<?xml version="1.0" encoding="UTF-8"?>
  <?xml-stylesheet type="text/xsl" href="rfc2629.xslt" ?>
  <!-- generated by https://github.com/cabo/kramdown-rfc version 1.7.39 (Ruby 4.0.5) -->


<!DOCTYPE rfc  [
  <!ENTITY nbsp    "&#160;">
  <!ENTITY zwsp   "&#8203;">
  <!ENTITY nbhy   "&#8209;">
  <!ENTITY wj     "&#8288;">

]>


<rfc ipr="trust200902" docName="draft-emerson-oauth-user-mediated-delivery-00" category="info" submissionType="IETF" tocInclude="true" sortRefs="true" symRefs="true">
  <front>
    <title abbrev="User-Mediated Credential Delivery">User-Mediated Credential Delivery as a Complementary Authorization Primitive for AI Agents</title>

    <author initials="C." surname="Emerson" fullname="Christopher Emerson">
      <organization>AgentAdmit</organization>
      <address>
        <postal>
          <country>United States of America</country>
        </postal>
        <email>christopher@agentadmit.com</email>
        <uri>https://agentadmit.com</uri>
      </address>
    </author>

    <date year="2026" month="July" day="01"/>

    
    
    

    <abstract>


<?line 51?>

<t>This document proposes user-mediated credential delivery as a complementary authorization primitive for AI agent frameworks.  Rather than delivering credentials through automated channels controlled by the agent or its platform, user-mediated delivery places the authorization decision and credential delivery in the user's trusted context, separate from the agent's execution environment.</t>

<t>This document describes four methods: user-mediated credential delivery, self-describing connection credentials, caller-identity consent differentiation, and discovery-by-introspection.  These methods address the human-in-the-loop gap identified in Section 9.7 of <xref target="KLRC"/> and strengthen the authorization foundation that the IETF AI Agent Authentication and Authorization framework depends on.</t>

<t>The methods described in this document are patent pending.</t>



    </abstract>



  </front>

  <middle>


<?line 59?>

<section anchor="introduction"><name>Introduction</name>

<t><xref target="KLRC"/> provides a well-structured framework for composing existing standards to address AI agent authentication and authorization.  The framework's approach, consolidating proven standards rather than proposing new protocols, is sound and timely.  The AIMS model (Section 4 of <xref target="KLRC"/>), the layered stack from identifiers through compliance, and the integration of WIMSE, SPIFFE, and OAuth 2.0 provide a strong foundation.</t>

<t>This document identifies a structural gap in the framework and proposes a complementary authorization primitive, user-mediated credential delivery, that addresses the gap while strengthening the processes the framework already defines.</t>

<t>The gap is this: the framework provides no mechanism for a human user to proactively define the scope, duration, and delivery of authorization to an AI agent before the agent acts.  Every authorization flow described in the draft, Authorization Code Grant (Section 9.4.1 of <xref target="KLRC"/>), Client Credentials (Section 9.4.2 of <xref target="KLRC"/>), cross-domain chaining (Section 9.6 of <xref target="KLRC"/>), CIBA-based human-in-the-loop (Section 9.7 of <xref target="KLRC"/>), delivers credentials through automated channels that the agent or its platform controls.  The user approves, but the credential delivery is automated.  This creates attack surfaces and limits user sovereignty over what agents can do with their data.</t>

<t>As software platforms shift toward agent-first architectures, with agents consuming APIs at orders of magnitude greater frequency than human users, the authorization layer becomes infrastructure, not a feature.  User-mediated delivery provides that infrastructure.</t>

</section>
<section anchor="conventions-and-definitions"><name>Conventions and Definitions</name>

<t>The key words "<bcp14>MUST</bcp14>", "<bcp14>MUST NOT</bcp14>", "<bcp14>REQUIRED</bcp14>", "<bcp14>SHALL</bcp14>", "<bcp14>SHALL
NOT</bcp14>", "<bcp14>SHOULD</bcp14>", "<bcp14>SHOULD NOT</bcp14>", "<bcp14>RECOMMENDED</bcp14>", "<bcp14>NOT RECOMMENDED</bcp14>",
"<bcp14>MAY</bcp14>", and "<bcp14>OPTIONAL</bcp14>" in this document are to be interpreted as
described in BCP 14 <xref target="RFC2119"/> <xref target="RFC8174"/> when, and only when, they
appear in all capitals, as shown here.</t>

<?line -18?>

</section>
<section anchor="the-gap-automated-credential-delivery"><name>The Gap: Automated Credential Delivery</name>

<t>The framework's authorization model (Section 9 of <xref target="KLRC"/>) correctly identifies that agents act on behalf of users, systems, or on their own behalf.  For user-delegated authorization, Section 9.4.1 of <xref target="KLRC"/> ("User Delegates Authorization") specifies that the agent obtains an access token using the OAuth Authorization Code Grant.  This flow involves a redirect-based exchange where the user authenticates and approves access, and the token is delivered to the application via an automated redirect URI.</t>

<t>Section 9.7 of <xref target="KLRC"/> acknowledges the limitation directly:</t>

<ul empty="true"><li>
  <t>"Additional specification or design work may be needed to define how out-of-band interactions with the User occur at different stages of execution.  CIBA itself only accounts for client initiation, which doesn't map well to cases that envision the need for User confirmation to occur mid-execution."</t>
</li></ul>

<t>This is precise.  CIBA <xref target="CIBA"/> is reactive: the agent initiates, the user confirms.  The user evaluates a request they didn't frame, with context they may not fully understand, under time pressure.  A compromised agent can frame the CIBA request to manipulate approval.</t>

