<?xml version='1.0' encoding='utf-8'?>
<!DOCTYPE rfc [
  <!ENTITY nbsp    "&#160;">
  <!ENTITY zwsp   "&#8203;">
  <!ENTITY nbhy   "&#8209;">
  <!ENTITY wj     "&#8288;">
]>
<?xml-stylesheet type="text/xsl" href="rfc2629.xslt" ?>
<!-- generated by https://github.com/cabo/kramdown-rfc version 1.7.39 (Ruby 3.4.9) -->
<rfc xmlns:xi="http://www.w3.org/2001/XInclude" ipr="trust200902" docName="draft-ietf-oauth-attestation-based-client-auth-10" category="std" consensus="true" submissionType="IETF" xml:lang="en" tocInclude="true" sortRefs="true" symRefs="true" version="3">
  <!-- xml2rfc v2v3 conversion 3.34.0 -->
  <front>
    <title>OAuth 2.0 Attestation-Based Client Authentication</title>
    <seriesInfo name="Internet-Draft" value="draft-ietf-oauth-attestation-based-client-auth-10"/>
    <author fullname="Tobias Looker">
      <organization>MATTR</organization>
      <address>
        <email>tobias.looker@mattr.global</email>
      </address>
    </author>
    <author fullname="Paul Bastian">
      <organization>Bundesdruckerei</organization>
      <address>
        <email>paul.bastian@posteo.de</email>
      </address>
    </author>
    <author fullname="Christian Bormann">
      <organization>SPRIND</organization>
      <address>
        <email>chris.bormann@gmx.de</email>
      </address>
    </author>
    <date year="2026" month="July" day="06"/>
    <area>Security</area>
    <workgroup>Web Authorization Protocol</workgroup>
    <abstract>
      <?line 78?>

<t>This specification defines an extension to the OAuth 2.0 protocol (RFC 6749) that enables a client instance to include a key-bound attestation when interacting with an Authorization Server or Resource Server. This mechanism allows a client instance to prove its authenticity verified by a client attester without revealing its target audience to that attester. It may also serve as a mechanism for client authentication as per OAuth 2.0.</t>
    </abstract>
    <note removeInRFC="true">
      <name>About This Document</name>
      <t>
        The latest revision of this draft can be found at <eref target="https://oauth-wg.github.io/draft-ietf-oauth-attestation-based-client-auth/draft-ietf-oauth-attestation-based-client-auth.html"/>.
        Status information for this document may be found at <eref target="https://datatracker.ietf.org/doc/draft-ietf-oauth-attestation-based-client-auth/"/>.
      </t>
      <t>
        Discussion of this document takes place on the
        Web Authorization Protocol Working Group mailing list (<eref target="mailto:oauth@ietf.org"/>),
        which is archived at <eref target="https://mailarchive.ietf.org/arch/browse/oauth/"/>.
        Subscribe at <eref target="https://www.ietf.org/mailman/listinfo/oauth/"/>.
      </t>
      <t>Source for this draft and an issue tracker can be found at
        <eref target="https://github.com/oauth-wg/draft-ietf-oauth-attestation-based-client-auth"/>.</t>
    </note>
  </front>
  <middle>
    <?line 82?>

<section anchor="introduction">
      <name>Introduction</name>
      <t>Traditional OAuth client authentication methods, such as <tt>private_key_jwt</tt> defined in <xref target="RFC7523"/>, typically rely on a direct connection between the client's backend and the Authorization Server. In ecosystems such as the Issuer-Holder-Verifier model used in <xref target="RFC9901"/>, this direct communication raises privacy concerns, as it would enable the client's backend (i.e. client attester) to correlate which Holder (i.e. client) interacts with which Issuer (i.e. Authorization Server) and potentially observe the credentials or metadata being issued. This specification establishes a mechanism for a backend-attested client authentication through a front-channel to address these issues.</t>
      <t>Additionally, this approach acknowledges the evolving landscape of OAuth 2 deployments, where the ability for mobile native apps to authenticate securely and reliably has become increasingly important. Leveraging platform mechanisms to validate a client instance, such as mobile native apps, enables secure authentication that would otherwise be difficult with traditional OAuth client authentication methods. Transforming these platform-specific mechanisms into a common format as described in this specification abstracts this complexity to minimize the efforts for the Authorization Server.</t>
      <t>The primary purpose of this specification is the authentication of a client instance enabled through the client backend attesting to it. The client backend may also attest further technical properties about the hardware and software of the client instance.</t>
      <t>The client is considered a confidential OAuth 2 client type according to <xref section="2.1" sectionFormat="of" target="RFC6749"/>. The mechanism described in this document may either serve as a standalone OAuth 2 client authentication mechanism or as an additional, supportive security mechanism beside an existing OAuth 2 client authentication mechanism.</t>
      <t>This specification introduces the concept of client attestations to the OAuth 2 protocol, using two artifacts:</t>
      <ul spacing="normal">
        <li>
          <t>a Client Attestation, a signed statement by the Client Attester that authenticates the Client Instance</t>
        </li>
        <li>
          <t>a Proof of Possession (PoP), a signed statement by the Client Instance that authenticates the Client Attestation</t>
        </li>
      </ul>
      <t>The following diagram depicts the overall architecture and protocol flow towards an Authorization Server.</t>
      <artwork type="ascii-art"><![CDATA[
                  (3)
                +-----+
                |     |
                |     v
           +-----------------+
           |                 |
           | Client Attester |
           |   (backend)     |
           |                 |
           +-----------------+
               ^       |
           (2) |       | (4)
               |       v
           +---------------+           +---------------+
    +----->|               |    (5)    |               |
(1) |      |    Client     |<--------->| Authorization |
    |      |   Instance    |    (7)    |    Server     |
    +------|               |<--------->|               |
           +---------------+           +---------------+
               ^       |
               |       |
               +-------+
                  (6)

]]></artwork>
      <t>The following steps describe this OAuth flow:</t>
      <t>(1) The Client Instance generates a key (Client Instance Key) and gathers optional evidence to prove its authenticity to the Client Attester. This could be evidence about the software running on the client, statements about the integrity of the operating system, or hardware the Client Instance is running on. A Client Instance can provide several such statements or attestations to the Client Attester within a single request, but their content, how they are collected, and how they are transmitted are out of scope of this specification.</t>
      <t>(2) The Client Instance sends this data to the Client Attester in request for a Client Attestation JWT. Transmission of the evidence may result in one or multiple requests.</t>
      <t>(3) The Client Attester authenticates the Client Instance, validates that the Client Instance is in control of the private key of the Client Instance Key, and evaluates any further provided evidence according to its policy. It then generates a signed Client Attestation JWT that is cryptographically bound to the Client Instance Key generated by the Client. Therefore, the attestation is bound to this particular Client Instance.</t>
      <t>(4) The Client Attester responds to the Client Instance by sending the Client Attestation JWT.</t>
      <t>(5) The Client Instance optionally requests a Challenge from the Authorization Server's Challenge endpoint or receives a challenge from a previous message.</t>
      <t>(6) The Client Instance generates a Proof of Possession (PoP) with the Client Instance Key.</t>
      <t>(7) The Client Instance sends the Client Attestation JWT along with its Proof of Possession to the Authorization Server, e.g. within a token request. The Proof of Possession is typically a Client Attestation PoP JWT or a DPoP proof (see <xref target="pop"/>). The Authorization Server validates the Client Attestation and thus authenticates the Client Instance.</t>
      <t>The same flow applies when authenticating to a Resource Server, where step (7) typically occurs when accessing a protected resource.</t>
      <t>Please note that the protocol details for steps (2) and (4), particularly how the Client Instance authenticates to the Client Attester, are beyond the scope of this specification. Furthermore, this specification is designed to be flexible and can be implemented even in scenarios where the client does not have a backend serving as a Client Attester. In such cases, each Client Instance is responsible for performing the functions typically handled by the Client Attester on its own.</t>
      <t>While the concrete evidence about the Client Instance collected and transmitted in (1) and (2) is out of scope, a Client Attestation JWT is generally understood to convey that the Client Attester has verified</t>
      <ul spacing="normal">
        <li>
          <t>the authenticity and integrity of the Client Instance (this might encompass statements about its software and hardware environment)</t>
        </li>
        <li>
          <t>that the Client Instance controls the private key of the Client Instance Key</t>
        </li>
        <li>
          <t>optionally, properties of that key (e.g., that it was securely generated or resides in hardware-backed storage)</t>
        </li>
      </ul>
    </section>
    <section anchor="conventions-and-definitions">
      <name>Conventions and Definitions</name>
      <t>The key words "<bcp14>MUST</bcp14>", "<bcp14>MUST NOT</bcp14>", "<bcp14>REQUIRED</bcp14>", "<bcp14>SHALL</bcp14>", "<bcp14>SHALL
NOT</bcp14>", "<bcp14>SHOULD</bcp14>", "<bcp14>SHOULD NOT</bcp14>", "<bcp14>RECOMMENDED</bcp14>", "<bcp14>NOT RECOMMENDED</bcp14>",
"<bcp14>MAY</bcp14>", and "<bcp14>OPTIONAL</bcp14>" in this document are to be interpreted as
described in BCP 14 <xref target="RFC2119"/> <xref target="RFC8174"/> when, and only when, they
appear in all capitals, as shown here.</t>
      <?line -18?>

</section>
    <section anchor="terminology">
      <name>Terminology</name>
      <dl>
        <dt>Client Attestation JWT:</dt>
        <dd>
          <t>A JSON Web Token (JWT) generated by the Client Attester that attests to the authenticity of a Client Instance and is cryptographically bound to a key managed by that Client Instance. A Client Attestation JWT may additionally convey information about the integrity or state of the Client Instance.</t>
        </dd>
        <dt>Client Attestation Proof of Possession (PoP) JWT:</dt>
        <dd>
          <t>A Proof of Possession generated by the Client Instance using the key that the Client Attestation JWT is bound to.</t>
        </dd>
        <dt>Client Instance:</dt>
        <dd>
          <t>A deployed instance of a piece of client software.</t>
        </dd>
        <dt>Client Instance Key:</dt>
        <dd>
          <t>A cryptographic asymmetric key pair that is generated by the Client Instance where the public key of the key pair is provided to the Client Attester. This public key is then encapsulated within the Client Attestation JWT and is utilized to sign a proof of possession.</t>
        </dd>
        <dt>Client Attester:</dt>
        <dd>
          <t>An entity that authenticates a Client Instance and attests it by issuing a Client Attestation JWT.</t>
        </dd>
        <dt>Challenge:</dt>
        <dd>
          <t>A String that is the input to a cryptographic challenge-response pattern, used to detect replay attacks. Within OAuth, this is traditionally called a nonce.</t>
        </dd>
      </dl>
    </section>
    <section anchor="client-attestation-jwt">
      <name>Client Attestation JWT</name>
      <t>The Client Attestation <bcp14>MUST</bcp14> be encoded as a "JSON Web Token (JWT)" according to <xref target="RFC7519"/>.</t>
      <t>The following content applies to the JWT Header:</t>
      <ul spacing="normal">
        <li>
          <t><tt>typ</tt>: <bcp14>REQUIRED</bcp14>. The <tt>typ</tt> (JWT type) header <bcp14>MUST</bcp14> be <tt>oauth-client-attestation+jwt</tt>.</t>
        </li>
        <li>
          <t><tt>alg</tt>: <bcp14>REQUIRED</bcp14>. The <tt>alg</tt> (algorithm) header <bcp14>MUST</bcp14> specify the cryptographic algorithm used to sign the Client Attestation.</t>
        </li>
      </ul>
      <t>The following content applies to the JWT Claims Set:</t>
      <ul spacing="normal">
        <li>
          <t><tt>sub</tt>: <bcp14>REQUIRED</bcp14>. The <tt>sub</tt> (subject) claim <bcp14>MUST</bcp14> specify client_id value of the OAuth Client.</t>
        </li>
        <li>
          <t><tt>exp</tt>: <bcp14>REQUIRED</bcp14>. The <tt>exp</tt> (expiration time) claim <bcp14>MUST</bcp14> specify the time at which the Client Attestation is considered expired by its issuer. The Authorization Server or Resource Server <bcp14>MUST</bcp14> reject any JWT with an expiration time that has passed, subject to allowable clock skew between systems.</t>
        </li>
        <li>
          <t><tt>cnf</tt>: <bcp14>REQUIRED</bcp14>. The <tt>cnf</tt> (confirmation) claim <bcp14>MUST</bcp14> specify a key conforming to <xref target="RFC7800"/> that is used by the Client Instance to generate the Client Attestation PoP JWT for client authentication with an Authorization Server or Resource Server. The key <bcp14>MUST</bcp14> be expressed using the "jwk" representation.</t>
        </li>
        <li>
          <t><tt>iat</tt>: <bcp14>OPTIONAL</bcp14>. The <tt>iat</tt> (issued at) claim <bcp14>MUST</bcp14> specify the time at which the Client Attestation was issued.</t>
        </li>
      </ul>
      <t>The following additional rules apply:</t>
      <ol spacing="normal" type="1"><li>
          <t>The JWT <bcp14>MAY</bcp14> contain other claims. All claims that are not understood by implementations <bcp14>MUST</bcp14> be ignored.</t>
        </li>
        <li>
          <t>The JWT <bcp14>MUST</bcp14> be digitally signed or integrity protected with a Message Authentication Code (MAC). The Authorization Server or Resource Server <bcp14>MUST</bcp14> reject JWTs if signature or integrity protection validation fails.</t>
        </li>
        <li>
          <t>The Authorization Server or Resource Server <bcp14>MUST</bcp14> reject a JWT that is not valid in all other respects per "JSON Web Token (JWT)" <xref target="RFC7519"/>.</t>
        </li>
      </ol>
      <t>The following example is the decoded header and payload of a JWT meeting the processing rules as defined above.</t>
      <artwork><![CDATA[
{
  "typ": "oauth-client-attestation+jwt",
  "alg": "ES256",
  "kid": "11"
}
.
{
  "sub": "https://client.example.com",
  "iat": 1772487595,
  "exp": 2529866394,
  "cnf": {
    "jwk": {
      "kty": "EC",
      "use": "sig",
      "crv": "P-256",
      "x": "VcKVNBZ4IaBAYW3jxM4w3TJFVA7myeUGQyGt-g_yvpQ",
      "y": "f-E-hYE3TAWKwhVv9pej9NABs9SX9XsNO80x57jFTyU"
    }
  }
}
]]></artwork>
      <t>When using headers to transfer the Client Attestation JWT to an Authorization Server or Resource Server, it <bcp14>MUST</bcp14> be provided in an HTTP request using the HTTP header field <tt>OAuth-Client-Attestation</tt>.</t>
      <t>The following is an example of the OAuth-Client-Attestation header.</t>
      <artwork><![CDATA[
OAuth-Client-Attestation: eyJ0eXAiOiJvYXV0aC1jbGllbnQtYXR0ZXN0YXRpb24
rand0IiwiYWxnIjoiRVMyNTYiLCJraWQiOiIxMSJ9.eyJzdWIiOiJodHRwczovL2NsaWV
udC5leGFtcGxlLmNvbSIsImlhdCI6MTc3MjQ4NzU5NSwiZXhwIjoyNTI5ODY2Mzk0LCJj
bmYiOnsiandrIjp7Imt0eSI6IkVDIiwidXNlIjoic2lnIiwiY3J2IjoiUC0yNTYiLCJ4I
joiVmNLVk5CWjRJYUJBWVczanhNNHczVEpGVkE3bXllVUdReUd0LWdfeXZwUSIsInkiOi
JmLUUtaFlFM1RBV0t3aFZ2OXBlajlOQUJzOVNYOVhzTk84MHg1N2pGVHlVIn19fQ._TS4
d-LAnRlwdN97wiVnl4z7C9gvm45IWr-BvGTzeZaHtZtgNZ88gvzroU3LElUPbgF4kWi_D
FORnKzsx5yu6A
]]></artwork>
      <t>Note that per <xref target="RFC9110"/> header field names are case-insensitive; so OAUTH-CLIENT-ATTESTATION, oauth-client-attestation, etc., are all valid and equivalent
header field names. Case is significant in the header field value, however.</t>
      <t>The OAuth-Client-Attestation HTTP header field value uses the token68 syntax defined in <xref section="11.2" sectionFormat="of" target="RFC9110"/> (repeated below for ease of reference).</t>
      <sourcecode type="abnf"><![CDATA[
OAuth-Client-Attestation       = token68
token68                        = 1*( ALPHA / DIGIT / "-" / "." /
                                     "_" / "~" / "+" / "/" ) *"="
]]></sourcecode>
    </section>
    <section anchor="pop">
      <name>Proof of Possession</name>
      <t>This specification defines two options for the proof of possession:</t>
      <ul spacing="normal">
        <li>
          <t>A Client Attestation PoP JWT, introduced by this specification</t>
        </li>
        <li>
          <t>Utilizing DPoP as defined in <xref target="RFC9449"/></t>
        </li>
      </ul>
      <t>Other specifications or profiles may define additional proof of possession mechanisms for use with the Client Attestation. Any such mechanism <bcp14>MUST</bcp14> demonstrate possession of the private key corresponding to the key in the <tt>cnf</tt> claim of the Client Attestation JWT and <bcp14>MUST</bcp14> define how a Challenge (see <xref target="challenges"/>) is incorporated into the proof of possession. Such specifications are also expected to register their own token endpoint authentication method value, analogous to <tt>attest_jwt_client_auth</tt> and <tt>attest_jwt_client_auth_dpop</tt> (see <xref target="as-metadata"/>).</t>
      <section anchor="client-attestation-pop-jwt">
        <name>Client Attestation PoP JWT</name>
        <t>The Client Attestation PoP <bcp14>MUST</bcp14> be encoded as a "JSON Web Token (JWT)" according to <xref target="RFC7519"/>.</t>
        <t>The following content applies to the JWT Header:</t>
        <ul spacing="normal">
          <li>
            <t><tt>typ</tt>: <bcp14>REQUIRED</bcp14>. The <tt>typ</tt> (JWT type) header <bcp14>MUST</bcp14> be <tt>oauth-client-attestation-pop+jwt</tt>.</t>
          </li>
          <li>
            <t><tt>alg</tt>: <bcp14>REQUIRED</bcp14>. The <tt>alg</tt> (algorithm) header <bcp14>MUST</bcp14> specify the cryptographic algorithm used to sign the Client Attestation PoP</t>
          </li>
        </ul>
        <t>The following content applies to the JWT Claims Set:</t>
        <ul spacing="normal">
          <li>
            <t><tt>aud</tt>: <bcp14>REQUIRED</bcp14>. The <tt>aud</tt> (audience) claim <bcp14>MUST</bcp14> specify a value that identifies the intended audience of the JWT. When the JWT is presented to an Authorization Server, the <xref target="RFC8414"/> issuer identifier URL of the Authorization Server <bcp14>MUST</bcp14> be used. When the JWT is presented to a Resource Server, the <xref target="RFC9728"/> resource identifier URL of the Resource Server <bcp14>MUST</bcp14> be used. A Client Attestation PoP JWT is intended for a single audience, Clients <bcp14>MUST</bcp14> generate JWTs for each target.</t>
          </li>
          <li>
            <t><tt>jti</tt>: <bcp14>REQUIRED</bcp14>. The <tt>jti</tt> (JWT identifier) claim <bcp14>MUST</bcp14> specify a unique identifier for the Client Attestation PoP. The Authorization Server or Resource Server can utilize the <tt>jti</tt> value for replay attack detection, see <xref target="security-consideration-replay"/>.</t>
          </li>
          <li>
            <t><tt>iat</tt>: <bcp14>REQUIRED</bcp14>. The <tt>iat</tt> (issued at) claim <bcp14>MUST</bcp14> specify the time at which the Client Attestation PoP was issued. Note that the Authorization Server or Resource Server may reject JWTs with an "iat" claim value that is unreasonably far in the past.</t>
          </li>
          <li>
            <t><tt>challenge</tt>: <bcp14>OPTIONAL</bcp14>. The <tt>challenge</tt> (challenge) claim <bcp14>MUST</bcp14> specify a String value that is provided by the Authorization Server or Resource Server for the client to include in the Client Attestation PoP JWT.</t>
          </li>
        </ul>
        <t>The following additional rules apply:</t>
        <ol spacing="normal" type="1"><li>
            <t>The JWT <bcp14>MAY</bcp14> contain other claims. All claims that are not understood by implementations <bcp14>MUST</bcp14> be ignored.</t>
          </li>
          <li>
            <t>The JWT <bcp14>MUST</bcp14> be digitally signed using an asymmetric cryptographic algorithm. The Authorization Server or Resource Server <bcp14>MUST</bcp14> reject JWTs with an invalid signature.</t>
          </li>
          <li>
            <t>The public key used to verify the JWT <bcp14>MUST</bcp14> be the key located in the "cnf" claim of the corresponding Client Attestation JWT.</t>
          </li>
          <li>
            <t>The Authorization Server or Resource Server <bcp14>MUST</bcp14> reject a JWT that is not valid in all other respects per "JSON Web Token (JWT)" <xref target="RFC7519"/>.</t>
          </li>
        </ol>
        <t>The following example is the decoded header and payload of a JWT meeting the processing rules as defined above.</t>
        <artwork><![CDATA[
{
  "typ": "oauth-client-attestation-pop+jwt",
  "alg": "ES256"
}
.
