Internet-Draft Mesh Protocol Reference September 2021
Hallam-Baker Expires 24 March 2022 [Page]
Workgroup:
Network Working Group
Internet-Draft:
draft-hallambaker-mesh-protocol
Published:
Intended Status:
Informational
Expires:
Author:
P. M. Hallam-Baker
ThresholdSecrets.com

Mathematical Mesh 3.0 Part V: Protocol Reference

Abstract

The Mathematical Mesh 'The Mesh' is an end-to-end secure infrastructure that facilitates the exchange of configuration and credential data between multiple user devices. The core protocols of the Mesh are described with examples of common use cases and reference data.

[Note to Readers]

Discussion of this draft takes place on the MATHMESH mailing list (mathmesh@ietf.org), which is archived at https://mailarchive.ietf.org/arch/search/?email_list=mathmesh.

This document is also available online at http://mathmesh.com/Documents/draft-hallambaker-mesh-protocol.html.

Status of This Memo

This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.

Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at https://datatracker.ietf.org/drafts/current/.

Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."

This Internet-Draft will expire on 24 March 2022.

Table of Contents

1. Introduction

This document describes the Mesh Service protocol supported by Mesh Services, an account-based protocol that facilitates exchange of data between devices connected to a Mesh profile and between Mesh accounts.

Mesh Service Accounts support the following services:

  • Provides the master persistence store for the Catalogs and Spools associated with the account.
  • Enables synchronization of Catalogs and Spools with connected devices.
  • Enforces access control on inbound Mesh Messages from other users and other Mesh Services.
  • Authenticates outbound Mesh Messages, certifying that they comply with abuse mitigation policies.

A Mesh Profile MAY be bound to multiple Mesh Service Accounts at the same time but only one Mesh Service Account is considered to be authoritative at a time. Users may add or remove Mesh Service Accounts and change the account designated as authoritative at any time.

The Mesh Services are build from a very small set of primitives which provide a surprisingly extensive set of capabilities. These primitives are:

Hello

Describes the features and options provided by the service and provides a 'null' transaction which MAY be used to establish an authentication ticket without performing any action,

CreateAccount, DeleteAccount

Manage the creation and deletion of accounts at the service.

Status, Download, Upload

Support synchronization of Mesh containers between the service (Master) and the connected devices (Replicas).

Connect

Initiate the process of connecting a device to a Mesh profile from the device itself.

Post

Request that a Mesh Message be transferred to one or more Mesh Accounts.

Although these functions could in principle be used to replace many if not most existing Internet application protocols, the principal value of any communication protocol lies in the size of the audience it allows them to communicate with. Thus, while the Mesh Messaging service is designed to support efficient and reliable transfer of messages ranging in size from a few bytes to multiple terabytes, the near-term applications of these services will be to applications that are not adequately supported by existing protocols if at all.

2. Definitions

This section presents the related specifications and standard, the terms that are used as terms of art within the documents and the terms used as requirements language.

2.1. Requirements Language

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2119].

2.2. Defined Terms

The terms of art used in this document are described in the Mesh Architecture Guide [draft-hallambaker-mesh-architecture].

2.4. Implementation Status

The implementation status of the reference code base is described in the companion document [draft-hallambaker-mesh-developer].

3. Mesh Protocols

The Mesh specifies two separate types of protocol interactions:

Mesh Service Protocol

A synchronous protocol supporting interactions between devices and a Mesh Service Host and between Mesh Service hosts.

Mesh Messaging Protocol

An asynchronous protocol that supports interactions between devices connected to the same account and between accounts.

The Mesh Messaging Protocol uses the Mesh Service Protocol as transport. The Mesh Service Protocol in turn is supported by either the HTTPS binding over TCP or by the Mesh Datagram binding over UDP.

v e o r s S a a g M h r H e m h c D L o e l M M g e s s r T e s M P h P o S C U s i a g o e t c l T a T t P S o T t i P r o P D n c
Figure 1: Protocol Layering

Mesh Services MUST support the HTTPS binding and MAY support the Mesh Datagram binding.

4. Mesh Service

A Mesh Service is a minimally trusted service. In particular a user does not need to trust a Mesh service to protect the confidentiality or integrity of most data stored in the account catalogs and spools.

Unless the use of the Mesh Service is highly restricted, a user does need to trust the Mesh Service in certain respects:

Data Loss

A service could refuse to respond to requests to download data.

Integrity (Stale Data)

The use of Merkle Trees limits but does not eliminate the ability of a Mesh Service to respond to requests with stale data.

Messaging

A service could reject requests to post messages to or accept messages from other mesh users.

This risk is a necessary consequence of the fact that the Mesh Service Provider is accountable to other Mesh Service Providers for abuse originating from their service.

Traffic analysis

A Mesh Service has knowledge of the number of Mesh Messages being sent and received by its users and the addresses to which they are being sent to or received from.

The need to trust the Mesh Service in these respects is mitigated by accountability and the user's ability to change Mesh Service providers at any time they choose with minimal inconvenience.

It is possible that some of these risks will be reduced in future versions of the Mesh Service Protocol but it is highly unlikely that these can be eliminated entirely without compromising practicality or efficiency.

4.1. Data Model

The design of the Mesh Service model followed a quasi-formal approach in which the system was reduced to schemas which could in principle be rendered in a formal development method but without construction of proofs.

Like the contents of Mesh Accounts, a Mesh Service may be represented by a collection of catalogs and spools, for example:

Account Catalog

Contains the account entries.

Incident Spool

Reports of potential abuse

Backup of the service MAY be implemented using the same container synchronization mechanism used to synchronize account catalogs and spools.

4.2. Partitioning

Mesh Services supporting a large number of accounts or large activity volume MAY partition the account catalog between one or more hosts using the usual tiered service model in which a front-end server receives traffic for any account hosted at the server and routes the request to the back-end service that provides the persistence store for that account.

In addition, the Mesh Service Protocol supports a 'direct connection' partitioning model in which devices are given a DNS name which MAY allow for direct connection to the persistence host or to a front-end service offering service that is in some way specific to that account.

5. Protocol Bindings

The protocol binding maps the abstract protocol definition specified in this document to the network protocol format.

  • Discovery of network services.
  • Construction of the payload data by serializing request and response messages.
  • Authentication of the payload data.
  • Confidentiality controls to protect against traffic analysis

Currently only one protocol binding is specified: JSON-BCD Application Binding [draft-hallambaker-jsonbcd] over Reliable User Datagram (RUD) [draft-hallambaker-mesh-rud].

JSON-BCD Application Binding specifies the means by which data types such as 'integer' and 'datetime' etc. given in this document are serialized using JSON/JSON-B encoding.

Reliable User Datagram offers a presentation layer over a choice of HTTP or UDP transport.

6. Mesh Service Operations

The Mesh Service operations are divided into the following functional groups:

Service Description

Describes the service.

Account Management

Operations used to create, reclaim, and delete accounts.

Persistence Store Management

Operations used to synchronize persistence store data across connected devices. [May be replaced in a future revision]

Device Connection

Operations used by devices requesting connection to the account.

Publication

Operations allowing a watched document to be posted to the service and claims made on the document returned to a device.

Cryptographic

Cryptographic operations, including threshold operations performed by the service.

Messaging

Exchange of messages between Mesh Services.

6.1. Service Description

The Hello transaction is used to determine the features supported by the service and obtain the service profile.

The request payload only specifies that is is a request for the service description:

{
  "HelloRequest":{}}

The response payload describes the service and the host providing that service:

{
  "MeshHelloResponse":{
    "Status":201,
    "Version":{
      "Major":3,
      "Minor":0,
      "Encodings":[{
          "ID":["application/json"
            ]}
        ]},
    "EnvelopedProfileService":[{
        "EnvelopeId":"MCZ3-M2PS-SFXP-4L6X-RKGP-MKJA-R5WK",
        "dig":"S512",
        "ContentMetaData":"ewogICJVbmlxdWVJZCI6ICJNQ1ozLU0yUFMtU0
  ZYUC00TDZYLVJLR1AtTUtKQS1SNVdLIiwKICAiTWVzc2FnZVR5cGUiOiAiUHJvZml
  sZVNlcnZpY2UiLAogICJjdHkiOiAiYXBwbGljYXRpb24vbW1tL29iamVjdCIsCiAg
  IkNyZWF0ZWQiOiAiMjAyMS0wOS0yMFQxODoxNToxOVoifQ"},
      "ewogICJQcm9maWxlU2VydmljZSI6IHsKICAgICJQcm9maWxlU2lnbmF0dX
  JlIjogewogICAgICAiVWRmIjogIk1DWjMtTTJQUy1TRlhQLTRMNlgtUktHUC1NS0p
  BLVI1V0siLAogICAgICAiUHVibGljUGFyYW1ldGVycyI6IHsKICAgICAgICAiUHVi
  bGljS2V5RUNESCI6IHsKICAgICAgICAgICJjcnYiOiAiRWQ0NDgiLAogICAgICAgI
  CAgIlB1YmxpYyI6ICJWdkNVaGVxWG9NUm5wVzBrYjFaRVNlcE43cHhJZlcxMzh3VX
  loelFmY2hqQl9lVEpCMVVkCiAgV25XMVNraHk4UHYzMlp5VnE0WXdFbkVBIn19fSw
  KICAgICJTZXJ2aWNlQXV0aGVudGljYXRpb24iOiB7CiAgICAgICJVZGYiOiAiTUI2
  NC1GN0dMLTU1RFktRDVOVi1HSkxULVdUNTctRFc2ViIsCiAgICAgICJQdWJsaWNQY
  XJhbWV0ZXJzIjogewogICAgICAgICJQdWJsaWNLZXlFQ0RIIjogewogICAgICAgIC
  AgImNydiI6ICJYNDQ4IiwKICAgICAgICAgICJQdWJsaWMiOiAiZjJ5ZHpJcW9HWkt
  3MEZaMG1YZ0pvcXBka3BMQ3RRVncteXdUbjJSYnh3Z0kxbUEwbGJCUgogIDU1MkFE
  cGlKajJSek5KYnRJQWVzVU1ZQSJ9fX0sCiAgICAiU2VydmljZUVuY3J5cHRpb24iO
  iB7CiAgICAgICJVZGYiOiAiTUNIMy0zSEpTLUE2UVAtUlJKNS1IT1JCLTNZVEItSj
  RXVSIsCiAgICAgICJQdWJsaWNQYXJhbWV0ZXJzIjogewogICAgICAgICJQdWJsaWN
  LZXlFQ0RIIjogewogICAgICAgICAgImNydiI6ICJYNDQ4IiwKICAgICAgICAgICJQ
  dWJsaWMiOiAiekc3d0VWcl95b2UxZWRIc084TjBTZHpldTFZM3phbkkzRU9rWVNCc
  WpXcU1KQmtYSHY1XwogIHBTa1BnT1VaaEViZjNoYV8yZmMzU080QSJ9fX0sCiAgIC
  AiU2VydmljZVNpZ25hdHVyZSI6IHsKICAgICAgIlVkZiI6ICJNQlVULUlQQlotUlp
  ESS1CTVNTLVZUTFMtTDVHUy1OMlBDIiwKICAgICAgIlB1YmxpY1BhcmFtZXRlcnMi
  OiB7CiAgICAgICAgIlB1YmxpY0tleUVDREgiOiB7CiAgICAgICAgICAiY3J2IjogI
  kVkNDQ4IiwKICAgICAgICAgICJQdWJsaWMiOiAiVDdDX2xfOURhRnZRNzNGUjk4dS
  1HdGRGVWMxdWQ1bFd6WXhZNS11TkZhQVFjUGtUdmJKUwogIHlqVGVYWXVWQzRWMFV
  jelNPbjlPbEpxQSJ9fX19fQ",
      {
        "signatures":[{
            "alg":"S512",
            "kid":"MCZ3-M2PS-SFXP-4L6X-RKGP-MKJA-R5WK",
            "signature":"35JI1R3uB5lt3qDkIyD5JPNTRtaa4Jzyu5EMW5uk
  Z1seFoi6ph3h4qWb9aXEm_fJo-gERJTCEsKA2fa5WbP35NPF8bH6NCvVfWs-cdlCB
  PpJcw9btz1DEU3LjDsZinva--qe9j1JHV_aUQg9YuYMKy8A"}
          ],
        "PayloadDigest":"Ort3czll0X2Onn-pKQs2e8o9H0sekQO45Cgzv9io
  mG1MwNCptdzZOz-RVS8RX7T0kDjfejmC9cu_-56VxBmTSg"}
      ]}}

The current revision of the specification is designed for small scale deployments in which the service is provided by a single host. The approach will require revision in future versions to fully support a service being provided by multiple hosts with accounts being transferred between the hosts to allow balancing of load.

6.2. Account Management

There are three account management operations:

BindAccount

Create an account bound to a service address.

UnbindAccount

Delete an account bound to a service address

RecoverAccount

[TBS] Reclaim an account using a recovered primary secret.

The BindAccount operation is used to create User and Group accounts. Currently, these account types are distinct. This may change in future releases.

6.2.1. Bind Account

A User Account is bound to a Mesh Service by completing a BindAccount operation with the service.

The BindRequest message specifies the account address and ProfileUser of the account to be serviced.

The BindAccount transaction is unique in that it can fail to complete for reasons that are outside the scope of the Mesh specifications. Creation of an account might require payment to be made or authentication of the user's credentials. It is thus quite normal for the result of a CreateRequest to be the account being created in an 'on hold' state which can only be changed out of band.

If the request is at least partially successful, a BindResponse message is returned. In the case of partial success, a description of the request status and link to a Web page providing further details MAY be returned.

The request payload contains all the information needed to create the account:

  • The account address
  • The account profile
  • Initialization data for the persistence stores.

In order for the account to be usable, the initialization data MUST include access control entries authorizing at least one device to administer the account.

Future: It might be better to establish a separate entry for a temporary access key that can be used during the initialization of the account and then deleted. This might allow for more consistency between Bind / Recover / Transfer operations.

Alice requests creation of the account alice@example.com. The request payload is:

{
  "BindRequest":{
    "AccountAddress":"alice@example.com",
    "EnvelopedProfileAccount":[{
        "EnvelopeId":"MC6L-GFYJ-7EOP-2OWN-24ZJ-4RC7-EXTW",
        "dig":"S512",
        "ContentMetaData":"ewogICJVbmlxdWVJZCI6ICJNQzZMLUdGWUotN0
  VPUC0yT1dOLTI0WkotNFJDNy1FWFRXIiwKICAiTWVzc2FnZVR5cGUiOiAiUHJvZml
  sZVVzZXIiLAogICJjdHkiOiAiYXBwbGljYXRpb24vbW1tL29iamVjdCIsCiAgIkNy
  ZWF0ZWQiOiAiMjAyMS0wOS0yMFQxODoxNToyMloifQ"},
      "ewogICJQcm9maWxlVXNlciI6IHsKICAgICJQcm9maWxlU2lnbmF0dXJlIj
  ogewogICAgICAiVWRmIjogIk1DNkwtR0ZZSi03RU9QLTJPV04tMjRaSi00UkM3LUV
  YVFciLAogICAgICAiUHVibGljUGFyYW1ldGVycyI6IHsKICAgICAgICAiUHVibGlj
  S2V5RUNESCI6IHsKICAgICAgICAgICJjcnYiOiAiRWQ0NDgiLAogICAgICAgICAgI
  lB1YmxpYyI6ICJSTHNrbTRnVzZrQm5aS3dMMlBDQkF1aHJyaXVBU1g5X2lZUkt4UT
  UyRFN0V0dsT2wydWdFCiAgeVAzdTZBVEM1WW1JOFU5TXFyT1cxTW9BIn19fSwKICA
  gICJBY2NvdW50QWRkcmVzcyI6ICJhbGljZUBleGFtcGxlLmNvbSIsCiAgICAiU2Vy
  dmljZVVkZiI6ICJNQ1ozLU0yUFMtU0ZYUC00TDZYLVJLR1AtTUtKQS1SNVdLIiwKI
  CAgICJBY2NvdW50RW5jcnlwdGlvbiI6IHsKICAgICAgIlVkZiI6ICJNRFFZLUo3Mk
  EtVlBBTy1XRE9ELUdZWTctNFpaNS1QTFZMIiwKICAgICAgIlB1YmxpY1BhcmFtZXR
  lcnMiOiB7CiAgICAgICAgIlB1YmxpY0tleUVDREgiOiB7CiAgICAgICAgICAiY3J2
  IjogIlg0NDgiLAogICAgICAgICAgIlB1YmxpYyI6ICJJZTJtOTRzY21qN05yX1lxT
  TE1U3h0R2tmbkJMWWxUa25rSWVsVlhxYXJpSUF1el92QjJICiAgRHFNSElnM1otUE
  tpWEZlcVVqTDRnTmtBIn19fSwKICAgICJBZG1pbmlzdHJhdG9yU2lnbmF0dXJlIjo
  gewogICAgICAiVWRmIjogIk1EUFktQUI2Mi1STEwyLUZEWkYtR0hZQi1MUzJHLUhN
  WlgiLAogICAgICAiUHVibGljUGFyYW1ldGVycyI6IHsKICAgICAgICAiUHVibGljS
  2V5RUNESCI6IHsKICAgICAgICAgICJjcnYiOiAiRWQ0NDgiLAogICAgICAgICAgIl
  B1YmxpYyI6ICIwZ3JnTFRFNDljWlF6SURkT2k1ZjRsSXgzT2xsZFBqOVA3dUNzcU0
  wWmdLWHJHNnVBWHAtCiAgUWg3ZUdxOE5WNkRQQjBib3YzX1BZSUlBIn19fSwKICAg
  ICJBY2NvdW50QXV0aGVudGljYXRpb24iOiB7CiAgICAgICJVZGYiOiAiTUNaQi1YT
  VdNLUtVVlAtUFpaSC1CV1RRLUY0QVYtT0dOUCIsCiAgICAgICJQdWJsaWNQYXJhbW
  V0ZXJzIjogewogICAgICAgICJQdWJsaWNLZXlFQ0RIIjogewogICAgICAgICAgImN
  ydiI6ICJYNDQ4IiwKICAgICAgICAgICJQdWJsaWMiOiAidzE0OURtZ2RlOXNwaGJI
  aWdIVkQ1czFiZlppa2l4ZzNUTEtBRzNWZ2pKZTRETUFWRVJCcwogIE1JbTBBY19nR
  VZvS29yb1gxdEdFRkowQSJ9fX0sCiAgICAiQWNjb3VudFNpZ25hdHVyZSI6IHsKIC
  AgICAgIlVkZiI6ICJNQ1VNLVNRMzUtWkpVUS1UTVRLLUhCNFgtNTdRUS1ZSzJaIiw
  KICAgICAgIlB1YmxpY1BhcmFtZXRlcnMiOiB7CiAgICAgICAgIlB1YmxpY0tleUVD
  REgiOiB7CiAgICAgICAgICAiY3J2IjogIkVkNDQ4IiwKICAgICAgICAgICJQdWJsa
  WMiOiAibUR5cDZtTGlSYXRPWGlCdHg5YlZabTJiaHBQaXFtVEJMdG1WeHpwOWRCTW
  lVWl9YOElkdAogIHY1MUJvcFcycWF5blJ1LWxFNU1WYW5LQSJ9fX19fQ",
      {
        "signatures":[{
            "alg":"S512",
            "kid":"MC6L-GFYJ-7EOP-2OWN-24ZJ-4RC7-EXTW",
            "signature":"aeCuTY0X-J9_L6HGafZKbg5ZueP6PjoydfQDXB28
  B0CpGfqhPjTc6bjLF-vZWzSV4wZ9wotFvXyAR_QRXW7EtpbRz4s2j-bdzGR6z0jzJ
  GnFWaxUYfAzCoFUHfhUDzJTthMNkQiJ-sUyRyriqaF0HjUA"}
          ],
        "PayloadDigest":"ZPrAcmAuks4uOaLyaHIyrISbFbCuNwXI3h7IVDB4
  hzyitFAsVEg8G5QukhJexWuntd_8f4VwQaAmZnjT3lPEhw"}
      ],
    "Updates":[{
        "Container":"MMM_Access",
        "Envelopes":[[{
              "enc":"A256CBC",
              "dig":"S512",
              "kid":"EBQD-MFCK-GMFI-EJLU-JWF2-5YJB-J2SB",
              "Salt":"MGj4PLH5oEB0phrcEoUfhQ",
              "recipients":[{
                  "kid":"MDQY-J72A-VPAO-WDOD-GYY7-4ZZ5-PLVL",
                  "epk":{
                    "PublicKeyECDH":{
                      "crv":"X448",
                      "Public":"DEvl-JoQy57jXQIU681ocrUxWx8hbEdlK
  E0Fn-Mqu7PrzJ3sSYGho5oesrT8XeOAO8RStyCXyVWA"}},
                  "wmk":"jXXpYAWULwnpOZwIGajhOnCNiGKQ5_tspWbJ-kyB
  Ccjd3gbSXDTllg"}
                ],
              "policy":{
                "enc":"none",
                "dig":"none",
                "EncryptKeys":[{
                    "PublicKeyECDH":{
                      "crv":"X448",
                      "Public":"Ie2m94scmj7Nr_YqM15SxtGkfnBLYlTkn
  kIelVXqariIAuz_vB2HDqMHIg3Z-PKiXFeqUjL4gNkA"}}
                  ],
                "Sealed":true},
              "ContentMetaData":"ewogICJjdHkiOiAiYXBwbGljYXRpb24v
  bW1tLWNhdGFsb2cifQ",
              "SequenceInfo":{
                "DataEncoding":"JSON",
                "ContainerType":"Merkle",
                "Index":0}},
            "zyhYVztZr_46YOc79wOqvg",
            {
              "PayloadDigest":"WHWDVPPAr7l7pVkNrvtILKf4KP_BjYMHzk
  1RyJ-rVWwX2qBOLuJYIlTZM_EI16cqxNVXPk-kwMET8VpVF4Guug",
              "TreeDigest":"88cOmpTaXmWH1Bh0-1t9tWWQ_hTdVWPm_dZ8-
  4UwPOngKuxxyMb4fFNa7MG2sxPKgFvWmnzLHPsfSOx9MebgiA"}
            ],
          [{
              "enc":"A256CBC",
              "dig":"S512",
              "kid":"EBQM-E4VE-W2JV-NFAM-QKIB-HEBR-6SNT",
              "Salt":"yVuWeqskmU5BaEexTuKIjQ",
              "recipients":[{
                  "kid":"MDQY-J72A-VPAO-WDOD-GYY7-4ZZ5-PLVL",
                  "epk":{
                    "PublicKeyECDH":{
                      "crv":"X448",
                      "Public":"XmkgwHxlHkSERGMKJObH6_X25Iqvcl31A
  dSLgFl7TBLGT6ZMY_6zdg1iWWz1Ku2hRvklYBF4nUYA"}},
                  "wmk":"FvT2-j2jJaGjWNEYD7PC83hiUe_MEAJzXIosp7a5
  p9d7nlDm7NjLXw"}
                ],
              "ContentMetaData":"ewogICJVbmlxdWVJZCI6ICJNQUhDLUVG
  UE8tT1JQUy1UTE9CLUFYWkctWEJTQy1FQkpYIiwKICAiRXZlbnQiOiAiTmV3In0",
              "SequenceInfo":{
                "Index":1,
                "TreePosition":0}},
            "IKq50Z4or4qnCBQtJ2_Kg4giXIs9vuP_a-fxtVZh4jYBFSfGPdx4
  PwAfDLQMWeXO70SMxyiDfyL8GIBB8lYQW1f68tUlH0odLNi6FXjqjytKJCM3W7iWn
  DKf4H7Vedkpdci9g0iuJwPXY_7molYBrnQhpPlUzsXT-V6_-ngbtfoRbWxG5k17J-
  ACcxkbon_FndmlinyNNW6eo5UCJcf8uA",
            {
              "PayloadDigest":"aUlSvwsl7mrfcmWgOeRZ-DjikfZD0CIxf7
  k0F43biFDTlSlHAaZfGBMje3PJkozhW2exm1lIy47ZnJJqmvf4nQ",
              "TreeDigest":"ElkBtR7By3w09N45wE-73GdXbLtm9VIqHrt3b
  ZlIGGtf65ybq34emfzxjIU9gPWRERqWgy6xnODImm95DmGr0A"}
            ]
          ]},
      {
        "Container":"MMM_Device",
        "Envelopes":[[{
              "enc":"A256CBC",
              "dig":"S512",
              "kid":"EBQC-LETH-D6TZ-4MVZ-BIXG-NIUJ-7YOG",
              "Salt":"mnJVCyVdweTZOLa3fOdmdw",
              "recipients":[{
                  "kid":"MDQY-J72A-VPAO-WDOD-GYY7-4ZZ5-PLVL",
                  "epk":{
                    "PublicKeyECDH":{
                      "crv":"X448",
                      "Public":"dD1IqK97rRnu8HA5WhCgLNP-2Qu3PszUT
  l7lUCSFC79SpV3j9PbEiB5tZqaInVfz9Jvc70bJPcwA"}},
                  "wmk":"UrOxQRZcgDtkAtyNG-vBleqzAEpVy7ovSq3RDZ-M
  Ma8EWKHCiNE7Sw"}
                ],
              "policy":{
                "enc":"none",
                "dig":"none",
                "EncryptKeys":[{
                    "PublicKeyECDH":{
                      "crv":"X448",
                      "Public":"Ie2m94scmj7Nr_YqM15SxtGkfnBLYlTkn
  kIelVXqariIAuz_vB2HDqMHIg3Z-PKiXFeqUjL4gNkA"}}
                  ],
                "Sealed":true},
              "ContentMetaData":"ewogICJjdHkiOiAiYXBwbGljYXRpb24v
  bW1tLWNhdGFsb2cifQ",
              "SequenceInfo":{
                "DataEncoding":"JSON",
                "ContainerType":"Merkle",
                "Index":0}},
            "8uLxPeRu7X0HUwf4v4ViRA",
            {
              "PayloadDigest":"qnV5ry9sL4C68a0Kg1roD1cHCG5nps-XHn
  GCuzRhdet6OkaPPZvSMq-AAJvh_huTDfA16J9OYLnRJVUL2fh6kQ",
              "TreeDigest":"ValOROMKQy4zSONTIPA4prZqgA1YE1CdBkDmT
  nmTJajI5XkO7Ybed3itG4IuYtbB9JX9vT_J2CkKgvbnIUYe7g"}
            ],
          [{
              "enc":"A256CBC",
              "dig":"S512",
              "kid":"EBQL-MXIB-EELT-2SOW-SCAB-WHJ2-OMXN",
              "Salt":"PQGoOlxH2RNr6PwuNhXl1w",
              "recipients":[{
                  "kid":"MDQY-J72A-VPAO-WDOD-GYY7-4ZZ5-PLVL",
                  "epk":{
                    "PublicKeyECDH":{
                      "crv":"X448",
                      "Public":"UgnDvOH8xxl-JYNgvsSbGm9FTtXSb5KXR
  ff53PY0bcgyrUKNoiRPztRCwC2MKtPF4qGOtVVOezuA"}},
                  "wmk":"q-_sEC7YocmoZQagZz3Lo_ea6WBEkqXxmkEBGwqT
  sm9_GSKZKUzKdg"}
                ],
              "ContentMetaData":"ewogICJVbmlxdWVJZCI6ICJNREpILTMz
  UkwtMlc0Sy1DWktSLVZYR0EtVElDNy1QSzRRIiwKICAiRXZlbnQiOiAiTmV3In0",
              "SequenceInfo":{
                "Index":1,
                "TreePosition":0}},
            "WRbUWur99oRwA1uICKbOXHcwjnB1L8ag0srUYruQ4Z7zpgHs22RK
  SFcJTm3RGOaUyBRmjCCLwSe8I8gNdEF5qzlXipO2SWaYZG1_mldItLY-vw_QrQ19K
  mPAfDqw4sL9ULkA-Wv3UJBMCprBL2hf1TZeY_urgSYs3HUQx24VGVs_JtZ9-sGJqW
  _Pp11XvWBvV0m9ESeICVbntN4Mo7kcwxcF0ErHGI91ecHWW97bUKiPNIty3NSowUb
  8efKDnWVTwtlGCCPc88ZWqcLHGcqzkQje-mBPltUWNqUlHdynPtRPYZ5TGqHprJhn
  VgUfGtOTtIcZcSiK869eTTSnOkZovgQATODTQayy0o56555pqtQ_mhamRYJgkMrIv
  6ckRJTq_CRIrVNKM9BGGl9OCLke8RPLfuZtR4M5_Yo6dVVUo291Z5qTLfx2oy_V-k
  LdFPIPZaVv4b3TZbkVRf-naqHWLiABy2LpTrW0OqAdJ7RKOII4uhPituQO7Q8JkFS
  tNKlU7ntKfKW8AKBdHLFO_0XF76BrFYviQJCGuTbynjvPdriC6gp7cvro19W7g82e
  p73gf8GWPy5-CBsmIQGM8ikqJaYsiS_GVdmwo3J29rpxcgqxujArWiv-9lGFz4uIX
  H1UeNCCpyMO_SQCeKLYi9I0LS_-Irm6ILF4RNBpHcCLVyGAj_fihBhaNqzrrGevQG
  3N8_jcTwZFOagK7h25X4Z_59GZGGyAxO6_a48HxIl3AQEuwZTcWXlwA0CAuffw2-3
  RLPtR1rKxbUTk2UlyWHL2-FZZSbVFiyNbxB0qn6VebG_WdvU8W-ebkuMXslirc4EF
  koPhof2n8LEM7ez9KV1LkhbrDtWbm0BmnT4IKeqW-noyWoDqH-qfYoAY0rFob91Ua
  edY_lCsS5gD-rko-Fk7n7IBUdya8wxvdgqRHOxGhH5b2xMwXibdBQyEIizW6l-__q
  0GmGHjJvXaGn7plOITD6DgHbnhUfPBA-ZGDIIlxmFXZQX2Z2xJkiz_KMzcWZMiQ86
  tBc4xxcpU-NIitZD9z96I8-tLV3NLTZxa6fDe3uNPbMXc-tPc85z20xTDZC8kZOEA
  LfCN-D_iENtk1YgawcTgRCZqq9KbjH7NwfL8IzYosaO4CwVi1yxWY4q8DjVj4-iK5
  4Vpz4daGzGNZV5zyO340Jg73kSr7aLTSxU2DgOuDpcuYT2XmMIFbyEGStN35KmBeW
  RqfEwZKEQfcoHhHHMIgqmYoTMeSwSfjbUBpkNkgHnir4Mk1PKDkFFdCs-mhKgLME3
  JMGfhvxyJZXhN1ttCwHJDKDGp0vjX6SguyFi1TGuQwagPVbhz-Rf44SN6iHFGrClX
  cbDQAGJhlStD6a1UayBNFo1HqM65sr-TKUe6VeX1OBy7Mrf8idFN2B1jiP2z0tm-D
  i_FIY1x2DOwcwx0EGpHnna3D6UELgWU-tiNRoBUQFhFAWc_R7KkHDmaG4HxIYG4-i
  OJPDqjvV49LpDEAATUlasFlMXaDj_w0JYTCDTektbKG8hpUXpYCqUFjzexfhFfuJo
  1_nHKyuoWTlGPKMl7HpI90BiXOyWVqWit2sD1WeUGMM6FU3lvx95f03j24gqsH1I9
  PhO7xZf1G_im8-PHFFd8kHKp1K-FjW0Mu-5yG9MH467Eklsqb9KqK0sZAO44S_VuV
  m-lB-v07vL5ma2zD1FkBKySVNkTIqUNEBF4tUa7HnZWpgSb2tHI3lxg7Sz6VRuLdt
  kJW6_wbjOb868i6qNetkqiJW4ehfCIStEiN76Fh_vt_AwLVxy0dHfkYYRySGceeWw
  tVFUHu1R5j_U4UvDbOMKFX5bc3AeKTVuZl4FkZulRBLlfTE_Xtn2zMLFvRuLTilkO
  YFc3qFop_HtB66EEUK4zzsWmA2Ko3ZO2vTsk1Y8B7yYut8eOWyFJTSBZGSCDrGsWG
  Nnwm3dAGyqWXUXdzUT0ZoxMm2u8Q6mwmoOippNb9I6o_lEKTrnbrX-DTt5AJsQrIK
  tqionu7rtC-pSrYNgv74H3klvtxBP9uWyajzREAQRSNC66qDMHHhu3ou87KChU7If
  IFPgWQqRiG_ayUs0x0lz54OTQrbEb8VfbWyGCWd0b3USH8b64RWoYoP6Smxl3B29I
  PEOcVSn17uxljZFs555llUYyitvfcYTG9YbkTYKFfLYJFp0mXcYI4KyW4GhbgxGhJ
  aRE1qtZ4Hv2WvOh4NWyQoIZFwzgNlAoR046iVQBY2KrTRuDRQSWUxMV2fImJh-jWw
  Q99KEneNIVY4v-5UZlNri0EEQWYMFIJ94eqA_KkkXdw7pleLGxTzqumR_aj_fzYLV
  GirtMzpYsvjYHOzz9fqJ07TCN0sVb-6QPIdDDHhyt-cTdbEqQegF9vKGn-YRVnU7N
  PauyBJapZ0Gc8ncuGEw1-SHlLqL95I_tKh9CUg1qzqER5hm38GP38kirslba_oNEw
  0vw-8SBry0b0DxGQPZ8uNEsSK9SfhIRuHIdQnK4FPsTV1ASEYr0-TkUTGgN9nHq1e
  TmSkA-r4YXKFfd-gkkrfCfIOHZ4fqkyGKkfu_97dAp8f-4gWPhrZDgRfbmhKo_1Ku
  auhvKNM_bUNwBFibjtyIm2tMj1VO2fFpfzrofTGYKRUBqDQPhJMLOLkXBlAL4vQPu
  y-JjcO5cwFiqG3MbwRoCo5eyultJmtFWYP0aFCDitb44_yDA_j6GI4OKfX13qeQxj
  ZwrSi0NsV7IdMG2Dh7Xo9UU_qge8YlbCEG68HIWhe9H_hqAqUNscAFDNDTPZAr70F
  lbCW_YJ7NvOw30cTaUB171VneHBeLuVYSkvaKmSRnf02iMe_h3vvACycBL10AdWgM
  Y_88taAWkaUZjMkaVym-neZVsMVIay0tfdUUjtqHLRpyu2yGB6wzeOXm77N--u9yo
  zKdhQH2VlQEiJb1ejbnQly5xLlZ9m0DNaGRUWe19Qrt1UsvhmJO5BF4Caoz0n1N0y
  6eh9tZXB4t3QCG__3kpHrvoeU3HrNmWojcEFBas9D8Dj6IH89tCDTIIKWngVe9BSS
  IFrbR6ei7ldaGCc74VUd3GxlV4Th2bf-xXdiMtVKOLc9LL3Jyb-hbYA4gvfqsUMaW
  UwCFGHa0hORqSaxu4fzAs7YqIfvLOfBAZclTOlOLpGBunAlysAlR-qHwICZc-OmlN
  shRnAmYDxGLiI5nltSjKN-k66guqa3ohtB2eJ8UxwCk27borZcXSyAF0TCOCx3SG6
  PB1ueUmVn4c38exZTgN5YiyYtE03qEe4jNWnfSeTqGeRAZ3EgYg8rrfBCIuZOorw3
  GR32zVzSa2eQVU5IMK7qIaqgMgGL7VtkAxPZq65nOFgIA0-uiG965RAKmgN9T3T44
  Mt3iER6EqT4cNHpb6jZHbkHZ8NoJq79rLp6zFaQpRh6ramUf_KUr-1U0cXjuqv-l1
  a1XYYs4Npmmmb6n5lrNqda5tOkKgg2uvJUMhN19AGHuRA5IHtYkAB0i9FgTado_zg
  33PMrG6HWEVjmLq5QF7WBOVVfNwpRr_kS17Nqe_JgiXdrUPmqYXjbzvcI95ePzCN-
  NCAOf4cNOyKzGxsDDZkNwzIoQZz8Kh_qYO0srIj-ra-QsEp_h42s9wuA6j7Grdrzk
  eMUMoYKQchAU9yBz9KUj5PMb0KaWvFwvGXIlvuXpIQbLsSTZmEAERNHy9291doMRx
  _SWH3juH5jDKvi7zrM_twql7k7l7VtM-bq2_t9K7vN8VebyLHmPpIXS4Uiky0n08E
  DgQVw81jXKoTWMXIJu-cQVpZxhgJ5hObrSzvqH4P50cFdEQKqNDFREIT8kHw7XOdj
  5GVP1IiVT6Osdv6bGSw-PS1APc-uPU0wHEZwScP8PkeQVQ9YbxYyctO5_D35SNzlF
  9VnNECKECjY7HE9G7ZPxjdrkKmRBrpTuT9WnrT1s6X1IS4FKwljqdfU9-mv9hT4Bb
  OU4d8kJjVpvihq985BpN_OSlD6K_ND5i4njFiL5-ZUWgxhEXQdZgpMq6aCIduyv6_
  9p7cQkU7EA9dVuxYSke-FCm1XRnSkszdmo7FSn2MTm_HWjtjvNfxV8VTOinVCn7P3
  zpWQF1X2EmdDxt8vypsfpBnvQYoAy7-CsP_17JZEyPrjTvEA5AwUXo1wbMm5fVyLz
  AOKRE0sphht8uLzYY6nj_CbIzSClZUPmxrgr7zTUUwrQW_jTFo3BL9guBYcwIXnFH
  XKNm82wcP2bv1z3GhwDUA4BtqHKJpuF-IR3hEmUKcQXa_R1DpzbBAw0Uqezhkp8ZG
  yyKw4m5v7kNNv6j4SvUp_enTJoSpa_A3zROqL7rNy20HGgfIg1LhjpNwiy_LENxn9
  xRAnewA7I0u9vJf3RKe9FcHZd2OeKqMe9uxM5CR-aKBBwqa3O0KOUFITfAlJED1I_
  z1NG6EEHOW5C4c5hmFrQBrYxkSm7z5EfmX71XdJL9mbaO2C59hpBvlqP8wt-8xTdJ
  U0rQF_F5pvhUdoM3nD521lYDpTm_WFoUnUOoH7Hxt2JrHP_hdFMS5h_LVw3BrcP-H
  i-Y0QFPf8zXrFG_z8mtVg-w6_AvCwwFz-t5GmZB8n-BOWQKsyNGnyqidkTCqEx07P
  K4tn9mUGMWVtLYqszKf2D5jKbeOt_8QDyzOnED0HUi1KEF1P4rHYYCRjbkeIqtUv2
  8b8urT_km9d3IJNo-kdxovh-OZ2vdoTP5-BkhB9dEM-_qOdt0Hbj32CuBnbLdFMmY
  9W4tc4sGceI-f2bRe1GZifmuTS7MgKBNxX_VRcmCiuzB9olvYrXLcbSojxLLV-Msd
  mV7TeVoDVkyDfW7u8gB251_ANLvKugcGwrg7_H6CHXHDqXhuV2nZAYhq-1QyG7aw-
  LixUundNolNjM-X2h40JK_Jcwj60KgjlZ_qnbX39CaEaNjmYQ8_wG7XeCaYY5ukv1
  dJZF9jVgtOK8TFNgs6VD32EQvEn319JMxeyhL_383LzNcBcyulgdiCH_-IdHBFcb_
  l62j9-GHnQxckFp8ANib4FKBQAopZWVUd5STzzZqORZFBLGdjTrmZQE_t7aIzw7ed
  RFikGbR7-2IU9Ral8bu5YauufK_VjS0Nu9qu6snBZbsY_4ZGGXGMrGrTsP2UZK_1N
  iIv4561CiC4GLuitIj8InYZY0qRlW3_zOKGh0X_nvtkd_PD6m1QIvPwPVTOGN4CYS
  mDaZeTpsIdR4G2nw4-pIAFUy8IIaNvO2ZqcD978rzzfm9ynEGQewvWkrii24eM9qq
  62E-DuBfFf8L2Hbjc3QAwQkMqQ5HU2DZ3TddMENAlI0_zcZPCTsWy0cgk2PF293Qu
  kP2_HtsC9neVIfqZjWlNnjPkLEFcFq1q5oq5P0q-KKLu2f5VS7oU6j2pL8fuNMYr_
  K6dIXoK5rYbn4p3leMcsW6zO0CAzAWguLpIcZGjEh-_rmfXIuvkexbVh3x8nkPq-w
  nm7F9JkOx066S8b9dd-VPoo8D2vjOPQKHMIZkPR4ldL5YneNTj0NUGUL22gk0ojow
  22SZ0ZRfr8BM6HJu8EjWFsPmfYOvFQE2slPT88H4xNLsHnH1Lw9z1WeNP4KZhCopd
  X8vrmHCfILnLpsPpDB-OvI09NdtR7wAaVxWfq5Bg7EOu0Kryo_o3pBiOq98Te10zW
  -FwRwgpfvpn1zG3LmTB50H6mnphPj3_7BhkvJldmi1LupEs9Rleml7zAjYSfUF1M0
  SIYRiC47RxLz2FJHec3t2SgSIhOpe-W3ouN-p41BkhDj5GzBke1qsRolUwEm0tiHX
  23xvCIeqa2AXY5DpNu6VRI5afKVdOWjLpQemL5DovlEgZA7Gx8E5oGwYAx0Now3cB
  tG_fCvVXgAhfpf47RjvCmg_2yxZyR1xWN4Tmci2JLNhZvVD8NtPFsA5fjVnhqNmb-
  cgOb9JXaX2Pq8Nw6yI9hHkwahkgiar9WQ4jujDXazSMVFgppc25_aTh83h6LiIN-C
  xkT26XBwGhPJizQTKVEn0KYPkdqRZRaY0wOSOMm6cUINwNJEQd1ibhUWkf7p70SKS
  f5vQUv1PlQV3mUefxTL2380WVLj8VtFykzdYwo-5LGLVx4zlA9mE8Hi_VXqFIApkn
  OttrBIxF_sMIfPFcxF2dZClZ_-uf9DI_A_WqgF_Kixw2c847HVMIXvwCpQZ_Yw5cs
  1KsBIFeRb0Fn5ZJo4VFGDdORU_HrhTE_ahupSiP0OY9Bt3kQozxDpT8FJsLImTix7
  xFSi96xhKpelTVDUBxuSWRXWdTMzY4NjswPaLn7TppPi8RsGa4_4W7wtmi-PucYQn
  qCfge3wonKgQrUU-vrlIYvUV2VO01y04Wqet_BZ-a1QVr7lD8HBFUWlcnO3vyE1Xh
  8gsjbnrZN0z3Na2kwxPB9pH_u-qvCPU58XCF1rf_cGOboRupZBjsxQMXRmaSXflUd
  cuQWx_QFHF_wObuXq0S9CaFLFAy82_Vqel2I7gnl2C4RCs9uJK7Gfs1S3JMFTCRZl
  WwV-_wRDMp-GDALFx3pJzw1kBdWkOQ4-JhUAQuouSK9Z_gyy4BkTgAq3pV4Cwhdc0
  RP4r-_d7pMV3brE0UjWCN6A3VbYt00b8vOpdLuoig8lZL2Gt7BkXxRdIKtCzxalv8
  4aNryHy6z4PKD2QakNOZLLPBHX_a7riAo-AKj5tHGjDGi-tj681yslzrc7P87Gqfw
  ircH-ru1dyIq-Tba81nN1c1CTAMBtyCWGavELn9eMvkM6pjVSxmA88WHomTVeiQO1
  B0OwSgJ9wJFawaMtmdiEsl6i8XXgGWVP7qeniieyvx9qDv5x97dbfjmAiIGQAOMw2
  EwxFeuyxJgZ7c3PpJFVcc-CR7semTmQj3H-zSFb38oc8AtCtp9QeMIyUpj-AuSspV
  WWOwFtj6b0d4YOxYuw05RYVWpW6kkO-YHv8ZYH9MU9Ub4p1FciRnsyBK6MeHb5GSn
  d37SY2A6YVt2-XYVAHP9H06usKOUVtMKkJo7davd2G633FfpEezxcbO-UCshoUDZK
  anUoLbWBGGLAzLP_9Sf2R5j2ncicSpSEc8LgzXCBQ6ADsMZPgNT7xKDw_IBDRATth
  pGy2-yueYHmemstat22qAEO4GKX9UpslFM7uDoxspO_JNmSi3SZ-SrNTINnil29PM
  qE5Mk0_rT6mk4rc6AnSL-KUbqC0MrWqzrfHaRrSQs_Sm69WgPQkc3gFmiXubFnKag
  l7Em4z9QNYx08GHRSZC8N5BbyuwMO_4UoT-yJtuTKbSkn3nBzfyxYO40NkcnIfUdl
  0DbSruRV6tgwihaGHRqeQRYXOJ0GqRNIHgYbHwXaBis3dp0zrZgQlSPlbdPfcq73M
  USZH_5sq_PaiwXLErpElrbSY_Xu8gW1TsV2xTO5lJuSV96zZMbYt7R2CVCgLcRt-b
  -jOo03MnjZVD0sy4O5m7Hgw0Kmv3F-TbmtNrjp5CeK97lDqP8tXh_OJTIErMrvv6a
  BJL5pa4G-eL9R10zLUCM7ojYVo2w4LRvTHa8b1gpmODzAvyenY9JNrMu8rtxx_1eN
  Ai1HpXJ2R378lJZB8wYRdCbA4VasdVfpSC80Y6ika6_BIjadWuqnhDxmClWkuzIuE
  5kfbHfl_qhBxT-JPH9KEzXuDDZFBylDD5scYl5R21_x5ABDAFTo6M_gMYWy3V9ZlY
  RNzXw2CfKa4nY7RTE9QwTX1KJt2gDObRQT6_vUjWEerGL7otsIIsYVnlBvYSndRT_
  lilV59MVJnjvhwtDs7tEufuUg_HWFaBoioRppZ0H1Ie-1lj4BP5c-AswcY66jIOOk
  jInALMJVykoc4rrNeRmrBvqx-XmHWBSs4eKEOQh2IkkgisYTLoKBtI9CEkFAl1bL4
  AAzpAS2CLbmyK6rYBiiE7ilViHgXa9qrpmD2Ue4BNakhoQxiF5gs2SFlpT0X53QJg
  lQ_w-wujTYllOCt6nSon9poAvHPwyQNl9zS8qnmA_tti3SKyjQIb3j6Hpqf5MG2Pp
  OOKzkjrDdUNPdUsCbXeIRuciUtQ-WOXD5WegLwZXJNxIR0LKg4oal1qUzWv82MesS
  uDjf3TYQq1Bons6_i7Vaa93s1frlRg1u4_fRTxB_Wl2dSORCqnnZm_lI7x2Mqe6xo
  9Ea0QS2CnlCluAaCsViH5QFt_uhPwhNtRfzS88sa7uGzoTBYmebs1l7Dp1UrBRJek
  VjxmGedQwm4FK98fTCid39qIAoMlYmSYmK1ALOCUk94BsQpBfDLz8RrdPJNehuwFc
  zLROX0HexRwAJOTnXwUUfiS9TrNDBeeNcRSPTZqwqCb0BGbDj56-teFdgkTUVyadf
  r_4s-XgRX6P6IocBz6eHPJR25P_E7aZ9BeZTQda0rc7PZM7ZZkex38UK7WIz-iCSl
  98_QmT-Apcy2NxvykHdj7vOfJYdcYl1sI7OJFyhla36Fqt4QN01bcakb4Zj6AGG-0
  7WXRbR3Woc39XItgJKjlYhYGRjF0QKQAsEOPFhAgd9XjoRnBtLwZN6ssMsjNJkJaT
  ya8wVLTRp_jfMZ2XU4bmlz5qzuvS5BcNlsn-UWqCH9iR_cD_JtMBd6FZT3oU5r56J
  6aqKoDek7MbJoERbWlg5oYlpE90mT6xiE06ySaHuDKDi6iALBhgZHec_Qx-0Fu2L_
  jag2efOiYLsRA7qhNTvaLfAqWBalxXLFivqW5pxQapDtIMEXIZft67g2F5HMR2L8D
  uCyMzcMb3owehTnGHnyOvboMTRkhJQYwBwzG9NaWQZ-VQGUNjgVR0c6aMUxIU198q
  4zjCYb1svsRs_vqoNM9FrKQXGxeVcfugHziU-Bexxq7qAlihiJIa7K6CA2CAsPDSY
  EYN-yVx0bJKP6w1aGrG2HMdXKsN_peb2_UObtttuV0RcKktGrDZl7mWMdbrD2si3q
  PqQRluuKjtzSShuFP6Wd8glJZtmvUbkWlzsiPcyZtZ_DpCjA65SITWdGkWG_IQM_u
  XELnj5kUsEif26o7klGKkYiWqHnqxX9ULAGvw18Q1AQY1Pzxi9VfEVzah6pZ0ZjfL
  ZIrh4rCSA-Ay3vYS5j2OWSjJ5769lj5JUJioV7Kp_AtZ6JEwKiQqzx2ZpZGHML13u
  O_4HRq3KyOvwJMLIiHP0-sm_JbaHWRB8jM-5cmYYnGI36vIZtWP22WLICSTIuZXQN
  6jqAfPtx7j1G_jYCLz0oHTDjSE_MCcQ1AsEVmvNGIe8adi-MwXgYMwogHucBrOFy4
  Edqn_7rxZCZT7z8E_rckUZR0KgvypS8tnD0q5XsHd8lyhc-7aG3wJUNlwAbwAxE4v
  CAXRDRH8Kns8SWGvC2i4eRlKlb6u1Kzeqnrr5rK5lWT8byVUx-qzGujAY4ZrQI9f0
  UFsV9FloNuVwmFZyRkv7jIuQLlpL41o0wurTpVaLE0uQPjWPcoB3tMTtp8oZykv4z
  z8MLdqjoMBvLY2Z0qQUSIotSMaACOlbyAdvTGXytqB4tNpdU3qoSiaaPWWTJqTdbo
  CTzhXoJKa5ROfBRC6HZyD1t-QQ5UdkSrMO1iUq5RBUQ46AfOa1TI3kSkXpjHpUPxg
  26pnlXHgD8eW2JzjhM8iB9G-UzlCHOYlR8hpp7rpYqkXju2qXLEMRTf2_jTwxYKiR
  30ofB39QXNiFyIEKXeiC1T947TZvM1HT64bsCVOWnibqVn0wozrBGf3aVeYKx4I4x
  8N2ugk8Tf-2gx5V-izGkaLROvrN60Q4Tehjzzaf7FCRDYairluWdiAwfC4oTlzfuR
  M0nTxG7pUaFm8bweGQx-NX8ET4mOWeKIErEGI4Rx-LY8eLsmq9PJ3TGtFDT-qpwhM
  lVLldk1gz7IPl7lRmPTDk8Djf52KdoBgJa_XugaFPphOvFnoKAi4ka6Z0PJDEEdIS
  76lfJDELEDhwXqR9UREidgIpjhv8q0XS_gM_-bAvP5tEGWawOKWqVaiZDQ80yj_k0
  6R0r0SrPFoHanrxDbTKnP5R3ApgHud-v_ChojqJ3qTe88-EUFAl9QBtX5AfRtPmOb
  -wMDo1bc81tIks88a7vQEyz6DUqXdjZoQiXzCrcI8ZNBVRQhd4UAIHGGsek34gxND
  fbYTNJO_UjDgvLTTZPHZsUBce5V7sIQ0rDDn8VkJrgdbR2gJDKzydQZE4vLPDfinN
  Naiirn7bKbNOdDEJvtkTstYSr98c-nf0GpU8Ii8G6ydZlhkPsfGz6xMNaBndXN2yv
  dQtbgPG4SU5JTPYfSKzpysrB1FSRHZkNZhYr2ynTQ1Gz0uETqAsqA_CkuUsUQYJ1V
  FHsYT_FSUUAvX6_Ydblh5AqQSpG0XPq5JROnAUM9IBBitrZPPdPlmfMyURJaCyCPb
  7JFhhmx79YQPJx5UW0LxtHjkIhEUyiiAhgEDUbPQL4Q9WtOleXr61_QVoexTBu_sz
  bC2EqJMpRIDnv1cXjbxYpBH_huVKxNeyQWUEqc32WkCwxiKdGBMcQxBD4RVc8JbtY
  ns_clO1yBdWprIKHtaTnovoFt2cZSzfFc8a5nk3GtkofYPsqu8GzfJ-3J9PcSA8H-
  Wa1FV44Z4YHxH-thMcNYN4v7TR5rdLp9DH3vGZglpYL9GUyRbBzIxN3MLchTQwQz-
  bU45Ff3WmGs0AuUz3022Z0miUXcrseRgIAQQW4iCWpwVO0X_gABV-XUib2vN07rXy
  fKXQC0VMrBdw_Kt4r5WIZYk28FqtlVn-KObM99oYa51rO-5nXM727aPWgMb1M5UN7
  ozZkD-2naysFjhR-lTdEkSH30jusqJ0nusThUxUHDuoQET58yTEevifs3OyuKKn4I
  bbDga3wUIfqk8KKjvAeSwAmbOXuN-XImRpiVo-pXgaTKrt1bDrqnMQkIySiNJruv5
  STP8fa6pYwEbtTmc8rBU4FNTDN0CYtO7098p5lf8_SvrK1_W2C9k_75HN6i4oiL67
  DWSmYJ4kKBKmGp8TRLWXLfU2HXm6LIjc2t4U31TDDVmnZtYL6W5TjycOUcMpZRryW
  2IUaaKmaaEWroprB6iZ91FCiVwRhkUnoYfXC65pUNK9OAVKeqBlSC_M_rfPIv_CE-
  qchY4PdQIiBMmIs8REpRPLP0qv_tQAHkBZOWb6EdVU_-GzSgN6IirXEspWqhwlDaz
  xhjaxJmTFIe4WQAZSGM4o9TLhPMvwJbrXtIC5_yJXZsqOl1_32AMzO-gKIBAuPaG1
  AVCuI37L_xE_F6aakPdvofE5kHLDXrKfxrjq6MLAmwdzDU44Wr-T8SH-1oiVaZc_m
  fTh8df0--8L_isk6VnKNUrwEUxZR7nP5C6nn-4okkzTO67TO-pAL1T7_-tRkeg9jw
  EMI2O0tUk-7ZkPKiR6iw8tttNxex6zabcmAdQ4JlilOa5PIjT-riRZeRrBYoCojMR
  loztNkP208QXxqAA5Ik4BInMC8_ToIHacOhLqOnsc77MtlvVUtcW9YKyQljpSK0kj
  4jZH__qWsYEvAd1tExTAbt5PzcPeGIREAcSAa2jBoyea3BTALgcx5q1NXGTQHOpap
  VwXhVf7LfvaLauZjQoKjkQV9ji-M9M9UGIogFxBqKzhRUSkCC2N-3GlzTTE-b-0NS
  JIPfm7dxiP49X__t1rKsSjeP3VqSzD41EWB6nO7UZyFTDF06pxa4jWs9hZSrSIYXw
  XhhkoCxEDfd7dJ7_Pq6NXs-fJ9ZHfr_MPocK5fB8GixJHGXiaW_reAHZ9mV_czhhR
  DO0th-P1MGalpJWBKNwgr0iiPTCu_49yn61_sjsYSkTH-uLiVhimJ07RdcJlJ0CYd
  h9h7CypheHmOt_Pmpix8fKvjI-7jjesFMu2wRe0NBEP1lSL7GDFAzUyvRZNGjadgW
  DHlUdOOv4s1cyjL6mUjKyRRIo9juxRLXbfd-asy9HwhNTDTgP1U6Svc4u4lKB9fOT
  TfDR4oiKMePdhzX36e9ARZSxLZfbulH9eqOaCvJhdBLwpnHvPPpFateczMaAldQp6
  LEd1OL__HtsZOwUJ9cJ1_McEVKgOIgXjFHoaN8Q9kD6jS8VS1SCF9BlBwqXYCdWyQ
  mi2GB3WSd67SYVJukbc3cSve8mKPZNoDrTIJb9OGnWhPDdOVOez3dEl8b_tx6ZtQl
  GWXUPzdNsRgsOLk2zSMAOP6CW7fMl3rhIGfmSb_IC4jWEtMoLBF-yz9EkSoQS-6NA
  Ju6DtLCRJgrOsFsSYKqNPvgbuAQtVXKxp_e7IGs3INBK4zFGw2fmgnE7hF1AZ4_0r
  -5oypFQ3AeuW65vM5HiFhZapiGYjsJJuQLyRDeK2Mk_Tuj433r9ZpW7tw-an5BAfl
  36bBVZkVbNmzyQOLIxzyQfVvprWaTONyK8LkBe9gpShDU5PhcNBp8jaFCgeS_lydB
  5wYtXb48HA517Hw6uojS_sqm1gRudbZx__KFeP56ZE_M8POJvrkpdVWQAkjOcngJo
  synyMyrIfbXzFMrfgwBQiEauklDBBsDFn9r5oYf55uYAPRt7TkP_kR8Ddl7iFd9-D
  veb9v4011ntpDd0K_3zhHRc7FgArX_GFkeGEW5isY-yL7CYd7qCE1OFsMYEsSBZMC
  EFXnalk9b837DcO-NJlAQirkWLHkm9Alqg76Tav2zLbbdxckKR97cs3q81EFrJyaE
  K-fFAJ5F_bA1jWw6ED9-phfYE5wuOJge6M4YWOhlk3I2VHzT1nvBNBnSxVAqbXmDF
  ZMFVe0_wpzTzSgCVuXoLho7uZQO7zgGIIiUZb3w_HyT5UoW5FSPdEQc7z7OVPSC3C
  hIXlWInSPdgPasSaVrTz8pWfG28jd5zoyeUUdZsFzxN857L1bMlxB8mZqeB14Kf9l
  BeNrqb_1MeRRPfybBb12CfH_7-K9gFtqnLkPDm7s_jyu9i9_Vir4fPIe8hOGFWRNz
  XpsWCLiYCWs9nlRmPC9Nm21tRhu5MlN61i20sIIyhE1Xc-1bxfFGiH9AG9ULTY5O1
  qyrWF-PB1yaf7g7NdzweiR8l82bIezYdwsAwmyGSByFCHvIsCunvQCtxLxiHiiTxR
  FtqDteCSPwgOeOGhc-SSD6-LE9VJy3xAE7ppSJbiq9O5q9NbwLzUCTyZeCHh7oW5T
  GlgYdo_AC7-VmVUpndaZDcKTe2Esz0zz92hH1M0vUgSbH7kImQer0NTubYRRaKPMy
  L11wYDsfJo5Ma-Bq7PQA4MrkY4J0Ous5pnYdbsky3s2mFKUErFc0ZutXRQtFmRtjJ
  Y_AQmg4ONjFBwdALn5g1Ch_EeN9NhSmSn1sYPqvZ8o6OD0tgrMYUqIbXie7SbcuD6
  zIoiBP4o5zuBt3EnlwI5eCqiC00LXL-pGWrHXPiCzqa025claVilvPMzXAdbb56n9
  XpFlYK401TUbjbvdf_tE3LUltBi8M-X4w1PauCcegaXzmO51Di9eTeywYjShewbrb
  pTCC4snO3KMfUmnXUdYp71z6y4TXiGqt-4zuvzvPXZ7iktUpPYG09Y0ZUeLpTLW7g
  oDtp4bTfFKV8vog-gPd20siVbNJVKyh1fSVih3XGF2Zul0IGL1BERRUpwSGCQlZun
  hjPCqRr6qWAaBk_ayMfSRvVPOLOotdaRpmtxY1dXs3bXcASD-2jzgPK8BvFm19djT
  w-Bz7pwCA4vYpeSfMhuLkA6zFxySCXctwESDrWvbffhIwxBVPCq5eDfBPOmSCfsv9
  yVYw-YAppVx4-wI7PXjt9edXbJnTYErp04TwzwUE2o0As-xAyDnhBs7hx1U6TdFou
  dN9Zbn5FfSSiMaUfapcqFei4NwvTktGSHqx7VZz5VpsEEd2_HsOcsph4mNfl0jrNT
  sbMaofu590rIxujafcqwec8OWwcjUq8mkgjGcC0YjQM1otwye7W8nzbuDj7JStxd8
  6l9Bm5SVy-PXjMVJgYl0yeH5rTzU5Y-cg4v02lZIFSZfydQo-Zk0raTTMijZfu6NS
  ExQbMNgVEz2v5DXVlvseG-1BG3eu_wnj5yKuJSzp8eKxUGEi8-Qq_KKfhSTwGSCtN
  LrPkXwCTtGV43nONFmyqKn24jsH96EkwKAytMx-btXHBUMB-6BmF1J9vWugryow7J
  aT_9Hz_zwXQFq0jvG9oPnFiqerB3wBVBPCi0Vc89dAmV15nQr5XHMrpCPM5PZrvfZ
  d69jShOv_E5ZQ34DR4pdxoDZZSO66XflwzFKLGJTAwXU8tHUrD4JPVG7yFGc10JAP
  uTQ1dBOYvDsb09YdPe6H5C1veOmKkl1Ken1xRYz_NgnfcMgLmcVQuUfOS7-tz3Rky
  mDPlduj1YIO-xzXbT49vFjbSkgzitL8NN0sjwPcOOsT3K4dT7X1HJ5VGdujMN8xVn
  9TbqQDCKjcOSJdf9y5QrV1SeHCFZKz5Yhx0_Kv3eprViN__X2gqx5epLRAWByZtOf
  F0Icxqn3soD-aFlwcwgXDn2-cm-S7YIoQIrihcdDL4DbXCl8j0kcOtEmNCfJ7uKe2
  kJsqGrWgzxk0mIwAwfH-agZ-SCxyxHjmrGBIeLnaMuUGpfMoqn_PeFT8N-SLrOEi_
  hDHjZWJwNmrKfohCJqNPzuXq0y2jn73gho9IYJUvr1xNnQM1mk27GUcSCW_RnOvho
  YXxKROokXi7laR9XSX1Z81VPHfym_ySsi238i5scTZEd4mVNDyZUm6zxLBfgDchM3
  j84KBDI1WEHjPn73GFLkX2wSvCWVcLwjbXBT8aka_t53Xy2acJVVWyXn3AKvGHZYU
  fO2sRulTERJxdd0q1RktgC8759ZL0UrMjST7CCb0LpIWZ6AX1yXMa_UEWpbliGAwG
  9gdywLgCA2cA7UxIp1aqQcxOCD4-4ifIJegFQG2mdJi1MYJ6HafC2Yju_aAtmoKHr
  ZBMt8NvQfty7iAUTGZinMrK7agiETbCv3HNPoE945rP5UtXUYw3QS_8vQhnJ7f2NG
  PoQC-keyU7jzEPN9tME13veKJlFIOnBqHa5xgifO32qknHn7zkxMQeNHTtuA6Zxhr
  7x3hRBbBwSj3xPeZj6ZaJ9G8vmG-Dc-0KwWf47LL0evu31frhTsaq88VVMNje-eiM
  PkhnvX8C1kq-YRP0bZCop4YoHvZ5R2OEqAm5bqWEyG3CZUtZxny5lqba72123HYfK
  XNrFgLk9jf-5Ov4XQNyRhB16nVAb-eO6AHpFS_KUL2Ubsj9ejvDOglhzWFhEPEbGm
  rC3p3ei7l9jLkiZJmHNIACdBfypqt8n_y78nGrrY3olqvoDNoA36rjAQi60Lhk7Tt
  SJemoy6brefVFkTACs0Fcnx7fonx7X5_DBEDVtVsbyAXPapLT51vsQDtmsdn_m79X
  DOsOfz3IThYiP7-qpCOKIKLWF1q5NboI0Jwlf0ULaz28W09GLXUcQSgeBIYFv2-yo
  aM4k5XCzVoslqwbz2LVZVIkAZ5XU1xEmzG5ImgH3j1OtcnRbnrU3V5A-I-eg2TQC4
  z0G-QS0ho_DNm64opbHXJOgGtThTqJafp5iAK2wXGM6YW3NYFdS9Zfb0u8H85IPEx
  H9qCwolepRvH3PfkTv5DzHMIPKyXuG63yQebVvPhOeiaJTj0pFJKvmW3sx3JyX__c
  z6eWvYNc6GcpWELigVvtOzUXvk9JrUbo8exiR-_-azO48UGdlhFfxi7K5L6WjFURN
  nb-v-gCRnICxaeHy4Ozm2_0-HGYQ2d_aYrdyEodoSSsfxkZY2V9hPMBtlhTCI7B-7
  V4nnaDlpnm3sH9hB95Q2HfzUMeE0LaUXv5V7LEh0v5K2yGXpQ620RPTMgLOseM-wF
  6Hv9MKxwhDYil-T5hAfQRE1NvtJmgajOz_JysakreWU9fuz0je39GZ9A5OwmXvW6E
  _qywmBtAsiIX0MVnpO3Fylueeim0WopXGCEOcKfKTxuK8Gi0RG3SEPRAkZSxRf3mC
  TbGPh4WO7dGkUdztt_t9z0XDWlPkjFhjbJqTznHtlpp8JrOkPaxsf6AM_CP84Uk5G
  CeTnmLBc3LG8MxiOYJq8WOgQiDM6lnV3tZ3Ie4WPimIa7CTaucv2EvwLNAp1V87p0
  yJUR4StGNgaDgo1ZQTxVb_I6eqZytTlE6fAc7PL4rUJaCsDC9ACBGP_ehu99GXYXE
  TC26jgAgPXQ122mJKuk5EQupkuj13HqIAZiz-jIEFugV1kabRAR9JQwPKx7jXSIoG
  5QxDRF1JP8cE40hKAB_9_9sGl-Huk6j2SpE6rbTt27yf6cftElSBo73ObP6OdTNXd
  QhGfSEQ68ilJnI9oGoHlgTH-jwkotX9WjhslOxNHvqtuFgciO_05ZSJwYATkWmMWP
  zzyfoE9UlFAGGpS2se0GD65NH5ojIL0i-VRbUJlA_UK4d2UwbJSh6kcyHzUg_uCF2
  4cSFDLW3kjYX6HFukBknbiZ7tOVIqbdNE08gqhFB4pvd3ri4492Yg6yFlApL2zvtA
  -JtEnW3WUpmSXt_C1Z7ZS4Rxy2GEXy00kXmaVVwPHsaIQCSg8WRgEedUw1MGRf_Q6
  OrJWcFIKtFP630y7XIEh3oC94kxZ7q1rKqgqJfYnTQIfFTz5s7bNDYmusJBVkrNuC
  i6Bf3IBrAZ1M9gDIrXW_hDTWT-ywqzMEyjncWboWQJ-RR5i5Q5ZyQJykB_-Fx5Qsq
  AMeS31axC3uyFeLUos0065485Vhz9fe7eUtMLPF3Gc3NuCSCLYu7-LIZixxDUTYGr
  5HV25jh_zqd_qutJLl258IeW3JDWfKACr9buTDtwklf3lEhsK8BEVH42zS3TVLqZs
  Bn1KBtOkiX5xTzcdSEyUgeBlctpojr8_QS8DHacT7jHKPifivYeUo3A959JmoHX2y
  tux7lemSNt1o_kEnDZ_ptwMndGB_1TW6hmaWSvvgC4yLvtOSpzn-zpWnmjzTFcMI-
  3VAEB-NsfZsdzbGEcKMGhDDL_TIQ_PBFrKO9JeJ28IAIKgIDbb-TGlVa00GxqUgSl
  C8OjPLTjJyj-l7A8OoVyEj89abmgqTV1mEXu-NiN7qRfJh9bw4gO1RbAhKiJZ-idC
  nonf87WlI4RRwpM0zMg2aRJEffPJBHU7sXHF5082Ta3pwyO4s6w343xSushzrobdA
  xaRdKBbeTczFs5Yn-eHQ_6ifefklRWKVhTOAqWI7gUB4QE227-n2xk7CE-lSG3_o6
  oDUQYQI6dh41e59R9yLO-g-z-Cc4KgHpvk_Y3pi5Ziq-iY0R9z1BrjgdYJcfzR5GF
  _M8wSEiuvy685Wrklan3cRikLw70UA7N8vps5jN2TOjAbES_RsfNXuJSA9D0S02b1
  5KjuT54QmDgXu9VX2l1Wyw2Z24QJLI16gAxXwe1bMNRWV3172Z4vRMtEFzmYW72ti
  HQHpG3d-GdKKHvw-O2xOj-ApTc1Rp46nJ1WvSl5gldj38-nOgp30BG3s4B2-WjSe9
  5PnOl1XfOI_MiJDW5qGledABxDkuXEgjt8bDjyE9dwNUzasurjJ-k8t52RKjxzr4M
  DfMiDX9PGE8JTjZGB-8NNVVwOtf_oC6Na8lYAk2iVO__g1viLOi_Y5hj3bpE89MQr
  NBsYnWpRs_BirXeM4kUXGNWjOM8oq0RkhMm_Z6mULdU4shlv0XGe-1C1nY0EVjcNh
  IZW-fJtJ4uTviBq3EtbTnO0cX1urow967UiZUd9l7RQHq8HrSUUsgcFaqZz5bLddC
  JWvu4tBapdBzRJVye8aRZPGCyBBbZ1rHrQ9e30W5LxFOCRqxe4Wve4rDFWQD06Zky
  L0DHsPAZUIsepV44Bty6IOdZ6eliqRVMFvXmyrFyE7NVeu9A0DEyTqIHKh3_rJqkb
  -slbjj4QLFt2SJjrQyg0uiPK2TWmR3_GEQX97kaqjBP-qVbz67vF5Ja6027QliDzJ
  fPbRYyrQyWLCsXtH7Ntdzm2-5SRRi2k9taHaUW1TF5Z8a-TFaEAtortB6XrwQcmGU
  _lBwn4pvHiQ8c2hIa9Vr0B75iDVSf4de7bvlq0wfzEiBr5xWeBYFvnQh8JsskiGgN
  0KKTJofSTu-F8djsvIKUTGf-jQiVgK8fUQa_ROFltqeFo24mcjhs4PD7yWNP_JZ7x
  tZCo03O_ZncaYvx3mcGLXWKIElRG4lpqLtIKqTkhFbJIQIyVUPQPM3gWT-qsvySFU
  5MZ_ZoTHAGyNtU0HVoEjEEalYGS1pevs4OlyuSw7-Qgnpjv6DjH2_ttVTckhJC1GV
  KY7x3_gBzbEYwtCBW7K6n8dKidZsl6W-Bc1tZ-5TRu_75PvLpmN3JTEN6XIrZNnly
  Pl-tRvit8qVC3TCVaqtdmKcefvLuHo5PAVhNFvS6urIyG2mb40qBjmsQMYba8e4xA
  EMUIMeXJw5fvWuobalaG3L5IMGvG5Bocr3x3WkyV9JYU4s3-Os7wt-Lo-nxQlWGQd
  aAM6LVJ3McJS2DN3D3e_9xU_-HFDqBzxbCzfA_4S7GmM321Tgrxe_G2-kSgBVgyuK
  jhC80rceTWTv8RkKyfr6X2k1sYffDwZ1W37NtJcx9q3LPwaMHabceX6Vk64IwS_GV
  TPtE1Rbd3dJNdXNGdUmxVM0yXRGjFXxQgEcEk2_rzIJ6XybOAlUxWRKQ3olvwb8hs
  n_Q_BIgi_NlEnnRR7BlVBG7kEBseztNgmDKPxAiDAjSKyb0agQilcLMNZ4uPXzv8o
  dx3qrx6nwE6MglwnIknBYIQOYu8lUTEBP3TbunzxjpO426QZUv2PZHH0VLmh-ysI2
  rKHHccf-n1NgvJRg1sYTdNj0WmSt1H5PzhCryzUUux5dQ0TJK_5TcpBsozmhlF_dT
  tk_XLsdLd29kwcAPMxyVGo8VZBP0S3kjFOemt9dFWsU4Cd8wQSWd1DkaIpHfKQSGQ
  gEBg9bdkMvtLwK-ZTkdwGrP58T7DQ6nHg1VWiJS8GJfspilVM_bVsnQHKmG9ka03C
  Yh5tqBuISAnHkixqF9RdOFmohrYYHL6bvhke4T5HysnDp87jzKWdyHmO8p9jWk5K4
  GLqZp9BADFDi5qUTpbgbZMZXZkZeByLN7YKCTzQl0vcdws8oZUTK2MvfuvblIHYmh
  ha_pFRnBKUlC5jZyDUA_QS-NrahbiNM6S-kPCQvI0FmWX4bdKkKrBZukjUC8UeehW
  uO1PTpcZT3iZlC23DvJMhc92n3s42uSsUohbcdK4A0rIUPHVFalSnF22v6eU67bW3
  AL2ONe-jGsC-_lYMrJ8CWjYbYWvVDr0Q0vclYuv-BAlQpO1dw6-ag1LDlf7s0PIn7
  MSX4iGMDqOQQnLEK2mAiKEYQD8wkdlLankW4Y2SBiGWOLc7WEsn-3mP3U7HSbn-1g
  31P3W8-7iusK-77ZVhNYnl44WK0iZlIheqmwyCG6yO4XrJr8eNaGOorYw5fnl-HTc
  NQRBx2UBmS-A8H1qmYQnP6IJe23KngE6MPMx8jetqIAm5z_nKyGqVQvMTMGBAA08c
  n9XVwLVL1aid1nFIk5Ttw6SaxWVMP4X3koTu8835rFwcZFdEc0SfsLRO9OhRadJtX
  g8Zso9qVu2pp0bwlwYhHVQmI_KSlKAUNKLAjRonaH4ViLOpGh0Fm7xYoPQdFNNO2y
  CLHw1eSwpknUkx5n9VdhKiFrflQgFa8-nvHSmxIaP35u4ZU7hdaevHIgU4t84iW0g
  2yegSNEZtgI5y2PGnUk5HvKnNUJFfvIbhiXQCgsXiddU_7tk0N9Qe86_mdI8FrYRb
  z65aZCj1yF2k04PhXx_WBygZYreptQwhRpTjamS3hoAG731eiQ7-4Kg8ckCsvAukb
  3MKT-nROhz_DD4GFHgDjxmula4jUGgjRW662-bk07n_i3YQsemumFiFryPqOvZeeD
  DlR0KOPQxlo4c2Ff8bagsrFIRMurzuUWLAIBrWW7jFl5N92iJ-5yauwYz_TVxkMCi
  DvbJmbVac-LRVoQ-hpBl5vZFRagrzj6MwdTmKrCj6jojk8QnSGJFwNHQNjpCQT6JT
  VTETCGhIbQ2aM5sAEna4tITR92mxvhNhjbjnMEkbYkZlRenOURU930dUDzVPh4q4A
  2-TgGuOoq3Cr-h8bHRJjnsHE2X2DspRPoAggqvJDrnN67hDTc192u4DYsKTFNUKdr
  6T8FoV59jigh7IcGnguKek-Qpy9gBaTto98bumgeriLnPeDXwg1ptGuQm6OYHQoyD
  zWsHPwxt0or2c3UDZFzCgapXMgFhiQLkptg4ip81OpdyMNPnfNMMLhmbaP2ilV7r2
  bHfRtrYSm9KoKgLtNKcf1JLxL6gvJVjlr043rjIgqQ_5RT3MNkqxMtTpBdHdmnRJX
  Fg_zS-u6UcSr-bfMsUMhTt04a8JHEEjTEtyKs5yiCzcyNrQwpSNfaiQESZVj9vLxf
  jBXNrg9fQxI3yWjFoJCcCMnJAV-6goLUOAwrOyq2IWJBdAlaxuuRKUlS4NWbYchNz
  7S8wXYHaZKIJPV8r3l6LyrnJwQWVy5cT1yGAQPzQqguDKdwg8EChFzf00MtsshGDt
  1US53lVHPUCJSpzv_3k5fsWSCrX53JIh0RyOJUIDa0EWiOqNaAe9-yRqrFJb81nbZ
  8FCIGHLZviRD1mmckPhfwnGiIquHv1ebseXMiOcBm4AaRzUfbBvve1zqV4_Q9KiRi
  BkeAMuXqFGPwpqIs3oyQEiYgrjxeYMav2zTfEUcABXGZCoGCF_EGYCmeSSLLdSKj5
  O0qjrHeQN6LQOKZpqRLFIhCp4T0DWjh2x2WDCt3Swc3ES64ntlcVAJ0lwTmbtAvaA
  JGmzzvI_APdP6n4GuwIB84GE4zFXpinlFW8qFyhMIiHk9h_0Fb3sYGy5E7EBtaOOG
  M9Ta42PuzkkigR1kgHTq6V2qRg9M3Q3s8dmO72vttRq9KyS7C0BoqtvsSXH8NMLKX
  H0Tcre-tZX_W3rfUEJ8sBt8t794qOQpy3VlJU1AEwJbkckbaIS4FLs_5qU4J78Hxm
  4b94K0ve6lp74mflvzOx1QXNIAzlbRfL2S0fXR9rM05NiqeP-ylknsfyI07lpINJw
  PO9jKYfQa5po5-TXxl0zK1_ubOXRgUtGjKV9PHgLBlLaQZNTb9c9VMm75RU8Plm97
  MEvQG-AU5aOPt4CevtsZuP6LuQiV7WhO-4SPVeIpoeWhjtA2aEicmCv4A1mQssKyH
  jijV0rb3QUe_tpNFGYD_9BAGT8g3cshRy4w-0UsxPMlfnf5VoucRi29dQl2TnsSA2
  yuYoR8FJvyV8qQzmTJVTQ8jWGhpFoO8xYEudlFXNFgLj3HutfbPh45d_WDiuOwowu
  qi5Czuv9lU5e_u0Cw0W2tV_b3LCwoushETeteBQspeKuX_ovNk2VPgpsmy9t0rl6P
  3T7SbpZHVK5hNUn4wQ-Jyy1GcSoDH0df54rY9ljuQWgEvSzl4tFujuuGZKyuMrNvD
  joJ0MVhbdyBU10fSbUNNGBxNSioiBxGRVuuIqRWTMoUcT4wvVghQ_UREEZqK-0CvV
  UAvYpZ_8IWAAY9dgvvdHKx3KaQ1C_plT2mvYnLRlE98ABDKKUW1MfU5qO2UYqxelX
  UGKjFetjP-WGDWT9_RpPpOMnmEuxLN0wHkrWCTi1BWaKKI_8FaRo4BfdYCuToGer8
  P937YOhdRZ08WT_NDAT-xsr4SSfDfz25MDFm1KlHsehwIHiE7DxwN_kWxnVPYDbDJ
  swj3blhRFuV6eWS5IaNAvpJ7vc9a41De-rPkDKoe72VbhvpV3uqVy4-1wB4BvlL1o
  usEaA_oIOvFJeufoBAMTDxmsyl_K8Miw2s9oSW2nIvQoa8SiATtSfDAmJuthhhYVJ
  SY_lmn1Ps6ZpkcffJvFQui-NUyskyxJZmWy5hiYBOtNLuij_dO9lqMSo5iTfAwhYe
  uNA_tk1nLJdmATfPRM6s3Uvv5kEC7HKS7NdxiEnUwQu7cH4lAS6lDUS0ZY9YCvo8r
  xOOFa-lhkRF_92mZ0sSler9uCwFHcYHz6Tyz2Lt12EZjC3N5HnCEkzmtE1w68jVXW
  IHsdX1lB83nSvJn43_t6eXIMiYwYMHUeAMbgA_w-QSVjxwF4IS4lYCzYhG0Mo5Jja
  GUTztVoCj_93kElxFLo0AbfMHCeJox8-44OCNGZoV3hbbMgixRIy6GaAW7uA0DL6v
  Q_n_svyzKgxwDTuUhQMNjMXpmyvFoGrFRHTHx2aU610Gh_2s7WBKh3lvEc6F52zR6
  pxoRLQ2ar7dZxYH3v68jg2G0K1UKcVHTvsaRVPmungfRN2oVap-y9hhcijS7inmV3
  e56-_IdNyxr7mOwuCUlpaJIDIxQGo8InptAtXumh0bzYTtsErs7DtEUu1-cl3kvEM
  BZokCIVgajT0LHSwJzDvifUT48JMEduOPrQ5eMltVM7p8PjS-DGc47I6-drmJOMJA
  oPkIpCu0CSRTzdf0kYB4UDI1owsJ25zKY7Qm-GwzdY5aPcl0u_25QY0gi958bPPn2
  IOFSUpGi-LukgdDoygibyB8ec5HH5eI2lJfxrDoq0tHHtpc6QXifq7W4ett5UOG9V
  S-O_vRBuuSmk0BjD6NPfphyLq5lpCt_l9Xl7dY7PjCV2HrBOVGQpn6Glrvqw0I3EZ
  RTfriVDcRkh-CI8Gn8Nn2_KNKPKPvp9KrMOq_BEGBZIjT5bBYW6eCNrYRgkagUrUD
  NJl0qGA_tsGvZmTa0UORCACMfYXY9ymaOvuyHZemXHvQMS2rkW61lJdYOLOYIC-dG
  tkGijZzAgLxuFfFKpDDNw3q_BfgCqoK9t-gzsFg5fncDhGaqt1EIzSjRAD9Btk9zp
  fq67bvLf6uhVkp5WFoo4EGLBpBl888UfobAUYRL1XAc6GV59I9OOODdJjVk_B2a5a
  c-pXwjNiIzpzBxOTU1yn20BIGGXn_stWqU5c7E3MzAyAggtFLcccW57_LT9u8Flub
  7jnrK9Ypdier1we11dUrUNsK1gU0DeYhCQALMWcs64TrEeNaJ8OxTTGPhAAlr3Vw3
  Ix-2L7HzOAhRoN50UOLGaaNbuLhjJMN-fJMPP1eu7GMlBA2lMu0XUMicU-_zIk8d4
  IgoimNsBlCJzuo50Q1i5jIux8w7Ibm4mT0teWi4kX4ILA_yKoriGoz-oflmK5pRTi
  j7dwp8Ipr0exywex99eZHw0_sn5dQHIOJ7k_zLlBBc0PDu8rv1JdiM-ER3dkBVEyA
  ShKvXJVQz4c843Xx7ayUu-I4SlO7Ql85q5sN1SUqQNu84Q5o99UEgTLko-amUqnQJ
  R0f55bjmSbccf_izTWKqND87UUYK4511TM7dWARrtacPb-jA-nHcMdAWKrXKHN5Q5
  hvlrFAZBY2DRtamRUPrQYyjpfmxzJ5djW2MsjFznr-WDdJv-8jYXu3hxpDUbtGGCR
  oK5s1xJC1Uq799cKgmwZ548c7xVTnnpX6S1lm8tUsB1n4h2oxvErJlToP8FeEAx2Y
  8GDnmyw9orHS1spMxa0adLCiJ-BeiKOiGSJK3lqoxhQZX0NTSnwAgAad6fEcKzdyl
  QS3z3YALCBHAW0qqrnILR_wyoIxcjRMqfiqylInffHFwXBC_LFBU-RrpBdOmykElu
  zsxL8l5nOTiYCF_wCfbJ1lgVLUr4QvJtKj4abxaToP55e_OUMRf3kPK0aySvg1Ifw
  0MNqnOdjGvd6c0Nl2tmGfs3DtJZTkIRT1Gu0ob_H5rCB36tmvPsYhWFFsW4KC7NsU
  sUFXtQvHzqoBNKWnMTlZaC6neZkk-hdr0LtYMv6UPsIQXkgpEGiIaRr3kCLwJaVtv
  CHIlHr2h19b4WUR8G3h94CHl_xsEpIDmVu74TNwgJAy1SOW-8dKWppf5D8IctcLaq
  BOwTc-arzeKyxoYtk4j2MoGF1_joWwZlvhrbeaIN3PpL6LOp445znytyq4wWjx8Zg
  Sk6sLw1XtM6KCPAM_TnRPQ21txZG2JD4ZUg5eF9EZmn1lQlnodqcJKztLnM9C4wbw
  qafqtzmvSjzyqbo-nUQQ9gzIthnZI0tjsXqLDsLbfw1SeUvz80WXGsPAtOEN9LT-B
  6AqsL8Hlo4tgRdoN2aYsJvs3Kq0AojLSOMgWfqxGOrbC0nMqpJFQHZWSHksXrNxvv
  ftBFRXUd01OZ_oYLE4Fd-7hkAhQziraU5Tf7uA0zMK2OVAb62Diqpwlq2QCP5-IzA
  snf6cMTzZ_9V32RBq-1R3OUnmHm9KPdDhOkO8s-f9nB6C19wHdqIhTjgRGB5s9meV
  -sYcZO_VS4JsewGfMrxuttqT5tsbeLuohzukZ9ywuNupjBl8nkRyB3jOKM6hx5M6S
  OZcmg0NI5B8UHXRNiYhdq6YrS3fZ7lOCqTLAd4JHA9P6Z3A7DCrixT-bvigkjc5nU
  dqKyk-x-xXR4CF-GLCcRQ4vOwx-5IIrDSAsWC4tWh14ZiwvgZ5ShZLUoyxSyg8zJZ
  jLT-HFsqY0-pNRjoMJLIh-IYOIqAPp_-U_dlwJjdlC76u48Q_exDIPuJtLx8WUuuJ
  fONM3g6Pi8jJrgrMsNvYhYpzgsoriTO1ZEi2R7BpD2dXhJdVV2Lc_1mMMhZFAnP4E
  R5vbfl2Dfe8pnKzWPH-UAwfWuhOCuWYinbrfdWJxTTlE1Mxtgwg2lOSe_Y6KP7RHD
  kAPDJLXlbsV_5ePqAFEWLxwwQ5d_bLp06SAfEwL_aV5u12dALtmxCG0sn-o-3Y8M3
  H6sDoEsP30GZfDzNWXWVvphJjMWCIRCZm9yFaxRKBzmER-3Fjd4VjVH-MCHrTILgm
  cSvgqnfwtnfR-aEJ4od4KWv9aOxaZN2lE00rfQrEB-fc_-MW-6IohYVqgR7mu6wr9
  OUOB-RtMycQOuCGaosMn_oEPqbDX989xIoJkkrlhLFFlsp0I6E98EFV5H1xfx77DE
  KqZ_yCMlR5vpGPdoc_ebAJPx0TyFXGlZgWtANReSIAvTouxQoChv_cGqCkMOQCye-
  jji3PIENRg_U-diwRt0uA03fE0txU32TBGu_Fhb6YQIt3e7VKVCCH7tNV4rQMjkuA
  CpvwvmdZn_8p_dEuvHSSBUPbuBkTPVDjpY8np44yXR9eRetDQXMwRHVRgUXk2Jfm3
  x2W2DCnmU-_w_jQoySmjZUvviD7jm2UzFW9yXAw7hJ6aIdiJIFVH_RHsyM1mrU_SX
  lbNLlPCuRKNd-9agEI2KaU8Uc1s7vlcM70NqnLJQOtR1AJEPSHDEAfHMBcaLInAHC
  7QA1kbNsyR_eIdOVvQBluzs550_tp-rKIn13tXSwyrg0Bq879bZtVQ2Wiv0bXZ6Z6
  5UZP49bAUNPwDxvIbf7cEWPQ0j30XxDKh8q_OhGczJ8dA42c1pqbuA4lM47yoU1Db
  T8LbG0rvK9vVPS23WnspZWUs9Gv9W-x4TPb3yYBJmThlXfLO0pkHPjo3_PIR3QIBA
  rlQmClhFfBSIaRsJ--ETe4AAhsG9puXZgURyKAhGN-15psBQcoQ7n1Hg2CC2rVJ7b
  -EOUm7cDeUIgdQzUa6ryfkj3BX06VqlH-4No_zvLtW-GqIqyjvq41CyfephLZvUwu
  ovH4Ucm4xXJzKNBJrzPIlji-GC7yWQ-JAyPUCBFDpEv32gF_GBS92pum4mr4RSbxR
  xDtrvS_AzxPJ3E6_H_YQriXcUGuTYCmNN9yZqNk0sw4reb7qfRY0GaY5Q-qm5aL_w
  UA9mhZ_J5KSjAHB7iXR6Xn5bjGTfgceO45lkoU9CgDyFdZTivPT4LzVmqMTzsJles
  tV7R7JVPfCwncmbD1gdPBcbwJusld_WuY7wbnzNHnbTOZVrQCKS3XuqSSM1fiDv4p
  YOWpuKDtUatlK8YDXbnP2NV--n7sNjIlmnAoyJTLO46_6se9FpDRoh1PW1xpGoaY4
  Ys4tCiOlL5ZnDsFrHa4evq2QsTWD_7ya_qUZJNTqLY73tQ-_E173LoxsqXxXE2wz-
  E220mTxU0Sv6LBkZO1YaP8ux7GKZvhHryICyG1sGQdHhE8FaRhTHYbu2E67YlhLw_
  iF15_lsbBaN-qRlRma2VBonfUeDrRBLGFb0oNNHP8__u00tURoVmNT5T3T2CAfOFL
  t2MJ6leM9zcOEe1jCn3TMhONolsom15Yu1iWsX0g97nA1mPQR__Ff3bkUwh7ALCH_
  QK9SaUeTaJEzXfT6ToHsTZINeWb93EOXO5mWapm-gpsRovTMsRY26cLTd1oIxknnA
  QOCWvqn2ErW-pgA7b39Lkvfk5zkI2AlSkqWNPbeYLJhF03bH-84-tdhKK8zMg8rON
  4HJde-wKoTm3xNULOvvPeeHvAAuBwjU6pB2UIuKY6gCrWTv7y5i3v-ukk1CUf-E3N
  I6W-IIbLVpe3SSrNE7Ud3ve7jIpVWQjWlzqhZ-t5ZRQZlTNdkn81q812pZfNc0wFS
  hbYE0S-2ZIqVBaJ0LEkbctG-g9-JYrCE-fZC0C4WYyMUHT1O2UOepoW01-JvQ9NIA
  ZgluX31k2sIf8WoA6aNvYg8mY8BvM9HVPmDoTNI7lwnw7pepvcS6bl33zCXCj6wGJ
  tQMWz02wgQ7omwBBRHN9fPXGPCN-0PU7k7H-JcwqxruwGPRc8QM3ZWRKtJvC_615K
  oKZmBVPORIbEc0JXndGqJLHUOhixaHMA68TPbofActIEHBz_42J6SwZ4I7ex5dcOO
  SSMrqxhZ1KBUErb4FIDmgZhqgyYvK_AHKcI0ztJhIJ_CwkNBS2eI76rSrS8OHfLH2
  qw4SotomEivSFLKLSZI8lqgyqJwt3DcazL6nMJVPmnWquuz1u_b9e_72H5vPypCsu
  -If3S_LK11h-23b7VqQzV8WiPnXJkyA2JNVwCP_f58qXTiPW9lia4Y-oTe74thHp7
  7Q11j64RTwzfxm8TRnb5p2caD7b1QQVUCcipV1kwSupiqmFAq2DPqx8QqJJGG3r8U
  1y-72yoH53mmV8ZdGhUhQ6EhcPM45QcSF93M5Ky7pyOQG4f4ArnIxGVwUE3RCMkHW
  ew7KqMe4H8PSt_vRJk4XzXOdYrVVCB4KraLRAFY-G_TNC1q0mtRNUFrGej4AIoZwI
  dXrFljCUtgm_8gZla2ofwOb15iaQaytQwfhACVtQyhbsYpG1tM3Ht6Wwg6FIx3TFh
  XzOYzBHvqy1ij4Nr88X2orUpsiJm9K9ILsyzs2Sjf9pT7PtEFbVacFdxQgd-8eU_s
  yGXpIpp4EmwvtP_Qh-G5Mxso06y6HP4PBUqA0XRyEYgM-6doGo7BnqixCum8XcR1y
  WKmXE7KoxI6IID3OXE10Mav_BX29PWsbPuCa8XzRWtctGHHGd52uPaJ0N-zejqMEO
  9oXIFIoMn-ntUBLEgn8wbVuIA8fsMXCu3jriV46FFqMVncryLFZfp1iyxYb7yXZgT
  moxIt1JdYTzYkkqvvHrB80GbF5Vdekarb2o9H7a3ikUyOvTD5g2vD7KpBBvl6-MJL
  DfedW8g2P7pT_JkTjavkMCycJcmzWRQG_xFSrJ4XKh-FcWD4K5atg3CzPMuSoN6HT
  5oKoaoMyzzgmnrTgNdl6o3CLjezIW7qPuzfaHSURoP_ufLu4Qqy23t_QeyFwikEWP
  YGjeVenMEYdYm0cfb3Qn5bM5zeJ87NnB1QdSEzrDr3K5aMVSFIWnuiLsUwmhu4ujZ
  Uwpit7kohdNyAt31hgeU7JwoCT_GMGBEzNSixRmaYMycLrxjt13uDB9G06PUq6pB-
  5NT97-fXsIWOpt_myUYbx1ksjyMrzTz2-1KT6J2AqjNrdIWs9BEMm5CPFD1HopEaS
  yC7DucE7fPQ7-LUxoJ2WJvIo-X9im4uPPM8SgiU6rz94X6eFvV1vsqTEZPEZvEfJl
  Tkahw7lWKCIqVcOaFaFFN_focvjDJhJ-_nwI3TGJYrnzcFbhQvscRxd5USEh6veV1
  dLTTHrxFYDaR6MbV2haOjr3gMuVyDL5rdpW6hvpxE0VlNZzNygjW90mH6JiAvFk60
  JSWkit7z8bhwmabYAD5NmJritFFpn4SVGljJrZQAUnkikso5EskvPHUJ_caA1ZI0I
  kl2hd0j5Kja8snbfYB-z26Fq4-q0Enq7Mw9m9TI7bYfar0svAuyXgqFnxzf6KC2m2
  bPMW5aYovHA7fYDkSEPYMnHC8pqr7cKOTD4qDttBAKuqsU0FPO-uU3C8MpKpN8HqM
  omLHaTXxWxjAZ-1Q9sY0X5gLUGqPws5YVw0NErSsUX8fk8VbOSq_miEAhgxNgiZX2
  5eSVDp12aNClBmebVlnb2zaguhFU1nOW4XjaOJcS9QPTOKv89qBJU5cNH5nCCOAzT
  W658gRbLnFcSnVi1a6tsLsqtAbq75Yp6RJAhKn2pm7P08MEiUTnF-HLJuvyIdLQtX
  yGPU1JQqEiiE4-DK788prLG_riNtsqKhS7ESGOPUnwb2-ALowh-lXaXU7uSd7pgW8
  B5Qj_VG61miG9cGqHgeHhOHhfY_xEAur6W8ZhvYqkz0EQh-BgY7EKap7klrYGVpqO
  zhnM-M4JcE_8HF7sw8XhTJ-rtXLG_8prMFPHpB5riNjiarexMWymOikP9ixBrL9yf
  eyiMygEZtcJvg9tq7PlLFUghqzqkH7z8UgmLEBU4yy_XolTuuhnv-VoiOfca9TbAJ
  dpVfPh5wjWOweDGgrXzmR2dM24H09V_INFsw4-H90WrpokmJMmEWF9eRXwjWdSzCn
  PN-Kj8y1KHlHt8m4FlUCVlbLX2F_orW-zBX3vltNlOjEIROriU4dtv5Vc8xwU5gRc
  AC9_RJknl8YiF4wnRKRgeqZYFoNG6TXflscj1kAh-TVARDZA17ib0m79d-fBIBvF3
  SoTReDKhCZQRMs4QitEDUjcYsDpw5bLwtrf1EDrIgEOFPomPzMqdVqi4S_AQjXQ",
            {
              "PayloadDigest":"TJ1qjXTKHecpvFT2S0MB9xvUarofJEoUsb
  Ohz8qyRma3qpVrZ9oSllz8VjCPQIbJjb7KQ_BjyRQnZhYTV86wRQ",
              "TreeDigest":"ETeQjy0XpileQSzyTpn5326jCsfQtZ5oO-0W3
  SWcNrLcyjduJooywCIHTS3ZrUk91UHZmBoI24o3hf1T3T0h1g"}
            ]
          ]}
      ]}}

