<?xml version='1.0' encoding='utf-8'?>
<!DOCTYPE rfc [
  <!ENTITY nbsp    "&#160;">
  <!ENTITY zwsp   "&#8203;">
  <!ENTITY nbhy   "&#8209;">
  <!ENTITY wj     "&#8288;">
]>
<?xml-stylesheet type="text/xsl" href="rfc2629.xslt" ?>
<!-- generated by https://github.com/cabo/kramdown-rfc version 1.7.39 (Ruby 3.2.3) -->
<rfc xmlns:xi="http://www.w3.org/2001/XInclude" ipr="trust200902" docName="draft-hong-nmrg-rea-ps-00" category="info" consensus="true" submissionType="IRTF" tocInclude="true" sortRefs="true" symRefs="true" version="3">
  <!-- xml2rfc v2v3 conversion 3.34.0 -->
  <front>
    <title abbrev="REA-PS">Problem statements and Challenges of Internet for Physical AI : REA</title>
    <seriesInfo name="Internet-Draft" value="draft-hong-nmrg-rea-ps-00"/>
    <author fullname="Yong-Geun Hong">
      <organization>Daejeon University</organization>
      <address>
        <email>yonggeun.hong@gmail.com</email>
      </address>
    </author>
    <author fullname="Jong-Myeong Jeong">
      <organization>KT</organization>
      <address>
        <email>tuplestone@gmail.com</email>
      </address>
    </author>
    <author fullname="Deok-Hyun You">
      <organization>Daejeon University</organization>
      <address>
        <email>deokhyeonryu99@gmail.com</email>
      </address>
    </author>
    <author fullname="Seung-Hoon Lee">
      <organization>Daejeon University</organization>
      <address>
        <email>gnsl0012@gmail.com</email>
      </address>
    </author>
    <author fullname="Seongbok Baik">
      <organization>Daejeon University</organization>
      <address>
        <email>sbbaik@dju.kr</email>
      </address>
    </author>
    <date year="2026" month="July" day="06"/>
    <area>IRTF</area>
    <workgroup>Network Management Research Group</workgroup>
    <keyword>next generation</keyword>
    <keyword>reality execution</keyword>
    <keyword>digital trust</keyword>
    <abstract>
      <?line 39?>

<t>As autonomous agents and physical AI increasingly translate digital requests into physical execution, existing Internet trust mechanisms assure integrity within the digital domain but cannot verify whether execution conforms to physical reality. This document defines this problem space as Reality Execution Assurance (REA), extending the evidence-appraisal-result structure of RATS and SCITT to identify key gaps between digital declaration and physical execution and to outline design requirements for assurance results consumable by relying systems. This document is a problem statement and does not define a protocol.</t>
    </abstract>
  </front>
  <middle>
    <?line 43?>

<section anchor="introduction">
      <name>Introduction</name>
      <t>The Internet was built from its inception on the foundation of trust between communicating entities within the digital domain. To ensure that packets, sessions, or communicating actors maintain their integrity within this digital space, mechanisms such as IP reachability, TLS end-to-end confidentiality, and credential- and token-based authorization frameworks have been devised and continuously advanced.</t>
      <t>The Remote ATtestation ProcedureS (RATS) architecture <xref target="RFC9334"/>, which verifies the trustworthiness of remote devices, introduced standardized formats for Evidence and Attestation Results. This has been further extended by the EAT specification <xref target="RFC9711"/> to granularly express device characteristics, and the Endorsements structure <xref target="I-D.ietf-rats-endorsements"/> designed to supplement the appraisal process. Alongside these developments, the Supply Chain Integrity, Transparency, and Trust (SCITT) architecture <xref target="RFC9943"/>, which addresses supply chain trustworthiness, connects the integrity and transparency of the entire supply chain in an auditable manner. This architecture achieves this based on a structure of Statements made by supply chain components (such as software or hardware) and tamper-evident cryptographic Receipts. Recently, subsequent standard specifications have materialized—including the HTTP-based Reference APIs <xref target="I-D.ietf-scitt-scrapi"/> and the CCF (Confidential Consortium Framework) ledger-based Profile for COSE(CBOR Object Signing and Encryption) Receipts <xref target="I-D.ietf-scitt-receipts-ccf-profile"/> which applies the IETF standard for lightweight cryptographic signing and data protection to further deepening the layer of trust within the digital domain. Although their focus areas differ, these technologies share a common structural paradigm: evaluating "what can be trusted" based on evidence.</t>
      <t>However, recent shifts are fundamentally transforming the object of trust itself. The recipients of network requests are no longer confined to servers, software, or user terminals. Autonomous vehicles, robots, drones, smart locks, industrial automation equipment, and physical AI—systems that physically move to execute tasks—are taking their place. Consequently, a single digital request translates directly into a physical action: opening a door, moving a vehicle, handing over an object, or occupying a physical space. While RATS asks, "How do we prove the current internal state of this system?" the question we face today represents the next evolution: "Does the digitally proven state actually align with the physical reality right in front of us at this very moment?"</t>
      <t>This is a novel boundary problem naturally encountered by the Internet and digital systems as they attempt to extend their established trust boundaries to physical execution in the real world. This challenge can no longer be deferred, particularly due to the rapid proliferation of agent-based AI. The delegation of execution to autonomous agents is becoming commonplace through Agent-to-Agent (A2A) interaction, Agent-to-Infrastructure (A2I) interaction, and the Model Context Protocol (MCP). As we approach a reality where autonomous agents make reservations, approve transactions, make calls, and enter into contracts on behalf of humans, and physical AI and automated systems translate these into real-world actions <xref target="EXEC-GOV"/>, we urgently need a methodology to verify whether the conditions declared in the digital domain match the states observed in reality. Furthermore, we need a way to formulate these answers into a reusable structure that other systems can directly ingest.</t>