<t>The deeper issue is that all authorization flows in the framework share a common assumption: credentials flow through automated channels controlled by the requesting application or agent platform.  The redirect URI in OAuth Authorization Code, the backchannel in CIBA, and the token exchange in cross-domain chaining (Section 9.6 of <xref target="KLRC"/>) are all automated delivery mechanisms where the user has no visibility into or control over how the credential reaches the agent.</t>

<t>As AI models increase in capability, some providers are introducing model-level safeguards and tiered access controls that restrict certain high-risk behaviors.  These mechanisms operate at the model layer.  They do not, and cannot, define or enforce what an agent is authorized to do within a specific application's data and APIs.  Even with such safeguards in place, resource applications require their own authorization layer, one that is user-mediated, scoped to the application's own permission model, and revocable by the user.</t>

</section>
<section anchor="user-mediated-credential-delivery"><name>User-Mediated Credential Delivery</name>

<t>User-mediated credential delivery addresses this gap by placing the authorization decision and the credential delivery in the user's trusted context, a browser or mobile interface the user controls, separate from the agent's execution context.</t>

<t>The flow operates as follows:</t>

<t><list style="numbers" type="1">
  <t>The user authenticates with the resource application through normal application login (OAuth, SSO, or native authentication).</t>
  <t>The user navigates to a connection management interface within the resource application.  This interface presents available permission scopes organized by the application's own role and access model.</t>
  <t>The user selects scopes and duration.  The user explicitly chooses what the agent can access (e.g., read workout data, create meal plans, view analytics) and for how long (e.g., 24 hours, 7 days, until revoked).  The scope selection occurs in the user's authenticated session, not in a redirect flow initiated by the agent.</t>
  <t>The resource application generates a connection credential.  This credential is a high-entropy, time-limited token that encodes the user's authorization decisions and the location of the exchange endpoint.  The credential is displayed to the user exactly once and is not stored in plaintext by the resource application.</t>
  <t>The user delivers the credential to their agent.  The user copies the credential and provides it to their AI agent through whatever interface they use to communicate with the agent (chat, voice, or a configuration file).  This is the critical step: the credential delivery occurs through a channel the user controls, not through an automated redirect or backchannel that the agent or its platform controls.</t>
  <t>The agent exchanges the credential for a scoped access token.  Because the credential is self-describing, the agent determines the exchange endpoint from the credential itself, with no preconfigured knowledge of the application, and presents the connection credential to that endpoint.  The exchange validates the credential, verifies it has not expired or been used, and returns a scoped access token along with operational metadata describing the authorized endpoints, methods, and request schemas.</t>
  <t>The agent operates within the granted scopes.  Every subsequent API call by the agent is validated through mandatory introspection <xref target="RFC7662"/>, which enforces the granted scopes and logs the access for audit purposes.</t>
  <t>The user can revoke at any time.  The connection management interface shows all active agent connections with their scopes, duration, and last activity.  The user can revoke any connection instantly.</t>
</list></t>

<section anchor="structural-defense-against-prompt-injection"><name>Structural Defense Against Prompt Injection</name>

<t>The authorization decision occurs outside the agent's execution context.  A malicious instruction injected into the agent's context, via prompt injection, tool poisoning, or compromised system prompts, cannot trigger a new authorization grant.  The user must independently navigate to the connection interface, authenticate, select scopes, and deliver the credential.  There is no programmatic path from "injected prompt" to "escalated permissions."</t>

<t>This is a structural defense against prompt injection at the authorization layer.  It does not prevent prompt injection itself, but it ensures that a compromised agent cannot obtain additional permissions beyond what the user explicitly granted before the compromise occurred.</t>

</section>
<section anchor="step-up-authorization"><name>Step-Up Authorization</name>

<t>When an agent attempts an operation requiring a scope it was not granted, the system returns the specific missing scope in the error response.  The agent can communicate this to the user and request renewed authorization.  The user decides whether to grant the additional scope through a new user-mediated flow, not through a CIBA push notification initiated by the agent.</t>

</section>
</section>
<section anchor="self-describing-connection-credentials"><name>Self-Describing Connection Credentials</name>

<t>A connection credential generated through user-mediated delivery may be self-describing: the credential itself encodes the information the agent needs to complete the exchange.</t>

<t>In one implementation, the credential format is:</t>

<figure><artwork><![CDATA[
[prefix]_[base64url(exchange_endpoint_url)].[secret]
]]></artwork></figure>

<t>The agent parses the credential by splitting on the delimiter, decoding the first segment to obtain the exchange endpoint URL, and presenting the full credential to that endpoint.  The agent requires no preconfigured knowledge of the resource application, its API endpoints, or its authentication infrastructure.  The credential tells the agent where to go.</t>

<t>This eliminates the cold-start problem for agent-to-application connections.  An agent receiving a connection credential from a user for an application it has never interacted with can immediately determine where to exchange the credential and begin operating.</t>

<t>This complements the OAuth discovery mechanisms described in Section 9.10 of <xref target="KLRC"/>.  Those mechanisms address server-level discovery (what does this authorization server support?).  Self-describing credentials address connection-level discovery (where does this specific user-granted credential need to go?).</t>

</section>
<section anchor="caller-identity-consent-differentiation"><name>Caller-Identity Consent Differentiation</name>

<t>As AI agents become pervasive, resource applications will serve requests from multiple distinct classes of callers through the same API endpoints: interactive human sessions, the application's own internal AI processes (recommendation engines, analytics, coaching features), and external user-delegated AI agents.</t>

<t>Each caller class presents different trust characteristics, operates under different user expectations, and requires independent consent evaluation.  A user who shares their data with a colleague (a human) may not want the platform's built-in AI to analyze that same data, or they may permit the platform's AI but deny external agents.  Each decision is independent.</t>

