVdHXSBPU0NPUkUNCg0K SGkgSGFubmVzLA0KDQpJbmNsdWRpbmcgRGF2ZSB3aG8gbWF5IHdhbnQgdG8gcHJvdmlkZSBzb21l IGJhY2tncm91bmQgdG8gdGhlIHVzZSBjYXNlLg0KDQpBcyBJIHNhaWQsIHRoaXMgd2FzIGEgcHJv cG9zZWQgY29uc3RydWN0aW9uIGFuZCB3YXMgc3RyYWlnaHRmb3J3YXJkIHRvIGluY2x1ZGUgaW4g dGhlIGRyYWZ0LiBJ4oCZbSBub3QgdGhlIHJpZ2h0IHBlcnNvbiB0byBhbnN3ZXIgd2hldGhlciB0 aGlzIGlzIHVzZWZ1bCBmb3IgT0F1dGgsIGJ1dCBJ4oCZbSBpbnRlcmVzdGVkIGluIHRoZSBhbnN3 ZXIuDQoNCkfDtnJhbg0KDQoNCk9uIDIwMTgtMDItMDcgMTU6NDcsICJIYW5uZXMgVHNjaG9mZW5p ZyIgPEhhbm5lcy5Uc2Nob2ZlbmlnQGFybS5jb20+IHdyb3RlOg0KDQo+SGkgR8O2cmFuLA0KPg0K Pk1heWJlIHlvdSBjYW4gdGhlbiBhbnN3ZXIgdGhlIHF1ZXN0aW9uIHdoZXRoZXIgdGhpcyBpcyB1 c2VmdWwgLyANCj5hcHBsaWNhYmxlIHRvIGEgSFRUUC4gQXNrZWQgZGlmZmVyZW50bHksIHVuZGVy IHdoYXQgY29uZGl0aW9ucyBkb2VzIHRoZSANCj5PU0NPUkUgbm90IHdvcmsgZm9yIEhUVFAuIFRo aXMgd291bGQgaGVscCB0aGUgZm9sa3MgaW4gdGhlIGdyb3VwLCANCj5pbmNsdWRpbmcgbWUsIHRv IGRldGVybWluZSB3aGV0aGVyIHRoaXMgYWN0dWFsbHkgc29tZXRoaW5nIHdlIHNob3VsZCBiZSAN Cj5sb29raW5nIGludG8gYXQgYWxsLiBOb3RlIHRoYXQgdHlwaWNhbCBhcHBsaWNhdGlvbnMgdGhh dCB1c2UgT0F1dGggZG8gDQo+bm90IHVzZSBDb0FQIC0tIG9ubHkgSFRUUC4NCj4NCj5JbiBPQXV0 aCB3ZSBoYWQgZm9yIHNldmVyYWwgeWVhcnMgdHJpZWQgdG8gZ2V0IEhUVFAgbWVzc2FnZSBwcm90 ZWN0aW9uIA0KPndvcmtpbmcgYW5kIHdlIGhhdmUsIHVuZm9ydHVuYXRlbHksIGZhaWxlZCB0byBm aW5kIGEgc3VpdGFibGUgc29sdXRpb24uDQo+DQo+Q2lhbw0KPkhhbm5lcw0KPg0KPg0KPi0tLS0t T3JpZ2luYWwgTWVzc2FnZS0tLS0tDQo+RnJvbTogR8O2cmFuIFNlbGFuZGVyIFttYWlsdG86Z29y YW4uc2VsYW5kZXJAZXJpY3Nzb24uY29tXQ0KPlNlbnQ6IDA3IEZlYnJ1YXJ5IDIwMTggMTU6MzcN Cj5UbzogSGFubmVzIFRzY2hvZmVuaWc7IE9BdXRoQGlldGYub3JnDQo+Q2M6IGRyYWZ0LWlldGYt Y29yZS1vYmplY3Qtc2VjdXJpdHlAaWV0Zi5vcmcNCj5TdWJqZWN0OiBbT0FVVEgtV0ddIE9TQ09S RQ0KPg0KPg0KPkhpIEhhbm5lcywgYW5kIGFsbA0KPg0KPlRoYW5rcyBmb3IgdGhlIGFubm91bmNl bWVudC4NCj4NCj5UbyBiZSBhIGxpdHRsZSBiaXQgbW9yZSBwcmVjaXNlLCB0aGUgc3RhdGVtZW50 IGlzIHRoYXQgYSBDb0FQLW1hcHBhYmxlIA0KPkhUVFAgbWVzc2FnZSBjYW4gYmUgbWFwcGVkIHRv IENvQVAgKHVzaW5nIFJGQyA4MDc1KSwgcHJvdGVjdGVkIHdpdGggDQo+T1NDT1JFIChhcyBzcGVj aWZpZWQgaW4gdGhlIHJlZmVyZW5jZWQgZHJhZnQpIGFuZCB0cmFuc3BvcnRlZCB3aXRoIEhUVFAg DQo+KGFzIGV4ZW1wbGlmaWVkIGluIHRoZSByZWZlcmVuY2VkIGRyYWZ0KS4gVGhlIG1haW4gdXNl IGNhc2UgaXMgaW4gDQo+Y29uanVuY3Rpb24gd2l0aCBhbiBIVFRQLUNvQVAgdHJhbnNsYXRpb25h bCBwcm94eSAoUkZDIDgwNzUpLCBhbmQgdGhlIA0KPm1hcHBpbmcgd291bGQgd2l0aCB0aGlzIGNv bnN0cnVjdGlvbiByZXN1bHQgaW4gYSBDb0FQLW1hcHBhYmxlIEhUVFAgDQo+cmVxdWVzdCBiZWlu ZyBwcm90ZWN0ZWQgYnkgYW4gSFRUUCBjbGllbnQgYW5kIHZlcmlmaWVkIGJ5IGEgQ29BUCBzZXJ2 ZXIuDQo+DQo+VGhpcyBmdW5jdGlvbmFsaXR5IHdhcyBwcm9wb3NlZCBieSBPQ0YgZm9yIHRoZWly IGVuZC10by1lbmQgUkVTVCB1c2UgDQo+Y2FzZXMuIEhhcHB5IHRvIGhlYXIgYW55IGNvbW1lbnRz IG9uIHRoZSBjb25zdHJ1Y3Rpb24gYXMgZGVzY3JpYmVkIGluIA0KPnRoZSBkcmFmdC4NCj4NCj4N Cj5Ob3RlIHRoYXQgSGFubmVzIHJlZmVyZW5jZWQgdGhlIHdyb25nIHZlcnNpb24gb2YgdGhlIGRy YWZ0LCBoZXJlIGlzIHRoZQ0KPmxhdGVzdDoNCj4NCj5odHRwczovL25hMDEuc2FmZWxpbmtzLnBy b3RlY3Rpb24ub3V0bG9vay5jb20vP3VybD1odHRwcyUzQSUyRiUyRnRvb2xzLg0KPmlldGYub3Jn JTJGaHRtbCUyRmRyYWZ0LWlldGYtY29yZS1vYmplY3Qtc2VjdXJpdHktMDgmZGF0YT0wNCU3QzAx JTdDZHRoDQo+YWxlciU0MG1pY3Jvc29mdC5jb20lN0MwYzcwMTc1Y2U3NjM0Njk4ZTA2YTA4ZDU2 ZTQzZjM2YyU3Q2VlMzMwM2Q3ZmI3MzQNCj5iMGM4NTg5YmNkODQ3ZjFjMjc3JTdDMSU3QzAlN0M2 MzY1MzYxNjA0ODMyMjM0MzMlN0NVbmtub3duJTdDVFdGcGJHWnNiMw0KPmQ4ZXlKV0lqb2lNQzR3 TGpBd01EQWlMQ0pRSWpvaVYybHVNeklpTENKQlRpSTZJazFoYVd3aWZRJTNEJTNEJTdDLTEmc2Rh DQo+dGE9UWdiMmd2a1Y1dUJJajM2b2dBWWx1YU4wOFBTOVl1eVh6JTJGbEp6bHMxVTlnJTNEJnJl c2VydmVkPTANCj4NCj4NCj5Hw7ZyYW4NCj4NCj4NCj5PbiAyMDE4LTAyLTA3IDExOjA2LCBIYW5u ZXMgVHNjaG9mZW5pZyB3cm90ZToNCj4+IEhpIGd1eXMsDQo+Pg0KPj4gWW91IG1heSBiZSBpbnRl cmVzdGVkIHRvIGhlYXIgdGhhdCBhIGdyb3VwIG9mIHBlb3BsZSB3b3JraW5nIG9uIA0KPj4gSW50 ZXJuZXQgb2YgVGhpbmdzIHNlY3VyaXR5IGJlbGlldmUgdGhleSBoYXZlIGZvdW5kIGEgc29sdXRp b24gdG8gDQo+PiBkZWFsIHdpdGggdGhlIGNoYWxsZW5nZXMgd2UgaGFkIGluIHByb3RlY3Rpbmcg SFRUUCByZXF1ZXN0cy9yZXNwb25zZXMuDQo+Pg0KPj4gSGVyZSBpcyB0aGUgZHJhZnQ6DQo+PiBo dHRwczovL25hMDEuc2FmZWxpbmtzLnByb3RlY3Rpb24ub3V0bG9vay5jb20vP3VybD1odHRwcyUz QSUyRiUyRnRvb2wNCj4+IHMuaWV0Zi5vcmclMkZodG1sJTJGZHJhZnQtaWV0Zi1jb3JlLW9iamVj dC1zZWN1cml0eS0wNyZkYXRhPTA0JTdDMDElNw0KPj4gQ2R0aGFsZXIlNDBtaWNyb3NvZnQuY29t JTdDMGM3MDE3NWNlNzYzNDY5OGUwNmEwOGQ1NmU0M2YzNmMlN0NlZTMzMDNkDQo+PiA3ZmI3MzRi MGM4NTg5YmNkODQ3ZjFjMjc3JTdDMSU3QzAlN0M2MzY1MzYxNjA0ODMyMjM0MzMlN0NVbmtub3du JTdDVFcNCj4+IEZwYkdac2IzZDhleUpXSWpvaU1DNHdMakF3TURBaUxDSlFJam9pVjJsdU16SWlM Q0pCVGlJNklrMWhhV3dpZlElM0QlMw0KPj4gRCU3Qy0xJnNkYXRhPWs0TWxIRUJNMFlheVJvcSUy QjBLaklCZHpTaGZYTVNXMkVRREswMyUyRk1DSiUyQjAlM0QmcmVzDQo+PiBlcnZlZD0wDQo+Pg0K Pj4gKFRoZSBkcmFmdCBpcyBtb3N0bHkgZm9jdXNlZCBvbiBDb0FQIGJ1dCBpdCBpcyBzdXBwb3Nl ZCB0byBiZSANCj4+IGFwcGxpY2FibGUgYWxzbyB0byBIVFRQLikNCj4+DQo+PiBDaWFvDQo+PiBI YW5uZXMNCj4+DQo+PiBJTVBPUlRBTlQgTk9USUNFOiBUaGUgY29udGVudHMgb2YgdGhpcyBlbWFp bCBhbmQgYW55IGF0dGFjaG1lbnRzIGFyZSANCj4+IGNvbmZpZGVudGlhbCBhbmQgbWF5IGFsc28g YmUgcHJpdmlsZWdlZC4gSWYgeW91IGFyZSBub3QgdGhlIGludGVuZGVkIA0KPj4gcmVjaXBpZW50 LCBwbGVhc2Ugbm90aWZ5IHRoZSBzZW5kZXIgaW1tZWRpYXRlbHkgYW5kIGRvIG5vdCBkaXNjbG9z ZSANCj4+IHRoZSBjb250ZW50cyB0byBhbnkgb3RoZXIgcGVyc29uLCB1c2UgaXQgZm9yIGFueSBw dXJwb3NlLCBvciBzdG9yZSBvciANCj4+IGNvcHkgdGhlIGluZm9ybWF0aW9uIGluIGFueSBtZWRp dW0uIFRoYW5rIHlvdS4NCj4+DQo+Pg0KPj4gX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f X19fX19fX19fX19fX19fX18NCj4+IE9BdXRoIG1haWxpbmcgbGlzdA0KPj4gT0F1dGhAaWV0Zi5v cmcNCj4+IGh0dHBzOi8vbmEwMS5zYWZlbGlua3MucHJvdGVjdGlvbi5vdXRsb29rLmNvbS8/dXJs PWh0dHBzJTNBJTJGJTJGd3d3Lg0KPj4gaWV0Zi5vcmclMkZtYWlsbWFuJTJGbGlzdGluZm8lMkZv YXV0aCZkYXRhPTA0JTdDMDElN0NkdGhhbGVyJTQwbWljcm9zDQo+PiBvZnQuY29tJTdDMGM3MDE3 NWNlNzYzNDY5OGUwNmEwOGQ1NmU0M2YzNmMlN0NlZTMzMDNkN2ZiNzM0YjBjODU4OWJjZDgNCj4+ IDQ3ZjFjMjc3JTdDMSU3QzAlN0M2MzY1MzYxNjA0ODMyMjM0MzMlN0NVbmtub3duJTdDVFdGcGJH WnNiM2Q4ZXlKV0lqbw0KPj4gaU1DNHdMakF3TURBaUxDSlFJam9pVjJsdU16SWlMQ0pCVGlJNklr MWhhV3dpZlElM0QlM0QlN0MtMSZzZGF0YT1LWUNWDQo+PiBoM0F4SXVYZkdvQTBSNFc2cG9YYmhO JTJCMWpLREFrUWdOeWdJWWhtTSUzRCZyZXNlcnZlZD0wDQo+Pg0KPg0KPg0KPg0KPg0KPklNUE9S VEFOVCBOT1RJQ0U6IFRoZSBjb250ZW50cyBvZiB0aGlzIGVtYWlsIGFuZCBhbnkgYXR0YWNobWVu dHMgYXJlIA0KPmNvbmZpZGVudGlhbCBhbmQgbWF5IGFsc28gYmUgcHJpdmlsZWdlZC4gSWYgeW91 IGFyZSBub3QgdGhlIGludGVuZGVkIA0KPnJlY2lwaWVudCwgcGxlYXNlIG5vdGlmeSB0aGUgc2Vu ZGVyIGltbWVkaWF0ZWx5IGFuZCBkbyBub3QgZGlzY2xvc2UgdGhlIA0KPmNvbnRlbnRzIHRvIGFu eSBvdGhlciBwZXJzb24sIHVzZSBpdCBmb3IgYW55IHB1cnBvc2UsIG9yIHN0b3JlIG9yIGNvcHkg DQo+dGhlIGluZm9ybWF0aW9uIGluIGFueSBtZWRpdW0uIFRoYW5rIHlvdS4NCg0K From nobody Wed Feb 7 09:33:57 2018 Return-Path: X-Original-To: oauth@ietfa.amsl.com Delivered-To: oauth@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B8E1E12D850; Wed, 7 Feb 2018 09:33:54 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -0.395 X-Spam-Level: X-Spam-Status: No, score=-0.395 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, SUBJ_ALL_CAPS=1.506] autolearn=no autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PREYc4NT8KUh; Wed, 7 Feb 2018 09:33:53 -0800 (PST) Received: from EUR03-DB5-obe.outbound.protection.outlook.com (mail-eopbgr40064.outbound.protection.outlook.com [40.107.4.64]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9C3BA1270AC; Wed, 7 Feb 2018 09:33:52 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector1-arm-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=YaGUtkSvStApnr8e1tO35AO36gj5v6CRGQXjwF3NDY4=; b=c549oedyzYJizpfI/2LRZQ1bzbVKHU7bv9WcUrEogviXK2D1vka5wq8BONeN3ue/5SSLsY4i122UAci9vS5BT5merhg3jcA0Z6f0BwCD0r2ODazBvKAuRepUjRjhqFNn1046wlTsO11K4/bzusVDJpqiQCRVCKfqskm76qURkcI= Received: from AM4PR0801MB2706.eurprd08.prod.outlook.com (10.167.90.148) by AM4PR0801MB1505.eurprd08.prod.outlook.com (10.168.5.143) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.485.10; Wed, 7 Feb 2018 17:33:49 +0000 Received: from AM4PR0801MB2706.eurprd08.prod.outlook.com ([fe80::b863:80d:692b:e64b]) by AM4PR0801MB2706.eurprd08.prod.outlook.com ([fe80::b863:80d:692b:e64b%14]) with mapi id 15.20.0485.009; Wed, 7 Feb 2018 17:33:49 +0000 From: Hannes Tschofenig To: Dave Thaler , =?utf-8?B?R8O2cmFuIFNlbGFuZGVy?= , "OAuth@ietf.org" CC: "draft-ietf-core-object-security@ietf.org" Thread-Topic: [OAUTH-WG] OSCORE Thread-Index: AdOf+vC9Bo7oOstGSpuGdOgV/ndnFaOZAgKAo5ii+kC4zr6MAIAAGDiA////7JA= Date: Wed, 7 Feb 2018 17:33:49 +0000 Message-ID: References: <35cc46fe-3453-e458-af55-a6acb2905e44@ri.se> In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: spf=none (sender IP is ) smtp.mailfrom=Hannes.Tschofenig@arm.com; x-originating-ip: [88.214.160.174] x-ms-publictraffictype: Email x-microsoft-exchange-diagnostics: 1; AM4PR0801MB1505; 7:+a14XmhNBzbpn0zhd+d97KM2Cn7G9y7zgZnuUpOaDMum0RbRQH+d3MMjoPmMr6JMAExGBKvpKzD3Xo2Mg4deelxj/mr3ey+rvRLlrdCGFjp3v8ZaxciHkW1/emxFiecxp2pqcI1TD9ztAWi5rMJaShYhS2lh7KI+F769PX+At8TEh8gFghO/EsP8vX1WgjvbGDXcPJ/1usOSRQifYBjdk3Njn1J2yxTmSi8ymUEjpNQp0uJKNp5tkhlj53TIsIle x-ms-exchange-antispam-srfa-diagnostics: SSOS; x-ms-office365-filtering-ht: Tenant x-ms-office365-filtering-correlation-id: ce9d3b92-87f2-4b28-e953-08d56e50f305 x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(48565401081)(4534165)(4627221)(201703031133081)(201702281549075)(5600026)(4604075)(3008032)(2017052603307)(7153060)(7193020); SRVR:AM4PR0801MB1505; x-ms-traffictypediagnostic: AM4PR0801MB1505: x-microsoft-antispam-prvs: x-exchange-antispam-report-test: UriScan:(37575265505322)(28532068793085)(180628864354917)(278428928389397)(89211679590171)(192374486261705)(189930954265078)(219752817060721); x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(6040501)(2401047)(5005006)(8121501046)(3231101)(2400082)(944501161)(10201501046)(3002001)(93006095)(93001095)(6055026)(6041288)(20161123562045)(20161123558120)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123560045)(20161123564045)(6072148)(201708071742011); SRVR:AM4PR0801MB1505; BCL:0; PCL:0; RULEID:; SRVR:AM4PR0801MB1505; x-forefront-prvs: 0576145E86 x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(366004)(39860400002)(396003)(376002)(39380400002)(346002)(13464003)(377424004)(51914003)(199004)(189003)(40434004)(5660300001)(478600001)(72206003)(2906002)(4326008)(45080400002)(2950100002)(99286004)(53936002)(2501003)(1511001)(74316002)(6246003)(305945005)(7736002)(33656002)(14454004)(966005)(575784001)(3660700001)(86362001)(2900100001)(6306002)(9686003)(55016002)(97736004)(25786009)(229853002)(66066001)(8666007)(6436002)(68736007)(93886005)(110136005)(81166006)(8676002)(81156014)(3846002)(6116002)(3280700002)(5250100002)(8936002)(106356001)(316002)(5890100001)(6506007)(186003)(53546011)(59450400001)(102836004)(26005)(105586002)(76176011)(7696005); DIR:OUT; SFP:1101; SCL:1; SRVR:AM4PR0801MB1505; H:AM4PR0801MB2706.eurprd08.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en; received-spf: None (protection.outlook.com: arm.com does not designate permitted sender hosts) x-microsoft-antispam-message-info: RfdUZ+kK38Kjc44DyLhNrLmPnLBWqz24NJ2tiQbXeCUwG45c3ZRTRL49WXmDdRky1Hk/6QFvcjES9AVwCfxzlQ== spamdiagnosticoutput: 1:99 spamdiagnosticmetadata: NSPM Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 MIME-Version: 1.0 X-OriginatorOrg: arm.com X-MS-Exchange-CrossTenant-Network-Message-Id: ce9d3b92-87f2-4b28-e953-08d56e50f305 X-MS-Exchange-CrossTenant-originalarrivaltime: 07 Feb 2018 17:33:49.5545 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: f34e5979-57d9-4aaa-ad4d-b122a662184d X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM4PR0801MB1505 Archived-At: Subject: Re: [OAUTH-WG] OSCORE X-BeenThere: oauth@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: OAUTH WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 07 Feb 2018 17:33:55 -0000 SXMgdGhlcmUgYW55IGltcGxlbWVudGF0aW9uIC8gcHJvdG90eXBpbmcgZXhwZXJpZW5jZSB3aXRo IHRoaXMgd29yaywgRGF2ZT8NCg0KSGVyZSBpcyB3aGF0IHdlIGhhdmUgYmVlbiB3b3JraW5nIG9u IGluIHRoZSBjb250ZXh0IG9mIE9BdXRoOiBXaXRoIE9BdXRoIDEuMDogaHR0cHM6Ly90b29scy5p ZXRmLm9yZy9odG1sL3JmYzU4NDkgb25lIG9mIHRoZSBwcm9ibGVtcyB0aGVyZSB3YXMgdGhlIGZp ZWxkcyB3ZSBjb21wdXRlZCB0aGUgZGlnZXN0IG92ZXIgd2VyZSBjaGFuZ2VkIGJ5IHByb3hpZXMs IGFuZCBvdGhlciBtaWRkbGV3YXJlLiBOZWVkbGVzcyB0byBzYXkgdGhhdCB0aGUgdmVyaWZpY2F0 aW9uIGZhaWxlZCBhbmQgZm9yIGRldmVsb3BlciBpdCB3YXMgbm90IGNsZWFyIHdoaWNoIGZpZWxk IGNhdXNlZCB0aGUgZGlnZXN0IHZlcmlmaWNhdGlvbiB0byBmYWlsLg0KDQpJbiBodHRwczovL3Rv b2xzLmlldGYub3JnL2h0bWwvZHJhZnQtaWV0Zi1vYXV0aC1zaWduZWQtaHR0cC1yZXF1ZXN0LTAx IHdlIGZvbGxvd2VkIGEgZGlmZmVyZW50IGRlc2lnbiBhcHByb2FjaCB3aGVyZSB3ZSBhcHBseSB0 aGUgZGlnZXN0IHNlbGVjdGl2ZWx5IG92ZXIgZmllbGQgYW5kIHRoZXkgYXJlIHJlcGVhdGVkIGlu IHRoZSBuZXdseSBkZWZpbmVkIHBhcmFtZXRlci4NCg0KQ2lhbw0KSGFubmVzDQoNCi0tLS0tT3Jp Z2luYWwgTWVzc2FnZS0tLS0tDQpGcm9tOiBEYXZlIFRoYWxlciBbbWFpbHRvOmR0aGFsZXJAbWlj cm9zb2Z0LmNvbV0NClNlbnQ6IDA3IEZlYnJ1YXJ5IDIwMTggMTc6MjcNClRvOiBHw7ZyYW4gU2Vs YW5kZXI7IEhhbm5lcyBUc2Nob2ZlbmlnOyBPQXV0aEBpZXRmLm9yZw0KQ2M6IGRyYWZ0LWlldGYt Y29yZS1vYmplY3Qtc2VjdXJpdHlAaWV0Zi5vcmcNClN1YmplY3Q6IFJFOiBbT0FVVEgtV0ddIE9T Q09SRQ0KDQpBcyBHw7ZyYW4gc2FpZCwgeWVzIHRoZSBvcmlnaW5hbCByYXRpb25hbGUgd2FzIGVu ZC10by1lbmQgY29tbXVuaWNhdGlvbiB0aHJvdWdoIHByb3hpZXMgd2hlcmUgZWFjaCBsZWcgbWln aHQgYmUgQ29BUCBvciBtaWdodCBiZSBIVFRQLA0KdGhlIG1vc3QgY29tbW9uIGNhc2UgYmVpbmcg YSBzaW5nbGUgQ09BUC10by1IVFRQIG9yIEhUVFAtdG8tQ09BUCBwcm94eS4gICBGb3IgdGhlIHN1 YnNldCBvZiBIVFRQIHRoYXQgaXMgbWFwcGFibGUgdG8gQ29BUA0KKGkuZS4sIHNpbXBsZSBSRVNU ZnVsIGNhbGxzKSwgSSdtIG5vdCBhd2FyZSBvZiBhbnkgcmVhc29uIGl0IHdvdWxkbid0IHdvcmsg d2l0aCBhIHNpbXBsZSBIVFRQIHByb3h5IHdoZXJlIGFsbCBsZWdzIGFyZSBIVFRQLg0KSXQgd291 bGQgYmUgZ29vZCBpZiBzb21lb25lIGNvdWxkIHRyeSB0aGF0IGFuZCB2ZXJpZnkgaXQgdGhvdWdo Li4uIG1heWJlIGEgaGFja2F0aG9uIHByb2plY3QuDQoNCi0tLS0tT3JpZ2luYWwgTWVzc2FnZS0t LS0tDQpGcm9tOiBHw7ZyYW4gU2VsYW5kZXIgW21haWx0bzpnb3Jhbi5zZWxhbmRlckBlcmljc3Nv bi5jb21dDQpTZW50OiBXZWRuZXNkYXksIEZlYnJ1YXJ5IDcsIDIwMTggODowMCBBTQ0KVG86IEhh bm5lcyBUc2Nob2ZlbmlnIDxIYW5uZXMuVHNjaG9mZW5pZ0Bhcm0uY29tPjsgT0F1dGhAaWV0Zi5v cmc7IERhdmUgVGhhbGVyIDxkdGhhbGVyQG1pY3Jvc29mdC5jb20+DQpDYzogZHJhZnQtaWV0Zi1j b3JlLW9iamVjdC1zZWN1cml0eUBpZXRmLm9yZw0KU3ViamVjdDogUmU6IFtPQVVUSC1XR10gT1ND T1JFDQoNCkhpIEhhbm5lcywNCg0KSW5jbHVkaW5nIERhdmUgd2hvIG1heSB3YW50IHRvIHByb3Zp ZGUgc29tZSBiYWNrZ3JvdW5kIHRvIHRoZSB1c2UgY2FzZS4NCg0KQXMgSSBzYWlkLCB0aGlzIHdh cyBhIHByb3Bvc2VkIGNvbnN0cnVjdGlvbiBhbmQgd2FzIHN0cmFpZ2h0Zm9yd2FyZCB0byBpbmNs dWRlIGluIHRoZSBkcmFmdC4gSeKAmW0gbm90IHRoZSByaWdodCBwZXJzb24gdG8gYW5zd2VyIHdo ZXRoZXIgdGhpcyBpcyB1c2VmdWwgZm9yIE9BdXRoLCBidXQgSeKAmW0gaW50ZXJlc3RlZCBpbiB0 aGUgYW5zd2VyLg0KDQpHw7ZyYW4NCg0KDQpPbiAyMDE4LTAyLTA3IDE1OjQ3LCAiSGFubmVzIFRz Y2hvZmVuaWciIDxIYW5uZXMuVHNjaG9mZW5pZ0Bhcm0uY29tPiB3cm90ZToNCg0KPkhpIEfDtnJh biwNCj4NCj5NYXliZSB5b3UgY2FuIHRoZW4gYW5zd2VyIHRoZSBxdWVzdGlvbiB3aGV0aGVyIHRo aXMgaXMgdXNlZnVsIC8NCj5hcHBsaWNhYmxlIHRvIGEgSFRUUC4gQXNrZWQgZGlmZmVyZW50bHks IHVuZGVyIHdoYXQgY29uZGl0aW9ucyBkb2VzIHRoZQ0KPk9TQ09SRSBub3Qgd29yayBmb3IgSFRU UC4gVGhpcyB3b3VsZCBoZWxwIHRoZSBmb2xrcyBpbiB0aGUgZ3JvdXAsDQo+aW5jbHVkaW5nIG1l LCB0byBkZXRlcm1pbmUgd2hldGhlciB0aGlzIGFjdHVhbGx5IHNvbWV0aGluZyB3ZSBzaG91bGQg YmUNCj5sb29raW5nIGludG8gYXQgYWxsLiBOb3RlIHRoYXQgdHlwaWNhbCBhcHBsaWNhdGlvbnMg dGhhdCB1c2UgT0F1dGggZG8NCj5ub3QgdXNlIENvQVAgLS0gb25seSBIVFRQLg0KPg0KPkluIE9B dXRoIHdlIGhhZCBmb3Igc2V2ZXJhbCB5ZWFycyB0cmllZCB0byBnZXQgSFRUUCBtZXNzYWdlIHBy b3RlY3Rpb24NCj53b3JraW5nIGFuZCB3ZSBoYXZlLCB1bmZvcnR1bmF0ZWx5LCBmYWlsZWQgdG8g ZmluZCBhIHN1aXRhYmxlIHNvbHV0aW9uLg0KPg0KPkNpYW8NCj5IYW5uZXMNCj4NCj4NCj4tLS0t LU9yaWdpbmFsIE1lc3NhZ2UtLS0tLQ0KPkZyb206IEfDtnJhbiBTZWxhbmRlciBbbWFpbHRvOmdv cmFuLnNlbGFuZGVyQGVyaWNzc29uLmNvbV0NCj5TZW50OiAwNyBGZWJydWFyeSAyMDE4IDE1OjM3 DQo+VG86IEhhbm5lcyBUc2Nob2ZlbmlnOyBPQXV0aEBpZXRmLm9yZw0KPkNjOiBkcmFmdC1pZXRm LWNvcmUtb2JqZWN0LXNlY3VyaXR5QGlldGYub3JnDQo+U3ViamVjdDogW09BVVRILVdHXSBPU0NP UkUNCj4NCj4NCj5IaSBIYW5uZXMsIGFuZCBhbGwNCj4NCj5UaGFua3MgZm9yIHRoZSBhbm5vdW5j ZW1lbnQuDQo+DQo+VG8gYmUgYSBsaXR0bGUgYml0IG1vcmUgcHJlY2lzZSwgdGhlIHN0YXRlbWVu dCBpcyB0aGF0IGEgQ29BUC1tYXBwYWJsZQ0KPkhUVFAgbWVzc2FnZSBjYW4gYmUgbWFwcGVkIHRv IENvQVAgKHVzaW5nIFJGQyA4MDc1KSwgcHJvdGVjdGVkIHdpdGgNCj5PU0NPUkUgKGFzIHNwZWNp ZmllZCBpbiB0aGUgcmVmZXJlbmNlZCBkcmFmdCkgYW5kIHRyYW5zcG9ydGVkIHdpdGggSFRUUA0K PihhcyBleGVtcGxpZmllZCBpbiB0aGUgcmVmZXJlbmNlZCBkcmFmdCkuIFRoZSBtYWluIHVzZSBj YXNlIGlzIGluDQo+Y29uanVuY3Rpb24gd2l0aCBhbiBIVFRQLUNvQVAgdHJhbnNsYXRpb25hbCBw cm94eSAoUkZDIDgwNzUpLCBhbmQgdGhlDQo+bWFwcGluZyB3b3VsZCB3aXRoIHRoaXMgY29uc3Ry dWN0aW9uIHJlc3VsdCBpbiBhIENvQVAtbWFwcGFibGUgSFRUUA0KPnJlcXVlc3QgYmVpbmcgcHJv dGVjdGVkIGJ5IGFuIEhUVFAgY2xpZW50IGFuZCB2ZXJpZmllZCBieSBhIENvQVAgc2VydmVyLg0K Pg0KPlRoaXMgZnVuY3Rpb25hbGl0eSB3YXMgcHJvcG9zZWQgYnkgT0NGIGZvciB0aGVpciBlbmQt dG8tZW5kIFJFU1QgdXNlDQo+Y2FzZXMuIEhhcHB5IHRvIGhlYXIgYW55IGNvbW1lbnRzIG9uIHRo ZSBjb25zdHJ1Y3Rpb24gYXMgZGVzY3JpYmVkIGluDQo+dGhlIGRyYWZ0Lg0KPg0KPg0KPk5vdGUg dGhhdCBIYW5uZXMgcmVmZXJlbmNlZCB0aGUgd3JvbmcgdmVyc2lvbiBvZiB0aGUgZHJhZnQsIGhl cmUgaXMgdGhlDQo+bGF0ZXN0Og0KPg0KPmh0dHBzOi8vbmEwMS5zYWZlbGlua3MucHJvdGVjdGlv bi5vdXRsb29rLmNvbS8/dXJsPWh0dHBzJTNBJTJGJTJGdG9vbHMuDQo+aWV0Zi5vcmclMkZodG1s JTJGZHJhZnQtaWV0Zi1jb3JlLW9iamVjdC1zZWN1cml0eS0wOCZkYXRhPTA0JTdDMDElN0NkdGgN Cj5hbGVyJTQwbWljcm9zb2Z0LmNvbSU3QzBjNzAxNzVjZTc2MzQ2OThlMDZhMDhkNTZlNDNmMzZj JTdDZWUzMzAzZDdmYjczNA0KPmIwYzg1ODliY2Q4NDdmMWMyNzclN0MxJTdDMCU3QzYzNjUzNjE2 MDQ4MzIyMzQzMyU3Q1Vua25vd24lN0NUV0ZwYkdac2IzDQo+ZDhleUpXSWpvaU1DNHdMakF3TURB aUxDSlFJam9pVjJsdU16SWlMQ0pCVGlJNklrMWhhV3dpZlElM0QlM0QlN0MtMSZzZGENCj50YT1R Z2IyZ3ZrVjV1QklqMzZvZ0FZbHVhTjA4UFM5WXV5WHolMkZsSnpsczFVOWclM0QmcmVzZXJ2ZWQ9 MA0KPg0KPg0KPkfDtnJhbg0KPg0KPg0KPk9uIDIwMTgtMDItMDcgMTE6MDYsIEhhbm5lcyBUc2No b2ZlbmlnIHdyb3RlOg0KPj4gSGkgZ3V5cywNCj4+DQo+PiBZb3UgbWF5IGJlIGludGVyZXN0ZWQg dG8gaGVhciB0aGF0IGEgZ3JvdXAgb2YgcGVvcGxlIHdvcmtpbmcgb24NCj4+IEludGVybmV0IG9m IFRoaW5ncyBzZWN1cml0eSBiZWxpZXZlIHRoZXkgaGF2ZSBmb3VuZCBhIHNvbHV0aW9uIHRvDQo+ PiBkZWFsIHdpdGggdGhlIGNoYWxsZW5nZXMgd2UgaGFkIGluIHByb3RlY3RpbmcgSFRUUCByZXF1 ZXN0cy9yZXNwb25zZXMuDQo+Pg0KPj4gSGVyZSBpcyB0aGUgZHJhZnQ6DQo+PiBodHRwczovL25h MDEuc2FmZWxpbmtzLnByb3RlY3Rpb24ub3V0bG9vay5jb20vP3VybD1odHRwcyUzQSUyRiUyRnRv b2wNCj4+IHMuaWV0Zi5vcmclMkZodG1sJTJGZHJhZnQtaWV0Zi1jb3JlLW9iamVjdC1zZWN1cml0 eS0wNyZkYXRhPTA0JTdDMDElNw0KPj4gQ2R0aGFsZXIlNDBtaWNyb3NvZnQuY29tJTdDMGM3MDE3 NWNlNzYzNDY5OGUwNmEwOGQ1NmU0M2YzNmMlN0NlZTMzMDNkDQo+PiA3ZmI3MzRiMGM4NTg5YmNk ODQ3ZjFjMjc3JTdDMSU3QzAlN0M2MzY1MzYxNjA0ODMyMjM0MzMlN0NVbmtub3duJTdDVFcNCj4+ IEZwYkdac2IzZDhleUpXSWpvaU1DNHdMakF3TURBaUxDSlFJam9pVjJsdU16SWlMQ0pCVGlJNklr MWhhV3dpZlElM0QlMw0KPj4gRCU3Qy0xJnNkYXRhPWs0TWxIRUJNMFlheVJvcSUyQjBLaklCZHpT aGZYTVNXMkVRREswMyUyRk1DSiUyQjAlM0QmcmVzDQo+PiBlcnZlZD0wDQo+Pg0KPj4gKFRoZSBk cmFmdCBpcyBtb3N0bHkgZm9jdXNlZCBvbiBDb0FQIGJ1dCBpdCBpcyBzdXBwb3NlZCB0byBiZQ0K Pj4gYXBwbGljYWJsZSBhbHNvIHRvIEhUVFAuKQ0KPj4NCj4+IENpYW8NCj4+IEhhbm5lcw0KPj4N Cj4+IElNUE9SVEFOVCBOT1RJQ0U6IFRoZSBjb250ZW50cyBvZiB0aGlzIGVtYWlsIGFuZCBhbnkg YXR0YWNobWVudHMgYXJlDQo+PiBjb25maWRlbnRpYWwgYW5kIG1heSBhbHNvIGJlIHByaXZpbGVn ZWQuIElmIHlvdSBhcmUgbm90IHRoZSBpbnRlbmRlZA0KPj4gcmVjaXBpZW50LCBwbGVhc2Ugbm90 aWZ5IHRoZSBzZW5kZXIgaW1tZWRpYXRlbHkgYW5kIGRvIG5vdCBkaXNjbG9zZQ0KPj4gdGhlIGNv bnRlbnRzIHRvIGFueSBvdGhlciBwZXJzb24sIHVzZSBpdCBmb3IgYW55IHB1cnBvc2UsIG9yIHN0 b3JlIG9yDQo+PiBjb3B5IHRoZSBpbmZvcm1hdGlvbiBpbiBhbnkgbWVkaXVtLiBUaGFuayB5b3Uu DQo+Pg0KPj4NCj4+IF9fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f X19fDQo+PiBPQXV0aCBtYWlsaW5nIGxpc3QNCj4+IE9BdXRoQGlldGYub3JnDQo+PiBodHRwczov L25hMDEuc2FmZWxpbmtzLnByb3RlY3Rpb24ub3V0bG9vay5jb20vP3VybD1odHRwcyUzQSUyRiUy Rnd3dy4NCj4+IGlldGYub3JnJTJGbWFpbG1hbiUyRmxpc3RpbmZvJTJGb2F1dGgmZGF0YT0wNCU3 QzAxJTdDZHRoYWxlciU0MG1pY3Jvcw0KPj4gb2Z0LmNvbSU3QzBjNzAxNzVjZTc2MzQ2OThlMDZh MDhkNTZlNDNmMzZjJTdDZWUzMzAzZDdmYjczNGIwYzg1ODliY2Q4DQo+PiA0N2YxYzI3NyU3QzEl N0MwJTdDNjM2NTM2MTYwNDgzMjIzNDMzJTdDVW5rbm93biU3Q1RXRnBiR1pzYjNkOGV5SldJam8N Cj4+IGlNQzR3TGpBd01EQWlMQ0pRSWpvaVYybHVNeklpTENKQlRpSTZJazFoYVd3aWZRJTNEJTNE JTdDLTEmc2RhdGE9S1lDVg0KPj4gaDNBeEl1WGZHb0EwUjRXNnBvWGJoTiUyQjFqS0RBa1FnTnln SVlobU0lM0QmcmVzZXJ2ZWQ9MA0KPj4NCj4NCj4NCj4NCj4NCj5JTVBPUlRBTlQgTk9USUNFOiBU aGUgY29udGVudHMgb2YgdGhpcyBlbWFpbCBhbmQgYW55IGF0dGFjaG1lbnRzIGFyZQ0KPmNvbmZp ZGVudGlhbCBhbmQgbWF5IGFsc28gYmUgcHJpdmlsZWdlZC4gSWYgeW91IGFyZSBub3QgdGhlIGlu dGVuZGVkDQo+cmVjaXBpZW50LCBwbGVhc2Ugbm90aWZ5IHRoZSBzZW5kZXIgaW1tZWRpYXRlbHkg YW5kIGRvIG5vdCBkaXNjbG9zZSB0aGUNCj5jb250ZW50cyB0byBhbnkgb3RoZXIgcGVyc29uLCB1 c2UgaXQgZm9yIGFueSBwdXJwb3NlLCBvciBzdG9yZSBvciBjb3B5DQo+dGhlIGluZm9ybWF0aW9u IGluIGFueSBtZWRpdW0uIFRoYW5rIHlvdS4NCg0KSU1QT1JUQU5UIE5PVElDRTogVGhlIGNvbnRl bnRzIG9mIHRoaXMgZW1haWwgYW5kIGFueSBhdHRhY2htZW50cyBhcmUgY29uZmlkZW50aWFsIGFu ZCBtYXkgYWxzbyBiZSBwcml2aWxlZ2VkLiBJZiB5b3UgYXJlIG5vdCB0aGUgaW50ZW5kZWQgcmVj aXBpZW50LCBwbGVhc2Ugbm90aWZ5IHRoZSBzZW5kZXIgaW1tZWRpYXRlbHkgYW5kIGRvIG5vdCBk aXNjbG9zZSB0aGUgY29udGVudHMgdG8gYW55IG90aGVyIHBlcnNvbiwgdXNlIGl0IGZvciBhbnkg cHVycG9zZSwgb3Igc3RvcmUgb3IgY29weSB0aGUgaW5mb3JtYXRpb24gaW4gYW55IG1lZGl1bS4g VGhhbmsgeW91Lg0K From nobody Wed Feb 7 09:46:33 2018 Return-Path: X-Original-To: oauth@ietfa.amsl.com Delivered-To: oauth@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B7C911270AE; Wed, 7 Feb 2018 09:46:31 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -0.515 X-Spam-Level: X-Spam-Status: No, score=-0.515 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, SUBJ_ALL_CAPS=1.506] autolearn=no autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wnyn1JjE_0U5; Wed, 7 Feb 2018 09:46:29 -0800 (PST) Received: from NAM03-CO1-obe.outbound.protection.outlook.com (mail-co1nam03on0112.outbound.protection.outlook.com [104.47.40.112]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6437A12D84A; Wed, 7 Feb 2018 09:46:29 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=QjWz4hhdI0HP41exKObnJ3A5B6Biutp5UoALQnhFe8M=; b=Vrf3sPsxkBHDwZhYDgQruZ/NBvhgXetcQcjvEHsnaHQMFatOwRNrO5eXC5qvKMswwCbt8jvQ+3j/+llWeYIgGkw1MNT3KYeGYA1VLDKst43OIaBbLv4SzQkNyJ0glGZdP0PlY76snTolxig6mZaiGXznQggrlZe1Ejj2KgRWI0c= Received: from CY4PR21MB0856.namprd21.prod.outlook.com (10.173.192.145) by CY4PR21MB0774.namprd21.prod.outlook.com (10.173.192.20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.506.1; Wed, 7 Feb 2018 17:46:27 +0000 Received: from CY4PR21MB0856.namprd21.prod.outlook.com ([fe80::a5aa:5aa0:e32d:9321]) by CY4PR21MB0856.namprd21.prod.outlook.com ([fe80::a5aa:5aa0:e32d:9321%3]) with mapi id 15.20.0506.007; Wed, 7 Feb 2018 17:46:27 +0000 From: Dave Thaler To: Hannes Tschofenig , =?utf-8?B?R8O2cmFuIFNlbGFuZGVy?= , "OAuth@ietf.org" CC: "draft-ietf-core-object-security@ietf.org" Thread-Topic: [OAUTH-WG] OSCORE Thread-Index: AQHToB1G/bi42x7glEW+yKQQZgyBfqOZAgKAgAADAICAAANpAIAAJ3cggAADg4CAAAMOgA== Date: Wed, 7 Feb 2018 17:46:27 +0000 Message-ID: References: <35cc46fe-3453-e458-af55-a6acb2905e44@ri.se> In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: msip_labels: MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Enabled=True; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SiteId=72f988bf-86f1-41af-91ab-2d7cd011db47; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Owner=dthaler@ntdev.microsoft.com; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SetDate=2018-02-07T17:46:29.4822831Z; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Name=General; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Application=Microsoft Azure Information Protection; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Extended_MSFT_Method=Automatic; Sensitivity=General x-originating-ip: [73.254.202.27] x-ms-publictraffictype: Email x-microsoft-exchange-diagnostics: 1; CY4PR21MB0774; 7:O9skRO83Wa3XBkaq1n3IJrmV9NSWKQfgxHLMuvceUYCqq6Lf58nnQ5wQL3YV0rUhg0/CjAEd71IJOeCFtSe2AyUtIEb3FWyV3S9cmvddHJpMla5NwAWkmQA6h3FHeMdxtLk/YRduHoWK+KuvxF0rxo51Yz6IkMW5jqRORy08Gl7P65ejM/mkRJFKxsqPLOVRtZFHdwIwgZUZJ+vXC/QXwR0iISAkZSb/nuWbXUN9Af59tzitP2mv2ii0+7dGwiG4 x-ms-exchange-antispam-srfa-diagnostics: SSOS; x-ms-office365-filtering-ht: Tenant x-ms-office365-filtering-correlation-id: ad93164e-1497-405b-7bbb-08d56e52b6b2 x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(4534165)(4627221)(201703031133081)(201702281549075)(48565401081)(5600026)(4604075)(3008032)(2017052603307)(7193020); SRVR:CY4PR21MB0774; x-ms-traffictypediagnostic: CY4PR21MB0774: x-ld-processed: 72f988bf-86f1-41af-91ab-2d7cd011db47,ExtAddr x-microsoft-antispam-prvs: x-exchange-antispam-report-test: UriScan:(37575265505322)(28532068793085)(180628864354917)(278428928389397)(89211679590171)(192374486261705)(189930954265078)(219752817060721); x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(61425038)(6040501)(2401047)(8121501046)(5005006)(10201501046)(93006095)(93001095)(3231101)(2400082)(944501161)(3002001)(6055026)(61426038)(61427038)(6041288)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123562045)(20161123558120)(20161123564045)(20161123560045)(6072148)(201708071742011); SRVR:CY4PR21MB0774; BCL:0; PCL:0; RULEID:; SRVR:CY4PR21MB0774; x-forefront-prvs: 0576145E86 x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(366004)(346002)(396003)(376002)(39860400002)(39380400002)(40434004)(189003)(13464003)(377424004)(51914003)(199004)(99286004)(5890100001)(6116002)(2501003)(81156014)(6246003)(2906002)(66066001)(4326008)(14454004)(186003)(8936002)(10090500001)(102836004)(25786009)(10290500003)(3660700001)(93886005)(3846002)(81166006)(229853002)(8990500004)(86612001)(26005)(8676002)(575784001)(86362001)(6346003)(110136005)(22452003)(2950100002)(7736002)(9686003)(33656002)(316002)(3280700002)(74316002)(55016002)(6436002)(76176011)(68736007)(5660300001)(53546011)(59450400001)(6506007)(2900100001)(105586002)(6306002)(5250100002)(97736004)(478600001)(966005)(7696005)(106356001)(305945005)(53936002); DIR:OUT; SFP:1102; SCL:1; SRVR:CY4PR21MB0774; H:CY4PR21MB0856.namprd21.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en; received-spf: None (protection.outlook.com: microsoft.com does not designate permitted sender hosts) authentication-results: spf=none (sender IP is ) smtp.mailfrom=dthaler@microsoft.com; x-microsoft-antispam-message-info: 1dbI9sAq5kT61B4KMUyFKffSWZ6Q7zc2NAoqflr1Rxln41a7Ni6yD/CIk9W4aBtHZ/f/5UM+Sp5MIqZnv0IUcg== spamdiagnosticoutput: 1:99 spamdiagnosticmetadata: NSPM Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 MIME-Version: 1.0 X-OriginatorOrg: microsoft.com X-MS-Exchange-CrossTenant-Network-Message-Id: ad93164e-1497-405b-7bbb-08d56e52b6b2 X-MS-Exchange-CrossTenant-originalarrivaltime: 07 Feb 2018 17:46:27.2685 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47 X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR21MB0774 Archived-At: Subject: Re: [OAUTH-WG] OSCORE X-BeenThere: oauth@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: OAUTH WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 07 Feb 2018 17:46:32 -0000 T3Njb3JlIHdhcyBkZXNpZ25lZCBieSBsb29raW5nIGF0IHRoZSBzcGVjcyBmb3IgSFRUUC9DT0FQ IHByb3h5aW5nLCBzbyB0aGF0IGl0IHNob3VsZCB3b3JrIHdpdGggYW55IHN1Y2ggcHJveHkgdGhh dCdzIGNvbXBsaWFudCB0byB0aGUgc3BlYy4NCkknbSBub3QgYXdhcmUgaWYgdGhlcmUncyBpbXBs ZW1lbnRhdGlvbiBleHBlcmllbmNlIHlldCwgYnV0IHRoZSBrZXkgY29uY2VwdCBpcyB0aGF0IGZp ZWxkcyB0aGF0IGhhdmUgdG8gYmUgcHJlc2VydmVkIGVuZC10by1lbmQgYXJlIHR1bm5lbGVkIHRo cm91Z2ggdGhlIHByb3h5LCByYXRoZXIgdGhhbiBsZWZ0IHdoZXJlIHRoZSBwcm94eSBjYW4gbW9k aWZ5IHRoZW0uDQoNCi0tLS0tT3JpZ2luYWwgTWVzc2FnZS0tLS0tDQpGcm9tOiBIYW5uZXMgVHNj aG9mZW5pZyBbbWFpbHRvOkhhbm5lcy5Uc2Nob2ZlbmlnQGFybS5jb21dIA0KU2VudDogV2VkbmVz ZGF5LCBGZWJydWFyeSA3LCAyMDE4IDk6MzQgQU0NClRvOiBEYXZlIFRoYWxlciA8ZHRoYWxlckBt aWNyb3NvZnQuY29tPjsgR8O2cmFuIFNlbGFuZGVyIDxnb3Jhbi5zZWxhbmRlckBlcmljc3Nvbi5j b20+OyBPQXV0aEBpZXRmLm9yZw0KQ2M6IGRyYWZ0LWlldGYtY29yZS1vYmplY3Qtc2VjdXJpdHlA aWV0Zi5vcmcNClN1YmplY3Q6IFJFOiBbT0FVVEgtV0ddIE9TQ09SRQ0KDQpJcyB0aGVyZSBhbnkg aW1wbGVtZW50YXRpb24gLyBwcm90b3R5cGluZyBleHBlcmllbmNlIHdpdGggdGhpcyB3b3JrLCBE YXZlPw0KDQpIZXJlIGlzIHdoYXQgd2UgaGF2ZSBiZWVuIHdvcmtpbmcgb24gaW4gdGhlIGNvbnRl eHQgb2YgT0F1dGg6IFdpdGggT0F1dGggMS4wOiBodHRwczovL25hMDEuc2FmZWxpbmtzLnByb3Rl Y3Rpb24ub3V0bG9vay5jb20vP3VybD1odHRwcyUzQSUyRiUyRnRvb2xzLmlldGYub3JnJTJGaHRt bCUyRnJmYzU4NDkmZGF0YT0wNCU3QzAxJTdDZHRoYWxlciU0MG1pY3Jvc29mdC5jb20lN0MxZmM5 ZDcyZmQxY2M0ZDlkMTVkMzA4ZDU2ZTUwZjQ1MCU3Q2VlMzMwM2Q3ZmI3MzRiMGM4NTg5YmNkODQ3 ZjFjMjc3JTdDMSU3QzAlN0M2MzY1MzYyMTYzMzgzMDM2NjAlN0NVbmtub3duJTdDVFdGcGJHWnNi M2Q4ZXlKV0lqb2lNQzR3TGpBd01EQWlMQ0pRSWpvaVYybHVNeklpTENKQlRpSTZJazFoYVd3aWZR JTNEJTNEJTdDLTEmc2RhdGE9UDBEb3dWaGsxN3ZiYjdFWks2Q21VY0lPTGpuZnU4JTJGREV1NnE5 UURTJTJGR0klM0QmcmVzZXJ2ZWQ9MCBvbmUgb2YgdGhlIHByb2JsZW1zIHRoZXJlIHdhcyB0aGUg ZmllbGRzIHdlIGNvbXB1dGVkIHRoZSBkaWdlc3Qgb3ZlciB3ZXJlIGNoYW5nZWQgYnkgcHJveGll cywgYW5kIG90aGVyIG1pZGRsZXdhcmUuIE5lZWRsZXNzIHRvIHNheSB0aGF0IHRoZSB2ZXJpZmlj YXRpb24gZmFpbGVkIGFuZCBmb3IgZGV2ZWxvcGVyIGl0IHdhcyBub3QgY2xlYXIgd2hpY2ggZmll bGQgY2F1c2VkIHRoZSBkaWdlc3QgdmVyaWZpY2F0aW9uIHRvIGZhaWwuDQoNCkluIGh0dHBzOi8v bmEwMS5zYWZlbGlua3MucHJvdGVjdGlvbi5vdXRsb29rLmNvbS8/dXJsPWh0dHBzJTNBJTJGJTJG dG9vbHMuaWV0Zi5vcmclMkZodG1sJTJGZHJhZnQtaWV0Zi1vYXV0aC1zaWduZWQtaHR0cC1yZXF1 ZXN0LTAxJmRhdGE9MDQlN0MwMSU3Q2R0aGFsZXIlNDBtaWNyb3NvZnQuY29tJTdDMWZjOWQ3MmZk MWNjNGQ5ZDE1ZDMwOGQ1NmU1MGY0NTAlN0NlZTMzMDNkN2ZiNzM0YjBjODU4OWJjZDg0N2YxYzI3 NyU3QzElN0MwJTdDNjM2NTM2MjE2MzM4MzAzNjYwJTdDVW5rbm93biU3Q1RXRnBiR1pzYjNkOGV5 SldJam9pTUM0d0xqQXdNREFpTENKUUlqb2lWMmx1TXpJaUxDSkJUaUk2SWsxaGFXd2lmUSUzRCUz RCU3Qy0xJnNkYXRhPUxGaXRuZWVYSk1IbEdhMjZqenB1SEg2NzNXWUZsQ0JUb2w1Qjl6N3YxOGcl M0QmcmVzZXJ2ZWQ9MCB3ZSBmb2xsb3dlZCBhIGRpZmZlcmVudCBkZXNpZ24gYXBwcm9hY2ggd2hl cmUgd2UgYXBwbHkgdGhlIGRpZ2VzdCBzZWxlY3RpdmVseSBvdmVyIGZpZWxkIGFuZCB0aGV5IGFy ZSByZXBlYXRlZCBpbiB0aGUgbmV3bHkgZGVmaW5lZCBwYXJhbWV0ZXIuDQoNCkNpYW8NCkhhbm5l cw0KDQotLS0tLU9yaWdpbmFsIE1lc3NhZ2UtLS0tLQ0KRnJvbTogRGF2ZSBUaGFsZXIgW21haWx0 bzpkdGhhbGVyQG1pY3Jvc29mdC5jb21dDQpTZW50OiAwNyBGZWJydWFyeSAyMDE4IDE3OjI3DQpU bzogR8O2cmFuIFNlbGFuZGVyOyBIYW5uZXMgVHNjaG9mZW5pZzsgT0F1dGhAaWV0Zi5vcmcNCkNj OiBkcmFmdC1pZXRmLWNvcmUtb2JqZWN0LXNlY3VyaXR5QGlldGYub3JnDQpTdWJqZWN0OiBSRTog W09BVVRILVdHXSBPU0NPUkUNCg0KQXMgR8O2cmFuIHNhaWQsIHllcyB0aGUgb3JpZ2luYWwgcmF0 aW9uYWxlIHdhcyBlbmQtdG8tZW5kIGNvbW11bmljYXRpb24gdGhyb3VnaCBwcm94aWVzIHdoZXJl IGVhY2ggbGVnIG1pZ2h0IGJlIENvQVAgb3IgbWlnaHQgYmUgSFRUUCwNCnRoZSBtb3N0IGNvbW1v biBjYXNlIGJlaW5nIGEgc2luZ2xlIENPQVAtdG8tSFRUUCBvciBIVFRQLXRvLUNPQVAgcHJveHku ICAgRm9yIHRoZSBzdWJzZXQgb2YgSFRUUCB0aGF0IGlzIG1hcHBhYmxlIHRvIENvQVANCihpLmUu LCBzaW1wbGUgUkVTVGZ1bCBjYWxscyksIEknbSBub3QgYXdhcmUgb2YgYW55IHJlYXNvbiBpdCB3 b3VsZG4ndCB3b3JrIHdpdGggYSBzaW1wbGUgSFRUUCBwcm94eSB3aGVyZSBhbGwgbGVncyBhcmUg SFRUUC4NCkl0IHdvdWxkIGJlIGdvb2QgaWYgc29tZW9uZSBjb3VsZCB0cnkgdGhhdCBhbmQgdmVy aWZ5IGl0IHRob3VnaC4uLiBtYXliZSBhIGhhY2thdGhvbiBwcm9qZWN0Lg0KDQotLS0tLU9yaWdp bmFsIE1lc3NhZ2UtLS0tLQ0KRnJvbTogR8O2cmFuIFNlbGFuZGVyIFttYWlsdG86Z29yYW4uc2Vs YW5kZXJAZXJpY3Nzb24uY29tXQ0KU2VudDogV2VkbmVzZGF5LCBGZWJydWFyeSA3LCAyMDE4IDg6 MDAgQU0NClRvOiBIYW5uZXMgVHNjaG9mZW5pZyA8SGFubmVzLlRzY2hvZmVuaWdAYXJtLmNvbT47 IE9BdXRoQGlldGYub3JnOyBEYXZlIFRoYWxlciA8ZHRoYWxlckBtaWNyb3NvZnQuY29tPg0KQ2M6 IGRyYWZ0LWlldGYtY29yZS1vYmplY3Qtc2VjdXJpdHlAaWV0Zi5vcmcNClN1YmplY3Q6IFJlOiBb T0FVVEgtV0ddIE9TQ09SRQ0KDQpIaSBIYW5uZXMsDQoNCkluY2x1ZGluZyBEYXZlIHdobyBtYXkg d2FudCB0byBwcm92aWRlIHNvbWUgYmFja2dyb3VuZCB0byB0aGUgdXNlIGNhc2UuDQoNCkFzIEkg c2FpZCwgdGhpcyB3YXMgYSBwcm9wb3NlZCBjb25zdHJ1Y3Rpb24gYW5kIHdhcyBzdHJhaWdodGZv cndhcmQgdG8gaW5jbHVkZSBpbiB0aGUgZHJhZnQuIEnigJltIG5vdCB0aGUgcmlnaHQgcGVyc29u IHRvIGFuc3dlciB3aGV0aGVyIHRoaXMgaXMgdXNlZnVsIGZvciBPQXV0aCwgYnV0IEnigJltIGlu dGVyZXN0ZWQgaW4gdGhlIGFuc3dlci4NCg0KR8O2cmFuDQoNCg0KT24gMjAxOC0wMi0wNyAxNTo0 NywgIkhhbm5lcyBUc2Nob2ZlbmlnIiA8SGFubmVzLlRzY2hvZmVuaWdAYXJtLmNvbT4gd3JvdGU6 DQoNCj5IaSBHw7ZyYW4sDQo+DQo+TWF5YmUgeW91IGNhbiB0aGVuIGFuc3dlciB0aGUgcXVlc3Rp b24gd2hldGhlciB0aGlzIGlzIHVzZWZ1bCAvIA0KPmFwcGxpY2FibGUgdG8gYSBIVFRQLiBBc2tl ZCBkaWZmZXJlbnRseSwgdW5kZXIgd2hhdCBjb25kaXRpb25zIGRvZXMgdGhlIA0KPk9TQ09SRSBu b3Qgd29yayBmb3IgSFRUUC4gVGhpcyB3b3VsZCBoZWxwIHRoZSBmb2xrcyBpbiB0aGUgZ3JvdXAs IA0KPmluY2x1ZGluZyBtZSwgdG8gZGV0ZXJtaW5lIHdoZXRoZXIgdGhpcyBhY3R1YWxseSBzb21l dGhpbmcgd2Ugc2hvdWxkIGJlIA0KPmxvb2tpbmcgaW50byBhdCBhbGwuIE5vdGUgdGhhdCB0eXBp Y2FsIGFwcGxpY2F0aW9ucyB0aGF0IHVzZSBPQXV0aCBkbyANCj5ub3QgdXNlIENvQVAgLS0gb25s eSBIVFRQLg0KPg0KPkluIE9BdXRoIHdlIGhhZCBmb3Igc2V2ZXJhbCB5ZWFycyB0cmllZCB0byBn ZXQgSFRUUCBtZXNzYWdlIHByb3RlY3Rpb24gDQo+d29ya2luZyBhbmQgd2UgaGF2ZSwgdW5mb3J0 dW5hdGVseSwgZmFpbGVkIHRvIGZpbmQgYSBzdWl0YWJsZSBzb2x1dGlvbi4NCj4NCj5DaWFvDQo+ SGFubmVzDQo+DQo+DQo+LS0tLS1PcmlnaW5hbCBNZXNzYWdlLS0tLS0NCj5Gcm9tOiBHw7ZyYW4g U2VsYW5kZXIgW21haWx0bzpnb3Jhbi5zZWxhbmRlckBlcmljc3Nvbi5jb21dDQo+U2VudDogMDcg RmVicnVhcnkgMjAxOCAxNTozNw0KPlRvOiBIYW5uZXMgVHNjaG9mZW5pZzsgT0F1dGhAaWV0Zi5v cmcNCj5DYzogZHJhZnQtaWV0Zi1jb3JlLW9iamVjdC1zZWN1cml0eUBpZXRmLm9yZw0KPlN1Ympl Y3Q6IFtPQVVUSC1XR10gT1NDT1JFDQo+DQo+DQo+SGkgSGFubmVzLCBhbmQgYWxsDQo+DQo+VGhh bmtzIGZvciB0aGUgYW5ub3VuY2VtZW50Lg0KPg0KPlRvIGJlIGEgbGl0dGxlIGJpdCBtb3JlIHBy ZWNpc2UsIHRoZSBzdGF0ZW1lbnQgaXMgdGhhdCBhIENvQVAtbWFwcGFibGUgDQo+SFRUUCBtZXNz YWdlIGNhbiBiZSBtYXBwZWQgdG8gQ29BUCAodXNpbmcgUkZDIDgwNzUpLCBwcm90ZWN0ZWQgd2l0 aCANCj5PU0NPUkUgKGFzIHNwZWNpZmllZCBpbiB0aGUgcmVmZXJlbmNlZCBkcmFmdCkgYW5kIHRy YW5zcG9ydGVkIHdpdGggSFRUUCANCj4oYXMgZXhlbXBsaWZpZWQgaW4gdGhlIHJlZmVyZW5jZWQg ZHJhZnQpLiBUaGUgbWFpbiB1c2UgY2FzZSBpcyBpbiANCj5jb25qdW5jdGlvbiB3aXRoIGFuIEhU VFAtQ29BUCB0cmFuc2xhdGlvbmFsIHByb3h5IChSRkMgODA3NSksIGFuZCB0aGUgDQo+bWFwcGlu ZyB3b3VsZCB3aXRoIHRoaXMgY29uc3RydWN0aW9uIHJlc3VsdCBpbiBhIENvQVAtbWFwcGFibGUg SFRUUCANCj5yZXF1ZXN0IGJlaW5nIHByb3RlY3RlZCBieSBhbiBIVFRQIGNsaWVudCBhbmQgdmVy aWZpZWQgYnkgYSBDb0FQIHNlcnZlci4NCj4NCj5UaGlzIGZ1bmN0aW9uYWxpdHkgd2FzIHByb3Bv c2VkIGJ5IE9DRiBmb3IgdGhlaXIgZW5kLXRvLWVuZCBSRVNUIHVzZSANCj5jYXNlcy4gSGFwcHkg dG8gaGVhciBhbnkgY29tbWVudHMgb24gdGhlIGNvbnN0cnVjdGlvbiBhcyBkZXNjcmliZWQgaW4g DQo+dGhlIGRyYWZ0Lg0KPg0KPg0KPk5vdGUgdGhhdCBIYW5uZXMgcmVmZXJlbmNlZCB0aGUgd3Jv bmcgdmVyc2lvbiBvZiB0aGUgZHJhZnQsIGhlcmUgaXMgdGhlDQo+bGF0ZXN0Og0KPg0KPmh0dHBz Oi8vbmEwMS5zYWZlbGlua3MucHJvdGVjdGlvbi5vdXRsb29rLmNvbS8/dXJsPWh0dHBzJTNBJTJG JTJGdG9vbHMuDQo+aWV0Zi5vcmclMkZodG1sJTJGZHJhZnQtaWV0Zi1jb3JlLW9iamVjdC1zZWN1 cml0eS0wOCZkYXRhPTA0JTdDMDElN0NkdGgNCj5hbGVyJTQwbWljcm9zb2Z0LmNvbSU3QzBjNzAx NzVjZTc2MzQ2OThlMDZhMDhkNTZlNDNmMzZjJTdDZWUzMzAzZDdmYjczNA0KPmIwYzg1ODliY2Q4 NDdmMWMyNzclN0MxJTdDMCU3QzYzNjUzNjE2MDQ4MzIyMzQzMyU3Q1Vua25vd24lN0NUV0ZwYkda c2IzDQo+ZDhleUpXSWpvaU1DNHdMakF3TURBaUxDSlFJam9pVjJsdU16SWlMQ0pCVGlJNklrMWhh V3dpZlElM0QlM0QlN0MtMSZzZGENCj50YT1RZ2IyZ3ZrVjV1QklqMzZvZ0FZbHVhTjA4UFM5WXV5 WHolMkZsSnpsczFVOWclM0QmcmVzZXJ2ZWQ9MA0KPg0KPg0KPkfDtnJhbg0KPg0KPg0KPk9uIDIw MTgtMDItMDcgMTE6MDYsIEhhbm5lcyBUc2Nob2ZlbmlnIHdyb3RlOg0KPj4gSGkgZ3V5cywNCj4+ DQo+PiBZb3UgbWF5IGJlIGludGVyZXN0ZWQgdG8gaGVhciB0aGF0IGEgZ3JvdXAgb2YgcGVvcGxl IHdvcmtpbmcgb24gDQo+PiBJbnRlcm5ldCBvZiBUaGluZ3Mgc2VjdXJpdHkgYmVsaWV2ZSB0aGV5 IGhhdmUgZm91bmQgYSBzb2x1dGlvbiB0byANCj4+IGRlYWwgd2l0aCB0aGUgY2hhbGxlbmdlcyB3 ZSBoYWQgaW4gcHJvdGVjdGluZyBIVFRQIHJlcXVlc3RzL3Jlc3BvbnNlcy4NCj4+DQo+PiBIZXJl IGlzIHRoZSBkcmFmdDoNCj4+IGh0dHBzOi8vbmEwMS5zYWZlbGlua3MucHJvdGVjdGlvbi5vdXRs b29rLmNvbS8/dXJsPWh0dHBzJTNBJTJGJTJGdG9vbA0KPj4gcy5pZXRmLm9yZyUyRmh0bWwlMkZk cmFmdC1pZXRmLWNvcmUtb2JqZWN0LXNlY3VyaXR5LTA3JmRhdGE9MDQlN0MwMSU3DQo+PiBDZHRo YWxlciU0MG1pY3Jvc29mdC5jb20lN0MwYzcwMTc1Y2U3NjM0Njk4ZTA2YTA4ZDU2ZTQzZjM2YyU3 Q2VlMzMwM2QNCj4+IDdmYjczNGIwYzg1ODliY2Q4NDdmMWMyNzclN0MxJTdDMCU3QzYzNjUzNjE2 MDQ4MzIyMzQzMyU3Q1Vua25vd24lN0NUVw0KPj4gRnBiR1pzYjNkOGV5SldJam9pTUM0d0xqQXdN REFpTENKUUlqb2lWMmx1TXpJaUxDSkJUaUk2SWsxaGFXd2lmUSUzRCUzDQo+PiBEJTdDLTEmc2Rh dGE9azRNbEhFQk0wWWF5Um9xJTJCMEtqSUJkelNoZlhNU1cyRVFESzAzJTJGTUNKJTJCMCUzRCZy ZXMNCj4+IGVydmVkPTANCj4+DQo+PiAoVGhlIGRyYWZ0IGlzIG1vc3RseSBmb2N1c2VkIG9uIENv QVAgYnV0IGl0IGlzIHN1cHBvc2VkIHRvIGJlIA0KPj4gYXBwbGljYWJsZSBhbHNvIHRvIEhUVFAu KQ0KPj4NCj4+IENpYW8NCj4+IEhhbm5lcw0KPj4NCj4+IElNUE9SVEFOVCBOT1RJQ0U6IFRoZSBj b250ZW50cyBvZiB0aGlzIGVtYWlsIGFuZCBhbnkgYXR0YWNobWVudHMgYXJlIA0KPj4gY29uZmlk ZW50aWFsIGFuZCBtYXkgYWxzbyBiZSBwcml2aWxlZ2VkLiBJZiB5b3UgYXJlIG5vdCB0aGUgaW50 ZW5kZWQgDQo+PiByZWNpcGllbnQsIHBsZWFzZSBub3RpZnkgdGhlIHNlbmRlciBpbW1lZGlhdGVs eSBhbmQgZG8gbm90IGRpc2Nsb3NlIA0KPj4gdGhlIGNvbnRlbnRzIHRvIGFueSBvdGhlciBwZXJz b24sIHVzZSBpdCBmb3IgYW55IHB1cnBvc2UsIG9yIHN0b3JlIG9yIA0KPj4gY29weSB0aGUgaW5m b3JtYXRpb24gaW4gYW55IG1lZGl1bS4gVGhhbmsgeW91Lg0KPj4NCj4+DQo+PiBfX19fX19fX19f X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fXw0KPj4gT0F1dGggbWFpbGluZyBs aXN0DQo+PiBPQXV0aEBpZXRmLm9yZw0KPj4gaHR0cHM6Ly9uYTAxLnNhZmVsaW5rcy5wcm90ZWN0 aW9uLm91dGxvb2suY29tLz91cmw9aHR0cHMlM0ElMkYlMkZ3d3cuDQo+PiBpZXRmLm9yZyUyRm1h aWxtYW4lMkZsaXN0aW5mbyUyRm9hdXRoJmRhdGE9MDQlN0MwMSU3Q2R0aGFsZXIlNDBtaWNyb3MN Cj4+IG9mdC5jb20lN0MwYzcwMTc1Y2U3NjM0Njk4ZTA2YTA4ZDU2ZTQzZjM2YyU3Q2VlMzMwM2Q3 ZmI3MzRiMGM4NTg5YmNkOA0KPj4gNDdmMWMyNzclN0MxJTdDMCU3QzYzNjUzNjE2MDQ4MzIyMzQz MyU3Q1Vua25vd24lN0NUV0ZwYkdac2IzZDhleUpXSWpvDQo+PiBpTUM0d0xqQXdNREFpTENKUUlq b2lWMmx1TXpJaUxDSkJUaUk2SWsxaGFXd2lmUSUzRCUzRCU3Qy0xJnNkYXRhPUtZQ1YNCj4+IGgz QXhJdVhmR29BMFI0VzZwb1hiaE4lMkIxaktEQWtRZ055Z0lZaG1NJTNEJnJlc2VydmVkPTANCj4+ DQo+DQo+DQo+DQo+DQo+SU1QT1JUQU5UIE5PVElDRTogVGhlIGNvbnRlbnRzIG9mIHRoaXMgZW1h aWwgYW5kIGFueSBhdHRhY2htZW50cyBhcmUgDQo+Y29uZmlkZW50aWFsIGFuZCBtYXkgYWxzbyBi ZSBwcml2aWxlZ2VkLiBJZiB5b3UgYXJlIG5vdCB0aGUgaW50ZW5kZWQgDQo+cmVjaXBpZW50LCBw bGVhc2Ugbm90aWZ5IHRoZSBzZW5kZXIgaW1tZWRpYXRlbHkgYW5kIGRvIG5vdCBkaXNjbG9zZSB0 aGUgDQo+Y29udGVudHMgdG8gYW55IG90aGVyIHBlcnNvbiwgdXNlIGl0IGZvciBhbnkgcHVycG9z ZSwgb3Igc3RvcmUgb3IgY29weSANCj50aGUgaW5mb3JtYXRpb24gaW4gYW55IG1lZGl1bS4gVGhh bmsgeW91Lg0KDQpJTVBPUlRBTlQgTk9USUNFOiBUaGUgY29udGVudHMgb2YgdGhpcyBlbWFpbCBh bmQgYW55IGF0dGFjaG1lbnRzIGFyZSBjb25maWRlbnRpYWwgYW5kIG1heSBhbHNvIGJlIHByaXZp bGVnZWQuIElmIHlvdSBhcmUgbm90IHRoZSBpbnRlbmRlZCByZWNpcGllbnQsIHBsZWFzZSBub3Rp ZnkgdGhlIHNlbmRlciBpbW1lZGlhdGVseSBhbmQgZG8gbm90IGRpc2Nsb3NlIHRoZSBjb250ZW50 cyB0byBhbnkgb3RoZXIgcGVyc29uLCB1c2UgaXQgZm9yIGFueSBwdXJwb3NlLCBvciBzdG9yZSBv ciBjb3B5IHRoZSBpbmZvcm1hdGlvbiBpbiBhbnkgbWVkaXVtLiBUaGFuayB5b3UuDQo= From nobody Fri Feb 9 00:02:45 2018 Return-Path: X-Original-To: oauth@ietfa.amsl.com Delivered-To: oauth@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 87F7A127698 for ; Fri, 9 Feb 2018 00:02:43 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.901 X-Spam-Level: X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Tb1bi0Dc7xKh for ; Fri, 9 Feb 2018 00:02:41 -0800 (PST) Received: from p3plsmtpa09-02.prod.phx3.secureserver.net (p3plsmtpa09-02.prod.phx3.secureserver.net [173.201.193.231]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4118C12420B for ; Fri, 9 Feb 2018 00:02:41 -0800 (PST) Received: from [192.168.0.107] ([78.130.190.73]) by :SMTPAUTH: with SMTP id k3dneWZ22A4c3k3doe7PcB; Fri, 09 Feb 2018 01:02:40 -0700 To: oauth@ietf.org References: <150064286988.11282.3403961378795912731.idtracker@ietfa.amsl.com> <01c101d30224$e0519ec0$a0f4dc40$@nri.co.jp> From: Vladimir Dzhuvinov Organization: Connect2id Ltd. Message-ID: <1f8bd496-5f52-96d6-0eac-de291602b60f@connect2id.com> Date: Fri, 9 Feb 2018 10:02:39 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.5.0 MIME-Version: 1.0 In-Reply-To: <01c101d30224$e0519ec0$a0f4dc40$@nri.co.jp> Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg=sha-256; boundary="------------ms070506060409080606040804" X-CMAE-Envelope: MS4wfI8Dtu24DF1HXG5keRtdLi/iAT8hWPvqDhZTD69TsbniGkY+ZhKt78wKIQN8Dr5JO+WuDKsCG+CeBOdLJJiV4/dCmeLXCOVOacFq/8f+qTQuXIAKRguT ++8aCPfFnyvmba1NBDwxZyUwXVqtsCYFSxj7KGBWW1lO2Ljj0vY7HwjA Archived-At: Subject: Re: [OAUTH-WG] FW: New Version Notification for draft-ietf-oauth-jwsreq-15.txt X-BeenThere: oauth@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: OAUTH WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 09 Feb 2018 08:02:44 -0000 This is a cryptographically signed message in MIME format. --------------ms070506060409080606040804 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Content-Language: en-US Hi Nat, I suppose you saw the FAPI WG ticket to consider adding an AS metadata parameter for the request object endpoint: https://bitbucket.org/openid/fapi/issues/134/ Perhaps that issue should be addressed here, in the OAuth WG. But I'm not sure what can be done at this stage, with draft-ietf-oauth-jwsreq-15 have gone to the IESG. Vladimir On 21/07/17 16:25, Nat Sakimura wrote: > Hi > > This version hopefully have addressed all the comments that I received = during IESG review.=20 > I also added RFC8141 as the reference to URN.=20 > > The main difference from -12 that was posted in March are:=20 > > 1) Now, all the parameters to be used MUST reside within the request ob= ject.=20 > (It is still possible to be duplicated but they are ignored from the= security point of view by the server that supports this spec.) > 2) Clarified that when request object is stored by the authorization se= rver, `request_uri` can be a URN.=20 > 3) Added text on the security risks of using `request_uri` in the secur= ity consideration.=20 > > Best,=20 > > Nat Sakimura > > -- > PLEASE READ :This e-mail is confidential and intended for the named rec= ipient only. If you are not an intended recipient, please notify the send= er and delete this e-mail. > > >> -----Original Message----- >> From: internet-drafts@ietf.org [mailto:internet-drafts@ietf.org] >> Sent: Friday, July 21, 2017 10:14 PM >> To: Nat Sakimura ; John Bradley=20 >> >> Subject: New Version Notification for draft-ietf-oauth-jwsreq-15.txt >> >> >> A new version of I-D, draft-ietf-oauth-jwsreq-15.txt has been=20 >> successfully submitted by Nat Sakimura and posted to the IETF reposito= ry. >> >> Name: draft-ietf-oauth-jwsreq >> Revision: 15 >> Title: The OAuth 2.0 Authorization Framework: JWT Secured >> Authorization Request (JAR) >> Document date: 2017-07-21 >> Group: oauth >> Pages: 26 >> URL: >> https://www.ietf.org/internet-drafts/draft-ietf-oauth-jwsreq-15.txt >> Status: https://datatracker.ietf.org/doc/draft-ietf-oauth-jwsr= eq/ >> Htmlized: https://tools.ietf.org/html/draft-ietf-oauth-jwsreq-15= >> Htmlized: >> https://datatracker.ietf.org/doc/html/draft-ietf-oauth-jwsreq-15 >> Diff: >> https://www.ietf.org/rfcdiff?url2=3Ddraft-ietf-oauth-jwsreq-15 >> >> Abstract: >> The authorization request in OAuth 2.0 described in RFC 6749 utiliz= es >> query parameter serialization, which means that Authorization Reque= st >> parameters are encoded in the URI of the request and sent through >> user agents such as web browsers. While it is easy to implement, i= t >> means that (a) the communication through the user agents are not >> integrity protected and thus the parameters can be tainted, and (b)= >> the source of the communication is not authenticated. Because of >> these weaknesses, several attacks to the protocol have now been put= >> forward. >> >> This document introduces the ability to send request parameters in = a >> JSON Web Token (JWT) instead, which allows the request to be signed= >> with JSON Web Signature (JWS) and encrypted with JSON Web Encryptio= n >> (JWE) so that the integrity, source authentication and >> confidentiality property of the Authorization Request is attained. >> The request can be sent by value or by reference. >> >> >> >> >> Please note that it may take a couple of minutes from the time of=20 >> submission until the htmlized version and diff are available at tools.= ietf.org. >> >> The IETF Secretariat > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth --------------ms070506060409080606040804 Content-Type: application/pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" Content-Description: S/MIME Cryptographic Signature MIAGCSqGSIb3DQEHAqCAMIACAQExDzANBglghkgBZQMEAgEFADCABgkqhkiG9w0BBwEAAKCC CfwwggSvMIIDl6ADAgECAhEA4CPLFRKDU4mtYW56VGdrITANBgkqhkiG9w0BAQsFADBvMQsw CQYDVQQGEwJTRTEUMBIGA1UEChMLQWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFkZFRydXN0IEV4 dGVybmFsIFRUUCBOZXR3b3JrMSIwIAYDVQQDExlBZGRUcnVzdCBFeHRlcm5hbCBDQSBSb290 MB4XDTE0MTIyMjAwMDAwMFoXDTIwMDUzMDEwNDgzOFowgZsxCzAJBgNVBAYTAkdCMRswGQYD VQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAOBgNVBAcTB1NhbGZvcmQxGjAYBgNVBAoTEUNP TU9ETyBDQSBMaW1pdGVkMUEwPwYDVQQDEzhDT01PRE8gU0hBLTI1NiBDbGllbnQgQXV0aGVu dGljYXRpb24gYW5kIFNlY3VyZSBFbWFpbCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC AQoCggEBAImxDdp6UxlOcFIdvFamBia3uEngludRq/HwWhNJFaO0jBtgvHpRQqd5jKQi3xdh TpHVdiMKFNNKAn+2HQmAbqUEPdm6uxb+oYepLkNSQxZ8rzJQyKZPWukI2M+TJZx7iOgwZOak +FaA/SokFDMXmaxE5WmLo0YGS8Iz1OlAnwawsayTQLm1CJM6nCpToxDbPSBhPFUDjtlOdiUC ISn6o3xxdk/u4V+B6ftUgNvDezVSt4TeIj0sMC0xf1m9UjewM2ktQ+v61qXxl3dnUYzZ7ifr vKUHOHaMpKk4/9+M9QOsSb7K93OZOg8yq5yVOhM9DkY6V3RhUL7GQD/L5OKfoiECAwEAAaOC ARcwggETMB8GA1UdIwQYMBaAFK29mHo0tCb3+sQmVO8DveAky1QaMB0GA1UdDgQWBBSSYWuC 4aKgqk/sZ/HCo/e0gADB7DAOBgNVHQ8BAf8EBAMCAYYwEgYDVR0TAQH/BAgwBgEB/wIBADAd BgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwQwEQYDVR0gBAowCDAGBgRVHSAAMEQGA1Ud HwQ9MDswOaA3oDWGM2h0dHA6Ly9jcmwudXNlcnRydXN0LmNvbS9BZGRUcnVzdEV4dGVybmFs Q0FSb290LmNybDA1BggrBgEFBQcBAQQpMCcwJQYIKwYBBQUHMAGGGWh0dHA6Ly9vY3NwLnVz ZXJ0cnVzdC5jb20wDQYJKoZIhvcNAQELBQADggEBABsqbqxVwTqriMXY7c1V86prYSvACRAj mQ/FZmpvsfW0tXdeDwJhAN99Bf4Ss6SAgAD8+x1banICCkG8BbrBWNUmwurVTYT7/oKYz1gb 4yJjnFL4uwU2q31Ypd6rO2Pl2tVz7+zg+3vio//wQiOcyraNTT7kSxgDsqgt1Ni7QkuQaYUQ 26Y3NOh74AEQpZzKOsefT4g0bopl0BqKu6ncyso20fT8wmQpNa/WsadxEdIDQ7GPPprsnjJT 9HaSyoY0B7ksyuYcStiZDcGG4pCS+1pCaiMhEOllx/XVu37qjIUgAmLq0ToHLFnFmTPyOInl tukWeh95FPZKEBom+nyK+5swggVFMIIELaADAgECAhAlSsBX16i/yGZZkfkyj/exMA0GCSqG SIb3DQEBCwUAMIGbMQswCQYDVQQGEwJHQjEbMBkGA1UECBMSR3JlYXRlciBNYW5jaGVzdGVy MRAwDgYDVQQHEwdTYWxmb3JkMRowGAYDVQQKExFDT01PRE8gQ0EgTGltaXRlZDFBMD8GA1UE AxM4Q09NT0RPIFNIQS0yNTYgQ2xpZW50IEF1dGhlbnRpY2F0aW9uIGFuZCBTZWN1cmUgRW1h aWwgQ0EwHhcNMTcwNDA2MDAwMDAwWhcNMTgwNDA2MjM1OTU5WjAoMSYwJAYJKoZIhvcNAQkB Fhd2bGFkaW1pckBjb25uZWN0MmlkLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC ggEBAMHntIxpX2yNwHUcSrxfJihY9EtYTwC4VArv/C03YlEV92AQljLFYVKtRp+iKT8WDKo2 CqzPYaIHbKD0ivoou0qXQgv4yOk8rQxFmpTzCCe2c1KercueHfy595CnMz1u8GsQyblZqFMD HmzoEvD1YZiI3FEh049tVixBnHwPD9fyiGlf8+QdjwmBLMQwdrrib7xcswNXKYIsfj6Qm5oa d83bsz8VmYm5U39DbNPh01SzqAzwZt3jMuhy0su7lMs75lKYzWMA7b/9qrp40E3vR0yDvOn5 7Ijs+LFE2wPDTebVVfYT+m24e5/v/2w6sX5g/6oJsZnwPM737zIXV7x6jqECAwEAAaOCAfUw ggHxMB8GA1UdIwQYMBaAFJJha4LhoqCqT+xn8cKj97SAAMHsMB0GA1UdDgQWBBQA+4E14UMY HyjzXHClSV9VfWHpPzAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAgBgNVHSUEGTAX BggrBgEFBQcDBAYLKwYBBAGyMQEDBQIwEQYJYIZIAYb4QgEBBAQDAgUgMEYGA1UdIAQ/MD0w OwYMKwYBBAGyMQECAQEBMCswKQYIKwYBBQUHAgEWHWh0dHBzOi8vc2VjdXJlLmNvbW9kby5u ZXQvQ1BTMF0GA1UdHwRWMFQwUqBQoE6GTGh0dHA6Ly9jcmwuY29tb2RvY2EuY29tL0NPTU9E T1NIQTI1NkNsaWVudEF1dGhlbnRpY2F0aW9uYW5kU2VjdXJlRW1haWxDQS5jcmwwgZAGCCsG AQUFBwEBBIGDMIGAMFgGCCsGAQUFBzAChkxodHRwOi8vY3J0LmNvbW9kb2NhLmNvbS9DT01P RE9TSEEyNTZDbGllbnRBdXRoZW50aWNhdGlvbmFuZFNlY3VyZUVtYWlsQ0EuY3J0MCQGCCsG AQUFBzABhhhodHRwOi8vb2NzcC5jb21vZG9jYS5jb20wIgYDVR0RBBswGYEXdmxhZGltaXJA Y29ubmVjdDJpZC5jb20wDQYJKoZIhvcNAQELBQADggEBACYLv9z6ZOucvt5MlRhNY6SJISDN 880UmdH7IdeP2kJjS3GwuVaVUCQY/frypeIm3A+y0fKEVNJAJO7tfL88yOW4wjA9JMGokpy5 RswZ0uikkNSOt6CF3YGagsfr4VnrcoUxCH+FoGZcWvWYHajJy+QkVG2i6XvsTE7jv1PIsoDU SJuCW+Dvg6iJI9Etpfv1ZrBeDEL05PkPBZfazKMj4MkVirkfbG3qgbzRzAb+7Vsm309NKQ+i EUfoxt83ByC6+URLl3PoR2UTZv7M1JQmTtaQWe1LrAEKlBGHkfnSlxueLnmpCUJRS7Ldyfh5 60OdVFcB5twXPnYWtoZfdTlbv5oxggRBMIIEPQIBATCBsDCBmzELMAkGA1UEBhMCR0IxGzAZ BgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UEChMR Q09NT0RPIENBIExpbWl0ZWQxQTA/BgNVBAMTOENPTU9ETyBTSEEtMjU2IENsaWVudCBBdXRo ZW50aWNhdGlvbiBhbmQgU2VjdXJlIEVtYWlsIENBAhAlSsBX16i/yGZZkfkyj/exMA0GCWCG SAFlAwQCAQUAoIICYTAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEP Fw0xODAyMDkwODAyMzlaMC8GCSqGSIb3DQEJBDEiBCBp9lDAbCEnNCTINytyx55upBB+cWmF asxHtNF84yRsmTBsBgkqhkiG9w0BCQ8xXzBdMAsGCWCGSAFlAwQBKjALBglghkgBZQMEAQIw CgYIKoZIhvcNAwcwDgYIKoZIhvcNAwICAgCAMA0GCCqGSIb3DQMCAgFAMAcGBSsOAwIHMA0G CCqGSIb3DQMCAgEoMIHBBgkrBgEEAYI3EAQxgbMwgbAwgZsxCzAJBgNVBAYTAkdCMRswGQYD VQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAOBgNVBAcTB1NhbGZvcmQxGjAYBgNVBAoTEUNP TU9ETyBDQSBMaW1pdGVkMUEwPwYDVQQDEzhDT01PRE8gU0hBLTI1NiBDbGllbnQgQXV0aGVu dGljYXRpb24gYW5kIFNlY3VyZSBFbWFpbCBDQQIQJUrAV9eov8hmWZH5Mo/3sTCBwwYLKoZI hvcNAQkQAgsxgbOggbAwgZsxCzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNo ZXN0ZXIxEDAOBgNVBAcTB1NhbGZvcmQxGjAYBgNVBAoTEUNPTU9ETyBDQSBMaW1pdGVkMUEw PwYDVQQDEzhDT01PRE8gU0hBLTI1NiBDbGllbnQgQXV0aGVudGljYXRpb24gYW5kIFNlY3Vy ZSBFbWFpbCBDQQIQJUrAV9eov8hmWZH5Mo/3sTANBgkqhkiG9w0BAQEFAASCAQAWPJGg6jU+ hC3+JyXQ+K3HlSJc5Vzs9GMQc1hf2RTTB6yhkqhvw0RqSg8VtlCwbZC1f42lPOOfwbqvk6UN dlpkxMCoZWZR2jQNdPjNLfIA8atjkqlW4oB333ejh2Y3XAyICsuHbhgVvnaC3tbUtEqneYW3 6/W5rAjXGjoWRwL9qLjkD5kNQNK4SRMqhVJRIfJDKv4jsRNiQB98zCeoEHZLug98X7/w4n6n pXxkezBlJDp+AAzrrEI5sSI6iX9Acg/UTYXvIOzKh+pTwMfIMNpc5NBRn0VZjb5iwcjtdVxU 0QaiRg/TP0ALcDuAHns0F96ceW5bS7j6aEeSX2oh/k6OAAAAAAAA --------------ms070506060409080606040804-- From nobody Fri Feb 9 01:27:22 2018 Return-Path: X-Original-To: oauth@ietfa.amsl.com Delivered-To: oauth@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AA83512420B for ; Fri, 9 Feb 2018 01:27:20 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.791 X-Spam-Level: X-Spam-Status: No, score=-1.791 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_DKIM_INVALID=0.01] autolearn=no autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=fail (1024-bit key) reason="fail (message has been altered)" header.d=nri365.onmicrosoft.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4Y1fNOFmITTu for ; Fri, 9 Feb 2018 01:27:18 -0800 (PST) Received: from nrifs04.index.or.jp (nrigw01.index.or.jp [133.250.250.1]) by ietfa.amsl.com (Postfix) with ESMTP id 462041200E5 for ; Fri, 9 Feb 2018 01:27:18 -0800 (PST) Received: from nrimmfm052.index.or.jp (unknown [172.19.246.144]) by nrifs04.index.or.jp (Postfix) with ESMTP id 508BC472EEA; Fri, 9 Feb 2018 18:27:17 +0900 (JST) Received: from index.or.jp (unknown [172.19.246.151]) by nrimmfm052.index.or.jp (Postfix) with ESMTP id 0109F4E0046; Fri, 9 Feb 2018 18:27:17 +0900 (JST) Received: from nriea05.index.or.jp (localhost.localdomain [127.0.0.1]) by pps.mf051 (8.15.0.59/8.15.0.59) with SMTP id w199RGUs023591; Fri, 9 Feb 2018 18:27:16 +0900 Received: from nrims00a.nri.co.jp ([192.50.135.11]) by nriea05.index.or.jp with ESMTP id w199RGWX023590; Fri, 09 Feb 2018 18:27:16 +0900 Received: from nrims00a.nri.co.jp (localhost.localdomain [127.0.0.1]) by nrims00a.nri.co.jp (Switch-3.3.4/Switch-3.3.4) with ESMTP id w199RGCr043382; Fri, 9 Feb 2018 18:27:16 +0900 Received: (from mailnull@localhost) by nrims00a.nri.co.jp (Switch-3.3.4/Switch-3.3.0/Submit) id w199RGkK043380; Fri, 9 Feb 2018 18:27:16 +0900 X-Authentication-Warning: nrims00a.nri.co.jp: mailnull set sender to n-sakimura@nri.co.jp using -f Received: from nrizmf15.index.or.jp ([172.100.25.24]) by nrims00a.nri.co.jp (Switch-3.3.4/Switch-3.3.4) with ESMTP id w199RGf7043376; Fri, 9 Feb 2018 18:27:16 +0900 Received: from CUEXE01PA.cu.nri.co.jp (192.51.23.31) by CUEXM08PA.cu.nri.co.jp (172.159.253.50) with Microsoft SMTP Server (TLS) id 15.0.1293.2; Fri, 9 Feb 2018 18:27:15 +0900 Received: from JPN01-OS2-obe.outbound.protection.outlook.com (23.103.139.150) by ex.nri.co.jp (192.51.23.31) with Microsoft SMTP Server (TLS) id 15.0.1293.2; Fri, 9 Feb 2018 18:27:02 +0900 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nri365.onmicrosoft.com; s=selector1-cu-nri-co-jp; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=0+RhMDitg8sl+Q0sMu5ZeRqdHRF34/jtQ8toISaV380=; b=tjMJMUVOoQ7j6Hj7Ef6E93vL6gOSiFStnMMSri+w1sV7WlkVZxnf8KO6/fte5TZgU/WzwcJ+Abiaxz1eidsySpEI1YiIww8w77NV7Un5oQyrKbuq3gqj1aZX2VY9pDHGsRxH42imKjLTPDd4T+o4T+S6oC4UI333WkmZn2JPVKc= Received: from TY1PR01MB1054.jpnprd01.prod.outlook.com (10.174.225.12) by TY1PR01MB1579.jpnprd01.prod.outlook.com (52.133.162.23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.485.10; Fri, 9 Feb 2018 09:27:14 +0000 Received: from TY1PR01MB1054.jpnprd01.prod.outlook.com ([10.174.225.12]) by TY1PR01MB1054.jpnprd01.prod.outlook.com ([10.174.225.12]) with mapi id 15.20.0485.009; Fri, 9 Feb 2018 09:27:14 +0000 From: n-sakimura To: Vladimir Dzhuvinov , "oauth@ietf.org" Thread-Topic: [OAUTH-WG] FW: New Version Notification for draft-ietf-oauth-jwsreq-15.txt Thread-Index: AQHToXxl/PnSzeCTW0anZAi4dOKcxqObzSKA Date: Fri, 9 Feb 2018 09:27:14 +0000 Message-ID: References: <150064286988.11282.3403961378795912731.idtracker@ietfa.amsl.com> <01c101d30224$e0519ec0$a0f4dc40$@nri.co.jp> <1f8bd496-5f52-96d6-0eac-de291602b60f@connect2id.com> In-Reply-To: <1f8bd496-5f52-96d6-0eac-de291602b60f@connect2id.com> Accept-Language: ja-JP, en-US Content-Language: ja-JP X-MS-Has-Attach: X-MS-TNEF-Correlator: x-mailadviser: 20170719 authentication-results: spf=none (sender IP is ) smtp.mailfrom=n-sakimura@cu.nri.co.jp; x-originating-ip: [133.250.250.4] x-ms-publictraffictype: Email x-microsoft-exchange-diagnostics: 1; TY1PR01MB1579; 7:vricWceYTI/LBkcbye2RLt9JcBXRnk1pLik+su+tHITjyojCcv36GxsFDk82pq3sfmYc4Pt6YhkT3GjwejV2FVncbjFs3raeWRzF7RSesbINJIFxFaTmBNca49HOnEJWP0VgT3vaL2c5ETN0oB8gFkFZVsfmSTfqh9g4kbiIsHdyV/GFfZYnh+oFyMGM/mRxGj8P9yy7uHuLZK3/9rP3tLs5Tt4vSykxP9yoYQhBCAfOwoBE+WANlglH945J5wNu x-ms-exchange-antispam-srfa-diagnostics: SSOS; x-ms-office365-filtering-correlation-id: 3b353773-4850-4feb-49e3-08d56f9f4e28 x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(5600026)(4604075)(3008032)(4534165)(4627221)(201703031133081)(201702281549075)(2017052603307)(7153060)(7193020); SRVR:TY1PR01MB1579; x-ms-traffictypediagnostic: TY1PR01MB1579: x-microsoft-antispam-prvs: x-exchange-antispam-report-test: UriScan:(158342451672863)(120809045254105)(192374486261705)(63843785518722); x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(6040501)(2401047)(5005006)(8121501046)(10201501046)(93006095)(93001095)(3002001)(3231101)(2400082)(944501161)(6041288)(20161123560045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123558120)(20161123564045)(20161123562045)(6072148)(201708071742011); SRVR:TY1PR01MB1579; BCL:0; PCL:0; RULEID:; SRVR:TY1PR01MB1579; x-forefront-prvs: 057859F9C5 x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(39380400002)(366004)(376002)(39840400004)(396003)(346002)(377424004)(365934003)(189003)(199004)(13464003)(316002)(305945005)(53936002)(105586002)(86362001)(74482002)(5660300001)(110136005)(15650500001)(106356001)(7736002)(25786009)(3280700002)(3660700001)(66066001)(99286004)(97736004)(7696005)(59450400001)(33656002)(6506007)(2950100002)(53546011)(42882006)(81166006)(81156014)(186003)(6246003)(14454004)(966005)(8936002)(76176011)(478600001)(3846002)(2906002)(2501003)(55016002)(6116002)(2900100001)(229853002)(77096007)(74316002)(8676002)(26005)(102836004)(68736007)(6306002)(9686003)(6436002); DIR:OUT; SFP:1102; SCL:1; SRVR:TY1PR01MB1579; H:TY1PR01MB1054.jpnprd01.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:0; LANG:en; received-spf: None (protection.outlook.com: cu.nri.co.jp does not designate permitted sender hosts) x-microsoft-antispam-message-info: UNHTVqwZ7quRTtC//G8CguJUVkEsMruw9MSFw5rKCjDq7HjRXt+tkBs0gB82FAKNhDmyH9sjjwCDlVKii62cXA== spamdiagnosticoutput: 1:99 spamdiagnosticmetadata: NSPM Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 MIME-Version: 1.0 X-MS-Exchange-CrossTenant-Network-Message-Id: 3b353773-4850-4feb-49e3-08d56f9f4e28 X-MS-Exchange-CrossTenant-originalarrivaltime: 09 Feb 2018 09:27:14.4070 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: e3e360d9-7e7f-48d5-ac33-3c5de61f0a75 X-MS-Exchange-Transport-CrossTenantHeadersStamped: TY1PR01MB1579 X-OrganizationHeadersPreserved: TY1PR01MB1579.jpnprd01.prod.outlook.com X-CrossPremisesHeadersPromoted: CUEXE01PA.cu.nri.co.jp X-CrossPremisesHeadersFiltered: CUEXE01PA.cu.nri.co.jp X-OriginatorOrg: cu.nri.co.jp Archived-At: Subject: Re: [OAUTH-WG] FW: New Version Notification for draft-ietf-oauth-jwsreq-15.txt X-BeenThere: oauth@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: OAUTH WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 09 Feb 2018 09:27:21 -0000 UmlnaHQuIEl0IGhhcyBiZWVuIGhhbmdpbmcgdGhlcmUgc2luY2UgSnVseS4uLiANCg0KTmF0DQoN Ci0tLS0tT3JpZ2luYWwgTWVzc2FnZS0tLS0tDQpGcm9tOiBPQXV0aCBbbWFpbHRvOm9hdXRoLWJv dW5jZXNAaWV0Zi5vcmddIE9uIEJlaGFsZiBPZiBWbGFkaW1pciBEemh1dmlub3YNClNlbnQ6IEZy aWRheSwgRmVicnVhcnkgMDksIDIwMTggNTowMyBQTQ0KVG86IG9hdXRoQGlldGYub3JnDQpTdWJq ZWN0OiBSZTogW09BVVRILVdHXSBGVzogTmV3IFZlcnNpb24gTm90aWZpY2F0aW9uIGZvciBkcmFm dC1pZXRmLW9hdXRoLWp3c3JlcS0xNS50eHQNCg0KSGkgTmF0LA0KDQpJIHN1cHBvc2UgeW91IHNh dyB0aGUgRkFQSSBXRyB0aWNrZXQgdG8gY29uc2lkZXIgYWRkaW5nIGFuIEFTIG1ldGFkYXRhIHBh cmFtZXRlciBmb3IgdGhlIHJlcXVlc3Qgb2JqZWN0IGVuZHBvaW50Og0KDQpodHRwczovL2JpdGJ1 Y2tldC5vcmcvb3BlbmlkL2ZhcGkvaXNzdWVzLzEzNC8NCg0KUGVyaGFwcyB0aGF0IGlzc3VlIHNo b3VsZCBiZSBhZGRyZXNzZWQgaGVyZSwgaW4gdGhlIE9BdXRoIFdHLiBCdXQgSSdtIG5vdCBzdXJl IHdoYXQgY2FuIGJlIGRvbmUgYXQgdGhpcyBzdGFnZSwgd2l0aCBkcmFmdC1pZXRmLW9hdXRoLWp3 c3JlcS0xNSBoYXZlIGdvbmUgdG8gdGhlIElFU0cuDQoNClZsYWRpbWlyDQoNCg0KT24gMjEvMDcv MTcgMTY6MjUsIE5hdCBTYWtpbXVyYSB3cm90ZToNCj4gSGkNCj4NCj4gVGhpcyB2ZXJzaW9uIGhv cGVmdWxseSBoYXZlIGFkZHJlc3NlZCBhbGwgdGhlIGNvbW1lbnRzIHRoYXQgSSByZWNlaXZlZCBk dXJpbmcgSUVTRyByZXZpZXcuIA0KPiBJIGFsc28gYWRkZWQgUkZDODE0MSBhcyB0aGUgcmVmZXJl bmNlIHRvIFVSTi4gDQo+DQo+IFRoZSBtYWluIGRpZmZlcmVuY2UgZnJvbSAtMTIgdGhhdCB3YXMg cG9zdGVkIGluIE1hcmNoIGFyZTogDQo+DQo+IDEpIE5vdywgYWxsIHRoZSBwYXJhbWV0ZXJzIHRv IGJlIHVzZWQgTVVTVCByZXNpZGUgd2l0aGluIHRoZSByZXF1ZXN0IG9iamVjdC4gDQo+ICAgIChJ dCBpcyBzdGlsbCBwb3NzaWJsZSB0byBiZSBkdXBsaWNhdGVkIGJ1dCB0aGV5IGFyZSBpZ25vcmVk IGZyb20gDQo+IHRoZSBzZWN1cml0eSBwb2ludCBvZiB2aWV3IGJ5IHRoZSBzZXJ2ZXIgdGhhdCBz dXBwb3J0cyB0aGlzIHNwZWMuKQ0KPiAyKSBDbGFyaWZpZWQgdGhhdCB3aGVuIHJlcXVlc3Qgb2Jq ZWN0IGlzIHN0b3JlZCBieSB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIsIGByZXF1ZXN0X3VyaWAg Y2FuIGJlIGEgVVJOLiANCj4gMykgQWRkZWQgdGV4dCBvbiB0aGUgc2VjdXJpdHkgcmlza3Mgb2Yg dXNpbmcgYHJlcXVlc3RfdXJpYCBpbiB0aGUgc2VjdXJpdHkgY29uc2lkZXJhdGlvbi4gDQo+DQo+ IEJlc3QsDQo+DQo+IE5hdCBTYWtpbXVyYQ0KPg0KPiAtLQ0KPiBQTEVBU0UgUkVBRCA6VGhpcyBl LW1haWwgaXMgY29uZmlkZW50aWFsIGFuZCBpbnRlbmRlZCBmb3IgdGhlIG5hbWVkIHJlY2lwaWVu dCBvbmx5LiBJZiB5b3UgYXJlIG5vdCBhbiBpbnRlbmRlZCByZWNpcGllbnQsIHBsZWFzZSBub3Rp ZnkgdGhlIHNlbmRlciAgYW5kIGRlbGV0ZSB0aGlzIGUtbWFpbC4NCj4NCj4NCj4+IC0tLS0tT3Jp Z2luYWwgTWVzc2FnZS0tLS0tDQo+PiBGcm9tOiBpbnRlcm5ldC1kcmFmdHNAaWV0Zi5vcmcgW21h aWx0bzppbnRlcm5ldC1kcmFmdHNAaWV0Zi5vcmddDQo+PiBTZW50OiBGcmlkYXksIEp1bHkgMjEs IDIwMTcgMTA6MTQgUE0NCj4+IFRvOiBOYXQgU2FraW11cmEgPG4tc2FraW11cmFAbnJpLmNvLmpw PjsgSm9obiBCcmFkbGV5IA0KPj4gPHZlN2p0YkB2ZTdqdGIuY29tPg0KPj4gU3ViamVjdDogTmV3 IFZlcnNpb24gTm90aWZpY2F0aW9uIGZvciBkcmFmdC1pZXRmLW9hdXRoLWp3c3JlcS0xNS50eHQN Cj4+DQo+Pg0KPj4gQSBuZXcgdmVyc2lvbiBvZiBJLUQsIGRyYWZ0LWlldGYtb2F1dGgtandzcmVx LTE1LnR4dCBoYXMgYmVlbiANCj4+IHN1Y2Nlc3NmdWxseSBzdWJtaXR0ZWQgYnkgTmF0IFNha2lt dXJhIGFuZCBwb3N0ZWQgdG8gdGhlIElFVEYgcmVwb3NpdG9yeS4NCj4+DQo+PiBOYW1lOgkJZHJh ZnQtaWV0Zi1vYXV0aC1qd3NyZXENCj4+IFJldmlzaW9uOgkxNQ0KPj4gVGl0bGU6CQlUaGUgT0F1 dGggMi4wIEF1dGhvcml6YXRpb24gRnJhbWV3b3JrOiBKV1QgU2VjdXJlZA0KPj4gQXV0aG9yaXph dGlvbiBSZXF1ZXN0IChKQVIpDQo+PiBEb2N1bWVudCBkYXRlOgkyMDE3LTA3LTIxDQo+PiBHcm91 cDoJCW9hdXRoDQo+PiBQYWdlczoJCTI2DQo+PiBVUkw6DQo+PiBodHRwczovL3d3dy5pZXRmLm9y Zy9pbnRlcm5ldC1kcmFmdHMvZHJhZnQtaWV0Zi1vYXV0aC1qd3NyZXEtMTUudHh0DQo+PiBTdGF0 dXM6ICAgICAgICAgaHR0cHM6Ly9kYXRhdHJhY2tlci5pZXRmLm9yZy9kb2MvZHJhZnQtaWV0Zi1v YXV0aC1qd3NyZXEvDQo+PiBIdG1saXplZDogICAgICAgaHR0cHM6Ly90b29scy5pZXRmLm9yZy9o dG1sL2RyYWZ0LWlldGYtb2F1dGgtandzcmVxLTE1DQo+PiBIdG1saXplZDoNCj4+IGh0dHBzOi8v ZGF0YXRyYWNrZXIuaWV0Zi5vcmcvZG9jL2h0bWwvZHJhZnQtaWV0Zi1vYXV0aC1qd3NyZXEtMTUN Cj4+IERpZmY6DQo+PiBodHRwczovL3d3dy5pZXRmLm9yZy9yZmNkaWZmP3VybDI9ZHJhZnQtaWV0 Zi1vYXV0aC1qd3NyZXEtMTUNCj4+DQo+PiBBYnN0cmFjdDoNCj4+ICAgIFRoZSBhdXRob3JpemF0 aW9uIHJlcXVlc3QgaW4gT0F1dGggMi4wIGRlc2NyaWJlZCBpbiBSRkMgNjc0OSB1dGlsaXplcw0K Pj4gICAgcXVlcnkgcGFyYW1ldGVyIHNlcmlhbGl6YXRpb24sIHdoaWNoIG1lYW5zIHRoYXQgQXV0 aG9yaXphdGlvbiBSZXF1ZXN0DQo+PiAgICBwYXJhbWV0ZXJzIGFyZSBlbmNvZGVkIGluIHRoZSBV Ukkgb2YgdGhlIHJlcXVlc3QgYW5kIHNlbnQgdGhyb3VnaA0KPj4gICAgdXNlciBhZ2VudHMgc3Vj aCBhcyB3ZWIgYnJvd3NlcnMuICBXaGlsZSBpdCBpcyBlYXN5IHRvIGltcGxlbWVudCwgaXQNCj4+ ICAgIG1lYW5zIHRoYXQgKGEpIHRoZSBjb21tdW5pY2F0aW9uIHRocm91Z2ggdGhlIHVzZXIgYWdl bnRzIGFyZSBub3QNCj4+ICAgIGludGVncml0eSBwcm90ZWN0ZWQgYW5kIHRodXMgdGhlIHBhcmFt ZXRlcnMgY2FuIGJlIHRhaW50ZWQsIGFuZCAoYikNCj4+ICAgIHRoZSBzb3VyY2Ugb2YgdGhlIGNv bW11bmljYXRpb24gaXMgbm90IGF1dGhlbnRpY2F0ZWQuICBCZWNhdXNlIG9mDQo+PiAgICB0aGVz ZSB3ZWFrbmVzc2VzLCBzZXZlcmFsIGF0dGFja3MgdG8gdGhlIHByb3RvY29sIGhhdmUgbm93IGJl ZW4gcHV0DQo+PiAgICBmb3J3YXJkLg0KPj4NCj4+ICAgIFRoaXMgZG9jdW1lbnQgaW50cm9kdWNl cyB0aGUgYWJpbGl0eSB0byBzZW5kIHJlcXVlc3QgcGFyYW1ldGVycyBpbiBhDQo+PiAgICBKU09O IFdlYiBUb2tlbiAoSldUKSBpbnN0ZWFkLCB3aGljaCBhbGxvd3MgdGhlIHJlcXVlc3QgdG8gYmUg c2lnbmVkDQo+PiAgICB3aXRoIEpTT04gV2ViIFNpZ25hdHVyZSAoSldTKSBhbmQgZW5jcnlwdGVk IHdpdGggSlNPTiBXZWIgRW5jcnlwdGlvbg0KPj4gICAgKEpXRSkgc28gdGhhdCB0aGUgaW50ZWdy aXR5LCBzb3VyY2UgYXV0aGVudGljYXRpb24gYW5kDQo+PiAgICBjb25maWRlbnRpYWxpdHkgcHJv cGVydHkgb2YgdGhlIEF1dGhvcml6YXRpb24gUmVxdWVzdCBpcyBhdHRhaW5lZC4NCj4+ICAgIFRo ZSByZXF1ZXN0IGNhbiBiZSBzZW50IGJ5IHZhbHVlIG9yIGJ5IHJlZmVyZW5jZS4NCj4+DQo+Pg0K Pj4NCj4+DQo+PiBQbGVhc2Ugbm90ZSB0aGF0IGl0IG1heSB0YWtlIGEgY291cGxlIG9mIG1pbnV0 ZXMgZnJvbSB0aGUgdGltZSBvZiANCj4+IHN1Ym1pc3Npb24gdW50aWwgdGhlIGh0bWxpemVkIHZl cnNpb24gYW5kIGRpZmYgYXJlIGF2YWlsYWJsZSBhdCB0b29scy5pZXRmLm9yZy4NCj4+DQo+PiBU aGUgSUVURiBTZWNyZXRhcmlhdA0KPiBfX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f X19fX19fX19fX19fXw0KPiBPQXV0aCBtYWlsaW5nIGxpc3QNCj4gT0F1dGhAaWV0Zi5vcmcNCj4g aHR0cHM6Ly93d3cuaWV0Zi5vcmcvbWFpbG1hbi9saXN0aW5mby9vYXV0aA0KDQoNCg== From nobody Wed Feb 14 12:49:09 2018 Return-Path: X-Original-To: oauth@ietfa.amsl.com Delivered-To: oauth@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1DE251250B8 for ; Wed, 14 Feb 2018 12:49:00 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.439 X-Spam-Level: X-Spam-Status: No, score=-2.439 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, HTML_OBFUSCATE_05_10=0.26, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EYfghtxKrjak for ; Wed, 14 Feb 2018 12:48:56 -0800 (PST) Received: from mail-oi0-x229.google.com (mail-oi0-x229.google.com [IPv6:2607:f8b0:4003:c06::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7F91A1200FC for ; Wed, 14 Feb 2018 12:48:56 -0800 (PST) Received: by mail-oi0-x229.google.com with SMTP id r144so2427138oie.6 for ; Wed, 14 Feb 2018 12:48:56 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=WPDuf0EKw/QR9Og0/yJbgd8YTDW0704SlnUoRYkEpR0=; b=XlylfFrlGFS25Bx3yU8hieAtA/xavh/MY+CbqPkKfHnwdQKxowH0r61qfnrdWDmToJ 0GdEh7aYyXMbQHkXosCuIWrZWhF+9WyGGHZmpXU8cL9pqXgufptxVBcWuhsy32+lLTJU 9YqL+PHcaYfzt5wo1Z15JpcVyGd3W+4f23+F+uGODsjrcVrsgBo2y33XgWukl2ykWQ4z c7bnlYAMXcnXCdUy2Azso9pRjP3crrRuds5TKJYmNZJjDtllzp8qqpl1bu2oixRwGP5s ioi+KOQ+uJrKecFg3GwFH6ajkYg/KdLX/gHqJoNN7oU+B1aEYh3GKHAkFajd2XZ/kPYH DD3Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=WPDuf0EKw/QR9Og0/yJbgd8YTDW0704SlnUoRYkEpR0=; b=G4ldUSZZQkLk8w9+sGJyKQ/fCJynSCvjMErrA3mkWkaCyRX/A71KZ9JQqbTv86UudY 0SGmZX/E1EBYbDsLgKqgrTF1TEWDfFIhKhnstyKZyLG3hLFm5UE43qMlKeomp0X1n5C1 gyeOreOy0/VcrbLi6lHBe8Y0ahIowitoQLp5swUGBOJ8JR1mGHvtJrw4NcqxuJf6Ymnn ErROHytWPHdGFIaLmjS6HOfHKADpRsaswOl4jzzF8vCDqLJXEnUVSGvMCLD7soT3tNca vEVBAKMrjvvilim4eKGXvgGmS/enWgQu8Z1sA4CCXsxFuL+9z8SADYzHRhplIS2smX5p aXog== X-Gm-Message-State: APf1xPDC01cH0kPPdtd9FRV3gZIMmZnaHKYiDbZdlXUA31Lo4zgJof5E 1DiKtSQKvepFfPQRicb+ZNMGE3OVcBW84eMMeMNmLQ== X-Google-Smtp-Source: AH8x225d5bnVNYxGN7GYHLZKYAieKDlrzih1Kb4b2GZtoU9qKIbwFQFd9p7bToV6Q2J5MO/+3IMRsTYQd8e5FP+cvmM= X-Received: by 10.202.192.137 with SMTP id q131mr287535oif.276.1518641335483; Wed, 14 Feb 2018 12:48:55 -0800 (PST) MIME-Version: 1.0 Received: by 10.157.89.150 with HTTP; Wed, 14 Feb 2018 12:48:34 -0800 (PST) From: Omer Levi Hevroni Date: Wed, 14 Feb 2018 22:48:34 +0200 Message-ID: To: oauth@ietf.org Content-Type: multipart/alternative; boundary="001a113de04857c4480565323d6b" Archived-At: Subject: [OAUTH-WG] Potential new OAuth client assertion flow X-BeenThere: oauth@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: OAUTH WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 14 Feb 2018 20:49:00 -0000 --001a113de04857c4480565323d6b Content-Type: text/plain; charset="UTF-8" Hello My name is Omer, and I am working at Soluto. We wanted to find a way to authenticate our mobile application, without any user interaction - as this will affect the user experience. We developed a new authentication flow, similar to JWT client assertion. I've gave a talk about this flow in a few conferences, and the main feedback was that it is interesting enough to consider writing a RFC about it. Currently I'm looking to hear more opinions before starting to write RFC - so any feedback will be appreciated. I'm also looking for someone to help me getting started and reviewing the RFC - if you're interested let me know. To find more about this solution: - This is a blog post describing it: https://blog.solutotlv.com /userless-mobile-authentication/ - This is a link to the slides (recording should be available soon): https://www.slideshare.net/SolutoTLV/authentication-w ithout-authentication-appsec-california Thanks Omer --001a113de04857c4480565323d6b Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Hello
My name is Omer, and I am working at Soluto. We wa= nted to find a way to authenticate our mobile application, without any user= interaction - as this will affect the user experience. We developed a new = authentication flow, similar to JWT client assertion. I've gave a talk = about this flow in a few conferences, and the main feedback was that it is = interesting enough to consider writing a RFC about it.=C2=A0
Currently= I'm looking to hear more opinions before starting to write RFC - so an= y feedback will be appreciated. I'm also looking for someone to help me= getting started and reviewing the RFC - if you're interested let me kn= ow.
To find more about this solution:=C2=A0
=C2=A0- This is a blo= g post describing it:=C2=A0htt= ps://blog.solutotlv.com/userless-mobile-authentication/
=
= =C2=A0- This is a link to the slides (recording should be available soon):= =C2=A0https://www.slideshare.net/SolutoTLV/authentication-w= ithout-authentication-appsec-california