The response payload currently reports the success or failure of the bind operation:

{
  "BindResponse":{
    "Status":201,
    "StatusDescription":"Operation completed successfully"}}

It is likely that a future revisions of the specification will specify the host(s) to which future account service operations are to be directed. This would allow the account management operations to be separated from the account maintenance operations without requiring the traditional tiered architecture in which every interaction with a service is first routed to a host that cannot perform the required action so that it can be directed to the host that can.

6.2.1.1. Bind Group Account

Mesh Group Accounts are created in the same manner as user accounts except that the ProfileGroup is specified.

6.2.2. Unbind Account

An account registration is deleted using the UnbindAccount transaction.

This operation needs to be extended to allow the process of transferring accounts to be supported such that the old service can say where the account has gone (if it is willing to do so).

>>>> Unfinished ProtocolAccountDelete

The request payload:

{
  "UnbindRequest":{}}

The response payload:

{
  "UnbindResponse":{
    "Status":400,
    "StatusDescription":"Error occurred"}}

6.2.3. Account Recovery and Transfer.

Account recovery is necessary in the case that user has lost control of every administration device connected to the account and must re-create the account profile and bind a new set of administrative devices. Account transfer is the process of unbinding an account from one service and rebinding it to a new one.

These capabilities are both critical to the long term success of the Mesh but have been deleted from the current revision of the specification as their implementation is interdependent on the architecture of the callsign registry.

>>>> Unfinished ProtocolAccountRecover

[TBS]

6.3. Persistence Store Management

All the state associated with a Mesh profile is stored as a sequence of DARE Messages in a Dare Container. The Mesh Service holding the master copy of the persistence stores and the devices connected to the profile containing complete copies (replicas) or partial copies (redactions).

Thus, the only primitive needed to achieve synchronization of the profile state are those required for synchronization of a DARE Container. These steps are:

  • Obtain the status of the catalogs and spools associated with the account.
  • Download catalog and spool updates
  • Upload catalog updates.

To ensure a satisfactory user experience, Mesh Messages are intentionally limited in size to 32 KB or less, thus ensuring that an application can retrieve the most recent 100 messages almost instantaneously on a high bandwidth connection and without undue delay on a slower one.

6.3.1. Status

The status transaction returns the status of the containers the device is authorized to access for the specified account together with the updated Device Connection Entry if this has been modified since the entry presented to authenticate the request was issued.

Alice adds an entry to her bookmark catalog. Before the bookmark can be added, the device synchronizes to the service. The synchronization process begins with a request for the status of all the stores associated with the account that it has access rights for:

{
  "StatusRequest":{}}

If the account has a very large number of stores, the device might only ask for the status of specific stores of interest.

The response specifies the status of each store specifying the index and Merkle tree apex digest values for each:

{
  "StatusResponse":{
    "Status":201,
    "StatusDescription":"Operation completed successfully",
    "ContainerStatus":[{
        "Container":"MMM_Inbound",
        "Index":3},
      {
        "Container":"MMM_Outbound",
        "Index":1,
        "Digest":"FEHy24Y6cLModDXWH31kVc2a3TdhjXPooKHpLAb2JbsO1YQ
  nJolmowXAYHhkOGY0kg3jrKNTjds0myf4Dw1sdg"},
      {
        "Container":"MMM_Local",
        "Index":2},
      {
        "Container":"MMM_Access",
        "Index":3},
      {
        "Container":"MMM_Credential",
        "Index":4},
      {
        "Container":"MMM_Device",
        "Index":3},
      {
        "Container":"MMM_Contact",
        "Index":2},
      {
        "Container":"MMM_Application",
        "Index":1},
      {
        "Container":"MMM_Publication",
        "Index":1},
      {
        "Container":"MMM_Bookmark",
        "Index":1},
      {
        "Container":"MMM_Task",
        "Index":1}
      ]}}

Bug: The current version of the reference code is only returning the digest values for the outbound store.

6.3.2. Download

The download transaction returns a collection of entries from one or more containers associated with the profile.

The service MAY limit the number of entries returned in an individual response for performance reasons.

The previous status operation has reported that a new envelope has been added to the credential store. The device requests this data from the service:

{
  "DownloadRequest":{
    "Select":[{
        "Container":"MMM_Credential",
        "IndexMin":3,
        "IndexMax":4}
      ]}}

The response contains the requested envelope:

{
  "DownloadResponse":{
    "Status":201,
    "StatusDescription":"Operation completed successfully",
    "Updates":[{
        "Container":"MMM_Credential",
        "Envelopes":[[{
              "PayloadDigest":"sy1ssbIvs3DVwUObsWIpbtGquWaoEYtCqY
  1smobL0T5ydXU29v8ixwUGCDO_pWxh3rWS5yXbOK4rhufAQfMq7w",
              "enc":"A256CBC",
              "dig":"S512",
              "Salt":"YnQw4J41v4oCWz8krGmFNQ",
              "recipients":[{
                  "kid":"MDQY-J72A-VPAO-WDOD-GYY7-4ZZ5-PLVL",
                  "epk":{
                    "PublicKeyECDH":{
                      "crv":"X448",
                      "Public":"_dHVp-Pmr9wgX8Br8zwPEyTT4puZ-N2Z2
  cRql0WuuTAXm8Antqfg0dHit2iy5tD9C_ji4FcuoPcA"}},
                  "wmk":"Il9yeV5COdhTo6ULAbHU084HB3qPqVIgyHIexstl
  Dk7H1gWixmkj9A"}
                ],
              "ContentMetaData":"ewogICJVbmlxdWVJZCI6ICI6ZnRwLmV4
  YW1wbGUuY29tIiwKICAiRXZlbnQiOiAiVXBkYXRlIiwKICAiRmlyc3QiOiAxLAogI
  CJQcmV2aW91cyI6IDF9",
              "SequenceInfo":{
                "Index":3,
                "TreePosition":716},
              "Received":"2021-09-20T18:15:28Z"},
            "TprbdZruvdRXXzOAP_SAxvADHwrULXW_XrLtrvd_vvrbRAeXXmus
  fRrL8sIZod3f4uXNZPUbwDAiiJTeT1z0vKzoMYNsJ7gkgbdBx5wvKS_APbzHnfBAd
  qdKZJDPZCf9NIWrjPs7uaMxCmHajt2o2jgNbbmE17Ewua_YX1hsxHY",
            {}
            ]
          ]}
      ]}}

Future: The current implementation of the download operation is limited by the capabilities of the HTTP binding of the RUD transport. A future binding allowing operations that consist of a single request followed by a sequence of responses will allow much greater flexibility.

Future versions of the protocol may support optional filtering criteria so that the service only returns objects matching specific criteria and/or only return certain parts of the selected messages.

6.3.3. Transact

The transact transaction appends envelopes to one or more stores. The operation is atomic, that is either all the changes specified will be made to the stores or none will. This ensures that simultaneous attempts to update a store do not result in race conditions allows Mesh stores to provide ACID (Atomicity, Consistency, Isolation, Durability) properties to the applications they serve.

Clients SHOULD check to determine if updates to a container conflict with pending updates on the device waiting to be uploaded. For example, if a contact that the user modified on the device attempting to synchronize was subsequently deleted. The means of resolving such conflicts is not in the scope of this specification.

Each update to a catalog or container specifies the expected container index and apex digest. This provides a strong guarantee of consistency. The service MUST verify each update to check that the Merkle Tree values specified are consistent with the store entries and that the signature on the apex value (if specified) is valid and correct.

Services MAY impose limits on the size and number of additions performed in response to a TransactRequest message to ensure that processing time does not degrade performance for other users.

The request payload specifies the data to be appended to the stores.

{
  "TransactRequest":{
    "Updates":[{
        "Container":"MMM_Bookmark",
        "Envelopes":[[{
              "dig":"S512",
              "ContentMetaData":"ewogICJVbmlxdWVJZCI6ICJTaXRlcy4y
  IiwKICAiRXZlbnQiOiAiTmV3In0",
              "SequenceInfo":{
                "Index":1,
                "TreePosition":0}},
            "ewogICJDYXRhbG9nZWRCb29rbWFyayI6IHsKICAgICJVcmkiOiAi
  aHR0cDovL3d3dy5leGFtcGxlLm5ldCIsCiAgICAiVGl0bGUiOiAic2l0ZTIiLAogI
  CAgIlBhdGgiOiAiU2l0ZXMuMiJ9fQ",
            {
              "PayloadDigest":"gtpamSravs9YkD3Wi6-rIFqFOINwLFj8Q2
  eGpMjmbyP-_TRCgRs9Hqpo3bJPhoRSgUmfIUsQTDNeiT414W56eA",
              "TreeDigest":"TpXg14cDEx_-1Qe-h1qiryihslO0MrUCLW0L7
  wvq-YLCEWZfAIrp9FmBwNE0se8UN1nFY4h1aqXbN3yBuKfg9w"}
            ]
          ]}
      ]}}

The response reports successful completion:

{
  "TransactResponse":{
    "Status":201,
    "StatusDescription":"Operation completed successfully"}}

6.4. Device Connection

In order to support the wide range of affordances supported by devices, four device connection interactions are currently specified. The use of these mechanisms is described in [draft-hallambaker-mesh-architecture] and the interactions themselves are described in section ??? following.

Device connection operations are always issued by a device requesting connection to a Mesh account and must therefore be authenticated under the device profile rather than the account profile. Two device connection operations are currently defined:

Connect

Requests connection to the account.

Complete

Polls for completion of a connection request.

Since the second operation is merely polling for completion of the transaction requested by the first, it is likely that these will be combined in a future revision of the specification.

6.4.1. Connect

If the connection request is initiated by the device being connected, the device constructs a RequestConnection message which is posted to the Mesh Service using the Connect operation.

If the Connect operation is accepted (i.e. the service determines it is not abuse), the service constructs an AcknowledgeConnection message which is forwarded to the inbound spool of the account to which connection is requested. The requesting device receives a copy of the AcknowledgeConnection message and the profile of the account it is requesting connection to.

As described in the following section, the AcknowledgeConnection message contains the request details presented by the device and a nonce value generated by the service. This nonce value is used to compute the witness value that will be used for mutual authentication of the device and account.

The connect request is made to the service, not the account. The payload contains the enveloped connection request:

{
  "ConnectRequest":{
    "EnvelopedRequestConnection":[{
        "EnvelopeId":"MBX4-HVCH-S6LU-BEWP-KAM5-7OYF-F4YG",
        "ContentMetaData":"ewogICJVbmlxdWVJZCI6ICJORFlSLUZTVDItRD
  RWNy03QzNRLVFGNVItNzRUWC1OTlBDIiwKICAiTWVzc2FnZVR5cGUiOiAiUmVxdWV
  zdENvbm5lY3Rpb24iLAogICJjdHkiOiAiYXBwbGljYXRpb24vbW1tL29iamVjdCIs
  CiAgIkNyZWF0ZWQiOiAiMjAyMS0wOS0yMFQxODoxNjoxOFoifQ"},
      "ewogICJSZXF1ZXN0Q29ubmVjdGlvbiI6IHsKICAgICJNZXNzYWdlSWQiOi
  AiTkRZUi1GU1QyLUQ0VjctN0MzUS1RRjVSLTc0VFgtTk5QQyIsCiAgICAiQXV0aGV
  udGljYXRlZERhdGEiOiBbewogICAgICAgICJFbnZlbG9wZUlkIjogIk1CSjQtQ0RF
  Sy02SkEyLVdHS1ktNEMyWi1WU1lQLUtPRk0iLAogICAgICAgICJkaWciOiAiUzUxM
  iIsCiAgICAgICAgIkNvbnRlbnRNZXRhRGF0YSI6ICJld29nSUNKVmJtbHhkV1ZKWk
  NJNklDSk5Ra28wTFVORVJVc3ROa3BCTWkxCiAgWFIwdFpMVFJETWxvdFZsTlpVQzF
  MVDBaTklpd0tJQ0FpVFdWemMyRm5aVlI1Y0dVaU9pQWlVSEp2Wm1sc1oKICBVUmxk
  bWxqWlNJc0NpQWdJbU4wZVNJNklDSmhjSEJzYVdOaGRHbHZiaTl0YlcwdmIySnFaV
  04wSWl3S0lDQQogIGlRM0psWVhSbFpDSTZJQ0l5TURJeExUQTVMVEl3VkRFNE9qRT
  JPakU0V2lKOSJ9LAogICAgICAiZXdvZ0lDSlFjbTltYVd4bFJHVjJhV05sSWpvZ2V
  3b2dJQ0FnSWxCeWIyWgogIHBiR1ZUYVdkdVlYUjFjbVVpT2lCN0NpQWdJQ0FnSUNK
  VlpHWWlPaUFpVFVKS05DMURSRVZMTFRaS1FUSXRWCiAgMGRMV1MwMFF6SmFMVlpUV
  1ZBdFMwOUdUU0lzQ2lBZ0lDQWdJQ0pRZFdKc2FXTlFZWEpoYldWMFpYSnpJam8KIC
  BnZXdvZ0lDQWdJQ0FnSUNKUWRXSnNhV05MWlhsRlEwUklJam9nZXdvZ0lDQWdJQ0F
  nSUNBZ0ltTnlkaUk2SQogIENKRlpEUTBPQ0lzQ2lBZ0lDQWdJQ0FnSUNBaVVIVmli
  R2xqSWpvZ0ltZExUemxQV1VWU1NGSllZV3hxTTBKCiAgQldVcFdUVWQwYVZoVFZrd
  DJReTE0WkVneFRqQjROR2hqV1dWalozWkdlRmRFYUc4S0lDQkpkVkZ6VWtSdE4KIC
  BDMVJNR3RLVjFGR2JHRlZaWHA2UlVFaWZYMTlMQW9nSUNBZ0lrVnVZM0o1Y0hScGI
  yNGlPaUI3Q2lBZ0lDQQogIGdJQ0pWWkdZaU9pQWlUVVJhVlMxTVZrVlJMVVpYVmtN
  dFdsUmFVUzAxV2xaTkxVaEVSbGN0UTAxRFVpSXNDCiAgaUFnSUNBZ0lDSlFkV0pzY
  VdOUVlYSmhiV1YwWlhKeklqb2dld29nSUNBZ0lDQWdJQ0pRZFdKc2FXTkxaWGwKIC
  BGUTBSSUlqb2dld29nSUNBZ0lDQWdJQ0FnSW1OeWRpSTZJQ0pZTkRRNElpd0tJQ0F
  nSUNBZ0lDQWdJQ0pRZAogIFdKc2FXTWlPaUFpZVVaSWFYcEtUbHBsWjJNMWQySlVl
  VWxPZVhkMExUVk1RV2Q1V1RaRlJrVldMVFJTYUc5CiAgRk1WVTBaWFJwWVVaMWVUR
  llhQW9nSURGTloybDZhMDgwYjFoME5tVk1WRnBrUmpkcWEyTnRRU0o5Zlgwc0MKIC
  BpQWdJQ0FpVTJsbmJtRjBkWEpsSWpvZ2V3b2dJQ0FnSUNBaVZXUm1Jam9nSWsxQ1V
  qTXRRMWRSVnkxWldUZAogIFRMVFF6VVVVdFRWa3lTaTFKTWtJMUxVcEtXVTRpTEFv
  Z0lDQWdJQ0FpVUhWaWJHbGpVR0Z5WVcxbGRHVnljCiAgeUk2SUhzS0lDQWdJQ0FnS
  UNBaVVIVmliR2xqUzJWNVJVTkVTQ0k2SUhzS0lDQWdJQ0FnSUNBZ0lDSmpjblkKIC
  BpT2lBaVJXUTBORGdpTEFvZ0lDQWdJQ0FnSUNBZ0lsQjFZbXhwWXlJNklDSlpXRGx
  XV0ZJNWNtMWxhVlZFTAogIFhwcmRrZ3hjRnBXYUV0NU15MVBYMUUyWTJkTVZGODJV
  bVpQWkcxcVdFOXJYMG80VUVVekNpQWdjbTB0VkRkCiAgWFZGWmZPVmQzUkZNNVZFT
  lFZMnRYT1dkQkluMTlmU3dLSUNBZ0lDSkJkWFJvWlc1MGFXTmhkR2x2YmlJNkkKIC
  BIc0tJQ0FnSUNBZ0lsVmtaaUk2SUNKTlFWZFVMVmRYUkZFdFRGbGFRaTFDVlVWWEx
  VWkJWekl0VWs5UFJpMQogIFlVVEpJSWl3S0lDQWdJQ0FnSWxCMVlteHBZMUJoY21G
  dFpYUmxjbk1pT2lCN0NpQWdJQ0FnSUNBZ0lsQjFZCiAgbXhwWTB0bGVVVkRSRWdpT
  2lCN0NpQWdJQ0FnSUNBZ0lDQWlZM0oySWpvZ0lsZzBORGdpTEFvZ0lDQWdJQ0EKIC
  BnSUNBZ0lsQjFZbXhwWXlJNklDSldjVzB6YWxodlpYcExlbkJxWHpkSE9HZDNZM1p
  oZWtOb1QyRXlNbTg1ZQogIG1aR05sRTRTemxSUzJNMWNFSnllV3cyVW5JdENpQWdV
  VzVNY21GTGFGVjFjbEZSVlRoaVVrdFFWSEJDUkdOCiAgQkluMTlmWDE5IiwKICAgI
  CAgewogICAgICAgICJzaWduYXR1cmVzIjogW3sKICAgICAgICAgICAgImFsZyI6IC
  JTNTEyIiwKICAgICAgICAgICAgImtpZCI6ICJNQko0LUNERUstNkpBMi1XR0tZLTR
  DMlotVlNZUC1LT0ZNIiwKICAgICAgICAgICAgInNpZ25hdHVyZSI6ICJJSVpnY3hf
  aGQzaDRvbk1CNnlPZTdGWnlVNmtfOFNxVXNlUHlDZ2VNREIzdy15QXRfCiAgZl9ZU
  m5IY2dpcEVTVFAxNjY5Q2kybWxQaC1BX1lRb1BvREoxc0R6X2VST0hyeGZBWC1UVE
  JCbE1PbWl6dTEKICBVTW9VbkIxZkVyMUo3NUNOeHdmOXNtSU1jQ3hUN080WDFNUW9
  PZXdzQSJ9XSwKICAgICAgICAiUGF5bG9hZERpZ2VzdCI6ICJFZUdDLVVVMWZNWHlw
  cEc2MkNpUEM3cEJOYUR3MjU3dWJ1ZkUzaXp3bUJtXzgKICBsck1mR19WV25mcU15Y
  kY4UTNtNlYwZldReFFmUldJYy05WHBHNC1zZyJ9XSwKICAgICJDbGllbnROb25jZS
  I6ICJaUkQ5bzl6OF9BeHE2V0hFU3FRMWFRIiwKICAgICJQaW5JZCI6ICJBQUFSLVA
  2Nk8tS0dUSS1RWTZDLUNYSVctT01DVi1XUVpJIiwKICAgICJQaW5XaXRuZXNzIjog
  ImRiRDhfazVKNk5oWnhydTZsdE8tWTUyYm0telByODBFYkVibWN3TWw2c0ZwT0J4V
  gogIEZSVkppNkFjSTBnVTNXajNtZGdBbHRmOWVQeEJSeVl5bWptdFdRIiwKICAgIC
  JBY2NvdW50QWRkcmVzcyI6ICJhbGljZUBleGFtcGxlLmNvbSJ9fQ"
      ]}}

The response payload contains the information the device requires to compute the witness value and to poll for completion. This is a copy of the request acknowledgement and a copy of the profile of the account the device has requested connection to:

{
  "ConnectResponse":{
    "Status":201,
    "StatusDescription":"Operation completed successfully",
    "EnvelopedAcknowledgeConnection":[{
        "EnvelopeId":"MAHM-HDMG-VUAE-LKOI-GABM-CRVE-YTWG",
        "ContentMetaData":"ewogICJVbmlxdWVJZCI6ICJDQzVOLUoyN08tRF
  IzVy1XVFFJLVIzSkItTkpaUC03NDVWIiwKICAiTWVzc2FnZVR5cGUiOiAiQWNrbm9
  3bGVkZ2VDb25uZWN0aW9uIiwKICAiY3R5IjogImFwcGxpY2F0aW9uL21tbS9vYmpl
  Y3QiLAogICJDcmVhdGVkIjogIjIwMjEtMDktMjBUMTg6MTY6MThaIn0",
        "SequenceInfo":{
          "Index":6,
          "TreePosition":11822},
        "Received":"2021-09-20T18:16:18Z"},
      "ewogICJBY2tub3dsZWRnZUNvbm5lY3Rpb24iOiB7CiAgICAiTWVzc2FnZU
  lkIjogIkNDNU4tSjI3Ty1EUjNXLVdUUUktUjNKQi1OSlpQLTc0NVYiLAogICAgIkV
  udmVsb3BlZFJlcXVlc3RDb25uZWN0aW9uIjogW3sKICAgICAgICAiRW52ZWxvcGVJ
  ZCI6ICJNQlg0LUhWQ0gtUzZMVS1CRVdQLUtBTTUtN09ZRi1GNFlHIiwKICAgICAgI
  CAiQ29udGVudE1ldGFEYXRhIjogImV3b2dJQ0pWYm1seGRXVkpaQ0k2SUNKT1JGbF
  NMVVpUVkRJdFJEUldOeTAKICAzUXpOUkxWRkdOVkl0TnpSVVdDMU9UbEJESWl3S0l
  DQWlUV1Z6YzJGblpWUjVjR1VpT2lBaVVtVnhkV1Z6ZAogIEVOdmJtNWxZM1JwYjI0
  aUxBb2dJQ0pqZEhraU9pQWlZWEJ3YkdsallYUnBiMjR2YlcxdEwyOWlhbVZqZENJC
  iAgc0NpQWdJa055WldGMFpXUWlPaUFpTWpBeU1TMHdPUzB5TUZReE9Eb3hOam94T0
  ZvaWZRIn0sCiAgICAgICJld29nSUNKU1pYRjFaWE4wUTI5dWJtVmpkR2x2YmlJNkl
  Ic0tJQ0FnSUNKCiAgTlpYTnpZV2RsU1dRaU9pQWlUa1JaVWkxR1UxUXlMVVEwVmpj
  dE4wTXpVUzFSUmpWU0xUYzBWRmd0VGs1UVEKICB5SXNDaUFnSUNBaVFYVjBhR1Z1Z
  EdsallYUmxaRVJoZEdFaU9pQmJld29nSUNBZ0lDQWdJQ0pGYm5abGJHOQogIHdaVW
  xrSWpvZ0lrMUNTalF0UTBSRlN5MDJTa0V5TFZkSFMxa3RORU15V2kxV1UxbFFMVXR
  QUmswaUxBb2dJCiAgQ0FnSUNBZ0lDSmthV2NpT2lBaVV6VXhNaUlzQ2lBZ0lDQWdJ
  Q0FnSWtOdmJuUmxiblJOWlhSaFJHRjBZU0kKICA2SUNKbGQyOW5TVU5LVm1KdGJIa
  GtWMVpLV2tOSk5rbERTazVSYTI4d1RGVk9SVkpWYzNST2EzQkNUV2t4QwogIGlBZ1
  dGSXdkRnBNVkZKRVRXeHZkRlpzVGxwVlF6Rk1WREJhVGtscGQwdEpRMEZwVkZkV2V
  tTXlSbTVhVmxJCiAgMVkwZFZhVTlwUVdsVlNFcDJXbTFzYzFvS0lDQlZVbXhrYld4
  cVdsTkpjME5wUVdkSmJVNHdaVk5KTmtsRFMKICBtaGpTRUp6WVZkT2FHUkhiSFppY
  VRsMFlsY3dkbUl5U25GYVYwNHdTV2wzUzBsRFFRb2dJR2xSTTBwc1dWaAogIFNiRn
  BEU1RaSlEwbDVUVVJKZUV4VVFUVk1WRWwzVmtSRk5FOXFSVEpQYWtVMFYybEtPU0o
  5TEFvZ0lDQWdJCiAgQ0FpWlhkdlowbERTbEZqYlRsdFlWZDRiRkpIVmpKaFYwNXNT
  V3B2WjJWM2IyZEpRMEZuU1d4Q2VXSXlXZ28KICBnSUhCaVIxWlVZVmRrZFZsWVVqR
  mpiVlZwVDJsQ04wTnBRV2RKUTBGblNVTktWbHBIV1dsUGFVRnBWRlZLUwogIDA1RE
  1VUlNSVlpNVEZSYVMxRlVTWFJXQ2lBZ01HUk1WMU13TUZGNlNtRk1WbHBVVjFaQmR
  GTXdPVWRVVTBsCiAgelEybEJaMGxEUVdkSlEwcFJaRmRLYzJGWFRsRlpXRXBvWWxk
  V01GcFlTbnBKYW04S0lDQm5aWGR2WjBsRFEKICBXZEpRMEZuU1VOS1VXUlhTbk5oV
  jA1TVdsaHNSbEV3VWtsSmFtOW5aWGR2WjBsRFFXZEpRMEZuU1VOQlowbAogIHRUbm
  xrYVVrMlNRb2dJRU5LUmxwRVVUQlBRMGx6UTJsQlowbERRV2RKUTBGblNVTkJhVlZ
  JVm1saVIyeHFTCiAgV3B2WjBsdFpFeFVlbXhRVjFWV1UxTkdTbGxaVjNoeFRUQktD
  aUFnUWxkVmNGZFVWV1F3WVZab1ZGWnJkREoKICBSZVRFMFdrVm5lRlJxUWpST1Iya
  HFWMWRXYWxveldrZGxSbVJGWVVjNFMwbERRa3BrVmtaNlZXdFNkRTRLSQogIENCRE
  1WSk5SM1JMVmpGR1IySkhSbFphV0hBMlVsVkZhV1pZTVRsTVFXOW5TVU5CWjBsclZ
  uVlpNMG8xWTBoCiAgU2NHSXlOR2xQYVVJM1EybEJaMGxEUVFvZ0lHZEpRMHBXV2tk
  WmFVOXBRV2xVVlZKaFZsTXhUVlpyVmxKTVYKICBWcFlWbXROZEZkc1VtRlZVekF4V
  jJ4YVRreFZhRVZTYkdOMFVUQXhSRlZwU1hORENpQWdhVUZuU1VOQlowbAogIERTbE
  ZrVjBwellWZE9VVmxZU21oaVYxWXdXbGhLZWtscWIyZGxkMjluU1VOQlowbERRV2R
  KUTBwUlpGZEtjCiAgMkZYVGt4YVdHd0tJQ0JHVVRCU1NVbHFiMmRsZDI5blNVTkJa
  MGxEUVdkSlEwRm5TVzFPZVdScFNUWkpRMHAKICBaVGtSUk5FbHBkMHRKUTBGblNVT
  kJaMGxEUVdkSlEwcFJaQW9nSUZkS2MyRlhUV2xQYVVGcFpWVmFTV0ZZYwogIEV0VW
  JIQnNXakpOTVdReVNsVmxWV3hQWlZoa01FeFVWazFSVjJRMVYxUmFSbEpyVmxkTVZ
  GSlRZVWM1Q2lBCiAgZ1JrMVdWVEJhV0ZKd1dWVmFNV1ZVUmxsaFFXOW5TVVJHVGxv
  eWJEWmhNRGd3WWpGb01FNXRWazFXUm5CclUKICBtcGtjV0V5VG5SUlUwbzVabGd3Y
  zBNS0lDQnBRV2RKUTBGcFZUSnNibUp0UmpCa1dFcHNTV3B2WjJWM2IyZAogIEpRME
  ZuU1VOQmFWWlhVbTFKYW05blNXc3hRMVZxVFhSUk1XUlNWbmt4V2xkVVpBb2dJRlJ
  NVkZGNlZWVlZkCiAgRlJXYTNsVGFURktUV3RKTVV4VmNFdFhWVFJwVEVGdlowbERR
  V2RKUTBGcFZVaFdhV0pIYkdwVlIwWjVXVmMKICB4YkdSSFZubGpDaUFnZVVrMlNVa
  HpTMGxEUVdkSlEwRm5TVU5CYVZWSVZtbGlSMnhxVXpKV05WSlZUa1ZUUQogIDBrMl
  NVaHpTMGxEUVdkSlEwRm5TVU5CWjBsRFNtcGpibGtLSUNCcFQybEJhVkpYVVRCT1J
  HZHBURUZ2WjBsCiAgRFFXZEpRMEZuU1VOQlowbHNRakZaYlhod1dYbEpOa2xEU2xw
  WFJHeFhWMFpKTldOdE1XeGhWbFpGVEFvZ0kKICBGaHdjbVJyWjNoalJuQlhZVVYwT
  lUxNU1WQllNVVV5V1RKa1RWWkdPREpWYlZwUVdrY3hjVmRGT1hKWU1HOAogIDBWVV
  ZWZWtOcFFXZGpiVEIwVmtSa0NpQWdXRlpHV21aUFZtUXpVa1pOTlZaRlRsRlpNblJ
  ZVDFka1FrbHVNCiAgVGxtVTNkTFNVTkJaMGxEU2tKa1dGSnZXbGMxTUdGWFRtaGtS
  MngyWW1sSk5ra0tJQ0JJYzB0SlEwRm5TVU4KICBCWjBsc1ZtdGFhVWsyU1VOS1RsR
  ldaRlZNVm1SWVVrWkZkRlJHYkdGUmFURkRWbFZXV0V4VldrSldla2wwVgogIFdzNV
  VGSnBNUW9nSUZsVlZFcEpTV2wzUzBsRFFXZEpRMEZuU1d4Q01WbHRlSEJaTVVKb1k
  yMUdkRnBZVW14CiAgamJrMXBUMmxDTjBOcFFXZEpRMEZuU1VOQlowbHNRakZaQ2lB
  Z2JYaHdXVEIwYkdWVlZrUlNSV2RwVDJsQ04KICAwTnBRV2RKUTBGblNVTkJaMGxEU
  VdsWk0wb3lTV3B2WjBsc1p6Qk9SR2RwVEVGdlowbERRV2RKUTBFS0lDQgogIG5TVU
  5CWjBsc1FqRlpiWGh3V1hsSk5rbERTbGRqVnpCNllXeG9kbHBZY0V4bGJrSnhXSHB
  rU0U5SFpETlpNCiAgMXBvWld0T2IxUXlSWGxOYlRnMVpRb2dJRzFhUjA1c1JUUlRl
  bXhTVXpKTk1XTkZTbmxsVjNjeVZXNUpkRU4KICBwUVdkVlZ6Vk5ZMjFHVEdGR1ZqR
  mpiRVpTVmxSb2FWVnJkRkZXU0VKRFVrZE9DaUFnUWtsdU1UbG1XREU1SQogIGl3S0
  lDQWdJQ0FnZXdvZ0lDQWdJQ0FnSUNKemFXZHVZWFIxY21Weklqb2dXM3NLSUNBZ0l
  DQWdJQ0FnSUNBCiAgZ0ltRnNaeUk2SUNKVE5URXlJaXdLSUNBZ0lDQWdJQ0FnSUNB
  Z0ltdHBaQ0k2SUNKTlFrbzBMVU5FUlVzdE4KICBrcEJNaTFYUjB0WkxUUkRNbG90V
  mxOWlVDMUxUMFpOSWl3S0lDQWdJQ0FnSUNBZ0lDQWdJbk5wWjI1aGRIVgogIHlaU0
  k2SUNKSlNWcG5ZM2hmYUdRemFEUnZiazFDTm5sUFpUZEdXbmxWTm10Zk9GTnhWWE5
  sVUhsRFoyVk5SCiAgRUl6ZHkxNVFYUmZDaUFnWmw5WlVtNUlZMmRwY0VWVFZGQXhO
  alk1UTJreWJXeFFhQzFCWDFsUmIxQnZSRW8KICB4YzBSNlgyVlNUMGh5ZUdaQldDM
  VVWRUpDYkUxUGJXbDZkVEVLSUNCVlRXOVZia0l4WmtWeU1VbzNOVU5PZQogIEhkbU
  9YTnRTVTFqUTNoVU4wODBXREZOVVc5UFpYZHpRU0o5WFN3S0lDQWdJQ0FnSUNBaVV
  HRjViRzloWkVSCiAgcFoyVnpkQ0k2SUNKRlpVZERMVlZWTVdaTldIbHdjRWMyTWtO
  cFVFTTNjRUpPWVVSM01qVTNkV0oxWmtVemEKICBYcDNiVUp0WHpnS0lDQnNjazFtU
  jE5V1YyNW1jVTE1WWtZNFVUTnRObFl3WmxkUmVGRm1VbGRKWXkwNVdIQgogIEhOQz
  F6WnlKOVhTd0tJQ0FnSUNKRGJHbGxiblJPYjI1alpTSTZJQ0phVWtRNWJ6bDZPRjl
  CZUhFMlYwaEZVCiAgM0ZSTVdGUklpd0tJQ0FnSUNKUWFXNUpaQ0k2SUNKQlFVRlNM
  VkEyTms4dFMwZFVTUzFSV1RaRExVTllTVmMKICB0VDAxRFZpMVhVVnBKSWl3S0lDQ
  WdJQ0pRYVc1WGFYUnVaWE56SWpvZ0ltUmlSRGhmYXpWS05rNW9Xbmh5ZAogIFRac2
  RFOHRXVFV5WW0wdGVsQnlPREJGWWtWaWJXTjNUV3cyYzBad1QwSjRWZ29nSUVaU1Z
  rcHBOa0ZqU1RCCiAgblZUTlhhak50WkdkQmJIUm1PV1ZRZUVKU2VWbDViV3B0ZEZk
  Uklpd0tJQ0FnSUNKQlkyTnZkVzUwUVdSa2MKICBtVnpjeUk2SUNKaGJHbGpaVUJsZ
  UdGdGNHeGxMbU52YlNKOWZRIl0sCiAgICAiU2VydmVyTm9uY2UiOiAiMDRjWTFNS1
  dJNEc4QkdFVUdRemxkdyIsCiAgICAiV2l0bmVzcyI6ICJDQzVOLUoyN08tRFIzVy1
  XVFFJLVIzSkItTkpaUC03NDVWIn19",
      {}
      ],
    "EnvelopedProfileAccount":[{
        "EnvelopeId":"MC6L-GFYJ-7EOP-2OWN-24ZJ-4RC7-EXTW",
        "dig":"S512",
        "ContentMetaData":"ewogICJVbmlxdWVJZCI6ICJNQzZMLUdGWUotN0
  VPUC0yT1dOLTI0WkotNFJDNy1FWFRXIiwKICAiTWVzc2FnZVR5cGUiOiAiUHJvZml
  sZVVzZXIiLAogICJjdHkiOiAiYXBwbGljYXRpb24vbW1tL29iamVjdCIsCiAgIkNy
  ZWF0ZWQiOiAiMjAyMS0wOS0yMFQxODoxNToyMloifQ"},
      "ewogICJQcm9maWxlVXNlciI6IHsKICAgICJQcm9maWxlU2lnbmF0dXJlIj
  ogewogICAgICAiVWRmIjogIk1DNkwtR0ZZSi03RU9QLTJPV04tMjRaSi00UkM3LUV
  YVFciLAogICAgICAiUHVibGljUGFyYW1ldGVycyI6IHsKICAgICAgICAiUHVibGlj
  S2V5RUNESCI6IHsKICAgICAgICAgICJjcnYiOiAiRWQ0NDgiLAogICAgICAgICAgI
  lB1YmxpYyI6ICJSTHNrbTRnVzZrQm5aS3dMMlBDQkF1aHJyaXVBU1g5X2lZUkt4UT
  UyRFN0V0dsT2wydWdFCiAgeVAzdTZBVEM1WW1JOFU5TXFyT1cxTW9BIn19fSwKICA
  gICJBY2NvdW50QWRkcmVzcyI6ICJhbGljZUBleGFtcGxlLmNvbSIsCiAgICAiU2Vy
  dmljZVVkZiI6ICJNQ1ozLU0yUFMtU0ZYUC00TDZYLVJLR1AtTUtKQS1SNVdLIiwKI
  CAgICJBY2NvdW50RW5jcnlwdGlvbiI6IHsKICAgICAgIlVkZiI6ICJNRFFZLUo3Mk
  EtVlBBTy1XRE9ELUdZWTctNFpaNS1QTFZMIiwKICAgICAgIlB1YmxpY1BhcmFtZXR
  lcnMiOiB7CiAgICAgICAgIlB1YmxpY0tleUVDREgiOiB7CiAgICAgICAgICAiY3J2
  IjogIlg0NDgiLAogICAgICAgICAgIlB1YmxpYyI6ICJJZTJtOTRzY21qN05yX1lxT
  TE1U3h0R2tmbkJMWWxUa25rSWVsVlhxYXJpSUF1el92QjJICiAgRHFNSElnM1otUE
  tpWEZlcVVqTDRnTmtBIn19fSwKICAgICJBZG1pbmlzdHJhdG9yU2lnbmF0dXJlIjo
  gewogICAgICAiVWRmIjogIk1EUFktQUI2Mi1STEwyLUZEWkYtR0hZQi1MUzJHLUhN
  WlgiLAogICAgICAiUHVibGljUGFyYW1ldGVycyI6IHsKICAgICAgICAiUHVibGljS
  2V5RUNESCI6IHsKICAgICAgICAgICJjcnYiOiAiRWQ0NDgiLAogICAgICAgICAgIl
  B1YmxpYyI6ICIwZ3JnTFRFNDljWlF6SURkT2k1ZjRsSXgzT2xsZFBqOVA3dUNzcU0
  wWmdLWHJHNnVBWHAtCiAgUWg3ZUdxOE5WNkRQQjBib3YzX1BZSUlBIn19fSwKICAg
  ICJBY2NvdW50QXV0aGVudGljYXRpb24iOiB7CiAgICAgICJVZGYiOiAiTUNaQi1YT
  VdNLUtVVlAtUFpaSC1CV1RRLUY0QVYtT0dOUCIsCiAgICAgICJQdWJsaWNQYXJhbW
  V0ZXJzIjogewogICAgICAgICJQdWJsaWNLZXlFQ0RIIjogewogICAgICAgICAgImN
  ydiI6ICJYNDQ4IiwKICAgICAgICAgICJQdWJsaWMiOiAidzE0OURtZ2RlOXNwaGJI
  aWdIVkQ1czFiZlppa2l4ZzNUTEtBRzNWZ2pKZTRETUFWRVJCcwogIE1JbTBBY19nR
  VZvS29yb1gxdEdFRkowQSJ9fX0sCiAgICAiQWNjb3VudFNpZ25hdHVyZSI6IHsKIC
  AgICAgIlVkZiI6ICJNQ1VNLVNRMzUtWkpVUS1UTVRLLUhCNFgtNTdRUS1ZSzJaIiw
  KICAgICAgIlB1YmxpY1BhcmFtZXRlcnMiOiB7CiAgICAgICAgIlB1YmxpY0tleUVD
  REgiOiB7CiAgICAgICAgICAiY3J2IjogIkVkNDQ4IiwKICAgICAgICAgICJQdWJsa
  WMiOiAibUR5cDZtTGlSYXRPWGlCdHg5YlZabTJiaHBQaXFtVEJMdG1WeHpwOWRCTW
  lVWl9YOElkdAogIHY1MUJvcFcycWF5blJ1LWxFNU1WYW5LQSJ9fX19fQ",
      {
        "signatures":[{
            "alg":"S512",
            "kid":"MC6L-GFYJ-7EOP-2OWN-24ZJ-4RC7-EXTW",
            "signature":"aeCuTY0X-J9_L6HGafZKbg5ZueP6PjoydfQDXB28
  B0CpGfqhPjTc6bjLF-vZWzSV4wZ9wotFvXyAR_QRXW7EtpbRz4s2j-bdzGR6z0jzJ
  GnFWaxUYfAzCoFUHfhUDzJTthMNkQiJ-sUyRyriqaF0HjUA"}
          ],
        "PayloadDigest":"ZPrAcmAuks4uOaLyaHIyrISbFbCuNwXI3h7IVDB4
  hzyitFAsVEg8G5QukhJexWuntd_8f4VwQaAmZnjT3lPEhw"}
      ]}}

6.4.2. Complete

The complete operation is used to complete the binding of a device to the account regardless of whether the operation is initiated by the administration device or the connecting device.