      <t>This document defines this problem domain as Reality Execution Assurance (REA). Through this document, we propose a framework to apply the familiar structure of evidence-appraisal-attestation results, established by RATS and SCITT, directly to the problem of verifying physical execution rather than purely digital systems.</t>
    </section>
    <section anchor="problem-statement">
      <name>Problem Statement</name>
      <t>The traditional Internet security and protocol stack has evolved strictly to guarantee logical consistency and data integrity within the digital domain, spanning from the network interface layer to the transport and application layers. End-to-end encryption and credential authentication mechanisms are near-perfect for proving that data has not been tampered with and has been delivered to the correct destination within a virtual infrastructure. However, now that the ultimate destination of communication has shifted to the physical execution environment, this traditional protocol framework reveals a critical limitation. No matter how robust the security and digital trust of the upper logical layers may be, they cannot guarantee factual conformity in the physical world where actual commands are executed.</t>
      <t>Digital services that trigger physical execution are already emerging across various domains, including access control, remote smart lock approval, shipping and asset handover, mobility vehicle control, and blockchain smart contract integration. Existing digital frameworks can effectively address questions internal to the digital domain—such as to whom an identifier was issued, whether a session or request was delivered through a valid path, and whether a given account possesses the required permissions <xref target="CISCO-DUO-POLICY"/>. Yet, the moment physical execution is introduced, distinct questions arise. It is difficult to assure through existing frameworks whether an authenticated user has actually arrived at the physical site, whether the subject holding digital authority matches the subject performing the physical execution, whether execution conditions are maintained until completion, and whether inputted sensor values and location data align with the actual state of reality.</t>
      <t>Existing Internet systems process digital representations—such as identifiers, tokens, sessions, logs, sensor values, and device events—but these representations themselves do not directly assure the conformity of physical execution. Even if a command is received using a valid cryptographic key, it could lead directly to system failure or safety accidents if the executing device is experiencing a voltage drop or outputting distorted data due to sensor contamination. Furthermore, even if a secure session is established in full compliance with credentials, the possibility cannot be ruled out that the opposing party is a software emulator mimicking a real device rather than the physical hardware itself. In future physical AI and autonomous agent environments, this problem becomes increasingly vital because systems must verify whether digital commands generated by autonomous agents are safely executed within permitted physical spatial boundaries. The core of the issue lies in how to evaluate the relationship between the execution conditions declared in the digital domain and the states observed in the physical execution environment, and how to express the results in a format that subsequent systems can ingest.</t>
    </section>
    <section anchor="terminology">
      <name>Terminology</name>
      <t>This section defines the core terms used to describe the problem domain.</t>
      <dl>
        <dt>Reality Execution Assurance (REA):</dt>
        <dd>
          <t>A problem domain focused on evaluating whether requests, rights, policies, contracts, or conditions declared in the digital domain conform to the execution conditions observed in the physical execution environment, and generating assurance results that subsequent systems can ingest. REA does not replace existing authentication, authorization, access control, payment, contract, or device control logic; rather, it supplements the grounding points required when these elements interface with physical execution.</t>
        </dd>
        <dt>Digital Execution Condition:</dt>
        <dd>
          <t>An execution condition represented within the digital domain. Examples include a condition requiring a specific user to be in front of a specific door, or a condition requiring a particular delivery item to be handed over to a designated recipient. Such declarations of credentials or authority can be structured into digital expressions through frameworks like the W3C Verifiable Credentials Data Model <xref target="W3C-VC-2.0"/>.</t>
        </dd>
        <dt>Reality Observed Evidence:</dt>
        <dd>
          <t>Information received, referenced, or derived to represent the state of the physical execution environment. This includes location, proximity, device events, boundary crossings, presence/duration of stay, object movement, sensor events, and audit logs, all of which are evaluated within the context of their relationship to the declared conditions.</t>
        </dd>
        <dt>Physical Execution State:</dt>
        <dd>
          <t>The actual, real-world state of a specific person, device, object, space, or process in relation to the execution conditions. This includes states such as on-site presence, approach to a door, asset handover, vehicle entry, space occupancy, and task completion status.</t>
        </dd>
        <dt>Assurance Result:</dt>
        <dd>
          <t>The output of the REA evaluation and the input data ingested by subsequent systems. It is expressed in states such as condition fulfilled, suspended, condition unfulfilled, insufficient evidence, or conflicting evidence.</t>
        </dd>
        <dt>Subsequent System (e.g., Relying Party):</dt>
        <dd>
          <t>A system that performs domain-specific processing by referencing the REA assurance results. Examples include access control systems, payment systems, blockchain smart contract integration systems, and robot control systems.</t>
        </dd>
      </dl>
    </section>
    <section anchor="key-challenges">
      <name>Key Challenges</name>
      <section anchor="gaps-between-digital-representation-and-physical-execution">
        <name>Gaps Between Digital Representation and Physical Execution</name>
        <ul spacing="normal">
          <li>