Thanks=
Omer


--001a113de04857c4480565323d6b-- From nobody Wed Feb 14 16:36:42 2018 Return-Path: X-Original-To: oauth@ietfa.amsl.com Delivered-To: oauth@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 924F1127735 for ; Wed, 14 Feb 2018 16:36:41 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.209 X-Spam-Level: X-Spam-Status: No, score=-4.209 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id D3UmmrQzwho6 for ; Wed, 14 Feb 2018 16:36:40 -0800 (PST) Received: from mail.amsl.com (c8a.amsl.com [4.31.198.40]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1228412711A for ; Wed, 14 Feb 2018 16:36:40 -0800 (PST) Received: from mail.amsl.com (localhost [127.0.0.1]) by c8a.amsl.com (Postfix) with ESMTPS id 5895F1CAE4A for ; Wed, 14 Feb 2018 16:36:08 -0800 (PST) Received: from mail-it0-f50.google.com (mail-it0-f50.google.com [209.85.214.50]) by c8a.amsl.com (Postfix) with ESMTPSA id 35F061CAE48 for ; Wed, 14 Feb 2018 16:36:08 -0800 (PST) Received: by mail-it0-f50.google.com with SMTP id v186so11869722itc.5 for ; Wed, 14 Feb 2018 16:36:39 -0800 (PST) X-Gm-Message-State: APf1xPBns6vC/OMlSpl2i+3uXv64MMCkp6YBE6gDaiLB5SNXJwdpKUm5 nRCbRWNjvcf88Ik3lmUumWoVxecau5FncYe+b6A= X-Google-Smtp-Source: AH8x224aosG3PCSYqZFK8YelgE/EHwXLk+xDAl86s1oHK5JQjzNgyO00glu889S0vH+4kUGK05ty2An6B8uTBO3jr68= X-Received: by 10.36.44.194 with SMTP id i185mr1138533iti.37.1518654999401; Wed, 14 Feb 2018 16:36:39 -0800 (PST) MIME-Version: 1.0 Received: by 10.2.1.68 with HTTP; Wed, 14 Feb 2018 16:36:19 -0800 (PST) From: Glen Date: Wed, 14 Feb 2018 16:36:19 -0800 X-Gmail-Original-Message-ID: Message-ID: To: oauth@ietf.org Content-Type: multipart/alternative; boundary="001a1143dc60c6996d0565356b7b" Archived-At: Subject: [OAUTH-WG] Possible missed messages on this list X-BeenThere: oauth@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: OAUTH WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 15 Feb 2018 00:36:41 -0000 --001a1143dc60c6996d0565356b7b Content-Type: text/plain; charset="UTF-8" Possible missed messages on this list Dear list participants - An upgrade to the IETF's custom mail processing software today resulted in some delivery failures for *some* messages to *some* recipients on this list, over the past 3 hours. We invite you to check the mail archives for this list, at: https://mailarchive.ietf.org/arch/search/?email_list=oauth to ensure that you have received all the relevant messages for this list today. We apologize for the inconvenience. Glen -- Glen Barney IT Director AMS (IETF Secretariat) --001a1143dc60c6996d0565356b7b Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Possible missed messages on this list

Dear list participants -
An upgrade to the IETF's custom mail processing software today resulted i= n some delivery failures for *some* messages to *some* recipients on this list, over the past 3 hours.

We invite you to check the mail archiv= es for this list, at:

https://mailarchive.ietf.org/arch/search/?email_= list=3Doauth

to ensure that you have received all the relevant m= essages for this list today.

We apologize for the inconvenience.
=
Glen
--
Glen Barney
IT Director
AMS (IETF Secretariat)
--001a1143dc60c6996d0565356b7b-- From nobody Thu Feb 15 06:37:24 2018 Return-Path: X-Original-To: oauth@ietfa.amsl.com Delivered-To: oauth@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EE78912DA12 for ; Thu, 15 Feb 2018 06:37:22 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.9 X-Spam-Level: X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id quNCjKn7cCRc for ; Thu, 15 Feb 2018 06:37:21 -0800 (PST) Received: from p3plsmtpa08-03.prod.phx3.secureserver.net (p3plsmtpa08-03.prod.phx3.secureserver.net [173.201.193.104]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2F53F1270A7 for ; Thu, 15 Feb 2018 06:37:21 -0800 (PST) Received: from [192.168.0.107] ([78.130.190.73]) by :SMTPAUTH: with SMTP id mKf1eHZ8DGENQmKf2eeAt6; Thu, 15 Feb 2018 07:37:20 -0700 To: oauth@ietf.org References: From: Vladimir Dzhuvinov Organization: Connect2id Ltd. Message-ID: Date: Thu, 15 Feb 2018 16:37:19 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.6.0 MIME-Version: 1.0 In-Reply-To: Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg=sha-256; boundary="------------ms030007090203050600040802" X-CMAE-Envelope: MS4wfJqBijTfl3tQrTKvN9KdpKbEETRy1VStoQJcAsPfVQoGNCN4V62IiyMJOPhnLUT7Ma5Fx4m1uI5Q5pbiVZuS7Mt5WrwBoh7nYZOSapu0GAtlIEe6AAF+ 7XhneI6yCXQojtqvhylYl9hATWQXRzzRTLSlmx7XZe/sLvQvyTIHMtUv Archived-At: Subject: Re: [OAUTH-WG] Potential new OAuth client assertion flow X-BeenThere: oauth@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: OAUTH WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 15 Feb 2018 14:37:23 -0000 This is a cryptographically signed message in MIME format. --------------ms030007090203050600040802 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Content-Language: en-US Hi Omer and welcome to the Oauth WG, On 14/02/18 22:48, Omer Levi Hevroni wrote: > Hello > My name is Omer, and I am working at Soluto. We wanted to find a way to= > authenticate our mobile application, without any user interaction - as = this > will affect the user experience. We developed a new authentication flow= , > similar to JWT client assertion. I've gave a talk about this flow in a = few > conferences, and the main feedback was that it is interesting enough to= > consider writing a RFC about it. > Currently I'm looking to hear more opinions before starting to write RF= C - > so any feedback will be appreciated. I'm also looking for someone to he= lp > me getting started and reviewing the RFC - if you're interested let me = know. > To find more about this solution: > - This is a blog post describing it: https://blog.solutotlv.com > /userless-mobile-authentication/ > - This is a link to the slides (recording should be available soon): > https://www.slideshare.net/SolutoTLV/authentication-w > ithout-authentication-appsec-california Looks like a neat protocol to maintain a continuous auth session between client and AS. Did you take a look at https://tools.ietf.org/html/rfc7523#section-2.1 ? This may be more suitable to pass the JWT, rather than tunneling it via the password grant. Vladimir --------------ms030007090203050600040802 Content-Type: application/pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" Content-Description: S/MIME Cryptographic Signature MIAGCSqGSIb3DQEHAqCAMIACAQExDzANBglghkgBZQMEAgEFADCABgkqhkiG9w0BBwEAAKCC CfwwggSvMIIDl6ADAgECAhEA4CPLFRKDU4mtYW56VGdrITANBgkqhkiG9w0BAQsFADBvMQsw CQYDVQQGEwJTRTEUMBIGA1UEChMLQWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFkZFRydXN0IEV4 dGVybmFsIFRUUCBOZXR3b3JrMSIwIAYDVQQDExlBZGRUcnVzdCBFeHRlcm5hbCBDQSBSb290 MB4XDTE0MTIyMjAwMDAwMFoXDTIwMDUzMDEwNDgzOFowgZsxCzAJBgNVBAYTAkdCMRswGQYD VQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAOBgNVBAcTB1NhbGZvcmQxGjAYBgNVBAoTEUNP TU9ETyBDQSBMaW1pdGVkMUEwPwYDVQQDEzhDT01PRE8gU0hBLTI1NiBDbGllbnQgQXV0aGVu dGljYXRpb24gYW5kIFNlY3VyZSBFbWFpbCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC AQoCggEBAImxDdp6UxlOcFIdvFamBia3uEngludRq/HwWhNJFaO0jBtgvHpRQqd5jKQi3xdh TpHVdiMKFNNKAn+2HQmAbqUEPdm6uxb+oYepLkNSQxZ8rzJQyKZPWukI2M+TJZx7iOgwZOak +FaA/SokFDMXmaxE5WmLo0YGS8Iz1OlAnwawsayTQLm1CJM6nCpToxDbPSBhPFUDjtlOdiUC ISn6o3xxdk/u4V+B6ftUgNvDezVSt4TeIj0sMC0xf1m9UjewM2ktQ+v61qXxl3dnUYzZ7ifr vKUHOHaMpKk4/9+M9QOsSb7K93OZOg8yq5yVOhM9DkY6V3RhUL7GQD/L5OKfoiECAwEAAaOC ARcwggETMB8GA1UdIwQYMBaAFK29mHo0tCb3+sQmVO8DveAky1QaMB0GA1UdDgQWBBSSYWuC 4aKgqk/sZ/HCo/e0gADB7DAOBgNVHQ8BAf8EBAMCAYYwEgYDVR0TAQH/BAgwBgEB/wIBADAd BgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwQwEQYDVR0gBAowCDAGBgRVHSAAMEQGA1Ud HwQ9MDswOaA3oDWGM2h0dHA6Ly9jcmwudXNlcnRydXN0LmNvbS9BZGRUcnVzdEV4dGVybmFs Q0FSb290LmNybDA1BggrBgEFBQcBAQQpMCcwJQYIKwYBBQUHMAGGGWh0dHA6Ly9vY3NwLnVz ZXJ0cnVzdC5jb20wDQYJKoZIhvcNAQELBQADggEBABsqbqxVwTqriMXY7c1V86prYSvACRAj mQ/FZmpvsfW0tXdeDwJhAN99Bf4Ss6SAgAD8+x1banICCkG8BbrBWNUmwurVTYT7/oKYz1gb 4yJjnFL4uwU2q31Ypd6rO2Pl2tVz7+zg+3vio//wQiOcyraNTT7kSxgDsqgt1Ni7QkuQaYUQ 26Y3NOh74AEQpZzKOsefT4g0bopl0BqKu6ncyso20fT8wmQpNa/WsadxEdIDQ7GPPprsnjJT 9HaSyoY0B7ksyuYcStiZDcGG4pCS+1pCaiMhEOllx/XVu37qjIUgAmLq0ToHLFnFmTPyOInl tukWeh95FPZKEBom+nyK+5swggVFMIIELaADAgECAhAlSsBX16i/yGZZkfkyj/exMA0GCSqG SIb3DQEBCwUAMIGbMQswCQYDVQQGEwJHQjEbMBkGA1UECBMSR3JlYXRlciBNYW5jaGVzdGVy MRAwDgYDVQQHEwdTYWxmb3JkMRowGAYDVQQKExFDT01PRE8gQ0EgTGltaXRlZDFBMD8GA1UE AxM4Q09NT0RPIFNIQS0yNTYgQ2xpZW50IEF1dGhlbnRpY2F0aW9uIGFuZCBTZWN1cmUgRW1h aWwgQ0EwHhcNMTcwNDA2MDAwMDAwWhcNMTgwNDA2MjM1OTU5WjAoMSYwJAYJKoZIhvcNAQkB Fhd2bGFkaW1pckBjb25uZWN0MmlkLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC ggEBAMHntIxpX2yNwHUcSrxfJihY9EtYTwC4VArv/C03YlEV92AQljLFYVKtRp+iKT8WDKo2 CqzPYaIHbKD0ivoou0qXQgv4yOk8rQxFmpTzCCe2c1KercueHfy595CnMz1u8GsQyblZqFMD HmzoEvD1YZiI3FEh049tVixBnHwPD9fyiGlf8+QdjwmBLMQwdrrib7xcswNXKYIsfj6Qm5oa d83bsz8VmYm5U39DbNPh01SzqAzwZt3jMuhy0su7lMs75lKYzWMA7b/9qrp40E3vR0yDvOn5 7Ijs+LFE2wPDTebVVfYT+m24e5/v/2w6sX5g/6oJsZnwPM737zIXV7x6jqECAwEAAaOCAfUw ggHxMB8GA1UdIwQYMBaAFJJha4LhoqCqT+xn8cKj97SAAMHsMB0GA1UdDgQWBBQA+4E14UMY HyjzXHClSV9VfWHpPzAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAgBgNVHSUEGTAX BggrBgEFBQcDBAYLKwYBBAGyMQEDBQIwEQYJYIZIAYb4QgEBBAQDAgUgMEYGA1UdIAQ/MD0w OwYMKwYBBAGyMQECAQEBMCswKQYIKwYBBQUHAgEWHWh0dHBzOi8vc2VjdXJlLmNvbW9kby5u ZXQvQ1BTMF0GA1UdHwRWMFQwUqBQoE6GTGh0dHA6Ly9jcmwuY29tb2RvY2EuY29tL0NPTU9E T1NIQTI1NkNsaWVudEF1dGhlbnRpY2F0aW9uYW5kU2VjdXJlRW1haWxDQS5jcmwwgZAGCCsG AQUFBwEBBIGDMIGAMFgGCCsGAQUFBzAChkxodHRwOi8vY3J0LmNvbW9kb2NhLmNvbS9DT01P RE9TSEEyNTZDbGllbnRBdXRoZW50aWNhdGlvbmFuZFNlY3VyZUVtYWlsQ0EuY3J0MCQGCCsG AQUFBzABhhhodHRwOi8vb2NzcC5jb21vZG9jYS5jb20wIgYDVR0RBBswGYEXdmxhZGltaXJA Y29ubmVjdDJpZC5jb20wDQYJKoZIhvcNAQELBQADggEBACYLv9z6ZOucvt5MlRhNY6SJISDN 880UmdH7IdeP2kJjS3GwuVaVUCQY/frypeIm3A+y0fKEVNJAJO7tfL88yOW4wjA9JMGokpy5 RswZ0uikkNSOt6CF3YGagsfr4VnrcoUxCH+FoGZcWvWYHajJy+QkVG2i6XvsTE7jv1PIsoDU SJuCW+Dvg6iJI9Etpfv1ZrBeDEL05PkPBZfazKMj4MkVirkfbG3qgbzRzAb+7Vsm309NKQ+i EUfoxt83ByC6+URLl3PoR2UTZv7M1JQmTtaQWe1LrAEKlBGHkfnSlxueLnmpCUJRS7Ldyfh5 60OdVFcB5twXPnYWtoZfdTlbv5oxggRBMIIEPQIBATCBsDCBmzELMAkGA1UEBhMCR0IxGzAZ BgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UEChMR Q09NT0RPIENBIExpbWl0ZWQxQTA/BgNVBAMTOENPTU9ETyBTSEEtMjU2IENsaWVudCBBdXRo ZW50aWNhdGlvbiBhbmQgU2VjdXJlIEVtYWlsIENBAhAlSsBX16i/yGZZkfkyj/exMA0GCWCG SAFlAwQCAQUAoIICYTAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEP Fw0xODAyMTUxNDM3MTlaMC8GCSqGSIb3DQEJBDEiBCBqe7CoEAVaNcGyBzQHxYmRpmpynXlE fpf5BcPeZoLF7jBsBgkqhkiG9w0BCQ8xXzBdMAsGCWCGSAFlAwQBKjALBglghkgBZQMEAQIw CgYIKoZIhvcNAwcwDgYIKoZIhvcNAwICAgCAMA0GCCqGSIb3DQMCAgFAMAcGBSsOAwIHMA0G CCqGSIb3DQMCAgEoMIHBBgkrBgEEAYI3EAQxgbMwgbAwgZsxCzAJBgNVBAYTAkdCMRswGQYD VQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAOBgNVBAcTB1NhbGZvcmQxGjAYBgNVBAoTEUNP TU9ETyBDQSBMaW1pdGVkMUEwPwYDVQQDEzhDT01PRE8gU0hBLTI1NiBDbGllbnQgQXV0aGVu dGljYXRpb24gYW5kIFNlY3VyZSBFbWFpbCBDQQIQJUrAV9eov8hmWZH5Mo/3sTCBwwYLKoZI hvcNAQkQAgsxgbOggbAwgZsxCzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNo ZXN0ZXIxEDAOBgNVBAcTB1NhbGZvcmQxGjAYBgNVBAoTEUNPTU9ETyBDQSBMaW1pdGVkMUEw PwYDVQQDEzhDT01PRE8gU0hBLTI1NiBDbGllbnQgQXV0aGVudGljYXRpb24gYW5kIFNlY3Vy ZSBFbWFpbCBDQQIQJUrAV9eov8hmWZH5Mo/3sTANBgkqhkiG9w0BAQEFAASCAQBDB3r1M3FU LCcdNek2zoniCyP1ng04yuH3bpXCEWnp+Mq1AhEgB6OS6JaFfcJLui60Nvgs0Jdaf/XLwueM JnllXWCN5UICNOt1gZldK7oyQXNAhq836WLs9deFObmau8uYfUYjWGwLoVUHSf1iD4t3rH9M pSGDO6frbS2TF8bhNgoVI+HEZmO6phE3tLCKGQS0RcHwk7TiHwGjFUU/MwY/fQM8yighLLqM hOYeL6w31X0qMF5toxld2LDoc0eVJvHE/yPgtV3o1fMAX+kphNMLcy7ShX/frVa28K8wYMD9 91KeYTk+gkyL8rZcMNmOJl8pzD8z3vpDSMQEygs6oL75AAAAAAAA --------------ms030007090203050600040802-- From nobody Thu Feb 15 06:49:01 2018 Return-Path: X-Original-To: oauth@ietfa.amsl.com Delivered-To: oauth@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BADBB12741D for ; Thu, 15 Feb 2018 06:48:59 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.998 X-Spam-Level: X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id P05tEFJl0n4z for ; Thu, 15 Feb 2018 06:48:57 -0800 (PST) Received: from mail-ot0-x22f.google.com (mail-ot0-x22f.google.com [IPv6:2607:f8b0:4003:c0f::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 33ABC1275F4 for ; Thu, 15 Feb 2018 06:48:57 -0800 (PST) Received: by mail-ot0-x22f.google.com with SMTP id a2so23599654otf.2 for ; Thu, 15 Feb 2018 06:48:57 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=LbR3Hc8KyZUWXY2qurKjFD+DJs/SmE9TI8nSK204XkA=; b=Col2pk1SbF7+ydNbCprYO3stw1WAxtMEOkBWlwwM9rUD8GNtECwr81vBnbc8ia1vOY +K3dTfPUaj8gihqoZgIDaV9KYIt4ExnyXr9mOEte5rRWYANjjOj8WgBF5yvkhLAQcXcb zbYIrNdINppTGd4AJrjwlzYM2e+4FpC25a6oZymIcKKQEc2ZscS8S9osusX+V7oiuhy3 fPxKXmAuxt5tilksQ4kx1FSDiigzS42BbgRldkT/8pZq4bUjvi10D4ESPxQ0gkPDopG6 6NTYDj+dx6HHu1iNKUdfolS+ZkR7qVNZ9g8ggBeVB5+Rl37zEE5r0TABFeJEOTpxvmsN dhxQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=LbR3Hc8KyZUWXY2qurKjFD+DJs/SmE9TI8nSK204XkA=; b=oPMLsle32zWavwkj/Wx1yucrZwhs5JVXSIBhhVJBmhTYV+YWitWzS2Dmogm6EmA+nV LOoqZqlUAkcnEE10PswL7hvwbSHR7kASBsjbwl5S9FiZ608iuLp4HQCcIemV8EJOkIa1 xJPAMk57PLclMhSu272xY+3+A9nhMs3Z4cZHgyfkJLEbzJbB+DY3XdExGPhGDc3tiQRT bzfB7DpH2ALWbHXPwtGvVsMuLHzxsQOSV4APhQUYOFd4PP12jwlaBXxIA16Hfeo417O0 EpdvQD8i/GLIQ2XUke1e9MISTvjXqE2BaFGtQcGqQk+PAm6eEYsEabhjaYbZjoGTw+qp iVHw== X-Gm-Message-State: APf1xPDetjpTyfflWh9GqGqHZPRxPk7zEXheI6Crv0F8KABXJalAAWFW KadwcFk880VIezxltv7EDReKOX8rAPd6MM2W9RECrg== X-Google-Smtp-Source: AH8x2241CkW8xBgt7uNyoJIU3RthU/n4Q/PbnykmtLnX5ZaSAf2OilYvDznHADgz1LMPvbBJ5vMnfCu8Ah86ttqAh+U= X-Received: by 10.157.38.164 with SMTP id l33mr2172937otb.196.1518706136582; Thu, 15 Feb 2018 06:48:56 -0800 (PST) MIME-Version: 1.0 Received: by 10.157.89.150 with HTTP; Thu, 15 Feb 2018 06:48:36 -0800 (PST) In-Reply-To: References: From: Omer Levi Hevroni Date: Thu, 15 Feb 2018 16:48:36 +0200 Message-ID: To: Vladimir Dzhuvinov Cc: oauth@ietf.org Content-Type: multipart/alternative; boundary="001a11396c10ca116e0565415328" Archived-At: Subject: Re: [OAUTH-WG] Potential new OAuth client assertion flow X-BeenThere: oauth@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: OAUTH WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 15 Feb 2018 14:49:00 -0000 --001a11396c10ca116e0565415328 Content-Type: text/plain; charset="UTF-8" Yes, this is my intent - adding a new client assertion (currently the name I am thinking of is jwt-otp-assertion). The blog post was on how to do that by using existing OAuth/Open id flows. On Thu, Feb 15, 2018 at 4:37 PM, Vladimir Dzhuvinov wrote: > Hi Omer and welcome to the Oauth WG, > > On 14/02/18 22:48, Omer Levi Hevroni wrote: > > Hello > > My name is Omer, and I am working at Soluto. We wanted to find a way to > > authenticate our mobile application, without any user interaction - as > this > > will affect the user experience. We developed a new authentication flow, > > similar to JWT client assertion. I've gave a talk about this flow in a > few > > conferences, and the main feedback was that it is interesting enough to > > consider writing a RFC about it. > > Currently I'm looking to hear more opinions before starting to write RFC > - > > so any feedback will be appreciated. I'm also looking for someone to help > > me getting started and reviewing the RFC - if you're interested let me > know. > > To find more about this solution: > > - This is a blog post describing it: https://blog.solutotlv.com > > /userless-mobile-authentication/ > > - This is a link to the slides (recording should be available soon): > > https://www.slideshare.net/SolutoTLV/authentication-w > > ithout-authentication-appsec-california > Looks like a neat protocol to maintain a continuous auth session between > client and AS. > > Did you take a look at https://tools.ietf.org/html/rfc7523#section-2.1 ? > > This may be more suitable to pass the JWT, rather than tunneling it via > the password grant. > > Vladimir > > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth > > --001a11396c10ca116e0565415328 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Yes, this is my intent - adding a new client assertion (cu= rrently the name I am thinking of is jwt-otp-assertion). The blog post was = on how to do that by using existing OAuth/Open id flows.

On Thu, Feb 15, 2018 at 4:37 P= M, Vladimir Dzhuvinov <vladimir@connect2id.com> wrote:=
Hi Omer and welcome to the Oauth WG,

On 14/02/18 22:48, Omer Levi Hevroni wrote:
> Hello
> My name is Omer, and I am working at Soluto. We wanted to find a way t= o
> authenticate our mobile application, without any user interaction - as= this
> will affect the user experience. We developed a new authentication flo= w,
> similar to JWT client assertion. I've gave a talk about this flow = in a few
> conferences, and the main feedback was that it is interesting enough t= o
> consider writing a RFC about it.
> Currently I'm looking to hear more opinions before starting to wri= te RFC -
> so any feedback will be appreciated. I'm also looking for someone = to help
> me getting started and reviewing the RFC - if you're interested le= t me know.
> To find more about this solution:
>=C2=A0 - This is a blog post describing it: https://blog.solutotlv.com=
> /userless-mobile-authentication/
>=C2=A0 - This is a link to the slides (recording should be available so= on):
> https://www.slideshare.net/SolutoTLV= /authentication-w
> ithout-authentication-appsec-california
Looks like a neat protocol to maintain a continuous auth session bet= ween
client and AS.

Did you take a look at https://tools.ietf.org/html/rfc7523#section-2.1 ?

This may be more suitable to pass the JWT, rather than tunneling it via
the password grant.

Vladimir


_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth


--001a11396c10ca116e0565415328-- From nobody Mon Feb 26 23:03:30 2018 Return-Path: X-Original-To: oauth@ietfa.amsl.com Delivered-To: oauth@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 29B07124BE8; Mon, 26 Feb 2018 23:03:29 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.019 X-Spam-Level: X-Spam-Status: No, score=-2.019 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XCBvCsUXrGja; Mon, 26 Feb 2018 23:03:24 -0800 (PST) Received: from NAM03-DM3-obe.outbound.protection.outlook.com (mail-dm3nam03on0121.outbound.protection.outlook.com [104.47.41.121]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0E89B124B18; Mon, 26 Feb 2018 23:03:23 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=apNv+dgNFt30np8qUbMkgEOtclltKe3oYjYYIoXVttc=; b=OdrMxYAsSp4T9BC5+5AYq2B72RB6Vg991/x7PSo+vUZEIgA76tfBFnQz0I87Mbnm8iuzHuPkcPKiv0zU1Be8J6N1joY54lC6c0aJtko9/NykA3rlj0T2WDjMpreTm7BUF9hXHeLr3vsr6wSFC5z55zM2VAFNHPNpK4+lf6K2sfM= Received: from SN6PR2101MB0943.namprd21.prod.outlook.com (52.132.114.20) by SN6PR2101MB0894.namprd21.prod.outlook.com (52.132.116.159) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.567.3; Tue, 27 Feb 2018 07:03:21 +0000 Received: from SN6PR2101MB0943.namprd21.prod.outlook.com ([fe80::9866:f6b5:e2d6:50]) by SN6PR2101MB0943.namprd21.prod.outlook.com ([fe80::9866:f6b5:e2d6:50%2]) with mapi id 15.20.0567.002; Tue, 27 Feb 2018 07:03:21 +0000 From: Mike Jones To: The IESG , Alexey Melnikov CC: "draft-ietf-oauth-discovery@ietf.org" , "oauth-chairs@ietf.org" , "oauth@ietf.org" Thread-Topic: [OAUTH-WG] Alexey Melnikov's Discuss on draft-ietf-oauth-discovery-08: (with DISCUSS and COMMENT) Thread-Index: AQHTlOop6dUBqhyeJUqE43siwWseqKODkaAQgAXXNACAAAUYYIAumhgw Date: Tue, 27 Feb 2018 07:03:21 +0000 Message-ID: References: <151678115299.24088.6785024209658543295.idtracker@ietfa.amsl.com> , <1517151884.2936052.1250819288.30846638@webmail.messagingengine.com> In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: yes X-MS-TNEF-Correlator: x-originating-ip: [50.47.88.236] x-ms-publictraffictype: Email x-microsoft-exchange-diagnostics: 1; SN6PR2101MB0894; 7:HAV6e/lVJ+v2xtmWfhcJMpvCJMtTtUXymYnJuSo7myzFy34nMC1UJHaVfVL0oXg540vV69ReTs1Lqq75aG+ai0pleFfXdfgHOns2LhPBe4G20OSYgrh/JC3NcVN4NdrUWB6Ozy0BdYakaHv79OqDHxfkRO3OqjKy0b3vuw7PZjY0gh8HWz4EscnmklfNBCz2C7TXTg6xKUB3nAPWoUCG5XgTKAFJ1kYrJAg8BOhWJ/+1Gc5Ad9UbCn+mYQ2kXhHu x-ms-exchange-antispam-srfa-diagnostics: SOS; x-ms-office365-filtering-ht: Tenant x-ms-office365-filtering-correlation-id: 692fd3a4-ab64-4b03-6d2a-08d57db0301f x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(4534165)(4627221)(201703031133081)(201702281549075)(48565401081)(5600026)(4604075)(3008032)(2017052603307)(49563074)(7193020); SRVR:SN6PR2101MB0894; x-ms-traffictypediagnostic: SN6PR2101MB0894: x-microsoft-antispam-prvs: x-exchange-antispam-report-test: UriScan:(28532068793085)(158342451672863)(120809045254105)(248736688235697)(21748063052155); x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(8211001083)(102415395)(61425038)(6040501)(2401047)(8121501046)(5005006)(10201501046)(3002001)(93006095)(93001095)(3231220)(944501198)(52105095)(6055026)(61426038)(61427038)(6041288)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123564045)(20161123562045)(20161123558120)(20161123560045)(6072148)(201708071742011); SRVR:SN6PR2101MB0894; BCL:0; PCL:0; RULEID:; SRVR:SN6PR2101MB0894; x-forefront-prvs: 05961EBAFC x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(39380400002)(376002)(346002)(39860400002)(366004)(396003)(13464003)(189003)(199004)(51914003)(6246003)(8666007)(9686003)(55016002)(54896002)(6306002)(53936002)(6436002)(22452003)(236005)(99936001)(10090500001)(110136005)(54906003)(316002)(86612001)(606006)(93886005)(99286004)(106356001)(2950100002)(966005)(66066001)(229853002)(14454004)(68736007)(105586002)(53546011)(6506007)(3660700001)(72206003)(25786009)(5660300001)(10290500003)(5250100002)(5890100001)(97736004)(2906002)(81156014)(81166006)(86362001)(74316002)(8676002)(7736002)(3280700002)(8936002)(7696005)(102836004)(26005)(33656002)(186003)(790700001)(345774005)(478600001)(3846002)(8990500004)(4326008)(6116002)(2900100001)(76176011)(6346003); DIR:OUT; SFP:1102; SCL:1; SRVR:SN6PR2101MB0894; H:SN6PR2101MB0943.namprd21.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en; received-spf: None (protection.outlook.com: microsoft.com does not designate permitted sender hosts) authentication-results: spf=none (sender IP is ) smtp.mailfrom=Michael.Jones@microsoft.com; x-microsoft-antispam-message-info: r5oYQH4PGpfjc2toRbg/b8fwNrLqzTe+jm3EFUYlE9KvlRnzwQ0qYiMxZCj2ZswTZ5k3apqqC8LrEzrDtAXXkzCWzhgea5VLNtogN7T+je/aPIL47pBNmIEAE9XhNSGJViWMxO62N24ebOvbpRnbaD1ORhxaUJlaYcPxM6x8OYs= spamdiagnosticoutput: 1:99 spamdiagnosticmetadata: NSPM Content-Type: multipart/mixed; boundary="_005_SN6PR2101MB0943219B09904D35D7A37CA2F5C00SN6PR2101MB0943_" MIME-Version: 1.0 X-OriginatorOrg: microsoft.com X-MS-Exchange-CrossTenant-Network-Message-Id: 692fd3a4-ab64-4b03-6d2a-08d57db0301f X-MS-Exchange-CrossTenant-originalarrivaltime: 27 Feb 2018 07:03:21.6133 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47 X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN6PR2101MB0894 Archived-At: Subject: Re: [OAUTH-WG] Alexey Melnikov's Discuss on draft-ietf-oauth-discovery-08: (with DISCUSS and COMMENT) X-BeenThere: oauth@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: OAUTH WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 27 Feb 2018 07:03:29 -0000 --_005_SN6PR2101MB0943219B09904D35D7A37CA2F5C00SN6PR2101MB0943_ Content-Type: multipart/alternative; boundary="_000_SN6PR2101MB0943219B09904D35D7A37CA2F5C00SN6PR2101MB0943_" --_000_SN6PR2101MB0943219B09904D35D7A37CA2F5C00SN6PR2101MB0943_ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable The attached drafts address the DISCUSSes from Adam and Alexey in the ways = proposed. A summary of the changes from -08 is: * Revised the transformation between the issuer identifier and the a= uthorization server metadata location to conform to BCP 190, as suggested b= y Adam Roach. * Defined the characters allowed in registered metadata names and va= lues, as suggested by Alexey Melnikov. * Changed to using the RFC 8174 boilerplate instead of the RFC 2119 = boilerplate, as suggested by Ben Campbell. * Acknowledged additional reviewers. I've attached both source and .txt versions to facilitate comparison to -08= . Unless I hear additional suggestions for improvements by my end of busin= ess Tuesday, I'll plan to publish this as -09. Thanks all, -- Mike From: Mike Jones Sent: Sunday, January 28, 2018 7:23 AM To: The IESG ; Alexey Melnikov Cc: draft-ietf-oauth-discovery@ietf.org; oauth-chairs@ietf.org; oauth@ietf.= org Subject: Re: [OAUTH-WG] Alexey Melnikov's Discuss on draft-ietf-oauth-disco= very-08: (with DISCUSS and COMMENT) Your understanding matches with the intent of the language from RFC 7638. I= 'll plan to proceed on that basis then. Thanks again, -- Mike From: Alexey Melnikov Sent: Sunday, January 28, 7:04 AM Subject: Re: [OAUTH-WG] Alexey Melnikov's Discuss on draft-ietf-oauth-disco= very-08: (with DISCUSS and COMMENT) To: Mike Jones, The IESG Cc: draft-ietf-oauth-discovery@ietf.org, oauth-chairs@ietf.org, oauth@ietf.o= rg Hi Mike, On Wed, Jan 24, 2018, at 10:11 PM, Mike Jones wrote: > Thanks for = the useful review, Alexey. I propose that we use the same > character restr= ictions that are described in > https://tools.ietf.org/html/rfc7638#section= -6, which are: > > (a) require that member names being registered use > onl= y printable ASCII characters excluding double quote ('"') and > backslash (= '\') (the Unicode characters with code points U+0021, > U+0023 through U+00= 5B, and U+005D through U+007E), This looks reasonable. > or > > (b) if new = members are defined that use other code > points, require that their defini= tions specify the exact Unicode code > point sequences used to represent th= em. Furthermore, proposed > registrations that use Unicode code points that= can only be > represented in JSON strings as escaped characters must not b= e > accepted. So just to double check: it is Ok to register names in Greek = or Cyrillic (for example) and they will be compared in a case sensitive man= ner? > I also propose that we say that member name comparison occurs in the= > manner described in https://tools.ietf.org/html/rfc7159#section-8.3. My = understanding is that RFC 7159 recommends case-sensitive comparison and tha= t is fine with me. > Will that work for you, Alexey? Best Regards, Alexey >= > Thanks, > -- Mike > > -----Original Message----- > From: Alexey Melnikov= [mailto:aamelnikov@fastmail.fm] > Sent: Wednesday, January 24, 2018 12:06 = AM > To: The IESG > Cc: draft-ietf-oauth-discovery@ietf.org; Hannes Tschofenig > ; oauth-chairs@ietf.org; > Hannes.Tschofenig@gmx.net; oauth@ietf.org > Subject: Alexey M= elnikov's Discuss on draft-ietf-oauth-discovery-08: > (with DISCUSS and COM= MENT) > > Alexey Melnikov has entered the following ballot position for > d= raft-ietf-oauth-discovery-08: Discuss > > When responding, please keep the = subject line intact and reply to all > email addresses included in the To a= nd CC lines. (Feel free to cut this > introductory paragraph, however.) > >= > Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.htm= l > for more information about IESG DISCUSS and COMMENT positions. > > > Th= e document, along with other ballot positions, can be found here: > https:/= /datatracker.ietf.org/doc/draft-ietf-oauth-discovery/ > > > > -------------= --------------------------------------------------------- > DISCUSS: > ----= ------------------------------------------------------------------ > > Than= k you for the well written IANA Considerations section. I have one > commen= t on it which should be easy to resolve: > > The document doesn't seem to s= ay anything about allowed characters in > Metadata names. When the document= talks about "case-insensitive > matching", it is not clear how to implemen= t the matching, because it is > not clear whether or not Metadata names are= ASCII only. If they are not, > then you need to better define what "case i= nsensitive" means. > > > --------------------------------------------------= -------------------- > COMMENT: > -----------------------------------------= ----------------------------- > > I am agreeing with Adam's DISCUSS. > > > = _______________________________________________ > OAuth mailing list > OAut= h@ietf.org > https://www.ietf.org/mailman/listinfo/o= auth --_000_SN6PR2101MB0943219B09904D35D7A37CA2F5C00SN6PR2101MB0943_ Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable

The attached drafts ad= dress the DISCUSSes from Adam and Alexey in the ways proposed.  A summ= ary of the changes from -08 is:

·        Revised the transformation betw= een the issuer identifier and the authorization server metadata location to= conform to BCP 190, as suggested by Adam Roach.

·        Defined the characters allowed = in registered metadata names and values, as suggested by Alexey Melnikov.

·        Changed to using the RFC 8174 b= oilerplate instead of the RFC 2119 boilerplate, as suggested by Ben Campbel= l.

·        Acknowledged additional reviewe= rs.

I’ve attached bo= th source and .txt versions to facilitate comparison to -08.  Unless I= hear additional suggestions for improvements by my end of business Tuesday= , I’ll plan to publish this as -09.

 

   &nbs= p;            &= nbsp;           &nbs= p;            &= nbsp;           &nbs= p; Thanks all,

   &nbs= p;            &= nbsp;           &nbs= p;            &= nbsp;           &nbs= p; -- Mike

 

From: Mike Jones
Sent: Sunday, January 28, 2018 7:23 AM
To: The IESG <iesg@ietf.org>; Alexey Melnikov <aamelnikov@f= astmail.fm>
Cc: draft-ietf-oauth-discovery@ietf.org; oauth-chairs@ietf.org; oaut= h@ietf.org
Subject: Re: [OAUTH-WG] Alexey Melnikov's Discuss on draft-ietf-oaut= h-discovery-08: (with DISCUSS and COMMENT)

 

Your understanding matches = with the intent of the language from RFC 7638. I'll plan to proceed on that= basis then.

Thanks again,

-- Mike

From: Alexey Melnikov

Sent: Sunday, January 28, 7:04 AM

Subject: Re: [OAUTH-WG] Alexey Melnikov's Discuss on draft= -ietf-oauth-discovery-08: (with DISCUSS and COMMENT)

To: Mike Jones, The IESG

Hi Mike, On Wed, Jan 24, 20= 18, at 10:11 PM, Mike Jones wrote: > Thanks for the useful review, Alexe= y. I propose that we use the same > character restrictions that are described in > https://tools.ietf.org/html/rfc7638#section-6, which are: > > (a)= require that member names being registered use > only printable ASCII c= haracters excluding double quote ('"') and > backslash ('\') (the U= nicode characters with code points U+0021, > U+0023 through U+005B, and U+005D through U+007E), This looks reasona= ble. > or > > (b) if new members are defined that use other code &= gt; points, require that their definitions specify the exact Unicode code &= gt; point sequences used to represent them. Furthermore, proposed > registrations that use Unicode code points that can only be > repr= esented in JSON strings as escaped characters must not be > accepted. So= just to double check: it is Ok to register names in Greek or Cyrillic (for= example) and they will be compared in a case sensitive manner? > I also propose that we say that member name co= mparison occurs in the > manner described in https://tools.i= etf.org/html/rfc7159#section-8.3. My understanding is that RFC 7159 rec= ommends case-sensitive comparison and that is fine with me. > Will that = work for you, Alexey? Best Regards, Alexey > > Thanks, > -- Mike > > -----Original Message----- > F= rom: Alexey Melnikov [mailto:aame= lnikov@fastmail.fm] > Sent: Wednesday, January 24, 2018 12:06 AM >= ; To: The IESG > Cc: draft-ietf-oauth-dis= covery@ietf.org; Hannes Tschofenig > ; oauth-chairs@ietf.org; > Hannes.Tschofenig@gmx.net; oauth@ietf= .org > Subject: Alexey Melnikov's Discuss on draft-ietf-oauth-discov= ery-08: > (with DISCUSS and COMMENT) > > Alexey Melnikov has enter= ed the following ballot position for > draft-ietf-oauth-discovery-08: Discuss > > When responding, please keep the subject line intact and= reply to all > email addresses included in the To and CC lines. (Feel f= ree to cut this > introductory paragraph, however.) > > > Pleas= e refer to https= ://www.ietf.org/iesg/statement/discuss-criteria.html > for more info= rmation about IESG DISCUSS and COMMENT positions. > > > The docume= nt, along with other ballot positions, can be found here: > https://datatracker.ietf.org/doc/draft-ietf-oauth-discovery/ > > = > > -----------------------------------------------------------------= ----- > DISCUSS: > --------------------------------------------------= -------------------- > > Thank you for the well written IANA Considerations section. I have one > comment on it which should be= easy to resolve: > > The document doesn't seem to say anything about= allowed characters in > Metadata names. When the document talks about &= quot;case-insensitive > matching", it is not clear how to implement the matching, because it is > not clear whether or not= Metadata names are ASCII only. If they are not, > then you need to bett= er define what "case insensitive" means. > > > ---------= ------------------------------------------------------------- > COMMENT: > -------------------------------------------------------= --------------- > > I am agreeing with Adam's DISCUSS. > > >= _______________________________________________ > OAuth mailing list &g= t; OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth

--_000_SN6PR2101MB0943219B09904D35D7A37CA2F5C00SN6PR2101MB0943_-- --_005_SN6PR2101MB0943219B09904D35D7A37CA2F5C00SN6PR2101MB0943_ Content-Type: application/xml; name="draft-ietf-oauth-discovery.xml" Content-Description: draft-ietf-oauth-discovery.xml Content-Disposition: attachment; filename="draft-ietf-oauth-discovery.xml"; size=82055; creation-date="Tue, 27 Feb 2018 07:02:43 GMT"; modification-date="Tue, 27 Feb 2018 07:02:43 GMT" Content-Transfer-Encoding: base64 PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVMtQVNDSUkiPz4KPD94bWwtc3R5bGVzaGVl dCB0eXBlPSd0ZXh0L3hzbCcgaHJlZj0naHR0cDovL3htbDJyZmMudG9vbHMuaWV0Zi5vcmcvYXV0 aG9yaW5nL3JmYzI2MjkueHNsdCcgPz4KPCFET0NUWVBFIHJmYyBQVUJMSUMgIi0vL0lFVEYvL0RU RCBSRkMgMjYyOS8vRU4iCiJodHRwOi8veG1sMnJmYy50b29scy5pZXRmLm9yZy9hdXRob3Jpbmcv cmZjMjYyOS5kdGQiPgoKPHJmYyBjYXRlZ29yeT0ic3RkIiBkb2NOYW1lPSJkcmFmdC1pZXRmLW9h dXRoLWRpc2NvdmVyeS0wOSIgaXByPSJ0cnVzdDIwMDkwMiI+CgogIDw/cmZjIHRvYz0ieWVzIiA/ PgogIDw/cmZjIHRvY2RlcHRoPSI1IiA/PgogIDw/cmZjIHN5bXJlZnM9InllcyIgPz4KICA8P3Jm YyBzb3J0cmVmcz0ieWVzIj8+CiAgPD9yZmMgc3RyaWN0PSJ5ZXMiID8+CiAgPD9yZmMgY29tcGFj dD0neWVzJyA/PgogIDw/cmZjIHN1YmNvbXBhY3Q9J25vJyA/PgoKICA8ZnJvbnQ+CiAgICA8dGl0 bGUgYWJicmV2PSJPQXV0aCAyLjAgQXV0aG9yaXphdGlvbiBTZXJ2ZXIgTWV0YWRhdGEiPk9BdXRo IDIuMCBBdXRob3JpemF0aW9uIFNlcnZlciBNZXRhZGF0YTwvdGl0bGU+CgogICAgPGF1dGhvciBm dWxsbmFtZT0iTWljaGFlbCBCLiBKb25lcyIgaW5pdGlhbHM9Ik0uQi4iIHN1cm5hbWU9IkpvbmVz Ij4KICAgICAgPG9yZ2FuaXphdGlvbiBhYmJyZXY9Ik1pY3Jvc29mdCI+TWljcm9zb2Z0PC9vcmdh bml6YXRpb24+CiAgICAgIDxhZGRyZXNzPgogICAgICAgIDxlbWFpbD5tYmpAbWljcm9zb2Z0LmNv bTwvZW1haWw+Cgk8dXJpPmh0dHA6Ly9zZWxmLWlzc3VlZC5pbmZvLzwvdXJpPgogICAgICA8L2Fk ZHJlc3M+CiAgICA8L2F1dGhvcj4KCiAgICA8YXV0aG9yIGZ1bGxuYW1lPSJOYXQgU2FraW11cmEi IGluaXRpYWxzPSJOLiIgc3VybmFtZT0iU2FraW11cmEiPgogICAgICA8b3JnYW5pemF0aW9uIGFi YnJldj0iTlJJIj5Ob211cmEgUmVzZWFyY2ggSW5zdGl0dXRlLCBMdGQuPC9vcmdhbml6YXRpb24+ CiAgICAgIDxhZGRyZXNzPgogICAgICAgIDxlbWFpbD5uLXNha2ltdXJhQG5yaS5jby5qcDwvZW1h aWw+Cgk8dXJpPmh0dHA6Ly9uYXQuc2FraW11cmEub3JnLzwvdXJpPgogICAgICA8L2FkZHJlc3M+ CiAgICA8L2F1dGhvcj4KCiAgICA8YXV0aG9yIGZ1bGxuYW1lPSJKb2huIEJyYWRsZXkiIGluaXRp YWxzPSJKLiIgc3VybmFtZT0iQnJhZGxleSI+CiAgICAgIDxvcmdhbml6YXRpb24gYWJicmV2PSJQ aW5nIElkZW50aXR5Ij5QaW5nIElkZW50aXR5PC9vcmdhbml6YXRpb24+CiAgICAgIDxhZGRyZXNz PgogICAgICAgIDxlbWFpbD52ZTdqdGJAdmU3anRiLmNvbTwvZW1haWw+Cgk8dXJpPmh0dHA6Ly93 d3cudGhyZWFkLXNhZmUuY29tLzwvdXJpPgogICAgICA8L2FkZHJlc3M+CiAgICA8L2F1dGhvcj4K CiAgICA8ZGF0ZSBkYXk9IjI2IiBtb250aD0iRmVicnVhcnkiIHllYXI9IjIwMTgiIC8+CgogICAg PGFyZWE+U2VjdXJpdHk8L2FyZWE+CiAgICA8d29ya2dyb3VwPk9BdXRoIFdvcmtpbmcgR3JvdXA8 L3dvcmtncm91cD4KCiAgICA8a2V5d29yZD5PQXV0aDwva2V5d29yZD4KICAgIDxrZXl3b3JkPkRp c2NvdmVyeTwva2V5d29yZD4KICAgIDxrZXl3b3JkPk1ldGFkYXRhPC9rZXl3b3JkPgogICAgPGtl eXdvcmQ+RGlzY292ZXJ5IE1ldGFkYXRhPC9rZXl3b3JkPgogICAgPGtleXdvcmQ+Q29uZmlndXJh dGlvbiBJbmZvcm1hdGlvbjwva2V5d29yZD4KICAgIDxrZXl3b3JkPkF1dGhvcml6YXRpb24gU2Vy dmVyPC9rZXl3b3JkPgogICAgPGtleXdvcmQ+V2ViRmluZ2VyPC9rZXl3b3JkPgogICAgPGtleXdv cmQ+SmF2YVNjcmlwdCBPYmplY3QgTm90YXRpb248L2tleXdvcmQ+CiAgICA8a2V5d29yZD5KU09O PC9rZXl3b3JkPgogICAgPGtleXdvcmQ+SlNPTiBXZWIgVG9rZW48L2tleXdvcmQ+CiAgICA8a2V5 d29yZD5KV1Q8L2tleXdvcmQ+CgogICAgPGFic3RyYWN0PgogICAgICA8dD4KCVRoaXMgc3BlY2lm aWNhdGlvbiBkZWZpbmVzIGEgbWV0YWRhdGEgZm9ybWF0IHRoYXQKCWFuIE9BdXRoIDIuMCBjbGll bnQgY2FuIHVzZSB0byBvYnRhaW4KCXRoZSBpbmZvcm1hdGlvbiBuZWVkZWQgdG8gaW50ZXJhY3Qg d2l0aAoJYW4gT0F1dGggMi4wIGF1dGhvcml6YXRpb24gc2VydmVyLAoJaW5jbHVkaW5nIGl0cyBl bmRwb2ludCBsb2NhdGlvbnMgYW5kIGF1dGhvcml6YXRpb24gc2VydmVyIGNhcGFiaWxpdGllcy4K ICAgICAgPC90PgogICAgPC9hYnN0cmFjdD4KICA8L2Zyb250PgoKICA8bWlkZGxlPgogICAgPHNl Y3Rpb24gYW5jaG9yPSJJbnRyb2R1Y3Rpb24iIHRpdGxlPSJJbnRyb2R1Y3Rpb24iPgogICAgICA8 dD4KCVRoaXMgc3BlY2lmaWNhdGlvbiBnZW5lcmFsaXplcyB0aGUgbWV0YWRhdGEgZm9ybWF0IGRl ZmluZWQgYnkKCTx4cmVmIHRhcmdldD0iT3BlbklELkRpc2NvdmVyeSI+Ik9wZW5JRCBDb25uZWN0 IERpc2NvdmVyeSAxLjAiPC94cmVmPgoJaW4gYSB3YXkgdGhhdCBpcyBjb21wYXRpYmxlIHdpdGgg T3BlbklEIENvbm5lY3QgRGlzY292ZXJ5LAoJd2hpbGUgYmVpbmcgYXBwbGljYWJsZSB0byBhIHdp ZGVyIHNldCBvZiBPQXV0aCAyLjAgdXNlIGNhc2VzLgoJVGhpcyBpcyBpbnRlbnRpb25hbGx5IHBh cmFsbGVsIHRvIHRoZSB3YXkgdGhhdCB0aGUKCTx4cmVmIHRhcmdldD0iUkZDNzU5MSI+Ik9BdXRo IDIuMCBEeW5hbWljIENsaWVudCBSZWdpc3RyYXRpb24gUHJvdG9jb2wiPC94cmVmPgoJc3BlY2lm aWNhdGlvbiBnZW5lcmFsaXplZCB0aGUgZHluYW1pYyBjbGllbnQgcmVnaXN0cmF0aW9uIG1lY2hh bmlzbXMgZGVmaW5lZCBieQoJPHhyZWYgdGFyZ2V0PSJPcGVuSUQuUmVnaXN0cmF0aW9uIj4iT3Bl bklEIENvbm5lY3QgRHluYW1pYyBDbGllbnQgUmVnaXN0cmF0aW9uIDEuMCI8L3hyZWY+CglpbiBh IHdheSB0aGF0IHdhcyBjb21wYXRpYmxlIHdpdGggaXQuCiAgICAgIDwvdD4KICAgICAgPHQ+CglU aGUgbWV0YWRhdGEgZm9yIGFuIGF1dGhvcml6YXRpb24gc2VydmVyCglpcyByZXRyaWV2ZWQgZnJv bSBhIHdlbGwta25vd24gbG9jYXRpb24gYXMgYSBKU09OIDx4cmVmIHRhcmdldD0iUkZDNzE1OSIv PiBkb2N1bWVudCwKCXdoaWNoIGRlY2xhcmVzIGl0cyBlbmRwb2ludCBsb2NhdGlvbnMgYW5kIGF1 dGhvcml6YXRpb24gc2VydmVyIGNhcGFiaWxpdGllcy4KCVRoaXMgcHJvY2VzcyBpcyBkZXNjcmli ZWQgaW4gPHhyZWYgdGFyZ2V0PSJBU0NvbmZpZyIvPi4KICAgICAgPC90PgogICAgICA8dD4KCVRo aXMgbWV0YWRhdGEgY2FuIGVpdGhlciBiZSBjb21tdW5pY2F0ZWQgaW4gYSBzZWxmLWFzc2VydGVk IGZhc2hpb24KCWJ5IHRoZSBzZXJ2ZXIgb3JpZ2luIHZpYSBIVFRQUyBvciBhcwoJYSBzZXQgb2Yg c2lnbmVkIG1ldGFkYXRhIHZhbHVlcyByZXByZXNlbnRlZCBhcyBjbGFpbXMKCWluIGEgSlNPTiBX ZWIgVG9rZW4gKEpXVCkgPHhyZWYgdGFyZ2V0PSJKV1QiLz4uCglJbiB0aGUgSldUIGNhc2UsIHRo ZSBpc3N1ZXIgaXMgdm91Y2hpbmcgZm9yCgl0aGUgdmFsaWRpdHkgb2YgdGhlIGRhdGEgYWJvdXQg dGhlIGF1dGhvcml6YXRpb24gc2VydmVyLgoJVGhpcyBpcyBhbmFsb2dvdXMgdG8gdGhlIHJvbGUg dGhhdCB0aGUgU29mdHdhcmUgU3RhdGVtZW50CglwbGF5cyBpbiBPQXV0aCBEeW5hbWljIENsaWVu dCBSZWdpc3RyYXRpb24gPHhyZWYgdGFyZ2V0PSJSRkM3NTkxIi8+LgogICAgICA8L3Q+CiAgICAg IDx0PgoJVGhlIG1lYW5zIGJ5IHdoaWNoIHRoZSBjbGllbnQgY2hvb3NlcyBhbiBhdXRob3JpemF0 aW9uIHNlcnZlcgoJaXMgb3V0IG9mIHNjb3BlLgoJSW4gc29tZSBjYXNlcywgaXRzIGlzc3VlciBp ZGVudGlmaWVyIG1heSBiZSBtYW51YWxseSBjb25maWd1cmVkIGludG8gdGhlIGNsaWVudC4KCUlu IG90aGVyIGNhc2VzLCBpdCBtYXkgYmUgZHluYW1pY2FsbHkgZGlzY292ZXJlZCwgZm9yIGluc3Rh bmNlLAoJdGhyb3VnaCB0aGUgdXNlIG9mIDx4cmVmIHRhcmdldD0iUkZDNzAzMyI+V2ViRmluZ2Vy PC94cmVmPiwKCWFzIGRlc2NyaWJlZCBpbiBTZWN0aW9uIDIgb2YKCTx4cmVmIHRhcmdldD0iT3Bl bklELkRpc2NvdmVyeSI+Ik9wZW5JRCBDb25uZWN0IERpc2NvdmVyeSAxLjAiPC94cmVmPi4KICAg ICAgPC90PgoKICAgICAgPHNlY3Rpb24gYW5jaG9yPSJybmMiIHRpdGxlPSJSZXF1aXJlbWVudHMg Tm90YXRpb24gYW5kIENvbnZlbnRpb25zIj4KCTx0PgoJICBUaGUga2V5IHdvcmRzICJNVVNUIiwg Ik1VU1QgTk9UIiwgIlJFUVVJUkVEIiwgIlNIQUxMIiwgIlNIQUxMIE5PVCIsCgkgICJTSE9VTEQi LCAiU0hPVUxEIE5PVCIsICJSRUNPTU1FTkRFRCIsICJOT1QgUkVDT01NRU5ERUQiLAoJICAiTUFZ IiwgYW5kICJPUFRJT05BTCIgaW4gdGhpcyBkb2N1bWVudCBhcmUgdG8gYmUgaW50ZXJwcmV0ZWQg YXMKCSAgZGVzY3JpYmVkIGluIEJDUCAxNCA8eHJlZiB0YXJnZXQ9IlJGQzIxMTkiLz4gPHhyZWYg dGFyZ2V0PSJSRkM4MTc0Ii8+CgkgIHdoZW4sIGFuZCBvbmx5IHdoZW4sIHRoZXkgYXBwZWFyIGlu IGFsbCBjYXBpdGFscywgYXMgc2hvd24gaGVyZS4KCTwvdD4KCgk8dD4KCSAgQWxsIHVzZXMgb2Yg PHhyZWYgdGFyZ2V0PSJKV1MiPkpTT04gV2ViIFNpZ25hdHVyZSAoSldTKTwveHJlZj4KCSAgYW5k IDx4cmVmIHRhcmdldD0iSldFIj5KU09OIFdlYiBFbmNyeXB0aW9uIChKV0UpPC94cmVmPgoJICBk YXRhIHN0cnVjdHVyZXMgaW4gdGhpcyBzcGVjaWZpY2F0aW9uIHV0aWxpemUKCSAgdGhlIEpXUyBD b21wYWN0IFNlcmlhbGl6YXRpb24gb3IgdGhlIEpXRSBDb21wYWN0IFNlcmlhbGl6YXRpb247Cgkg IHRoZSBKV1MgSlNPTiBTZXJpYWxpemF0aW9uIGFuZCB0aGUgSldFIEpTT04gU2VyaWFsaXphdGlv biBhcmUgbm90IHVzZWQuCgk8L3Q+CiAgICAgIDwvc2VjdGlvbj4KCiAgICAgIDxzZWN0aW9uIGFu Y2hvcj0iVGVybWlub2xvZ3kiIHRpdGxlPSJUZXJtaW5vbG9neSI+Cgk8dD4KCSAgVGhpcyBzcGVj aWZpY2F0aW9uIHVzZXMgdGhlIHRlcm1zICJBY2Nlc3MgVG9rZW4iLCAiQXV0aG9yaXphdGlvbiBD b2RlIiwKCSAgIkF1dGhvcml6YXRpb24gRW5kcG9pbnQiLCAiQXV0aG9yaXphdGlvbiBHcmFudCIs ICJBdXRob3JpemF0aW9uIFNlcnZlciIsCgkgICJDbGllbnQiLCAiQ2xpZW50IEF1dGhlbnRpY2F0 aW9uIiwgIkNsaWVudCBJZGVudGlmaWVyIiwgIkNsaWVudCBTZWNyZXQiLAoJICAiR3JhbnQgVHlw ZSIsICJQcm90ZWN0ZWQgUmVzb3VyY2UiLCAiUmVkaXJlY3Rpb24gVVJJIiwgIlJlZnJlc2ggVG9r ZW4iLAoJICAiUmVzb3VyY2UgT3duZXIiLCAiUmVzb3VyY2UgU2VydmVyIiwgIlJlc3BvbnNlIFR5 cGUiLCBhbmQgIlRva2VuIEVuZHBvaW50IgoJICBkZWZpbmVkIGJ5IDx4cmVmIHRhcmdldD0iUkZD Njc0OSI+T0F1dGggMi4wPC94cmVmPiwKCSAgdGhlIHRlcm1zICJDbGFpbSBOYW1lIiwgIkNsYWlt IFZhbHVlIiwgYW5kICJKU09OIFdlYiBUb2tlbiAoSldUKSIKCSAgZGVmaW5lZCBieSA8eHJlZiB0 YXJnZXQ9IkpXVCI+SlNPTiBXZWIgVG9rZW4gKEpXVCk8L3hyZWY+LAoJICA8IS0tCgkgIHRoZSB0 ZXJtcyBkZWZpbmVkIGJ5CgkgIDx4cmVmIHRhcmdldD0iT3BlbklELkNvcmUiPk9wZW5JRCBDb25u ZWN0IENvcmUgMS4wPC94cmVmPiwKCSAgLS0+CgkgIGFuZCB0aGUgdGVybSAiUmVzcG9uc2UgTW9k ZSIgZGVmaW5lZCBieQoJICA8eHJlZiB0YXJnZXQ9Ik9BdXRoLlJlc3BvbnNlcyI+T0F1dGggMi4w IE11bHRpcGxlIFJlc3BvbnNlIFR5cGUgRW5jb2RpbmcgUHJhY3RpY2VzPC94cmVmPi4KCTwvdD4K ICAgICAgPC9zZWN0aW9uPgogICAgPC9zZWN0aW9uPgoKICAgIDxzZWN0aW9uIGFuY2hvcj0iQVNN ZXRhZGF0YSIgdGl0bGU9IkF1dGhvcml6YXRpb24gU2VydmVyIE1ldGFkYXRhIj4KICAgICAgPHQ+ CglBdXRob3JpemF0aW9uIHNlcnZlcnMgY2FuIGhhdmUgbWV0YWRhdGEgZGVzY3JpYmluZyB0aGVp ciBjb25maWd1cmF0aW9uLgoJVGhlIGZvbGxvd2luZyBhdXRob3JpemF0aW9uIHNlcnZlciBtZXRh ZGF0YSB2YWx1ZXMKCWFyZSB1c2VkIGJ5IHRoaXMgc3BlY2lmaWNhdGlvbiBhbmQgYXJlIHJlZ2lz dGVyZWQgaW4gdGhlIElBTkEKCSJPQXV0aCBBdXRob3JpemF0aW9uIFNlcnZlciBNZXRhZGF0YSIg cmVnaXN0cnkKCWVzdGFibGlzaGVkIGluIDx4cmVmIHRhcmdldD0iQVNNZXRhZGF0YVJlZyIvPjoK Cgk8bGlzdCBzdHlsZT0iaGFuZ2luZyI+CgoJICA8dCBoYW5nVGV4dD0iaXNzdWVyIj4KCSAgICA8 dnNwYWNlLz4KCSAgICBSRVFVSVJFRC4KCSAgICBUaGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIncyBp c3N1ZXIgaWRlbnRpZmllciwgd2hpY2ggaXMgYSBVUkwgdGhhdAoJICAgIHVzZXMgdGhlIDxzcGFu eCBzdHlsZT0idmVyYiI+aHR0cHM8L3NwYW54PiBzY2hlbWUgYW5kIGhhcyBubyBxdWVyeSBvciBm cmFnbWVudCBjb21wb25lbnRzLgoJICAgIEF1dGhvcml6YXRpb24gc2VydmVyIG1ldGFkYXRhIGlz IHB1Ymxpc2hlZCBhdCBhCgkgICAgPHNwYW54IHN0eWxlPSJ2ZXJiIj4ud2VsbC1rbm93bjwvc3Bh bng+IDx4cmVmIHRhcmdldD0iUkZDNTc4NSI+UkZDIDU3ODU8L3hyZWY+CgkgICAgbG9jYXRpb24g ZGVyaXZlZCBmcm9tIHRoaXMgaXNzdWVyIGlkZW50aWZpZXIsIGFzIGRlc2NyaWJlZCBpbiA8eHJl ZiB0YXJnZXQ9IkFTQ29uZmlnIi8+LgoJICAgIDwhLS0KCSAgICBJZiBXZWJGaW5nZXIgZGlzY292 ZXJ5IGlzIHN1cHBvcnRlZCAoc2VlIDx4cmVmIHRhcmdldD0iV2ViRmluZ2VyRGlzY292ZXJ5Ii8+ KSwKCSAgICB0aGlzIHZhbHVlIE1VU1QgYmUgaWRlbnRpY2FsIHRvIHRoZSBpc3N1ZXIgaWRlbnRp ZmllciB2YWx1ZSByZXR1cm5lZCBieSBXZWJGaW5nZXIuCgkgICAgVGhpcyBhbHNvIE1VU1QgYmUg aWRlbnRpY2FsIHRvIHRoZSA8c3Bhbnggc3R5bGU9InZlcmIiPmlzczwvc3Bhbng+IENsYWltIHZh bHVlCgkgICAgaW4gSUQgVG9rZW5zIGlzc3VlZCBmcm9tIHRoaXMgSXNzdWVyLgoJICAgIC0tPgoJ ICAgIFRoZSBpc3N1ZXIgaWRlbnRpZmllciBpcyB1c2VkIHRvIHByZXZlbnQgYXV0aG9yaXphdGlv biBzZXJ2ZXIgbWl4LXVwIGF0dGFja3MsCgkgICAgYXMgZGVzY3JpYmVkIGluCgkgICAgPHhyZWYg dGFyZ2V0PSJJLUQuaWV0Zi1vYXV0aC1taXgtdXAtbWl0aWdhdGlvbiI+Ik9BdXRoIDIuMCBNaXgt VXAgTWl0aWdhdGlvbiI8L3hyZWY+LgoJICA8L3Q+CgoJICA8dCBoYW5nVGV4dD0iYXV0aG9yaXph dGlvbl9lbmRwb2ludCI+CgkgICAgPHZzcGFjZS8+CgkgICAgVVJMIG9mIHRoZSBhdXRob3JpemF0 aW9uIHNlcnZlcidzIGF1dGhvcml6YXRpb24gZW5kcG9pbnQgPHhyZWYgdGFyZ2V0PSJSRkM2NzQ5 Ii8+LgoJICAgIFRoaXMgaXMgUkVRVUlSRUQgdW5sZXNzIG5vIGdyYW50IHR5cGVzIGFyZSBzdXBw b3J0ZWQgdGhhdCB1c2UgdGhlIGF1dGhvcml6YXRpb24gZW5kcG9pbnQuCgkgIDwvdD4KCgkgIDx0 IGhhbmdUZXh0PSJ0b2tlbl9lbmRwb2ludCI+CgkgICAgPHZzcGFjZS8+CgkgICAgVVJMIG9mIHRo ZSBhdXRob3JpemF0aW9uIHNlcnZlcidzIHRva2VuIGVuZHBvaW50IDx4cmVmIHRhcmdldD0iUkZD Njc0OSIvPi4KCSAgICBUaGlzIGlzIFJFUVVJUkVEIHVubGVzcyBvbmx5IHRoZSBpbXBsaWNpdCBn cmFudCB0eXBlIGlzIHN1cHBvcnRlZC4KCSAgPC90PgoKCSAgPCEtLQoJICA8dCBoYW5nVGV4dD0i dXNlcmluZm9fZW5kcG9pbnQiPgoJICAgIDx2c3BhY2UvPgoJICAgIFJFQ09NTUVOREVELgoJICAg IFVSTCBvZiB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIncyBVc2VySW5mbyBFbmRwb2ludCA8eHJl ZiB0YXJnZXQ9Ik9wZW5JRC5Db3JlIi8+LgoJICAgIFRoaXMgVVJMIE1VU1QgdXNlIHRoZSA8c3Bh bnggc3R5bGU9InZlcmIiPmh0dHBzPC9zcGFueD4gc2NoZW1lIGFuZCBNQVkgY29udGFpbgoJICAg IHBvcnQsIHBhdGgsIGFuZCBxdWVyeSBwYXJhbWV0ZXIgY29tcG9uZW50cy4KCSAgPC90PgoJICAt LT4KCgkgIDx0IGhhbmdUZXh0PSJqd2tzX3VyaSI+CgkgICAgPHZzcGFjZS8+CgkgICAgT1BUSU9O QUwuCgkgICAgVVJMIG9mIHRoZSBhdXRob3JpemF0aW9uIHNlcnZlcidzIEpXSyBTZXQgPHhyZWYg dGFyZ2V0PSJKV0siLz4gZG9jdW1lbnQuCgkgICAgVGhlIHJlZmVyZW5jZWQgZG9jdW1lbnQgY29u dGFpbnMgdGhlIHNpZ25pbmcga2V5KHMpIHRoZSBjbGllbnQgdXNlcyB0byB2YWxpZGF0ZSBzaWdu YXR1cmVzIGZyb20gdGhlIGF1dGhvcml6YXRpb24gc2VydmVyLgoJICAgIFRoaXMgVVJMIE1VU1Qg dXNlIHRoZSA8c3Bhbnggc3R5bGU9InZlcmIiPmh0dHBzPC9zcGFueD4gc2NoZW1lLgoJICAgIFRo ZSBKV0sgU2V0IE1BWSBhbHNvIGNvbnRhaW4gdGhlIHNlcnZlcidzIGVuY3J5cHRpb24ga2V5KHMp LAoJICAgIHdoaWNoIGFyZSB1c2VkIGJ5IGNsaWVudHMgdG8gZW5jcnlwdCByZXF1ZXN0cyB0byB0 aGUgc2VydmVyLgoJICAgIFdoZW4gYm90aCBzaWduaW5nIGFuZCBlbmNyeXB0aW9uIGtleXMgYXJl IG1hZGUgYXZhaWxhYmxlLAoJICAgIGEgPHNwYW54IHN0eWxlPSJ2ZXJiIj51c2U8L3NwYW54PiAo cHVibGljIGtleSB1c2UpIHBhcmFtZXRlcgoJICAgIHZhbHVlIGlzIFJFUVVJUkVEIGZvciBhbGwg a2V5cyBpbiB0aGUgcmVmZXJlbmNlZCBKV0sgU2V0CgkgICAgdG8gaW5kaWNhdGUgZWFjaCBrZXkn cyBpbnRlbmRlZCB1c2FnZS4KCSAgPC90PgoKCSAgPHQgaGFuZ1RleHQ9InJlZ2lzdHJhdGlvbl9l bmRwb2ludCI+CgkgICAgPHZzcGFjZS8+CgkgICAgT1BUSU9OQUwuCgkgICAgVVJMIG9mIHRoZSBh dXRob3JpemF0aW9uIHNlcnZlcidzIE9BdXRoIDIuMCBEeW5hbWljIENsaWVudCBSZWdpc3RyYXRp b24gZW5kcG9pbnQgPHhyZWYgdGFyZ2V0PSJSRkM3NTkxIj48L3hyZWY+LgoJICA8L3Q+CgoJICA8 dCBoYW5nVGV4dD0ic2NvcGVzX3N1cHBvcnRlZCI+CgkgICAgPHZzcGFjZS8+CgkgICAgUkVDT01N RU5ERUQuCgkgICAgSlNPTiBhcnJheSBjb250YWluaW5nIGEgbGlzdCBvZiB0aGUgPHhyZWYKCSAg ICB0YXJnZXQ9IlJGQzY3NDkiPk9BdXRoIDIuMDwveHJlZj4gPHNwYW54IHN0eWxlPSJ2ZXJiIj5z Y29wZTwvc3Bhbng+IHZhbHVlcyB0aGF0IHRoaXMgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgc3VwcG9y dHMuCgkgICAgPCEtLQoJICAgIFRoZSBzZXJ2ZXIgTVVTVCBzdXBwb3J0IHRoZSA8c3Bhbnggc3R5 bGU9InZlcmIiPm9wZW5pZDwvc3Bhbng+CgkgICAgc2NvcGUgdmFsdWUuCgkgICAgLS0+CgkgICAg U2VydmVycyBNQVkgY2hvb3NlIG5vdCB0byBhZHZlcnRpc2Ugc29tZSBzdXBwb3J0ZWQgc2NvcGUg dmFsdWVzCgkgICAgZXZlbiB3aGVuIHRoaXMgcGFyYW1ldGVyIGlzIHVzZWQuCgkgICAgPCEtLQoJ ICAgICwgYWx0aG91Z2ggdGhvc2UgZGVmaW5lZCBpbgoJICAgIDx4cmVmIHRhcmdldD0iT3BlbklE LkNvcmUiLz4gU0hPVUxEIGJlIGxpc3RlZCwgaWYgc3VwcG9ydGVkLgoJICAgIC0tPgoJICA8L3Q+ CgoJICA8dCBoYW5nVGV4dD0icmVzcG9uc2VfdHlwZXNfc3VwcG9ydGVkIj4KCSAgICA8dnNwYWNl Lz4KCSAgICBSRVFVSVJFRC4KCSAgICBKU09OIGFycmF5IGNvbnRhaW5pbmcgYSBsaXN0IG9mIHRo ZSBPQXV0aCAyLjAKCSAgICA8c3Bhbnggc3R5bGU9InZlcmIiPnJlc3BvbnNlX3R5cGU8L3NwYW54 PiB2YWx1ZXMgdGhhdCB0aGlzCgkgICAgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgc3VwcG9ydHMuCgkg ICAgVGhlIGFycmF5IHZhbHVlcyB1c2VkIGFyZSB0aGUgc2FtZSBhcyB0aG9zZSB1c2VkIHdpdGgg dGhlCgkgICAgPHNwYW54IHN0eWxlPSJ2ZXJiIj5yZXNwb25zZV90eXBlczwvc3Bhbng+IHBhcmFt ZXRlciBkZWZpbmVkIGJ5CgkgICAgPHhyZWYgdGFyZ2V0PSJSRkM3NTkxIj4iT0F1dGggMi4wIER5 bmFtaWMgQ2xpZW50IFJlZ2lzdHJhdGlvbiBQcm90b2NvbCI8L3hyZWY+LgoJICA8L3Q+CgoJICA8 dCBoYW5nVGV4dD0icmVzcG9uc2VfbW9kZXNfc3VwcG9ydGVkIj4KCSAgICA8dnNwYWNlLz4KCSAg ICBPUFRJT05BTC4KCSAgICBKU09OIGFycmF5IGNvbnRhaW5pbmcgYSBsaXN0IG9mIHRoZSBPQXV0 aCAyLjAKCSAgICA8c3Bhbnggc3R5bGU9InZlcmIiPnJlc3BvbnNlX21vZGU8L3NwYW54PiB2YWx1 ZXMgdGhhdCB0aGlzCgkgICAgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgc3VwcG9ydHMsIGFzIHNwZWNp ZmllZCBpbgoJICAgIDx4cmVmIHRhcmdldD0iT0F1dGguUmVzcG9uc2VzIj5PQXV0aCAyLjAgTXVs dGlwbGUgUmVzcG9uc2UgVHlwZSBFbmNvZGluZyBQcmFjdGljZXM8L3hyZWY+LgoJICAgIElmIG9t aXR0ZWQsIHRoZSBkZWZhdWx0IGlzCgkgICAgPHNwYW54IHN0eWxlPSJ2ZXJiIj5bInF1ZXJ5Iiwg ImZyYWdtZW50Il08L3NwYW54Pi4KCSAgICBUaGUgcmVzcG9uc2UgbW9kZSB2YWx1ZSA8c3Bhbngg c3R5bGU9InZlcmIiPmZvcm1fcG9zdDwvc3Bhbng+IGlzIGFsc28gZGVmaW5lZCBpbgoJICAgIDx4 cmVmIHRhcmdldD0iT0F1dGguUG9zdCI+T0F1dGggMi4wIEZvcm0gUG9zdCBSZXNwb25zZSBNb2Rl PC94cmVmPi4KCSAgPC90PgoKCSAgPHQgaGFuZ1RleHQ9ImdyYW50X3R5cGVzX3N1cHBvcnRlZCI+ CgkgICAgPHZzcGFjZS8+CgkgICAgT1BUSU9OQUwuCgkgICAgSlNPTiBhcnJheSBjb250YWluaW5n IGEgbGlzdCBvZiB0aGUgT0F1dGggMi4wCgkgICAgZ3JhbnQgdHlwZSB2YWx1ZXMgdGhhdCB0aGlz CgkgICAgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgc3VwcG9ydHMuCgkgICAgVGhlIGFycmF5IHZhbHVl cyB1c2VkIGFyZSB0aGUgc2FtZSBhcyB0aG9zZSB1c2VkIHdpdGggdGhlCgkgICAgPHNwYW54IHN0 eWxlPSJ2ZXJiIj5ncmFudF90eXBlczwvc3Bhbng+IHBhcmFtZXRlciBkZWZpbmVkIGJ5CgkgICAg PHhyZWYgdGFyZ2V0PSJSRkM3NTkxIj4iT0F1dGggMi4wIER5bmFtaWMgQ2xpZW50IFJlZ2lzdHJh dGlvbiBQcm90b2NvbCI8L3hyZWY+LgoJICAgIElmIG9taXR0ZWQsIHRoZSBkZWZhdWx0IHZhbHVl IGlzCgkgICAgPHNwYW54IHN0eWxlPSJ2ZXJiIj5bImF1dGhvcml6YXRpb25fY29kZSIsICJpbXBs aWNpdCJdPC9zcGFueD4uCgkgIDwvdD4KCgkgIDwhLS0KCSAgPHQgaGFuZ1RleHQ9ImFjcl92YWx1 ZXNfc3VwcG9ydGVkIj4KCSAgICA8dnNwYWNlLz4KCSAgICBPUFRJT05BTC4KCSAgICBKU09OIGFy cmF5IGNvbnRhaW5pbmcgYSBsaXN0IG9mIHRoZSBBdXRoZW50aWNhdGlvbiBDb250ZXh0IENsYXNz IFJlZmVyZW5jZXMKCSAgICB0aGF0IHRoaXMgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgc3VwcG9ydHMu CgkgIDwvdD4KCgkgIDx0IGhhbmdUZXh0PSJzdWJqZWN0X3R5cGVzX3N1cHBvcnRlZCI+CgkgICAg PHZzcGFjZS8+CgkgICAgUkVRVUlSRUQuCgkgICAgSlNPTiBhcnJheSBjb250YWluaW5nIGEgbGlz dCBvZiB0aGUgU3ViamVjdCBJZGVudGlmaWVyIHR5cGVzIHRoYXQKCSAgICB0aGlzIGF1dGhvcml6 YXRpb24gc2VydmVyIHN1cHBvcnRzLiBWYWxpZCB0eXBlcyBpbmNsdWRlCgkgICAgPHNwYW54IHN0 eWxlPSJ2ZXJiIj5wYWlyd2lzZTwvc3Bhbng+IGFuZAoJICAgIDxzcGFueCBzdHlsZT0idmVyYiI+ cHVibGljPC9zcGFueD4uCgkgIDwvdD4KCgkgIDx0IGhhbmdUZXh0PSJpZF90b2tlbl9zaWduaW5n X2FsZ192YWx1ZXNfc3VwcG9ydGVkIj4KCSAgICA8dnNwYWNlLz4KCSAgICBSRVFVSVJFRC4KCSAg ICBKU09OIGFycmF5IGNvbnRhaW5pbmcgYSBsaXN0IG9mIHRoZSBKV1Mgc2lnbmluZyBhbGdvcml0 aG1zCgkgICAgKDxzcGFueCBzdHlsZT0idmVyYiI+YWxnPC9zcGFueD4gdmFsdWVzKQoJICAgIHN1 cHBvcnRlZCBieSB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgZm9yIHRoZSBJRCBUb2tlbgoJICAg IHRvIGVuY29kZSB0aGUgY2xhaW1zIGluIGEgSldUIDx4cmVmIHRhcmdldD0iSldUIiAvPi4KCSAg ICBUaGUgYWxnb3JpdGhtIDxzcGFueCBzdHlsZT0idmVyYiI+UlMyNTY8L3NwYW54PiBNVVNUIGJl IGluY2x1ZGVkLgoJICAgIFRoZSB2YWx1ZSA8c3Bhbnggc3R5bGU9InZlcmIiPm5vbmU8L3NwYW54 PiBNQVkgYmUgc3VwcG9ydGVkLAoJICAgIGJ1dCBNVVNUIE5PVCBiZSB1c2VkCgkgICAgdW5sZXNz IHRoZSByZXNwb25zZSB0eXBlIHVzZWQgcmV0dXJucyBubyBJRCBUb2tlbiBmcm9tIHRoZQoJICAg IGF1dGhvcml6YXRpb24gZW5kcG9pbnQKCSAgICAoc3VjaCBhcyB3aGVuIHVzaW5nIHRoZSBBdXRo b3JpemF0aW9uIENvZGUgRmxvdykuCgkgIDwvdD4KCgkgIDx0IGhhbmdUZXh0PSJpZF90b2tlbl9l bmNyeXB0aW9uX2FsZ192YWx1ZXNfc3VwcG9ydGVkIj4KCSAgICA8dnNwYWNlLz4KCSAgICBPUFRJ T05BTC4KCSAgICBKU09OIGFycmF5IGNvbnRhaW5pbmcgYSBsaXN0IG9mIHRoZSBKV0UgZW5jcnlw dGlvbiBhbGdvcml0aG1zCgkgICAgKDxzcGFueCBzdHlsZT0idmVyYiI+YWxnPC9zcGFueD4gdmFs dWVzKQoJICAgIHN1cHBvcnRlZCBieSB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgZm9yIHRoZSBJ RCBUb2tlbgoJICAgIHRvIGVuY29kZSB0aGUgY2xhaW1zIGluIGEgSldUIDx4cmVmIHRhcmdldD0i SldUIiAvPi4KCSAgPC90PgoKCSAgPHQgaGFuZ1RleHQ9ImlkX3Rva2VuX2VuY3J5cHRpb25fZW5j X3ZhbHVlc19zdXBwb3J0ZWQiPgoJICAgIDx2c3BhY2UvPgoJICAgIE9QVElPTkFMLgoJICAgIEpT T04gYXJyYXkgY29udGFpbmluZyBhIGxpc3Qgb2YgdGhlIEpXRSBlbmNyeXB0aW9uIGFsZ29yaXRo bXMKCSAgICAoPHNwYW54IHN0eWxlPSJ2ZXJiIj5lbmM8L3NwYW54PiB2YWx1ZXMpCgkgICAgc3Vw cG9ydGVkIGJ5IHRoZSBhdXRob3JpemF0aW9uIHNlcnZlciBmb3IgdGhlIElEIFRva2VuCgkgICAg dG8gZW5jb2RlIHRoZSBjbGFpbXMgaW4gYSBKV1QgPHhyZWYgdGFyZ2V0PSJKV1QiIC8+LgoJICA8 L3Q+CgoJICA8dCBoYW5nVGV4dD0idXNlcmluZm9fc2lnbmluZ19hbGdfdmFsdWVzX3N1cHBvcnRl ZCI+CgkgICAgPHZzcGFjZS8+CgkgICAgT1BUSU9OQUwuCgkgICAgSlNPTiBhcnJheSBjb250YWlu aW5nIGEgbGlzdCBvZiB0aGUgSldTIDx4cmVmIHRhcmdldD0iSldTIiAvPiBzaWduaW5nIGFsZ29y aXRobXMKCSAgICAoPHNwYW54IHN0eWxlPSJ2ZXJiIj5hbGc8L3NwYW54PiB2YWx1ZXMpIDx4cmVm IHRhcmdldD0iSldBIiAvPgoJICAgIHN1cHBvcnRlZCBieSB0aGUgVXNlckluZm8gRW5kcG9pbnQK CSAgICB0byBlbmNvZGUgdGhlIGNsYWltcyBpbiBhIEpXVCA8eHJlZiB0YXJnZXQ9IkpXVCIgLz4u CgkgICAgVGhlIHZhbHVlIDxzcGFueCBzdHlsZT0idmVyYiI+bm9uZTwvc3Bhbng+IE1BWSBiZSBp bmNsdWRlZC4KCSAgPC90PgoKCSAgPHQgaGFuZ1RleHQ9InVzZXJpbmZvX2VuY3J5cHRpb25fYWxn X3ZhbHVlc19zdXBwb3J0ZWQiPgoJICAgIDx2c3BhY2UvPgoJICAgIE9QVElPTkFMLgoJICAgIEpT T04gYXJyYXkgY29udGFpbmluZyBhIGxpc3Qgb2YgdGhlIEpXRSA8eHJlZiB0YXJnZXQ9IkpXRSIg Lz4gZW5jcnlwdGlvbiBhbGdvcml0aG1zCgkgICAgKDxzcGFueCBzdHlsZT0idmVyYiI+YWxnPC9z cGFueD4gdmFsdWVzKSA8eHJlZiB0YXJnZXQ9IkpXQSIgLz4KCSAgICBzdXBwb3J0ZWQgYnkgdGhl IFVzZXJJbmZvIEVuZHBvaW50CgkgICAgdG8gZW5jb2RlIHRoZSBjbGFpbXMgaW4gYSBKV1QgPHhy ZWYgdGFyZ2V0PSJKV1QiIC8+LgoJICA8L3Q+CgoJICA8dCBoYW5nVGV4dD0idXNlcmluZm9fZW5j cnlwdGlvbl9lbmNfdmFsdWVzX3N1cHBvcnRlZCI+CgkgICAgPHZzcGFjZS8+CgkgICAgT1BUSU9O QUwuCgkgICAgSlNPTiBhcnJheSBjb250YWluaW5nIGEgbGlzdCBvZiB0aGUgSldFIGVuY3J5cHRp b24gYWxnb3JpdGhtcwoJICAgICg8c3Bhbnggc3R5bGU9InZlcmIiPmVuYzwvc3Bhbng+IHZhbHVl cykgPHhyZWYgdGFyZ2V0PSJKV0EiIC8+CgkgICAgc3VwcG9ydGVkIGJ5IHRoZSBVc2VySW5mbyBF bmRwb2ludAoJICAgIHRvIGVuY29kZSB0aGUgY2xhaW1zIGluIGEgSldUIDx4cmVmIHRhcmdldD0i SldUIiAvPi4KCSAgPC90PgoKCSAgPHQgaGFuZ1RleHQ9InJlcXVlc3Rfb2JqZWN0X3NpZ25pbmdf YWxnX3ZhbHVlc19zdXBwb3J0ZWQiPgoJICAgIDx2c3BhY2UvPgoJICAgIE9QVElPTkFMLgoJICAg IEpTT04gYXJyYXkgY29udGFpbmluZyBhIGxpc3Qgb2YgdGhlIEpXUyBzaWduaW5nIGFsZ29yaXRo bXMKCSAgICAoPHNwYW54IHN0eWxlPSJ2ZXJiIj5hbGc8L3NwYW54PiB2YWx1ZXMpCgkgICAgc3Vw cG9ydGVkIGJ5IHRoZSBhdXRob3JpemF0aW9uIHNlcnZlciBmb3IgUmVxdWVzdCBPYmplY3RzLgoJ ICAgIDwhPT0KCSAgICAsIHdoaWNoIGFyZSBkZXNjcmliZWQgaW4KCSAgICBTZWN0aW9uIDYuMSBv ZiA8eHJlZiB0YXJnZXQ9Ik9wZW5JRC5Db3JlIj5PcGVuSUQgQ29ubmVjdCBDb3JlIDEuMDwveHJl Zj4uCgkgICAgPT0+CgkgICAgVGhlc2UgYWxnb3JpdGhtcyBhcmUgdXNlZCBib3RoIHdoZW4gdGhl IFJlcXVlc3QgT2JqZWN0IGlzIHBhc3NlZCBieSB2YWx1ZQoJICAgICh1c2luZyB0aGUgPHNwYW54 IHN0eWxlPSJ2ZXJiIj5yZXF1ZXN0PC9zcGFueD4gcGFyYW1ldGVyKQoJICAgIGFuZCB3aGVuIGl0 IGlzIHBhc3NlZCBieSByZWZlcmVuY2UKCSAgICAodXNpbmcgdGhlIDxzcGFueCBzdHlsZT0idmVy YiI+cmVxdWVzdF91cmk8L3NwYW54PiBwYXJhbWV0ZXIpLgoJICAgIFNlcnZlcnMgU0hPVUxEIHN1 cHBvcnQgPHNwYW54IHN0eWxlPSJ2ZXJiIj5ub25lPC9zcGFueD4gYW5kIDxzcGFueCBzdHlsZT0i dmVyYiI+UlMyNTY8L3NwYW54Pi4KCSAgPC90PgoKCSAgPHQgaGFuZ1RleHQ9InJlcXVlc3Rfb2Jq ZWN0X2VuY3J5cHRpb25fYWxnX3ZhbHVlc19zdXBwb3J0ZWQiPgoJICAgIDx2c3BhY2UvPgoJICAg IE9QVElPTkFMLgoJICAgIEpTT04gYXJyYXkgY29udGFpbmluZyBhIGxpc3Qgb2YgdGhlIEpXRSBl bmNyeXB0aW9uIGFsZ29yaXRobXMKCSAgICAoPHNwYW54IHN0eWxlPSJ2ZXJiIj5hbGc8L3NwYW54 PiB2YWx1ZXMpCgkgICAgc3VwcG9ydGVkIGJ5IHRoZSBhdXRob3JpemF0aW9uIHNlcnZlciBmb3Ig UmVxdWVzdCBPYmplY3RzLgoJICAgIFRoZXNlIGFsZ29yaXRobXMgYXJlIHVzZWQgYm90aCB3aGVu IHRoZSBSZXF1ZXN0IE9iamVjdCBpcyBwYXNzZWQgYnkgdmFsdWUKCSAgICBhbmQgd2hlbiBpdCBp cyBwYXNzZWQgYnkgcmVmZXJlbmNlLgoJICA8L3Q+CgoJICA8dCBoYW5nVGV4dD0icmVxdWVzdF9v YmplY3RfZW5jcnlwdGlvbl9lbmNfdmFsdWVzX3N1cHBvcnRlZCI+CgkgICAgPHZzcGFjZS8+Cgkg ICAgT1BUSU9OQUwuCgkgICAgSlNPTiBhcnJheSBjb250YWluaW5nIGEgbGlzdCBvZiB0aGUgSldF IGVuY3J5cHRpb24gYWxnb3JpdGhtcwoJICAgICg8c3Bhbnggc3R5bGU9InZlcmIiPmVuYzwvc3Bh bng+IHZhbHVlcykKCSAgICBzdXBwb3J0ZWQgYnkgdGhlIGF1dGhvcml6YXRpb24gc2VydmVyIGZv ciBSZXF1ZXN0IE9iamVjdHMuCgkgICAgVGhlc2UgYWxnb3JpdGhtcyBhcmUgdXNlZCBib3RoIHdo ZW4gdGhlIFJlcXVlc3QgT2JqZWN0IGlzIHBhc3NlZCBieSB2YWx1ZQoJICAgIGFuZCB3aGVuIGl0 IGlzIHBhc3NlZCBieSByZWZlcmVuY2UuCgkgIDwvdD4KCSAgLS0+CgoJICA8dCBoYW5nVGV4dD0i dG9rZW5fZW5kcG9pbnRfYXV0aF9tZXRob2RzX3N1cHBvcnRlZCI+CgkgICAgPHZzcGFjZS8+Cgkg ICAgT1BUSU9OQUwuCgkgICAgSlNPTiBhcnJheSBjb250YWluaW5nIGEgbGlzdCBvZiBjbGllbnQg YXV0aGVudGljYXRpb24gbWV0aG9kcwoJICAgIHN1cHBvcnRlZCBieSB0aGlzIHRva2VuIGVuZHBv aW50LgoJICAgIENsaWVudCBhdXRoZW50aWNhdGlvbiBtZXRob2QgdmFsdWVzIGFyZSB1c2VkIGlu IHRoZQoJICAgIDxzcGFueCBzdHlsZT0idmVyYiI+dG9rZW5fZW5kcG9pbnRfYXV0aF9tZXRob2Q8 L3NwYW54PgoJICAgIHBhcmFtZXRlciBkZWZpbmVkIGluIFNlY3Rpb24gMiBvZiA8eHJlZiB0YXJn ZXQ9IlJGQzc1OTEiLz4uCgkgICAgSWYgb21pdHRlZCwgdGhlIGRlZmF1bHQgaXMgPHNwYW54IHN0 eWxlPSJ2ZXJiIj5jbGllbnRfc2VjcmV0X2Jhc2ljPC9zcGFueD4gLS0KCSAgICB0aGUgSFRUUCBC YXNpYyBBdXRoZW50aWNhdGlvbiBTY2hlbWUgc3BlY2lmaWVkIGluCgkgICAgU2VjdGlvbiAyLjMu MSBvZiA8eHJlZiB0YXJnZXQ9IlJGQzY3NDkiPk9BdXRoIDIuMDwveHJlZj4uCgkgIDwvdD4KCgkg IDx0IGhhbmdUZXh0PSJ0b2tlbl9lbmRwb2ludF9hdXRoX3NpZ25pbmdfYWxnX3ZhbHVlc19zdXBw b3J0ZWQiPgoJICAgIDx2c3BhY2UvPgoJICAgIE9QVElPTkFMLgoJICAgIEpTT04gYXJyYXkgY29u dGFpbmluZyBhIGxpc3Qgb2YgdGhlIEpXUyBzaWduaW5nIGFsZ29yaXRobXMKCSAgICAoPHNwYW54 IHN0eWxlPSJ2ZXJiIj5hbGc8L3NwYW54PiB2YWx1ZXMpCgkgICAgc3VwcG9ydGVkIGJ5IHRoZSB0 b2tlbiBlbmRwb2ludCBmb3IgdGhlIHNpZ25hdHVyZSBvbgoJICAgIHRoZSBKV1QgPHhyZWYgdGFy Z2V0PSJKV1QiIC8+IHVzZWQgdG8gYXV0aGVudGljYXRlIHRoZSBjbGllbnQKCSAgICBhdCB0aGUg dG9rZW4gZW5kcG9pbnQgZm9yIHRoZSA8c3Bhbnggc3R5bGU9InZlcmIiPnByaXZhdGVfa2V5X2p3 dDwvc3Bhbng+CgkgICAgYW5kIDxzcGFueCBzdHlsZT0idmVyYiI+Y2xpZW50X3NlY3JldF9qd3Q8 L3NwYW54PiBhdXRoZW50aWNhdGlvbiBtZXRob2RzLgoJICAgIFRoaXMgbWV0YWRhdGEgZW50cnkg TVVTVCBiZSBwcmVzZW50IGlmIGVpdGhlciBvZiB0aGVzZSBhdXRoZW50aWNhdGlvbiBtZXRob2Rz IGFyZSBzcGVjaWZpZWQKCSAgICBpbiB0aGUgPHNwYW54IHN0eWxlPSJ2ZXJiIj50b2tlbl9lbmRw b2ludF9hdXRoX21ldGhvZHNfc3VwcG9ydGVkPC9zcGFueD4gZW50cnkuCgkgICAgTm8gZGVmYXVs dCBhbGdvcml0aG1zIGFyZSBpbXBsaWVkIGlmIHRoaXMgZW50cnkgaXMgb21pdHRlZC4KCSAgICBT ZXJ2ZXJzIFNIT1VMRCBzdXBwb3J0IDxzcGFueCBzdHlsZT0idmVyYiI+UlMyNTY8L3NwYW54Pi4K CSAgICBUaGUgdmFsdWUgPHNwYW54IHN0eWxlPSJ2ZXJiIj5ub25lPC9zcGFueD4gTVVTVCBOT1Qg YmUgdXNlZC4KCSAgPC90PgoKCSAgPCEtLQoJICA8dCBoYW5nVGV4dD0iZGlzcGxheV92YWx1ZXNf c3VwcG9ydGVkIj4KCSAgICA8dnNwYWNlLz4KCSAgICBPUFRJT05BTC4KCSAgICBKU09OIGFycmF5 IGNvbnRhaW5pbmcgYSBsaXN0IG9mIHRoZSA8c3Bhbnggc3R5bGU9InZlcmIiPmRpc3BsYXk8L3Nw YW54PgoJICAgIHBhcmFtZXRlciB2YWx1ZXMgdGhhdCB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIg c3VwcG9ydHMuCgkgICAgVGhlc2UgdmFsdWVzIGFyZSBkZXNjcmliZWQgaW4KCSAgICBTZWN0aW9u IDMuMS4yLjEgb2YgPHhyZWYgdGFyZ2V0PSJPcGVuSUQuQ29yZSI+T3BlbklEIENvbm5lY3QgQ29y ZSAxLjA8L3hyZWY+LgoJICA8L3Q+CgoJICA8dCBoYW5nVGV4dD0iY2xhaW1fdHlwZXNfc3VwcG9y dGVkIj4KCSAgICA8dnNwYWNlLz4KCSAgICBPUFRJT05BTC4KCSAgICBKU09OIGFycmF5IGNvbnRh aW5pbmcgYSBsaXN0IG9mIHRoZSBDbGFpbSBUeXBlcwoJICAgIHRoYXQgdGhlIGF1dGhvcml6YXRp b24gc2VydmVyIHN1cHBvcnRzLgoJICAgIFRoZXNlIENsYWltIFR5cGVzIGFyZSBkZXNjcmliZWQg aW4KCSAgICBTZWN0aW9uIDUuNiBvZiA8eHJlZiB0YXJnZXQ9Ik9wZW5JRC5Db3JlIj5PcGVuSUQg Q29ubmVjdCBDb3JlIDEuMDwveHJlZj4uCgkgICAgVmFsdWVzIGRlZmluZWQgYnkgdGhpcyBzcGVj aWZpY2F0aW9uIGFyZSA8c3Bhbnggc3R5bGU9InZlcmIiPm5vcm1hbDwvc3Bhbng+LAoJICAgIDxz cGFueCBzdHlsZT0idmVyYiI+YWdncmVnYXRlZDwvc3Bhbng+LCBhbmQgPHNwYW54IHN0eWxlPSJ2 ZXJiIj5kaXN0cmlidXRlZDwvc3Bhbng+LgoJICAgIElmIG9taXR0ZWQsIHRoZSBpbXBsZW1lbnRh dGlvbiBzdXBwb3J0cwoJICAgIG9ubHkgPHNwYW54IHN0eWxlPSJ2ZXJiIj5ub3JtYWw8L3NwYW54 PiBjbGFpbXMuCgkgIDwvdD4KCgkgIDx0IGhhbmdUZXh0PSJjbGFpbXNfc3VwcG9ydGVkIj4KCSAg ICA8dnNwYWNlLz4KCSAgICBSRUNPTU1FTkRFRC4KCSAgICBKU09OIGFycmF5IGNvbnRhaW5pbmcg YSBsaXN0IG9mIHRoZSBDbGFpbSBOYW1lcyBvZiB0aGUgQ2xhaW1zCgkgICAgdGhhdCB0aGUgYXV0 aG9yaXphdGlvbiBzZXJ2ZXIgTUFZIGJlIGFibGUgdG8gc3VwcGx5IHZhbHVlcyBmb3IuCgkgICAg Tm90ZSB0aGF0IGZvciBwcml2YWN5IG9yIG90aGVyIHJlYXNvbnMsIHRoaXMgbWlnaHQgbm90IGJl IGFuIGV4aGF1c3RpdmUgbGlzdC4KCSAgPC90PgoJICAtLT4KCgkgIDx0IGhhbmdUZXh0PSJzZXJ2 aWNlX2RvY3VtZW50YXRpb24iPgoJICAgIDx2c3BhY2UvPgoJICAgIE9QVElPTkFMLgoJICAgIFVS TCBvZiBhIHBhZ2UgY29udGFpbmluZyBodW1hbi1yZWFkYWJsZSBpbmZvcm1hdGlvbiB0aGF0Cgkg ICAgZGV2ZWxvcGVycyBtaWdodCB3YW50IG9yIG5lZWQgdG8ga25vdyB3aGVuIHVzaW5nIHRoZSBh dXRob3JpemF0aW9uIHNlcnZlci4KCSAgICBJbiBwYXJ0aWN1bGFyLCBpZiB0aGUgYXV0aG9yaXph dGlvbiBzZXJ2ZXIgZG9lcyBub3Qgc3VwcG9ydCBEeW5hbWljIENsaWVudCBSZWdpc3RyYXRpb24s CgkgICAgdGhlbiBpbmZvcm1hdGlvbiBvbiBob3cgdG8gcmVnaXN0ZXIgY2xpZW50cyBuZWVkcyB0 byBiZSBwcm92aWRlZCBpbiB0aGlzIGRvY3VtZW50YXRpb24uCgkgIDwvdD4KCgkgIDwhLS0KCSAg PHQgaGFuZ1RleHQ9ImNsYWltc19sb2NhbGVzX3N1cHBvcnRlZCI+CgkgICAgPHZzcGFjZS8+Cgkg ICAgT1BUSU9OQUwuCgkgICAgTGFuZ3VhZ2VzIGFuZCBzY3JpcHRzIHN1cHBvcnRlZCBmb3IgdmFs dWVzIGluIGNsYWltcyBiZWluZyByZXR1cm5lZCwKCSAgICByZXByZXNlbnRlZCBhcyBhIEpTT04g YXJyYXkgb2YKCSAgICA8eHJlZiB0YXJnZXQ9IlJGQzU2NDYiPkJDUDQ3PC94cmVmPiBsYW5ndWFn ZSB0YWcgdmFsdWVzLgoJICAgIE5vdCBhbGwgbGFuZ3VhZ2VzIGFuZCBzY3JpcHRzIGFyZSBuZWNl c3NhcmlseSBzdXBwb3J0ZWQgZm9yIGFsbCBjbGFpbSB2YWx1ZXMuCgkgIDwvdD4KCSAgLS0+CgoJ ICA8dCBoYW5nVGV4dD0idWlfbG9jYWxlc19zdXBwb3J0ZWQiPgoJICAgIDx2c3BhY2UvPgoJICAg IE9QVElPTkFMLgoJICAgIExhbmd1YWdlcyBhbmQgc2NyaXB0cyBzdXBwb3J0ZWQgZm9yIHRoZSB1 c2VyIGludGVyZmFjZSwKCSAgICByZXByZXNlbnRlZCBhcyBhIEpTT04gYXJyYXkgb2YKCSAgICA8 eHJlZiB0YXJnZXQ9IlJGQzU2NDYiPkJDUDQ3PC94cmVmPiBsYW5ndWFnZSB0YWcgdmFsdWVzLgoJ ICAgIElmIG9taXR0ZWQsIHRoZSBzZXQgb2Ygc3VwcG9ydGVkIGxhbmd1YWdlcyBhbmQgc2NyaXB0 cyBpcyB1bnNwZWNpZmllZC4KCSAgPC90PgoKCSAgPCEtLQoJICA8dCBoYW5nVGV4dD0iY2xhaW1z X3BhcmFtZXRlcl9zdXBwb3J0ZWQiPgoJICAgIDx2c3BhY2UvPgoJICAgIE9QVElPTkFMLgoJICAg IEJvb2xlYW4gdmFsdWUgc3BlY2lmeWluZyB3aGV0aGVyIHRoZSBhdXRob3JpemF0aW9uIHNlcnZl ciBzdXBwb3J0cyB1c2Ugb2YgdGhlCgkgICAgPHNwYW54IHN0eWxlPSJ2ZXJiIj5jbGFpbXM8L3Nw YW54PiBwYXJhbWV0ZXIsCgkgICAgd2l0aCA8c3Bhbnggc3R5bGU9InZlcmIiPnRydWU8L3NwYW54 PiBpbmRpY2F0aW5nIHN1cHBvcnQuCgkgICAgSWYgb21pdHRlZCwgdGhlIGRlZmF1bHQgdmFsdWUg aXMgPHNwYW54IHN0eWxlPSJ2ZXJiIj5mYWxzZTwvc3Bhbng+LgoJICA8L3Q+CgoJICA8dCBoYW5n VGV4dD0icmVxdWVzdF9wYXJhbWV0ZXJfc3VwcG9ydGVkIj4KCSAgICA8dnNwYWNlLz4KCSAgICBP UFRJT05BTC4KCSAgICBCb29sZWFuIHZhbHVlIHNwZWNpZnlpbmcgd2hldGhlciB0aGUgYXV0aG9y aXphdGlvbiBzZXJ2ZXIgc3VwcG9ydHMgdXNlIG9mIHRoZQoJICAgIDxzcGFueCBzdHlsZT0idmVy YiI+cmVxdWVzdDwvc3Bhbng+IHBhcmFtZXRlciwKCSAgICB3aXRoIDxzcGFueCBzdHlsZT0idmVy YiI+dHJ1ZTwvc3Bhbng+IGluZGljYXRpbmcgc3VwcG9ydC4KCSAgICBJZiBvbWl0dGVkLCB0aGUg ZGVmYXVsdCB2YWx1ZSBpcyA8c3Bhbnggc3R5bGU9InZlcmIiPmZhbHNlPC9zcGFueD4uCgkgIDwv dD4KCgkgIDx0IGhhbmdUZXh0PSJyZXF1ZXN0X3VyaV9wYXJhbWV0ZXJfc3VwcG9ydGVkIj4KCSAg ICA8dnNwYWNlLz4KCSAgICBPUFRJT05BTC4KCSAgICBCb29sZWFuIHZhbHVlIHNwZWNpZnlpbmcg d2hldGhlciB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgc3VwcG9ydHMgdXNlIG9mIHRoZQoJICAg IDxzcGFueCBzdHlsZT0idmVyYiI+cmVxdWVzdF91cmk8L3NwYW54PiBwYXJhbWV0ZXIsCgkgICAg d2l0aCA8c3Bhbnggc3R5bGU9InZlcmIiPnRydWU8L3NwYW54PiBpbmRpY2F0aW5nIHN1cHBvcnQu CgkgICAgSWYgb21pdHRlZCwgdGhlIGRlZmF1bHQgdmFsdWUgaXMgPHNwYW54IHN0eWxlPSJ2ZXJi Ij50cnVlPC9zcGFueD4uCgkgIDwvdD4KCgkgIDx0IGhhbmdUZXh0PSJyZXF1aXJlX3JlcXVlc3Rf dXJpX3JlZ2lzdHJhdGlvbiI+CgkgICAgPHZzcGFjZS8+CgkgICAgT1BUSU9OQUwuCgkgICAgQm9v bGVhbiB2YWx1ZSBzcGVjaWZ5aW5nIHdoZXRoZXIgdGhlIGF1dGhvcml6YXRpb24gc2VydmVyIHJl cXVpcmVzIGFueQoJICAgIDxzcGFueCBzdHlsZT0idmVyYiI+cmVxdWVzdF91cmk8L3NwYW54PiB2 YWx1ZXMgdXNlZCB0byBiZSBwcmUtcmVnaXN0ZXJlZAoJICAgIHVzaW5nIHRoZSA8c3Bhbnggc3R5 bGU9InZlcmIiPnJlcXVlc3RfdXJpczwvc3Bhbng+IHJlZ2lzdHJhdGlvbiBwYXJhbWV0ZXIuCgkg ICAgUHJlLXJlZ2lzdHJhdGlvbiBpcyBSRVFVSVJFRCB3aGVuIHRoZSB2YWx1ZSBpcyA8c3Bhbngg c3R5bGU9InZlcmIiPnRydWU8L3NwYW54Pi4KCSAgICBJZiBvbWl0dGVkLCB0aGUgZGVmYXVsdCB2 YWx1ZSBpcyA8c3Bhbnggc3R5bGU9InZlcmIiPmZhbHNlPC9zcGFueD4uCgkgIDwvdD4KCSAgLS0+ CgoJICA8dCBoYW5nVGV4dD0ib3BfcG9saWN5X3VyaSI+CgkgICAgPHZzcGFjZS8+CgkgICAgT1BU SU9OQUwuCgkgICAgVVJMIHRoYXQgdGhlIGF1dGhvcml6YXRpb24gc2VydmVyIHByb3ZpZGVzIHRv IHRoZSBwZXJzb24gcmVnaXN0ZXJpbmcKCSAgICB0aGUgY2xpZW50IHRvIHJlYWQgYWJvdXQgdGhl IGF1dGhvcml6YXRpb24gc2VydmVyJ3MgcmVxdWlyZW1lbnRzIG9uIGhvdwoJICAgIHRoZSBjbGll bnQgY2FuIHVzZSB0aGUgZGF0YSBwcm92aWRlZCBieSB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIu CgkgICAgVGhlIHJlZ2lzdHJhdGlvbiBwcm9jZXNzIFNIT1VMRCBkaXNwbGF5IHRoaXMKCSAgICBV UkwgdG8gdGhlIHBlcnNvbiByZWdpc3RlcmluZyB0aGUgY2xpZW50IGlmIGl0IGlzIGdpdmVuLgoJ ICAgIEFzIGRlc2NyaWJlZCBpbiA8eHJlZiB0YXJnZXQ9IkNvbXBhdGliaWxpdHlOb3RlcyIvPiwg ZGVzcGl0ZSB0aGUgaWRlbnRpZmllcgoJICAgIDxzcGFueCBzdHlsZT0idmVyYiI+b3BfcG9saWN5 X3VyaTwvc3Bhbng+LAoJICAgIGFwcGVhcmluZyB0byBiZSBPcGVuSUQtc3BlY2lmaWMsCgkgICAg aXRzIHVzYWdlIGluIHRoaXMgc3BlY2lmaWNhdGlvbiBpcyBhY3R1YWxseSByZWZlcnJpbmcgdG8K CSAgICBhIGdlbmVyYWwgT0F1dGggMi4wIGZlYXR1cmUgdGhhdCBpcyBub3Qgc3BlY2lmaWMgdG8g T3BlbklEIENvbm5lY3QuCgkgIDwvdD4KCgkgIDx0IGhhbmdUZXh0PSJvcF90b3NfdXJpIj4KCSAg ICA8dnNwYWNlLz4KCSAgICBPUFRJT05BTC4KCSAgICBVUkwgdGhhdCB0aGUgYXV0aG9yaXphdGlv biBzZXJ2ZXIgcHJvdmlkZXMgdG8gdGhlIHBlcnNvbiByZWdpc3RlcmluZwoJICAgIHRoZSBjbGll bnQgdG8gcmVhZCBhYm91dCB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIncyB0ZXJtcyBvZiBzZXJ2 aWNlLgoJICAgIFRoZSByZWdpc3RyYXRpb24gcHJvY2VzcyBTSE9VTEQgZGlzcGxheSB0aGlzCgkg ICAgVVJMIHRvIHRoZSBwZXJzb24gcmVnaXN0ZXJpbmcgdGhlIGNsaWVudCBpZiBpdCBpcyBnaXZl bi4KCSAgICBBcyBkZXNjcmliZWQgaW4gPHhyZWYgdGFyZ2V0PSJDb21wYXRpYmlsaXR5Tm90ZXMi Lz4sIGRlc3BpdGUgdGhlIGlkZW50aWZpZXIKCSAgICA8c3Bhbnggc3R5bGU9InZlcmIiPm9wX3Rv c191cmk8L3NwYW54PiwKCSAgICBhcHBlYXJpbmcgdG8gYmUgT3BlbklELXNwZWNpZmljLAoJICAg IGl0cyB1c2FnZSBpbiB0aGlzIHNwZWNpZmljYXRpb24gaXMgYWN0dWFsbHkgcmVmZXJyaW5nIHRv CgkgICAgYSBnZW5lcmFsIE9BdXRoIDIuMCBmZWF0dXJlIHRoYXQgaXMgbm90IHNwZWNpZmljIHRv IE9wZW5JRCBDb25uZWN0LgoJICA8L3Q+CgoJICA8dCBoYW5nVGV4dD0icmV2b2NhdGlvbl9lbmRw b2ludCI+CgkgICAgPHZzcGFjZS8+CgkgICAgT1BUSU9OQUwuCgkgICAgVVJMIG9mIHRoZSBhdXRo b3JpemF0aW9uIHNlcnZlcidzIE9BdXRoIDIuMCByZXZvY2F0aW9uIGVuZHBvaW50IDx4cmVmIHRh cmdldD0iUkZDNzAwOSI+PC94cmVmPi4KCSAgPC90PgoKCSAgPHQgaGFuZ1RleHQ9InJldm9jYXRp b25fZW5kcG9pbnRfYXV0aF9tZXRob2RzX3N1cHBvcnRlZCI+CgkgICAgPHZzcGFjZS8+CgkgICAg T1BUSU9OQUwuCgkgICAgSlNPTiBhcnJheSBjb250YWluaW5nIGEgbGlzdCBvZiBjbGllbnQgYXV0 aGVudGljYXRpb24gbWV0aG9kcwoJICAgIHN1cHBvcnRlZCBieSB0aGlzIHJldm9jYXRpb24gZW5k cG9pbnQuCgkgICAgVGhlIHZhbGlkIGNsaWVudCBhdXRoZW50aWNhdGlvbiBtZXRob2QgdmFsdWVz IGFyZSB0aG9zZSByZWdpc3RlcmVkCgkgICAgaW4gdGhlIElBTkEgIk9BdXRoIFRva2VuIEVuZHBv aW50IEF1dGhlbnRpY2F0aW9uIE1ldGhvZHMiIHJlZ2lzdHJ5CgkgICAgPHhyZWYgdGFyZ2V0PSJJ QU5BLk9BdXRoLlBhcmFtZXRlcnMiLz4uCgkgICAgSWYgb21pdHRlZCwgdGhlIGRlZmF1bHQgaXMg PHNwYW54IHN0eWxlPSJ2ZXJiIj5jbGllbnRfc2VjcmV0X2Jhc2ljPC9zcGFueD4gLS0KCSAgICB0 aGUgSFRUUCBCYXNpYyBBdXRoZW50aWNhdGlvbiBTY2hlbWUgc3BlY2lmaWVkIGluCgkgICAgU2Vj dGlvbiAyLjMuMSBvZiA8eHJlZiB0YXJnZXQ9IlJGQzY3NDkiPk9BdXRoIDIuMDwveHJlZj4uCgkg IDwvdD4KCgkgIDx0IGhhbmdUZXh0PSJyZXZvY2F0aW9uX2VuZHBvaW50X2F1dGhfc2lnbmluZ19h bGdfdmFsdWVzX3N1cHBvcnRlZCI+CgkgICAgPHZzcGFjZS8+CgkgICAgT1BUSU9OQUwuCgkgICAg SlNPTiBhcnJheSBjb250YWluaW5nIGEgbGlzdCBvZiB0aGUgSldTIHNpZ25pbmcgYWxnb3JpdGht cwoJICAgICg8c3Bhbnggc3R5bGU9InZlcmIiPmFsZzwvc3Bhbng+IHZhbHVlcykKCSAgICBzdXBw b3J0ZWQgYnkgdGhlIHJldm9jYXRpb24gZW5kcG9pbnQgZm9yIHRoZSBzaWduYXR1cmUgb24KCSAg ICB0aGUgSldUIDx4cmVmIHRhcmdldD0iSldUIiAvPiB1c2VkIHRvIGF1dGhlbnRpY2F0ZSB0aGUg Y2xpZW50CgkgICAgYXQgdGhlIHJldm9jYXRpb24gZW5kcG9pbnQgZm9yIHRoZSA8c3Bhbnggc3R5 bGU9InZlcmIiPnByaXZhdGVfa2V5X2p3dDwvc3Bhbng+CgkgICAgYW5kIDxzcGFueCBzdHlsZT0i dmVyYiI+Y2xpZW50X3NlY3JldF9qd3Q8L3NwYW54PiBhdXRoZW50aWNhdGlvbiBtZXRob2RzLgoJ ICAgIFRoaXMgbWV0YWRhdGEgZW50cnkgTVVTVCBiZSBwcmVzZW50IGlmIGVpdGhlciBvZiB0aGVz ZSBhdXRoZW50aWNhdGlvbiBtZXRob2RzIGFyZSBzcGVjaWZpZWQKCSAgICBpbiB0aGUgPHNwYW54 IHN0eWxlPSJ2ZXJiIj5yZXZvY2F0aW9uX2VuZHBvaW50X2F1dGhfbWV0aG9kc19zdXBwb3J0ZWQ8 L3NwYW54PiBlbnRyeS4KCSAgICBObyBkZWZhdWx0IGFsZ29yaXRobXMgYXJlIGltcGxpZWQgaWYg dGhpcyBlbnRyeSBpcyBvbWl0dGVkLgoJICAgIFRoZSB2YWx1ZSA8c3Bhbnggc3R5bGU9InZlcmIi Pm5vbmU8L3NwYW54PiBNVVNUIE5PVCBiZSB1c2VkLgoJICA8L3Q+CgoJICA8dCBoYW5nVGV4dD0i aW50cm9zcGVjdGlvbl9lbmRwb2ludCI+CgkgICAgPHZzcGFjZS8+CgkgICAgT1BUSU9OQUwuCgkg ICAgVVJMIG9mIHRoZSBhdXRob3JpemF0aW9uIHNlcnZlcidzIE9BdXRoIDIuMCBpbnRyb3NwZWN0 aW9uIGVuZHBvaW50IDx4cmVmIHRhcmdldD0iUkZDNzY2MiI+PC94cmVmPi4KCSAgPC90PgoKCSAg PHQgaGFuZ1RleHQ9ImludHJvc3BlY3Rpb25fZW5kcG9pbnRfYXV0aF9tZXRob2RzX3N1cHBvcnRl ZCI+CgkgICAgPHZzcGFjZS8+CgkgICAgT1BUSU9OQUwuCgkgICAgSlNPTiBhcnJheSBjb250YWlu aW5nIGEgbGlzdCBvZiBjbGllbnQgYXV0aGVudGljYXRpb24gbWV0aG9kcwoJICAgIHN1cHBvcnRl ZCBieSB0aGlzIGludHJvc3BlY3Rpb24gZW5kcG9pbnQuCgkgICAgVGhlIHZhbGlkIGNsaWVudCBh dXRoZW50aWNhdGlvbiBtZXRob2QgdmFsdWVzIGFyZSB0aG9zZSByZWdpc3RlcmVkCgkgICAgaW4g dGhlIElBTkEgIk9BdXRoIFRva2VuIEVuZHBvaW50IEF1dGhlbnRpY2F0aW9uIE1ldGhvZHMiIHJl Z2lzdHJ5CgkgICAgPHhyZWYgdGFyZ2V0PSJJQU5BLk9BdXRoLlBhcmFtZXRlcnMiLz4KCSAgICBv ciB0aG9zZSByZWdpc3RlcmVkCgkgICAgaW4gdGhlIElBTkEgIk9BdXRoIEFjY2VzcyBUb2tlbiBU eXBlcyIgcmVnaXN0cnkKCSAgICA8eHJlZiB0YXJnZXQ9IklBTkEuT0F1dGguUGFyYW1ldGVycyIv Pi4KCSAgICAoVGhlc2UgdmFsdWVzIGFyZSBhbmQgd2lsbCByZW1haW4gZGlzdGluY3QsCgkgICAg ZHVlIHRvIDx4cmVmIHRhcmdldD0iVXBkYXRlZEluc3RydWN0aW9ucyIvPi4pCgkgICAgSWYgb21p dHRlZCwgdGhlIHNldCBvZiBzdXBwb3J0ZWQgYXV0aGVudGljYXRpb24gbWV0aG9kcyBNVVNUIGJl IGRldGVybWluZWQgYnkgb3RoZXIgbWVhbnMuCgkgIDwvdD4KCgkgIDx0IGhhbmdUZXh0PSJpbnRy b3NwZWN0aW9uX2VuZHBvaW50X2F1dGhfc2lnbmluZ19hbGdfdmFsdWVzX3N1cHBvcnRlZCI+Cgkg ICAgPHZzcGFjZS8+CgkgICAgT1BUSU9OQUwuCgkgICAgSlNPTiBhcnJheSBjb250YWluaW5nIGEg bGlzdCBvZiB0aGUgSldTIHNpZ25pbmcgYWxnb3JpdGhtcwoJICAgICg8c3Bhbnggc3R5bGU9InZl cmIiPmFsZzwvc3Bhbng+IHZhbHVlcykKCSAgICBzdXBwb3J0ZWQgYnkgdGhlIGludHJvc3BlY3Rp b24gZW5kcG9pbnQgZm9yIHRoZSBzaWduYXR1cmUgb24KCSAgICB0aGUgSldUIDx4cmVmIHRhcmdl dD0iSldUIiAvPiB1c2VkIHRvIGF1dGhlbnRpY2F0ZSB0aGUgY2xpZW50CgkgICAgYXQgdGhlIGlu dHJvc3BlY3Rpb24gZW5kcG9pbnQgZm9yIHRoZSA8c3Bhbnggc3R5bGU9InZlcmIiPnByaXZhdGVf a2V5X2p3dDwvc3Bhbng+CgkgICAgYW5kIDxzcGFueCBzdHlsZT0idmVyYiI+Y2xpZW50X3NlY3Jl dF9qd3Q8L3NwYW54PiBhdXRoZW50aWNhdGlvbiBtZXRob2RzLgoJICAgIFRoaXMgbWV0YWRhdGEg ZW50cnkgTVVTVCBiZSBwcmVzZW50IGlmIGVpdGhlciBvZiB0aGVzZSBhdXRoZW50aWNhdGlvbiBt ZXRob2RzIGFyZSBzcGVjaWZpZWQKCSAgICBpbiB0aGUgPHNwYW54IHN0eWxlPSJ2ZXJiIj5pbnRy b3NwZWN0aW9uX2VuZHBvaW50X2F1dGhfbWV0aG9kc19zdXBwb3J0ZWQ8L3NwYW54PiBlbnRyeS4K CSAgICBObyBkZWZhdWx0IGFsZ29yaXRobXMgYXJlIGltcGxpZWQgaWYgdGhpcyBlbnRyeSBpcyBv bWl0dGVkLgoJICAgIFRoZSB2YWx1ZSA8c3Bhbnggc3R5bGU9InZlcmIiPm5vbmU8L3NwYW54PiBN VVNUIE5PVCBiZSB1c2VkLgoJICA8L3Q+CgoJICA8dCBoYW5nVGV4dD0iY29kZV9jaGFsbGVuZ2Vf bWV0aG9kc19zdXBwb3J0ZWQiPgoJICAgIDx2c3BhY2UvPgoJICAgIE9QVElPTkFMLgoJICAgIEpT T04gYXJyYXkgY29udGFpbmluZyBhIGxpc3Qgb2YgUEtDRSA8eHJlZiB0YXJnZXQ9IlJGQzc2MzYi Lz4KCSAgICBjb2RlIGNoYWxsZW5nZSBtZXRob2RzIHN1cHBvcnRlZCBieSB0aGlzIGF1dGhvcml6 YXRpb24gc2VydmVyLgoJICAgIENvZGUgY2hhbGxlbmdlIG1ldGhvZCB2YWx1ZXMgYXJlIHVzZWQg aW4gdGhlCgkgICAgPHNwYW54IHN0eWxlPSJ2ZXJiIj5jb2RlX2NoYWxsZW5nZV9tZXRob2Q8L3Nw YW54PgoJICAgIHBhcmFtZXRlciBkZWZpbmVkIGluIFNlY3Rpb24gNC4zIG9mIDx4cmVmIHRhcmdl dD0iUkZDNzYzNiIvPi4KCSAgICBUaGUgdmFsaWQgY29kZSBjaGFsbGVuZ2UgbWV0aG9kIHZhbHVl cyBhcmUgdGhvc2UgcmVnaXN0ZXJlZAoJICAgIGluIHRoZSBJQU5BICJQS0NFIENvZGUgQ2hhbGxl bmdlIE1ldGhvZHMiIHJlZ2lzdHJ5CgkgICAgPHhyZWYgdGFyZ2V0PSJJQU5BLk9BdXRoLlBhcmFt ZXRlcnMiLz4uCgkgICAgSWYgb21pdHRlZCwgdGhlIGF1dGhvcml6YXRpb24gc2VydmVyIGRvZXMg bm90IHN1cHBvcnQgUEtDRS4KCSAgPC90PgoKCTwvbGlzdD4KICAgICAgPC90PgogICAgICA8dD4K CUFkZGl0aW9uYWwgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgbWV0YWRhdGEgcGFyYW1ldGVycyBNQVkg YWxzbyBiZSB1c2VkLgoJU29tZSBhcmUgZGVmaW5lZCBieSBvdGhlciBzcGVjaWZpY2F0aW9ucywK CXN1Y2ggYXMKCTx4cmVmIHRhcmdldD0iT3BlbklELkRpc2NvdmVyeSI+T3BlbklEIENvbm5lY3Qg RGlzY292ZXJ5IDEuMDwveHJlZj4uCiAgICAgIDwvdD4KCiAgICAgIDxzZWN0aW9uIGFuY2hvcj0i U2lnbmVkTWV0YWRhdGEiIHRpdGxlPSJTaWduZWQgQXV0aG9yaXphdGlvbiBTZXJ2ZXIgTWV0YWRh dGEiPgoJPHQ+CgkgIEluIGFkZGl0aW9uIHRvIEpTT04gZWxlbWVudHMsIG1ldGFkYXRhIHZhbHVl cyBNQVkgYWxzbyBiZSBwcm92aWRlZAoJICBhcyBhIDxzcGFueCBzdHlsZT0idmVyYiI+c2lnbmVk X21ldGFkYXRhPC9zcGFueD4gdmFsdWUsCgkgIHdoaWNoIGlzIGEgSlNPTiBXZWIgVG9rZW4gKEpX VCkgPHhyZWYgdGFyZ2V0PSJKV1QiLz4KCSAgdGhhdCBhc3NlcnRzIG1ldGFkYXRhIHZhbHVlcyBh Ym91dCB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgYXMgYSBidW5kbGUuCgkgIEEgc2V0IG9mIGNs YWltcyB0aGF0IGNhbiBiZSB1c2VkIGluIHNpZ25lZCBtZXRhZGF0YQoJICBhcmUgZGVmaW5lZCBp biA8eHJlZiB0YXJnZXQ9IkFTTWV0YWRhdGEiLz4uCgkgIFRoZSBzaWduZWQgbWV0YWRhdGEgTVVT VCBiZSBkaWdpdGFsbHkgc2lnbmVkIG9yIE1BQ2VkCgkgIHVzaW5nIDx4cmVmIHRhcmdldD0iSldT Ij5KU09OIFdlYiBTaWduYXR1cmUgKEpXUyk8L3hyZWY+CgkgIGFuZCBNVVNUIGNvbnRhaW4gYW4g PHNwYW54IHN0eWxlPSJ2ZXJiIj5pc3M8L3NwYW54PiAoaXNzdWVyKSBjbGFpbQoJICBkZW5vdGlu ZyB0aGUgcGFydHkgYXR0ZXN0aW5nIHRvIHRoZSBjbGFpbXMgaW4gdGhlIHNpZ25lZCBtZXRhZGF0 YS4KCSAgQ29uc3VtZXJzIG9mIHRoZSBtZXRhZGF0YSBNQVkgaWdub3JlIHRoZSBzaWduZWQgbWV0 YWRhdGEKCSAgaWYgdGhleSBkbyBub3Qgc3VwcG9ydCB0aGlzIGZlYXR1cmUuCgkgIElmIHRoZSBj b25zdW1lciBvZiB0aGUgbWV0YWRhdGEgc3VwcG9ydHMgc2lnbmVkIG1ldGFkYXRhLAoJICBtZXRh ZGF0YSB2YWx1ZXMgY29udmV5ZWQgaW4gdGhlIHNpZ25lZCBtZXRhZGF0YQoJICBNVVNUIHRha2Ug cHJlY2VkZW5jZSBvdmVyIHRoZSBjb3JyZXNwb25kaW5nIHZhbHVlcyBjb252ZXllZCB1c2luZyBw bGFpbiBKU09OIGVsZW1lbnRzLgoJPC90PgoJPHQ+CgkgIFNpZ25lZCBtZXRhZGF0YSBpcyBpbmNs dWRlZCBpbiB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgbWV0YWRhdGEgSlNPTiBvYmplY3QKCSAg dXNpbmcgdGhpcyBPUFRJT05BTCBtZW1iZXI6CgkgIDxsaXN0IHN0eWxlPSJoYW5naW5nIj4KCgkg ICAgPHQgaGFuZ1RleHQ9InNpZ25lZF9tZXRhZGF0YSI+CgkgICAgICA8dnNwYWNlLz4KCSAgICAg IEEgSldUIGNvbnRhaW5pbmcgbWV0YWRhdGEgdmFsdWVzIGFib3V0IHRoZSBhdXRob3JpemF0aW9u IHNlcnZlciBhcyBjbGFpbXMuCgkgICAgICBUaGlzIGlzIGEgc3RyaW5nIHZhbHVlIGNvbnNpc3Rp bmcgb2YgdGhlIGVudGlyZSBzaWduZWQgSldULgoJICAgICAgQSA8c3Bhbnggc3R5bGU9InZlcmIi PnNpZ25lZF9tZXRhZGF0YTwvc3Bhbng+CgkgICAgICBtZXRhZGF0YSB2YWx1ZSBTSE9VTEQgTk9U IGFwcGVhciBhcyBhIGNsYWltIGluIHRoZSBKV1QuCgkgICAgPC90PgoKCSAgPC9saXN0PgoJPC90 PgogICAgICA8L3NlY3Rpb24+CgogICAgPC9zZWN0aW9uPgoKICAgIDxzZWN0aW9uIGFuY2hvcj0i QVNDb25maWciCiAgICAgICAgICAgICB0aXRsZT0iT2J0YWluaW5nIEF1dGhvcml6YXRpb24gU2Vy dmVyIE1ldGFkYXRhIj4KCiAgICAgIDx0PgoJQXV0aG9yaXphdGlvbiBzZXJ2ZXJzIHN1cHBvcnRp bmcgbWV0YWRhdGEKCU1VU1QgbWFrZSBhIEpTT04gZG9jdW1lbnQgY29udGFpbmluZyBtZXRhZGF0 YSBhcyBzcGVjaWZpZWQgaW4gPHhyZWYgdGFyZ2V0PSJBU01ldGFkYXRhIi8+CglhdmFpbGFibGUg YXQgYSBwYXRoIGZvcm1lZCBieQoJaW5zZXJ0aW5nIGEgd2VsbC1rbm93biBVUkkgc3RyaW5nIGlu dG8gdGhlIGF1dGhvcml6YXRpb24gc2VydmVyJ3MgaXNzdWVyIGlkZW50aWZpZXIKCWJldHdlZW4g dGhlIGhvc3QgY29tcG9uZW50IGFuZCB0aGUgcGF0aCBjb21wb25lbnQsIGlmIGFueS4KCUJ5IGRl ZmF1bHQsIHRoZSB3ZWxsLWtub3duIFVSSSBzdHJpbmcgdXNlZCBpcwoJPHNwYW54IHN0eWxlPSJ2 ZXJiIj4vLndlbGwta25vd24vb2F1dGgtYXV0aG9yaXphdGlvbi1zZXJ2ZXI8L3NwYW54Pi4KCVRo aXMgcGF0aCBNVVNUIHVzZSB0aGUgPHNwYW54IHN0eWxlPSJ2ZXJiIj5odHRwczwvc3Bhbng+IHNj aGVtZS4KCVRoZSBzeW50YXggYW5kIHNlbWFudGljcyBvZiA8c3Bhbnggc3R5bGU9InZlcmIiPi53 ZWxsLWtub3duPC9zcGFueD4KCWFyZSBkZWZpbmVkIGluIDx4cmVmIHRhcmdldD0iUkZDNTc4NSI+ UkZDIDU3ODU8L3hyZWY+LgoJVGhlIHdlbGwta25vd24gVVJJIHN1ZmZpeCB1c2VkIE1VU1QgYmUg cmVnaXN0ZXJlZCBpbiB0aGUgSUFOQQoJIldlbGwtS25vd24gVVJJcyIgcmVnaXN0cnkgPHhyZWYg dGFyZ2V0PSJJQU5BLndlbGwta25vd24iLz4uCiAgICAgIDwvdD4KICAgICAgPHQ+CglEaWZmZXJl bnQgYXBwbGljYXRpb25zIHV0aWxpemluZyBPQXV0aCBhdXRob3JpemF0aW9uIHNlcnZlcnMgaW4g YXBwbGljYXRpb24tc3BlY2lmaWMgd2F5cwoJbWF5IGRlZmluZSBhbmQgcmVnaXN0ZXIgZGlmZmVy ZW50IHdlbGwta25vd24gVVJJIHN1ZmZpeGVzCgl1c2VkIHRvIHB1Ymxpc2ggYXV0aG9yaXphdGlv biBzZXJ2ZXIgbWV0YWRhdGEgYXMgdXNlZCBieSB0aG9zZSBhcHBsaWNhdGlvbnMuCglGb3IgaW5z dGFuY2UsIGlmIHRoZSBFeGFtcGxlIGFwcGxpY2F0aW9uIHVzZXMgYW4gT0F1dGggYXV0aG9yaXph dGlvbiBzZXJ2ZXIgaW4gYW4gRXhhbXBsZS1zcGVjaWZpYyB3YXksCglhbmQgdGhlcmUgYXJlIEV4 YW1wbGUtc3BlY2lmaWMgbWV0YWRhdGEgdmFsdWVzIHRoYXQgaXQgbmVlZHMgdG8gcHVibGlzaCwK CXRoZW4gaXQgbWlnaHQgcmVnaXN0ZXIgYW5kIHVzZSB0aGUKCTxzcGFueCBzdHlsZT0idmVyYiI+ ZXhhbXBsZS1jb25maWd1cmF0aW9uPC9zcGFueD4gVVJJIHN1ZmZpeCBhbmQgcHVibGlzaAoJdGhl IG1ldGFkYXRhIGRvY3VtZW50IGF0IHRoZSBwYXRoIGZvcm1lZCBieSBpbnNlcnRpbmcKCTxzcGFu eCBzdHlsZT0idmVyYiI+Ly53ZWxsLWtub3duL2V4YW1wbGUtY29uZmlndXJhdGlvbjwvc3Bhbng+ CgliZXR3ZWVuIHRoZSBob3N0IGFuZCBwYXRoIGNvbXBvbmVudHMgb2YgdGhlCglhdXRob3JpemF0 aW9uIHNlcnZlcidzIGlzc3VlciBpZGVudGlmaWVyLgoJQWx0ZXJuYXRpdmVseSwgbWFueSBzdWNo IGFwcGxpY2F0aW9ucyB3aWxsIHVzZSB0aGUgZGVmYXVsdCB3ZWxsLWtub3duIFVSSSBzdHJpbmcK CTxzcGFueCBzdHlsZT0idmVyYiI+Ly53ZWxsLWtub3duL29hdXRoLWF1dGhvcml6YXRpb24tc2Vy dmVyPC9zcGFueD4sCgl3aGljaCBpcyB0aGUgcmlnaHQgY2hvaWNlIGZvciBnZW5lcmFsLXB1cnBv c2UgT0F1dGggYXV0aG9yaXphdGlvbiBzZXJ2ZXJzLAoJYW5kIG5vdCByZWdpc3RlciBhbiBhcHBs aWNhdGlvbi1zcGVjaWZpYyBvbmUuCiAgICAgIDwvdD4KICAgICAgPHQ+CglBbiBPQXV0aCAyLjAg YXBwbGljYXRpb24gdXNpbmcgdGhpcyBzcGVjaWZpY2F0aW9uIE1VU1Qgc3BlY2lmeQoJd2hhdCB3 ZWxsLWtub3duIFVSSSBzdWZmaXggaXQgd2lsbCB1c2UgZm9yIHRoaXMgcHVycG9zZS4KCVRoZSBz YW1lIGF1dGhvcml6YXRpb24gc2VydmVyIE1BWSBjaG9vc2UgdG8gcHVibGlzaCBpdHMgbWV0YWRh dGEgYXQgbXVsdGlwbGUKCXdlbGwta25vd24gbG9jYXRpb25zIGRlcml2ZWQgZnJvbSBpdHMgaXNz dWVyIGlkZW50aWZpZXIsCglmb3IgZXhhbXBsZSwgcHVibGlzaGluZyBtZXRhZGF0YSBhdCBib3Ro Cgk8c3Bhbnggc3R5bGU9InZlcmIiPi8ud2VsbC1rbm93bi9leGFtcGxlLWNvbmZpZ3VyYXRpb248 L3NwYW54PiBhbmQKCTxzcGFueCBzdHlsZT0idmVyYiI+Ly53ZWxsLWtub3duL29hdXRoLWF1dGhv cml6YXRpb24tc2VydmVyPC9zcGFueD4uCiAgICAgIDwvdD4KICAgICAgPHQ+CglTb21lIE9BdXRo IGFwcGxpY2F0aW9ucyB3aWxsIGNob29zZSB0byB1c2UKCXRoZSB3ZWxsLWtub3duIFVSSSBzdWZm aXgKCTxzcGFueCBzdHlsZT0idmVyYiI+b3BlbmlkLWNvbmZpZ3VyYXRpb248L3NwYW54Pi4KCUFz IGRlc2NyaWJlZCBpbiA8eHJlZiB0YXJnZXQ9IkNvbXBhdGliaWxpdHlOb3RlcyIvPiwgZGVzcGl0 ZSB0aGUgaWRlbnRpZmllcgoJPHNwYW54IHN0eWxlPSJ2ZXJiIj4vLndlbGwta25vd24vb3Blbmlk LWNvbmZpZ3VyYXRpb248L3NwYW54PiwKCWFwcGVhcmluZyB0byBiZSBPcGVuSUQtc3BlY2lmaWMs CglpdHMgdXNhZ2UgaW4gdGhpcyBzcGVjaWZpY2F0aW9uIGlzIGFjdHVhbGx5IHJlZmVycmluZyB0 bwoJYSBnZW5lcmFsIE9BdXRoIDIuMCBmZWF0dXJlIHRoYXQgaXMgbm90IHNwZWNpZmljIHRvIE9w ZW5JRCBDb25uZWN0LgogICAgICA8L3Q+CgogICAgICA8c2VjdGlvbiBhbmNob3I9IkFTQ29uZmln dXJhdGlvblJlcXVlc3QiCgkgICAgICAgdGl0bGU9IkF1dGhvcml6YXRpb24gU2VydmVyIE1ldGFk YXRhIFJlcXVlc3QiPgogICAgICAgIDx0PgoJICBBbiBhdXRob3JpemF0aW9uIHNlcnZlciBtZXRh ZGF0YSBkb2N1bWVudCBNVVNUIGJlIHF1ZXJpZWQgdXNpbmcgYW4gSFRUUAoJICA8c3Bhbnggc3R5 bGU9InZlcmIiPkdFVDwvc3Bhbng+IHJlcXVlc3QgYXQgdGhlIHByZXZpb3VzbHkgc3BlY2lmaWVk IHBhdGguCgk8L3Q+CiAgICAgICAgPHQ+CgkgIFRoZSBjbGllbnQgd291bGQgbWFrZSB0aGUgZm9s bG93aW5nIHJlcXVlc3Qgd2hlbiB0aGUKCSAgaXNzdWVyIGlkZW50aWZpZXIgaXMgPHNwYW54IHN0 eWxlPSJ2ZXJiIj5odHRwczovL2V4YW1wbGUuY29tPC9zcGFueD4KCSAgYW5kIHRoZSB3ZWxsLWtu b3duIFVSSSBzdWZmaXggaXMgPHNwYW54IHN0eWxlPSJ2ZXJiIj5vYXV0aC1hdXRob3JpemF0aW9u LXNlcnZlcjwvc3Bhbng+CgkgIHRvIG9idGFpbiB0aGUgbWV0YWRhdGEsCgkgIHNpbmNlIHRoZSBp c3N1ZXIgaWRlbnRpZmllciBjb250YWlucyBubyBwYXRoIGNvbXBvbmVudDoKCTwvdD4KICAgICAg ICA8dD4KCSAgPGZpZ3VyZT4KICAgICAgICAgICAgPGFydHdvcms+PCFbQ0RBVEFbCiAgR0VUIC8u d2VsbC1rbm93bi9vYXV0aC1hdXRob3JpemF0aW9uLXNlcnZlciBIVFRQLzEuMQogIEhvc3Q6IGV4 YW1wbGUuY29tCl1dPjwvYXJ0d29yaz4KICAgICAgICAgIDwvZmlndXJlPgoJPC90PgoKCTx0PgoJ ICBJZiB0aGUKCSAgaXNzdWVyIGlkZW50aWZpZXIgdmFsdWUgY29udGFpbnMgYSBwYXRoIGNvbXBv bmVudCwgYW55IHRlcm1pbmF0aW5nCgkgIDxzcGFueCBzdHlsZT0idmVyYiI+Lzwvc3Bhbng+IE1V U1QgYmUgcmVtb3ZlZCBiZWZvcmUgaW5zZXJ0aW5nCgkgIDxzcGFueCBzdHlsZT0idmVyYiI+Ly53 ZWxsLWtub3duLzwvc3Bhbng+IGFuZCB0aGUgd2VsbC1rbm93biBVUkkgc3VmZml4CgkgIGJldHdl ZW4gdGhlIGhvc3QgY29tcG9uZW50IGFuZCB0aGUgcGF0aCBjb21wb25lbnQuCgkgIFRoZSBjbGll bnQgd291bGQgbWFrZSB0aGUgZm9sbG93aW5nIHJlcXVlc3Qgd2hlbiB0aGUKCSAgaXNzdWVyIGlk ZW50aWZpZXIgaXMgPHNwYW54IHN0eWxlPSJ2ZXJiIj5odHRwczovL2V4YW1wbGUuY29tL2lzc3Vl cjE8L3NwYW54PgoJICBhbmQgdGhlIHdlbGwta25vd24gVVJJIHN1ZmZpeCBpcyA8c3Bhbnggc3R5 bGU9InZlcmIiPm9hdXRoLWF1dGhvcml6YXRpb24tc2VydmVyPC9zcGFueD4KCSAgdG8gb2J0YWlu IHRoZSBtZXRhZGF0YSwKCSAgc2luY2UgdGhlIGlzc3VlciBpZGVudGlmaWVyIGNvbnRhaW5zIGEg cGF0aCBjb21wb25lbnQ6Cgk8L3Q+CiAgICAgICAgPHQ+CgkgIDxmaWd1cmU+CiAgICAgICAgICAg IDxhcnR3b3JrPjwhW0NEQVRBWwogIEdFVCAvLndlbGwta25vd24vb2F1dGgtYXV0aG9yaXphdGlv bi1zZXJ2ZXIvaXNzdWVyMSBIVFRQLzEuMQogIEhvc3Q6IGV4YW1wbGUuY29tCl1dPjwvYXJ0d29y az4KICAgICAgICAgIDwvZmlndXJlPgoJPC90PgoKCTx0PgoJICBVc2luZyBwYXRoIGNvbXBvbmVu dHMgZW5hYmxlcyBzdXBwb3J0aW5nIG11bHRpcGxlIGlzc3VlcnMgcGVyIGhvc3QuCgkgIFRoaXMg aXMgcmVxdWlyZWQgaW4gc29tZSBtdWx0aS10ZW5hbnQgaG9zdGluZyBjb25maWd1cmF0aW9ucy4K CSAgVGhpcyB1c2Ugb2YgPHNwYW54IHN0eWxlPSJ2ZXJiIj4ud2VsbC1rbm93bjwvc3Bhbng+IGlz IGZvciBzdXBwb3J0aW5nCgkgIG11bHRpcGxlIGlzc3VlcnMgcGVyIGhvc3Q7IHVubGlrZSBpdHMg dXNlIGluCgkgIDx4cmVmIHRhcmdldD0iUkZDNTc4NSI+UkZDIDU3ODU8L3hyZWY+LCBpdCBkb2Vz IG5vdCBwcm92aWRlCgkgIGdlbmVyYWwgaW5mb3JtYXRpb24gYWJvdXQgdGhlIGhvc3QuCgk8L3Q+ CgogICAgICA8L3NlY3Rpb24+CgogICAgICA8c2VjdGlvbiBhbmNob3I9IkFTQ29uZmlndXJhdGlv blJlc3BvbnNlIgoJICAgICAgIHRpdGxlPSJBdXRob3JpemF0aW9uIFNlcnZlciBNZXRhZGF0YSBS ZXNwb25zZSI+CiAgICAgICAgPHQ+CgkgIFRoZSByZXNwb25zZSBpcyBhIHNldCBvZiBjbGFpbXMg YWJvdXQgdGhlIGF1dGhvcml6YXRpb24gc2VydmVyJ3MKCSAgY29uZmlndXJhdGlvbiwgaW5jbHVk aW5nIGFsbCBuZWNlc3NhcnkgZW5kcG9pbnRzIGFuZAoJICBwdWJsaWMga2V5IGxvY2F0aW9uIGlu Zm9ybWF0aW9uLgoJICBBIHN1Y2Nlc3NmdWwgcmVzcG9uc2UgTVVTVCB1c2UgdGhlIDIwMCBPSyBI VFRQIHN0YXR1cyBjb2RlIGFuZCByZXR1cm4KCSAgYSBKU09OIG9iamVjdCB1c2luZyB0aGUgPHNw YW54IHN0eWxlPSJ2ZXJiIj5hcHBsaWNhdGlvbi9qc29uPC9zcGFueD4gY29udGVudCB0eXBlCgkg IHRoYXQgY29udGFpbnMgYSBzZXQgb2YgY2xhaW1zIGFzIGl0cyBtZW1iZXJzCgkgIHRoYXQgYXJl IGEgc3Vic2V0IG9mIHRoZSBtZXRhZGF0YSB2YWx1ZXMgZGVmaW5lZCBpbgoJICA8eHJlZiB0YXJn ZXQ9IkFTTWV0YWRhdGEiLz4uCgkgIE90aGVyIGNsYWltcyBNQVkgYWxzbyBiZSByZXR1cm5lZC4K CTwvdD4KICAgICAgICA8dD4KCSAgQ2xhaW1zIHRoYXQgcmV0dXJuIG11bHRpcGxlIHZhbHVlcyBh cmUgcmVwcmVzZW50ZWQgYXMgSlNPTiBhcnJheXMuCgkgIENsYWltcyB3aXRoIHplcm8gZWxlbWVu dHMgTVVTVCBiZSBvbWl0dGVkIGZyb20gdGhlIHJlc3BvbnNlLgoJPC90PgoJPHQ+CgkgIEFuIGVy cm9yIHJlc3BvbnNlIHVzZXMgdGhlIGFwcGxpY2FibGUgSFRUUCBzdGF0dXMgY29kZSB2YWx1ZS4K CTwvdD4KICAgICAgICA8dD4KCSAgPGZpZ3VyZT4KCSAgICA8cHJlYW1ibGU+VGhlIGZvbGxvd2lu ZyBpcyBhIG5vbi1ub3JtYXRpdmUgZXhhbXBsZSByZXNwb25zZTo8L3ByZWFtYmxlPgoKICAgICAg ICAgICAgPGFydHdvcms+PCFbQ0RBVEFbCiAgSFRUUC8xLjEgMjAwIE9LCiAgQ29udGVudC1UeXBl OiBhcHBsaWNhdGlvbi9qc29uCgogIHsKICAgImlzc3VlciI6CiAgICAgImh0dHBzOi8vc2VydmVy LmV4YW1wbGUuY29tIiwKICAgImF1dGhvcml6YXRpb25fZW5kcG9pbnQiOgogICAgICJodHRwczov L3NlcnZlci5leGFtcGxlLmNvbS9hdXRob3JpemUiLAogICAidG9rZW5fZW5kcG9pbnQiOgogICAg ICJodHRwczovL3NlcnZlci5leGFtcGxlLmNvbS90b2tlbiIsCiAgICJ0b2tlbl9lbmRwb2ludF9h dXRoX21ldGhvZHNfc3VwcG9ydGVkIjoKICAgICBbImNsaWVudF9zZWNyZXRfYmFzaWMiLCAicHJp dmF0ZV9rZXlfand0Il0sCiAgICJ0b2tlbl9lbmRwb2ludF9hdXRoX3NpZ25pbmdfYWxnX3ZhbHVl c19zdXBwb3J0ZWQiOgogICAgIFsiUlMyNTYiLCAiRVMyNTYiXSwKICAgInVzZXJpbmZvX2VuZHBv aW50IjoKICAgICAiaHR0cHM6Ly9zZXJ2ZXIuZXhhbXBsZS5jb20vdXNlcmluZm8iLAogICAiandr c191cmkiOgogICAgICJodHRwczovL3NlcnZlci5leGFtcGxlLmNvbS9qd2tzLmpzb24iLAogICAi cmVnaXN0cmF0aW9uX2VuZHBvaW50IjoKICAgICAiaHR0cHM6Ly9zZXJ2ZXIuZXhhbXBsZS5jb20v cmVnaXN0ZXIiLAogICAic2NvcGVzX3N1cHBvcnRlZCI6CiAgICAgWyJvcGVuaWQiLCAicHJvZmls ZSIsICJlbWFpbCIsICJhZGRyZXNzIiwKICAgICAgInBob25lIiwgIm9mZmxpbmVfYWNjZXNzIl0s CiAgICJyZXNwb25zZV90eXBlc19zdXBwb3J0ZWQiOgogICAgIFsiY29kZSIsICJjb2RlIHRva2Vu Il0sCiAgICJzZXJ2aWNlX2RvY3VtZW50YXRpb24iOgogICAgICJodHRwOi8vc2VydmVyLmV4YW1w bGUuY29tL3NlcnZpY2VfZG9jdW1lbnRhdGlvbi5odG1sIiwKICAgInVpX2xvY2FsZXNfc3VwcG9y dGVkIjoKICAgICBbImVuLVVTIiwgImVuLUdCIiwgImVuLUNBIiwgImZyLUZSIiwgImZyLUNBIl0K ICB9Cl1dPjwvYXJ0d29yaz4KICAgICAgICAgIDwvZmlndXJlPgoJPC90PgogICAgICA8L3NlY3Rp b24+CgogICAgICA8c2VjdGlvbiBhbmNob3I9IkFTQ29uZmlndXJhdGlvblZhbGlkYXRpb24iCgkg ICAgICAgdGl0bGU9IkF1dGhvcml6YXRpb24gU2VydmVyIE1ldGFkYXRhIFZhbGlkYXRpb24iPgoK ICAgICAgICA8dD4KCSAgVGhlIDxzcGFueCBzdHlsZT0idmVyYiI+aXNzdWVyPC9zcGFueD4gdmFs dWUgcmV0dXJuZWQgTVVTVCBiZSBpZGVudGljYWwgdG8KCSAgdGhlIGF1dGhvcml6YXRpb24gc2Vy dmVyJ3MgaXNzdWVyIGlkZW50aWZpZXIgdmFsdWUgaW50byB3aGljaAoJICB0aGUgd2VsbC1rbm93 biBVUkkgc3RyaW5nIHdhcyBpbnNlcnRlZCB0byBjcmVhdGUgdGhlIFVSTAoJICB1c2VkIHRvIHJl dHJpZXZlIHRoZSBtZXRhZGF0YS4KCSAgPCEtLQoJICBUaGlzIE1VU1QgYWxzbyBiZSBpZGVudGlj YWwgdG8gdGhlIDxzcGFueCBzdHlsZT0idmVyYiI+aXNzPC9zcGFueD4gY2xhaW0gdmFsdWUKCSAg aW4gSUQgVG9rZW5zIGlzc3VlZCBmcm9tIHRoaXMgSXNzdWVyLgoJICAtLT4KCSAgSWYgdGhlc2Ug dmFsdWVzIGFyZSBub3QgaWRlbnRpY2FsLCB0aGUgZGF0YSBjb250YWluZWQgaW4gdGhlIHJlc3Bv bnNlIE1VU1QgTk9UIGJlIHVzZWQuCgk8L3Q+CiAgICAgIDwvc2VjdGlvbj4KICAgIDwvc2VjdGlv bj4KCiAgICA8c2VjdGlvbiBhbmNob3I9IlN0cmluZ09wcyIgdGl0bGU9IlN0cmluZyBPcGVyYXRp b25zIj4KCiAgICAgIDx0PgoJUHJvY2Vzc2luZyBzb21lIE9BdXRoIDIuMCBtZXNzYWdlcyByZXF1 aXJlcyBjb21wYXJpbmcKCXZhbHVlcyBpbiB0aGUgbWVzc2FnZXMgdG8ga25vd24gdmFsdWVzLiBG b3IgZXhhbXBsZSwgdGhlCgltZW1iZXIgbmFtZXMgaW4gdGhlIG1ldGFkYXRhIHJlc3BvbnNlIG1p Z2h0IGJlCgljb21wYXJlZCB0byBzcGVjaWZpYyBtZW1iZXIgbmFtZXMgc3VjaCBhcyA8c3BhbngK CXN0eWxlPSJ2ZXJiIj5pc3N1ZXI8L3NwYW54Pi4gIENvbXBhcmluZyBVbmljb2RlIDx4cmVmIHRh cmdldD0iVU5JQ09ERSIvPiBzdHJpbmdzLAoJaG93ZXZlciwgaGFzIHNpZ25pZmljYW50IHNlY3Vy aXR5IGltcGxpY2F0aW9ucy4KICAgICAgPC90PgogICAgICA8dD4KCVRoZXJlZm9yZSwgY29tcGFy aXNvbnMgYmV0d2VlbiBKU09OIHN0cmluZ3MgYW5kIG90aGVyIFVuaWNvZGUKCXN0cmluZ3MgTVVT VCBiZSBwZXJmb3JtZWQgYXMgc3BlY2lmaWVkIGJlbG93OgoKCTxsaXN0IHN0eWxlPSJudW1iZXJz Ij4KCiAgICAgICAgICA8dD4KCSAgICBSZW1vdmUgYW55IEpTT04gYXBwbGllZCBlc2NhcGluZyB0 byBwcm9kdWNlIGFuIGFycmF5IG9mCgkgICAgVW5pY29kZSBjb2RlIHBvaW50cy4KCSAgPC90Pgog ICAgICAgICAgPHQ+CgkgICAgVW5pY29kZSBOb3JtYWxpemF0aW9uIDx4cmVmIHRhcmdldD0iVVNB MTUiLz4gTVVTVCBOT1QKCSAgICBiZSBhcHBsaWVkIGF0IGFueSBwb2ludCB0byBlaXRoZXIgdGhl IEpTT04gc3RyaW5nIG9yIHRvCgkgICAgdGhlIHN0cmluZyBpdCBpcyB0byBiZSBjb21wYXJlZCBh Z2FpbnN0LgoJICA8L3Q+CiAgICAgICAgICA8dD4KCSAgICBDb21wYXJpc29ucyBiZXR3ZWVuIHRo ZSB0d28gc3RyaW5ncyBNVVNUIGJlIHBlcmZvcm1lZCBhcyBhCgkgICAgVW5pY29kZSBjb2RlIHBv aW50IHRvIGNvZGUgcG9pbnQgZXF1YWxpdHkgY29tcGFyaXNvbi4KCSAgPC90PgoKICAgICAgICA8 L2xpc3Q+CiAgICAgIDwvdD4KICAgICAgPHQ+CglOb3RlIHRoYXQgdGhpcyBpcyB0aGUgc2FtZSBl cXVhbGl0eSBjb21wYXJpc29uIHByb2NlZHVyZSBkZXNjcmliZWQgaW4KCVNlY3Rpb24gOC4zIG9m IDx4cmVmIHRhcmdldD0iUkZDNzE1OSIvPi4KICAgICAgPC90PgoKICAgIDwvc2VjdGlvbj4KCiAg ICA8c2VjdGlvbiBhbmNob3I9IkNvbXBhdGliaWxpdHlOb3RlcyIgdGl0bGU9IkNvbXBhdGliaWxp dHkgTm90ZXMiPgoKICAgICAgPHQ+CglUaGUgaWRlbnRpZmllcnMKCTxzcGFueCBzdHlsZT0idmVy YiI+Ly53ZWxsLWtub3duL29wZW5pZC1jb25maWd1cmF0aW9uPC9zcGFueD4sCgk8c3Bhbnggc3R5 