Internet-Draft | Mesh Protocol Reference | September 2021 |
Hallam-Baker | Expires 24 March 2022 | [Page] |
- Workgroup:
- Network Working Group
- Internet-Draft:
- draft-hallambaker-mesh-protocol
- Published:
- Intended Status:
- Informational
- Expires:
Mathematical Mesh 3.0 Part V: Protocol Reference
Abstract
The Mathematical Mesh 'The Mesh' is an end-to-end secure infrastructure that facilitates the exchange of configuration and credential data between multiple user devices. The core protocols of the Mesh are described with examples of common use cases and reference data.¶
[Note to Readers]¶
Discussion of this draft takes place on the MATHMESH mailing list (mathmesh@ietf.org), which is archived at https://mailarchive.ietf.org/arch/search/?email_list=mathmesh.¶
This document is also available online at http://mathmesh.com/Documents/draft-hallambaker-mesh-protocol.html.¶
Status of This Memo
This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.¶
Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at https://datatracker.ietf.org/drafts/current/.¶
Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."¶
This Internet-Draft will expire on 24 March 2022.¶
Copyright Notice
Copyright (c) 2021 IETF Trust and the persons identified as the document authors. All rights reserved.¶
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document.¶
1. Introduction
This document describes the Mesh Service protocol supported by Mesh Services, an account-based protocol that facilitates exchange of data between devices connected to a Mesh profile and between Mesh accounts.¶
Mesh Service Accounts support the following services:¶
- Provides the master persistence store for the Catalogs and Spools associated with the account.¶
- Enables synchronization of Catalogs and Spools with connected devices.¶
- Enforces access control on inbound Mesh Messages from other users and other Mesh Services.¶
- Authenticates outbound Mesh Messages, certifying that they comply with abuse mitigation policies.¶
A Mesh Profile MAY be bound to multiple Mesh Service Accounts at the same time but only one Mesh Service Account is considered to be authoritative at a time. Users may add or remove Mesh Service Accounts and change the account designated as authoritative at any time.¶
The Mesh Services are build from a very small set of primitives which provide a surprisingly extensive set of capabilities. These primitives are:¶
Hello
-
Describes the features and options provided by the service and provides a 'null' transaction which MAY be used to establish an authentication ticket without performing any action,¶
- CreateAccount, DeleteAccount
-
Manage the creation and deletion of accounts at the service.¶
- Status, Download,
Upload
-
Support synchronization of Mesh containers between the service (Master) and the connected devices (Replicas).¶
- Connect
-
Initiate the process of connecting a device to a Mesh profile from the device itself.¶
- Post
-
Request that a Mesh Message be transferred to one or more Mesh Accounts.¶
Although these functions could in principle be used to replace many if not most existing Internet application protocols, the principal value of any communication protocol lies in the size of the audience it allows them to communicate with. Thus, while the Mesh Messaging service is designed to support efficient and reliable transfer of messages ranging in size from a few bytes to multiple terabytes, the near-term applications of these services will be to applications that are not adequately supported by existing protocols if at all.¶
2. Definitions
This section presents the related specifications and standard, the terms that are used as terms of art within the documents and the terms used as requirements language.¶
2.1. Requirements Language
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2119].¶
2.2. Defined Terms
The terms of art used in this document are described in the Mesh Architecture Guide [draft-hallambaker-mesh-architecture].¶
2.4. Implementation Status
The implementation status of the reference code base is described in the companion document [draft-hallambaker-mesh-developer].¶
3. Mesh Protocols
The Mesh specifies two separate types of protocol interactions:¶
- Mesh Service Protocol
-
A synchronous protocol supporting interactions between devices and a Mesh Service Host and between Mesh Service hosts.¶
- Mesh Messaging Protocol
-
An asynchronous protocol that supports interactions between devices connected to the same account and between accounts.¶
The Mesh Messaging Protocol uses the Mesh Service Protocol as transport. The Mesh Service Protocol in turn is supported by either the HTTPS binding over TCP or by the Mesh Datagram binding over UDP.¶
Mesh Services MUST support the HTTPS binding and MAY support the Mesh Datagram binding.¶
4. Mesh Service
A Mesh Service is a minimally trusted service. In particular a user does not need to trust a Mesh service to protect the confidentiality or integrity of most data stored in the account catalogs and spools.¶
Unless the use of the Mesh Service is highly restricted, a user does need to trust the Mesh Service in certain respects:¶
- Data Loss
-
A service could refuse to respond to requests to download data.¶
- Integrity (Stale Data)
-
The use of Merkle Trees limits but does not eliminate the ability of a Mesh Service to respond to requests with stale data.¶
- Messaging
-
A service could reject requests to post messages to or accept messages from other mesh users.¶
This risk is a necessary consequence of the fact that the Mesh Service Provider is accountable to other Mesh Service Providers for abuse originating from their service.¶
- Traffic analysis
-
A Mesh Service has knowledge of the number of Mesh Messages being sent and received by its users and the addresses to which they are being sent to or received from.¶
The need to trust the Mesh Service in these respects is mitigated by accountability and the user's ability to change Mesh Service providers at any time they choose with minimal inconvenience.¶
It is possible that some of these risks will be reduced in future versions of the Mesh Service Protocol but it is highly unlikely that these can be eliminated entirely without compromising practicality or efficiency.¶
4.1. Data Model
The design of the Mesh Service model followed a quasi-formal approach in which the system was reduced to schemas which could in principle be rendered in a formal development method but without construction of proofs.¶
Like the contents of Mesh Accounts, a Mesh Service may be represented by a collection of catalogs and spools, for example:¶
Backup of the service MAY be implemented using the same container synchronization mechanism used to synchronize account catalogs and spools.¶
4.2. Partitioning
Mesh Services supporting a large number of accounts or large activity volume MAY partition the account catalog between one or more hosts using the usual tiered service model in which a front-end server receives traffic for any account hosted at the server and routes the request to the back-end service that provides the persistence store for that account.¶
In addition, the Mesh Service Protocol supports a 'direct connection' partitioning model in which devices are given a DNS name which MAY allow for direct connection to the persistence host or to a front-end service offering service that is in some way specific to that account.¶
5. Protocol Bindings
The protocol binding maps the abstract protocol definition specified in this document to the network protocol format.¶
- Discovery of network services.¶
- Construction of the payload data by serializing request and response messages.¶
- Authentication of the payload data.¶
- Confidentiality controls to protect against traffic analysis¶
Currently only one protocol binding is specified: JSON-BCD Application Binding [draft-hallambaker-jsonbcd] over Reliable User Datagram (RUD) [draft-hallambaker-mesh-rud].¶
JSON-BCD Application Binding specifies the means by which data types such as 'integer' and 'datetime' etc. given in this document are serialized using JSON/JSON-B encoding.¶
Reliable User Datagram offers a presentation layer over a choice of HTTP or UDP transport.¶
6. Mesh Service Operations
The Mesh Service operations are divided into the following functional groups:¶
- Service Description
-
Describes the service.¶
- Account Management
-
Operations used to create, reclaim, and delete accounts.¶
- Persistence Store Management
-
Operations used to synchronize persistence store data across connected devices. [May be replaced in a future revision]¶
- Device Connection
-
Operations used by devices requesting connection to the account.¶
- Publication
-
Operations allowing a watched document to be posted to the service and claims made on the document returned to a device.¶
- Cryptographic
-
Cryptographic operations, including threshold operations performed by the service.¶
- Messaging
-
Exchange of messages between Mesh Services.¶
6.1. Service Description
The Hello transaction is used to determine the features supported by the service and obtain the service profile.¶
The request payload only specifies that is is a request for the service description:¶
{ "HelloRequest":{}}¶
The response payload describes the service and the host providing that service:¶
{ "MeshHelloResponse":{ "Status":201, "Version":{ "Major":3, "Minor":0, "Encodings":[{ "ID":["application/json" ]} ]}, "EnvelopedProfileService":[{ "EnvelopeId":"MCZ3-M2PS-SFXP-4L6X-RKGP-MKJA-R5WK", "dig":"S512", "ContentMetaData":"ewogICJVbmlxdWVJZCI6ICJNQ1ozLU0yUFMtU0 ZYUC00TDZYLVJLR1AtTUtKQS1SNVdLIiwKICAiTWVzc2FnZVR5cGUiOiAiUHJvZml sZVNlcnZpY2UiLAogICJjdHkiOiAiYXBwbGljYXRpb24vbW1tL29iamVjdCIsCiAg IkNyZWF0ZWQiOiAiMjAyMS0wOS0yMFQxODoxNToxOVoifQ"}, "ewogICJQcm9maWxlU2VydmljZSI6IHsKICAgICJQcm9maWxlU2lnbmF0dX JlIjogewogICAgICAiVWRmIjogIk1DWjMtTTJQUy1TRlhQLTRMNlgtUktHUC1NS0p BLVI1V0siLAogICAgICAiUHVibGljUGFyYW1ldGVycyI6IHsKICAgICAgICAiUHVi bGljS2V5RUNESCI6IHsKICAgICAgICAgICJjcnYiOiAiRWQ0NDgiLAogICAgICAgI CAgIlB1YmxpYyI6ICJWdkNVaGVxWG9NUm5wVzBrYjFaRVNlcE43cHhJZlcxMzh3VX loelFmY2hqQl9lVEpCMVVkCiAgV25XMVNraHk4UHYzMlp5VnE0WXdFbkVBIn19fSw KICAgICJTZXJ2aWNlQXV0aGVudGljYXRpb24iOiB7CiAgICAgICJVZGYiOiAiTUI2 NC1GN0dMLTU1RFktRDVOVi1HSkxULVdUNTctRFc2ViIsCiAgICAgICJQdWJsaWNQY XJhbWV0ZXJzIjogewogICAgICAgICJQdWJsaWNLZXlFQ0RIIjogewogICAgICAgIC AgImNydiI6ICJYNDQ4IiwKICAgICAgICAgICJQdWJsaWMiOiAiZjJ5ZHpJcW9HWkt 3MEZaMG1YZ0pvcXBka3BMQ3RRVncteXdUbjJSYnh3Z0kxbUEwbGJCUgogIDU1MkFE cGlKajJSek5KYnRJQWVzVU1ZQSJ9fX0sCiAgICAiU2VydmljZUVuY3J5cHRpb24iO iB7CiAgICAgICJVZGYiOiAiTUNIMy0zSEpTLUE2UVAtUlJKNS1IT1JCLTNZVEItSj RXVSIsCiAgICAgICJQdWJsaWNQYXJhbWV0ZXJzIjogewogICAgICAgICJQdWJsaWN LZXlFQ0RIIjogewogICAgICAgICAgImNydiI6ICJYNDQ4IiwKICAgICAgICAgICJQ dWJsaWMiOiAiekc3d0VWcl95b2UxZWRIc084TjBTZHpldTFZM3phbkkzRU9rWVNCc WpXcU1KQmtYSHY1XwogIHBTa1BnT1VaaEViZjNoYV8yZmMzU080QSJ9fX0sCiAgIC AiU2VydmljZVNpZ25hdHVyZSI6IHsKICAgICAgIlVkZiI6ICJNQlVULUlQQlotUlp ESS1CTVNTLVZUTFMtTDVHUy1OMlBDIiwKICAgICAgIlB1YmxpY1BhcmFtZXRlcnMi OiB7CiAgICAgICAgIlB1YmxpY0tleUVDREgiOiB7CiAgICAgICAgICAiY3J2IjogI kVkNDQ4IiwKICAgICAgICAgICJQdWJsaWMiOiAiVDdDX2xfOURhRnZRNzNGUjk4dS 1HdGRGVWMxdWQ1bFd6WXhZNS11TkZhQVFjUGtUdmJKUwogIHlqVGVYWXVWQzRWMFV jelNPbjlPbEpxQSJ9fX19fQ", { "signatures":[{ "alg":"S512", "kid":"MCZ3-M2PS-SFXP-4L6X-RKGP-MKJA-R5WK", "signature":"35JI1R3uB5lt3qDkIyD5JPNTRtaa4Jzyu5EMW5uk Z1seFoi6ph3h4qWb9aXEm_fJo-gERJTCEsKA2fa5WbP35NPF8bH6NCvVfWs-cdlCB PpJcw9btz1DEU3LjDsZinva--qe9j1JHV_aUQg9YuYMKy8A"} ], "PayloadDigest":"Ort3czll0X2Onn-pKQs2e8o9H0sekQO45Cgzv9io mG1MwNCptdzZOz-RVS8RX7T0kDjfejmC9cu_-56VxBmTSg"} ]}}¶
The current revision of the specification is designed for small scale deployments in which the service is provided by a single host. The approach will require revision in future versions to fully support a service being provided by multiple hosts with accounts being transferred between the hosts to allow balancing of load.¶
6.2. Account Management
There are three account management operations:¶
- BindAccount
-
Create an account bound to a service address.¶
- UnbindAccount
-
Delete an account bound to a service address¶
- RecoverAccount
-
[TBS] Reclaim an account using a recovered primary secret.¶
The BindAccount operation is used to create User and Group accounts. Currently, these account types are distinct. This may change in future releases.¶
6.2.1. Bind Account
A User Account is bound to a Mesh Service by completing a BindAccount
operation with the service.¶
The BindRequest
message specifies the account address and ProfileUser
of the account to be serviced.¶
The BindAccount
transaction is unique in that it can fail to complete for reasons that are outside the scope of the Mesh specifications. Creation of an account might require payment to be made or authentication of the user's credentials. It is thus quite normal for the result of a CreateRequest to be the account being created in an 'on hold' state which can only be changed out of band.¶
If the request is at least partially successful, a BindResponse message is returned. In the case of partial success, a description of the request status and link to a Web page providing further details MAY be returned.¶
The request payload contains all the information needed to create the account:¶
In order for the account to be usable, the initialization data MUST include access control entries authorizing at least one device to administer the account.¶
Future: It might be better to establish a separate entry for a temporary access key that can be used during the initialization of the account and then deleted. This might allow for more consistency between Bind / Recover / Transfer operations.¶
Alice requests creation of the account alice@example.com. The request payload is:¶
{ "BindRequest":{ "AccountAddress":"alice@example.com", "EnvelopedProfileAccount":[{ "EnvelopeId":"MC6L-GFYJ-7EOP-2OWN-24ZJ-4RC7-EXTW", "dig":"S512", "ContentMetaData":"ewogICJVbmlxdWVJZCI6ICJNQzZMLUdGWUotN0 VPUC0yT1dOLTI0WkotNFJDNy1FWFRXIiwKICAiTWVzc2FnZVR5cGUiOiAiUHJvZml sZVVzZXIiLAogICJjdHkiOiAiYXBwbGljYXRpb24vbW1tL29iamVjdCIsCiAgIkNy ZWF0ZWQiOiAiMjAyMS0wOS0yMFQxODoxNToyMloifQ"}, "ewogICJQcm9maWxlVXNlciI6IHsKICAgICJQcm9maWxlU2lnbmF0dXJlIj ogewogICAgICAiVWRmIjogIk1DNkwtR0ZZSi03RU9QLTJPV04tMjRaSi00UkM3LUV YVFciLAogICAgICAiUHVibGljUGFyYW1ldGVycyI6IHsKICAgICAgICAiUHVibGlj S2V5RUNESCI6IHsKICAgICAgICAgICJjcnYiOiAiRWQ0NDgiLAogICAgICAgICAgI lB1YmxpYyI6ICJSTHNrbTRnVzZrQm5aS3dMMlBDQkF1aHJyaXVBU1g5X2lZUkt4UT UyRFN0V0dsT2wydWdFCiAgeVAzdTZBVEM1WW1JOFU5TXFyT1cxTW9BIn19fSwKICA gICJBY2NvdW50QWRkcmVzcyI6ICJhbGljZUBleGFtcGxlLmNvbSIsCiAgICAiU2Vy dmljZVVkZiI6ICJNQ1ozLU0yUFMtU0ZYUC00TDZYLVJLR1AtTUtKQS1SNVdLIiwKI CAgICJBY2NvdW50RW5jcnlwdGlvbiI6IHsKICAgICAgIlVkZiI6ICJNRFFZLUo3Mk EtVlBBTy1XRE9ELUdZWTctNFpaNS1QTFZMIiwKICAgICAgIlB1YmxpY1BhcmFtZXR lcnMiOiB7CiAgICAgICAgIlB1YmxpY0tleUVDREgiOiB7CiAgICAgICAgICAiY3J2 IjogIlg0NDgiLAogICAgICAgICAgIlB1YmxpYyI6ICJJZTJtOTRzY21qN05yX1lxT TE1U3h0R2tmbkJMWWxUa25rSWVsVlhxYXJpSUF1el92QjJICiAgRHFNSElnM1otUE tpWEZlcVVqTDRnTmtBIn19fSwKICAgICJBZG1pbmlzdHJhdG9yU2lnbmF0dXJlIjo gewogICAgICAiVWRmIjogIk1EUFktQUI2Mi1STEwyLUZEWkYtR0hZQi1MUzJHLUhN WlgiLAogICAgICAiUHVibGljUGFyYW1ldGVycyI6IHsKICAgICAgICAiUHVibGljS 2V5RUNESCI6IHsKICAgICAgICAgICJjcnYiOiAiRWQ0NDgiLAogICAgICAgICAgIl B1YmxpYyI6ICIwZ3JnTFRFNDljWlF6SURkT2k1ZjRsSXgzT2xsZFBqOVA3dUNzcU0 wWmdLWHJHNnVBWHAtCiAgUWg3ZUdxOE5WNkRQQjBib3YzX1BZSUlBIn19fSwKICAg ICJBY2NvdW50QXV0aGVudGljYXRpb24iOiB7CiAgICAgICJVZGYiOiAiTUNaQi1YT VdNLUtVVlAtUFpaSC1CV1RRLUY0QVYtT0dOUCIsCiAgICAgICJQdWJsaWNQYXJhbW V0ZXJzIjogewogICAgICAgICJQdWJsaWNLZXlFQ0RIIjogewogICAgICAgICAgImN ydiI6ICJYNDQ4IiwKICAgICAgICAgICJQdWJsaWMiOiAidzE0OURtZ2RlOXNwaGJI aWdIVkQ1czFiZlppa2l4ZzNUTEtBRzNWZ2pKZTRETUFWRVJCcwogIE1JbTBBY19nR VZvS29yb1gxdEdFRkowQSJ9fX0sCiAgICAiQWNjb3VudFNpZ25hdHVyZSI6IHsKIC AgICAgIlVkZiI6ICJNQ1VNLVNRMzUtWkpVUS1UTVRLLUhCNFgtNTdRUS1ZSzJaIiw KICAgICAgIlB1YmxpY1BhcmFtZXRlcnMiOiB7CiAgICAgICAgIlB1YmxpY0tleUVD REgiOiB7CiAgICAgICAgICAiY3J2IjogIkVkNDQ4IiwKICAgICAgICAgICJQdWJsa WMiOiAibUR5cDZtTGlSYXRPWGlCdHg5YlZabTJiaHBQaXFtVEJMdG1WeHpwOWRCTW lVWl9YOElkdAogIHY1MUJvcFcycWF5blJ1LWxFNU1WYW5LQSJ9fX19fQ", { "signatures":[{ "alg":"S512", "kid":"MC6L-GFYJ-7EOP-2OWN-24ZJ-4RC7-EXTW", "signature":"aeCuTY0X-J9_L6HGafZKbg5ZueP6PjoydfQDXB28 B0CpGfqhPjTc6bjLF-vZWzSV4wZ9wotFvXyAR_QRXW7EtpbRz4s2j-bdzGR6z0jzJ GnFWaxUYfAzCoFUHfhUDzJTthMNkQiJ-sUyRyriqaF0HjUA"} ], "PayloadDigest":"ZPrAcmAuks4uOaLyaHIyrISbFbCuNwXI3h7IVDB4 hzyitFAsVEg8G5QukhJexWuntd_8f4VwQaAmZnjT3lPEhw"} ], "Updates":[{ "Container":"MMM_Access", "Envelopes":[[{ "enc":"A256CBC", "dig":"S512", "kid":"EBQD-MFCK-GMFI-EJLU-JWF2-5YJB-J2SB", "Salt":"MGj4PLH5oEB0phrcEoUfhQ", "recipients":[{ "kid":"MDQY-J72A-VPAO-WDOD-GYY7-4ZZ5-PLVL", "epk":{ "PublicKeyECDH":{ "crv":"X448", "Public":"DEvl-JoQy57jXQIU681ocrUxWx8hbEdlK E0Fn-Mqu7PrzJ3sSYGho5oesrT8XeOAO8RStyCXyVWA"}}, "wmk":"jXXpYAWULwnpOZwIGajhOnCNiGKQ5_tspWbJ-kyB Ccjd3gbSXDTllg"} ], "policy":{ "enc":"none", "dig":"none", "EncryptKeys":[{ "PublicKeyECDH":{ "crv":"X448", "Public":"Ie2m94scmj7Nr_YqM15SxtGkfnBLYlTkn kIelVXqariIAuz_vB2HDqMHIg3Z-PKiXFeqUjL4gNkA"}} ], "Sealed":true}, "ContentMetaData":"ewogICJjdHkiOiAiYXBwbGljYXRpb24v bW1tLWNhdGFsb2cifQ", "SequenceInfo":{ "DataEncoding":"JSON", "ContainerType":"Merkle", "Index":0}}, "zyhYVztZr_46YOc79wOqvg", { "PayloadDigest":"WHWDVPPAr7l7pVkNrvtILKf4KP_BjYMHzk 1RyJ-rVWwX2qBOLuJYIlTZM_EI16cqxNVXPk-kwMET8VpVF4Guug", "TreeDigest":"88cOmpTaXmWH1Bh0-1t9tWWQ_hTdVWPm_dZ8- 4UwPOngKuxxyMb4fFNa7MG2sxPKgFvWmnzLHPsfSOx9MebgiA"} ], [{ "enc":"A256CBC", "dig":"S512", "kid":"EBQM-E4VE-W2JV-NFAM-QKIB-HEBR-6SNT", "Salt":"yVuWeqskmU5BaEexTuKIjQ", "recipients":[{ "kid":"MDQY-J72A-VPAO-WDOD-GYY7-4ZZ5-PLVL", "epk":{ "PublicKeyECDH":{ "crv":"X448", "Public":"XmkgwHxlHkSERGMKJObH6_X25Iqvcl31A dSLgFl7TBLGT6ZMY_6zdg1iWWz1Ku2hRvklYBF4nUYA"}}, "wmk":"FvT2-j2jJaGjWNEYD7PC83hiUe_MEAJzXIosp7a5 p9d7nlDm7NjLXw"} ], "ContentMetaData":"ewogICJVbmlxdWVJZCI6ICJNQUhDLUVG UE8tT1JQUy1UTE9CLUFYWkctWEJTQy1FQkpYIiwKICAiRXZlbnQiOiAiTmV3In0", "SequenceInfo":{ "Index":1, "TreePosition":0}}, "IKq50Z4or4qnCBQtJ2_Kg4giXIs9vuP_a-fxtVZh4jYBFSfGPdx4 PwAfDLQMWeXO70SMxyiDfyL8GIBB8lYQW1f68tUlH0odLNi6FXjqjytKJCM3W7iWn DKf4H7Vedkpdci9g0iuJwPXY_7molYBrnQhpPlUzsXT-V6_-ngbtfoRbWxG5k17J- ACcxkbon_FndmlinyNNW6eo5UCJcf8uA", { "PayloadDigest":"aUlSvwsl7mrfcmWgOeRZ-DjikfZD0CIxf7 k0F43biFDTlSlHAaZfGBMje3PJkozhW2exm1lIy47ZnJJqmvf4nQ", "TreeDigest":"ElkBtR7By3w09N45wE-73GdXbLtm9VIqHrt3b ZlIGGtf65ybq34emfzxjIU9gPWRERqWgy6xnODImm95DmGr0A"} ] ]}, { "Container":"MMM_Device", "Envelopes":[[{ "enc":"A256CBC", "dig":"S512", "kid":"EBQC-LETH-D6TZ-4MVZ-BIXG-NIUJ-7YOG", "Salt":"mnJVCyVdweTZOLa3fOdmdw", "recipients":[{ "kid":"MDQY-J72A-VPAO-WDOD-GYY7-4ZZ5-PLVL", "epk":{ "PublicKeyECDH":{ "crv":"X448", "Public":"dD1IqK97rRnu8HA5WhCgLNP-2Qu3PszUT l7lUCSFC79SpV3j9PbEiB5tZqaInVfz9Jvc70bJPcwA"}}, "wmk":"UrOxQRZcgDtkAtyNG-vBleqzAEpVy7ovSq3RDZ-M Ma8EWKHCiNE7Sw"} ], "policy":{ "enc":"none", "dig":"none", "EncryptKeys":[{ "PublicKeyECDH":{ "crv":"X448", "Public":"Ie2m94scmj7Nr_YqM15SxtGkfnBLYlTkn kIelVXqariIAuz_vB2HDqMHIg3Z-PKiXFeqUjL4gNkA"}} ], "Sealed":true}, "ContentMetaData":"ewogICJjdHkiOiAiYXBwbGljYXRpb24v bW1tLWNhdGFsb2cifQ", "SequenceInfo":{ "DataEncoding":"JSON", "ContainerType":"Merkle", "Index":0}}, "8uLxPeRu7X0HUwf4v4ViRA", { "PayloadDigest":"qnV5ry9sL4C68a0Kg1roD1cHCG5nps-XHn GCuzRhdet6OkaPPZvSMq-AAJvh_huTDfA16J9OYLnRJVUL2fh6kQ", "TreeDigest":"ValOROMKQy4zSONTIPA4prZqgA1YE1CdBkDmT nmTJajI5XkO7Ybed3itG4IuYtbB9JX9vT_J2CkKgvbnIUYe7g"} ], [{ "enc":"A256CBC", "dig":"S512", "kid":"EBQL-MXIB-EELT-2SOW-SCAB-WHJ2-OMXN", "Salt":"PQGoOlxH2RNr6PwuNhXl1w", "recipients":[{ "kid":"MDQY-J72A-VPAO-WDOD-GYY7-4ZZ5-PLVL", "epk":{ "PublicKeyECDH":{ "crv":"X448", "Public":"UgnDvOH8xxl-JYNgvsSbGm9FTtXSb5KXR ff53PY0bcgyrUKNoiRPztRCwC2MKtPF4qGOtVVOezuA"}}, "wmk":"q-_sEC7YocmoZQagZz3Lo_ea6WBEkqXxmkEBGwqT sm9_GSKZKUzKdg"} ], "ContentMetaData":"ewogICJVbmlxdWVJZCI6ICJNREpILTMz UkwtMlc0Sy1DWktSLVZYR0EtVElDNy1QSzRRIiwKICAiRXZlbnQiOiAiTmV3In0", "SequenceInfo":{ "Index":1, "TreePosition":0}}, "WRbUWur99oRwA1uICKbOXHcwjnB1L8ag0srUYruQ4Z7zpgHs22RK SFcJTm3RGOaUyBRmjCCLwSe8I8gNdEF5qzlXipO2SWaYZG1_mldItLY-vw_QrQ19K mPAfDqw4sL9ULkA-Wv3UJBMCprBL2hf1TZeY_urgSYs3HUQx24VGVs_JtZ9-sGJqW _Pp11XvWBvV0m9ESeICVbntN4Mo7kcwxcF0ErHGI91ecHWW97bUKiPNIty3NSowUb 8efKDnWVTwtlGCCPc88ZWqcLHGcqzkQje-mBPltUWNqUlHdynPtRPYZ5TGqHprJhn VgUfGtOTtIcZcSiK869eTTSnOkZovgQATODTQayy0o56555pqtQ_mhamRYJgkMrIv 6ckRJTq_CRIrVNKM9BGGl9OCLke8RPLfuZtR4M5_Yo6dVVUo291Z5qTLfx2oy_V-k LdFPIPZaVv4b3TZbkVRf-naqHWLiABy2LpTrW0OqAdJ7RKOII4uhPituQO7Q8JkFS tNKlU7ntKfKW8AKBdHLFO_0XF76BrFYviQJCGuTbynjvPdriC6gp7cvro19W7g82e p73gf8GWPy5-CBsmIQGM8ikqJaYsiS_GVdmwo3J29rpxcgqxujArWiv-9lGFz4uIX H1UeNCCpyMO_SQCeKLYi9I0LS_-Irm6ILF4RNBpHcCLVyGAj_fihBhaNqzrrGevQG 3N8_jcTwZFOagK7h25X4Z_59GZGGyAxO6_a48HxIl3AQEuwZTcWXlwA0CAuffw2-3 RLPtR1rKxbUTk2UlyWHL2-FZZSbVFiyNbxB0qn6VebG_WdvU8W-ebkuMXslirc4EF koPhof2n8LEM7ez9KV1LkhbrDtWbm0BmnT4IKeqW-noyWoDqH-qfYoAY0rFob91Ua edY_lCsS5gD-rko-Fk7n7IBUdya8wxvdgqRHOxGhH5b2xMwXibdBQyEIizW6l-__q 0GmGHjJvXaGn7plOITD6DgHbnhUfPBA-ZGDIIlxmFXZQX2Z2xJkiz_KMzcWZMiQ86 tBc4xxcpU-NIitZD9z96I8-tLV3NLTZxa6fDe3uNPbMXc-tPc85z20xTDZC8kZOEA LfCN-D_iENtk1YgawcTgRCZqq9KbjH7NwfL8IzYosaO4CwVi1yxWY4q8DjVj4-iK5 4Vpz4daGzGNZV5zyO340Jg73kSr7aLTSxU2DgOuDpcuYT2XmMIFbyEGStN35KmBeW RqfEwZKEQfcoHhHHMIgqmYoTMeSwSfjbUBpkNkgHnir4Mk1PKDkFFdCs-mhKgLME3 JMGfhvxyJZXhN1ttCwHJDKDGp0vjX6SguyFi1TGuQwagPVbhz-Rf44SN6iHFGrClX cbDQAGJhlStD6a1UayBNFo1HqM65sr-TKUe6VeX1OBy7Mrf8idFN2B1jiP2z0tm-D i_FIY1x2DOwcwx0EGpHnna3D6UELgWU-tiNRoBUQFhFAWc_R7KkHDmaG4HxIYG4-i OJPDqjvV49LpDEAATUlasFlMXaDj_w0JYTCDTektbKG8hpUXpYCqUFjzexfhFfuJo 1_nHKyuoWTlGPKMl7HpI90BiXOyWVqWit2sD1WeUGMM6FU3lvx95f03j24gqsH1I9 PhO7xZf1G_im8-PHFFd8kHKp1K-FjW0Mu-5yG9MH467Eklsqb9KqK0sZAO44S_VuV m-lB-v07vL5ma2zD1FkBKySVNkTIqUNEBF4tUa7HnZWpgSb2tHI3lxg7Sz6VRuLdt kJW6_wbjOb868i6qNetkqiJW4ehfCIStEiN76Fh_vt_AwLVxy0dHfkYYRySGceeWw tVFUHu1R5j_U4UvDbOMKFX5bc3AeKTVuZl4FkZulRBLlfTE_Xtn2zMLFvRuLTilkO YFc3qFop_HtB66EEUK4zzsWmA2Ko3ZO2vTsk1Y8B7yYut8eOWyFJTSBZGSCDrGsWG Nnwm3dAGyqWXUXdzUT0ZoxMm2u8Q6mwmoOippNb9I6o_lEKTrnbrX-DTt5AJsQrIK tqionu7rtC-pSrYNgv74H3klvtxBP9uWyajzREAQRSNC66qDMHHhu3ou87KChU7If IFPgWQqRiG_ayUs0x0lz54OTQrbEb8VfbWyGCWd0b3USH8b64RWoYoP6Smxl3B29I PEOcVSn17uxljZFs555llUYyitvfcYTG9YbkTYKFfLYJFp0mXcYI4KyW4GhbgxGhJ aRE1qtZ4Hv2WvOh4NWyQoIZFwzgNlAoR046iVQBY2KrTRuDRQSWUxMV2fImJh-jWw Q99KEneNIVY4v-5UZlNri0EEQWYMFIJ94eqA_KkkXdw7pleLGxTzqumR_aj_fzYLV GirtMzpYsvjYHOzz9fqJ07TCN0sVb-6QPIdDDHhyt-cTdbEqQegF9vKGn-YRVnU7N PauyBJapZ0Gc8ncuGEw1-SHlLqL95I_tKh9CUg1qzqER5hm38GP38kirslba_oNEw 0vw-8SBry0b0DxGQPZ8uNEsSK9SfhIRuHIdQnK4FPsTV1ASEYr0-TkUTGgN9nHq1e TmSkA-r4YXKFfd-gkkrfCfIOHZ4fqkyGKkfu_97dAp8f-4gWPhrZDgRfbmhKo_1Ku auhvKNM_bUNwBFibjtyIm2tMj1VO2fFpfzrofTGYKRUBqDQPhJMLOLkXBlAL4vQPu y-JjcO5cwFiqG3MbwRoCo5eyultJmtFWYP0aFCDitb44_yDA_j6GI4OKfX13qeQxj ZwrSi0NsV7IdMG2Dh7Xo9UU_qge8YlbCEG68HIWhe9H_hqAqUNscAFDNDTPZAr70F lbCW_YJ7NvOw30cTaUB171VneHBeLuVYSkvaKmSRnf02iMe_h3vvACycBL10AdWgM Y_88taAWkaUZjMkaVym-neZVsMVIay0tfdUUjtqHLRpyu2yGB6wzeOXm77N--u9yo zKdhQH2VlQEiJb1ejbnQly5xLlZ9m0DNaGRUWe19Qrt1UsvhmJO5BF4Caoz0n1N0y 6eh9tZXB4t3QCG__3kpHrvoeU3HrNmWojcEFBas9D8Dj6IH89tCDTIIKWngVe9BSS IFrbR6ei7ldaGCc74VUd3GxlV4Th2bf-xXdiMtVKOLc9LL3Jyb-hbYA4gvfqsUMaW UwCFGHa0hORqSaxu4fzAs7YqIfvLOfBAZclTOlOLpGBunAlysAlR-qHwICZc-OmlN shRnAmYDxGLiI5nltSjKN-k66guqa3ohtB2eJ8UxwCk27borZcXSyAF0TCOCx3SG6 PB1ueUmVn4c38exZTgN5YiyYtE03qEe4jNWnfSeTqGeRAZ3EgYg8rrfBCIuZOorw3 GR32zVzSa2eQVU5IMK7qIaqgMgGL7VtkAxPZq65nOFgIA0-uiG965RAKmgN9T3T44 Mt3iER6EqT4cNHpb6jZHbkHZ8NoJq79rLp6zFaQpRh6ramUf_KUr-1U0cXjuqv-l1 a1XYYs4Npmmmb6n5lrNqda5tOkKgg2uvJUMhN19AGHuRA5IHtYkAB0i9FgTado_zg 33PMrG6HWEVjmLq5QF7WBOVVfNwpRr_kS17Nqe_JgiXdrUPmqYXjbzvcI95ePzCN- NCAOf4cNOyKzGxsDDZkNwzIoQZz8Kh_qYO0srIj-ra-QsEp_h42s9wuA6j7Grdrzk eMUMoYKQchAU9yBz9KUj5PMb0KaWvFwvGXIlvuXpIQbLsSTZmEAERNHy9291doMRx _SWH3juH5jDKvi7zrM_twql7k7l7VtM-bq2_t9K7vN8VebyLHmPpIXS4Uiky0n08E DgQVw81jXKoTWMXIJu-cQVpZxhgJ5hObrSzvqH4P50cFdEQKqNDFREIT8kHw7XOdj 5GVP1IiVT6Osdv6bGSw-PS1APc-uPU0wHEZwScP8PkeQVQ9YbxYyctO5_D35SNzlF 9VnNECKECjY7HE9G7ZPxjdrkKmRBrpTuT9WnrT1s6X1IS4FKwljqdfU9-mv9hT4Bb OU4d8kJjVpvihq985BpN_OSlD6K_ND5i4njFiL5-ZUWgxhEXQdZgpMq6aCIduyv6_ 9p7cQkU7EA9dVuxYSke-FCm1XRnSkszdmo7FSn2MTm_HWjtjvNfxV8VTOinVCn7P3 zpWQF1X2EmdDxt8vypsfpBnvQYoAy7-CsP_17JZEyPrjTvEA5AwUXo1wbMm5fVyLz AOKRE0sphht8uLzYY6nj_CbIzSClZUPmxrgr7zTUUwrQW_jTFo3BL9guBYcwIXnFH XKNm82wcP2bv1z3GhwDUA4BtqHKJpuF-IR3hEmUKcQXa_R1DpzbBAw0Uqezhkp8ZG yyKw4m5v7kNNv6j4SvUp_enTJoSpa_A3zROqL7rNy20HGgfIg1LhjpNwiy_LENxn9 xRAnewA7I0u9vJf3RKe9FcHZd2OeKqMe9uxM5CR-aKBBwqa3O0KOUFITfAlJED1I_ z1NG6EEHOW5C4c5hmFrQBrYxkSm7z5EfmX71XdJL9mbaO2C59hpBvlqP8wt-8xTdJ U0rQF_F5pvhUdoM3nD521lYDpTm_WFoUnUOoH7Hxt2JrHP_hdFMS5h_LVw3BrcP-H i-Y0QFPf8zXrFG_z8mtVg-w6_AvCwwFz-t5GmZB8n-BOWQKsyNGnyqidkTCqEx07P K4tn9mUGMWVtLYqszKf2D5jKbeOt_8QDyzOnED0HUi1KEF1P4rHYYCRjbkeIqtUv2 8b8urT_km9d3IJNo-kdxovh-OZ2vdoTP5-BkhB9dEM-_qOdt0Hbj32CuBnbLdFMmY 9W4tc4sGceI-f2bRe1GZifmuTS7MgKBNxX_VRcmCiuzB9olvYrXLcbSojxLLV-Msd mV7TeVoDVkyDfW7u8gB251_ANLvKugcGwrg7_H6CHXHDqXhuV2nZAYhq-1QyG7aw- LixUundNolNjM-X2h40JK_Jcwj60KgjlZ_qnbX39CaEaNjmYQ8_wG7XeCaYY5ukv1 dJZF9jVgtOK8TFNgs6VD32EQvEn319JMxeyhL_383LzNcBcyulgdiCH_-IdHBFcb_ l62j9-GHnQxckFp8ANib4FKBQAopZWVUd5STzzZqORZFBLGdjTrmZQE_t7aIzw7ed RFikGbR7-2IU9Ral8bu5YauufK_VjS0Nu9qu6snBZbsY_4ZGGXGMrGrTsP2UZK_1N