<?xml version="1.0" encoding="utf-8"?>
  <?xml-stylesheet type="text/xsl" href="rfc2629.xslt" ?>
  <!-- generated by https://github.com/cabo/kramdown-rfc version 1.7.39 (Ruby 4.0.5) -->


<!DOCTYPE rfc  [
  <!ENTITY nbsp    "&#160;">
  <!ENTITY zwsp   "&#8203;">
  <!ENTITY nbhy   "&#8209;">
  <!ENTITY wj     "&#8288;">

]>


<rfc ipr="trust200902" docName="draft-oiwa-path-characteristics-service-01" category="exp" submissionType="IETF">
  <front>
    <title abbrev="SHNM - PCS">Secure Hybrid Network Monitoring - Path Characteristics Service</title>

    <author fullname="Yutaka OIWA">
      <organization abbrev="AIST Japan">National Institute of Advanced Industrial Science and Technology (AIST)</organization>
      <address>
        <email>y.oiwa@aist.go.jp</email>
      </address>
    </author>
    <author fullname="Satoru Kanno">
      <organization abbrev="GMO CONNECT">GMO CONNECT Inc.</organization>
      <address>
        <email>kanno@gmo-connect.jp</email>
      </address>
    </author>
    <author fullname="Yumi Sakemi">
      <organization abbrev="GMO CONNECT">GMO CONNECT Inc.</organization>
      <address>
        <email>sakemi-yumi@gmo-connect.jp</email>
      </address>
    </author>

    <date year="2026" month="July" day="06"/>

    <area>General</area>
    
    <keyword>Internet-Draft</keyword> <keyword>Hybrid cloud</keyword> <keyword>Multi cloud</keyword> <keyword>Security monitoring</keyword> <keyword>Telemetry</keyword> <keyword>Monitoring</keyword>

    <abstract>


<?line 62?>

<t>"Secure hybrid network monitoring – Problem statement" <xref target="I-D.oiwa-secure-hybrid-network"></xref> identifies challenges in securing and monitoring networks deployed across hybrid and mixed cloud environments. This document introduces the Path Characteristics Service (PCS), a service that enables applications and operators to verify whether a given network path conforms to their declared requirements ("intent") regarding security, compliance, and operational properties. Unlike traditional network monitoring, PCS does not expose raw network state; instead, it evaluates the user's intent against the actual path characteristics and returns a conformance result (match or no-match). This intent matching approach allows multi-stakeholder environments to verify path properties without disclosing sensitive internal infrastructure details. This document describes an architecture and interfaces for PCS; it expresses recommended behaviors and constraints using the normative keywords of BCP 14, but does not specify a wire protocol or its encoding.</t>



    </abstract>



  </front>

  <middle>


<?line 66?>

<section anchor="introduction"><name>Introduction</name>
<t>Virtualized resources such as cloud computing infrastructure are rapidly replacing traditional network and computing environments, including on-premises servers and locally managed clusters. In hybrid and multi-cloud deployments <xref target="ISO-IEC-5140"></xref>, the physical characteristics of resources — e.g., server location, local network topology, or the operators of network devices — are typically hidden from users in exchange for flexibility, redundancy, and cost benefits. At the same time, cryptographic protection mechanisms such as TLS or IPsec are widely used to secure communications into and out of these systems.</t>

<t>However, as identified in <xref target="I-D.oiwa-secure-hybrid-network"></xref>, there remain many cases where application-level security depends not only on encrypted communication channels but also on specific properties of the underlying network and intermediate nodes. Examples include:</t>

<t><list style="symbols">
  <t>Sensitivity to traffic analysis, where encrypted flows may still leak metadata;</t>
  <t>Legal or regulatory requirements mandating that certain properties (e.g., jurisdiction, physical location, or operational control) be verifiable;</t>
  <t>Threats such as Denial-of-Service (DoS) attacks, which cannot be prevented solely through encryption.</t>
</list></t>

<t>In non-virtualized, self-managed networks, operators can use existing mechanisms (e.g., NETCONF, path validation) to obtain status and operational information about network components. These mechanisms are not sufficient in modern hybrid or multi-cloud settings, where visibility into the underlying infrastructure is significantly limited.</t>

<t>To address these gaps, this document introduces the Path Characteristics Service (PCS) as a technical approach for continuously verifying that the network paths used in complex environments such as hybrid or multi-cloud deployments conform to the user’s declared requirements (intent). PCS is intended to provide a common framework for securely evaluating path-level conformance, thereby enabling high-security applications to maintain trust in the network even in the presence of virtualization and limited direct control.</t>

<t>This document builds upon the problem statement and gap analysis presented in <xref target="I-D.oiwa-secure-hybrid-network"></xref>, and outlines a potential PCS architecture and its role in addressing the identified challenges.</t>

<t>PCS is a service for verifying whether the characteristics of network paths used by an application or tenant conform to the user’s declared intent. In this document, “path characteristics” include properties that can affect security or compliance (e.g., jurisdictional residency, operator identity along the path, path segments and facilities traversed, transport security properties, or exposure to known risks). “Intent” refers to the set of declarative requirements that a PCS Client submits, describing the desired or required properties of a network path. PCS defines:</t>

<t><list style="symbols">
  <t>(1) a data model and processing model for using path-related evidence already produced by existing telemetry mechanisms (e.g., IPFIX, NETCONF, gNMI, BGP-LS, SNMP),</t>
  <t>(2) methods to reconstruct a coherent view of the path and its attributes from such evidence,</t>
  <t>(3) an intent matching mechanism that evaluates whether a given path conforms to the user’s declared intent and returns a conformance result (match or no-match).</t>
</list></t>

<t>A key design principle of PCS is that it does not return raw network state to the requesting client. Instead, it returns the result of evaluating the user’s intent against the actual path characteristics. This approach prevents the disclosure of sensitive internal network details (e.g., ISP topology, internal routing structure) while still providing actionable conformance information.</t>

<t>PCS does not mandate a specific transport or routing technology, is not itself a traffic-measurement protocol, and does not replace existing routing- or control-plane security mechanisms. The acquisition of raw telemetry from network elements is performed by existing telemetry mechanisms and is outside the scope of PCS; PCS only gathers already-acquired telemetry into a form usable for intent evaluation. PCS provides a verifiable interface and data model that higher-layer systems can use to reason about path trust and to trigger operational actions.</t>

<section anchor="conventions-and-definitions"><name>Conventions and Definitions</name>

<t>The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 <xref target="RFC2119"/> <xref target="RFC8174"/> when, and only when, they appear in all capitals, as shown here.</t>

<t>Normative keywords in this document apply to PCS architectural behavior and to its security and privacy properties; they do not define a specific wire protocol binding or encoding.</t>

<t>The following terms are used throughout this document:</t>

<dl>
  <dt>Intent:</dt>
  <dd>
    <t>A declarative set of requirements submitted by a PCS Client, describing the desired or required properties of a network path (e.g., jurisdictional constraints, operator restrictions, latency thresholds). Note: PCS uses "intent" in a narrower, query-scoped sense compared to the broader lifecycle-oriented definition in Intent-Based Networking <xref target="RFC9315"/>. In PCS, an intent is a single declarative query evaluated against current path characteristics, rather than a persistent network-wide policy objective.</t>
  </dd>
  <dt>Intent Matching:</dt>
  <dd>
    <t>The process by which a PCS Server evaluates whether the actual characteristics of a network path conform to the client's declared intent, returning a conformance result (match or no-match) rather than raw network state.</t>
  </dd>
  <dt>Service Scope:</dt>
  <dd>
    <t>The predefined set of intent types and path properties that a PCS Server is authorized and configured to evaluate, as agreed upon between the PCS operator and its clients.</t>
  </dd>
  <dt>Acquire:</dt>
  <dd>
    <t>The extraction of raw telemetry from network elements, performed by existing telemetry mechanisms (e.g., IPFIX, NETCONF, gNMI, BGP-LS, SNMP) using their own push (export or streaming) or pull (query or polling) models. Telemetry acquisition — including specific styles sometimes called telemetry fetch (pull) or telemetry capture (observation) — is outside the scope of PCS. PCS does not define how telemetry is acquired.</t>
  </dd>
  <dt>Gather:</dt>
  <dd>
    <t>The PCS Server's internal process of aggregating and normalizing already-acquired telemetry into a form usable for intent evaluation (a PathView). Gathering is performed within the scope of PCS; it consumes telemetry produced by existing mechanisms and does not itself acquire telemetry from the network. In short, PCS gathers already-acquired telemetry into a form usable for judgment; it does not acquire telemetry from the network.</t>
  </dd>
  <dt>PathView:</dt>
  <dd>
    <t>An internal data structure assembled by the PCS Server that represents the reconstructed end-to-end path and its per-segment attributes (e.g., operator identity, geolocation, security properties, metrics). A PathView is built from per-hop telemetry evidence made available by operator-controlled telemetry mechanisms in the operator's domain (e.g., IPFIX, gNMI, BGP-LS) and gathered by the PCS Server and, where recursive composition is used, from conformance results received from other PCS Servers. The PathView serves as the input to the PCS Server's intent matching engine. By default, the PathView is not disclosed to PCS Clients; it may be included in a response only when the service scope permits and the <spanx style="verb">return_pathview</spanx> option is enabled.</t>
  </dd>
</dl>

</section>
</section>
<section anchor="design-principles"><name>Design Principles</name>

<section anchor="intent-matching-model"><name>Intent Matching Model</name>

<t>The core design principle of PCS is the intent matching model: PCS does not return raw network state or detailed internal topology to the requesting client. Instead, the client declares its requirements (intent) — such as jurisdictional constraints, approved operators, or latency thresholds — and PCS evaluates whether the actual path characteristics satisfy that intent. The result is a conformance decision (match or no-match), optionally accompanied by a verification level and provenance metadata.</t>

<t>This model provides two key benefits:</t>

<dl>
  <dt>Privacy preservation:</dt>
  <dd>
    <t>By returning only conformance results rather than detailed network state, PCS prevents the disclosure of sensitive internal infrastructure information (e.g., ISP topology, internal AS structure, router-level details) to external parties.</t>
  </dd>
  <dt>Interoperability across trust boundaries:</dt>
  <dd>
    <t>In multi-stakeholder environments, each operator can participate in PCS without being forced to reveal proprietary network details. Operators respond to intent queries within their pre-agreed service scope, maintaining operational independence while enabling end-to-end path verification.</t>
  </dd>
</dl>

</section>
<section anchor="architecture-design-goals"><name>Architecture Design Goals</name>

<t>To address the gaps identified above, this document describes a distributed architecture for assuring the network operation integrity for mixed and hybrid cloud applications. Such a system should:</t>

<t><list style="symbols">
  <t>Have a modeling of the network infrastructure in two dimensions: one axis in parallel to the network paths and forwarding directions, and the other axis for the layers of protocols.</t>
  <t>Have enough knowledge on the complex dependency of software and protocols; not only the network packet-forwarding technologies but also surrounding areas such as addressing and DNS must be covered.</t>
  <t>Have explicit handling of tunneling and virtualization aspects, both at the protocol level (e.g., VPNs, IP-IP, IPsec) and at the infrastructure level (IaC, Network-as-a-Service, Wavelength Division Multiplexing, etc.)</t>
  <t>Consolidate operation information at each operator's level and consider their pre-determined operation principles for evaluating integrity.</t>
  <t>Address management-oriented risks of infrastructure management, including non-network aspects.</t>
</list></t>

<t>A possible implementation of such a system could leverage distributed network security coordination between operators and users of cloud and network infrastructure. Rather than adopting a "disclose all" approach, this design would maintain both flexibility and efficiency for multi-cloud applications.</t>

<t>In particular, PCS can clarify the status of monitored communications by employing standardized telemetry mechanisms as defined in <xref target="RFC9232"></xref>. By adopting these mechanisms, it becomes possible to gather, aggregate, and share relevant operational data about network paths and security status without extending the specifications of existing networks or exposing sensitive internal details. This approach enables stakeholders to verify the integrity and security of communications across hybrid and multi-cloud environments, while respecting the confidentiality requirements of each operator.</t>

</section>
<section anchor="system-capabilities"><name>System Capabilities</name>

<t>As a component of the Secure Hybrid Network Monitoring framework <xref target="I-D.oiwa-secure-hybrid-network"></xref>, the Path Characteristics Service (PCS) SHOULD:</t>

<t><list style="symbols">
  <t>Have the ability to declare intent (a set of required path properties) from an infrastructure user to infrastructure providers. In a hybrid cloud or layered systems, it will include communications between operators of infrastructure/cloud systems.</t>
  <t>Have the ability to return a conformance result (match/no-match) for the current path status against the declared intent.</t>
  <t>Provide some choices on the transparency levels about the internals of the cloud service infrastructure, consistent with the intent matching model.</t>
  <t>Have some traceability provisions for troubleshooting, if there are opacities in intent matching replies.</t>
  <t>Have enough consideration for various tunneling and virtualization technologies.</t>
  <t>Have a bidirectional interface to system-level security management systems, such as Continuous Diagnostics and Mitigations (CDM) dashboards.</t>
</list></t>

</section>
</section>
<section anchor="architecture-overview"><name>Architecture Overview</name>

<t>The PCS architecture is organized into three conceptual layers, shown in <xref target="fig-pcs-layers"/>:</t>

<dl>
  <dt>PCS Layer:</dt>
  <dd>
    <t>Hosts PCS Servers and Clients, which exchange intent-based queries and conformance responses. A PCS Client submits its intent (declarative requirements) to a PCS Server. Internally, a PCS Server gathers per-hop telemetry evidence made available by operator-controlled telemetry mechanisms, reconstructs PathViews, and feeds them into the intent matching engine. PCS instances may also recursively query other PCS instances in adjacent administrative domains to obtain a broader or deeper view of the path.</t>
  </dd>
  <dt>Telemetry Layer:</dt>
  <dd>
    <t>Comprises the existing telemetry mechanisms (e.g., IPFIX <xref target="RFC7011"/>, gNMI, BGP-LS, SNMP, NETCONF) that convey per-element network attributes from the Network Layer to the PCS Server. PCS does not define a new telemetry-collection protocol; the choice of mechanism is an operator-internal concern and is outside the scope of PCS. This layer may also include local caches and topology databases that assist in normalization.</t>
  </dd>
  <dt>Network Layer:</dt>
  <dd>
    <t>Comprises the physical and virtual network elements such as routers, switches, links, VPN endpoints, and SDN-controlled domains. These elements generate raw operational data (e.g., IPFIX flow records, BGP updates, interface statistics), which existing telemetry mechanisms convey to the PCS Server as per-hop evidence.</t>
  </dd>
</dl>

<figure title="Three-layer PCS architecture" anchor="fig-pcs-layers"><artwork><![CDATA[
+-----------------------------------------------------------+
|                       PCS Layer                           |
|   [PCS Client]  <-->  [PCS Server]  <-->  [PCS Server]    |
|                  (gather + reconstruct +                  |
|                   intent matching + PCS-to-PCS)           |
+----------------------------^------------------------------+
                             | telemetry evidence
+----------------------------|------------------------------+
|             Telemetry Layer (outside PCS scope)           |
|   existing mechanisms:  [IPFIX] [gNMI] [BGP-LS] [SNMP]    |
|   [NETCONF]   [Cache]   [Topology DB]                     |
+----------------------------^------------------------------+
                             | observed data
+----------------------------|------------------------------+
|                     Network Layer                         |
|   [Routers/Switches]  [Links]  [VPNs]  [SDN Domains]      |
+-----------------------------------------------------------+
]]></artwork></figure>

<section anchor="overlay-and-underlay-path-views"><name>Overlay and Underlay Path Views</name>

<t>In environments that include VPN tunnels, IP-IP tunnels, or other encapsulation mechanisms, a single end-to-end communication may traverse multiple layers of network infrastructure simultaneously. PCS recognizes that the same physical communication may present different path characteristics depending on the layer at which it is observed:</t>

<dl>
  <dt>Overlay view:</dt>
  <dd>
    <t>The path as seen at the tunnel or virtual network level. From this perspective, a VPN tunnel appears as a single hop between its endpoints, regardless of the number of physical devices traversed underneath.</t>
  </dd>
  <dt>Underlay view:</dt>
  <dd>
    <t>The path as seen at the physical network level. This view reflects the actual intermediate routers, switches, and links that carry the encapsulated traffic.</t>
  </dd>
</dl>

<t>PCS evaluates intent against the appropriate layer based on the query context. For example, a jurisdictional compliance intent may need to be evaluated at the underlay level (to verify physical locations of all intermediate nodes), while an operator validation intent may be satisfied at the overlay level (verifying only the VPN provider). The relationship between overlay and underlay views is inherently recursive and aligns with the nested path property model described for network tunnels and software-defined networks in this document.</t>

<t>PCS also supports recursive composition across administrative boundaries, enabling coherent path evaluation even in deeply nested environments. The recursive composition mechanism is described in <xref target="sec-pcs-recursion"/>.</t>

</section>
</section>
<section anchor="sec-pcs-recursion"><name>Recursive Composition of PCS</name>

<t>PCS supports recursive composition, whereby a PCS Server MAY act as a client of other PCS Servers to obtain path-segment information across administrative boundaries.
This enables path characteristics to be gathered at multiple granularities: point-level (e.g., device, hop, facility) and administrative-domain-level (e.g., segment, administrative domain, cloud region).
A recursive PCS deployment can therefore provide a coherent PathView even in deeply nested environments (e.g., VPN-over-VPN, SDN slices over WAN, multi-cloud overlays).</t>

<section anchor="service-scope"><name>Service Scope</name>

<t>A PCS Server responds to intent queries only within the bounds of a pre-agreed service scope (also referred to as a service menu). The service scope defines the set of intent types, path properties, and geographic/topological ranges that a given PCS Server is authorized and configured to evaluate.</t>