bGU9InZlcmIiPm9wX3BvbGljeV91cmk8L3NwYW54PiwKCWFuZCA8c3Bhbnggc3R5bGU9InZlcmIi Pm9wX3Rvc191cmk8L3NwYW54PgoJY29udGFpbiBzdHJpbmdzIHJlZmVycmluZyB0byB0aGUKCU9w ZW5JRCBDb25uZWN0IDx4cmVmIHRhcmdldD0iT3BlbklELkNvcmUiLz4gZmFtaWx5IG9mIHNwZWNp ZmljYXRpb25zCgl0aGF0IHdlcmUgb3JpZ2luYWxseSBkZWZpbmVkIGJ5Cgk8eHJlZiB0YXJnZXQ9 Ik9wZW5JRC5EaXNjb3ZlcnkiPiJPcGVuSUQgQ29ubmVjdCBEaXNjb3ZlcnkgMS4wIjwveHJlZj4u CglEZXNwaXRlIHRoZSByZXVzZSBvZiB0aGVzZSBpZGVudGlmaWVycyB0aGF0IGFwcGVhciB0byBi ZSBPcGVuSUQtc3BlY2lmaWMsCgl0aGVpciB1c2FnZSBpbiB0aGlzIHNwZWNpZmljYXRpb24gaXMg YWN0dWFsbHkgcmVmZXJyaW5nIHRvCglnZW5lcmFsIE9BdXRoIDIuMCBmZWF0dXJlcyB0aGF0IGFy ZSBub3Qgc3BlY2lmaWMgdG8gT3BlbklEIENvbm5lY3QuCiAgICAgIDwvdD4KICAgICAgPHQ+CglU aGUgYWxnb3JpdGhtIGZvciB0cmFuc2Zvcm1pbmcgdGhlIGlzc3VlciBpZGVudGlmaWVyIHRvIGFu IGF1dGhvcml6YXRpb24gc2VydmVyIG1ldGFkYXRhIGxvY2F0aW9uCglkZWZpbmVkIGluIDx4cmVm IHRhcmdldD0iQVNDb25maWciLz4gaXMgZXF1aXZhbGVudCB0byB0aGUgY29ycmVzcG9uZGluZyB0 cmFuc2Zvcm1hdGlvbiBkZWZpbmVkIGluCglTZWN0aW9uIDQgb2YgPHhyZWYgdGFyZ2V0PSJPcGVu SUQuRGlzY292ZXJ5Ij4iT3BlbklEIENvbm5lY3QgRGlzY292ZXJ5IDEuMCI8L3hyZWY+LAoJcHJv dmlkZWQgdGhhdCB0aGUgaXNzdWVyIGlkZW50aWZpZXIgY29udGFpbnMgbm8gcGF0aCBjb21wb25l bnQuCglIb3dldmVyLCB0aGV5IGFyZSBkaWZmZXJlbnQgd2hlbiB0aGVyZSBpcyBhIHBhdGggY29t cG9uZW50LAoJYmVjYXVzZSBPcGVuSUQgQ29ubmVjdCBEaXNjb3ZlcnkgMS4wIHNwZWNpZmllcyB0 aGF0IHRoZSB3ZWxsLWtub3duIFVSSSBzdHJpbmcgaXMgYXBwZW5kZWQgdG8gdGhlIGlzc3VlciBp ZGVudGlmaWVyCgkoZS5nLiwgPHNwYW54IHN0eWxlPSJ2ZXJiIj5odHRwczovL2V4YW1wbGUuY29t L2lzc3VlcjEvLndlbGwta25vd24vb3BlbmlkLWNvbmZpZ3VyYXRpb248L3NwYW54PiksCgl3aGVy ZWFzIHRoaXMgc3BlY2lmaWNhdGlvbiBzcGVjaWZpZXMgdGhhdCB0aGUgd2VsbC1rbm93biBVUkkg c3RyaW5nIGlzIGluc2VydGVkIGJlZm9yZSB0aGUgcGF0aCBjb21wb25lbnQgb2YgdGhlIGlzc3Vl ciBpZGVudGlmaWVyCgkoZS5nLiwgPHNwYW54IHN0eWxlPSJ2ZXJiIj5odHRwczovL2V4YW1wbGUu Y29tLy53ZWxsLWtub3duL29wZW5pZC1jb25maWd1cmF0aW9uL2lzc3VlcjE8L3NwYW54PikuCiAg ICAgIDwvdD4KICAgICAgPHQ+CglHb2luZyBmb3J3YXJkLCBPQXV0aCBhdXRob3JpemF0aW9uIHNl cnZlciBtZXRhZGF0YSBsb2NhdGlvbnMgc2hvdWxkIHVzZSB0aGUgdHJhbnNmb3JtYXRpb24gZGVm aW5lZCBpbiB0aGlzIHNwZWNpZmljYXRpb24uCglIb3dldmVyLCB3aGVuIGRlcGxveWVkIGluIGxl Z2FjeSBlbnZpcm9ubWVudHMgaW4gd2hpY2ggdGhlIE9wZW5JRCBDb25uZWN0IERpc2NvdmVyeSAx LjAgdHJhbnNmb3JtYXRpb24gaXMgYWxyZWFkeSB1c2VkLAoJaXQgbWF5IGJlIG5lY2Vzc2FyeSBk dXJpbmcgYSB0cmFuc2l0aW9uIHBlcmlvZCB0byBwdWJsaXNoIG1ldGFkYXRhIGZvciBpc3N1ZXIg aWRlbnRpZmllcnMgY29udGFpbmluZyBhIHBhdGggY29tcG9uZW50IGF0IGJvdGggbG9jYXRpb25z LgoJRHVyaW5nIHRoaXMgdHJhbnNpdGlvbiBwZXJpb2QsIGFwcGxpY2F0aW9ucyBzaG91bGQgZmly c3QgYXBwbHkgdGhlIHRyYW5zZm9ybWF0aW9uIGRlZmluZWQgaW4gdGhpcyBzcGVjaWZpY2F0aW9u CglhbmQgYXR0ZW1wdCB0byByZXRyaWV2ZSB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgbWV0YWRh dGEgZnJvbSB0aGUgcmVzdWx0aW5nIGxvY2F0aW9uOwoJb25seSBpZiB0aGUgcmV0cmlldmFsIGZy b20gdGhhdCBsb2NhdGlvbiBmYWlscyBzaG91bGQgdGhleSBmYWxsIGJhY2sgdG8gYXR0ZW1wdGlu ZyB0byByZXRyaXZlIGl0Cglmcm9tIHRoZSBhbHRlcm5hdGUgbG9jYXRpb24gb2J0YWluZWQgdXNp bmcgdGhlIHRyYW5zZm9ybWF0aW9uIGRlZmluZWQgYnkgT3BlbklEIENvbm5lY3QgRGlzY292ZXJ5 IDEuMC4KCVRoaXMgYmFja3dhcmRzLWNvbXBhdGliaWxpdHkgYmVoYXZpb3Igc2hvdWxkIG9ubHkg YmUgbmVjZXNzYXJ5IHdoZW4KCXRoZSB3ZWxsLWtub3duIFVSSSBzdWZmaXggZW1wbG95ZWQgYnkg dGhlIGFwcGxpY2F0aW9uIGlzIDxzcGFueCBzdHlsZT0idmVyYiI+b3BlbmlkLWNvbmZpZ3VyYXRp b248L3NwYW54Pi4KICAgICAgPC90PgoKICAgIDwvc2VjdGlvbj4KCiAgICA8c2VjdGlvbiBhbmNo b3I9IlNlY3VyaXR5IiB0aXRsZT0iU2VjdXJpdHkgQ29uc2lkZXJhdGlvbnMiPgoKICAgICAgPHNl Y3Rpb24gYW5jaG9yPSJUTFNSZXF1aXJlbWVudHMiIHRpdGxlPSJUTFMgUmVxdWlyZW1lbnRzIj4K CTx0PgoJICBJbXBsZW1lbnRhdGlvbnMgTVVTVCBzdXBwb3J0IFRMUy4KCSAgV2hpY2ggdmVyc2lv bihzKSBvdWdodCB0byBiZSBpbXBsZW1lbnRlZCB3aWxsIHZhcnkgb3ZlcgoJICB0aW1lIGFuZCBk ZXBlbmQgb24gdGhlIHdpZGVzcHJlYWQgZGVwbG95bWVudCBhbmQga25vd24KCSAgc2VjdXJpdHkg dnVsbmVyYWJpbGl0aWVzIGF0IHRoZSB0aW1lIG9mIGltcGxlbWVudGF0aW9uLgoJICBUaGUgYXV0 aG9yaXphdGlvbiBzZXJ2ZXIgTVVTVCBzdXBwb3J0CgkgIFRMUyB2ZXJzaW9uIDEuMiA8eHJlZiB0 YXJnZXQ9J1JGQzUyNDYnIC8+CgkgIGFuZCBNQVkgc3VwcG9ydCBhZGRpdGlvbmFsIHRyYW5zcG9y dC1sYXllciBzZWN1cml0eSBtZWNoYW5pc21zIG1lZXRpbmcgaXRzIHNlY3VyaXR5IHJlcXVpcmVt ZW50cy4KCSAgV2hlbiB1c2luZyBUTFMsIHRoZSBjbGllbnQgTVVTVCBwZXJmb3JtIGEgVExTL1NT TCBzZXJ2ZXIgY2VydGlmaWNhdGUgY2hlY2ssCgkgIHBlciA8eHJlZiB0YXJnZXQ9IlJGQzYxMjUi PlJGQyA2MTI1PC94cmVmPi4KCSAgSW1wbGVtZW50YXRpb24gc2VjdXJpdHkgY29uc2lkZXJhdGlv bnMgY2FuIGJlIGZvdW5kIGluCgkgIDx4cmVmIHRhcmdldD0iQkNQMTk1Ij5SZWNvbW1lbmRhdGlv bnMgZm9yIFNlY3VyZSBVc2Ugb2YgVExTIGFuZCBEVExTPC94cmVmPi4KCTwvdD4KCTx0PgoJICBU byBwcm90ZWN0IGFnYWluc3QgaW5mb3JtYXRpb24gZGlzY2xvc3VyZSBhbmQgdGFtcGVyaW5nLAoJ ICBjb25maWRlbnRpYWxpdHkgcHJvdGVjdGlvbiBNVVNUIGJlIGFwcGxpZWQgdXNpbmcgVExTCgkg IHdpdGggYSBjaXBoZXJzdWl0ZSB0aGF0IHByb3ZpZGVzIGNvbmZpZGVudGlhbGl0eSBhbmQKCSAg aW50ZWdyaXR5IHByb3RlY3Rpb24uCgk8L3Q+CiAgICAgIDwvc2VjdGlvbj4KCiAgICAgIDxzZWN0 aW9uIGFuY2hvcj0iSW1wZXJzb25hdGlvbiIgdGl0bGU9IkltcGVyc29uYXRpb24gQXR0YWNrcyI+ Cgk8dD4KCSAgVExTIGNlcnRpZmljYXRlIGNoZWNraW5nIE1VU1QgYmUgcGVyZm9ybWVkIGJ5IHRo ZSBjbGllbnQsCgkgIGFzIGRlc2NyaWJlZCBpbiA8eHJlZiB0YXJnZXQ9IlRMU1JlcXVpcmVtZW50 cyIvPiwKCSAgd2hlbiBtYWtpbmcgYW4gYXV0aG9yaXphdGlvbiBzZXJ2ZXIgbWV0YWRhdGEgcmVx dWVzdC4KCSAgQ2hlY2tpbmcgdGhhdCB0aGUgc2VydmVyIGNlcnRpZmljYXRlIGlzIHZhbGlkIGZv ciB0aGUgaXNzdWVyIGlkZW50aWZpZXIgVVJMCgkgIHByZXZlbnRzIG1hbi1pbi1taWRkbGUgYW5k IEROUy1iYXNlZCBhdHRhY2tzLgoJICBUaGVzZSBhdHRhY2tzIGNvdWxkIGNhdXNlIGEgY2xpZW50 IHRvIGJlIHRyaWNrZWQgaW50byB1c2luZyBhbiBhdHRhY2tlcidzCgkgIGtleXMgYW5kIGVuZHBv aW50cywgd2hpY2ggd291bGQgZW5hYmxlIGltcGVyc29uYXRpb24gb2YgdGhlIGxlZ2l0aW1hdGUg YXV0aG9yaXphdGlvbiBzZXJ2ZXIuCgkgIElmIGFuIGF0dGFja2VyIGNhbiBhY2NvbXBsaXNoIHRo aXMsIHRoZXkgY2FuIGFjY2VzcyB0aGUgcmVzb3VyY2VzCgkgIHRoYXQgdGhlIGFmZmVjdGVkIGNs aWVudCBoYXMgYWNjZXNzIHRvCgkgIHVzaW5nIHRoZSBhdXRob3JpemF0aW9uIHNlcnZlciB0aGF0 IHRoZXkgYXJlIGltcGVyc29uYXRpbmcuCgk8L3Q+Cgk8dD4KCSAgQW4gYXR0YWNrZXIgbWF5IGFs c28gYXR0ZW1wdCB0byBpbXBlcnNvbmF0ZSBhbiBhdXRob3JpemF0aW9uIHNlcnZlciBieSBwdWJs aXNoaW5nCgkgIGEgbWV0YWRhdGEgZG9jdW1lbnQgdGhhdCBjb250YWlucyBhbiA8c3Bhbnggc3R5 bGU9InZlcmIiPmlzc3Vlcjwvc3Bhbng+IGNsYWltCgkgIHVzaW5nIHRoZSBpc3N1ZXIgaWRlbnRp ZmllciBVUkwgb2YgdGhlIGF1dGhvcml6YXRpb24gc2VydmVyIGJlaW5nIGltcGVyc29uYXRlZCwK CSAgYnV0IHdpdGggaXRzIG93biBlbmRwb2ludHMgYW5kIHNpZ25pbmcga2V5cy4KCSAgVGhpcyB3 b3VsZCBlbmFibGUgaXQgdG8gaW1wZXJzb25hdGUgdGhhdCBhdXRob3JpemF0aW9uIHNlcnZlciwg aWYgYWNjZXB0ZWQgYnkgdGhlIGNsaWVudC4KCSAgVG8gcHJldmVudCB0aGlzLCB0aGUgY2xpZW50 IE1VU1QgZW5zdXJlIHRoYXQgdGhlIGlzc3VlciBpZGVudGlmaWVyIFVSTCBpdCBpcyB1c2luZwoJ ICBhcyB0aGUgcHJlZml4IGZvciB0aGUgbWV0YWRhdGEgcmVxdWVzdCBleGFjdGx5IG1hdGNoZXMg dGhlIHZhbHVlIG9mCgkgIHRoZSA8c3Bhbnggc3R5bGU9InZlcmIiPmlzc3Vlcjwvc3Bhbng+IG1l dGFkYXRhIHZhbHVlCgkgIGluIHRoZSBhdXRob3JpemF0aW9uIHNlcnZlciBtZXRhZGF0YSBkb2N1 bWVudCByZWNlaXZlZCBieSB0aGUgY2xpZW50LgoJICA8IS0tCgkgIGFuZCB0aGF0IHRoaXMgYWxz byBleGFjdGx5IG1hdGNoZXMgdGhlIDxzcGFueCBzdHlsZT0idmVyYiI+aXNzPC9zcGFueD4gY2xh aW0KCSAgdmFsdWUgaW4gSUQgVG9rZW5zIHRoYXQgYXJlIHN1cHBvc2VkIHRvIGJlIGZyb20gdGhh dCBJc3N1ZXIuCgkgIC0tPgoJPC90PgogICAgICA8L3NlY3Rpb24+CgogICAgICA8c2VjdGlvbiBh bmNob3I9IlN0YW5kYXJkRm9ybWF0IiB0aXRsZT0iUHVibGlzaGluZyBNZXRhZGF0YSBpbiBhIFN0 YW5kYXJkIEZvcm1hdCI+Cgk8dD4KCSAgUHVibGlzaGluZyBpbmZvcm1hdGlvbiBhYm91dCB0aGUg YXV0aG9yaXphdGlvbiBzZXJ2ZXIgaW4gYSBzdGFuZGFyZCBmb3JtYXQKCSAgbWFrZXMgaXQgZWFz aWVyIGZvciBib3RoIGxlZ2l0aW1hdGUgY2xpZW50cyBhbmQgYXR0YWNrZXJzCgkgIHRvIHVzZSB0 aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIuCgkgIFdoZXRoZXIgYW4gYXV0aG9yaXphdGlvbiBzZXJ2 ZXIgcHVibGlzaGVzIGl0cyBtZXRhZGF0YSBpbiBhbiBhZC1ob2MgbWFubmVyCgkgIG9yIGluIHRo ZSBzdGFuZGFyZCBmb3JtYXQgZGVmaW5lZCBieSB0aGlzIHNwZWNpZmljYXRpb24sCgkgIHRoZSBz YW1lIGRlZmVuc2VzIGFnYWluc3QgYXR0YWNrcyB0aGF0IG1pZ2h0IGJlIG1vdW50ZWQKCSAgdGhh dCB1c2UgdGhpcyBpbmZvcm1hdGlvbiBzaG91bGQgYmUgYXBwbGllZC4KCTwvdD4KICAgICAgPC9z ZWN0aW9uPgoKICAgICAgPHNlY3Rpb24gYW5jaG9yPSJQcm90ZWN0ZWRSZXNvdXJjZXMiIHRpdGxl PSJQcm90ZWN0ZWQgUmVzb3VyY2VzIj4KCTx0PgoJICBTZWN1cmUgZGV0ZXJtaW5hdGlvbiBvZiBh cHByb3ByaWF0ZSBwcm90ZWN0ZWQgcmVzb3VyY2VzCgkgIHRvIHVzZSB3aXRoIGFuIGF1dGhvcml6 YXRpb24gc2VydmVyIGZvciBhbGwgdXNlIGNhc2VzCgkgIGlzIG91dCBvZiBzY29wZSBvZiB0aGlz IHNwZWNpZmljYXRpb24uCgkgIFRoaXMgc3BlY2lmaWNhdGlvbiBhc3N1bWVzIHRoYXQgdGhlIGNs aWVudCBoYXMgYSBtZWFucyBvZiBkZXRlcm1pbmluZwoJICBhcHByb3ByaWF0ZSBwcm90ZWN0ZWQg cmVzb3VyY2VzIHRvIHVzZSB3aXRoIGFuIGF1dGhvcml6YXRpb24gc2VydmVyCgkgIGFuZCB0aGF0 IHRoZSBjbGllbnQgaXMgdXNpbmcgdGhlIGNvcnJlY3QgbWV0YWRhdGEKCSAgZm9yIGVhY2ggYXV0 aG9yaXphdGlvbiBzZXJ2ZXIuCgkgIEltcGxlbWVudGVycyBuZWVkIHRvIGJlIGF3YXJlIHRoYXQg aWYgYW4gaW5hcHByb3ByaWF0ZSBwcm90ZWN0ZWQgcmVzb3VyY2UKCSAgaXMgdXNlZCBieSB0aGUg Y2xpZW50LCB0aGF0IGFuIGF0dGFja2VyIG1heSBiZSBhYmxlIHRvIGFjdCBhcwoJICBhIG1hbi1p bi10aGUtbWlkZGxlIHByb3h5IHRvIGEgdmFsaWQgcHJvdGVjdGVkIHJlc291cmNlIHdpdGhvdXQK CSAgaXQgYmVpbmcgZGV0ZWN0ZWQgYnkgdGhlIGF1dGhvcml6YXRpb24gc2VydmVyIG9yIHRoZSBj bGllbnQuCgk8L3Q+Cgk8dD4KCSAgVGhlIHdheXMgdG8gZGV0ZXJtaW5lIHRoZSBhcHByb3ByaWF0 ZSBwcm90ZWN0ZWQgcmVzb3VyY2VzIHRvIHVzZQoJICB3aXRoIGFuIGF1dGhvcml6YXRpb24gc2Vy dmVyIGFyZSBpbiBnZW5lcmFsLCBhcHBsaWNhdGlvbi1kZXBlbmRlbnQuCgkgIEZvciBpbnN0YW5j ZSwgc29tZSBhdXRob3JpemF0aW9uIHNlcnZlcnMgYXJlIHVzZWQgd2l0aAoJICBhIGZpeGVkIHBy b3RlY3RlZCByZXNvdXJjZSBvciBzZXQgb2YgcHJvdGVjdGVkIHJlc291cmNlcywKCSAgdGhlIGxv Y2F0aW9ucyBvZiB3aGljaCBtYXkgYmUgd2VsbCBrbm93biwKCSAgb3Igd2hpY2ggY291bGQgYmUg cHVibGlzaGVkIGFzIG1ldGFkYXRhIHZhbHVlcyBieSB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIu CgkgIEluIG90aGVyIGNhc2VzLCB0aGUgc2V0IG9mIHJlc291cmNlcyB0aGF0IGNhbiBiZSB1c2Vk IHdpdGgKCSAgYW4gYXV0aG9yaXphdGlvbiBzZXJ2ZXIgY2FuIGJ5IGR5bmFtaWNhbGx5IGNoYW5n ZWQKCSAgYnkgYWRtaW5pc3RyYXRpdmUgYWN0aW9ucy4KCSAgTWFueSBvdGhlciBtZWFucyBvZiBk ZXRlcm1pbmluZyBhcHByb3ByaWF0ZSBhc3NvY2lhdGlvbnMgYmV0d2VlbgoJICBhdXRob3JpemF0 aW9uIHNlcnZlcnMgYW5kIHByb3RlY3RlZCByZXNvdXJjZXMgYXJlIGFsc28gcG9zc2libGUuCgk8 L3Q+CiAgICAgIDwvc2VjdGlvbj4KCiAgICA8L3NlY3Rpb24+CgogICAgPHNlY3Rpb24gYW5jaG9y PSJJQU5BIiB0aXRsZT0iSUFOQSBDb25zaWRlcmF0aW9ucyI+CgogICAgICA8dD4KCVRoZSBmb2xs b3dpbmcgcmVnaXN0cmF0aW9uIHByb2NlZHVyZSBpcyB1c2VkIGZvciB0aGUKCXJlZ2lzdHJ5IGVz dGFibGlzaGVkIGJ5IHRoaXMgc3BlY2lmaWNhdGlvbi4KICAgICAgPC90PgogICAgICA8dD4KCVZh bHVlcyBhcmUgcmVnaXN0ZXJlZCBvbiBhIFNwZWNpZmljYXRpb24gUmVxdWlyZWQgPHhyZWYgdGFy Z2V0PSJSRkM4MTI2Ii8+CgliYXNpcyBhZnRlciBhIHR3by13ZWVrIHJldmlldyBwZXJpb2Qgb24g dGhlIG9hdXRoLWV4dC1yZXZpZXdAaWV0Zi5vcmcKCW1haWxpbmcgbGlzdCwgb24gdGhlIGFkdmlj ZSBvZiBvbmUgb3IgbW9yZSBEZXNpZ25hdGVkIEV4cGVydHMuCglIb3dldmVyLCB0byBhbGxvdyBm b3IgdGhlIGFsbG9jYXRpb24gb2YgdmFsdWVzIHByaW9yIHRvIHB1YmxpY2F0aW9uLAoJdGhlIERl c2lnbmF0ZWQgRXhwZXJ0cyBtYXkgYXBwcm92ZSByZWdpc3RyYXRpb24gb25jZSB0aGV5IGFyZSBz YXRpc2ZpZWQKCXRoYXQgc3VjaCBhIHNwZWNpZmljYXRpb24gd2lsbCBiZSBwdWJsaXNoZWQuCiAg ICAgICA8L3Q+CiAgICAgICA8dD4KCVJlZ2lzdHJhdGlvbiByZXF1ZXN0cyBzZW50IHRvIHRoZSBt YWlsaW5nIGxpc3QgZm9yIHJldmlldyBzaG91bGQgdXNlCglhbiBhcHByb3ByaWF0ZSBzdWJqZWN0 CgkoZS5nLiwgIlJlcXVlc3QgdG8gcmVnaXN0ZXIgT0F1dGggQXV0aG9yaXphdGlvbiBTZXJ2ZXIg TWV0YWRhdGE6IGV4YW1wbGUiKS4KICAgICAgIDwvdD4KICAgICAgPHQ+CglXaXRoaW4gdGhlIHJl dmlldyBwZXJpb2QsIHRoZSBEZXNpZ25hdGVkIEV4cGVydHMgd2lsbCBlaXRoZXIgYXBwcm92ZSBv cgoJZGVueSB0aGUgcmVnaXN0cmF0aW9uIHJlcXVlc3QsIGNvbW11bmljYXRpbmcgdGhpcyBkZWNp c2lvbiB0byB0aGUgcmV2aWV3IGxpc3QgYW5kIElBTkEuCglEZW5pYWxzIHNob3VsZCBpbmNsdWRl IGFuIGV4cGxhbmF0aW9uIGFuZCwgaWYgYXBwbGljYWJsZSwgc3VnZ2VzdGlvbnMgYXMgdG8gaG93 IHRvIG1ha2UKCXRoZSByZXF1ZXN0IHN1Y2Nlc3NmdWwuCglSZWdpc3RyYXRpb24gcmVxdWVzdHMg dGhhdCBhcmUgdW5kZXRlcm1pbmVkIGZvcgoJYSBwZXJpb2QgbG9uZ2VyIHRoYW4gMjEgZGF5cyBj YW4gYmUgYnJvdWdodCB0byB0aGUgSUVTRydzIGF0dGVudGlvbgoJKHVzaW5nIHRoZSBpZXNnQGll dGYub3JnIG1haWxpbmcgbGlzdCkgZm9yIHJlc29sdXRpb24uCiAgICAgIDwvdD4KICAgICAgPHQ+ CglDcml0ZXJpYSB0aGF0IHNob3VsZCBiZSBhcHBsaWVkIGJ5IHRoZSBEZXNpZ25hdGVkIEV4cGVy dHMgaW5jbHVkZXMKCWRldGVybWluaW5nIHdoZXRoZXIgdGhlIHByb3Bvc2VkIHJlZ2lzdHJhdGlv biBkdXBsaWNhdGVzIGV4aXN0aW5nIGZ1bmN0aW9uYWxpdHksCglkZXRlcm1pbmluZyB3aGV0aGVy IGl0IGlzIGxpa2VseSB0byBiZSBvZiBnZW5lcmFsIGFwcGxpY2FiaWxpdHkKCW9yIHdoZXRoZXIg aXQgaXMgdXNlZnVsIG9ubHkgZm9yIGEgc2luZ2xlIGFwcGxpY2F0aW9uLAoJYW5kIHdoZXRoZXIg dGhlIHJlZ2lzdHJhdGlvbiBtYWtlcyBzZW5zZS4KICAgICAgPC90PgogICAgICA8dD4KCUlBTkEg bXVzdCBvbmx5IGFjY2VwdCByZWdpc3RyeSB1cGRhdGVzIGZyb20gdGhlIERlc2lnbmF0ZWQgRXhw ZXJ0cyBhbmQgc2hvdWxkIGRpcmVjdAoJYWxsIHJlcXVlc3RzIGZvciByZWdpc3RyYXRpb24gdG8g dGhlIHJldmlldyBtYWlsaW5nIGxpc3QuCiAgICAgIDwvdD4KICAgICAgPHQ+CglJdCBpcyBzdWdn ZXN0ZWQgdGhhdCBtdWx0aXBsZSBEZXNpZ25hdGVkIEV4cGVydHMgYmUgYXBwb2ludGVkIHdobyBh cmUgYWJsZSB0bwoJcmVwcmVzZW50IHRoZSBwZXJzcGVjdGl2ZXMgb2YgZGlmZmVyZW50IGFwcGxp Y2F0aW9ucyB1c2luZyB0aGlzIHNwZWNpZmljYXRpb24sCglpbiBvcmRlciB0byBlbmFibGUgYnJv YWRseS1pbmZvcm1lZCByZXZpZXcgb2YgcmVnaXN0cmF0aW9uIGRlY2lzaW9ucy4KCUluIGNhc2Vz IHdoZXJlIGEgcmVnaXN0cmF0aW9uIGRlY2lzaW9uIGNvdWxkIGJlIHBlcmNlaXZlZCBhcwoJY3Jl YXRpbmcgYSBjb25mbGljdCBvZiBpbnRlcmVzdCBmb3IgYSBwYXJ0aWN1bGFyIEV4cGVydCwKCXRo YXQgRXhwZXJ0IHNob3VsZCBkZWZlciB0byB0aGUganVkZ21lbnQgb2YgdGhlIG90aGVyIEV4cGVy dHMuCiAgICAgIDwvdD4KCiAgICAgIDxzZWN0aW9uIHRpdGxlPSJPQXV0aCBBdXRob3JpemF0aW9u IFNlcnZlciBNZXRhZGF0YSBSZWdpc3RyeSIgYW5jaG9yPSJBU01ldGFkYXRhUmVnIj4KCTx0PgoJ ICBUaGlzIHNwZWNpZmljYXRpb24gZXN0YWJsaXNoZXMgdGhlCgkgIElBTkEgIk9BdXRoIEF1dGhv cml6YXRpb24gU2VydmVyIE1ldGFkYXRhIiByZWdpc3RyeQoJICBmb3IgT0F1dGggMi4wIGF1dGhv cml6YXRpb24gc2VydmVyIG1ldGFkYXRhIG5hbWVzLgoJICBUaGUgcmVnaXN0cnkgcmVjb3JkcyB0 aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgbWV0YWRhdGEgbWVtYmVyCgkgIGFuZCBhIHJlZmVyZW5j ZSB0byB0aGUgc3BlY2lmaWNhdGlvbiB0aGF0IGRlZmluZXMgaXQuCgk8L3Q+Cgk8dD4KCSAgVGhl IERlc2lnbmF0ZWQgRXhwZXJ0cyBtdXN0IGVpdGhlcjoKCTwvdD4KCTx0PiAgICAgIAoJICAoYSkg cmVxdWlyZSB0aGF0IG1ldGFkYXRhIG5hbWVzIGFuZCB2YWx1ZXMgYmVpbmcgcmVnaXN0ZXJlZCB1 c2Ugb25seQoJICBwcmludGFibGUgQVNDSUkgY2hhcmFjdGVycyBleGNsdWRpbmcgZG91YmxlIHF1 b3RlICgnIicpIGFuZCBiYWNrc2xhc2ggKCdcJykKCSAgKHRoZSBVbmljb2RlIGNoYXJhY3RlcnMg d2l0aCBjb2RlIHBvaW50cyBVKzAwMjEsIFUrMDAyMyB0aHJvdWdoIFUrMDA1QiwgYW5kCgkgIFUr MDA1RCB0aHJvdWdoIFUrMDA3RSksIG9yCgk8L3Q+Cgk8dD4KCSAgKGIpIGlmIG5ldyBtZXRhZGF0 YSBtZW1iZXJzIG9yIHZhbHVlcyBhcmUgZGVmaW5lZCB0aGF0CgkgIHVzZSBvdGhlciBjb2RlIHBv aW50cywgcmVxdWlyZSB0aGF0IHRoZWlyIGRlZmluaXRpb25zIHNwZWNpZnkgdGhlIGV4YWN0Cgkg IFVuaWNvZGUgY29kZSBwb2ludCBzZXF1ZW5jZXMgdXNlZCB0byByZXByZXNlbnQgdGhlbS4KCSAg RnVydGhlcm1vcmUsIHByb3Bvc2VkIHJlZ2lzdHJhdGlvbnMgdGhhdCB1c2UgVW5pY29kZSBjb2Rl IHBvaW50cyB0aGF0IGNhbiBvbmx5CgkgIGJlIHJlcHJlc2VudGVkIGluIEpTT04gc3RyaW5ncyBh cyBlc2NhcGVkIGNoYXJhY3RlcnMgbXVzdCBub3QgYmUgYWNjZXB0ZWQuCgk8L3Q+CgogICAgICAg IDxzZWN0aW9uIHRpdGxlPSJSZWdpc3RyYXRpb24gVGVtcGxhdGUiIGFuY2hvcj0iQVNNZXRhZGF0 YVRlbXBsYXRlIj4KICAgICAgICAgIDx0PgogICAgICAgICAgICA8bGlzdCBzdHlsZT0naGFuZ2lu Zyc+CiAgICAgICAgICAgICAgPHQgaGFuZ1RleHQ9J01ldGFkYXRhIE5hbWU6Jz4KICAgICAgICAg ICAgICAgIDx2c3BhY2UvPgogICAgICAgICAgICAgICAgVGhlIG5hbWUgcmVxdWVzdGVkIChlLmcu LCAiaXNzdWVyIikuCgkJVGhpcyBuYW1lIGlzIGNhc2Utc2Vuc2l0aXZlLgoJCU5hbWVzIG1heSBu b3QgbWF0Y2ggb3RoZXIgcmVnaXN0ZXJlZCBuYW1lcyBpbiBhIGNhc2UtaW5zZW5zaXRpdmUgbWFu bmVyCgkJdW5sZXNzIHRoZSBEZXNpZ25hdGVkIEV4cGVydHMgc3RhdGUgdGhhdCB0aGVyZSBpcyBh IGNvbXBlbGxpbmcgcmVhc29uCgkJdG8gYWxsb3cgYW4gZXhjZXB0aW9uLgoJICAgICAgPC90Pgog ICAgICAgICAgICAgIDx0IGhhbmdUZXh0PSdNZXRhZGF0YSBEZXNjcmlwdGlvbjonPgogICAgICAg ICAgICAgICAgPHZzcGFjZS8+CiAgICAgICAgICAgICAgICBCcmllZiBkZXNjcmlwdGlvbiBvZiB0 aGUgbWV0YWRhdGEgKGUuZy4sICJJc3N1ZXIgaWRlbnRpZmllciBVUkwiKS4KICAgICAgICAgICAg ICA8L3Q+CiAgICAgICAgICAgICAgPHQgaGFuZ1RleHQ9J0NoYW5nZSBDb250cm9sbGVyOic+CiAg ICAgICAgICAgICAgICA8dnNwYWNlLz4KICAgICAgICAgICAgICAgIEZvciBTdGFuZGFyZHMgVHJh Y2sgUkZDcywgbGlzdCB0aGUgIklFU0ciLgoJCUZvciBvdGhlcnMsIGdpdmUgdGhlIG5hbWUgb2Yg dGhlIHJlc3BvbnNpYmxlIHBhcnR5LgoJCU90aGVyIGRldGFpbHMgKGUuZy4sIHBvc3RhbCBhZGRy ZXNzLCBlbWFpbCBhZGRyZXNzLCBob21lIHBhZ2UgVVJJKSBtYXkgYWxzbyBiZSBpbmNsdWRlZC4K ICAgICAgICAgICAgICA8L3Q+CiAgICAgICAgICAgICAgPHQgaGFuZ1RleHQ9J1NwZWNpZmljYXRp b24gRG9jdW1lbnQocyk6Jz4KICAgICAgICAgICAgICAgIDx2c3BhY2UvPgogICAgICAgICAgICAg ICAgUmVmZXJlbmNlIHRvIHRoZSBkb2N1bWVudCBvciBkb2N1bWVudHMgdGhhdCBzcGVjaWZ5IHRo ZSBwYXJhbWV0ZXIsCgkJcHJlZmVyYWJseSBpbmNsdWRpbmcgVVJJcyB0aGF0CiAgICAgICAgICAg ICAgICBjYW4gYmUgdXNlZCB0byByZXRyaWV2ZSBjb3BpZXMgb2YgdGhlIGRvY3VtZW50cy4KCQlB biBpbmRpY2F0aW9uIG9mIHRoZSByZWxldmFudAogICAgICAgICAgICAgICAgc2VjdGlvbnMgbWF5 IGFsc28gYmUgaW5jbHVkZWQgYnV0IGlzIG5vdCByZXF1aXJlZC4KICAgICAgICAgICAgICA8L3Q+ CiAgICAgICAgICAgIDwvbGlzdD4KICAgICAgICAgIDwvdD4KICAgICAgICA8L3NlY3Rpb24+Cgog ICAgICAgIDxzZWN0aW9uIHRpdGxlPSJJbml0aWFsIFJlZ2lzdHJ5IENvbnRlbnRzIiBhbmNob3I9 IkFTTWV0YWRhdGFDb250ZW50cyI+CiAgICAgICAgICA8dD4gPD9yZmMgc3ViY29tcGFjdD0ieWVz Ij8+CiAgICAgICAgICAgIDxsaXN0IHN0eWxlPSdzeW1ib2xzJz4KICAgICAgICAgICAgICA8dD4K ICAgICAgICAgICAgICAgIE1ldGFkYXRhIE5hbWU6IDxzcGFueCBzdHlsZT0idmVyYiI+aXNzdWVy PC9zcGFueD4KICAgICAgICAgICAgICA8L3Q+CiAgICAgICAgICAgICAgPHQ+CiAgICAgICAgICAg ICAgICBNZXRhZGF0YSBEZXNjcmlwdGlvbjoKCQlBdXRob3JpemF0aW9uIHNlcnZlcidzIGlzc3Vl ciBpZGVudGlmaWVyIFVSTAogICAgICAgICAgICAgIDwvdD4KICAgICAgICAgICAgICA8dD4KICAg ICAgICAgICAgICAgIENoYW5nZSBDb250cm9sbGVyOiBJRVNHCiAgICAgICAgICAgICAgPC90Pgog ICAgICAgICAgICAgIDx0PgogICAgICAgICAgICAgICAgU3BlY2lmaWNhdGlvbiBEb2N1bWVudChz KTogPHhyZWYgdGFyZ2V0PSJBU01ldGFkYXRhIi8+IG9mIFtbIHRoaXMgc3BlY2lmaWNhdGlvbiBd XQogICAgICAgICAgICAgIDwvdD4KICAgICAgICAgICAgPC9saXN0PgogICAgICAgICAgPC90Pgog ICAgICAgICAgPHQ+CiAgICAgICAgICAgIDxsaXN0IHN0eWxlPSdzeW1ib2xzJz4KICAgICAgICAg ICAgICA8dD4KICAgICAgICAgICAgICAgIE1ldGFkYXRhIE5hbWU6IDxzcGFueCBzdHlsZT0idmVy YiI+YXV0aG9yaXphdGlvbl9lbmRwb2ludDwvc3Bhbng+CiAgICAgICAgICAgICAgPC90PgogICAg ICAgICAgICAgIDx0PgogICAgICAgICAgICAgICAgTWV0YWRhdGEgRGVzY3JpcHRpb246CgkJVVJM IG9mIHRoZSBhdXRob3JpemF0aW9uIHNlcnZlcidzIGF1dGhvcml6YXRpb24gZW5kcG9pbnQKICAg ICAgICAgICAgICA8L3Q+CiAgICAgICAgICAgICAgPHQ+CiAgICAgICAgICAgICAgICBDaGFuZ2Ug Q29udHJvbGxlcjogSUVTRwogICAgICAgICAgICAgIDwvdD4KICAgICAgICAgICAgICA8dD4KICAg ICAgICAgICAgICAgIFNwZWNpZmljYXRpb24gRG9jdW1lbnQocyk6IDx4cmVmIHRhcmdldD0iQVNN ZXRhZGF0YSIvPiBvZiBbWyB0aGlzIHNwZWNpZmljYXRpb24gXV0KICAgICAgICAgICAgICA8L3Q+ CiAgICAgICAgICAgIDwvbGlzdD4KICAgICAgICAgIDwvdD4KICAgICAgICAgIDx0PgogICAgICAg ICAgICA8bGlzdCBzdHlsZT0nc3ltYm9scyc+CiAgICAgICAgICAgICAgPHQ+CiAgICAgICAgICAg ICAgICBNZXRhZGF0YSBOYW1lOiA8c3Bhbnggc3R5bGU9InZlcmIiPnRva2VuX2VuZHBvaW50PC9z cGFueD4KICAgICAgICAgICAgICA8L3Q+CiAgICAgICAgICAgICAgPHQ+CiAgICAgICAgICAgICAg ICBNZXRhZGF0YSBEZXNjcmlwdGlvbjoKCQlVUkwgb2YgdGhlIGF1dGhvcml6YXRpb24gc2VydmVy J3MgdG9rZW4gZW5kcG9pbnQKICAgICAgICAgICAgICA8L3Q+CiAgICAgICAgICAgICAgPHQ+CiAg ICAgICAgICAgICAgICBDaGFuZ2UgQ29udHJvbGxlcjogSUVTRwogICAgICAgICAgICAgIDwvdD4K ICAgICAgICAgICAgICA8dD4KICAgICAgICAgICAgICAgIFNwZWNpZmljYXRpb24gRG9jdW1lbnQo cyk6IDx4cmVmIHRhcmdldD0iQVNNZXRhZGF0YSIvPiBvZiBbWyB0aGlzIHNwZWNpZmljYXRpb24g XV0KICAgICAgICAgICAgICA8L3Q+CiAgICAgICAgICAgIDwvbGlzdD4KICAgICAgICAgIDwvdD4K ICAgICAgICAgIDx0PgogICAgICAgICAgICA8bGlzdCBzdHlsZT0nc3ltYm9scyc+CiAgICAgICAg ICAgICAgPHQ+CiAgICAgICAgICAgICAgICBNZXRhZGF0YSBOYW1lOiA8c3Bhbnggc3R5bGU9InZl cmIiPmp3a3NfdXJpPC9zcGFueD4KICAgICAgICAgICAgICA8L3Q+CiAgICAgICAgICAgICAgPHQ+ CiAgICAgICAgICAgICAgICBNZXRhZGF0YSBEZXNjcmlwdGlvbjoKCQlVUkwgb2YgdGhlIGF1dGhv cml6YXRpb24gc2VydmVyJ3MgSldLIFNldCBkb2N1bWVudAogICAgICAgICAgICAgIDwvdD4KICAg ICAgICAgICAgICA8dD4KICAgICAgICAgICAgICAgIENoYW5nZSBDb250cm9sbGVyOiBJRVNHCiAg ICAgICAgICAgICAgPC90PgogICAgICAgICAgICAgIDx0PgogICAgICAgICAgICAgICAgU3BlY2lm aWNhdGlvbiBEb2N1bWVudChzKTogPHhyZWYgdGFyZ2V0PSJBU01ldGFkYXRhIi8+IG9mIFtbIHRo aXMgc3BlY2lmaWNhdGlvbiBdXQogICAgICAgICAgICAgIDwvdD4KICAgICAgICAgICAgPC9saXN0 PgogICAgICAgICAgPC90PgogICAgICAgICAgPHQ+CiAgICAgICAgICAgIDxsaXN0IHN0eWxlPSdz eW1ib2xzJz4KICAgICAgICAgICAgICA8dD4KICAgICAgICAgICAgICAgIE1ldGFkYXRhIE5hbWU6 IDxzcGFueCBzdHlsZT0idmVyYiI+cmVnaXN0cmF0aW9uX2VuZHBvaW50PC9zcGFueD4KICAgICAg ICAgICAgICA8L3Q+CiAgICAgICAgICAgICAgPHQ+CiAgICAgICAgICAgICAgICBNZXRhZGF0YSBE ZXNjcmlwdGlvbjoKCQlVUkwgb2YgdGhlIGF1dGhvcml6YXRpb24gc2VydmVyJ3MgT0F1dGggMi4w IER5bmFtaWMgQ2xpZW50IFJlZ2lzdHJhdGlvbiBFbmRwb2ludAogICAgICAgICAgICAgIDwvdD4K ICAgICAgICAgICAgICA8dD4KICAgICAgICAgICAgICAgIENoYW5nZSBDb250cm9sbGVyOiBJRVNH CiAgICAgICAgICAgICAgPC90PgogICAgICAgICAgICAgIDx0PgogICAgICAgICAgICAgICAgU3Bl Y2lmaWNhdGlvbiBEb2N1bWVudChzKTogPHhyZWYgdGFyZ2V0PSJBU01ldGFkYXRhIi8+IG9mIFtb IHRoaXMgc3BlY2lmaWNhdGlvbiBdXQogICAgICAgICAgICAgIDwvdD4KICAgICAgICAgICAgPC9s aXN0PgogICAgICAgICAgPC90PgogICAgICAgICAgPHQ+CiAgICAgICAgICAgIDxsaXN0IHN0eWxl PSdzeW1ib2xzJz4KICAgICAgICAgICAgICA8dD4KICAgICAgICAgICAgICAgIE1ldGFkYXRhIE5h bWU6IDxzcGFueCBzdHlsZT0idmVyYiI+c2NvcGVzX3N1cHBvcnRlZDwvc3Bhbng+CiAgICAgICAg ICAgICAgPC90PgogICAgICAgICAgICAgIDx0PgogICAgICAgICAgICAgICAgTWV0YWRhdGEgRGVz Y3JpcHRpb246CgkJSlNPTiBhcnJheSBjb250YWluaW5nIGEgbGlzdCBvZiB0aGUgT0F1dGggMi4w CgkJPHNwYW54IHN0eWxlPSJ2ZXJiIj5zY29wZTwvc3Bhbng+IHZhbHVlcyB0aGF0IHRoaXMgYXV0 aG9yaXphdGlvbiBzZXJ2ZXIgc3VwcG9ydHMKICAgICAgICAgICAgICA8L3Q+CiAgICAgICAgICAg ICAgPHQ+CiAgICAgICAgICAgICAgICBDaGFuZ2UgQ29udHJvbGxlcjogSUVTRwogICAgICAgICAg ICAgIDwvdD4KICAgICAgICAgICAgICA8dD4KICAgICAgICAgICAgICAgIFNwZWNpZmljYXRpb24g RG9jdW1lbnQocyk6IDx4cmVmIHRhcmdldD0iQVNNZXRhZGF0YSIvPiBvZiBbWyB0aGlzIHNwZWNp ZmljYXRpb24gXV0KICAgICAgICAgICAgICA8L3Q+CiAgICAgICAgICAgIDwvbGlzdD4KICAgICAg ICAgIDwvdD4KICAgICAgICAgIDx0PgogICAgICAgICAgICA8bGlzdCBzdHlsZT0nc3ltYm9scyc+ CiAgICAgICAgICAgICAgPHQ+CiAgICAgICAgICAgICAgICBNZXRhZGF0YSBOYW1lOiA8c3Bhbngg c3R5bGU9InZlcmIiPnJlc3BvbnNlX3R5cGVzX3N1cHBvcnRlZDwvc3Bhbng+CiAgICAgICAgICAg ICAgPC90PgogICAgICAgICAgICAgIDx0PgogICAgICAgICAgICAgICAgTWV0YWRhdGEgRGVzY3Jp cHRpb246CgkJSlNPTiBhcnJheSBjb250YWluaW5nIGEgbGlzdCBvZiB0aGUgT0F1dGggMi4wCgkJ PHNwYW54IHN0eWxlPSJ2ZXJiIj5yZXNwb25zZV90eXBlPC9zcGFueD4gdmFsdWVzIHRoYXQgdGhp cwoJCWF1dGhvcml6YXRpb24gc2VydmVyIHN1cHBvcnRzCiAgICAgICAgICAgICAgPC90PgogICAg ICAgICAgICAgIDx0PgogICAgICAgICAgICAgICAgQ2hhbmdlIENvbnRyb2xsZXI6IElFU0cKICAg ICAgICAgICAgICA8L3Q+CiAgICAgICAgICAgICAgPHQ+CiAgICAgICAgICAgICAgICBTcGVjaWZp Y2F0aW9uIERvY3VtZW50KHMpOiA8eHJlZiB0YXJnZXQ9IkFTTWV0YWRhdGEiLz4gb2YgW1sgdGhp cyBzcGVjaWZpY2F0aW9uIF1dCiAgICAgICAgICAgICAgPC90PgogICAgICAgICAgICA8L2xpc3Q+ CiAgICAgICAgICA8L3Q+CiAgICAgICAgICA8dD4KICAgICAgICAgICAgPGxpc3Qgc3R5bGU9J3N5 bWJvbHMnPgogICAgICAgICAgICAgIDx0PgogICAgICAgICAgICAgICAgTWV0YWRhdGEgTmFtZTog PHNwYW54IHN0eWxlPSJ2ZXJiIj5yZXNwb25zZV9tb2Rlc19zdXBwb3J0ZWQ8L3NwYW54PgogICAg ICAgICAgICAgIDwvdD4KICAgICAgICAgICAgICA8dD4KICAgICAgICAgICAgICAgIE1ldGFkYXRh IERlc2NyaXB0aW9uOgoJCUpTT04gYXJyYXkgY29udGFpbmluZyBhIGxpc3Qgb2YgdGhlIE9BdXRo IDIuMAoJCTxzcGFueCBzdHlsZT0idmVyYiI+cmVzcG9uc2VfbW9kZTwvc3Bhbng+IHZhbHVlcyB0 aGF0IHRoaXMKCQlhdXRob3JpemF0aW9uIHNlcnZlciBzdXBwb3J0cwogICAgICAgICAgICAgIDwv dD4KICAgICAgICAgICAgICA8dD4KICAgICAgICAgICAgICAgIENoYW5nZSBDb250cm9sbGVyOiBJ RVNHCiAgICAgICAgICAgICAgPC90PgogICAgICAgICAgICAgIDx0PgogICAgICAgICAgICAgICAg U3BlY2lmaWNhdGlvbiBEb2N1bWVudChzKTogPHhyZWYgdGFyZ2V0PSJBU01ldGFkYXRhIi8+IG9m IFtbIHRoaXMgc3BlY2lmaWNhdGlvbiBdXQogICAgICAgICAgICAgIDwvdD4KICAgICAgICAgICAg PC9saXN0PgogICAgICAgICAgPC90PgogICAgICAgICAgPHQ+CiAgICAgICAgICAgIDxsaXN0IHN0 eWxlPSdzeW1ib2xzJz4KICAgICAgICAgICAgICA8dD4KICAgICAgICAgICAgICAgIE1ldGFkYXRh IE5hbWU6IDxzcGFueCBzdHlsZT0idmVyYiI+Z3JhbnRfdHlwZXNfc3VwcG9ydGVkPC9zcGFueD4K ICAgICAgICAgICAgICA8L3Q+CiAgICAgICAgICAgICAgPHQ+CiAgICAgICAgICAgICAgICBNZXRh ZGF0YSBEZXNjcmlwdGlvbjoKCQlKU09OIGFycmF5IGNvbnRhaW5pbmcgYSBsaXN0IG9mIHRoZSBP QXV0aCAyLjAKCQlncmFudCB0eXBlIHZhbHVlcyB0aGF0IHRoaXMKCQlhdXRob3JpemF0aW9uIHNl cnZlciBzdXBwb3J0cwogICAgICAgICAgICAgIDwvdD4KICAgICAgICAgICAgICA8dD4KICAgICAg ICAgICAgICAgIENoYW5nZSBDb250cm9sbGVyOiBJRVNHCiAgICAgICAgICAgICAgPC90PgogICAg ICAgICAgICAgIDx0PgogICAgICAgICAgICAgICAgU3BlY2lmaWNhdGlvbiBEb2N1bWVudChzKTog PHhyZWYgdGFyZ2V0PSJBU01ldGFkYXRhIi8+IG9mIFtbIHRoaXMgc3BlY2lmaWNhdGlvbiBdXQog ICAgICAgICAgICAgIDwvdD4KICAgICAgICAgICAgPC9saXN0PgogICAgICAgICAgPC90PgogICAg ICAgICAgPHQ+CiAgICAgICAgICAgIDxsaXN0IHN0eWxlPSdzeW1ib2xzJz4KICAgICAgICAgICAg ICA8dD4KICAgICAgICAgICAgICAgIE1ldGFkYXRhIE5hbWU6IDxzcGFueCBzdHlsZT0idmVyYiI+ dG9rZW5fZW5kcG9pbnRfYXV0aF9tZXRob2RzX3N1cHBvcnRlZDwvc3Bhbng+CiAgICAgICAgICAg ICAgPC90PgogICAgICAgICAgICAgIDx0PgogICAgICAgICAgICAgICAgTWV0YWRhdGEgRGVzY3Jp cHRpb246CgkJSlNPTiBhcnJheSBjb250YWluaW5nIGEgbGlzdCBvZiBjbGllbnQgYXV0aGVudGlj YXRpb24gbWV0aG9kcwoJCXN1cHBvcnRlZCBieSB0aGlzIHRva2VuIGVuZHBvaW50CiAgICAgICAg ICAgICAgPC90PgogICAgICAgICAgICAgIDx0PgogICAgICAgICAgICAgICAgQ2hhbmdlIENvbnRy b2xsZXI6IElFU0cKICAgICAgICAgICAgICA8L3Q+CiAgICAgICAgICAgICAgPHQ+CiAgICAgICAg ICAgICAgICBTcGVjaWZpY2F0aW9uIERvY3VtZW50KHMpOiA8eHJlZiB0YXJnZXQ9IkFTTWV0YWRh dGEiLz4gb2YgW1sgdGhpcyBzcGVjaWZpY2F0aW9uIF1dCiAgICAgICAgICAgICAgPC90PgogICAg ICAgICAgICA8L2xpc3Q+CiAgICAgICAgICA8L3Q+CiAgICAgICAgICA8dD4KICAgICAgICAgICAg PGxpc3Qgc3R5bGU9J3N5bWJvbHMnPgogICAgICAgICAgICAgIDx0PgogICAgICAgICAgICAgICAg TWV0YWRhdGEgTmFtZTogPHNwYW54IHN0eWxlPSJ2ZXJiIj50b2tlbl9lbmRwb2ludF9hdXRoX3Np Z25pbmdfYWxnX3ZhbHVlc19zdXBwb3J0ZWQ8L3NwYW54PgogICAgICAgICAgICAgIDwvdD4KICAg ICAgICAgICAgICA8dD4KICAgICAgICAgICAgICAgIE1ldGFkYXRhIERlc2NyaXB0aW9uOgoJCUpT T04gYXJyYXkgY29udGFpbmluZyBhIGxpc3Qgb2YgdGhlIEpXUyBzaWduaW5nIGFsZ29yaXRobXMK CQlzdXBwb3J0ZWQgYnkgdGhlIHRva2VuIGVuZHBvaW50IGZvciB0aGUgc2lnbmF0dXJlIG9uCgkJ dGhlIEpXVCB1c2VkIHRvIGF1dGhlbnRpY2F0ZSB0aGUgY2xpZW50CgkJYXQgdGhlIHRva2VuIGVu ZHBvaW50CiAgICAgICAgICAgICAgPC90PgogICAgICAgICAgICAgIDx0PgogICAgICAgICAgICAg ICAgQ2hhbmdlIENvbnRyb2xsZXI6IElFU0cKICAgICAgICAgICAgICA8L3Q+CiAgICAgICAgICAg ICAgPHQ+CiAgICAgICAgICAgICAgICBTcGVjaWZpY2F0aW9uIERvY3VtZW50KHMpOiA8eHJlZiB0 YXJnZXQ9IkFTTWV0YWRhdGEiLz4gb2YgW1sgdGhpcyBzcGVjaWZpY2F0aW9uIF1dCiAgICAgICAg ICAgICAgPC90PgogICAgICAgICAgICA8L2xpc3Q+CiAgICAgICAgICA8L3Q+CiAgICAgICAgICA8 dD4KICAgICAgICAgICAgPGxpc3Qgc3R5bGU9J3N5bWJvbHMnPgogICAgICAgICAgICAgIDx0Pgog ICAgICAgICAgICAgICAgTWV0YWRhdGEgTmFtZTogPHNwYW54IHN0eWxlPSJ2ZXJiIj5zZXJ2aWNl X2RvY3VtZW50YXRpb248L3NwYW54PgogICAgICAgICAgICAgIDwvdD4KICAgICAgICAgICAgICA8 dD4KICAgICAgICAgICAgICAgIE1ldGFkYXRhIERlc2NyaXB0aW9uOgoJCVVSTCBvZiBhIHBhZ2Ug Y29udGFpbmluZyBodW1hbi1yZWFkYWJsZSBpbmZvcm1hdGlvbiB0aGF0CgkJZGV2ZWxvcGVycyBt aWdodCB3YW50IG9yIG5lZWQgdG8ga25vdyB3aGVuIHVzaW5nIHRoZSBhdXRob3JpemF0aW9uIHNl cnZlcgogICAgICAgICAgICAgIDwvdD4KICAgICAgICAgICAgICA8dD4KICAgICAgICAgICAgICAg IENoYW5nZSBDb250cm9sbGVyOiBJRVNHCiAgICAgICAgICAgICAgPC90PgogICAgICAgICAgICAg IDx0PgogICAgICAgICAgICAgICAgU3BlY2lmaWNhdGlvbiBEb2N1bWVudChzKTogPHhyZWYgdGFy Z2V0PSJBU01ldGFkYXRhIi8+IG9mIFtbIHRoaXMgc3BlY2lmaWNhdGlvbiBdXQogICAgICAgICAg ICAgIDwvdD4KICAgICAgICAgICAgPC9saXN0PgogICAgICAgICAgPC90PgogICAgICAgICAgPHQ+ CiAgICAgICAgICAgIDxsaXN0IHN0eWxlPSdzeW1ib2xzJz4KICAgICAgICAgICAgICA8dD4KICAg ICAgICAgICAgICAgIE1ldGFkYXRhIE5hbWU6IDxzcGFueCBzdHlsZT0idmVyYiI+dWlfbG9jYWxl c19zdXBwb3J0ZWQ8L3NwYW54PgogICAgICAgICAgICAgIDwvdD4KICAgICAgICAgICAgICA8dD4K ICAgICAgICAgICAgICAgIE1ldGFkYXRhIERlc2NyaXB0aW9uOgoJCUxhbmd1YWdlcyBhbmQgc2Ny aXB0cyBzdXBwb3J0ZWQgZm9yIHRoZSB1c2VyIGludGVyZmFjZSwKCQlyZXByZXNlbnRlZCBhcyBh IEpTT04gYXJyYXkgb2YKCQlCQ1A0NyBsYW5ndWFnZSB0YWcgdmFsdWVzCiAgICAgICAgICAgICAg PC90PgogICAgICAgICAgICAgIDx0PgogICAgICAgICAgICAgICAgQ2hhbmdlIENvbnRyb2xsZXI6 IElFU0cKICAgICAgICAgICAgICA8L3Q+CiAgICAgICAgICAgICAgPHQ+CiAgICAgICAgICAgICAg ICBTcGVjaWZpY2F0aW9uIERvY3VtZW50KHMpOiA8eHJlZiB0YXJnZXQ9IkFTTWV0YWRhdGEiLz4g b2YgW1sgdGhpcyBzcGVjaWZpY2F0aW9uIF1dCiAgICAgICAgICAgICAgPC90PgogICAgICAgICAg ICA8L2xpc3Q+CiAgICAgICAgICA8L3Q+CiAgICAgICAgICA8dD4KICAgICAgICAgICAgPGxpc3Qg c3R5bGU9J3N5bWJvbHMnPgogICAgICAgICAgICAgIDx0PgogICAgICAgICAgICAgICAgTWV0YWRh dGEgTmFtZTogPHNwYW54IHN0eWxlPSJ2ZXJiIj5vcF9wb2xpY3lfdXJpPC9zcGFueD4KICAgICAg ICAgICAgICA8L3Q+CiAgICAgICAgICAgICAgPHQ+CiAgICAgICAgICAgICAgICBNZXRhZGF0YSBE ZXNjcmlwdGlvbjoKCQlVUkwgdGhhdCB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgcHJvdmlkZXMg dG8gdGhlIHBlcnNvbiByZWdpc3RlcmluZwoJCXRoZSBjbGllbnQgdG8gcmVhZCBhYm91dCB0aGUg YXV0aG9yaXphdGlvbiBzZXJ2ZXIncyByZXF1aXJlbWVudHMgb24gaG93CgkJdGhlIGNsaWVudCBj YW4gdXNlIHRoZSBkYXRhIHByb3ZpZGVkIGJ5IHRoZSBhdXRob3JpemF0aW9uIHNlcnZlcgogICAg ICAgICAgICAgIDwvdD4KICAgICAgICAgICAgICA8dD4KICAgICAgICAgICAgICAgIENoYW5nZSBD b250cm9sbGVyOiBJRVNHCiAgICAgICAgICAgICAgPC90PgogICAgICAgICAgICAgIDx0PgogICAg ICAgICAgICAgICAgU3BlY2lmaWNhdGlvbiBEb2N1bWVudChzKTogPHhyZWYgdGFyZ2V0PSJBU01l dGFkYXRhIi8+IG9mIFtbIHRoaXMgc3BlY2lmaWNhdGlvbiBdXQogICAgICAgICAgICAgIDwvdD4K ICAgICAgICAgICAgPC9saXN0PgogICAgICAgICAgPC90PgogICAgICAgICAgPHQ+CiAgICAgICAg ICAgIDxsaXN0IHN0eWxlPSdzeW1ib2xzJz4KICAgICAgICAgICAgICA8dD4KICAgICAgICAgICAg ICAgIE1ldGFkYXRhIE5hbWU6IDxzcGFueCBzdHlsZT0idmVyYiI+b3BfdG9zX3VyaTwvc3Bhbng+ CiAgICAgICAgICAgICAgPC90PgogICAgICAgICAgICAgIDx0PgogICAgICAgICAgICAgICAgTWV0 YWRhdGEgRGVzY3JpcHRpb246CgkJVVJMIHRoYXQgdGhlIGF1dGhvcml6YXRpb24gc2VydmVyIHBy b3ZpZGVzIHRvIHRoZSBwZXJzb24gcmVnaXN0ZXJpbmcKCQl0aGUgY2xpZW50IHRvIHJlYWQgYWJv dXQgdGhlIGF1dGhvcml6YXRpb24gc2VydmVyJ3MgdGVybXMgb2Ygc2VydmljZQogICAgICAgICAg ICAgIDwvdD4KICAgICAgICAgICAgICA8dD4KICAgICAgICAgICAgICAgIENoYW5nZSBDb250cm9s bGVyOiBJRVNHCiAgICAgICAgICAgICAgPC90PgogICAgICAgICAgICAgIDx0PgogICAgICAgICAg ICAgICAgU3BlY2lmaWNhdGlvbiBEb2N1bWVudChzKTogPHhyZWYgdGFyZ2V0PSJBU01ldGFkYXRh Ii8+IG9mIFtbIHRoaXMgc3BlY2lmaWNhdGlvbiBdXQogICAgICAgICAgICAgIDwvdD4KICAgICAg ICAgICAgPC9saXN0PgogICAgICAgICAgPC90PgogICAgICAgICAgPHQ+CiAgICAgICAgICAgIDxs aXN0IHN0eWxlPSdzeW1ib2xzJz4KICAgICAgICAgICAgICA8dD4KICAgICAgICAgICAgICAgIE1l dGFkYXRhIE5hbWU6IDxzcGFueCBzdHlsZT0idmVyYiI+cmV2b2NhdGlvbl9lbmRwb2ludDwvc3Bh bng+CiAgICAgICAgICAgICAgPC90PgogICAgICAgICAgICAgIDx0PgogICAgICAgICAgICAgICAg TWV0YWRhdGEgRGVzY3JpcHRpb246CgkJVVJMIG9mIHRoZSBhdXRob3JpemF0aW9uIHNlcnZlcidz IE9BdXRoIDIuMCByZXZvY2F0aW9uIGVuZHBvaW50CiAgICAgICAgICAgICAgPC90PgogICAgICAg ICAgICAgIDx0PgogICAgICAgICAgICAgICAgQ2hhbmdlIENvbnRyb2xsZXI6IElFU0cKICAgICAg ICAgICAgICA8L3Q+CiAgICAgICAgICAgICAgPHQ+CiAgICAgICAgICAgICAgICBTcGVjaWZpY2F0 aW9uIERvY3VtZW50KHMpOiA8eHJlZiB0YXJnZXQ9IkFTTWV0YWRhdGEiLz4gb2YgW1sgdGhpcyBz cGVjaWZpY2F0aW9uIF1dCiAgICAgICAgICAgICAgPC90PgogICAgICAgICAgICA8L2xpc3Q+CiAg ICAgICAgICA8L3Q+CiAgICAgICAgICA8dD4KICAgICAgICAgICAgPGxpc3Qgc3R5bGU9J3N5bWJv bHMnPgogICAgICAgICAgICAgIDx0PgogICAgICAgICAgICAgICAgTWV0YWRhdGEgTmFtZTogPHNw YW54IHN0eWxlPSJ2ZXJiIj5yZXZvY2F0aW9uX2VuZHBvaW50X2F1dGhfbWV0aG9kc19zdXBwb3J0 ZWQ8L3NwYW54PgogICAgICAgICAgICAgIDwvdD4KICAgICAgICAgICAgICA8dD4KICAgICAgICAg ICAgICAgIE1ldGFkYXRhIERlc2NyaXB0aW9uOgoJCUpTT04gYXJyYXkgY29udGFpbmluZyBhIGxp c3Qgb2YgY2xpZW50IGF1dGhlbnRpY2F0aW9uIG1ldGhvZHMKCQlzdXBwb3J0ZWQgYnkgdGhpcyBy ZXZvY2F0aW9uIGVuZHBvaW50CiAgICAgICAgICAgICAgPC90PgogICAgICAgICAgICAgIDx0Pgog ICAgICAgICAgICAgICAgQ2hhbmdlIENvbnRyb2xsZXI6IElFU0cKICAgICAgICAgICAgICA8L3Q+ CiAgICAgICAgICAgICAgPHQ+CiAgICAgICAgICAgICAgICBTcGVjaWZpY2F0aW9uIERvY3VtZW50 KHMpOiA8eHJlZiB0YXJnZXQ9IkFTTWV0YWRhdGEiLz4gb2YgW1sgdGhpcyBzcGVjaWZpY2F0aW9u IF1dCiAgICAgICAgICAgICAgPC90PgogICAgICAgICAgICA8L2xpc3Q+CiAgICAgICAgICA8L3Q+ CiAgICAgICAgICA8dD4KICAgICAgICAgICAgPGxpc3Qgc3R5bGU9J3N5bWJvbHMnPgogICAgICAg ICAgICAgIDx0PgogICAgICAgICAgICAgICAgTWV0YWRhdGEgTmFtZTogPHNwYW54IHN0eWxlPSJ2 ZXJiIj5yZXZvY2F0aW9uX2VuZHBvaW50X2F1dGhfc2lnbmluZ19hbGdfdmFsdWVzX3N1cHBvcnRl ZDwvc3Bhbng+CiAgICAgICAgICAgICAgPC90PgogICAgICAgICAgICAgIDx0PgogICAgICAgICAg ICAgICAgTWV0YWRhdGEgRGVzY3JpcHRpb246CgkJSlNPTiBhcnJheSBjb250YWluaW5nIGEgbGlz dCBvZiB0aGUgSldTIHNpZ25pbmcgYWxnb3JpdGhtcwoJCXN1cHBvcnRlZCBieSB0aGUgcmV2b2Nh dGlvbiBlbmRwb2ludCBmb3IgdGhlIHNpZ25hdHVyZSBvbgoJCXRoZSBKV1QgdXNlZCB0byBhdXRo ZW50aWNhdGUgdGhlIGNsaWVudAoJCWF0IHRoZSByZXZvY2F0aW9uIGVuZHBvaW50CiAgICAgICAg ICAgICAgPC90PgogICAgICAgICAgICAgIDx0PgogICAgICAgICAgICAgICAgQ2hhbmdlIENvbnRy b2xsZXI6IElFU0cKICAgICAgICAgICAgICA8L3Q+CiAgICAgICAgICAgICAgPHQ+CiAgICAgICAg ICAgICAgICBTcGVjaWZpY2F0aW9uIERvY3VtZW50KHMpOiA8eHJlZiB0YXJnZXQ9IkFTTWV0YWRh dGEiLz4gb2YgW1sgdGhpcyBzcGVjaWZpY2F0aW9uIF1dCiAgICAgICAgICAgICAgPC90PgogICAg ICAgICAgICA8L2xpc3Q+CiAgICAgICAgICA8L3Q+CiAgICAgICAgICA8dD4KICAgICAgICAgICAg PGxpc3Qgc3R5bGU9J3N5bWJvbHMnPgogICAgICAgICAgICAgIDx0PgogICAgICAgICAgICAgICAg TWV0YWRhdGEgTmFtZTogPHNwYW54IHN0eWxlPSJ2ZXJiIj5pbnRyb3NwZWN0aW9uX2VuZHBvaW50 PC9zcGFueD4KICAgICAgICAgICAgICA8L3Q+CiAgICAgICAgICAgICAgPHQ+CiAgICAgICAgICAg ICAgICBNZXRhZGF0YSBEZXNjcmlwdGlvbjoKCQlVUkwgb2YgdGhlIGF1dGhvcml6YXRpb24gc2Vy dmVyJ3MgT0F1dGggMi4wIGludHJvc3BlY3Rpb24gZW5kcG9pbnQKICAgICAgICAgICAgICA8L3Q+ CiAgICAgICAgICAgICAgPHQ+CiAgICAgICAgICAgICAgICBDaGFuZ2UgQ29udHJvbGxlcjogSUVT RwogICAgICAgICAgICAgIDwvdD4KICAgICAgICAgICAgICA8dD4KICAgICAgICAgICAgICAgIFNw ZWNpZmljYXRpb24gRG9jdW1lbnQocyk6IDx4cmVmIHRhcmdldD0iQVNNZXRhZGF0YSIvPiBvZiBb WyB0aGlzIHNwZWNpZmljYXRpb24gXV0KICAgICAgICAgICAgICA8L3Q+CiAgICAgICAgICAgIDwv bGlzdD4KICAgICAgICAgIDwvdD4KICAgICAgICAgIDx0PgogICAgICAgICAgICA8bGlzdCBzdHls ZT0nc3ltYm9scyc+CiAgICAgICAgICAgICAgPHQ+CiAgICAgICAgICAgICAgICBNZXRhZGF0YSBO YW1lOiA8c3Bhbnggc3R5bGU9InZlcmIiPmludHJvc3BlY3Rpb25fZW5kcG9pbnRfYXV0aF9tZXRo b2RzX3N1cHBvcnRlZDwvc3Bhbng+CiAgICAgICAgICAgICAgPC90PgogICAgICAgICAgICAgIDx0 PgogICAgICAgICAgICAgICAgTWV0YWRhdGEgRGVzY3JpcHRpb246CgkJSlNPTiBhcnJheSBjb250 YWluaW5nIGEgbGlzdCBvZiBjbGllbnQgYXV0aGVudGljYXRpb24gbWV0aG9kcwoJCXN1cHBvcnRl ZCBieSB0aGlzIGludHJvc3BlY3Rpb24gZW5kcG9pbnQKICAgICAgICAgICAgICA8L3Q+CiAgICAg ICAgICAgICAgPHQ+CiAgICAgICAgICAgICAgICBDaGFuZ2UgQ29udHJvbGxlcjogSUVTRwogICAg ICAgICAgICAgIDwvdD4KICAgICAgICAgICAgICA8dD4KICAgICAgICAgICAgICAgIFNwZWNpZmlj YXRpb24gRG9jdW1lbnQocyk6IDx4cmVmIHRhcmdldD0iQVNNZXRhZGF0YSIvPiBvZiBbWyB0aGlz IHNwZWNpZmljYXRpb24gXV0KICAgICAgICAgICAgICA8L3Q+CiAgICAgICAgICAgIDwvbGlzdD4K ICAgICAgICAgIDwvdD4KICAgICAgICAgIDx0PgogICAgICAgICAgICA8bGlzdCBzdHlsZT0nc3lt Ym9scyc+CiAgICAgICAgICAgICAgPHQ+CiAgICAgICAgICAgICAgICBNZXRhZGF0YSBOYW1lOiA8 c3Bhbnggc3R5bGU9InZlcmIiPmludHJvc3BlY3Rpb25fZW5kcG9pbnRfYXV0aF9zaWduaW5nX2Fs Z192YWx1ZXNfc3VwcG9ydGVkPC9zcGFueD4KICAgICAgICAgICAgICA8L3Q+CiAgICAgICAgICAg ICAgPHQ+CiAgICAgICAgICAgICAgICBNZXRhZGF0YSBEZXNjcmlwdGlvbjoKCQlKU09OIGFycmF5 IGNvbnRhaW5pbmcgYSBsaXN0IG9mIHRoZSBKV1Mgc2lnbmluZyBhbGdvcml0aG1zCgkJc3VwcG9y dGVkIGJ5IHRoZSBpbnRyb3NwZWN0aW9uIGVuZHBvaW50IGZvciB0aGUgc2lnbmF0dXJlIG9uCgkJ dGhlIEpXVCB1c2VkIHRvIGF1dGhlbnRpY2F0ZSB0aGUgY2xpZW50CgkJYXQgdGhlIGludHJvc3Bl Y3Rpb24gZW5kcG9pbnQKICAgICAgICAgICAgICA8L3Q+CiAgICAgICAgICAgICAgPHQ+CiAgICAg ICAgICAgICAgICBDaGFuZ2UgQ29udHJvbGxlcjogSUVTRwogICAgICAgICAgICAgIDwvdD4KICAg ICAgICAgICAgICA8dD4KICAgICAgICAgICAgICAgIFNwZWNpZmljYXRpb24gRG9jdW1lbnQocyk6 IDx4cmVmIHRhcmdldD0iQVNNZXRhZGF0YSIvPiBvZiBbWyB0aGlzIHNwZWNpZmljYXRpb24gXV0K ICAgICAgICAgICAgICA8L3Q+CiAgICAgICAgICAgIDwvbGlzdD4KICAgICAgICAgIDwvdD4KICAg ICAgICAgIDx0PgogICAgICAgICAgICA8bGlzdCBzdHlsZT0nc3ltYm9scyc+CiAgICAgICAgICAg ICAgPHQ+CiAgICAgICAgICAgICAgICBNZXRhZGF0YSBOYW1lOiA8c3Bhbnggc3R5bGU9InZlcmIi PmNvZGVfY2hhbGxlbmdlX21ldGhvZHNfc3VwcG9ydGVkPC9zcGFueD4KICAgICAgICAgICAgICA8 L3Q+CiAgICAgICAgICAgICAgPHQ+CiAgICAgICAgICAgICAgICBNZXRhZGF0YSBEZXNjcmlwdGlv bjoKCQlQS0NFIGNvZGUgY2hhbGxlbmdlIG1ldGhvZHMgc3VwcG9ydGVkIGJ5IHRoaXMgYXV0aG9y aXphdGlvbiBzZXJ2ZXIKICAgICAgICAgICAgICA8L3Q+CiAgICAgICAgICAgICAgPHQ+CiAgICAg ICAgICAgICAgICBDaGFuZ2UgQ29udHJvbGxlcjogSUVTRwogICAgICAgICAgICAgIDwvdD4KICAg ICAgICAgICAgICA8dD4KICAgICAgICAgICAgICAgIFNwZWNpZmljYXRpb24gRG9jdW1lbnQocyk6 IDx4cmVmIHRhcmdldD0iQVNNZXRhZGF0YSIvPiBvZiBbWyB0aGlzIHNwZWNpZmljYXRpb24gXV0K ICAgICAgICAgICAgICA8L3Q+CiAgICAgICAgICAgIDwvbGlzdD4KICAgICAgICAgIDwvdD4KCTwv c2VjdGlvbj4KCTw/cmZjIHN1YmNvbXBhY3Q9Im5vIj8+CiAgICAgIDwvc2VjdGlvbj4KCiAgICAg IDxzZWN0aW9uIGFuY2hvcj0iVXBkYXRlZEluc3RydWN0aW9ucyIgdGl0bGU9IlVwZGF0ZWQgUmVn aXN0cmF0aW9uIEluc3RydWN0aW9ucyI+Cgk8dD4KCSAgVGhpcyBzcGVjaWZpY2F0aW9uIGFkZHMg dG8gdGhlIGluc3RydWN0aW9ucyBmb3IgdGhlIERlc2lnbmF0ZWQgRXhwZXJ0cwoJICBvZiB0aGUg Zm9sbG93aW5nIElBTkEgcmVnaXN0cmllcywgYm90aCBvZiB3aGljaCBhcmUgaW4gdGhlCgkgICJP QXV0aCBQYXJhbWV0ZXJzIiByZWdpc3RyeQoJICA8eHJlZiB0YXJnZXQ9IklBTkEuT0F1dGguUGFy YW1ldGVycyIvPjoKCSAgPD9yZmMgc3ViY29tcGFjdD0ieWVzIj8+CgkgIDxsaXN0IHN0eWxlPSJz eW1ib2xzIj4KCSAgICA8dD4KCSAgICAgIE9BdXRoIEFjY2VzcyBUb2tlbiBUeXBlcwoJICAgIDwv dD4KCSAgICA8dD4KCSAgICAgIE9BdXRoIFRva2VuIEVuZHBvaW50IEF1dGhlbnRpY2F0aW9uIE1l dGhvZHMKCSAgICA8L3Q+CgkgIDwvbGlzdD4KCSAgPD9yZmMgc3ViY29tcGFjdD0ibm8iPz4KCTwv dD4KCTx0PgoJICBJQU5BIGhhcyBhZGRlZCBhIGxpbmsgdG8gdGhpcyBzcGVjaWZpY2F0aW9uIGlu IHRoZSBSZWZlcmVuY2Ugc2VjdGlvbnMKCSAgb2YgdGhlc2UgcmVnaXN0cmllcy4KCSAgW1sgUkZD IEVkaXRvcjogIFRoZSBhYm92ZSBzZW50ZW5jZSBpcyB3cml0dGVuIGluIHRoZSBwYXN0IHRlbnNl CgkgIGFzIGl0IHdvdWxkIGFwcGVhciBpbiB0aGUgZmluYWwgc3BlY2lmaWNhdGlvbiwgZXZlbiB0 aG91Z2ggdGhlc2UKCSAgbGlua3Mgd29uJ3QgYWN0dWFsbHkgYmUgY3JlYXRlZCB1bnRpbCBhZnRl ciB0aGUgSUVTRyBoYXMgcmVxdWVzdGVkCgkgIHB1YmxpY2F0aW9uIG9mIHRoZSBzcGVjaWZpY2F0 aW9uLgoJICBQbGVhc2UgZGVsZXRlIHRoaXMgbm90ZSBhZnRlciB0aGUgbGlua3MgYXJlIGluIHBs YWNlLiBdXQoJPC90PgoJPHQ+CgkgIEZvciB0aGVzZSByZWdpc3RyaWVzLCB0aGUgZGVzaWduYXRl ZCBleHBlcnRzIG11c3QgcmVqZWN0CgkgIHJlZ2lzdHJhdGlvbiByZXF1ZXN0cyBpbiBvbmUgcmVn aXN0cnkKCSAgZm9yIHZhbHVlcyBhbHJlYWR5IG9jY3VycmluZyBpbiB0aGUgb3RoZXIgcmVnaXN0 cnkuCgkgIFRoaXMgaXMgbmVjZXNzYXJ5IGJlY2F1c2UgdGhlCgkgIDxzcGFueCBzdHlsZT0idmVy YiI+aW50cm9zcGVjdGlvbl9lbmRwb2ludF9hdXRoX21ldGhvZHNfc3VwcG9ydGVkPC9zcGFueD4K CSAgcGFyYW1ldGVyIGFsbG93cyBmb3IgdGhlIHVzZSBvZiB2YWx1ZXMgZnJvbSBlaXRoZXIgcmVn aXN0cnkuCgkgIFRoYXQgd2F5LCBiZWNhdXNlIHRoZSB2YWx1ZXMgaW4gdGhlIHR3byByZWdpc3Ry aWVzIHdpbGwgY29udGludWUgdG8gYmUKCSAgbXV0dWFsbHkgZXhjbHVzaXZlLCBubyBhbWJpZ3Vp dGllcyB3aWxsIGFyaXNlLgoJPC90PgogICAgICA8L3NlY3Rpb24+CgogICAgICA8c2VjdGlvbiBh bmNob3I9IldlbGxLbm93blJlZ2lzdHJ5IiB0aXRsZT0iV2VsbC1Lbm93biBVUkkgUmVnaXN0cnki PgoJPHQ+CgkgIFRoaXMgc3BlY2lmaWNhdGlvbiByZWdpc3RlcnMgdGhlIHdlbGwta25vd24gVVJJ IGRlZmluZWQgaW4KCSAgPHhyZWYgdGFyZ2V0PSJBU0NvbmZpZyIvPiBpbiB0aGUgSUFOQQoJICAi V2VsbC1Lbm93biBVUklzIiByZWdpc3RyeSA8eHJlZiB0YXJnZXQ9IklBTkEud2VsbC1rbm93biIv PgoJICBlc3RhYmxpc2hlZCBieSA8eHJlZiB0YXJnZXQ9IlJGQzU3ODUiPlJGQyA1Nzg1PC94cmVm Pi4KCTwvdD4KCgk8c2VjdGlvbiBhbmNob3I9J1dlbGxLbm93bkNvbnRlbnRzJyB0aXRsZT0nUmVn aXN0cnkgQ29udGVudHMnPgoJICA8dD4gPD9yZmMgc3ViY29tcGFjdD0ieWVzIj8+CiAgICAgICAg ICAgIDxsaXN0IHN0eWxlPSdzeW1ib2xzJz4KCSAgICAgIDx0PgoJCVVSSSBzdWZmaXg6IDxzcGFu eCBzdHlsZT0idmVyYiI+b2F1dGgtYXV0aG9yaXphdGlvbi1zZXJ2ZXI8L3NwYW54PgoJICAgICAg PC90PgoJICAgICAgPHQ+CgkJQ2hhbmdlIGNvbnRyb2xsZXI6IElFU0cKCSAgICAgIDwvdD4KCSAg ICAgIDx0PgoJCVNwZWNpZmljYXRpb24gZG9jdW1lbnQ6IDx4cmVmIHRhcmdldD0iQVNDb25maWci Lz4gb2YgW1sgdGhpcyBzcGVjaWZpY2F0aW9uIF1dCgkgICAgICA8L3Q+CgkgICAgICA8dD4KCQlS ZWxhdGVkIGluZm9ybWF0aW9uOiAobm9uZSkKCSAgICAgIDwvdD4KCSAgICA8L2xpc3Q+CgkgIDwv dD4KCTwvc2VjdGlvbj4KCTw/cmZjIHN1YmNvbXBhY3Q9Im5vIj8+CgogICAgICA8L3NlY3Rpb24+ CgogICAgPC9zZWN0aW9uPgogIDwvbWlkZGxlPgoKICA8YmFjaz4KICAgIDxyZWZlcmVuY2VzIHRp dGxlPSJOb3JtYXRpdmUgUmVmZXJlbmNlcyI+CiAgICAgIDw/cmZjIGluY2x1ZGU9Imh0dHA6Ly94 bWwycmZjLnRvb2xzLmlldGYub3JnL3B1YmxpYy9yZmMvYmlieG1sL3JlZmVyZW5jZS5SRkMuMjEx OSI/PgogICAgICA8P3JmYyBpbmNsdWRlPSJodHRwOi8veG1sMnJmYy50b29scy5pZXRmLm9yZy9w dWJsaWMvcmZjL2JpYnhtbC9yZWZlcmVuY2UuUkZDLjUyNDYiPz4KICAgICAgPD9yZmMgaW5jbHVk ZT0iaHR0cDovL3htbDJyZmMudG9vbHMuaWV0Zi5vcmcvcHVibGljL3JmYy9iaWJ4bWwvcmVmZXJl bmNlLlJGQy41NjQ2Ij8+CiAgICAgIDw/cmZjIGluY2x1ZGU9Imh0dHA6Ly94bWwycmZjLnRvb2xz LmlldGYub3JnL3B1YmxpYy9yZmMvYmlieG1sL3JlZmVyZW5jZS5SRkMuNTc4NSI/PgogICAgICA8 P3JmYyBpbmNsdWRlPSJodHRwOi8veG1sMnJmYy50b29scy5pZXRmLm9yZy9wdWJsaWMvcmZjL2Jp YnhtbC9yZWZlcmVuY2UuUkZDLjYxMjUiPz4KICAgICAgPD9yZmMgaW5jbHVkZT0iaHR0cDovL3ht bDJyZmMudG9vbHMuaWV0Zi5vcmcvcHVibGljL3JmYy9iaWJ4bWwvcmVmZXJlbmNlLlJGQy42NzQ5 Ij8+CiAgICAgIDw/cmZjIGluY2x1ZGU9Imh0dHA6Ly94bWwycmZjLnRvb2xzLmlldGYub3JnL3B1 YmxpYy9yZmMvYmlieG1sL3JlZmVyZW5jZS5SRkMuNzAwOSI/PgogICAgICA8P3JmYyBpbmNsdWRl PSJodHRwOi8veG1sMnJmYy50b29scy5pZXRmLm9yZy9wdWJsaWMvcmZjL2JpYnhtbC9yZWZlcmVu Y2UuUkZDLjcwMzMiPz4KICAgICAgPD9yZmMgaW5jbHVkZT0iaHR0cDovL3htbDJyZmMudG9vbHMu aWV0Zi5vcmcvcHVibGljL3JmYy9iaWJ4bWwvcmVmZXJlbmNlLlJGQy43MTU5Ij8+CiAgICAgIDw/ cmZjIGluY2x1ZGU9Imh0dHA6Ly94bWwycmZjLnRvb2xzLmlldGYub3JnL3B1YmxpYy9yZmMvYmli eG1sL3JlZmVyZW5jZS5SRkMuNzU5MSI/PgogICAgICA8P3JmYyBpbmNsdWRlPSJodHRwOi8veG1s MnJmYy50b29scy5pZXRmLm9yZy9wdWJsaWMvcmZjL2JpYnhtbC9yZWZlcmVuY2UuUkZDLjc2MzYi Pz4KICAgICAgPD9yZmMgaW5jbHVkZT0iaHR0cDovL3htbDJyZmMudG9vbHMuaWV0Zi5vcmcvcHVi bGljL3JmYy9iaWJ4bWwvcmVmZXJlbmNlLlJGQy43NjYyIj8+CiAgICAgIDw/cmZjIGluY2x1ZGU9 Imh0dHA6Ly94bWwycmZjLnRvb2xzLmlldGYub3JnL3B1YmxpYy9yZmMvYmlieG1sL3JlZmVyZW5j ZS5SRkMuODEyNiI/PgogICAgICA8P3JmYyBpbmNsdWRlPSJodHRwOi8veG1sMnJmYy50b29scy5p ZXRmLm9yZy9wdWJsaWMvcmZjL2JpYnhtbC9yZWZlcmVuY2UuUkZDLjgxNzQiPz4KCiAgICAgIDxy ZWZlcmVuY2UgYW5jaG9yPSdCQ1AxOTUnIHRhcmdldD0naHR0cDovL3d3dy5yZmMtZWRpdG9yLm9y Zy9pbmZvL2JjcDE5NSc+Cgk8ZnJvbnQ+CgkgIDx0aXRsZT5SZWNvbW1lbmRhdGlvbnMgZm9yIFNl Y3VyZSBVc2Ugb2YgVHJhbnNwb3J0IExheWVyIFNlY3VyaXR5IChUTFMpIGFuZCBEYXRhZ3JhbSBU cmFuc3BvcnQgTGF5ZXIgU2VjdXJpdHkgKERUTFMpPC90aXRsZT4KCSAgPGF1dGhvciBpbml0aWFs cz0nWS4nIHN1cm5hbWU9J1NoZWZmZXInIGZ1bGxuYW1lPSdZLiBTaGVmZmVyJz48b3JnYW5pemF0 aW9uIC8+PC9hdXRob3I+CgkgIDxhdXRob3IgaW5pdGlhbHM9J1IuJyBzdXJuYW1lPSdIb2x6JyBm dWxsbmFtZT0nUi4gSG9seic+PG9yZ2FuaXphdGlvbiAvPjwvYXV0aG9yPgoJICA8YXV0aG9yIGlu aXRpYWxzPSdQLicgc3VybmFtZT0nU2FpbnQtQW5kcmUnIGZ1bGxuYW1lPSdQLiBTYWludC1BbmRy ZSc+PG9yZ2FuaXphdGlvbiAvPjwvYXV0aG9yPgoJICA8ZGF0ZSB5ZWFyPScyMDE1JyBtb250aD0n TWF5JyAvPgoJICA8YWJzdHJhY3Q+PHQ+VHJhbnNwb3J0IExheWVyIFNlY3VyaXR5IChUTFMpIGFu ZCBEYXRhZ3JhbSBUcmFuc3BvcnQgTGF5ZXIgU2VjdXJpdHkgKERUTFMpIGFyZSB3aWRlbHkgdXNl ZCB0byBwcm90ZWN0IGRhdGEgZXhjaGFuZ2VkIG92ZXIgYXBwbGljYXRpb24gcHJvdG9jb2xzIHN1 Y2ggYXMgSFRUUCwgU01UUCwgSU1BUCwgUE9QLCBTSVAsIGFuZCBYTVBQLiAgT3ZlciB0aGUgbGFz dCBmZXcgeWVhcnMsIHNldmVyYWwgc2VyaW91cyBhdHRhY2tzIG9uIFRMUyBoYXZlIGVtZXJnZWQs IGluY2x1ZGluZyBhdHRhY2tzIG9uIGl0cyBtb3N0IGNvbW1vbmx5IHVzZWQgY2lwaGVyIHN1aXRl cyBhbmQgdGhlaXIgbW9kZXMgb2Ygb3BlcmF0aW9uLiAgVGhpcyBkb2N1bWVudCBwcm92aWRlcyBy ZWNvbW1lbmRhdGlvbnMgZm9yIGltcHJvdmluZyB0aGUgc2VjdXJpdHkgb2YgZGVwbG95ZWQgc2Vy dmljZXMgdGhhdCB1c2UgVExTIGFuZCBEVExTLiBUaGUgcmVjb21tZW5kYXRpb25zIGFyZSBhcHBs aWNhYmxlIHRvIHRoZSBtYWpvcml0eSBvZiB1c2UgY2FzZXMuPC90PjwvYWJzdHJhY3Q+Cgk8L2Zy b250PgoJPHNlcmllc0luZm8gbmFtZT0nQkNQJyB2YWx1ZT0nMTk1Jy8+Cgk8c2VyaWVzSW5mbyBu YW1lPSdSRkMnIHZhbHVlPSc3NTI1Jy8+Cgk8c2VyaWVzSW5mbyBuYW1lPSdET0knIHZhbHVlPScx MC4xNzQ4Ny9SRkM3NTI1Jy8+Cgk8Zm9ybWF0IHR5cGU9J0FTQ0lJJyBvY3RldHM9JzYwMjgzJy8+ CiAgICAgIDwvcmVmZXJlbmNlPgoKICAgICAgPHJlZmVyZW5jZSBhbmNob3I9IlVTQTE1IiB0YXJn ZXQ9Imh0dHA6Ly93d3cudW5pY29kZS5vcmcvcmVwb3J0cy90cjE1LyI+Cgk8ZnJvbnQ+CgkgIDx0 aXRsZT5Vbmljb2RlIE5vcm1hbGl6YXRpb24gRm9ybXM8L3RpdGxlPgoKCSAgPGF1dGhvciBmdWxs bmFtZT0iTWFyayBEYXZpcyIgaW5pdGlhbHM9Ik0uIiBzdXJuYW1lPSJEYXZpcyI+CgkgIDwvYXV0 aG9yPgoKCSAgPGF1dGhvciBmdWxsbmFtZT0iS2VuIFdoaXN0bGVyIiBpbml0aWFscz0iSy4iIHN1 cm5hbWU9IldoaXN0bGVyIj4KCSAgPC9hdXRob3I+CgoJICA8ZGF0ZSBkYXk9IjEiIG1vbnRoPSJK dW5lIiB5ZWFyPSIyMDE1IiAvPgoJPC9mcm9udD4KCgk8c2VyaWVzSW5mbyBuYW1lPSJVbmljb2Rl IFN0YW5kYXJkIEFubmV4IiB2YWx1ZT0iMTUiIC8+CiAgICAgIDwvcmVmZXJlbmNlPgoKICAgICAg PHJlZmVyZW5jZSBhbmNob3I9IkpXVCIgdGFyZ2V0PSJodHRwOi8vdG9vbHMuaWV0Zi5vcmcvaHRt bC9yZmM3NTE5Ij4KICAgICAgICA8ZnJvbnQ+CiAgICAgICAgICA8dGl0bGU+SlNPTiBXZWIgVG9r ZW4gKEpXVCk8L3RpdGxlPgoKICAgICAgICAgIDxhdXRob3IgZnVsbG5hbWU9Ik1pY2hhZWwgQi4g Sm9uZXMiIGluaXRpYWxzPSJNLkIuIiBzdXJuYW1lPSJKb25lcyI+CiAgICAgICAgICAgIDxvcmdh bml6YXRpb24gYWJicmV2PSJNaWNyb3NvZnQiPk1pY3Jvc29mdDwvb3JnYW5pemF0aW9uPgogICAg ICAgICAgPC9hdXRob3I+CgogICAgICAgICAgPGF1dGhvciBmdWxsbmFtZT0iSm9obiBCcmFkbGV5 IiBpbml0aWFscz0iSi4iIHN1cm5hbWU9IkJyYWRsZXkiPgogICAgICAgICAgICA8b3JnYW5pemF0 aW9uIGFiYnJldj0iUGluZyBJZGVudGl0eSI+UGluZyBJZGVudGl0eTwvb3JnYW5pemF0aW9uPgog ICAgICAgICAgPC9hdXRob3I+CgogICAgICAgICAgPGF1dGhvciBmdWxsbmFtZT0iTmF0IFNha2lt dXJhIiBpbml0aWFscz0iTi4iIHN1cm5hbWU9IlNha2ltdXJhIj4KICAgICAgICAgICAgPG9yZ2Fu aXphdGlvbiBhYmJyZXY9Ik5SSSI+Tm9tdXJhIFJlc2VhcmNoIEluc3RpdHV0ZSwgTHRkLjwvb3Jn YW5pemF0aW9uPgogICAgICAgICAgPC9hdXRob3I+CgogICAgICAgICAgPGRhdGUgbW9udGg9Ik1h eSIgeWVhcj0iMjAxNSIgLz4KICAgICAgICA8L2Zyb250PgoKCTxzZXJpZXNJbmZvIG5hbWU9IlJG QyIgdmFsdWU9Ijc1MTkiLz4KCTxzZXJpZXNJbmZvIG5hbWU9IkRPSSIgdmFsdWU9IjEwLjE3NDg3 L1JGQzc1MTkiLz4KICAgICAgPC9yZWZlcmVuY2U+CgogICAgICA8cmVmZXJlbmNlIGFuY2hvcj0i SldTIiB0YXJnZXQ9Imh0dHA6Ly90b29scy5pZXRmLm9yZy9odG1sL3JmYzc1MTUiPgogICAgICAg IDxmcm9udD4KICAgICAgICAgIDx0aXRsZT5KU09OIFdlYiBTaWduYXR1cmUgKEpXUyk8L3RpdGxl PgoKICAgICAgICAgIDxhdXRob3IgZnVsbG5hbWU9Ik1pY2hhZWwgQi4gSm9uZXMiIGluaXRpYWxz PSJNLkIuIiBzdXJuYW1lPSJKb25lcyI+CiAgICAgICAgICAgIDxvcmdhbml6YXRpb24gYWJicmV2 PSJNaWNyb3NvZnQiPk1pY3Jvc29mdDwvb3JnYW5pemF0aW9uPgogICAgICAgICAgPC9hdXRob3I+ CgogICAgICAgICAgPGF1dGhvciBmdWxsbmFtZT0iSm9obiBCcmFkbGV5IiBpbml0aWFscz0iSi4i IHN1cm5hbWU9IkJyYWRsZXkiPgogICAgICAgICAgICA8b3JnYW5pemF0aW9uIGFiYnJldj0iUGlu ZyBJZGVudGl0eSI+UGluZyBJZGVudGl0eTwvb3JnYW5pemF0aW9uPgogICAgICAgICAgPC9hdXRo b3I+CgogICAgICAgICAgPGF1dGhvciBmdWxsbmFtZT0iTmF0IFNha2ltdXJhIiBpbml0aWFscz0i Ti4iIHN1cm5hbWU9IlNha2ltdXJhIj4KICAgICAgICAgICAgPG9yZ2FuaXphdGlvbiBhYmJyZXY9 Ik5SSSI+Tm9tdXJhIFJlc2VhcmNoIEluc3RpdHV0ZSwgTHRkLjwvb3JnYW5pemF0aW9uPgogICAg ICAgICAgPC9hdXRob3I+CgogICAgICAgICAgPGRhdGUgbW9udGg9Ik1heSIgeWVhcj0iMjAxNSIg Lz4KICAgICAgICA8L2Zyb250PgoKCTxzZXJpZXNJbmZvIG5hbWU9IlJGQyIgdmFsdWU9Ijc1MTUi Lz4KCTxzZXJpZXNJbmZvIG5hbWU9IkRPSSIgdmFsdWU9IjEwLjE3NDg3L1JGQzc1MTUiLz4KICAg ICAgPC9yZWZlcmVuY2U+CgogICAgICA8cmVmZXJlbmNlIGFuY2hvcj0iSldFIiB0YXJnZXQ9Imh0 dHA6Ly90b29scy5pZXRmLm9yZy9odG1sL3JmYzc1MTYiPgogICAgICAgIDxmcm9udD4KICAgICAg ICAgIDx0aXRsZT5KU09OIFdlYiBFbmNyeXB0aW9uIChKV0UpPC90aXRsZT4KCgkgIDxhdXRob3Ig ZnVsbG5hbWU9Ik1pY2hhZWwgQi4gSm9uZXMiIGluaXRpYWxzPSJNLkIuIiBzdXJuYW1lPSJKb25l cyI+CgkgICAgPG9yZ2FuaXphdGlvbj5NaWNyb3NvZnQ8L29yZ2FuaXphdGlvbj4KCSAgPC9hdXRo b3I+CgoJICA8YXV0aG9yIGZ1bGxuYW1lPSJKb2UgSGlsZGVicmFuZCIgaW5pdGlhbHM9IkouIiBz dXJuYW1lPSJIaWxkZWJyYW5kIj4KCSAgICA8b3JnYW5pemF0aW9uPkNpc2NvIFN5c3RlbXMsIElu Yy48L29yZ2FuaXphdGlvbj4KCSAgPC9hdXRob3I+CgoJICA8ZGF0ZSBtb250aD0iTWF5IiB5ZWFy PSIyMDE1IiAvPgogICAgICAgIDwvZnJvbnQ+CgoJPHNlcmllc0luZm8gbmFtZT0iUkZDIiB2YWx1 ZT0iNzUxNiIvPgoJPHNlcmllc0luZm8gbmFtZT0iRE9JIiB2YWx1ZT0iMTAuMTc0ODcvUkZDNzUx NiIvPgogICAgICA8L3JlZmVyZW5jZT4KCjwhLS0KICAgICAgPHJlZmVyZW5jZSBhbmNob3I9IkpX QSIgdGFyZ2V0PSJodHRwOi8vdG9vbHMuaWV0Zi5vcmcvaHRtbC9yZmM3NTE4Ij4KICAgICAgICA8 ZnJvbnQ+CiAgICAgICAgICA8dGl0bGU+SlNPTiBXZWIgQWxnb3JpdGhtcyAoSldBKTwvdGl0bGU+ CgogICAgICAgICAgPGF1dGhvciBmdWxsbmFtZT0iTWljaGFlbCBCLiBKb25lcyIgaW5pdGlhbHM9 Ik0uQi4iIHN1cm5hbWU9IkpvbmVzIj4KICAgICAgICAgICAgPG9yZ2FuaXphdGlvbiBhYmJyZXY9 Ik1pY3Jvc29mdCI+TWljcm9zb2Z0PC9vcmdhbml6YXRpb24+CiAgICAgICAgICA8L2F1dGhvcj4K CiAgICAgICAgICA8ZGF0ZSBtb250aD0iTWF5IiB5ZWFyPSIyMDE1IiAvPgogICAgICAgIDwvZnJv bnQ+CgoJPHNlcmllc0luZm8gbmFtZT0iUkZDIiB2YWx1ZT0iNzUxOCIvPgoJPHNlcmllc0luZm8g bmFtZT0iRE9JIiB2YWx1ZT0iMTAuMTc0ODcvUkZDNzUxOCIvPgogICAgICA8L3JlZmVyZW5jZT4K LS0+CgogICAgICA8cmVmZXJlbmNlIGFuY2hvcj0iSldLIiB0YXJnZXQ9Imh0dHA6Ly90b29scy5p ZXRmLm9yZy9odG1sL3JmYzc1MTciPgogICAgICAgIDxmcm9udD4KCSAgPHRpdGxlPkpTT04gV2Vi IEtleSAoSldLKTwvdGl0bGU+CgoJICA8YXV0aG9yIGZ1bGxuYW1lPSJNaWNoYWVsIEIuIEpvbmVz IiBpbml0aWFscz0iTS5CLiIgc3VybmFtZT0iSm9uZXMiPgoJICAgIDxvcmdhbml6YXRpb24+TWlj cm9zb2Z0PC9vcmdhbml6YXRpb24+CgkgIDwvYXV0aG9yPgoKCSAgPGRhdGUgbW9udGg9Ik1heSIg eWVhcj0iMjAxNSIgLz4KICAgICAgICA8L2Zyb250PgoKCTxzZXJpZXNJbmZvIG5hbWU9IlJGQyIg dmFsdWU9Ijc1MTciLz4KCTxzZXJpZXNJbmZvIG5hbWU9IkRPSSIgdmFsdWU9IjEwLjE3NDg3L1JG Qzc1MTciLz4KICAgICAgPC9yZWZlcmVuY2U+CgogICAgICA8cmVmZXJlbmNlIGFuY2hvcj0iT0F1 dGguUmVzcG9uc2VzIiB0YXJnZXQ9Imh0dHA6Ly9vcGVuaWQubmV0L3NwZWNzL29hdXRoLXYyLW11 bHRpcGxlLXJlc3BvbnNlLXR5cGVzLTFfMC5odG1sIj4KICAgICAgICA8ZnJvbnQ+CgkgIDx0aXRs ZT5PQXV0aCAyLjAgTXVsdGlwbGUgUmVzcG9uc2UgVHlwZSBFbmNvZGluZyBQcmFjdGljZXM8L3Rp dGxlPgoKCSAgPGF1dGhvciBmdWxsbmFtZT0iQnJlbm8gZGUgTWVkZWlyb3MiIGluaXRpYWxzPSJC LiIgcm9sZT0iZWRpdG9yIiBzdXJuYW1lPSJkZSBNZWRlaXJvcyI+CgkgICAgPG9yZ2FuaXphdGlv biBhYmJyZXY9Ikdvb2dsZSI+R29vZ2xlPC9vcmdhbml6YXRpb24+CgkgIDwvYXV0aG9yPgoKCSAg PGF1dGhvciBmdWxsbmFtZT0iTWFyaXVzIFNjdXJ0ZXNjdSIgaW5pdGlhbHM9Ik0uIiBzdXJuYW1l PSJTY3VydGVzY3UiPgoJICAgIDxvcmdhbml6YXRpb24gYWJicmV2PSJHb29nbGUiPkdvb2dsZTwv b3JnYW5pemF0aW9uPgoJICA8L2F1dGhvcj4KCgkgIDxhdXRob3IgZnVsbG5hbWU9IlBhdWwgVGFy amFuIiBpbml0aWFscz0iUC4iIHN1cm5hbWU9IlRhcmphbiI+CgkgICAgPG9yZ2FuaXphdGlvbiBh YmJyZXY9IkZhY2Vib29rIj4gRmFjZWJvb2s8L29yZ2FuaXphdGlvbj4KCSAgPC9hdXRob3I+CgoJ ICA8YXV0aG9yIGZ1bGxuYW1lPSJNaWNoYWVsIEIuIEpvbmVzIiBpbml0aWFscz0iTS5CLiIgc3Vy bmFtZT0iSm9uZXMiPgoJICAgIDxvcmdhbml6YXRpb24gYWJicmV2PSJNaWNyb3NvZnQiPk1pY3Jv c29mdDwvb3JnYW5pemF0aW9uPgoJICA8L2F1dGhvcj4KCgkgIDxkYXRlIGRheT0iMjUiIG1vbnRo PSJGZWJydWFyeSIgeWVhcj0iMjAxNCIgLz4KICAgICAgICA8L2Zyb250PgogICAgICA8L3JlZmVy ZW5jZT4KCiAgICAgIDxyZWZlcmVuY2UgYW5jaG9yPSJPQXV0aC5Qb3N0IiB0YXJnZXQ9Imh0dHA6 Ly9vcGVuaWQubmV0L3NwZWNzL29hdXRoLXYyLWZvcm0tcG9zdC1yZXNwb25zZS1tb2RlLTFfMC5o dG1sIj4KICAgICAgICA8ZnJvbnQ+CgkgIDx0aXRsZT5PQXV0aCAyLjAgRm9ybSBQb3N0IFJlc3Bv bnNlIE1vZGU8L3RpdGxlPgoKCSAgPGF1dGhvciBmdWxsbmFtZT0iTWljaGFlbCBCLiBKb25lcyIg aW5pdGlhbHM9Ik0uQi4iIHN1cm5hbWU9IkpvbmVzIj4KCSAgICA8b3JnYW5pemF0aW9uIGFiYnJl dj0iTWljcm9zb2Z0Ij5NaWNyb3NvZnQ8L29yZ2FuaXphdGlvbj4KCSAgPC9hdXRob3I+CgoJICA8 YXV0aG9yIGZ1bGxuYW1lPSJCcmlhbiBDYW1wYmVsbCIgaW5pdGlhbHM9IkIuIiBzdXJuYW1lPSJD YW1wYmVsbCI+CgkgICAgPG9yZ2FuaXphdGlvbiBhYmJyZXY9IlBpbmcgSWRlbnRpdHkiPlBpbmcg SWRlbnRpdHk8L29yZ2FuaXphdGlvbj4KCSAgPC9hdXRob3I+CgoJICA8ZGF0ZSBkYXk9IjI3IiBt b250aD0iQXByaWwiIHllYXI9IjIwMTUiIC8+CiAgICAgICAgPC9mcm9udD4KICAgICAgPC9yZWZl cmVuY2U+CgogICAgICA8cmVmZXJlbmNlIGFuY2hvcj0iSUFOQS5PQXV0aC5QYXJhbWV0ZXJzIiB0 YXJnZXQ9Imh0dHA6Ly93d3cuaWFuYS5vcmcvYXNzaWdubWVudHMvb2F1dGgtcGFyYW1ldGVycyI+ CiAgICAgICAgPGZyb250PgogICAgICAgICAgPHRpdGxlPk9BdXRoIFBhcmFtZXRlcnM8L3RpdGxl PgogICAgICAgICAgPGF1dGhvcj4KICAgICAgICAgICAgPG9yZ2FuaXphdGlvbj5JQU5BPC9vcmdh bml6YXRpb24+CiAgICAgICAgICA8L2F1dGhvcj4KCSAgPGRhdGUvPgogICAgICAgIDwvZnJvbnQ+ CiAgICAgIDwvcmVmZXJlbmNlPgoKICAgICAgPHJlZmVyZW5jZSBhbmNob3I9IlVOSUNPREUiIHRh cmdldD0iaHR0cDovL3d3dy51bmljb2RlLm9yZy92ZXJzaW9ucy9sYXRlc3QvIj4KCTxmcm9udD4K CSAgPHRpdGxlIGFiYnJldj0iVW5pY29kZSI+VGhlIFVuaWNvZGUgU3RhbmRhcmQ8L3RpdGxlPgoJ ICA8YXV0aG9yPgoJICAgIDxvcmdhbml6YXRpb24+VGhlIFVuaWNvZGUgQ29uc29ydGl1bTwvb3Jn YW5pemF0aW9uPgoJICAgIDxhZGRyZXNzIC8+CgkgIDwvYXV0aG9yPgoJICA8ZGF0ZSAvPgoJPC9m cm9udD4KCTwhLS0KCSAgTm90ZSB0aGF0IHRoaXMgcmVmZXJlbmNlIGlzIHRvIHRoZSBsYXRlc3Qg dmVyc2lvbiBvZiBVbmljb2RlLAoJICByYXRoZXIgdGhhbiB0byBhIHNwZWNpZmljIHJlbGVhc2Uu ICBJdCBpcyBub3QgZXhwZWN0ZWQgdGhhdCBmdXR1cmUgY2hhbmdlcyBpbgoJICB0aGUgVU5JQ09E RSBzcGVjaWZpY2F0aW9uIHdpbGwgaW1wYWN0IHRoZSBzeW50YXggb2YgSlNPTiBvciB0aGUgVVRG LTggZW5jb2RpbmcuCgktLT4KICAgICAgPC9yZWZlcmVuY2U+CgogICAgPC9yZWZlcmVuY2VzPgoK ICAgIDxyZWZlcmVuY2VzIHRpdGxlPSJJbmZvcm1hdGl2ZSBSZWZlcmVuY2VzIj4KCiAgICAgIDxy ZWZlcmVuY2UgYW5jaG9yPSJPcGVuSUQuQ29yZSIgdGFyZ2V0PSJodHRwOi8vb3BlbmlkLm5ldC9z cGVjcy9vcGVuaWQtY29ubmVjdC1jb3JlLTFfMC5odG1sIj4KICAgICAgICA8ZnJvbnQ+CiAgICAg ICAgICA8dGl0bGU+T3BlbklEIENvbm5lY3QgQ29yZSAxLjA8L3RpdGxlPgoKICAgICAgICAgIDxh dXRob3IgZnVsbG5hbWU9Ik5hdCBTYWtpbXVyYSIgaW5pdGlhbHM9Ik4uIiBzdXJuYW1lPSJTYWtp bXVyYSI+CiAgICAgICAgICAgIDxvcmdhbml6YXRpb24gYWJicmV2PSJOUkkiPk5vbXVyYSBSZXNl YXJjaCBJbnN0aXR1dGUsIEx0ZC48L29yZ2FuaXphdGlvbj4KICAgICAgICAgIDwvYXV0aG9yPgoK ICAgICAgICAgIDxhdXRob3IgZnVsbG5hbWU9IkpvaG4gQnJhZGxleSIgaW5pdGlhbHM9IkouIiBz dXJuYW1lPSJCcmFkbGV5Ij4KICAgICAgICAgICAgPG9yZ2FuaXphdGlvbiBhYmJyZXY9IlBpbmcg SWRlbnRpdHkiPlBpbmcgSWRlbnRpdHk8L29yZ2FuaXphdGlvbj4KICAgICAgICAgIDwvYXV0aG9y PgoKICAgICAgICAgIDxhdXRob3IgZnVsbG5hbWU9Ik1pY2hhZWwgQi4gSm9uZXMiIGluaXRpYWxz PSJNLkIuIiBzdXJuYW1lPSJKb25lcyI+CiAgICAgICAgICAgIDxvcmdhbml6YXRpb24gYWJicmV2 PSJNaWNyb3NvZnQiPk1pY3Jvc29mdDwvb3JnYW5pemF0aW9uPgogICAgICAgICAgPC9hdXRob3I+ CgogICAgICAgICAgPGF1dGhvciBmdWxsbmFtZT0iQnJlbm8gZGUgTWVkZWlyb3MiIGluaXRpYWxz PSJCLiIgc3VybmFtZT0iZGUgTWVkZWlyb3MiPgogICAgICAgICAgICA8b3JnYW5pemF0aW9uIGFi YnJldj0iR29vZ2xlIj5Hb29nbGU8L29yZ2FuaXphdGlvbj4KICAgICAgICAgIDwvYXV0aG9yPgoK CSAgPGF1dGhvciBmdWxsbmFtZT0iQ2h1Y2sgTW9ydGltb3JlIiBpbml0aWFscz0iQy4iIHN1cm5h bWU9Ik1vcnRpbW9yZSI+CgkgICAgPG9yZ2FuaXphdGlvbiBhYmJyZXY9IlNhbGVzZm9yY2UiPlNh bGVzZm9yY2U8L29yZ2FuaXphdGlvbj4KCSAgPC9hdXRob3I+CgogICAgICAgICAgPGRhdGUgZGF5 