            <t><strong>Temporal Gap</strong>: While digital authentication or authorization checks succeed at a specific point in time to issue a command, physical execution in the real world progresses over a duration of time. Due to real-time dynamic environmental shifts, the data at the time of command generation and the physical state at the moment the hardware operates may mismatch, potentially causing control errors or security voids during this brief interval.</t>
          </li>
          <li>
            <t><strong>Subject Gap</strong>: The account or session possessing digital credentials does not always align with the actor performing the actual physical execution. Even if session continuity is securely maintained at the upper logical layer, traditional protocol architectures cannot easily detect instances where physical hardware detaches without the network's knowledge, masquerades using sophisticated clones, shares credentials, acts via unauthorized proxy, or falls victim to relay attacks mid-communication.</t>
          </li>
          <li>
            <t><strong>Continuity Gap</strong>: Real-world execution is not a single, isolated event; rather, it consists of a continuous workflow involving entry, approach, execution, and termination. Existing systems typically verify a one-time digital authentication only at the initial phase and fail to monitor whether the execution conditions are continuously maintained across the physical space throughout the entire required duration, leaving them vulnerable to man-in-the-middle attacks that intercept legitimate signals.</t>
          </li>
          <li>
            <t><strong>Factual Conformity Gap</strong>: Data such as location points, sensor readings, and device statuses represent reality; however, in environments where multiple pieces of evidence are incomplete, conflicting, or susceptible to manipulation, it is difficult to determine actual physical alignment solely through a single signal or the internal consistency of a digital signaling system. If the initial real-world data entering the system is distorted, the protective safeguards of the virtual world fail to defend against real-world physical anomalies or destruction.</t>
          </li>
        </ul>
      </section>
      <section anchor="limitations-of-existing-digital-components">
        <name>Limitations of Existing Digital Components</name>
        <t>Network protocols, session management, authentication, authorization, decentralized identity (DID), and access control frameworks have advanced to a high degree of maturity in expressing and processing subjects and rights within the digital domain. However, these frameworks cannot sufficiently express or evaluate whether an execution target actually exists within the required boundaries of physical space, whether the executing subject is the legitimate owner or authorized delegate of the digital credentials, or whether the physical state conforms to the execution conditions. REA does not replace existing security components; instead, it plays a complementary role by comparing observed evidence regarding physical execution with declared conditions to generate conformity assurance results that subsequent systems can reference.</t>
      </section>
    </section>
    <section anchor="design-requirements">
      <name>Design Requirements</name>
      <t>Discussions regarding REA standardization must take the following requirements into consideration:</t>
      <ul spacing="normal">
        <li>
          <t><strong>Inclusivity of Subjects and Targets</strong>: The framework must be capable of referencing actors, devices, objects, spaces, environments, and temporal conditions within the physical execution environment, and it must not be restricted to a single domain.</t>
        </li>
        <li>
          <t><strong>Condition Expressiveness</strong>: The framework must be able to express not only location or proximity, but also the continuity of conditions, the freshness of evidence, and states of partial fulfillment or insufficient evidence.</t>
        </li>
        <li>
          <t><strong>Single-Flow Integrity</strong>: The collection of observed evidence, appraisal against declared conditions, generation of assurance results, and delivery to subsequent systems must be consistently linked and interpreted within the same execution context.</t>
        </li>
        <li>
          <t><strong>Observation Technology Independence</strong>: The framework must not depend on specific sensors, signals, devices, or measurement methods, ensuring that assurance results can be interpreted with a common meaning across varying deployment environments.</t>
        </li>
        <li>
          <t><strong>Privacy Protection</strong>: Beyond the scope required to support the assurance results, the system must not excessively expose identifiable information—such as the location or behavior of physical subjects—and must strictly adhere to the principle of data minimization.</t>
        </li>
        <li>
          <t><strong>Resistance to Mismatch and Misuse</strong>: The framework must be resilient against real-world execution anomalies and adversarial misuse, including evidence reuse, subject substitution, credential sharing, relay attacks, and observation delays.</t>
        </li>
      </ul>
    </section>
    <section anchor="rea-conceptual-framework">
      <name>REA Conceptual Framework</name>
      <section anchor="basic-concepts">
        <name>Basic Concepts</name>
        <t>REA is a functional framework that receives observed evidence from the physical execution environment, appraises it against the declared conditions of the digital domain, and generates assurance results that subsequent systems can ingest. A single system may execute this entire workflow, or multiple systems may distributively perform the distinct functions of observation, normalization, appraisal, and delivery.</t>
        <t>Rather than simply replicating the physical world within the digital domain, REA functions as a grounding point that evaluates and contextualizes the relationship between real-world observed expressions and digital declared conditions to provide definitive assurance results.</t>
      </section>
      <section anchor="relationship-between-the-physical-execution-environment-and-the-digital-domain">
        <name>Relationship Between the Physical Execution Environment and the Digital Domain</name>