The complete request is made to the service, not the account. The payload specifies the account the device is requesting completion for and the identifier of the completion message.

{
  "CompleteRequest":{
    "AccountAddress":"alice@example.com",
    "ResponseID":"MB3U-D5WR-CRBE-PM3W-BXKC-WJL7-7QMZ"}}

The response payload:

{
  "CompleteResponse":{
    "Status":201,
    "StatusDescription":"Operation completed successfully",
    "EnvelopedRespondConnection":[{
        "EnvelopeId":"MA6Y-NAFZ-GH55-QXQK-AVY7-M4QG-BOKE",
        "enc":"A256CBC",
        "Salt":"t31lj96_2DUNpdtw7r2j_g",
        "recipients":[{
            "kid":"MDZU-LVEQ-FWVC-ZTZQ-5ZVM-HDFW-CMCR",
            "epk":{
              "PublicKeyECDH":{
                "crv":"X448",
                "Public":"trxRbB_RWPzsJLQJuS5iNdPMwszuRy_57LsS2je
  LS09bRlPxgdGIgGQJRUYLE0HqUOg9uL33Y4kA"}},
            "wmk":"lOHUgxHWSTfhi_kPvC9ArgAmKjC-6UfiYqUVJj07DsWH94
  cuUHTCIA"}
          ],
        "ContentMetaData":"ewogICJVbmlxdWVJZCI6ICJNQjNVLUQ1V1ItQ1
  JCRS1QTTNXLUJYS0MtV0pMNy03UU1aIiwKICAiTWVzc2FnZVR5cGUiOiAiUmVzcG9
  uZENvbm5lY3Rpb24iLAogICJjdHkiOiAiYXBwbGljYXRpb24vbW1tL29iamVjdCIs
  CiAgIkNyZWF0ZWQiOiAiMjAyMS0wOS0yMFQxODoxNjoxOVoifQ",
        "SequenceInfo":{
          "Index":3,
          "TreePosition":426},
        "Received":"2021-09-20T18:16:20Z"},
      "xXWk3RzF8i5nBYkIGu4hQ4lF2LsVIIhhpBjit5AJ7dxNvShduybGoV-zy9
  tmXRTMY1VdFDS0QYYrTIzg2XOO4sT8KGljASTW4c5A-aMyW28brQ7QJEVi4GF3JtQ
  ejOqi2RdwsT-mdiHXhFu7wePWqQfnB_9cyXMK-uZUTXPwgito4inGZcYEo8EYiIrU
  AXuG0Dd-B67q-GeRh2Iu2JN_z713TxVmybokCOMDrrVsI2CA8ADDK-i7DxxRg0yCV
  FfMvASPMx3_S3QnX9mXsPfsGEbmZYNETJToG5MJIZqU1oUuQE1CrZi-K8DmeqUeZV
  zGHWRWoUoduax-MQcAH2Jznni0NNn6dqLyH2FHvMM--rY35_F-irr3ch3resI-sti
  y9m8nJnJZZrlRKrhNibVFQg9HS70-0BnM7smPWe_VWHTmghiFT2t0Y-fqqO7e15tc
  Em8hJWWnuw09iyKai5YOMC1Yc0GmLeKTyn12uV8_6V3pvAsZ-D7k6cCaDXY3hywcT
  Ls0yRX_kIdVl01atlGmsh5cRjNQxonqD4nxb-HQqJ2_zO2jUUq9t_nJsisKovlPx1
  Pgg2OTuulhe1aEV8Tya6kX9EMvst10mIMMTtEcL1ceZlVyqVDhx0hjvoE2bOTml79
  FDRNlFg8PMfrfvP3fIGEdhKlq90KymFnoALyglq3r3Q0scYtkfb_4ZkPstp2k2gg3
  48Lml7rmWH_aE34BugelmwghaFJhVwqj9l3hdGpiT8gZMtbZoELvvDcrlOQZx6skd
  _Gr3IWwQpLSIY-jXQzd_ffu6l8BHjg4wgD51esw4LpJAcsifdiyJYOO5U7hRWYNq7
  iOqAn8pwvkGO4OvgGUYx2suMFr-2y5JlZvr806AvR56NW3qUcPCBuVM9rJXzV9N0q
  dhiuiT3Hmrus61HaImNFzju1xOt6QKdxLLCqTbNNk9ymlQWFJkex8_YdEwCND48mv
  7cFm1QLM74G3vfTKjKLT-xEeyQegY5wq3zbUfsTIVRqUQ1ICmxFra4YvIkZTPN4DN
  Dlzk2IIXTeXRxsUKc5yGfBHj79qtshGSipkuffyStYCeoK1aXBKlf3XmgqDTpaF6G
  jZvXw11piVQ7lmsUbs6Uxi6OsNpzID2hZCueMuEyTq-4BNTzpxUs8eDJIEns9CSNv
  3UhwhvWFyw4tu7WHks6vuLtyKtAuLQCm3kbKzLHJNntQqGG-23j63mvURGPDT1Z6G
  6TOBQXHpHCyQJ1i06yySX1PBLyjv8qeuIFDdd5-UM4HTKm0Wrxcf9SE7IUcCQEluj
  TSYsn3zys7m2zaZvDi6RRH-LENkO9fnt1RIW5dxjbP25dyNNMnZ4Ua_yafHPpBQPH
  EzV3ygfaru9alVpTnTjx3ns-CxWNxwRjm4j_Kq-H4PTxwCjJ9HubwP-lTI406-zgc
  p_taEeRWG511llEgqcUdI7hsql7nRkX3zqfXhi5Y9H1aISd7kZ2M_J8fHJw10cadL
  OWrhB1MfO3M07m8xF3wj8ECN4ySlqOyNXRmAzJhOTbLozixv4wJ_Ol7_dJxECaUDM
  VdsugKzDmbB_oCrYYGKkIt8GTy_nbRjgQieNWYD6jG1uaX30sfRmyvGdTAME0p9-x
  bO_oDJ4glOVg_ePV743CxxVXIkwgGz7YL2ADm_jTfje8w542LweCBWsz1lmtr6nN7
  JVEB8Ri3bNPuOQ7NAIn840jJybANdIz2cetMGslmM7ECc-YjDBhJNYS-QS5B4vArW
  RAXso2Mc6cly63DgTg98rdCAurPS_mxHzXMGV_aQImdQ7rVotps6EdQT5URiSD-nu
  GjhG2q912ESWRidy0sBEaaxAIqoUI5XjQ3X3ANpGr1xnJU6e_uSzEUGp3ZupjJ6I8
  st6fPC8A5Yhf40FNsOgJKWhUo7uQtQozOyZVKo-xbmZlQHVI8HWS4BRBtcxpT73bb
  ncGZ3LKlThW87GGgUMDx2amlo2q9QlhwLki-gsFPy5mZSOIrLMd5mHaBo1qWGhIR8
  qp0rVZ2U0WW47xawjS1uCUxnKsL148yKrRB6BNNRPnSFn3bgrbg1upnt5MltkZ_yF
  _tq1XWIovOu9dzFBzcSy5Z5tOnMQFtCJVwMRfGzWMHCKXC0qL97atPO5oarSbaw7f
  y97MlafCasmcQanjypICUfSY_nC3VlRSeka3bhepKieC7iySER4fuRPPC-cSaxvEp
  f68xJuN2YHX9dWXQeneeA_k_1FpnV4r4LfmJh3Vup-7ZRVivgVJNzrVddUgEtEd5K
  7pgJ3mAzGFiDMwEKSy72eDJPsc62hj9mSfJS6Eo4segBOtTS6t5Ocsf-Fzr1AjHWI
  7O0To-YJN5Pp_thcvLAnCevjCKCuervAna8h4VXXuC08rDuUZIrsYG6Fj2s28FzHH
  xsP4OkP_DdhGpVlkfIqz9SDeYE7a_lr4OgJWEQapg_5qrYElYlsI8aUsJF_QSub2M
  X3LUzOhm5xD4n_93iHWr8AN0zPL_nMKfvonFZg66YlgqGgeMrhenDzI3nRQqeSlST
  CK3LtMqRyGINIeGiv_h3fwAm5kz5LtzkI-vMttaglQS2eQDBuNP9eTkR9rYktCnvh
  s0XuxXIZJrFDe_RQsr3GBT5TBaEaPnmb53DBVQpiz6Qpx8lUrYCVRv4r1WqXkoPSj
  EDTSnagNv77MqfM6Th5l2uapUXarLCHyxmBQntdpqBcnPP9Aw_ZlHu9NWLeGdM3ju
  z4Tu46YDBk5vatNVSQZl-wC_Kicm8t6iei_eF7gJOUvWk_VJKjqGpDYZi00-dZCky
  4yQcKl2PP_DfWk6s_N44dBTuGoo60fVbJep_j3L4rn7xotxLU77fFHR8281ciZF1i
  nzZtHRzrNLfG9nMHy1CGE7IA3IpXqGwOKU_dFZLE5I6luASiUvmIIhuZtWOiW4jqy
  Ifbl-oQGto6UekVIiXMMhZnWufVrqbpSrYckzDwxgGa-0O_ZEi6UQk9V2qbKNsNXC
  eKaUXkppbbVNKIhqdKeZwABd1Hc7GWT0omkhSha7WAJzFHlvia9fJpDUiTIP29yPo
  FzyMBPzhYi5YRBtHUpHBoeHdId8t1r9hQtv6m8o81GJ0ISHR9ZeluLVOK3mo-Syzp
  HcXDlE0vpbJIyk3_sHamLw4gGOucJklhrXPnhSEjfmBrX5tW0uiDy8l2-Yu4_4sh-
  NTlWovLPK7vYIw-WutpDXs2QIxBp8x2W84HckvagJU-03FIvlqs0mWaB5sNAaM-qI
  1_1XzrvkwJ1hz3GiSzpW_p1DfQDhBV-Cw62w0RSgRyO-kpe9SBewOAklJZ0nSLuhe
  9Rn8w4f6_WeIdct4rnW7DG-mzwgKjVwCqsmm0muNOP-x-6RX9JcGluXfQ_ze9oOGz
  ZesdGw6PL2aceuCRizEpZg_AU478pGoX2bmP5tUB9fw0LukY05XxU-j3vrP26LT0D
  aNluf0h-AjHdVbYykJH2LeC4bCRhjWApzwRdlt0mr9rt62a0DhFGFWiUkNtPpONGt
  Y0YAY4MX0sr92unxmJJPM8BRwmJ_jHPIZwtbouPXkMBYTObkV0Uwx1mD7EL4WPDEG
  UymOUjp3Aka2J_j2EByehOxyI99RfgShSDrm9iPj00h_XHoKeplQKLwfr9TdXOP9k
  z5bleJuCElH6U8MBXcRHpLOk4r8XUsfZzrYuYHEwYPPo_8wP6Ft3jn0OQI28qepfo
  6jWe0qHFIAUokZsCJ7Aht5dRw8m5yPNLAPpIFB_QhPNSUlr2eFn_nmNA9osd8Ld1z
  HuHS3Fkend7DzpolJvv9DUYVLQz25l0SG6pswvGdtc3kjexxQFMxLh1YmdNLhqmB7
  tAfGsMJhxYh7Of38QsmyW31d5HAF1TEYWS5xRZqFsiJPLyYrCaQAukHVcOzWM9J-t
  02YuqRYM84XPcFwKJN4pdv_y33_Vt5ccKRb7KA7vZ6RxEO89QgyYYSulBRmaPufS-
  9AJP4sO4feGLK4KKfu9wr4eDUAhoRTuhdpIRVlTlYIp26--_RdX3CyUkaidwWx7sZ
  er4BhxjMXxsWVg2RrMZvpWpaLI6tXh1gFjgE6deXSanC3eEqJk2b9-tbQN2rlSdQY
  N9tozV7Al2aDfaM72lONljjuety4ayAE5fj3no36pdF7Bxxw6Io_5cDtIlpyKdnE1
  MzkWUTsgs-y3Rkc03QebbNA5Y8cQiXUUMXaWO66ViHDJeW9tyV3y3ydMwklcGqu4a
  PAY_kSCSGN_FmJzSkPWrZAv8gheNTADx328132ECp29yftx5wJeYxuHmftM3adYAe
  rxM0mD91BRTzteBXgvvm84OgOAnj-KfW1ELRzstLZSnmFSC1-9vIRF7Jg10QS7wuf
  I4tEQU68oFV3njjK3kNni1k7HrvUu5k4fZ2gvZ-AtPzdvL08O1n8m1KSMSuFIydPR
  wPlkA0j9vgGMn4B55jU5J_nc2UAr-3ZZhO_NNb994mBZatPqjd4dtqO9pMbo0Gh33
  PHFlkNbid7SMZnz6wRgnAzqUu6ZekmnNfiBI0T8pnybxE1DnjmV2gS3WhcL9XNpfz
  tn-XdUPhN4IGqGpPWcV-MeemaJjYUumhjJb-mmdWf9IgPqDGSfHfgRjE7xS4ah3Eh
  LuMY8Er-vMuYaeFTkJgANoYcZ8TcpzmY4fJG3Dlasjr-VBGVbg1PYSrI3mOg5LAnO
  ECRhW9EOxYLNPQAV9Sew0o5YJnxFbatv7ZNGuSSeCcOfUwxZA1nBMd2YDBWBL_Rhg
  bJ34JZSzvVC4g-70Ug8O1WUeQidZO6o0IrrsOys2NxuDSpkpLMg9chVMt-JKgz0We
  YIaxmrhPvYSWK4GEjccSDEkpYmhrVhYq4fzwZukPIJMxZuhGJ2xH6jf8D1g9Zcaai
  AByxl-IOVnVfLrdJC1Yu59hnzeZkygxYlFYH3uIOYwM5LZjUfQQnBgw_Gl04Zd1j6
  ZF32q8DIJSm-xV4eiW-hLBICLqCfSY5KEHhjc0Wp9_BOHwe3OJ3bh4gst5Jhy47YR
  -8UczUkF2Ks54wwpYWBWGpUm-Nrf0fJ1iETtFfTaUuOOssGDmcnDuTm8HhEd3y8G5
  WRqVZJo1pVfN2tYhGpBo05GDTiRN9TaLTY7oRkE6qmFW3bRB-37Ja9Jwy1jzKcQQo
  u32xVx9ZXN2DjqikeTfHWeiwBjaveAjGXR-4VdFgfXo3-TzH3vQzuq1VW-xwoK1Kh
  WGx12e1fLkWkBr0Bts0OZDmZ4l_-ZlPa7oCLd4k-oBTpUXa9e2KoI9KPiZzMZeQXW
  Woxkm1LwQ5ZKUWZtZMYoOkvG880H7i262k2AIhpzT8a_5FvJoKJ_Cy3rcBNz-3X2z
  9ifVkbcr0Xhb4N3RipOM1HLwVRdFB5-_MglKWsx2lnHX7Te3yfTI6BIjEmj0vSgSN
  ZC3dIsOIHQxUfwXvNSZZ2TPtwiC9O_3NUQdNwXj892XWvqYhDFSyNBXxU6BGDBg58
  -LRZZGjrYZnqsyDVHt46dUIWT01her4JJQD-MMRGkO1ndDyvAGIziKfH1aQs-_5SW
  QaQqZc3yC3sZVvBUzGx9hCJF-DfvBVOErzzEPxC1XGgvsMk-rebf-IZTPg0U0GOpD
  -_wF-d5p2f6-bPpTC7tPLKyMnG_MEH9VCWIxU4S7UackGBtIQdC1NrWh7TIxcK3cg
  GeGIssp-jhk3OtglD7gCpKTKddG7U01kQjdTUgjINa_wgPTqk4Om7JEhCBfYncRPC
  9Jr1ftZSGE8NlzPRAyYKoi0Ec8cNKX20cGKEL1k3kIVwLNulIdb4vqOc_z7MnVgeJ
  Quv_6rJw5Mr7j9NH0FQj8EG_uTIlP7U_eb0uGX7A3Hq64QCABgxDqbpxn5hmWA9zW
  PUqxeQGACXwQ5baQtvM0orpYL1uB3WOFI0OCpjaHT1edcc4_X189ZpiIzPYSKwAoG
  F9ZyzObnql1HxHWXSsHqHoaNACLsvudKIQAf8Z0eVT67apHJMlUKDaOaD27PS14rK
  BThyRaRh3ZLPcl5kay880xtHVZkV7ICoC9h8S2AWtYz_OTqPmYyEAIMnLyhPR5fpm
  DinXsi8J5yyDqYpk3hkDpEiHmUpwIX_cVz07kzobNyMeXKM1E4s9BCkNaXH-UsvGB
  J-dROAnWUq8nqQl660BXeMUMopToHYnQFhWzU8qKYAtB0Tr5cnvMHKPJwXEFnLIOd
  _-ugn2VG4BFPefVm2G2HPELuN0-vJr-Mla9KC6_YYk0RReceTtc1Z1UIKZgtw8-NY
  Z7E1mxCmVUfAnEUqFDhDU4TPu8ry7FmhyubKW9q67KtC-95DfZxyiKD43Iv3T8pgF
  UMX0S2CRsSD_hUw4-UWFlGLB0pJwHPuCVdbwRcTmr_S8Asrw-Hpr3ORe-7zmz-tnY
  DRUJKwjP5xyR4VRpcmPPTXJNzjGX_KR_s985zE_AR4CIsV8X2Afvpd2W_D1SK9U7B
  ICcQRVrzsOoN9iHZKzGObi8EFHuPbbcz-FN--HqjF7-qIjb-D2YqiuXFTefiBkT3C
  etaRzkYX0AkCyK6bLMfjDwyc_Wmg62zD55nP_QDpqD7YxapbCYWTgVXy1SKvBveCp
  tFo7fmPiv9-BJIQRNVb0gcepaiM0jgYfFEkvMGtmdVwA3LhXys0bzpBlh_iWh6FOR
  796LzZgMaEOzKbQwqQjGJj7wb89v6Ehh9LIqfRXkQrd54N7bcp8t_sDK-6i-xkaGD
  gYAnUaV--CWL8_t11mBD35fd-v0m2R_c-bowVzdv-jEAeHsV_698X3ALeBF5F6Qzj
  WpXNWuyuzb1Cy7mU9vz3VmLGQXTedEQ9tyTvvNdUMXmA7K02FTsGox0W3KPQfnCi8
  6gFBBeJGo6N57POcEg6hsmTCDU_5r_FMXFqcQ5kC6rAhc2wzOWqAxwWEFF4N8Z12x
  SegGJYTKBMJwm8NMAtITBWTe1fDSnN6p0wRikFyrg2-X_8oYt8zAuaxq4S8asIX-j
  320RHcDk3P7nuxuL78LUcVagXLA_QNnapZtQPaxoiLQJm_7Kj0VMxuLyA6PENvuh2
  Ofii_zcmAwf3bWHYbhorjd20vwyvoHDqCLYihn2AWusupsKbFQKpsVTlJJqPw3GJ1
  8-BYBQyMrTEIDDbr3KmaX59kVO3M0rKH9lsAN0GUMQqu2NkLufMEhJdwWvC8lamIf
  gTmCGwSLz8lk_afFTuaTVQJmZhrLeE42SvKqbTBGOo-HgDNVZaZ4jKYfTJI1kQ_86
  pmF53dWWs7kzRjD3M5m8hTEAHQVthsaO4jcj_0WuCA4T5dZnTBMJXQezdy45xK-QH
  i_ccJAbd86gr94QvRChrfXDGkU0d_-c1Z36dfHpa5aVQJOQq9Q6IxEK5iiS_JyNTL
  plNVJK3pZzXz3H-7AgWEBSeEcFrW2eez82oo5aPppxcuojuYgMdhfr0wWFe5Ay731
  q8ld5UA0BWenS5d6afMvmJwy1EIoj8km0_51km3e717BDQLFZ6Y9UIuI9bb2SHNf7
  Ah3oSCaIAVr00TN0koe4VNe7LzBmjnl3On2Q3wKk3iTwpSanCKlmfNPayoS8wkqVV
  g17Q8k-sCnxsd3WmFhensg65MpohBY8np0dfsjYue6UNHzk3Ma25wUZZ_DsbQUfNO
  fXp0vVxcv11EICacgBeEcYen2DADIkSAFqySULpMCllLQT3qo9Q4uFN6lW6dsBuM4
  Ds01Fw6K26hbpDosC5YyDVjmfCJCEXMpAAZCxTW6QFQ-QkB3HGSOVOb1dNytXD0-c
  cF5jfMXFaNBI9YeT-sdLYVO-nxuFctPf4wAId6v6Z1tHlaQL8V-h1UtATQhMcK65P
  rZrhR_GzqSrv9W-nE3IMeKyrZBVLqX4QtaeTGF4hQPENSVic5D-gF_-4ciYI4QWkW
  fABVPlkTKUrUyP0f1P5gjW7_I0lRKkWkrIoNLRFuYVIYxJmC7Ef6eTi1ZBiIGkotG
  Abz59G8tdmTKyGcobMI4eXD4flegFanv2ic4F0FTVMtzkRMvMyX8kFFny-5CNBl7r
  PCjLd9KgahIOGqz23fqk2Pkc3TJolZrLbOEO5JF6nRBwProCBP0ZQZF2VkConwCzL
  2tZLt89dTYT48xnq6o4ine-gFJfAkBtIjTl-wqpY-1LmFn9nY5Ln_VmhOKZR4UbOP
  sKnu3EI0qh2XJkTtjmovvzRxf1AyX2reOeiyg3AGxBVaKAiUqhuCLt0S4u9HN27J8
  HNllgZrLFvzIId7xu6S5lRrU4G3JqBcwtvVycJ7OkUV-s7ZXPlrR5xKhRREAhzCur
  sSpO20xhl88-ko8W1jHyjMFG7Bm53ys1scxA-TRFK37eiLZzGhkWgO8IFbKV5QfaF
  gNZ_RR24FydKi9ym2K_xDJ0eTgfNFFbvr4A2HARgnPrxLT8N1st_9cUlyTs-ARqXA
  OC71a6nf4oSXzW7UIjQA1SR8DBkAcKo1bDvoLVrGFmBYtsEQyuJ7MdO8Rc3r8az7Q
  YTzyxx-DJ_TcQ8fYHXtnabs9k50Tf6pNmNBcIqNdokhjag4cqBYUB7HlBjmdn0X9H
  rq8e884a7UnfUjZa9xcP__BpR6SyDxpS4fCVM_LUQFO4myk3Bzdzroh6rrgZq5Vhk
  F3g0kbjd6mn25agaLme1nB6j2UF9q0mc-TeraEsNtgm21cn7spOv_fSgiLfv5gYVP
  bi1ZBZCmbRL1soLhuZhTM8s70fOf1FguM74jZljJrFMkAX6f0nKup9B6fG2srRV25
  7_61i_NpqONpzgupWRIJH4rciJ3th3Fn80YVY7kBIQNn8skCLV5MSztNym2F2Amum
  ncnX6QAXEU3qM3pzKe8WazYEYn8HiqYsX77p_AADVAKl6rXLxKCOOukf_RM9Boowc
  NC3o7QWpO5fslaOqRVldaLcYUXM9aW2A7PXte4XRr7ko7NBAnWjxefjysemZ8zVjK
  fpCoAZEWTYjQ5ljwYw5lFtRb-YGE9pfa8GI-vOUKdDib_TOpVK-TU0OlYSTgdCuMZ
  -ggfg9bTiU-05JilmGVwJmAWynGq3kutyJu0sGPsmzft2lrnGF8aptNt7-A5z1KUj
  atRsdBiWIsMt6KyrxSVic9lqpLKBK_OOUYxkjW0iw8bCqsxZWrk9ygckHJyTYaLFk
  WdF5QUtR1CNidOq4IXOJRGYlqGXY2GF0XvYXv4b8ybSidIBNz9_3R7hTBqBtFT6zX
  NsWhZirFm1Xai3t5Ue1r3DKC2gYv5hlNE1S5yiXv3wOat7-wZNDyr7xcSrYn3rFVr
  MwncwxbH91SzV9y6sICXvNqAIC3c3yO6KU_f3TOSAPfYhB8acRFsD4xxzPH7BrQvy
  YvdY6JzawPpXZtolwlCRuDyDMyGafZm4bYSsMdrOSv-BkldSZ4x6f1lxZZPRauaeY
  RoJiuYKkIiAZla6WrTd4wECnu2fsN9CBiZt5uUWU2bO4R3E7ZTX1Pj1wCIlUewBN_
  Tq5phzuW0DoH4Pp3fSEskI8MEhKRO16hPrt7-YqfBUFggInnttIqAX4mINWiJluuL
  SymjJLoniGOURBfY7lin5UGLhCtxNrKH7FvfezdaUdyXw1ogVm4AVrN9ore4FSFY_
  lWq0yKYcg4QRoeqXbxQyWfuMwdBMb7gwRyOVvjhxDAksX8j-4MvUd-6LHUAyQNLx5
  21PYjoBpmhZYgG3gEY0iNUrG1bfrilY62Az-LaVaQnpV09qKJYnO0M7-xtCbGkDxX
  d7LMwINGbxR5KDF4h2QDjXDICDa6htAozjtMexe0FzwDf4ELRKC_WQvD6zZjEudKW
  S3bBRgPaxyguVX4gZiTp_0VjevJSTWUbnXezwe5Xhf29E70pl_sM63E6-aOLIL2wA
  LUZBe91q6vey8v-NKmO9lMooi0Ipc_Wh0ZyYEJpncydmIUXHUJacvjtZwGAeSAuJj
  til2KiqBxMIV3j1gf6hz888bSksVue4G6eUqFMpW_ErV2ElX8HH661H9UKZO6IPEw
  Xjni4_MvRjMszeY0-hNIL71KGyiWG9O4ideJzIcjqyQbrX5DNr5e05dCrMyK3DxOT
  Log6Kb_pBWHSILN4VuOF7oZUBSU53sklM2H89dHb0WCRx0SP1aChPqN6lgtz6jXAT
  -DpIp55MF2NtuuFn5BAXQgo24ABu3nwyWrQ172NbFKnM4vmLEow2JFCqwdYMzF1U9
  MOL0l-wn8KahL8lUV-HpgsrWBrTpuI1wj2TK_fenBW_tZJNZJk_8DyfSrz7BqgbCX
  a1P_-ML8enN1HBKsVhIpYexbvIDQlU4QHg_8pD6ZzNlfjP-Kzgw5jD78BCrQB-KHt
  4HmMFevHgQhJzG2bbxLUb4FTDNMeQcPCxq2dXEuhHkYLPvceDh1wOQxd_xIsBwupb
  ltYODEykEp4x3ey6SOSI9RsadapCoI6ZRq9lb0fpN38W-QsLRm0jAcL6_Ey54oInJ
  zNxuDAASDqyLmWfMz2bQkjSWWUy3eJuIA0zS0MLv-OMAP73XtNYe4Ky85BeCpy3V3
  lslYxTIRnCBAZ7Bj4KO9XaWs2jzC61i-oeWarHl3P20hQwB_wqm1f1RqawBz0SfJi
  beRVWqcAyHLTCiyoV6gO0za5yATK2QLOHvzUaH7YvYdfw6woG9-yzMfAIeLZYK3Bu
  8FA9n0HNFiUZJZAhvhit-riGy9kydqakoO-znTRLsjQRNjLEIem-twtYAV7jirJNN
  uvk_8pWQE-wyPeWOQN6Q-aw1I_lau2kwxm1tyqjbxbVD01eYlDG1Pnb_5B0daBTDH
  6mogBotl02KvaH5fkiR12PFll5kpUUFX9qRK6Vc4pok1JpW1YEeICM1rr_wAQMu2M
  kPtwEwf_cUMLKtvDCNWOboLoyfpfh7Ld9-pPqO5VW8qAhNYrkyXaO9OKG4E1YbKF1
  Yy5KDj2VgGnV3In-6RA6Ikkjq_iyJRrEjKhdcoiQBRzGc5Gi5HaWj31ueHScbs_eh
  coyEIiN7kT9RPpjSvpXNKD3T8LTwhbVI8w2fhNEeaCzKWdYX5xkl8KxyQLaRUNbRj
  A3iPwbxoGhEJ0G-PX_irwLy3GPSz4YvsZWvKiJQcs5Ea8yhjQ3wsU8mUHBy9BD3ov
  eKzY0mJQ7sDx1ZvrHxJ3qM7tCXC5nAXuFEcosyHEbiNL1oVyFaEHGZTpK0-SZj2Eb
  dYAznsfpZSOHStzCoAS0wGynGMMpYNG4HFokSVjqVZZU0_QlisSqLBnI6sQiQ42kx
  ptaZnSgkW8qBKM2EUe_U2T2yq5OiUQl4il-0S5Idq98VYDl4AI2ZYuHHqwB_GAlO8
  5jlpnZthK3w3irCixRiP3n4z-VUutl3HsxtdjZkr2T-FLhRgpmkhvm6uks1geziQW
  8NbJVqz2h94zUsnqMAaqqIeZLeO7x4lKTgGuBJeS2WXRgTM3dnoRfowdVRD_T5TZ2
  CalQAc5nCswbCOzrMc6jOy0TqXP4tRBnIVn6_nOB5c_Z18MZ97OsF1Z3T9e-LLPqs
  qiHbN-tx5QoHp1j0hBdHmxn6CqDo2e6PvREN60xQBDq9RDQTa0rSQKnJi3SUN78_d
  c8Xlk57p2xhss8i_xG70OGHsJw9K8Z93tsNzukNFfzv2pv79jp5E_YSMTJvb2Y8Vn
  ErPhJgAsGN5KEtPnYqodGE44IJ2LJ6P12FXnZUjdnELi9GWd7Vf1yzN3zM-VuMhF7
  RKHJaHeXs0MXiR13GK8eVBnz-x4Eas2i64bPPkMCXe2syYjCIBQidgH8mpkAY9VD4
  tclvI2TKD1E_JHi6djEjnPcggZ-XUV68qTNaQCUbmYPxIigIPjjgqhv4_9WxtT2gD
  MeCg6zA8K8iO3OvXElBPPKfediBp1KH-XUchtmUzj3XTG8bculjRT5qxOdn5lp5_p
  phjQXVd9gxcGnPj0YXR3KaUl1XAEGzNRjMSYRdUzuwjo1GPU2qDuxPm4OFP7T747G
  QOAlYwtOtIQcUYgLGtBPb93n_oXE-TCVZLFvg2_R7Jd1qJgeOdrAEwSSu2_y1P9DE
  neh2p8iDTct2S3KutK6XS_UiCgRGE54RLrHgkXnwXz_NyUhdZrg-RBX8nsscf56vp
  UnX12maBQ9cL0MuBAEn3xZJncDozkzQuBXMg1AsswbK_AONBJ7ame5HN9qX-m18cd
  P3p_89we66DE-JqZcRfE85QGiVbchl_Qj0ntkhQ2Ha07TqOHuhJVLS7Ev3sfOmuHr
  q_96GG9XpcYhpBSeMx8nYGiHLXRvRjZaeQJ7lAFu4MerukdaAk1oRyQB7jxK-mfqu
  UIloGENoAMjfAev3hbpyi9iiU77H0Np1DlPpeMxfMk3rDyZvoUGZ6gAFA6L_SuTxO
  QBWJOsLFmZ_iGN6cCUMmBKopftgQCUoXoVg-9Z7Mk3ghphG4cmmeQ4pZwJcTTJDgC
  wwoV45X4GWbBR0pmNVfgx0EzECWeO-czMAkXPqrpQsCGdD-KXSnS0MNWovK4C0lU6
  7NTy0jmVzgezBL-WHgFlEZqTssH5XEiPrJPOVE68Wj3T0gP6LY6EjOWqfolRPfvyq
  8cjpis9j1Qqxz9QOq2wJqdQ7xxiS2_XF_ckbosKO8N0kXPoSGtI2-gqSmJVySziJG
  eWHmJgegn35OJfEI18s9X5tJ3SFZCkIwEYsi2_1iIBJqjTBIy3Kp0b1ZtVJYaN0_K
  jzu4Eq5gC6l5IXV-IT6CUNZ-sUSPTU9sqIADLmQbFAqo938gIpxjJxFh7JljWXG8K
  LLaaXA-_wKtsKjK72u6rzvw4vnR21kKJHIlX8Dn-FXFtmmeUvBpZZNRqZRogMuV4t
  OM52snu45MtsabMlmAUoxFHH2jB3Pb22RT-JRH7Jm-sYR1b2h6rAqnXC15SokJJnT
  WSIDN5XmX9KAvhJ1Wm5tiP7HmWi5zpW_-u_HiR8-TW6zFGdBK_LLNCWHzPbz_q1at
  5kvpM5QjwWeFpCvl0RyGEX9YIOIjtvdEedSrCXTLnjEth8aFEd2d1n9gIdU3HZiK7
  T0LD3ZIu1fkSq0bKhs5oR2pf6M6hCHbMzCn-6mS-Ep3z5PLbJWIPa6hlfX5lNy0d1
  7mnZuvQtoJi9A038yYxu6tmcYBpMPwXNWEodPvCmzsQC3bdezXI8MYhGlILq8JVLk
  xtnmwb33fq0WTI2qSKm1oMUKhhhTOCo6dJpCpOhTrObhj_FN0iHznNhsV1KVCYDrn
  2dbmMKCm2iscQLnS-9Betrx2D9qaOYJUQZ52-MLLufKNS2Cf8jZa55fKGDdxkLb5S
  gSK4GFfyL2zHyHnCNKhvSRgXJ5GZiN23Q7l7PQi9U1ob-8vryVcvGZowcmOhAYPXl
  rtOOZZUwhBnlsuGTFnJQUrUPzQJWkwB0_9b28QLUdlLkgQEuuLFYsA_DE1ir_UAKP
  Qd4f00wNZ85T4PqUOIw7VJIJMNRDZYTivTrCejx8TYTtBN9m1aG-sKmi26pR5PjTI
  ABlbYLmOeilPoOi6EUEdZu7S34bDhGuS3TQR-nRO6eNMw2SKs-xINf-96geK2xQ0v
  gADRZlrITylk3rGFX8rV9AutHhP7taoR5zISnlISmv31gXEDgku-qpXxW0Tvm5c2u
  xX8NBzGDY01nlHetFS8rG__WHOlCYOTzSoGJpS6m_S8l0yU6sIfKA2VuwLuDVjchl
  DqZ3yC3aNufy4_BK3hmFktOrj6ptbQc7aZpSFWlfdE6x-V6ApaEug_Fh7V8w_oERg
  JZNJKblhQmbJBUgHH74k3ZnbuIXBODt0mE8IN1rgbwvifrQwjTewLFgrEVviyJ8C1
  bBOeXY0PxJwm0rU7qSxmS67ONcOMykOdk2VvxUE2cx-c2lSXf_te_wVmYIpD0W33U
  wTu36tk0gw7frFO_9HChw51F3e0xa7F7ZuoJ8OQ7RqHeSc3j1vjkGgTa6Vr2hRye3
  q2_4rR4hUKYACuKNarBVCXKi9RV25U9HPaja41c0dBswgIvHLgVTpa_aAt7rO8DgW
  ivHC4q_sVx0qTZlpsTtcUKeVPJupP6SJMpckjfC-aCmEcZsTeLa_Nvd0ryUDe9tQP
  mH6LfI-qWIuz3HrBw5TADnvT0jclPqqF4PolhnXvdcEdCUtsY-2XPYAVe0uxtZtsE
  oHKIUAYh2psn7PAXOWWQP-e_H8faYMatxOgPxutJTPtbzp41h3Y2jH-BGAWG5uMGU
  BaTmhT5wqXODBaWwGTw_TIt1fFwfosekhUyTfmA1fuFVBGwELdvDciZN_-2n7IA9l
  vd0eV0pSDF93XHtCYCHiIz4QrPLJojv-Fa2skFFC2TO_ElnNdLrHdzdoxSe9hZRf3
  -ZoVkm7rKy88G8xuWe-Y5aMIj-fnMAnyc26x49wsmNSvfwjEpuV5D4uz8E--cQu4r
  zXLm2KZsKf0WG0S7kk4sDfm9dw-6RFKs4LU6ZTI5DnV8a-XIul-5Rq-SvesccylK7
  jrVy8XLXzn6lBl3XHFicmqxjzeiRytf1S_BnpE_G0ZHlMg5kyRGTMXun0DP6VdPw_
  O2GwoWH0Srj1xwGUALXmjKwU41YZnuJK3d2rgBcCAY2iSWDlnsSFKPL2uNgIei5hO
  VhMZMEFF3oJEY2A3kJsDSO2ENnmNVTS0KKXqvVprx7MkgqMMPzujBGnPYhhjQ_OHW
  9yOJi80qN2TQNOIykw5QOkfDwnZ1mYdXdWJccYjemFii6RJ7RMriHUyVPX_nm2ps4
  0uA-B7Rz6QlwNQplF1WfCDPu5d1bGtnGz7U7JgSZbUHpsbI5U9wwpNKA5I-h_wY7v
  dtrEpgJPTyoFkVryAYAmMbEwNnhhWiOwc3h1XvOqe_e3O4vCoUdHG9UAdnw_PjecT
  UCpYVxWaB47anLn5pUaw0yeAP4XqK_LnDak5tucjCjqJs1QGpxW5aMDC_v3k45WRq
  vLnENDUoBrgzbLdeyqR7xfATMwiGGEiLNiw3yK2b5pF89clJbA2482Qt8vH0JeaOl
  p0LT6liwLTzYzhfn6js6cnM-Hq3-lp-zYSHVj3Feo5iFQCjBNJ3TDJdvpy8FyYVDx
  xZl2ZlDePFxviXlRFl2A1mbB9YiZ12d0dkc9xtT4KiMH9HdORWAWd-4HLaqZ5JkFi
  a0CXLsNZqsJz3G67kbnPChmZXKUCWGiht0p-ZIuv_dG55gqSiKaXXPFGrkCH9TIog
  -D7sf6v-FPcVkELvjYsQxjn5JgABnt6bAs0ouzQkodAAKOfTQ3BzlPdUsTobjXaZA
  u87RJfyBx8IMGOqZL453axVivi0pMRC_ItVW7w-hR61SHG57LHaXsestA_u6fCX4S
  G1wi-sd4KIZ6vGLXx24DPCYvNMBYINZLklPKOqxIG1R5tC6te5M-pmbrnAw_CPnTj
  deGJi2GGSG5G0ZIsCxsugPaZjc-x_lqcToDNWbYB16R2KZmGDk2VbdEuR_cEGdDzw
  7BgIjEGsJwCC6hb1NV49W4foddXeglmcoQENQsJKeyWjbVQyZmQeAn03C-4sj6b_P
  cBfqUIFKeA0NMsQ1NatrjkTjcmSYiD2_0c0PcmbHlCTqMX0bilrlNocDs35r-iTZI
  jkxrc22ycKnJr5l8ZPO6V2gvOu2jrNtqx9xgM8N0j_qXhh475IAOo54D-Yjf4RCfr
  Y1MGKka0yYCZCVpTJdOeWF1OrpVf1k9Fb_v7-C0qSpCjo9iUgfjpT5oKwOmi0its-
  INCvMycyclxUUiLP64bnZrl7ZHXq7FEmHsj0iFs2h0dVzCESeqVEoVHq_epjnBhzX
  GQWpKoQ4_yP79kbpP890oBlaYz13lCd-Zkbc0b8IqhMh0VZWqJsXccQfC_LtqnMkD
  xL2ecXykncUT1u9FFiifn4wjdymr56SmFVhiFjRk_lZJg310SjoCTypPiiKolqz4T
  o-zV3EfN-lkm7wyxVfIrLjwSomavsvZ7lN1mL-g0225tYFcG7aMp85gmO2xz3BKFx
  lVc5s5MB8ObIjEPQzM0iFU7TqDtiqRzVpZFy2slQYZ5ej4MyvI3iaBT-X1cJtpZEJ
  EW0SA7N90dH2sCUB8Uag9OsZTinhW0gI-zzH1CFTUxoS7XeEVlruf4pwkxYghMJjV
  RQqOgqjppUko4vRCByYMQd78f4kKDnNpj6bWyPe5vPA-9pv4TD-dwVgxZ2trmiez9
  0RFwB9qAsTfi1gIq2VimmZtFu4Bj4Z4l0VoJ21FUde360HpEU1hGRij7fS54OHP9-
  kfo1UfZAH5SKM-YKxhP7kUCl8FAk8qKg2xrAJAoVVN-7TXlHDaLM0VCG7cvFk0pPa
  tiWFmcCNQDjS-4dLz7oeX-QZ1jw4QGd3LWQo1F_tw_qOfI7_XVk7tCGDh8poik1Jw
  sde6iCDxTg47dxsJNL8Q6L9sY5zBnMcmH2ZOnWfdojWQLm-IKvfbNCoaJQAk2VD8S
  B-cDAvxWzh6-f4CPPqf8aD-8TUnKuNyuZTovRkgJPX_Uuvvi6h1Ga9Z0JcNxFfPi8
  EfBfONMZ0L8a4dgBS1fMSBPx7ZMrI1YKrbY9Ysbnx9D-WShZ_cPOGXYKYSq8jMBFs
  L-EG2Gu2tXwzNhAMd71gMsqlsldQz39v-ID53tNRsujMpYwpbbU9JgJWpiykx1-9h
  cL6dlbRL8PoxJwU4LphJhQuUdIWFwxYSN3Kr1BmctEpgBHbHgXKuBh4t1uCbrrSKK
  myhbs63Gph5W-tILs_FrA-co0JkXXhUEPqTe2BeADdp2QlcxiPW0L02sRxKzGB4OD
  0fekgjUgHEypbw0MsEo5Xwv8sXwM98mpHh-Y7Yf4SAGB0kApGeagbGCmEJQ1HNyV_
  FCd9X5Rpp8f1HohD1RifwB6USwZB6nILCV37c18d5rx43dEEpxDSx2_IT2V3_QVNB
  IRy8eEOcSccssa80Trq2Cn74E32eE3RHfoRE5Y0ZYr8ISynhHqoMVKU1Lzx1TtE3Y
  CbRywQuQdf7Wgwv6QIj5sS7PEzPSAJWdjtAb-xn0AOrCkbbuWV38HG6DBqk2CpOle
  5U0qlArv6PyiToTyig94JEfX-_4olpmlR8E7ckxtEbdE3s_bOPycm7BSBSr84Ho1_
  EVUfR2m6DjAxMeHOn4bE5kwx5kFo3H0Ps3qN0rAnMAQpuCLB5tj47oiG3dSy5PygT
  yeHe0yuS-OArBTVAXPOSmldAeepJqBpZMqhlE8PAviaLrtYVa8xMO8pEu4JKcjTXO
  6tA675ALk_SudmgpjREbKuTR_T71igawG6Eic-ouuEcNTItMYWj7AYxgU7ZiAO4NZ
  vy9Bq7ayk3w-8CCTJtaXR9g9CYGOENvM0Ht53E0wovS4BeRTCOy31TQ8N4-O7vCzo
  rXyOC-c-UEoQI-qwYU5Tm8dEDCJ9ndQpPrXjlHTmG85RrWzkf7ByswledQ411sZFB
  StOEdakWb4a8SC1LCeJIPuNIgcYxI3OjmGoTj5xbH1P2jV1-DU8jva-59fKR8jos_
  zmFbd8lkXnlvbJbnX-HKNyLaTXt6mIzqd8tU5ECPNOmssb9nDKQRUJHScqgL0oS-e
  nXSyF06pyBh4-9xvLxvLvI_3L7SaVSDDI7PipVryF8kgFG1iCvmw4WV4VeZ-7mLCK
  gLkcigtWphntrAqqcEuCAGmMOL23qaoCL8tbMPibSXLHu_PLpmxK2RiJmdPzh1e09
  _07GfYAVu-s9-gq6dYrplOSfM1RVkwXDDe2Y4E4TkypzYnk-L3z2L21yMI-almqM6
  jgHBcDAB_6lRu__TCRqHNyaTTxFn9hlOrCppBP3Xd56LBRQ0KDWbeoIE-VTgDx4mC
  zi18u25tbrIU2_1J_X7Be2VI6pJ3xdxSQIQYsJMFPXLDLNi0Kvrqk6qQ9G8h_8-1d
  5TGLsfskVYRb-RpMlMMQHGwgbMmKDbi9PQGBdbv6hgXT7yNZS5BRcvcUsBkd7eI5_
  k3y7nk8YdvJXLCl8qNUEflmwSMJ2r_s-BbVMvwrrCIrsJocB1ejxbcch25O3qxf0c
  kAjBVyLgmgC8MlKirkyJF4O8-1NzF3RDLBAFsPD1EdwN4TL7TPeDmB5BL2joYdK_-
  g9w4AKsMB-wyDTfb8siaSEaWXDO5sYGbw86hNSXio4g9gMRCdwJTNU1n_3-XkpUAB
  OYSK2qzbMeyrAAIQr6lw44jLqxG8QwKuLE6RjFPlYfDuxZW1_hwY3gsmcb7aM05pN
  FrB0EhvG5SI9SIWyxCt0UMEEyooBCRdu_nOJD44UqTKA7LR65_P49kYBa4igWj-TP
  EWeFbGV5-JM9qDAcjV1gXhSQdFGcnrBifUwCXFdJiGNecnKoapRzozfIWcS-VEKgX
  n9HB_LWhkra5OX1pBIQGiBooLC9B-PeCPL-mJEjUTMQryRdXjnqigkblTD05brHXk
  eg-n4jnejD0dG1v6WMW_oUWgvg9iucP92VehS-koOrsC4ZlMgzwleKC131xfwxL7c
  cBR002eQXUQR4542ZuOub0uEOVFcn7UI3-7pS0rSn5A1DqP225oyITcNOgT1PF8G5
  _yUXKBAPFZfq3QwlLrP1NBoOKUInhYARZioL4euZb8loVA9Hd68G1ZSIP1Kq28X2J
  NSpZ9ScawuN1rwjggk_3CaeaEOmNzIU15kFhCYk5-bhMFwusYq6mvDKoHmbC2l71D
  e3-FF-WGU3Gj9mYDZ36h1T6qbzrUP5XLb6In_vgIo0o9DJY0KGm81AoYO2oVY8RBT
  7QJHMfR5_GfwNJCF3raap7vorJ20dOr8NXK5d6yDbX3r2AA8mlXG7YQUKNpiGwFuv
  O5rkynAQVHDfJ8LgNfHmCKflO80o4HvE5lNhNsgb80nUMU0o8DjzNU-u-XCaAm4oN
  qSvgRl6Ua1tl5BCOp6rv7Fb6EhbNHanC01yG5vYyNjFPedP35ez-goupFNl2qKvZE
  ZuFbqr1gI6qqdRbIqFwsdGUCQ-xtjf3_aUobjM3LqOTDvnYOAhwHYB7JHC1Bl0u55
  fhKAkv5jw6rvVmg-y33GVSs6jdITzNRjOTYaqy2iOA59Poh0QFvf3IYbg63vrgN10
  ATyTs9zTUIsXjuoTrkrg3kSz_4DRcZx2u_NCa4qaIAkbJmTuV-1T9jCRyvud34n-_
  MIWRTDOSxa6a5xxhRnWn1Xzl6aU-51vgF6Db3OIw_uoJjs3t_rn6vujcYpysIugyh
  xjUozTaAZv7vig8eefG21wv9qOv8TQjTpUCGlErRThjel-o4-x4aaZMSa4VKi_kHo
  kUG0p1QBGcB_zYfEwcPYX0AgR55uyDhnrl1uqBXZrS3vX9-jzX9EOoLxacUsoY_bz
  TLVLruW6Z-38K6SlW9k70aH35tf1Wrvbny6kAUhncbHzPa463XpWMbLHE_40-LtBk
  kBY9s7WzkXsa-jAeUZBKQBY_EERwPM54Ea-L4igwThP6I21DQMVAROPiv0buK37ZS
  TNE1Td-IWXiV1963ROQvkB658Xf_uHJHPi5m7cLDIpEtzH4bJ853XH9uW61GGt_kV
  O24tqx8l9dteQOm-PqH0yEguULXal2zoI4z62U_Fos_TpH4Zmw-Zw5JVyeTU_vWxj
  dVPaaZOV80FmUX3nrpf4lJbi912Gnj_1OSqHBl6QVmzkBRNSO-1gnZTyCZ4FEO4yz
  m3hHadO_DI9-A3GY6Le7kkyRbT7rhXTWVzHacI4Ul0LpcoNBTtBs637meoWoxcoRw
  ZsPIkUxdZHzj12HP1S8kmu81WK17-GIdzqc4JVR65YyTJo1SJisdPO89pr378s7LJ
  LLR3Np91UDLdf12zf69z5xXVfHRskeoIG0ljwZWN7IYsmn8Dppc-V0XXVgmREMJ7S
  DutlqDWhb7JAwP65emDavLUj-SDgV-Dikg1mF_9yT07ftEkVxVoo5V-buvuA3rvLN
  03vEgMgOcrXlYZo6wPppiqDWnokNQ3UJ2LFtyGLmS4fkEb-R3pDZgQGSJIChAleMa
  La6calMfDHhNaxyBPLlV3cqR4IGnHaWsT3_qerOvANSJtWreGcCcmXu3aZw_bGsao
  lD_GDpF-L4Px13Kl1F607U0SFEC4yvV0qtKZiYnS7CFJDEx6mbuETBBVyaNcGrg5f
  V1jnkNl0Vr9msC-h2LoXVxKQaTYCTwpTTIRAR3RBNrwLjsgXILcD5mubV5HQGgwJ7
  -dmwofkeou9SzSSyJlt3iPAjfgYD2h0w2of8hMSZ6xxPnLv8k0qK3gub1PyHetx2M
  kAY0DzzHEiunu4CClmpY233-5fJMqAugZj_AEGGX6fenhcHGOYD_dOZpThBc1tn9E
  Xnb1JGgqecaWhdIkeghjAPzdbizpImHtnSITL56w6cBNmgUfJfR_4k21JVFn17fpM
  sqmRO0DsRCOZoapVa-xD-5M6yG8F-GQ49HxaoxLAQDe9No5o60QQ_r19zlLK18UVp
  7HkBxXIkFDZQqKqBAkxiy_5QZFmf3fLTj1BOdkbgJgOBJo7YkZ7VBSXl3NMgR9ZH2
  VQAbbQnKusKBgff8sTRCzz3pfw4eBMkE70WMw9Veb97yx7CDScXG4viZrdi4Xg-2t
  LaAFL3wTVLf4E5nIIbSt0sU113i-JEH5nDNVnGwvEzQJ5ojH8yijY7juvstRUcdvN
  TLyukN1QOZE41dumpk-xJAJ3_ZoCwalnpHRsdiNOpw1lwCsCOuanB1gjQEioKvSQ8
  ri-Ly5SVpd3lKYxFsmJRXl4I3zOt_mlOUfJHqWYdVh0P_zV0a7iIWlkdh2135XD9Q
  35qSM5EUxuqWNXFc_q4fvjXXqAkO_Gli0Tm_C8cLPilVNjt9OJU8eL1Vvs2aztfni
  6nSZXZm0lHj4fmZBzPRNCDoarvFavJ6Cv7Qgzb9xHJ3fPsiz4ko7kqjQyRoYKb7pi
  XEYpvMSugFINvUU0iUeud46eaUSGC8S_AYhWtjleW1OsaU-qQ0gLfuJ50WT3Fh105
  TfFTewf7cn9Hj1i3pCps5YWL19pnyb7S5pQ0nK5gm-yI4t5ECHGJXRys2_azQNKxs
  prV3fFyD6-sy9UUyUxak3ri6xieIEuzv13BFQfYetWyJfSCdD9QjDbPBmSiC-2US8
  j1D24aPwscPK7TlAhwM154jXHIkqpUTCbJUIEkCT1lt6hUZ_XR9aI-IfxR37TP6Ky
  LtoImyJGBGWdwI2Y2wSqA1hRZOoKqjzfK0r1bOqz1FAdCW-wY9vBvqFsg2ycuij7B
  h9zkHmjMgKIUU82jDoZL-rkT8cyQm9wAL2fYxcR_O5BGrn7xJMjJSapIhIC22FH-O
  lmX_v5VBLRXzMseG6f919N-2dyL3OStCmFaF4Ypg3SDSS7_0JGSNAT20MK_59q1X8
  b4Ei4uiOcLccPCFeUi5pEdvkAAfnVQhS8MV6q6Ks5LUYRROG8n4EZEnl-yO1OVm4Q
  E_RjyrtYXbf3FQErmhlwrNp1dUWG0ii5PWQmtw_MY4LktRwTbZIF057xL-pe_rVIH
  VjLW-ZjSKUnLRxGKAVJ5QU42_tuNPZD0n_OjsKGqdiBRSXJ8Cw9Ce9iVQJjH-sKVM
  T7uvrHkVLhU6OQnxwtah4CPxZTLArKnxf2wrFhMEkVM21lGmbchPgJKSY3kCRfr2E
  lU8SkSyqc0ZeKGQIwB1nIvTaDpLdifoLbz7MSrUglHJcAxhmw859HcDzOeoVJ9_EJ
  GNRjeqpYVTd3aXTFY_plndwGHtCwZ4xuLWeKM7QGVNMMJfFM_ehV-voboFo9SVQnk
  Hp-tPgxxdCnaYvX878TUByxo4F_cJFge0h1f07RHi1BkmxWe4G2d3NlkAxe1SDnDN
  M1__ewLPUevCWWGIT6Lbh2MvldTSTpuYSnurNTb38TsLCysQ7sXpJEdwUkK7TKLal
  skZGzggdXrniVbiwxxehQ3Hxu-WJbZigM8Wv3VvNhtTkVyfEYvmytAP-uRO5s326i
  qwtzPSIPdsPCyxWc20MN4xtgz6nNLG0cyk1RD4GnZmZ0lMarJIbh8bnfhzA_SIK_h
  s1AoshxgBI1n50GizAnhlL1j-A0VaDgBbJoQtrZLjwwaIc_YLBoOm2QyTg8yWJypb
  zDvsdsuoeaIPpsn0bjjoflQOPQ-uhn9th0x9N0fm6kvMoHQ_g1oYmfZozAhBXoa3_
  k9TJIQVE4B5P9AMufeL6P_WY7Px4LkIxsqHTCF-BRShTvkB1r4QRLwasNI7WK38Nd
  Bg-LHfgNUFobmCzkjyY0roWESOMF-d4xVcx60INS5-NZqGoU8G_R2OR0E5VueR8um
  oLXKC1-NdNlRul3n47LV3RzjPy0csPObeF5Oal1Ci-Zsnu55jZZIE1H4hs_8M2_Ot
  LEfNt9TyDd-1GT4K4pDMAyywv1QEr2GcJNmVNTGU9CYtVTgLYu0cdK7gaDDhDhpnA
  0UzDiGqEd3QMxH71O9U-tqdmRkZLRQAhrbLYP-OroVeF7-BRmsZN2uwM4DMk1MTD6
  laptASMNd-MzO10PVigBS86OcDkVVmu5aGx0OW3m9DRxSztA4K_yHrPpNBmJQMIbn
  uYEe7Oe_3w_7rHRxaxRVJkXTQOxTYQSqSAJhI5maVpO6k8y5I2oEZTITHIiUUEcnl
  tQNZ0iDR5qCl5sQZPbTi59yjI5zF1c7uFdqJq0gBduILVqEzlzj20CuLaOaXWIQXu
  FTygNsxVvrJSUCAZx0EhDnAmmVVWujTx5y8JtX1Cq1VynX2-qzYBOYHHZbAUAAr9p
  7IYfy6dK8xsxiMIOGvDxCDj3p1vLYdSvm4TlilEnqUiGv8QZwG2cdVbKac5kXR8UH
  rVDg2v4MNq7WCX7jR5DhPvQO1vA6Oeeh8KGbQ8yeqBC2IiFMtxJww6bmlxM61fGWs
  VN5utWW4xu7VzR5wlIAyvib3oMwPW31nw4VgJOroALbpuhWa4c1fYvZeA7bl0ERv8
  jRYF6C-GDG1CB8e3zeUR6lNdT5MAY7sViw2St7tt5l5b7jdMucI81KoDEkPVKgwTG
  bKVSFKzt5lUf1J5TKShJ1fGjwu_33WR22JHH9BUXu9g5cgm602fAxik1fU539t_8n
  8s49URAuVwiVNBuiOw1xTh_Ad2Xph9HYtM1wsiRfHYAm-qM19enqZUYCDrsQ4YFaQ
  z-0tb9sfuORd_vMvXFqh77dRfRK0eC8NB1v-08UNO-8WuUOIhb4DYq8wzq562LBGD
  RMtFKvBOkgEcv1Z1QGOLPZHOooBtvrSs2G1Hw9fxhqyezMGRCVe5_B0LfRHpfyaVa
  H-0zgSixNQ3vqm7Y81qdZ9QNTqbl-d8hHTKXiEf_T3Z32qnduzfAtCUjquWYXRl6c
  h0yNy5demeVMq0EMhaShaV5H3_Fz6siH55NKCQUBT-wGuZVxSBttytsFUBO19ATeV
  cvIw9bFEc-nmssx_WwmYMFT4SIRPa_mOTXRmt-_xwTD8eCuoEJL25YbC653w2GlBh
  zF2Ca5d_tH8B-bqy6NkTDr7bMX9CUPbtotA1VFYvYYg2UMKevQs10ZoGAQlDWT8If
  KH_4-abrhB0THySu5QNRtlUAoOQ_UypSod3PyE9pDTu5TC01iGCxMljmIhMNqcOSH
  geqfDn25bVfhO2-ljf785hFHbSnBQzwTtnZlX9z_CjDdc5srdtB-kZTlV9hZkrwl3
  XsR9tlW5pO-5BBQgWjg9omFo70dlt_kdpo_iv0ggwH2j0019ieULuLSQjf8hO7mc8
  acSKAT9eTmsRZLQ6OT8cTG1JWI-nNhQLzG04ysw2Sc8Z1Qr5T94jDl23ohtLRP2kz
  -STlKKM_Jbkgk1MsEn8Uv-_o_7Pbw2TflOCuS9F3ofaf21ZvkcshLvL06_UV5TG0Q
  quyLJzKTW00cw24mBe8wm_l9aVtN-DMocoDuEEnS7MWkJ-EKaPDUipYTVok3Vo4tf
  T1h2t7veTh0vAAjZqfWfumtVXqFiWW3INQ88m80vifErbnMK2wYbm8N-l42cqilux
  ThmuACNR4-iF0WeZ_dNRLzrjz1XKfYayyKWJgrEuABKunHuMZgDpMYhPwfVer-rJK
  fyf6Toi_jvqXzYU_J3-BNuTfFTltWELeI7YyMvG43iFar8n_EInfC-cPUrfAst9zj
  PKFJmUrthGgHL7WxN25VWdk3eX4uaGuuDgsn_fZGCZT1SNdjAFOMxTBxLkBcPgAyS
  xfIb6tkQ80WGigJxghicDS7Ml2CC_dyY-UcI5qJ1uPcWRmDsABY-qA5Y8oRf2Unfk
  cUZ2HTkcSw-3e3bNysdTOZZaFDZpyeV0ATOyxerPWaBZ4TeDXKtW8pIqnKVCwiTTM
  R_pauf24XihHDeK020uNgw1NgIjmixGC17n-sKnEPCCvCipJWs5QhqKOOe7XqiEle
  g8n6l_EHtvvJ5iPQuwpmTdEu243cQRiuHCC5eIi5okwf7NiIbUkNhN7WecDEfeRWi
  J_I0HIK0sEOglVROLMF7asrdEAiQfOvDO-LrFXrl1pd12gL7348eIndT9PSmb86xp
  ki7fhRVmnpndCg6uPWLeQMlnsnZFMjI6kjCH8wz7tlscjQnkDaWMTGt8jzJSWEo2v
  09udF71B767PNMjMUvjkF88UWNjZLe-vlPrxIyIIYLqSHn1K_5UIGJ6CbP5vFazPX
  5C-queF9VCerX6KM4iEZxNHvcX2lJQdV3nxaFj-14_fUT-WOzPwbNZqXtDN1I6Oys
  hDzBYzmcLYuYmXl5XYENIdlJPVKWFGKMvry3ybEQrZT12X9-m44vl-SwvRun4N_Xz
  C7ZZwrgBp_Vz5STEsmMPt9KRVo3WWPELZT0-oDI0qXDFUSpmayzj5uEsMpEnhABUp
  ZJCMSkImHyjY1Z2hsEBCSokIbmu38baFJJVS2nA4Yu8TC4HRAFC5mxxkdTit9J96k
  VRAELHnBoD2x7OOkTtJy27CJcRQGpZjtebN4f9BrycRF-kqNQOsBYJaSRtfHKfTRD
  4zI2nsAAoC6ftybNtIMZFtLXqIEl0lBvvjHuaD8LaWbrB7vkMxOPMXI8O2Bh9s1V-
  lWxfu5OJTWCtNaxYpvtqWwFfu3lhGwOVqR4WZi9YR6wlh-aodAEQWiWGmCOa46IAo
  KWmvS38BJWdCe_ZATU-dmkXXKSgdylfxYj4z0TQCxJxtN4zLmjHA1JTpzcn0NPSRw
  AZN3ZF7MdW7IGaITVEDXBiYKAVFVIPEt1On3OHTOJg5v7JPv7SXCp3mYTt73M_L_3
  gWqvsXw_tchqVuKoPaNxhRFlckLS-pbTdloj6caU3Z4IKvHm_xESmzXTFNq4vgGQy
  srXQaSt-hVpa5FpiaLhvqqTV9LG2-YVugS6b4-9SP2g753onGdsb3lSSYYgKkStdp
  HaMUEN76WcBEF9ZF6bYKzLZ-ecS0zsVhuVzKr2QQlxf615ryzzMUiR9dbPxoIUZ-A
  18_zZmaXiXl4R-YbVxxbqPeZgrxO19J5KcKUzj47oUgmnmIS_Q_OoPobUcsfEqUv8
  sflIzZXQv_5BqHRxc8OHtJmuJuqHNnvnv1z4ObR4PQZJoHv1BjnCLAJSJb_BLZaJQ
  89CVi0VK53tpISPVm5zuqxRNspsHUl3d1NJ9vROlp_GNSMrU8qK3g5FvemVXNuk6S
  Io2w9hxtM7cwGo3cbL4QHkR1WUMLokyGuS2lOJzCmMKwFcjofvPS-uVsxy7rpKuGF
  -y06uudwhIQD_OMRF1-JNYDZdrWx--0JeFbDEDWMWkdg2td2OXZiK00CXZZ9ParFp
  1zMr5CjjsZyHbl0qeMlNFdX2k3_sBypUMTspTwYQiAZRf-otL_qwbroeBlBWxodHm
  LuAC8-5M_83p0c36zVFiW81q48s_mN0XZodOdjc9fyFdtkUxkzOF-L7ZqX5hjde4C
  8hVTZdQmEnEVOSYWy4saweBJU-3Ym6mtPkbTPcCvjiIWgPqBWT-ENNFPmobkuum7f
  T50tIGQil9OVBDCLB0NjBTSvHhLQ8d7ViqJdlu26cF-WNYLTTFDgcn3OlFucD8MIy
  deoa7N5Ge4w5WjJF_BwYfFdCfyyxAGKTgzYEOpL0DqspRMNjzRCud3aw2iu1X6OYE
  11QpVf6ZTKGcPkuYq3j53MbXBsLeZkvp6yM4TgXChrsqdN6BUUQQfvtwl33wHqUKh
  Y4PJEy4iso7OX6Ks9IcnTbO6i6DWyWVCq7eAS2243Fu__iEDnzWa_TqAX713V1KKu
  xpJjDreJULogaH5KHPtmtB3qVZFzxBsm0F9tBz2V-G8AkhgRz4RHPW1YNRE1ybv7J
  FO4viiKzH8K3b0xyGmn8vWig0sV05jm6h_wYW8glpdmJodDl1uYzeM0o1hs2ukjhF
  KKcws46Yf3At1hKiXrNaR98HppprHg5vLFk78hWSiL3Kol4PThisCHGQ47DYmX8m8
  IFdX61-PB2rwBL77OGa_izVNTPx4-mfABbF2MSMu5Evu_kJ5kJLdd5BuqNXZyihbq
  QOeXDbKGcRctHx27Gbbsus_l4683HWovnEpARKytbR7DDwYv3fTSuPIma3nKInGrh
  9J6RS40d0CtVsTD0b7GWg9V7bufKza6BXsYqap-O6I7lynucdIYvQFxv89IY08PuD
  F5iMjkxhDGtbc6pFWl_iV7XjFLlXXBYnhfDiTFM8Y3xunGM903dlrWQMLQeuw5Qe0
  rX1KYrhG02BhcUYixumcowowp5w4sM22-MTycgmwkm5BJXW8R2xVo7U6vPc3IJ_W5
  UOW_Dle_Ogmv6iP7-9QUmu5jSE5-EFVcudWntC7N3_Uy3-peyV_T3_t5dRgWILy6J
  CnR57BN7RiPzOORjHq69aRCgo-XswMLsv03v55fWzvSy9REsoc9PCIiGdhIxjFElH
  USZtx0Uees0u-leMA7op4Q_ZPNandkuuDpRaWW9xq4UnFtYf5kQPYeIHn_Rq60uTq
  k1uPIOq_g-vxEgUz13H91TeWTh4WDSr-1A3e29gSfLyDVcE8OfkRs8byW-GGY1Yyy
  a4DHhUC1pRnvsmmUZVRhfzngqHpWT1rhliFgrdtjsa7BiiHK-6LMmvis5kOkMpOFv
  dOn8uefmclYZBILU-Zk8EwTi3e9VOqu2Hm1qA-PLBlU9qXhG5quz4SVNsl_bYBG9u
  HOFBiLBy5YOnb97CGvWaEmqhzQUBWv4bkYH1IwNPKiwdch0iwJZXXnL2HgcUfllzQ
  sjUG4e9Bl4RVlnRAwQPb7ijugUuNuM1NlNgyBG7WcBKZv0picRdOCF3uqAGo71Hlc
  S4J4C5QZ5QWkvXh9rHHMLjTAIJ6hTsPY_Es32nFRyvasRaWzopL3NISOpI28w",
      {}
      ]}}