{
  "aud": "https://as.example.com",
  "jti": "d25d00ab-552b-46fc-ae19-98f440f25064",
  "iat": 1772487595,
  "challenge": "5c1a9e10-29ff-4c2b-ae73-57c0957c09c4"
}
]]></artwork>
        <t>When using headers to transfer the Client Attestation PoP JWT to an Authorization Server or Resource Server, it <bcp14>MUST</bcp14> be provided in an HTTP request using the HTTP header field <tt>OAuth-Client-Attestation-PoP</tt>.</t>
        <t>The following is an example of the OAuth-Client-Attestation-PoP header.</t>
        <artwork><![CDATA[
OAuth-Client-Attestation-PoP: eyJ0eXAiOiJvYXV0aC1jbGllbnQtYXR0ZXN0YXRp
b24tcG9wK2p3dCIsImFsZyI6IkVTMjU2In0.eyJhdWQiOiJodHRwczovL2FzLmV4YW1wb
GUuY29tIiwianRpIjoiZDI1ZDAwYWItNTUyYi00NmZjLWFlMTktOThmNDQwZjI1MDY0Ii
wiaWF0IjoxNzcyNDg3NTk1LCJjaGFsbGVuZ2UiOiI1YzFhOWUxMC0yOWZmLTRjMmItYWU
3My01N2MwOTU3YzA5YzQifQ.M4Uc4rWVAqaLlmDDUXQKkKPbAQKj0JrTizLgWhZndmbkv
M3VL8y-w_QJr7Z0HZlH94E64cLa8L5fSjJItYv0jg
]]></artwork>
        <t>Note that per <xref target="RFC9110"/> header field names are case-insensitive; so OAUTH-CLIENT-ATTESTATION-POP, oauth-client-attestation-pop, etc., are all valid and equivalent
header field names. Case is significant in the header field value, however.</t>
        <t>The OAuth-Client-Attestation-PoP HTTP header field value uses the token68 syntax defined in <xref section="11.2" sectionFormat="of" target="RFC9110"/> (repeated below for ease of reference).</t>
        <sourcecode type="abnf"><![CDATA[
OAuth-Client-Attestation-PoP   = token68
token68                        = 1*( ALPHA / DIGIT / "-" / "." /
                                     "_" / "~" / "+" / "/" ) *"="
]]></sourcecode>
      </section>
      <section anchor="dpop-combined-mode">
        <name>Using DPoP as the Proof of Possession</name>
        <t>This section defines an optimization that allows a single Proof of Possession (PoP) JWT to satisfy the role of both (a) the Client Attestation PoP defined in this specification and (b) the DPoP proof defined in <xref target="RFC9449"/> for sender-constrained access tokens. In this "combined mode" the Client Instance Key and the DPoP Key are the same asymmetric key pair, and a request using the mechanism carries only one PoP, the DPoP proof, instead of two separate PoP JWTs (the DPoP proof and Client Attestation PoP JWT).</t>
        <t>Note when authorization code binding as defined in <xref section="10" sectionFormat="of" target="RFC9449"/> is used, this mode only works with the DPoP Proof header containing a proof of possession and not <tt>dpop_jkt</tt>. When using <tt>dpop_jkt</tt>, the normal mode has to be used.</t>
        <t>Note that DPoP <xref target="RFC9449"/> can also be used alongside the Client Attestation PoP JWT without this combined mode. In this case, the DPoP proof is validated according to <xref target="RFC9449"/> independently of this specification and its public key is not required to match the key in the <tt>cnf</tt> claim of the Client Attestation JWT (see <xref target="verification"/>).</t>
        <t>The following rules apply to the DPoP proof as defined in <xref target="RFC9449"/>:</t>
        <ol spacing="normal" type="1"><li>
            <t>The DPoP proof <bcp14>MUST</bcp14> adhere to <xref target="RFC9449"/></t>
          </li>
          <li>
            <t>The public key located in the DPoP proof <bcp14>MUST</bcp14> match the public key located in the <tt>cnf</tt> claim of the Client Attestation JWT.</t>
          </li>
        </ol>
        <t>The following non-normative example shows a token request using combined mode (line breaks for display only):</t>
        <sourcecode type="http"><![CDATA[
POST /token HTTP/1.1
Host: as.example.com
Content-Type: application/x-www-form-urlencoded
OAuth-Client-Attestation: <Client-Attestation-JWT>
DPoP: <Combined-DPoP-And-Attestation-PoP-JWT>

grant_type=authorization_code&code=SplxlOBeZQQYbYS6WxSbIA
]]></sourcecode>
        <t>Decoded (non-normative) DPoP (combined) proof - Header:</t>
        <sourcecode type="json"><![CDATA[
{
  "typ": "dpop+jwt",
  "alg": "ES256",
  "jwk": {
    "kty": "EC",
    "crv": "P-256",
    "x": "18wHLeIgW9wVN6VD1Txgpqy2LszYkMf6J8njVAibvhM",
    "y": "-V4dS4UaLMgP_4fY4j8ir7cl1TXlFdAgcx55o7TkcSA"
  }
}
]]></sourcecode>
        <t>Payload:</t>
        <sourcecode type="json"><![CDATA[
{
  "htm": "POST",
  "htu": "https://as.example.com/token",
  "iat": 1700000000,
  "jti": "7c20c3e2-0f52-4f74-81a5-5c7b83a7a1f9"
}
]]></sourcecode>
        <t>Note that additional claims may be present in the DPoP proof depending on the context, as required by <xref target="RFC9449"/>.</t>
      </section>
    </section>
    <section anchor="challenges">
      <name>Challenges</name>
      <t>This section defines optional mechanisms that allow a Client to receive a fresh Challenge from the Authorization Server or Resource Server and to include the Challenge in the proof of possession. This construct may be similar or equivalent to a nonce, see <xref target="terminology"/>. The value of the challenge is opaque to the client.</t>
      <section anchor="challenge-endpoint">
        <name>Providing Challenges through the Challenge Endpoint</name>
        <t>The Authorization Server or Resource Server <bcp14>MAY</bcp14> offer a challenge endpoint for Clients to fetch Challenges in the context of this specification. If the Authorization Server supports metadata as defined in <xref target="RFC8414"/> or the Resource Server supports metadata as defined in <xref target="RFC9728"/>, it <bcp14>MUST</bcp14> signal support for the challenge endpoint by including the metadata entry <tt>challenge_endpoint</tt> containing the URL of the endpoint as its value. If the Authorization Server offers a challenge endpoint, the Client <bcp14>MUST</bcp14> retrieve a challenge and <bcp14>MUST</bcp14> use this challenge in the Client Attestation PoP JWT or DPoP Proof as defined in <xref target="pop"/>.</t>
        <t>A request for a Challenge is made by sending an HTTP POST request to the URL provided in the challenge_endpoint parameter of the Authorization Server metadata. The following is a non-normative example of a request:</t>
        <sourcecode type="http"><![CDATA[
POST /as/challenge HTTP/1.1
Host: as.example.com
Accept: application/json
]]></sourcecode>
        <t>The Authorization Server or Resource Server provides a Challenge in the HTTP response with a 200 status code and the following parameters included in the message body of the HTTP response using the application/json media type:</t>
        <ul spacing="normal">
          <li>
            <t>attestation_challenge: <bcp14>REQUIRED</bcp14> if the Authorization Server or Resource Server supports Client Attestations and server-provided challenges as described in this document. String containing a Challenge to be used in the Client Attestation PoP JWT or DPoP Proof as defined in <xref target="pop"/>. The intention of this element not being required in other circumstances is to preserve the ability for the challenge endpoint to be used in other applications unrelated to client attestations.</t>
          </li>
        </ul>
        <t>The Authorization Server or Resource Server <bcp14>MUST</bcp14> make the response uncacheable by adding a <tt>Cache-Control</tt> header field including the value <tt>no-store</tt>. The Authorization Server or Resource Server <bcp14>MAY</bcp14> add additional challenges or data.</t>
        <t>The following is a non-normative example of a response:</t>
        <sourcecode type="http"><![CDATA[
HTTP/1.1 200 OK
Host: as.example.com
Content-Type: application/json
Cache-Control: no-store

{
  "attestation_challenge": "AYjcyMzY3ZDhiNmJkNTZ"
}
]]></sourcecode>
      </section>
      <section anchor="challenge-in-response">
        <name>Providing Challenges on Previous Responses</name>
        <t>The Authorization Server or Resource Server <bcp14>MAY</bcp14> provide a fresh Challenge with any HTTP response using a HTTP header-based syntax. The HTTP header field parameter <bcp14>MUST</bcp14> be named "OAuth-Client-Attestation-Challenge" and contain the value of the Challenge. The Client <bcp14>MUST</bcp14> use this new Challenge for the next OAuth-Client-Attestation-PoP.</t>
        <t>The following is a non-normative example of an Authorization Response containing a fresh Challenge:</t>
        <sourcecode type="http"><![CDATA[
HTTP/1.1 200 OK
Content-Type: application/json
Cache-Control: no-store
OAuth-Client-Attestation-Challenge: AYjcyMzY3ZDhiNmJkNTZ

{
  "access_token": "2YotnFZFEjr1zCsicMWpAA",
  "token_type": "Bearer",
  "expires_in": 3600
}
]]></sourcecode>
      </section>
    </section>
    <section anchor="verification">
      <name>Verification and Processing</name>
      <t>This section defines the verification and processing rules for the proof of possession mechanisms defined by this specification. Proof of possession mechanisms defined by other specifications define their own verification and processing rules.</t>
      <t>An Authorization Server <bcp14>MAY</bcp14> support both <tt>attest_jwt_client_auth</tt> and <tt>attest_jwt_client_auth_dpop</tt> and distinguish them by the following rules:</t>
      <ul spacing="normal">
        <li>
          <t>If the request contains an <tt>OAuth-Client-Attestation-PoP</tt> HTTP request header field, the receiving server <bcp14>MUST</bcp14> apply the validation rules of <xref target="verification-client-attestation-pop-jwt"/> and if present, a DPoP proof present in the request is validated according to <xref target="RFC9449"/> independently of this specification.</t>
        </li>
        <li>
          <t>If no <tt>OAuth-Client-Attestation-PoP</tt> HTTP request header field is present, but a DPoP proof is, the receiving server <bcp14>MUST</bcp14> apply the validation rules of <xref target="verification-dpop-combined"/>.</t>
        </li>
      </ul>
      <section anchor="verification-client-attestation-jwt">
        <name>Client Attestation JWT</name>
        <t>To validate a Client Attestation, the receiving server <bcp14>MUST</bcp14> ensure the following conditions and rules are met:</t>
        <ol spacing="normal" type="1"><li>
            <t>There is precisely one <tt>OAuth-Client-Attestation</tt> HTTP request header field containing a Client Attestation JWT.</t>
          </li>
          <li>
            <t>The Client Attestation JWT contains all required claims and header parameters as per <xref target="client-attestation-jwt"/>.</t>
          </li>
          <li>
            <t>The alg JOSE Header Parameter contains a registered algorithm <xref target="IANA.JOSE.ALGS"/>, is not none, is supported by the application, and is acceptable per local policy.</t>
          </li>
          <li>
            <t>The signature of the Client Attestation JWT verifies with the public key of a known and trusted Client Attester.</t>
          </li>
          <li>
            <t>The key contained in the <tt>cnf</tt> claim of the Client Attestation JWT is not a private key.</t>
          </li>
          <li>
            <t>The Client Attestation JWT is fresh enough per local policy of the Authorization Server or Resource Server by checking the <tt>iat</tt> or <tt>exp</tt> claims.</t>
          </li>
          <li>
            <t>If a <tt>client_id</tt> is provided in the request containing the Client Attestation, then this <tt>client_id</tt> matches the <tt>sub</tt> claim of the Client Attestation JWT.</t>
          </li>
        </ol>
      </section>
      <section anchor="verification-client-attestation-pop-jwt">
        <name>Client Attestation PoP JWT</name>
        <t>This section applies when the Client Attestation PoP JWT is used as the Proof of Possession. When operating in DPoP combined mode as defined in <xref target="dpop-combined-mode"/>, this section does not apply; instead, see <xref target="verification-dpop-combined"/>.</t>
        <t>To validate a Client Attestation PoP, the receiving server <bcp14>MUST</bcp14> ensure the following conditions and rules are met:</t>
        <ol spacing="normal" type="1"><li>
            <t>There is precisely one <tt>OAuth-Client-Attestation-PoP</tt> HTTP request header field containing a Client Attestation PoP JWT.</t>
          </li>
          <li>
            <t>The Client Attestation PoP JWT contains all required claims and header parameters as per <xref target="client-attestation-pop-jwt"/>.</t>
          </li>
          <li>
            <t>The alg JOSE Header Parameter contains a registered algorithm <xref target="IANA.JOSE.ALGS"/>, is not none, is supported by the application, and is acceptable per local policy.</t>
          </li>
          <li>
            <t>The signature of the Client Attestation PoP JWT verifies with the public key contained in the <tt>cnf</tt> claim of the Client Attestation JWT.</t>
          </li>
          <li>
            <t>If the server provided a challenge value to the client, the <tt>challenge</tt> claim is present in the Client Attestation PoP JWT and matches the server-provided challenge value.</t>
          </li>
          <li>
            <t>The creation time of the Client Attestation PoP JWT as determined by either the <tt>iat</tt> claim or a server managed timestamp via the challenge claim, is within an acceptable window per local policy of the Authorization Server or Resource Server.</t>
          </li>
          <li>
            <t>The audience claim in the Client Attestation PoP JWT identifies the receiving server: when validated by an Authorization Server, it <bcp14>MUST</bcp14> be the issuer identifier URL of the Authorization Server as described in <xref target="RFC8414"/>; when validated by a Resource Server, it <bcp14>MUST</bcp14> be the resource identifier URL of the Resource Server as described in <xref target="RFC9728"/>.</t>
          </li>
          <li>
            <t>If the Client received a challenge through the Authorization Server's challenge endpoint or within previous responses as described in <xref target="challenges"/>, it <bcp14>MUST</bcp14> match the challenge claim of the Client Attestation PoP JWT.</t>
          </li>
          <li>
            <t>Depending on the security requirements of the deployment, additional checks to guarantee replay protection for the Client Attestation PoP JWT might need to be applied (see <xref target="security-consideration-replay"/> for more details).</t>
          </li>
        </ol>
      </section>
      <section anchor="verification-dpop-combined">
        <name>DPoP Combined Mode</name>
        <t>This section applies when the DPoP combined mode is used as defined in <xref target="dpop-combined-mode"/>. When the Client Attestation PoP JWT is used as the Proof of Possession instead, this section does not apply; see <xref target="verification-client-attestation-pop-jwt"/>.</t>
        <t>To validate a request using DPoP combined mode, the receiving server <bcp14>MUST</bcp14> perform the following steps:</t>
        <ol spacing="normal" type="1"><li>
            <t>There is no <tt>OAuth-Client-Attestation-PoP</tt> HTTP request header field present in the request.</t>
          </li>
          <li>
            <t>There is precisely one <tt>DPoP</tt> HTTP request header field present in the request.</t>
          </li>
          <li>
            <t>Validate the DPoP proof in accordance with <xref target="RFC9449"/>.</t>
          </li>
          <li>
            <t>The public key in the <tt>jwk</tt> header parameter of the DPoP proof <bcp14>MUST</bcp14> be identical to the public key in the <tt>cnf</tt> claim of the Client Attestation JWT.</t>
          </li>
          <li>
            <t>If the Client received a challenge through the Authorization Server's challenge endpoint or within previous responses as described in <xref target="challenges"/>, it <bcp14>MUST</bcp14> match the nonce payload claim of the DPoP proof.</t>
          </li>
        </ol>
      </section>
      <section anchor="errors">
        <name>Errors</name>
        <t>When validation errors specifically related to the use of client attestations are encountered the following additional error codes are defined for use in either Authorization Server authenticated endpoint error responses (as defined in <xref section="5.2" sectionFormat="of" target="RFC6749"/>) or Resource Server error responses (as defined in <xref section="3" sectionFormat="of" target="RFC6750"/>).</t>
        <ul spacing="normal">
          <li>
            <t><tt>use_attestation_challenge</tt> <bcp14>MUST</bcp14> be used when the Client Attestation PoP JWT is not using an expected server-provided challenge. When used this error code <bcp14>MUST</bcp14> be accompanied by the <tt>OAuth-Client-Attestation-Challenge</tt> HTTP header field parameter (as described in <xref target="challenge-in-response"/>).</t>
          </li>
          <li>
            <t><tt>use_fresh_attestation</tt> <bcp14>MUST</bcp14> be used when the Client Attestation JWT is deemed to be not fresh enough to be acceptable by the server.</t>
          </li>
          <li>
            <t><tt>invalid_client_attestation</tt> <bcp14>MAY</bcp14> be used in addition to the more general <tt>invalid_client</tt> error code as defined in <xref target="RFC6749"/> if the attestation or its proof of possession could not be successfully verified, the proof of possession is not supported.</t>
          </li>
        </ul>
        <t>In the event of errors due to situations not described above, Authorization and Resource Servers <bcp14>MUST</bcp14> follow the guidance of <xref target="RFC6749"/> and <xref target="RFC6750"/> or their respective extensions of when to return suitable Error Responses.</t>
      </section>
      <section anchor="client-attestation-as-an-oauth-client-authentication">
        <name>Client Attestation as an OAuth Client Authentication</name>
        <t>A Client Attestation may be used as an OAuth 2 Client Authentication mechanism as described in <xref section="2.3" sectionFormat="of" target="RFC6749"/> towards an Authorization Server.  If the token request contains a <tt>client_id</tt> parameter as per <xref target="RFC6749"/> the Authorization Server <bcp14>MUST</bcp14> verify that the value of this parameter is the same as the client_id value in the <tt>sub</tt> claim of the Client Attestation.</t>
        <t>The following example demonstrates usage of the client attestation mechanism in an access token request (with extra line breaks for display purposes only):</t>
        <sourcecode type="http"><![CDATA[
POST /token HTTP/1.1
Host: as.example.com
Content-Type: application/x-www-form-urlencoded
OAuth-Client-Attestation: eyJ0eXAiOiJvYXV0aC1jbGllbnQtYXR0ZXN0YXRpb24
rand0IiwiYWxnIjoiRVMyNTYiLCJraWQiOiIxMSJ9.eyJzdWIiOiJodHRwczovL2NsaWV
udC5leGFtcGxlLmNvbSIsImlhdCI6MTc3MjQ4NzU5NSwiZXhwIjoyNTI5ODY2Mzk0LCJj
bmYiOnsiandrIjp7Imt0eSI6IkVDIiwidXNlIjoic2lnIiwiY3J2IjoiUC0yNTYiLCJ4I
joiVmNLVk5CWjRJYUJBWVczanhNNHczVEpGVkE3bXllVUdReUd0LWdfeXZwUSIsInkiOi
JmLUUtaFlFM1RBV0t3aFZ2OXBlajlOQUJzOVNYOVhzTk84MHg1N2pGVHlVIn19fQ._TS4
d-LAnRlwdN97wiVnl4z7C9gvm45IWr-BvGTzeZaHtZtgNZ88gvzroU3LElUPbgF4kWi_D
FORnKzsx5yu6A
OAuth-Client-Attestation-PoP: eyJ0eXAiOiJvYXV0aC1jbGllbnQtYXR0ZXN0YXRp
b24tcG9wK2p3dCIsImFsZyI6IkVTMjU2In0.eyJhdWQiOiJodHRwczovL2FzLmV4YW1wb
GUuY29tIiwianRpIjoiZDI1ZDAwYWItNTUyYi00NmZjLWFlMTktOThmNDQwZjI1MDY0Ii
wiaWF0IjoxNzcyNDg3NTk1LCJjaGFsbGVuZ2UiOiI1YzFhOWUxMC0yOWZmLTRjMmItYWU
3My01N2MwOTU3YzA5YzQifQ.M4Uc4rWVAqaLlmDDUXQKkKPbAQKj0JrTizLgWhZndmbkv
M3VL8y-w_QJr7Z0HZlH94E64cLa8L5fSjJItYv0jg

grant_type=authorization_code&
code=n0esc3NRze7LTCu7iYzS6a5acc3f0ogp4
]]></sourcecode>
      </section>
      <section anchor="additional-security-signal">
        <name>Client Attestation as an additional security signal</name>
        <t>A Client Attestation may be used as a (additional) security signal towards an Authorization Server or Resource Server. This may provide additional assurance about the client's authenticity, integrity, state or other information contained in the Client Attestation. When used at the Authorization Server, the Client Attestation may appear alongside existing OAuth 2 Client Authentication mechanisms.</t>
        <t>An Authorization Server or Resource Server <bcp14>MAY</bcp14> signal a requirement to Clients for presenting a Client Attestation and its Proof of Possession as an additional security signal alongside the regular request. A server signals this demand by including the <tt>client_attestation_pop_methods_supported</tt> metadata parameter in its published metadata, as defined in <xref target="RFC8414"/> for the Authorization Server and in <xref target="RFC9728"/> for the Resource Server. The value of <tt>client_attestation_pop_methods_supported</tt> is a JSON array of case-sensitive strings, each identifying a Proof of Possession method that the server accepts, as registered in the "OAuth Client Attestation Proof-of-Possession Methods" registry established by this specification (see <xref target="pop-methods"/>). A server <bcp14>MUST NOT</bcp14> include a method it does not accept, and the array <bcp14>MUST NOT</bcp14> be empty when the parameter is present.</t>
        <t>When the parameter is omitted, presenting a Client Attestation as an additional security signal is <bcp14>OPTIONAL</bcp14>.
