<?xml version='1.0' encoding='utf-8'?>
<!DOCTYPE rfc [
  <!ENTITY nbsp    "&#160;">
  <!ENTITY zwsp   "&#8203;">
  <!ENTITY nbhy   "&#8209;">
  <!ENTITY wj     "&#8288;">
]>
<?xml-stylesheet type="text/xsl" href="rfc2629.xslt" ?>
<!-- generated by https://github.com/cabo/kramdown-rfc version 1.7.39 (Ruby 3.4.9) -->
<rfc xmlns:xi="http://www.w3.org/2001/XInclude" ipr="trust200902" docName="draft-ietf-wimse-arch-08" category="info" submissionType="IETF" tocInclude="true" sortRefs="true" symRefs="true" version="3">
  <!-- xml2rfc v2v3 conversion 3.34.0 -->
  <front>
    <title abbrev="WIMSE Architecture">Workload Identity in a Multi System Environment (WIMSE) Architecture</title>
    <seriesInfo name="Internet-Draft" value="draft-ietf-wimse-arch-08"/>
    <author initials="J." surname="Salowey" fullname="Joseph Salowey">
      <organization>Palo Alto Networks</organization>
      <address>
        <email>joe@salowey.net</email>
      </address>
    </author>
    <author initials="Y." surname="Rosomakho" fullname="Yaroslav Rosomakho">
      <organization>Zscaler</organization>
      <address>
        <email>yaroslavros@gmail.com</email>
      </address>
    </author>
    <author initials="H." surname="Tschofenig" fullname="Hannes Tschofenig">
      <organization abbrev="UniBw M.">University of the Bundeswehr Munich</organization>
      <address>
        <postal>
          <city>Neubiberg</city>
          <region>Bavaria</region>
          <code>85577</code>
          <country>Germany</country>
        </postal>
        <email>hannes.tschofenig@gmx.net</email>
      </address>
    </author>
    <date year="2026" month="July" day="06"/>
    <area>Applications and Real-Time</area>
    <workgroup>Workload Identity in Multi System Environments</workgroup>
    <keyword>Internet-Draft</keyword>
    <abstract>
      <?line 53?>

<t>The increasing prevalence of cloud computing and micro service architectures has led to the rise of complex software functions being built and deployed as workloads, where a workload is defined as software executing for a specific purpose, potentially comprising one or more running instances.  This document discusses an architecture for designing and standardizing protocols and payloads for conveying workload identity and security context information.</t>
    </abstract>
    <note removeInRFC="true">
      <name>Discussion Venues</name>
      <t>Discussion of this document takes place on the
    Workload Identity in Multi System Environments Working Group mailing list (wimse@ietf.org),
    which is archived at <eref target="https://mailarchive.ietf.org/arch/browse/wimse/"/>.</t>
      <t>Source for this draft and an issue tracker can be found at
    <eref target="https://github.com/jsalowey/wimse-arch"/>.</t>
    </note>
  </front>
  <middle>
    <?line 57?>

<section anchor="introduction">
      <name>Introduction</name>
      <t>The increasing prevalence of cloud computing and micro service architectures has led to the rise of complex software functions being built and deployed as systems composed of workloads, where a workload is defined as a logical software entity that executes for a specific purpose and may be represented at runtime by one or more workload instances.</t>
      <t>Workloads need to be provisioned with an identity when they are started. Often, additional information needs to be provided, such as trust anchors and security context details. Workloads make use of identity information and additional context information to perform authentication and authorization. Workload identity credentials are used to authenticate communications between workloads.</t>
      <t>This architecture considers two ways to express identity information: X.509 certificates, which are often used in the TLS layer, and JSON Web Tokens (JWTs) used at the application layer. The applicability of given token format depends on application and security context and will be explored in later sections.</t>
      <t>Once the workload is started and has obtained identity information, it can start performing its functions. When the workload is invoked it may require interaction with other workloads. An example of such interaction is shown in <xref target="I-D.ietf-oauth-transaction-tokens"/> where an externally-facing endpoint is invoked using conventional authorization mechanism, such as an OAuth 2.0 access token. The interaction with another workload may require the security context associated with the authorization to be passed along the call chain.</t>
      <t>In the rest of the document we describe terminology and use cases, discuss details of the architecture, and describe security considerations for this architecture.</t>
    </section>
    <section anchor="conventions-and-definitions">
      <name>Conventions and Definitions</name>
      <t>The key words "<bcp14>MUST</bcp14>", "<bcp14>MUST NOT</bcp14>", "<bcp14>REQUIRED</bcp14>", "<bcp14>SHALL</bcp14>", "<bcp14>SHALL
NOT</bcp14>", "<bcp14>SHOULD</bcp14>", "<bcp14>SHOULD NOT</bcp14>", "<bcp14>RECOMMENDED</bcp14>", "<bcp14>NOT RECOMMENDED</bcp14>",
"<bcp14>MAY</bcp14>", and "<bcp14>OPTIONAL</bcp14>" in this document are to be interpreted as
described in BCP 14 <xref target="RFC2119"/> <xref target="RFC8174"/> when, and only when, they
appear in all capitals, as shown here.</t>
      <?line -18?>

<t>This document uses the following terms:</t>
      <ul spacing="normal">
        <li>
          <t>Workload</t>
        </li>
      </ul>
      <t>A workload is an independently addressable and executable software entity. A workload is a logical entity rather than necessarily a single running process. It may be implemented by one or more workload instances and may expose, consume, or participate in one or more services. Examples include microservices, containers, virtual machines, serverless functions, or similar components that initiate or receive network communications. A workload typically interacts with other parts of a larger system.</t>
      <ul spacing="normal">
        <li>
          <t>Workload Instance</t>
        </li>
      </ul>
      <t>A workload instance is a single running instantiation of a workload at a point in time such as a container, a VM, or a serverless invocation. Workload instances may exist for a very short duration of time (a fraction of a second) and run for a specific purpose such as to provide a response to an API request. Other kinds of workload instances may execute for a very long duration, such as months or years. Examples include database services and machine learning training jobs. The number of instances for a workload may vary over time due to scaling, failover, or orchestration behavior.</t>
      <ul spacing="normal">
        <li>
          <t>Service</t>
        </li>
      </ul>
      <t>A service is a function, API, or capability exposed to other entities. A service may be implemented by a single workload, by multiple workload instances of the same workload, or by multiple workloads acting together. A service can have a stable identity that is distinct from the identity of any particular workload instance. When this document refers to service authentication or service authorization, it refers to authentication or authorization of the workload identity used to represent that service in a particular deployment.</t>
      <ul spacing="normal">
        <li>
          <t>Application System</t>
        </li>
      </ul>
      <t>An application system is a set of workloads, services, gateways, credential services, and related infrastructure that together implement an application or application function. An application system may be contained within a single trust domain or may interact with services in other trust domains.</t>
      <ul spacing="normal">
        <li>
          <t>Security Context</t>
        </li>
      </ul>
      <t>A security context provides information needed for a workload to perform its function. This information is often used for authorization, accounting and auditing purposes and often contains information about the request being made. Some examples include user information, software and hardware information or information about what processing has already happened for the request. Different pieces of context information may originate from different sources.</t>
      <ul spacing="normal">
        <li>
          <t>Identity Proxy</t>
        </li>
      </ul>
      <t>The identity proxy is an intermediary that can inspect, replace or augment workload identity and security context information. A transparent network service such as a security gateway may act as an identity proxy, or the role can be implemented in a service performing explicit connection processing, such as an ingress gateway or a Content Delivery Network (CDN) service. The identity proxy <bcp14>MAY</bcp14> introduce additional context based on source identifier, communication properties and administrative policy. This context <bcp14>MAY</bcp14> be communicated as a transaction token <xref target="I-D.ietf-oauth-transaction-tokens"/>.</t>
      <ul spacing="normal">
        <li>
          <t>Remote Attestation</t>
        </li>
      </ul>
      <t>The term "attestation", as defined in <xref target="RFC9683"/>, refers to the process of generating and evaluating remote attestation Evidence. <xref target="RFC9334"/> describes Evidence and the different communication patterns.</t>
      <ul spacing="normal">
        <li>
          <t>Workload Identity Credential</t>
        </li>
      </ul>
      <t>A credential that contains a workload identifier (<xref target="WIMSE-ID"/>) used for service to service authentication. The credential may be bound to a cryptographic key and may require that the presenter provide proof of possession of the secret key material. Examples of such credentials include Workload Identity Certificates and the Workload Identity Token defined in <xref target="I-D.ietf-wimse-s2s-protocol"/>. Deployments may also deploy bearer tokens as workload identity credentials to interoperate with legacy systems that do not support credentials bound to keys.</t>
      <ul spacing="normal">
        <li>
          <t>Trust Domain</t>
        </li>
      </ul>
      <t>A trust domain is a logical grouping of systems that share a common set of security controls and policies. As described in <xref target="I-D.ietf-wimse-s2s-protocol"/>, trust domains should be identified by a fully qualified domain name associated with the organization defining the trust domain.</t>
    </section>
    <section anchor="architecture">
      <name>Architecture</name>
      <section anchor="whimsical-identity">
        <name>Workload Identity Concepts</name>
        <t>The Workload identity architecture consists of three basic building blocks: trust domain, workload identifier and identity credentials. These components are sufficient for establishing authentication, authorization and accounting processes. More complex workload identity constructs can be created from these basic building blocks.</t>
        <section anchor="trust-domain">
          <name>Trust Domain</name>
          <t>A trust domain is a logical grouping of systems that share a common set of security controls and policies. Workload certificates and tokens are issued under the authority of a trust domain. Trust domains <bcp14>SHOULD</bcp14> be identified by a fully qualified domain name associated with the organization defining the trust domain. The FQDN format of a trust domain helps to ensure global uniqueness of the trust domain identifier. A trust domain maps to one or more trust anchors for validating X.509 certificates and a mechanism to securely obtain a JWK Set <xref target="RFC7517"/> for validating WIMSE WIT tokens. This mapping <bcp14>MUST</bcp14> be obtained through a secure mechanism that ensures the authenticity and integrity of the mapping is fresh and not compromised. This secure mechanism is out of scope for this document.</t>
          <t>A single organization may define multiple trust domains for different purposes such as different departments or environments. Each trust domain must have a unique domain identifier. Workload identifiers are scoped within a trust domain as specified in <xref section="4.3" sectionFormat="of" target="WIMSE-ID"/>. If two identifiers differ only by trust domain they still refer to two different entities.</t>
        </section>
        <section anchor="workload-identifier">
          <name>Workload Identifier</name>
          <t>A workload identifier uniquely names a workload within a trust domain and is carried in workload identity credentials.</t>
          <t>The format, syntax, comparison rules, and validation requirements for workload identifiers are defined in <xref target="WIMSE-ID"/>.</t>
          <t>In addition the URI <bcp14>MUST</bcp14> include an authority that identifies the trust domain within which the identifier is scoped. The trust domain <bcp14>SHOULD</bcp14> be a fully qualified domain name belonging to the organization defining the trust domain to help provide uniqueness for the trust domain identifier. The scheme and scheme specific part are not defined by this specification. An example of an identifier format that conforms to this definition is <xref target="SPIFFE-ID"/>.</t>
          <t>Two credentials containing the same workload identifier value represent the same workload only when validated under the same trust domain and issuer trust configuration.</t>
          <t>A workload identifier <bcp14>MAY</bcp14> represent a logical workload, a service implemented by one or more workloads, or a specific workload instance, depending on deployment policy. Relying parties <bcp14>MUST</bcp14> interpret the identifier according to the identity semantics defined by the issuing trust domain.</t>
        </section>
        <section anchor="workload-identity-credentials">
          <name>Workload Identity Credentials</name>
          <t>An agent provisions the identity credentials to the workload. These credentials are represented in the form of JWT tokens and/or X.509 certificates.</t>
          <t>JWT bearer tokens are presented to another party as a proof of identity. They may be signed to prevent forgery, however since these credentials are often not bound to other information it is possible that they could be stolen and reused elsewhere. To mitigate these risks and make the token more generally useful the WIMSE architecture defines a workload identity credential that binds a JWT to a cryptographic key.</t>
          <t>Both workload identity certificate and workload identity token (WIT) credentials consist of two parts:</t>
          <ul spacing="normal">
            <li>
              <t>a certificate or WIT is a signed data structure that contains a public key and identity information</t>
            </li>
            <li>
              <t>a corresponding private key</t>
            </li>
          </ul>
          <t>The workload identity certificate or WIT is presented during authentication, however the private key is kept secret and only used in cryptographic computation to prove that the presenter has access to the private key corresponding to the public key.</t>
          <t>The private key associated with a workload identity credential is security-sensitive key material. It may be generated and managed by the workload itself, by an agent, or by the surrounding platform or infrastructure. In all cases, the key material needs to be generated with sufficient entropy, stored securely, protected from unauthorized access, and rotated according to deployment policy.</t>
          <t>The appropriate lifetime of a workload identity credential and its associated key pair depends on the deployment model, the sensitivity of the workload, the strength of the key protection mechanism, and the expected lifetime of the workload instance. Generating a new key pair for every request is not generally required and may be impractical. However, deployments <bcp14>SHOULD</bcp14> use bounded credential lifetimes and automated renewal so that workload identity credentials and associated key pairs are periodically replaced and can be retired after suspected compromise.</t>
        </section>
      </section>
      <section anchor="workload-identity-system-scenarios">
        <name>Workload Identity System Scenarios</name>
        <section anchor="basic-workload-identity-scenario">
          <name>Basic Workload Identity Scenario</name>
          <figure anchor="arch-basic">
            <name>Basic example workload application system.</name>
            <artset>
              <artwork type="svg"><svg xmlns="http://www.w3.org/2000/svg" version="1.1" height="496" width="704" viewBox="0 0 704 496" class="diagram" text-anchor="middle" font-family="monospace" font-size="13px" stroke-linecap="round">
                  <path d="M 8,176 L 8,240" fill="none" stroke="black"/>
                  <path d="M 112,176 L 112,240" fill="none" stroke="black"/>
                  <path d="M 168,64 L 168,400" fill="none" stroke="black"/>
                  <path d="M 184,80 L 184,416" fill="none" stroke="black"/>
                  <path d="M 200,32 L 200,64" fill="none" stroke="black"/>
                  <path d="M 200,416 L 200,480" fill="none" stroke="black"/>
                  <path d="M 216,64 L 216,80" fill="none" stroke="black"/>
                  <path d="M 232,80 L 232,416" fill="none" stroke="black"/>
                  <path d="M 280,112 L 280,208" fill="none" stroke="black"/>
                  <path d="M 280,240 L 280,384" fill="none" stroke="black"/>
                  <path d="M 312,80 L 312,96" fill="none" stroke="black"/>
                  <path d="M 312,128 L 312,144" fill="none" stroke="black"/>
                  <path d="M 312,208 L 312,288" fill="none" stroke="black"/>
                  <path d="M 312,352 L 312,368" fill="none" stroke="black"/>
                  <path d="M 312,400 L 312,416" fill="none" stroke="black"/>
                  <path d="M 376,144 L 376,208" fill="none" stroke="black"/>
                  <path d="M 376,288 L 376,352" fill="none" stroke="black"/>
                  <path d="M 432,80 L 432,144" fill="none" stroke="black"/>
                  <path d="M 432,352 L 432,416" fill="none" stroke="black"/>
                  <path d="M 440,208 L 440,288" fill="none" stroke="black"/>
                  <path d="M 528,224 L 528,240" fill="none" stroke="black"/>
                  <path d="M 528,272 L 528,288" fill="none" stroke="black"/>
                  <path d="M 592,112 L 592,224" fill="none" stroke="black"/>
                  <path d="M 592,288 L 592,384" fill="none" stroke="black"/>
                  <path d="M 648,224 L 648,288" fill="none" stroke="black"/>
                  <path d="M 696,32 L 696,480" fill="none" stroke="black"/>
                  <path d="M 200,32 L 456,32" fill="none" stroke="black"/>
                  <path d="M 576,32 L 696,32" fill="none" stroke="black"/>
                  <path d="M 168,64 L 216,64" fill="none" stroke="black"/>
                  <path d="M 184,80 L 232,80" fill="none" stroke="black"/>
                  <path d="M 312,80 L 432,80" fill="none" stroke="black"/>
                  <path d="M 280,112 L 312,112" fill="none" stroke="black"/>
                  <path d="M 432,112 L 592,112" fill="none" stroke="black"/>
                  <path d="M 312,144 L 368,144" fill="none" stroke="black"/>
                  <path d="M 384,144 L 432,144" fill="none" stroke="black"/>
                  <path d="M 8,176 L 112,176" fill="none" stroke="black"/>
                  <path d="M 112,208 L 160,208" fill="none" stroke="black"/>
                  <path d="M 232,208 L 280,208" fill="none" stroke="black"/>
                  <path d="M 312,208 L 440,208" fill="none" stroke="black"/>
                  <path d="M 528,224 L 648,224" fill="none" stroke="black"/>
                  <path d="M 8,240 L 112,240" fill="none" stroke="black"/>
                  <path d="M 232,240 L 280,240" fill="none" stroke="black"/>
                  <path d="M 440,256 L 528,256" fill="none" stroke="black"/>
                  <path d="M 312,288 L 440,288" fill="none" stroke="black"/>
                  <path d="M 528,288 L 648,288" fill="none" stroke="black"/>
                  <path d="M 312,352 L 368,352" fill="none" stroke="black"/>
                  <path d="M 384,352 L 432,352" fill="none" stroke="black"/>
                  <path d="M 280,384 L 312,384" fill="none" stroke="black"/>
                  <path d="M 432,384 L 592,384" fill="none" stroke="black"/>
                  <path d="M 168,400 L 184,400" fill="none" stroke="black"/>
                  <path d="M 184,416 L 232,416" fill="none" stroke="black"/>
                  <path d="M 312,416 L 432,416" fill="none" stroke="black"/>
                  <path d="M 200,480 L 696,480" fill="none" stroke="black"/>
                  <polygon class="arrowhead" points="536,256 524,250.4 524,261.6" fill="black" transform="rotate(0,528,256)"/>
                  <polygon class="arrowhead" points="384,352 372,346.4 372,357.6" fill="black" transform="rotate(90,376,352)"/>
                  <polygon class="arrowhead" points="384,144 372,138.4 372,149.6" fill="black" transform="rotate(270,376,144)"/>
                  <polygon class="arrowhead" points="320,384 308,378.4 308,389.6" fill="black" transform="rotate(0,312,384)"/>
                  <polygon class="arrowhead" points="320,112 308,106.4 308,117.6" fill="black" transform="rotate(0,312,112)"/>
                  <polygon class="arrowhead" points="168,208 156,202.4 156,213.6" fill="black" transform="rotate(0,160,208)"/>
                  <g class="text">
                    <text x="480" y="36">Trust</text>
                    <text x="540" y="36">Boundary</text>
                    <text x="504" y="100">(3)</text>
                    <text x="364" y="116">Workload</text>
                    <text x="408" y="116">1</text>
                    <text x="208" y="132">G</text>
                    <text x="208" y="148">a</text>
                    <text x="208" y="164">t</text>
                    <text x="208" y="180">e</text>
                    <text x="400" y="180">(1)</text>
                    <text x="136" y="196">(2)</text>
                    <text x="208" y="196">w</text>
                    <text x="256" y="196">(3)</text>
                    <text x="32" y="212">App</text>
                    <text x="76" y="212">Client</text>
                    <text x="208" y="212">a</text>
                    <text x="208" y="228">y</text>
                    <text x="376" y="244">CA/Credential</text>
                    <text x="488" y="244">(1)</text>
                    <text x="208" y="260">S</text>
                    <text x="256" y="260">(4)</text>
                    <text x="376" y="260">Service</text>
                    <text x="588" y="260">Workload</text>
                    <text x="632" y="260">3</text>
                    <text x="208" y="276">e</text>
                    <text x="208" y="292">r</text>
                    <text x="208" y="308">v</text>
                    <text x="208" y="324">i</text>
                    <text x="400" y="324">(1)</text>
                    <text x="208" y="340">c</text>
                    <text x="208" y="356">e</text>
                    <text x="496" y="372">(4)</text>
                    <text x="364" y="388">Workload</text>
                    <text x="408" y="388">2</text>
                  </g>
                </svg>
              </artwork>
              <artwork type="ascii-art"><![CDATA[
                        +--------------------------------Trust Boundary---------------+
                        |                                                             |
                    .---+-.                                                           |
                    | .---+-.         +--------------+                                |
                    | |     |         |              |       (3)                      |
                    | |     |     +--->  Workload 1  +-------------------+            |
                    | |  G  |     |   |              |                   |            |
                    | |  a  |     |   +-------^------+                   |            |
                    | |  t  |     |           |                          |            |
+------------+      | |  e  |     |           | (1)                      |            |
|            | (2)  | |  w  | (3) |           |                          |            |
| App Client +----->| |  a  +-----+   +-------+-------+                  |            |
|            |      | |  y  |         |               |          +-------+------+     |
+------------+      | |     +-----+   | CA/Credential |    (1)   |              |     |
                    | |  S  | (4) |   |    Service    +---------->   Workload 3 |     |
                    | |  e  |     |   |               |          |              |     |
                    | |  r  |     |   +-------+-------+          +-------+------+     |
                    | |  v  |     |           |                          |            |
                    | |  i  |     |           | (1)                      |            |
                    | |  c  |     |           |                          |            |
                    | |  e  |     |   +-------v------+                   |            |
                    | |     |     |   |              |      (4)          |            |
                    | |     |     +--->  Workload 2  +-------------------+            |
                    '-+     |         |              |                                |
                      '-+---'         +--------------+                                |
                        |                                                             |
                        |                                                             |
                        |                                                             |
                        +-------------------------------------------------------------+
]]></artwork>
            </artset>
          </figure>
          <t>The above diagram presents a basic workload application system.  The large box represents a trust domain within which the workload application is hosted.  Within this example
there are three workloads, a gateway service, that accepts external clients and a CA/credential service that issues workload identity credentials for the trust domain.  External
to the workload application system there is an application client that calls APIs on workloads.</t>
          <t>Here is a brief summary of each component</t>
          <ul spacing="normal">
            <li>
              <t>Trust Domain</t>
            </li>
          </ul>
          <t>The large box represents a trust domain of the application that is composed of several workloads.  A trust domain may have a more complex internal structure with more workloads, multiple gateways, internal infrastructure, and other services.</t>
          <ul spacing="normal">
            <li>
              <t>Workload</t>
            </li>
          </ul>
          <t>Three workloads are shown. Each workload is an independently addressable software entity that may consist of one or more workload instances at runtime.