iIv4561CiC4GLuitIj8InYZY0qRlW3_zOKGh0X_nvtkd_PD6m1QIvPwPVTOGN4CYS mDaZeTpsIdR4G2nw4-pIAFUy8IIaNvO2ZqcD978rzzfm9ynEGQewvWkrii24eM9qq 62E-DuBfFf8L2Hbjc3QAwQkMqQ5HU2DZ3TddMENAlI0_zcZPCTsWy0cgk2PF293Qu kP2_HtsC9neVIfqZjWlNnjPkLEFcFq1q5oq5P0q-KKLu2f5VS7oU6j2pL8fuNMYr_ K6dIXoK5rYbn4p3leMcsW6zO0CAzAWguLpIcZGjEh-_rmfXIuvkexbVh3x8nkPq-w nm7F9JkOx066S8b9dd-VPoo8D2vjOPQKHMIZkPR4ldL5YneNTj0NUGUL22gk0ojow 22SZ0ZRfr8BM6HJu8EjWFsPmfYOvFQE2slPT88H4xNLsHnH1Lw9z1WeNP4KZhCopd X8vrmHCfILnLpsPpDB-OvI09NdtR7wAaVxWfq5Bg7EOu0Kryo_o3pBiOq98Te10zW -FwRwgpfvpn1zG3LmTB50H6mnphPj3_7BhkvJldmi1LupEs9Rleml7zAjYSfUF1M0 SIYRiC47RxLz2FJHec3t2SgSIhOpe-W3ouN-p41BkhDj5GzBke1qsRolUwEm0tiHX 23xvCIeqa2AXY5DpNu6VRI5afKVdOWjLpQemL5DovlEgZA7Gx8E5oGwYAx0Now3cB tG_fCvVXgAhfpf47RjvCmg_2yxZyR1xWN4Tmci2JLNhZvVD8NtPFsA5fjVnhqNmb- cgOb9JXaX2Pq8Nw6yI9hHkwahkgiar9WQ4jujDXazSMVFgppc25_aTh83h6LiIN-C xkT26XBwGhPJizQTKVEn0KYPkdqRZRaY0wOSOMm6cUINwNJEQd1ibhUWkf7p70SKS f5vQUv1PlQV3mUefxTL2380WVLj8VtFykzdYwo-5LGLVx4zlA9mE8Hi_VXqFIApkn OttrBIxF_sMIfPFcxF2dZClZ_-uf9DI_A_WqgF_Kixw2c847HVMIXvwCpQZ_Yw5cs 1KsBIFeRb0Fn5ZJo4VFGDdORU_HrhTE_ahupSiP0OY9Bt3kQozxDpT8FJsLImTix7 xFSi96xhKpelTVDUBxuSWRXWdTMzY4NjswPaLn7TppPi8RsGa4_4W7wtmi-PucYQn qCfge3wonKgQrUU-vrlIYvUV2VO01y04Wqet_BZ-a1QVr7lD8HBFUWlcnO3vyE1Xh 8gsjbnrZN0z3Na2kwxPB9pH_u-qvCPU58XCF1rf_cGOboRupZBjsxQMXRmaSXflUd cuQWx_QFHF_wObuXq0S9CaFLFAy82_Vqel2I7gnl2C4RCs9uJK7Gfs1S3JMFTCRZl WwV-_wRDMp-GDALFx3pJzw1kBdWkOQ4-JhUAQuouSK9Z_gyy4BkTgAq3pV4Cwhdc0 RP4r-_d7pMV3brE0UjWCN6A3VbYt00b8vOpdLuoig8lZL2Gt7BkXxRdIKtCzxalv8 4aNryHy6z4PKD2QakNOZLLPBHX_a7riAo-AKj5tHGjDGi-tj681yslzrc7P87Gqfw ircH-ru1dyIq-Tba81nN1c1CTAMBtyCWGavELn9eMvkM6pjVSxmA88WHomTVeiQO1 B0OwSgJ9wJFawaMtmdiEsl6i8XXgGWVP7qeniieyvx9qDv5x97dbfjmAiIGQAOMw2 EwxFeuyxJgZ7c3PpJFVcc-CR7semTmQj3H-zSFb38oc8AtCtp9QeMIyUpj-AuSspV WWOwFtj6b0d4YOxYuw05RYVWpW6kkO-YHv8ZYH9MU9Ub4p1FciRnsyBK6MeHb5GSn d37SY2A6YVt2-XYVAHP9H06usKOUVtMKkJo7davd2G633FfpEezxcbO-UCshoUDZK anUoLbWBGGLAzLP_9Sf2R5j2ncicSpSEc8LgzXCBQ6ADsMZPgNT7xKDw_IBDRATth pGy2-yueYHmemstat22qAEO4GKX9UpslFM7uDoxspO_JNmSi3SZ-SrNTINnil29PM qE5Mk0_rT6mk4rc6AnSL-KUbqC0MrWqzrfHaRrSQs_Sm69WgPQkc3gFmiXubFnKag l7Em4z9QNYx08GHRSZC8N5BbyuwMO_4UoT-yJtuTKbSkn3nBzfyxYO40NkcnIfUdl 0DbSruRV6tgwihaGHRqeQRYXOJ0GqRNIHgYbHwXaBis3dp0zrZgQlSPlbdPfcq73M USZH_5sq_PaiwXLErpElrbSY_Xu8gW1TsV2xTO5lJuSV96zZMbYt7R2CVCgLcRt-b -jOo03MnjZVD0sy4O5m7Hgw0Kmv3F-TbmtNrjp5CeK97lDqP8tXh_OJTIErMrvv6a BJL5pa4G-eL9R10zLUCM7ojYVo2w4LRvTHa8b1gpmODzAvyenY9JNrMu8rtxx_1eN Ai1HpXJ2R378lJZB8wYRdCbA4VasdVfpSC80Y6ika6_BIjadWuqnhDxmClWkuzIuE 5kfbHfl_qhBxT-JPH9KEzXuDDZFBylDD5scYl5R21_x5ABDAFTo6M_gMYWy3V9ZlY RNzXw2CfKa4nY7RTE9QwTX1KJt2gDObRQT6_vUjWEerGL7otsIIsYVnlBvYSndRT_ lilV59MVJnjvhwtDs7tEufuUg_HWFaBoioRppZ0H1Ie-1lj4BP5c-AswcY66jIOOk jInALMJVykoc4rrNeRmrBvqx-XmHWBSs4eKEOQh2IkkgisYTLoKBtI9CEkFAl1bL4 AAzpAS2CLbmyK6rYBiiE7ilViHgXa9qrpmD2Ue4BNakhoQxiF5gs2SFlpT0X53QJg lQ_w-wujTYllOCt6nSon9poAvHPwyQNl9zS8qnmA_tti3SKyjQIb3j6Hpqf5MG2Pp OOKzkjrDdUNPdUsCbXeIRuciUtQ-WOXD5WegLwZXJNxIR0LKg4oal1qUzWv82MesS uDjf3TYQq1Bons6_i7Vaa93s1frlRg1u4_fRTxB_Wl2dSORCqnnZm_lI7x2Mqe6xo 9Ea0QS2CnlCluAaCsViH5QFt_uhPwhNtRfzS88sa7uGzoTBYmebs1l7Dp1UrBRJek VjxmGedQwm4FK98fTCid39qIAoMlYmSYmK1ALOCUk94BsQpBfDLz8RrdPJNehuwFc zLROX0HexRwAJOTnXwUUfiS9TrNDBeeNcRSPTZqwqCb0BGbDj56-teFdgkTUVyadf r_4s-XgRX6P6IocBz6eHPJR25P_E7aZ9BeZTQda0rc7PZM7ZZkex38UK7WIz-iCSl 98_QmT-Apcy2NxvykHdj7vOfJYdcYl1sI7OJFyhla36Fqt4QN01bcakb4Zj6AGG-0 7WXRbR3Woc39XItgJKjlYhYGRjF0QKQAsEOPFhAgd9XjoRnBtLwZN6ssMsjNJkJaT ya8wVLTRp_jfMZ2XU4bmlz5qzuvS5BcNlsn-UWqCH9iR_cD_JtMBd6FZT3oU5r56J 6aqKoDek7MbJoERbWlg5oYlpE90mT6xiE06ySaHuDKDi6iALBhgZHec_Qx-0Fu2L_ jag2efOiYLsRA7qhNTvaLfAqWBalxXLFivqW5pxQapDtIMEXIZft67g2F5HMR2L8D uCyMzcMb3owehTnGHnyOvboMTRkhJQYwBwzG9NaWQZ-VQGUNjgVR0c6aMUxIU198q 4zjCYb1svsRs_vqoNM9FrKQXGxeVcfugHziU-Bexxq7qAlihiJIa7K6CA2CAsPDSY EYN-yVx0bJKP6w1aGrG2HMdXKsN_peb2_UObtttuV0RcKktGrDZl7mWMdbrD2si3q PqQRluuKjtzSShuFP6Wd8glJZtmvUbkWlzsiPcyZtZ_DpCjA65SITWdGkWG_IQM_u XELnj5kUsEif26o7klGKkYiWqHnqxX9ULAGvw18Q1AQY1Pzxi9VfEVzah6pZ0ZjfL ZIrh4rCSA-Ay3vYS5j2OWSjJ5769lj5JUJioV7Kp_AtZ6JEwKiQqzx2ZpZGHML13u O_4HRq3KyOvwJMLIiHP0-sm_JbaHWRB8jM-5cmYYnGI36vIZtWP22WLICSTIuZXQN 6jqAfPtx7j1G_jYCLz0oHTDjSE_MCcQ1AsEVmvNGIe8adi-MwXgYMwogHucBrOFy4 Edqn_7rxZCZT7z8E_rckUZR0KgvypS8tnD0q5XsHd8lyhc-7aG3wJUNlwAbwAxE4v CAXRDRH8Kns8SWGvC2i4eRlKlb6u1Kzeqnrr5rK5lWT8byVUx-qzGujAY4ZrQI9f0 UFsV9FloNuVwmFZyRkv7jIuQLlpL41o0wurTpVaLE0uQPjWPcoB3tMTtp8oZykv4z z8MLdqjoMBvLY2Z0qQUSIotSMaACOlbyAdvTGXytqB4tNpdU3qoSiaaPWWTJqTdbo CTzhXoJKa5ROfBRC6HZyD1t-QQ5UdkSrMO1iUq5RBUQ46AfOa1TI3kSkXpjHpUPxg 26pnlXHgD8eW2JzjhM8iB9G-UzlCHOYlR8hpp7rpYqkXju2qXLEMRTf2_jTwxYKiR 30ofB39QXNiFyIEKXeiC1T947TZvM1HT64bsCVOWnibqVn0wozrBGf3aVeYKx4I4x 8N2ugk8Tf-2gx5V-izGkaLROvrN60Q4Tehjzzaf7FCRDYairluWdiAwfC4oTlzfuR M0nTxG7pUaFm8bweGQx-NX8ET4mOWeKIErEGI4Rx-LY8eLsmq9PJ3TGtFDT-qpwhM lVLldk1gz7IPl7lRmPTDk8Djf52KdoBgJa_XugaFPphOvFnoKAi4ka6Z0PJDEEdIS 76lfJDELEDhwXqR9UREidgIpjhv8q0XS_gM_-bAvP5tEGWawOKWqVaiZDQ80yj_k0 6R0r0SrPFoHanrxDbTKnP5R3ApgHud-v_ChojqJ3qTe88-EUFAl9QBtX5AfRtPmOb -wMDo1bc81tIks88a7vQEyz6DUqXdjZoQiXzCrcI8ZNBVRQhd4UAIHGGsek34gxND fbYTNJO_UjDgvLTTZPHZsUBce5V7sIQ0rDDn8VkJrgdbR2gJDKzydQZE4vLPDfinN Naiirn7bKbNOdDEJvtkTstYSr98c-nf0GpU8Ii8G6ydZlhkPsfGz6xMNaBndXN2yv dQtbgPG4SU5JTPYfSKzpysrB1FSRHZkNZhYr2ynTQ1Gz0uETqAsqA_CkuUsUQYJ1V FHsYT_FSUUAvX6_Ydblh5AqQSpG0XPq5JROnAUM9IBBitrZPPdPlmfMyURJaCyCPb 7JFhhmx79YQPJx5UW0LxtHjkIhEUyiiAhgEDUbPQL4Q9WtOleXr61_QVoexTBu_sz bC2EqJMpRIDnv1cXjbxYpBH_huVKxNeyQWUEqc32WkCwxiKdGBMcQxBD4RVc8JbtY ns_clO1yBdWprIKHtaTnovoFt2cZSzfFc8a5nk3GtkofYPsqu8GzfJ-3J9PcSA8H- Wa1FV44Z4YHxH-thMcNYN4v7TR5rdLp9DH3vGZglpYL9GUyRbBzIxN3MLchTQwQz- bU45Ff3WmGs0AuUz3022Z0miUXcrseRgIAQQW4iCWpwVO0X_gABV-XUib2vN07rXy fKXQC0VMrBdw_Kt4r5WIZYk28FqtlVn-KObM99oYa51rO-5nXM727aPWgMb1M5UN7 ozZkD-2naysFjhR-lTdEkSH30jusqJ0nusThUxUHDuoQET58yTEevifs3OyuKKn4I bbDga3wUIfqk8KKjvAeSwAmbOXuN-XImRpiVo-pXgaTKrt1bDrqnMQkIySiNJruv5 STP8fa6pYwEbtTmc8rBU4FNTDN0CYtO7098p5lf8_SvrK1_W2C9k_75HN6i4oiL67 DWSmYJ4kKBKmGp8TRLWXLfU2HXm6LIjc2t4U31TDDVmnZtYL6W5TjycOUcMpZRryW 2IUaaKmaaEWroprB6iZ91FCiVwRhkUnoYfXC65pUNK9OAVKeqBlSC_M_rfPIv_CE- qchY4PdQIiBMmIs8REpRPLP0qv_tQAHkBZOWb6EdVU_-GzSgN6IirXEspWqhwlDaz xhjaxJmTFIe4WQAZSGM4o9TLhPMvwJbrXtIC5_yJXZsqOl1_32AMzO-gKIBAuPaG1 AVCuI37L_xE_F6aakPdvofE5kHLDXrKfxrjq6MLAmwdzDU44Wr-T8SH-1oiVaZc_m fTh8df0--8L_isk6VnKNUrwEUxZR7nP5C6nn-4okkzTO67TO-pAL1T7_-tRkeg9jw EMI2O0tUk-7ZkPKiR6iw8tttNxex6zabcmAdQ4JlilOa5PIjT-riRZeRrBYoCojMR loztNkP208QXxqAA5Ik4BInMC8_ToIHacOhLqOnsc77MtlvVUtcW9YKyQljpSK0kj 4jZH__qWsYEvAd1tExTAbt5PzcPeGIREAcSAa2jBoyea3BTALgcx5q1NXGTQHOpap VwXhVf7LfvaLauZjQoKjkQV9ji-M9M9UGIogFxBqKzhRUSkCC2N-3GlzTTE-b-0NS JIPfm7dxiP49X__t1rKsSjeP3VqSzD41EWB6nO7UZyFTDF06pxa4jWs9hZSrSIYXw XhhkoCxEDfd7dJ7_Pq6NXs-fJ9ZHfr_MPocK5fB8GixJHGXiaW_reAHZ9mV_czhhR DO0th-P1MGalpJWBKNwgr0iiPTCu_49yn61_sjsYSkTH-uLiVhimJ07RdcJlJ0CYd h9h7CypheHmOt_Pmpix8fKvjI-7jjesFMu2wRe0NBEP1lSL7GDFAzUyvRZNGjadgW DHlUdOOv4s1cyjL6mUjKyRRIo9juxRLXbfd-asy9HwhNTDTgP1U6Svc4u4lKB9fOT TfDR4oiKMePdhzX36e9ARZSxLZfbulH9eqOaCvJhdBLwpnHvPPpFateczMaAldQp6 LEd1OL__HtsZOwUJ9cJ1_McEVKgOIgXjFHoaN8Q9kD6jS8VS1SCF9BlBwqXYCdWyQ mi2GB3WSd67SYVJukbc3cSve8mKPZNoDrTIJb9OGnWhPDdOVOez3dEl8b_tx6ZtQl GWXUPzdNsRgsOLk2zSMAOP6CW7fMl3rhIGfmSb_IC4jWEtMoLBF-yz9EkSoQS-6NA Ju6DtLCRJgrOsFsSYKqNPvgbuAQtVXKxp_e7IGs3INBK4zFGw2fmgnE7hF1AZ4_0r -5oypFQ3AeuW65vM5HiFhZapiGYjsJJuQLyRDeK2Mk_Tuj433r9ZpW7tw-an5BAfl 36bBVZkVbNmzyQOLIxzyQfVvprWaTONyK8LkBe9gpShDU5PhcNBp8jaFCgeS_lydB 5wYtXb48HA517Hw6uojS_sqm1gRudbZx__KFeP56ZE_M8POJvrkpdVWQAkjOcngJo synyMyrIfbXzFMrfgwBQiEauklDBBsDFn9r5oYf55uYAPRt7TkP_kR8Ddl7iFd9-D veb9v4011ntpDd0K_3zhHRc7FgArX_GFkeGEW5isY-yL7CYd7qCE1OFsMYEsSBZMC EFXnalk9b837DcO-NJlAQirkWLHkm9Alqg76Tav2zLbbdxckKR97cs3q81EFrJyaE K-fFAJ5F_bA1jWw6ED9-phfYE5wuOJge6M4YWOhlk3I2VHzT1nvBNBnSxVAqbXmDF ZMFVe0_wpzTzSgCVuXoLho7uZQO7zgGIIiUZb3w_HyT5UoW5FSPdEQc7z7OVPSC3C hIXlWInSPdgPasSaVrTz8pWfG28jd5zoyeUUdZsFzxN857L1bMlxB8mZqeB14Kf9l BeNrqb_1MeRRPfybBb12CfH_7-K9gFtqnLkPDm7s_jyu9i9_Vir4fPIe8hOGFWRNz XpsWCLiYCWs9nlRmPC9Nm21tRhu5MlN61i20sIIyhE1Xc-1bxfFGiH9AG9ULTY5O1 qyrWF-PB1yaf7g7NdzweiR8l82bIezYdwsAwmyGSByFCHvIsCunvQCtxLxiHiiTxR FtqDteCSPwgOeOGhc-SSD6-LE9VJy3xAE7ppSJbiq9O5q9NbwLzUCTyZeCHh7oW5T GlgYdo_AC7-VmVUpndaZDcKTe2Esz0zz92hH1M0vUgSbH7kImQer0NTubYRRaKPMy L11wYDsfJo5Ma-Bq7PQA4MrkY4J0Ous5pnYdbsky3s2mFKUErFc0ZutXRQtFmRtjJ Y_AQmg4ONjFBwdALn5g1Ch_EeN9NhSmSn1sYPqvZ8o6OD0tgrMYUqIbXie7SbcuD6 zIoiBP4o5zuBt3EnlwI5eCqiC00LXL-pGWrHXPiCzqa025claVilvPMzXAdbb56n9 XpFlYK401TUbjbvdf_tE3LUltBi8M-X4w1PauCcegaXzmO51Di9eTeywYjShewbrb pTCC4snO3KMfUmnXUdYp71z6y4TXiGqt-4zuvzvPXZ7iktUpPYG09Y0ZUeLpTLW7g oDtp4bTfFKV8vog-gPd20siVbNJVKyh1fSVih3XGF2Zul0IGL1BERRUpwSGCQlZun hjPCqRr6qWAaBk_ayMfSRvVPOLOotdaRpmtxY1dXs3bXcASD-2jzgPK8BvFm19djT w-Bz7pwCA4vYpeSfMhuLkA6zFxySCXctwESDrWvbffhIwxBVPCq5eDfBPOmSCfsv9 yVYw-YAppVx4-wI7PXjt9edXbJnTYErp04TwzwUE2o0As-xAyDnhBs7hx1U6TdFou dN9Zbn5FfSSiMaUfapcqFei4NwvTktGSHqx7VZz5VpsEEd2_HsOcsph4mNfl0jrNT sbMaofu590rIxujafcqwec8OWwcjUq8mkgjGcC0YjQM1otwye7W8nzbuDj7JStxd8 6l9Bm5SVy-PXjMVJgYl0yeH5rTzU5Y-cg4v02lZIFSZfydQo-Zk0raTTMijZfu6NS ExQbMNgVEz2v5DXVlvseG-1BG3eu_wnj5yKuJSzp8eKxUGEi8-Qq_KKfhSTwGSCtN LrPkXwCTtGV43nONFmyqKn24jsH96EkwKAytMx-btXHBUMB-6BmF1J9vWugryow7J aT_9Hz_zwXQFq0jvG9oPnFiqerB3wBVBPCi0Vc89dAmV15nQr5XHMrpCPM5PZrvfZ d69jShOv_E5ZQ34DR4pdxoDZZSO66XflwzFKLGJTAwXU8tHUrD4JPVG7yFGc10JAP uTQ1dBOYvDsb09YdPe6H5C1veOmKkl1Ken1xRYz_NgnfcMgLmcVQuUfOS7-tz3Rky mDPlduj1YIO-xzXbT49vFjbSkgzitL8NN0sjwPcOOsT3K4dT7X1HJ5VGdujMN8xVn 9TbqQDCKjcOSJdf9y5QrV1SeHCFZKz5Yhx0_Kv3eprViN__X2gqx5epLRAWByZtOf F0Icxqn3soD-aFlwcwgXDn2-cm-S7YIoQIrihcdDL4DbXCl8j0kcOtEmNCfJ7uKe2 kJsqGrWgzxk0mIwAwfH-agZ-SCxyxHjmrGBIeLnaMuUGpfMoqn_PeFT8N-SLrOEi_ hDHjZWJwNmrKfohCJqNPzuXq0y2jn73gho9IYJUvr1xNnQM1mk27GUcSCW_RnOvho YXxKROokXi7laR9XSX1Z81VPHfym_ySsi238i5scTZEd4mVNDyZUm6zxLBfgDchM3 j84KBDI1WEHjPn73GFLkX2wSvCWVcLwjbXBT8aka_t53Xy2acJVVWyXn3AKvGHZYU fO2sRulTERJxdd0q1RktgC8759ZL0UrMjST7CCb0LpIWZ6AX1yXMa_UEWpbliGAwG 9gdywLgCA2cA7UxIp1aqQcxOCD4-4ifIJegFQG2mdJi1MYJ6HafC2Yju_aAtmoKHr ZBMt8NvQfty7iAUTGZinMrK7agiETbCv3HNPoE945rP5UtXUYw3QS_8vQhnJ7f2NG PoQC-keyU7jzEPN9tME13veKJlFIOnBqHa5xgifO32qknHn7zkxMQeNHTtuA6Zxhr 7x3hRBbBwSj3xPeZj6ZaJ9G8vmG-Dc-0KwWf47LL0evu31frhTsaq88VVMNje-eiM PkhnvX8C1kq-YRP0bZCop4YoHvZ5R2OEqAm5bqWEyG3CZUtZxny5lqba72123HYfK XNrFgLk9jf-5Ov4XQNyRhB16nVAb-eO6AHpFS_KUL2Ubsj9ejvDOglhzWFhEPEbGm rC3p3ei7l9jLkiZJmHNIACdBfypqt8n_y78nGrrY3olqvoDNoA36rjAQi60Lhk7Tt SJemoy6brefVFkTACs0Fcnx7fonx7X5_DBEDVtVsbyAXPapLT51vsQDtmsdn_m79X DOsOfz3IThYiP7-qpCOKIKLWF1q5NboI0Jwlf0ULaz28W09GLXUcQSgeBIYFv2-yo aM4k5XCzVoslqwbz2LVZVIkAZ5XU1xEmzG5ImgH3j1OtcnRbnrU3V5A-I-eg2TQC4 z0G-QS0ho_DNm64opbHXJOgGtThTqJafp5iAK2wXGM6YW3NYFdS9Zfb0u8H85IPEx H9qCwolepRvH3PfkTv5DzHMIPKyXuG63yQebVvPhOeiaJTj0pFJKvmW3sx3JyX__c z6eWvYNc6GcpWELigVvtOzUXvk9JrUbo8exiR-_-azO48UGdlhFfxi7K5L6WjFURN nb-v-gCRnICxaeHy4Ozm2_0-HGYQ2d_aYrdyEodoSSsfxkZY2V9hPMBtlhTCI7B-7 V4nnaDlpnm3sH9hB95Q2HfzUMeE0LaUXv5V7LEh0v5K2yGXpQ620RPTMgLOseM-wF 6Hv9MKxwhDYil-T5hAfQRE1NvtJmgajOz_JysakreWU9fuz0je39GZ9A5OwmXvW6E _qywmBtAsiIX0MVnpO3Fylueeim0WopXGCEOcKfKTxuK8Gi0RG3SEPRAkZSxRf3mC TbGPh4WO7dGkUdztt_t9z0XDWlPkjFhjbJqTznHtlpp8JrOkPaxsf6AM_CP84Uk5G CeTnmLBc3LG8MxiOYJq8WOgQiDM6lnV3tZ3Ie4WPimIa7CTaucv2EvwLNAp1V87p0 yJUR4StGNgaDgo1ZQTxVb_I6eqZytTlE6fAc7PL4rUJaCsDC9ACBGP_ehu99GXYXE TC26jgAgPXQ122mJKuk5EQupkuj13HqIAZiz-jIEFugV1kabRAR9JQwPKx7jXSIoG 5QxDRF1JP8cE40hKAB_9_9sGl-Huk6j2SpE6rbTt27yf6cftElSBo73ObP6OdTNXd QhGfSEQ68ilJnI9oGoHlgTH-jwkotX9WjhslOxNHvqtuFgciO_05ZSJwYATkWmMWP zzyfoE9UlFAGGpS2se0GD65NH5ojIL0i-VRbUJlA_UK4d2UwbJSh6kcyHzUg_uCF2 4cSFDLW3kjYX6HFukBknbiZ7tOVIqbdNE08gqhFB4pvd3ri4492Yg6yFlApL2zvtA -JtEnW3WUpmSXt_C1Z7ZS4Rxy2GEXy00kXmaVVwPHsaIQCSg8WRgEedUw1MGRf_Q6 OrJWcFIKtFP630y7XIEh3oC94kxZ7q1rKqgqJfYnTQIfFTz5s7bNDYmusJBVkrNuC i6Bf3IBrAZ1M9gDIrXW_hDTWT-ywqzMEyjncWboWQJ-RR5i5Q5ZyQJykB_-Fx5Qsq AMeS31axC3uyFeLUos0065485Vhz9fe7eUtMLPF3Gc3NuCSCLYu7-LIZixxDUTYGr 5HV25jh_zqd_qutJLl258IeW3JDWfKACr9buTDtwklf3lEhsK8BEVH42zS3TVLqZs Bn1KBtOkiX5xTzcdSEyUgeBlctpojr8_QS8DHacT7jHKPifivYeUo3A959JmoHX2y tux7lemSNt1o_kEnDZ_ptwMndGB_1TW6hmaWSvvgC4yLvtOSpzn-zpWnmjzTFcMI- 3VAEB-NsfZsdzbGEcKMGhDDL_TIQ_PBFrKO9JeJ28IAIKgIDbb-TGlVa00GxqUgSl C8OjPLTjJyj-l7A8OoVyEj89abmgqTV1mEXu-NiN7qRfJh9bw4gO1RbAhKiJZ-idC nonf87WlI4RRwpM0zMg2aRJEffPJBHU7sXHF5082Ta3pwyO4s6w343xSushzrobdA xaRdKBbeTczFs5Yn-eHQ_6ifefklRWKVhTOAqWI7gUB4QE227-n2xk7CE-lSG3_o6 oDUQYQI6dh41e59R9yLO-g-z-Cc4KgHpvk_Y3pi5Ziq-iY0R9z1BrjgdYJcfzR5GF _M8wSEiuvy685Wrklan3cRikLw70UA7N8vps5jN2TOjAbES_RsfNXuJSA9D0S02b1 5KjuT54QmDgXu9VX2l1Wyw2Z24QJLI16gAxXwe1bMNRWV3172Z4vRMtEFzmYW72ti HQHpG3d-GdKKHvw-O2xOj-ApTc1Rp46nJ1WvSl5gldj38-nOgp30BG3s4B2-WjSe9 5PnOl1XfOI_MiJDW5qGledABxDkuXEgjt8bDjyE9dwNUzasurjJ-k8t52RKjxzr4M DfMiDX9PGE8JTjZGB-8NNVVwOtf_oC6Na8lYAk2iVO__g1viLOi_Y5hj3bpE89MQr NBsYnWpRs_BirXeM4kUXGNWjOM8oq0RkhMm_Z6mULdU4shlv0XGe-1C1nY0EVjcNh IZW-fJtJ4uTviBq3EtbTnO0cX1urow967UiZUd9l7RQHq8HrSUUsgcFaqZz5bLddC JWvu4tBapdBzRJVye8aRZPGCyBBbZ1rHrQ9e30W5LxFOCRqxe4Wve4rDFWQD06Zky L0DHsPAZUIsepV44Bty6IOdZ6eliqRVMFvXmyrFyE7NVeu9A0DEyTqIHKh3_rJqkb -slbjj4QLFt2SJjrQyg0uiPK2TWmR3_GEQX97kaqjBP-qVbz67vF5Ja6027QliDzJ fPbRYyrQyWLCsXtH7Ntdzm2-5SRRi2k9taHaUW1TF5Z8a-TFaEAtortB6XrwQcmGU _lBwn4pvHiQ8c2hIa9Vr0B75iDVSf4de7bvlq0wfzEiBr5xWeBYFvnQh8JsskiGgN 0KKTJofSTu-F8djsvIKUTGf-jQiVgK8fUQa_ROFltqeFo24mcjhs4PD7yWNP_JZ7x tZCo03O_ZncaYvx3mcGLXWKIElRG4lpqLtIKqTkhFbJIQIyVUPQPM3gWT-qsvySFU 5MZ_ZoTHAGyNtU0HVoEjEEalYGS1pevs4OlyuSw7-Qgnpjv6DjH2_ttVTckhJC1GV KY7x3_gBzbEYwtCBW7K6n8dKidZsl6W-Bc1tZ-5TRu_75PvLpmN3JTEN6XIrZNnly Pl-tRvit8qVC3TCVaqtdmKcefvLuHo5PAVhNFvS6urIyG2mb40qBjmsQMYba8e4xA EMUIMeXJw5fvWuobalaG3L5IMGvG5Bocr3x3WkyV9JYU4s3-Os7wt-Lo-nxQlWGQd aAM6LVJ3McJS2DN3D3e_9xU_-HFDqBzxbCzfA_4S7GmM321Tgrxe_G2-kSgBVgyuK jhC80rceTWTv8RkKyfr6X2k1sYffDwZ1W37NtJcx9q3LPwaMHabceX6Vk64IwS_GV TPtE1Rbd3dJNdXNGdUmxVM0yXRGjFXxQgEcEk2_rzIJ6XybOAlUxWRKQ3olvwb8hs n_Q_BIgi_NlEnnRR7BlVBG7kEBseztNgmDKPxAiDAjSKyb0agQilcLMNZ4uPXzv8o dx3qrx6nwE6MglwnIknBYIQOYu8lUTEBP3TbunzxjpO426QZUv2PZHH0VLmh-ysI2 rKHHccf-n1NgvJRg1sYTdNj0WmSt1H5PzhCryzUUux5dQ0TJK_5TcpBsozmhlF_dT tk_XLsdLd29kwcAPMxyVGo8VZBP0S3kjFOemt9dFWsU4Cd8wQSWd1DkaIpHfKQSGQ gEBg9bdkMvtLwK-ZTkdwGrP58T7DQ6nHg1VWiJS8GJfspilVM_bVsnQHKmG9ka03C Yh5tqBuISAnHkixqF9RdOFmohrYYHL6bvhke4T5HysnDp87jzKWdyHmO8p9jWk5K4 GLqZp9BADFDi5qUTpbgbZMZXZkZeByLN7YKCTzQl0vcdws8oZUTK2MvfuvblIHYmh ha_pFRnBKUlC5jZyDUA_QS-NrahbiNM6S-kPCQvI0FmWX4bdKkKrBZukjUC8UeehW uO1PTpcZT3iZlC23DvJMhc92n3s42uSsUohbcdK4A0rIUPHVFalSnF22v6eU67bW3 AL2ONe-jGsC-_lYMrJ8CWjYbYWvVDr0Q0vclYuv-BAlQpO1dw6-ag1LDlf7s0PIn7 MSX4iGMDqOQQnLEK2mAiKEYQD8wkdlLankW4Y2SBiGWOLc7WEsn-3mP3U7HSbn-1g 31P3W8-7iusK-77ZVhNYnl44WK0iZlIheqmwyCG6yO4XrJr8eNaGOorYw5fnl-HTc NQRBx2UBmS-A8H1qmYQnP6IJe23KngE6MPMx8jetqIAm5z_nKyGqVQvMTMGBAA08c n9XVwLVL1aid1nFIk5Ttw6SaxWVMP4X3koTu8835rFwcZFdEc0SfsLRO9OhRadJtX g8Zso9qVu2pp0bwlwYhHVQmI_KSlKAUNKLAjRonaH4ViLOpGh0Fm7xYoPQdFNNO2y CLHw1eSwpknUkx5n9VdhKiFrflQgFa8-nvHSmxIaP35u4ZU7hdaevHIgU4t84iW0g 2yegSNEZtgI5y2PGnUk5HvKnNUJFfvIbhiXQCgsXiddU_7tk0N9Qe86_mdI8FrYRb z65aZCj1yF2k04PhXx_WBygZYreptQwhRpTjamS3hoAG731eiQ7-4Kg8ckCsvAukb 3MKT-nROhz_DD4GFHgDjxmula4jUGgjRW662-bk07n_i3YQsemumFiFryPqOvZeeD DlR0KOPQxlo4c2Ff8bagsrFIRMurzuUWLAIBrWW7jFl5N92iJ-5yauwYz_TVxkMCi DvbJmbVac-LRVoQ-hpBl5vZFRagrzj6MwdTmKrCj6jojk8QnSGJFwNHQNjpCQT6JT VTETCGhIbQ2aM5sAEna4tITR92mxvhNhjbjnMEkbYkZlRenOURU930dUDzVPh4q4A 2-TgGuOoq3Cr-h8bHRJjnsHE2X2DspRPoAggqvJDrnN67hDTc192u4DYsKTFNUKdr 6T8FoV59jigh7IcGnguKek-Qpy9gBaTto98bumgeriLnPeDXwg1ptGuQm6OYHQoyD zWsHPwxt0or2c3UDZFzCgapXMgFhiQLkptg4ip81OpdyMNPnfNMMLhmbaP2ilV7r2 bHfRtrYSm9KoKgLtNKcf1JLxL6gvJVjlr043rjIgqQ_5RT3MNkqxMtTpBdHdmnRJX Fg_zS-u6UcSr-bfMsUMhTt04a8JHEEjTEtyKs5yiCzcyNrQwpSNfaiQESZVj9vLxf jBXNrg9fQxI3yWjFoJCcCMnJAV-6goLUOAwrOyq2IWJBdAlaxuuRKUlS4NWbYchNz 7S8wXYHaZKIJPV8r3l6LyrnJwQWVy5cT1yGAQPzQqguDKdwg8EChFzf00MtsshGDt 1US53lVHPUCJSpzv_3k5fsWSCrX53JIh0RyOJUIDa0EWiOqNaAe9-yRqrFJb81nbZ 8FCIGHLZviRD1mmckPhfwnGiIquHv1ebseXMiOcBm4AaRzUfbBvve1zqV4_Q9KiRi BkeAMuXqFGPwpqIs3oyQEiYgrjxeYMav2zTfEUcABXGZCoGCF_EGYCmeSSLLdSKj5 O0qjrHeQN6LQOKZpqRLFIhCp4T0DWjh2x2WDCt3Swc3ES64ntlcVAJ0lwTmbtAvaA JGmzzvI_APdP6n4GuwIB84GE4zFXpinlFW8qFyhMIiHk9h_0Fb3sYGy5E7EBtaOOG M9Ta42PuzkkigR1kgHTq6V2qRg9M3Q3s8dmO72vttRq9KyS7C0BoqtvsSXH8NMLKX H0Tcre-tZX_W3rfUEJ8sBt8t794qOQpy3VlJU1AEwJbkckbaIS4FLs_5qU4J78Hxm 4b94K0ve6lp74mflvzOx1QXNIAzlbRfL2S0fXR9rM05NiqeP-ylknsfyI07lpINJw PO9jKYfQa5po5-TXxl0zK1_ubOXRgUtGjKV9PHgLBlLaQZNTb9c9VMm75RU8Plm97 MEvQG-AU5aOPt4CevtsZuP6LuQiV7WhO-4SPVeIpoeWhjtA2aEicmCv4A1mQssKyH jijV0rb3QUe_tpNFGYD_9BAGT8g3cshRy4w-0UsxPMlfnf5VoucRi29dQl2TnsSA2 yuYoR8FJvyV8qQzmTJVTQ8jWGhpFoO8xYEudlFXNFgLj3HutfbPh45d_WDiuOwowu qi5Czuv9lU5e_u0Cw0W2tV_b3LCwoushETeteBQspeKuX_ovNk2VPgpsmy9t0rl6P 3T7SbpZHVK5hNUn4wQ-Jyy1GcSoDH0df54rY9ljuQWgEvSzl4tFujuuGZKyuMrNvD joJ0MVhbdyBU10fSbUNNGBxNSioiBxGRVuuIqRWTMoUcT4wvVghQ_UREEZqK-0CvV UAvYpZ_8IWAAY9dgvvdHKx3KaQ1C_plT2mvYnLRlE98ABDKKUW1MfU5qO2UYqxelX UGKjFetjP-WGDWT9_RpPpOMnmEuxLN0wHkrWCTi1BWaKKI_8FaRo4BfdYCuToGer8 P937YOhdRZ08WT_NDAT-xsr4SSfDfz25MDFm1KlHsehwIHiE7DxwN_kWxnVPYDbDJ swj3blhRFuV6eWS5IaNAvpJ7vc9a41De-rPkDKoe72VbhvpV3uqVy4-1wB4BvlL1o usEaA_oIOvFJeufoBAMTDxmsyl_K8Miw2s9oSW2nIvQoa8SiATtSfDAmJuthhhYVJ SY_lmn1Ps6ZpkcffJvFQui-NUyskyxJZmWy5hiYBOtNLuij_dO9lqMSo5iTfAwhYe uNA_tk1nLJdmATfPRM6s3Uvv5kEC7HKS7NdxiEnUwQu7cH4lAS6lDUS0ZY9YCvo8r xOOFa-lhkRF_92mZ0sSler9uCwFHcYHz6Tyz2Lt12EZjC3N5HnCEkzmtE1w68jVXW IHsdX1lB83nSvJn43_t6eXIMiYwYMHUeAMbgA_w-QSVjxwF4IS4lYCzYhG0Mo5Jja GUTztVoCj_93kElxFLo0AbfMHCeJox8-44OCNGZoV3hbbMgixRIy6GaAW7uA0DL6v Q_n_svyzKgxwDTuUhQMNjMXpmyvFoGrFRHTHx2aU610Gh_2s7WBKh3lvEc6F52zR6 pxoRLQ2ar7dZxYH3v68jg2G0K1UKcVHTvsaRVPmungfRN2oVap-y9hhcijS7inmV3 e56-_IdNyxr7mOwuCUlpaJIDIxQGo8InptAtXumh0bzYTtsErs7DtEUu1-cl3kvEM BZokCIVgajT0LHSwJzDvifUT48JMEduOPrQ5eMltVM7p8PjS-DGc47I6-drmJOMJA oPkIpCu0CSRTzdf0kYB4UDI1owsJ25zKY7Qm-GwzdY5aPcl0u_25QY0gi958bPPn2 IOFSUpGi-LukgdDoygibyB8ec5HH5eI2lJfxrDoq0tHHtpc6QXifq7W4ett5UOG9V S-O_vRBuuSmk0BjD6NPfphyLq5lpCt_l9Xl7dY7PjCV2HrBOVGQpn6Glrvqw0I3EZ RTfriVDcRkh-CI8Gn8Nn2_KNKPKPvp9KrMOq_BEGBZIjT5bBYW6eCNrYRgkagUrUD NJl0qGA_tsGvZmTa0UORCACMfYXY9ymaOvuyHZemXHvQMS2rkW61lJdYOLOYIC-dG tkGijZzAgLxuFfFKpDDNw3q_BfgCqoK9t-gzsFg5fncDhGaqt1EIzSjRAD9Btk9zp fq67bvLf6uhVkp5WFoo4EGLBpBl888UfobAUYRL1XAc6GV59I9OOODdJjVk_B2a5a c-pXwjNiIzpzBxOTU1yn20BIGGXn_stWqU5c7E3MzAyAggtFLcccW57_LT9u8Flub 7jnrK9Ypdier1we11dUrUNsK1gU0DeYhCQALMWcs64TrEeNaJ8OxTTGPhAAlr3Vw3 Ix-2L7HzOAhRoN50UOLGaaNbuLhjJMN-fJMPP1eu7GMlBA2lMu0XUMicU-_zIk8d4 IgoimNsBlCJzuo50Q1i5jIux8w7Ibm4mT0teWi4kX4ILA_yKoriGoz-oflmK5pRTi j7dwp8Ipr0exywex99eZHw0_sn5dQHIOJ7k_zLlBBc0PDu8rv1JdiM-ER3dkBVEyA ShKvXJVQz4c843Xx7ayUu-I4SlO7Ql85q5sN1SUqQNu84Q5o99UEgTLko-amUqnQJ R0f55bjmSbccf_izTWKqND87UUYK4511TM7dWARrtacPb-jA-nHcMdAWKrXKHN5Q5 hvlrFAZBY2DRtamRUPrQYyjpfmxzJ5djW2MsjFznr-WDdJv-8jYXu3hxpDUbtGGCR oK5s1xJC1Uq799cKgmwZ548c7xVTnnpX6S1lm8tUsB1n4h2oxvErJlToP8FeEAx2Y 8GDnmyw9orHS1spMxa0adLCiJ-BeiKOiGSJK3lqoxhQZX0NTSnwAgAad6fEcKzdyl QS3z3YALCBHAW0qqrnILR_wyoIxcjRMqfiqylInffHFwXBC_LFBU-RrpBdOmykElu zsxL8l5nOTiYCF_wCfbJ1lgVLUr4QvJtKj4abxaToP55e_OUMRf3kPK0aySvg1Ifw 0MNqnOdjGvd6c0Nl2tmGfs3DtJZTkIRT1Gu0ob_H5rCB36tmvPsYhWFFsW4KC7NsU sUFXtQvHzqoBNKWnMTlZaC6neZkk-hdr0LtYMv6UPsIQXkgpEGiIaRr3kCLwJaVtv CHIlHr2h19b4WUR8G3h94CHl_xsEpIDmVu74TNwgJAy1SOW-8dKWppf5D8IctcLaq BOwTc-arzeKyxoYtk4j2MoGF1_joWwZlvhrbeaIN3PpL6LOp445znytyq4wWjx8Zg Sk6sLw1XtM6KCPAM_TnRPQ21txZG2JD4ZUg5eF9EZmn1lQlnodqcJKztLnM9C4wbw qafqtzmvSjzyqbo-nUQQ9gzIthnZI0tjsXqLDsLbfw1SeUvz80WXGsPAtOEN9LT-B 6AqsL8Hlo4tgRdoN2aYsJvs3Kq0AojLSOMgWfqxGOrbC0nMqpJFQHZWSHksXrNxvv ftBFRXUd01OZ_oYLE4Fd-7hkAhQziraU5Tf7uA0zMK2OVAb62Diqpwlq2QCP5-IzA snf6cMTzZ_9V32RBq-1R3OUnmHm9KPdDhOkO8s-f9nB6C19wHdqIhTjgRGB5s9meV -sYcZO_VS4JsewGfMrxuttqT5tsbeLuohzukZ9ywuNupjBl8nkRyB3jOKM6hx5M6S OZcmg0NI5B8UHXRNiYhdq6YrS3fZ7lOCqTLAd4JHA9P6Z3A7DCrixT-bvigkjc5nU dqKyk-x-xXR4CF-GLCcRQ4vOwx-5IIrDSAsWC4tWh14ZiwvgZ5ShZLUoyxSyg8zJZ jLT-HFsqY0-pNRjoMJLIh-IYOIqAPp_-U_dlwJjdlC76u48Q_exDIPuJtLx8WUuuJ fONM3g6Pi8jJrgrMsNvYhYpzgsoriTO1ZEi2R7BpD2dXhJdVV2Lc_1mMMhZFAnP4E R5vbfl2Dfe8pnKzWPH-UAwfWuhOCuWYinbrfdWJxTTlE1Mxtgwg2lOSe_Y6KP7RHD kAPDJLXlbsV_5ePqAFEWLxwwQ5d_bLp06SAfEwL_aV5u12dALtmxCG0sn-o-3Y8M3 H6sDoEsP30GZfDzNWXWVvphJjMWCIRCZm9yFaxRKBzmER-3Fjd4VjVH-MCHrTILgm cSvgqnfwtnfR-aEJ4od4KWv9aOxaZN2lE00rfQrEB-fc_-MW-6IohYVqgR7mu6wr9 OUOB-RtMycQOuCGaosMn_oEPqbDX989xIoJkkrlhLFFlsp0I6E98EFV5H1xfx77DE KqZ_yCMlR5vpGPdoc_ebAJPx0TyFXGlZgWtANReSIAvTouxQoChv_cGqCkMOQCye- jji3PIENRg_U-diwRt0uA03fE0txU32TBGu_Fhb6YQIt3e7VKVCCH7tNV4rQMjkuA CpvwvmdZn_8p_dEuvHSSBUPbuBkTPVDjpY8np44yXR9eRetDQXMwRHVRgUXk2Jfm3 x2W2DCnmU-_w_jQoySmjZUvviD7jm2UzFW9yXAw7hJ6aIdiJIFVH_RHsyM1mrU_SX lbNLlPCuRKNd-9agEI2KaU8Uc1s7vlcM70NqnLJQOtR1AJEPSHDEAfHMBcaLInAHC 7QA1kbNsyR_eIdOVvQBluzs550_tp-rKIn13tXSwyrg0Bq879bZtVQ2Wiv0bXZ6Z6 5UZP49bAUNPwDxvIbf7cEWPQ0j30XxDKh8q_OhGczJ8dA42c1pqbuA4lM47yoU1Db T8LbG0rvK9vVPS23WnspZWUs9Gv9W-x4TPb3yYBJmThlXfLO0pkHPjo3_PIR3QIBA rlQmClhFfBSIaRsJ--ETe4AAhsG9puXZgURyKAhGN-15psBQcoQ7n1Hg2CC2rVJ7b -EOUm7cDeUIgdQzUa6ryfkj3BX06VqlH-4No_zvLtW-GqIqyjvq41CyfephLZvUwu ovH4Ucm4xXJzKNBJrzPIlji-GC7yWQ-JAyPUCBFDpEv32gF_GBS92pum4mr4RSbxR xDtrvS_AzxPJ3E6_H_YQriXcUGuTYCmNN9yZqNk0sw4reb7qfRY0GaY5Q-qm5aL_w UA9mhZ_J5KSjAHB7iXR6Xn5bjGTfgceO45lkoU9CgDyFdZTivPT4LzVmqMTzsJles tV7R7JVPfCwncmbD1gdPBcbwJusld_WuY7wbnzNHnbTOZVrQCKS3XuqSSM1fiDv4p YOWpuKDtUatlK8YDXbnP2NV--n7sNjIlmnAoyJTLO46_6se9FpDRoh1PW1xpGoaY4 Ys4tCiOlL5ZnDsFrHa4evq2QsTWD_7ya_qUZJNTqLY73tQ-_E173LoxsqXxXE2wz- E220mTxU0Sv6LBkZO1YaP8ux7GKZvhHryICyG1sGQdHhE8FaRhTHYbu2E67YlhLw_ iF15_lsbBaN-qRlRma2VBonfUeDrRBLGFb0oNNHP8__u00tURoVmNT5T3T2CAfOFL t2MJ6leM9zcOEe1jCn3TMhONolsom15Yu1iWsX0g97nA1mPQR__Ff3bkUwh7ALCH_ QK9SaUeTaJEzXfT6ToHsTZINeWb93EOXO5mWapm-gpsRovTMsRY26cLTd1oIxknnA QOCWvqn2ErW-pgA7b39Lkvfk5zkI2AlSkqWNPbeYLJhF03bH-84-tdhKK8zMg8rON 4HJde-wKoTm3xNULOvvPeeHvAAuBwjU6pB2UIuKY6gCrWTv7y5i3v-ukk1CUf-E3N I6W-IIbLVpe3SSrNE7Ud3ve7jIpVWQjWlzqhZ-t5ZRQZlTNdkn81q812pZfNc0wFS hbYE0S-2ZIqVBaJ0LEkbctG-g9-JYrCE-fZC0C4WYyMUHT1O2UOepoW01-JvQ9NIA ZgluX31k2sIf8WoA6aNvYg8mY8BvM9HVPmDoTNI7lwnw7pepvcS6bl33zCXCj6wGJ tQMWz02wgQ7omwBBRHN9fPXGPCN-0PU7k7H-JcwqxruwGPRc8QM3ZWRKtJvC_615K oKZmBVPORIbEc0JXndGqJLHUOhixaHMA68TPbofActIEHBz_42J6SwZ4I7ex5dcOO SSMrqxhZ1KBUErb4FIDmgZhqgyYvK_AHKcI0ztJhIJ_CwkNBS2eI76rSrS8OHfLH2 qw4SotomEivSFLKLSZI8lqgyqJwt3DcazL6nMJVPmnWquuz1u_b9e_72H5vPypCsu -If3S_LK11h-23b7VqQzV8WiPnXJkyA2JNVwCP_f58qXTiPW9lia4Y-oTe74thHp7 7Q11j64RTwzfxm8TRnb5p2caD7b1QQVUCcipV1kwSupiqmFAq2DPqx8QqJJGG3r8U 1y-72yoH53mmV8ZdGhUhQ6EhcPM45QcSF93M5Ky7pyOQG4f4ArnIxGVwUE3RCMkHW ew7KqMe4H8PSt_vRJk4XzXOdYrVVCB4KraLRAFY-G_TNC1q0mtRNUFrGej4AIoZwI dXrFljCUtgm_8gZla2ofwOb15iaQaytQwfhACVtQyhbsYpG1tM3Ht6Wwg6FIx3TFh XzOYzBHvqy1ij4Nr88X2orUpsiJm9K9ILsyzs2Sjf9pT7PtEFbVacFdxQgd-8eU_s yGXpIpp4EmwvtP_Qh-G5Mxso06y6HP4PBUqA0XRyEYgM-6doGo7BnqixCum8XcR1y WKmXE7KoxI6IID3OXE10Mav_BX29PWsbPuCa8XzRWtctGHHGd52uPaJ0N-zejqMEO 9oXIFIoMn-ntUBLEgn8wbVuIA8fsMXCu3jriV46FFqMVncryLFZfp1iyxYb7yXZgT moxIt1JdYTzYkkqvvHrB80GbF5Vdekarb2o9H7a3ikUyOvTD5g2vD7KpBBvl6-MJL DfedW8g2P7pT_JkTjavkMCycJcmzWRQG_xFSrJ4XKh-FcWD4K5atg3CzPMuSoN6HT 5oKoaoMyzzgmnrTgNdl6o3CLjezIW7qPuzfaHSURoP_ufLu4Qqy23t_QeyFwikEWP YGjeVenMEYdYm0cfb3Qn5bM5zeJ87NnB1QdSEzrDr3K5aMVSFIWnuiLsUwmhu4ujZ Uwpit7kohdNyAt31hgeU7JwoCT_GMGBEzNSixRmaYMycLrxjt13uDB9G06PUq6pB- 5NT97-fXsIWOpt_myUYbx1ksjyMrzTz2-1KT6J2AqjNrdIWs9BEMm5CPFD1HopEaS yC7DucE7fPQ7-LUxoJ2WJvIo-X9im4uPPM8SgiU6rz94X6eFvV1vsqTEZPEZvEfJl Tkahw7lWKCIqVcOaFaFFN_focvjDJhJ-_nwI3TGJYrnzcFbhQvscRxd5USEh6veV1 dLTTHrxFYDaR6MbV2haOjr3gMuVyDL5rdpW6hvpxE0VlNZzNygjW90mH6JiAvFk60 JSWkit7z8bhwmabYAD5NmJritFFpn4SVGljJrZQAUnkikso5EskvPHUJ_caA1ZI0I kl2hd0j5Kja8snbfYB-z26Fq4-q0Enq7Mw9m9TI7bYfar0svAuyXgqFnxzf6KC2m2 bPMW5aYovHA7fYDkSEPYMnHC8pqr7cKOTD4qDttBAKuqsU0FPO-uU3C8MpKpN8HqM omLHaTXxWxjAZ-1Q9sY0X5gLUGqPws5YVw0NErSsUX8fk8VbOSq_miEAhgxNgiZX2 5eSVDp12aNClBmebVlnb2zaguhFU1nOW4XjaOJcS9QPTOKv89qBJU5cNH5nCCOAzT W658gRbLnFcSnVi1a6tsLsqtAbq75Yp6RJAhKn2pm7P08MEiUTnF-HLJuvyIdLQtX yGPU1JQqEiiE4-DK788prLG_riNtsqKhS7ESGOPUnwb2-ALowh-lXaXU7uSd7pgW8 B5Qj_VG61miG9cGqHgeHhOHhfY_xEAur6W8ZhvYqkz0EQh-BgY7EKap7klrYGVpqO zhnM-M4JcE_8HF7sw8XhTJ-rtXLG_8prMFPHpB5riNjiarexMWymOikP9ixBrL9yf eyiMygEZtcJvg9tq7PlLFUghqzqkH7z8UgmLEBU4yy_XolTuuhnv-VoiOfca9TbAJ dpVfPh5wjWOweDGgrXzmR2dM24H09V_INFsw4-H90WrpokmJMmEWF9eRXwjWdSzCn PN-Kj8y1KHlHt8m4FlUCVlbLX2F_orW-zBX3vltNlOjEIROriU4dtv5Vc8xwU5gRc AC9_RJknl8YiF4wnRKRgeqZYFoNG6TXflscj1kAh-TVARDZA17ib0m79d-fBIBvF3 SoTReDKhCZQRMs4QitEDUjcYsDpw5bLwtrf1EDrIgEOFPomPzMqdVqi4S_AQjXQ", { "PayloadDigest":"TJ1qjXTKHecpvFT2S0MB9xvUarofJEoUsb Ohz8qyRma3qpVrZ9oSllz8VjCPQIbJjb7KQ_BjyRQnZhYTV86wRQ", "TreeDigest":"ETeQjy0XpileQSzyTpn5326jCsfQtZ5oO-0W3 SWcNrLcyjduJooywCIHTS3ZrUk91UHZmBoI24o3hf1T3T0h1g"} ] ]} ]}}¶
The response payload currently reports the success or failure of the bind operation:¶
{ "BindResponse":{ "Status":201, "StatusDescription":"Operation completed successfully"}}¶
It is likely that a future revisions of the specification will specify the host(s) to which future account service operations are to be directed. This would allow the account management operations to be separated from the account maintenance operations without requiring the traditional tiered architecture in which every interaction with a service is first routed to a host that cannot perform the required action so that it can be directed to the host that can.¶
6.2.1.1. Bind Group Account
Mesh Group Accounts are created in the same manner as user accounts except that the ProfileGroup is specified.¶
6.2.2. Unbind Account
An account registration is deleted using the UnbindAccount
transaction.¶
This operation needs to be extended to allow the process of transferring accounts to be supported such that the old service can say where the account has gone (if it is willing to do so).¶