PSI4IiBtb250aD0iTm92ZW1iZXIiIHllYXI9IjIwMTQiLz4KICAgICAgICA8L2Zyb250PgogICAg ICA8L3JlZmVyZW5jZT4KCiAgICAgIDxyZWZlcmVuY2UgYW5jaG9yPSJPcGVuSUQuRGlzY292ZXJ5 IiB0YXJnZXQ9Imh0dHA6Ly9vcGVuaWQubmV0L3NwZWNzL29wZW5pZC1jb25uZWN0LWRpc2NvdmVy eS0xXzAuaHRtbCI+CiAgICAgICAgPGZyb250PgogICAgICAgICAgPHRpdGxlPk9wZW5JRCBDb25u ZWN0IERpc2NvdmVyeSAxLjA8L3RpdGxlPgoKICAgICAgICAgIDxhdXRob3IgZnVsbG5hbWU9Ik5h dCBTYWtpbXVyYSIgaW5pdGlhbHM9Ik4uIiBzdXJuYW1lPSJTYWtpbXVyYSI+CiAgICAgICAgICAg IDxvcmdhbml6YXRpb24gYWJicmV2PSJOUkkiPk5vbXVyYSBSZXNlYXJjaCBJbnN0aXR1dGUsCiAg ICAgICAgICAgIEx0ZC48L29yZ2FuaXphdGlvbj4KICAgICAgICAgIDwvYXV0aG9yPgoKICAgICAg ICAgIDxhdXRob3IgZnVsbG5hbWU9IkpvaG4gQnJhZGxleSIgaW5pdGlhbHM9IkouIiBzdXJuYW1l PSJCcmFkbGV5Ij4KICAgICAgICAgICAgPG9yZ2FuaXphdGlvbiBhYmJyZXY9IlBpbmcgSWRlbnRp dHkiPlBpbmcgSWRlbnRpdHk8L29yZ2FuaXphdGlvbj4KICAgICAgICAgIDwvYXV0aG9yPgoKICAg ICAgICAgIDxhdXRob3IgZnVsbG5hbWU9Ik1pY2hhZWwgQi4gSm9uZXMiIGluaXRpYWxzPSJNLkIu IiBzdXJuYW1lPSJKb25lcyI+CiAgICAgICAgICAgIDxvcmdhbml6YXRpb24gYWJicmV2PSJNaWNy b3NvZnQiPk1pY3Jvc29mdDwvb3JnYW5pemF0aW9uPgogICAgICAgICAgPC9hdXRob3I+CgogICAg ICAgICAgPGF1dGhvciBmdWxsbmFtZT0iRWRtdW5kIEpheSIgaW5pdGlhbHM9IkUuIiBzdXJuYW1l PSJKYXkiPgogICAgICAgICAgICA8b3JnYW5pemF0aW9uPklsbHVtaWxhPC9vcmdhbml6YXRpb24+ CiAgICAgICAgICA8L2F1dGhvcj4KCiAgICAgICAgICA8ZGF0ZSBkYXk9IjgiIG1vbnRoPSJOb3Zl bWJlciIgeWVhcj0iMjAxNCIvPgogICAgICAgIDwvZnJvbnQ+CgogICAgICA8L3JlZmVyZW5jZT4K CiAgICAgIDxyZWZlcmVuY2UgYW5jaG9yPSJPcGVuSUQuUmVnaXN0cmF0aW9uIiB0YXJnZXQ9Imh0 dHA6Ly9vcGVuaWQubmV0L3NwZWNzL29wZW5pZC1jb25uZWN0LXJlZ2lzdHJhdGlvbi0xXzAuaHRt bCI+CiAgICAgICAgPGZyb250PgogICAgICAgICAgPHRpdGxlPk9wZW5JRCBDb25uZWN0IER5bmFt aWMgQ2xpZW50IFJlZ2lzdHJhdGlvbiAxLjA8L3RpdGxlPgoKICAgICAgICAgIDxhdXRob3IgZnVs bG5hbWU9Ik5hdCBTYWtpbXVyYSIgaW5pdGlhbHM9Ik4uIiBzdXJuYW1lPSJTYWtpbXVyYSI+CiAg ICAgICAgICAgIDxvcmdhbml6YXRpb24gYWJicmV2PSJOUkkiPk5vbXVyYSBSZXNlYXJjaCBJbnN0 aXR1dGUsIEx0ZC48L29yZ2FuaXphdGlvbj4KICAgICAgICAgIDwvYXV0aG9yPgoKICAgICAgICAg IDxhdXRob3IgZnVsbG5hbWU9IkpvaG4gQnJhZGxleSIgaW5pdGlhbHM9IkouIiBzdXJuYW1lPSJC cmFkbGV5Ij4KICAgICAgICAgICAgPG9yZ2FuaXphdGlvbiBhYmJyZXY9IlBpbmcgSWRlbnRpdHki PlBpbmcgSWRlbnRpdHk8L29yZ2FuaXphdGlvbj4KICAgICAgICAgIDwvYXV0aG9yPgoKICAgICAg ICAgIDxhdXRob3IgZnVsbG5hbWU9Ik1pY2hhZWwgQi4gSm9uZXMiIGluaXRpYWxzPSJNLkIuIiBz dXJuYW1lPSJKb25lcyI+CiAgICAgICAgICAgIDxvcmdhbml6YXRpb24gYWJicmV2PSJNaWNyb3Nv ZnQiPk1pY3Jvc29mdDwvb3JnYW5pemF0aW9uPgogICAgICAgICAgPC9hdXRob3I+CgogICAgICAg ICAgPGRhdGUgZGF5PSI4IiBtb250aD0iTm92ZW1iZXIiIHllYXI9IjIwMTQiLz4KICAgICAgICA8 L2Zyb250PgogICAgICA8L3JlZmVyZW5jZT4KCiAgICAgIDwhLS0KICAgICAgPHJlZmVyZW5jZSBh bmNob3I9Ik9wZW5JRC5TZXNzaW9uIiB0YXJnZXQ9Imh0dHA6Ly9vcGVuaWQubmV0L3NwZWNzL29w ZW5pZC1jb25uZWN0LXNlc3Npb24tMV8wLmh0bWwiPgogICAgICAgIDxmcm9udD4KICAgICAgICAg IDx0aXRsZT5PcGVuSUQgQ29ubmVjdCBTZXNzaW9uIE1hbmFnZW1lbnQgMS4wPC90aXRsZT4KCiAg ICAgICAgICA8YXV0aG9yIGZ1bGxuYW1lPSJOYXQgU2FraW11cmEiIGluaXRpYWxzPSJOLiIgc3Vy bmFtZT0iU2FraW11cmEiPgogICAgICAgICAgICA8b3JnYW5pemF0aW9uIGFiYnJldj0iTlJJIj5O b211cmEgUmVzZWFyY2ggSW5zdGl0dXRlLCBMdGQuPC9vcmdhbml6YXRpb24+CiAgICAgICAgICA8 L2F1dGhvcj4KCiAgICAgICAgICA8YXV0aG9yIGZ1bGxuYW1lPSJKb2huIEJyYWRsZXkiIGluaXRp YWxzPSJKLiIgc3VybmFtZT0iQnJhZGxleSI+CiAgICAgICAgICAgIDxvcmdhbml6YXRpb24gYWJi cmV2PSJQaW5nIElkZW50aXR5Ij5QaW5nIElkZW50aXR5PC9vcmdhbml6YXRpb24+CiAgICAgICAg ICA8L2F1dGhvcj4KCiAgICAgICAgICA8YXV0aG9yIGZ1bGxuYW1lPSJNaWNoYWVsIEIuIEpvbmVz IiBpbml0aWFscz0iTS5CLiIgc3VybmFtZT0iSm9uZXMiPgogICAgICAgICAgICA8b3JnYW5pemF0 aW9uIGFiYnJldj0iTWljcm9zb2Z0Ij5NaWNyb3NvZnQ8L29yZ2FuaXphdGlvbj4KICAgICAgICAg IDwvYXV0aG9yPgoKICAgICAgICAgIDxhdXRob3IgZnVsbG5hbWU9IkJyZW5vIGRlIE1lZGVpcm9z IiBpbml0aWFscz0iQi4iIHN1cm5hbWU9ImRlIE1lZGVpcm9zIj4KICAgICAgICAgICAgPG9yZ2Fu aXphdGlvbiBhYmJyZXY9Ikdvb2dsZSI+R29vZ2xlPC9vcmdhbml6YXRpb24+CiAgICAgICAgICA8 L2F1dGhvcj4KCiAgICAgICAgICA8YXV0aG9yIGZ1bGxuYW1lPSJOYXZlZW4gQWdhcndhbCIgaW5p dGlhbHM9Ik4uIiBzdXJuYW1lPSJBZ2Fyd2FsIj4KICAgICAgICAgICAgPG9yZ2FuaXphdGlvbiBh YmJyZXY9Ikdvb2dsZSI+R29vZ2xlPC9vcmdhbml6YXRpb24+CiAgICAgICAgICA8L2F1dGhvcj4K CiAgICAgICAgICA8ZGF0ZSBkYXk9IjgiIG1vbnRoPSJOb3ZlbWJlciIgeWVhcj0iMjAxNCIvPgog ICAgICAgIDwvZnJvbnQ+CiAgICAgIDwvcmVmZXJlbmNlPgogICAgICAtLT4KCiAgICAgIDxyZWZl cmVuY2UgYW5jaG9yPSJJQU5BLndlbGwta25vd24iIHRhcmdldD0iaHR0cDovL3d3dy5pYW5hLm9y Zy9hc3NpZ25tZW50cy93ZWxsLWtub3duLXVyaXMiPgogICAgICAgIDxmcm9udD4KICAgICAgICAg IDx0aXRsZT5XZWxsLUtub3duIFVSSXM8L3RpdGxlPgogICAgICAgICAgPGF1dGhvcj4KICAgICAg ICAgICAgPG9yZ2FuaXphdGlvbj5JQU5BPC9vcmdhbml6YXRpb24+CiAgICAgICAgICA8L2F1dGhv cj4KCSAgPGRhdGUvPgogICAgICAgIDwvZnJvbnQ+CiAgICAgIDwvcmVmZXJlbmNlPgoKICAgICAg PD9yZmMgaW5jbHVkZT0iaHR0cDovL3htbDJyZmMudG9vbHMuaWV0Zi5vcmcvcHVibGljL3JmYy9i aWJ4bWwzL3JlZmVyZW5jZS5JLUQuZHJhZnQtaWV0Zi1vYXV0aC1taXgtdXAtbWl0aWdhdGlvbi0w MS54bWwiID8+CgogICAgPC9yZWZlcmVuY2VzPgoKICAgIDxzZWN0aW9uIGFuY2hvcj0iQWNrbm93 bGVkZ2VtZW50cyIgdGl0bGU9IkFja25vd2xlZGdlbWVudHMiPgoKICAgICAgPHQ+CglUaGlzIHNw ZWNpZmljYXRpb24gaXMgYmFzZWQgb24gdGhlIE9wZW5JRCBDb25uZWN0IERpc2NvdmVyeSAxLjAg c3BlY2lmaWNhdGlvbiwKCXdoaWNoIHdhcyBwcm9kdWNlZCBieSB0aGUgT3BlbklEIENvbm5lY3Qg d29ya2luZyBncm91cCBvZiB0aGUgT3BlbklEIEZvdW5kYXRpb24uCglUaGlzIHNwZWNpZmljYXRp b24gc3RhbmRhcmRpemVzIHRoZSBkZSBmYWN0byB1c2FnZSBvZiB0aGUgbWV0YWRhdGEgZm9ybWF0 IGRlZmluZWQgYnkKCU9wZW5JRCBDb25uZWN0IERpc2NvdmVyeSB0byBwdWJsaXNoIE9BdXRoIGF1 dGhvcml6YXRpb24gc2VydmVyIG1ldGFkYXRhLgogICAgICA8L3Q+CiAgICAgIDx0PgoJVGhlIGF1 dGhvcnMgd291bGQgbGlrZSB0byB0aGFuayB0aGUgZm9sbG93aW5nIHBlb3BsZSBmb3IgdGhlaXIg cmV2aWV3cyBvZiB0aGlzIHNwZWNpZmljYXRpb246CglTaHdldGhhIEJoYW5kYXJpLAoJQmVuIENh bXBiZWxsLAoJQnJpYW4gQ2FtcGJlbGwsCglCcmlhbiBDYXJwZW50ZXIsCglXaWxsaWFtIERlbm5p c3MsCglWbGFkaW1pciBEemh1dmlub3YsCglEb25hbGQgRWFzdGxha2UsCglTYW11ZWwgRXJkdG1h biwKCUdlb3JnZSBGbGV0Y2hlciwKCURpY2sgSGFyZHQsCglQaGlsIEh1bnQsCglBbGV4ZXkgTWVs bmlrb3YsCglUb255IE5hZGFsaW4sCglNYXJrIE5vdHRpbmdoYW0sCglFcmljIFJlc2NvcmxhLAoJ SnVzdGluIFJpY2hlciwKCUFkYW0gUm9hY2gsCglIYW5uZXMgVHNjaG9mZW5pZywKCWFuZAoJSGFu cyBaYW5kYmVsdC4KICAgICAgPC90PgogICAgPC9zZWN0aW9uPgoKICAgIDxzZWN0aW9uIGFuY2hv cj0iSGlzdG9yeSIgdGl0bGU9IkRvY3VtZW50IEhpc3RvcnkiPgogICAgICA8dD5bWyB0byBiZSBy ZW1vdmVkIGJ5IHRoZSBSRkMgRWRpdG9yIGJlZm9yZSBwdWJsaWNhdGlvbiBhcyBhbiBSRkMgXV08 L3Q+CgogICAgICA8dD4KCS0wOQogICAgICAgIDxsaXN0IHN0eWxlPSJzeW1ib2xzIj4KCSAgPHQ+ CgkgICAgUmV2aXNlZCB0aGUgdHJhbnNmb3JtYXRpb24gYmV0d2VlbiB0aGUgaXNzdWVyIGlkZW50 aWZpZXIgYW5kIHRoZSBhdXRob3JpemF0aW9uIHNlcnZlciBtZXRhZGF0YSBsb2NhdGlvbgoJICAg IHRvIGNvbmZvcm0gdG8gQkNQIDE5MCwgYXMgc3VnZ2VzdGVkIGJ5IEFkYW0gUm9hY2guCgkgIDwv dD4KCSAgPHQ+CgkgICAgRGVmaW5lZCB0aGUgY2hhcmFjdGVycyBhbGxvd2VkIGluIHJlZ2lzdGVy ZWQgbWV0YWRhdGEgbmFtZXMgYW5kIHZhbHVlcywgYXMgc3VnZ2VzdGVkIGJ5IEFsZXhleSBNZWxu aWtvdi4KCSAgPC90PgoJICA8dD4KCSAgICBDaGFuZ2VkIHRvIHVzaW5nIHRoZSBSRkMgODE3NCBi b2lsZXJwbGF0ZSBpbnN0ZWFkIG9mIHRoZSBSRkMgMjExOSBib2lsZXJwbGF0ZSwgYXMgc3VnZ2Vz dGVkIGJ5IEJlbiBDYW1wYmVsbC4KCSAgPC90PgoJICA8dD4KCSAgICBBY2tub3dsZWRnZWQgYWRk aXRpb25hbCByZXZpZXdlcnMuCgkgIDwvdD4KCTwvbGlzdD4KICAgICAgPC90PgoKICAgICAgPHQ+ CgktMDgKICAgICAgICA8bGlzdCBzdHlsZT0ic3ltYm9scyI+CgkgIDx0PgoJICAgIENoYW5nZWQg dGhlIDxzcGFueCBzdHlsZT0idmVyYiI+YXV0aG9yaXphdGlvbl9lbmRwb2ludDwvc3Bhbng+IHRv IGJlIFJFUVVJUkVECgkgICAgb25seSB3aGVuIGdyYW50IHR5cGVzIGFyZSBzdXBwb3J0ZWQgdGhh dCB1c2UgdGhlIGF1dGhvcml6YXRpb24gZW5kcG9pbnQuCgkgIDwvdD4KCSAgPHQ+CgkgICAgQWRk ZWQgdGhlIHN0YXRlbWVudCwgdG8gcHJvdmlkZSBoaXN0b3JpY2FsIGNvbnRleHQsIHRoYXQKCSAg ICB0aGlzIHNwZWNpZmljYXRpb24gc3RhbmRhcmRpemVzIHRoZSBkZSBmYWN0byB1c2FnZSBvZiB0 aGUgbWV0YWRhdGEgZm9ybWF0IGRlZmluZWQgYnkKCSAgICBPcGVuSUQgQ29ubmVjdCBEaXNjb3Zl cnkgdG8gcHVibGlzaCBPQXV0aCBhdXRob3JpemF0aW9uIHNlcnZlciBtZXRhZGF0YS4KCSAgPC90 PgoJICA8dD4KCSAgICBBcHBsaWVkIGNsYXJpZmljYXRpb25zIHN1Z2dlc3RlZCBieSBNYXJrIE5v dHRpbmdoYW0gYWJvdXQgd2hlbgoJICAgIGFwcGxpY2F0aW9uLXNwZWNpZmljIHdlbGwta25vd24g c3VmZml4ZXMgYXJlIGFuZCBhcmUgbm90IGFwcHJvcHJpYXRlLgoJICA8L3Q+CgkgIDx0PgoJICAg IEFja25vd2xlZGdlZCBhZGRpdGlvbmFsIHJldmlld2Vycy4KCSAgPC90PgoJPC9saXN0PgogICAg ICA8L3Q+CgogICAgICA8dD4KCS0wNwogICAgICAgIDxsaXN0IHN0eWxlPSJzeW1ib2xzIj4KCSAg PHQ+CgkgICAgQXBwbGllZCBjbGFyaWZpY2F0aW9ucyBzdWdnZXN0ZWQgYnkgRUtSLgoJICA8L3Q+ Cgk8L2xpc3Q+CiAgICAgIDwvdD4KCiAgICAgIDx0PgoJLTA2CiAgICAgICAgPGxpc3Qgc3R5bGU9 InN5bWJvbHMiPgoJICA8dD4KCSAgICBJbmNvcnBvcmF0ZWQgcmVzb2x1dGlvbnMgdG8gd29ya2lu ZyBncm91cCBsYXN0IGNhbGwgY29tbWVudHMuCgkgIDwvdD4KCTwvbGlzdD4KICAgICAgPC90PgoK ICAgICAgPHQ+CgktMDUKICAgICAgICA8bGlzdCBzdHlsZT0ic3ltYm9scyI+CgkgIDx0PgoJICAg IFJlbW92ZWQgdGhlIDxzcGFueCBzdHlsZT0idmVyYiI+cHJvdGVjdGVkX3Jlc291cmNlczwvc3Bh bng+IGVsZW1lbnQKCSAgICBhbmQgdGhlIHJlZmVyZW5jZSB0byBkcmFmdC1qb25lcy1vYXV0aC1y ZXNvdXJjZS1tZXRhZGF0YS4KCSAgPC90PgoJPC9saXN0PgogICAgICA8L3Q+CgogICAgICA8dD4K CS0wNAogICAgICAgIDxsaXN0IHN0eWxlPSJzeW1ib2xzIj4KCSAgPHQ+CgkgICAgQWRkZWQgdGhl IGFiaWxpdHkgdG8gbGlzdCBwcm90ZWN0ZWQgcmVzb3VyY2VzIHdpdGggdGhlCgkgICAgPHNwYW54 IHN0eWxlPSJ2ZXJiIj5wcm90ZWN0ZWRfcmVzb3VyY2VzPC9zcGFueD4gZWxlbWVudC4KCSAgPC90 PgoJICA8dD4KCSAgICBBZGRlZCBhYmlsaXR5IHRvIHByb3ZpZGUgc2lnbmVkIG1ldGFkYXRhIHdp dGggdGhlCgkgICAgPHNwYW54IHN0eWxlPSJ2ZXJiIj5zaWduZWRfbWV0YWRhdGE8L3NwYW54PiBl bGVtZW50LgoJICA8L3Q+CgkgIDx0PgoJICAgIFJlbW92ZWQgIkRpc2NvdmVyeSIgZnJvbSB0aGUg bmFtZSwgc2luY2UgdGhpcyBpcyBub3cganVzdCBhYm91dCBhdXRob3JpemF0aW9uIHNlcnZlciBt ZXRhZGF0YS4KCSAgPC90PgoJPC9saXN0PgogICAgICA8L3Q+CgogICAgICA8dD4KCS0wMwogICAg ICAgIDxsaXN0IHN0eWxlPSJzeW1ib2xzIj4KCSAgPHQ+CgkgICAgQ2hhbmdlZCB0ZXJtICJpc3N1 ZXIgVVJMIiB0byAiaXNzdWVyIGlkZW50aWZpZXIiIGZvciB0ZXJtaW5vbG9neSBjb25zaXN0ZW5j eSwKCSAgICBwYXJhbGxlbGluZyB0aGUgc2FtZSB0ZXJtaW5vbG9neSBjb25zaXN0ZW5jeSBjaGFu Z2UgaW4gdGhlIG1peC11cCBtaXRpZ2F0aW9uIHNwZWMuCgkgIDwvdD4KCTwvbGlzdD4KICAgICAg PC90PgoKICAgICAgPHQ+CgktMDIKICAgICAgICA8bGlzdCBzdHlsZT0ic3ltYm9scyI+CgkgIDx0 PgoJICAgIENoYW5nZWQgdGhlIHRpdGxlIHRvIE9BdXRoIDIuMCBBdXRob3JpemF0aW9uIFNlcnZl ciBEaXNjb3ZlcnkgTWV0YWRhdGEuCgkgIDwvdD4KCSAgPHQ+CgkgICAgTWFkZSA8c3Bhbnggc3R5 bGU9InZlcmIiPmp3a3NfdXJpPC9zcGFueD4gYW5kCgkgICAgPHNwYW54IHN0eWxlPSJ2ZXJiIj5y ZWdpc3RyYXRpb25fZW5kcG9pbnQ8L3NwYW54PiBPUFRJT05BTC4KCSAgPC90PgoJICA8dD4KCSAg ICBEZWZpbmVkIHRoZSB3ZWxsLWtub3duIFVSSSBzdHJpbmcKCSAgICA8c3Bhbnggc3R5bGU9InZl cmIiPi8ud2VsbC1rbm93bi9vYXV0aC1hdXRob3JpemF0aW9uLXNlcnZlcjwvc3Bhbng+LgoJICA8 L3Q+CgkgIDx0PgoJICAgIEFkZGVkIHNlY3VyaXR5IGNvbnNpZGVyYXRpb25zIGFib3V0IHB1Ymxp c2hpbmcKCSAgICBhdXRob3JpemF0aW9uIHNlcnZlciBkaXNjb3ZlcnkgbWV0YWRhdGEgaW4gYSBz dGFuZGFyZCBmb3JtYXQuCgkgIDwvdD4KCSAgPHQ+CgkgICAgQWRkZWQgc2VjdXJpdHkgY29uc2lk ZXJhdGlvbnMgYWJvdXQgcHJvdGVjdGVkIHJlc291cmNlcy4KCSAgPC90PgoJICA8dD4KCSAgICBB ZGRlZCBtb3JlIGluZm9ybWF0aW9uIHRvIHRoZSA8c3Bhbnggc3R5bGU9InZlcmIiPmdyYW50X3R5 cGVzX3N1cHBvcnRlZDwvc3Bhbng+CgkgICAgYW5kIDxzcGFueCBzdHlsZT0idmVyYiI+cmVzcG9u c2VfdHlwZXNfc3VwcG9ydGVkPC9zcGFueD4gZGVmaW5pdGlvbnMuCgkgIDwvdD4KCSAgPHQ+Cgkg ICAgUmVmZXJlbmNlZCB0aGUgd29ya2luZyBncm91cCBNaXgtVXAgTWl0aWdhdGlvbiBkcmFmdC4K CSAgPC90PgoJICA8dD4KCSAgICBDaGFuZ2VkIHNvbWUgZXhhbXBsZSBtZXRhZGF0YSB2YWx1ZXMu CgkgIDwvdD4KCSAgPHQ+CgkgICAgQWNrbm93bGVkZ2VkIGluZGl2aWR1YWxzIGZvciB0aGVpciBj b250cmlidXRpb25zIHRvIHRoZSBzcGVjaWZpY2F0aW9uLgoJICA8L3Q+Cgk8L2xpc3Q+CiAgICAg IDwvdD4KCiAgICAgIDx0PgoJLTAxCiAgICAgICAgPGxpc3Qgc3R5bGU9InN5bWJvbHMiPgoJICA8 dD4KCSAgICBSZW1vdmVkIFdlYkZpbmdlciBkaXNjb3ZlcnkuCgkgIDwvdD4KCSAgPHQ+CgkgICAg Q2xhcmlmaWVkIHRoZSByZWxhdGlvbnNoaXAgYmV0d2VlbiB0aGUgaXNzdWVyIGlkZW50aWZpZXIg VVJMIGFuZAoJICAgIHRoZSB3ZWxsLWtub3duIFVSSSBwYXRoIHJlbGF0aXZlIHRvIGl0CgkgICAg YXQgd2hpY2ggdGhlIGRpc2NvdmVyeSBtZXRhZGF0YSBkb2N1bWVudCBpcyBsb2NhdGVkLgoJICA8 L3Q+Cgk8L2xpc3Q+CiAgICAgIDwvdD4KCiAgICAgIDx0PgoJLTAwCiAgICAgICAgPGxpc3Qgc3R5 bGU9InN5bWJvbHMiPgoJICA8dD4KCSAgICBDcmVhdGVkIHRoZSBpbml0aWFsIHdvcmtpbmcgZ3Jv dXAgdmVyc2lvbiBiYXNlZCBvbiBkcmFmdC1qb25lcy1vYXV0aC1kaXNjb3ZlcnktMDEsCgkgICAg d2l0aCBubyBub3JtYXRpdmUgY2hhbmdlcy4KCSAgPC90PgoJPC9saXN0PgogICAgICA8L3Q+Cgog ICAgPC9zZWN0aW9uPgoKICA8L2JhY2s+CjwvcmZjPgo= --_005_SN6PR2101MB0943219B09904D35D7A37CA2F5C00SN6PR2101MB0943_ Content-Type: text/plain; name="draft-ietf-oauth-discovery.txt" Content-Description: draft-ietf-oauth-discovery.txt Content-Disposition: attachment; filename="draft-ietf-oauth-discovery.txt"; size=57651; creation-date="Tue, 27 Feb 2018 07:02:46 GMT"; modification-date="Tue, 27 Feb 2018 07:02:46 GMT" Content-Transfer-Encoding: base64 CgoKCk9BdXRoIFdvcmtpbmcgR3JvdXAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICBNLiBKb25lcwpJbnRlcm5ldC1EcmFmdCAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICBNaWNyb3NvZnQKSW50ZW5kZWQgc3RhdHVzOiBTdGFu ZGFyZHMgVHJhY2sgICAgICAgICAgICAgICAgICAgICAgICAgICAgIE4uIFNha2ltdXJhCkV4cGly ZXM6IEF1Z3VzdCAzMCwgMjAxOCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgIE5SSQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgIEouIEJyYWRsZXkKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICBQaW5nIElkZW50aXR5CiAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBGZWJydWFyeSAyNiwgMjAx OAoKCiAgICAgICAgICAgICAgICBPQXV0aCAyLjAgQXV0aG9yaXphdGlvbiBTZXJ2ZXIgTWV0YWRh dGEKICAgICAgICAgICAgICAgICAgICAgZHJhZnQtaWV0Zi1vYXV0aC1kaXNjb3ZlcnktMDkKCkFi c3RyYWN0CgogICBUaGlzIHNwZWNpZmljYXRpb24gZGVmaW5lcyBhIG1ldGFkYXRhIGZvcm1hdCB0 aGF0IGFuIE9BdXRoIDIuMCBjbGllbnQKICAgY2FuIHVzZSB0byBvYnRhaW4gdGhlIGluZm9ybWF0 aW9uIG5lZWRlZCB0byBpbnRlcmFjdCB3aXRoIGFuIE9BdXRoCiAgIDIuMCBhdXRob3JpemF0aW9u IHNlcnZlciwgaW5jbHVkaW5nIGl0cyBlbmRwb2ludCBsb2NhdGlvbnMgYW5kCiAgIGF1dGhvcml6 YXRpb24gc2VydmVyIGNhcGFiaWxpdGllcy4KClN0YXR1cyBvZiBUaGlzIE1lbW8KCiAgIFRoaXMg SW50ZXJuZXQtRHJhZnQgaXMgc3VibWl0dGVkIGluIGZ1bGwgY29uZm9ybWFuY2Ugd2l0aCB0aGUK ICAgcHJvdmlzaW9ucyBvZiBCQ1AgNzggYW5kIEJDUCA3OS4KCiAgIEludGVybmV0LURyYWZ0cyBh cmUgd29ya2luZyBkb2N1bWVudHMgb2YgdGhlIEludGVybmV0IEVuZ2luZWVyaW5nCiAgIFRhc2sg Rm9yY2UgKElFVEYpLiAgTm90ZSB0aGF0IG90aGVyIGdyb3VwcyBtYXkgYWxzbyBkaXN0cmlidXRl CiAgIHdvcmtpbmcgZG9jdW1lbnRzIGFzIEludGVybmV0LURyYWZ0cy4gIFRoZSBsaXN0IG9mIGN1 cnJlbnQgSW50ZXJuZXQtCiAgIERyYWZ0cyBpcyBhdCBodHRwczovL2RhdGF0cmFja2VyLmlldGYu b3JnL2RyYWZ0cy9jdXJyZW50Ly4KCiAgIEludGVybmV0LURyYWZ0cyBhcmUgZHJhZnQgZG9jdW1l bnRzIHZhbGlkIGZvciBhIG1heGltdW0gb2Ygc2l4IG1vbnRocwogICBhbmQgbWF5IGJlIHVwZGF0 ZWQsIHJlcGxhY2VkLCBvciBvYnNvbGV0ZWQgYnkgb3RoZXIgZG9jdW1lbnRzIGF0IGFueQogICB0 aW1lLiAgSXQgaXMgaW5hcHByb3ByaWF0ZSB0byB1c2UgSW50ZXJuZXQtRHJhZnRzIGFzIHJlZmVy ZW5jZQogICBtYXRlcmlhbCBvciB0byBjaXRlIHRoZW0gb3RoZXIgdGhhbiBhcyAid29yayBpbiBw cm9ncmVzcy4iCgogICBUaGlzIEludGVybmV0LURyYWZ0IHdpbGwgZXhwaXJlIG9uIEF1Z3VzdCAz MCwgMjAxOC4KCkNvcHlyaWdodCBOb3RpY2UKCiAgIENvcHlyaWdodCAoYykgMjAxOCBJRVRGIFRy dXN0IGFuZCB0aGUgcGVyc29ucyBpZGVudGlmaWVkIGFzIHRoZQogICBkb2N1bWVudCBhdXRob3Jz LiAgQWxsIHJpZ2h0cyByZXNlcnZlZC4KCiAgIFRoaXMgZG9jdW1lbnQgaXMgc3ViamVjdCB0byBC Q1AgNzggYW5kIHRoZSBJRVRGIFRydXN0J3MgTGVnYWwKICAgUHJvdmlzaW9ucyBSZWxhdGluZyB0 byBJRVRGIERvY3VtZW50cwogICAoaHR0cHM6Ly90cnVzdGVlLmlldGYub3JnL2xpY2Vuc2UtaW5m bykgaW4gZWZmZWN0IG9uIHRoZSBkYXRlIG9mCiAgIHB1YmxpY2F0aW9uIG9mIHRoaXMgZG9jdW1l bnQuICBQbGVhc2UgcmV2aWV3IHRoZXNlIGRvY3VtZW50cwogICBjYXJlZnVsbHksIGFzIHRoZXkg ZGVzY3JpYmUgeW91ciByaWdodHMgYW5kIHJlc3RyaWN0aW9ucyB3aXRoIHJlc3BlY3QKICAgdG8g dGhpcyBkb2N1bWVudC4gIENvZGUgQ29tcG9uZW50cyBleHRyYWN0ZWQgZnJvbSB0aGlzIGRvY3Vt ZW50IG11c3QKICAgaW5jbHVkZSBTaW1wbGlmaWVkIEJTRCBMaWNlbnNlIHRleHQgYXMgZGVzY3Jp YmVkIGluIFNlY3Rpb24gNC5lIG9mCgoKCkpvbmVzLCBldCBhbC4gICAgICAgICAgICBFeHBpcmVz IEF1Z3VzdCAzMCwgMjAxOCAgICAgICAgICAgICAgICBbUGFnZSAxXQoMCkludGVybmV0LURyYWZ0 ICAgT0F1dGggMi4wIEF1dGhvcml6YXRpb24gU2VydmVyIE1ldGFkYXRhICAgRmVicnVhcnkgMjAx OAoKCiAgIHRoZSBUcnVzdCBMZWdhbCBQcm92aXNpb25zIGFuZCBhcmUgcHJvdmlkZWQgd2l0aG91 dCB3YXJyYW50eSBhcwogICBkZXNjcmliZWQgaW4gdGhlIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2Uu CgpUYWJsZSBvZiBDb250ZW50cwoKICAgMS4gIEludHJvZHVjdGlvbiAgLiAuIC4gLiAuIC4gLiAu IC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gICAyCiAgICAgMS4xLiAgUmVxdWlyZW1l bnRzIE5vdGF0aW9uIGFuZCBDb252ZW50aW9ucyAuIC4gLiAuIC4gLiAuIC4gLiAuICAgMwogICAg IDEuMi4gIFRlcm1pbm9sb2d5IC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4g LiAuIC4gLiAgIDMKICAgMi4gIEF1dGhvcml6YXRpb24gU2VydmVyIE1ldGFkYXRhIC4gLiAuIC4g LiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gICA0CiAgICAgMi4xLiAgU2lnbmVkIEF1dGhvcml6YXRp b24gU2VydmVyIE1ldGFkYXRhICAuIC4gLiAuIC4gLiAuIC4gLiAuICAgNwogICAzLiAgT2J0YWlu aW5nIEF1dGhvcml6YXRpb24gU2VydmVyIE1ldGFkYXRhIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAg IDgKICAgICAzLjEuICBBdXRob3JpemF0aW9uIFNlcnZlciBNZXRhZGF0YSBSZXF1ZXN0IC4gLiAu IC4gLiAuIC4gLiAuIC4gICA5CiAgICAgMy4yLiAgQXV0aG9yaXphdGlvbiBTZXJ2ZXIgTWV0YWRh dGEgUmVzcG9uc2UgIC4gLiAuIC4gLiAuIC4gLiAuICAgOQogICAgIDMuMy4gIEF1dGhvcml6YXRp b24gU2VydmVyIE1ldGFkYXRhIFZhbGlkYXRpb24gIC4gLiAuIC4gLiAuIC4gLiAgMTAKICAgNC4g IFN0cmluZyBPcGVyYXRpb25zIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4g LiAuIC4gIDExCiAgIDUuICBDb21wYXRpYmlsaXR5IE5vdGVzIC4gLiAuIC4gLiAuIC4gLiAuIC4g LiAuIC4gLiAuIC4gLiAuIC4gLiAuICAxMQogICA2LiAgU2VjdXJpdHkgQ29uc2lkZXJhdGlvbnMg LiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAgMTIKICAgICA2LjEuICBUTFMg UmVxdWlyZW1lbnRzICAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gIDEy CiAgICAgNi4yLiAgSW1wZXJzb25hdGlvbiBBdHRhY2tzIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAu IC4gLiAuIC4gLiAuICAxMgogICAgIDYuMy4gIFB1Ymxpc2hpbmcgTWV0YWRhdGEgaW4gYSBTdGFu ZGFyZCBGb3JtYXQgIC4gLiAuIC4gLiAuIC4gLiAgMTMKICAgICA2LjQuICBQcm90ZWN0ZWQgUmVz b3VyY2VzIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gIDEzCiAgIDcuICBJ QU5BIENvbnNpZGVyYXRpb25zIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4g LiAuICAxMwogICAgIDcuMS4gIE9BdXRoIEF1dGhvcml6YXRpb24gU2VydmVyIE1ldGFkYXRhIFJl Z2lzdHJ5ICAuIC4gLiAuIC4gLiAgMTQKICAgICAgIDcuMS4xLiAgUmVnaXN0cmF0aW9uIFRlbXBs YXRlIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gIDE1CiAgICAgICA3LjEuMi4gIElu aXRpYWwgUmVnaXN0cnkgQ29udGVudHMgLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuICAxNQog ICAgIDcuMi4gIFVwZGF0ZWQgUmVnaXN0cmF0aW9uIEluc3RydWN0aW9ucyAuIC4gLiAuIC4gLiAu IC4gLiAuIC4gLiAgMTgKICAgICA3LjMuICBXZWxsLUtub3duIFVSSSBSZWdpc3RyeSAuIC4gLiAu IC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gIDE5CiAgICAgICA3LjMuMS4gIFJlZ2lzdHJ5IENv bnRlbnRzIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuICAxOQogICA4LiAgUmVm ZXJlbmNlcyAgLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4g LiAgMTkKICAgICA4LjEuICBOb3JtYXRpdmUgUmVmZXJlbmNlcyAgLiAuIC4gLiAuIC4gLiAuIC4g LiAuIC4gLiAuIC4gLiAuIC4gIDE5CiAgICAgOC4yLiAgSW5mb3JtYXRpdmUgUmVmZXJlbmNlcyAg LiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuICAyMQogICBBcHBlbmRpeCBBLiAgQWNr bm93bGVkZ2VtZW50cyAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAgMjIKICAg QXBwZW5kaXggQi4gIERvY3VtZW50IEhpc3RvcnkgLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAu IC4gLiAuIC4gIDIyCiAgIEF1dGhvcnMnIEFkZHJlc3NlcyAgLiAuIC4gLiAuIC4gLiAuIC4gLiAu IC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuICAyNAoKMS4gIEludHJvZHVjdGlvbgoKICAgVGhpcyBz cGVjaWZpY2F0aW9uIGdlbmVyYWxpemVzIHRoZSBtZXRhZGF0YSBmb3JtYXQgZGVmaW5lZCBieSAi T3BlbklECiAgIENvbm5lY3QgRGlzY292ZXJ5IDEuMCIgW09wZW5JRC5EaXNjb3ZlcnldIGluIGEg d2F5IHRoYXQgaXMgY29tcGF0aWJsZQogICB3aXRoIE9wZW5JRCBDb25uZWN0IERpc2NvdmVyeSwg d2hpbGUgYmVpbmcgYXBwbGljYWJsZSB0byBhIHdpZGVyIHNldAogICBvZiBPQXV0aCAyLjAgdXNl IGNhc2VzLiAgVGhpcyBpcyBpbnRlbnRpb25hbGx5IHBhcmFsbGVsIHRvIHRoZSB3YXkKICAgdGhh dCB0aGUgIk9BdXRoIDIuMCBEeW5hbWljIENsaWVudCBSZWdpc3RyYXRpb24gUHJvdG9jb2wiIFtS RkM3NTkxXQogICBzcGVjaWZpY2F0aW9uIGdlbmVyYWxpemVkIHRoZSBkeW5hbWljIGNsaWVudCBy ZWdpc3RyYXRpb24gbWVjaGFuaXNtcwogICBkZWZpbmVkIGJ5ICJPcGVuSUQgQ29ubmVjdCBEeW5h bWljIENsaWVudCBSZWdpc3RyYXRpb24gMS4wIgogICBbT3BlbklELlJlZ2lzdHJhdGlvbl0gaW4g YSB3YXkgdGhhdCB3YXMgY29tcGF0aWJsZSB3aXRoIGl0LgoKICAgVGhlIG1ldGFkYXRhIGZvciBh biBhdXRob3JpemF0aW9uIHNlcnZlciBpcyByZXRyaWV2ZWQgZnJvbSBhIHdlbGwtCiAgIGtub3du IGxvY2F0aW9uIGFzIGEgSlNPTiBbUkZDNzE1OV0gZG9jdW1lbnQsIHdoaWNoIGRlY2xhcmVzIGl0 cwoKCgpKb25lcywgZXQgYWwuICAgICAgICAgICAgRXhwaXJlcyBBdWd1c3QgMzAsIDIwMTggICAg ICAgICAgICAgICAgW1BhZ2UgMl0KDApJbnRlcm5ldC1EcmFmdCAgIE9BdXRoIDIuMCBBdXRob3Jp emF0aW9uIFNlcnZlciBNZXRhZGF0YSAgIEZlYnJ1YXJ5IDIwMTgKCgogICBlbmRwb2ludCBsb2Nh dGlvbnMgYW5kIGF1dGhvcml6YXRpb24gc2VydmVyIGNhcGFiaWxpdGllcy4gIFRoaXMKICAgcHJv Y2VzcyBpcyBkZXNjcmliZWQgaW4gU2VjdGlvbiAzLgoKICAgVGhpcyBtZXRhZGF0YSBjYW4gZWl0 aGVyIGJlIGNvbW11bmljYXRlZCBpbiBhIHNlbGYtYXNzZXJ0ZWQgZmFzaGlvbgogICBieSB0aGUg c2VydmVyIG9yaWdpbiB2aWEgSFRUUFMgb3IgYXMgYSBzZXQgb2Ygc2lnbmVkIG1ldGFkYXRhIHZh bHVlcwogICByZXByZXNlbnRlZCBhcyBjbGFpbXMgaW4gYSBKU09OIFdlYiBUb2tlbiAoSldUKSBb SldUXS4gIEluIHRoZSBKV1QKICAgY2FzZSwgdGhlIGlzc3VlciBpcyB2b3VjaGluZyBmb3IgdGhl IHZhbGlkaXR5IG9mIHRoZSBkYXRhIGFib3V0IHRoZQogICBhdXRob3JpemF0aW9uIHNlcnZlci4g IFRoaXMgaXMgYW5hbG9nb3VzIHRvIHRoZSByb2xlIHRoYXQgdGhlCiAgIFNvZnR3YXJlIFN0YXRl bWVudCBwbGF5cyBpbiBPQXV0aCBEeW5hbWljIENsaWVudCBSZWdpc3RyYXRpb24KICAgW1JGQzc1 OTFdLgoKICAgVGhlIG1lYW5zIGJ5IHdoaWNoIHRoZSBjbGllbnQgY2hvb3NlcyBhbiBhdXRob3Jp emF0aW9uIHNlcnZlciBpcyBvdXQKICAgb2Ygc2NvcGUuICBJbiBzb21lIGNhc2VzLCBpdHMgaXNz dWVyIGlkZW50aWZpZXIgbWF5IGJlIG1hbnVhbGx5CiAgIGNvbmZpZ3VyZWQgaW50byB0aGUgY2xp ZW50LiAgSW4gb3RoZXIgY2FzZXMsIGl0IG1heSBiZSBkeW5hbWljYWxseQogICBkaXNjb3ZlcmVk LCBmb3IgaW5zdGFuY2UsIHRocm91Z2ggdGhlIHVzZSBvZiBXZWJGaW5nZXIgW1JGQzcwMzNdLCBh cwogICBkZXNjcmliZWQgaW4gU2VjdGlvbiAyIG9mICJPcGVuSUQgQ29ubmVjdCBEaXNjb3Zlcnkg MS4wIgogICBbT3BlbklELkRpc2NvdmVyeV0uCgoxLjEuICBSZXF1aXJlbWVudHMgTm90YXRpb24g YW5kIENvbnZlbnRpb25zCgogICBUaGUga2V5IHdvcmRzICJNVVNUIiwgIk1VU1QgTk9UIiwgIlJF UVVJUkVEIiwgIlNIQUxMIiwgIlNIQUxMIE5PVCIsCiAgICJTSE9VTEQiLCAiU0hPVUxEIE5PVCIs ICJSRUNPTU1FTkRFRCIsICJOT1QgUkVDT01NRU5ERUQiLCAiTUFZIiwgYW5kCiAgICJPUFRJT05B TCIgaW4gdGhpcyBkb2N1bWVudCBhcmUgdG8gYmUgaW50ZXJwcmV0ZWQgYXMgZGVzY3JpYmVkIGlu IEJDUAogICAxNCBbUkZDMjExOV0gW1JGQzgxNzRdIHdoZW4sIGFuZCBvbmx5IHdoZW4sIHRoZXkg YXBwZWFyIGluIGFsbAogICBjYXBpdGFscywgYXMgc2hvd24gaGVyZS4KCiAgIEFsbCB1c2VzIG9m IEpTT04gV2ViIFNpZ25hdHVyZSAoSldTKSBbSldTXSBhbmQgSlNPTiBXZWIgRW5jcnlwdGlvbgog ICAoSldFKSBbSldFXSBkYXRhIHN0cnVjdHVyZXMgaW4gdGhpcyBzcGVjaWZpY2F0aW9uIHV0aWxp emUgdGhlIEpXUwogICBDb21wYWN0IFNlcmlhbGl6YXRpb24gb3IgdGhlIEpXRSBDb21wYWN0IFNl cmlhbGl6YXRpb247IHRoZSBKV1MgSlNPTgogICBTZXJpYWxpemF0aW9uIGFuZCB0aGUgSldFIEpT T04gU2VyaWFsaXphdGlvbiBhcmUgbm90IHVzZWQuCgoxLjIuICBUZXJtaW5vbG9neQoKICAgVGhp cyBzcGVjaWZpY2F0aW9uIHVzZXMgdGhlIHRlcm1zICJBY2Nlc3MgVG9rZW4iLCAiQXV0aG9yaXph dGlvbgogICBDb2RlIiwgIkF1dGhvcml6YXRpb24gRW5kcG9pbnQiLCAiQXV0aG9yaXphdGlvbiBH cmFudCIsCiAgICJBdXRob3JpemF0aW9uIFNlcnZlciIsICJDbGllbnQiLCAiQ2xpZW50IEF1dGhl bnRpY2F0aW9uIiwgIkNsaWVudAogICBJZGVudGlmaWVyIiwgIkNsaWVudCBTZWNyZXQiLCAiR3Jh bnQgVHlwZSIsICJQcm90ZWN0ZWQgUmVzb3VyY2UiLAogICAiUmVkaXJlY3Rpb24gVVJJIiwgIlJl ZnJlc2ggVG9rZW4iLCAiUmVzb3VyY2UgT3duZXIiLCAiUmVzb3VyY2UKICAgU2VydmVyIiwgIlJl c3BvbnNlIFR5cGUiLCBhbmQgIlRva2VuIEVuZHBvaW50IiBkZWZpbmVkIGJ5IE9BdXRoIDIuMAog ICBbUkZDNjc0OV0sIHRoZSB0ZXJtcyAiQ2xhaW0gTmFtZSIsICJDbGFpbSBWYWx1ZSIsIGFuZCAi SlNPTiBXZWIgVG9rZW4KICAgKEpXVCkiIGRlZmluZWQgYnkgSlNPTiBXZWIgVG9rZW4gKEpXVCkg W0pXVF0sIGFuZCB0aGUgdGVybSAiUmVzcG9uc2UKICAgTW9kZSIgZGVmaW5lZCBieSBPQXV0aCAy LjAgTXVsdGlwbGUgUmVzcG9uc2UgVHlwZSBFbmNvZGluZyBQcmFjdGljZXMKICAgW09BdXRoLlJl c3BvbnNlc10uCgoKCgoKCgoKSm9uZXMsIGV0IGFsLiAgICAgICAgICAgIEV4cGlyZXMgQXVndXN0 IDMwLCAyMDE4ICAgICAgICAgICAgICAgIFtQYWdlIDNdCgwKSW50ZXJuZXQtRHJhZnQgICBPQXV0 aCAyLjAgQXV0aG9yaXphdGlvbiBTZXJ2ZXIgTWV0YWRhdGEgICBGZWJydWFyeSAyMDE4CgoKMi4g IEF1dGhvcml6YXRpb24gU2VydmVyIE1ldGFkYXRhCgogICBBdXRob3JpemF0aW9uIHNlcnZlcnMg Y2FuIGhhdmUgbWV0YWRhdGEgZGVzY3JpYmluZyB0aGVpcgogICBjb25maWd1cmF0aW9uLiAgVGhl IGZvbGxvd2luZyBhdXRob3JpemF0aW9uIHNlcnZlciBtZXRhZGF0YSB2YWx1ZXMKICAgYXJlIHVz ZWQgYnkgdGhpcyBzcGVjaWZpY2F0aW9uIGFuZCBhcmUgcmVnaXN0ZXJlZCBpbiB0aGUgSUFOQSAi T0F1dGgKICAgQXV0aG9yaXphdGlvbiBTZXJ2ZXIgTWV0YWRhdGEiIHJlZ2lzdHJ5IGVzdGFibGlz aGVkIGluIFNlY3Rpb24gNy4xOgoKICAgaXNzdWVyCiAgICAgIFJFUVVJUkVELiAgVGhlIGF1dGhv cml6YXRpb24gc2VydmVyJ3MgaXNzdWVyIGlkZW50aWZpZXIsIHdoaWNoIGlzCiAgICAgIGEgVVJM IHRoYXQgdXNlcyB0aGUgImh0dHBzIiBzY2hlbWUgYW5kIGhhcyBubyBxdWVyeSBvciBmcmFnbWVu dAogICAgICBjb21wb25lbnRzLiAgQXV0aG9yaXphdGlvbiBzZXJ2ZXIgbWV0YWRhdGEgaXMgcHVi bGlzaGVkIGF0IGEKICAgICAgIi53ZWxsLWtub3duIiBSRkMgNTc4NSBbUkZDNTc4NV0gbG9jYXRp b24gZGVyaXZlZCBmcm9tIHRoaXMgaXNzdWVyCiAgICAgIGlkZW50aWZpZXIsIGFzIGRlc2NyaWJl ZCBpbiBTZWN0aW9uIDMuICBUaGUgaXNzdWVyIGlkZW50aWZpZXIgaXMKICAgICAgdXNlZCB0byBw cmV2ZW50IGF1dGhvcml6YXRpb24gc2VydmVyIG1peC11cCBhdHRhY2tzLCBhcyBkZXNjcmliZWQK ICAgICAgaW4gIk9BdXRoIDIuMCBNaXgtVXAgTWl0aWdhdGlvbiIKICAgICAgW0ktRC5pZXRmLW9h dXRoLW1peC11cC1taXRpZ2F0aW9uXS4KCiAgIGF1dGhvcml6YXRpb25fZW5kcG9pbnQKICAgICAg VVJMIG9mIHRoZSBhdXRob3JpemF0aW9uIHNlcnZlcidzIGF1dGhvcml6YXRpb24gZW5kcG9pbnQK ICAgICAgW1JGQzY3NDldLiAgVGhpcyBpcyBSRVFVSVJFRCB1bmxlc3Mgbm8gZ3JhbnQgdHlwZXMg YXJlIHN1cHBvcnRlZAogICAgICB0aGF0IHVzZSB0aGUgYXV0aG9yaXphdGlvbiBlbmRwb2ludC4K CiAgIHRva2VuX2VuZHBvaW50CiAgICAgIFVSTCBvZiB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIn cyB0b2tlbiBlbmRwb2ludCBbUkZDNjc0OV0uICBUaGlzCiAgICAgIGlzIFJFUVVJUkVEIHVubGVz cyBvbmx5IHRoZSBpbXBsaWNpdCBncmFudCB0eXBlIGlzIHN1cHBvcnRlZC4KCiAgIGp3a3NfdXJp CiAgICAgIE9QVElPTkFMLiAgVVJMIG9mIHRoZSBhdXRob3JpemF0aW9uIHNlcnZlcidzIEpXSyBT ZXQgW0pXS10KICAgICAgZG9jdW1lbnQuICBUaGUgcmVmZXJlbmNlZCBkb2N1bWVudCBjb250YWlu cyB0aGUgc2lnbmluZyBrZXkocykgdGhlCiAgICAgIGNsaWVudCB1c2VzIHRvIHZhbGlkYXRlIHNp Z25hdHVyZXMgZnJvbSB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIuCiAgICAgIFRoaXMgVVJMIE1V U1QgdXNlIHRoZSAiaHR0cHMiIHNjaGVtZS4gIFRoZSBKV0sgU2V0IE1BWSBhbHNvCiAgICAgIGNv bnRhaW4gdGhlIHNlcnZlcidzIGVuY3J5cHRpb24ga2V5KHMpLCB3aGljaCBhcmUgdXNlZCBieSBj bGllbnRzCiAgICAgIHRvIGVuY3J5cHQgcmVxdWVzdHMgdG8gdGhlIHNlcnZlci4gIFdoZW4gYm90 aCBzaWduaW5nIGFuZAogICAgICBlbmNyeXB0aW9uIGtleXMgYXJlIG1hZGUgYXZhaWxhYmxlLCBh ICJ1c2UiIChwdWJsaWMga2V5IHVzZSkKICAgICAgcGFyYW1ldGVyIHZhbHVlIGlzIFJFUVVJUkVE IGZvciBhbGwga2V5cyBpbiB0aGUgcmVmZXJlbmNlZCBKV0sgU2V0CiAgICAgIHRvIGluZGljYXRl IGVhY2gga2V5J3MgaW50ZW5kZWQgdXNhZ2UuCgogICByZWdpc3RyYXRpb25fZW5kcG9pbnQKICAg ICAgT1BUSU9OQUwuICBVUkwgb2YgdGhlIGF1dGhvcml6YXRpb24gc2VydmVyJ3MgT0F1dGggMi4w IER5bmFtaWMKICAgICAgQ2xpZW50IFJlZ2lzdHJhdGlvbiBlbmRwb2ludCBbUkZDNzU5MV0uCgog ICBzY29wZXNfc3VwcG9ydGVkCiAgICAgIFJFQ09NTUVOREVELiAgSlNPTiBhcnJheSBjb250YWlu aW5nIGEgbGlzdCBvZiB0aGUgT0F1dGggMi4wCiAgICAgIFtSRkM2NzQ5XSAic2NvcGUiIHZhbHVl cyB0aGF0IHRoaXMgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgc3VwcG9ydHMuCiAgICAgIFNlcnZlcnMg TUFZIGNob29zZSBub3QgdG8gYWR2ZXJ0aXNlIHNvbWUgc3VwcG9ydGVkIHNjb3BlIHZhbHVlcwog ICAgICBldmVuIHdoZW4gdGhpcyBwYXJhbWV0ZXIgaXMgdXNlZC4KCiAgIHJlc3BvbnNlX3R5cGVz X3N1cHBvcnRlZAoKCgpKb25lcywgZXQgYWwuICAgICAgICAgICAgRXhwaXJlcyBBdWd1c3QgMzAs IDIwMTggICAgICAgICAgICAgICAgW1BhZ2UgNF0KDApJbnRlcm5ldC1EcmFmdCAgIE9BdXRoIDIu MCBBdXRob3JpemF0aW9uIFNlcnZlciBNZXRhZGF0YSAgIEZlYnJ1YXJ5IDIwMTgKCgogICAgICBS RVFVSVJFRC4gIEpTT04gYXJyYXkgY29udGFpbmluZyBhIGxpc3Qgb2YgdGhlIE9BdXRoIDIuMAog ICAgICAicmVzcG9uc2VfdHlwZSIgdmFsdWVzIHRoYXQgdGhpcyBhdXRob3JpemF0aW9uIHNlcnZl ciBzdXBwb3J0cy4KICAgICAgVGhlIGFycmF5IHZhbHVlcyB1c2VkIGFyZSB0aGUgc2FtZSBhcyB0 aG9zZSB1c2VkIHdpdGggdGhlCiAgICAgICJyZXNwb25zZV90eXBlcyIgcGFyYW1ldGVyIGRlZmlu ZWQgYnkgIk9BdXRoIDIuMCBEeW5hbWljIENsaWVudAogICAgICBSZWdpc3RyYXRpb24gUHJvdG9j b2wiIFtSRkM3NTkxXS4KCiAgIHJlc3BvbnNlX21vZGVzX3N1cHBvcnRlZAogICAgICBPUFRJT05B TC4gIEpTT04gYXJyYXkgY29udGFpbmluZyBhIGxpc3Qgb2YgdGhlIE9BdXRoIDIuMAogICAgICAi cmVzcG9uc2VfbW9kZSIgdmFsdWVzIHRoYXQgdGhpcyBhdXRob3JpemF0aW9uIHNlcnZlciBzdXBw b3J0cywgYXMKICAgICAgc3BlY2lmaWVkIGluIE9BdXRoIDIuMCBNdWx0aXBsZSBSZXNwb25zZSBU eXBlIEVuY29kaW5nIFByYWN0aWNlcwogICAgICBbT0F1dGguUmVzcG9uc2VzXS4gIElmIG9taXR0 ZWQsIHRoZSBkZWZhdWx0IGlzICJbInF1ZXJ5IiwKICAgICAgImZyYWdtZW50Il0iLiAgVGhlIHJl c3BvbnNlIG1vZGUgdmFsdWUgImZvcm1fcG9zdCIgaXMgYWxzbyBkZWZpbmVkCiAgICAgIGluIE9B dXRoIDIuMCBGb3JtIFBvc3QgUmVzcG9uc2UgTW9kZSBbT0F1dGguUG9zdF0uCgogICBncmFudF90 eXBlc19zdXBwb3J0ZWQKICAgICAgT1BUSU9OQUwuICBKU09OIGFycmF5IGNvbnRhaW5pbmcgYSBs aXN0IG9mIHRoZSBPQXV0aCAyLjAgZ3JhbnQKICAgICAgdHlwZSB2YWx1ZXMgdGhhdCB0aGlzIGF1 dGhvcml6YXRpb24gc2VydmVyIHN1cHBvcnRzLiAgVGhlIGFycmF5CiAgICAgIHZhbHVlcyB1c2Vk IGFyZSB0aGUgc2FtZSBhcyB0aG9zZSB1c2VkIHdpdGggdGhlICJncmFudF90eXBlcyIKICAgICAg cGFyYW1ldGVyIGRlZmluZWQgYnkgIk9BdXRoIDIuMCBEeW5hbWljIENsaWVudCBSZWdpc3RyYXRp b24KICAgICAgUHJvdG9jb2wiIFtSRkM3NTkxXS4gIElmIG9taXR0ZWQsIHRoZSBkZWZhdWx0IHZh bHVlIGlzCiAgICAgICJbImF1dGhvcml6YXRpb25fY29kZSIsICJpbXBsaWNpdCJdIi4KCiAgIHRv a2VuX2VuZHBvaW50X2F1dGhfbWV0aG9kc19zdXBwb3J0ZWQKICAgICAgT1BUSU9OQUwuICBKU09O IGFycmF5IGNvbnRhaW5pbmcgYSBsaXN0IG9mIGNsaWVudCBhdXRoZW50aWNhdGlvbgogICAgICBt ZXRob2RzIHN1cHBvcnRlZCBieSB0aGlzIHRva2VuIGVuZHBvaW50LiAgQ2xpZW50IGF1dGhlbnRp Y2F0aW9uCiAgICAgIG1ldGhvZCB2YWx1ZXMgYXJlIHVzZWQgaW4gdGhlICJ0b2tlbl9lbmRwb2lu dF9hdXRoX21ldGhvZCIKICAgICAgcGFyYW1ldGVyIGRlZmluZWQgaW4gU2VjdGlvbiAyIG9mIFtS RkM3NTkxXS4gIElmIG9taXR0ZWQsIHRoZQogICAgICBkZWZhdWx0IGlzICJjbGllbnRfc2VjcmV0 X2Jhc2ljIiAtLSB0aGUgSFRUUCBCYXNpYyBBdXRoZW50aWNhdGlvbgogICAgICBTY2hlbWUgc3Bl Y2lmaWVkIGluIFNlY3Rpb24gMi4zLjEgb2YgT0F1dGggMi4wIFtSRkM2NzQ5XS4KCiAgIHRva2Vu X2VuZHBvaW50X2F1dGhfc2lnbmluZ19hbGdfdmFsdWVzX3N1cHBvcnRlZAogICAgICBPUFRJT05B TC4gIEpTT04gYXJyYXkgY29udGFpbmluZyBhIGxpc3Qgb2YgdGhlIEpXUyBzaWduaW5nCiAgICAg IGFsZ29yaXRobXMgKCJhbGciIHZhbHVlcykgc3VwcG9ydGVkIGJ5IHRoZSB0b2tlbiBlbmRwb2lu dCBmb3IgdGhlCiAgICAgIHNpZ25hdHVyZSBvbiB0aGUgSldUIFtKV1RdIHVzZWQgdG8gYXV0aGVu dGljYXRlIHRoZSBjbGllbnQgYXQgdGhlCiAgICAgIHRva2VuIGVuZHBvaW50IGZvciB0aGUgInBy aXZhdGVfa2V5X2p3dCIgYW5kICJjbGllbnRfc2VjcmV0X2p3dCIKICAgICAgYXV0aGVudGljYXRp b24gbWV0aG9kcy4gIFRoaXMgbWV0YWRhdGEgZW50cnkgTVVTVCBiZSBwcmVzZW50IGlmCiAgICAg IGVpdGhlciBvZiB0aGVzZSBhdXRoZW50aWNhdGlvbiBtZXRob2RzIGFyZSBzcGVjaWZpZWQgaW4g dGhlCiAgICAgICJ0b2tlbl9lbmRwb2ludF9hdXRoX21ldGhvZHNfc3VwcG9ydGVkIiBlbnRyeS4g IE5vIGRlZmF1bHQKICAgICAgYWxnb3JpdGhtcyBhcmUgaW1wbGllZCBpZiB0aGlzIGVudHJ5IGlz IG9taXR0ZWQuICBTZXJ2ZXJzIFNIT1VMRAogICAgICBzdXBwb3J0ICJSUzI1NiIuICBUaGUgdmFs dWUgIm5vbmUiIE1VU1QgTk9UIGJlIHVzZWQuCgogICBzZXJ2aWNlX2RvY3VtZW50YXRpb24KICAg ICAgT1BUSU9OQUwuICBVUkwgb2YgYSBwYWdlIGNvbnRhaW5pbmcgaHVtYW4tcmVhZGFibGUgaW5m b3JtYXRpb24KICAgICAgdGhhdCBkZXZlbG9wZXJzIG1pZ2h0IHdhbnQgb3IgbmVlZCB0byBrbm93 IHdoZW4gdXNpbmcgdGhlCiAgICAgIGF1dGhvcml6YXRpb24gc2VydmVyLiAgSW4gcGFydGljdWxh ciwgaWYgdGhlIGF1dGhvcml6YXRpb24gc2VydmVyCiAgICAgIGRvZXMgbm90IHN1cHBvcnQgRHlu YW1pYyBDbGllbnQgUmVnaXN0cmF0aW9uLCB0aGVuIGluZm9ybWF0aW9uIG9uCiAgICAgIGhvdyB0 byByZWdpc3RlciBjbGllbnRzIG5lZWRzIHRvIGJlIHByb3ZpZGVkIGluIHRoaXMKICAgICAgZG9j dW1lbnRhdGlvbi4KCgoKSm9uZXMsIGV0IGFsLiAgICAgICAgICAgIEV4cGlyZXMgQXVndXN0IDMw LCAyMDE4ICAgICAgICAgICAgICAgIFtQYWdlIDVdCgwKSW50ZXJuZXQtRHJhZnQgICBPQXV0aCAy LjAgQXV0aG9yaXphdGlvbiBTZXJ2ZXIgTWV0YWRhdGEgICBGZWJydWFyeSAyMDE4CgoKICAgdWlf bG9jYWxlc19zdXBwb3J0ZWQKICAgICAgT1BUSU9OQUwuICBMYW5ndWFnZXMgYW5kIHNjcmlwdHMg c3VwcG9ydGVkIGZvciB0aGUgdXNlciBpbnRlcmZhY2UsCiAgICAgIHJlcHJlc2VudGVkIGFzIGEg SlNPTiBhcnJheSBvZiBCQ1A0NyBbUkZDNTY0Nl0gbGFuZ3VhZ2UgdGFnCiAgICAgIHZhbHVlcy4g IElmIG9taXR0ZWQsIHRoZSBzZXQgb2Ygc3VwcG9ydGVkIGxhbmd1YWdlcyBhbmQgc2NyaXB0cyBp cwogICAgICB1bnNwZWNpZmllZC4KCiAgIG9wX3BvbGljeV91cmkKICAgICAgT1BUSU9OQUwuICBV UkwgdGhhdCB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgcHJvdmlkZXMgdG8gdGhlCiAgICAgIHBl cnNvbiByZWdpc3RlcmluZyB0aGUgY2xpZW50IHRvIHJlYWQgYWJvdXQgdGhlIGF1dGhvcml6YXRp b24KICAgICAgc2VydmVyJ3MgcmVxdWlyZW1lbnRzIG9uIGhvdyB0aGUgY2xpZW50IGNhbiB1c2Ug dGhlIGRhdGEgcHJvdmlkZWQKICAgICAgYnkgdGhlIGF1dGhvcml6YXRpb24gc2VydmVyLiAgVGhl IHJlZ2lzdHJhdGlvbiBwcm9jZXNzIFNIT1VMRAogICAgICBkaXNwbGF5IHRoaXMgVVJMIHRvIHRo ZSBwZXJzb24gcmVnaXN0ZXJpbmcgdGhlIGNsaWVudCBpZiBpdCBpcwogICAgICBnaXZlbi4gIEFz IGRlc2NyaWJlZCBpbiBTZWN0aW9uIDUsIGRlc3BpdGUgdGhlIGlkZW50aWZpZXIKICAgICAgIm9w X3BvbGljeV91cmkiLCBhcHBlYXJpbmcgdG8gYmUgT3BlbklELXNwZWNpZmljLCBpdHMgdXNhZ2Ug aW4KICAgICAgdGhpcyBzcGVjaWZpY2F0aW9uIGlzIGFjdHVhbGx5IHJlZmVycmluZyB0byBhIGdl bmVyYWwgT0F1dGggMi4wCiAgICAgIGZlYXR1cmUgdGhhdCBpcyBub3Qgc3BlY2lmaWMgdG8gT3Bl bklEIENvbm5lY3QuCgogICBvcF90b3NfdXJpCiAgICAgIE9QVElPTkFMLiAgVVJMIHRoYXQgdGhl IGF1dGhvcml6YXRpb24gc2VydmVyIHByb3ZpZGVzIHRvIHRoZQogICAgICBwZXJzb24gcmVnaXN0 ZXJpbmcgdGhlIGNsaWVudCB0byByZWFkIGFib3V0IHRoZSBhdXRob3JpemF0aW9uCiAgICAgIHNl cnZlcidzIHRlcm1zIG9mIHNlcnZpY2UuICBUaGUgcmVnaXN0cmF0aW9uIHByb2Nlc3MgU0hPVUxE CiAgICAgIGRpc3BsYXkgdGhpcyBVUkwgdG8gdGhlIHBlcnNvbiByZWdpc3RlcmluZyB0aGUgY2xp ZW50IGlmIGl0IGlzCiAgICAgIGdpdmVuLiAgQXMgZGVzY3JpYmVkIGluIFNlY3Rpb24gNSwgZGVz cGl0ZSB0aGUgaWRlbnRpZmllcgogICAgICAib3BfdG9zX3VyaSIsIGFwcGVhcmluZyB0byBiZSBP cGVuSUQtc3BlY2lmaWMsIGl0cyB1c2FnZSBpbiB0aGlzCiAgICAgIHNwZWNpZmljYXRpb24gaXMg YWN0dWFsbHkgcmVmZXJyaW5nIHRvIGEgZ2VuZXJhbCBPQXV0aCAyLjAgZmVhdHVyZQogICAgICB0 aGF0IGlzIG5vdCBzcGVjaWZpYyB0byBPcGVuSUQgQ29ubmVjdC4KCiAgIHJldm9jYXRpb25fZW5k cG9pbnQKICAgICAgT1BUSU9OQUwuICBVUkwgb2YgdGhlIGF1dGhvcml6YXRpb24gc2VydmVyJ3Mg T0F1dGggMi4wIHJldm9jYXRpb24KICAgICAgZW5kcG9pbnQgW1JGQzcwMDldLgoKICAgcmV2b2Nh dGlvbl9lbmRwb2ludF9hdXRoX21ldGhvZHNfc3VwcG9ydGVkCiAgICAgIE9QVElPTkFMLiAgSlNP TiBhcnJheSBjb250YWluaW5nIGEgbGlzdCBvZiBjbGllbnQgYXV0aGVudGljYXRpb24KICAgICAg bWV0aG9kcyBzdXBwb3J0ZWQgYnkgdGhpcyByZXZvY2F0aW9uIGVuZHBvaW50LiAgVGhlIHZhbGlk IGNsaWVudAogICAgICBhdXRoZW50aWNhdGlvbiBtZXRob2QgdmFsdWVzIGFyZSB0aG9zZSByZWdp c3RlcmVkIGluIHRoZSBJQU5BCiAgICAgICJPQXV0aCBUb2tlbiBFbmRwb2ludCBBdXRoZW50aWNh dGlvbiBNZXRob2RzIiByZWdpc3RyeQogICAgICBbSUFOQS5PQXV0aC5QYXJhbWV0ZXJzXS4gIElm IG9taXR0ZWQsIHRoZSBkZWZhdWx0IGlzCiAgICAgICJjbGllbnRfc2VjcmV0X2Jhc2ljIiAtLSB0 aGUgSFRUUCBCYXNpYyBBdXRoZW50aWNhdGlvbiBTY2hlbWUKICAgICAgc3BlY2lmaWVkIGluIFNl Y3Rpb24gMi4zLjEgb2YgT0F1dGggMi4wIFtSRkM2NzQ5XS4KCiAgIHJldm9jYXRpb25fZW5kcG9p bnRfYXV0aF9zaWduaW5nX2FsZ192YWx1ZXNfc3VwcG9ydGVkCiAgICAgIE9QVElPTkFMLiAgSlNP TiBhcnJheSBjb250YWluaW5nIGEgbGlzdCBvZiB0aGUgSldTIHNpZ25pbmcKICAgICAgYWxnb3Jp dGhtcyAoImFsZyIgdmFsdWVzKSBzdXBwb3J0ZWQgYnkgdGhlIHJldm9jYXRpb24gZW5kcG9pbnQg Zm9yCiAgICAgIHRoZSBzaWduYXR1cmUgb24gdGhlIEpXVCBbSldUXSB1c2VkIHRvIGF1dGhlbnRp Y2F0ZSB0aGUgY2xpZW50IGF0CiAgICAgIHRoZSByZXZvY2F0aW9uIGVuZHBvaW50IGZvciB0aGUg InByaXZhdGVfa2V5X2p3dCIgYW5kCiAgICAgICJjbGllbnRfc2VjcmV0X2p3dCIgYXV0aGVudGlj YXRpb24gbWV0aG9kcy4gIFRoaXMgbWV0YWRhdGEgZW50cnkKICAgICAgTVVTVCBiZSBwcmVzZW50 IGlmIGVpdGhlciBvZiB0aGVzZSBhdXRoZW50aWNhdGlvbiBtZXRob2RzIGFyZQogICAgICBzcGVj aWZpZWQgaW4gdGhlICJyZXZvY2F0aW9uX2VuZHBvaW50X2F1dGhfbWV0aG9kc19zdXBwb3J0ZWQi CgoKCkpvbmVzLCBldCBhbC4gICAgICAgICAgICBFeHBpcmVzIEF1Z3VzdCAzMCwgMjAxOCAgICAg ICAgICAgICAgICBbUGFnZSA2XQoMCkludGVybmV0LURyYWZ0ICAgT0F1dGggMi4wIEF1dGhvcml6 YXRpb24gU2VydmVyIE1ldGFkYXRhICAgRmVicnVhcnkgMjAxOAoKCiAgICAgIGVudHJ5LiAgTm8g ZGVmYXVsdCBhbGdvcml0aG1zIGFyZSBpbXBsaWVkIGlmIHRoaXMgZW50cnkgaXMKICAgICAgb21p dHRlZC4gIFRoZSB2YWx1ZSAibm9uZSIgTVVTVCBOT1QgYmUgdXNlZC4KCiAgIGludHJvc3BlY3Rp b25fZW5kcG9pbnQKICAgICAgT1BUSU9OQUwuICBVUkwgb2YgdGhlIGF1dGhvcml6YXRpb24gc2Vy dmVyJ3MgT0F1dGggMi4wCiAgICAgIGludHJvc3BlY3Rpb24gZW5kcG9pbnQgW1JGQzc2NjJdLgoK ICAgaW50cm9zcGVjdGlvbl9lbmRwb2ludF9hdXRoX21ldGhvZHNfc3VwcG9ydGVkCiAgICAgIE9Q VElPTkFMLiAgSlNPTiBhcnJheSBjb250YWluaW5nIGEgbGlzdCBvZiBjbGllbnQgYXV0aGVudGlj YXRpb24KICAgICAgbWV0aG9kcyBzdXBwb3J0ZWQgYnkgdGhpcyBpbnRyb3NwZWN0aW9uIGVuZHBv aW50LiAgVGhlIHZhbGlkCiAgICAgIGNsaWVudCBhdXRoZW50aWNhdGlvbiBtZXRob2QgdmFsdWVz IGFyZSB0aG9zZSByZWdpc3RlcmVkIGluIHRoZQogICAgICBJQU5BICJPQXV0aCBUb2tlbiBFbmRw b2ludCBBdXRoZW50aWNhdGlvbiBNZXRob2RzIiByZWdpc3RyeQogICAgICBbSUFOQS5PQXV0aC5Q YXJhbWV0ZXJzXSBvciB0aG9zZSByZWdpc3RlcmVkIGluIHRoZSBJQU5BICJPQXV0aAogICAgICBB Y2Nlc3MgVG9rZW4gVHlwZXMiIHJlZ2lzdHJ5IFtJQU5BLk9BdXRoLlBhcmFtZXRlcnNdLiAgKFRo ZXNlCiAgICAgIHZhbHVlcyBhcmUgYW5kIHdpbGwgcmVtYWluIGRpc3RpbmN0LCBkdWUgdG8gU2Vj dGlvbiA3LjIuKSAgSWYKICAgICAgb21pdHRlZCwgdGhlIHNldCBvZiBzdXBwb3J0ZWQgYXV0aGVu dGljYXRpb24gbWV0aG9kcyBNVVNUIGJlCiAgICAgIGRldGVybWluZWQgYnkgb3RoZXIgbWVhbnMu CgogICBpbnRyb3NwZWN0aW9uX2VuZHBvaW50X2F1dGhfc2lnbmluZ19hbGdfdmFsdWVzX3N1cHBv cnRlZAogICAgICBPUFRJT05BTC4gIEpTT04gYXJyYXkgY29udGFpbmluZyBhIGxpc3Qgb2YgdGhl IEpXUyBzaWduaW5nCiAgICAgIGFsZ29yaXRobXMgKCJhbGciIHZhbHVlcykgc3VwcG9ydGVkIGJ5 IHRoZSBpbnRyb3NwZWN0aW9uIGVuZHBvaW50CiAgICAgIGZvciB0aGUgc2lnbmF0dXJlIG9uIHRo ZSBKV1QgW0pXVF0gdXNlZCB0byBhdXRoZW50aWNhdGUgdGhlIGNsaWVudAogICAgICBhdCB0aGUg aW50cm9zcGVjdGlvbiBlbmRwb2ludCBmb3IgdGhlICJwcml2YXRlX2tleV9qd3QiIGFuZAogICAg ICAiY2xpZW50X3NlY3JldF9qd3QiIGF1dGhlbnRpY2F0aW9uIG1ldGhvZHMuICBUaGlzIG1ldGFk YXRhIGVudHJ5CiAgICAgIE1VU1QgYmUgcHJlc2VudCBpZiBlaXRoZXIgb2YgdGhlc2UgYXV0aGVu dGljYXRpb24gbWV0aG9kcyBhcmUKICAgICAgc3BlY2lmaWVkIGluIHRoZSAiaW50cm9zcGVjdGlv bl9lbmRwb2ludF9hdXRoX21ldGhvZHNfc3VwcG9ydGVkIgogICAgICBlbnRyeS4gIE5vIGRlZmF1 bHQgYWxnb3JpdGhtcyBhcmUgaW1wbGllZCBpZiB0aGlzIGVudHJ5IGlzCiAgICAgIG9taXR0ZWQu ICBUaGUgdmFsdWUgIm5vbmUiIE1VU1QgTk9UIGJlIHVzZWQuCgogICBjb2RlX2NoYWxsZW5nZV9t ZXRob2RzX3N1cHBvcnRlZAogICAgICBPUFRJT05BTC4gIEpTT04gYXJyYXkgY29udGFpbmluZyBh IGxpc3Qgb2YgUEtDRSBbUkZDNzYzNl0gY29kZQogICAgICBjaGFsbGVuZ2UgbWV0aG9kcyBzdXBw b3J0ZWQgYnkgdGhpcyBhdXRob3JpemF0aW9uIHNlcnZlci4gIENvZGUKICAgICAgY2hhbGxlbmdl IG1ldGhvZCB2YWx1ZXMgYXJlIHVzZWQgaW4gdGhlICJjb2RlX2NoYWxsZW5nZV9tZXRob2QiCiAg ICAgIHBhcmFtZXRlciBkZWZpbmVkIGluIFNlY3Rpb24gNC4zIG9mIFtSRkM3NjM2XS4gIFRoZSB2 YWxpZCBjb2RlCiAgICAgIGNoYWxsZW5nZSBtZXRob2QgdmFsdWVzIGFyZSB0aG9zZSByZWdpc3Rl cmVkIGluIHRoZSBJQU5BICJQS0NFCiAgICAgIENvZGUgQ2hhbGxlbmdlIE1ldGhvZHMiIHJlZ2lz dHJ5IFtJQU5BLk9BdXRoLlBhcmFtZXRlcnNdLiAgSWYKICAgICAgb21pdHRlZCwgdGhlIGF1dGhv cml6YXRpb24gc2VydmVyIGRvZXMgbm90IHN1cHBvcnQgUEtDRS4KCiAgIEFkZGl0aW9uYWwgYXV0 aG9yaXphdGlvbiBzZXJ2ZXIgbWV0YWRhdGEgcGFyYW1ldGVycyBNQVkgYWxzbyBiZSB1c2VkLgog ICBTb21lIGFyZSBkZWZpbmVkIGJ5IG90aGVyIHNwZWNpZmljYXRpb25zLCBzdWNoIGFzIE9wZW5J RCBDb25uZWN0CiAgIERpc2NvdmVyeSAxLjAgW09wZW5JRC5EaXNjb3ZlcnldLgoKMi4xLiAgU2ln bmVkIEF1dGhvcml6YXRpb24gU2VydmVyIE1ldGFkYXRhCgogICBJbiBhZGRpdGlvbiB0byBKU09O IGVsZW1lbnRzLCBtZXRhZGF0YSB2YWx1ZXMgTUFZIGFsc28gYmUgcHJvdmlkZWQgYXMKICAgYSAi c2lnbmVkX21ldGFkYXRhIiB2YWx1ZSwgd2hpY2ggaXMgYSBKU09OIFdlYiBUb2tlbiAoSldUKSBb SldUXSB0aGF0CiAgIGFzc2VydHMgbWV0YWRhdGEgdmFsdWVzIGFib3V0IHRoZSBhdXRob3JpemF0 aW9uIHNlcnZlciBhcyBhIGJ1bmRsZS4KICAgQSBzZXQgb2YgY2xhaW1zIHRoYXQgY2FuIGJlIHVz ZWQgaW4gc2lnbmVkIG1ldGFkYXRhIGFyZSBkZWZpbmVkIGluCgoKCkpvbmVzLCBldCBhbC4gICAg ICAgICAgICBFeHBpcmVzIEF1Z3VzdCAzMCwgMjAxOCAgICAgICAgICAgICAgICBbUGFnZSA3XQoM CkludGVybmV0LURyYWZ0ICAgT0F1dGggMi4wIEF1dGhvcml6YXRpb24gU2VydmVyIE1ldGFkYXRh ICAgRmVicnVhcnkgMjAxOAoKCiAgIFNlY3Rpb24gMi4gIFRoZSBzaWduZWQgbWV0YWRhdGEgTVVT VCBiZSBkaWdpdGFsbHkgc2lnbmVkIG9yIE1BQ2VkCiAgIHVzaW5nIEpTT04gV2ViIFNpZ25hdHVy ZSAoSldTKSBbSldTXSBhbmQgTVVTVCBjb250YWluIGFuICJpc3MiCiAgIChpc3N1ZXIpIGNsYWlt IGRlbm90aW5nIHRoZSBwYXJ0eSBhdHRlc3RpbmcgdG8gdGhlIGNsYWltcyBpbiB0aGUKICAgc2ln bmVkIG1ldGFkYXRhLiAgQ29uc3VtZXJzIG9mIHRoZSBtZXRhZGF0YSBNQVkgaWdub3JlIHRoZSBz aWduZWQKICAgbWV0YWRhdGEgaWYgdGhleSBkbyBub3Qgc3VwcG9ydCB0aGlzIGZlYXR1cmUuICBJ ZiB0aGUgY29uc3VtZXIgb2YgdGhlCiAgIG1ldGFkYXRhIHN1cHBvcnRzIHNpZ25lZCBtZXRhZGF0 YSwgbWV0YWRhdGEgdmFsdWVzIGNvbnZleWVkIGluIHRoZQogICBzaWduZWQgbWV0YWRhdGEgTVVT VCB0YWtlIHByZWNlZGVuY2Ugb3ZlciB0aGUgY29ycmVzcG9uZGluZyB2YWx1ZXMKICAgY29udmV5 ZWQgdXNpbmcgcGxhaW4gSlNPTiBlbGVtZW50cy4KCiAgIFNpZ25lZCBtZXRhZGF0YSBpcyBpbmNs dWRlZCBpbiB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgbWV0YWRhdGEgSlNPTgogICBvYmplY3Qg dXNpbmcgdGhpcyBPUFRJT05BTCBtZW1iZXI6CgogICBzaWduZWRfbWV0YWRhdGEKICAgICAgQSBK V1QgY29udGFpbmluZyBtZXRhZGF0YSB2YWx1ZXMgYWJvdXQgdGhlIGF1dGhvcml6YXRpb24gc2Vy dmVyIGFzCiAgICAgIGNsYWltcy4gIFRoaXMgaXMgYSBzdHJpbmcgdmFsdWUgY29uc2lzdGluZyBv ZiB0aGUgZW50aXJlIHNpZ25lZAogICAgICBKV1QuICBBICJzaWduZWRfbWV0YWRhdGEiIG1ldGFk YXRhIHZhbHVlIFNIT1VMRCBOT1QgYXBwZWFyIGFzIGEKICAgICAgY2xhaW0gaW4gdGhlIEpXVC4K CjMuICBPYnRhaW5pbmcgQXV0aG9yaXphdGlvbiBTZXJ2ZXIgTWV0YWRhdGEKCiAgIEF1dGhvcml6 YXRpb24gc2VydmVycyBzdXBwb3J0aW5nIG1ldGFkYXRhIE1VU1QgbWFrZSBhIEpTT04gZG9jdW1l bnQKICAgY29udGFpbmluZyBtZXRhZGF0YSBhcyBzcGVjaWZpZWQgaW4gU2VjdGlvbiAyIGF2YWls YWJsZSBhdCBhIHBhdGgKICAgZm9ybWVkIGJ5IGluc2VydGluZyBhIHdlbGwta25vd24gVVJJIHN0 cmluZyBpbnRvIHRoZSBhdXRob3JpemF0aW9uCiAgIHNlcnZlcidzIGlzc3VlciBpZGVudGlmaWVy IGJldHdlZW4gdGhlIGhvc3QgY29tcG9uZW50IGFuZCB0aGUgcGF0aAogICBjb21wb25lbnQsIGlm IGFueS4gIEJ5IGRlZmF1bHQsIHRoZSB3ZWxsLWtub3duIFVSSSBzdHJpbmcgdXNlZCBpcwogICAi Ly53ZWxsLWtub3duL29hdXRoLWF1dGhvcml6YXRpb24tc2VydmVyIi4gIFRoaXMgcGF0aCBNVVNU IHVzZSB0aGUKICAgImh0dHBzIiBzY2hlbWUuICBUaGUgc3ludGF4IGFuZCBzZW1hbnRpY3Mgb2Yg Ii53ZWxsLWtub3duIiBhcmUKICAgZGVmaW5lZCBpbiBSRkMgNTc4NSBbUkZDNTc4NV0uICBUaGUg d2VsbC1rbm93biBVUkkgc3VmZml4IHVzZWQgTVVTVAogICBiZSByZWdpc3RlcmVkIGluIHRoZSBJ QU5BICJXZWxsLUtub3duIFVSSXMiIHJlZ2lzdHJ5CiAgIFtJQU5BLndlbGwta25vd25dLgoKICAg RGlmZmVyZW50IGFwcGxpY2F0aW9ucyB1dGlsaXppbmcgT0F1dGggYXV0aG9yaXphdGlvbiBzZXJ2 ZXJzIGluCiAgIGFwcGxpY2F0aW9uLXNwZWNpZmljIHdheXMgbWF5IGRlZmluZSBhbmQgcmVnaXN0 ZXIgZGlmZmVyZW50IHdlbGwtCiAgIGtub3duIFVSSSBzdWZmaXhlcyB1c2VkIHRvIHB1Ymxpc2gg YXV0aG9yaXphdGlvbiBzZXJ2ZXIgbWV0YWRhdGEgYXMKICAgdXNlZCBieSB0aG9zZSBhcHBsaWNh dGlvbnMuICBGb3IgaW5zdGFuY2UsIGlmIHRoZSBFeGFtcGxlIGFwcGxpY2F0aW9uCiAgIHVzZXMg YW4gT0F1dGggYXV0aG9yaXphdGlvbiBzZXJ2ZXIgaW4gYW4gRXhhbXBsZS1zcGVjaWZpYyB3YXks IGFuZAogICB0aGVyZSBhcmUgRXhhbXBsZS1zcGVjaWZpYyBtZXRhZGF0YSB2YWx1ZXMgdGhhdCBp dCBuZWVkcyB0byBwdWJsaXNoLAogICB0aGVuIGl0IG1pZ2h0IHJlZ2lzdGVyIGFuZCB1c2UgdGhl ICJleGFtcGxlLWNvbmZpZ3VyYXRpb24iIFVSSSBzdWZmaXgKICAgYW5kIHB1Ymxpc2ggdGhlIG1l dGFkYXRhIGRvY3VtZW50IGF0IHRoZSBwYXRoIGZvcm1lZCBieSBpbnNlcnRpbmcKICAgIi8ud2Vs bC1rbm93bi9leGFtcGxlLWNvbmZpZ3VyYXRpb24iIGJldHdlZW4gdGhlIGhvc3QgYW5kIHBhdGgK ICAgY29tcG9uZW50cyBvZiB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIncyBpc3N1ZXIgaWRlbnRp Zmllci4KICAgQWx0ZXJuYXRpdmVseSwgbWFueSBzdWNoIGFwcGxpY2F0aW9ucyB3aWxsIHVzZSB0 aGUgZGVmYXVsdCB3ZWxsLWtub3duCiAgIFVSSSBzdHJpbmcgIi8ud2VsbC1rbm93bi9vYXV0aC1h dXRob3JpemF0aW9uLXNlcnZlciIsIHdoaWNoIGlzIHRoZQogICByaWdodCBjaG9pY2UgZm9yIGdl bmVyYWwtcHVycG9zZSBPQXV0aCBhdXRob3JpemF0aW9uIHNlcnZlcnMsIGFuZCBub3QKICAgcmVn aXN0ZXIgYW4gYXBwbGljYXRpb24tc3BlY2lmaWMgb25lLgoKICAgQW4gT0F1dGggMi4wIGFwcGxp Y2F0aW9uIHVzaW5nIHRoaXMgc3BlY2lmaWNhdGlvbiBNVVNUIHNwZWNpZnkgd2hhdAogICB3ZWxs LWtub3duIFVSSSBzdWZmaXggaXQgd2lsbCB1c2UgZm9yIHRoaXMgcHVycG9zZS4gIFRoZSBzYW1l CgoKCkpvbmVzLCBldCBhbC4gICAgICAgICAgICBFeHBpcmVzIEF1Z3VzdCAzMCwgMjAxOCAgICAg ICAgICAgICAgICBbUGFnZSA4XQoMCkludGVybmV0LURyYWZ0ICAgT0F1dGggMi4wIEF1dGhvcml6 YXRpb24gU2VydmVyIE1ldGFkYXRhICAgRmVicnVhcnkgMjAxOAoKCiAgIGF1dGhvcml6YXRpb24g c2VydmVyIE1BWSBjaG9vc2UgdG8gcHVibGlzaCBpdHMgbWV0YWRhdGEgYXQgbXVsdGlwbGUKICAg d2VsbC1rbm93biBsb2NhdGlvbnMgZGVyaXZlZCBmcm9tIGl0cyBpc3N1ZXIgaWRlbnRpZmllciwg Zm9yIGV4YW1wbGUsCiAgIHB1Ymxpc2hpbmcgbWV0YWRhdGEgYXQgYm90aCAiLy53ZWxsLWtub3du L2V4YW1wbGUtY29uZmlndXJhdGlvbiIgYW5kCiAgICIvLndlbGwta25vd24vb2F1dGgtYXV0aG9y aXphdGlvbi1zZXJ2ZXIiLgoKICAgU29tZSBPQXV0aCBhcHBsaWNhdGlvbnMgd2lsbCBjaG9vc2Ug dG8gdXNlIHRoZSB3ZWxsLWtub3duIFVSSSBzdWZmaXgKICAgIm9wZW5pZC1jb25maWd1cmF0aW9u Ii4gIEFzIGRlc2NyaWJlZCBpbiBTZWN0aW9uIDUsIGRlc3BpdGUgdGhlCiAgIGlkZW50aWZpZXIg Ii8ud2VsbC1rbm93bi9vcGVuaWQtY29uZmlndXJhdGlvbiIsIGFwcGVhcmluZyB0byBiZQogICBP cGVuSUQtc3BlY2lmaWMsIGl0cyB1c2FnZSBpbiB0aGlzIHNwZWNpZmljYXRpb24gaXMgYWN0dWFs bHkKICAgcmVmZXJyaW5nIHRvIGEgZ2VuZXJhbCBPQXV0aCAyLjAgZmVhdHVyZSB0aGF0IGlzIG5v dCBzcGVjaWZpYyB0bwogICBPcGVuSUQgQ29ubmVjdC4KCjMuMS4gIEF1dGhvcml6YXRpb24gU2Vy dmVyIE1ldGFkYXRhIFJlcXVlc3QKCiAgIEFuIGF1dGhvcml6YXRpb24gc2VydmVyIG1ldGFkYXRh IGRvY3VtZW50IE1VU1QgYmUgcXVlcmllZCB1c2luZyBhbgogICBIVFRQICJHRVQiIHJlcXVlc3Qg YXQgdGhlIHByZXZpb3VzbHkgc3BlY2lmaWVkIHBhdGguCgogICBUaGUgY2xpZW50IHdvdWxkIG1h a2UgdGhlIGZvbGxvd2luZyByZXF1ZXN0IHdoZW4gdGhlIGlzc3VlcgogICBpZGVudGlmaWVyIGlz ICJodHRwczovL2V4YW1wbGUuY29tIiBhbmQgdGhlIHdlbGwta25vd24gVVJJIHN1ZmZpeCBpcwog ICAib2F1dGgtYXV0aG9yaXphdGlvbi1zZXJ2ZXIiIHRvIG9idGFpbiB0aGUgbWV0YWRhdGEsIHNp bmNlIHRoZSBpc3N1ZXIKICAgaWRlbnRpZmllciBjb250YWlucyBubyBwYXRoIGNvbXBvbmVudDoK CiAgICAgR0VUIC8ud2VsbC1rbm93bi9vYXV0aC1hdXRob3JpemF0aW9uLXNlcnZlciBIVFRQLzEu MQogICAgIEhvc3Q6IGV4YW1wbGUuY29tCgogICBJZiB0aGUgaXNzdWVyIGlkZW50aWZpZXIgdmFs dWUgY29udGFpbnMgYSBwYXRoIGNvbXBvbmVudCwgYW55CiAgIHRlcm1pbmF0aW5nICIvIiBNVVNU IGJlIHJlbW92ZWQgYmVmb3JlIGluc2VydGluZyAiLy53ZWxsLWtub3duLyIgYW5kCiAgIHRoZSB3 ZWxsLWtub3duIFVSSSBzdWZmaXggYmV0d2VlbiB0aGUgaG9zdCBjb21wb25lbnQgYW5kIHRoZSBw YXRoCiAgIGNvbXBvbmVudC4gIFRoZSBjbGllbnQgd291bGQgbWFrZSB0aGUgZm9sbG93aW5nIHJl cXVlc3Qgd2hlbiB0aGUKICAgaXNzdWVyIGlkZW50aWZpZXIgaXMgImh0dHBzOi8vZXhhbXBsZS5j b20vaXNzdWVyMSIgYW5kIHRoZSB3ZWxsLWtub3duCiAgIFVSSSBzdWZmaXggaXMgIm9hdXRoLWF1 dGhvcml6YXRpb24tc2VydmVyIiB0byBvYnRhaW4gdGhlIG1ldGFkYXRhLAogICBzaW5jZSB0aGUg aXNzdWVyIGlkZW50aWZpZXIgY29udGFpbnMgYSBwYXRoIGNvbXBvbmVudDoKCiAgICAgR0VUIC8u d2VsbC1rbm93bi9vYXV0aC1hdXRob3JpemF0aW9uLXNlcnZlci9pc3N1ZXIxIEhUVFAvMS4xCiAg ICAgSG9zdDogZXhhbXBsZS5jb20KCiAgIFVzaW5nIHBhdGggY29tcG9uZW50cyBlbmFibGVzIHN1 cHBvcnRpbmcgbXVsdGlwbGUgaXNzdWVycyBwZXIgaG9zdC4KICAgVGhpcyBpcyByZXF1aXJlZCBp biBzb21lIG11bHRpLXRlbmFudCBob3N0aW5nIGNvbmZpZ3VyYXRpb25zLiAgVGhpcwogICB1c2Ug b2YgIi53ZWxsLWtub3duIiBpcyBmb3Igc3VwcG9ydGluZyBtdWx0aXBsZSBpc3N1ZXJzIHBlciBo b3N0OwogICB1bmxpa2UgaXRzIHVzZSBpbiBSRkMgNTc4NSBbUkZDNTc4NV0sIGl0IGRvZXMgbm90 IHByb3ZpZGUgZ2VuZXJhbAogICBpbmZvcm1hdGlvbiBhYm91dCB0aGUgaG9zdC4KCjMuMi4gIEF1 dGhvcml6YXRpb24gU2VydmVyIE1ldGFkYXRhIFJlc3BvbnNlCgogICBUaGUgcmVzcG9uc2UgaXMg YSBzZXQgb2YgY2xhaW1zIGFib3V0IHRoZSBhdXRob3JpemF0aW9uIHNlcnZlcidzCiAgIGNvbmZp Z3VyYXRpb24sIGluY2x1ZGluZyBhbGwgbmVjZXNzYXJ5IGVuZHBvaW50cyBhbmQgcHVibGljIGtl eQogICBsb2NhdGlvbiBpbmZvcm1hdGlvbi4gIEEgc3VjY2Vzc2Z1bCByZXNwb25zZSBNVVNUIHVz ZSB0aGUgMjAwIE9LIEhUVFAKICAgc3RhdHVzIGNvZGUgYW5kIHJldHVybiBhIEpTT04gb2JqZWN0 IHVzaW5nIHRoZSAiYXBwbGljYXRpb24vanNvbiIKCgoKSm9uZXMsIGV0IGFsLiAgICAgICAgICAg IEV4cGlyZXMgQXVndXN0IDMwLCAyMDE4ICAgICAgICAgICAgICAgIFtQYWdlIDldCgwKSW50ZXJu ZXQtRHJhZnQgICBPQXV0aCAyLjAgQXV0aG9yaXphdGlvbiBTZXJ2ZXIgTWV0YWRhdGEgICBGZWJy dWFyeSAyMDE4CgoKICAgY29udGVudCB0eXBlIHRoYXQgY29udGFpbnMgYSBzZXQgb2YgY2xhaW1z IGFzIGl0cyBtZW1iZXJzIHRoYXQgYXJlIGEKICAgc3Vic2V0IG9mIHRoZSBtZXRhZGF0YSB2YWx1 ZXMgZGVmaW5lZCBpbiBTZWN0aW9uIDIuICBPdGhlciBjbGFpbXMgTUFZCiAgIGFsc28gYmUgcmV0 dXJuZWQuCgogICBDbGFpbXMgdGhhdCByZXR1cm4gbXVsdGlwbGUgdmFsdWVzIGFyZSByZXByZXNl bnRlZCBhcyBKU09OIGFycmF5cy4KICAgQ2xhaW1zIHdpdGggemVybyBlbGVtZW50cyBNVVNUIGJl IG9taXR0ZWQgZnJvbSB0aGUgcmVzcG9uc2UuCgogICBBbiBlcnJvciByZXNwb25zZSB1c2VzIHRo ZSBhcHBsaWNhYmxlIEhUVFAgc3RhdHVzIGNvZGUgdmFsdWUuCgogICBUaGUgZm9sbG93aW5nIGlz IGEgbm9uLW5vcm1hdGl2ZSBleGFtcGxlIHJlc3BvbnNlOgoKICAgICBIVFRQLzEuMSAyMDAgT0sK ICAgICBDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL2pzb24KCiAgICAgewogICAgICAiaXNzdWVy IjoKICAgICAgICAiaHR0cHM6Ly9zZXJ2ZXIuZXhhbXBsZS5jb20iLAogICAgICAiYXV0aG9yaXph dGlvbl9lbmRwb2ludCI6CiAgICAgICAgImh0dHBzOi8vc2VydmVyLmV4YW1wbGUuY29tL2F1dGhv cml6ZSIsCiAgICAgICJ0b2tlbl9lbmRwb2ludCI6CiAgICAgICAgImh0dHBzOi8vc2VydmVyLmV4 YW1wbGUuY29tL3Rva2VuIiwKICAgICAgInRva2VuX2VuZHBvaW50X2F1dGhfbWV0aG9kc19zdXBw b3J0ZWQiOgogICAgICAgIFsiY2xpZW50X3NlY3JldF9iYXNpYyIsICJwcml2YXRlX2tleV9qd3Qi XSwKICAgICAgInRva2VuX2VuZHBvaW50X2F1dGhfc2lnbmluZ19hbGdfdmFsdWVzX3N1cHBvcnRl ZCI6CiAgICAgICAgWyJSUzI1NiIsICJFUzI1NiJdLAogICAgICAidXNlcmluZm9fZW5kcG9pbnQi OgogICAgICAgICJodHRwczovL3NlcnZlci5leGFtcGxlLmNvbS91c2VyaW5mbyIsCiAgICAgICJq d2tzX3VyaSI6CiAgICAgICAgImh0dHBzOi8vc2VydmVyLmV4YW1wbGUuY29tL2p3a3MuanNvbiIs CiAgICAgICJyZWdpc3RyYXRpb25fZW5kcG9pbnQiOgogICAgICAgICJodHRwczovL3NlcnZlci5l eGFtcGxlLmNvbS9yZWdpc3RlciIsCiAgICAgICJzY29wZXNfc3VwcG9ydGVkIjoKICAgICAgICBb Im9wZW5pZCIsICJwcm9maWxlIiwgImVtYWlsIiwgImFkZHJlc3MiLAogICAgICAgICAicGhvbmUi LCAib2ZmbGluZV9hY2Nlc3MiXSwKICAgICAgInJlc3BvbnNlX3R5cGVzX3N1cHBvcnRlZCI6CiAg ICAgICAgWyJjb2RlIiwgImNvZGUgdG9rZW4iXSwKICAgICAgInNlcnZpY2VfZG9jdW1lbnRhdGlv biI6CiAgICAgICAgImh0dHA6Ly9zZXJ2ZXIuZXhhbXBsZS5jb20vc2VydmljZV9kb2N1bWVudGF0 aW9uLmh0bWwiLAogICAgICAidWlfbG9jYWxlc19zdXBwb3J0ZWQiOgogICAgICAgIFsiZW4tVVMi LCAiZW4tR0IiLCAiZW4tQ0EiLCAiZnItRlIiLCAiZnItQ0EiXQogICAgIH0KCjMuMy4gIEF1dGhv cml6YXRpb24gU2VydmVyIE1ldGFkYXRhIFZhbGlkYXRpb24KCiAgIFRoZSAiaXNzdWVyIiB2YWx1 ZSByZXR1cm5lZCBNVVNUIGJlIGlkZW50aWNhbCB0byB0aGUgYXV0aG9yaXphdGlvbgogICBzZXJ2 ZXIncyBpc3N1ZXIgaWRlbnRpZmllciB2YWx1ZSBpbnRvIHdoaWNoIHRoZSB3ZWxsLWtub3duIFVS SSBzdHJpbmcKICAgd2FzIGluc2VydGVkIHRvIGNyZWF0ZSB0aGUgVVJMIHVzZWQgdG8gcmV0cmll dmUgdGhlIG1ldGFkYXRhLiAgSWYKCgoKCkpvbmVzLCBldCBhbC4gICAgICAgICAgICBFeHBpcmVz IEF1Z3VzdCAzMCwgMjAxOCAgICAgICAgICAgICAgIFtQYWdlIDEwXQoMCkludGVybmV0LURyYWZ0 ICAgT0F1dGggMi4wIEF1dGhvcml6YXRpb24gU2VydmVyIE1ldGFkYXRhICAgRmVicnVhcnkgMjAx OAoKCiAgIHRoZXNlIHZhbHVlcyBhcmUgbm90IGlkZW50aWNhbCwgdGhlIGRhdGEgY29udGFpbmVk IGluIHRoZSByZXNwb25zZQogICBNVVNUIE5PVCBiZSB1c2VkLgoKNC4gIFN0cmluZyBPcGVyYXRp b25zCgogICBQcm9jZXNzaW5nIHNvbWUgT0F1dGggMi4wIG1lc3NhZ2VzIHJlcXVpcmVzIGNvbXBh cmluZyB2YWx1ZXMgaW4gdGhlCiAgIG1lc3NhZ2VzIHRvIGtub3duIHZhbHVlcy4gIEZvciBleGFt cGxlLCB0aGUgbWVtYmVyIG5hbWVzIGluIHRoZQogICBtZXRhZGF0YSByZXNwb25zZSBtaWdodCBi ZSBjb21wYXJlZCB0byBzcGVjaWZpYyBtZW1iZXIgbmFtZXMgc3VjaCBhcwogICAiaXNzdWVyIi4g IENvbXBhcmluZyBVbmljb2RlIFtVTklDT0RFXSBzdHJpbmdzLCBob3dldmVyLCBoYXMKICAgc2ln bmlmaWNhbnQgc2VjdXJpdHkgaW1wbGljYXRpb25zLgoKICAgVGhlcmVmb3JlLCBjb21wYXJpc29u cyBiZXR3ZWVuIEpTT04gc3RyaW5ncyBhbmQgb3RoZXIgVW5pY29kZSBzdHJpbmdzCiAgIE1VU1Qg YmUgcGVyZm9ybWVkIGFzIHNwZWNpZmllZCBiZWxvdzoKCiAgIDEuICBSZW1vdmUgYW55IEpTT04g YXBwbGllZCBlc2NhcGluZyB0byBwcm9kdWNlIGFuIGFycmF5IG9mIFVuaWNvZGUKICAgICAgIGNv ZGUgcG9pbnRzLgoKICAgMi4gIFVuaWNvZGUgTm9ybWFsaXphdGlvbiBbVVNBMTVdIE1VU1QgTk9U IGJlIGFwcGxpZWQgYXQgYW55IHBvaW50IHRvCiAgICAgICBlaXRoZXIgdGhlIEpTT04gc3RyaW5n IG9yIHRvIHRoZSBzdHJpbmcgaXQgaXMgdG8gYmUgY29tcGFyZWQKICAgICAgIGFnYWluc3QuCgog ICAzLiAgQ29tcGFyaXNvbnMgYmV0d2VlbiB0aGUgdHdvIHN0cmluZ3MgTVVTVCBiZSBwZXJmb3Jt ZWQgYXMgYQogICAgICAgVW5pY29kZSBjb2RlIHBvaW50IHRvIGNvZGUgcG9pbnQgZXF1YWxpdHkg Y29tcGFyaXNvbi4KCiAgIE5vdGUgdGhhdCB0aGlzIGlzIHRoZSBzYW1lIGVxdWFsaXR5IGNvbXBh cmlzb24gcHJvY2VkdXJlIGRlc2NyaWJlZCBpbgogICBTZWN0aW9uIDguMyBvZiBbUkZDNzE1OV0u Cgo1LiAgQ29tcGF0aWJpbGl0eSBOb3RlcwoKICAgVGhlIGlkZW50aWZpZXJzICIvLndlbGwta25v d24vb3BlbmlkLWNvbmZpZ3VyYXRpb24iLCAib3BfcG9saWN5X3VyaSIsCiAgIGFuZCAib3BfdG9z X3VyaSIgY29udGFpbiBzdHJpbmdzIHJlZmVycmluZyB0byB0aGUgT3BlbklEIENvbm5lY3QKICAg W09wZW5JRC5Db3JlXSBmYW1pbHkgb2Ygc3BlY2lmaWNhdGlvbnMgdGhhdCB3ZXJlIG9yaWdpbmFs bHkgZGVmaW5lZAogICBieSAiT3BlbklEIENvbm5lY3QgRGlzY292ZXJ5IDEuMCIgW09wZW5JRC5E aXNjb3ZlcnldLiAgRGVzcGl0ZSB0aGUKICAgcmV1c2Ugb2YgdGhlc2UgaWRlbnRpZmllcnMgdGhh dCBhcHBlYXIgdG8gYmUgT3BlbklELXNwZWNpZmljLCB0aGVpcgogICB1c2FnZSBpbiB0aGlzIHNw ZWNpZmljYXRpb24gaXMgYWN0dWFsbHkgcmVmZXJyaW5nIHRvIGdlbmVyYWwgT0F1dGgKICAgMi4w IGZlYXR1cmVzIHRoYXQgYXJlIG5vdCBzcGVjaWZpYyB0byBPcGVuSUQgQ29ubmVjdC4KCiAgIFRo ZSBhbGdvcml0aG0gZm9yIHRyYW5zZm9ybWluZyB0aGUgaXNzdWVyIGlkZW50aWZpZXIgdG8gYW4K ICAgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgbWV0YWRhdGEgbG9jYXRpb24gZGVmaW5lZCBpbiBTZWN0 aW9uIDMgaXMKICAgZXF1aXZhbGVudCB0byB0aGUgY29ycmVzcG9uZGluZyB0cmFuc2Zvcm1hdGlv biBkZWZpbmVkIGluIFNlY3Rpb24gNAogICBvZiAiT3BlbklEIENvbm5lY3QgRGlzY292ZXJ5IDEu MCIgW09wZW5JRC5EaXNjb3ZlcnldLCBwcm92aWRlZCB0aGF0CiAgIHRoZSBpc3N1ZXIgaWRlbnRp ZmllciBjb250YWlucyBubyBwYXRoIGNvbXBvbmVudC4gIEhvd2V2ZXIsIHRoZXkgYXJlCiAgIGRp ZmZlcmVudCB3aGVuIHRoZXJlIGlzIGEgcGF0aCBjb21wb25lbnQsIGJlY2F1c2UgT3BlbklEIENv bm5lY3QKICAgRGlzY292ZXJ5IDEuMCBzcGVjaWZpZXMgdGhhdCB0aGUgd2VsbC1rbm93biBVUkkg c3RyaW5nIGlzIGFwcGVuZGVkIHRvCiAgIHRoZSBpc3N1ZXIgaWRlbnRpZmllciAoZS5nLiwgImh0 dHBzOi8vZXhhbXBsZS5jb20vaXNzdWVyMS8ud2VsbC0KICAga25vd24vb3BlbmlkLWNvbmZpZ3Vy YXRpb24iKSwgd2hlcmVhcyB0aGlzIHNwZWNpZmljYXRpb24gc3BlY2lmaWVzCiAgIHRoYXQgdGhl IHdlbGwta25vd24gVVJJIHN0cmluZyBpcyBpbnNlcnRlZCBiZWZvcmUgdGhlIHBhdGggY29tcG9u ZW50CgoKCgpKb25lcywgZXQgYWwuICAgICAgICAgICAgRXhwaXJlcyBBdWd1c3QgMzAsIDIwMTgg ICAgICAgICAgICAgICBbUGFnZSAxMV0KDApJbnRlcm5ldC1EcmFmdCAgIE9BdXRoIDIuMCBBdXRo b3JpemF0aW9uIFNlcnZlciBNZXRhZGF0YSAgIEZlYnJ1YXJ5IDIwMTgKCgogICBvZiB0aGUgaXNz dWVyIGlkZW50aWZpZXIgKGUuZy4sICJodHRwczovL2V4YW1wbGUuY29tLy53ZWxsLWtub3duLwog ICBvcGVuaWQtY29uZmlndXJhdGlvbi9pc3N1ZXIxIikuCgogICBHb2luZyBmb3J3YXJkLCBPQXV0 aCBhdXRob3JpemF0aW9uIHNlcnZlciBtZXRhZGF0YSBsb2NhdGlvbnMgc2hvdWxkCiAgIHVzZSB0 