Workloads obtain their identity credentials from a Credentials Service (1) and use them to authenticate to other workloads and systems in the process
of sending and receiving requests to and from external systems or other internal workloads.</t>
          <ul spacing="normal">
            <li>
              <t>Gateway Service</t>
            </li>
          </ul>
          <t>A gateway service acts as an intermediary between the internal application trust domain and external systems. By exposing external endpoints, it routes incoming requests to the correct internal workloads while ensuring appropriate isolation between the external and internal domains. To provide high availability, a gateway usually consists of multiple resilient instances.
The gateway <bcp14>MAY</bcp14> also implement identity proxy functionality including authentication, token exchange, and token transformation.</t>
          <ul spacing="normal">
            <li>
              <t>CA/Credential Service</t>
            </li>
          </ul>
          <t>In this diagram the token/Credential service is a service responsible for issuing workload identities to workloads in the same trust domain. The credentials are often X.509 certificate-based or JWT-based.</t>
          <t>High level flows within the diagram</t>
          <ul spacing="normal">
            <li>
              <t>(1) Workload Identity Credential Distribution</t>
            </li>
          </ul>
          <t>Workloads typically retrieve their workload identity credentials early in their lifecycle from a credentials service associated with their trust domain. The protocol interaction for
obtaining credentials varies with deployment and is not detailed here.</t>
          <ul spacing="normal">
            <li>
              <t>(2) Application client Requests</t>
            </li>
          </ul>
          <t>Clients send API requests to the application. In the example above, the gateway routes the request to the correct workload. In addition, the gateway may assist in authenticating the incoming request and provide information resulting from the authentication to the target workload. The authentication exchange is not covered in detail in this example.
The client request is typically made over HTTPS, but other protocols may be used in some systems. The gateway usually terminates the TLS session so it has visibility into the request in order to route it correctly.</t>
          <ul spacing="normal">
            <li>
              <t>(3) API request to workload 1</t>
            </li>
          </ul>
          <t>The gateway is configured to forward requests to the correct workload.  The gateway often modifies the request to include specific authentication information about the application client and to remove any information that should not be forwarded internally.  The gateway authenticates the workload before forwarding the request.  This authentication usually uses TLS. The target workload may authenticate the gateway using TLS or some other means. As part of servicing the request the workload must make a request to another workload in the system.  In this scenario the workload is making a request to workload 3 over HTTPS.  Workload 1 may be able to authenticate the identity of workload 3 through the TLS protocol to ensure it is making a request of the right party.  Workload 3 will authenticate workload 1 using its workload identity credentials. If the Workload Identity Credentials are workload identity certificates then this can happen through TLS client authentication (mutual TLS). Alternatively, the workloads can use a JWT based authentication mechanism to authenticate one another. Workload 3 can use the authenticated identity of workload 1 to determine which APIs workload 1 is authorized to invoke, and to associated the authenticated identity with logs and other audit information.</t>
          <ul spacing="normal">
            <li>
              <t>(4) API request to workload 2</t>
            </li>
          </ul>
          <t>Similarly to the previous flow, the gateway may determine that for another API call, the application client's request needs to be handled by workload 2. The case behaves the same as the previous flow except that the gateway may need to authenticate workload 2 before forwarding traffic to it. Workload 3 will then authorize and audit the request based on the authenticated identity of workload 2. Workload 2 and workload 1 may be authorized to use different APIs on workload 3. If workload 1 or 2 makes an API request that it is not authorized for, then workload 3 will reject the request.</t>
        </section>
        <section anchor="context-and-workload-identity">
          <name>Context and workload Identity</name>
          <figure anchor="arch-context">
            <name>Context example workload application system.</name>
            <artset>
              <artwork type="svg"><svg xmlns="http://www.w3.org/2000/svg" version="1.1" height="512" width="544" viewBox="0 0 544 512" class="diagram" text-anchor="middle" font-family="monospace" font-size="13px" stroke-linecap="round">
                  <path d="M 8,208 L 8,256" fill="none" stroke="black"/>
                  <path d="M 72,208 L 72,256" fill="none" stroke="black"/>
                  <path d="M 120,64 L 120,400" fill="none" stroke="black"/>
                  <path d="M 136,80 L 136,416" fill="none" stroke="black"/>
                  <path d="M 152,32 L 152,64" fill="none" stroke="black"/>
                  <path d="M 152,416 L 152,480" fill="none" stroke="black"/>
                  <path d="M 168,64 L 168,80" fill="none" stroke="black"/>
                  <path d="M 184,80 L 184,416" fill="none" stroke="black"/>
                  <path d="M 240,208 L 240,272" fill="none" stroke="black"/>
                  <path d="M 344,64 L 344,160" fill="none" stroke="black"/>
                  <path d="M 344,208 L 344,272" fill="none" stroke="black"/>
                  <path d="M 400,208 L 400,272" fill="none" stroke="black"/>
                  <path d="M 480,64 L 480,160" fill="none" stroke="black"/>
                  <path d="M 512,208 L 512,272" fill="none" stroke="black"/>
                  <path d="M 536,32 L 536,480" fill="none" stroke="black"/>
                  <path d="M 152,32 L 344,32" fill="none" stroke="black"/>
                  <path d="M 464,32 L 536,32" fill="none" stroke="black"/>
                  <path d="M 120,64 L 168,64" fill="none" stroke="black"/>
                  <path d="M 344,64 L 480,64" fill="none" stroke="black"/>
                  <path d="M 136,80 L 184,80" fill="none" stroke="black"/>
                  <path d="M 184,96 L 336,96" fill="none" stroke="black"/>
                  <path d="M 192,128 L 344,128" fill="none" stroke="black"/>
                  <path d="M 344,160 L 480,160" fill="none" stroke="black"/>
                  <path d="M 8,208 L 72,208" fill="none" stroke="black"/>
                  <path d="M 240,208 L 344,208" fill="none" stroke="black"/>
                  <path d="M 400,208 L 512,208" fill="none" stroke="black"/>
                  <path d="M 72,240 L 112,240" fill="none" stroke="black"/>
                  <path d="M 184,240 L 232,240" fill="none" stroke="black"/>
                  <path d="M 344,240 L 392,240" fill="none" stroke="black"/>
                  <path d="M 8,256 L 72,256" fill="none" stroke="black"/>
                  <path d="M 240,272 L 344,272" fill="none" stroke="black"/>
                  <path d="M 400,272 L 512,272" fill="none" stroke="black"/>
                  <path d="M 120,400 L 136,400" fill="none" stroke="black"/>
                  <path d="M 136,416 L 184,416" fill="none" stroke="black"/>
                  <path d="M 152,480 L 536,480" fill="none" stroke="black"/>
                  <polygon class="arrowhead" points="400,240 388,234.4 388,245.6" fill="black" transform="rotate(0,392,240)"/>
                  <polygon class="arrowhead" points="344,96 332,90.4 332,101.6" fill="black" transform="rotate(0,336,96)"/>
                  <polygon class="arrowhead" points="240,240 228,234.4 228,245.6" fill="black" transform="rotate(0,232,240)"/>
                  <polygon class="arrowhead" points="200,128 188,122.4 188,133.6" fill="black" transform="rotate(180,192,128)"/>
                  <polygon class="arrowhead" points="120,240 108,234.4 108,245.6" fill="black" transform="rotate(0,112,240)"/>
                  <g class="text">
                    <text x="368" y="36">Trust</text>
                    <text x="428" y="36">Boundary</text>
                    <text x="408" y="100">Context</text>
                    <text x="272" y="116">(3)</text>
                    <text x="408" y="132">Service</text>
                    <text x="272" y="148">(c)</text>
                    <text x="160" y="164">G</text>
                    <text x="160" y="180">a</text>
                    <text x="40" y="196">(1)</text>
                    <text x="160" y="196">t</text>
                    <text x="160" y="212">e</text>
                    <text x="48" y="228">App</text>
                    <text x="96" y="228">(2)</text>
                    <text x="160" y="228">w</text>
                    <text x="208" y="228">(4)</text>
                    <text x="376" y="228">(5)</text>
                    <text x="44" y="244">Client</text>
                    <text x="160" y="244">a</text>
                    <text x="284" y="244">workload</text>
                    <text x="328" y="244">1</text>
                    <text x="452" y="244">workload</text>
                    <text x="496" y="244">2</text>
                    <text x="96" y="260">(a)</text>
                    <text x="160" y="260">y</text>
                    <text x="208" y="260">(c)</text>
                    <text x="376" y="260">(c)</text>
                    <text x="160" y="292">S</text>
                    <text x="160" y="308">e</text>
                    <text x="160" y="324">r</text>
                    <text x="160" y="340">v</text>
                    <text x="160" y="356">i</text>
                    <text x="160" y="372">c</text>
                    <text x="160" y="388">e</text>
                  </g>
                </svg>
              </artwork>
              <artwork type="ascii-art"><![CDATA[
                  +------------------------Trust Boundary---------+
                  |                                               |
              .---+-.                     +----------------+      |
              | .---+-.                   |                |      |
              | |     +------------------>|    Context     |      |
              | |     |         (3)       |                |      |
              | |     |<------------------+    Service     |      |
              | |     |         (c)       |                |      |
              | |  G  |                   +----------------+      |
              | |  a  |                                           |
   (1)        | |  t  |                                           |
+-------+     | |  e  |      +------------+      +-------------+  |
|   App | (2) | |  w  | (4)  |            |  (5) |             |  |
| Client+---->| |  a  +----->| workload 1 +----->|  workload 2 |  |
+-------+ (a) | |  y  | (c)  |            |  (c) |             |  |
              | |     |      +------------+      +-------------+  |
              | |  S  |                                           |
              | |  e  |                                           |
              | |  r  |                                           |
              | |  v  |                                           |
              | |  i  |                                           |
              | |  c  |                                           |
              | |  e  |                                           |
              '-+     |                                           |
                '-+---'                                           |
                  |                                               |
                  |                                               |
                  |                                               |
                  +-----------------------------------------------+

]]></artwork>
            </artset>
          </figure>
          <t>In many cases the application system uses other security context information about the request during authorization and auditing.  The following is a basic scenario that illustrates the propagation of security context in the workload system.
Some of the components and interactions have been removed from the previous scenario for simplicity.</t>
          <ul spacing="normal">
            <li>
              <t>Context Service
This scenario adds a context service component which is responsible for creating security context based on authentication and other calculations. Context can be represented in many ways; it can be a plaintext data structure, a signed data structure such as a JWT or a pointer used to lookup the context as a data structure stored somewhere else. In one common example, creating the context may involve a token exchange converting an OAuth 2.0 access token into a different token format, such as a transaction token,  that is understood by internal services.</t>
            </li>
            <li>
              <t>(1) Initial Authentication
In the initial authentication the gateway service obtains credentials it can use with the gateway service. This authentication may involve several steps and may be performed by an external entity such as an identity provider. The authentication process will result in a credential that the gateway service can evaluate. For example, the credential could be an OAuth Access token.
If the client already has an access token that it can use to authenticate to the gateway, such as an X.509 certificate, then it may skip this step.</t>
            </li>
            <li>
              <t>(2) Application Client Request
The application client makes a request to the gateway over HTTPS.  The client may be authenticated to the gateway through TLS client authentication (mutual TLS) or through a credential such as an access token obtained in step 1.</t>
            </li>
            <li>
              <t>(3) Establishing the request context
The gateway service requests a security context token (c) from a token service. This process may entail sending an access token (a) along with other information to a token exchange endpoint to obtain the context token, which contains information about the entity accessing the system. This context is typically only relevant to the internal system and is not returned to the client.
The gateway may use alternative mechanisms to get the internal security context information (c).</t>
            </li>
            <li>
              <t>(4) Forwarding Request to Workload
The gateway forwards the request along with the context information (c) to the appropriate workload. A bearer token, such as an access token (a), is not usually forwarded as it is only meant for external access. The workload uses information in the context token in applying authorization policy to the application client's request.
If the workload does not receive a context token, then it will deny requests that rely on information from the token.</t>
            </li>
            <li>
              <t>(5) Making Additional Workload Originated Requests
The workload may need to make requests of other workloads. When making these requests, the workload includes the context information so Workload 2 can authorize and audit the request. Workload 2 may have a policy requiring Workload 1 to authenticate its service identity and provide valid context information (c) to access certain APIs.</t>
            </li>
          </ul>
        </section>
        <section anchor="cross-domain-communication">
          <name>Cross-Domain Communication</name>
          <figure anchor="arch-cross">
            <name>External request workload application system.</name>
            <artset>
              <artwork type="svg"><svg xmlns="http://www.w3.org/2000/svg" version="1.1" height="640" width="544" viewBox="0 0 544 640" class="diagram" text-anchor="middle" font-family="monospace" font-size="13px" stroke-linecap="round">
                  <path d="M 8,160 L 8,208" fill="none" stroke="black"/>
                  <path d="M 72,160 L 72,208" fill="none" stroke="black"/>
                  <path d="M 120,64 L 120,352" fill="none" stroke="black"/>
                  <path d="M 136,80 L 136,368" fill="none" stroke="black"/>
                  <path d="M 152,32 L 152,64" fill="none" stroke="black"/>
                  <path d="M 152,368 L 152,432" fill="none" stroke="black"/>
                  <path d="M 168,64 L 168,80" fill="none" stroke="black"/>
                  <path d="M 176,560 L 176,624" fill="none" stroke="black"/>
                  <path d="M 184,80 L 184,368" fill="none" stroke="black"/>
                  <path d="M 240,160 L 240,224" fill="none" stroke="black"/>
                  <path d="M 256,224 L 256,560" fill="none" stroke="black"/>
                  <path d="M 312,560 L 312,624" fill="none" stroke="black"/>
                  <path d="M 320,288 L 320,352" fill="none" stroke="black"/>
                  <path d="M 344,160 L 344,224" fill="none" stroke="black"/>
                  <path d="M 360,560 L 360,624" fill="none" stroke="black"/>
                  <path d="M 368,464 L 368,528" fill="none" stroke="black"/>
                  <path d="M 400,160 L 400,224" fill="none" stroke="black"/>
                  <path d="M 408,224 L 408,288" fill="none" stroke="black"/>
                  <path d="M 416,288 L 416,352" fill="none" stroke="black"/>
                  <path d="M 448,224 L 448,464" fill="none" stroke="black"/>
                  <path d="M 464,464 L 464,528" fill="none" stroke="black"/>
                  <path d="M 488,224 L 488,560" fill="none" stroke="black"/>
                  <path d="M 504,560 L 504,624" fill="none" stroke="black"/>
                  <path d="M 512,160 L 512,224" fill="none" stroke="black"/>
                  <path d="M 536,32 L 536,432" fill="none" stroke="black"/>
                  <path d="M 152,32 L 368,32" fill="none" stroke="black"/>
                  <path d="M 488,32 L 536,32" fill="none" stroke="black"/>
                  <path d="M 120,64 L 168,64" fill="none" stroke="black"/>
                  <path d="M 136,80 L 184,80" fill="none" stroke="black"/>
                  <path d="M 8,160 L 72,160" fill="none" stroke="black"/>
                  <path d="M 240,160 L 344,160" fill="none" stroke="black"/>
                  <path d="M 400,160 L 512,160" fill="none" stroke="black"/>
                  <path d="M 72,192 L 112,192" fill="none" stroke="black"/>
                  <path d="M 184,192 L 232,192" fill="none" stroke="black"/>
                  <path d="M 344,192 L 392,192" fill="none" stroke="black"/>
                  <path d="M 8,208 L 72,208" fill="none" stroke="black"/>
                  <path d="M 240,224 L 344,224" fill="none" stroke="black"/>
                  <path d="M 416,224 L 440,224" fill="none" stroke="black"/>
                  <path d="M 456,224 L 512,224" fill="none" stroke="black"/>
                  <path d="M 320,288 L 400,288" fill="none" stroke="black"/>
                  <path d="M 120,352 L 136,352" fill="none" stroke="black"/>
                  <path d="M 320,352 L 416,352" fill="none" stroke="black"/>
                  <path d="M 136,368 L 184,368" fill="none" stroke="black"/>
                  <path d="M 152,432 L 536,432" fill="none" stroke="black"/>
                  <path d="M 368,464 L 440,464" fill="none" stroke="black"/>
                  <path d="M 368,528 L 464,528" fill="none" stroke="black"/>
                  <path d="M 176,560 L 248,560" fill="none" stroke="black"/>
                  <path d="M 264,560 L 312,560" fill="none" stroke="black"/>
                  <path d="M 360,560 L 480,560" fill="none" stroke="black"/>
                  <path d="M 176,624 L 312,624" fill="none" stroke="black"/>
                  <path d="M 360,624 L 504,624" fill="none" stroke="black"/>
                  <polygon class="arrowhead" points="496,560 484,554.4 484,565.6" fill="black" transform="rotate(90,488,560)"/>
                  <polygon class="arrowhead" points="456,464 444,458.4 444,469.6" fill="black" transform="rotate(90,448,464)"/>
                  <polygon class="arrowhead" points="456,224 444,218.4 444,229.6" fill="black" transform="rotate(270,448,224)"/>
                  <polygon class="arrowhead" points="416,288 404,282.4 404,293.6" fill="black" transform="rotate(90,408,288)"/>
                  <polygon class="arrowhead" points="416,224 404,218.4 404,229.6" fill="black" transform="rotate(270,408,224)"/>
                  <polygon class="arrowhead" points="400,192 388,186.4 388,197.6" fill="black" transform="rotate(0,392,192)"/>
                  <polygon class="arrowhead" points="264,560 252,554.4 252,565.6" fill="black" transform="rotate(90,256,560)"/>
                  <polygon class="arrowhead" points="240,192 228,186.4 228,197.6" fill="black" transform="rotate(0,232,192)"/>
                  <polygon class="arrowhead" points="120,192 108,186.4 108,197.6" fill="black" transform="rotate(0,112,192)"/>
                  <g class="text">
                    <text x="392" y="36">Trust</text>
                    <text x="452" y="36">Boundary</text>
                    <text x="160" y="116">G</text>
                    <text x="160" y="132">a</text>
                    <text x="160" y="148">t</text>
                    <text x="160" y="164">e</text>
                    <text x="48" y="180">App</text>
                    <text x="96" y="180">(1)</text>
                    <text x="160" y="180">w</text>
                    <text x="208" y="180">(2)</text>
                    <text x="376" y="180">(4)</text>
                    <text x="44" y="196">Client</text>
                    <text x="160" y="196">a</text>
                    <text x="284" y="196">workload</text>
                    <text x="328" y="196">1</text>
                    <text x="452" y="196">workload</text>
                    <text x="496" y="196">2</text>
                    <text x="96" y="212">(a)</text>
                    <text x="160" y="212">y</text>
                    <text x="208" y="212">(c)</text>
                    <text x="376" y="212">(c)</text>
                    <text x="160" y="244">S</text>
                    <text x="160" y="260">e</text>
                    <text x="240" y="260">(3)</text>
                    <text x="380" y="260">(5)(c)</text>
                    <text x="424" y="260">(t)</text>
                    <text x="160" y="276">r</text>
                    <text x="160" y="292">v</text>
                    <text x="160" y="308">i</text>
                    <text x="368" y="308">Token</text>
                    <text x="160" y="324">c</text>
                    <text x="472" y="324">(7)</text>
                    <text x="504" y="324">(a)</text>
                    <text x="160" y="340">e</text>
                    <text x="368" y="340">Service</text>
                    <text x="420" y="404">(6)(t)</text>
                    <text x="464" y="404">(a)</text>
                    <text x="456" y="468">-</text>
                    <text x="420" y="484">External</text>
                    <text x="416" y="500">Token</text>
                    <text x="416" y="516">Service</text>
                    <text x="496" y="564">-</text>
                    <text x="244" y="580">Infrastructure</text>
                    <text x="436" y="580">External</text>
                    <text x="240" y="612">Service</text>
                    <text x="432" y="612">Service</text>
                  </g>
                </svg>
              </artwork>
              <artwork type="ascii-art"><![CDATA[
                  +---------------------------Trust Boundary------+
                  |                                               |
              .---+-.                                             |
              | .---+-.                                           |
              | |     |                                           |
              | |  G  |                                           |
              | |  a  |                                           |
              | |  t  |                                           |
+-------+     | |  e  |      +------------+      +-------------+  |
|   App | (1) | |  w  | (2)  |            |  (4) |             |  |
| Client+---->| |  a  +----->| workload 1 +----->|  workload 2 |  |
+-------+ (a) | |  y  | (c)  |            |  (c) |             |  |
              | |     |      +-+----------+      +^----^----+--+  |
              | |  S  |        |                  |    |    |     |
              | |  e  |     (3)|            (5)(c)|(t) |    |     |
              | |  r  |        |                  |    |    |     |
              | |  v  |        |       +-+--------v+   |    |     |
              | |  i  |        |       |   Token   |   |    |     |
              | |  c  |        |       |           |   | (7)|(a)  |
              | |  e  |        |       |  Service  |   |    |     |
              '-+     |        |       +-----------+   |    |     |
                '-+---'        |                       |    |     |
                  |            |                       |    |     |
                  |            |                 (6)(t)|(a) |     |
                  |            |                       |    |     |
                  +------------+-----------------------+----+-----+
                               |                       |    |
                               |             +-+-------V-+  |
                               |             |  External |  |
                               |             |   Token   |  |
                               |             |  Service  |  |
                               |             +-----------+  |
                               |                            |
                     +---------v------+     +---------------v-+
                     | Infrastructure |     |     External    |
                     |                |     |                 |
                     |    Service     |     |     Service     |
                     +----------------+     +-----------------+
]]></artwork>
            </artset>
          </figure>
          <t>In many applications workloads must make requests of infrastructure or external services that operate as a different trust domain. Steps 5-7 of <xref target="arch-cross"/> involve a generic cross domain pattern as described in <xref target="I-D.draft-ietf-oauth-identity-chaining"/>. This document refers to a token service which performs a similar functions with respect to token issuance as the authorization service in <xref target="I-D.draft-ietf-oauth-identity-chaining"/>. The scenario shows some new components described below.