>>>> Unfinished ProtocolAccountDelete¶
The request payload:¶
{ "UnbindRequest":{}}¶
The response payload:¶
{ "UnbindResponse":{ "Status":400, "StatusDescription":"Error occurred"}}¶
6.2.3. Account Recovery and Transfer.
Account recovery is necessary in the case that user has lost control of every administration device connected to the account and must re-create the account profile and bind a new set of administrative devices. Account transfer is the process of unbinding an account from one service and rebinding it to a new one.¶
These capabilities are both critical to the long term success of the Mesh but have been deleted from the current revision of the specification as their implementation is interdependent on the architecture of the callsign registry.¶
>>>> Unfinished ProtocolAccountRecover¶
[TBS]¶
6.3. Persistence Store Management
All the state associated with a Mesh profile is stored as a sequence of DARE Messages in a Dare Container. The Mesh Service holding the master copy of the persistence stores and the devices connected to the profile containing complete copies (replicas) or partial copies (redactions).¶
Thus, the only primitive needed to achieve synchronization of the profile state are those required for synchronization of a DARE Container. These steps are:¶
- Obtain the status of the catalogs and spools associated with the account.¶
- Download catalog and spool updates¶
- Upload catalog updates.¶
To ensure a satisfactory user experience, Mesh Messages are intentionally limited in size to 32 KB or less, thus ensuring that an application can retrieve the most recent 100 messages almost instantaneously on a high bandwidth connection and without undue delay on a slower one.¶
6.3.1. Status
The status transaction returns the status of the containers the device is authorized to access for the specified account together with the updated Device Connection Entry if this has been modified since the entry presented to authenticate the request was issued.¶
Alice adds an entry to her bookmark catalog. Before the bookmark can be added, the device synchronizes to the service. The synchronization process begins with a request for the status of all the stores associated with the account that it has access rights for:¶
{ "StatusRequest":{}}¶
If the account has a very large number of stores, the device might only ask for the status of specific stores of interest.¶
The response specifies the status of each store specifying the index and Merkle tree apex digest values for each:¶
{ "StatusResponse":{ "Status":201, "StatusDescription":"Operation completed successfully", "ContainerStatus":[{ "Container":"MMM_Inbound", "Index":3}, { "Container":"MMM_Outbound", "Index":1, "Digest":"FEHy24Y6cLModDXWH31kVc2a3TdhjXPooKHpLAb2JbsO1YQ nJolmowXAYHhkOGY0kg3jrKNTjds0myf4Dw1sdg"}, { "Container":"MMM_Local", "Index":2}, { "Container":"MMM_Access", "Index":3}, { "Container":"MMM_Credential", "Index":4}, { "Container":"MMM_Device", "Index":3}, { "Container":"MMM_Contact", "Index":2}, { "Container":"MMM_Application", "Index":1}, { "Container":"MMM_Publication", "Index":1}, { "Container":"MMM_Bookmark", "Index":1}, { "Container":"MMM_Task", "Index":1} ]}}¶
Bug: The current version of the reference code is only returning the digest values for the outbound store.¶
6.3.2. Download
The download transaction returns a collection of entries from one or more containers associated with the profile.¶
The service MAY limit the number of entries returned in an individual response for performance reasons.¶
The previous status operation has reported that a new envelope has been added to the credential store. The device requests this data from the service:¶
{ "DownloadRequest":{ "Select":[{ "Container":"MMM_Credential", "IndexMin":3, "IndexMax":4} ]}}¶
The response contains the requested envelope:¶
{ "DownloadResponse":{ "Status":201, "StatusDescription":"Operation completed successfully", "Updates":[{ "Container":"MMM_Credential", "Envelopes":[[{ "PayloadDigest":"sy1ssbIvs3DVwUObsWIpbtGquWaoEYtCqY 1smobL0T5ydXU29v8ixwUGCDO_pWxh3rWS5yXbOK4rhufAQfMq7w", "enc":"A256CBC", "dig":"S512", "Salt":"YnQw4J41v4oCWz8krGmFNQ", "recipients":[{ "kid":"MDQY-J72A-VPAO-WDOD-GYY7-4ZZ5-PLVL", "epk":{ "PublicKeyECDH":{ "crv":"X448", "Public":"_dHVp-Pmr9wgX8Br8zwPEyTT4puZ-N2Z2 cRql0WuuTAXm8Antqfg0dHit2iy5tD9C_ji4FcuoPcA"}}, "wmk":"Il9yeV5COdhTo6ULAbHU084HB3qPqVIgyHIexstl Dk7H1gWixmkj9A"} ], "ContentMetaData":"ewogICJVbmlxdWVJZCI6ICI6ZnRwLmV4 YW1wbGUuY29tIiwKICAiRXZlbnQiOiAiVXBkYXRlIiwKICAiRmlyc3QiOiAxLAogI CJQcmV2aW91cyI6IDF9", "SequenceInfo":{ "Index":3, "TreePosition":716}, "Received":"2021-09-20T18:15:28Z"}, "TprbdZruvdRXXzOAP_SAxvADHwrULXW_XrLtrvd_vvrbRAeXXmus fRrL8sIZod3f4uXNZPUbwDAiiJTeT1z0vKzoMYNsJ7gkgbdBx5wvKS_APbzHnfBAd qdKZJDPZCf9NIWrjPs7uaMxCmHajt2o2jgNbbmE17Ewua_YX1hsxHY", {} ] ]} ]}}¶
Future: The current implementation of the download operation is limited by the capabilities of the HTTP binding of the RUD transport. A future binding allowing operations that consist of a single request followed by a sequence of responses will allow much greater flexibility.¶
Future versions of the protocol may support optional filtering criteria so that the service only returns objects matching specific criteria and/or only return certain parts of the selected messages.¶
6.3.3. Transact
The transact transaction appends envelopes to one or more stores. The operation is atomic, that is either all the changes specified will be made to the stores or none will. This ensures that simultaneous attempts to update a store do not result in race conditions allows Mesh stores to provide ACID (Atomicity, Consistency, Isolation, Durability) properties to the applications they serve.¶
Clients SHOULD check to determine if updates to a container conflict with pending updates on the device waiting to be uploaded. For example, if a contact that the user modified on the device attempting to synchronize was subsequently deleted. The means of resolving such conflicts is not in the scope of this specification.¶
Each update to a catalog or container specifies the expected container index and apex digest. This provides a strong guarantee of consistency. The service MUST verify each update to check that the Merkle Tree values specified are consistent with the store entries and that the signature on the apex value (if specified) is valid and correct.¶
Services MAY impose limits on the size and number of additions performed in response to a TransactRequest
message to ensure that processing time does not degrade performance for other users.¶
The request payload specifies the data to be appended to the stores.¶
{ "TransactRequest":{ "Updates":[{ "Container":"MMM_Bookmark", "Envelopes":[[{ "dig":"S512", "ContentMetaData":"ewogICJVbmlxdWVJZCI6ICJTaXRlcy4y IiwKICAiRXZlbnQiOiAiTmV3In0", "SequenceInfo":{ "Index":1, "TreePosition":0}}, "ewogICJDYXRhbG9nZWRCb29rbWFyayI6IHsKICAgICJVcmkiOiAi aHR0cDovL3d3dy5leGFtcGxlLm5ldCIsCiAgICAiVGl0bGUiOiAic2l0ZTIiLAogI CAgIlBhdGgiOiAiU2l0ZXMuMiJ9fQ", { "PayloadDigest":"gtpamSravs9YkD3Wi6-rIFqFOINwLFj8Q2 eGpMjmbyP-_TRCgRs9Hqpo3bJPhoRSgUmfIUsQTDNeiT414W56eA", "TreeDigest":"TpXg14cDEx_-1Qe-h1qiryihslO0MrUCLW0L7 wvq-YLCEWZfAIrp9FmBwNE0se8UN1nFY4h1aqXbN3yBuKfg9w"} ] ]} ]}}¶
The response reports successful completion:¶
{ "TransactResponse":{ "Status":201, "StatusDescription":"Operation completed successfully"}}¶
6.4. Device Connection
In order to support the wide range of affordances supported by devices, four device connection interactions are currently specified. The use of these mechanisms is described in [draft-hallambaker-mesh-architecture] and the interactions themselves are described in section ??? following.¶
Device connection operations are always issued by a device requesting connection to a Mesh account and must therefore be authenticated under the device profile rather than the account profile. Two device connection operations are currently defined:¶
- Connect
-
Requests connection to the account.¶
- Complete
-
Polls for completion of a connection request.¶
Since the second operation is merely polling for completion of the transaction requested by the first, it is likely that these will be combined in a future revision of the specification.¶
6.4.1. Connect
If the connection request is initiated by the device being connected, the device constructs a RequestConnection
message which is posted to the Mesh Service using the Connect operation.¶
If the Connect operation is accepted (i.e. the service determines it is not abuse), the service constructs an AcknowledgeConnection
message which is forwarded to the inbound spool of the account to which connection is requested. The requesting device receives a copy of the AcknowledgeConnection
message and the profile of the account it is requesting connection to.¶
As described in the following section, the AcknowledgeConnection message contains the request details presented by the device and a nonce value generated by the service. This nonce value is used to compute the witness value that will be used for mutual authentication of the device and account.¶
The connect request is made to the service, not the account. The payload contains the enveloped connection request:¶
{ "ConnectRequest":{ "EnvelopedRequestConnection":[{ "EnvelopeId":"MBX4-HVCH-S6LU-BEWP-KAM5-7OYF-F4YG", "ContentMetaData":"ewogICJVbmlxdWVJZCI6ICJORFlSLUZTVDItRD RWNy03QzNRLVFGNVItNzRUWC1OTlBDIiwKICAiTWVzc2FnZVR5cGUiOiAiUmVxdWV zdENvbm5lY3Rpb24iLAogICJjdHkiOiAiYXBwbGljYXRpb24vbW1tL29iamVjdCIs CiAgIkNyZWF0ZWQiOiAiMjAyMS0wOS0yMFQxODoxNjoxOFoifQ"}, "ewogICJSZXF1ZXN0Q29ubmVjdGlvbiI6IHsKICAgICJNZXNzYWdlSWQiOi AiTkRZUi1GU1QyLUQ0VjctN0MzUS1RRjVSLTc0VFgtTk5QQyIsCiAgICAiQXV0aGV udGljYXRlZERhdGEiOiBbewogICAgICAgICJFbnZlbG9wZUlkIjogIk1CSjQtQ0RF Sy02SkEyLVdHS1ktNEMyWi1WU1lQLUtPRk0iLAogICAgICAgICJkaWciOiAiUzUxM iIsCiAgICAgICAgIkNvbnRlbnRNZXRhRGF0YSI6ICJld29nSUNKVmJtbHhkV1ZKWk NJNklDSk5Ra28wTFVORVJVc3ROa3BCTWkxCiAgWFIwdFpMVFJETWxvdFZsTlpVQzF MVDBaTklpd0tJQ0FpVFdWemMyRm5aVlI1Y0dVaU9pQWlVSEp2Wm1sc1oKICBVUmxk bWxqWlNJc0NpQWdJbU4wZVNJNklDSmhjSEJzYVdOaGRHbHZiaTl0YlcwdmIySnFaV 04wSWl3S0lDQQogIGlRM0psWVhSbFpDSTZJQ0l5TURJeExUQTVMVEl3VkRFNE9qRT JPakU0V2lKOSJ9LAogICAgICAiZXdvZ0lDSlFjbTltYVd4bFJHVjJhV05sSWpvZ2V 3b2dJQ0FnSWxCeWIyWgogIHBiR1ZUYVdkdVlYUjFjbVVpT2lCN0NpQWdJQ0FnSUNK VlpHWWlPaUFpVFVKS05DMURSRVZMTFRaS1FUSXRWCiAgMGRMV1MwMFF6SmFMVlpUV 1ZBdFMwOUdUU0lzQ2lBZ0lDQWdJQ0pRZFdKc2FXTlFZWEpoYldWMFpYSnpJam8KIC BnZXdvZ0lDQWdJQ0FnSUNKUWRXSnNhV05MWlhsRlEwUklJam9nZXdvZ0lDQWdJQ0F nSUNBZ0ltTnlkaUk2SQogIENKRlpEUTBPQ0lzQ2lBZ0lDQWdJQ0FnSUNBaVVIVmli R2xqSWpvZ0ltZExUemxQV1VWU1NGSllZV3hxTTBKCiAgQldVcFdUVWQwYVZoVFZrd DJReTE0WkVneFRqQjROR2hqV1dWalozWkdlRmRFYUc4S0lDQkpkVkZ6VWtSdE4KIC BDMVJNR3RLVjFGR2JHRlZaWHA2UlVFaWZYMTlMQW9nSUNBZ0lrVnVZM0o1Y0hScGI yNGlPaUI3Q2lBZ0lDQQogIGdJQ0pWWkdZaU9pQWlUVVJhVlMxTVZrVlJMVVpYVmtN dFdsUmFVUzAxV2xaTkxVaEVSbGN0UTAxRFVpSXNDCiAgaUFnSUNBZ0lDSlFkV0pzY VdOUVlYSmhiV1YwWlhKeklqb2dld29nSUNBZ0lDQWdJQ0pRZFdKc2FXTkxaWGwKIC BGUTBSSUlqb2dld29nSUNBZ0lDQWdJQ0FnSW1OeWRpSTZJQ0pZTkRRNElpd0tJQ0F nSUNBZ0lDQWdJQ0pRZAogIFdKc2FXTWlPaUFpZVVaSWFYcEtUbHBsWjJNMWQySlVl VWxPZVhkMExUVk1RV2Q1V1RaRlJrVldMVFJTYUc5CiAgRk1WVTBaWFJwWVVaMWVUR llhQW9nSURGTloybDZhMDgwYjFoME5tVk1WRnBrUmpkcWEyTnRRU0o5Zlgwc0MKIC BpQWdJQ0FpVTJsbmJtRjBkWEpsSWpvZ2V3b2dJQ0FnSUNBaVZXUm1Jam9nSWsxQ1V qTXRRMWRSVnkxWldUZAogIFRMVFF6VVVVdFRWa3lTaTFKTWtJMUxVcEtXVTRpTEFv Z0lDQWdJQ0FpVUhWaWJHbGpVR0Z5WVcxbGRHVnljCiAgeUk2SUhzS0lDQWdJQ0FnS UNBaVVIVmliR2xqUzJWNVJVTkVTQ0k2SUhzS0lDQWdJQ0FnSUNBZ0lDSmpjblkKIC BpT2lBaVJXUTBORGdpTEFvZ0lDQWdJQ0FnSUNBZ0lsQjFZbXhwWXlJNklDSlpXRGx XV0ZJNWNtMWxhVlZFTAogIFhwcmRrZ3hjRnBXYUV0NU15MVBYMUUyWTJkTVZGODJV bVpQWkcxcVdFOXJYMG80VUVVekNpQWdjbTB0VkRkCiAgWFZGWmZPVmQzUkZNNVZFT lFZMnRYT1dkQkluMTlmU3dLSUNBZ0lDSkJkWFJvWlc1MGFXTmhkR2x2YmlJNkkKIC BIc0tJQ0FnSUNBZ0lsVmtaaUk2SUNKTlFWZFVMVmRYUkZFdFRGbGFRaTFDVlVWWEx VWkJWekl0VWs5UFJpMQogIFlVVEpJSWl3S0lDQWdJQ0FnSWxCMVlteHBZMUJoY21G dFpYUmxjbk1pT2lCN0NpQWdJQ0FnSUNBZ0lsQjFZCiAgbXhwWTB0bGVVVkRSRWdpT 2lCN0NpQWdJQ0FnSUNBZ0lDQWlZM0oySWpvZ0lsZzBORGdpTEFvZ0lDQWdJQ0EKIC BnSUNBZ0lsQjFZbXhwWXlJNklDSldjVzB6YWxodlpYcExlbkJxWHpkSE9HZDNZM1p oZWtOb1QyRXlNbTg1ZQogIG1aR05sRTRTemxSUzJNMWNFSnllV3cyVW5JdENpQWdV VzVNY21GTGFGVjFjbEZSVlRoaVVrdFFWSEJDUkdOCiAgQkluMTlmWDE5IiwKICAgI CAgewogICAgICAgICJzaWduYXR1cmVzIjogW3sKICAgICAgICAgICAgImFsZyI6IC JTNTEyIiwKICAgICAgICAgICAgImtpZCI6ICJNQko0LUNERUstNkpBMi1XR0tZLTR DMlotVlNZUC1LT0ZNIiwKICAgICAgICAgICAgInNpZ25hdHVyZSI6ICJJSVpnY3hf aGQzaDRvbk1CNnlPZTdGWnlVNmtfOFNxVXNlUHlDZ2VNREIzdy15QXRfCiAgZl9ZU m5IY2dpcEVTVFAxNjY5Q2kybWxQaC1BX1lRb1BvREoxc0R6X2VST0hyeGZBWC1UVE JCbE1PbWl6dTEKICBVTW9VbkIxZkVyMUo3NUNOeHdmOXNtSU1jQ3hUN080WDFNUW9 PZXdzQSJ9XSwKICAgICAgICAiUGF5bG9hZERpZ2VzdCI6ICJFZUdDLVVVMWZNWHlw cEc2MkNpUEM3cEJOYUR3MjU3dWJ1ZkUzaXp3bUJtXzgKICBsck1mR19WV25mcU15Y kY4UTNtNlYwZldReFFmUldJYy05WHBHNC1zZyJ9XSwKICAgICJDbGllbnROb25jZS I6ICJaUkQ5bzl6OF9BeHE2V0hFU3FRMWFRIiwKICAgICJQaW5JZCI6ICJBQUFSLVA 2Nk8tS0dUSS1RWTZDLUNYSVctT01DVi1XUVpJIiwKICAgICJQaW5XaXRuZXNzIjog ImRiRDhfazVKNk5oWnhydTZsdE8tWTUyYm0telByODBFYkVibWN3TWw2c0ZwT0J4V gogIEZSVkppNkFjSTBnVTNXajNtZGdBbHRmOWVQeEJSeVl5bWptdFdRIiwKICAgIC JBY2NvdW50QWRkcmVzcyI6ICJhbGljZUBleGFtcGxlLmNvbSJ9fQ" ]}}¶
The response payload contains the information the device requires to compute the witness value and to poll for completion. This is a copy of the request acknowledgement and a copy of the profile of the account the device has requested connection to:¶
{ "ConnectResponse":{ "Status":201, "StatusDescription":"Operation completed successfully", "EnvelopedAcknowledgeConnection":[{ "EnvelopeId":"MAHM-HDMG-VUAE-LKOI-GABM-CRVE-YTWG", "ContentMetaData":"ewogICJVbmlxdWVJZCI6ICJDQzVOLUoyN08tRF IzVy1XVFFJLVIzSkItTkpaUC03NDVWIiwKICAiTWVzc2FnZVR5cGUiOiAiQWNrbm9 3bGVkZ2VDb25uZWN0aW9uIiwKICAiY3R5IjogImFwcGxpY2F0aW9uL21tbS9vYmpl Y3QiLAogICJDcmVhdGVkIjogIjIwMjEtMDktMjBUMTg6MTY6MThaIn0", "SequenceInfo":{ "Index":6, "TreePosition":11822}, "Received":"2021-09-20T18:16:18Z"}, "ewogICJBY2tub3dsZWRnZUNvbm5lY3Rpb24iOiB7CiAgICAiTWVzc2FnZU lkIjogIkNDNU4tSjI3Ty1EUjNXLVdUUUktUjNKQi1OSlpQLTc0NVYiLAogICAgIkV udmVsb3BlZFJlcXVlc3RDb25uZWN0aW9uIjogW3sKICAgICAgICAiRW52ZWxvcGVJ ZCI6ICJNQlg0LUhWQ0gtUzZMVS1CRVdQLUtBTTUtN09ZRi1GNFlHIiwKICAgICAgI CAiQ29udGVudE1ldGFEYXRhIjogImV3b2dJQ0pWYm1seGRXVkpaQ0k2SUNKT1JGbF NMVVpUVkRJdFJEUldOeTAKICAzUXpOUkxWRkdOVkl0TnpSVVdDMU9UbEJESWl3S0l DQWlUV1Z6YzJGblpWUjVjR1VpT2lBaVVtVnhkV1Z6ZAogIEVOdmJtNWxZM1JwYjI0 aUxBb2dJQ0pqZEhraU9pQWlZWEJ3YkdsallYUnBiMjR2YlcxdEwyOWlhbVZqZENJC iAgc0NpQWdJa055WldGMFpXUWlPaUFpTWpBeU1TMHdPUzB5TUZReE9Eb3hOam94T0 ZvaWZRIn0sCiAgICAgICJld29nSUNKU1pYRjFaWE4wUTI5dWJtVmpkR2x2YmlJNkl Ic0tJQ0FnSUNKCiAgTlpYTnpZV2RsU1dRaU9pQWlUa1JaVWkxR1UxUXlMVVEwVmpj dE4wTXpVUzFSUmpWU0xUYzBWRmd0VGs1UVEKICB5SXNDaUFnSUNBaVFYVjBhR1Z1Z EdsallYUmxaRVJoZEdFaU9pQmJld29nSUNBZ0lDQWdJQ0pGYm5abGJHOQogIHdaVW xrSWpvZ0lrMUNTalF0UTBSRlN5MDJTa0V5TFZkSFMxa3RORU15V2kxV1UxbFFMVXR QUmswaUxBb2dJCiAgQ0FnSUNBZ0lDSmthV2NpT2lBaVV6VXhNaUlzQ2lBZ0lDQWdJ Q0FnSWtOdmJuUmxiblJOWlhSaFJHRjBZU0kKICA2SUNKbGQyOW5TVU5LVm1KdGJIa GtWMVpLV2tOSk5rbERTazVSYTI4d1RGVk9SVkpWYzNST2EzQkNUV2t4QwogIGlBZ1 dGSXdkRnBNVkZKRVRXeHZkRlpzVGxwVlF6Rk1WREJhVGtscGQwdEpRMEZwVkZkV2V tTXlSbTVhVmxJCiAgMVkwZFZhVTlwUVdsVlNFcDJXbTFzYzFvS0lDQlZVbXhrYld4 cVdsTkpjME5wUVdkSmJVNHdaVk5KTmtsRFMKICBtaGpTRUp6WVZkT2FHUkhiSFppY VRsMFlsY3dkbUl5U25GYVYwNHdTV2wzUzBsRFFRb2dJR2xSTTBwc1dWaAogIFNiRn BEU1RaSlEwbDVUVVJKZUV4VVFUVk1WRWwzVmtSRk5FOXFSVEpQYWtVMFYybEtPU0o 5TEFvZ0lDQWdJCiAgQ0FpWlhkdlowbERTbEZqYlRsdFlWZDRiRkpIVmpKaFYwNXNT V3B2WjJWM2IyZEpRMEZuU1d4Q2VXSXlXZ28KICBnSUhCaVIxWlVZVmRrZFZsWVVqR mpiVlZwVDJsQ04wTnBRV2RKUTBGblNVTktWbHBIV1dsUGFVRnBWRlZLUwogIDA1RE 1VUlNSVlpNVEZSYVMxRlVTWFJXQ2lBZ01HUk1WMU13TUZGNlNtRk1WbHBVVjFaQmR GTXdPVWRVVTBsCiAgelEybEJaMGxEUVdkSlEwcFJaRmRLYzJGWFRsRlpXRXBvWWxk V01GcFlTbnBKYW04S0lDQm5aWGR2WjBsRFEKICBXZEpRMEZuU1VOS1VXUlhTbk5oV jA1TVdsaHNSbEV3VWtsSmFtOW5aWGR2WjBsRFFXZEpRMEZuU1VOQlowbAogIHRUbm xrYVVrMlNRb2dJRU5LUmxwRVVUQlBRMGx6UTJsQlowbERRV2RKUTBGblNVTkJhVlZ JVm1saVIyeHFTCiAgV3B2WjBsdFpFeFVlbXhRVjFWV1UxTkdTbGxaVjNoeFRUQktD aUFnUWxkVmNGZFVWV1F3WVZab1ZGWnJkREoKICBSZVRFMFdrVm5lRlJxUWpST1Iya HFWMWRXYWxveldrZGxSbVJGWVVjNFMwbERRa3BrVmtaNlZXdFNkRTRLSQogIENCRE 1WSk5SM1JMVmpGR1IySkhSbFphV0hBMlVsVkZhV1pZTVRsTVFXOW5TVU5CWjBsclZ uVlpNMG8xWTBoCiAgU2NHSXlOR2xQYVVJM1EybEJaMGxEUVFvZ0lHZEpRMHBXV2tk WmFVOXBRV2xVVlZKaFZsTXhUVlpyVmxKTVYKICBWcFlWbXROZEZkc1VtRlZVekF4V jJ4YVRreFZhRVZTYkdOMFVUQXhSRlZwU1hORENpQWdhVUZuU1VOQlowbAogIERTbE ZrVjBwellWZE9VVmxZU21oaVYxWXdXbGhLZWtscWIyZGxkMjluU1VOQlowbERRV2R KUTBwUlpGZEtjCiAgMkZYVGt4YVdHd0tJQ0JHVVRCU1NVbHFiMmRsZDI5blNVTkJa MGxEUVdkSlEwRm5TVzFPZVdScFNUWkpRMHAKICBaVGtSUk5FbHBkMHRKUTBGblNVT kJaMGxEUVdkSlEwcFJaQW9nSUZkS2MyRlhUV2xQYVVGcFpWVmFTV0ZZYwogIEV0VW JIQnNXakpOTVdReVNsVmxWV3hQWlZoa01FeFVWazFSVjJRMVYxUmFSbEpyVmxkTVZ GSlRZVWM1Q2lBCiAgZ1JrMVdWVEJhV0ZKd1dWVmFNV1ZVUmxsaFFXOW5TVVJHVGxv eWJEWmhNRGd3WWpGb01FNXRWazFXUm5CclUKICBtcGtjV0V5VG5SUlUwbzVabGd3Y zBNS0lDQnBRV2RKUTBGcFZUSnNibUp0UmpCa1dFcHNTV3B2WjJWM2IyZAogIEpRME ZuU1VOQmFWWlhVbTFKYW05blNXc3hRMVZxVFhSUk1XUlNWbmt4V2xkVVpBb2dJRlJ NVkZGNlZWVlZkCiAgRlJXYTNsVGFURktUV3RKTVV4VmNFdFhWVFJwVEVGdlowbERR V2RKUTBGcFZVaFdhV0pIYkdwVlIwWjVXVmMKICB4YkdSSFZubGpDaUFnZVVrMlNVa HpTMGxEUVdkSlEwRm5TVU5CYVZWSVZtbGlSMnhxVXpKV05WSlZUa1ZUUQogIDBrMl NVaHpTMGxEUVdkSlEwRm5TVU5CWjBsRFNtcGpibGtLSUNCcFQybEJhVkpYVVRCT1J HZHBURUZ2WjBsCiAgRFFXZEpRMEZuU1VOQlowbHNRakZaYlhod1dYbEpOa2xEU2xw WFJHeFhWMFpKTldOdE1XeGhWbFpGVEFvZ0kKICBGaHdjbVJyWjNoalJuQlhZVVYwT lUxNU1WQllNVVV5V1RKa1RWWkdPREpWYlZwUVdrY3hjVmRGT1hKWU1HOAogIDBWVV ZWZWtOcFFXZGpiVEIwVmtSa0NpQWdXRlpHV21aUFZtUXpVa1pOTlZaRlRsRlpNblJ ZVDFka1FrbHVNCiAgVGxtVTNkTFNVTkJaMGxEU2tKa1dGSnZXbGMxTUdGWFRtaGtS MngyWW1sSk5ra0tJQ0JJYzB0SlEwRm5TVU4KICBCWjBsc1ZtdGFhVWsyU1VOS1RsR ldaRlZNVm1SWVVrWkZkRlJHYkdGUmFURkRWbFZXV0V4VldrSldla2wwVgogIFdzNV VGSnBNUW9nSUZsVlZFcEpTV2wzUzBsRFFXZEpRMEZuU1d4Q01WbHRlSEJaTVVKb1k yMUdkRnBZVW14CiAgamJrMXBUMmxDTjBOcFFXZEpRMEZuU1VOQlowbHNRakZaQ2lB Z2JYaHdXVEIwYkdWVlZrUlNSV2RwVDJsQ04KICAwTnBRV2RKUTBGblNVTkJaMGxEU VdsWk0wb3lTV3B2WjBsc1p6Qk9SR2RwVEVGdlowbERRV2RKUTBFS0lDQgogIG5TVU 5CWjBsc1FqRlpiWGh3V1hsSk5rbERTbGRqVnpCNllXeG9kbHBZY0V4bGJrSnhXSHB rU0U5SFpETlpNCiAgMXBvWld0T2IxUXlSWGxOYlRnMVpRb2dJRzFhUjA1c1JUUlRl bXhTVXpKTk1XTkZTbmxsVjNjeVZXNUpkRU4KICBwUVdkVlZ6Vk5ZMjFHVEdGR1ZqR mpiRVpTVmxSb2FWVnJkRkZXU0VKRFVrZE9DaUFnUWtsdU1UbG1XREU1SQogIGl3S0 lDQWdJQ0FnZXdvZ0lDQWdJQ0FnSUNKemFXZHVZWFIxY21Weklqb2dXM3NLSUNBZ0l DQWdJQ0FnSUNBCiAgZ0ltRnNaeUk2SUNKVE5URXlJaXdLSUNBZ0lDQWdJQ0FnSUNB Z0ltdHBaQ0k2SUNKTlFrbzBMVU5FUlVzdE4KICBrcEJNaTFYUjB0WkxUUkRNbG90V mxOWlVDMUxUMFpOSWl3S0lDQWdJQ0FnSUNBZ0lDQWdJbk5wWjI1aGRIVgogIHlaU0 k2SUNKSlNWcG5ZM2hmYUdRemFEUnZiazFDTm5sUFpUZEdXbmxWTm10Zk9GTnhWWE5 sVUhsRFoyVk5SCiAgRUl6ZHkxNVFYUmZDaUFnWmw5WlVtNUlZMmRwY0VWVFZGQXhO alk1UTJreWJXeFFhQzFCWDFsUmIxQnZSRW8KICB4YzBSNlgyVlNUMGh5ZUdaQldDM VVWRUpDYkUxUGJXbDZkVEVLSUNCVlRXOVZia0l4WmtWeU1VbzNOVU5PZQogIEhkbU 9YTnRTVTFqUTNoVU4wODBXREZOVVc5UFpYZHpRU0o5WFN3S0lDQWdJQ0FnSUNBaVV HRjViRzloWkVSCiAgcFoyVnpkQ0k2SUNKRlpVZERMVlZWTVdaTldIbHdjRWMyTWtO cFVFTTNjRUpPWVVSM01qVTNkV0oxWmtVemEKICBYcDNiVUp0WHpnS0lDQnNjazFtU jE5V1YyNW1jVTE1WWtZNFVUTnRObFl3WmxkUmVGRm1VbGRKWXkwNVdIQgogIEhOQz F6WnlKOVhTd0tJQ0FnSUNKRGJHbGxiblJPYjI1alpTSTZJQ0phVWtRNWJ6bDZPRjl CZUhFMlYwaEZVCiAgM0ZSTVdGUklpd0tJQ0FnSUNKUWFXNUpaQ0k2SUNKQlFVRlNM VkEyTms4dFMwZFVTUzFSV1RaRExVTllTVmMKICB0VDAxRFZpMVhVVnBKSWl3S0lDQ WdJQ0pRYVc1WGFYUnVaWE56SWpvZ0ltUmlSRGhmYXpWS05rNW9Xbmh5ZAogIFRac2 RFOHRXVFV5WW0wdGVsQnlPREJGWWtWaWJXTjNUV3cyYzBad1QwSjRWZ29nSUVaU1Z rcHBOa0ZqU1RCCiAgblZUTlhhak50WkdkQmJIUm1PV1ZRZUVKU2VWbDViV3B0ZEZk Uklpd0tJQ0FnSUNKQlkyTnZkVzUwUVdSa2MKICBtVnpjeUk2SUNKaGJHbGpaVUJsZ UdGdGNHeGxMbU52YlNKOWZRIl0sCiAgICAiU2VydmVyTm9uY2UiOiAiMDRjWTFNS1 dJNEc4QkdFVUdRemxkdyIsCiAgICAiV2l0bmVzcyI6ICJDQzVOLUoyN08tRFIzVy1 XVFFJLVIzSkItTkpaUC03NDVWIn19", {} ], "EnvelopedProfileAccount":[{ "EnvelopeId":"MC6L-GFYJ-7EOP-2OWN-24ZJ-4RC7-EXTW", "dig":"S512", "ContentMetaData":"ewogICJVbmlxdWVJZCI6ICJNQzZMLUdGWUotN0 VPUC0yT1dOLTI0WkotNFJDNy1FWFRXIiwKICAiTWVzc2FnZVR5cGUiOiAiUHJvZml sZVVzZXIiLAogICJjdHkiOiAiYXBwbGljYXRpb24vbW1tL29iamVjdCIsCiAgIkNy ZWF0ZWQiOiAiMjAyMS0wOS0yMFQxODoxNToyMloifQ"}, "ewogICJQcm9maWxlVXNlciI6IHsKICAgICJQcm9maWxlU2lnbmF0dXJlIj ogewogICAgICAiVWRmIjogIk1DNkwtR0ZZSi03RU9QLTJPV04tMjRaSi00UkM3LUV YVFciLAogICAgICAiUHVibGljUGFyYW1ldGVycyI6IHsKICAgICAgICAiUHVibGlj S2V5RUNESCI6IHsKICAgICAgICAgICJjcnYiOiAiRWQ0NDgiLAogICAgICAgICAgI lB1YmxpYyI6ICJSTHNrbTRnVzZrQm5aS3dMMlBDQkF1aHJyaXVBU1g5X2lZUkt4UT UyRFN0V0dsT2wydWdFCiAgeVAzdTZBVEM1WW1JOFU5TXFyT1cxTW9BIn19fSwKICA gICJBY2NvdW50QWRkcmVzcyI6ICJhbGljZUBleGFtcGxlLmNvbSIsCiAgICAiU2Vy dmljZVVkZiI6ICJNQ1ozLU0yUFMtU0ZYUC00TDZYLVJLR1AtTUtKQS1SNVdLIiwKI CAgICJBY2NvdW50RW5jcnlwdGlvbiI6IHsKICAgICAgIlVkZiI6ICJNRFFZLUo3Mk EtVlBBTy1XRE9ELUdZWTctNFpaNS1QTFZMIiwKICAgICAgIlB1YmxpY1BhcmFtZXR lcnMiOiB7CiAgICAgICAgIlB1YmxpY0tleUVDREgiOiB7CiAgICAgICAgICAiY3J2 IjogIlg0NDgiLAogICAgICAgICAgIlB1YmxpYyI6ICJJZTJtOTRzY21qN05yX1lxT TE1U3h0R2tmbkJMWWxUa25rSWVsVlhxYXJpSUF1el92QjJICiAgRHFNSElnM1otUE tpWEZlcVVqTDRnTmtBIn19fSwKICAgICJBZG1pbmlzdHJhdG9yU2lnbmF0dXJlIjo gewogICAgICAiVWRmIjogIk1EUFktQUI2Mi1STEwyLUZEWkYtR0hZQi1MUzJHLUhN WlgiLAogICAgICAiUHVibGljUGFyYW1ldGVycyI6IHsKICAgICAgICAiUHVibGljS 2V5RUNESCI6IHsKICAgICAgICAgICJjcnYiOiAiRWQ0NDgiLAogICAgICAgICAgIl B1YmxpYyI6ICIwZ3JnTFRFNDljWlF6SURkT2k1ZjRsSXgzT2xsZFBqOVA3dUNzcU0 wWmdLWHJHNnVBWHAtCiAgUWg3ZUdxOE5WNkRQQjBib3YzX1BZSUlBIn19fSwKICAg ICJBY2NvdW50QXV0aGVudGljYXRpb24iOiB7CiAgICAgICJVZGYiOiAiTUNaQi1YT VdNLUtVVlAtUFpaSC1CV1RRLUY0QVYtT0dOUCIsCiAgICAgICJQdWJsaWNQYXJhbW V0ZXJzIjogewogICAgICAgICJQdWJsaWNLZXlFQ0RIIjogewogICAgICAgICAgImN ydiI6ICJYNDQ4IiwKICAgICAgICAgICJQdWJsaWMiOiAidzE0OURtZ2RlOXNwaGJI aWdIVkQ1czFiZlppa2l4ZzNUTEtBRzNWZ2pKZTRETUFWRVJCcwogIE1JbTBBY19nR VZvS29yb1gxdEdFRkowQSJ9fX0sCiAgICAiQWNjb3VudFNpZ25hdHVyZSI6IHsKIC AgICAgIlVkZiI6ICJNQ1VNLVNRMzUtWkpVUS1UTVRLLUhCNFgtNTdRUS1ZSzJaIiw KICAgICAgIlB1YmxpY1BhcmFtZXRlcnMiOiB7CiAgICAgICAgIlB1YmxpY0tleUVD REgiOiB7CiAgICAgICAgICAiY3J2IjogIkVkNDQ4IiwKICAgICAgICAgICJQdWJsa WMiOiAibUR5cDZtTGlSYXRPWGlCdHg5YlZabTJiaHBQaXFtVEJMdG1WeHpwOWRCTW lVWl9YOElkdAogIHY1MUJvcFcycWF5blJ1LWxFNU1WYW5LQSJ9fX19fQ", { "signatures":[{ "alg":"S512", "kid":"MC6L-GFYJ-7EOP-2OWN-24ZJ-4RC7-EXTW", "signature":"aeCuTY0X-J9_L6HGafZKbg5ZueP6PjoydfQDXB28 B0CpGfqhPjTc6bjLF-vZWzSV4wZ9wotFvXyAR_QRXW7EtpbRz4s2j-bdzGR6z0jzJ GnFWaxUYfAzCoFUHfhUDzJTthMNkQiJ-sUyRyriqaF0HjUA"} ], "PayloadDigest":"ZPrAcmAuks4uOaLyaHIyrISbFbCuNwXI3h7IVDB4 hzyitFAsVEg8G5QukhJexWuntd_8f4VwQaAmZnjT3lPEhw"} ]}}¶