<t><list style="symbols">
  <t>A PCS Server MUST NOT respond to queries that fall outside its service scope. For such queries, the server SHOULD return an error indicating that the requested evaluation is outside the agreed service scope (e.g., HTTP 403 or an equivalent PCS-level error code).</t>
  <t>The PCS protocol itself is generic and does not constrain the set of possible intents. However, each PCS deployment operates within a service-specific profile defined by the contractual relationship (e.g., SLA, connectivity agreement) between the PCS operator and its clients.</t>
  <t>This design prevents probing attacks, where an attacker might submit crafted queries to infer the internal structure of a network by observing which queries succeed and which fail.</t>
</list></t>

<t>When a PCS Server receives a federated (PCS-to-PCS) sub-query, the responding server likewise evaluates the sub-query against its own service scope. The responding server is an ISP or connectivity provider that answers PCS requests based on its SLA and contractual obligations with the requesting party.</t>

</section>
<section anchor="pcs-to-pcs-query-flow"><name>PCS-to-PCS Query Flow</name>

<t>At a high level, a PCS Server receiving a client query proceeds as follows.  This description is illustrative and does not define protocol requirements.</t>

<t><list style="numbers" type="1">
  <t>Scope decomposition: Partition the end-to-end path into one or more sub-scopes (e.g., by AS / administrative domain, tunnel boundary, cloud region).</t>
  <t>Local evidence collection: For sub-scopes under local administration, gather telemetry evidence made available by operator-controlled mechanisms in the operator's domain and reconstruct local PathView fragments.</t>
  <t>Intent analysis and transformation: The PCS Server analyzes the client's intent in the context of its own network architecture and contractual relationships. When delegating to downstream PCS Servers, it MAY transform (rewrite) the intent to match the downstream server's service scope and network context. For example, a jurisdiction constraint expressed as a country-level requirement may be decomposed into AS-level sub-intents when delegated to transit providers.</t>
  <t>Federated queries: For external sub-scopes, issue PCS-to-PCS sub-queries to authoritative PCS Servers for those domains, including the (possibly transformed) intent, freshness, and privacy constraints.</t>
  <t>Composition: Merge local and federated intent matching results into a single conformance decision, preserving provenance and confidence metadata.</t>
  <t>Intent evaluation: Return the composed conformance result (match or no-match) to the client, along with applicable verification level and provenance chain.</t>
</list></t>

<t>The following is a simplified message sketch for illustrative purposes:</t>

<figure><artwork><![CDATA[
Client -> PCS(Server-G): IntentQuery{target, intent, freshness}
PCS(Server-G):            analyze intent, decompose scope
PCS(Server-G) -> PCS(Server-A): SubIntentQuery{scope=A, intent'=transform(intent), trail}
PCS(Server-A):                 gather telemetry evidence, evaluate intent' against local PathView
PCS(Server-G) <- PCS(Server-A): IntentResult{A, match|no-match, verification, provenance}
PCS(Server-G) -> PCS(Server-B): SubIntentQuery{scope=B, intent'', trail}
PCS(Server-G) <- PCS(Server-B): IntentResult{B, match|no-match, ...}
PCS(Server-G):                 compose results
Client <- PCS(Server-G): Result{overall=match|no-match, verification, provenance_chain}
]]></artwork></figure>

</section>
<section anchor="stop-conditions-and-loop-prevention"><name>Stop Conditions and Loop Prevention</name>

<t>To avoid unbounded recursion, a PCS Server MUST implement explicit stop conditions and loop prevention. The following mechanisms are RECOMMENDED:</t>

<dl>
  <dt>Recursion limit:</dt>
  <dd>
    <t>A request header "recursion_limit" (non-negative integer). Each PCS Server decrements it when forwarding sub-queries. If it reaches zero, further delegation MUST NOT occur; the server returns "incomplete=true" for unexplored scopes.</t>
  </dd>
  <dt>Visited set / trail:</dt>
  <dd>
    <t>Each sub-query SHOULD carry an ordered "trail" including {request_id, caller_domain, scope}. A PCS Server MUST detect a cycle when its own administrative domain/scope appears again and terminate delegation for that branch.</t>
  </dd>
  <dt>Scope contraction:</dt>
  <dd>
    <t>A PCS Server SHOULD only delegate the minimal missing scope. Overlapping or redundant sub-queries SHOULD be coalesced to reduce fan-out.</t>
  </dd>
  <dt>Cache with freshness:</dt>
  <dd>
    <t>Sub-query results MAY be cached with explicit "issued_at"/"exp" (or "fresh-until") metadata. Reuse is allowed only if freshness requirements are met.</t>
  </dd>
  <dt>Cut failure semantics:</dt>
  <dd>
    <t>When a sub-scope cannot be explored (timeout, policy denial, or recursion limit), the composed PathView MUST mark the segment as "opaque" and set "completeness=partial".</t>
  </dd>
</dl>

</section>
<section anchor="security-trust-and-provenance-in-recursion"><name>Security, Trust, and Provenance in Recursion</name>

<dl>
  <dt>Authentication:</dt>
  <dd>
    <t>PCS-to-PCS exchanges MUST be mutually authenticated (e.g., mTLS or equivalent).</t>
  </dd>
  <dt>Authorization and least disclosure:</dt>
  <dd>
    <t>Responding servers MAY honor privacy constraints (e.g., return administrative-domain-level summaries instead of point-level details) while still signing the returned assertions.</t>
  </dd>
  <dt>Provenance:</dt>
  <dd>
    <t>Each returned fragment SHOULD include a signed provenance block (issuer, scope, time, signature). When composing, the caller MUST preserve the chain of provenance for third-party verification.</t>
  </dd>
  <dt>Non-amplification:</dt>
  <dd>
    <t>A PCS Server MUST NOT act as an open relay. Rate limits and request shaping SHOULD apply to delegated queries.</t>
  </dd>
</dl>

</section>
<section anchor="result-composition-and-conflict-handling"><name>Result Composition and Conflict Handling</name>

<t>When multiple fragments overlap or disagree:</t>

<dl>
  <dt>Priority rules:</dt>
  <dd>
    <t>Prefer fragments issued by the authoritative administrative domain for that scope. Otherwise, prefer newer and higher-confidence evidence.</t>
  </dd>
  <dt>Conflict marking:</dt>
  <dd>
    <t>If conflicts remain, the composed PathView MUST annotate the affected elements with "conflict=true" and lower "confidence".</t>
  </dd>
  <dt>Granularity reconciliation:</dt>
  <dd>
    <t>Administrative-domain-level evidence MAY satisfy policies that require only aggregate properties; point-level evidence is required when policies demand specific node attributes.</t>
  </dd>
</dl>

</section>
<section anchor="example-fields"><name>Example Fields</name>

<t>The following examples are illustrative.  A sub-query may include:</t>

<figure><artwork><![CDATA[
{
  "scope": {
    "domain": "AS65001",
    "segment": "vpn:1234"
  },
  "intent": {
    "requirements": [
      {
        "property": "geo.country",
        "op": "in",
        "values": ["XX"]
      },
      {
        "property": "operator",
        "op": "in",
        "values": ["AS65001", "AS65003"]
      }
    ]
  },
  "freshness": {
    "max_age": "300s"
  },
  "privacy": {
    "granularity": "domain"
  },
  "trail": [
    {
      "domain": "example.net",
      "req": "abc123"
    }
  ]
}
]]></artwork></figure>

<t>A sub-query response may include:</t>

<figure><artwork><![CDATA[
{
  "scope": {
    "domain": "AS65001"
  },
  "sub_result": "match",
  "verification": "TRACED_PRESENT",
  "provenance": {
    "issuer": "pcs.as65001.net",
    "issued_at": "2025-08-15T02:10Z",
    "sig": "..."
  },
  "completeness": "full",
  "confidence": 0.95
}
]]></artwork></figure>

</section>
<section anchor="non-goals"><name>Non-Goals</name>

<t>Recursive PCS does not attempt to:</t>

<t><list style="symbols">
  <t>control routing or steer traffic;</t>
  <t>force disclosure of internal topology beyond the responder’s policy;</t>
  <t>guarantee global completeness in the presence of non-cooperating domains.</t>
</list></t>

<t>Note: Recursive PCS enables operators to obtain point-level evidence where permitted, while still producing administrative-domain-level assertions when detailed disclosure is not available, thus delivering useful intent matching decisions even in deeply nested hybrid environments.</t>

</section>
</section>
<section anchor="roles-and-responsibilities"><name>Roles and Responsibilities</name>

<t>This section defines the main roles in a PCS-enabled environment. The roles align with the three-layer model described in <xref target="fig-pcs-layers"/>.</t>

<dl>
  <dt>Network Operator / Domain Owner:</dt>
  <dd>
    <t>Responsible for the physical and virtual network infrastructure. They control the disclosure policy for topology and telemetry data, and operate the telemetry mechanisms (e.g., IPFIX, gNMI) that expose network-element attributes within their administrative domain; the specific mechanisms used are outside the scope of PCS. They are the authoritative source of truth for the properties of network elements within their administrative domain. They define the service scope (see the Recursive Composition section) within which their PCS Server will respond to intent queries.</t>
  </dd>
  <dt>PCS Server:</dt>
  <dd>
    <t>Gathers per-hop telemetry evidence from existing mechanisms in the operator's domain, reconstructs PathViews (hop-list construction, conflict resolution, and gap-filling), and hosts the intent matching engine. The PCS Server exposes the service interface to PCS Clients, handles authentication and authorization, and returns conformance results. A PCS Server may recursively query other PCS Servers in adjacent domains, issuing and managing these PCS-to-PCS sub-queries itself. Each PCS Server operates within its defined service scope (see the Recursive Composition section).</t>
  </dd>
  <dt>PCS Client:</dt>
  <dd>
    <t>An application or system component that submits intent (declarative path requirements) to a PCS Server and receives a conformance result (match or no-match). Clients may use this information to make operational or security decisions, such as accepting a compliant path or triggering an alert when intent is not satisfied.</t>
  </dd>
</dl>

</section>
<section anchor="pcs-main-functions"><name>PCS Main Functions</name>

<t>This section defines <em>what</em> PCS does: the three conceptual processing stages that transform a client's intent into a conformance result. The operational mechanisms for accessing and interacting with PCS (authentication, subscription, etc.) are described separately in the next section.</t>

<t>The PCS Server provides three main functional stages when processing an intent query:</t>

<dl>
  <dt>Gathering:</dt>
  <dd>
    <t>The PCS Server gathers per-hop telemetry evidence for the target path, as made available by operator-controlled telemetry mechanisms in the operator's domain (such as IPFIX, gNMI, BGP-LS, SNMP, or NETCONF), and correlates it. The specific telemetry mechanisms and their transport are operator-internal concerns and are outside the scope of this specification. Where recursive composition is needed, the PCS Server also issues PCS-to-PCS sub-queries to neighboring PCS Servers to obtain conformance results for segments outside the local administrative domain. The per-hop evidence representation is described in <xref target="sec-per-hop-evidence"/>.</t>
  </dd>
  <dt>Reconstruction:</dt>
  <dd>
    <t>The PCS Server builds an end-to-end "PathView" from the gathered per-hop evidence. Reconstruction may operate at different levels of abstraction. Point-level view provides characteristics for each individual network element (e.g., router, link). Administrative-domain-level view provides aggregated characteristics for an entire administrative domain or SDN segment; AS / administrative-domain-level information is the minimum required granularity, while individual router-level details are optional and depend on the service profile and privacy policy of the responding operator. The reconstruction process resolves conflicts, fills gaps using partial data, and ensures that the resulting PathView is internally consistent.</t>
  </dd>
  <dt>Intent Matching:</dt>
  <dd>
    <t>Evaluates the reconstructed PathView against the client's declared intent and returns a conformance result (match, no-match, or unknown), optionally with a verification level and annotations explaining non-conformance or uncertainty. The intent matching model is defined in the Design Principles section. The PathView is an internal processing artifact of the PCS Server; by default, only the conformance result and its supporting metadata are returned to the client. When the service scope permits and the <spanx style="verb">return_pathview</spanx> option is enabled, a summary or detailed PathView MAY be included in the response (see PCS Query options).</t>
  </dd>
</dl>

<section anchor="sec-per-hop-evidence"><name>Per-Hop Evidence Representation</name>

<t>This section is informative.</t>

<t>Per-hop evidence is the structured per-element telemetry made available by operator-controlled telemetry mechanisms and gathered by the PCS Server. The PCS Server transforms this per-hop evidence into PathView segments by carrying forward the common attribute fields (hop identifier, operator, geo, metrics, security) and adding server-produced metadata (verification, provenance, confidence). The "observed_at" and "evidence_sources" fields record when, and by which mechanism, the underlying telemetry was observed; they serve as inputs for provenance construction and do not appear in the resulting PathView segments. Provenance metadata (issuer, signature, timestamp) is attached by the PCS Server when it assembles per-hop evidence into a PathView, because the PCS Server is the entity that asserts the trustworthiness of the composed path information to external parties.</t>

<t>Operators may configure their telemetry mechanisms to include element-level provenance information where local policy requires per-element traceability (e.g., for internal audit or regulatory compliance). This is a local operational decision and does not affect the PCS-to-PCS or PCS-to-Client interfaces.</t>

<t>The following JSON example illustrates the per-hop evidence for a single router within AS 65001, as gathered by the PCS Server:</t>

<figure><artwork><![CDATA[
{
  "hop": "R1",
  "operator": "AS65001",
  "geo": {
    "country": "XX",
    "confidence_geo": 0.99
  },
  "metrics": {
    "latency": {"p99": 1.2}
  },
  "security": {
    "encryption": "IPsec",
    "integrity": "AES-256-GCM"
  },
  "observed_at": "2025-10-21T01:00:00Z",
  "evidence_sources": ["ipfix", "gnmi"]
}
]]></artwork></figure>

<t>The "evidence_sources" field indicates which telemetry mechanisms and data sources contributed to this per-hop evidence. At the per-hop level these are typically telemetry protocols, including but not limited to IPFIX <xref target="RFC7011"/>, gNMI, BGP-LS, SNMP, and NETCONF, ranging from primitive flow-export mechanisms to full configuration- and state-streaming protocols; at the response level (see the "evidence_sources" field in "metadata") they may also include auxiliary data sources such as geolocation databases or RPKI. The per-hop evidence for a single element may combine data from multiple sources when the PCS Server correlates observations from different telemetry feeds for the same network element.</t>

</section>
</section>
<section anchor="path-characteristics-service-pcs"><name>Path Characteristics Service (PCS)</name>

<t>The previous section defined the conceptual processing stages of PCS (Gathering, Reconstruction, Intent Matching). This section describes the operational mechanisms through which clients access PCS: authentication, authorization, and subscription for ongoing conformance monitoring.</t>

<section anchor="identification-and-authentication"><name>Identification and Authentication</name>

<t><list style="symbols">
  <t>PCS endpoints MUST be access-controlled and confidentiality-protected using secure protocols (e.g., TLS 1.3 or later).</t>
  <t>Clients MUST be strongly authenticated, for example via OAuth 2.1, mutual TLS (mTLS), or OpenID Connect.</t>
  <t>Authentication credentials SHOULD be bound to a specific connectivity channel, such as:
  <list style="symbols">
      <t>Physical (layer-1) leased lines,</t>
      <t>Layer-2 segments (e.g., VLAN, VXLAN),</t>
      <t>Virtual private network (VPN) tunnels,</t>
      <t>SD-WAN overlay paths.</t>
    </list></t>
  <t>If multiple connectivity channels exist under a single business contract, multiple identifiers may be associated with a single authentication session. The binding policy between identifiers and connectivity channels is a local operational matter and is outside the scope of this document.</t>
</list></t>

</section>
<section anchor="subscription-for-intent-matching-updates"><name>Subscription for Intent Matching Updates</name>

<t>PCS protocols SHOULD support both:</t>

<dl>
  <dt>Streaming (push):</dt>
  <dd>
    <t>Clients subscribe to an intent query and receive updates when the conformance status changes (e.g., a previously matching path becomes non-conforming).</t>
  </dd>
  <dt>Polling (pull):</dt>
  <dd>
    <t>Clients periodically re-evaluate intent conformance, with configurable intervals.</t>
  </dd>
</dl>

<t>Subscription parameters (e.g., polling interval, event triggers, maximum update rate) SHOULD be negotiable between the PCS Client and PCS Server.</t>

</section>
</section>
<section anchor="pcs-query"><name>PCS Query</name>

<t>A PCS Query is the primary mechanism by which a PCS Client submits its intent to a PCS Server for evaluation against the actual characteristics of a network path.</t>

<t>A query typically includes:</t>

<dl>
  <dt>Target Path:</dt>
  <dd>
    <t>The path or set of candidate paths to be evaluated, identified by endpoints, AS-paths, or other topology identifiers.</t>
  </dd>
  <dt>Intent:</dt>
  <dd>
    <t>A declarative set of requirements describing the desired path properties (e.g., jurisdiction constraints, approved operators, latency thresholds). The intent is the core of the query and defines what the PCS Server evaluates.</t>
  </dd>
  <dt>Query Constraints:</dt>
  <dd>
    <t>Optional parameters such as maximum acceptable data age or partial data acceptance.</t>
  </dd>
</dl>

<t>The PCS Server processes the query by:
1. Gathering per-hop telemetry evidence from existing mechanisms in the operator's domain and, if necessary, obtaining conformance results from other PCS Servers via recursive sub-queries.
2. Reconstructing the PathView from the gathered evidence.
3. Performing Intent Matching: evaluating whether the reconstructed PathView conforms to the client's declared intent.</t>

<t>The server returns a PCS Response that contains:</t>

<t><list style="symbols">
  <t>A conformance result (match, no-match, unknown, or partial for multi-candidate queries) for the overall query and for each intent requirement.</t>
  <t>A verification level indicating the confidence and verifiability of the result.</t>
  <t>Metadata such as data age, provenance chain, and completeness.</t>
  <t>Optionally, when the return_pathview option is enabled and permitted by service scope, a summary or detailed PathView.</t>
</list></t>

<t>Depending on deployment and query complexity, PCS queries may be handled synchronously or asynchronously. In the asynchronous case, the initial response includes a job identifier that can be used to retrieve results later.</t>

<t>Access to PCS Query endpoints MUST be subject to authentication and authorization controls. Queries that fall outside the PCS Server's service scope MUST be rejected with an appropriate error response.</t>