        <t>The physical execution environment encompasses actors, vehicles, robots, delivery assets, entry doors, parking spaces, sensors, physical boundaries, and real-world actions. The digital domain includes network connections, sessions, authentication, authorization, application policies, contracts, payments, and access control logic. REA acts as a bridge, building upon the rich expressive capabilities developed within the traditional digital domain by evaluating a distinct assurance problem—the conformity of physical execution conditions—and conveying those findings to subsequent digital systems.</t>
      </section>
      <section anchor="assurance-results">
        <name>Assurance Results</name>
        <t>The final output of REA is not an execution command, but rather assurance result data, which serves as input data referenced by subsequent systems when they perform actions such as granting access, controlling devices, executing contracts, confirming payments, or dispatching robotic commands. Assurance results can be expressed in states such as condition fulfilled, suspended/additional verification required, condition unfulfilled, insufficient or conflicting evidence, post-verification required, or recorded state for audit and dispute resolution.</t>
      </section>
    </section>
    <section anchor="reality-execution-assurance-procedures">
      <name>Reality Execution Assurance Procedures</name>
      <section anchor="digital-declaration-of-execution-conditions">
        <name>Digital Declaration of Execution Conditions</name>
        <t>An execution request, contract, reservation, ticket, or authorization is generated within the digital domain by authentication, authorization, or application logic. REA utilizes the declared conditions established during this phase as its initial baseline input.</t>
      </section>
      <section anchor="execution-context-binding">
        <name>Execution Context Binding</name>
        <t>The digital declaration is bound to a specific, real-world execution context, which may include details regarding the user, space, device, physical boundary, temporal window, or delegation relationship. Moving beyond a simple query regarding credential validity, this step structures the necessary criteria so that the system can realistically appraise whether the physical execution conditions conform to the digital declaration.</t>
      </section>
      <section anchor="pre-execution-rea-appraisal">
        <name>Pre-Execution REA Appraisal</name>
        <t>Immediately prior to or at the onset of a subsequent physical execution—such as opening an entry door, boarding a vehicle, handing over goods, entering a parking facility, unlocking a smart lock, or deploying a robot—REA appraises the received observed evidence against the structured declared conditions. The assurance results generated from this appraisal are delivered to subsequent systems, which then determine whether to proceed with execution, suspend the operation, reject the request, or demand additional verification.</t>
      </section>
      <section anchor="subsequent-physical-execution">
        <name>Subsequent Physical Execution</name>
        <t>Referencing the REA assurance results, domain-specific execution systems (e.g., access control systems, payment platforms, smart contract integration infrastructures, or robot control units) perform actual physical operations, such as unlocking a door or finalizing a financial transaction. REA does not directly substitute or intervene in this execution control mechanism.</t>
      </section>
      <section anchor="post-execution-verification-and-audit">
        <name>Post-Execution Verification and Audit</name>
        <t>The definitive outcome of the physical execution is verified post-execution —confirming events such as whether a door actually opened and allowed only a single individual to pass, whether an asset handover was completed, whether a vehicle successfully entered the designated zone, or whether a robot strictly adhered to its operational boundaries. These outcomes are committed to an audit log to be used for dispute resolution, post-settlement processing, violation detection, policy refinement, and risk assessment for future execution cycles.</t>
      </section>
    </section>
    <section anchor="use-cases-of-rea">
      <name>Use cases of REA</name>
      <t>The use cases and sequence diagrams presented in this section are non-normative examples and do not mandate specific protocol message formats or particular product interfaces. In these diagrams, Biz Application refers to existing systems responsible for reservations, payments, permissions, and settlements. Field Proxy represents components that observe and represent real-world onsite conditions, such as doors, gates, and unmanned equipment.</t>
      <section anchor="shipping-receipt-and-asset-handover">
        <name>Shipping, Receipt, and Asset Handover</name>
        <t>In a delivery session where a business context (transaction/shipping contract) is established beforehand, the system verifies that the transferor and transferee at the physical site actually encounter each other and that their respective intentions to transfer and receive are properly combined and fulfilled within the same execution context.</t>
        <sourcecode type="artwork"><![CDATA[
Transferor   Transferee   Biz App      REA
    |            |           |          |
    |            |-- Order ->|          |
    |            |   1. Order Contract  |
    |            |           |-- Policy>|
    |            |           |   2. Send Policy
    |            |           |          |-- Init ->|
    |            |           |          |   3. Initialize Session
    |-- Enc ---->|           |          |
    |   4. Encounter         |          |
    |            |           |          |
    |---------------------------------->|
    |   5. Submit Transferor Evidence   |
    |            |--------------------->|
    |            |   6. Submit Transferee Evidence
    |            |           |          |
    |            |           |          |-- Match ->|
    |            |           |          |   7. Match Evidence
    |            |           |<-- Asr --|
    |            |           |   8. Assurance Results
    |<-- Conf ---|           |          |
    |   9. Confirm           |          |
    |            |-- Comp -->|          |
    |            |   10. Complete       |
]]></sourcecode>
      </section>
      <section anchor="parking-entry-settlement-and-exit">
        <name>Parking Entry, Settlement, and Exit</name>
        <t>Instead of the business session initiating first, a vehicle entry event occurs at the ingress gate beforehand. This shows the characteristics of a reality-first procedure, where a temporary entry context is later bound to a payment/user context during the settlement phase and then re-verified at the exit stage.</t>