6.4.2. Complete
The complete operation is used to complete the binding of a device to the account regardless of whether the operation is initiated by the administration device or the connecting device.¶
The complete request is made to the service, not the account. The payload specifies the account the device is requesting completion for and the identifier of the completion message.¶
{ "CompleteRequest":{ "AccountAddress":"alice@example.com", "ResponseID":"MB3U-D5WR-CRBE-PM3W-BXKC-WJL7-7QMZ"}}¶
The response payload:¶
{ "CompleteResponse":{ "Status":201, "StatusDescription":"Operation completed successfully", "EnvelopedRespondConnection":[{ "EnvelopeId":"MA6Y-NAFZ-GH55-QXQK-AVY7-M4QG-BOKE", "enc":"A256CBC", "Salt":"t31lj96_2DUNpdtw7r2j_g", "recipients":[{ "kid":"MDZU-LVEQ-FWVC-ZTZQ-5ZVM-HDFW-CMCR", "epk":{ "PublicKeyECDH":{ "crv":"X448", "Public":"trxRbB_RWPzsJLQJuS5iNdPMwszuRy_57LsS2je LS09bRlPxgdGIgGQJRUYLE0HqUOg9uL33Y4kA"}}, "wmk":"lOHUgxHWSTfhi_kPvC9ArgAmKjC-6UfiYqUVJj07DsWH94 cuUHTCIA"} ], "ContentMetaData":"ewogICJVbmlxdWVJZCI6ICJNQjNVLUQ1V1ItQ1 JCRS1QTTNXLUJYS0MtV0pMNy03UU1aIiwKICAiTWVzc2FnZVR5cGUiOiAiUmVzcG9 uZENvbm5lY3Rpb24iLAogICJjdHkiOiAiYXBwbGljYXRpb24vbW1tL29iamVjdCIs CiAgIkNyZWF0ZWQiOiAiMjAyMS0wOS0yMFQxODoxNjoxOVoifQ", "SequenceInfo":{ "Index":3, "TreePosition":426}, "Received":"2021-09-20T18:16:20Z"}, "xXWk3RzF8i5nBYkIGu4hQ4lF2LsVIIhhpBjit5AJ7dxNvShduybGoV-zy9 tmXRTMY1VdFDS0QYYrTIzg2XOO4sT8KGljASTW4c5A-aMyW28brQ7QJEVi4GF3JtQ ejOqi2RdwsT-mdiHXhFu7wePWqQfnB_9cyXMK-uZUTXPwgito4inGZcYEo8EYiIrU AXuG0Dd-B67q-GeRh2Iu2JN_z713TxVmybokCOMDrrVsI2CA8ADDK-i7DxxRg0yCV FfMvASPMx3_S3QnX9mXsPfsGEbmZYNETJToG5MJIZqU1oUuQE1CrZi-K8DmeqUeZV zGHWRWoUoduax-MQcAH2Jznni0NNn6dqLyH2FHvMM--rY35_F-irr3ch3resI-sti y9m8nJnJZZrlRKrhNibVFQg9HS70-0BnM7smPWe_VWHTmghiFT2t0Y-fqqO7e15tc Em8hJWWnuw09iyKai5YOMC1Yc0GmLeKTyn12uV8_6V3pvAsZ-D7k6cCaDXY3hywcT Ls0yRX_kIdVl01atlGmsh5cRjNQxonqD4nxb-HQqJ2_zO2jUUq9t_nJsisKovlPx1 Pgg2OTuulhe1aEV8Tya6kX9EMvst10mIMMTtEcL1ceZlVyqVDhx0hjvoE2bOTml79 FDRNlFg8PMfrfvP3fIGEdhKlq90KymFnoALyglq3r3Q0scYtkfb_4ZkPstp2k2gg3 48Lml7rmWH_aE34BugelmwghaFJhVwqj9l3hdGpiT8gZMtbZoELvvDcrlOQZx6skd _Gr3IWwQpLSIY-jXQzd_ffu6l8BHjg4wgD51esw4LpJAcsifdiyJYOO5U7hRWYNq7 iOqAn8pwvkGO4OvgGUYx2suMFr-2y5JlZvr806AvR56NW3qUcPCBuVM9rJXzV9N0q dhiuiT3Hmrus61HaImNFzju1xOt6QKdxLLCqTbNNk9ymlQWFJkex8_YdEwCND48mv 7cFm1QLM74G3vfTKjKLT-xEeyQegY5wq3zbUfsTIVRqUQ1ICmxFra4YvIkZTPN4DN Dlzk2IIXTeXRxsUKc5yGfBHj79qtshGSipkuffyStYCeoK1aXBKlf3XmgqDTpaF6G jZvXw11piVQ7lmsUbs6Uxi6OsNpzID2hZCueMuEyTq-4BNTzpxUs8eDJIEns9CSNv 3UhwhvWFyw4tu7WHks6vuLtyKtAuLQCm3kbKzLHJNntQqGG-23j63mvURGPDT1Z6G 6TOBQXHpHCyQJ1i06yySX1PBLyjv8qeuIFDdd5-UM4HTKm0Wrxcf9SE7IUcCQEluj TSYsn3zys7m2zaZvDi6RRH-LENkO9fnt1RIW5dxjbP25dyNNMnZ4Ua_yafHPpBQPH EzV3ygfaru9alVpTnTjx3ns-CxWNxwRjm4j_Kq-H4PTxwCjJ9HubwP-lTI406-zgc p_taEeRWG511llEgqcUdI7hsql7nRkX3zqfXhi5Y9H1aISd7kZ2M_J8fHJw10cadL OWrhB1MfO3M07m8xF3wj8ECN4ySlqOyNXRmAzJhOTbLozixv4wJ_Ol7_dJxECaUDM VdsugKzDmbB_oCrYYGKkIt8GTy_nbRjgQieNWYD6jG1uaX30sfRmyvGdTAME0p9-x bO_oDJ4glOVg_ePV743CxxVXIkwgGz7YL2ADm_jTfje8w542LweCBWsz1lmtr6nN7 JVEB8Ri3bNPuOQ7NAIn840jJybANdIz2cetMGslmM7ECc-YjDBhJNYS-QS5B4vArW RAXso2Mc6cly63DgTg98rdCAurPS_mxHzXMGV_aQImdQ7rVotps6EdQT5URiSD-nu GjhG2q912ESWRidy0sBEaaxAIqoUI5XjQ3X3ANpGr1xnJU6e_uSzEUGp3ZupjJ6I8 st6fPC8A5Yhf40FNsOgJKWhUo7uQtQozOyZVKo-xbmZlQHVI8HWS4BRBtcxpT73bb ncGZ3LKlThW87GGgUMDx2amlo2q9QlhwLki-gsFPy5mZSOIrLMd5mHaBo1qWGhIR8 qp0rVZ2U0WW47xawjS1uCUxnKsL148yKrRB6BNNRPnSFn3bgrbg1upnt5MltkZ_yF _tq1XWIovOu9dzFBzcSy5Z5tOnMQFtCJVwMRfGzWMHCKXC0qL97atPO5oarSbaw7f y97MlafCasmcQanjypICUfSY_nC3VlRSeka3bhepKieC7iySER4fuRPPC-cSaxvEp f68xJuN2YHX9dWXQeneeA_k_1FpnV4r4LfmJh3Vup-7ZRVivgVJNzrVddUgEtEd5K 7pgJ3mAzGFiDMwEKSy72eDJPsc62hj9mSfJS6Eo4segBOtTS6t5Ocsf-Fzr1AjHWI 7O0To-YJN5Pp_thcvLAnCevjCKCuervAna8h4VXXuC08rDuUZIrsYG6Fj2s28FzHH xsP4OkP_DdhGpVlkfIqz9SDeYE7a_lr4OgJWEQapg_5qrYElYlsI8aUsJF_QSub2M X3LUzOhm5xD4n_93iHWr8AN0zPL_nMKfvonFZg66YlgqGgeMrhenDzI3nRQqeSlST CK3LtMqRyGINIeGiv_h3fwAm5kz5LtzkI-vMttaglQS2eQDBuNP9eTkR9rYktCnvh s0XuxXIZJrFDe_RQsr3GBT5TBaEaPnmb53DBVQpiz6Qpx8lUrYCVRv4r1WqXkoPSj EDTSnagNv77MqfM6Th5l2uapUXarLCHyxmBQntdpqBcnPP9Aw_ZlHu9NWLeGdM3ju z4Tu46YDBk5vatNVSQZl-wC_Kicm8t6iei_eF7gJOUvWk_VJKjqGpDYZi00-dZCky 4yQcKl2PP_DfWk6s_N44dBTuGoo60fVbJep_j3L4rn7xotxLU77fFHR8281ciZF1i nzZtHRzrNLfG9nMHy1CGE7IA3IpXqGwOKU_dFZLE5I6luASiUvmIIhuZtWOiW4jqy Ifbl-oQGto6UekVIiXMMhZnWufVrqbpSrYckzDwxgGa-0O_ZEi6UQk9V2qbKNsNXC eKaUXkppbbVNKIhqdKeZwABd1Hc7GWT0omkhSha7WAJzFHlvia9fJpDUiTIP29yPo FzyMBPzhYi5YRBtHUpHBoeHdId8t1r9hQtv6m8o81GJ0ISHR9ZeluLVOK3mo-Syzp HcXDlE0vpbJIyk3_sHamLw4gGOucJklhrXPnhSEjfmBrX5tW0uiDy8l2-Yu4_4sh- NTlWovLPK7vYIw-WutpDXs2QIxBp8x2W84HckvagJU-03FIvlqs0mWaB5sNAaM-qI 1_1XzrvkwJ1hz3GiSzpW_p1DfQDhBV-Cw62w0RSgRyO-kpe9SBewOAklJZ0nSLuhe 9Rn8w4f6_WeIdct4rnW7DG-mzwgKjVwCqsmm0muNOP-x-6RX9JcGluXfQ_ze9oOGz ZesdGw6PL2aceuCRizEpZg_AU478pGoX2bmP5tUB9fw0LukY05XxU-j3vrP26LT0D aNluf0h-AjHdVbYykJH2LeC4bCRhjWApzwRdlt0mr9rt62a0DhFGFWiUkNtPpONGt Y0YAY4MX0sr92unxmJJPM8BRwmJ_jHPIZwtbouPXkMBYTObkV0Uwx1mD7EL4WPDEG UymOUjp3Aka2J_j2EByehOxyI99RfgShSDrm9iPj00h_XHoKeplQKLwfr9TdXOP9k z5bleJuCElH6U8MBXcRHpLOk4r8XUsfZzrYuYHEwYPPo_8wP6Ft3jn0OQI28qepfo 6jWe0qHFIAUokZsCJ7Aht5dRw8m5yPNLAPpIFB_QhPNSUlr2eFn_nmNA9osd8Ld1z HuHS3Fkend7DzpolJvv9DUYVLQz25l0SG6pswvGdtc3kjexxQFMxLh1YmdNLhqmB7 tAfGsMJhxYh7Of38QsmyW31d5HAF1TEYWS5xRZqFsiJPLyYrCaQAukHVcOzWM9J-t 02YuqRYM84XPcFwKJN4pdv_y33_Vt5ccKRb7KA7vZ6RxEO89QgyYYSulBRmaPufS- 9AJP4sO4feGLK4KKfu9wr4eDUAhoRTuhdpIRVlTlYIp26--_RdX3CyUkaidwWx7sZ er4BhxjMXxsWVg2RrMZvpWpaLI6tXh1gFjgE6deXSanC3eEqJk2b9-tbQN2rlSdQY N9tozV7Al2aDfaM72lONljjuety4ayAE5fj3no36pdF7Bxxw6Io_5cDtIlpyKdnE1 MzkWUTsgs-y3Rkc03QebbNA5Y8cQiXUUMXaWO66ViHDJeW9tyV3y3ydMwklcGqu4a PAY_kSCSGN_FmJzSkPWrZAv8gheNTADx328132ECp29yftx5wJeYxuHmftM3adYAe rxM0mD91BRTzteBXgvvm84OgOAnj-KfW1ELRzstLZSnmFSC1-9vIRF7Jg10QS7wuf I4tEQU68oFV3njjK3kNni1k7HrvUu5k4fZ2gvZ-AtPzdvL08O1n8m1KSMSuFIydPR wPlkA0j9vgGMn4B55jU5J_nc2UAr-3ZZhO_NNb994mBZatPqjd4dtqO9pMbo0Gh33 PHFlkNbid7SMZnz6wRgnAzqUu6ZekmnNfiBI0T8pnybxE1DnjmV2gS3WhcL9XNpfz tn-XdUPhN4IGqGpPWcV-MeemaJjYUumhjJb-mmdWf9IgPqDGSfHfgRjE7xS4ah3Eh LuMY8Er-vMuYaeFTkJgANoYcZ8TcpzmY4fJG3Dlasjr-VBGVbg1PYSrI3mOg5LAnO ECRhW9EOxYLNPQAV9Sew0o5YJnxFbatv7ZNGuSSeCcOfUwxZA1nBMd2YDBWBL_Rhg bJ34JZSzvVC4g-70Ug8O1WUeQidZO6o0IrrsOys2NxuDSpkpLMg9chVMt-JKgz0We YIaxmrhPvYSWK4GEjccSDEkpYmhrVhYq4fzwZukPIJMxZuhGJ2xH6jf8D1g9Zcaai AByxl-IOVnVfLrdJC1Yu59hnzeZkygxYlFYH3uIOYwM5LZjUfQQnBgw_Gl04Zd1j6 ZF32q8DIJSm-xV4eiW-hLBICLqCfSY5KEHhjc0Wp9_BOHwe3OJ3bh4gst5Jhy47YR -8UczUkF2Ks54wwpYWBWGpUm-Nrf0fJ1iETtFfTaUuOOssGDmcnDuTm8HhEd3y8G5 WRqVZJo1pVfN2tYhGpBo05GDTiRN9TaLTY7oRkE6qmFW3bRB-37Ja9Jwy1jzKcQQo u32xVx9ZXN2DjqikeTfHWeiwBjaveAjGXR-4VdFgfXo3-TzH3vQzuq1VW-xwoK1Kh WGx12e1fLkWkBr0Bts0OZDmZ4l_-ZlPa7oCLd4k-oBTpUXa9e2KoI9KPiZzMZeQXW Woxkm1LwQ5ZKUWZtZMYoOkvG880H7i262k2AIhpzT8a_5FvJoKJ_Cy3rcBNz-3X2z 9ifVkbcr0Xhb4N3RipOM1HLwVRdFB5-_MglKWsx2lnHX7Te3yfTI6BIjEmj0vSgSN ZC3dIsOIHQxUfwXvNSZZ2TPtwiC9O_3NUQdNwXj892XWvqYhDFSyNBXxU6BGDBg58 -LRZZGjrYZnqsyDVHt46dUIWT01her4JJQD-MMRGkO1ndDyvAGIziKfH1aQs-_5SW QaQqZc3yC3sZVvBUzGx9hCJF-DfvBVOErzzEPxC1XGgvsMk-rebf-IZTPg0U0GOpD -_wF-d5p2f6-bPpTC7tPLKyMnG_MEH9VCWIxU4S7UackGBtIQdC1NrWh7TIxcK3cg GeGIssp-jhk3OtglD7gCpKTKddG7U01kQjdTUgjINa_wgPTqk4Om7JEhCBfYncRPC 9Jr1ftZSGE8NlzPRAyYKoi0Ec8cNKX20cGKEL1k3kIVwLNulIdb4vqOc_z7MnVgeJ Quv_6rJw5Mr7j9NH0FQj8EG_uTIlP7U_eb0uGX7A3Hq64QCABgxDqbpxn5hmWA9zW PUqxeQGACXwQ5baQtvM0orpYL1uB3WOFI0OCpjaHT1edcc4_X189ZpiIzPYSKwAoG F9ZyzObnql1HxHWXSsHqHoaNACLsvudKIQAf8Z0eVT67apHJMlUKDaOaD27PS14rK BThyRaRh3ZLPcl5kay880xtHVZkV7ICoC9h8S2AWtYz_OTqPmYyEAIMnLyhPR5fpm DinXsi8J5yyDqYpk3hkDpEiHmUpwIX_cVz07kzobNyMeXKM1E4s9BCkNaXH-UsvGB J-dROAnWUq8nqQl660BXeMUMopToHYnQFhWzU8qKYAtB0Tr5cnvMHKPJwXEFnLIOd _-ugn2VG4BFPefVm2G2HPELuN0-vJr-Mla9KC6_YYk0RReceTtc1Z1UIKZgtw8-NY Z7E1mxCmVUfAnEUqFDhDU4TPu8ry7FmhyubKW9q67KtC-95DfZxyiKD43Iv3T8pgF UMX0S2CRsSD_hUw4-UWFlGLB0pJwHPuCVdbwRcTmr_S8Asrw-Hpr3ORe-7zmz-tnY DRUJKwjP5xyR4VRpcmPPTXJNzjGX_KR_s985zE_AR4CIsV8X2Afvpd2W_D1SK9U7B ICcQRVrzsOoN9iHZKzGObi8EFHuPbbcz-FN--HqjF7-qIjb-D2YqiuXFTefiBkT3C etaRzkYX0AkCyK6bLMfjDwyc_Wmg62zD55nP_QDpqD7YxapbCYWTgVXy1SKvBveCp tFo7fmPiv9-BJIQRNVb0gcepaiM0jgYfFEkvMGtmdVwA3LhXys0bzpBlh_iWh6FOR 796LzZgMaEOzKbQwqQjGJj7wb89v6Ehh9LIqfRXkQrd54N7bcp8t_sDK-6i-xkaGD gYAnUaV--CWL8_t11mBD35fd-v0m2R_c-bowVzdv-jEAeHsV_698X3ALeBF5F6Qzj WpXNWuyuzb1Cy7mU9vz3VmLGQXTedEQ9tyTvvNdUMXmA7K02FTsGox0W3KPQfnCi8 6gFBBeJGo6N57POcEg6hsmTCDU_5r_FMXFqcQ5kC6rAhc2wzOWqAxwWEFF4N8Z12x SegGJYTKBMJwm8NMAtITBWTe1fDSnN6p0wRikFyrg2-X_8oYt8zAuaxq4S8asIX-j 320RHcDk3P7nuxuL78LUcVagXLA_QNnapZtQPaxoiLQJm_7Kj0VMxuLyA6PENvuh2 Ofii_zcmAwf3bWHYbhorjd20vwyvoHDqCLYihn2AWusupsKbFQKpsVTlJJqPw3GJ1 8-BYBQyMrTEIDDbr3KmaX59kVO3M0rKH9lsAN0GUMQqu2NkLufMEhJdwWvC8lamIf gTmCGwSLz8lk_afFTuaTVQJmZhrLeE42SvKqbTBGOo-HgDNVZaZ4jKYfTJI1kQ_86 pmF53dWWs7kzRjD3M5m8hTEAHQVthsaO4jcj_0WuCA4T5dZnTBMJXQezdy45xK-QH i_ccJAbd86gr94QvRChrfXDGkU0d_-c1Z36dfHpa5aVQJOQq9Q6IxEK5iiS_JyNTL plNVJK3pZzXz3H-7AgWEBSeEcFrW2eez82oo5aPppxcuojuYgMdhfr0wWFe5Ay731 q8ld5UA0BWenS5d6afMvmJwy1EIoj8km0_51km3e717BDQLFZ6Y9UIuI9bb2SHNf7 Ah3oSCaIAVr00TN0koe4VNe7LzBmjnl3On2Q3wKk3iTwpSanCKlmfNPayoS8wkqVV g17Q8k-sCnxsd3WmFhensg65MpohBY8np0dfsjYue6UNHzk3Ma25wUZZ_DsbQUfNO fXp0vVxcv11EICacgBeEcYen2DADIkSAFqySULpMCllLQT3qo9Q4uFN6lW6dsBuM4 Ds01Fw6K26hbpDosC5YyDVjmfCJCEXMpAAZCxTW6QFQ-QkB3HGSOVOb1dNytXD0-c cF5jfMXFaNBI9YeT-sdLYVO-nxuFctPf4wAId6v6Z1tHlaQL8V-h1UtATQhMcK65P rZrhR_GzqSrv9W-nE3IMeKyrZBVLqX4QtaeTGF4hQPENSVic5D-gF_-4ciYI4QWkW fABVPlkTKUrUyP0f1P5gjW7_I0lRKkWkrIoNLRFuYVIYxJmC7Ef6eTi1ZBiIGkotG Abz59G8tdmTKyGcobMI4eXD4flegFanv2ic4F0FTVMtzkRMvMyX8kFFny-5CNBl7r PCjLd9KgahIOGqz23fqk2Pkc3TJolZrLbOEO5JF6nRBwProCBP0ZQZF2VkConwCzL 2tZLt89dTYT48xnq6o4ine-gFJfAkBtIjTl-wqpY-1LmFn9nY5Ln_VmhOKZR4UbOP sKnu3EI0qh2XJkTtjmovvzRxf1AyX2reOeiyg3AGxBVaKAiUqhuCLt0S4u9HN27J8 HNllgZrLFvzIId7xu6S5lRrU4G3JqBcwtvVycJ7OkUV-s7ZXPlrR5xKhRREAhzCur sSpO20xhl88-ko8W1jHyjMFG7Bm53ys1scxA-TRFK37eiLZzGhkWgO8IFbKV5QfaF gNZ_RR24FydKi9ym2K_xDJ0eTgfNFFbvr4A2HARgnPrxLT8N1st_9cUlyTs-ARqXA OC71a6nf4oSXzW7UIjQA1SR8DBkAcKo1bDvoLVrGFmBYtsEQyuJ7MdO8Rc3r8az7Q YTzyxx-DJ_TcQ8fYHXtnabs9k50Tf6pNmNBcIqNdokhjag4cqBYUB7HlBjmdn0X9H rq8e884a7UnfUjZa9xcP__BpR6SyDxpS4fCVM_LUQFO4myk3Bzdzroh6rrgZq5Vhk F3g0kbjd6mn25agaLme1nB6j2UF9q0mc-TeraEsNtgm21cn7spOv_fSgiLfv5gYVP bi1ZBZCmbRL1soLhuZhTM8s70fOf1FguM74jZljJrFMkAX6f0nKup9B6fG2srRV25 7_61i_NpqONpzgupWRIJH4rciJ3th3Fn80YVY7kBIQNn8skCLV5MSztNym2F2Amum ncnX6QAXEU3qM3pzKe8WazYEYn8HiqYsX77p_AADVAKl6rXLxKCOOukf_RM9Boowc NC3o7QWpO5fslaOqRVldaLcYUXM9aW2A7PXte4XRr7ko7NBAnWjxefjysemZ8zVjK fpCoAZEWTYjQ5ljwYw5lFtRb-YGE9pfa8GI-vOUKdDib_TOpVK-TU0OlYSTgdCuMZ -ggfg9bTiU-05JilmGVwJmAWynGq3kutyJu0sGPsmzft2lrnGF8aptNt7-A5z1KUj atRsdBiWIsMt6KyrxSVic9lqpLKBK_OOUYxkjW0iw8bCqsxZWrk9ygckHJyTYaLFk WdF5QUtR1CNidOq4IXOJRGYlqGXY2GF0XvYXv4b8ybSidIBNz9_3R7hTBqBtFT6zX NsWhZirFm1Xai3t5Ue1r3DKC2gYv5hlNE1S5yiXv3wOat7-wZNDyr7xcSrYn3rFVr MwncwxbH91SzV9y6sICXvNqAIC3c3yO6KU_f3TOSAPfYhB8acRFsD4xxzPH7BrQvy YvdY6JzawPpXZtolwlCRuDyDMyGafZm4bYSsMdrOSv-BkldSZ4x6f1lxZZPRauaeY RoJiuYKkIiAZla6WrTd4wECnu2fsN9CBiZt5uUWU2bO4R3E7ZTX1Pj1wCIlUewBN_ Tq5phzuW0DoH4Pp3fSEskI8MEhKRO16hPrt7-YqfBUFggInnttIqAX4mINWiJluuL SymjJLoniGOURBfY7lin5UGLhCtxNrKH7FvfezdaUdyXw1ogVm4AVrN9ore4FSFY_ lWq0yKYcg4QRoeqXbxQyWfuMwdBMb7gwRyOVvjhxDAksX8j-4MvUd-6LHUAyQNLx5 21PYjoBpmhZYgG3gEY0iNUrG1bfrilY62Az-LaVaQnpV09qKJYnO0M7-xtCbGkDxX d7LMwINGbxR5KDF4h2QDjXDICDa6htAozjtMexe0FzwDf4ELRKC_WQvD6zZjEudKW S3bBRgPaxyguVX4gZiTp_0VjevJSTWUbnXezwe5Xhf29E70pl_sM63E6-aOLIL2wA LUZBe91q6vey8v-NKmO9lMooi0Ipc_Wh0ZyYEJpncydmIUXHUJacvjtZwGAeSAuJj til2KiqBxMIV3j1gf6hz888bSksVue4G6eUqFMpW_ErV2ElX8HH661H9UKZO6IPEw Xjni4_MvRjMszeY0-hNIL71KGyiWG9O4ideJzIcjqyQbrX5DNr5e05dCrMyK3DxOT Log6Kb_pBWHSILN4VuOF7oZUBSU53sklM2H89dHb0WCRx0SP1aChPqN6lgtz6jXAT -DpIp55MF2NtuuFn5BAXQgo24ABu3nwyWrQ172NbFKnM4vmLEow2JFCqwdYMzF1U9 MOL0l-wn8KahL8lUV-HpgsrWBrTpuI1wj2TK_fenBW_tZJNZJk_8DyfSrz7BqgbCX a1P_-ML8enN1HBKsVhIpYexbvIDQlU4QHg_8pD6ZzNlfjP-Kzgw5jD78BCrQB-KHt 4HmMFevHgQhJzG2bbxLUb4FTDNMeQcPCxq2dXEuhHkYLPvceDh1wOQxd_xIsBwupb ltYODEykEp4x3ey6SOSI9RsadapCoI6ZRq9lb0fpN38W-QsLRm0jAcL6_Ey54oInJ zNxuDAASDqyLmWfMz2bQkjSWWUy3eJuIA0zS0MLv-OMAP73XtNYe4Ky85BeCpy3V3 lslYxTIRnCBAZ7Bj4KO9XaWs2jzC61i-oeWarHl3P20hQwB_wqm1f1RqawBz0SfJi beRVWqcAyHLTCiyoV6gO0za5yATK2QLOHvzUaH7YvYdfw6woG9-yzMfAIeLZYK3Bu 8FA9n0HNFiUZJZAhvhit-riGy9kydqakoO-znTRLsjQRNjLEIem-twtYAV7jirJNN uvk_8pWQE-wyPeWOQN6Q-aw1I_lau2kwxm1tyqjbxbVD01eYlDG1Pnb_5B0daBTDH 6mogBotl02KvaH5fkiR12PFll5kpUUFX9qRK6Vc4pok1JpW1YEeICM1rr_wAQMu2M kPtwEwf_cUMLKtvDCNWOboLoyfpfh7Ld9-pPqO5VW8qAhNYrkyXaO9OKG4E1YbKF1 Yy5KDj2VgGnV3In-6RA6Ikkjq_iyJRrEjKhdcoiQBRzGc5Gi5HaWj31ueHScbs_eh coyEIiN7kT9RPpjSvpXNKD3T8LTwhbVI8w2fhNEeaCzKWdYX5xkl8KxyQLaRUNbRj A3iPwbxoGhEJ0G-PX_irwLy3GPSz4YvsZWvKiJQcs5Ea8yhjQ3wsU8mUHBy9BD3ov eKzY0mJQ7sDx1ZvrHxJ3qM7tCXC5nAXuFEcosyHEbiNL1oVyFaEHGZTpK0-SZj2Eb dYAznsfpZSOHStzCoAS0wGynGMMpYNG4HFokSVjqVZZU0_QlisSqLBnI6sQiQ42kx ptaZnSgkW8qBKM2EUe_U2T2yq5OiUQl4il-0S5Idq98VYDl4AI2ZYuHHqwB_GAlO8 5jlpnZthK3w3irCixRiP3n4z-VUutl3HsxtdjZkr2T-FLhRgpmkhvm6uks1geziQW 8NbJVqz2h94zUsnqMAaqqIeZLeO7x4lKTgGuBJeS2WXRgTM3dnoRfowdVRD_T5TZ2 CalQAc5nCswbCOzrMc6jOy0TqXP4tRBnIVn6_nOB5c_Z18MZ97OsF1Z3T9e-LLPqs qiHbN-tx5QoHp1j0hBdHmxn6CqDo2e6PvREN60xQBDq9RDQTa0rSQKnJi3SUN78_d c8Xlk57p2xhss8i_xG70OGHsJw9K8Z93tsNzukNFfzv2pv79jp5E_YSMTJvb2Y8Vn ErPhJgAsGN5KEtPnYqodGE44IJ2LJ6P12FXnZUjdnELi9GWd7Vf1yzN3zM-VuMhF7 RKHJaHeXs0MXiR13GK8eVBnz-x4Eas2i64bPPkMCXe2syYjCIBQidgH8mpkAY9VD4 tclvI2TKD1E_JHi6djEjnPcggZ-XUV68qTNaQCUbmYPxIigIPjjgqhv4_9WxtT2gD MeCg6zA8K8iO3OvXElBPPKfediBp1KH-XUchtmUzj3XTG8bculjRT5qxOdn5lp5_p phjQXVd9gxcGnPj0YXR3KaUl1XAEGzNRjMSYRdUzuwjo1GPU2qDuxPm4OFP7T747G QOAlYwtOtIQcUYgLGtBPb93n_oXE-TCVZLFvg2_R7Jd1qJgeOdrAEwSSu2_y1P9DE neh2p8iDTct2S3KutK6XS_UiCgRGE54RLrHgkXnwXz_NyUhdZrg-RBX8nsscf56vp UnX12maBQ9cL0MuBAEn3xZJncDozkzQuBXMg1AsswbK_AONBJ7ame5HN9qX-m18cd P3p_89we66DE-JqZcRfE85QGiVbchl_Qj0ntkhQ2Ha07TqOHuhJVLS7Ev3sfOmuHr q_96GG9XpcYhpBSeMx8nYGiHLXRvRjZaeQJ7lAFu4MerukdaAk1oRyQB7jxK-mfqu UIloGENoAMjfAev3hbpyi9iiU77H0Np1DlPpeMxfMk3rDyZvoUGZ6gAFA6L_SuTxO QBWJOsLFmZ_iGN6cCUMmBKopftgQCUoXoVg-9Z7Mk3ghphG4cmmeQ4pZwJcTTJDgC wwoV45X4GWbBR0pmNVfgx0EzECWeO-czMAkXPqrpQsCGdD-KXSnS0MNWovK4C0lU6 7NTy0jmVzgezBL-WHgFlEZqTssH5XEiPrJPOVE68Wj3T0gP6LY6EjOWqfolRPfvyq 8cjpis9j1Qqxz9QOq2wJqdQ7xxiS2_XF_ckbosKO8N0kXPoSGtI2-gqSmJVySziJG eWHmJgegn35OJfEI18s9X5tJ3SFZCkIwEYsi2_1iIBJqjTBIy3Kp0b1ZtVJYaN0_K jzu4Eq5gC6l5IXV-IT6CUNZ-sUSPTU9sqIADLmQbFAqo938gIpxjJxFh7JljWXG8K LLaaXA-_wKtsKjK72u6rzvw4vnR21kKJHIlX8Dn-FXFtmmeUvBpZZNRqZRogMuV4t OM52snu45MtsabMlmAUoxFHH2jB3Pb22RT-JRH7Jm-sYR1b2h6rAqnXC15SokJJnT WSIDN5XmX9KAvhJ1Wm5tiP7HmWi5zpW_-u_HiR8-TW6zFGdBK_LLNCWHzPbz_q1at 5kvpM5QjwWeFpCvl0RyGEX9YIOIjtvdEedSrCXTLnjEth8aFEd2d1n9gIdU3HZiK7 T0LD3ZIu1fkSq0bKhs5oR2pf6M6hCHbMzCn-6mS-Ep3z5PLbJWIPa6hlfX5lNy0d1 7mnZuvQtoJi9A038yYxu6tmcYBpMPwXNWEodPvCmzsQC3bdezXI8MYhGlILq8JVLk xtnmwb33fq0WTI2qSKm1oMUKhhhTOCo6dJpCpOhTrObhj_FN0iHznNhsV1KVCYDrn 2dbmMKCm2iscQLnS-9Betrx2D9qaOYJUQZ52-MLLufKNS2Cf8jZa55fKGDdxkLb5S gSK4GFfyL2zHyHnCNKhvSRgXJ5GZiN23Q7l7PQi9U1ob-8vryVcvGZowcmOhAYPXl rtOOZZUwhBnlsuGTFnJQUrUPzQJWkwB0_9b28QLUdlLkgQEuuLFYsA_DE1ir_UAKP Qd4f00wNZ85T4PqUOIw7VJIJMNRDZYTivTrCejx8TYTtBN9m1aG-sKmi26pR5PjTI ABlbYLmOeilPoOi6EUEdZu7S34bDhGuS3TQR-nRO6eNMw2SKs-xINf-96geK2xQ0v gADRZlrITylk3rGFX8rV9AutHhP7taoR5zISnlISmv31gXEDgku-qpXxW0Tvm5c2u xX8NBzGDY01nlHetFS8rG__WHOlCYOTzSoGJpS6m_S8l0yU6sIfKA2VuwLuDVjchl DqZ3yC3aNufy4_BK3hmFktOrj6ptbQc7aZpSFWlfdE6x-V6ApaEug_Fh7V8w_oERg JZNJKblhQmbJBUgHH74k3ZnbuIXBODt0mE8IN1rgbwvifrQwjTewLFgrEVviyJ8C1 bBOeXY0PxJwm0rU7qSxmS67ONcOMykOdk2VvxUE2cx-c2lSXf_te_wVmYIpD0W33U wTu36tk0gw7frFO_9HChw51F3e0xa7F7ZuoJ8OQ7RqHeSc3j1vjkGgTa6Vr2hRye3 q2_4rR4hUKYACuKNarBVCXKi9RV25U9HPaja41c0dBswgIvHLgVTpa_aAt7rO8DgW ivHC4q_sVx0qTZlpsTtcUKeVPJupP6SJMpckjfC-aCmEcZsTeLa_Nvd0ryUDe9tQP mH6LfI-qWIuz3HrBw5TADnvT0jclPqqF4PolhnXvdcEdCUtsY-2XPYAVe0uxtZtsE oHKIUAYh2psn7PAXOWWQP-e_H8faYMatxOgPxutJTPtbzp41h3Y2jH-BGAWG5uMGU BaTmhT5wqXODBaWwGTw_TIt1fFwfosekhUyTfmA1fuFVBGwELdvDciZN_-2n7IA9l vd0eV0pSDF93XHtCYCHiIz4QrPLJojv-Fa2skFFC2TO_ElnNdLrHdzdoxSe9hZRf3 -ZoVkm7rKy88G8xuWe-Y5aMIj-fnMAnyc26x49wsmNSvfwjEpuV5D4uz8E--cQu4r zXLm2KZsKf0WG0S7kk4sDfm9dw-6RFKs4LU6ZTI5DnV8a-XIul-5Rq-SvesccylK7 jrVy8XLXzn6lBl3XHFicmqxjzeiRytf1S_BnpE_G0ZHlMg5kyRGTMXun0DP6VdPw_ O2GwoWH0Srj1xwGUALXmjKwU41YZnuJK3d2rgBcCAY2iSWDlnsSFKPL2uNgIei5hO VhMZMEFF3oJEY2A3kJsDSO2ENnmNVTS0KKXqvVprx7MkgqMMPzujBGnPYhhjQ_OHW 9yOJi80qN2TQNOIykw5QOkfDwnZ1mYdXdWJccYjemFii6RJ7RMriHUyVPX_nm2ps4 0uA-B7Rz6QlwNQplF1WfCDPu5d1bGtnGz7U7JgSZbUHpsbI5U9wwpNKA5I-h_wY7v dtrEpgJPTyoFkVryAYAmMbEwNnhhWiOwc3h1XvOqe_e3O4vCoUdHG9UAdnw_PjecT UCpYVxWaB47anLn5pUaw0yeAP4XqK_LnDak5tucjCjqJs1QGpxW5aMDC_v3k45WRq vLnENDUoBrgzbLdeyqR7xfATMwiGGEiLNiw3yK2b5pF89clJbA2482Qt8vH0JeaOl p0LT6liwLTzYzhfn6js6cnM-Hq3-lp-zYSHVj3Feo5iFQCjBNJ3TDJdvpy8FyYVDx xZl2ZlDePFxviXlRFl2A1mbB9YiZ12d0dkc9xtT4KiMH9HdORWAWd-4HLaqZ5JkFi a0CXLsNZqsJz3G67kbnPChmZXKUCWGiht0p-ZIuv_dG55gqSiKaXXPFGrkCH9TIog -D7sf6v-FPcVkELvjYsQxjn5JgABnt6bAs0ouzQkodAAKOfTQ3BzlPdUsTobjXaZA u87RJfyBx8IMGOqZL453axVivi0pMRC_ItVW7w-hR61SHG57LHaXsestA_u6fCX4S G1wi-sd4KIZ6vGLXx24DPCYvNMBYINZLklPKOqxIG1R5tC6te5M-pmbrnAw_CPnTj deGJi2GGSG5G0ZIsCxsugPaZjc-x_lqcToDNWbYB16R2KZmGDk2VbdEuR_cEGdDzw 7BgIjEGsJwCC6hb1NV49W4foddXeglmcoQENQsJKeyWjbVQyZmQeAn03C-4sj6b_P cBfqUIFKeA0NMsQ1NatrjkTjcmSYiD2_0c0PcmbHlCTqMX0bilrlNocDs35r-iTZI jkxrc22ycKnJr5l8ZPO6V2gvOu2jrNtqx9xgM8N0j_qXhh475IAOo54D-Yjf4RCfr Y1MGKka0yYCZCVpTJdOeWF1OrpVf1k9Fb_v7-C0qSpCjo9iUgfjpT5oKwOmi0its- INCvMycyclxUUiLP64bnZrl7ZHXq7FEmHsj0iFs2h0dVzCESeqVEoVHq_epjnBhzX GQWpKoQ4_yP79kbpP890oBlaYz13lCd-Zkbc0b8IqhMh0VZWqJsXccQfC_LtqnMkD xL2ecXykncUT1u9FFiifn4wjdymr56SmFVhiFjRk_lZJg310SjoCTypPiiKolqz4T o-zV3EfN-lkm7wyxVfIrLjwSomavsvZ7lN1mL-g0225tYFcG7aMp85gmO2xz3BKFx lVc5s5MB8ObIjEPQzM0iFU7TqDtiqRzVpZFy2slQYZ5ej4MyvI3iaBT-X1cJtpZEJ EW0SA7N90dH2sCUB8Uag9OsZTinhW0gI-zzH1CFTUxoS7XeEVlruf4pwkxYghMJjV RQqOgqjppUko4vRCByYMQd78f4kKDnNpj6bWyPe5vPA-9pv4TD-dwVgxZ2trmiez9 0RFwB9qAsTfi1gIq2VimmZtFu4Bj4Z4l0VoJ21FUde360HpEU1hGRij7fS54OHP9- kfo1UfZAH5SKM-YKxhP7kUCl8FAk8qKg2xrAJAoVVN-7TXlHDaLM0VCG7cvFk0pPa tiWFmcCNQDjS-4dLz7oeX-QZ1jw4QGd3LWQo1F_tw_qOfI7_XVk7tCGDh8poik1Jw sde6iCDxTg47dxsJNL8Q6L9sY5zBnMcmH2ZOnWfdojWQLm-IKvfbNCoaJQAk2VD8S B-cDAvxWzh6-f4CPPqf8aD-8TUnKuNyuZTovRkgJPX_Uuvvi6h1Ga9Z0JcNxFfPi8 EfBfONMZ0L8a4dgBS1fMSBPx7ZMrI1YKrbY9Ysbnx9D-WShZ_cPOGXYKYSq8jMBFs L-EG2Gu2tXwzNhAMd71gMsqlsldQz39v-ID53tNRsujMpYwpbbU9JgJWpiykx1-9h cL6dlbRL8PoxJwU4LphJhQuUdIWFwxYSN3Kr1BmctEpgBHbHgXKuBh4t1uCbrrSKK myhbs63Gph5W-tILs_FrA-co0JkXXhUEPqTe2BeADdp2QlcxiPW0L02sRxKzGB4OD 0fekgjUgHEypbw0MsEo5Xwv8sXwM98mpHh-Y7Yf4SAGB0kApGeagbGCmEJQ1HNyV_ FCd9X5Rpp8f1HohD1RifwB6USwZB6nILCV37c18d5rx43dEEpxDSx2_IT2V3_QVNB IRy8eEOcSccssa80Trq2Cn74E32eE3RHfoRE5Y0ZYr8ISynhHqoMVKU1Lzx1TtE3Y CbRywQuQdf7Wgwv6QIj5sS7PEzPSAJWdjtAb-xn0AOrCkbbuWV38HG6DBqk2CpOle 5U0qlArv6PyiToTyig94JEfX-_4olpmlR8E7ckxtEbdE3s_bOPycm7BSBSr84Ho1_ EVUfR2m6DjAxMeHOn4bE5kwx5kFo3H0Ps3qN0rAnMAQpuCLB5tj47oiG3dSy5PygT yeHe0yuS-OArBTVAXPOSmldAeepJqBpZMqhlE8PAviaLrtYVa8xMO8pEu4JKcjTXO 6tA675ALk_SudmgpjREbKuTR_T71igawG6Eic-ouuEcNTItMYWj7AYxgU7ZiAO4NZ vy9Bq7ayk3w-8CCTJtaXR9g9CYGOENvM0Ht53E0wovS4BeRTCOy31TQ8N4-O7vCzo rXyOC-c-UEoQI-qwYU5Tm8dEDCJ9ndQpPrXjlHTmG85RrWzkf7ByswledQ411sZFB StOEdakWb4a8SC1LCeJIPuNIgcYxI3OjmGoTj5xbH1P2jV1-DU8jva-59fKR8jos_ zmFbd8lkXnlvbJbnX-HKNyLaTXt6mIzqd8tU5ECPNOmssb9nDKQRUJHScqgL0oS-e nXSyF06pyBh4-9xvLxvLvI_3L7SaVSDDI7PipVryF8kgFG1iCvmw4WV4VeZ-7mLCK gLkcigtWphntrAqqcEuCAGmMOL23qaoCL8tbMPibSXLHu_PLpmxK2RiJmdPzh1e09 _07GfYAVu-s9-gq6dYrplOSfM1RVkwXDDe2Y4E4TkypzYnk-L3z2L21yMI-almqM6 jgHBcDAB_6lRu__TCRqHNyaTTxFn9hlOrCppBP3Xd56LBRQ0KDWbeoIE-VTgDx4mC zi18u25tbrIU2_1J_X7Be2VI6pJ3xdxSQIQYsJMFPXLDLNi0Kvrqk6qQ9G8h_8-1d 5TGLsfskVYRb-RpMlMMQHGwgbMmKDbi9PQGBdbv6hgXT7yNZS5BRcvcUsBkd7eI5_ k3y7nk8YdvJXLCl8qNUEflmwSMJ2r_s-BbVMvwrrCIrsJocB1ejxbcch25O3qxf0c kAjBVyLgmgC8MlKirkyJF4O8-1NzF3RDLBAFsPD1EdwN4TL7TPeDmB5BL2joYdK_- g9w4AKsMB-wyDTfb8siaSEaWXDO5sYGbw86hNSXio4g9gMRCdwJTNU1n_3-XkpUAB OYSK2qzbMeyrAAIQr6lw44jLqxG8QwKuLE6RjFPlYfDuxZW1_hwY3gsmcb7aM05pN FrB0EhvG5SI9SIWyxCt0UMEEyooBCRdu_nOJD44UqTKA7LR65_P49kYBa4igWj-TP EWeFbGV5-JM9qDAcjV1gXhSQdFGcnrBifUwCXFdJiGNecnKoapRzozfIWcS-VEKgX n9HB_LWhkra5OX1pBIQGiBooLC9B-PeCPL-mJEjUTMQryRdXjnqigkblTD05brHXk eg-n4jnejD0dG1v6WMW_oUWgvg9iucP92VehS-koOrsC4ZlMgzwleKC131xfwxL7c cBR002eQXUQR4542ZuOub0uEOVFcn7UI3-7pS0rSn5A1DqP225oyITcNOgT1PF8G5 _yUXKBAPFZfq3QwlLrP1NBoOKUInhYARZioL4euZb8loVA9Hd68G1ZSIP1Kq28X2J NSpZ9ScawuN1rwjggk_3CaeaEOmNzIU15kFhCYk5-bhMFwusYq6mvDKoHmbC2l71D e3-FF-WGU3Gj9mYDZ36h1T6qbzrUP5XLb6In_vgIo0o9DJY0KGm81AoYO2oVY8RBT 7QJHMfR5_GfwNJCF3raap7vorJ20dOr8NXK5d6yDbX3r2AA8mlXG7YQUKNpiGwFuv O5rkynAQVHDfJ8LgNfHmCKflO80o4HvE5lNhNsgb80nUMU0o8DjzNU-u-XCaAm4oN qSvgRl6Ua1tl5BCOp6rv7Fb6EhbNHanC01yG5vYyNjFPedP35ez-goupFNl2qKvZE ZuFbqr1gI6qqdRbIqFwsdGUCQ-xtjf3_aUobjM3LqOTDvnYOAhwHYB7JHC1Bl0u55 fhKAkv5jw6rvVmg-y33GVSs6jdITzNRjOTYaqy2iOA59Poh0QFvf3IYbg63vrgN10 ATyTs9zTUIsXjuoTrkrg3kSz_4DRcZx2u_NCa4qaIAkbJmTuV-1T9jCRyvud34n-_ MIWRTDOSxa6a5xxhRnWn1Xzl6aU-51vgF6Db3OIw_uoJjs3t_rn6vujcYpysIugyh xjUozTaAZv7vig8eefG21wv9qOv8TQjTpUCGlErRThjel-o4-x4aaZMSa4VKi_kHo kUG0p1QBGcB_zYfEwcPYX0AgR55uyDhnrl1uqBXZrS3vX9-jzX9EOoLxacUsoY_bz TLVLruW6Z-38K6SlW9k70aH35tf1Wrvbny6kAUhncbHzPa463XpWMbLHE_40-LtBk kBY9s7WzkXsa-jAeUZBKQBY_EERwPM54Ea-L4igwThP6I21DQMVAROPiv0buK37ZS