<section anchor="pcs-query-data-model"><name>PCS Query Data Model</name>

<t>This section is informative.
The terms REQUIRED and OPTIONAL below describe the structure of the data model for interoperability guidance, not protocol-level requirements.</t>

<t>A PCS Query is a structured request sent by a PCS Client to a PCS Server, containing the client's intent (declarative path requirements) for evaluation against actual path characteristics.
This section defines the JSON-based data structure for queries.</t>

<section anchor="top-level-structure"><name>Top-Level Structure</name>

<t>A PCS Query object contains the following fields:</t>

<t><list style="symbols">
  <t>"endpoints" (object, REQUIRED)</t>
  <t>"intent" (object, REQUIRED)</t>
  <t>"path_hints" (object, OPTIONAL)</t>
  <t>"path_candidates" (array, OPTIONAL)</t>
  <t>"options" (object, OPTIONAL)</t>
</list></t>

</section>
<section anchor="field-definitions"><name>Field Definitions</name>

<section anchor="endpoints"><name>endpoints</name>

<t>This field is REQUIRED.  It identifies the source and destination of the path being queried.</t>

<figure><artwork><![CDATA[
{
  "endpoints": {
    "from": {"type": "ip", "value": "10.1.1.10"},
    "to":   {"type": "ip", "value": "10.2.2.10"}
  }
}
]]></artwork></figure>

<t>Supported endpoint types:</t>

<t><list style="symbols">
  <t>"ip": IPv4 / IPv6 address</t>
  <t>"fqdn": Fully qualified domain name</t>
  <t>"asn": Autonomous System Number</t>
</list></t>

</section>
<section anchor="intent"><name>intent</name>

<t>This field is REQUIRED.  It declares the client's requirements for the network path. PCS evaluates whether the path conforms to this intent.</t>

<figure><artwork><![CDATA[
{
  "intent": {
    "requirements": [
      {"id": "xx-only", "property": "geo.country", "op": "in", "values": ["XX"]},
      {"id": "latency-ok", "property": "latency.p99", "op": "lte", "value": 20}
    ],
    "freshness": {"max_age": "60s"},
    "privacy": {"granularity": "domain"}
  }
}
]]></artwork></figure>

<t><list style="symbols">
  <t>"requirements": Array of declarative intent expressions. Each requirement specifies a property and a condition to be satisfied. Geographic constraints use a whitelist (inclusion) approach (e.g., <spanx style="verb">"op": "in"</spanx>) rather than a blacklist (exclusion) approach; this is a normative requirement specified in the Geographic Constraint Design Rationale (see Security Considerations), motivated by the fact that blacklist-based specifications risk omitting jurisdictions and thus failing to prevent unintended transit. Country codes are expected to follow ISO 3166-1. Country codes used in examples in this document (XX, XY, ZZ) are drawn from the ISO 3166-1 user-assigned range (AA, QM–QZ, XA–XZ, ZZ) and do not represent actual countries. Properties applicable to network nodes include, but are not limited to: operator, geo-location, supplier, model, hardware identifier, software name and version, and security status. Properties applicable to network edges vary by category: physical edges may specify protocol type and operator; tunnels may additionally specify tunnel identification, protocol type, integrity/confidentiality protection strength, and nested path property requests for the underlying network; software-defined networks may specify the controlling software and its security status. The full property namespace is extensible.</t>
</list></t>

<t>The structured form shown above (a property, an operator, and a set of values) is the interchange representation of an intent requirement and is what the PCS Server evaluates against the PathView. For simple comparisons this structured form is self-contained: a fixed set of operators (e.g., <spanx style="verb">in</spanx>, <spanx style="verb">eq</spanx>, <spanx style="verb">lte</spanx>) over an agreed property namespace yields an evaluator-independent, interoperable result.</t>

<t>Richer intents, however, require conditions beyond flat comparisons -- for example, Boolean composition (AND/OR/NOT), set operations, and quantification over path segments (e.g., "every hop is in XX", "no hop is in ZZ"). For such conditions, interoperability depends on the constraint expression language used to express and evaluate them: two implementations using different evaluators may reach different results for the same intent. A standardized, vendor-independent constraint expression language is therefore needed for full interoperability, and specifying it is an open standardization item that must be resolved before this specification can be finalized.</t>

<t>[TODO: Define a vendor-independent, interoperable constraint expression language for intent conditions (either by profiling an existing language or by specifying a minimal standard one). Until it is defined, the vendor dependency described below remains an unresolved gap toward standardization.]</t>

<t>As an interim measure, this revision uses Google's Common Expression Language (CEL) <xref target="CEL"></xref> as the constraint expression language for conditions that exceed the structured form above; implementations of this revision currently interoperate by evaluating such conditions with CEL. This is a deliberate interim commitment to a single language, not a statement that any evaluator is acceptable. The authors recognize that relying on CEL introduces a dependency on a single vendor-originated specification whose long-term stability and backward compatibility are not guaranteed under a recognized standards process. This vendor dependency is a known issue that the authors intend to remove before standardization, as noted in the TODO above; CEL is used here because it is what the current implementation employs, not because the authors consider it the final choice. The precise CEL evaluation profile -- how PathView attributes map to CEL variables, which language features are permitted, and how evaluation errors map to conformance results -- is not yet specified and is deferred to the standardization work called for above.</t>

<t>The authors actively solicit input on candidate constraint/query expression languages -- in particular a stable, standards-based language able to express at least equality/inequality, set membership, Boolean combination, and quantification over path segments -- and intend to raise this as an open question in relevant venues (e.g., IETF hackathons and the OPS area).
- "freshness": Maximum age of acceptable telemetry data.
- "privacy.granularity":
  - "point": per-hop disclosure (if permitted by service scope)
  - "domain": aggregated administrative-domain-level disclosure
  - "none": minimal disclosure (conformance result only)</t>

</section>
<section anchor="options"><name>options</name>

<t>This field is OPTIONAL.  It controls execution behavior.</t>

<figure><artwork><![CDATA[
{
  "options": {
    "recursion_limit": 0,
    "explain": true,
    "return_pathview": "full"
  }
}
]]></artwork></figure>

<t>Allowed values:</t>

<t><list style="symbols">
  <t>recursion_limit: integer ≥ 0. Note: this field is provided for advanced use cases but carries security implications. Varying recursion limit values across queries may allow a client to infer properties of the internal network structure (e.g., number of intermediate ASes or network hierarchy depth). PCS Servers are expected to apply local policy to override or cap the client-specified value and not to expose the actual recursion depth used in the response metadata; these requirements are specified normatively in the Recursion Depth Information Leakage section (see Security Considerations).</t>
  <t>explain: boolean. When true, non-conforming requirements include explanatory annotations.</t>
  <t>return_pathview: one of "none", "summary", or "full". Controls whether a PathView is included in the response, subject to privacy and service scope constraints. The combination of <spanx style="verb">explain</spanx> and <spanx style="verb">return_pathview</spanx> effectively determines the evaluation mode, controlling the level of detail returned beyond the basic conformance result.</t>
</list></t>

</section>
<section anchor="pathhints"><name>path_hints</name>

<t>This field is OPTIONAL.  It provides client guidance for expected/desired routing paths.</t>

<figure><artwork><![CDATA[
{
  "path_hints": {
    "as_path": [65001, 65003, 65002]
  }
}
]]></artwork></figure>

</section>
<section anchor="pathcandidates"><name>path_candidates</name>

<t>This field is OPTIONAL.  It allows bulk evaluation of multiple candidate paths within a single request.</t>

<figure><artwork><![CDATA[
{
  "path_candidates": [
    {"id": "primary", "path_hints": {"as_path": [65001,65003,65002]}},
    {"id": "backup",  "path_hints": {"as_path": [65001,65004,65002]}}
  ]
}
]]></artwork></figure>

</section>
</section>
<section anchor="synchronous-query-example"><name>Synchronous Query Example</name>

<t><spanx style="verb">POST /v1/pcs/queries:run</spanx></t>

<figure><artwork><![CDATA[
{
  "endpoints": {
    "from": {"type": "ip", "value": "10.1.1.10"},
    "to":   {"type": "ip", "value": "10.2.2.10"}
  },
  "intent": {
    "requirements": [
      {"id": "xx-only", "property": "geo.country", "op": "in", "values": ["XX"]},
      {"id": "latency-ok", "property": "latency.p99", "op": "lte", "value": 20}
    ],
    "freshness": {"max_age": "60s"},
    "privacy": {"granularity": "domain"}
  },
  "options": {
    "recursion_limit": 0,
    "explain": true,
    "return_pathview": "full"
  }
}
]]></artwork></figure>

</section>
<section anchor="example-query-with-multiple-candidates"><name>Example Query with Multiple Candidates</name>

<figure><artwork><![CDATA[
{
  "endpoints": {
    "from": {"type":"ip", "value":"10.1.1.10"},
    "to":   {"type":"ip", "value":"10.2.2.10"}
  },
  "intent": {
    "requirements": [
      {"id": "xx-only", "property": "geo.country", "op": "in", "values": ["XX"]}
    ],
    "freshness": {"max_age":"60s"}
  },
  "path_candidates": [
    {"id":"primary", "path_hints":{"as_path":[65001,65003,65002]}},
    {"id":"backup",  "path_hints":{"as_path":[65001,65004,65002]}}
  ],
  "options": {"explain": true, "return_pathview": "summary"}
}
]]></artwork></figure>

</section>
</section>
</section>
<section anchor="pcs-response"><name>PCS Response</name>

<section anchor="pcs-response-data-model"><name>PCS Response Data Model</name>

<t>This section is informative.
The terms REQUIRED and OPTIONAL below describe the structure of the data model for interoperability guidance, not protocol-level requirements.</t>

<t>A PCS Response contains the result of intent matching: whether the actual path characteristics conform to the client's declared intent.
This section defines the JSON-based data model for responses including synchronous queries, asynchronous jobs, and streaming notifications.</t>

<section anchor="top-level-structure-1"><name>Top-Level Structure</name>

<t>A PCS Response object contains the following fields:</t>

<t><list style="symbols">
  <t>"query_id" (string, REQUIRED)</t>
  <t>"intent_results" (array, REQUIRED)</t>
  <t>"pathview" (object, OPTIONAL)</t>
  <t>"candidates" (array, OPTIONAL)</t>
  <t>"overall" (string, REQUIRED)</t>
  <t>"cache" (object, OPTIONAL)</t>
  <t>"verification" (string, OPTIONAL)</t>
  <t>"constructed_at" (timestamp, OPTIONAL)</t>
  <t>"metadata" (object, OPTIONAL)</t>
  <t>"message" (string, OPTIONAL)</t>
</list></t>

<t>For single-path queries, "intent_results" and optionally "pathview" are present.
For multi-candidate queries, "candidates" is used instead, each containing its own "intent_results".</t>

</section>
<section anchor="field-definitions-1"><name>Field Definitions</name>

<section anchor="pathview"><name>pathview</name>

<t>This field is OPTIONAL.  It represents the reconstructed end-to-end path and its attributes.</t>

<figure><artwork><![CDATA[
Structure:

{
  "pathview": {
    "summary": {
      "completeness": "full | partial",
      "latency": {"p99": 8.7},
      "geo": {
        "countries": ["XX","XY"],
        "opaque_segments": 1
      }
    },
    "segments": [
      {
        "hop": "R1",
        "operator": "AS65001",
        "geo": {"country": "XX", "confidence_geo": 0.99},
        "metrics": {"latency": {"p99": 1.2}},
        "security": {"encryption": "IPsec", "integrity": "AES-256-GCM"},
        "verification": "TRACED_PRESENT",
        "provenance": {
          "issuer": "pcs.as65001.net",
          "issued_at": "2025-10-21T01:00:00Z"
        },
        "confidence": 0.95
      }
    ],
    "completeness": "full | partial",
    "constructed_at": "2025-10-21T01:00:03Z"
  }
}
]]></artwork></figure>

<t>Descriptions:</t>

<t><list style="symbols">
  <t>"segments": hop-level or segment-level information. Each segment includes a "verification" field indicating the verification level of the evidence for that specific segment. The response top-level "verification" is derived as the lowest (weakest) verification level across all segments.</t>
  <t>"verification" (per-segment): indicates the verification level for the evidence backing this segment. Completeness is a binary property (full/partial) aggregated at the pathview level, whereas verification is a multi-level property that varies per segment and is therefore attached to individual segments.</t>
  <t>"provenance": mandatory metadata proving origin of each evidence fragment.</t>
  <t>"confidence": numerical estimation combining multiple data sources. Per-property confidence values (e.g., "confidence_geo") may appear alongside property-specific data to indicate the reliability of individual attributes.</t>
  <t>"summary": aggregate values to support privacy-preserving replies.</t>
  <t>"completeness" appears at both the summary level (within "summary") and the top level of "pathview". The summary-level value reflects the completeness of aggregated data, while the top-level value reflects the overall completeness of the reconstructed path.</t>
</list></t>

</section>
<section anchor="intentresults"><name>intent_results</name>

<t>This field is REQUIRED.  It contains an array of conformance results for each intent requirement.</t>

<figure><artwork><![CDATA[
{
  "intent_results": [
    {
      "requirement_id": "xx-only",
      "result": "match | no-match | unknown",
      "explain": {
        "violations": [
          {"segment": "AS65004", "geo.country": "ZZ"}
        ]
      }
    }
  ]
}
]]></artwork></figure>

<t><list style="symbols">
  <t>"result":
  <list style="symbols">
      <t>match: the requirement is satisfied</t>
      <t>no-match: at least one violation detected</t>
      <t>unknown: insufficient data (e.g., opaque segments within the path)</t>
    </list></t>
  <t>"explain":<br />
Detailed reason for non-conformance, provided when the <spanx style="verb">explain</spanx> option is enabled. Usable by external enforcement systems.</t>
</list></t>

</section>
<section anchor="overall"><name>overall</name>

<t>This field is REQUIRED.  It indicates the overall conformance outcome of the query. For single-path queries, the value is derived from the "intent_results" array as follows:</t>

<t><list style="symbols">
  <t>"match": all intent requirements have "result" = "match"</t>
  <t>"no-match": at least one intent requirement has "result" = "no-match"</t>
  <t>"unknown": no requirement has "result" = "no-match", but at least one has "result" = "unknown" (i.e., insufficient data to determine conformance for that requirement)</t>
</list></t>

<t>For multi-candidate queries, an additional value is defined:</t>

<t><list style="symbols">
  <t>"partial": at least one candidate has "overall" = "match" and at least one has "overall" = "no-match" or "unknown"</t>
</list></t>

<t>Note: an opaque segment does not automatically produce "unknown". If the operator responsible for that segment asserts conformance within its service scope, the corresponding requirement may still evaluate to "match" at an OPAQUE verification level. "unknown" is returned only when the PCS Server cannot determine conformance — for example, when a sub-scope is unreachable, the recursion limit is exhausted, or the responding operator's service scope does not cover the requested property.</t>

</section>
<section anchor="cache"><name>cache</name>

<t>This field is OPTIONAL.  It indicates whether cached telemetry was used.</t>

<figure><artwork><![CDATA[
{
  "cache": {
    "hit": false
  }
}
]]></artwork></figure>

</section>
<section anchor="candidates"><name>candidates</name>

<t>This field is OPTIONAL.  It is used when evaluating multiple route candidates in bulk.</t>

<figure><artwork><![CDATA[
{
  "candidates": [
    {
      "id": "primary",
      "intent_results": [...],
      "overall": "match",
      "verification": "TRACED_PRESENT"
    },
    {
      "id": "backup",
      "intent_results": [...],
      "overall": "no-match",
      "verification": "OPAQUE_PRESENT"
    }
  ],
  "overall": "partial"
}
]]></artwork></figure>

<t>Each candidate includes its own "verification" field because different candidates traverse different paths and may be backed by different levels of evidence. The response top-level "verification" for multi-candidate queries is derived as the lowest verification level across all candidates.</t>

</section>
<section anchor="metadata"><name>metadata</name>

<t>This field is OPTIONAL.  It provides optional additional metadata.</t>

<figure><artwork><![CDATA[
{
  "metadata": {
    "recursion_limit_requested": 3,
    "delegation_structure": "chain",
    "evidence_sources": ["ipfix","gnmi","bgp-ls","geoip"],
    "freshness": {"max_age":"60s"}
  }
}
]]></artwork></figure>

<t><list style="symbols">
  <t>"recursion_limit_requested": OPTIONAL. Echoes back the recursion limit value that was specified by the client in the query's "options.recursion_limit" field. This field reflects the client's requested value, not the actual recursion depth used by the PCS Server. PCS Servers do not populate this field with the actual recursion depth reached; this is a normative requirement specified in the Recursion Depth Information Leakage section (see Security Considerations). If the PCS Server applied a local policy to override or cap the client-specified value, this field still reflects the original client-specified value, so as not to reveal whether an override was applied.</t>
  <t>"delegation_structure": OPTIONAL. Describes how recursive PCS-to-PCS queries were organized for this response. Possible values are:
  <list style="symbols">
      <t>"chain": sequential delegation (baton relay), where each PCS Server delegated to a single downstream PCS Server.</t>
      <t>"tree": parallel or fan-out delegation, where a PCS Server delegated to multiple downstream PCS Servers simultaneously.</t>
      <t>"direct": no delegation; all evidence was gathered locally.</t>
    </list>
This field is informative and intended to assist clients in interpreting the provenance chain structure. When the verification level is OPAQUE_PRESENT or OPAQUE_FUTURE, this field can be omitted, as the delegation structure is not relevant when only the conformance result is returned. When the verification level is TRANSPARENT_PRESENT or higher (see the Intent Matching Verification Levels section for the ordering), the delegation structure is implicitly visible in the provenance chain and this field serves as a convenience.</t>
  <t>"evidence_sources": OPTIONAL. Indicates which existing telemetry mechanisms and data sources contributed to constructing the PathView for this response (e.g., "ipfix", "gnmi", "bgp-ls", "rpki", "geoip"). This field is informational and does not imply that PCS defines or operates these mechanisms.</t>
</list></t>

