--- a/README Tue Jan 25 09:51:23 2011 -0500
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,59 +0,0 @@
-Abstract
---------
-WebID 1.0
-Web Identification and Discovery
-
-Identification and privacy have been at the center of how we interact
-with sites on the Web. The explosion of Websites over the last decade
-and a half has created a point of pain for anyone that uses the Web on a
-regular basis. Remembering login details, passwords, and sharing private
-information across the many websites that people use on a daily basis
-has become more difficult and complicated than necessary. This
-specification outlines a simple universal identification mechanism that
-is distributed, openly extensible, improves privacy, security and
-control over how one can identify themselves and control access to their
-information on the Web.
-
-Source
-------
-
-You can read, branch and modify the source code for this specification via
-github:
-
-https://github.com/webid-community/webid-spec
-
-Feedback
---------
-
-Don't e-mail patches to the editors, don't send tweets, IMs, or e-mails.
-Log bugs if you want to request changes to the spec, it is the only way
-you can make sure that your input will be tracked and considered by
-the group:
-
-https://github.com/webid-community/webid-spec/issues
-
-When logging an issue, be very specific about the problem and the
-exact change and wording that you would like to suggest. The easier
-you make changing the spec, the more likely that your change will be
-placed into the specification.
-
-Contributing
-------------
-
-To directly contribute to the specification:
-
-1. You MUST modify the 'index-respec.html' file via github - it is the
- primary source document.
-2. You MUST agree to transferring the specification text to a governing
- specification body such as the IETF or W3C when the time comes to
- transition the documents to an official specification.
-3. You MUST NOT add in any text that you know to be in violation of a trade
- secret, patent or other form of intellectual property.
-4. Understand that this will be a patent and royalty-free specification and
- no payment will be made to any of the editors, authors or contributors. That
- said, millions of people will be thankful for your contribution in ensuring
- that the web continutes to be accessible in a patent and royalty-free way.
-5. You will want to become familiar with ReSpec before you edit the
- 'index-respec.html' file. Documentation for respec is available here:
- http://dev.w3.org/2009/dap/ReSpec.js/documentation.html
-
--- a/drafts/ED-webid-20100711/index.html Tue Jan 25 09:51:23 2011 -0500
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,492 +0,0 @@
-<?xml version='1.0' encoding='UTF-8'?>
-<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML+RDFa 1.0//EN' 'http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd'>
-<html dir="ltr" about="" property="dcterms:language" content="en" xmlns="http://www.w3.org/1999/xhtml" xmlns:dcterms='http://purl.org/dc/terms/' xmlns:bibo='http://purl.org/ontology/bibo/' xmlns:foaf='http://xmlns.com/foaf/0.1/' xmlns:xsd='http://www.w3.org/2001/XMLSchema#'>
-<head>
- <title>WebID 1.0</title>
- <meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
-
-<!--
- === NOTA BENE ===
- For the three scripts below, if your spec resides on dev.w3 you can check them
- out in the same tree and use relative links so that they'll work offline,
- -->
-
-<style type="text/css">
-code { font-family: monospace; }
-
-span.hilite { color: red; /* font-weight: bold */ }
-
-li p { margin-top: 0.3em;
- margin-bottom: 0.3em; }
-
-div.explanation { background-color: #ADD8E6;
- width: 80%;
- margin: 12px; padding: 8px; }
-div.explanation li { margin-top: 8px; }
-div.explanation dd { margin: 4px; }
-
-.adef {
- font-family: monospace;
- font-weight: bold;
- color: #ff4500 !important;
-}
-
-.aref {
- font-family: monospace;
- font-weight: bold;
- color: #ff4500 !important;
-}
-
-span.entity { color: red; }
-
-span.element { color: green; }
-</style>
-
-
-
-<!-- <script src='/ReSpec.js/js/respec.js' class='remove'></script> -->
-
-
- <link href="http://dev.w3.org/2009/dap/ReSpec.js/css/respec.css" rel="stylesheet" type="text/css" charset="utf-8" /><link href="http://www.w3.org/StyleSheets/TR/w3c-unofficial" rel="stylesheet" type="text/css" charset="utf-8" /></head><body style="display: inherit; "><div class="head"><p></p><h1 rel="dcterms:title" class="title" id="title">WebID 1.0</h1><h2 rel="bibo:subtitle" id="subtitle">Web Identification and Discovery</h2><h2 property="dcterms:issued" datatype="xsd:dateTime" content="2010-07-12T01:01:38+0000" id="unofficial-draft-11-july-2010">Unofficial Draft 11 July 2010</h2><dl><dt>Editor:</dt><dd rel="bibo:editor"><span typeof="foaf:Person"><span property="foaf:name">Manu Sporny</span>, <a rel="foaf:workplaceHomepage" href="http://blog.digitalbazaar.com/">Digital Bazaar, Inc.</a> <a rel="foaf:mbox" href="mailto:msporny@digitalbazaar.com">msporny@digitalbazaar.com</a> </span>
-</dd>
-<dt>Authors:</dt><dd><span><span>Toby Inkster</span></span>
-</dd>
-<dd><span><a content="Henry Story" href="http://bblfish.net/">Henry Story</a></span>
-</dd>
-</dl><p class="copyright">This document is licensed under a <a class="subfoot" href="http://creativecommons.org/licenses/by/3.0/" rel="license">Creative Commons Attribution 3.0 License</a>.</p><hr></hr></div>
- <div id="abstract" class="introductory section" property="dcterms:abstract" datatype="" typeof="bibo:Chapter" about="#abstract"><h2>Abstract</h2>
-
-<p>Identification and privacy have been at the center of how we
-interact with sites on the Web. The explosion of Websites over the last decade
-and a half has created a point of pain for anyone that uses the Web on a
-regular basis. Remembering login details, passwords,
-and sharing private information across the many websites that people use on a
-daily basis has become more difficult and complicated than necessary. This
-specification outlines a simple universal identification mechanism that is
-distributed, openly extensible, improves privacy, security and control over how
-one can identify themselves and control access to their information on the Web.
-</p>
-
-<div typeof="bibo:Chapter" about="#how-to-read-this-document" class="section">
-<h3 id="how-to-read-this-document">How to Read this Document</h3>
-
-<p>There are a number of concepts that are covered in this document that the
-reader may want to be aware of before continuing. General knowledge of
-<a href="http://en.wikipedia.org/wiki/Public_key_cryptography">public key cryptography</a>
-is necessary to understand how to implement this specification.
-WebID also uses HTTP over TLS [<a class="bibref" rel="biblioentry" href="#bib-HTTP-TLS">HTTP-TLS</a>], X.509 certificates
-[<a class="bibref" rel="biblioentry" href="#bib-X509V3">X509V3</a>], and RDFa [<a class="bibref" rel="biblioentry" href="#bib-RDFA-CORE">RDFA-CORE</a>].</p>
-
-<p>A general <a href="#introduction">Introduction</a> is provided for all that
-would like to understand why this specification is necessary to simplify usage
-of the Web.</p>
-
-<p>The terms used throughout this specification are listed in the section
-titled <a href="#terminology">Terminology</a>.</p>
-
-<p>Developers that are interested in implementing this specification will be
-most interested in the sections titled
-<a href="#authentication-sequence">Authentication Sequence</a> and
-<a href="#authentication-sequence-details">Authentication Sequence Details</a>.
-
-</p></div>
-</div><div id="sotd" class="introductory section" typeof="bibo:Chapter" about="#sotd"><h2>Status of This Document</h2><p>This document is merely a public working draft of a potential specification. It has no official standing of any kind and does not represent the support or consensus of any standards organisation.</p>
-
-<!-- <p>This document has been reviewed by W3C Members, by software
-developers, and by other W3C groups and interested parties, and is
-endorsed by the Director as a W3C Recommendation. It is a stable
-document and may be used as reference material or cited from another
-document. W3C's role in making the Recommendation is to draw attention
-to the specification and to promote its widespread deployment. This
-enhances the functionality and interoperability of the Web.</p> -->
-
-
-The source code for this document is available via Github at the following
-URL: <a href="http://github.com/msporny/webid-spec">http://github.com/msporny/webid-spec</a>
-
-</div><div id="toc" typeof="bibo:Chapter" about="#toc" class="section"><h2 class="introductory">Table of Contents</h2><ul class="toc"><li class="tocline"><a href="#introduction" class="tocxref"><span class="secno">1. </span>Introduction</a><ul class="toc"><li class="tocline"><a href="#motivation" class="tocxref"><span class="secno">1.1 </span>Motivation</a></li><li class="tocline"><a href="#relation-to-openid" class="tocxref"><span class="secno">1.2 </span>Relation to OpenID</a></li><li class="tocline"><a href="#relation-to-oauth" class="tocxref"><span class="secno">1.3 </span>Relation to OAuth</a></li></ul></li><li class="tocline"><a href="#the-webid-protocol" class="tocxref"><span class="secno">2. </span>The WebID Protocol</a><ul class="toc"><li class="tocline"><a href="#terminology" class="tocxref"><span class="secno">2.1 </span>Terminology</a></li><li class="tocline"><a href="#authentication-sequence" class="tocxref"><span class="secno">2.2 </span>Authentication Sequence</a></li><li class="tocline"><a href="#authentication-sequence-details" class="tocxref"><span class="secno">2.3 </span>Authentication Sequence Details</a><ul class="toc"><li class="tocline"><a href="#initiating-a-tls-connection" class="tocxref"><span class="secno">2.3.1 </span>Initiating a TLS Connection</a></li><li class="tocline"><a href="#exchanging-the-identification-certificate" class="tocxref"><span class="secno">2.3.2 </span>Exchanging the Identification Certificate</a></li><li class="tocline"><a href="#processing-the-webid-profile" class="tocxref"><span class="secno">2.3.3 </span>Processing the WebID Profile</a></li><li class="tocline"><a href="#extracting-identification-url-details" class="tocxref"><span class="secno">2.3.4 </span>Extracting Identification URL Details</a></li><li class="tocline"><a href="#determining-access-privileges" class="tocxref"><span class="secno">2.3.5 </span>Determining Access Privileges</a></li></ul></li></ul></li><li class="tocline"><a href="#references" class="tocxref"><span class="secno">A. </span>References</a><ul class="toc"><li class="tocline"><a href="#normative-references" class="tocxref"><span class="secno">A.1 </span>Normative references</a></li><li class="tocline"><a href="#informative-references" class="tocxref"><span class="secno">A.2 </span>Informative references</a></li></ul></li></ul></div>
-
-
-
-<div class="informative section" id="introduction" typeof="bibo:Chapter" about="#introduction">
-
-<!-- OddPage -->
-<h2><span class="secno">1. </span>Introduction</h2><p><em>This section is non-normative.</em></p>
-
-<p>
-The WebID specification is designed to help alleviate the difficultly that
-remembering different logins, passwords and settings for websites has created.
-It is also designed to provide a universal and extensible mechanism to express
-public and private information about yourself. This section outlines the
-motivation behind the specification and the relationship to other similar
-specifications that are in active use today.
-</p>
-
-<div class="informative section" id="motivation" typeof="bibo:Chapter" about="#motivation">
-<h3><span class="secno">1.1 </span>Motivation</h3><p><em>This section is non-normative.</em></p>
-
-<p>
-It is a fundamental design criteria of the Web to enable individuals and
-organizations to control how they interact with the rest of society. This
-includes how one expresses their identity, public information and personal
-details to social networks, Web sites and services.
-</p>
-
-<p>
-Semantic Web vocabularies such as Friend-of-a-Friend (FOAF) permit distributed
-hyperlinked social networks to exist. This vocabulary, along with other
-vocabularies, allow one to add information and services protection to
-distributed social networks.
-</p>
-
-<p>
-One major criticism of open networks is that they seem to have no way of
-protecting the personal information distributed on the web or limiting
-access to resources. Few people are willing to make all their personal
-information public, many would like large pieces to be protected, making
-it available only to a select group of agents. Giving access to
-information is very similar to giving access to services. There are many
-occasions when people would like services to only be accessible to
-members of a group, such as allowing only friends, family members,
-colleagues to post an article, photo or comment on a blog. How does one do
-this in a flexible way, without requiring a central point of
-access control?
-</p>
-
-<p>
-Using an process made popular by OpenID, we show how one can tie a User
-Agent to a URL by proving that one has write access to the URL. WebID is
-a simpler alternative to OpenID (fewer connections), that uses X.509
-certificates to tie a User Agent (Browser) to a Person identified via a URL.
-WebID also provides a few additional features to OpenID. These
-features include trust management, via digital signatures, and free-form
-extensibility via RDFa. By using the existing SSL certificate exchange
-mechanism, WebID integrates more smoothly with existing Web browsers, including
-browsers on mobile devices. WebID also permits automated session login
-in addition to interactive session login. Additionally, all data is encrypted
-and guaranteed to only be received by the person or organization that was
-intended to receive it.
-</p>
-
-</div>
-
-<div class="informative section" id="relation-to-openid" typeof="bibo:Chapter" about="#relation-to-openid">
-<h3><span class="secno">1.2 </span>Relation to OpenID</h3><p><em>This section is non-normative.</em></p>
-
-<p>While some may say that OpenID and WebID conflict, WebID is 100% compatible
-with OpenID since both use a URL for identification. Therefore, WebID does not
-intend to replace OpenID, but can work beside OpenID just as easily as providing
-a complete solution. That said, there are a number of benefits that WebID
-achieves over OpenID:
-</p>
-
-<p>WebID gives people and other agents a Web ID URL for identification, just
-like OpenId does. However, in the case of WebID, the user does not need to
-remember the URL, the browser or User Agent does. A login button on a
-WebID web site is just a button. No need to enter any identifier like one
-has to for OpenID. Just click the button. Your browser will then ask you what
-identity you wish to use. The person that is browsing does not need to
-remember either the WebID URL or the website password. The only password one
-needs to remember is the one that is used to access their collection of
-WebIDs in their browser.</p>
-
-<p>The WebID protocol requires just one direct network connection to establish
-identity via the client. The server requires one connection to the client and
-one connection to retrieve the WebID Profile if it does not have the credential
-information cached. Compare this to the much more complex OpenID sequence, which
-requires six connections by the client to establish a login. In a world of
-distributed data where each site can point to data on any other site, multiple
-connections become costly to manage.</p>
-
-<p>WebID builds on well established Internet and Web standards;
-<a href="http://en.wikipedia.org/wiki/REST">REST</a>,
-RDF [<a class="bibref" rel="biblioentry" href="#bib-RDF-PRIMER">RDF-PRIMER</a>], RDFa [<a class="bibref" rel="biblioentry" href="#bib-RDFA-CORE">RDFA-CORE</a>], TLS [<a class="bibref" rel="biblioentry" href="#bib-HTTP-TLS">HTTP-TLS</a>], and X.509
-[<a class="bibref" rel="biblioentry" href="#bib-X509V3">X509V3</a>]. By building on previous standards, it makes both explaining and
-implementing WebID easier on developers.</p>
-
-<p>Since WebID is RESTful, you can perform basic HTTP operations to
-<code>GET</code> your WebID, and if you needed update it, you can use
-HTTP <code>PUT</code> semantics. You can also create a WebID via
-<code>POST</code>. This is improved from the OpenID specification, which
-requires a new set of operations described in the OpenID Attribute Exchange
-specification.</p>
-
-<p>It is easy to extend a WebID with new attributes via RDF. The power of
-RDF and RDFa allows developers to add extensions to WebID by defining new
-vocabularies that they publish. There is no authorization process necessary
-and thus WebID allows for distributed innovation. Every WebID property is
-a URI, which when clicked, can give you yet more information about what the
-property means. A developer can create new usage classes by extending their
-vocabulary at will. A developer can add relationships to a WebID by simply
-adding more HTML to the developer's page. OpenID does not provide any type of
-distributed innovation akin to RDF or RDFa.</p>
-
-<p>WebID is built on RDF and thus enables all of the advanced semantic web
-concepts that RDF enables. For example, a developer may perform machine
-reasoning with a WebID. One can construct machine-executable statements like
-"If this WebID claims to be a friend of one of our partner WebIDs that is
-trusted and the relationship is bi-directional, trust the WebID."
-While OpenID attempts to support this use case by mapping OpenID to RDF, it's
-far easier to do with WebID because WebID is natively RDF-aware.</p>
-
-<p>Implementing WebID is easier than OpenID because all of the basic
-technologies have been working and integrated into Web browsers for many years.
-There were already three interoperable implementations of WebID before this
-specification was written.</p>
-
-<p>WebID is truly decentralized - with WebID you get a web of trust.
-OpenID only supports the Web of Trust model if you indirectly trust the
-OpenID provider. In other words - OpenID is not truly decentralized. In OpenID
-you must trust OpenID providers. With WebID you only have to trust the people
-and the organizations with which you are communicating. In other words, you
-don't have to ask anyone whether or not you can trust your friends. You can
-query people that you trust directly to see if someone is trustworthy or not.
-There is no need for a central WebID authority.
-</p>
-
-<p>WebID is fully distributed, anyone can setup a WebID by placing a single
-file on a web server of their choosing. There is no need for a special
-OpenID-like provider service. The only thing anyone that wants a WebID needs
-is a web account where you can post your WebID file, ideally on your own domain
-name. You can also use a WebID hosting provider, but it's not necessary for
-WebID to work. While it is possible to run an OpenID server, other
-OpenID applications may not trust you and thus you won't be able to fully
-utilize your private OpenID credentials. The reason that there are a few
-large OpenID providers and very few small OpenID providers is because of this
-trust design issue related to OpenID.</p>
-
-<p>WebID does not require HTTP redirects. Redirects are are problematic on many
-cell phones, because telecoms heavily rely on proxys, which selectively block
-redirects.</p>
-
-<p>A WebID provider is 100% compatible with an OpenID provider and thus can
-inter-operate with OpenID-powered networks.</p>
-
-</div>
-
-<div class="informative section" id="relation-to-oauth" typeof="bibo:Chapter" about="#relation-to-oauth">
-<h3><span class="secno">1.3 </span>Relation to OAuth</h3><p><em>This section is non-normative.</em></p>
-
-<p>
-OAuth and WebID are mutually beneficial when used together. WebID can be
-used to provide RSA parameters to the RSA-SHA1 signature method required by
-OAuth 1.0. WebID can also be used to establish the consumer_key and HTTPS
-connection that will be used to transmit OAuth Tokens in OAuth 2.0.
-</p>
-
-</div>
-</div>
-
-<div class="normative section" id="the-webid-protocol" typeof="bibo:Chapter" about="#the-webid-protocol">
-
-<!-- OddPage -->
-<h2><span class="secno">2. </span>The WebID Protocol</h2>
-
-<div class="normative section" id="terminology" typeof="bibo:Chapter" about="#terminology">
-<h3><span class="secno">2.1 </span>Terminology</h3>
-
-<dl>
-
-<dt><dfn title="Verification_Agent" id="dfn-verification_agent">Verification Agent</dfn></dt>
-<dd>Performs authentication on provided WebID credentials and determines if
-an <a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent">Identification Agent</a> can have access to a particular
-resource. A <a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">Verification Agent</a> is typically a Web server, but
-may also be a peer on a peer-to-peer network.</dd>
-
-<dt><dfn title="Identification_Agent" id="dfn-identification_agent">Identification Agent</dfn></dt>
-<dd>Provides identification credentials to a Verification Agent. The
-<a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent">Identification Agent</a> is typically also a User Agent.</dd>
-
-<dt><dfn title="Identification_Certificate" id="dfn-identification_certificate">Identification Certificate</dfn></dt>
-<dd>An X.509 [<a class="bibref" rel="biblioentry" href="#bib-X509V3">X509V3</a>] Certificate that <em class="rfc2119" title="must">must</em> contain the
-<code>Subject Alternative Name</code> field pointing to a URL that is
-dereference-able and results in a document containing RDF data. For example
-the certificate would contain <code>http://example.org/webid#public</code>,
-known as a <a class="tref internalDFN" title="WebID_URL" href="#dfn-webid_url">WebID URL</a>, as
-the <code>Subject Alternative Name</code>:
-<code><pre>
-X509v3 extensions:
- ...