6.5. Publication

[Future: Consider eliminating this mechanism entirely and instead using messaging flows. The means of achieving this should become better apparent when the problem of publishing large messages via a pull mechanism is considered.]

The Publication mechanism allows content to be published through a Mesh Account and retrieved by means of the EARL mechanism described in Uniform Data Fingerprint [draft-hallambaker-mesh-udf]. This mechanism is used in certain flows supported by the Mesh Device Connection and Contact Exchange functions. There are two operations:

Claim

Post a claim to a published document

PollClaim

Check to see if a claim has been posted.

Content is published by appending an entry to an account's Publication catalog by means of a Transact operation. The content may then be retrieved by issuing a claim to the account specifying the publication identifier that is authenticated under the value specified in the EARL.

Use of the Publication catalog to post content necessarily requires that the content be smaller than the maximum message size imposed by the Mesh Service so that it can be uploaded to the service by means of a Transact transaction.

Publication of large data items will require modification of the protocol to support use of a detached message body. Transfer of a detached message body is outside the scope of this document.

6.5.1. Claim Transaction

The claim transaction is used to post a claim to a document published by means of an EARL. The claim interaction is used in the Static QR Code connection interaction but MAY be used for other purposes as required by Mesh applications.

A claim is made by sending a ClaimRequest message to the service to which the publication is posted. The service responds with a ClaimRespose message specifying the success or failure of the claim.

A device is preconfigured during manufacture and a Device Description published to the EARL:

The client claiming the publication creates a claim message specifying the resource being claimed and the address of the Mesh account making the claim.

{
  "MessageClaim":{
    "MessageId":"NCQB-Q5L2-AFBH-NB7E-FEI7-3QFE-ZONS",
    "Sender":"alice@example.com",
    "Recipient":"maker@example.com",
    "PublicationId":"EBQI-T2FU-LP4G-KIFQ-PMYI-V6XH-PZLB",
    "ServiceAuthenticate":"ACKX-DTYK-TMVD-T7Q5-FDK6-IJR2-DHNF",
    "DeviceAuthenticate":"ADZG-TVGE-DPQP-4Q4X-EBD7-PUSQ-JTTO"}}

The message is signed by the claimant to make a RequestClaim to the service:

{
  "ClaimRequest":{
    "EnvelopedMessageClaim":[{
        "EnvelopeId":"MDH7-B3JK-3KWW-XMRX-3UIS-AVZR-EJR2",
        "dig":"S512",
        "ContentMetaData":"ewogICJVbmlxdWVJZCI6ICJOQ1FCLVE1TDItQU
  ZCSC1OQjdFLUZFSTctM1FGRS1aT05TIiwKICAiTWVzc2FnZVR5cGUiOiAiTWVzc2F
  nZUNsYWltIiwKICAiY3R5IjogImFwcGxpY2F0aW9uL21tbS9vYmplY3QiLAogICJD
  cmVhdGVkIjogIjIwMjEtMDktMjBUMTg6MTY6MzlaIn0"},
      "ewogICJNZXNzYWdlQ2xhaW0iOiB7CiAgICAiTWVzc2FnZUlkIjogIk5DUU
  ItUTVMMi1BRkJILU5CN0UtRkVJNy0zUUZFLVpPTlMiLAogICAgIlNlbmRlciI6ICJ
  hbGljZUBleGFtcGxlLmNvbSIsCiAgICAiUmVjaXBpZW50IjogIm1ha2VyQGV4YW1w
  bGUuY29tIiwKICAgICJQdWJsaWNhdGlvbklkIjogIkVCUUktVDJGVS1MUDRHLUtJR
  lEtUE1ZSS1WNlhILVBaTEIiLAogICAgIlNlcnZpY2VBdXRoZW50aWNhdGUiOiAiQU
  NLWC1EVFlLLVRNVkQtVDdRNS1GREs2LUlKUjItREhORiIsCiAgICAiRGV2aWNlQXV
  0aGVudGljYXRlIjogIkFEWkctVFZHRS1EUFFQLTRRNFgtRUJENy1QVVNRLUpUVE8i
  fX0",
      {
        "signatures":[{
            "alg":"S512",
            "kid":"MCUM-SQ35-ZJUQ-TMTK-HB4X-57QQ-YK2Z",
            "signature":"WmjtRkJpq6QiqLNxY_ljzSrAUO-BzxDqK9yT-HB0
  gN1TdLw93Jsj2vkIHsdQOMmVbullSyjK66OAodsKV-DEPP2EUPHA7_iNu6HwHoOaa
  SJvtUhBaiYirIe8_-ufIpfZfRxZbQdrU7uIsD78Fw8JhBcA"}
          ],
        "PayloadDigest":"QeCfPNqPnIgnkZqOk5ocOCmmJUNa5Zj1DqhPE5OS
  giY_01726xlWNvmn10PwOwdQsuQpgyRxASzsi5z5yRMcwA"}
      ]}}

The publication is found and the claim is accepted, the publication is returned in the response.

{
  "ClaimResponse":{
    "Status":201,
    "StatusDescription":"Operation completed successfully",
    "CatalogedPublication":{
      "Id":"EBQI-T2FU-LP4G-KIFQ-PMYI-V6XH-PZLB",
      "Authenticator":"EADT-KVZF-RR6U-D6KP-NRYQ-TAI2-F3AU-4NZL-MBHT
-MHOX-SUNE-X7UK-P5WD-Y",
      "EnvelopedData":[{
          "enc":"A256CBC",
          "kid":"EBQL-DNYM-VM4G-UE4U-4PDF-UWSQ-7ONX",
          "Salt":"6TNjMCiVgB1PpVNeEaH-iA",
          "recipients":[{
              "kid":"EBQI-T2FU-LP4G-KIFQ-PMYI-V6XH-PZLB",
              "wmk":"bYJ4W7F-Oa7o5pR50uwdq4GCtF2wX3tgr3zNt2pTk7DB
  tHyUamIX_g"}
            ]},
        "ZrETLTXinD0jkRoz_OAYlnFRPAFVgVrORZM2qLUfNQts8qSkaTBoOQ2_
  CwTcH7htUnMhm8k9JZgfztKvY3ggmN-tf0gKnkY-nUc4UOBW7VXmkXYtnF9iEjtRq
  taIe0RbmeT5lv4P-1ahs2G2PEm3nqnyygfcfyRn_XJpXgICKGzIQvK2pjNXLHsRJ7
  Ef9yQg9tSQR0dk8Js_YaOeQwrP7XCogBCk2XSaPwyo-8fufIfSnbUea5ZcDdglnQy
  stbj-TKtM9WgNNBxy4BU4jXMZhu2_hPaOXFqYN5hFwr-uZXXi4iHsOg6Xo8qNHZ8H
  d__86f_1_9XPpggnHXjAFyIjSf7VDo3JR2Mv_lTXExlMfIjYpaclg2r_CmlkBNROu
  RqZPxKzMbLnSMLd_x1M5JkIO21UDq7wt5_Dm_R1AObLCqJnr5EyTeZ0UV5eqCENOS
  9oxLc4It4Y1vy4ZAwXkUVqgsQSV2j2tfOUDFmPtO3qrPuOsUoPViP_Vczxusp1KPm
  19vt1-ZG-PcW5KK9HK1lTN9Ym1Xp92hPh_p4S2tDsRtKf1L3EI3wgqWc3Czk5atk8
  VoM-Ty4kkYfwVpEp_tUvzq6T5j252NpdE2vZSbHt66yCHVs6XrPMAyYMWTUxLjcRi
  qEmVI-dFAoFbFUpVFfNN8u56eXfRQ16YG0YTwwsvnO9bFFiMP69Pup-SvcP9Eox7J
  76DAtI09IQFt6ohU1RUOHXCDRZPos1kI6T04vrfX_AEfnwDs0XgNk92zKx1KQ6IOo
  66HDY2qOFJgDdiES_xC3VjgQHD40D200CjXeVPjsbtBrEBZC9_y0E5fNT8mQb9hVs
  swheBeYZ0Lwobl2Rm1IfQAcul66Xhxur3f32ZEm7iD_npBi2TnCyp2rLPA88_PDV4
  pn1WBqSjB2QCSqi-GagQ-z9h-RbGig2ef_eQ3GdmT_YLVIzEVtsNhFHMWi2BlEUZ7
  jN3sS0vE4EBK_v18c9_yUxRunOzX9K4_VBBbBExXznHxydIHhsgDzU8cb5CcjKw0n
  6GkpbO4IrdWQPWwCNa8zTB_KlymiY2YykQ7ttd35kKHGVC7EzYGuIEPj-pnPyKmfn
  oClIruA1CNc5_De4fQ9PeeMnB-xibqoDyMBPxKnfUrHfYgZj1hvgfCFjfcf2Qqslc
  5UcUNZh94E6iNX4ScIeio_X2wfEkVUSkU675v6Cy2kH9LJ9LfdinyuPHpzHAqvHAX
  ePbu8lF1nCMhhrGgY7yD42pnobf5ljgFPxxvrKs8PElKyU-1Ciqb6bAOxNKlHZ9cm
  ZNstFlnPN-rWggw_n1lcHQDW4mCztdGtD3eevp6RcVlb5wA-5otl30qxqWR8p0Hhx
  lQo7gExMftfiRHiHzZG2-8OqkYRBlAsDIoGqPaMElEiG-FChvWfEHVNpNqiiWgpXh
  UfeB_FGjnv0fVT0B2jRcSh7A2s-JO0p9ohizC4E4yCdwY-d6G193vAhCyonQgVtgQ
  0rM1oAgXJ3sy65flm5MTRoPtRt2uBFmhza7iW-4IaH5_LLapZ3ry8Fct8-NV55XfE
  BmLiH_Ga0ASCD7yPb1ylSiMSMfOJ8VkdeUv09A__ZGETUOVxb1oTZ951pbSlwZdf3
  VXptUoKvqKzluYQWRv-QBvL2r691cPRMQWUQ2Yhafg4U43An5XhLSwBtt2As_Y06g
  lZiPmk0wrzkgrrd1eD2e9jJrH3_XKjL2d2FUeRLsNhe0YCqXxYv60VIWookDpDZY0
  GQmHa7I_bSRzBwR9QbIa5EafXMND8adCsTMH4cUWKGNwFK00jtSY8igc22NHljSmQ
  LA_bV2RdUVJ0tU2qnIWFPscpBcpYUh1PvrcSZ4M2ThiOUi193Up5-Y5Ibgz66F0Zw
  jtWgxCIUiz4oOEXLxmj7NkhLR7EFuWrKrNCUNhRgBDC2tlzwBnudaFeWnG019NeG7
  EC7D_osaloz1936fct2l81OKkOeBozPkT6xSpvtNQuTsfVvAFgE-XHRivhcD3DJ9s
  4YJpw2-aKqo5fJvS1qwxEQnQQZAbU8yoe7o0DSCBvbVIfZGjS448ksqazhlkE-1kS
  TB4wqCi5eUJuWDBCx3b1ykUONWLvqPmsIwe_lN4Jxg3RCVEpZBJ39EZ4uIKTmfI02
  jwkmNpvbRK52NwTHtYxsf7gRDQf3N7bUxppVsZqay49zW5fOxCHgfcBp9Z8NSw1Mt
  XNJ-SNKHbTFbpAwc5uvK4M6J30fZyuT1KBGYsmq5mxV-Oj35GOqLYmq9VCB39kvbe
  uuBDGEp_agvQ7azWUZ3UE-Goir0Vfrx3G0skadYfqPNz88YZzQAp5rNbaZoFgpjqk
  GibVRjaLM8watr_qClb1HJ4cHS-unDDv3PdFu4qVLlcuhOZduBTRi87f9WgS1XEzA
  Qlo9M3y2xlzfXurE6ZnFX8JcV5MYx2RmofAl17nduGesNaBNJ8CX-ho2ahJPFUf-P
  rlIdGPGRzHbCFO4Ol4naqsOv-Ji5jZc2Raz-MPyEc7SyBcdX0Ryd0WUcWZ9ao60qN
  rc0EufZPmJOE2g1wijQ-UUKKxXI6CX6n4QPy_E8w59XzjYf-IZTNkkOp34hDrhUcT
  61ReWo9rinqVGVDz6Ziff3z8YST02yYTaxG1PHoLp_y5j9oGSLovAvx1bWOXvajAx
  Uedy4GZxfsJr4EA3xZs8ayXilKffV_OEqR5vW32S3-qRY-L0TA_ye42kZ8FHAgvok
  EzJGl7bCFBgHt7z5sxyjUYPrvpCr5XWfhVY69jzwVBhgrPnaSOQ3m2j4-uxy_lZWD
  hxe5vrgIMBbhCAgzuTeDJtNdj4cJIuoLhNTJvHh4FyA9ne_b1LWbn_w7nssr0gBN1
  WHhz2FnxaFb-v-5TMTaS1kJy4FZUnAENM7ukDG07ND7anOV-6MK6lhX2tccQLI3wC
  sAzwwrfb6dgV-kS813rTK24DicNvnuKFFxJkQaA0fEUY7XUpnFjdf-k8YrB93zX5o
  COj-g0ucMrImDMS0-6Wsm8yd8eDUhVx9Zyb7HnCwA8DV0Ob7w"
        ]}}}

The device waiting to be connected uses the PollClaim transaction to receive notification of a claim having been posted.

6.5.2. PollClaim Transaction

The PollClaim transaction is used to discover if a claim has been posted to a published document.

When an authenticated, authorized request is made, the service responds with the latest claim posted to the publication.

The device in the example above periodically polls the service to which the device description is published to find if a claim has been registered.

The PollClaimRequest contains the account to which the document is published and the publication ID:

{
  "PollClaimRequest":{
    "PublicationId":"EBQI-T2FU-LP4G-KIFQ-PMYI-V6XH-PZLB",
    "TargetAccountAddress":"maker@example.com"}}

The response returns the latest claim made as signed message:

{
  "PollClaimResponse":{
    "Status":201,
    "StatusDescription":"Operation completed successfully",
    "EnvelopedMessage":[{
        "PayloadDigest":"QeCfPNqPnIgnkZqOk5ocOCmmJUNa5Zj1DqhPE5OS
  giY_01726xlWNvmn10PwOwdQsuQpgyRxASzsi5z5yRMcwA",
        "EnvelopeId":"MADV-CBSP-N4SR-6JQD-7ONP-P5EP-TZ47",
        "dig":"S512",
        "signatures":[{
            "alg":"S512",
            "kid":"MCUM-SQ35-ZJUQ-TMTK-HB4X-57QQ-YK2Z",
            "signature":"WmjtRkJpq6QiqLNxY_ljzSrAUO-BzxDqK9yT-HB0
  gN1TdLw93Jsj2vkIHsdQOMmVbullSyjK66OAodsKV-DEPP2EUPHA7_iNu6HwHoOaa
  SJvtUhBaiYirIe8_-ufIpfZfRxZbQdrU7uIsD78Fw8JhBcA"}
          ],
        "ContentMetaData":"ewogICJVbmlxdWVJZCI6ICJOQ1FCLVE1TDItQU
  ZCSC1OQjdFLUZFSTctM1FGRS1aT05TIiwKICAiTWVzc2FnZVR5cGUiOiAiTWVzc2F
  nZUNsYWltIiwKICAiY3R5IjogImFwcGxpY2F0aW9uL21tbS9vYmplY3QiLAogICJD
  cmVhdGVkIjogIjIwMjEtMDktMjBUMTg6MTY6MzlaIn0",
        "SequenceInfo":{
          "Index":1,
          "TreePosition":0},
        "Received":"2021-09-20T18:16:40Z"},
      "ewogICJNZXNzYWdlQ2xhaW0iOiB7CiAgICAiTWVzc2FnZUlkIjogIk5DUU
  ItUTVMMi1BRkJILU5CN0UtRkVJNy0zUUZFLVpPTlMiLAogICAgIlNlbmRlciI6ICJ
  hbGljZUBleGFtcGxlLmNvbSIsCiAgICAiUmVjaXBpZW50IjogIm1ha2VyQGV4YW1w
  bGUuY29tIiwKICAgICJQdWJsaWNhdGlvbklkIjogIkVCUUktVDJGVS1MUDRHLUtJR
  lEtUE1ZSS1WNlhILVBaTEIiLAogICAgIlNlcnZpY2VBdXRoZW50aWNhdGUiOiAiQU
  NLWC1EVFlLLVRNVkQtVDdRNS1GREs2LUlKUjItREhORiIsCiAgICAiRGV2aWNlQXV
  0aGVudGljYXRlIjogIkFEWkctVFZHRS1EUFFQLTRRNFgtRUJENy1QVVNRLUpUVE8i
  fX0",
      {}
      ]}}

6.6. Cryptographic

The Operate transaction is used to perform one or more cryptographic operations using private key material recorded in the Threshold Catalog. Such operations typically represent one part of a threshold key operation divided between the service and a device connected to an account.

As with all operations involving the Access catalog, the request MUST meet the authentication criteria specified by the catalog entry. These typically include the request being authenticated by a specific key.Key Agreement

CryptographicOperationKeyAgreement is used to request a threshold key agreement operation on a specified public key.