<t>User-mediated delivery enables a consent differentiation mechanism at the resource application layer:</t>

<t><list style="numbers" type="1">
  <t>The resource application determines the caller identity class from structural characteristics of the authentication token, such as token format prefix, signing algorithm, issuer claim, or session context.  The determination is based on token-derived characteristics, not on user-provided identifiers or request content.  The requestor cannot self-select its caller identity class.</t>
  <t>The application routes the request to an isolated consent evaluation path corresponding to the determined caller class.  Each path enforces consent requirements independently configurable by the data owner.</t>
  <t>Consent granted for one caller class does not authorize access by another.  No consent path evaluates or inherits preferences from any other caller class.</t>
</list></t>

</section>
<section anchor="discovery-by-introspection"><name>Discovery-by-Introspection</name>

<t>Section 9.10 of <xref target="KLRC"/> describes OAuth discovery mechanisms for dynamic environments.  These mechanisms address infrastructure-level discovery: what servers exist, what grant types they support, how resources are protected.</t>

<t>User-mediated delivery enables a complementary discovery mechanism that operates at the connection level: discovery-by-introspection.</t>

<t>When an agent exchanges a connection credential or introspects an existing access token, the response includes scoped operational metadata:</t>

<t><list style="symbols">
  <t>Application identity: The name and API base URL of the resource application.</t>
  <t>Filtered endpoint map: Only the API endpoints the agent is authorized to access based on its granted scopes.  Endpoints requiring scopes not in the credential are excluded.</t>
  <t>Field-level request body schemas: For each authorized endpoint that accepts a request body, the required fields, optional fields, data types, and descriptions.</t>
</list></t>

<t>This metadata is execution-enabling rather than merely descriptive.  The agent can construct valid API requests directly from the discovery response without consulting external documentation, developer portals, or API reference materials.</t>

<t>Different agents with different authorized scopes for the same application receive different filtered metadata.  An agent authorized with read-only scopes sees only read endpoints.  An agent with read and write scopes sees both.  Each agent discovers only the operations it is permitted to perform.</t>

</section>
<section anchor="strengthening-the-framework"><name>Strengthening the Framework</name>

<t>User-mediated delivery does not replace the framework's processes.  It strengthens the foundation they depend on.</t>

<dl>
  <dt>Agent Credential Provisioning (Section 7 of <xref target="KLRC"/>):</dt>
  <dd>
    <t>The framework describes automated runtime provisioning through orchestration systems.  For agent operations that affect user data, user-mediated delivery adds a deliberate human authorization step.  The agent's infrastructure credentials (WIMSE/SPIFFE) authenticate the agent.  The user's connection credential authorizes access to the user's data.  Two layers, each controlled by the appropriate entity.</t>
  </dd>
  <dt>Transport Layer Authentication (Section 8.1 of <xref target="KLRC"/>):</dt>
  <dd>
    <t>mTLS authenticates the connection but not the intent.  A self-describing connection credential tells the agent where to connect and what it can do there.</t>
  </dd>
  <dt>Application Layer Authentication (Section 8.2 of <xref target="KLRC"/>):</dt>
  <dd>
    <t>WPTs and HTTP Message Signatures prove agent identity and key possession.  They do not prove user authorization intent.  An access token issued through user-mediated delivery carries both identity and the user's explicit scope selections.</t>
  </dd>
  <dt>User Delegates Authorization (Section 9.4.1 of <xref target="KLRC"/>):</dt>
  <dd>
    <t>The Authorization Code Grant uses a redirect URI, an automated channel.  User-mediated delivery eliminates the redirect.  The credential is displayed to the user and manually delivered to the agent.  There is no automated channel to intercept, redirect, or manipulate through prompt injection.</t>
  </dd>
  <dt>Agent Obtains Own Authorization (Section 9.4.2 of <xref target="KLRC"/>):</dt>
  <dd>
    <t>Client Credentials are appropriate for autonomous agent operations.  For accessing user data, user-mediated delivery separates "agent authenticates itself" from "agent accesses user data."</t>
  </dd>
  <dt>Risk Reduction with Transaction Tokens</dt>
  <dd><t/></dd>
  <dt>(Section 9.5 of <xref target="KLRC"/>):</dt>
  <dd>
    <t>Transaction tokens reduce risk within a service's internal microservice chain.  User-mediated delivery strengthens the foundation: the initial access token that feeds the transaction token chain was issued from a verified human authorization, not an automated redirect.</t>
  </dd>
  <dt>Cross-Domain Access (Section 9.6 of <xref target="KLRC"/>):</dt>
  <dd>
    <t>The draft describes automated token chaining across authorization domains.  User-mediated delivery replaces chaining with independent per-application connections.  Each connection is independently scoped, independently revocable, and independently authorized by the user.</t>
  </dd>
  <dt>Human in the Loop (Section 9.7 of <xref target="KLRC"/>):</dt>
  <dd>
    <t>CIBA is reactive: the agent initiates, the user confirms under pressure.  User-mediated delivery is proactive: the user defines boundaries before the agent acts.  If the agent exceeds its scopes, the system returns the specific missing scope, enabling the agent to request renewed authorization from the user through a new user-mediated flow.</t>
  </dd>
  <dt>Tool-to-Service Access (Section 9.8 of <xref target="KLRC"/>):</dt>
  <dd>
    <t>The draft correctly identifies forwarding access tokens as an anti-pattern.  With user-mediated delivery, each tool or service connection is independently authorized.  There are no access tokens to forward because each connection carries its own scoped authorization.</t>
  </dd>
  <dt>Privacy Considerations (Section 9.9 of <xref target="KLRC"/>):</dt>
  <dd>
    <t>The draft recommends opaque tokens with introspection for claim minimization.  User-mediated delivery with mandatory introspection implements this: the access token is validated server-side on every call, no sensitive claims need to be embedded in the token itself.</t>
  </dd>
  <dt>Discovery in Dynamic Environments (Section 9.10 of <xref target="KLRC"/>):</dt>
  <dd>
    <t>The draft's OAuth discovery describes infrastructure capabilities.  Discovery-by-introspection describes agent-specific operational capabilities filtered to the agent's granted scopes.</t>
  </dd>
  <dt>Agent Monitoring, Observability, and Remediation (Section 10 of <xref target="KLRC"/>):</dt>
  <dd>
    <t>With mandatory introspection, every agent API call is logged with: which agent, which user authorized it, which scopes were exercised, which resource was accessed, and the response status.  The audit trail starts from a deliberate human authorization decision.</t>
  </dd>
</dl>

