| Internet-Draft | Mesh Protocol Reference | September 2021 |
| Hallam-Baker | Expires 24 March 2022 | [Page] |
The Mathematical Mesh 'The Mesh' is an end-to-end secure infrastructure that facilitates the exchange of configuration and credential data between multiple user devices. The core protocols of the Mesh are described with examples of common use cases and reference data.¶
[Note to Readers]¶
Discussion of this draft takes place on the MATHMESH mailing list (mathmesh@ietf.org), which is archived at https://mailarchive.ietf.org/arch/search/?email_list=mathmesh.¶
This document is also available online at http://mathmesh.com/Documents/draft-hallambaker-mesh-protocol.html.¶
This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.¶
Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at https://datatracker.ietf.org/drafts/current/.¶
Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."¶
This Internet-Draft will expire on 24 March 2022.¶
Copyright (c) 2021 IETF Trust and the persons identified as the document authors. All rights reserved.¶
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document.¶
This document describes the Mesh Service protocol supported by Mesh Services, an account-based protocol that facilitates exchange of data between devices connected to a Mesh profile and between Mesh accounts.¶
Mesh Service Accounts support the following services:¶
A Mesh Profile MAY be bound to multiple Mesh Service Accounts at the same time but only one Mesh Service Account is considered to be authoritative at a time. Users may add or remove Mesh Service Accounts and change the account designated as authoritative at any time.¶
The Mesh Services are build from a very small set of primitives which provide a surprisingly extensive set of capabilities. These primitives are:¶
HelloDescribes the features and options provided by the service and provides a 'null' transaction which MAY be used to establish an authentication ticket without performing any action,¶
Manage the creation and deletion of accounts at the service.¶
Upload
Support synchronization of Mesh containers between the service (Master) and the connected devices (Replicas).¶
Initiate the process of connecting a device to a Mesh profile from the device itself.¶
Request that a Mesh Message be transferred to one or more Mesh Accounts.¶
Although these functions could in principle be used to replace many if not most existing Internet application protocols, the principal value of any communication protocol lies in the size of the audience it allows them to communicate with. Thus, while the Mesh Messaging service is designed to support efficient and reliable transfer of messages ranging in size from a few bytes to multiple terabytes, the near-term applications of these services will be to applications that are not adequately supported by existing protocols if at all.¶
This section presents the related specifications and standard, the terms that are used as terms of art within the documents and the terms used as requirements language.¶
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2119].¶
The terms of art used in this document are described in the Mesh Architecture Guide [draft-hallambaker-mesh-architecture].¶
The implementation status of the reference code base is described in the companion document [draft-hallambaker-mesh-developer].¶
The Mesh specifies two separate types of protocol interactions:¶
A synchronous protocol supporting interactions between devices and a Mesh Service Host and between Mesh Service hosts.¶
An asynchronous protocol that supports interactions between devices connected to the same account and between accounts.¶
The Mesh Messaging Protocol uses the Mesh Service Protocol as transport. The Mesh Service Protocol in turn is supported by either the HTTPS binding over TCP or by the Mesh Datagram binding over UDP.¶
Mesh Services MUST support the HTTPS binding and MAY support the Mesh Datagram binding.¶
A Mesh Service is a minimally trusted service. In particular a user does not need to trust a Mesh service to protect the confidentiality or integrity of most data stored in the account catalogs and spools.¶
Unless the use of the Mesh Service is highly restricted, a user does need to trust the Mesh Service in certain respects:¶
A service could refuse to respond to requests to download data.¶
The use of Merkle Trees limits but does not eliminate the ability of a Mesh Service to respond to requests with stale data.¶
A service could reject requests to post messages to or accept messages from other mesh users.¶
This risk is a necessary consequence of the fact that the Mesh Service Provider is accountable to other Mesh Service Providers for abuse originating from their service.¶
A Mesh Service has knowledge of the number of Mesh Messages being sent and received by its users and the addresses to which they are being sent to or received from.¶
The need to trust the Mesh Service in these respects is mitigated by accountability and the user's ability to change Mesh Service providers at any time they choose with minimal inconvenience.¶
It is possible that some of these risks will be reduced in future versions of the Mesh Service Protocol but it is highly unlikely that these can be eliminated entirely without compromising practicality or efficiency.¶
The design of the Mesh Service model followed a quasi-formal approach in which the system was reduced to schemas which could in principle be rendered in a formal development method but without construction of proofs.¶
Like the contents of Mesh Accounts, a Mesh Service may be represented by a collection of catalogs and spools, for example:¶
Backup of the service MAY be implemented using the same container synchronization mechanism used to synchronize account catalogs and spools.¶
Mesh Services supporting a large number of accounts or large activity volume MAY partition the account catalog between one or more hosts using the usual tiered service model in which a front-end server receives traffic for any account hosted at the server and routes the request to the back-end service that provides the persistence store for that account.¶
In addition, the Mesh Service Protocol supports a 'direct connection' partitioning model in which devices are given a DNS name which MAY allow for direct connection to the persistence host or to a front-end service offering service that is in some way specific to that account.¶
The protocol binding maps the abstract protocol definition specified in this document to the network protocol format.¶
Currently only one protocol binding is specified: JSON-BCD Application Binding [draft-hallambaker-jsonbcd] over Reliable User Datagram (RUD) [draft-hallambaker-mesh-rud].¶
JSON-BCD Application Binding specifies the means by which data types such as 'integer' and 'datetime' etc. given in this document are serialized using JSON/JSON-B encoding.¶
Reliable User Datagram offers a presentation layer over a choice of HTTP or UDP transport.¶
The Mesh Service operations are divided into the following functional groups:¶
Describes the service.¶
Operations used to create, reclaim, and delete accounts.¶
Operations used to synchronize persistence store data across connected devices. [May be replaced in a future revision]¶
Operations used by devices requesting connection to the account.¶
Operations allowing a watched document to be posted to the service and claims made on the document returned to a device.¶
Cryptographic operations, including threshold operations performed by the service.¶
Exchange of messages between Mesh Services.¶
The Hello transaction is used to determine the features supported by the service and obtain the service profile.¶
The request payload only specifies that is is a request for the service description:¶
{
"HelloRequest":{}}¶
The response payload describes the service and the host providing that service:¶
{
"MeshHelloResponse":{
"Status":201,
"Version":{
"Major":3,
"Minor":0,
"Encodings":[{
"ID":["application/json"
]}
]},
"EnvelopedProfileService":[{
"EnvelopeId":"MCZ3-M2PS-SFXP-4L6X-RKGP-MKJA-R5WK",
"dig":"S512",
"ContentMetaData":"ewogICJVbmlxdWVJZCI6ICJNQ1ozLU0yUFMtU0
ZYUC00TDZYLVJLR1AtTUtKQS1SNVdLIiwKICAiTWVzc2FnZVR5cGUiOiAiUHJvZml
sZVNlcnZpY2UiLAogICJjdHkiOiAiYXBwbGljYXRpb24vbW1tL29iamVjdCIsCiAg
IkNyZWF0ZWQiOiAiMjAyMS0wOS0yMFQxODoxNToxOVoifQ"},
"ewogICJQcm9maWxlU2VydmljZSI6IHsKICAgICJQcm9maWxlU2lnbmF0dX
JlIjogewogICAgICAiVWRmIjogIk1DWjMtTTJQUy1TRlhQLTRMNlgtUktHUC1NS0p
BLVI1V0siLAogICAgICAiUHVibGljUGFyYW1ldGVycyI6IHsKICAgICAgICAiUHVi
bGljS2V5RUNESCI6IHsKICAgICAgICAgICJjcnYiOiAiRWQ0NDgiLAogICAgICAgI
CAgIlB1YmxpYyI6ICJWdkNVaGVxWG9NUm5wVzBrYjFaRVNlcE43cHhJZlcxMzh3VX
loelFmY2hqQl9lVEpCMVVkCiAgV25XMVNraHk4UHYzMlp5VnE0WXdFbkVBIn19fSw
KICAgICJTZXJ2aWNlQXV0aGVudGljYXRpb24iOiB7CiAgICAgICJVZGYiOiAiTUI2
NC1GN0dMLTU1RFktRDVOVi1HSkxULVdUNTctRFc2ViIsCiAgICAgICJQdWJsaWNQY
XJhbWV0ZXJzIjogewogICAgICAgICJQdWJsaWNLZXlFQ0RIIjogewogICAgICAgIC
AgImNydiI6ICJYNDQ4IiwKICAgICAgICAgICJQdWJsaWMiOiAiZjJ5ZHpJcW9HWkt
3MEZaMG1YZ0pvcXBka3BMQ3RRVncteXdUbjJSYnh3Z0kxbUEwbGJCUgogIDU1MkFE
cGlKajJSek5KYnRJQWVzVU1ZQSJ9fX0sCiAgICAiU2VydmljZUVuY3J5cHRpb24iO
iB7CiAgICAgICJVZGYiOiAiTUNIMy0zSEpTLUE2UVAtUlJKNS1IT1JCLTNZVEItSj
RXVSIsCiAgICAgICJQdWJsaWNQYXJhbWV0ZXJzIjogewogICAgICAgICJQdWJsaWN
LZXlFQ0RIIjogewogICAgICAgICAgImNydiI6ICJYNDQ4IiwKICAgICAgICAgICJQ
dWJsaWMiOiAiekc3d0VWcl95b2UxZWRIc084TjBTZHpldTFZM3phbkkzRU9rWVNCc
WpXcU1KQmtYSHY1XwogIHBTa1BnT1VaaEViZjNoYV8yZmMzU080QSJ9fX0sCiAgIC
AiU2VydmljZVNpZ25hdHVyZSI6IHsKICAgICAgIlVkZiI6ICJNQlVULUlQQlotUlp
ESS1CTVNTLVZUTFMtTDVHUy1OMlBDIiwKICAgICAgIlB1YmxpY1BhcmFtZXRlcnMi
OiB7CiAgICAgICAgIlB1YmxpY0tleUVDREgiOiB7CiAgICAgICAgICAiY3J2IjogI
kVkNDQ4IiwKICAgICAgICAgICJQdWJsaWMiOiAiVDdDX2xfOURhRnZRNzNGUjk4dS
1HdGRGVWMxdWQ1bFd6WXhZNS11TkZhQVFjUGtUdmJKUwogIHlqVGVYWXVWQzRWMFV
jelNPbjlPbEpxQSJ9fX19fQ",
{
"signatures":[{
"alg":"S512",
"kid":"MCZ3-M2PS-SFXP-4L6X-RKGP-MKJA-R5WK",
"signature":"35JI1R3uB5lt3qDkIyD5JPNTRtaa4Jzyu5EMW5uk
Z1seFoi6ph3h4qWb9aXEm_fJo-gERJTCEsKA2fa5WbP35NPF8bH6NCvVfWs-cdlCB
PpJcw9btz1DEU3LjDsZinva--qe9j1JHV_aUQg9YuYMKy8A"}
],
"PayloadDigest":"Ort3czll0X2Onn-pKQs2e8o9H0sekQO45Cgzv9io
mG1MwNCptdzZOz-RVS8RX7T0kDjfejmC9cu_-56VxBmTSg"}
]}}¶
The current revision of the specification is designed for small scale deployments in which the service is provided by a single host. The approach will require revision in future versions to fully support a service being provided by multiple hosts with accounts being transferred between the hosts to allow balancing of load.¶
There are three account management operations:¶
Create an account bound to a service address.¶
Delete an account bound to a service address¶
[TBS] Reclaim an account using a recovered primary secret.¶
The BindAccount operation is used to create User and Group accounts. Currently, these account types are distinct. This may change in future releases.¶
A User Account is bound to a Mesh Service by completing a BindAccount operation with the service.¶
The BindRequest message specifies the account address and ProfileUser of the account to be serviced.¶
The BindAccount transaction is unique in that it can fail to complete for reasons that are outside the scope of the Mesh specifications. Creation of an account might require payment to be made or authentication of the user's credentials. It is thus quite normal for the result of a CreateRequest to be the account being created in an 'on hold' state which can only be changed out of band.¶
If the request is at least partially successful, a BindResponse message is returned. In the case of partial success, a description of the request status and link to a Web page providing further details MAY be returned.¶
The request payload contains all the information needed to create the account:¶
In order for the account to be usable, the initialization data MUST include access control entries authorizing at least one device to administer the account.¶
Future: It might be better to establish a separate entry for a temporary access key that can be used during the initialization of the account and then deleted. This might allow for more consistency between Bind / Recover / Transfer operations.¶
Alice requests creation of the account alice@example.com. The request payload is:¶
{
"BindRequest":{
"AccountAddress":"alice@example.com",
"EnvelopedProfileAccount":[{
"EnvelopeId":"MC6L-GFYJ-7EOP-2OWN-24ZJ-4RC7-EXTW",
"dig":"S512",
"ContentMetaData":"ewogICJVbmlxdWVJZCI6ICJNQzZMLUdGWUotN0
VPUC0yT1dOLTI0WkotNFJDNy1FWFRXIiwKICAiTWVzc2FnZVR5cGUiOiAiUHJvZml
sZVVzZXIiLAogICJjdHkiOiAiYXBwbGljYXRpb24vbW1tL29iamVjdCIsCiAgIkNy
ZWF0ZWQiOiAiMjAyMS0wOS0yMFQxODoxNToyMloifQ"},
"ewogICJQcm9maWxlVXNlciI6IHsKICAgICJQcm9maWxlU2lnbmF0dXJlIj
ogewogICAgICAiVWRmIjogIk1DNkwtR0ZZSi03RU9QLTJPV04tMjRaSi00UkM3LUV
YVFciLAogICAgICAiUHVibGljUGFyYW1ldGVycyI6IHsKICAgICAgICAiUHVibGlj
S2V5RUNESCI6IHsKICAgICAgICAgICJjcnYiOiAiRWQ0NDgiLAogICAgICAgICAgI
lB1YmxpYyI6ICJSTHNrbTRnVzZrQm5aS3dMMlBDQkF1aHJyaXVBU1g5X2lZUkt4UT
UyRFN0V0dsT2wydWdFCiAgeVAzdTZBVEM1WW1JOFU5TXFyT1cxTW9BIn19fSwKICA
gICJBY2NvdW50QWRkcmVzcyI6ICJhbGljZUBleGFtcGxlLmNvbSIsCiAgICAiU2Vy
dmljZVVkZiI6ICJNQ1ozLU0yUFMtU0ZYUC00TDZYLVJLR1AtTUtKQS1SNVdLIiwKI
CAgICJBY2NvdW50RW5jcnlwdGlvbiI6IHsKICAgICAgIlVkZiI6ICJNRFFZLUo3Mk
EtVlBBTy1XRE9ELUdZWTctNFpaNS1QTFZMIiwKICAgICAgIlB1YmxpY1BhcmFtZXR
lcnMiOiB7CiAgICAgICAgIlB1YmxpY0tleUVDREgiOiB7CiAgICAgICAgICAiY3J2
IjogIlg0NDgiLAogICAgICAgICAgIlB1YmxpYyI6ICJJZTJtOTRzY21qN05yX1lxT
TE1U3h0R2tmbkJMWWxUa25rSWVsVlhxYXJpSUF1el92QjJICiAgRHFNSElnM1otUE
tpWEZlcVVqTDRnTmtBIn19fSwKICAgICJBZG1pbmlzdHJhdG9yU2lnbmF0dXJlIjo
gewogICAgICAiVWRmIjogIk1EUFktQUI2Mi1STEwyLUZEWkYtR0hZQi1MUzJHLUhN
WlgiLAogICAgICAiUHVibGljUGFyYW1ldGVycyI6IHsKICAgICAgICAiUHVibGljS
2V5RUNESCI6IHsKICAgICAgICAgICJjcnYiOiAiRWQ0NDgiLAogICAgICAgICAgIl
B1YmxpYyI6ICIwZ3JnTFRFNDljWlF6SURkT2k1ZjRsSXgzT2xsZFBqOVA3dUNzcU0
wWmdLWHJHNnVBWHAtCiAgUWg3ZUdxOE5WNkRQQjBib3YzX1BZSUlBIn19fSwKICAg
ICJBY2NvdW50QXV0aGVudGljYXRpb24iOiB7CiAgICAgICJVZGYiOiAiTUNaQi1YT
VdNLUtVVlAtUFpaSC1CV1RRLUY0QVYtT0dOUCIsCiAgICAgICJQdWJsaWNQYXJhbW
V0ZXJzIjogewogICAgICAgICJQdWJsaWNLZXlFQ0RIIjogewogICAgICAgICAgImN
ydiI6ICJYNDQ4IiwKICAgICAgICAgICJQdWJsaWMiOiAidzE0OURtZ2RlOXNwaGJI
aWdIVkQ1czFiZlppa2l4ZzNUTEtBRzNWZ2pKZTRETUFWRVJCcwogIE1JbTBBY19nR
VZvS29yb1gxdEdFRkowQSJ9fX0sCiAgICAiQWNjb3VudFNpZ25hdHVyZSI6IHsKIC
AgICAgIlVkZiI6ICJNQ1VNLVNRMzUtWkpVUS1UTVRLLUhCNFgtNTdRUS1ZSzJaIiw
KICAgICAgIlB1YmxpY1BhcmFtZXRlcnMiOiB7CiAgICAgICAgIlB1YmxpY0tleUVD
REgiOiB7CiAgICAgICAgICAiY3J2IjogIkVkNDQ4IiwKICAgICAgICAgICJQdWJsa
WMiOiAibUR5cDZtTGlSYXRPWGlCdHg5YlZabTJiaHBQaXFtVEJMdG1WeHpwOWRCTW
lVWl9YOElkdAogIHY1MUJvcFcycWF5blJ1LWxFNU1WYW5LQSJ9fX19fQ",
{
"signatures":[{
"alg":"S512",
"kid":"MC6L-GFYJ-7EOP-2OWN-24ZJ-4RC7-EXTW",
"signature":"aeCuTY0X-J9_L6HGafZKbg5ZueP6PjoydfQDXB28
B0CpGfqhPjTc6bjLF-vZWzSV4wZ9wotFvXyAR_QRXW7EtpbRz4s2j-bdzGR6z0jzJ
GnFWaxUYfAzCoFUHfhUDzJTthMNkQiJ-sUyRyriqaF0HjUA"}
],
"PayloadDigest":"ZPrAcmAuks4uOaLyaHIyrISbFbCuNwXI3h7IVDB4
hzyitFAsVEg8G5QukhJexWuntd_8f4VwQaAmZnjT3lPEhw"}
],
"Updates":[{
"Container":"MMM_Access",
"Envelopes":[[{
"enc":"A256CBC",
"dig":"S512",
"kid":"EBQD-MFCK-GMFI-EJLU-JWF2-5YJB-J2SB",
"Salt":"MGj4PLH5oEB0phrcEoUfhQ",
"recipients":[{
"kid":"MDQY-J72A-VPAO-WDOD-GYY7-4ZZ5-PLVL",
"epk":{
"PublicKeyECDH":{
"crv":"X448",
"Public":"DEvl-JoQy57jXQIU681ocrUxWx8hbEdlK
E0Fn-Mqu7PrzJ3sSYGho5oesrT8XeOAO8RStyCXyVWA"}},
"wmk":"jXXpYAWULwnpOZwIGajhOnCNiGKQ5_tspWbJ-kyB
Ccjd3gbSXDTllg"}
],
"policy":{
"enc":"none",
"dig":"none",
"EncryptKeys":[{
"PublicKeyECDH":{
"crv":"X448",
"Public":"Ie2m94scmj7Nr_YqM15SxtGkfnBLYlTkn
kIelVXqariIAuz_vB2HDqMHIg3Z-PKiXFeqUjL4gNkA"}}
],
"Sealed":true},
"ContentMetaData":"ewogICJjdHkiOiAiYXBwbGljYXRpb24v
bW1tLWNhdGFsb2cifQ",
"SequenceInfo":{
"DataEncoding":"JSON",
"ContainerType":"Merkle",
"Index":0}},
"zyhYVztZr_46YOc79wOqvg",
{
"PayloadDigest":"WHWDVPPAr7l7pVkNrvtILKf4KP_BjYMHzk
1RyJ-rVWwX2qBOLuJYIlTZM_EI16cqxNVXPk-kwMET8VpVF4Guug",
"TreeDigest":"88cOmpTaXmWH1Bh0-1t9tWWQ_hTdVWPm_dZ8-
4UwPOngKuxxyMb4fFNa7MG2sxPKgFvWmnzLHPsfSOx9MebgiA"}
],
[{
"enc":"A256CBC",
"dig":"S512",
"kid":"EBQM-E4VE-W2JV-NFAM-QKIB-HEBR-6SNT",
"Salt":"yVuWeqskmU5BaEexTuKIjQ",
"recipients":[{
"kid":"MDQY-J72A-VPAO-WDOD-GYY7-4ZZ5-PLVL",
"epk":{
"PublicKeyECDH":{
"crv":"X448",
"Public":"XmkgwHxlHkSERGMKJObH6_X25Iqvcl31A
dSLgFl7TBLGT6ZMY_6zdg1iWWz1Ku2hRvklYBF4nUYA"}},
"wmk":"FvT2-j2jJaGjWNEYD7PC83hiUe_MEAJzXIosp7a5
p9d7nlDm7NjLXw"}
],
"ContentMetaData":"ewogICJVbmlxdWVJZCI6ICJNQUhDLUVG
UE8tT1JQUy1UTE9CLUFYWkctWEJTQy1FQkpYIiwKICAiRXZlbnQiOiAiTmV3In0",
"SequenceInfo":{
"Index":1,
"TreePosition":0}},
"IKq50Z4or4qnCBQtJ2_Kg4giXIs9vuP_a-fxtVZh4jYBFSfGPdx4
PwAfDLQMWeXO70SMxyiDfyL8GIBB8lYQW1f68tUlH0odLNi6FXjqjytKJCM3W7iWn
DKf4H7Vedkpdci9g0iuJwPXY_7molYBrnQhpPlUzsXT-V6_-ngbtfoRbWxG5k17J-
ACcxkbon_FndmlinyNNW6eo5UCJcf8uA",
{
"PayloadDigest":"aUlSvwsl7mrfcmWgOeRZ-DjikfZD0CIxf7
k0F43biFDTlSlHAaZfGBMje3PJkozhW2exm1lIy47ZnJJqmvf4nQ",
"TreeDigest":"ElkBtR7By3w09N45wE-73GdXbLtm9VIqHrt3b
ZlIGGtf65ybq34emfzxjIU9gPWRERqWgy6xnODImm95DmGr0A"}
]
]},
{
"Container":"MMM_Device",
"Envelopes":[[{
"enc":"A256CBC",
"dig":"S512",
"kid":"EBQC-LETH-D6TZ-4MVZ-BIXG-NIUJ-7YOG",
"Salt":"mnJVCyVdweTZOLa3fOdmdw",
"recipients":[{
"kid":"MDQY-J72A-VPAO-WDOD-GYY7-4ZZ5-PLVL",
"epk":{
"PublicKeyECDH":{
"crv":"X448",
"Public":"dD1IqK97rRnu8HA5WhCgLNP-2Qu3PszUT
l7lUCSFC79SpV3j9PbEiB5tZqaInVfz9Jvc70bJPcwA"}},
"wmk":"UrOxQRZcgDtkAtyNG-vBleqzAEpVy7ovSq3RDZ-M
Ma8EWKHCiNE7Sw"}
],
"policy":{
"enc":"none",
"dig":"none",
"EncryptKeys":[{
"PublicKeyECDH":{
"crv":"X448",
"Public":"Ie2m94scmj7Nr_YqM15SxtGkfnBLYlTkn
kIelVXqariIAuz_vB2HDqMHIg3Z-PKiXFeqUjL4gNkA"}}
],
"Sealed":true},
"ContentMetaData":"ewogICJjdHkiOiAiYXBwbGljYXRpb24v
bW1tLWNhdGFsb2cifQ",
"SequenceInfo":{
"DataEncoding":"JSON",
"ContainerType":"Merkle",
"Index":0}},
"8uLxPeRu7X0HUwf4v4ViRA",
{
"PayloadDigest":"qnV5ry9sL4C68a0Kg1roD1cHCG5nps-XHn
GCuzRhdet6OkaPPZvSMq-AAJvh_huTDfA16J9OYLnRJVUL2fh6kQ",
"TreeDigest":"ValOROMKQy4zSONTIPA4prZqgA1YE1CdBkDmT
nmTJajI5XkO7Ybed3itG4IuYtbB9JX9vT_J2CkKgvbnIUYe7g"}
],
[{
"enc":"A256CBC",
"dig":"S512",
"kid":"EBQL-MXIB-EELT-2SOW-SCAB-WHJ2-OMXN",
"Salt":"PQGoOlxH2RNr6PwuNhXl1w",
"recipients":[{
"kid":"MDQY-J72A-VPAO-WDOD-GYY7-4ZZ5-PLVL",
"epk":{
"PublicKeyECDH":{
"crv":"X448",
"Public":"UgnDvOH8xxl-JYNgvsSbGm9FTtXSb5KXR
ff53PY0bcgyrUKNoiRPztRCwC2MKtPF4qGOtVVOezuA"}},
"wmk":"q-_sEC7YocmoZQagZz3Lo_ea6WBEkqXxmkEBGwqT
sm9_GSKZKUzKdg"}
],
"ContentMetaData":"ewogICJVbmlxdWVJZCI6ICJNREpILTMz
UkwtMlc0Sy1DWktSLVZYR0EtVElDNy1QSzRRIiwKICAiRXZlbnQiOiAiTmV3In0",
"SequenceInfo":{
"Index":1,
"TreePosition":0}},
"WRbUWur99oRwA1uICKbOXHcwjnB1L8ag0srUYruQ4Z7zpgHs22RK
SFcJTm3RGOaUyBRmjCCLwSe8I8gNdEF5qzlXipO2SWaYZG1_mldItLY-vw_QrQ19K
mPAfDqw4sL9ULkA-Wv3UJBMCprBL2hf1TZeY_urgSYs3HUQx24VGVs_JtZ9-sGJqW
_Pp11XvWBvV0m9ESeICVbntN4Mo7kcwxcF0ErHGI91ecHWW97bUKiPNIty3NSowUb
8efKDnWVTwtlGCCPc88ZWqcLHGcqzkQje-mBPltUWNqUlHdynPtRPYZ5TGqHprJhn
VgUfGtOTtIcZcSiK869eTTSnOkZovgQATODTQayy0o56555pqtQ_mhamRYJgkMrIv
6ckRJTq_CRIrVNKM9BGGl9OCLke8RPLfuZtR4M5_Yo6dVVUo291Z5qTLfx2oy_V-k
LdFPIPZaVv4b3TZbkVRf-naqHWLiABy2LpTrW0OqAdJ7RKOII4uhPituQO7Q8JkFS
tNKlU7ntKfKW8AKBdHLFO_0XF76BrFYviQJCGuTbynjvPdriC6gp7cvro19W7g82e
p73gf8GWPy5-CBsmIQGM8ikqJaYsiS_GVdmwo3J29rpxcgqxujArWiv-9lGFz4uIX
H1UeNCCpyMO_SQCeKLYi9I0LS_-Irm6ILF4RNBpHcCLVyGAj_fihBhaNqzrrGevQG
3N8_jcTwZFOagK7h25X4Z_59GZGGyAxO6_a48HxIl3AQEuwZTcWXlwA0CAuffw2-3
RLPtR1rKxbUTk2UlyWHL2-FZZSbVFiyNbxB0qn6VebG_WdvU8W-ebkuMXslirc4EF
koPhof2n8LEM7ez9KV1LkhbrDtWbm0BmnT4IKeqW-noyWoDqH-qfYoAY0rFob91Ua
edY_lCsS5gD-rko-Fk7n7IBUdya8wxvdgqRHOxGhH5b2xMwXibdBQyEIizW6l-__q
0GmGHjJvXaGn7plOITD6DgHbnhUfPBA-ZGDIIlxmFXZQX2Z2xJkiz_KMzcWZMiQ86
tBc4xxcpU-NIitZD9z96I8-tLV3NLTZxa6fDe3uNPbMXc-tPc85z20xTDZC8kZOEA
LfCN-D_iENtk1YgawcTgRCZqq9KbjH7NwfL8IzYosaO4CwVi1yxWY4q8DjVj4-iK5
4Vpz4daGzGNZV5zyO340Jg73kSr7aLTSxU2DgOuDpcuYT2XmMIFbyEGStN35KmBeW
RqfEwZKEQfcoHhHHMIgqmYoTMeSwSfjbUBpkNkgHnir4Mk1PKDkFFdCs-mhKgLME3
JMGfhvxyJZXhN1ttCwHJDKDGp0vjX6SguyFi1TGuQwagPVbhz-Rf44SN6iHFGrClX
cbDQAGJhlStD6a1UayBNFo1HqM65sr-TKUe6VeX1OBy7Mrf8idFN2B1jiP2z0tm-D
i_FIY1x2DOwcwx0EGpHnna3D6UELgWU-tiNRoBUQFhFAWc_R7KkHDmaG4HxIYG4-i
OJPDqjvV49LpDEAATUlasFlMXaDj_w0JYTCDTektbKG8hpUXpYCqUFjzexfhFfuJo
1_nHKyuoWTlGPKMl7HpI90BiXOyWVqWit2sD1WeUGMM6FU3lvx95f03j24gqsH1I9
PhO7xZf1G_im8-PHFFd8kHKp1K-FjW0Mu-5yG9MH467Eklsqb9KqK0sZAO44S_VuV
m-lB-v07vL5ma2zD1FkBKySVNkTIqUNEBF4tUa7HnZWpgSb2tHI3lxg7Sz6VRuLdt
kJW6_wbjOb868i6qNetkqiJW4ehfCIStEiN76Fh_vt_AwLVxy0dHfkYYRySGceeWw
tVFUHu1R5j_U4UvDbOMKFX5bc3AeKTVuZl4FkZulRBLlfTE_Xtn2zMLFvRuLTilkO
YFc3qFop_HtB66EEUK4zzsWmA2Ko3ZO2vTsk1Y8B7yYut8eOWyFJTSBZGSCDrGsWG
Nnwm3dAGyqWXUXdzUT0ZoxMm2u8Q6mwmoOippNb9I6o_lEKTrnbrX-DTt5AJsQrIK
tqionu7rtC-pSrYNgv74H3klvtxBP9uWyajzREAQRSNC66qDMHHhu3ou87KChU7If
IFPgWQqRiG_ayUs0x0lz54OTQrbEb8VfbWyGCWd0b3USH8b64RWoYoP6Smxl3B29I
PEOcVSn17uxljZFs555llUYyitvfcYTG9YbkTYKFfLYJFp0mXcYI4KyW4GhbgxGhJ
aRE1qtZ4Hv2WvOh4NWyQoIZFwzgNlAoR046iVQBY2KrTRuDRQSWUxMV2fImJh-jWw
Q99KEneNIVY4v-5UZlNri0EEQWYMFIJ94eqA_KkkXdw7pleLGxTzqumR_aj_fzYLV
GirtMzpYsvjYHOzz9fqJ07TCN0sVb-6QPIdDDHhyt-cTdbEqQegF9vKGn-YRVnU7N
PauyBJapZ0Gc8ncuGEw1-SHlLqL95I_tKh9CUg1qzqER5hm38GP38kirslba_oNEw
0vw-8SBry0b0DxGQPZ8uNEsSK9SfhIRuHIdQnK4FPsTV1ASEYr0-TkUTGgN9nHq1e
TmSkA-r4YXKFfd-gkkrfCfIOHZ4fqkyGKkfu_97dAp8f-4gWPhrZDgRfbmhKo_1Ku
auhvKNM_bUNwBFibjtyIm2tMj1VO2fFpfzrofTGYKRUBqDQPhJMLOLkXBlAL4vQPu
y-JjcO5cwFiqG3MbwRoCo5eyultJmtFWYP0aFCDitb44_yDA_j6GI4OKfX13qeQxj
ZwrSi0NsV7IdMG2Dh7Xo9UU_qge8YlbCEG68HIWhe9H_hqAqUNscAFDNDTPZAr70F
lbCW_YJ7NvOw30cTaUB171VneHBeLuVYSkvaKmSRnf02iMe_h3vvACycBL10AdWgM
Y_88taAWkaUZjMkaVym-neZVsMVIay0tfdUUjtqHLRpyu2yGB6wzeOXm77N--u9yo
zKdhQH2VlQEiJb1ejbnQly5xLlZ9m0DNaGRUWe19Qrt1UsvhmJO5BF4Caoz0n1N0y
6eh9tZXB4t3QCG__3kpHrvoeU3HrNmWojcEFBas9D8Dj6IH89tCDTIIKWngVe9BSS
IFrbR6ei7ldaGCc74VUd3GxlV4Th2bf-xXdiMtVKOLc9LL3Jyb-hbYA4gvfqsUMaW
UwCFGHa0hORqSaxu4fzAs7YqIfvLOfBAZclTOlOLpGBunAlysAlR-qHwICZc-OmlN
shRnAmYDxGLiI5nltSjKN-k66guqa3ohtB2eJ8UxwCk27borZcXSyAF0TCOCx3SG6
PB1ueUmVn4c38exZTgN5YiyYtE03qEe4jNWnfSeTqGeRAZ3EgYg8rrfBCIuZOorw3
GR32zVzSa2eQVU5IMK7qIaqgMgGL7VtkAxPZq65nOFgIA0-uiG965RAKmgN9T3T44
Mt3iER6EqT4cNHpb6jZHbkHZ8NoJq79rLp6zFaQpRh6ramUf_KUr-1U0cXjuqv-l1
a1XYYs4Npmmmb6n5lrNqda5tOkKgg2uvJUMhN19AGHuRA5IHtYkAB0i9FgTado_zg
33PMrG6HWEVjmLq5QF7WBOVVfNwpRr_kS17Nqe_JgiXdrUPmqYXjbzvcI95ePzCN-
NCAOf4cNOyKzGxsDDZkNwzIoQZz8Kh_qYO0srIj-ra-QsEp_h42s9wuA6j7Grdrzk
eMUMoYKQchAU9yBz9KUj5PMb0KaWvFwvGXIlvuXpIQbLsSTZmEAERNHy9291doMRx
_SWH3juH5jDKvi7zrM_twql7k7l7VtM-bq2_t9K7vN8VebyLHmPpIXS4Uiky0n08E
DgQVw81jXKoTWMXIJu-cQVpZxhgJ5hObrSzvqH4P50cFdEQKqNDFREIT8kHw7XOdj
5GVP1IiVT6Osdv6bGSw-PS1APc-uPU0wHEZwScP8PkeQVQ9YbxYyctO5_D35SNzlF
9VnNECKECjY7HE9G7ZPxjdrkKmRBrpTuT9WnrT1s6X1IS4FKwljqdfU9-mv9hT4Bb
OU4d8kJjVpvihq985BpN_OSlD6K_ND5i4njFiL5-ZUWgxhEXQdZgpMq6aCIduyv6_
9p7cQkU7EA9dVuxYSke-FCm1XRnSkszdmo7FSn2MTm_HWjtjvNfxV8VTOinVCn7P3
zpWQF1X2EmdDxt8vypsfpBnvQYoAy7-CsP_17JZEyPrjTvEA5AwUXo1wbMm5fVyLz
AOKRE0sphht8uLzYY6nj_CbIzSClZUPmxrgr7zTUUwrQW_jTFo3BL9guBYcwIXnFH
XKNm82wcP2bv1z3GhwDUA4BtqHKJpuF-IR3hEmUKcQXa_R1DpzbBAw0Uqezhkp8ZG
yyKw4m5v7kNNv6j4SvUp_enTJoSpa_A3zROqL7rNy20HGgfIg1LhjpNwiy_LENxn9
xRAnewA7I0u9vJf3RKe9FcHZd2OeKqMe9uxM5CR-aKBBwqa3O0KOUFITfAlJED1I_
z1NG6EEHOW5C4c5hmFrQBrYxkSm7z5EfmX71XdJL9mbaO2C59hpBvlqP8wt-8xTdJ