Alice added Bob to groupw@example.com as a member. This resulted in Bob receiving the invitation described in section ??? and the following access entry being added to the Access catalog of the group account:

{
  "CatalogedAccess":{
    "Capability":{
      "CapabilityDecryptServiced":{
        "Id":"MCPZ-HDVM-PCDX-BRN4-XODS-XA5Z-42H5",
        "Active":true,
        "GranteeUdf":"bob@example.com",
        "EnvelopedKeyShare":[{
            "enc":"A256CBC",
            "kid":"EBQL-ITZG-2R6Q-TMF3-YDDA-3N4T-VM5U",
            "Salt":"bJ6_c_OfrpkkZZCU-1LtYA",
            "recipients":[{
                "kid":"MCH3-3HJS-A6QP-RRJ5-HORB-3YTB-J4WU",
                "epk":{
                  "PublicKeyECDH":{
                    "crv":"X448",
                    "Public":"wNwbGaju-1ja9t61bMotJABp0H3VWQdML0p
  dcAz6-k1In8KJo-vFr6EEQup8esye4HlX3B0SNUcA"}},
                "wmk":"tYp8TUPingIoHyHsWvfRnpZNlXFesw9jUenfLC0LLj
  ShzQJlgWfU7g"}
              ],
            "ContentMetaData":"ewogICJNZXNzYWdlVHlwZSI6ICJLZXlEYX
  RhIiwKICAiY3R5IjogImFwcGxpY2F0aW9uL21tbS9vYmplY3QiLAogICJDcmVhdGV
  kIjogIjIwMjEtMDktMjBUMTg6MTY6MTdaIn0"},
          "xw-RW7CvLuJl9zhDJxcbMw2UeTPuVU637VrHpgo3pcAMaOq-pVknNr
  xDMRFE3MnpSseqwKCepc2_489f3GZLl0unDhPnfrXrFaX4Mu54eEZlLCJ-_6ujksg
  lfMvvs8_elodspsKfaYbsApw1Qwazfy840AXWJkIFmzt2u43DtpPMhQpDrF46SD6D
  1fcZ48gcgZzA66C-ompAfrpF_7gTyjiizK5pGnjfMHObPqNlD3M2xEGDxGD6sQBet
  kEJZhD9L95Nxbw8bNzm4e0a8Bk--NWyzPL89OICTJrcMUpdb9Hw3NVMWpG0GvneZ-
  ItdMU44V8SJCaiRznm-Uk0P1d4kqJzGbg4tfaqrVYi4dOLq0sdXQJRe5elNTnceYR
  bzMF4wqsFjkh7LpaKUsiYNp4dmy4w7N4t9f5hXXw6o6zPk3y5fpCmK6zghcyw3hJJ
  u-nkANieu0I-xWNei7Pkn6fQKHJaf2l6igdcDC-PPxozKpi44FIMx9tjawkdlvQHA
  rAefxTiy8uCZWyYhhWZyKk2o8O9LN5jI2bAfHMUAJPp5-SMM0dT-UqTJHnD5PWWaA
  bPba2EHeQBWq39vLsmQr52GJC_ogtPWO--CEfhZYdDHCgRD96DFdJee9UUspehU2b
  6NLhptnz-Z84-lsQL659JPx-AtiYOs8vgzTgtOZRQMNpmeQ4UIwsWVTGhfdEOfAb6
  WT1kZKS7jDTRiQfz7JLAgw"
          ]}}}}

The private key (in this case a key share) is encrypted under the service key.

To make use of the access entry, a request is made that specifies the key share to be operated on and the public key parameters to perform the agreement with.

The request payload:

{
  "OperateRequest":{
    "AccountAddress":"groupw@example.com",
    "Operations":[{
        "CryptographicOperationKeyAgreement":{
          "KeyId":"MCPZ-HDVM-PCDX-BRN4-XODS-XA5Z-42H5",
          "PublicKey":{
            "PublicKeyECDH":{
              "crv":"X448",
              "Public":"DdA69XYL5v6HgeNEPLql1dpKqdEwoAlKJEF1AbRqR
  Fnf1GUqiEm7Bg8jdCFhE6weFkArPQspXzGA"}}}}
      ]}}

The service checks to see if the request is authorized and if so, performs the operation and returns the result:

{
  "OperateResponse":{
    "Status":201,
    "StatusDescription":"Operation completed successfully",
    "Results":[{
        "CryptographicResultKeyAgreement":{
          "KeyAgreement":{
            "KeyAgreementECDH":{
              "Curve":"X448",
              "Result":"8ki73pVcpL3IcSt5ocXVHxVeWS-tb6ZPgTU2ZVH_c
  ltOQeDD2HBesbZWIbsWBhuGyFaNt8H0npqA"}}}}
      ]}}

Future: Currently, the access catalog is encrypted under the service encryption key. It would be better to encrypt the catalog under an encryption key specified by the service during the process of account binding. This would allow a service to assign a unique encryption key to each account and limit access to that key to the hosts servicing that specific account.

6.6.1. Generate Key Shares

Generation of threshold key shares is planned but not currently supported.

6.6.2. Threshold Sign

Threshold signature is planned but not currently supported.

6.7. Messaging

Mesh Messaging is an asynchronous messaging service that allows exchange of information between devices connected to a Mesh account and between Mesh users.

To enable effective abuse mitigation, Mesh Messaging enforces a four-corner communication model in which all outbound and inbound messages pass through a Mesh Service which accredits and authorizes the messages on the user's behalf.

A e b o s S b P M P i A c B B c l s ' M S l o i e '
Figure 2: The Mesh Four Corner Messaging Model

The Post transaction is only used to exchange messages between services. The client sends and receives messages through interactions with the outbound and inbound spools of the account.

6.7.1. Sender.

To send a message, the client creates the Mesh Message structure, encapsulates it in a DARE Message and appends the message to the Outbound spool of the account using the Transact operation..

The DARE Message MUST be signed under the account signature key.

The Mesh Service receiving the message from the user's device MAY attempt immediate retransmission or queue it to be sent at a future time. Mesh Services SHOULD forward messages without undue delay.

6.7.2. Outbound Service

The Post transaction forwarding the message to the destination service carries the same payload as the original request but is authenticated by the service forwarding it. This authentication MAY be my means of either profile or ticket authentication.

>>>> Unfinished ProtocolPostServiceService

[Not Yet Implemented]

After the message has been sent, the service updates the message status on the outbound spool.

Services SHOULD implement Denial of Service mitigation strategies including limiting the maximum time taken to complete a transaction and refusing connections from clients that engage in patterns of behavior consistent with abuse.

The limitation in message size allows Mesh Services to aggressively time out connections that take too long to complete a transaction. A Mesh Service that hosted on a 10Mb/s link should be able to transfer 20 messages a second. If the service is taking more than 5 seconds to complete a transaction, either the source or the destination service is overloaded or the message itself is an attack.

Imposing hard constraints on Mesh Service performance requires deployments to scale and apply resources appropriately. If a service is attempting to transfer 100 messages simultaneously and 40% are taking 4 seconds or more, this indicates that the number of simultaneous transfers being attempted should be reduced. Contrawise, if 90% are completed in less than a second, the number of threads allocated to sending outbound messages might be increased.

6.7.3. Inbound Service

The inbound service MUST subject inbound messages to Access Control according to the credentials presented in the DARE Message payload.

After verifying the signature and checking that the key is properly accredited in accordance with site policy, the service applies authorization controls taking account of:

  • The accreditation of the sender
  • The accreditation of the transmitting Service
  • The type of Mesh Message being sent
  • User policy as specified in their Contact Catalog
  • Site policy.

6.7.4. Recipient

Messages are received by synchronizing the outbound spool.

7. Message Interactions

Message interactions are asynchronous interactions that occur between devices connected to the same account or between accounts.

All messages are signed by the sender and encrypted under the encryption key of the recipient if this is known to the sender.

7.1. Message PIN Interaction

The Message PIN Interaction is used to register and validate PIN codes used to authenticate certain transactions. This interaction allows a PIN code issued by one device to be consumed by another allowing for greater convenience in managing devices or contact exchange.

For example, Alice might delegate the PIN code issue privilege to her mobile device without delegating the administration privilege to that device. This would allow Alice to use her mobile device to initiate the connection of a large number of devices to her Mesh as her house is being built and approve them later using her administrative device.

Use of the Message PIN interaction is optional. An application that issues a PIN code to authenticate a message MAY store the PIN value within the application without persisting it to external storage.

Derivation of the SaltedPin, MessageId and Witness values from their respective inputs is described in the Schema Reference [draft-hallambaker-mesh-schema].

7.1.1. Registration

To register a PIN code to an Account, a device:

  • Generates the PIN code value
  • Calculates the SaltedPin value for the specified Action
  • Calculates the PinId binding the specified SaltedPin to the Account.
  • Creates and signs MessagePin containing the SaltedPin , Action and Account values with the MessageId value PinId.
  • Appends the MessagePin value to the Administration Spool of the Account.

Note that this construction provides limited protection against forgery attacks by a party with access to the MessagePin. A party with such access can use it to construct the witness value required to authenticate a request.

PIN Code values consist of an opaque sequence of octets represented as a UDF nonce value. Codes are presented in canonical UDF form, i.e. Base32 encoding separated into groups of 4 characters. The PIN value is converted to binary form for calculation of the SaltedPin, thus ensuring that the canonical form of the PIN value is used.

7.1.2. Authentication

The PIN Code value is passed out of band to a user who will enter it into a device to authenticate a request made to the issuer.

A request that MAY be validated by means of a PIN is a subclass of MessagePinValidated and contains the following fields:

AuthenticatedData

A DARE Envelope containing the data that is authenticated.

ClientNonce

A nonce value used to prevent certain replay attacks.

PinId

Digest value binding the SaltedPin to the Account.

PinWitness

Witness value calculated as KDF (Device.UDF + AccountAddress, ClientNonce)

The device uses the PIN code and Action identifier corresponding to the desired request to calculate the SaltedPin value in the same manner as during registration. This value is then used to calculate the PinId and PinWitness values.

7.1.3. Validation

The PIN code is validated by performing the steps of:

  • Calculating the SaltedPin value from the PIN code and Action
  • Calculating PinId from SaltedPin and Account
  • Retrieving a MessagePin from the Administration spool with the MessageId PinId.
  • Calculating the PinWitness value from SaltedPin, ClientNonce and AuthenticatedData and checking this matches the value specified in the message.
  • Performing the requested action.
  • Posting a Complete message to the Administration Spool of the Account marking the PIN code as used.

This process can fail at multiple points resulting in different error results:

PinInvalid

No PIN code is specified, the Pin code indicates an unsupported algorithm or the calculated PinWitness does not match the one specified by the request.

PinUsed

The PIN code has been used previously.

PinExpired

The PIN code is no longer valid.

Note that in the case that an attempt is made to reuse a PIN, it is not automatically the case that the first use of the PIN was the one that was valid and only the second attempt was invalid. Implementations SHOULD alert the user to the attempted re-use so that this possibility can be considered and appropriate action taken.

7.1.4. Example

Alice connects a device using a QR code presented by her administrative device.

The administration device creates a PIN code and records it to the Local spool. The message specifies the salted pin value used to verify attempts to use the PIN, the action for which it is authorized. Since this PIN has been issued to authorize a device connection, the roles for which the device are authorized as well. This allows the connection request to be accepted without asking for further input from the user.

{
  "MessagePin":{
    "MessageId":"AAAR-P66O-KGTI-QY6C-CXIW-OMCV-WQZI",
    "Account":"alice@example.com",
    "Expires":"2021-09-21T18:16:18Z",
    "Automatic":true,
    "SaltedPin":"ACZI-EF2U-AAIY-R5MY-KXZ6-UYAF-NUSV",
    "Action":"Device",
    "Roles":["threshold"
      ]}}

7.2. Completion Interaction

Completion messages are dummy messages that are added to a Mesh Spool to mark a change the status of messages previously posted. Any message that is in the inbound spool and has not been erased or redacted MAY be marked as read, unread or deleted. Any message in the outbound spool MAY be marked as sent, received or deleted.

Services MAY erase or redact messages in accordance with local site policy. Since messages are not removed from the spool on being marked deleted, they may be undeleted by marking them as read or unread. Marking a message deleted MAY make it more likely that the message will be removed if the sequence is subsequently purged.

After using the PIN code to authenticate connection of a device in the previous example, the corresponding MessagePin is marked as having been used by appending a completion message to the Local spool.

{
  "MessageComplete":{
    "MessageId":"NAHJ-Q4GZ-SL2H-TXDL-55SD-YDY6-EA72",
    "References":[{
        "MessageId":"AAAR-P66O-KGTI-QY6C-CXIW-OMCV-WQZI",
        "ResponseId":"MB3U-D5WR-CRBE-PM3W-BXKC-WJL7-7QMZ",
        "Relationship":"Closed"}
      ]}}

The completion message is added to the spool in the same upload transaction that adds the device to the device catalog. This ensures that both operations occur or neither occurs.

7.3. Contact Exchange Interaction

The contact exchange interaction is used to support unilateral or mutual exchange of contact information. Contact exchange has three functions in the Mesh:

  • To exchange public key information to allow encryption of messages sent to and verification of signatures on messages sent from the contact subject.
  • To exchange contact information allowing use of other communication protocols (e.g. telephone, SMS, xmpp, SMTP, OpenPGP, S/MIME, etc).
  • To request that the recipient grant privileges to accept certain types of messages from the contact subject.

Registration of the subject's contact information in a registry service eliminates the need for the first of these functions but not the other two. To prevent abuse, every Mesh Message is subject to access control and a Mesh service will only accept a message from a sender if there is an entry in the Threshold Catalog of the account that expressly permits delivery of messages of the specified type that are authenticated by an authorized signature key.

The communication of unsolicited information afforded by the contact exchange interaction is deliberately limited so that a majority of users can accept contact exchange requests without prior authorization. It is however likely that some users will receive a considerable volume of requests forcing them to require contact requests be authorized through some form of third party accreditation.

7.3.1. Remote

The Remote Contact Exchange transaction consists of a sequence of MessageContact messages sent from the initiator to the responder, responder to the initiator, etc. While there is in principle no limit on the number of messages exchanged, most exchanges will be completed in three exchanges or less:

Initiator to Responder

Contains Initiator contact data without authentication context from the exchange.

Responder to Initiator (optional)

Contains Responder contact data authenticated under a PIN challenge presented in the previous message.

Initiator to Responder (optional)

Contains Initiator contact data authenticated under a PIN challenge presented in the previous message.

Each message provides the recipient with additional information which MAY motivate the recipient to provide additional contact information to the sender.

{
  "MessageContact":{
    "MessageId":"NDAP-F3KS-HNFO-7I3L-2ZHA-IGKR-3RGZ",
    "Sender":"bob@example.com",
    "Recipient":"alice@example.com",
    "AuthenticatedData":[{
        "dig":"S512",
        "ContentMetaData":"ewogICJNZXNzYWdlVHlwZSI6ICJDb250YWN0UG
  Vyc29uIiwKICAiY3R5IjogImFwcGxpY2F0aW9uL21tbS9vYmplY3QiLAogICJDcmV
  hdGVkIjogIjIwMjEtMDktMjBUMTg6MTY6MTFaIn0"},
      "ewogICJDb250YWN0UGVyc29uIjogewogICAgIkFuY2hvcnMiOiBbewogIC
  AgICAgICJVZGYiOiAiTUJEWi1RUEpOLVM1Q1ItTFVGTy1WUE9RLTVaSzItRU5FNiI
  sCiAgICAgICAgIlZhbGlkYXRpb24iOiAiU2VsZiJ9XSwKICAgICJOZXR3b3JrQWRk
  cmVzc2VzIjogW3sKICAgICAgICAiQWRkcmVzcyI6ICJib2JAZXhhbXBsZS5jb20iL
  AogICAgICAgICJFbnZlbG9wZWRQcm9maWxlQWNjb3VudCI6IFt7CiAgICAgICAgIC
  AgICJFbnZlbG9wZUlkIjogIk1CRFotUVBKTi1TNUNSLUxVRk8tVlBPUS01WksyLUV
  ORTYiLAogICAgICAgICAgICAiZGlnIjogIlM1MTIiLAogICAgICAgICAgICAiQ29u
  dGVudE1ldGFEYXRhIjogImV3b2dJQ0pWYm1seGRXVkpaQ0k2SUNKTlFrUmFMVkZRU
  2s0dFV6VkRVaTEKICBNVlVaUExWWlFUMUV0TlZwTE1pMUZUa1UySWl3S0lDQWlUV1
  Z6YzJGblpWUjVjR1VpT2lBaVVISnZabWxzWgogIFZWelpYSWlMQW9nSUNKamRIa2l
  PaUFpWVhCd2JHbGpZWFJwYjI0dmJXMXRMMjlpYW1WamRDSXNDaUFnSWtOCiAgeVpX
  RjBaV1FpT2lBaU1qQXlNUzB3T1MweU1GUXhPRG94TmpveE1Wb2lmUSJ9LAogICAgI
  CAgICAgImV3b2dJQ0pRY205bWFXeGxWWE5sY2lJNklIc0tJQ0FnSUNKUWNtOW1hV3
  gKICBsVTJsbmJtRjBkWEpsSWpvZ2V3b2dJQ0FnSUNBaVZXUm1Jam9nSWsxQ1JGb3R
  VVkJLVGkxVE5VTlNMVXhWUgogIGs4dFZsQlBVUzAxV2tzeUxVVk9SVFlpTEFvZ0lD
  QWdJQ0FpVUhWaWJHbGpVR0Z5WVcxbGRHVnljeUk2SUhzCiAgS0lDQWdJQ0FnSUNBa
  VVIVmliR2xqUzJWNVJVTkVTQ0k2SUhzS0lDQWdJQ0FnSUNBZ0lDSmpjbllpT2lBaV
  IKICBXUTBORGdpTEFvZ0lDQWdJQ0FnSUNBZ0lsQjFZbXhwWXlJNklDSlFWemczVkZ
  STWFrMW9RMFV5VjJsTllucAogIHFlWFJLYmpSNVlYVTFXbkpwWTFkNmJVNUlZbWh4
  UjNsR1MzWmZkMmR5Y1dkdUNpQWdialZSTVZObVkyTlFiCiAgM1ZFWDBaa016QlBVa
  0U0VjJsQkluMTlmU3dLSUNBZ0lDSkJZMk52ZFc1MFFXUmtjbVZ6Y3lJNklDSmliMk
  oKICBBWlhoaGJYQnNaUzVqYjIwaUxBb2dJQ0FnSWxObGNuWnBZMlZWWkdZaU9pQWl
  UVU5hTXkxTk1sQlRMVk5HVwogIEZBdE5FdzJXQzFTUzBkUUxVMUxTa0V0VWpWWFN5
  SXNDaUFnSUNBaVFXTmpiM1Z1ZEVWdVkzSjVjSFJwYjI0CiAgaU9pQjdDaUFnSUNBZ
  0lDSlZaR1lpT2lBaVRVTkxTUzFUUTA5RUxVUTBOMEl0UjBWTVF5MVBRVFJITFZkSE
  4KICAwNHRWVVZLVmlJc0NpQWdJQ0FnSUNKUWRXSnNhV05RWVhKaGJXVjBaWEp6SWp
  vZ2V3b2dJQ0FnSUNBZ0lDSgogIFFkV0pzYVdOTFpYbEZRMFJJSWpvZ2V3b2dJQ0Fn
  SUNBZ0lDQWdJbU55ZGlJNklDSllORFE0SWl3S0lDQWdJCiAgQ0FnSUNBZ0lDSlFkV
  0pzYVdNaU9pQWlSV1JFUlZabGIwaHFjbWw0ZW1Wd2VGVmFPV2hvWWtKelJ6TjBSRT
  kKICBuY3pCSmFFOXJaMk5RV1RkNVMySk5OblJ2TkhoWlh3b2dJRmxDTUhGWk4yRkx
  OblE1VTNWb1EwSllkMUJvWQogIHpBNFFTSjlmWDBzQ2lBZ0lDQWlRV1J0YVc1cGMz
  UnlZWFJ2Y2xOcFoyNWhkSFZ5WlNJNklIc0tJQ0FnSUNBCiAgZ0lsVmtaaUk2SUNKT
  lEweFpMVll5VFZBdFdWZEJWaTFETmtoRkxUTkZTa010VHpZMlRpMDJVekl6SWl3S0
  kKICBDQWdJQ0FnSWxCMVlteHBZMUJoY21GdFpYUmxjbk1pT2lCN0NpQWdJQ0FnSUN
  BZ0lsQjFZbXhwWTB0bGVVVgogIERSRWdpT2lCN0NpQWdJQ0FnSUNBZ0lDQWlZM0oy
  SWpvZ0lrVmtORFE0SWl3S0lDQWdJQ0FnSUNBZ0lDSlFkCiAgV0pzYVdNaU9pQWlaa
  1JTVldoMVNETTROR3cyU0hseVkxUkxZblJpV0cxa1kxRjJNREY2YWxaaWVUVllXVz
  AKICAxZGpCbU9TMXhVVFYyYkhJd2NRb2dJRUZxYWxGeE0wZ3pSbTlqTUVaTlVXSk9
  ZakJUZUcxblFTSjlmWDBzQwogIGlBZ0lDQWlRV05qYjNWdWRFRjFkR2hsYm5ScFky
  RjBhVzl1SWpvZ2V3b2dJQ0FnSUNBaVZXUm1Jam9nSWsxCiAgRFRWa3RORWcxTnkxU
  lJFMUhMVmt5VmxZdFJqSkpTUzFXUlVoT0xUUlRSbFVpTEFvZ0lDQWdJQ0FpVUhWaW
  IKICBHbGpVR0Z5WVcxbGRHVnljeUk2SUhzS0lDQWdJQ0FnSUNBaVVIVmliR2xqUzJ
  WNVJVTkVTQ0k2SUhzS0lDQQogIGdJQ0FnSUNBZ0lDSmpjbllpT2lBaVdEUTBPQ0lz
  Q2lBZ0lDQWdJQ0FnSUNBaVVIVmliR2xqSWpvZ0luUnZiCiAgR05mV0haTVNEVjZPR
  3BaTVRGUmNqQnFTM1JmVHpaRmRYQmpaa2RtTTBsWWJWTldXa1ZGVlhodFVGUnBjME
  YKICBIV1Y4S0lDQk5ibWhUYmtVd2VHWnlVRVZFUjBGNmIxZFNVa2N3T0VFaWZYMTl
  MQW9nSUNBZ0lrRmpZMjkxYgogIG5SVGFXZHVZWFIxY21VaU9pQjdDaUFnSUNBZ0lD
  SlZaR1lpT2lBaVRVUkJNaTFXU2s5UkxVaEtRa0V0Umt0CiAgUFFTMHpTbEJTTFZKW
  lNsTXRWMVEyUWlJc0NpQWdJQ0FnSUNKUWRXSnNhV05RWVhKaGJXVjBaWEp6SWpvZ2
  UKICB3b2dJQ0FnSUNBZ0lDSlFkV0pzYVdOTFpYbEZRMFJJSWpvZ2V3b2dJQ0FnSUN
  BZ0lDQWdJbU55ZGlJNklDSgogIEZaRFEwT0NJc0NpQWdJQ0FnSUNBZ0lDQWlVSFZp
  Ykdsaklqb2dJbmg0V1hSbVNUWlBWblV0ZW1WUGFFVnhlCiAgRGsxU0hkUFoxUlVUM
  WxuY0V0b1JsQnBaM2RLV1ZKcWFXaFRiemMwUnpOaVFWQUtJQ0I2VTJSMFdIUk5aRX
  QKICBZVUhwSWRUbFhORlkxWDNaNU5rRWlmWDE5ZlgwIiwKICAgICAgICAgIHsKICA
  gICAgICAgICAgInNpZ25hdHVyZXMiOiBbewogICAgICAgICAgICAgICAgImFsZyI6
  ICJTNTEyIiwKICAgICAgICAgICAgICAgICJraWQiOiAiTUJEWi1RUEpOLVM1Q1ItT
  FVGTy1WUE9RLTVaSzItRU5FNiIsCiAgICAgICAgICAgICAgICAic2lnbmF0dXJlIj
  ogIk5hNG1Id3Q4Wi1lNkRqUWdLN2NBSWFpR2Jldlk1cjU1T1QtMjBZM2V3OHY2anh
  IN0kKICAzWmptclpBU1NlQXNKcm5pRHdJaWQycEhNU0FBRGp3YmtlVVAtTTMzNjJY
  VGF0WElxTGFUYmp6WTI3aWpHUAogIEtZQXFjTGlBalpNcUlmVW5Yb3phSUI4V1hyR
  lh5UVFqZGJFcFh0d2tBIn1dLAogICAgICAgICAgICAiUGF5bG9hZERpZ2VzdCI6IC
  JPVHJJbWtBbjJ0ajVDMXJyNHBQTEtTUWhvSWJXUWt0eTg5UlNuTS1qQ1M2aUUKICA
  tS1dKRmN1ZThSRUZhMlo4bGxxbEdjVWUyUXNIR3dIcTNPMnFYeFB0ZyJ9XSwKICAg
  ICAgICAiUHJvdG9jb2xzIjogW3sKICAgICAgICAgICAgIlByb3RvY29sIjogIm1tb
  SJ9XX1dfX0",
      {
        "signatures":[{
            "alg":"S512",
            "kid":"MDA2-VJOQ-HJBA-FKOA-3JPR-RYJS-WT6B",
            "signature":"W-v3lDGsU3UTItk_uqMIHvmjU8D6Fdy8aW3z1UmC
  ZsaRlA1tN9mqcnRo8CZZoxeGbGidmpth4pqAtUkgzjR6ZLIYsXuvslTQ3obwLXSKJ
  -3S85kOuc-WNsFOYNS0HMRTNk0mXjpO2Qowxckrh0jd0ScA"}
          ],
        "PayloadDigest":"f-lu2tT6O_b1V2ULswnlqRUbZZ_eBWuq72vdf7vd
  -ls389x5cjirQZ6I5Y4GStnQke3IMwmnpNAkp8O7fATksA"}
      ],
    "Reply":true,
    "Subject":"alice@example.com",
    "PIN":"ADN6-CJ3X-KEFJ-BMMU-TKN3-J3JS-73ZA"}}

The Mesh Contact Exchange transaction does not provide for validation of the contact information beyond the binding to the Mesh Account Address used to perform the exchange.

7.3.2. PIN

Contact exchange requests MAY be authenticated by a PIN code. Initial contact exchange requests SHOULD include a PIN code value that can be used to authenticate a response (if given). PIN codes MAY also be exchanged out of band.

A MessageContact authenticated by means of a PIN code is authenticated as described in the PIN Interaction section above.

7.3.3. EARL

A MessageContact message MAY be published as an EARL. This allows contact data to be presented to the recipient on a printed document such as a business card in machine readable format such as a QR code.

7.4. Group Invitation

The GroupInvitation interaction is used to invite a recipient to join a Mesh Group. The interaction is essentially a form of contact exchange except that a sender SHOULD NOT send group invitations unless there is an existing relationship. Thus the 'first trust' issues intrinsic to the contact exchange interaction do not apply.

The message specifies the group name and the contact entry for the group. The contact entry includes the CapabilityDecryptServiced used to decrypt messages sent to the group when combined with information provided by the threshold service for the group.

Receipt of a GroupInvitation message does not require a response.

{
  "GroupInvitation":{
    "MessageId":"NAAD-L4WJ-WCTM-3NOB-R56R-4O76-O3AO",
    "Sender":"alice@example.com",
    "Recipient":"bob@example.com",
    "Contact":{
      "ContactPerson":{
        "Anchors":[{
            "Udf":"MD5F-JZHZ-NAEI-LTUH-RDNE-YH5R-W7FI",
            "Validation":"Self"}
          ],
        "NetworkAddresses":[{
            "Address":"groupw@example.com",
            "EnvelopedProfileAccount":[{
                "EnvelopeId":"MD5F-JZHZ-NAEI-LTUH-RDNE-YH5R-W7FI",
                "dig":"S512",
                "ContentMetaData":"ewogICJVbmlxdWVJZCI6ICJNRDVGLU
  paSFotTkFFSS1MVFVILVJETkUtWUg1Ui1XN0ZJIiwKICAiTWVzc2FnZVR5cGUiOiA
  iUHJvZmlsZUdyb3VwIiwKICAiY3R5IjogImFwcGxpY2F0aW9uL21tbS9vYmplY3Qi
  LAogICJDcmVhdGVkIjogIjIwMjEtMDktMjBUMTg6MTY6MTZaIn0"},
              "ewogICJQcm9maWxlR3JvdXAiOiB7CiAgICAiUHJvZmlsZVNpZ2
  5hdHVyZSI6IHsKICAgICAgIlVkZiI6ICJNRDVGLUpaSFotTkFFSS1MVFVILVJETkU
  tWUg1Ui1XN0ZJIiwKICAgICAgIlB1YmxpY1BhcmFtZXRlcnMiOiB7CiAgICAgICAg
  IlB1YmxpY0tleUVDREgiOiB7CiAgICAgICAgICAiY3J2IjogIkVkNDQ4IiwKICAgI
  CAgICAgICJQdWJsaWMiOiAiTGxqOUhyZmhwTXZLRGhWc0V4M0I3Zmg2U3pmMnUwRS
  1sZDQ2YVNEeGxmZFl6MFBnQ0k3WAogIGQ3NFV1cmFzMDdieEE1SFl5UElQUnlJQSJ
  9fX0sCiAgICAiQWNjb3VudEFkZHJlc3MiOiAiZ3JvdXB3QGV4YW1wbGUuY29tIiwK
  ICAgICJBY2NvdW50RW5jcnlwdGlvbiI6IHsKICAgICAgIlVkZiI6ICJNQ05ILVpaQ
  zMtSlVNNC1CRU1ULUVJSE0tQVZUVy1QRURSIiwKICAgICAgIlB1YmxpY1BhcmFtZX
  RlcnMiOiB7CiAgICAgICAgIlB1YmxpY0tleUVDREgiOiB7CiAgICAgICAgICAiY3J
  2IjogIlg0NDgiLAogICAgICAgICAgIlB1YmxpYyI6ICJMU3BQUmI1ZVV2OE82NmFD
  MW5iQnFERG5ZeTIxY0tFZ25OUEFmOXUteE1RUUl1SEJ6ck9TCiAgYUY2QXdaRVZ6a
  2w0R3NlMWpoYlVheXdBIn19fSwKICAgICJBZG1pbmlzdHJhdG9yU2lnbmF0dXJlIj
  ogewogICAgICAiVWRmIjogIk1DWlQtRVRTRi1QREdXLUxBVEwtRjczQi1PU1NRLUZ
  TNEIiLAogICAgICAiUHVibGljUGFyYW1ldGVycyI6IHsKICAgICAgICAiUHVibGlj
  S2V5RUNESCI6IHsKICAgICAgICAgICJjcnYiOiAiRWQ0NDgiLAogICAgICAgICAgI
  lB1YmxpYyI6ICJCN2trX2ZxNVhQcVZJYURIYl85Vmd1VWRIWXFSckFDaWtxMllXS3
  hzOTh3M2NoRnBTLVM4CiAgOGx4OThsQ29VSFF3X3hKVGdZWG1jTFlBIn19fX19",
              {
                "signatures":[{
                    "alg":"S512",
                    "kid":"MD5F-JZHZ-NAEI-LTUH-RDNE-YH5R-W7FI",
                    "signature":"tfrE8RJDJ2v7d8OTOwsc8NGmsPKPVk2l
  nqLRDr5a9J0na4NN-edwYkgKb3OfBPRo-zHz_WrBsIKAav3yx28G-_Y2hJz02dUTW
  ySnhKAco2LMYuL3sJeRiN0ob-iytd8AArp-p2DM2iSpP5VbdQoktQgA"}
                  ],
                "PayloadDigest":"wNDBikTV6DpDsFLzjTMEap2HDzbdb4mp
  aq70CCrQGkCe2FnMJN5yY_bv6U1zAAU1XKnnJuZKdgkC6tyiAxCcdg"}
              ],
            "Protocols":[{
                "Protocol":"mmm"}
              ],
            "Capabilities":[{
                "CapabilityDecryptPartial":{
                  "Id":"MCNH-ZZC3-JUM4-BEMT-EIHM-AVTW-PEDR",
                  "EnvelopedKeyShare":[{
                      "enc":"A256CBC",
                      "kid":"EBQG-6BCL-F7KX-JZUA-4VSE-D6UJ-Y3HL",
                      "Salt":"VWhAekk002Mkb6XZnUuUAQ",
                      "recipients":[{
                          "kid":"MCKI-SCOD-D47B-GELC-OA4G-WG7N-UEJV",
                          "epk":{
                            "PublicKeyECDH":{
                              "crv":"X448",
                              "Public":"W6N-91FWVxf5OzSjoasu68NGz
  kNUN6L5ajUTZQUGr6idoHdljYR4VoeakJ_3tbNekCd8gOvSaNqA"}},
                          "wmk":"b9t5G_QyPhP2HG9DhEAh6rXR_KKJrENV
  qRoELseDh7FY-px4FzZfCQ"}
                        ],
                      "ContentMetaData":"ewogICJNZXNzYWdlVHlwZSI6
  ICJLZXlEYXRhIiwKICAiY3R5IjogImFwcGxpY2F0aW9uL21tbS9vYmplY3QiLAogI
  CJDcmVhdGVkIjogIjIwMjEtMDktMjBUMTg6MTY6MTdaIn0"},
                    "TEiOU1Tb3ofuVFTj1VgkKg3nC_LLdB38JN70_GbYkBnH
  ZsL4FFCmwMCrh7UCw88RJk7dyxcKpCW_SN9MENzUFjM1zJpSvwgYu5Udiy-gFYi7B
  chUlBwwf9yX_4UjlNM5-BezyxD8cM3oYTHlEAGfXg8loYAZ4D7DV562jAgQbJ_Pc-
  TVAO91YnLhk86AMaCyDKg0F76rF6ExiZeUY9MgTXlKryvNF6oPRIzXPe09SkyaXu5
  9KzSo4vML3ZDtpAKdbuqTGQaQ-f0l-ZSFDqIu1tOXSRU5AQR13ePU3VTbowXY9c8r
  mLQFk3Z0m27LB2knJ5973hirNFGoaj1zxT4RC4bStyp8wmtGtWsle5OvTPzF-GW7W
  ye0f3F5NAWPjYzX3KSiO6HfWjSqQp7uy0xBngJU5oj1CENcpFtnZ5tiZPtIF2-uSy
  Brxa04Y7SgLjliGyiTqZEiR60EC8_S6PQjvb4GLrOLaVGRxo8IpcbMlOD6d1EEREU
  cEg8bezF80zL3RIoCsDvpwEuDa9wWMZvdupbmPOIpbT0GLtdsDlIZK_78X9Gjr_eh
  Fsiq-8qRdeUySue8SIbm8HSCs9YTMACAabwqu0PtalQxc7603IYEzxWeTCvnIwZtC
  LoFeE27Pt70zTARey6ql6HNJLeP4-P3BSCRSLnC5e31oCiMbAMCQRCcXhF2YGpF1r
  OK9nw4cNxi_qnYBCdd0_7R7m0IdDPadg"
                    ]}}
              ]}
          ]}}}}

7.5. Confirmation Interaction

The confirmation interaction consists of a RequestConfirmation message from the initiator followed by a ResponseConfirmation from the responder.

The RequestConfirmation message specifies the action that is requested.

The ResponseConfirmation message contains the enveloped RequestConfirmation message signed by the initiator and the disposition of the responder, Accept = true if the request is accepted and Accept = false otherwise.

The service sends out the following request:

{
  "RequestConfirmation":{
    "MessageId":"NAFH-QPYP-5OAV-WXPX-RCKO-KIKS-RYJG",
    "Sender":"console@example.com",
    "Recipient":"alice@example.com",
    "Text":"start"}}

Alice accepts the request and returns the following response:

{
  "ResponseConfirmation":{
    "MessageId":"MBQO-USUV-X27A-CFLD-RXKE-LZMD-GT7T",
    "Sender":"alice@example.com",
    "Recipient":"console@example.com",
    "Request":[{
        "EnvelopeId":"MACN-R7IW-JPYU-XLMI-6KPN-5I3W-3WB4",
        "ContentMetaData":"ewogICJVbmlxdWVJZCI6ICJOQUZILVFQWVAtNU
  9BVi1XWFBYLVJDS08tS0lLUy1SWUpHIiwKICAiTWVzc2FnZVR5cGUiOiAiUmVxdWV
  zdENvbmZpcm1hdGlvbiIsCiAgImN0eSI6ICJhcHBsaWNhdGlvbi9tbW0vb2JqZWN0
  IiwKICAiQ3JlYXRlZCI6ICIyMDIxLTA5LTIwVDE4OjE2OjE0WiJ9",
        "SequenceInfo":{
          "Index":4,
          "TreePosition":6201},
        "Received":"2021-09-20T18:16:15Z"},
      "ewogICJSZXF1ZXN0Q29uZmlybWF0aW9uIjogewogICAgIk1lc3NhZ2VJZC
  I6ICJOQUZILVFQWVAtNU9BVi1XWFBYLVJDS08tS0lLUy1SWUpHIiwKICAgICJTZW5
  kZXIiOiAiY29uc29sZUBleGFtcGxlLmNvbSIsCiAgICAiUmVjaXBpZW50IjogImFs
  aWNlQGV4YW1wbGUuY29tIiwKICAgICJUZXh0IjogInN0YXJ0In19",
      {}
      ],
    "Accept":true}}

8. Device Connection Interactions

Connection of a device to a Mesh Account combines synchronous and asynchronous elements and therefore uses a combination of Mesh Service Protocol and Mesh Messaging interactions.

Four connection interactions are currently defined support connection of devices with different affordances:

Witness Authenticated

For connecting devices that provide data entry and display affordances and are connected to a network. The account the device is to be connected to is entered into the device which displays a witness code. This code is then compared with a code displayed on the administration device to authenticate the request, after which both devices can complete the interaction.

PIN Authenticated

A variation of the Witness Authenticated interaction in which the connection process is initiated by creating a PIN value which is communicated to the device by some out of band means and used to authenticate the connection request.

Dynamic QR Code (PIN) Authenticated

For connecting devices that provide a camera affordance. The user sets the administration device into 'add device' mode, causing a QR code to be displayed. The QR code is scanned by the device being connected after which both devices can complete the interaction. Implementation of this mechanism is identical to the PIN authenticated scheme except that the PIN code is presented to the connecting device by means of a QR code.

Preconfigured (Static QR Code Authenticated)

For connecting devices that have been preconfigured with a device profile identified by means of a QR Code containing an EARL. The QR code is scanned by the administration device after which both devices can complete the interaction.

Each of these interactions provide strong mutual authentication with minimal user effort.

The witness authenticated connection interaction is intended for use in cases in which the device is already connected to a network. The QR code interactions are intended to provide support for acquisition of networking capabilities as part of the connection process. These functions are not currently specified. The Static QR Code Authenticated interaction is intended to support Internet of Things (IoT) devices which provide minimal interaction affordances.

In each case, the objectives of the device connection interaction are the same:

  • Mutually authenticate the onboarding device and the Mesh such that the connection interaction only completes if both sides acquire the authentic profile of the other.
  • To provision the onboarding device with the Mesh ProfileAccount, and an ActivationDevice and ConnectionDevice record allowing the device to interact as a member of the Mesh with the set of rights specified by the user.
  • To create a CataloguedDevice record and append it to the Device catalog of the account to allow the device to be managed within that account.
  • (optional) to acquire networking capabilities to allow the above to be completed.

The connection of the device to the Mesh Account is achieved through the creation of the ActivationDevice, ConnectionDevice and CataloguedDevice records described in [draft-hallambaker-mesh-schema]. These are created by the administration device in the third phase of each of the connection interactions described below and acquired by the onboarding device in the fourth phase.

8.1. Witness/PIN Authenticated

The witness authenticated, PIN authenticated, and Dynamic QR code interactions all follow a common interaction pattern.

The Dynamic QR Code (PIN) Authenticated interaction comprises four phases as follows:

Phase 1: Issue of PIN credential (PIN and Dynamic QR code only)

A PIN code is created and registered with the PIN Registration interaction described earlier and transmitted to the user by an out of band communication. In the case of the Dynamic QR code interaction, this is a QR code that is scanned by the connecting device.

Phase 2: Onboarding Device Request to Service

The onboarding device creates a RequestConnect message. In the PIN authenticated and Dynamic QR Code interactions, the RequestConnect is authenticated by the Device Authentication key and the PIN issued earlier. In the Witness Authenticated interaction, it is authenticated by the Device Authentication key alone.

The onboarding device presents the RequestConnect message to the service by means of a Connect operation to the service servicing the account. This results in the exchange of the account and device profiles and the computation of a witness value from the two profile fingerprints and two nonce values specified by the onboarding device and the service. An AcknowledgeConnection message is posted to the Inbound spool of the account and returned to the connecting device.

Phase 3: Administration Device Acceptance

The account holder authenticates RequestConnect message and uses an administrative device to accept or reject the connection request.

If the RequestConnect message has been authenticated by a PIN code, the connection request can be accepted automatically without additional user interaction.

Phase 4: Onboarding Device Completion

The onboarding device periodically polls the service for acceptance of the request by the administration device using the Complete transaction.

The use of the PIN code to authenticate the request message is shown in $$$$.

The PIN code MAY be presented to the onboarding device in any format accepted by the device. Administration MAY support presentation of the account address PIN code as a URI code. Administration devices SHOULD support presentation of the account address PIN code as a QR code containing the corresponding URI.