        <sourcecode type="artwork"><![CDATA[
Vehicle      Gate Proxy   Biz App      REA
   |             |           |          |
   |-- Appr ---->|           |          |
   |   1. Approach           |          |
   |             |-- Report ----------->|
   |             |   2. Report Entry    |
   |             |           |          |-- Context>|
   |             |           |          |   3. Create Temp Context
   |-- Settle -------------->|          |
   |   4. Settle Parking Fee |          |
   |             |           |-- Sess ->|
   |             |           |   5. Send Session
   |             |           |          |-- Bind ->|
   |             |           |          |   6. Bind Contexts
   |-- Exit ---->|           |          |
   |   7. Exit   |           |          |
   |             |-- Req -------------->|
   |             |   8. Request Verification
   |             |           |          |-- Eval ->|
   |             |           |          |   9. Evaluate Conformance
   |             |           |<-- Asr --|
   |             |           |   10. Assurance Results
   |             |<-- Open --|          |
   |             |   11. Open Barrier   |
]]></sourcecode>
      </section>
      <section anchor="task-initiation-for-robots-drones-and-equipment">
        <name>Task Initiation for Robots, Drones, and Equipment</name>
        <t>In physical AI and autonomous driving environments, digital commands generated by autonomous agents are converted into physical operations performed by robots, drones, and unmanned facilities. In this scenario, the Biz Application establishes task directives and permissible boundary policies, while the equipment/object Field Proxy transmits the physical constraints of the real-world environment. REA pre-emptively verifies not only the validity of the digital command but also whether the actual physical space where the robot operates, the location of the target asset, and the surrounding environmental conditions align with the declared boundaries before delivering the task initiation assurance result.</t>
        <sourcecode type="artwork"><![CDATA[
Robot        Target Proxy Biz App      REA
  |              |           |          |
  |              |           |-- Policy>|
  |              |           |   1. Task Policy
  |              |           |          |-- Bound ->|
  |              |           |          |   2. Set Boundary
  |-- Dock ----->|           |          |
  |   3. Move & Dock         |          |
  |              |-- Check ------------>|
  |              |   4. Check Status    |
  |------------------------------------>|
  |   5. Submit Equipment Evidence      |
  |              |--------------------->|
  |              |   6. Submit Target Physical Evidence
  |              |           |          |
  |              |           |          |-- Align ->|
  |              |           |          |   7. Verify Safety & Align
  |              |           |<-- Asr --|
  |              |           |   8. Assurance Results
  |<-- Permit ---------------|          |
  |   9. Permit Task         |          |
]]></sourcecode>
      </section>
    </section>
    <section anchor="security-considerations">
      <name>Security Considerations</name>
      <t>Because Reality Execution Assurance systems handle sensitive real-world attributes—including physical locations, subject identities, operational states, and environmental profiles—maintaining robust security and privacy protection is paramount.</t>
      <ul spacing="normal">
        <li>
          <t>First, collected evidence must be restricted to the minimum scope necessary to fulfill the specific service objective. For instance, if the objective is simple access verification, recording passing events, occupancy counts, or proximity telemetry should be prioritized over storing comprehensive video surveillance feeds. Furthermore, the use of persistent identifiers that track a device's long-term trajectory must be avoided in favor of temporary tokens or ephemeral, single-use identifiers.</t>
        </li>
        <li>
          <t>Second, the integrity and confidentiality of reality assurance metadata must be strictly safeguarded. Data assets such as evaluation results, evidence identifiers, policy IDs, execution logs, and confidence scores must be heavily protected against forgery, tampering, replay attacks, and unauthorized disclosure. Clear architectural independence among distinct observation functionalities must also be explicitly guaranteed.</t>
        </li>
        <li>
          <t>Third, the multi-evidence convergence process must account for false positives and over-blocking. Operational buffers and formal appeal mechanisms are required to ensure that physical sensor degradation, location inaccuracies, network latency, or legitimate user anomalies are not erroneously classified as malicious behavior. In particular, self-defending mechanisms capable of filtering out sensor contamination or external injection attacks at the ingestion stage are essential.</t>
        </li>
        <li>
          <t>Fourth, Reality Execution Assurance must not be repurposed or misused as a surveillance mechanism. Systems must incorporate explicitly stated purposes, explicit user notifications, rigorous access control matrices, defined data retention ceilings, and thorough audit trails. Responsible governance frameworks must be established to prevent automated decisions from causing unfair or disproportionate disadvantages to users.</t>
        </li>
        <li>
          <t>Fifth, feedback and remediation mechanisms must be applied differentially based on the operational risk level of the service. In high-risk deployment environments—such as critical facility access control, financial settlements, delegated authorities, or autonomous equipment operations—a fail-closed posture is typically appropriate. Conversely, for low-risk services, adaptive approaches such as supplementary verification steps or conditional approvals may be preferred.</t>
        </li>
      </ul>
    </section>
    <section anchor="iana-considerations">
      <name>IANA Considerations</name>
      <t>This document requires no actions from IANA.</t>
    </section>
  </middle>
  <back>
    <?line 273?>

<references>
      <name>References</name>
      <references>
        <name>Normative References</name>
        <reference anchor="RFC9334" target="https://www.rfc-editor.org/rfc/rfc9334">