U0rQF_F5pvhUdoM3nD521lYDpTm_WFoUnUOoH7Hxt2JrHP_hdFMS5h_LVw3BrcP-H
i-Y0QFPf8zXrFG_z8mtVg-w6_AvCwwFz-t5GmZB8n-BOWQKsyNGnyqidkTCqEx07P
K4tn9mUGMWVtLYqszKf2D5jKbeOt_8QDyzOnED0HUi1KEF1P4rHYYCRjbkeIqtUv2
8b8urT_km9d3IJNo-kdxovh-OZ2vdoTP5-BkhB9dEM-_qOdt0Hbj32CuBnbLdFMmY
9W4tc4sGceI-f2bRe1GZifmuTS7MgKBNxX_VRcmCiuzB9olvYrXLcbSojxLLV-Msd
mV7TeVoDVkyDfW7u8gB251_ANLvKugcGwrg7_H6CHXHDqXhuV2nZAYhq-1QyG7aw-
LixUundNolNjM-X2h40JK_Jcwj60KgjlZ_qnbX39CaEaNjmYQ8_wG7XeCaYY5ukv1
dJZF9jVgtOK8TFNgs6VD32EQvEn319JMxeyhL_383LzNcBcyulgdiCH_-IdHBFcb_
l62j9-GHnQxckFp8ANib4FKBQAopZWVUd5STzzZqORZFBLGdjTrmZQE_t7aIzw7ed
RFikGbR7-2IU9Ral8bu5YauufK_VjS0Nu9qu6snBZbsY_4ZGGXGMrGrTsP2UZK_1N
iIv4561CiC4GLuitIj8InYZY0qRlW3_zOKGh0X_nvtkd_PD6m1QIvPwPVTOGN4CYS
mDaZeTpsIdR4G2nw4-pIAFUy8IIaNvO2ZqcD978rzzfm9ynEGQewvWkrii24eM9qq
62E-DuBfFf8L2Hbjc3QAwQkMqQ5HU2DZ3TddMENAlI0_zcZPCTsWy0cgk2PF293Qu
kP2_HtsC9neVIfqZjWlNnjPkLEFcFq1q5oq5P0q-KKLu2f5VS7oU6j2pL8fuNMYr_
K6dIXoK5rYbn4p3leMcsW6zO0CAzAWguLpIcZGjEh-_rmfXIuvkexbVh3x8nkPq-w
nm7F9JkOx066S8b9dd-VPoo8D2vjOPQKHMIZkPR4ldL5YneNTj0NUGUL22gk0ojow
22SZ0ZRfr8BM6HJu8EjWFsPmfYOvFQE2slPT88H4xNLsHnH1Lw9z1WeNP4KZhCopd
X8vrmHCfILnLpsPpDB-OvI09NdtR7wAaVxWfq5Bg7EOu0Kryo_o3pBiOq98Te10zW
-FwRwgpfvpn1zG3LmTB50H6mnphPj3_7BhkvJldmi1LupEs9Rleml7zAjYSfUF1M0
SIYRiC47RxLz2FJHec3t2SgSIhOpe-W3ouN-p41BkhDj5GzBke1qsRolUwEm0tiHX
23xvCIeqa2AXY5DpNu6VRI5afKVdOWjLpQemL5DovlEgZA7Gx8E5oGwYAx0Now3cB
tG_fCvVXgAhfpf47RjvCmg_2yxZyR1xWN4Tmci2JLNhZvVD8NtPFsA5fjVnhqNmb-
cgOb9JXaX2Pq8Nw6yI9hHkwahkgiar9WQ4jujDXazSMVFgppc25_aTh83h6LiIN-C
xkT26XBwGhPJizQTKVEn0KYPkdqRZRaY0wOSOMm6cUINwNJEQd1ibhUWkf7p70SKS
f5vQUv1PlQV3mUefxTL2380WVLj8VtFykzdYwo-5LGLVx4zlA9mE8Hi_VXqFIApkn
OttrBIxF_sMIfPFcxF2dZClZ_-uf9DI_A_WqgF_Kixw2c847HVMIXvwCpQZ_Yw5cs
1KsBIFeRb0Fn5ZJo4VFGDdORU_HrhTE_ahupSiP0OY9Bt3kQozxDpT8FJsLImTix7
xFSi96xhKpelTVDUBxuSWRXWdTMzY4NjswPaLn7TppPi8RsGa4_4W7wtmi-PucYQn
qCfge3wonKgQrUU-vrlIYvUV2VO01y04Wqet_BZ-a1QVr7lD8HBFUWlcnO3vyE1Xh
8gsjbnrZN0z3Na2kwxPB9pH_u-qvCPU58XCF1rf_cGOboRupZBjsxQMXRmaSXflUd
cuQWx_QFHF_wObuXq0S9CaFLFAy82_Vqel2I7gnl2C4RCs9uJK7Gfs1S3JMFTCRZl
WwV-_wRDMp-GDALFx3pJzw1kBdWkOQ4-JhUAQuouSK9Z_gyy4BkTgAq3pV4Cwhdc0
RP4r-_d7pMV3brE0UjWCN6A3VbYt00b8vOpdLuoig8lZL2Gt7BkXxRdIKtCzxalv8
4aNryHy6z4PKD2QakNOZLLPBHX_a7riAo-AKj5tHGjDGi-tj681yslzrc7P87Gqfw
ircH-ru1dyIq-Tba81nN1c1CTAMBtyCWGavELn9eMvkM6pjVSxmA88WHomTVeiQO1
B0OwSgJ9wJFawaMtmdiEsl6i8XXgGWVP7qeniieyvx9qDv5x97dbfjmAiIGQAOMw2
EwxFeuyxJgZ7c3PpJFVcc-CR7semTmQj3H-zSFb38oc8AtCtp9QeMIyUpj-AuSspV
WWOwFtj6b0d4YOxYuw05RYVWpW6kkO-YHv8ZYH9MU9Ub4p1FciRnsyBK6MeHb5GSn
d37SY2A6YVt2-XYVAHP9H06usKOUVtMKkJo7davd2G633FfpEezxcbO-UCshoUDZK
anUoLbWBGGLAzLP_9Sf2R5j2ncicSpSEc8LgzXCBQ6ADsMZPgNT7xKDw_IBDRATth
pGy2-yueYHmemstat22qAEO4GKX9UpslFM7uDoxspO_JNmSi3SZ-SrNTINnil29PM
qE5Mk0_rT6mk4rc6AnSL-KUbqC0MrWqzrfHaRrSQs_Sm69WgPQkc3gFmiXubFnKag
l7Em4z9QNYx08GHRSZC8N5BbyuwMO_4UoT-yJtuTKbSkn3nBzfyxYO40NkcnIfUdl
0DbSruRV6tgwihaGHRqeQRYXOJ0GqRNIHgYbHwXaBis3dp0zrZgQlSPlbdPfcq73M
USZH_5sq_PaiwXLErpElrbSY_Xu8gW1TsV2xTO5lJuSV96zZMbYt7R2CVCgLcRt-b
-jOo03MnjZVD0sy4O5m7Hgw0Kmv3F-TbmtNrjp5CeK97lDqP8tXh_OJTIErMrvv6a
BJL5pa4G-eL9R10zLUCM7ojYVo2w4LRvTHa8b1gpmODzAvyenY9JNrMu8rtxx_1eN
Ai1HpXJ2R378lJZB8wYRdCbA4VasdVfpSC80Y6ika6_BIjadWuqnhDxmClWkuzIuE
5kfbHfl_qhBxT-JPH9KEzXuDDZFBylDD5scYl5R21_x5ABDAFTo6M_gMYWy3V9ZlY
RNzXw2CfKa4nY7RTE9QwTX1KJt2gDObRQT6_vUjWEerGL7otsIIsYVnlBvYSndRT_
lilV59MVJnjvhwtDs7tEufuUg_HWFaBoioRppZ0H1Ie-1lj4BP5c-AswcY66jIOOk
jInALMJVykoc4rrNeRmrBvqx-XmHWBSs4eKEOQh2IkkgisYTLoKBtI9CEkFAl1bL4
AAzpAS2CLbmyK6rYBiiE7ilViHgXa9qrpmD2Ue4BNakhoQxiF5gs2SFlpT0X53QJg
lQ_w-wujTYllOCt6nSon9poAvHPwyQNl9zS8qnmA_tti3SKyjQIb3j6Hpqf5MG2Pp
OOKzkjrDdUNPdUsCbXeIRuciUtQ-WOXD5WegLwZXJNxIR0LKg4oal1qUzWv82MesS
uDjf3TYQq1Bons6_i7Vaa93s1frlRg1u4_fRTxB_Wl2dSORCqnnZm_lI7x2Mqe6xo
9Ea0QS2CnlCluAaCsViH5QFt_uhPwhNtRfzS88sa7uGzoTBYmebs1l7Dp1UrBRJek
VjxmGedQwm4FK98fTCid39qIAoMlYmSYmK1ALOCUk94BsQpBfDLz8RrdPJNehuwFc
zLROX0HexRwAJOTnXwUUfiS9TrNDBeeNcRSPTZqwqCb0BGbDj56-teFdgkTUVyadf
r_4s-XgRX6P6IocBz6eHPJR25P_E7aZ9BeZTQda0rc7PZM7ZZkex38UK7WIz-iCSl
98_QmT-Apcy2NxvykHdj7vOfJYdcYl1sI7OJFyhla36Fqt4QN01bcakb4Zj6AGG-0
7WXRbR3Woc39XItgJKjlYhYGRjF0QKQAsEOPFhAgd9XjoRnBtLwZN6ssMsjNJkJaT
ya8wVLTRp_jfMZ2XU4bmlz5qzuvS5BcNlsn-UWqCH9iR_cD_JtMBd6FZT3oU5r56J
6aqKoDek7MbJoERbWlg5oYlpE90mT6xiE06ySaHuDKDi6iALBhgZHec_Qx-0Fu2L_
jag2efOiYLsRA7qhNTvaLfAqWBalxXLFivqW5pxQapDtIMEXIZft67g2F5HMR2L8D
uCyMzcMb3owehTnGHnyOvboMTRkhJQYwBwzG9NaWQZ-VQGUNjgVR0c6aMUxIU198q
4zjCYb1svsRs_vqoNM9FrKQXGxeVcfugHziU-Bexxq7qAlihiJIa7K6CA2CAsPDSY
EYN-yVx0bJKP6w1aGrG2HMdXKsN_peb2_UObtttuV0RcKktGrDZl7mWMdbrD2si3q
PqQRluuKjtzSShuFP6Wd8glJZtmvUbkWlzsiPcyZtZ_DpCjA65SITWdGkWG_IQM_u
XELnj5kUsEif26o7klGKkYiWqHnqxX9ULAGvw18Q1AQY1Pzxi9VfEVzah6pZ0ZjfL
ZIrh4rCSA-Ay3vYS5j2OWSjJ5769lj5JUJioV7Kp_AtZ6JEwKiQqzx2ZpZGHML13u
O_4HRq3KyOvwJMLIiHP0-sm_JbaHWRB8jM-5cmYYnGI36vIZtWP22WLICSTIuZXQN
6jqAfPtx7j1G_jYCLz0oHTDjSE_MCcQ1AsEVmvNGIe8adi-MwXgYMwogHucBrOFy4
Edqn_7rxZCZT7z8E_rckUZR0KgvypS8tnD0q5XsHd8lyhc-7aG3wJUNlwAbwAxE4v
CAXRDRH8Kns8SWGvC2i4eRlKlb6u1Kzeqnrr5rK5lWT8byVUx-qzGujAY4ZrQI9f0
UFsV9FloNuVwmFZyRkv7jIuQLlpL41o0wurTpVaLE0uQPjWPcoB3tMTtp8oZykv4z
z8MLdqjoMBvLY2Z0qQUSIotSMaACOlbyAdvTGXytqB4tNpdU3qoSiaaPWWTJqTdbo
CTzhXoJKa5ROfBRC6HZyD1t-QQ5UdkSrMO1iUq5RBUQ46AfOa1TI3kSkXpjHpUPxg
26pnlXHgD8eW2JzjhM8iB9G-UzlCHOYlR8hpp7rpYqkXju2qXLEMRTf2_jTwxYKiR
30ofB39QXNiFyIEKXeiC1T947TZvM1HT64bsCVOWnibqVn0wozrBGf3aVeYKx4I4x
8N2ugk8Tf-2gx5V-izGkaLROvrN60Q4Tehjzzaf7FCRDYairluWdiAwfC4oTlzfuR
M0nTxG7pUaFm8bweGQx-NX8ET4mOWeKIErEGI4Rx-LY8eLsmq9PJ3TGtFDT-qpwhM
lVLldk1gz7IPl7lRmPTDk8Djf52KdoBgJa_XugaFPphOvFnoKAi4ka6Z0PJDEEdIS
76lfJDELEDhwXqR9UREidgIpjhv8q0XS_gM_-bAvP5tEGWawOKWqVaiZDQ80yj_k0
6R0r0SrPFoHanrxDbTKnP5R3ApgHud-v_ChojqJ3qTe88-EUFAl9QBtX5AfRtPmOb
-wMDo1bc81tIks88a7vQEyz6DUqXdjZoQiXzCrcI8ZNBVRQhd4UAIHGGsek34gxND
fbYTNJO_UjDgvLTTZPHZsUBce5V7sIQ0rDDn8VkJrgdbR2gJDKzydQZE4vLPDfinN
Naiirn7bKbNOdDEJvtkTstYSr98c-nf0GpU8Ii8G6ydZlhkPsfGz6xMNaBndXN2yv
dQtbgPG4SU5JTPYfSKzpysrB1FSRHZkNZhYr2ynTQ1Gz0uETqAsqA_CkuUsUQYJ1V
FHsYT_FSUUAvX6_Ydblh5AqQSpG0XPq5JROnAUM9IBBitrZPPdPlmfMyURJaCyCPb
7JFhhmx79YQPJx5UW0LxtHjkIhEUyiiAhgEDUbPQL4Q9WtOleXr61_QVoexTBu_sz
bC2EqJMpRIDnv1cXjbxYpBH_huVKxNeyQWUEqc32WkCwxiKdGBMcQxBD4RVc8JbtY
ns_clO1yBdWprIKHtaTnovoFt2cZSzfFc8a5nk3GtkofYPsqu8GzfJ-3J9PcSA8H-
Wa1FV44Z4YHxH-thMcNYN4v7TR5rdLp9DH3vGZglpYL9GUyRbBzIxN3MLchTQwQz-
bU45Ff3WmGs0AuUz3022Z0miUXcrseRgIAQQW4iCWpwVO0X_gABV-XUib2vN07rXy
fKXQC0VMrBdw_Kt4r5WIZYk28FqtlVn-KObM99oYa51rO-5nXM727aPWgMb1M5UN7
ozZkD-2naysFjhR-lTdEkSH30jusqJ0nusThUxUHDuoQET58yTEevifs3OyuKKn4I
bbDga3wUIfqk8KKjvAeSwAmbOXuN-XImRpiVo-pXgaTKrt1bDrqnMQkIySiNJruv5
STP8fa6pYwEbtTmc8rBU4FNTDN0CYtO7098p5lf8_SvrK1_W2C9k_75HN6i4oiL67
DWSmYJ4kKBKmGp8TRLWXLfU2HXm6LIjc2t4U31TDDVmnZtYL6W5TjycOUcMpZRryW
2IUaaKmaaEWroprB6iZ91FCiVwRhkUnoYfXC65pUNK9OAVKeqBlSC_M_rfPIv_CE-
qchY4PdQIiBMmIs8REpRPLP0qv_tQAHkBZOWb6EdVU_-GzSgN6IirXEspWqhwlDaz
xhjaxJmTFIe4WQAZSGM4o9TLhPMvwJbrXtIC5_yJXZsqOl1_32AMzO-gKIBAuPaG1
AVCuI37L_xE_F6aakPdvofE5kHLDXrKfxrjq6MLAmwdzDU44Wr-T8SH-1oiVaZc_m
fTh8df0--8L_isk6VnKNUrwEUxZR7nP5C6nn-4okkzTO67TO-pAL1T7_-tRkeg9jw
EMI2O0tUk-7ZkPKiR6iw8tttNxex6zabcmAdQ4JlilOa5PIjT-riRZeRrBYoCojMR
loztNkP208QXxqAA5Ik4BInMC8_ToIHacOhLqOnsc77MtlvVUtcW9YKyQljpSK0kj
4jZH__qWsYEvAd1tExTAbt5PzcPeGIREAcSAa2jBoyea3BTALgcx5q1NXGTQHOpap
VwXhVf7LfvaLauZjQoKjkQV9ji-M9M9UGIogFxBqKzhRUSkCC2N-3GlzTTE-b-0NS
JIPfm7dxiP49X__t1rKsSjeP3VqSzD41EWB6nO7UZyFTDF06pxa4jWs9hZSrSIYXw
XhhkoCxEDfd7dJ7_Pq6NXs-fJ9ZHfr_MPocK5fB8GixJHGXiaW_reAHZ9mV_czhhR
DO0th-P1MGalpJWBKNwgr0iiPTCu_49yn61_sjsYSkTH-uLiVhimJ07RdcJlJ0CYd
h9h7CypheHmOt_Pmpix8fKvjI-7jjesFMu2wRe0NBEP1lSL7GDFAzUyvRZNGjadgW
DHlUdOOv4s1cyjL6mUjKyRRIo9juxRLXbfd-asy9HwhNTDTgP1U6Svc4u4lKB9fOT
TfDR4oiKMePdhzX36e9ARZSxLZfbulH9eqOaCvJhdBLwpnHvPPpFateczMaAldQp6
LEd1OL__HtsZOwUJ9cJ1_McEVKgOIgXjFHoaN8Q9kD6jS8VS1SCF9BlBwqXYCdWyQ
mi2GB3WSd67SYVJukbc3cSve8mKPZNoDrTIJb9OGnWhPDdOVOez3dEl8b_tx6ZtQl
GWXUPzdNsRgsOLk2zSMAOP6CW7fMl3rhIGfmSb_IC4jWEtMoLBF-yz9EkSoQS-6NA
Ju6DtLCRJgrOsFsSYKqNPvgbuAQtVXKxp_e7IGs3INBK4zFGw2fmgnE7hF1AZ4_0r
-5oypFQ3AeuW65vM5HiFhZapiGYjsJJuQLyRDeK2Mk_Tuj433r9ZpW7tw-an5BAfl
36bBVZkVbNmzyQOLIxzyQfVvprWaTONyK8LkBe9gpShDU5PhcNBp8jaFCgeS_lydB
5wYtXb48HA517Hw6uojS_sqm1gRudbZx__KFeP56ZE_M8POJvrkpdVWQAkjOcngJo
synyMyrIfbXzFMrfgwBQiEauklDBBsDFn9r5oYf55uYAPRt7TkP_kR8Ddl7iFd9-D
veb9v4011ntpDd0K_3zhHRc7FgArX_GFkeGEW5isY-yL7CYd7qCE1OFsMYEsSBZMC
EFXnalk9b837DcO-NJlAQirkWLHkm9Alqg76Tav2zLbbdxckKR97cs3q81EFrJyaE
K-fFAJ5F_bA1jWw6ED9-phfYE5wuOJge6M4YWOhlk3I2VHzT1nvBNBnSxVAqbXmDF
ZMFVe0_wpzTzSgCVuXoLho7uZQO7zgGIIiUZb3w_HyT5UoW5FSPdEQc7z7OVPSC3C
hIXlWInSPdgPasSaVrTz8pWfG28jd5zoyeUUdZsFzxN857L1bMlxB8mZqeB14Kf9l
BeNrqb_1MeRRPfybBb12CfH_7-K9gFtqnLkPDm7s_jyu9i9_Vir4fPIe8hOGFWRNz
XpsWCLiYCWs9nlRmPC9Nm21tRhu5MlN61i20sIIyhE1Xc-1bxfFGiH9AG9ULTY5O1
qyrWF-PB1yaf7g7NdzweiR8l82bIezYdwsAwmyGSByFCHvIsCunvQCtxLxiHiiTxR
FtqDteCSPwgOeOGhc-SSD6-LE9VJy3xAE7ppSJbiq9O5q9NbwLzUCTyZeCHh7oW5T
GlgYdo_AC7-VmVUpndaZDcKTe2Esz0zz92hH1M0vUgSbH7kImQer0NTubYRRaKPMy
L11wYDsfJo5Ma-Bq7PQA4MrkY4J0Ous5pnYdbsky3s2mFKUErFc0ZutXRQtFmRtjJ
Y_AQmg4ONjFBwdALn5g1Ch_EeN9NhSmSn1sYPqvZ8o6OD0tgrMYUqIbXie7SbcuD6
zIoiBP4o5zuBt3EnlwI5eCqiC00LXL-pGWrHXPiCzqa025claVilvPMzXAdbb56n9
XpFlYK401TUbjbvdf_tE3LUltBi8M-X4w1PauCcegaXzmO51Di9eTeywYjShewbrb
pTCC4snO3KMfUmnXUdYp71z6y4TXiGqt-4zuvzvPXZ7iktUpPYG09Y0ZUeLpTLW7g
oDtp4bTfFKV8vog-gPd20siVbNJVKyh1fSVih3XGF2Zul0IGL1BERRUpwSGCQlZun
hjPCqRr6qWAaBk_ayMfSRvVPOLOotdaRpmtxY1dXs3bXcASD-2jzgPK8BvFm19djT
w-Bz7pwCA4vYpeSfMhuLkA6zFxySCXctwESDrWvbffhIwxBVPCq5eDfBPOmSCfsv9
yVYw-YAppVx4-wI7PXjt9edXbJnTYErp04TwzwUE2o0As-xAyDnhBs7hx1U6TdFou
dN9Zbn5FfSSiMaUfapcqFei4NwvTktGSHqx7VZz5VpsEEd2_HsOcsph4mNfl0jrNT
sbMaofu590rIxujafcqwec8OWwcjUq8mkgjGcC0YjQM1otwye7W8nzbuDj7JStxd8
6l9Bm5SVy-PXjMVJgYl0yeH5rTzU5Y-cg4v02lZIFSZfydQo-Zk0raTTMijZfu6NS
ExQbMNgVEz2v5DXVlvseG-1BG3eu_wnj5yKuJSzp8eKxUGEi8-Qq_KKfhSTwGSCtN
LrPkXwCTtGV43nONFmyqKn24jsH96EkwKAytMx-btXHBUMB-6BmF1J9vWugryow7J
aT_9Hz_zwXQFq0jvG9oPnFiqerB3wBVBPCi0Vc89dAmV15nQr5XHMrpCPM5PZrvfZ
d69jShOv_E5ZQ34DR4pdxoDZZSO66XflwzFKLGJTAwXU8tHUrD4JPVG7yFGc10JAP
uTQ1dBOYvDsb09YdPe6H5C1veOmKkl1Ken1xRYz_NgnfcMgLmcVQuUfOS7-tz3Rky
mDPlduj1YIO-xzXbT49vFjbSkgzitL8NN0sjwPcOOsT3K4dT7X1HJ5VGdujMN8xVn
9TbqQDCKjcOSJdf9y5QrV1SeHCFZKz5Yhx0_Kv3eprViN__X2gqx5epLRAWByZtOf
F0Icxqn3soD-aFlwcwgXDn2-cm-S7YIoQIrihcdDL4DbXCl8j0kcOtEmNCfJ7uKe2
kJsqGrWgzxk0mIwAwfH-agZ-SCxyxHjmrGBIeLnaMuUGpfMoqn_PeFT8N-SLrOEi_
hDHjZWJwNmrKfohCJqNPzuXq0y2jn73gho9IYJUvr1xNnQM1mk27GUcSCW_RnOvho
YXxKROokXi7laR9XSX1Z81VPHfym_ySsi238i5scTZEd4mVNDyZUm6zxLBfgDchM3
j84KBDI1WEHjPn73GFLkX2wSvCWVcLwjbXBT8aka_t53Xy2acJVVWyXn3AKvGHZYU
fO2sRulTERJxdd0q1RktgC8759ZL0UrMjST7CCb0LpIWZ6AX1yXMa_UEWpbliGAwG
9gdywLgCA2cA7UxIp1aqQcxOCD4-4ifIJegFQG2mdJi1MYJ6HafC2Yju_aAtmoKHr
ZBMt8NvQfty7iAUTGZinMrK7agiETbCv3HNPoE945rP5UtXUYw3QS_8vQhnJ7f2NG
PoQC-keyU7jzEPN9tME13veKJlFIOnBqHa5xgifO32qknHn7zkxMQeNHTtuA6Zxhr
7x3hRBbBwSj3xPeZj6ZaJ9G8vmG-Dc-0KwWf47LL0evu31frhTsaq88VVMNje-eiM
PkhnvX8C1kq-YRP0bZCop4YoHvZ5R2OEqAm5bqWEyG3CZUtZxny5lqba72123HYfK
XNrFgLk9jf-5Ov4XQNyRhB16nVAb-eO6AHpFS_KUL2Ubsj9ejvDOglhzWFhEPEbGm
rC3p3ei7l9jLkiZJmHNIACdBfypqt8n_y78nGrrY3olqvoDNoA36rjAQi60Lhk7Tt
SJemoy6brefVFkTACs0Fcnx7fonx7X5_DBEDVtVsbyAXPapLT51vsQDtmsdn_m79X
DOsOfz3IThYiP7-qpCOKIKLWF1q5NboI0Jwlf0ULaz28W09GLXUcQSgeBIYFv2-yo
aM4k5XCzVoslqwbz2LVZVIkAZ5XU1xEmzG5ImgH3j1OtcnRbnrU3V5A-I-eg2TQC4
z0G-QS0ho_DNm64opbHXJOgGtThTqJafp5iAK2wXGM6YW3NYFdS9Zfb0u8H85IPEx
H9qCwolepRvH3PfkTv5DzHMIPKyXuG63yQebVvPhOeiaJTj0pFJKvmW3sx3JyX__c
z6eWvYNc6GcpWELigVvtOzUXvk9JrUbo8exiR-_-azO48UGdlhFfxi7K5L6WjFURN
nb-v-gCRnICxaeHy4Ozm2_0-HGYQ2d_aYrdyEodoSSsfxkZY2V9hPMBtlhTCI7B-7
V4nnaDlpnm3sH9hB95Q2HfzUMeE0LaUXv5V7LEh0v5K2yGXpQ620RPTMgLOseM-wF
6Hv9MKxwhDYil-T5hAfQRE1NvtJmgajOz_JysakreWU9fuz0je39GZ9A5OwmXvW6E
_qywmBtAsiIX0MVnpO3Fylueeim0WopXGCEOcKfKTxuK8Gi0RG3SEPRAkZSxRf3mC
TbGPh4WO7dGkUdztt_t9z0XDWlPkjFhjbJqTznHtlpp8JrOkPaxsf6AM_CP84Uk5G
CeTnmLBc3LG8MxiOYJq8WOgQiDM6lnV3tZ3Ie4WPimIa7CTaucv2EvwLNAp1V87p0
yJUR4StGNgaDgo1ZQTxVb_I6eqZytTlE6fAc7PL4rUJaCsDC9ACBGP_ehu99GXYXE
TC26jgAgPXQ122mJKuk5EQupkuj13HqIAZiz-jIEFugV1kabRAR9JQwPKx7jXSIoG
5QxDRF1JP8cE40hKAB_9_9sGl-Huk6j2SpE6rbTt27yf6cftElSBo73ObP6OdTNXd
QhGfSEQ68ilJnI9oGoHlgTH-jwkotX9WjhslOxNHvqtuFgciO_05ZSJwYATkWmMWP
zzyfoE9UlFAGGpS2se0GD65NH5ojIL0i-VRbUJlA_UK4d2UwbJSh6kcyHzUg_uCF2
4cSFDLW3kjYX6HFukBknbiZ7tOVIqbdNE08gqhFB4pvd3ri4492Yg6yFlApL2zvtA
-JtEnW3WUpmSXt_C1Z7ZS4Rxy2GEXy00kXmaVVwPHsaIQCSg8WRgEedUw1MGRf_Q6
OrJWcFIKtFP630y7XIEh3oC94kxZ7q1rKqgqJfYnTQIfFTz5s7bNDYmusJBVkrNuC
i6Bf3IBrAZ1M9gDIrXW_hDTWT-ywqzMEyjncWboWQJ-RR5i5Q5ZyQJykB_-Fx5Qsq
AMeS31axC3uyFeLUos0065485Vhz9fe7eUtMLPF3Gc3NuCSCLYu7-LIZixxDUTYGr
5HV25jh_zqd_qutJLl258IeW3JDWfKACr9buTDtwklf3lEhsK8BEVH42zS3TVLqZs
Bn1KBtOkiX5xTzcdSEyUgeBlctpojr8_QS8DHacT7jHKPifivYeUo3A959JmoHX2y
tux7lemSNt1o_kEnDZ_ptwMndGB_1TW6hmaWSvvgC4yLvtOSpzn-zpWnmjzTFcMI-
3VAEB-NsfZsdzbGEcKMGhDDL_TIQ_PBFrKO9JeJ28IAIKgIDbb-TGlVa00GxqUgSl
C8OjPLTjJyj-l7A8OoVyEj89abmgqTV1mEXu-NiN7qRfJh9bw4gO1RbAhKiJZ-idC
nonf87WlI4RRwpM0zMg2aRJEffPJBHU7sXHF5082Ta3pwyO4s6w343xSushzrobdA
xaRdKBbeTczFs5Yn-eHQ_6ifefklRWKVhTOAqWI7gUB4QE227-n2xk7CE-lSG3_o6
oDUQYQI6dh41e59R9yLO-g-z-Cc4KgHpvk_Y3pi5Ziq-iY0R9z1BrjgdYJcfzR5GF
_M8wSEiuvy685Wrklan3cRikLw70UA7N8vps5jN2TOjAbES_RsfNXuJSA9D0S02b1
5KjuT54QmDgXu9VX2l1Wyw2Z24QJLI16gAxXwe1bMNRWV3172Z4vRMtEFzmYW72ti
HQHpG3d-GdKKHvw-O2xOj-ApTc1Rp46nJ1WvSl5gldj38-nOgp30BG3s4B2-WjSe9
5PnOl1XfOI_MiJDW5qGledABxDkuXEgjt8bDjyE9dwNUzasurjJ-k8t52RKjxzr4M
DfMiDX9PGE8JTjZGB-8NNVVwOtf_oC6Na8lYAk2iVO__g1viLOi_Y5hj3bpE89MQr
NBsYnWpRs_BirXeM4kUXGNWjOM8oq0RkhMm_Z6mULdU4shlv0XGe-1C1nY0EVjcNh
IZW-fJtJ4uTviBq3EtbTnO0cX1urow967UiZUd9l7RQHq8HrSUUsgcFaqZz5bLddC
JWvu4tBapdBzRJVye8aRZPGCyBBbZ1rHrQ9e30W5LxFOCRqxe4Wve4rDFWQD06Zky
L0DHsPAZUIsepV44Bty6IOdZ6eliqRVMFvXmyrFyE7NVeu9A0DEyTqIHKh3_rJqkb
-slbjj4QLFt2SJjrQyg0uiPK2TWmR3_GEQX97kaqjBP-qVbz67vF5Ja6027QliDzJ
fPbRYyrQyWLCsXtH7Ntdzm2-5SRRi2k9taHaUW1TF5Z8a-TFaEAtortB6XrwQcmGU
_lBwn4pvHiQ8c2hIa9Vr0B75iDVSf4de7bvlq0wfzEiBr5xWeBYFvnQh8JsskiGgN
0KKTJofSTu-F8djsvIKUTGf-jQiVgK8fUQa_ROFltqeFo24mcjhs4PD7yWNP_JZ7x
tZCo03O_ZncaYvx3mcGLXWKIElRG4lpqLtIKqTkhFbJIQIyVUPQPM3gWT-qsvySFU
5MZ_ZoTHAGyNtU0HVoEjEEalYGS1pevs4OlyuSw7-Qgnpjv6DjH2_ttVTckhJC1GV
KY7x3_gBzbEYwtCBW7K6n8dKidZsl6W-Bc1tZ-5TRu_75PvLpmN3JTEN6XIrZNnly
Pl-tRvit8qVC3TCVaqtdmKcefvLuHo5PAVhNFvS6urIyG2mb40qBjmsQMYba8e4xA
EMUIMeXJw5fvWuobalaG3L5IMGvG5Bocr3x3WkyV9JYU4s3-Os7wt-Lo-nxQlWGQd
aAM6LVJ3McJS2DN3D3e_9xU_-HFDqBzxbCzfA_4S7GmM321Tgrxe_G2-kSgBVgyuK
jhC80rceTWTv8RkKyfr6X2k1sYffDwZ1W37NtJcx9q3LPwaMHabceX6Vk64IwS_GV
TPtE1Rbd3dJNdXNGdUmxVM0yXRGjFXxQgEcEk2_rzIJ6XybOAlUxWRKQ3olvwb8hs
n_Q_BIgi_NlEnnRR7BlVBG7kEBseztNgmDKPxAiDAjSKyb0agQilcLMNZ4uPXzv8o
dx3qrx6nwE6MglwnIknBYIQOYu8lUTEBP3TbunzxjpO426QZUv2PZHH0VLmh-ysI2
rKHHccf-n1NgvJRg1sYTdNj0WmSt1H5PzhCryzUUux5dQ0TJK_5TcpBsozmhlF_dT
tk_XLsdLd29kwcAPMxyVGo8VZBP0S3kjFOemt9dFWsU4Cd8wQSWd1DkaIpHfKQSGQ
gEBg9bdkMvtLwK-ZTkdwGrP58T7DQ6nHg1VWiJS8GJfspilVM_bVsnQHKmG9ka03C
Yh5tqBuISAnHkixqF9RdOFmohrYYHL6bvhke4T5HysnDp87jzKWdyHmO8p9jWk5K4
GLqZp9BADFDi5qUTpbgbZMZXZkZeByLN7YKCTzQl0vcdws8oZUTK2MvfuvblIHYmh
ha_pFRnBKUlC5jZyDUA_QS-NrahbiNM6S-kPCQvI0FmWX4bdKkKrBZukjUC8UeehW
uO1PTpcZT3iZlC23DvJMhc92n3s42uSsUohbcdK4A0rIUPHVFalSnF22v6eU67bW3
AL2ONe-jGsC-_lYMrJ8CWjYbYWvVDr0Q0vclYuv-BAlQpO1dw6-ag1LDlf7s0PIn7
MSX4iGMDqOQQnLEK2mAiKEYQD8wkdlLankW4Y2SBiGWOLc7WEsn-3mP3U7HSbn-1g
31P3W8-7iusK-77ZVhNYnl44WK0iZlIheqmwyCG6yO4XrJr8eNaGOorYw5fnl-HTc
NQRBx2UBmS-A8H1qmYQnP6IJe23KngE6MPMx8jetqIAm5z_nKyGqVQvMTMGBAA08c
n9XVwLVL1aid1nFIk5Ttw6SaxWVMP4X3koTu8835rFwcZFdEc0SfsLRO9OhRadJtX
g8Zso9qVu2pp0bwlwYhHVQmI_KSlKAUNKLAjRonaH4ViLOpGh0Fm7xYoPQdFNNO2y
CLHw1eSwpknUkx5n9VdhKiFrflQgFa8-nvHSmxIaP35u4ZU7hdaevHIgU4t84iW0g
2yegSNEZtgI5y2PGnUk5HvKnNUJFfvIbhiXQCgsXiddU_7tk0N9Qe86_mdI8FrYRb
z65aZCj1yF2k04PhXx_WBygZYreptQwhRpTjamS3hoAG731eiQ7-4Kg8ckCsvAukb
3MKT-nROhz_DD4GFHgDjxmula4jUGgjRW662-bk07n_i3YQsemumFiFryPqOvZeeD
DlR0KOPQxlo4c2Ff8bagsrFIRMurzuUWLAIBrWW7jFl5N92iJ-5yauwYz_TVxkMCi
DvbJmbVac-LRVoQ-hpBl5vZFRagrzj6MwdTmKrCj6jojk8QnSGJFwNHQNjpCQT6JT
VTETCGhIbQ2aM5sAEna4tITR92mxvhNhjbjnMEkbYkZlRenOURU930dUDzVPh4q4A
2-TgGuOoq3Cr-h8bHRJjnsHE2X2DspRPoAggqvJDrnN67hDTc192u4DYsKTFNUKdr
6T8FoV59jigh7IcGnguKek-Qpy9gBaTto98bumgeriLnPeDXwg1ptGuQm6OYHQoyD
zWsHPwxt0or2c3UDZFzCgapXMgFhiQLkptg4ip81OpdyMNPnfNMMLhmbaP2ilV7r2
bHfRtrYSm9KoKgLtNKcf1JLxL6gvJVjlr043rjIgqQ_5RT3MNkqxMtTpBdHdmnRJX
Fg_zS-u6UcSr-bfMsUMhTt04a8JHEEjTEtyKs5yiCzcyNrQwpSNfaiQESZVj9vLxf
jBXNrg9fQxI3yWjFoJCcCMnJAV-6goLUOAwrOyq2IWJBdAlaxuuRKUlS4NWbYchNz
7S8wXYHaZKIJPV8r3l6LyrnJwQWVy5cT1yGAQPzQqguDKdwg8EChFzf00MtsshGDt
1US53lVHPUCJSpzv_3k5fsWSCrX53JIh0RyOJUIDa0EWiOqNaAe9-yRqrFJb81nbZ
8FCIGHLZviRD1mmckPhfwnGiIquHv1ebseXMiOcBm4AaRzUfbBvve1zqV4_Q9KiRi
BkeAMuXqFGPwpqIs3oyQEiYgrjxeYMav2zTfEUcABXGZCoGCF_EGYCmeSSLLdSKj5
O0qjrHeQN6LQOKZpqRLFIhCp4T0DWjh2x2WDCt3Swc3ES64ntlcVAJ0lwTmbtAvaA
JGmzzvI_APdP6n4GuwIB84GE4zFXpinlFW8qFyhMIiHk9h_0Fb3sYGy5E7EBtaOOG
M9Ta42PuzkkigR1kgHTq6V2qRg9M3Q3s8dmO72vttRq9KyS7C0BoqtvsSXH8NMLKX
H0Tcre-tZX_W3rfUEJ8sBt8t794qOQpy3VlJU1AEwJbkckbaIS4FLs_5qU4J78Hxm
4b94K0ve6lp74mflvzOx1QXNIAzlbRfL2S0fXR9rM05NiqeP-ylknsfyI07lpINJw
PO9jKYfQa5po5-TXxl0zK1_ubOXRgUtGjKV9PHgLBlLaQZNTb9c9VMm75RU8Plm97
MEvQG-AU5aOPt4CevtsZuP6LuQiV7WhO-4SPVeIpoeWhjtA2aEicmCv4A1mQssKyH
jijV0rb3QUe_tpNFGYD_9BAGT8g3cshRy4w-0UsxPMlfnf5VoucRi29dQl2TnsSA2
yuYoR8FJvyV8qQzmTJVTQ8jWGhpFoO8xYEudlFXNFgLj3HutfbPh45d_WDiuOwowu
qi5Czuv9lU5e_u0Cw0W2tV_b3LCwoushETeteBQspeKuX_ovNk2VPgpsmy9t0rl6P
3T7SbpZHVK5hNUn4wQ-Jyy1GcSoDH0df54rY9ljuQWgEvSzl4tFujuuGZKyuMrNvD
joJ0MVhbdyBU10fSbUNNGBxNSioiBxGRVuuIqRWTMoUcT4wvVghQ_UREEZqK-0CvV
UAvYpZ_8IWAAY9dgvvdHKx3KaQ1C_plT2mvYnLRlE98ABDKKUW1MfU5qO2UYqxelX
UGKjFetjP-WGDWT9_RpPpOMnmEuxLN0wHkrWCTi1BWaKKI_8FaRo4BfdYCuToGer8
P937YOhdRZ08WT_NDAT-xsr4SSfDfz25MDFm1KlHsehwIHiE7DxwN_kWxnVPYDbDJ
swj3blhRFuV6eWS5IaNAvpJ7vc9a41De-rPkDKoe72VbhvpV3uqVy4-1wB4BvlL1o
usEaA_oIOvFJeufoBAMTDxmsyl_K8Miw2s9oSW2nIvQoa8SiATtSfDAmJuthhhYVJ
SY_lmn1Ps6ZpkcffJvFQui-NUyskyxJZmWy5hiYBOtNLuij_dO9lqMSo5iTfAwhYe
uNA_tk1nLJdmATfPRM6s3Uvv5kEC7HKS7NdxiEnUwQu7cH4lAS6lDUS0ZY9YCvo8r
xOOFa-lhkRF_92mZ0sSler9uCwFHcYHz6Tyz2Lt12EZjC3N5HnCEkzmtE1w68jVXW
IHsdX1lB83nSvJn43_t6eXIMiYwYMHUeAMbgA_w-QSVjxwF4IS4lYCzYhG0Mo5Jja
GUTztVoCj_93kElxFLo0AbfMHCeJox8-44OCNGZoV3hbbMgixRIy6GaAW7uA0DL6v
Q_n_svyzKgxwDTuUhQMNjMXpmyvFoGrFRHTHx2aU610Gh_2s7WBKh3lvEc6F52zR6
pxoRLQ2ar7dZxYH3v68jg2G0K1UKcVHTvsaRVPmungfRN2oVap-y9hhcijS7inmV3
e56-_IdNyxr7mOwuCUlpaJIDIxQGo8InptAtXumh0bzYTtsErs7DtEUu1-cl3kvEM
BZokCIVgajT0LHSwJzDvifUT48JMEduOPrQ5eMltVM7p8PjS-DGc47I6-drmJOMJA
oPkIpCu0CSRTzdf0kYB4UDI1owsJ25zKY7Qm-GwzdY5aPcl0u_25QY0gi958bPPn2
IOFSUpGi-LukgdDoygibyB8ec5HH5eI2lJfxrDoq0tHHtpc6QXifq7W4ett5UOG9V
S-O_vRBuuSmk0BjD6NPfphyLq5lpCt_l9Xl7dY7PjCV2HrBOVGQpn6Glrvqw0I3EZ
RTfriVDcRkh-CI8Gn8Nn2_KNKPKPvp9KrMOq_BEGBZIjT5bBYW6eCNrYRgkagUrUD
NJl0qGA_tsGvZmTa0UORCACMfYXY9ymaOvuyHZemXHvQMS2rkW61lJdYOLOYIC-dG
tkGijZzAgLxuFfFKpDDNw3q_BfgCqoK9t-gzsFg5fncDhGaqt1EIzSjRAD9Btk9zp
fq67bvLf6uhVkp5WFoo4EGLBpBl888UfobAUYRL1XAc6GV59I9OOODdJjVk_B2a5a
c-pXwjNiIzpzBxOTU1yn20BIGGXn_stWqU5c7E3MzAyAggtFLcccW57_LT9u8Flub
7jnrK9Ypdier1we11dUrUNsK1gU0DeYhCQALMWcs64TrEeNaJ8OxTTGPhAAlr3Vw3
Ix-2L7HzOAhRoN50UOLGaaNbuLhjJMN-fJMPP1eu7GMlBA2lMu0XUMicU-_zIk8d4
IgoimNsBlCJzuo50Q1i5jIux8w7Ibm4mT0teWi4kX4ILA_yKoriGoz-oflmK5pRTi
j7dwp8Ipr0exywex99eZHw0_sn5dQHIOJ7k_zLlBBc0PDu8rv1JdiM-ER3dkBVEyA
ShKvXJVQz4c843Xx7ayUu-I4SlO7Ql85q5sN1SUqQNu84Q5o99UEgTLko-amUqnQJ
R0f55bjmSbccf_izTWKqND87UUYK4511TM7dWARrtacPb-jA-nHcMdAWKrXKHN5Q5
hvlrFAZBY2DRtamRUPrQYyjpfmxzJ5djW2MsjFznr-WDdJv-8jYXu3hxpDUbtGGCR
oK5s1xJC1Uq799cKgmwZ548c7xVTnnpX6S1lm8tUsB1n4h2oxvErJlToP8FeEAx2Y
8GDnmyw9orHS1spMxa0adLCiJ-BeiKOiGSJK3lqoxhQZX0NTSnwAgAad6fEcKzdyl
QS3z3YALCBHAW0qqrnILR_wyoIxcjRMqfiqylInffHFwXBC_LFBU-RrpBdOmykElu
zsxL8l5nOTiYCF_wCfbJ1lgVLUr4QvJtKj4abxaToP55e_OUMRf3kPK0aySvg1Ifw
0MNqnOdjGvd6c0Nl2tmGfs3DtJZTkIRT1Gu0ob_H5rCB36tmvPsYhWFFsW4KC7NsU
sUFXtQvHzqoBNKWnMTlZaC6neZkk-hdr0LtYMv6UPsIQXkgpEGiIaRr3kCLwJaVtv
CHIlHr2h19b4WUR8G3h94CHl_xsEpIDmVu74TNwgJAy1SOW-8dKWppf5D8IctcLaq
BOwTc-arzeKyxoYtk4j2MoGF1_joWwZlvhrbeaIN3PpL6LOp445znytyq4wWjx8Zg
Sk6sLw1XtM6KCPAM_TnRPQ21txZG2JD4ZUg5eF9EZmn1lQlnodqcJKztLnM9C4wbw
qafqtzmvSjzyqbo-nUQQ9gzIthnZI0tjsXqLDsLbfw1SeUvz80WXGsPAtOEN9LT-B
6AqsL8Hlo4tgRdoN2aYsJvs3Kq0AojLSOMgWfqxGOrbC0nMqpJFQHZWSHksXrNxvv
ftBFRXUd01OZ_oYLE4Fd-7hkAhQziraU5Tf7uA0zMK2OVAb62Diqpwlq2QCP5-IzA
snf6cMTzZ_9V32RBq-1R3OUnmHm9KPdDhOkO8s-f9nB6C19wHdqIhTjgRGB5s9meV
-sYcZO_VS4JsewGfMrxuttqT5tsbeLuohzukZ9ywuNupjBl8nkRyB3jOKM6hx5M6S
OZcmg0NI5B8UHXRNiYhdq6YrS3fZ7lOCqTLAd4JHA9P6Z3A7DCrixT-bvigkjc5nU
dqKyk-x-xXR4CF-GLCcRQ4vOwx-5IIrDSAsWC4tWh14ZiwvgZ5ShZLUoyxSyg8zJZ
jLT-HFsqY0-pNRjoMJLIh-IYOIqAPp_-U_dlwJjdlC76u48Q_exDIPuJtLx8WUuuJ
fONM3g6Pi8jJrgrMsNvYhYpzgsoriTO1ZEi2R7BpD2dXhJdVV2Lc_1mMMhZFAnP4E
R5vbfl2Dfe8pnKzWPH-UAwfWuhOCuWYinbrfdWJxTTlE1Mxtgwg2lOSe_Y6KP7RHD
kAPDJLXlbsV_5ePqAFEWLxwwQ5d_bLp06SAfEwL_aV5u12dALtmxCG0sn-o-3Y8M3
H6sDoEsP30GZfDzNWXWVvphJjMWCIRCZm9yFaxRKBzmER-3Fjd4VjVH-MCHrTILgm
cSvgqnfwtnfR-aEJ4od4KWv9aOxaZN2lE00rfQrEB-fc_-MW-6IohYVqgR7mu6wr9
OUOB-RtMycQOuCGaosMn_oEPqbDX989xIoJkkrlhLFFlsp0I6E98EFV5H1xfx77DE
KqZ_yCMlR5vpGPdoc_ebAJPx0TyFXGlZgWtANReSIAvTouxQoChv_cGqCkMOQCye-
jji3PIENRg_U-diwRt0uA03fE0txU32TBGu_Fhb6YQIt3e7VKVCCH7tNV4rQMjkuA
CpvwvmdZn_8p_dEuvHSSBUPbuBkTPVDjpY8np44yXR9eRetDQXMwRHVRgUXk2Jfm3
x2W2DCnmU-_w_jQoySmjZUvviD7jm2UzFW9yXAw7hJ6aIdiJIFVH_RHsyM1mrU_SX
lbNLlPCuRKNd-9agEI2KaU8Uc1s7vlcM70NqnLJQOtR1AJEPSHDEAfHMBcaLInAHC
7QA1kbNsyR_eIdOVvQBluzs550_tp-rKIn13tXSwyrg0Bq879bZtVQ2Wiv0bXZ6Z6
5UZP49bAUNPwDxvIbf7cEWPQ0j30XxDKh8q_OhGczJ8dA42c1pqbuA4lM47yoU1Db
T8LbG0rvK9vVPS23WnspZWUs9Gv9W-x4TPb3yYBJmThlXfLO0pkHPjo3_PIR3QIBA
rlQmClhFfBSIaRsJ--ETe4AAhsG9puXZgURyKAhGN-15psBQcoQ7n1Hg2CC2rVJ7b
-EOUm7cDeUIgdQzUa6ryfkj3BX06VqlH-4No_zvLtW-GqIqyjvq41CyfephLZvUwu
ovH4Ucm4xXJzKNBJrzPIlji-GC7yWQ-JAyPUCBFDpEv32gF_GBS92pum4mr4RSbxR
xDtrvS_AzxPJ3E6_H_YQriXcUGuTYCmNN9yZqNk0sw4reb7qfRY0GaY5Q-qm5aL_w
UA9mhZ_J5KSjAHB7iXR6Xn5bjGTfgceO45lkoU9CgDyFdZTivPT4LzVmqMTzsJles
tV7R7JVPfCwncmbD1gdPBcbwJusld_WuY7wbnzNHnbTOZVrQCKS3XuqSSM1fiDv4p
YOWpuKDtUatlK8YDXbnP2NV--n7sNjIlmnAoyJTLO46_6se9FpDRoh1PW1xpGoaY4
Ys4tCiOlL5ZnDsFrHa4evq2QsTWD_7ya_qUZJNTqLY73tQ-_E173LoxsqXxXE2wz-
E220mTxU0Sv6LBkZO1YaP8ux7GKZvhHryICyG1sGQdHhE8FaRhTHYbu2E67YlhLw_
iF15_lsbBaN-qRlRma2VBonfUeDrRBLGFb0oNNHP8__u00tURoVmNT5T3T2CAfOFL
t2MJ6leM9zcOEe1jCn3TMhONolsom15Yu1iWsX0g97nA1mPQR__Ff3bkUwh7ALCH_
QK9SaUeTaJEzXfT6ToHsTZINeWb93EOXO5mWapm-gpsRovTMsRY26cLTd1oIxknnA
QOCWvqn2ErW-pgA7b39Lkvfk5zkI2AlSkqWNPbeYLJhF03bH-84-tdhKK8zMg8rON
4HJde-wKoTm3xNULOvvPeeHvAAuBwjU6pB2UIuKY6gCrWTv7y5i3v-ukk1CUf-E3N
I6W-IIbLVpe3SSrNE7Ud3ve7jIpVWQjWlzqhZ-t5ZRQZlTNdkn81q812pZfNc0wFS
hbYE0S-2ZIqVBaJ0LEkbctG-g9-JYrCE-fZC0C4WYyMUHT1O2UOepoW01-JvQ9NIA
ZgluX31k2sIf8WoA6aNvYg8mY8BvM9HVPmDoTNI7lwnw7pepvcS6bl33zCXCj6wGJ
tQMWz02wgQ7omwBBRHN9fPXGPCN-0PU7k7H-JcwqxruwGPRc8QM3ZWRKtJvC_615K
oKZmBVPORIbEc0JXndGqJLHUOhixaHMA68TPbofActIEHBz_42J6SwZ4I7ex5dcOO
SSMrqxhZ1KBUErb4FIDmgZhqgyYvK_AHKcI0ztJhIJ_CwkNBS2eI76rSrS8OHfLH2
qw4SotomEivSFLKLSZI8lqgyqJwt3DcazL6nMJVPmnWquuz1u_b9e_72H5vPypCsu
-If3S_LK11h-23b7VqQzV8WiPnXJkyA2JNVwCP_f58qXTiPW9lia4Y-oTe74thHp7
7Q11j64RTwzfxm8TRnb5p2caD7b1QQVUCcipV1kwSupiqmFAq2DPqx8QqJJGG3r8U
1y-72yoH53mmV8ZdGhUhQ6EhcPM45QcSF93M5Ky7pyOQG4f4ArnIxGVwUE3RCMkHW
ew7KqMe4H8PSt_vRJk4XzXOdYrVVCB4KraLRAFY-G_TNC1q0mtRNUFrGej4AIoZwI
dXrFljCUtgm_8gZla2ofwOb15iaQaytQwfhACVtQyhbsYpG1tM3Ht6Wwg6FIx3TFh
XzOYzBHvqy1ij4Nr88X2orUpsiJm9K9ILsyzs2Sjf9pT7PtEFbVacFdxQgd-8eU_s
yGXpIpp4EmwvtP_Qh-G5Mxso06y6HP4PBUqA0XRyEYgM-6doGo7BnqixCum8XcR1y