Components and interactions from previous scenarios are still relevant to this example, but are omitted for simplicity.</t>
          <ul spacing="normal">
            <li>
              <t>Token Service - the token service is responsible for exchanging information that is internal to the system such as service identity and/or security context information for a token that can be presented to an external token service in another trust domain to gain access to infrastructure or an external service.</t>
            </li>
            <li>
              <t>External Token Service - the external token service is part of another trust domain.  Workloads in the originating trust domain contact this service to get an access token to authenticate to external services.</t>
            </li>
            <li>
              <t>Infrastructure Service - this service is often part of the application, but it is managed by an infrastructure provider and may require different information to access it.</t>
            </li>
            <li>
              <t>External Service - this service is distinct from the application and hosted in a separate trust domain.  This trust domain often has different access requirements that workloads in the internal trust domain.</t>
            </li>
          </ul>
          <t>Some example interactions in this scenario:</t>
          <ul spacing="normal">
            <li>
              <t>(1) The application client is making requests with authentication information as in the other scenarios</t>
            </li>
            <li>
              <t>(2) The gateway forwards the request to the appropriate workload with the security context information</t>
            </li>
            <li>
              <t>(3) The workload needs to access an infrastructure service and, because there is an established trust relationship, it authenticates to the service directly using its workload credentials.</t>
            </li>
            <li>
              <t>(4) Workload 1 contacts Workload 2 to perform an operation. This request is accompanied by a security context as in the other scenarios.</t>
            </li>
            <li>
              <t>(5) Workload 2 determines it needs to communicate with an external service.  In order to gain access to this service it must first obtain a token/credential (t) that it can use externally.  It authenticates to the token service using its workload identity credential (c) and provides security context information.  The token service determines what type of externally usable token to issue to the workload for use with the external token service.</t>
            </li>
            <li>
              <t>(6) Workload 2 uses this new token/credential (t) to request an access token (a) for the external service from the token service.</t>
            </li>
            <li>
              <t>(7) Workload 2 uses the access token (a) to access the external service in the other trust domain.</t>
            </li>
          </ul>
          <t>There can be variations on cross domain workflows. For example, in step 3 the workload was able to use its Workload Identity Credentials to directly access an infrastructure service. It also may be possible for an workload to request an access token for an external service using its Workload Identity Credentials directly with an external token service.</t>
        </section>
      </section>
      <section anchor="arch-basic-ops">
        <name>Message Flow and Policy Enforcement in the Basic Scenario</name>
        <t>The basic workload identity scenario described in <xref target="basic-workload-identity-scenario"/> and illustrated in <xref target="arch-basic"/> already sketches a trust domain, a gateway, a CA/credential service, and how an application client reaches multiple workloads. This section takes the same scenario and adds one level of detail for a single workload-to-workload hop: a caller and a callee, identity established with workload identity credentials, and a separate authorization step that may involve policy components.</t>
        <t>In this view, the component enforcing authorization policy acts as a Policy Enforcement Point (PEP): it allows a request to proceed, blocks it, or applies obligations based on the authenticated peer identity and any relevant security context. A deployment may also use a Policy Decision Point (PDP), to which the enforcing component delegates policy evaluation. Deployments may implement PEP and PDP as separate services, co-locate them with a gateway or sidecar, or embed them in the receiving workload. This document does not define a particular policy language or protocol between PEP and PDP.</t>
        <t>The diagram below is illustrative rather than normative. It shows one common logical layout for how provisioning, connection setup, application-layer authentication, authorization, and response relate when two workloads communicate.</t>
        <figure anchor="arch-basic-ops-fig">
          <name>Logical message flow and policy points (drill-down of the basic scenario).</name>
          <artset>
            <artwork type="svg"><svg xmlns="http://www.w3.org/2000/svg" version="1.1" height="368" width="352" viewBox="0 0 352 368" class="diagram" text-anchor="middle" font-family="monospace" font-size="13px" stroke-linecap="round">
                <path d="M 8,32 L 8,176" fill="none" stroke="black"/>
                <path d="M 8,272 L 8,352" fill="none" stroke="black"/>
                <path d="M 56,184 L 56,264" fill="none" stroke="black"/>
                <path d="M 72,224 L 72,264" fill="none" stroke="black"/>
                <path d="M 112,32 L 112,176" fill="none" stroke="black"/>
                <path d="M 112,272 L 112,352" fill="none" stroke="black"/>
                <path d="M 240,32 L 240,176" fill="none" stroke="black"/>
                <path d="M 240,272 L 240,352" fill="none" stroke="black"/>
                <path d="M 256,184 L 256,224" fill="none" stroke="black"/>
                <path d="M 272,144 L 272,176" fill="none" stroke="black"/>
                <path d="M 304,184 L 304,264" fill="none" stroke="black"/>
                <path d="M 344,32 L 344,176" fill="none" stroke="black"/>
                <path d="M 344,272 L 344,352" fill="none" stroke="black"/>
                <path d="M 8,32 L 112,32" fill="none" stroke="black"/>
                <path d="M 240,32 L 344,32" fill="none" stroke="black"/>
                <path d="M 120,62 L 232,62" fill="none" stroke="black"/>
                <path d="M 120,66 L 232,66" fill="none" stroke="black"/>
                <path d="M 120,110 L 232,110" fill="none" stroke="black"/>
                <path d="M 120,114 L 232,114" fill="none" stroke="black"/>
                <path d="M 272,144 L 344,144" fill="none" stroke="black"/>
                <path d="M 120,158 L 232,158" fill="none" stroke="black"/>
                <path d="M 120,162 L 232,162" fill="none" stroke="black"/>
                <path d="M 8,176 L 112,176" fill="none" stroke="black"/>
                <path d="M 240,176 L 344,176" fill="none" stroke="black"/>
                <path d="M 72,224 L 256,224" fill="none" stroke="black"/>
                <path d="M 8,272 L 112,272" fill="none" stroke="black"/>
                <path d="M 240,272 L 344,272" fill="none" stroke="black"/>
                <path d="M 8,352 L 112,352" fill="none" stroke="black"/>
                <path d="M 240,352 L 344,352" fill="none" stroke="black"/>
                <polygon class="arrowhead" points="312,264 300,258.4 300,269.6" fill="black" transform="rotate(90,304,264)"/>
                <polygon class="arrowhead" points="312,184 300,178.4 300,189.6" fill="black" transform="rotate(270,304,184)"/>
                <polygon class="arrowhead" points="264,184 252,178.4 252,189.6" fill="black" transform="rotate(270,256,184)"/>
                <polygon class="arrowhead" points="240,112 228,106.4 228,117.6" fill="black" transform="rotate(0,232,112)"/>
                <polygon class="arrowhead" points="240,64 228,58.4 228,69.6" fill="black" transform="rotate(0,232,64)"/>
                <polygon class="arrowhead" points="128,160 116,154.4 116,165.6" fill="black" transform="rotate(180,120,160)"/>
                <polygon class="arrowhead" points="128,64 116,58.4 116,69.6" fill="black" transform="rotate(180,120,64)"/>
                <polygon class="arrowhead" points="80,264 68,258.4 68,269.6" fill="black" transform="rotate(90,72,264)"/>
                <polygon class="arrowhead" points="64,264 52,258.4 52,269.6" fill="black" transform="rotate(90,56,264)"/>
                <polygon class="arrowhead" points="64,184 52,178.4 52,189.6" fill="black" transform="rotate(270,56,184)"/>
                <g class="text">
                  <text x="176" y="52">(2)</text>
                  <text x="52" y="100">Workload</text>
                  <text x="96" y="100">A</text>
                  <text x="176" y="100">(3)</text>
                  <text x="284" y="100">Workload</text>
                  <text x="328" y="100">B</text>
                  <text x="176" y="148">(5)</text>
                  <text x="304" y="164">PEP</text>
                  <text x="168" y="212">(1)</text>
                  <text x="32" y="228">(1)</text>
                  <text x="328" y="228">(4)</text>
                  <text x="40" y="308">CA/</text>
                  <text x="288" y="308">PDP</text>
                  <text x="68" y="324">Credential</text>
                  <text x="292" y="324">(optional)</text>
                  <text x="56" y="340">Service</text>
                </g>
              </svg>
            </artwork>
            <artwork type="ascii-art"><![CDATA[
+------------+               +------------+
|            |      (2)      |            |
|            |<=============>|            |
|            |               |            |
| Workload A |      (3)      | Workload B |
|            |==============>|            |
|            |               |            |
|            |      (5)      |   +--------+
|            |<==============|   |  PEP   |
+------------+               +---+--------+
      ^                        ^     ^
      |            (1)         |     |
  (1) | +----------------------+     | (4)
      | |                            |
      v v                            v
+------------+               +------------+
|            |               |            |
|  CA/       |               |    PDP     |
|  Credential|               | (optional) |
|  Service   |               |            |
+------------+               +------------+
]]></artwork>
          </artset>
        </figure>
        <t>The CA/credential service issues workload identity credentials; workloads obtain them before using those credentials for authentication. Provisioning details vary by deployment. The PEP is shown as a logical function associated with the callee-side request path. It may be implemented inside Workload B, in a sidecar, in a gateway, or in another component on the request path, as in <xref target="arch-basic"/>.</t>
        <t>The high-level message flow is as follows:</t>
        <ol spacing="normal" type="1"><li>
            <t>Workload A and Workload B each obtain a workload identity credential from the CA/credential service before using that credential for authentication. The timing, lifetime, and refresh behavior of these credentials are deployment-specific. Normally credentials operate on a slower lifecycle than application requests.</t>
          </li>
          <li>
            <t>A transport connection is set up for the call. It may use mutual TLS and workload identity certificates, or another transport security mechanism.</t>
          </li>
          <li>
            <t>Workload A sends a request to Workload B. This may include application-layer authentication using a Workload Identity Token and proof of possession, as defined in the credentials and protocol documents. Workload B authenticates Workload A.</t>
          </li>
          <li>
            <t>Workload B authorizes the request. The PEP enforces the decision, optionally consulting a PDP. Policy details and message-level authorization formats are out of scope for this architecture.</t>
          </li>
          <li>
            <t>Workload B returns a response to Workload A, which may be an error or success.</t>
          </li>
        </ol>
        <t>Depending on the protocol binding, peer authentication may occur during step (2) at the transport layer, during step (3) at the application layer, or both, as in the other scenarios in this section.</t>
      </section>
      <section anchor="workload-identity-use-cases">
        <name>Workload Identity Use Cases</name>
        <section anchor="bootstrapping-workload-identifiers-and-credentials">
          <name>Bootstrapping Workload Identifiers and Credentials</name>
          <t>Workloads need to obtain credentials before they can fully participate in the WIMSE architecture. The architecture does not specify a particular method for credential provisioning, but this section outlines some concepts involved in this process. WIMSE focuses on credentials that consist of a public token and a private key such as X.509 certificate and Workload Identity Token (WIT). This list is not exhaustive of all the ways provisioning can happen.</t>
          <ul spacing="normal">
            <li>
              <t>Direct Provisioning - A workload may receive its WIMSE credential when it is initially created. This is typically done using a deployment-specific mechanism that configures both the private and public portions of the credential for the workload. In direct provisioning the workload does not need to go through additional processes to obtain credentials and the credentials can be used immediately, whereas in the other cases more interactions are needed to obtain usable credentials.</t>
            </li>
            <li>
              <t>Bootstrap Credentials - A workload may receive a set of bootstrap credentials specific to its deployment mechanism, which are then used by the workload through another process to obtain WIMSE credentials. The workload may use the bootstrap credentials to obtain the private and public parts of the WIMSE credentials, or the workload may generate a private key pair and use the bootstrap credential to authorize an enrollment process to obtain the public credential (X.509 certificate or WIT). <xref target="I-D.ietf-wimse-workload-identity-practices"/> describes some ways workloads can be initially providioned with bootstrap credentials.</t>
            </li>
            <li>
              <t>Attestation - A workload credential provisioning process may use attestation in addition to or instead of bootstrap credentials. Attestation refers to the process of one peer in a communication (known as an "attester") generating attestation evidence, and providing that to a communication peer -- the "relying party", who may request verification of the supplied evidence from a "verifier". The Remote ATtestation procedureS (RATS) Architecture <xref target="RFC9334"/> describes evidence and some of the different communication patterns. Attestation in WIMSE is intentionally defined quite broadly, as it may be implemented in several ways that, while aligned with the definitions and architectures described in <xref target="RFC9334"/>, and here, do not rely on any specific implementation, or any specific communication protocol.  <xref target="SPIRE"/> provides an example outside of the RATS protocol work where attestation processes result in credentials being provisioned both to workloads, and the nodes that host them.</t>
            </li>
            <li>
              <t>Agent Assisted Provisioning - In some architectures, several workloads run on the same node that hosts an agent that assists in the credential provisioning process. The example below illustrates one way in which an agent can participate in the process, reflecting some concepts in the SPIFFE architecture. There are other ways an agent may participate. For example, the agent may not receive direct access to the workload private key but it may be the conduit for providing an encrypted private key which the workload can decrypt through a process that may involve attestation.</t>
            </li>
          </ul>
          <section anchor="agent-assisted-provisioning-example">
            <name>Agent Assisted Provisioning Example</name>
            <t><xref target="arch-fig"/> illustrates software layering at a host running workloads. During startup, workloads bootstrap their identifiers and credentials with the help of an agent. The agent may be associated with one or more workloads to help ensure that workloads are provisioned with the correct identifiers and credentials. The agent provides attestation evidence and other relevant information to a server. The server validates this information and provides the agent with identifiers and credentials for the workloads it is associated with. The server can use a variety of internal and external means to validate the request against policy. After obtaining credentials from the server, the agent passes them to the workload.</t>
            <figure anchor="arch-fig">
              <name>Host Software Layering in a Workload Identity Architecture.</name>
              <artset>
                <artwork type="svg"><svg xmlns="http://www.w3.org/2000/svg" version="1.1" height="480" width="472" viewBox="0 0 472 480" class="diagram" text-anchor="middle" font-family="monospace" font-size="13px" stroke-linecap="round">
                    <path d="M 8,32 L 8,128" fill="none" stroke="black"/>
                    <path d="M 8,224 L 8,448" fill="none" stroke="black"/>
                    <path d="M 24,80 L 24,112" fill="none" stroke="black"/>
                    <path d="M 32,272 L 32,336" fill="none" stroke="black"/>
                    <path d="M 72,136 L 72,272" fill="none" stroke="black"/>
                    <path d="M 88,128 L 88,264" fill="none" stroke="black"/>
                    <path d="M 136,80 L 136,112" fill="none" stroke="black"/>
                    <path d="M 136,320 L 136,408" fill="none" stroke="black"/>
                    <path d="M 152,32 L 152,128" fill="none" stroke="black"/>
                    <path d="M 160,272 L 160,336" fill="none" stroke="black"/>
                    <path d="M 280,272 L 280,336" fill="none" stroke="black"/>
                    <path d="M 296,256 L 296,272" fill="none" stroke="black"/>
                    <path d="M 304,320 L 304,408" fill="none" stroke="black"/>
                    <path d="M 336,144 L 336,248" fill="none" stroke="black"/>
                    <path d="M 352,144 L 352,248" fill="none" stroke="black"/>
                    <path d="M 416,272 L 416,336" fill="none" stroke="black"/>
                    <path d="M 432,256 L 432,320" fill="none" stroke="black"/>
                    <path d="M 448,224 L 448,448" fill="none" stroke="black"/>
                    <path d="M 8,32 L 152,32" fill="none" stroke="black"/>
                    <path d="M 24,80 L 136,80" fill="none" stroke="black"/>
                    <path d="M 24,112 L 136,112" fill="none" stroke="black"/>
                    <path d="M 8,128 L 152,128" fill="none" stroke="black"/>
                    <path d="M 8,224 L 448,224" fill="none" stroke="black"/>
                    <path d="M 296,256 L 432,256" fill="none" stroke="black"/>
                    <path d="M 32,272 L 160,272" fill="none" stroke="black"/>
                    <path d="M 280,272 L 416,272" fill="none" stroke="black"/>
                    <path d="M 152,304 L 288,304" fill="none" stroke="black"/>
                    <path d="M 416,320 L 432,320" fill="none" stroke="black"/>
                    <path d="M 32,336 L 160,336" fill="none" stroke="black"/>
                    <path d="M 280,336 L 416,336" fill="none" stroke="black"/>
                    <path d="M 8,416 L 448,416" fill="none" stroke="black"/>
                    <path d="M 8,448 L 448,448" fill="none" stroke="black"/>
                    <polygon class="arrowhead" points="360,248 348,242.4 348,253.6" fill="black" transform="rotate(90,352,248)"/>
                    <polygon class="arrowhead" points="344,248 332,242.4 332,253.6" fill="black" transform="rotate(90,336,248)"/>
                    <polygon class="arrowhead" points="312,408 300,402.4 300,413.6" fill="black" transform="rotate(90,304,408)"/>
                    <polygon class="arrowhead" points="312,320 300,314.4 300,325.6" fill="black" transform="rotate(270,304,320)"/>
                    <polygon class="arrowhead" points="296,304 284,298.4 284,309.6" fill="black" transform="rotate(0,288,304)"/>
                    <polygon class="arrowhead" points="160,304 148,298.4 148,309.6" fill="black" transform="rotate(180,152,304)"/>
                    <polygon class="arrowhead" points="144,408 132,402.4 132,413.6" fill="black" transform="rotate(90,136,408)"/>
                    <polygon class="arrowhead" points="144,320 132,314.4 132,325.6" fill="black" transform="rotate(270,136,320)"/>
                    <polygon class="arrowhead" points="96,264 84,258.4 84,269.6" fill="black" transform="rotate(90,88,264)"/>
                    <polygon class="arrowhead" points="80,136 68,130.4 68,141.6" fill="black" transform="rotate(270,72,136)"/>
                    <g class="text">
                      <text x="76" y="52">Server</text>
                      <text x="80" y="100">Attestation</text>
                      <text x="132" y="164">Identity</text>
                      <text x="396" y="164">Workload</text>
                      <text x="144" y="180">Credentials</text>
                      <text x="396" y="180">to</text>
                      <text x="396" y="196">Workload</text>
                      <text x="416" y="212">Communication</text>
                      <text x="64" y="292">Agent</text>
                      <text x="328" y="292">Workloads</text>
                      <text x="212" y="324">Identity</text>
                      <text x="224" y="340">Credentials</text>
                      <text x="348" y="372">Identity</text>
                      <text x="80" y="388">Attestation</text>
                      <text x="360" y="388">Credentials</text>
                      <text x="36" y="436">Host</text>
                      <text x="96" y="436">Operating</text>
                      <text x="164" y="436">System</text>
                      <text x="208" y="436">and</text>
                      <text x="260" y="436">Hardware</text>
                    </g>
                  </svg>
                </artwork>
                <artwork type="ascii-art"><![CDATA[
  +-----------------+
  |     Server      |
  |                 |
  | +-------------+ |
  | | Attestation | |
  | +-------------+ |
  +---------+-------+
          ^ |                              . .