</section>
<section anchor="queryid"><name>query_id</name>

<t>This field is REQUIRED.  It is a unique identifier assigned by the PCS Server to correlate this response with the original query.  For asynchronous queries, the query_id is also used to retrieve results by polling the job endpoint.</t>

</section>
<section anchor="verification"><name>verification</name>

<t>This field is OPTIONAL.  It indicates the verification level of the overall conformance result, derived as the lowest (weakest) verification level across all path segments. Possible values are defined in the Intent Matching Verification Levels section: TRACED_PRESENT, TRANSPARENT_PRESENT, TRACEABLE_OPAQUE_PRESENT, OPAQUE_PRESENT, TRACEABLE_OPAQUE_FUTURE, or OPAQUE_FUTURE. When a PathView is included in the response, clients can inspect per-segment verification levels within "pathview.segments" to identify which segments constrain the overall level.</t>

</section>
<section anchor="constructedat"><name>constructed_at</name>

<t>This field is OPTIONAL.  It is a timestamp (ISO 8601 format) indicating when the PCS Server constructed this response.  Clients can use this value along with the "freshness" parameters to assess the timeliness of the result.</t>

</section>
<section anchor="message"><name>message</name>

<t>This field is OPTIONAL.  It is a human-readable string summarizing the conformance result, intended for logging, alerting, or operator dashboards. The content of this field is informational and is not intended for automated decision-making; this is a normative requirement specified in Security Considerations (Information Disclosure). Unlike the structured "explain" data within "intent_results" (which provides machine-parseable violation details per requirement), "message" provides a single natural-language summary of the overall result suitable for direct display to operators.</t>

</section>
</section>
<section anchor="match-response-example"><name>Match Response Example</name>

<figure><artwork><![CDATA[
{
  "query_id": "q-uc1-1",
  "cache": {"hit": false},
  "intent_results": [
    {
      "requirement_id": "xx-only",
      "result": "match"
    }
  ],
  "overall": "match",
  "verification": "TRACED_PRESENT",
  "constructed_at": "2025-10-21T01:00:03Z"
}
]]></artwork></figure>

</section>
<section anchor="no-match-response-example"><name>No-Match Response Example</name>

<figure><artwork><![CDATA[
{
  "query_id": "q-uc1-2",
  "intent_results": [
    {
      "requirement_id": "xx-only",
      "result": "no-match",
      "explain": {
        "violations": [{"segment":"AS65004","geo.country":"ZZ"}]
      }
    }
  ],
  "overall": "no-match",
  "verification": "TRACED_PRESENT",
  "constructed_at": "2025-10-21T01:05:05Z",
  "message": "Intent (xx-only): non-conforming segment detected (AS65004, country=ZZ)"
}
]]></artwork></figure>

</section>
<section anchor="streaming-notification-event-model"><name>Streaming Notification Event Model</name>

<t>Used for subscriptions (SSE/Webhook/WebSocket). Each event includes a "verification" field so that the receiving operator or automation system can assess the confidence of the reported state change. For example, a "no-match" event at TRACED_PRESENT warrants immediate action (strong evidence of violation), whereas the same event at OPAQUE_PRESENT may call for further investigation before triggering remediation.</t>

<section anchor="event-structure"><name>Event Structure</name>

<figure><artwork><![CDATA[
{
  "event_id": "ev-20251021-001",
  "type": "intent.no-match | topology.change | latency.exceed",
  "occurred_at": "2025-10-21T01:05:05Z",
  "query_id": "q-uc1-2",
  "intent_results": [...],
  "overall": "no-match",
  "verification": "TRACED_PRESENT",
  "message": "xx-only intent violated (AS65004, country=ZZ)"
}
]]></artwork></figure>

</section>
</section>
<section anchor="webhook-example"><name>Webhook Example</name>

<t><spanx style="verb">POST /v1/pcs/webhooks/events</spanx></t>

<figure><artwork><![CDATA[
{
  "event_id": "wh-20251021-001",
  "type": "intent.no-match",
  "occurred_at": "2025-10-21T01:05:05Z",
  "query_id": "q-uc1-2",
  "endpoints": {"from":"10.1.1.10","to":"10.2.2.10"},
  "intent_results": [...],
  "overall": "no-match",
  "verification": "TRACED_PRESENT",
  "message": "xx-only intent violated: AS65004"
}
]]></artwork></figure>

</section>
<section anchor="notes-for-standardization"><name>Notes for Standardization</name>

<t><list style="symbols">
  <t>HTTP paths and JSON examples in this document are illustrative and do not define a wire binding or encoding.</t>
  <t>Only field names and constraints may become normative in future revisions.</t>
  <t>Data model may be expressed in CDDL or JSON Schema in future revisions.</t>
  <t>The constraint expression language used to evaluate intent conditions (currently CEL) is expected to be replaced by, or profiled as, a vendor-independent standard language; see the intent field definition in this section.</t>
</list></t>

</section>
</section>
<section anchor="intent-matching-verification-levels"><name>Intent Matching Verification Levels</name>

<t>An intent matching response includes a verification level that indicates the degree of verifiability and temporal scope of the conformance result. The verification levels are listed below from highest (most transparent and verifiable) to lowest:</t>

<t><list style="numbers" type="1">
  <t>TRACED_PRESENT — strongest evidence, present-time</t>
  <t>TRANSPARENT_PRESENT — full path detail, present-time</t>
  <t>TRACEABLE_OPAQUE_PRESENT — opaque with trace ID, present-time</t>
  <t>OPAQUE_PRESENT — conformance result only, present-time</t>
  <t>TRACEABLE_OPAQUE_FUTURE — opaque with trace ID, future commitment within service scope</t>
  <t>OPAQUE_FUTURE — conformance result only, future commitment within service scope</t>
</list></t>

<t>When this document refers to a verification level being "higher" than another, it means the level appears earlier in the list above (i.e., provides greater transparency and verifiability).</t>

<section anchor="traced-present"><name>Traced present</name>

<t>For traced verification, the intent matching result is backed by a recorded trace of the actual path, signed by each traversed network node with their identifications. This provides the strongest evidence that the intent requirements are satisfied at the present time.
This type of verification requires dedicated support for packet traces in every network node.</t>

</section>
<section anchor="transparent-present"><name>Transparent present</name>

<t>For transparent verification, the intent matching result is accompanied by a list of traversed nodes and edges with their properties relevant to the intent evaluation. If the intent evaluation involves cascaded queries to other PCS Servers (e.g., for networks operated by third parties), the response includes the sub-results received from those servers. This verification level confirms that the intent is satisfied at the present time.</t>

</section>
<section anchor="traceable-opaque-present"><name>Traceable opaque present</name>

<t>For traceable opaque verification, the intent matching result includes an opaque ID that corresponds to internal trace information. This ID can be used by operators to identify the records for troubleshooting in the future, without exposing the actual path details to the client. The result confirms that the intent is satisfied at the present time.</t>

</section>
<section anchor="opaque-present"><name>Opaque present</name>

<t>For opaque verification, the intent matching result contains only the conformance decision (match or no-match) without any supporting path details or trace identifiers. The result confirms that the intent is satisfied at the present time.</t>

</section>
<section anchor="traceable-opaque-future"><name>Traceable opaque future</name>

<t>For traceable opaque future verification, the intent matching result includes an opaque ID for future troubleshooting reference. In addition, the responsible operator asserts, within its service scope, that the network is controlled so that the intent requirements are expected to remain satisfied even as dynamic routing changes occur.</t>

</section>
<section anchor="opaque-future"><name>Opaque future</name>

<t>For opaque future verification, the intent matching result contains only the conformance decision (match or no-match). Within its service scope, the responsible operator asserts that the network is controlled so that the intent requirements are expected to remain satisfied even as dynamic routing changes occur.</t>

</section>
</section>
</section>
<section anchor="use-cases"><name>Use Cases</name>

<t>Secure Hybrid Network Monitoring with PCS will be shown with specific examples using several use cases.</t>

<section anchor="case-1-data-residency-sovereignty-compliance"><name>Case 1: Data Residency / Sovereignty Compliance</name>

<t>Certain applications must ensure that communication paths remain entirely within a given legal jurisdiction.
For example, a financial institution may require that all customer data traffic remains within a specific jurisdiction, avoiding any transit through networks located in other countries.
The PCS Client declares this as an intent (e.g., <spanx style="verb">geo.country IN ["XX"]</spanx>) and submits it to the PCS Server.
PCS evaluates this intent by gathering geolocation evidence for each path segment and returning a conformance result.
If the intent is not matched (e.g., a segment is located outside the allowed set), the PCS Client can take preventive actions such as rejecting the path or raising an alert.</t>

<t>PCS role:</t>

<t><list style="symbols">
  <t>Receive intent declaring jurisdictional requirements from the PCS Client.</t>
  <t>Gather geolocation and jurisdiction evidence for each path segment from existing telemetry mechanisms.</t>
  <t>Perform intent matching to evaluate whether all segments satisfy the declared jurisdictional constraints.</t>
  <t>Return a conformance result (match or no-match) with the appropriate verification level.</t>
</list></t>

</section>
<section anchor="case-2-critical-infrastructure-operator-validation"><name>Case 2: Critical Infrastructure Operator Validation</name>

<t>Some sectors, such as healthcare or energy, require that only approved network operators be involved in the transport of sensitive data.
For example, a healthcare information system may require that all intermediate networks along a path are operated by organizations on a predefined whitelist.
The PCS Client declares this as an intent (e.g., <spanx style="verb">operator IN ["AS65001", "AS65003"]</spanx>) and PCS evaluates whether the actual path conforms.</t>

<t>PCS role:</t>

<t><list style="symbols">
  <t>Receive intent declaring approved operator requirements from the PCS Client.</t>
  <t>Gather operator identifiers and relevant cryptographic assertions from existing telemetry mechanisms and sources (e.g., RPKI, operator registries).</t>
  <t>Perform intent matching to evaluate whether all path segments are operated by approved entities.</t>
  <t>Return a conformance result (match or no-match) with the appropriate verification level.</t>
</list></t>

</section>
<section anchor="case-3-incident-forensics-and-audit"><name>Case 3: Incident Forensics and Audit</name>

<t>When a security incident occurs, operators may need to reconstruct and verify the network path characteristics at the time of the incident.
For example, during an investigation, a signed intent matching result and its associated provenance chain from PCS can be used as part of an evidence package to demonstrate whether the path conformed to the declared intent at a specific point in time.
This can also support regulatory audits that require verifiable historical conformance data.</t>

<t>PCS role:</t>

<t><list style="symbols">
  <t>Store intent matching results with associated provenance chains, cryptographic signatures, and timestamps.</t>
  <t>Provide mechanisms for retrieving historical conformance results for a given time window.</t>
  <t>Allow independent verification of historical evidence using signatures and trust anchors.</t>
</list></t>

</section>
<section anchor="future-use-case-candidates"><name>Future Use Case Candidates</name>

<t>The following areas are candidates for additional use cases in future revisions of this document. They correspond to the architecture design goals identified in the Design Principles section and are noted here to ensure they are not overlooked:</t>

<t><list style="symbols">
  <t>Tunneling and virtualization verification: verifying that tunneled or virtualized path segments (e.g., VPN-over-VPN, SDN slices) satisfy intent requirements at both overlay and underlay levels.</t>
  <t>DNS and addressing dependency: evaluating whether DNS resolution paths and addressing infrastructure conform to declared intent (e.g., DNS-over-HTTPS enforcement, address assignment authority).</t>
  <t>Management-plane risk assessment: assessing non-network infrastructure risks (e.g., IaC configuration drift, cloud provider management access) as part of path conformance evaluation.</t>
  <t>DoS resilience verification: verifying that path characteristics include adequate DoS mitigation properties (e.g., scrubbing center presence, rate-limiting capabilities).</t>
</list></t>

</section>
</section>
<section anchor="security-considerations"><name>Security Considerations</name>

<t>The proposed "Secure Hybrid Network Monitoring - Path Characteristics Service" itself introduces several security considerations that have to be addressed:</t>

<dl>
  <dt>Information Disclosure:</dt>
  <dd>
    <t>The intent matching model is specifically designed to minimize information disclosure by returning conformance results (match/no-match) rather than raw network state. However, the system must still carefully balance the need for explainability (e.g., violation annotations) with the protection of sensitive infrastructure information. The human-readable <spanx style="verb">message</spanx> field in a PCS Response MUST NOT be used as the basis for automated decision-making; automated systems MUST instead use the structured <spanx style="verb">intent_results</spanx> (including <spanx style="verb">explain</spanx>) data.</t>
  </dd>
  <dt>Trust Model:</dt>
  <dd>
    <t>Clear trust relationships must be established between different stakeholders in the hybrid cloud environment. Each PCS Server operates within a defined service scope, and trust chains are maintained through provenance metadata and digital signatures.</t>
  </dd>
  <dt>Authentication and Authorization:</dt>
  <dd>
    <t>Proper mechanisms must be in place to ensure only authorized entities can submit intent queries and receive conformance results. Authentication credentials SHOULD be bound to specific connectivity channels.</t>
  </dd>
  <dt>Integrity Protection:</dt>
  <dd>
    <t>Intent data, conformance results, and provenance chains must be protected from tampering or manipulation.</t>
  </dd>
  <dt>Intent Confidentiality:</dt>
  <dd>
    <t>The intent submitted by a PCS Client may reveal sensitive information about the client's security requirements or business logic. PCS endpoints MUST protect intent data in transit and SHOULD restrict access to intent content based on authentication and authorization.</t>
  </dd>
</dl>

<section anchor="service-scope-and-probing-prevention"><name>Service Scope and Probing Prevention</name>

<t>PCS Servers MUST only respond to queries within their pre-agreed service scope. Queries that fall outside this scope MUST be rejected without providing information that could be used to infer the server's capabilities or internal network structure. This prevents probing attacks, where an adversary systematically submits queries with varying parameters to map out the network topology or discover what properties a PCS Server can evaluate.</t>

</section>
<section anchor="recursion-depth-information-leakage"><name>Recursion Depth Information Leakage</name>

<t>As described in <xref target="sec-pcs-recursion"/>, PCS supports recursive composition across administrative boundaries. The <spanx style="verb">recursion_limit</spanx> parameter in PCS queries carries inherent security implications. By varying the recursion depth across multiple queries and observing differences in response times, completeness, or conformance results, an adversary may be able to infer properties of the internal network structure, such as the number of intermediate autonomous systems, the depth of the network hierarchy, or the presence of specific transit relationships.</t>

<t>To mitigate this risk:</t>

<t><list style="symbols">
  <t>PCS Servers SHOULD apply their own local policy to override or cap the client-specified <spanx style="verb">recursion_limit</spanx> value.</t>
  <t>PCS Servers SHOULD NOT expose the actual recursion depth used or reached in the response metadata.</t>
  <t>PCS Servers MUST NOT populate response fields (e.g., <spanx style="verb">recursion_limit_requested</spanx>) with the actual recursion depth used or reached.</t>
  <t>PCS Servers MAY normalize response timing to reduce the information available through timing analysis.</t>
  <t>The specific security implications of the <spanx style="verb">recursion_limit</spanx> field should be documented in operational deployment guides.</t>
</list></t>

</section>
<section anchor="geographic-constraint-design-rationale"><name>Geographic Constraint Design Rationale</name>

<t>PCS intent specifications for geographic constraints MUST use a whitelist (inclusion) approach exclusively; blacklist (exclusion) specifications MUST NOT be used because they create a risk of omission: if a new jurisdiction or transit path is not included in the blacklist, traffic may traverse that jurisdiction without detection. The whitelist approach is more robust because it requires explicit approval of each allowed jurisdiction, ensuring that any unlisted jurisdiction is automatically excluded.</t>

</section>
<section anchor="telemetry-ingestion"><name>Telemetry Ingestion</name>

<t>The PCS Server gathers per-hop evidence made available by operator-controlled telemetry mechanisms within the operator's administrative domain. These mechanisms, their transport, and their protection are operator-internal concerns governed by the operator's policies and by the specifications of the mechanisms themselves (e.g., <xref target="RFC7011"/> for IPFIX, which recommends TLS/DTLS for its transport). This document does not define telemetry-acquisition mechanisms or their security requirements. Within the operator's trust boundary, the PCS Server is the entity that assembles this evidence into a PathView and asserts its trustworthiness to external parties through the provenance mechanisms described elsewhere in this document; the trustworthiness of inputs from individual telemetry mechanisms is established by operator-local controls.</t>

</section>
</section>
<section anchor="iana-considerations"><name>IANA Considerations</name>

<t>This document has no IANA actions.</t>

</section>


  </middle>

  <back>


<references title='References' anchor="sec-combined-references">

    <references title='Normative References' anchor="sec-normative-references">



<reference anchor="RFC2119">
  <front>
    <title>Key words for use in RFCs to Indicate Requirement Levels</title>
    <author fullname="S. Bradner" initials="S." surname="Bradner"/>
    <date month="March" year="1997"/>
    <abstract>
      <t>In many standards track documents several words are used to signify the requirements in the specification. These words are often capitalized. This document defines these words as they should be interpreted in IETF documents. This document specifies an Internet Best Current Practices for the Internet Community, and requests discussion and suggestions for improvements.</t>
    </abstract>
  </front>
  <seriesInfo name="BCP" value="14"/>
  <seriesInfo name="RFC" value="2119"/>
  <seriesInfo name="DOI" value="10.17487/RFC2119"/>
</reference>
<reference anchor="RFC8174">
  <front>
    <title>Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words</title>
    <author fullname="B. Leiba" initials="B." surname="Leiba"/>
    <date month="May" year="2017"/>
    <abstract>
      <t>RFC 2119 specifies common key words that may be used in protocol specifications. This document aims to reduce the ambiguity by clarifying that only UPPERCASE usage of the key words have the defined special meanings.</t>
    </abstract>
  </front>
  <seriesInfo name="BCP" value="14"/>
  <seriesInfo name="RFC" value="8174"/>
  <seriesInfo name="DOI" value="10.17487/RFC8174"/>
</reference>