WKmXE7KoxI6IID3OXE10Mav_BX29PWsbPuCa8XzRWtctGHHGd52uPaJ0N-zejqMEO
9oXIFIoMn-ntUBLEgn8wbVuIA8fsMXCu3jriV46FFqMVncryLFZfp1iyxYb7yXZgT
moxIt1JdYTzYkkqvvHrB80GbF5Vdekarb2o9H7a3ikUyOvTD5g2vD7KpBBvl6-MJL
DfedW8g2P7pT_JkTjavkMCycJcmzWRQG_xFSrJ4XKh-FcWD4K5atg3CzPMuSoN6HT
5oKoaoMyzzgmnrTgNdl6o3CLjezIW7qPuzfaHSURoP_ufLu4Qqy23t_QeyFwikEWP
YGjeVenMEYdYm0cfb3Qn5bM5zeJ87NnB1QdSEzrDr3K5aMVSFIWnuiLsUwmhu4ujZ
Uwpit7kohdNyAt31hgeU7JwoCT_GMGBEzNSixRmaYMycLrxjt13uDB9G06PUq6pB-
5NT97-fXsIWOpt_myUYbx1ksjyMrzTz2-1KT6J2AqjNrdIWs9BEMm5CPFD1HopEaS
yC7DucE7fPQ7-LUxoJ2WJvIo-X9im4uPPM8SgiU6rz94X6eFvV1vsqTEZPEZvEfJl
Tkahw7lWKCIqVcOaFaFFN_focvjDJhJ-_nwI3TGJYrnzcFbhQvscRxd5USEh6veV1
dLTTHrxFYDaR6MbV2haOjr3gMuVyDL5rdpW6hvpxE0VlNZzNygjW90mH6JiAvFk60
JSWkit7z8bhwmabYAD5NmJritFFpn4SVGljJrZQAUnkikso5EskvPHUJ_caA1ZI0I
kl2hd0j5Kja8snbfYB-z26Fq4-q0Enq7Mw9m9TI7bYfar0svAuyXgqFnxzf6KC2m2
bPMW5aYovHA7fYDkSEPYMnHC8pqr7cKOTD4qDttBAKuqsU0FPO-uU3C8MpKpN8HqM
omLHaTXxWxjAZ-1Q9sY0X5gLUGqPws5YVw0NErSsUX8fk8VbOSq_miEAhgxNgiZX2
5eSVDp12aNClBmebVlnb2zaguhFU1nOW4XjaOJcS9QPTOKv89qBJU5cNH5nCCOAzT
W658gRbLnFcSnVi1a6tsLsqtAbq75Yp6RJAhKn2pm7P08MEiUTnF-HLJuvyIdLQtX
yGPU1JQqEiiE4-DK788prLG_riNtsqKhS7ESGOPUnwb2-ALowh-lXaXU7uSd7pgW8
B5Qj_VG61miG9cGqHgeHhOHhfY_xEAur6W8ZhvYqkz0EQh-BgY7EKap7klrYGVpqO
zhnM-M4JcE_8HF7sw8XhTJ-rtXLG_8prMFPHpB5riNjiarexMWymOikP9ixBrL9yf
eyiMygEZtcJvg9tq7PlLFUghqzqkH7z8UgmLEBU4yy_XolTuuhnv-VoiOfca9TbAJ
dpVfPh5wjWOweDGgrXzmR2dM24H09V_INFsw4-H90WrpokmJMmEWF9eRXwjWdSzCn
PN-Kj8y1KHlHt8m4FlUCVlbLX2F_orW-zBX3vltNlOjEIROriU4dtv5Vc8xwU5gRc
AC9_RJknl8YiF4wnRKRgeqZYFoNG6TXflscj1kAh-TVARDZA17ib0m79d-fBIBvF3
SoTReDKhCZQRMs4QitEDUjcYsDpw5bLwtrf1EDrIgEOFPomPzMqdVqi4S_AQjXQ",
{
"PayloadDigest":"TJ1qjXTKHecpvFT2S0MB9xvUarofJEoUsb
Ohz8qyRma3qpVrZ9oSllz8VjCPQIbJjb7KQ_BjyRQnZhYTV86wRQ",
"TreeDigest":"ETeQjy0XpileQSzyTpn5326jCsfQtZ5oO-0W3
SWcNrLcyjduJooywCIHTS3ZrUk91UHZmBoI24o3hf1T3T0h1g"}
]
]}
]}}¶
The response payload currently reports the success or failure of the bind operation:¶
{
"BindResponse":{
"Status":201,
"StatusDescription":"Operation completed successfully"}}¶
It is likely that a future revisions of the specification will specify the host(s) to which future account service operations are to be directed. This would allow the account management operations to be separated from the account maintenance operations without requiring the traditional tiered architecture in which every interaction with a service is first routed to a host that cannot perform the required action so that it can be directed to the host that can.¶
Mesh Group Accounts are created in the same manner as user accounts except that the ProfileGroup is specified.¶
An account registration is deleted using the UnbindAccount transaction.¶
This operation needs to be extended to allow the process of transferring accounts to be supported such that the old service can say where the account has gone (if it is willing to do so).¶
>>>> Unfinished ProtocolAccountDelete¶
The request payload:¶
{
"UnbindRequest":{}}¶
The response payload:¶
{
"UnbindResponse":{
"Status":400,
"StatusDescription":"Error occurred"}}¶
Account recovery is necessary in the case that user has lost control of every administration device connected to the account and must re-create the account profile and bind a new set of administrative devices. Account transfer is the process of unbinding an account from one service and rebinding it to a new one.¶
These capabilities are both critical to the long term success of the Mesh but have been deleted from the current revision of the specification as their implementation is interdependent on the architecture of the callsign registry.¶
>>>> Unfinished ProtocolAccountRecover¶
[TBS]¶
All the state associated with a Mesh profile is stored as a sequence of DARE Messages in a Dare Container. The Mesh Service holding the master copy of the persistence stores and the devices connected to the profile containing complete copies (replicas) or partial copies (redactions).¶
Thus, the only primitive needed to achieve synchronization of the profile state are those required for synchronization of a DARE Container. These steps are:¶
To ensure a satisfactory user experience, Mesh Messages are intentionally limited in size to 32 KB or less, thus ensuring that an application can retrieve the most recent 100 messages almost instantaneously on a high bandwidth connection and without undue delay on a slower one.¶
The status transaction returns the status of the containers the device is authorized to access for the specified account together with the updated Device Connection Entry if this has been modified since the entry presented to authenticate the request was issued.¶
Alice adds an entry to her bookmark catalog. Before the bookmark can be added, the device synchronizes to the service. The synchronization process begins with a request for the status of all the stores associated with the account that it has access rights for:¶
{
"StatusRequest":{}}¶
If the account has a very large number of stores, the device might only ask for the status of specific stores of interest.¶
The response specifies the status of each store specifying the index and Merkle tree apex digest values for each:¶
{
"StatusResponse":{
"Status":201,
"StatusDescription":"Operation completed successfully",
"ContainerStatus":[{
"Container":"MMM_Inbound",
"Index":3},
{
"Container":"MMM_Outbound",
"Index":1,
"Digest":"FEHy24Y6cLModDXWH31kVc2a3TdhjXPooKHpLAb2JbsO1YQ
nJolmowXAYHhkOGY0kg3jrKNTjds0myf4Dw1sdg"},
{
"Container":"MMM_Local",
"Index":2},
{
"Container":"MMM_Access",
"Index":3},
{
"Container":"MMM_Credential",
"Index":4},
{
"Container":"MMM_Device",
"Index":3},
{
"Container":"MMM_Contact",
"Index":2},
{
"Container":"MMM_Application",
"Index":1},
{
"Container":"MMM_Publication",
"Index":1},
{
"Container":"MMM_Bookmark",
"Index":1},
{
"Container":"MMM_Task",
"Index":1}
]}}¶
Bug: The current version of the reference code is only returning the digest values for the outbound store.¶
The download transaction returns a collection of entries from one or more containers associated with the profile.¶
The service MAY limit the number of entries returned in an individual response for performance reasons.¶
The previous status operation has reported that a new envelope has been added to the credential store. The device requests this data from the service:¶
{
"DownloadRequest":{
"Select":[{
"Container":"MMM_Credential",
"IndexMin":3,
"IndexMax":4}
]}}¶
The response contains the requested envelope:¶
{
"DownloadResponse":{
"Status":201,
"StatusDescription":"Operation completed successfully",
"Updates":[{
"Container":"MMM_Credential",
"Envelopes":[[{
"PayloadDigest":"sy1ssbIvs3DVwUObsWIpbtGquWaoEYtCqY
1smobL0T5ydXU29v8ixwUGCDO_pWxh3rWS5yXbOK4rhufAQfMq7w",
"enc":"A256CBC",
"dig":"S512",
"Salt":"YnQw4J41v4oCWz8krGmFNQ",
"recipients":[{
"kid":"MDQY-J72A-VPAO-WDOD-GYY7-4ZZ5-PLVL",
"epk":{
"PublicKeyECDH":{
"crv":"X448",
"Public":"_dHVp-Pmr9wgX8Br8zwPEyTT4puZ-N2Z2
cRql0WuuTAXm8Antqfg0dHit2iy5tD9C_ji4FcuoPcA"}},
"wmk":"Il9yeV5COdhTo6ULAbHU084HB3qPqVIgyHIexstl
Dk7H1gWixmkj9A"}
],
"ContentMetaData":"ewogICJVbmlxdWVJZCI6ICI6ZnRwLmV4
YW1wbGUuY29tIiwKICAiRXZlbnQiOiAiVXBkYXRlIiwKICAiRmlyc3QiOiAxLAogI
CJQcmV2aW91cyI6IDF9",
"SequenceInfo":{
"Index":3,
"TreePosition":716},
"Received":"2021-09-20T18:15:28Z"},
"TprbdZruvdRXXzOAP_SAxvADHwrULXW_XrLtrvd_vvrbRAeXXmus
fRrL8sIZod3f4uXNZPUbwDAiiJTeT1z0vKzoMYNsJ7gkgbdBx5wvKS_APbzHnfBAd
qdKZJDPZCf9NIWrjPs7uaMxCmHajt2o2jgNbbmE17Ewua_YX1hsxHY",
{}
]
]}
]}}¶
Future: The current implementation of the download operation is limited by the capabilities of the HTTP binding of the RUD transport. A future binding allowing operations that consist of a single request followed by a sequence of responses will allow much greater flexibility.¶
Future versions of the protocol may support optional filtering criteria so that the service only returns objects matching specific criteria and/or only return certain parts of the selected messages.¶
The transact transaction appends envelopes to one or more stores. The operation is atomic, that is either all the changes specified will be made to the stores or none will. This ensures that simultaneous attempts to update a store do not result in race conditions allows Mesh stores to provide ACID (Atomicity, Consistency, Isolation, Durability) properties to the applications they serve.¶
Clients SHOULD check to determine if updates to a container conflict with pending updates on the device waiting to be uploaded. For example, if a contact that the user modified on the device attempting to synchronize was subsequently deleted. The means of resolving such conflicts is not in the scope of this specification.¶
Each update to a catalog or container specifies the expected container index and apex digest. This provides a strong guarantee of consistency. The service MUST verify each update to check that the Merkle Tree values specified are consistent with the store entries and that the signature on the apex value (if specified) is valid and correct.¶
Services MAY impose limits on the size and number of additions performed in response to a TransactRequest message to ensure that processing time does not degrade performance for other users.¶
The request payload specifies the data to be appended to the stores.¶
{
"TransactRequest":{
"Updates":[{
"Container":"MMM_Bookmark",
"Envelopes":[[{
"dig":"S512",
"ContentMetaData":"ewogICJVbmlxdWVJZCI6ICJTaXRlcy4y
IiwKICAiRXZlbnQiOiAiTmV3In0",
"SequenceInfo":{
"Index":1,
"TreePosition":0}},
"ewogICJDYXRhbG9nZWRCb29rbWFyayI6IHsKICAgICJVcmkiOiAi
aHR0cDovL3d3dy5leGFtcGxlLm5ldCIsCiAgICAiVGl0bGUiOiAic2l0ZTIiLAogI
CAgIlBhdGgiOiAiU2l0ZXMuMiJ9fQ",
{
"PayloadDigest":"gtpamSravs9YkD3Wi6-rIFqFOINwLFj8Q2
eGpMjmbyP-_TRCgRs9Hqpo3bJPhoRSgUmfIUsQTDNeiT414W56eA",
"TreeDigest":"TpXg14cDEx_-1Qe-h1qiryihslO0MrUCLW0L7
wvq-YLCEWZfAIrp9FmBwNE0se8UN1nFY4h1aqXbN3yBuKfg9w"}
]
]}
]}}¶
The response reports successful completion:¶
{
"TransactResponse":{
"Status":201,
"StatusDescription":"Operation completed successfully"}}¶
In order to support the wide range of affordances supported by devices, four device connection interactions are currently specified. The use of these mechanisms is described in [draft-hallambaker-mesh-architecture] and the interactions themselves are described in section ??? following.¶
Device connection operations are always issued by a device requesting connection to a Mesh account and must therefore be authenticated under the device profile rather than the account profile. Two device connection operations are currently defined:¶
Requests connection to the account.¶
Polls for completion of a connection request.¶
Since the second operation is merely polling for completion of the transaction requested by the first, it is likely that these will be combined in a future revision of the specification.¶
If the connection request is initiated by the device being connected, the device constructs a RequestConnection message which is posted to the Mesh Service using the Connect operation.¶
If the Connect operation is accepted (i.e. the service determines it is not abuse), the service constructs an AcknowledgeConnection message which is forwarded to the inbound spool of the account to which connection is requested. The requesting device receives a copy of the AcknowledgeConnection message and the profile of the account it is requesting connection to.¶
As described in the following section, the AcknowledgeConnection message contains the request details presented by the device and a nonce value generated by the service. This nonce value is used to compute the witness value that will be used for mutual authentication of the device and account.¶
The connect request is made to the service, not the account. The payload contains the enveloped connection request:¶
{
"ConnectRequest":{
"EnvelopedRequestConnection":[{
"EnvelopeId":"MBX4-HVCH-S6LU-BEWP-KAM5-7OYF-F4YG",
"ContentMetaData":"ewogICJVbmlxdWVJZCI6ICJORFlSLUZTVDItRD
RWNy03QzNRLVFGNVItNzRUWC1OTlBDIiwKICAiTWVzc2FnZVR5cGUiOiAiUmVxdWV
zdENvbm5lY3Rpb24iLAogICJjdHkiOiAiYXBwbGljYXRpb24vbW1tL29iamVjdCIs
CiAgIkNyZWF0ZWQiOiAiMjAyMS0wOS0yMFQxODoxNjoxOFoifQ"},
"ewogICJSZXF1ZXN0Q29ubmVjdGlvbiI6IHsKICAgICJNZXNzYWdlSWQiOi
AiTkRZUi1GU1QyLUQ0VjctN0MzUS1RRjVSLTc0VFgtTk5QQyIsCiAgICAiQXV0aGV
udGljYXRlZERhdGEiOiBbewogICAgICAgICJFbnZlbG9wZUlkIjogIk1CSjQtQ0RF
Sy02SkEyLVdHS1ktNEMyWi1WU1lQLUtPRk0iLAogICAgICAgICJkaWciOiAiUzUxM
iIsCiAgICAgICAgIkNvbnRlbnRNZXRhRGF0YSI6ICJld29nSUNKVmJtbHhkV1ZKWk
NJNklDSk5Ra28wTFVORVJVc3ROa3BCTWkxCiAgWFIwdFpMVFJETWxvdFZsTlpVQzF
MVDBaTklpd0tJQ0FpVFdWemMyRm5aVlI1Y0dVaU9pQWlVSEp2Wm1sc1oKICBVUmxk
bWxqWlNJc0NpQWdJbU4wZVNJNklDSmhjSEJzYVdOaGRHbHZiaTl0YlcwdmIySnFaV
04wSWl3S0lDQQogIGlRM0psWVhSbFpDSTZJQ0l5TURJeExUQTVMVEl3VkRFNE9qRT
JPakU0V2lKOSJ9LAogICAgICAiZXdvZ0lDSlFjbTltYVd4bFJHVjJhV05sSWpvZ2V
3b2dJQ0FnSWxCeWIyWgogIHBiR1ZUYVdkdVlYUjFjbVVpT2lCN0NpQWdJQ0FnSUNK
VlpHWWlPaUFpVFVKS05DMURSRVZMTFRaS1FUSXRWCiAgMGRMV1MwMFF6SmFMVlpUV
1ZBdFMwOUdUU0lzQ2lBZ0lDQWdJQ0pRZFdKc2FXTlFZWEpoYldWMFpYSnpJam8KIC
BnZXdvZ0lDQWdJQ0FnSUNKUWRXSnNhV05MWlhsRlEwUklJam9nZXdvZ0lDQWdJQ0F
nSUNBZ0ltTnlkaUk2SQogIENKRlpEUTBPQ0lzQ2lBZ0lDQWdJQ0FnSUNBaVVIVmli
R2xqSWpvZ0ltZExUemxQV1VWU1NGSllZV3hxTTBKCiAgQldVcFdUVWQwYVZoVFZrd
DJReTE0WkVneFRqQjROR2hqV1dWalozWkdlRmRFYUc4S0lDQkpkVkZ6VWtSdE4KIC
BDMVJNR3RLVjFGR2JHRlZaWHA2UlVFaWZYMTlMQW9nSUNBZ0lrVnVZM0o1Y0hScGI
yNGlPaUI3Q2lBZ0lDQQogIGdJQ0pWWkdZaU9pQWlUVVJhVlMxTVZrVlJMVVpYVmtN
dFdsUmFVUzAxV2xaTkxVaEVSbGN0UTAxRFVpSXNDCiAgaUFnSUNBZ0lDSlFkV0pzY
VdOUVlYSmhiV1YwWlhKeklqb2dld29nSUNBZ0lDQWdJQ0pRZFdKc2FXTkxaWGwKIC
BGUTBSSUlqb2dld29nSUNBZ0lDQWdJQ0FnSW1OeWRpSTZJQ0pZTkRRNElpd0tJQ0F
nSUNBZ0lDQWdJQ0pRZAogIFdKc2FXTWlPaUFpZVVaSWFYcEtUbHBsWjJNMWQySlVl
VWxPZVhkMExUVk1RV2Q1V1RaRlJrVldMVFJTYUc5CiAgRk1WVTBaWFJwWVVaMWVUR
llhQW9nSURGTloybDZhMDgwYjFoME5tVk1WRnBrUmpkcWEyTnRRU0o5Zlgwc0MKIC
BpQWdJQ0FpVTJsbmJtRjBkWEpsSWpvZ2V3b2dJQ0FnSUNBaVZXUm1Jam9nSWsxQ1V
qTXRRMWRSVnkxWldUZAogIFRMVFF6VVVVdFRWa3lTaTFKTWtJMUxVcEtXVTRpTEFv
Z0lDQWdJQ0FpVUhWaWJHbGpVR0Z5WVcxbGRHVnljCiAgeUk2SUhzS0lDQWdJQ0FnS
UNBaVVIVmliR2xqUzJWNVJVTkVTQ0k2SUhzS0lDQWdJQ0FnSUNBZ0lDSmpjblkKIC
BpT2lBaVJXUTBORGdpTEFvZ0lDQWdJQ0FnSUNBZ0lsQjFZbXhwWXlJNklDSlpXRGx
XV0ZJNWNtMWxhVlZFTAogIFhwcmRrZ3hjRnBXYUV0NU15MVBYMUUyWTJkTVZGODJV
bVpQWkcxcVdFOXJYMG80VUVVekNpQWdjbTB0VkRkCiAgWFZGWmZPVmQzUkZNNVZFT
lFZMnRYT1dkQkluMTlmU3dLSUNBZ0lDSkJkWFJvWlc1MGFXTmhkR2x2YmlJNkkKIC
BIc0tJQ0FnSUNBZ0lsVmtaaUk2SUNKTlFWZFVMVmRYUkZFdFRGbGFRaTFDVlVWWEx
VWkJWekl0VWs5UFJpMQogIFlVVEpJSWl3S0lDQWdJQ0FnSWxCMVlteHBZMUJoY21G
dFpYUmxjbk1pT2lCN0NpQWdJQ0FnSUNBZ0lsQjFZCiAgbXhwWTB0bGVVVkRSRWdpT
2lCN0NpQWdJQ0FnSUNBZ0lDQWlZM0oySWpvZ0lsZzBORGdpTEFvZ0lDQWdJQ0EKIC
BnSUNBZ0lsQjFZbXhwWXlJNklDSldjVzB6YWxodlpYcExlbkJxWHpkSE9HZDNZM1p
oZWtOb1QyRXlNbTg1ZQogIG1aR05sRTRTemxSUzJNMWNFSnllV3cyVW5JdENpQWdV
VzVNY21GTGFGVjFjbEZSVlRoaVVrdFFWSEJDUkdOCiAgQkluMTlmWDE5IiwKICAgI
CAgewogICAgICAgICJzaWduYXR1cmVzIjogW3sKICAgICAgICAgICAgImFsZyI6IC
JTNTEyIiwKICAgICAgICAgICAgImtpZCI6ICJNQko0LUNERUstNkpBMi1XR0tZLTR
DMlotVlNZUC1LT0ZNIiwKICAgICAgICAgICAgInNpZ25hdHVyZSI6ICJJSVpnY3hf
aGQzaDRvbk1CNnlPZTdGWnlVNmtfOFNxVXNlUHlDZ2VNREIzdy15QXRfCiAgZl9ZU
m5IY2dpcEVTVFAxNjY5Q2kybWxQaC1BX1lRb1BvREoxc0R6X2VST0hyeGZBWC1UVE
JCbE1PbWl6dTEKICBVTW9VbkIxZkVyMUo3NUNOeHdmOXNtSU1jQ3hUN080WDFNUW9
PZXdzQSJ9XSwKICAgICAgICAiUGF5bG9hZERpZ2VzdCI6ICJFZUdDLVVVMWZNWHlw
cEc2MkNpUEM3cEJOYUR3MjU3dWJ1ZkUzaXp3bUJtXzgKICBsck1mR19WV25mcU15Y
kY4UTNtNlYwZldReFFmUldJYy05WHBHNC1zZyJ9XSwKICAgICJDbGllbnROb25jZS
I6ICJaUkQ5bzl6OF9BeHE2V0hFU3FRMWFRIiwKICAgICJQaW5JZCI6ICJBQUFSLVA
2Nk8tS0dUSS1RWTZDLUNYSVctT01DVi1XUVpJIiwKICAgICJQaW5XaXRuZXNzIjog
ImRiRDhfazVKNk5oWnhydTZsdE8tWTUyYm0telByODBFYkVibWN3TWw2c0ZwT0J4V
gogIEZSVkppNkFjSTBnVTNXajNtZGdBbHRmOWVQeEJSeVl5bWptdFdRIiwKICAgIC
JBY2NvdW50QWRkcmVzcyI6ICJhbGljZUBleGFtcGxlLmNvbSJ9fQ"
]}}¶
The response payload contains the information the device requires to compute the witness value and to poll for completion. This is a copy of the request acknowledgement and a copy of the profile of the account the device has requested connection to:¶
{
"ConnectResponse":{
"Status":201,
"StatusDescription":"Operation completed successfully",
"EnvelopedAcknowledgeConnection":[{
"EnvelopeId":"MAHM-HDMG-VUAE-LKOI-GABM-CRVE-YTWG",
"ContentMetaData":"ewogICJVbmlxdWVJZCI6ICJDQzVOLUoyN08tRF
IzVy1XVFFJLVIzSkItTkpaUC03NDVWIiwKICAiTWVzc2FnZVR5cGUiOiAiQWNrbm9
3bGVkZ2VDb25uZWN0aW9uIiwKICAiY3R5IjogImFwcGxpY2F0aW9uL21tbS9vYmpl
Y3QiLAogICJDcmVhdGVkIjogIjIwMjEtMDktMjBUMTg6MTY6MThaIn0",
"SequenceInfo":{
"Index":6,
"TreePosition":11822},
"Received":"2021-09-20T18:16:18Z"},
"ewogICJBY2tub3dsZWRnZUNvbm5lY3Rpb24iOiB7CiAgICAiTWVzc2FnZU
lkIjogIkNDNU4tSjI3Ty1EUjNXLVdUUUktUjNKQi1OSlpQLTc0NVYiLAogICAgIkV
udmVsb3BlZFJlcXVlc3RDb25uZWN0aW9uIjogW3sKICAgICAgICAiRW52ZWxvcGVJ
ZCI6ICJNQlg0LUhWQ0gtUzZMVS1CRVdQLUtBTTUtN09ZRi1GNFlHIiwKICAgICAgI
CAiQ29udGVudE1ldGFEYXRhIjogImV3b2dJQ0pWYm1seGRXVkpaQ0k2SUNKT1JGbF
NMVVpUVkRJdFJEUldOeTAKICAzUXpOUkxWRkdOVkl0TnpSVVdDMU9UbEJESWl3S0l
DQWlUV1Z6YzJGblpWUjVjR1VpT2lBaVVtVnhkV1Z6ZAogIEVOdmJtNWxZM1JwYjI0
aUxBb2dJQ0pqZEhraU9pQWlZWEJ3YkdsallYUnBiMjR2YlcxdEwyOWlhbVZqZENJC
iAgc0NpQWdJa055WldGMFpXUWlPaUFpTWpBeU1TMHdPUzB5TUZReE9Eb3hOam94T0
ZvaWZRIn0sCiAgICAgICJld29nSUNKU1pYRjFaWE4wUTI5dWJtVmpkR2x2YmlJNkl
Ic0tJQ0FnSUNKCiAgTlpYTnpZV2RsU1dRaU9pQWlUa1JaVWkxR1UxUXlMVVEwVmpj
dE4wTXpVUzFSUmpWU0xUYzBWRmd0VGs1UVEKICB5SXNDaUFnSUNBaVFYVjBhR1Z1Z
EdsallYUmxaRVJoZEdFaU9pQmJld29nSUNBZ0lDQWdJQ0pGYm5abGJHOQogIHdaVW
xrSWpvZ0lrMUNTalF0UTBSRlN5MDJTa0V5TFZkSFMxa3RORU15V2kxV1UxbFFMVXR
QUmswaUxBb2dJCiAgQ0FnSUNBZ0lDSmthV2NpT2lBaVV6VXhNaUlzQ2lBZ0lDQWdJ
Q0FnSWtOdmJuUmxiblJOWlhSaFJHRjBZU0kKICA2SUNKbGQyOW5TVU5LVm1KdGJIa
GtWMVpLV2tOSk5rbERTazVSYTI4d1RGVk9SVkpWYzNST2EzQkNUV2t4QwogIGlBZ1
dGSXdkRnBNVkZKRVRXeHZkRlpzVGxwVlF6Rk1WREJhVGtscGQwdEpRMEZwVkZkV2V
tTXlSbTVhVmxJCiAgMVkwZFZhVTlwUVdsVlNFcDJXbTFzYzFvS0lDQlZVbXhrYld4
cVdsTkpjME5wUVdkSmJVNHdaVk5KTmtsRFMKICBtaGpTRUp6WVZkT2FHUkhiSFppY
VRsMFlsY3dkbUl5U25GYVYwNHdTV2wzUzBsRFFRb2dJR2xSTTBwc1dWaAogIFNiRn
BEU1RaSlEwbDVUVVJKZUV4VVFUVk1WRWwzVmtSRk5FOXFSVEpQYWtVMFYybEtPU0o
5TEFvZ0lDQWdJCiAgQ0FpWlhkdlowbERTbEZqYlRsdFlWZDRiRkpIVmpKaFYwNXNT
V3B2WjJWM2IyZEpRMEZuU1d4Q2VXSXlXZ28KICBnSUhCaVIxWlVZVmRrZFZsWVVqR
mpiVlZwVDJsQ04wTnBRV2RKUTBGblNVTktWbHBIV1dsUGFVRnBWRlZLUwogIDA1RE
1VUlNSVlpNVEZSYVMxRlVTWFJXQ2lBZ01HUk1WMU13TUZGNlNtRk1WbHBVVjFaQmR
GTXdPVWRVVTBsCiAgelEybEJaMGxEUVdkSlEwcFJaRmRLYzJGWFRsRlpXRXBvWWxk
V01GcFlTbnBKYW04S0lDQm5aWGR2WjBsRFEKICBXZEpRMEZuU1VOS1VXUlhTbk5oV
jA1TVdsaHNSbEV3VWtsSmFtOW5aWGR2WjBsRFFXZEpRMEZuU1VOQlowbAogIHRUbm
xrYVVrMlNRb2dJRU5LUmxwRVVUQlBRMGx6UTJsQlowbERRV2RKUTBGblNVTkJhVlZ
JVm1saVIyeHFTCiAgV3B2WjBsdFpFeFVlbXhRVjFWV1UxTkdTbGxaVjNoeFRUQktD
aUFnUWxkVmNGZFVWV1F3WVZab1ZGWnJkREoKICBSZVRFMFdrVm5lRlJxUWpST1Iya
HFWMWRXYWxveldrZGxSbVJGWVVjNFMwbERRa3BrVmtaNlZXdFNkRTRLSQogIENCRE
1WSk5SM1JMVmpGR1IySkhSbFphV0hBMlVsVkZhV1pZTVRsTVFXOW5TVU5CWjBsclZ
uVlpNMG8xWTBoCiAgU2NHSXlOR2xQYVVJM1EybEJaMGxEUVFvZ0lHZEpRMHBXV2tk
WmFVOXBRV2xVVlZKaFZsTXhUVlpyVmxKTVYKICBWcFlWbXROZEZkc1VtRlZVekF4V
jJ4YVRreFZhRVZTYkdOMFVUQXhSRlZwU1hORENpQWdhVUZuU1VOQlowbAogIERTbE
ZrVjBwellWZE9VVmxZU21oaVYxWXdXbGhLZWtscWIyZGxkMjluU1VOQlowbERRV2R
KUTBwUlpGZEtjCiAgMkZYVGt4YVdHd0tJQ0JHVVRCU1NVbHFiMmRsZDI5blNVTkJa
MGxEUVdkSlEwRm5TVzFPZVdScFNUWkpRMHAKICBaVGtSUk5FbHBkMHRKUTBGblNVT
kJaMGxEUVdkSlEwcFJaQW9nSUZkS2MyRlhUV2xQYVVGcFpWVmFTV0ZZYwogIEV0VW
JIQnNXakpOTVdReVNsVmxWV3hQWlZoa01FeFVWazFSVjJRMVYxUmFSbEpyVmxkTVZ
GSlRZVWM1Q2lBCiAgZ1JrMVdWVEJhV0ZKd1dWVmFNV1ZVUmxsaFFXOW5TVVJHVGxv
eWJEWmhNRGd3WWpGb01FNXRWazFXUm5CclUKICBtcGtjV0V5VG5SUlUwbzVabGd3Y
zBNS0lDQnBRV2RKUTBGcFZUSnNibUp0UmpCa1dFcHNTV3B2WjJWM2IyZAogIEpRME
ZuU1VOQmFWWlhVbTFKYW05blNXc3hRMVZxVFhSUk1XUlNWbmt4V2xkVVpBb2dJRlJ
NVkZGNlZWVlZkCiAgRlJXYTNsVGFURktUV3RKTVV4VmNFdFhWVFJwVEVGdlowbERR
V2RKUTBGcFZVaFdhV0pIYkdwVlIwWjVXVmMKICB4YkdSSFZubGpDaUFnZVVrMlNVa
HpTMGxEUVdkSlEwRm5TVU5CYVZWSVZtbGlSMnhxVXpKV05WSlZUa1ZUUQogIDBrMl
NVaHpTMGxEUVdkSlEwRm5TVU5CWjBsRFNtcGpibGtLSUNCcFQybEJhVkpYVVRCT1J
HZHBURUZ2WjBsCiAgRFFXZEpRMEZuU1VOQlowbHNRakZaYlhod1dYbEpOa2xEU2xw
WFJHeFhWMFpKTldOdE1XeGhWbFpGVEFvZ0kKICBGaHdjbVJyWjNoalJuQlhZVVYwT
lUxNU1WQllNVVV5V1RKa1RWWkdPREpWYlZwUVdrY3hjVmRGT1hKWU1HOAogIDBWVV
ZWZWtOcFFXZGpiVEIwVmtSa0NpQWdXRlpHV21aUFZtUXpVa1pOTlZaRlRsRlpNblJ
ZVDFka1FrbHVNCiAgVGxtVTNkTFNVTkJaMGxEU2tKa1dGSnZXbGMxTUdGWFRtaGtS
MngyWW1sSk5ra0tJQ0JJYzB0SlEwRm5TVU4KICBCWjBsc1ZtdGFhVWsyU1VOS1RsR
ldaRlZNVm1SWVVrWkZkRlJHYkdGUmFURkRWbFZXV0V4VldrSldla2wwVgogIFdzNV
VGSnBNUW9nSUZsVlZFcEpTV2wzUzBsRFFXZEpRMEZuU1d4Q01WbHRlSEJaTVVKb1k
yMUdkRnBZVW14CiAgamJrMXBUMmxDTjBOcFFXZEpRMEZuU1VOQlowbHNRakZaQ2lB
Z2JYaHdXVEIwYkdWVlZrUlNSV2RwVDJsQ04KICAwTnBRV2RKUTBGblNVTkJaMGxEU
VdsWk0wb3lTV3B2WjBsc1p6Qk9SR2RwVEVGdlowbERRV2RKUTBFS0lDQgogIG5TVU
5CWjBsc1FqRlpiWGh3V1hsSk5rbERTbGRqVnpCNllXeG9kbHBZY0V4bGJrSnhXSHB
rU0U5SFpETlpNCiAgMXBvWld0T2IxUXlSWGxOYlRnMVpRb2dJRzFhUjA1c1JUUlRl
bXhTVXpKTk1XTkZTbmxsVjNjeVZXNUpkRU4KICBwUVdkVlZ6Vk5ZMjFHVEdGR1ZqR
mpiRVpTVmxSb2FWVnJkRkZXU0VKRFVrZE9DaUFnUWtsdU1UbG1XREU1SQogIGl3S0
lDQWdJQ0FnZXdvZ0lDQWdJQ0FnSUNKemFXZHVZWFIxY21Weklqb2dXM3NLSUNBZ0l
DQWdJQ0FnSUNBCiAgZ0ltRnNaeUk2SUNKVE5URXlJaXdLSUNBZ0lDQWdJQ0FnSUNB
Z0ltdHBaQ0k2SUNKTlFrbzBMVU5FUlVzdE4KICBrcEJNaTFYUjB0WkxUUkRNbG90V
mxOWlVDMUxUMFpOSWl3S0lDQWdJQ0FnSUNBZ0lDQWdJbk5wWjI1aGRIVgogIHlaU0
k2SUNKSlNWcG5ZM2hmYUdRemFEUnZiazFDTm5sUFpUZEdXbmxWTm10Zk9GTnhWWE5
sVUhsRFoyVk5SCiAgRUl6ZHkxNVFYUmZDaUFnWmw5WlVtNUlZMmRwY0VWVFZGQXhO
alk1UTJreWJXeFFhQzFCWDFsUmIxQnZSRW8KICB4YzBSNlgyVlNUMGh5ZUdaQldDM
VVWRUpDYkUxUGJXbDZkVEVLSUNCVlRXOVZia0l4WmtWeU1VbzNOVU5PZQogIEhkbU
9YTnRTVTFqUTNoVU4wODBXREZOVVc5UFpYZHpRU0o5WFN3S0lDQWdJQ0FnSUNBaVV
HRjViRzloWkVSCiAgcFoyVnpkQ0k2SUNKRlpVZERMVlZWTVdaTldIbHdjRWMyTWtO
cFVFTTNjRUpPWVVSM01qVTNkV0oxWmtVemEKICBYcDNiVUp0WHpnS0lDQnNjazFtU
jE5V1YyNW1jVTE1WWtZNFVUTnRObFl3WmxkUmVGRm1VbGRKWXkwNVdIQgogIEhOQz
F6WnlKOVhTd0tJQ0FnSUNKRGJHbGxiblJPYjI1alpTSTZJQ0phVWtRNWJ6bDZPRjl
CZUhFMlYwaEZVCiAgM0ZSTVdGUklpd0tJQ0FnSUNKUWFXNUpaQ0k2SUNKQlFVRlNM
VkEyTms4dFMwZFVTUzFSV1RaRExVTllTVmMKICB0VDAxRFZpMVhVVnBKSWl3S0lDQ
WdJQ0pRYVc1WGFYUnVaWE56SWpvZ0ltUmlSRGhmYXpWS05rNW9Xbmh5ZAogIFRac2
RFOHRXVFV5WW0wdGVsQnlPREJGWWtWaWJXTjNUV3cyYzBad1QwSjRWZ29nSUVaU1Z
rcHBOa0ZqU1RCCiAgblZUTlhhak50WkdkQmJIUm1PV1ZRZUVKU2VWbDViV3B0ZEZk
Uklpd0tJQ0FnSUNKQlkyTnZkVzUwUVdSa2MKICBtVnpjeUk2SUNKaGJHbGpaVUJsZ
UdGdGNHeGxMbU52YlNKOWZRIl0sCiAgICAiU2VydmVyTm9uY2UiOiAiMDRjWTFNS1
dJNEc4QkdFVUdRemxkdyIsCiAgICAiV2l0bmVzcyI6ICJDQzVOLUoyN08tRFIzVy1
XVFFJLVIzSkItTkpaUC03NDVWIn19",
{}
],
"EnvelopedProfileAccount":[{
"EnvelopeId":"MC6L-GFYJ-7EOP-2OWN-24ZJ-4RC7-EXTW",
"dig":"S512",
"ContentMetaData":"ewogICJVbmlxdWVJZCI6ICJNQzZMLUdGWUotN0
VPUC0yT1dOLTI0WkotNFJDNy1FWFRXIiwKICAiTWVzc2FnZVR5cGUiOiAiUHJvZml
sZVVzZXIiLAogICJjdHkiOiAiYXBwbGljYXRpb24vbW1tL29iamVjdCIsCiAgIkNy
ZWF0ZWQiOiAiMjAyMS0wOS0yMFQxODoxNToyMloifQ"},
"ewogICJQcm9maWxlVXNlciI6IHsKICAgICJQcm9maWxlU2lnbmF0dXJlIj
ogewogICAgICAiVWRmIjogIk1DNkwtR0ZZSi03RU9QLTJPV04tMjRaSi00UkM3LUV
YVFciLAogICAgICAiUHVibGljUGFyYW1ldGVycyI6IHsKICAgICAgICAiUHVibGlj
S2V5RUNESCI6IHsKICAgICAgICAgICJjcnYiOiAiRWQ0NDgiLAogICAgICAgICAgI
lB1YmxpYyI6ICJSTHNrbTRnVzZrQm5aS3dMMlBDQkF1aHJyaXVBU1g5X2lZUkt4UT
UyRFN0V0dsT2wydWdFCiAgeVAzdTZBVEM1WW1JOFU5TXFyT1cxTW9BIn19fSwKICA
gICJBY2NvdW50QWRkcmVzcyI6ICJhbGljZUBleGFtcGxlLmNvbSIsCiAgICAiU2Vy
dmljZVVkZiI6ICJNQ1ozLU0yUFMtU0ZYUC00TDZYLVJLR1AtTUtKQS1SNVdLIiwKI