          | | Identity                     | | Workload
          | | Credentials                  | |    to
          | |                              | | Workload
          | |                              | | Communication
  +-------+-+------------------------------+-+-----------+
  |       | |                              v V           |
  |       | v                         +----------------+ |
  |  +----+----------+              +-+--------------+ | |
  |  | Agent         |              | Workloads      | | |
  |  |              <+--------------+>               | | |
  |  |            ^  |  Identity    |  ^             +-+ |
  |  +------------+--+  Credentials +--+-------------+   |
  |               |                    |                 |
  |               |                    | Identity        |
  |   Attestation |                    | Credentials     |
  |               v                    v                 |
  +------------------------------------------------------+
  | Host Operating System and Hardware                   |
  +------------------------------------------------------+
]]></artwork>
              </artset>
            </figure>
            <t>How the workload obtains its identity credentials and interacts with the agent is subject to different implementations. Some common mechanisms for obtaining this initial identity include:</t>
            <ul spacing="normal">
              <li>
                <t>File System - In this mechanism, the identity credential is provisioned to the workload via the filesystem.</t>
              </li>
              <li>
                <t>Local API - The identity credential is provided through an API, such as a local domain socket (for example, SPIFFE or QEMU guest agent) or network API (for example, Cloud Provider Metadata Server).</t>
              </li>
              <li>
                <t>Environment Variables - Identity credentials may also be injected into workloads using operating system environment variables.</t>
              </li>
            </ul>
          </section>
        </section>
        <section anchor="workload-and-service-authentication">
          <name>Workload and Service Authentication</name>
          <t>One of the most basic use cases for workload identity is authentication of one workload to another. In many deployments, this is described operationally as one service making a request to another service as part of a larger, more complex application. The identifier in the credentials may identify a logical service, a workload that implements that service, or a specific workload instance, depending on the identity model chosen by the issuing trust domain. Following authentication, the identity of the peer can be used to enforce fine-grained authorization policies as described in <xref target="authorization"/> and generate audit trails as described in <xref target="audit-trails"/>.</t>
          <t>Authentication mechanisms are used to establish the identity of the peer before secure communication can proceed. The peer identity is carried in a workload identity credential, even when the credential represents a service-level identity rather than a particular workload instance.</t>
          <t>Workloads often obtain their credentials without relying on pre-provisioned long-lived secrets. Instead, short-lived credentials are established through mechanisms provided by the infrastructure that allow a workload to prove it is running in a given environment. Common delivery patterns are described in <xref section="3" sectionFormat="of" target="I-D.ietf-wimse-workload-identity-practices"/>.</t>
          <t>Once credentials are issued, they are conveyed to peers using common security protocols. Typical mechanisms include:</t>
          <ul spacing="normal">
            <li>
              <t>Mutual TLS authentication using X.509 certificate for both client and server as described in <xref section="4" sectionFormat="of" target="I-D.ietf-wimse-s2s-protocol"/>.</t>
            </li>
            <li>
              <t>Application-layer authentication using cryptographic credentials passed within HTTP message as described in <xref section="3" sectionFormat="of" target="I-D.ietf-wimse-s2s-protocol"/>.</t>
            </li>
          </ul>
          <t>These mechanisms can also be used together. For example, a workload identity certificate can be used for transport-layer authentication to an intermediary, while an application-layer Workload Identity Token is used to authenticate the caller to the destination workload, as described in <xref target="layered-workload-authentication"/>.</t>
          <t>These authentication mechanisms establish a cryptographically verifiable identity for the communicating party, which can then be used for further policy enforcement.</t>
          <t><xref target="arch-chain"/> illustrates communication between workloads and services. Two aspects are important
to highlight: First, there is a need to consider the interaction with workloads that are external
to the trust domain (sometimes called cross-domain). Second, the interaction does
not only occur between workloads that directly interact with each other but instead may also
take place across intermediate workloads (in an end-to-end style).</t>
          <figure anchor="arch-chain">
            <name>Workload-to-Workload Communication.</name>
            <artset>
              <artwork type="svg"><svg xmlns="http://www.w3.org/2000/svg" version="1.1" height="384" width="520" viewBox="0 0 520 384" class="diagram" text-anchor="middle" font-family="monospace" font-size="13px" stroke-linecap="round">
                  <path d="M 8,32 L 8,96" fill="none" stroke="black"/>
                  <path d="M 8,144 L 8,352" fill="none" stroke="black"/>
                  <path d="M 32,192 L 32,304" fill="none" stroke="black"/>
                  <path d="M 72,80 L 72,208" fill="none" stroke="black"/>
                  <path d="M 128,192 L 128,304" fill="none" stroke="black"/>
                  <path d="M 152,32 L 152,96" fill="none" stroke="black"/>
                  <path d="M 216,192 L 216,304" fill="none" stroke="black"/>
                  <path d="M 312,192 L 312,304" fill="none" stroke="black"/>
                  <path d="M 400,192 L 400,304" fill="none" stroke="black"/>
                  <path d="M 496,192 L 496,304" fill="none" stroke="black"/>
                  <path d="M 512,144 L 512,352" fill="none" stroke="black"/>
                  <path d="M 8,32 L 152,32" fill="none" stroke="black"/>
                  <path d="M 8,96 L 152,96" fill="none" stroke="black"/>
                  <path d="M 8,144 L 272,144" fill="none" stroke="black"/>
                  <path d="M 392,144 L 512,144" fill="none" stroke="black"/>
                  <path d="M 32,192 L 128,192" fill="none" stroke="black"/>
                  <path d="M 216,192 L 312,192" fill="none" stroke="black"/>
                  <path d="M 400,192 L 496,192" fill="none" stroke="black"/>
                  <path d="M 120,240 L 224,240" fill="none" stroke="black"/>
                  <path d="M 304,240 L 408,240" fill="none" stroke="black"/>
                  <path d="M 80,288 L 440,288" fill="none" stroke="black"/>
                  <path d="M 32,304 L 128,304" fill="none" stroke="black"/>
                  <path d="M 216,304 L 312,304" fill="none" stroke="black"/>
                  <path d="M 400,304 L 496,304" fill="none" stroke="black"/>
                  <path d="M 8,352 L 512,352" fill="none" stroke="black"/>
                  <polygon class="arrowhead" points="448,288 436,282.4 436,293.6" fill="black" transform="rotate(0,440,288)"/>
                  <polygon class="arrowhead" points="416,240 404,234.4 404,245.6" fill="black" transform="rotate(0,408,240)"/>
                  <polygon class="arrowhead" points="312,240 300,234.4 300,245.6" fill="black" transform="rotate(180,304,240)"/>
                  <polygon class="arrowhead" points="232,240 220,234.4 220,245.6" fill="black" transform="rotate(0,224,240)"/>
                  <polygon class="arrowhead" points="128,240 116,234.4 116,245.6" fill="black" transform="rotate(180,120,240)"/>
                  <polygon class="arrowhead" points="88,288 76,282.4 76,293.6" fill="black" transform="rotate(180,80,288)"/>
                  <polygon class="arrowhead" points="80,208 68,202.4 68,213.6" fill="black" transform="rotate(90,72,208)"/>
                  <polygon class="arrowhead" points="80,80 68,74.4 68,85.6" fill="black" transform="rotate(270,72,80)"/>
                  <g class="text">
                    <text x="84" y="52">Workload</text>
                    <text x="84" y="68">(external)</text>
                    <text x="296" y="148">Trust</text>
                    <text x="356" y="148">Boundary</text>
                    <text x="168" y="196">Hop-by-</text>
                    <text x="352" y="196">Hop-by-</text>
                    <text x="152" y="212">Hop</text>
                    <text x="336" y="212">Hop</text>
                    <text x="76" y="228">Workload</text>
                    <text x="172" y="228">Security</text>
                    <text x="260" y="228">Workload</text>
                    <text x="356" y="228">Security</text>
                    <text x="444" y="228">Workload</text>
                    <text x="72" y="292">O</text>
                    <text x="448" y="292">O</text>
                    <text x="168" y="308">E2E</text>
                    <text x="352" y="308">E2E</text>
                  </g>
                </svg>
              </artwork>
              <artwork type="ascii-art"><![CDATA[
  +-----------------+
  |     Workload    |
  |    (external)   |
  |       ^         |
  +-------+---------+
          |
          |
  +-------+-------------------------Trust Boundary---------------+
  |       |                                                      |
  |       |                                                      |
  |  +----+------+ Hop-by-  +-----------+ Hop-by-  +-----------+ |
  |  |    v      | Hop      |           | Hop      |           | |
  |  | Workload  | Security | Workload  | Security | Workload  | |
  |  |          <+----------+>         <+----------+>          | |
  |  |           |          |           |          |           | |
  |  |           |          |           |          |           | |
  |  |    O<-----+----------+-----------+----------+---->O     | |
  |  +-----------+   E2E    +-----------+   E2E    +-----------+ |
  |                                                              |
  |                                                              |
  +--------------------------------------------------------------+
]]></artwork>
            </artset>
          </figure>
        </section>
        <section anchor="layered-workload-authentication">
          <name>Layered Workload Authentication</name>
          <t>Some deployments use workload identity credentials at more than one layer of the communication stack. For example, a workload might use a workload identity certificate with TLS to authenticate to a proxy, gateway, load balancer, or service mesh sidecar, while also using an application-layer Workload Identity Token (WIT) or similar credential to authenticate to the destination workload.</t>
          <t>This pattern is common when infrastructure components terminate or originate transport connections on behalf of workloads. In such deployments, the transport-layer credential authenticates the workload, proxy, gateway, or sidecar for the purpose of establishing a secure channel across a particular network segment. The application-layer credential authenticates the workload identity that is relevant to the receiving application. These two authentication events may involve different peers, different trust anchors, and different authorization policies.</t>
          <figure anchor="arch-layered-auth">
            <name>Layered workload authentication through an intermediary.</name>
            <artset>
              <artwork type="svg"><svg xmlns="http://www.w3.org/2000/svg" version="1.1" height="240" width="608" viewBox="0 0 608 240" class="diagram" text-anchor="middle" font-family="monospace" font-size="13px" stroke-linecap="round">
                  <path d="M 8,64 L 8,128" fill="none" stroke="black"/>
                  <path d="M 56,136 L 56,192" fill="none" stroke="black"/>
                  <path d="M 112,64 L 112,128" fill="none" stroke="black"/>
                  <path d="M 264,64 L 264,128" fill="none" stroke="black"/>
                  <path d="M 344,64 L 344,128" fill="none" stroke="black"/>
                  <path d="M 496,64 L 496,128" fill="none" stroke="black"/>
                  <path d="M 552,136 L 552,192" fill="none" stroke="black"/>
                  <path d="M 600,64 L 600,128" fill="none" stroke="black"/>
                  <path d="M 8,64 L 112,64" fill="none" stroke="black"/>
                  <path d="M 264,64 L 344,64" fill="none" stroke="black"/>
                  <path d="M 496,64 L 600,64" fill="none" stroke="black"/>
                  <path d="M 120,80 L 256,80" fill="none" stroke="black"/>
                  <path d="M 352,80 L 488,80" fill="none" stroke="black"/>
                  <path d="M 8,128 L 112,128" fill="none" stroke="black"/>
                  <path d="M 264,128 L 344,128" fill="none" stroke="black"/>
                  <path d="M 496,128 L 600,128" fill="none" stroke="black"/>
                  <path d="M 56,190 L 552,190" fill="none" stroke="black"/>
                  <path d="M 56,194 L 552,194" fill="none" stroke="black"/>
                  <polygon class="arrowhead" points="560,136 548,130.4 548,141.6" fill="black" transform="rotate(270,552,136)"/>
                  <polygon class="arrowhead" points="496,80 484,74.4 484,85.6" fill="black" transform="rotate(0,488,80)"/>
                  <polygon class="arrowhead" points="360,80 348,74.4 348,85.6" fill="black" transform="rotate(180,352,80)"/>
                  <polygon class="arrowhead" points="264,80 252,74.4 252,85.6" fill="black" transform="rotate(0,256,80)"/>
                  <polygon class="arrowhead" points="128,80 116,74.4 116,85.6" fill="black" transform="rotate(180,120,80)"/>
                  <polygon class="arrowhead" points="64,136 52,130.4 52,141.6" fill="black" transform="rotate(270,56,136)"/>
                  <g class="text">
                    <text x="192" y="36">Transport-layer</text>
                    <text x="424" y="36">Transport-layer</text>
                    <text x="188" y="52">authentication</text>
                    <text x="420" y="52">authentication</text>
                    <text x="164" y="68">(e.g.,</text>
                    <text x="212" y="68">TLS)</text>
                    <text x="396" y="68">(e.g.,</text>
                    <text x="444" y="68">TLS)</text>
                    <text x="52" y="100">Workload</text>
                    <text x="96" y="100">A</text>
                    <text x="304" y="100">Proxy</text>
                    <text x="540" y="100">Workload</text>
                    <text x="584" y="100">B</text>
                    <text x="304" y="116">Gateway</text>
                    <text x="192" y="180">Application-layer</text>
                    <text x="324" y="180">authentication</text>
                    <text x="400" y="180">and</text>
                    <text x="448" y="180">context</text>
                    <text x="180" y="212">(e.g.,</text>
                    <text x="224" y="212">WIT</text>
                    <text x="260" y="212">with</text>
                    <text x="304" y="212">proof</text>
                    <text x="340" y="212">of</text>
                    <text x="400" y="212">possession)</text>
                  </g>
                </svg>
              </artwork>
              <artwork type="ascii-art"><![CDATA[
                 Transport-layer              Transport-layer
                 authentication               authentication
 +------------+   (e.g., TLS)    +---------+   (e.g., TLS)    +------------+
 |            |<---------------->|         |<---------------->|            |
 | Workload A |                  |  Proxy  |                  | Workload B |
 |            |                  | Gateway |                  |            |
 +-----+------+                  +---------+                  +------+-----+
       ^                                                             ^
       |                                                             |
       |        Application-layer authentication and context         |
       +=============================================================+
                    (e.g., WIT with proof of possession)
]]></artwork>
            </artset>
          </figure>
          <t>For example, Workload A may establish a mutually authenticated TLS connection to a gateway using a workload identity certificate. The gateway validates that Workload A is permitted to use the gateway and then forwards the request toward Workload B. Because the TLS connection from Workload A is terminated at the gateway, Workload B cannot rely solely on that transport-layer authentication to identify Workload A. Workload A can therefore include an application-layer credential, such as a WIT, allowing Workload B to authenticate the workload identity of the caller at the application layer.</t>
          <t>The workload identifiers used at different layers do not necessarily need to be identical. The transport-layer credential might identify a workload instance, node-local proxy, sidecar, or gateway, while the application-layer credential might identify the logical workload or service on whose behalf the request is made. Deployments need to define this relationship in policy, including when identifiers are expected to match, when one authenticated entity is allowed to act on behalf of another, and when the identities represent different roles in the request path. If intermediaries are allowed to inspect, replace, or augment workload identity or security context information, that behavior needs to be explicit and auditable.</t>
          <t>Layered authentication can improve security by allowing infrastructure components to authenticate and authorize use of the network path while allowing destination workloads to authenticate and authorize the application-layer caller. However, it can also introduce ambiguity if the identities are interpreted incorrectly. In particular, a destination workload <bcp14>MUST NOT</bcp14> assume that a transport-layer identity authenticated by an intermediary is the same as the application-layer caller identity unless that relationship is explicitly established by protocol or deployment policy.</t>
          <t>Audit records for layered authentication <bcp14>SHOULD</bcp14> record both the transport-layer identity and the application-layer identity when both are available and relevant. This allows operators to distinguish the workload or infrastructure component that established the secure channel from the workload or service identity used for application-layer authorization.</t>
        </section>
        <section anchor="authorization">
          <name>Service Authorization</name>
          <t>Once authentication has successfully established the identity of a peer, authorization mechanisms determine whether the authenticated identity is permitted to perform the requested action on the target workload or service. The authenticated identity may represent a logical service, a workload, or a specific workload instance, and authorization policy needs to be written with this distinction in mind.</t>
          <t>Authorization specified by WIMSE is context-aware. It relies on attributes carried in the security context, which may originate from upstream systems such as gateways or identity proxies. This context may be derived from end-user attributes, trust domain policies, or deployment-specific metadata (e.g., environment, service role, workload instance).</t>
          <t>Authorization decisions typically include:</t>
          <ul spacing="normal">
            <li>
              <t>Validating the integrity and provenance of the security context.</t>
            </li>
            <li>
              <t>Ensuring the authenticated identity has the correct role and attributes to access the requested API or resource.</t>
            </li>
            <li>
              <t>Applying fine-grained policy rules, which may include path, method, action type, and contextual constraints (e.g., geographic location, time of day).</t>
            </li>
          </ul>
          <t>Authorization checks may also incorporate delegation and impersonation semantics, as described in <xref target="delegation"/>, where upstream workloads are authorized to act on behalf of end-users or other services, within the scope of their issued credentials and policy.</t>
          <t>A key architectural consideration is where authorization is evaluated. For most workload-to-workload or service-to-service interactions (e.g., REST APIs, gRPC, or pub/sub flows), authorization is performed by the callee, ensuring that the target workload or service enforces its own access policies. But in some scenarios, such as database access or operations on complex back-end systems, authorization decisions may be too fine-grained or application-specific to be enforced by the subject of the operation. In these cases, authorization <bcp14>MAY</bcp14> be performed by the caller, provided that the caller has sufficient context and policy information to make a correct decision.</t>
        </section>
        <section anchor="audit-trails">
          <name>Audit Trails</name>
          <t>Auditability is a critical requirement in systems that rely on workload identities and security context. Each authenticated request <bcp14>MUST</bcp14> leave a verifiable and inspectable trace regardless of authentication and authorization decision.</t>
          <t>Audit trails are typically generated at multiple points:</t>
          <ul spacing="normal">
            <li>
              <t>Gateway Services: Log incoming client requests, their authenticated identities and relevant context.</t>
            </li>
            <li>
              <t>Workloads: Log authenticated peer identities, security context attributes, requested resources, and authorization outcomes.</t>
            </li>
            <li>
              <t>Identity and Token Services: Log issuance and validation events for workload identity credentials and context tokens.</t>
            </li>
          </ul>
          <t>Audit records may include:</t>
          <ul spacing="normal">
            <li>
              <t>Timestamp of the request</t>
            </li>
            <li>
              <t>Source workload identifier</t>
            </li>
            <li>
              <t>Target workload identifier</t>
            </li>
            <li>
              <t>Authentication method used</t>
            </li>
            <li>
              <t>Decision outcome (authorized/denied)</t>
            </li>
            <li>
              <t>Security context claims</t>
            </li>
            <li>
              <t>Delegation/impersonation metadata (if present)</t>
            </li>
          </ul>
          <t>To avoid inadvertent disclosure of sensitive information, workloads and services generating audit logs <bcp14>MUST NOT</bcp14> log secrets such as bearer tokens, private keys, or passwords. If logging of credential-related data is necessary for diagnostic or policy purposes, these values <bcp14>MUST</bcp14> be redacted, hashed, or otherwise sanitised to prevent misuse.</t>
          <t>WIMSE systems <bcp14>SHOULD</bcp14> ensure audit logs are tamper-evident and securely stored. Logs may be forwarded to centralized security information and event management (SIEM) systems to enable compliance, threat detection, and incident response.</t>
        </section>
        <section anchor="seccontext">
          <name>Security Context Establishment and Propagation</name>
          <t>In a typical system of workloads additional information is needed in order for the workload to perform its function. For example, it is common for a workload to require information about a user or other entity that originated the request. Other types of information may include information about the hardware or software that the workload is running or information about what processing and validation has already been done to the request. This type of information is part of the security context that the workload uses during authorization, accounting and auditing. This context is propagated and possibly augmented from workload to workload using tokens. The context may be associated with a specific source or target workload by binding it to a specific workload identifier. This may indicate that the context originated from a specific workload, or that only a specific workload may make use of the context. A workload may also use a workload identity credential to bind a context to one or more transaction so the receiver can verify which workload initiated the transaction and the context that was intended for the transaction.</t>
        </section>
        <section anchor="delegation">
          <name>Delegation and Impersonation</name>
          <t>Workloads may need to impersonate or act on behalf of another principal in the system. In these scenarios, the workload typically authenticates using its workload identity to a token service, as described in <xref target="OAUTH-TOKEN-XCHANGE"/>. The token service then issues a token that can be used for delegation and impersonation. In many cases, this will not be an identity credential, but rather an authorization or context credential that delegates authority or permits impersonation for specific actions. This token may be bound to a workload identity as described in <xref target="binding"/>.</t>
        </section>
        <section anchor="accessing-resources-in-other-trust-domains">
          <name>Accessing Resources in Other Trust Domains</name>
          <t>When source workloads send authenticated requests to destination workloads or services, those destination workloads may rely on upstream dependencies to fulfill such requests. Such access patterns are increasingly common in a microservices architecture. While X.509 certificates can be used for point-to-point authentication, services that rely on upstream workloads for answers may use delegation and/or impersonation semantics as described in <xref target="OAUTH-TOKEN-XCHANGE"/>.</t>
          <t>WIMSE credentials constrain the subjects and actors identified in delegation and impersonation tokens to be bound by a trust domain, and to follow their issuing authorities' trust configurations. Upstream workloads should consider the security context of delegation and/or impersonation tokens within and across trust domains, when arriving at authorization decisions.</t>
        </section>
        <section anchor="asynchronous-and-batch-requests">