TNE1Td-IWXiV1963ROQvkB658Xf_uHJHPi5m7cLDIpEtzH4bJ853XH9uW61GGt_kV O24tqx8l9dteQOm-PqH0yEguULXal2zoI4z62U_Fos_TpH4Zmw-Zw5JVyeTU_vWxj dVPaaZOV80FmUX3nrpf4lJbi912Gnj_1OSqHBl6QVmzkBRNSO-1gnZTyCZ4FEO4yz m3hHadO_DI9-A3GY6Le7kkyRbT7rhXTWVzHacI4Ul0LpcoNBTtBs637meoWoxcoRw ZsPIkUxdZHzj12HP1S8kmu81WK17-GIdzqc4JVR65YyTJo1SJisdPO89pr378s7LJ LLR3Np91UDLdf12zf69z5xXVfHRskeoIG0ljwZWN7IYsmn8Dppc-V0XXVgmREMJ7S DutlqDWhb7JAwP65emDavLUj-SDgV-Dikg1mF_9yT07ftEkVxVoo5V-buvuA3rvLN 03vEgMgOcrXlYZo6wPppiqDWnokNQ3UJ2LFtyGLmS4fkEb-R3pDZgQGSJIChAleMa La6calMfDHhNaxyBPLlV3cqR4IGnHaWsT3_qerOvANSJtWreGcCcmXu3aZw_bGsao lD_GDpF-L4Px13Kl1F607U0SFEC4yvV0qtKZiYnS7CFJDEx6mbuETBBVyaNcGrg5f V1jnkNl0Vr9msC-h2LoXVxKQaTYCTwpTTIRAR3RBNrwLjsgXILcD5mubV5HQGgwJ7 -dmwofkeou9SzSSyJlt3iPAjfgYD2h0w2of8hMSZ6xxPnLv8k0qK3gub1PyHetx2M kAY0DzzHEiunu4CClmpY233-5fJMqAugZj_AEGGX6fenhcHGOYD_dOZpThBc1tn9E Xnb1JGgqecaWhdIkeghjAPzdbizpImHtnSITL56w6cBNmgUfJfR_4k21JVFn17fpM sqmRO0DsRCOZoapVa-xD-5M6yG8F-GQ49HxaoxLAQDe9No5o60QQ_r19zlLK18UVp 7HkBxXIkFDZQqKqBAkxiy_5QZFmf3fLTj1BOdkbgJgOBJo7YkZ7VBSXl3NMgR9ZH2 VQAbbQnKusKBgff8sTRCzz3pfw4eBMkE70WMw9Veb97yx7CDScXG4viZrdi4Xg-2t LaAFL3wTVLf4E5nIIbSt0sU113i-JEH5nDNVnGwvEzQJ5ojH8yijY7juvstRUcdvN TLyukN1QOZE41dumpk-xJAJ3_ZoCwalnpHRsdiNOpw1lwCsCOuanB1gjQEioKvSQ8 ri-Ly5SVpd3lKYxFsmJRXl4I3zOt_mlOUfJHqWYdVh0P_zV0a7iIWlkdh2135XD9Q 35qSM5EUxuqWNXFc_q4fvjXXqAkO_Gli0Tm_C8cLPilVNjt9OJU8eL1Vvs2aztfni 6nSZXZm0lHj4fmZBzPRNCDoarvFavJ6Cv7Qgzb9xHJ3fPsiz4ko7kqjQyRoYKb7pi XEYpvMSugFINvUU0iUeud46eaUSGC8S_AYhWtjleW1OsaU-qQ0gLfuJ50WT3Fh105 TfFTewf7cn9Hj1i3pCps5YWL19pnyb7S5pQ0nK5gm-yI4t5ECHGJXRys2_azQNKxs prV3fFyD6-sy9UUyUxak3ri6xieIEuzv13BFQfYetWyJfSCdD9QjDbPBmSiC-2US8 j1D24aPwscPK7TlAhwM154jXHIkqpUTCbJUIEkCT1lt6hUZ_XR9aI-IfxR37TP6Ky LtoImyJGBGWdwI2Y2wSqA1hRZOoKqjzfK0r1bOqz1FAdCW-wY9vBvqFsg2ycuij7B h9zkHmjMgKIUU82jDoZL-rkT8cyQm9wAL2fYxcR_O5BGrn7xJMjJSapIhIC22FH-O lmX_v5VBLRXzMseG6f919N-2dyL3OStCmFaF4Ypg3SDSS7_0JGSNAT20MK_59q1X8 b4Ei4uiOcLccPCFeUi5pEdvkAAfnVQhS8MV6q6Ks5LUYRROG8n4EZEnl-yO1OVm4Q E_RjyrtYXbf3FQErmhlwrNp1dUWG0ii5PWQmtw_MY4LktRwTbZIF057xL-pe_rVIH VjLW-ZjSKUnLRxGKAVJ5QU42_tuNPZD0n_OjsKGqdiBRSXJ8Cw9Ce9iVQJjH-sKVM T7uvrHkVLhU6OQnxwtah4CPxZTLArKnxf2wrFhMEkVM21lGmbchPgJKSY3kCRfr2E lU8SkSyqc0ZeKGQIwB1nIvTaDpLdifoLbz7MSrUglHJcAxhmw859HcDzOeoVJ9_EJ GNRjeqpYVTd3aXTFY_plndwGHtCwZ4xuLWeKM7QGVNMMJfFM_ehV-voboFo9SVQnk Hp-tPgxxdCnaYvX878TUByxo4F_cJFge0h1f07RHi1BkmxWe4G2d3NlkAxe1SDnDN M1__ewLPUevCWWGIT6Lbh2MvldTSTpuYSnurNTb38TsLCysQ7sXpJEdwUkK7TKLal skZGzggdXrniVbiwxxehQ3Hxu-WJbZigM8Wv3VvNhtTkVyfEYvmytAP-uRO5s326i qwtzPSIPdsPCyxWc20MN4xtgz6nNLG0cyk1RD4GnZmZ0lMarJIbh8bnfhzA_SIK_h s1AoshxgBI1n50GizAnhlL1j-A0VaDgBbJoQtrZLjwwaIc_YLBoOm2QyTg8yWJypb zDvsdsuoeaIPpsn0bjjoflQOPQ-uhn9th0x9N0fm6kvMoHQ_g1oYmfZozAhBXoa3_ k9TJIQVE4B5P9AMufeL6P_WY7Px4LkIxsqHTCF-BRShTvkB1r4QRLwasNI7WK38Nd Bg-LHfgNUFobmCzkjyY0roWESOMF-d4xVcx60INS5-NZqGoU8G_R2OR0E5VueR8um oLXKC1-NdNlRul3n47LV3RzjPy0csPObeF5Oal1Ci-Zsnu55jZZIE1H4hs_8M2_Ot LEfNt9TyDd-1GT4K4pDMAyywv1QEr2GcJNmVNTGU9CYtVTgLYu0cdK7gaDDhDhpnA 0UzDiGqEd3QMxH71O9U-tqdmRkZLRQAhrbLYP-OroVeF7-BRmsZN2uwM4DMk1MTD6 laptASMNd-MzO10PVigBS86OcDkVVmu5aGx0OW3m9DRxSztA4K_yHrPpNBmJQMIbn uYEe7Oe_3w_7rHRxaxRVJkXTQOxTYQSqSAJhI5maVpO6k8y5I2oEZTITHIiUUEcnl tQNZ0iDR5qCl5sQZPbTi59yjI5zF1c7uFdqJq0gBduILVqEzlzj20CuLaOaXWIQXu FTygNsxVvrJSUCAZx0EhDnAmmVVWujTx5y8JtX1Cq1VynX2-qzYBOYHHZbAUAAr9p 7IYfy6dK8xsxiMIOGvDxCDj3p1vLYdSvm4TlilEnqUiGv8QZwG2cdVbKac5kXR8UH rVDg2v4MNq7WCX7jR5DhPvQO1vA6Oeeh8KGbQ8yeqBC2IiFMtxJww6bmlxM61fGWs VN5utWW4xu7VzR5wlIAyvib3oMwPW31nw4VgJOroALbpuhWa4c1fYvZeA7bl0ERv8 jRYF6C-GDG1CB8e3zeUR6lNdT5MAY7sViw2St7tt5l5b7jdMucI81KoDEkPVKgwTG bKVSFKzt5lUf1J5TKShJ1fGjwu_33WR22JHH9BUXu9g5cgm602fAxik1fU539t_8n 8s49URAuVwiVNBuiOw1xTh_Ad2Xph9HYtM1wsiRfHYAm-qM19enqZUYCDrsQ4YFaQ z-0tb9sfuORd_vMvXFqh77dRfRK0eC8NB1v-08UNO-8WuUOIhb4DYq8wzq562LBGD RMtFKvBOkgEcv1Z1QGOLPZHOooBtvrSs2G1Hw9fxhqyezMGRCVe5_B0LfRHpfyaVa H-0zgSixNQ3vqm7Y81qdZ9QNTqbl-d8hHTKXiEf_T3Z32qnduzfAtCUjquWYXRl6c h0yNy5demeVMq0EMhaShaV5H3_Fz6siH55NKCQUBT-wGuZVxSBttytsFUBO19ATeV cvIw9bFEc-nmssx_WwmYMFT4SIRPa_mOTXRmt-_xwTD8eCuoEJL25YbC653w2GlBh zF2Ca5d_tH8B-bqy6NkTDr7bMX9CUPbtotA1VFYvYYg2UMKevQs10ZoGAQlDWT8If KH_4-abrhB0THySu5QNRtlUAoOQ_UypSod3PyE9pDTu5TC01iGCxMljmIhMNqcOSH geqfDn25bVfhO2-ljf785hFHbSnBQzwTtnZlX9z_CjDdc5srdtB-kZTlV9hZkrwl3 XsR9tlW5pO-5BBQgWjg9omFo70dlt_kdpo_iv0ggwH2j0019ieULuLSQjf8hO7mc8 acSKAT9eTmsRZLQ6OT8cTG1JWI-nNhQLzG04ysw2Sc8Z1Qr5T94jDl23ohtLRP2kz -STlKKM_Jbkgk1MsEn8Uv-_o_7Pbw2TflOCuS9F3ofaf21ZvkcshLvL06_UV5TG0Q quyLJzKTW00cw24mBe8wm_l9aVtN-DMocoDuEEnS7MWkJ-EKaPDUipYTVok3Vo4tf T1h2t7veTh0vAAjZqfWfumtVXqFiWW3INQ88m80vifErbnMK2wYbm8N-l42cqilux ThmuACNR4-iF0WeZ_dNRLzrjz1XKfYayyKWJgrEuABKunHuMZgDpMYhPwfVer-rJK fyf6Toi_jvqXzYU_J3-BNuTfFTltWELeI7YyMvG43iFar8n_EInfC-cPUrfAst9zj PKFJmUrthGgHL7WxN25VWdk3eX4uaGuuDgsn_fZGCZT1SNdjAFOMxTBxLkBcPgAyS xfIb6tkQ80WGigJxghicDS7Ml2CC_dyY-UcI5qJ1uPcWRmDsABY-qA5Y8oRf2Unfk cUZ2HTkcSw-3e3bNysdTOZZaFDZpyeV0ATOyxerPWaBZ4TeDXKtW8pIqnKVCwiTTM R_pauf24XihHDeK020uNgw1NgIjmixGC17n-sKnEPCCvCipJWs5QhqKOOe7XqiEle g8n6l_EHtvvJ5iPQuwpmTdEu243cQRiuHCC5eIi5okwf7NiIbUkNhN7WecDEfeRWi J_I0HIK0sEOglVROLMF7asrdEAiQfOvDO-LrFXrl1pd12gL7348eIndT9PSmb86xp ki7fhRVmnpndCg6uPWLeQMlnsnZFMjI6kjCH8wz7tlscjQnkDaWMTGt8jzJSWEo2v 09udF71B767PNMjMUvjkF88UWNjZLe-vlPrxIyIIYLqSHn1K_5UIGJ6CbP5vFazPX 5C-queF9VCerX6KM4iEZxNHvcX2lJQdV3nxaFj-14_fUT-WOzPwbNZqXtDN1I6Oys hDzBYzmcLYuYmXl5XYENIdlJPVKWFGKMvry3ybEQrZT12X9-m44vl-SwvRun4N_Xz C7ZZwrgBp_Vz5STEsmMPt9KRVo3WWPELZT0-oDI0qXDFUSpmayzj5uEsMpEnhABUp ZJCMSkImHyjY1Z2hsEBCSokIbmu38baFJJVS2nA4Yu8TC4HRAFC5mxxkdTit9J96k VRAELHnBoD2x7OOkTtJy27CJcRQGpZjtebN4f9BrycRF-kqNQOsBYJaSRtfHKfTRD 4zI2nsAAoC6ftybNtIMZFtLXqIEl0lBvvjHuaD8LaWbrB7vkMxOPMXI8O2Bh9s1V- lWxfu5OJTWCtNaxYpvtqWwFfu3lhGwOVqR4WZi9YR6wlh-aodAEQWiWGmCOa46IAo KWmvS38BJWdCe_ZATU-dmkXXKSgdylfxYj4z0TQCxJxtN4zLmjHA1JTpzcn0NPSRw AZN3ZF7MdW7IGaITVEDXBiYKAVFVIPEt1On3OHTOJg5v7JPv7SXCp3mYTt73M_L_3 gWqvsXw_tchqVuKoPaNxhRFlckLS-pbTdloj6caU3Z4IKvHm_xESmzXTFNq4vgGQy srXQaSt-hVpa5FpiaLhvqqTV9LG2-YVugS6b4-9SP2g753onGdsb3lSSYYgKkStdp HaMUEN76WcBEF9ZF6bYKzLZ-ecS0zsVhuVzKr2QQlxf615ryzzMUiR9dbPxoIUZ-A 18_zZmaXiXl4R-YbVxxbqPeZgrxO19J5KcKUzj47oUgmnmIS_Q_OoPobUcsfEqUv8 sflIzZXQv_5BqHRxc8OHtJmuJuqHNnvnv1z4ObR4PQZJoHv1BjnCLAJSJb_BLZaJQ 89CVi0VK53tpISPVm5zuqxRNspsHUl3d1NJ9vROlp_GNSMrU8qK3g5FvemVXNuk6S Io2w9hxtM7cwGo3cbL4QHkR1WUMLokyGuS2lOJzCmMKwFcjofvPS-uVsxy7rpKuGF -y06uudwhIQD_OMRF1-JNYDZdrWx--0JeFbDEDWMWkdg2td2OXZiK00CXZZ9ParFp 1zMr5CjjsZyHbl0qeMlNFdX2k3_sBypUMTspTwYQiAZRf-otL_qwbroeBlBWxodHm LuAC8-5M_83p0c36zVFiW81q48s_mN0XZodOdjc9fyFdtkUxkzOF-L7ZqX5hjde4C 8hVTZdQmEnEVOSYWy4saweBJU-3Ym6mtPkbTPcCvjiIWgPqBWT-ENNFPmobkuum7f T50tIGQil9OVBDCLB0NjBTSvHhLQ8d7ViqJdlu26cF-WNYLTTFDgcn3OlFucD8MIy deoa7N5Ge4w5WjJF_BwYfFdCfyyxAGKTgzYEOpL0DqspRMNjzRCud3aw2iu1X6OYE 11QpVf6ZTKGcPkuYq3j53MbXBsLeZkvp6yM4TgXChrsqdN6BUUQQfvtwl33wHqUKh Y4PJEy4iso7OX6Ks9IcnTbO6i6DWyWVCq7eAS2243Fu__iEDnzWa_TqAX713V1KKu xpJjDreJULogaH5KHPtmtB3qVZFzxBsm0F9tBz2V-G8AkhgRz4RHPW1YNRE1ybv7J FO4viiKzH8K3b0xyGmn8vWig0sV05jm6h_wYW8glpdmJodDl1uYzeM0o1hs2ukjhF KKcws46Yf3At1hKiXrNaR98HppprHg5vLFk78hWSiL3Kol4PThisCHGQ47DYmX8m8 IFdX61-PB2rwBL77OGa_izVNTPx4-mfABbF2MSMu5Evu_kJ5kJLdd5BuqNXZyihbq QOeXDbKGcRctHx27Gbbsus_l4683HWovnEpARKytbR7DDwYv3fTSuPIma3nKInGrh 9J6RS40d0CtVsTD0b7GWg9V7bufKza6BXsYqap-O6I7lynucdIYvQFxv89IY08PuD F5iMjkxhDGtbc6pFWl_iV7XjFLlXXBYnhfDiTFM8Y3xunGM903dlrWQMLQeuw5Qe0 rX1KYrhG02BhcUYixumcowowp5w4sM22-MTycgmwkm5BJXW8R2xVo7U6vPc3IJ_W5 UOW_Dle_Ogmv6iP7-9QUmu5jSE5-EFVcudWntC7N3_Uy3-peyV_T3_t5dRgWILy6J CnR57BN7RiPzOORjHq69aRCgo-XswMLsv03v55fWzvSy9REsoc9PCIiGdhIxjFElH USZtx0Uees0u-leMA7op4Q_ZPNandkuuDpRaWW9xq4UnFtYf5kQPYeIHn_Rq60uTq k1uPIOq_g-vxEgUz13H91TeWTh4WDSr-1A3e29gSfLyDVcE8OfkRs8byW-GGY1Yyy a4DHhUC1pRnvsmmUZVRhfzngqHpWT1rhliFgrdtjsa7BiiHK-6LMmvis5kOkMpOFv dOn8uefmclYZBILU-Zk8EwTi3e9VOqu2Hm1qA-PLBlU9qXhG5quz4SVNsl_bYBG9u HOFBiLBy5YOnb97CGvWaEmqhzQUBWv4bkYH1IwNPKiwdch0iwJZXXnL2HgcUfllzQ sjUG4e9Bl4RVlnRAwQPb7ijugUuNuM1NlNgyBG7WcBKZv0picRdOCF3uqAGo71Hlc S4J4C5QZ5QWkvXh9rHHMLjTAIJ6hTsPY_Es32nFRyvasRaWzopL3NISOpI28w", {} ]}}¶
6.5. Publication
[Future: Consider eliminating this mechanism entirely and instead using messaging flows. The means of achieving this should become better apparent when the problem of publishing large messages via a pull mechanism is considered.]¶
The Publication mechanism allows content to be published through a Mesh Account and retrieved by means of the EARL mechanism described in Uniform Data Fingerprint [draft-hallambaker-mesh-udf]. This mechanism is used in certain flows supported by the Mesh Device Connection and Contact Exchange functions. There are two operations:¶
Content is published by appending an entry to an account's Publication catalog by means of a Transact operation. The content may then be retrieved by issuing a claim to the account specifying the publication identifier that is authenticated under the value specified in the EARL.¶
Use of the Publication catalog to post content necessarily requires that the content be smaller than the maximum message size imposed by the Mesh Service so that it can be uploaded to the service by means of a Transact transaction.¶
Publication of large data items will require modification of the protocol to support use of a detached message body. Transfer of a detached message body is outside the scope of this document.¶
6.5.1. Claim Transaction
The claim transaction is used to post a claim to a document published by means of an EARL. The claim interaction is used in the Static QR Code connection interaction but MAY be used for other purposes as required by Mesh applications.¶
A claim is made by sending a ClaimRequest
message to the service to which the publication is posted. The service responds with a ClaimRespose
message specifying the success or failure of the claim.¶
A device is preconfigured during manufacture and a Device Description published to the EARL:¶
The client claiming the publication creates a claim message specifying the resource being claimed and the address of the Mesh account making the claim.¶
{ "MessageClaim":{ "MessageId":"NCQB-Q5L2-AFBH-NB7E-FEI7-3QFE-ZONS", "Sender":"alice@example.com", "Recipient":"maker@example.com", "PublicationId":"EBQI-T2FU-LP4G-KIFQ-PMYI-V6XH-PZLB", "ServiceAuthenticate":"ACKX-DTYK-TMVD-T7Q5-FDK6-IJR2-DHNF", "DeviceAuthenticate":"ADZG-TVGE-DPQP-4Q4X-EBD7-PUSQ-JTTO"}}¶
The message is signed by the claimant to make a RequestClaim to the service:¶
{ "ClaimRequest":{ "EnvelopedMessageClaim":[{ "EnvelopeId":"MDH7-B3JK-3KWW-XMRX-3UIS-AVZR-EJR2", "dig":"S512", "ContentMetaData":"ewogICJVbmlxdWVJZCI6ICJOQ1FCLVE1TDItQU ZCSC1OQjdFLUZFSTctM1FGRS1aT05TIiwKICAiTWVzc2FnZVR5cGUiOiAiTWVzc2F nZUNsYWltIiwKICAiY3R5IjogImFwcGxpY2F0aW9uL21tbS9vYmplY3QiLAogICJD cmVhdGVkIjogIjIwMjEtMDktMjBUMTg6MTY6MzlaIn0"}, "ewogICJNZXNzYWdlQ2xhaW0iOiB7CiAgICAiTWVzc2FnZUlkIjogIk5DUU ItUTVMMi1BRkJILU5CN0UtRkVJNy0zUUZFLVpPTlMiLAogICAgIlNlbmRlciI6ICJ hbGljZUBleGFtcGxlLmNvbSIsCiAgICAiUmVjaXBpZW50IjogIm1ha2VyQGV4YW1w bGUuY29tIiwKICAgICJQdWJsaWNhdGlvbklkIjogIkVCUUktVDJGVS1MUDRHLUtJR lEtUE1ZSS1WNlhILVBaTEIiLAogICAgIlNlcnZpY2VBdXRoZW50aWNhdGUiOiAiQU NLWC1EVFlLLVRNVkQtVDdRNS1GREs2LUlKUjItREhORiIsCiAgICAiRGV2aWNlQXV 0aGVudGljYXRlIjogIkFEWkctVFZHRS1EUFFQLTRRNFgtRUJENy1QVVNRLUpUVE8i fX0", { "signatures":[{ "alg":"S512", "kid":"MCUM-SQ35-ZJUQ-TMTK-HB4X-57QQ-YK2Z", "signature":"WmjtRkJpq6QiqLNxY_ljzSrAUO-BzxDqK9yT-HB0 gN1TdLw93Jsj2vkIHsdQOMmVbullSyjK66OAodsKV-DEPP2EUPHA7_iNu6HwHoOaa SJvtUhBaiYirIe8_-ufIpfZfRxZbQdrU7uIsD78Fw8JhBcA"} ], "PayloadDigest":"QeCfPNqPnIgnkZqOk5ocOCmmJUNa5Zj1DqhPE5OS giY_01726xlWNvmn10PwOwdQsuQpgyRxASzsi5z5yRMcwA"} ]}}¶
The publication is found and the claim is accepted, the publication is returned in the response.¶
{ "ClaimResponse":{ "Status":201, "StatusDescription":"Operation completed successfully", "CatalogedPublication":{ "Id":"EBQI-T2FU-LP4G-KIFQ-PMYI-V6XH-PZLB", "Authenticator":"EADT-KVZF-RR6U-D6KP-NRYQ-TAI2-F3AU-4NZL-MBHT -MHOX-SUNE-X7UK-P5WD-Y", "EnvelopedData":[{ "enc":"A256CBC", "kid":"EBQL-DNYM-VM4G-UE4U-4PDF-UWSQ-7ONX", "Salt":"6TNjMCiVgB1PpVNeEaH-iA", "recipients":[{ "kid":"EBQI-T2FU-LP4G-KIFQ-PMYI-V6XH-PZLB", "wmk":"bYJ4W7F-Oa7o5pR50uwdq4GCtF2wX3tgr3zNt2pTk7DB tHyUamIX_g"} ]}, "ZrETLTXinD0jkRoz_OAYlnFRPAFVgVrORZM2qLUfNQts8qSkaTBoOQ2_ CwTcH7htUnMhm8k9JZgfztKvY3ggmN-tf0gKnkY-nUc4UOBW7VXmkXYtnF9iEjtRq taIe0RbmeT5lv4P-1ahs2G2PEm3nqnyygfcfyRn_XJpXgICKGzIQvK2pjNXLHsRJ7 Ef9yQg9tSQR0dk8Js_YaOeQwrP7XCogBCk2XSaPwyo-8fufIfSnbUea5ZcDdglnQy stbj-TKtM9WgNNBxy4BU4jXMZhu2_hPaOXFqYN5hFwr-uZXXi4iHsOg6Xo8qNHZ8H d__86f_1_9XPpggnHXjAFyIjSf7VDo3JR2Mv_lTXExlMfIjYpaclg2r_CmlkBNROu RqZPxKzMbLnSMLd_x1M5JkIO21UDq7wt5_Dm_R1AObLCqJnr5EyTeZ0UV5eqCENOS 9oxLc4It4Y1vy4ZAwXkUVqgsQSV2j2tfOUDFmPtO3qrPuOsUoPViP_Vczxusp1KPm 19vt1-ZG-PcW5KK9HK1lTN9Ym1Xp92hPh_p4S2tDsRtKf1L3EI3wgqWc3Czk5atk8 VoM-Ty4kkYfwVpEp_tUvzq6T5j252NpdE2vZSbHt66yCHVs6XrPMAyYMWTUxLjcRi qEmVI-dFAoFbFUpVFfNN8u56eXfRQ16YG0YTwwsvnO9bFFiMP69Pup-SvcP9Eox7J 76DAtI09IQFt6ohU1RUOHXCDRZPos1kI6T04vrfX_AEfnwDs0XgNk92zKx1KQ6IOo 66HDY2qOFJgDdiES_xC3VjgQHD40D200CjXeVPjsbtBrEBZC9_y0E5fNT8mQb9hVs swheBeYZ0Lwobl2Rm1IfQAcul66Xhxur3f32ZEm7iD_npBi2TnCyp2rLPA88_PDV4 pn1WBqSjB2QCSqi-GagQ-z9h-RbGig2ef_eQ3GdmT_YLVIzEVtsNhFHMWi2BlEUZ7 jN3sS0vE4EBK_v18c9_yUxRunOzX9K4_VBBbBExXznHxydIHhsgDzU8cb5CcjKw0n 6GkpbO4IrdWQPWwCNa8zTB_KlymiY2YykQ7ttd35kKHGVC7EzYGuIEPj-pnPyKmfn oClIruA1CNc5_De4fQ9PeeMnB-xibqoDyMBPxKnfUrHfYgZj1hvgfCFjfcf2Qqslc 5UcUNZh94E6iNX4ScIeio_X2wfEkVUSkU675v6Cy2kH9LJ9LfdinyuPHpzHAqvHAX ePbu8lF1nCMhhrGgY7yD42pnobf5ljgFPxxvrKs8PElKyU-1Ciqb6bAOxNKlHZ9cm ZNstFlnPN-rWggw_n1lcHQDW4mCztdGtD3eevp6RcVlb5wA-5otl30qxqWR8p0Hhx lQo7gExMftfiRHiHzZG2-8OqkYRBlAsDIoGqPaMElEiG-FChvWfEHVNpNqiiWgpXh UfeB_FGjnv0fVT0B2jRcSh7A2s-JO0p9ohizC4E4yCdwY-d6G193vAhCyonQgVtgQ 0rM1oAgXJ3sy65flm5MTRoPtRt2uBFmhza7iW-4IaH5_LLapZ3ry8Fct8-NV55XfE BmLiH_Ga0ASCD7yPb1ylSiMSMfOJ8VkdeUv09A__ZGETUOVxb1oTZ951pbSlwZdf3 VXptUoKvqKzluYQWRv-QBvL2r691cPRMQWUQ2Yhafg4U43An5XhLSwBtt2As_Y06g lZiPmk0wrzkgrrd1eD2e9jJrH3_XKjL2d2FUeRLsNhe0YCqXxYv60VIWookDpDZY0 GQmHa7I_bSRzBwR9QbIa5EafXMND8adCsTMH4cUWKGNwFK00jtSY8igc22NHljSmQ LA_bV2RdUVJ0tU2qnIWFPscpBcpYUh1PvrcSZ4M2ThiOUi193Up5-Y5Ibgz66F0Zw jtWgxCIUiz4oOEXLxmj7NkhLR7EFuWrKrNCUNhRgBDC2tlzwBnudaFeWnG019NeG7 EC7D_osaloz1936fct2l81OKkOeBozPkT6xSpvtNQuTsfVvAFgE-XHRivhcD3DJ9s 4YJpw2-aKqo5fJvS1qwxEQnQQZAbU8yoe7o0DSCBvbVIfZGjS448ksqazhlkE-1kS TB4wqCi5eUJuWDBCx3b1ykUONWLvqPmsIwe_lN4Jxg3RCVEpZBJ39EZ4uIKTmfI02 jwkmNpvbRK52NwTHtYxsf7gRDQf3N7bUxppVsZqay49zW5fOxCHgfcBp9Z8NSw1Mt XNJ-SNKHbTFbpAwc5uvK4M6J30fZyuT1KBGYsmq5mxV-Oj35GOqLYmq9VCB39kvbe uuBDGEp_agvQ7azWUZ3UE-Goir0Vfrx3G0skadYfqPNz88YZzQAp5rNbaZoFgpjqk GibVRjaLM8watr_qClb1HJ4cHS-unDDv3PdFu4qVLlcuhOZduBTRi87f9WgS1XEzA Qlo9M3y2xlzfXurE6ZnFX8JcV5MYx2RmofAl17nduGesNaBNJ8CX-ho2ahJPFUf-P rlIdGPGRzHbCFO4Ol4naqsOv-Ji5jZc2Raz-MPyEc7SyBcdX0Ryd0WUcWZ9ao60qN rc0EufZPmJOE2g1wijQ-UUKKxXI6CX6n4QPy_E8w59XzjYf-IZTNkkOp34hDrhUcT 61ReWo9rinqVGVDz6Ziff3z8YST02yYTaxG1PHoLp_y5j9oGSLovAvx1bWOXvajAx Uedy4GZxfsJr4EA3xZs8ayXilKffV_OEqR5vW32S3-qRY-L0TA_ye42kZ8FHAgvok EzJGl7bCFBgHt7z5sxyjUYPrvpCr5XWfhVY69jzwVBhgrPnaSOQ3m2j4-uxy_lZWD hxe5vrgIMBbhCAgzuTeDJtNdj4cJIuoLhNTJvHh4FyA9ne_b1LWbn_w7nssr0gBN1 WHhz2FnxaFb-v-5TMTaS1kJy4FZUnAENM7ukDG07ND7anOV-6MK6lhX2tccQLI3wC sAzwwrfb6dgV-kS813rTK24DicNvnuKFFxJkQaA0fEUY7XUpnFjdf-k8YrB93zX5o COj-g0ucMrImDMS0-6Wsm8yd8eDUhVx9Zyb7HnCwA8DV0Ob7w" ]}}}¶
The device waiting to be connected uses the PollClaim transaction to receive notification of a claim having been posted.¶
6.5.2. PollClaim Transaction
The PollClaim
transaction is used to discover if a claim has been posted to a published document.¶
When an authenticated, authorized request is made, the service responds with the latest claim posted to the publication.¶
The device in the example above periodically polls the service to which the device description is published to find if a claim has been registered.¶
The PollClaimRequest contains the account to which the document is published and the publication ID:¶
{ "PollClaimRequest":{ "PublicationId":"EBQI-T2FU-LP4G-KIFQ-PMYI-V6XH-PZLB", "TargetAccountAddress":"maker@example.com"}}¶
The response returns the latest claim made as signed message:¶
{ "PollClaimResponse":{ "Status":201, "StatusDescription":"Operation completed successfully", "EnvelopedMessage":[{ "PayloadDigest":"QeCfPNqPnIgnkZqOk5ocOCmmJUNa5Zj1DqhPE5OS giY_01726xlWNvmn10PwOwdQsuQpgyRxASzsi5z5yRMcwA", "EnvelopeId":"MADV-CBSP-N4SR-6JQD-7ONP-P5EP-TZ47", "dig":"S512", "signatures":[{ "alg":"S512", "kid":"MCUM-SQ35-ZJUQ-TMTK-HB4X-57QQ-YK2Z", "signature":"WmjtRkJpq6QiqLNxY_ljzSrAUO-BzxDqK9yT-HB0 gN1TdLw93Jsj2vkIHsdQOMmVbullSyjK66OAodsKV-DEPP2EUPHA7_iNu6HwHoOaa SJvtUhBaiYirIe8_-ufIpfZfRxZbQdrU7uIsD78Fw8JhBcA"} ], "ContentMetaData":"ewogICJVbmlxdWVJZCI6ICJOQ1FCLVE1TDItQU ZCSC1OQjdFLUZFSTctM1FGRS1aT05TIiwKICAiTWVzc2FnZVR5cGUiOiAiTWVzc2F nZUNsYWltIiwKICAiY3R5IjogImFwcGxpY2F0aW9uL21tbS9vYmplY3QiLAogICJD cmVhdGVkIjogIjIwMjEtMDktMjBUMTg6MTY6MzlaIn0", "SequenceInfo":{ "Index":1, "TreePosition":0}, "Received":"2021-09-20T18:16:40Z"}, "ewogICJNZXNzYWdlQ2xhaW0iOiB7CiAgICAiTWVzc2FnZUlkIjogIk5DUU ItUTVMMi1BRkJILU5CN0UtRkVJNy0zUUZFLVpPTlMiLAogICAgIlNlbmRlciI6ICJ hbGljZUBleGFtcGxlLmNvbSIsCiAgICAiUmVjaXBpZW50IjogIm1ha2VyQGV4YW1w bGUuY29tIiwKICAgICJQdWJsaWNhdGlvbklkIjogIkVCUUktVDJGVS1MUDRHLUtJR lEtUE1ZSS1WNlhILVBaTEIiLAogICAgIlNlcnZpY2VBdXRoZW50aWNhdGUiOiAiQU NLWC1EVFlLLVRNVkQtVDdRNS1GREs2LUlKUjItREhORiIsCiAgICAiRGV2aWNlQXV 0aGVudGljYXRlIjogIkFEWkctVFZHRS1EUFFQLTRRNFgtRUJENy1QVVNRLUpUVE8i fX0", {} ]}}¶
6.6. Cryptographic
The Operate transaction is used to perform one or more cryptographic operations using private key material recorded in the Threshold Catalog. Such operations typically represent one part of a threshold key operation divided between the service and a device connected to an account.¶
As with all operations involving the Access catalog, the request MUST meet the authentication criteria specified by the catalog entry. These typically include the request being authenticated by a specific key.Key Agreement¶
CryptographicOperationKeyAgreement
is used to request a threshold key agreement operation on a specified public key.¶
Alice added Bob to groupw@example.com as a member. This resulted in Bob receiving the invitation described in section ??? and the following access entry being added to the Access catalog of the group account:¶
{ "CatalogedAccess":{ "Capability":{ "CapabilityDecryptServiced":{ "Id":"MCPZ-HDVM-PCDX-BRN4-XODS-XA5Z-42H5", "Active":true, "GranteeUdf":"bob@example.com", "EnvelopedKeyShare":[{ "enc":"A256CBC", "kid":"EBQL-ITZG-2R6Q-TMF3-YDDA-3N4T-VM5U", "Salt":"bJ6_c_OfrpkkZZCU-1LtYA", "recipients":[{ "kid":"MCH3-3HJS-A6QP-RRJ5-HORB-3YTB-J4WU", "epk":{ "PublicKeyECDH":{ "crv":"X448", "Public":"wNwbGaju-1ja9t61bMotJABp0H3VWQdML0p dcAz6-k1In8KJo-vFr6EEQup8esye4HlX3B0SNUcA"}}, "wmk":"tYp8TUPingIoHyHsWvfRnpZNlXFesw9jUenfLC0LLj ShzQJlgWfU7g"} ], "ContentMetaData":"ewogICJNZXNzYWdlVHlwZSI6ICJLZXlEYX RhIiwKICAiY3R5IjogImFwcGxpY2F0aW9uL21tbS9vYmplY3QiLAogICJDcmVhdGV kIjogIjIwMjEtMDktMjBUMTg6MTY6MTdaIn0"}, "xw-RW7CvLuJl9zhDJxcbMw2UeTPuVU637VrHpgo3pcAMaOq-pVknNr xDMRFE3MnpSseqwKCepc2_489f3GZLl0unDhPnfrXrFaX4Mu54eEZlLCJ-_6ujksg lfMvvs8_elodspsKfaYbsApw1Qwazfy840AXWJkIFmzt2u43DtpPMhQpDrF46SD6D 1fcZ48gcgZzA66C-ompAfrpF_7gTyjiizK5pGnjfMHObPqNlD3M2xEGDxGD6sQBet kEJZhD9L95Nxbw8bNzm4e0a8Bk--NWyzPL89OICTJrcMUpdb9Hw3NVMWpG0GvneZ- ItdMU44V8SJCaiRznm-Uk0P1d4kqJzGbg4tfaqrVYi4dOLq0sdXQJRe5elNTnceYR bzMF4wqsFjkh7LpaKUsiYNp4dmy4w7N4t9f5hXXw6o6zPk3y5fpCmK6zghcyw3hJJ u-nkANieu0I-xWNei7Pkn6fQKHJaf2l6igdcDC-PPxozKpi44FIMx9tjawkdlvQHA rAefxTiy8uCZWyYhhWZyKk2o8O9LN5jI2bAfHMUAJPp5-SMM0dT-UqTJHnD5PWWaA bPba2EHeQBWq39vLsmQr52GJC_ogtPWO--CEfhZYdDHCgRD96DFdJee9UUspehU2b 6NLhptnz-Z84-lsQL659JPx-AtiYOs8vgzTgtOZRQMNpmeQ4UIwsWVTGhfdEOfAb6 WT1kZKS7jDTRiQfz7JLAgw" ]}}}}¶
The private key (in this case a key share) is encrypted under the service key.¶
To make use of the access entry, a request is made that specifies the key share to be operated on and the public key parameters to perform the agreement with.¶
The request payload:¶
{ "OperateRequest":{ "AccountAddress":"groupw@example.com", "Operations":[{ "CryptographicOperationKeyAgreement":{ "KeyId":"MCPZ-HDVM-PCDX-BRN4-XODS-XA5Z-42H5", "PublicKey":{ "PublicKeyECDH":{ "crv":"X448", "Public":"DdA69XYL5v6HgeNEPLql1dpKqdEwoAlKJEF1AbRqR Fnf1GUqiEm7Bg8jdCFhE6weFkArPQspXzGA"}}}} ]}}¶
The service checks to see if the request is authorized and if so, performs the operation and returns the result:¶
{ "OperateResponse":{ "Status":201, "StatusDescription":"Operation completed successfully", "Results":[{ "CryptographicResultKeyAgreement":{ "KeyAgreement":{ "KeyAgreementECDH":{ "Curve":"X448", "Result":"8ki73pVcpL3IcSt5ocXVHxVeWS-tb6ZPgTU2ZVH_c ltOQeDD2HBesbZWIbsWBhuGyFaNt8H0npqA"}}}} ]}}¶
Future: Currently, the access catalog is encrypted under the service encryption key. It would be better to encrypt the catalog under an encryption key specified by the service during the process of account binding. This would allow a service to assign a unique encryption key to each account and limit access to that key to the hosts servicing that specific account.¶
6.6.2. Threshold Sign
Threshold signature is planned but not currently supported.¶
6.7. Messaging
Mesh Messaging is an asynchronous messaging service that allows exchange of information between devices connected to a Mesh account and between Mesh users.¶
To enable effective abuse mitigation, Mesh Messaging enforces a four-corner communication model in which all outbound and inbound messages pass through a Mesh Service which accredits and authorizes the messages on the user's behalf.¶
The Post transaction is only used to exchange messages between services. The client sends and receives messages through interactions with the outbound and inbound spools of the account.¶