When the parameter includes <tt>none</tt>, the Client <bcp14>MAY</bcp14> omit the Client Attestation.
If the Client sends a Client Attestation, it <bcp14>MUST</bcp14> use one of the supported Proof of Possession methods.
For example, for <tt>"client_attestation_pop_methods_supported": ["dpop_combined", "none"]</tt>, the server accepts requests without a Client Attestation as well as requests carrying a Client Attestation with a DPoP proof as the Proof of Possession.
When the parameter is present and does not include <tt>none</tt>, a Client <bcp14>SHOULD</bcp14> include the Client Attestation and its Proof of Possession in its requests to that server, and the Client <bcp14>MUST</bcp14> use one of the listed Proof of Possession methods.</t>
        <t>This specification registers the following Proof of Possession methods:</t>
        <ul spacing="normal">
          <li>
            <t><tt>attestation_pop_jwt</tt>: The Proof of Possession is a dedicated Client Attestation PoP JWT as defined in <xref target="client-attestation-pop-jwt"/> ("normal mode").</t>
          </li>
          <li>
            <t><tt>dpop_combined</tt>: The Proof of Possession is a DPoP proof serving as the combined Proof of Possession as defined in <xref target="dpop-combined-mode"/> ("DPoP combined mode").</t>
          </li>
          <li>
            <t><tt>none</tt>: No Client Attestation is required. A server includes this value to signal that the Client <bcp14>MAY</bcp14> omit the Client Attestation.</t>
          </li>
        </ul>
        <t>The following example demonstrates usage of the client attestation mechanism in a PAR request as defined in <xref target="RFC9126"/> alongside client_secret (with extra line breaks for display purposes only):</t>
        <sourcecode type="http"><![CDATA[
POST /as/par HTTP/1.1
Host: as.example.com
Content-Type: application/x-www-form-urlencoded
OAuth-Client-Attestation: eyJ0eXAiOiJvYXV0aC1jbGllbnQtYXR0ZXN0YXRpb24
rand0IiwiYWxnIjoiRVMyNTYiLCJraWQiOiIxMSJ9.eyJzdWIiOiJodHRwczovL2NsaWV
udC5leGFtcGxlLmNvbSIsImlhdCI6MTc3MjQ4NzU5NSwiZXhwIjoyNTI5ODY2Mzk0LCJj
bmYiOnsiandrIjp7Imt0eSI6IkVDIiwidXNlIjoic2lnIiwiY3J2IjoiUC0yNTYiLCJ4I
joiVmNLVk5CWjRJYUJBWVczanhNNHczVEpGVkE3bXllVUdReUd0LWdfeXZwUSIsInkiOi
JmLUUtaFlFM1RBV0t3aFZ2OXBlajlOQUJzOVNYOVhzTk84MHg1N2pGVHlVIn19fQ._TS4
d-LAnRlwdN97wiVnl4z7C9gvm45IWr-BvGTzeZaHtZtgNZ88gvzroU3LElUPbgF4kWi_D
FORnKzsx5yu6A
OAuth-Client-Attestation-PoP: eyJ0eXAiOiJvYXV0aC1jbGllbnQtYXR0ZXN0YXRp
b24tcG9wK2p3dCIsImFsZyI6IkVTMjU2In0.eyJhdWQiOiJodHRwczovL2FzLmV4YW1wb
GUuY29tIiwianRpIjoiZDI1ZDAwYWItNTUyYi00NmZjLWFlMTktOThmNDQwZjI1MDY0Ii
wiaWF0IjoxNzcyNDg3NTk1LCJjaGFsbGVuZ2UiOiI1YzFhOWUxMC0yOWZmLTRjMmItYWU
3My01N2MwOTU3YzA5YzQifQ.M4Uc4rWVAqaLlmDDUXQKkKPbAQKj0JrTizLgWhZndmbkv
M3VL8y-w_QJr7Z0HZlH94E64cLa8L5fSjJItYv0jg

response_type=code
&state=af0ifjsldkj
&client_id=s6BhdRkqt3
&client_secret=7Fjfp0ZBr1KtDRbnfVdmIw
&redirect_uri=https%3A%2F%2Fclient.example.org%2Fcb
&code_challenge=K2-ltc83acc4h0c9w6ESC_rEMTJ3bww-uCHaoeK1t8U
&code_challenge_method=S256&scope=account-information
]]></sourcecode>
        <t>The following example demonstrates usage of the client attestation mechanism at the Resource Server (with extra line breaks for display purposes only):</t>
        <sourcecode type="http"><![CDATA[
POST /api/users/list HTTP/1.1
Host: rs.example.com
Content-Type: application/x-www-form-urlencoded
Authorization: Bearer mF_9.B5f-4.1JqM
Accept: application/json
OAuth-Client-Attestation: eyJ0eXAiOiJvYXV0aC1jbGllbnQtYXR0ZXN0YXRpb24
rand0IiwiYWxnIjoiRVMyNTYiLCJraWQiOiIxMSJ9.eyJzdWIiOiJodHRwczovL2NsaWV
udC5leGFtcGxlLmNvbSIsImlhdCI6MTc3MjQ4NzU5NSwiZXhwIjoyNTI5ODY2Mzk0LCJj
bmYiOnsiandrIjp7Imt0eSI6IkVDIiwidXNlIjoic2lnIiwiY3J2IjoiUC0yNTYiLCJ4I
joiVmNLVk5CWjRJYUJBWVczanhNNHczVEpGVkE3bXllVUdReUd0LWdfeXZwUSIsInkiOi
JmLUUtaFlFM1RBV0t3aFZ2OXBlajlOQUJzOVNYOVhzTk84MHg1N2pGVHlVIn19fQ._TS4
d-LAnRlwdN97wiVnl4z7C9gvm45IWr-BvGTzeZaHtZtgNZ88gvzroU3LElUPbgF4kWi_D
FORnKzsx5yu6A
OAuth-Client-Attestation-PoP: eyJ0eXAiOiJvYXV0aC1jbGllbnQtYXR0ZXN0YXRp
b24tcG9wK2p3dCIsImFsZyI6IkVTMjU2In0.eyJhdWQiOiJodHRwczovL3JzLmV4YW1wb
GUuY29tIiwianRpIjoiZDI1ZDAwYWItNTUyYi00NmZjLWFlMTktOThmNDQwZjI1MDY0Ii
wiaWF0IjoxNzcyNDg3NTk1LCJjaGFsbGVuZ2UiOiI1YzFhOWUxMC0yOWZmLTRjMmItYWU
3My01N2MwOTU3YzA5YzQifQ.Uh-vRynTGGARZNqijGyovBMm_EsX5qu0fg0VGPVRsp1rJ
dF7rElbZcEv0CAtzm5kXhjSXHYGxEVb0I7HIeUFRg
]]></sourcecode>
      </section>
    </section>
    <section anchor="as-metadata">
      <name>Authorization Server and Resource Server Metadata</name>
      <t>The Authorization Server <bcp14>SHOULD</bcp14> communicate support for authentication with Attestation-Based Client Authentication using a Client Attestation PoP JWT as the PoP by using the value <tt>attest_jwt_client_auth</tt> in the <tt>token_endpoint_auth_methods_supported</tt> within its published metadata. The Authorization Server <bcp14>SHOULD</bcp14> communicate support for authentication with Attestation-Based Client Authentication using a DPoP proof as the PoP by using the value <tt>attest_jwt_client_auth_dpop</tt> in the <tt>token_endpoint_auth_methods_supported</tt> within its published metadata. The client <bcp14>SHOULD</bcp14> fetch and parse the Authorization Server metadata and recognize Attestation-Based Client Authentication as a client authentication mechanism if either of the given <tt>token_endpoint_auth_methods_supported</tt> values are present.</t>
      <t>The Authorization Server or Resource Server <bcp14>SHOULD</bcp14> communicate supported algorithms for client attestations by using <tt>client_attestation_signing_alg_values_supported</tt> and <tt>client_attestation_pop_signing_alg_values_supported</tt> within its published metadata. This enables the client to validate that its client attestation is understood by the Authorization Server prior to authentication. The client <bcp14>MAY</bcp14> try to get a new client attestation with different algorithms. The Authorization Server or Resource Server <bcp14>MUST</bcp14> include <tt>client_attestation_signing_alg_values_supported</tt> and <tt>client_attestation_pop_signing_alg_values_supported</tt> in its published metadata if the Client Attestation PoP JWT mechanism is used. The Authorization Server or Resource Server <bcp14>MUST</bcp14> include <tt>dpop_signing_alg_values_supported</tt> as defined in <xref target="RFC9449"/>, if DPoP is used as the Proof of Possession in combined mode.</t>
      <t>The Authorization Server or Resource Server <bcp14>MAY</bcp14> signal that it requires a Client Attestation as an additional security signal as described in <xref target="additional-security-signal"/>. The Authorization Server includes the <tt>client_attestation_pop_methods_supported</tt> metadata parameter, containing a JSON array of the Proof of Possession methods it accepts, in its metadata as defined in <xref target="RFC8414"/>. The Resource Server uses the same <tt>client_attestation_pop_methods_supported</tt> parameter in its metadata as defined in <xref target="RFC9728"/>. The Proof of Possession method values are registered in the "OAuth Client Attestation Proof-of-Possession Methods" registry established by this specification (see <xref target="pop-methods"/>).</t>
    </section>
    <section anchor="implementation-considerations">
      <name>Implementation Considerations</name>
      <section anchor="dpop-combined-mode-considerations">
        <name>DPoP Combined Mode Considerations</name>
        <t>When using DPoP combined mode, the key used for client authentication and token binding is shared. This may be undesirable depending on the deployment considerations of the Client. Conversely, the benefits of this approach are as follows:</t>
        <ul spacing="normal">
          <li>
            <t>It authenticates (attests) the DPoP key used for sender-constraining tokens against the Client deployment.</t>
          </li>
          <li>
            <t>It reduces implementation complexity for the Client by minimizing the number of JWTs that need to be constructed or validated in a request.</t>
          </li>
          <li>
            <t>It reduces run-time costs for the Client by minimizing the number of cryptographic operations that need to be constructed in a request, especially if the keys are in a remote and/or hardware-backed key storage.</t>
          </li>
        </ul>
      </section>
      <section anchor="reuse-of-a-client-attestation-jwt">
        <name>Reuse of a Client Attestation JWT</name>
        <t>Implementers should be aware that the design of this authentication mechanism deliberately allows for a Client Instance to re-use a single Client Attestation JWT in multiple interactions/requests with an Authorization Server or Resource Server, whilst producing a fresh Client Attestation PoP JWT. Client deployments should consider this when determining the validity period for issued Client Attestation JWTs as this ultimately controls how long a Client Instance can re-use a single Client Attestation JWT.</t>
      </section>
      <section anchor="refresh-token-binding">
        <name>Refresh token binding</name>
        <t>Authorization servers issuing a refresh token in response to a token request using the client attestation mechanism as defined by this draft <bcp14>MUST</bcp14> bind the refresh token to the Client Instance and its associated public key, and NOT just the client as specified in <xref section="6" sectionFormat="of" target="RFC6749"/>. To prove this binding, the Client Instance <bcp14>MUST</bcp14> use the client attestation mechanism when refreshing an access token. The client <bcp14>MUST</bcp14> also use the same key that was present in the "cnf" claim of the client attestation that was used when the refresh token was issued.</t>
      </section>
      <section anchor="binding-of-oauth-protocol-artifacts">
        <name>Binding of OAuth protocol artifacts</name>
        <t>Authorization servers using Attestation-Based Client Authentication are <bcp14>RECOMMENDED</bcp14> to bind relevant protocol artifacts to the Client Instance and its associated public key where possible, and NOT just the client as specified in <xref target="RFC6749"/>. Note that this only applies if Attestation-Based Client Authentication is used as Client Authentication. Examples of these artifacts include but are not limited to:</t>
        <ul spacing="normal">
          <li>
            <t>The authorization_code as specified in <xref section="4.1" sectionFormat="of" target="RFC6749"/>.</t>
          </li>
          <li>
            <t>The auth_req_id as specified in section 7.3 <xref target="CIBA"/>.</t>
          </li>
        </ul>
        <t>How this binding is established and then proven is specific to the protocol artifact. For example establishing binding to an authorization_code involves the client instance using client attestation before the user is redirected to the Authorization Endpoint (for example by using PAR, <xref target="RFC9126"/>), and proving binding of the authorization_code to the Client Instance involves using the client attestation mechanism to authenticate at the token endpoint when performing the authorization code grant.</t>
      </section>
      <section anchor="web-server-default-maximum-http-header-sizes">
        <name>Web Server Default Maximum HTTP Header Sizes</name>
        <t>Because the Client Attestation and Client Attestation PoP are communicated using HTTP headers, implementers should consider that web servers may have a default maximum HTTP header size configured which could be too low to allow conveying a Client Attestation and or Client Attestation PoP in an HTTP request. It should be noted, that this limit is not given by the HTTP <xref target="RFC9112"/>, but instead web server implementations commonly set a default maximum size for HTTP headers. As of 2024, typical limits for modern web servers configure maximum HTTP headers as 8 kB or more as a default.</t>
      </section>
      <section anchor="rotation-of-client-instance-key">
        <name>Rotation of Client Instance Key</name>
        <t>This specification does not provide a mechanism to rotate the Client Instance Key in the Client Attestation JWT's "cnf" claim. If the Client Instance needs to use a new Client Instance Key for any reason, then it <bcp14>MUST</bcp14> request a new Client Attestation JWT from its Client Attester.</t>
      </section>
      <section anchor="implementation-consideration-replay">
        <name>Replay Attack Detection</name>
        <t>Authorization Server or Resource Servers implementing measures to detect replay attacks as described in <xref target="security-consideration-replay"/> require efficient data structures to manage large amounts of <tt>challenge</tt> or <tt>jti</tt> values for use cases with high volumes of transactions. To limit the size of the data structure, the Authorization Server or Resource Server should use a sliding window, allowing Client Attestation PoPs within a certain time window, in which the seen <tt>challenge</tt> or <tt>jti</tt> values are stored, but discarded afterwards. The allowed window is determined by the <tt>iat</tt> of the Client Attestation PoP and the sliding window time duration chosen by the Authorization Server or Resource Server. To ensure security, the Authorization Server or Resource Server <bcp14>MUST</bcp14> first evaluate the <tt>iat</tt> of the Client Attestation PoP and reject any Client Attestation PoP whose <tt>iat</tt> falls outside this time window. Using such a data structure, the Authorization Server or Resource Server performs the following operations:</t>
        <ul spacing="normal">
          <li>
            <t>search for the <tt>challenge</tt> or <tt>jti</tt> value of the Client Attestation PoP to validate whether it has been previously seen, and reject the Client Attestation PoP if it has</t>
          </li>
          <li>
            <t>insert the <tt>challenge</tt> or <tt>jti</tt> value of the Client Attestation PoP once it has passed all other checks</t>
          </li>
          <li>
            <t>delete <tt>challenge</tt> or <tt>jti</tt> values after they have passed the sliding time window</t>
          </li>
        </ul>
        <t>A trie (also called prefix tree), or a patricia trie (also called radix tree) are <bcp14>RECOMMENDED</bcp14> data structures to implement such a mechanism. Note that this seen-values mechanism is only needed when replay detection relies on a <tt>jti</tt> value or on a <tt>challenge</tt> obtained from the challenge endpoint. When the Authorization Server or Resource Server issues a challenge bound to a specific Client Instance session (see <xref target="security-consideration-replay"/>), it can instead validate the Client Attestation PoP against the single challenge value expected for that session, without maintaining a seen-values data structure.</t>
      </section>
      <section anchor="trust-management-and-key-resolution">
        <name>Trust Management and Key Resolution</name>
        <t>The mechanisms by which the Authorization Server establishes trust in the Client Attester, and by which it obtains the public keys used to verify Client Attestation JWTs, are out of scope of this specification.</t>
        <t>Attestation-Based Client Authentication protects the integrity of Client Attestations using either Message Authentication Codes (MACs) or digital signatures. When digital signatures are used, the Authorization Server needs to be able to obtain the corresponding public key, either through pre-configuration or through dynamic discovery.</t>
        <t>Examples of trust management approaches include:</t>
        <ul spacing="normal">
          <li>
            <t>Public Key Infrastructure (PKI) and trust lists.</t>
          </li>
          <li>
            <t>Pre-shared or out-of-band negotiated configuration (e.g., keys, URLs).</t>
          </li>
        </ul>
        <t>Specifications, profiles, and ecosystems built on top of Attestation-Based Client Authentication <bcp14>SHOULD</bcp14> adopt one of the following mechanisms to resolve the public key used to verify a Client Attestation JWT:</t>
        <ul spacing="normal">
          <li>
            <t>The <tt>x5c</tt> header parameter, as defined in <xref section="4.1.6" sectionFormat="of" target="RFC7515"/>, conveys an X.509 certificate chain in the JOSE header of each Client Attestation. Trust is established by validating the chain against a configured trust anchor.</t>
          </li>
          <li>
            <t>The <tt>kid</tt> header parameter combined with the <tt>jku</tt> header parameter, as defined in <xref section="4.1.2" sectionFormat="of" target="RFC7515"/> and <xref section="4.1.3" sectionFormat="of" target="RFC7515"/>. The Authorization Server retrieves a JWK Set from the URL indicated by <tt>jku</tt> and selects the key identified by <tt>kid</tt>. This approach is self-contained but requires an additional HTTP request, and trust must be established in the <tt>jku</tt> URL.</t>
          </li>
          <li>
            <t>The <tt>kid</tt> header parameter combined with Client Metadata or other pre-shared information. Client Metadata, as defined in <xref target="RFC7591"/>, includes a <tt>jwks_uri</tt> parameter which, together with <tt>kid</tt>, enables resolution of the verification key.</t>
          </li>
        </ul>
      </section>
    </section>
    <section anchor="privacy-considerations">
      <name>Privacy Considerations</name>
      <section anchor="client-instance-tracking-across-authorization-servers-or-resource-servers">
        <name>Client Instance Tracking Across Authorization Servers or Resource Servers</name>
        <t>Implementers should be aware that using the same client attestation across multiple Authorization Servers or Resource Servers could result in correlation of the end user using the Client Instance through claim values (including the Client Instance Key in the <tt>cnf</tt> claim). Client deployments are therefore <bcp14>RECOMMENDED</bcp14> to use different Client Attestation JWTs with different Client Instance Keys across different Authorization Servers or Resource Servers.</t>
      </section>
    </section>
    <section anchor="security-considerations">
      <name>Security Considerations</name>
      <t>The guidance provided by <xref target="RFC7519"/> and <xref target="RFC8725"/> applies.</t>
      <section anchor="security-consideration-replay">
        <name>Replay Attacks</name>
        <t>An Authorization/Resource Server <bcp14>SHOULD</bcp14> implement measures to detect replay attacks by the Client Instance. In the context of this specification, this means to detect that an attacker is resending the same Client Attestation PoP JWT in multiple requests. The following options are <bcp14>RECOMMENDED</bcp14> for this client authentication method:</t>
        <ul spacing="normal">
          <li>
            <t>The Authorization/Resource Server manages a list of witnessed <tt>jti</tt> values of the Client Attestation PoP JWT for the time window of which the JWT would be considered valid. This sliding time window is based on the <tt>iat</tt> of the Client Attestation PoP and the duration chosen by the Authorization/Resource Server. If any Client Attestation PoP JWT would be replayed, the Authorization/Resource Server would recognize the <tt>jti</tt> value in the list and respond with an authentication error. Details how to implement such a data structure to maintain <tt>jti</tt> values is given in <xref target="implementation-consideration-replay"/>.</t>
          </li>
          <li>
            <t>The Authorization/Resource Server provides a challenge as an <tt>OAuth-Client-Attestation-Challenge</tt> in the challenge endpoint to the Client Instance and the Client uses it as a <tt>challenge</tt> value in the Client Attestation PoP JWT. The Authorization/Resource Server may choose to:
            </t>
            <ul spacing="normal">
              <li>
                <t>manage a list of witnessed <tt>challenge</tt> values, similar to the previously described <tt>jti</tt> approach. Details how to implement such a data structure to maintain <tt>challenge</tt> values is given in <xref target="implementation-consideration-replay"/>. This guarantees stronger replay protection with a challenge chosen by the Authorization/Resource Server itself, at the potential cost of an additional round-trip.</t>
              </li>
              <li>
                <t>use self-contained challenges while not storing the seen challenges. This approach scales well, while only guaranteeing freshness, but no replay protection within the limited time-window chosen by the Authorization/Resource Server.</t>
              </li>
            </ul>
          </li>
          <li>
            <t>The Authorization/Resource Server generates a challenge that is bound to the Client Instance's session, such that a specific <tt>challenge</tt> in the Client Attestation PoP JWT is expected and validated. The Authorization/Resource Server sends the challenge as part of another previous response to the Client Instance.</t>
          </li>
        </ul>
        <t>Note that protocols that provide a challenge as part of a previous response should provide a clear indicator for clients when this feature is used. This makes it easier for client implementations to deal with proper state handling. This can be implicit by always mandating support for this feature or via some metadata that allows the client to detect support for this feature for a specific server.</t>
        <t>Because clock skews between servers and clients may be large, Authorization/Resource Servers <bcp14>MAY</bcp14> limit Client Attestation PoP lifetimes by using server-provided challenge values containing the time at the server rather than comparing the client-supplied iat time to the time at the server. Challenges created in this way yield the same result even in the face of arbitrarily large clock skews.</t>
        <t>In any case the Authorization/Resource Server <bcp14>SHOULD</bcp14> ensure the freshness of the Client Attestation PoP by checking either the iat claim or if present the server provided challenge, is within an acceptable time window.</t>
        <t>The approach using a challenge explicitly provided by the Authorization/Resource Server gives stronger replay attack detection guarantees, however support by the Authorization/Resource Server is <bcp14>OPTIONAL</bcp14> to simplify mandatory implementation requirements. The <tt>jti</tt> value is mandatory and hence acts as a default fallback.</t>
      </section>
      <section anchor="client-attestation-protection">
        <name>Client Attestation Protection</name>
        <t>This specification allows both, digital signatures using asymmetric cryptography, and Message Authentication Codes (MAC) to be used to protect Client Attestation JWTs. Implementers should only use MACs to secure the integrity of Client Attestation JWTs if they fully understand the risks of MACs when compared to digital signatures and especially the requirements of their use-case scenarios.
These use-cases typically represent deployments where the Client Attester and Authorization Server have a trust relationship and the possibility to securely exchange keys out of band or are the same entity and no other entity needs to verify the Client Attestations. We expect most deployments to use digital signatures for the protection of Client Attestations, and implementers <bcp14>SHOULD</bcp14> default to digital signatures if they are unsure.</t>
      </section>
    </section>
    <section anchor="relation-to-rats">
      <name>Relation to RATS</name>
      <t>The Remote Attestation Procedures (RATS) architecture defined by <xref target="RFC9334"/> has some commonalities to this document. The flow specified in this specification relates to the "Passport Model" in RATS. However, while the RATS ecosystem gives explicit methods and values how the RATS Attester proves itself to the Verifier, this is deliberately out of scope for Attestation-Based Client Authentication. Additionally, the terminology between RATS and OAuth is different:</t>
      <ul spacing="normal">
        <li>
          <t>a RATS "Attester" relates to an OAuth "Client"</t>
        </li>
        <li>
          <t>a RATS "Relying Party" relates to an OAuth "Authorization Server or Resource Server"</t>
        </li>
        <li>
          <t>a RATS "Verifier" relates to the "Client Attester" defined in this specification</t>
        </li>
        <li>
          <t>a RATS "Attestation Result" relates to the "Client Attestation JWT" defined by this specification</t>
        </li>
        <li>
          <t>a RATS "Endorser", "Reference Value Provider", "Endorsement", "Evidence" and "Policies and Reference Values" are out of scope for this specification</t>
        </li>
      </ul>
    </section>
    <section anchor="iana-considerations">
      <name>IANA Considerations</name>
      <section anchor="oauth-extensions-error-registration">
        <name>OAuth Extensions Error Registration</name>
        <t>This specification requests registration of the following values in the IANA "OAuth Extensions Error Registry" registry of <xref target="IANA.OAuth.Params"/> established by <xref target="RFC6749"/>.</t>
        <ul spacing="normal">
          <li>
            <t>Name: use_attestation_challenge</t>
          </li>
          <li>
            <t>Usage Location: token error response, resource access error response</t>
          </li>
          <li>
            <t>Protocol Extension: OAuth 2.0 Attestation-Based Client Authentication</t>
          </li>
          <li>
            <t>Change Controller: IETF</t>
          </li>
          <li>
            <t>Reference: <xref target="errors"/> of this specification</t>
          </li>
        </ul>
        <t><br/></t>
        <ul spacing="normal">
          <li>
            <t>Name: use_fresh_attestation</t>
          </li>
          <li>
            <t>Usage Location: token error response, resource access error response</t>
          </li>
          <li>
            <t>Protocol Extension: OAuth 2.0 Attestation-Based Client Authentication</t>
          </li>
          <li>
            <t>Change Controller: IETF</t>
          </li>
          <li>
            <t>Reference: <xref target="errors"/> of this specification</t>
          </li>
        </ul>
        <t><br/></t>
        <ul spacing="normal">
          <li>
            <t>Name: invalid_client_attestation</t>
          </li>
          <li>
            <t>Usage Location: token error response, resource access error response</t>
          </li>
          <li>
            <t>Protocol Extension: OAuth 2.0 Attestation-Based Client Authentication</t>
          </li>
          <li>
            <t>Change Controller: IETF</t>
          </li>
          <li>
            <t>Reference: <xref target="errors"/> of this specification</t>
          </li>
        </ul>
      </section>
      <section anchor="oauth-authorization-server-metadata-registration">
        <name>OAuth Authorization Server Metadata Registration</name>
        <t>This specification requests registration of the following values in the IANA "OAuth Authorization Server Metadata" registry of <xref target="IANA.OAuth.Params"/> established by <xref target="RFC8414"/>.</t>
        <ul spacing="normal">
          <li>
            <t>Metadata Name: challenge_endpoint</t>
          </li>
          <li>
            <t>Metadata Description: URL of the authorization server's challenge endpoint which is used to obtain a fresh challenge for usage in client authentication methods such as client attestation.</t>
          </li>
          <li>
            <t>Change Controller: IETF</t>
          </li>
          <li>
            <t>Reference: <xref target="challenge-endpoint"/> of this specification</t>
          </li>
        </ul>
        <t><br/></t>
        <ul spacing="normal">
          <li>
            <t>Metadata Name: client_attestation_signing_alg_values_supported</t>
          </li>
          <li>
            <t>Metadata Description: JSON array containing a list of the JWS signing algorithms supported by the authorization server for the signature on the Client Attestation JWT.</t>
          </li>
          <li>
            <t>Change Controller: IETF</t>
          </li>
          <li>
            <t>Reference: <xref target="as-metadata"/> of this specification</t>
          </li>
        </ul>
        <t><br/></t>
        <ul spacing="normal">
          <li>
            <t>Metadata Name: client_attestation_pop_signing_alg_values_supported</t>
          </li>
          <li>
            <t>Metadata Description: JSON array containing a list of the JWS signing algorithms supported by the authorization server for the signature on the Client Attestation PoP JWT.</t>
          </li>
          <li>
            <t>Change Controller: IETF</t>
          </li>
          <li>
            <t>Reference: <xref target="as-metadata"/> of this specification</t>
          </li>
        </ul>
      </section>
      <section anchor="oauth-protected-resource-metadata-registration">
        <name>OAuth Protected Resource Metadata Registration</name>
        <t>This specification requests registration of the following values in the IANA "OAuth Protected Resource Metadata" registry of <xref target="IANA.OAuth.Params"/> established by <xref target="RFC9728"/>.</t>
        <ul spacing="normal">
          <li>
            <t>Metadata Name: challenge_endpoint</t>
          </li>
          <li>
            <t>Metadata Description: URL of the protected resource's challenge endpoint which is used to obtain a fresh challenge for usage in client authentication methods such as client attestation.</t>
          </li>
          <li>
            <t>Change Controller: IETF</t>
          </li>
          <li>
            <t>Reference: <xref target="challenge-endpoint"/> of this specification</t>
          </li>
        </ul>
        <t><br/></t>
        <ul spacing="normal">
          <li>
            <t>Metadata Name: client_attestation_pop_methods_supported</t>
          </li>
          <li>
            <t>Metadata Description: JSON array of strings, each identifying a Proof of Possession method the authorization server accepts when requiring Clients to present a Client Attestation as an additional security signal. If omitted, presenting a Client Attestation is not required.</t>
          </li>
          <li>
            <t>Change Controller: IETF</t>
          </li>
          <li>
            <t>Reference: <xref target="additional-security-signal"/> of this specification</t>
          </li>
        </ul>
      </section>
      <section anchor="oauth-protected-resource-metadata-registration-1">
        <name>OAuth Protected Resource Metadata Registration</name>
        <t>This specification requests registration of the following value in the IANA "OAuth Protected Resource Metadata" registry of <xref target="IANA.OAuth.Params"/> established by <xref target="RFC9728"/>.</t>
        <ul spacing="normal">
          <li>
            <t>Metadata Name: client_attestation_pop_methods_supported</t>
          </li>
          <li>
            <t>Metadata Description: JSON array of strings, each identifying a Proof of Possession method the protected resource accepts when requiring Clients to present a Client Attestation as an additional security signal. If omitted, presenting a Client Attestation is not required.</t>
          </li>
          <li>
            <t>Change Controller: IETF</t>
          </li>
          <li>
            <t>Reference: <xref target="additional-security-signal"/> of this specification</t>
          </li>
        </ul>
      </section>
      <section anchor="pop-methods">
        <name>OAuth Client Attestation Proof-of-Possession Methods Registry</name>
        <t>This specification establishes the IANA "OAuth Client Attestation Proof-of-Possession Methods" registry. This registry lists the Proof of Possession methods that a Client may use to demonstrate possession of the Client Instance Key, referenced by the <tt>client_attestation_pop_methods_supported</tt> metadata parameter defined in <xref target="additional-security-signal"/>.</t>
        <t>Client Attestation Proof-of-Possession Methods are registered by Specification Required <xref target="RFC8126"/> after a two-week review period on the oauth-ext-review@ietf.org mailing list, on the advice of one or more Designated Experts. To allow for the allocation of values prior to publication of the final version of a specification, the designated experts may approve registration once they are satisfied that the specification will be completed and published. However, if the specification is not completed and published in a timely manner, as determined by the designated experts, the designated experts may request that IANA withdraw the registration.</t>
        <t>Registration requests sent to the mailing list for review should use an appropriate subject (e.g., "Request to register Client Attestation PoP: example").</t>
        <t>Within the review period, the designated experts will either approve or deny the registration request, communicating this decision to the review list and IANA. Denials should include an explanation and, if applicable, suggestions as to how to make the request successful. If the designated experts are not responsive, the registration requesters should contact IANA to escalate the process.</t>
        <t>Designated experts should apply at least the following criteria when reviewing proposed registrations:</t>
        <ul spacing="normal">
          <li>
            <t>the mechanism should not duplicate existing functionality</t>
          </li>
          <li>
            <t>the mechanism is likely generally applicable, as opposed to being used for a single application</t>
          </li>
          <li>
            <t>the specification sufficiently describes how the Proof of Possession method works in combination with a Client Attestation</t>
          </li>
        </ul>
        <t>IANA must only accept registry updates from the designated experts and should direct all requests for registration to the review mailing list.</t>
        <t>In order to enable broadly informed review of registration decisions, there should be multiple designated experts to represent the perspectives of different applications using this specification. In cases where registration may be perceived as a conflict of interest for a particular expert, that expert should defer to the judgment of the other experts.</t>
        <t>The mailing list is used to enable public review of registration requests, which enables both designated experts and other interested parties to provide feedback on proposed registrations. Designated experts may allocate values prior to publication of the final specification. This allows authors to receive guidance from the designated experts early, so any identified issues can be fixed before the final specification is published.</t>
        <section anchor="registration-template">
          <name>Registration Template</name>
          <ul spacing="normal">
            <li>
              <t>Method Name: The name of the Proof of Possession method, a case-sensitive ASCII string.</t>
            </li>
            <li>
              <t>Method Description: A brief description of the mechanism.</t>
            </li>
            <li>
              <t>Change Controller: For values registered by this specification, IETF.</t>
            </li>
            <li>
              <t>Reference: A reference to the specification that defines the mechanism.</t>
            </li>
          </ul>
        </section>
        <section anchor="initial-registry-content">
          <name>Initial Registry Content</name>
          <ul spacing="normal">
            <li>
              <t>Method Name: attestation_pop_jwt</t>
            </li>
            <li>
              <t>Method Description: The Proof of Possession is a dedicated Client Attestation PoP JWT ("normal mode").</t>
            </li>
            <li>
              <t>Change Controller: IETF</t>
            </li>
            <li>
              <t>Reference: <xref target="client-attestation-pop-jwt"/> of this specification</t>
            </li>
          </ul>
          <t><br/></t>
          <ul spacing="normal">
            <li>
              <t>Method Name: dpop_combined</t>
            </li>
            <li>
              <t>Method Description: The Proof of Possession is a DPoP proof serving as the combined Proof of Possession ("DPoP combined mode").</t>
            </li>
            <li>
              <t>Change Controller: IETF</t>
            </li>
            <li>
              <t>Reference: <xref target="dpop-combined-mode"/> of this specification</t>
            </li>
          </ul>
          <t><br/></t>
          <ul spacing="normal">
            <li>
              <t>Method Name: none</t>
            </li>
            <li>
              <t>Method Description: No Client Attestation is required. When a server includes this value, the Client <bcp14>MAY</bcp14> omit the Client Attestation.</t>
            </li>
            <li>
              <t>Change Controller: IETF</t>
            </li>
            <li>
              <t>Reference: <xref target="additional-security-signal"/> of this specification</t>
            </li>
          </ul>
        </section>
      </section>
      <section anchor="registration-of-attestjwtclientauth-token-endpoint-authentication-method">
        <name>Registration of attest_jwt_client_auth Token Endpoint Authentication Method</name>
        <t>This section registers the value "attest_jwt_client_auth" in the IANA "OAuth Token Endpoint Authentication Methods" registry established by OAuth 2.0 Dynamic Client Registration Protocol <xref target="RFC7591"/>.</t>
        <ul spacing="normal">
          <li>
            <t>Token Endpoint Authentication Method Name: "attest_jwt_client_auth"</t>
          </li>
          <li>
            <t>Change Controller: IESG</t>
          </li>
          <li>
            <t>Specification Document(s): <xref target="as-metadata"/> of this specification</t>
          </li>
        </ul>
      </section>
      <section anchor="registration-of-attestjwtclientauthdpop-token-endpoint-authentication-method">
        <name>Registration of attest_jwt_client_auth_dpop Token Endpoint Authentication Method</name>
        <t>This section registers the value "attest_jwt_client_auth_dpop" in the IANA "OAuth Token Endpoint Authentication Methods" registry established by OAuth 2.0 Dynamic Client Registration Protocol <xref target="RFC7591"/>.</t>
        <ul spacing="normal">
          <li>
            <t>Token Endpoint Authentication Method Name: "attest_jwt_client_auth_dpop"</t>
          </li>
          <li>
            <t>Change Controller: IESG</t>
          </li>
          <li>
            <t>Specification Document(s): <xref target="dpop-combined-mode"/> of this specification</t>
          </li>
        </ul>
      </section>
      <section anchor="http-field-name-registration">
        <name>HTTP Field Name Registration</name>
        <t>This section requests registration of the following scheme in the "Hypertext Transfer Protocol (HTTP) Field Name Registry" <xref target="IANA.HTTP.Fields"/> described in <xref target="RFC9110"/>:</t>
        <ul spacing="normal">
          <li>
            <t>Field Name: OAuth-Client-Attestation</t>
          </li>
          <li>
            <t>Status: permanent</t>
          </li>
          <li>
            <t>Structured Type: Item</t>
          </li>
          <li>
            <t>Reference: <xref target="client-attestation-jwt"/> of this specification</t>
          </li>
        </ul>
        <t><br/></t>
        <ul spacing="normal">
          <li>
            <t>Field Name: OAuth-Client-Attestation-PoP</t>
          </li>
          <li>
            <t>Status: permanent</t>
          </li>
          <li>
            <t>Structured Type: Item</t>
          </li>
          <li>
            <t>Reference: <xref target="client-attestation-pop-jwt"/> of this specification</t>
          </li>
        </ul>
        <t><br/></t>
        <ul spacing="normal">
          <li>
            <t>Field Name: OAuth-Client-Attestation-Challenge</t>
          </li>
          <li>
            <t>Status: permanent</t>
          </li>
          <li>
            <t>Structured Type: Item</t>
          </li>
          <li>
            <t>Reference: <xref target="challenges"/> of this specification</t>
          </li>
        </ul>
      </section>
    </section>
  </middle>
  <back>
    <references anchor="sec-combined-references">
      <name>References</name>
      <references anchor="sec-normative-references">
        <name>Normative References</name>
        <reference anchor="RFC6749">
          <front>
            <title>The OAuth 2.0 Authorization Framework</title>
            <author fullname="D. Hardt" initials="D." role="editor" surname="Hardt"/>
            <date month="October" year="2012"/>
            <abstract>
              <t>The OAuth 2.0 authorization framework enables a third-party application to obtain limited access to an HTTP service, either on behalf of a resource owner by orchestrating an approval interaction between the resource owner and the HTTP service, or by allowing the third-party application to obtain access on its own behalf. This specification replaces and obsoletes the OAuth 1.0 protocol described in RFC 5849. [STANDARDS-TRACK]</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="6749"/>
          <seriesInfo name="DOI" value="10.17487/RFC6749"/>
        </reference>
        <reference anchor="RFC6750">
          <front>
            <title>The OAuth 2.0 Authorization Framework: Bearer Token Usage</title>
            <author fullname="M. Jones" initials="M." surname="Jones"/>
            <author fullname="D. Hardt" initials="D." surname="Hardt"/>
            <date month="October" year="2012"/>
            <abstract>
              <t>This specification describes how to use bearer tokens in HTTP requests to access OAuth 2.0 protected resources. Any party in possession of a bearer token (a "bearer") can use it to get access to the associated resources (without demonstrating possession of a cryptographic key). To prevent misuse, bearer tokens need to be protected from disclosure in storage and in transport. [STANDARDS-TRACK]</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="6750"/>
          <seriesInfo name="DOI" value="10.17487/RFC6750"/>
        </reference>
        <reference anchor="RFC7515">
          <front>
            <title>JSON Web Signature (JWS)</title>
            <author fullname="M. Jones" initials="M." surname="Jones"/>
            <author fullname="J. Bradley" initials="J." surname="Bradley"/>
            <author fullname="N. Sakimura" initials="N." surname="Sakimura"/>
            <date month="May" year="2015"/>
            <abstract>
              <t>JSON Web Signature (JWS) represents content secured with digital signatures or Message Authentication Codes (MACs) using JSON-based data structures. Cryptographic algorithms and identifiers for use with this specification are described in the separate JSON Web Algorithms (JWA) specification and an IANA registry defined by that specification. Related encryption capabilities are described in the separate JSON Web Encryption (JWE) specification.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="7515"/>
          <seriesInfo name="DOI" value="10.17487/RFC7515"/>
        </reference>
        <reference anchor="RFC7591">
          <front>
            <title>OAuth 2.0 Dynamic Client Registration Protocol</title>
            <author fullname="J. Richer" initials="J." role="editor" surname="Richer"/>
            <author fullname="M. Jones" initials="M." surname="Jones"/>
            <author fullname="J. Bradley" initials="J." surname="Bradley"/>
            <author fullname="M. Machulak" initials="M." surname="Machulak"/>
            <author fullname="P. Hunt" initials="P." surname="Hunt"/>
            <date month="July" year="2015"/>
            <abstract>
              <t>This specification defines mechanisms for dynamically registering OAuth 2.0 clients with authorization servers. Registration requests send a set of desired client metadata values to the authorization server. The resulting registration responses return a client identifier to use at the authorization server and the client metadata values registered for the client. The client can then use this registration information to communicate with the authorization server using the OAuth 2.0 protocol. This specification also defines a set of common client metadata fields and values for clients to use during registration.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="7591"/>
          <seriesInfo name="DOI" value="10.17487/RFC7591"/>
        </reference>
        <reference anchor="RFC7519">
          <front>
            <title>JSON Web Token (JWT)</title>
            <author fullname="M. Jones" initials="M." surname="Jones"/>
            <author fullname="J. Bradley" initials="J." surname="Bradley"/>
            <author fullname="N. Sakimura" initials="N." surname="Sakimura"/>
            <date month="May" year="2015"/>
            <abstract>
              <t>JSON Web Token (JWT) is a compact, URL-safe means of representing claims to be transferred between two parties. The claims in a JWT are encoded as a JSON object that is used as the payload of a JSON Web Signature (JWS) structure or as the plaintext of a JSON Web Encryption (JWE) structure, enabling the claims to be digitally signed or integrity protected with a Message Authentication Code (MAC) and/or encrypted.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="7519"/>
          <seriesInfo name="DOI" value="10.17487/RFC7519"/>
        </reference>
        <reference anchor="RFC7800">
          <front>
            <title>Proof-of-Possession Key Semantics for JSON Web Tokens (JWTs)</title>
            <author fullname="M. Jones" initials="M." surname="Jones"/>
            <author fullname="J. Bradley" initials="J." surname="Bradley"/>
            <author fullname="H. Tschofenig" initials="H." surname="Tschofenig"/>
            <date month="April" year="2016"/>
            <abstract>
              <t>This specification describes how to declare in a JSON Web Token (JWT) that the presenter of the JWT possesses a particular proof-of- possession key and how the recipient can cryptographically confirm proof of possession of the key by the presenter. Being able to prove possession of a key is also sometimes described as the presenter being a holder-of-key.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="7800"/>
          <seriesInfo name="DOI" value="10.17487/RFC7800"/>
        </reference>
        <reference anchor="RFC8126">
          <front>
            <title>Guidelines for Writing an IANA Considerations Section in RFCs</title>
            <author fullname="M. Cotton" initials="M." surname="Cotton"/>
            <author fullname="B. Leiba" initials="B." surname="Leiba"/>
            <author fullname="T. Narten" initials="T." surname="Narten"/>
            <date month="June" year="2017"/>
            <abstract>
              <t>Many protocols make use of points of extensibility that use constants to identify various protocol parameters. To ensure that the values in these fields do not have conflicting uses and to promote interoperability, their allocations are often coordinated by a central record keeper. For IETF protocols, that role is filled by the Internet Assigned Numbers Authority (IANA).</t>
              <t>To make assignments in a given registry prudently, guidance describing the conditions under which new values should be assigned, as well as when and how modifications to existing values can be made, is needed. This document defines a framework for the documentation of these guidelines by specification authors, in order to assure that the provided guidance for the IANA Considerations is clear and addresses the various issues that are likely in the operation of a registry.</t>
              <t>This is the third edition of this document; it obsoletes RFC 5226.</t>
            </abstract>
          </front>
          <seriesInfo name="BCP" value="26"/>
          <seriesInfo name="RFC" value="8126"/>
          <seriesInfo name="DOI" value="10.17487/RFC8126"/>
        </reference>
        <reference anchor="RFC8414">
          <front>
            <title>OAuth 2.0 Authorization Server Metadata</title>
            <author fullname="M. Jones" initials="M." surname="Jones"/>
            <author fullname="N. Sakimura" initials="N." surname="Sakimura"/>
            <author fullname="J. Bradley" initials="J." surname="Bradley"/>
            <date month="June" year="2018"/>
            <abstract>
              <t>This specification defines a metadata format that an OAuth 2.0 client can use to obtain the information needed to interact with an OAuth 2.0 authorization server, including its endpoint locations and authorization server capabilities.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="8414"/>
          <seriesInfo name="DOI" value="10.17487/RFC8414"/>
        </reference>
        <reference anchor="RFC8725">
          <front>
            <title>JSON Web Token Best Current Practices</title>
            <author fullname="Y. Sheffer" initials="Y." surname="Sheffer"/>
            <author fullname="D. Hardt" initials="D." surname="Hardt"/>
            <author fullname="M. Jones" initials="M." surname="Jones"/>
            <date month="February" year="2020"/>
            <abstract>
              <t>JSON Web Tokens, also known as JWTs, are URL-safe JSON-based security tokens that contain a set of claims that can be signed and/or encrypted. JWTs are being widely used and deployed as a simple security token format in numerous protocols and applications, both in the area of digital identity and in other application areas. This Best Current Practices document updates RFC 7519 to provide actionable guidance leading to secure implementation and deployment of JWTs.</t>
            </abstract>
          </front>
          <seriesInfo name="BCP" value="225"/>
          <seriesInfo name="RFC" value="8725"/>
          <seriesInfo name="DOI" value="10.17487/RFC8725"/>
        </reference>
        <reference anchor="RFC9110">
          <front>
            <title>HTTP Semantics</title>
            <author fullname="R. Fielding" initials="R." role="editor" surname="Fielding"/>
            <author fullname="M. Nottingham" initials="M." role="editor" surname="Nottingham"/>
            <author fullname="J. Reschke" initials="J." role="editor" surname="Reschke"/>
            <date month="June" year="2022"/>
            <abstract>
              <t>The Hypertext Transfer Protocol (HTTP) is a stateless application-level protocol for distributed, collaborative, hypertext information systems. This document describes the overall architecture of HTTP, establishes common terminology, and defines aspects of the protocol that are shared by all versions. In this definition are core protocol elements, extensibility mechanisms, and the "http" and "https" Uniform Resource Identifier (URI) schemes.</t>
              <t>This document updates RFC 3864 and obsoletes RFCs 2818, 7231, 7232, 7233, 7235, 7538, 7615, 7694, and portions of 7230.</t>
            </abstract>
          </front>
          <seriesInfo name="STD" value="97"/>
          <seriesInfo name="RFC" value="9110"/>
          <seriesInfo name="DOI" value="10.17487/RFC9110"/>
        </reference>
        <reference anchor="RFC9112">