- X509v3 Subject Alternative Name:
- URI:http://example.org/webid#public
-</pre></code>
-
-</dd><dt><dfn title="WebID_URL" id="dfn-webid_url">WebID URL</dfn></dt>
-<dd>A URL specified in the <code>Subject Alternative Name</code> field of the
-<a class="tref internalDFN" title="Identification_Certificate" href="#dfn-identification_certificate">Identification Certificate</a> that identifies a
-<a class="tref internalDFN" title="WebID_Profile" href="#dfn-webid_profile">WebID Profile</a> document.</dd>
-
-<dt><dfn title="WebID_Profile" id="dfn-webid_profile">WebID Profile</dfn></dt>
-<dd>
-A structured document that contains identification credentials for the
-<a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent">Identification Agent</a> expressed using the Resource Description
-Framework [<a class="bibref" rel="biblioentry" href="#bib-RDF-CONCEPTS">RDF-CONCEPTS</a>]. The XHTML+RDFa 1.1 [<a class="bibref" rel="biblioentry" href="#bib-XHTML-RDFA">XHTML-RDFA</a>] serialization
-format <em class="rfc2119" title="must">must</em> be supported by the mechanism, e.g. a Web Service, providing the
-WebID Profile document. Alternate RDF serialization
-formats, such as N3 [<a class="bibref" rel="biblioentry" href="#bib-N3">N3</a>], Turtle [<a class="bibref" rel="biblioentry" href="#bib-TURTLE">TURTLE</a>], or RDF/XML
-[<a class="bibref" rel="biblioentry" href="#bib-RDF-SYNTAX-GRAMMAR">RDF-SYNTAX-GRAMMAR</a>] <em class="rfc2119" title="may">may</em> be supported by the mechanism providing the
-WebID Profile document.
-</dd>
-
-</dl>
-
-</div>
-
-<div class="normative section" id="authentication-sequence" typeof="bibo:Chapter" about="#authentication-sequence">
-<h3><span class="secno">2.2 </span>Authentication Sequence</h3>
-
-<p>The following steps are executed by Verification Agents and Identification
-Agents to determine if access should be granted to a particular resource.
-</p>
-
-<ol>
-<li>The <a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent">Identification Agent</a> attempts to access a resource
-using HTTP over TLS [<a class="bibref" rel="biblioentry" href="#bib-HTTP-TLS">HTTP-TLS</a>] via the <a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">Verification Agent</a>.</li>
-
-<li>The <a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">Verification Agent</a> <em class="rfc2119" title="must">must</em> request the
-<a class="tref internalDFN" title="Identification_Certificate" href="#dfn-identification_certificate">Identification Certificate</a> of the <a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent">Identification Agent</a>
-as a part of the TLS client-cerificate retrieval protocol.</li>
-
-<li>The <a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">Verification Agent</a> <em class="rfc2119" title="must">must</em> extract the <a class="tref internalDFN" title="WebID_URL" href="#dfn-webid_url">WebID URL</a>
-contained in the <code>Subject Alternative Name</code> field of the
-<a class="tref internalDFN" title="Identification_Certificate" href="#dfn-identification_certificate">Identification Certificate</a>. The <a class="tref internalDFN" title="WebID_Profile" href="#dfn-webid_profile">WebID Profile</a> document
-<em class="rfc2119" title="must">must</em> be dereferenced and all triples pertaining to the public key associated
-with the <a class="tref internalDFN" title="WebID_URL" href="#dfn-webid_url">WebID URL</a> <em class="rfc2119" title="must">must</em> be extracted.
-</li>
-
-<li>The remote document triples <em class="rfc2119" title="must">must</em> be queried for information about the
-public key contained in the <a class="tref internalDFN" title="Identification_Certificate" href="#dfn-identification_certificate">Identification Certificate</a>.
-If the public key in the certificate is found in the list of public keys
-associated with the <a class="tref internalDFN" title="WebID_URL" href="#dfn-webid_url">WebID URL</a>, the <a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">Verification Agent</a>
-<em class="rfc2119" title="must">must</em> assume that the client has write access to the <a class="tref internalDFN" title="WebID_Profile" href="#dfn-webid_profile">WebID Profile</a> and
-therefore owns the document.</li>
-
-<li>At this point, the <a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">Verification Agent</a> has verified that the
-<a class="tref internalDFN" title="WebID_Profile" href="#dfn-webid_profile">WebID Profile</a> is owned by the <a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent">Identification Agent</a>. The
-<a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">Verification Agent</a> <em class="rfc2119" title="must">must</em> use the now verified public key contained
-in the <a class="tref internalDFN" title="Identification_Certificate" href="#dfn-identification_certificate">Identification Certificate</a> for all TLS-based communication
-with the <a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent">Identification Agent</a>.
-</li></ol>
-
-<p>
-The <a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent">Identification Agent</a> <em class="rfc2119" title="may">may</em> re-establish a different identity at
-any time by executing all of the steps in the Authentication Sequence again.
-Additional algorithms, detailed in the next section, <em class="rfc2119" title="may">may</em> be performed to
-determine if the <a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">Verification Agent</a> can access a particular
-resource after the last step of the Authentication Sequence has been
-completed.
-</p>
-
-</div>
-
-<div class="normative section" id="authentication-sequence-details" typeof="bibo:Chapter" about="#authentication-sequence-details">
-<h3><span class="secno">2.3 </span>Authentication Sequence Details</h3>
-
-<p>This section covers details about each step in the authentication process.
-</p>
-
-<div class="normative section" id="initiating-a-tls-connection" typeof="bibo:Chapter" about="#initiating-a-tls-connection">
-<h4><span class="secno">2.3.1 </span>Initiating a TLS Connection</h4>
-
-<p class="issue">This section will detail how the TLS connection process is
-started and used by WebID to create a secure channel between the
-Identification Agent and the Verification Agent.</p>
-</div>
-
-<div class="normative section" id="exchanging-the-identification-certificate" typeof="bibo:Chapter" about="#exchanging-the-identification-certificate">
-<h4><span class="secno">2.3.2 </span>Exchanging the Identification Certificate</h4>
-
-<p class="issue">This section will detail how the certificate is selected and
-sent to the Verification Agent.</p>
-</div>
-
-<div class="normative section" id="processing-the-webid-profile" typeof="bibo:Chapter" about="#processing-the-webid-profile">
-<h4><span class="secno">2.3.3 </span>Processing the WebID Profile</h4>
-
-<p>A server responding to a WebID Profile request <em class="rfc2119" title="must">must</em> support returning an
-XHTML+RDFa [<a class="bibref" rel="biblioentry" href="#bib-XHTML-RDFA">XHTML-RDFA</a>] document with either a <code>text/html</code> or
-<code>application/xhtml+xml</code> MIMEtype. A server <em class="rfc2119" title="may">may</em> support HTTP content
-negotiation and return a document that conforms to N3 [<a class="bibref" rel="biblioentry" href="#bib-N3">N3</a>], Turtle
-[<a class="bibref" rel="biblioentry" href="#bib-TURTLE">TURTLE</a>], or RDF/XML [<a class="bibref" rel="biblioentry" href="#bib-RDF-SYNTAX-GRAMMAR">RDF-SYNTAX-GRAMMAR</a>].
-
-</p><p class="issue">This section will explain how a Verification Agent extracts
-semantic data describing the identification credentials from a WebID Profile.</p>
-</div>
-
-<div class="normative section" id="extracting-identification-url-details" typeof="bibo:Chapter" about="#extracting-identification-url-details">
-<h4><span class="secno">2.3.4 </span>Extracting Identification URL Details</h4>
-
-<p>
-The <a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">Verification Agent</a> may use a number of different methods to
-extract the public key information from the <a class="tref internalDFN" title="WebID_Profile" href="#dfn-webid_profile">WebID Profile</a>.
-</p>
-The following SPARQL query outlines one way in which the public key
-could be extracted from the <a class="tref internalDFN" title="WebID_Profile" href="#dfn-webid_profile">WebID Profile</a>:
-<code><pre>
-PREFIX cert: <http://www.w3.org/ns/auth/cert#>
-PREFIX rsa: <http://www.w3.org/ns/auth/rsa#>
-SELECT ?modulus ?exp
-WHERE {
- ?key cert:identity <http://example.org/webid#public>;
- a rsa:RSAPublicKey;
- rsa:modulus [ cert:hex ?modulus; ];
- rsa:public_exponent [ cert:decimal ?exp ] .
-}
-</pre></code>
-
-<p class="issue">This section still needs more information.</p>
-
-</div>
-
-<div class="normative section" id="determining-access-privileges" typeof="bibo:Chapter" about="#determining-access-privileges">
-<h4><span class="secno">2.3.5 </span>Determining Access Privileges</h4>
-
-<p class="issue">This section will explain how a Verification Agent may
-use the information discovered via a WebID URL to determine if one should
-be able to access a particular resource. It will explain how a Verification
-Agent can use links to other RDFa documents to build knowledge about the
-given WebID.</p>
-
-</div>
-
-</div>
-
-<div id="appendix" typeof="bibo:Chapter" about="#appendix" class="section">
-
-<div class="informative section" id="history" typeof="bibo:Chapter" about="#history">
-<h4>Change History</h4><p><em>This section is non-normative.</em></p>
-<p>2010-07-11 Initial version.</p>
-</div>
-
-<div class="informative section" id="acknowledgements" typeof="bibo:Chapter" about="#acknowledgements">
-<h4>Acknowledgments</h4><p><em>This section is non-normative.</em></p>
-
-<p>The following people have been instrumental in providing thoughts, feedback,
-reviews, criticism and input in the creation of this specification:</p>
-
-<ul>
-<li>Melvin Carvalho</li>
-<li>Bruno Harbulot</li>
-<li>Toby Inkster</li>
-<li>Ian Jacobi</li>
-<li>Jeff Sayre</li>
-<li>Henry Story</li>
-</ul>
-
-</div>
-</div>
-
-
-
-</div><div id="references" class="appendix section" typeof="bibo:Chapter" about="#references">
-<!-- OddPage -->
-<h2><span class="secno">A. </span>References</h2><div id="normative-references" typeof="bibo:Chapter" about="#normative-references" class="section"><h3><span class="secno">A.1 </span>Normative references</h3><dl class="bibliography" about=""><dt id="bib-HTTP-TLS">[HTTP-TLS]</dt><dd rel="dcterms:requires">E. Rescorla. <a href="http://www.ietf.org/rfc/rfc2818.txt"><cite>HTTP Over TLS.</cite></a> May 2000. Internet RFC 2818. URL: <a href="http://www.ietf.org/rfc/rfc2818.txt">http://www.ietf.org/rfc/rfc2818.txt</a>
-</dd><dt id="bib-N3">[N3]</dt><dd rel="dcterms:requires">Tim Berners-Lee; Dan Connolly. <a href="http://www.w3.org/TeamSubmission/2008/SUBM-n3-20080114/"><cite>Notation3 (N3): A readable RDF syntax.</cite></a> 14 January 2008. W3C Team Submission. URL: <a href="http://www.w3.org/TeamSubmission/2008/SUBM-n3-20080114/">http://www.w3.org/TeamSubmission/2008/SUBM-n3-20080114/</a>
-</dd><dt id="bib-RDF-SYNTAX-GRAMMAR">[RDF-SYNTAX-GRAMMAR]</dt><dd rel="dcterms:requires">Dave Beckett. <a href="http://www.w3.org/TR/2004/REC-rdf-syntax-grammar-20040210"><cite>RDF/XML Syntax Specification (Revised).</cite></a> 10 February 2004. W3C Recommendation. URL: <a href="http://www.w3.org/TR/2004/REC-rdf-syntax-grammar-20040210">http://www.w3.org/TR/2004/REC-rdf-syntax-grammar-20040210</a>
-</dd><dt id="bib-RDFA-CORE">[RDFA-CORE]</dt><dd rel="dcterms:requires">Shane McCarron; et al. <a href="http://www.w3.org/TR/2010/WD-rdfa-core-20100422"><cite>RDFa Core 1.1: Syntax and processing rules for embedding RDF through attributes.</cite></a>22 April 2010. W3C Working Draft. URL: <a href="http://www.w3.org/TR/2010/WD-rdfa-core-20100422">http://www.w3.org/TR/2010/WD-rdfa-core-20100422</a>
-</dd><dt id="bib-TURTLE">[TURTLE]</dt><dd rel="dcterms:requires">David Beckett, Tim Berners-Lee. <a href="http://www.w3.org/TeamSubmission/turtle/">Turtle: Terse RDF Triple Language</a> January 2008. W3C Team Submission. URL: <a href="http://www.w3.org/TeamSubmission/turtle/">http://www.w3.org/TeamSubmission/turtle/</a>
-</dd><dt id="bib-X509V3">[X509V3]</dt><dd rel="dcterms:requires"><cite>ITU-T Recommendation X.509 version 3 (1997). "Information Technology - Open Systems Interconnection - The Directory Authentication Framework" ISO/IEC 9594-8:1997</cite>.
-</dd><dt id="bib-XHTML-RDFA">[XHTML-RDFA]</dt><dd rel="dcterms:requires">Shane McCarron; et. al. <a href="http://www.w3.org/TR/2010/WD-xhtml-rdfa-20100422"><cite>XHTML+RDFa 1.1.</cite></a> 22 April 2010. W3C Working Draft. URL: <a href="http://www.w3.org/TR/2010/WD-xhtml-rdfa-20100422">http://www.w3.org/TR/WD-xhtml-rdfa-20100422</a>
-</dd></dl></div><div id="informative-references" typeof="bibo:Chapter" about="#informative-references" class="section"><h3><span class="secno">A.2 </span>Informative references</h3><dl class="bibliography" about=""><dt id="bib-RDF-CONCEPTS">[RDF-CONCEPTS]</dt><dd rel="dcterms:references">Graham Klyne; Jeremy J. Carroll. <a href="http://www.w3.org/TR/2004/REC-rdf-concepts-20040210"><cite>Resource Description Framework (RDF): Concepts and Abstract Syntax.</cite></a> 10 February 2004. W3C Recommendation. URL: <a href="http://www.w3.org/TR/2004/REC-rdf-concepts-20040210">http://www.w3.org/TR/2004/REC-rdf-concepts-20040210</a>
-</dd><dt id="bib-RDF-PRIMER">[RDF-PRIMER]</dt><dd rel="dcterms:references">Frank Manola; Eric Miller. <a href="http://www.w3.org/TR/2004/REC-rdf-primer-20040210/"><cite>RDF Primer.</cite></a> 10 February 2004. W3C Recommendation. URL: <a href="http://www.w3.org/TR/2004/REC-rdf-primer-20040210/">http://www.w3.org/TR/2004/REC-rdf-primer-20040210/</a>
-</dd></dl></div></div></body></html>
--- a/drafts/ED-webid-20100718/diff-20100711.html Tue Jan 25 09:51:23 2011 -0500
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,4224 +0,0 @@
-<?xml version='1.0' encoding='UTF-8'?>
-<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML+RDFa 1.0//EN' 'http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd'>
-<html dir="ltr" about="" property="dcterms:language" content="en" xmlns="http://www.w3.org/1999/xhtml" xmlns:dcterms='http://purl.org/dc/terms/' xmlns:bibo='http://purl.org/ontology/bibo/' xmlns:foaf='http://xmlns.com/foaf/0.1/' xmlns:xsd='http://www.w3.org/2001/XMLSchema#'>
-<head>
- <title>WebID 1.0</title>
- <meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
-
-<!--
- === NOTA BENE ===
- For the three scripts below, if your spec resides on dev.w3 you can check them
- out in the same tree and use relative links so that they'll work offline,
- -->
-
-<style type="text/css">
-code { font-family: monospace; }
-
-span.hilite { color: red; /* font-weight: bold */ }
-
-li p { margin-top: 0.3em;
- margin-bottom: 0.3em; }
-
-div.explanation { background-color: #ADD8E6;
- width: 80%;
- margin: 12px; padding: 8px; }
-div.explanation li { margin-top: 8px; }
-div.explanation dd { margin: 4px; }
-
-.adef {
- font-family: monospace;
- font-weight: bold;
- color: #ff4500 !important;
-}
-
-.aref {
- font-family: monospace;
- font-weight: bold;
- color: #ff4500 !important;
-}
-
-span.entity { color: red; }
-
-span.element { color: green; }
-</style>
-
-
-
-<!-- <script src='/ReSpec.js/js/respec.js' class='remove'></script> -->
-
-
- <link href="http://dev.w3.org/2009/dap/ReSpec.js/css/respec.css" rel="stylesheet" type="text/css" charset="utf-8" /><link href="http://www.w3.org/StyleSheets/TR/w3c-unofficial" rel="stylesheet" type="text/css" charset="utf-8" /><style type='text/css'>
-.diff-old-a {
- font-size: smaller;
- color: red;
-}
-
-.diff-new { background-color: yellow; }
-.diff-chg { background-color: lime; }
-.diff-new:before,
-.diff-new:after
- { content: "\2191" }
-.diff-chg:before, .diff-chg:after
- { content: "\2195" }
-.diff-old { text-decoration: line-through; background-color: #FBB; }
-.diff-old:before,
-.diff-old:after
- { content: "\2193" }
-:focus { border: thin red solid}
-</style>
-</head>
-<body style="display: inherit; ">
-<div class="head">
-<p>
-</p>
-<h1 rel="dcterms:title" class="title" id="title">
-WebID
-1.0
-</h1>
-<h2 rel="bibo:subtitle" id="subtitle">
-Web
-Identification
-and
-Discovery
-</h2>
-<h2 property="dcterms:issued" datatype="xsd:dateTime" content="2010-07-18T14:10:06+0000" id="unofficial-draft-18-july-2010">
-Unofficial
-Draft
-<del class="diff-old">11
-</del>
-<ins class="diff-chg">18
-</ins>
-July
-2010
-</h2>
-<dl>
-<dt>
-Editor:
-</dt>
-<dd rel="bibo:editor">
-<span typeof="foaf:Person">
-<span property="foaf:name">
-Manu
-Sporny
-</span>,
-<a rel="foaf:workplaceHomepage" href="http://blog.digitalbazaar.com/">
-Digital
-Bazaar,
-Inc.