6.7.1. Sender.
To send a message, the client creates the Mesh Message structure, encapsulates it in a DARE Message and appends the message to the Outbound
spool of the account using the Transact operation..¶
The DARE Message MUST be signed under the account signature key.¶
The Mesh Service receiving the message from the user's device MAY attempt immediate retransmission or queue it to be sent at a future time. Mesh Services SHOULD forward messages without undue delay.¶
6.7.2. Outbound Service
The Post transaction forwarding the message to the destination service carries the same payload as the original request but is authenticated by the service forwarding it. This authentication MAY be my means of either profile or ticket authentication.¶
>>>> Unfinished ProtocolPostServiceService¶
[Not Yet Implemented]¶
After the message has been sent, the service updates the message status on the outbound spool.¶
Services SHOULD implement Denial of Service mitigation strategies including limiting the maximum time taken to complete a transaction and refusing connections from clients that engage in patterns of behavior consistent with abuse.¶
The limitation in message size allows Mesh Services to aggressively time out connections that take too long to complete a transaction. A Mesh Service that hosted on a 10Mb/s link should be able to transfer 20 messages a second. If the service is taking more than 5 seconds to complete a transaction, either the source or the destination service is overloaded or the message itself is an attack.¶
Imposing hard constraints on Mesh Service performance requires deployments to scale and apply resources appropriately. If a service is attempting to transfer 100 messages simultaneously and 40% are taking 4 seconds or more, this indicates that the number of simultaneous transfers being attempted should be reduced. Contrawise, if 90% are completed in less than a second, the number of threads allocated to sending outbound messages might be increased.¶
6.7.3. Inbound Service
The inbound service MUST subject inbound messages to Access Control according to the credentials presented in the DARE Message payload.¶
After verifying the signature and checking that the key is properly accredited in accordance with site policy, the service applies authorization controls taking account of:¶
7. Message Interactions
Message interactions are asynchronous interactions that occur between devices connected to the same account or between accounts.¶
All messages are signed by the sender and encrypted under the encryption key of the recipient if this is known to the sender.¶
7.1. Message PIN Interaction
The Message PIN Interaction is used to register and validate PIN codes used to authenticate certain transactions. This interaction allows a PIN code issued by one device to be consumed by another allowing for greater convenience in managing devices or contact exchange.¶
For example, Alice might delegate the PIN code issue privilege to her mobile device without delegating the administration privilege to that device. This would allow Alice to use her mobile device to initiate the connection of a large number of devices to her Mesh as her house is being built and approve them later using her administrative device.¶
Use of the Message PIN interaction is optional. An application that issues a PIN code to authenticate a message MAY store the PIN value within the application without persisting it to external storage.¶
Derivation of the SaltedPin, MessageId and Witness values from their respective inputs is described in the Schema Reference [draft-hallambaker-mesh-schema].¶
7.1.1. Registration
To register a PIN code to an Account
, a device:¶
- Generates the
PIN
code value¶ - Calculates the
SaltedPin
value for the specifiedAction
¶ - Calculates the
PinId
binding the specifiedSaltedPin
to theAccount
.¶ - Creates and signs
MessagePin
containing theSaltedPin
,Action
andAccount
values with theMessageId
valuePinId
.¶ - Appends the
MessagePin
value to theAdministration
Spool of theAccount
.¶
Note that this construction provides limited protection against forgery attacks by a party with access to the MessagePin
. A party with such access can use it to construct the witness value required to authenticate a request.¶
PIN Code values consist of an opaque sequence of octets represented as a UDF nonce value. Codes are presented in canonical UDF form, i.e. Base32 encoding separated into groups of 4 characters. The PIN value is converted to binary form for calculation of the SaltedPin
, thus ensuring that the canonical form of the PIN value is used.¶
7.1.2. Authentication
The PIN Code value is passed out of band to a user who will enter it into a device to authenticate a request made to the issuer.¶
A request that MAY be validated by means of a PIN is a subclass of MessagePinValidated and contains the following fields:¶
- AuthenticatedData
-
A DARE Envelope containing the data that is authenticated.¶
- ClientNonce
-
A nonce value used to prevent certain replay attacks.¶
- PinId
-
Digest value binding the
SaltedPin
to theAccount
.¶ - PinWitness
-
Witness value calculated as KDF (Device.UDF + AccountAddress, ClientNonce)¶
The device uses the PIN code and Action identifier corresponding to the desired request to calculate the SaltedPin
value in the same manner as during registration. This value is then used to calculate the PinId
and PinWitness
values.¶
7.1.3. Validation
The PIN code is validated by performing the steps of:¶
- Calculating the
SaltedPin
value from the PIN code andAction
¶ - Calculating
PinId
fromSaltedPin
andAccount
¶ - Retrieving a
MessagePin
from the Administration spool with theMessageId
PinId
.¶ - Calculating the
PinWitness
value fromSaltedPin
,ClientNonce
andAuthenticatedData
and checking this matches the value specified in the message.¶ - Performing the requested action.¶
- Posting a
Complete
message to theAdministration
Spool of theAccount
marking the PIN code as used.¶
This process can fail at multiple points resulting in different error results:¶
PinInvalid
-
No PIN code is specified, the Pin code indicates an unsupported algorithm or the calculated
PinWitness
does not match the one specified by the request.¶ PinUsed
-
The PIN code has been used previously.¶
PinExpired
-
The PIN code is no longer valid.¶
Note that in the case that an attempt is made to reuse a PIN, it is not automatically the case that the first use of the PIN was the one that was valid and only the second attempt was invalid. Implementations SHOULD alert the user to the attempted re-use so that this possibility can be considered and appropriate action taken.¶
7.1.4. Example
Alice connects a device using a QR code presented by her administrative device.¶
The administration device creates a PIN code and records it to the Local spool. The message specifies the salted pin value used to verify attempts to use the PIN, the action for which it is authorized. Since this PIN has been issued to authorize a device connection, the roles for which the device are authorized as well. This allows the connection request to be accepted without asking for further input from the user.¶
{ "MessagePin":{ "MessageId":"AAAR-P66O-KGTI-QY6C-CXIW-OMCV-WQZI", "Account":"alice@example.com", "Expires":"2021-09-21T18:16:18Z", "Automatic":true, "SaltedPin":"ACZI-EF2U-AAIY-R5MY-KXZ6-UYAF-NUSV", "Action":"Device", "Roles":["threshold" ]}}¶
7.2. Completion Interaction
Completion messages are dummy messages that are added to a Mesh Spool to mark a change the status of messages previously posted. Any message that is in the inbound spool and has not been erased or redacted MAY be marked as read
, unread
or deleted
. Any message in the outbound spool MAY be marked as sent
, received
or deleted
.¶
Services MAY erase or redact messages in accordance with local site policy. Since messages are not removed from the spool on being marked deleted, they may be undeleted by marking them as read or unread. Marking a message deleted MAY make it more likely that the message will be removed if the sequence is subsequently purged.¶
After using the PIN code to authenticate connection of a device in the previous example, the corresponding MessagePin is marked as having been used by appending a completion message to the Local spool.¶
{ "MessageComplete":{ "MessageId":"NAHJ-Q4GZ-SL2H-TXDL-55SD-YDY6-EA72", "References":[{ "MessageId":"AAAR-P66O-KGTI-QY6C-CXIW-OMCV-WQZI", "ResponseId":"MB3U-D5WR-CRBE-PM3W-BXKC-WJL7-7QMZ", "Relationship":"Closed"} ]}}¶
The completion message is added to the spool in the same upload transaction that adds the device to the device catalog. This ensures that both operations occur or neither occurs.¶
7.3. Contact Exchange Interaction
The contact exchange interaction is used to support unilateral or mutual exchange of contact information. Contact exchange has three functions in the Mesh:¶
- To exchange public key information to allow encryption of messages sent to and verification of signatures on messages sent from the contact subject.¶
- To exchange contact information allowing use of other communication protocols (e.g. telephone, SMS, xmpp, SMTP, OpenPGP, S/MIME, etc).¶
- To request that the recipient grant privileges to accept certain types of messages from the contact subject.¶
Registration of the subject's contact information in a registry service eliminates the need for the first of these functions but not the other two. To prevent abuse, every Mesh Message is subject to access control and a Mesh service will only accept a message from a sender if there is an entry in the Threshold Catalog of the account that expressly permits delivery of messages of the specified type that are authenticated by an authorized signature key.¶
The communication of unsolicited information afforded by the contact exchange interaction is deliberately limited so that a majority of users can accept contact exchange requests without prior authorization. It is however likely that some users will receive a considerable volume of requests forcing them to require contact requests be authorized through some form of third party accreditation.¶
7.3.1. Remote
The Remote Contact Exchange transaction consists of a sequence of MessageContact
messages sent from the initiator to the responder, responder to the initiator, etc. While there is in principle no limit on the number of messages exchanged, most exchanges will be completed in three exchanges or less:¶
- Initiator to Responder
-
Contains Initiator contact data without authentication context from the exchange.¶
- Responder to Initiator (optional)
-
Contains Responder contact data authenticated under a PIN challenge presented in the previous message.¶
- Initiator to Responder (optional)
-
Contains Initiator contact data authenticated under a PIN challenge presented in the previous message.¶
Each message provides the recipient with additional information which MAY motivate the recipient to provide additional contact information to the sender.¶
{ "MessageContact":{ "MessageId":"NDAP-F3KS-HNFO-7I3L-2ZHA-IGKR-3RGZ", "Sender":"bob@example.com", "Recipient":"alice@example.com", "AuthenticatedData":[{ "dig":"S512", "ContentMetaData":"ewogICJNZXNzYWdlVHlwZSI6ICJDb250YWN0UG Vyc29uIiwKICAiY3R5IjogImFwcGxpY2F0aW9uL21tbS9vYmplY3QiLAogICJDcmV hdGVkIjogIjIwMjEtMDktMjBUMTg6MTY6MTFaIn0"}, "ewogICJDb250YWN0UGVyc29uIjogewogICAgIkFuY2hvcnMiOiBbewogIC AgICAgICJVZGYiOiAiTUJEWi1RUEpOLVM1Q1ItTFVGTy1WUE9RLTVaSzItRU5FNiI sCiAgICAgICAgIlZhbGlkYXRpb24iOiAiU2VsZiJ9XSwKICAgICJOZXR3b3JrQWRk cmVzc2VzIjogW3sKICAgICAgICAiQWRkcmVzcyI6ICJib2JAZXhhbXBsZS5jb20iL AogICAgICAgICJFbnZlbG9wZWRQcm9maWxlQWNjb3VudCI6IFt7CiAgICAgICAgIC AgICJFbnZlbG9wZUlkIjogIk1CRFotUVBKTi1TNUNSLUxVRk8tVlBPUS01WksyLUV ORTYiLAogICAgICAgICAgICAiZGlnIjogIlM1MTIiLAogICAgICAgICAgICAiQ29u dGVudE1ldGFEYXRhIjogImV3b2dJQ0pWYm1seGRXVkpaQ0k2SUNKTlFrUmFMVkZRU 2s0dFV6VkRVaTEKICBNVlVaUExWWlFUMUV0TlZwTE1pMUZUa1UySWl3S0lDQWlUV1 Z6YzJGblpWUjVjR1VpT2lBaVVISnZabWxzWgogIFZWelpYSWlMQW9nSUNKamRIa2l PaUFpWVhCd2JHbGpZWFJwYjI0dmJXMXRMMjlpYW1WamRDSXNDaUFnSWtOCiAgeVpX RjBaV1FpT2lBaU1qQXlNUzB3T1MweU1GUXhPRG94TmpveE1Wb2lmUSJ9LAogICAgI CAgICAgImV3b2dJQ0pRY205bWFXeGxWWE5sY2lJNklIc0tJQ0FnSUNKUWNtOW1hV3 gKICBsVTJsbmJtRjBkWEpsSWpvZ2V3b2dJQ0FnSUNBaVZXUm1Jam9nSWsxQ1JGb3R VVkJLVGkxVE5VTlNMVXhWUgogIGs4dFZsQlBVUzAxV2tzeUxVVk9SVFlpTEFvZ0lD QWdJQ0FpVUhWaWJHbGpVR0Z5WVcxbGRHVnljeUk2SUhzCiAgS0lDQWdJQ0FnSUNBa VVIVmliR2xqUzJWNVJVTkVTQ0k2SUhzS0lDQWdJQ0FnSUNBZ0lDSmpjbllpT2lBaV IKICBXUTBORGdpTEFvZ0lDQWdJQ0FnSUNBZ0lsQjFZbXhwWXlJNklDSlFWemczVkZ STWFrMW9RMFV5VjJsTllucAogIHFlWFJLYmpSNVlYVTFXbkpwWTFkNmJVNUlZbWh4 UjNsR1MzWmZkMmR5Y1dkdUNpQWdialZSTVZObVkyTlFiCiAgM1ZFWDBaa016QlBVa 0U0VjJsQkluMTlmU3dLSUNBZ0lDSkJZMk52ZFc1MFFXUmtjbVZ6Y3lJNklDSmliMk oKICBBWlhoaGJYQnNaUzVqYjIwaUxBb2dJQ0FnSWxObGNuWnBZMlZWWkdZaU9pQWl UVU5hTXkxTk1sQlRMVk5HVwogIEZBdE5FdzJXQzFTUzBkUUxVMUxTa0V0VWpWWFN5 SXNDaUFnSUNBaVFXTmpiM1Z1ZEVWdVkzSjVjSFJwYjI0CiAgaU9pQjdDaUFnSUNBZ 0lDSlZaR1lpT2lBaVRVTkxTUzFUUTA5RUxVUTBOMEl0UjBWTVF5MVBRVFJITFZkSE 4KICAwNHRWVVZLVmlJc0NpQWdJQ0FnSUNKUWRXSnNhV05RWVhKaGJXVjBaWEp6SWp vZ2V3b2dJQ0FnSUNBZ0lDSgogIFFkV0pzYVdOTFpYbEZRMFJJSWpvZ2V3b2dJQ0Fn SUNBZ0lDQWdJbU55ZGlJNklDSllORFE0SWl3S0lDQWdJCiAgQ0FnSUNBZ0lDSlFkV 0pzYVdNaU9pQWlSV1JFUlZabGIwaHFjbWw0ZW1Wd2VGVmFPV2hvWWtKelJ6TjBSRT kKICBuY3pCSmFFOXJaMk5RV1RkNVMySk5OblJ2TkhoWlh3b2dJRmxDTUhGWk4yRkx OblE1VTNWb1EwSllkMUJvWQogIHpBNFFTSjlmWDBzQ2lBZ0lDQWlRV1J0YVc1cGMz UnlZWFJ2Y2xOcFoyNWhkSFZ5WlNJNklIc0tJQ0FnSUNBCiAgZ0lsVmtaaUk2SUNKT lEweFpMVll5VFZBdFdWZEJWaTFETmtoRkxUTkZTa010VHpZMlRpMDJVekl6SWl3S0 kKICBDQWdJQ0FnSWxCMVlteHBZMUJoY21GdFpYUmxjbk1pT2lCN0NpQWdJQ0FnSUN BZ0lsQjFZbXhwWTB0bGVVVgogIERSRWdpT2lCN0NpQWdJQ0FnSUNBZ0lDQWlZM0oy SWpvZ0lrVmtORFE0SWl3S0lDQWdJQ0FnSUNBZ0lDSlFkCiAgV0pzYVdNaU9pQWlaa 1JTVldoMVNETTROR3cyU0hseVkxUkxZblJpV0cxa1kxRjJNREY2YWxaaWVUVllXVz AKICAxZGpCbU9TMXhVVFYyYkhJd2NRb2dJRUZxYWxGeE0wZ3pSbTlqTUVaTlVXSk9 ZakJUZUcxblFTSjlmWDBzQwogIGlBZ0lDQWlRV05qYjNWdWRFRjFkR2hsYm5ScFky RjBhVzl1SWpvZ2V3b2dJQ0FnSUNBaVZXUm1Jam9nSWsxCiAgRFRWa3RORWcxTnkxU lJFMUhMVmt5VmxZdFJqSkpTUzFXUlVoT0xUUlRSbFVpTEFvZ0lDQWdJQ0FpVUhWaW IKICBHbGpVR0Z5WVcxbGRHVnljeUk2SUhzS0lDQWdJQ0FnSUNBaVVIVmliR2xqUzJ WNVJVTkVTQ0k2SUhzS0lDQQogIGdJQ0FnSUNBZ0lDSmpjbllpT2lBaVdEUTBPQ0lz Q2lBZ0lDQWdJQ0FnSUNBaVVIVmliR2xqSWpvZ0luUnZiCiAgR05mV0haTVNEVjZPR 3BaTVRGUmNqQnFTM1JmVHpaRmRYQmpaa2RtTTBsWWJWTldXa1ZGVlhodFVGUnBjME YKICBIV1Y4S0lDQk5ibWhUYmtVd2VHWnlVRVZFUjBGNmIxZFNVa2N3T0VFaWZYMTl MQW9nSUNBZ0lrRmpZMjkxYgogIG5SVGFXZHVZWFIxY21VaU9pQjdDaUFnSUNBZ0lD SlZaR1lpT2lBaVRVUkJNaTFXU2s5UkxVaEtRa0V0Umt0CiAgUFFTMHpTbEJTTFZKW lNsTXRWMVEyUWlJc0NpQWdJQ0FnSUNKUWRXSnNhV05RWVhKaGJXVjBaWEp6SWpvZ2 UKICB3b2dJQ0FnSUNBZ0lDSlFkV0pzYVdOTFpYbEZRMFJJSWpvZ2V3b2dJQ0FnSUN BZ0lDQWdJbU55ZGlJNklDSgogIEZaRFEwT0NJc0NpQWdJQ0FnSUNBZ0lDQWlVSFZp Ykdsaklqb2dJbmg0V1hSbVNUWlBWblV0ZW1WUGFFVnhlCiAgRGsxU0hkUFoxUlVUM WxuY0V0b1JsQnBaM2RLV1ZKcWFXaFRiemMwUnpOaVFWQUtJQ0I2VTJSMFdIUk5aRX QKICBZVUhwSWRUbFhORlkxWDNaNU5rRWlmWDE5ZlgwIiwKICAgICAgICAgIHsKICA gICAgICAgICAgInNpZ25hdHVyZXMiOiBbewogICAgICAgICAgICAgICAgImFsZyI6 ICJTNTEyIiwKICAgICAgICAgICAgICAgICJraWQiOiAiTUJEWi1RUEpOLVM1Q1ItT FVGTy1WUE9RLTVaSzItRU5FNiIsCiAgICAgICAgICAgICAgICAic2lnbmF0dXJlIj ogIk5hNG1Id3Q4Wi1lNkRqUWdLN2NBSWFpR2Jldlk1cjU1T1QtMjBZM2V3OHY2anh IN0kKICAzWmptclpBU1NlQXNKcm5pRHdJaWQycEhNU0FBRGp3YmtlVVAtTTMzNjJY VGF0WElxTGFUYmp6WTI3aWpHUAogIEtZQXFjTGlBalpNcUlmVW5Yb3phSUI4V1hyR lh5UVFqZGJFcFh0d2tBIn1dLAogICAgICAgICAgICAiUGF5bG9hZERpZ2VzdCI6IC JPVHJJbWtBbjJ0ajVDMXJyNHBQTEtTUWhvSWJXUWt0eTg5UlNuTS1qQ1M2aUUKICA tS1dKRmN1ZThSRUZhMlo4bGxxbEdjVWUyUXNIR3dIcTNPMnFYeFB0ZyJ9XSwKICAg ICAgICAiUHJvdG9jb2xzIjogW3sKICAgICAgICAgICAgIlByb3RvY29sIjogIm1tb SJ9XX1dfX0", { "signatures":[{ "alg":"S512", "kid":"MDA2-VJOQ-HJBA-FKOA-3JPR-RYJS-WT6B", "signature":"W-v3lDGsU3UTItk_uqMIHvmjU8D6Fdy8aW3z1UmC ZsaRlA1tN9mqcnRo8CZZoxeGbGidmpth4pqAtUkgzjR6ZLIYsXuvslTQ3obwLXSKJ -3S85kOuc-WNsFOYNS0HMRTNk0mXjpO2Qowxckrh0jd0ScA"} ], "PayloadDigest":"f-lu2tT6O_b1V2ULswnlqRUbZZ_eBWuq72vdf7vd -ls389x5cjirQZ6I5Y4GStnQke3IMwmnpNAkp8O7fATksA"} ], "Reply":true, "Subject":"alice@example.com", "PIN":"ADN6-CJ3X-KEFJ-BMMU-TKN3-J3JS-73ZA"}}¶
The Mesh Contact Exchange transaction does not provide for validation of the contact information beyond the binding to the Mesh Account Address used to perform the exchange.¶
7.3.2. PIN
Contact exchange requests MAY be authenticated by a PIN code. Initial contact exchange requests SHOULD include a PIN code value that can be used to authenticate a response (if given). PIN codes MAY also be exchanged out of band.¶
A MessageContact
authenticated by means of a PIN code is authenticated as described in the PIN Interaction section above.¶
7.4. Group Invitation
The GroupInvitation
interaction is used to invite a recipient to join a Mesh Group. The interaction is essentially a form of contact exchange except that a sender SHOULD NOT send group invitations unless there is an existing relationship. Thus the 'first trust' issues intrinsic to the contact exchange interaction do not apply.¶
The message specifies the group name and the contact entry for the group. The contact entry includes the CapabilityDecryptServiced
used to decrypt messages sent to the group when combined with information provided by the threshold service for the group.¶
Receipt of a GroupInvitation
message does not require a response.¶
{ "GroupInvitation":{ "MessageId":"NAAD-L4WJ-WCTM-3NOB-R56R-4O76-O3AO", "Sender":"alice@example.com", "Recipient":"bob@example.com", "Contact":{ "ContactPerson":{ "Anchors":[{ "Udf":"MD5F-JZHZ-NAEI-LTUH-RDNE-YH5R-W7FI", "Validation":"Self"} ], "NetworkAddresses":[{ "Address":"groupw@example.com", "EnvelopedProfileAccount":[{ "EnvelopeId":"MD5F-JZHZ-NAEI-LTUH-RDNE-YH5R-W7FI", "dig":"S512", "ContentMetaData":"ewogICJVbmlxdWVJZCI6ICJNRDVGLU paSFotTkFFSS1MVFVILVJETkUtWUg1Ui1XN0ZJIiwKICAiTWVzc2FnZVR5cGUiOiA iUHJvZmlsZUdyb3VwIiwKICAiY3R5IjogImFwcGxpY2F0aW9uL21tbS9vYmplY3Qi LAogICJDcmVhdGVkIjogIjIwMjEtMDktMjBUMTg6MTY6MTZaIn0"}, "ewogICJQcm9maWxlR3JvdXAiOiB7CiAgICAiUHJvZmlsZVNpZ2 5hdHVyZSI6IHsKICAgICAgIlVkZiI6ICJNRDVGLUpaSFotTkFFSS1MVFVILVJETkU tWUg1Ui1XN0ZJIiwKICAgICAgIlB1YmxpY1BhcmFtZXRlcnMiOiB7CiAgICAgICAg IlB1YmxpY0tleUVDREgiOiB7CiAgICAgICAgICAiY3J2IjogIkVkNDQ4IiwKICAgI CAgICAgICJQdWJsaWMiOiAiTGxqOUhyZmhwTXZLRGhWc0V4M0I3Zmg2U3pmMnUwRS 1sZDQ2YVNEeGxmZFl6MFBnQ0k3WAogIGQ3NFV1cmFzMDdieEE1SFl5UElQUnlJQSJ 9fX0sCiAgICAiQWNjb3VudEFkZHJlc3MiOiAiZ3JvdXB3QGV4YW1wbGUuY29tIiwK ICAgICJBY2NvdW50RW5jcnlwdGlvbiI6IHsKICAgICAgIlVkZiI6ICJNQ05ILVpaQ zMtSlVNNC1CRU1ULUVJSE0tQVZUVy1QRURSIiwKICAgICAgIlB1YmxpY1BhcmFtZX RlcnMiOiB7CiAgICAgICAgIlB1YmxpY0tleUVDREgiOiB7CiAgICAgICAgICAiY3J 2IjogIlg0NDgiLAogICAgICAgICAgIlB1YmxpYyI6ICJMU3BQUmI1ZVV2OE82NmFD MW5iQnFERG5ZeTIxY0tFZ25OUEFmOXUteE1RUUl1SEJ6ck9TCiAgYUY2QXdaRVZ6a 2w0R3NlMWpoYlVheXdBIn19fSwKICAgICJBZG1pbmlzdHJhdG9yU2lnbmF0dXJlIj ogewogICAgICAiVWRmIjogIk1DWlQtRVRTRi1QREdXLUxBVEwtRjczQi1PU1NRLUZ TNEIiLAogICAgICAiUHVibGljUGFyYW1ldGVycyI6IHsKICAgICAgICAiUHVibGlj S2V5RUNESCI6IHsKICAgICAgICAgICJjcnYiOiAiRWQ0NDgiLAogICAgICAgICAgI lB1YmxpYyI6ICJCN2trX2ZxNVhQcVZJYURIYl85Vmd1VWRIWXFSckFDaWtxMllXS3 hzOTh3M2NoRnBTLVM4CiAgOGx4OThsQ29VSFF3X3hKVGdZWG1jTFlBIn19fX19", { "signatures":[{ "alg":"S512", "kid":"MD5F-JZHZ-NAEI-LTUH-RDNE-YH5R-W7FI", "signature":"tfrE8RJDJ2v7d8OTOwsc8NGmsPKPVk2l nqLRDr5a9J0na4NN-edwYkgKb3OfBPRo-zHz_WrBsIKAav3yx28G-_Y2hJz02dUTW ySnhKAco2LMYuL3sJeRiN0ob-iytd8AArp-p2DM2iSpP5VbdQoktQgA"} ], "PayloadDigest":"wNDBikTV6DpDsFLzjTMEap2HDzbdb4mp aq70CCrQGkCe2FnMJN5yY_bv6U1zAAU1XKnnJuZKdgkC6tyiAxCcdg"} ], "Protocols":[{ "Protocol":"mmm"} ], "Capabilities":[{ "CapabilityDecryptPartial":{ "Id":"MCNH-ZZC3-JUM4-BEMT-EIHM-AVTW-PEDR", "EnvelopedKeyShare":[{ "enc":"A256CBC", "kid":"EBQG-6BCL-F7KX-JZUA-4VSE-D6UJ-Y3HL", "Salt":"VWhAekk002Mkb6XZnUuUAQ", "recipients":[{ "kid":"MCKI-SCOD-D47B-GELC-OA4G-WG7N-UEJV", "epk":{ "PublicKeyECDH":{ "crv":"X448", "Public":"W6N-91FWVxf5OzSjoasu68NGz kNUN6L5ajUTZQUGr6idoHdljYR4VoeakJ_3tbNekCd8gOvSaNqA"}}, "wmk":"b9t5G_QyPhP2HG9DhEAh6rXR_KKJrENV qRoELseDh7FY-px4FzZfCQ"} ], "ContentMetaData":"ewogICJNZXNzYWdlVHlwZSI6 ICJLZXlEYXRhIiwKICAiY3R5IjogImFwcGxpY2F0aW9uL21tbS9vYmplY3QiLAogI CJDcmVhdGVkIjogIjIwMjEtMDktMjBUMTg6MTY6MTdaIn0"}, "TEiOU1Tb3ofuVFTj1VgkKg3nC_LLdB38JN70_GbYkBnH ZsL4FFCmwMCrh7UCw88RJk7dyxcKpCW_SN9MENzUFjM1zJpSvwgYu5Udiy-gFYi7B chUlBwwf9yX_4UjlNM5-BezyxD8cM3oYTHlEAGfXg8loYAZ4D7DV562jAgQbJ_Pc- TVAO91YnLhk86AMaCyDKg0F76rF6ExiZeUY9MgTXlKryvNF6oPRIzXPe09SkyaXu5 9KzSo4vML3ZDtpAKdbuqTGQaQ-f0l-ZSFDqIu1tOXSRU5AQR13ePU3VTbowXY9c8r mLQFk3Z0m27LB2knJ5973hirNFGoaj1zxT4RC4bStyp8wmtGtWsle5OvTPzF-GW7W ye0f3F5NAWPjYzX3KSiO6HfWjSqQp7uy0xBngJU5oj1CENcpFtnZ5tiZPtIF2-uSy Brxa04Y7SgLjliGyiTqZEiR60EC8_S6PQjvb4GLrOLaVGRxo8IpcbMlOD6d1EEREU cEg8bezF80zL3RIoCsDvpwEuDa9wWMZvdupbmPOIpbT0GLtdsDlIZK_78X9Gjr_eh Fsiq-8qRdeUySue8SIbm8HSCs9YTMACAabwqu0PtalQxc7603IYEzxWeTCvnIwZtC LoFeE27Pt70zTARey6ql6HNJLeP4-P3BSCRSLnC5e31oCiMbAMCQRCcXhF2YGpF1r OK9nw4cNxi_qnYBCdd0_7R7m0IdDPadg" ]}} ]} ]}}}}¶
7.5. Confirmation Interaction
The confirmation interaction consists of a RequestConfirmation
message from the initiator followed by a ResponseConfirmation
from the responder.¶
The RequestConfirmation
message specifies the action that is requested.¶
The ResponseConfirmation
message contains the enveloped RequestConfirmation message signed by the initiator and the disposition of the responder, Accept = true
if the request is accepted and Accept = false
otherwise.¶
The service sends out the following request:¶
{ "RequestConfirmation":{ "MessageId":"NAFH-QPYP-5OAV-WXPX-RCKO-KIKS-RYJG", "Sender":"console@example.com", "Recipient":"alice@example.com", "Text":"start"}}¶
Alice accepts the request and returns the following response:¶
{ "ResponseConfirmation":{ "MessageId":"MBQO-USUV-X27A-CFLD-RXKE-LZMD-GT7T", "Sender":"alice@example.com", "Recipient":"console@example.com", "Request":[{ "EnvelopeId":"MACN-R7IW-JPYU-XLMI-6KPN-5I3W-3WB4", "ContentMetaData":"ewogICJVbmlxdWVJZCI6ICJOQUZILVFQWVAtNU 9BVi1XWFBYLVJDS08tS0lLUy1SWUpHIiwKICAiTWVzc2FnZVR5cGUiOiAiUmVxdWV zdENvbmZpcm1hdGlvbiIsCiAgImN0eSI6ICJhcHBsaWNhdGlvbi9tbW0vb2JqZWN0 IiwKICAiQ3JlYXRlZCI6ICIyMDIxLTA5LTIwVDE4OjE2OjE0WiJ9", "SequenceInfo":{ "Index":4, "TreePosition":6201}, "Received":"2021-09-20T18:16:15Z"}, "ewogICJSZXF1ZXN0Q29uZmlybWF0aW9uIjogewogICAgIk1lc3NhZ2VJZC I6ICJOQUZILVFQWVAtNU9BVi1XWFBYLVJDS08tS0lLUy1SWUpHIiwKICAgICJTZW5 kZXIiOiAiY29uc29sZUBleGFtcGxlLmNvbSIsCiAgICAiUmVjaXBpZW50IjogImFs aWNlQGV4YW1wbGUuY29tIiwKICAgICJUZXh0IjogInN0YXJ0In19", {} ], "Accept":true}}¶
8. Device Connection Interactions
Connection of a device to a Mesh Account combines synchronous and asynchronous elements and therefore uses a combination of Mesh Service Protocol and Mesh Messaging interactions.¶
Four connection interactions are currently defined support connection of devices with different affordances:¶
- Witness Authenticated
-
For connecting devices that provide data entry and display affordances and are connected to a network. The account the device is to be connected to is entered into the device which displays a witness code. This code is then compared with a code displayed on the administration device to authenticate the request, after which both devices can complete the interaction.¶
- PIN Authenticated
-
A variation of the Witness Authenticated interaction in which the connection process is initiated by creating a PIN value which is communicated to the device by some out of band means and used to authenticate the connection request.¶
- Dynamic QR Code (PIN) Authenticated
-
For connecting devices that provide a camera affordance. The user sets the administration device into 'add device' mode, causing a QR code to be displayed. The QR code is scanned by the device being connected after which both devices can complete the interaction. Implementation of this mechanism is identical to the PIN authenticated scheme except that the PIN code is presented to the connecting device by means of a QR code.¶
- Preconfigured (Static QR Code Authenticated)
-
For connecting devices that have been preconfigured with a device profile identified by means of a QR Code containing an EARL. The QR code is scanned by the administration device after which both devices can complete the interaction.¶
Each of these interactions provide strong mutual authentication with minimal user effort.¶
The witness authenticated connection interaction is intended for use in cases in which the device is already connected to a network. The QR code interactions are intended to provide support for acquisition of networking capabilities as part of the connection process. These functions are not currently specified. The Static QR Code Authenticated interaction is intended to support Internet of Things (IoT) devices which provide minimal interaction affordances.¶
In each case, the objectives of the device connection interaction are the same:¶
- Mutually authenticate the onboarding device and the Mesh such that the connection interaction only completes if both sides acquire the authentic profile of the other.¶
- To provision the onboarding device with the Mesh ProfileAccount, and an ActivationDevice and ConnectionDevice record allowing the device to interact as a member of the Mesh with the set of rights specified by the user.¶
- To create a CataloguedDevice record and append it to the Device catalog of the account to allow the device to be managed within that account.¶
- (optional) to acquire networking capabilities to allow the above to be completed.¶
The connection of the device to the Mesh Account is achieved through the creation of the ActivationDevice, ConnectionDevice and CataloguedDevice records described in [draft-hallambaker-mesh-schema]. These are created by the administration device in the third phase of each of the connection interactions described below and acquired by the onboarding device in the fourth phase.¶
8.1. Witness/PIN Authenticated
The witness authenticated, PIN authenticated, and Dynamic QR code interactions all follow a common interaction pattern.¶
The Dynamic QR Code (PIN) Authenticated interaction comprises four phases as follows:¶
- Phase 1: Issue of PIN credential (PIN and Dynamic QR code only)
-
A PIN code is created and registered with the PIN Registration interaction described earlier and transmitted to the user by an out of band communication. In the case of the Dynamic QR code interaction, this is a QR code that is scanned by the connecting device.¶
- Phase 2: Onboarding Device Request to Service
-
The onboarding device creates a RequestConnect message. In the PIN authenticated and Dynamic QR Code interactions, the RequestConnect is authenticated by the Device Authentication key and the PIN issued earlier. In the Witness Authenticated interaction, it is authenticated by the Device Authentication key alone.¶