          <name>Asynchronous and Batch Requests</name>
          <t>Source workloads may send authenticated asynchronous and batch requests to destination workloads or services. A destination workload may need to fulfill such requests with requests to authorized upstream protected resources and workloads after the source workload credentials have expired. Credentials identifying the original source workload or service as subject may need to be obtained from the credential issuing authority with appropriately down-scoped context needed to access upstream workloads. These credentials should identify the workload performing the asynchronous computation as the actor in the actor chain, but may also identify other principals that the action is taken on behalf of. To mitigate risks associated with long-duration credentials, these credentials should be bound to the Workload Identity Credential, such as a workload identity certificate or Workload Identity Token (WIT), of the acting workload or service.</t>
        </section>
        <section anchor="cross-boundary-workload-identity">
          <name>Cross-boundary Workload Identity</name>
          <t>As workloads often need to communicate across trust boundaries, extra care needs to be taken when it comes to identity communication to ensure scalability and privacy. (TODO: align with OAuth cross domain identity and authorization)</t>
          <section anchor="egress-identity-generalization">
            <name>Egress Identity Generalization</name>
            <t>A workload communicating with a service or another workload located outside the trust boundary may need to provide modified identity information. The detailed identity of an internal workload instance, or of the internal workload that originated the communication, is often relevant inside the trust boundary but could be excessive for the outside world and expose potentially sensitive internal topology information.</t>
            <t>For example, in a microservices architecture, an internal service may use workload-specific identities that include fine-grained details such as instance names or deployment-specific attributes. When interacting with external systems, exposing such details may inadvertently provide attackers with insights into the internal deployment structure, scaling strategies, security policies, technologies in use, or failover mechanisms, potentially giving them a tactical advantage. In such cases, an identity proxy at the trust boundary can generalize the Workload Identity by replacing the specific microservice instance name with the name of the overall service. This allows external parties to recognize the service while abstracting internal deployment details.</t>
            <t>A security gateway implementing Identity Proxy functionality at the edge of a trust boundary can validate identity information of the workload, perform context-specific authorization of the transaction, and replace workload-specific identity with a generalized one for a given trust domain. This approach ensures that external communications adhere to security and privacy requirements while maintaining interoperability across trust boundaries.</t>
          </section>
          <section anchor="inbound-gateway-identity-validation">
            <name>Inbound Gateway Identity Validation</name>
            <t>Inbound security gateway is a common design pattern for service protection. This functionality is often found in CDN services, API gateways, load balancers, Web Application Firewalls (WAFs) and other security solutions. Workload identity verification of inbound requests should be performed as a part of these security services. After validation of workload identity, the gateway may either leave it unmodified or replace it with its own identity to be validated by the destination.</t>
          </section>
        </section>
        <section anchor="ai-and-ml-based-intermediaries">
          <name>AI and ML-Based Intermediaries</name>
          <t>Emerging agentic AI systems and other ML-based intermediaries introduce new considerations for workload identity and security context propagation. These systems often act as autonomous agents that perform tasks on behalf of an upstream principal (such as a user or service) and then invoke downstream workloads as part of multi-step workflows.</t>
          <t>From WIMSE perspective, AI intermediaries are a special case of delegated workloads (see <xref target="delegation"/>). They inherit the upstream principal's security context and are expected to operate strictly within the constraints of that delegation. When invoking downstream workloads, the agent <bcp14>SHOULD</bcp14> propagate the upstream security context, unless it has been explicitly authorized to translate or reduce its scope.</t>
          <t>In some cases, AI systems may generate requests that are not attributable to a specific upstream principal. Such autonomous actions <bcp14>MUST</bcp14> be clearly distinguished from delegated ones, for example by using separate workload identities or token scopes. Because AI intermediaries may chain requests across multiple services, there is an elevated risk of privilege escalation if security context is propagated beyond the intended trust domain. Mechanisms such as cryptographic binding of delegation tokens or attestation of intermediary behavior can help mitigate these risks.</t>
          <t>A further consideration arises when AI agents interact with other AI agents. In these cases, each agent may act both as a delegated workload and as a delegator, creating multi-hop delegation chains. To avoid ambiguity, each hop in the chain <bcp14>MUST</bcp14> explicitly scope and re-bind the security context so that downstream services can reliably evaluate provenance and authorization boundaries. Without such controls, there is a risk that a chain of AI-to-AI interactions could unintentionally extend authority far beyond what was originally granted.</t>
          <figure anchor="arch-ai">
            <name>AI agent communication</name>
            <artset>
              <artwork type="svg"><svg xmlns="http://www.w3.org/2000/svg" version="1.1" height="176" width="648" viewBox="0 0 648 176" class="diagram" text-anchor="middle" font-family="monospace" font-size="13px" stroke-linecap="round">
                  <path d="M 8,32 L 8,80" fill="none" stroke="black"/>
                  <path d="M 48,88 L 48,144" fill="none" stroke="black"/>
                  <path d="M 88,32 L 88,80" fill="none" stroke="black"/>
                  <path d="M 160,32 L 160,80" fill="none" stroke="black"/>
                  <path d="M 216,88 L 216,144" fill="none" stroke="black"/>
                  <path d="M 272,32 L 272,80" fill="none" stroke="black"/>
                  <path d="M 344,32 L 344,80" fill="none" stroke="black"/>
                  <path d="M 400,88 L 400,144" fill="none" stroke="black"/>
                  <path d="M 456,32 L 456,80" fill="none" stroke="black"/>
                  <path d="M 528,32 L 528,80" fill="none" stroke="black"/>
                  <path d="M 584,88 L 584,144" fill="none" stroke="black"/>
                  <path d="M 640,32 L 640,80" fill="none" stroke="black"/>
                  <path d="M 8,32 L 88,32" fill="none" stroke="black"/>
                  <path d="M 160,32 L 272,32" fill="none" stroke="black"/>
                  <path d="M 344,32 L 456,32" fill="none" stroke="black"/>
                  <path d="M 528,32 L 640,32" fill="none" stroke="black"/>
                  <path d="M 88,48 L 152,48" fill="none" stroke="black"/>
                  <path d="M 272,48 L 336,48" fill="none" stroke="black"/>
                  <path d="M 456,48 L 520,48" fill="none" stroke="black"/>
                  <path d="M 8,80 L 88,80" fill="none" stroke="black"/>
                  <path d="M 160,80 L 272,80" fill="none" stroke="black"/>
                  <path d="M 344,80 L 456,80" fill="none" stroke="black"/>
                  <path d="M 528,80 L 640,80" fill="none" stroke="black"/>
                  <path d="M 48,144 L 576,144" fill="none" stroke="black"/>
                  <polygon class="arrowhead" points="584,144 572,138.4 572,149.6" fill="black" transform="rotate(0,576,144)"/>
                  <polygon class="arrowhead" points="528,48 516,42.4 516,53.6" fill="black" transform="rotate(0,520,48)"/>
                  <polygon class="arrowhead" points="400,144 388,138.4 388,149.6" fill="black" transform="rotate(0,392,144)"/>
                  <polygon class="arrowhead" points="344,48 332,42.4 332,53.6" fill="black" transform="rotate(0,336,48)"/>
                  <polygon class="arrowhead" points="216,144 204,138.4 204,149.6" fill="black" transform="rotate(0,208,144)"/>
                  <polygon class="arrowhead" points="160,48 148,42.4 148,53.6" fill="black" transform="rotate(0,152,48)"/>
                  <g class="text">
                    <text x="44" y="52">User</text>
                    <text x="72" y="52">/</text>
                    <text x="188" y="52">AI</text>
                    <text x="224" y="52">Agent</text>
                    <text x="372" y="52">AI</text>
                    <text x="408" y="52">Agent</text>
                    <text x="580" y="52">Workload</text>
                    <text x="48" y="68">Service</text>
                    <text x="204" y="68">(Agent</text>
                    <text x="244" y="68">A)</text>
                    <text x="388" y="68">(Agent</text>
                    <text x="428" y="68">B)</text>
                    <text x="588" y="68">Downstream</text>
                    <text x="120" y="116">Initial</text>
                    <text x="272" y="116">Delegated</text>
                    <text x="320" y="116">/</text>
                    <text x="356" y="116">Scoped</text>
                    <text x="456" y="116">Delegated</text>
                    <text x="504" y="116">/</text>
                    <text x="540" y="116">Scoped</text>
                    <text x="92" y="132">Security</text>
                    <text x="160" y="132">Context</text>
                    <text x="276" y="132">Security</text>
                    <text x="344" y="132">context</text>
                    <text x="460" y="132">Security</text>
                    <text x="528" y="132">context</text>
                  </g>
                </svg>
              </artwork>
              <artwork type="ascii-art"><![CDATA[
   +---------+        +-------------+        +-------------+        +-------------+
   |  User / +------->|  AI Agent   +------->|  AI Agent   +------->|  Workload   |
   | Service |        |  (Agent A)  |        |  (Agent B)  |        |  Downstream |
   +---------+        +-------------+        +-------------+        +-------------+
        |                    |                      |                      |
        |     Initial        |  Delegated / Scoped  |  Delegated / Scoped  |
        | Security Context   |   Security context   |   Security context   |
        +------------------->+--------------------->+--------------------->|
]]></artwork>
            </artset>
          </figure>
        </section>
      </section>
    </section>
    <section anchor="security-considerations">
      <name>Security Considerations</name>
      <section anchor="traffic-interception">
        <name>Traffic Interception</name>
        <t>Workloads communicating with applications may face different threats to traffic interception in different deployments. In many deployments security controls are deployed for internal communications at lower layers to reduce the risk of traffic observation and modification for network communications. When a security layer, such as TLS, is deployed in these environments. TLS may be terminated in various places, including the workload itself, and in various middleware devices, such as load balancers, gateways, proxies, and firewalls. Therefore, protection is provided only between each adjacent pair of TLS endpoints. There are no guarantees of confidentiality, integrity and correct identity passthrough in those middleware devices and services.</t>
      </section>
      <section anchor="information-disclosure">
        <name>Information Disclosure</name>
        <t>Observation and interception of network traffic is not the only means of disclosure in these systems. Other vectors of information leakage is through disclosure in log files and other observability and troubleshooting mechanisms. For example, an application may log the contents of HTTP headers containing JWT bearer tokens, user names, email addresses and other sensitive information. The information in these logs may be made available to other systems with less stringent access controls, which may result in this information falling into an attackers hands. This creates privacy risks and potential surface for reconnaissance attacks.</t>
      </section>
      <section anchor="binding">
        <name>Workload Identity Binding to Tokens</name>
        <t><xref target="seccontext"/> describes that one or more workload identities may be incorporated into a security context token to constrain the use of that token.  This workload identity binding may restrict which workloads can present the token or which workloads may consume the token. Workload identity binding can also be used with types of tokens other than security context tokens. Workload identity binding reduces the impact of a stolen token or compromised workload.</t>
      </section>
      <section anchor="credential-theft">
        <name>Credential Theft</name>
        <t>When the information disclosed to an attacker is a credential, the attacker may be able to use that credential to escalate their privilege, attack another system via lateral movement within the organization or to impersonate a workload.  Bearer credentials are particularly vulnerable to disclosure since they are communicated between systems and may be revealed in communication channels or application logs. Credentials bound to a cryptographic key are typically less vulnerable because the key is not disclosed in the authentication process. However, care must still be taken to prevent disclosure during key management operations.</t>
        <t>Private keys associated with workload identity credentials require appropriate lifecycle management. Deployments should protect these keys using platform mechanisms appropriate to the environment, limit the lifetime of credentials associated with the keys, rotate or replace key pairs periodically, and revoke or stop accepting credentials associated with keys that are suspected to be compromised. Long-running workload instances need a renewal mechanism that allows credentials and keys to be replaced without relying on long-lived static secrets.</t>
      </section>
      <section anchor="authentication-and-authorization">
        <name>Authentication and Authorization</name>
        <t>Authentication of a workload establishes that the presenter controls the key material associated with the credential and that the credential was issued under the authority of a trusted issuer. This is not sufficient, by itself, to determine whether the workload is permitted to access a resource or perform a requested action.</t>
        <t>Access control requires a separate authorization decision. That decision needs to take into account the authenticated workload identity, the requested resource or operation, the applicable policy, and any relevant security context. The fact that a workload has a valid credential does not imply that it is authorized for all resources in the trust domain.</t>
        <t>Issuers, relying parties, gateways, and workloads need to avoid treating successful authentication as implicit authorization.</t>
      </section>
      <section anchor="workload-compromise">
        <name>Workload Compromise</name>
        <t>Even the most well-designed and implemented workloads may contain security flaws that allow an attacker to gain limited or full compromise. For example, a server side request forgery may result in the ability for an attacker to force the workload to make requests of other parts of a system even though the rest of the workload functionality may be unaffected. An attacker with this advantage may be able to utilize privileges of the compromised workload to attack other parts of the system. Therefore it is important that communicating workloads apply the principle of least privilege through security controls such as authorization.</t>
      </section>
    </section>
    <section anchor="iana-considerations">
      <name>IANA Considerations</name>
      <t>This document has no IANA actions.</t>
    </section>
  </middle>
  <back>
    <references anchor="sec-combined-references">
      <name>References</name>
      <references anchor="sec-normative-references">
        <name>Normative References</name>
        <reference anchor="RFC2119">
          <front>
            <title>Key words for use in RFCs to Indicate Requirement Levels</title>
            <author fullname="S. Bradner" initials="S." surname="Bradner"/>
            <date month="March" year="1997"/>
            <abstract>
              <t>In many standards track documents several words are used to signify the requirements in the specification. These words are often capitalized. This document defines these words as they should be interpreted in IETF documents. This document specifies an Internet Best Current Practices for the Internet Community, and requests discussion and suggestions for improvements.</t>
            </abstract>
          </front>
          <seriesInfo name="BCP" value="14"/>
          <seriesInfo name="RFC" value="2119"/>
          <seriesInfo name="DOI" value="10.17487/RFC2119"/>
        </reference>
        <reference anchor="RFC8174">
          <front>
            <title>Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words</title>
            <author fullname="B. Leiba" initials="B." surname="Leiba"/>
            <date month="May" year="2017"/>
            <abstract>
              <t>RFC 2119 specifies common key words that may be used in protocol specifications. This document aims to reduce the ambiguity by clarifying that only UPPERCASE usage of the key words have the defined special meanings.</t>
            </abstract>
          </front>
          <seriesInfo name="BCP" value="14"/>
          <seriesInfo name="RFC" value="8174"/>
          <seriesInfo name="DOI" value="10.17487/RFC8174"/>
        </reference>
        <reference anchor="RFC9334">
          <front>
            <title>Remote ATtestation procedureS (RATS) Architecture</title>
            <author fullname="H. Birkholz" initials="H." surname="Birkholz"/>
            <author fullname="D. Thaler" initials="D." surname="Thaler"/>
            <author fullname="M. Richardson" initials="M." surname="Richardson"/>
            <author fullname="N. Smith" initials="N." surname="Smith"/>
            <author fullname="W. Pan" initials="W." surname="Pan"/>
            <date month="January" year="2023"/>
            <abstract>
              <t>In network protocol exchanges, it is often useful for one end of a communication to know whether the other end is in an intended operating state. This document provides an architectural overview of the entities involved that make such tests possible through the process of generating, conveying, and evaluating evidentiary Claims. It provides a model that is neutral toward processor architectures, the content of Claims, and protocols.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="9334"/>
          <seriesInfo name="DOI" value="10.17487/RFC9334"/>
        </reference>
        <reference anchor="WIMSE-ID">
          <front>
            <title>Workload Identifier</title>
            <author fullname="Yaroslav Rosomakho" initials="Y." surname="Rosomakho">
              <organization>Zscaler</organization>
            </author>
            <author fullname="Joseph A. Salowey" initials="J. A." surname="Salowey">
              <organization>Palo Alto Networks</organization>
            </author>
            <date day="6" month="July" year="2026"/>
            <abstract>
              <t>   This document defines a canonical identifier for workloads, referred
   to as the Workload Identifier.  A Workload Identifier is a URI that
   uniquely identifies a workload within the context of a specific trust
   domain.  This identifier can be embedded in Workload Identity
   Credentials, including X.509 certificates and JWT-based tokens, to
   support authentication, authorization, and policy enforcement across
   diverse systems.  The Workload Identifier format ensures
   interoperability, facilitates secure identity federation, and enables
   consistent identity semantics.

              </t>
            </abstract>
          </front>
          <seriesInfo name="Internet-Draft" value="draft-ietf-wimse-identifier-03"/>
        </reference>
        <reference anchor="RFC7517">
          <front>
            <title>JSON Web Key (JWK)</title>
            <author fullname="M. Jones" initials="M." surname="Jones"/>
            <date month="May" year="2015"/>
            <abstract>
              <t>A JSON Web Key (JWK) is a JavaScript Object Notation (JSON) data structure that represents a cryptographic key. This specification also defines a JWK Set JSON data structure that represents a set of JWKs. Cryptographic algorithms and identifiers for use with this specification are described in the separate JSON Web Algorithms (JWA) specification and IANA registries established by that specification.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="7517"/>
          <seriesInfo name="DOI" value="10.17487/RFC7517"/>
        </reference>
      </references>
      <references anchor="sec-informative-references">
        <name>Informative References</name>
        <reference anchor="SPIFFE" target="https://github.com/spiffe/spiffe/blob/main/standards/SPIFFE.md">
          <front>
            <title>Secure Production Identity Framework for Everyone (SPIFFE)</title>
            <author>
              <organization/>
            </author>
            <date year="2023" month="May"/>
          </front>
        </reference>
        <reference anchor="SPIFFE-ID" target="https://github.com/spiffe/spiffe/blob/main/standards/SPIFFE-ID.md">
          <front>
            <title>The SPIFFE Identity and Verifiable Identity Document</title>
            <author>
              <organization/>
            </author>
            <date year="2025" month="May"/>
          </front>
        </reference>
        <reference anchor="SPIRE" target="https://spiffe.io/docs/latest/spire-about/spire-concepts/">
          <front>
            <title>SPIRE Concepts</title>
            <author>
              <organization/>
            </author>
            <date>n.d.</date>
          </front>
        </reference>
        <reference anchor="I-D.ietf-oauth-transaction-tokens">
          <front>
            <title>Transaction Tokens</title>
            <author fullname="Atul Tulshibagwale" initials="A." surname="Tulshibagwale">
              <organization>CrowdStrike</organization>
            </author>
            <author fullname="George Fletcher" initials="G." surname="Fletcher">
              <organization>Practical Identity LLC</organization>
            </author>
            <author fullname="Pieter Kasselman" initials="P." surname="Kasselman">
              <organization>Defakto Security</organization>
            </author>
            <date day="6" month="July" year="2026"/>
            <abstract>
              <t>   Transaction Tokens (Txn-Tokens) are designed to maintain and
   propagate user identity, workload identity and authorization context
   throughout the Call Chain within a trusted domain during the
   processing of external requests (e.g. such as API calls) or requests
   initiated internally within the Trust Domain.  Txn-Tokens ensure that
   this context is preserved throughout the Call Chain thereby enhancing
   security and consistency in complex, multi-service architectures.

              </t>
            </abstract>
          </front>
          <seriesInfo name="Internet-Draft" value="draft-ietf-oauth-transaction-tokens-09"/>
        </reference>
        <reference anchor="RFC9683">
          <front>
            <title>Remote Integrity Verification of Network Devices Containing Trusted Platform Modules</title>
            <author fullname="G. C. Fedorkow" initials="G. C." role="editor" surname="Fedorkow"/>
            <author fullname="E. Voit" initials="E." surname="Voit"/>
            <author fullname="J. Fitzgerald-McKay" initials="J." surname="Fitzgerald-McKay"/>
            <date month="December" year="2024"/>
            <abstract>
              <t>This document describes a workflow for remote attestation of the integrity of firmware and software installed on network devices that contain Trusted Platform Modules (TPMs), as defined by the Trusted Computing Group (TCG), or equivalent hardware implementations that include the protected capabilities, as provided by TPMs.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="9683"/>
          <seriesInfo name="DOI" value="10.17487/RFC9683"/>
        </reference>
        <reference anchor="I-D.ietf-wimse-s2s-protocol">
          <front>
            <title>WIMSE Workload-to-Workload Authentication</title>
            <author fullname="Brian Campbell" initials="B." surname="Campbell">
              <organization>Ping Identity</organization>
            </author>
            <author fullname="Joseph A. Salowey" initials="J. A." surname="Salowey">
              <organization>CyberArk</organization>
            </author>
            <author fullname="Arndt Schwenkschuster" initials="A." surname="Schwenkschuster">
              <organization>SPIRL</organization>
            </author>
            <author fullname="Yaron Sheffer" initials="Y." surname="Sheffer">
              <organization>Intuit</organization>
            </author>
            <date day="16" month="October" year="2025"/>
            <abstract>
              <t>   The WIMSE architecture defines authentication and authorization for
   software workloads in a variety of runtime environments, from the
   most basic ones up to complex multi-service, multi-cloud, multi-
   tenant deployments.  This document defines the simplest, atomic unit
   of this architecture: the protocol between two workloads that need to
   verify each other's identity in order to communicate securely.  The
   scope of this protocol is a single HTTP request-and-response pair.
   To address the needs of different setups, we propose two protocols,
   one at the application level and one that makes use of trusted TLS
   transport.  These two protocols are compatible, in the sense that a
   single call chain can have some calls use one protocol and some use
   the other.  Workload A can call Workload B with mutual TLS
   authentication, while the next call from Workload B to Workload C
   would be authenticated at the application level.