CAgICJBY2NvdW50RW5jcnlwdGlvbiI6IHsKICAgICAgIlVkZiI6ICJNRFFZLUo3Mk
EtVlBBTy1XRE9ELUdZWTctNFpaNS1QTFZMIiwKICAgICAgIlB1YmxpY1BhcmFtZXR
lcnMiOiB7CiAgICAgICAgIlB1YmxpY0tleUVDREgiOiB7CiAgICAgICAgICAiY3J2
IjogIlg0NDgiLAogICAgICAgICAgIlB1YmxpYyI6ICJJZTJtOTRzY21qN05yX1lxT
TE1U3h0R2tmbkJMWWxUa25rSWVsVlhxYXJpSUF1el92QjJICiAgRHFNSElnM1otUE
tpWEZlcVVqTDRnTmtBIn19fSwKICAgICJBZG1pbmlzdHJhdG9yU2lnbmF0dXJlIjo
gewogICAgICAiVWRmIjogIk1EUFktQUI2Mi1STEwyLUZEWkYtR0hZQi1MUzJHLUhN
WlgiLAogICAgICAiUHVibGljUGFyYW1ldGVycyI6IHsKICAgICAgICAiUHVibGljS
2V5RUNESCI6IHsKICAgICAgICAgICJjcnYiOiAiRWQ0NDgiLAogICAgICAgICAgIl
B1YmxpYyI6ICIwZ3JnTFRFNDljWlF6SURkT2k1ZjRsSXgzT2xsZFBqOVA3dUNzcU0
wWmdLWHJHNnVBWHAtCiAgUWg3ZUdxOE5WNkRQQjBib3YzX1BZSUlBIn19fSwKICAg
ICJBY2NvdW50QXV0aGVudGljYXRpb24iOiB7CiAgICAgICJVZGYiOiAiTUNaQi1YT
VdNLUtVVlAtUFpaSC1CV1RRLUY0QVYtT0dOUCIsCiAgICAgICJQdWJsaWNQYXJhbW
V0ZXJzIjogewogICAgICAgICJQdWJsaWNLZXlFQ0RIIjogewogICAgICAgICAgImN
ydiI6ICJYNDQ4IiwKICAgICAgICAgICJQdWJsaWMiOiAidzE0OURtZ2RlOXNwaGJI
aWdIVkQ1czFiZlppa2l4ZzNUTEtBRzNWZ2pKZTRETUFWRVJCcwogIE1JbTBBY19nR
VZvS29yb1gxdEdFRkowQSJ9fX0sCiAgICAiQWNjb3VudFNpZ25hdHVyZSI6IHsKIC
AgICAgIlVkZiI6ICJNQ1VNLVNRMzUtWkpVUS1UTVRLLUhCNFgtNTdRUS1ZSzJaIiw
KICAgICAgIlB1YmxpY1BhcmFtZXRlcnMiOiB7CiAgICAgICAgIlB1YmxpY0tleUVD
REgiOiB7CiAgICAgICAgICAiY3J2IjogIkVkNDQ4IiwKICAgICAgICAgICJQdWJsa
WMiOiAibUR5cDZtTGlSYXRPWGlCdHg5YlZabTJiaHBQaXFtVEJMdG1WeHpwOWRCTW
lVWl9YOElkdAogIHY1MUJvcFcycWF5blJ1LWxFNU1WYW5LQSJ9fX19fQ",
{
"signatures":[{
"alg":"S512",
"kid":"MC6L-GFYJ-7EOP-2OWN-24ZJ-4RC7-EXTW",
"signature":"aeCuTY0X-J9_L6HGafZKbg5ZueP6PjoydfQDXB28
B0CpGfqhPjTc6bjLF-vZWzSV4wZ9wotFvXyAR_QRXW7EtpbRz4s2j-bdzGR6z0jzJ
GnFWaxUYfAzCoFUHfhUDzJTthMNkQiJ-sUyRyriqaF0HjUA"}
],
"PayloadDigest":"ZPrAcmAuks4uOaLyaHIyrISbFbCuNwXI3h7IVDB4
hzyitFAsVEg8G5QukhJexWuntd_8f4VwQaAmZnjT3lPEhw"}
]}}¶
The complete operation is used to complete the binding of a device to the account regardless of whether the operation is initiated by the administration device or the connecting device.¶
The complete request is made to the service, not the account. The payload specifies the account the device is requesting completion for and the identifier of the completion message.¶
{
"CompleteRequest":{
"AccountAddress":"alice@example.com",
"ResponseID":"MB3U-D5WR-CRBE-PM3W-BXKC-WJL7-7QMZ"}}¶
The response payload:¶
{
"CompleteResponse":{
"Status":201,
"StatusDescription":"Operation completed successfully",
"EnvelopedRespondConnection":[{
"EnvelopeId":"MA6Y-NAFZ-GH55-QXQK-AVY7-M4QG-BOKE",
"enc":"A256CBC",
"Salt":"t31lj96_2DUNpdtw7r2j_g",
"recipients":[{
"kid":"MDZU-LVEQ-FWVC-ZTZQ-5ZVM-HDFW-CMCR",
"epk":{
"PublicKeyECDH":{
"crv":"X448",
"Public":"trxRbB_RWPzsJLQJuS5iNdPMwszuRy_57LsS2je
LS09bRlPxgdGIgGQJRUYLE0HqUOg9uL33Y4kA"}},
"wmk":"lOHUgxHWSTfhi_kPvC9ArgAmKjC-6UfiYqUVJj07DsWH94
cuUHTCIA"}
],
"ContentMetaData":"ewogICJVbmlxdWVJZCI6ICJNQjNVLUQ1V1ItQ1
JCRS1QTTNXLUJYS0MtV0pMNy03UU1aIiwKICAiTWVzc2FnZVR5cGUiOiAiUmVzcG9
uZENvbm5lY3Rpb24iLAogICJjdHkiOiAiYXBwbGljYXRpb24vbW1tL29iamVjdCIs
CiAgIkNyZWF0ZWQiOiAiMjAyMS0wOS0yMFQxODoxNjoxOVoifQ",
"SequenceInfo":{
"Index":3,
"TreePosition":426},
"Received":"2021-09-20T18:16:20Z"},
"xXWk3RzF8i5nBYkIGu4hQ4lF2LsVIIhhpBjit5AJ7dxNvShduybGoV-zy9
tmXRTMY1VdFDS0QYYrTIzg2XOO4sT8KGljASTW4c5A-aMyW28brQ7QJEVi4GF3JtQ
ejOqi2RdwsT-mdiHXhFu7wePWqQfnB_9cyXMK-uZUTXPwgito4inGZcYEo8EYiIrU
AXuG0Dd-B67q-GeRh2Iu2JN_z713TxVmybokCOMDrrVsI2CA8ADDK-i7DxxRg0yCV
FfMvASPMx3_S3QnX9mXsPfsGEbmZYNETJToG5MJIZqU1oUuQE1CrZi-K8DmeqUeZV
zGHWRWoUoduax-MQcAH2Jznni0NNn6dqLyH2FHvMM--rY35_F-irr3ch3resI-sti
y9m8nJnJZZrlRKrhNibVFQg9HS70-0BnM7smPWe_VWHTmghiFT2t0Y-fqqO7e15tc
Em8hJWWnuw09iyKai5YOMC1Yc0GmLeKTyn12uV8_6V3pvAsZ-D7k6cCaDXY3hywcT
Ls0yRX_kIdVl01atlGmsh5cRjNQxonqD4nxb-HQqJ2_zO2jUUq9t_nJsisKovlPx1
Pgg2OTuulhe1aEV8Tya6kX9EMvst10mIMMTtEcL1ceZlVyqVDhx0hjvoE2bOTml79
FDRNlFg8PMfrfvP3fIGEdhKlq90KymFnoALyglq3r3Q0scYtkfb_4ZkPstp2k2gg3
48Lml7rmWH_aE34BugelmwghaFJhVwqj9l3hdGpiT8gZMtbZoELvvDcrlOQZx6skd
_Gr3IWwQpLSIY-jXQzd_ffu6l8BHjg4wgD51esw4LpJAcsifdiyJYOO5U7hRWYNq7
iOqAn8pwvkGO4OvgGUYx2suMFr-2y5JlZvr806AvR56NW3qUcPCBuVM9rJXzV9N0q
dhiuiT3Hmrus61HaImNFzju1xOt6QKdxLLCqTbNNk9ymlQWFJkex8_YdEwCND48mv
7cFm1QLM74G3vfTKjKLT-xEeyQegY5wq3zbUfsTIVRqUQ1ICmxFra4YvIkZTPN4DN
Dlzk2IIXTeXRxsUKc5yGfBHj79qtshGSipkuffyStYCeoK1aXBKlf3XmgqDTpaF6G
jZvXw11piVQ7lmsUbs6Uxi6OsNpzID2hZCueMuEyTq-4BNTzpxUs8eDJIEns9CSNv
3UhwhvWFyw4tu7WHks6vuLtyKtAuLQCm3kbKzLHJNntQqGG-23j63mvURGPDT1Z6G
6TOBQXHpHCyQJ1i06yySX1PBLyjv8qeuIFDdd5-UM4HTKm0Wrxcf9SE7IUcCQEluj
TSYsn3zys7m2zaZvDi6RRH-LENkO9fnt1RIW5dxjbP25dyNNMnZ4Ua_yafHPpBQPH
EzV3ygfaru9alVpTnTjx3ns-CxWNxwRjm4j_Kq-H4PTxwCjJ9HubwP-lTI406-zgc
p_taEeRWG511llEgqcUdI7hsql7nRkX3zqfXhi5Y9H1aISd7kZ2M_J8fHJw10cadL
OWrhB1MfO3M07m8xF3wj8ECN4ySlqOyNXRmAzJhOTbLozixv4wJ_Ol7_dJxECaUDM
VdsugKzDmbB_oCrYYGKkIt8GTy_nbRjgQieNWYD6jG1uaX30sfRmyvGdTAME0p9-x
bO_oDJ4glOVg_ePV743CxxVXIkwgGz7YL2ADm_jTfje8w542LweCBWsz1lmtr6nN7
JVEB8Ri3bNPuOQ7NAIn840jJybANdIz2cetMGslmM7ECc-YjDBhJNYS-QS5B4vArW
RAXso2Mc6cly63DgTg98rdCAurPS_mxHzXMGV_aQImdQ7rVotps6EdQT5URiSD-nu
GjhG2q912ESWRidy0sBEaaxAIqoUI5XjQ3X3ANpGr1xnJU6e_uSzEUGp3ZupjJ6I8
st6fPC8A5Yhf40FNsOgJKWhUo7uQtQozOyZVKo-xbmZlQHVI8HWS4BRBtcxpT73bb
ncGZ3LKlThW87GGgUMDx2amlo2q9QlhwLki-gsFPy5mZSOIrLMd5mHaBo1qWGhIR8
qp0rVZ2U0WW47xawjS1uCUxnKsL148yKrRB6BNNRPnSFn3bgrbg1upnt5MltkZ_yF
_tq1XWIovOu9dzFBzcSy5Z5tOnMQFtCJVwMRfGzWMHCKXC0qL97atPO5oarSbaw7f
y97MlafCasmcQanjypICUfSY_nC3VlRSeka3bhepKieC7iySER4fuRPPC-cSaxvEp
f68xJuN2YHX9dWXQeneeA_k_1FpnV4r4LfmJh3Vup-7ZRVivgVJNzrVddUgEtEd5K
7pgJ3mAzGFiDMwEKSy72eDJPsc62hj9mSfJS6Eo4segBOtTS6t5Ocsf-Fzr1AjHWI
7O0To-YJN5Pp_thcvLAnCevjCKCuervAna8h4VXXuC08rDuUZIrsYG6Fj2s28FzHH
xsP4OkP_DdhGpVlkfIqz9SDeYE7a_lr4OgJWEQapg_5qrYElYlsI8aUsJF_QSub2M
X3LUzOhm5xD4n_93iHWr8AN0zPL_nMKfvonFZg66YlgqGgeMrhenDzI3nRQqeSlST
CK3LtMqRyGINIeGiv_h3fwAm5kz5LtzkI-vMttaglQS2eQDBuNP9eTkR9rYktCnvh
s0XuxXIZJrFDe_RQsr3GBT5TBaEaPnmb53DBVQpiz6Qpx8lUrYCVRv4r1WqXkoPSj
EDTSnagNv77MqfM6Th5l2uapUXarLCHyxmBQntdpqBcnPP9Aw_ZlHu9NWLeGdM3ju
z4Tu46YDBk5vatNVSQZl-wC_Kicm8t6iei_eF7gJOUvWk_VJKjqGpDYZi00-dZCky
4yQcKl2PP_DfWk6s_N44dBTuGoo60fVbJep_j3L4rn7xotxLU77fFHR8281ciZF1i
nzZtHRzrNLfG9nMHy1CGE7IA3IpXqGwOKU_dFZLE5I6luASiUvmIIhuZtWOiW4jqy
Ifbl-oQGto6UekVIiXMMhZnWufVrqbpSrYckzDwxgGa-0O_ZEi6UQk9V2qbKNsNXC
eKaUXkppbbVNKIhqdKeZwABd1Hc7GWT0omkhSha7WAJzFHlvia9fJpDUiTIP29yPo
FzyMBPzhYi5YRBtHUpHBoeHdId8t1r9hQtv6m8o81GJ0ISHR9ZeluLVOK3mo-Syzp
HcXDlE0vpbJIyk3_sHamLw4gGOucJklhrXPnhSEjfmBrX5tW0uiDy8l2-Yu4_4sh-
NTlWovLPK7vYIw-WutpDXs2QIxBp8x2W84HckvagJU-03FIvlqs0mWaB5sNAaM-qI
1_1XzrvkwJ1hz3GiSzpW_p1DfQDhBV-Cw62w0RSgRyO-kpe9SBewOAklJZ0nSLuhe
9Rn8w4f6_WeIdct4rnW7DG-mzwgKjVwCqsmm0muNOP-x-6RX9JcGluXfQ_ze9oOGz
ZesdGw6PL2aceuCRizEpZg_AU478pGoX2bmP5tUB9fw0LukY05XxU-j3vrP26LT0D
aNluf0h-AjHdVbYykJH2LeC4bCRhjWApzwRdlt0mr9rt62a0DhFGFWiUkNtPpONGt
Y0YAY4MX0sr92unxmJJPM8BRwmJ_jHPIZwtbouPXkMBYTObkV0Uwx1mD7EL4WPDEG
UymOUjp3Aka2J_j2EByehOxyI99RfgShSDrm9iPj00h_XHoKeplQKLwfr9TdXOP9k
z5bleJuCElH6U8MBXcRHpLOk4r8XUsfZzrYuYHEwYPPo_8wP6Ft3jn0OQI28qepfo
6jWe0qHFIAUokZsCJ7Aht5dRw8m5yPNLAPpIFB_QhPNSUlr2eFn_nmNA9osd8Ld1z
HuHS3Fkend7DzpolJvv9DUYVLQz25l0SG6pswvGdtc3kjexxQFMxLh1YmdNLhqmB7
tAfGsMJhxYh7Of38QsmyW31d5HAF1TEYWS5xRZqFsiJPLyYrCaQAukHVcOzWM9J-t
02YuqRYM84XPcFwKJN4pdv_y33_Vt5ccKRb7KA7vZ6RxEO89QgyYYSulBRmaPufS-
9AJP4sO4feGLK4KKfu9wr4eDUAhoRTuhdpIRVlTlYIp26--_RdX3CyUkaidwWx7sZ
er4BhxjMXxsWVg2RrMZvpWpaLI6tXh1gFjgE6deXSanC3eEqJk2b9-tbQN2rlSdQY
N9tozV7Al2aDfaM72lONljjuety4ayAE5fj3no36pdF7Bxxw6Io_5cDtIlpyKdnE1
MzkWUTsgs-y3Rkc03QebbNA5Y8cQiXUUMXaWO66ViHDJeW9tyV3y3ydMwklcGqu4a
PAY_kSCSGN_FmJzSkPWrZAv8gheNTADx328132ECp29yftx5wJeYxuHmftM3adYAe
rxM0mD91BRTzteBXgvvm84OgOAnj-KfW1ELRzstLZSnmFSC1-9vIRF7Jg10QS7wuf
I4tEQU68oFV3njjK3kNni1k7HrvUu5k4fZ2gvZ-AtPzdvL08O1n8m1KSMSuFIydPR
wPlkA0j9vgGMn4B55jU5J_nc2UAr-3ZZhO_NNb994mBZatPqjd4dtqO9pMbo0Gh33
PHFlkNbid7SMZnz6wRgnAzqUu6ZekmnNfiBI0T8pnybxE1DnjmV2gS3WhcL9XNpfz
tn-XdUPhN4IGqGpPWcV-MeemaJjYUumhjJb-mmdWf9IgPqDGSfHfgRjE7xS4ah3Eh
LuMY8Er-vMuYaeFTkJgANoYcZ8TcpzmY4fJG3Dlasjr-VBGVbg1PYSrI3mOg5LAnO
ECRhW9EOxYLNPQAV9Sew0o5YJnxFbatv7ZNGuSSeCcOfUwxZA1nBMd2YDBWBL_Rhg
bJ34JZSzvVC4g-70Ug8O1WUeQidZO6o0IrrsOys2NxuDSpkpLMg9chVMt-JKgz0We
YIaxmrhPvYSWK4GEjccSDEkpYmhrVhYq4fzwZukPIJMxZuhGJ2xH6jf8D1g9Zcaai
AByxl-IOVnVfLrdJC1Yu59hnzeZkygxYlFYH3uIOYwM5LZjUfQQnBgw_Gl04Zd1j6
ZF32q8DIJSm-xV4eiW-hLBICLqCfSY5KEHhjc0Wp9_BOHwe3OJ3bh4gst5Jhy47YR
-8UczUkF2Ks54wwpYWBWGpUm-Nrf0fJ1iETtFfTaUuOOssGDmcnDuTm8HhEd3y8G5
WRqVZJo1pVfN2tYhGpBo05GDTiRN9TaLTY7oRkE6qmFW3bRB-37Ja9Jwy1jzKcQQo
u32xVx9ZXN2DjqikeTfHWeiwBjaveAjGXR-4VdFgfXo3-TzH3vQzuq1VW-xwoK1Kh
WGx12e1fLkWkBr0Bts0OZDmZ4l_-ZlPa7oCLd4k-oBTpUXa9e2KoI9KPiZzMZeQXW
Woxkm1LwQ5ZKUWZtZMYoOkvG880H7i262k2AIhpzT8a_5FvJoKJ_Cy3rcBNz-3X2z
9ifVkbcr0Xhb4N3RipOM1HLwVRdFB5-_MglKWsx2lnHX7Te3yfTI6BIjEmj0vSgSN
ZC3dIsOIHQxUfwXvNSZZ2TPtwiC9O_3NUQdNwXj892XWvqYhDFSyNBXxU6BGDBg58
-LRZZGjrYZnqsyDVHt46dUIWT01her4JJQD-MMRGkO1ndDyvAGIziKfH1aQs-_5SW
QaQqZc3yC3sZVvBUzGx9hCJF-DfvBVOErzzEPxC1XGgvsMk-rebf-IZTPg0U0GOpD
-_wF-d5p2f6-bPpTC7tPLKyMnG_MEH9VCWIxU4S7UackGBtIQdC1NrWh7TIxcK3cg
GeGIssp-jhk3OtglD7gCpKTKddG7U01kQjdTUgjINa_wgPTqk4Om7JEhCBfYncRPC
9Jr1ftZSGE8NlzPRAyYKoi0Ec8cNKX20cGKEL1k3kIVwLNulIdb4vqOc_z7MnVgeJ
Quv_6rJw5Mr7j9NH0FQj8EG_uTIlP7U_eb0uGX7A3Hq64QCABgxDqbpxn5hmWA9zW
PUqxeQGACXwQ5baQtvM0orpYL1uB3WOFI0OCpjaHT1edcc4_X189ZpiIzPYSKwAoG
F9ZyzObnql1HxHWXSsHqHoaNACLsvudKIQAf8Z0eVT67apHJMlUKDaOaD27PS14rK
BThyRaRh3ZLPcl5kay880xtHVZkV7ICoC9h8S2AWtYz_OTqPmYyEAIMnLyhPR5fpm
DinXsi8J5yyDqYpk3hkDpEiHmUpwIX_cVz07kzobNyMeXKM1E4s9BCkNaXH-UsvGB
J-dROAnWUq8nqQl660BXeMUMopToHYnQFhWzU8qKYAtB0Tr5cnvMHKPJwXEFnLIOd
_-ugn2VG4BFPefVm2G2HPELuN0-vJr-Mla9KC6_YYk0RReceTtc1Z1UIKZgtw8-NY
Z7E1mxCmVUfAnEUqFDhDU4TPu8ry7FmhyubKW9q67KtC-95DfZxyiKD43Iv3T8pgF
UMX0S2CRsSD_hUw4-UWFlGLB0pJwHPuCVdbwRcTmr_S8Asrw-Hpr3ORe-7zmz-tnY
DRUJKwjP5xyR4VRpcmPPTXJNzjGX_KR_s985zE_AR4CIsV8X2Afvpd2W_D1SK9U7B
ICcQRVrzsOoN9iHZKzGObi8EFHuPbbcz-FN--HqjF7-qIjb-D2YqiuXFTefiBkT3C
etaRzkYX0AkCyK6bLMfjDwyc_Wmg62zD55nP_QDpqD7YxapbCYWTgVXy1SKvBveCp
tFo7fmPiv9-BJIQRNVb0gcepaiM0jgYfFEkvMGtmdVwA3LhXys0bzpBlh_iWh6FOR
796LzZgMaEOzKbQwqQjGJj7wb89v6Ehh9LIqfRXkQrd54N7bcp8t_sDK-6i-xkaGD
gYAnUaV--CWL8_t11mBD35fd-v0m2R_c-bowVzdv-jEAeHsV_698X3ALeBF5F6Qzj
WpXNWuyuzb1Cy7mU9vz3VmLGQXTedEQ9tyTvvNdUMXmA7K02FTsGox0W3KPQfnCi8
6gFBBeJGo6N57POcEg6hsmTCDU_5r_FMXFqcQ5kC6rAhc2wzOWqAxwWEFF4N8Z12x
SegGJYTKBMJwm8NMAtITBWTe1fDSnN6p0wRikFyrg2-X_8oYt8zAuaxq4S8asIX-j
320RHcDk3P7nuxuL78LUcVagXLA_QNnapZtQPaxoiLQJm_7Kj0VMxuLyA6PENvuh2
Ofii_zcmAwf3bWHYbhorjd20vwyvoHDqCLYihn2AWusupsKbFQKpsVTlJJqPw3GJ1
8-BYBQyMrTEIDDbr3KmaX59kVO3M0rKH9lsAN0GUMQqu2NkLufMEhJdwWvC8lamIf
gTmCGwSLz8lk_afFTuaTVQJmZhrLeE42SvKqbTBGOo-HgDNVZaZ4jKYfTJI1kQ_86
pmF53dWWs7kzRjD3M5m8hTEAHQVthsaO4jcj_0WuCA4T5dZnTBMJXQezdy45xK-QH
i_ccJAbd86gr94QvRChrfXDGkU0d_-c1Z36dfHpa5aVQJOQq9Q6IxEK5iiS_JyNTL
plNVJK3pZzXz3H-7AgWEBSeEcFrW2eez82oo5aPppxcuojuYgMdhfr0wWFe5Ay731
q8ld5UA0BWenS5d6afMvmJwy1EIoj8km0_51km3e717BDQLFZ6Y9UIuI9bb2SHNf7
Ah3oSCaIAVr00TN0koe4VNe7LzBmjnl3On2Q3wKk3iTwpSanCKlmfNPayoS8wkqVV
g17Q8k-sCnxsd3WmFhensg65MpohBY8np0dfsjYue6UNHzk3Ma25wUZZ_DsbQUfNO
fXp0vVxcv11EICacgBeEcYen2DADIkSAFqySULpMCllLQT3qo9Q4uFN6lW6dsBuM4
Ds01Fw6K26hbpDosC5YyDVjmfCJCEXMpAAZCxTW6QFQ-QkB3HGSOVOb1dNytXD0-c
cF5jfMXFaNBI9YeT-sdLYVO-nxuFctPf4wAId6v6Z1tHlaQL8V-h1UtATQhMcK65P
rZrhR_GzqSrv9W-nE3IMeKyrZBVLqX4QtaeTGF4hQPENSVic5D-gF_-4ciYI4QWkW
fABVPlkTKUrUyP0f1P5gjW7_I0lRKkWkrIoNLRFuYVIYxJmC7Ef6eTi1ZBiIGkotG
Abz59G8tdmTKyGcobMI4eXD4flegFanv2ic4F0FTVMtzkRMvMyX8kFFny-5CNBl7r
PCjLd9KgahIOGqz23fqk2Pkc3TJolZrLbOEO5JF6nRBwProCBP0ZQZF2VkConwCzL
2tZLt89dTYT48xnq6o4ine-gFJfAkBtIjTl-wqpY-1LmFn9nY5Ln_VmhOKZR4UbOP
sKnu3EI0qh2XJkTtjmovvzRxf1AyX2reOeiyg3AGxBVaKAiUqhuCLt0S4u9HN27J8
HNllgZrLFvzIId7xu6S5lRrU4G3JqBcwtvVycJ7OkUV-s7ZXPlrR5xKhRREAhzCur
sSpO20xhl88-ko8W1jHyjMFG7Bm53ys1scxA-TRFK37eiLZzGhkWgO8IFbKV5QfaF
gNZ_RR24FydKi9ym2K_xDJ0eTgfNFFbvr4A2HARgnPrxLT8N1st_9cUlyTs-ARqXA
OC71a6nf4oSXzW7UIjQA1SR8DBkAcKo1bDvoLVrGFmBYtsEQyuJ7MdO8Rc3r8az7Q
YTzyxx-DJ_TcQ8fYHXtnabs9k50Tf6pNmNBcIqNdokhjag4cqBYUB7HlBjmdn0X9H
rq8e884a7UnfUjZa9xcP__BpR6SyDxpS4fCVM_LUQFO4myk3Bzdzroh6rrgZq5Vhk
F3g0kbjd6mn25agaLme1nB6j2UF9q0mc-TeraEsNtgm21cn7spOv_fSgiLfv5gYVP
bi1ZBZCmbRL1soLhuZhTM8s70fOf1FguM74jZljJrFMkAX6f0nKup9B6fG2srRV25
7_61i_NpqONpzgupWRIJH4rciJ3th3Fn80YVY7kBIQNn8skCLV5MSztNym2F2Amum
ncnX6QAXEU3qM3pzKe8WazYEYn8HiqYsX77p_AADVAKl6rXLxKCOOukf_RM9Boowc
NC3o7QWpO5fslaOqRVldaLcYUXM9aW2A7PXte4XRr7ko7NBAnWjxefjysemZ8zVjK
fpCoAZEWTYjQ5ljwYw5lFtRb-YGE9pfa8GI-vOUKdDib_TOpVK-TU0OlYSTgdCuMZ
-ggfg9bTiU-05JilmGVwJmAWynGq3kutyJu0sGPsmzft2lrnGF8aptNt7-A5z1KUj
atRsdBiWIsMt6KyrxSVic9lqpLKBK_OOUYxkjW0iw8bCqsxZWrk9ygckHJyTYaLFk
WdF5QUtR1CNidOq4IXOJRGYlqGXY2GF0XvYXv4b8ybSidIBNz9_3R7hTBqBtFT6zX
NsWhZirFm1Xai3t5Ue1r3DKC2gYv5hlNE1S5yiXv3wOat7-wZNDyr7xcSrYn3rFVr
MwncwxbH91SzV9y6sICXvNqAIC3c3yO6KU_f3TOSAPfYhB8acRFsD4xxzPH7BrQvy
YvdY6JzawPpXZtolwlCRuDyDMyGafZm4bYSsMdrOSv-BkldSZ4x6f1lxZZPRauaeY
RoJiuYKkIiAZla6WrTd4wECnu2fsN9CBiZt5uUWU2bO4R3E7ZTX1Pj1wCIlUewBN_
Tq5phzuW0DoH4Pp3fSEskI8MEhKRO16hPrt7-YqfBUFggInnttIqAX4mINWiJluuL
SymjJLoniGOURBfY7lin5UGLhCtxNrKH7FvfezdaUdyXw1ogVm4AVrN9ore4FSFY_
lWq0yKYcg4QRoeqXbxQyWfuMwdBMb7gwRyOVvjhxDAksX8j-4MvUd-6LHUAyQNLx5
21PYjoBpmhZYgG3gEY0iNUrG1bfrilY62Az-LaVaQnpV09qKJYnO0M7-xtCbGkDxX
d7LMwINGbxR5KDF4h2QDjXDICDa6htAozjtMexe0FzwDf4ELRKC_WQvD6zZjEudKW
S3bBRgPaxyguVX4gZiTp_0VjevJSTWUbnXezwe5Xhf29E70pl_sM63E6-aOLIL2wA
LUZBe91q6vey8v-NKmO9lMooi0Ipc_Wh0ZyYEJpncydmIUXHUJacvjtZwGAeSAuJj
til2KiqBxMIV3j1gf6hz888bSksVue4G6eUqFMpW_ErV2ElX8HH661H9UKZO6IPEw
Xjni4_MvRjMszeY0-hNIL71KGyiWG9O4ideJzIcjqyQbrX5DNr5e05dCrMyK3DxOT
Log6Kb_pBWHSILN4VuOF7oZUBSU53sklM2H89dHb0WCRx0SP1aChPqN6lgtz6jXAT
-DpIp55MF2NtuuFn5BAXQgo24ABu3nwyWrQ172NbFKnM4vmLEow2JFCqwdYMzF1U9
MOL0l-wn8KahL8lUV-HpgsrWBrTpuI1wj2TK_fenBW_tZJNZJk_8DyfSrz7BqgbCX
a1P_-ML8enN1HBKsVhIpYexbvIDQlU4QHg_8pD6ZzNlfjP-Kzgw5jD78BCrQB-KHt
4HmMFevHgQhJzG2bbxLUb4FTDNMeQcPCxq2dXEuhHkYLPvceDh1wOQxd_xIsBwupb
ltYODEykEp4x3ey6SOSI9RsadapCoI6ZRq9lb0fpN38W-QsLRm0jAcL6_Ey54oInJ
zNxuDAASDqyLmWfMz2bQkjSWWUy3eJuIA0zS0MLv-OMAP73XtNYe4Ky85BeCpy3V3
lslYxTIRnCBAZ7Bj4KO9XaWs2jzC61i-oeWarHl3P20hQwB_wqm1f1RqawBz0SfJi
beRVWqcAyHLTCiyoV6gO0za5yATK2QLOHvzUaH7YvYdfw6woG9-yzMfAIeLZYK3Bu
8FA9n0HNFiUZJZAhvhit-riGy9kydqakoO-znTRLsjQRNjLEIem-twtYAV7jirJNN
uvk_8pWQE-wyPeWOQN6Q-aw1I_lau2kwxm1tyqjbxbVD01eYlDG1Pnb_5B0daBTDH
6mogBotl02KvaH5fkiR12PFll5kpUUFX9qRK6Vc4pok1JpW1YEeICM1rr_wAQMu2M
kPtwEwf_cUMLKtvDCNWOboLoyfpfh7Ld9-pPqO5VW8qAhNYrkyXaO9OKG4E1YbKF1
Yy5KDj2VgGnV3In-6RA6Ikkjq_iyJRrEjKhdcoiQBRzGc5Gi5HaWj31ueHScbs_eh
coyEIiN7kT9RPpjSvpXNKD3T8LTwhbVI8w2fhNEeaCzKWdYX5xkl8KxyQLaRUNbRj
A3iPwbxoGhEJ0G-PX_irwLy3GPSz4YvsZWvKiJQcs5Ea8yhjQ3wsU8mUHBy9BD3ov
eKzY0mJQ7sDx1ZvrHxJ3qM7tCXC5nAXuFEcosyHEbiNL1oVyFaEHGZTpK0-SZj2Eb
dYAznsfpZSOHStzCoAS0wGynGMMpYNG4HFokSVjqVZZU0_QlisSqLBnI6sQiQ42kx
ptaZnSgkW8qBKM2EUe_U2T2yq5OiUQl4il-0S5Idq98VYDl4AI2ZYuHHqwB_GAlO8
5jlpnZthK3w3irCixRiP3n4z-VUutl3HsxtdjZkr2T-FLhRgpmkhvm6uks1geziQW
8NbJVqz2h94zUsnqMAaqqIeZLeO7x4lKTgGuBJeS2WXRgTM3dnoRfowdVRD_T5TZ2
CalQAc5nCswbCOzrMc6jOy0TqXP4tRBnIVn6_nOB5c_Z18MZ97OsF1Z3T9e-LLPqs
qiHbN-tx5QoHp1j0hBdHmxn6CqDo2e6PvREN60xQBDq9RDQTa0rSQKnJi3SUN78_d
c8Xlk57p2xhss8i_xG70OGHsJw9K8Z93tsNzukNFfzv2pv79jp5E_YSMTJvb2Y8Vn
ErPhJgAsGN5KEtPnYqodGE44IJ2LJ6P12FXnZUjdnELi9GWd7Vf1yzN3zM-VuMhF7
RKHJaHeXs0MXiR13GK8eVBnz-x4Eas2i64bPPkMCXe2syYjCIBQidgH8mpkAY9VD4
tclvI2TKD1E_JHi6djEjnPcggZ-XUV68qTNaQCUbmYPxIigIPjjgqhv4_9WxtT2gD
MeCg6zA8K8iO3OvXElBPPKfediBp1KH-XUchtmUzj3XTG8bculjRT5qxOdn5lp5_p
phjQXVd9gxcGnPj0YXR3KaUl1XAEGzNRjMSYRdUzuwjo1GPU2qDuxPm4OFP7T747G
QOAlYwtOtIQcUYgLGtBPb93n_oXE-TCVZLFvg2_R7Jd1qJgeOdrAEwSSu2_y1P9DE
neh2p8iDTct2S3KutK6XS_UiCgRGE54RLrHgkXnwXz_NyUhdZrg-RBX8nsscf56vp
UnX12maBQ9cL0MuBAEn3xZJncDozkzQuBXMg1AsswbK_AONBJ7ame5HN9qX-m18cd
P3p_89we66DE-JqZcRfE85QGiVbchl_Qj0ntkhQ2Ha07TqOHuhJVLS7Ev3sfOmuHr
q_96GG9XpcYhpBSeMx8nYGiHLXRvRjZaeQJ7lAFu4MerukdaAk1oRyQB7jxK-mfqu
UIloGENoAMjfAev3hbpyi9iiU77H0Np1DlPpeMxfMk3rDyZvoUGZ6gAFA6L_SuTxO
QBWJOsLFmZ_iGN6cCUMmBKopftgQCUoXoVg-9Z7Mk3ghphG4cmmeQ4pZwJcTTJDgC
wwoV45X4GWbBR0pmNVfgx0EzECWeO-czMAkXPqrpQsCGdD-KXSnS0MNWovK4C0lU6
7NTy0jmVzgezBL-WHgFlEZqTssH5XEiPrJPOVE68Wj3T0gP6LY6EjOWqfolRPfvyq
8cjpis9j1Qqxz9QOq2wJqdQ7xxiS2_XF_ckbosKO8N0kXPoSGtI2-gqSmJVySziJG
eWHmJgegn35OJfEI18s9X5tJ3SFZCkIwEYsi2_1iIBJqjTBIy3Kp0b1ZtVJYaN0_K
jzu4Eq5gC6l5IXV-IT6CUNZ-sUSPTU9sqIADLmQbFAqo938gIpxjJxFh7JljWXG8K
LLaaXA-_wKtsKjK72u6rzvw4vnR21kKJHIlX8Dn-FXFtmmeUvBpZZNRqZRogMuV4t
OM52snu45MtsabMlmAUoxFHH2jB3Pb22RT-JRH7Jm-sYR1b2h6rAqnXC15SokJJnT
WSIDN5XmX9KAvhJ1Wm5tiP7HmWi5zpW_-u_HiR8-TW6zFGdBK_LLNCWHzPbz_q1at
5kvpM5QjwWeFpCvl0RyGEX9YIOIjtvdEedSrCXTLnjEth8aFEd2d1n9gIdU3HZiK7
T0LD3ZIu1fkSq0bKhs5oR2pf6M6hCHbMzCn-6mS-Ep3z5PLbJWIPa6hlfX5lNy0d1
7mnZuvQtoJi9A038yYxu6tmcYBpMPwXNWEodPvCmzsQC3bdezXI8MYhGlILq8JVLk
xtnmwb33fq0WTI2qSKm1oMUKhhhTOCo6dJpCpOhTrObhj_FN0iHznNhsV1KVCYDrn
2dbmMKCm2iscQLnS-9Betrx2D9qaOYJUQZ52-MLLufKNS2Cf8jZa55fKGDdxkLb5S
gSK4GFfyL2zHyHnCNKhvSRgXJ5GZiN23Q7l7PQi9U1ob-8vryVcvGZowcmOhAYPXl
rtOOZZUwhBnlsuGTFnJQUrUPzQJWkwB0_9b28QLUdlLkgQEuuLFYsA_DE1ir_UAKP
Qd4f00wNZ85T4PqUOIw7VJIJMNRDZYTivTrCejx8TYTtBN9m1aG-sKmi26pR5PjTI
ABlbYLmOeilPoOi6EUEdZu7S34bDhGuS3TQR-nRO6eNMw2SKs-xINf-96geK2xQ0v
gADRZlrITylk3rGFX8rV9AutHhP7taoR5zISnlISmv31gXEDgku-qpXxW0Tvm5c2u
xX8NBzGDY01nlHetFS8rG__WHOlCYOTzSoGJpS6m_S8l0yU6sIfKA2VuwLuDVjchl
DqZ3yC3aNufy4_BK3hmFktOrj6ptbQc7aZpSFWlfdE6x-V6ApaEug_Fh7V8w_oERg
JZNJKblhQmbJBUgHH74k3ZnbuIXBODt0mE8IN1rgbwvifrQwjTewLFgrEVviyJ8C1
bBOeXY0PxJwm0rU7qSxmS67ONcOMykOdk2VvxUE2cx-c2lSXf_te_wVmYIpD0W33U
wTu36tk0gw7frFO_9HChw51F3e0xa7F7ZuoJ8OQ7RqHeSc3j1vjkGgTa6Vr2hRye3
q2_4rR4hUKYACuKNarBVCXKi9RV25U9HPaja41c0dBswgIvHLgVTpa_aAt7rO8DgW
ivHC4q_sVx0qTZlpsTtcUKeVPJupP6SJMpckjfC-aCmEcZsTeLa_Nvd0ryUDe9tQP
mH6LfI-qWIuz3HrBw5TADnvT0jclPqqF4PolhnXvdcEdCUtsY-2XPYAVe0uxtZtsE
oHKIUAYh2psn7PAXOWWQP-e_H8faYMatxOgPxutJTPtbzp41h3Y2jH-BGAWG5uMGU
BaTmhT5wqXODBaWwGTw_TIt1fFwfosekhUyTfmA1fuFVBGwELdvDciZN_-2n7IA9l
vd0eV0pSDF93XHtCYCHiIz4QrPLJojv-Fa2skFFC2TO_ElnNdLrHdzdoxSe9hZRf3
-ZoVkm7rKy88G8xuWe-Y5aMIj-fnMAnyc26x49wsmNSvfwjEpuV5D4uz8E--cQu4r
zXLm2KZsKf0WG0S7kk4sDfm9dw-6RFKs4LU6ZTI5DnV8a-XIul-5Rq-SvesccylK7
jrVy8XLXzn6lBl3XHFicmqxjzeiRytf1S_BnpE_G0ZHlMg5kyRGTMXun0DP6VdPw_
O2GwoWH0Srj1xwGUALXmjKwU41YZnuJK3d2rgBcCAY2iSWDlnsSFKPL2uNgIei5hO
VhMZMEFF3oJEY2A3kJsDSO2ENnmNVTS0KKXqvVprx7MkgqMMPzujBGnPYhhjQ_OHW
9yOJi80qN2TQNOIykw5QOkfDwnZ1mYdXdWJccYjemFii6RJ7RMriHUyVPX_nm2ps4
0uA-B7Rz6QlwNQplF1WfCDPu5d1bGtnGz7U7JgSZbUHpsbI5U9wwpNKA5I-h_wY7v
dtrEpgJPTyoFkVryAYAmMbEwNnhhWiOwc3h1XvOqe_e3O4vCoUdHG9UAdnw_PjecT
UCpYVxWaB47anLn5pUaw0yeAP4XqK_LnDak5tucjCjqJs1QGpxW5aMDC_v3k45WRq
vLnENDUoBrgzbLdeyqR7xfATMwiGGEiLNiw3yK2b5pF89clJbA2482Qt8vH0JeaOl
p0LT6liwLTzYzhfn6js6cnM-Hq3-lp-zYSHVj3Feo5iFQCjBNJ3TDJdvpy8FyYVDx
xZl2ZlDePFxviXlRFl2A1mbB9YiZ12d0dkc9xtT4KiMH9HdORWAWd-4HLaqZ5JkFi
a0CXLsNZqsJz3G67kbnPChmZXKUCWGiht0p-ZIuv_dG55gqSiKaXXPFGrkCH9TIog
-D7sf6v-FPcVkELvjYsQxjn5JgABnt6bAs0ouzQkodAAKOfTQ3BzlPdUsTobjXaZA
u87RJfyBx8IMGOqZL453axVivi0pMRC_ItVW7w-hR61SHG57LHaXsestA_u6fCX4S
G1wi-sd4KIZ6vGLXx24DPCYvNMBYINZLklPKOqxIG1R5tC6te5M-pmbrnAw_CPnTj
deGJi2GGSG5G0ZIsCxsugPaZjc-x_lqcToDNWbYB16R2KZmGDk2VbdEuR_cEGdDzw
7BgIjEGsJwCC6hb1NV49W4foddXeglmcoQENQsJKeyWjbVQyZmQeAn03C-4sj6b_P
cBfqUIFKeA0NMsQ1NatrjkTjcmSYiD2_0c0PcmbHlCTqMX0bilrlNocDs35r-iTZI
jkxrc22ycKnJr5l8ZPO6V2gvOu2jrNtqx9xgM8N0j_qXhh475IAOo54D-Yjf4RCfr
Y1MGKka0yYCZCVpTJdOeWF1OrpVf1k9Fb_v7-C0qSpCjo9iUgfjpT5oKwOmi0its-
INCvMycyclxUUiLP64bnZrl7ZHXq7FEmHsj0iFs2h0dVzCESeqVEoVHq_epjnBhzX
GQWpKoQ4_yP79kbpP890oBlaYz13lCd-Zkbc0b8IqhMh0VZWqJsXccQfC_LtqnMkD
xL2ecXykncUT1u9FFiifn4wjdymr56SmFVhiFjRk_lZJg310SjoCTypPiiKolqz4T
o-zV3EfN-lkm7wyxVfIrLjwSomavsvZ7lN1mL-g0225tYFcG7aMp85gmO2xz3BKFx
lVc5s5MB8ObIjEPQzM0iFU7TqDtiqRzVpZFy2slQYZ5ej4MyvI3iaBT-X1cJtpZEJ
EW0SA7N90dH2sCUB8Uag9OsZTinhW0gI-zzH1CFTUxoS7XeEVlruf4pwkxYghMJjV
RQqOgqjppUko4vRCByYMQd78f4kKDnNpj6bWyPe5vPA-9pv4TD-dwVgxZ2trmiez9
0RFwB9qAsTfi1gIq2VimmZtFu4Bj4Z4l0VoJ21FUde360HpEU1hGRij7fS54OHP9-
kfo1UfZAH5SKM-YKxhP7kUCl8FAk8qKg2xrAJAoVVN-7TXlHDaLM0VCG7cvFk0pPa
tiWFmcCNQDjS-4dLz7oeX-QZ1jw4QGd3LWQo1F_tw_qOfI7_XVk7tCGDh8poik1Jw
sde6iCDxTg47dxsJNL8Q6L9sY5zBnMcmH2ZOnWfdojWQLm-IKvfbNCoaJQAk2VD8S
B-cDAvxWzh6-f4CPPqf8aD-8TUnKuNyuZTovRkgJPX_Uuvvi6h1Ga9Z0JcNxFfPi8
EfBfONMZ0L8a4dgBS1fMSBPx7ZMrI1YKrbY9Ysbnx9D-WShZ_cPOGXYKYSq8jMBFs
L-EG2Gu2tXwzNhAMd71gMsqlsldQz39v-ID53tNRsujMpYwpbbU9JgJWpiykx1-9h
cL6dlbRL8PoxJwU4LphJhQuUdIWFwxYSN3Kr1BmctEpgBHbHgXKuBh4t1uCbrrSKK
myhbs63Gph5W-tILs_FrA-co0JkXXhUEPqTe2BeADdp2QlcxiPW0L02sRxKzGB4OD
0fekgjUgHEypbw0MsEo5Xwv8sXwM98mpHh-Y7Yf4SAGB0kApGeagbGCmEJQ1HNyV_
FCd9X5Rpp8f1HohD1RifwB6USwZB6nILCV37c18d5rx43dEEpxDSx2_IT2V3_QVNB
IRy8eEOcSccssa80Trq2Cn74E32eE3RHfoRE5Y0ZYr8ISynhHqoMVKU1Lzx1TtE3Y
CbRywQuQdf7Wgwv6QIj5sS7PEzPSAJWdjtAb-xn0AOrCkbbuWV38HG6DBqk2CpOle
5U0qlArv6PyiToTyig94JEfX-_4olpmlR8E7ckxtEbdE3s_bOPycm7BSBSr84Ho1_
EVUfR2m6DjAxMeHOn4bE5kwx5kFo3H0Ps3qN0rAnMAQpuCLB5tj47oiG3dSy5PygT
yeHe0yuS-OArBTVAXPOSmldAeepJqBpZMqhlE8PAviaLrtYVa8xMO8pEu4JKcjTXO
6tA675ALk_SudmgpjREbKuTR_T71igawG6Eic-ouuEcNTItMYWj7AYxgU7ZiAO4NZ
vy9Bq7ayk3w-8CCTJtaXR9g9CYGOENvM0Ht53E0wovS4BeRTCOy31TQ8N4-O7vCzo
rXyOC-c-UEoQI-qwYU5Tm8dEDCJ9ndQpPrXjlHTmG85RrWzkf7ByswledQ411sZFB
StOEdakWb4a8SC1LCeJIPuNIgcYxI3OjmGoTj5xbH1P2jV1-DU8jva-59fKR8jos_
zmFbd8lkXnlvbJbnX-HKNyLaTXt6mIzqd8tU5ECPNOmssb9nDKQRUJHScqgL0oS-e
nXSyF06pyBh4-9xvLxvLvI_3L7SaVSDDI7PipVryF8kgFG1iCvmw4WV4VeZ-7mLCK
gLkcigtWphntrAqqcEuCAGmMOL23qaoCL8tbMPibSXLHu_PLpmxK2RiJmdPzh1e09
_07GfYAVu-s9-gq6dYrplOSfM1RVkwXDDe2Y4E4TkypzYnk-L3z2L21yMI-almqM6
jgHBcDAB_6lRu__TCRqHNyaTTxFn9hlOrCppBP3Xd56LBRQ0KDWbeoIE-VTgDx4mC
zi18u25tbrIU2_1J_X7Be2VI6pJ3xdxSQIQYsJMFPXLDLNi0Kvrqk6qQ9G8h_8-1d
5TGLsfskVYRb-RpMlMMQHGwgbMmKDbi9PQGBdbv6hgXT7yNZS5BRcvcUsBkd7eI5_
k3y7nk8YdvJXLCl8qNUEflmwSMJ2r_s-BbVMvwrrCIrsJocB1ejxbcch25O3qxf0c
kAjBVyLgmgC8MlKirkyJF4O8-1NzF3RDLBAFsPD1EdwN4TL7TPeDmB5BL2joYdK_-
g9w4AKsMB-wyDTfb8siaSEaWXDO5sYGbw86hNSXio4g9gMRCdwJTNU1n_3-XkpUAB
OYSK2qzbMeyrAAIQr6lw44jLqxG8QwKuLE6RjFPlYfDuxZW1_hwY3gsmcb7aM05pN
FrB0EhvG5SI9SIWyxCt0UMEEyooBCRdu_nOJD44UqTKA7LR65_P49kYBa4igWj-TP
EWeFbGV5-JM9qDAcjV1gXhSQdFGcnrBifUwCXFdJiGNecnKoapRzozfIWcS-VEKgX
n9HB_LWhkra5OX1pBIQGiBooLC9B-PeCPL-mJEjUTMQryRdXjnqigkblTD05brHXk
eg-n4jnejD0dG1v6WMW_oUWgvg9iucP92VehS-koOrsC4ZlMgzwleKC131xfwxL7c
cBR002eQXUQR4542ZuOub0uEOVFcn7UI3-7pS0rSn5A1DqP225oyITcNOgT1PF8G5
_yUXKBAPFZfq3QwlLrP1NBoOKUInhYARZioL4euZb8loVA9Hd68G1ZSIP1Kq28X2J
NSpZ9ScawuN1rwjggk_3CaeaEOmNzIU15kFhCYk5-bhMFwusYq6mvDKoHmbC2l71D
e3-FF-WGU3Gj9mYDZ36h1T6qbzrUP5XLb6In_vgIo0o9DJY0KGm81AoYO2oVY8RBT
7QJHMfR5_GfwNJCF3raap7vorJ20dOr8NXK5d6yDbX3r2AA8mlXG7YQUKNpiGwFuv
O5rkynAQVHDfJ8LgNfHmCKflO80o4HvE5lNhNsgb80nUMU0o8DjzNU-u-XCaAm4oN
qSvgRl6Ua1tl5BCOp6rv7Fb6EhbNHanC01yG5vYyNjFPedP35ez-goupFNl2qKvZE
ZuFbqr1gI6qqdRbIqFwsdGUCQ-xtjf3_aUobjM3LqOTDvnYOAhwHYB7JHC1Bl0u55
fhKAkv5jw6rvVmg-y33GVSs6jdITzNRjOTYaqy2iOA59Poh0QFvf3IYbg63vrgN10
ATyTs9zTUIsXjuoTrkrg3kSz_4DRcZx2u_NCa4qaIAkbJmTuV-1T9jCRyvud34n-_
MIWRTDOSxa6a5xxhRnWn1Xzl6aU-51vgF6Db3OIw_uoJjs3t_rn6vujcYpysIugyh
xjUozTaAZv7vig8eefG21wv9qOv8TQjTpUCGlErRThjel-o4-x4aaZMSa4VKi_kHo
kUG0p1QBGcB_zYfEwcPYX0AgR55uyDhnrl1uqBXZrS3vX9-jzX9EOoLxacUsoY_bz
TLVLruW6Z-38K6SlW9k70aH35tf1Wrvbny6kAUhncbHzPa463XpWMbLHE_40-LtBk
kBY9s7WzkXsa-jAeUZBKQBY_EERwPM54Ea-L4igwThP6I21DQMVAROPiv0buK37ZS
TNE1Td-IWXiV1963ROQvkB658Xf_uHJHPi5m7cLDIpEtzH4bJ853XH9uW61GGt_kV
O24tqx8l9dteQOm-PqH0yEguULXal2zoI4z62U_Fos_TpH4Zmw-Zw5JVyeTU_vWxj
dVPaaZOV80FmUX3nrpf4lJbi912Gnj_1OSqHBl6QVmzkBRNSO-1gnZTyCZ4FEO4yz
m3hHadO_DI9-A3GY6Le7kkyRbT7rhXTWVzHacI4Ul0LpcoNBTtBs637meoWoxcoRw
ZsPIkUxdZHzj12HP1S8kmu81WK17-GIdzqc4JVR65YyTJo1SJisdPO89pr378s7LJ