    </references>

    <references title='Informative References' anchor="sec-informative-references">

<reference anchor="ISO-IEC-5140" >
  <front>
    <title>Information technology — Cloud computing — Multi-cloud and hybrid cloud vocabulary</title>
    <author >
      <organization>ISO/IEC</organization>
    </author>
    <date year="2024"/>
  </front>
  <seriesInfo name="ISO/IEC" value="5140:2024"/>
</reference>


<reference anchor="RFC7011">
  <front>
    <title>Specification of the IP Flow Information Export (IPFIX) Protocol for the Exchange of Flow Information</title>
    <author fullname="B. Claise" initials="B." role="editor" surname="Claise"/>
    <author fullname="B. Trammell" initials="B." role="editor" surname="Trammell"/>
    <author fullname="P. Aitken" initials="P." surname="Aitken"/>
    <date month="September" year="2013"/>
    <abstract>
      <t>This document specifies the IP Flow Information Export (IPFIX) protocol, which serves as a means for transmitting Traffic Flow information over the network. In order to transmit Traffic Flow information from an Exporting Process to a Collecting Process, a common representation of flow data and a standard means of communicating them are required. This document describes how the IPFIX Data and Template Records are carried over a number of transport protocols from an IPFIX Exporting Process to an IPFIX Collecting Process. This document obsoletes RFC 5101.</t>
    </abstract>
  </front>
  <seriesInfo name="STD" value="77"/>
  <seriesInfo name="RFC" value="7011"/>
  <seriesInfo name="DOI" value="10.17487/RFC7011"/>
</reference>
<reference anchor="RFC9232">
  <front>
    <title>Network Telemetry Framework</title>
    <author fullname="H. Song" initials="H." surname="Song"/>
    <author fullname="F. Qin" initials="F." surname="Qin"/>
    <author fullname="P. Martinez-Julia" initials="P." surname="Martinez-Julia"/>
    <author fullname="L. Ciavaglia" initials="L." surname="Ciavaglia"/>
    <author fullname="A. Wang" initials="A." surname="Wang"/>
    <date month="May" year="2022"/>
    <abstract>
      <t>Network telemetry is a technology for gaining network insight and facilitating efficient and automated network management. It encompasses various techniques for remote data generation, collection, correlation, and consumption. This document describes an architectural framework for network telemetry, motivated by challenges that are encountered as part of the operation of networks and by the requirements that ensue. This document clarifies the terminology and classifies the modules and components of a network telemetry system from different perspectives. The framework and taxonomy help to set a common ground for the collection of related work and provide guidance for related technique and standard developments.</t>
    </abstract>
  </front>
  <seriesInfo name="RFC" value="9232"/>
  <seriesInfo name="DOI" value="10.17487/RFC9232"/>
</reference>
<reference anchor="RFC9315">
  <front>
    <title>Intent-Based Networking - Concepts and Definitions</title>
    <author fullname="A. Clemm" initials="A." surname="Clemm"/>
    <author fullname="L. Ciavaglia" initials="L." surname="Ciavaglia"/>
    <author fullname="L. Z. Granville" initials="L. Z." surname="Granville"/>
    <author fullname="J. Tantsura" initials="J." surname="Tantsura"/>
    <date month="October" year="2022"/>
    <abstract>
      <t>Intent and Intent-Based Networking are taking the industry by storm. At the same time, terms related to Intent-Based Networking are often used loosely and inconsistently, in many cases overlapping and confused with other concepts such as "policy." This document clarifies the concept of "intent" and provides an overview of the functionality that is associated with it. The goal is to contribute towards a common and shared understanding of terms, concepts, and functionality that can be used as the foundation to guide further definition of associated research and engineering problems and their solutions.</t>
      <t>This document is a product of the IRTF Network Management Research Group (NMRG). It reflects the consensus of the research group, having received many detailed and positive reviews by research group participants. It is published for informational purposes.</t>
    </abstract>
  </front>
  <seriesInfo name="RFC" value="9315"/>
  <seriesInfo name="DOI" value="10.17487/RFC9315"/>
</reference>

<reference anchor="I-D.oiwa-secure-hybrid-network">
   <front>
      <title>Secure hybrid network monitoring - Problem statement</title>
      <author fullname="Yutaka Oiwa" initials="Y." surname="Oiwa">
         <organization>National Institute of Advanced Industrial Science and Technology (AIST)</organization>
      </author>
      <author fullname="Satoru Kanno" initials="S." surname="Kanno">
         <organization>GMO CONNECT Inc.</organization>
      </author>
      <author fullname="Yumi Sakemi" initials="Y." surname="Sakemi">
         <organization>GMO CONNECT Inc.</organization>
      </author>
      <date day="7" month="October" year="2025"/>
      <abstract>
	 <t>   This document describes a problem statement regarding the challenges
   and requirements for ensuring and monitoring the security status of
   networks operating in complex environments, such as hybrid or mixed
   cloud systems.

	 </t>
      </abstract>
   </front>
   <seriesInfo name="Internet-Draft" value="draft-oiwa-secure-hybrid-network-02"/>
   
</reference>

<reference anchor="CEL" target="https://github.com/google/cel-spec">
  <front>
    <title>Common Expression Language (CEL)</title>
    <author >
      <organization></organization>
    </author>
    <date />
  </front>
</reference>


    </references>

</references>


<?line 1087?>

<section anchor="acknowledgments"><name>Acknowledgments</name>

<t>This work is supported by NEDO grants P23013 from the New Energy and Industrial Technology Development Organization.</t>

</section>


  </back>

<!-- ##markdown-source:
H4sIAAAAAAAAA+W9W3cb17Um+s5fUQN+CJEAECnZTkJ1ejRNyja7JYoRacex
20cqAEWwIqAKqSqQQhT1yOt57n45Y3Q/nj+WX3Lmfc1VKICU4n32OaOZvS0S
qMu6zDXv85vD4XBvUk7zYnaUrJrr4e/2mryZZ0dJ7zKbrKos+XY9rvJpcp41
d2X1NnlRFnlTVnB9Mkwu0uYmOblJq3TSZFVeN/mkTi6z6jafZL29dDyuslt8
0rfnL/Dqk8ve3iRtsllZrY+S7N1yL19WR0lTrerm8cHB7w8e703LSZEu4PXT
Kr1uhmV+lw6X8JbhJH7LsOa3DA8O9+rVeJHXdV4WzXoJt549u/p6bwrvOUoe
Hzz+cnjw2+HBl3tplaVHyTdZkVXpfO9ttobpTI+SvQRGdlbAg4usGZ7iW+kj
mfZkXq6m9MGL1bzJ3d+0PHmzTha2IvT5VTbPFllTrfmu8OVe3aTF9HU6LwsY
2Tqr9/bSVXNTVkd4Jfx/klyv5nOe/p9XTfo2TV6e/emYvimrWVrkf0sbmOVR
ck7/pnMYOKxGs2qypLxOjqe3aTHJpvDpFFa0yuGCy0mewWcJvBlGNrkpynk5
Wyf7x2eXV317smwUfpj853SZFvRNtkjzOYx0hLvwn1JY+NGsHP1l2THcyxQm
uUr+S1oUZcd4v3nxMjl5eX7+7OQKBjcZtV/svvdvfouP+0+zRTmclEWRTZru
l/95tchhBG+zRf7Lvbum5w3X8Oz2CPaKslrA028z3LlXX588Pjz8vfz6u8Pf
fn60t7eXF9f+orPLl8OzZyfDLw4/Pzii1+gpO9MLyyJpwgb98x//IzlBWksm
5WK5avC84WdEhUOiQtrTG0emyW05ScereVqte/SOQF6bywIjegQjou/srHxO
f8LRyrMaZ6C3ysVHCY1fLuQJ//bg8FDm/vvHTx7rr08Ov6B5D0+JeuC4IjMZ
8nCHBTMTvOLk2fN4QU7KBZyo5Nm7ZZXRoU6ep8Vslc6yZB8u7vPUmrSaZQ1c
ftM0y/ro0aNZ3tysxiNYrUezspzNs0eTbD6sl9mk5+Z4nc7rDMe+NxwOk3QM
pwSYyt6eMjtZThmfO9qw+P89uajKMRzuBA5yA2e8aHrJT7tn+HOST+G6/BoW
NAEWNp9nxQx+zYuErscn4za6F8mddTLNlvNyDcc5nVRlXevY6PL8XaabnhW3
eVUWOJx6lFzd5HBnOVnh3/Capiqnqwm8sbnJdrLrZB/Yc3+QpIlwVrgjbeDp
KUy5TtLlcp5PiHZqGkK5BD4KQ4Ynl8ktPO16ndzdZPCaCp4xA7ovbBmRgQMd
E6XT9XBVXsEEJ0CrMJEq++sqr2hF62S/B6PGte3D57O0QtEki9WsB3Qc5jny
uYEbB3PDZYV/NbDWo+S7Yp6/hUlU6TSXrzd3dYAyCZYLJliUDUqkss6SKr2z
a2mrn8JC1k2WTgdJDlfdpvMVfMpruoLl+hVuKI45SWcpXkrfwCKvcFA0+dai
48irrFlVuJq6NDgp+LSGI57sA0uY3MCZhYEN6fe+bK68iT4j8lnCtFO4Foir
vKuTBXEIGPfb7KacT2E7PIW43aKBhSVL7uAElasmmeY1UFbNy17UOfIwemuF
iwhsoUrh2KxgdnBgplkD7HKD8KZZPanyMRJOkaQVjBR4G92AM6eHXadIljBv
3IOntLB85OHTKoNthgdNgTjG2U16myOh4a2wVHhmc5zKisaIS20MORG5XqM8
/OrkIjn8fJCMcVK6x8gRcPYpzBeGA/Nvykk5x5XO4ZkgLEkZGjGHWOTT6Tzb
2/sMVQQ6SkhLe9/nFe5t/jci3rpcVTiXeoW7UMu5DHy7tWRA8kBiy3w6X8PN
y3k6oWl0ECpPWB/jtxEIsZjMV3Q2ymII6wYaEA4Bzm4mSzUHaTCHdwBdAfNE
dgFKAXw5grlEzMSJFOY5TCk/eaH184AWenmzroENzDcIGpY7LAQKqmw0Gw1k
PDQUnNuAB2UTbMolibsBLj8+P3AVeKBeNc2QH/FjcfFAy8t5ajewPcBnrqty
QQeRGGv2DgYHXJZo63qevcvH+Zx4B/CaVTGFY7YeyNrCUR2DRnidI+885nNb
g1IB0mgBDGZSrZdNOYPdusknRCsZEUCyyPAdeb0Iu371/BJncXYBvIqGeQes
H8YI45riqWP5gPu5WBXGSoGQS+ZjQKQwZxgAcKB6DTu1qIEIvy3vMljBAb7B
RAmeoHslD20YkhoqNAVSwTqZpEgkd/S54+jDObxjbkwWqQDOHp+XsoA5wIzh
YOBiZNN4BkgIoBjNazplIF1LvJgPGS+ZsheeXAIbkFXztZN0gSUssmkOjBXe
O0UW/uxdCryepCXSOihSe6h2M0vCcaIkAYUdXwQ0PgfShIPBswvDvWaumK6B
l+fzeTLPUhABwLZAI0ifwhOfg5Sh8w/iBpQnoL51LJFg6eBa5jUgEicwIVxR
N7d9pva/wPLV03zCpG5nJVA/vMTLK2BmwFTmfaBBZso5Clsc09UNWCtNIK7T
rABtflheD01cn5aX/SRtmnTylmadw5UTVJiRpGFwsKUFzr8u50iGzU1VrmY3
ujAwAKAuYAQFbP9tYGd4ZOfXQ+UZqowM3MmElyBRwznDsw+r4g6DLMT5sytQ
qb8esIwBeZlPac593LJyTMuHknVVb8jw3OnD6RhPhZIJckIwnUTNwWPiXowH
jtj7CskhZ+UHJD0QmzE7WH3P6+qsweEbydzmtXAKPpUtam1xcZB2dT4rkMrT
ooEFnucLEHJTWNUrONHTKYoyOc6zdFnjcfyXVDMkg5RNBKIqk/vI5pCS8mJV
rmoYCct3o1cSkE4Tq5klwfKQLpW9ixUEJbnuRfMCQtSWRNcKGPA///F/1dv0
OlZcQI1BnUsVmSkzR5jKLbA30oVI/Ye1XmQ0ZJwecziYmuheODfyCjDjcvqT
cL3xmjVXvPAmn90MjbdFiiy8GZkj0SN5IXBV/HrhIdLPUDkhWxo4mZ0YIVQU
t7z/oD6B9tLo2UZyiPZ9vMrnwFpXy1Kf2rIp6GFAMcbS5MXNQ9m+SBOYO6pf
ybLEZUdfAK77pi4GWwPjRA1PqVa1KidvgukCE5L9C5YCblEgOrUC8BEdakIH
KcJuoZoYdobUAdjAormfyJisSKmJTtgA9IX/2aV8//Mf/0sliufhzNtxHNfX
uIFGMXS81OjoYvWwtLBsuFqoWCijlOVDkpuXsqI4HGGKdTbjc4GbALowMh4a
RpWiBoecGH4t6mVZubGE8ZIwIYMFdxJW521R3hUJjOptDWcM5n5GC4OzrbLr
rFLDC/ke7gMvIGvN0UGlhUiJWk7mxEnJwYZKp6j1SiDwZ45bQLKTnjBtSfw0
2m4++lNQt4A0SZrvHwJfQ9s8JV49p9WAR0yEDPlDpC9W9unQAydI8TRkt7Tm
QMdzkJZTWh3kqERQJp0a9cd1yKmzi6/PfnDianb+4myQfPXNxfD55SC5PH9x
0R/gKB/3UWO4Kae0iGidFCwJiGEhw4FVus2zO9VyaIv1eIGQhkVbocVImipx
WB08Pf9JHw9A27Kz8YopbnZn287usq+3npRPsz339o7RtqItn6HuAycoB+GB
ExZ+QIPMnanFL9k0p3WESDMZb9KECG1E/ky1s3WMfCmNDF7mJEA0y48zwMVe
NRkq6hK/TAxgPFfwwg4bOBgmZPwaNV1eOIvGrga9i4ZrukMftTVYOtZHWfSR
Jc/cBMRBtCtOIxLmayvMmimKTdO4A9PAUymvDo7FAe4U3gqECYoeahSsQQ8X
WYpTJhGkVjELE7ehaK06zU+eP0xEBQFBMoRLiixwrHDoSGuDSQKjqHPm8tdE
HOGE0vEw2TsXhoQiMKtwER5ytOnU1SgBkSUzx5sATxJKfUrkSlbNLMVTVCv7
GNLQ8KCE57J5lpAEWtW0NciMhNiUFmFj6KmixeCxCup88HbwYgZeRwcGtZOs
Gs7TNRxosftMxSZmk9amChMps6KCzyL7J5/NstisYDpCSb332WfJSVkgaZvj
7hTZL61/jboJuUwS9pn0Xnx3edUb8L/J+Uv6/dWzP3539urZKf5++e3x8+f2
i15x+e3L756fht/CnScvX7x4dn7KN8OnSeujF8d/7jGN9V5eXJ29PD9+3mN1
y6tMKQu4sSwlnFXk/mltXiZSjNjbk7x/Lw75Dx/4d/TIw+/AMwvRjXDv+U/Y
f9IIs7Qi/QeO4yRd5g3YsWRx1zcoU5G/w2KebzqZNocKOgzZpS1dC3ZF/Vi6
cygZglZKYi+/TSdexj/lAU5LOn0sN/1Zjz1YIJbZH1R5Lxbu8HWJrkE+MZUY
S+yWYKMQSSuaxxGahg39cpQcR6qCaA+RxsD6QSOanNMc/mWNYYu65byATuEC
IQHHgYl/kKCOAAoZzjGr0ROKatF5iVEAHOAKPSHqaqbNT4q0qso7dLaAXKrW
Q2IbUxIA5LdZkhQV4TUGwYHO1XkO2uJ6Ms+GZZWzlj61E4bP5YUcfpXigksU
FZeDiBPjJB8+kPIKgxo4LYAVbLhwnkXrT0MzXWBqAg8IibSQLmk3ADYrKjnq
t8hNwa6g18hiD9FZBaYCKOCg8I7/gm6u22ykZJC8EJ0E6eGKrRZU0XC/2fPA
u37J7r5NTcWJ4w6TIO2MFOhKs27wqw1FZiAaAonOB+ox0UJsKCYwXzW5L3Hv
w2wzPnxTJX/ZJIw3M1dtO9OdEi2LghtK8TjyGosv+zqfrYSodNGI8aSzKoOP
yUocwxCzjK1Fkl1K76pf8gIhvz9mCabjzt5ReOvhonbwMYL24Tp08NTnIKmA
oy5XNR7td6qnwLnN0gVc08e/livgw/tM6PgncC/6iqQmqhE2Gq9MoHc4OMWN
R9bNGl2IdQl35AuMwqEl62X8dYZUso9v7bPhqd+ALCA7eb8co6krLix60XYF
YxTHlIRrgyDxakWdqLIBu/YN0aRuWiAZCStVEtqiA4enZTbDwFijsUMKfszz
v9Hf/7oqk+yn5I36HswZ4Jg8OHKAeTUMg0XiF4m1q5xM9nqFSx1e3mmZtZQ2
WzJVTXkObZp17hnim8Dbq4YDeZ+u0P1lNSVz/GlkwDxgBKCQy1qRqCzCjpGi
56I+dZ0txnNegibaZ2YWoFyzn0ctHjMy0dQtpsOmHGbKafTow4YMxZPgzUw5
mhuuCDidWRnc0Z1uBZwo8GXY+mOjA9x7dFw1vAD41pty6dbFTPFFil68WzCL
aG1hrjqIoRgI8eFzNCDkpNcjwy8pdBEzGs9f+uIsI59f18rC1+rerXCyNYpQ
ciQL18jZBTXgiW0KEYpFZnDXlK8oSXyEN4hVYwtFAa8aWTh50IolqlZla1i/
2oziZsUM2MQo+QpN7OsU3jwwv7DuALETtk1ZZARFqybCxSAHacnk3JqyVgPz
ACkCGozpveIFYkHHpxfWfJGLMwq/fcOi9TUSG/o13sC26HpxSsCUzAuwJsgf
cKH+gJpsjpbWkLxAzs266KSsst1ehGzTEYK3H8V8datzoazELhdFgQ6jmuUP
cT0EnUM1jpq9pF3ebJIG6jLfpaWSqwHJyAIp5MHb1FI5zAn7gNPdqUl1ZhbU
cLbr67V4Y8Q3ehVcKHnb6QNzzCnNpkNdGsi2U7A1nZAOXOSq57ONKx5b9sSL
++4WfbfIDSTMpl5wtnvNTIZtI+tTQ7BgdlyYEZSZyEXO+tXaaXtEyZ1n1Wl3
RgQReQzEUP8Yd0878uMiVLs9P8eXQQAMyFmClj4tlLiOKCAGapoI+ZSTV1jt
Jp6cSkRKcoDY9h+XGMbGJC1cGpCBu3M+BkmGPi6TBuhdoFfB2cMTk5PxYfkf
4wzXGOY4YS6DayXJNfDKJgWu3XKAjZKXFh1kdsMWLh9jVOQ0v4R5PGiBsAND
UXIjTjSwgAxtdBQY5LA0iRl2oFmIpy0ePWWOiCMd+7iHMK1vSrDz2+E6Ctb5
0Ec6BnJuR+9cfgvSjwjeaRxeQcUCxD5nefmokk2LlmhGIhgv5rSujbQ+H7Ia
JZfEbMRVhNrPaj4lX/q36S16B+iM0eJdRy/doGI6flPQiQs8/vURHCu4/x1F
5pA+UE+eK8OMozYUsyirO8nO4pAXm90qQVhQ0uOuJbmDfFykwqrPAkhdxp0V
FJ3GIAac2RlKK2bEEqK0vV/TIS2vm7tUIlj2sKchYSEe8uRt1gzdeM0dimRp
eQuwURUeLNKj0e1mfN3FxciDdn4JJ45SR2B8txlp8TqPd7hXIIuBBU1tG1aY
IqG3t2OHaKrgIR2XqNg1GhVkpw5zC2Ez31+c16gHDc8uBpxowgqQ3NTaYbn1
LD0ZqN9hmNbDVFMIBsmfYMQY1YP3nua3LAUowRSXnNLjwDQa9WFuJ7C3JUXx
s4h6Xay+ibkM6DhBJKAkzKcsveTwA+tAnaPIXPg/KARMNM7XbwcFV/pYjitn
KeCBDM4XCoCxiR6tRrjW505h9oOlofBGUKgD9MM6J+ctkh/elaoZXUfnb4LH
j2ZaYYaq5wUmd1TLnpQl0h8/Sa36kFeBC8VJTPCWkOHbfX5HySvv0pminCY/
SE81RPRm9izCoQyMOd8djdpC30R5LlOK3ptJIsVEeJNPPPYMibJIWJxg6jEL
WBQxqDrl13wWJdkDJibJl+08InIlZQtMLuBYCUY2YLX+ts1aIPcv+2QwKi7p
xz+TBm3L0bTSRCiuNMbkQqAw22NgcWxCDMy2luTS+oaS9eD9txiL9uKIzLs4
QSXwRttymbeKVpT0zGBoUcRHIQuAwS01jS0JWIO8W7Ix4/RLC2dp1q7TCHzm
p+rYM/M9h2D3dXtfOrKPHSnEegaLZVQBUB7INMnNNeUcBHxFpEfjpD3bkKDF
JZ+uk3TJClCOhsUxq66SBaTy7d4ylZBK8qCUuYek4nCcI0hdUsrl7MAyi9mg
CtB+2vKab7gL+2xckvc34lrID1iVij4WDVpyOdNYXSCrYk0GscSTiOzvMNio
eQ/ts7fBjDYY6CNJmtLMxO6Zi1W2wx37KPhiVS+IXNeaFubiuO1UD3j3heQL
oVsPTKCS8kNFZeAIKNyArItkUC0HVekej44lJGoyGO9vPOkBSy52leMh3m6e
2orQkNDvmum60G6RjsVTBi0DT+dNWTYkZPNrSdVEmilBXeFMkHwzIwADsGQg
xFqTileWLJSNA6y3hGXcqXl4NWgUFMhxbvocqd0avcQcVtr9drpoEK2B4FR1
OrHENFAx0llRhvz3FzDNmRDg/snpiz7w1PpmXALb59hlrLS/vMUtyu7YjbCR
y4QeWS5wYUIpyaQm7jPJlmQvs/45kKgeLO/799f5bLic1Bx+rT98OOIA+3P8
E22rb2G8tXf30MjF56JZl5ZwzNs1HFOoR80e9fS700D+mJocbBtJNuRqUMax
LUeHzEYfXRhJCRsa6oM47qBO0X8Tp93A+ylr81aJHXAN5h0ZVYuQUbnN8UXu
nwLlPh5l9GSRUm5eO1DqJSJgHrhwOeWu/QWIFN2gU9AqUQ3jZWMfYu0ST1OL
3ZGrCAyLaiN3Bx0WNl2jhhOQPRXl2Tc32UdERzjWh5VSHz50BUgsetKXLDQM
2a9pxyQyE3KlW7lEOBCVeTTOTW9jd0ACY24uJAEbDZs8ES2cjY+nksKH3JVU
N8tHyqmuw4jE1BE6bFVxXw6GqCuc82BbrbKJSwQmoBXI6THnHepc47S28FqN
rBk3X0MgavBHK7K5c5aZ7ZjiZtqJsjD22yDfAAmAgxokwFExJxrsMXQ9LEtx
8cHTLk/P/ZkR6tOEZXv2jMpQG6412lArI9rB/HU6ZcAWiWyS1RLtsHrgeDNK
TdZU+oEr7SJPIbENYsEJK6dQ/gAL+t/gZ+83w0//+c3e35PuH+O3W77Hn7/T
3T8FbvlzkvyH4fA/ymc89C2f6d2tn33mi8lvonS+32x7d/unzcZ+g/NAHxTp
h/7unav2f9y3ajsWBR7ewcx3v+/vH7dLLR6Y7OuJxhWmEx3PFe/uCO8dwZ4Q
Mf+c/ITcD/5h9ge/IP9zu/STcEL86KcT5AH025WygNOvfu5ein/bdeYAcMbp
W7/oEutPzMS3joQX6RWzpEeXwpFgTX56jjwJf0EvEf4LrCg5Zf7z84MW6Z6f
3zAXeH+UfBarTVy6+4ceFq1kksnW1s96H9iwQy1unrLR+R0VV8AfZHGR3kDO
hLhekeMYLBqQ4bJKq36w8CfW1tCJhlOQLmus5IkrtQYhocb5i+NqJhRGmoHN
di5Gp4Ljcosztc7x2rTIqACDBS6ylRmqo3Uow6DSslBDt/FqiQAn0/z6Otua
ziPOUI6EBM8quuCY9ecU5lGaBZ1WV/1W4tRXlqKMOWhZoR5EXkxcyrZUJJV/
lHzNOgenArCVj87x1O2M5NPVXK8iC47iRI1MLrM0qclFvnNJbiDH7WoxRu3s
OiyVlgBadjxX5hQZ62pGSfdN0B7YmhfpI6QEVtk16kG1D7RFxWkd6gCXf8Dx
0yKCqmInSyBF1J850VZyeENkrytzecnRFnwf7y3bFLLdrAijmpG9a2BTyElE
tXK4FRtRSKtdMKGFERwO7owzn0vWuKKndK0eZFcy3C5p44SUeWuJqH6vr+4g
pym6UjA/mHEmYcs8DKK8jcYQykvMv48kp46QvsY4+dTXN3mgt9KxnJUnlJqr
kDh9n4pxNUOAnOrzfFbUweovsrppeW7WEtAMeahoe1txK3Mm9q9JwGKoPktz
8LVTSIU8JCKxxAypekvugnjmWgZPCA4OQoDMihRo+C7ZRwuc0A6ar3WSbUyB
bdkTkUUQZeO+f19nE5IRcmdZfPjAVv0re9SJe5RkACTvP9u8kZdk92pImocl
oIo6++L4z3iKmRlJVB9etZHG4exDqjHRpJooxHHPeo84yK3O107WzUfOMlaA
2E3KzKq0QA86eX+OEuKPwyj+w1xwgNx0oDVDawkBRYMast0R3y1TGnRbyANx
hAE7xiy30d6xW2cu29HKP/Lu0wSuy+CM9KUwlrVyP3m52NYQT+oQfhmgGZXU
c/bq4Tb+6Rg+9H5nOdR1n8O7UdomBnAcCUhEuu4ISXNKTEhlo72UlNRtEepk
XxwTIKEldTP1xXAwq5Wwo/g+qXvyNVg+jXTQdgqzXJllWn/+SOxgYsBVSjgi
kmbKZUCfkGwKq/frJFotTf33gXxdLnrbNbJ7tQM4id3NkqURmc5y18DSjeDp
UiCgbmLgP1VFSYhTUoN8yaqk6FCdl7GrllOhe3+YoL69urpIPj94klCmbILe
M3gOUSdYanwy+O0TYOJAR7+29EuLvkomYi4GO9WZu0RFS/DxexpCh7S5wD+t
hp8iHa2zxKIxpEcYIQ19Ef11Ps8s3iVpbuRmEA0lEnyyAJfPj8l/XZCWRpEe
XK4FpS09PKn41wLtoSlbkjmDdavkVw4V6OTCLuQT9Ozksxv1ayYTRNZyblEO
akhCkzmQgkodpYWjR5K0Wa4vzQN1IalNMqFx/uY6zbHs9k+Y6ZbGjIAy+fCw
XmfkLof79r3dDmMdknI10KozPAIce2Mgi/xtdpfXWQsExu4zLQ6XEL3MrcNx
1flUdqdhEhHXUYUdU/1GDnpR36GsYvOCjkcdNEN8Jey5nnajjRJUAPWzmzbj
EuAwdrtmNhrWIvkjTefreXkH7BR5DBYqsTY26FpWycJnCctrQTnL6AFOaylB
gcNg1AS6gqUU5nPEJhF5FB0x8VbaifRecBjz4YhZPsaIgi5wBAIIWCgHOW6y
jfQgckZjtgvGtVGE4f7RDpk4Aoo7vkwebZOVYuqI7F9vCM/Ho+Q5uTHNxx78
q0fCIu2VpJSK29O/D5Ua8VJ9stP+Ifm1XBAanGA8EpPhYOnOZL2fjDS104rT
yUGLETfTk9pp7Hzt3+SoWDWH1rkUxszAmCGhKEfHXN7tkvVtjA+oiw49qOSa
H4/BWHgW1xd4fY9Coqgc2tiT/Sq7A+Ur6/s4BSEEYFokBSLDo2pN5I1lj0/Y
eIh95nJEDf5oKsoq0BY65llSObpXk0lJXuNdxyrVkLRE+HC+ryyIFC/hhPPG
xZD3PocxGkMUxnokw1bGbOSKFaT1KvO8Qtmf8HXRPBo+Ml7J5ogvJqeIY9zn
4uAK74v0XId9yaZ9K/i5xiRZ0KFEN9KKOZdoO9r7YuTtiqPkRVbNNKjAQSmd
6WZ0lbNIpUZAXBddubIDzU8l/hnyXU3RkiNq6a9f2sEJyswRWEKkBmmeG23l
A+uYotqogUAMEHeX5BzkCfcn6AJzyIuNKkGpPUO/AZnkC1hxzG6q31KpDJWN
eI69XFU4eMzfJRehRDSH/xE3f583f/hN/0jWgETLe0bwG2zu7Ye91l3uR1iJ
3WRngM9ffGdrAMfwqMvV2I+BbvrDsQ7iV38wqtP8bkJhyOfRmI7jMdHPVj49
MFVBX2I6QsxnW2P/D8P22Hngr4gm3h8PmG7/riQxiHZ74Db5w85V+Wrbqnxl
q/KrrkXYGOJX7SF+tTnE0Wi0a3fpRzdUTqMSU/wyvFFeg5YgmCR/eOhyvCaa
/8CUSrYj2FWYp8DwayzRnpfw2QXrugj4RknCt2WOHiQS+oRuI/6Jlj5EFpTl
DYaM0BrfM4nfM8f3LO09rCCGg9gCOHLV03DUXun7GXqGS3VFr0tuMopw92yQ
r+miXrLPKY+z1BLJZuQ+e6a2icwCTpbmaGHyEIoRl0HrOD5wtmuGa+CI7d+y
qoTTvKroQKgsxsxStSzLCYzpqTcLFeqhB9KAEn6bDI7iKusx9EeBa0g5gyyC
gGF9j2V/Uo/5iMkTF4BmEbRxMTfZIYt+yGpKbpce3dBzwue9LNzrfDrgEsHq
tSp79NIPow47GZNYGQQEK4B5lVR96dQcH4maoC7ymepfnAyLXMKtGItLUPzH
wJYm6OhmZVcVIKmNiMYlUybPhsp9WmoczQL4DUEl4xayRcKhgeVSKscVIq+J
hLo8lPKdwYaurTIAi/rA4CqGYJXD8Chgx2LI2DmO8NJ2RGUsql74OLyBqwnD
QemRgjF9nTa9Rz34FIgWRtajJw5BKYKd6wfZCnwAoRJQZuGxyaTAP78OQ4hT
DvEkwd043FVD1iKFcDKQueiiw/GK7WhKjwNWM1Lcx3JSmPZAy6anhNE24FWM
jmZ/EMt4U62JiBYpOovpMEghHxyEcpn+FemfkzNhTfRc4Hz+QOm26bynzi8F
R73C8hDWjS6CkAcSM14BxhxoZ8htJlZb4zQ5TWWqeWhjDIKhno3lP+E+nD2b
SQtBPQzeFYKKEdeTA8fK0rpxlTb42ldtO5ip4qYssOh3U7XTd6rzaIfHs14t
FuSSTQS4lR0zwaFq5TceiYXw3EQR5ZeQLl6jO44zncOiGrOxC9VM0sOiMcuU
nptFatcYRP/bZJ/ovBpo5QtjTuLVKcHEiDkjhi1mChIVEXPi/REtNJNEHWQm
XF2hL2IOklfTIVn57cKYc5AFKat5gRy63YHqRKdgTkF215qS0DOmccW0ZfFT
36TEUWQtDBYjWCIqPYiCWZRH8QDKswNdGI5Wk3wrxRTi1TGXuZmm4g9eUkpX
XpOji6vJSkpRrFZzLpa6IL+tu5F5jfrUYtOlk4UHrqwcFAUdOoXIKsCnF9kd
154quouzCVxSjU0POYCAK5xdkwWAH9cC3bmTeRBfUhbPyGXoMdU8I2KsPX2i
yFRWPHCIvTAw5CXfWARizQ4BjDAEuthx4MwrgSdYSxCJL5rfWHgwc2fLs4/Q
TvwJtSfmxr6nLGDtsVNk2dNQ6o9hR5cgx6QlIKLJ13k2n9ZtSydTiFFK13Y2
zSiBcxAUCTS5Awop50HsJUmPSKB3lLynBJIerwn83Tu+/PKLg4PD3oC/ENaO
39wui6PDx08+R1jyD/i1gpDYU7y0gk9/kuSU95ak0tP4Iz5vlpUj8RXI2+iS
colfwmDcZ2iIZPTI3g8/9H6WLz4Mdr9AHUYf8XSbvS7Ek/A2+vdnm7wJ6TD/
RfruNZib+IYnBwd1WCgRCuHKEDKjkcry2/Ws5ekK6vTcLsn2j4qssZng8uN3
6XgC28Tg8Tjon/fUZvCEYdXVn0whNlp46GtWj/BrsmJoUD3PtPGrq1fHJ89O
X1+8enb57PyqJ0ujPD+8i8UL3rGc1KO0pve5uTo9C655fPD4i+HB74aHX1wd
PD46PPjRaDef4fdgu4Wxem0Ev8RmDD35xjjKUXIw+v0Xe87UQnkjVZev4uCi
QS40TbZYot/tCENT4sk0IDPCCsnQ0OZkiqdwDVWqtqp4Nwu/x9m6lNJEccAL
cBxrb/ig2SoFeoLHJ7N5OdbUCZllFwoomlKTUtI3sQ5Ssj1RsCLOUDxHjQtH
yPkac+7ifBxR4dL8JpsO2rBxoHyT130HXw7ai3oCpSjaLZcgC5grGeXNCrnr
PL9l5A/Qr2GDN/xl6g2rt4R5pSolSiagBIByLpm9rAIK7C7V+FB0oJZEZB8x
JdFblXPJ9ialVZAI/BskxMJvmFOtm4Y8Gpee1s7b6CwGcInEWt8Mtian1CUv
7wpOLbY5zDOraNmZYNwu5LtCjC8l9FZBupgW9FylZDYX1c+ENpDvhMCawAMA
ezARU/LNpe+BYkFpzrnLNY9qtzvVoqdRSZt/LSGNUWnLjnRwxGGrsg4djDHl
KTWsWjU3YYkj1LCN5O37ByxvlQCTOiNcGLnO+OPufBWh0b6+iWOP/D6nP1PV
1daaeEn24WuRmL65v1iD0v67MHS2xXe21Wgk+/CG4RxT6O1r8mapukiI/vMV
fyioxMPrnNGY+JMbqo/ZVdfRigUxqdXRekclRg7TZMBF1FntbU+1DVJvYw4i
UNMOZIiW8waF9a7KEo1X+LqSELEAqWl9W7D0KVSabomJcBrBpo+tHftHKyoA
jX0CMQo98foJIFELVtnqlrWMkk0ZLT7qKDyikOnO6iONIGp0/aH9TGSfaTsI
7pL7m7iGSBh9e5tFFRIKB86NCkQChYKzdILlXooJx6mPkvZGtXcEl8nbBwIC
OIh47Qx1j1DkNRuRM9Zwpi+Q6X+9KiaGnNkhqH59B4v5a9NojoLc8XVoDt+4
blJL4wmRyLQjSkpLvrmwfMD8+jiOQAAUk4mDLqCjlnJtLglGHOp+fLxwLccW
nhcMAOLOQV7WGQJENHh2DDH9XaPrMQo1ekIgAfKFFoPtaFlMSvugZWDzLqxO
QEOkA3qkUGkOiPDjCt1UeHDsSeC40/rfBrVKKbIDt0rLvmA4WvmlHUkqRrdG
piFJZIbsuw3tloVOAP7lMtIttVl8y1ZxTEcwKkwnL9Qu/CxMJc4EN8nzBKrp
Qguj3hErLrJ8djPmQu3udMwunB/uCaCuHzePzSSKWN5v1DYF2DVLMOvKY+W7
hnoX6YavMi82OwhSoP4x+SwkoPRU/vZCAZ+lg25UXiXxS4hTqp6X+joBqXPG
rClpakZbd+HsCkpvt4PYTkwlvA2UT5iLB5d0lMSZA5Yy4LkKDmHidtgf8TvN
6zPtfD0tVIM+om7HG1xCeaGZQPV1JOjEb/eiRKDFKAqyWgSXknMhqIHlVqAL
s0nOl4ItF1Opx9DsfJXcmrYXYfsKwup1O7/M8A8029rvuoI/kj6GItZchIME
9bGaQYsUIp9iA84wyAq0JVwZCh8jOnIOXk45BWNrSdV7NwTssyj7LYYqtEf6
goZtGK4PBaMfJCGwSxFB6nYQ45Nx9sO2pAdxlLK5+m45F4QpNuHDW+nh0uGn
WfNudNb7M6cwABKc5AYWnsnDGCOQ0/3a0J4MO9Tk1+hpFwIJzOQpCiVDBrQa
iI4F0wROSZdnI4FjZdx6TAMWUQqJxBo2zaBPQAakQiuKwKwjNL7guebgn8cp
DMehFm03JCHyCzTV+wLO47fAI58pB38Vc3CtIGiz7JbK5jVNQjq+aEsG4Rhm
qU+jgmwnjT9dediNXrlhPJmGWFsNVmvIqCY6LEqRkOM1h8AF1w2D+BpTWBB0
k9j5wEzQSU6GYYBAqwKQKOGHGkRoABDVGgQXzBsa5KtR3/62lIyBS5qS1Pme
Vq+hd5IR4nWWr6XNXE+Hy8XRDuHdUKltqQeusGkdF0XfpaFUTgDXOaaGHdcQ
v5OFk0+a8ryZs1XZg2ZA8luYrG7IyEdnw/JYOFAjgBwSBOV4sewT18DM6ptO
oFNJPTCY2W3EEbB9BwiElLLZFT1K6D7j5jVaaZ9VYugTBCGoBWixuqI9i09J
hm1kxHUgHAbEQNRprDpBldmu09IEjAA5hSKYlz7WHV7M/lNWCUXwitiv46Ps
wVpEx1FoZBp1uprmTatDXCirs8acKMH4bVFFv+JrRnnN0mRIll6VY26GiX9J
1pO5RuqNJL3/fPnyXONXIXSlCAftzSf9SlMaWatRrwOoURQZIEtoOzeKoho3
HAB6xQGuECJqRb4wOBXiERqlgot++EGjC+Hkv+aLD0a//73FGYTThGcIXip+
0Fv+/vfw7+Ho8YcQQxGGFG4I/e7wvQSaZ+EPhcCiYT+7HD7+4svhNycvQpjD
MyENkRweDB8fXh0cHh0cwP9xlGSTN2EULF9e5+8wBjYrFnkvxI+Iv23hZloK
Q9YweRS3yQ3Gl5aOmyRoBHeO5HqHdLAGl/oFHx72XMV9NSPgbgZX9Jm6CJmI
RKwtz+CND8Q5wYEbUjzWMDFAF2JKV/gw1PYR8GIo2PDx6ccok7EK7lzJCTIY
AR8aiLxHhAwaL6sWUhGn7rQd20DER5y512exsIFUkq7eYYBcvPBJuw+sw9p2
0CVwEF9d/JezLeZodE6VQTGHXIzRUU1vohWzLAh9r2E7O2buHAoOxF7AY4L5
6NHwsWJDHSVUsN4yA8Undi9KGhM6JjcSFFXsK1MFZIdTTCpC983nM2hZw4M2
zrRy4vAqRWkNLpoNJ5k2xpQOmuKSZLcZDuAoabvHOlzP3mNGi1cWs5ILb4OC
HvpOsyZ7JhqW82rHyVkYAeXIoVTLW1YWD8/rlz71XJD2htKwFqvlBUBwsnId
YywihElch6MnikddUTGcOmf1lbDsMKl2IhhLShVDt3mavMQ5JI9HhwPJHaPH
72OmWJ+MN5D8xdkpJvdgnRO+Kp51MsF2GzQJn3lIabfseTaXWFQrJZ1ozRWM
beVh/TQUt09hveFhn5LRMqrYz+oBXUSgG8PHQWPWotTnWHf6/Q/wT5+vlM7P
bNA34Wzsf39x3jcwCrr08nT4p+NzKz8ndEic7dl1OLpdE6g5uiNlQcYMxriH
SJOa/TkIjwm6eq3VIaCylZOcfC1iGMtzWrGUGg+dmqjaQki0JUNscI8XOusY
9Rb9Z4Eh/WonJFS7AB5zGtsHqg0p/x2DIHHAI1C00IsYv4RsCorLpYmGfWw9
0idIKKFvObpjij61PM4+sKGwS4HN+rMtsIWaPSn0kxr7oz7cMnTSkBWF1Dkg
iIPBhLjfiXQk8UOFVc3LqcjoKhu2KgviPqi06yYsrREZ3IK6ZLS+6MtfIB6v
DVx6rtgtAwrxNxo/wTYR6TtypPGqIPJ61nentchmZcP9z9qlpqLaKsS92LoW
aCGbX0u42QEgFgmqCKlXhNrth7Yj6bUDVh5dGFnvZtfAe9sUEU4wU0lQnEQz
wEqYK44xoJyMEEnIdU0engksAUMqM3JsC45j4FHIqaGtYaYcXw7pFod6Y+kB
7rCOPq6N15ZeXe3WRh0tue5vddDZjcs512SLqTuEWJThBGp47U4dmD6grK5I
mCxTy0kYC877pXpqHZWrhqZEzEFDolb2k83IE+hdqXoNp25uhrdQHouiwQMf
r4+wPDX0z/klY/rc2CTHxAd8MZWgcrykrXRYyKSzewlJ7BDZ8WUdWMPq9S2h
ClcW2o5ehNTWJyN00wlPa7PuI4/r7dtabPEjtxubbvMly7a0Skr42L9S/V/x
FXGpuAXt8cO8zuJyHni6cLjYdpRl+QK6rdQnOXJ2oRZaGHcICd28y4UdISRk
zl/GKUbSbZJdGCG6gAFieOILdTEp3SuRDyK31g0li7CAD4lv+ICX5mUfBPHX
cgRv+oE58qHpa8jCWq0edruJYT9PPdCVA03ABysIEvUHoOgNbrSGFkUL4gQS
hC0uJqDnFyyJqS+D/0S6R2fRx8Cfa+4nnlA7v3QezEjl81jOW44dz02sjfRY
eywSKjIM6jYcRtKyqV8bWRmS9sLsa1PZh1P5F3IWlfcmwmgeWT2ip3WDdsQc
dKOGWV9bZX9h44H1xyJCpWLkDF0PQw+QOZwifVnTnx1e9yvKVcPDrW1GaU7a
DBSGgeiXasfF/nilc9dR1bx2vnXKbAUnk1Qi9FmoqrhZV83I/5HWkXrvv9U2
IAW2Gl22FYyB8hg7sK2EjvsybLYoKLtaGm/PnURXoaASt7qS4Wt8JcZnyVW5
HD6npbnUq+Jl4e6QxkPpBcEryS55Yqw9o2Qs4KK7BrbN2FTCum92f4uTfH3T
ul8pI1xhrBcvS6sqXbeukvBR50NoylQaEPfF/Qw/t/ELEYtnKNDqKEnOmnD4
JV7ECYust6BAt84RjaqA3GGH13068n7VsGTmwEQ5S+5ORAmirPsl+hQp2x7/
PDwYHeL/DnqSyN9r0I2a7LzjMfwP70BPp/klL9lo4nZzNAxGJuLdzNHje3Zx
+3nyCP/5Urui4HfXf52ie/Xr1ZyS6VKpGxddpQC1C69Ka7wIjH1grwtksILy
f054f7LoTBO7V9zackUnK9JlVfputp/vbqnV0UI9r4NiEXboocUavXyKa/3u
3RCDtbj+W4s2fDnFRpFGqM6QJ4omPSzfth8q34zQL24PnTeZ3/zHB1KAMVDq
cuUXvvLiy4PaCMrVXWwpuYgJabixLMd4LvEMeLanrScZ94JK7LSmLoBdiK+H
RK3B7pHcC7XUYjmFrL3kG0PNiioIMdqVoskIOji6WPZJjteUx2vNM8S+eRN2
5U2/1UB3PE8nb/kJ2buNJzwV4sEhF9Y0umtSFvp24w3miyYUvBJXigTGtdyT
rjTYf8RbXIDJfZs2IXpDuQRcQawjFjnQ6j2CXXOSEhU15EzetNPIPxxXLJUV
UBUpWQetmDZxmk0VVwTRN4iuCVaLk2Vgh1mTQB8+iYrk7PJl8uTwyy+Hh+0b
VgxoEkqzNpps7//wwyD54c+D5McfJS+xSu+KYJCEZ1P/jCHihFMFJoGmJfvH
x4Pkjy/++Y///scf4TnH8MsPP8rDQjDX8sLMIUCjpIL3i2AMO7QNymZjbkMA
mKokDrjFVJW1YiZHcVh96PpyrvCpqEWQWoN50NWU+l35oLw1wUL+qmZAHVzS
cQ+aB4wa+27V2DpizRkDTTYrq/VRqGbgC1C1ZvIJ4SESFK4KocT6fsG/pLDJ
lE8qOUn0ZgFRyiM3+CB+JoNQUJTuUbuRjLi3yYvZVNTHaiAIPB1QnQaYpaLB
ZQPICjzdgdPpZy0WGLneya/u25FFfd117Sl0u+KyHR4Oblq9TDnPhPoCUQmJ
GrFB7aSMYG5ZQa3osJ2MPmXgwVUHwhbFtcNypO97albSp6KV84iuraLDGFWf
7U63S+Q7M9ONIa4IBEM6p+d1WUjaSntypLXOr4eiUmbTI0Roo154MpdQMqXM
OS/ewH+zv+J/QcQBhy45EV0xATsWes3pIphmyKOn9FjtLCdQNGI6zIP9vPcq
nyDvF0glhN8UPD8taXWgHlJmdj0nN0OY+HDoAyWD5KuynGepFXfTPuwfn58+
evnq0fnLq/6Ap65+dAE8AtXKR4xoytw1pxW46OEA1wS7zP38MOCe9IrSffTj
j72+g2sMkxhs2lC8SHXoytdGrSJPBRDXCl1navfKd5yEqL5quH9xRL0H495q
mr8YgpK2S7UUbKB0Dl/7ZGCLVYrGhsW7roUYosEU03i775sEnxvBOOUcZ3oV
HeP2AgnLZf5AjvMmNMko3FgkGRXVXpLL2kdQUjtBcvMLN/Ow1akAfAlbXZDh
8F9/unp5+vKIbZeMkh/b02xT9T2zdi3BHVXvZzmpP+O1ZLVKdr65LO3+ki5y
C5Ea8IguAiLvAeF9h0Aesk7CbdnZwnPwHR9DRjb7A7gunpZ3VdjKzdIlEB0l
t7XWe/Rff+buYZJ1mS+SRZbWnGF1QwXm0v1whT7cb8pyNs9+hc2LKD/uWVin
5zrP/ZNnz/vJT/Dfn7XZ8wNW1i2pFN4RdmXTwfGJ1z/dOCMaLbMRS/Msij3o
PjeUhei8rK0Dzh4dGLvPXMJ6zzHfrIuE+YF5szD/hkQQdUrsUEk5/WJhtURp
sQ5Hl1vdq3edBSF7rOqAkJ8IQMBcAL5xaDgIziDkwYX2n0UYiZB7WeUzAs9p
6bUgubCuEbHRhuhlwpG6DodjUImJXIhRN9b8UDQ1KweeWijWRhxIrFbnv4LI
b1AvrS45jwU5z/KwdSFYh2ZP4QJFvDCBFhlTghaMLJgNePqVUmjNRH2mxDdN
7+MjZkJcu621Olty78Wa99RnBuogrYdnzs8hPiTdgSSZpcJUt4xG4nxXmgcP
IhAkp8sPD+WlCzq6dCN2LqM6ae1jEw5QRkmRbFK4qmiuQ7yLUM3RO2mP7QqH
wGCk1mudeXtMVJ6pQ3fm0xkzcAZ4TCnzglJ2cA9Ed9MFS6k5Auq7JeMacTd4
5uQSLQg84xH7szs4Bw/W99jkM0el2kaGYtfZaqlybzK4ERCejPwzoE4Dx5Vf
WdlYZOiGQSDNSD0ZiwfroRrIcGiVZkLTaa61fQ5AhuFnqQ9AYg024fCsQoTx
7NnV12D6TN7C84MhmiUvLy6pQW9/RL4n58F4ofG8GQMIh7BeXDBNN4pXYxR5
NPaSBL9C5xc8T0N2riJ7P7/eEdPo8/2G8uAqXnYVqoTn8/0FiEi4WyWnf31H
sAodTH1xn4mzs+0/U48n+880SADEAYYK7cI4u0lvc+q/GXxd6jl1zq4YTe4o