              </t>
            </abstract>
          </front>
          <seriesInfo name="Internet-Draft" value="draft-ietf-wimse-s2s-protocol-07"/>
        </reference>
        <reference anchor="I-D.draft-ietf-oauth-identity-chaining">
          <front>
            <title>OAuth Identity and Authorization Chaining Across Domains</title>
            <author fullname="Arndt Schwenkschuster" initials="A." surname="Schwenkschuster">
              <organization>Defakto Security</organization>
            </author>
            <author fullname="Pieter Kasselman" initials="P." surname="Kasselman">
              <organization>Defakto Security</organization>
            </author>
            <author fullname="Kelley Burgin" initials="K." surname="Burgin">
              <organization>MITRE</organization>
            </author>
            <author fullname="Michael J. Jenkins" initials="M. J." surname="Jenkins">
              <organization>NSA-CCSS</organization>
            </author>
            <author fullname="Brian Campbell" initials="B." surname="Campbell">
              <organization>Ping Identity</organization>
            </author>
            <author fullname="Aaron Parecki" initials="A." surname="Parecki">
              <organization>Okta</organization>
            </author>
            <date day="26" month="June" year="2026"/>
            <abstract>
              <t>   This specification describes a mechanism for preserving identity and
   authorization information across trust domains that use the OAuth 2.0
   Framework.  A JSON Web Token (JWT) authorization grant, obtained
   through an intra-domain OAuth 2.0 Token Exchange, facilitates the
   cross-domain acquisition of an access token.  The relevant identity
   and authorization information is chained throughout the flow by being
   conveyed in the respective artifacts exchanged at each step of the
   process.  Chaining across multiple domains is achieved by using the
   same protocol every time a trust domain boundary is crossed.

              </t>
            </abstract>
          </front>
          <seriesInfo name="Internet-Draft" value="draft-ietf-oauth-identity-chaining-16"/>
        </reference>
        <reference anchor="I-D.ietf-wimse-workload-identity-practices">
          <front>
            <title>Workload Identity Practices</title>
            <author fullname="Arndt Schwenkschuster" initials="A." surname="Schwenkschuster">
              <organization>SPIRL</organization>
            </author>
            <author fullname="Yaroslav Rosomakho" initials="Y." surname="Rosomakho">
              <organization>Zscaler</organization>
            </author>
            <date day="30" month="June" year="2026"/>
            <abstract>
              <t>   This document describes industry practices for providing secure
   identities to workloads in container orchestration, cloud platforms,
   and other workload platforms.  It explains how workloads obtain
   credentials for external authentication purposes, without managing
   long-lived secrets directly.  It does not take into account the
   standards work in progress for the WIMSE architecture and associated
   protocols.

              </t>
            </abstract>
          </front>
          <seriesInfo name="Internet-Draft" value="draft-ietf-wimse-workload-identity-practices-05"/>
        </reference>
        <reference anchor="OAUTH-TOKEN-XCHANGE">
          <front>
            <title>OAuth 2.0 Token Exchange</title>
            <author fullname="M. Jones" initials="M." surname="Jones"/>
            <author fullname="A. Nadalin" initials="A." surname="Nadalin"/>
            <author fullname="B. Campbell" initials="B." role="editor" surname="Campbell"/>
            <author fullname="J. Bradley" initials="J." surname="Bradley"/>
            <author fullname="C. Mortimore" initials="C." surname="Mortimore"/>
            <date month="January" year="2020"/>
            <abstract>
              <t>This specification defines a protocol for an HTTP- and JSON-based Security Token Service (STS) by defining how to request and obtain security tokens from OAuth 2.0 authorization servers, including security tokens employing impersonation and delegation.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="8693"/>
          <seriesInfo name="DOI" value="10.17487/RFC8693"/>
        </reference>
      </references>
    </references>
    <?line 699?>

<section numbered="false" anchor="acknowledgments">
      <name>Acknowledgments</name>
      <t>Todo: Add your name here.</t>
    </section>
    <section numbered="false" anchor="changes-since-draft-05">
      <name>Changes since draft -05</name>
      <ul spacing="normal">
        <li>
          <t>Update to gateway service definition and diagram</t>
        </li>
        <li>
          <t>alignment of cross-domain scenario with OAUTH cross-domain chaining</t>
        </li>
        <li>
          <t>rework of authentication section</t>
        </li>
        <li>
          <t>added audit section</t>
        </li>
        <li>
          <t>added AI use case</t>
        </li>
      </ul>
    </section>
    <section numbered="false" anchor="changes-since-draft-06">
      <name>Changes since draft -06</name>
      <ul spacing="normal">
        <li>
          <t>Separated Workload from Workload Instance</t>
        </li>
        <li>
          <t>Moved workload identifier definition to a separate draft</t>
        </li>
        <li>
          <t>Update credential provisioning section</t>
        </li>
        <li>
          <t>Add <xref target="arch-basic-ops"/>: message flow and PEP/PDP drill-down of the basic scenario, before use cases</t>
        </li>
      </ul>
    </section>
  </back>
  <!-- ##markdown-source:
H4sIAAAAAAAAA+V925bbxpXoO78CR35It0VSlmTHiSZ2pnWx1R7J0qhb1uTM
mswCSZCNCAQYAOwWR1K+Zb7lfNnZ16pdhSK7ZTszc9bplRWLJFCXXbv2/TKZ
TEZ92VfFg+zWm6Z9WzX5IjtdFDV8ucvKOsuz59uqL7OzXdcX6+xJfVm2Tb2G
B7KjN6fPz54cZyft/KLsi3m/bYtbo3w2a4tLHA5/jX5cNPM6X8NkizZf9pOy
6JeTq3LdFZMcnpt88bvRPO+LVdPuHsDky2bUbWfrsuvKpj7fbeC90yfn341G
5aZ9kPXttuvvffHF77+4N8rbIocpTzabqoQR4PEuy+tF9qrIq8l5uYapr2B3
q7bZbvbtdN8+u1ujt8UOXl/A9HVftHXRTx7j+kejrodZ/j2vmhrWtiu6UbfO
2/7f/7pt+qJ7kNXNaFM+yP61b+bjrGvavi2WHfxrt8Z//NtolG/7i6Z9MMom
owz+yhpe+mGancGIV8WOvmN4/dB0xeYi+KFpV3ld/gft9kH2En7JTqq+yX4s
etxrRw8V67ysHmR/aYp/7PjdKSw/mO9P0+xV0zXr/O1FY2b8U942XZVfRj+G
s/7vbp5XRWun2sl78P//uMKvpvNmHUz4dJqdd/OLZlnU5crM+DSv66KLfwsn
fF2Xl0Xb4ZE1y6y/KLKH23pRdFfFRQsnWJfzC3pLsRCef3iVPZ/Sl3N47QHA
ZzsrZ0XLw7fFigZ+mF/mbZnzc8227hEFvy/adV7v5MsFrPF3X3319dd2uxe0
6GnvFg2bfkcwHtUNvN3Deh+MEJfdB3j57OXpd989oX9mmdy/s2IOdyR72TaL
7Rx367HzuxYAhIeawTDZE4DADjAuO+JhjmWYvF0VPayo7zfdgzt3VmV/sZ0h
9O90m3K5LPQ/s6qZ3YHV13cIffN20d3hkabrBY+1gFv4ILv7RfY832X3vrh3
3y96cvo4XPc5HAL/5BeMd++noi2XZT6rCv/942a+xTv1q60YVhMt+t5dXfRX
suhXMaDxq+xRU8+LTd+ll8ITT8vmDpCs7k4FQ3c9ftsCqZo1W/33XEa5MxpN
JhNAu65v8zkcPkKlrOdAl7qyXmUbwEa4KfAw4u28arYLwKj1ZtvjrwiudTlv
m6wr2ssSHsoN2ewAybqsKhYZ3G5E+bbseBgYoCreAWVZ9ldAArPltp4z8ZsV
OO5sW1Y9jb4oNlWzgyFgpCuhfkCJri4KeC13X2VlB48uy5qfdAMX7wA5aamI
gHnWbYo5HO4822zbDZCmcbYBigdnnFfVjtYFa8THEU3hjXUDg7TbusbvgAjA
Kc7h1mSAPDijYEW2KLv5tusKJN4BCGhauOblqlZ4KSaU/8HwbYDINhWT/U2+
ow3Sa3BEl8UOH/K7tHja4b3DD/BgX7zrM3dZm3rKx7ouF4uqGI0+Qwbg7uf/
6EPuiI919Doc0AKHuvnB51nVrICTVgYFGGL9Rd4LOhTdHmzgrcIlnME2CoBK
By/jwD3iQA/sOJvtAtTwy3C4MRopl+6yumC4wHhw0JclygPwzRXQC8QUd5yw
qxqBBwcLg8JILUw7zV4sATfHWb5YlAg42JU5Yhq8s6MvigXw6O38AiFBUgZM
AuS97dL4sih6YAWAzX7BwC+LbMsHWHoZw0+KA5n1JFAPV7QpWvycoZiAg8zN
yyQ5CF/0U/vZACsXfCM7gsa2YxiasQrEjjUyzVwRqr8qAIQOUaaI42UX3kVY
bAfTADhA0Miu8h1Br3iHB90lt/sg+5fpV1/8PpsXbY+IgtQUcbBEGLcIJTgg
XmFJB5idPzvLqnxXtGPa7Q9nL37M3hSz7Lx5W8BCj354c94d8xuAVfhG7mU/
fnNKnEm+npWVyAwr4MEIXBgn4wXivSlqODUErRkledj45VVZVYgtsOUKsJcW
jRyixccJkgC3F0gGcGH2iglK0ih435sZoA6icgpq46zsszngN72lyEAUtO88
GYDDF7QPpirrS9jjAsfAq9gWf90Cw4KvYZ05yxd0fxp4sTUnnp3UsLEciQ6C
i+6BfQl3cdFc1bjp9+//eDp5PCUxvkHEmgD3qzt+ckIw7j5+VGKD46L4jDxi
ssznuBOA+6aB4e2Kt0RMiWzXcj8CbM/WxRzErrJb+2sKg784gYeye9Mvsnw+
R0yk+RkLBrvO63DfAYwQlMOD77pmXua90h3CuWBZQkLgQTxh0AlW9BBQUbjg
F3DOgBWnfFBwU3oVYB33uyqQxc1bEE4zWC6cdANUmJkU0pJ53uG1ESapZEeH
sVd0LOxABrN7oZsr1x2pdx9f7ymyuUcO+EzzHiNrIGLVMdcDjQhhB5fm1vPX
Z+e3xvzf7McX9O9XT/75NQhZj/HfZ09Pnj1z/xjJE2dPX7x+9tj/y7/56MXz
509+fMwvw7dZ8NXo1vOTP93iDd568fL89MWPJ89uMdmwogSSFT4QOnugTXTv
upFChW7tw0cv/89/3v0SEPl/vfru0b27d38P6Moffnf36y8Zd2ueramrnXxE
FjMCUlHkLenIeMD5puyB1o6J+dIFQawHaH7+rwiZf3uQ/WE239z98lv5Ajcc
fKkwC74kmA2/GbzMQEx8lZjGQTP4PoJ0uN6TPwWfFe7myz/8sQJClk3u/u6P
346Ea7jD2KJIh0i6bCpQQvF6I4J3DwA6jnWNRicBAUPGXjNphjEA9sAvkcOQ
RoEHwlIIfYykFCBi4VBOnBEqCzcAbz8IM8j/kVqA8odTZEh7Ki+rgkCAv06z
014lmhJJ45olmmvFGCcKAa8gORmvIABljO9sgKyX83KDnBjQyI4kIiJM/IRp
MZLHebVdFCxD6u80IPGQFv59Wbb9Fna5zuE+1/grPle0FZJDxzBo7q5cl1Xe
snxYo5mDRTu65rggeKYFyAC3BAiRRSGSFgIg97sNwrfaOVLbWfaCOyVKBSeB
mlYr8unUIgAI1wy1EBPkSz7H6Hj4R1wwEmAa370Im8kzYS5AHVDqdNzCQw3u
a/bTcwJJbqGFzGg+EK7csfKRlkDFWQRGlRyvPfDpxbZ1y6FZj/JsqcyHlgj0
uKkXx4QbsJN9UrQTQRuVS+EpuAFwXh0RN0Dek5enxLaAn4CcS7B+W5Iss0xh
Iy+bhHe7cOJVum7PVNcApIsOQbMDSpfCRVC581neeXwVfCf0A20mb+mYQCoo
6R9/aWYdc+R6u57BYlE+dqvjFQUs+TKH5TWXeFcRlIstbRytTjDcOFsCB8Rf
6fwa4GIF6t8E6VlxkV+WTUsodsbLQ8RS5YvQSe/EGAFJgwAdV2GRrywJzYzF
RDzKgjBfh0kTBYeoupkxfrtGC+OmStIJ4eJdvrYvwYJS78HS56RT9s2qwKXZ
FaHECFtHZOmYOjrhkm94hyIEvD4H5G2bNc3rHkEErXdCmrZIIQaLdQKnJfFt
sSSNwGi3odKCNMf84sQmknL928O3QiFL4DRU5VW/cQon79YdN5qyza5YV8al
E4IYy7GYgAFXQnWAKZaQoaKPFGpPkFdAPVEpGhsVzPxMl76oSJAEYb/NAWO3
rFjRgvVIPUqRMcQsBGFiPioOk+SeWLBgqFI8Fl8JHIKjrOIuGjSwEQPKPRVn
Iu5uNz7AnNO808kVEyHzEQvMfNciIVroWDdQwGFZ0e036q9Vd6ZsMrLvl51V
IJcxyoxRH0CLrhph8i3q3cjcmdAy0eIhBErhBGTwE7mdSK1YXtb5Ai7DWbMu
VGPylBHW0obKnJNRWPlrF/TBztO0iWmvEClEDMFJUW3Mq7bIFzv4N8igtWza
rG+aPUbzZYvIsykLoS8pIwOeNUBqVdbI84kcLNyrXbNt2RTzuTfhvmybdzsx
fel3G/zOyWwo2hWLEik3YfScvkX21o/xelb5vOCLvWK959PNckDuSNOEC40j
qICil93zeTeK3EraMOI164zhDojeEhibiuloRNn51sgkRh9HQwAIcj2utWYT
gDmyQEuFz2Qm0fUQ0tOVgX08LqqSGLL4cLKjR49/PNYZRZUNgQ6iOYKcjJJF
yqSE7BmVFzlNeX9ZItMMBDoccIMGGrkQ+QL2VjI/BW6yaWCLO7l+OjjOPrNm
JDUfGjuA2Frev7+BqYBQ7VWxbgAZT3q0uefe0op4ld3K/de3SNlSsyXbI0Bz
+/1vf3f/48exYSp4pnIeZAKCO4O7EnqARtstf2x5ajNH9gQJFnE91gt/f/8+
6oWqRnbuARqLFHp3gSL44rCtkMuhC/KR4xZIOg3v4EukhCmP7wseZXYEiyOH
6+T08TcO0Oxa9Y99/HjsiaTi8V6WzfhmFiKcBMhSzaZE+HG3AYbV5psLEFzR
KKD6jreliH1OzcCtE2bhv3AY8D8gwl1BTl4nBhUwbU8DrtGwBrMb6VPNUtbE
qXQ3AVdjdHRnNHyMLIsRMkWA7O51E3U0AK7CdVUZgiVrWEcjggXACUhTy7jf
Wa9L2kIL0CTCiTcQKTGx3apY5fOdM+UTKBdNVjdAmrebDSobdgx3LgA2RrJz
4tKPiUsjUgWcPtCLyTNODptlOF93QSyLUBmJCAs+AXFundsFSQTLx10W2Fmu
g+U4FChQk9pWCyK/irwiVy+3qGT+FbRc/lI2gx7kpInOuo/5dEuxy9kZyehl