          <front>
            <title>Remote ATtestation procedureS (RATS) Architecture</title>
            <author initials="H." surname="Birkholz" fullname="Henk Birkholz"/>
            <author initials="D." surname="Thaler" fullname="Dave Thaler"/>
            <author initials="M." surname="Richardson" fullname="Michael Richardson"/>
            <author initials="N." surname="Smith" fullname="Ned Smith"/>
            <author initials="W." surname="Pan" fullname="Wei Pan"/>
            <date month="January" year="2023"/>
          </front>
          <seriesInfo name="RFC" value="9334"/>
          <seriesInfo name="DOI" value="10.17487/RFC9334"/>
        </reference>
        <reference anchor="RFC9711" target="https://www.rfc-editor.org/rfc/rfc9711">
          <front>
            <title>The Entity Attestation Token (EAT)</title>
            <author initials="L." surname="Lundblade" fullname="Laurence Lundblade"/>
            <author initials="G." surname="Mandyam" fullname="Giri Mandyam"/>
            <author initials="J." surname="O'Donoghue" fullname="John O'Donoghue"/>
            <author initials="C." surname="Wallace" fullname="Carl Wallace"/>
            <date month="April" year="2025"/>
          </front>
          <seriesInfo name="RFC" value="9711"/>
          <seriesInfo name="DOI" value="10.17487/RFC9711"/>
        </reference>
      </references>
      <references>
        <name>Informative References</name>
        <reference anchor="I-D.ietf-rats-endorsements" target="https://datatracker.ietf.org/doc/html/draft-ietf-rats-endorsements-09">
          <front>
            <title>RATS Endorsements</title>
            <author initials="D." surname="Thaler" fullname="Dave Thaler"/>
            <author initials="H." surname="Birkholz" fullname="Henk Birkholz"/>
            <author initials="T." surname="Fossati" fullname="Thomas Fossati"/>
            <date day="2" month="March" year="2026"/>
          </front>
          <seriesInfo name="Internet-Draft" value="draft-ietf-rats-endorsements-09"/>
        </reference>
        <reference anchor="RFC9943" target="https://www.rfc-editor.org/rfc/rfc9943">
          <front>
            <title>An Architecture for Trustworthy and Transparent Digital Supply Chains</title>
            <author initials="H." surname="Birkholz" fullname="Henk Birkholz"/>
            <author initials="A." surname="Delignat-Lavaud" fullname="Antoine Delignat-Lavaud"/>
            <author initials="C." surname="Fournet" fullname="Cedric Fournet"/>
            <author initials="Y." surname="Deshpande" fullname="Yogesh Deshpande"/>
            <author initials="S." surname="Lasker" fullname="Steve Lasker"/>
            <date month="June" year="2026"/>
          </front>
          <seriesInfo name="RFC" value="9943"/>
          <seriesInfo name="DOI" value="10.17487/RFC9943"/>
        </reference>
        <reference anchor="I-D.ietf-scitt-scrapi" target="https://datatracker.ietf.org/doc/html/draft-ietf-scitt-scrapi-11">
          <front>
            <title>Supply Chain Integrity, Transparency, and Trust (SCITT) Reference APIs</title>
            <author initials="H." surname="Birkholz" fullname="Henk Birkholz"/>
            <author initials="J." surname="Geater" fullname="Jon Geater"/>
            <author initials="A." surname="Delignat-Lavaud" fullname="Antoine Delignat-Lavaud"/>
            <date day="26" month="June" year="2026"/>
          </front>
          <seriesInfo name="Internet-Draft" value="draft-ietf-scitt-scrapi-11"/>
        </reference>
        <reference anchor="I-D.ietf-scitt-receipts-ccf-profile" target="https://datatracker.ietf.org/doc/html/draft-ietf-scitt-receipts-ccf-profile-04">
          <front>
            <title>CCF Profile for COSE Receipts</title>
            <author initials="H." surname="Birkholz" fullname="Henk Birkholz"/>
            <author initials="A." surname="Delignat-Lavaud" fullname="Antoine Delignat-Lavaud"/>
            <author initials="C." surname="Fournet" fullname="Cedric Fournet"/>
            <author initials="A." surname="Chamayou" fullname="Amaury Chamayou"/>
            <date day="24" month="June" year="2026"/>
          </front>
          <seriesInfo name="Internet-Draft" value="draft-ietf-scitt-receipts-ccf-profile-04"/>
        </reference>
        <reference anchor="EXEC-GOV" target="https://www.academia.edu/165191077/Execution_Governance_A_Structural_Control_Layer_for_Autonomous_Systems">
          <front>
            <title>Execution Governance: A Structural Control Layer for Autonomous Systems</title>
            <author>
              <organization>Academia.edu</organization>
            </author>
            <date year="2026"/>
          </front>
        </reference>
        <reference anchor="CISCO-DUO-POLICY" target="https://duo.com/docs/policy">
          <front>
            <title>Duo Administration - Policy &amp; Control</title>
            <author>
              <organization>Cisco</organization>
            </author>
            <date month="June" year="2026"/>
          </front>
        </reference>
        <reference anchor="W3C-VC-2.0" target="https://www.w3.org/TR/vc-data-model-2.0/">
          <front>
            <title>Verifiable Credentials Data Model v2.0</title>
            <author>
              <organization>W3C</organization>
            </author>
            <date day="15" month="May" year="2025"/>
          </front>
        </reference>
      </references>
    </references>
  </back>
  <!-- ##markdown-source:
H4sIAAAAAAAAA+1d63Ibx5X+j6eYYqoSyQWAkmXHkSIrS5GUTEeyVCRjr3+5
hjMNYMLBDDI9Qwp2nNqH2CfcJ9nznXP6MsCAhJRsfq2qJJGYnr6cPpfvXLox
mUxGbdGW5lly8L6pr0qzTGybtmZpqtYmaZUnx4u0LE01NzapZ8lZ1ZqmMm0y
q5vk/WJtiywtk6Oz5Flyfnp0MEqvrhpzQ73Rb5P3FwejjDqb1836WVJUs3qU
11mVLmm4vEln7WRRV/NJtWzmk8akk5WdPHo0st3VsrC2qKt2vaKWZ+eXr0ZZ
XVlT2c4+S9qmMyMa4skopZf0+W3dXM+buls9S74zLX5L3qZVOueFJOfGmrTJ
FslrNBnZ9bIxM+pqbezo2qypef5slEySynxok7mpTJO2ND4+oiHKol0n5oPJ
OvdhXsyLltZNU7HtaJR27aJu0MMooT+zrixlkQc/Yn2vTVcl39BPB/y4buZp
VfzMI1CTk9T81dRV8pequDGNpbGkmVmmRUnP1/TinHqYglb/Mcen06xeHgyM
9i1Ge7um3ubJt2bXgH++7A/QdqvS2LauTL/3ZLP7E1NfT75Z02J+rLtPWktO
PSwwv2bdPX26MVyyNeAFLXs++aamHt8Y80kjzitbPnr0+PM9xiJ6XdXXycu0
uP6koezVFb36H/lfu+l1czAaTSaTJL2ybZNmxCNHJE0dEble1h39OPfytYqE
qKgy4jdbVPNyTcyV0uRJfDy7NeZvHe2UpXZtHV70rDmmHwvb0utBTplFk6XJ
FrQWu6Qxre0agy7MvAFn3xbtoqiSdhEGymtaU5VcdW2SpVVVtwmtuJhR24Wh
dk0YMiHBJFVA/cYzUqGZJpeLwlJvWcdimJtZUZEeafHpyqmbVZoZmhUJqUja
qe/7CFNNK3r8gNTJQyyvNVWO9WG25qbIDT2dpKtVkxY2LUmL2K5sSYU1XdZi
maSyzo8uL5jSF8dnl5eYJ15rsRyS/WSermxyRTrDmCoQwGRlKkqgv0lh4fiY