-</a>
-<a rel="foaf:mbox" href="mailto:msporny@digitalbazaar.com">
-msporny@digitalbazaar.com
-</a>
-</span>
-</dd>
-<dt>
-Authors:
-</dt>
-<dd>
-<span>
-<a content="Toby Inkster" href="http://tobyinkster.co.uk/">
-Toby
-Inkster
-</a>
-</span>
-</dd>
-<dd>
-<span>
-<a content="Henry Story" href="http://bblfish.net/">
-Henry
-Story
-</a>
-</span>
-</dd>
-<dd>
-<span>
-<a content="Bruno Harbulot" href="http://blog.distributedmatter.net/">
-<ins class="diff-new">Bruno
-Harbulot
-</ins></a></span></dd><dd><span><a content="Reto Bachmann-Gmür" href="http://www.facebook.com/farewellutopia"><ins class="diff-new">
-Reto
-Bachmann-Gmür
-</ins></a></span></dd>
-</dl>
-<p>
-<ins class="diff-new">This
-document
-is
-also
-available
-in
-this
-non-normative
-format:
-</ins><a href="diff-20100711.html"><ins class="diff-new">
-Diff
-from
-previous
-Editors
-Draft
-</ins></a>.</p>
-<p class="copyright">
-This
-document
-is
-licensed
-under
-a
-<a class="subfoot" href="http://creativecommons.org/licenses/by/3.0/" rel="license">
-Creative
-Commons
-Attribution
-3.0
-License
-</a>.
-</p>
-<hr>
-</hr>
-</div>
-<div id="abstract" class="introductory section" property="dcterms:abstract" datatype="" typeof="bibo:Chapter" about="#abstract">
-<h2>
-Abstract
-</h2>
-<p>
-<del class="diff-old">Identification
-</del>
-<ins class="diff-chg">Social
-networking,
-identity
-</ins>
-and
-privacy
-have
-been
-at
-the
-center
-of
-how
-we
-interact
-with
-<del class="diff-old">sites
-on
-</del>
-the
-<del class="diff-old">Web.
-</del>
-<ins class="diff-chg">Web
-in
-the
-last
-decade.
-</ins>
-The
-explosion
-of
-<del class="diff-old">Websites
-over
-the
-last
-decade
-and
-a
-half
-</del>
-<ins class="diff-chg">social
-networking
-sites
-</ins>
-has
-<ins class="diff-new">brought
-the
-world
-closer
-together
-as
-well
-as
-</ins>
-created
-<del class="diff-old">a
-point
-</del>
-<ins class="diff-chg">new
-points
-</ins>
-of
-pain
-<del class="diff-old">for
-anyone
-that
-uses
-</del>
-<ins class="diff-chg">regarding
-ease
-of
-use
-and
-</ins>
-the
-<del class="diff-old">Web
-on
-a
-regular
-basis.
-</del>
-<ins class="diff-chg">Web.
-</ins>
-Remembering
-login
-details,
-passwords,
-and
-sharing
-private
-information
-across
-the
-many
-websites
-<ins class="diff-new">and
-social
-groups
-</ins>
-that
-<del class="diff-old">people
-use
-on
-</del>
-<ins class="diff-chg">we
-are
-</ins>
-a
-<del class="diff-old">daily
-basis
-</del>
-<ins class="diff-chg">part
-of
-</ins>
-has
-become
-more
-difficult
-and
-complicated
-than
-necessary.
-<ins class="diff-new">The
-Social
-Web
-is
-designed
-to
-ensure
-that
-control
-of
-identity
-and
-privacy
-settings
-is
-always
-simple
-and
-under
-one's
-control.
-WebID
-is
-a
-key
-enabler
-of
-the
-Social
-Web.
-</ins>
-This
-specification
-outlines
-a
-simple
-universal
-identification
-mechanism
-that
-is
-distributed,
-openly
-extensible,
-improves
-privacy,
-security
-and
-control
-over
-how
-one
-can
-identify
-themselves
-and
-control
-access
-to
-their
-information
-on
-the
-Web.
-</p>
-<div typeof="bibo:Chapter" about="#how-to-read-this-document" class="section">
-<h3 id="how-to-read-this-document">
-How
-to
-Read
-this
-Document
-</h3>
-<p>
-There
-are
-a
-number
-of
-concepts
-that
-are
-covered
-in
-this
-document
-that
-the
-reader
-may
-want
-to
-be
-aware
-of
-before
-continuing.
-General
-knowledge
-of
-<a href="http://en.wikipedia.org/wiki/Public_key_cryptography">
-public
-key
-cryptography
-</a>
-<ins class="diff-new">and
-RDF
-[
-</ins><a class="bibref" rel="biblioentry" href="#bib-RDF-PRIMER"><ins class="diff-new">
-RDF-PRIMER
-</ins></a><ins class="diff-new">
-]
-and
-RDFa
-[
-</ins><a class="bibref" rel="biblioentry" href="#bib-RDFA-CORE"><ins class="diff-new">
-RDFA-CORE
-</ins></a><ins class="diff-new">
-]
-</ins>
-is
-necessary
-to
-understand
-how
-to
-implement
-this
-specification.
-WebID
-<del class="diff-old">also
-</del>
-uses
-<ins class="diff-new">a
-number
-of
-specific
-technologies
-like
-</ins>
-HTTP
-over
-TLS
-[
-<a class="bibref" rel="biblioentry" href="#bib-HTTP-TLS">
-HTTP-TLS
-</a>
-],
-X.509
-certificates
-[
-<a class="bibref" rel="biblioentry" href="#bib-X509V3">
-X509V3
-</a>
-],
-<ins class="diff-new">RDF/XML
-[
-</ins><a class="bibref" rel="biblioentry" href="#bib-RDF-SYNTAX-GRAMMAR"><ins class="diff-new">
-RDF-SYNTAX-GRAMMAR
-</ins></a><ins class="diff-new">
-]
-</ins>
-and
-<del class="diff-old">RDFa
-</del>
-<ins class="diff-chg">XHTML+RDFa
-</ins>
-[
-<del class="diff-old">RDFA-CORE
-</del>
-<a class="bibref" rel="biblioentry" href="#bib-XHTML-RDFA">
-<ins class="diff-chg">XHTML-RDFA
-</ins>
-</a>
-].
-</p>
-<p>
-A
-general
-<a href="#introduction">
-Introduction
-</a>
-is
-provided
-for
-all
-that
-would
-like
-to
-understand
-why
-this
-specification
-is
-necessary
-to
-simplify
-usage
-of
-the
-Web.
-</p>
-<p>
-The
-terms
-used
-throughout
-this
-specification
-are
-listed
-in
-the
-section
-titled
-<a href="#terminology">
-Terminology
-</a>.
-</p>
-<p>
-Developers
-that
-are
-interested
-in
-implementing
-this
-specification
-will
-be
-most
-interested
-in
-the
-sections
-titled
-<a href="#authentication-sequence">
-Authentication
-Sequence
-</a>
-and
-<a href="#authentication-sequence-details">
-Authentication
-Sequence
-Details
-</a>.
-</p>
-</div>
-</div>
-<div id="sotd" class="introductory section" typeof="bibo:Chapter" about="#sotd">
-<h2>
-Status
-of
-This
-Document
-</h2>
-<p>
-This
-document
-is
-merely
-a
-public
-working
-draft
-of
-a
-potential
-specification.
-It
-has
-no
-official
-standing
-of
-any
-kind
-and
-does
-not
-represent
-the
-support
-or
-consensus
-of
-any
-standards
-organisation.
-</p>
-The
-source
-code
-for
-this
-document
-is
-available
-via
-Github
-at
-the
-following
-URL:
-<a href="http://github.com/msporny/webid-spec">
-http://github.com/msporny/webid-spec
-</a>
-</div>
-<div id="toc" typeof="bibo:Chapter" about="#toc" class="section">
-<h2 class="introductory">
-Table
-of
-Contents
-</h2>
-<ul class="toc">
-<li class="tocline">
-<a href="#introduction" class="tocxref">
-<span class="secno">
-1.
-</span>
-Introduction
-</a>
-<ul class="toc">
-<li class="tocline">
-<a href="#motivation" class="tocxref">
-<span class="secno">
-1.1
-</span>
-Motivation
-</a>
-</li>
-<li class="tocline">
-<a href="#relation-to-openid" class="tocxref">
-<span class="secno">
-1.2
-</span>
-Relation
-to
-OpenID
-</a>
-</li>
-<li class="tocline">
-<a href="#relation-to-oauth" class="tocxref">
-<span class="secno">
-1.3
-</span>
-Relation
-to
-OAuth
-</a>
-</li>
-</ul>
-</li>
-<li class="tocline">
-<a href="#the-webid-protocol" class="tocxref">
-<span class="secno">
-2.
-</span>
-The
-WebID
-Protocol
-</a>
-<ul class="toc">
-<li class="tocline">
-<a href="#terminology" class="tocxref">
-<span class="secno">
-2.1
-</span>
-Terminology
-</a>
-</li>
-<li class="tocline">
-<a href="#authentication-sequence" class="tocxref">
-<span class="secno">
-2.2
-</span>
-Authentication
-Sequence
-</a>
-</li>
-<li class="tocline">
-<a href="#authentication-sequence-details" class="tocxref">
-<span class="secno">
-2.3
-</span>
-Authentication
-Sequence
-Details
-</a>
-<ul class="toc">
-<li class="tocline">
-<a href="#initiating-a-tls-connection" class="tocxref">
-<span class="secno">
-2.3.1
-</span>
-Initiating
-a
-TLS
-Connection
-</a>
-</li>
-<li class="tocline">
-<a href="#exchanging-the-identification-certificate" class="tocxref">
-<span class="secno">
-2.3.2
-</span>
-Exchanging
-the
-Identification
-Certificate
-</a>
-</li>
-<li class="tocline">
-<a href="#processing-the-webid-profile" class="tocxref">
-<span class="secno">
-2.3.3
-</span>
-Processing
-the
-WebID
-Profile
-</a>
-</li>
-<li class="tocline">
-<a href="#extracting-webid-url-details" class="tocxref">
-<span class="secno">
-2.3.4
-</span>
-Extracting
-<del class="diff-old">Identification
-</del>
-<ins class="diff-chg">WebID
-</ins>
-URL
-Details
-</a>
-</li>
-<li class="tocline">
-<a href="#determining-access-privileges" class="tocxref">
-<span class="secno">
-2.3.5
-</span>
-Determining
-Access
-Privileges
-</a>
-</li>
-</ul>
-</li>
-</ul>
-</li>
-<li class="tocline">
-<a href="#references" class="tocxref">
-<span class="secno">
-A.
-</span>
-References
-</a>
-<ul class="toc">
-<li class="tocline">
-<a href="#normative-references" class="tocxref">
-<span class="secno">
-A.1
-</span>
-Normative
-references
-</a>
-</li>
-<li class="tocline">
-<a href="#informative-references" class="tocxref">
-<span class="secno">
-A.2
-</span>
-Informative
-references
-</a>
-</li>
-</ul>
-</li>
-</ul>
-</div>
-<div class="informative section" id="introduction" typeof="bibo:Chapter" about="#introduction">
-<h2>
-<span class="secno">
-1.
-</span>
-Introduction
-</h2>
-<p>
-<em>
-This
-section
-is
-non-normative.
-</em>
-</p>
-<p>
-The
-WebID
-specification
-is
-designed
-to
-help
-alleviate
-the
-difficultly
-that
-remembering
-different
-logins,
-passwords
-and
-settings
-for
-websites
-has
-created.
-It
-is
-also
-designed
-to
-provide
-a
-universal
-and
-extensible
-mechanism
-to
-express
-public
-and
-private
-information
-about
-yourself.
-This
-section
-outlines
-the
-motivation
-behind
-the
-specification
-and
-the
-relationship
-to
-other
-similar
-specifications
-that
-are
-in
-active
-use
-today.
-</p>
-<div class="informative section" id="motivation" typeof="bibo:Chapter" about="#motivation">
-<h3>
-<span class="secno">
-1.1
-</span>
-Motivation
-</h3>
-<p>
-<em>
-This
-section
-is
-non-normative.
-</em>
-</p>
-<p>
-It
-is
-a
-fundamental
-design
-criteria
-of
-the
-Web
-to
-enable
-individuals
-and
-organizations
-to
-control
-how
-they
-interact
-with
-the
-rest
-of
-society.
-This
-includes
-how
-one
-expresses
-their
-identity,
-public
-information
-and
-personal
-details
-to
-social
-networks,
-Web
-sites
-and
-services.
-</p>
-<p>
-Semantic
-Web
-vocabularies
-such
-as
-Friend-of-a-Friend
-(FOAF)
-permit
-distributed
-hyperlinked
-social
-networks
-to
-exist.
-This
-vocabulary,
-along
-with
-other
-vocabularies,
-allow
-one
-to
-add
-information
-and
-services
-protection
-to
-distributed
-social
-networks.
-</p>
-<p>
-One
-major
-criticism
-of
-open
-networks
-is
-that
-they
-seem
-to
-have
-no
-way
-of
-protecting
-the
-personal
-information
-distributed
-on
-the
-web
-or
-limiting
-access
-to
-resources.
-Few
-people
-are
-willing
-to
-make
-all
-their
-personal
-information
-public,
-many
-would
-like
-large
-pieces
-to
-be
-protected,
-making
-it
-available
-only
-to
-a
-select
-group
-of
-agents.
-Giving
-access
-to
-information
-is
-very
-similar
-to
-giving
-access
-to
-services.
-There
-are
-many
-occasions
-when
-people
-would
-like
-services
-to
-only
-be
-accessible
-to
-members
-of
-a
-group,
-such
-as
-allowing
-only
-friends,
-family
-members,
-colleagues
-to
-post
-an
-article,
-photo
-or
-comment
-on
-a
-blog.
-How
-does
-one
-do
-this
-in
-a
-flexible
-way,
-without
-requiring
-a
-central
-point
-of
-access
-control?
-</p>
-<p>
-Using
-an
-process
-made
-popular
-by
-OpenID,
-we
-show
-how
-one
-can
-tie
-a
-User
-Agent
-to
-a
-URL
-by
-proving
-that
-one
-has
-write
-access
-to
-the
-URL.
-WebID
-is
-a
-simpler
-alternative
-to
-OpenID
-(fewer
-connections),
-that
-uses
-X.509
-certificates
-to
-tie
-a
-User
-Agent
-(Browser)
-to
-a
-Person
-identified
-via
-a
-URL.
-WebID
-also
-provides
-a
-few
-additional
-features
-to
-OpenID.
-These
-features
-include
-trust
-management,
-via
-digital
-signatures,
-and
-free-form
-extensibility
-via
-RDFa.
-By
-using
-the
-existing
-SSL
-certificate
-exchange
-mechanism,
-WebID
-integrates
-more
-smoothly
-with
-existing
-Web
-browsers,
-including
-browsers
-on
-mobile
-devices.
-WebID
-also
-permits
-automated
-session
-login
-in
-addition
-to
-interactive
-session
-login.
-Additionally,
-all
-data
-is
-encrypted
-and
-guaranteed
-to
-only
-be
-received
-by
-the
-person
-or
-organization
-that
-was
-intended
-to
-receive
-it.
-</p>
-</div>
-<div class="informative section" id="relation-to-openid" typeof="bibo:Chapter" about="#relation-to-openid">
-<h3>
-<span class="secno">
-1.2
-</span>
-Relation
-to
-OpenID
-</h3>
-<p>
-<em>
-This
-section
-is
-non-normative.
-</em>
-</p>
-<del class="diff-old">While
-some
-may
-say
-that
-OpenID
-</del>
-<p class="issue">
-<ins class="diff-chg">This
-section
-needs
-to
-be
-re-written.
-The
-flow
-</ins>
-and
-<del class="diff-old">WebID
-conflict,
-</del>
-<ins class="diff-chg">grammar
-leaves
-much
-to
-be
-desired.
---
-manu
-</ins></p><p>
-WebID
-is
-<del class="diff-old">100%
-</del>
-compatible
-with
-<del class="diff-old">OpenID
-since
-both
-</del>
-<ins class="diff-chg">OpenID.
-Both
-protocols
-</ins>
-use
-a
-URL
-<del class="diff-old">for
-identification.
-</del>
-<ins class="diff-chg">that
-dereferences
-to
-a
-Personal
-Profile
-Document.
-This
-Personal
-Profile
-Document
-is
-where
-further
-information
-about
-an
-identity
-can
-be
-discovered.
-This
-mechanism
-is
-compatible
-with
-both
-WebID
-and
-OpenID.
-</ins>
-Therefore,
-WebID
-does
-not
-intend
-to
-replace
-OpenID,
-but
-can
-work
-beside
-OpenID
-<del class="diff-old">just
-as
-easily
-as
-providing
-a
-complete
-solution.
-</del>
-<ins class="diff-chg">by
-sharing
-the
-content
-in
-the
-Personal
-Profile
-Document.
-</ins></p><p>
-That
-said,
-there
-are
-a
-number
-of
-benefits
-that
-WebID
-achieves
-over
-OpenID:
-</p>
-<p>
-WebID
-gives
-people
-and
-other
-agents
-a
-<ins class="diff-new">WebID
-URL
-for
-identification.
-OpenID
-also
-provides
-a
-URL
-to
-a
-Personal
-Profile
-Document.
-However,
-in
-the
-case
-of
-WebID,
-one
-does
-not
-need
-to
-remember
-the
-URL
-since
-the
-User
-Agent
-remembers
-the
-URL
-on
-behalf
-of
-the
-person
-browsing.
-To
-log
-in
-on
-a
-WebID
-web
-site
-there
-is
-no
-need
-to
-enter
-any
-identifier
-like
-one
-has
-to
-do
-for
-OpenID.
-Just
-one
-click
-tells
-the
-browser
-to
-send
-the
-WebID
-URL.
-The
-person
-that
-is
-browsing
-does
-not
-need
-to
-remember
-either
-their
-WebID
-URL
-or
-the
-website
-password.
-The
-only
-password
-one
-may
-need
-to
-remember
-is
-the
-one
-that
-is
-used
-to
-access
-their
-collection
-of
-WebIDs
-in
-their
-browser,
-and
-that's
-only
-if
-they
-opt-in
-to
-password
-protect
-their
-WebIDs.
-</ins></p><p><ins class="diff-new">
-WebID
-gives
-people
-and
-other
-agents
-a
-</ins>
-Web
-ID
-URL
-for
-<del class="diff-old">identification,
-just
-like
-OpenId
-does.
-</del>
-<ins class="diff-chg">identification.
-OpenID
-also
-provides
-a
-URL
-to
-a
-Personal
-Profile
-Document.
-</ins>
-However,
-in
-the
-case
-of
-WebID,
-the
-user
-does
-not
-need
-to
-remember
-the
-URL,
-the
-browser
-or
-User
-Agent
-does.
-A
-login
-button
-on
-a
-WebID
-web
-site
-is
-just
-a
-button.
-No
-need
-to
-enter
-any
-identifier
-like
-one
-has
-to
-for
-OpenID.
-Just
-click
-the
-button.
-Your
-browser
-will
-then
-ask
-you
-what
-identity
-you
-wish
-to
-use.
-The
-person
-that
-is
-browsing
-does
-not
-need
-to
-remember
-either
-the
-WebID
-URL
-or
-the
-website
-password.
-The
-only
-password
-one
-needs
-to
-remember
-is
-the
-one
-that
-is
-used
-to
-access
-their
-collection
-of
-WebIDs
-in
-their
-browser.
-</p>
-<p>
-The
-WebID
-protocol
-requires
-just
-one
-direct
-network
-connection
-to
-establish
-identity
-via
-the
-client.
-The
-server
-requires
-one
-connection
-to
-the
-client
-and
-one
-connection
-to
-retrieve
-the
-WebID
-Profile
-if
-it
-does
-not
-have
-the
-credential
-information
-cached.