QxXg82cpXBJ3X/b+s6sL2AfCbqIH+pHJ1NAUP7Sed71I/G1RIIWGy4NunAX5
c6pm/rZ7EKxvnLz0CPMUNtHF7Qqr25M/ZLtc4vnUrLQWpB2U3QXRweDmjyOh
m9iBF6KElOJBP2/awrmoEigOmyXxtlN2is4yPCDVPLo9+8cTgSP4b8Ngd4rz
AfmQK43CW9dt0WBdL4rWGoRFjwpRTPaiKC7muf86FCdq/t0/P/5R3R6DJWYX
RbVhZ07dIa6uqmYGoAUWBmJlLdwzHthgJMtl5qd1zuNZ01boUUNMBP5bLpgB
D/1EjHze5s/8CkMlAEjsP4Gff3jzT6CB9MKjv/7q7tfAo6OxOSDpzem5HKHI
MrBGwhsyysJxOJ8M3M5mu7pQKbKwayAvKAGpcwdP90fFV6TmK8UEfEKngRmX
8NYFPYWknLzlzbrs0FVJKxpMhxrOltF2DhzCG+5V/Z6StsXqXIAOyJaYp3kr
QkhqybPutQVViVRk9T8BYwP1mbkdkg8TIQW8OYfHw6PHf4sdghEohS9vhmRN
iBVu1OiqwdhoYmdrmbKXM5G6v5zeRzCpKIRc+nRJfko7AW+KLfpw5YKxyX3c
9ejiIwGS5Ed43wPCmYGYREVcAmcIDZieYDMcYFK8y4Eot2efNZmv53nbyk4P
ShFTZkB8vTHMDETGdyTlw8mVHYCn3VZqg9CLgd+yrMZHi/iQWDufSiAeGSCT
Y0uVD0L3169O+UapYIZGDEcd2RClg3dDmiLwYBexN1ARFPGGEHYwSQve81T1
MB2dFWjzZBPaJxBRfBqJpJNhDWlUHXwvbcTFdvOLYs2qgvzTm33RyYtARqKg
gEbsJJIgT+XO0mN8tLmdR6m7ag34UZQgjfEo1WwC90ajqOgQzwHPrUQpSodC
IjBO2ilRgSoCy1v8sHOeKd4FbJOeTWA+cFc1NeFOypWYqKf7Lhjqo34ZXjjw
FlWvv9/Aj9OpX0DPaGALHUvwAMc6Gaui05dfwX0noSln1VouhfgkY9xGKatd
GLx097wr1ujpmHchbrAQwkb2UJ5NC7D+dNnAuaK1alBNF84ZaSjW8OpkzCjM
xMb7SCwH2fAATX94c+6Ep3pxByA75PawcHws0p5arz6y4ll7t9KODQ5OmdTF
0wJ3qrNi5Bi/i0FaIgKvinY3zi6aqwIdDMA+OWIjsSs2DuLFdEoWryCwQ5Jt
HZXZEq3uqvmiiCnKTNc3VVGLCZgU8aLqCgqPgOU22RpuJhqGZBVAs9+qR+Ut
hyWwLYWQlK0YSOJgJKB1rNeSjBMoHIwuCcNBcMC83Bn5jnI5qpSCDwf0ELae
GssfI0fJDJ7gxR+BBHYckxlUiUhSAgpEzsIHo9EE5zeDAsKg8CZ+QDpP9D9l
kQHdWEo2W1BwvF0iFWTDszQt+9UWrN6UlzgfvMYM9fBe/bI8ji5At0hoVYpq
bA9xs+C7b0GtVLOHizbQiKjwFDik0AeJweVN2lnIUqyhMIM5wz3rAw5gIkvY
N2Ld4xqEUkEWvp7AirqSzIihScd71cUmJ7FRQOqAMjkS5+fpu6JakjMtF+Kl
TjLiI9u2xftJp1jlPVOeNvKzwLQas0EBNf1FuKwgItCviz0hXocuUG/cAAGB
W41BYKqUjCkYFS6farnbWrXpYiEHIm6gpucdW6I/ZCF8EqA+wHQt+eZBoCnI
Hxp6vFOnQHiPBgB/eLjXTV62Nu6N7JZ+5nWzKKqxmOL46Iwq47kpPdCDVLxC
V//SgVIgEAVrqfGteLdh8Nh9hOfsXI3fG1stHMyVXz3ZMMharl4ZwDgk0Z4w
imC7cFZJtueTM36O+PeUL+TY7N1p5hhyRdQe3jcA1TV3GobZrAmqAITiigJm
+S4etvfRu8MjEV4HaNgsJJ5CHCa8BzGiAJHgbS0p6HDbCTy9KjndY8CS9Jaz
eVGDStB0LCc8JAtM4ml5LHv/GRlpJropZ/OadPLIx9Hob3/7W553l5xXkfq7
Pbnmjy0kDxHoebuLfry9d9wP+3640d+H5LhTnHEy/dXH/TAYOYLK7Z877gf5
r/8meoD/ju4f//xxca3fZh5T7qYPNdjDgXG/z8zoe9a797sD4+Z2XF3gn/fD
96bj9tkAygexLxr3dgJGNG6RHvfo7r6jCscNP2ZH945l3Cv6CAf+89b7AcMi
skcVsTte/LcK39tuE7qr25O9AD68XvkP/GN3AH/t52jK2zLuXvhmdr0fskcn
d7wexL8zqJMoeAAfzgi+Xx57/JVAI7tIvjL+zty/ftwAHw7A4VPX26buReLc
9sB377iXv+xe7B23/GX3Yu+487/TeosUfC9/Od3J7LhpOolY+PPHjen6vZ9N
13+j2JJezA2YdXpcGhmW8Bv3+dfhmzda0v8n414rnx38u40C4N9G7x9kn1Ey
N7v1KOfym1ssYarN0sfoDsLVprc+jkThmaFeuyhz0HvXqtaiVs8DHxojI1sr
RRqDCP/OG6W62MI+sDMnhwXF4qLpKJcse8NvkDVV9jPqOcGFLBDo0TX2w9xF
+ojdcczqAeqB6EjWlJhsTmxW3V3AoobRgxq/2YG2c41+kTJGw+KfyGyjyJqX
ihvkTXFQl/2ZF6qhXRVMdvLylJRImzb2VF/OZm1ZYMDGek2xvMusQF+R800P
4xRuenaa+GLWpgGuNuuxQw3P2IAx7XTgptypq2ptHdpkpsXD8SYmsgLERmLn
WvOxn+7V0PYgqSRkO3Qx/mEWxHmIQuwNw4QS8bLdOEcimbqJWzX2tuuyF1zG
5tSkY4rXFTYBanga/dDukVtrs5OMkHlrRhOMsB7kJDrbqgEBukvEpy9GZYlB
GNEBs8WHzaqYssChXGQU4KDiWkwx7rbpaBg2LoZc+cUi8efZ93J5TQB5dJ8z
ynXQ4D4T+6jJlL3mn1Eim0XW2OERr26aPZQodA4ylF81Z67j0OmGMnHLGpA2
3jeln6Gdb94nNohUryrYjU3wMxamsmsqjaP323BLUA83fdAoYLRgq1/sokTH
+WVeVhJNbynhtttKnrgPhXFXCNC3ZApjcoGRJOjb6OOhSCsfIB3FRGqscF6x
sRcdkClzLNuji3dooFrJ1eTvKDbRZoF/HikNDh9ONRBe+JQz0tung5wD/SCZ
HOQrQHKtfpyYsJN/tDHHJjdg4DSL4/Ws62LgaZlIXGiLtn7+gFQbj60Cglll
y6q56pQ/clgj7RBhgXf4kG8pe4xxo+Vsy8GbnnL4NKG2gAcKMlwjFTnMzYq8
pcwieRhNcPPdvCqUzthn3bUcRsqUbQJeGoQW5IjCeYyYylEqqhkeq4QUkttk
DKbiqWfXLeZlwrSa/0cK+cmQg76SmzoaPRLej5TMpvS4S2zIBlmv+TKyMEVy
Epti9YoITbAR6xE18G4847gPB6GIxo4YRVkHd0fcwTHJ4QgqIQDWMQaYjrcb
q0dovkmU5iGr4yocoY8xflSvq4J7jvk/7CZhyGeRdMbUQ2BuTMUeFzGOn5OM
np6fvzwbZzMMtmEPo6srIeZjdcl0GPXv6LSlT0rdOIU314PAjHaNckXi1ZN/
Bt2ukm4E+NcER0bZGAuOQKETpXxwPsBqx5h1/9jii6UT2d1RQDY5apt86OwI
hfMB6WCxl2H4Uwi2x/Rk3Sx85IaZXaM9nMc8Or10WkVCvGRaTAHZKJfVYfkE
Cewjvyp5ZQvdTuEZE8AoXLoVM7pQ/p0Vy6Z1gyiGu3QKjsuK9qIHTdmtcLwS
jhLiMF+jQL4JcAWnQtTAgGxEKUa7dZHXHEZLUSEk5CBZixYW7oEirshTnNsj
GaS6K/9QXUlZmJryI1cMVbNg/0sKze6bmzMNTMNyY0gWHQh5Uc6ZGU7D7vTS
OALt4xLZ0z5YligELTCxnmMDpoHdjeo2BMvwl0WOAl1lh2OsKJ4sGUH+KOK8
B93GhH8CeM7Yw1Qet3ncuN6EEOuO1lvK8YUnjqdY8QtxHV2r6Hm0J8fjopjN
/nxm+NFoQVhlABrUDAR1phaIOmhExW0NC3ued9mnycSwEEWbFEbziNwtcZES
GcFSECqRWV5+YFqOmW9WndGxKNcrqujzORnL9pHNe6PRGedGIw1Xv3lxWTbb
joSiIZf02yO6RBloculwFmQy4z107jedW4T1OsOZLCr2f/uFiXyH6baU3Co0
rOO44OFCkVViVIELDbBr1pI66etwL0UQ2xx933Q8/XRwrwid3Sn6RLuAXrlk
pBtiz72ptUkGUSWevgSYg6jpQzVjy0R2n+6vGQTO6h4RzS5KpxZbgvMqm2kA
KGPe71UEhLb4C7JOyzvYw/rIlo+JKcdB1+leo9weZ2nKTfqpBsPYRHjIGTpY
nzpeojGGjs8D61On0GAM68wJ/r6lXxTMNxjDz+k9op+6jg9/SJhB8QfjBvqE
dcx/1jq+T5/vzc/FOkxv9kdjGC9M6By96Rih4yl0oGQpX97teD/sSkQnJXs9
jdPzy+PYDQIr/uo4WuIHHoP1r9uCR9bBCR8NsXDfWUr5IdzLUX5snJl0poN1
zJPriOAT4scN4ZEY4+xnnG08RvErjNH+CmNc/gpjlL/CGPP/fpgOHW2fPsbQ
qfZzxvjl/OV/0hif6gS7PYr8XpobLZ4vZUk39X2dojsC1F0KThxIjeKbIZVT
vQj78+QTlQtMZGqU3ydVEURn9pWaSu9zMxoiykZVtaX08EKFz2aTr1yZjsTC
Qs1SSwBRAQXR3WzKotqYcyl3SR6aGdqi2Srgkwi93OtWuOQaR5yXz8YSPQm1
3Z4HSm++WGhhIHzIVVPRBYnqUnYDwy2lNCKkBjt24m6igCOfHugGWI9ECirp
Cl2YXxBLT2iB3qV/0MKAlOayqfJSClEG0dDjvWHSvjwC6oWU4UAOBcxQkioq
VdO83W7kSLQAHjwXjyShr3CCXOQP49nJpojqo2RcCuaPPaDssFxt5LKpyP0W
muS5CGArmfp7Kvyx4Sw3Ur8t7miKLwyLEowz5zGkZBTYTkNKl3f8WR8dSjyn
VB+ryk6CE9W6fqX8Gps3jfKliMXm5S5MYu+deu2yO6P3pklTlAWi+jvhcm18
/bGZK1ghaaa1dShxhompUmEcKmjObZOmWC2pIKoPGnm5REacVpDaP25UKi/A
pr7DYF7Fkz4sO+DSJxwKnNgCjyMxyKi5xNVGYc+1xRRV6ZwNY+h6NEsN6nYM
HCiiAUp5ze5tuRErGoA9afV/FFj9NaY7tnuKKhrb7Z311drajF3b6MJepY7e
/TTbEtdC0QxYG4zggRIA19cyrQkI2V1non5iU80tNxIiEBiqvX9M7NL5kLBK
JgnI0eIB4i/CO6LoSUXPanINeFdxuHYU2rlipylaFxXjHRAnV7sUPdbOJR6u
UavcXlNXSG4br8ml24mBNqi4EjguKEmkLSq4R7VDFU+7WFYwrqm2AKpde8xg
LAjdq2sySwMqecuitxKSfWqlaWueSB4QQeCQnM3tO29NeuXx24U+2GWI4Sl0
MJgjspCOpjNOM+fP9s6MkyC5bLwXnQElxgo3tfR7H0PeiWmIjgDN9VJUwXnI
51w38txKPCS2BSljCZQhEgqEYTeU0zghJOEUHFgTHVV0cy+aQpGAqzrmMaYq
PSNyDrd9Z1xDSDg54z704TgJTGgxHjRo2c/ZNH/iyxE5M94LrTa18A7QAEjW
OkneDLcKjFfpo2rFVIpOPAE9Z83J46E1XD1T3V7M6Rpra5zn11ozA9ukCSGS
U+LkEyo8EBjDA45T9t5jHZS/Uj8qpcsewnRBWuRMSIHQ4gnHwEbHtum6CYdV
gWxpahH9LIPjJG1z/K82ON50jEMGx5uPMYwT/llj7DHSfdIYP8dIF4/x322k
uxsY6e6ljGNf/r9spLs9hAflndD/3b6ZkS5xQB/C/7vGoAQiVzAGUGTYzYej
/vjaMdpfYR2XiTEMZC5v32CMMjEG/perdPG/rxtjvmcM+x0c/tcAmfz4BkY6
M4az71+zjoGRzsMjRJQDYwyMdPsu8MExhgj+dxjj6LfHgGQf+Hb9PdcREp49
zOq2/3F/7uCN1vFpb3tc/yl13695+4OP0k5RnOvftnfk09+2mP3J+47o/ie9
Hf+YftvPEaTVxChwue/EP2SnYc1dS78d3PfPP1jzPvng0PtD7yD/f/D9dfuf
HNr/MBsDa8Z3apN2G1XF6qZG6dw22POBJj7yyMrqUXVjqx25gsKkWGjRQ7Yw
ejNeEKt5RuasryZf49Dv3/tNffxo7IeU+401Emi7ElsthTe5WOiwKqHpRciV
SV1yM3XtAAkey0id7yl3HdkeRN8XWxuXquBK+75vEymwaEWmWIFG1b4OtEyq
I+pLinnVz9Sx/sRlF97GjWkEHceZYSq9MbZ7uGBlpKvp6NEBQzwpfQOTu2Qq
SOUsa5PwsZgcWklhyeuy77USaWinZ/qll2Hi1UsbRx0b4cUqw00BokBBqhct
mCe6s9hGVPlPqWB3mmucK1yw2lgWxSQflarxWB9tonZRQnGJqRVlBLjSHcOL
ZEdVoxeCzl3sFAz3rcMHGabWY0LoXOi5VoyOyw6xmYsCYEoPVDEZDYyxQ+Pr
gD5w6elw+3ZTZhZXBVw3E5lIGPU0ctCVF6GsjWB8NXkPStl6yhRbBnlbZR+e
wf6FDuvvx32nON1MC07DlghC4bEQRYoyohAAF0HZPllcUOMtKFDhTtXfkbCS
lC1wHhKCMoocfaBekj3GbR+06fgEV5I5ECTskY7dnb5yBZvYrzUaHrAGelPi
oYuuVuzASuWi9QS+QzxyiQg1dn8o5rlETbqkOleAFSkFgZz6AiBkL8oNJfdE
EctCu2TgRcmR4KnQ1bAqIFtfjRlK7mlnLVi231wtPNkX3DeB81iuZr3Ja1ew
NNEra8+hOQOhmddFT5JJ1cHV1BR3jf4GNI+Cl12QfEQ2w1vXs5SyLFuMFNa6
oZyqY7wbqCTHbiLftgwn3HMqIVG9WTQxGRmMta87iIfi8QknMtCjTgH9bkPO
dL9mWIuEYAvVpQTSuJ4bcbPA8ZhmF3yCvw1OUNo7obEcpIo0SBuTJTL0vWi6
anzAkX05XMTXqUUUw8H9JU1OEWBqRPrO6boKX6cGwUz4kKRZCROhSAlTkSdT
XWH3Q1hfoaQrYfEI89LexGQ8OQZR63W/juJQWS3KkFPHr5ak48jkoMfGvlNZ
pqUMg9iHF+xWO7i78Ul+9ln2HFNWV0X2HUYt4314ySb0J4j8c8nx42PiRHJT
mMjnmk+aTSc1uKMUcV9EUd+L9IBrqxt9ZCnYRbzIe35yfEI8z93bosdORFG+
ssmAHO/L8B4L87/ak3TdYu409nEadATypYNZKiE3sgsP91Eu3He0o/gMTvQD
YiGJU9KHKuxcNOkbBxhY2eYBOo6AroiAJB8Q1xXIlq/R6R9MqBjLME7KifQe
vD4uc1kVPXGxeAVm6jMxL8tCYvR97E5BiLTXoeZSeFOI95J8vEcvn7w8fkA8
uaLMyMBFT65mbBvLxcvhsbFr04ORWgCOlZCOAyHwm6JoQy9QXhv/bswb0Jdp
a7ZpBwJO+ZCdPC7mVNnTbePxy+MxJTy4kgceOB5giwKbDyB7ExBpkwxkQ3Hf
A5+IC0Di+/v4JatVcqa2Xd2kajQFaK2FBE03FGxQOc+5o1exnnHKx1qvv8/v
tkmCQQ9p9XNK2eug65NspgJNcYsEp/EZfi7R2exBSu9pbi+pxqRNKh1AP2rQ
S1C7vBMNZnXbREJpOdoq36HnH+8b3nVXfpWaxZgeMl3Rb0EQNIRgQq1tD5fr
1x5T0iiOm01Jb+Qrm0hsRKypyUFIeXXSBqjbyVJO5NYZWMXisk9/+Mb+fXvw
2ZQRzT7rWNGJW8N9twb348PBuN/8imsY/oZyrvt8ex/MQjh8Iw4FRELrstp7
FmZc/vLP2Z4//uHPo8T6bUElb3RnZ90e67r6NUCxcCPeyKB7if6h/X+Xvxj9
0p/piIDnHnoWqZZ/1rGo4bNHzYbDGo75WW+4vWYNn7K3YTEdFHAmy3KlZtxn
Qk7WIj4tVXwSMsdVIrKjRQsEa7LAnrRiFwnDeY/JxouULl125iYVZ/7B0BUf
DLXWPLKtRDU1UXFl7dbmidkUO4w5cui6HFMjyNnO9u0jbQgvimtJHXSuV3tr
smcGCy0TZDaOj2+AkO9r9FpS42RDS8Zim1FuRZ+ceNe01rzn2WqjXMzPOBZt
ORQmhfNgGY0Ji2nBIZckrnCMNpZKvju1NBBRwFA9qrfjNN6D+qhTt9KIEB1m
3gfvJo6S9NVyTXxNC6cqe+IuGNqmUzAzUXvbn/hEs8qn2Y/IaKmGiHla/QgN
nQyAprC1IohBW5labVDT0T3fUI6aKnkOTCJ1n203TkVFzHFYgqKWj5ncU/Y6
7HpvkkP9jE60c5F209H94Ey7gitzt8O4ueyh62Si1U6Ka2UGOcR8bycsMUvE
HbrilmthrG6nr7FIpUKZ7afzMDKf+D1OR18OnqPwq8Ce5689y63y60LkXACw
0GYpMCOVJ3KS51QqVqpCJl6+WHLNQv2AbS9SSCXZgSVsnf5VsAEOt+yirr1+
wxocqsG7oCS3LTWyRccExQ+ORo9tfwFJsxCBtaTvx6w3JCLCmzlglWZ8kCKF
opnEY3vkI/QYh8/dd8/ZGyNPYsHtxlOuhJ3PW4b5Hu0rR/waQPIIE12kDnHT
9ChXc6ec6HHpQgInFjQx8M4JDRoUUhe0RmPC1VM1/ryW1iBR/23cx7B+vkS+
BxX1VcVgerQLdYx1ARi00MwQpY6hjD/b9gF8ELkqMuKRc26ubcZE3104eLp+
5LzQJVwwSgUKt6t18LXKl6uE37urnQel3dUPNohyD3lJRCKokr/Qnqr0BbiL
dxc56EeoHOHknBxOmSsBGEzdAzLoPSaTUcj+J7bJODtjOHqVLFAEAwPkK4lg
JYcfZWIwh8h711spiJ9eoG6mhDDBZ+KOT66ASkcXQK4jg5EIH0MZbxWbCZdx
LoNykaD+DtvKQtikY3cVxVeNj833MbauL9ueW6D114PeC2zb5LI2a6pd1lMp
CcrniS84J6VRtbjAEURta7iNr59a7M6xK8Jd8sBeuPegXbPlmXsvKPekR0Vl
CbrAIOIrzzOd5QKN2ig47i3gAFq70j/qSZANxfgWh3erREASdnK1YaZACnWw
94XizWA+16A2mFJbFER3morkm0p7ySWpF1bDnIGptiBVcvuBAQBo0bxQa98f
Ug3uiXE8tV1fue/j0MYq5fiLLuiqSnSQSEZYz2RWmKvNbhPAQBXtk1DnBt+m
pWuAa3todJA9QhY1M0Bpm101LO0D38wXe/F0Gixgb2dapEdsBaylY6FvH3v0
tlYdp9Y2uEV76zhoZ2smKaQv7dh4mJzczs1dwva0OO+EQwVutaZr0e4WXqDG
+cJR/LwsWteOyjVt3ZK5c+Fm1uScW/w0LJYvjDb4PfeLJRiABFKcZUevTs7P
joNunPta7xa29W5n0kivbcEbHIe72hIoUjsBUgXdv25hKdmsBYRB2sjZH0k1
0ZcbRdxFWI+lzmJecTKm00F9Ly6p+mp2PIhU8vsXH0GBGZ7SDVYzM9Bc7Aii
W5cYBUnxML8Pmj+TVDnNuCvYqycAaeeWzE2/sW1PqrBAGg/Li6R4q5hzBKjo
GZPPEgzFM7lxfP2QOBN7NcZK3z2kbhYaOIZREmRm4CtOvaxOqGQdDBHJEadS
sy2A8nhYHRYLnqqoTb4TnM9P17nGM/wdV8jrhqpQkpow/isoxZ5s0qjx/lOx
Ni1J7CZD2peQV2VcanZdoSyJEnwkQtKD3OhtKNlK3WLJq0GcdVMifpspE0ma
/jmbWCTiTNh6yNFby6IkIkcukiTmLOCukZzkSRbxJWqCVIQDJOo2I6BAGcSH
PUv3vCz2JBk05VI9nx3EI+lBPRqJuQbEQYw/NEfoqu6SssREGRZAqAqoVVvf
BeDDY9W6ANBo6/d46PlIbwrtei3IXiBHU6g5IbcEpMMR7cWd02xYGDPZ+C7T
RodScS2KGMo1TqozzJfPT6rN7l+sXZInMAnGZdLknQ9skJOJpinXXJH+7ToM
SkxCEE1kYy08BtPyD8E3Fts1+y+CZbAMX32NaoZyZStfCNjW+6Vyf7gfXXpg
JcwxrqXzHQVPqOtPujypM+DxIuw13eSdhEis40s5DSpQpYKJbYgyTC7m7H2B
z7HX4LZ8+yFgux8OPOu/c0k7JiD6z4ddDVk2zabmcZzYqa6pvw/GTRS9Z3WU
5Hvw1zejwXf7/w5Mdu17YRKfbdRxTdmS8IHb5uSunfcy+8muInh1vysnEagu