+qq7tqRF0Ru2mFe8RUWj6hM6MvVrkLlZUMx2y5QWn1yt6dNyjQXZtSWtazdJ
Rj+ngVROM/PgeU2kxN4IWaVdW2d1ORXmWxZ5XprR6DfghqbOiSTQX6NLop3n
j1ui/FVXENFmTb1MCuauzKx4jbWwxazuqlyIQfQUjnIUI4ladhXRhtkOdG0L
mtdOpqIF1gk0OW1Ou0jbhLb/2rR2nFjDSp9+IrL1uyUJqhub4P02lW6LZoiF
QTodjvlqHHO+7cgC0HLP3oNB6eOrAgw3Ti7fXNCU8klbT+g/ZmlhkVSeg9ok
mPrRRLf+2lSTq9SaPBH9r5qC6EgaBRbIJov0hjaZGYuYlZtK/7SqjvQASXma
34A78qnsy7lZ1iTxR5etwW6jP7LL9JzodUFiQLz8MIEpK1ojHP7LL+evjp8+
efLFr7+OST4LWiMLa8GCZmS7aDqgEFEYO9jIIJhTZojehbIHzY8Gpa1u8uJn
+gWCnSofn6qw8QqO2jC9c2FrZdwF2AkLnnWNagqILHVGvI7pnB5d0taYjCaY
SQeygK8eP/71VwjUnKSlI+ErYXNXDaYsE01ox6BLaXGk4zIr+8J9Vjmxhwpd
kP1ffjmbnEwL084mJMoWe+ub0VgisYal2HYrMoIsWujQKxSIFJGIVndUkn2w
RAM0sEw8U9Yr7mzML12gjzXwErHimeNN4i7o8RVhlSpTXrpkCXrA+mhwN59+
8STsZprnoIKxMss16ABm7+/rGGxVUS+y60E2mEjRFFiEoT2JCWnAXp8F1Bqx
c04SBP20JOVvGt3a3jxJfAqigOpyEQMoxb7qvQhQcpnmrO9645GUrwh34PkD
J522nrW3Kd5viJuaHD8/lFWky5VpJqL2yTI161VbE7usiEzEhpkpVuBD/FS1
JdGakKSFyaxaz9d93lMJJSYnpiJhJ6b/n//6b9J/ZeetzDeXl+9Vzs/NzDQs
BEfvz2zMXzYr2pb+pckUxFqOMY+PXyUPjiN1ktAvlvas6JbJK6cnHialyee0
MhmF5H1WlIal7vjdxemD45fvzpN3V38l0icXxLKsEWmE04pJQOt46Je/PalG
n0yybDZZSd80ReUt2gynKM5OL18FOmH0spgvSMvj3w1q22gaZBnE9Bi2LxAn
J/y5MStTOUqW6Zo+8xbkDhNxVJJC7eYLVfQzsobgP4JG1HRGmzBWKaQxF1Vd
1nMswi7ANinbDpqH40RIMSkOGmP5jDBDWnZiVA5uYX4I35DCkimZ/CCwskMX
pJi/qW+J12nQhlmLBipmLU+IVkrkAoeTk6SQDVrTLbmWXfNrJvNqyhkECngg
K1YFMz89r9Rr8RgPvVd1ArVjGrFJTlmZBgB07EWFLWZHHxM9MHZaQmEFtHlj
aM9KaHoCEjX0Vd6Q2KGHZdq0NEZ2zWYgpzlCEBiqLkU9A9CwmhtvwlUSFUUt
asn1ERFiWZNY0VQFLtGPqb221B6LatNrJQ9t7aokKz1lsRBJhdySFgEE3gK+
ARKDD4h+1FqwcBrmlWaC12vlvJS4qqa9oynJr0qNMcm+YEmaawO9J5vFxKyz
rFutpb3vmRHFNPlhAekUVGlBtwPiDxokuTUQgxu2EEnWNQ0DOAZaeBu6UJQv
aUwh3J8OuC0vDrSmHmZAw22dp4CGMH/MIGjFzqm5qcvOOSS1Sq6SiYjB41c6
FlGi409JsxE0hbxx802YnjQs4QWgC0ETzBHi1spMiTjYT3DAnw4AUugzRqUV
DVUmV4wNm7UHqVXKMgfzXWX0kJYfrL+Hnaw4HFJTJkp5NTRdQhfLVSv8A/Sg
vALIcVUWdgExEBAqg7MGG3KIEtUvWGhC4lXmassyF9Rg+Q9idgXDTvqFpjyG
1iCcoVgk75ihuTdS8jnWWxYzjRSAZuzTqQ4/OhMZz01p5r5FmBdYdssbhCE1
pLzAdqLDWDpozIaV4REPQCCVf0geHH1+9FD4S3h+HFqcVYRCgymmpmcbTZ2J
elvTHCF/LdjrvXoQyYO3x+8fkhKx4EnAoTqFufAsQ44gdO3WGpbpNXs6pKLE
wo7lbUgFhFeGp0+5IZSF4jiDyYkwAx9jnhZq+MrQVs1AvQU5TZXd0kL8u+or
AFinkbz3LJaCe8bsJ8wHqiZgL0//8/R48vrd94y4TNI1c1ZDJG/A6+RAkC3K
YWPW2LYNR5hFvSY9Ir2J30jvDTvUNMVMZJAllBZ4xcqc23un+ZVYz2UNzX5r
3ERuU54AzEsXLYyWeUvWwOnBxnSWsVvYfVbONU/XUQdcH2nQOYnWVGX7bm9d
F7KPuw4JaNSKR/2OVU+uakw+eEssE4wN2eVMl+ScpU0fTw54/GnkiqiHPe5p
CtI8/QjAOKxcBdotjkaQ7YUEDmgTknXZc6LeqoPnvqnDpvC2XSDVo19x7Vpg
EPRDzb0etNS3h+nOfwd3ZNfsS0Hf37Bf1hRuyvOO4Ax1QIiKgA+miJACOUUM
7z0k2yPCM4ZNq9hMsvcvZkaACGsLtkaC25RW4koQhBW5A35UP46bEfA4DZ60
8Qh1w4dmlxk/6rtxfAq4x6TNhLD+DOAJSBQaREADsTKvDsRB8IOdTfEMiExs
4zCU90NJuyFcJ8hJpLXB7sP9IxgowyuBCBsUDWwmYtWR/pwmHgFWZOp5EuiK
mK1YcoAu6ouYKApe0AeYCiPGMIcB3jIVjV1XIiEsMDG/eM4I4tLQhAjoAe/S
JnNvZbEsRBSmyXc1tA106oKmTBwJe8maJ+a4XiDbeYbkodFrjrdkW6mzNRF0
LBZag4KBEWeCNVw0EN0rw/mlitpVu+FaL0ml57LnChURCDlxQkW6EREKpTjB
FNjooVgc+ixJgeaEOpammUvQqKkt4RfCBzBQwvEMc517l2bw7cXe1OXYxUUC
KFbbldIz2sHVyrk8KbnjLePHmrliWUsoyWHL0CVaX6ErcXila2fgVER1x05d
7NZtShRIgr42M4gDMTNHjTgm4JGjDThTWawv6IDq6l/T89sFyTr1qHHQgoiK
MGBB+hu4x9m21IXkgIgdBEfDSKZUw5PkkDUgDUYaUhYdOpkXgKREa4DBhNS+
lWiGADMOl9KLcFwk/kcm+fjs4vjd5OQv7ybv3705O/7x11+nyY+mlTiLYNFB
tGejUBbUPOhJZA5UIl6wJM5nHFiFKwl8x0hTw+JuQT6QHm2CX1IVqy+aPLte
EPOAuJumgNpWRRFciKI14x54sJ24iIu6zOPN15gi8RSDBqWXaw3dGLmZQ6mA
wVC9wykQGBdNxQJoKSyOq9IEeOh6KKpV1zK2MgheYKuJoNyEOFuUHOvkDT9D
pdw7Pg7gjEanW2kKB0w03hZ5fuoDCZqM+DgwL+JviMb2Ysikvvj3aMayKg0m
kvYkvEr9IckhSGpjLHy6JHcdUS7y7jjS7oCD5xYTqzxa4/ZOkGCD/4uZRiYw
B2I+DsvcMPOoW8oC1A+zXBvyhgsojI50Z0n6rYddhGikfIuyk4CZTWcGqj3L
mDwWw3KwT2YD/pLl0wzMB+Kigky0jl+XLYF4hAZW7AJ3LbZdeNK2ZPGNAgt1
hZS2UGbpUq3fBng1fuVsdYxXKBg+wmhwPbtSObBgCMlcFACDxlihPQrVtWqE
yGVruhIxG95Ilbh6RU0ZxpHCXYvD6iOLhgE0zX1JBjO7lvWzj6jUiYFeT75c
QNIHcs4wc4anQy5J7BvFFt6O+6ia3T5j+/m/GxYAepSSfvECsoSh3nBCnLB4
e6opbEG/A2lH7ARxSrn2VtdBINbDLOxx2IMhW3C2xbclIGUcZGDTkXAokToB
4oDzLrE2o5q+FLEiO+qTRxFr9vXTPX6Uc14HvKh94BUDRJ2jphhkipKgYyQo
uQ9hqDiOHDlQ3m/6TXLJcTd2EtWNshoNDV6UUgwhOguTwWiQkCPBtyvT80M0
DDoa3etjPRs9S442nTMOl7ogpg93OmZxAcaxhH3o/1VNGL4wkkIQz1tzcPvu
h+pAhz0Gt/RTNsmVYkBAt/Koe2wNalJCnpT0O8dTvG3vOyHjfh5vvAUPV+la
pubIxFRyySlpJbD5j6pBWHmH3JJwAcpUJPC4qgt86EEQbVGltsi4N4Ibxhpx
wL4EvBzY5NjRnRmkGtqRYO6C9A/F4k8/pIAFVnGzBNhDH5i6KFCXWdFIdA3N
HMcUoxYSkUV2fEdfIfTmwCbpcNg66RbIGwx+IwOlmstjjefD6tPkAlAhSuVz
oD2yKTwDj7M0E+C9vlxCKo4eqikUGQhKjMBhWVyLEP/w5Dj5nhOwHIY5joY7
gfWUgNsvv1C7yffHk8+njwjdBlF/58TEJVyxg2eVqCMhkwAHuCuajsqVEQVz
cpxLtzZoSaep7xY7DY/qVluP78bQMR/gXhIg6SGocYgAs79F+weVwsNn5jDv
QoCU5kFva0oEGQKRJsURrjuxncQTCuEIT+NlzVfBeqtZ6XFtpgFMWWXR9O2N
84mcFgtqiSjvq9iC+HDkBoS/9DB2HAcPPUUjnibLaUEooc7YZxO0DkGCGKxQ
ONYns7tLY27uhRo7h3/ragJvwpN6HMK0IhIsY5ueqnNQidbNWicn2Y7Up6eR
rImcAR64A6WC8ZGkv6OQQEXHYdC5zu7UwVazF+EiU9DOgk62Fbhzz1TgxGJs
LD5oDcKNs6IsIQO2o82AYhhHz7sqakH+fwefr2A8pgLmbN2MrKAUsYTM30WY
3YWA7QdmOp+OiQBStvMe8FLNsMJxyYWJg+bCDpPAJsIEeJerf0SEnSMH2m1Z
uiEd3DNNjnLeRIUP9oo9hObYLM4RbnbNKOfPZh2Vg9Inv0leo3rqpcI5Z4fO
e44Ud7otZKPRZ8lnn12a5apGipY6+uyzZ5pci53gKEoY1LWW2pBfnF0zV2RG
vO1YIGFdGW0US3ZYBKR6L2y8V8IIGzbX+gtJFCaxTkPf0+REPCLWEDxavq7I
J8pi1QokzXlj8WTEYRYFza9o3DCGPZH0BDQuqb02DoXgR++Z1CuG/hKxWxaW
wwcAea2YIRRfpOJ0uj02TYPyKviPLjh4UxfkR9BKhTORmiLkPxM4QsI9le27
0HiE7p6oSwn0cG/i7WnMJw5vxFbYA7S0vE3XdiCMAOXZj3hobOEud9uNruVW
hbiB4ogiRR3CHy6cux33HA9HYeNSGOscUThuyAgYPICqaSHEVkOe2y4kNUw5
sIOVivPqo++/s8l1Vd9yXQhyZZZ0EE3EWA0X2Hq14CootoNZqdl8FEDYvtfM
ebSbIiVF6GTHMFN/WLPimyEFRw1I9S2Fh2nhSMGmkKxlkU960Wzd9+NAU936
82AdewE53lfN55MCtnXJU2Zr34PJmsOwYlZDjRzE8HpWkrtWVEiGaJkhrJcz
eOM47sUSI2UQG3FVnxpcr7RMQf3olIypUcHdoXkqBH1aNWQF+8OrRWqlHA4B
GNBuWdMjomkc39sZfutVAcbMKGHrvtCvojywYxUt4PLeg1NLYwSKNFtC5uim
K6FNgEUxxbSakDmiJxMpD/VbzWaLxRvVn9QHEUKyGwytS6tb/0pF7zjEvZQF
GN46C+0jg+LkeJiHIL1gxCgYJwjD2Ai4arDwj3DUJfVS9JCqk6slkjBkGxPC
/JmcUTC+VJHrnBXJmHFs5Jn3CTBwpWugTbHqSiVisR0jhmiDsbbVD6sssbx1
aTiH6QLjWsoiRMSorjyPo/Vx5o4Z3ycUuX1gW0JFsx77RXCUbQkn0J16VCjC
C9DY3diFGFrJInAECBmc3Drk5rJf0qvjahREAJPPkT5p43HD8itCORz9YT9E
XCjRFoQR3vi0FI/k5dHBhWNfBTgaucMbTtWGmC62R89zjO/z3HOu02qkok8j
xcSnD07OTh6qh9EHUJs1u64qV6D0opjDjyQYwGZ6iQoXTXE5r1ATQxG601C9
xMkl1HKXm+0zjOL/93M/UKIBuUaVsew3aZQtSk9EhSZpM0e5jUtMcOyjNxGv
P6JimjiQrf7LgE4LiwSj4UGkNOrbCsV+AbFBQ0k1jPdFB8AAy2U81gbwiY8b
7Hac7g77eJATyk//yPaaVBPLPbVfWwGKGrmBe0t8whWs+DRlSfMhLa9xGlpf
k+8oH2BEM+CDck5fI7ZxOuHjQl4+GsBQ/USOI5xHxxEQJ7JZpyGMMFMQK5R9
az6es8WphjRmdUn2F217xxtcsQ6qosX0PBMTcQYvxRY3mhO5iCXhkhnSOrQY
8tlLOVVAa1mxseKEUfCO5AiAc6+t86+t+rAo+ujF1wUGqHMR0Tri/H0ikMQN
PDGXaTBSiOE0g6tTdAFbxUbqe56qciCsQ//tXrIzzk6qMRgjDm9EJXrgAjBI
WZGsuHoGD8XYhXArFX0/ow4Xru4/eLxYmguezyTahoSzeMpsx+pm2Ft2wJ8X
PnkFXOZr3d0KSW+XGv6m3rekZBzV1zurMiAW49gPgm3cFAcHITQ+yGX8W6Lh
2coZWqhPsqvXehiDLTGRfSOeZGmP+soF4SVdvMToZGKXrgJ5TXTIDQcgaI47