LLR3Np91UDLdf12zf69z5xXVfHRskeoIG0ljwZWN7IYsmn8Dppc-V0XXVgmREMJ7S
DutlqDWhb7JAwP65emDavLUj-SDgV-Dikg1mF_9yT07ftEkVxVoo5V-buvuA3rvLN
03vEgMgOcrXlYZo6wPppiqDWnokNQ3UJ2LFtyGLmS4fkEb-R3pDZgQGSJIChAleMa
La6calMfDHhNaxyBPLlV3cqR4IGnHaWsT3_qerOvANSJtWreGcCcmXu3aZw_bGsao
lD_GDpF-L4Px13Kl1F607U0SFEC4yvV0qtKZiYnS7CFJDEx6mbuETBBVyaNcGrg5f
V1jnkNl0Vr9msC-h2LoXVxKQaTYCTwpTTIRAR3RBNrwLjsgXILcD5mubV5HQGgwJ7
-dmwofkeou9SzSSyJlt3iPAjfgYD2h0w2of8hMSZ6xxPnLv8k0qK3gub1PyHetx2M
kAY0DzzHEiunu4CClmpY233-5fJMqAugZj_AEGGX6fenhcHGOYD_dOZpThBc1tn9E
Xnb1JGgqecaWhdIkeghjAPzdbizpImHtnSITL56w6cBNmgUfJfR_4k21JVFn17fpM
sqmRO0DsRCOZoapVa-xD-5M6yG8F-GQ49HxaoxLAQDe9No5o60QQ_r19zlLK18UVp
7HkBxXIkFDZQqKqBAkxiy_5QZFmf3fLTj1BOdkbgJgOBJo7YkZ7VBSXl3NMgR9ZH2
VQAbbQnKusKBgff8sTRCzz3pfw4eBMkE70WMw9Veb97yx7CDScXG4viZrdi4Xg-2t
LaAFL3wTVLf4E5nIIbSt0sU113i-JEH5nDNVnGwvEzQJ5ojH8yijY7juvstRUcdvN
TLyukN1QOZE41dumpk-xJAJ3_ZoCwalnpHRsdiNOpw1lwCsCOuanB1gjQEioKvSQ8
ri-Ly5SVpd3lKYxFsmJRXl4I3zOt_mlOUfJHqWYdVh0P_zV0a7iIWlkdh2135XD9Q
35qSM5EUxuqWNXFc_q4fvjXXqAkO_Gli0Tm_C8cLPilVNjt9OJU8eL1Vvs2aztfni
6nSZXZm0lHj4fmZBzPRNCDoarvFavJ6Cv7Qgzb9xHJ3fPsiz4ko7kqjQyRoYKb7pi
XEYpvMSugFINvUU0iUeud46eaUSGC8S_AYhWtjleW1OsaU-qQ0gLfuJ50WT3Fh105
TfFTewf7cn9Hj1i3pCps5YWL19pnyb7S5pQ0nK5gm-yI4t5ECHGJXRys2_azQNKxs
prV3fFyD6-sy9UUyUxak3ri6xieIEuzv13BFQfYetWyJfSCdD9QjDbPBmSiC-2US8
j1D24aPwscPK7TlAhwM154jXHIkqpUTCbJUIEkCT1lt6hUZ_XR9aI-IfxR37TP6Ky
LtoImyJGBGWdwI2Y2wSqA1hRZOoKqjzfK0r1bOqz1FAdCW-wY9vBvqFsg2ycuij7B
h9zkHmjMgKIUU82jDoZL-rkT8cyQm9wAL2fYxcR_O5BGrn7xJMjJSapIhIC22FH-O
lmX_v5VBLRXzMseG6f919N-2dyL3OStCmFaF4Ypg3SDSS7_0JGSNAT20MK_59q1X8
b4Ei4uiOcLccPCFeUi5pEdvkAAfnVQhS8MV6q6Ks5LUYRROG8n4EZEnl-yO1OVm4Q
E_RjyrtYXbf3FQErmhlwrNp1dUWG0ii5PWQmtw_MY4LktRwTbZIF057xL-pe_rVIH
VjLW-ZjSKUnLRxGKAVJ5QU42_tuNPZD0n_OjsKGqdiBRSXJ8Cw9Ce9iVQJjH-sKVM
T7uvrHkVLhU6OQnxwtah4CPxZTLArKnxf2wrFhMEkVM21lGmbchPgJKSY3kCRfr2E
lU8SkSyqc0ZeKGQIwB1nIvTaDpLdifoLbz7MSrUglHJcAxhmw859HcDzOeoVJ9_EJ
GNRjeqpYVTd3aXTFY_plndwGHtCwZ4xuLWeKM7QGVNMMJfFM_ehV-voboFo9SVQnk
Hp-tPgxxdCnaYvX878TUByxo4F_cJFge0h1f07RHi1BkmxWe4G2d3NlkAxe1SDnDN
M1__ewLPUevCWWGIT6Lbh2MvldTSTpuYSnurNTb38TsLCysQ7sXpJEdwUkK7TKLal
skZGzggdXrniVbiwxxehQ3Hxu-WJbZigM8Wv3VvNhtTkVyfEYvmytAP-uRO5s326i
qwtzPSIPdsPCyxWc20MN4xtgz6nNLG0cyk1RD4GnZmZ0lMarJIbh8bnfhzA_SIK_h
s1AoshxgBI1n50GizAnhlL1j-A0VaDgBbJoQtrZLjwwaIc_YLBoOm2QyTg8yWJypb
zDvsdsuoeaIPpsn0bjjoflQOPQ-uhn9th0x9N0fm6kvMoHQ_g1oYmfZozAhBXoa3_
k9TJIQVE4B5P9AMufeL6P_WY7Px4LkIxsqHTCF-BRShTvkB1r4QRLwasNI7WK38Nd
Bg-LHfgNUFobmCzkjyY0roWESOMF-d4xVcx60INS5-NZqGoU8G_R2OR0E5VueR8um
oLXKC1-NdNlRul3n47LV3RzjPy0csPObeF5Oal1Ci-Zsnu55jZZIE1H4hs_8M2_Ot
LEfNt9TyDd-1GT4K4pDMAyywv1QEr2GcJNmVNTGU9CYtVTgLYu0cdK7gaDDhDhpnA
0UzDiGqEd3QMxH71O9U-tqdmRkZLRQAhrbLYP-OroVeF7-BRmsZN2uwM4DMk1MTD6
laptASMNd-MzO10PVigBS86OcDkVVmu5aGx0OW3m9DRxSztA4K_yHrPpNBmJQMIbn
uYEe7Oe_3w_7rHRxaxRVJkXTQOxTYQSqSAJhI5maVpO6k8y5I2oEZTITHIiUUEcnl
tQNZ0iDR5qCl5sQZPbTi59yjI5zF1c7uFdqJq0gBduILVqEzlzj20CuLaOaXWIQXu
FTygNsxVvrJSUCAZx0EhDnAmmVVWujTx5y8JtX1Cq1VynX2-qzYBOYHHZbAUAAr9p
7IYfy6dK8xsxiMIOGvDxCDj3p1vLYdSvm4TlilEnqUiGv8QZwG2cdVbKac5kXR8UH
rVDg2v4MNq7WCX7jR5DhPvQO1vA6Oeeh8KGbQ8yeqBC2IiFMtxJww6bmlxM61fGWs
VN5utWW4xu7VzR5wlIAyvib3oMwPW31nw4VgJOroALbpuhWa4c1fYvZeA7bl0ERv8
jRYF6C-GDG1CB8e3zeUR6lNdT5MAY7sViw2St7tt5l5b7jdMucI81KoDEkPVKgwTG
bKVSFKzt5lUf1J5TKShJ1fGjwu_33WR22JHH9BUXu9g5cgm602fAxik1fU539t_8n
8s49URAuVwiVNBuiOw1xTh_Ad2Xph9HYtM1wsiRfHYAm-qM19enqZUYCDrsQ4YFaQ
z-0tb9sfuORd_vMvXFqh77dRfRK0eC8NB1v-08UNO-8WuUOIhb4DYq8wzq562LBGD
RMtFKvBOkgEcv1Z1QGOLPZHOooBtvrSs2G1Hw9fxhqyezMGRCVe5_B0LfRHpfyaVa
H-0zgSixNQ3vqm7Y81qdZ9QNTqbl-d8hHTKXiEf_T3Z32qnduzfAtCUjquWYXRl6c
h0yNy5demeVMq0EMhaShaV5H3_Fz6siH55NKCQUBT-wGuZVxSBttytsFUBO19ATeV
cvIw9bFEc-nmssx_WwmYMFT4SIRPa_mOTXRmt-_xwTD8eCuoEJL25YbC653w2GlBh
zF2Ca5d_tH8B-bqy6NkTDr7bMX9CUPbtotA1VFYvYYg2UMKevQs10ZoGAQlDWT8If
KH_4-abrhB0THySu5QNRtlUAoOQ_UypSod3PyE9pDTu5TC01iGCxMljmIhMNqcOSH
geqfDn25bVfhO2-ljf785hFHbSnBQzwTtnZlX9z_CjDdc5srdtB-kZTlV9hZkrwl3
XsR9tlW5pO-5BBQgWjg9omFo70dlt_kdpo_iv0ggwH2j0019ieULuLSQjf8hO7mc8
acSKAT9eTmsRZLQ6OT8cTG1JWI-nNhQLzG04ysw2Sc8Z1Qr5T94jDl23ohtLRP2kz
-STlKKM_Jbkgk1MsEn8Uv-_o_7Pbw2TflOCuS9F3ofaf21ZvkcshLvL06_UV5TG0Q
quyLJzKTW00cw24mBe8wm_l9aVtN-DMocoDuEEnS7MWkJ-EKaPDUipYTVok3Vo4tf
T1h2t7veTh0vAAjZqfWfumtVXqFiWW3INQ88m80vifErbnMK2wYbm8N-l42cqilux
ThmuACNR4-iF0WeZ_dNRLzrjz1XKfYayyKWJgrEuABKunHuMZgDpMYhPwfVer-rJK
fyf6Toi_jvqXzYU_J3-BNuTfFTltWELeI7YyMvG43iFar8n_EInfC-cPUrfAst9zj
PKFJmUrthGgHL7WxN25VWdk3eX4uaGuuDgsn_fZGCZT1SNdjAFOMxTBxLkBcPgAyS
xfIb6tkQ80WGigJxghicDS7Ml2CC_dyY-UcI5qJ1uPcWRmDsABY-qA5Y8oRf2Unfk
cUZ2HTkcSw-3e3bNysdTOZZaFDZpyeV0ATOyxerPWaBZ4TeDXKtW8pIqnKVCwiTTM
R_pauf24XihHDeK020uNgw1NgIjmixGC17n-sKnEPCCvCipJWs5QhqKOOe7XqiEle
g8n6l_EHtvvJ5iPQuwpmTdEu243cQRiuHCC5eIi5okwf7NiIbUkNhN7WecDEfeRWi
J_I0HIK0sEOglVROLMF7asrdEAiQfOvDO-LrFXrl1pd12gL7348eIndT9PSmb86xp
ki7fhRVmnpndCg6uPWLeQMlnsnZFMjI6kjCH8wz7tlscjQnkDaWMTGt8jzJSWEo2v
09udF71B767PNMjMUvjkF88UWNjZLe-vlPrxIyIIYLqSHn1K_5UIGJ6CbP5vFazPX
5C-queF9VCerX6KM4iEZxNHvcX2lJQdV3nxaFj-14_fUT-WOzPwbNZqXtDN1I6Oys
hDzBYzmcLYuYmXl5XYENIdlJPVKWFGKMvry3ybEQrZT12X9-m44vl-SwvRun4N_Xz
C7ZZwrgBp_Vz5STEsmMPt9KRVo3WWPELZT0-oDI0qXDFUSpmayzj5uEsMpEnhABUp
ZJCMSkImHyjY1Z2hsEBCSokIbmu38baFJJVS2nA4Yu8TC4HRAFC5mxxkdTit9J96k
VRAELHnBoD2x7OOkTtJy27CJcRQGpZjtebN4f9BrycRF-kqNQOsBYJaSRtfHKfTRD
4zI2nsAAoC6ftybNtIMZFtLXqIEl0lBvvjHuaD8LaWbrB7vkMxOPMXI8O2Bh9s1V-
lWxfu5OJTWCtNaxYpvtqWwFfu3lhGwOVqR4WZi9YR6wlh-aodAEQWiWGmCOa46IAo
KWmvS38BJWdCe_ZATU-dmkXXKSgdylfxYj4z0TQCxJxtN4zLmjHA1JTpzcn0NPSRw
AZN3ZF7MdW7IGaITVEDXBiYKAVFVIPEt1On3OHTOJg5v7JPv7SXCp3mYTt73M_L_3
gWqvsXw_tchqVuKoPaNxhRFlckLS-pbTdloj6caU3Z4IKvHm_xESmzXTFNq4vgGQy
srXQaSt-hVpa5FpiaLhvqqTV9LG2-YVugS6b4-9SP2g753onGdsb3lSSYYgKkStdp
HaMUEN76WcBEF9ZF6bYKzLZ-ecS0zsVhuVzKr2QQlxf615ryzzMUiR9dbPxoIUZ-A
18_zZmaXiXl4R-YbVxxbqPeZgrxO19J5KcKUzj47oUgmnmIS_Q_OoPobUcsfEqUv8
sflIzZXQv_5BqHRxc8OHtJmuJuqHNnvnv1z4ObR4PQZJoHv1BjnCLAJSJb_BLZaJQ
89CVi0VK53tpISPVm5zuqxRNspsHUl3d1NJ9vROlp_GNSMrU8qK3g5FvemVXNuk6S
Io2w9hxtM7cwGo3cbL4QHkR1WUMLokyGuS2lOJzCmMKwFcjofvPS-uVsxy7rpKuGF
-y06uudwhIQD_OMRF1-JNYDZdrWx--0JeFbDEDWMWkdg2td2OXZiK00CXZZ9ParFp
1zMr5CjjsZyHbl0qeMlNFdX2k3_sBypUMTspTwYQiAZRf-otL_qwbroeBlBWxodHm
LuAC8-5M_83p0c36zVFiW81q48s_mN0XZodOdjc9fyFdtkUxkzOF-L7ZqX5hjde4C
8hVTZdQmEnEVOSYWy4saweBJU-3Ym6mtPkbTPcCvjiIWgPqBWT-ENNFPmobkuum7f
T50tIGQil9OVBDCLB0NjBTSvHhLQ8d7ViqJdlu26cF-WNYLTTFDgcn3OlFucD8MIy
deoa7N5Ge4w5WjJF_BwYfFdCfyyxAGKTgzYEOpL0DqspRMNjzRCud3aw2iu1X6OYE
11QpVf6ZTKGcPkuYq3j53MbXBsLeZkvp6yM4TgXChrsqdN6BUUQQfvtwl33wHqUKh
Y4PJEy4iso7OX6Ks9IcnTbO6i6DWyWVCq7eAS2243Fu__iEDnzWa_TqAX713V1KKu
xpJjDreJULogaH5KHPtmtB3qVZFzxBsm0F9tBz2V-G8AkhgRz4RHPW1YNRE1ybv7J
FO4viiKzH8K3b0xyGmn8vWig0sV05jm6h_wYW8glpdmJodDl1uYzeM0o1hs2ukjhF
KKcws46Yf3At1hKiXrNaR98HppprHg5vLFk78hWSiL3Kol4PThisCHGQ47DYmX8m8
IFdX61-PB2rwBL77OGa_izVNTPx4-mfABbF2MSMu5Evu_kJ5kJLdd5BuqNXZyihbq
QOeXDbKGcRctHx27Gbbsus_l4683HWovnEpARKytbR7DDwYv3fTSuPIma3nKInGrh
9J6RS40d0CtVsTD0b7GWg9V7bufKza6BXsYqap-O6I7lynucdIYvQFxv89IY08PuD
F5iMjkxhDGtbc6pFWl_iV7XjFLlXXBYnhfDiTFM8Y3xunGM903dlrWQMLQeuw5Qe0
rX1KYrhG02BhcUYixumcowowp5w4sM22-MTycgmwkm5BJXW8R2xVo7U6vPc3IJ_W5
UOW_Dle_Ogmv6iP7-9QUmu5jSE5-EFVcudWntC7N3_Uy3-peyV_T3_t5dRgWILy6J
CnR57BN7RiPzOORjHq69aRCgo-XswMLsv03v55fWzvSy9REsoc9PCIiGdhIxjFElH
USZtx0Uees0u-leMA7op4Q_ZPNandkuuDpRaWW9xq4UnFtYf5kQPYeIHn_Rq60uTq
k1uPIOq_g-vxEgUz13H91TeWTh4WDSr-1A3e29gSfLyDVcE8OfkRs8byW-GGY1Yyy
a4DHhUC1pRnvsmmUZVRhfzngqHpWT1rhliFgrdtjsa7BiiHK-6LMmvis5kOkMpOFv
dOn8uefmclYZBILU-Zk8EwTi3e9VOqu2Hm1qA-PLBlU9qXhG5quz4SVNsl_bYBG9u
HOFBiLBy5YOnb97CGvWaEmqhzQUBWv4bkYH1IwNPKiwdch0iwJZXXnL2HgcUfllzQ
sjUG4e9Bl4RVlnRAwQPb7ijugUuNuM1NlNgyBG7WcBKZv0picRdOCF3uqAGo71Hlc
S4J4C5QZ5QWkvXh9rHHMLjTAIJ6hTsPY_Es32nFRyvasRaWzopL3NISOpI28w",
{}
]}}¶
[Future: Consider eliminating this mechanism entirely and instead using messaging flows. The means of achieving this should become better apparent when the problem of publishing large messages via a pull mechanism is considered.]¶
The Publication mechanism allows content to be published through a Mesh Account and retrieved by means of the EARL mechanism described in Uniform Data Fingerprint [draft-hallambaker-mesh-udf]. This mechanism is used in certain flows supported by the Mesh Device Connection and Contact Exchange functions. There are two operations:¶
Content is published by appending an entry to an account's Publication catalog by means of a Transact operation. The content may then be retrieved by issuing a claim to the account specifying the publication identifier that is authenticated under the value specified in the EARL.¶
Use of the Publication catalog to post content necessarily requires that the content be smaller than the maximum message size imposed by the Mesh Service so that it can be uploaded to the service by means of a Transact transaction.¶
Publication of large data items will require modification of the protocol to support use of a detached message body. Transfer of a detached message body is outside the scope of this document.¶
The claim transaction is used to post a claim to a document published by means of an EARL. The claim interaction is used in the Static QR Code connection interaction but MAY be used for other purposes as required by Mesh applications.¶
A claim is made by sending a ClaimRequest message to the service to which the publication is posted. The service responds with a ClaimRespose message specifying the success or failure of the claim.¶
A device is preconfigured during manufacture and a Device Description published to the EARL:¶
The client claiming the publication creates a claim message specifying the resource being claimed and the address of the Mesh account making the claim.¶
{
"MessageClaim":{
"MessageId":"NCQB-Q5L2-AFBH-NB7E-FEI7-3QFE-ZONS",
"Sender":"alice@example.com",
"Recipient":"maker@example.com",
"PublicationId":"EBQI-T2FU-LP4G-KIFQ-PMYI-V6XH-PZLB",
"ServiceAuthenticate":"ACKX-DTYK-TMVD-T7Q5-FDK6-IJR2-DHNF",
"DeviceAuthenticate":"ADZG-TVGE-DPQP-4Q4X-EBD7-PUSQ-JTTO"}}¶
The message is signed by the claimant to make a RequestClaim to the service:¶
{
"ClaimRequest":{
"EnvelopedMessageClaim":[{
"EnvelopeId":"MDH7-B3JK-3KWW-XMRX-3UIS-AVZR-EJR2",
"dig":"S512",
"ContentMetaData":"ewogICJVbmlxdWVJZCI6ICJOQ1FCLVE1TDItQU
ZCSC1OQjdFLUZFSTctM1FGRS1aT05TIiwKICAiTWVzc2FnZVR5cGUiOiAiTWVzc2F
nZUNsYWltIiwKICAiY3R5IjogImFwcGxpY2F0aW9uL21tbS9vYmplY3QiLAogICJD
cmVhdGVkIjogIjIwMjEtMDktMjBUMTg6MTY6MzlaIn0"},
"ewogICJNZXNzYWdlQ2xhaW0iOiB7CiAgICAiTWVzc2FnZUlkIjogIk5DUU
ItUTVMMi1BRkJILU5CN0UtRkVJNy0zUUZFLVpPTlMiLAogICAgIlNlbmRlciI6ICJ
hbGljZUBleGFtcGxlLmNvbSIsCiAgICAiUmVjaXBpZW50IjogIm1ha2VyQGV4YW1w
bGUuY29tIiwKICAgICJQdWJsaWNhdGlvbklkIjogIkVCUUktVDJGVS1MUDRHLUtJR
lEtUE1ZSS1WNlhILVBaTEIiLAogICAgIlNlcnZpY2VBdXRoZW50aWNhdGUiOiAiQU
NLWC1EVFlLLVRNVkQtVDdRNS1GREs2LUlKUjItREhORiIsCiAgICAiRGV2aWNlQXV
0aGVudGljYXRlIjogIkFEWkctVFZHRS1EUFFQLTRRNFgtRUJENy1QVVNRLUpUVE8i
fX0",
{
"signatures":[{
"alg":"S512",
"kid":"MCUM-SQ35-ZJUQ-TMTK-HB4X-57QQ-YK2Z",
"signature":"WmjtRkJpq6QiqLNxY_ljzSrAUO-BzxDqK9yT-HB0
gN1TdLw93Jsj2vkIHsdQOMmVbullSyjK66OAodsKV-DEPP2EUPHA7_iNu6HwHoOaa
SJvtUhBaiYirIe8_-ufIpfZfRxZbQdrU7uIsD78Fw8JhBcA"}
],
"PayloadDigest":"QeCfPNqPnIgnkZqOk5ocOCmmJUNa5Zj1DqhPE5OS
giY_01726xlWNvmn10PwOwdQsuQpgyRxASzsi5z5yRMcwA"}
]}}¶
The publication is found and the claim is accepted, the publication is returned in the response.¶
{
"ClaimResponse":{
"Status":201,
"StatusDescription":"Operation completed successfully",
"CatalogedPublication":{
"Id":"EBQI-T2FU-LP4G-KIFQ-PMYI-V6XH-PZLB",
"Authenticator":"EADT-KVZF-RR6U-D6KP-NRYQ-TAI2-F3AU-4NZL-MBHT
-MHOX-SUNE-X7UK-P5WD-Y",
"EnvelopedData":[{
"enc":"A256CBC",
"kid":"EBQL-DNYM-VM4G-UE4U-4PDF-UWSQ-7ONX",
"Salt":"6TNjMCiVgB1PpVNeEaH-iA",
"recipients":[{
"kid":"EBQI-T2FU-LP4G-KIFQ-PMYI-V6XH-PZLB",
"wmk":"bYJ4W7F-Oa7o5pR50uwdq4GCtF2wX3tgr3zNt2pTk7DB
tHyUamIX_g"}
]},
"ZrETLTXinD0jkRoz_OAYlnFRPAFVgVrORZM2qLUfNQts8qSkaTBoOQ2_
CwTcH7htUnMhm8k9JZgfztKvY3ggmN-tf0gKnkY-nUc4UOBW7VXmkXYtnF9iEjtRq
taIe0RbmeT5lv4P-1ahs2G2PEm3nqnyygfcfyRn_XJpXgICKGzIQvK2pjNXLHsRJ7
Ef9yQg9tSQR0dk8Js_YaOeQwrP7XCogBCk2XSaPwyo-8fufIfSnbUea5ZcDdglnQy
stbj-TKtM9WgNNBxy4BU4jXMZhu2_hPaOXFqYN5hFwr-uZXXi4iHsOg6Xo8qNHZ8H
d__86f_1_9XPpggnHXjAFyIjSf7VDo3JR2Mv_lTXExlMfIjYpaclg2r_CmlkBNROu
RqZPxKzMbLnSMLd_x1M5JkIO21UDq7wt5_Dm_R1AObLCqJnr5EyTeZ0UV5eqCENOS
9oxLc4It4Y1vy4ZAwXkUVqgsQSV2j2tfOUDFmPtO3qrPuOsUoPViP_Vczxusp1KPm
19vt1-ZG-PcW5KK9HK1lTN9Ym1Xp92hPh_p4S2tDsRtKf1L3EI3wgqWc3Czk5atk8
VoM-Ty4kkYfwVpEp_tUvzq6T5j252NpdE2vZSbHt66yCHVs6XrPMAyYMWTUxLjcRi
qEmVI-dFAoFbFUpVFfNN8u56eXfRQ16YG0YTwwsvnO9bFFiMP69Pup-SvcP9Eox7J
76DAtI09IQFt6ohU1RUOHXCDRZPos1kI6T04vrfX_AEfnwDs0XgNk92zKx1KQ6IOo
66HDY2qOFJgDdiES_xC3VjgQHD40D200CjXeVPjsbtBrEBZC9_y0E5fNT8mQb9hVs
swheBeYZ0Lwobl2Rm1IfQAcul66Xhxur3f32ZEm7iD_npBi2TnCyp2rLPA88_PDV4
pn1WBqSjB2QCSqi-GagQ-z9h-RbGig2ef_eQ3GdmT_YLVIzEVtsNhFHMWi2BlEUZ7
jN3sS0vE4EBK_v18c9_yUxRunOzX9K4_VBBbBExXznHxydIHhsgDzU8cb5CcjKw0n
6GkpbO4IrdWQPWwCNa8zTB_KlymiY2YykQ7ttd35kKHGVC7EzYGuIEPj-pnPyKmfn
oClIruA1CNc5_De4fQ9PeeMnB-xibqoDyMBPxKnfUrHfYgZj1hvgfCFjfcf2Qqslc
5UcUNZh94E6iNX4ScIeio_X2wfEkVUSkU675v6Cy2kH9LJ9LfdinyuPHpzHAqvHAX
ePbu8lF1nCMhhrGgY7yD42pnobf5ljgFPxxvrKs8PElKyU-1Ciqb6bAOxNKlHZ9cm
ZNstFlnPN-rWggw_n1lcHQDW4mCztdGtD3eevp6RcVlb5wA-5otl30qxqWR8p0Hhx
lQo7gExMftfiRHiHzZG2-8OqkYRBlAsDIoGqPaMElEiG-FChvWfEHVNpNqiiWgpXh
UfeB_FGjnv0fVT0B2jRcSh7A2s-JO0p9ohizC4E4yCdwY-d6G193vAhCyonQgVtgQ
0rM1oAgXJ3sy65flm5MTRoPtRt2uBFmhza7iW-4IaH5_LLapZ3ry8Fct8-NV55XfE
BmLiH_Ga0ASCD7yPb1ylSiMSMfOJ8VkdeUv09A__ZGETUOVxb1oTZ951pbSlwZdf3
VXptUoKvqKzluYQWRv-QBvL2r691cPRMQWUQ2Yhafg4U43An5XhLSwBtt2As_Y06g
lZiPmk0wrzkgrrd1eD2e9jJrH3_XKjL2d2FUeRLsNhe0YCqXxYv60VIWookDpDZY0
GQmHa7I_bSRzBwR9QbIa5EafXMND8adCsTMH4cUWKGNwFK00jtSY8igc22NHljSmQ
LA_bV2RdUVJ0tU2qnIWFPscpBcpYUh1PvrcSZ4M2ThiOUi193Up5-Y5Ibgz66F0Zw
jtWgxCIUiz4oOEXLxmj7NkhLR7EFuWrKrNCUNhRgBDC2tlzwBnudaFeWnG019NeG7
EC7D_osaloz1936fct2l81OKkOeBozPkT6xSpvtNQuTsfVvAFgE-XHRivhcD3DJ9s
4YJpw2-aKqo5fJvS1qwxEQnQQZAbU8yoe7o0DSCBvbVIfZGjS448ksqazhlkE-1kS
TB4wqCi5eUJuWDBCx3b1ykUONWLvqPmsIwe_lN4Jxg3RCVEpZBJ39EZ4uIKTmfI02
jwkmNpvbRK52NwTHtYxsf7gRDQf3N7bUxppVsZqay49zW5fOxCHgfcBp9Z8NSw1Mt
XNJ-SNKHbTFbpAwc5uvK4M6J30fZyuT1KBGYsmq5mxV-Oj35GOqLYmq9VCB39kvbe
uuBDGEp_agvQ7azWUZ3UE-Goir0Vfrx3G0skadYfqPNz88YZzQAp5rNbaZoFgpjqk
GibVRjaLM8watr_qClb1HJ4cHS-unDDv3PdFu4qVLlcuhOZduBTRi87f9WgS1XEzA
Qlo9M3y2xlzfXurE6ZnFX8JcV5MYx2RmofAl17nduGesNaBNJ8CX-ho2ahJPFUf-P
rlIdGPGRzHbCFO4Ol4naqsOv-Ji5jZc2Raz-MPyEc7SyBcdX0Ryd0WUcWZ9ao60qN
rc0EufZPmJOE2g1wijQ-UUKKxXI6CX6n4QPy_E8w59XzjYf-IZTNkkOp34hDrhUcT
61ReWo9rinqVGVDz6Ziff3z8YST02yYTaxG1PHoLp_y5j9oGSLovAvx1bWOXvajAx
Uedy4GZxfsJr4EA3xZs8ayXilKffV_OEqR5vW32S3-qRY-L0TA_ye42kZ8FHAgvok
EzJGl7bCFBgHt7z5sxyjUYPrvpCr5XWfhVY69jzwVBhgrPnaSOQ3m2j4-uxy_lZWD
hxe5vrgIMBbhCAgzuTeDJtNdj4cJIuoLhNTJvHh4FyA9ne_b1LWbn_w7nssr0gBN1
WHhz2FnxaFb-v-5TMTaS1kJy4FZUnAENM7ukDG07ND7anOV-6MK6lhX2tccQLI3wC
sAzwwrfb6dgV-kS813rTK24DicNvnuKFFxJkQaA0fEUY7XUpnFjdf-k8YrB93zX5o
COj-g0ucMrImDMS0-6Wsm8yd8eDUhVx9Zyb7HnCwA8DV0Ob7w"
]}}}¶
The device waiting to be connected uses the PollClaim transaction to receive notification of a claim having been posted.¶
The PollClaim transaction is used to discover if a claim has been posted to a published document.¶
When an authenticated, authorized request is made, the service responds with the latest claim posted to the publication.¶
The device in the example above periodically polls the service to which the device description is published to find if a claim has been registered.¶
The PollClaimRequest contains the account to which the document is published and the publication ID:¶
{
"PollClaimRequest":{
"PublicationId":"EBQI-T2FU-LP4G-KIFQ-PMYI-V6XH-PZLB",
"TargetAccountAddress":"maker@example.com"}}¶
The response returns the latest claim made as signed message:¶
{
"PollClaimResponse":{
"Status":201,
"StatusDescription":"Operation completed successfully",
"EnvelopedMessage":[{
"PayloadDigest":"QeCfPNqPnIgnkZqOk5ocOCmmJUNa5Zj1DqhPE5OS
giY_01726xlWNvmn10PwOwdQsuQpgyRxASzsi5z5yRMcwA",
"EnvelopeId":"MADV-CBSP-N4SR-6JQD-7ONP-P5EP-TZ47",
"dig":"S512",
"signatures":[{
"alg":"S512",
"kid":"MCUM-SQ35-ZJUQ-TMTK-HB4X-57QQ-YK2Z",
"signature":"WmjtRkJpq6QiqLNxY_ljzSrAUO-BzxDqK9yT-HB0
gN1TdLw93Jsj2vkIHsdQOMmVbullSyjK66OAodsKV-DEPP2EUPHA7_iNu6HwHoOaa
SJvtUhBaiYirIe8_-ufIpfZfRxZbQdrU7uIsD78Fw8JhBcA"}
],
"ContentMetaData":"ewogICJVbmlxdWVJZCI6ICJOQ1FCLVE1TDItQU
ZCSC1OQjdFLUZFSTctM1FGRS1aT05TIiwKICAiTWVzc2FnZVR5cGUiOiAiTWVzc2F
nZUNsYWltIiwKICAiY3R5IjogImFwcGxpY2F0aW9uL21tbS9vYmplY3QiLAogICJD
cmVhdGVkIjogIjIwMjEtMDktMjBUMTg6MTY6MzlaIn0",
"SequenceInfo":{
"Index":1,
"TreePosition":0},
"Received":"2021-09-20T18:16:40Z"},
"ewogICJNZXNzYWdlQ2xhaW0iOiB7CiAgICAiTWVzc2FnZUlkIjogIk5DUU
ItUTVMMi1BRkJILU5CN0UtRkVJNy0zUUZFLVpPTlMiLAogICAgIlNlbmRlciI6ICJ
hbGljZUBleGFtcGxlLmNvbSIsCiAgICAiUmVjaXBpZW50IjogIm1ha2VyQGV4YW1w
bGUuY29tIiwKICAgICJQdWJsaWNhdGlvbklkIjogIkVCUUktVDJGVS1MUDRHLUtJR
lEtUE1ZSS1WNlhILVBaTEIiLAogICAgIlNlcnZpY2VBdXRoZW50aWNhdGUiOiAiQU
NLWC1EVFlLLVRNVkQtVDdRNS1GREs2LUlKUjItREhORiIsCiAgICAiRGV2aWNlQXV
0aGVudGljYXRlIjogIkFEWkctVFZHRS1EUFFQLTRRNFgtRUJENy1QVVNRLUpUVE8i
fX0",
{}
]}}¶
The Operate transaction is used to perform one or more cryptographic operations using private key material recorded in the Threshold Catalog. Such operations typically represent one part of a threshold key operation divided between the service and a device connected to an account.¶
As with all operations involving the Access catalog, the request MUST meet the authentication criteria specified by the catalog entry. These typically include the request being authenticated by a specific key.Key Agreement¶
CryptographicOperationKeyAgreement is used to request a threshold key agreement operation on a specified public key.¶
Alice added Bob to groupw@example.com as a member. This resulted in Bob receiving the invitation described in section ??? and the following access entry being added to the Access catalog of the group account:¶
{
"CatalogedAccess":{
"Capability":{
"CapabilityDecryptServiced":{
"Id":"MCPZ-HDVM-PCDX-BRN4-XODS-XA5Z-42H5",
"Active":true,
"GranteeUdf":"bob@example.com",
"EnvelopedKeyShare":[{
"enc":"A256CBC",
"kid":"EBQL-ITZG-2R6Q-TMF3-YDDA-3N4T-VM5U",
"Salt":"bJ6_c_OfrpkkZZCU-1LtYA",
"recipients":[{
"kid":"MCH3-3HJS-A6QP-RRJ5-HORB-3YTB-J4WU",
"epk":{
"PublicKeyECDH":{
"crv":"X448",
"Public":"wNwbGaju-1ja9t61bMotJABp0H3VWQdML0p
dcAz6-k1In8KJo-vFr6EEQup8esye4HlX3B0SNUcA"}},
"wmk":"tYp8TUPingIoHyHsWvfRnpZNlXFesw9jUenfLC0LLj
ShzQJlgWfU7g"}
],
"ContentMetaData":"ewogICJNZXNzYWdlVHlwZSI6ICJLZXlEYX
RhIiwKICAiY3R5IjogImFwcGxpY2F0aW9uL21tbS9vYmplY3QiLAogICJDcmVhdGV
kIjogIjIwMjEtMDktMjBUMTg6MTY6MTdaIn0"},
"xw-RW7CvLuJl9zhDJxcbMw2UeTPuVU637VrHpgo3pcAMaOq-pVknNr
xDMRFE3MnpSseqwKCepc2_489f3GZLl0unDhPnfrXrFaX4Mu54eEZlLCJ-_6ujksg
lfMvvs8_elodspsKfaYbsApw1Qwazfy840AXWJkIFmzt2u43DtpPMhQpDrF46SD6D
1fcZ48gcgZzA66C-ompAfrpF_7gTyjiizK5pGnjfMHObPqNlD3M2xEGDxGD6sQBet
kEJZhD9L95Nxbw8bNzm4e0a8Bk--NWyzPL89OICTJrcMUpdb9Hw3NVMWpG0GvneZ-
ItdMU44V8SJCaiRznm-Uk0P1d4kqJzGbg4tfaqrVYi4dOLq0sdXQJRe5elNTnceYR
bzMF4wqsFjkh7LpaKUsiYNp4dmy4w7N4t9f5hXXw6o6zPk3y5fpCmK6zghcyw3hJJ
u-nkANieu0I-xWNei7Pkn6fQKHJaf2l6igdcDC-PPxozKpi44FIMx9tjawkdlvQHA
rAefxTiy8uCZWyYhhWZyKk2o8O9LN5jI2bAfHMUAJPp5-SMM0dT-UqTJHnD5PWWaA
bPba2EHeQBWq39vLsmQr52GJC_ogtPWO--CEfhZYdDHCgRD96DFdJee9UUspehU2b
6NLhptnz-Z84-lsQL659JPx-AtiYOs8vgzTgtOZRQMNpmeQ4UIwsWVTGhfdEOfAb6
WT1kZKS7jDTRiQfz7JLAgw"
]}}}}¶
The private key (in this case a key share) is encrypted under the service key.¶
To make use of the access entry, a request is made that specifies the key share to be operated on and the public key parameters to perform the agreement with.¶
The request payload:¶
{
"OperateRequest":{
"AccountAddress":"groupw@example.com",
"Operations":[{
"CryptographicOperationKeyAgreement":{
"KeyId":"MCPZ-HDVM-PCDX-BRN4-XODS-XA5Z-42H5",
"PublicKey":{
"PublicKeyECDH":{
"crv":"X448",
"Public":"DdA69XYL5v6HgeNEPLql1dpKqdEwoAlKJEF1AbRqR
Fnf1GUqiEm7Bg8jdCFhE6weFkArPQspXzGA"}}}}
]}}¶
The service checks to see if the request is authorized and if so, performs the operation and returns the result:¶
{
"OperateResponse":{
"Status":201,
"StatusDescription":"Operation completed successfully",
"Results":[{
"CryptographicResultKeyAgreement":{
"KeyAgreement":{
"KeyAgreementECDH":{
"Curve":"X448",
"Result":"8ki73pVcpL3IcSt5ocXVHxVeWS-tb6ZPgTU2ZVH_c
ltOQeDD2HBesbZWIbsWBhuGyFaNt8H0npqA"}}}}
]}}¶
Future: Currently, the access catalog is encrypted under the service encryption key. It would be better to encrypt the catalog under an encryption key specified by the service during the process of account binding. This would allow a service to assign a unique encryption key to each account and limit access to that key to the hosts servicing that specific account.¶
Threshold signature is planned but not currently supported.¶
Mesh Messaging is an asynchronous messaging service that allows exchange of information between devices connected to a Mesh account and between Mesh users.¶
To enable effective abuse mitigation, Mesh Messaging enforces a four-corner communication model in which all outbound and inbound messages pass through a Mesh Service which accredits and authorizes the messages on the user's behalf.¶
The Post transaction is only used to exchange messages between services. The client sends and receives messages through interactions with the outbound and inbound spools of the account.¶
To send a message, the client creates the Mesh Message structure, encapsulates it in a DARE Message and appends the message to the Outbound spool of the account using the Transact operation..¶
The DARE Message MUST be signed under the account signature key.¶
The Mesh Service receiving the message from the user's device MAY attempt immediate retransmission or queue it to be sent at a future time. Mesh Services SHOULD forward messages without undue delay.¶
The Post transaction forwarding the message to the destination service carries the same payload as the original request but is authenticated by the service forwarding it. This authentication MAY be my means of either profile or ticket authentication.¶
>>>> Unfinished ProtocolPostServiceService¶
[Not Yet Implemented]¶
After the message has been sent, the service updates the message status on the outbound spool.¶
Services SHOULD implement Denial of Service mitigation strategies including limiting the maximum time taken to complete a transaction and refusing connections from clients that engage in patterns of behavior consistent with abuse.¶
The limitation in message size allows Mesh Services to aggressively time out connections that take too long to complete a transaction. A Mesh Service that hosted on a 10Mb/s link should be able to transfer 20 messages a second. If the service is taking more than 5 seconds to complete a transaction, either the source or the destination service is overloaded or the message itself is an attack.¶
Imposing hard constraints on Mesh Service performance requires deployments to scale and apply resources appropriately. If a service is attempting to transfer 100 messages simultaneously and 40% are taking 4 seconds or more, this indicates that the number of simultaneous transfers being attempted should be reduced. Contrawise, if 90% are completed in less than a second, the number of threads allocated to sending outbound messages might be increased.¶