r5q0jJQbZLCV2w5REH8IlT1IIgh5Y5Dbm3s1+PtDPMm3WTxW+tU/02eLTR9i
n9vtaK8Gk29nAULdjpNXbkcQ3rPRfV9+wqvxfdBXwwuafDW+EqlZk4gx/PJD
ktzc6I9x+Cmy1Rcb1X/OfMr707xdEB9ObOGXzBqmVRhvHC3lTLn/M+X+pMkN
LWhWveGeF09BFgwkGa0QgmaNvU3k1AxjZAAm92hc3M7+IikGJnY5UAuAG5+x
uEgBCibRH1me5zHCSbm6iemjSc4GCvv9DnUcgf/E1ZQ1NhgKMU73ibSiRCwv
XpY5fbGE8bVi0OfZswZdfFiucUI899DAC9vLnTKkbVGYikaSOD7g5m+LPjta
WklXRGf46p+fPH+drYQpwyxUJKMuelJ7cDHhi4+qZivyI0aoPi/6nOrnMBM9
xn088V3Us58wvnAGu0T4pc7bRfiQEeQv3POPqt94uYStmY27EZLoYLq1cxwj
zhN3CUZ8Uld2VN9m9KJ2Kt+64UqeoEOifMM2wUTb8H6nhV2NX0KMHDYE0VWZ
1Swj04xxLJhn9WEXmkwqes5ak7ooU7WK1aLnS8P7jAfuNAKCUtD4I6i37vGL
248PnV6kUPATO+OB9kF91sqYmzsoCol78NO6TQc3ilp2ZnP0sNcHW0ODGqel
vQYNEeyActpkFrJWYirDTJ63DI0jk1XLZV8SkXUY+zZMugoelMhKb8PkKgst
u+cS78LPE/6ZvOQnkdvLE7C8NQvWkMT9WxQXEXdxjYwjpHxziJ80DQgi9aiE
c9uWmrBxyMU+xp6ltURjhQaDoNONoIR4Jd1ANtgs8DoNcGVqXWOcGBL0bYnV
R3RvqtWPTDbFxJJlrLwyqcpLbnTbFujTPWWj5xijL9pefo3d90GWg1Bhc0qO
QivKhiHNbGOpKLAlIBrc9Zi1MFWrOQajRPgaejclqZmas+MK252zAkp4QYBg
Z+KQu4/I8cdPMV5PkUjOh/ELFD3DvXJ39AUVNdtJN/IC1U0m2sKDXSyA6z0A
OMcuKws4y3ufmxCElJd/aKBfig/XltsXvXV46RQmXyJMIpB097qJLhRh8Lmt
eXUo8iDqaW2ARorqQluPYLErF/yyf233b7A2DKnpgmpGVOVFOKrQilXBzCgw
diXvtAGnpY9kK1DnehoCnBdouwU5I3GdiNzY53/FsnVdooy3C3BqVZoCoPWU
sGdqYY8T0KT5ioVH9HDhBoj76sh3htZG7eOJXbMrgByDDpIutMYTXXU9uPpZ
ec2uOwvl5bZlT52EKPug7akz0FEubGSiC4m7xv0a65ZcBspAzM6vsAA95urK
fV7jweZ1j03UMECrwn4DD0AAbruerrl2PlNvLXniF9L33baZCaLjRRYgmhm1
aQuS/I7QvssdqOmQF5yKMuGfj0GgL9CKOh7Mhl7kERpqqWYVB4cMN0+LcNkb
+j4vlSPJCOZkuhWnl8qlI8w6yKhddZZzfozH8d5az44oOg4rqGF6AXa96fpd
VRzf3BDl7oRVQI8UcMeRWvrnpO53OxjXPnH46fjv2rbVqeojn/D34Vcbwtpe
boPyvJnMdpO4csOer6015FIXA88O17X3azeEP70PiK7M72709dAmY005xoyz
5+u0WedD8p/7v/6Vh3jxhxjDAtBH//z2RThEXEvmyb0n+PuNvk7bcD/p71ca
4pc1Hx3Wu7ggUZdNM4pASGwcMgW2VDLBoDL8jDmgidILGd37z67jkZIwbZRY
zqs8FD2NPqI1R6jlXDuXOb+vimwYFvDX+dv9Asqa2t+w5+Gw1EI0HYXGRCp+
zr30xj6mmcaZ5RUqFxwE6HRuDOR1kdDq7aZMJC22eWOZhmLKOA+Iy2YMY1Xs
MvcJNySnUGUDLv3BPUFRvOYYsVDLMIUwXNcuag2ptQqTwcEUdofxy9XSNi0h
xYgNTJEhoxjIhWZz+5tTjQdH4dOknOy02bbY8ZRSf2211dxptIBZNQa4MmMO
lEc1YXXFykfWD8/sRqv1qKa1N+ICpT6HKzazYKDSVRPLlqgwa6aZeG29OZMU
qPGgagwgKeikEjVgiiEkbRTTQw1YzqMjO/Tj8O1oK4d+HA3L6R0V09V0zOV4
s8ApduhHooZR5smgUYlJdjr4I1PnVIpV8EiGZs53uyQniFKwopWlnteuq+mZ
gpVJfS8PlugvhFn6x6hG2N4Mqhv9aYLVL+SJHwbDXKtXk9PaNMAJhrn9zS/5
S1fTEgwEis2sJJEucByxZWWeuHSXxiQs1xehiqunO9u9VZmJZQdM0OAo1Xw2
iignaVS7KOOWSmH7bA/ie2Fvvmt4aNj60UYeAO0z60FWhJyl732bqt68KcFN
9b4SJtSp0SZ8PPQFReJdUAxAOLfjaossLMc+tncTlGwXTdY1lQSVcbzgtQYN
Z/82CR12FaLBt2xmdWkqKdnAWku9owbQbMymwCA54GHS/DE8NBWlJHV9T3KD
5F1Fr3NQCNkdSDlWdkKvdBqFB/BHM1VbVr6A8UzNHDCvpEPtFwFYcjOOhIQD
AKPRJuyzEqnAJky7U2UhrL+OjUcz4vPqvPBuSC/okfjUSP+5ahngKOUfLYow
O1zBILnYPVeS8UVu0OrE1ptx5vs0s4hmw3HIJrJhhxeVhe7nF2N+jvoUBpfa
+J4QW8RANu9DcU2cQiwhOHO86bnszPHmwNumKlxIXZQ3uLTUiTwfGFvnVwBn
iDvAUD0ykbC3Z0sSVwpfD1cfG/O9dOlztnsggIrKqfmy1WhvA9RWShvdXrya
5Zot6m5OrOzjWsDsF5eju8czajz5tnNOQxUxEVhORZDhUwL8dUPvQW263dPs
KQCdwp+kig/3C6/7tlls0Ti1npWrLSHJMj72XHMb4PTZv+pb7qJg78XmMSWN
DJeePX99dp79+OIcw8O2a3ViDG6+r/QQoK8WJTOt5Mthp8d9e/ejbuvKRTyG
d65zGFKF1Tpm3umA+GdyKST2DP1t6J8DeDTIpFD7qNJIdfb0xetnj+VJny6z
HwgS3jvcmG/wSQZgHImuFneXrwrJJ2UlQ/ujcJEOdhU3rRTQwbOCc++ikFGK
309jOIMv9GEVsUrlgu5SNNOfh5qt06mZTi0Rr7x1xHuV5f1nofdUfE4R7LEC
nGQQcqZbvAHLFXPSoaIaEtagb7u3FuJ+3Nu9MxZ0tKSYIZiIK5L1xoQ0bpns
oTdoO2On4nwEJdIH3e438Kxb8hIUh7GU9arFjdUaa2NK+UkeAYBpIV5pU8OG
p+UL5jINhKhPcowXooxiwOGSk/nyvm/LGTVxN55lh3qGJ9gcUm+uIIzcbgCh
i3ytbcqdLCVSQkeIr9BEaaIstI6Q7c40QxNLW7qGW2i1B2RuzSrHoYtCFetx
SEVsXp2EwogKYdy1Y98ApkGhfnBUxwP4au6vTe2z7tGfWCz3fev7YtXaRgtF
TYVXNY8lrrNDcTodB2ofQP2LXJtLcAw0rp/Ryp9mWIvMXwgMHmowzrlrti06
79mPSt74IMpCm0tsKwSvP3sVqLmkAOegjvWeYVG4sdUPt9RWqUaHGJeI4GNY
Fc4hS0V6WM4oOa9mke+GoJ9fFFjvyEUmEbcE8o5IKDWEVDUFCQNkuabWerbr
HEHYpdyQ/k1Md+F8EofNYRR62P13IOUprhKuB1FACD32MNOZU1Y3IwDG2pPP
fpjY7rggZR+YZAqBJ3r5ci0cIHkwAbyQ90rTqwWbcCmaKllsy5NB/NqXqzN5
l3Jur56AwIGdP+AIX718RNdus53d6bYzqhfRHcfkncm0bwfmVKNizCH/PlPs
IIH2SfgYpUj5aYzezraWPSRPIWeluARxr9ghGcCaWPoinpMGeHFis8RkzfL5
W3YVMjmLt+SpgOaTNE14dyLea1NHZ24nDhwaPSlUwRTE5GZvGvoWr+P5yZ8G
3da85jm2MYkCXpHcmGtjj20KyXDFNH1Blyj7gSpu547eKABEgGBJ7ZwjqVBu
MJFTIsfls7JSVQmQvSQ11ZaKpYMT7hH0AIr1FZKcyW0e1yh7gj7jkGKq4kRy
clVw1xwTGMBxraQtcZXENqd+YKu8XVSSKZmwfaXRwcmsGlOGXhbHJjTujBR7
V1WPC+cQ71BTpIhj3YPsWbMiMremKBaty2d6DpVtmkMojJw93PAXF6rF4++v
C1dy0lpccNVwYs9UlJt0Kemm2fawBzR+f+59MPhYUDpa9+tqk8MDYuUypvl0
8GdMPYN2U91AlzBcjCB/jiEOfb7e6A2UjcFPZ7StlJUG34uIVfDjIFyQajWg
aI4FCLRWnsAmO/Lc5Q6MAmLYMc4eQ39e5eW6owGUb90JuZ2Xd0DhFIn1eDQ6
B4512ZSI7fkCG12ytaGbVw1lXVEXVeAqVEohUP7TwSpBKjABF2Tizuuj8Emj
9xz9td3QurHNrmPxDaOxrvCAyMQBI1CNdViZP94Jl5iTPqNUBpYtYRzag+Xz
auByQGkbF6wj/iq+MR31ucIaU7RUan26yNHaM0aqeFGwAE/8+6rsUBPGUHSJ
fcJK9Ai4ddnBQWLcI4nYSrdEEZVENgMWogQ5ntOEU856T8LIBErNTad4ARxP
8R3gMK4HXgHOT8KHu5JxupmsjSqOE0k9Ojt98vzYk1UMp+VCCcjoStZG+gus
WkGq15xPnIninNep9WScriiTawNZ13Bxrbt6aZrzvv8MVivIy80dciWJGi9u
/Zm2xETQvK7Tmg+lFmGO8+SsBogCgtbkisvk9sZBy1VI7QhagH3YOzHPSBFx
sp31PDa+0ZyhHtPsBauwIBJrlwo3qBWk040aLzSrBEUgzfVwjNzTHB+U2rSJ
oahUs+Sksos8IKvUu1SqyVLDYypU4tynrg4SFzMp4m2Yiv4pfSaxXioik2oN
PaZq39u611X6NtFxW0pt/1wsRGShosM7NXGq9mgP1sxP8iYzBu5rGiqgcdKq
0eWZx1FljIjyg+AlNZIQwzhddGgBcOwhqKK1UF+CymiyHoNVUt1gMKRU6cgl
0C416Zoabb4NLKSmqmvwnKnperB2G0qxJVfkdYw2SO617Y8764qXAH+SwDSn
2qjdmPSjt8iO4crJWLS6yqWGwkJDYcO3hGI9DnXD04Bbvv/MKIA2jN22hvQM
ljti7LHvI0OrMYG9chYUaavqpHijlIS0y0mJYbTDodruw4YwKf32jy9OXp8/
nZy/+KcnP07+5dHTkx+/f/LNq+8e/e63v7+vTVvCMu/kG5Q6jKmeI864eEjp
9hk2oriQBYvafaL/ikuQJXMWMNpTUg9MX0wRJFsvCEV9n30VYXmF/RpsIOwi
iwB1gtGbIgquEjnar5CCGcZZMqCH8B/CWigAhS6TWuR67L5S8RgfZK7AkZzc
MRNriyHUu1DY7KgUX1qjYTNz0pvRWMMD18FMP8hWTdaynM2D036KmjJqYI7l
tlrisZEQ5+oYZmck04kCbpMc4ApgMSes7L1TPkvZEusSw4FUfAyrQ7whL80g
d6Ab4BypS2ij4HbIcVZR2OxpsDe/da45312huUbL7oT4jD159tiRPv2aqaAY
lMNSo5g1AUh5ljk5Ehy/oEkO2riYn4l5gdGW+mVEVeEZm7mYp7E/GV6MWt9v
5DWtQabpm6+HcOwuqGN6EHY+EAKo7Pth2Mr6xUzGMOA2YmYDnfhh0Ux9qeUu
0oYZvYHdrp5ftE2N3aNw1IfozvXdgEdn8Y2jDuvDW5fHA81ooE+6jFxEPeHE
s7wmed20jZefzNgiHXajP4391k4bD8qEwicq50BnFKm1FjGpt3DxblOSSmJT
sNV7r9ZpkVCqwXBNkAGp5i27T0BT18XdObWCjNoQLbW7g2+tQ0X1ruoJ2VO9
yu9rwwl1Gt5+DQAMirsxIgfxCb6QDOsVzihvkQFVqa1ksavDFK+vygD8gWKE
mbl5A7bOFUkPnRcFc1caFvMd6kDsgF00QFR7LPcP4lXZvR0UCeFUuoXc4LC8
W78PBJbv4RqG4bOPkkEzhwOAm2vicMeujxZXFkp56Gyr6ZmkQAxHHY1ObCU3
zkf0+TG+1U9AYWQ8snkBGrXYbEIqDSpZ5SPQwo9k0fLRSP0uCp0mZZvsAB1I
dmr+ZDdQeZljdZWj8xePXzzgal18Xi/QaBT2ewmbNFhqdyxFhJ6sWsRzB9Xv
yTJTyVPoQfDXPEh7UvVGQ258uWD3AjdQWLhSXL1LEXIHYG+1thJfNwvhWz5/
3zQXOqdQaqyLax/hWkKubE3CcepqNyeeSiniwYmMfd82U+Nn367wps71PhTv
SJC7LJyaofCA6auFVNihoOhN0/PVqHaBQc11pNk0VbMK4RHFFl4jLY0DKPlk
9F0Q++9dDsYkzGHSYnUI/BVapVivs8I8q3NE8z2+VW8LRhGuqL3HSLHLN/VR
TwrBicoFcNg6z8uasLNMuoKLVDUrn79FOY1LJwFIVxdUbEzokwOFiSFx4RVj
un1c9gqN76vQqO29xwDcixqPpmQhHWBJ+LaE5TWotvoohXFwyCsWRXqsdQTy
FuXoYtT6AhEsXxU+RF9dOHXoCd/5MskBBqLou9KrXOwhxbOdxHgpb/J+b4NA
4XH68h30SZ1OVJyusuEQPrjFHSOFJDHdQ2P6qtalmZ6k6FaZIbgZD1LnI8dO
7k13GBqg6koW4Ntupxz0rVa9nKkpA65YrLj8bwqErs5VihTp5k3+g5gQNWTC
43qoiS5ja4PWmuecxL3XcOf60LijXZDphG2RnFIeFlHgg0DBB/1bzFTkLrtz
CSgdmlHJIQyn5KBrOE/YoZFPDKfSCix0YuSEVK6V5pRaxe60ZoFBHVjuzH5y
dkY0/fJDw+PupD4oye8d8kJNpVkaOVKk29K1CQxRwdH2Jc0CN/jR4x+NHoxR
DxqMEiUYwec3xcwGvWOCLTxZAWE6enPyXXds6sO59XdNtRXF6M1A9ImLlpay
eyfDe2HLe29zzZXxHQr8bF6JICHemHCNAd0tYByEfFOIeknLZx8oyC/b2jFp
igZhvC21Qp242K21ifrS8WVynmajz6jKdUrAev5s8pDaT50Gkaqj0ZN10ZJf
h8rawMWAF9RB4aEMr3P3qijQ1QdWcldhEwexzzeY8hU7C7JJB9JFMBqhkS8n
YxKI+WvS+laFq6LiQs1ylLojY6DVyNQgeOTlZHUjyIke+4B8TDl6W5BWMwxA
8YZ28h1PqHg+/s7NAEGGoFh8MjOgZo0ubSAmY4RvKlqYOQWSjpwNw2pBswrj
UVcUUZAMVWEvkIrCOZVMgIcb/k2ivyQXng3Dq7WPBrxfuh5+WvbGRA3RhfBm
Pjq2Nw5mFNmbgJqtSSi+Oec6CBc+jHWTmFbY4QW5LrHShw9lDWOBiA1UouaA
crSdc9V4Uk25XxxXSmUJwGB8UFTbK/ianY+2UhWytIujMfIP4a6GOYO2Er+j
7s45UIAWdWcfoqoquMcAYEiwTlNhCu87G6Ndo7VUXEbTqjEZd9753JEhEuLO
OXPWbVvYjIuNsFZM08sWZXeycoDKSylAaA2ClWMBGFS1WGVeJmLaA8/RrNg1
4lZwXoSQ8T73gal6fcNSIuryCQ1cYstq2qDUaBME7e98OD21JsD6p06XZ9JP
Gj1JSFp8Igz7AjB21IoVwI1El8lTWEWBian7dRhPRGUWfM1WfJGjnjuKOI8p
At9h81vTjrnrAYKBCdNFs7HQoDPuyFjBAQguIl5mx+f1xhM+EKaau8YBcyxd
TcjvlLQykp8JSYQnBE5/QhhjyGuOXkKNirPxmMOgFSPmZG+kaBGL8Q3yoCrA
SsZFCb7nXcB5n5yipVpRXy8ia5UgrAXlv1GS82vASiV5qyh6pd4utbeh2gEk
BwP7wnzSRArisOrjJ3w94qzA18iy7rgfMWcTdqUFMm/wtSmh8YHH1Jhzl3MI
/ziScsjHWerrh9HXj/05f/h77T1MiwySJlNf7v86GuxUyhua3bi7dic7Y4vm
3q/NYINwDJ5hEDe0/2s3WKoqwrfpUgn7vv4QpWDmpSZeKgkKFRWqhBDswYhz
1MfnvM0xSpGlSKwyTrqEd9OmDFpejmcus8znNo2b41064ds0emlGJ1eLe9ik
1SeLBoZkCMmCaSQmPiunAMdKGgYHUeMwzu0jnZpkB/KXC3fTNTYzpGbe/8PS
+9w7NDXtKZxFxCTTOV06KylHO392Nuaih7LkUlmEiZRH+v3szEW7+hTPsqYa
jyhokALR2eS6ME6l74pqqcFF7q11uVhUxRUDTbi9Li3W0rz+JhkEPNpSlTWp
Mo9Zn2OjLwbVOSlOQksRMfdb/CWfU+IRdjEBiONOgRZzZKatXF832WqbE+Hl
gB5ykIkpnBhaGO8fVihHc0/edZpiTGBGi+EQAmFVKLoHp8Zm8dhF7Y1GLyKs
CDAZVqhI4TCdm/uQwQchweXAUX7xoYAOAURI1Timy4LdklEIEMiTb7FgGmWO
8d7CwTAUkEqqGv1OsNlYxeHybLFS6EXTsDDhhK+4/kjYWg9xEmdw4SGiLlAx
t4siX+DVwh/EuPHDm/M4EJE0MjJ0gkiyxvbU+WLRchcJq/gnwiOlZKeNiFLo
VSaWD9NVTRYZKj48pqgB7KxBfQMVoZoopbivvLjhMzB8a4tB2fklXASx4VDl
N28+BWi63t3cqKrzBiH2HlEslZg24Ra2RDmXpNNg0ndedh1LSzRot6/V2kMR
i2EF5ywLv/9MYyOwWpoJCbQtViSOadgiwGoY2gnFJ39IXdp8KBFK7EoTudpd
IFQuj0wzhsrQdqACvgCdlNQoaqmTkp2cGta7cBq0RUQPksqDfQLXhX8wZT3S
aQc1A9lyq/GEqmj0rk5nGgRJC5XOwSyHHZflepPPpVht1zdVUfvNoJ8TlESK
hDWlb8gh57y2cBmWvQSz9NHFEKIgvlmPmZoS4H2KpLTrrxqVJ/eGCxGE7UCp
6ippfoUENTiVcCwD+cK8HHSKpZ7xecymWYMWwJnR3vbQtCsgPj7sKIoC895O
wJ2HTE3iYpw+exdrEW4rVPJlE4Y+gk49l26BeVAMljRUZlPWPCbgwDjkvGIG
HBWQ5UzRLkpBIXIUevNNdFOo1r6VxfioNCJNZg8zUxICnxa24o9Ynd9hDLxr
TeOSpsnJukalu+sx7MG5WU2wtYGWxI3ilCbM2SfxAEK+NFHlA3/44cwBDf41
QQamqaufMCw8IJZckTeE+NPsbDABuagnY6EtGGxmEDdWkJdYlWsxrWkr2zAM
frgzOQlMymh6Z4lio662aKNErLJZ8KGqw4JsjmiP7EERR6az6eNWH/FktDtn
pOq2nTfozQpLKTCivV5N4mY0zh8lZRuwhHaNMlzcBVHcT3F6B8/f8EWgPS5S
hYVtIWG0wsxdPWGiWyfDvJ4g43BQ8ZnootuDT3Q2ARvCB9hYw/qA3pE1khsq
aJVqEm3qXdU2X8t0nES3LCcLwr01qdES7Oj8X3j98DmNMpbL6fO9xmjNU3mc
IpdSWdc2wjzIsxbBJHdhRhJoSUjuqqG71Gs0YQWijN4zrj0t1sQ9GVWwg9yn
m/lwDCr/yXyfg8ZjclMk2iOPbVC7CZMKEgGF/TDlnFGGFhcNIRNRvfPBA8ME
NJQFl/lc+3X5FVCUPXtP7JG6Zpvo8tQqZr2Wshf7MjkGq8oEdQlxDYyVo9Ep
nTllZfmGeqQkeb0pDAfTqA22y/VqxvPp/IPUNwqklYIfg0ICXsh45CjAaPTk
UmQBzj4tsD08efkkeN/2tBuISlRE3MF5WeVXnSEMgRSBrUrxaSKd7NTCggSG
Gg3qGEoV6qAzO0B7VbS7gZiNEggrKxw6GkzMJerDiG7JmXTGbSxXxXFe2ncz
dx0TGESkOjGGdn3smY7cnSIGbGtQ64j2TrMTsyZfNMDFIQwEKeC36Lx3opLv
IZuQ9AhNWJKKdmHj3J36rZ1xtX6xiGyhscb7tjaM/YX6MSpid6BYYskbZ91X
7XJocnHOtRgns9OTH08GdiWiitownO4maPb0pMaCj0aTyYTSgHGQkzn2wwRp
i7JLutH7B/V2PcNKJN/cAn2rK9COdd4smgfZyWKR7eCacmgFgoOW8QiYGkKY
pb0FKON9Nvniq/RIn2evNwuRDNSDq15w38hRyg3mILSt4RUKImNpaBlUaXY5
Bxph9vr8afgA2avhRGCUtiBrwTDpVZpH40SLRSG5OYNvT05dm479u/7tvl2f
CS8w1cfC+mKnIjVgGfrmckjhqWeGgZBohcJhaH4P3H3tE/2e8CyltDe1IJk0
m+7jxweuQvySSdACO8Tfefn4JcxQInVDv7lcDG5doicw1s4PrpfJ6P8Cv8wa
iRUJAQA=

-->

</rfc>