</section>
<section anchor="security-considerations"><name>Security Considerations</name>

<t>User-mediated credential delivery shifts the credential delivery channel from automated (redirect URI, backchannel) to user-controlled.  This introduces a structural defense against prompt injection at the authorization layer but does not prevent prompt injection itself.</t>

<t>The connection credential is a bearer token during its exchange window.  Implementations <bcp14>SHOULD</bcp14> limit the exchange window (e.g., fifteen minutes) and enforce one-time use.  The credential <bcp14>MUST NOT</bcp14> be stored in plaintext after generation.</t>

<t>The self-describing credential format encodes the exchange endpoint URL.  Implementations <bcp14>MUST</bcp14> validate that the decoded URL points to a legitimate exchange endpoint to prevent credential phishing.</t>

</section>
<section anchor="iana-considerations"><name>IANA Considerations</name>

<t>This document has no IANA actions.</t>

</section>
<section anchor="ipr-notice"><name>IPR Notice</name>

<t>The methods described in this document are the subject of a pending patent application.  The author will file an IPR disclosure with the IETF in accordance with BCP 79.</t>

</section>


  </middle>

  <back>


<references title='References' anchor="sec-combined-references">

    <references title='Normative References' anchor="sec-normative-references">



<reference anchor="RFC2119">
  <front>
    <title>Key words for use in RFCs to Indicate Requirement Levels</title>
    <author fullname="S. Bradner" initials="S." surname="Bradner"/>
    <date month="March" year="1997"/>
    <abstract>
      <t>In many standards track documents several words are used to signify the requirements in the specification. These words are often capitalized. This document defines these words as they should be interpreted in IETF documents. This document specifies an Internet Best Current Practices for the Internet Community, and requests discussion and suggestions for improvements.</t>
    </abstract>
  </front>
  <seriesInfo name="BCP" value="14"/>
  <seriesInfo name="RFC" value="2119"/>
  <seriesInfo name="DOI" value="10.17487/RFC2119"/>
</reference>
<reference anchor="RFC8174">
  <front>
    <title>Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words</title>
    <author fullname="B. Leiba" initials="B." surname="Leiba"/>
    <date month="May" year="2017"/>
    <abstract>
      <t>RFC 2119 specifies common key words that may be used in protocol specifications. This document aims to reduce the ambiguity by clarifying that only UPPERCASE usage of the key words have the defined special meanings.</t>
    </abstract>
  </front>
  <seriesInfo name="BCP" value="14"/>
  <seriesInfo name="RFC" value="8174"/>
  <seriesInfo name="DOI" value="10.17487/RFC8174"/>
</reference>



    </references>

    <references title='Informative References' anchor="sec-informative-references">

<reference anchor="KLRC" target="https://datatracker.ietf.org/doc/draft-klrc-aiagent-auth/">
  <front>
    <title>AI Agent Authentication and Authorization</title>
    <author initials="P." surname="Kasselman">
      <organization></organization>
    </author>
    <author initials="J." surname="Lombardo">
      <organization></organization>
    </author>
    <author initials="Y." surname="Rosomakho">
      <organization></organization>
    </author>
    <author initials="B." surname="Campbell">
      <organization></organization>
    </author>
    <author initials="N." surname="Steele">
      <organization></organization>
    </author>
    <author initials="A." surname="Parecki">
      <organization></organization>
    </author>
    <date year="2026" month="June" day="01"/>
  </front>
  <seriesInfo name="Internet-Draft" value="draft-klrc-aiagent-auth-02"/>
</reference>
<reference anchor="CIBA" target="https://openid.net/specs/openid-client-initiated-backchannel-authentication-core-1_0.html">
  <front>
    <title>OpenID Connect Client-Initiated Backchannel Authentication Flow</title>
    <author initials="G." surname="Fernandez">
      <organization></organization>
    </author>
    <author initials="F." surname="Walter">
      <organization></organization>
    </author>
    <author initials="A." surname="Nennker">
      <organization></organization>
    </author>
    <author initials="D." surname="Tonge">
      <organization></organization>
    </author>
    <author initials="B." surname="Campbell">
      <organization></organization>
    </author>
    <date year="2021" month="September" day="01"/>
  </front>
</reference>


<reference anchor="RFC7662">
  <front>
    <title>OAuth 2.0 Token Introspection</title>
    <author fullname="J. Richer" initials="J." role="editor" surname="Richer"/>
    <date month="October" year="2015"/>
    <abstract>
      <t>This specification defines a method for a protected resource to query an OAuth 2.0 authorization server to determine the active state of an OAuth 2.0 token and to determine meta-information about this token. OAuth 2.0 deployments can use this method to convey information about the authorization context of the token from the authorization server to the protected resource.</t>
    </abstract>
  </front>
  <seriesInfo name="RFC" value="7662"/>
  <seriesInfo name="DOI" value="10.17487/RFC7662"/>
</reference>