-Compare
-this
-to
-the
-much
-more
-complex
-OpenID
-sequence,
-which
-requires
-six
-connections
-by
-the
-client
-to
-establish
-a
-login.
-In
-a
-world
-of
-distributed
-data
-where
-each
-site
-can
-point
-to
-data
-on
-any
-other
-site,
-multiple
-connections
-become
-costly
-to
-manage.
-</p>
-<p>
-WebID
-builds
-on
-<ins class="diff-new">a
-number
-of
-</ins>
-well
-established
-Internet
-and
-Web
-standards;
-<a href="http://en.wikipedia.org/wiki/REST">
-REST
-</a>,
-RDF
-[
-<a class="bibref" rel="biblioentry" href="#bib-RDF-PRIMER">
-RDF-PRIMER
-</a>
-],
-RDFa
-[
-<a class="bibref" rel="biblioentry" href="#bib-RDFA-CORE">
-RDFA-CORE
-</a>
-],
-<ins class="diff-new">RDF/XML
-[
-</ins><a class="bibref" rel="biblioentry" href="#bib-RDF-SYNTAX-GRAMMAR"><ins class="diff-new">
-RDF-SYNTAX-GRAMMAR
-</ins></a><ins class="diff-new">
-],
-</ins>
-TLS
-[
-<a class="bibref" rel="biblioentry" href="#bib-HTTP-TLS">
-HTTP-TLS
-</a>
-],
-and
-X.509
-[
-<a class="bibref" rel="biblioentry" href="#bib-X509V3">
-X509V3
-</a>
-].
-By
-building
-on
-previous
-standards,
-it
-makes
-both
-explaining
-and
-implementing
-WebID
-easier
-on
-developers.
-</p>
-<p>
-Since
-WebID
-is
-RESTful,
-you
-can
-perform
-basic
-HTTP
-operations
-to
-<code>
-GET
-</code>
-your
-WebID,
-and
-if
-you
-needed
-update
-it,
-you
-can
-use
-HTTP
-<code>
-PUT
-</code>
-semantics.
-You
-can
-also
-create
-a
-WebID
-via
-<code>
-POST
-</code>.
-This
-is
-improved
-from
-the
-OpenID
-specification,
-which
-requires
-a
-new
-set
-of
-operations
-described
-in
-the
-OpenID
-Attribute
-Exchange
-specification.
-</p>
-<p>
-<ins class="diff-new">WebID
-is
-built
-on
-RDF
-and
-thus
-enables
-all
-of
-the
-advanced
-semantic
-web
-concepts
-that
-RDF
-enables.
-For
-example,
-a
-developer
-may
-perform
-machine
-reasoning
-with
-a
-WebID.
-One
-can
-construct
-machine-executable
-statements
-like
-"If
-this
-WebID
-claims
-to
-be
-a
-friend
-of
-one
-of
-our
-partner
-WebIDs
-that
-is
-trusted
-and
-the
-relationship
-is
-bi-directional,
-trust
-the
-WebID."
-While
-OpenID
-attempts
-to
-support
-this
-use
-case
-by
-mapping
-OpenID
-to
-RDF,
-it's
-far
-easier
-to
-do
-with
-WebID
-because
-WebID
-is
-natively
-RDF-aware.
-</ins></p><p>
-It
-is
-easy
-to
-extend
-a
-WebID
-with
-new
-attributes
-via
-RDF.
-The
-power
-of
-RDF
-<del class="diff-old">and
-RDFa
-</del>
-allows
-developers
-to
-add
-extensions
-to
-WebID
-by
-defining
-new
-vocabularies
-that
-they
-publish.
-There
-is
-no
-authorization
-process
-necessary
-and
-thus
-WebID
-allows
-for
-distributed
-innovation.
-Every
-WebID
-property
-is
-a
-URI,
-which
-when
-clicked,
-can
-give
-you
-yet
-more
-information
-about
-what
-the
-property
-means.
-A
-developer
-can
-create
-new
-usage
-classes
-by
-extending
-their
-vocabulary
-at
-will.
-A
-developer
-can
-add
-relationships
-to
-a
-WebID
-by
-simply
-adding
-more
-HTML
-to
-the
-developer's
-page.
-OpenID
-does
-not
-provide
-any
-type
-of
-distributed
-innovation
-akin
-to
-<del class="diff-old">RDF
-or
-RDFa.
-WebID
-is
-built
-on
-RDF
-and
-thus
-enables
-all
-of
-the
-advanced
-semantic
-web
-concepts
-that
-RDF
-enables.
-For
-example,
-a
-developer
-may
-perform
-machine
-reasoning
-with
-a
-WebID.
-One
-can
-construct
-machine-executable
-statements
-like
-"If
-this
-WebID
-claims
-to
-be
-a
-friend
-of
-one
-of
-our
-partner
-WebIDs
-that
-is
-trusted
-and
-the
-relationship
-is
-bi-directional,
-trust
-the
-WebID."
-While
-OpenID
-attempts
-to
-support
-this
-use
-case
-by
-mapping
-OpenID
-to
-RDF,
-it's
-far
-easier
-to
-do
-with
-WebID
-because
-WebID
-is
-natively
-RDF-aware.
-</del>
-<ins class="diff-chg">RDF.
-</ins>
-</p>
-<p>
-Implementing
-WebID
-is
-easier
-than
-OpenID
-because
-all
-of
-the
-basic
-technologies
-have
-been
-working
-and
-integrated
-into
-Web
-browsers
-for
-many
-years.
-There
-were
-already
-three
-interoperable
-implementations
-of
-WebID
-before
-this
-specification
-was
-written.
-</p>
-<p>
-WebID
-is
-truly
-decentralized
--
-with
-WebID
-you
-get
-a
-web
-of
-trust.
-OpenID
-only
-supports
-the
-Web
-of
-Trust
-model
-if
-you
-indirectly
-trust
-the
-OpenID
-provider.
-In
-other
-words
--
-OpenID
-is
-not
-truly
-decentralized.
-In
-OpenID
-you
-must
-trust
-OpenID
-providers.
-With
-WebID
-you
-only
-have
-to
-trust
-the
-people
-and
-the
-organizations
-with
-which
-you
-are
-communicating.
-In
-other
-words,
-you
-don't
-have
-to
-ask
-anyone
-whether
-or
-not
-you
-can
-trust
-your
-friends.
-You
-can
-query
-people
-that
-you
-trust
-directly
-to
-see
-if
-someone
-is
-trustworthy
-or
-not.
-There
-is
-no
-need
-for
-a
-central
-WebID
-authority.
-</p>
-<p>
-WebID
-is
-fully
-distributed,
-anyone
-can
-setup
-a
-WebID
-by
-placing
-a
-single
-file
-on
-a
-web
-server
-of
-their
-choosing.
-There
-is
-no
-need
-for
-a
-special
-OpenID-like
-provider
-service.
-The
-only
-thing
-anyone
-that
-wants
-a
-WebID
-needs
-is
-a
-web
-account
-where
-you
-can
-post
-your
-WebID
-file,
-ideally
-on
-your
-own
-domain
-name.
-You
-can
-also
-use
-a
-WebID
-hosting
-provider,
-but
-it's
-not
-necessary
-for
-WebID
-to
-work.
-While
-it
-is
-possible
-to
-run
-an
-OpenID
-server,
-other
-OpenID
-applications
-may
-not
-trust
-you
-and
-thus
-you
-won't
-be
-able
-to
-fully
-utilize
-your
-private
-OpenID
-credentials.
-The
-reason
-that
-there
-are
-a
-few
-large
-OpenID
-providers
-and
-very
-few
-small
-OpenID
-providers
-is
-because
-of
-this
-trust
-design
-issue
-related
-to
-OpenID.
-</p>
-<p>
-WebID
-does
-not
-require
-HTTP
-redirects.
-Redirects
-are
-<del class="diff-old">are
-</del>
-problematic
-on
-many
-cell
-phones,
-because
-telecoms
-heavily
-rely
-on
-proxys,
-which
-selectively
-block
-redirects.
-</p>
-<p>
-A
-WebID
-provider
-is
-100%
-compatible
-with
-an
-OpenID
-provider
-and
-thus
-can
-inter-operate
-with
-OpenID-powered
-networks.
-</p>
-</div>
-<div class="informative section" id="relation-to-oauth" typeof="bibo:Chapter" about="#relation-to-oauth">
-<h3>
-<span class="secno">
-1.3
-</span>
-Relation
-to
-OAuth
-</h3>
-<p>
-<em>
-This
-section
-is
-non-normative.
-</em>
-</p>
-<p>
-OAuth
-and
-WebID
-are
-mutually
-beneficial
-when
-used
-together.
-WebID
-can
-be
-used
-to
-provide
-RSA
-parameters
-to
-the
-RSA-SHA1
-signature
-method
-required
-by
-OAuth
-1.0.
-WebID
-can
-also
-be
-used
-to
-establish
-the
-consumer_key
-and
-HTTPS
-connection
-that
-will
-be
-used
-to
-transmit
-OAuth
-Tokens
-in
-OAuth
-2.0.
-</p>
-</div>
-</div>
-<div class="normative section" id="the-webid-protocol" typeof="bibo:Chapter" about="#the-webid-protocol">
-<h2>
-<span class="secno">
-2.
-</span>
-The
-WebID
-Protocol
-</h2>
-<div class="normative section" id="terminology" typeof="bibo:Chapter" about="#terminology">
-<h3>
-<span class="secno">
-2.1
-</span>
-Terminology
-</h3>
-<dl>
-<dt>
-<dfn title="Verification_Agent" id="dfn-verification_agent">
-Verification
-Agent
-</dfn>
-</dt>
-<dd>
-Performs
-authentication
-on
-provided
-WebID
-credentials
-and
-determines
-if
-an
-<a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent">
-Identification
-Agent
-</a>
-can
-have
-access
-to
-a
-particular
-resource.
-A
-<a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">
-Verification
-Agent
-</a>
-is
-typically
-a
-Web
-server,
-but
-may
-also
-be
-a
-peer
-on
-a
-peer-to-peer
-network.
-</dd>
-<dt>
-<dfn title="Identification_Agent" id="dfn-identification_agent">
-Identification
-Agent
-</dfn>
-</dt>
-<dd>
-Provides
-identification
-credentials
-to
-a
-Verification
-Agent.
-The
-<a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent">
-Identification
-Agent
-</a>
-is
-typically
-also
-a
-User
-Agent.
-</dd>
-<dt>
-<dfn title="Identification_Certificate" id="dfn-identification_certificate">
-Identification
-Certificate
-</dfn>
-</dt>
-<dd>
-An
-X.509
-[
-<a class="bibref" rel="biblioentry" href="#bib-X509V3">
-X509V3
-</a>
-]
-Certificate
-that
-<em class="rfc2119" title="must">
-must
-</em>
-contain
-<del class="diff-old">the
-</del>
-<ins class="diff-chg">a
-</ins>
-<code>
-Subject
-Alternative
-Name
-</code>
-<del class="diff-old">field
-pointing
-to
-</del>
-<ins class="diff-chg">extension
-with
-a
-URI
-entry.
-The
-URI
-</ins><em class="rfc2119" title="should"><ins class="diff-chg">
-should
-</ins></em><ins class="diff-chg">
-be
-a
-URL,
-and
-</ins><em class="rfc2119" title="should not"><ins class="diff-chg">
-should
-not
-</ins></em><ins class="diff-chg">
-be
-</ins>
-a
-<ins class="diff-new">URN.
-The
-</ins>
-URL
-<del class="diff-old">that
-is
-</del>
-<ins class="diff-chg">identifies
-the
-</ins><a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent"><ins class="diff-chg">
-Identification
-Agent
-</ins></a>.<ins class="diff-chg">
-The
-URL
-</ins><em class="rfc2119" title="must"><ins class="diff-chg">
-must
-</ins></em><ins class="diff-chg">
-be
-</ins>
-dereference-able
-and
-<del class="diff-old">results
-</del>
-<ins class="diff-chg">result
-</ins>
-in
-a
-document
-containing
-RDF
-data.
-For
-<del class="diff-old">example
-</del>
-<ins class="diff-chg">example,
-</ins>
-the
-certificate
-would
-contain
-<code>
-http://example.org/webid#public
-</code>,
-known
-as
-a
-<a class="tref internalDFN" title="WebID_URL" href="#dfn-webid_url">
-WebID
-URL
-</a>,
-as
-the
-<code>
-Subject
-Alternative
-Name
-</code>:
-<code><pre>
-X509v3 extensions:
- ...
- X509v3 Subject Alternative Name:
- URI:http://example.org/webid#public
-</pre>
-</code>
-</dd>
-<dt>
-<dfn title="WebID_URL" id="dfn-webid_url">
-WebID
-URL
-</dfn>
-</dt>
-<dd>
-A
-URL
-specified
-<del class="diff-old">in
-</del>
-<ins class="diff-chg">via
-</ins>
-the
-<code>
-Subject
-Alternative
-Name
-</code>
-<del class="diff-old">field
-</del>
-<ins class="diff-chg">extension
-</ins>
-of
-the
-<a class="tref internalDFN" title="Identification_Certificate" href="#dfn-identification_certificate">
-Identification
-Certificate
-</a>
-that
-identifies
-<ins class="diff-new">an
-</ins><a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent"><ins class="diff-new">
-Identification
-Agent
-</ins></a>.</dd><dt><dfn title="public_key" id="dfn-public_key"><ins class="diff-new">
-public
-key
-</ins></dfn></dt><dd><ins class="diff-new">
-A
-widely
-distributed
-crytographic
-key
-that
-can
-be
-used
-to
-verify
-digital
-signatures
-and
-encrypt
-data
-between
-</ins>
-a
-<del class="diff-old">WebID
-Profile
-</del>
-<ins class="diff-chg">sender
-and
-a
-receiver.
-A
-public
-key
-is
-always
-included
-in
-an
-</ins><a class="tref internalDFN" title="Identification_Certificate" href="#dfn-identification_certificate"><ins class="diff-chg">
-Identification
-Certificate
-</ins>
-</a>
-<del class="diff-old">document.
-</del>
-</dd>
-<dt>
-<dfn title="WebID_Profile" id="dfn-webid_profile">
-WebID
-Profile
-</dfn>
-</dt>
-<dd>
-A
-structured
-document
-that
-contains
-identification
-credentials
-for
-the
-<a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent">
-Identification
-Agent
-</a>
-expressed
-using
-the
-Resource
-Description
-Framework
-[
-<a class="bibref" rel="biblioentry" href="#bib-RDF-CONCEPTS">
-RDF-CONCEPTS
-</a>
-].
-<del class="diff-old">The
-</del>
-<ins class="diff-chg">Either
-the
-</ins>
-XHTML+RDFa
-1.1
-[
-<a class="bibref" rel="biblioentry" href="#bib-XHTML-RDFA">
-XHTML-RDFA
-</a>
-]
-serialization
-format
-<ins class="diff-new">or
-the
-RDF/XML
-[
-</ins><a class="bibref" rel="biblioentry" href="#bib-RDF-SYNTAX-GRAMMAR"><ins class="diff-new">
-RDF-SYNTAX-GRAMMAR
-</ins></a><ins class="diff-new">
-]
-serialization
-format
-</ins>
-<em class="rfc2119" title="must">
-must
-</em>
-be
-supported
-by
-the
-mechanism,
-e.g.
-a
-Web
-Service,
-providing
-the
-WebID
-Profile
-document.
-Alternate
-RDF
-serialization
-formats,
-such
-as
-N3
-[
-<a class="bibref" rel="biblioentry" href="#bib-N3">
-N3
-</a>
-<del class="diff-old">],
-</del>
-<ins class="diff-chg">]
-or
-</ins>
-Turtle
-[
-<a class="bibref" rel="biblioentry" href="#bib-TURTLE">
-TURTLE
-</a>
-],
-<del class="diff-old">or
-RDF/XML
-[
-RDF-SYNTAX-GRAMMAR
-]
-</del>
-<em class="rfc2119" title="may">
-may
-</em>
-be
-supported
-by
-the
-mechanism
-providing
-the
-WebID
-Profile
-document.
-</dd>
-</dl>
-<p class="issue">
-<ins class="diff-new">Whether
-or
-not
-RDF/XML,
-XHTML+RDFa
-1.1,
-both
-or
-neither
-serialization
-of
-RDF
-should
-be
-required
-serialization
-formats
-in
-the
-specification
-is
-currently
-under
-heavy
-debate.
-</ins></p>
-</div>
-<div class="normative section" id="authentication-sequence" typeof="bibo:Chapter" about="#authentication-sequence">
-<h3>
-<span class="secno">
-2.2
-</span>
-Authentication
-Sequence
-</h3>
-<p>
-The
-following
-steps
-are
-executed
-by
-Verification
-Agents
-and
-Identification
-Agents
-to
-determine
-if
-access
-should
-be
-granted
-to
-a
-particular
-resource.
-</p>
-<ol>
-<li>
-The
-<a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent">
-Identification
-Agent
-</a>
-attempts
-to
-access
-a
-resource
-using
-HTTP
-over
-TLS
-[
-<a class="bibref" rel="biblioentry" href="#bib-HTTP-TLS">
-HTTP-TLS
-</a>
-]
-via
-the
-<a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">
-Verification
-Agent
-</a>.
-</li>
-<li>
-The
-<a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">
-Verification
-Agent
-</a>
-<em class="rfc2119" title="must">
-must
-</em>
-request
-the
-<a class="tref internalDFN" title="Identification_Certificate" href="#dfn-identification_certificate">
-Identification
-Certificate
-</a>
-of
-the
-<a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent">
-Identification
-Agent
-</a>
-as
-a
-part
-of
-the
-TLS
-client-cerificate
-retrieval
-protocol.
-</li>
-<li>
-The
-<a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">
-Verification
-Agent
-</a>
-<em class="rfc2119" title="must">
-must
-</em>
-extract
-the
-<a class="tref internalDFN" title="public_key" href="#dfn-public_key">
-<ins class="diff-new">public
-key
-</ins></a><ins class="diff-new">
-and
-the
-</ins>
-<a class="tref internalDFN" title="WebID_URL" href="#dfn-webid_url">
-WebID
-URL
-</a>
-contained
-in
-the
-<code>
-Subject
-Alternative
-Name
-</code>
-<del class="diff-old">field
-</del>
-<ins class="diff-chg">extension
-</ins>
-of
-the
-<a class="tref internalDFN" title="Identification_Certificate" href="#dfn-identification_certificate">
-Identification
-Certificate
-</a>.
-</li>
-<li>
-The
-<del class="diff-old">WebID
-Profile
-document
-must
-be
-dereferenced
-and
-all
-triples
-pertaining
-to
-the
-</del>
-<a class="tref internalDFN" title="public_key" href="#dfn-public_key">
-public
-key
-</a>
-<ins class="diff-new">information
-</ins>
-associated
-with
-the
-<a class="tref internalDFN" title="WebID_URL" href="#dfn-webid_url">
-WebID
-URL
-</a>
-<em class="rfc2119" title="must">
-must
-</em>
-be
-<del class="diff-old">extracted.