NluO66ARovPeVRVsBF4WqBWzeZMsybPoROi0Go253TrnDG7v9ikjiWZuLi+U
R1OvVb9MYi35wVVZSxAhFihd+fumuEkJqrz35d5Y6Euzrl1GJiP/M9gUPVqB
ciH22ra3MEIrnkLmQyZiI5YOhWIu28uiUoRwaFzYAAMUCQwqB2+KuulbM9VF
qEWmKfOQvrYqzRlS+qowwo4MLakDhlgE/UgCf44doXMDruIl0Wtv1d1mzqJf
CNPulnoiQVGybA1Aq/icmcNWjFtylH6nXKS95AHigpbIDvETZ54hF4SA1EOK
yrDgMTIa7rl9Ilh1xOU5HksQCOaCVByAM7CiP8XAUO8l+cCZe0wWB4059zrr
qky96KjiD6yr8Ww7YE19Tdq9mlr0CQJkgZo7Ir6b4MNVwkWBF2M/Md105NG+
cnTqM6wSRFGfzbm0It7Og/EqK10zbG8KUvQiBRr90IlrWYujqQ1aVvFvBfEo
QyLLqdu+xkTWIUp022KJ6kvAJXfubqiAa3ctITY7zAnlMJu5LiGiQ6zWn4Yj
1doxWHeJ2IFccSQcgVOinExczrYDZHEVYW4kJ1uwE7QdbGU+Po9n8DLKVg8k
C04DJ/pwnXNtTpg0Uv95NxNztTwBSw40OrAzcHDDWTsO7LMdaOk3BPs5/Ntw
NYODRN6u+LEDyNdg71ZFtBau9xO8PgnhqkP1sJnY6VB1c19GNSoXHcw6a/za
DjppHJkTcM9RLeawq6bgGBnOsDKjdSs9tdogYWQ8BBNgidIR6FI9vtc3+nGs
b/Mo9DrOpadBCAMDaRaeLMs+ZUERa6otog9uzFrEDiaPeJQjJRvAZqDi+DfJ
ZmbGCsvNCo45+PSMqmOOyfWTwhoRB7LU4pdNyWAT6M4ksvzxDkRpnZCPHE7s
+Px20GeuCt/ZcBz+bENp5tjtfRlKl+w48j8j1uETUhIgDlyEcESBApZswe4L
pIgMlCuUmUaE2wBOn559Okxzz0VyEjdzmVtBRfulp3YkpRDJt+1kR8ccYMvq
JjcuScln0DmdKgrSrmCMaGl6jkhs+h11Jv74MfEUWM2rtuiIPEd1tmoP6IVe
6YFWnsT1E9FJEYKCBU6Cj7fTPEVc0XTHdQXr+/QPeo4r1oNCoRkG+zNkPuJy
tTgtolFgqyfnJTaHQ0B8KwBLh4hoj0Ccq34pAi6iOnTzALIu0Nfqa6q3MB7G
iWpHnYQCRLhsITINRRn7/JzusAg3aXjHZa03DQV5m96LvqX5KmaJzjXFxnqa
vJU6/SvxCFIBFXzCDREUP34EQbnukd1aORjXmlWowXAn36AMpMSg4KO6CTu/
GpBXsCVBEOqN8yJchauwcDigNBiZ36hkGtgV2c33jZmEHQUHHTmQNRqdLZcm
L4hb+UQeXBBcFNG4BALOOrqKmKAkt+cV+Tb+MGMVGXyUXig9d51qnNfqLGps
OPUQYZZmevtBVyFHrDU8vvRdtxnOoNZHQnfSlNj8erwtcE1LWbcRfIzFo8Ka
oUIMSR5uqeMg+OoNwJ0I4QPOo0UnPLatjhMIKIYogu9ZopagrfOPo0ySanSt
JzUuu9IY9qlc7JQ1GtNqKQ7aoPIXronKCYYS4uf7VAOMt0oKAiM7Q6tFCvdV
CaxIcjmaOr6rOKB/FkaMar9GoCO1Zx/GRr2XHPG0wzjK0DHTgZc5FQm0Uvws
H+IXogSfTfHnBjciu74W2vu3RuJWyFEbVr/qdvW0JKbsDxypOMOmBnn+Prau
fOEFLKgq6uA8ELBC3e4dpVVyfhZV6rnY7fCIRCmCLFL95MkTTk8wcXz4HnpA
A1cpYrJc5QlN5xxPmBQSvk4OgsCdGPfOLfTKgfgwh0uP9Q5+uDIhrqywFsXZ
a9EiJlcT6Qvufq4r0wvbq67YjKuwfMJKen7YLiq2nqguSbrUcmSYwCoUhmkh
INe5zhTl9YGNAiVab6s3e4TkDHlWRV260IZGsrQQlotySEOEGHBT2GumnLXc
D8bTou+IsdZw1BhN/cXC2bASWyWGFb7p/KccfGU1kMHCpCRofPLBFWM6rnUl
xHITQDWpJOh1g2G1HkjuAWJhgPbhbG1UaSTVCksYz7nx17kgmBzqK1dyM1Ao
NLVc1S5pKDe7MYGVn2HiyoA5ZzgWxlHrjfw6LWSFaOuVXmLRPw4cwHl05kcj
0n6vaA6vClPyZRgfeifhoytD5Fyr2Bx1ZuPssQsWVFwmF8eVnZSp14yUlM6g
q/jKkzzceqCKW09/jd1FG9L8iMXpGxUnMvwV16Kqi+4Sl3rmjZwrK1fwuGLF
B5FqO/QHzJwSfrh5SuLKEDXNgh21CPdEt/24eiK+hsI00Bzu9hdYFjN4HilK
DroD+wmuR9IjwxLSkBe5rhIMxlwIjql8cMWNojvBkIBZF2d9DY7Q09ZdFU59
ebdnr6j7P/7xD+qLQw+jy7C6JLkMa0scjyb8B4KH//+eRH/+Pvzz3wdaTibJ
O/KjmmTy4p6W9PfxVBsfOwu6q2Xc/3vWNy/ua0l/P58mF4Ai8sb+66JBzshY
YQ37v0R/n0z5PbkTh4ZmRh65Lk+rLJnQnxf3kvMLHAd2THVny3tn5Ua/70+0
0i9RAn5FBiSJeMZfZLVr2+/usze3328NQHzoBvinuG9HSyL+W04wfOyGfjXV
F/ec3XMa6cgS80/2GOcP04EAlO8GhUJgl3tX/5TvgQEiuq9ljyAoH0kme0np
oym3BtzxLUm1CARUx+hUassuvC0SVX/6AQDwTKoEHOLzGt2fa2OhkYOjRQPP
IO2XXAvQ44rrxoaKMq4wZUMUaXktALeL+lbPD/UvQBMXUgulJjyeYBxEa8be
7Kj/3qx1Bs76UNeoxWviGIMa50M+wuEa+nCHSWI05cvf2LMif9gjXV0WAQO+
eGtuNjT490oR/vMaixYzP6zBe9t4pwyBG+CG36+cVGcfuYr5u1v2+e3ccD5z
Sz1sz/PzqWvMTLWrzx2ji+hgB3b1P/RWwsr7mLiCyIrqateJI5AwdrKp4AaW
/cXUNXay8YrU2z0E2iAWTEeyk0Dxz1+qiYuMzd50QiRtv1GiH0l583tKH+sI
BEnfj4O+mkrje7iyPyHmoL9t0X946n+YcgkPDt7HPulHEef0hoDexxLn6ZTf
48IyrfRM1Wrc0ceG1bh7NGjjQbOx8Ro6fUd+b9IzITsGeAwkhsYvcQSfQUdQ
8Zc42HKmKhrRe4ID55pYO9Eb0VjXO/DPiP6Og715U2g9clx69CnHcTn507Tu
0NlA7MSFV6SXzYvces6LxvYK78rBimSmwk0Y4jpsenPBzbBy/EdCK5yX57pG
ddX40lp/45fP4N3yqQ3W+Y50h3rOK3bj2EVYFu1GdTNKc+hRoTfhufMXLsId
n05D+Id8vAnuB5PMuPd+fNEUV7JqUHmr0lBPWPgKqjgyvBm3kqprMaM8KY5q
uPMV442CExnI1VvCMQyXbBGT+0R4/0hIXBTeP/bgY6RRXaZgA+dhOqPMG1YE
tt4MGW5YX+Z4JzNSjqf7M2B9+xJ2l567q2Xf17mnT5JgFlTv6+w5B9gBRjKT
fUaJfmTnqpWXia9H0tcJ7n/ZMo5Dq37CaQ+T/FbeuaPlBk2OcXwp2bIDAzMn
UyyNL7hS3vd5vzsU9RncIa/gYm9o5zzv6nNjnpFDpIzlw9zB7/jX8FSflEcs
PB+782TAv5cjIBdyccZvpaN7OumbuXuG2+EccSfv+baFDSywaeXUHGtbFo1B
comVI1bW6ubjuDLXjkYv9SaJu5K9LoQH9wPhX4PgGQI5cZ1IK5VJxvbuyvVq
06lEG+rPtAKfbUUc/ZW8ursAMNaLelEthnBnYzSBzxV7/VvTpCYxuoIWeVly
lZYIPHCh3itxxrQwNc5QRdV4UWUvH65DtV+31JLGkIPk+205eCW6PRRx8m1V
WphMRJsmr6SKlusDx+4uFv+cj6NJflQzNXHGaKyZfClokDMF7oy0P7CbcGzF
jnsFwuTxwUeDx0G+I26OuTKSh6Qt+Nmdm8exEL1pkizqAjt9gyMguUEWrbkx
tEDmiZkxqJToXeyi+WMubcF3IXBhbXwlj4YMG9xjl2p2+XeWr9mcIAWHRyBD
jctFXRk0Dh3qbTD0s1wV7J1XueKHTzysFrjki2/lkjLkLqoQxR102HKSg9pF
Svu3YW/c7x5dTRSZTqJfKkWfOjufzfDnZgx56HzmSWqxfFg5OvwcbiR0/Na7
tkgTDmcnNjrC5s69RzPNuLAW6XA3mwWOeJWe6U04n0MIYW44b8+X4ml152qr
vLN3HjAvbFbWlu+6Oy5N2sRHHFPchxdKmxOSK70UiCug4jrRUOYpZVY8XQZa
UlIDwAga+pvjct6ry0XR6FZxNeTEk0tw8dxogRVLiXSqx0xncobR8t1ARUCs
4PHJlSYZ2ScIOaduxrkLDkNzpSQyyjjxu3ENYVzG3PvKAo8Q5UwbjgaluTt8
5xBhUaWI8qQCkV3hHEIufNIe92uH4zIccIlKfTnl0/LJ3MrIGUGCg6QFJMCC
IlHQEl6Eq3NmrB8SOyjLK2cTOb0FQY8WF52xID2mtQE4Vzh0pxOL3Ac9r1ZU
f3VZKT03GGJYeokxR3zkpgZrRcpEB9fQIOM77U//rMWqa1D8nXOVLBc751L0
19NPIZWrZ/SVQ3Dyr4HyaHusxzYnT7RvFjx5JntAg4fr4fmOnLphX62fS6dN
a6QYTS74yV0JnKZEkozmF845QtDkPCAnMOHtlHxVfciUzcGxlWjccPjLyXvv
7mOULEgcMdx7S+5CIYWwXCfhjnh31SwtGlcHh1tXG5YC/lYZy8fcsF2cwcH6
rZrLGXYKmv+KNTindKSopehf1+mVN98kn+v97P6oub9OvVdEgeOLSKqWqMJ0
rpPaT2ZjnLibcJMd5xGi2hh//aUradm6uCfUEkQZxrE/jua/wEMBShP76N6h
jVxxFGzy8cgJlKam9vlLdeLDxXw6mcwujcCBbRTuG1xvzlfr17eyPnfHJfFJ
nq6kJlmjklHFYbhDCKawV/yHginbu65J9BnfW+nu7QTDyLXWnKE+O/ruaAsf
9m//Vd0Hv9pXaTJn4V3qZCTfMQP2GI2e+9JP+2L0HN+o9OI7n6z235pgnx/y
o7g9sVZGpP/6QL/E5EA96K8PFm27ss8OD29vb6fNLJsQ8xFamJJ1O6Rf8Zfb
vyCE/JzvGHrBQf/n/HVmLwa+R2W19T0qR9Ex/ueH8qJ0Igzh6vns1wffTA+g
dTD/rw9eFs31oi5/PvBfIEUNTHWd+AeHu/o5ifu5XKSlaeJeTnD4VD/e2cfb
uI/zAlmB3NZV3M9bfEqiFT3d2d13cXcXBCAXcU/fEXvLhzs7+CHu4H3am8gP
pkjwkXuZSxQIP7SLrw++TSuCAeuDZE2A4+uDzx99/kTaPT/0G/rc4o5CiwuQ
El3wq+MDudDx6wPmgMPhdifvzny7x4+mj7/64g9fHTouo3eeH3om3M2RXz1+
/FEcifY7OBI1IKdyDjn++pxLwNrkwenR5cN7WPBNTOY3XZVflWluYmK/STtZ
Qni6c9Nex729JQW/TpdxX6+Lpkjc5zt7+Tbu5d3vTkhrzhddb1Lf1osqiR7t
7Os47usHUqFp1uvoOG3KxH0+xE9HpGzLiJu+/Fhuwu59LDfpOxvcdBgrxCH1
6G/02ltB7v4uo20OBRZh38s0/A7zKKn2w0W7LA/lqxeH+5o8erpTpeIW9fir
lu7h13+FqvtXqd3LuJ9XNTnybRF3c7kgGGUT96THXXm6JnY6cFz2Fp5RxGW/
34PL3DW3kxOQ3jPSfRuxr5Z6+sWTj9JSaL9jk4+qnlVkrHLpv2lqrV9f5b5N
qvWnAeIvv7qPMf5Vm3oU93NiSi5InLxJbwhkx90dVW2Nkt/NJvtpIrgttHU9
TWRyAv+Je7Kznx/7E7SLFe4tjHv6sSbsvUjCs519XfS0f2qv+9J00RKUTvTz
QWPbVeYjubanG8EzH6sb9Z17eXjwa7T+Ca0WdzPZbZE/9Qvb+l8D9m9i9p6l
fY3sftO3slWin/6fy0ukFX9/8E/w1/1acXMjP4GZhr7+7J9mraFOJ492OiP4
GrjNb3Xz39j2/8pyYIIkk+S41l1vZkuCtyyu8miAHb/4d7Djrs3fhznddw0N
m+s0I8i+LNIpuamHj3//5eOnjx999dWhD5T99NrHiH46+unCf7/dT8cS6fjp
De6s+4lY7Kfw7W8/aVBsF3OGMFzoHbdZhu4T7T7h7pmDoy+X0+6H2Fh+oV/j
b1J+cRSt8vlh75G8fBi/Ldu7cyPvpfjmV0kMyH5X43uhIe72UCLyu2h10tXJ
UY7EEAoWmGgus538Nl2u/uhItT81jgub1fuSYT/mvpcm4erhYT68fcL67/L8
8CabQDVOlri0GC8c7iLN/Vce39Dr+9OF5rgvVVj2H38ZIfT1HV7gXZ7a/wJa
WxYRD38AAA==

-->

</rfc>