    </references>

</references>


<?line 244?>

<section numbered="false" anchor="acknowledgements"><name>Acknowledgements</name>

<t>The author acknowledges the contributions of the authors of <xref target="KLRC"/> in establishing the foundation for AI agent authentication and authorization standards.  The framework's identification of the human-in-the-loop limitation in Section 9.7 directly motivated this work.</t>

</section>
<section numbered="false" anchor="operational-deployment"><name>Operational Deployment</name>

<t>A reference implementation of the authorization infrastructure described in this document, including exchange endpoints, mandatory introspection, scoped token issuance, and connection credential handling, is deployed and operational at https://agentadmit.com.</t>

</section>


  </back>

<!-- ##markdown-source:
H4sIAAAAAAAAA6Vc63LbRpb+z6foVX7Y3iJpW+OxY9bsZBXJnmjGF60lV2oq
lUo1gSaJMYjGoAEpnFSm9iH2AfZZ9lH2SfY753Q3GiApO7WppCKCQPfpc/3O
BZzNZpO2aEuzUCcfnWlmb01e6Nbk6rwxuanaQpfqwpTFrWl2Sjul1bnd1qXZ
4juNS2ddu7FN8Q/dFrZSV02xLVrcrFa2UWeX6myN+9zJRC+Xjbn9kk1OJrnN
Kr0FRXmjV+0MWzXOVjOrsdWso+e3/vlZ7h+aPXkyyXBlbZvdQhXVyk6Kulmo
tulce/rkycsnp5OJ65bbwjnQ2e5qLH/56ub1xLW6yn/Spa0M324mbqub9qe/
d7Y1bqFWunRmUhcL9UNrs6lytmkbs3L4a7elP36cTDTzYDFRaob/FPbHg+dz
9Uoo52tyovNNU7jW1hvTDL61zVpXnokLYdpZDk7yl2ari3Khsv7Zf9d0h6Y7
5pnd8l1dAxo3bVu7xePHo+8nlW22muSymEyIO/GTUn958+F8wSsEPQhiY9mS
dDIRLhg1FPcJP9afnv6Zyemv5uov2jlTbnU1/ObPc/XGbpe6ye3wi7/O1Qfr
7FZ/2oy++XauzvW2XpqyHH7xbq6uW2NKM7x8NldXujHZp4Kv51CMhTp9cvp8
9gT/PuWLUKPCOOJFoPyyak1TmXZ2QWoXtO9T2WQzXTBDZ6yBUCXmlm7Wpu1Z
jl102+jsk2nmhWlXc8j0MVT58ZF1Hk+wzPnlt2dD5r+vTXV5ASOrKpO16rws
6IHLClbFFvMtdsg2Gt+WY/m8Lu3dPSL501y9xgEhRfOP4Tev5+p7XeL0e2x8
Z6rq0/j6xVzd2Gpt7hdS5PrT2ZOXgetjplmctsjn4PpjV5vM+QuzTI5dhGPP
lv2xmXv9sWeZbczs6U9P5pt2WxJTP7w+f/H8+SlUfTabKb10JJZ2MrnZFE5B
Ih35LlU3trbOODXwKCrrPVI+cHvZwO3pgdurx26PxaxWDYz+zjaf3BxU6Zas
vsUhwspFtU72c/iusd16Q4vDDJgaObLD7lXb2LLEteUONxq/BbYrWqfqUrdk
1dPRaeIRcENmnDw4ID03WeGCdR86fFHxU7TuAycOlQgDPebnFl7Q1LrBXjis
3faE4Vbzs8k63sNUt0VjK+LdfCyG3LisKZagbWW7Rm0NiMuhTp+VCm1drmb+
eWal2AztmHB1qjINvjWzgq+0O7rP8dbFamUavo0emjIL8sJllkPKcgf9A9NJ
Mel7yPBmY5wJNCqd541xwtRNB0eH+2f4MCutrdVa10q2XBU4Adh47Yl7OX+h
7Er98gu53l9/5W2ho6Zak14fkBE4U+XyJ9Sn5TsoeKkv9tS9KoJ/MDFQjwOR
LPrjBEnkIvJUSHCmqoYgyGzwMJg9F+PaFnkO7zv5irxnY/OOTziZxLPBym7B
BTKgO3iGGc6JezqIJyGJjIbMyzoSo/kZYY7+4NCMOAEO28jsaFx6/8gDrom4
+l2gkboGOTrbTFkFbFkQU7EREQnG9/s1ia2Kn6DbKnNHnwADLKkVGORIMLx1
W2xNufN7nl2+vVZbC01VD4PQn6UifzRlGZZ6Z4gT2Dj7JAYUNabp3QF7nkJX
mREVpUehmWbdyNGx8PfY8dVUXV9dvn79Su56TwqgTudPggwgAnAfjjvRpz1z