8.1.1. Phase 1:

Alice> account pin /threshold
PIN=ABYY-TYLH-XENK-57RH-6PMF-MAE2-JU
 (Expires=2021-09-21T18:16:18Z)

The registration of this PIN value was shown earlier in section $$$

The URI containing the account address and PIN is:

mcu://alice@example.com/ABYY-TYLH-XENK-57RH-6PMF-MAE2-JU

8.1.2. Phase 2:

The onboarding device scans the QR code to obtain the account address and PIN code. The PIN code is used to authenticate a connection request:

Alice3> device request alice@example.com /pin ^
    ABYY-TYLH-XENK-57RH-6PMF-MAE2-JU
   Device UDF = MBJ4-CDEK-6JA2-WGKY-4C2Z-VSYP-KOFM
   Witness value = CC5N-J27O-DR3W-WTQI-R3JB-NJZP-745V

The device generates a RequestConnect message as follows:

{
  "RequestConnection":{
    "MessageId":"NDYR-FST2-D4V7-7C3Q-QF5R-74TX-NNPC",
    "AuthenticatedData":[{
        "EnvelopeId":"MBJ4-CDEK-6JA2-WGKY-4C2Z-VSYP-KOFM",
        "dig":"S512",
        "ContentMetaData":"ewogICJVbmlxdWVJZCI6ICJNQko0LUNERUstNk
  pBMi1XR0tZLTRDMlotVlNZUC1LT0ZNIiwKICAiTWVzc2FnZVR5cGUiOiAiUHJvZml
  sZURldmljZSIsCiAgImN0eSI6ICJhcHBsaWNhdGlvbi9tbW0vb2JqZWN0IiwKICAi
  Q3JlYXRlZCI6ICIyMDIxLTA5LTIwVDE4OjE2OjE4WiJ9"},
      "ewogICJQcm9maWxlRGV2aWNlIjogewogICAgIlByb2ZpbGVTaWduYXR1cm
  UiOiB7CiAgICAgICJVZGYiOiAiTUJKNC1DREVLLTZKQTItV0dLWS00QzJaLVZTWVA
  tS09GTSIsCiAgICAgICJQdWJsaWNQYXJhbWV0ZXJzIjogewogICAgICAgICJQdWJs
  aWNLZXlFQ0RIIjogewogICAgICAgICAgImNydiI6ICJFZDQ0OCIsCiAgICAgICAgI
  CAiUHVibGljIjogImdLTzlPWUVSSFJYYWxqM0JBWUpWTUd0aVhTVkt2Qy14ZEgxTj
  B4NGhjWWVjZ3ZGeFdEaG8KICBJdVFzUkRtNC1RMGtKV1FGbGFVZXp6RUEifX19LAo
  gICAgIkVuY3J5cHRpb24iOiB7CiAgICAgICJVZGYiOiAiTURaVS1MVkVRLUZXVkMt
  WlRaUS01WlZNLUhERlctQ01DUiIsCiAgICAgICJQdWJsaWNQYXJhbWV0ZXJzIjoge
  wogICAgICAgICJQdWJsaWNLZXlFQ0RIIjogewogICAgICAgICAgImNydiI6ICJYND
  Q4IiwKICAgICAgICAgICJQdWJsaWMiOiAieUZIaXpKTlplZ2M1d2JUeUlOeXd0LTV
  MQWd5WTZFRkVWLTRSaG9FMVU0ZXRpYUZ1eTFYaAogIDFNZ2l6a080b1h0NmVMVFpk
  Rjdqa2NtQSJ9fX0sCiAgICAiU2lnbmF0dXJlIjogewogICAgICAiVWRmIjogIk1CU
  jMtQ1dRVy1ZWTdTLTQzUUUtTVkySi1JMkI1LUpKWU4iLAogICAgICAiUHVibGljUG
  FyYW1ldGVycyI6IHsKICAgICAgICAiUHVibGljS2V5RUNESCI6IHsKICAgICAgICA
  gICJjcnYiOiAiRWQ0NDgiLAogICAgICAgICAgIlB1YmxpYyI6ICJZWDlWWFI5cm1l
  aVVELXprdkgxcFpWaEt5My1PX1E2Y2dMVF82UmZPZG1qWE9rX0o4UEUzCiAgcm0tV
  DdXVFZfOVd3RFM5VENQY2tXOWdBIn19fSwKICAgICJBdXRoZW50aWNhdGlvbiI6IH
  sKICAgICAgIlVkZiI6ICJNQVdULVdXRFEtTFlaQi1CVUVXLUZBVzItUk9PRi1YUTJ
  IIiwKICAgICAgIlB1YmxpY1BhcmFtZXRlcnMiOiB7CiAgICAgICAgIlB1YmxpY0tl
  eUVDREgiOiB7CiAgICAgICAgICAiY3J2IjogIlg0NDgiLAogICAgICAgICAgIlB1Y
  mxpYyI6ICJWcW0zalhvZXpLenBqXzdHOGd3Y3ZhekNoT2EyMm85emZGNlE4SzlRS2
  M1cEJyeWw2UnItCiAgUW5McmFLaFV1clFRVThiUktQVHBCRGNBIn19fX19",
      {
        "signatures":[{
            "alg":"S512",
            "kid":"MBJ4-CDEK-6JA2-WGKY-4C2Z-VSYP-KOFM",
            "signature":"IIZgcx_hd3h4onMB6yOe7FZyU6k_8SqUsePyCgeM
  DB3w-yAt_f_YRnHcgipESTP1669Ci2mlPh-A_YQoPoDJ1sDz_eROHrxfAX-TTBBlM
  Omizu1UMoUnB1fEr1J75CNxwf9smIMcCxT7O4X1MQoOewsA"}
          ],
        "PayloadDigest":"EeGC-UU1fMXyppG62CiPC7pBNaDw257ubufE3izw
  mBm_8lrMfG_VWnfqMybF8Q3m6V0fWQxQfRWIc-9XpG4-sg"}
      ],
    "ClientNonce":"ZRD9o9z8_Axq6WHESqQ1aQ",
    "PinId":"AAAR-P66O-KGTI-QY6C-CXIW-OMCV-WQZI",
    "PinWitness":"dbD8_k5J6NhZxru6ltO-Y52bm-zPr80EbEbmcwMl6sFpOBx
  VFRVJi6AcI0gU3Wj3mdgAltf9ePxBRyYymjmtWQ",
    "AccountAddress":"alice@example.com"}}

The service receives the conenct request and authenticates the message under the device key. The service cannot authenticate the message under the PIN code because that is not know to the service as the service cannot decrypt the local spool.

Having authenticated the connect request, the service generates a random nonce value. The random nonce together with the device and account profiles are used to calculate the witness value.

The AcknowledgeConnection message is created by the service:

{
  "AcknowledgeConnection":{
    "MessageId":"CC5N-J27O-DR3W-WTQI-R3JB-NJZP-745V",
    "EnvelopedRequestConnection":[{
        "EnvelopeId":"MBX4-HVCH-S6LU-BEWP-KAM5-7OYF-F4YG",
        "ContentMetaData":"ewogICJVbmlxdWVJZCI6ICJORFlSLUZTVDItRD
  RWNy03QzNRLVFGNVItNzRUWC1OTlBDIiwKICAiTWVzc2FnZVR5cGUiOiAiUmVxdWV
  zdENvbm5lY3Rpb24iLAogICJjdHkiOiAiYXBwbGljYXRpb24vbW1tL29iamVjdCIs
  CiAgIkNyZWF0ZWQiOiAiMjAyMS0wOS0yMFQxODoxNjoxOFoifQ"},
      "ewogICJSZXF1ZXN0Q29ubmVjdGlvbiI6IHsKICAgICJNZXNzYWdlSWQiOi
  AiTkRZUi1GU1QyLUQ0VjctN0MzUS1RRjVSLTc0VFgtTk5QQyIsCiAgICAiQXV0aGV
  udGljYXRlZERhdGEiOiBbewogICAgICAgICJFbnZlbG9wZUlkIjogIk1CSjQtQ0RF
  Sy02SkEyLVdHS1ktNEMyWi1WU1lQLUtPRk0iLAogICAgICAgICJkaWciOiAiUzUxM
  iIsCiAgICAgICAgIkNvbnRlbnRNZXRhRGF0YSI6ICJld29nSUNKVmJtbHhkV1ZKWk
  NJNklDSk5Ra28wTFVORVJVc3ROa3BCTWkxCiAgWFIwdFpMVFJETWxvdFZsTlpVQzF
  MVDBaTklpd0tJQ0FpVFdWemMyRm5aVlI1Y0dVaU9pQWlVSEp2Wm1sc1oKICBVUmxk
  bWxqWlNJc0NpQWdJbU4wZVNJNklDSmhjSEJzYVdOaGRHbHZiaTl0YlcwdmIySnFaV
  04wSWl3S0lDQQogIGlRM0psWVhSbFpDSTZJQ0l5TURJeExUQTVMVEl3VkRFNE9qRT
  JPakU0V2lKOSJ9LAogICAgICAiZXdvZ0lDSlFjbTltYVd4bFJHVjJhV05sSWpvZ2V
  3b2dJQ0FnSWxCeWIyWgogIHBiR1ZUYVdkdVlYUjFjbVVpT2lCN0NpQWdJQ0FnSUNK
  VlpHWWlPaUFpVFVKS05DMURSRVZMTFRaS1FUSXRWCiAgMGRMV1MwMFF6SmFMVlpUV
  1ZBdFMwOUdUU0lzQ2lBZ0lDQWdJQ0pRZFdKc2FXTlFZWEpoYldWMFpYSnpJam8KIC
  BnZXdvZ0lDQWdJQ0FnSUNKUWRXSnNhV05MWlhsRlEwUklJam9nZXdvZ0lDQWdJQ0F
  nSUNBZ0ltTnlkaUk2SQogIENKRlpEUTBPQ0lzQ2lBZ0lDQWdJQ0FnSUNBaVVIVmli
  R2xqSWpvZ0ltZExUemxQV1VWU1NGSllZV3hxTTBKCiAgQldVcFdUVWQwYVZoVFZrd
  DJReTE0WkVneFRqQjROR2hqV1dWalozWkdlRmRFYUc4S0lDQkpkVkZ6VWtSdE4KIC
  BDMVJNR3RLVjFGR2JHRlZaWHA2UlVFaWZYMTlMQW9nSUNBZ0lrVnVZM0o1Y0hScGI
  yNGlPaUI3Q2lBZ0lDQQogIGdJQ0pWWkdZaU9pQWlUVVJhVlMxTVZrVlJMVVpYVmtN
  dFdsUmFVUzAxV2xaTkxVaEVSbGN0UTAxRFVpSXNDCiAgaUFnSUNBZ0lDSlFkV0pzY
  VdOUVlYSmhiV1YwWlhKeklqb2dld29nSUNBZ0lDQWdJQ0pRZFdKc2FXTkxaWGwKIC
  BGUTBSSUlqb2dld29nSUNBZ0lDQWdJQ0FnSW1OeWRpSTZJQ0pZTkRRNElpd0tJQ0F
  nSUNBZ0lDQWdJQ0pRZAogIFdKc2FXTWlPaUFpZVVaSWFYcEtUbHBsWjJNMWQySlVl
  VWxPZVhkMExUVk1RV2Q1V1RaRlJrVldMVFJTYUc5CiAgRk1WVTBaWFJwWVVaMWVUR
  llhQW9nSURGTloybDZhMDgwYjFoME5tVk1WRnBrUmpkcWEyTnRRU0o5Zlgwc0MKIC
  BpQWdJQ0FpVTJsbmJtRjBkWEpsSWpvZ2V3b2dJQ0FnSUNBaVZXUm1Jam9nSWsxQ1V
  qTXRRMWRSVnkxWldUZAogIFRMVFF6VVVVdFRWa3lTaTFKTWtJMUxVcEtXVTRpTEFv
  Z0lDQWdJQ0FpVUhWaWJHbGpVR0Z5WVcxbGRHVnljCiAgeUk2SUhzS0lDQWdJQ0FnS
  UNBaVVIVmliR2xqUzJWNVJVTkVTQ0k2SUhzS0lDQWdJQ0FnSUNBZ0lDSmpjblkKIC
  BpT2lBaVJXUTBORGdpTEFvZ0lDQWdJQ0FnSUNBZ0lsQjFZbXhwWXlJNklDSlpXRGx
  XV0ZJNWNtMWxhVlZFTAogIFhwcmRrZ3hjRnBXYUV0NU15MVBYMUUyWTJkTVZGODJV
  bVpQWkcxcVdFOXJYMG80VUVVekNpQWdjbTB0VkRkCiAgWFZGWmZPVmQzUkZNNVZFT
  lFZMnRYT1dkQkluMTlmU3dLSUNBZ0lDSkJkWFJvWlc1MGFXTmhkR2x2YmlJNkkKIC
  BIc0tJQ0FnSUNBZ0lsVmtaaUk2SUNKTlFWZFVMVmRYUkZFdFRGbGFRaTFDVlVWWEx
  VWkJWekl0VWs5UFJpMQogIFlVVEpJSWl3S0lDQWdJQ0FnSWxCMVlteHBZMUJoY21G
  dFpYUmxjbk1pT2lCN0NpQWdJQ0FnSUNBZ0lsQjFZCiAgbXhwWTB0bGVVVkRSRWdpT
  2lCN0NpQWdJQ0FnSUNBZ0lDQWlZM0oySWpvZ0lsZzBORGdpTEFvZ0lDQWdJQ0EKIC
  BnSUNBZ0lsQjFZbXhwWXlJNklDSldjVzB6YWxodlpYcExlbkJxWHpkSE9HZDNZM1p
  oZWtOb1QyRXlNbTg1ZQogIG1aR05sRTRTemxSUzJNMWNFSnllV3cyVW5JdENpQWdV
  VzVNY21GTGFGVjFjbEZSVlRoaVVrdFFWSEJDUkdOCiAgQkluMTlmWDE5IiwKICAgI
  CAgewogICAgICAgICJzaWduYXR1cmVzIjogW3sKICAgICAgICAgICAgImFsZyI6IC
  JTNTEyIiwKICAgICAgICAgICAgImtpZCI6ICJNQko0LUNERUstNkpBMi1XR0tZLTR
  DMlotVlNZUC1LT0ZNIiwKICAgICAgICAgICAgInNpZ25hdHVyZSI6ICJJSVpnY3hf
  aGQzaDRvbk1CNnlPZTdGWnlVNmtfOFNxVXNlUHlDZ2VNREIzdy15QXRfCiAgZl9ZU
  m5IY2dpcEVTVFAxNjY5Q2kybWxQaC1BX1lRb1BvREoxc0R6X2VST0hyeGZBWC1UVE
  JCbE1PbWl6dTEKICBVTW9VbkIxZkVyMUo3NUNOeHdmOXNtSU1jQ3hUN080WDFNUW9
  PZXdzQSJ9XSwKICAgICAgICAiUGF5bG9hZERpZ2VzdCI6ICJFZUdDLVVVMWZNWHlw
  cEc2MkNpUEM3cEJOYUR3MjU3dWJ1ZkUzaXp3bUJtXzgKICBsck1mR19WV25mcU15Y
  kY4UTNtNlYwZldReFFmUldJYy05WHBHNC1zZyJ9XSwKICAgICJDbGllbnROb25jZS
  I6ICJaUkQ5bzl6OF9BeHE2V0hFU3FRMWFRIiwKICAgICJQaW5JZCI6ICJBQUFSLVA
  2Nk8tS0dUSS1RWTZDLUNYSVctT01DVi1XUVpJIiwKICAgICJQaW5XaXRuZXNzIjog
  ImRiRDhfazVKNk5oWnhydTZsdE8tWTUyYm0telByODBFYkVibWN3TWw2c0ZwT0J4V
  gogIEZSVkppNkFjSTBnVTNXajNtZGdBbHRmOWVQeEJSeVl5bWptdFdRIiwKICAgIC
  JBY2NvdW50QWRkcmVzcyI6ICJhbGljZUBleGFtcGxlLmNvbSJ9fQ"
      ],
    "ServerNonce":"04cY1MKWI4G8BGEUGQzldw",
    "Witness":"CC5N-J27O-DR3W-WTQI-R3JB-NJZP-745V"}}

The AcknowledgeConnection message is appended to the Inbound spool of the account to which connection was requested so that the user can approve the request. The ConnectResponse message is returned to the device containing the AcknowledgeConnection message and the profile of the account.

The device generates the witness value, verifies it against the value provided by the server and presents it to the user as seen in the console example above.

8.1.3. Phase 3:

The user synchronizes their pending messages:

Alice> message pending
MessageID: CC5N-J27O-DR3W-WTQI-R3JB-NJZP-745V
        Connection Request::
        MessageID: CC5N-J27O-DR3W-WTQI-R3JB-NJZP-745V
        To:  From:
        Device:  MBJ4-CDEK-6JA2-WGKY-4C2Z-VSYP-KOFM
        Witness: CC5N-J27O-DR3W-WTQI-R3JB-NJZP-745V
MessageID: NCJD-SJE7-VPY7-REZL-HCYI-2QWC-W2ZK
        Group invitation::
        MessageID: NCJD-SJE7-VPY7-REZL-HCYI-2QWC-W2ZK
        To: alice@example.com From: alice@example.com
MessageID: NAFH-QPYP-5OAV-WXPX-RCKO-KIKS-RYJG
        Confirmation Request::
        MessageID: NAFH-QPYP-5OAV-WXPX-RCKO-KIKS-RYJG
        To: alice@example.com From: console@example.com
        Text: start
MessageID: NDAP-F3KS-HNFO-7I3L-2ZHA-IGKR-3RGZ
        Contact Request::
        MessageID: NDAP-F3KS-HNFO-7I3L-2ZHA-IGKR-3RGZ
        To: alice@example.com From: bob@example.com
        PIN: ADN6-CJ3X-KEFJ-BMMU-TKN3-J3JS-73ZA
Alice> account sync /auto
ERROR - An attempt was made to create an object with an existing obje
ct identifier

The administration device determines that the device connection request is authenticated by a PIN code. The PIN code is retrieved and the message authenticated. This is shown in the PIN registration interation example in section $$$ above.

Bug: This command is currently showing superflous pending messages due to the failure to clear messages processed in earlier examples.

The Cataloged device record is created from the public key values corresponding to the combination of the public keys in the device profile and those defined by the activation:

[Updates to multiple spools here.]

>>> ActivationDevice Here

>>> CatalogedDevice Here

{
  "RespondConnection":{
    "MessageId":"MB3U-D5WR-CRBE-PM3W-BXKC-WJL7-7QMZ",
    "Result":"Accept",
    "CatalogedDevice":{
      "DeviceUdf":"MBJ4-CDEK-6JA2-WGKY-4C2Z-VSYP-KOFM",
      "EnvelopedProfileUser":[{
          "EnvelopeId":"MC6L-GFYJ-7EOP-2OWN-24ZJ-4RC7-EXTW",
          "dig":"S512",
          "ContentMetaData":"ewogICJVbmlxdWVJZCI6ICJNQzZMLUdGWUot
  N0VPUC0yT1dOLTI0WkotNFJDNy1FWFRXIiwKICAiTWVzc2FnZVR5cGUiOiAiUHJvZ
  mlsZVVzZXIiLAogICJjdHkiOiAiYXBwbGljYXRpb24vbW1tL29iamVjdCIsCiAgIk
  NyZWF0ZWQiOiAiMjAyMS0wOS0yMFQxODoxNToyMloifQ"},
        "ewogICJQcm9maWxlVXNlciI6IHsKICAgICJQcm9maWxlU2lnbmF0dXJl
  IjogewogICAgICAiVWRmIjogIk1DNkwtR0ZZSi03RU9QLTJPV04tMjRaSi00UkM3L
  UVYVFciLAogICAgICAiUHVibGljUGFyYW1ldGVycyI6IHsKICAgICAgICAiUHVibG
  ljS2V5RUNESCI6IHsKICAgICAgICAgICJjcnYiOiAiRWQ0NDgiLAogICAgICAgICA
  gIlB1YmxpYyI6ICJSTHNrbTRnVzZrQm5aS3dMMlBDQkF1aHJyaXVBU1g5X2lZUkt4
  UTUyRFN0V0dsT2wydWdFCiAgeVAzdTZBVEM1WW1JOFU5TXFyT1cxTW9BIn19fSwKI
  CAgICJBY2NvdW50QWRkcmVzcyI6ICJhbGljZUBleGFtcGxlLmNvbSIsCiAgICAiU2
  VydmljZVVkZiI6ICJNQ1ozLU0yUFMtU0ZYUC00TDZYLVJLR1AtTUtKQS1SNVdLIiw
  KICAgICJBY2NvdW50RW5jcnlwdGlvbiI6IHsKICAgICAgIlVkZiI6ICJNRFFZLUo3
  MkEtVlBBTy1XRE9ELUdZWTctNFpaNS1QTFZMIiwKICAgICAgIlB1YmxpY1BhcmFtZ
  XRlcnMiOiB7CiAgICAgICAgIlB1YmxpY0tleUVDREgiOiB7CiAgICAgICAgICAiY3
  J2IjogIlg0NDgiLAogICAgICAgICAgIlB1YmxpYyI6ICJJZTJtOTRzY21qN05yX1l
  xTTE1U3h0R2tmbkJMWWxUa25rSWVsVlhxYXJpSUF1el92QjJICiAgRHFNSElnM1ot
  UEtpWEZlcVVqTDRnTmtBIn19fSwKICAgICJBZG1pbmlzdHJhdG9yU2lnbmF0dXJlI
  jogewogICAgICAiVWRmIjogIk1EUFktQUI2Mi1STEwyLUZEWkYtR0hZQi1MUzJHLU
  hNWlgiLAogICAgICAiUHVibGljUGFyYW1ldGVycyI6IHsKICAgICAgICAiUHVibGl
  jS2V5RUNESCI6IHsKICAgICAgICAgICJjcnYiOiAiRWQ0NDgiLAogICAgICAgICAg
  IlB1YmxpYyI6ICIwZ3JnTFRFNDljWlF6SURkT2k1ZjRsSXgzT2xsZFBqOVA3dUNzc
  U0wWmdLWHJHNnVBWHAtCiAgUWg3ZUdxOE5WNkRQQjBib3YzX1BZSUlBIn19fSwKIC
  AgICJBY2NvdW50QXV0aGVudGljYXRpb24iOiB7CiAgICAgICJVZGYiOiAiTUNaQi1
  YTVdNLUtVVlAtUFpaSC1CV1RRLUY0QVYtT0dOUCIsCiAgICAgICJQdWJsaWNQYXJh
  bWV0ZXJzIjogewogICAgICAgICJQdWJsaWNLZXlFQ0RIIjogewogICAgICAgICAgI
  mNydiI6ICJYNDQ4IiwKICAgICAgICAgICJQdWJsaWMiOiAidzE0OURtZ2RlOXNwaG
  JIaWdIVkQ1czFiZlppa2l4ZzNUTEtBRzNWZ2pKZTRETUFWRVJCcwogIE1JbTBBY19
  nRVZvS29yb1gxdEdFRkowQSJ9fX0sCiAgICAiQWNjb3VudFNpZ25hdHVyZSI6IHsK
  ICAgICAgIlVkZiI6ICJNQ1VNLVNRMzUtWkpVUS1UTVRLLUhCNFgtNTdRUS1ZSzJaI
  iwKICAgICAgIlB1YmxpY1BhcmFtZXRlcnMiOiB7CiAgICAgICAgIlB1YmxpY0tleU
  VDREgiOiB7CiAgICAgICAgICAiY3J2IjogIkVkNDQ4IiwKICAgICAgICAgICJQdWJ
  saWMiOiAibUR5cDZtTGlSYXRPWGlCdHg5YlZabTJiaHBQaXFtVEJMdG1WeHpwOWRC
  TWlVWl9YOElkdAogIHY1MUJvcFcycWF5blJ1LWxFNU1WYW5LQSJ9fX19fQ",
        {
          "signatures":[{
              "alg":"S512",
              "kid":"MC6L-GFYJ-7EOP-2OWN-24ZJ-4RC7-EXTW",
              "signature":"aeCuTY0X-J9_L6HGafZKbg5ZueP6PjoydfQDXB
  28B0CpGfqhPjTc6bjLF-vZWzSV4wZ9wotFvXyAR_QRXW7EtpbRz4s2j-bdzGR6z0j
  zJGnFWaxUYfAzCoFUHfhUDzJTthMNkQiJ-sUyRyriqaF0HjUA"}
            ],
          "PayloadDigest":"ZPrAcmAuks4uOaLyaHIyrISbFbCuNwXI3h7IVD
  B4hzyitFAsVEg8G5QukhJexWuntd_8f4VwQaAmZnjT3lPEhw"}
        ],
      "EnvelopedProfileDevice":[{
          "EnvelopeId":"MBJ4-CDEK-6JA2-WGKY-4C2Z-VSYP-KOFM",
          "dig":"S512",
          "ContentMetaData":"ewogICJVbmlxdWVJZCI6ICJNQko0LUNERUst
  NkpBMi1XR0tZLTRDMlotVlNZUC1LT0ZNIiwKICAiTWVzc2FnZVR5cGUiOiAiUHJvZ
  mlsZURldmljZSIsCiAgImN0eSI6ICJhcHBsaWNhdGlvbi9tbW0vb2JqZWN0IiwKIC
  AiQ3JlYXRlZCI6ICIyMDIxLTA5LTIwVDE4OjE2OjE4WiJ9"},
        "ewogICJQcm9maWxlRGV2aWNlIjogewogICAgIlByb2ZpbGVTaWduYXR1
  cmUiOiB7CiAgICAgICJVZGYiOiAiTUJKNC1DREVLLTZKQTItV0dLWS00QzJaLVZTW
  VAtS09GTSIsCiAgICAgICJQdWJsaWNQYXJhbWV0ZXJzIjogewogICAgICAgICJQdW
  JsaWNLZXlFQ0RIIjogewogICAgICAgICAgImNydiI6ICJFZDQ0OCIsCiAgICAgICA
  gICAiUHVibGljIjogImdLTzlPWUVSSFJYYWxqM0JBWUpWTUd0aVhTVkt2Qy14ZEgx
  TjB4NGhjWWVjZ3ZGeFdEaG8KICBJdVFzUkRtNC1RMGtKV1FGbGFVZXp6RUEifX19L
  AogICAgIkVuY3J5cHRpb24iOiB7CiAgICAgICJVZGYiOiAiTURaVS1MVkVRLUZXVk
  MtWlRaUS01WlZNLUhERlctQ01DUiIsCiAgICAgICJQdWJsaWNQYXJhbWV0ZXJzIjo
  gewogICAgICAgICJQdWJsaWNLZXlFQ0RIIjogewogICAgICAgICAgImNydiI6ICJY
  NDQ4IiwKICAgICAgICAgICJQdWJsaWMiOiAieUZIaXpKTlplZ2M1d2JUeUlOeXd0L
  TVMQWd5WTZFRkVWLTRSaG9FMVU0ZXRpYUZ1eTFYaAogIDFNZ2l6a080b1h0NmVMVF
  pkRjdqa2NtQSJ9fX0sCiAgICAiU2lnbmF0dXJlIjogewogICAgICAiVWRmIjogIk1
  CUjMtQ1dRVy1ZWTdTLTQzUUUtTVkySi1JMkI1LUpKWU4iLAogICAgICAiUHVibGlj
  UGFyYW1ldGVycyI6IHsKICAgICAgICAiUHVibGljS2V5RUNESCI6IHsKICAgICAgI
  CAgICJjcnYiOiAiRWQ0NDgiLAogICAgICAgICAgIlB1YmxpYyI6ICJZWDlWWFI5cm
  1laVVELXprdkgxcFpWaEt5My1PX1E2Y2dMVF82UmZPZG1qWE9rX0o4UEUzCiAgcm0
  tVDdXVFZfOVd3RFM5VENQY2tXOWdBIn19fSwKICAgICJBdXRoZW50aWNhdGlvbiI6
  IHsKICAgICAgIlVkZiI6ICJNQVdULVdXRFEtTFlaQi1CVUVXLUZBVzItUk9PRi1YU
  TJIIiwKICAgICAgIlB1YmxpY1BhcmFtZXRlcnMiOiB7CiAgICAgICAgIlB1YmxpY0
  tleUVDREgiOiB7CiAgICAgICAgICAiY3J2IjogIlg0NDgiLAogICAgICAgICAgIlB
  1YmxpYyI6ICJWcW0zalhvZXpLenBqXzdHOGd3Y3ZhekNoT2EyMm85emZGNlE4SzlR
  S2M1cEJyeWw2UnItCiAgUW5McmFLaFV1clFRVThiUktQVHBCRGNBIn19fX19",
        {
          "signatures":[{
              "alg":"S512",
              "kid":"MBJ4-CDEK-6JA2-WGKY-4C2Z-VSYP-KOFM",
              "signature":"IIZgcx_hd3h4onMB6yOe7FZyU6k_8SqUsePyCg
  eMDB3w-yAt_f_YRnHcgipESTP1669Ci2mlPh-A_YQoPoDJ1sDz_eROHrxfAX-TTBB
  lMOmizu1UMoUnB1fEr1J75CNxwf9smIMcCxT7O4X1MQoOewsA"}
            ],
          "PayloadDigest":"EeGC-UU1fMXyppG62CiPC7pBNaDw257ubufE3i
  zwmBm_8lrMfG_VWnfqMybF8Q3m6V0fWQxQfRWIc-9XpG4-sg"}
        ],
      "EnvelopedConnectionAddress":[{
          "dig":"S512"},
        "e7QRQ29ubmVjdGlvbkFkZHJlc3N7tA5BdXRoZW50aWNhdGlvbnu0EFB1
  YmxpY1BhcmFtZXRlcnN7tA1QdWJsaWNLZXlFQ0RIe7QDY3J2gARYNDQ4tAZQdWJsa
  WOIObOavss8qXnyOEdTEgsbbUc53eztv71PZ6UvPOurHjIy2NYPXPhWOboDXGhCSR
  glDWz0SDrPGlcFAH19fbQHQWNjb3VudIARYWxpY2VAZXhhbXBsZS5jb219fQ",
        {
          "signatures":[{
              "alg":"S512",
              "kid":"MDPY-AB62-RLL2-FDZF-GHYB-LS2G-HMZX",
              "signature":"kXuiOE4ej2xBhBthsd2zJQW2XYcSXCR7mZQa16
  c6QEMamtnw9ZkJX2HszugAZunlNC_Rdp1JDjCAZepplfgbzD7V354mep0hdKGoXye
  QN9O3UmZxmtIpvcWPuESoAl3VXF7wNpOMvbr-2cRsgPrQ3DsA"}
            ]}
        ],
      "EnvelopedConnectionService":[{
          "dig":"S512",
          "ContentMetaData":"ewogICJNZXNzYWdlVHlwZSI6ICJDb25uZWN0
  aW9uU2VydmljZSIsCiAgImN0eSI6ICJhcHBsaWNhdGlvbi9tbW0vb2JqZWN0IiwKI
  CAiQ3JlYXRlZCI6ICIyMDIxLTA5LTIwVDE4OjE2OjE5WiJ9"},
        "e7QRQ29ubmVjdGlvblNlcnZpY2V7tA5BdXRoZW50aWNhdGlvbnu0A1Vk
  ZoAiTUE0VS1IVzY0LU9LVEstWlFFTC1YNlVILUY2R1UtWlNTV7QQUHVibGljUGFyY
  W1ldGVyc3u0DVB1YmxpY0tleUVDREh7tANjcnaABFg0NDi0BlB1YmxpY4g5s5q-yz
  ypefI4R1MSCxttRznd7O2_vU9npS8866seMjLY1g9c-FY5ugNcaEJJGCUNbPRIOs8
  aVwUAfX19fX0",
        {
          "signatures":[{
              "alg":"S512",
              "kid":"MDPY-AB62-RLL2-FDZF-GHYB-LS2G-HMZX",
              "signature":"b9uPvBuiCFiOOWMync3K-kGEMsv8nsSe6P_bJf
  gzw5_jfdkED2EOTLeyavP4aIDOvF12BIccF3cAZLlDNeB740u4nu0XEz5HCX6RBdd
  C2XMfYbDe78yTBAaTtEqZ1jhaupspEW5q6viEfMQJ8BWGmzQA"}
            ],
          "PayloadDigest":"9_otIc37d1dsMnmIm6V6TqizsPRvQU1O3a1XVb
  -0A-CfdGk5m6blY9awr39H6gd547nuhqF-JdMBemwbPIyfJw"}
        ],
      "EnvelopedConnectionDevice":[{
          "dig":"S512",
          "ContentMetaData":"ewogICJNZXNzYWdlVHlwZSI6ICJDb25uZWN0
  aW9uRGV2aWNlIiwKICAiY3R5IjogImFwcGxpY2F0aW9uL21tbS9vYmplY3QiLAogI
  CJDcmVhdGVkIjogIjIwMjEtMDktMjBUMTg6MTY6MTlaIn0"},
        "e7QQQ29ubmVjdGlvbkRldmljZXu0DkF1dGhlbnRpY2F0aW9ue7QDVWRm
  gCJNQTRVLUhXNjQtT0tUSy1aUUVMLVg2VUgtRjZHVS1aU1NXtBBQdWJsaWNQYXJhb
  WV0ZXJze7QNUHVibGljS2V5RUNESHu0A2NydoAEWDQ0OLQGUHVibGljiDmzmr7LPK
  l58jhHUxILG21HOd3s7b-9T2elLzzrqx4yMtjWD1z4Vjm6A1xoQkkYJQ1s9Eg6zxp
  XBQB9fX20BVJvbGVzW4AJdGhyZXNob2xkXbQJU2lnbmF0dXJle7QDVWRmgCJNQ0pC
  LUo1R1ItS1RXMy1KS1RFLTYyQTQtNVM1US1UQU5PtBBQdWJsaWNQYXJhbWV0ZXJze
  7QNUHVibGljS2V5RUNESHu0A2NydoAFRWQ0NDi0BlB1YmxpY4g5UYt8Q55B6K9oxS
  fj8UN35FZH6vlDeULJUpJlde7Iw2Gb8RjV7Blu7NiZME8Ig-BlSru-m6ztXY0AfX1
  9tApFbmNyeXB0aW9ue7QDVWRmgCJNQVM1LUczTlItRkVHNS1KTkVFLU5HVFQtNTRF
  Qi1HNE9JtBBQdWJsaWNQYXJhbWV0ZXJze7QNUHVibGljS2V5RUNESHu0A2NydoAEW
  DQ0OLQGUHVibGljiDlS9hxCUejkfMJ_e8tJVThQHG-JqLvrEXWV8zsPj1J4icxh7I
  pQDur36Qmwjm0WjjCXgDiQmSprZAB9fX19fQ",
        {
          "signatures":[{
              "alg":"S512",
              "kid":"MDPY-AB62-RLL2-FDZF-GHYB-LS2G-HMZX",
              "signature":"bv3JbW8GRQu1egN3K01uXFs7paCiLPnZVLzSx9
  qd_32oO3DoZ62Hm5GuTTOQ1dq7JevCjPXu7YKASxo1tsKI_u0yu_NH0MTsBQJzQiP
  mzxl1Rady4rrCZMmMmuE1n1EyVqOpqVMRPVbh9xE7We6NMDkA"}
            ],
          "PayloadDigest":"ryWXi7qqqFa2kAgjv94kWwiHa3rmnDkuxKSv_n
  HYCNvAgGNE7ChW9nod4MmT5mO5Lq4jHrFv2PoVvIjhmQnuDg"}
        ],
      "EnvelopedActivationDevice":[{
          "enc":"A256CBC",
          "dig":"S512",
          "kid":"EBQA-ORX6-SYUD-OBPD-66UK-UJLF-T7EE",
          "Salt":"P5HCNTSxumoCQDNal1lMpw",
          "recipients":[{
              "kid":"MDZU-LVEQ-FWVC-ZTZQ-5ZVM-HDFW-CMCR",
              "epk":{
                "PublicKeyECDH":{
                  "crv":"X448",
                  "Public":"1hxJpV39-ClXIGUxEJs_9Lh3Z89iMG6BQO0zY
  GoiNblDPvTpFDe5pjUlR6qT-jEdufWzDx_F1aEA"}},
              "wmk":"j64N7JuT_Azf6nyreYH_0f6hKXzg3fs0Jyw_7gLbNBT7
  OBNm-1gurQ"}
            ],
          "ContentMetaData":"ewogICJNZXNzYWdlVHlwZSI6ICJBY3RpdmF0
  aW9uRGV2aWNlIiwKICAiY3R5IjogImFwcGxpY2F0aW9uL21tbS9vYmplY3QiLAogI
  CJDcmVhdGVkIjogIjIwMjEtMDktMjBUMTg6MTY6MTlaIn0"},
        "vBjl0qXoEna0h1vrwmO2PlPb3drpoXtxV38i7NCiuNkG9JSJt1UTugrm
  SqyTYrA08GWWZZ9vA7Sq85RMTM37_mV0j51_9iRjunLAs5IIhF5xLA2AGwLc23uPY
  QYHylzOt2QtokoZRDsDUrhX-pRDECpUz0iP30mamSjMkfF5DgV6XxQXZfQvQDZx-r
  DdYSY-NoiG3QZc0ZJEdqASaqovqVOD1iENIrS0iwB5AhbDl3r5DxMNVtUrysNfTim
  67nQX",
        {
          "signatures":[{
              "alg":"S512",
              "kid":"MDPY-AB62-RLL2-FDZF-GHYB-LS2G-HMZX",
              "signature":"wYBXRTndm1EFpMSV9lCgMjcDFicQB3xQM_ZKT3
  IVnK2x7LMFY3qXHE8SI_7J6_emWHmv2bbb31wAmf2PbogWoFoh6pFcMGyuejQkg4N
  q1O4ggxJcjsB7qCBosZE25bB5WJb9zWKvyil3ZaVSQMWrWCgA",
              "witness":"ZGGLtk4b7Ct7lOQk3rsj_1cQV7QJH-ogKcFMNXuL
  XDI"}
            ],
          "PayloadDigest":"96zhY9KlnQJYNfUqOhpspfkrJ-t10yNA3mR4jw
  Is-AJRkO286wwuaaJlDuDTuxVBHhjlgDlIgw2ybvH6vSwsrQ"}
        ],
      "EnvelopedActivationAccount":[{
          "enc":"A256CBC",
          "dig":"S512",
          "kid":"EBQD-ZM5K-LKKF-ILS4-GG2S-IAU7-SNKB",
          "Salt":"EqNwfNG2SEjWsph327NkWQ",
          "recipients":[{
              "kid":"MAS5-G3NR-FEG5-JNEE-NGTT-54EB-G4OI",
              "epk":{
                "PublicKeyECDH":{
                  "crv":"X448",
                  "Public":"ENwMs_Ynk2fPMeLnPbpHPNpPdDEe8wK_G7hBo
  i9LVAOo1p99OY52W2fQqJttwA2HbbFC2RJWeq4A"}},
              "wmk":"wmFdyKnrVtHTxjKz-gz1WjKsqJuGNOa91gJp4MYcEeBd
  -inanGfo7g"}
            ],
          "ContentMetaData":"ewogICJNZXNzYWdlVHlwZSI6ICJBY3RpdmF0
  aW9uQWNjb3VudCIsCiAgImN0eSI6ICJhcHBsaWNhdGlvbi9tbW0vb2JqZWN0IiwKI
  CAiQ3JlYXRlZCI6ICIyMDIxLTA5LTIwVDE4OjE2OjE5WiJ9"},
        "k8c3LPLX26rouC5MrU71zZfy_j8xfpt0wQhizXeTzhgW87Y03Ce8TVIX
  r4JE5PZudbrN5HSGNzzWhpLDGCCKp4wrdo-2SLMxFtrHokEP9ttcx_J1tU1NBA0F7
  8wNghoh8k1GYai97f9uQ2ldaXTZIQmUR4gfpRzPp2riMYlgM2c-XJPnBAIpAUOmtC
  3eUvUgk_D0e38Yn1Nd0vbekU0R_1h4qN30k3nTqHu7y9b1AkItX84jJftMIeyuZ-3
  w9hcF-bUEI2HoWXb7OigE4x3OETE808MTza4IImDC6DqrEGdj1cXR7QswXdhTV6Fg
  wTy-sk0bk8TYSDstGZh427FSNgAkQ65-RgrJVC2hbAt2aj37kOwwDzl7i3EXuCowH
  i8ydkFPJTeOxrF2GdIacKEpxwgzs0JQdm2rF6ghm37yFX7A7C8AajQhJ1mJAiYYPR
  kWj6hcNOhTnAQHlzlB_zJVst6Iu4ZMgIpbQgqKKeVh1f201SQaPXwtjD0WqcrarxC
  y1idTdxhbaEioxVsmM9jzcEbL5WoLqiuSz6d-Xx1RegDzXLMXnDPp43Bh_v266MWy
  JOKRNs7NQrU9qF0ZqnypaT9iokfaLGOBNBaAjU668riVxM3Va-nhiPZ6BvTpDqgTO
  oBXDTjXm6Mkm6Za-cPZguJMSnxc8-IwCZSZyFQ4BJdBVCMkvC-DB84Y2TsrI1urBy
  2q8la2F_bOF3MvTMV6W7Bvph9k80EmmlmH9FrEHeUvdQ6ROtCLgDDvEowlOxksmgM
  5cXt_M62ikyzkk0M_prj7g4adRGf9DUYkiTGwjdk36cnIw6OiqQCehNj2Btr3bn4s
  4_p0xFr4T7hyNdwFEd0euDo6YShb9QBoivXW2YiY4rYOVX-5f2itYaUbRygqsqGOp
  G0xMWq-gYqZauA56uhPQcPt-t1E0LL1uDWSNfngWMcKR1Tv8rh1lXLI4rmEWDTeip
  Tm8FiUSeqNWISJQo1jVOwM5W13dlOu0wuh_YIWTKmYHg6uP8KYJEyBxJOg7HCBe0B
  c7bXochVqxfVyUaCZBFbESodHWIX7RIl5ne_7asYlVZ8fF-sw9kwwW3TkJc1lyFI2
  hyy_djnnQURv7TeJMCP3w_5muAxzRbyLzPvuHh6h3dkkLLDmZyp3ru7wwFwUu32Q4
  fCUkAFlZwAkz4APtyWgtAZbVd0P0v8CzgM1vMyoDuULNGjaOFqATj3m7J5_oWgdte
  QkeSUX6cYto1fDQC-AkEsm30yqbluclXuA7Gm_3nAcmWLXlWPDA585BYHhFtXa0Xz
  aQPT6hb25f9Ke4Y8-0lQJwDSmWQTeVKmQIZ7bTlqvjC5uvfjwQgWulagJB1gbP0Nv
  HtbVsPy_sMPqgmPs1Yo1wc_a3hImYCQsA-ONXMTWhcavor2XyKtnGwU3aHs4n37MY
  zjMGiskEj34hrGFbrns-3OMckKXIpAi9R7AMHbbtFOHN0v9r2Vksrp4t569bJjnlW
  UE0R9A17C3ma_-XLoGzFrBo2b5X278wWEbjorG02gSztScqf0EMHrIupZNcdbzKo7
  jiK7oTAfowlDuwUElqtTt3LXIBvwUSCe-xsfTpBFt8rjgCw9Z8UUsBbvK1_6-mS2b
  E1THWJQcAVcgVxqPLpItQkWqmJ1hJv1K_OnzPcQllWuY2zvROZOqFopHhU2iykLRr
  xNJVnzThNipe09qVZ-2xxiNIUWxF_BIv8ffKIVZ7fYKf5N7omawGKqBz_9R-AtkPJ
  gqNGVUCItQaOCC6NuVDnkHGNKeHTDI4ihHpx31urIYPlzy5TZPP1VHIN_0991xtJD
  rnvMnX40iYjxo6REI1Sg9CpjPBfsghKS-xE2OvtvzDnRZegmaz21DQD7YqXBZUykh
  VSOBgLyvdH8gZMfp8kYm5-6J99HkXsfMK7N6JULep85ZTfhgJa2xN5gqdVoleBaC5
  AoEn0RO5gQUsmT90LAsOh0pr2TSTtLVPedc8j5_LDa9hiAgN_pKTv0xs_wg0VxEzD
  kMe98TLm9jnJw9HUGSrGVUo6pfJ92QlgfaPWcIPj2AVw047n8z-zqGB2RUXuXhYky
  51ucuoa4KfLrFDCfFP_uRTi2zSSArWPUYmS19Bi9b0sDCiJbY9J5mLSuNGh8M7Jie
  NUO2XOMASr41z3iaTibAUM99G2Q4lf2QuqpTgGOJ4nZjf-EA2kRid6vdJ_Z3sICrF
  tfZoUez_BS9wzFP3OSKNz2GpfzDL-wDaulWqADe4xmZcHa8Tp4h7of5IJASAj0KG9
  D0uIZenExA_DjAcZ3RpHRYi3qNsXxaTif6SUDd1Zxo26Dv69ASvPNss8Jp8kA_j83
  OAbSQEXEXIaA-VMzEFP0A0hZVFaVzCb1QWVC8MDFdkaYDHm3UUQX6UEm8FSFrQ1C6
  brzYHtKTVecPpUynxzEyju9MnqNsdU9p4mX8AdadzL_nVOpXRAV7tW3IsC6_U9ksq
  cVPWqVjGQBo3r5BZlh3mUvTDmYF3dfLOx98b3F4NF7DQOqipPmdvJIR_NzfvWV-vq
  eBGmObwEvwoTlxkRHTwpY5z2pIKBfsA9jsbX8QiMFxu6sXVQUWVlY90BPO8XFKYYk
  1w0o3Qa6kBlzEV4Atq1ivFUJtbmg3cE4syQQP2Z1n7bFx9oHDPLIhBI-uG137BYVH
  vJ_zB4mdPsQtgJHrb7Ne_ChSrgiHc9wPzaidvXUWULHzSWJ6F4gA4kR9hXdOmLx5u
  jUZ8fxEpHtNrGtfaiJCNBWzqIcRVfQbbxdSvo-7G5uLZxPIXLu6pqzW_BCG_UrXN4
  gaTbx_CoIXqXK2XCVAhybpg1ns1_Oswnanb1ptjXBgRKpYLbwlp2XoV5aMnZXJq-R
  Ili_7gQYZUPJDxlezWMNRAKZzp86OeVBKv9ta4HHxIOavq76ElCHi6Wi2EEaYN0Zq
  EzD3CU0A4wR06fUq19B9wXuYOOqSyV5Xxupzh2jibfEuydwHzMRn5PMUPf_-NP-Hv
  KY_fpVd2dtLK0gz1LF9vCfM2QrSYR6AJ-tp8TJ1rv9HJegD5dO9909PlC2R32Lj8Q
  6d3NzJsVSXc8pg-jX-L7dyyTrsz0hkyV5qSSSLULo9f9cC55nqrx4vB6vSJ8vCnaj
  zEImfgmGkHU3ApdTU5jFoMJX14ssoYOhkaKMHW01bhuwgDZ_2uySSHBzqORJe1FMR
  kCvkdUNjcXcnGLzB4hSUh9hW19BX42xnNBfvxJZjja9MniLTMCfEfV1e5UmTEeiiB
  o-ubMs-K_qz7EwCNddxRlQLKoytYc_Bwx1UwiWTaoOZVKoAHervd_X7svhZfhusls
  TlBvK0li1AKp57qz7mRHXt0BAyy5YTIkR6JjURrMPhNptBuiMIvBcivDySt81O2yh
  FB7uhjn82jz-KO3ILs57DlDFBLf_GxvfsN598wkg24IQ7PEEoJP3xx89Y3mYK8Fi8
  u8nk_MT2moOWXge3oDD8H5OmIqywGMep5N8lI_VBAWFr6B-Zplu2_QvqO1oDdz-zi
  -l9qPRKIkqOuzWIgaez4ZinKviYWi7lYie-lJfy2I8SiuidR6n1jZIcYTT7DJj7kZ
  jKGeueMvydqXLGhNP8wqYCP_wu9D-4eSqtDS382_I5iuWIXO9zldbhBzqlbdbnVvk
  RI8gDEZ3Of5tkO97_ga_auwK8-7c5lnENGbPwx84sdpB1hwgr7No70tnOr_A4ajSS
  c4fA-L4mt0MMuKv1TWVZiQQzOyhIR8TA85d11ta6F4F3kNhox1SGtzCNn0ETFaquB
  dCQdd2rujAWaqrJv2vkSIBYK8Wgwa2HSQ9QHQJIw9aZviurGRtTGVPccALAqdGKBC
  AWEHGmBS9SsVKNrrw0JI7pxKJx-VxxnjW1uqpZxKOtfr2bHFHEUbbIxem2pOdBQ9p
  CwdHo3vcWd-zdK1jt-TICwnUiLvs0cKq62QjD227TAs5ZGfd7_dfb2C_RLYdmhIxR
  OiBfvStohPwwbX0OIwd0u6qEOqsMw4m87_4dtxL0Qkoi7LqpZvytP24kPVcuJcwwr
  xfbHtpFWGVCeJGJsfHnFRaXXlm80F4mzjts4VWJeWAtlGIDqENxuGEBj2hWCAVs4D
  OhIsE_c19ukw-Xcs_XPQ1By2Z7qA4yyu22ZZkSk6ivn1-SZ-05LLTf5i_BMcFgYEo
  MrkVkJp-vf51hJHbZVLG2OfV3O5GusnjuQzVYngGUjDJrvtTQQQvhdZBhmShfB6eN
  5OEyPuZersxL9MHh-nZp53iadAPJx2Ftrq-wvaKynK3u38LVM5Gx7Dmjg5Mt1UoLw
  lNR_EjpJLd-zqyQq9XfoTqCmz5jsZwXkQtl1r3cdqGqyZ5yUp7YFTThqVxjvtxwF7
  4rz9VmgsiHDB79ZFUzjg0jVsUduTSHy86MWkz9qDjUD3HkvyGxia7fyturpIUvP08
  NSciR3M8j8zbRF9UGp5JPNjMRiLWduP0fUrziGxXvqXmU5ZMvNuQWkBwKz1Xg3Iw5
  RTsU_Pot52ON_Wwc143H8gD-KJQuFtXtsUOX_vFkJclT8SozYMXMQ3sYAllXI1wrS
  dxXyaI5ywx-bGfatQr8x8KLsMa_EshgSoBAexPjOmAT8b8EBr3w8tv-BJ6RYcl9on
  l_A4cVeQbGxUa04CcmpFWRDMRLNfO93GY3iYWG2HbGAB45eBGo9ywkcnJAB-58UzL
  xjQ5Y2zUV5NpaNZ5j5Rd2SqIhS1FKx78DPlF3tAv6Tyei-jMRCBsnkfRww3RU1hss
  J8rgzo94qXFEDkUB1MJh9fMt3iemMSDhzm5gH8lhr4j364NUjKLAnu9cEgEpZRXds
  cash-vfA5wqsycEwe0ps4fqxyN6-EgbA4YzKeBV0qyuUm_a84aaz6WBuGOMznQbT8
  7p6Xi-uKnQx4zvx4C7KJe-g4sZpJLj-2DSiiSAYceCC9yhVnUoczDyfTJmoGFNcZn
  7o26fYxaCbWObuAJkZT4Wh-fojKyAmoZ6N3ZPnw2wLDDeOE6Ry7e3B95kgnVYOrMz
  R8pCO94bRwk0qdvZemh1PSH1lN_b7D7qppXzOXWtT7oZ-Alq0YxGPP3Rot0sVEJSp
  hMloE3-jKnUlXGfd5LnFY8jVQinLOBZJmSgoEVQyAdByYOZ6WuAbA9OpsxtukG9de
  eIYEtGNaEYAVV9izC8fEVaXHcpvC9Hln7dqAE4feyXatvddGYGyIqEfBW1Vb-BD-y
  Q1RuiuFEDYmXNJnIxp7__JYkVxqiLIl_Sbnjm3teKYLSDLhi7De7Xd8NrOBodhp1M
  X3oAs_P3mvRaKaRFiNvq984Oa8mygi8B6H0Lhl_LpMcu2XkwEOahAeLYRukwS91wg
  2GKazgIJ1xWgyyf8xgogQVyRFUD9iSBofOYxV7QoTfMjl0wUTNPQ2PsjqPVXuAzm_
  9m1w6npaiTRYKv0v-Q_8hMMxX_MAB6NW5kTsyX29zGHgHg0RSz4wXNfvry0rRTHOT
  -u3czRa77tYQtFwBLJV8mRkYo2onVK0rmE6lu6lHqI8PneU2tAdu_MkrToQU04AFP
  D7GrvpjqsSOATN9E7LR7ujpDlBeeidv9lQk8v1lqYPQeCy6JOdgud-t2gnSyPEV1u
  yrl39NDpMNupnSDo_E-arWXwM6VJk9S7-eBUAjQlpKUPQ8K4B1qswXxliUL9sulAT
  BhIc47LMN4G3F_3CDBPhkwSAQs2CCi4ZVa0FXK-3VtEAlMBVYJ5F1bmIy7kj1ToVS
  dEalJ0w-gUpt5ElFmkWQtNlAra-a-LSIm9dgBF1vcFrW5tmXHJuX2iUoZMzN9wOgr
  hMqf60f9NA74h8HiCvswfoEH04TJctu2rv0IGVPg4i-aYQdAhLOK1Oq_TsZUtbkPK
  CAxyTiCguwxiao1DgVN6ZtChQ6pTI3ncmAcva_y4bU_924K86aAD55CQ13u3-HrN6
  2L-PaHE1xaOXTp8eAUfG5PiXVbWmr2LEMcWAP2BKXu10h0umpMJsWQz8IxeXHO2AR
  _TmbVRhUAH9qnjKLjg50tpQhzOkGEho4s_82V_dd0-I-qmAxth7r5VAIAwlne4Wb0
  MoWiitrvYedQUy311G7AnuszxVeM8FlYE9TeiUa6fWxbAaDfwiw-419ELRf-lO7nF
  Je1W57TAyexB8n3TO_2uR0vCq6QC5xCeA4G3k1I7HyxRQC6wmyWPhPTNDVBzlzWhL
  pMPJ5QFY-DU033jhDXYXmsw2VBlwRuIECO2Qk-b_ggxUuLurSIXXuh0hofp59dC6z
  gMtxanHB6JPx5xVEJyQ5hbvKJ8I--iO1o5xmls06YzvxIIFKVaFM2zUjd5s7qu7xu
  IGIp0tgBMHQt1e6xg4xFeSP4KBRwgNbEyH8EedafqsLv10uw6A1JiSAmr3b_GYZ9c
  CI6i3hONZgp3oyC5HfDQj0ZaT5J51ZvGN7MzS_UZpPY2KWzUas9ZALnZlc9Jwak7l
  QL7ykINBJJff9Uzv50PQoyruDC628XcjHFp2TTQ-HUtRD72MC-jBpDEnImNlIxCeh
  IO0k82_tWraBc-T_jrIeaZs9VWWZnQQLnJdfobthgA2qqjBau9qq-f436TiCsofYZ
  sqdjLJ7Vknr6ERvIsN13im6ML8MDYzGF9Sm3sYXT-vvQAWl-sbMLFyH8gl5iGLuma
  LKwSlEm5h0QO_SfvD5UROsXM8wrBbus4pmoajQ-49tsd-2yQXQmyOmqHgd7-a4QVO
  _i004496iTm50-Knm3YDPQ71dLtFZN_49zE-Yh_rD_xEnx9ShY9TOZ3dxR5EnJ0lr
  TrWN1j41AfiskvAkH1uANMzuL85nfGelh_2DmLNI7qu3-NIez2maxQLaNcx5uIeKz
  XcR6hoAkNeseyVSXsCeaJT8FMNQ4J1qVR_KLkLzTajWgWIPbYgYW6fbQ3XNXaibGW
  8lS0NR4a13NdtH-Z9FcTqrfDjEb5xvKQZ3R5Lukx-XUbigDkXR8vVIN5-Xmk_r_pn
  NTEowDh4htGLST-LPb-J_CdnVQHwnWQWAhR1psmXgBSyTAE_jsQ0SS3nrAJhgySLu
  rLrW64vsJBIppDVivhN3bu5fLYM6g1kirt0SSSrlZ7ivK3ydPCfjaqgUJyIdukMzq
  Hfu2RpLfoe3l9xg7_msHOzQhRu5FSoMMNYj9WlTQTILu6nCrLqZ0tXRg9T8rwEjIM
  uUmt4Si14geK20-KyDqE87HA0haiJ9Rl7LG2PC4vowQvEG3VS0uNzcaVoI4JyAXAX
  yyDc9LF7Z3y_thZKL289rqDqbq8xcnMTziqeCJ5dRvGFRmQZS2JGOT3NJwsygxpY9
  -FP7FL_MCRpFRx0Im0FOa0x3ldiPjrU0f-0c4kCc3YoEj6HRKLete-UjkLyieAGXS
  e0hZ0Dz5TN34CnpXHBM_9BIJA84ImLETdUSle9PvW82x-19RzSczky1u2DPSfXahX
  9o1HzMxIhqzIl7UQNKGM5ZeQlyvcY7yfvwVoBc64bruopz8R1VxqvBx05iW2lkSTE
  IErUQsiF1RN3Nrfkd3oXoJbOW7EPSGq3VWyXpV327f_NzydJrUOmMXAZf_kXtcbTH
  bUVpZCI8Q7gTSFIiM5HB0FQi3sTK206L8THJq2uq6PDQP1cySMQQdBcc2jldRDKQW
  vxx6qe0XAOfL9M9xa9er2EspK2-wTthVK2GIAucyiyaKpG0VIcEYsk5YciQCeQH9j
  29btKDkPVOMOyndb7Ty_p65icQRZklcQJNFQix8_AEmW5oZycCbfQfPY9oKCMZOJ8
  A5oCl4O-ezKH8OForClyoZ5n-6CutZ1H0fZiMfdcTKxn_wC9vFdwMrED0n0fbvN-K
  _D4lhO5Y_dfBNFkckMIFXXlYH3P9fVuFJNcSZaVZsE4v2bjPDWX2y9VRDYBIS4nk5
  NuOuNErlvYuogj_bs19T-naR7ecMKJ7acpxQBM405A2YkBqX5zVCIAovEhVatYs3l
  ejYRQNnZlO-rXyWj3ELcL5CWmcLzXnTJpPdoMsW1CTGb6OeIqHsPsUS8mM-cQjI_q
  eEzA9QholSDqm8CaXnYAiGPl3gb9bY8yvoUqBzYrBkIhhaD_P88ClOe2AJDBcBFZf
  pIc4Oj5GA-7Uu3STFk9utDp5xAnQgQokwYSUsd7ft7pmJSVNUD3cEE50aiAFDtOId
  KetywsuRJtaVIWzd9MpzyCRcItITfUapn9O0BU11NBvW34ScChaPtbK0wsPR7maYh
  0prZUIi-bPsagMX6tUkBA56O8M6mMx8_p0UuMigWiXin2h_YwDmnWkQ54deydi0SX
  Gc8fb648RUxu1vn28uwMB1CUiW8ckyrzhwjqtjurIeIKaBf9-nIwLvUURcmhqVXT5
  6L-iU5ggrFBJUB8irouzy9uvOGq4abeJHJKFTDGLE4aO8sqgAAYAn-PpsBN19ajjD
  GR8D8xpSk1xj_ixK-kxWBVvIn2pXPGB6D2Lw_rcLyvalmo5udswp7MDftzr40B5hV
  V84N0GcdPbbcrbiwIOjMeWBJi-xIvN0kDtbXe6iSM6F4gNg1wEYOQSSDQuElFq-c8
  wFKzUN9_SN0AwUCQpVH8zBN6OzF2-MLhbiKRepaiJTIid3QT9LB33vmRYVFkYEgNj
  SXx_vFd27n9eEUKaP6U8i7r4LlSBBr9IQe5ipBSwohNEtZ-c",
        {
          "signatures":[{
              "alg":"S512",
              "kid":"MDPY-AB62-RLL2-FDZF-GHYB-LS2G-HMZX",
              "signature":"TBbLkF3G0WoPLuoUJWGdd3rVxIgRgJxnehjRed
  vKn2EWcCcSyUVinREhUrh2dgXcRE7Hm2wGzrGA9RgOR6Mm-oIKQvgkB4qfJ8fu7HK
  h8VisGTqQ4g7ku2nVvFGudmyjBAoOw83uGi7Z64Vw7Tj8zyQA",
              "witness":"OiD9-4v22pZSzegadlz8exiAgAbD6BjEd5N5XVeY
  WXA"}
            ],
          "PayloadDigest":"VKt5nl9KhxQsiN8kp7jDA7xXA3dVDrYNst7d3c
  gYTXVk8Ac8MOMeRyIWmeyTfh50QOWmgR978v-TRyvlgQRsvQ"}
        ]}}}