aGUgdHJhbnNmb3JtYXRpb24gZGVmaW5lZCBpbiB0aGlzIHNwZWNpZmljYXRpb24uICBIb3dldmVy LCB3aGVuCiAgIGRlcGxveWVkIGluIGxlZ2FjeSBlbnZpcm9ubWVudHMgaW4gd2hpY2ggdGhlIE9w ZW5JRCBDb25uZWN0IERpc2NvdmVyeQogICAxLjAgdHJhbnNmb3JtYXRpb24gaXMgYWxyZWFkeSB1 c2VkLCBpdCBtYXkgYmUgbmVjZXNzYXJ5IGR1cmluZyBhCiAgIHRyYW5zaXRpb24gcGVyaW9kIHRv IHB1Ymxpc2ggbWV0YWRhdGEgZm9yIGlzc3VlciBpZGVudGlmaWVycwogICBjb250YWluaW5nIGEg cGF0aCBjb21wb25lbnQgYXQgYm90aCBsb2NhdGlvbnMuICBEdXJpbmcgdGhpcwogICB0cmFuc2l0 aW9uIHBlcmlvZCwgYXBwbGljYXRpb25zIHNob3VsZCBmaXJzdCBhcHBseSB0aGUgdHJhbnNmb3Jt YXRpb24KICAgZGVmaW5lZCBpbiB0aGlzIHNwZWNpZmljYXRpb24gYW5kIGF0dGVtcHQgdG8gcmV0 cmlldmUgdGhlCiAgIGF1dGhvcml6YXRpb24gc2VydmVyIG1ldGFkYXRhIGZyb20gdGhlIHJlc3Vs dGluZyBsb2NhdGlvbjsgb25seSBpZgogICB0aGUgcmV0cmlldmFsIGZyb20gdGhhdCBsb2NhdGlv biBmYWlscyBzaG91bGQgdGhleSBmYWxsIGJhY2sgdG8KICAgYXR0ZW1wdGluZyB0byByZXRyaXZl IGl0IGZyb20gdGhlIGFsdGVybmF0ZSBsb2NhdGlvbiBvYnRhaW5lZCB1c2luZwogICB0aGUgdHJh bnNmb3JtYXRpb24gZGVmaW5lZCBieSBPcGVuSUQgQ29ubmVjdCBEaXNjb3ZlcnkgMS4wLiAgVGhp cwogICBiYWNrd2FyZHMtY29tcGF0aWJpbGl0eSBiZWhhdmlvciBzaG91bGQgb25seSBiZSBuZWNl c3Nhcnkgd2hlbiB0aGUKICAgd2VsbC1rbm93biBVUkkgc3VmZml4IGVtcGxveWVkIGJ5IHRoZSBh cHBsaWNhdGlvbiBpcyAib3BlbmlkLQogICBjb25maWd1cmF0aW9uIi4KCjYuICBTZWN1cml0eSBD b25zaWRlcmF0aW9ucwoKNi4xLiAgVExTIFJlcXVpcmVtZW50cwoKICAgSW1wbGVtZW50YXRpb25z IE1VU1Qgc3VwcG9ydCBUTFMuICBXaGljaCB2ZXJzaW9uKHMpIG91Z2h0IHRvIGJlCiAgIGltcGxl bWVudGVkIHdpbGwgdmFyeSBvdmVyIHRpbWUgYW5kIGRlcGVuZCBvbiB0aGUgd2lkZXNwcmVhZAog ICBkZXBsb3ltZW50IGFuZCBrbm93biBzZWN1cml0eSB2dWxuZXJhYmlsaXRpZXMgYXQgdGhlIHRp bWUgb2YKICAgaW1wbGVtZW50YXRpb24uICBUaGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgTVVTVCBz dXBwb3J0IFRMUyB2ZXJzaW9uCiAgIDEuMiBbUkZDNTI0Nl0gYW5kIE1BWSBzdXBwb3J0IGFkZGl0 aW9uYWwgdHJhbnNwb3J0LWxheWVyIHNlY3VyaXR5CiAgIG1lY2hhbmlzbXMgbWVldGluZyBpdHMg c2VjdXJpdHkgcmVxdWlyZW1lbnRzLiAgV2hlbiB1c2luZyBUTFMsIHRoZQogICBjbGllbnQgTVVT VCBwZXJmb3JtIGEgVExTL1NTTCBzZXJ2ZXIgY2VydGlmaWNhdGUgY2hlY2ssIHBlciBSRkMgNjEy NQogICBbUkZDNjEyNV0uICBJbXBsZW1lbnRhdGlvbiBzZWN1cml0eSBjb25zaWRlcmF0aW9ucyBj YW4gYmUgZm91bmQgaW4KICAgUmVjb21tZW5kYXRpb25zIGZvciBTZWN1cmUgVXNlIG9mIFRMUyBh bmQgRFRMUyBbQkNQMTk1XS4KCiAgIFRvIHByb3RlY3QgYWdhaW5zdCBpbmZvcm1hdGlvbiBkaXNj bG9zdXJlIGFuZCB0YW1wZXJpbmcsCiAgIGNvbmZpZGVudGlhbGl0eSBwcm90ZWN0aW9uIE1VU1Qg YmUgYXBwbGllZCB1c2luZyBUTFMgd2l0aCBhCiAgIGNpcGhlcnN1aXRlIHRoYXQgcHJvdmlkZXMg Y29uZmlkZW50aWFsaXR5IGFuZCBpbnRlZ3JpdHkgcHJvdGVjdGlvbi4KCjYuMi4gIEltcGVyc29u YXRpb24gQXR0YWNrcwoKICAgVExTIGNlcnRpZmljYXRlIGNoZWNraW5nIE1VU1QgYmUgcGVyZm9y bWVkIGJ5IHRoZSBjbGllbnQsIGFzCiAgIGRlc2NyaWJlZCBpbiBTZWN0aW9uIDYuMSwgd2hlbiBt YWtpbmcgYW4gYXV0aG9yaXphdGlvbiBzZXJ2ZXIKICAgbWV0YWRhdGEgcmVxdWVzdC4gIENoZWNr aW5nIHRoYXQgdGhlIHNlcnZlciBjZXJ0aWZpY2F0ZSBpcyB2YWxpZCBmb3IKICAgdGhlIGlzc3Vl ciBpZGVudGlmaWVyIFVSTCBwcmV2ZW50cyBtYW4taW4tbWlkZGxlIGFuZCBETlMtYmFzZWQKICAg YXR0YWNrcy4gIFRoZXNlIGF0dGFja3MgY291bGQgY2F1c2UgYSBjbGllbnQgdG8gYmUgdHJpY2tl ZCBpbnRvIHVzaW5nCiAgIGFuIGF0dGFja2VyJ3Mga2V5cyBhbmQgZW5kcG9pbnRzLCB3aGljaCB3 b3VsZCBlbmFibGUgaW1wZXJzb25hdGlvbiBvZgogICB0aGUgbGVnaXRpbWF0ZSBhdXRob3JpemF0 aW9uIHNlcnZlci4gIElmIGFuIGF0dGFja2VyIGNhbiBhY2NvbXBsaXNoCiAgIHRoaXMsIHRoZXkg Y2FuIGFjY2VzcyB0aGUgcmVzb3VyY2VzIHRoYXQgdGhlIGFmZmVjdGVkIGNsaWVudCBoYXMKICAg YWNjZXNzIHRvIHVzaW5nIHRoZSBhdXRob3JpemF0aW9uIHNlcnZlciB0aGF0IHRoZXkgYXJlIGlt cGVyc29uYXRpbmcuCgoKCkpvbmVzLCBldCBhbC4gICAgICAgICAgICBFeHBpcmVzIEF1Z3VzdCAz MCwgMjAxOCAgICAgICAgICAgICAgIFtQYWdlIDEyXQoMCkludGVybmV0LURyYWZ0ICAgT0F1dGgg Mi4wIEF1dGhvcml6YXRpb24gU2VydmVyIE1ldGFkYXRhICAgRmVicnVhcnkgMjAxOAoKCiAgIEFu IGF0dGFja2VyIG1heSBhbHNvIGF0dGVtcHQgdG8gaW1wZXJzb25hdGUgYW4gYXV0aG9yaXphdGlv biBzZXJ2ZXIKICAgYnkgcHVibGlzaGluZyBhIG1ldGFkYXRhIGRvY3VtZW50IHRoYXQgY29udGFp bnMgYW4gImlzc3VlciIgY2xhaW0KICAgdXNpbmcgdGhlIGlzc3VlciBpZGVudGlmaWVyIFVSTCBv ZiB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgYmVpbmcKICAgaW1wZXJzb25hdGVkLCBidXQgd2l0 aCBpdHMgb3duIGVuZHBvaW50cyBhbmQgc2lnbmluZyBrZXlzLiAgVGhpcwogICB3b3VsZCBlbmFi bGUgaXQgdG8gaW1wZXJzb25hdGUgdGhhdCBhdXRob3JpemF0aW9uIHNlcnZlciwgaWYgYWNjZXB0 ZWQKICAgYnkgdGhlIGNsaWVudC4gIFRvIHByZXZlbnQgdGhpcywgdGhlIGNsaWVudCBNVVNUIGVu c3VyZSB0aGF0IHRoZQogICBpc3N1ZXIgaWRlbnRpZmllciBVUkwgaXQgaXMgdXNpbmcgYXMgdGhl IHByZWZpeCBmb3IgdGhlIG1ldGFkYXRhCiAgIHJlcXVlc3QgZXhhY3RseSBtYXRjaGVzIHRoZSB2 YWx1ZSBvZiB0aGUgImlzc3VlciIgbWV0YWRhdGEgdmFsdWUgaW4KICAgdGhlIGF1dGhvcml6YXRp b24gc2VydmVyIG1ldGFkYXRhIGRvY3VtZW50IHJlY2VpdmVkIGJ5IHRoZSBjbGllbnQuCgo2LjMu ICBQdWJsaXNoaW5nIE1ldGFkYXRhIGluIGEgU3RhbmRhcmQgRm9ybWF0CgogICBQdWJsaXNoaW5n IGluZm9ybWF0aW9uIGFib3V0IHRoZSBhdXRob3JpemF0aW9uIHNlcnZlciBpbiBhIHN0YW5kYXJk CiAgIGZvcm1hdCBtYWtlcyBpdCBlYXNpZXIgZm9yIGJvdGggbGVnaXRpbWF0ZSBjbGllbnRzIGFu ZCBhdHRhY2tlcnMgdG8KICAgdXNlIHRoZSBhdXRob3JpemF0aW9uIHNlcnZlci4gIFdoZXRoZXIg YW4gYXV0aG9yaXphdGlvbiBzZXJ2ZXIKICAgcHVibGlzaGVzIGl0cyBtZXRhZGF0YSBpbiBhbiBh ZC1ob2MgbWFubmVyIG9yIGluIHRoZSBzdGFuZGFyZCBmb3JtYXQKICAgZGVmaW5lZCBieSB0aGlz IHNwZWNpZmljYXRpb24sIHRoZSBzYW1lIGRlZmVuc2VzIGFnYWluc3QgYXR0YWNrcyB0aGF0CiAg IG1pZ2h0IGJlIG1vdW50ZWQgdGhhdCB1c2UgdGhpcyBpbmZvcm1hdGlvbiBzaG91bGQgYmUgYXBw bGllZC4KCjYuNC4gIFByb3RlY3RlZCBSZXNvdXJjZXMKCiAgIFNlY3VyZSBkZXRlcm1pbmF0aW9u IG9mIGFwcHJvcHJpYXRlIHByb3RlY3RlZCByZXNvdXJjZXMgdG8gdXNlIHdpdGgKICAgYW4gYXV0 aG9yaXphdGlvbiBzZXJ2ZXIgZm9yIGFsbCB1c2UgY2FzZXMgaXMgb3V0IG9mIHNjb3BlIG9mIHRo aXMKICAgc3BlY2lmaWNhdGlvbi4gIFRoaXMgc3BlY2lmaWNhdGlvbiBhc3N1bWVzIHRoYXQgdGhl IGNsaWVudCBoYXMgYQogICBtZWFucyBvZiBkZXRlcm1pbmluZyBhcHByb3ByaWF0ZSBwcm90ZWN0 ZWQgcmVzb3VyY2VzIHRvIHVzZSB3aXRoIGFuCiAgIGF1dGhvcml6YXRpb24gc2VydmVyIGFuZCB0 aGF0IHRoZSBjbGllbnQgaXMgdXNpbmcgdGhlIGNvcnJlY3QKICAgbWV0YWRhdGEgZm9yIGVhY2gg YXV0aG9yaXphdGlvbiBzZXJ2ZXIuICBJbXBsZW1lbnRlcnMgbmVlZCB0byBiZQogICBhd2FyZSB0 aGF0IGlmIGFuIGluYXBwcm9wcmlhdGUgcHJvdGVjdGVkIHJlc291cmNlIGlzIHVzZWQgYnkgdGhl CiAgIGNsaWVudCwgdGhhdCBhbiBhdHRhY2tlciBtYXkgYmUgYWJsZSB0byBhY3QgYXMgYSBtYW4t aW4tdGhlLW1pZGRsZQogICBwcm94eSB0byBhIHZhbGlkIHByb3RlY3RlZCByZXNvdXJjZSB3aXRo b3V0IGl0IGJlaW5nIGRldGVjdGVkIGJ5IHRoZQogICBhdXRob3JpemF0aW9uIHNlcnZlciBvciB0 aGUgY2xpZW50LgoKICAgVGhlIHdheXMgdG8gZGV0ZXJtaW5lIHRoZSBhcHByb3ByaWF0ZSBwcm90 ZWN0ZWQgcmVzb3VyY2VzIHRvIHVzZSB3aXRoCiAgIGFuIGF1dGhvcml6YXRpb24gc2VydmVyIGFy ZSBpbiBnZW5lcmFsLCBhcHBsaWNhdGlvbi1kZXBlbmRlbnQuICBGb3IKICAgaW5zdGFuY2UsIHNv bWUgYXV0aG9yaXphdGlvbiBzZXJ2ZXJzIGFyZSB1c2VkIHdpdGggYSBmaXhlZCBwcm90ZWN0ZWQK ICAgcmVzb3VyY2Ugb3Igc2V0IG9mIHByb3RlY3RlZCByZXNvdXJjZXMsIHRoZSBsb2NhdGlvbnMg b2Ygd2hpY2ggbWF5IGJlCiAgIHdlbGwga25vd24sIG9yIHdoaWNoIGNvdWxkIGJlIHB1Ymxpc2hl ZCBhcyBtZXRhZGF0YSB2YWx1ZXMgYnkgdGhlCiAgIGF1dGhvcml6YXRpb24gc2VydmVyLiAgSW4g b3RoZXIgY2FzZXMsIHRoZSBzZXQgb2YgcmVzb3VyY2VzIHRoYXQgY2FuCiAgIGJlIHVzZWQgd2l0 aCBhbiBhdXRob3JpemF0aW9uIHNlcnZlciBjYW4gYnkgZHluYW1pY2FsbHkgY2hhbmdlZCBieQog ICBhZG1pbmlzdHJhdGl2ZSBhY3Rpb25zLiAgTWFueSBvdGhlciBtZWFucyBvZiBkZXRlcm1pbmlu ZyBhcHByb3ByaWF0ZQogICBhc3NvY2lhdGlvbnMgYmV0d2VlbiBhdXRob3JpemF0aW9uIHNlcnZl cnMgYW5kIHByb3RlY3RlZCByZXNvdXJjZXMKICAgYXJlIGFsc28gcG9zc2libGUuCgo3LiAgSUFO QSBDb25zaWRlcmF0aW9ucwoKICAgVGhlIGZvbGxvd2luZyByZWdpc3RyYXRpb24gcHJvY2VkdXJl IGlzIHVzZWQgZm9yIHRoZSByZWdpc3RyeQogICBlc3RhYmxpc2hlZCBieSB0aGlzIHNwZWNpZmlj YXRpb24uCgoKCgpKb25lcywgZXQgYWwuICAgICAgICAgICAgRXhwaXJlcyBBdWd1c3QgMzAsIDIw MTggICAgICAgICAgICAgICBbUGFnZSAxM10KDApJbnRlcm5ldC1EcmFmdCAgIE9BdXRoIDIuMCBB dXRob3JpemF0aW9uIFNlcnZlciBNZXRhZGF0YSAgIEZlYnJ1YXJ5IDIwMTgKCgogICBWYWx1ZXMg YXJlIHJlZ2lzdGVyZWQgb24gYSBTcGVjaWZpY2F0aW9uIFJlcXVpcmVkIFtSRkM4MTI2XSBiYXNp cwogICBhZnRlciBhIHR3by13ZWVrIHJldmlldyBwZXJpb2Qgb24gdGhlIG9hdXRoLWV4dC1yZXZp ZXdAaWV0Zi5vcmcKICAgbWFpbGluZyBsaXN0LCBvbiB0aGUgYWR2aWNlIG9mIG9uZSBvciBtb3Jl IERlc2lnbmF0ZWQgRXhwZXJ0cy4KICAgSG93ZXZlciwgdG8gYWxsb3cgZm9yIHRoZSBhbGxvY2F0 aW9uIG9mIHZhbHVlcyBwcmlvciB0byBwdWJsaWNhdGlvbiwKICAgdGhlIERlc2lnbmF0ZWQgRXhw ZXJ0cyBtYXkgYXBwcm92ZSByZWdpc3RyYXRpb24gb25jZSB0aGV5IGFyZQogICBzYXRpc2ZpZWQg dGhhdCBzdWNoIGEgc3BlY2lmaWNhdGlvbiB3aWxsIGJlIHB1Ymxpc2hlZC4KCiAgIFJlZ2lzdHJh dGlvbiByZXF1ZXN0cyBzZW50IHRvIHRoZSBtYWlsaW5nIGxpc3QgZm9yIHJldmlldyBzaG91bGQg dXNlCiAgIGFuIGFwcHJvcHJpYXRlIHN1YmplY3QgKGUuZy4sICJSZXF1ZXN0IHRvIHJlZ2lzdGVy IE9BdXRoCiAgIEF1dGhvcml6YXRpb24gU2VydmVyIE1ldGFkYXRhOiBleGFtcGxlIikuCgogICBX aXRoaW4gdGhlIHJldmlldyBwZXJpb2QsIHRoZSBEZXNpZ25hdGVkIEV4cGVydHMgd2lsbCBlaXRo ZXIgYXBwcm92ZQogICBvciBkZW55IHRoZSByZWdpc3RyYXRpb24gcmVxdWVzdCwgY29tbXVuaWNh dGluZyB0aGlzIGRlY2lzaW9uIHRvIHRoZQogICByZXZpZXcgbGlzdCBhbmQgSUFOQS4gIERlbmlh bHMgc2hvdWxkIGluY2x1ZGUgYW4gZXhwbGFuYXRpb24gYW5kLCBpZgogICBhcHBsaWNhYmxlLCBz dWdnZXN0aW9ucyBhcyB0byBob3cgdG8gbWFrZSB0aGUgcmVxdWVzdCBzdWNjZXNzZnVsLgogICBS ZWdpc3RyYXRpb24gcmVxdWVzdHMgdGhhdCBhcmUgdW5kZXRlcm1pbmVkIGZvciBhIHBlcmlvZCBs b25nZXIgdGhhbgogICAyMSBkYXlzIGNhbiBiZSBicm91Z2h0IHRvIHRoZSBJRVNHJ3MgYXR0ZW50 aW9uICh1c2luZyB0aGUKICAgaWVzZ0BpZXRmLm9yZyBtYWlsaW5nIGxpc3QpIGZvciByZXNvbHV0 aW9uLgoKICAgQ3JpdGVyaWEgdGhhdCBzaG91bGQgYmUgYXBwbGllZCBieSB0aGUgRGVzaWduYXRl ZCBFeHBlcnRzIGluY2x1ZGVzCiAgIGRldGVybWluaW5nIHdoZXRoZXIgdGhlIHByb3Bvc2VkIHJl Z2lzdHJhdGlvbiBkdXBsaWNhdGVzIGV4aXN0aW5nCiAgIGZ1bmN0aW9uYWxpdHksIGRldGVybWlu aW5nIHdoZXRoZXIgaXQgaXMgbGlrZWx5IHRvIGJlIG9mIGdlbmVyYWwKICAgYXBwbGljYWJpbGl0 eSBvciB3aGV0aGVyIGl0IGlzIHVzZWZ1bCBvbmx5IGZvciBhIHNpbmdsZSBhcHBsaWNhdGlvbiwK ICAgYW5kIHdoZXRoZXIgdGhlIHJlZ2lzdHJhdGlvbiBtYWtlcyBzZW5zZS4KCiAgIElBTkEgbXVz dCBvbmx5IGFjY2VwdCByZWdpc3RyeSB1cGRhdGVzIGZyb20gdGhlIERlc2lnbmF0ZWQgRXhwZXJ0 cwogICBhbmQgc2hvdWxkIGRpcmVjdCBhbGwgcmVxdWVzdHMgZm9yIHJlZ2lzdHJhdGlvbiB0byB0 aGUgcmV2aWV3IG1haWxpbmcKICAgbGlzdC4KCiAgIEl0IGlzIHN1Z2dlc3RlZCB0aGF0IG11bHRp cGxlIERlc2lnbmF0ZWQgRXhwZXJ0cyBiZSBhcHBvaW50ZWQgd2hvIGFyZQogICBhYmxlIHRvIHJl cHJlc2VudCB0aGUgcGVyc3BlY3RpdmVzIG9mIGRpZmZlcmVudCBhcHBsaWNhdGlvbnMgdXNpbmcK ICAgdGhpcyBzcGVjaWZpY2F0aW9uLCBpbiBvcmRlciB0byBlbmFibGUgYnJvYWRseS1pbmZvcm1l ZCByZXZpZXcgb2YKICAgcmVnaXN0cmF0aW9uIGRlY2lzaW9ucy4gIEluIGNhc2VzIHdoZXJlIGEg cmVnaXN0cmF0aW9uIGRlY2lzaW9uIGNvdWxkCiAgIGJlIHBlcmNlaXZlZCBhcyBjcmVhdGluZyBh IGNvbmZsaWN0IG9mIGludGVyZXN0IGZvciBhIHBhcnRpY3VsYXIKICAgRXhwZXJ0LCB0aGF0IEV4 cGVydCBzaG91bGQgZGVmZXIgdG8gdGhlIGp1ZGdtZW50IG9mIHRoZSBvdGhlcgogICBFeHBlcnRz LgoKNy4xLiAgT0F1dGggQXV0aG9yaXphdGlvbiBTZXJ2ZXIgTWV0YWRhdGEgUmVnaXN0cnkKCiAg IFRoaXMgc3BlY2lmaWNhdGlvbiBlc3RhYmxpc2hlcyB0aGUgSUFOQSAiT0F1dGggQXV0aG9yaXph dGlvbiBTZXJ2ZXIKICAgTWV0YWRhdGEiIHJlZ2lzdHJ5IGZvciBPQXV0aCAyLjAgYXV0aG9yaXph dGlvbiBzZXJ2ZXIgbWV0YWRhdGEgbmFtZXMuCiAgIFRoZSByZWdpc3RyeSByZWNvcmRzIHRoZSBh dXRob3JpemF0aW9uIHNlcnZlciBtZXRhZGF0YSBtZW1iZXIgYW5kIGEKICAgcmVmZXJlbmNlIHRv IHRoZSBzcGVjaWZpY2F0aW9uIHRoYXQgZGVmaW5lcyBpdC4KCiAgIFRoZSBEZXNpZ25hdGVkIEV4 cGVydHMgbXVzdCBlaXRoZXI6CgogICAoYSkgcmVxdWlyZSB0aGF0IG1ldGFkYXRhIG5hbWVzIGFu ZCB2YWx1ZXMgYmVpbmcgcmVnaXN0ZXJlZCB1c2Ugb25seQogICBwcmludGFibGUgQVNDSUkgY2hh cmFjdGVycyBleGNsdWRpbmcgZG91YmxlIHF1b3RlICgnIicpIGFuZCBiYWNrc2xhc2gKCgoKSm9u ZXMsIGV0IGFsLiAgICAgICAgICAgIEV4cGlyZXMgQXVndXN0IDMwLCAyMDE4ICAgICAgICAgICAg ICAgW1BhZ2UgMTRdCgwKSW50ZXJuZXQtRHJhZnQgICBPQXV0aCAyLjAgQXV0aG9yaXphdGlvbiBT ZXJ2ZXIgTWV0YWRhdGEgICBGZWJydWFyeSAyMDE4CgoKICAgKCdcJykgKHRoZSBVbmljb2RlIGNo YXJhY3RlcnMgd2l0aCBjb2RlIHBvaW50cyBVKzAwMjEsIFUrMDAyMyB0aHJvdWdoCiAgIFUrMDA1 QiwgYW5kIFUrMDA1RCB0aHJvdWdoIFUrMDA3RSksIG9yCgogICAoYikgaWYgbmV3IG1ldGFkYXRh IG1lbWJlcnMgb3IgdmFsdWVzIGFyZSBkZWZpbmVkIHRoYXQgdXNlIG90aGVyIGNvZGUKICAgcG9p bnRzLCByZXF1aXJlIHRoYXQgdGhlaXIgZGVmaW5pdGlvbnMgc3BlY2lmeSB0aGUgZXhhY3QgVW5p Y29kZSBjb2RlCiAgIHBvaW50IHNlcXVlbmNlcyB1c2VkIHRvIHJlcHJlc2VudCB0aGVtLiAgRnVy dGhlcm1vcmUsIHByb3Bvc2VkCiAgIHJlZ2lzdHJhdGlvbnMgdGhhdCB1c2UgVW5pY29kZSBjb2Rl IHBvaW50cyB0aGF0IGNhbiBvbmx5IGJlCiAgIHJlcHJlc2VudGVkIGluIEpTT04gc3RyaW5ncyBh cyBlc2NhcGVkIGNoYXJhY3RlcnMgbXVzdCBub3QgYmUKICAgYWNjZXB0ZWQuCgo3LjEuMS4gIFJl Z2lzdHJhdGlvbiBUZW1wbGF0ZQoKICAgTWV0YWRhdGEgTmFtZToKICAgICAgVGhlIG5hbWUgcmVx dWVzdGVkIChlLmcuLCAiaXNzdWVyIikuICBUaGlzIG5hbWUgaXMgY2FzZS1zZW5zaXRpdmUuCiAg ICAgIE5hbWVzIG1heSBub3QgbWF0Y2ggb3RoZXIgcmVnaXN0ZXJlZCBuYW1lcyBpbiBhIGNhc2Ut aW5zZW5zaXRpdmUKICAgICAgbWFubmVyIHVubGVzcyB0aGUgRGVzaWduYXRlZCBFeHBlcnRzIHN0 YXRlIHRoYXQgdGhlcmUgaXMgYQogICAgICBjb21wZWxsaW5nIHJlYXNvbiB0byBhbGxvdyBhbiBl eGNlcHRpb24uCgogICBNZXRhZGF0YSBEZXNjcmlwdGlvbjoKICAgICAgQnJpZWYgZGVzY3JpcHRp b24gb2YgdGhlIG1ldGFkYXRhIChlLmcuLCAiSXNzdWVyIGlkZW50aWZpZXIgVVJMIikuCgogICBD aGFuZ2UgQ29udHJvbGxlcjoKICAgICAgRm9yIFN0YW5kYXJkcyBUcmFjayBSRkNzLCBsaXN0IHRo ZSAiSUVTRyIuICBGb3Igb3RoZXJzLCBnaXZlIHRoZQogICAgICBuYW1lIG9mIHRoZSByZXNwb25z aWJsZSBwYXJ0eS4gIE90aGVyIGRldGFpbHMgKGUuZy4sIHBvc3RhbAogICAgICBhZGRyZXNzLCBl bWFpbCBhZGRyZXNzLCBob21lIHBhZ2UgVVJJKSBtYXkgYWxzbyBiZSBpbmNsdWRlZC4KCiAgIFNw ZWNpZmljYXRpb24gRG9jdW1lbnQocyk6CiAgICAgIFJlZmVyZW5jZSB0byB0aGUgZG9jdW1lbnQg b3IgZG9jdW1lbnRzIHRoYXQgc3BlY2lmeSB0aGUgcGFyYW1ldGVyLAogICAgICBwcmVmZXJhYmx5 IGluY2x1ZGluZyBVUklzIHRoYXQgY2FuIGJlIHVzZWQgdG8gcmV0cmlldmUgY29waWVzIG9mCiAg ICAgIHRoZSBkb2N1bWVudHMuICBBbiBpbmRpY2F0aW9uIG9mIHRoZSByZWxldmFudCBzZWN0aW9u cyBtYXkgYWxzbyBiZQogICAgICBpbmNsdWRlZCBidXQgaXMgbm90IHJlcXVpcmVkLgoKNy4xLjIu ICBJbml0aWFsIFJlZ2lzdHJ5IENvbnRlbnRzCgogICBvICBNZXRhZGF0YSBOYW1lOiAiaXNzdWVy IgogICBvICBNZXRhZGF0YSBEZXNjcmlwdGlvbjogQXV0aG9yaXphdGlvbiBzZXJ2ZXIncyBpc3N1 ZXIgaWRlbnRpZmllciBVUkwKICAgbyAgQ2hhbmdlIENvbnRyb2xsZXI6IElFU0cKICAgbyAgU3Bl Y2lmaWNhdGlvbiBEb2N1bWVudChzKTogU2VjdGlvbiAyIG9mIFtbIHRoaXMgc3BlY2lmaWNhdGlv biBdXQoKICAgbyAgTWV0YWRhdGEgTmFtZTogImF1dGhvcml6YXRpb25fZW5kcG9pbnQiCiAgIG8g IE1ldGFkYXRhIERlc2NyaXB0aW9uOiBVUkwgb2YgdGhlIGF1dGhvcml6YXRpb24gc2VydmVyJ3MK ICAgICAgYXV0aG9yaXphdGlvbiBlbmRwb2ludAogICBvICBDaGFuZ2UgQ29udHJvbGxlcjogSUVT RwogICBvICBTcGVjaWZpY2F0aW9uIERvY3VtZW50KHMpOiBTZWN0aW9uIDIgb2YgW1sgdGhpcyBz cGVjaWZpY2F0aW9uIF1dCgogICBvICBNZXRhZGF0YSBOYW1lOiAidG9rZW5fZW5kcG9pbnQiCiAg IG8gIE1ldGFkYXRhIERlc2NyaXB0aW9uOiBVUkwgb2YgdGhlIGF1dGhvcml6YXRpb24gc2VydmVy J3MgdG9rZW4KICAgICAgZW5kcG9pbnQKCgoKSm9uZXMsIGV0IGFsLiAgICAgICAgICAgIEV4cGly ZXMgQXVndXN0IDMwLCAyMDE4ICAgICAgICAgICAgICAgW1BhZ2UgMTVdCgwKSW50ZXJuZXQtRHJh ZnQgICBPQXV0aCAyLjAgQXV0aG9yaXphdGlvbiBTZXJ2ZXIgTWV0YWRhdGEgICBGZWJydWFyeSAy MDE4CgoKICAgbyAgQ2hhbmdlIENvbnRyb2xsZXI6IElFU0cKICAgbyAgU3BlY2lmaWNhdGlvbiBE b2N1bWVudChzKTogU2VjdGlvbiAyIG9mIFtbIHRoaXMgc3BlY2lmaWNhdGlvbiBdXQoKICAgbyAg TWV0YWRhdGEgTmFtZTogImp3a3NfdXJpIgogICBvICBNZXRhZGF0YSBEZXNjcmlwdGlvbjogVVJM IG9mIHRoZSBhdXRob3JpemF0aW9uIHNlcnZlcidzIEpXSyBTZXQKICAgICAgZG9jdW1lbnQKICAg byAgQ2hhbmdlIENvbnRyb2xsZXI6IElFU0cKICAgbyAgU3BlY2lmaWNhdGlvbiBEb2N1bWVudChz KTogU2VjdGlvbiAyIG9mIFtbIHRoaXMgc3BlY2lmaWNhdGlvbiBdXQoKICAgbyAgTWV0YWRhdGEg TmFtZTogInJlZ2lzdHJhdGlvbl9lbmRwb2ludCIKICAgbyAgTWV0YWRhdGEgRGVzY3JpcHRpb246 IFVSTCBvZiB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIncyBPQXV0aCAyLjAKICAgICAgRHluYW1p YyBDbGllbnQgUmVnaXN0cmF0aW9uIEVuZHBvaW50CiAgIG8gIENoYW5nZSBDb250cm9sbGVyOiBJ RVNHCiAgIG8gIFNwZWNpZmljYXRpb24gRG9jdW1lbnQocyk6IFNlY3Rpb24gMiBvZiBbWyB0aGlz IHNwZWNpZmljYXRpb24gXV0KCiAgIG8gIE1ldGFkYXRhIE5hbWU6ICJzY29wZXNfc3VwcG9ydGVk IgogICBvICBNZXRhZGF0YSBEZXNjcmlwdGlvbjogSlNPTiBhcnJheSBjb250YWluaW5nIGEgbGlz dCBvZiB0aGUgT0F1dGgKICAgICAgMi4wICJzY29wZSIgdmFsdWVzIHRoYXQgdGhpcyBhdXRob3Jp emF0aW9uIHNlcnZlciBzdXBwb3J0cwogICBvICBDaGFuZ2UgQ29udHJvbGxlcjogSUVTRwogICBv ICBTcGVjaWZpY2F0aW9uIERvY3VtZW50KHMpOiBTZWN0aW9uIDIgb2YgW1sgdGhpcyBzcGVjaWZp Y2F0aW9uIF1dCgogICBvICBNZXRhZGF0YSBOYW1lOiAicmVzcG9uc2VfdHlwZXNfc3VwcG9ydGVk IgogICBvICBNZXRhZGF0YSBEZXNjcmlwdGlvbjogSlNPTiBhcnJheSBjb250YWluaW5nIGEgbGlz dCBvZiB0aGUgT0F1dGgKICAgICAgMi4wICJyZXNwb25zZV90eXBlIiB2YWx1ZXMgdGhhdCB0aGlz IGF1dGhvcml6YXRpb24gc2VydmVyIHN1cHBvcnRzCiAgIG8gIENoYW5nZSBDb250cm9sbGVyOiBJ RVNHCiAgIG8gIFNwZWNpZmljYXRpb24gRG9jdW1lbnQocyk6IFNlY3Rpb24gMiBvZiBbWyB0aGlz IHNwZWNpZmljYXRpb24gXV0KCiAgIG8gIE1ldGFkYXRhIE5hbWU6ICJyZXNwb25zZV9tb2Rlc19z dXBwb3J0ZWQiCiAgIG8gIE1ldGFkYXRhIERlc2NyaXB0aW9uOiBKU09OIGFycmF5IGNvbnRhaW5p bmcgYSBsaXN0IG9mIHRoZSBPQXV0aAogICAgICAyLjAgInJlc3BvbnNlX21vZGUiIHZhbHVlcyB0 aGF0IHRoaXMgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgc3VwcG9ydHMKICAgbyAgQ2hhbmdlIENvbnRy b2xsZXI6IElFU0cKICAgbyAgU3BlY2lmaWNhdGlvbiBEb2N1bWVudChzKTogU2VjdGlvbiAyIG9m IFtbIHRoaXMgc3BlY2lmaWNhdGlvbiBdXQoKICAgbyAgTWV0YWRhdGEgTmFtZTogImdyYW50X3R5 cGVzX3N1cHBvcnRlZCIKICAgbyAgTWV0YWRhdGEgRGVzY3JpcHRpb246IEpTT04gYXJyYXkgY29u dGFpbmluZyBhIGxpc3Qgb2YgdGhlIE9BdXRoCiAgICAgIDIuMCBncmFudCB0eXBlIHZhbHVlcyB0 aGF0IHRoaXMgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgc3VwcG9ydHMKICAgbyAgQ2hhbmdlIENvbnRy b2xsZXI6IElFU0cKICAgbyAgU3BlY2lmaWNhdGlvbiBEb2N1bWVudChzKTogU2VjdGlvbiAyIG9m IFtbIHRoaXMgc3BlY2lmaWNhdGlvbiBdXQoKICAgbyAgTWV0YWRhdGEgTmFtZTogInRva2VuX2Vu ZHBvaW50X2F1dGhfbWV0aG9kc19zdXBwb3J0ZWQiCiAgIG8gIE1ldGFkYXRhIERlc2NyaXB0aW9u OiBKU09OIGFycmF5IGNvbnRhaW5pbmcgYSBsaXN0IG9mIGNsaWVudAogICAgICBhdXRoZW50aWNh dGlvbiBtZXRob2RzIHN1cHBvcnRlZCBieSB0aGlzIHRva2VuIGVuZHBvaW50CiAgIG8gIENoYW5n ZSBDb250cm9sbGVyOiBJRVNHCiAgIG8gIFNwZWNpZmljYXRpb24gRG9jdW1lbnQocyk6IFNlY3Rp b24gMiBvZiBbWyB0aGlzIHNwZWNpZmljYXRpb24gXV0KCiAgIG8gIE1ldGFkYXRhIE5hbWU6ICJ0 b2tlbl9lbmRwb2ludF9hdXRoX3NpZ25pbmdfYWxnX3ZhbHVlc19zdXBwb3J0ZWQiCiAgIG8gIE1l dGFkYXRhIERlc2NyaXB0aW9uOiBKU09OIGFycmF5IGNvbnRhaW5pbmcgYSBsaXN0IG9mIHRoZSBK V1MKICAgICAgc2lnbmluZyBhbGdvcml0aG1zIHN1cHBvcnRlZCBieSB0aGUgdG9rZW4gZW5kcG9p bnQgZm9yIHRoZQoKCgpKb25lcywgZXQgYWwuICAgICAgICAgICAgRXhwaXJlcyBBdWd1c3QgMzAs IDIwMTggICAgICAgICAgICAgICBbUGFnZSAxNl0KDApJbnRlcm5ldC1EcmFmdCAgIE9BdXRoIDIu MCBBdXRob3JpemF0aW9uIFNlcnZlciBNZXRhZGF0YSAgIEZlYnJ1YXJ5IDIwMTgKCgogICAgICBz aWduYXR1cmUgb24gdGhlIEpXVCB1c2VkIHRvIGF1dGhlbnRpY2F0ZSB0aGUgY2xpZW50IGF0IHRo ZSB0b2tlbgogICAgICBlbmRwb2ludAogICBvICBDaGFuZ2UgQ29udHJvbGxlcjogSUVTRwogICBv ICBTcGVjaWZpY2F0aW9uIERvY3VtZW50KHMpOiBTZWN0aW9uIDIgb2YgW1sgdGhpcyBzcGVjaWZp Y2F0aW9uIF1dCgogICBvICBNZXRhZGF0YSBOYW1lOiAic2VydmljZV9kb2N1bWVudGF0aW9uIgog ICBvICBNZXRhZGF0YSBEZXNjcmlwdGlvbjogVVJMIG9mIGEgcGFnZSBjb250YWluaW5nIGh1bWFu LXJlYWRhYmxlCiAgICAgIGluZm9ybWF0aW9uIHRoYXQgZGV2ZWxvcGVycyBtaWdodCB3YW50IG9y IG5lZWQgdG8ga25vdyB3aGVuIHVzaW5nCiAgICAgIHRoZSBhdXRob3JpemF0aW9uIHNlcnZlcgog ICBvICBDaGFuZ2UgQ29udHJvbGxlcjogSUVTRwogICBvICBTcGVjaWZpY2F0aW9uIERvY3VtZW50 KHMpOiBTZWN0aW9uIDIgb2YgW1sgdGhpcyBzcGVjaWZpY2F0aW9uIF1dCgogICBvICBNZXRhZGF0 YSBOYW1lOiAidWlfbG9jYWxlc19zdXBwb3J0ZWQiCiAgIG8gIE1ldGFkYXRhIERlc2NyaXB0aW9u OiBMYW5ndWFnZXMgYW5kIHNjcmlwdHMgc3VwcG9ydGVkIGZvciB0aGUgdXNlcgogICAgICBpbnRl cmZhY2UsIHJlcHJlc2VudGVkIGFzIGEgSlNPTiBhcnJheSBvZiBCQ1A0NyBsYW5ndWFnZSB0YWcK ICAgICAgdmFsdWVzCiAgIG8gIENoYW5nZSBDb250cm9sbGVyOiBJRVNHCiAgIG8gIFNwZWNpZmlj YXRpb24gRG9jdW1lbnQocyk6IFNlY3Rpb24gMiBvZiBbWyB0aGlzIHNwZWNpZmljYXRpb24gXV0K CiAgIG8gIE1ldGFkYXRhIE5hbWU6ICJvcF9wb2xpY3lfdXJpIgogICBvICBNZXRhZGF0YSBEZXNj cmlwdGlvbjogVVJMIHRoYXQgdGhlIGF1dGhvcml6YXRpb24gc2VydmVyIHByb3ZpZGVzCiAgICAg IHRvIHRoZSBwZXJzb24gcmVnaXN0ZXJpbmcgdGhlIGNsaWVudCB0byByZWFkIGFib3V0IHRoZQog ICAgICBhdXRob3JpemF0aW9uIHNlcnZlcidzIHJlcXVpcmVtZW50cyBvbiBob3cgdGhlIGNsaWVu dCBjYW4gdXNlIHRoZQogICAgICBkYXRhIHByb3ZpZGVkIGJ5IHRoZSBhdXRob3JpemF0aW9uIHNl cnZlcgogICBvICBDaGFuZ2UgQ29udHJvbGxlcjogSUVTRwogICBvICBTcGVjaWZpY2F0aW9uIERv Y3VtZW50KHMpOiBTZWN0aW9uIDIgb2YgW1sgdGhpcyBzcGVjaWZpY2F0aW9uIF1dCgogICBvICBN ZXRhZGF0YSBOYW1lOiAib3BfdG9zX3VyaSIKICAgbyAgTWV0YWRhdGEgRGVzY3JpcHRpb246IFVS TCB0aGF0IHRoZSBhdXRob3JpemF0aW9uIHNlcnZlciBwcm92aWRlcwogICAgICB0byB0aGUgcGVy c29uIHJlZ2lzdGVyaW5nIHRoZSBjbGllbnQgdG8gcmVhZCBhYm91dCB0aGUKICAgICAgYXV0aG9y aXphdGlvbiBzZXJ2ZXIncyB0ZXJtcyBvZiBzZXJ2aWNlCiAgIG8gIENoYW5nZSBDb250cm9sbGVy OiBJRVNHCiAgIG8gIFNwZWNpZmljYXRpb24gRG9jdW1lbnQocyk6IFNlY3Rpb24gMiBvZiBbWyB0 aGlzIHNwZWNpZmljYXRpb24gXV0KCiAgIG8gIE1ldGFkYXRhIE5hbWU6ICJyZXZvY2F0aW9uX2Vu ZHBvaW50IgogICBvICBNZXRhZGF0YSBEZXNjcmlwdGlvbjogVVJMIG9mIHRoZSBhdXRob3JpemF0 aW9uIHNlcnZlcidzIE9BdXRoIDIuMAogICAgICByZXZvY2F0aW9uIGVuZHBvaW50CiAgIG8gIENo YW5nZSBDb250cm9sbGVyOiBJRVNHCiAgIG8gIFNwZWNpZmljYXRpb24gRG9jdW1lbnQocyk6IFNl Y3Rpb24gMiBvZiBbWyB0aGlzIHNwZWNpZmljYXRpb24gXV0KCiAgIG8gIE1ldGFkYXRhIE5hbWU6 ICJyZXZvY2F0aW9uX2VuZHBvaW50X2F1dGhfbWV0aG9kc19zdXBwb3J0ZWQiCiAgIG8gIE1ldGFk YXRhIERlc2NyaXB0aW9uOiBKU09OIGFycmF5IGNvbnRhaW5pbmcgYSBsaXN0IG9mIGNsaWVudAog ICAgICBhdXRoZW50aWNhdGlvbiBtZXRob2RzIHN1cHBvcnRlZCBieSB0aGlzIHJldm9jYXRpb24g ZW5kcG9pbnQKICAgbyAgQ2hhbmdlIENvbnRyb2xsZXI6IElFU0cKICAgbyAgU3BlY2lmaWNhdGlv biBEb2N1bWVudChzKTogU2VjdGlvbiAyIG9mIFtbIHRoaXMgc3BlY2lmaWNhdGlvbiBdXQoKICAg byAgTWV0YWRhdGEgTmFtZToKICAgICAgInJldm9jYXRpb25fZW5kcG9pbnRfYXV0aF9zaWduaW5n X2FsZ192YWx1ZXNfc3VwcG9ydGVkIgoKCgpKb25lcywgZXQgYWwuICAgICAgICAgICAgRXhwaXJl cyBBdWd1c3QgMzAsIDIwMTggICAgICAgICAgICAgICBbUGFnZSAxN10KDApJbnRlcm5ldC1EcmFm dCAgIE9BdXRoIDIuMCBBdXRob3JpemF0aW9uIFNlcnZlciBNZXRhZGF0YSAgIEZlYnJ1YXJ5IDIw MTgKCgogICBvICBNZXRhZGF0YSBEZXNjcmlwdGlvbjogSlNPTiBhcnJheSBjb250YWluaW5nIGEg bGlzdCBvZiB0aGUgSldTCiAgICAgIHNpZ25pbmcgYWxnb3JpdGhtcyBzdXBwb3J0ZWQgYnkgdGhl IHJldm9jYXRpb24gZW5kcG9pbnQgZm9yIHRoZQogICAgICBzaWduYXR1cmUgb24gdGhlIEpXVCB1 c2VkIHRvIGF1dGhlbnRpY2F0ZSB0aGUgY2xpZW50IGF0IHRoZQogICAgICByZXZvY2F0aW9uIGVu ZHBvaW50CiAgIG8gIENoYW5nZSBDb250cm9sbGVyOiBJRVNHCiAgIG8gIFNwZWNpZmljYXRpb24g RG9jdW1lbnQocyk6IFNlY3Rpb24gMiBvZiBbWyB0aGlzIHNwZWNpZmljYXRpb24gXV0KCiAgIG8g IE1ldGFkYXRhIE5hbWU6ICJpbnRyb3NwZWN0aW9uX2VuZHBvaW50IgogICBvICBNZXRhZGF0YSBE ZXNjcmlwdGlvbjogVVJMIG9mIHRoZSBhdXRob3JpemF0aW9uIHNlcnZlcidzIE9BdXRoIDIuMAog ICAgICBpbnRyb3NwZWN0aW9uIGVuZHBvaW50CiAgIG8gIENoYW5nZSBDb250cm9sbGVyOiBJRVNH CiAgIG8gIFNwZWNpZmljYXRpb24gRG9jdW1lbnQocyk6IFNlY3Rpb24gMiBvZiBbWyB0aGlzIHNw ZWNpZmljYXRpb24gXV0KCiAgIG8gIE1ldGFkYXRhIE5hbWU6ICJpbnRyb3NwZWN0aW9uX2VuZHBv aW50X2F1dGhfbWV0aG9kc19zdXBwb3J0ZWQiCiAgIG8gIE1ldGFkYXRhIERlc2NyaXB0aW9uOiBK U09OIGFycmF5IGNvbnRhaW5pbmcgYSBsaXN0IG9mIGNsaWVudAogICAgICBhdXRoZW50aWNhdGlv biBtZXRob2RzIHN1cHBvcnRlZCBieSB0aGlzIGludHJvc3BlY3Rpb24gZW5kcG9pbnQKICAgbyAg Q2hhbmdlIENvbnRyb2xsZXI6IElFU0cKICAgbyAgU3BlY2lmaWNhdGlvbiBEb2N1bWVudChzKTog U2VjdGlvbiAyIG9mIFtbIHRoaXMgc3BlY2lmaWNhdGlvbiBdXQoKICAgbyAgTWV0YWRhdGEgTmFt ZToKICAgICAgImludHJvc3BlY3Rpb25fZW5kcG9pbnRfYXV0aF9zaWduaW5nX2FsZ192YWx1ZXNf c3VwcG9ydGVkIgogICBvICBNZXRhZGF0YSBEZXNjcmlwdGlvbjogSlNPTiBhcnJheSBjb250YWlu aW5nIGEgbGlzdCBvZiB0aGUgSldTCiAgICAgIHNpZ25pbmcgYWxnb3JpdGhtcyBzdXBwb3J0ZWQg YnkgdGhlIGludHJvc3BlY3Rpb24gZW5kcG9pbnQgZm9yIHRoZQogICAgICBzaWduYXR1cmUgb24g dGhlIEpXVCB1c2VkIHRvIGF1dGhlbnRpY2F0ZSB0aGUgY2xpZW50IGF0IHRoZQogICAgICBpbnRy b3NwZWN0aW9uIGVuZHBvaW50CiAgIG8gIENoYW5nZSBDb250cm9sbGVyOiBJRVNHCiAgIG8gIFNw ZWNpZmljYXRpb24gRG9jdW1lbnQocyk6IFNlY3Rpb24gMiBvZiBbWyB0aGlzIHNwZWNpZmljYXRp b24gXV0KCiAgIG8gIE1ldGFkYXRhIE5hbWU6ICJjb2RlX2NoYWxsZW5nZV9tZXRob2RzX3N1cHBv cnRlZCIKICAgbyAgTWV0YWRhdGEgRGVzY3JpcHRpb246IFBLQ0UgY29kZSBjaGFsbGVuZ2UgbWV0 aG9kcyBzdXBwb3J0ZWQgYnkKICAgICAgdGhpcyBhdXRob3JpemF0aW9uIHNlcnZlcgogICBvICBD aGFuZ2UgQ29udHJvbGxlcjogSUVTRwogICBvICBTcGVjaWZpY2F0aW9uIERvY3VtZW50KHMpOiBT ZWN0aW9uIDIgb2YgW1sgdGhpcyBzcGVjaWZpY2F0aW9uIF1dCgo3LjIuICBVcGRhdGVkIFJlZ2lz dHJhdGlvbiBJbnN0cnVjdGlvbnMKCiAgIFRoaXMgc3BlY2lmaWNhdGlvbiBhZGRzIHRvIHRoZSBp bnN0cnVjdGlvbnMgZm9yIHRoZSBEZXNpZ25hdGVkCiAgIEV4cGVydHMgb2YgdGhlIGZvbGxvd2lu ZyBJQU5BIHJlZ2lzdHJpZXMsIGJvdGggb2Ygd2hpY2ggYXJlIGluIHRoZQogICAiT0F1dGggUGFy YW1ldGVycyIgcmVnaXN0cnkgW0lBTkEuT0F1dGguUGFyYW1ldGVyc106CgogICBvICBPQXV0aCBB Y2Nlc3MgVG9rZW4gVHlwZXMKICAgbyAgT0F1dGggVG9rZW4gRW5kcG9pbnQgQXV0aGVudGljYXRp b24gTWV0aG9kcwoKICAgSUFOQSBoYXMgYWRkZWQgYSBsaW5rIHRvIHRoaXMgc3BlY2lmaWNhdGlv biBpbiB0aGUgUmVmZXJlbmNlIHNlY3Rpb25zCiAgIG9mIHRoZXNlIHJlZ2lzdHJpZXMuICBbWyBS RkMgRWRpdG9yOiBUaGUgYWJvdmUgc2VudGVuY2UgaXMgd3JpdHRlbiBpbgogICB0aGUgcGFzdCB0 ZW5zZSBhcyBpdCB3b3VsZCBhcHBlYXIgaW4gdGhlIGZpbmFsIHNwZWNpZmljYXRpb24sIGV2ZW4K ICAgdGhvdWdoIHRoZXNlIGxpbmtzIHdvbid0IGFjdHVhbGx5IGJlIGNyZWF0ZWQgdW50aWwgYWZ0 ZXIgdGhlIElFU0cgaGFzCgoKCgpKb25lcywgZXQgYWwuICAgICAgICAgICAgRXhwaXJlcyBBdWd1 c3QgMzAsIDIwMTggICAgICAgICAgICAgICBbUGFnZSAxOF0KDApJbnRlcm5ldC1EcmFmdCAgIE9B dXRoIDIuMCBBdXRob3JpemF0aW9uIFNlcnZlciBNZXRhZGF0YSAgIEZlYnJ1YXJ5IDIwMTgKCgog ICByZXF1ZXN0ZWQgcHVibGljYXRpb24gb2YgdGhlIHNwZWNpZmljYXRpb24uICBQbGVhc2UgZGVs ZXRlIHRoaXMgbm90ZQogICBhZnRlciB0aGUgbGlua3MgYXJlIGluIHBsYWNlLiBdXQoKICAgRm9y IHRoZXNlIHJlZ2lzdHJpZXMsIHRoZSBkZXNpZ25hdGVkIGV4cGVydHMgbXVzdCByZWplY3QgcmVn aXN0cmF0aW9uCiAgIHJlcXVlc3RzIGluIG9uZSByZWdpc3RyeSBmb3IgdmFsdWVzIGFscmVhZHkg b2NjdXJyaW5nIGluIHRoZSBvdGhlcgogICByZWdpc3RyeS4gIFRoaXMgaXMgbmVjZXNzYXJ5IGJl Y2F1c2UgdGhlCiAgICJpbnRyb3NwZWN0aW9uX2VuZHBvaW50X2F1dGhfbWV0aG9kc19zdXBwb3J0 ZWQiIHBhcmFtZXRlciBhbGxvd3MgZm9yCiAgIHRoZSB1c2Ugb2YgdmFsdWVzIGZyb20gZWl0aGVy IHJlZ2lzdHJ5LiAgVGhhdCB3YXksIGJlY2F1c2UgdGhlIHZhbHVlcwogICBpbiB0aGUgdHdvIHJl Z2lzdHJpZXMgd2lsbCBjb250aW51ZSB0byBiZSBtdXR1YWxseSBleGNsdXNpdmUsIG5vCiAgIGFt YmlndWl0aWVzIHdpbGwgYXJpc2UuCgo3LjMuICBXZWxsLUtub3duIFVSSSBSZWdpc3RyeQoKICAg VGhpcyBzcGVjaWZpY2F0aW9uIHJlZ2lzdGVycyB0aGUgd2VsbC1rbm93biBVUkkgZGVmaW5lZCBp biBTZWN0aW9uIDMKICAgaW4gdGhlIElBTkEgIldlbGwtS25vd24gVVJJcyIgcmVnaXN0cnkgW0lB TkEud2VsbC1rbm93bl0gZXN0YWJsaXNoZWQKICAgYnkgUkZDIDU3ODUgW1JGQzU3ODVdLgoKNy4z LjEuICBSZWdpc3RyeSBDb250ZW50cwoKICAgbyAgVVJJIHN1ZmZpeDogIm9hdXRoLWF1dGhvcml6 YXRpb24tc2VydmVyIgogICBvICBDaGFuZ2UgY29udHJvbGxlcjogSUVTRwogICBvICBTcGVjaWZp Y2F0aW9uIGRvY3VtZW50OiBTZWN0aW9uIDMgb2YgW1sgdGhpcyBzcGVjaWZpY2F0aW9uIF1dCiAg IG8gIFJlbGF0ZWQgaW5mb3JtYXRpb246IChub25lKQoKOC4gIFJlZmVyZW5jZXMKCjguMS4gIE5v cm1hdGl2ZSBSZWZlcmVuY2VzCgogICBbQkNQMTk1XSAgIFNoZWZmZXIsIFkuLCBIb2x6LCBSLiwg YW5kIFAuIFNhaW50LUFuZHJlLAogICAgICAgICAgICAgICJSZWNvbW1lbmRhdGlvbnMgZm9yIFNl Y3VyZSBVc2Ugb2YgVHJhbnNwb3J0IExheWVyCiAgICAgICAgICAgICAgU2VjdXJpdHkgKFRMUykg YW5kIERhdGFncmFtIFRyYW5zcG9ydCBMYXllciBTZWN1cml0eQogICAgICAgICAgICAgIChEVExT KSIsIEJDUCAxOTUsIFJGQyA3NTI1LCBET0kgMTAuMTc0ODcvUkZDNzUyNSwgTWF5CiAgICAgICAg ICAgICAgMjAxNSwgPGh0dHA6Ly93d3cucmZjLWVkaXRvci5vcmcvaW5mby9iY3AxOTU+LgoKICAg W0lBTkEuT0F1dGguUGFyYW1ldGVyc10KICAgICAgICAgICAgICBJQU5BLCAiT0F1dGggUGFyYW1l dGVycyIsCiAgICAgICAgICAgICAgPGh0dHA6Ly93d3cuaWFuYS5vcmcvYXNzaWdubWVudHMvb2F1 dGgtcGFyYW1ldGVycz4uCgogICBbSldFXSAgICAgIEpvbmVzLCBNLiBhbmQgSi4gSGlsZGVicmFu ZCwgIkpTT04gV2ViIEVuY3J5cHRpb24gKEpXRSkiLAogICAgICAgICAgICAgIFJGQyA3NTE2LCBE T0kgMTAuMTc0ODcvUkZDNzUxNiwgTWF5IDIwMTUsCiAgICAgICAgICAgICAgPGh0dHA6Ly90b29s cy5pZXRmLm9yZy9odG1sL3JmYzc1MTY+LgoKICAgW0pXS10gICAgICBKb25lcywgTS4sICJKU09O IFdlYiBLZXkgKEpXSykiLCBSRkMgNzUxNywKICAgICAgICAgICAgICBET0kgMTAuMTc0ODcvUkZD NzUxNywgTWF5IDIwMTUsCiAgICAgICAgICAgICAgPGh0dHA6Ly90b29scy5pZXRmLm9yZy9odG1s L3JmYzc1MTc+LgoKCgoKCgpKb25lcywgZXQgYWwuICAgICAgICAgICAgRXhwaXJlcyBBdWd1c3Qg MzAsIDIwMTggICAgICAgICAgICAgICBbUGFnZSAxOV0KDApJbnRlcm5ldC1EcmFmdCAgIE9BdXRo IDIuMCBBdXRob3JpemF0aW9uIFNlcnZlciBNZXRhZGF0YSAgIEZlYnJ1YXJ5IDIwMTgKCgogICBb SldTXSAgICAgIEpvbmVzLCBNLiwgQnJhZGxleSwgSi4sIGFuZCBOLiBTYWtpbXVyYSwgIkpTT04g V2ViCiAgICAgICAgICAgICAgU2lnbmF0dXJlIChKV1MpIiwgUkZDIDc1MTUsIERPSSAxMC4xNzQ4 Ny9SRkM3NTE1LCBNYXkKICAgICAgICAgICAgICAyMDE1LCA8aHR0cDovL3Rvb2xzLmlldGYub3Jn L2h0bWwvcmZjNzUxNT4uCgogICBbSldUXSAgICAgIEpvbmVzLCBNLiwgQnJhZGxleSwgSi4sIGFu ZCBOLiBTYWtpbXVyYSwgIkpTT04gV2ViIFRva2VuCiAgICAgICAgICAgICAgKEpXVCkiLCBSRkMg NzUxOSwgRE9JIDEwLjE3NDg3L1JGQzc1MTksIE1heSAyMDE1LAogICAgICAgICAgICAgIDxodHRw Oi8vdG9vbHMuaWV0Zi5vcmcvaHRtbC9yZmM3NTE5Pi4KCiAgIFtPQXV0aC5Qb3N0XQogICAgICAg ICAgICAgIEpvbmVzLCBNLiBhbmQgQi4gQ2FtcGJlbGwsICJPQXV0aCAyLjAgRm9ybSBQb3N0IFJl c3BvbnNlCiAgICAgICAgICAgICAgTW9kZSIsIEFwcmlsIDIwMTUsIDxodHRwOi8vb3BlbmlkLm5l dC9zcGVjcy8KICAgICAgICAgICAgICBvYXV0aC12Mi1mb3JtLXBvc3QtcmVzcG9uc2UtbW9kZS0x XzAuaHRtbD4uCgogICBbT0F1dGguUmVzcG9uc2VzXQogICAgICAgICAgICAgIGRlIE1lZGVpcm9z LCBCLiwgRWQuLCBTY3VydGVzY3UsIE0uLCBUYXJqYW4sIFAuLCBhbmQgTS4KICAgICAgICAgICAg ICBKb25lcywgIk9BdXRoIDIuMCBNdWx0aXBsZSBSZXNwb25zZSBUeXBlIEVuY29kaW5nCiAgICAg ICAgICAgICAgUHJhY3RpY2VzIiwgRmVicnVhcnkgMjAxNCwgPGh0dHA6Ly9vcGVuaWQubmV0L3Nw ZWNzLwogICAgICAgICAgICAgIG9hdXRoLXYyLW11bHRpcGxlLXJlc3BvbnNlLXR5cGVzLTFfMC5o dG1sPi4KCiAgIFtSRkMyMTE5XSAgQnJhZG5lciwgUy4sICJLZXkgd29yZHMgZm9yIHVzZSBpbiBS RkNzIHRvIEluZGljYXRlCiAgICAgICAgICAgICAgUmVxdWlyZW1lbnQgTGV2ZWxzIiwgQkNQIDE0 LCBSRkMgMjExOSwKICAgICAgICAgICAgICBET0kgMTAuMTc0ODcvUkZDMjExOSwgTWFyY2ggMTk5 NywKICAgICAgICAgICAgICA8aHR0cHM6Ly93d3cucmZjLWVkaXRvci5vcmcvaW5mby9yZmMyMTE5 Pi4KCiAgIFtSRkM1MjQ2XSAgRGllcmtzLCBULiBhbmQgRS4gUmVzY29ybGEsICJUaGUgVHJhbnNw b3J0IExheWVyIFNlY3VyaXR5CiAgICAgICAgICAgICAgKFRMUykgUHJvdG9jb2wgVmVyc2lvbiAx LjIiLCBSRkMgNTI0NiwKICAgICAgICAgICAgICBET0kgMTAuMTc0ODcvUkZDNTI0NiwgQXVndXN0 IDIwMDgsCiAgICAgICAgICAgICAgPGh0dHBzOi8vd3d3LnJmYy1lZGl0b3Iub3JnL2luZm8vcmZj NTI0Nj4uCgogICBbUkZDNTY0Nl0gIFBoaWxsaXBzLCBBLiwgRWQuIGFuZCBNLiBEYXZpcywgRWQu LCAiVGFncyBmb3IgSWRlbnRpZnlpbmcKICAgICAgICAgICAgICBMYW5ndWFnZXMiLCBCQ1AgNDcs IFJGQyA1NjQ2LCBET0kgMTAuMTc0ODcvUkZDNTY0NiwKICAgICAgICAgICAgICBTZXB0ZW1iZXIg MjAwOSwgPGh0dHBzOi8vd3d3LnJmYy1lZGl0b3Iub3JnL2luZm8vcmZjNTY0Nj4uCgogICBbUkZD NTc4NV0gIE5vdHRpbmdoYW0sIE0uIGFuZCBFLiBIYW1tZXItTGFoYXYsICJEZWZpbmluZyBXZWxs LUtub3duCiAgICAgICAgICAgICAgVW5pZm9ybSBSZXNvdXJjZSBJZGVudGlmaWVycyAoVVJJcyki LCBSRkMgNTc4NSwKICAgICAgICAgICAgICBET0kgMTAuMTc0ODcvUkZDNTc4NSwgQXByaWwgMjAx MCwKICAgICAgICAgICAgICA8aHR0cHM6Ly93d3cucmZjLWVkaXRvci5vcmcvaW5mby9yZmM1Nzg1 Pi4KCiAgIFtSRkM2MTI1XSAgU2FpbnQtQW5kcmUsIFAuIGFuZCBKLiBIb2RnZXMsICJSZXByZXNl bnRhdGlvbiBhbmQKICAgICAgICAgICAgICBWZXJpZmljYXRpb24gb2YgRG9tYWluLUJhc2VkIEFw cGxpY2F0aW9uIFNlcnZpY2UgSWRlbnRpdHkKICAgICAgICAgICAgICB3aXRoaW4gSW50ZXJuZXQg UHVibGljIEtleSBJbmZyYXN0cnVjdHVyZSBVc2luZyBYLjUwOQogICAgICAgICAgICAgIChQS0lY KSBDZXJ0aWZpY2F0ZXMgaW4gdGhlIENvbnRleHQgb2YgVHJhbnNwb3J0IExheWVyCiAgICAgICAg ICAgICAgU2VjdXJpdHkgKFRMUykiLCBSRkMgNjEyNSwgRE9JIDEwLjE3NDg3L1JGQzYxMjUsIE1h cmNoCiAgICAgICAgICAgICAgMjAxMSwgPGh0dHBzOi8vd3d3LnJmYy1lZGl0b3Iub3JnL2luZm8v cmZjNjEyNT4uCgogICBbUkZDNjc0OV0gIEhhcmR0LCBELiwgRWQuLCAiVGhlIE9BdXRoIDIuMCBB dXRob3JpemF0aW9uIEZyYW1ld29yayIsCiAgICAgICAgICAgICAgUkZDIDY3NDksIERPSSAxMC4x NzQ4Ny9SRkM2NzQ5LCBPY3RvYmVyIDIwMTIsCiAgICAgICAgICAgICAgPGh0dHBzOi8vd3d3LnJm Yy1lZGl0b3Iub3JnL2luZm8vcmZjNjc0OT4uCgoKCkpvbmVzLCBldCBhbC4gICAgICAgICAgICBF eHBpcmVzIEF1Z3VzdCAzMCwgMjAxOCAgICAgICAgICAgICAgIFtQYWdlIDIwXQoMCkludGVybmV0 LURyYWZ0ICAgT0F1dGggMi4wIEF1dGhvcml6YXRpb24gU2VydmVyIE1ldGFkYXRhICAgRmVicnVh cnkgMjAxOAoKCiAgIFtSRkM3MDA5XSAgTG9kZGVyc3RlZHQsIFQuLCBFZC4sIERyb25pYSwgUy4s IGFuZCBNLiBTY3VydGVzY3UsICJPQXV0aAogICAgICAgICAgICAgIDIuMCBUb2tlbiBSZXZvY2F0 aW9uIiwgUkZDIDcwMDksIERPSSAxMC4xNzQ4Ny9SRkM3MDA5LAogICAgICAgICAgICAgIEF1Z3Vz dCAyMDEzLCA8aHR0cHM6Ly93d3cucmZjLWVkaXRvci5vcmcvaW5mby9yZmM3MDA5Pi4KCiAgIFtS RkM3MDMzXSAgSm9uZXMsIFAuLCBTYWxndWVpcm8sIEcuLCBKb25lcywgTS4sIGFuZCBKLiBTbWFy ciwKICAgICAgICAgICAgICAiV2ViRmluZ2VyIiwgUkZDIDcwMzMsIERPSSAxMC4xNzQ4Ny9SRkM3 MDMzLCBTZXB0ZW1iZXIKICAgICAgICAgICAgICAyMDEzLCA8aHR0cHM6Ly93d3cucmZjLWVkaXRv ci5vcmcvaW5mby9yZmM3MDMzPi4KCiAgIFtSRkM3MTU5XSAgQnJheSwgVC4sIEVkLiwgIlRoZSBK YXZhU2NyaXB0IE9iamVjdCBOb3RhdGlvbiAoSlNPTikgRGF0YQogICAgICAgICAgICAgIEludGVy Y2hhbmdlIEZvcm1hdCIsIFJGQyA3MTU5LCBET0kgMTAuMTc0ODcvUkZDNzE1OSwgTWFyY2gKICAg ICAgICAgICAgICAyMDE0LCA8aHR0cHM6Ly93d3cucmZjLWVkaXRvci5vcmcvaW5mby9yZmM3MTU5 Pi4KCiAgIFtSRkM3NTkxXSAgUmljaGVyLCBKLiwgRWQuLCBKb25lcywgTS4sIEJyYWRsZXksIEou LCBNYWNodWxhaywgTS4sIGFuZAogICAgICAgICAgICAgIFAuIEh1bnQsICJPQXV0aCAyLjAgRHlu YW1pYyBDbGllbnQgUmVnaXN0cmF0aW9uIFByb3RvY29sIiwKICAgICAgICAgICAgICBSRkMgNzU5 MSwgRE9JIDEwLjE3NDg3L1JGQzc1OTEsIEp1bHkgMjAxNSwKICAgICAgICAgICAgICA8aHR0cHM6 Ly93d3cucmZjLWVkaXRvci5vcmcvaW5mby9yZmM3NTkxPi4KCiAgIFtSRkM3NjM2XSAgU2FraW11 cmEsIE4uLCBFZC4sIEJyYWRsZXksIEouLCBhbmQgTi4gQWdhcndhbCwgIlByb29mIEtleQogICAg ICAgICAgICAgIGZvciBDb2RlIEV4Y2hhbmdlIGJ5IE9BdXRoIFB1YmxpYyBDbGllbnRzIiwgUkZD IDc2MzYsCiAgICAgICAgICAgICAgRE9JIDEwLjE3NDg3L1JGQzc2MzYsIFNlcHRlbWJlciAyMDE1 LAogICAgICAgICAgICAgIDxodHRwczovL3d3dy5yZmMtZWRpdG9yLm9yZy9pbmZvL3JmYzc2MzY+ LgoKICAgW1JGQzc2NjJdICBSaWNoZXIsIEouLCBFZC4sICJPQXV0aCAyLjAgVG9rZW4gSW50cm9z cGVjdGlvbiIsCiAgICAgICAgICAgICAgUkZDIDc2NjIsIERPSSAxMC4xNzQ4Ny9SRkM3NjYyLCBP Y3RvYmVyIDIwMTUsCiAgICAgICAgICAgICAgPGh0dHBzOi8vd3d3LnJmYy1lZGl0b3Iub3JnL2lu Zm8vcmZjNzY2Mj4uCgogICBbUkZDODEyNl0gIENvdHRvbiwgTS4sIExlaWJhLCBCLiwgYW5kIFQu IE5hcnRlbiwgIkd1aWRlbGluZXMgZm9yCiAgICAgICAgICAgICAgV3JpdGluZyBhbiBJQU5BIENv bnNpZGVyYXRpb25zIFNlY3Rpb24gaW4gUkZDcyIsIEJDUCAyNiwKICAgICAgICAgICAgICBSRkMg ODEyNiwgRE9JIDEwLjE3NDg3L1JGQzgxMjYsIEp1bmUgMjAxNywKICAgICAgICAgICAgICA8aHR0 cHM6Ly93d3cucmZjLWVkaXRvci5vcmcvaW5mby9yZmM4MTI2Pi4KCiAgIFtSRkM4MTc0XSAgTGVp YmEsIEIuLCAiQW1iaWd1aXR5IG9mIFVwcGVyY2FzZSB2cyBMb3dlcmNhc2UgaW4gUkZDCiAgICAg ICAgICAgICAgMjExOSBLZXkgV29yZHMiLCBCQ1AgMTQsIFJGQyA4MTc0LCBET0kgMTAuMTc0ODcv UkZDODE3NCwKICAgICAgICAgICAgICBNYXkgMjAxNywgPGh0dHBzOi8vd3d3LnJmYy1lZGl0b3Iu b3JnL2luZm8vcmZjODE3ND4uCgogICBbVU5JQ09ERV0gIFRoZSBVbmljb2RlIENvbnNvcnRpdW0s ICJUaGUgVW5pY29kZSBTdGFuZGFyZCIsCiAgICAgICAgICAgICAgPGh0dHA6Ly93d3cudW5pY29k ZS5vcmcvdmVyc2lvbnMvbGF0ZXN0Lz4uCgogICBbVVNBMTVdICAgIERhdmlzLCBNLiBhbmQgSy4g V2hpc3RsZXIsICJVbmljb2RlIE5vcm1hbGl6YXRpb24gRm9ybXMiLAogICAgICAgICAgICAgIFVu aWNvZGUgU3RhbmRhcmQgQW5uZXggMTUsIEp1bmUgMjAxNSwKICAgICAgICAgICAgICA8aHR0cDov L3d3dy51bmljb2RlLm9yZy9yZXBvcnRzL3RyMTUvPi4KCjguMi4gIEluZm9ybWF0aXZlIFJlZmVy ZW5jZXMKCiAgIFtJLUQuaWV0Zi1vYXV0aC1taXgtdXAtbWl0aWdhdGlvbl0KICAgICAgICAgICAg ICBKb25lcywgTS4sIEJyYWRsZXksIEouLCBhbmQgTi4gU2FraW11cmEsICJPQXV0aCAyLjAgTWl4 LVVwCiAgICAgICAgICAgICAgTWl0aWdhdGlvbiIsIGRyYWZ0LWlldGYtb2F1dGgtbWl4LXVwLW1p dGlnYXRpb24tMDEgKHdvcmsKICAgICAgICAgICAgICBpbiBwcm9ncmVzcyksIEp1bHkgMjAxNi4K CgoKSm9uZXMsIGV0IGFsLiAgICAgICAgICAgIEV4cGlyZXMgQXVndXN0IDMwLCAyMDE4ICAgICAg ICAgICAgICAgW1BhZ2UgMjFdCgwKSW50ZXJuZXQtRHJhZnQgICBPQXV0aCAyLjAgQXV0aG9yaXph dGlvbiBTZXJ2ZXIgTWV0YWRhdGEgICBGZWJydWFyeSAyMDE4CgoKICAgW0lBTkEud2VsbC1rbm93 bl0KICAgICAgICAgICAgICBJQU5BLCAiV2VsbC1Lbm93biBVUklzIiwKICAgICAgICAgICAgICA8 aHR0cDovL3d3dy5pYW5hLm9yZy9hc3NpZ25tZW50cy93ZWxsLWtub3duLXVyaXM+LgoKICAgW09w ZW5JRC5Db3JlXQogICAgICAgICAgICAgIFNha2ltdXJhLCBOLiwgQnJhZGxleSwgSi4sIEpvbmVz LCBNLiwgZGUgTWVkZWlyb3MsIEIuLCBhbmQKICAgICAgICAgICAgICBDLiBNb3J0aW1vcmUsICJP cGVuSUQgQ29ubmVjdCBDb3JlIDEuMCIsIE5vdmVtYmVyIDIwMTQsCiAgICAgICAgICAgICAgPGh0 dHA6Ly9vcGVuaWQubmV0L3NwZWNzL29wZW5pZC1jb25uZWN0LWNvcmUtMV8wLmh0bWw+LgoKICAg W09wZW5JRC5EaXNjb3ZlcnldCiAgICAgICAgICAgICAgU2FraW11cmEsIE4uLCBCcmFkbGV5LCBK LiwgSm9uZXMsIE0uLCBhbmQgRS4gSmF5LCAiT3BlbklECiAgICAgICAgICAgICAgQ29ubmVjdCBE aXNjb3ZlcnkgMS4wIiwgTm92ZW1iZXIgMjAxNCwKICAgICAgICAgICAgICA8aHR0cDovL29wZW5p ZC5uZXQvc3BlY3MvCiAgICAgICAgICAgICAgb3BlbmlkLWNvbm5lY3QtZGlzY292ZXJ5LTFfMC5o dG1sPi4KCiAgIFtPcGVuSUQuUmVnaXN0cmF0aW9uXQogICAgICAgICAgICAgIFNha2ltdXJhLCBO LiwgQnJhZGxleSwgSi4sIGFuZCBNLiBKb25lcywgIk9wZW5JRCBDb25uZWN0CiAgICAgICAgICAg ICAgRHluYW1pYyBDbGllbnQgUmVnaXN0cmF0aW9uIDEuMCIsIE5vdmVtYmVyIDIwMTQsCiAgICAg ICAgICAgICAgPGh0dHA6Ly9vcGVuaWQubmV0L3NwZWNzLwogICAgICAgICAgICAgIG9wZW5pZC1j b25uZWN0LXJlZ2lzdHJhdGlvbi0xXzAuaHRtbD4uCgpBcHBlbmRpeCBBLiAgQWNrbm93bGVkZ2Vt ZW50cwoKICAgVGhpcyBzcGVjaWZpY2F0aW9uIGlzIGJhc2VkIG9uIHRoZSBPcGVuSUQgQ29ubmVj dCBEaXNjb3ZlcnkgMS4wCiAgIHNwZWNpZmljYXRpb24sIHdoaWNoIHdhcyBwcm9kdWNlZCBieSB0 aGUgT3BlbklEIENvbm5lY3Qgd29ya2luZyBncm91cAogICBvZiB0aGUgT3BlbklEIEZvdW5kYXRp b24uICBUaGlzIHNwZWNpZmljYXRpb24gc3RhbmRhcmRpemVzIHRoZSBkZQogICBmYWN0byB1c2Fn ZSBvZiB0aGUgbWV0YWRhdGEgZm9ybWF0IGRlZmluZWQgYnkgT3BlbklEIENvbm5lY3QKICAgRGlz Y292ZXJ5IHRvIHB1Ymxpc2ggT0F1dGggYXV0aG9yaXphdGlvbiBzZXJ2ZXIgbWV0YWRhdGEuCgog ICBUaGUgYXV0aG9ycyB3b3VsZCBsaWtlIHRvIHRoYW5rIHRoZSBmb2xsb3dpbmcgcGVvcGxlIGZv ciB0aGVpcgogICByZXZpZXdzIG9mIHRoaXMgc3BlY2lmaWNhdGlvbjogU2h3ZXRoYSBCaGFuZGFy aSwgQmVuIENhbXBiZWxsLCBCcmlhbgogICBDYW1wYmVsbCwgQnJpYW4gQ2FycGVudGVyLCBXaWxs aWFtIERlbm5pc3MsIFZsYWRpbWlyIER6aHV2aW5vdiwKICAgRG9uYWxkIEVhc3RsYWtlLCBTYW11 ZWwgRXJkdG1hbiwgR2VvcmdlIEZsZXRjaGVyLCBEaWNrIEhhcmR0LCBQaGlsCiAgIEh1bnQsIEFs ZXhleSBNZWxuaWtvdiwgVG9ueSBOYWRhbGluLCBNYXJrIE5vdHRpbmdoYW0sIEVyaWMgUmVzY29y bGEsCiAgIEp1c3RpbiBSaWNoZXIsIEFkYW0gUm9hY2gsIEhhbm5lcyBUc2Nob2ZlbmlnLCBhbmQg SGFucyBaYW5kYmVsdC4KCkFwcGVuZGl4IEIuICBEb2N1bWVudCBIaXN0b3J5CgogICBbWyB0byBi ZSByZW1vdmVkIGJ5IHRoZSBSRkMgRWRpdG9yIGJlZm9yZSBwdWJsaWNhdGlvbiBhcyBhbiBSRkMg XV0KCiAgIC0wOQoKICAgbyAgUmV2aXNlZCB0aGUgdHJhbnNmb3JtYXRpb24gYmV0d2VlbiB0aGUg aXNzdWVyIGlkZW50aWZpZXIgYW5kIHRoZQogICAgICBhdXRob3JpemF0aW9uIHNlcnZlciBtZXRh ZGF0YSBsb2NhdGlvbiB0byBjb25mb3JtIHRvIEJDUCAxOTAsIGFzCiAgICAgIHN1Z2dlc3RlZCBi eSBBZGFtIFJvYWNoLgoKICAgbyAgRGVmaW5lZCB0aGUgY2hhcmFjdGVycyBhbGxvd2VkIGluIHJl Z2lzdGVyZWQgbWV0YWRhdGEgbmFtZXMgYW5kCiAgICAgIHZhbHVlcywgYXMgc3VnZ2VzdGVkIGJ5 IEFsZXhleSBNZWxuaWtvdi4KCgoKSm9uZXMsIGV0IGFsLiAgICAgICAgICAgIEV4cGlyZXMgQXVn dXN0IDMwLCAyMDE4ICAgICAgICAgICAgICAgW1BhZ2UgMjJdCgwKSW50ZXJuZXQtRHJhZnQgICBP QXV0aCAyLjAgQXV0aG9yaXphdGlvbiBTZXJ2ZXIgTWV0YWRhdGEgICBGZWJydWFyeSAyMDE4CgoK ICAgbyAgQ2hhbmdlZCB0byB1c2luZyB0aGUgUkZDIDgxNzQgYm9pbGVycGxhdGUgaW5zdGVhZCBv ZiB0aGUgUkZDIDIxMTkKICAgICAgYm9pbGVycGxhdGUsIGFzIHN1Z2dlc3RlZCBieSBCZW4gQ2Ft cGJlbGwuCgogICBvICBBY2tub3dsZWRnZWQgYWRkaXRpb25hbCByZXZpZXdlcnMuCgogICAtMDgK CiAgIG8gIENoYW5nZWQgdGhlICJhdXRob3JpemF0aW9uX2VuZHBvaW50IiB0byBiZSBSRVFVSVJF RCBvbmx5IHdoZW4KICAgICAgZ3JhbnQgdHlwZXMgYXJlIHN1cHBvcnRlZCB0aGF0IHVzZSB0aGUg YXV0aG9yaXphdGlvbiBlbmRwb2ludC4KCiAgIG8gIEFkZGVkIHRoZSBzdGF0ZW1lbnQsIHRvIHBy b3ZpZGUgaGlzdG9yaWNhbCBjb250ZXh0LCB0aGF0IHRoaXMKICAgICAgc3BlY2lmaWNhdGlvbiBz dGFuZGFyZGl6ZXMgdGhlIGRlIGZhY3RvIHVzYWdlIG9mIHRoZSBtZXRhZGF0YQogICAgICBmb3Jt YXQgZGVmaW5lZCBieSBPcGVuSUQgQ29ubmVjdCBEaXNjb3ZlcnkgdG8gcHVibGlzaCBPQXV0aAog ICAgICBhdXRob3JpemF0aW9uIHNlcnZlciBtZXRhZGF0YS4KCiAgIG8gIEFwcGxpZWQgY2xhcmlm aWNhdGlvbnMgc3VnZ2VzdGVkIGJ5IE1hcmsgTm90dGluZ2hhbSBhYm91dCB3aGVuCiAgICAgIGFw cGxpY2F0aW9uLXNwZWNpZmljIHdlbGwta25vd24gc3VmZml4ZXMgYXJlIGFuZCBhcmUgbm90CiAg ICAgIGFwcHJvcHJpYXRlLgoKICAgbyAgQWNrbm93bGVkZ2VkIGFkZGl0aW9uYWwgcmV2aWV3ZXJz LgoKICAgLTA3CgogICBvICBBcHBsaWVkIGNsYXJpZmljYXRpb25zIHN1Z2dlc3RlZCBieSBFS1Iu CgogICAtMDYKCiAgIG8gIEluY29ycG9yYXRlZCByZXNvbHV0aW9ucyB0byB3b3JraW5nIGdyb3Vw IGxhc3QgY2FsbCBjb21tZW50cy4KCiAgIC0wNQoKICAgbyAgUmVtb3ZlZCB0aGUgInByb3RlY3Rl ZF9yZXNvdXJjZXMiIGVsZW1lbnQgYW5kIHRoZSByZWZlcmVuY2UgdG8KICAgICAgZHJhZnQtam9u ZXMtb2F1dGgtcmVzb3VyY2UtbWV0YWRhdGEuCgogICAtMDQKCiAgIG8gIEFkZGVkIHRoZSBhYmls aXR5IHRvIGxpc3QgcHJvdGVjdGVkIHJlc291cmNlcyB3aXRoIHRoZQogICAgICAicHJvdGVjdGVk X3Jlc291cmNlcyIgZWxlbWVudC4KCiAgIG8gIEFkZGVkIGFiaWxpdHkgdG8gcHJvdmlkZSBzaWdu ZWQgbWV0YWRhdGEgd2l0aCB0aGUKICAgICAgInNpZ25lZF9tZXRhZGF0YSIgZWxlbWVudC4KCiAg IG8gIFJlbW92ZWQgIkRpc2NvdmVyeSIgZnJvbSB0aGUgbmFtZSwgc2luY2UgdGhpcyBpcyBub3cg anVzdCBhYm91dAogICAgICBhdXRob3JpemF0aW9uIHNlcnZlciBtZXRhZGF0YS4KCiAgIC0wMwoK CgoKCkpvbmVzLCBldCBhbC4gICAgICAgICAgICBFeHBpcmVzIEF1Z3VzdCAzMCwgMjAxOCAgICAg ICAgICAgICAgIFtQYWdlIDIzXQoMCkludGVybmV0LURyYWZ0ICAgT0F1dGggMi4wIEF1dGhvcml6 YXRpb24gU2VydmVyIE1ldGFkYXRhICAgRmVicnVhcnkgMjAxOAoKCiAgIG8gIENoYW5nZWQgdGVy bSAiaXNzdWVyIFVSTCIgdG8gImlzc3VlciBpZGVudGlmaWVyIiBmb3IgdGVybWlub2xvZ3kKICAg ICAgY29uc2lzdGVuY3ksIHBhcmFsbGVsaW5nIHRoZSBzYW1lIHRlcm1pbm9sb2d5IGNvbnNpc3Rl bmN5IGNoYW5nZQogICAgICBpbiB0aGUgbWl4LXVwIG1pdGlnYXRpb24gc3BlYy4KCiAgIC0wMgoK ICAgbyAgQ2hhbmdlZCB0aGUgdGl0bGUgdG8gT0F1dGggMi4wIEF1dGhvcml6YXRpb24gU2VydmVy IERpc2NvdmVyeQogICAgICBNZXRhZGF0YS4KCiAgIG8gIE1hZGUgImp3a3NfdXJpIiBhbmQgInJl Z2lzdHJhdGlvbl9lbmRwb2ludCIgT1BUSU9OQUwuCgogICBvICBEZWZpbmVkIHRoZSB3ZWxsLWtu b3duIFVSSSBzdHJpbmcgIi8ud2VsbC1rbm93bi9vYXV0aC0KICAgICAgYXV0aG9yaXphdGlvbi1z ZXJ2ZXIiLgoKICAgbyAgQWRkZWQgc2VjdXJpdHkgY29uc2lkZXJhdGlvbnMgYWJvdXQgcHVibGlz aGluZyBhdXRob3JpemF0aW9uCiAgICAgIHNlcnZlciBkaXNjb3ZlcnkgbWV0YWRhdGEgaW4gYSBz dGFuZGFyZCBmb3JtYXQuCgogICBvICBBZGRlZCBzZWN1cml0eSBjb25zaWRlcmF0aW9ucyBhYm91 dCBwcm90ZWN0ZWQgcmVzb3VyY2VzLgoKICAgbyAgQWRkZWQgbW9yZSBpbmZvcm1hdGlvbiB0byB0 aGUgImdyYW50X3R5cGVzX3N1cHBvcnRlZCIgYW5kCiAgICAgICJyZXNwb25zZV90eXBlc19zdXBw b3J0ZWQiIGRlZmluaXRpb25zLgoKICAgbyAgUmVmZXJlbmNlZCB0aGUgd29ya2luZyBncm91cCBN aXgtVXAgTWl0aWdhdGlvbiBkcmFmdC4KCiAgIG8gIENoYW5nZWQgc29tZSBleGFtcGxlIG1ldGFk YXRhIHZhbHVlcy4KCiAgIG8gIEFja25vd2xlZGdlZCBpbmRpdmlkdWFscyBmb3IgdGhlaXIgY29u dHJpYnV0aW9ucyB0byB0aGUKICAgICAgc3BlY2lmaWNhdGlvbi4KCiAgIC0wMQoKICAgbyAgUmVt b3ZlZCBXZWJGaW5nZXIgZGlzY292ZXJ5LgoKICAgbyAgQ2xhcmlmaWVkIHRoZSByZWxhdGlvbnNo aXAgYmV0d2VlbiB0aGUgaXNzdWVyIGlkZW50aWZpZXIgVVJMIGFuZAogICAgICB0aGUgd2VsbC1r bm93biBVUkkgcGF0aCByZWxhdGl2ZSB0byBpdCBhdCB3aGljaCB0aGUgZGlzY292ZXJ5CiAgICAg IG1ldGFkYXRhIGRvY3VtZW50IGlzIGxvY2F0ZWQuCgogICAtMDAKCiAgIG8gIENyZWF0ZWQgdGhl IGluaXRpYWwgd29ya2luZyBncm91cCB2ZXJzaW9uIGJhc2VkIG9uIGRyYWZ0LWpvbmVzLQogICAg ICBvYXV0aC1kaXNjb3ZlcnktMDEsIHdpdGggbm8gbm9ybWF0aXZlIGNoYW5nZXMuCgpBdXRob3Jz JyBBZGRyZXNzZXMKCgoKCgoKCgpKb25lcywgZXQgYWwuICAgICAgICAgICAgRXhwaXJlcyBBdWd1 c3QgMzAsIDIwMTggICAgICAgICAgICAgICBbUGFnZSAyNF0KDApJbnRlcm5ldC1EcmFmdCAgIE9B dXRoIDIuMCBBdXRob3JpemF0aW9uIFNlcnZlciBNZXRhZGF0YSAgIEZlYnJ1YXJ5IDIwMTgKCgog ICBNaWNoYWVsIEIuIEpvbmVzCiAgIE1pY3Jvc29mdAoKICAgRW1haWw6IG1iakBtaWNyb3NvZnQu Y29tCiAgIFVSSTogICBodHRwOi8vc2VsZi1pc3N1ZWQuaW5mby8KCgogICBOYXQgU2FraW11cmEK ICAgTm9tdXJhIFJlc2VhcmNoIEluc3RpdHV0ZSwgTHRkLgoKICAgRW1haWw6IG4tc2FraW11cmFA bnJpLmNvLmpwCiAgIFVSSTogICBodHRwOi8vbmF0LnNha2ltdXJhLm9yZy8KCgogICBKb2huIEJy YWRsZXkKICAgUGluZyBJZGVudGl0eQoKICAgRW1haWw6IHZlN2p0YkB2ZTdqdGIuY29tCiAgIFVS STogICBodHRwOi8vd3d3LnRocmVhZC1zYWZlLmNvbS8KCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoK CgoKCgoKCgpKb25lcywgZXQgYWwuICAgICAgICAgICAgRXhwaXJlcyBBdWd1c3QgMzAsIDIwMTgg ICAgICAgICAgICAgICBbUGFnZSAyNV0K --_005_SN6PR2101MB0943219B09904D35D7A37CA2F5C00SN6PR2101MB0943_-- From nobody Tue Feb 27 15:16:30 2018 Return-Path: X-Original-To: oauth@ietf.org Delivered-To: oauth@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 995D112EAED; Tue, 27 Feb 2018 15:11:16 -0800 (PST) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: "\"IETF Secretariat\"" To: , Cc: ekr@rtfm.com, oauth@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 6.73.0 Auto-Submitted: auto-generated Precedence: bulk Message-ID: <151977307662.5200.12756716609735672122.idtracker@ietfa.amsl.com> Date: Tue, 27 Feb 2018 15:11:16 -0800 Archived-At: Subject: [OAUTH-WG] oauth - Requested sessions have been scheduled for IETF 101 X-BeenThere: oauth@ietf.org X-Mailman-Version: 2.1.22 List-Id: OAUTH WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 27 Feb 2018 23:11:21 -0000 Dear Rifaat Shekh-Yusef, The session(s) that you have requested have been scheduled. Below is the scheduled session information followed by the original request. oauth Session 1 (1:30:00) Monday, Afternoon Session II 1550-1720 Room Name: Viscount size: 175 --------------------------------------------- oauth Session 2 (1:30:00) Wednesday, Afternoon Session I 1330-1500 Room Name: Park Suite size: 100 --------------------------------------------- Request Information: --------------------------------------------------------- Working Group Name: Web Authorization Protocol Area Name: Security Area Session Requester: Rifaat Shekh-Yusef Number of Sessions: 2 Length of Session(s): 1.5 Hours, 1.5 Hours Number of Attendees: 50 Conflicts to Avoid: First Priority: secevent teep suit core tls ace sipcore acme tokbind People who must be present: Eric Rescorla Hannes Tschofenig Rifaat Shekh-Yusef Resources Requested: Special Requests: --------------------------------------------------------- From nobody Tue Feb 27 16:26:57 2018 Return-Path: X-Original-To: oauth@ietf.org Delivered-To: oauth@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 9686612EAD8; Tue, 27 Feb 2018 16:26:50 -0800 (PST) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: internet-drafts@ietf.org To: Cc: oauth@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 6.73.0 Auto-Submitted: auto-generated Precedence: bulk Message-ID: <151977761059.5171.17350782969162453552@ietfa.amsl.com> Date: Tue, 27 Feb 2018 16:26:50 -0800 Archived-At: Subject: [OAUTH-WG] I-D Action: draft-ietf-oauth-discovery-09.txt X-BeenThere: oauth@ietf.org X-Mailman-Version: 2.1.22 List-Id: OAUTH WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 28 Feb 2018 00:26:51 -0000 A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Web Authorization Protocol WG of the IETF. Title : OAuth 2.0 Authorization Server Metadata Authors : Michael B. Jones Nat Sakimura John Bradley Filename : draft-ietf-oauth-discovery-09.txt Pages : 25 Date : 2018-02-27 Abstract: This specification defines a metadata format that an OAuth 2.0 client can use to obtain the information needed to interact with an OAuth 2.0 authorization server, including its endpoint locations and authorization server capabilities. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-oauth-discovery/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-oauth-discovery-09 https://datatracker.ietf.org/doc/html/draft-ietf-oauth-discovery-09 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-oauth-discovery-09 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ From nobody Tue Feb 27 16:33:06 2018 Return-Path: X-Original-To: oauth@ietfa.amsl.com Delivered-To: oauth@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DC6F812D954 for ; Tue, 27 Feb 2018 16:33:03 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.019 X-Spam-Level: X-Spam-Status: No, score=-2.019 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id w9nhOeWLlKxS for ; Tue, 27 Feb 2018 16:33:01 -0800 (PST) Received: from NAM01-BY2-obe.outbound.protection.outlook.com (mail-by2nam01on0116.outbound.protection.outlook.com [104.47.34.116]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A3C0712EAC9 for ; Tue, 27 Feb 2018 16:33:01 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=DMYQq9Bx179lJycKNiShtaAiIufk7uchT+/wFmy0OeI=; b=I3fj0A1JAXkCyAbYhqEmaEnBfRZKvDHZQ7AxlbxgUXzhtlklD5+kyhWBJMOYhpu5ct4JQFDPDL7efJDt7EyhsFpG8r6IOu+Tp+6OZl0wYGOxqnK0UKg/gureXKxy+MmQEC4IPfJgbb2YclANQcpXJ/EBAOLmU89W3MG27Uf0o9c= Received: from SN6PR2101MB0943.namprd21.prod.outlook.com (52.132.114.20) by SN6PR2101MB1006.namprd21.prod.outlook.com (52.132.117.27) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.567.3; Wed, 28 Feb 2018 00:33:00 +0000 Received: from SN6PR2101MB0943.namprd21.prod.outlook.com ([fe80::9866:f6b5:e2d6:50]) by SN6PR2101MB0943.namprd21.prod.outlook.com ([fe80::9866:f6b5:e2d6:50%2]) with mapi id 15.20.0567.002; Wed, 28 Feb 2018 00:33:00 +0000 From: Mike Jones To: "oauth@ietf.org" CC: Adam Roach , Alexey Melnikov , Ben Campbell , Eric Rescorla Thread-Topic: OAuth Authorization Server Metadata spec addressing IESG feedback Thread-Index: AdOwKaRvD0zuzLUkRJmerF1eR4/E3A== Date: Wed, 28 Feb 2018 00:32:59 +0000 Message-ID: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: msip_labels: MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Enabled=True; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SiteId=72f988bf-86f1-41af-91ab-2d7cd011db47; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Owner=mbj@microsoft.com; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SetDate=2018-02-28T00:32:58.5709178Z; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Name=General; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Application=Microsoft Azure Information Protection; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Extended_MSFT_Method=Automatic; Sensitivity=General x-originating-ip: [2001:4898:80e8:b::36] x-ms-publictraffictype: Email x-microsoft-exchange-diagnostics: 1; SN6PR2101MB1006; 7:KkDxfrzJ7mS8zjO7VvcGLBTZ8hchl/A7ABdZ8V2xme2S8CLqYatJzTZVAFEUESVE69nIPF5s/75A1u7G5gwxcZpyIOfsGV0clDmO1Et/BMgdSd1V9byQZRlaRG0z0LomfQ6s/OVANhmRKA4XhcBWE+JMureLHq8bNbgoO/Ls/c3yMFRS/qoB1ETIjXI79wm62Q697vwXZX2LKltNtYhgsqKxcgHmhIUV/FkFS7l+J1RfLnHsIJ6TRYyKn1M1M3Ur x-ms-exchange-antispam-srfa-diagnostics: SOS; x-ms-office365-filtering-ht: Tenant x-ms-office365-filtering-correlation-id: 75e0ff51-486f-4907-8429-08d57e42d21a x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(4534165)(4627221)(201703031133081)(201702281549075)(48565401081)(5600026)(4604075)(3008032)(2017052603307)(7193020); SRVR:SN6PR2101MB1006; x-ms-traffictypediagnostic: SN6PR2101MB1006: x-microsoft-antispam-prvs: x-exchange-antispam-report-test: UriScan:(28532068793085)(158342451672863)(31418570063057)(21748063052155); x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(8211001083)(61425038)(6040501)(2401047)(5005006)(8121501046)(3231220)(944501209)(3002001)(93006095)(93001095)(10201501046)(6055026)(61426038)(61427038)(6041288)(20161123560045)(20161123562045)(20161123558120)(20161123564045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(6072148)(201708071742011); SRVR:SN6PR2101MB1006; BCL:0; PCL:0; RULEID:; SRVR:SN6PR2101MB1006; x-forefront-prvs: 0597911EE1 x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(39860400002)(376002)(39380400002)(396003)(346002)(366004)(209900001)(199004)(189003)(6916009)(9686003)(54896002)(22452003)(81156014)(55016002)(8936002)(6506007)(102836004)(6306002)(3280700002)(8666007)(966005)(6346003)(1730700003)(59450400001)(5630700001)(236005)(316002)(86612001)(81166006)(105586002)(8676002)(54906003)(5250100002)(68736007)(2501003)(86362001)(99286004)(7696005)(97736004)(2906002)(6436002)(14454004)(2351001)(5640700003)(33656002)(3660700001)(53936002)(106356001)(10090500001)(478600001)(2900100001)(8990500004)(7736002)(74316002)(186003)(790700001)(10290500003)(6116002)(4326008)(53376002)(72206003)(606006)(25786009)(5660300001)(6606295002); DIR:OUT; SFP:1102; SCL:1; SRVR:SN6PR2101MB1006; H:SN6PR2101MB0943.namprd21.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en; received-spf: None (protection.outlook.com: microsoft.com does not designate permitted sender hosts) authentication-results: spf=none (sender IP is ) smtp.mailfrom=Michael.Jones@microsoft.com; x-microsoft-antispam-message-info: bh6GuerpginOiuZmE14uxZgIq8CftOu66pVs1DMpKQUnkYJUwLxBGp/sncoG1MUT2je8NYHzVF4Qq6L1ReUig2QQB5/8OBBTY537abKwSjM38l5EX4fL3TsXINP6rq+qVjWOTCeKzTOsdXFcxEtj5BGMPTfDZeWM1HJFvyThcvQ= spamdiagnosticoutput: 1:99 spamdiagnosticmetadata: NSPM Content-Type: multipart/alternative; boundary="_000_SN6PR2101MB094307C28BD4B31C1CABCBFFF5C70SN6PR2101MB0943_" MIME-Version: 1.0 X-OriginatorOrg: microsoft.com X-MS-Exchange-CrossTenant-Network-Message-Id: 75e0ff51-486f-4907-8429-08d57e42d21a X-MS-Exchange-CrossTenant-originalarrivaltime: 28 Feb 2018 00:32:59.8895 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47 X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN6PR2101MB1006 Archived-At: Subject: [OAUTH-WG] OAuth Authorization Server Metadata spec addressing IESG feedback X-BeenThere: oauth@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: OAUTH WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 28 Feb 2018 00:33:04 -0000 --_000_SN6PR2101MB094307C28BD4B31C1CABCBFFF5C70SN6PR2101MB0943_ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable The OAuth Authorization Server Metadata specification has been updated to a= ddress feedback received from IESG members. Changes were: * Revised the transformation between the issuer identifier and the auth= orization server metadata location to conform to BCP 190, as suggested by A= dam Roach. * Defined the characters allowed in registered metadata names and value= s, as suggested by Alexey Melnikov. * Changed to using the RFC 8174 boilerplate instead of the RFC 2119 boi= lerplate, as suggested by Ben Campbell. * Acknowledged additional reviewers. The specification is available at: * https://tools.ietf.org/html/draft-ietf-oauth-discovery-09 An HTML-formatted version is also available at: * http://self-issued.info/docs/draft-ietf-oauth-discovery-09.html -- Mike P.S. This notice was also posted at http://self-issued.info/?p=3D1779 and = as @selfissued. --_000_SN6PR2101MB094307C28BD4B31C1CABCBFFF5C70SN6PR2101MB0943_ Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable

The OAuth Authorization Server Metadata specificatio= n has been updated to address feedback received from IESG members.  Ch= anges were:

  • Revised the transformation between the issuer identifier and the auth= orization server metadata location to conform to BCP 190, as suggested by A= dam Roach.
  • Defined the characters allowed in registered metadata= names and values, as suggested by Alexey Melnikov.
  • Changed to using the RFC 8174 boilerplate instead of = the RFC 2119 boilerplate, as suggested by Ben Campbell.
  • Acknowledged additional reviewers.

    •  

    The specification is available at:

     

    An HTML-formatted version is also available at:=

     

            &nbs= p;            &= nbsp;           &nbs= p;            &= nbsp;           &nbs= p;     -- Mike

     

    P.S.  This notice was also posted at http://self-issued.info/?p=3D1779 and as @selfissued.

     

--_000_SN6PR2101MB094307C28BD4B31C1CABCBFFF5C70SN6PR2101MB0943_-- From nobody Tue Feb 27 19:04:43 2018 Return-Path: X-Original-To: oauth@ietfa.amsl.com Delivered-To: oauth@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9325212D95A; Tue, 27 Feb 2018 19:04:42 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2 X-Spam-Level: X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id paUllXHTQxNJ; Tue, 27 Feb 2018 19:04:33 -0800 (PST) Received: from NAM03-DM3-obe.outbound.protection.outlook.com (mail-dm3nam03on0117.outbound.protection.outlook.com [104.47.41.117]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 51E3E127775; Tue, 27 Feb 2018 19:04:33 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=SHU02qfG8gMm+76b+u7HxvfvTPGw2XF8yZ9ZyOFZ6aM=; b=Vv/AkZAN3rFopkynA4S/6brw2pLpTbcDbqoTTqmFd1fAEZWhaIO2AA0yFrG6sWiyc7JggcvYF+k45R2kImSJydCAlPXL6tdn4IOeI/Rw8pLTckces3rPVJ6A/DnrTeXZAWSOw34XIwcCaPuef9v8YlJKlFoI7S9m5nd1yzG/U/k= Received: from SN6PR2101MB0943.namprd21.prod.outlook.com (52.132.114.20) by SN6PR2101MB0992.namprd21.prod.outlook.com (52.132.114.33) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.567.2; Wed, 28 Feb 2018 03:04:31 +0000 Received: from SN6PR2101MB0943.namprd21.prod.outlook.com ([fe80::9866:f6b5:e2d6:50]) by SN6PR2101MB0943.namprd21.prod.outlook.com ([fe80::9866:f6b5:e2d6:50%2]) with mapi id 15.20.0567.002; Wed, 28 Feb 2018 03:04:31 +0000 From: Mike Jones To: Alexey Melnikov , The IESG CC: "draft-ietf-oauth-discovery@ietf.org" , "oauth-chairs@ietf.org" , "oauth@ietf.org" Thread-Topic: [OAUTH-WG] Alexey Melnikov's Discuss on draft-ietf-oauth-discovery-08: (with DISCUSS and COMMENT) Thread-Index: AQHTlOop6dUBqhyeJUqE43siwWseqKODkaAQgAXXNACAAAUYYIAumhgwgAFPxVA= Date: Wed, 28 Feb 2018 03:04:31 +0000 Message-ID: References: <151678115299.24088.6785024209658543295.idtracker@ietfa.amsl.com> , <1517151884.2936052.1250819288.30846638@webmail.messagingengine.com> In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [50.47.88.236] x-ms-publictraffictype: Email x-microsoft-exchange-diagnostics: 1; SN6PR2101MB0992; 7:b2LoB+PAiHOzodcCx5XX9qmYIkEGnLVdizDX/2oHDx5b7mhOGYIDJ3zczvupEYtHgJOk+c1euKWiejs5KaaKfqvd/qa5AnskdzAO2o+Z53ptcb/UFwbCsHMnjZj5TfHV/7Vx94gLOntGpBpEQzA7k3M7iTUdp9lTENgYWKGmW12x4Rzyrf4x/J9PXpl/iGcPisgBuVYil9db2bL7NVRjLr5nTpzHlcQapke9Hbu/DErbaDKUhyCpzUd4VTOXO+N7 x-ms-exchange-antispam-srfa-diagnostics: SOS; x-ms-office365-filtering-ht: Tenant x-ms-office365-filtering-correlation-id: 44e68ae7-8987-4803-6518-08d57e57fcee x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(48565401081)(5600026)(4604075)(3008032)(4534165)(4627221)(201703031133081)(201702281549075)(2017052603307)(7193020); SRVR:SN6PR2101MB0992; x-ms-traffictypediagnostic: SN6PR2101MB0992: x-microsoft-antispam-prvs: x-exchange-antispam-report-test: UriScan:(28532068793085)(158342451672863)(120809045254105)(248736688235697)(21748063052155); x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(8211001083)(61425038)(6040501)(2401047)(5005006)(8121501046)(3231220)(944501211)(52105095)(10201501046)(3002001)(93006095)(93001095)(6055026)(61426038)(61427038)(6041288)(20161123560045)(20161123564045)(20161123562045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123558120)(6072148)(201708071742011); SRVR:SN6PR2101MB0992; BCL:0; PCL:0; RULEID:; SRVR:SN6PR2101MB0992; x-forefront-prvs: 0597911EE1 x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(979002)(39860400002)(346002)(396003)(376002)(39380400002)(366004)(199004)(189003)(13464003)(51914003)(606006)(186003)(97736004)(93886005)(8676002)(8666007)(86612001)(316002)(8990500004)(53936002)(10090500001)(68736007)(106356001)(9686003)(6306002)(8936002)(54896002)(236005)(66066001)(55016002)(81166006)(2950100002)(81156014)(105586002)(5660300001)(6436002)(102836004)(22452003)(6246003)(6116002)(790700001)(110136005)(3660700001)(7736002)(6506007)(3846002)(25786009)(345774005)(26005)(10290500003)(2900100001)(5250100002)(5890100001)(7696005)(74316002)(86362001)(229853002)(72206003)(4326008)(76176011)(99286004)(6346003)(33656002)(2906002)(3280700002)(54906003)(14454004)(966005)(53546011)(478600001)(969003)(989001)(999001)(1009001)(1019001); DIR:OUT; SFP:1102; SCL:1; SRVR:SN6PR2101MB0992; H:SN6PR2101MB0943.namprd21.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en; received-spf: None (protection.outlook.com: microsoft.com does not designate permitted sender hosts) authentication-results: spf=none (sender IP is ) smtp.mailfrom=Michael.Jones@microsoft.com; x-microsoft-antispam-message-info: MnE8/vanIMXTWvIgwA38V76empDdHQUXzw7WwTJf7dPvTq0lFFDvjwZ8KQv25Sq05IVj2PWSxCSUcqT+Qp3SB1EEWyGgMuG2y/fKCwXv8iVnaOhE+6oqvcR4ZqsebEkpTe/Wdr5drexgpTGppP+VicU1iZU0lJ/+eEXTwVzMzKM= spamdiagnosticoutput: 1:99 spamdiagnosticmetadata: NSPM Content-Type: multipart/alternative; boundary="_000_SN6PR2101MB0943D355855056120469FC27F5C70SN6PR2101MB0943_" MIME-Version: 1.0 X-OriginatorOrg: microsoft.com X-MS-Exchange-CrossTenant-Network-Message-Id: 44e68ae7-8987-4803-6518-08d57e57fcee X-MS-Exchange-CrossTenant-originalarrivaltime: 28 Feb 2018 03:04:31.1658 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47 X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN6PR2101MB0992 Archived-At: Subject: Re: [OAUTH-WG] Alexey Melnikov's Discuss on draft-ietf-oauth-discovery-08: (with DISCUSS and COMMENT) X-BeenThere: oauth@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: OAUTH WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 28 Feb 2018 03:04:43 -0000 --_000_SN6PR2101MB0943D355855056120469FC27F5C70SN6PR2101MB0943_ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable I believe that the changes in https://tools.ietf.org/html/draft-ietf-oauth-= discovery-09 address the DISCUSS and comments. Please review - ideally bef= ore the upcoming telechat. Thanks again, -- Mike From: Mike Jones Sent: Monday, February 26, 2018 11:03 PM To: The IESG ; Alexey Melnikov Cc: draft-ietf-oauth-discovery@ietf.org; oauth-chairs@ietf.org; oauth@ietf.= org Subject: RE: [OAUTH-WG] Alexey Melnikov's Discuss on draft-ietf-oauth-disco= very-08: (with DISCUSS and COMMENT) The attached drafts address the DISCUSSes from Adam and Alexey in the ways = proposed. A summary of the changes from -08 is: * Revised the transformation between the issuer identifier and the a= uthorization server metadata location to conform to BCP 190, as suggested b= y Adam Roach. * Defined the characters allowed in registered metadata names and va= lues, as suggested by Alexey Melnikov. * Changed to using the RFC 8174 boilerplate instead of the RFC 2119 = boilerplate, as suggested by Ben Campbell. * Acknowledged additional reviewers. I've attached both source and .txt versions to facilitate comparison to -08= . Unless I hear additional suggestions for improvements by my end of busin= ess Tuesday, I'll plan to publish this as -09. Thanks all, -- Mike From: Mike Jones Sent: Sunday, January 28, 2018 7:23 AM To: The IESG >; Alexey Melnikov > Cc: draft-ietf-oauth-discovery@ietf.org; oauth-chairs@ietf.org; oauth@ietf.o= rg Subject: Re: [OAUTH-WG] Alexey Melnikov's Discuss on draft-ietf-oauth-disco= very-08: (with DISCUSS and COMMENT) Your understanding matches with the intent of the language from RFC 7638. I= 'll plan to proceed on that basis then. Thanks again, -- Mike From: Alexey Melnikov Sent: Sunday, January 28, 7:04 AM Subject: Re: [OAUTH-WG] Alexey Melnikov's Discuss on draft-ietf-oauth-disco= very-08: (with DISCUSS and COMMENT) To: Mike Jones, The IESG Cc: draft-ietf-oauth-discovery@ietf.org, oauth-chairs@ietf.org, oauth@ietf.o= rg Hi Mike, On Wed, Jan 24, 2018, at 10:11 PM, Mike Jones wrote: > Thanks for = the useful review, Alexey. I propose that we use the same > character restr= ictions that are described in > https://tools.ietf.org/html/rfc7638#section= -6, which are: > > (a) require that member names being registered use > onl= y printable ASCII characters excluding double quote ('"') and > backslash (= '\') (the Unicode characters with code points U+0021, > U+0023 through U+00= 5B, and U+005D through U+007E), This looks reasonable. > or > > (b) if new = members are defined that use other code > points, require that their defini= tions specify the exact Unicode code > point sequences used to represent th= em. Furthermore, proposed > registrations that use Unicode code points that= can only be > represented in JSON strings as escaped characters must not b= e > accepted. So just to double check: it is Ok to register names in Greek = or Cyrillic (for example) and they will be compared in a case sensitive man= ner? > I also propose that we say that member name comparison occurs in the= > manner described in https://tools.ietf.org/html/rfc7159#section-8.3. My = understanding is that RFC 7159 recommends case-sensitive comparison and tha= t is fine with me. > Will that work for you, Alexey? Best Regards, Alexey >= > Thanks, > -- Mike > > -----Original Message----- > From: Alexey Melnikov= [mailto:aamelnikov@fastmail.fm] > Sent: Wednesday, January 24, 2018 12:06 = AM > To: The IESG > Cc: draft-ietf-oauth-discovery@ietf.org; Hannes Tschofenig > ; oauth-chairs@ietf.org; > Hannes.Tschofenig@gmx.net; oauth@ietf.org > Subject: Alexey M= elnikov's Discuss on draft-ietf-oauth-discovery-08: > (with DISCUSS and COM= MENT) > > Alexey Melnikov has entered the following ballot position for > d= raft-ietf-oauth-discovery-08: Discuss > > When responding, please keep the = subject line intact and reply to all > email addresses included in the To a= nd CC lines. (Feel free to cut this > introductory paragraph, however.) > >= > Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.htm= l > for more information about IESG DISCUSS and COMMENT positions. > > > Th= e document, along with other ballot positions, can be found here: > https:/= /datatracker.ietf.org/doc/draft-ietf-oauth-discovery/ > > > > -------------= --------------------------------------------------------- > DISCUSS: > ----= ------------------------------------------------------------------ > > Than= k you for the well written IANA Considerations section. I have one > commen= t on it which should be easy to resolve: > > The document doesn't seem to s= ay anything about allowed characters in > Metadata names. When the document= talks about "case-insensitive > matching", it is not clear how to implemen= t the matching, because it is > not clear whether or not Metadata names are= ASCII only. If they are not, > then you need to better define what "case i= nsensitive" means. > > > --------------------------------------------------= -------------------- > COMMENT: > -----------------------------------------= ----------------------------- > > I am agreeing with Adam's DISCUSS. > > > = _______________________________________________ > OAuth mailing list > OAut= h@ietf.org > https://www.ietf.org/mailman/listinfo/o= auth --_000_SN6PR2101MB0943D355855056120469FC27F5C70SN6PR2101MB0943_ Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable

I believe that the cha= nges in https= ://tools.ietf.org/html/draft-ietf-oauth-discovery-09 address the DISCUS= S and comments.  Please review – ideally before the upcoming tel= echat.

 

   &nbs= p;            &= nbsp;           &nbs= p;            &= nbsp;           &nbs= p; Thanks again,

   &nbs= p;            &= nbsp;           &nbs= p;            &= nbsp;           &nbs= p; -- Mike

 

From: Mike Jones
Sent: Monday, February 26, 2018 11:03 PM
To: The IESG <iesg@ietf.org>; Alexey Melnikov <aamelnikov@f= astmail.fm>
Cc: draft-ietf-oauth-discovery@ietf.org; oauth-chairs@ietf.org; oaut= h@ietf.org
Subject: RE: [OAUTH-WG] Alexey Melnikov's Discuss on draft-ietf-oaut= h-discovery-08: (with DISCUSS and COMMENT)

 

The attached drafts ad= dress the DISCUSSes from Adam and Alexey in the ways proposed.  A summ= ary of the changes from -08 is:

·        Revised the transformation betw= een the issuer identifier and the authorization server metadata location to= conform to BCP 190, as suggested by Adam Roach.

·        Defined the characters allowed = in registered metadata names and values, as suggested by Alexey Melnikov.

·        Changed to using the RFC 8174 b= oilerplate instead of the RFC 2119 boilerplate, as suggested by Ben Campbel= l.

·        Acknowledged additional reviewe= rs.

I’ve attached bo= th source and .txt versions to facilitate comparison to -08.  Unless I= hear additional suggestions for improvements by my end of business Tuesday= , I’ll plan to publish this as -09.

 

   &nbs= p;            &= nbsp;           &nbs= p;            &= nbsp;           &nbs= p; Thanks all,

   &nbs= p;            &= nbsp;           &nbs= p;            &= nbsp;           &nbs= p; -- Mike

 

From: Mike Jones
Sent: Sunday, January 28, 2018 7:23 AM
To: The IESG <iesg@ietf.org&= gt;; Alexey Melnikov <aamelnik= ov@fastmail.fm>
Cc: draft-iet= f-oauth-discovery@ietf.org; oauth-chairs@ietf.org; oauth@ietf.org
Subject: Re: [OAUTH-WG] Alexey Melnikov's Discuss on draft-ietf-oaut= h-discovery-08: (with DISCUSS and COMMENT)

 

Your understanding matches = with the intent of the language from RFC 7638. I'll plan to proceed on that= basis then.