jPs7uZ2FBatjbRbd7OVG20Q3+oUecuyhDlo2a7mXuPdaRMDdpihNYiokFPoO
NGT9nQl9ZWN0vsPCq6Iyzus7H8Wxhi9GD0RtrSzMgpxv4basnlosnIkndWRF
ovOUYXleCr6jxhHzrkldSnClENSQK6TXVa/SS4OtTOLdsQWFjlcShYYGjWA/
NlkjmGU6sv1zaKL6U6Ox4MPeBz2bPx2ppGCNBJO74f2no/sz+EY3yxGqsDuY
VbBAkkeejzcA2kEkd6B3318+POIe8ZxnoPvSYBmd5MEYGWKp89bKImXXcGtg
1stOnj0YC12/HT9dME34iC9atmLXNSsOtST5kpReEAZ8BZYwxRrJh6I/oc2k
5JwfIUQhElt1V8BksXnREHzSUNgzcjKr9o49sD8ALm2KFai0uJzLErNV0Thy
1NmmaA17WJyF1wtbwOV1W5LQ2dUlkQu+5MRU8Hqr10BaHdRkzadpYBPm752p
sp04wV753fRAgGJHBvWFB8DJAaobHR39FMYEwtQKC+Mj2PbxCEQJxsfiGy4y
pxADTHxLEsFBmLsXZHcFfxbL/mR2CnYMB37y9uP1zclU/q/evee/P7z6j4+X
H15d0N/X3529eRP/mPg7rr97//HNRf9X/+T5+7dvX727kIdxVQ0uTU7env31
RKz95P3VzeX7d2dvTg7HUdj8Uvx3UzeGOKDdZGDI355f/c9/P30GC/gXQNnT
p09fIpDKh6+fvniGD3dwfrKbreCA5CPEsptAj41uaBWAHqhVXbSMgTQpjb2D
JA1z819/IM78uFB/WGb102d/9BfowIOLgWeDi8yz/St7DwsTD1w6sE3k5uD6
iNNDes/+Ovgc+J5c/MM3JXnm2dOvv/njhFSItORPul6Qh/Re40AJQrRpgBwG
6j4K7S8H7gqG1iD3bCGXJJi2ibHDq0Nu0IKNLlf0rLcrtwO03uIPOCyGeuQH
SGZyJyznNb7h8In9zZrJH1A2VUf9ewK0yX4FHRyNE1CXE3aCurIVIFaJcKgr
9hV22XpPD4+gs4wRsP1kqvmJ94gcmorq1pa3jAvA4II44l2/+Zkc9dqQ2vpo
Jy64B3TefQan7Lfp0Q/vR97YOw+sCrNiv1QDKnlIeFtopjGKOhCiPn64hA0c
xePZp8reIdVae2axG/fpUiGyRXL5R3Vylufsf8AfyhIgar815AR+w9krxhVb
vSOjrwxUjUn1kAEWqWzXzuwKvKly8Qo6ExcXggH7S2WzDOmRTrIWgo1EIUiP
qdZcSgoU7wzpFnkHMA94r3UCsyXG+8SaVQaoKtvARxlXPWhBas1InajMtAuq
SymckwREzsGrMWUILAg+24hohFJkBrOerBOPM/EvnB4yThMo/eUX+h+4jq8Q
exhTLZLgHUoAPu50yY6DAG5uddmJ5iiOXY7DONBZkdO52Jp9RPTJq3xPsqEI
tepKMAvAGLZIicBU/mZkT0Q7J9HrjHEusHpByixEUvjmDZhGPlekAUgSMLLu
SkqSRaN16aFobpCMwVtjbSOYlLwEmL+P9dw+/HYbiieMu7eUAWGVbS0VxBQo
sTn+ptKCp51tPLEngsF83ABEPP9TsyIqj/kWkWBSyaGbiVljw44egnDlbwOZ
HGI9B/1BI8CIiN6NXc9GM+QnFV8WJdUIYIlWcVrKzBHEtmFGDqAhqewmFFbW
UuD4Sn22yD2ZfPx81SnJf6AblLYspZAT8p57KjlHEez91Rytlg10jfwNTNgu
Kd9ip0SYdmCAjKC/rPzjV/c6z+qILKkRYyW3VJJ+w6M+nSeAfBANoi8ER2zX
ZENHH5Sbq9zl4KvSrnHkh6ySiI7X7zm6Vlz9HpUQHoHA04SCSt8Wa96d0rS0
ugSDxiklX47MIRI9dw8RGdKF/gHyKYIHbnVR6iVYDa74DoVkki40BpKyX78k
mEzoAIIwEi4lGDM6wVl+l5wF0QC0u7AqZ6U+Rx040Z9p8YKwS7axnNbfDXOp
rA/6D818PZ+SBeQc5RDIOGuZ+pSIIENJ+lpBT24Lc4dtdbkDu90jpoAiCJlU
STUJv9rpM1zqCA29wGI7R164LcjObuEa8keeWj6HPxW7Joo5bqTdqQrluJkZ
K+kI4ePeb3nAEkrsaYEVfHw2917ugObhlqDIh8uPSZYYbJGSSLUp1puZISuq
qd6BGDNjlMHw4JOpQtTNbO69S3KofZsPoXC4TV64mlKziI68kDWjU1tlojeF
Y5641jaSgOChQiJkDAgHFHoy+X2iYTFHH3ke2bnwoSNVNoiwMHv3+5qSZIJF
2z8fqyTB2kkzDbnlgYPa0eIMXhAVu4qF37sPWeEh4kA7FRixjqUapMWPopUG
uoqW0S+8ZL046lS99sUYG2LrIYdJnI43HgSnsIo0Rn5pMWMyeS7ikPtCDN1j
sFSz2IDyIX5XyePROfHThzTbF69irDZVXtsiijheB9qhOuseIfAJppHkCGKW