-The
-remote
-document
-triples
-</del>
-<ins class="diff-chg">verified
-by
-the
-</ins><a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent"><ins class="diff-chg">
-Verification
-Agent
-</ins></a>.<ins class="diff-chg">
-This
-</ins>
-<em class="rfc2119" title="must">
-must
-</em>
-be
-<del class="diff-old">queried
-for
-information
-about
-</del>
-<ins class="diff-chg">performed
-by
-validating
-</ins>
-the
-<a class="tref internalDFN" title="public_key" href="#dfn-public_key">
-public
-key
-</a>
-<ins class="diff-new">associated
-with
-the
-</ins><a class="tref internalDFN" title="WebID_URL" href="#dfn-webid_url"><ins class="diff-new">
-WebID
-URL
-</ins></a>.<ins class="diff-new">
-This
-process
-</ins><em class="rfc2119" title="should"><ins class="diff-new">
-should
-</ins></em><ins class="diff-new">
-occur
-either
-by
-dereferencing
-the
-</ins><a class="tref internalDFN" title="WebID_URL" href="#dfn-webid_url"><ins class="diff-new">
-WebID
-URL
-</ins></a><ins class="diff-new">
-and
-extracting
-RDF
-data
-from
-the
-resulting
-document,
-or
-by
-utilizing
-a
-cached
-version
-of
-the
-RDF
-data
-</ins>
-contained
-in
-the
-<del class="diff-old">Identification
-Certificate
-</del>
-<ins class="diff-chg">document
-or
-other
-data
-source
-that
-is
-up-to-date
-and
-trusted
-by
-the
-</ins><a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent"><ins class="diff-chg">
-Verification
-Agent
-</ins></a>.<ins class="diff-chg">
-The
-processing
-and
-extraction
-mechanism
-is
-further
-detailed
-in
-the
-sections
-titled
-</ins><a href="#processing-the-webid-profile"><ins class="diff-chg">
-Processing
-the
-WebID
-Profile
-</ins></a><ins class="diff-chg">
-and
-</ins><a href="#extracting-webid-url-details"><ins class="diff-chg">
-Extracting
-WebID
-URL
-Details
-</ins>
-</a>.
-</li>
-<li>
-If
-the
-<a class="tref internalDFN" title="public_key" href="#dfn-public_key">
-public
-key
-</a>
-in
-the
-<del class="diff-old">certificate
-</del>
-<a class="tref internalDFN" title="Identification_Certificate" href="#dfn-identification_certificate">
-<ins class="diff-chg">Identification
-Certificate
-</ins></a>
-is
-found
-in
-the
-list
-of
-<a class="tref internalDFN" title="public_key" href="#dfn-public_key">
-public
-<del class="diff-old">keys
-</del>
-<ins class="diff-chg">key
-</ins></a><ins class="diff-chg">
-s
-</ins>
-associated
-with
-the
-<a class="tref internalDFN" title="WebID_URL" href="#dfn-webid_url">
-WebID
-URL
-</a>,
-the
-<a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">
-Verification
-Agent
-</a>
-<em class="rfc2119" title="must">
-must
-</em>
-assume
-that
-the
-client
-has
-write
-access
-to
-the
-<a class="tref internalDFN" title="WebID_Profile" href="#dfn-webid_profile">
-WebID
-Profile
-</a>
-and
-therefore
-owns
-the
-document.
-</li>
-<li>
-<del class="diff-old">At
-this
-point,
-</del>
-<ins class="diff-chg">If
-</ins>
-the
-<a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">
-Verification
-Agent
-</a>
-has
-verified
-that
-the
-<a class="tref internalDFN" title="WebID_Profile" href="#dfn-webid_profile">
-WebID
-Profile
-</a>
-is
-owned
-by
-the
-<a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent">
-Identification
-Agent
-<del class="diff-old">.
-The
-</del>
-</a>,
-<ins class="diff-chg">the
-</ins>
-<a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">
-Verification
-Agent
-</a>
-<em class="rfc2119" title="must">
-must
-</em>
-use
-the
-<del class="diff-old">now
-</del>
-verified
-<a class="tref internalDFN" title="public_key" href="#dfn-public_key">
-public
-key
-</a>
-contained
-in
-the
-<a class="tref internalDFN" title="Identification_Certificate" href="#dfn-identification_certificate">
-Identification
-Certificate
-</a>
-for
-all
-TLS-based
-communication
-with
-the
-<a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent">
-Identification
-Agent
-</a>.
-</li>
-</ol>
-<p>
-The
-<a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent">
-Identification
-Agent
-</a>
-<em class="rfc2119" title="may">
-may
-</em>
-re-establish
-a
-different
-identity
-at
-any
-time
-by
-executing
-all
-of
-the
-steps
-in
-the
-Authentication
-Sequence
-again.
-Additional
-algorithms,
-detailed
-in
-the
-next
-section,
-<em class="rfc2119" title="may">
-may
-</em>
-be
-performed
-to
-determine
-if
-the
-<a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">
-Verification
-Agent
-</a>
-can
-access
-a
-particular
-resource
-after
-the
-last
-step
-of
-the
-Authentication
-Sequence
-has
-been
-completed.
-</p>
-</div>
-<div class="normative section" id="authentication-sequence-details" typeof="bibo:Chapter" about="#authentication-sequence-details">
-<h3>
-<span class="secno">
-2.3
-</span>
-Authentication
-Sequence
-Details
-</h3>
-<p>
-This
-section
-covers
-details
-about
-each
-step
-in
-the
-authentication
-process.
-</p>
-<div class="normative section" id="initiating-a-tls-connection" typeof="bibo:Chapter" about="#initiating-a-tls-connection">
-<h4>
-<span class="secno">
-2.3.1
-</span>
-Initiating
-a
-TLS
-Connection
-</h4>
-<p class="issue">
-This
-section
-will
-detail
-how
-the
-TLS
-connection
-process
-is
-started
-and
-used
-by
-WebID
-to
-create
-a
-secure
-channel
-between
-the
-Identification
-Agent
-and
-the
-Verification
-Agent.
-</p>
-</div>
-<div class="normative section" id="exchanging-the-identification-certificate" typeof="bibo:Chapter" about="#exchanging-the-identification-certificate">
-<h4>
-<span class="secno">
-2.3.2
-</span>
-Exchanging
-the
-Identification
-Certificate
-</h4>
-<p class="issue">
-This
-section
-will
-detail
-how
-the
-certificate
-is
-selected
-and
-sent
-to
-the
-Verification
-Agent.
-</p>
-</div>
-<div class="normative section" id="processing-the-webid-profile" typeof="bibo:Chapter" about="#processing-the-webid-profile">
-<h4>
-<span class="secno">
-2.3.3
-</span>
-Processing
-the
-WebID
-Profile
-</h4>
-<p>
-A
-<ins class="diff-new">Verification
-Agent
-</ins><em class="rfc2119" title="must"><ins class="diff-new">
-must
-</ins></em><ins class="diff-new">
-be
-able
-to
-process
-documents
-in
-RDF/XML
-[
-</ins><a class="bibref" rel="biblioentry" href="#bib-RDF-SYNTAX-GRAMMAR"><ins class="diff-new">
-RDF-SYNTAX-GRAMMAR
-</ins></a><ins class="diff-new">
-]
-and
-XHTML+RDFa
-[
-</ins><a class="bibref" rel="biblioentry" href="#bib-XHTML-RDFA"><ins class="diff-new">
-XHTML-RDFA
-</ins></a><ins class="diff-new">
-].
-A
-</ins>
-server
-responding
-to
-a
-WebID
-Profile
-request
-<em class="rfc2119" title="should">
-<ins class="diff-new">should
-</ins></em><ins class="diff-new">
-support
-HTTP
-content
-negotiation.
-The
-server
-</ins>
-<em class="rfc2119" title="must">
-must
-</em>
-<del class="diff-old">support
-returning
-an
-XHTML+RDFa
-[
-XHTML-RDFA
-]
-document
-with
-either
-</del>
-<ins class="diff-chg">return
-</ins>
-a
-<ins class="diff-new">representation
-in
-RDF/XML
-for
-media
-type
-</ins><code><ins class="diff-new">
-application/rdf+xml
-</ins></code>.<ins class="diff-new">
-The
-server
-</ins><em class="rfc2119" title="must"><ins class="diff-new">
-must
-</ins></em><ins class="diff-new">
-return
-a
-representation
-in
-XHTML+RDFa
-for
-media
-type
-</ins>
-<code>
-text/html
-</code>
-or
-<ins class="diff-new">media
-type
-</ins>
-<code>
-application/xhtml+xml
-<del class="diff-old">MIMEtype.
-A
-server
-</del>
-</code>.
-<a class="tref" title="Verification_Agents">
-<ins class="diff-chg">Verification
-Agents
-</ins></a><ins class="diff-chg">
-and
-</ins><a class="tref" title="Identification_Agents"><ins class="diff-chg">
-Identification
-Agents
-</ins></a>
-<em class="rfc2119" title="may">
-may
-</em>
-support
-<ins class="diff-new">any
-other
-RDF
-format
-via
-</ins>
-HTTP
-content
-<del class="diff-old">negotiation
-and
-return
-a
-document
-that
-conforms
-to
-N3
-[
-N3
-],
-Turtle
-[
-TURTLE
-],
-or
-RDF/XML
-[
-RDF-SYNTAX-GRAMMAR
-].
-</del>
-<ins class="diff-chg">negotiation.
-</ins>
-</p>
-<p class="issue">
-This
-section
-will
-explain
-how
-a
-Verification
-Agent
-extracts
-semantic
-data
-describing
-the
-identification
-credentials
-from
-a
-WebID
-Profile.
-</p>
-</div>
-<div class="normative section" id="extracting-webid-url-details" typeof="bibo:Chapter" about="#extracting-webid-url-details">
-<h4>
-<span class="secno">
-2.3.4
-</span>
-Extracting
-<del class="diff-old">Identification
-</del>
-<ins class="diff-chg">WebID
-</ins>
-URL
-Details
-</h4>
-<p>
-The
-<a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">
-Verification
-Agent
-</a>
-may
-use
-a
-number
-of
-different
-methods
-to
-extract
-the
-<a class="tref internalDFN" title="public_key" href="#dfn-public_key">
-public
-key
-</a>
-information
-from
-the
-<a class="tref internalDFN" title="WebID_Profile" href="#dfn-webid_profile">
-WebID
-Profile
-</a>.
-</p>
-The
-following
-SPARQL
-query
-outlines
-one
-way
-in
-which
-the
-<a class="tref internalDFN" title="public_key" href="#dfn-public_key">
-public
-key
-</a>
-could
-be
-extracted
-from
-the
-<a class="tref internalDFN" title="WebID_Profile" href="#dfn-webid_profile">
-WebID
-Profile
-</a>:
-<code><pre>
-PREFIX cert: <http://www.w3.org/ns/auth/cert#>
-PREFIX rsa: <http://www.w3.org/ns/auth/rsa#>
-SELECT ?modulus ?exp
-WHERE {
- ?key cert:identity <http://example.org/webid#public>;
- a rsa:RSAPublicKey;
- rsa:modulus [ cert:hex ?modulus; ];
- rsa:public_exponent [ cert:decimal ?exp ] .
-}
-</pre>
-</code>
-<p class="issue">
-This
-section
-still
-needs
-more
-information.
-</p>
-</div>
-<div class="normative section" id="determining-access-privileges" typeof="bibo:Chapter" about="#determining-access-privileges">
-<h4>
-<span class="secno">
-2.3.5
-</span>
-Determining
-Access
-Privileges
-</h4>
-<p class="issue">
-This
-section
-will
-explain
-how
-a
-Verification
-Agent
-may
-use
-the
-information
-discovered
-via
-a
-WebID
-URL
-to
-determine
-if
-one
-should
-be
-able
-to
-access
-a
-particular
-resource.
-It
-will
-explain
-how
-a
-Verification
-Agent
-can
-use
-links
-to
-other
-RDFa
-documents
-to
-build
-knowledge
-about
-the
-given
-WebID.
-</p>
-</div>
-</div>
-<div id="appendix" typeof="bibo:Chapter" about="#appendix" class="section">
-<div class="informative section" id="history" typeof="bibo:Chapter" about="#history">
-<h4>
-Change
-History
-</h4>
-<p>
-<em>
-This
-section
-is
-non-normative.
-</em>
-</p>
-<p>
-2010-07-11
-Initial
-version.
-</p>
-</div>
-<div class="informative section" id="acknowledgements" typeof="bibo:Chapter" about="#acknowledgements">
-<h4>
-Acknowledgments
-</h4>
-<p>
-<em>
-This
-section
-is
-non-normative.
-</em>
-</p>
-<p>
-The
-following
-people
-have
-been
-instrumental
-in
-providing
-thoughts,
-feedback,
-reviews,
-criticism
-and
-input
-in
-the
-creation
-of
-this
-specification:
-</p>
-<ul>
-<li>
-Melvin
-Carvalho
-</li>
-<li>
-Bruno
-Harbulot
-</li>
-<li>
-Toby
-Inkster
-</li>
-<li>
-Ian
-Jacobi
-</li>
-<li>
-Jeff
-Sayre
-</li>
-<li>
-Henry
-Story
-</li>
-</ul>
-</div>
-</div>
-</div>
-<div id="references" class="appendix section" typeof="bibo:Chapter" about="#references">
-<h2>
-<span class="secno">
-A.
-</span>
-References
-</h2>
-<div id="normative-references" typeof="bibo:Chapter" about="#normative-references" class="section">
-<h3>
-<span class="secno">
-A.1
-</span>
-Normative
-references
-</h3>
-<dl class="bibliography" about="">
-<dt id="bib-HTTP-TLS">
-[HTTP-TLS]
-</dt>
-<dd rel="dcterms:requires">
-E.
-Rescorla.
-<a href="http://www.ietf.org/rfc/rfc2818.txt">
-<cite>
-HTTP
-Over
-TLS.
-</cite>
-</a>
-May
-2000.
-Internet
-RFC
-2818.
-URL:
-<a href="http://www.ietf.org/rfc/rfc2818.txt">
-http://www.ietf.org/rfc/rfc2818.txt
-</a>
-</dd>
-<dt id="bib-N3">
-[N3]
-</dt>
-<dd rel="dcterms:requires">
-Tim
-Berners-Lee;
-Dan
-Connolly.
-<a href="http://www.w3.org/TeamSubmission/2008/SUBM-n3-20080114/">
-<cite>
-Notation3
-(N3):
-A
-readable
-RDF
-syntax.
-</cite>
-</a>
-14
-January
-2008.
-W3C
-Team
-Submission.
-URL:
-<a href="http://www.w3.org/TeamSubmission/2008/SUBM-n3-20080114/">
-http://www.w3.org/TeamSubmission/2008/SUBM-n3-20080114/
-</a>
-</dd>
-<dt id="bib-RDF-PRIMER">
-<ins class="diff-new">[RDF-PRIMER]
-</ins></dt><dd rel="dcterms:requires"><ins class="diff-new">
-Frank
-Manola;
-Eric
-Miller.
-</ins><a href="http://www.w3.org/TR/2004/REC-rdf-primer-20040210/"><cite><ins class="diff-new">
-RDF
-Primer.
-</ins></cite></a><ins class="diff-new">
-10
-February
-2004.
-W3C
-Recommendation.
-URL:
-</ins><a href="http://www.w3.org/TR/2004/REC-rdf-primer-20040210/"><ins class="diff-new">
-http://www.w3.org/TR/2004/REC-rdf-primer-20040210/
-</ins></a></dd>
-<dt id="bib-RDF-SYNTAX-GRAMMAR">
-[RDF-SYNTAX-GRAMMAR]
-</dt>
-<dd rel="dcterms:requires">
-Dave
-Beckett.
-<a href="http://www.w3.org/TR/2004/REC-rdf-syntax-grammar-20040210">
-<cite>
-RDF/XML
-Syntax
-Specification
-(Revised).
-</cite>
-</a>
-10
-February
-2004.
-W3C
-Recommendation.
-URL:
-<a href="http://www.w3.org/TR/2004/REC-rdf-syntax-grammar-20040210">
-http://www.w3.org/TR/2004/REC-rdf-syntax-grammar-20040210
-</a>
-</dd>
-<dt id="bib-RDFA-CORE">
-[RDFA-CORE]
-</dt>
-<dd rel="dcterms:requires">
-Shane
-McCarron;
-et
-al.
-<a href="http://www.w3.org/TR/2010/WD-rdfa-core-20100422">
-<cite>
-RDFa
-Core
-1.1:
-Syntax
-and
-processing
-rules
-for
-embedding
-RDF
-through
-attributes.
-</cite>
-</a>
-22
-April
-2010.
-W3C
-Working
-Draft.
-URL:
-<a href="http://www.w3.org/TR/2010/WD-rdfa-core-20100422">
-http://www.w3.org/TR/2010/WD-rdfa-core-20100422
-</a>
-</dd>
-<dt id="bib-TURTLE">
-[TURTLE]
-</dt>
-<dd rel="dcterms:requires">
-David
-Beckett,
-Tim
-Berners-Lee.
-<a href="http://www.w3.org/TeamSubmission/turtle/">
-Turtle:
-Terse
-RDF
-Triple
-Language
-</a>
-January
-2008.
-W3C
-Team
-Submission.
-URL:
-<a href="http://www.w3.org/TeamSubmission/turtle/">
-http://www.w3.org/TeamSubmission/turtle/
-</a>
-</dd>
-<dt id="bib-X509V3">
-[X509V3]
-</dt>
-<dd rel="dcterms:requires">
-<cite>
-ITU-T
-Recommendation
-X.509
-version
-3
-(1997).
-"Information
-Technology
--
-Open
-Systems
-Interconnection
--
-The
-Directory
-Authentication
-Framework"
-ISO/IEC
-9594-8:1997
-</cite>.
-</dd>
-<dt id="bib-XHTML-RDFA">
-[XHTML-RDFA]
-</dt>
-<dd rel="dcterms:requires">
-Shane
-McCarron;
-et.
-al.
-<a href="http://www.w3.org/TR/2010/WD-xhtml-rdfa-20100422">
-<cite>
-XHTML+RDFa
-1.1.
-</cite>
-</a>
-22
-April
-2010.
-W3C
-Working
-Draft.
-URL:
-<a href="http://www.w3.org/TR/2010/WD-xhtml-rdfa-20100422">
-http://www.w3.org/TR/WD-xhtml-rdfa-20100422
-</a>
-</dd>
-</dl>
-</div>
-<div id="informative-references" typeof="bibo:Chapter" about="#informative-references" class="section">
-<h3>
-<span class="secno">
-A.2
-</span>
-Informative
-references
-</h3>
-<dl class="bibliography" about="">
-<dt id="bib-RDF-CONCEPTS">
-[RDF-CONCEPTS]
-</dt>
-<dd rel="dcterms:references">
-Graham
-Klyne;
-Jeremy
-J.
-Carroll.
-<a href="http://www.w3.org/TR/2004/REC-rdf-concepts-20040210">
-<cite>
-Resource
-Description
-Framework
-(RDF):
-Concepts
-and
-Abstract
-Syntax.
-</cite>
-</a>
-10
-February
-2004.
-W3C
-Recommendation.
-URL:
-<a href="http://www.w3.org/TR/2004/REC-rdf-concepts-20040210">
-http://www.w3.org/TR/2004/REC-rdf-concepts-20040210
-<del class="diff-old">[RDF-PRIMER]
-Frank
-Manola;
-Eric
-Miller.
-RDF
-Primer.
-10
-February
-2004.
-W3C
-Recommendation.
-URL:
-http://www.w3.org/TR/2004/REC-rdf-primer-20040210/
-</del>
-</a>
-</dd>
-</dl>
-</div>
-</div>
-</body>
-</html>
--- a/drafts/ED-webid-20100718/index.html Tue Jan 25 09:51:23 2011 -0500
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,541 +0,0 @@
-<?xml version='1.0' encoding='UTF-8'?>
-<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML+RDFa 1.0//EN' 'http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd'>
-<html dir="ltr" about="" property="dcterms:language" content="en" xmlns="http://www.w3.org/1999/xhtml" xmlns:dcterms='http://purl.org/dc/terms/' xmlns:bibo='http://purl.org/ontology/bibo/' xmlns:foaf='http://xmlns.com/foaf/0.1/' xmlns:xsd='http://www.w3.org/2001/XMLSchema#'>
-<head>
- <title>WebID 1.0</title>
- <meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
-
-<!--
- === NOTA BENE ===
- For the three scripts below, if your spec resides on dev.w3 you can check them
- out in the same tree and use relative links so that they'll work offline,
- -->
-
-<style type="text/css">
-code { font-family: monospace; }
-
-span.hilite { color: red; /* font-weight: bold */ }
-
-li p { margin-top: 0.3em;
- margin-bottom: 0.3em; }
-
-div.explanation { background-color: #ADD8E6;
- width: 80%;
- margin: 12px; padding: 8px; }
-div.explanation li { margin-top: 8px; }
-div.explanation dd { margin: 4px; }
-
-.adef {
- font-family: monospace;
- font-weight: bold;
- color: #ff4500 !important;
-}
-
-.aref {
- font-family: monospace;
- font-weight: bold;
- color: #ff4500 !important;
-}
-
-span.entity { color: red; }
-
-span.element { color: green; }
-</style>
-
-
-
-<!-- <script src='/ReSpec.js/js/respec.js' class='remove'></script> -->
-
-
- <link href="http://dev.w3.org/2009/dap/ReSpec.js/css/respec.css" rel="stylesheet" type="text/css" charset="utf-8" /><link href="http://www.w3.org/StyleSheets/TR/w3c-unofficial" rel="stylesheet" type="text/css" charset="utf-8" /></head><body style="display: inherit; "><div class="head"><p></p><h1 rel="dcterms:title" class="title" id="title">WebID 1.0</h1><h2 rel="bibo:subtitle" id="subtitle">Web Identification and Discovery</h2><h2 property="dcterms:issued" datatype="xsd:dateTime" content="2010-07-18T14:10:06+0000" id="unofficial-draft-18-july-2010">Unofficial Draft 18 July 2010</h2><dl><dt>Editor:</dt><dd rel="bibo:editor"><span typeof="foaf:Person"><span property="foaf:name">Manu Sporny</span>, <a rel="foaf:workplaceHomepage" href="http://blog.digitalbazaar.com/">Digital Bazaar, Inc.</a> <a rel="foaf:mbox" href="mailto:msporny@digitalbazaar.com">msporny@digitalbazaar.com</a> </span>
-</dd>
-<dt>Authors:</dt><dd><span><a content="Toby Inkster" href="http://tobyinkster.co.uk/">Toby Inkster</a></span>
-</dd>
-<dd><span><a content="Henry Story" href="http://bblfish.net/">Henry Story</a></span>
-</dd>
-<dd><span><a content="Bruno Harbulot" href="http://blog.distributedmatter.net/">Bruno Harbulot</a></span>
-</dd>
-<dd><span><a content="Reto Bachmann-Gmür" href="http://www.facebook.com/farewellutopia">Reto Bachmann-Gmür</a></span>
-</dd>
-</dl><p>This document is also available in this non-normative format: <a href="diff-20100711.html">Diff from previous Editors Draft</a>.</p><p class="copyright">This document is licensed under a <a class="subfoot" href="http://creativecommons.org/licenses/by/3.0/" rel="license">Creative Commons Attribution 3.0 License</a>.</p><hr></hr></div>
- <div id="abstract" class="introductory section" property="dcterms:abstract" datatype="" typeof="bibo:Chapter" about="#abstract"><h2>Abstract</h2>
-
-<p>Social networking, identity and privacy have been at the center of how we
-interact with the Web in the last decade. The explosion of social networking
-sites has brought the world closer together as well as created new points of
-pain regarding ease of use and the Web. Remembering login details, passwords,
-and sharing private information across the many websites and social groups
-that we are a part of has become more difficult and complicated than necessary.
-The Social Web is designed to ensure that control of identity and privacy
-settings is always simple and under one's control. WebID is a key enabler of the
-Social Web. This specification outlines a simple universal identification
-mechanism that is distributed, openly extensible, improves privacy, security
-and control over how one can identify themselves and control access to their
-information on the Web.
-</p>
-
-<div typeof="bibo:Chapter" about="#how-to-read-this-document" class="section">
-<h3 id="how-to-read-this-document">How to Read this Document</h3>
-
-<p>There are a number of concepts that are covered in this document that the
-reader may want to be aware of before continuing. General knowledge of
-<a href="http://en.wikipedia.org/wiki/Public_key_cryptography">public key cryptography</a>
-and RDF [<a class="bibref" rel="biblioentry" href="#bib-RDF-PRIMER">RDF-PRIMER</a>] and RDFa [<a class="bibref" rel="biblioentry" href="#bib-RDFA-CORE">RDFA-CORE</a>] is necessary to understand how
-to implement this specification. WebID uses a number of specific technologies
-like HTTP over TLS [<a class="bibref" rel="biblioentry" href="#bib-HTTP-TLS">HTTP-TLS</a>], X.509 certificates [<a class="bibref" rel="biblioentry" href="#bib-X509V3">X509V3</a>],
-RDF/XML [<a class="bibref" rel="biblioentry" href="#bib-RDF-SYNTAX-GRAMMAR">RDF-SYNTAX-GRAMMAR</a>] and XHTML+RDFa [<a class="bibref" rel="biblioentry" href="#bib-XHTML-RDFA">XHTML-RDFA</a>].</p>
-
-<p>A general <a href="#introduction">Introduction</a> is provided for all that
-would like to understand why this specification is necessary to simplify usage
-of the Web.</p>
-
-<p>The terms used throughout this specification are listed in the section
-titled <a href="#terminology">Terminology</a>.</p>
-
-<p>Developers that are interested in implementing this specification will be
-most interested in the sections titled
-<a href="#authentication-sequence">Authentication Sequence</a> and
-<a href="#authentication-sequence-details">Authentication Sequence Details</a>.
-
-</p></div>
-</div><div id="sotd" class="introductory section" typeof="bibo:Chapter" about="#sotd"><h2>Status of This Document</h2><p>This document is merely a public working draft of a potential specification. It has no official standing of any kind and does not represent the support or consensus of any standards organisation.</p>
-
-<!-- <p>This document has been reviewed by W3C Members, by software
-developers, and by other W3C groups and interested parties, and is
-endorsed by the Director as a W3C Recommendation. It is a stable
-document and may be used as reference material or cited from another
-document. W3C's role in making the Recommendation is to draw attention
-to the specification and to promote its widespread deployment. This
-enhances the functionality and interoperability of the Web.</p> -->
-
-
-The source code for this document is available via Github at the following
-URL: <a href="http://github.com/msporny/webid-spec">http://github.com/msporny/webid-spec</a>
-
-</div><div id="toc" typeof="bibo:Chapter" about="#toc" class="section"><h2 class="introductory">Table of Contents</h2><ul class="toc"><li class="tocline"><a href="#introduction" class="tocxref"><span class="secno">1. </span>Introduction</a><ul class="toc"><li class="tocline"><a href="#motivation" class="tocxref"><span class="secno">1.1 </span>Motivation</a></li><li class="tocline"><a href="#relation-to-openid" class="tocxref"><span class="secno">1.2 </span>Relation to OpenID</a></li><li class="tocline"><a href="#relation-to-oauth" class="tocxref"><span class="secno">1.3 </span>Relation to OAuth</a></li></ul></li><li class="tocline"><a href="#the-webid-protocol" class="tocxref"><span class="secno">2. </span>The WebID Protocol</a><ul class="toc"><li class="tocline"><a href="#terminology" class="tocxref"><span class="secno">2.1 </span>Terminology</a></li><li class="tocline"><a href="#authentication-sequence" class="tocxref"><span class="secno">2.2 </span>Authentication Sequence</a></li><li class="tocline"><a href="#authentication-sequence-details" class="tocxref"><span class="secno">2.3 </span>Authentication Sequence Details</a><ul class="toc"><li class="tocline"><a href="#initiating-a-tls-connection" class="tocxref"><span class="secno">2.3.1 </span>Initiating a TLS Connection</a></li><li class="tocline"><a href="#exchanging-the-identification-certificate" class="tocxref"><span class="secno">2.3.2 </span>Exchanging the Identification Certificate</a></li><li class="tocline"><a href="#processing-the-webid-profile" class="tocxref"><span class="secno">2.3.3 </span>Processing the WebID Profile</a></li><li class="tocline"><a href="#extracting-webid-url-details" class="tocxref"><span class="secno">2.3.4 </span>Extracting WebID URL Details</a></li><li class="tocline"><a href="#determining-access-privileges" class="tocxref"><span class="secno">2.3.5 </span>Determining Access Privileges</a></li></ul></li></ul></li><li class="tocline"><a href="#references" class="tocxref"><span class="secno">A. </span>References</a><ul class="toc"><li class="tocline"><a href="#normative-references" class="tocxref"><span class="secno">A.1 </span>Normative references</a></li><li class="tocline"><a href="#informative-references" class="tocxref"><span class="secno">A.2 </span>Informative references</a></li></ul></li></ul></div>
-
-
-
-<div class="informative section" id="introduction" typeof="bibo:Chapter" about="#introduction">
-
-<!-- OddPage -->
-<h2><span class="secno">1. </span>Introduction</h2><p><em>This section is non-normative.</em></p>
-
-<p>
-The WebID specification is designed to help alleviate the difficultly that
-remembering different logins, passwords and settings for websites has created.
-It is also designed to provide a universal and extensible mechanism to express
-public and private information about yourself. This section outlines the
-motivation behind the specification and the relationship to other similar
-specifications that are in active use today.
-</p>
-
-<div class="informative section" id="motivation" typeof="bibo:Chapter" about="#motivation">
-<h3><span class="secno">1.1 </span>Motivation</h3><p><em>This section is non-normative.</em></p>
-
-<p>
-It is a fundamental design criteria of the Web to enable individuals and
-organizations to control how they interact with the rest of society. This
-includes how one expresses their identity, public information and personal
-details to social networks, Web sites and services.
-</p>
-
-<p>
-Semantic Web vocabularies such as Friend-of-a-Friend (FOAF) permit distributed
-hyperlinked social networks to exist. This vocabulary, along with other
-vocabularies, allow one to add information and services protection to
-distributed social networks.
-</p>
-
-<p>
-One major criticism of open networks is that they seem to have no way of
-protecting the personal information distributed on the web or limiting
-access to resources. Few people are willing to make all their personal
-information public, many would like large pieces to be protected, making
-it available only to a select group of agents. Giving access to
-information is very similar to giving access to services. There are many
-occasions when people would like services to only be accessible to
-members of a group, such as allowing only friends, family members,
-colleagues to post an article, photo or comment on a blog. How does one do
-this in a flexible way, without requiring a central point of
-access control?
-</p>
-
-<p>
-Using an process made popular by OpenID, we show how one can tie a User
-Agent to a URL by proving that one has write access to the URL. WebID is
-a simpler alternative to OpenID (fewer connections), that uses X.509
-certificates to tie a User Agent (Browser) to a Person identified via a URL.
-WebID also provides a few additional features to OpenID. These
-features include trust management, via digital signatures, and free-form
-extensibility via RDFa. By using the existing SSL certificate exchange
-mechanism, WebID integrates more smoothly with existing Web browsers, including
-browsers on mobile devices. WebID also permits automated session login
-in addition to interactive session login. Additionally, all data is encrypted
-and guaranteed to only be received by the person or organization that was
-intended to receive it.
-</p>
-
-</div>
-
-<div class="informative section" id="relation-to-openid" typeof="bibo:Chapter" about="#relation-to-openid">
-<h3><span class="secno">1.2 </span>Relation to OpenID</h3><p><em>This section is non-normative.</em></p>
-
-<p class="issue">This section needs to be re-written. The flow and grammar
-leaves much to be desired. -- manu</p>
-
-<p>WebID is compatible with OpenID. Both protocols use a URL that dereferences
-to a Personal Profile Document. This Personal Profile Document is where further
-information about an identity can be discovered. This mechanism is compatible
-with both WebID and OpenID. Therefore, WebID does not intend to replace OpenID,
-but can work beside OpenID by sharing the content in the Personal Profile
-Document.</p>
-
-<p>That said, there are a number of benefits that WebID achieves over OpenID:
-</p>
-
-<p>WebID gives people and other agents a WebID URL for identification. OpenID
-also provides a URL to a Personal Profile Document. However, in the case of
-WebID, one does not need to remember the URL since the User Agent remembers
-the URL on behalf of the person browsing. To log in on a WebID web site there
-is no need to enter any identifier like one has to do for OpenID. Just one click
-tells the browser to send the WebID URL. The person that is browsing does
-not need to remember either their WebID URL or the website password. The only
-password one may need to remember is the one that is used to access their
-collection of WebIDs in their browser, and that's only if they opt-in to
-password protect their WebIDs.
-</p>
-
-<p>WebID gives people and other agents a Web ID URL for identification. OpenID
-also provides a URL to a Personal Profile Document. However, in the case of
-WebID, the user does not need to remember the URL, the browser or User Agent
-does. A login button on a WebID web site is just a button. No need to enter any
-identifier like one has to for OpenID. Just click the button. Your browser will
-then ask you what identity you wish to use. The person that is browsing does
-not need to remember either the WebID URL or the website password. The only
-password one needs to remember is the one that is used to access their
-collection of WebIDs in their browser.</p>
-
-<p>The WebID protocol requires just one direct network connection to establish
-identity via the client. The server requires one connection to the client and
-one connection to retrieve the WebID Profile if it does not have the credential
-information cached. Compare this to the much more complex OpenID sequence, which
-requires six connections by the client to establish a login. In a world of
-distributed data where each site can point to data on any other site, multiple
-connections become costly to manage.</p>
-
-<p>WebID builds on a number of well established Internet and Web standards;
-<a href="http://en.wikipedia.org/wiki/REST">REST</a>,
-RDF [<a class="bibref" rel="biblioentry" href="#bib-RDF-PRIMER">RDF-PRIMER</a>], RDFa [<a class="bibref" rel="biblioentry" href="#bib-RDFA-CORE">RDFA-CORE</a>], RDF/XML [<a class="bibref" rel="biblioentry" href="#bib-RDF-SYNTAX-GRAMMAR">RDF-SYNTAX-GRAMMAR</a>],
-TLS [<a class="bibref" rel="biblioentry" href="#bib-HTTP-TLS">HTTP-TLS</a>], and X.509 [<a class="bibref" rel="biblioentry" href="#bib-X509V3">X509V3</a>]. By building on previous standards,
-it makes both explaining and implementing WebID easier on developers.</p>
-
-<p>Since WebID is RESTful, you can perform basic HTTP operations to
-<code>GET</code> your WebID, and if you needed update it, you can use
-HTTP <code>PUT</code> semantics. You can also create a WebID via
-<code>POST</code>. This is improved from the OpenID specification, which
-requires a new set of operations described in the OpenID Attribute Exchange
-specification.</p>
-
-<p>WebID is built on RDF and thus enables all of the advanced semantic web
-concepts that RDF enables. For example, a developer may perform machine
-reasoning with a WebID. One can construct machine-executable statements like
-"If this WebID claims to be a friend of one of our partner WebIDs that is
-trusted and the relationship is bi-directional, trust the WebID."
-While OpenID attempts to support this use case by mapping OpenID to RDF, it's
-far easier to do with WebID because WebID is natively RDF-aware.</p>
-
-<p>It is easy to extend a WebID with new attributes via RDF. The power of
-RDF allows developers to add extensions to WebID by defining new
-vocabularies that they publish. There is no authorization process necessary
-and thus WebID allows for distributed innovation. Every WebID property is
-a URI, which when clicked, can give you yet more information about what the
-property means. A developer can create new usage classes by extending their
-vocabulary at will. A developer can add relationships to a WebID by simply
-adding more HTML to the developer's page. OpenID does not provide any type of
-distributed innovation akin to RDF.</p>
-
-<p>Implementing WebID is easier than OpenID because all of the basic
-technologies have been working and integrated into Web browsers for many years.
-There were already three interoperable implementations of WebID before this
-specification was written.</p>
-
-<p>WebID is truly decentralized - with WebID you get a web of trust.
-OpenID only supports the Web of Trust model if you indirectly trust the
-OpenID provider. In other words - OpenID is not truly decentralized. In OpenID
-you must trust OpenID providers. With WebID you only have to trust the people
-and the organizations with which you are communicating. In other words, you
-don't have to ask anyone whether or not you can trust your friends. You can
-query people that you trust directly to see if someone is trustworthy or not.
-There is no need for a central WebID authority.
-</p>
-
-<p>WebID is fully distributed, anyone can setup a WebID by placing a single
-file on a web server of their choosing. There is no need for a special
-OpenID-like provider service. The only thing anyone that wants a WebID needs
-is a web account where you can post your WebID file, ideally on your own domain
-name. You can also use a WebID hosting provider, but it's not necessary for
-WebID to work. While it is possible to run an OpenID server, other
-OpenID applications may not trust you and thus you won't be able to fully
-utilize your private OpenID credentials. The reason that there are a few
-large OpenID providers and very few small OpenID providers is because of this
-trust design issue related to OpenID.</p>
-
-<p>WebID does not require HTTP redirects. Redirects are problematic on many
-cell phones, because telecoms heavily rely on proxys, which selectively block
-redirects.</p>
-
-<p>A WebID provider is 100% compatible with an OpenID provider and thus can
-inter-operate with OpenID-powered networks.</p>
-
-</div>
-
-<div class="informative section" id="relation-to-oauth" typeof="bibo:Chapter" about="#relation-to-oauth">
-<h3><span class="secno">1.3 </span>Relation to OAuth</h3><p><em>This section is non-normative.</em></p>
-
-<p>
-OAuth and WebID are mutually beneficial when used together. WebID can be
-used to provide RSA parameters to the RSA-SHA1 signature method required by
-OAuth 1.0. WebID can also be used to establish the consumer_key and HTTPS
-connection that will be used to transmit OAuth Tokens in OAuth 2.0.
-</p>
-
-</div>
-</div>
-
-<div class="normative section" id="the-webid-protocol" typeof="bibo:Chapter" about="#the-webid-protocol">
-
-<!-- OddPage -->
-<h2><span class="secno">2. </span>The WebID Protocol</h2>
-
-<div class="normative section" id="terminology" typeof="bibo:Chapter" about="#terminology">
-<h3><span class="secno">2.1 </span>Terminology</h3>
-
-<dl>
-
-<dt><dfn title="Verification_Agent" id="dfn-verification_agent">Verification Agent</dfn></dt>
-<dd>Performs authentication on provided WebID credentials and determines if
-an <a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent">Identification Agent</a> can have access to a particular
-resource. A <a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">Verification Agent</a> is typically a Web server, but
-may also be a peer on a peer-to-peer network.</dd>
-
-<dt><dfn title="Identification_Agent" id="dfn-identification_agent">Identification Agent</dfn></dt>
-<dd>Provides identification credentials to a Verification Agent. The
-<a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent">Identification Agent</a> is typically also a User Agent.</dd>
-
-<dt><dfn title="Identification_Certificate" id="dfn-identification_certificate">Identification Certificate</dfn></dt>
-<dd>An X.509 [<a class="bibref" rel="biblioentry" href="#bib-X509V3">X509V3</a>] Certificate that <em class="rfc2119" title="must">must</em> contain a
-<code>Subject Alternative Name</code> extension with a URI entry. The URI
-<em class="rfc2119" title="should">should</em> be a URL, and <em class="rfc2119" title="should not">should not</em> be a URN. The URL
-identifies the <a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent">Identification Agent</a>. The URL <em class="rfc2119" title="must">must</em> be
-dereference-able and result in a document containing RDF data. For example,
-the certificate would contain <code>http://example.org/webid#public</code>,
-known as a <a class="tref internalDFN" title="WebID_URL" href="#dfn-webid_url">WebID URL</a>, as the <code>Subject Alternative Name</code>:
-<code><pre>
-X509v3 extensions:
- ...