Thanks again,

-- Mike

From: Alexey Melnikov

Sent: Sunday, January 28, 7:04 AM

Subject: Re: [OAUTH-WG] Alexey Melnikov's Discuss on draft= -ietf-oauth-discovery-08: (with DISCUSS and COMMENT)

To: Mike Jones, The IESG

Hi Mike, On Wed, Jan 24, 20= 18, at 10:11 PM, Mike Jones wrote: > Thanks for the useful review, Alexe= y. I propose that we use the same > character restrictions that are described in > https://tools.ietf.org/html/rfc7638#section-6, which are: > > (a)= require that member names being registered use > only printable ASCII c= haracters excluding double quote ('"') and > backslash ('\') (the U= nicode characters with code points U+0021, > U+0023 through U+005B, and U+005D through U+007E), This looks reasona= ble. > or > > (b) if new members are defined that use other code &= gt; points, require that their definitions specify the exact Unicode code &= gt; point sequences used to represent them. Furthermore, proposed > registrations that use Unicode code points that can only be > repr= esented in JSON strings as escaped characters must not be > accepted. So= just to double check: it is Ok to register names in Greek or Cyrillic (for= example) and they will be compared in a case sensitive manner? > I also propose that we say that member name co= mparison occurs in the > manner described in https://tools.i= etf.org/html/rfc7159#section-8.3. My understanding is that RFC 7159 rec= ommends case-sensitive comparison and that is fine with me. > Will that = work for you, Alexey? Best Regards, Alexey > > Thanks, > -- Mike > > -----Original Message----- > F= rom: Alexey Melnikov [mailto:aame= lnikov@fastmail.fm] > Sent: Wednesday, January 24, 2018 12:06 AM >= ; To: The IESG > Cc: draft-ietf-oauth-dis= covery@ietf.org; Hannes Tschofenig > ; oauth-chairs@ietf.org; > Hannes.Tschofenig@gmx.net; oauth@ietf= .org > Subject: Alexey Melnikov's Discuss on draft-ietf-oauth-discov= ery-08: > (with DISCUSS and COMMENT) > > Alexey Melnikov has enter= ed the following ballot position for > draft-ietf-oauth-discovery-08: Discuss > > When responding, please keep the subject line intact and= reply to all > email addresses included in the To and CC lines. (Feel f= ree to cut this > introductory paragraph, however.) > > > Pleas= e refer to https= ://www.ietf.org/iesg/statement/discuss-criteria.html > for more info= rmation about IESG DISCUSS and COMMENT positions. > > > The docume= nt, along with other ballot positions, can be found here: > https://datatracker.ietf.org/doc/draft-ietf-oauth-discovery/ > > = > > -----------------------------------------------------------------= ----- > DISCUSS: > --------------------------------------------------= -------------------- > > Thank you for the well written IANA Considerations section. I have one > comment on it which should be= easy to resolve: > > The document doesn't seem to say anything about= allowed characters in > Metadata names. When the document talks about &= quot;case-insensitive > matching", it is not clear how to implement the matching, because it is > not clear whether or not= Metadata names are ASCII only. If they are not, > then you need to bett= er define what "case insensitive" means. > > > ---------= ------------------------------------------------------------- > COMMENT: > -------------------------------------------------------= --------------- > > I am agreeing with Adam's DISCUSS. > > >= _______________________________________________ > OAuth mailing list &g= t; OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth

--_000_SN6PR2101MB0943D355855056120469FC27F5C70SN6PR2101MB0943_-- From nobody Tue Feb 27 23:48:56 2018 Return-Path: X-Original-To: oauth@ietfa.amsl.com Delivered-To: oauth@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DE304124207 for ; Tue, 27 Feb 2018 23:48:54 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.621 X-Spam-Level: X-Spam-Status: No, score=-2.621 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eymsMxggNvS3 for ; Tue, 27 Feb 2018 23:48:52 -0800 (PST) Received: from smtprelay05.ispgateway.de (smtprelay05.ispgateway.de [80.67.31.97]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 73A37120725 for ; Tue, 27 Feb 2018 23:48:52 -0800 (PST) Received: from [46.183.103.8] (helo=[172.16.241.143]) by smtprelay05.ispgateway.de with esmtpsa (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.89) (envelope-from ) id 1eqwUL-0000Us-Pn; Wed, 28 Feb 2018 08:49:22 +0100 From: Torsten Lodderstedt Content-Type: multipart/signed; boundary="Apple-Mail=_839077D9-49B7-46F4-906A-016FC8169ECF"; protocol="application/pkcs7-signature"; micalg=sha1 Mime-Version: 1.0 (Mac OS X Mail 11.2 \(3445.5.20\)) Message-Id: <74F11CBE-5ED8-4B2C-B219-F9036E07B3B9@lodderstedt.net> Date: Wed, 28 Feb 2018 08:48:33 +0100 To: oauth X-Mailer: Apple Mail (2.3445.5.20) X-Df-Sender: dG9yc3RlbkBsb2RkZXJzdGVkdC5uZXQ= Archived-At: Subject: [OAUTH-WG] Token Introspection and JWTs X-BeenThere: oauth@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: OAUTH WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 28 Feb 2018 07:48:55 -0000 --Apple-Mail=_839077D9-49B7-46F4-906A-016FC8169ECF Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=utf-8 Hi all, I have an use case where I would like to return signed JWTs from the = authorization server=E2=80=99s introspection endpoint. In this case, I = would like to give the resource server evidence about the fact the AS = minted the access token and is liable for its contents (verified person = data used to create a qualified electronic signature). Although token introspection more or less provides the RS with the = content of a JWT, RFC 7662 only supports plain JSON. I talked to Justin = and his recommendation was to use use a header =E2=80=9Caccept: = application/jwt=E2=80=9D to ask the AS for a signed JWT as response = instead of "application/json=E2=80=9C. We could do this but clearly it = would be a proprietary solution.=20 I would like to know whether anyone else has the same or similar = requirements and whether it would make sense to specify an extension to = RFC 7662 for JWT responses. I=E2=80=99m looking forward to get you feedback. kind regards, Torsten. --Apple-Mail=_839077D9-49B7-46F4-906A-016FC8169ECF Content-Disposition: attachment; filename=smime.p7s Content-Type: application/pkcs7-signature; name=smime.p7s Content-Transfer-Encoding: base64 MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIILKDCCBTow ggQioAMCAQICEQCSJtR3C5gtrmIWapJ6EgOVMA0GCSqGSIb3DQEBCwUAMIGXMQswCQYDVQQGEwJH QjEbMBkGA1UECBMSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHEwdTYWxmb3JkMRowGAYDVQQK ExFDT01PRE8gQ0EgTGltaXRlZDE9MDsGA1UEAxM0Q09NT0RPIFJTQSBDbGllbnQgQXV0aGVudGlj YXRpb24gYW5kIFNlY3VyZSBFbWFpbCBDQTAeFw0xODAxMDQwMDAwMDBaFw0xOTAxMDQyMzU5NTla MCgxJjAkBgkqhkiG9w0BCQEWF3RvcnN0ZW5AbG9kZGVyc3RlZHQubmV0MIIBIjANBgkqhkiG9w0B AQEFAAOCAQ8AMIIBCgKCAQEAv7DF8qZUUXBAJoSmv9yoqrhhGdqD8LF+dInQfkJNYgRBtTohMg+p Uy6TOfwPMJL7nxFZQKeROtLGcFCxoZAEtpXso6m7P3GcYleN1waJRH981U81XzH2clCg9+YRnIUp vof1EPRFyBgaVuLYiTlgVccBQ/n73mUAVkP5a9UOVblWAeQvGCvsV2TlPNCOXOtphvG137/0s048 LsHqWgtNW/Ev/2OoAdaFj5fCk70OB8jI9RZupXh5sUeznlHInWtnk7t8hL+HjeNVN0mtHubZ8btp WfStV7PT3erDhFgwLg984+00kzGdCxXHsIWPa2vb2TWKrpEJrBK8ZDY8oqX+DwIDAQABo4IB7TCC AekwHwYDVR0jBBgwFoAUgq9sjPjF/pZhfOgfPStxSF7Ei8AwHQYDVR0OBBYEFOGxsCWszkCbF4VK 6r3xiP6+8T0lMA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8EAjAAMCAGA1UdJQQZMBcGCCsGAQUF BwMEBgsrBgEEAbIxAQMFAjARBglghkgBhvhCAQEEBAMCBSAwRgYDVR0gBD8wPTA7BgwrBgEEAbIx AQIBAQEwKzApBggrBgEFBQcCARYdaHR0cHM6Ly9zZWN1cmUuY29tb2RvLm5ldC9DUFMwWgYDVR0f BFMwUTBPoE2gS4ZJaHR0cDovL2NybC5jb21vZG9jYS5jb20vQ09NT0RPUlNBQ2xpZW50QXV0aGVu dGljYXRpb25hbmRTZWN1cmVFbWFpbENBLmNybDCBiwYIKwYBBQUHAQEEfzB9MFUGCCsGAQUFBzAC hklodHRwOi8vY3J0LmNvbW9kb2NhLmNvbS9DT01PRE9SU0FDbGllbnRBdXRoZW50aWNhdGlvbmFu ZFNlY3VyZUVtYWlsQ0EuY3J0MCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5jb21vZG9jYS5jb20w IgYDVR0RBBswGYEXdG9yc3RlbkBsb2RkZXJzdGVkdC5uZXQwDQYJKoZIhvcNAQELBQADggEBALA6 7MMPtwJynHzvV7nqHNhd78IX9df4ZZPBPv42mZbyCyXgMhbESSO4bGDQTcSpdJzgIueIGl6k4+SQ koKJHGoKUKtMg5nYwk7X5yrr2JNxwGaCOwLR1W/uU092icWT56lT/3scU1Hmv9l/hXnSHaiqqcU6 xi+taGoHWtb61IzTYk7ezv4UUSBzJdutobWBuI0nNI4eSk6c9IXZoyhOcV7Egw4BFciQhP/KxveM 5x71yWvS1b7yp1CCaPypBuUdqag/WVc+vR1IdmQbk4Es0Ku25ohUh40pDdDX62iBpUSnukzTgTJe Q0oBmeTidCoa+V8FEF9OAcI7TqUEd1YAHPYwggXmMIIDzqADAgECAhBqm+E4O/8ra58B1dm4p1JW MA0GCSqGSIb3DQEBDAUAMIGFMQswCQYDVQQGEwJHQjEbMBkGA1UECBMSR3JlYXRlciBNYW5jaGVz dGVyMRAwDgYDVQQHEwdTYWxmb3JkMRowGAYDVQQKExFDT01PRE8gQ0EgTGltaXRlZDErMCkGA1UE AxMiQ09NT0RPIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0xMzAxMTAwMDAwMDBaFw0y ODAxMDkyMzU5NTlaMIGXMQswCQYDVQQGEwJHQjEbMBkGA1UECBMSR3JlYXRlciBNYW5jaGVzdGVy MRAwDgYDVQQHEwdTYWxmb3JkMRowGAYDVQQKExFDT01PRE8gQ0EgTGltaXRlZDE9MDsGA1UEAxM0 Q09NT0RPIFJTQSBDbGllbnQgQXV0aGVudGljYXRpb24gYW5kIFNlY3VyZSBFbWFpbCBDQTCCASIw DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL6znlesKHZ1QBbHOAOY08YYdiFQ8yV5C0y1oNF9 Olg+nKcxLqf2NHbZhGra0D00SOTq9bus3/mxgUsg/Wh/eXQ0pnp8tZ8XZWAnlyKMpjL+qUByRjXC A6RQyDMqVaVUkbIr5SU0RDX/kSsKwer3H1pT/HUrBN0X8sKtPTdGX8XAWt/VdMLBrZBlgvnkCos+ KQWWCo63OTTqRvaq8aWccm+KOMjTcE6s2mj6RkalweyDI7X+7U5lNo6jzC8RTXtVV4/Vwdax720Y pMPJQaDaElmOupyTf1Qib+cpukNJnQmwygjD8m046DQkLnpXNCAGjuJy1F5NATksUsbfJAr7FLUC AwEAAaOCATwwggE4MB8GA1UdIwQYMBaAFLuvfgI9+qbxPISOre44mOzZMjLUMB0GA1UdDgQWBBSC r2yM+MX+lmF86B89K3FIXsSLwDAOBgNVHQ8BAf8EBAMCAYYwEgYDVR0TAQH/BAgwBgEB/wIBADAR BgNVHSAECjAIMAYGBFUdIAAwTAYDVR0fBEUwQzBBoD+gPYY7aHR0cDovL2NybC5jb21vZG9jYS5j b20vQ09NT0RPUlNBQ2VydGlmaWNhdGlvbkF1dGhvcml0eS5jcmwwcQYIKwYBBQUHAQEEZTBjMDsG CCsGAQUFBzAChi9odHRwOi8vY3J0LmNvbW9kb2NhLmNvbS9DT01PRE9SU0FBZGRUcnVzdENBLmNy dDAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuY29tb2RvY2EuY29tMA0GCSqGSIb3DQEBDAUAA4IC AQB4XLKBKDRPPO5fVs6fl1bsj6JrF/bz9kkIBtTYLzXN30D+03Hj6OxCDBEaIeNmsBhrJmuubvyE 7HtoSmR809AgcYboW+rcTNZ/8u/Hv+GTrNI/AhqX2/kiQNxmgUPt/eJPs92Qclj0HnVyy9TnSvGk SDU7I5Px+TbO+88G4zipA2psZaWeEykgzClZlPz1FjTCkk77ZXp5cQYYexE6zeeN4/0OqqoAloFr jAF4o50YJafX8mnahjp3I2Y2mkjhk0xQfhNqbzlLWPoT3m7j7U26u7zg6swjOq8hITYc3/np5tM5 aVyu6t99p17bTbY7+1RTWBviN9YJzK8HxzObXYWBf/L+VGOYNsQDTxAk0Hbvb1j6KjUhg7fO294F 29QIhhmiNOr84JHoy+fNLpfvYc/Q9EtFOI5ISYgOxLk3nD/whbUe9rmEQXLp8MB933Ij474gwwCP Upwv9mj2PMnXoc7mbrS22XUSeTwxCTP9bcmUdp4jmIoWfhQm7X9w/Zgddg+JZ/YnIHOwsGsaTUgj 7fIvxqith7DoJC91WJ8Lce3CVJqb1XWeKIJ84F7YLXZN0oa7TktYgDdmQVxYkZo1c5noaDKH9Oq9 cbm/vOYRUM1cWcef20Wkyk5S/GFyyPJwG0fR1nRas3DqAf4cXxMiEKcff7PNa4M3RGTqH0pWR8p6 EjGCA7owggO2AgEBMIGtMIGXMQswCQYDVQQGEwJHQjEbMBkGA1UECBMSR3JlYXRlciBNYW5jaGVz dGVyMRAwDgYDVQQHEwdTYWxmb3JkMRowGAYDVQQKExFDT01PRE8gQ0EgTGltaXRlZDE9MDsGA1UE AxM0Q09NT0RPIFJTQSBDbGllbnQgQXV0aGVudGljYXRpb24gYW5kIFNlY3VyZSBFbWFpbCBDQQIR AJIm1HcLmC2uYhZqknoSA5UwCQYFKw4DAhoFAKCCAeEwGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEH ATAcBgkqhkiG9w0BCQUxDxcNMTgwMjI4MDc0ODMzWjAjBgkqhkiG9w0BCQQxFgQUbzlS8zdP/XML q5r7bkJsSmT0GlIwgb4GCSsGAQQBgjcQBDGBsDCBrTCBlzELMAkGA1UEBhMCR0IxGzAZBgNVBAgT EkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENB IExpbWl0ZWQxPTA7BgNVBAMTNENPTU9ETyBSU0EgQ2xpZW50IEF1dGhlbnRpY2F0aW9uIGFuZCBT ZWN1cmUgRW1haWwgQ0ECEQCSJtR3C5gtrmIWapJ6EgOVMIHABgsqhkiG9w0BCRACCzGBsKCBrTCB lzELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2Fs Zm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxPTA7BgNVBAMTNENPTU9ETyBSU0EgQ2xp ZW50IEF1dGhlbnRpY2F0aW9uIGFuZCBTZWN1cmUgRW1haWwgQ0ECEQCSJtR3C5gtrmIWapJ6EgOV MA0GCSqGSIb3DQEBAQUABIIBAErL8QxSd8ycTzkgs5zvwUnCrbZ1CIxFyo+0WIbtl+v4b0BpKe33 bPEqsitRcBrFTDcLwY2R5DpYmMPGTPcLqw0iVtzn3zq19CO6/iOg71+YRx0lTd1y25DBXbMszUDe BOKGCOr6hPKKL7msz3UpqRMTbzYXFV0RNUvB752E4ig6d06FL2jt8wncvp9qzysdgtOd5zo8Ga9l pS3EMdJ3Z4RN7HyzrbHEMjbtNEdISZIGnIi9WIGe+1gFu3hMYPNplzUQ+0f0+BKgySNulzgh9w+B EAOkYHgidaHDORovsen1s8I4t8HQ/XQLt6k6SoUSByIxr3pqJHicpmWJVOZUdrEAAAAAAAA= --Apple-Mail=_839077D9-49B7-46F4-906A-016FC8169ECF-- From nobody Wed Feb 28 01:53:49 2018 Return-Path: X-Original-To: oauth@ietfa.amsl.com Delivered-To: oauth@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id ADBFA1276AF for ; Wed, 28 Feb 2018 01:53:47 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.899 X-Spam-Level: X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CvE605pyjBvx for ; Wed, 28 Feb 2018 01:53:46 -0800 (PST) Received: from p3plsmtpa07-04.prod.phx3.secureserver.net (p3plsmtpa07-04.prod.phx3.secureserver.net [173.201.192.233]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1FC3A1200B9 for ; Wed, 28 Feb 2018 01:53:46 -0800 (PST) Received: from [192.168.0.107] ([78.130.190.73]) by :SMTPAUTH: with SMTP id qyQieaioZkbBXqyQie0y1P; Wed, 28 Feb 2018 02:53:45 -0700 To: oauth@ietf.org References: <74F11CBE-5ED8-4B2C-B219-F9036E07B3B9@lodderstedt.net> From: Vladimir Dzhuvinov Organization: Connect2id Ltd. Message-ID: <1a80c619-51dd-b6cf-8125-057da778ecf0@connect2id.com> Date: Wed, 28 Feb 2018 11:53:43 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.6.0 MIME-Version: 1.0 In-Reply-To: <74F11CBE-5ED8-4B2C-B219-F9036E07B3B9@lodderstedt.net> Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg=sha-256; boundary="------------ms070909050907090202050702" X-CMAE-Envelope: MS4wfHwo5lO7CGVnlgyvaRmzV1vMAJpYSVnlkpe5/koqqY55YEj+1O2NDx6ydewmklfqu+7oWRDAxQMxsswHChcbQbAw8HUa3Z+sTe57kh58KGnpDzKlGKZ8 /qlJ5UJ6AzSy7OI+7Jef96td/laURf7OC+oCWVR0jCm+kGE3pkXXSocR Archived-At: Subject: Re: [OAUTH-WG] Token Introspection and JWTs X-BeenThere: oauth@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: OAUTH WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 28 Feb 2018 09:53:47 -0000 This is a cryptographically signed message in MIME format. --------------ms070909050907090202050702 Content-Type: multipart/alternative; boundary="------------12F687E4F790AD77E8760FC7" Content-Language: en-US This is a multi-part message in MIME format. --------------12F687E4F790AD77E8760FC7 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable On 28/02/18 09:48, Torsten Lodderstedt wrote: > Hi all, > > I have an use case where I would like to return signed JWTs from the au= thorization server=E2=80=99s introspection endpoint. In this case, I woul= d like to give the resource server evidence about the fact the AS minted = the access token and is liable for its contents (verified person data use= d to create a qualified electronic signature). > > Although token introspection more or less provides the RS with the cont= ent of a JWT, RFC 7662 only supports plain JSON. I talked to Justin and h= is recommendation was to use use a header =E2=80=9Caccept: application/j= wt=E2=80=9D to ask the AS for a signed JWT as response instead of "applic= ation/json=E2=80=9C. We could do this but clearly it would be a proprieta= ry solution.=20 Justin's suggestion would be relatively easy to implement. The only small downside I see is that it doesn't allow resource servers to choose a crypto algorithm for the issued JWT, which has become the norm for this kind of things in OAuth and OIDC. > I would like to know whether anyone else has the same or similar requir= ements and whether it would make sense to specify an extension to RFC 766= 2 for JWT responses. Because of the requirement for resource servers to authenticate (or submit a token authz) when they make an introspection request, we let them register as a client, using std client registration. In that case to let an RS register preferred JWT algs for the introspection response we could have parameters introspection_response_signed_response_alg introspection_response_encrypted_response_alg introspection_response_encrypted_response_enc (naming follows pattern for ID token and UserInfo algs) Vladimir --------------12F687E4F790AD77E8760FC7 Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: quoted-printable On 28/02/18 09:48, Torsten Lodderstedt wrote:
Hi all,

I have an use case where I would like to return signed JWTs from the auth=
orization server=E2=80=99s introspection endpoint. In this case, I would =
like to give the resource server evidence about the fact the AS minted th=
e access token and is liable for its contents (verified person data used =
to create a qualified electronic signature).

Although token introspection more or less provides the RS with the conten=
t of a JWT, RFC 7662 only supports plain JSON. I talked to Justin and his=
 recommendation was to use use a  header =E2=80=9Caccept: application/jwt=
=E2=80=9D to ask the AS for a signed JWT as response instead of "applicat=
ion/json=E2=80=9C. We could do this but clearly it would be a proprietary=
 solution.
Justin's suggestion would be relatively easy to implement. The only small downside I see is that it doesn't allow resource servers to choose a crypto algorithm for the issued JWT, which has become the norm for this kind of things in OAuth and OIDC.

I would like to know whether anyone else has the sam=
e or similar requirements and whether it would make sense to specify an e=
xtension to RFC 7662 for JWT responses.
Because of the requirement for resource servers to authenticate (or submit a token authz) when they make an introspection request, we let them register as a client, using std client registration. In that case to let an RS register preferred JWT algs for the introspection response we could have parameters
introspection_response_signed_response_alg
introspection_response_encrypted_response_alg
introspection_response_encrypted_response_enc
(naming follows pattern for ID token and UserInfo algs)

Vladimir --------------12F687E4F790AD77E8760FC7-- --------------ms070909050907090202050702 Content-Type: application/pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" Content-Description: S/MIME Cryptographic Signature MIAGCSqGSIb3DQEHAqCAMIACAQExDzANBglghkgBZQMEAgEFADCABgkqhkiG9w0BBwEAAKCC CfwwggSvMIIDl6ADAgECAhEA4CPLFRKDU4mtYW56VGdrITANBgkqhkiG9w0BAQsFADBvMQsw CQYDVQQGEwJTRTEUMBIGA1UEChMLQWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFkZFRydXN0IEV4 dGVybmFsIFRUUCBOZXR3b3JrMSIwIAYDVQQDExlBZGRUcnVzdCBFeHRlcm5hbCBDQSBSb290 MB4XDTE0MTIyMjAwMDAwMFoXDTIwMDUzMDEwNDgzOFowgZsxCzAJBgNVBAYTAkdCMRswGQYD VQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAOBgNVBAcTB1NhbGZvcmQxGjAYBgNVBAoTEUNP TU9ETyBDQSBMaW1pdGVkMUEwPwYDVQQDEzhDT01PRE8gU0hBLTI1NiBDbGllbnQgQXV0aGVu dGljYXRpb24gYW5kIFNlY3VyZSBFbWFpbCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC AQoCggEBAImxDdp6UxlOcFIdvFamBia3uEngludRq/HwWhNJFaO0jBtgvHpRQqd5jKQi3xdh TpHVdiMKFNNKAn+2HQmAbqUEPdm6uxb+oYepLkNSQxZ8rzJQyKZPWukI2M+TJZx7iOgwZOak +FaA/SokFDMXmaxE5WmLo0YGS8Iz1OlAnwawsayTQLm1CJM6nCpToxDbPSBhPFUDjtlOdiUC ISn6o3xxdk/u4V+B6ftUgNvDezVSt4TeIj0sMC0xf1m9UjewM2ktQ+v61qXxl3dnUYzZ7ifr vKUHOHaMpKk4/9+M9QOsSb7K93OZOg8yq5yVOhM9DkY6V3RhUL7GQD/L5OKfoiECAwEAAaOC ARcwggETMB8GA1UdIwQYMBaAFK29mHo0tCb3+sQmVO8DveAky1QaMB0GA1UdDgQWBBSSYWuC 4aKgqk/sZ/HCo/e0gADB7DAOBgNVHQ8BAf8EBAMCAYYwEgYDVR0TAQH/BAgwBgEB/wIBADAd BgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwQwEQYDVR0gBAowCDAGBgRVHSAAMEQGA1Ud HwQ9MDswOaA3oDWGM2h0dHA6Ly9jcmwudXNlcnRydXN0LmNvbS9BZGRUcnVzdEV4dGVybmFs Q0FSb290LmNybDA1BggrBgEFBQcBAQQpMCcwJQYIKwYBBQUHMAGGGWh0dHA6Ly9vY3NwLnVz ZXJ0cnVzdC5jb20wDQYJKoZIhvcNAQELBQADggEBABsqbqxVwTqriMXY7c1V86prYSvACRAj mQ/FZmpvsfW0tXdeDwJhAN99Bf4Ss6SAgAD8+x1banICCkG8BbrBWNUmwurVTYT7/oKYz1gb 4yJjnFL4uwU2q31Ypd6rO2Pl2tVz7+zg+3vio//wQiOcyraNTT7kSxgDsqgt1Ni7QkuQaYUQ 26Y3NOh74AEQpZzKOsefT4g0bopl0BqKu6ncyso20fT8wmQpNa/WsadxEdIDQ7GPPprsnjJT 9HaSyoY0B7ksyuYcStiZDcGG4pCS+1pCaiMhEOllx/XVu37qjIUgAmLq0ToHLFnFmTPyOInl tukWeh95FPZKEBom+nyK+5swggVFMIIELaADAgECAhAlSsBX16i/yGZZkfkyj/exMA0GCSqG SIb3DQEBCwUAMIGbMQswCQYDVQQGEwJHQjEbMBkGA1UECBMSR3JlYXRlciBNYW5jaGVzdGVy MRAwDgYDVQQHEwdTYWxmb3JkMRowGAYDVQQKExFDT01PRE8gQ0EgTGltaXRlZDFBMD8GA1UE AxM4Q09NT0RPIFNIQS0yNTYgQ2xpZW50IEF1dGhlbnRpY2F0aW9uIGFuZCBTZWN1cmUgRW1h aWwgQ0EwHhcNMTcwNDA2MDAwMDAwWhcNMTgwNDA2MjM1OTU5WjAoMSYwJAYJKoZIhvcNAQkB Fhd2bGFkaW1pckBjb25uZWN0MmlkLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC ggEBAMHntIxpX2yNwHUcSrxfJihY9EtYTwC4VArv/C03YlEV92AQljLFYVKtRp+iKT8WDKo2 CqzPYaIHbKD0ivoou0qXQgv4yOk8rQxFmpTzCCe2c1KercueHfy595CnMz1u8GsQyblZqFMD HmzoEvD1YZiI3FEh049tVixBnHwPD9fyiGlf8+QdjwmBLMQwdrrib7xcswNXKYIsfj6Qm5oa d83bsz8VmYm5U39DbNPh01SzqAzwZt3jMuhy0su7lMs75lKYzWMA7b/9qrp40E3vR0yDvOn5 7Ijs+LFE2wPDTebVVfYT+m24e5/v/2w6sX5g/6oJsZnwPM737zIXV7x6jqECAwEAAaOCAfUw ggHxMB8GA1UdIwQYMBaAFJJha4LhoqCqT+xn8cKj97SAAMHsMB0GA1UdDgQWBBQA+4E14UMY HyjzXHClSV9VfWHpPzAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAgBgNVHSUEGTAX BggrBgEFBQcDBAYLKwYBBAGyMQEDBQIwEQYJYIZIAYb4QgEBBAQDAgUgMEYGA1UdIAQ/MD0w OwYMKwYBBAGyMQECAQEBMCswKQYIKwYBBQUHAgEWHWh0dHBzOi8vc2VjdXJlLmNvbW9kby5u ZXQvQ1BTMF0GA1UdHwRWMFQwUqBQoE6GTGh0dHA6Ly9jcmwuY29tb2RvY2EuY29tL0NPTU9E T1NIQTI1NkNsaWVudEF1dGhlbnRpY2F0aW9uYW5kU2VjdXJlRW1haWxDQS5jcmwwgZAGCCsG AQUFBwEBBIGDMIGAMFgGCCsGAQUFBzAChkxodHRwOi8vY3J0LmNvbW9kb2NhLmNvbS9DT01P RE9TSEEyNTZDbGllbnRBdXRoZW50aWNhdGlvbmFuZFNlY3VyZUVtYWlsQ0EuY3J0MCQGCCsG AQUFBzABhhhodHRwOi8vb2NzcC5jb21vZG9jYS5jb20wIgYDVR0RBBswGYEXdmxhZGltaXJA Y29ubmVjdDJpZC5jb20wDQYJKoZIhvcNAQELBQADggEBACYLv9z6ZOucvt5MlRhNY6SJISDN 880UmdH7IdeP2kJjS3GwuVaVUCQY/frypeIm3A+y0fKEVNJAJO7tfL88yOW4wjA9JMGokpy5 RswZ0uikkNSOt6CF3YGagsfr4VnrcoUxCH+FoGZcWvWYHajJy+QkVG2i6XvsTE7jv1PIsoDU SJuCW+Dvg6iJI9Etpfv1ZrBeDEL05PkPBZfazKMj4MkVirkfbG3qgbzRzAb+7Vsm309NKQ+i EUfoxt83ByC6+URLl3PoR2UTZv7M1JQmTtaQWe1LrAEKlBGHkfnSlxueLnmpCUJRS7Ldyfh5 60OdVFcB5twXPnYWtoZfdTlbv5oxggRBMIIEPQIBATCBsDCBmzELMAkGA1UEBhMCR0IxGzAZ BgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UEChMR Q09NT0RPIENBIExpbWl0ZWQxQTA/BgNVBAMTOENPTU9ETyBTSEEtMjU2IENsaWVudCBBdXRo ZW50aWNhdGlvbiBhbmQgU2VjdXJlIEVtYWlsIENBAhAlSsBX16i/yGZZkfkyj/exMA0GCWCG SAFlAwQCAQUAoIICYTAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEP Fw0xODAyMjgwOTUzNDNaMC8GCSqGSIb3DQEJBDEiBCAUSTT5nZeW+shQalYzEQkHJEX07MwM Nykhl1i6cH53wDBsBgkqhkiG9w0BCQ8xXzBdMAsGCWCGSAFlAwQBKjALBglghkgBZQMEAQIw CgYIKoZIhvcNAwcwDgYIKoZIhvcNAwICAgCAMA0GCCqGSIb3DQMCAgFAMAcGBSsOAwIHMA0G CCqGSIb3DQMCAgEoMIHBBgkrBgEEAYI3EAQxgbMwgbAwgZsxCzAJBgNVBAYTAkdCMRswGQYD VQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAOBgNVBAcTB1NhbGZvcmQxGjAYBgNVBAoTEUNP TU9ETyBDQSBMaW1pdGVkMUEwPwYDVQQDEzhDT01PRE8gU0hBLTI1NiBDbGllbnQgQXV0aGVu dGljYXRpb24gYW5kIFNlY3VyZSBFbWFpbCBDQQIQJUrAV9eov8hmWZH5Mo/3sTCBwwYLKoZI hvcNAQkQAgsxgbOggbAwgZsxCzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNo ZXN0ZXIxEDAOBgNVBAcTB1NhbGZvcmQxGjAYBgNVBAoTEUNPTU9ETyBDQSBMaW1pdGVkMUEw PwYDVQQDEzhDT01PRE8gU0hBLTI1NiBDbGllbnQgQXV0aGVudGljYXRpb24gYW5kIFNlY3Vy ZSBFbWFpbCBDQQIQJUrAV9eov8hmWZH5Mo/3sTANBgkqhkiG9w0BAQEFAASCAQB1ZZ4gDuyG sECyZw1q1Ai9DszjOef8MAR69D/eVBMO22pJ++cdFdoIqUjw1JArxuLXZk7D8uhqn9+820EB N5p8aIQPjVfd9FEdntRB89GDZHHqrPcnXTit7hyFX1fJDODUTuJGTVsgkbZk2DLS7lddU7Gg CAu1G5HpZoP9bB2QgidrOXHhjx7kEbpcxc/n9W6E3kWIOABVfLbhS553UuVWzgkildAF8YjB 5DW6+rr/sZztRUuLlVdBSLg8tq7Eo2aWlhonqj8bXEA5sNKRkPsC6iUJMGStsHwfKf5HMqac 3+ROOmY21p8QwEOIbiE5OG9KtEZUVXFEmEB3Ihn61ZtyAAAAAAAA --------------ms070909050907090202050702-- From nobody Wed Feb 28 02:49:30 2018 Return-Path: X-Original-To: oauth@ietfa.amsl.com Delivered-To: oauth@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C886E127909 for ; Wed, 28 Feb 2018 02:49:28 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.6 X-Spam-Level: X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TZQbj_PflXQH for ; Wed, 28 Feb 2018 02:49:26 -0800 (PST) Received: from lb2-smtp-cloud7.xs4all.net (lb2-smtp-cloud7.xs4all.net [194.109.24.28]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 617C712EAF1 for ; Wed, 28 Feb 2018 02:49:26 -0800 (PST) Received: from speedym.d444x ([IPv6:2a02:a446:bd2c:1:f5c0:66aa:9cd6:954]) by smtp-cloud7.xs4all.net with ESMTPA id qzIWew1g0lILHqzIaelJLS; Wed, 28 Feb 2018 11:49:24 +0100 To: Vladimir Dzhuvinov , oauth@ietf.org References: <74F11CBE-5ED8-4B2C-B219-F9036E07B3B9@lodderstedt.net> <1a80c619-51dd-b6cf-8125-057da778ecf0@connect2id.com> From: Mark Dobrinic Message-ID: Date: Wed, 28 Feb 2018 11:49:19 +0100 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:52.0) Gecko/20100101 Thunderbird/52.6.0 MIME-Version: 1.0 In-Reply-To: <1a80c619-51dd-b6cf-8125-057da778ecf0@connect2id.com> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 8bit X-CMAE-Envelope: MS4wfEoUfNfMeeoXET7u7WWsCLddCJJrKmgSSaO1Y8N4zJvqdrBl5F3Rqv0ppilhajD3+L4OXNBZJGDGcb004HStmiHRB3P2Ouak69evjqukZ+ZWwiFtwYrI pKnquAXES7KuD6bZEdjoXQ9zbQnCDVy3IPyPrjRFnVCADJz/IndqK9qD6OO6mID4b5fP9AfOnsBNpqyWCuZkPqPK3ivywaV7NbZ0l/syIEfEnQ1IKhfK3OGu Q7Bs7PMvcfUaAvWNZ/mPS7ofCRbZKtIRAr6bnlMPI1k= Archived-At: Subject: Re: [OAUTH-WG] Token Introspection and JWTs X-BeenThere: oauth@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: OAUTH WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 28 Feb 2018 10:49:29 -0000 Having the introspect endpoint support a response Content-Type of `application/jwt` is exactly what we're doing in Curity. We actually gave it a cool name in the process, a Phantom Token ;) Doing things this way has proven highly useful in usecases where customers have high throughput requirements, and is a perfect fit in the HTTP model. As such, it wouldn't need any more discoverable endpoints, but piggybacks a AS-specific JWT token issuance setup. It's actually super simple to achieve, and as such we're planning to write it down as an extension to the RFC and submit that to the workgroup. Reason for that would be to have a standardized way of switching from reference- to self-contained token format, something we see valuable enough time to justify that. Here's what we already did with that: https://github.com/curityio/nginx_phantom_token_module https://curity.io/product/token-service/#phantom_tokens On 28/02/18 10:53, Vladimir Dzhuvinov wrote: > On 28/02/18 09:48, Torsten Lodderstedt wrote: >> Hi all, >> >> I have an use case where I would like to return signed JWTs from the authorization server’s introspection endpoint. In this case, I would like to give the resource server evidence about the fact the AS minted the access token and is liable for its contents (verified person data used to create a qualified electronic signature). >> >> Although token introspection more or less provides the RS with the content of a JWT, RFC 7662 only supports plain JSON. I talked to Justin and his recommendation was to use use a header “accept: application/jwt” to ask the AS for a signed JWT as response instead of "application/json“. We could do this but clearly it would be a proprietary solution. > Justin's suggestion would be relatively easy to implement. The only > small downside I see is that it doesn't allow resource servers to choose > a crypto algorithm for the issued JWT, which has become the norm for > this kind of things in OAuth and OIDC. > >> I would like to know whether anyone else has the same or similar requirements and whether it would make sense to specify an extension to RFC 7662 for JWT responses. > Because of the requirement for resource servers to authenticate (or > submit a token authz) when they make an introspection request, we let > them register as a client, using std client registration. In that case > to let an RS register preferred JWT algs for the introspection response > we could have parameters > > introspection_response_signed_response_alg > introspection_response_encrypted_response_alg > introspection_response_encrypted_response_enc > > (naming follows pattern for ID token and UserInfo algs) > > Vladimir > > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth > From nobody Wed Feb 28 06:43:47 2018 Return-Path: X-Original-To: oauth@ietf.org Delivered-To: oauth@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 22B13126BF3; Wed, 28 Feb 2018 06:43:41 -0800 (PST) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: Alexey Melnikov To: "The IESG" Cc: draft-ietf-oauth-discovery@ietf.org, Hannes Tschofenig , oauth-chairs@ietf.org, Hannes.Tschofenig@gmx.net, oauth@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 6.73.0 Auto-Submitted: auto-generated Precedence: bulk Message-ID: <151982902113.5155.16065862366702262286.idtracker@ietfa.amsl.com> Date: Wed, 28 Feb 2018 06:43:41 -0800 Archived-At: Subject: [OAUTH-WG] Alexey Melnikov's Discuss on draft-ietf-oauth-discovery-09: (with DISCUSS and COMMENT) X-BeenThere: oauth@ietf.org X-Mailman-Version: 2.1.22 List-Id: OAUTH WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 28 Feb 2018 14:43:41 -0000 Alexey Melnikov has entered the following ballot position for draft-ietf-oauth-discovery-09: Discuss When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html for more information about IESG DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-oauth-discovery/ ---------------------------------------------------------------------- DISCUSS: ---------------------------------------------------------------------- Thank you for the well written IANA Considerations section. I have one comment on it which should be easy to resolve: The document doesn't seem to say anything about allowed characters in Metadata names. When the document talks about "case-insensitive matching", it is not clear how to implement the matching, because it is not clear whether or not Metadata names are ASCII only. If they are not, then you need to better define what "case insensitive" means. You've made a change in section 7.1, which looks good. However there is still the following text in 7.1.1: Metadata Name: The name requested (e.g., "issuer"). This name is case-sensitive. Names may not match other registered names in a case-insensitive I suggest replacing "in a case-insensitive manner" with something like "if when applying Unicode toLowerCase() to both, they compare equal". Or maybe keep "case-insensitive" and just add a sentence explaining what it is. I think you should use toLowerCase(), as it is already recommended in other IETF specs, like RFC 8265. manner unless the Designated Experts state that there is a compelling reason to allow an exception. ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- I am agreeing with Adam's DISCUSS. I believe it was addressed in the latest version. From nobody Wed Feb 28 07:17:22 2018 Return-Path: X-Original-To: oauth@ietfa.amsl.com Delivered-To: oauth@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C65FF12EB0C; Wed, 28 Feb 2018 07:17:20 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.699 X-Spam-Level: X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=fastmail.fm header.b=LN2r7viJ; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=Oe7OKmgn Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id crIYxSwPtFkR; Wed, 28 Feb 2018 07:17:18 -0800 (PST) Received: from out5-smtp.messagingengine.com (out5-smtp.messagingengine.com [66.111.4.29]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5147D12D885; Wed, 28 Feb 2018 07:17:18 -0800 (PST) Received: from compute7.internal (compute7.nyi.internal [10.202.2.47]) by mailout.nyi.internal (Postfix) with ESMTP id B480320C00; Wed, 28 Feb 2018 10:17:17 -0500 (EST) Received: from web5 ([10.202.2.215]) by compute7.internal (MEProxy); Wed, 28 Feb 2018 10:17:17 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fastmail.fm; h= cc:content-transfer-encoding:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-sender :x-me-sender:x-sasl-enc; s=fm2; bh=GnvWp9/fJNjbvCl9D6tKUZ3eJgPrn S4i9H2b6ofhiKI=; b=LN2r7viJBYdweCQKa86hgfAjyKr3xiihglqVK1BCYo/4+ vSlTMQKI7Nac/6kNwC6pR/dAKE+G3m3XZA0yYzqjqAKw0d32sUHxHep9ejRf7Sxe 1acP5C9mluUia/63zH97rJRYKLDF4PFBpng5wK1nr0VI6gGPVLHpGhPtbmKIDPPR mZ3em+c+sxADlSHiAr3zyAMseJdw7eISdyKJXMQrDjPoScggomF/VLGUAZoHPRtX G2jipAIm/UaJH1Maz8rmbODDOFe2sI/+5WIWurxablm2rIlU5i4b8MiL41fKTe2+ VhUc2wFBDtxAXCZ4dH2Aju6jTc752v240VXbp2CjQ== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-me-sender:x-me-sender:x-sasl-enc; s=fm2; bh=GnvWp9 /fJNjbvCl9D6tKUZ3eJgPrnS4i9H2b6ofhiKI=; b=Oe7OKmgnL5Sr7EVlbstYTH 2jMkEiGb0HAVjPMG1W2A6gbxmqciLkTRHC5AAiXR9Dy1i54Un97Gp/B0A5zNwTKh 8S6vF0gXspJDLc2TVaFiZqletrhRQKGfx/a895TptIoULFUsq+hqTxe5FMKHFaV+ xlHCZQcU2aa5WwxqLmpB3j/Ctm+CfZB2k2jVcHv22TvjBOLT/E1z7ob3HMlKmiyD tQbcu2Um5wrl5RBaT1Xuo8Jjqq4cvxot/37P4uBHDo6Tr1ROch7hZA6WJ8tdS7mb nw1CoR7KTmtoxWlqbDHmWTSDeizXgdNFogryj4ZMhB9XhgwNcnvFOjMNFvNPHzpw == X-ME-Sender: Received: by mailuser.nyi.internal (Postfix, from userid 99) id 8D7CE9E111; Wed, 28 Feb 2018 10:17:17 -0500 (EST) Message-Id: <1519831037.2475728.1286530320.2EBF3AE0@webmail.messagingengine.com> From: Alexey Melnikov To: Mike Jones , The IESG Cc: draft-ietf-oauth-discovery@ietf.org, oauth-chairs@ietf.org, oauth@ietf.org MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Type: multipart/alternative; boundary="_----------=_151983103724757280" X-Mailer: MessagingEngine.com Webmail Interface - ajax-b08ff009 References: <151678115299.24088.6785024209658543295.idtracker@ietfa.amsl.com> <1517151884.2936052.1250819288.30846638@webmail.messagingengine.com> Date: Wed, 28 Feb 2018 15:17:17 +0000 In-Reply-To: Archived-At: Subject: Re: [OAUTH-WG] Alexey Melnikov's Discuss on draft-ietf-oauth-discovery-08: (with DISCUSS and COMMENT) X-BeenThere: oauth@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: OAUTH WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 28 Feb 2018 15:17:21 -0000 This is a multi-part message in MIME format. --_----------=_151983103724757280 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Hi Mike, I've suggested one extra clarification, but the rest of the changes made the document better. Thank you, Alexey On Wed, Feb 28, 2018, at 3:04 AM, Mike Jones wrote: > I believe that the changes in > https://tools.ietf.org/html/draft-ietf-oauth-discovery-09 address the > DISCUSS and comments. Please review =E2=80=93 ideally before the upcoming > telechat.>=20=20 > Thanks again,> = -- Mike >=20=20 > *From:* Mike Jones *Sent:* Monday, February 26, 2018 11:03 PM *To:* > The IESG ; Alexey Melnikov > *Cc:* draft-ietf-oauth-discovery@ietf.org; oauth-chairs@ietf.org; > oauth@ietf.org *Subject:* RE: [OAUTH-WG] Alexey Melnikov's Discuss on > draft-ietf-oauth-discovery-08: (with DISCUSS and COMMENT)>=20=20 > The attached drafts address the DISCUSSes from Adam and Alexey in the > ways proposed. A summary of the changes from -08 is:> =C2=B7 Revi= sed the transformation between the issuer identifier and > the authorization server metadata location to conform to BCP 190, as > suggested by Adam Roach.> =C2=B7 Defined the characters allowed in= registered metadata names > and values, as suggested by Alexey Melnikov.> =C2=B7 Changed to us= ing the RFC 8174 boilerplate instead of the RFC > 2119 boilerplate, as suggested by Ben Campbell.> =C2=B7 Acknowledg= ed additional reviewers. > I=E2=80=99ve attached both source and .txt versions to facilitate compari= son > to -08. Unless I hear additional suggestions for improvements by my > end of business Tuesday, I=E2=80=99ll plan to publish this as -09.>=20=20 > Thanks all, > -- Mike >=20=20 > *From:* Mike Jones *Sent:* Sunday, January 28, 2018 7:23 AM *To:* The > IESG ; Alexey Melnikov *Cc:* > draft-ietf-oauth-discovery@ietf.org; oauth-chairs@ietf.org; > oauth@ietf.org *Subject:* Re: [OAUTH-WG] Alexey Melnikov's Discuss on > draft-ietf-oauth-discovery-08: (with DISCUSS and COMMENT)>=20=20 > Your understanding matches with the intent of the language from RFC > 7638. I'll plan to proceed on that basis then.> Thanks again, > -- Mike > From: Alexey Melnikov > Sent: Sunday, January 28, 7:04 AM > Subject: Re: [OAUTH-WG] Alexey Melnikov's Discuss on draft-ietf-oauth-dis= covery- > 08: (with DISCUSS and COMMENT)> To: Mike Jones, The IESG > Cc: draft-ietf-oauth-discovery@ietf.org, oauth-chairs@ietf.org, > oauth@ietf.org> Hi Mike, On Wed, Jan 24, 2018, at 10:11 PM, Mike Jones wr= ote: > Thanks > for the useful review, Alexey. I propose that we use the same > > character restrictions that are described in > > https://tools.ietf.org/html/rfc7638#section-6, which are: > > (a) > require that member names being registered use > only printable ASCII > characters excluding double quote ('"') and > backslash ('\') (the > Unicode characters with code points U+0021, > U+0023 through U+005B, > and U+005D through U+007E), This looks reasonable. > or > > (b) if new > members are defined that use other code > points, require that their > definitions specify the exact Unicode code > point sequences used to > represent them. Furthermore, proposed > registrations that use Unicode > code points that can only be > represented in JSON strings as escaped > characters must not be > accepted. So just to double check: it is Ok > to register names in Greek or Cyrillic (for example) and they will be > compared in a case sensitive manner? > I also propose that we say that > member name comparison occurs in the > manner described in > https://tools.ietf.org/html/rfc7159#section-8.3. My understanding is > that RFC 7159 recommends case-sensitive comparison and that is fine > with me. > Will that work for you, Alexey? Best Regards, Alexey > > > Thanks, > -- Mike > > -----Original Message----- > From: Alexey > Melnikov [mailto:aamelnikov@fastmail.fm] > Sent: Wednesday, January > 24, 2018 12:06 AM > To: The IESG > Cc: draft-ietf-oauth- > discovery@ietf.org; Hannes Tschofenig > ; oauth-chairs@ietf.org; > > Hannes.Tschofenig@gmx.net; oauth@ietf.org > Subject: Alexey Melnikov's > Discuss on draft-ietf-oauth-discovery-08: > (with DISCUSS and COMMENT) > > > Alexey Melnikov has entered the following ballot position for > > draft-ietf-oauth-discovery-08: Discuss > > When responding, please > keep the subject line intact and reply to all > email addresses > included in the To and CC lines. (Feel free to cut this > introductory > paragraph, however.) > > > Please refer to > https://www.ietf.org/iesg/statement/discuss-criteria.html > for more > information about IESG DISCUSS and COMMENT positions. > > > The > document, along with other ballot positions, can be found here: > > https://datatracker.ietf.org/doc/draft-ietf-oauth-discovery/ > > > > > ---------------------------------------------------------------------- > > DISCUSS: > ------------------------------------------------------------= --------- > - > > Thank you for the well written IANA Considerations section. I > have one > comment on it which should be easy to resolve: > > The > document doesn't seem to say anything about allowed characters in > > Metadata names. When the document talks about "case-insensitive > > matching", it is not clear how to implement the matching, because it > is > not clear whether or not Metadata names are ASCII only. If they > are not, > then you need to better define what "case insensitive" > means. > > > ------------------------------------------------------------= --------- > - > COMMENT: > ----------------------------------------------------------= ----------- > - > > I am agreeing with Adam's DISCUSS. > > > > _______________________________________________ > OAuth mailing list > > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth --_----------=_151983103724757280 Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset="utf-8"
Hi Mike,
I've suggested one extra clarification, but the rest of the changes ma= de the document better.

Thank you,
Alexey

On Wed, Feb 28, 2018, at 3:04 AM, Mike Jones wrote:

I believe that the changes in https://tools.ietf.org/html/draft-ietf-oauth-di= scovery-09 address the DISCUSS and comments.  Please review =E2=80= =93 ideally before the upcoming telechat.

 

=

    = ;            &n= bsp;            = ;            &n= bsp;            = ; Thanks again,

         =             &nb= sp;            =             &nb= sp;        -- Mike<= br>

 

From: Mike Jones
Sent: Monday, February 26, 2018 11:03 PM
To: The IESG <iesg@ietf.= org>; Alexey Melnikov <aamelnikov@fastmail.fm>
Cc: draf= t-ietf-oauth-discovery@ietf.org; oauth-chairs@ietf.org; oauth@ietf.org
= Subject: RE: [OAUTH-WG] Alexey Melnikov's Discuss on draft-ietf-oaut= h-discovery-08: (with DISCUSS and COMMENT)

&n= bsp;

The attached drafts address the DISCUSSes from Adam and Alexey in the wa= ys proposed.  A summary of the changes from -08 is:

=C2=B7        Revised the transformation between the issuer= identifier and the authorization server metadata location to conform to BC= P 190, as suggested by Adam Roach.

=C2=B7        Defined the characters allowed in registered metadat= a names and values, as suggested by Alexey Melnikov.

= =C2=B7        Changed to using the RFC 8174 boil= erplate instead of the RFC 2119 boilerplate, as suggested by Ben Campbell.<= /span>

=C2=B7    &nb= sp;   Acknowledged = additional reviewers.

I=E2=80=99ve attached both sourc= e and .txt versions to facilitate comparison to -08.  Unless I hear ad= ditional suggestions for improvements by my end of business Tuesday, I=E2= =80=99ll plan to publish this as -09.

 
=

   &= nbsp;           &nbs= p;            &= nbsp;           &nbs= p;            &= nbsp; Thanks all,

        &nbs= p;            &= nbsp;           &nbs= p;            &= nbsp;        -- Mike

 =

From: Mike Jones
Sent:= Sunday, January 28, 2018 7:23 AM
To: The IESG <iesg@ietf.org>; Alexey Melnikov <aamelnikov@fastmail.fm>
Cc: draft-ietf-oauth-discovery@ietf.org; oauth-chairs@ietf.org; oauth@ietf= .org
Subject: Re: [OAUTH-WG] Alexey Melnikov's Discuss on dr= aft-ietf-oauth-discovery-08: (with DISCUSS and COMMENT)

&n= bsp;

Your understanding = matches with the intent of the language from RFC 7638. I'll plan to proceed= on that basis then.

Thanks again,

<= span class=3D"colour" style=3D"color:black">-- Mike

From: Alexey Melnikov

Sent: Sunday, January 28, 7:04 AM=

Subject: Re: [OAUTH-WG] Alexey Melnikov'= s Discuss on draft-ietf-oauth-discovery-08: (with DISCUSS and COMMENT)

To: Mike Jones, The IESG

<= span class=3D"colour" style=3D"color:black">Cc: draft-ietf-oauth-discovery@ietf.org, oauth= -chairs@ietf.org, oauth@ietf.org

<= span class=3D"colour" style=3D"color:black">Hi Mike, On Wed, Jan 24, 2018, at 10:11 PM, M= ike Jones wrote: > Thanks for the useful review, Alexey. I propose that = we use the same > character restrictions that are described in > h= ttps://tools.ietf.org/html/rfc7638#section-6, which are: > > (a) = require that member names being registered use > only printable ASCII ch= aracters excluding double quote ('"') and > backslash ('\') (the Unicode= characters with code points U+0021, > U+0023 through U+005B, and U+005D through U+007E), This looks reasonable. > or= > > (b) if new members are defined that use other code > points, = require that their definitions specify the exact Unicode code > point se= quences used to represent them. Furthermore, proposed > registrations that use Unicode code points that can only be > repr= esented in JSON strings as escaped characters must not be > accepted. So= just to double check: it is Ok to register names in Greek or Cyrillic (for= example) and they will be compared in a case sensitive manner? > I also propose that we say that member name co= mparison occurs in the > manner described in https://tools.ietf.org/html/rfc7159#section-8.3. My= understanding is that RFC 7159 recommends case-sensitive comparison and th= at is fine with me. > Will that work for you, Alexey? Best Regards, Alex= ey > > Thanks, > -- Mike > > -----Original Message----- > F= rom: Alexey Melnikov [mailto:aamelnikov@fastma= il.fm] > Sent: Wednesday, January 24, 2018 12:06 AM > To: The IES= G > Cc: draft-ietf-oauth-disco= very@ietf.org; Hannes Tschofenig > ; oau= th-chairs@ietf.org; > Hannes.Tschof= enig@gmx.net; oauth@ietf.org > Subject: Ale= xey Melnikov's Discuss on draft-ietf-oauth-discovery-08: > (with DISCUSS= and COMMENT) > > Alexey Melnikov has entered the following ballot po= sition for > draft-ietf-oauth-discovery-08: Discuss > > When responding, please keep the subject line intact and= reply to all > email addresses included in the To and CC lines. (Feel f= ree to cut this > introductory paragraph, however.) > > > Pleas= e refer to https:/= /www.ietf.org/iesg/statement/discuss-criteria.html > for more inform= ation about IESG DISCUSS and COMMENT positions. > > > The document= , along with other ballot positions, can be found here: > https://datatracker.ietf.org/doc/draft-ietf-oauth-discovery/ > &= gt; > > -------------------------------------------------------------= --------- > DISCUSS: > ----------------------------------------------= ------------------------ > > Thank you for the well written IANA Considerations section. I have one > comment on it which should be= easy to resolve: > > The document doesn't seem to say anything about= allowed characters in > Metadata names. When the document talks about "= case-insensitive > matching", it is not clear how to implement the matching, because it is > not clear whether or not= Metadata names are ASCII only. If they are not, > then you need to bett= er define what "case insensitive" means. > > > -------------------= --------------------------------------------------- > COMMENT: > -------------------------------------------------------= --------------- > > I am agreeing with Adam's DISCUSS. > > >= _______________________________________________ > OAuth mailing list &g= t; OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth


--_----------=_151983103724757280-- From nobody Wed Feb 28 08:16:32 2018 Return-Path: X-Original-To: oauth@ietfa.amsl.com Delivered-To: oauth@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0724112D0C3 for ; Wed, 28 Feb 2018 08:16:31 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.92 X-Spam-Level: X-Spam-Status: No, score=-1.92 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BhgWoFWLasKJ for ; Wed, 28 Feb 2018 08:16:29 -0800 (PST) Received: from p3plsmtpa07-01.prod.phx3.secureserver.net (p3plsmtpa07-01.prod.phx3.secureserver.net [173.201.192.230]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 565D3124B17 for ; Wed, 28 Feb 2018 08:16:29 -0800 (PST) Received: from [192.168.0.107] ([78.130.190.73]) by :SMTPAUTH: with SMTP id r4P5eSpYHCHhTr4P6eZosX; Wed, 28 Feb 2018 09:16:29 -0700 To: Mark Dobrinic , oauth@ietf.org References: <74F11CBE-5ED8-4B2C-B219-F9036E07B3B9@lodderstedt.net> <1a80c619-51dd-b6cf-8125-057da778ecf0@connect2id.com> From: Vladimir Dzhuvinov Organization: Connect2id Ltd. Message-ID: Date: Wed, 28 Feb 2018 18:16:27 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.6.0 MIME-Version: 1.0 In-Reply-To: Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg=sha-256; boundary="------------ms000008050802030400040402" X-CMAE-Envelope: MS4wfEtFEzPmVpRtPETiPDlLmTrwp8y+lIxS+Hr+q01BtKc0oM9vNb7h5k1/bOdhLJv2x3wjwWhI6Gfjk6vjOuETh8HE7Wx5HjwhTSojBzC+sgkSG567tQRl 0JKOFA1Mwc7h3z7rdK3SrZ7/QfCblM+wVuZGUmDkHo+jkOyaJb54TAvDQlIFQTX6yseN6GugO5uGn4Bpyq0hizVds35DfsvcUBA= Archived-At: Subject: Re: [OAUTH-WG] Token Introspection and JWTs X-BeenThere: oauth@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: OAUTH WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 28 Feb 2018 16:16:31 -0000 This is a cryptographically signed message in MIME format. --------------ms000008050802030400040402 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Content-Language: en-US Hi Mark, The Nginx module is superbly documented, well done! I suppose there's a set JWS alg for the issued tokens, which is agreed in advance? Vladimir On 28/02/18 12:49, Mark Dobrinic wrote: > Having the introspect endpoint support a response Content-Type of > `application/jwt` is exactly what we're doing in Curity. We actually > gave it a cool name in the process, a Phantom Token ;) > > Doing things this way has proven highly useful in usecases where > customers have high throughput requirements, and is a perfect fit in th= e > HTTP model. As such, it wouldn't need any more discoverable endpoints, > but piggybacks a AS-specific JWT token issuance setup. > > It's actually super simple to achieve, and as such we're planning to > write it down as an extension to the RFC and submit that to the > workgroup. Reason for that would be to have a standardized way of > switching from reference- to self-contained token format, something we > see valuable enough time to justify that. > > Here's what we already did with that: > https://github.com/curityio/nginx_phantom_token_module > https://curity.io/product/token-service/#phantom_tokens > > > On 28/02/18 10:53, Vladimir Dzhuvinov wrote: >> On 28/02/18 09:48, Torsten Lodderstedt wrote: >>> Hi all, >>> >>> I have an use case where I would like to return signed JWTs from the = authorization server=E2=80=99s introspection endpoint. In this case, I wo= uld like to give the resource server evidence about the fact the AS minte= d the access token and is liable for its contents (verified person data u= sed to create a qualified electronic signature). >>> >>> Although token introspection more or less provides the RS with the co= ntent of a JWT, RFC 7662 only supports plain JSON. I talked to Justin and= his recommendation was to use use a header =E2=80=9Caccept: application= /jwt=E2=80=9D to ask the AS for a signed JWT as response instead of "appl= ication/json=E2=80=9C. We could do this but clearly it would be a proprie= tary solution.=20 >> Justin's suggestion would be relatively easy to implement. The only >> small downside I see is that it doesn't allow resource servers to choo= se >> a crypto algorithm for the issued JWT, which has become the norm for >> this kind of things in OAuth and OIDC. >> >>> I would like to know whether anyone else has the same or similar requ= irements and whether it would make sense to specify an extension to RFC 7= 662 for JWT responses. >> Because of the requirement for resource servers to authenticate (or >> submit a token authz) when they make an introspection request, we let >> them register as a client, using std client registration. In that case= >> to let an RS register preferred JWT algs for the introspection respons= e >> we could have parameters >> >> introspection_response_signed_response_alg >> introspection_response_encrypted_response_alg >> introspection_response_encrypted_response_enc >> >> (naming follows pattern for ID token and UserInfo algs) >> >> Vladimir >> >> >> _______________________________________________ >> OAuth mailing list >> OAuth@ietf.org >> https://www.ietf.org/mailman/listinfo/oauth >> --------------ms000008050802030400040402 Content-Type: application/pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" Content-Description: S/MIME Cryptographic Signature MIAGCSqGSIb3DQEHAqCAMIACAQExDzANBglghkgBZQMEAgEFADCABgkqhkiG9w0BBwEAAKCC CfwwggSvMIIDl6ADAgECAhEA4CPLFRKDU4mtYW56VGdrITANBgkqhkiG9w0BAQsFADBvMQsw CQYDVQQGEwJTRTEUMBIGA1UEChMLQWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFkZFRydXN0IEV4 dGVybmFsIFRUUCBOZXR3b3JrMSIwIAYDVQQDExlBZGRUcnVzdCBFeHRlcm5hbCBDQSBSb290 MB4XDTE0MTIyMjAwMDAwMFoXDTIwMDUzMDEwNDgzOFowgZsxCzAJBgNVBAYTAkdCMRswGQYD VQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAOBgNVBAcTB1NhbGZvcmQxGjAYBgNVBAoTEUNP TU9ETyBDQSBMaW1pdGVkMUEwPwYDVQQDEzhDT01PRE8gU0hBLTI1NiBDbGllbnQgQXV0aGVu dGljYXRpb24gYW5kIFNlY3VyZSBFbWFpbCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC AQoCggEBAImxDdp6UxlOcFIdvFamBia3uEngludRq/HwWhNJFaO0jBtgvHpRQqd5jKQi3xdh TpHVdiMKFNNKAn+2HQmAbqUEPdm6uxb+oYepLkNSQxZ8rzJQyKZPWukI2M+TJZx7iOgwZOak +FaA/SokFDMXmaxE5WmLo0YGS8Iz1OlAnwawsayTQLm1CJM6nCpToxDbPSBhPFUDjtlOdiUC ISn6o3xxdk/u4V+B6ftUgNvDezVSt4TeIj0sMC0xf1m9UjewM2ktQ+v61qXxl3dnUYzZ7ifr vKUHOHaMpKk4/9+M9QOsSb7K93OZOg8yq5yVOhM9DkY6V3RhUL7GQD/L5OKfoiECAwEAAaOC ARcwggETMB8GA1UdIwQYMBaAFK29mHo0tCb3+sQmVO8DveAky1QaMB0GA1UdDgQWBBSSYWuC 4aKgqk/sZ/HCo/e0gADB7DAOBgNVHQ8BAf8EBAMCAYYwEgYDVR0TAQH/BAgwBgEB/wIBADAd BgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwQwEQYDVR0gBAowCDAGBgRVHSAAMEQGA1Ud HwQ9MDswOaA3oDWGM2h0dHA6Ly9jcmwudXNlcnRydXN0LmNvbS9BZGRUcnVzdEV4dGVybmFs Q0FSb290LmNybDA1BggrBgEFBQcBAQQpMCcwJQYIKwYBBQUHMAGGGWh0dHA6Ly9vY3NwLnVz ZXJ0cnVzdC5jb20wDQYJKoZIhvcNAQELBQADggEBABsqbqxVwTqriMXY7c1V86prYSvACRAj mQ/FZmpvsfW0tXdeDwJhAN99Bf4Ss6SAgAD8+x1banICCkG8BbrBWNUmwurVTYT7/oKYz1gb 4yJjnFL4uwU2q31Ypd6rO2Pl2tVz7+zg+3vio//wQiOcyraNTT7kSxgDsqgt1Ni7QkuQaYUQ 26Y3NOh74AEQpZzKOsefT4g0bopl0BqKu6ncyso20fT8wmQpNa/WsadxEdIDQ7GPPprsnjJT 9HaSyoY0B7ksyuYcStiZDcGG4pCS+1pCaiMhEOllx/XVu37qjIUgAmLq0ToHLFnFmTPyOInl tukWeh95FPZKEBom+nyK+5swggVFMIIELaADAgECAhAlSsBX16i/yGZZkfkyj/exMA0GCSqG SIb3DQEBCwUAMIGbMQswCQYDVQQGEwJHQjEbMBkGA1UECBMSR3JlYXRlciBNYW5jaGVzdGVy MRAwDgYDVQQHEwdTYWxmb3JkMRowGAYDVQQKExFDT01PRE8gQ0EgTGltaXRlZDFBMD8GA1UE AxM4Q09NT0RPIFNIQS0yNTYgQ2xpZW50IEF1dGhlbnRpY2F0aW9uIGFuZCBTZWN1cmUgRW1h aWwgQ0EwHhcNMTcwNDA2MDAwMDAwWhcNMTgwNDA2MjM1OTU5WjAoMSYwJAYJKoZIhvcNAQkB Fhd2bGFkaW1pckBjb25uZWN0MmlkLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC ggEBAMHntIxpX2yNwHUcSrxfJihY9EtYTwC4VArv/C03YlEV92AQljLFYVKtRp+iKT8WDKo2 CqzPYaIHbKD0ivoou0qXQgv4yOk8rQxFmpTzCCe2c1KercueHfy595CnMz1u8GsQyblZqFMD HmzoEvD1YZiI3FEh049tVixBnHwPD9fyiGlf8+QdjwmBLMQwdrrib7xcswNXKYIsfj6Qm5oa d83bsz8VmYm5U39DbNPh01SzqAzwZt3jMuhy0su7lMs75lKYzWMA7b/9qrp40E3vR0yDvOn5 7Ijs+LFE2wPDTebVVfYT+m24e5/v/2w6sX5g/6oJsZnwPM737zIXV7x6jqECAwEAAaOCAfUw ggHxMB8GA1UdIwQYMBaAFJJha4LhoqCqT+xn8cKj97SAAMHsMB0GA1UdDgQWBBQA+4E14UMY HyjzXHClSV9VfWHpPzAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAgBgNVHSUEGTAX BggrBgEFBQcDBAYLKwYBBAGyMQEDBQIwEQYJYIZIAYb4QgEBBAQDAgUgMEYGA1UdIAQ/MD0w OwYMKwYBBAGyMQECAQEBMCswKQYIKwYBBQUHAgEWHWh0dHBzOi8vc2VjdXJlLmNvbW9kby5u ZXQvQ1BTMF0GA1UdHwRWMFQwUqBQoE6GTGh0dHA6Ly9jcmwuY29tb2RvY2EuY29tL0NPTU9E T1NIQTI1NkNsaWVudEF1dGhlbnRpY2F0aW9uYW5kU2VjdXJlRW1haWxDQS5jcmwwgZAGCCsG AQUFBwEBBIGDMIGAMFgGCCsGAQUFBzAChkxodHRwOi8vY3J0LmNvbW9kb2NhLmNvbS9DT01P RE9TSEEyNTZDbGllbnRBdXRoZW50aWNhdGlvbmFuZFNlY3VyZUVtYWlsQ0EuY3J0MCQGCCsG AQUFBzABhhhodHRwOi8vb2NzcC5jb21vZG9jYS5jb20wIgYDVR0RBBswGYEXdmxhZGltaXJA Y29ubmVjdDJpZC5jb20wDQYJKoZIhvcNAQELBQADggEBACYLv9z6ZOucvt5MlRhNY6SJISDN 880UmdH7IdeP2kJjS3GwuVaVUCQY/frypeIm3A+y0fKEVNJAJO7tfL88yOW4wjA9JMGokpy5 RswZ0uikkNSOt6CF3YGagsfr4VnrcoUxCH+FoGZcWvWYHajJy+QkVG2i6XvsTE7jv1PIsoDU SJuCW+Dvg6iJI9Etpfv1ZrBeDEL05PkPBZfazKMj4MkVirkfbG3qgbzRzAb+7Vsm309NKQ+i EUfoxt83ByC6+URLl3PoR2UTZv7M1JQmTtaQWe1LrAEKlBGHkfnSlxueLnmpCUJRS7Ldyfh5 60OdVFcB5twXPnYWtoZfdTlbv5oxggRBMIIEPQIBATCBsDCBmzELMAkGA1UEBhMCR0IxGzAZ BgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UEChMR Q09NT0RPIENBIExpbWl0ZWQxQTA/BgNVBAMTOENPTU9ETyBTSEEtMjU2IENsaWVudCBBdXRo ZW50aWNhdGlvbiBhbmQgU2VjdXJlIEVtYWlsIENBAhAlSsBX16i/yGZZkfkyj/exMA0GCWCG SAFlAwQCAQUAoIICYTAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEP Fw0xODAyMjgxNjE2MjdaMC8GCSqGSIb3DQEJBDEiBCCzn0Evhfn9S33ei8EXWM8vcdNpB7ry wPEmu4dee2l7NDBsBgkqhkiG9w0BCQ8xXzBdMAsGCWCGSAFlAwQBKjALBglghkgBZQMEAQIw CgYIKoZIhvcNAwcwDgYIKoZIhvcNAwICAgCAMA0GCCqGSIb3DQMCAgFAMAcGBSsOAwIHMA0G CCqGSIb3DQMCAgEoMIHBBgkrBgEEAYI3EAQxgbMwgbAwgZsxCzAJBgNVBAYTAkdCMRswGQYD VQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAOBgNVBAcTB1NhbGZvcmQxGjAYBgNVBAoTEUNP TU9ETyBDQSBMaW1pdGVkMUEwPwYDVQQDEzhDT01PRE8gU0hBLTI1NiBDbGllbnQgQXV0aGVu dGljYXRpb24gYW5kIFNlY3VyZSBFbWFpbCBDQQIQJUrAV9eov8hmWZH5Mo/3sTCBwwYLKoZI hvcNAQkQAgsxgbOggbAwgZsxCzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNo ZXN0ZXIxEDAOBgNVBAcTB1NhbGZvcmQxGjAYBgNVBAoTEUNPTU9ETyBDQSBMaW1pdGVkMUEw PwYDVQQDEzhDT01PRE8gU0hBLTI1NiBDbGllbnQgQXV0aGVudGljYXRpb24gYW5kIFNlY3Vy ZSBFbWFpbCBDQQIQJUrAV9eov8hmWZH5Mo/3sTANBgkqhkiG9w0BAQEFAASCAQAEVuYfRgWL r3X225UX78c33aFSU7lfxMdzzBPz5Rg0ENBbUL27MKaih7+YcWsTAp4hF4LOeendbowQdS9b FQXUWwFfqJal/enbVCjtyguYKz2BdMbOYGhwom3Bg8P8XI9OhAh+S2oqNNpFTXcLm1/5FeQ4 boS04THo821a99Zki2aB9SRWXiyytLI2mXmMuflkD8NIN68chw2vblU8SZCRggyRgbAEcxth lRj2ISZ5EckKplqSEqijO1Iws1IQnJIh5XHNOrZTLw+EdP+FSG1z7RWOAltL3euc7PXt5Otl 37lnVW24avvL0V6SJFuD2UDwR4QAlJJZpnwu6Nu/H4omAAAAAAAA --------------ms000008050802030400040402-- From nobody Wed Feb 28 09:51:04 2018 Return-Path: X-Original-To: oauth@ietfa.amsl.com Delivered-To: oauth@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 27289126BF7 for ; Wed, 28 Feb 2018 09:51:03 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.62 X-Spam-Level: X-Spam-Status: No, score=-2.62 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Z-zphsGQVsDv for ; Wed, 28 Feb 2018 09:51:01 -0800 (PST) Received: from lb1-smtp-cloud9.xs4all.net (lb1-smtp-cloud9.xs4all.net [194.109.24.22]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DFD88124319 for ; Wed, 28 Feb 2018 09:51:00 -0800 (PST) Received: from speedym.d444x ([IPv6:2a02:a446:bd2c:1:f5c0:66aa:9cd6:954]) by smtp-cloud9.xs4all.net with ESMTPA id r5sXe5EpjleHLr5sYezKSO; Wed, 28 Feb 2018 18:50:58 +0100 To: Vladimir Dzhuvinov , oauth@ietf.org References: <74F11CBE-5ED8-4B2C-B219-F9036E07B3B9@lodderstedt.net> <1a80c619-51dd-b6cf-8125-057da778ecf0@connect2id.com> From: Mark Dobrinic Message-ID: <11cb31a3-20aa-7790-7d2b-40a0c2069dc6@cozmanova.com> Date: Wed, 28 Feb 2018 18:50:57 +0100 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:52.0) Gecko/20100101 Thunderbird/52.6.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 8bit X-CMAE-Envelope: MS4wfPJ8R2sMh71cUqfUeLKCH6XY9/QbB/XSCACcjEiFomUap6Ow1V/P3h1gYSctaY7tkRbzyh/GPgcXSmaQKIdlCmhHP9+EaYQop8dNhuSKgPDd8kyOXXP2 BTymNr4BqeGI2FrCBf5j6nk1Dokz789eeXaSFITkDnixfmXNEYlG7kkYagl8KJxoO9fhCFVh7t1HpmCygTKmTJEOyK82N7rkzhwKBfl2PSg8r5S0c+MGBJ6C VtKiAEfvzv219HXCMryB0L3kv8LVJ2hhdciM913JtY8= Archived-At: Subject: Re: [OAUTH-WG] Token Introspection and JWTs X-BeenThere: oauth@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: OAUTH WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 28 Feb 2018 17:51:03 -0000 Hi Vladimir, Yes, the settings that the AS uses to create that JWT are established out-of-band. Being the issuer of the token in the first place, I'd like to see it being authoritative in choosing a secure way of doing so. Thinking of it, the suggestion to advertise those cryptographic properties of signed or encrypted tokens could be a good follow up for this, so a client can inform itself of what to expect. Negotiating which cryptographic properties to use on a per-client basis for a client-authenticated request to the introspection endpoint could also be something to consider (maybe as a property for dynamically registered clients?) but we haven't felt the urge to take that plunge just yet. If we are be missing out on some insights there, I'd love to hear more on that. And thanks for those compliments, I'll pass them on my colleague who wrote that! Cheers, Mark On 28/02/18 17:16, Vladimir Dzhuvinov wrote: > Hi Mark, > > The Nginx module is superbly documented, well done! > > I suppose there's a set JWS alg for the issued tokens, which is agreed > in advance? > > Vladimir > > On 28/02/18 12:49, Mark Dobrinic wrote: >> Having the introspect endpoint support a response Content-Type of >> `application/jwt` is exactly what we're doing in Curity. We actually >> gave it a cool name in the process, a Phantom Token ;) >> >> Doing things this way has proven highly useful in usecases where >> customers have high throughput requirements, and is a perfect fit in the >> HTTP model. As such, it wouldn't need any more discoverable endpoints, >> but piggybacks a AS-specific JWT token issuance setup. >> >> It's actually super simple to achieve, and as such we're planning to >> write it down as an extension to the RFC and submit that to the >> workgroup. Reason for that would be to have a standardized way of >> switching from reference- to self-contained token format, something we >> see valuable enough time to justify that. >> >> Here's what we already did with that: >> https://github.com/curityio/nginx_phantom_token_module >> https://curity.io/product/token-service/#phantom_tokens >> >> >> On 28/02/18 10:53, Vladimir Dzhuvinov wrote: >>> On 28/02/18 09:48, Torsten Lodderstedt wrote: >>>> Hi all, >>>> >>>> I have an use case where I would like to return signed JWTs from the authorization server’s introspection endpoint. In this case, I would like to give the resource server evidence about the fact the AS minted the access token and is liable for its contents (verified person data used to create a qualified electronic signature). >>>> >>>> Although token introspection more or less provides the RS with the content of a JWT, RFC 7662 only supports plain JSON. I talked to Justin and his recommendation was to use use a header “accept: application/jwt” to ask the AS for a signed JWT as response instead of "application/json“. We could do this but clearly it would be a proprietary solution. >>> Justin's suggestion would be relatively easy to implement. The only >>> small downside I see is that it doesn't allow resource servers to choose >>> a crypto algorithm for the issued JWT, which has become the norm for >>> this kind of things in OAuth and OIDC. >>> >>>> I would like to know whether anyone else has the same or similar requirements and whether it would make sense to specify an extension to RFC 7662 for JWT responses. >>> Because of the requirement for resource servers to authenticate (or >>> submit a token authz) when they make an introspection request, we let >>> them register as a client, using std client registration. In that case >>> to let an RS register preferred JWT algs for the introspection response >>> we could have parameters >>> >>> introspection_response_signed_response_alg >>> introspection_response_encrypted_response_alg >>> introspection_response_encrypted_response_enc >>> >>> (naming follows pattern for ID token and UserInfo algs) >>> >>> Vladimir >>> >>> >>> _______________________________________________ >>> OAuth mailing list >>> OAuth@ietf.org >>> https://www.ietf.org/mailman/listinfo/oauth >>> > > From nobody Wed Feb 28 11:45:12 2018 Return-Path: X-Original-To: oauth@ietfa.amsl.com Delivered-To: oauth@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 22DE9124C27; Wed, 28 Feb 2018 11:44:51 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.001 X-Spam-Level: X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QCv9v0Cd6tta; Wed, 28 Feb 2018 11:44:48 -0800 (PST) Received: from NAM03-BY2-obe.outbound.protection.outlook.com (mail-by2nam03on0120.outbound.protection.outlook.com [104.47.42.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 30FEA124BE8; Wed, 28 Feb 2018 11:44:48 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=u1JhSynuCXJGkIopL2n+Hi1rkEDqZ0wrilypEfGog2M=; b=DUAUpiBAdpaFlSDKOyO68V2kjA/z9Fk2v1GPdWUQZZhd33QAYgrf4MrAJFd66jCdsyBOEZKdxBPEwccxEZOLl3cJ6ZhwiMPtDEwdsl7mdscwMSnSCgRquQew0FHt7YYqUlJTSzhucjF0NdxRjC8X0Can7ExFQllXf6dSsWg//Rk= Received: from SN6PR2101MB0943.namprd21.prod.outlook.com (52.132.114.20) by SN6PR2101MB0909.namprd21.prod.outlook.com (52.132.117.10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.567.3; Wed, 28 Feb 2018 19:44:46 +0000 Received: from SN6PR2101MB0943.namprd21.prod.outlook.com ([fe80::9866:f6b5:e2d6:50]) by SN6PR2101MB0943.namprd21.prod.outlook.com ([fe80::9866:f6b5:e2d6:50%2]) with mapi id 15.20.0567.002; Wed, 28 Feb 2018 19:44:46 +0000 From: Mike Jones To: Alexey Melnikov , The IESG CC: "draft-ietf-oauth-discovery@ietf.org" , "oauth-chairs@ietf.org" , "oauth@ietf.org" Thread-Topic: [OAUTH-WG] Alexey Melnikov's Discuss on draft-ietf-oauth-discovery-09: (with DISCUSS and COMMENT) Thread-Index: AQHTsKKMrlpj/FsDKEO0KKpCHm5EIKO6MjGg Date: Wed, 28 Feb 2018 19:44:45 +0000 Message-ID: References: <151982902113.5155.16065862366702262286.idtracker@ietfa.amsl.com> In-Reply-To: <151982902113.5155.16065862366702262286.idtracker@ietfa.amsl.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: msip_labels: MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Enabled=True; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SiteId=72f988bf-86f1-41af-91ab-2d7cd011db47; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Owner=mbj@microsoft.com; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SetDate=2018-02-28T19:44:44.4456863Z; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Name=General; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Application=Microsoft Azure Information Protection; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Extended_MSFT_Method=Automatic; Sensitivity=General x-originating-ip: [2001:4898:80e8:e::36] x-ms-publictraffictype: Email x-microsoft-exchange-diagnostics: 1; SN6PR2101MB0909; 7:TakxAZsDGqcXqzVmdTr5fKkbPTvjh/Wg+s8YN4iFxCyBIBXkvPhywnrGxAqA8R5OQZCVZkSTIr82gEB4UxtWGxQqROu6rzsLLLCU/6YO1eHyyurZfoVroHgq5cP+bfN83Gc9xu3x90wu4HI//2RatL/cJ9tcu8zQ8uN6PEREhfOfOZpcU++bMCmt9hHdoodJH/ZBvnkqKiYM+yzqBZN7mY7hWHyccCAT9mXc2CKRWxOXLx58FqNOwmNvLS61vqHC x-ms-exchange-antispam-srfa-diagnostics: SOS; x-ms-office365-filtering-ht: Tenant x-ms-office365-filtering-correlation-id: 2dc59142-f4c1-481a-ca02-08d57ee3b888 x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(4534165)(4627221)(201703031133081)(201702281549075)(48565401081)(5600026)(4604075)(3008032)(2017052603307)(7193020); SRVR:SN6PR2101MB0909; x-ms-traffictypediagnostic: SN6PR2101MB0909: x-microsoft-antispam-prvs: x-exchange-antispam-report-test: UriScan:(120809045254105); x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(8211001083)(61425038)(6040501)(2401047)(8121501046)(5005006)(3231220)(944501219)(10201501046)(93006095)(93001095)(3002001)(6055026)(61426038)(61427038)(6041288)(20161123562045)(20161123564045)(20161123558120)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123560045)(6072148)(201708071742011); SRVR:SN6PR2101MB0909; BCL:0; PCL:0; RULEID:; SRVR:SN6PR2101MB0909; x-forefront-prvs: 0597911EE1 x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(366004)(39860400002)(39380400002)(396003)(346002)(376002)(13464003)(199004)(69234005)(189003)(6436002)(99286004)(22452003)(106356001)(86362001)(2900100001)(55016002)(8666007)(54906003)(110136005)(316002)(6346003)(76176011)(6306002)(186003)(53936002)(6506007)(53546011)(102836004)(10290500003)(6246003)(97736004)(7696005)(9686003)(8676002)(81166006)(81156014)(2906002)(6116002)(966005)(8990500004)(229853002)(14454004)(10090500001)(86612001)(5250100002)(478600001)(25786009)(2950100002)(8936002)(68736007)(4326008)(345774005)(3280700002)(74316002)(33656002)(305945005)(7736002)(105586002)(5660300001)(3660700001)(72206003); DIR:OUT; SFP:1102; SCL:1; SRVR:SN6PR2101MB0909; H:SN6PR2101MB0943.namprd21.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en; received-spf: None (protection.outlook.com: microsoft.com does not designate permitted sender hosts) authentication-results: spf=none (sender IP is ) smtp.mailfrom=Michael.Jones@microsoft.com; x-microsoft-antispam-message-info: m+Hh1GXZk26+zZkshX0CkPTFS9Mjy5uKn4aojhBQ1d1SLL6eMnhZ8XXtEgbcPh60dPOFS0z9uRuygCrIKq66oNOfoPPUnrPscWTWEY9FAFAC4TT+RtNv50mrAP1qDTBbMi3yq6y//KTFRhlu9ictdsJErj687yg6zqqyU9YaZPU= spamdiagnosticoutput: 1:99 spamdiagnosticmetadata: NSPM Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OriginatorOrg: microsoft.com X-MS-Exchange-CrossTenant-Network-Message-Id: 2dc59142-f4c1-481a-ca02-08d57ee3b888 X-MS-Exchange-CrossTenant-originalarrivaltime: 28 Feb 2018 19:44:45.9940 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47 X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN6PR2101MB0909 Archived-At: Subject: Re: [OAUTH-WG] Alexey Melnikov's Discuss on draft-ietf-oauth-discovery-09: (with DISCUSS and COMMENT) X-BeenThere: oauth@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: OAUTH WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 28 Feb 2018 19:44:51 -0000 Hi Alexey, FYI, the only place in the spec that case-insensitive comparisons exist are= comparisons done by the Designated Experts when considering IANA registrat= ions. If implementations had to do case-insensitive comparisons, then yes,= recommending toLowerCase() would absolutely make sense, but it's human bei= ngs doing the case folding when evaluating proposed registrations. I'll al= so note that this is exactly the same language used in the instructions to = Designated Experts in related registries. For instance, you can see it in = use at these (and many other) locations: https://tools.ietf.org/html/rfc7515#section-9.1.1 https://tools.ietf.org/html/rfc7517#section-8.1.1 https://tools.ietf.org/html/rfc7518#section-7.1.1 https://tools.ietf.org/html/rfc7519#section-10.1.1 https://tools.ietf.org/html/rfc7800#section-6.2.1 Whereas the use of toLowerCase() in https://tools.ietf.org/html/rfc8265#sec= tion-3.3.1 makes perfect sense, because it's a transformation performed by = computer programs. That said, I'll leave it up to you. If you still want me to make a change,= I'd propose making this one: Change "Names may not match other registered= names in a case-insensitive manner unless the Designated Experts state tha= t there is a compelling reason to allow an exception" to "Names may not mat= ch other registered names in a case-insensitive manner (one that would caus= e a match if the Unicode toLowerCase() operation were applied to both strin= gs) unless the Designated Experts state that there is a compelling reason t= o allow an exception". If you still want a change, I'll add this parenthetical remark during the n= ext set of edits. (However, I'll wait for Adam to weigh in on his DISCUSS = before republishing.) Let me know. Thanks again, -- Mike -----Original Message----- From: OAuth On Behalf Of Alexey Melnikov Sent: Wednesday, February 28, 2018 6:44 AM To: The IESG Cc: draft-ietf-oauth-discovery@ietf.org; oauth-chairs@ietf.org; oauth@ietf.= org Subject: [OAUTH-WG] Alexey Melnikov's Discuss on draft-ietf-oauth-discovery= -09: (with DISCUSS and COMMENT) Alexey Melnikov has entered the following ballot position for draft-ietf-oauth-discovery-09: Discuss When responding, please keep the subject line intact and reply to all email= addresses included in the To and CC lines. (Feel free to cut this introduc= tory paragraph, however.) Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html for more information about IESG DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-oauth-discovery/ ---------------------------------------------------------------------- DISCUSS: ---------------------------------------------------------------------- Thank you for the well written IANA Considerations section. I have one comm= ent on it which should be easy to resolve: The document doesn't seem to say anything about allowed characters in Metad= ata names. When the document talks about "case-insensitive matching", it is= not clear how to implement the matching, because it is not clear whether o= r not Metadata names are ASCII only. If they are not, then you need to bett= er define what "case insensitive" means. You've made a change in section 7.1, which looks good. However there is sti= ll the following text in 7.1.1: Metadata Name: The name requested (e.g., "issuer"). This name is case-sensitive. Names may not match other registered names in a case-insensitive I suggest replacing "in a case-insensitive manner" with something like "if = when applying Unicode toLowerCase() to both, they compare equal". Or maybe keep "case-insensitive" and just add a sentence explaining what it= is. I think you should use toLowerCase(), as it is already recommended in other= IETF specs, like RFC 8265. manner unless the Designated Experts state that there is a compelling reason to allow an exception. ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- I am agreeing with Adam's DISCUSS. I believe it was addressed in the latest= version. _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth