<?xml version='1.0' encoding='utf-8'?>
<!DOCTYPE rfc [
  <!ENTITY nbsp    "&#160;">
  <!ENTITY zwsp   "&#8203;">
  <!ENTITY nbhy   "&#8209;">
  <!ENTITY wj     "&#8288;">
]>
<?xml-stylesheet type="text/xsl" href="rfc2629.xslt" ?>
<!-- generated by https://github.com/cabo/kramdown-rfc version 1.7.39 (Ruby 3.3.8) -->
<rfc xmlns:xi="http://www.w3.org/2001/XInclude" ipr="trust200902" docName="draft-ietf-ace-group-oscore-profile-07" category="std" consensus="true" submissionType="IETF" tocInclude="true" sortRefs="true" symRefs="true" version="3">
  <!-- xml2rfc v2v3 conversion 3.34.0 -->
  <front>
    <title abbrev="Group OSCORE Profile of ACE">The Group Object Security for Constrained RESTful Environments (Group OSCORE) Profile of the Authentication and Authorization for Constrained Environments (ACE) Framework</title>
    <seriesInfo name="Internet-Draft" value="draft-ietf-ace-group-oscore-profile-07"/>
    <author initials="M." surname="Tiloca" fullname="Marco Tiloca">
      <organization>RISE AB</organization>
      <address>
        <postal>
          <street>Isafjordsgatan 22</street>
          <city>Kista</city>
          <code>164 40 Kista</code>
          <country>Sweden</country>
        </postal>
        <email>marco.tiloca@ri.se</email>
      </address>
    </author>
    <author initials="R." surname="Höglund" fullname="Rikard Höglund">
      <organization>RISE AB</organization>
      <address>
        <postal>
          <street>Isafjordsgatan 22</street>
          <city>Kista</city>
          <code>164 40 Kista</code>
          <country>Sweden</country>
        </postal>
        <email>rikard.hoglund@ri.se</email>
      </address>
    </author>
    <author initials="F." surname="Palombini" fullname="Francesca Palombini">
      <organization>Ericsson AB</organization>
      <address>
        <postal>
          <street>Torshamnsgatan 23</street>
          <city>Kista</city>
          <code>164 40 Kista</code>
          <country>Sweden</country>
        </postal>
        <email>francesca.palombini@ericsson.com</email>
      </address>
    </author>
    <date year="2026" month="July" day="06"/>
    <area>Security</area>
    <workgroup>ACE Working Group</workgroup>
    <keyword>Internet-Draft</keyword>
    <abstract>
      <?line 159?>

<t>This document specifies a profile for the Authentication and Authorization for Constrained Environments (ACE) framework. The profile uses Group Object Security for Constrained RESTful Environments (Group OSCORE) to provide communication security between a client and one or multiple resource servers that are members of an OSCORE group. The profile securely binds an OAuth 2.0 access token to the public key of the client associated with the private key used by that client in the OSCORE group. The profile uses Group OSCORE to achieve server authentication and proof of possession of the client's private key. Also, it provides proof of the client's membership to the OSCORE group by binding the access token to information that pertains to the Group OSCORE Security Context, thus allowing the resource server(s) to verify the client's membership upon receiving the access token. Effectively, the profile enables fine-grained access control paired with secure group communication, in accordance with the Zero Trust principles.</t>
    </abstract>
    <note removeInRFC="true">
      <name>Discussion Venues</name>
      <t>Discussion of this document takes place on the
    Authentication and Authorization for Constrained Environments Working Group mailing list (ace@ietf.org),
    which is archived at <eref target="https://mailarchive.ietf.org/arch/browse/ace/"/>.</t>
      <t>Source for this draft and an issue tracker can be found at
    <eref target="https://github.com/ace-wg/ace-group-oscore-profile"/>.</t>
    </note>
  </front>
  <middle>
    <?line 163?>

<section anchor="intro">
      <name>Introduction</name>
      <t>A number of applications rely on a group communication model where a client can access a resource hosted at multiple servers at once, e.g., over IP multicast. Typical examples include switching of luminaires, control of actuators, and distribution of software updates. Secure communication in the group can be achieved by sharing a set of keying material, which is typically provided upon joining the group.</t>
      <t>For some of such applications, it could be acceptable to enforce access control in a straightforward fashion. That is, any client authorized to join the group, hence to obtain the group keying material, can also be implicitly authorized to perform any action at any resource hosted at any server in the group. An example of an application where such implicit authorization might serve well is a simple lighting scenario, where the lightbulbs are the servers and the user account on an app on the user's phone is the client. In this case, it might be fine to not require additional authorization evidence from any user account, if it is acceptable that any current group member is also authorized to switch on and off any light, or to check the status of any light.</t>
      <t>However, in different instances of such applications, the approach above is not desirable, as different group members are intended to have different access rights to resources hosted at other group members. For instance, enforcing access control in accordance with a more fine-grained approach is required in the two following use cases.</t>
      <t>As a first case, an application provides control of smart locks acting as servers in the group, where: a first type of client, e.g., a user account of a child, is allowed to only query the status of the smart locks; while a second type of client, e.g., a user account of a parent, is allowed to both query and change the status of the smart locks. Further similar applications concern the enforcement of different sets of permissions in groups with sensor/actuator devices, e.g., thermostats acting as servers. Also, some group members may even be intended as servers only. Hence, they must be prevented from acting as clients altogether and from accessing resources at other servers in the group, especially when attempting to perform non-safe operations.</t>
      <t>As a second case, building automation scenarios often rely on servers that, under different circumstances, enforce different levels of priority for processing received commands. For instance, BACnet deployments consider multiple classes of clients, e.g., a normal light switch (C1) and an emergency fire panel (C2). Then, a C1 client is not allowed to override a command from a C2 client, until the latter relinquishes control at its higher priority. That is: i) only C2 clients should be able to adjust the minimum required level of priority on the servers, rightly locking out C1 clients if needed; and ii) when a server is set to accept only high-priority commands, only C2 clients should be able to perform such commands that are otherwise allowed also to C1 clients. Given the different maximum authority of different clients, fine-grained access control would effectively limit the execution of high- and emergency-priority commands only to devices that are in fact authorized to perform such actions. Besides, it would prevent a misconfigured or compromised device from initiating a high-priority command and lock out normal control.</t>
      <t>In the cases above, being a legitimate group member and storing the group keying material is not meant to imply any particular access rights. Instead, access control to the secure group communication channel and access control to the resource space provided by servers in the group should remain logically separated domains.</t>
      <t>This is aligned with the Zero Trust paradigm <xref target="NIST-800-207"/>, which focuses on resource protection and builds on the premise that trust is never granted implicitly, but must be continually evaluated. In particular, Zero Trust protections involve "minimizing access to resources (such as data and compute resources and applications/services) to only those subjects and assets identified as needing access as well as continually authenticating and authorizing the identity and security posture of each access request."</t>
      <t>Furthermore, <xref target="NIST-800-207"/> highlights how the Zero Trust goal is to "prevent unauthorized access to data and services coupled with making the access control enforcement as granular as possible", in order to "enforce least privileges needed to perform the action in the request."</t>
      <t>As a step in this direction, one can be tempted to introduce a different security group for each different set of access rights. However, this inconveniently results in additional keying material to distribute and manage. In particular, if there is a change in the access rights pertaining to a node, this requires evicting the node from the group, after which the node has to join a different group aligned with its new access rights. Moreover, the keying material of both groups would have to be renewed for their current members. Overall, this would have a non-negligible impact on operations and performance.</t>
      <t>Instead, a fine-grained yet flexible access control model can be enforced within the same group, by using the Authentication and Authorization for Constrained Environments (ACE) framework <xref target="RFC9200"/>. That is, a client has to first obtain authorization credentials in the form of an access token and then upload it to the intended resource server(s) in the group, before accessing the target resources hosted at such resource server(s).</t>
      <t>The ACE framework delegates to separate profile documents how to secure communications between the client and the resource servers. However, each of the current profiles of ACE defined in <xref target="RFC9202"/><xref target="RFC9203"/><xref target="RFC9431"/><xref target="I-D.ietf-ace-edhoc-oscore-profile"/> relies on a security protocol that cannot be used to protect one-to-many group messages, for example sent over IP multicast.</t>
      <t>This document specifies the "coap_group_oscore" profile of the ACE framework, according to which a client uses the Constrained Application Protocol (CoAP) <xref target="RFC7252"/><xref target="I-D.ietf-core-groupcomm-bis"/> to communicate with one or multiple resource servers that are members of an application group and share a common set of resources. The security protocol Group Object Security for Constrained RESTful Environments (Group OSCORE) <xref target="I-D.ietf-core-oscore-groupcomm"/> is used to protect messages exchanged between the client and the resource servers. This requires that both the client and the resource servers have joined the same OSCORE group.</t>
      <t>This profile describes how access control is enforced for a client that has joined an OSCORE group, to access resources hosted by other members in that group. The client needs to join the OSCORE group before requesting an access token that indicates the client's authorization and access rights related to such resources in the group. The process for joining the OSCORE group through the respective Group Manager takes place separately from the process described in this document, and it is out of the scope of this profile.</t>
      <t>The client proves its authorization and access rights to the resource server(s) by using an access token that is bound to the client's public key used in the OSCORE group (the proof-of-possession key).</t>
      <t>This profile uses Group OSCORE to achieve server authentication and proof of possession of the client's private key used in the OSCORE group in question. Note that proof of possession is not achieved through a dedicated protocol element. Instead, it is achieved when the resource server receives from the client a message protected with Group OSCORE and successfully verifies source authentication of such message through the client's public key bound to the access token.</t>
      <t>Furthermore, this profile provides proof of the client's membership to the OSCORE group, by binding the access token to information that pertains to the Group OSCORE Security Context, as well as to the client's authentication credential used in the group and including the client's public key. This allows the resource server(s) in the group to verify the client's group membership upon receiving the access token.</t>
      <t>Object Security for Constrained RESTful Environments (OSCORE) <xref target="RFC8613"/> specifies how to use CBOR Object Signing and Encryption (COSE) <xref target="RFC9052"/><xref target="RFC9053"/> to secure CoAP messages. Group OSCORE builds on OSCORE to provide secure group communication and ensures source authentication: by means of digital signatures embedded in the protected message (when using the group mode); or by protecting a message with pairwise keying material derived from the asymmetric keys of the two peers exchanging the message (when using the pairwise mode).</t>
      <section anchor="terminology">
        <name>Terminology</name>
        <t>The key words "<bcp14>MUST</bcp14>", "<bcp14>MUST NOT</bcp14>", "<bcp14>REQUIRED</bcp14>", "<bcp14>SHALL</bcp14>", "<bcp14>SHALL
NOT</bcp14>", "<bcp14>SHOULD</bcp14>", "<bcp14>SHOULD NOT</bcp14>", "<bcp14>RECOMMENDED</bcp14>", "<bcp14>NOT RECOMMENDED</bcp14>",
"<bcp14>MAY</bcp14>", and "<bcp14>OPTIONAL</bcp14>" in this document are to be interpreted as
described in BCP 14 <xref target="RFC2119"/> <xref target="RFC8174"/> when, and only when, they
appear in all capitals, as shown here.</t>
        <?line -18?>

<t>Readers are expected to be familiar with the terms and concepts related to Concise Binary Object Representation (CBOR) <xref target="RFC8949"/>, COSE <xref target="RFC9052"/><xref target="RFC9053"/>, CoAP <xref target="RFC7252"/>, OSCORE <xref target="RFC8613"/>, and Group OSCORE <xref target="I-D.ietf-core-oscore-groupcomm"/>. These especially include:</t>
        <ul spacing="normal">
          <li>
            <t>Group Manager, as the entity responsible for a set of groups where communications among members are secured with Group OSCORE.</t>
          </li>
          <li>
            <t>Authentication credential, as the set of information associated with an entity, including that entity's public key and parameters associated with the public key. Examples of authentication credentials are CBOR Web Tokens (CWTs) and CWT Claims Sets (CCSs) <xref target="RFC8392"/>, X.509 certificates <xref target="RFC5280"/>, and C509 certificates <xref target="I-D.ietf-cose-cbor-encoded-cert"/>.  </t>
            <t>
Members of an OSCORE group have an associated authentication credential in the format used within the group. As per <xref section="2.4" sectionFormat="of" target="I-D.ietf-core-oscore-groupcomm"/>, an authentication credential provides the public key as well as a comprehensive set of information related to the public key algorithm, including, e.g., the elliptic curve used (when applicable).</t>
          </li>
        </ul>
        <t>Readers are also expected to be familiar with the terms and concepts described in the ACE framework for authentication and authorization <xref target="RFC9200"/>, as well as in the OSCORE profile of ACE <xref target="RFC9203"/>. The terminology for entities in the considered architecture is defined in OAuth 2.0 <xref target="RFC6749"/>. In particular, this includes client (C), resource server (RS), and authorization server (AS).</t>
        <t>Note that the term "endpoint" is used here following its OAuth definition <xref target="RFC6749"/>, aimed at denoting resources such as /token and /introspect at the AS, and /authz-info at the RS. The CoAP definition, which is "[a]n entity participating in the CoAP protocol" <xref target="RFC7252"/>, is not used in this document.</t>
        <t>Additionally, this document makes use of the following terminology.</t>
        <ul spacing="normal">
          <li>
            <t>Pairwise-only group: an OSCORE group that uses only the pairwise mode of Group OSCORE (see <xref section="8" sectionFormat="of" target="I-D.ietf-core-oscore-groupcomm"/>).</t>
          </li>
        </ul>
      </section>
      <section anchor="notations">
        <name>Notations</name>
        <t>Examples throughout this document are expressed in CBOR diagnostic notation as defined in <xref section="8" sectionFormat="of" target="RFC8949"/> and <xref section="G" sectionFormat="of" target="RFC8610"/>. Diagnostic notation comments are often used to provide a textual representation of the parameters' keys and values.</t>
        <t>In the CBOR diagnostic notation used in this document, constructs of the form e'SOME_NAME' are replaced by the value assigned to SOME_NAME in the CDDL model shown in <xref target="fig-cddl-model"/> of <xref target="sec-cddl-model"/>. For example, {e'context_id_param': h'abcd0000', e'salt_input_param': h'00'} stands for {71: h'abcd0000', 72: h'00'}.</t>
        <t>Note to RFC Editor: Please delete the paragraph immediately preceding this note. Also, in the CBOR diagnostic notation used in this document, please replace the constructs of the form e'SOME_NAME' with the value assigned to SOME_NAME in the CDDL model shown in <xref target="fig-cddl-model"/> of <xref target="sec-cddl-model"/>. Finally, please delete this note.</t>
      </section>
    </section>
    <section anchor="sec-protocol-overview">
      <name>Protocol Overview</name>
      <t>This section provides an overview of this profile, i.e., of how to use the ACE framework for authentication and authorization <xref target="RFC9200"/> when communications between a client and one or more resource servers are secured using Group OSCORE <xref target="I-D.ietf-core-oscore-groupcomm"/>.</t>
      <t>In this profile, access control is enforced for a client that has joined an OSCORE group, to access resources hosted by resource servers that are also members in the same group.</t>
      <t>After the client has joined the OSCORE group and as long as it is a member of that group, the client can send to the authorization server (AS) an access token request for issuing an access token that indicates the client's authorization and access rights related to such resources in the group.</t>
      <t>If the request is granted, the AS replies to the client with a successful response. Also, the AS can provide the access token to the client by including it in the response, or instead upload the access token directly to the RS as per the alternative workflow defined in <xref target="I-D.ietf-ace-workflow-and-params"/>. The latter option is not detailed further in this document.</t>
      <t>In the case that the client has obtained an access token from the AS, the client uploads the access token to the RS, using the authz-info endpoint and mechanisms specified in <xref section="5.10" sectionFormat="of" target="RFC9200"/>. When using this profile, the communication with the authz-info endpoint is not protected.</t>
      <t>If the access token is valid, the RS relies on information in the access token and on the assistance of the Group Manager responsible for the group to verify the client's group membership in the group. If all verifications succeed, the RS replies to the client with a 2.01 (Created) response. Then, the RS associates the access token with the Recipient Context pertaining to the client, within the Group OSCORE Security Context used in the group.</t>
      <t>After that, when the RS receives and successfully verifies a request from the client protected with Group OSCORE, the RS performs access rights verification per the access token associated with the Recipient Context pertaining to the client, which was used to verify the request and is included in the Group OSCORE Security Context used in the group.</t>
      <t>The process for joining the OSCORE group through the respective Group Manager takes place separately from the process described in this document, and it is out of the scope of this profile. For applications that intend to use this profile, it is <bcp14>RECOMMENDED</bcp14> that the realization of Group Manager used is the one based on the ACE framework and defined in <xref target="I-D.ietf-ace-key-groupcomm-oscore"/>.</t>
      <t>An overview of the protocol flow for this profile is shown by the example in <xref target="fig-protocol-overview"/>, where it is assumed that both the resource servers RS1 and RS2 are associated with the same AS. It is also assumed that the client C as well as RS1 and RS2 have previously joined an OSCORE group with Group Identifier (Gid) 0xabcd0000, and that they got assigned Sender ID (Sid) 0x00, 0x01, and 0x02 in the group, respectively. The names of messages coincide with those of <xref target="RFC9200"/> when applicable. Messages in square brackets are optional.</t>
      <figure anchor="fig-protocol-overview">
        <name>Protocol Overview</name>
        <artset>
          <artwork type="svg" align="center"><svg xmlns="http://www.w3.org/2000/svg" version="1.1" height="864" width="576" viewBox="0 0 576 864" class="diagram" text-anchor="middle" font-family="monospace" font-size="13px" stroke-linecap="round">
              <path d="M 8,48 L 8,704" fill="none" stroke="black"/>
              <path d="M 8,736 L 8,784" fill="none" stroke="black"/>
              <path d="M 8,816 L 8,848" fill="none" stroke="black"/>
              <path d="M 256,48 L 256,136" fill="none" stroke="black"/>
              <path d="M 256,152 L 256,200" fill="none" stroke="black"/>
              <path d="M 256,216 L 256,328" fill="none" stroke="black"/>
              <path d="M 256,344 L 256,392" fill="none" stroke="black"/>
              <path d="M 256,408 L 256,440" fill="none" stroke="black"/>
              <path d="M 256,456 L 256,488" fill="none" stroke="black"/>
              <path d="M 256,504 L 256,568" fill="none" stroke="black"/>
              <path d="M 256,656 L 256,744" fill="none" stroke="black"/>
              <path d="M 256,760 L 256,848" fill="none" stroke="black"/>
              <path d="M 352,48 L 352,136" fill="none" stroke="black"/>
              <path d="M 352,152 L 352,200" fill="none" stroke="black"/>
              <path d="M 352,240 L 352,328" fill="none" stroke="black"/>
              <path d="M 352,344 L 352,392" fill="none" stroke="black"/>
              <path d="M 352,432 L 352,592" fill="none" stroke="black"/>
              <path d="M 352,656 L 352,848" fill="none" stroke="black"/>
              <path d="M 568,48 L 568,848" fill="none" stroke="black"/>
              <path d="M 32,64 L 48,64" fill="none" stroke="black"/>
              <path d="M 200,64 L 232,64" fill="none" stroke="black"/>
              <path d="M 32,96 L 80,96" fill="none" stroke="black"/>
              <path d="M 184,96 L 232,96" fill="none" stroke="black"/>
              <path d="M 8,144 L 72,144" fill="none" stroke="black"/>
              <path d="M 184,144 L 560,144" fill="none" stroke="black"/>
              <path d="M 16,208 L 384,208" fill="none" stroke="black"/>
              <path d="M 528,208 L 568,208" fill="none" stroke="black"/>
              <path d="M 8,256 L 48,256" fill="none" stroke="black"/>
              <path d="M 200,256 L 248,256" fill="none" stroke="black"/>
              <path d="M 16,304 L 72,304" fill="none" stroke="black"/>
              <path d="M 192,304 L 256,304" fill="none" stroke="black"/>
              <path d="M 8,336 L 72,336" fill="none" stroke="black"/>
              <path d="M 184,336 L 560,336" fill="none" stroke="black"/>
              <path d="M 16,400 L 384,400" fill="none" stroke="black"/>
              <path d="M 528,400 L 568,400" fill="none" stroke="black"/>
              <path d="M 8,448 L 48,448" fill="none" stroke="black"/>
              <path d="M 200,448 L 344,448" fill="none" stroke="black"/>
              <path d="M 16,496 L 64,496" fill="none" stroke="black"/>
              <path d="M 184,496 L 352,496" fill="none" stroke="black"/>
              <path d="M 8,528 L 24,528" fill="none" stroke="black"/>
              <path d="M 208,528 L 248,528" fill="none" stroke="black"/>
              <path d="M 248,576 L 344,576" fill="none" stroke="black"/>
              <path d="M 16,672 L 40,672" fill="none" stroke="black"/>
              <path d="M 232,672 L 256,672" fill="none" stroke="black"/>
              <path d="M 16,752 L 40,752" fill="none" stroke="black"/>
              <path d="M 232,752 L 352,752" fill="none" stroke="black"/>
              <path d="M 224,528 L 248,576" fill="none" stroke="black"/>
              <polygon class="arrowhead" points="568,336 556,330.4 556,341.6" fill="black" transform="rotate(0,560,336)"/>
              <polygon class="arrowhead" points="568,144 556,138.4 556,149.6" fill="black" transform="rotate(0,560,144)"/>
              <polygon class="arrowhead" points="352,576 340,570.4 340,581.6" fill="black" transform="rotate(0,344,576)"/>
              <polygon class="arrowhead" points="352,448 340,442.4 340,453.6" fill="black" transform="rotate(0,344,448)"/>
              <polygon class="arrowhead" points="256,528 244,522.4 244,533.6" fill="black" transform="rotate(0,248,528)"/>
              <polygon class="arrowhead" points="256,256 244,250.4 244,261.6" fill="black" transform="rotate(0,248,256)"/>
              <polygon class="arrowhead" points="240,64 228,58.4 228,69.6" fill="black" transform="rotate(0,232,64)"/>
              <polygon class="arrowhead" points="40,96 28,90.4 28,101.6" fill="black" transform="rotate(180,32,96)"/>
              <polygon class="arrowhead" points="24,752 12,746.4 12,757.6" fill="black" transform="rotate(180,16,752)"/>
              <polygon class="arrowhead" points="24,672 12,666.4 12,677.6" fill="black" transform="rotate(180,16,672)"/>
              <polygon class="arrowhead" points="24,496 12,490.4 12,501.6" fill="black" transform="rotate(180,16,496)"/>
              <polygon class="arrowhead" points="24,400 12,394.4 12,405.6" fill="black" transform="rotate(180,16,400)"/>
              <polygon class="arrowhead" points="24,304 12,298.4 12,309.6" fill="black" transform="rotate(180,16,304)"/>
              <polygon class="arrowhead" points="24,208 12,202.4 12,213.6" fill="black" transform="rotate(180,16,208)"/>
              <g class="text">
                <text x="8" y="36">C</text>
                <text x="256" y="36">RS1</text>
                <text x="352" y="36">RS2</text>
                <text x="564" y="36">AS</text>
                <text x="24" y="68">[</text>
                <text x="92" y="68">Resource</text>
                <text x="160" y="68">Request</text>
                <text x="240" y="68">]</text>
                <text x="24" y="100">[</text>
                <text x="100" y="100">AS</text>
                <text x="144" y="100">Request</text>
                <text x="240" y="100">]</text>
                <text x="100" y="116">Creation</text>
                <text x="160" y="116">Hints</text>
                <text x="100" y="148">POST</text>
                <text x="148" y="148">/token</text>
                <text x="56" y="164">(aud:</text>
                <text x="108" y="164">"RS1",</text>
                <text x="156" y="164">Sid:</text>
                <text x="200" y="164">0x00,</text>
                <text x="60" y="180">Gid:</text>
                <text x="128" y="180">0xabcd0000,</text>
                <text x="196" y="180">...)</text>
                <text x="420" y="212">Access</text>
                <text x="472" y="212">token</text>
                <text x="508" y="212">T1</text>
                <text x="384" y="228">+</text>
                <text x="420" y="228">Access</text>
                <text x="496" y="228">Information</text>
                <text x="76" y="260">POST</text>
                <text x="144" y="260">/authz-info</text>
                <text x="108" y="276">(access_token:</text>
                <text x="184" y="276">T1)</text>
                <text x="100" y="308">2.01</text>
                <text x="152" y="308">Created</text>
                <text x="100" y="340">POST</text>
                <text x="148" y="340">/token</text>
                <text x="56" y="356">(aud:</text>
                <text x="108" y="356">"RS2",</text>
                <text x="156" y="356">Sid:</text>
                <text x="200" y="356">0x00,</text>
                <text x="60" y="372">Gid:</text>
                <text x="128" y="372">0xabcd0000,</text>
                <text x="196" y="372">...)</text>
                <text x="420" y="404">Access</text>
                <text x="472" y="404">token</text>
                <text x="508" y="404">T2</text>
                <text x="384" y="420">+</text>
                <text x="420" y="420">Access</text>
                <text x="496" y="420">Information</text>
                <text x="76" y="452">POST</text>
                <text x="144" y="452">/authz-info</text>
                <text x="108" y="468">(access_token:</text>
                <text x="184" y="468">T2)</text>
                <text x="92" y="500">2.01</text>
                <text x="144" y="500">Created</text>
                <text x="56" y="532">Group</text>
                <text x="108" y="532">OSCORE</text>
                <text x="168" y="532">Request</text>
                <text x="64" y="548">(kid:</text>
                <text x="112" y="548">0x00,</text>
                <text x="68" y="564">Gid:</text>
                <text x="136" y="564">0xabcd0000)</text>
                <text x="256" y="596">|</text>
                <text x="224" y="612">/</text>
                <text x="292" y="612">Authentication</text>
                <text x="364" y="612">of</text>
                <text x="384" y="612">C</text>
                <text x="400" y="612">/</text>
                <text x="256" y="628">|</text>
                <text x="352" y="628">|</text>
                <text x="224" y="644">/</text>
                <text x="256" y="644">Proof</text>
                <text x="292" y="644">of</text>
                <text x="348" y="644">possession</text>
                <text x="400" y="644">/</text>
                <text x="72" y="676">Group</text>
                <text x="124" y="676">OSCORE</text>
                <text x="188" y="676">Response</text>
                <text x="96" y="692">(kid:</text>
                <text x="144" y="692">0x01)</text>
                <text x="8" y="724">/</text>
                <text x="76" y="724">Authentication</text>
                <text x="148" y="724">of</text>
                <text x="176" y="724">RS1</text>
                <text x="200" y="724">/</text>
                <text x="72" y="756">Group</text>
                <text x="124" y="756">OSCORE</text>
                <text x="188" y="756">Response</text>
                <text x="96" y="772">(kid:</text>
                <text x="144" y="772">0x02)</text>
                <text x="8" y="804">/</text>
                <text x="76" y="804">Authentication</text>
                <text x="148" y="804">of</text>
                <text x="176" y="804">RS2</text>
                <text x="200" y="804">/</text>
                <text x="120" y="836">...</text>
              </g>
            </svg>
          </artwork>
          <artwork type="ascii-art" align="center"><![CDATA[
C                             RS1         RS2                        AS
|                              |           |                          |
| [--- Resource Request ---->] |           |                          |
|                              |           |                          |
| [<------ AS Request -------] |           |                          |
|       Creation Hints         |           |                          |
|                              |           |                          |
+-------- POST /token ----------------------------------------------->|
|   (aud: "RS1", Sid: 0x00,    |           |                          |
|    Gid: 0xabcd0000, ...)     |           |                          |
|                              |           |                          |
|<---------------------------------------------- Access token T1 -----+
|                              |               + Access Information   |
|                              |           |                          |
+----- POST /authz-info ------>|           |                          |
|     (access_token: T1)       |           |                          |
|                              |           |                          |
|<------- 2.01 Created --------+           |                          |
|                              |           |                          |
+-------- POST /token ----------------------------------------------->|
|   (aud: "RS2", Sid: 0x00,    |           |                          |
|    Gid: 0xabcd0000, ...)     |           |                          |
|                              |           |                          |
|<---------------------------------------------- Access token T2 -----+
|                              |               + Access Information   |
|                              |           |                          |
+----- POST /authz-info ------------------>|                          |
|     (access_token: T2)       |           |                          |
|                              |           |                          |
|<------ 2.01 Created ---------------------+                          |
|                              |           |                          |
+-- Group OSCORE Request --+-->|           |                          |
|    (kid: 0x00,            \  |           |                          |
|     Gid: 0xabcd0000)       \ |           |                          |
|                             `----------->|                          |
|                              |           |                          |
|                          / Authentication of C /                    |
|                              |           |                          |
|                          / Proof of possession /                    |
|                              |           |                          |
|<--- Group OSCORE Response ---+           |                          |
|        (kid: 0x01)           |           |                          |
|                              |           |                          |
/ Authentication of RS1 /      |           |                          |
|                              |           |                          |
|<--- Group OSCORE Response ---------------+                          |
|        (kid: 0x02)           |           |                          |
|                              |           |                          |
/ Authentication of RS2 /      |           |                          |
|                              |           |                          |
|            ...               |           |                          |
|                              |           |                          |
]]></artwork>
        </artset>
      </figure>
      <t>As long as the client is a member of the OSCORE group and the access token previously uploaded at the RS is still valid, the client can contact the AS to ask for updating its access rights, through a process more efficient than that used for the first access token. To this end, the client can send to the AS an access token request similar to the initial one mentioned above that was sent when asking for the first access token.</t>
      <t>This latest access token request also includes a "token series identifier" provided by the AS in the response to the initial access token request, which allows the AS to retrieve the data that it previously shared with the client. The token series identifier is assigned by the AS and used to identify a series of access tokens, called a "token series" (see <xref target="sec-token-series"/>).</t>
      <t>After the new issued access token is successfully uploaded at the RS and thus the client's access rights are updated accordingly, the new issued access token effectively becomes the latest in its token series also for the RS, but the token series identifier remains the same. When the latest access token of a token series becomes invalid (e.g., when it expires or gets revoked), that token series ends.</t>
      <section anchor="sec-protocol-overview-pre-conditions">
        <name>Pre-Conditions</name>
        <t>Using Group OSCORE to protect message exchanges between the client and the resource servers (RSs) requires that the client and the RSs have joined the same OSCORE group. This especially includes the derivation of the Group OSCORE Security Context and the assignment of unique Sender IDs to use in the group. Nodes can join the OSCORE group through the respective Group Manager, e.g., as specified in <xref section="6" sectionFormat="of" target="I-D.ietf-ace-key-groupcomm-oscore"/>.</t>
        <t>The client needs to join the OSCORE group before requesting an access token that indicates the client's authorization and access rights in the group. After the client and RSs have joined the group, this profile enforces access control for the client to access resources on those RSs, by securely communicating with Group OSCORE.</t>
        <t>Depending on the limited information initially available, the client may have to first discover the exact OSCORE group used by the RSs for the resources of interest, e.g., by using the approach defined in <xref target="I-D.tiloca-core-oscore-discovery"/>.</t>
      </section>
      <section anchor="sec-protocol-overview-token-retrieval">
        <name>Requesting an Access Token</name>
        <t>This profile requires that the client requests an access token from the AS for the resource(s) that it wants to access at the RS(s), by using the token endpoint as specified in <xref section="5.8" sectionFormat="of" target="RFC9200"/>.</t>
        <t>In general, different RSs can be associated with different authorization servers, even if the RSs are members of the same OSCORE group. However, assuming proper configurations and trust relationships, it is possible for multiple RSs associated with the same AS to be part of a single audience (i.e., a group-audience, see <xref section="6.9" sectionFormat="of" target="RFC9200"/>). In such a case, the client can request a single access token intended for the group-audience, hence to all the RSs included therein. A particular group-audience might be defined as including all the RSs in the OSCORE group.</t>
        <t>When requesting the first access token of a token series, the client <bcp14>MUST</bcp14> include in the access token request to the AS the Group Identifier of the OSCORE group, together with its own Sender ID and authentication credential used in that group. The AS <bcp14>MUST</bcp14> include these pieces of information in the access token issued for the client.</t>
        <t>In such an access token request, the client can also include a proof-of-possession (PoP) evidence to prove possession of the private key corresponding to its own authentication credential to the AS. The PoP evidence is computed over a PoP input uniquely related to the secure communication association between the client and the AS. Including the PoP evidence is <bcp14>OPTIONAL</bcp14> under particular circumstances and is <bcp14>REQUIRED</bcp14> otherwise (see <xref target="sec-c-as-token-endpoint"/>).</t>
        <t>If the request from the client is granted, then the AS can include the issued access token in the access token response to the client, or instead upload the access token directly to the RS as per the Short Distribution Chain (SDC) workflow defined in <xref target="I-D.ietf-ace-workflow-and-params"/>. This document focuses on the former option (also shown in the example in <xref target="fig-protocol-overview"/>), while the latter option is not detailed further here.</t>
        <t>The access token request and response exchanged between the client and the AS <bcp14>MUST</bcp14> be confidentiality-protected and <bcp14>MUST</bcp14> ensure authenticity. In this profile, it is <bcp14>RECOMMENDED</bcp14> to use OSCORE <xref target="RFC8613"/> between the client and the AS, to reduce the number of libraries that the client has to support. Other protocols fulfilling the security requirements defined in Sections <xref target="RFC9200" section="5" sectionFormat="bare"/> and <xref target="RFC9200" section="6" sectionFormat="bare"/> of <xref target="RFC9200"/> <bcp14>MAY</bcp14> alternatively be used, such as TLS <xref target="RFC8446"/> or DTLS <xref target="RFC9147"/>.</t>
      </section>
      <section anchor="sec-protocol-overview-token-posting">
        <name>Access Token Uploading</name>
        <t>After having obtained the access token from the AS, the client uploads the access token to the RS, by sending a POST request to the authz-info endpoint and using the mechanisms specified in <xref section="5.10" sectionFormat="of" target="RFC9200"/>. When using this profile, the communication that C has with the authz-info endpoint is not protected.</t>
        <t>When verifying the first access token of a token series (see <xref section="5.10.1.1" sectionFormat="of" target="RFC9200"/>), the RS joins the pertaining OSCORE group if it has not already (see <xref target="sec-rs-c-created"/> for further details).</t>
        <t>If the access token is valid, the RS replies to the POST request with a 2.01 (Created) response. Also, the RS associates the access token with the Recipient Context pertaining to the client, within the Group OSCORE Security Context used in the OSCORE group. In practice, the RS maintains a collection of Security Contexts with associated authorization information, for all the clients that it is currently communicating with. The authorization information is a policy that is used as input when processing requests from those clients to access resources at the RS.</t>
        <t>After that, the RS associates the access token with the following pieces of information: i) the identifier of the token series which the access token belongs to; ii) the target audience for which the access token is issued; and iii) the authentication credential of the client in the OSCORE group (see <xref section="2" sectionFormat="of" target="I-D.ietf-core-oscore-groupcomm"/>). Such pieces of information are specified by corresponding elements of the access token (see <xref target="sec-as-c-token"/>).</t>
        <t>The above has considered an access token intended for a single RS. However, as discussed in <xref target="sec-protocol-overview-token-retrieval"/>, an access token can be intended for a group-audience including multiple RSs in the OSCORE group. In such a case, the client could efficiently upload the access token to many or all of those RSs at once (e.g., over IP multicast), after which each RS individually performs the same steps described above.</t>
      </section>
      <section anchor="sec-protocol-overview-communication">
        <name>Secure Communication</name>
        <t>The client can send a CoAP request protected with Group OSCORE <xref target="I-D.ietf-core-oscore-groupcomm"/> to the RS. This can be a unicast request targeting the RS <xref target="RFC7252"/>, or a one-to-many group request (e.g., over IP multicast) <xref target="I-D.ietf-core-groupcomm-bis"/> targeting the OSCORE group where the RS is also a member.</t>
        <t>To this end, the client uses the Group OSCORE Security Context already established upon joining the OSCORE group, unless it has a more recent Security Context that has been established in the group as a result of a group rekeying (see <xref section="12.2" sectionFormat="of" target="I-D.ietf-core-oscore-groupcomm"/>).</t>
        <t>When the client sends to the RS a request protected with the Group OSCORE Security Context and the RS successfully verifies the request, the RS authenticates the client as a legitimate member of the OSCORE group. After that, if the target resource requires authorization, the RS performs access rights verification as per the access token associated with the Recipient Context pertaining to the client, which was used to verify the request and is included in the Group OSCORE Security Context used in the group.</t>
        <t>The RS may send a response back to the client, also protecting it with Group OSCORE.</t>
      </section>
    </section>
    <section anchor="sec-c-as-comm">
      <name>Client-AS Communication</name>
      <t>This section details the access token request that the client sends to the token endpoint of the AS, as well as the related access token response.</t>
      <t>The access token <bcp14>MUST</bcp14> be bound to the public key of the client as proof-of-possession (PoP) key, which is included in the client's authentication credential specified in the access token.</t>
      <section anchor="sec-c-as-comm-preliminary-ops">
        <name>Preliminary Operations</name>
        <t>The following considers a client that is a member of an OSCORE group G with GID* as current Group Identifier (Gid), within which the client currently has SID* as Sender ID and uses a public authentication credential AUTH_CRED_C that specifies the PoP key K.</t>
        <t>The client <bcp14>MUST</bcp14> perform the following steps, before requesting an access token to be bound to AUTH_CRED_C (hence to the PoP key K) and to be associated with the client's membership in group G through the values GID* and SID*.</t>
        <ol spacing="normal" type="1"><li>
            <t>The client checks whether it is a member of any two OSCORE groups G1 and G2 such that all the following conditions hold.  </t>
            <ul spacing="normal">
              <li>
                <t>Both groups have GID* as current Gid.</t>
              </li>
              <li>
                <t>The client uses SID* as Sender ID in both groups.</t>
              </li>
              <li>
                <t>The client uses the same AUTH_CRED_C in both groups.</t>
              </li>
            </ul>
          </li>
          <li>
            <t>If such two groups G1 and G2 are found at Step 1, then the client moves to Step 3. Otherwise, the client terminates this algorithm and proceeds with requesting the access token as defined in <xref target="sec-c-as-token-endpoint"/>.</t>
          </li>
          <li>
            <t>The client can choose to terminate this algorithm and perform it again later on.  </t>
            <t>
Alternatively, the client can alter its current group memberships, in order to ensure that two groups like G1 and G2 cannot be determined. To this end, the client has two available options.  </t>
            <ul spacing="normal">
              <li>
                <t>The client leaves some of the OSCORE groups that could be determined as groups like G1 and G2, e.g., as specified in <xref section="9.11" sectionFormat="of" target="I-D.ietf-ace-key-groupcomm-oscore"/>.</t>
              </li>
              <li>
                <t>The client obtains a new Sender ID in some of the OSCORE groups that could be determined as groups like G1 and G2. To this end, the client can request a new Sender ID in a group to the Group Manager responsible for that group, e.g., as specified in <xref section="9.2" sectionFormat="of" target="I-D.ietf-ace-key-groupcomm-oscore"/>. Alternatively, the client can re-join a group, thereby obtaining a new Sender ID in that group.</t>
              </li>
            </ul>
            <t>
Finally, the client moves to Step 1.</t>
          </li>
        </ol>
      </section>
      <section anchor="sec-c-as-token-endpoint">
        <name>C-to-AS: POST to Token Endpoint</name>
        <t>The Client-to-AS request is specified in <xref section="5.8.1" sectionFormat="of" target="RFC9200"/>. The client <bcp14>MUST</bcp14> send this POST request to the token endpoint over a secure channel that guarantees authentication, message integrity, and confidentiality (see <xref target="sec-comm-as"/>).</t>
        <t>When requesting the first access token of a token series, the POST request is formatted as the analogous Client-to-AS request in the OSCORE profile of ACE (see <xref section="3.1" sectionFormat="of" target="RFC9203"/>), with the following additional parameters that <bcp14>MUST</bcp14> be included in the payload.</t>
        <ul spacing="normal">
          <li>
            <t>'context_id', defined in <xref target="context_id"/> of this document. This parameter specifies the Gid (i.e., the ID Context) of an OSCORE group whose intended members are both the client and the RS(s) in the audience for which the access token is asked to be issued. In particular, the client wishes to communicate with the RS(s) in that audience using the Group OSCORE Security Context associated with that OSCORE group.</t>
          </li>
          <li>
            <t>'salt_input', defined in <xref target="salt_input"/> of this document. This parameter includes the Sender ID that the client has in the OSCORE group whose Gid is specified in the 'context_id' parameter above.</t>
          </li>
          <li>
            <t>'req_cnf', defined in <xref section="3.1" sectionFormat="of" target="RFC9201"/>. This parameter follows the syntax from <xref section="3.1" sectionFormat="of" target="RFC8747"/> and its inner confirmation value specifies the authentication credential AUTH_CRED_C that the client uses in the OSCORE group. The public key included in the authentication credential will be used as the PoP key bound to the access token.  </t>
            <t>
The inner confirmation value of the 'req_cnf' parameter <bcp14>MUST</bcp14> specify AUTH_CRED_C as transported by value.  </t>
            <t>
At the time of writing this specification, acceptable formats of authentication credentials in Group OSCORE are CBOR Web Tokens (CWTs) and CWT Claims Sets (CCSs) <xref target="RFC8392"/>, X.509 certificates <xref target="RFC5280"/>, and C509 certificates <xref target="I-D.ietf-cose-cbor-encoded-cert"/>.  </t>
            <t>
Further formats may be available in the future and would be acceptable to use as long as they comply with the criteria compiled in <xref section="2.4" sectionFormat="of" target="I-D.ietf-core-oscore-groupcomm"/>. In particular, an authentication credential has to explicitly include the public key as well as a comprehensive set of information related to the public key algorithm, including, e.g., the elliptic curve used (when applicable).  </t>
            <t>
Note that C might have previously uploaded AUTH_CRED_C to the Group Manager as provided within a chain or a bag (e.g., as the end-entity certificate in a chain of certificates). For example, such uploading can rely on the 'client_cred' parameter of a Join Request or of an Authentication Credential Update Request sent to the Group Manager as specified in Sections <xref target="I-D.ietf-ace-key-groupcomm-oscore" section="6.1" sectionFormat="bare"/> and <xref target="I-D.ietf-ace-key-groupcomm-oscore" section="9.4" sectionFormat="bare"/> of <xref target="I-D.ietf-ace-key-groupcomm-oscore"/>.  </t>
            <t>
In such a case, the inner confirmation value of the 'req_cnf' parameter <bcp14>MUST</bcp14> specify AUTH_CRED_C as provided within the same chain or bag.  </t>
            <t>
[ As to CWTs and CCSs, the CWT Confirmation Methods 'kcwt' and 'kccs' are under pending registration requested by draft-ietf-ace-edhoc-oscore-profile. ]  </t>
            <t>
[ As to X.509 certificates, the CWT Confirmation Methods 'x5bag' and '5chain' are under pending registration requested by draft-ietf-ace-edhoc-oscore-profile. ]  </t>
            <t>
[ As to C509 certificates, the CWT Confirmation Methods 'c5b' and 'c5c' are under pending registration requested by draft-ietf-ace-edhoc-oscore-profile. ]</t>
          </li>
        </ul>
        <t>Furthermore, the payload of the request can include exactly one of the two following parameters, specifying a proof-of-possession (PoP) evidence computed by the client.</t>
        <ul spacing="normal">
          <li>
            <t>'client_cred_verify', defined in <xref target="client_cred_verify"/> of this document, specifying the client's PoP evidence as a signature, which is computed as defined later in this section. This parameter <bcp14>MUST NOT</bcp14> be included if the OSCORE group is a pairwise-only group.</t>
          </li>
          <li>
            <t>'client_cred_verify_mac', defined in <xref target="client_cred_verify_mac"/> of this document, specifying the client's PoP evidence as a MAC, which is computed as defined later in this section. This parameter <bcp14>MUST NOT</bcp14> be included if the OSCORE group is not a pairwise-only group.</t>
          </li>
        </ul>
        <t>The PoP evidence can be used by the AS to achieve proof of possession of the client's private key, i.e., to verify that the client indeed owns the private key associated with the public key within AUTH_CRED_C.</t>
        <t>When preparing the POST request, the client might know that the AS has previously achieved proof of possession of the private key in question. In such a case, it is <bcp14>OPTIONAL</bcp14> for the client to compute the PoP evidence and to specify it in the 'client_cred_verify' or 'client_cred_verify_mac' parameter of the POST request.</t>
        <t>If the client believes that the AS has not previously achieved proof of possession of the private key in question or that such proof was achieved but does not hold anymore, then the client <bcp14>MUST</bcp14> compute the PoP evidence as defined below and <bcp14>MUST</bcp14> specify it in the 'client_cred_verify' or 'client_cred_verify_mac' parameter of the POST request.</t>
        <t>In order to compute the PoP evidence, the client <bcp14>MUST</bcp14> use as PoP input the byte representation of an information that uniquely represents the secure communication association between the client and the AS. It is <bcp14>RECOMMENDED</bcp14> that the client uses the following as PoP input.</t>
        <ul spacing="normal">
          <li>
            <t>If the client and the AS communicate over TLS 1.2 <xref target="RFC5246"/> or DTLS 1.2 <xref target="RFC6347"/>, the PoP input is an exporter value computed as defined in <xref section="4" sectionFormat="of" target="RFC5705"/>, using the following inputs:  </t>
            <ul spacing="normal">
              <li>
                <t>The exporter label "EXPORTER-ACE-PoP-Input-Client-AS" registered in <xref target="iana-tls-exporter-label"/> of this document.</t>
              </li>
              <li>
                <t>The empty 'context value', i.e., a 'context value' of zero-length.</t>
              </li>
              <li>
                <t>32 as length value in bytes.</t>
              </li>
            </ul>
          </li>
          <li>
            <t>If the client and the AS communicate over TLS 1.3 <xref target="RFC8446"/> or DTLS 1.3 <xref target="RFC9147"/>, the PoP input is an exporter value computed as defined in <xref section="7.5" sectionFormat="of" target="RFC8446"/>, using the following inputs:  </t>
            <ul spacing="normal">
              <li>
                <t>The exporter label "EXPORTER-ACE-PoP-Input-Client-AS" registered in <xref target="iana-tls-exporter-label"/> of this document.</t>
              </li>
              <li>
                <t>The empty 'context_value', i.e., a 'context_value' of zero-length.</t>
              </li>
              <li>
                <t>32 as 'key_length' in bytes.</t>
              </li>
            </ul>
          </li>
          <li>
            <t>If the client and the AS communicate over OSCORE <xref target="RFC8613"/>, the PoP input is the output PRK of an HKDF-Extract step <xref target="RFC5869"/>, i.e., PRK = HMAC-Hash(salt, IKM).  </t>
            <t>
In particular, given the OSCORE Security Context CTX shared between the client and the AS, then the following applies.  </t>
            <ul spacing="normal">
              <li>
                <t>'salt' takes (x1 | x2), where | denotes byte string concatenation, while x1 and x2 are defined as follows.      </t>
                <ul spacing="normal">
                  <li>
                    <t>x1 is the binary representation of a CBOR data item. If CTX does not specify an OSCORE ID Context, the CBOR data item is the CBOR simple value <tt>null</tt> (0xf6). Otherwise, the CBOR data item is a CBOR byte string, with value the OSCORE ID Context specified in CTX.</t>
                  </li>
                  <li>
                    <t>x2 is the binary representation of a CBOR byte string. The value of the CBOR byte string is the OSCORE Sender ID of the client, which the client stores in its Sender Context of CTX and the AS stores in its Recipient Context of CTX.</t>
                  </li>
                </ul>
              </li>
              <li>
                <t>'IKM' is the OSCORE Master Secret specified in CTX.</t>
              </li>
              <li>
                <t>The used HKDF is the HKDF Algorithm specified in CTX.</t>
              </li>
            </ul>
            <t>
The following shows an example of input to the HMAC-Hash() function.  </t>
            <t>
On the client side, the OSCORE Security Context shared with the AS includes:  </t>
            <artwork><![CDATA[
ID Context: 0x37cbf3210017a2d3 (8 bytes)

Sender ID: 0x01 (1 byte)

Master Secret: 0x0102030405060708090a0b0c0d0e0f10 (16 bytes)
]]></artwork>
            <t>
Then, the following holds.  </t>
            <artwork><![CDATA[
x1 (Raw value) (8 bytes)
0x37cbf3210017a2d3

x1 (CBOR Data Item) (9 bytes)
0x4837cbf3210017a2d3

x2 (Raw value) (1 bytes)
0x01

x2 (CBOR Data Item) (2 bytes)
0x4101

salt (11 bytes)
0x4837cbf3210017a2d34101

IKM (16 bytes)
0x0102030405060708090a0b0c0d0e0f10
]]></artwork>
          </li>
        </ul>
        <t>It is up to applications or future specifications to define what is used as PoP input in further alternative settings.</t>
        <t>After that, the client computes the PoP evidence as follows.</t>
        <ul spacing="normal">
          <li>
            <t>If the OSCORE group is not a pairwise-only group, the PoP evidence <bcp14>MUST</bcp14> be a signature. The client computes the signature over the PoP input, by using the same private key and signature algorithm that it uses for signing messages in the OSCORE group. The client's private key is the one associated with the client's authentication credential used in the OSCORE group and specified in the 'req_cnf' parameter above.</t>
          </li>
          <li>
            <t>If the OSCORE group is a pairwise-only group, the PoP evidence <bcp14>MUST</bcp14> be a MAC computed as follows, by using the HKDF Algorithm HKDF SHA-256, which consists of composing the HKDF-Extract and HKDF-Expand steps <xref target="RFC5869"/>.  </t>
            <t>
MAC = HKDF(salt, IKM, info, L)  </t>
            <t>
The input parameters of HKDF are as follows.  </t>
            <ul spacing="normal">
              <li>
                <t>salt takes as value the empty byte string.</t>
              </li>
              <li>
                <t>IKM is computed as a cofactor Diffie-Hellman shared secret (see Section 5.7.1.2 of <xref target="NIST-800-56A"/>), using the ECDH algorithm that is used as Pairwise Key Agreement Algorithm in the OSCORE group. The client uses its own Diffie-Hellman private key and the Diffie-Hellman public key of the AS. For X25519 and X448, the procedure is described in <xref section="5" sectionFormat="of" target="RFC7748"/>.      </t>
                <t>
The client's private key is the one associated with the client's authentication credential used in the OSCORE group and specified in the 'req_cnf' parameter above. The client may obtain the Diffie-Hellman public key of the AS during its registration process at the AS.</t>
              </li>
              <li>
                <t>info takes as value the PoP input.</t>
              </li>
              <li>
                <t>L is equal to 8, i.e., the size of the MAC, in bytes.</t>
              </li>
            </ul>
          </li>
        </ul>
        <t>An example of the POST request is shown in <xref target="fig-example-C-to-AS-symm"/>.</t>
        <figure anchor="fig-example-C-to-AS-symm">
          <name>Example C-to-AS POST /token Request for an Access Token Bound to an Asymmetric Key</name>
          <artwork><![CDATA[
Header: POST (Code=0.02)
Uri-Host: "as.example.com"
Uri-Path: "token"
Content-Format: 19 (application/ace+cbor)
Payload:
{
  / audience /        5 : "tempSensorInLivingRoom",
  / scope /           9 : "read",
    e'context_id_param' : h'abcd0000',
    e'salt_input_param' : h'00',
  e'client_cred_verify' : h'c5a6...f100' / elided for brevity /,
  / req_cnf /         4 : {
    e'kccs' : {
      / sub / 2 : "42-50-31-FF-EF-37-32-39",
      / cnf / 8 : {
        / COSE_Key / 1 : {
          / kty /  1 : 2 / EC2 /,
          / crv / -1 : 1 / P-256 /,
          / x /   -2 : h'd7cc072de2205bdc1537a543d53c60a6
                         acb62eccd890c7fa27c9e354089bbe13',
          / y /   -3 : h'f95e1d4b851a2cc80fff87d8e23f22af
                         b725d535e515d020731e79a3b4e47120'
        }
      }
    }
  }
}
]]></artwork>
        </figure>
        <t>In the example above, the client specifies that its authentication credential in the OSCORE group is the CCS shown in <xref target="fig-client-auth-cred"/>.</t>
        <figure anchor="fig-client-auth-cred">
          <name>Example of client Authentication Credential as CWT Claims Set (CCS)</name>
          <sourcecode type="cbor-diag"><![CDATA[
{
  / sub / 2 : "42-50-31-FF-EF-37-32-39",
  / cnf / 8 : {
    / COSE_Key / 1 : {
      / kty /  1 : 2 / EC2 /,
      / crv / -1 : 1 / P-256 /,
      / x /   -2 : h'd7cc072de2205bdc1537a543d53c60a6
                     acb62eccd890c7fa27c9e354089bbe13',
      / y /   -3 : h'f95e1d4b851a2cc80fff87d8e23f22af
                     b725d535e515d020731e79a3b4e47120'
    }
  }
}
]]></sourcecode>
        </figure>
        <t>Later on, the client might want to update its access rights with respect to the same target audience for which the first access token was issued.</t>
        <t>As long as the client is a member of the OSCORE group and the latest access token of a token series is still valid, the client can contact the AS to ask for updating its access rights, through a process more efficient than that used for the first access token of the token series.</t>
        <t>When doing so, the POST request sent to the token endpoint is like the one defined above, with the differences compiled below. An example of such a request is shown in <xref target="fig-example-C-to-AS-symm-update"/>.</t>
        <ul spacing="normal">
          <li>
            <t>The request <bcp14>MUST</bcp14> include the 'token_series_id' parameter defined in <xref target="I-D.ietf-ace-workflow-and-params"/>.  </t>
            <t>
The 'token_series_id' parameter encodes a token series identifier that is assigned by the AS as discussed in <xref target="sec-token-series"/> and identifies an ongoing token series associated with the pair (AUTH_CRED_C, Aud). That is, previous access tokens in that series were issued by the AS to the client, as bound to AUTH_CRED_C and intended for the target audience Aud (see <xref section="5.8.1" sectionFormat="of" target="RFC9200"/>).  </t>
            <t>
Note that the same 'token_series_id' value might identify multiple ongoing token series, e.g., if those are associated with the same client but different audiences. Therefore, the AS uses the 'token_series_id' value together with other information such as the targeted audience and the authenticated identity of the client, in order to determine the exact token series to which the new requested access token has to be added.</t>
          </li>
          <li>
            <t>The 'audience' parameter <bcp14>MUST</bcp14> be included in the POST request, if it was included in the POST request that the client previously sent to the AS for requesting the first access token in the token series to which the new requested access token has to be added. If the 'audience' parameter is included in the present POST request, its value <bcp14>MUST</bcp14> be the same value of the 'audience' parameter in that previous POST request.</t>
          </li>
          <li>
            <t>The request <bcp14>MUST NOT</bcp14> include any of the following parameters: 'context_id', 'salt_input', 'client_cred_verify', 'client_cred_verify_mac', and 'req_cnf'.</t>
          </li>
        </ul>
        <t>If the access token request specifies the 'token_series_id' parameter together with any of the parameters 'context_id', 'salt_input', 'client_cred_verify', 'client_cred_verify_mac', and 'req_cnf', the Client-to-AS request <bcp14>MUST</bcp14> be declined with the error code "invalid_request" as defined in <xref section="5.8.3" sectionFormat="of" target="RFC9200"/>.</t>
        <t>The AS <bcp14>MUST</bcp14> verify that the received 'token_series_id' identifies a token series to which a still valid access token belongs, such that the access token is issued to the client and is intended for the audience specified by the 'audience' parameter of the POST request, if present therein, or for the default audience associated with the client otherwise. If that is not the case, the Client-to-AS request <bcp14>MUST</bcp14> be declined with the error code "invalid_request" as defined in <xref section="5.8.3" sectionFormat="of" target="RFC9200"/>.</t>
        <figure anchor="fig-example-C-to-AS-symm-update">
          <name>Example C-to-AS POST /token Request for Updating Access Rights to an Access Token.</name>
          <artwork><![CDATA[
Header: POST (Code=0.02)
Uri-Host: "as.example.com"
Uri-Path: "token"
Content-Format: 19 (application/ace+cbor)
Payload:
{
  / audience /             5 : "tempSensorInLivingRoom",
  / scope /                9 : "write",
    e'token_series_id_param' : h'3a'
}
]]></artwork>
        </figure>
        <section anchor="context_id">
          <name>'context_id' Parameter</name>
          <t>The 'context_id' parameter is an <bcp14>OPTIONAL</bcp14> parameter of the access token request message defined in <xref section="5.8.1" sectionFormat="of" target="RFC9200"/>. This parameter provides a value that the client wishes to use with the RS, as a hint for a security context. Its exact content is profile specific.</t>
        </section>
        <section anchor="salt_input">
          <name>'salt_input' Parameter</name>
          <t>The 'salt_input' parameter is an <bcp14>OPTIONAL</bcp14> parameter of the access token request message defined in <xref section="5.8.1" sectionFormat="of" target="RFC9200"/>. This parameter provides a value that the client wishes to use as part of a salt with the RS, for deriving cryptographic material. Its exact content is profile specific.</t>
        </section>
        <section anchor="client_cred_verify">
          <name>'client_cred_verify' Parameter</name>
          <t>The 'client_cred_verify' parameter is an <bcp14>OPTIONAL</bcp14> parameter of the access token request message defined in <xref section="5.8.1." sectionFormat="of" target="RFC9200"/>. This parameter provides a signature computed by the client to prove the possession of its own private key.</t>
        </section>
        <section anchor="client_cred_verify_mac">
          <name>'client_cred_verify_mac' Parameter</name>
          <t>The 'client_cred_verify_mac' parameter is an <bcp14>OPTIONAL</bcp14> parameter of the access token request message defined in <xref section="5.8.1." sectionFormat="of" target="RFC9200"/>. This parameter provides a Message Authentication Code (MAC) computed by the client to prove the possession of its own private key.</t>
        </section>
      </section>
      <section anchor="sec-token-series">
        <name>Token Series</name>
        <t>This document refers to "token series" as a series of access tokens that are sorted in chronological order of release and are characterized by the following properties:</t>
        <ul spacing="normal">
          <li>
            <t>Issued by the same AS.</t>
          </li>
          <li>
            <t>Issued to the same client C and associated with the same authentication credential of C, namely AUTH_CRED_C.</t>
          </li>
          <li>
            <t>Issued for the same target audience.</t>
          </li>
        </ul>
        <t>Upon a successful update of access rights (see <xref target="sec-as-update-access-rights"/>), the new issued access token becomes the latest in its token series. When the latest access token of a token series becomes invalid (e.g., due to its expiration or revocation), the token series it belongs to ends.</t>
        <t>In this profile, a token series comprises access tokens that are used between a given client C and target audience, are bound to the same authentication credential AUTH_CRED_C of C, and specify the same token series identifier, e.g., as value of the 'tokens_series_id' claim (see <xref target="access-token"/>).</t>
        <t>The AS assigns the token series identifier when issuing the first access token of a new series. That token series identifier remains fixed throughout the series lifetime.</t>
        <t>When assigning the token series identifier, the AS <bcp14>MUST</bcp14> ensure that, irrespective of the profile of ACE used, such value was not used in a previous series whose access tokens share both the following properties with the access tokens of the new series:</t>
        <ul spacing="normal">
          <li>
            <t>Issued to the same client C, irrespective of the specific AUTH_CRED_C bound to the access token; and</t>
          </li>
          <li>
            <t>Issued for the same RS as identified by the targeted audience.</t>
          </li>
        </ul>
        <t>If the access token is issued for a group-audience (see <xref section="6.9" sectionFormat="of" target="RFC9200"/>), the token series is associated with all the resource servers in the group-audience. In such case, what is defined above applies, with the difference that the resource servers as identified by the targeted group-audience are collectively considered.</t>
      </section>
      <section anchor="sec-as-c-token">
        <name>AS-to-C: Response</name>
        <t>After having verified the POST access token request to the token endpoint and that the client is authorized to obtain an access token aligned with the request, the AS proceeds as defined below.</t>
        <t>In the following, an authentication credential is denoted as "confirmed" if and only if the AS has achieved proof of possession of the private key associated with the public key of that authentication credential and such proof still holds. Otherwise, an authentication credential is denoted as "non confirmed".</t>
        <t>If the access token request specifies none of the parameters 'token_series_id', 'client_cred_verify', and 'client_cred_verify_mac', then the AS performs the following steps.</t>
        <ul spacing="normal">
          <li>
            <t>The AS considers the authentication credential AUTH_CRED_C specified in the 'req_cnf' parameter of the access token request.</t>
          </li>
          <li>
            <t>If the AS currently knows AUTH_CRED_C as "confirmed", then the AS considers proof of possession of the client's private key to be achieved and it takes no further actions in this respect.  </t>
            <t>
The AS might already have achieved proof of possession when establishing a secure communication association with the client, or when processing a previous access token request conveying the same AUTH_CRED_C.  </t>
            <t>
Alternatively, a further entity in a trust relationship with the AS might have already achieved proof of possession of the private key and informed the AS about that. Building on that trust relationship, the AS considered AUTH_CRED_C to be "confirmed" from then on.</t>
          </li>
          <li>
            <t>If the AS does not currently know AUTH_CRED_C as "confirmed", then the AS <bcp14>MUST</bcp14> consider the access token request to be invalid.</t>
          </li>
        </ul>
        <t>If both the 'client_cred_verify' and 'client_cred_verify_mac' parameters are present, then the AS <bcp14>MUST</bcp14> consider the access token request to be invalid.</t>
        <t>If the access token request specifies either the 'client_cred_verify' parameter or the 'client_cred_verify_mac' parameter, then the AS <bcp14>MUST</bcp14> verify the proof-of-possession (PoP) evidence specified therein. In particular, the AS proceeds as follows.</t>
        <ul spacing="normal">
          <li>
            <t>As PoP input, the AS uses the same value that the client used (see <xref target="sec-c-as-token-endpoint"/>).</t>
          </li>
          <li>
            <t>As public key of the client, the AS uses the one included in the authentication credential AUTH_CRED_C that is specified in the 'req_cnf' parameter of the access token request.  </t>
            <t>
This requires the AS to support the format of AUTH_CRED_C, i.e., the format of authentication credential that is used in the OSCORE group where the client uses that authentication credential.  </t>
            <t>
Practically, this is not an issue, since the same format is used by RSs in that group and an RS supporting this profile is expected to be registered only at an AS that supports the formats of authentication credential that the RS supports.</t>
          </li>
          <li>
            <t>If the access token request includes the 'client_cred_verify' parameter, this specifies the PoP evidence as a signature. Then, the AS verifies the signature by using the public key of the client.  </t>
            <t>
This requires the AS to support the signature algorithm and curve (when applicable) that are used in the OSCORE group where the client uses the authentication credential AUTH_CRED_C that is specified in the 'req_cnf' parameter of the access token request.  </t>
            <t>
Practically, this is not an issue, since the same algorithm and curve (when applicable) are used by RSs in that group and an RS supporting this profile is expected to be registered only at an AS that supports the signature algorithms and curves (when applicable) that the RS supports.</t>
          </li>
          <li>
            <t>If the access token request includes the 'client_cred_verify_mac' parameter, this specifies the PoP evidence as a Message Authentication Code (MAC).  </t>
            <t>
Then, the AS recomputes the MAC through the same process taken by the client when preparing the value of the 'client_cred_verify_mac' parameter for the access token request (see <xref target="sec-c-as-token-endpoint"/>), with the difference that the AS uses its own Diffie-Hellman private key and the Diffie-Hellman public key of the client. The verification succeeds if and only if the recomputed MAC is equal to the MAC conveyed as PoP evidence in the access token request.  </t>
            <t>
This requires the AS to support the ECDH algorithm that is used as Pairwise Key Agreement Algorithm in the OSCORE group where the client uses the authentication credential AUTH_CRED_C that is specified in the 'req_cnf' parameter of the access token request.  </t>
            <t>
Practically, this is not an issue, since the same ECDH algorithm is used by RSs in that group and an RS supporting this profile is expected to be registered only at an AS that supports the ECDH algorithms that the RS supports.</t>
          </li>
        </ul>
        <t>If the verification of the PoP evidence succeeds, then the AS considers AUTH_CRED_C to be "confirmed" from then on.</t>
        <t>Instead, if the verification of the PoP evidence fails, then the AS <bcp14>MUST</bcp14> consider the access token request to be invalid. Also, the AS <bcp14>MUST</bcp14> consider AUTH_CRED_C to be "non confirmed" from then on, until the AS again achieves proof of possession of the client's private key.</t>
        <t>If the access token request was invalid or not authorized, then the AS <bcp14>MUST</bcp14> reply to the client with an error response as described in <xref section="5.8.3" sectionFormat="of" target="RFC9200"/>.</t>
        <t>Instead, if all verifications are successful, the AS replies to the client with an access token response as defined in <xref section="5.8.2" sectionFormat="of" target="RFC9200"/>. In particular:</t>
        <ul spacing="normal">
          <li>
            <t>The AS can signal that the use of Group OSCORE as per this profile is <bcp14>REQUIRED</bcp14> for the issued access token, by including the 'ace_profile' parameter with the value "coap_group_oscore" in the access token response. The client <bcp14>MUST</bcp14> use Group OSCORE towards all the resource servers for which this access token is valid, when accessing protected resources at those resource servers according to the authorization information indicated in the access token. Usually, it is assumed that constrained devices will be pre-configured with the necessary profile, so that this kind of profile signaling can be omitted.</t>
          </li>
          <li>
            <t>The AS <bcp14>MUST NOT</bcp14> include the 'cnf' parameter in the access token response.</t>
          </li>
          <li>
            <t>The AS <bcp14>MUST NOT</bcp14> include the 'rs_cnf' parameter defined in <xref target="RFC9201"/> in the access token response. In general, the AS is not aware of the authentication credentials (and public keys included thereof) that the RSs use in the OSCORE group. Instead, the client is able to retrieve the authentication credentials of other group members from the responsible Group Manager, both upon joining the group or later on as a group member, e.g., as specified in Sections <xref target="I-D.ietf-ace-key-groupcomm-oscore" section="6" sectionFormat="bare"/> and <xref target="I-D.ietf-ace-key-groupcomm-oscore" section="9.3" sectionFormat="bare"/> of <xref target="I-D.ietf-ace-key-groupcomm-oscore"/>.</t>
          </li>
          <li>
            <t>If the issued access token is the first one of a token series, the AS <bcp14>MUST</bcp14> include the 'token_series_id' parameter defined in <xref target="I-D.ietf-ace-workflow-and-params"/> in the access token response, specifying the identifier of the token series which the access token belongs to.</t>
          </li>
          <li>
            <t>If the issued access token is not the first one of a token series, the AS <bcp14>MUST NOT</bcp14> include the 'token_series_id' parameter in the access token response.</t>
          </li>
        </ul>
        <t>According to this document, the AS includes the 'access_token' parameter in the access token response, specifying the issued access token. The alternative Short Distribution Chain (SDC) workflow where the access token is uploaded by the AS directly to the RS is described in <xref target="I-D.ietf-ace-workflow-and-params"/>.</t>
        <t><xref target="fig-example-AS-to-C"/> shows an example of access token response, where the access token has been truncated for readability.</t>
        <figure anchor="fig-example-AS-to-C">
          <name>Example AS-to-C Access Token Response with the Group OSCORE Profile</name>
          <artwork><![CDATA[
Header: Created (Code=2.01)
Content-Format: 19 (application/ace+cbor)
Payload:
{
  / access_token /         1 : h'8343a1010aa2044c...00'
                               / elided for brevity /,
  / ace_profile /         38 : e'coap_group_oscore',
  / expires_in /           2 : 3600,
    e'token_series_id_param' : h'3a'
}
]]></artwork>
        </figure>
        <section anchor="access-token">
          <name>Access Token</name>
          <t>The use of CBOR web tokens (CWTs) as specified in <xref target="RFC8392"/> is <bcp14>RECOMMENDED</bcp14>.</t>
          <t>When issuing any access token of a token series, the AS <bcp14>MUST</bcp14> include the following information as metadata of the issued access token.</t>
          <ul spacing="normal">
            <li>
              <t>The profile "coap_group_oscore". If the access token is a CWT, this is specified in the 'ace_profile' claim of the access token, as per <xref section="5.10" sectionFormat="of" target="RFC9200"/>.</t>
            </li>
            <li>
              <t>The audience targeted by the access token. If the access token is a CWT, this is specified in the 'aud' claim of the access token.</t>
            </li>
            <li>
              <t>The identifier of the token series which the access token belongs to. If the access token is a CWT, this is specified in the 'token_series_id' claim of the access token, as per <xref target="I-D.ietf-ace-workflow-and-params"/>.</t>
            </li>
            <li>
              <t>The client's authentication credential AUTH_CRED_C that the client uses in the OSCORE group, which was specified in the 'req_cnf' parameter of the initial access token request that the client sent to ask for the first access token of the token series (see <xref target="sec-c-as-token-endpoint"/>).  </t>
              <t>
If the issued access token is the first one of a token series, AUTH_CRED_C <bcp14>MUST</bcp14> be specified as transported by value, like it was specified in the initial access token request mentioned above. Otherwise, AUTH_CRED_C can be specified as transported by value or identified by reference.  </t>
              <t>
If the access token is a CWT, the client's authentication credential <bcp14>MUST</bcp14> be specified in the 'cnf' claim, which follows the syntax from <xref section="3.1" sectionFormat="of" target="RFC8747"/>.</t>
            </li>
          </ul>
          <t>If the issued access token is the first one of a token series, the AS <bcp14>MUST</bcp14> include the following information as metadata of the access token. Otherwise, the following information <bcp14>MUST NOT</bcp14> be included within the access token.</t>
          <ul spacing="normal">
            <li>
              <t>The Context ID input specified in the 'context_id' parameter of the access token request. If the access token is a CWT, the content of the 'context_id' parameter is specified in the 'context_id' claim of the access token, which is defined in <xref target="context_id_claim"/> of this document.</t>
            </li>
            <li>
              <t>The salt input specified in the 'salt_input' parameter of the access token request. If the access token is a CWT, the content of the 'salt_input' parameter is specified in the 'salt_input' claim of the access token, which is defined in <xref target="salt_input_claim"/> of this document.</t>
            </li>
          </ul>
          <t><xref target="fig-example-AS-to-C-CWT"/> shows an example CWT Claims Set, containing the client's public key in the group (as PoP key), as specified by the inner confirmation value in the 'cnf' claim.</t>
          <figure anchor="fig-example-AS-to-C-CWT">
            <name>Example CWT Claims Set</name>
            <sourcecode type="cbor-diag"><![CDATA[
{
  / aud /                3 : "tempSensorInLivingRoom",
  / iat /                6 : 1719820800,
  / exp /                4 : 2035353600,
  / scope /              9 : "temperature_g firmware_p",
  / ace_profile /       38 : e'coap_group_oscore',
  e'token_series_id_claim' : h'3a'
       e'context_id_claim' : h'abcd0000',
       e'salt_input_claim' : h'00',
  / cnf /           8 : {
    e'kccs' : {
      / sub / 2 : "42-50-31-FF-EF-37-32-39",
      / cnf / 8 : {
        / COSE_Key / 1 : {
          / kty /  1 : 2 / EC2 /,
          / crv / -1 : 1 / P-256 /,
          / x /   -2 : h'd7cc072de2205bdc1537a543d53c60a6
                         acb62eccd890c7fa27c9e354089bbe13',
          / y /   -3 : h'f95e1d4b851a2cc80fff87d8e23f22af
                         b725d535e515d020731e79a3b4e47120'
        }
      }
    }
  }
}
]]></sourcecode>
          </figure>
          <t>The same CWT Claims Set as in <xref target="fig-example-AS-to-C-CWT"/> and encoded in CBOR is shown in <xref target="fig-example-AS-to-C-CWT-encoding"/>, using the value abbreviations defined in <xref target="RFC9200"/> and <xref target="RFC8747"/>. The bytes in hexadecimal are reported in the first column, while their corresponding CBOR meaning is reported after the "#" sign on the second column, for easiness of readability.</t>
          <t>Editor's note: it should be checked (and in case fixed) that the values used below (which are not yet registered) are the final values registered by IANA.</t>
          <figure anchor="fig-example-AS-to-C-CWT-encoding">
            <name>Example CWT Claims Set Using CBOR Encoding</name>
            <sourcecode type="cbor-pretty"><![CDATA[
A9                                      # map(9)
   03                                   # unsigned(3)
   76                                   # text(22)
      74656D7053656E736F72496E4C6976696E67526F6F6D
      # "tempSensorInLivingRoom"
   06                                   # unsigned(6)
   1A 66826200                          # unsigned(1719820800)
   04                                   # unsigned(4)
   1A 79510800                          # unsigned(2035353600)
   09                                   # unsigned(9)
   78 18                                # text(24)
      74656D70657261747572655F67206669726D776172655F70
      # "temperature_g firmware_p"
   18 26                                # unsigned(38)
   05                                   # unsigned(5)
   18 2A                                # unsigned(42)
   41                                   # bytes(1)
      3A
   18 33                                # unsigned(51)
   44                                   # bytes(4)
      ABCD0000
   18 34                                # unsigned(52)
   41                                   # bytes(1)
      00
   08                                   # unsigned(8)
   A1                                   # map(1)
      0B                                # unsigned(11)
      A2                                # map(2)
         02                             # unsigned(2)
         77                             # text(23)
            34322D35302D33312D46462D45462D33372D33322D3339
            # "42-50-31-FF-EF-37-32-39"
         08                             # unsigned(8)
         A1                             # map(1)
            01                          # unsigned(1)
            A4                          # map(4)
               01                       # unsigned(1)
               02                       # unsigned(2)
               20                       # negative(0)
               01                       # unsigned(1)
               21                       # negative(1)
               58 20                    # bytes(32)
                  D7CC072DE2205BDC1537A543D53C60A6
                  ACB62ECCD890C7FA27C9E354089BBE13
               22                       # negative(2)
               58 20                    # bytes(32)
                  F95E1D4B851A2CC80FFF87D8E23F22AF
                  B725D535E515D020731E79A3B4E47120

]]></sourcecode>
          </figure>
        </section>
        <section anchor="sec-as-update-access-rights">
          <name>Update of Access Rights</name>
          <t>As long as the client is a member of the OSCORE group and the latest access token of a token series is still valid, the client can contact the AS to ask for updating its access rights, through a process more efficient than that used for the first access token of the token series.</t>
          <t>If the request is granted, then the AS generates a new access token as the latest one of the token series. The access token specifies the identifier of the token series which it belongs to.</t>
          <t>The access token is uploaded at the RS(s) in the target audience either by the client as specified in this document, or directly as described in <xref target="I-D.ietf-ace-workflow-and-params"/>. In either case, the access token response from the AS to the client <bcp14>MUST NOT</bcp14> include any of the parameters 'token_series_id', 'cnf', and 'rs_cnf'.</t>
        </section>
        <section anchor="context_id_claim">
          <name>'context_id' Claim</name>
          <t>The 'context_id' claim provides a value that the client requesting the access token wishes to use with the RS, as a hint for a security context.</t>
          <t>This claim specifies the value of the Context ID input, encoded as a CBOR byte string.</t>
        </section>
        <section anchor="salt_input_claim">
          <name>'salt_input' Claim</name>
          <t>The 'salt_input' claim provides a value that the client requesting the access token wishes to use as a part of a salt with the RS, e.g., for deriving cryptographic material.</t>
          <t>This claim specifies the value of the salt input, encoded as a CBOR byte string.</t>
        </section>
      </section>
    </section>
    <section anchor="sec-c-rs-comm">
      <name>Client-RS Communication</name>
      <t>This section details the POST request and response to the authz-info endpoint between the client and the RS.</t>
      <t>The proof of possession required to bind the access token to the client is explicitly performed when the RS receives and verifies a request from the client protected with Group OSCORE, either with the group mode (see <xref section="7" sectionFormat="of" target="I-D.ietf-core-oscore-groupcomm"/>) or with the pairwise mode (see <xref section="8" sectionFormat="of" target="I-D.ietf-core-oscore-groupcomm"/>).</t>
      <t>In particular, the RS uses the client's public key bound to the access token, either when verifying the signature of the request (if protected with the group mode), or when verifying the request as integrity-protected with pairwise keying material derived from the two peers' authentication credentials and asymmetric keys (if protected with the pairwise mode). In either case, the RS also authenticates the client.</t>
      <t>Similarly, when receiving a protected response from the RS, the client uses the RS' public key either when verifying the signature of the response (if protected with the group mode), or when verifying the response as integrity-protected with pairwise keying material derived from the two peers' authentication credentials and asymmetric keys (if protected with the pairwise mode). In either case, the client also authenticates the RS. Mutual authentication is only achieved after the client has successfully verified the protected response from the RS.</t>
      <t>Therefore, an attacker using a stolen access token cannot generate a valid Group OSCORE message as protected through the client's private key, and thus cannot prove possession of the PoP key bound to the access token. Also, if a client legitimately owns an access token but has not joined the OSCORE group, it cannot generate a valid Group OSCORE message, as it does not store the necessary keying material shared among the group members.</t>
      <t>Furthermore, a client C1 is supposed to obtain a valid access token from the AS, as specifying the client's authentication credential (and the public key included thereof) associated with the client's private key used in the OSCORE group, together with the client's Sender ID in that OSCORE group (see <xref target="sec-c-as-token-endpoint"/>). This allows the RS receiving the access token to verify with the Group Manager of that OSCORE group whether such a client indeed has that Sender ID and uses that authentication credential in the OSCORE group.</t>
      <t>As a consequence, a different client C2, also member of the same OSCORE group, is not able to impersonate C1 by: i) getting a valid access token, specifying the Sender ID of C1 and a different (made-up) authentication credential; ii) successfully uploading the access token to the RS; and then iii) attempting to communicate using Group OSCORE and impersonating C1, while also blaming C1 for the consequences of the interaction with the RS.</t>
      <section anchor="sec-c-rs-authz">
        <name>C-to-RS POST to authz-info Endpoint</name>
        <t>The client uploads the access token to the authz-info endpoint of the RS, as defined in <xref section="5.10.1" sectionFormat="of" target="RFC9200"/>.</t>
      </section>
      <section anchor="sec-rs-c-created">
        <name>RS-to-C: 2.01 (Created)</name>
        <t>The RS <bcp14>MUST</bcp14> verify the validity of the uploaded access token T_NEW as defined in <xref section="5.10.1" sectionFormat="of" target="RFC9200"/>, with the following additions.</t>
        <t>The RS retrieves from T_NEW the pieces of information (SeriesId_NEW, Aud_NEW, AuthCred_NEW), where: SeriesId_NEW is the identifier of the token series which the access token belongs to; Aud_NEW is the audience targeted by the access token; and AuthCred_NEW is the client's authentication credential AUTH_CRED_C, specified by value or by reference.</t>
        <t>The RS checks whether it is storing an access token T_OLD that is associated with the analogous pieces of information (SeriesId_OLD, Aud_OLD, AuthCred_OLD) such that: SeriesId_NEW is equal to SeriesId_OLD; Aud_NEW is equal to Aud_OLD; and AuthCred_NEW is equal to or is a valid reference to AuthCred_OLD as AUTH_CRED_C specified by value.</t>
        <t>If the RS finds such an access token T_OLD, the RS performs the actions specified in <xref target="sec-rs-update-access-rights"/>.</t>
        <t>Otherwise, the RS performs the steps specified below. The following refers to the access token T_NEW and assumes it to be a CWT.</t>
        <ul spacing="normal">
          <li>
            <t>The RS checks that the claims 'context_id', 'salt_input', and 'cnf' are included in the access token. In particular, the RS checks that the 'cnf' claim specifies the client's authentication credential as transported by value.  </t>
            <t>
If any of these claims are missing, malformed, or non-conformant, the RS <bcp14>MUST</bcp14> consider the access token invalid and <bcp14>MUST</bcp14> reply with a 4.00 (Bad Request) error response.  </t>
            <t>
Otherwise, the RS retrieves from the access token:  </t>
            <ul spacing="normal">
              <li>
                <t>GID* as the Gid of the OSCORE group, which is specified in the 'context_id' claim.</t>
              </li>
              <li>
                <t>SID* as the Sender ID that the client has in the OSCORE group, which is specified in the 'salt_input' claim.</t>
              </li>
              <li>
                <t>AUTH_CRED_C* as the authentication credential that the client uses in the OSCORE group, which is specified in the inner confirmation value of the 'cnf' claim.</t>
              </li>
            </ul>
          </li>
          <li>
            <t>The RS joins the pertaining OSCORE group identified by GID*, if it is not already a member. If the RS is intended to be a member of multiple groups and different Group Managers are responsible for those groups, the RS needs to perform the above through all such Group Managers under which there is a group identified by GID*.  </t>
            <t>
By performing the operation specified in <xref section="9.10" sectionFormat="of" target="I-D.ietf-ace-key-groupcomm-oscore"/> for the realization of Group Manager defined in that document, the RS can rely on GID* to retrieve from the Group Manager the group name and the URI of the group-membership resource at the Group Manager for joining the group.  </t>
            <t>
Note that, due to the RS joining the group, the Group Manager performs a group rekeying if required by the application (see <xref section="12.2" sectionFormat="of" target="I-D.ietf-core-oscore-groupcomm"/>). This results in changing the Gid used in the group, which is handled as defined later below.  </t>
            <t>
Irrespective of what is indicated by the access token, the process by which the RS joins OSCORE groups has to be aligned and consistent with the set of groups that the RS intends to be a member of and is authorized to join at the responsible Group Manager.  </t>
            <t>
If the RS attempts and fails to join the OSCORE group identified by GID*, the RS <bcp14>MUST</bcp14> reply with a 5.00 (Internal Server Error) error response.</t>
          </li>
          <li>
            <t>Based on the OSCORE Security Contexts that it stores, the RS builds GROUPS as the set of OSCORE groups such that all the following conditions hold, for each group G in the set.  </t>
            <ul spacing="normal">
              <li>
                <t>The RS is a member of the group G.</t>
              </li>
              <li>
                <t>The audience targeted by the access token is consistent with using the group G for accessing protected resources hosted by the RS.</t>
              </li>
              <li>
                <t>The group G has GID' as current Gid. In particular, GID' is determined as below.      </t>
                <ul spacing="normal">
                  <li>
                    <t>If, following the early verification of the access token, the RS has joined the group G as identified by GID* (see above), GID' is the Gid that the Group Manager has provided to the RS as a result of the group joining. In this case, GID' might be different from GID*, if the Group Manager has performed a group rekeying due to the RS joining the group.</t>
                  </li>
                  <li>
                    <t>If, following the early verification of the access token, the RS has retrieved from the Group Manager updated keying material associated with the group G as identified by GID* (e.g., as specified in <xref section="9.1" sectionFormat="of" target="I-D.ietf-ace-key-groupcomm-oscore"/>), GID' is the Gid that the Group Manager has provided to the RS. In this case, GID' might be different from GID*, if the Group Manager previously performed a group rekeying process that the RS had missed.</t>
                  </li>
                  <li>
                    <t>If none of the above applies, GID' is equal to GID*</t>
                  </li>
                </ul>
              </li>
            </ul>
            <t>
If no such group is found, the RS <bcp14>MUST</bcp14> consider the access token invalid and <bcp14>MUST</bcp14> reply with a 4.00 (Bad Request) error response.  </t>
            <t>
Otherwise, for each of the N &gt;= 1 groups G in the set GROUPS, the RS <bcp14>MUST</bcp14> request to the corresponding Group Manager the authentication credential that the client uses in G, specifying SID* in the request sent to the Group Manager, e.g., as specified in <xref section="9.3" sectionFormat="of" target="I-D.ietf-ace-key-groupcomm-oscore"/>.  </t>
            <t>
When receiving a successful response from each of the Group Managers, the RS <bcp14>MUST</bcp14> check whether the client's authentication credential AUTH_CRED_C retrieved from the Group Manager is equal to AUTH_CRED_C* retrieved from the access token. In the case that AUTH_CRED_C* is provided within a chain or a bag, but AUTH_CRED_C is not provided within the same chain or bag, then the RS <bcp14>MUST NOT</bcp14> determine AUTH_CRED_C* and AUTH_CRED_C to be equal.  </t>
            <t>
If any of the following conditions holds, the RS <bcp14>MUST</bcp14> consider the access token invalid and <bcp14>MUST</bcp14> reply to the client with a 5.03 (Service Unavailable) error response.  </t>
            <ul spacing="normal">
              <li>
                <t>None or more than one of the Group Managers provide the RS with a successful response where the conveyed AUTH_CRED_C is equal to AUTH_CRED_C*.</t>
              </li>
              <li>
                <t>After having performed a maximum, pre-configured number of attempts or after a maximum, pre-configured amount of time has elapsed, less than N Group Managers have sent a successful response to the RS.</t>
              </li>
            </ul>
            <t>
The process above is successful if and only if the RS receives a successful response from all the N Group Managers, and exactly one of such responses conveys AUTH_CRED_C equal to AUTH_CRED_C*. This ensures that there is only one OSCORE group G* such that: the client and the RS are both its members; it has GID' as current Gid; and the client uses SID* as Sender ID in the group. In turn, this will ensure that the RS can bound the access token to such single OSCORE group G*.</t>
          </li>
        </ul>
        <t>If the operations above are successful, the access token is valid, and further checks on its content are successful, then the RS proceeds as follows.</t>
        <ul spacing="normal">
          <li>
            <t>The RS considers the Group OSCORE Security Context identified by GID' and used in the OSCORE group G* determined above.</t>
          </li>
          <li>
            <t>If the Group OSCORE Security Context is not including a Recipient Context pertaining to the client (i.e., with Recipient ID equal to SID* and authentication credential equal to AUTH_CRED_C*), then the RS derives such Recipient Context and adds it to the Group OSCORE Security Context.</t>
          </li>
          <li>
            <t>The RS associates the access token with the Recipient Context pertaining to the client, within the Group OSCORE Security Context used in the OSCORE group G*.</t>
          </li>
          <li>
            <t>The RS associates the access token with the tuple (SeriesId, Aud, AuthCred), where:  </t>
            <ul spacing="normal">
              <li>
                <t>SeriesId is the identifier of the token series which the access token belongs to, as indicated by the 'token_series_id' claim of the access token.</t>
              </li>
              <li>
                <t>Aud is the target audience, as indicated by the 'aud' claim of the access token.</t>
              </li>
              <li>
                <t>AuthCred is the authentication credential that the client uses in G*, i.e., AUTH_CRED_C*.</t>
              </li>
            </ul>
          </li>
        </ul>
        <t>Finally, the RS <bcp14>MUST</bcp14> send a 2.01 (Created) response to the client, as defined in <xref section="5.10.1" sectionFormat="of" target="RFC9200"/>.</t>
        <t>As defined in <xref target="sec-client-public-key-change"/>, a possible change of the client's authentication credential requires the client to upload to the RS a new access token bound to the new authentication credential.</t>
      </section>
      <section anchor="sec-client-rs-secure-communication">
        <name>Client-RS Secure Communication</name>
        <t>As members of the OSCORE group, both the client and the RS have established the related Group OSCORE Security Context to securely communicate in the group. Therefore, they can simply start to securely communicate using Group OSCORE, without deriving any additional keying material or security association.</t>
        <t>It can happen that the client or the RS deletes an access token, e.g., when the access token has expired or has been revoked.</t>
        <t>If the RS deletes an access token, this <bcp14>MUST NOT</bcp14> result in the RS deleting the associated Recipient Context pertaining to the client from the Group OSCORE Security Context used in the OSCORE group.</t>
        <t>If the client deletes an access token, this <bcp14>MUST NOT</bcp14> result in the client deleting the associated Group OSCORE Security Context used in the OSCORE group. The client <bcp14>MAY</bcp14> request a new access token from the AS, to be uploaded to the RS for re-enabling access to protected resources.</t>
        <section anchor="client-side">
          <name>Client Side</name>
          <t>After having received the 2.01 (Created) response from the RS, following the POST request to the authz-info endpoint, the client communicates with the RS, e.g., by sending to the RS a request protected with Group OSCORE <xref target="I-D.ietf-core-oscore-groupcomm"/>.</t>
          <t>When communicating with the RS to access the resources as specified by the authorization information in the access token, the client <bcp14>MUST</bcp14> use the Group OSCORE Security Context that is used in the OSCORE group pertaining to the access token, i.e., the group that the client referred to when requesting the access token to the AS (see <xref target="sec-c-as-token-endpoint"/>).</t>
        </section>
        <section anchor="resource-server-side">
          <name>Resource Server Side</name>
          <t>After successful validation of the access token as defined in <xref target="sec-rs-c-created"/> and after having sent the 2.01 (Created) response, the RS communicates with the client using Group OSCORE <xref target="I-D.ietf-core-oscore-groupcomm"/>.</t>
          <t>For every incoming request, if Group OSCORE verification succeeds, the verification of access rights is performed as described in <xref target="sec-c-rs-access-rights"/>.</t>
          <t>In the case that the RS receives a request protected with a Group OSCORE Security Context CTX, it successfully verifies the request, and the target resource requires authorization, then the RS checks whether it stores a valid access token associated with the Recipient Context pertaining to the client that is included within CTX and was used to verify the request. If the RS does not store such an access token, the RS <bcp14>MUST</bcp14> reply with a 4.01 (Unauthorized) error response protected with CTX.</t>
          <t>Given a Recipient Context within a Group OSCORE Security Context, the RS <bcp14>MUST</bcp14> delete every access token associated with that Recipient Context if any of the following occurs:</t>
          <ul spacing="normal">
            <li>
              <t>The RS deletes that Recipient Context.</t>
            </li>
            <li>
              <t>The RS updates the client's authentication credential in that Recipient Context, i.e., in the case that the client has changed its authentication credential in the OSCORE group.</t>
            </li>
          </ul>
        </section>
      </section>
      <section anchor="sec-rs-update-access-rights">
        <name>Update of Access Rights</name>
        <t>With reference to the stored access token T_OLD and the latest uploaded access token T_NEW considered in <xref target="sec-rs-c-created"/>, the RS proceeds as follows.</t>
        <ul spacing="normal">
          <li>
            <t>The RS associates T_NEW with the same tuple (SeriesId, Aud, AuthCred) with which T_OLD was associated.</t>
          </li>
          <li>
            <t>The RS associates T_NEW with the Recipient Context pertaining to the client that is included within the Group OSCORE Security Context used in the OSCORE group pertaining to T_NEW, i.e., the same Recipient Context with which T_OLD was associated.</t>
          </li>
          <li>
            <t>The RS supersedes T_OLD with T_NEW.</t>
          </li>
        </ul>
        <t>Finally, the RS <bcp14>MUST</bcp14> reply with a 2.01 (Created) response, as defined in <xref section="5.10.1" sectionFormat="of" target="RFC9200"/>.</t>
      </section>
      <section anchor="sec-c-rs-access-rights">
        <name>Access Rights Verification</name>
        <t>The RS <bcp14>MUST</bcp14> follow the procedures defined in <xref section="5.10.2" sectionFormat="of" target="RFC9200"/>. If an RS receives a request protected with Group OSCORE from a client, the RS processes the request according to <xref target="I-D.ietf-core-oscore-groupcomm"/>, using the Recipient Context pertaining to the client that is included within the Group OSCORE Security Context used in the group.</t>
        <t>If the Group OSCORE verification succeeds and the target resource requires authorization, the RS retrieves the authorization information from the access token associated with the Recipient Context used to verify the request.</t>
        <t>Then, the RS <bcp14>MUST</bcp14> verify that the action requested on the resource is authorized.</t>
        <t>If the RS has no valid access token for the client, the RS <bcp14>MUST</bcp14> reject the request and <bcp14>MUST</bcp14> reply to the client with a 4.01 (Unauthorized) error response.</t>
        <t>If the RS has an access token for the client but no actions are authorized on the target resource, the RS <bcp14>MUST</bcp14> reject the request and <bcp14>MUST</bcp14> reply to the client with a 4.03 (Forbidden) error response.</t>
        <t>If the RS has an access token for the client but the requested action is not authorized, the RS <bcp14>MUST</bcp14> reject the request and <bcp14>MUST</bcp14> reply to the client with a 4.05 (Method Not Allowed) error response.</t>
      </section>
      <section anchor="sec-multiple-pop-keys">
        <name>Storing Multiple Access Tokens per PoP Key</name>
        <t>According to <xref section="5.10.1" sectionFormat="of" target="RFC9200"/>, an RS is recommended to store only one access token per proof-of-possession (PoP) key and to supersede such an access token when receiving and successfully validating a new one bound to the same PoP key.</t>
        <t>However, when using the profile specified in this document, an RS might practically have to deviate from that recommendation and store multiple access tokens bound to the same PoP key, i.e., to the same public authentication credential of a client.</t>
        <t>For example, this can occur in the following cases.</t>
        <ul spacing="normal">
          <li>
            <t>The RS is the single RS associated with an audience AUD1 and also belongs to a group-audience AUD2 (see <xref section="6.9" sectionFormat="of" target="RFC9200"/>).  </t>
            <t>
A client C with public authentication credential AUTH_CRED_C can request two access tokens T1 and T2 from the AS, such that:  </t>
            <ul spacing="normal">
              <li>
                <t>T1 targets AUD1 and has scope SCOPE1; and</t>
              </li>
              <li>
                <t>T2 targets AUD2 and has scope SCOPE2 different from SCOPE1.</t>
              </li>
            </ul>
            <t>
Both T1 and T2 are going to be bound to the same PoP key specified by AUTH_CRED_C.  </t>
            <t>
In fact, if the AS issues access tokens targeting a group-audience, then the above can possibly be the case when using any transport profile of ACE that supports asymmetric PoP keys. If so, the RS should be ready to store at minimum one access token per PoP key per audience it belongs to.</t>
          </li>
          <li>
            <t>The RS is a member of two OSCORE groups G1 and G2. In particular, the same format of public authentication credentials is used in both OSCORE groups.  </t>
            <t>
A client C with public authentication credential AUTH_CRED_C of such format, also member of the two OSCORE groups G1 and G2, can conveniently use AUTH_CRED_C as its public authentication credential in both those groups. Therefore, C can request two access tokens T1 and T2 from the AS, such that:  </t>
            <ul spacing="normal">
              <li>
                <t>T1 targets RS and reflects the membership of C in G1, as per its claims "context_id" and "salt_input"; and</t>
              </li>
              <li>
                <t>T2 targets RS and reflects the membership of C in G2, as per its claims "context_id" and "salt_input".</t>
              </li>
            </ul>
            <t>
Both T1 and T2 are going to be bound to the same PoP key specified by AUTH_CRED_C.  </t>
            <t>
When using the profile specified in this document, the RS should be ready to store at minimum one access token per PoP key per OSCORE group it is (going to be) a member of (although, per the previous point, even this can still be limiting).</t>
          </li>
          <li>
            <t>The RS uses both the profile specified in this document and a different transport profile of ACE that also relies on asymmetric PoP keys, e.g., the EDHOC and OSCORE profile defined in <xref target="I-D.ietf-ace-edhoc-oscore-profile"/>.  </t>
            <t>
In such a case, a client C with public authentication credential AUTH_CRED_C can request two access tokens T1 and T2 from the AS, such that:  </t>
            <ul spacing="normal">
              <li>
                <t>T1 targets RS and is meant to be used according to the Group OSCORE profile defined in this document; and</t>
              </li>
              <li>
                <t>T2 targets RS and is meant to be used according to the EDHOC and OSCORE profile defined in <xref target="I-D.ietf-ace-edhoc-oscore-profile"/>.</t>
              </li>
            </ul>
            <t>
Both T1 and T2 are going to be bound to the same PoP key specified by AUTH_CRED_C.  </t>
            <t>
When using multiple transport profiles of ACE that rely on asymmetric PoP keys, it is reasonable that the RS is capable to store at minimum one access token per PoP key per used profile (although, per the previous points, even this can still be limiting).</t>
          </li>
        </ul>
        <t>In order to keep the same spirit of the recommendation in <xref section="5.10.1" sectionFormat="of" target="RFC9200"/> without impeding cases such as those outlined in the examples above, the following defines more fine-grained recommendations for the storage of access tokens at an RS when this profile is used.</t>
        <ul spacing="normal">
          <li>
            <t>As to access tokens issued in accordance with this profile (i.e., specifying the profile "coap_group_oscore"), it is <bcp14>RECOMMENDED</bcp14> that an RS stores only one access token that:  </t>
            <ul spacing="normal">
              <li>
                <t>is bound to a specific PoP key;</t>
              </li>
              <li>
                <t>targets a specific audience; and</t>
              </li>
              <li>
                <t>is related to a specific OSCORE group.</t>
              </li>
            </ul>
          </li>
          <li>
            <t>As to access tokens issued in accordance with a different profile P that an RS may use in parallel with the profile defined in this document, it is <bcp14>RECOMMENDED</bcp14> that an RS stores only one access token that:  </t>
            <ul spacing="normal">
              <li>
                <t>is issued in accordance with the profile P;</t>
              </li>
              <li>
                <t>is bound to a specific PoP key;</t>
              </li>
              <li>
                <t>targets a specific audience; and</t>
              </li>
              <li>
                <t>is related to a specific secure association used by the client to protect communications with the RS.</t>
              </li>
            </ul>
          </li>
        </ul>
        <t>In accordance with these recommendations, if an access token T_NEW does not differ in any of the respects above from an existing access token T_OLD stored at the RS, then T_NEW ought to supersede T_OLD by replacing the corresponding authorization information.</t>
        <t>Not complying with these recommendations can additionally complicate (constrained) implementations of RSs, with respect to required storage and the validation of a protected request against the applicable, stored access tokens associated with the same client. That is, it increases the strain on an RS in determining the actual permissions of a client, e.g., if access tokens contradict each other and thus might lead the RS to enforce wrong permissions. Moreover, if one of the access tokens expires earlier than others, the resulting permissions may offer insufficient protection.</t>
      </section>
    </section>
    <section anchor="sec-client-public-key-change">
      <name>Change of Client's Authentication Credential in the Group</name>
      <t>During its membership in the OSCORE group, the client might change the authentication credential that it uses in the group. When this happens, the client uploads the new authentication credential to the Group Manager, e.g., as specified in <xref section="9.4" sectionFormat="of" target="I-D.ietf-ace-key-groupcomm-oscore"/>.</t>
      <t>After that, in order to continue communicating with the RS, the client <bcp14>MUST</bcp14> perform the following actions.</t>
      <ol spacing="normal" type="1"><li>
          <t>The client requests a new access token T_NEW from the AS, as defined in <xref target="sec-c-as-comm"/>. In particular, when sending the access token request as defined in <xref target="sec-c-as-token-endpoint"/>, the client specifies:  </t>
          <ul spacing="normal">
            <li>
              <t>The current Group Identifier of the OSCORE group, as the value of the 'context_id' parameter.</t>
            </li>
            <li>
              <t>The current Sender ID that it has in the OSCORE group, as the value of the 'salt_input' parameter.</t>
            </li>
            <li>
              <t>The new authentication credential that it uses in the OSCORE group, as the inner confirmation value of the 'req_cnf' parameter.</t>
            </li>
            <li>
              <t>Optionally, the proof-of-possession (PoP) evidence corresponding to the public key of the new authentication credential, as the value of the 'client_cred_verify' or 'client_cred_verify_mac' parameter.      </t>
              <t>
The possible omission of the PoP evidence is based on the same criteria that are defined in <xref target="sec-c-as-token-endpoint"/>.</t>
            </li>
          </ul>
        </li>
        <li>
          <t>After receiving the access token response from the AS (see <xref target="sec-as-c-token"/>), the client performs with the RS the same exchanges that are defined in <xref target="sec-c-rs-comm"/>.</t>
        </li>
      </ol>
      <t>When receiving the new access token T_NEW, the RS performs the same steps defined in <xref target="sec-rs-c-created"/>.</t>
    </section>
    <section anchor="sec-comm-as">
      <name>Secure Communication with the AS</name>
      <t>As specified in the ACE framework (see Sections <xref target="RFC9200" section="5.8" sectionFormat="bare"/> and <xref target="RFC9200" section="5.9" sectionFormat="bare"/> of <xref target="RFC9200"/>), the requesting entity (client and/or RS) and the AS communicate via the token or introspect endpoint. When using this profile, the use of CoAP <xref target="RFC7252"/> and OSCORE <xref target="RFC8613"/> for this communication is <bcp14>RECOMMENDED</bcp14>, in order to reduce the number of libraries that C and RS have to support. Other protocols fulfilling the security requirements defined in Sections <xref target="RFC9200" section="5" sectionFormat="bare"/> and <xref target="RFC9200" section="6" sectionFormat="bare"/> of <xref target="RFC9200"/> (such as HTTP and DTLS <xref target="RFC9147"/> or TLS <xref target="RFC8446"/>) <bcp14>MAY</bcp14> be used instead.</t>
      <t>If OSCORE is used, the requesting entity and the AS are expected to have a pre-established Security Context in place. How this Security Context is established is out of the scope of this profile. Furthermore, the requesting entity and the AS communicate using OSCORE through the token endpoint as specified in <xref section="5.8" sectionFormat="of" target="RFC9200"/> and through the introspect endpoint as specified in <xref section="5.9" sectionFormat="of" target="RFC9200"/>.</t>
    </section>
    <section anchor="sec-discard-context">
      <name>Discarding the Security Context</name>
      <t>As members of an OSCORE group, the client and the RS may independently leave the group or be forced to, e.g., if compromised or suspected to be so. Upon leaving the OSCORE group, the client or RS also discards the Group OSCORE Security Context. Consequently:</t>
      <ul spacing="normal">
        <li>
          <t>The RS <bcp14>MUST</bcp14> delete every access token that is associated with a Recipient Context in the Group OSCORE Security Context.</t>
        </li>
        <li>
          <t>The client <bcp14>MUST</bcp14> delete every access token that is associated with the Group OSCORE Security Context.</t>
        </li>
      </ul>
      <t>The client or RS can obtain a new Group OSCORE Security Context by re-joining the OSCORE group. In such a case, the client requests a new access token to be uploaded to the RS.</t>
      <t>Note that a Group OSCORE Security Context CTX_OLD can be renewed by the Group Manager through a group rekeying process (see <xref section="12.2" sectionFormat="of" target="I-D.ietf-core-oscore-groupcomm"/>), establishing a Group OSCORE Security Context CTX_NEW that supersedes CTX_OLD. In such case:</t>
      <ul spacing="normal">
        <li>
          <t>The RS considers the associations that stored access tokens have with Recipient Contexts within CTX_OLD, and it updates those associations to be with the corresponding, renewed Recipient Contexts in CTX_NEW.</t>
        </li>
        <li>
          <t>The client considers the associations that stored access tokens have with CTX_OLD, and it updates those associations to be with CTX_NEW.</t>
        </li>
      </ul>
    </section>
    <section anchor="sec-multiple-profiles">
      <name>Guidelines on Using Multiple Profiles</name>
      <t>When using the profile defined in this document, access tokens are to be bound to a Recipient Context within a Group OSCORE Security Context, which is used to protect communications between the client and the RS(s) in the targeted audience by using the security protocol Group OSCORE.</t>
      <t>After having obtained an access token T1 for this profile and uploaded it to the RS (RSs) pertaining to the targeted audience, the client might want to establish a separate, pairwise OSCORE association with that RS (with one RS among those RSs). In order to do that, the client can ask the AS for a different access token T2 intended for that RS (for one RS among those RSs), as per the OSCORE profile defined in <xref target="RFC9203"/>.</t>
      <t>Since the ACE framework does not allow the client to negotiate with the AS the profile to use, the client has instead to choose the use of the OSCORE profile, and to explicitly indicate it to the AS when requesting T2.</t>
      <t>To this end, the client could indicate its wish for an access token aligned with the Group OSCORE profile or with the OSCORE profile, by specifying one of two different audiences in the 'audience' parameter of the access token request to the AS. Assuming a proper configuration of the access policies at the AS, this is still conducive to a consistent evaluation of what is specified in the 'scope' parameter of the access token request against the access policies at the AS.</t>
      <t>For example, an RS registered as "rs1" at the AS can be associated with two audiences:</t>
      <ul spacing="normal">
        <li>
          <t>"rs1_gp_osc", which the client can use to request an access token for the Group OSCORE profile and targeting (also) that RS. That is, the client specifies this audience when requesting the access token T1.</t>
        </li>
        <li>
          <t>"rs1_osc", which the client can use to request an access token for the OSCORE profile and targeting only that RS. That is, the client specifies this audience when requesting the access token T2.</t>
        </li>
      </ul>
      <t>Alternatively, the client could provide the AS with an explicit indication of the profile to use, according to which the AS is requested to issue an access token. For example, the client can rely on the 'ace_profile' parameter of the access token request, according to its revised semantics as specified in <xref target="I-D.ietf-ace-workflow-and-params"/>.</t>
      <t>Note that an RS has to be able to store at least one access token per PoP key. When specifically considering the Group OSCORE profile and the OSCORE profile, the RS can always store both corresponding access tokens T1 and T2, since they are always bound to different PoP keys. That is:</t>
      <ul spacing="normal">
        <li>
          <t>In the Group OSCORE profile, the PoP key is the client's public key, which is included in the client's authentication credential specified in the 'cnf' claim of the access token (when CWTs are used).</t>
        </li>
        <li>
          <t>In the OSCORE profile, the PoP key is fundamentally an OSCORE Master Secret, which is specified within the OSCORE_Input_Material object of the 'cnf' claim of the access token (when CWTs are used).</t>
        </li>
      </ul>
      <t>The same approaches discussed above can be used in the case that the profile used for the access token T2 is instead the EDHOC and OSCORE profile defined in <xref target="I-D.ietf-ace-edhoc-oscore-profile"/>. In such a case, the same PoP key might be bound to both T1 and T2, i.e., if the client's public key is included both in the authentication credential that the client uses in the OSCORE group and in the authentication credential that the client uses as CRED_I (CRED_R) when running the EDHOC protocol in the forward (reverse) message flow (see <xref section="A.2" sectionFormat="of" target="RFC9528"/>).</t>
      <t><xref target="sec-multiple-pop-keys"/> provides considerations and recommendations on storing multiple access tokens per PoP key when using the Group OSCORE profile, also in parallel with alternative profiles.</t>
    </section>
    <section anchor="sec-cbor-mappings">
      <name>CBOR Mappings</name>
      <t>The new parameters defined in this document <bcp14>MUST</bcp14> be mapped to CBOR types as specified in <xref target="_table-cbor-mappings-parameters"/>, using the given integer abbreviation for the map key.</t>
      <table align="center" anchor="_table-cbor-mappings-parameters">
        <name>CBOR Mappings for New Parameters</name>
        <thead>
          <tr>
            <th align="left">Parameter name</th>
            <th align="left">CBOR Key</th>
            <th align="left">Value Type</th>
          </tr>
        </thead>
        <tbody>
          <tr>
            <td align="left">context_id</td>
            <td align="left">TBD</td>
            <td align="left">byte string</td>
          </tr>
          <tr>
            <td align="left">salt_input</td>
            <td align="left">TBD</td>
            <td align="left">byte string</td>
          </tr>
          <tr>
            <td align="left">client_cred_verify</td>
            <td align="left">TBD</td>
            <td align="left">byte string</td>
          </tr>
          <tr>
            <td align="left">client_cred_verify_mac</td>
            <td align="left">TBD</td>
            <td align="left">byte string</td>
          </tr>
        </tbody>
      </table>
      <t>The new claims defined in this document <bcp14>MUST</bcp14> be mapped to CBOR types as specified in <xref target="_table-cbor-mappings-claims"/>, using the given integer abbreviation for the map key.</t>
      <table align="center" anchor="_table-cbor-mappings-claims">
        <name>CBOR Mappings for New Claims</name>
        <thead>
          <tr>
            <th align="left">Claim name</th>
            <th align="left">CBOR Key</th>
            <th align="left">Value Type</th>
          </tr>
        </thead>
        <tbody>
          <tr>
            <td align="left">context_id</td>
            <td align="left">TBD</td>
            <td align="left">byte string</td>
          </tr>
          <tr>
            <td align="left">salt_input</td>
            <td align="left">TBD</td>
            <td align="left">byte string</td>
          </tr>
        </tbody>
      </table>
    </section>
    <section anchor="sec-security-considerations">
      <name>Security Considerations</name>
      <t>This document specifies a profile for the Authentication and Authorization for Constrained Environments (ACE) framework <xref target="RFC9200"/>. Thus, the general security considerations from the ACE framework also apply to this profile.</t>
      <t>The proof-of-possession (PoP) key bound to an access token is always an asymmetric key, i.e., the public key included in the authentication credential that the client uses in the OSCORE group. This means that the same shared secret is never used as a PoP key with possible multiple RSs. Therefore, it is possible and safe for the AS to issue an access token for an audience that includes multiple RSs (i.e., a group-audience, see <xref section="6.9" sectionFormat="of" target="RFC9200"/>).</t>
      <t>In such a case, as per <xref section="6.1" sectionFormat="of" target="RFC9200"/>, the AS has to ensure the integrity protection of the access token by protecting it through an asymmetric signature. In addition, the used group-audience has to correctly identify all the RSs that are intended recipients of the access token and for which the single scope specified in the access token applies. As a particular case, the audience can refer to the OSCORE group as a whole, if the access token is intended for all the RSs in that group.</t>
      <t>Furthermore, this document inherits the general security considerations about Group OSCORE <xref target="I-D.ietf-core-oscore-groupcomm"/>, as to the specific use of Group OSCORE according to this profile.</t>
      <t>Group OSCORE is designed to secure point-to-point as well as point-to-multipoint communications, providing a secure binding between a single request and multiple corresponding responses. In particular, Group OSCORE fulfills the same security requirements of OSCORE.</t>
      <t>Group OSCORE ensures source authentication of messages both in group mode (see <xref section="7" sectionFormat="of" target="I-D.ietf-core-oscore-groupcomm"/>) and in pairwise mode (see <xref section="8" sectionFormat="of" target="I-D.ietf-core-oscore-groupcomm"/>).</t>
      <t>When protecting an outgoing message in group mode, the sender uses its private key to compute a digital signature that is embedded in the protected message. The group mode can be used to protect messages sent to multiple recipients (e.g., over IP multicast) or to a single recipient.</t>
      <t>When protecting an outgoing message in pairwise mode, the sender uses a pairwise symmetric key that is derived from the asymmetric keys of the two peers exchanging the message. The pairwise mode can be used to protect only messages intended for a single recipient.</t>
    </section>
    <section anchor="sec-privacy-considerations">
      <name>Privacy Considerations</name>
      <t>This document specifies a profile for the Authentication and Authorization for Constrained Environments (ACE) framework <xref target="RFC9200"/>. Thus the general privacy considerations from the ACE framework also apply to this profile.</t>
      <t>As this profile uses Group OSCORE, the privacy considerations from <xref target="I-D.ietf-core-oscore-groupcomm"/> apply to this document as well.</t>
      <t>An unprotected response to an unauthorized request may disclose information about the RS and/or its existing relationship with the client. It is advisable to include as little information as possible in an unencrypted response. However, since both the client and the RS share a Group OSCORE Security Context, unauthorized yet protected requests are followed by protected responses, which can thus include more detailed information.</t>
      <t>Although it may be encrypted, the access token is sent in the clear to the authz-info endpoint at the RS. Thus, if the client uses the same single access token from multiple locations with multiple resource servers, it can risk being tracked through the access token's value.</t>
      <t>Note that, even though communications are protected with Group OSCORE, some information might still leak, due to the observable size, source address, and destination address of exchanged messages.</t>
    </section>
    <section anchor="iana">
      <name>IANA Considerations</name>
      <t>This document has the following actions for IANA.</t>
      <t>Note to RFC Editor: Please replace "[RFC-XXXX]" with the RFC number of this document and delete this paragraph.</t>
      <section anchor="iana-ace-oauth-profile">
        <name>ACE Profiles Registry</name>
        <t>IANA is asked to add the following entry to the "ACE Profiles" registry <xref target="IANA.ACE.Profiles"/> within the "Authentication and Authorization for Constrained Environments (ACE)" registry group.</t>
        <ul spacing="normal">
          <li>
            <t>Name: coap_group_oscore</t>
          </li>
          <li>
            <t>Description: Profile to secure communications between constrained nodes using the Authentication and Authorization for Constrained Environments framework, by enabling authentication and fine-grained authorization of members of an OSCORE group that use a pre-established Group OSCORE Security Context to communicate with Group OSCORE.</t>
          </li>
          <li>
            <t>CBOR Value: TBD (value between 1 and 23)</t>
          </li>
          <li>
            <t>Reference: [RFC-XXXX]</t>
          </li>
        </ul>
      </section>
      <section anchor="iana-oauth-params">
        <name>OAuth Parameters Registry</name>
        <t>IANA is asked to add the following entries to the "OAuth Parameters" registry <xref target="IANA.OAuth.Parameters"/> within the "OAuth Parameters" registry group.</t>
        <ul spacing="normal">
          <li>
            <t>Name: context_id</t>
          </li>
          <li>
            <t>Parameter Usage Location: token request</t>
          </li>
          <li>
            <t>Change Controller: IETF</t>
          </li>
          <li>
            <t>Reference: [RFC-XXXX, <xref target="context_id"/>]</t>
          </li>
        </ul>
        <t><br/></t>
        <ul spacing="normal">
          <li>
            <t>Name: salt_input</t>
          </li>
          <li>
            <t>Parameter Usage Location: token request</t>
          </li>
          <li>
            <t>Change Controller: IETF</t>
          </li>
          <li>
            <t>Reference: [RFC-XXXX, <xref target="salt_input"/>]</t>
          </li>
        </ul>
        <t><br/></t>
        <ul spacing="normal">
          <li>
            <t>Name: client_cred_verify</t>
          </li>
          <li>
            <t>Parameter Usage Location: token request</t>
          </li>
          <li>
            <t>Change Controller: IETF</t>
          </li>
          <li>
            <t>Reference: [RFC-XXXX, <xref target="client_cred_verify"/>]</t>
          </li>
        </ul>
        <t><br/></t>
        <ul spacing="normal">
          <li>
            <t>Name: client_cred_verify_mac</t>
          </li>
          <li>
            <t>Parameter Usage Location: token request</t>
          </li>
          <li>
            <t>Change Controller: IETF</t>
          </li>
          <li>
            <t>Reference: [RFC-XXXX, <xref target="client_cred_verify_mac"/>]</t>
          </li>
        </ul>
      </section>
      <section anchor="iana-token-cbor-mappings">
        <name>OAuth Parameters CBOR Mappings Registry</name>
        <t>IANA is asked to add the following entries to the "OAuth Parameters CBOR Mappings" registry <xref target="IANA.OAuth.Parameters.CBOR.Mappings"/> within the "Authentication and Authorization for Constrained Environments (ACE)" registry group, following the procedure specified in <xref target="RFC9200"/>.</t>
        <ul spacing="normal">
          <li>
            <t>Name: context_id</t>
          </li>
          <li>
            <t>CBOR Key: TBD (value between 1 and 255)</t>
          </li>
          <li>
            <t>Value Type: byte string</t>
          </li>
          <li>
            <t>Reference: [RFC-XXXX, <xref target="context_id"/>]</t>
          </li>
          <li>
            <t>Original Specification: [RFC-XXXX]</t>
          </li>
        </ul>
        <t><br/></t>
        <ul spacing="normal">
          <li>
            <t>Name: salt_input</t>
          </li>
          <li>
            <t>CBOR Key: TBD (value between 1 and 255)</t>
          </li>
          <li>
            <t>Value Type: byte string</t>
          </li>
          <li>
            <t>Reference: [RFC-XXXX, <xref target="salt_input"/>]</t>
          </li>
          <li>
            <t>Original Specification: [RFC-XXXX]</t>
          </li>
        </ul>
        <t><br/></t>
        <ul spacing="normal">
          <li>
            <t>Name: client_cred_verify</t>
          </li>
          <li>
            <t>CBOR Key: TBD (value between 1 and 255)</t>
          </li>
          <li>
            <t>Value Type: byte string</t>
          </li>
          <li>
            <t>Reference: [RFC-XXXX, <xref target="client_cred_verify"/>]</t>
          </li>
          <li>
            <t>Original Specification: [RFC-XXXX]</t>
          </li>
        </ul>
        <t><br/></t>
        <ul spacing="normal">
          <li>
            <t>Name: client_cred_verify_mac</t>
          </li>
          <li>
            <t>CBOR Key: TBD (value between 1 and 255)</t>
          </li>
          <li>
            <t>Value Type: byte string</t>
          </li>
          <li>
            <t>Reference: [RFC-XXXX, <xref target="client_cred_verify_mac"/>]</t>
          </li>
          <li>
            <t>Original Specification: [RFC-XXXX]</t>
          </li>
        </ul>
      </section>
      <section anchor="iana-token-json-claims">
        <name>JSON Web Token Claims Registry</name>
        <t>IANA is asked to add the following entries to the "JSON Web Token Claims" registry <xref target="IANA.JSON.Web.Token.Claims"/> within the "JSON Web Token (JWT)" registry group, following the procedure specified in <xref target="RFC7519"/>.</t>
        <ul spacing="normal">
          <li>
            <t>Claim Name: context_id</t>
          </li>
          <li>
            <t>Claim Description: Client provided Context ID</t>
          </li>
          <li>
            <t>Change Controller: IETF</t>
          </li>
          <li>
            <t>Reference: [RFC-XXXX]</t>
          </li>
        </ul>
        <t><br/></t>
        <ul spacing="normal">
          <li>
            <t>Claim Name: salt_input</t>
          </li>
          <li>
            <t>Claim Description: Client provided salt input</t>
          </li>
          <li>
            <t>Change Controller: IETF</t>
          </li>
          <li>
            <t>Reference: [RFC-XXXX]</t>
          </li>
        </ul>
      </section>
      <section anchor="iana-token-cwt-claims">
        <name>CBOR Web Token (CWT) Claims Registry</name>
        <t>IANA is asked to add the following entries to the "CBOR Web Token (CWT) Claims" registry <xref target="IANA.CWT.Claims"/> within the "CBOR Web Token (CWT) Claims" registry group, following the procedure specified in <xref target="RFC8392"/>.</t>
        <ul spacing="normal">
          <li>
            <t>Claim Name: context_id</t>
          </li>
          <li>
            <t>Claim Description: Client provided Context ID</t>
          </li>
          <li>
            <t>JWT Claim Name: N/A</t>
          </li>
          <li>
            <t>Claim Key: TBD (value between 1 and 255)</t>
          </li>
          <li>
            <t>Claim Value Type: byte string</t>
          </li>
          <li>
            <t>Change Controller: IETF</t>
          </li>
          <li>
            <t>Reference: [RFC-XXXX, <xref target="context_id_claim"/>]</t>
          </li>
        </ul>
        <t><br/></t>
        <ul spacing="normal">
          <li>
            <t>Claim Name: salt_input</t>
          </li>
          <li>
            <t>Claim Description: Client provided salt input</t>
          </li>
          <li>
            <t>JWT Claim Name: N/A</t>
          </li>
          <li>
            <t>Claim Key: TBD (value between 1 and 255)</t>
          </li>
          <li>
            <t>Claim Value Type: byte string</t>
          </li>
          <li>
            <t>Change Controller: IETF</t>
          </li>
          <li>
            <t>Reference: [RFC-XXXX, <xref target="salt_input_claim"/>]</t>
          </li>
        </ul>
      </section>
      <section anchor="iana-tls-exporter-label">
        <name>TLS Exporter Label Registry</name>
        <t>IANA is asked to register the following entry in the "TLS Exporter Labels" registry <xref target="IANA.TLS.Exporter.Labels"/> within the "Transport Layer Security (TLS) Parameters" registry group, which is defined in <xref section="6" sectionFormat="of" target="RFC5705"/> and updated in <xref section="12" sectionFormat="of" target="RFC8447"/>.</t>
        <ul spacing="normal">
          <li>
            <t>Value: EXPORTER-ACE-PoP-Input-Client-AS</t>
          </li>
          <li>
            <t>DTLS-OK: Y</t>
          </li>
          <li>
            <t>Recommended: N</t>
          </li>
          <li>
            <t>Reference: [RFC-XXXX, <xref target="sec-c-as-token-endpoint"/>]</t>
          </li>
        </ul>
      </section>
    </section>
  </middle>
  <back>
    <references anchor="sec-combined-references">
      <name>References</name>
      <references anchor="sec-normative-references">
        <name>Normative References</name>
        <reference anchor="I-D.ietf-core-groupcomm-bis">
          <front>
            <title>Group Communication for the Constrained Application Protocol (CoAP)</title>
            <author fullname="Esko Dijk" initials="E." surname="Dijk">
              <organization>IoTconsultancy.nl</organization>
            </author>
            <author fullname="Marco Tiloca" initials="M." surname="Tiloca">
              <organization>RISE AB</organization>
            </author>
            <date day="10" month="February" year="2026"/>
            <abstract>
              <t>   The Constrained Application Protocol (CoAP) is a web transfer
   protocol for constrained devices and constrained networks.  In a
   number of use cases, constrained devices often naturally operate in
   groups (e.g., in a building automation scenario, all lights in a
   given room may need to be switched on/off as a group).  This document
   specifies the use of CoAP for group communication, including the use
   of UDP/IP multicast as the default underlying data transport.  Both
   unsecured and secured CoAP group communication are specified.
   Security is achieved by use of the Group Object Security for
   Constrained RESTful Environments (Group OSCORE) protocol.  The target
   application area of this specification is any group communication use
   cases that involve resource-constrained devices or networks that
   support CoAP.  This document replaces and obsoletes RFC 7390, while
   it updates RFC 7252 and RFC 7641.

              </t>
            </abstract>
          </front>
          <seriesInfo name="Internet-Draft" value="draft-ietf-core-groupcomm-bis-18"/>
        </reference>
        <reference anchor="I-D.ietf-core-oscore-groupcomm">
          <front>
            <title>Group Object Security for Constrained RESTful Environments (Group OSCORE)</title>
            <author fullname="Marco Tiloca" initials="M." surname="Tiloca">
              <organization>RISE AB</organization>
            </author>
            <author fullname="Göran Selander" initials="G." surname="Selander">
              <organization>Ericsson AB</organization>
            </author>
            <author fullname="Francesca Palombini" initials="F." surname="Palombini">
              <organization>Ericsson AB</organization>
            </author>
            <author fullname="John Preuß Mattsson" initials="J. P." surname="Mattsson">
              <organization>Ericsson AB</organization>
            </author>
            <author fullname="Rikard Höglund" initials="R." surname="Höglund">
              <organization>RISE AB</organization>
            </author>
            <date day="23" month="December" year="2025"/>
            <abstract>
              <t>   This document defines the security protocol Group Object Security for
   Constrained RESTful Environments (Group OSCORE), providing end-to-end
   security of messages exchanged with the Constrained Application
   Protocol (CoAP) between members of a group, e.g., sent over IP
   multicast.  In particular, the described protocol defines how OSCORE
   is used in a group communication setting to provide source
   authentication for CoAP group requests, sent by a client to multiple
   servers, and for protection of the corresponding CoAP responses.
   Group OSCORE also defines a pairwise mode where each member of the
   group can efficiently derive a symmetric pairwise key with each other
   member of the group for pairwise OSCORE communication.  Group OSCORE
   can be used between endpoints communicating with CoAP or CoAP-
   mappable HTTP.

              </t>
            </abstract>
          </front>
          <seriesInfo name="Internet-Draft" value="draft-ietf-core-oscore-groupcomm-28"/>
        </reference>
        <reference anchor="I-D.ietf-ace-key-groupcomm-oscore">
          <front>
            <title>Key Management for Group Object Security for Constrained RESTful Environments (Group OSCORE) Using Authentication and Authorization for Constrained Environments (ACE)</title>
            <author fullname="Marco Tiloca" initials="M." surname="Tiloca">
              <organization>RISE AB</organization>
            </author>
            <author fullname="Francesca Palombini" initials="F." surname="Palombini">
              <organization>Ericsson AB</organization>
            </author>
            <date day="14" month="March" year="2026"/>
            <abstract>
              <t>   This document defines an application profile of the Authentication
   and Authorization for Constrained Environments (ACE) framework, to
   request and provision keying material in group communication
   scenarios that are based on the Constrained Application Protocol
   (CoAP) and are secured with Group Object Security for Constrained
   RESTful Environments (Group OSCORE).  This application profile
   delegates the authentication and authorization of Clients, which join
   an OSCORE group through a Resource Server acting as Group Manager for
   that group.  This application profile leverages protocol-specific
   transport profiles of ACE to achieve communication security, server
   authentication, and proof of possession of a key owned by the Client
   and bound to an OAuth 2.0 access token.

              </t>
            </abstract>
          </front>
          <seriesInfo name="Internet-Draft" value="draft-ietf-ace-key-groupcomm-oscore-21"/>
        </reference>
        <reference anchor="I-D.ietf-ace-workflow-and-params">
          <front>
            <title>Short Distribution Chain (SDC) Workflow and New OAuth Parameters for the Authentication and Authorization for Constrained Environments (ACE) Framework</title>
            <author fullname="Marco Tiloca" initials="M." surname="Tiloca">
              <organization>RISE AB</organization>
            </author>
            <author fullname="Göran Selander" initials="G." surname="Selander">
              <organization>Ericsson AB</organization>
            </author>
            <date day="2" month="March" year="2026"/>
            <abstract>
              <t>   This document updates the Authentication and Authorization for
   Constrained Environments framework (ACE, RFC 9200) as follows. (1) It
   defines the Short Distribution Chain (SDC) workflow that the
   authorization server (AS) can use for uploading an access token to a
   resource server on behalf of the client. (2) For the OAuth 2.0 token
   endpoint, it defines new parameters and encodings and it extends the
   semantics of the "ace_profile" parameter. (3) For the OAuth 2.0
   authz-info endpoint, it defines a new parameter and its encoding. (4)
   It defines how the client and the AS can coordinate on the exchange
   of the client's and resource server's public authentication
   credentials, when those can be transported by value or identified by
   reference; this extends the semantics of the "rs_cnf" parameter for
   the OAuth 2.0 token endpoint, thus updating RFC 9201. (5) It extends
   the error handling at the AS, for which it defines a new error code.
   (6) It deprecates the original payload format of error responses
   conveying an error code, when CBOR is used to encode message
   payloads.  For those responses, it defines a new payload format
   aligned with RFC 9290, thus updating in this respect also the
   profiles defined in RFC 9202, RFC 9203, and RFC 9431. (7) It amends
   two of the requirements on profiles of the framework.

              </t>
            </abstract>
          </front>
          <seriesInfo name="Internet-Draft" value="draft-ietf-ace-workflow-and-params-07"/>
        </reference>
        <reference anchor="RFC5246">
          <front>
            <title>The Transport Layer Security (TLS) Protocol Version 1.2</title>
            <author fullname="T. Dierks" initials="T." surname="Dierks"/>
            <author fullname="E. Rescorla" initials="E." surname="Rescorla"/>
            <date month="August" year="2008"/>
            <abstract>
              <t>This document specifies Version 1.2 of the Transport Layer Security (TLS) protocol. The TLS protocol provides communications security over the Internet. The protocol allows client/server applications to communicate in a way that is designed to prevent eavesdropping, tampering, or message forgery. [STANDARDS-TRACK]</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="5246"/>
          <seriesInfo name="DOI" value="10.17487/RFC5246"/>
        </reference>
        <reference anchor="RFC5705">
          <front>
            <title>Keying Material Exporters for Transport Layer Security (TLS)</title>
            <author fullname="E. Rescorla" initials="E." surname="Rescorla"/>
            <date month="March" year="2010"/>
            <abstract>
              <t>A number of protocols wish to leverage Transport Layer Security (TLS) to perform key establishment but then use some of the keying material for their own purposes. This document describes a general mechanism for allowing that. [STANDARDS-TRACK]</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="5705"/>
          <seriesInfo name="DOI" value="10.17487/RFC5705"/>
        </reference>
        <reference anchor="RFC5869">
          <front>
            <title>HMAC-based Extract-and-Expand Key Derivation Function (HKDF)</title>
            <author fullname="H. Krawczyk" initials="H." surname="Krawczyk"/>
            <author fullname="P. Eronen" initials="P." surname="Eronen"/>
            <date month="May" year="2010"/>
            <abstract>
              <t>This document specifies a simple Hashed Message Authentication Code (HMAC)-based key derivation function (HKDF), which can be used as a building block in various protocols and applications. The key derivation function (KDF) is intended to support a wide range of applications and requirements, and is conservative in its use of cryptographic hash functions. This document is not an Internet Standards Track specification; it is published for informational purposes.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="5869"/>
          <seriesInfo name="DOI" value="10.17487/RFC5869"/>
        </reference>
        <reference anchor="RFC6347">
          <front>
            <title>Datagram Transport Layer Security Version 1.2</title>
            <author fullname="E. Rescorla" initials="E." surname="Rescorla"/>
            <author fullname="N. Modadugu" initials="N." surname="Modadugu"/>
            <date month="January" year="2012"/>
            <abstract>
              <t>This document specifies version 1.2 of the Datagram Transport Layer Security (DTLS) protocol. The DTLS protocol provides communications privacy for datagram protocols. The protocol allows client/server applications to communicate in a way that is designed to prevent eavesdropping, tampering, or message forgery. The DTLS protocol is based on the Transport Layer Security (TLS) protocol and provides equivalent security guarantees. Datagram semantics of the underlying transport are preserved by the DTLS protocol. This document updates DTLS 1.0 to work with TLS version 1.2. [STANDARDS-TRACK]</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="6347"/>
          <seriesInfo name="DOI" value="10.17487/RFC6347"/>
        </reference>
        <reference anchor="RFC6749">
          <front>
            <title>The OAuth 2.0 Authorization Framework</title>
            <author fullname="D. Hardt" initials="D." role="editor" surname="Hardt"/>
            <date month="October" year="2012"/>
            <abstract>
              <t>The OAuth 2.0 authorization framework enables a third-party application to obtain limited access to an HTTP service, either on behalf of a resource owner by orchestrating an approval interaction between the resource owner and the HTTP service, or by allowing the third-party application to obtain access on its own behalf. This specification replaces and obsoletes the OAuth 1.0 protocol described in RFC 5849. [STANDARDS-TRACK]</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="6749"/>
          <seriesInfo name="DOI" value="10.17487/RFC6749"/>
        </reference>
        <reference anchor="RFC7252">
          <front>
            <title>The Constrained Application Protocol (CoAP)</title>
            <author fullname="Z. Shelby" initials="Z." surname="Shelby"/>
            <author fullname="K. Hartke" initials="K." surname="Hartke"/>
            <author fullname="C. Bormann" initials="C." surname="Bormann"/>
            <date month="June" year="2014"/>
            <abstract>
              <t>The Constrained Application Protocol (CoAP) is a specialized web transfer protocol for use with constrained nodes and constrained (e.g., low-power, lossy) networks. The nodes often have 8-bit microcontrollers with small amounts of ROM and RAM, while constrained networks such as IPv6 over Low-Power Wireless Personal Area Networks (6LoWPANs) often have high packet error rates and a typical throughput of 10s of kbit/s. The protocol is designed for machine- to-machine (M2M) applications such as smart energy and building automation.</t>
              <t>CoAP provides a request/response interaction model between application endpoints, supports built-in discovery of services and resources, and includes key concepts of the Web such as URIs and Internet media types. CoAP is designed to easily interface with HTTP for integration with the Web while meeting specialized requirements such as multicast support, very low overhead, and simplicity for constrained environments.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="7252"/>
          <seriesInfo name="DOI" value="10.17487/RFC7252"/>
        </reference>
        <reference anchor="RFC7519">
          <front>
            <title>JSON Web Token (JWT)</title>
            <author fullname="M. Jones" initials="M." surname="Jones"/>
            <author fullname="J. Bradley" initials="J." surname="Bradley"/>
            <author fullname="N. Sakimura" initials="N." surname="Sakimura"/>
            <date month="May" year="2015"/>
            <abstract>
              <t>JSON Web Token (JWT) is a compact, URL-safe means of representing claims to be transferred between two parties. The claims in a JWT are encoded as a JSON object that is used as the payload of a JSON Web Signature (JWS) structure or as the plaintext of a JSON Web Encryption (JWE) structure, enabling the claims to be digitally signed or integrity protected with a Message Authentication Code (MAC) and/or encrypted.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="7519"/>
          <seriesInfo name="DOI" value="10.17487/RFC7519"/>
        </reference>
        <reference anchor="RFC7748">
          <front>
            <title>Elliptic Curves for Security</title>
            <author fullname="A. Langley" initials="A." surname="Langley"/>
            <author fullname="M. Hamburg" initials="M." surname="Hamburg"/>
            <author fullname="S. Turner" initials="S." surname="Turner"/>
            <date month="January" year="2016"/>
            <abstract>
              <t>This memo specifies two elliptic curves over prime fields that offer a high level of practical security in cryptographic applications, including Transport Layer Security (TLS). These curves are intended to operate at the ~128-bit and ~224-bit security level, respectively, and are generated deterministically based on a list of required properties.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="7748"/>
          <seriesInfo name="DOI" value="10.17487/RFC7748"/>
        </reference>
        <reference anchor="RFC8392">
          <front>
            <title>CBOR Web Token (CWT)</title>
            <author fullname="M. Jones" initials="M." surname="Jones"/>
            <author fullname="E. Wahlstroem" initials="E." surname="Wahlstroem"/>
            <author fullname="S. Erdtman" initials="S." surname="Erdtman"/>
            <author fullname="H. Tschofenig" initials="H." surname="Tschofenig"/>
            <date month="May" year="2018"/>
            <abstract>
              <t>CBOR Web Token (CWT) is a compact means of representing claims to be transferred between two parties. The claims in a CWT are encoded in the Concise Binary Object Representation (CBOR), and CBOR Object Signing and Encryption (COSE) is used for added application-layer security protection. A claim is a piece of information asserted about a subject and is represented as a name/value pair consisting of a claim name and a claim value. CWT is derived from JSON Web Token (JWT) but uses CBOR rather than JSON.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="8392"/>
          <seriesInfo name="DOI" value="10.17487/RFC8392"/>
        </reference>
        <reference anchor="RFC8610">
          <front>
            <title>Concise Data Definition Language (CDDL): A Notational Convention to Express Concise Binary Object Representation (CBOR) and JSON Data Structures</title>
            <author fullname="H. Birkholz" initials="H." surname="Birkholz"/>
            <author fullname="C. Vigano" initials="C." surname="Vigano"/>
            <author fullname="C. Bormann" initials="C." surname="Bormann"/>
            <date month="June" year="2019"/>
            <abstract>
              <t>This document proposes a notational convention to express Concise Binary Object Representation (CBOR) data structures (RFC 7049). Its main goal is to provide an easy and unambiguous way to express structures for protocol messages and data formats that use CBOR or JSON.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="8610"/>
          <seriesInfo name="DOI" value="10.17487/RFC8610"/>
        </reference>
        <reference anchor="RFC8613">
          <front>
            <title>Object Security for Constrained RESTful Environments (OSCORE)</title>
            <author fullname="G. Selander" initials="G." surname="Selander"/>
            <author fullname="J. Mattsson" initials="J." surname="Mattsson"/>
            <author fullname="F. Palombini" initials="F." surname="Palombini"/>
            <author fullname="L. Seitz" initials="L." surname="Seitz"/>
            <date month="July" year="2019"/>
            <abstract>
              <t>This document defines Object Security for Constrained RESTful Environments (OSCORE), a method for application-layer protection of the Constrained Application Protocol (CoAP), using CBOR Object Signing and Encryption (COSE). OSCORE provides end-to-end protection between endpoints communicating using CoAP or CoAP-mappable HTTP. OSCORE is designed for constrained nodes and networks supporting a range of proxy operations, including translation between different transport protocols.</t>
              <t>Although an optional functionality of CoAP, OSCORE alters CoAP options processing and IANA registration. Therefore, this document updates RFC 7252.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="8613"/>
          <seriesInfo name="DOI" value="10.17487/RFC8613"/>
        </reference>
        <reference anchor="RFC8447">
          <front>
            <title>IANA Registry Updates for TLS and DTLS</title>
            <author fullname="J. Salowey" initials="J." surname="Salowey"/>
            <author fullname="S. Turner" initials="S." surname="Turner"/>
            <date month="August" year="2018"/>
            <abstract>
              <t>This document describes a number of changes to TLS and DTLS IANA registries that range from adding notes to the registry all the way to changing the registration policy. These changes were mostly motivated by WG review of the TLS- and DTLS-related registries undertaken as part of the TLS 1.3 development process.</t>
              <t>This document updates the following RFCs: 3749, 5077, 4680, 5246, 5705, 5878, 6520, and 7301.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="8447"/>
          <seriesInfo name="DOI" value="10.17487/RFC8447"/>
        </reference>
        <reference anchor="RFC8747">
          <front>
            <title>Proof-of-Possession Key Semantics for CBOR Web Tokens (CWTs)</title>
            <author fullname="M. Jones" initials="M." surname="Jones"/>
            <author fullname="L. Seitz" initials="L." surname="Seitz"/>
            <author fullname="G. Selander" initials="G." surname="Selander"/>
            <author fullname="S. Erdtman" initials="S." surname="Erdtman"/>
            <author fullname="H. Tschofenig" initials="H." surname="Tschofenig"/>
            <date month="March" year="2020"/>
            <abstract>
              <t>This specification describes how to declare in a CBOR Web Token (CWT) (which is defined by RFC 8392) that the presenter of the CWT possesses a particular proof-of-possession key. Being able to prove possession of a key is also sometimes described as being the holder-of-key. This specification provides equivalent functionality to "Proof-of-Possession Key Semantics for JSON Web Tokens (JWTs)" (RFC 7800) but using Concise Binary Object Representation (CBOR) and CWTs rather than JavaScript Object Notation (JSON) and JSON Web Tokens (JWTs).</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="8747"/>
          <seriesInfo name="DOI" value="10.17487/RFC8747"/>
        </reference>
        <reference anchor="RFC8949">
          <front>
            <title>Concise Binary Object Representation (CBOR)</title>
            <author fullname="C. Bormann" initials="C." surname="Bormann"/>
            <author fullname="P. Hoffman" initials="P." surname="Hoffman"/>
            <date month="December" year="2020"/>
            <abstract>
              <t>The Concise Binary Object Representation (CBOR) is a data format whose design goals include the possibility of extremely small code size, fairly small message size, and extensibility without the need for version negotiation. These design goals make it different from earlier binary serializations such as ASN.1 and MessagePack.</t>
              <t>This document obsoletes RFC 7049, providing editorial improvements, new details, and errata fixes while keeping full compatibility with the interchange format of RFC 7049. It does not create a new version of the format.</t>
            </abstract>
          </front>
          <seriesInfo name="STD" value="94"/>
          <seriesInfo name="RFC" value="8949"/>
          <seriesInfo name="DOI" value="10.17487/RFC8949"/>
        </reference>
        <reference anchor="RFC9052">
          <front>
            <title>CBOR Object Signing and Encryption (COSE): Structures and Process</title>
            <author fullname="J. Schaad" initials="J." surname="Schaad"/>
            <date month="August" year="2022"/>
            <abstract>
              <t>Concise Binary Object Representation (CBOR) is a data format designed for small code size and small message size. There is a need to be able to define basic security services for this data format. This document defines the CBOR Object Signing and Encryption (COSE) protocol. This specification describes how to create and process signatures, message authentication codes, and encryption using CBOR for serialization. This specification additionally describes how to represent cryptographic keys using CBOR.</t>
              <t>This document, along with RFC 9053, obsoletes RFC 8152.</t>
            </abstract>
          </front>
          <seriesInfo name="STD" value="96"/>
          <seriesInfo name="RFC" value="9052"/>
          <seriesInfo name="DOI" value="10.17487/RFC9052"/>
        </reference>
        <reference anchor="RFC9053">
          <front>
            <title>CBOR Object Signing and Encryption (COSE): Initial Algorithms</title>
            <author fullname="J. Schaad" initials="J." surname="Schaad"/>
            <date month="August" year="2022"/>
            <abstract>
              <t>Concise Binary Object Representation (CBOR) is a data format designed for small code size and small message size. There is a need to be able to define basic security services for this data format. This document defines a set of algorithms that can be used with the CBOR Object Signing and Encryption (COSE) protocol (RFC 9052).</t>
              <t>This document, along with RFC 9052, obsoletes RFC 8152.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="9053"/>
          <seriesInfo name="DOI" value="10.17487/RFC9053"/>
        </reference>
        <reference anchor="RFC9200">
          <front>
            <title>Authentication and Authorization for Constrained Environments Using the OAuth 2.0 Framework (ACE-OAuth)</title>
            <author fullname="L. Seitz" initials="L." surname="Seitz"/>
            <author fullname="G. Selander" initials="G." surname="Selander"/>
            <author fullname="E. Wahlstroem" initials="E." surname="Wahlstroem"/>
            <author fullname="S. Erdtman" initials="S." surname="Erdtman"/>
            <author fullname="H. Tschofenig" initials="H." surname="Tschofenig"/>
            <date month="August" year="2022"/>
            <abstract>
              <t>This specification defines a framework for authentication and authorization in Internet of Things (IoT) environments called ACE-OAuth. The framework is based on a set of building blocks including OAuth 2.0 and the Constrained Application Protocol (CoAP), thus transforming a well-known and widely used authorization solution into a form suitable for IoT devices. Existing specifications are used where possible, but extensions are added and profiles are defined to better serve the IoT use cases.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="9200"/>
          <seriesInfo name="DOI" value="10.17487/RFC9200"/>
        </reference>
        <reference anchor="RFC9201">
          <front>
            <title>Additional OAuth Parameters for Authentication and Authorization for Constrained Environments (ACE)</title>
            <author fullname="L. Seitz" initials="L." surname="Seitz"/>
            <date month="August" year="2022"/>
            <abstract>
              <t>This specification defines new parameters and encodings for the OAuth 2.0 token and introspection endpoints when used with the framework for Authentication and Authorization for Constrained Environments (ACE). These are used to express the proof-of-possession (PoP) key the client wishes to use, the PoP key that the authorization server has selected, and the PoP key the resource server uses to authenticate to the client.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="9201"/>
          <seriesInfo name="DOI" value="10.17487/RFC9201"/>
        </reference>
        <reference anchor="RFC9203">
          <front>
            <title>The Object Security for Constrained RESTful Environments (OSCORE) Profile of the Authentication and Authorization for Constrained Environments (ACE) Framework</title>
            <author fullname="F. Palombini" initials="F." surname="Palombini"/>
            <author fullname="L. Seitz" initials="L." surname="Seitz"/>
            <author fullname="G. Selander" initials="G." surname="Selander"/>
            <author fullname="M. Gunnarsson" initials="M." surname="Gunnarsson"/>
            <date month="August" year="2022"/>
            <abstract>
              <t>This document specifies a profile for the Authentication and Authorization for Constrained Environments (ACE) framework. It utilizes Object Security for Constrained RESTful Environments (OSCORE) to provide communication security and proof-of-possession for a key owned by the client and bound to an OAuth 2.0 access token.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="9203"/>
          <seriesInfo name="DOI" value="10.17487/RFC9203"/>
        </reference>
        <reference anchor="NIST-800-56A" target="https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-56Ar3.pdf">
          <front>
            <title>Recommendation for Pair-Wise Key-Establishment Schemes Using Discrete Logarithm Cryptography - NIST Special Publication 800-56A, Revision 3</title>
            <author initials="E." surname="Barker" fullname="Elaine Barker">
              <organization/>
            </author>
            <author initials="L." surname="Chen" fullname="Lily Chen">
              <organization/>
            </author>
            <author initials="A." surname="Roginsky" fullname="Allen Roginsky">
              <organization/>
            </author>
            <author initials="A." surname="Vassilev" fullname="Apostol Vassilev">
              <organization/>
            </author>
            <author initials="R." surname="Davis" fullname="Richard Davis">
              <organization/>
            </author>
            <date year="2018" month="April"/>
          </front>
        </reference>
        <reference anchor="IANA.ACE.Profiles" target="https://www.iana.org/assignments/ace/ace.xhtml#ace-profiles">
          <front>
            <title>ACE Profiles</title>
            <author>
              <organization>IANA</organization>
            </author>
            <date/>
          </front>
        </reference>
        <reference anchor="IANA.OAuth.Parameters" target="https://www.iana.org/assignments/oauth-parameters/oauth-parameters.xhtml#parameters">
          <front>
            <title>OAuth Parameters</title>
            <author>
              <organization>IANA</organization>
            </author>
            <date/>
          </front>
        </reference>
        <reference anchor="IANA.OAuth.Parameters.CBOR.Mappings" target="https://www.iana.org/assignments/ace/ace.xhtml#oauth-parameters-cbor-mappings">
          <front>
            <title>OAuth Parameters CBOR Mappings</title>
            <author>
              <organization>IANA</organization>
            </author>
            <date/>
          </front>
        </reference>
        <reference anchor="IANA.JSON.Web.Token.Claims" target="https://www.iana.org/assignments/jwt/jwt.xhtml#claims">
          <front>
            <title>JSON Web Token Claims</title>
            <author>
              <organization>IANA</organization>
            </author>
            <date/>
          </front>
        </reference>
        <reference anchor="IANA.CWT.Claims" target="https://www.iana.org/assignments/cwt/cwt.xhtml#claims-registry">
          <front>
            <title>CBOR Web Token (CWT) Claims</title>
            <author>
              <organization>IANA</organization>
            </author>
            <date/>
          </front>
        </reference>
        <reference anchor="IANA.TLS.Exporter.Labels" target="https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#exporter-labels">
          <front>
            <title>TLS Exporter Labels</title>
            <author>
              <organization>IANA</organization>
            </author>
            <date/>
          </front>
        </reference>
        <reference anchor="RFC2119">
          <front>
            <title>Key words for use in RFCs to Indicate Requirement Levels</title>
            <author fullname="S. Bradner" initials="S." surname="Bradner"/>
            <date month="March" year="1997"/>
            <abstract>
              <t>In many standards track documents several words are used to signify the requirements in the specification. These words are often capitalized. This document defines these words as they should be interpreted in IETF documents. This document specifies an Internet Best Current Practices for the Internet Community, and requests discussion and suggestions for improvements.</t>
            </abstract>
          </front>
          <seriesInfo name="BCP" value="14"/>
          <seriesInfo name="RFC" value="2119"/>
          <seriesInfo name="DOI" value="10.17487/RFC2119"/>
        </reference>
        <reference anchor="RFC8174">
          <front>
            <title>Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words</title>
            <author fullname="B. Leiba" initials="B." surname="Leiba"/>
            <date month="May" year="2017"/>
            <abstract>
              <t>RFC 2119 specifies common key words that may be used in protocol specifications. This document aims to reduce the ambiguity by clarifying that only UPPERCASE usage of the key words have the defined special meanings.</t>
            </abstract>
          </front>
          <seriesInfo name="BCP" value="14"/>
          <seriesInfo name="RFC" value="8174"/>
          <seriesInfo name="DOI" value="10.17487/RFC8174"/>
        </reference>
      </references>
      <references anchor="sec-informative-references">
        <name>Informative References</name>
        <reference anchor="I-D.tiloca-core-oscore-discovery">
          <front>
            <title>Discovery of OSCORE Groups with the CoRE Resource Directory</title>
            <author fullname="Marco Tiloca" initials="M." surname="Tiloca">
              <organization>RISE AB</organization>
            </author>
            <author fullname="Christian Amsüss" initials="C." surname="Amsüss">
         </author>
            <author fullname="Peter Van der Stok" initials="P." surname="Van der Stok">
         </author>
            <date day="2" month="March" year="2026"/>
            <abstract>
              <t>   Group communication over the Constrained Application Protocol (CoAP)
   can be secured by means of Group Object Security for Constrained
   RESTful Environments (Group OSCORE).  At deployment time, devices may
   not know the exact security groups to join, the respective Group
   Manager, or other information required to perform the joining
   process.  This document defines how a CoAP endpoint can use
   descriptions and links of resources registered at the CoRE Resource
   Directory to discover security groups and to acquire information for
   joining them through the respective Group Manager.  A given security
   group can be used to protect communications in multiple application
   groups, which are separately announced in the Resource Directory as
   sets of endpoints sharing a pool of resources.  This approach is
   consistent with, but not limited to, the joining of security groups
   based on the ACE framework for Authentication and Authorization in
   constrained environments.

              </t>
            </abstract>
          </front>
          <seriesInfo name="Internet-Draft" value="draft-tiloca-core-oscore-discovery-19"/>
        </reference>
        <reference anchor="I-D.ietf-cose-cbor-encoded-cert">
          <front>
            <title>CBOR Encoded X.509 Certificates (C509 Certificates)</title>
            <author fullname="John Preuß Mattsson" initials="J. P." surname="Mattsson">
              <organization>Ericsson AB</organization>
            </author>
            <author fullname="Göran Selander" initials="G." surname="Selander">
              <organization>Ericsson AB</organization>
            </author>
            <author fullname="Shahid Raza" initials="S." surname="Raza">
              <organization>University of Glasgow</organization>
            </author>
            <author fullname="Joel Höglund" initials="J." surname="Höglund">
              <organization>RISE AB</organization>
            </author>
            <author fullname="Martin Furuhed" initials="M." surname="Furuhed">
              <organization>IN Groupe</organization>
            </author>
            <author fullname="Lijun Liao" initials="L." surname="Liao">
              <organization>NIO</organization>
            </author>
            <date day="30" month="June" year="2026"/>
            <abstract>
              <t>   This document specifies a CBOR encoding of X.509 certificates.  The
   resulting certificates are called C509 certificates.  The CBOR
   encoding supports a large subset of RFC 5280 and common certificate
   profiles, and it is extensible.

   Two types of C509 certificates are defined.  One type is an
   invertible CBOR re-encoding of DER-encoded X.509 certificates with
   the signature field copied from the DER encoding.  The other type is
   identical except that the signature is computed over the CBOR
   encoding instead of the DER encoding, thereby avoiding the use of
   ASN.1.  Both types of certificates have the same semantics as X.509
   while providing comparable size reduction.

   This document also specifies CBOR-encoded data structures for
   certification requests and certification request templates, new COSE
   headers, as well as a TLS certificate type and a file format for
   C509.  This document updates RFC 6698 by extending the TLSA selectors
   registry to include C509 certificates.

              </t>
            </abstract>
          </front>
          <seriesInfo name="Internet-Draft" value="draft-ietf-cose-cbor-encoded-cert-20"/>
        </reference>
        <reference anchor="I-D.ietf-ace-edhoc-oscore-profile">
          <front>
            <title>Ephemeral Diffie-Hellman Over COSE (EDHOC) and Object Security for Constrained Environments (OSCORE) Profile for Authentication and Authorization for Constrained Environments (ACE)</title>
            <author fullname="Göran Selander" initials="G." surname="Selander">
              <organization>Ericsson</organization>
            </author>
            <author fullname="John Preuß Mattsson" initials="J. P." surname="Mattsson">
              <organization>Ericsson</organization>
            </author>
            <author fullname="Marco Tiloca" initials="M." surname="Tiloca">
              <organization>RISE</organization>
            </author>
            <author fullname="Rikard Höglund" initials="R." surname="Höglund">
              <organization>RISE</organization>
            </author>
            <date day="1" month="March" year="2026"/>
            <abstract>
              <t>   This document specifies a profile for the Authentication and
   Authorization for Constrained Environments (ACE) framework.  It
   utilizes Ephemeral Diffie-Hellman Over COSE (EDHOC) for achieving
   mutual authentication between an ACE-OAuth client and resource
   server, and it binds an authentication credential of the client to an
   ACE-OAuth access token.  EDHOC also establishes an Object Security
   for Constrained RESTful Environments (OSCORE) Security Context, which
   is used to secure communications between the client and resource
   server when accessing protected resources according to the
   authorization information indicated in the access token.  This
   profile can be used to delegate management of authorization
   information from a resource-constrained server to a trusted host with
   less severe limitations regarding processing power and memory.

              </t>
            </abstract>
          </front>
          <seriesInfo name="Internet-Draft" value="draft-ietf-ace-edhoc-oscore-profile-10"/>
        </reference>
        <reference anchor="RFC5280">
          <front>
            <title>Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile</title>
            <author fullname="D. Cooper" initials="D." surname="Cooper"/>
            <author fullname="S. Santesson" initials="S." surname="Santesson"/>
            <author fullname="S. Farrell" initials="S." surname="Farrell"/>
            <author fullname="S. Boeyen" initials="S." surname="Boeyen"/>
            <author fullname="R. Housley" initials="R." surname="Housley"/>
            <author fullname="W. Polk" initials="W." surname="Polk"/>
            <date month="May" year="2008"/>
            <abstract>
              <t>This memo profiles the X.509 v3 certificate and X.509 v2 certificate revocation list (CRL) for use in the Internet. An overview of this approach and model is provided as an introduction. The X.509 v3 certificate format is described in detail, with additional information regarding the format and semantics of Internet name forms. Standard certificate extensions are described and two Internet-specific extensions are defined. A set of required certificate extensions is specified. The X.509 v2 CRL format is described in detail along with standard and Internet-specific extensions. An algorithm for X.509 certification path validation is described. An ASN.1 module and examples are provided in the appendices. [STANDARDS-TRACK]</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="5280"/>
          <seriesInfo name="DOI" value="10.17487/RFC5280"/>
        </reference>
        <reference anchor="RFC8446">
          <front>
            <title>The Transport Layer Security (TLS) Protocol Version 1.3</title>
            <author fullname="E. Rescorla" initials="E." surname="Rescorla"/>
            <date month="August" year="2018"/>
            <abstract>
              <t>This document specifies version 1.3 of the Transport Layer Security (TLS) protocol. TLS allows client/server applications to communicate over the Internet in a way that is designed to prevent eavesdropping, tampering, and message forgery.</t>
              <t>This document updates RFCs 5705 and 6066, and obsoletes RFCs 5077, 5246, and 6961. This document also specifies new requirements for TLS 1.2 implementations.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="8446"/>
          <seriesInfo name="DOI" value="10.17487/RFC8446"/>
        </reference>
        <reference anchor="RFC9147">
          <front>
            <title>The Datagram Transport Layer Security (DTLS) Protocol Version 1.3</title>
            <author fullname="E. Rescorla" initials="E." surname="Rescorla"/>
            <author fullname="H. Tschofenig" initials="H." surname="Tschofenig"/>
            <author fullname="N. Modadugu" initials="N." surname="Modadugu"/>
            <date month="April" year="2022"/>
            <abstract>
              <t>This document specifies version 1.3 of the Datagram Transport Layer Security (DTLS) protocol. DTLS 1.3 allows client/server applications to communicate over the Internet in a way that is designed to prevent eavesdropping, tampering, and message forgery.</t>
              <t>The DTLS 1.3 protocol is based on the Transport Layer Security (TLS) 1.3 protocol and provides equivalent security guarantees with the exception of order protection / non-replayability. Datagram semantics of the underlying transport are preserved by the DTLS protocol.</t>
              <t>This document obsoletes RFC 6347.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="9147"/>
          <seriesInfo name="DOI" value="10.17487/RFC9147"/>
        </reference>
        <reference anchor="RFC9202">
          <front>
            <title>Datagram Transport Layer Security (DTLS) Profile for Authentication and Authorization for Constrained Environments (ACE)</title>
            <author fullname="S. Gerdes" initials="S." surname="Gerdes"/>
            <author fullname="O. Bergmann" initials="O." surname="Bergmann"/>
            <author fullname="C. Bormann" initials="C." surname="Bormann"/>
            <author fullname="G. Selander" initials="G." surname="Selander"/>
            <author fullname="L. Seitz" initials="L." surname="Seitz"/>
            <date month="August" year="2022"/>
            <abstract>
              <t>This specification defines a profile of the Authentication and Authorization for Constrained Environments (ACE) framework that allows constrained servers to delegate client authentication and authorization. The protocol relies on DTLS version 1.2 or later for communication security between entities in a constrained network using either raw public keys or pre-shared keys. A resource-constrained server can use this protocol to delegate management of authorization information to a trusted host with less-severe limitations regarding processing power and memory.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="9202"/>
          <seriesInfo name="DOI" value="10.17487/RFC9202"/>
        </reference>
        <reference anchor="RFC9431">
          <front>
            <title>Message Queuing Telemetry Transport (MQTT) and Transport Layer Security (TLS) Profile of Authentication and Authorization for Constrained Environments (ACE) Framework</title>
            <author fullname="C. Sengul" initials="C." surname="Sengul"/>
            <author fullname="A. Kirby" initials="A." surname="Kirby"/>
            <date month="July" year="2023"/>
            <abstract>
              <t>This document specifies a profile for the Authentication and Authorization for Constrained Environments (ACE) framework to enable authorization in a publish-subscribe messaging system based on Message Queuing Telemetry Transport (MQTT). Proof-of-Possession keys, bound to OAuth 2.0 access tokens, are used to authenticate and authorize MQTT Clients. The protocol relies on TLS for confidentiality and MQTT server (Broker) authentication.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="9431"/>
          <seriesInfo name="DOI" value="10.17487/RFC9431"/>
        </reference>
        <reference anchor="RFC9528">
          <front>
            <title>Ephemeral Diffie-Hellman Over COSE (EDHOC)</title>
            <author fullname="G. Selander" initials="G." surname="Selander"/>
            <author fullname="J. Preuß Mattsson" initials="J." surname="Preuß Mattsson"/>
            <author fullname="F. Palombini" initials="F." surname="Palombini"/>
            <date month="March" year="2024"/>
            <abstract>
              <t>This document specifies Ephemeral Diffie-Hellman Over COSE (EDHOC), a very compact and lightweight authenticated Diffie-Hellman key exchange with ephemeral keys. EDHOC provides mutual authentication, forward secrecy, and identity protection. EDHOC is intended for usage in constrained scenarios, and a main use case is to establish an Object Security for Constrained RESTful Environments (OSCORE) security context. By reusing CBOR Object Signing and Encryption (COSE) for cryptography, Concise Binary Object Representation (CBOR) for encoding, and Constrained Application Protocol (CoAP) for transport, the additional code size can be kept very low.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="9528"/>
          <seriesInfo name="DOI" value="10.17487/RFC9528"/>
        </reference>
        <reference anchor="NIST-800-207" target="https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-207.pdf">
          <front>
            <title>Zero Trust Architecture - NIST Special Publication 800-207</title>
            <author initials="S." surname="Rose" fullname="Scott Rose">
              <organization/>
            </author>
            <author initials="O." surname="Borchert" fullname="Oliver Borchert">
              <organization/>
            </author>
            <author initials="S." surname="Mitchell" fullname="Stu Mitchell">
              <organization/>
            </author>
            <author initials="S." surname="Connelly" fullname="Sean Connelly">
              <organization/>
            </author>
            <date year="2020" month="August"/>
          </front>
        </reference>
      </references>
    </references>
    <?line 1335?>

<section anchor="profile-requirements">
      <name>Profile Requirements</name>
      <t>This appendix lists the specifications of this profile based on the requirements of the ACE framework, as requested in <xref section="C" sectionFormat="of" target="RFC9200"/>.</t>
      <ul spacing="normal">
        <li>
          <t>Optionally, define new methods for the client to discover the necessary permissions and AS for accessing a resource, different from the one proposed in <xref target="RFC9200"/>: Not specified.</t>
        </li>
        <li>
          <t>Optionally, specify new grant types: Not specified.</t>
        </li>
        <li>
          <t>Optionally, define the use of client certificates as client credential type: Not specified.</t>
        </li>
        <li>
          <t>Specify the communication protocol the client and RS must use: CoAP.</t>
        </li>
        <li>
          <t>Specify the security protocol the client and RS must use to protect their communication: Group OSCORE, by using a pre-established Group OSCORE Security Context.</t>
        </li>
        <li>
          <t>Specify how the client and the RS mutually authenticate: Explicitly, by possession of a common Group OSCORE Security Context and by either: usage of digital signatures embedded in messages, if protected with the group mode of Group OSCORE; or protection of messages with the pairwise mode of Group OSCORE, by using pairwise symmetric keys derived from the asymmetric keys of the two peers exchanging the message. Note that mutual authentication is only achieved after the client has successfully verified a response from the RS protected with Group OSCORE, using the shared Group OSCORE Security Context.</t>
        </li>
        <li>
          <t>Specify the proof-of-possession protocol(s) and how to select one, if several are available. Also specify which key types (e.g., symmetric/asymmetric) are supported by a specific proof-of- possession protocol: Group OSCORE algorithms; asymmetric keys verified and distributed by a Group Manager.</t>
        </li>
        <li>
          <t>Specify a unique ace_profile identifier: coap_group_oscore.</t>
        </li>
        <li>
          <t>If introspection is supported, specify the communication and security protocol for introspection: HTTP/CoAP (+ TLS/DTLS/OSCORE).</t>
        </li>
        <li>
          <t>Specify the communication and security protocol for interactions between the client and AS: HTTP/CoAP (+ TLS/DTLS/OSCORE).</t>
        </li>
        <li>
          <t>Specify if/how the authz-info endpoint is protected, including how error responses are protected: Not protected.</t>
        </li>
        <li>
          <t>Optionally, define other methods of token transport than the authz-info endpoint: Not defined.</t>
        </li>
      </ul>
    </section>
    <section anchor="sec-cddl-model" removeInRFC="true">
      <name>CDDL Model</name>
      <figure anchor="fig-cddl-model">
        <name>CDDL model</name>
        <sourcecode type="cddl"><![CDATA[
; ACE Profiles
coap_group_oscore = 5

; OAuth Parameters CBOR Mappings
token_series_id_param = 56
context_id_param = 71
salt_input_param = 72
client_cred_verify = 73
client_cred_verify_mac = 74

; CBOR Web Token (CWT) Claims
token_series_id_claim = 42
context_id_claim = 51
salt_input_claim = 52

; CWT Confirmation Methods
kccs = 11
]]></sourcecode>
      </figure>
    </section>
    <section anchor="sec-document-updates" removeInRFC="true">
      <name>Document Updates</name>
      <section anchor="sec-06-07">
        <name>Version -06 to -07</name>
        <ul spacing="normal">
          <li>
            <t>It is <bcp14>RECOMMENDED</bcp14> to use the OSCORE Group Manager defined in draft-ietf-ace-key-groupcomm-oscore.</t>
          </li>
          <li>
            <t>Major simplification in associating the access token with other information.</t>
          </li>
          <li>
            <t>Defined dynamic update of access rights through token series.</t>
          </li>
          <li>
            <t>Clarifications:  </t>
            <ul spacing="normal">
              <li>
                <t>Processing of the access token at the RS.</t>
              </li>
              <li>
                <t>The RS binds the access token to a specific Recipient Context.</t>
              </li>
              <li>
                <t>Achieving proof of possession.</t>
              </li>
              <li>
                <t>Details on proof of group membership.</t>
              </li>
              <li>
                <t>Timing and consistency of group joining.</t>
              </li>
              <li>
                <t>Latest group joining for the RS.</t>
              </li>
            </ul>
          </li>
          <li>
            <t>Moved overview text about enforced access control to the appropriate subsection.</t>
          </li>
          <li>
            <t>Added references to IANA registries.</t>
          </li>
          <li>
            <t>Editorial improvements.</t>
          </li>
        </ul>
      </section>
      <section anchor="sec-05-06">
        <name>Version -05 to -06</name>
        <ul spacing="normal">
          <li>
            <t>Replaced "GID" with "Gid".</t>
          </li>
          <li>
            <t>Mentioned revised semantics of the 'ace_profile' parameter.</t>
          </li>
          <li>
            <t>Added registrations to the "JSON Web Token Claims" IANA registry.</t>
          </li>
          <li>
            <t>Minor clarifications and editorial improvements.</t>
          </li>
        </ul>
      </section>
      <section anchor="sec-04-05">
        <name>Version -04 to -05</name>
        <ul spacing="normal">
          <li>
            <t>Consistent mentioning of the optional presence of the PoP evidence in the access token request.</t>
          </li>
          <li>
            <t>Guidelines on updating the quartet (GID, SaltInput, AuthCred, AuthCredGM) at the RS when a client obtains a new Sender ID.</t>
          </li>
          <li>
            <t>Clarifications and editorial improvements.</t>
          </li>
        </ul>
      </section>
      <section anchor="sec-03-04">
        <name>Version -03 to -04</name>
        <ul spacing="normal">
          <li>
            <t>Required that 'cnf' in the access token includes exactly what C uploaded to the Group Manager.</t>
          </li>
          <li>
            <t>Made the PoP evidence in the access token request optional.</t>
          </li>
          <li>
            <t>Better example value for audience, when indicating the profile to use.</t>
          </li>
          <li>
            <t>Placeholder: possible use of the 'ace_profile' parameter with extended semantics, for C to select the right profile.</t>
          </li>
          <li>
            <t>Suggested value ranges for codepoints to register.</t>
          </li>
          <li>
            <t>Aligned CBOR abbreviations to those used in other documents.</t>
          </li>
          <li>
            <t>Editorial fixes and improvements.</t>
          </li>
        </ul>
      </section>
      <section anchor="sec-02-03">
        <name>Version -02 to -03</name>
        <ul spacing="normal">
          <li>
            <t>Lowercase "client", "resource server", "authorization server", and "access token".</t>
          </li>
          <li>
            <t>Consistent update of section numbers for external references.</t>
          </li>
          <li>
            <t>Mentioned that this profile can also use the ACE alternative workflow.</t>
          </li>
          <li>
            <t>Clarified that the client may ask for a new access token after the old one becomes invalid.</t>
          </li>
          <li>
            <t>Enforced uniqueness pre-requirements on the client's group membership before requesting an access token.</t>
          </li>
          <li>
            <t>Added checks on uniqueness of clients' group membership at the RS.</t>
          </li>
          <li>
            <t>Clarified the process of access right verification.</t>
          </li>
          <li>
            <t>Added fine-grained recommendations on storing multiple access tokens bound to the same PoP key.</t>
          </li>
          <li>
            <t>Added guidelines on using multiple profiles.</t>
          </li>
          <li>
            <t>Fixes in the IANA considerations.</t>
          </li>
          <li>
            <t>Editorial fixes and improvements.</t>
          </li>
        </ul>
      </section>
      <section anchor="sec-01-02">
        <name>Version -01 to -02</name>
        <ul spacing="normal">
          <li>
            <t>CBOR diagnostic notation uses placeholders from a CDDL model.</t>
          </li>
          <li>
            <t>Renamed the claim 'contextId_input' to 'context_id'.</t>
          </li>
          <li>
            <t>Revised examples.</t>
          </li>
          <li>
            <t>Placeholders and early direction for dynamic update of access rights.</t>
          </li>
          <li>
            <t>Added text on storing multiple access tokens per PoP key on the RS.</t>
          </li>
          <li>
            <t>Fixes in the IANA considerations.</t>
          </li>
          <li>
            <t>Editorial fixes and improvements.</t>
          </li>
        </ul>
      </section>
      <section anchor="sec-00-01">
        <name>Version -00 to -01</name>
        <ul spacing="normal">
          <li>
            <t>Deleting an access token does not delete the Group OSCORE Security Context.</t>
          </li>
          <li>
            <t>Distinct computation of the PoP input when C and the AS use (D)TLS 1.2 or 1.3.</t>
          </li>
          <li>
            <t>Revised computation of the PoP input when C and the AS use OSCORE.</t>
          </li>
          <li>
            <t>Revised computation of the PoP evidence when the OSCORE group is a pairwise-only group.</t>
          </li>
          <li>
            <t>Clarified requirements on the AS for verifying the PoP evidence.</t>
          </li>
          <li>
            <t>Renamed the TLS Exporter Label for computing the PoP input.</t>
          </li>
          <li>
            <t>Editorial fixes and improvements.</t>
          </li>
        </ul>
      </section>
    </section>
    <section numbered="false" anchor="acknowldegment">
      <name>Acknowledgments</name>
      <t><contact fullname="Ludwig Seitz"/> contributed as a co-author of initial versions of this document.</t>
      <t>The authors sincerely thank <contact fullname="Christian Amsüss"/>, <contact fullname="Tim Hollebeek"/>, <contact fullname="Benjamin Kaduk"/>, <contact fullname="John Preuß Mattsson"/>, <contact fullname="Dave Robin"/>, <contact fullname="Jim Schaad"/>, and <contact fullname="Göran Selander"/> for their comments and feedback.</t>
      <t>The work on this document has been partly supported by the Sweden's Innovation Agency VINNOVA and the Celtic-Next projects CRITISEC and CYPRESS; and by the H2020 project SIFIS-Home (Grant agreement 952652).</t>
    </section>
  </back>
  <!-- ##markdown-source:
H4sIAAAAAAAAA+2923Yb2ZUg+M6viKHWGpFpACLBq5hld1MkJbEspTQE5bTH
9lIFgSAZFhgBRwCk6LT6V2a+op/6qevHZl/PLU4AoMR02rOKVVaSQMS57LPP
vl+63e7K7UGytbIyzafj7CBJzq+z5FVVzibJu4u/ZMNpMsiGsyqf3ieXZZUc
lUU9rdK8yEbJ2cng/HI2Tk6K27wqi5usmNbJmrw7OHp3drKevK/Ky3ycJeVl
MoWBD2fwbzHNh+k0L4skLUb0UVnlf+NPwjn8sQ+PYMiXVXqT3ZXVp5X04qLK
YPXulO6M8PjKqBwW8PxBMqrSy2k3z6aX3XSYda/wnW5ZD8sq6074ne44nWb1
dGUln1QHybSa1dP+xsbzjf5KWmXpgYHEyt3VAQ6e/AiryIsrXsDKp7uD5LSY
ZlWRTbvHON0K7PMgqaejlXp2cZPXNWxxej+B1ZyenL9cWRmWI3j9IJnBovZX
VlICxcFKQj9d+W+S5EV9kLztJef5uBym5mPe19u0GpbhV2UFo56dDk6Swxfm
QwBqlsF6Tuv08i9lNaqv0mlaJP2+eWIImztIfpvXUzsUrBFmGZx0N3e3k+2N
xrezYlrBS4O7bJQV5vPsJs3HB8kNLq43pcX99yrv1Vl8c2e95PV//s+r8awY
Bds7yz+l1aj57T/LDitaX++6pOXN2+PLXvI+HZc3F3mRB5sElC6GWT1MI0/Q
Rk+qfFjXcD8imz0vq/o6vSl0s1s/32YvdZ29ia7zv2eytN6wvFlZWSnK6gau
8m2GaHzaPe7RjaNbRlcOnrrpXuR182u5i+Yp7wm8sp+ye2cMfrzxEBKGy3F5
1wXa0p2kQCtoqrOXRzv97V39dW9jR3/d330uv+5ube/pr3vb+ulef6evv+5s
mk/3tvfl1/2t5/rA/u7mhv11S3/dNuPu79lfn5spnm+YKeBXfe050B7766b9
lR744XRw3t3f2Oju7B4yxZhLPU56yYu0+pRVAeadjJHO+t8Fr77pJUfXDi7w
i2/y8b37efDSYS85K6/g10/3wYuH43FWhF823/5dCtRynN2Gb0/KelqOw6+b
5OQ4vc3rBi0ZXiMxsd8J0zvLEKWyYmSZ0Ps0r7o/5nWW/BbQ7gQuycU4r6+R
ESWD4XV2k9XJhxqJ/3FeD6tsmiVvyqsU2MP1TXJU3U+m5VWVTq7vky6dVTKY
ZMM8HSfvZzCQ8D85vw4sAFaEn/DlhXXAquDQ97sb27zQtLrCy349nU7qg2fP
itvxZHZR9wq4vr2r8vYZ/oKfPJN5nGnqZ7iA3uB9T+artnqT0SXenMMfDnvA
yHrCNOsYJhEBwiedpV2mYyFzAkHkhjpIdMF3d3e9PC3SHgz3DA/vipn6M7i0
+L/e5+vpzfgJXuGJHYcW+A5FhN57vMsA5urrF0kDJXaghy20xBmZpNDbjQ9k
CxN3/OgGekcv3p313qaTCeDP420nwWETHfZbTiHcWXd4UVbdGzsybevfB+9+
6P2YXfTOy09Z0TsCUnLz9bvB0RIYLaHREh7tYZv4y90U/yebGOoItNijH8+/
dYUEXrvCNRhy/avWOYR1DoN1dqvsCq5wda8LPn8z6J18npQVHEDvTXqRjb9+
5TBWomMlPNbDVjwd1y7m+3/KPjKZAKRommAlLy5DYYAlQY/fj4B8lrcZCB2+
RFBnjHVZgSLLqDvMqmmD22ej63IYSPGG3e9vWAasnP/5pmHAwEkN193eMvwV
3vP4a39jbwn+OkB+ZyQ/ZTiDYTmdul8Eb70DrlxWwE2qafDmuzFArQq/bU76
Np/CA+NxOPF0Fn7VfBf0rAK+Dxn0IAMp0vtOsOj/zipQNFArSg5hWfkUtMNZ
lS1icABAj6n1N7ob+4/M1GAOYmkrqFxOCZUGJ29eHiSrf4Qz7f4efv68urLS
7XaT9AKVyyFoeefXeZ2Afjgjpl7jFJc5sPU0EUwiQeCx1NZLVVt7pGLrFLMa
Znw8fXta4si3+ShLUKSZFbrmWke9yKZ3GZCvNBmOc9w47qYEGRBmu5mNp/kE
VlVldTmrhhm8Vt0ia5lep/AkHPZNdnOBH4B6DWgiOjdJ5f6+aL4MZERQEkY1
PUvsqt/bSNIhKBEwJpFRWDGCeEJHm4CMr7YCXR4oF3D2UwDAHQhX/HCV38In
9DQAcJRc3PMK5Z28oMfaV+dCnR+CZaSA09mt7pnue3Do8DosDv4fpFAYgSQ2
b7VPa3dtPRB267KT5FM9lNoO4b0kUL3OJwoPd+24PQQjSpv4XQg/Q2jLgsEw
AZIBOFPrYN5ODX4Bbk2zz9MOPDKDExqD1qQzBOe/VhNmwW/55X3rymcTmL/K
hll+G1tpLzm5vAQEB8I2vu/IOfJxZAVI1wCcS8BzUPEY3eXdIayyAol/AgK5
4gAjlwDHw/MOnj28Cco/qqoWZRziBSdUDBHN6x6ThJt8NBpnKytP0HxTlaPZ
kED5JPnpSY4ffFlZOUyKGW6U8H4yMVQoIRxH9IitJrkB1jVO7oCEZ/bCDdNC
N5daSF+DYoO7ntpbqJcPPithM50k6131Oglyy+T0PT83TIFWJuf3E/htnGSf
0xvcGEBhOJ4BEajvkAvgccDCx7ObvEAw1h0DVtwPkPF0WlbwKSL5CMWQ/GI2
Feyuy8vpHV792QRJeN1jDAoJjNw5gQJs8SLTG0X3swbVC9eRwramOC5cEPwb
8BbQKh13AEygnyVAk6e8GwCsXJsR49ZfyrxQzOJLvbLyEshWXd6Qva+ewfvu
6dDVG5az8YhXM8wmqMdliMwZXpphFqIZok9CJPfqegpP3KHCeJkCgpcF0hA4
i5wAdW8IlHACWCUMi2u0C+wkQEKGNF95gVfSgVFj/4QXQDBwrfkN7gL47n0w
PlxtvOy0gJTxFCkz/BXBJPxYqJk7NdClQlFFCLkDNUFXAqYuwyxC0BqBwyMn
dyAm4KEB1HIacIxf4s7qIdzrKi87MiLOT19ezMYXNXET/MhgOeAe/g20uaIr
PCumdLNodUlZmG+Ryl4jy0JcMcSoB7cX/oTP4E5kdPS8TgAnEhaEXlFOAU5/
neV4H0ejHHcD18bfXYYoh6d2WZUMaHdJMPAljo1bdhDqWsANN6NCrOAzZupI
z+LB+kfJdzMR3lJeXtIABKEOcmN4BAS44SeG0jSdzoTtykOA/a/LO7hfFVG9
UQ7ktWL2B0+joa7lUhBlnsDdSvGrC6AnuEKEDXCovMINAYbXzojubvjkgDBm
xYg3cp3CCPZhuVEVrpFYkGJm7aBmCYuo/HF7CV5mXXxHbijRjOYdDUh8CqS2
ygIGolvMaz30kd6D6V0J8pWyPDhfQhpkCIeIypd5VU8Fj4LbYTi5Q0Hrm7Sa
JqDafKrpUuKSa4PYPkGgu3Bg5kB3AA7BOKwkPg1uwSVyj+t8POowLsG6GfRl
ARTirzNQnwIsob/ssr5H6jrOiPrCwkcPmBcUPXrCn/gCDlAmRuwdXqfFVTZ/
DXC+s4qOHShFPk4rn5MOkcdVDCshziSYw0AWt4B30NBABsWfQvAl2NYqHBR1
WT1TrgY4fZsPkeXxFnEBNyUuMnJWKrERR/GR/ia9B8qQEV8zyO+cMp5EL3md
EerCJPfAn2siPpMK30O8Z4JiJmXYI1inJShCCBmEpTyFKI8P2ttjrk0cs7Ka
tSTACEAy5AvT7GZCkzmMoyiLbp1ewuHDJwx6xXpBDUb7ixmgGy10Ni1FuFSK
jkcAEDDCj6sldJIZgKZyzmyYV6BjCUnqGMZrHxgDfMZ8rDC40X3gplkYoFQJ
EESZA2DUoBUvDo+KDOnXZFzes2YEe6lzXImRp4bjFMV2i/a1xXvyW4yZsCpl
XjvaXKcTARIAuAjKajG8x3sLZ5qCegwP9NdJsShwiKNNo38wNXXvKcCnQq0s
1S3IMSdHfXMH4crlY2aTeHYVwjcvgHDV1w69QQkEtncNK80qAzEjmxwk+TqT
BTMyIOm1EYJE/ElHf0H0xMlAKMxvZjeWRtJ5eMchzFfOucO0HabAe03C5Wxq
t18jhyyyDC7I9wS+HFbEGGmkkZqkQFK6kIfygnFLXTOnHnVnid0ochOz0xet
0kq35g6N+XokxI7hRbvoXvIqx+uN+7SoeZN+JtgI557e++TIoNE8zeWOVptZ
5Qew7CZn2GefQZZWSZv2TxAz2NYEB0MDli50ze4SqMElEJcWgZHlgCFf+ORF
hneDBWRen1Ap5KRokSsu86sZIgNcM5ga7iJ8DH/yrIy8gDdT0MxZqo8eHm0G
kYQwRO6YwAWozimDm1gvCyJAdzIeb5xdwegoHfuyFI5YA133FIFQmNYbeJOl
BaEZiqb3JDoBOwOtaUbsxxVUUHwE4SQFFhucnyjR7UoncT+kB7Tj6MtWoZ6k
w8zqNRf3UWKuKF6h47UACF6JQlRnaHdFXjIq8Suk3WTHIu6cXxWumcTVeeGt
UX51k/z0k2vZ/PJF1a7LckhGEVLhZa2wSrTxqfWDOEKttADwBTGC0Y9iJQjo
KI7CHlLid1aLQX4yNRwRgZMXM9pRdpuOZ7gjkt/t6XR8lV1XgnC6LccgcK4S
3cr/5giInqy5xhhfo+ExZSEF8Hg2zVyOWow8IeQZHgbeqnUjXMFdqlEbIuOc
vFGTGIJawhRNhiQHIMFzlgKfkGaU1t5uXaMSPoyjyXVVhOZhpyxXGbMd+j0R
/YBMZCS2C+4Czc7qaW8VNGEWrlAO7jSOma7nmCXy6/IuRI+rku8MbHpVCcGs
cAiJBbCBpoIKFWzgroJ3N+mnwPijN8GV6QAqiCN8C2syp+VAyldJkQHBPiPt
Z1VFhXGWst3mFmTYq6wW7uKSN57QtUQ4oGHpZppN+Ds0+wKjG7LBCBVJsVeQ
vMTj5mIJQo7tip9yHHxLUUqh0/AEVLapeKTF6Gk0eV4ATADGyDvGpLiDhEIE
wNFJQ4qGoFfLTEYHAAQ2vcoa1yYnwbvKWCkXwVxg4qtmYiYUARFloFEmSxRZ
oEZlmOVVfB0fYNLviJ3pJYoqTEXMQ9dpbawhaUOR9CgVCjNFdheC7C3gcSkw
yxrQABCTBqKCP1FL0kOnZD+ByTLk82LBzyujmBtl8x0MDndSNuyMkJKMXGRX
sErESiRjyFeRSRuZme3BjHwoghI3U/7hiwP3gBKX4+wzjRVcCjYQCvoJujNc
5MTq9MZA+gItEXoWj+qTAHohESdfvrhWLhVo5ThZZRVLlm80GVYZ0S0QrBTZ
6F6Kecm1WIuhp0iAbJTpCEUQ4ZJGr4rYn31d5yK7RH3fakmk1JM/KWpuIF7Q
HJW4Z0bRCxYWcCLZFVo6yUgjDNfYqtVhJHS0VLnAkwhq42ZxPRli4AqdKw55
IGKizgFBWA2HkIhGWN4lnScARE+t/+WL/rqlv25vbeKvC92lwBtQzWDWnzoM
B1huOUQJhhwrIOCUxLvJ38JuJmTJSD6707J7g7KVCmp1DYQJpWKkj2JnrEmX
b5iu291wCIPVYZlOPtKwH3nZq+YgNKTUPbuOGIaEpDFRMlhMAg6+416LQ8e2
8173vHZUHr5fZ/hiAJgHyWYwG8AQjXUGA8Qo9bVeNdfcJAQT+e11Wqn+SDo3
MRqD7Ozgah7f4/kWQxCEAXsABTjJED8UGwARmBeNHnY3zj12RBAjyr/Ey0zO
kQdlI0tMPa+goJ+53Fk9BA6b8eUOzY61pdAIP4NXtCgkkTJV4BjtqJ5L8lpA
m4Cms01HUSAXH57jtZRpUOixXLXpJGSSKGIPS5eBq5DoejEiFHVN50/rgJo7
iozICkAjUhGNPFpaB54F8bLSqwgk12fjLXd6Df+5utaDm7ByLOj6lkQbYN3p
J/SZjlM6VKbEIDEZEURn0nMbWQFPCAr7tNhejzqomiWH5URIiD1+4QYCbtTR
cHvTxcBpKHmGaxmWHT8L4BPlrBjpANaJbL3hdJ9i570mACgvu/D/jkca3loP
Efsf4/BuXyx8xmiJXrQfgDKIozoyvhrP1HeoiAJiZMaoO7LUDVj1jfh+RPhS
14y8TXanyOGoSbG2yKTUREmWkjAVVD3wEUWe0YkC3QScJOc48i2ZJoCmemJ0
bBf9Y8fu4YXnRg80PReBvy3MoPNzxxk4OnGI8AG0rDTpoZRlhuzf1oVGACiM
g+x9ddvt9IZtCXDwvADLhDmsrHwds7VsVsLHgZ9aaUiETfRUURyizgGKlBoS
Toohxh0j/NaO3g10KIwuV6FwY2eLZRURWlHMMRy655+fNfdYiqGxRXNsYWS+
LOpZ1XYVDhDN0DBXsy31Kp/CMWOsYTqltxDUo5E9dXsN9fKs0a22upCcEehS
69+jxHVxbyxGZEvU9+gaYyAJ2YJDnXIE/7lVLw0da31/c5OByk0YZVxa6Duc
ZMirRaTRZbQtz8xIKwQEefIkOUcHVlGOy6v75AlGmkztB1+YDyEZuMMslmT1
7YfB+WqH/5v88I5+Pzv5vz6cnp0c4++D14dv3phfVuSJwet3H94c29/sm0fv
3r49+eGYX4ZPE++jldW3h39YZc65+u79+em7Hw7frDZYK3vwS3WIVROMgkdb
2IrHjl8cvf/f/+/mNiDj/wEo2N/cfA4oyH/sb+5twx937EChODRxXrELbQUk
4Syl4AW4yKCETBBXaqIkNdyIIkFDBwD0uz8iZP58kPzbxXCyuf0b+QA37H2o
MPM+JJg1P2m8zECMfBSZxkDT+zyAtL/ewz94fyvcnQ//7b+NMY6hu7n/336z
srJyBvxO3fHZ5wlfET6Py/QmH+cAOWMLRvSqxQpaoMvFE+mAOg0RQV/kRVrd
K3E5y+BIUW9LhagA4VH69Hz7ORqPkc60kJkOUxdHh+ooJXFIHJ+7R3gW6xkk
ZsJyHY+nBDwdAC74MiQhC/uUyaqKsiZ6Bi8kvtPEI6kpiWxngTafgsZ15cU/
MAWMSAaIjaFxxrIzsxqZ1GWpYaQjeh1pzR2P3QHf5Y99gYHENZsLEA2bdLjj
iUaKocrZtlreqh/3XlPge82OUfhNIuCB2yETOzoa1IoiW8/pzH/f29l4nmD4
NnAy1jzoewzQ1vM/ijyyIBYcsGBlJUnetsajijHPg2u7mOHYrNIpCx2OFU7D
pshmCmsbiFuk39vGmRfhKweRtM5tpDb/kFx5KWUnXAYj1PltFH2c6xyOM74q
KTHJQSQnHAKE6HEOcsMQTU63YuFhHiaWCLgryLZcgkMO1K+hOoGqFhrf6Eo2
FRFfA3OslZ5U6WseEy8TOHEsZKymOhyXLVV4q3Kr0WoAAeKNG++OLNDa4GxY
M02AmYM4QWCUV7s/0igN/IDbst5p6CVrZ4P1TmTP+vXhAI/CqlAKZvSWjCag
bU9XjRmGSJkNc0JVlpdL688tLHnVMG1+w/ZSQM1y6kefqDvtmbXiPiMvCenu
iSzlcMCLf4ar/1sXEVS/Ohsw3Ikt2BU4gZ+rf/pj+qc/K9kTAOYT9pXJqdDb
qv+t+uxFVEerMjjSCga5GO8KByC7sswNWRpQvBYpz4LNwRMi7u9FnOuStELX
/KBBfOhsxKM6vm+KgTiNx/XW6ixzKMv+MnRFZElABuZTKyuGrIt+iSaPptAG
9xbOVaBE5H2Up1dFWSMRKGQ0cp26tmZvaUYGoNO2X77SL3c3yZdwHBmYky2n
TEg4ksixGt5ymAyqjDMgjpUvhMjpWE73lGVzXAV6kimGT+IKWncWRRCKiQYd
bTac1hYJ4GJlTwfv3p58/OHw7clTWjIsCS1SknaQ8bwJ50vxNswLBmuPj9+I
s4cFV4LoZX7VHY5G4y59A7CEaX/6CUQL71OOdRI7eif5KXs6ZI36Yz76SIB4
epBcP00vhqMN+HkKpP1pnY7h62IymzpPwHdfMDwPo0iQ4P20txm8uNfX5wyN
KfE0kxO4OWV1kLxHV2xGLpJpZk6CMl2THE51lLOFboIKsggsfCszkw3xdYcz
4ZkF9oZALzovw4p+/kPKhbBMAhjp/jHBwHgY0Pt4m2d3lGWAgylJ65byzRcx
4dVys4yUAKRGnwktmADdXoYpApeuweDbuSyb0VpcXNFMIjZFB/Z4V3Bm9fih
gr/cbXfH/yArfbvzhkQhz3zvum2R75CH3DExOqtoWEo5wCQZlxwjKuZMjX6i
81bvQMcdE33IQCatzbBNemiYosVjQNDK63r2C7kO4GgvEydwA/ctgUQdES3o
9udZYD7UCHBrjlUlz9AceR1hpBwmZuB0xry4d5Su3KSU6cAUoJ+zzVn92I0R
OciEo/VYAKJgF8EFoNBZVVB6bKJVK3yGu6iwhQqyEi1asu3PhPJP0xzDci4l
6DoiEDnxd1aYdHCUPf18V7ydGRMZinvOSwyJuhW4Z/C4tYs5IqLKrhzYkqFZ
La9BdVADaCCC7PQ2N0TQ0KCFH12bm0sfmFO4JkrDE2ILEPAZo6PFS29D8Bhw
lFxQ82zgONFdpcyPu7GSswTRITviEGblYL7/KzRWPNxa7SuwsBM0pLGvQuk4
3ZvM3cmcSwaKziYoLlWGV3rduWjnarVjNBeVO4IKBvpncLQTGls8BEFAkp28
4+ric50MTXeBQ38xON34g2ij4gJqd+akljoGbqI5ziEDBokPqgOC6ILfkgMP
RSLWmweBizSqu9S64x1k0R2RH8VopQZqD4fv+b+yz5eEay8RRXjdVJgpS1Ce
jEUjO4ZcSzzhXoyVExoNT3fGsOMrgXLSRYoflDEzCCVitvKCWCUkEo4OQ9Ew
s65S4i9MRByPYa6WdNFlNFzHiL5NufSLJvSJbAIiww1JMm5oRkNcOhts0q7O
Bn2WmiIoTlLT4QDo1NTmzLnDO/fvyDX8uIOT2Q+DWPNyVgPixMU999aeaiAv
CEivcqBqG59VJ+pIcAnPDdp+ObU6xCCjTJfT42RtwK/hC/DvJr8Gv/WDuDWL
9eN7Zt5YdIH0FxMoMywxP3lkkpdLNko0xHFrnOslb/VlmK7+6wwBfFGlw0+Z
atkTNnwAjvwP+5OkaX17tXKUzPtB2Nrf+22PHQ5W/j53nOTvLb+Hj8E4f8S0
7DNFoTMhWPBh9zd/fsg4j7aef+vSDwqR7mrg5yvWQ9wTKcTrHK0gX7GeuT9L
j/Mr2UI3ef9ucK6Gve7Dfn7D61lLZ6ODZBWQZbWTwG04kNvw4H294nftBez1
eusP29ejnfu/PQwUyaHLw883GZS/esh68OdXOs6pI0g+/rnLoTsysB7osuPw
l2ssuXykXR/Attcfup5HPy+WUkVINQj9q3/0en6W+9X/r/sl96v/r3m//MOd
Cx/6b3i/+r/4/YpfL+/nV3PHeaT1AJx9bcWy5l89mI6tffIulf786cFwDi6Y
ntafHuu8/uOB+NP+wCOs51kY6gCC6hF8+sut530kpPTnXg/eixAT2S6SdL+G
7xhcNLz0Yetp//JB48QOF7WBZ7/QehbA+eH0x8C5/08I5/4vB2f3TxAPHmWc
b1iPo7Gu/HSQPImaJbhK4a9XGx62VVCAp2hU6VLa4a9Xh1iMo1r9Qnmh6mdx
LAsNf0vEQ9Ow2DkGBzaCcxyFGALRyjLN0fJqbcaO3wZ9V5hhKG4KdETV7KSj
mlsau+FZETuJDYxXkxh53bLLy3yoHq/CBCKYXEjJ4vNLs52XbBbKiubqXK8S
rK7NfaRFXUwuX07BTWjoQqMc4DWChKoN0ZruqHgKWpbJmFFT3vCcNYo7lGv0
x5dABiMTZZMmq/x1nVUU1mPMPKteAr7sK/DwhPuITaiGVifKnI+vwqjh7Ja9
TJQxzUbFqYsnlNDlWL+0jBXFJsUXLvY2Nj/ZpSNGqqFXHr7nYhu5RPg5i8fi
b7BgPAwfQKsag4LuaPqiy19woIn1YmK2LjoK3bxw8Yl4VvTIReC7Mws9iJ55
3NaaG9l0Pi0Z2Da3W17jAst5i+tB0AUON5/WPlgJWxTh0DN1MZNwqhbgczWG
2pgqxenkTOMtiaoneWPpwvKC6ECyxjF4dAEAN7LPE0pygyVdZeQ4vYW3R+sd
MUC6Q2VYBIeif95XWfeoLDi0qeZg8mhAAXySdYfmSaB/H5o++Gbmnknce1BS
K8ax1etB4l7kPXhqiTQ9TuZohvvyWVDgvhceNN+HYQi4qXCM782KHC61NerW
avz3XWg/lBTBlxYtaXjL+DhM2aFWB+euF/411+Z/boH6i2YIBqGyYcwDm+eb
h20iGRynhARw1GFsh15WjeiIBGyQNwUt5jBXh8urSCFaxwcMO4/FbR9nk4yz
n8QnQ3V66Ghcjy7xA6zlcZsCw7swPmZeFNYJ00IEzMW0wrX6V+BqecdiK9jy
ddBdOpu65AwLYjmMOl4tAFPpruEymldwm7AHyMWZhw9iG+Ea53OICTMIYXTp
+EuQcNh68QX76nkxBQ0QUAFa4aB3acEpl1ppRZkLPBTARViDiS2YE0+w74cT
UGzEVVZgiYiOU78Cz0eLmwYOLKcAYiT0BkuNYXkprs5B4wSJ3y2Uz9QGIEcY
7gxAjE5jrdHk1KPgMjwUb4OfXeeTWr2VWmKFQGsy0mkZ7Y44ievGOFzmZghZ
LGIxG+VUIXONw82k+G1XP+8kfjDrbu+5B951io/mgGIpNxfInEaiM1N6gobW
ifBiIpzpTdVVjHZQeBtHN4bDZDlIvYduNSh/DFs7VO9UqiPQRfHGbZBawB8S
DRxSG5dqm0KCBwpKYtJavrFYEoWTFc8t+3PcmhE1BuPdpOigKcOCfmDr1NSI
wEV5mX6yOizBW/WUMnUmeWYI2fzoGBHufFLP95ERJq5+NDDI1QVYRWokSq+9
L9+v23KvEn6cRZKd3RxnIKKsI2iVCYVcO6zM6TCIYFo7K9ar5bpUIy6PkdL3
FLsrMgnVCPKSO2I1R8xFxt/nSGrkX/fSZ8P1aOqZVHJ07ohXylEDSDSpzimz
5ygSw25aC7NQQsz6RBDtF8bXBNF/heI3nq2DW3FFJHpTfL1OQ2W+OY5vALR+
il2AbNXso2sskLM2OD5a/6bQPjdu3ynQRqQELpGN+VsjbDdBy8sGcqx3pCys
qDBLRBFKwuV5GyFCnDCgXqrkhxIMrgt3mculAYG9a2Os8GF6ilOL7V2j0peN
mOBIhA7L8s0ExPlL67A2T4XASP00VeDH+UWVVnlEwpFiSfVsgg1Resm7KRfq
ZPCDfDcbwyrHevtMyRYRmTg1IpZ5USc7tLRdj5kmbw//4AaTkgJM5Lljcnaw
AQzveXt7F0PYq+TYfIY9UVQW9KS/D3QfcJ0L5UAsTwcPflEzAUjAJEdrAGnj
Tn1LBClJ9Ux+U/ayBWywLbDUSoY/d4gp4cQRocJDo01pFg7Xe4jcECYQ4fp7
m71NX/AyoYmogUnCoY0i9Et2UJlz3AHXsq2ARN67lB37QnWH7AUEnEKOrVSC
yUa9vnzwrBdy6p3posBTG+H9TxN46kvwmAqIHWdyqQyN60RDEpfOwMzO8VgO
Dc4qHFgQKEhiteqFI09xwS0VTbVarupNKGhwSbGoMsyiSevYbBWflON8KL1W
NMmQ5GIUVsiM5RVtFk1P7jpq5WZREdXdpgn6IbsPOVqbtReVOKk4MkkNDdnY
u0u2mqE3zUWG7gL863sqakzvcdE5ozfgEbS8TmVaUVrRssgyRLvg6LfCiVYB
8m99f7m0wWSAjCEulFOSjqGJF6HAKxV3jMrq7dChDilSB/qUxT3CLrL+X6e1
l1tbzFHujP6HyaOOKkxGlZmmMPKMi20UkojtzibKfDBpoAtavc/TnNtue6ti
q4Wg2T9jLORRZkcF9eQ6E6jFqKXdYNR43Cipt+6X5KSSguiCguMDGZ/L0JrA
dKPsY3VUN6aajoplgoHWinEZ3ByJwOOEXzwDpXEnpZzHqzR+XqWlJcrOGdlA
hGa10CS0jHpq5QO6rMpWzwZ++jAdfbOeob7cCvDGEhvFAb1p/TBk0xqF3YQc
8yx2Ibw2LY45U8twgalb2HamDUyzSC8d3ywwK8aIiML7U03lQ69pc3yTVHeB
IrQ7i1+ySVodAchYclHISg2egIpt9ntLEjIRlxzAIHrVrqbWhmRLAM/4KFqy
Qxz91bIpS8w9CzrDwKlq3u5httbzdKr1fMPiptbA6rHsB6WeuMlo/9rZJyRR
3StpMfrnRYrdc/zF0QVzqkPl06gv4ElyRC90QT0NKJ8QPmZxiIdBoq4Iv3OM
dYHC6KFsYLPWKqcDv3waAXKsLtKmlSOmoquW7ZWWm9N3b47NDB53yjaEZ7hE
VTdP6QoBZfya6H/hgkS27nID/OjW1Ae75aQWjmMlQZU16iAXOIjzCBNEXgle
nB7/6Tsq4y71eOM5I0ZTsLKf8jwjdCOdHOhwvp2VyHmqp9EOt8MP568/Hp2d
HH884k349XLRkodH+VvfL0gn71ZKt8Ahvt9ZxjVYerjjLmTNmNu9NXCJIH4v
RlJiZQm1lw9A33WkcmUHPQsYlcAIm9z0KqRSuywq4URaaDN3Gpk6lm9zDxqG
5eShV32W3DixW7QoD43Ux35djkdUfSjpJi+cMuTk92siTA4P07POUunAI8gA
AHAKm7e8Z6Q29xTCN1f6lO/JW4I9NzabUnEYPE/Y7wCr4286plZ1Z1IRVKyW
gA9siTULjbyeOMI1UoTlkRgjJYe0jOiQXNN09oFTJGA9vuWr1YIM+9vyzx7j
qK7LUiy8up7ocuQmYF+7K+qvkZLls+AzPXRtaRG/wpRQq462elOfm9PFQCyW
TPTtOYzzT5lzGLbA9ijjxWNHjDbpj0yMMJZxQYvZtlasdAAzztJbqsV4k8WE
DTEQmC6Jdnru0hBZ7OLwhee9zc3lIxjCFbPVEG8uRvt4d+MRdzE/6M06IBtr
UOnVK3ranrFtqzUshlp/WaAtQFIQk6X1gi0UUWVYa/pCZbbIxhxXHh2KqWjS
Sg82mVUfocZ0ODhgwx18yfbjExVinnhMO7jKzKlE2qJx3AoQ7Q77wLTpEQNi
eBy3iAccsxGHcha73tSxJg19GCKzlBxRWSjQdEyIFJoPrioq1SfFzlw/hucO
w2NMa0d3+WofsbervJbadVyCkykrHF95Vc7qFujOq5YWaGRbLrS32HPUtLk5
7UucUoQERBU+Q1lxkt6jCYQKazl1jZ52fD5gv+ECPH4lC9b6zZSBUPQKI+04
UAH/BFwXdWI9JvbdkaHF2IPcmo9tdecp9MQIsssZAtP6k6mbx0bBSM04p/gC
tYCLNRkIFpA6pkjr7lig5zaEs3QahjPA6diaUuHp2G+WOR0vds8SoJgbLWbx
5APCQw3JAz7q4pAzp5qzYBuA/h+HxWW4hyimbxo/rB2K0V2EsPtimn5mA3ds
iP09dK1JOQLcTqGBO2pt5bJUPsI+QPwPLUJRk+S5r+eFV7B9ujsMWdeeH6mv
YswrUJ7QlK27Ff5tTsIBLhNugsa9t1ucHahwjS5VNkvTWDTZoYTt5iwb3AFy
Gx+dQFYJttOyl8nlogKoACO/7vs/e0FU7bGq20O7CCpgRlLUSqczKmaJk93F
O2Sjvzz1MiTIb4SN9KwOB7DG6tn0BQUKeJdpyfqoDdI3t1yq+Nezz6ZFthsP
8k9cPzVxOh8cSYBZWK3CxMx7Vz0mabKBhrMYxPZA7b5I94BfL9IrNVmbCsij
bsalNR3UStwXLz2kWw9KD5IuOTNRASxpjk170KdMiT7iWbmXmuSXf0d5VBM0
S7W4BIlPR/aUP1AGgHmjloDfKBziQmKd7PZY2H8eoOECbSTmwnlsYhYenVHp
zQnC+dFq/vRHrDuMRbqByjBxOBqICEjkxl3T22x6XYKi/fTT8G76lJ6GX4c1
F66UeC6JnaiyKwxaUuwnODNpHVXp5bQ7t21UL/nTn73VNanaoiV+3oEtyhp3
aNs//yobdHXRIoc7F7LE4c7wZ1pf0M/DCMWKWyqwu6FvFEdOV8+goN/T3Arg
HcVBVvuWiIQ0AYkXbnkxkdHtHf/IZv2GrN54IiIVeovyrIFeNCKRbtMbwrE5
myU6FiM242g1KDHHN+Q3bQzgayORPD+OeGgW+22Dw8ebdLgYFvjUN8Lj7eHR
PxwSFAPUAo3z6yCGVPyvbmKDpDVKx6EH9hXSsqauJ8kXfnO4kxhAe6dBTU7A
7vxS+EqAHfqsmjmwZQCWiZJ11G3fJEKM/FNBbVVNGWwSUxzGbjoSzdm7u2qv
Y1LIkdiybeJ0m3kx2up2Gh6NmOSVK9nKlrGLjWyoDdF9/h4CyAZ+aT1NLI94
60ZLCog4/O0xwJSouY1Axe+jE9IMifl9ozLjOdGGj/4AQ3U9szddjXYg2puG
IUF3Njz1HwFXx7bctsJmEoEI8za0HB+4uKduyGGB7dSP/OIMYhuJLo9rH4tv
jERvr6UXejwcO5OzEaLGPq45kcWuuYRMfBj1utnrq8blRcOaz3e3tqk1toKV
IZZTzhKoHaiCViL+xaivpwJtiylgZ29jB8e0RhmnMD+OXx+gpMKGcDMJqGzZ
OFk9+f37d2fnJ2fdw6OTLqyoe4pvdI2LelXEEAqooulzkI6703Hd1aG6NFTM
PuNMezMB3UBNKLzDp0p80/ALHOlvWVV2x1lxNb2Wcbb6pDTSRwIj9EwBptVf
dVRb0cBl8zkHLz/OUe31dtRuQ7P9Kx3Wx7bD+rj4sJ4CIf3Inz/92sOKdfZp
nAl+UM6m+Nf7s98KqXn92+OX3ZPPUwyR5SbdfDf3d6klBe8HH/918hokn+7r
tL5eQ4tjJzn97VvWq0P7wVV+m3mWsIbN8+j895qAvygBQFmDQ38mFK6sriuy
jD6VwqVrnzeTP/09+dxf1zKZ8Be108AEaiS4mCjC/mQEX5GaJhjjLPnMCutn
9s46qWdideQpcVJ4UiB6wTESETouRfax/kA+zW7IH4wbN0xQ2ZU1glvruGhG
3gg6JX1a55RgwpfrP4rZePwfydrG58vd9YaXuDmKrM0BiHgUeDjn6OyKfD0f
NuJAo78sNJwZ2TLqqfHhIzqqQSO1VnvSaqcZ9VFPy4rtsWj4lfd0HyUfg3Of
/MebwVb8htzap4D3T4OVvU2RoCCeV1kLoJhskFCOd04HoN8PjYM8+uq5h/6Y
ZyQElnOMyJJGQgUbaOw9XU8uZwVrHzjOOz9ULx8JfrTd0rBEBpXpYO8BEWC3
MkziYAoW9dnaG15cbvU3NzY299L+aCtZ22fKto5vmpPkOkvJ2iZ9Sd95sOTv
N/obWxvbGzsbuxt7G/sbzzfSjYuN4cZoI9u43NyAt3d1bH9RDDsJy7MQROGT
77K/A7jUa2fpHePkurPiJLKhFXmBcPYYL9cpXC5467n71vZ+9L2+P9Gm+8rG
pj7SGLrvDb3JTyL5gyE250+rTwPy+vBaDN8QqCw0sgveK91MKShk1/bs/mT6
YWIKN9XPXXAYVGHyV9za/HU2RXdCHclKMHHdJFhY/4irKFjC3VV2urRu3WmO
qH5Uxyrih8G4azGPJKb+gNlukCpPtkdPa8aa6OZ9G0Cj6SQklqPiWUsLUlO/
uNUHFW0Z7NTDnhsktlyH2EahpqaDMGKoVe9g6wk9/HSAAnoCp6BBAPWA9tKf
g9eH3f7OrvIUil6s2U+FA5bey0Zwwr3KBxPaN8XzO5IUd8uDVf2anrMSVIeU
vU7yZt067vA6OB58mJqWxnW7PVnkO779LPuktcO+WT512S0/j/c/MFuhd+YS
doHSfX4Jp9V9nY3HN5gswAygZrZGQQk2BGSvt8kRMz/99MPp4Ly7v7HR3dk9
pOgEC+OTo+PXDfx17r925fotIOPhVZVReotzKAvQWfyukgMeLD+8UDhQ+Egj
ABfVYnS7/L6/s7P5nN77/fb2vpiGMZRuZNrQOSXwneAY0WL29rb3NcDqX+EC
ulBFtyUHKy0LtASgopXSPKO8VkczdidBRMrEjCCua1rA595QT6G/zjiRf98Y
I4nA/s2IjmSVdbSnQ08+Cg05tvC+SdCWp7sSTdXF7sN0fC7ve009GCXSau2o
HGW/3uht9NdXPlR593VZg7yymtY9GasHt2yVvnqfTq8PpN7X6gqJSaCMviQj
z0ECaLbmMNJn6TD7FTqY11fesyviYOWnFayuaWJLTEnNnQSHhcsOElVdVqfF
G+qLfVbCzB16h/suuDU4n+M7mJhCTyRJpKNZ4ncmk8cabc0S6VeGD2RRUxs+
MNxJd3u9HkgSG09hIdk411SvC7Q8Apl6xksV1HQWuw0D/CSzsyNN/6atzS7g
3z5uZ7vf3dnobm12XwINftnd2utu9btbz2WH+DAPvO8MgJ9iB92PSHueJZve
V/jlJ1xaQl9gOciToz6v1D4xrG7h3y4+gYU53yPrCJ/5TPvp9gkWo73hcGOv
P8r6/Y2di9Fwc2drL93Z3hrtbA13N9Jd583gJx1e7Paz4XC0/3xjuHeZ9veG
z7Otne2N/ecXF9nm1lN/1nuedYtmvXy+k22Oti/2dzbT/nC4v3F5ebm/N9rP
+luX/X562T7rxV5/B9a2k+1s7oxATNzb2sz2nqdbF9vZ9t5mf+OpefXLivtf
/PfLypdo8cjYTdP6kdJBUWMavdLd6oymJMGgVNILjYfBL2zjcDhZrDR56hdl
IHrnyZBuBBAJWPMIbozWqmZ+NGg0r2PDEw6H6dqjkKYkFEqCrfjkki+J1U2M
bsXm+Zi8CIsfBYOXxt5HwdzlsHYejoanFuInioOMOu0xFMDW/IAkikdaR4R8
IyHvEU8WFtii+B+OwGhUHtUofu77qhVpUH+YnwsdiWxF94xEP35rNdblKjD+
kxdijSWjqzdyVJLtpYwE/7rBMUFccy5h7yriGZMiUyAj5mn1smFW21gucm71
El+SEUfkw+SYLiMTkZ7vSM7T98NiUclT2sFH3nwQxvnQGjqq0cwbk2Po6gam
2AQvky0WqbwazUT3i6dy+KcOx/07i6uSEyfdeqQxPzVoJ8ma45vuwHUfraOo
TGvqGN+pX+PVBANrQQPq18SlkjyPvGvExDTeWH4XrT8suRbedVhWswRJGKQf
RsEZytE8IJbHmSKZmrYm/T4GQA3JyzVbfm6bKfVLo0/YqdzHu6lJF6koKc50
jzSOyLbF+gXVqBqW50jVajwWfFTNQwBoqpI6CcSKN9P70ODsZhiZZBeVMYZB
sVh4xpJhTPuwcUoe9ZHISjRgjEbZyNzVp7rIRnRbJKLfj5PgKjJ3aTNL1E/K
CJy+bplkh7hJacjFKRMyx6NAQY1CUShE0l/F8RACYqo6pgLOoKIfSBidRW6z
uexBTECEpGJcjyl/Vxj8iQWIHQSZF36kfzziqz3+iYLlVMdvKQBkGJcX9z6P
Svt3y9mQY6b62XYhTqxYEo0e5iiDoQqXymRVVWLEKMB/VQo+f5S3Vltd0Egy
t8JSpOfXtkpaGP8kPSxHEeC5LKflJqSuNBStddNxcmIbx2gK2vicxOb2BzzD
0Dqvvkwr1kfMJkRQ9IJNuY4nFe7QKQCqKVaZsGS11aZl6xXKFU9NPS56yMT+
/mIH/09t+KGfr7H+0A+ZgDBTIzM2oACBXQvPVvr0Aaq8CJsP1eg/qIgvev0Z
azui0ju6fg8VqCdPnvjJRu8N3j6hfEcnZY2vcEtqEseqmFi+BvpHCacmHrbi
UjM50gv9tM3kjeHTZ8A24wwjx5xMsw4b7K/zYqoVmtRrK/vDoK5axJAh41vi
VIZWz1xPYOiQ6QYMncQygaH79L8WDNPaLaSMThMPqghLKmRPsSHV/QQ4XpVO
gEwnWC6mAn3+gYCNWUMbSNqM1VZkjbz9swO8tzTErWsyHqxuq/mSkODFkKqz
xvGCtMOMgzIXw43iulthF4Z2/uLwk4axDeMRcq21t4dH648IV7GQDlj4MMng
npYsNXRMuVvQvSh3uAx7lHBGQLyzCd9AKmDHaYI51oSoyqIcl1ewxbHoTPBe
lY0zbHtPRa454xv9qDDu3+yWHWGZaq5Pc4o7+S459TRpbVtsv3CNYgI3VqNb
1dG5NQBB68c2weN7P0rdTKfCT8wIByfwAQt+pU4NKzXtWfiJZc+v38dPdfmR
Lj9iaoi2NWJZrvnKY7VOGZHaTcNT95RUA8GxdwrDUtbrG3emTi1H7aXSqCIc
LIEyCPM6C00tBuk430GiCVMJQvSOPzibjqSVO5m0C5DBNcswYlgfq4OMLZYs
pwSFr3PyTlzlYYg2Y8UHwYCgmiOZv5AO1xEAW+sZd7cBTFlU4QAxSrHjvNHw
JtKH5zL/jHeNra+lxLTL4+P8MsOEYLWe8kr9xhAR+EwdVcsp3AJqR+U0czF5
CF7JBKfkMkP3TtIb1D+eWv3d1BklO5WHThTyYGsNxGiQU1PYe1XWZQHpEqsY
TYrvSwUJD9ta872pmOlKCzHiUukGwoZkNsxf7ZWCnYYAjcKcawv6TMSuftPQ
qrWeGj2M3EpzZlKbjcMaogaUeZZ1DRGOWthd7T2YcT6wgt0T35Liwbfc4kar
qko17wGqPEcHtk2iYb5OedagZrdUNxxZ3Xtex4mwxQoZMYPcLFujkNFQ4jrC
CmPUns9ljF6yFdxKU0YqzL/pGQeruS0LcsjpvDAmm2KAViWvNxuton0BN0Fh
XrmJLbl284iWTE1akHdWismhfZFE2m0uE5tqOHTUDbB+yEaLskjsZpe2zhVO
mqlrcAttTm12Nk6gbbO1TZ32Dl5l2qBMnTF0UgKCFvULbOZzGOZSoUhzBHA3
JQKXYAr7Ye5fHWZ4O0gVdLAwS39gGqRapRUPuayIhDAVpY1elfR3zf8UCm+8
YbAG9qtodVgqQjAXvYmJm/KunEi8MPUrsLeRnS4sEp7GHVg257ksbrN7L0rV
z9Rs1GtLDRzEc0Kct9kayYsqd4oxKFAefN0LbRSWmbB+4AUzdm70khezfGyb
iyGJbCypE6JIsw4EnL9LrbSNQsHV61z0NEkePp4ujaaSAskLaScSUsKIxXIm
KEZ2iRoR5tECl7ggdxNL72MtbAlKl+WEOq2rdwhF61PBViKrd+rhLpGOb+nW
VDtXRUpFBQzSBul+h7UPnLjvaeDOdHxQkdzL0VLNfGiOtlqyzSmRnSxfhqhR
9Sha+OnBtDxh84jTqU6d4tK6RXgQWspJxne98DYG1D4wpwGUG3QcL2qlZcD9
rNd58gFt4T13ltA6fSQvc0KBtNLqYAX9oeNtlPXqakDGNLXstfwfmyoKLnxN
oAh7nlBI7OcJl9Pmm+YkNZLwlNIaqCMZ5WTTOLUDsvmllywu2lV4SYnRi+zV
Fpt/gQVczQK6LcUnek4mD+zKKwJurZFeeH/bhVga+WIJGFRgkAoNNWoMBaaI
hyDaL3L/Ho68y4HBGmN+AeSOnFltV1u3ndpjY3qECS2B7QvNwj0/pY0col7O
EaaYuKWbJbGI4+JQVC0Cg/Jds9SGb5xabE03/uUYoBayrwU6uvKtx0zxEDLA
+aduSX6y0SIHj6ihBtAjArKblKCAZ2nZJrbZrn7tvSOXJkY/QyLNvzo5CkDy
S/JUfylOnRWfqAhJ8ZBO4yxchFFEbFNdH6SWnHKDRdPLYuHsl9hA4RGkfqc5
WGOIyA5864i3C+yLMs3HRrGjuuGiIj5YkV+gjXC0HPs5gLIRBhoDWgQq2D3N
NKc0vmcKk5JgFNMRI21PGosFoLgHh1ZS9+BYQ7NOJYcheM3cggXFm3LOC4vp
B05NT/c5cG1CmDCI3NcRHtHzDq/7NTy174l/90wfU2UnEfcW5W/mXvfUp+kw
+yjDuNTGMBXmZnA90slHIgUfuQjcagtV1sZ25xZ4poSPt49peZdWqO212a/d
+Pu8bljWJQae5ZGhWmRsm5ygNRu6KpoG6yFsRTvhKt1u6SAnfeXjPT+SD/WM
KW+uwdYztqRQXfcC0/kIP0ZAJYbkA+HitCA6dLUXtmtqLbC5WY21IIxDry4V
MWCCT3lBFfZM+ARhjta1hIHLm3w6daJg9bq5kZUsoPhsZu6pLhysqkO25V0M
U5d4AfKcOu3L5V4qM7vDe6u8sL3y7Rq1SjCiS9g/u7z0BFfifPFcWUNEHGqA
ByxlZqU9W7ZoPUhgyTbj9VuwjUTdyvtehdAOG6Qaba94nLIy7R9YBHaHX1iz
v052pcLo1vIVRo1gH+1dLCoyOUnF7B6r/h7ps/2YqRNz0atRrPBb2ykuARQN
y1waMI2bNQc4C67soU/kvLKNerk8dYwH+kgDLTtPE6hNQEiTTqc6xbLdp62g
HQLWVBy2eSGRhtfNbPOl0m/8jCDxRwJ2xUrItEClZeWm6dy0mhXMVjg1IB2l
Fzm2XWgJoJUWshJDi21l178hLNY5aCfIdZOiVve3trfSzY3NjTTtb2xvD3u9
3oaTr9ryMy8/2RE1nNm2MAMTc6gDAeMpv0SBMYjyhReGi8mUW7sbG48Sfisn
G4bc6sdepqxxRsfb8L3n/WmMrfcqeq+9YBSORBEhj6rV3GUXGg6hddkbxNsU
Yw9qD2qwiEarYJrBMp04YrTYLRjnNFfFblfTlEphla30zkgJetYR4bEXtQ5x
Za0fz63+2tSMPXmV43wimnFHxeR5LbF1nSYkwYQqCDHxiddXr3g2mrNSs4pv
5kJfvcAGa1kGrEsR0O/8wh2P2xrCbdX4EAsKyFAcoLBkd0NSyzWT1jLxRZmv
S3megHZ9ozTlQk6zOiw0WhpPdDitVnLbGsCbCyEUHOD0NFbIC+ZwFyN6yMK1
oAzrRw1R9KyEVVkAtaL1UgjWBI2pcItIQhivCPXwHinWJPLYQvHShNinVUEF
w/go0QraTkX/KJnS4nbUdAsrLS3bxGae/XKZM5aUAWNXb0tHmb+eOaTN1CRv
6d30kd6NlzVl2FBeRBtU4rkfjwyV1gST+et5MFScUjZzoBKVn7uw+JgM7dd6
6HA1A6vvWkuk2wvIUYXXxGsAX6wHOq+w89YuGE1SsKDGCLD0ZlLY1sJsshx4
S+O1XSwbsrf5fL+/sc/yLAm9zQexmE9/Y2sH/m9XH4zmpz3XhWDb2VmVfbxC
2nODlpOPk9V2WXyuJN4UsQlQVsSWQbxqSM4jQTWkJCiI5Dwpz2iBFvuz/1/V
jPTn/3/VjBzq0Eh99CjDqqhN5MIKCsRw07V5ZAfNXdJ3ikrEotLVXgTEeZe7
VcF99itrMwFJL0jVFc9CxOS5IVOz9sYyA7EMqreGT17DnCMgWDcod1Ez44nJ
ArLSw7Acz25MvWX4PEeCVrG9gWw8tKObLC2k/q8ZJ5Xyn6CPPVkle7F2PgIJ
taS+jzw2irlZCjtELkDJRq5R4mSUT8vqKZm0sgMUIQF20oGLOhijcYKjCSnE
nPMcHGurdEOWdBO07qxJOjfsGu1k99QoXl2HHA/BEEDfiLzu+BaBup8e/nAY
I9mTKptO71cOn7eitPfzJLlJJ2vPsaxrsrG11AuzgquqrG3RW3u7S72F9HGt
31+XW7K3vbuze7y3AYR9Z/dkb2v35V5/+/nuyfbR7vO93V34bXdvp7/7Ev7v
eEXHaGM1tPjllmEWv0sr2TxMdnf3+7uArku9ZbkWQ2z7YZNu66R7z3c2cZSl
3rIckCdd5mid1/lw9/aTzf3Fb/ExbYfHtLuz19/dhEuM/93Zebm719/YhWOC
v4739uAb+nRvwz+qKDMmCOwn/YXn5WLaPu9852E731nXyQ4f8NY2I+n25lKT
ETVb21SAbR3KlFsLL5O7UH5/ezl04inNGR2+ODpGMUMnXjiIO/G37JWn3FiI
Vf6UfJSHy82IxMnO9+IB02ya1w77y81jaBNONf8d93I6b+3tLXiLb9eW8wr8
bG1v9fvHcME34N+trc3+8fbu9i78u4P/wid79G+f/n2+4o/YKvg5e5l/QI2j
4Z8FBxQcjcw05x33aPy3DucgLE+z7b8wb6b2aZI5p9pynvzTb6PST5IiuyKv
ztrGI62w3/6Wmav51s5+yyL1ym41dwU/x3tHRyCLH5+gLP7i+Ahl8UOQxY93
to52Nw5jsvjh0Yvd/snR0TEI4Ud7Lw/7e0fPT1gIf/HiZHOrsZ92iJv9NNf2
lft5+XznZPN4+wVI+Yf9o6P9jZcvX+7vHe+f9Lde9vuHLyOvvADxHra7cwLi
/TGL9yd7zw+3XmyfkHi/sqwAb2Tl+ZJ88qE2EuuJvIHSPXlOPpgkb7+giZMC
GM3w/q9KjC32aGujdIofXlFv+CAsi0MvplRpAbNx/TxHLznebeDoJcifh3Yr
P3Z3KWeHl+cuadut/l8Ty+F0Mw+r/El6jB/B2zSAex5yLGyiDuVm/NkSXhAM
ZpGJbVGmeByZiQYJqxvOLYq2KKWRSoBxRbBay5o16v/QrWzU/hHjXqQCEFsM
FxaRCWrd+eVTv6FIjxTc4FX4qOV3xAms1R2j/KexLj6xqj4uZBpmz0hdn0eH
TModHNqL73CUzzIleJYFmzVkLwEwrTB2NgBwu9mUSqqH3aruUq9smV9aemLp
RwyVpSm9goqIreZWOKF5f+tS2XuTsD2n+dXZQChGLLpVYsU5UDnX0pXuEfjX
j2ObtWG3ZPmis0Sp5tlAa9lxtoTJr7GlZs3lNkUiNVKRDtONIugowTDHLGFd
lMjgVw3Y8yK3WlqUr1PyqluWlWLdY+PtLzUe56yHSXxnTpJczF7fWoXBbhgB
ymkSJmvWtoHx2dcaFdPzgOiDat3m7PpDGjTjKn9XSFq6wVAGSJ84gVfvEN8x
5L56nti5eJIB+X06LwCQ6+eYyuoUk9iyA+981uMMBEtTjOvSq7fqAh4OaJDf
5HA0GJRKMGAENW2UbZhswHzOBp48Y070bPDUPcwHnZjM8S1HZmOt/1XPTClU
/NyAYCVvZ1PMiQmWBNSH8ydM6rwx5cqQGE5mY9nhUa8MxvzDZjKp1YIxxn0K
susnmGAmOe71tBxnQew7SLloq1VRkdlcPvKDobTkF3eMlzW46VXxdslMwme1
TsIVu5rJCeLtaycrmkGB8f8KqnF2lU9zxAzsP44dl8OwfiyqrL19MeJWoOiH
nuTTB4GARJrcaeBLLfNoXBvpHWKttA9Kb0ov5ldih3tB63WzwyPqrUhZM7Vf
siRWKdWROR2vabORd3toxZqyXM8zG0Zbz+3O46ahtSV/YgNtt4quN4Btbahp
S55ytzgUh3PIUhv4YTh6VEKzvbyDMECJ2jb1UcJ8MVq/dsP2un9T4WZ8xe4F
AbtEKnU0cJ304JRyD5Dbcb0up1i4Iku/wwTJV43JuRZgvATgS+B7jhbtuizw
2I6wed5Bkq/DZaB2c1FUa4QIe/0oj7h3qLvEtRvQ7EDLX2/f+vdJDrN6pI81
wrZT46P9XsVEIK44AJA8bPglMdJue1imgX4CDjq3zO7JgrGpHjkC5cU4veGP
bW9zewym0BWysYqrnbjyPBc/onKvZ1LudVq60u+JSr9PPAGbnhCFRFk3gaJu
BURMpJbFiRbWkta0uRGWF6VFn2nFJoxLTtYkVnndLhT1AOwHgh/LUs+aRSUI
dZyq8VbHd/dw/vGHkx8fskYnU9ZphjuCmdBr2zPL0ZQOyc7geYi+5ZkcnxtF
tcaVIU9H+Bw1ONBfptfYzQT/0m66B4n7sAaGfWvk5/c6qQ64VEAr3wF3lfr6
w+I1O36gjYnpCwL5BLjkIq4NJeRsKWSGHLEcHvG7N9JSPVL4jDZUpOPyCuvv
LDocGIkPR36RbcNf67ZIePN8TJKyO5AHcPOEDB6Hq3mq5PKpQh8NhHgAuyhE
7Hj1J4WxtecBWOEGjGrhKzEgGqXBq1ClpZaCAHO5qfECmjBtEFwYjsrNG50F
cx+Wc+/e2QqpDcSWi831Rmc3XPBSikehBdmE21l0cowrZFyeV0ufK/hgpBcG
FjTquPgh31EdN5zUiRsLjCpL3KSWqFgKfT29dOx8tdkdrvsmp3zHDkiLYzZG
dDjbtqB0QrwAmt9ztjD9WNN1ETROTi4nvSbbvY2NZO1FOtJ64+tBXi43R24g
RUBHw1mlB/2r0+M/fadW5Vf5KGacd6IQl4julHbRA3dgK2qEdrjrdG5w+XKh
kzKlc2Ht1EvUiFky0D22ltaYRhMn68Y0mnuDeg0vD4tySpil35HNC8mmU9J+
KCoJaqkxkR1NvConXJn+CXp1rYRpGuHQVKxnW7HPE6RrCYay2ZEsUmE6L79t
8K2g0hNY4ZmpEUP/gqs9i2dlPGYiGcwxI+wwjJb7k6btkKDzfmEsgSpslhTk
QZUwovmWyXPJQVki09KIjgDksSYkm1xwVTMc2Yewyc/sO+Os8opU3UKumpu0
ai6mP6rVNQsqWyP63YezU0UrruUpmiiWozOp1YLS/oC4l0byqt9NyVRDnloM
9R7vRMY1fEfPqspEic4vrZFXhR+bEhcaPTf7nKe/2O6ptUZqQOGaK3SnxZUu
FOmXq7+G1xeeHY3Zlq4nx+m7WggUaH5Q0lYLtNr884gs53TXhY/gASszmsvu
3u7abRMkhUupyA+3azYVD4idZ6QUyHtuYQ6+4XXkgksLFb9wKi5D0aM13Vn5
nkwhihmTiEt2FshIIZWMUyyXAXpcbYe42mlByahjFO+wyfgJMrYIf/sueZHW
VMfEnXegbilxMwl4cjHvWNJ0gdUT6+TV2bsP7wfKGASw/rnYfjVaF8HKTBil
ycoK1VHVSE14gQHwStEORhaOdG7Icej8llec55bSGrj5tY8lNhpW10Feu7k1
GYCAOzOcDZx16CCIonCKTxFeUgUSL1hDKqNnKEFBGonR/bI3itp2X3YcQOKU
GVrGo7VcmhfrjEvoOsZAXWOj4jHTWCIvxHrW7fqUQJgr5NOya7aS3ubCM/UG
sA8J6Y1/dEIgCRzks2ZDM83GBUEvMoerEqm3bLxlfuPZahDUBdT5cSGtDGrU
xqFYNxk1TKYxHXHRWS0okoBMe0me/a2H/Whn6TSgm3Okpq6ZQ9OvQcxH3YIq
h+iJehWUgwrhumGj4NK6hIoXJRM00+T3Ek31v5BaYqilbOSH5De/TjaV8LrE
Uwh1yD280uF+1H1Tfnq42P/KM5Cy+iJrirVKDaqELMbiB9T4SLjBhesxdPpv
+F4kF6S+WB2cM2rNxvDzcDvTYqLgGWM8VSzyakPRpxVhwgKdj/9+7txWSZBM
UfKjPpbw60UKmjj6jdz1ipoUvkg4Rm0M9H16e+qEEphoH9sbM1Ati1hpZdp8
03DQLkGEJ/TQmxirkYWC1RbZ3bDQUfKhSG9BbONSkZH7+R1oAAXZC2/YIUb9
ZbM4QiksddUyYww1ndJ8WlUwOJs4qsiivJ4CLgm9ST/nN7ObTli4qZgZ2VdF
VsQMGqb9rfQG6CHz9RwwArlCNk4n1IpjLKS5AEIVgIEqfRMtiG/eMhQtmq6k
nol37nqLY8UavXCW9quvImq4QDayUasv0jxt52V9v5Zj8Y2cLUfCOhc3NLHc
ipV0WjXO4KkCr+COOEZdB0lteFBiGpVgKKaost+j8N4ieBqnkUe4jZkpcEGq
XESkZVYVUoCB6n45vVlcPV382OHlmwoTRVl63NyotQMb84Oec6zEXUsZNdKv
pPK82DdLbnykKcaRwQzBaivdLeqH3+7Ac6aFKlRTRHuqbtB4SWA8alfyp5oE
TkGmBbMxjbY18VKQJob5hH2j8pBjIvMp3hrX0SYyZF8DDLBeA8YOtGW38rg4
1q/7EOYIFtEPm0ukGUYjNZUv3Lh7OkZmjjgKrV9yaah0XEY3H/rzDvXBK5zO
0KJoHD7k7LGOHuOBY/quTz2WC47jO0ITzQMqqyjfmZklNbttxWZYWFyGR2Ug
WP/gg2VTUjUI20N2+RLTMrnmrBUlgDkhtwz8wCGDclq3P8DRfBjWIkAPOIeg
cgQKybVkl8vQ65tS6BCZmvjDRnHTdnh4RYVtD0H2SLtaejNQ3otKom/nlMJ/
4kbRDrg1SRBMa5z9/FxVd7mFSddrYcL5D1peMOpLMQ0umiyRBAvTKEVsHdTj
IxstuMvIpWg91MnJBlD4zPDc60t/L0VPb1CYhFmr9mGacRhMZ7BDiYl6popX
4tCHwwuNAyCQmUByp9MLMlBO27gGrTYrGpdADPFEhccZ5UUUge2CtS8TDtyo
9cZVzKggrin9hk3+PmVOc495E5DwYPQCsQflhfeeiXmxRpAHMLNAqXoozbbb
kPG+aivuu5HtfOXSvGK0h3+w8b/NW+uFw7FaZcJP7HXnWn3drMCLgoinQ8Rs
nZJUwPc7GQCrCXqWmS7oOHobyfTCc30Dmxc63x7a42cp2btVx7IJgL8gDXfQ
hKiczjIneN3Nimlxo2ilOodywTzOKijiSWB6bev21tGyLvNq9raYGcPCxIvR
fmEPlOa98qe1LVf4+WY+yCWox4xlEq7dniAiMxwOlioyhth3pv45cXS4aOjo
d6QNtNpoG4y6EdPFVS5SF7u12X0bZltXZRQljSDSiMNbCs9eotEPNkwhqeUN
XzdpzJcHlbWjvQx4eaH12svcI/OQtRE0ksRsiF4jlKZhd2pq3y1XLl2AsEfn
v6co5VhYuN4qgYMKACJxGleuEX68G+brJc14LnZ9xYONY+b5B7CoqfGF+sXK
YK+0CSxmN5OYZyeeMKyndTYI47BjgVNzfIfbhMkfCuvfDG1b4WnBCuG0X1FP
3ZiKaYyKcw/VXxIzWMHuBWAGuDUnzVushOUQpq0PHAVMeXl8IFdVY8fM0tFP
GrfQGFMJZh67IE7oDkv0I06nfWCA9BJZxm1hcMDAELBe+B7OQOjUCFSleD4/
v3heTKvTP6+FytrAu/mGF0dx5qH9tt0LVGZ+mnVf3gReMItcy830CPf7GywJ
/lznHJpreTG3+Y1exyU3Xs8wEjwb0cbpUXyXJmpTjj1a0soVHxx97WPw71yO
FUSKB6h87qyNkYiWS7g1Iptr+0Ia7S0upU3MYg7mnSjbk72We4rede0zLL9r
w2IpwC3X9Q9HxkA3WixvfA039qMt58vEUQfYkox5Dm8lLAp4pnlMyLbkOsgr
NprGbNELGfL0Ys7HiuYvla4zMbxof8mGUx93lvBgLWbvjbWFQdf+qsg1WJQm
3hpN6U5sVFnEDvyxtrKVrIEQfJGPgBk+xj6cJRD70hTFSKOfR1j9TrL2FkTL
coSRgskhEqfocQCFG0gWwVuNLnWLr3PZaswYxPqOSg41ELU7KSdoNaTyIT51
mZtQwqSOAgKR1ph4V5YqjW/KA+mE4jPa2qaaRmyl5SzxuP4wp5fbbTuyvqhy
5NRAOweuxDNKEvOTJEoA4WsA7S2GEtDITh9IbTEzp0oGA4JDVSa2ERkbFGG6
EVVHNFaMdGohJhWNcfkENRMc7O62bl+5YefOV5KJ2C4QljYjVJVELlEj5im0
BpIYbMovWh86iKKekCVGdXHPubKQqmqFja07/HAsiW6UKWYcCBqd03Wf7Idx
qru95x4GcgnxQ5PMJ2nQi3Yfluk2tqO7MoD6OS/2vO8bxqxvVcL2NoV61XaD
lJNM5WmB270/2ST3qTzedx/vxx7vh+FOPAgHXqMB264MqelVKRf2Yg6O+6aj
sBE3qOKXgLgmoop6DtVYa9IHCa+cr5V/ZI5mzP5XhK34Hu5xZUaTcW4YamAm
AcTcNVRIjk4Sv1Gek4ouO6pJ4NImcSiNmlqcHJtvaBGMcwNSzs3sJk6RFET4
u0HBsADPd23xpIA3fhjrKz6dV/1oDo3byRcLcyzA19o1vJH3wpvs2++ARifw
kqIJsXO22NGST6Dc4xLGlMMcdipHBXXhonR/bn6D5zR5/PuK9IqqrVyOgcgw
KXPi+jEzlxyAm6b3AwUFcCbSqk2+WaVhVm1qzGr8wi87X//B8/2MtOHHh3PE
x7yQfpg7aSVrzq7Wvcu4BhC5xmyXjvQJzEw4aCJ+gOw2Kyyf40JmsMJxfpMj
YVv3DDqofRmX4eKdN7K45xM3umpVRi0XqbFBg8SpRwKnPzl+/e6IZhCQ6JDt
/cGy0XU5VK1QHpcYx9PCZOJTuG36z8RH5Z7kNRVz1gRIblcbdi30tMoISLwD
mnstl5rucU/hZ7+xRqBsYGLtoaKmSUVxkG8d3GFM+qcSCG4iDF6kiVZGePj9
JjArEBfe33qpC3yKoaUUzFnCPNnEwq+e5FVukgkCOXyRqck43bECwsjIw3KR
auFc8MDYIl+mwrXEpYU9SRhtpNoh/tq9km6Z/uJqo44iiNOrRt+1WloMY2jo
tULI6ZE6q8V2d1i7HkZ+VTq35IUgfIoSkBhDnGEk5isoZTGn1dW6Io/Tqkto
H/dTZn9JXFl0aEPu6ECpIr9B0e/pGb3NzvcqzPG1l4E0pMMfKjCPPxRMLtFX
eLx3d3qT3mufTaxZOB5nY6eA0gKy9XhQnHfQdh3vv/8HQZ3DXdyAFNOG27VG
mtCCxIv38Zz3fO0ju6rDe15zUaRGqQC03BvfGB8nAcq6iSQ7UUNM2W6LXVxy
9lVHXB/qFFF6KXoSz4aUbuqbO/gtqh8xGadDU4rIy7hotXACENBUhN3mx/du
XEETCEQ9bcAQhxxxkihcdKdt7zqSuzG1hJc3kSYOaon9FJgklForSadKotSc
63vW/QpsYhHDrty1mEo5V/WC+v42fUrxYhicVcBGDRDfyHzN16ZAz5Ga0XlT
xOnYfFWYAFobbEB1yCb4IVmnatdiohJZHlJflM6rdJQDKDgrhHzCppwXm4fG
WWrizaYYnQInh6halRxqrzP2krew75IsUjCTm4HkTSoNIinNLCeGibYbnFl8
9xxhlPujEzEqBb/rmSmxK8fCePQEu5FKwOCROjMPfXHwqOFlZGksjNdrhiau
rBzPKi0F7KhA8dpXlhQwGCWUUY39c8I5c7+ygIRE/WgYJEe91X7RP6dy0NzY
xa/ORtpePhvpUMrdoWqeO2INoltezLL2OKJmtI9bG8CpAjTUGkCbXrCYXM1o
IWQmX2H5tGZkKkblSDhKaAshIcWEWYU+GadKZXzUMNbH260pREKML5FOjJrN
QKd12gh69nFO8pSDehKxvmu9yBxByY18TqmN6ETRVmbuRAvwMoL60VkXVtBo
dpLUVbybKOMwCfgtZv0M05aQI/tMTC6PUzhPJp27t7aToYP/iM99ZNfbU4w3
jXz+8SYdNrYjiUIaKl0KpXSLLZpdoFTk5sMz5wGtAgNtRSyrsiXRFqbv9yTj
ak7JvWiVbCf8Da+Z9NX9su5dBVMlwosw1GVnn5mU1nPXXZlLLLGL/krj1KGl
PhIpYVQkaUEwHbGgaDS42QnAwDAaJJupVMBvFIpBNfcSDxyrlAd+hRo0vX3i
0zuhg0FZqIlFRBSc3oN0ZILHnwGSnQ3WjaRz6IXyJbeEEZpQgeWvQEgoWWBS
JOj5FjarbvH02iG5PHzPHbT2+jt9iTU0wYDYWGt3c8tUTqFCBS7MfOXBZyVw
N2ZDqcdpMvnG+UWVVrliBps8NEqeJVa0Jki3TRIdymE5BjV1NobFj009XA0Q
EOEQxch4TAUcBE2y6+vca6pdvz4/f08PHJ+/GUhzsU1sJoZwNR/tb2/vYs1n
DHVWIw5KliB4scNXYCYacdsRO+eJlwLkLCngWjIEUspmdLMFmulVwO9Ags96
yWsKKsnraAqWOwbm9M2MdYI9QtpaUpCil3iFTxeuvplHIABwS9EyepoyiO2i
C14V73R4JjtSBL/nDuffOLrzx3k9TCsjFjRgpld+xM91hSk3kj9AEm4VI520
D5SFsQrpBFk2OTBASL/NrLhIWcrkshkSAjgaAGpMFTILzm6oZ7VFE+y3W/aS
D0C3aUTdT+uaiJKwTVi2tkTKYA9/4eqasHQ3bHFBmGRbYcFYgOYygT9Bw+uv
nX6Zec5DmJHDWsv8IjeaH6JEynXXreLhJ0yEpnHnjObJxG0JE6yTi9F0ichl
MgBIA2kQJrM7aw8JKy1IYa+22hZfW+ipY4kSu3oXr5nLhLLDVkMCZS8WoAjO
g9bUWMcIJEwnqvwT+Q2yTk0JIhsTzYUfyaw/dQJzyzqciE7NRty7ImrHwD8y
lUzDoY4e6n/jtr5u8XYtT5JXM5h+TGZlOHZuNGQCg96r+b8ZByTffBEpr+nz
a7dPBgaaKgs9GN8S+G1KiGkMXos1cG5HjEZrHDwCdfZf3Du7NSKLCjXe+npB
AhMTHhwsNChuWmFMAUjZ3EohbLoy3IW1swEssBmQ2VhrxBxyJ04rc2upawyq
OFN43FTn1xLOjrHViZCHJdBfaGtCPiSF1xHncGl0i43IOCrFJOGsheyJ9ScV
PLh5jbWK+7Dp2xKJDCRZAv7RsgLjE3codtT5xuLEFokTg7wQ0dbXAYydNzUh
v9bYXGRX5ZRCtlxVw70I3J3G2z4r+CRokn3muiwluUok+OayOxrt5vRX0Sxn
BzsOB42kqPM+8sGSkSsrgiZc5HV3BqqpqQ6fSICkWgAvznyN09opOx9u4eLe
9QeppfKudI9eUNfYIp7qJ0t2g7eQAF0Z6+KaRh4TNV9czapY6takRMBmtRrg
KbPxOneamGFZmNkwZ60mdeu7ZWhiMINqLcJIRVSU05fdiWfobltjGJanUeWm
7S/g2mpVb67aV1RiaAhU6I5X+APz7dKLH6/IRbfacbL7nWs84zR1G64aD4yN
4gqhtAkTW0N5dl3vt2OZj1nr+GQMUV6YCXiOIXGyoW/fzdx9kG/tZ9oF3uXD
MdVixMKXalDzbrNb/OdwYEIrlXDobXcuQEiqvEgGC6dDCeHVmGbsboA+whBM
oHf6gaIeiDV8gC/3MPsosy95K4LVIcVCrz9y+zrDYs75sI6okUs0oPNk70Ij
vaVoZxizAGqatPVri1gQW436L8VtxuKeqYPaeisi1FO4P/HO8V16X8tqKOgo
cPrFg2o6GHzLPO6eg+t5HCN5WTpsAycFgYkenEa0O299Gq0RVsi3lltHRAtr
ii+RBxcpa21risewZo3u1NGP5yxpolS43nO2smATlwCYlNyZeHzWTPA2ReqK
8meVTaN1p50sGH7n4yn1w3trqixcUKx/s/70Q/ZxrnbSdAJbSIfYDg8tArO6
1iI/Su3dbBs/TVARz2uW2ZDBHJHl+jFjm6I6tBfAZCo7Gjy98GKhTA7kZRvS
edjGtawk/vibi46z6vVVowF1oUis02SN/nu2LhxgVhhzA8PZaBcmyr66S6tR
slahvaTO1k0LKSRroTJ/aLPPdvr7HA3PZvRmXscX25FRiZWWyiqacUaYjyXZ
JC3pCG4IV5AvEaciZNRqRL6klueZoDR2PGOjxbeA/TlGXxsT/0VZdW/kU8nc
QyOM0wK0TT9laxQgG77OTI7mmN5PwroKhOKoRmX+hF07jZ9Vd0V5zdSWDf39
FxcVpXtQuplcOxhD0kz+nrw3/JDKi+vP33lBmJ/z9+R35No6h8XBF/COdTt6
LYv/npy/ONZfnb6U9I71IC7/TtNZ9jXvoINt3jvYO3k+gLVzso8HCM0f4LwN
BOtVVl9+vTrMsJT1qoMUEjP9cyIET/FNyMDtVQkRlkWAZQ/9Kw5AYDYX+NzA
OgL4J57dxqUxen/VrNL1aZD2RTVHYwXp1DAgBV4Qf6LNZmwsFD54ZGOXkpPi
Nq/Kgr1Oa4dHJ+uOEUBNBZS8e349E4Gem9qNvca77oasD9YzKXBrw4lJ6HN8
Nk4z1tbEN2spC/QTas1GIl3qxee66V/X8QZ0j8YQpQwlhkfbIpTizOVGfTVJ
TZQLiexLoqfxDA2noLBydbEb1nI28LM8ONLRPEe5cemlgwKDVh3FWDhMMXcS
cxkatTelhrI205gWJ501QueZI7ovhbmSsnDRPUwJTO6DdmWMjfJ+TFa8sE9Q
1JS1/ntIYdqPkgim4X3GkzwKE+1kRaRpUMFSKQZ4b+qbIrBMcIAx2lVqzK2j
q6WKmqXTVUQzBNmn2ZD4/Ze5vDaaeqT5M8cMuS3Edf2sfF6yVbIpxuEAd9cl
yiB5ZJlupxbCHWfPWp1DI4IDt6tLsfICvsgln2cR9QD5fTZ9aDEfjnqRPAAN
nhW7ojdUkK/g0SDvQeoZULPxz9Sd4xh77GNnPLd32Zj6NJlv+BbR1775vSNS
ppTM5gGxwTR+oKb5VBHBTYU2F9NXeE293GbXA696AgccuPEl0ZgD024iBIUW
19UmLj61xJY9LIfXRstg7PqGjtSiXzxOM2oySTjEAb2hsynnkagK4S1a1DGO
UWOSP/X7kBJJuAE5IiMb/lU+RYw2rY3Ve4vO9pHDaGxcr8zbc5pa0B5dvdVx
5BgIa5F3gxIOoZFmBRgVm5y+50eAJEypwTfHlStuyTvLA8c7iSZ8UvuAx4AN
JBpNlsPWyU4qJfVe1tArlRw9gPl40QIzMkkawPl0LAaJJ8l7POFhq4A24a//
ieUzj8DKch9DOjusvU/4zP16m4ze7TMupuHB7DZnkIksLgM06SLSsJqFwplT
k8OQT4xeQdvQuKTcElvqhNmMmBclUA1vuclVoIQMXD+GXQcV54DgcnTG6Dav
TdNblqNwveN8Oh0H8zkyGyVNwHqBQ1f3E3crFAvFhRbYajmnHisJloudwx5Y
7jO30o6N1qg04JljKZowrtXeh5eNAvZ1u5SYNcqmaT4mQufmWhxKthrKY3gS
2IdA9xyvOF6zvCBbzlIjt8Ta0ZqkEdVOPGOYbU7PTI9vfLOgpyGl49JLm3FI
rHC+msoj1trgO6ny+hPsiUhUhW3R/Vgvd6qntWnd6HQ1k1Q9eiPw1eORzKmJ
BPhR3vgYxhZDdtoB5D55TdPKC1w8oWoNmNAxzHw0gu1JUf4RuWAEX/kLpMsa
BGu4FluhTg9/OIyRyjwt0gZRvJao5EZYPVE8HMpApkTFIDkBybysDpL36HTI
JNsnS1Z/+un/HJy8efnly6oTsQvP28jMZsaxhFkxCUur9KpKJ9dSFwuIoIn4
OCMHYnXP+Rm4D7Lhloh7xngL+g1unGKzPknC1mgUbA5mrkzdmlV3klVxU8LX
QBJx3/BtT7+VHEq5AKuPwC6c+Wzu3g9wIQ6SRjoifHNM1SkpdP1A1+zIvy0B
JU42VFKUqEtak8+37cEwKHKk25q6zUG93FA/AYxE1La4RxZRUFdoxqwurGrt
Ro827mgP4ElWIjJXHZDBaY3D8hVwbM3vb63Do2daL/AgMUhOOPoO4eWY9WJ4
KjjKbr2lUZS8sYKk4SxNRKUneu8dO6+HrHMGaGKe2uvgI2vx/UDS5hshwwe+
DxSByWlNCP8K9pEBeTg9OX/pw+5PfwRy0P09/HRg4XamL1/+9OeVlX+7qH5j
12HtgT/3OuxMsXU0jcQ/O1waMy63LjRe/+PXhrPy+mLXwbfERi4HJ5WE/pFH
uCP+1ItvTA+f7+nzPz+xD4uBm6qNof3ejTCPXlI1vs+jYjs7SMasbf7Atas/
4JJ+l7yrQKWmzpsaSMDI5dDFORf5Z11rcJG/Yq3Ry/7zwjd+2R9l7UIQ/sHr
NwRhqT0AJfj3wbsfkh+zCy74J26adlrxlxp7pbMD66soRXS+JoHAx3rwWI8e
6x2Jy8yjC8FQa//+4/k3XfS9nc3nctHZvxa77vSFJwxKiwLTsU6loNPjZal8
BKvcBfh3ePEC8PnEPP/ABTwRL7oD1yOA60LEGN5Nvwkv5kzaxA74Mo4Sy43y
YMzY33ref2zMAGz1Bvvh2aEZZSl6wY+2U41vEgo/0ln6os+j4eQ/49bthtyt
A5ZjguDJZ0xZBKHuTXqRjaOXYFx3M3mqO8anYtdAA3GjSrHicHPCyA2Ah3r6
UI8fCq7Cuanb9Ca95+g01tLW4N31OeqIE8AWrWCtaZY7exs7ksinjYW95zY1
zmh/G5Mt6faIwnfy+/fvzs5Pzrogm3Xfl++7FA3XlWZOhwPUt2GV3Xe/PUj+
QKdmCsUCtsw9xrZ8aTzNbrebXKTDT2zSZhX+zPX04HGKOaPruoDUakM1H0b5
5wTUYPHa1S5zrcOkSz/hO/QqNYzN5K2zIbUeOI/ChEc/k56PikJYbqj0r637
ZPMT0OBLXpApRbugFS6t7r0KHyRdD4Je5KlTXzmoMEo2tILI56SsG2LzAVUg
NhS1sWzJAKB1X1WUjoKRNItek92KcxohozHFWTXl4+BwHP3YiVwgetEcfiAr
IYh5KdAm3i4wN2MO6KwmE8kBpVk3xmkmBLUP4Xpo4Km88ldxEFg5TeLRA40z
3hqv/QwWN7l1hrVsMMrVKl94cU2+Ca3AiUfhSjewYvh9vnUIZ0GTVY5e8QPY
hdQka3gLfTehmljJmB0YgKe+rzDwbX+Pbj4/SsJ4v2wFK89zFozggDvuzntM
P56NO+dDCG162r81HV5zd+b0UlmKk1EU62Az4ovcaI01357u5LdxxM7y+DVt
CV7S64CpdVTGGPEQbalj9k9y1EWN/h7cP3pztB9yLzlEh5zSDWZV5FClCDxx
9RrYP7PHsC7NWKn8ALtznIJiZplJZJ0HQazE+KqEPV/f1N83jtmCGu3ryFbz
i5mZzsvD9UCVJnDV/4qhSTYJwmmwGTFKa79Wmzkv2GG2aMlrk6hReFSDPF16
lSaI7GD1hGdURGLtVygMPUPO/Iwhsb6Acs6dJKvU09GSfnk4eMjs+eUzJWcx
lxjzZMbyTmJb1+I7fl38wMXEvML82caKuGqXsl687JzbbaQwqrDVsjqeQ6Qt
jmQ+Pn6TvAVSNLZhzKPRuIvUCUTLnw5AjABOnhfV5RCkk/8R+UnwhZXvPU/O
SgOLkl8nOyvw1HwL3krQk/UjGdTx3d0VR2nQT/c2Vxx52nzaX4kECsPnW5HP
KRgYvtvGxc1R6xor46yJXyfb/ZVQncH1eiszn/ZpFlRL3IpG3EOhXvk0HNbw
1OZmFM4UFnuZXzkHZEJh8RTpE450PVbn2wdJzTYlKeQL6ZtUN08YVI3fwbHg
srobu0gtuxt7tl7axi78+YUoQrPgY2na9QkB88sBOFL+qAJm0p1bXIwuwNv0
L1i2Auv72WYsue2IEs1X4yxhuie+Nxy9a7yE0X2R3mCEmukw5feMM15kp8+w
quW2LUwt/YrfczkDSsOLxRoaLzk/fs7MECPP6ubTfv3JWDsvahpMTFlqKcCk
WKjd8BN55phiAihfwjwk0oupZ6dLyjljFaihyS8d3tsXpBaFPP2Gu2R5Xxkt
gLYJJ1eiyIBKwG0OMjdLZBTyITUFTX2BIWvPJs4Ac4omFWU317OL2tT7g02P
OLJTdDIy6pDuK4qlHhK7rqnoH5Y/uWVNqBcg9w4j966D3DvwJyH3GXu7R8nq
q9NjcXSvvspHq7w35JYll8ANkwA1syqeY+htg9ZsCyXMM1u6u7znNeQFAHzo
oSOdX7bU5rd58zvO5rfhT9r8kc0wvuGdOphdCktCbaCmCNdoCbJI1KxtRvRd
UACCbqFe5b/OUpAppskaQL6TDICIktJuO5/Z3169XbeXixN9TJVwrnqgdVBM
ubvIJX4A1LYYatsO1LbgT0EZqS1KIjVn1sXAYKK9s88pBTTfcfmqsC5LU4R7
m0p+7bKgNodFr7/Ipii/S4aslKcj/duElhMINVM3KK3B1J1Geo9347ocj1Be
NEFVThWBtgxbukdACTgQ0FyaDnvWHNGcrBjSr0Zj4EAEm11dscWCF19xZTh8
eQjMj+tvu/Yvvm5SQYCYu5vxIrcOA9M0TZG5hnLJkJpc5p8zRpd5SNJnJNly
kKQPfxKSvCnvsoryIFcZT1c7yWoQ3oQf+eET5nNqquCeNNMj58JahiaEU+Jy
GEoI+qqgzulKQwOCJqkTjmWJM39ry9tRznMz4zSv2b1adiRbCSS9p+obHP7Z
KE5klUvAK+6GhMY4Chyl6rx8Fso7WIkpqDpB5RvR1ApmMjJDngcjYyaHm/Me
5pJbMi0tVJFK2SmNHah+2hzdZfc+QDJT+CgQOLxmc87kc8utL06DnNdPSqe4
8imxX5PfSXr8LnlJ2C/khhiSH2b6VZdlky9L37ksm/An8yG8sKM8vSpKOKUh
VkMxFbhrLl3HRKjWBoVWDu4xScbMtZFgA4rgWiD1dKTFS2F6t2qqvMdcXQvj
h0RPWEZajTG2tZKLhoi9QK504E4C0cMyWcvCRayf5Tg2+Dg2nePYgD+/sOws
bd/DpCZbklzD/JYpxXZMYb5cIwlOwisNgTvmLEFOQHfrBSIZWjteR+/FJqYY
V/CfLe/YvmJAk3excBTDd++0m5Tf/8UNxe+S/czGXllaEKNXYg1ntVS5rztl
A6cjLiPmhbhydwTa+tIIAcrFp6K8G2ejK+uuSPmzUUafod7IjCUb/Xr1EvhD
hprnTz/99GY2usuv4Mjz6d++fPnC0r2YpijbaVh2mbshVEF1IGP5LWOg9Wso
C5bMRH6j5phsquWBZg4MwP/p6LpCTAKkPLyp//N/1fUXzEaCL0CnSV6jV+4i
yz7phy+y4i9wQ4vkt+loZj799/K6AC0um/3n/wNS1nQK2mWh3x1j3bOzErQ1
8zQMPBhep+noC7cZHOGnr/7zf4I8AhsfpyhrfjGlTtXETqCkQMksG6F7SPZG
0f9lmP+LttULNFZhWhHs17Mn4rkO7tDVAOzttCjKW8bTwytS2353+sMP7353
aJD8KMNElO4P1FG1Kv9CHQKOzk7PTwcnfBWO/vD+7GQw+F6N5vjW6/5Gf0Of
TwanL08H3dcY87z2ihwo6VWVEdIkz3f6uzv99d7K/wcx68q187sBAA==

-->

</rfc>