The inbound service MUST subject inbound messages to Access Control according to the credentials presented in the DARE Message payload.¶
After verifying the signature and checking that the key is properly accredited in accordance with site policy, the service applies authorization controls taking account of:¶
Message interactions are asynchronous interactions that occur between devices connected to the same account or between accounts.¶
All messages are signed by the sender and encrypted under the encryption key of the recipient if this is known to the sender.¶
The Message PIN Interaction is used to register and validate PIN codes used to authenticate certain transactions. This interaction allows a PIN code issued by one device to be consumed by another allowing for greater convenience in managing devices or contact exchange.¶
For example, Alice might delegate the PIN code issue privilege to her mobile device without delegating the administration privilege to that device. This would allow Alice to use her mobile device to initiate the connection of a large number of devices to her Mesh as her house is being built and approve them later using her administrative device.¶
Use of the Message PIN interaction is optional. An application that issues a PIN code to authenticate a message MAY store the PIN value within the application without persisting it to external storage.¶
Derivation of the SaltedPin, MessageId and Witness values from their respective inputs is described in the Schema Reference [draft-hallambaker-mesh-schema].¶
To register a PIN code to an Account, a device:¶
PIN code value¶
SaltedPin value for the specified Action¶
PinId binding the specified SaltedPin to the Account.¶
MessagePin containing the SaltedPin , Action and Account values with the MessageId value PinId.¶
MessagePin value to the Administration Spool of the Account.¶
Note that this construction provides limited protection against forgery attacks by a party with access to the MessagePin. A party with such access can use it to construct the witness value required to authenticate a request.¶
PIN Code values consist of an opaque sequence of octets represented as a UDF nonce value. Codes are presented in canonical UDF form, i.e. Base32 encoding separated into groups of 4 characters. The PIN value is converted to binary form for calculation of the SaltedPin, thus ensuring that the canonical form of the PIN value is used.¶
The PIN Code value is passed out of band to a user who will enter it into a device to authenticate a request made to the issuer.¶
A request that MAY be validated by means of a PIN is a subclass of MessagePinValidated and contains the following fields:¶
A DARE Envelope containing the data that is authenticated.¶
A nonce value used to prevent certain replay attacks.¶
Digest value binding the SaltedPin to the Account.¶
Witness value calculated as KDF (Device.UDF + AccountAddress, ClientNonce)¶
The device uses the PIN code and Action identifier corresponding to the desired request to calculate the SaltedPin value in the same manner as during registration. This value is then used to calculate the PinId and PinWitness values.¶
The PIN code is validated by performing the steps of:¶
SaltedPin value from the PIN code and Action¶
PinId from SaltedPin and Account¶
MessagePin from the Administration spool with the MessageId PinId.¶
PinWitness value from SaltedPin, ClientNonce and AuthenticatedData and checking this matches the value specified in the message.¶
Complete message to the Administration Spool of the Account marking the PIN code as used.¶
This process can fail at multiple points resulting in different error results:¶
PinInvalidNo PIN code is specified, the Pin code indicates an unsupported algorithm or the calculated PinWitness does not match the one specified by the request.¶
PinUsedThe PIN code has been used previously.¶
PinExpiredThe PIN code is no longer valid.¶
Note that in the case that an attempt is made to reuse a PIN, it is not automatically the case that the first use of the PIN was the one that was valid and only the second attempt was invalid. Implementations SHOULD alert the user to the attempted re-use so that this possibility can be considered and appropriate action taken.¶
Alice connects a device using a QR code presented by her administrative device.¶
The administration device creates a PIN code and records it to the Local spool. The message specifies the salted pin value used to verify attempts to use the PIN, the action for which it is authorized. Since this PIN has been issued to authorize a device connection, the roles for which the device are authorized as well. This allows the connection request to be accepted without asking for further input from the user.¶
{
"MessagePin":{
"MessageId":"AAAR-P66O-KGTI-QY6C-CXIW-OMCV-WQZI",
"Account":"alice@example.com",
"Expires":"2021-09-21T18:16:18Z",
"Automatic":true,
"SaltedPin":"ACZI-EF2U-AAIY-R5MY-KXZ6-UYAF-NUSV",
"Action":"Device",
"Roles":["threshold"
]}}¶
Completion messages are dummy messages that are added to a Mesh Spool to mark a change the status of messages previously posted. Any message that is in the inbound spool and has not been erased or redacted MAY be marked as read, unread or deleted. Any message in the outbound spool MAY be marked as sent, received or deleted.¶
Services MAY erase or redact messages in accordance with local site policy. Since messages are not removed from the spool on being marked deleted, they may be undeleted by marking them as read or unread. Marking a message deleted MAY make it more likely that the message will be removed if the sequence is subsequently purged.¶
After using the PIN code to authenticate connection of a device in the previous example, the corresponding MessagePin is marked as having been used by appending a completion message to the Local spool.¶
{
"MessageComplete":{
"MessageId":"NAHJ-Q4GZ-SL2H-TXDL-55SD-YDY6-EA72",
"References":[{
"MessageId":"AAAR-P66O-KGTI-QY6C-CXIW-OMCV-WQZI",
"ResponseId":"MB3U-D5WR-CRBE-PM3W-BXKC-WJL7-7QMZ",
"Relationship":"Closed"}
]}}¶
The completion message is added to the spool in the same upload transaction that adds the device to the device catalog. This ensures that both operations occur or neither occurs.¶
The contact exchange interaction is used to support unilateral or mutual exchange of contact information. Contact exchange has three functions in the Mesh:¶
Registration of the subject's contact information in a registry service eliminates the need for the first of these functions but not the other two. To prevent abuse, every Mesh Message is subject to access control and a Mesh service will only accept a message from a sender if there is an entry in the Threshold Catalog of the account that expressly permits delivery of messages of the specified type that are authenticated by an authorized signature key.¶
The communication of unsolicited information afforded by the contact exchange interaction is deliberately limited so that a majority of users can accept contact exchange requests without prior authorization. It is however likely that some users will receive a considerable volume of requests forcing them to require contact requests be authorized through some form of third party accreditation.¶
The Remote Contact Exchange transaction consists of a sequence of MessageContact messages sent from the initiator to the responder, responder to the initiator, etc. While there is in principle no limit on the number of messages exchanged, most exchanges will be completed in three exchanges or less:¶
Contains Initiator contact data without authentication context from the exchange.¶
Contains Responder contact data authenticated under a PIN challenge presented in the previous message.¶
Contains Initiator contact data authenticated under a PIN challenge presented in the previous message.¶
Each message provides the recipient with additional information which MAY motivate the recipient to provide additional contact information to the sender.¶
{
"MessageContact":{
"MessageId":"NDAP-F3KS-HNFO-7I3L-2ZHA-IGKR-3RGZ",
"Sender":"bob@example.com",
"Recipient":"alice@example.com",
"AuthenticatedData":[{
"dig":"S512",
"ContentMetaData":"ewogICJNZXNzYWdlVHlwZSI6ICJDb250YWN0UG
Vyc29uIiwKICAiY3R5IjogImFwcGxpY2F0aW9uL21tbS9vYmplY3QiLAogICJDcmV
hdGVkIjogIjIwMjEtMDktMjBUMTg6MTY6MTFaIn0"},
"ewogICJDb250YWN0UGVyc29uIjogewogICAgIkFuY2hvcnMiOiBbewogIC
AgICAgICJVZGYiOiAiTUJEWi1RUEpOLVM1Q1ItTFVGTy1WUE9RLTVaSzItRU5FNiI
sCiAgICAgICAgIlZhbGlkYXRpb24iOiAiU2VsZiJ9XSwKICAgICJOZXR3b3JrQWRk
cmVzc2VzIjogW3sKICAgICAgICAiQWRkcmVzcyI6ICJib2JAZXhhbXBsZS5jb20iL
AogICAgICAgICJFbnZlbG9wZWRQcm9maWxlQWNjb3VudCI6IFt7CiAgICAgICAgIC
AgICJFbnZlbG9wZUlkIjogIk1CRFotUVBKTi1TNUNSLUxVRk8tVlBPUS01WksyLUV
ORTYiLAogICAgICAgICAgICAiZGlnIjogIlM1MTIiLAogICAgICAgICAgICAiQ29u
dGVudE1ldGFEYXRhIjogImV3b2dJQ0pWYm1seGRXVkpaQ0k2SUNKTlFrUmFMVkZRU
2s0dFV6VkRVaTEKICBNVlVaUExWWlFUMUV0TlZwTE1pMUZUa1UySWl3S0lDQWlUV1
Z6YzJGblpWUjVjR1VpT2lBaVVISnZabWxzWgogIFZWelpYSWlMQW9nSUNKamRIa2l
PaUFpWVhCd2JHbGpZWFJwYjI0dmJXMXRMMjlpYW1WamRDSXNDaUFnSWtOCiAgeVpX
RjBaV1FpT2lBaU1qQXlNUzB3T1MweU1GUXhPRG94TmpveE1Wb2lmUSJ9LAogICAgI
CAgICAgImV3b2dJQ0pRY205bWFXeGxWWE5sY2lJNklIc0tJQ0FnSUNKUWNtOW1hV3
gKICBsVTJsbmJtRjBkWEpsSWpvZ2V3b2dJQ0FnSUNBaVZXUm1Jam9nSWsxQ1JGb3R
VVkJLVGkxVE5VTlNMVXhWUgogIGs4dFZsQlBVUzAxV2tzeUxVVk9SVFlpTEFvZ0lD
QWdJQ0FpVUhWaWJHbGpVR0Z5WVcxbGRHVnljeUk2SUhzCiAgS0lDQWdJQ0FnSUNBa
VVIVmliR2xqUzJWNVJVTkVTQ0k2SUhzS0lDQWdJQ0FnSUNBZ0lDSmpjbllpT2lBaV
IKICBXUTBORGdpTEFvZ0lDQWdJQ0FnSUNBZ0lsQjFZbXhwWXlJNklDSlFWemczVkZ
STWFrMW9RMFV5VjJsTllucAogIHFlWFJLYmpSNVlYVTFXbkpwWTFkNmJVNUlZbWh4
UjNsR1MzWmZkMmR5Y1dkdUNpQWdialZSTVZObVkyTlFiCiAgM1ZFWDBaa016QlBVa
0U0VjJsQkluMTlmU3dLSUNBZ0lDSkJZMk52ZFc1MFFXUmtjbVZ6Y3lJNklDSmliMk
oKICBBWlhoaGJYQnNaUzVqYjIwaUxBb2dJQ0FnSWxObGNuWnBZMlZWWkdZaU9pQWl
UVU5hTXkxTk1sQlRMVk5HVwogIEZBdE5FdzJXQzFTUzBkUUxVMUxTa0V0VWpWWFN5
SXNDaUFnSUNBaVFXTmpiM1Z1ZEVWdVkzSjVjSFJwYjI0CiAgaU9pQjdDaUFnSUNBZ
0lDSlZaR1lpT2lBaVRVTkxTUzFUUTA5RUxVUTBOMEl0UjBWTVF5MVBRVFJITFZkSE
4KICAwNHRWVVZLVmlJc0NpQWdJQ0FnSUNKUWRXSnNhV05RWVhKaGJXVjBaWEp6SWp
vZ2V3b2dJQ0FnSUNBZ0lDSgogIFFkV0pzYVdOTFpYbEZRMFJJSWpvZ2V3b2dJQ0Fn
SUNBZ0lDQWdJbU55ZGlJNklDSllORFE0SWl3S0lDQWdJCiAgQ0FnSUNBZ0lDSlFkV
0pzYVdNaU9pQWlSV1JFUlZabGIwaHFjbWw0ZW1Wd2VGVmFPV2hvWWtKelJ6TjBSRT
kKICBuY3pCSmFFOXJaMk5RV1RkNVMySk5OblJ2TkhoWlh3b2dJRmxDTUhGWk4yRkx
OblE1VTNWb1EwSllkMUJvWQogIHpBNFFTSjlmWDBzQ2lBZ0lDQWlRV1J0YVc1cGMz
UnlZWFJ2Y2xOcFoyNWhkSFZ5WlNJNklIc0tJQ0FnSUNBCiAgZ0lsVmtaaUk2SUNKT
lEweFpMVll5VFZBdFdWZEJWaTFETmtoRkxUTkZTa010VHpZMlRpMDJVekl6SWl3S0
kKICBDQWdJQ0FnSWxCMVlteHBZMUJoY21GdFpYUmxjbk1pT2lCN0NpQWdJQ0FnSUN
BZ0lsQjFZbXhwWTB0bGVVVgogIERSRWdpT2lCN0NpQWdJQ0FnSUNBZ0lDQWlZM0oy
SWpvZ0lrVmtORFE0SWl3S0lDQWdJQ0FnSUNBZ0lDSlFkCiAgV0pzYVdNaU9pQWlaa
1JTVldoMVNETTROR3cyU0hseVkxUkxZblJpV0cxa1kxRjJNREY2YWxaaWVUVllXVz
AKICAxZGpCbU9TMXhVVFYyYkhJd2NRb2dJRUZxYWxGeE0wZ3pSbTlqTUVaTlVXSk9
ZakJUZUcxblFTSjlmWDBzQwogIGlBZ0lDQWlRV05qYjNWdWRFRjFkR2hsYm5ScFky
RjBhVzl1SWpvZ2V3b2dJQ0FnSUNBaVZXUm1Jam9nSWsxCiAgRFRWa3RORWcxTnkxU
lJFMUhMVmt5VmxZdFJqSkpTUzFXUlVoT0xUUlRSbFVpTEFvZ0lDQWdJQ0FpVUhWaW
IKICBHbGpVR0Z5WVcxbGRHVnljeUk2SUhzS0lDQWdJQ0FnSUNBaVVIVmliR2xqUzJ
WNVJVTkVTQ0k2SUhzS0lDQQogIGdJQ0FnSUNBZ0lDSmpjbllpT2lBaVdEUTBPQ0lz
Q2lBZ0lDQWdJQ0FnSUNBaVVIVmliR2xqSWpvZ0luUnZiCiAgR05mV0haTVNEVjZPR
3BaTVRGUmNqQnFTM1JmVHpaRmRYQmpaa2RtTTBsWWJWTldXa1ZGVlhodFVGUnBjME
YKICBIV1Y4S0lDQk5ibWhUYmtVd2VHWnlVRVZFUjBGNmIxZFNVa2N3T0VFaWZYMTl
MQW9nSUNBZ0lrRmpZMjkxYgogIG5SVGFXZHVZWFIxY21VaU9pQjdDaUFnSUNBZ0lD
SlZaR1lpT2lBaVRVUkJNaTFXU2s5UkxVaEtRa0V0Umt0CiAgUFFTMHpTbEJTTFZKW
lNsTXRWMVEyUWlJc0NpQWdJQ0FnSUNKUWRXSnNhV05RWVhKaGJXVjBaWEp6SWpvZ2
UKICB3b2dJQ0FnSUNBZ0lDSlFkV0pzYVdOTFpYbEZRMFJJSWpvZ2V3b2dJQ0FnSUN
BZ0lDQWdJbU55ZGlJNklDSgogIEZaRFEwT0NJc0NpQWdJQ0FnSUNBZ0lDQWlVSFZp
Ykdsaklqb2dJbmg0V1hSbVNUWlBWblV0ZW1WUGFFVnhlCiAgRGsxU0hkUFoxUlVUM
WxuY0V0b1JsQnBaM2RLV1ZKcWFXaFRiemMwUnpOaVFWQUtJQ0I2VTJSMFdIUk5aRX
QKICBZVUhwSWRUbFhORlkxWDNaNU5rRWlmWDE5ZlgwIiwKICAgICAgICAgIHsKICA
gICAgICAgICAgInNpZ25hdHVyZXMiOiBbewogICAgICAgICAgICAgICAgImFsZyI6
ICJTNTEyIiwKICAgICAgICAgICAgICAgICJraWQiOiAiTUJEWi1RUEpOLVM1Q1ItT
FVGTy1WUE9RLTVaSzItRU5FNiIsCiAgICAgICAgICAgICAgICAic2lnbmF0dXJlIj
ogIk5hNG1Id3Q4Wi1lNkRqUWdLN2NBSWFpR2Jldlk1cjU1T1QtMjBZM2V3OHY2anh
IN0kKICAzWmptclpBU1NlQXNKcm5pRHdJaWQycEhNU0FBRGp3YmtlVVAtTTMzNjJY
VGF0WElxTGFUYmp6WTI3aWpHUAogIEtZQXFjTGlBalpNcUlmVW5Yb3phSUI4V1hyR
lh5UVFqZGJFcFh0d2tBIn1dLAogICAgICAgICAgICAiUGF5bG9hZERpZ2VzdCI6IC
JPVHJJbWtBbjJ0ajVDMXJyNHBQTEtTUWhvSWJXUWt0eTg5UlNuTS1qQ1M2aUUKICA
tS1dKRmN1ZThSRUZhMlo4bGxxbEdjVWUyUXNIR3dIcTNPMnFYeFB0ZyJ9XSwKICAg
ICAgICAiUHJvdG9jb2xzIjogW3sKICAgICAgICAgICAgIlByb3RvY29sIjogIm1tb
SJ9XX1dfX0",
{
"signatures":[{
"alg":"S512",
"kid":"MDA2-VJOQ-HJBA-FKOA-3JPR-RYJS-WT6B",
"signature":"W-v3lDGsU3UTItk_uqMIHvmjU8D6Fdy8aW3z1UmC
ZsaRlA1tN9mqcnRo8CZZoxeGbGidmpth4pqAtUkgzjR6ZLIYsXuvslTQ3obwLXSKJ
-3S85kOuc-WNsFOYNS0HMRTNk0mXjpO2Qowxckrh0jd0ScA"}
],
"PayloadDigest":"f-lu2tT6O_b1V2ULswnlqRUbZZ_eBWuq72vdf7vd
-ls389x5cjirQZ6I5Y4GStnQke3IMwmnpNAkp8O7fATksA"}
],
"Reply":true,
"Subject":"alice@example.com",
"PIN":"ADN6-CJ3X-KEFJ-BMMU-TKN3-J3JS-73ZA"}}¶
The Mesh Contact Exchange transaction does not provide for validation of the contact information beyond the binding to the Mesh Account Address used to perform the exchange.¶
Contact exchange requests MAY be authenticated by a PIN code. Initial contact exchange requests SHOULD include a PIN code value that can be used to authenticate a response (if given). PIN codes MAY also be exchanged out of band.¶
A MessageContact authenticated by means of a PIN code is authenticated as described in the PIN Interaction section above.¶
The GroupInvitation interaction is used to invite a recipient to join a Mesh Group. The interaction is essentially a form of contact exchange except that a sender SHOULD NOT send group invitations unless there is an existing relationship. Thus the 'first trust' issues intrinsic to the contact exchange interaction do not apply.¶
The message specifies the group name and the contact entry for the group. The contact entry includes the CapabilityDecryptServiced used to decrypt messages sent to the group when combined with information provided by the threshold service for the group.¶
Receipt of a GroupInvitation message does not require a response.¶
{
"GroupInvitation":{
"MessageId":"NAAD-L4WJ-WCTM-3NOB-R56R-4O76-O3AO",
"Sender":"alice@example.com",
"Recipient":"bob@example.com",
"Contact":{
"ContactPerson":{
"Anchors":[{
"Udf":"MD5F-JZHZ-NAEI-LTUH-RDNE-YH5R-W7FI",
"Validation":"Self"}
],
"NetworkAddresses":[{
"Address":"groupw@example.com",
"EnvelopedProfileAccount":[{
"EnvelopeId":"MD5F-JZHZ-NAEI-LTUH-RDNE-YH5R-W7FI",
"dig":"S512",
"ContentMetaData":"ewogICJVbmlxdWVJZCI6ICJNRDVGLU
paSFotTkFFSS1MVFVILVJETkUtWUg1Ui1XN0ZJIiwKICAiTWVzc2FnZVR5cGUiOiA
iUHJvZmlsZUdyb3VwIiwKICAiY3R5IjogImFwcGxpY2F0aW9uL21tbS9vYmplY3Qi
LAogICJDcmVhdGVkIjogIjIwMjEtMDktMjBUMTg6MTY6MTZaIn0"},
"ewogICJQcm9maWxlR3JvdXAiOiB7CiAgICAiUHJvZmlsZVNpZ2
5hdHVyZSI6IHsKICAgICAgIlVkZiI6ICJNRDVGLUpaSFotTkFFSS1MVFVILVJETkU
tWUg1Ui1XN0ZJIiwKICAgICAgIlB1YmxpY1BhcmFtZXRlcnMiOiB7CiAgICAgICAg
IlB1YmxpY0tleUVDREgiOiB7CiAgICAgICAgICAiY3J2IjogIkVkNDQ4IiwKICAgI
CAgICAgICJQdWJsaWMiOiAiTGxqOUhyZmhwTXZLRGhWc0V4M0I3Zmg2U3pmMnUwRS
1sZDQ2YVNEeGxmZFl6MFBnQ0k3WAogIGQ3NFV1cmFzMDdieEE1SFl5UElQUnlJQSJ
9fX0sCiAgICAiQWNjb3VudEFkZHJlc3MiOiAiZ3JvdXB3QGV4YW1wbGUuY29tIiwK
ICAgICJBY2NvdW50RW5jcnlwdGlvbiI6IHsKICAgICAgIlVkZiI6ICJNQ05ILVpaQ
zMtSlVNNC1CRU1ULUVJSE0tQVZUVy1QRURSIiwKICAgICAgIlB1YmxpY1BhcmFtZX
RlcnMiOiB7CiAgICAgICAgIlB1YmxpY0tleUVDREgiOiB7CiAgICAgICAgICAiY3J
2IjogIlg0NDgiLAogICAgICAgICAgIlB1YmxpYyI6ICJMU3BQUmI1ZVV2OE82NmFD
MW5iQnFERG5ZeTIxY0tFZ25OUEFmOXUteE1RUUl1SEJ6ck9TCiAgYUY2QXdaRVZ6a
2w0R3NlMWpoYlVheXdBIn19fSwKICAgICJBZG1pbmlzdHJhdG9yU2lnbmF0dXJlIj
ogewogICAgICAiVWRmIjogIk1DWlQtRVRTRi1QREdXLUxBVEwtRjczQi1PU1NRLUZ
TNEIiLAogICAgICAiUHVibGljUGFyYW1ldGVycyI6IHsKICAgICAgICAiUHVibGlj
S2V5RUNESCI6IHsKICAgICAgICAgICJjcnYiOiAiRWQ0NDgiLAogICAgICAgICAgI
lB1YmxpYyI6ICJCN2trX2ZxNVhQcVZJYURIYl85Vmd1VWRIWXFSckFDaWtxMllXS3
hzOTh3M2NoRnBTLVM4CiAgOGx4OThsQ29VSFF3X3hKVGdZWG1jTFlBIn19fX19",
{
"signatures":[{
"alg":"S512",
"kid":"MD5F-JZHZ-NAEI-LTUH-RDNE-YH5R-W7FI",
"signature":"tfrE8RJDJ2v7d8OTOwsc8NGmsPKPVk2l
nqLRDr5a9J0na4NN-edwYkgKb3OfBPRo-zHz_WrBsIKAav3yx28G-_Y2hJz02dUTW
ySnhKAco2LMYuL3sJeRiN0ob-iytd8AArp-p2DM2iSpP5VbdQoktQgA"}
],
"PayloadDigest":"wNDBikTV6DpDsFLzjTMEap2HDzbdb4mp
aq70CCrQGkCe2FnMJN5yY_bv6U1zAAU1XKnnJuZKdgkC6tyiAxCcdg"}
],
"Protocols":[{
"Protocol":"mmm"}
],
"Capabilities":[{
"CapabilityDecryptPartial":{
"Id":"MCNH-ZZC3-JUM4-BEMT-EIHM-AVTW-PEDR",
"EnvelopedKeyShare":[{
"enc":"A256CBC",
"kid":"EBQG-6BCL-F7KX-JZUA-4VSE-D6UJ-Y3HL",
"Salt":"VWhAekk002Mkb6XZnUuUAQ",
"recipients":[{
"kid":"MCKI-SCOD-D47B-GELC-OA4G-WG7N-UEJV",
"epk":{
"PublicKeyECDH":{
"crv":"X448",
"Public":"W6N-91FWVxf5OzSjoasu68NGz
kNUN6L5ajUTZQUGr6idoHdljYR4VoeakJ_3tbNekCd8gOvSaNqA"}},
"wmk":"b9t5G_QyPhP2HG9DhEAh6rXR_KKJrENV
qRoELseDh7FY-px4FzZfCQ"}
],
"ContentMetaData":"ewogICJNZXNzYWdlVHlwZSI6
ICJLZXlEYXRhIiwKICAiY3R5IjogImFwcGxpY2F0aW9uL21tbS9vYmplY3QiLAogI
CJDcmVhdGVkIjogIjIwMjEtMDktMjBUMTg6MTY6MTdaIn0"},
"TEiOU1Tb3ofuVFTj1VgkKg3nC_LLdB38JN70_GbYkBnH
ZsL4FFCmwMCrh7UCw88RJk7dyxcKpCW_SN9MENzUFjM1zJpSvwgYu5Udiy-gFYi7B
chUlBwwf9yX_4UjlNM5-BezyxD8cM3oYTHlEAGfXg8loYAZ4D7DV562jAgQbJ_Pc-
TVAO91YnLhk86AMaCyDKg0F76rF6ExiZeUY9MgTXlKryvNF6oPRIzXPe09SkyaXu5
9KzSo4vML3ZDtpAKdbuqTGQaQ-f0l-ZSFDqIu1tOXSRU5AQR13ePU3VTbowXY9c8r
mLQFk3Z0m27LB2knJ5973hirNFGoaj1zxT4RC4bStyp8wmtGtWsle5OvTPzF-GW7W
ye0f3F5NAWPjYzX3KSiO6HfWjSqQp7uy0xBngJU5oj1CENcpFtnZ5tiZPtIF2-uSy
Brxa04Y7SgLjliGyiTqZEiR60EC8_S6PQjvb4GLrOLaVGRxo8IpcbMlOD6d1EEREU
cEg8bezF80zL3RIoCsDvpwEuDa9wWMZvdupbmPOIpbT0GLtdsDlIZK_78X9Gjr_eh
Fsiq-8qRdeUySue8SIbm8HSCs9YTMACAabwqu0PtalQxc7603IYEzxWeTCvnIwZtC
LoFeE27Pt70zTARey6ql6HNJLeP4-P3BSCRSLnC5e31oCiMbAMCQRCcXhF2YGpF1r
OK9nw4cNxi_qnYBCdd0_7R7m0IdDPadg"
]}}
]}
]}}}}¶
The confirmation interaction consists of a RequestConfirmation message from the initiator followed by a ResponseConfirmation from the responder.¶
The RequestConfirmation message specifies the action that is requested.¶
The ResponseConfirmation message contains the enveloped RequestConfirmation message signed by the initiator and the disposition of the responder, Accept = true if the request is accepted and Accept = false otherwise.¶
The service sends out the following request:¶
{
"RequestConfirmation":{
"MessageId":"NAFH-QPYP-5OAV-WXPX-RCKO-KIKS-RYJG",
"Sender":"console@example.com",
"Recipient":"alice@example.com",
"Text":"start"}}¶
Alice accepts the request and returns the following response:¶
{
"ResponseConfirmation":{
"MessageId":"MBQO-USUV-X27A-CFLD-RXKE-LZMD-GT7T",
"Sender":"alice@example.com",
"Recipient":"console@example.com",
"Request":[{
"EnvelopeId":"MACN-R7IW-JPYU-XLMI-6KPN-5I3W-3WB4",
"ContentMetaData":"ewogICJVbmlxdWVJZCI6ICJOQUZILVFQWVAtNU
9BVi1XWFBYLVJDS08tS0lLUy1SWUpHIiwKICAiTWVzc2FnZVR5cGUiOiAiUmVxdWV
zdENvbmZpcm1hdGlvbiIsCiAgImN0eSI6ICJhcHBsaWNhdGlvbi9tbW0vb2JqZWN0
IiwKICAiQ3JlYXRlZCI6ICIyMDIxLTA5LTIwVDE4OjE2OjE0WiJ9",
"SequenceInfo":{
"Index":4,
"TreePosition":6201},
"Received":"2021-09-20T18:16:15Z"},
"ewogICJSZXF1ZXN0Q29uZmlybWF0aW9uIjogewogICAgIk1lc3NhZ2VJZC
I6ICJOQUZILVFQWVAtNU9BVi1XWFBYLVJDS08tS0lLUy1SWUpHIiwKICAgICJTZW5
kZXIiOiAiY29uc29sZUBleGFtcGxlLmNvbSIsCiAgICAiUmVjaXBpZW50IjogImFs
aWNlQGV4YW1wbGUuY29tIiwKICAgICJUZXh0IjogInN0YXJ0In19",
{}
],
"Accept":true}}¶
Connection of a device to a Mesh Account combines synchronous and asynchronous elements and therefore uses a combination of Mesh Service Protocol and Mesh Messaging interactions.¶
Four connection interactions are currently defined support connection of devices with different affordances:¶
For connecting devices that provide data entry and display affordances and are connected to a network. The account the device is to be connected to is entered into the device which displays a witness code. This code is then compared with a code displayed on the administration device to authenticate the request, after which both devices can complete the interaction.¶
A variation of the Witness Authenticated interaction in which the connection process is initiated by creating a PIN value which is communicated to the device by some out of band means and used to authenticate the connection request.¶
For connecting devices that provide a camera affordance. The user sets the administration device into 'add device' mode, causing a QR code to be displayed. The QR code is scanned by the device being connected after which both devices can complete the interaction. Implementation of this mechanism is identical to the PIN authenticated scheme except that the PIN code is presented to the connecting device by means of a QR code.¶
For connecting devices that have been preconfigured with a device profile identified by means of a QR Code containing an EARL. The QR code is scanned by the administration device after which both devices can complete the interaction.¶
Each of these interactions provide strong mutual authentication with minimal user effort.¶
The witness authenticated connection interaction is intended for use in cases in which the device is already connected to a network. The QR code interactions are intended to provide support for acquisition of networking capabilities as part of the connection process. These functions are not currently specified. The Static QR Code Authenticated interaction is intended to support Internet of Things (IoT) devices which provide minimal interaction affordances.¶
In each case, the objectives of the device connection interaction are the same:¶
The connection of the device to the Mesh Account is achieved through the creation of the ActivationDevice, ConnectionDevice and CataloguedDevice records described in [draft-hallambaker-mesh-schema]. These are created by the administration device in the third phase of each of the connection interactions described below and acquired by the onboarding device in the fourth phase.¶
The witness authenticated, PIN authenticated, and Dynamic QR code interactions all follow a common interaction pattern.¶
The Dynamic QR Code (PIN) Authenticated interaction comprises four phases as follows:¶
A PIN code is created and registered with the PIN Registration interaction described earlier and transmitted to the user by an out of band communication. In the case of the Dynamic QR code interaction, this is a QR code that is scanned by the connecting device.¶
The onboarding device creates a RequestConnect message. In the PIN authenticated and Dynamic QR Code interactions, the RequestConnect is authenticated by the Device Authentication key and the PIN issued earlier. In the Witness Authenticated interaction, it is authenticated by the Device Authentication key alone.¶
The onboarding device presents the RequestConnect message to the service by means of a Connect operation to the service servicing the account. This results in the exchange of the account and device profiles and the computation of a witness value from the two profile fingerprints and two nonce values specified by the onboarding device and the service. An AcknowledgeConnection message is posted to the Inbound spool of the account and returned to the connecting device.¶
The account holder authenticates RequestConnect message and uses an administrative device to accept or reject the connection request.¶
If the RequestConnect message has been authenticated by a PIN code, the connection request can be accepted automatically without additional user interaction.¶
The onboarding device periodically polls the service for acceptance of the request by the administration device using the Complete transaction.¶
The use of the PIN code to authenticate the request message is shown in $$$$.¶
The PIN code MAY be presented to the onboarding device in any format accepted by the device. Administration MAY support presentation of the account address PIN code as a URI code. Administration devices SHOULD support presentation of the account address PIN code as a QR code containing the corresponding URI.¶
Alice> account pin /threshold PIN=ABYY-TYLH-XENK-57RH-6PMF-MAE2-JU (Expires=2021-09-21T18:16:18Z)¶
The registration of this PIN value was shown earlier in section $$$¶
The URI containing the account address and PIN is:¶
mcu://alice@example.com/ABYY-TYLH-XENK-57RH-6PMF-MAE2-JU¶
The onboarding device scans the QR code to obtain the account address and PIN code. The PIN code is used to authenticate a connection request:¶
Alice3> device request alice@example.com /pin ^
ABYY-TYLH-XENK-57RH-6PMF-MAE2-JU
Device UDF = MBJ4-CDEK-6JA2-WGKY-4C2Z-VSYP-KOFM
Witness value = CC5N-J27O-DR3W-WTQI-R3JB-NJZP-745V
¶
The device generates a RequestConnect message as follows:¶
{
"RequestConnection":{
"MessageId":"NDYR-FST2-D4V7-7C3Q-QF5R-74TX-NNPC",
"AuthenticatedData":[{
"EnvelopeId":"MBJ4-CDEK-6JA2-WGKY-4C2Z-VSYP-KOFM",
"dig":"S512",
"ContentMetaData":"ewogICJVbmlxdWVJZCI6ICJNQko0LUNERUstNk
pBMi1XR0tZLTRDMlotVlNZUC1LT0ZNIiwKICAiTWVzc2FnZVR5cGUiOiAiUHJvZml
sZURldmljZSIsCiAgImN0eSI6ICJhcHBsaWNhdGlvbi9tbW0vb2JqZWN0IiwKICAi
Q3JlYXRlZCI6ICIyMDIxLTA5LTIwVDE4OjE2OjE4WiJ9"},
"ewogICJQcm9maWxlRGV2aWNlIjogewogICAgIlByb2ZpbGVTaWduYXR1cm
UiOiB7CiAgICAgICJVZGYiOiAiTUJKNC1DREVLLTZKQTItV0dLWS00QzJaLVZTWVA
tS09GTSIsCiAgICAgICJQdWJsaWNQYXJhbWV0ZXJzIjogewogICAgICAgICJQdWJs
aWNLZXlFQ0RIIjogewogICAgICAgICAgImNydiI6ICJFZDQ0OCIsCiAgICAgICAgI
CAiUHVibGljIjogImdLTzlPWUVSSFJYYWxqM0JBWUpWTUd0aVhTVkt2Qy14ZEgxTj
B4NGhjWWVjZ3ZGeFdEaG8KICBJdVFzUkRtNC1RMGtKV1FGbGFVZXp6RUEifX19LAo
gICAgIkVuY3J5cHRpb24iOiB7CiAgICAgICJVZGYiOiAiTURaVS1MVkVRLUZXVkMt
WlRaUS01WlZNLUhERlctQ01DUiIsCiAgICAgICJQdWJsaWNQYXJhbWV0ZXJzIjoge
wogICAgICAgICJQdWJsaWNLZXlFQ0RIIjogewogICAgICAgICAgImNydiI6ICJYND
Q4IiwKICAgICAgICAgICJQdWJsaWMiOiAieUZIaXpKTlplZ2M1d2JUeUlOeXd0LTV
MQWd5WTZFRkVWLTRSaG9FMVU0ZXRpYUZ1eTFYaAogIDFNZ2l6a080b1h0NmVMVFpk
Rjdqa2NtQSJ9fX0sCiAgICAiU2lnbmF0dXJlIjogewogICAgICAiVWRmIjogIk1CU
jMtQ1dRVy1ZWTdTLTQzUUUtTVkySi1JMkI1LUpKWU4iLAogICAgICAiUHVibGljUG
FyYW1ldGVycyI6IHsKICAgICAgICAiUHVibGljS2V5RUNESCI6IHsKICAgICAgICA
gICJjcnYiOiAiRWQ0NDgiLAogICAgICAgICAgIlB1YmxpYyI6ICJZWDlWWFI5cm1l
aVVELXprdkgxcFpWaEt5My1PX1E2Y2dMVF82UmZPZG1qWE9rX0o4UEUzCiAgcm0tV
DdXVFZfOVd3RFM5VENQY2tXOWdBIn19fSwKICAgICJBdXRoZW50aWNhdGlvbiI6IH
sKICAgICAgIlVkZiI6ICJNQVdULVdXRFEtTFlaQi1CVUVXLUZBVzItUk9PRi1YUTJ
IIiwKICAgICAgIlB1YmxpY1BhcmFtZXRlcnMiOiB7CiAgICAgICAgIlB1YmxpY0tl
eUVDREgiOiB7CiAgICAgICAgICAiY3J2IjogIlg0NDgiLAogICAgICAgICAgIlB1Y
mxpYyI6ICJWcW0zalhvZXpLenBqXzdHOGd3Y3ZhekNoT2EyMm85emZGNlE4SzlRS2
M1cEJyeWw2UnItCiAgUW5McmFLaFV1clFRVThiUktQVHBCRGNBIn19fX19",
{
"signatures":[{
"alg":"S512",
"kid":"MBJ4-CDEK-6JA2-WGKY-4C2Z-VSYP-KOFM",
"signature":"IIZgcx_hd3h4onMB6yOe7FZyU6k_8SqUsePyCgeM
DB3w-yAt_f_YRnHcgipESTP1669Ci2mlPh-A_YQoPoDJ1sDz_eROHrxfAX-TTBBlM
Omizu1UMoUnB1fEr1J75CNxwf9smIMcCxT7O4X1MQoOewsA"}
],
"PayloadDigest":"EeGC-UU1fMXyppG62CiPC7pBNaDw257ubufE3izw
mBm_8lrMfG_VWnfqMybF8Q3m6V0fWQxQfRWIc-9XpG4-sg"}
],
"ClientNonce":"ZRD9o9z8_Axq6WHESqQ1aQ",
"PinId":"AAAR-P66O-KGTI-QY6C-CXIW-OMCV-WQZI",
"PinWitness":"dbD8_k5J6NhZxru6ltO-Y52bm-zPr80EbEbmcwMl6sFpOBx
VFRVJi6AcI0gU3Wj3mdgAltf9ePxBRyYymjmtWQ",
"AccountAddress":"alice@example.com"}}¶
The service receives the conenct request and authenticates the message under the device key. The service cannot authenticate the message under the PIN code because that is not know to the service as the service cannot decrypt the local spool.¶
Having authenticated the connect request, the service generates a random nonce value. The random nonce together with the device and account profiles are used to calculate the witness value.¶
The AcknowledgeConnection message is created by the service:¶
{
"AcknowledgeConnection":{
"MessageId":"CC5N-J27O-DR3W-WTQI-R3JB-NJZP-745V",
"EnvelopedRequestConnection":[{
"EnvelopeId":"MBX4-HVCH-S6LU-BEWP-KAM5-7OYF-F4YG",
"ContentMetaData":"ewogICJVbmlxdWVJZCI6ICJORFlSLUZTVDItRD
RWNy03QzNRLVFGNVItNzRUWC1OTlBDIiwKICAiTWVzc2FnZVR5cGUiOiAiUmVxdWV
zdENvbm5lY3Rpb24iLAogICJjdHkiOiAiYXBwbGljYXRpb24vbW1tL29iamVjdCIs
CiAgIkNyZWF0ZWQiOiAiMjAyMS0wOS0yMFQxODoxNjoxOFoifQ"},
"ewogICJSZXF1ZXN0Q29ubmVjdGlvbiI6IHsKICAgICJNZXNzYWdlSWQiOi
AiTkRZUi1GU1QyLUQ0VjctN0MzUS1RRjVSLTc0VFgtTk5QQyIsCiAgICAiQXV0aGV
udGljYXRlZERhdGEiOiBbewogICAgICAgICJFbnZlbG9wZUlkIjogIk1CSjQtQ0RF
Sy02SkEyLVdHS1ktNEMyWi1WU1lQLUtPRk0iLAogICAgICAgICJkaWciOiAiUzUxM
iIsCiAgICAgICAgIkNvbnRlbnRNZXRhRGF0YSI6ICJld29nSUNKVmJtbHhkV1ZKWk
NJNklDSk5Ra28wTFVORVJVc3ROa3BCTWkxCiAgWFIwdFpMVFJETWxvdFZsTlpVQzF
MVDBaTklpd0tJQ0FpVFdWemMyRm5aVlI1Y0dVaU9pQWlVSEp2Wm1sc1oKICBVUmxk
bWxqWlNJc0NpQWdJbU4wZVNJNklDSmhjSEJzYVdOaGRHbHZiaTl0YlcwdmIySnFaV
04wSWl3S0lDQQogIGlRM0psWVhSbFpDSTZJQ0l5TURJeExUQTVMVEl3VkRFNE9qRT
JPakU0V2lKOSJ9LAogICAgICAiZXdvZ0lDSlFjbTltYVd4bFJHVjJhV05sSWpvZ2V
3b2dJQ0FnSWxCeWIyWgogIHBiR1ZUYVdkdVlYUjFjbVVpT2lCN0NpQWdJQ0FnSUNK
VlpHWWlPaUFpVFVKS05DMURSRVZMTFRaS1FUSXRWCiAgMGRMV1MwMFF6SmFMVlpUV
1ZBdFMwOUdUU0lzQ2lBZ0lDQWdJQ0pRZFdKc2FXTlFZWEpoYldWMFpYSnpJam8KIC
BnZXdvZ0lDQWdJQ0FnSUNKUWRXSnNhV05MWlhsRlEwUklJam9nZXdvZ0lDQWdJQ0F
nSUNBZ0ltTnlkaUk2SQogIENKRlpEUTBPQ0lzQ2lBZ0lDQWdJQ0FnSUNBaVVIVmli
R2xqSWpvZ0ltZExUemxQV1VWU1NGSllZV3hxTTBKCiAgQldVcFdUVWQwYVZoVFZrd
DJReTE0WkVneFRqQjROR2hqV1dWalozWkdlRmRFYUc4S0lDQkpkVkZ6VWtSdE4KIC
BDMVJNR3RLVjFGR2JHRlZaWHA2UlVFaWZYMTlMQW9nSUNBZ0lrVnVZM0o1Y0hScGI
yNGlPaUI3Q2lBZ0lDQQogIGdJQ0pWWkdZaU9pQWlUVVJhVlMxTVZrVlJMVVpYVmtN
dFdsUmFVUzAxV2xaTkxVaEVSbGN0UTAxRFVpSXNDCiAgaUFnSUNBZ0lDSlFkV0pzY
VdOUVlYSmhiV1YwWlhKeklqb2dld29nSUNBZ0lDQWdJQ0pRZFdKc2FXTkxaWGwKIC
BGUTBSSUlqb2dld29nSUNBZ0lDQWdJQ0FnSW1OeWRpSTZJQ0pZTkRRNElpd0tJQ0F
nSUNBZ0lDQWdJQ0pRZAogIFdKc2FXTWlPaUFpZVVaSWFYcEtUbHBsWjJNMWQySlVl
VWxPZVhkMExUVk1RV2Q1V1RaRlJrVldMVFJTYUc5CiAgRk1WVTBaWFJwWVVaMWVUR
llhQW9nSURGTloybDZhMDgwYjFoME5tVk1WRnBrUmpkcWEyTnRRU0o5Zlgwc0MKIC
BpQWdJQ0FpVTJsbmJtRjBkWEpsSWpvZ2V3b2dJQ0FnSUNBaVZXUm1Jam9nSWsxQ1V
qTXRRMWRSVnkxWldUZAogIFRMVFF6VVVVdFRWa3lTaTFKTWtJMUxVcEtXVTRpTEFv
Z0lDQWdJQ0FpVUhWaWJHbGpVR0Z5WVcxbGRHVnljCiAgeUk2SUhzS0lDQWdJQ0FnS
UNBaVVIVmliR2xqUzJWNVJVTkVTQ0k2SUhzS0lDQWdJQ0FnSUNBZ0lDSmpjblkKIC
BpT2lBaVJXUTBORGdpTEFvZ0lDQWdJQ0FnSUNBZ0lsQjFZbXhwWXlJNklDSlpXRGx
XV0ZJNWNtMWxhVlZFTAogIFhwcmRrZ3hjRnBXYUV0NU15MVBYMUUyWTJkTVZGODJV
bVpQWkcxcVdFOXJYMG80VUVVekNpQWdjbTB0VkRkCiAgWFZGWmZPVmQzUkZNNVZFT
lFZMnRYT1dkQkluMTlmU3dLSUNBZ0lDSkJkWFJvWlc1MGFXTmhkR2x2YmlJNkkKIC
BIc0tJQ0FnSUNBZ0lsVmtaaUk2SUNKTlFWZFVMVmRYUkZFdFRGbGFRaTFDVlVWWEx
VWkJWekl0VWs5UFJpMQogIFlVVEpJSWl3S0lDQWdJQ0FnSWxCMVlteHBZMUJoY21G
dFpYUmxjbk1pT2lCN0NpQWdJQ0FnSUNBZ0lsQjFZCiAgbXhwWTB0bGVVVkRSRWdpT
2lCN0NpQWdJQ0FnSUNBZ0lDQWlZM0oySWpvZ0lsZzBORGdpTEFvZ0lDQWdJQ0EKIC
BnSUNBZ0lsQjFZbXhwWXlJNklDSldjVzB6YWxodlpYcExlbkJxWHpkSE9HZDNZM1p
oZWtOb1QyRXlNbTg1ZQogIG1aR05sRTRTemxSUzJNMWNFSnllV3cyVW5JdENpQWdV
VzVNY21GTGFGVjFjbEZSVlRoaVVrdFFWSEJDUkdOCiAgQkluMTlmWDE5IiwKICAgI
CAgewogICAgICAgICJzaWduYXR1cmVzIjogW3sKICAgICAgICAgICAgImFsZyI6IC
JTNTEyIiwKICAgICAgICAgICAgImtpZCI6ICJNQko0LUNERUstNkpBMi1XR0tZLTR
DMlotVlNZUC1LT0ZNIiwKICAgICAgICAgICAgInNpZ25hdHVyZSI6ICJJSVpnY3hf
aGQzaDRvbk1CNnlPZTdGWnlVNmtfOFNxVXNlUHlDZ2VNREIzdy15QXRfCiAgZl9ZU
m5IY2dpcEVTVFAxNjY5Q2kybWxQaC1BX1lRb1BvREoxc0R6X2VST0hyeGZBWC1UVE
JCbE1PbWl6dTEKICBVTW9VbkIxZkVyMUo3NUNOeHdmOXNtSU1jQ3hUN080WDFNUW9
PZXdzQSJ9XSwKICAgICAgICAiUGF5bG9hZERpZ2VzdCI6ICJFZUdDLVVVMWZNWHlw
cEc2MkNpUEM3cEJOYUR3MjU3dWJ1ZkUzaXp3bUJtXzgKICBsck1mR19WV25mcU15Y
kY4UTNtNlYwZldReFFmUldJYy05WHBHNC1zZyJ9XSwKICAgICJDbGllbnROb25jZS
I6ICJaUkQ5bzl6OF9BeHE2V0hFU3FRMWFRIiwKICAgICJQaW5JZCI6ICJBQUFSLVA
2Nk8tS0dUSS1RWTZDLUNYSVctT01DVi1XUVpJIiwKICAgICJQaW5XaXRuZXNzIjog
ImRiRDhfazVKNk5oWnhydTZsdE8tWTUyYm0telByODBFYkVibWN3TWw2c0ZwT0J4V
gogIEZSVkppNkFjSTBnVTNXajNtZGdBbHRmOWVQeEJSeVl5bWptdFdRIiwKICAgIC
JBY2NvdW50QWRkcmVzcyI6ICJhbGljZUBleGFtcGxlLmNvbSJ9fQ"
],
"ServerNonce":"04cY1MKWI4G8BGEUGQzldw",
"Witness":"CC5N-J27O-DR3W-WTQI-R3JB-NJZP-745V"}}¶
The AcknowledgeConnection message is appended to the Inbound spool of the account to which connection was requested so that the user can approve the request. The ConnectResponse message is returned to the device containing the AcknowledgeConnection message and the profile of the account.¶
The device generates the witness value, verifies it against the value provided by the server and presents it to the user as seen in the console example above.¶
The user synchronizes their pending messages:¶
Alice> message pending
MessageID: CC5N-J27O-DR3W-WTQI-R3JB-NJZP-745V
Connection Request::
MessageID: CC5N-J27O-DR3W-WTQI-R3JB-NJZP-745V
To: From:
Device: MBJ4-CDEK-6JA2-WGKY-4C2Z-VSYP-KOFM
Witness: CC5N-J27O-DR3W-WTQI-R3JB-NJZP-745V
MessageID: NCJD-SJE7-VPY7-REZL-HCYI-2QWC-W2ZK
Group invitation::
MessageID: NCJD-SJE7-VPY7-REZL-HCYI-2QWC-W2ZK
To: alice@example.com From: alice@example.com
MessageID: NAFH-QPYP-5OAV-WXPX-RCKO-KIKS-RYJG
Confirmation Request::
MessageID: NAFH-QPYP-5OAV-WXPX-RCKO-KIKS-RYJG
To: alice@example.com From: console@example.com
Text: start
MessageID: NDAP-F3KS-HNFO-7I3L-2ZHA-IGKR-3RGZ
Contact Request::
MessageID: NDAP-F3KS-HNFO-7I3L-2ZHA-IGKR-3RGZ
To: alice@example.com From: bob@example.com
PIN: ADN6-CJ3X-KEFJ-BMMU-TKN3-J3JS-73ZA
Alice> account sync /auto
ERROR - An attempt was made to create an object with an existing obje
ct identifier
¶
The administration device determines that the device connection request is authenticated by a PIN code. The PIN code is retrieved and the message authenticated. This is shown in the PIN registration interation example in section $$$ above.¶
Bug: This command is currently showing superflous pending messages due to the failure to clear messages processed in earlier examples.¶
The Cataloged device record is created from the public key values corresponding to the combination of the public keys in the device profile and those defined by the activation:¶
[Updates to multiple spools here.]¶
>>> ActivationDevice Here¶
>>> CatalogedDevice Here¶
{
"RespondConnection":{
"MessageId":"MB3U-D5WR-CRBE-PM3W-BXKC-WJL7-7QMZ",
"Result":"Accept",
"CatalogedDevice":{
"DeviceUdf":"MBJ4-CDEK-6JA2-WGKY-4C2Z-VSYP-KOFM",
"EnvelopedProfileUser":[{
"EnvelopeId":"MC6L-GFYJ-7EOP-2OWN-24ZJ-4RC7-EXTW",
"dig":"S512",
"ContentMetaData":"ewogICJVbmlxdWVJZCI6ICJNQzZMLUdGWUot
N0VPUC0yT1dOLTI0WkotNFJDNy1FWFRXIiwKICAiTWVzc2FnZVR5cGUiOiAiUHJvZ
mlsZVVzZXIiLAogICJjdHkiOiAiYXBwbGljYXRpb24vbW1tL29iamVjdCIsCiAgIk
NyZWF0ZWQiOiAiMjAyMS0wOS0yMFQxODoxNToyMloifQ"},
"ewogICJQcm9maWxlVXNlciI6IHsKICAgICJQcm9maWxlU2lnbmF0dXJl
IjogewogICAgICAiVWRmIjogIk1DNkwtR0ZZSi03RU9QLTJPV04tMjRaSi00UkM3L
UVYVFciLAogICAgICAiUHVibGljUGFyYW1ldGVycyI6IHsKICAgICAgICAiUHVibG
ljS2V5RUNESCI6IHsKICAgICAgICAgICJjcnYiOiAiRWQ0NDgiLAogICAgICAgICA
gIlB1YmxpYyI6ICJSTHNrbTRnVzZrQm5aS3dMMlBDQkF1aHJyaXVBU1g5X2lZUkt4
UTUyRFN0V0dsT2wydWdFCiAgeVAzdTZBVEM1WW1JOFU5TXFyT1cxTW9BIn19fSwKI
CAgICJBY2NvdW50QWRkcmVzcyI6ICJhbGljZUBleGFtcGxlLmNvbSIsCiAgICAiU2
VydmljZVVkZiI6ICJNQ1ozLU0yUFMtU0ZYUC00TDZYLVJLR1AtTUtKQS1SNVdLIiw
KICAgICJBY2NvdW50RW5jcnlwdGlvbiI6IHsKICAgICAgIlVkZiI6ICJNRFFZLUo3
MkEtVlBBTy1XRE9ELUdZWTctNFpaNS1QTFZMIiwKICAgICAgIlB1YmxpY1BhcmFtZ
XRlcnMiOiB7CiAgICAgICAgIlB1YmxpY0tleUVDREgiOiB7CiAgICAgICAgICAiY3
J2IjogIlg0NDgiLAogICAgICAgICAgIlB1YmxpYyI6ICJJZTJtOTRzY21qN05yX1l
xTTE1U3h0R2tmbkJMWWxUa25rSWVsVlhxYXJpSUF1el92QjJICiAgRHFNSElnM1ot
UEtpWEZlcVVqTDRnTmtBIn19fSwKICAgICJBZG1pbmlzdHJhdG9yU2lnbmF0dXJlI
jogewogICAgICAiVWRmIjogIk1EUFktQUI2Mi1STEwyLUZEWkYtR0hZQi1MUzJHLU
hNWlgiLAogICAgICAiUHVibGljUGFyYW1ldGVycyI6IHsKICAgICAgICAiUHVibGl
jS2V5RUNESCI6IHsKICAgICAgICAgICJjcnYiOiAiRWQ0NDgiLAogICAgICAgICAg
IlB1YmxpYyI6ICIwZ3JnTFRFNDljWlF6SURkT2k1ZjRsSXgzT2xsZFBqOVA3dUNzc
U0wWmdLWHJHNnVBWHAtCiAgUWg3ZUdxOE5WNkRQQjBib3YzX1BZSUlBIn19fSwKIC
AgICJBY2NvdW50QXV0aGVudGljYXRpb24iOiB7CiAgICAgICJVZGYiOiAiTUNaQi1
YTVdNLUtVVlAtUFpaSC1CV1RRLUY0QVYtT0dOUCIsCiAgICAgICJQdWJsaWNQYXJh
bWV0ZXJzIjogewogICAgICAgICJQdWJsaWNLZXlFQ0RIIjogewogICAgICAgICAgI
mNydiI6ICJYNDQ4IiwKICAgICAgICAgICJQdWJsaWMiOiAidzE0OURtZ2RlOXNwaG
JIaWdIVkQ1czFiZlppa2l4ZzNUTEtBRzNWZ2pKZTRETUFWRVJCcwogIE1JbTBBY19
nRVZvS29yb1gxdEdFRkowQSJ9fX0sCiAgICAiQWNjb3VudFNpZ25hdHVyZSI6IHsK
ICAgICAgIlVkZiI6ICJNQ1VNLVNRMzUtWkpVUS1UTVRLLUhCNFgtNTdRUS1ZSzJaI
iwKICAgICAgIlB1YmxpY1BhcmFtZXRlcnMiOiB7CiAgICAgICAgIlB1YmxpY0tleU
VDREgiOiB7CiAgICAgICAgICAiY3J2IjogIkVkNDQ4IiwKICAgICAgICAgICJQdWJ
saWMiOiAibUR5cDZtTGlSYXRPWGlCdHg5YlZabTJiaHBQaXFtVEJMdG1WeHpwOWRC
TWlVWl9YOElkdAogIHY1MUJvcFcycWF5blJ1LWxFNU1WYW5LQSJ9fX19fQ",
{
"signatures":[{
"alg":"S512",
"kid":"MC6L-GFYJ-7EOP-2OWN-24ZJ-4RC7-EXTW",
"signature":"aeCuTY0X-J9_L6HGafZKbg5ZueP6PjoydfQDXB
28B0CpGfqhPjTc6bjLF-vZWzSV4wZ9wotFvXyAR_QRXW7EtpbRz4s2j-bdzGR6z0j
zJGnFWaxUYfAzCoFUHfhUDzJTthMNkQiJ-sUyRyriqaF0HjUA"}
],
"PayloadDigest":"ZPrAcmAuks4uOaLyaHIyrISbFbCuNwXI3h7IVD
B4hzyitFAsVEg8G5QukhJexWuntd_8f4VwQaAmZnjT3lPEhw"}
],
"EnvelopedProfileDevice":[{
"EnvelopeId":"MBJ4-CDEK-6JA2-WGKY-4C2Z-VSYP-KOFM",
"dig":"S512",
"ContentMetaData":"ewogICJVbmlxdWVJZCI6ICJNQko0LUNERUst
NkpBMi1XR0tZLTRDMlotVlNZUC1LT0ZNIiwKICAiTWVzc2FnZVR5cGUiOiAiUHJvZ
mlsZURldmljZSIsCiAgImN0eSI6ICJhcHBsaWNhdGlvbi9tbW0vb2JqZWN0IiwKIC
AiQ3JlYXRlZCI6ICIyMDIxLTA5LTIwVDE4OjE2OjE4WiJ9"},
"ewogICJQcm9maWxlRGV2aWNlIjogewogICAgIlByb2ZpbGVTaWduYXR1
cmUiOiB7CiAgICAgICJVZGYiOiAiTUJKNC1DREVLLTZKQTItV0dLWS00QzJaLVZTW
VAtS09GTSIsCiAgICAgICJQdWJsaWNQYXJhbWV0ZXJzIjogewogICAgICAgICJQdW
JsaWNLZXlFQ0RIIjogewogICAgICAgICAgImNydiI6ICJFZDQ0OCIsCiAgICAgICA
gICAiUHVibGljIjogImdLTzlPWUVSSFJYYWxqM0JBWUpWTUd0aVhTVkt2Qy14ZEgx
TjB4NGhjWWVjZ3ZGeFdEaG8KICBJdVFzUkRtNC1RMGtKV1FGbGFVZXp6RUEifX19L
AogICAgIkVuY3J5cHRpb24iOiB7CiAgICAgICJVZGYiOiAiTURaVS1MVkVRLUZXVk
MtWlRaUS01WlZNLUhERlctQ01DUiIsCiAgICAgICJQdWJsaWNQYXJhbWV0ZXJzIjo
gewogICAgICAgICJQdWJsaWNLZXlFQ0RIIjogewogICAgICAgICAgImNydiI6ICJY
NDQ4IiwKICAgICAgICAgICJQdWJsaWMiOiAieUZIaXpKTlplZ2M1d2JUeUlOeXd0L
TVMQWd5WTZFRkVWLTRSaG9FMVU0ZXRpYUZ1eTFYaAogIDFNZ2l6a080b1h0NmVMVF
pkRjdqa2NtQSJ9fX0sCiAgICAiU2lnbmF0dXJlIjogewogICAgICAiVWRmIjogIk1
CUjMtQ1dRVy1ZWTdTLTQzUUUtTVkySi1JMkI1LUpKWU4iLAogICAgICAiUHVibGlj
UGFyYW1ldGVycyI6IHsKICAgICAgICAiUHVibGljS2V5RUNESCI6IHsKICAgICAgI
CAgICJjcnYiOiAiRWQ0NDgiLAogICAgICAgICAgIlB1YmxpYyI6ICJZWDlWWFI5cm
1laVVELXprdkgxcFpWaEt5My1PX1E2Y2dMVF82UmZPZG1qWE9rX0o4UEUzCiAgcm0
tVDdXVFZfOVd3RFM5VENQY2tXOWdBIn19fSwKICAgICJBdXRoZW50aWNhdGlvbiI6
IHsKICAgICAgIlVkZiI6ICJNQVdULVdXRFEtTFlaQi1CVUVXLUZBVzItUk9PRi1YU
TJIIiwKICAgICAgIlB1YmxpY1BhcmFtZXRlcnMiOiB7CiAgICAgICAgIlB1YmxpY0
tleUVDREgiOiB7CiAgICAgICAgICAiY3J2IjogIlg0NDgiLAogICAgICAgICAgIlB
1YmxpYyI6ICJWcW0zalhvZXpLenBqXzdHOGd3Y3ZhekNoT2EyMm85emZGNlE4SzlR
S2M1cEJyeWw2UnItCiAgUW5McmFLaFV1clFRVThiUktQVHBCRGNBIn19fX19",
{
"signatures":[{
"alg":"S512",
"kid":"MBJ4-CDEK-6JA2-WGKY-4C2Z-VSYP-KOFM",
"signature":"IIZgcx_hd3h4onMB6yOe7FZyU6k_8SqUsePyCg
eMDB3w-yAt_f_YRnHcgipESTP1669Ci2mlPh-A_YQoPoDJ1sDz_eROHrxfAX-TTBB
lMOmizu1UMoUnB1fEr1J75CNxwf9smIMcCxT7O4X1MQoOewsA"}
],
"PayloadDigest":"EeGC-UU1fMXyppG62CiPC7pBNaDw257ubufE3i
zwmBm_8lrMfG_VWnfqMybF8Q3m6V0fWQxQfRWIc-9XpG4-sg"}
],
"EnvelopedConnectionAddress":[{
"dig":"S512"},
"e7QRQ29ubmVjdGlvbkFkZHJlc3N7tA5BdXRoZW50aWNhdGlvbnu0EFB1
YmxpY1BhcmFtZXRlcnN7tA1QdWJsaWNLZXlFQ0RIe7QDY3J2gARYNDQ4tAZQdWJsa
WOIObOavss8qXnyOEdTEgsbbUc53eztv71PZ6UvPOurHjIy2NYPXPhWOboDXGhCSR
glDWz0SDrPGlcFAH19fbQHQWNjb3VudIARYWxpY2VAZXhhbXBsZS5jb219fQ",
{
"signatures":[{
"alg":"S512",
"kid":"MDPY-AB62-RLL2-FDZF-GHYB-LS2G-HMZX",
"signature":"kXuiOE4ej2xBhBthsd2zJQW2XYcSXCR7mZQa16
c6QEMamtnw9ZkJX2HszugAZunlNC_Rdp1JDjCAZepplfgbzD7V354mep0hdKGoXye
QN9O3UmZxmtIpvcWPuESoAl3VXF7wNpOMvbr-2cRsgPrQ3DsA"}
]}
],
"EnvelopedConnectionService":[{
"dig":"S512",
"ContentMetaData":"ewogICJNZXNzYWdlVHlwZSI6ICJDb25uZWN0
aW9uU2VydmljZSIsCiAgImN0eSI6ICJhcHBsaWNhdGlvbi9tbW0vb2JqZWN0IiwKI
CAiQ3JlYXRlZCI6ICIyMDIxLTA5LTIwVDE4OjE2OjE5WiJ9"},
"e7QRQ29ubmVjdGlvblNlcnZpY2V7tA5BdXRoZW50aWNhdGlvbnu0A1Vk
ZoAiTUE0VS1IVzY0LU9LVEstWlFFTC1YNlVILUY2R1UtWlNTV7QQUHVibGljUGFyY
W1ldGVyc3u0DVB1YmxpY0tleUVDREh7tANjcnaABFg0NDi0BlB1YmxpY4g5s5q-yz
ypefI4R1MSCxttRznd7O2_vU9npS8866seMjLY1g9c-FY5ugNcaEJJGCUNbPRIOs8
aVwUAfX19fX0",
{
"signatures":[{
"alg":"S512",
"kid":"MDPY-AB62-RLL2-FDZF-GHYB-LS2G-HMZX",
"signature":"b9uPvBuiCFiOOWMync3K-kGEMsv8nsSe6P_bJf
gzw5_jfdkED2EOTLeyavP4aIDOvF12BIccF3cAZLlDNeB740u4nu0XEz5HCX6RBdd
C2XMfYbDe78yTBAaTtEqZ1jhaupspEW5q6viEfMQJ8BWGmzQA"}
],
"PayloadDigest":"9_otIc37d1dsMnmIm6V6TqizsPRvQU1O3a1XVb
-0A-CfdGk5m6blY9awr39H6gd547nuhqF-JdMBemwbPIyfJw"}
],
"EnvelopedConnectionDevice":[{
"dig":"S512",
"ContentMetaData":"ewogICJNZXNzYWdlVHlwZSI6ICJDb25uZWN0
aW9uRGV2aWNlIiwKICAiY3R5IjogImFwcGxpY2F0aW9uL21tbS9vYmplY3QiLAogI
CJDcmVhdGVkIjogIjIwMjEtMDktMjBUMTg6MTY6MTlaIn0"},
"e7QQQ29ubmVjdGlvbkRldmljZXu0DkF1dGhlbnRpY2F0aW9ue7QDVWRm
gCJNQTRVLUhXNjQtT0tUSy1aUUVMLVg2VUgtRjZHVS1aU1NXtBBQdWJsaWNQYXJhb
WV0ZXJze7QNUHVibGljS2V5RUNESHu0A2NydoAEWDQ0OLQGUHVibGljiDmzmr7LPK
l58jhHUxILG21HOd3s7b-9T2elLzzrqx4yMtjWD1z4Vjm6A1xoQkkYJQ1s9Eg6zxp
XBQB9fX20BVJvbGVzW4AJdGhyZXNob2xkXbQJU2lnbmF0dXJle7QDVWRmgCJNQ0pC
LUo1R1ItS1RXMy1KS1RFLTYyQTQtNVM1US1UQU5PtBBQdWJsaWNQYXJhbWV0ZXJze
7QNUHVibGljS2V5RUNESHu0A2NydoAFRWQ0NDi0BlB1YmxpY4g5UYt8Q55B6K9oxS
fj8UN35FZH6vlDeULJUpJlde7Iw2Gb8RjV7Blu7NiZME8Ig-BlSru-m6ztXY0AfX1
9tApFbmNyeXB0aW9ue7QDVWRmgCJNQVM1LUczTlItRkVHNS1KTkVFLU5HVFQtNTRF
Qi1HNE9JtBBQdWJsaWNQYXJhbWV0ZXJze7QNUHVibGljS2V5RUNESHu0A2NydoAEW
DQ0OLQGUHVibGljiDlS9hxCUejkfMJ_e8tJVThQHG-JqLvrEXWV8zsPj1J4icxh7I
pQDur36Qmwjm0WjjCXgDiQmSprZAB9fX19fQ",
{
"signatures":[{
"alg":"S512",
"kid":"MDPY-AB62-RLL2-FDZF-GHYB-LS2G-HMZX",
"signature":"bv3JbW8GRQu1egN3K01uXFs7paCiLPnZVLzSx9
qd_32oO3DoZ62Hm5GuTTOQ1dq7JevCjPXu7YKASxo1tsKI_u0yu_NH0MTsBQJzQiP
mzxl1Rady4rrCZMmMmuE1n1EyVqOpqVMRPVbh9xE7We6NMDkA"}
],
"PayloadDigest":"ryWXi7qqqFa2kAgjv94kWwiHa3rmnDkuxKSv_n
HYCNvAgGNE7ChW9nod4MmT5mO5Lq4jHrFv2PoVvIjhmQnuDg"}
],
"EnvelopedActivationDevice":[{
"enc":"A256CBC",
"dig":"S512",
"kid":"EBQA-ORX6-SYUD-OBPD-66UK-UJLF-T7EE",
"Salt":"P5HCNTSxumoCQDNal1lMpw",
"recipients":[{
"kid":"MDZU-LVEQ-FWVC-ZTZQ-5ZVM-HDFW-CMCR",
"epk":{
"PublicKeyECDH":{
"crv":"X448",
"Public":"1hxJpV39-ClXIGUxEJs_9Lh3Z89iMG6BQO0zY
GoiNblDPvTpFDe5pjUlR6qT-jEdufWzDx_F1aEA"}},
"wmk":"j64N7JuT_Azf6nyreYH_0f6hKXzg3fs0Jyw_7gLbNBT7
OBNm-1gurQ"}
],
"ContentMetaData":"ewogICJNZXNzYWdlVHlwZSI6ICJBY3RpdmF0
aW9uRGV2aWNlIiwKICAiY3R5IjogImFwcGxpY2F0aW9uL21tbS9vYmplY3QiLAogI
CJDcmVhdGVkIjogIjIwMjEtMDktMjBUMTg6MTY6MTlaIn0"},
"vBjl0qXoEna0h1vrwmO2PlPb3drpoXtxV38i7NCiuNkG9JSJt1UTugrm
SqyTYrA08GWWZZ9vA7Sq85RMTM37_mV0j51_9iRjunLAs5IIhF5xLA2AGwLc23uPY
QYHylzOt2QtokoZRDsDUrhX-pRDECpUz0iP30mamSjMkfF5DgV6XxQXZfQvQDZx-r
DdYSY-NoiG3QZc0ZJEdqASaqovqVOD1iENIrS0iwB5AhbDl3r5DxMNVtUrysNfTim
67nQX",
{
"signatures":[{
"alg":"S512",
"kid":"MDPY-AB62-RLL2-FDZF-GHYB-LS2G-HMZX",
"signature":"wYBXRTndm1EFpMSV9lCgMjcDFicQB3xQM_ZKT3
IVnK2x7LMFY3qXHE8SI_7J6_emWHmv2bbb31wAmf2PbogWoFoh6pFcMGyuejQkg4N
q1O4ggxJcjsB7qCBosZE25bB5WJb9zWKvyil3ZaVSQMWrWCgA",
"witness":"ZGGLtk4b7Ct7lOQk3rsj_1cQV7QJH-ogKcFMNXuL
XDI"}
],
"PayloadDigest":"96zhY9KlnQJYNfUqOhpspfkrJ-t10yNA3mR4jw
Is-AJRkO286wwuaaJlDuDTuxVBHhjlgDlIgw2ybvH6vSwsrQ"}
],
"EnvelopedActivationAccount":[{
"enc":"A256CBC",
"dig":"S512",
"kid":"EBQD-ZM5K-LKKF-ILS4-GG2S-IAU7-SNKB",
"Salt":"EqNwfNG2SEjWsph327NkWQ",
"recipients":[{
"kid":"MAS5-G3NR-FEG5-JNEE-NGTT-54EB-G4OI",
"epk":{
"PublicKeyECDH":{
"crv":"X448",
"Public":"ENwMs_Ynk2fPMeLnPbpHPNpPdDEe8wK_G7hBo
i9LVAOo1p99OY52W2fQqJttwA2HbbFC2RJWeq4A"}},
"wmk":"wmFdyKnrVtHTxjKz-gz1WjKsqJuGNOa91gJp4MYcEeBd
-inanGfo7g"}
],
"ContentMetaData":"ewogICJNZXNzYWdlVHlwZSI6ICJBY3RpdmF0
aW9uQWNjb3VudCIsCiAgImN0eSI6ICJhcHBsaWNhdGlvbi9tbW0vb2JqZWN0IiwKI
CAiQ3JlYXRlZCI6ICIyMDIxLTA5LTIwVDE4OjE2OjE5WiJ9"},
"k8c3LPLX26rouC5MrU71zZfy_j8xfpt0wQhizXeTzhgW87Y03Ce8TVIX
r4JE5PZudbrN5HSGNzzWhpLDGCCKp4wrdo-2SLMxFtrHokEP9ttcx_J1tU1NBA0F7
8wNghoh8k1GYai97f9uQ2ldaXTZIQmUR4gfpRzPp2riMYlgM2c-XJPnBAIpAUOmtC
3eUvUgk_D0e38Yn1Nd0vbekU0R_1h4qN30k3nTqHu7y9b1AkItX84jJftMIeyuZ-3
w9hcF-bUEI2HoWXb7OigE4x3OETE808MTza4IImDC6DqrEGdj1cXR7QswXdhTV6Fg
wTy-sk0bk8TYSDstGZh427FSNgAkQ65-RgrJVC2hbAt2aj37kOwwDzl7i3EXuCowH
i8ydkFPJTeOxrF2GdIacKEpxwgzs0JQdm2rF6ghm37yFX7A7C8AajQhJ1mJAiYYPR
kWj6hcNOhTnAQHlzlB_zJVst6Iu4ZMgIpbQgqKKeVh1f201SQaPXwtjD0WqcrarxC
y1idTdxhbaEioxVsmM9jzcEbL5WoLqiuSz6d-Xx1RegDzXLMXnDPp43Bh_v266MWy
JOKRNs7NQrU9qF0ZqnypaT9iokfaLGOBNBaAjU668riVxM3Va-nhiPZ6BvTpDqgTO
oBXDTjXm6Mkm6Za-cPZguJMSnxc8-IwCZSZyFQ4BJdBVCMkvC-DB84Y2TsrI1urBy
2q8la2F_bOF3MvTMV6W7Bvph9k80EmmlmH9FrEHeUvdQ6ROtCLgDDvEowlOxksmgM
5cXt_M62ikyzkk0M_prj7g4adRGf9DUYkiTGwjdk36cnIw6OiqQCehNj2Btr3bn4s
4_p0xFr4T7hyNdwFEd0euDo6YShb9QBoivXW2YiY4rYOVX-5f2itYaUbRygqsqGOp
G0xMWq-gYqZauA56uhPQcPt-t1E0LL1uDWSNfngWMcKR1Tv8rh1lXLI4rmEWDTeip
Tm8FiUSeqNWISJQo1jVOwM5W13dlOu0wuh_YIWTKmYHg6uP8KYJEyBxJOg7HCBe0B
c7bXochVqxfVyUaCZBFbESodHWIX7RIl5ne_7asYlVZ8fF-sw9kwwW3TkJc1lyFI2
hyy_djnnQURv7TeJMCP3w_5muAxzRbyLzPvuHh6h3dkkLLDmZyp3ru7wwFwUu32Q4
fCUkAFlZwAkz4APtyWgtAZbVd0P0v8CzgM1vMyoDuULNGjaOFqATj3m7J5_oWgdte
QkeSUX6cYto1fDQC-AkEsm30yqbluclXuA7Gm_3nAcmWLXlWPDA585BYHhFtXa0Xz
aQPT6hb25f9Ke4Y8-0lQJwDSmWQTeVKmQIZ7bTlqvjC5uvfjwQgWulagJB1gbP0Nv
HtbVsPy_sMPqgmPs1Yo1wc_a3hImYCQsA-ONXMTWhcavor2XyKtnGwU3aHs4n37MY
zjMGiskEj34hrGFbrns-3OMckKXIpAi9R7AMHbbtFOHN0v9r2Vksrp4t569bJjnlW
UE0R9A17C3ma_-XLoGzFrBo2b5X278wWEbjorG02gSztScqf0EMHrIupZNcdbzKo7
jiK7oTAfowlDuwUElqtTt3LXIBvwUSCe-xsfTpBFt8rjgCw9Z8UUsBbvK1_6-mS2b
E1THWJQcAVcgVxqPLpItQkWqmJ1hJv1K_OnzPcQllWuY2zvROZOqFopHhU2iykLRr
xNJVnzThNipe09qVZ-2xxiNIUWxF_BIv8ffKIVZ7fYKf5N7omawGKqBz_9R-AtkPJ
gqNGVUCItQaOCC6NuVDnkHGNKeHTDI4ihHpx31urIYPlzy5TZPP1VHIN_0991xtJD
rnvMnX40iYjxo6REI1Sg9CpjPBfsghKS-xE2OvtvzDnRZegmaz21DQD7YqXBZUykh
VSOBgLyvdH8gZMfp8kYm5-6J99HkXsfMK7N6JULep85ZTfhgJa2xN5gqdVoleBaC5
AoEn0RO5gQUsmT90LAsOh0pr2TSTtLVPedc8j5_LDa9hiAgN_pKTv0xs_wg0VxEzD
kMe98TLm9jnJw9HUGSrGVUo6pfJ92QlgfaPWcIPj2AVw047n8z-zqGB2RUXuXhYky
51ucuoa4KfLrFDCfFP_uRTi2zSSArWPUYmS19Bi9b0sDCiJbY9J5mLSuNGh8M7Jie
NUO2XOMASr41z3iaTibAUM99G2Q4lf2QuqpTgGOJ4nZjf-EA2kRid6vdJ_Z3sICrF
tfZoUez_BS9wzFP3OSKNz2GpfzDL-wDaulWqADe4xmZcHa8Tp4h7of5IJASAj0KG9
D0uIZenExA_DjAcZ3RpHRYi3qNsXxaTif6SUDd1Zxo26Dv69ASvPNss8Jp8kA_j83
OAbSQEXEXIaA-VMzEFP0A0hZVFaVzCb1QWVC8MDFdkaYDHm3UUQX6UEm8FSFrQ1C6
brzYHtKTVecPpUynxzEyju9MnqNsdU9p4mX8AdadzL_nVOpXRAV7tW3IsC6_U9ksq
cVPWqVjGQBo3r5BZlh3mUvTDmYF3dfLOx98b3F4NF7DQOqipPmdvJIR_NzfvWV-vq
eBGmObwEvwoTlxkRHTwpY5z2pIKBfsA9jsbX8QiMFxu6sXVQUWVlY90BPO8XFKYYk
1w0o3Qa6kBlzEV4Atq1ivFUJtbmg3cE4syQQP2Z1n7bFx9oHDPLIhBI-uG137BYVH
vJ_zB4mdPsQtgJHrb7Ne_ChSrgiHc9wPzaidvXUWULHzSWJ6F4gA4kR9hXdOmLx5u
jUZ8fxEpHtNrGtfaiJCNBWzqIcRVfQbbxdSvo-7G5uLZxPIXLu6pqzW_BCG_UrXN4