CExk1wVpITHBGC455AIPkCt3TeUO0640OxGWs8QWQeVb02rySSppE6SRk9IR
Tzdk4yvhYT8BcA7xfauJvy9S/sYIlvj9NeVO5GrYy8bCneuWjqspLekYtyOG
TRxoW+BSHpVjS8VomCRjkb4LAajj+1u//hqwu6GObmjvDImQMpRde4QiLGMV
6JC6qLpruHqL032dGDN5efG4lHHoasceKviYzwRCqjM4wWCZhFmJHPExl9a5
hMxxybTUrpXHAcYGTiOhrNqltBQVwXY4NkJgX6nrvnZ9YVamglM4W2u6SV0B
qtStuqz+Zny74uY4mPK2jeDmqIZ+P8Kh7AAIBCHUdo4parpAHW3G7jVkqn6V
iL0oXa2FtCKQhtBggT6hoM4S8J0q3yoJ+YfUDPxz3Ouq2MM0xXpNKIqbFsOj
sYKkPN0CBGJLaQwZYmHEPiFwDPjsBT0dBNipj8ZRoEnle2T5sndjJPAQ7SBp
SwlkRl2mjWDJk8gyOdwJ0XICM9Yl20mPlVyaXg66FrmXvPaSH7NXBde6X80E
kZctZ8Xsl+APb33XeLiCZNpSNi4oYlOaGDK5w6kirSdVFML4oYCQnAeub2fB
voi9xuAs2HjSMOh3EpUFt4MhmHr2sR7mY5PJ99RqpAAkjYYWWlQTFq16/8ku
sOAutXe6dMI776k9DZLUeTUMPpov+YKI4lNRO09WEFdpmgaaDE7V1IwdhB4y
8TR4c/aTApjUOzcAYHfjMliq3GTIOeNYIz09K5SL3JP6DVPXh3Cym2GnilDi
KH5Lql93jnKPti//HMWSEAc1rS/6aHTeW1bSeJlMzo5E3YA4+0BxpOPva06j
JvkeiPGVohRpxgEhX+4RsVDRx3lgVZemFbULYR5nu4TqVHg6NgG9A9uDH1sq
71O+989//nPyAyxrVfz8408/UHXw+bOuKR+GRX8KsfknXH304/wHZ7BS+yM/
OEnAim7cPtAB6wF/i5brGP4oxB1C2Q01lXDigAeke+LMmmMZpf5in+kRI1JQ
Hz+8mXqgyigprtJRzX2EfRnGD6CREC3GZbwLNAGMQoSx+kiVjWPwe8owkPBE
AmA8OBy1xketlL1MoTVlmVQwQnEEhmJDf5jZVvUozpb5DOG2YYeIzNU3SbkT
1dpZmiIlcZ/iYxWPnxlEd/YthzWdo4AWK+bVq0HqFUBjnwJojhZS4cPNxdYb
BbdoW3KvlekPF8V6IAFZGqoaeEfIww6SxMUGd1pEjxMjaYFp0NDpi1VPn6TV
KhaF5YmS+GCYc8CpseasxPHKZIuHHBM4LLFfHEYueQiAs65t035D6cz1eEgm
qQyGvXr+H9qP+NVvGN06u50QiBL+cXGYleebR9K2k/GbyzB+c+7Hby6G4zfc
6wxJnvPNRIqKt9rx3MAhKyAoCZvjc4eY4ERztl3ZFhAXHQZCBDLJSs3lNEhA
RoL6lI0DFtVvBwa16Avyt37EJ5QRQht0rxrDT1BAwVH6uYSHZODQxzDGY6o1
TSRM+5IIpaM625CIfKfUPRInA3AoK446P5FX4PIrPOoPJcfsE7i+X8DVPspN
2VJomJT3jZmM1Lv7+wPqgGoIs/vEiB1XAhnjTJUvw0sQPpMl7jZWatUu6W37
3jS5ktLodWfUQz9j8SiW5O9CnA7ZLni87IqSBgPp+JyBgn//MOJnWYJSgrJN
X91nZLW3EJ4nzAbqdz2LPUORuRFDYxJQDA47H1dvY8w1FZXxfDHo0IxZMlXi
od3BshIj0L4gevCe6NK8Sxbh90NurAVsCQkgHgk/BJhRwOCUGoC+Aw90yLB9
4JZwjS+LtTQByzX8T7vZTqWNwfpXbFkC3laS9EiaHkK4d+MQKbcFw77Q8Abc
zPcVlXGzTCHMfIkoHwxMMaIUXMhbxojrr9omwG9GRT5hKXj+4gD3+npwync4
jBAGkx4PxRtnJTPZtwVJa7gxTIBXYIf1iMSLMR/Yb1BBfjDm92Flb4ISiYaZ
WyxqUT3Zo0+2NzgnZDVcFg4eOHjvFTeczdCBxNQn1kpC+QCranyx4STpnY1U
Ca2xD0dgpMJNXK6C1pAZ0CEkrsPqeInhqSleXKQTmJdp7SNt2Q4jadLdvico
0znzXaW3CF/JTKpLJjv34vAQPI3j40JyNIm7TkYXp3LNZxm7WpRlF6LylGve
waSdzFY2tuVc98tcSzpmd+Cg4gz7Fks7TuH5EIv7Rl3H+WFfTTyG1ljaYQkn
lUE/x5kW6qbB6XHeh0eysqO8w9f0DtXuaI5bnaXIz1vpgm2TXqyQgVeEbnIl
BM/vQ840uqpeFzTvnpT/qPG9UO+pYU4PDnDAsFSX1A7J8L1NBB9G2r5fB4wr
9Sm1r8/5bsQYhDacdxBvck+vAeQW7QtuZ2nzXShPLng2hJqRh2qbvhwBUjnH
H6wwja6MC68r2ohRgRdDuMBOhNU51HbI4moB9h4gx3JrkVTHZqy6dOR0rHYL
7jMw96vcHioC+AKaVEdZJhHjhUGMvvHYW0JUL8IY1Jbi2beyleliH+rDUJbP