This is posted to the local spool.

8.1.4. Phase 4

The device periodically polls for completion of the connection request using the Complete transaction.

To provide a final check on the process, the command line tool presents the UDF of the account profile to which the device has connected if successful:

Alice3> device complete
   Device UDF = MBJ4-CDEK-6JA2-WGKY-4C2Z-VSYP-KOFM
   Account = alice@example.com
   Account UDF = MC6L-GFYJ-7EOP-2OWN-24ZJ-4RC7-EXTW
Alice3> account sync

The completion request specifies the witness value for the transaction whose completion is being queried:

{
  "CompleteRequest":{
    "AccountAddress":"alice@example.com",
    "ResponseID":"MB3U-D5WR-CRBE-PM3W-BXKC-WJL7-7QMZ"}}

The Service responds to the complete request by checking to see if an entry has been added to the local spool. If so, this contains the RespondConnection message created by the administration device.

8.2. Preconfigured (Static QR Code)

The preconfigured device connection interaction is used to connect devices that lack affordances such as a display or a keyboard. It is also known as the static QR code interaction because a static QR code printed on the device itself is used to connect it to a user's account.

Future: Note that this interaction is likely to be changed substantially in future revisions of the specification and the Claim/PollClaim mechanism removed and replaced with a messaging based approach.

The interaction has five phases:

Phase 1: Preconfiguration

The device to be onboarded is preconfigured with a ProfileDevice and private key information and a DeviceDescription posted to a publication service. This process is typically performed during manufacture. An EARL providing the ability to locate and decrypt the description is printed on the device itself as a QR code.

Phase 2: Device description acquisition

The administration device acquiring the onboarding device scans the QR code on the device and uses this information to obtain the device description by means of a Claim operation described above as described in the Device Description.

Phase 3: Administration Device Acceptance

This phase is performed in the same manner as the Dynamic QR Code (PIN) Authenticated interaction except that the administration device MAY advise the device that a connection request is being made by additional means described in the device description (e.g. WiFi, Bluetooth).

Phase 4: Poll Claim Notification

When connected to a network, the preconfigured device periodically attempts to poll the connection sources specified to find out if there is a pending request. If a connection request is posted, the device decrypts it to allow it to complete the connection process.

Phase 5: Onboarding Device Completion

This phase is performed in the same manner as the Dynamic QR Code (PIN) Authenticated interaction except that the administration device requires notice that of the pending connection request.

The main differences between this connection interaction and the witness/PIN connection interactions are that the device is preconfigured with the device profile at the time of manufacture and the onboarding device MAY be acquiring network configuration information during the connection process.

8.2.1. Phase 1

The manufacturer preconfigures the device

Maker> device preconfig
Device Udf: MCAE-LHYD-7TBQ-LOVT-GPE7-I3PX-6MQ3
File: EBPB-YSBL-44F5-5ADN-PJHJ-CCJP-EU.medk

This results in the creation of the device preconfiguration record to be published to the Publication catalog of the device manufacturer:

{
  "DevicePreconfiguration":{
    "EnvelopedProfileDevice":[{
        "EnvelopeId":"MCAE-LHYD-7TBQ-LOVT-GPE7-I3PX-6MQ3",
        "dig":"S512",
        "ContentMetaData":"ewogICJVbmlxdWVJZCI6ICJNQ0FFLUxIWUQtN1
  RCUS1MT1ZULUdQRTctSTNQWC02TVEzIiwKICAiTWVzc2FnZVR5cGUiOiAiUHJvZml
  sZURldmljZSIsCiAgImN0eSI6ICJhcHBsaWNhdGlvbi9tbW0vb2JqZWN0IiwKICAi
  Q3JlYXRlZCI6ICIyMDIxLTA5LTIwVDE4OjE2OjMzWiJ9"},
      "ewogICJQcm9maWxlRGV2aWNlIjogewogICAgIlByb2ZpbGVTaWduYXR1cm
  UiOiB7CiAgICAgICJVZGYiOiAiTUNBRS1MSFlELTdUQlEtTE9WVC1HUEU3LUkzUFg
  tNk1RMyIsCiAgICAgICJQdWJsaWNQYXJhbWV0ZXJzIjogewogICAgICAgICJQdWJs
  aWNLZXlFQ0RIIjogewogICAgICAgICAgImNydiI6ICJFZDQ0OCIsCiAgICAgICAgI
  CAiUHVibGljIjogIm84dXk2ZDhiWjRvTnlSQTlvZHNvQWJQSzl0SGVEc3loYWVQNF
  9ia2s3WDdRMHZxSUlPSk0KICBUMy1TU2lBYlVCNzNvNnhiRzVXcEE5U0EifX19LAo
  gICAgIkVuY3J5cHRpb24iOiB7CiAgICAgICJVZGYiOiAiTUIySi1aTVZFLUxXT0wt
  N1dUSi1PVEw0LVkzU0QtWlY1WSIsCiAgICAgICJQdWJsaWNQYXJhbWV0ZXJzIjoge
  wogICAgICAgICJQdWJsaWNLZXlFQ0RIIjogewogICAgICAgICAgImNydiI6ICJYND
  Q4IiwKICAgICAgICAgICJQdWJsaWMiOiAiVTFKbEF0TDdpWk85d2VVZVgzWktQZnB
  3LTc5QW15cnZzVW40b1cweEI3Nk50enF5a0k0QgogIDRYdlNMYkc3ZkdPd1AtY1k5
  Mmo5YXBPQSJ9fX0sCiAgICAiU2lnbmF0dXJlIjogewogICAgICAiVWRmIjogIk1ER
  lAtRVhYRy1CN0g0LUFNNkktTjZDVy1NNFBYLTVXV0EiLAogICAgICAiUHVibGljUG
  FyYW1ldGVycyI6IHsKICAgICAgICAiUHVibGljS2V5RUNESCI6IHsKICAgICAgICA
  gICJjcnYiOiAiRWQ0NDgiLAogICAgICAgICAgIlB1YmxpYyI6ICJ1ek1YcTdwZUZi
  UmVsYklrTERpenQwcW1qWmhKZ0FDdHhvN2J0SDNxVE9DYlV2bmNYMVFrCiAgVXA1d
  WVDMUdfWUZuSnB6d09iZ09DNXNBIn19fSwKICAgICJBdXRoZW50aWNhdGlvbiI6IH
  sKICAgICAgIlVkZiI6ICJNRDJXLVVEQ0stR05BRC1TSzVCLUFUNzUtQ0s2VS1QTEE
  2IiwKICAgICAgIlB1YmxpY1BhcmFtZXRlcnMiOiB7CiAgICAgICAgIlB1YmxpY0tl
  eUVDREgiOiB7CiAgICAgICAgICAiY3J2IjogIlg0NDgiLAogICAgICAgICAgIlB1Y
  mxpYyI6ICIycEctd1dIdmtiUGRxU2RJV1diMTFaWkc2aDJQOWY3WnRGdW1mcFlseV
  RCTy1qWUQ1RHNaCiAgNjZvWFJPUDFkWlV5bU9qUUFsSGUxTE1BIn19fX19",
      {
        "signatures":[{
            "alg":"S512",
            "kid":"MCAE-LHYD-7TBQ-LOVT-GPE7-I3PX-6MQ3",
            "signature":"ei7ljOVDEL4ZsmntYCuw1hJTzfhVaARcYjQXLoSi
  I3uVOTc8QUu1mfOqxcWqBg_iJaxzLWgol6kAdYmCOXOZLJGeFcqRc8X5cp1yo_u3J
  -RtBg16eT5OrAyyiKMAF-x14V8SZoND3AokujhS6_vn4DcA"}
          ],
        "PayloadDigest":"5fmX2PgCMfBvPkOAI1M3YiDPkT48IxlOlCTFclUN
  suqOmAqSESi5KUOTINgjX_0MMMCFjX5OcCwXTENz1GH-dA"}
      ],
    "EnvelopedConnectionDevice":[{
        "dig":"S512",
        "ContentMetaData":"ewogICJNZXNzYWdlVHlwZSI6ICJDb25uZWN0aW
  9uRGV2aWNlIiwKICAiY3R5IjogImFwcGxpY2F0aW9uL21tbS9vYmplY3QiLAogICJ
  DcmVhdGVkIjogIjIwMjEtMDktMjBUMTg6MTY6MzNaIn0"},
      "ewogICJDb25uZWN0aW9uRGV2aWNlIjogewogICAgIkF1dGhlbnRpY2F0aW
  9uIjogewogICAgICAiVWRmIjogIk1CMkotWk1WRS1MV09MLTdXVEotT1RMNC1ZM1N
  ELVpWNVkiLAogICAgICAiUHVibGljUGFyYW1ldGVycyI6IHsKICAgICAgICAiUHVi
  bGljS2V5RUNESCI6IHsKICAgICAgICAgICJjcnYiOiAiWDQ0OCIsCiAgICAgICAgI
  CAiUHVibGljIjogIlUxSmxBdEw3aVpPOXdlVWVYM1pLUGZwdy03OUFteXJ2c1VuNG
  9XMHhCNzZOdHpxeWtJNEIKICA0WHZTTGJHN2ZHT3dQLWNZOTJqOWFwT0EifX19LAo
  gICAgIlNpZ25hdHVyZSI6IHsKICAgICAgIlVkZiI6ICJNREZQLUVYWEctQjdINC1B
  TTZJLU42Q1ctTTRQWC01V1dBIiwKICAgICAgIlB1YmxpY1BhcmFtZXRlcnMiOiB7C
  iAgICAgICAgIlB1YmxpY0tleUVDREgiOiB7CiAgICAgICAgICAiY3J2IjogIkVkND
  Q4IiwKICAgICAgICAgICJQdWJsaWMiOiAidXpNWHE3cGVGYlJlbGJJa0xEaXp0MHF
  talpoSmdBQ3R4bzdidEgzcVRPQ2JVdm5jWDFRawogIFVwNXVlQzFHX1lGbkpwendP
  YmdPQzVzQSJ9fX0sCiAgICAiRW5jcnlwdGlvbiI6IHsKICAgICAgIlVkZiI6ICJNQ
  jJKLVpNVkUtTFdPTC03V1RKLU9UTDQtWTNTRC1aVjVZIiwKICAgICAgIlB1YmxpY1
  BhcmFtZXRlcnMiOiB7CiAgICAgICAgIlB1YmxpY0tleUVDREgiOiB7CiAgICAgICA
  gICAiY3J2IjogIlg0NDgiLAogICAgICAgICAgIlB1YmxpYyI6ICJVMUpsQXRMN2la
  Tzl3ZVVlWDNaS1BmcHctNzlBbXlydnNVbjRvVzB4Qjc2TnR6cXlrSTRCCiAgNFh2U
  0xiRzdmR093UC1jWTkyajlhcE9BIn19fX19",
      {
        "signatures":[{
            "alg":"S512",
            "kid":"MA6N-NN7E-CNN2-75BX-BGLB-ME6F-7FCH",
            "signature":"ZOLaqvLsui6n-LB5_C_Q3seRS5ilBxiuFFPp_NU9
  1fIF4qQYTh7opYmj8_h3bMuSrCBOCtmYlWgANuzu5LEtH-A_J2jR-euzFV7V3DbFJ
  QwA8gDb9XhuRZF8FV8V0DfmN1l8AVex0Z7q-clZPodLaCcA"}
          ],
        "PayloadDigest":"cBn1RX2qmv9mzrgeUmHN8IhFBLKAmQnMaOUUIxri
  yKS6DWWVyTxNrNi3D-MD-UJH9zXvSX-GPT6F95mZbm658g"}
      ],
    "EnvelopedConnectionService":[{
        "dig":"S512",
        "ContentMetaData":"ewogICJNZXNzYWdlVHlwZSI6ICJDb25uZWN0aW
  9uU2VydmljZSIsCiAgImN0eSI6ICJhcHBsaWNhdGlvbi9tbW0vb2JqZWN0IiwKICA
  iQ3JlYXRlZCI6ICIyMDIxLTA5LTIwVDE4OjE2OjMzWiJ9"},
      "ewogICJDb25uZWN0aW9uU2VydmljZSI6IHsKICAgICJBdXRoZW50aWNhdG
  lvbiI6IHsKICAgICAgIlVkZiI6ICJNQjJKLVpNVkUtTFdPTC03V1RKLU9UTDQtWTN
  TRC1aVjVZIiwKICAgICAgIlB1YmxpY1BhcmFtZXRlcnMiOiB7CiAgICAgICAgIlB1
  YmxpY0tleUVDREgiOiB7CiAgICAgICAgICAiY3J2IjogIlg0NDgiLAogICAgICAgI
  CAgIlB1YmxpYyI6ICJVMUpsQXRMN2laTzl3ZVVlWDNaS1BmcHctNzlBbXlydnNVbj
  RvVzB4Qjc2TnR6cXlrSTRCCiAgNFh2U0xiRzdmR093UC1jWTkyajlhcE9BIn19fX1
  9",
      {
        "signatures":[{
            "alg":"S512",
            "kid":"MA6N-NN7E-CNN2-75BX-BGLB-ME6F-7FCH",
            "signature":"-fKRQYisB0gxu75Xe0OKC77g2uptgJyzvmLIKIMg
  vXsvn3Gf0BpGlJN6wwNadK4VWHY9HU9z8w-ARK_ozkDLHIUtxwntd_ws0s03AqNLm
  K-Fjc3jf-A7lanS7OeoCAsnXfQ7Kqa91pMHbotBtPvR0RwA"}
          ],
        "PayloadDigest":"__OnArXqFpZbdPVxS1HVHKpKhvJ1nhD8QA0mOLzM
  LOOgEyWe9khDNTY1M35w1rlthBjSLMV_6heRhUhqEi8VoA"}
      ],
    "PrivateKey":{
      "PrivateKeyUDF":{
        "PrivateValue":"ZAAQ-BLGK-V4DZ-ZFV7-QJZY-OOAU-SNMB-4C6Y-57P
H-L7OQ-A3VF-655A-GYQM-H4SF",
        "KeyType":"MeshProfileDevice"}},
    "ConnectUri":"mcu://maker@example.com/EBPB-YSBL-44F5-5ADN-PJHJ-
CCJP-EU"}}

The preconfiguration record is retreived and decrypted by means of an EARL:

QR = {Connect.ConnectEARL}

The EARL is converted to a QR code and printed on the device.

The private seed and connection record is provisioned to the device to be written to the device firmware:

>>>> Unfinished ProtocolConnectEARL/device publication

Oh **** the data published to the spool is simply the encrypted ProfileDevice!!!!

8.2.2. Phase 2 & 3

The administration device scans the QR code and obtains the Device Description using the Claim operation as shown in section $$$$. The administration device creates the ActivationDevice and CatalogedDevice records and populates the service as before.

Alice> account connect ^
    mcu://maker@example.com/EBPB-YSBL-44F5-5ADN-PJHJ-CCJP-EU /web

8.2.3. Phase 4

The device polls the publication service until a claim message is returned.

Alice4> device complete
   Device UDF = MCAE-LHYD-7TBQ-LOVT-GPE7-I3PX-6MQ3
   Account = alice@example.com
   Account UDF = MC6L-GFYJ-7EOP-2OWN-24ZJ-4RC7-EXTW

>> The poll claim result.

8.2.4. Phase 5

Completion of the device is the same as before.

9. Protocol Schema

HTTP Well Known Service Prefix: /.well-known/mmm

Every Mesh Portal Service transaction consists of exactly one request followed by exactly one response. Mesh Service transactions MAY cause modification of the data stored in the Mesh Service or the Mesh itself but do not cause changes to the connection state. The protocol itself is thus idempotent. There is no set sequence in which operations are required to be performed. It is not necessary to perform a Hello transaction prior to any other transaction.

9.1. Request Messages

A Mesh Portal Service request consists of a payload object that inherits from the MeshRequest class. When using the HTTP binding, the request MUST specify the portal DNS address in the HTTP Host field.

9.1.1. Message: MeshRequest

Base class for all request messages.

[No fields]

9.1.2. Message: MeshRequestUser

Base class for all request messages made by a user.

Inherits: MeshRequest
Account: String (Optional)

The fully qualified account name (including DNS address) to which the request is directed.

EnvelopedProfileDevice: Enveloped (Optional)

Device profile of the device making the request.

9.2. Response Messages

A Mesh Portal Service response consists of a payload object that inherits from the MeshResponse class. When using the HTTP binding, the response SHOULD report the Status response code in the HTTP response message. However the response code returned in the payload object MUST always be considered authoritative.

9.2.1. Message: MeshResponse

Base class for all response messages. Contains only the status code and status description fields.

[No fields]

9.3. Imported Objects

The Mesh Service protocol makes use of JSON objects defined in the JOSE Signatgure and Encryption specifications and in the DARE Data At Rest Encryption extensions to JOSE.

9.4. Common Structures

The following common structures are used in the protocol messages:

9.4.1. Structure: KeyValue

Describes a Key/Value structure used to make queries for records matching one or more selection criteria.

Key: String (Optional)

The data retrieval key.

Value: String (Optional)

The data value to match.

9.4.2. Structure: ConstraintsSelect

Specifies constraints to be applied to a search result. These allow a client to limit the number of records returned, the quantity of data returned, the earliest and latest data returned, etc.

Container: String (Optional)

The container to be searched.

IndexMin: Integer (Optional)

Only return objects with an index value that is equal to or higher than the value specified.

IndexMax: Integer (Optional)

Only return objects with an index value that is equal to or lower than the value specified.

NotBefore: DateTime (Optional)

Only data published on or after the specified time instant is requested.

Before: DateTime (Optional)

Only data published before the specified time instant is requested. This excludes data published at the specified time instant.

PageKey: String (Optional)

Specifies a page key returned in a previous search operation in which the number of responses exceeded the specified bounds.

When a page key is specified, all the other search parameters except for MaxEntries and MaxBytes are ignored and the service returns the next set of data responding to the earlier query.

9.4.3. Structure: ConstraintsData

Specifies constraints on the data to be sent.

MaxEntries: Integer (Optional)

Maximum number of entries to send.

BytesOffset: Integer (Optional)

Specifies an offset to be applied to the payload data before it is sent. This allows large payloads to be transferred incrementally.

BytesMax: Integer (Optional)

Maximum number of payload bytes to send.

Header: Boolean (Optional)

Return the entry header

Payload: Boolean (Optional)

Return the entry payload

Trailer: Boolean (Optional)

Return the entry trailer

9.4.4. Structure: PolicyAccount

Describes the account creation policy including constraints on account names, whether there is an open account creation policy, etc.

Minimum: Integer (Optional)

Specifies the minimum length of an account name.

Maximum: Integer (Optional)

Specifies the maximum length of an account name.

InvalidCharacters: String (Optional)

A list of characters that the service does not accept in account names. The list of characters MAY not be exhaustive but SHOULD include any illegal characters in the proposed account name.

9.4.5. Structure: ContainerStatus

Container: String (Optional)
Index: Integer (Optional)
Digest: Binary (Optional)

9.4.6. Structure: ContainerUpdate

Inherits: ContainerStatus
Envelopes: DareEnvelope [0..Many]

The entries to be uploaded.

9.5. Transaction: Hello

Request: HelloRequest
Response: MeshHelloResponse

Report service and version information.

The Hello transaction provides a means of determining which protocol versions, message encodings and transport protocols are supported by the service.

The PostConstraints field MAY be used to advise senders of a maximum size of payload that MAY be sent in an initial Post request.

9.5.1. Message: MeshHelloResponse

ConstraintsUpdate: ConstraintsData (Optional)

Specifies the default data constraints for updates.

ConstraintsPost: ConstraintsData (Optional)

Specifies the default data constraints for message senders.

PolicyAccount: PolicyAccount (Optional)

Specifies the account creation policy

EnvelopedProfileService: Enveloped (Optional)

The enveloped master profile of the service.

EnvelopedProfileHost: Enveloped (Optional)

The enveloped profile of the host.

9.6. Transaction: BindAccount

Request: BindRequest
Response: BindResponse

Request creation of a new service account or group.

Attempt

9.6.1. Message: BindRequest

Request binding of an account to a service address.

Inherits: MeshRequest
AccountAddress: String (Optional)

The service account to bind to.

EnvelopedProfileAccount: Enveloped (Optional)

The signed assertion describing the account.

9.6.2. Message: BindResponse

Inherits: MeshResponse

Reports the success or failure of a Create transaction.

Reason: String (Optional)

Text explaining the status of the creation request.

URL: String (Optional)

A URL to which the user is directed to complete the account creation request.

9.7. Transaction: UnbindAccount

Request: UnbindRequest
Response: UnbindResponse

Request deletion of a service account.

9.7.1. Message: UnbindRequest

Request creation of a new portal account. The request specifies the requested account identifier and the Mesh profile to be associated with the account.

Inherits: MeshRequestUser

[No fields]

9.7.2. Message: UnbindResponse

Inherits: MeshResponse

Reports the success or failure of a Delete transaction.

[No fields]

9.8. Transaction: Connect

Request: ConnectRequest
Response: ConnectResponse

Request information necessary to begin making a connection request.

9.8.1. Message: ConnectRequest

Inherits: MeshRequest
EnvelopedRequestConnection: Enveloped (Optional)

The connection request generated by the client

Rights: String [0..Many]

List of named access rights.

9.8.2. Message: ConnectResponse

Inherits: MeshResponse
EnvelopedAcknowledgeConnection: Enveloped (Optional)

The connection request generated by the client

EnvelopedProfileAccount: Enveloped (Optional)

The user profile that provides the root of trust for this Mesh

9.9. Transaction: Complete

Request: CompleteRequest
Response: CompleteResponse

9.9.1. Message: CompleteRequest

Inherits: StatusRequest
AccountAddress: String (Optional)
ResponseID: String (Optional)

9.9.2. Message: CompleteResponse

Inherits: MeshResponse
EnvelopedRespondConnection: Enveloped (Optional)

The signed assertion describing the result of the connect request

9.10. Transaction: Status

Request: StatusRequest
Response: StatusResponse

9.10.1. Message: StatusRequest

Inherits: MeshRequestUser
DeviceUDF: String (Optional)
ProfileMasterDigest: Binary (Optional)
Catalogs: String [0..Many]
Spools: String [0..Many]

9.10.2. Message: StatusResponse

Inherits: MeshResponse
EnvelopedProfileAccount: Enveloped (Optional)

The account profile providing the root of trust for this account.

EnvelopedCatalogedDevice: Enveloped (Optional)

The catalog device entry

ContainerStatus: ContainerStatus [0..Many]

9.11. Transaction: Download

Request: DownloadRequest
Response: DownloadResponse

Request objects from the specified container with the specified search criteria.

9.11.1. Message: DownloadRequest

Inherits: MeshRequestUser

Request objects from the specified container(s).

A client MAY request only objects matching specified search criteria be returned and MAY request that only specific fields or parts of the payload be returned.

Select: ConstraintsSelect [0..Many]

Specifies constraints to be applied to a search result. These allow a client to limit the number of records returned, the quantity of data returned, the earliest and latest data returned, etc.

ConstraintsPost: ConstraintsData (Optional)

Specifies the data constraints to be applied to the responses.

9.11.2. Message: DownloadResponse

Inherits: MeshResponse

Return the set of objects requested.

Services SHOULD NOT return a response that is disproportionately large relative to the speed of the network connection without a clear indication from the client that it is relevant. A service MAY limit the number of objects returned. A service MAY limit the scope of each response.

Updates: ContainerUpdate [0..Many]

The updated data

9.12. Transaction: Transact

Request: TransactRequest
Response: TransactResponse

Attempt an atomic transaction on the containers and spools associated with an account.

9.12.1. Message: TransactRequest

Inherits: MeshRequestUser

Upload entries to a container. This request is only valid if it is issued by the owner of the account

Updates: ContainerUpdate [0..Many]

The data to be updated

Accounts: String [0..Many]

The account(s) to which the request is directed.

Outbound: Enveloped [0..Many]

The messages to be sent to other accounts

Inbound: Enveloped [0..Many]

Messages to be appended to the user's inbound spool. this is typically used to post notifications to the user to mark messages as having been read or responded to.

Local: Enveloped [0..Many]

Messages to be appended to the user's local spool. This is used to allow connecting devices to collect activation messages before they have connected to the mesh.

9.12.2. Message: TransactResponse

Inherits: MeshResponse

Response to an upload request.

Entries: EntryResponse [0..Many]

The responses to the entries.

ConstraintsData: ConstraintsData (Optional)

If the upload request contains redacted entries, specifies constraints that apply to the redacted entries as a group. Thus the total payloads of all the messages must not exceed the specified value.

9.12.3. Structure: EntryResponse

IndexRequest: Integer (Optional)

The index value of the entry in the request.

IndexContainer: Integer (Optional)

The index value assigned to the entry in the container.

Result: String (Optional)

Specifies the result of attempting to add the entry to a catalog or spool. Valid values for a message are 'Accept', 'Reject'. Valid values for an entry are 'Accept', 'Reject' and 'Conflict'.

ConstraintsData: ConstraintsData (Optional)

If the entry was redacted, specifies constraints that apply to the redacted entries as a group. Thus the total payloads of all the messages must not exceed the specified value.

9.13. Transaction: Post

Request: PostRequest
Response: PostResponse

Request to post to a spool from an external party. The request and response messages are extensions of the corresponding messages for the Upload transaction. It is expected that additional fields will be added as the need arises.

9.13.1. Message: PostRequest

Inherits: MeshRequest
Accounts: String [0..Many]

The account(s) to which the request is directed.

Messages: Enveloped [0..Many]

The messages to be sent to the addresses specified in Accounts.

9.13.2. Message: PostResponse

Inherits: TransactResponse

[No fields]

9.14. Transaction: Claim

Request: ClaimRequest
Response: ClaimResponse

Claim a publication

9.14.1. Message: ClaimRequest

Inherits: MeshRequest
EnvelopedMessageClaim: Enveloped (Optional)

The claim message

9.14.2. Message: ClaimResponse

Inherits: MeshResponse
CatalogedPublication: CatalogedPublication (Optional)

The encrypted device profile

9.15. Transaction: PollClaim

Request: PollClaimRequest
Response: PollClaimResponse

Check party making claim

9.15.1. Message: PollClaimRequest

Inherits: MeshRequest
PublicationId: String (Optional)

The envelope identifier formed from the PublicationId.

TargetAccountAddress: String (Optional)

Account to which the claim is directed

9.15.2. Message: PollClaimResponse

Inherits: MeshResponse
EnvelopedMessage: Enveloped (Optional)

The claim message

9.15.3. Structure: CryptographicOperation

KeyId: String (Optional)

The key identifier

KeyCoefficient: Binary (Optional)

Lagrange coefficient multiplier to be applied to the private key

9.15.4. Structure: CryptographicOperationSign

Inherits: CryptographicOperation
Data: Binary (Optional)

The data to sign

PartialR: Binary (Optional)

Contribution to the R offset.

9.15.5. Structure: CryptographicOperationKeyAgreement

Inherits: CryptographicOperation

[No fields]

9.15.6. Structure: CryptographicOperationGenerate

Inherits: CryptographicOperation

[No fields]

9.15.7. Structure: CryptographicOperationShare

Inherits: CryptographicOperation
Threshold: Integer (Optional)
Shares: Integer (Optional)

9.15.8. Structure: CryptographicResult

Error: String (Optional)

9.15.9. Structure: CryptographicResultKeyAgreement

Inherits: CryptographicResult

[No fields]

9.15.10. Structure: CryptographicResultShare

Inherits: CryptographicResult

[No fields]

9.16. Transaction: Operate

Request: OperateRequest
Response: OperateResponse

Perform a set of cryptographic operations

9.16.1. Message: OperateRequest

Inherits: MeshRequest
AccountAddress: String (Optional)

The service account the capability is bound to

9.16.2. Message: OperateResponse

Inherits: MeshResponse

[No fields]

10. Security Considerations

The security considerations for use and implementation of Mesh services and applications are described in the Mesh Security Considerations guide [draft-hallambaker-mesh-security].

11. IANA Considerations

All the IANA considerations for the Mesh documents are specified in this document

12. Acknowledgements

A list of people who have contributed to the design of the Mesh is presented in [draft-hallambaker-mesh-architecture].

13. Normative References

[draft-hallambaker-jsonbcd]
Hallam-Baker, P., "Binary Encodings for JavaScript Object Notation: JSON-B, JSON-C, JSON-D", Work in Progress, Internet-Draft, draft-hallambaker-jsonbcd-21, , <https://datatracker.ietf.org/doc/html/draft-hallambaker-jsonbcd-21>.
[draft-hallambaker-mesh-architecture]
Hallam-Baker, P., "Mathematical Mesh 3.0 Part I: Architecture Guide", Work in Progress, Internet-Draft, draft-hallambaker-mesh-architecture-17, , <https://datatracker.ietf.org/doc/html/draft-hallambaker-mesh-architecture-17>.
[draft-hallambaker-mesh-rud]
Hallam-Baker, P., "Mathematical Mesh 3.0 Part VI: Reliable User Datagram", Work in Progress, Internet-Draft, draft-hallambaker-mesh-rud-00, , <https://datatracker.ietf.org/doc/html/draft-hallambaker-mesh-rud-00>.
[draft-hallambaker-mesh-schema]
Hallam-Baker, P., "Mathematical Mesh 3.0 Part IV: Schema Reference", Work in Progress, Internet-Draft, draft-hallambaker-mesh-schema-08, , <https://datatracker.ietf.org/doc/html/draft-hallambaker-mesh-schema-08>.
[draft-hallambaker-mesh-security]
Hallam-Baker, P., "Mathematical Mesh 3.0 Part VII: Security Considerations", Work in Progress, Internet-Draft, draft-hallambaker-mesh-security-07, , <https://datatracker.ietf.org/doc/html/draft-hallambaker-mesh-security-07>.
[draft-hallambaker-mesh-udf]
Hallam-Baker, P., "Mathematical Mesh 3.0 Part II: Uniform Data Fingerprint.", Work in Progress, Internet-Draft, draft-hallambaker-mesh-udf-13, , <https://datatracker.ietf.org/doc/html/draft-hallambaker-mesh-udf-13>.
[RFC2119]
Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, , <https://www.rfc-editor.org/rfc/rfc2119>.

14. Informative References

[draft-hallambaker-mesh-developer]
Hallam-Baker, P., "Mathematical Mesh: Reference Implementation", Work in Progress, Internet-Draft, draft-hallambaker-mesh-developer-10, , <https://datatracker.ietf.org/doc/html/draft-hallambaker-mesh-developer-10>.