gaTbx_CoIXqXK2XCVAhybpg1ns1_Oswnanb1ptjXBgRKpYLbwlp2XoV5aMnZXJq-R
Ili_7gQYZUPJDxlezWMNRAKZzp86OeVBKv9ta4HHxIOavq76ElCHi6Wi2EEaYN0Zq
EzD3CU0A4wR06fUq19B9wXuYOOqSyV5Xxupzh2jibfEuydwHzMRn5PMUPf_-NP-Hv
KY_fpVd2dtLK0gz1LF9vCfM2QrSYR6AJ-tp8TJ1rv9HJegD5dO9909PlC2R32Lj8Q
6d3NzJsVSXc8pg-jX-L7dyyTrsz0hkyV5qSSSLULo9f9cC55nqrx4vB6vSJ8vCnaj
zEImfgmGkHU3ApdTU5jFoMJX14ssoYOhkaKMHW01bhuwgDZ_2uySSHBzqORJe1FMR
kCvkdUNjcXcnGLzB4hSUh9hW19BX42xnNBfvxJZjja9MniLTMCfEfV1e5UmTEeiiB
o-ubMs-K_qz7EwCNddxRlQLKoytYc_Bwx1UwiWTaoOZVKoAHervd_X7svhZfhusls
TlBvK0li1AKp57qz7mRHXt0BAyy5YTIkR6JjURrMPhNptBuiMIvBcivDySt81O2yh
FB7uhjn82jz-KO3ILs57DlDFBLf_GxvfsN598wkg24IQ7PEEoJP3xx89Y3mYK8Fi8
u8nk_MT2moOWXge3oDD8H5OmIqywGMep5N8lI_VBAWFr6B-Zplu2_QvqO1oDdz-zi
-l9qPRKIkqOuzWIgaez4ZinKviYWi7lYie-lJfy2I8SiuidR6n1jZIcYTT7DJj7kZ
jKGeueMvydqXLGhNP8wqYCP_wu9D-4eSqtDS382_I5iuWIXO9zldbhBzqlbdbnVvk
RI8gDEZ3Of5tkO97_ga_auwK8-7c5lnENGbPwx84sdpB1hwgr7No70tnOr_A4ajSS
c4fA-L4mt0MMuKv1TWVZiQQzOyhIR8TA85d11ta6F4F3kNhox1SGtzCNn0ETFaquB
dCQdd2rujAWaqrJv2vkSIBYK8Wgwa2HSQ9QHQJIw9aZviurGRtTGVPccALAqdGKBC
AWEHGmBS9SsVKNrrw0JI7pxKJx-VxxnjW1uqpZxKOtfr2bHFHEUbbIxem2pOdBQ9p
CwdHo3vcWd-zdK1jt-TICwnUiLvs0cKq62QjD227TAs5ZGfd7_dfb2C_RLYdmhIxR
OiBfvStohPwwbX0OIwd0u6qEOqsMw4m87_4dtxL0Qkoi7LqpZvytP24kPVcuJcwwr
xfbHtpFWGVCeJGJsfHnFRaXXlm80F4mzjts4VWJeWAtlGIDqENxuGEBj2hWCAVs4D
OhIsE_c19ukw-Xcs_XPQ1By2Z7qA4yyu22ZZkSk6ivn1-SZ-05LLTf5i_BMcFgYEo
MrkVkJp-vf51hJHbZVLG2OfV3O5GusnjuQzVYngGUjDJrvtTQQQvhdZBhmShfB6eN
5OEyPuZersxL9MHh-nZp53iadAPJx2Ftrq-wvaKynK3u38LVM5Gx7Dmjg5Mt1UoLw
lNR_EjpJLd-zqyQq9XfoTqCmz5jsZwXkQtl1r3cdqGqyZ5yUp7YFTThqVxjvtxwF7
4rz9VmgsiHDB79ZFUzjg0jVsUduTSHy86MWkz9qDjUD3HkvyGxia7fyturpIUvP08
NSciR3M8j8zbRF9UGp5JPNjMRiLWduP0fUrziGxXvqXmU5ZMvNuQWkBwKz1Xg3Iw5
RTsU_Pot52ON_Wwc143H8gD-KJQuFtXtsUOX_vFkJclT8SozYMXMQ3sYAllXI1wrS
dxXyaI5ywx-bGfatQr8x8KLsMa_EshgSoBAexPjOmAT8b8EBr3w8tv-BJ6RYcl9on
l_A4cVeQbGxUa04CcmpFWRDMRLNfO93GY3iYWG2HbGAB45eBGo9ywkcnJAB-58UzL
xjQ5Y2zUV5NpaNZ5j5Rd2SqIhS1FKx78DPlF3tAv6Tyei-jMRCBsnkfRww3RU1hss
J8rgzo94qXFEDkUB1MJh9fMt3iemMSDhzm5gH8lhr4j364NUjKLAnu9cEgEpZRXds
cash-vfA5wqsycEwe0ps4fqxyN6-EgbA4YzKeBV0qyuUm_a84aaz6WBuGOMznQbT8
7p6Xi-uKnQx4zvx4C7KJe-g4sZpJLj-2DSiiSAYceCC9yhVnUoczDyfTJmoGFNcZn
7o26fYxaCbWObuAJkZT4Wh-fojKyAmoZ6N3ZPnw2wLDDeOE6Ry7e3B95kgnVYOrMz
R8pCO94bRwk0qdvZemh1PSH1lN_b7D7qppXzOXWtT7oZ-Alq0YxGPP3Rot0sVEJSp
hMloE3-jKnUlXGfd5LnFY8jVQinLOBZJmSgoEVQyAdByYOZ6WuAbA9OpsxtukG9de
eIYEtGNaEYAVV9izC8fEVaXHcpvC9Hln7dqAE4feyXatvddGYGyIqEfBW1Vb-BD-y
Q1RuiuFEDYmXNJnIxp7__JYkVxqiLIl_Sbnjm3teKYLSDLhi7De7Xd8NrOBodhp1M
X3oAs_P3mvRaKaRFiNvq984Oa8mygi8B6H0Lhl_LpMcu2XkwEOahAeLYRukwS91wg
2GKazgIJ1xWgyyf8xgogQVyRFUD9iSBofOYxV7QoTfMjl0wUTNPQ2PsjqPVXuAzm_
9m1w6npaiTRYKv0v-Q_8hMMxX_MAB6NW5kTsyX29zGHgHg0RSz4wXNfvry0rRTHOT
-u3czRa77tYQtFwBLJV8mRkYo2onVK0rmE6lu6lHqI8PneU2tAdu_MkrToQU04AFP
D7GrvpjqsSOATN9E7LR7ujpDlBeeidv9lQk8v1lqYPQeCy6JOdgud-t2gnSyPEV1u
yrl39NDpMNupnSDo_E-arWXwM6VJk9S7-eBUAjQlpKUPQ8K4B1qswXxliUL9sulAT
BhIc47LMN4G3F_3CDBPhkwSAQs2CCi4ZVa0FXK-3VtEAlMBVYJ5F1bmIy7kj1ToVS
dEalJ0w-gUpt5ElFmkWQtNlAra-a-LSIm9dgBF1vcFrW5tmXHJuX2iUoZMzN9wOgr
hMqf60f9NA74h8HiCvswfoEH04TJctu2rv0IGVPg4i-aYQdAhLOK1Oq_TsZUtbkPK
CAxyTiCguwxiao1DgVN6ZtChQ6pTI3ncmAcva_y4bU_924K86aAD55CQ13u3-HrN6
2L-PaHE1xaOXTp8eAUfG5PiXVbWmr2LEMcWAP2BKXu10h0umpMJsWQz8IxeXHO2AR
_TmbVRhUAH9qnjKLjg50tpQhzOkGEho4s_82V_dd0-I-qmAxth7r5VAIAwlne4Wb0
MoWiitrvYedQUy311G7AnuszxVeM8FlYE9TeiUa6fWxbAaDfwiw-419ELRf-lO7nF
Je1W57TAyexB8n3TO_2uR0vCq6QC5xCeA4G3k1I7HyxRQC6wmyWPhPTNDVBzlzWhL
pMPJ5QFY-DU033jhDXYXmsw2VBlwRuIECO2Qk-b_ggxUuLurSIXXuh0hofp59dC6z
gMtxanHB6JPx5xVEJyQ5hbvKJ8I--iO1o5xmls06YzvxIIFKVaFM2zUjd5s7qu7xu
IGIp0tgBMHQt1e6xg4xFeSP4KBRwgNbEyH8EedafqsLv10uw6A1JiSAmr3b_GYZ9c
CI6i3hONZgp3oyC5HfDQj0ZaT5J51ZvGN7MzS_UZpPY2KWzUas9ZALnZlc9Jwak7l
QL7ykINBJJff9Uzv50PQoyruDC628XcjHFp2TTQ-HUtRD72MC-jBpDEnImNlIxCeh
IO0k82_tWraBc-T_jrIeaZs9VWWZnQQLnJdfobthgA2qqjBau9qq-f436TiCsofYZ
sqdjLJ7Vknr6ERvIsN13im6ML8MDYzGF9Sm3sYXT-vvQAWl-sbMLFyH8gl5iGLuma
LKwSlEm5h0QO_SfvD5UROsXM8wrBbus4pmoajQ-49tsd-2yQXQmyOmqHgd7-a4QVO
_i004496iTm50-Knm3YDPQ71dLtFZN_49zE-Yh_rD_xEnx9ShY9TOZ3dxR5EnJ0lr
TrWN1j41AfiskvAkH1uANMzuL85nfGelh_2DmLNI7qu3-NIez2maxQLaNcx5uIeKz
XcR6hoAkNeseyVSXsCeaJT8FMNQ4J1qVR_KLkLzTajWgWIPbYgYW6fbQ3XNXaibGW
8lS0NR4a13NdtH-Z9FcTqrfDjEb5xvKQZ3R5Lukx-XUbigDkXR8vVIN5-Xmk_r_pn
NTEowDh4htGLST-LPb-J_CdnVQHwnWQWAhR1psmXgBSyTAE_jsQ0SS3nrAJhgySLu
rLrW64vsJBIppDVivhN3bu5fLYM6g1kirt0SSSrlZ7ivK3ydPCfjaqgUJyIdukMzq
Hfu2RpLfoe3l9xg7_msHOzQhRu5FSoMMNYj9WlTQTILu6nCrLqZ0tXRg9T8rwEjIM
uUmt4Si14geK20-KyDqE87HA0haiJ9Rl7LG2PC4vowQvEG3VS0uNzcaVoI4JyAXAX
yyDc9LF7Z3y_thZKL289rqDqbq8xcnMTziqeCJ5dRvGFRmQZS2JGOT3NJwsygxpY9
-FP7FL_MCRpFRx0Im0FOa0x3ldiPjrU0f-0c4kCc3YoEj6HRKLete-UjkLyieAGXS
e0hZ0Dz5TN34CnpXHBM_9BIJA84ImLETdUSle9PvW82x-19RzSczky1u2DPSfXahX
9o1HzMxIhqzIl7UQNKGM5ZeQlyvcY7yfvwVoBc64bruopz8R1VxqvBx05iW2lkSTE
IErUQsiF1RN3Nrfkd3oXoJbOW7EPSGq3VWyXpV327f_NzydJrUOmMXAZf_kXtcbTH
bUVpZCI8Q7gTSFIiM5HB0FQi3sTK206L8THJq2uq6PDQP1cySMQQdBcc2jldRDKQW
vxx6qe0XAOfL9M9xa9er2EspK2-wTthVK2GIAucyiyaKpG0VIcEYsk5YciQCeQH9j
29btKDkPVOMOyndb7Ty_p65icQRZklcQJNFQix8_AEmW5oZycCbfQfPY9oKCMZOJ8
A5oCl4O-ezKH8OForClyoZ5n-6CutZ1H0fZiMfdcTKxn_wC9vFdwMrED0n0fbvN-K
_D4lhO5Y_dfBNFkckMIFXXlYH3P9fVuFJNcSZaVZsE4v2bjPDWX2y9VRDYBIS4nk5
NuOuNErlvYuogj_bs19T-naR7ecMKJ7acpxQBM405A2YkBqX5zVCIAovEhVatYs3l
ejYRQNnZlO-rXyWj3ELcL5CWmcLzXnTJpPdoMsW1CTGb6OeIqHsPsUS8mM-cQjI_q
eEzA9QholSDqm8CaXnYAiGPl3gb9bY8yvoUqBzYrBkIhhaD_P88ClOe2AJDBcBFZf
pIc4Oj5GA-7Uu3STFk9utDp5xAnQgQokwYSUsd7ft7pmJSVNUD3cEE50aiAFDtOId
KetywsuRJtaVIWzd9MpzyCRcItITfUapn9O0BU11NBvW34ScChaPtbK0wsPR7maYh
0prZUIi-bPsagMX6tUkBA56O8M6mMx8_p0UuMigWiXin2h_YwDmnWkQ54deydi0SX
Gc8fb648RUxu1vn28uwMB1CUiW8ckyrzhwjqtjurIeIKaBf9-nIwLvUURcmhqVXT5
6L-iU5ggrFBJUB8irouzy9uvOGq4abeJHJKFTDGLE4aO8sqgAAYAn-PpsBN19ajjD
GR8D8xpSk1xj_ixK-kxWBVvIn2pXPGB6D2Lw_rcLyvalmo5udswp7MDftzr40B5hV
V84N0GcdPbbcrbiwIOjMeWBJi-xIvN0kDtbXe6iSM6F4gNg1wEYOQSSDQuElFq-c8
wFKzUN9_SN0AwUCQpVH8zBN6OzF2-MLhbiKRepaiJTIid3QT9LB33vmRYVFkYEgNj
SXx_vFd27n9eEUKaP6U8i7r4LlSBBr9IQe5ipBSwohNEtZ-c",
{
"signatures":[{
"alg":"S512",
"kid":"MDPY-AB62-RLL2-FDZF-GHYB-LS2G-HMZX",
"signature":"TBbLkF3G0WoPLuoUJWGdd3rVxIgRgJxnehjRed
vKn2EWcCcSyUVinREhUrh2dgXcRE7Hm2wGzrGA9RgOR6Mm-oIKQvgkB4qfJ8fu7HK
h8VisGTqQ4g7ku2nVvFGudmyjBAoOw83uGi7Z64Vw7Tj8zyQA",
"witness":"OiD9-4v22pZSzegadlz8exiAgAbD6BjEd5N5XVeY
WXA"}
],
"PayloadDigest":"VKt5nl9KhxQsiN8kp7jDA7xXA3dVDrYNst7d3c
gYTXVk8Ac8MOMeRyIWmeyTfh50QOWmgR978v-TRyvlgQRsvQ"}
]}}}¶
This is posted to the local spool.¶
The device periodically polls for completion of the connection request using the Complete transaction.¶
To provide a final check on the process, the command line tool presents the UDF of the account profile to which the device has connected if successful:¶
Alice3> device complete Device UDF = MBJ4-CDEK-6JA2-WGKY-4C2Z-VSYP-KOFM Account = alice@example.com Account UDF = MC6L-GFYJ-7EOP-2OWN-24ZJ-4RC7-EXTW Alice3> account sync¶
The completion request specifies the witness value for the transaction whose completion is being queried:¶
{
"CompleteRequest":{
"AccountAddress":"alice@example.com",
"ResponseID":"MB3U-D5WR-CRBE-PM3W-BXKC-WJL7-7QMZ"}}¶
The Service responds to the complete request by checking to see if an entry has been added to the local spool. If so, this contains the RespondConnection message created by the administration device.¶
The preconfigured device connection interaction is used to connect devices that lack affordances such as a display or a keyboard. It is also known as the static QR code interaction because a static QR code printed on the device itself is used to connect it to a user's account.¶
Future: Note that this interaction is likely to be changed substantially in future revisions of the specification and the Claim/PollClaim mechanism removed and replaced with a messaging based approach.¶
The interaction has five phases:¶
The device to be onboarded is preconfigured with a ProfileDevice and private key information and a DeviceDescription posted to a publication service. This process is typically performed during manufacture. An EARL providing the ability to locate and decrypt the description is printed on the device itself as a QR code.¶
The administration device acquiring the onboarding device scans the QR code on the device and uses this information to obtain the device description by means of a Claim operation described above as described in the Device Description.¶
This phase is performed in the same manner as the Dynamic QR Code (PIN) Authenticated interaction except that the administration device MAY advise the device that a connection request is being made by additional means described in the device description (e.g. WiFi, Bluetooth).¶
When connected to a network, the preconfigured device periodically attempts to poll the connection sources specified to find out if there is a pending request. If a connection request is posted, the device decrypts it to allow it to complete the connection process.¶
This phase is performed in the same manner as the Dynamic QR Code (PIN) Authenticated interaction except that the administration device requires notice that of the pending connection request.¶
The main differences between this connection interaction and the witness/PIN connection interactions are that the device is preconfigured with the device profile at the time of manufacture and the onboarding device MAY be acquiring network configuration information during the connection process.¶
The manufacturer preconfigures the device¶
Maker> device preconfig Device Udf: MCAE-LHYD-7TBQ-LOVT-GPE7-I3PX-6MQ3 File: EBPB-YSBL-44F5-5ADN-PJHJ-CCJP-EU.medk¶
This results in the creation of the device preconfiguration record to be published to the Publication catalog of the device manufacturer:¶
{
"DevicePreconfiguration":{
"EnvelopedProfileDevice":[{
"EnvelopeId":"MCAE-LHYD-7TBQ-LOVT-GPE7-I3PX-6MQ3",
"dig":"S512",
"ContentMetaData":"ewogICJVbmlxdWVJZCI6ICJNQ0FFLUxIWUQtN1
RCUS1MT1ZULUdQRTctSTNQWC02TVEzIiwKICAiTWVzc2FnZVR5cGUiOiAiUHJvZml
sZURldmljZSIsCiAgImN0eSI6ICJhcHBsaWNhdGlvbi9tbW0vb2JqZWN0IiwKICAi
Q3JlYXRlZCI6ICIyMDIxLTA5LTIwVDE4OjE2OjMzWiJ9"},
"ewogICJQcm9maWxlRGV2aWNlIjogewogICAgIlByb2ZpbGVTaWduYXR1cm
UiOiB7CiAgICAgICJVZGYiOiAiTUNBRS1MSFlELTdUQlEtTE9WVC1HUEU3LUkzUFg
tNk1RMyIsCiAgICAgICJQdWJsaWNQYXJhbWV0ZXJzIjogewogICAgICAgICJQdWJs
aWNLZXlFQ0RIIjogewogICAgICAgICAgImNydiI6ICJFZDQ0OCIsCiAgICAgICAgI
CAiUHVibGljIjogIm84dXk2ZDhiWjRvTnlSQTlvZHNvQWJQSzl0SGVEc3loYWVQNF
9ia2s3WDdRMHZxSUlPSk0KICBUMy1TU2lBYlVCNzNvNnhiRzVXcEE5U0EifX19LAo
gICAgIkVuY3J5cHRpb24iOiB7CiAgICAgICJVZGYiOiAiTUIySi1aTVZFLUxXT0wt
N1dUSi1PVEw0LVkzU0QtWlY1WSIsCiAgICAgICJQdWJsaWNQYXJhbWV0ZXJzIjoge
wogICAgICAgICJQdWJsaWNLZXlFQ0RIIjogewogICAgICAgICAgImNydiI6ICJYND
Q4IiwKICAgICAgICAgICJQdWJsaWMiOiAiVTFKbEF0TDdpWk85d2VVZVgzWktQZnB
3LTc5QW15cnZzVW40b1cweEI3Nk50enF5a0k0QgogIDRYdlNMYkc3ZkdPd1AtY1k5
Mmo5YXBPQSJ9fX0sCiAgICAiU2lnbmF0dXJlIjogewogICAgICAiVWRmIjogIk1ER
lAtRVhYRy1CN0g0LUFNNkktTjZDVy1NNFBYLTVXV0EiLAogICAgICAiUHVibGljUG
FyYW1ldGVycyI6IHsKICAgICAgICAiUHVibGljS2V5RUNESCI6IHsKICAgICAgICA
gICJjcnYiOiAiRWQ0NDgiLAogICAgICAgICAgIlB1YmxpYyI6ICJ1ek1YcTdwZUZi
UmVsYklrTERpenQwcW1qWmhKZ0FDdHhvN2J0SDNxVE9DYlV2bmNYMVFrCiAgVXA1d
WVDMUdfWUZuSnB6d09iZ09DNXNBIn19fSwKICAgICJBdXRoZW50aWNhdGlvbiI6IH
sKICAgICAgIlVkZiI6ICJNRDJXLVVEQ0stR05BRC1TSzVCLUFUNzUtQ0s2VS1QTEE
2IiwKICAgICAgIlB1YmxpY1BhcmFtZXRlcnMiOiB7CiAgICAgICAgIlB1YmxpY0tl
eUVDREgiOiB7CiAgICAgICAgICAiY3J2IjogIlg0NDgiLAogICAgICAgICAgIlB1Y
mxpYyI6ICIycEctd1dIdmtiUGRxU2RJV1diMTFaWkc2aDJQOWY3WnRGdW1mcFlseV
RCTy1qWUQ1RHNaCiAgNjZvWFJPUDFkWlV5bU9qUUFsSGUxTE1BIn19fX19",
{
"signatures":[{
"alg":"S512",
"kid":"MCAE-LHYD-7TBQ-LOVT-GPE7-I3PX-6MQ3",
"signature":"ei7ljOVDEL4ZsmntYCuw1hJTzfhVaARcYjQXLoSi
I3uVOTc8QUu1mfOqxcWqBg_iJaxzLWgol6kAdYmCOXOZLJGeFcqRc8X5cp1yo_u3J
-RtBg16eT5OrAyyiKMAF-x14V8SZoND3AokujhS6_vn4DcA"}
],
"PayloadDigest":"5fmX2PgCMfBvPkOAI1M3YiDPkT48IxlOlCTFclUN
suqOmAqSESi5KUOTINgjX_0MMMCFjX5OcCwXTENz1GH-dA"}
],
"EnvelopedConnectionDevice":[{
"dig":"S512",
"ContentMetaData":"ewogICJNZXNzYWdlVHlwZSI6ICJDb25uZWN0aW
9uRGV2aWNlIiwKICAiY3R5IjogImFwcGxpY2F0aW9uL21tbS9vYmplY3QiLAogICJ
DcmVhdGVkIjogIjIwMjEtMDktMjBUMTg6MTY6MzNaIn0"},
"ewogICJDb25uZWN0aW9uRGV2aWNlIjogewogICAgIkF1dGhlbnRpY2F0aW
9uIjogewogICAgICAiVWRmIjogIk1CMkotWk1WRS1MV09MLTdXVEotT1RMNC1ZM1N
ELVpWNVkiLAogICAgICAiUHVibGljUGFyYW1ldGVycyI6IHsKICAgICAgICAiUHVi
bGljS2V5RUNESCI6IHsKICAgICAgICAgICJjcnYiOiAiWDQ0OCIsCiAgICAgICAgI
CAiUHVibGljIjogIlUxSmxBdEw3aVpPOXdlVWVYM1pLUGZwdy03OUFteXJ2c1VuNG
9XMHhCNzZOdHpxeWtJNEIKICA0WHZTTGJHN2ZHT3dQLWNZOTJqOWFwT0EifX19LAo
gICAgIlNpZ25hdHVyZSI6IHsKICAgICAgIlVkZiI6ICJNREZQLUVYWEctQjdINC1B
TTZJLU42Q1ctTTRQWC01V1dBIiwKICAgICAgIlB1YmxpY1BhcmFtZXRlcnMiOiB7C
iAgICAgICAgIlB1YmxpY0tleUVDREgiOiB7CiAgICAgICAgICAiY3J2IjogIkVkND
Q4IiwKICAgICAgICAgICJQdWJsaWMiOiAidXpNWHE3cGVGYlJlbGJJa0xEaXp0MHF
talpoSmdBQ3R4bzdidEgzcVRPQ2JVdm5jWDFRawogIFVwNXVlQzFHX1lGbkpwendP
YmdPQzVzQSJ9fX0sCiAgICAiRW5jcnlwdGlvbiI6IHsKICAgICAgIlVkZiI6ICJNQ
jJKLVpNVkUtTFdPTC03V1RKLU9UTDQtWTNTRC1aVjVZIiwKICAgICAgIlB1YmxpY1
BhcmFtZXRlcnMiOiB7CiAgICAgICAgIlB1YmxpY0tleUVDREgiOiB7CiAgICAgICA
gICAiY3J2IjogIlg0NDgiLAogICAgICAgICAgIlB1YmxpYyI6ICJVMUpsQXRMN2la
Tzl3ZVVlWDNaS1BmcHctNzlBbXlydnNVbjRvVzB4Qjc2TnR6cXlrSTRCCiAgNFh2U
0xiRzdmR093UC1jWTkyajlhcE9BIn19fX19",
{
"signatures":[{
"alg":"S512",
"kid":"MA6N-NN7E-CNN2-75BX-BGLB-ME6F-7FCH",
"signature":"ZOLaqvLsui6n-LB5_C_Q3seRS5ilBxiuFFPp_NU9
1fIF4qQYTh7opYmj8_h3bMuSrCBOCtmYlWgANuzu5LEtH-A_J2jR-euzFV7V3DbFJ
QwA8gDb9XhuRZF8FV8V0DfmN1l8AVex0Z7q-clZPodLaCcA"}
],
"PayloadDigest":"cBn1RX2qmv9mzrgeUmHN8IhFBLKAmQnMaOUUIxri
yKS6DWWVyTxNrNi3D-MD-UJH9zXvSX-GPT6F95mZbm658g"}
],
"EnvelopedConnectionService":[{
"dig":"S512",
"ContentMetaData":"ewogICJNZXNzYWdlVHlwZSI6ICJDb25uZWN0aW
9uU2VydmljZSIsCiAgImN0eSI6ICJhcHBsaWNhdGlvbi9tbW0vb2JqZWN0IiwKICA
iQ3JlYXRlZCI6ICIyMDIxLTA5LTIwVDE4OjE2OjMzWiJ9"},
"ewogICJDb25uZWN0aW9uU2VydmljZSI6IHsKICAgICJBdXRoZW50aWNhdG
lvbiI6IHsKICAgICAgIlVkZiI6ICJNQjJKLVpNVkUtTFdPTC03V1RKLU9UTDQtWTN
TRC1aVjVZIiwKICAgICAgIlB1YmxpY1BhcmFtZXRlcnMiOiB7CiAgICAgICAgIlB1
YmxpY0tleUVDREgiOiB7CiAgICAgICAgICAiY3J2IjogIlg0NDgiLAogICAgICAgI
CAgIlB1YmxpYyI6ICJVMUpsQXRMN2laTzl3ZVVlWDNaS1BmcHctNzlBbXlydnNVbj
RvVzB4Qjc2TnR6cXlrSTRCCiAgNFh2U0xiRzdmR093UC1jWTkyajlhcE9BIn19fX1
9",
{
"signatures":[{
"alg":"S512",
"kid":"MA6N-NN7E-CNN2-75BX-BGLB-ME6F-7FCH",
"signature":"-fKRQYisB0gxu75Xe0OKC77g2uptgJyzvmLIKIMg
vXsvn3Gf0BpGlJN6wwNadK4VWHY9HU9z8w-ARK_ozkDLHIUtxwntd_ws0s03AqNLm
K-Fjc3jf-A7lanS7OeoCAsnXfQ7Kqa91pMHbotBtPvR0RwA"}
],
"PayloadDigest":"__OnArXqFpZbdPVxS1HVHKpKhvJ1nhD8QA0mOLzM
LOOgEyWe9khDNTY1M35w1rlthBjSLMV_6heRhUhqEi8VoA"}
],
"PrivateKey":{
"PrivateKeyUDF":{
"PrivateValue":"ZAAQ-BLGK-V4DZ-ZFV7-QJZY-OOAU-SNMB-4C6Y-57P
H-L7OQ-A3VF-655A-GYQM-H4SF",
"KeyType":"MeshProfileDevice"}},
"ConnectUri":"mcu://maker@example.com/EBPB-YSBL-44F5-5ADN-PJHJ-
CCJP-EU"}}¶
The preconfiguration record is retreived and decrypted by means of an EARL:¶
QR = {Connect.ConnectEARL}¶
The EARL is converted to a QR code and printed on the device.¶
The private seed and connection record is provisioned to the device to be written to the device firmware:¶
>>>> Unfinished ProtocolConnectEARL/device publication¶
Oh **** the data published to the spool is simply the encrypted ProfileDevice!!!!¶
The administration device scans the QR code and obtains the Device Description using the Claim operation as shown in section $$$$. The administration device creates the ActivationDevice and CatalogedDevice records and populates the service as before.¶
Alice> account connect ^
mcu://maker@example.com/EBPB-YSBL-44F5-5ADN-PJHJ-CCJP-EU /web
¶
Every Mesh Portal Service transaction consists of exactly one request followed by exactly one response. Mesh Service transactions MAY cause modification of the data stored in the Mesh Service or the Mesh itself but do not cause changes to the connection state. The protocol itself is thus idempotent. There is no set sequence in which operations are required to be performed. It is not necessary to perform a Hello transaction prior to any other transaction.¶
A Mesh Portal Service request consists of a payload object that inherits from the MeshRequest class. When using the HTTP binding, the request MUST specify the portal DNS address in the HTTP Host field.¶
Base class for all request messages.¶
[No fields]¶
Base class for all request messages made by a user.¶
A Mesh Portal Service response consists of a payload object that inherits from the MeshResponse class. When using the HTTP binding, the response SHOULD report the Status response code in the HTTP response message. However the response code returned in the payload object MUST always be considered authoritative.¶
Base class for all response messages. Contains only the status code and status description fields.¶
[No fields]¶
The Mesh Service protocol makes use of JSON objects defined in the JOSE Signatgure and Encryption specifications and in the DARE Data At Rest Encryption extensions to JOSE.¶
The following common structures are used in the protocol messages:¶
Describes a Key/Value structure used to make queries for records matching one or more selection criteria.¶
Specifies constraints to be applied to a search result. These allow a client to limit the number of records returned, the quantity of data returned, the earliest and latest data returned, etc.¶
The container to be searched.¶
Only return objects with an index value that is equal to or higher than the value specified.¶
Only return objects with an index value that is equal to or lower than the value specified.¶
Only data published on or after the specified time instant is requested.¶
Only data published before the specified time instant is requested. This excludes data published at the specified time instant.¶
Specifies a page key returned in a previous search operation in which the number of responses exceeded the specified bounds.¶
When a page key is specified, all the other search parameters except for MaxEntries and MaxBytes are ignored and the service returns the next set of data responding to the earlier query.¶
Specifies constraints on the data to be sent.¶
Maximum number of entries to send.¶
Specifies an offset to be applied to the payload data before it is sent. This allows large payloads to be transferred incrementally.¶
Maximum number of payload bytes to send.¶
Return the entry header¶
Return the entry payload¶
Return the entry trailer¶
Describes the account creation policy including constraints on account names, whether there is an open account creation policy, etc.¶
Specifies the minimum length of an account name.¶
Specifies the maximum length of an account name.¶
A list of characters that the service does not accept in account names. The list of characters MAY not be exhaustive but SHOULD include any illegal characters in the proposed account name.¶
The entries to be uploaded.¶
Report service and version information.¶
The Hello transaction provides a means of determining which protocol versions, message encodings and transport protocols are supported by the service.¶
The PostConstraints field MAY be used to advise senders of a maximum size of payload that MAY be sent in an initial Post request.¶
Specifies the default data constraints for updates.¶
Specifies the default data constraints for message senders.¶
Specifies the account creation policy¶
The enveloped master profile of the service.¶
The enveloped profile of the host.¶
Request creation of a new service account or group.¶
Attempt¶
Request binding of an account to a service address.¶
Reports the success or failure of a Create transaction.¶
Request deletion of a service account.¶
Request creation of a new portal account. The request specifies the requested account identifier and the Mesh profile to be associated with the account.¶
[No fields]¶
Reports the success or failure of a Delete transaction.¶
[No fields]¶
Request information necessary to begin making a connection request.¶
The signed assertion describing the result of the connect request¶
Request objects from the specified container with the specified search criteria.¶
Request objects from the specified container(s).¶
A client MAY request only objects matching specified search criteria be returned and MAY request that only specific fields or parts of the payload be returned.¶
Specifies constraints to be applied to a search result. These allow a client to limit the number of records returned, the quantity of data returned, the earliest and latest data returned, etc.¶
Specifies the data constraints to be applied to the responses.¶
Return the set of objects requested.¶
Services SHOULD NOT return a response that is disproportionately large relative to the speed of the network connection without a clear indication from the client that it is relevant. A service MAY limit the number of objects returned. A service MAY limit the scope of each response.¶
The updated data¶
Attempt an atomic transaction on the containers and spools associated with an account.¶
Upload entries to a container. This request is only valid if it is issued by the owner of the account¶
The data to be updated¶
The account(s) to which the request is directed.¶
The messages to be sent to other accounts¶
Messages to be appended to the user's inbound spool. this is typically used to post notifications to the user to mark messages as having been read or responded to.¶
Messages to be appended to the user's local spool. This is used to allow connecting devices to collect activation messages before they have connected to the mesh.¶
Response to an upload request.¶
The responses to the entries.¶
If the upload request contains redacted entries, specifies constraints that apply to the redacted entries as a group. Thus the total payloads of all the messages must not exceed the specified value.¶
The index value of the entry in the request.¶
The index value assigned to the entry in the container.¶
Specifies the result of attempting to add the entry to a catalog or spool. Valid values for a message are 'Accept', 'Reject'. Valid values for an entry are 'Accept', 'Reject' and 'Conflict'.¶
If the entry was redacted, specifies constraints that apply to the redacted entries as a group. Thus the total payloads of all the messages must not exceed the specified value.¶
Request to post to a spool from an external party. The request and response messages are extensions of the corresponding messages for the Upload transaction. It is expected that additional fields will be added as the need arises.¶
[No fields]¶
Claim a publication¶
The claim message¶
The encrypted device profile¶
Check party making claim¶
The claim message¶
[No fields]¶
[No fields]¶
[No fields]¶
Perform a set of cryptographic operations¶
The service account the capability is bound to¶
[No fields]¶
The security considerations for use and implementation of Mesh services and applications are described in the Mesh Security Considerations guide [draft-hallambaker-mesh-security].¶
All the IANA considerations for the Mesh documents are specified in this document¶
A list of people who have contributed to the design of the Mesh is presented in [draft-hallambaker-mesh-architecture].¶