pnJiLamfIiPlmSka5ectvetSVKhvCDnjvBG9BsDKeKYHT4kUvKRXgkkEpQwi
CqdCJnl4FbQzMDTNnJKVeU9qwM140sNv5Ax5X7rAvbmoxuki8UmW5R2ctBk8
voRzDjFIngjs9UvTSaK1cgmfZjsYaUkTiz7wkABXPfZmdl+HMYajHi8GoMbw
2wvD6YcHrofXUqvr54L9HHA6NU+DIBwlZe5dpuaTxvwV4QkCK4PpguEg6mKy
GI6UJ1En6eNQw5JHRpIVQ56BMI5A0/r6mh/48oNdaV+BeSpGC53IPBYXaHuk
3oOARaZNn5fs+X3CMsoQW1OnhvZgHOEGCeJDnit/LGPljwb13qSs1VfbHrgj
0SHqrOujQdrV9Dp+c2cF+8L62JcdeO2FJmjqhg6vJAyQ84HDdWS36g1Poo5e
h4jy/Ho080wS3d68uR5NG4zCJaUJUvaTYYhKCv1f9PrJ8eKKv13sjyde2zAG
3PohzTTofe5gp3sH+/7qRto/393cXKm3YDooUNfA7ZJeymsPIa4F5EsP0Bxt
bZ2H7yJfskdfCaen4oxGr1o9a4ZzgZIXfLZememG3shjzzMkJ9GTUAMfDwA4
D5xowMbI0MZw/uiewfdg1keHITs3GGOkMafpsHfre7XHZ5tH9bOw1G/o2hMj
YM6dLjlqjscee0OMfZU98uhmLk8QDJhGIjjQJTNqQU7jVkd0m++5NgqkfVfd
x+V9jTzwggGPayUmLa3J1lZ2Sy20sU8MrpLVi4zu834xTCg5dbL34hD3nsmO
T3zPKbx24cs2cXXqMH0o3Cf1wfh3nCSCsuORgU11Q8ruJgkPfr+vZ8n9bByE
CLEiVIJW971kzQlFkZkHrq8nIWkBupbrMgh3XN2Oh8KF92KFuOXUTDncrKTK
j3vaMamyKfd/vEX7Cq3v4+eHAo6f/j806AB9OufhvgsZ7jvzY0XHRvuCnfI7
LgdDb0Km5B20/Lixy5u547zzaMP167Ck02IX1PGeEvcrH7hiw3ScokuuMx1d
pa52RjmewOvhlwnm83GQVBMc/I5Z7hOIN/e+R8MWyMPBv33S1tcGkzHYI9zj
AV+bLu67cPwGFpw7KaL4+SMvO12ukmvIgVghizi79hv7jVMVs49+VfjBe/uH
fU4hr3t9pilIAMTakhof194+93X563t0+eAbA+AOvd4zTqB5ZJLsCffNaurb
NuQIvicdPewBPZTiQQIuynkXco+G9uoWYwo56sqOSAEjPZlUr9c0eWVG2h/C
OkmQ6uNheGfQr51MrpriVmfSHAATAgROGPjyHgbG6jr2qDUkGwj0ppvOz8gU
vC62UJQKUTm2jI9oNC9xbBinSBtC4X3CEfhJZnt8U4cnSagL4IFPWZKbxLc4
O7camD4XWylLsHW7NHnev+jnF+fgxdloyH3x/YUvcb1KSlwpJ4elsyErH+wX
0HpPO84UdK15XLrgFOziaDkpddbcIoy2mtZ70uX6DHg0LTMqrQRI8hZpFsTD
EzLvl8RmWWonzvSDEbkOMMoBNnx/j6ynXlziQuIgF+Rb2vXaJ+MLP5HFN4Xx
rAFWJhHGb3zGfWe43ANgVvC4m3wZa1cUcT0kyftR+VjkcC3wfBgAlbEuxO6C
hhZ1E7phn00MQ6/DDylkXRN6db05fsnUOr+auNeL71G+h6JCVIzcD4fgOpl/
fEQawI6tzwWTWWp+53z8svL/Y+xHekJfOPXjJ9oPJ348i7Q08JuNt9a848If
ecL+HSg4XkQQhL3B2IRT/kU5HlcYjiHII2FgegV206AknBn1JWSy2jcMqKg/
42JE5w70/cMLfzwmcmD4F+4AtPuBE1GNt0f8YHRm0S7iDC+JDbQxmh/w2xPJ
Exc8PZVKM0SjbBdGN4YbhqLWgzg+L+9t8FSGFJ7ohfnjjM28ZoNa6bpyVcas
48t6S13SCvDK3hY4EKRri/T3ygB7sy7pbM3BYZIDVLJsQuDoZ4B5aAVyohJ3
qE3TywlIeuE3t1wU2duBX1cXRU6Iq2FBGxlu+Epdnr072zP24S8D+Hdk+E4d
k248evVBvbNIp8xv+jkJhmzd8m888bzCEfwPS4TfmUjx9cN3tprFCh1V6+Se
tD7CIVN+zKGwLC92MelT6e3v7Fw9/93jl18/n744fU5mRDWm12bZdNRVOX0y
5R8MehTdKmku80DuhP+kg1OULC1B4n7GnH+Zo+AaiG1y1iH+7tvzK/Xipf/h
DPJwxL2z/l1DjtOTXxZVh1gPOf3bCf/21Mmv6Xzq/suJ7BaLZSd6kzR0rbzb
HVtkIAmIl8Awy31cIx38cs3nflyj/62MAz+zEUBseG1MSNp/4z95rXL06yix
uL+FYt36aTdoEG3ASvc+wQ0XSNjsjrj3Oeb1laoBjrlHU//3P//L96ikdzAy
LZoZP4YWPNDtS2D9D3gcDhhYOudEhTd1A2zERQHGuMAIHOHCmSmWHf7VLzBq
8n9Pw22M300AAA==

-->

</rfc>