The onboarding device presents the RequestConnect message to the service by means of a Connect operation to the service servicing the account. This results in the exchange of the account and device profiles and the computation of a witness value from the two profile fingerprints and two nonce values specified by the onboarding device and the service. An AcknowledgeConnection message is posted to the Inbound spool of the account and returned to the connecting device.¶
- Phase 3: Administration Device Acceptance
-
The account holder authenticates RequestConnect message and uses an administrative device to accept or reject the connection request.¶
If the RequestConnect message has been authenticated by a PIN code, the connection request can be accepted automatically without additional user interaction.¶
- Phase 4: Onboarding Device Completion
-
The onboarding device periodically polls the service for acceptance of the request by the administration device using the Complete transaction.¶
The use of the PIN code to authenticate the request message is shown in $$$$.¶
The PIN code MAY be presented to the onboarding device in any format accepted by the device. Administration MAY support presentation of the account address PIN code as a URI code. Administration devices SHOULD support presentation of the account address PIN code as a QR code containing the corresponding URI.¶
8.1.1. Phase 1:
Alice> account pin /threshold PIN=ABYY-TYLH-XENK-57RH-6PMF-MAE2-JU (Expires=2021-09-21T18:16:18Z)¶
The registration of this PIN value was shown earlier in section $$$¶
The URI containing the account address and PIN is:¶
mcu://alice@example.com/ABYY-TYLH-XENK-57RH-6PMF-MAE2-JU¶
8.1.2. Phase 2:
The onboarding device scans the QR code to obtain the account address and PIN code. The PIN code is used to authenticate a connection request:¶
Alice3> device request alice@example.com /pin ^ ABYY-TYLH-XENK-57RH-6PMF-MAE2-JU Device UDF = MBJ4-CDEK-6JA2-WGKY-4C2Z-VSYP-KOFM Witness value = CC5N-J27O-DR3W-WTQI-R3JB-NJZP-745V¶
The device generates a RequestConnect message as follows:¶
{ "RequestConnection":{ "MessageId":"NDYR-FST2-D4V7-7C3Q-QF5R-74TX-NNPC", "AuthenticatedData":[{ "EnvelopeId":"MBJ4-CDEK-6JA2-WGKY-4C2Z-VSYP-KOFM", "dig":"S512", "ContentMetaData":"ewogICJVbmlxdWVJZCI6ICJNQko0LUNERUstNk pBMi1XR0tZLTRDMlotVlNZUC1LT0ZNIiwKICAiTWVzc2FnZVR5cGUiOiAiUHJvZml sZURldmljZSIsCiAgImN0eSI6ICJhcHBsaWNhdGlvbi9tbW0vb2JqZWN0IiwKICAi Q3JlYXRlZCI6ICIyMDIxLTA5LTIwVDE4OjE2OjE4WiJ9"}, "ewogICJQcm9maWxlRGV2aWNlIjogewogICAgIlByb2ZpbGVTaWduYXR1cm UiOiB7CiAgICAgICJVZGYiOiAiTUJKNC1DREVLLTZKQTItV0dLWS00QzJaLVZTWVA tS09GTSIsCiAgICAgICJQdWJsaWNQYXJhbWV0ZXJzIjogewogICAgICAgICJQdWJs aWNLZXlFQ0RIIjogewogICAgICAgICAgImNydiI6ICJFZDQ0OCIsCiAgICAgICAgI CAiUHVibGljIjogImdLTzlPWUVSSFJYYWxqM0JBWUpWTUd0aVhTVkt2Qy14ZEgxTj B4NGhjWWVjZ3ZGeFdEaG8KICBJdVFzUkRtNC1RMGtKV1FGbGFVZXp6RUEifX19LAo gICAgIkVuY3J5cHRpb24iOiB7CiAgICAgICJVZGYiOiAiTURaVS1MVkVRLUZXVkMt WlRaUS01WlZNLUhERlctQ01DUiIsCiAgICAgICJQdWJsaWNQYXJhbWV0ZXJzIjoge wogICAgICAgICJQdWJsaWNLZXlFQ0RIIjogewogICAgICAgICAgImNydiI6ICJYND Q4IiwKICAgICAgICAgICJQdWJsaWMiOiAieUZIaXpKTlplZ2M1d2JUeUlOeXd0LTV MQWd5WTZFRkVWLTRSaG9FMVU0ZXRpYUZ1eTFYaAogIDFNZ2l6a080b1h0NmVMVFpk Rjdqa2NtQSJ9fX0sCiAgICAiU2lnbmF0dXJlIjogewogICAgICAiVWRmIjogIk1CU jMtQ1dRVy1ZWTdTLTQzUUUtTVkySi1JMkI1LUpKWU4iLAogICAgICAiUHVibGljUG FyYW1ldGVycyI6IHsKICAgICAgICAiUHVibGljS2V5RUNESCI6IHsKICAgICAgICA gICJjcnYiOiAiRWQ0NDgiLAogICAgICAgICAgIlB1YmxpYyI6ICJZWDlWWFI5cm1l aVVELXprdkgxcFpWaEt5My1PX1E2Y2dMVF82UmZPZG1qWE9rX0o4UEUzCiAgcm0tV DdXVFZfOVd3RFM5VENQY2tXOWdBIn19fSwKICAgICJBdXRoZW50aWNhdGlvbiI6IH sKICAgICAgIlVkZiI6ICJNQVdULVdXRFEtTFlaQi1CVUVXLUZBVzItUk9PRi1YUTJ IIiwKICAgICAgIlB1YmxpY1BhcmFtZXRlcnMiOiB7CiAgICAgICAgIlB1YmxpY0tl eUVDREgiOiB7CiAgICAgICAgICAiY3J2IjogIlg0NDgiLAogICAgICAgICAgIlB1Y mxpYyI6ICJWcW0zalhvZXpLenBqXzdHOGd3Y3ZhekNoT2EyMm85emZGNlE4SzlRS2 M1cEJyeWw2UnItCiAgUW5McmFLaFV1clFRVThiUktQVHBCRGNBIn19fX19", { "signatures":[{ "alg":"S512", "kid":"MBJ4-CDEK-6JA2-WGKY-4C2Z-VSYP-KOFM", "signature":"IIZgcx_hd3h4onMB6yOe7FZyU6k_8SqUsePyCgeM DB3w-yAt_f_YRnHcgipESTP1669Ci2mlPh-A_YQoPoDJ1sDz_eROHrxfAX-TTBBlM Omizu1UMoUnB1fEr1J75CNxwf9smIMcCxT7O4X1MQoOewsA"} ], "PayloadDigest":"EeGC-UU1fMXyppG62CiPC7pBNaDw257ubufE3izw mBm_8lrMfG_VWnfqMybF8Q3m6V0fWQxQfRWIc-9XpG4-sg"} ], "ClientNonce":"ZRD9o9z8_Axq6WHESqQ1aQ", "PinId":"AAAR-P66O-KGTI-QY6C-CXIW-OMCV-WQZI", "PinWitness":"dbD8_k5J6NhZxru6ltO-Y52bm-zPr80EbEbmcwMl6sFpOBx VFRVJi6AcI0gU3Wj3mdgAltf9ePxBRyYymjmtWQ", "AccountAddress":"alice@example.com"}}¶
The service receives the conenct request and authenticates the message under the device key. The service cannot authenticate the message under the PIN code because that is not know to the service as the service cannot decrypt the local spool.¶
Having authenticated the connect request, the service generates a random nonce value. The random nonce together with the device and account profiles are used to calculate the witness value.¶
The AcknowledgeConnection message is created by the service:¶
{ "AcknowledgeConnection":{ "MessageId":"CC5N-J27O-DR3W-WTQI-R3JB-NJZP-745V", "EnvelopedRequestConnection":[{ "EnvelopeId":"MBX4-HVCH-S6LU-BEWP-KAM5-7OYF-F4YG", "ContentMetaData":"ewogICJVbmlxdWVJZCI6ICJORFlSLUZTVDItRD RWNy03QzNRLVFGNVItNzRUWC1OTlBDIiwKICAiTWVzc2FnZVR5cGUiOiAiUmVxdWV zdENvbm5lY3Rpb24iLAogICJjdHkiOiAiYXBwbGljYXRpb24vbW1tL29iamVjdCIs CiAgIkNyZWF0ZWQiOiAiMjAyMS0wOS0yMFQxODoxNjoxOFoifQ"}, "ewogICJSZXF1ZXN0Q29ubmVjdGlvbiI6IHsKICAgICJNZXNzYWdlSWQiOi AiTkRZUi1GU1QyLUQ0VjctN0MzUS1RRjVSLTc0VFgtTk5QQyIsCiAgICAiQXV0aGV udGljYXRlZERhdGEiOiBbewogICAgICAgICJFbnZlbG9wZUlkIjogIk1CSjQtQ0RF Sy02SkEyLVdHS1ktNEMyWi1WU1lQLUtPRk0iLAogICAgICAgICJkaWciOiAiUzUxM iIsCiAgICAgICAgIkNvbnRlbnRNZXRhRGF0YSI6ICJld29nSUNKVmJtbHhkV1ZKWk NJNklDSk5Ra28wTFVORVJVc3ROa3BCTWkxCiAgWFIwdFpMVFJETWxvdFZsTlpVQzF MVDBaTklpd0tJQ0FpVFdWemMyRm5aVlI1Y0dVaU9pQWlVSEp2Wm1sc1oKICBVUmxk bWxqWlNJc0NpQWdJbU4wZVNJNklDSmhjSEJzYVdOaGRHbHZiaTl0YlcwdmIySnFaV 04wSWl3S0lDQQogIGlRM0psWVhSbFpDSTZJQ0l5TURJeExUQTVMVEl3VkRFNE9qRT JPakU0V2lKOSJ9LAogICAgICAiZXdvZ0lDSlFjbTltYVd4bFJHVjJhV05sSWpvZ2V 3b2dJQ0FnSWxCeWIyWgogIHBiR1ZUYVdkdVlYUjFjbVVpT2lCN0NpQWdJQ0FnSUNK VlpHWWlPaUFpVFVKS05DMURSRVZMTFRaS1FUSXRWCiAgMGRMV1MwMFF6SmFMVlpUV 1ZBdFMwOUdUU0lzQ2lBZ0lDQWdJQ0pRZFdKc2FXTlFZWEpoYldWMFpYSnpJam8KIC BnZXdvZ0lDQWdJQ0FnSUNKUWRXSnNhV05MWlhsRlEwUklJam9nZXdvZ0lDQWdJQ0F nSUNBZ0ltTnlkaUk2SQogIENKRlpEUTBPQ0lzQ2lBZ0lDQWdJQ0FnSUNBaVVIVmli R2xqSWpvZ0ltZExUemxQV1VWU1NGSllZV3hxTTBKCiAgQldVcFdUVWQwYVZoVFZrd DJReTE0WkVneFRqQjROR2hqV1dWalozWkdlRmRFYUc4S0lDQkpkVkZ6VWtSdE4KIC BDMVJNR3RLVjFGR2JHRlZaWHA2UlVFaWZYMTlMQW9nSUNBZ0lrVnVZM0o1Y0hScGI yNGlPaUI3Q2lBZ0lDQQogIGdJQ0pWWkdZaU9pQWlUVVJhVlMxTVZrVlJMVVpYVmtN dFdsUmFVUzAxV2xaTkxVaEVSbGN0UTAxRFVpSXNDCiAgaUFnSUNBZ0lDSlFkV0pzY VdOUVlYSmhiV1YwWlhKeklqb2dld29nSUNBZ0lDQWdJQ0pRZFdKc2FXTkxaWGwKIC BGUTBSSUlqb2dld29nSUNBZ0lDQWdJQ0FnSW1OeWRpSTZJQ0pZTkRRNElpd0tJQ0F nSUNBZ0lDQWdJQ0pRZAogIFdKc2FXTWlPaUFpZVVaSWFYcEtUbHBsWjJNMWQySlVl VWxPZVhkMExUVk1RV2Q1V1RaRlJrVldMVFJTYUc5CiAgRk1WVTBaWFJwWVVaMWVUR llhQW9nSURGTloybDZhMDgwYjFoME5tVk1WRnBrUmpkcWEyTnRRU0o5Zlgwc0MKIC BpQWdJQ0FpVTJsbmJtRjBkWEpsSWpvZ2V3b2dJQ0FnSUNBaVZXUm1Jam9nSWsxQ1V qTXRRMWRSVnkxWldUZAogIFRMVFF6VVVVdFRWa3lTaTFKTWtJMUxVcEtXVTRpTEFv Z0lDQWdJQ0FpVUhWaWJHbGpVR0Z5WVcxbGRHVnljCiAgeUk2SUhzS0lDQWdJQ0FnS UNBaVVIVmliR2xqUzJWNVJVTkVTQ0k2SUhzS0lDQWdJQ0FnSUNBZ0lDSmpjblkKIC BpT2lBaVJXUTBORGdpTEFvZ0lDQWdJQ0FnSUNBZ0lsQjFZbXhwWXlJNklDSlpXRGx XV0ZJNWNtMWxhVlZFTAogIFhwcmRrZ3hjRnBXYUV0NU15MVBYMUUyWTJkTVZGODJV bVpQWkcxcVdFOXJYMG80VUVVekNpQWdjbTB0VkRkCiAgWFZGWmZPVmQzUkZNNVZFT lFZMnRYT1dkQkluMTlmU3dLSUNBZ0lDSkJkWFJvWlc1MGFXTmhkR2x2YmlJNkkKIC BIc0tJQ0FnSUNBZ0lsVmtaaUk2SUNKTlFWZFVMVmRYUkZFdFRGbGFRaTFDVlVWWEx VWkJWekl0VWs5UFJpMQogIFlVVEpJSWl3S0lDQWdJQ0FnSWxCMVlteHBZMUJoY21G dFpYUmxjbk1pT2lCN0NpQWdJQ0FnSUNBZ0lsQjFZCiAgbXhwWTB0bGVVVkRSRWdpT 2lCN0NpQWdJQ0FnSUNBZ0lDQWlZM0oySWpvZ0lsZzBORGdpTEFvZ0lDQWdJQ0EKIC BnSUNBZ0lsQjFZbXhwWXlJNklDSldjVzB6YWxodlpYcExlbkJxWHpkSE9HZDNZM1p oZWtOb1QyRXlNbTg1ZQogIG1aR05sRTRTemxSUzJNMWNFSnllV3cyVW5JdENpQWdV VzVNY21GTGFGVjFjbEZSVlRoaVVrdFFWSEJDUkdOCiAgQkluMTlmWDE5IiwKICAgI CAgewogICAgICAgICJzaWduYXR1cmVzIjogW3sKICAgICAgICAgICAgImFsZyI6IC JTNTEyIiwKICAgICAgICAgICAgImtpZCI6ICJNQko0LUNERUstNkpBMi1XR0tZLTR DMlotVlNZUC1LT0ZNIiwKICAgICAgICAgICAgInNpZ25hdHVyZSI6ICJJSVpnY3hf aGQzaDRvbk1CNnlPZTdGWnlVNmtfOFNxVXNlUHlDZ2VNREIzdy15QXRfCiAgZl9ZU m5IY2dpcEVTVFAxNjY5Q2kybWxQaC1BX1lRb1BvREoxc0R6X2VST0hyeGZBWC1UVE JCbE1PbWl6dTEKICBVTW9VbkIxZkVyMUo3NUNOeHdmOXNtSU1jQ3hUN080WDFNUW9 PZXdzQSJ9XSwKICAgICAgICAiUGF5bG9hZERpZ2VzdCI6ICJFZUdDLVVVMWZNWHlw cEc2MkNpUEM3cEJOYUR3MjU3dWJ1ZkUzaXp3bUJtXzgKICBsck1mR19WV25mcU15Y kY4UTNtNlYwZldReFFmUldJYy05WHBHNC1zZyJ9XSwKICAgICJDbGllbnROb25jZS I6ICJaUkQ5bzl6OF9BeHE2V0hFU3FRMWFRIiwKICAgICJQaW5JZCI6ICJBQUFSLVA 2Nk8tS0dUSS1RWTZDLUNYSVctT01DVi1XUVpJIiwKICAgICJQaW5XaXRuZXNzIjog ImRiRDhfazVKNk5oWnhydTZsdE8tWTUyYm0telByODBFYkVibWN3TWw2c0ZwT0J4V gogIEZSVkppNkFjSTBnVTNXajNtZGdBbHRmOWVQeEJSeVl5bWptdFdRIiwKICAgIC JBY2NvdW50QWRkcmVzcyI6ICJhbGljZUBleGFtcGxlLmNvbSJ9fQ" ], "ServerNonce":"04cY1MKWI4G8BGEUGQzldw", "Witness":"CC5N-J27O-DR3W-WTQI-R3JB-NJZP-745V"}}¶
The AcknowledgeConnection message is appended to the Inbound spool of the account to which connection was requested so that the user can approve the request. The ConnectResponse message is returned to the device containing the AcknowledgeConnection message and the profile of the account.¶
The device generates the witness value, verifies it against the value provided by the server and presents it to the user as seen in the console example above.¶
8.1.3. Phase 3:
The user synchronizes their pending messages:¶
Alice> message pending MessageID: CC5N-J27O-DR3W-WTQI-R3JB-NJZP-745V Connection Request:: MessageID: CC5N-J27O-DR3W-WTQI-R3JB-NJZP-745V To: From: Device: MBJ4-CDEK-6JA2-WGKY-4C2Z-VSYP-KOFM Witness: CC5N-J27O-DR3W-WTQI-R3JB-NJZP-745V MessageID: NCJD-SJE7-VPY7-REZL-HCYI-2QWC-W2ZK Group invitation:: MessageID: NCJD-SJE7-VPY7-REZL-HCYI-2QWC-W2ZK To: alice@example.com From: alice@example.com MessageID: NAFH-QPYP-5OAV-WXPX-RCKO-KIKS-RYJG Confirmation Request:: MessageID: NAFH-QPYP-5OAV-WXPX-RCKO-KIKS-RYJG To: alice@example.com From: console@example.com Text: start MessageID: NDAP-F3KS-HNFO-7I3L-2ZHA-IGKR-3RGZ Contact Request:: MessageID: NDAP-F3KS-HNFO-7I3L-2ZHA-IGKR-3RGZ To: alice@example.com From: bob@example.com PIN: ADN6-CJ3X-KEFJ-BMMU-TKN3-J3JS-73ZA Alice> account sync /auto ERROR - An attempt was made to create an object with an existing obje ct identifier¶
The administration device determines that the device connection request is authenticated by a PIN code. The PIN code is retrieved and the message authenticated. This is shown in the PIN registration interation example in section $$$ above.¶
Bug: This command is currently showing superflous pending messages due to the failure to clear messages processed in earlier examples.¶
The Cataloged device record is created from the public key values corresponding to the combination of the public keys in the device profile and those defined by the activation:¶
[Updates to multiple spools here.]¶
>>> ActivationDevice Here¶
>>> CatalogedDevice Here¶
{ "RespondConnection":{ "MessageId":"MB3U-D5WR-CRBE-PM3W-BXKC-WJL7-7QMZ", "Result":"Accept", "CatalogedDevice":{ "DeviceUdf":"MBJ4-CDEK-6JA2-WGKY-4C2Z-VSYP-KOFM", "EnvelopedProfileUser":[{ "EnvelopeId":"MC6L-GFYJ-7EOP-2OWN-24ZJ-4RC7-EXTW", "dig":"S512", "ContentMetaData":"ewogICJVbmlxdWVJZCI6ICJNQzZMLUdGWUot N0VPUC0yT1dOLTI0WkotNFJDNy1FWFRXIiwKICAiTWVzc2FnZVR5cGUiOiAiUHJvZ mlsZVVzZXIiLAogICJjdHkiOiAiYXBwbGljYXRpb24vbW1tL29iamVjdCIsCiAgIk NyZWF0ZWQiOiAiMjAyMS0wOS0yMFQxODoxNToyMloifQ"}, "ewogICJQcm9maWxlVXNlciI6IHsKICAgICJQcm9maWxlU2lnbmF0dXJl IjogewogICAgICAiVWRmIjogIk1DNkwtR0ZZSi03RU9QLTJPV04tMjRaSi00UkM3L UVYVFciLAogICAgICAiUHVibGljUGFyYW1ldGVycyI6IHsKICAgICAgICAiUHVibG ljS2V5RUNESCI6IHsKICAgICAgICAgICJjcnYiOiAiRWQ0NDgiLAogICAgICAgICA gIlB1YmxpYyI6ICJSTHNrbTRnVzZrQm5aS3dMMlBDQkF1aHJyaXVBU1g5X2lZUkt4 UTUyRFN0V0dsT2wydWdFCiAgeVAzdTZBVEM1WW1JOFU5TXFyT1cxTW9BIn19fSwKI CAgICJBY2NvdW50QWRkcmVzcyI6ICJhbGljZUBleGFtcGxlLmNvbSIsCiAgICAiU2 VydmljZVVkZiI6ICJNQ1ozLU0yUFMtU0ZYUC00TDZYLVJLR1AtTUtKQS1SNVdLIiw KICAgICJBY2NvdW50RW5jcnlwdGlvbiI6IHsKICAgICAgIlVkZiI6ICJNRFFZLUo3 MkEtVlBBTy1XRE9ELUdZWTctNFpaNS1QTFZMIiwKICAgICAgIlB1YmxpY1BhcmFtZ XRlcnMiOiB7CiAgICAgICAgIlB1YmxpY0tleUVDREgiOiB7CiAgICAgICAgICAiY3 J2IjogIlg0NDgiLAogICAgICAgICAgIlB1YmxpYyI6ICJJZTJtOTRzY21qN05yX1l xTTE1U3h0R2tmbkJMWWxUa25rSWVsVlhxYXJpSUF1el92QjJICiAgRHFNSElnM1ot UEtpWEZlcVVqTDRnTmtBIn19fSwKICAgICJBZG1pbmlzdHJhdG9yU2lnbmF0dXJlI jogewogICAgICAiVWRmIjogIk1EUFktQUI2Mi1STEwyLUZEWkYtR0hZQi1MUzJHLU hNWlgiLAogICAgICAiUHVibGljUGFyYW1ldGVycyI6IHsKICAgICAgICAiUHVibGl jS2V5RUNESCI6IHsKICAgICAgICAgICJjcnYiOiAiRWQ0NDgiLAogICAgICAgICAg IlB1YmxpYyI6ICIwZ3JnTFRFNDljWlF6SURkT2k1ZjRsSXgzT2xsZFBqOVA3dUNzc U0wWmdLWHJHNnVBWHAtCiAgUWg3ZUdxOE5WNkRQQjBib3YzX1BZSUlBIn19fSwKIC AgICJBY2NvdW50QXV0aGVudGljYXRpb24iOiB7CiAgICAgICJVZGYiOiAiTUNaQi1 YTVdNLUtVVlAtUFpaSC1CV1RRLUY0QVYtT0dOUCIsCiAgICAgICJQdWJsaWNQYXJh bWV0ZXJzIjogewogICAgICAgICJQdWJsaWNLZXlFQ0RIIjogewogICAgICAgICAgI mNydiI6ICJYNDQ4IiwKICAgICAgICAgICJQdWJsaWMiOiAidzE0OURtZ2RlOXNwaG JIaWdIVkQ1czFiZlppa2l4ZzNUTEtBRzNWZ2pKZTRETUFWRVJCcwogIE1JbTBBY19 nRVZvS29yb1gxdEdFRkowQSJ9fX0sCiAgICAiQWNjb3VudFNpZ25hdHVyZSI6IHsK ICAgICAgIlVkZiI6ICJNQ1VNLVNRMzUtWkpVUS1UTVRLLUhCNFgtNTdRUS1ZSzJaI iwKICAgICAgIlB1YmxpY1BhcmFtZXRlcnMiOiB7CiAgICAgICAgIlB1YmxpY0tleU VDREgiOiB7CiAgICAgICAgICAiY3J2IjogIkVkNDQ4IiwKICAgICAgICAgICJQdWJ saWMiOiAibUR5cDZtTGlSYXRPWGlCdHg5YlZabTJiaHBQaXFtVEJMdG1WeHpwOWRC TWlVWl9YOElkdAogIHY1MUJvcFcycWF5blJ1LWxFNU1WYW5LQSJ9fX19fQ", { "signatures":[{ "alg":"S512", "kid":"MC6L-GFYJ-7EOP-2OWN-24ZJ-4RC7-EXTW", "signature":"aeCuTY0X-J9_L6HGafZKbg5ZueP6PjoydfQDXB 28B0CpGfqhPjTc6bjLF-vZWzSV4wZ9wotFvXyAR_QRXW7EtpbRz4s2j-bdzGR6z0j zJGnFWaxUYfAzCoFUHfhUDzJTthMNkQiJ-sUyRyriqaF0HjUA"} ], "PayloadDigest":"ZPrAcmAuks4uOaLyaHIyrISbFbCuNwXI3h7IVD B4hzyitFAsVEg8G5QukhJexWuntd_8f4VwQaAmZnjT3lPEhw"} ], "EnvelopedProfileDevice":[{ "EnvelopeId":"MBJ4-CDEK-6JA2-WGKY-4C2Z-VSYP-KOFM", "dig":"S512", "ContentMetaData":"ewogICJVbmlxdWVJZCI6ICJNQko0LUNERUst NkpBMi1XR0tZLTRDMlotVlNZUC1LT0ZNIiwKICAiTWVzc2FnZVR5cGUiOiAiUHJvZ mlsZURldmljZSIsCiAgImN0eSI6ICJhcHBsaWNhdGlvbi9tbW0vb2JqZWN0IiwKIC AiQ3JlYXRlZCI6ICIyMDIxLTA5LTIwVDE4OjE2OjE4WiJ9"}, "ewogICJQcm9maWxlRGV2aWNlIjogewogICAgIlByb2ZpbGVTaWduYXR1 cmUiOiB7CiAgICAgICJVZGYiOiAiTUJKNC1DREVLLTZKQTItV0dLWS00QzJaLVZTW VAtS09GTSIsCiAgICAgICJQdWJsaWNQYXJhbWV0ZXJzIjogewogICAgICAgICJQdW JsaWNLZXlFQ0RIIjogewogICAgICAgICAgImNydiI6ICJFZDQ0OCIsCiAgICAgICA gICAiUHVibGljIjogImdLTzlPWUVSSFJYYWxqM0JBWUpWTUd0aVhTVkt2Qy14ZEgx TjB4NGhjWWVjZ3ZGeFdEaG8KICBJdVFzUkRtNC1RMGtKV1FGbGFVZXp6RUEifX19L AogICAgIkVuY3J5cHRpb24iOiB7CiAgICAgICJVZGYiOiAiTURaVS1MVkVRLUZXVk MtWlRaUS01WlZNLUhERlctQ01DUiIsCiAgICAgICJQdWJsaWNQYXJhbWV0ZXJzIjo gewogICAgICAgICJQdWJsaWNLZXlFQ0RIIjogewogICAgICAgICAgImNydiI6ICJY NDQ4IiwKICAgICAgICAgICJQdWJsaWMiOiAieUZIaXpKTlplZ2M1d2JUeUlOeXd0L TVMQWd5WTZFRkVWLTRSaG9FMVU0ZXRpYUZ1eTFYaAogIDFNZ2l6a080b1h0NmVMVF pkRjdqa2NtQSJ9fX0sCiAgICAiU2lnbmF0dXJlIjogewogICAgICAiVWRmIjogIk1 CUjMtQ1dRVy1ZWTdTLTQzUUUtTVkySi1JMkI1LUpKWU4iLAogICAgICAiUHVibGlj UGFyYW1ldGVycyI6IHsKICAgICAgICAiUHVibGljS2V5RUNESCI6IHsKICAgICAgI CAgICJjcnYiOiAiRWQ0NDgiLAogICAgICAgICAgIlB1YmxpYyI6ICJZWDlWWFI5cm 1laVVELXprdkgxcFpWaEt5My1PX1E2Y2dMVF82UmZPZG1qWE9rX0o4UEUzCiAgcm0 tVDdXVFZfOVd3RFM5VENQY2tXOWdBIn19fSwKICAgICJBdXRoZW50aWNhdGlvbiI6 IHsKICAgICAgIlVkZiI6ICJNQVdULVdXRFEtTFlaQi1CVUVXLUZBVzItUk9PRi1YU TJIIiwKICAgICAgIlB1YmxpY1BhcmFtZXRlcnMiOiB7CiAgICAgICAgIlB1YmxpY0 tleUVDREgiOiB7CiAgICAgICAgICAiY3J2IjogIlg0NDgiLAogICAgICAgICAgIlB 1YmxpYyI6ICJWcW0zalhvZXpLenBqXzdHOGd3Y3ZhekNoT2EyMm85emZGNlE4SzlR S2M1cEJyeWw2UnItCiAgUW5McmFLaFV1clFRVThiUktQVHBCRGNBIn19fX19", { "signatures":[{ "alg":"S512", "kid":"MBJ4-CDEK-6JA2-WGKY-4C2Z-VSYP-KOFM", "signature":"IIZgcx_hd3h4onMB6yOe7FZyU6k_8SqUsePyCg eMDB3w-yAt_f_YRnHcgipESTP1669Ci2mlPh-A_YQoPoDJ1sDz_eROHrxfAX-TTBB lMOmizu1UMoUnB1fEr1J75CNxwf9smIMcCxT7O4X1MQoOewsA"} ], "PayloadDigest":"EeGC-UU1fMXyppG62CiPC7pBNaDw257ubufE3i zwmBm_8lrMfG_VWnfqMybF8Q3m6V0fWQxQfRWIc-9XpG4-sg"} ], "EnvelopedConnectionAddress":[{ "dig":"S512"}, "e7QRQ29ubmVjdGlvbkFkZHJlc3N7tA5BdXRoZW50aWNhdGlvbnu0EFB1 YmxpY1BhcmFtZXRlcnN7tA1QdWJsaWNLZXlFQ0RIe7QDY3J2gARYNDQ4tAZQdWJsa WOIObOavss8qXnyOEdTEgsbbUc53eztv71PZ6UvPOurHjIy2NYPXPhWOboDXGhCSR glDWz0SDrPGlcFAH19fbQHQWNjb3VudIARYWxpY2VAZXhhbXBsZS5jb219fQ", { "signatures":[{ "alg":"S512", "kid":"MDPY-AB62-RLL2-FDZF-GHYB-LS2G-HMZX", "signature":"kXuiOE4ej2xBhBthsd2zJQW2XYcSXCR7mZQa16 c6QEMamtnw9ZkJX2HszugAZunlNC_Rdp1JDjCAZepplfgbzD7V354mep0hdKGoXye QN9O3UmZxmtIpvcWPuESoAl3VXF7wNpOMvbr-2cRsgPrQ3DsA"} ]} ], "EnvelopedConnectionService":[{ "dig":"S512", "ContentMetaData":"ewogICJNZXNzYWdlVHlwZSI6ICJDb25uZWN0 aW9uU2VydmljZSIsCiAgImN0eSI6ICJhcHBsaWNhdGlvbi9tbW0vb2JqZWN0IiwKI CAiQ3JlYXRlZCI6ICIyMDIxLTA5LTIwVDE4OjE2OjE5WiJ9"}, "e7QRQ29ubmVjdGlvblNlcnZpY2V7tA5BdXRoZW50aWNhdGlvbnu0A1Vk ZoAiTUE0VS1IVzY0LU9LVEstWlFFTC1YNlVILUY2R1UtWlNTV7QQUHVibGljUGFyY W1ldGVyc3u0DVB1YmxpY0tleUVDREh7tANjcnaABFg0NDi0BlB1YmxpY4g5s5q-yz ypefI4R1MSCxttRznd7O2_vU9npS8866seMjLY1g9c-FY5ugNcaEJJGCUNbPRIOs8 aVwUAfX19fX0", { "signatures":[{ "alg":"S512", "kid":"MDPY-AB62-RLL2-FDZF-GHYB-LS2G-HMZX", "signature":"b9uPvBuiCFiOOWMync3K-kGEMsv8nsSe6P_bJf gzw5_jfdkED2EOTLeyavP4aIDOvF12BIccF3cAZLlDNeB740u4nu0XEz5HCX6RBdd C2XMfYbDe78yTBAaTtEqZ1jhaupspEW5q6viEfMQJ8BWGmzQA"} ], "PayloadDigest":"9_otIc37d1dsMnmIm6V6TqizsPRvQU1O3a1XVb -0A-CfdGk5m6blY9awr39H6gd547nuhqF-JdMBemwbPIyfJw"} ], "EnvelopedConnectionDevice":[{ "dig":"S512", "ContentMetaData":"ewogICJNZXNzYWdlVHlwZSI6ICJDb25uZWN0 aW9uRGV2aWNlIiwKICAiY3R5IjogImFwcGxpY2F0aW9uL21tbS9vYmplY3QiLAogI CJDcmVhdGVkIjogIjIwMjEtMDktMjBUMTg6MTY6MTlaIn0"}, "e7QQQ29ubmVjdGlvbkRldmljZXu0DkF1dGhlbnRpY2F0aW9ue7QDVWRm gCJNQTRVLUhXNjQtT0tUSy1aUUVMLVg2VUgtRjZHVS1aU1NXtBBQdWJsaWNQYXJhb WV0ZXJze7QNUHVibGljS2V5RUNESHu0A2NydoAEWDQ0OLQGUHVibGljiDmzmr7LPK l58jhHUxILG21HOd3s7b-9T2elLzzrqx4yMtjWD1z4Vjm6A1xoQkkYJQ1s9Eg6zxp XBQB9fX20BVJvbGVzW4AJdGhyZXNob2xkXbQJU2lnbmF0dXJle7QDVWRmgCJNQ0pC LUo1R1ItS1RXMy1KS1RFLTYyQTQtNVM1US1UQU5PtBBQdWJsaWNQYXJhbWV0ZXJze 7QNUHVibGljS2V5RUNESHu0A2NydoAFRWQ0NDi0BlB1YmxpY4g5UYt8Q55B6K9oxS fj8UN35FZH6vlDeULJUpJlde7Iw2Gb8RjV7Blu7NiZME8Ig-BlSru-m6ztXY0AfX1 9tApFbmNyeXB0aW9ue7QDVWRmgCJNQVM1LUczTlItRkVHNS1KTkVFLU5HVFQtNTRF Qi1HNE9JtBBQdWJsaWNQYXJhbWV0ZXJze7QNUHVibGljS2V5RUNESHu0A2NydoAEW DQ0OLQGUHVibGljiDlS9hxCUejkfMJ_e8tJVThQHG-JqLvrEXWV8zsPj1J4icxh7I pQDur36Qmwjm0WjjCXgDiQmSprZAB9fX19fQ", { "signatures":[{ "alg":"S512", "kid":"MDPY-AB62-RLL2-FDZF-GHYB-LS2G-HMZX", "signature":"bv3JbW8GRQu1egN3K01uXFs7paCiLPnZVLzSx9 qd_32oO3DoZ62Hm5GuTTOQ1dq7JevCjPXu7YKASxo1tsKI_u0yu_NH0MTsBQJzQiP mzxl1Rady4rrCZMmMmuE1n1EyVqOpqVMRPVbh9xE7We6NMDkA"} ], "PayloadDigest":"ryWXi7qqqFa2kAgjv94kWwiHa3rmnDkuxKSv_n HYCNvAgGNE7ChW9nod4MmT5mO5Lq4jHrFv2PoVvIjhmQnuDg"} ], "EnvelopedActivationDevice":[{ "enc":"A256CBC", "dig":"S512", "kid":"EBQA-ORX6-SYUD-OBPD-66UK-UJLF-T7EE", "Salt":"P5HCNTSxumoCQDNal1lMpw", "recipients":[{ "kid":"MDZU-LVEQ-FWVC-ZTZQ-5ZVM-HDFW-CMCR", "epk":{ "PublicKeyECDH":{ "crv":"X448", "Public":"1hxJpV39-ClXIGUxEJs_9Lh3Z89iMG6BQO0zY GoiNblDPvTpFDe5pjUlR6qT-jEdufWzDx_F1aEA"}}, "wmk":"j64N7JuT_Azf6nyreYH_0f6hKXzg3fs0Jyw_7gLbNBT7 OBNm-1gurQ"} ], "ContentMetaData":"ewogICJNZXNzYWdlVHlwZSI6ICJBY3RpdmF0 aW9uRGV2aWNlIiwKICAiY3R5IjogImFwcGxpY2F0aW9uL21tbS9vYmplY3QiLAogI CJDcmVhdGVkIjogIjIwMjEtMDktMjBUMTg6MTY6MTlaIn0"}, "vBjl0qXoEna0h1vrwmO2PlPb3drpoXtxV38i7NCiuNkG9JSJt1UTugrm SqyTYrA08GWWZZ9vA7Sq85RMTM37_mV0j51_9iRjunLAs5IIhF5xLA2AGwLc23uPY QYHylzOt2QtokoZRDsDUrhX-pRDECpUz0iP30mamSjMkfF5DgV6XxQXZfQvQDZx-r DdYSY-NoiG3QZc0ZJEdqASaqovqVOD1iENIrS0iwB5AhbDl3r5DxMNVtUrysNfTim 67nQX", { "signatures":[{ "alg":"S512", "kid":"MDPY-AB62-RLL2-FDZF-GHYB-LS2G-HMZX", "signature":"wYBXRTndm1EFpMSV9lCgMjcDFicQB3xQM_ZKT3 IVnK2x7LMFY3qXHE8SI_7J6_emWHmv2bbb31wAmf2PbogWoFoh6pFcMGyuejQkg4N q1O4ggxJcjsB7qCBosZE25bB5WJb9zWKvyil3ZaVSQMWrWCgA", "witness":"ZGGLtk4b7Ct7lOQk3rsj_1cQV7QJH-ogKcFMNXuL XDI"} ], "PayloadDigest":"96zhY9KlnQJYNfUqOhpspfkrJ-t10yNA3mR4jw Is-AJRkO286wwuaaJlDuDTuxVBHhjlgDlIgw2ybvH6vSwsrQ"} ], "EnvelopedActivationAccount":[{ "enc":"A256CBC", "dig":"S512", "kid":"EBQD-ZM5K-LKKF-ILS4-GG2S-IAU7-SNKB", "Salt":"EqNwfNG2SEjWsph327NkWQ", "recipients":[{ "kid":"MAS5-G3NR-FEG5-JNEE-NGTT-54EB-G4OI", "epk":{ "PublicKeyECDH":{ "crv":"X448", "Public":"ENwMs_Ynk2fPMeLnPbpHPNpPdDEe8wK_G7hBo i9LVAOo1p99OY52W2fQqJttwA2HbbFC2RJWeq4A"}}, "wmk":"wmFdyKnrVtHTxjKz-gz1WjKsqJuGNOa91gJp4MYcEeBd -inanGfo7g"} ], "ContentMetaData":"ewogICJNZXNzYWdlVHlwZSI6ICJBY3RpdmF0 aW9uQWNjb3VudCIsCiAgImN0eSI6ICJhcHBsaWNhdGlvbi9tbW0vb2JqZWN0IiwKI CAiQ3JlYXRlZCI6ICIyMDIxLTA5LTIwVDE4OjE2OjE5WiJ9"}, "k8c3LPLX26rouC5MrU71zZfy_j8xfpt0wQhizXeTzhgW87Y03Ce8TVIX r4JE5PZudbrN5HSGNzzWhpLDGCCKp4wrdo-2SLMxFtrHokEP9ttcx_J1tU1NBA0F7 8wNghoh8k1GYai97f9uQ2ldaXTZIQmUR4gfpRzPp2riMYlgM2c-XJPnBAIpAUOmtC 3eUvUgk_D0e38Yn1Nd0vbekU0R_1h4qN30k3nTqHu7y9b1AkItX84jJftMIeyuZ-3 w9hcF-bUEI2HoWXb7OigE4x3OETE808MTza4IImDC6DqrEGdj1cXR7QswXdhTV6Fg wTy-sk0bk8TYSDstGZh427FSNgAkQ65-RgrJVC2hbAt2aj37kOwwDzl7i3EXuCowH i8ydkFPJTeOxrF2GdIacKEpxwgzs0JQdm2rF6ghm37yFX7A7C8AajQhJ1mJAiYYPR kWj6hcNOhTnAQHlzlB_zJVst6Iu4ZMgIpbQgqKKeVh1f201SQaPXwtjD0WqcrarxC y1idTdxhbaEioxVsmM9jzcEbL5WoLqiuSz6d-Xx1RegDzXLMXnDPp43Bh_v266MWy JOKRNs7NQrU9qF0ZqnypaT9iokfaLGOBNBaAjU668riVxM3Va-nhiPZ6BvTpDqgTO oBXDTjXm6Mkm6Za-cPZguJMSnxc8-IwCZSZyFQ4BJdBVCMkvC-DB84Y2TsrI1urBy 2q8la2F_bOF3MvTMV6W7Bvph9k80EmmlmH9FrEHeUvdQ6ROtCLgDDvEowlOxksmgM 5cXt_M62ikyzkk0M_prj7g4adRGf9DUYkiTGwjdk36cnIw6OiqQCehNj2Btr3bn4s 4_p0xFr4T7hyNdwFEd0euDo6YShb9QBoivXW2YiY4rYOVX-5f2itYaUbRygqsqGOp G0xMWq-gYqZauA56uhPQcPt-t1E0LL1uDWSNfngWMcKR1Tv8rh1lXLI4rmEWDTeip Tm8FiUSeqNWISJQo1jVOwM5W13dlOu0wuh_YIWTKmYHg6uP8KYJEyBxJOg7HCBe0B c7bXochVqxfVyUaCZBFbESodHWIX7RIl5ne_7asYlVZ8fF-sw9kwwW3TkJc1lyFI2 hyy_djnnQURv7TeJMCP3w_5muAxzRbyLzPvuHh6h3dkkLLDmZyp3ru7wwFwUu32Q4 fCUkAFlZwAkz4APtyWgtAZbVd0P0v8CzgM1vMyoDuULNGjaOFqATj3m7J5_oWgdte QkeSUX6cYto1fDQC-AkEsm30yqbluclXuA7Gm_3nAcmWLXlWPDA585BYHhFtXa0Xz aQPT6hb25f9Ke4Y8-0lQJwDSmWQTeVKmQIZ7bTlqvjC5uvfjwQgWulagJB1gbP0Nv HtbVsPy_sMPqgmPs1Yo1wc_a3hImYCQsA-ONXMTWhcavor2XyKtnGwU3aHs4n37MY zjMGiskEj34hrGFbrns-3OMckKXIpAi9R7AMHbbtFOHN0v9r2Vksrp4t569bJjnlW UE0R9A17C3ma_-XLoGzFrBo2b5X278wWEbjorG02gSztScqf0EMHrIupZNcdbzKo7 jiK7oTAfowlDuwUElqtTt3LXIBvwUSCe-xsfTpBFt8rjgCw9Z8UUsBbvK1_6-mS2b E1THWJQcAVcgVxqPLpItQkWqmJ1hJv1K_OnzPcQllWuY2zvROZOqFopHhU2iykLRr xNJVnzThNipe09qVZ-2xxiNIUWxF_BIv8ffKIVZ7fYKf5N7omawGKqBz_9R-AtkPJ gqNGVUCItQaOCC6NuVDnkHGNKeHTDI4ihHpx31urIYPlzy5TZPP1VHIN_0991xtJD rnvMnX40iYjxo6REI1Sg9CpjPBfsghKS-xE2OvtvzDnRZegmaz21DQD7YqXBZUykh VSOBgLyvdH8gZMfp8kYm5-6J99HkXsfMK7N6JULep85ZTfhgJa2xN5gqdVoleBaC5 AoEn0RO5gQUsmT90LAsOh0pr2TSTtLVPedc8j5_LDa9hiAgN_pKTv0xs_wg0VxEzD kMe98TLm9jnJw9HUGSrGVUo6pfJ92QlgfaPWcIPj2AVw047n8z-zqGB2RUXuXhYky 51ucuoa4KfLrFDCfFP_uRTi2zSSArWPUYmS19Bi9b0sDCiJbY9J5mLSuNGh8M7Jie NUO2XOMASr41z3iaTibAUM99G2Q4lf2QuqpTgGOJ4nZjf-EA2kRid6vdJ_Z3sICrF tfZoUez_BS9wzFP3OSKNz2GpfzDL-wDaulWqADe4xmZcHa8Tp4h7of5IJASAj0KG9 D0uIZenExA_DjAcZ3RpHRYi3qNsXxaTif6SUDd1Zxo26Dv69ASvPNss8Jp8kA_j83 OAbSQEXEXIaA-VMzEFP0A0hZVFaVzCb1QWVC8MDFdkaYDHm3UUQX6UEm8FSFrQ1C6 brzYHtKTVecPpUynxzEyju9MnqNsdU9p4mX8AdadzL_nVOpXRAV7tW3IsC6_U9ksq cVPWqVjGQBo3r5BZlh3mUvTDmYF3dfLOx98b3F4NF7DQOqipPmdvJIR_NzfvWV-vq eBGmObwEvwoTlxkRHTwpY5z2pIKBfsA9jsbX8QiMFxu6sXVQUWVlY90BPO8XFKYYk 1w0o3Qa6kBlzEV4Atq1ivFUJtbmg3cE4syQQP2Z1n7bFx9oHDPLIhBI-uG137BYVH vJ_zB4mdPsQtgJHrb7Ne_ChSrgiHc9wPzaidvXUWULHzSWJ6F4gA4kR9hXdOmLx5u jUZ8fxEpHtNrGtfaiJCNBWzqIcRVfQbbxdSvo-7G5uLZxPIXLu6pqzW_BCG_UrXN4 gaTbx_CoIXqXK2XCVAhybpg1ns1_Oswnanb1ptjXBgRKpYLbwlp2XoV5aMnZXJq-R Ili_7gQYZUPJDxlezWMNRAKZzp86OeVBKv9ta4HHxIOavq76ElCHi6Wi2EEaYN0Zq EzD3CU0A4wR06fUq19B9wXuYOOqSyV5Xxupzh2jibfEuydwHzMRn5PMUPf_-NP-Hv KY_fpVd2dtLK0gz1LF9vCfM2QrSYR6AJ-tp8TJ1rv9HJegD5dO9909PlC2R32Lj8Q 6d3NzJsVSXc8pg-jX-L7dyyTrsz0hkyV5qSSSLULo9f9cC55nqrx4vB6vSJ8vCnaj zEImfgmGkHU3ApdTU5jFoMJX14ssoYOhkaKMHW01bhuwgDZ_2uySSHBzqORJe1FMR kCvkdUNjcXcnGLzB4hSUh9hW19BX42xnNBfvxJZjja9MniLTMCfEfV1e5UmTEeiiB o-ubMs-K_qz7EwCNddxRlQLKoytYc_Bwx1UwiWTaoOZVKoAHervd_X7svhZfhusls TlBvK0li1AKp57qz7mRHXt0BAyy5YTIkR6JjURrMPhNptBuiMIvBcivDySt81O2yh FB7uhjn82jz-KO3ILs57DlDFBLf_GxvfsN598wkg24IQ7PEEoJP3xx89Y3mYK8Fi8 u8nk_MT2moOWXge3oDD8H5OmIqywGMep5N8lI_VBAWFr6B-Zplu2_QvqO1oDdz-zi -l9qPRKIkqOuzWIgaez4ZinKviYWi7lYie-lJfy2I8SiuidR6n1jZIcYTT7DJj7kZ jKGeueMvydqXLGhNP8wqYCP_wu9D-4eSqtDS382_I5iuWIXO9zldbhBzqlbdbnVvk RI8gDEZ3Of5tkO97_ga_auwK8-7c5lnENGbPwx84sdpB1hwgr7No70tnOr_A4ajSS c4fA-L4mt0MMuKv1TWVZiQQzOyhIR8TA85d11ta6F4F3kNhox1SGtzCNn0ETFaquB dCQdd2rujAWaqrJv2vkSIBYK8Wgwa2HSQ9QHQJIw9aZviurGRtTGVPccALAqdGKBC AWEHGmBS9SsVKNrrw0JI7pxKJx-VxxnjW1uqpZxKOtfr2bHFHEUbbIxem2pOdBQ9p CwdHo3vcWd-zdK1jt-TICwnUiLvs0cKq62QjD227TAs5ZGfd7_dfb2C_RLYdmhIxR OiBfvStohPwwbX0OIwd0u6qEOqsMw4m87_4dtxL0Qkoi7LqpZvytP24kPVcuJcwwr xfbHtpFWGVCeJGJsfHnFRaXXlm80F4mzjts4VWJeWAtlGIDqENxuGEBj2hWCAVs4D OhIsE_c19ukw-Xcs_XPQ1By2Z7qA4yyu22ZZkSk6ivn1-SZ-05LLTf5i_BMcFgYEo MrkVkJp-vf51hJHbZVLG2OfV3O5GusnjuQzVYngGUjDJrvtTQQQvhdZBhmShfB6eN 5OEyPuZersxL9MHh-nZp53iadAPJx2Ftrq-wvaKynK3u38LVM5Gx7Dmjg5Mt1UoLw lNR_EjpJLd-zqyQq9XfoTqCmz5jsZwXkQtl1r3cdqGqyZ5yUp7YFTThqVxjvtxwF7 4rz9VmgsiHDB79ZFUzjg0jVsUduTSHy86MWkz9qDjUD3HkvyGxia7fyturpIUvP08 NSciR3M8j8zbRF9UGp5JPNjMRiLWduP0fUrziGxXvqXmU5ZMvNuQWkBwKz1Xg3Iw5 RTsU_Pot52ON_Wwc143H8gD-KJQuFtXtsUOX_vFkJclT8SozYMXMQ3sYAllXI1wrS dxXyaI5ywx-bGfatQr8x8KLsMa_EshgSoBAexPjOmAT8b8EBr3w8tv-BJ6RYcl9on l_A4cVeQbGxUa04CcmpFWRDMRLNfO93GY3iYWG2HbGAB45eBGo9ywkcnJAB-58UzL xjQ5Y2zUV5NpaNZ5j5Rd2SqIhS1FKx78DPlF3tAv6Tyei-jMRCBsnkfRww3RU1hss J8rgzo94qXFEDkUB1MJh9fMt3iemMSDhzm5gH8lhr4j364NUjKLAnu9cEgEpZRXds cash-vfA5wqsycEwe0ps4fqxyN6-EgbA4YzKeBV0qyuUm_a84aaz6WBuGOMznQbT8 7p6Xi-uKnQx4zvx4C7KJe-g4sZpJLj-2DSiiSAYceCC9yhVnUoczDyfTJmoGFNcZn 7o26fYxaCbWObuAJkZT4Wh-fojKyAmoZ6N3ZPnw2wLDDeOE6Ry7e3B95kgnVYOrMz R8pCO94bRwk0qdvZemh1PSH1lN_b7D7qppXzOXWtT7oZ-Alq0YxGPP3Rot0sVEJSp hMloE3-jKnUlXGfd5LnFY8jVQinLOBZJmSgoEVQyAdByYOZ6WuAbA9OpsxtukG9de eIYEtGNaEYAVV9izC8fEVaXHcpvC9Hln7dqAE4feyXatvddGYGyIqEfBW1Vb-BD-y Q1RuiuFEDYmXNJnIxp7__JYkVxqiLIl_Sbnjm3teKYLSDLhi7De7Xd8NrOBodhp1M X3oAs_P3mvRaKaRFiNvq984Oa8mygi8B6H0Lhl_LpMcu2XkwEOahAeLYRukwS91wg 2GKazgIJ1xWgyyf8xgogQVyRFUD9iSBofOYxV7QoTfMjl0wUTNPQ2PsjqPVXuAzm_ 9m1w6npaiTRYKv0v-Q_8hMMxX_MAB6NW5kTsyX29zGHgHg0RSz4wXNfvry0rRTHOT -u3czRa77tYQtFwBLJV8mRkYo2onVK0rmE6lu6lHqI8PneU2tAdu_MkrToQU04AFP D7GrvpjqsSOATN9E7LR7ujpDlBeeidv9lQk8v1lqYPQeCy6JOdgud-t2gnSyPEV1u yrl39NDpMNupnSDo_E-arWXwM6VJk9S7-eBUAjQlpKUPQ8K4B1qswXxliUL9sulAT BhIc47LMN4G3F_3CDBPhkwSAQs2CCi4ZVa0FXK-3VtEAlMBVYJ5F1bmIy7kj1ToVS dEalJ0w-gUpt5ElFmkWQtNlAra-a-LSIm9dgBF1vcFrW5tmXHJuX2iUoZMzN9wOgr hMqf60f9NA74h8HiCvswfoEH04TJctu2rv0IGVPg4i-aYQdAhLOK1Oq_TsZUtbkPK CAxyTiCguwxiao1DgVN6ZtChQ6pTI3ncmAcva_y4bU_924K86aAD55CQ13u3-HrN6 2L-PaHE1xaOXTp8eAUfG5PiXVbWmr2LEMcWAP2BKXu10h0umpMJsWQz8IxeXHO2AR _TmbVRhUAH9qnjKLjg50tpQhzOkGEho4s_82V_dd0-I-qmAxth7r5VAIAwlne4Wb0 MoWiitrvYedQUy311G7AnuszxVeM8FlYE9TeiUa6fWxbAaDfwiw-419ELRf-lO7nF Je1W57TAyexB8n3TO_2uR0vCq6QC5xCeA4G3k1I7HyxRQC6wmyWPhPTNDVBzlzWhL pMPJ5QFY-DU033jhDXYXmsw2VBlwRuIECO2Qk-b_ggxUuLurSIXXuh0hofp59dC6z gMtxanHB6JPx5xVEJyQ5hbvKJ8I--iO1o5xmls06YzvxIIFKVaFM2zUjd5s7qu7xu IGIp0tgBMHQt1e6xg4xFeSP4KBRwgNbEyH8EedafqsLv10uw6A1JiSAmr3b_GYZ9c CI6i3hONZgp3oyC5HfDQj0ZaT5J51ZvGN7MzS_UZpPY2KWzUas9ZALnZlc9Jwak7l QL7ykINBJJff9Uzv50PQoyruDC628XcjHFp2TTQ-HUtRD72MC-jBpDEnImNlIxCeh IO0k82_tWraBc-T_jrIeaZs9VWWZnQQLnJdfobthgA2qqjBau9qq-f436TiCsofYZ sqdjLJ7Vknr6ERvIsN13im6ML8MDYzGF9Sm3sYXT-vvQAWl-sbMLFyH8gl5iGLuma LKwSlEm5h0QO_SfvD5UROsXM8wrBbus4pmoajQ-49tsd-2yQXQmyOmqHgd7-a4QVO _i004496iTm50-Knm3YDPQ71dLtFZN_49zE-Yh_rD_xEnx9ShY9TOZ3dxR5EnJ0lr TrWN1j41AfiskvAkH1uANMzuL85nfGelh_2DmLNI7qu3-NIez2maxQLaNcx5uIeKz XcR6hoAkNeseyVSXsCeaJT8FMNQ4J1qVR_KLkLzTajWgWIPbYgYW6fbQ3XNXaibGW 8lS0NR4a13NdtH-Z9FcTqrfDjEb5xvKQZ3R5Lukx-XUbigDkXR8vVIN5-Xmk_r_pn NTEowDh4htGLST-LPb-J_CdnVQHwnWQWAhR1psmXgBSyTAE_jsQ0SS3nrAJhgySLu rLrW64vsJBIppDVivhN3bu5fLYM6g1kirt0SSSrlZ7ivK3ydPCfjaqgUJyIdukMzq Hfu2RpLfoe3l9xg7_msHOzQhRu5FSoMMNYj9WlTQTILu6nCrLqZ0tXRg9T8rwEjIM uUmt4Si14geK20-KyDqE87HA0haiJ9Rl7LG2PC4vowQvEG3VS0uNzcaVoI4JyAXAX yyDc9LF7Z3y_thZKL289rqDqbq8xcnMTziqeCJ5dRvGFRmQZS2JGOT3NJwsygxpY9 -FP7FL_MCRpFRx0Im0FOa0x3ldiPjrU0f-0c4kCc3YoEj6HRKLete-UjkLyieAGXS e0hZ0Dz5TN34CnpXHBM_9BIJA84ImLETdUSle9PvW82x-19RzSczky1u2DPSfXahX 9o1HzMxIhqzIl7UQNKGM5ZeQlyvcY7yfvwVoBc64bruopz8R1VxqvBx05iW2lkSTE IErUQsiF1RN3Nrfkd3oXoJbOW7EPSGq3VWyXpV327f_NzydJrUOmMXAZf_kXtcbTH bUVpZCI8Q7gTSFIiM5HB0FQi3sTK206L8THJq2uq6PDQP1cySMQQdBcc2jldRDKQW vxx6qe0XAOfL9M9xa9er2EspK2-wTthVK2GIAucyiyaKpG0VIcEYsk5YciQCeQH9j 29btKDkPVOMOyndb7Ty_p65icQRZklcQJNFQix8_AEmW5oZycCbfQfPY9oKCMZOJ8 A5oCl4O-ezKH8OForClyoZ5n-6CutZ1H0fZiMfdcTKxn_wC9vFdwMrED0n0fbvN-K _D4lhO5Y_dfBNFkckMIFXXlYH3P9fVuFJNcSZaVZsE4v2bjPDWX2y9VRDYBIS4nk5 NuOuNErlvYuogj_bs19T-naR7ecMKJ7acpxQBM405A2YkBqX5zVCIAovEhVatYs3l ejYRQNnZlO-rXyWj3ELcL5CWmcLzXnTJpPdoMsW1CTGb6OeIqHsPsUS8mM-cQjI_q eEzA9QholSDqm8CaXnYAiGPl3gb9bY8yvoUqBzYrBkIhhaD_P88ClOe2AJDBcBFZf pIc4Oj5GA-7Uu3STFk9utDp5xAnQgQokwYSUsd7ft7pmJSVNUD3cEE50aiAFDtOId KetywsuRJtaVIWzd9MpzyCRcItITfUapn9O0BU11NBvW34ScChaPtbK0wsPR7maYh 0prZUIi-bPsagMX6tUkBA56O8M6mMx8_p0UuMigWiXin2h_YwDmnWkQ54deydi0SX Gc8fb648RUxu1vn28uwMB1CUiW8ckyrzhwjqtjurIeIKaBf9-nIwLvUURcmhqVXT5 6L-iU5ggrFBJUB8irouzy9uvOGq4abeJHJKFTDGLE4aO8sqgAAYAn-PpsBN19ajjD GR8D8xpSk1xj_ixK-kxWBVvIn2pXPGB6D2Lw_rcLyvalmo5udswp7MDftzr40B5hV V84N0GcdPbbcrbiwIOjMeWBJi-xIvN0kDtbXe6iSM6F4gNg1wEYOQSSDQuElFq-c8 wFKzUN9_SN0AwUCQpVH8zBN6OzF2-MLhbiKRepaiJTIid3QT9LB33vmRYVFkYEgNj SXx_vFd27n9eEUKaP6U8i7r4LlSBBr9IQe5ipBSwohNEtZ-c", { "signatures":[{ "alg":"S512", "kid":"MDPY-AB62-RLL2-FDZF-GHYB-LS2G-HMZX", "signature":"TBbLkF3G0WoPLuoUJWGdd3rVxIgRgJxnehjRed vKn2EWcCcSyUVinREhUrh2dgXcRE7Hm2wGzrGA9RgOR6Mm-oIKQvgkB4qfJ8fu7HK h8VisGTqQ4g7ku2nVvFGudmyjBAoOw83uGi7Z64Vw7Tj8zyQA", "witness":"OiD9-4v22pZSzegadlz8exiAgAbD6BjEd5N5XVeY WXA"} ], "PayloadDigest":"VKt5nl9KhxQsiN8kp7jDA7xXA3dVDrYNst7d3c gYTXVk8Ac8MOMeRyIWmeyTfh50QOWmgR978v-TRyvlgQRsvQ"} ]}}}¶