- X509v3 Subject Alternative Name:
- URI:http://example.org/webid#public
-</pre></code>
-
-</dd><dt><dfn title="WebID_URL" id="dfn-webid_url">WebID URL</dfn></dt>
-<dd>A URL specified via the <code>Subject Alternative Name</code> extension
-of the <a class="tref internalDFN" title="Identification_Certificate" href="#dfn-identification_certificate">Identification Certificate</a> that identifies an
-<a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent">Identification Agent</a>.</dd>
-
-<dt><dfn title="public_key" id="dfn-public_key">public key</dfn></dt>
-<dd>A widely distributed crytographic key that can be used to verify
-digital signatures and encrypt data between a sender and a receiver. A public
-key is always included in an <a class="tref internalDFN" title="Identification_Certificate" href="#dfn-identification_certificate">Identification Certificate</a></dd>
-
-<dt><dfn title="WebID_Profile" id="dfn-webid_profile">WebID Profile</dfn></dt>
-<dd>
-A structured document that contains identification credentials for the
-<a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent">Identification Agent</a> expressed using the Resource Description
-Framework [<a class="bibref" rel="biblioentry" href="#bib-RDF-CONCEPTS">RDF-CONCEPTS</a>]. Either the XHTML+RDFa 1.1 [<a class="bibref" rel="biblioentry" href="#bib-XHTML-RDFA">XHTML-RDFA</a>]
-serialization format or the RDF/XML [<a class="bibref" rel="biblioentry" href="#bib-RDF-SYNTAX-GRAMMAR">RDF-SYNTAX-GRAMMAR</a>] serialization
-format <em class="rfc2119" title="must">must</em> be supported by the mechanism, e.g. a Web Service, providing the
-WebID Profile document. Alternate RDF serialization
-formats, such as N3 [<a class="bibref" rel="biblioentry" href="#bib-N3">N3</a>] or Turtle [<a class="bibref" rel="biblioentry" href="#bib-TURTLE">TURTLE</a>], <em class="rfc2119" title="may">may</em> be supported by the
-mechanism providing the WebID Profile document.
-</dd>
-
-</dl>
-
-<p class="issue">Whether or not RDF/XML, XHTML+RDFa 1.1, both or neither
-serialization of RDF should be required serialization formats in the
-specification is currently under heavy debate.</p>
-
-</div>
-
-<div class="normative section" id="authentication-sequence" typeof="bibo:Chapter" about="#authentication-sequence">
-<h3><span class="secno">2.2 </span>Authentication Sequence</h3>
-
-<p>The following steps are executed by Verification Agents and Identification
-Agents to determine if access should be granted to a particular resource.
-</p>
-
-<ol>
-<li>The <a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent">Identification Agent</a> attempts to access a resource
-using HTTP over TLS [<a class="bibref" rel="biblioentry" href="#bib-HTTP-TLS">HTTP-TLS</a>] via the <a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">Verification Agent</a>.</li>
-
-<li>The <a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">Verification Agent</a> <em class="rfc2119" title="must">must</em> request the
-<a class="tref internalDFN" title="Identification_Certificate" href="#dfn-identification_certificate">Identification Certificate</a> of the <a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent">Identification Agent</a>
-as a part of the TLS client-cerificate retrieval protocol.</li>
-
-<li>The <a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">Verification Agent</a> <em class="rfc2119" title="must">must</em> extract the <a class="tref internalDFN" title="public_key" href="#dfn-public_key">public key</a> and the
-<a class="tref internalDFN" title="WebID_URL" href="#dfn-webid_url">WebID URL</a> contained in the <code>Subject Alternative Name</code>
-extension of the <a class="tref internalDFN" title="Identification_Certificate" href="#dfn-identification_certificate">Identification Certificate</a>.</li>
-
-<li>The <a class="tref internalDFN" title="public_key" href="#dfn-public_key">public key</a> information associated with the <a class="tref internalDFN" title="WebID_URL" href="#dfn-webid_url">WebID URL</a> <em class="rfc2119" title="must">must</em>
-be verified by the <a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">Verification Agent</a>. This <em class="rfc2119" title="must">must</em> be performed
-by validating the <a class="tref internalDFN" title="public_key" href="#dfn-public_key">public key</a> associated with the <a class="tref internalDFN" title="WebID_URL" href="#dfn-webid_url">WebID URL</a>. This
-process <em class="rfc2119" title="should">should</em> occur either by dereferencing the <a class="tref internalDFN" title="WebID_URL" href="#dfn-webid_url">WebID URL</a> and
-extracting RDF data from the resulting document, or by utilizing a cached
-version of the RDF data contained in the document or other data source that is
-up-to-date and trusted by the <a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">Verification Agent</a>. The processing
-and extraction mechanism is further detailed in the sections titled
-<a href="#processing-the-webid-profile">Processing the WebID Profile</a> and
-<a href="#extracting-webid-url-details">Extracting WebID URL Details</a>.
-</li>
-
-<li>If the <a class="tref internalDFN" title="public_key" href="#dfn-public_key">public key</a> in the <a class="tref internalDFN" title="Identification_Certificate" href="#dfn-identification_certificate">Identification Certificate</a> is found
-in the list of <a class="tref internalDFN" title="public_key" href="#dfn-public_key">public key</a>s associated with the <a class="tref internalDFN" title="WebID_URL" href="#dfn-webid_url">WebID URL</a>, the
-<a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">Verification Agent</a> <em class="rfc2119" title="must">must</em> assume that the client has write access to
-the <a class="tref internalDFN" title="WebID_Profile" href="#dfn-webid_profile">WebID Profile</a> and therefore owns the document.</li>
-
-<li>If the <a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">Verification Agent</a> has verified that the
-<a class="tref internalDFN" title="WebID_Profile" href="#dfn-webid_profile">WebID Profile</a> is owned by the <a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent">Identification Agent</a>, the
-<a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">Verification Agent</a> <em class="rfc2119" title="must">must</em> use the verified <a class="tref internalDFN" title="public_key" href="#dfn-public_key">public key</a> contained
-in the <a class="tref internalDFN" title="Identification_Certificate" href="#dfn-identification_certificate">Identification Certificate</a> for all TLS-based communication
-with the <a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent">Identification Agent</a>.
-</li></ol>
-
-<p>
-The <a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent">Identification Agent</a> <em class="rfc2119" title="may">may</em> re-establish a different identity at
-any time by executing all of the steps in the Authentication Sequence again.
-Additional algorithms, detailed in the next section, <em class="rfc2119" title="may">may</em> be performed to
-determine if the <a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">Verification Agent</a> can access a particular
-resource after the last step of the Authentication Sequence has been
-completed.
-</p>
-
-</div>
-
-<div class="normative section" id="authentication-sequence-details" typeof="bibo:Chapter" about="#authentication-sequence-details">
-<h3><span class="secno">2.3 </span>Authentication Sequence Details</h3>
-
-<p>This section covers details about each step in the authentication process.
-</p>
-
-<div class="normative section" id="initiating-a-tls-connection" typeof="bibo:Chapter" about="#initiating-a-tls-connection">
-<h4><span class="secno">2.3.1 </span>Initiating a TLS Connection</h4>
-
-<p class="issue">This section will detail how the TLS connection process is
-started and used by WebID to create a secure channel between the
-Identification Agent and the Verification Agent.</p>
-</div>
-
-<div class="normative section" id="exchanging-the-identification-certificate" typeof="bibo:Chapter" about="#exchanging-the-identification-certificate">
-<h4><span class="secno">2.3.2 </span>Exchanging the Identification Certificate</h4>
-
-<p class="issue">This section will detail how the certificate is selected and
-sent to the Verification Agent.</p>
-</div>
-
-<div class="normative section" id="processing-the-webid-profile" typeof="bibo:Chapter" about="#processing-the-webid-profile">
-<h4><span class="secno">2.3.3 </span>Processing the WebID Profile</h4>
-
-<p>A Verification Agent <em class="rfc2119" title="must">must</em> be able to process documents in RDF/XML
-[<a class="bibref" rel="biblioentry" href="#bib-RDF-SYNTAX-GRAMMAR">RDF-SYNTAX-GRAMMAR</a>] and XHTML+RDFa [<a class="bibref" rel="biblioentry" href="#bib-XHTML-RDFA">XHTML-RDFA</a>]. A server responding to
-a WebID Profile request <em class="rfc2119" title="should">should</em> support HTTP content negotiation. The server
-<em class="rfc2119" title="must">must</em> return a representation in RDF/XML for media type
-<code>application/rdf+xml</code>.
-The server <em class="rfc2119" title="must">must</em> return a representation in XHTML+RDFa for media type
-<code>text/html</code> or media type
-<code>application/xhtml+xml</code>. <a class="tref" title="Verification_Agents">Verification Agents</a> and
-<a class="tref" title="Identification_Agents">Identification Agents</a> <em class="rfc2119" title="may">may</em> support any other RDF format via
-HTTP content negotiation.
-</p>
-
-<p class="issue">This section will explain how a Verification Agent extracts
-semantic data describing the identification credentials from a WebID Profile.</p>
-</div>
-
-<div class="normative section" id="extracting-webid-url-details" typeof="bibo:Chapter" about="#extracting-webid-url-details">
-<h4><span class="secno">2.3.4 </span>Extracting WebID URL Details</h4>
-
-<p>
-The <a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">Verification Agent</a> may use a number of different methods to
-extract the <a class="tref internalDFN" title="public_key" href="#dfn-public_key">public key</a> information from the <a class="tref internalDFN" title="WebID_Profile" href="#dfn-webid_profile">WebID Profile</a>.
-</p>
-The following SPARQL query outlines one way in which the <a class="tref internalDFN" title="public_key" href="#dfn-public_key">public key</a>
-could be extracted from the <a class="tref internalDFN" title="WebID_Profile" href="#dfn-webid_profile">WebID Profile</a>:
-<code><pre>
-PREFIX cert: <http://www.w3.org/ns/auth/cert#>
-PREFIX rsa: <http://www.w3.org/ns/auth/rsa#>
-SELECT ?modulus ?exp
-WHERE {
- ?key cert:identity <http://example.org/webid#public>;
- a rsa:RSAPublicKey;
- rsa:modulus [ cert:hex ?modulus; ];
- rsa:public_exponent [ cert:decimal ?exp ] .
-}
-</pre></code>
-
-<p class="issue">This section still needs more information.</p>
-
-</div>
-
-<div class="normative section" id="determining-access-privileges" typeof="bibo:Chapter" about="#determining-access-privileges">
-<h4><span class="secno">2.3.5 </span>Determining Access Privileges</h4>
-
-<p class="issue">This section will explain how a Verification Agent may
-use the information discovered via a WebID URL to determine if one should
-be able to access a particular resource. It will explain how a Verification
-Agent can use links to other RDFa documents to build knowledge about the
-given WebID.</p>
-
-</div>
-
-</div>
-
-<div id="appendix" typeof="bibo:Chapter" about="#appendix" class="section">
-
-<div class="informative section" id="history" typeof="bibo:Chapter" about="#history">
-<h4>Change History</h4><p><em>This section is non-normative.</em></p>
-<p>2010-07-11 Initial version.</p>
-</div>
-
-<div class="informative section" id="acknowledgements" typeof="bibo:Chapter" about="#acknowledgements">
-<h4>Acknowledgments</h4><p><em>This section is non-normative.</em></p>
-
-<p>The following people have been instrumental in providing thoughts, feedback,
-reviews, criticism and input in the creation of this specification:</p>
-
-<ul>
-<li>Melvin Carvalho</li>
-<li>Bruno Harbulot</li>
-<li>Toby Inkster</li>
-<li>Ian Jacobi</li>
-<li>Jeff Sayre</li>
-<li>Henry Story</li>
-</ul>
-
-</div>
-</div>
-
-
-
-</div><div id="references" class="appendix section" typeof="bibo:Chapter" about="#references">
-<!-- OddPage -->
-<h2><span class="secno">A. </span>References</h2><div id="normative-references" typeof="bibo:Chapter" about="#normative-references" class="section"><h3><span class="secno">A.1 </span>Normative references</h3><dl class="bibliography" about=""><dt id="bib-HTTP-TLS">[HTTP-TLS]</dt><dd rel="dcterms:requires">E. Rescorla. <a href="http://www.ietf.org/rfc/rfc2818.txt"><cite>HTTP Over TLS.</cite></a> May 2000. Internet RFC 2818. URL: <a href="http://www.ietf.org/rfc/rfc2818.txt">http://www.ietf.org/rfc/rfc2818.txt</a>
-</dd><dt id="bib-N3">[N3]</dt><dd rel="dcterms:requires">Tim Berners-Lee; Dan Connolly. <a href="http://www.w3.org/TeamSubmission/2008/SUBM-n3-20080114/"><cite>Notation3 (N3): A readable RDF syntax.</cite></a> 14 January 2008. W3C Team Submission. URL: <a href="http://www.w3.org/TeamSubmission/2008/SUBM-n3-20080114/">http://www.w3.org/TeamSubmission/2008/SUBM-n3-20080114/</a>
-</dd><dt id="bib-RDF-PRIMER">[RDF-PRIMER]</dt><dd rel="dcterms:requires">Frank Manola; Eric Miller. <a href="http://www.w3.org/TR/2004/REC-rdf-primer-20040210/"><cite>RDF Primer.</cite></a> 10 February 2004. W3C Recommendation. URL: <a href="http://www.w3.org/TR/2004/REC-rdf-primer-20040210/">http://www.w3.org/TR/2004/REC-rdf-primer-20040210/</a>
-</dd><dt id="bib-RDF-SYNTAX-GRAMMAR">[RDF-SYNTAX-GRAMMAR]</dt><dd rel="dcterms:requires">Dave Beckett. <a href="http://www.w3.org/TR/2004/REC-rdf-syntax-grammar-20040210"><cite>RDF/XML Syntax Specification (Revised).</cite></a> 10 February 2004. W3C Recommendation. URL: <a href="http://www.w3.org/TR/2004/REC-rdf-syntax-grammar-20040210">http://www.w3.org/TR/2004/REC-rdf-syntax-grammar-20040210</a>
-</dd><dt id="bib-RDFA-CORE">[RDFA-CORE]</dt><dd rel="dcterms:requires">Shane McCarron; et al. <a href="http://www.w3.org/TR/2010/WD-rdfa-core-20100422"><cite>RDFa Core 1.1: Syntax and processing rules for embedding RDF through attributes.</cite></a>22 April 2010. W3C Working Draft. URL: <a href="http://www.w3.org/TR/2010/WD-rdfa-core-20100422">http://www.w3.org/TR/2010/WD-rdfa-core-20100422</a>
-</dd><dt id="bib-TURTLE">[TURTLE]</dt><dd rel="dcterms:requires">David Beckett, Tim Berners-Lee. <a href="http://www.w3.org/TeamSubmission/turtle/">Turtle: Terse RDF Triple Language</a> January 2008. W3C Team Submission. URL: <a href="http://www.w3.org/TeamSubmission/turtle/">http://www.w3.org/TeamSubmission/turtle/</a>
-</dd><dt id="bib-X509V3">[X509V3]</dt><dd rel="dcterms:requires"><cite>ITU-T Recommendation X.509 version 3 (1997). "Information Technology - Open Systems Interconnection - The Directory Authentication Framework" ISO/IEC 9594-8:1997</cite>.
-</dd><dt id="bib-XHTML-RDFA">[XHTML-RDFA]</dt><dd rel="dcterms:requires">Shane McCarron; et. al. <a href="http://www.w3.org/TR/2010/WD-xhtml-rdfa-20100422"><cite>XHTML+RDFa 1.1.</cite></a> 22 April 2010. W3C Working Draft. URL: <a href="http://www.w3.org/TR/2010/WD-xhtml-rdfa-20100422">http://www.w3.org/TR/WD-xhtml-rdfa-20100422</a>
-</dd></dl></div><div id="informative-references" typeof="bibo:Chapter" about="#informative-references" class="section"><h3><span class="secno">A.2 </span>Informative references</h3><dl class="bibliography" about=""><dt id="bib-RDF-CONCEPTS">[RDF-CONCEPTS]</dt><dd rel="dcterms:references">Graham Klyne; Jeremy J. Carroll. <a href="http://www.w3.org/TR/2004/REC-rdf-concepts-20040210"><cite>Resource Description Framework (RDF): Concepts and Abstract Syntax.</cite></a> 10 February 2004. W3C Recommendation. URL: <a href="http://www.w3.org/TR/2004/REC-rdf-concepts-20040210">http://www.w3.org/TR/2004/REC-rdf-concepts-20040210</a>
-</dd></dl></div></div></body></html>
--- a/drafts/ED-webid-20100725/diff-20100718.html Tue Jan 25 09:51:23 2011 -0500
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,4531 +0,0 @@
-<?xml version='1.0' encoding='UTF-8'?>
-<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML+RDFa 1.0//EN' 'http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd'>
-<html dir="ltr" about="" property="dcterms:language" content="en" xmlns="http://www.w3.org/1999/xhtml" xmlns:dcterms='http://purl.org/dc/terms/' xmlns:bibo='http://purl.org/ontology/bibo/' xmlns:foaf='http://xmlns.com/foaf/0.1/' xmlns:xsd='http://www.w3.org/2001/XMLSchema#'>
-<head>
- <title>WebID 1.0</title>
- <meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
-
-<!--
- === NOTA BENE ===
- For the three scripts below, if your spec resides on dev.w3 you can check them
- out in the same tree and use relative links so that they'll work offline,
- -->
-
-<style type="text/css">
-code { font-family: monospace; }
-
-span.hilite { color: red; /* font-weight: bold */ }
-
-li p { margin-top: 0.3em;
- margin-bottom: 0.3em; }
-
-div.explanation { background-color: #ADD8E6;
- width: 80%;
- margin: 12px; padding: 8px; }
-div.explanation li { margin-top: 8px; }
-div.explanation dd { margin: 4px; }
-
-.adef {
- font-family: monospace;
- font-weight: bold;
- color: #ff4500 !important;
-}
-
-.aref {
- font-family: monospace;
- font-weight: bold;
- color: #ff4500 !important;
-}
-
-span.entity { color: red; }
-
-span.element { color: green; }
-</style>
-
-
-
-<!-- <script src='/ReSpec.js/js/respec.js' class='remove'></script> -->
-
-
- <link href="http://dev.w3.org/2009/dap/ReSpec.js/css/respec.css" rel="stylesheet" type="text/css" charset="utf-8" /><link href="http://www.w3.org/StyleSheets/TR/w3c-unofficial" rel="stylesheet" type="text/css" charset="utf-8" /><style type='text/css'>
-.diff-old-a {
- font-size: smaller;
- color: red;
-}
-
-.diff-new { background-color: yellow; }
-.diff-chg { background-color: lime; }
-.diff-new:before,
-.diff-new:after
- { content: "\2191" }
-.diff-chg:before, .diff-chg:after
- { content: "\2195" }
-.diff-old { text-decoration: line-through; background-color: #FBB; }
-.diff-old:before,
-.diff-old:after
- { content: "\2193" }
-:focus { border: thin red solid}
-</style>
-</head>
-<body style="display: inherit; ">
-<div class="head">
-<p>
-</p>
-<h1 rel="dcterms:title" class="title" id="title">
-WebID
-1.0
-</h1>
-<h2 rel="bibo:subtitle" id="subtitle">
-Web
-Identification
-and
-Discovery
-</h2>
-<h2 property="dcterms:issued" datatype="xsd:dateTime" content="2010-07-25T22:59:59+0000" id="unofficial-draft-25-july-2010">
-Unofficial
-Draft
-<del class="diff-old">18
-</del>
-<ins class="diff-chg">25
-</ins>
-July
-2010
-</h2>
-<dl>
-<dt>
-Editor:
-</dt>
-<dd rel="bibo:editor">
-<span typeof="foaf:Person">
-<span property="foaf:name">
-Manu
-Sporny
-</span>,
-<a rel="foaf:workplaceHomepage" href="http://blog.digitalbazaar.com/">
-Digital
-Bazaar,
-Inc.