          <front>
            <title>HTTP/1.1</title>
            <author fullname="R. Fielding" initials="R." role="editor" surname="Fielding"/>
            <author fullname="M. Nottingham" initials="M." role="editor" surname="Nottingham"/>
            <author fullname="J. Reschke" initials="J." role="editor" surname="Reschke"/>
            <date month="June" year="2022"/>
            <abstract>
              <t>The Hypertext Transfer Protocol (HTTP) is a stateless application-level protocol for distributed, collaborative, hypertext information systems. This document specifies the HTTP/1.1 message syntax, message parsing, connection management, and related security concerns.</t>
              <t>This document obsoletes portions of RFC 7230.</t>
            </abstract>
          </front>
          <seriesInfo name="STD" value="99"/>
          <seriesInfo name="RFC" value="9112"/>
          <seriesInfo name="DOI" value="10.17487/RFC9112"/>
        </reference>
        <reference anchor="RFC9126">
          <front>
            <title>OAuth 2.0 Pushed Authorization Requests</title>
            <author fullname="T. Lodderstedt" initials="T." surname="Lodderstedt"/>
            <author fullname="B. Campbell" initials="B." surname="Campbell"/>
            <author fullname="N. Sakimura" initials="N." surname="Sakimura"/>
            <author fullname="D. Tonge" initials="D." surname="Tonge"/>
            <author fullname="F. Skokan" initials="F." surname="Skokan"/>
            <date month="September" year="2021"/>
            <abstract>
              <t>This document defines the pushed authorization request (PAR) endpoint, which allows clients to push the payload of an OAuth 2.0 authorization request to the authorization server via a direct request and provides them with a request URI that is used as reference to the data in a subsequent call to the authorization endpoint.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="9126"/>
          <seriesInfo name="DOI" value="10.17487/RFC9126"/>
        </reference>
        <reference anchor="RFC9449">
          <front>
            <title>OAuth 2.0 Demonstrating Proof of Possession (DPoP)</title>
            <author fullname="D. Fett" initials="D." surname="Fett"/>
            <author fullname="B. Campbell" initials="B." surname="Campbell"/>
            <author fullname="J. Bradley" initials="J." surname="Bradley"/>
            <author fullname="T. Lodderstedt" initials="T." surname="Lodderstedt"/>
            <author fullname="M. Jones" initials="M." surname="Jones"/>
            <author fullname="D. Waite" initials="D." surname="Waite"/>
            <date month="September" year="2023"/>
            <abstract>
              <t>This document describes a mechanism for sender-constraining OAuth 2.0 tokens via a proof-of-possession mechanism on the application level. This mechanism allows for the detection of replay attacks with access and refresh tokens.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="9449"/>
          <seriesInfo name="DOI" value="10.17487/RFC9449"/>
        </reference>
        <reference anchor="RFC9728">
          <front>
            <title>OAuth 2.0 Protected Resource Metadata</title>
            <author fullname="M.B. Jones" initials="M.B." surname="Jones"/>
            <author fullname="P. Hunt" initials="P." surname="Hunt"/>
            <author fullname="A. Parecki" initials="A." surname="Parecki"/>
            <date month="April" year="2025"/>
            <abstract>
              <t>This specification defines a metadata format that an OAuth 2.0 client or authorization server can use to obtain the information needed to interact with an OAuth 2.0 protected resource.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="9728"/>
          <seriesInfo name="DOI" value="10.17487/RFC9728"/>
        </reference>
        <reference anchor="IANA.HTTP.Fields" target="https://www.iana.org/assignments/http-fields/http-fields.xhtml">
          <front>
            <title>Hypertext Transfer Protocol (HTTP) Field Name Registry</title>
            <author>
              <organization>IANA</organization>
            </author>
            <date>n.d.</date>
          </front>
        </reference>
        <reference anchor="IANA.OAuth.Params" target="https://www.iana.org/assignments/oauth-parameters/oauth-parameters.xhtml">
          <front>
            <title>OAuth Parameters</title>
            <author>
              <organization>IANA</organization>
            </author>
            <date>n.d.</date>
          </front>
        </reference>
        <reference anchor="IANA.JOSE.ALGS" target="https://www.iana.org/assignments/jose/jose.xhtml#web-signature-encryption-algorithms">
          <front>
            <title>JSON Web Signature and Encryption Algorithms</title>
            <author>
              <organization>IANA</organization>
            </author>
            <date>n.d.</date>
          </front>
        </reference>
        <reference anchor="RFC2119">
          <front>
            <title>Key words for use in RFCs to Indicate Requirement Levels</title>
            <author fullname="S. Bradner" initials="S." surname="Bradner"/>
            <date month="March" year="1997"/>
            <abstract>
              <t>In many standards track documents several words are used to signify the requirements in the specification. These words are often capitalized. This document defines these words as they should be interpreted in IETF documents. This document specifies an Internet Best Current Practices for the Internet Community, and requests discussion and suggestions for improvements.</t>
            </abstract>
          </front>
          <seriesInfo name="BCP" value="14"/>
          <seriesInfo name="RFC" value="2119"/>
          <seriesInfo name="DOI" value="10.17487/RFC2119"/>
        </reference>
        <reference anchor="RFC8174">
          <front>
            <title>Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words</title>
            <author fullname="B. Leiba" initials="B." surname="Leiba"/>
            <date month="May" year="2017"/>
            <abstract>
              <t>RFC 2119 specifies common key words that may be used in protocol specifications. This document aims to reduce the ambiguity by clarifying that only UPPERCASE usage of the key words have the defined special meanings.</t>
            </abstract>
          </front>
          <seriesInfo name="BCP" value="14"/>
          <seriesInfo name="RFC" value="8174"/>
          <seriesInfo name="DOI" value="10.17487/RFC8174"/>
        </reference>
      </references>
      <references anchor="sec-informative-references">
        <name>Informative References</name>
        <reference anchor="RFC9334">
          <front>
            <title>Remote ATtestation procedureS (RATS) Architecture</title>
            <author fullname="H. Birkholz" initials="H." surname="Birkholz"/>
            <author fullname="D. Thaler" initials="D." surname="Thaler"/>
            <author fullname="M. Richardson" initials="M." surname="Richardson"/>
            <author fullname="N. Smith" initials="N." surname="Smith"/>
            <author fullname="W. Pan" initials="W." surname="Pan"/>
            <date month="January" year="2023"/>
            <abstract>
              <t>In network protocol exchanges, it is often useful for one end of a communication to know whether the other end is in an intended operating state. This document provides an architectural overview of the entities involved that make such tests possible through the process of generating, conveying, and evaluating evidentiary Claims. It provides a model that is neutral toward processor architectures, the content of Claims, and protocols.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="9334"/>
          <seriesInfo name="DOI" value="10.17487/RFC9334"/>
        </reference>
        <reference anchor="RFC7523">
          <front>
            <title>JSON Web Token (JWT) Profile for OAuth 2.0 Client Authentication and Authorization Grants</title>
            <author fullname="M. Jones" initials="M." surname="Jones"/>
            <author fullname="B. Campbell" initials="B." surname="Campbell"/>
            <author fullname="C. Mortimore" initials="C." surname="Mortimore"/>
            <date month="May" year="2015"/>
            <abstract>
              <t>This specification defines the use of a JSON Web Token (JWT) Bearer Token as a means for requesting an OAuth 2.0 access token as well as for client authentication.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="7523"/>
          <seriesInfo name="DOI" value="10.17487/RFC7523"/>
        </reference>
        <reference anchor="RFC9901">
          <front>
            <title>Selective Disclosure for JSON Web Tokens</title>
            <author fullname="D. Fett" initials="D." surname="Fett"/>
            <author fullname="K. Yasuda" initials="K." surname="Yasuda"/>
            <author fullname="B. Campbell" initials="B." surname="Campbell"/>
            <date month="November" year="2025"/>
            <abstract>
              <t>This specification defines a mechanism for the selective disclosure
of individual elements of a JSON data structure used as the payload
of a JSON Web Signature (JWS). The primary use case is the selective
disclosure of JSON Web Token (JWT) claims.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="9901"/>
          <seriesInfo name="DOI" value="10.17487/RFC9901"/>
        </reference>
        <reference anchor="CIBA" target="https://openid.net/specs/openid-client-initiated-backchannel-authentication-core-1_0.html">
          <front>
            <title>OpenID Connect Client-Initiated Backchannel Authentication Flow - Core 1.0</title>
            <author>
              <organization/>
            </author>
            <date>n.d.</date>
          </front>
        </reference>
      </references>
    </references>
    <?line 890?>

<section anchor="document-history">
      <name>Document History</name>
      <t>-10</t>
      <ul spacing="normal">
        <li>
          <t>add <tt>client_attestation_pop_methods_supported</tt> Authorization Server and Resource Server metadata</t>
        </li>
        <li>
          <t>establish the "OAuth Client Attestation Proof-of-Possession Methods" registry</t>
        </li>
        <li>
          <t>allow proof of possession mechanisms defined by other/future specifications</t>
        </li>
        <li>
          <t>clarify that DPoP can be used alongside <tt>attest_jwt_client_auth</tt> and which validation rules apply</t>
        </li>
        <li>
          <t>add short note that dpop_jkt cannot be used with the combined mode</t>
        </li>
        <li>
          <t>update Client Attestation PoP JWT examples to use <tt>challenge</tt> instead of <tt>nonce</tt> and include the required <tt>iat</tt> claim</t>
        </li>
        <li>
          <t>clean up references</t>
        </li>
        <li>
          <t>fix IANA registrations</t>
        </li>
        <li>
          <t>editorial fixes</t>
        </li>
        <li>
          <t>add clarification on Client Attester</t>
        </li>
        <li>
          <t>remove replay attack consideration to reuse existing artifacts as challenge</t>
        </li>
        <li>
          <t>clarifications around implementation consideration for replay attack detection</t>
        </li>
      </ul>
      <t>-09</t>
      <ul spacing="normal">
        <li>
          <t>restructure draft</t>
        </li>
        <li>
          <t>add section how to establish trust and resolve keys</t>
        </li>
        <li>
          <t>rephrasing of introduction text</t>
        </li>
        <li>
          <t>adding challenge request/response to graphic</t>
        </li>
        <li>
          <t>restructure and minor fixes to challenge section</t>
        </li>
        <li>
          <t>add mentioning or Resource Server, where applicable</t>
        </li>
        <li>
          <t>clarify that alg is required for Client Attestation JWT and Client Attestation PoP JWT</t>
        </li>
      </ul>
      <t>-08</t>
      <ul spacing="normal">
        <li>
          <t>remove concatenated Serialization for Client Attestations</t>
        </li>
        <li>
          <t>update all examples (removal of iss and nbf)</t>
        </li>
        <li>
          <t>remove <tt>iss</tt> from Client Attestation JWT and Client Attestation PoP JWT</t>
        </li>
        <li>
          <t>add small security consideration sub-section for MAC-based deployments</t>
        </li>
        <li>
          <t>remove public clients reference and clarify this draft targets confidential clients</t>
        </li>
        <li>
          <t>clarify this may be a client authentication mechanism but also may be not</t>
        </li>
        <li>
          <t>add examples for RS usage and non client authentication</t>
        </li>
        <li>
          <t>Add note on protocols providing a challenge on previous responses</t>
        </li>
        <li>
          <t>add structured-type to iana header field registration requests</t>
        </li>
        <li>
          <t>moving Authorization Server metadata into it's own top level section</t>
        </li>
        <li>
          <t>editorial fixes</t>
        </li>
      </ul>
      <t>-07</t>
      <ul spacing="normal">
        <li>
          <t>remove restrictions to not allow MAC-based algorithms</t>
        </li>
        <li>
          <t>require <tt>iat</tt> in Client Attestation PoP JWT</t>
        </li>
        <li>
          <t>clarify <tt>use_attestation_challenge</tt> and add <tt>invalid_client_attestation</tt></t>
        </li>
        <li>
          <t>add <tt>client_attestation_signing_alg_values_supported</tt> and <tt>client_attestation_pop_signing_alg_values_supported</tt> to IANA registration</t>
        </li>
        <li>
          <t>add implementation consideration for Authorization Server Metadata</t>
        </li>
        <li>
          <t>clarify refresh token binding</t>
        </li>
        <li>
          <t>check client_id at PAR endpoint</t>
        </li>
        <li>
          <t>added <tt>use_fresh_attestation</tt> as an error to signal that the attestation was not deemed fresh enough by the server</t>
        </li>
        <li>