This is posted to the local spool.¶
8.1.4. Phase 4
The device periodically polls for completion of the connection request using the Complete transaction.¶
To provide a final check on the process, the command line tool presents the UDF of the account profile to which the device has connected if successful:¶
Alice3> device complete Device UDF = MBJ4-CDEK-6JA2-WGKY-4C2Z-VSYP-KOFM Account = alice@example.com Account UDF = MC6L-GFYJ-7EOP-2OWN-24ZJ-4RC7-EXTW Alice3> account sync¶
The completion request specifies the witness value for the transaction whose completion is being queried:¶
{ "CompleteRequest":{ "AccountAddress":"alice@example.com", "ResponseID":"MB3U-D5WR-CRBE-PM3W-BXKC-WJL7-7QMZ"}}¶
The Service responds to the complete request by checking to see if an entry has been added to the local spool. If so, this contains the RespondConnection message created by the administration device.¶
8.2. Preconfigured (Static QR Code)
The preconfigured device connection interaction is used to connect devices that lack affordances such as a display or a keyboard. It is also known as the static QR code interaction because a static QR code printed on the device itself is used to connect it to a user's account.¶
Future: Note that this interaction is likely to be changed substantially in future revisions of the specification and the Claim/PollClaim mechanism removed and replaced with a messaging based approach.¶
The interaction has five phases:¶
- Phase 1: Preconfiguration
-
The device to be onboarded is preconfigured with a ProfileDevice and private key information and a DeviceDescription posted to a publication service. This process is typically performed during manufacture. An EARL providing the ability to locate and decrypt the description is printed on the device itself as a QR code.¶
- Phase 2: Device description acquisition
-
The administration device acquiring the onboarding device scans the QR code on the device and uses this information to obtain the device description by means of a Claim operation described above as described in the Device Description.¶
- Phase 3: Administration Device Acceptance
-
This phase is performed in the same manner as the Dynamic QR Code (PIN) Authenticated interaction except that the administration device MAY advise the device that a connection request is being made by additional means described in the device description (e.g. WiFi, Bluetooth).¶
- Phase 4: Poll Claim Notification
-
When connected to a network, the preconfigured device periodically attempts to poll the connection sources specified to find out if there is a pending request. If a connection request is posted, the device decrypts it to allow it to complete the connection process.¶
- Phase 5: Onboarding Device Completion
-
This phase is performed in the same manner as the Dynamic QR Code (PIN) Authenticated interaction except that the administration device requires notice that of the pending connection request.¶
The main differences between this connection interaction and the witness/PIN connection interactions are that the device is preconfigured with the device profile at the time of manufacture and the onboarding device MAY be acquiring network configuration information during the connection process.¶
8.2.1. Phase 1
The manufacturer preconfigures the device¶
Maker> device preconfig Device Udf: MCAE-LHYD-7TBQ-LOVT-GPE7-I3PX-6MQ3 File: EBPB-YSBL-44F5-5ADN-PJHJ-CCJP-EU.medk¶
This results in the creation of the device preconfiguration record to be published to the Publication catalog of the device manufacturer:¶
{ "DevicePreconfiguration":{ "EnvelopedProfileDevice":[{ "EnvelopeId":"MCAE-LHYD-7TBQ-LOVT-GPE7-I3PX-6MQ3", "dig":"S512", "ContentMetaData":"ewogICJVbmlxdWVJZCI6ICJNQ0FFLUxIWUQtN1 RCUS1MT1ZULUdQRTctSTNQWC02TVEzIiwKICAiTWVzc2FnZVR5cGUiOiAiUHJvZml sZURldmljZSIsCiAgImN0eSI6ICJhcHBsaWNhdGlvbi9tbW0vb2JqZWN0IiwKICAi Q3JlYXRlZCI6ICIyMDIxLTA5LTIwVDE4OjE2OjMzWiJ9"}, "ewogICJQcm9maWxlRGV2aWNlIjogewogICAgIlByb2ZpbGVTaWduYXR1cm UiOiB7CiAgICAgICJVZGYiOiAiTUNBRS1MSFlELTdUQlEtTE9WVC1HUEU3LUkzUFg tNk1RMyIsCiAgICAgICJQdWJsaWNQYXJhbWV0ZXJzIjogewogICAgICAgICJQdWJs aWNLZXlFQ0RIIjogewogICAgICAgICAgImNydiI6ICJFZDQ0OCIsCiAgICAgICAgI CAiUHVibGljIjogIm84dXk2ZDhiWjRvTnlSQTlvZHNvQWJQSzl0SGVEc3loYWVQNF 9ia2s3WDdRMHZxSUlPSk0KICBUMy1TU2lBYlVCNzNvNnhiRzVXcEE5U0EifX19LAo gICAgIkVuY3J5cHRpb24iOiB7CiAgICAgICJVZGYiOiAiTUIySi1aTVZFLUxXT0wt N1dUSi1PVEw0LVkzU0QtWlY1WSIsCiAgICAgICJQdWJsaWNQYXJhbWV0ZXJzIjoge wogICAgICAgICJQdWJsaWNLZXlFQ0RIIjogewogICAgICAgICAgImNydiI6ICJYND Q4IiwKICAgICAgICAgICJQdWJsaWMiOiAiVTFKbEF0TDdpWk85d2VVZVgzWktQZnB 3LTc5QW15cnZzVW40b1cweEI3Nk50enF5a0k0QgogIDRYdlNMYkc3ZkdPd1AtY1k5 Mmo5YXBPQSJ9fX0sCiAgICAiU2lnbmF0dXJlIjogewogICAgICAiVWRmIjogIk1ER lAtRVhYRy1CN0g0LUFNNkktTjZDVy1NNFBYLTVXV0EiLAogICAgICAiUHVibGljUG FyYW1ldGVycyI6IHsKICAgICAgICAiUHVibGljS2V5RUNESCI6IHsKICAgICAgICA gICJjcnYiOiAiRWQ0NDgiLAogICAgICAgICAgIlB1YmxpYyI6ICJ1ek1YcTdwZUZi UmVsYklrTERpenQwcW1qWmhKZ0FDdHhvN2J0SDNxVE9DYlV2bmNYMVFrCiAgVXA1d WVDMUdfWUZuSnB6d09iZ09DNXNBIn19fSwKICAgICJBdXRoZW50aWNhdGlvbiI6IH sKICAgICAgIlVkZiI6ICJNRDJXLVVEQ0stR05BRC1TSzVCLUFUNzUtQ0s2VS1QTEE 2IiwKICAgICAgIlB1YmxpY1BhcmFtZXRlcnMiOiB7CiAgICAgICAgIlB1YmxpY0tl eUVDREgiOiB7CiAgICAgICAgICAiY3J2IjogIlg0NDgiLAogICAgICAgICAgIlB1Y mxpYyI6ICIycEctd1dIdmtiUGRxU2RJV1diMTFaWkc2aDJQOWY3WnRGdW1mcFlseV RCTy1qWUQ1RHNaCiAgNjZvWFJPUDFkWlV5bU9qUUFsSGUxTE1BIn19fX19", { "signatures":[{ "alg":"S512", "kid":"MCAE-LHYD-7TBQ-LOVT-GPE7-I3PX-6MQ3", "signature":"ei7ljOVDEL4ZsmntYCuw1hJTzfhVaARcYjQXLoSi I3uVOTc8QUu1mfOqxcWqBg_iJaxzLWgol6kAdYmCOXOZLJGeFcqRc8X5cp1yo_u3J -RtBg16eT5OrAyyiKMAF-x14V8SZoND3AokujhS6_vn4DcA"} ], "PayloadDigest":"5fmX2PgCMfBvPkOAI1M3YiDPkT48IxlOlCTFclUN suqOmAqSESi5KUOTINgjX_0MMMCFjX5OcCwXTENz1GH-dA"} ], "EnvelopedConnectionDevice":[{ "dig":"S512", "ContentMetaData":"ewogICJNZXNzYWdlVHlwZSI6ICJDb25uZWN0aW 9uRGV2aWNlIiwKICAiY3R5IjogImFwcGxpY2F0aW9uL21tbS9vYmplY3QiLAogICJ DcmVhdGVkIjogIjIwMjEtMDktMjBUMTg6MTY6MzNaIn0"}, "ewogICJDb25uZWN0aW9uRGV2aWNlIjogewogICAgIkF1dGhlbnRpY2F0aW 9uIjogewogICAgICAiVWRmIjogIk1CMkotWk1WRS1MV09MLTdXVEotT1RMNC1ZM1N ELVpWNVkiLAogICAgICAiUHVibGljUGFyYW1ldGVycyI6IHsKICAgICAgICAiUHVi bGljS2V5RUNESCI6IHsKICAgICAgICAgICJjcnYiOiAiWDQ0OCIsCiAgICAgICAgI CAiUHVibGljIjogIlUxSmxBdEw3aVpPOXdlVWVYM1pLUGZwdy03OUFteXJ2c1VuNG 9XMHhCNzZOdHpxeWtJNEIKICA0WHZTTGJHN2ZHT3dQLWNZOTJqOWFwT0EifX19LAo gICAgIlNpZ25hdHVyZSI6IHsKICAgICAgIlVkZiI6ICJNREZQLUVYWEctQjdINC1B TTZJLU42Q1ctTTRQWC01V1dBIiwKICAgICAgIlB1YmxpY1BhcmFtZXRlcnMiOiB7C iAgICAgICAgIlB1YmxpY0tleUVDREgiOiB7CiAgICAgICAgICAiY3J2IjogIkVkND Q4IiwKICAgICAgICAgICJQdWJsaWMiOiAidXpNWHE3cGVGYlJlbGJJa0xEaXp0MHF talpoSmdBQ3R4bzdidEgzcVRPQ2JVdm5jWDFRawogIFVwNXVlQzFHX1lGbkpwendP YmdPQzVzQSJ9fX0sCiAgICAiRW5jcnlwdGlvbiI6IHsKICAgICAgIlVkZiI6ICJNQ jJKLVpNVkUtTFdPTC03V1RKLU9UTDQtWTNTRC1aVjVZIiwKICAgICAgIlB1YmxpY1 BhcmFtZXRlcnMiOiB7CiAgICAgICAgIlB1YmxpY0tleUVDREgiOiB7CiAgICAgICA gICAiY3J2IjogIlg0NDgiLAogICAgICAgICAgIlB1YmxpYyI6ICJVMUpsQXRMN2la Tzl3ZVVlWDNaS1BmcHctNzlBbXlydnNVbjRvVzB4Qjc2TnR6cXlrSTRCCiAgNFh2U 0xiRzdmR093UC1jWTkyajlhcE9BIn19fX19", { "signatures":[{ "alg":"S512", "kid":"MA6N-NN7E-CNN2-75BX-BGLB-ME6F-7FCH", "signature":"ZOLaqvLsui6n-LB5_C_Q3seRS5ilBxiuFFPp_NU9 1fIF4qQYTh7opYmj8_h3bMuSrCBOCtmYlWgANuzu5LEtH-A_J2jR-euzFV7V3DbFJ QwA8gDb9XhuRZF8FV8V0DfmN1l8AVex0Z7q-clZPodLaCcA"} ], "PayloadDigest":"cBn1RX2qmv9mzrgeUmHN8IhFBLKAmQnMaOUUIxri yKS6DWWVyTxNrNi3D-MD-UJH9zXvSX-GPT6F95mZbm658g"} ], "EnvelopedConnectionService":[{ "dig":"S512", "ContentMetaData":"ewogICJNZXNzYWdlVHlwZSI6ICJDb25uZWN0aW 9uU2VydmljZSIsCiAgImN0eSI6ICJhcHBsaWNhdGlvbi9tbW0vb2JqZWN0IiwKICA iQ3JlYXRlZCI6ICIyMDIxLTA5LTIwVDE4OjE2OjMzWiJ9"}, "ewogICJDb25uZWN0aW9uU2VydmljZSI6IHsKICAgICJBdXRoZW50aWNhdG lvbiI6IHsKICAgICAgIlVkZiI6ICJNQjJKLVpNVkUtTFdPTC03V1RKLU9UTDQtWTN TRC1aVjVZIiwKICAgICAgIlB1YmxpY1BhcmFtZXRlcnMiOiB7CiAgICAgICAgIlB1 YmxpY0tleUVDREgiOiB7CiAgICAgICAgICAiY3J2IjogIlg0NDgiLAogICAgICAgI CAgIlB1YmxpYyI6ICJVMUpsQXRMN2laTzl3ZVVlWDNaS1BmcHctNzlBbXlydnNVbj RvVzB4Qjc2TnR6cXlrSTRCCiAgNFh2U0xiRzdmR093UC1jWTkyajlhcE9BIn19fX1 9", { "signatures":[{ "alg":"S512", "kid":"MA6N-NN7E-CNN2-75BX-BGLB-ME6F-7FCH", "signature":"-fKRQYisB0gxu75Xe0OKC77g2uptgJyzvmLIKIMg vXsvn3Gf0BpGlJN6wwNadK4VWHY9HU9z8w-ARK_ozkDLHIUtxwntd_ws0s03AqNLm K-Fjc3jf-A7lanS7OeoCAsnXfQ7Kqa91pMHbotBtPvR0RwA"} ], "PayloadDigest":"__OnArXqFpZbdPVxS1HVHKpKhvJ1nhD8QA0mOLzM LOOgEyWe9khDNTY1M35w1rlthBjSLMV_6heRhUhqEi8VoA"} ], "PrivateKey":{ "PrivateKeyUDF":{ "PrivateValue":"ZAAQ-BLGK-V4DZ-ZFV7-QJZY-OOAU-SNMB-4C6Y-57P H-L7OQ-A3VF-655A-GYQM-H4SF", "KeyType":"MeshProfileDevice"}}, "ConnectUri":"mcu://maker@example.com/EBPB-YSBL-44F5-5ADN-PJHJ- CCJP-EU"}}¶
The preconfiguration record is retreived and decrypted by means of an EARL:¶
QR = {Connect.ConnectEARL}¶
The EARL is converted to a QR code and printed on the device.¶
The private seed and connection record is provisioned to the device to be written to the device firmware:¶
>>>> Unfinished ProtocolConnectEARL/device publication¶
Oh **** the data published to the spool is simply the encrypted ProfileDevice!!!!¶
8.2.2. Phase 2 & 3
The administration device scans the QR code and obtains the Device Description using the Claim operation as shown in section $$$$. The administration device creates the ActivationDevice and CatalogedDevice records and populates the service as before.¶
Alice> account connect ^ mcu://maker@example.com/EBPB-YSBL-44F5-5ADN-PJHJ-CCJP-EU /web¶
9. Protocol Schema
- HTTP Well Known Service Prefix: /.well-known/mmm
Every Mesh Portal Service transaction consists of exactly one request followed by exactly one response. Mesh Service transactions MAY cause modification of the data stored in the Mesh Service or the Mesh itself but do not cause changes to the connection state. The protocol itself is thus idempotent. There is no set sequence in which operations are required to be performed. It is not necessary to perform a Hello transaction prior to any other transaction.¶
9.1. Request Messages
A Mesh Portal Service request consists of a payload object that inherits from the MeshRequest class. When using the HTTP binding, the request MUST specify the portal DNS address in the HTTP Host field.¶
9.1.1. Message: MeshRequest
Base class for all request messages.¶
[No fields]¶
9.1.2. Message: MeshRequestUser
Base class for all request messages made by a user.¶
9.2. Response Messages
A Mesh Portal Service response consists of a payload object that inherits from the MeshResponse class. When using the HTTP binding, the response SHOULD report the Status response code in the HTTP response message. However the response code returned in the payload object MUST always be considered authoritative.¶
9.2.1. Message: MeshResponse
Base class for all response messages. Contains only the status code and status description fields.¶
[No fields]¶
9.3. Imported Objects
The Mesh Service protocol makes use of JSON objects defined in the JOSE Signatgure and Encryption specifications and in the DARE Data At Rest Encryption extensions to JOSE.¶
9.4. Common Structures
The following common structures are used in the protocol messages:¶
9.4.1. Structure: KeyValue
Describes a Key/Value structure used to make queries for records matching one or more selection criteria.¶
9.4.2. Structure: ConstraintsSelect
Specifies constraints to be applied to a search result. These allow a client to limit the number of records returned, the quantity of data returned, the earliest and latest data returned, etc.¶
- Container: String (Optional)
-
The container to be searched.¶
- IndexMin: Integer (Optional)
-
Only return objects with an index value that is equal to or higher than the value specified.¶
- IndexMax: Integer (Optional)
-
Only return objects with an index value that is equal to or lower than the value specified.¶
- NotBefore: DateTime (Optional)
-
Only data published on or after the specified time instant is requested.¶
- Before: DateTime (Optional)
-
Only data published before the specified time instant is requested. This excludes data published at the specified time instant.¶
- PageKey: String (Optional)
-
Specifies a page key returned in a previous search operation in which the number of responses exceeded the specified bounds.¶
When a page key is specified, all the other search parameters except for MaxEntries and MaxBytes are ignored and the service returns the next set of data responding to the earlier query.¶
9.4.3. Structure: ConstraintsData
Specifies constraints on the data to be sent.¶
- MaxEntries: Integer (Optional)
-
Maximum number of entries to send.¶
- BytesOffset: Integer (Optional)
-
Specifies an offset to be applied to the payload data before it is sent. This allows large payloads to be transferred incrementally.¶
- BytesMax: Integer (Optional)
-
Maximum number of payload bytes to send.¶
- Header: Boolean (Optional)
-
Return the entry header¶
- Payload: Boolean (Optional)
-
Return the entry payload¶
- Trailer: Boolean (Optional)
-
Return the entry trailer¶
9.4.4. Structure: PolicyAccount
Describes the account creation policy including constraints on account names, whether there is an open account creation policy, etc.¶
- Minimum: Integer (Optional)
-
Specifies the minimum length of an account name.¶
- Maximum: Integer (Optional)
-
Specifies the maximum length of an account name.¶
- InvalidCharacters: String (Optional)
-
A list of characters that the service does not accept in account names. The list of characters MAY not be exhaustive but SHOULD include any illegal characters in the proposed account name.¶
9.4.5. Structure: ContainerStatus
- Container: String (Optional)
- Index: Integer (Optional)
- Digest: Binary (Optional)
9.4.6. Structure: ContainerUpdate
- Inherits: ContainerStatus
- Envelopes: DareEnvelope [0..Many]
-
The entries to be uploaded.¶
9.5. Transaction: Hello
- Request: HelloRequest
- Response: MeshHelloResponse
Report service and version information.¶
The Hello transaction provides a means of determining which protocol versions, message encodings and transport protocols are supported by the service.¶
The PostConstraints field MAY be used to advise senders of a maximum size of payload that MAY be sent in an initial Post request.¶
9.5.1. Message: MeshHelloResponse
- ConstraintsUpdate: ConstraintsData (Optional)
-
Specifies the default data constraints for updates.¶
- ConstraintsPost: ConstraintsData (Optional)
-
Specifies the default data constraints for message senders.¶
- PolicyAccount: PolicyAccount (Optional)
-
Specifies the account creation policy¶
- EnvelopedProfileService: Enveloped (Optional)
-
The enveloped master profile of the service.¶
- EnvelopedProfileHost: Enveloped (Optional)
-
The enveloped profile of the host.¶
9.6. Transaction: BindAccount
- Request: BindRequest
- Response: BindResponse
Request creation of a new service account or group.¶
Attempt¶
9.6.1. Message: BindRequest
Request binding of an account to a service address.¶
9.6.2. Message: BindResponse
- Inherits: MeshResponse
Reports the success or failure of a Create transaction.¶
9.7. Transaction: UnbindAccount
- Request: UnbindRequest
- Response: UnbindResponse
Request deletion of a service account.¶
9.7.1. Message: UnbindRequest
Request creation of a new portal account. The request specifies the requested account identifier and the Mesh profile to be associated with the account.¶
- Inherits: MeshRequestUser
[No fields]¶
9.7.2. Message: UnbindResponse
- Inherits: MeshResponse
Reports the success or failure of a Delete transaction.¶
[No fields]¶
9.8. Transaction: Connect
- Request: ConnectRequest
- Response: ConnectResponse
Request information necessary to begin making a connection request.¶
9.9. Transaction: Complete
- Request: CompleteRequest
- Response: CompleteResponse
9.9.1. Message: CompleteRequest
- Inherits: StatusRequest
- AccountAddress: String (Optional)
- ResponseID: String (Optional)
9.9.2. Message: CompleteResponse
- Inherits: MeshResponse
- EnvelopedRespondConnection: Enveloped (Optional)
-
The signed assertion describing the result of the connect request¶
9.10. Transaction: Status
- Request: StatusRequest
- Response: StatusResponse
9.10.1. Message: StatusRequest
- Inherits: MeshRequestUser
- DeviceUDF: String (Optional)
- ProfileMasterDigest: Binary (Optional)
- Catalogs: String [0..Many]
- Spools: String [0..Many]
9.11. Transaction: Download
- Request: DownloadRequest
- Response: DownloadResponse
Request objects from the specified container with the specified search criteria.¶
9.11.1. Message: DownloadRequest
- Inherits: MeshRequestUser
Request objects from the specified container(s).¶
A client MAY request only objects matching specified search criteria be returned and MAY request that only specific fields or parts of the payload be returned.¶
- Select: ConstraintsSelect [0..Many]
-
Specifies constraints to be applied to a search result. These allow a client to limit the number of records returned, the quantity of data returned, the earliest and latest data returned, etc.¶
- ConstraintsPost: ConstraintsData (Optional)
-
Specifies the data constraints to be applied to the responses.¶
9.11.2. Message: DownloadResponse
- Inherits: MeshResponse
Return the set of objects requested.¶
Services SHOULD NOT return a response that is disproportionately large relative to the speed of the network connection without a clear indication from the client that it is relevant. A service MAY limit the number of objects returned. A service MAY limit the scope of each response.¶
- Updates: ContainerUpdate [0..Many]
-
The updated data¶
9.12. Transaction: Transact
- Request: TransactRequest
- Response: TransactResponse
Attempt an atomic transaction on the containers and spools associated with an account.¶
9.12.1. Message: TransactRequest
- Inherits: MeshRequestUser
Upload entries to a container. This request is only valid if it is issued by the owner of the account¶
- Updates: ContainerUpdate [0..Many]
-
The data to be updated¶
- Accounts: String [0..Many]
-
The account(s) to which the request is directed.¶
- Outbound: Enveloped [0..Many]
-
The messages to be sent to other accounts¶
- Inbound: Enveloped [0..Many]
-
Messages to be appended to the user's inbound spool. this is typically used to post notifications to the user to mark messages as having been read or responded to.¶
- Local: Enveloped [0..Many]
-
Messages to be appended to the user's local spool. This is used to allow connecting devices to collect activation messages before they have connected to the mesh.¶
9.12.2. Message: TransactResponse
- Inherits: MeshResponse
Response to an upload request.¶
- Entries: EntryResponse [0..Many]
-
The responses to the entries.¶
- ConstraintsData: ConstraintsData (Optional)
-
If the upload request contains redacted entries, specifies constraints that apply to the redacted entries as a group. Thus the total payloads of all the messages must not exceed the specified value.¶
9.12.3. Structure: EntryResponse
- IndexRequest: Integer (Optional)
-
The index value of the entry in the request.¶
- IndexContainer: Integer (Optional)
-
The index value assigned to the entry in the container.¶
- Result: String (Optional)
-
Specifies the result of attempting to add the entry to a catalog or spool. Valid values for a message are 'Accept', 'Reject'. Valid values for an entry are 'Accept', 'Reject' and 'Conflict'.¶
- ConstraintsData: ConstraintsData (Optional)
-
If the entry was redacted, specifies constraints that apply to the redacted entries as a group. Thus the total payloads of all the messages must not exceed the specified value.¶
9.13. Transaction: Post
- Request: PostRequest
- Response: PostResponse
Request to post to a spool from an external party. The request and response messages are extensions of the corresponding messages for the Upload transaction. It is expected that additional fields will be added as the need arises.¶
9.13.2. Message: PostResponse
- Inherits: TransactResponse
[No fields]¶
9.14. Transaction: Claim
- Request: ClaimRequest
- Response: ClaimResponse
Claim a publication¶
9.14.1. Message: ClaimRequest
- Inherits: MeshRequest
- EnvelopedMessageClaim: Enveloped (Optional)
-
The claim message¶
9.14.2. Message: ClaimResponse
- Inherits: MeshResponse
- CatalogedPublication: CatalogedPublication (Optional)
-
The encrypted device profile¶
9.15. Transaction: PollClaim
- Request: PollClaimRequest
- Response: PollClaimResponse
Check party making claim¶
9.15.2. Message: PollClaimResponse
- Inherits: MeshResponse
- EnvelopedMessage: Enveloped (Optional)
-
The claim message¶
9.15.5. Structure: CryptographicOperationKeyAgreement
- Inherits: CryptographicOperation
[No fields]¶
9.15.6. Structure: CryptographicOperationGenerate
- Inherits: CryptographicOperation
[No fields]¶
9.15.8. Structure: CryptographicResult
- Error: String (Optional)
9.15.9. Structure: CryptographicResultKeyAgreement
- Inherits: CryptographicResult
[No fields]¶
9.16. Transaction: Operate
- Request: OperateRequest
- Response: OperateResponse
Perform a set of cryptographic operations¶
9.16.1. Message: OperateRequest
- Inherits: MeshRequest
- AccountAddress: String (Optional)
-
The service account the capability is bound to¶
9.16.2. Message: OperateResponse
- Inherits: MeshResponse
[No fields]¶
10. Security Considerations
The security considerations for use and implementation of Mesh services and applications are described in the Mesh Security Considerations guide [draft-hallambaker-mesh-security].¶
11. IANA Considerations
All the IANA considerations for the Mesh documents are specified in this document¶
12. Acknowledgements
A list of people who have contributed to the design of the Mesh is presented in [draft-hallambaker-mesh-architecture].¶
13. Normative References
- [draft-hallambaker-jsonbcd]
- Hallam-Baker, P., "Binary Encodings for JavaScript Object Notation: JSON-B, JSON-C, JSON-D", Work in Progress, Internet-Draft, draft-hallambaker-jsonbcd-21, , <https://datatracker.ietf.org/doc/html/draft-hallambaker-jsonbcd-21>.
- [draft-hallambaker-mesh-architecture]
- Hallam-Baker, P., "Mathematical Mesh 3.0 Part I: Architecture Guide", Work in Progress, Internet-Draft, draft-hallambaker-mesh-architecture-17, , <https://datatracker.ietf.org/doc/html/draft-hallambaker-mesh-architecture-17>.
- [draft-hallambaker-mesh-rud]
- Hallam-Baker, P., "Mathematical Mesh 3.0 Part VI: Reliable User Datagram", Work in Progress, Internet-Draft, draft-hallambaker-mesh-rud-00, , <https://datatracker.ietf.org/doc/html/draft-hallambaker-mesh-rud-00>.
- [draft-hallambaker-mesh-schema]
- Hallam-Baker, P., "Mathematical Mesh 3.0 Part IV: Schema Reference", Work in Progress, Internet-Draft, draft-hallambaker-mesh-schema-08, , <https://datatracker.ietf.org/doc/html/draft-hallambaker-mesh-schema-08>.
- [draft-hallambaker-mesh-security]
- Hallam-Baker, P., "Mathematical Mesh 3.0 Part VII: Security Considerations", Work in Progress, Internet-Draft, draft-hallambaker-mesh-security-07, , <https://datatracker.ietf.org/doc/html/draft-hallambaker-mesh-security-07>.
- [draft-hallambaker-mesh-udf]
- Hallam-Baker, P., "Mathematical Mesh 3.0 Part II: Uniform Data Fingerprint.", Work in Progress, Internet-Draft, draft-hallambaker-mesh-udf-13, , <https://datatracker.ietf.org/doc/html/draft-hallambaker-mesh-udf-13>.
- [RFC2119]
- Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, , <https://www.rfc-editor.org/rfc/rfc2119>.
14. Informative References
- [draft-hallambaker-mesh-developer]
- Hallam-Baker, P., "Mathematical Mesh: Reference Implementation", Work in Progress, Internet-Draft, draft-hallambaker-mesh-developer-10, , <https://datatracker.ietf.org/doc/html/draft-hallambaker-mesh-developer-10>.