ORAXkZRUwCeIMTPQy6MIkQFFRM6iY0HtYnuFfI2t1xwpTF3yz//z/04ORgmj
KzTRDKXISI7j9BYXiPrpUhiH2zxjEnyeOfOMIC6ts/b3KafIt9C7ZGQK/+8j
TIQ4FmCPDdM6Lk4386twNVXBBy/UHrqeRL00ji85Z1DvuwHbHxFxSSdvsIo2
6k7Y8rYw8FKUAo2VdXBthZEgaga/dG7UYeCENGs2p8tGOEmpMkHBd3WhaCzm
uokyLjWL8qlkmm5gsYVXmrMslJUGkMNTesWZy+9+nqVvCZZUnAA7vWN45IVI
j5IxszctekGKbSXixMO0tHN8QMEJ4K6gaEQ0G9E6d1OHzeSzPEB4Fwp19iiC
zOdgRO0x6SSqLzptlWR1V8gMfExQa8vY6eMjeR4XlyS0Y+c4tjeyIG/o3s3K
noyS1Hk/rF+3VAcEYYs+qkHkD8ELmLGRxxfjuqHsyAGxgMhiB227qFmYWYgA
7eZnoaiRz6FG/MTk5uPwSPNZFEtGEvIcv3MRJ2N5aU0Lgv54yZInPCP+5/HP
ESsLgw5Bqd0jJwaCzGn+1i9p6VMEW1lCoU+AJPOzX2tzIi4wZhBIEkOQTCoK
IERz3pwuz5Yn+0ECAvoYVKBXGFt62GM+t8dEcEqfUb/nEHbnMKPgdu3tvbl4
eXmVPLo9fLSc1I8UnbpaFW/+vQNnHwXe9b9hPGjw/5oO8ZkDemPyIQv3hZ6h
E3ccP4ZmYgK4n2I2r//3p5eHbC/vbsBZ28k+tnEPd+rv5R3bWEf3M2LG0Sar
Nt100oxK30Azkm6qmWGWwWKpYv8/T2KxeUSZGmoyWO+hhWXl+XD4jjwTldf3
p+M9OB8lzNuaY7tqI5+SZT2FokStv5RjcZCHGiBYphDfvD+3xVbr4ektZLC/
BmoGxbOR+pTN7BaB9HPJKRtJLkSjW1Jc7s9u4fTCbYMggOVtD4+ABcMD4gGE
lEwqxd23ktTWhVYtteVl0kSg8z17HC5CfYYSm8M+b6wixxgtlugWkNxCHNca
0QO3pGYO4lXNLeRMSMHSpcmlbymgd3soo93ZQzqw3QqgheK6oBTafWs0vBhh
nBI3M3oG0jQNUHifCBrlgEcBCLMLxTH5u6a3BkTMzaLL341+a4pIVOTpCj3z
IIUGvR/+3Ps5wg9FeOvX6jTCMs4IH1Tlq7ugAwY1rkK1R3fXosaDbRejbilE
/eDudLWoW8pQ/dW+ErW7CHVHAap/0APQP+XKDgxQ+eY+JFB/2c5iV7vaj3AT
8tNvpaoeDyK2NrvpHMeTH2Pt7zQ0kxLW7MiGMO7YFjXMoE14GEk8Cl0fLb23
xSSjIl21dTvytUWst5Cn0ibUrsm7fE8w9K7YcFsvJqc06N3cHogs7PIO01H3
77L0LfzS70Q+kZaViG6u4AMdnB/9nPJ9/8iVIG+ZnEZcbXaozfFikMSXiZ1E
8Km4mOh84KJijs3vIxE8EhLoR97SxtLyKLlcGo9RSX9ax4OiRzOzNzwAfj6t
+C0jwcMnAWGfvfwhvmvICuTCM/ifaM2i44XI0+wHMvwG8kIQRi1Go5ACSJK4
Ig/GHB+JWA1nplgtsLkgZtiAirXQTG701VA9iJoxvsqYKiyGNlNXECDuSs0E
aPG1PjsuGaqC2gZRTrg+KHQdpJfJckwUV7TK5r7MwC2Vl0lDL20C1LcMrLHG
tuq6GrpuSiAQ57k8JGIZoWkGl/WxHi31A1LWLb4Re3vfYgaN1bujT86ko0Cs
8eWKWUWOz6gPdAQEjIGFQKgMs8TAUfKi7c/RWpD28zZFv1SYuZRY1Tt2p8aa
3oqZMJp0uQ1CbWsRyka+qyk9G2Da7r7XLZM1XBKBWgPT17Ia+FXqasLVwZpz
kv42L6XPm9MEaBweWp3F/ecEueAMZPjmxx97H+yuGIo8dkYN3XATCsbQQI9k
i0JuFDI6zTeVK3VWRyHYhk5gG7u0i7HrZerIcOsVolmT85KxYPjwspoUYmuu
VS0SSJ/T7G3B8LGnWkaDfFJqZ1sgV4MQLLFinuAK3ijjGSXf1YpsZEAuWUGw
25zNSmncNZVwUgyKqfyerPlIyISD4aC4Vg2WyEblgJpY1mEpkKyiI+dEpeWE
btoRdDhCZ0pWHBh1/chamscHo05u0tvMKCT5g96wRzG7od3tt78jr+4GO7y4
h9it+Bw9ECAWyofdJQmm/qXta/WhyX4+ykaDDoqj5hzi4o+2wTQXNxax2LYa
WMh8LOPT7wql+fBSq+LXWq7wNJqDmbe21pzluDFZf6GtDIVadO6Kyk4RaH+u
HCrPqilR/HIxryBYhSdQqytfj6l6mwP/RhXP+vgwapJfTYf02yqGk/JXhwnY
7vnIwO8hka4MS4IqDViWx3/87lmHwjZyBEC5QxKK4fbXXagh3O6omyD++Y//
Eecy3rW7JaFJXVC6nuLJZ0k7qEpZrzfpqqYcjlIrQDcAETfK01z35VsrHNVW
0arGqOgk98duC9wD7rADTJpSxRBh6COIBCN7Vsy8viFX9nU6r7PIONFxPCwe
pM4IWlKXwGUqIEE3ucdhZBCjR62hbbpuVby2AkD28YaYH41GZrHb6YoaUzzE
PPXWfGsM6gL++CEEzrdtFHwUWqMIzuPwKOVCtl9kBwYmZJageYG67EHNlwrJ
qW6HmirF2Lz/liN5DCBOdaq4FpxO0gXpGhCcHmYr7qhL3m5H7rYew3xMzKvh
88DYbEBMDZIhNEh11GuOxG0ho9d23uGSJ+I4CG3zXptzHTeYqprVu7ALpotR
uga98QxWtca/szJf9h4cOYlVyO0DDsvzbHKDvAz3vpNFstwkkYIcKORJaAN4
xYgL+tGvaguNjDZaP9IOSZoi71Zs5PhCOmanNAIOOdyX9tGBXukTU6SqZlku
EUAv88k71qBjy+O5seT0E6qqfrnkERX8Ht+aanSmhnnzKek1A78OLN5je5ET
W+dbb69LyQnl5NHbDK61VJIijATpRwY8IgrdclwCcZ4adtYNZVy7TjaKVqgs
5Q6zTctqlnJmrPScq0N1eHLBXZ3NBZCio5oy3fh4HsE2wNMKRtsIDTD3x6AC
SLO5vnh/2GqNOpW67taWFtHZ9nvEL4WPcbIICDKfs2dQeli6l+vr0q3vCn6Z
zhbjWP8CV6RFxhgDkhoI1DppWLsPL3tKTDZ0/vFIjEReeD88IOa0Lgrpci5l
IeqaOnsIdFAuqe9LUP7UbdnGfghRSYcG3IVFUSexfCVUL/7k6++uvnv1LKJr
qVsoLV+Xadttc4iGSk6uJYSSHrQL7dips/cOGlST88uL41cwYj9y7tEXMAHb
SFPf+4c9Z6GsXMNAPrCxLLdF2TU3zjfMMVsf0/cZlKl7L9hxFZgD0lStneEL
uDaXLoLDTrEWDvJZC1DSajY+CVlyBx5M+9ibBzLGwYR/VcSCoFy+zcVdA7K2
P9pG4AFqXbV/XEpx8FK7DQkvl66rCucbhsmpUaCB23scFLjUqyJHQ9Hhe1gx
6SYGLy2PwC22lsJknHF0cWeQPyPtDHGbUIehcntb4PZbIUXGawPtwhsRlUTz
W3Te/lQ81CbaHd7octvwgAb/YrQiyinvFCBt9PWPOLZHSWylDLpYw4AvOv7q
+bPXMbsbJO2/N65UNthmjCNtLfywLE/l3hOqXELp3yQuVtOxhuYjNB/3yIJh
5M1nSlbcNPMsWqpotK/sPVAbNgrN3WvHpgG8OtnHkuzffXlwmPB57vsIWjds
aXCFt3QJQ8PDRbGuQZKtjPGMcNic0u7Rv1g6EvAOOuxhlPM89sT7JFTJW3jA
fG9WcAKGoAZMyV3KaQ7ai/hvHrqpfVZMcCMTnZezGeVHUHsi+s24GlYWpfXN
uMSSD83pZcLXyrAdzFOka/Q2cXlhJEOAqsG2xmDeR+rbW1Rn2HqndJ9aIQMV
AM7zt610qGlwZ7MYUmreSKZh+jXrcpHiqUefMFjatPyR2536diwJFiw4MQcu
KSX0KFEFkiDY0/nQKmoMqyrmfaKI1KucK02uqQUxKnlYt7FE6E+0CbSCWcxn
5lMh7cjSXYMdbPlFYMX+dbiaHA4FVNs8T97p5LMLf8lozQ7fyUe2KH1oaN97
zpLzcvgpK/W498svx6bX6QGhKhefCuGpODpFwamOmFR7uaP3/zIr/gX8nyCY
60nA/BSBqJK16B+1ayPMb67xrH2Z2kBQMtZ/+PHHfi/O8LbMvHOXmZc8IxgR
ybL8rham5OGUgYVcXj579KdsfFOWb/Hfy3LyNmv6krPBQCT3ZWzUZeLa3yCg
q3cyJ4ERks4uPfIwjBEEhQuxm6AQvCSqgBXwVw5RmXM89eEIHisMI94tsPcq
LDVFA0HrflJ1SxDscjANEdlBKawfEiKsAN5e0TLRCEMc+RXXsFcNQxrcYsaB
mCpaeh565OHRmHIHcBWHvGEuf9LlU9+Gc5TdDpHWDg8eHw6tG4Cl1XOCqIsC
K3rpSBAq/q6AoSMukZY2AxMqXr2fmD+CIaiP+V87ae70yKnRuB9v1v1nhA6J
EPm24oc7/rp+RCtdv9m2+Hc3D1/8X2plo2R6yaN3CfMDSpX3GfH/zvtxlCg7
jtgUhgg5OeIyLvlFQ/vbq6sL57v3HTg6YIraLeU9utBUARvuED9EYbeRbxST
ckoI8cPkJQ6b2ReBmCj2tsFZcfCAguRBQ6POiuRwUIwASqY5DYnWEnOQymBW
305OT5/j+2lOl6BfLNJtT7r6CACQTYBqg5QIwAUEpUDxwFC4SJAYIF0nZGkz
6irXkaNFOeiEuggIEzqQp4k6dWQAvJpTS9a1XQudKwmZ/35bcm/v2DBzDNm7
Cx+0w84lSRTb2NMMYWuIu0dYrtzseQFyBtPRAmB6lx3B9kCXTYikiOBfhqBB
eRHk+EKbfFHW0n4U1GfNj9NxzDPq98r2+9EeYhq3pBcGhFlM4dNUUg00GXuI
FhaiCXf53yiYvFKDnzX11p1PRlstcbpdgvls9WErn+TstPWIz0dtcYg3biml
bt37Rcfr2Zjf8XY5Nw5AQwyZKJa99+Uo2Xzi1mE98KF74gb1vKhCPAO2fLsI
kgEpe+wJ7SWMclcQWvQA8R4WWSqlEOKokVQ8+A/ilKnjghDxBKSK80zMrALq
RsxbR2VSsRqRe18LNSo6+LIPnGzS8GdxDzF3tP0hFM9wiKqm0iSMceqCBufq
XLjvlkCto2KpcdtpBOtm3oW8aiGXKQKI63WbdZyLoId2JRhRQbTllWkWrCDR
IT1KWQ3hrRm3kM207lYwT27PYZmW1MIMl0PaXZG8YpAoP7uw/sYL2ptgX3zM
TqQTwlgpct0OIhVq6m6LzHCBCBVFMHNunV05vUUGpPpIMSStdtZCdRvfoLYr
7TPTepIiLbhGtJvQ6K4TmKHAiW9ZvL95NdWOZn3NcmkLAM5SHQ/VTyvdJCw1
DUvqGbI8IMhsnE8yPbjtX0w7URZiJ7WE80TeCWFXmyfLf/vwnTUxZzlVZ6eJ
YKxrKlOtfe8pcZCPX5R6T7OG+zxqtuuiWEd+S02VrbRLUVWuEC4GFOOGO1Zw
ydaKG+ghFWFcj8AL1AXnq9vUOdTqhnkVauX+1cV/2bHkH7vQltbbGQuzFnMd
XdZtBRCWyfUEjSavRBA1j/gl12CDAHl/ttCfCLp/kQzZ0KUntYmExCFn1JyF
VMXoCOc8HvEPSCrfYGf+nkxf+WleGyhCFjsgtjF+rwAzxplbXDTwCLt/DcZA
PjEYA205QyZcTHJ+kT9xaT+d8EbJn3bmOu5a5//PLCZWCX+HkFaIIbO3d8kN
tL5dj6t8mpzL2F5YXy8WWihE7jCXAzGJCbiTPrbKCjMZtSsXWboBq4bR9PGV
yeERG26vsjpnNLFHySVaxhnoKuRs1y6Ue3sn3LVYwV3ZzCJ8QW4ArXx5sVgV
Kl7YmJXlyaj5tnRSJoiJWY7rhLHseQQKzPWVzseFYGDFBLM3sIwybxhUiFEb
GSOToeEwVggjAou1krTjKsU8ZIP0C+gWulr+vfCq2zKfMvrgWiGHE23hZmKa
oHTZsGW5HsB7rXWLAPc7LHEDqFKMfsEadd7a5Oxc6urf9LXxm/QaUgnis01i
vHEHKY7ybWadYXyjwKhijPRQHwp1/bIZXLELPCVWgCToQ4cS3VDamcpq3cJy
+QYRqcAy1Vkjuo1bNJTUTfo2Uxxo8m4IXLT2GOH2EZZrIq2PEAxMwCMpvDXi
Bl5wrrF09deYspU5bHDenTYmdRqXvIcs/zBEbLTGrXei1cXlixoX3bPccWOe
rowJfJH0utngod4DYllZrhRPGNJaPABSPt+aqQfxoQXCzd/VK31T/POGuu4d
HSnie4HpPD5KTqqcsuAxZa5KQw6Ldu1Nvk/nmA5KjrFLdEChA4U6Pen+32Tp
vLmZpJQbBrwlq2brQcwOSKZYtyhl9UHvox7ht4zuKXodGyBo0YDxUCNoMhEf
J5G2mJIbgW8LLN79TuYUQW8ZO+GwcipF2FUWmQGS+Kb4nAU3fdPkBMOa/xTG
Y2KRuI4VM2uh0xPjQtv7GkRADtLe4MFnbqOR18ccO7un3T3QTDiqiTbcexb9
uTUnvT9PSVOUZLmwq+rAD3WGaHtom33KGY1BDdubbiuDU+OO1v+WR1NP5pMj
OJATWlCMMiH5T2ppHAo6rLh+Ugdwp1eTQlMP3OFC+i8y1Y8sVBicMutIAeuE
AhEVDBX9AHTHb2ydxumqErYfxZxIELHbZYsCapgHoZ/lRq4c0QsSobcg4USh
bS7o5sbn0QmCLmqqd1owb3Vbb7JK9jBAgLbgTajmJmgp3C4FmVTw0VD8EJO2
1Anj2odTS3HRc5ULBY9rArejRjlJ49wqyZWPTu9lU1bb1HfxouxYOyCJ+Bha
83lBVLEkHpZ07NvyJ5FhWygbDV+8ZeS+7FT1SiKbu7yYlnfUBZbAFL0/PzoL
sI/u2bafokPbqHnQ2KMefpvccMYFwnSw4aPKfAQJhZw5YLykFFDFE++KOBhV
0goXAq5kR5Bks6UpmtJr5xJRmkIgxxxj6KuK+y3OimRWYt9b1/pRJJ80A7mo
8ISR+aBJqFQQx6DFiv2LXE2V/ixAGlMv2rJ8SzV4v06uqAEDn0s49NzaViFu
/eIfCUdgbQ5PPd2JkqEK90nZ8mYX3YvzIb55CL8MksvT86QGAwV7E6j+02nD
SZm39s/FIXLLhlTqvYkiT88veQG4GxEhyBv2cmerQbyDQMNXzgRqPSKP1R4H
edRmAzJHeCjPEWOEl748dqDPldRRVuO5aRt5vH+dvEgLYEmETIH4khm3Y+HU
A/z0SH5nXKNiaEZxPEq8K4Dnpidxq/RkCjvYYE5huZqqk7pCIAN5tzSV7nvO
6VkhnWPnaMXFL2kp83nOyAO7SKZTgFgn9SliEQMfxidiH/iZYUe32o7Wk2o1
ph6lkwyVNfE2YbwJGfmQal3o63TJUQXWANCS35Kjpo3KS8Q3nSa9e6384c7u
5z2UV9n82iOYq41vgnkSZ8nRClFxMcc+hWTonHYn0GlP2Tbj5xCvbx4wJ/RO
kbJYtoCowoi67pViBzE8XjsLs4uHsy7zKCgyvjlSld45jFvYkVHyrfbLIF+4
aN/IoLniBRX0a+ocNk7nKUdIuOOC4ndikpUGRIUMQnafw2F1KpXrDRMZCq0j
0/JDZ+0czjeSSPDGgF/aDUWpW+L5yyuvd+AAENu0vi/DMnwlNfT8OIGiShSC
3aVHvokzJt5ICytyiVgNf18VhSuSg5RdxX2kEfSDhSOlqeOi3eTL2tpQZIQr
ntc3FCnmvs2hIrFGmx+b92aVtaa94VPCXCUrQBiUBcu8Z606HcvLNx+PGknt
tqAmwVlFIfGF7iHuDmPuHqfLGAgL5Vjks7zBw2ZKAYLibXbOPPadM3F9uEOS
V250XRB+HZMRnGBl41Ue4SwBUvvYLaSHU8NMvpt4x8EaJa1BTtCOpKKo2rXW
Hpcr1iBM+ezsxy7NnwlfCmcmxwHnKekNDF3SMRDegg1V0VZDDpcFsUA7ZEdW
SfIkpxo/zqaQV53ErZtazItXS00rbySzkU5lbdEZNr6VjjG2ESI3v3Lo3pE6
gY1JUFdEQTwvZ/lEugHG3VZlZmYKI0khoYujEZdFNgKWCuHAVGpqjIuTXNjF
RwCHOMZ7mrZKx3s5BJeU5EFWfVWSoLsQJxv6WnyAkkZMZOjUSivKM6gQCqBm
Q+mLFJ213V1iUYhs7wiL685ahChMtifiZ15RYbTlAjEyOrEz7TvrRXSiqJed
IOkWWufMN3wxLQ3hNr2trVYPgzm4NpinzSzV0BzUU+sXiJqdcTTMVwdg3wgl
Kx2K9Ven9O6awQeoqYbTUdIWiIK5FniLH1CPSn1qQr8b2MH374Ggh8tJPbTC
2A8fuNmx2JW1K8/0/aS0nCZqPMDsI+VGdngG37TqhN+ExcDX+0JPxc/PixsR
CN1A+l+tbWGbqK6ZC3plXFY+6dljOVYgKBU7kqsQqt7RIB1EEEqUHraFjzmC
kLw37Yzx8VD9wblJlNEN2J+G/qYi1LUmEOcu79hA8zcIDFVnSW1RBq/8JxLa
KN9LVZa14AxMADLtPJ8QjsW9AJghYFDqk8qWN6mFKm9G3a9EveiBbQPIi8DA
G9s6CLRfYqqXVZXbLYzTao7UrfX4b/r3lp+3RrcxiOM/c/IlGsARlYp3EWT4
aqJJiE5w3ab5nElR1Bm5Beyx+Rp0R3wRnk8HGNhx2JSgNvdF8t5vlA+rM0LC
YtpZjgqurbE6wgxrAPJhPUlZJKkgj7uKovY76+7ESnv3oHas0mAVmxA83dJ4
tfXaDZXctTNao1JFx1R6nl5jYTKlrx4l+TXWOmV3cYhI055ysWGtiiqu2rOh
DSyoiQzH0D9IKkYPVinKZRRmgoT1sDWAVy7QywdSj1Uw6+xkKV+o+1OXIXZN
p3MDINRIXhxIJS3WjHOMpq4KSRGNBomxiQgVidZ9SjgCmNhhzvkzSnOT0tKo
mI8DnbV10zHf3SJF098Ogsv5Gbpgf6f/3yGhOaSglqhjMHpa1agQeCBc0IJJ
A8UJ5GQztRyD158SjUUswNAm8FudzJBjulJgNxDiqirT5OsWlcrBdXOCPxd1
Rhlqwrjev3/19clvDw4PP3ygw3R28fXZD9oYC532iwW1Zbx6fvnoFP7D2OFN
HWamJdWWCWoF1JKCbqs7TCdASqI6uFGxXMqrbr3asjxaC8D2m+ga6xBAFpLI
pYsI2kxSxY0urgUm6bAkMyKBdS99wSypz5ImwlOFN4EwxVGIIm4odZKcF1hs
XGnvZhlULjCdMtYm2xn9TyUCGb+P5P9ypfEwB4nZSbg4NW9kO5pngazNmdhl
dXZ8ftzhrvI7ekMIIHylBOERFmA4pPxXfMjxBMG/4CyxX1YeoHk1tbV9h8Gc
Pzt9mcy4GOni8ZODwychzHcOq/+M4ri0CWfFFGsbMOnjCuZXsHp8ip7Zckkj
e+lCozCk/wcwgrvbaxABAA==

-->

</rfc>