          <t>mandate the defined header fields if the attestation and pop are transferred via header fields</t>
        </li>
      </ul>
      <t>-06</t>
      <ul spacing="normal">
        <li>
          <t>clarify client_id processing in token request with client attestation</t>
        </li>
        <li>
          <t>clarify usage of client attestation outside of oauth2 applications</t>
        </li>
        <li>
          <t>add oauth error response values <tt>invalid_client_attestation</tt> and <tt>use_attestation_challenge</tt></t>
        </li>
        <li>
          <t>revert the HTTP OPTIONS mechanism to fetch nonces and add a dedicated challenge endpoint</t>
        </li>
        <li>
          <t>rename nonce to challenge</t>
        </li>
        <li>
          <t>rewrite security consideration on replay attacks</t>
        </li>
        <li>
          <t>add implementation consideration on replay attacks</t>
        </li>
        <li>
          <t>remove <tt>exp</tt> from Client Attestation PoP JWT</t>
        </li>
        <li>
          <t>add verification and processing rules</t>
        </li>
      </ul>
      <t>-05</t>
      <ul spacing="normal">
        <li>
          <t>add nonce endpoint</t>
        </li>
        <li>
          <t>add metadata entry for nonce</t>
        </li>
        <li>
          <t>improve introduction</t>
        </li>
        <li>
          <t>rename client backend to client attester</t>
        </li>
        <li>
          <t>fix missing typ header in examples</t>
        </li>
      </ul>
      <t>-04</t>
      <ul spacing="normal">
        <li>
          <t>remove key attestation example</t>
        </li>
        <li>
          <t>restructured JWT Claims for better readability</t>
        </li>
        <li>
          <t>added JOSE typ values for Client Attestation and Client Attestation PoP</t>
        </li>
        <li>
          <t>add RATS relation</t>
        </li>
        <li>
          <t>add concatenated representation without headers</t>
        </li>
        <li>
          <t>add PAR endpoint example</t>
        </li>
        <li>
          <t>fix PoP examples to include jti and nonce</t>
        </li>
        <li>
          <t>add iana http field name registration</t>
        </li>
      </ul>
      <t>-03</t>
      <ul spacing="normal">
        <li>
          <t>remove usage of RFC7521 and the usage of client_assertion</t>
        </li>
        <li>
          <t>add new header-based syntax introducing Oauth-Client-Attestation and OAuth-Client-Attestation-PoP</t>
        </li>
        <li>
          <t>add Client Instance to the terminology and improve text around this concept</t>
        </li>
      </ul>
      <t>-02</t>
      <ul spacing="normal">
        <li>
          <t>add text on the inability to rotate the Client Instance Key</t>
        </li>
      </ul>
      <t>-01</t>
      <ul spacing="normal">
        <li>
          <t>Updated eIDAS example in appendix</t>
        </li>
        <li>
          <t>Removed text around jti claim in client attestation, refined text for its usage in the client attestation pop</t>
        </li>
        <li>
          <t>Refined text around cnf claim in client attestation</t>
        </li>
        <li>
          <t>Clarified how to bind refresh tokens to a Client Instance using this client authentication method</t>
        </li>
        <li>
          <t>Made it more explicit that the client authentication mechanism is general purpose making it compatible with extensions like PAR</t>
        </li>
        <li>
          <t>Updated acknowledgments</t>
        </li>
        <li>
          <t>Simplified the diagram in the introduction</t>
        </li>
        <li>
          <t>Updated references</t>
        </li>
        <li>
          <t>Added some guidance around replay attack detection</t>
        </li>
      </ul>
      <t>-00</t>
      <ul spacing="normal">
        <li>
          <t>Initial draft</t>
        </li>
      </ul>
    </section>
    <section numbered="false" anchor="acknowledgments">
      <name>Acknowledgments</name>
      <t>We would like to thank
Babis Routis,
Brian Campbell,
Dimitris Zarras,
Filip Skokan,
Francesco Marino,
Frederik Krogsdal Jacobsen,
Giuseppe De Marco,
Joseph Heenan,
Kristina Yasuda,
Micha Kraus,
Michael B. Jones,
Takahiko Kawasaki,
Timo Glastra
and
Torsten Lodderstedt
for their valuable contributions to this specification.</t>
    </section>
  </back>
  <!-- ##markdown-source:
H4sIAAAAAAAAA+196Xrb2JXgfz4FRvV1IiUkTWqxLHUqHWqzZWuzVsv99Ugg
cUlBAgEGAEXRjvMs8yzzZHOWu2GjKLuSrs6UvypbIoG7nHvu2ZdGo1FL/TQQ
m87CcWec3jnLzZbTSVORpG7qR2Fjy02E52wHvghTB5+Af/0efbdQg3/FIIqn
m06SerXADQebjghrNS/qhe4QBvVit582fJH2G5ELLzdca+guDt3o0dAN+rbd
qiXj7tBPEvg+nY5ghP3d8z3H+clxgySCReKvC3X4t7MF/0Qx/HQKn9TcWLjw
9ZnojWM/nS7UJlH8MIij8Qg+vRJdWnoU+19oauckjtKoFwULNX8UbzppPE7S
5VZro7Vcq4XjYVfEmzUPNrdZe9x0VmqPIhzDz44zz4iOwytfuIIl+OHAeYsv
4edD1w/gc4LEXxAozSge4Bdu3LuDL+7SdJRsvnqFz+FH/qNoqsde4QevunE0
ScQrGuEVvjnw07txVw3amAxevQzkOEbg4gPW/GqsJo/e9KMXjvrCx5t36RAA
V3MJopu1WgNW1R8HASPRedT13cQ5iKIHEcM3AA03lHDfdA475+en8Klg6Kb0
cDOgh/8yhHnj5iCIum6QG/XEHQcOYHfqu2Fh0K1x6InEi8c9GEX4ZvgRvNXs
8lt/GUVJKqKmJ3JDb9/FPj3hbEXx0A2L45+dnO4f7Zhhe/hGs8tP/2UwfMJB
ARXxgxTQAHHvdG/79frqhv5xrSV/XF9rr+kfN9rmU/Xs+puWevZNe/m1+nG1
vap+XF9WI2y02y3z47L+Ub+2sarXsLG+/AZ/3O8cdZrvzs9Pmnu+CLwEPwOk
lqfp0B/YP15feHKBPlFU5x3clTgVT6lzHrth0hexvkrOIo655NCgzhGA1jkV
A4BsPJVjuPFA2Ig7mUyaAHaXLwxQkUE4BCRLXuEDjT4tzv65+cSYJ7dAFLB5
4sbu8EV7YMpJ74lUxMlLV8dXZKTfL3yQW+f747PdZufg7dlLFvn+7PjIQbp1
BvO66TgWjht6zm7Yi6cjImGdAGg53PjhizdwHwFRwr94oT9NRLeRqGkaQk/R
cK0pan7Yz+H3xsrKqkbf5RX16UaLkHp7f6uzae/peCTC/R1nOwpD0Uslk2rs
hz7cvRS41pbbe+jdwY0SQY51OXtBNHEa8CqAod1sZfarySAM73vNUKSvkpHo
JfIDRbl8NQ8QND0P0TMzT6MHEzTaNy0icUDYGg3H7QIGu720Vju/8xMHh/b7
al2e6PuhSOBoHLgTIkRGCDTNgUEdw6BH+oYAeBykCkvwhJsC83W7Ab7u8CId
PwSqG/YEjuGHvWDswbE7D2La6EZA4xyLLjsTWDg8BAgHq0PGNYGTwpVkOd2Z
iB/hlgLvPRVJNI5hcP6o6dCGhgJh4SdD4NkA5YrFwBYeheOniaMhBnzbgWEA
GHB23al5jxcJc+KConHqxOJRuAEuEQfgc4NxPHiaRydgqNeazn4KvHdKMoST
4FodF5dlVgqIqCfLIgo8CATKwL7Jhzj0PS8AEv2Tsx+mceSNe/g0HGnsej7+
6AbynfJh4V7fRV5Sd5Jx7w4nuR3F/iNg0w2czc39JL2VqOAB1JyvX+WN+Pat
jtIFjBIEUwAD/IVrdDw/xhvQ45uAE3RFOhFwnog4vITfJw4iqsBTh//xi7KD
BWgB7vWiZAqwGyZ6gfj8fpKMRdx4FwUe/HPJZxU7w8iDGzZOrMXinaXFIkbo
1Q2H41BBIHb9BDCVtt2b4tJ7Ig4BIjCXnzqTaAxEn/G5fBOLflM08yiyhKcP
lw5AA8AElPZh9bzezAtLGtETRnN+kjconyyDzhLBbhSleJZ0CFGXMYrWGAuP
v0jwfsAhuyBFunAYhKs4uCdvSfba4x3sBn5yJ4p46aodSyEKoFyOU+kdCJoD
OCynH4P43FCkDyDiel4sEjrERPBCEsDkjqeQNZjKs3JHcDNdPPLeQxhNAuEN
BB++eIyCR9wHyPle0nNHwon66mIAto6CaErsoI6UJGaIuF0/wHuNGxmCaAaH
GRLFx4kSWprZhIDLCfI7YjVCGX7wASpT5w5QogsoCQIA0DCQ9BNYBnzuD0dR
DBQlbToHQBFid4DLG8HJI2MxYKR5HoFgoEhfJEfmEhZXWNcklZdWhLmrcDWC
L+IJIDWsFVC+D4c7DlLGrvRlZKEphSHYBe6IT03tq6FQx94gYHOEO4MrBsMw
X8UdgRTbi/0u38y0iHiKGSX8Jbw/CsQTnhiMB5P7Q/8Ln6Tow6jwHJ5kJe1A
nibwTg/deOqMxjGIyIQmJVP7jFY5CMCzRX7BZ+BpDDf0wJA0uhsELeB0Kd6y
wjOaB/DDILHHeGZOCnBEuhQgV0Jx1Mdr2EVOgzPdubE3caW8lET9lH6hTYn8
UiUE1KcIUeDhQH1g9Xg8Yd+XFELfHPksKo1w6YB2eXIXX7+eSWK+3GzjfFID
+PaNd2fIRPGUQQMf42WkPQuftmlxPlys5wZRKPLLKCCkmgMpEcklriYaeHFG
eAXxtiRS9bZe6QrcOssyPh/OnLM1S4UjX7JaSZCIZYxShEyGC9DDSU5q0jJT
HRgVAXgCeABL7yP2o84JYFFmDjNMHYEFkiyAFj8RBFOQTXDkzNOIRiR0WOQs
sR/blxhCE4GKA6uG/06iBLggSXmLJ9HJ0hzz7WspauZ81iYYJ/sRimO4dc93
B6BaIM32+eoDOiP9DAIyRfhwIbSCoGXNPorMaQTI7yVVUiGc29///ndAlJ7v
NwC6Uiex/yyuLBU+/WMD//yx8Pnf+O+Kzx/tz3kI+09muL8V1vG37Nf5w/xb
/u1FSUWWyt6eOfgzS8M//7vsvcXlJT3035zF1QLc1JczAfHHWd/VzKd/zu+C
fl9cWyrb4d9qi229OPpHwo9+/5OeAAbNoglv0HpRY7Oecd3MKFUNAxm5gcJy
MjPml/pDwLH+lB6SDZ3CF3+sGgr3+XqJLkv+cgL2jQzfZmrONAwvIBAqhPx5
CTkYiBCucEoSJCgRzmL+gQ9iyuLrwEV+ACLqSIok4hG50kzFTFLT3DWRwmyP
BKCuMAMZ7qkZZjwOQ9xgZCsldUPmbJaLwvmAuIlks8iWXeIgrJeQ7Vcz5jLq
CMsyM4IwX3igBzQMN4ssKiHxMWBB0FoRMr0SnpInFijj+SGRbhBMYaviryBg
w+a6vB8/RmaV0n7vkIrewfngwoGuBkBrhVeng8l8l6IIOPRTFPhJ4BgTq0t6
0ahCpALqizSjDDkSoFxSxiONpGIjsAm5dql6FJmJ8/7qXMqn0lCvzkgfPsoc
oG6g9AsDopCB0j/86o8McFD/AF5gr1Yv41kmWtfifMJssAIDYHoEfAzsSy5S
qtl0Q+RHJfeEj0PAJGO+UeFUS4sSZzwL2W2pDW/OKAr83pTsDriRzNWU3L0c
sLwZvFFoMYuAS4/upLLP9prsudlL1pN4WXmBZMVYwHGKOgvc1pQwkzUu/DZC
kQj0FjfOz4HHtVp+XHDWo4jwq3x1sB7EP6nKVOEUjL9WjryKTpHJg5EHUfMO
PhHhQKC6O6zUSX6fWE/CKkYREBdEyFj0BAiuZJ/KDuXCGcPhRmM0ZiWJO6DN
v36e7FaKdVILLD85HHx99rWtApqDMrw01CHilS1AHkoZbEC7bQ6ahnylEUg4
CsasZJSNiJqbNkKV0gjYMy2PaMgO/jaicRYTIZz//K/Fn0bRaGmJZyi1LtrX
u3TzbMIaJ8/TCqmSJeg/IBkW9PoANTyyd9oaCF9gN2/XVPYM5MwknpjNRz1Q
etRIvR7CBwZxSWgmuo53g8aCVZwEwgVtOISvDNHS4rUnUtcPWL9mGQBpOW4T
rl3duphoEGE+UUCXHCxKaXydmElXTCNpBJzFUJw9JnpDST3KlHgQVZikwXxd
BDEoe2i0w6Ujj4XPfLQqIEclqklWZpgWtPrYjxLLWiTVOC+C1QOYgMGjwqr1
d1RgCb5JHuuk2ZLYdw+AjHYbNGKVCQVErBJaIsIaBAvLzgJUPuxJXq9PGXRS
L8jTVUP+EAwoK0yQAV/d+cpgGaGtKi0VigqyiJIDGK8tzg+QQoGP8ADwATZg
ywH1ShaNTzJpwh2gOzNO0ijy2D4aPoppgXHqDaG9TRniUTHOmGlQKMPVFES0
/J4WCV2G/uAO/RJoWXKTpCjuIei0jEhCkJLqRPjoxxG5mJZoFRV8XnL45AX8
HYYzTKVum33oHZiIJGikjnXJk1Nn4ibGQGm4LbESNHSQuKFWT04h0uKjGBjI
EroKthHuIWMX7nQHLfxkS0mYRuGkkwj164XDi7NzDHTAf52jY/r5dPfjxf7p
7g7+fPauc3Cgf6jJJ87eHV8c7JifzJvbx4eHu0c7/DJ86mQ+qi0cdq4XWOpZ
OD453z8+6hwsFK1JJJfSNSfz+QjxG3A2qWUsUFvbJ//3/7RXna9f/9fp3vZy
u73x7Zv85U17fRV+QYLJs0UhAJN/Rcm3BsRZuCSIojWi54781A3YK5AA2QMA
A7GAe/aH/0TI/Nem86dub9Re/bP8ADec+VDBLPMhwaz4SeFlBmLJRyXTaGhm
Ps9BOrveznXmdwV368M//Ufgg/jcaL/5jz/XEIXOBZKqKIgGU+frT6n57Vut
Vk4INmubDmg/2v17Tjx+Eb5ZqhIZ8yYt+k3zkwwlIHNtgQ0heZgpw7KGOnRD
uBpycjctMG6jtOWJG1lyLeeFImnapUym7RJtMmYCVEEamqVArJbqDHjLnqmC
roaTNETKi19OjjMEXcHPrFONhcvoSCcMXUIlOuP5jHzBP0r+qshtcRikjXJH
mdOD6zcdDkUaw4+41pHrx1pXeXafhsGPxt1ADiFPQI+GyofSrGYaG6wx2IUQ
IntxR6Bv0iKkNDtLaGb8HKd+4H/h6VCEYbmNj3GkjzGPExgaBrDGSVMyjBSt
sOU3Ql0jnwy66INjWbFSHdJqCx/uGUCf0IWhzog9QhQnz0/muLRC05DiDoAe
54/DOvtp4R0QONErGwPO4G1KU2BYSdO5YvCRyUmKfDibcWDhbcPR0aERRnxr
fqoC9defVJyXFQB2P0m/McMreYuoOJqSQGTwiLnAPAtl5Gsh7y6RUU/fvjXz
RjVpfdGiv0QwXOE74Xp4prU/OLcg8t1uOoplsHpCH9KE5KJZAgaEL+h13nKw
TnGbf0QvfhOHdYNBcVj80FnUATHZcVnInkqncuYiqhf0ORLqlmP7S+CwHbj+
MAGVJ2VYJONucdH4IShx4+49oM4S0BN4J7tihsON76EKN9aEli2Y0iKBw4un
ElDjhyB1PY38WLpX/aEonQbHxC8ddL+S677ivmddcDQ0EyqUO8kRHs9QQ4tB
LryMWCAAyCyEsFOBMrmV811FaRpFXzTyScjRlcUzoeiGXhD1HpzkQUx01IYM
viBI9cJ+EVL4obNI/kTJ70rBxHwWH1Mqjronb1otkMMUMSFcqnIzRZrCVwFZ
qfvVYTTfEUrEvEGTg6cRRjDAMg3XXLifPCwgAYNvYC6J8gAy300BZEqekiDD
D51FDsIAtPkxtEJdQMZz5O+YkUuceEzBWHDZgKvW2rwQBBSIfnQXXbSPklWR
FgPkt4NSL19F5iwxWQxsDa47NQq1tEsrKAEpAE0d17RsTSa/9PwBCtNAv6XC
HsWWaGRMFnxWziGbvvKRc9tAlZ3Fw872LPPNM/cGVgXg6zs6RrB0KTietAPh
j300j8DOVn7gvmZsrAhWGl9pG3wSyDEFukUx7quC8cziNeLJxdNRPNoTzMck
eSeXqjsNItdj4YzEWSFShdSweWVHkuiT6FAwEGkfBftYa19rjrMAHGlBB3+X
syBQ7uBBYBv44O7Z8tpr/uTB9/CTdnuh9q3W5OGAPC1Y8Z48YFNuqAkqPL8K
Nwkea6+vL6++WV/bWKMP4YLCh8tryxtvXr9e2VilD4FMwYdfyf1Ft1X9ggtI
p7SkbRqUPgIyhB8BWpjPevEjfnbSUCunT5/ws8veh8ujrc+r++5W5/pq5f7p
cHWycv5+77KzPpyKi7cfp2/TxuBm+jj6aN6kSfuN3cbd9e7Keefqw+Tu8nFj
JO43jjpbycbZp41PydHxm9bT2vr93vn0gmNhv9Xw/2/ssLtCmZPJEJ8qM1IV
vzxD8kS6PzcRrKOoqC6vlo0RV0MHI6O1q8ZQRPpYYhqFODu3xHkbMjbWWs9t
AXF9GXbK6Gsz7pLX5SwSGaue2nTE9H1LfOr4x/77x+tPly13u33ffRsE3fBj
ev3ptPX501EL/h11l1drAECvte9P/Ourp3D/PvJPLw+nR+fX/sH2+9i9+giD
7D8dnr3faMKoX7yrfRw18t6dTnpfoseD5aPEvbqsjb3ttUC83Ut7b5+Cg+HR
Y/dsP9kfBnfe9v7rw/PeyuH9x9WjLxdrR2cT//OnuwnMBLPsrx3vXC8ffnlo
wWz3te7w2j8GuQGWFO/fj9b3h2lLnO2/3n+43MElep+OAlxibzkIackr75fx
94vtllry6n4NPrgcHh1cPqxtX92fvr++eL91ddn74oZ3R0fvel8ud0dvLx92
V7qfguDywjsVF17r4Mrri0+fJxe46vABtlh7Pzy4uEjdvWDvsH26ddlKV9y9
z8vHn7YC9z44/njx/svx5dH18eXdl/OHN6uH7wbto2UY+F1wuR+2N/ofmzfn
Z6s1r3HQCU+DiXe0sT7xL8Ng9cv69sbgcbi6tn8VN7Ye355/EZ/dd+nndHD0
+c2bweOXOLpYOdgNLk66g73Vhyv/Zqe2d3wafviSPK1Nx687fB2OtEEbKSaH
f7bbKF5kMBFzIxL2erqJaICKiuHNGDv076CRAqJdnL9rbB/s7x6dNzrn57tn
5x3k33WnirrVHZH2mmzPRvLNtJwcd38d+/AbPF8rLqHpbLsUBEnsh0zZFMDF
sV724yTBksdWmOC2ygtRvHssAY8T6Zcg78rrNyDcAd9+ysb3qkivdru5LEO9
JAwXQb4RrF0L9F6gjEV+BHgqFkBv0LS8pAJvumG/8jLKwIOf1UJqakEVf352
2n9YdDoHJ+86zitnZ//t/jn8u9BYwL+b8HdJVEPJn4UbeuHv9Pcf6e9XC86S
84eFnxcYgX4qNZ98RSfRt5lR8hjDxXZcE5dYosJTdFepLUkKrnUTWibF4PyU
MMAFmQuQUJJDy2LLOuh5FYPzarVjkiMy71MoASyt7yNLR/MVv2xLiyUrt0M8
cYOASwVXoq3vOR3QSMgLYqLwiIN4YgiLSEmIt4YvcYpT8DT5c6W+oKw08oaw
6sGyc9aKVmZmkZPTVtFrZbtttTNQWyuSpSX22sMiRhHblCiyteJgm84ZBWxk
Ic30AEgKiCQs0cIIMWUOMXf2Y3TWSG+ndgmXhuIqGuDCAUUD9AjDWLdMhDBM
/0bqu/jyLe244ssbmAWVW7VnN2mo8PAlvL0/lZpQlGJVakaBAWebUvDtfxlz
Cm73V2BSQaD+gFXFHXsl64YPYd0yf6VCkWdmwroLhRD3faGsgDA7na3KgJH3
kiJ1SFhVyyEjKynLvNEKYZQDRQgDMEsQuBBbSszMsXNxeqDmKZVn1YEiTJ9b
RVHy1fNjjiHMr9zoFSsoVfr05LNIP9MbCUCOeZJBXAqadfm21LK1LYSUWObG
aCegJCTCzfvUL54xfshob3ZQcdLj0Ae53t6p4m3l23iZPowueWn5ZnpOK2Ps
6pMv07IHSyMxCVuKcqlA74ayq/H15PeWLPtLDgK/qP0FT8+ywThHmaCKeWHB
gWrGJKGsVKThyvXZ9y6Bs8H0kyikvJQ+OyqJObkJH77mZUUDlPnKWdQ/V+CA
NPZnJ9c6oLTUzbtNhT4q08CkAlb7SeT1+B9s3WKtGBMWjO+qgvD/oCVLoY0f
sgqizVrGWmU5rRSToQiLqSaKah9K3AqinpR/2NaJppSs2JWV1CrdSKu/2cvm
tZcpGaPEZmaMZMAXbCOZmxQNZEBS8RFvec1rtdxuY21tudtYfd3vNVzR3mhs
vOmvrrb6y2ut16szLGqaRuBYa722uyHarcbyRr/fWO3BgK5YX2msrfdaG/RX
b3XhxwxUiiP+ioxUDVjTDxqqcIj5jFX45PwGq1p3eTXtvd2YfFgerXjbaGLa
Sz5PyUJ0fnh/sbwfttBOdeeR4cq2U+19ORherl5ftSfd2tuL8fXyRoomJDc8
HaEJ6fPOfvvzTmdyfbWfHp1fTK/9Vuto+Pn+4GovODx/SI/P74ZHOx8nn+/3
24c71619vwYvX+214OWnoy+96dHOYOXo/KGNhiz37V7SfXs5/rx8geaz9vWX
vbvjq4unw+3W9Pjq8/Dg/PT+cLifXl9d1FYOp6320fLh5Pj8YuX6S2ft+stH
v/+xebh60VuNry47f3UPguHOzsWnjx8ePpx0Ox8/3Lfex+f+l4PB1d3n0Bt2
Hx5rhyuXB2+mjcnNx/fx+ufWu8/Bu43V3dervQP3zcFa/+z+Pcz22Lof/DOs
R42T45NqCxLe91+XFYmw9VdvSaJV/iotST85F4ltokFolRuXUB8HEXbYRdA1
MIVd25okBK1aDGhkGipayJKLqm0gtYWZQUKkU8LLieT3ccR0qwscFBS/pVkU
2TrcsvxdjAvt8gBWnHW5ZYpji1HViUl4B4bAbJIil/kwEwqkpZkWFHQowX+h
KpZSVxOg+T+o7JU7GXJdEjnEkX9uCWswVqueG8cUjxlSjQOBsKjntlmnOCfB
kgHaAhOBNVNSoVhZgkGoGcDgxNWsD5Gf6JEODTccEKUSB8DhyQjk8kvXUleO
AS5d6zKOBsEoAx6j+CExljxaIGOQvPZSfNbR5AXDIG4EBbJbxOOb+4f0VirZ
DEzzMQONKgkFvAIMSOAgTlKPbRJMC7ExBrVFsqXJpznhgNJ6n5EiVK0OlVdu
MMlgGJLy/KEizFT0v1diklKQBSweISqHaTCtyDCnOK80HzGGUEPMo0AQzHJ3
U6lnfpeVU1v0OGKapyaTXlZosbQlZSCy8bLKmmw0K+tpkrdcj8PqMnBRmpG1
5ZwikR/GbL/6nbmhUdh1CMxCV7HSIhtG8ib5fBOJuRlUcRYp/rULSvcDG1s8
PyH7BF6jpU3mVSiK106OYTOveERkoK/azXbtXYSFzbIiem2bzXWNcyrTRkY7
PrVXT43JZNKgIgvjOJAm0xnOzT+VsEaAwp9rOyRK/mlbsRf8vdEJvTwT5adr
oJCG6Q3aQ3/OEJ0bXMDv8K+fz0bBU3C8JT5//HjdvT57ffV01t2XDrgdqTIt
ZqC9xEe9qAC6JE+9YWy0CLz7JAozypFXrQSxcmO58QtO/DJ3PTvr228m7w7E
/uBqY3J59Ppyp33+NBj9dbp8kHy5fjjsv37/Jry/7Pjdx7tD9R4N3bhc9c5W
L9yDw8HJzWr/evX+jR+v94L2+adgz+sMek9ra9H6+UPvjApeaSf9CSuNhV3e
pUNa4DHG1/MH42p9jhEqq6S15B9b1VvvLbd6K2K50eqvLTdW++urjTdtd62x
1lvvvllx1912f0OrZ4beWtYUaRZBkxRpUmQfLbm0TPbsRFpE56eUQuQ1XetO
barAEZray4LuBP1LldSjk4PtMipa8jFxq+RboUw6Kjwjkrt5M/PKrA8ux4cr
+xRRGj2asrWVOYJkHjIKNeNeqsCYgNSGuYwo6Wppnk3OFLpqrJpWKL0MbMrE
L5oMQczAGblooJVUXEbJkPB5QgowmWMMtO2qJWYzu8rvZB1GQzmjpE9nbptN
5xoWiqq9ncuoPVtIN5UNGxbdF0jxrQX6GUSqSgXbn2Hsl3VAElPyqIShSVeC
NEbm9zDXEOwNMDYHsrQF6l1j6CzCAM2KhFRG1JTTAFjiqWWdvVHv3NpSGL5i
ORyM1zAhEYOQZTaM6ICS0hOq2yxVGuBAYhZ0p8zj2qGKbmAWoPJ3Y3YupiVn
ZoGrUjKxJlQ+A9zG/KHrZdJ5lZGHmK96T94LhJZtEMocjAayo6sczvQmqdPi
q5k1BVUIGWQtlGsqCgpu8soAb7a80OlhmZmspED8RFdvmPeeSnBks5claKSx
TEbryxjM5VaLElbGCesfStUyADBFIhXR1MCWucugZXo63SI7i1G88nuDlz3f
5Uq26Li0jCY3Gm7GxYPBnC8h8/qyF/GVU+OoVlHc0Phj+FV5VSuVodZUnpOM
AmWAbfSeX+rGEEKSBzHVERWwIMEeDNI2uPyb5s3GK+LHsGrWpDnLImLGr+rJ
2dXTKuhadkM8rnWY7LHixBjM/JTB2Ra4my9kNawzPPACDSaFPbcHuivGs3c5
N4sgf7uNHze2OUXzNmvVyhJk5re3YdTAnElx+0K3BbBAmDUjURmcQcUBqUeZ
JXk2+eD92fRDEQu6nMcfXqpjEOXIQGXTUXuuSQ9D2WVDKbNzfd+bHn65Xvm8
c+cfDd8/HJ1/1lJllfhBGWyynMGp3E9GBGz4oU4T+g7BQ9VQKUp/0i82LaU6
rm3m5JrQ0p7JB180ghpOofwNaIn1ZP3dMjOlXsoCZ6NLn6TBNqXMqueadhWG
LKsNxcQWbOWNDFFgmmUmfSnK5R0v6sSyBC0H6Vno+Z2Y+DxMN50ydFQoTCbF
G9aeAHOXr6M03Pu8t3sft79sJ37v8GrU6bBeRQ+R9otPbgk3FvGCiikHipnc
+DjGyutWS+O6c2lZW+hwT4wf8GvGFlOl4BAW5EcpeBNnhBXampHiDKXBg01j
HX72babguYg2GUCX6tC1Z9eNglyFDw/vrBKYyQD9A+Fs+ITHpf3GfkIqzlBF
J+RMXxSEKeVjJSlKnCYT+2wfYNaXaJOFuhwRVVCqD2XxKWlt4+uu8kj4XOEs
8ka7CgcRxthxAQYQcqReXs+WNclp62qZv5gls8mgC6PvhpIVc8VVqdysyfUX
hGLGsVId2shhjc/BX8Y3Zsq3FgebtXoRJmPpj8hE7LGYwNKmtM3GpBVqi2ss
JNR6fiKkF6I6nWIG7LOyaIXhtJ3hPXlImZsSBEaSlDYjqprBE1rqgKxcTQG2
pYBd0pO6wcDBovLSMmhK2Vvz6ghacgKoiMmvX7MV6Uk5Zxs78DhBv0hiY+KW
LCZUV8nYLilZJD/iqtEAHag6WmqZVrrYTJO8rF1iOViyeeeug6WNZQ0hbP2R
r8eFbtq2yUGUQPgOe7iChWuHWD931vAO83cRkt0oD4+ZinKJkAZQBx7fe1CC
NkfiwYOcbytjs3BR+wibW53Ce5sJOssRt5xtpOJSSvXMHpMcDpL/ckLxfI6F
5yKk5yTleXEgUw3qGYVQZcpWO5alE86UKwSoEaHNujWKumTRHb2kCi4puUVV
RSJ6/O/K92lMmLOp8HM01DhY/1vp6HN87DlaquMWq++YOs1fnKYqYeFfka4q
oM2krd9PKBX5obCBjLHMy5hAZUCsbXmvy5lMdC3PZySeOUw9LpUHN4Sp0v4k
Lb0KdFiNnoNCMGr5efDRxWdfA5+brM1t6LIEFgWiqyhlLpODU8B4w5HziKa5
jD2I3iKsUMX8Qvvo4bJ60eRHOYnBa5VoICH9POHMZizkKcwmU18jLKMJqSo1
wYo3xLFenpmQNyBazol/L1vIzJBHaQV7SXJC6fzs2bCvgQSndK5lr4HtUqoo
elliK4x0pVpd3zLWBqH8qnKJWWbTJmAgh37Poz9tbyfvwNSV4yUNlqV3eTDT
V6Kete2BQEMG08HYRe+5ECpzwaoeMDtvgkOJqT5dKHT9QpYHPBPXMTvfQXa2
iIUq4Cg1HmL6yv/vHCLT/zqDQz8rlZQIEZY08rwwYaXg/JCAY8SOmcJJqUwy
k2XmBJRsUEhx97NEFVnSMSerUFHNnFDyIxp1udLfnCX07Hz/kJcKNLlwAD+U
lgWutIVMOeP4bxfigRRrvp883BZEHHXt8lFCXUXckHmohMzimN/D7n/9dI5C
BXQWQmZ7Bk587XfjOIrRui7oh28yFt8ynPAXxr4jGzkpDw0OOk7sam2ZAuRc
F7MXjUOWGLMobhFImoachvySohAqixh2LkWPch5pFTTzDGR5VAPMxapAyDUd
fMwdS5bKFNO5R1vRY621YCzsweXcwi5uSj0lt5n0v3kVO0pDUilDOnO4Ug7U
0ZZ0COjw0wDX0+PFHI7c0DciejW12TbLn+X6WJyJv7YrB2MQJZjInGAD6wUg
kuDxhBhqHomwypgoJOs0AqfcbiLlRliHTI7SRuTMYjrXthdTobG6D8ReZTHb
/EC3NuBLIkYY/ZR/2q59jiWH0qTUsM/9DNh1i+n0aFrH9p6mP1290ikgUUkr
Z4Cs+wxcrHxM0TWSBHisySR+Opa3G180h0vZS/Xc/URFJXePZIIckwGaaTD2
PVX+0YYCvix/x4skQ3F8ncPFzijZdpBEMMYMDPEC/RALLPt8vkTnjDux0jzD
LYPs6m+5elIYcFLynozfUsKIHmO5fBS76WBBujZdlFYyNOnZZjaOYlHZOFVL
d7ftWuaOSiuBDflKZYSOTqcCyvxVyznJNfnlwDJFTsbVWzqwqbenOPE8hrXK
VDyrWgQKhBhEouLgCjzJAr1RO1U2gYbZIkkmgFux61SF9Mp2YcmvI7b3t8JF
/8qFi37LAfyV5AA+E/teo+D3sAUUfeXo9ItYPzjfHq/711/OXrtrQGlW+q1o
MFrVETCVLMgSjbW9QUaPfv3JfNnQ2j5/+W1O/gRymR5jqTDDM4xmRi9dtmdw
fI3ZgZsk49jNthRgyvz7bNumuqmqWFeVr2MZY2DXyi4YbstqCxmBd0aZhXqV
HEklu7m4u8khKvQFfIa7z4prqAhPkkfg2tYllGhUQDT1gGC9u9KpoBKJyuwh
z6JXNmMqFgPqrqObrHSU6YIfV02axBAnLUQt3xbF5xvM9JKNQ2+02HlrApwt
+SE0+VDJHVpS5DP1GfHasxp+yk4QmVIt6vnSkq5asnnBRihiiuoKuHHsktGa
coB1BjBgNsZ8qqYf0go75eMsOzNZ20nLW/IEWH9JZCaF9sqoCgxZKTZfIL4B
/1lTHPI+FuRA8dTq8VsRJpTpjtOQgMAuOZ2MdQtbCphW3nIrvtU1hbdR18HC
DDX9LhaDGo7SqdH6MgKmvAtNabkofB9xY5L685fmuYuBje1UhZTSyXiTCcaE
huI2GySPGQ+wkkrJNmtc4j5K5aEjvhXpR73KpBdKe9eqMQjI0R6mlrAAWifU
v12YF7MXNp3/pGyrG2XZxN4cuNeF/5K7zSKm6X6lkiurAD8R2MrTegHTaaeV
RyWjzbP5iFUe7gq8ULZLCglTqKjwVJ2gnl220cjk+byM7kpapneour4nkg0p
7M8Hc1pHHPjJs+dbVn5Q0YYkZ36bMRBFv93mUQLLmW3OarPlAlH2pBHuOa9i
xgMwK5RtccHKBl5gK1EGDZ9bk4UnVksmEkKUib6CUz7vp4DVFY39cpGERJvO
UVQGC99kv1kUU9MQIrfae6zkslzLjWepyi+vLzsnnVOtJZdlPLWXX6PlRgsR
kroAMY3FL6NXu8kruMm/Kda/Kda/Kdb/Qoq18gOwbo23svY7UgF/dvstv3+f
BN7Dfe132oD4c/J66847ffhruqI/ZSrz8/refX/U+rwVtz+kO6fdsH/pDfcn
td8BrQV620tvQK77mRKo/22l82/Le/CfzIpVJCSKB/hht0bZ7MZX8/OH5UaQ
9t6sgIizetfqbUxe755t38S7h+fvV7pAV8bb79xIfGinby7y70qJ6mdMTf8d
tcP7GT0uY0A8S7ct67H8g3RbMo28tvmL0OKR/wqklDh5hcJJnibHP0aTMxrc
psOZFs5w72ajubXWb6w22+//elid7vgbSf+NpP93kPSV9//DSPrFXePxdBqe
v33bOf189Ff//u00etw6HN7sJp/W/jpu9Qety7cnl6fJqB2/r3l76/Fu0P3c
231sbXfSL8O1h09392ef3l2/fdq97Lb219/ti4u904FKfao0xBTMX8oC9NUu
Nz0rxU+qZUBchuOQ9I5Mbn1ZUx8bIbYoi6/chqey/marMaR0wq/dqZWcLDND
q9KUlMuL88hUrAKnKZWYk2RoSLkhbEbS6T8BNiUK+ItgIbOyfnmA9DJaOxeQ
4MqccSKqrYOmlAMGh4teNAix7PC8YCHDuuLEVf5ev68CWSTrHvjYYXjezRM8
OUTGWL4qcaDExlyNFnZAd5LpjWVH9OjTLbOIUm3BcHAD49zwSu21U35ehbVp
9pvPHjkGtGCRY2F7malqrYlDc7l5b4moRIWS7Yq+lRgyin00F0e5881gHWrl
aEClRmRo88JU3JJZ6cp5fp8qGaYW7L+jAK42XP0TD6XyQFT0yqwwVnMfEln1
/Pv37D2/1sp6ZXVcLNGxuWJJc5XhXp59bltyfF3YrdzWO4evpiS4qto5OKsD
mmV4+kGvTT2b85J1hFRBVo6MINFeDYlfz5fo4W3loa2rj1L4yQu2VPA/PV/h
p1lpgLTbcjDZ/hV5alA6288UL8ee3yZoPKkKDc8/ZVVyrAp91qXEq5sucjEt
DJpRdStxI3duzOTB19XGkFgnfkyRXYX6YiYC38lEwCfZwKImtzePMdqZV9gV
IRyuCuX3qfhhHKGHjmrtJlIhT6jAzH6+ie4iY1Zi1TbNbDlfx5Qzq7GCqeMO
MDwrY8U1m2jyZACDMVVdyR4XBmwG4skuuiJHAEQYwixDbgFEYcHjYZfFDio1
SiTISiTQxcgEdVo0OSVk9tWx3ZnVxOOwQZlEvShJk5csIVvZXuYf4iHNWpa9
krpDMYA+BST7ujkz3zH54BAL1wFWvYJ15Rvd4+HIZvccDXgqZBxzVc5zrabv
CvpSkjuKusQ40glXkJV2FsTNgamsUykJeiIAuo3GHNiBrM8ra1jx/HZLU1g4
Lk/X762KfIUJxkHqU4F6XKdLsYTJq4wr7kX10id3fgDIOaJ+U5lyHtV5M0U0
1vBSd5KBQz5dlWFm6Qy+R401BYhbfH1kH47ybSfMtJGDw96HDNEe1whJqI8T
uiNKAIvlYueDrMIR3nqGStWyhirpykmsltlx5jU/NLVlqLRfWVnR5416xSIe
Xuz2VaaXL92J2amzjcoz7b6R8LlJEsGNwqtmkiXYNYme+PtxkmYWptlMPnT1
dSZwFYh3RGFBsjSNhFu9dC1WFZtnIEC4I/enWmdYsZxZmZwKQ2BhYDU0SQW6
jz32Zslls5R1sCguR7+dDUzPgj3TfRfQaEuyNxiWWT/mgEW9CAS6OPX7cGeT
KqRi7JhbIwW6dLq7fXx4uHu0s7tDJNUn3TYQj1gAvjjxd+EIbjzmTm1+NxAv
QRkLS+ymOL4spa0Sy4DCz7tpS5AvfaDp7LJRWkkEePv19pVWQUVHZLuXAHgY
57uQXxzxqhj7N+M6rDbb2QthDXID9x7DofNvq0y19eYKjLS9v9WhuqjvKGTe
XCLcrS3/yTCCkO8bAUOJgjoPKn/mTceKCjGj4ehqFu6xUbJpP3yMgses2u0r
nJEVkou3piv6kUzOR+8BO8PZN2PSirIXQNcfXexbi9XWiJPOad32QC/VVZ2h
R3sf8iKXbKQC7fX+5iTLWdOAUL6XXO8+ohMy7U+XNCyWb6dYUyYZ2KJGMukd
0XeBzzmH7pM/HA85/UZm7J/5XwTQji3RcxWhq4hTqeDe1LHC2IZUWyIrxQc1
sxI5yOLrSBFhuYpkodB+51JtUE8ufWgvXWYOJWhqow7xg3FMtBT7afWUkJVG
kUP5IrIVPT76KKpjhHCPuo5sYZvFhi9NlGuNTAfXnrNmFDUiGqCyZdhmJw1F
NIpqBLKMJgWkHarUv4FEoU8UwpmIXEJmojxwCCCI7Dbwm06HyNZya3m1jvUu
KcORFpfI3F54LMwcgAZqGdxJdnrjPGw5KjHYTcxipNgTqRykfllHhfKepyqm
ytTby9ySOEpVemjJkDNy9EEY+31ic+d8ZqYeB7UI4mcs31FFvJKpSOYOMasR
O6XJMjC+LmwrQ13s1/NSN5WN9vPlQal5CgmN5ErtcIe6HdWhzvn6UxYhShO2
v+UFgUpJ3dIN8VIMYTfjmLs7cle8bKu88szSZ5LHpbnKEX04Z5bw0S7CCpqa
jes/OAF2GHTcITq4Ew6hNSmDGHhoGvmZZrEYKCt1lDt/cOcA8R0PJaPGdlBS
nSGJkm8kyXJ4U1QCfmZB9WpTblmZV77+Uh0IuDQl16KoM9Wp6FwGJMVUsnB6
Iua6jagZq9fhd9MhMBFo8p8BDyTDVNjQY2ri+UkPFFhk8H1ALArPVzVbYFlI
Lrlkhp8v2EH2PK6gNNMqq+IPs9vmPXjjWHKluygxhG/+3IBIleNR+PWyc+F8
QT+GeygQQIpwzLsv1R4OLnnFUxPcmByvDyAFjBunMgges9jMSTZlxx7qWuz+
ELpJASAflmmMISRtJsKNYSplW6nGmmcAYTtDQP4gFxTcH+yu0hXC5J4TPxKy
Io+E3IxhQTDnUWCp2OUqTn9smZS7Ltc1AmWDvFKqdx+X0YCZPFBg0lmzJHxR
cCYpfcjBbBy3jhXzZrCEOfbjBS0R89wFFTjo+0/whcDyVmSbGbnYGwgL2hSe
jl1PPVzQvEropCbXCpc0fyyoQnggDbmvjOuExAfkc0r5lDRe90FFVY/7EmH6
p30KsfzMBmFXZtXoPgjFagVWYY558ZxU32wl+S5wBdlLV6sned6s21LNV9mE
SyH0XF3yw/b9VZMHy/YqDUD56k06uZ6vIMVs08rqOq59CIMYl4d9WtlzZ4Hg
HGv4gfiObHKoYtBREkHABWOKAiPHklVytTu12Ecp4I0WmHCVwFIZSoWa6/EA
ZnzsTIaMTp/kO39W2N64FR1CAeOrMaytqihobV4NXpbEMe2iKSPMkj6tgZRm
Jp3qh7KIfG7EbSossXjY2U6otIPsvmpKiSUSr4tf0PZUV6wK2GtJE63B6JWA
HxmqMszc7nxqm9Z0OS2uGwL0pqGkdSlxmy+9aegO4UWUBUC3j6cA0Ywlgw59
aKGV9F8IbdUghnLC8yPC7Yf92NXY6SyefNhfMmUmKeEgQWPFCayLHTFEN8Yp
+qS61NNLDKKUzUHZhS+K5qBZJ0SqY3UpKjR0lqkTjDk5Ud+H5TNOil6UTAFF
Ed3HPmhCaF+LRri3eTFHRje4XjRK7dQJw13t9jARlcIKZPX66p63VR4BbQ26
fVrrFYvTFLPULINQU9lI19faa6g0sj5LHt9PzbXWBomRDCyiSX6oLjSV6JOT
YXkGdFGVJUAynckZiODiq+ouyp5BYytC6No6OKMBUGNAeWW0un3A6gGFQjza
5acL7d3eP4xfCpTlDFBkAQj7gZXMAzMc2qojCSXjXX3AlvaGrWG1M7QI9VTR
NF4rd3IINOmhUkGqRho/h5uXzkjtHiQGHfQbJisVRXbj2s+48G2bQ926a0P8
qysyZ6VLH+HiYM0vOgKVI6Kc1zqRdmQusxV33My/UJpjub620aagCRUu4FJh
pgQjqm3POfEWIJjRgAVNWhEtu64DdWLN7dQtzZQJp8qzNWwS4D+6vWmZZzov
MZzHLpeN7fTiKElKESMpU53nce0ZAyC5DkqsgC7Pqh1wc08vrVwAELT/UJRJ
TDWWLNiA/MW2UrOOgptQMgqrETzwvGxC7gxbi1UNa6nUgyf7ZMZsvM35FVBp
NsFMVX66XMxTyWoSBUbz1NxwJHw5UzEyeYTBm6Mrzdi96a1u36bkzJv1ZaJA
7H8oseRg1ayZEum3Yu73q4poPKMKPG+2kcp3DnSySeUzXbFUY0/hhvYM3Cct
lFMoe7xqmqRRfkY8l+13Vq7mfO8j7tCWFFQjFqv9pDJ0EsNVNKudDU+WfpAs
UT4CVgTy01CQ5pfRDp8vfaoUbktJ5ApDSgqnrqGKUCgEEFLtkDyiRNNE4HL7
EBmw8hLrzDyWmDxQuE52te0jsw9GtlJhtwDsiaRaKk6WeZVRMSVdoZNgYwLJ
wDoEIXfQVGYK621SXUpy25dpyVmNig2OrH1lTxjAzGZ6adqcw9i61JwLyay2
WFazs2e6Qlj10vLNxTLdkap8r9bnFNnmp2yot/X3DNhnhWfMc5GwCnsUUYzC
Zs1xGsquW3q18osAiV71MtReR21eMlZnPjAlSP3Y2ReW8H0YwPdWV2lNcLoI
Ro1L6rXKPHSrruz8txL9BSA01pWHcBRRSy6sFRsxeLNyY4wWkwbItKMmnQby
25zUaTWQwqAd9l2jFVlTcbTzmafycmzSc1Euw2T8uhyB7EsaGDgOxTXgsbNh
Oowq4KIvv3SdAwFsSAL4Eto114XkWntp7kZyjG1ibE0lV+v3iTHmEI4xKzRG
KRut5qgbnRhrEV5aHUQ3z5Xjog9ZykBG0FiigxbfszVCK7aWaZStfP6J/lX6
5MqnKplEysTWmwHWxpFaFPBKE9epywBjZwjBldqtMG+K43xgEgbSDlaftmJC
805SklIA/+muwexYqY4rA4Ea7wWAkqqZqhtS2dchpgH6FH3oBhN3irOFUt3N
Nt60locBjz4cezS0Om2a9rH5rAIpN1UOx2F8GolUWUntl+8FUe/BSR7EBI3v
6QTvpfLWUucvCUcZ70qutPps9EkovJx9YhUYGvh9QUXZTdjEM3Xjk3zbDJJj
slVo4OKxCcvlcFQ3zgZKNBBKAUW14Is4gETY4mBNuxEc1apXWjDGCgIwplRe
VEukUmMSksiTpcflOpJu3PXTGBYDBIxdkRbQucglykTocJyDWEs53W4qoejg
M5Kb3c3EKp6PsNCl802jJhuwxUOpLphvO6hY09FUXSVrWeLGE1+RYJpRg56H
AnLTIkNkrcFyORjmWUdOLoi4qQ5ec7FGU2mHq1/gne5P5UWO4mk+DNquxM6k
NiOHJtab3CiDpKoehbNZkRfo+cPw4OruLZrHlcY8SFqBXcrqZZZkeRTJdDhE
61TPjoKWcZbP2q+X7Baa1ICTllSlcTedMssGsXUkRGgQJxCjIivmsbezHs8B
11OHq8zK5CklpsZ+8kDXgkYnXsCEgVdcZmJH668J56ZBisX1fYoRaNCVTXoi
hMsdwVU+pwg+9U2igmKoTrW6VrYZg2MVSzwjtIxSY6IMX2JLnbLMJHf+SIvm
HPrI7U81PGEJ4gnNzQMZmy69JF0ZnCQNKkzL8LRTxk8QqpjXy8+0e0EXXi0j
N+jCUN4qZ4hCpL1rbaIpAN9qGahucLmnRTZpsfFJ0kV1gcpPVyELOVKIgpKh
5lRZuOCt0875GdOtU47az926nvBoqEV8EL2rvTsfFzu2SoXrHvIrK1gHDh3I
xM85zAoksdQXMrw104GXrBQYUZaJvyzJouGy5zpCduHETRIiapgTEyzgW7i8
pvOOiZ4SovFh/MI4OCQlVYRYpz9JmREZ752sjUwvagylqM5E6g5qIZdc5DmW
1h0KAbFSCzKuOTzsOZ0pTaej1Q+VI2O1ndeCC60QV86xzL5luiOrjctPLKhN
LNiA1JWSF3gNC9YLgCAU33cCYum04q05fdD2sApcC4UDzdGDBdv8XcSHwtZ4
DackkzwzuCalC4Uo/qo5doG5xwm2GkXIEHxhe5fE4biRLn8nn0Pcpl/xC3iS
W8ounGAjHV+S3NwwyULRlatF2+yyMHGsc9QpM8rzweyastyq9jZlq7mVzFNn
qMTWk0X/ndLtWdqjRSzMnnJqpcpRgXFqVUXvNKnDVQLUIucis+PSMd3rCCj0
plNZwh+euCC2fRDxbjZVxG+mZUDdtN6RmQrZ72GYExWcrXezqYqNNlvz3lwY
Z5u5jmyUG2DPov3d8z34Rh/6JhlFuLj7Urm9uFb7Uzd+9ecsBArV+f+/2X11
T4B/XRDoG11eDl7pyv/46z1z/u+94jKBGI9Yb4XP2pRtUtZZ+5kdMmGO+KSt
3lnZIP5kRtMXGX1jomxkvIjKrjOvcGwsIhd6Bmf4SBJpJi2rcdB8CUqY/hxq
uc/fkDz4XlaHoBK2Vvp4Jq1c2aDZEXPmyMHtChbFfoMlh6OlX6up4KzQ8xfB
0api80sA8LkyB/8zgKh7q/3CgNSESirpwiow9E8kUzNm/14ipXrt/VJEaqSX
qLjRbyTK3LBCRYh5rhXKy99b1LviTqkiyjKsF60hJvsgYdOPLGH8PbVDyCs8
d3FsmfekK9a+6PJWFyT59dzl//6r/KvBxiJ5+A0XX16fRWufzle76sq3UkzN
xG7nsPB7y8JIt5jGUwrmpdFnFeCR/k85KfqfxuxhtGqP2u3Dss4PO5ALdR0J
e5OI9COFhfLVuGcVOqrVXnhauco8sN5MrDKcpuy3zWqDrHJNKSauk06ixkSI
Bwe9pmKi6lZIGShC8t4QT2mDv/6LL9I+VpjF4AV0YNLR1NXjrvfoswuL4pdl
UuaOYNkKVrD7BOOnnAPHqbBK/MLfeprKSRlFlyzj+OYsEfTxNqL3UH7oFuPF
VEET7qzIc6vuKFTTIUtdORBRWnsT+DAhi6rpXZEB68QPAg6fQquycpvrkmKW
KVWWeMm+LklBxdtcBgZdYwH5jkIdfZxPkCvucObOVVIobYruKjrlvNidSNeF
AQhgos2nDE9KhIn3sfGADlPikZ2PGDK84TS5ZF+XErNklP3CqVpRpLG4Qvbe
VLnzWKS+dmUiNTK4W7l9OjDpx1QIgPkUIpwW9m7CnE1GOfuGyUTd8xNp/bem
18FixFEB7UMfm8xISOg+ItTyMnBDyV9CjxBElgCmChTJeDCAuckc6BKLkkFF
GHugPUwIM9MwUWcSl2xc1YKQphr/Ubf0LW44mxafuj2JJTC7wCAblZM0QsdG
gt7oneKEcgBqUIxe8kC4Mk/JiC7A/WEy31WMGUFIKSaAKFFCHNysjtMJCd90
CpmchBo5jrl+stXlqD8Oe0xhgbYW3qWk+Ae8W7LXpSrXIU8AoB6NeBnkssQR
dTksXW7HKtssZ8he8WSsco2tyDHjHpkhy0yi+CExNfsUwaGQreLdqNXoiCgM
nyuPkMxj+Od45JE9XycRlCEJJhAwSLmaBeUu6jvPV9vClyzu22SAIxSimCoq
RDJm3unGkethvSuK26fzpTdh/5lx1eViMhYLK6Jdh+mWLJ+ohx2JAB+rRpvk
hLWqVZpjM7UxCilfGJQsU7ppGZlFyuAWmEN1Uk5k9gmMTHYJqmAlJE0kSQDU
SWpHxSuW9Rn4Fw14lDoUZO/H3oACCCXDk25VyUFllp1NfS1tV8JcpgVVQFqd
bV1qyyq5AWMAqjBE9TPjzQmPNyakHM3xVX0hPAxFcDgdruQ2N50SokF8maUA
Mb8AkDs0jgrkWAZWTSVq0DmZGPpZN0G4MfoMk4iibKwkGpkMKqO1+v4TcmFT
DqZkQdStR0sEKJD/lNH9nHMB/Axml1oV3n3WqfB0Q/StP1t5Elv95Jp0dc62
9/elHtU0I2d0rg7cSF/0JV0a2ZA1ybzl+ske19gbiyQnd5ZF7aMy08xqMx0j
Xitkz0KNrgaLzEl+RQTD/dCneFOtqMj6/AUwlrQBqoDHeQWQ528NVGj28xKb
EMeblTYRmsM2ZDac6S70PVv9zo5DVb2EXgCDshZFL9o7Ni2q2PIcjYwoh9ad
0c3oZV3R/uGa/WnOMlRepxw0LfTl6RJUueAshpVS7HXevd10i21MC+XDL5QZ
n+aZckYRWOMy3JFpwxK+mR1rZ6OV3EfGqXlmlwhTtamqwzt7C99klesdGYuz
mCy9yN4/3+lRlfl/8BHSHP+S58g7+5HDfAFJgjOl/Ng9CvPFdZVaefX5zGXf
TXp3YqgNvAvvpiihYIrcOVYUQmFRg28RZ18qmX66oIy8+ESTHkAbb651O9cA
a337RjWCzTDShV+SF4Tgg5/GySYKwkM3FOTDOVM5Lp7D3XL2UzGci+PNxe3m
WRm2S/nFVzc3P55rhdtW/M2PrFPHnFetq9FoOCiNY9yTwm/nnY+5NVNQqtst
XDJwoJcYOOdui6IoIUyhiQOj8o8ZiHHJZD4cKVFkZIvFukyCFaBGmsur/phc
vBkQJTBaDzQzDk8FyZMlGZbyuRynbglY2RkFd89qlCpRgLd8jPoUmUEkkEHR
i1Oq0CeFXBJKH6j4C1oy1Iy6EkFGoIJBWJWfJYYKVVdDhs1m04C4vAyWNAvR
3nkr2wqb3qBKIJK5nRToTwASAJDxyIjuCDasMEQcI6Pe4WmDRAMYAsIwqkmJ
3D1DWetxYT6KGR7DytePKpdTxedn0t1Yn8OdaWOPKYHqWt5gfaxa2XcpE61Y
iNwenQ0dpdkBcF1aGzVapEnko8rF6nQldZfmOgvlZTEKT1ftwJhqGml0F7uJ
rO/pI3/yxjwI0nkel8xl2mEtWccrO4dKFiPPLQ3nw5DXmA8BHzTDyLXKlVPp
vYgiKMoLaaMJxFjI8jfGDQa2ME1ArCg4OKOAJxUqb7Te1AwewNmg3sUK+hna
CwNFdsrnSMwdQfuVvgyLNCDgI4I5YWNG2O0vmalu4eNbNgx839IlDgxxXu0l
zCJXMu42FJLg+g872w1OqLbi3c2SpP1GpVQZrZkTrdQB6PrZKSYLpbJqpqdy
MvntzJGZfgTPd/2hasJYKky+AWRKblUDF7dyeibDKDgLoCKWAt7seB4TQDYP
ydw+Nh7l032isJjOp4iJxnOvgW0XKenWDV1VW6RPXLjU4AUDDLm27uxWSnAd
Ycz094kTTbicTyAeRWBdnTyZA+xdr9lUDG0wXPcR10ctw4lvmYM3AUv0Hhep
ZNrrh7PRTZ3nbWVwL5N34u7VAaC3MwSAf1QDHgBGgW/IZTxLnWdGU1pgiUsr
3v+Bc9pU0AKWr06pM7AVhgTLQAZYGjF8K0MCOPq1pMGxXVYFq6eTg0KIIdWm
w/WIkEqdSP8d2xsQJSnPS0irJMstNi6rZJRs3RZ0GgJiUjqO1AmokIOfvQiE
mq9rFnTM/qUrhypyh7mK/iSHFOOdrHF0L8+SqjKqECWKaEgHljO2d3ne9E0u
mFiZF2dhLWNfNerTdXpURR1JN+PMvLNsNV9usUbSUKKvi23yK4aX0dBknQ0j
acS0pY5YTNC5VcUEojArYCTzIH7ZS4pxiadRNePKcqdMmSJZZVwdPkmriCdr
SiXg3WUvhiGPMFPMJYjpOfgadkBeVVuOMbCSCEJNTDirPYMydAlQoBz6vB6g
6gqH/VAzG1zgqkVjsdCVjXPyuawo5BH/3kZZlrlVV6QppYHCVjj1TV97KlGG
c1v1fcsCgyqFAQknSn1RCXdKALbFGe2vMu49zF+Rta3lGzZlsvaGcMKTtYV9
JcXfp75iwnQqhFvEGdN0JPliyCnItn2i0VqxwKqvNRlllts6WzB332+wNGls
bRFrTfMWJINLprDDJ40TeLLHbrlWbFKxqpV6nKNQPSoqZHjJdD/u3IEWEyn7
c7UehMwoxT0vK1znykNsaPFD1+RDzq72jWO0cYyLEbccEvs7nTNd5N+n2Aes
RvREyjvC1sssCE+Ls6mt+FOzawpFIl5AL1E/mTQxEavpXWk9L+AJbCwwr8r5
emF/1nxoLWOlCdkP6zGy74bFTTmTrQAPy5k6K5IWbfSuR6VyKUBI5xJqHvqc
TIplTthxr9o8Y2wEcTAOqYEX0AGq2kSr5Cp0+uOVss4LqFEYTQLBzla8dmec
s+3Lirue74J6NVTAztE2NUxGLe4QIaEMTu1xlOCfoVqSJUZ5tlitxBa0ufV9
3eROVML7eaEPcrlY+FarXQlZ0Yg2SNfBDR9qW4DGiXMKVMVP6rUtEFRBogTE
7GKZlNoOFlyI4YHPGHoJD+wBzo+cs4fowQ3htxjXnfQiOKwYrhV+IuBa+w/O
hzgaJB6s8r3bi7pAwuq1tz5wYsB0Z0fg8z14/D0cy+jOeSeA3sETH2LS1l3n
2k3GnluvHfpwnDCWO07kLyBbbzWd91Eo4JNz98G98x8i54MLYhScLnzkDyPn
bYBlP90a3PDaeRQD4widg8ijNG7hpTUZUeazj5L84NRPye+OtSBeVuL1/wHb
JRpAoQsBAA==

-->

</rfc>