-</a>
-<a rel="foaf:mbox" href="mailto:msporny@digitalbazaar.com">
-msporny@digitalbazaar.com
-</a>
-</span>
-</dd>
-<dt>
-Authors:
-</dt>
-<dd>
-<span>
-<a content="Toby Inkster" href="http://tobyinkster.co.uk/">
-Toby
-Inkster
-</a>
-</span>
-</dd>
-<dd>
-<span>
-<a content="Henry Story" href="http://bblfish.net/">
-Henry
-Story
-</a>
-</span>
-</dd>
-<dd>
-<span>
-<a content="Bruno Harbulot" href="http://blog.distributedmatter.net/">
-Bruno
-Harbulot
-</a>
-</span>
-</dd>
-<dd>
-<span>
-<a content="Reto Bachmann-Gmür" href="http://www.facebook.com/farewellutopia">
-Reto
-Bachmann-Gmür
-</a>
-</span>
-</dd>
-</dl>
-<p>
-This
-document
-is
-also
-available
-in
-this
-non-normative
-format:
-<a href="diff-20100711.html">
-Diff
-from
-previous
-Editors
-Draft
-</a>.
-</p>
-<p class="copyright">
-This
-document
-is
-licensed
-under
-a
-<a class="subfoot" href="http://creativecommons.org/licenses/by/3.0/" rel="license">
-Creative
-Commons
-Attribution
-3.0
-License
-</a>.
-</p>
-<hr>
-</hr>
-</div>
-<div id="abstract" class="introductory section" property="dcterms:abstract" datatype="" typeof="bibo:Chapter" about="#abstract">
-<h2>
-Abstract
-</h2>
-<p>
-Social
-networking,
-identity
-and
-privacy
-have
-been
-at
-the
-center
-of
-how
-we
-interact
-with
-the
-Web
-in
-the
-last
-decade.
-The
-explosion
-of
-social
-networking
-sites
-has
-brought
-the
-world
-closer
-together
-as
-well
-as
-created
-new
-points
-of
-pain
-regarding
-ease
-of
-use
-and
-the
-Web.
-Remembering
-login
-details,
-passwords,
-and
-sharing
-private
-information
-across
-the
-many
-websites
-and
-social
-groups
-that
-we
-are
-a
-part
-of
-has
-become
-more
-difficult
-and
-complicated
-than
-necessary.
-The
-Social
-Web
-is
-designed
-to
-ensure
-that
-control
-of
-identity
-and
-privacy
-settings
-is
-always
-simple
-and
-under
-one's
-control.
-WebID
-is
-a
-key
-enabler
-of
-the
-Social
-Web.
-This
-specification
-outlines
-a
-simple
-universal
-identification
-mechanism
-that
-is
-distributed,
-openly
-extensible,
-improves
-privacy,
-security
-and
-control
-over
-how
-one
-can
-identify
-themselves
-and
-control
-access
-to
-their
-information
-on
-the
-Web.
-</p>
-<div typeof="bibo:Chapter" about="#how-to-read-this-document" class="section">
-<h3 id="how-to-read-this-document">
-How
-to
-Read
-this
-Document
-</h3>
-<p>
-There
-are
-a
-number
-of
-concepts
-that
-are
-covered
-in
-this
-document
-that
-the
-reader
-may
-want
-to
-be
-aware
-of
-before
-continuing.
-General
-knowledge
-of
-<a href="http://en.wikipedia.org/wiki/Public_key_cryptography">
-public
-key
-cryptography
-</a>
-and
-RDF
-[
-<a class="bibref" rel="biblioentry" href="#bib-RDF-PRIMER">
-RDF-PRIMER
-</a>
-]
-and
-RDFa
-[
-<a class="bibref" rel="biblioentry" href="#bib-RDFA-CORE">
-RDFA-CORE
-</a>
-]
-is
-necessary
-to
-understand
-how
-to
-implement
-this
-specification.
-WebID
-uses
-a
-number
-of
-specific
-technologies
-like
-HTTP
-over
-TLS
-[
-<a class="bibref" rel="biblioentry" href="#bib-HTTP-TLS">
-HTTP-TLS
-</a>
-],
-X.509
-certificates
-[
-<a class="bibref" rel="biblioentry" href="#bib-X509V3">
-X509V3
-</a>
-],
-RDF/XML
-[
-<a class="bibref" rel="biblioentry" href="#bib-RDF-SYNTAX-GRAMMAR">
-RDF-SYNTAX-GRAMMAR
-</a>
-]
-and
-XHTML+RDFa
-[
-<a class="bibref" rel="biblioentry" href="#bib-XHTML-RDFA">
-XHTML-RDFA
-</a>
-].
-</p>
-<p>
-A
-general
-<a href="#introduction">
-Introduction
-</a>
-is
-provided
-for
-all
-that
-would
-like
-to
-understand
-why
-this
-specification
-is
-necessary
-to
-simplify
-usage
-of
-the
-Web.
-</p>
-<p>
-The
-terms
-used
-throughout
-this
-specification
-are
-listed
-in
-the
-section
-titled
-<a href="#terminology">
-Terminology
-</a>.
-</p>
-<p>
-Developers
-that
-are
-interested
-in
-implementing
-this
-specification
-will
-be
-most
-interested
-in
-the
-sections
-titled
-<a href="#authentication-sequence">
-Authentication
-Sequence
-</a>
-and
-<a href="#authentication-sequence-details">
-Authentication
-Sequence
-Details
-</a>.
-</p>
-</div>
-</div>
-<div id="sotd" class="introductory section" typeof="bibo:Chapter" about="#sotd">
-<h2>
-Status
-of
-This
-Document
-</h2>
-<p>
-This
-document
-is
-merely
-a
-public
-working
-draft
-of
-a
-potential
-specification.
-It
-has
-no
-official
-standing
-of
-any
-kind
-and
-does
-not
-represent
-the
-support
-or
-consensus
-of
-any
-standards
-organisation.
-</p>
-The
-source
-code
-for
-this
-document
-is
-available
-via
-Github
-at
-the
-following
-URL:
-<a href="http://github.com/msporny/webid-spec">
-http://github.com/msporny/webid-spec
-</a>
-</div>
-<div id="toc" typeof="bibo:Chapter" about="#toc" class="section">
-<h2 class="introductory">
-Table
-of
-Contents
-</h2>
-<ul class="toc">
-<li class="tocline">
-<a href="#introduction" class="tocxref">
-<span class="secno">
-1.
-</span>
-Introduction
-</a>
-<ul class="toc">
-<li class="tocline">
-<a href="#motivation" class="tocxref">
-<span class="secno">
-1.1
-</span>
-Motivation
-</a>
-</li>
-<li class="tocline">
-<a href="#relation-to-openid" class="tocxref">
-<span class="secno">
-1.2
-</span>
-Relation
-to
-OpenID
-</a>
-</li>
-<li class="tocline">
-<a href="#relation-to-oauth" class="tocxref">
-<span class="secno">
-1.3
-</span>
-Relation
-to
-OAuth
-</a>
-</li>
-</ul>
-</li>
-<li class="tocline">
-<a href="#the-webid-protocol" class="tocxref">
-<span class="secno">
-2.
-</span>
-The
-WebID
-Protocol
-</a>
-<ul class="toc">
-<li class="tocline">
-<a href="#terminology" class="tocxref">
-<span class="secno">
-2.1
-</span>
-Terminology
-</a>
-</li>
-<li class="tocline">
-<a href="#authentication-sequence" class="tocxref">
-<span class="secno">
-2.2
-</span>
-Authentication
-Sequence
-</a>
-</li>
-<li class="tocline">
-<a href="#authentication-sequence-details" class="tocxref">
-<span class="secno">
-2.3
-</span>
-Authentication
-Sequence
-Details
-</a>
-<ul class="toc">
-<li class="tocline">
-<a href="#initiating-a-tls-connection" class="tocxref">
-<span class="secno">
-2.3.1
-</span>
-Initiating
-a
-TLS
-Connection
-</a>
-</li>
-<li class="tocline">
-<a href="#exchanging-the-identification-certificate" class="tocxref">
-<span class="secno">
-2.3.2
-</span>
-Exchanging
-the
-Identification
-Certificate
-</a>
-</li>
-<li class="tocline">
-<a href="#processing-the-webid-profile" class="tocxref">
-<span class="secno">
-2.3.3
-</span>
-Processing
-the
-WebID
-Profile
-</a>
-</li>
-<li class="tocline">
-<a href="#extracting-webid-url-details" class="tocxref">
-<span class="secno">
-2.3.4
-</span>
-Extracting
-WebID
-URL
-Details
-</a>
-</li>
-<li class="tocline">
-<a href="#authorization" class="tocxref">
-<span class="secno">
-2.3.5
-</span>
-<del class="diff-old">Determining
-Access
-Privileges
-</del>
-<ins class="diff-chg">Authorization
-</ins></a></li><li class="tocline"><a href="#secure-communication" class="tocxref"><span class="secno"><ins class="diff-chg">
-2.3.6
-</ins></span><ins class="diff-chg">
-Secure
-Communication
-</ins></a></li></ul></li><li class="tocline"><a href="#the-webid-profile" class="tocxref"><span class="secno"><ins class="diff-chg">
-2.4
-</ins></span><ins class="diff-chg">
-The
-WebID
-Profile
-</ins></a><ul class="toc"><li class="tocline"><a href="#personal-information" class="tocxref"><span class="secno"><ins class="diff-chg">
-2.4.1
-</ins></span><ins class="diff-chg">
-Personal
-Information
-</ins></a></li><li class="tocline"><a href="#cryptographic-details" class="tocxref"><span class="secno"><ins class="diff-chg">
-2.4.2
-</ins></span><ins class="diff-chg">
-Cryptographic
-Details
-</ins>
-</a>
-</li>
-</ul>
-</li>
-</ul>
-</li>
-<li class="tocline">
-<a href="#references" class="tocxref">
-<span class="secno">
-A.
-</span>
-References
-</a>
-<ul class="toc">
-<li class="tocline">
-<a href="#normative-references" class="tocxref">
-<span class="secno">
-A.1
-</span>
-Normative
-references
-</a>
-</li>
-<li class="tocline">
-<a href="#informative-references" class="tocxref">
-<span class="secno">
-A.2
-</span>
-Informative
-references
-</a>
-</li>
-</ul>
-</li>
-</ul>
-</div>
-<div class="informative section" id="introduction" typeof="bibo:Chapter" about="#introduction">
-<h2>
-<span class="secno">
-1.
-</span>
-Introduction
-</h2>
-<p>
-<em>
-This
-section
-is
-non-normative.
-</em>
-</p>
-<p>
-The
-WebID
-specification
-is
-designed
-to
-help
-alleviate
-the
-difficultly
-that
-remembering
-different
-logins,
-passwords
-and
-settings
-for
-websites
-has
-created.
-It
-is
-also
-designed
-to
-provide
-a
-universal
-and
-extensible
-mechanism
-to
-express
-public
-and
-private
-information
-about
-yourself.
-This
-section
-outlines
-the
-motivation
-behind
-the
-specification
-and
-the
-relationship
-to
-other
-similar
-specifications
-that
-are
-in
-active
-use
-today.
-</p>
-<div class="informative section" id="motivation" typeof="bibo:Chapter" about="#motivation">
-<h3>
-<span class="secno">
-1.1
-</span>
-Motivation
-</h3>
-<p>
-<em>
-This
-section
-is
-non-normative.
-</em>
-</p>
-<p>
-It
-is
-a
-fundamental
-design
-criteria
-of
-the
-Web
-to
-enable
-individuals
-and
-organizations
-to
-control
-how
-they
-interact
-with
-the
-rest
-of
-society.
-This
-includes
-how
-one
-expresses
-their
-identity,
-public
-information
-and
-personal
-details
-to
-social
-networks,
-Web
-sites
-and
-services.
-</p>
-<p>
-Semantic
-Web
-vocabularies
-such
-as
-Friend-of-a-Friend
-(FOAF)
-permit
-distributed
-hyperlinked
-social
-networks
-to
-exist.
-This
-vocabulary,
-along
-with
-other
-vocabularies,
-allow
-one
-to
-add
-information
-and
-services
-protection
-to
-distributed
-social
-networks.
-</p>
-<p>
-One
-major
-criticism
-of
-open
-networks
-is
-that
-they
-seem
-to
-have
-no
-way
-of
-protecting
-the
-personal
-information
-distributed
-on
-the
-web
-or
-limiting
-access
-to
-resources.
-Few
-people
-are
-willing
-to
-make
-all
-their
-personal
-information
-public,
-many
-would
-like
-large
-pieces
-to
-be
-protected,
-making
-it
-available
-only
-to
-a
-select
-group
-of
-agents.
-Giving
-access
-to
-information
-is
-very
-similar
-to
-giving
-access
-to
-services.
-There
-are
-many
-occasions
-when
-people
-would
-like
-services
-to
-only
-be
-accessible
-to
-members
-of
-a
-group,
-such
-as
-allowing
-only
-friends,
-family
-members,
-colleagues
-to
-post
-an
-article,
-photo
-or
-comment
-on
-a
-blog.
-How
-does
-one
-do
-this
-in
-a
-flexible
-way,
-without
-requiring
-a
-central
-point
-of
-access
-control?
-</p>
-<p>
-Using
-an
-process
-made
-popular
-by
-OpenID,
-we
-show
-how
-one
-can
-tie
-a
-User
-Agent
-to
-a
-URL
-by
-proving
-that
-one
-has
-write
-access
-to
-the
-URL.
-WebID
-is
-a
-simpler
-alternative
-to
-OpenID
-(fewer
-connections),
-that
-uses
-X.509
-certificates
-to
-tie
-a
-User
-Agent
-(Browser)
-to
-a
-Person
-identified
-via
-a
-URL.
-WebID
-also
-provides
-a
-few
-additional
-features
-to
-OpenID.
-These
-features
-include
-trust
-management,
-via
-digital
-signatures,
-and
-free-form
-extensibility
-via
-RDFa.
-By
-using
-the
-existing
-SSL
-certificate
-exchange
-mechanism,
-WebID
-integrates
-more
-smoothly
-with
-existing
-Web
-browsers,
-including
-browsers
-on
-mobile
-devices.
-WebID
-also
-permits
-automated
-session
-login
-in
-addition
-to
-interactive
-session
-login.
-Additionally,
-all
-data
-is
-encrypted
-and
-guaranteed
-to
-only
-be
-received
-by
-the
-person
-or
-organization
-that
-was
-intended
-to
-receive
-it.
-</p>
-</div>
-<div class="informative section" id="relation-to-openid" typeof="bibo:Chapter" about="#relation-to-openid">
-<h3>
-<span class="secno">
-1.2
-</span>
-Relation
-to
-OpenID
-</h3>
-<p>
-<em>
-This
-section
-is
-non-normative.
-</em>
-</p>
-<p class="issue">
-This
-section
-needs
-to
-be
-re-written.
-The
-flow
-and
-grammar
-leaves
-much
-to
-be
-desired.
---
-manu
-</p>
-<p>
-WebID
-is
-compatible
-with
-OpenID.
-Both
-protocols
-use
-a
-URL
-that
-dereferences
-to
-a
-Personal
-Profile
-Document.
-This
-Personal
-Profile
-Document
-is
-where
-further
-information
-about
-an
-identity
-can
-be
-discovered.
-This
-mechanism
-is
-compatible
-with
-both
-WebID
-and
-OpenID.
-Therefore,
-WebID
-does
-not
-intend
-to
-replace
-OpenID,
-but
-can
-work
-beside
-OpenID
-by
-sharing
-the
-content
-in
-the
-Personal
-Profile
-Document.
-</p>
-<p>
-That
-said,
-there
-are
-a
-number
-of
-benefits
-that
-WebID
-achieves
-over
-OpenID:
-</p>
-<p>
-WebID
-gives
-people
-and
-other
-agents
-a
-WebID
-URL
-for
-identification.
-OpenID
-also
-provides
-a
-URL
-to
-a
-Personal
-Profile
-Document.
-However,
-in
-the
-case
-of
-WebID,
-one
-does
-not
-need
-to
-remember
-the
-URL
-since
-the
-User
-Agent
-remembers
-the
-URL
-on
-behalf
-of
-the
-person
-browsing.
-To
-log
-in
-on
-a
-WebID
-web
-site
-there
-is
-no
-need
-to
-enter
-any
-identifier
-like
-one
-has
-to
-do
-for
-OpenID.
-Just
-one
-click
-tells
-the
-browser
-to
-send
-the
-WebID
-URL.
-The
-person
-that
-is
-browsing
-does
-not
-need
-to
-remember
-either
-their
-WebID
-URL
-or
-the
-website
-password.
-The
-only
-password
-one
-may
-need
-to
-remember
-is
-the
-one
-that
-is
-used
-to
-access
-their
-collection
-of
-WebIDs
-in
-their
-browser,
-and
-that's
-only
-if
-they
-opt-in
-to
-password
-protect
-their
-WebIDs.
-</p>
-<p>
-<ins class="diff-new">While
-</ins>
-WebID
-<del class="diff-old">gives
-people
-and
-other
-agents
-</del>
-<ins class="diff-chg">works
-well
-in
-</ins>
-a
-<del class="diff-old">Web
-ID
-URL
-for
-identification.
-OpenID
-</del>
-<ins class="diff-chg">browser
-environment,
-it
-is
-</ins>
-also
-<del class="diff-old">provides
-a
-URL
-to
-a
-Personal
-Profile
-Document.
-However,
-in
-the
-case
-</del>
-<ins class="diff-chg">very
-useful
-outside
-</ins>
-of
-<del class="diff-old">WebID,
-the
-user
-does
-not
-need
-to
-remember
-the
-URL,
-</del>
-the
-browser
-<del class="diff-old">or
-User
-Agent
-does.
-A
-login
-button
-on
-a
-</del>
-<ins class="diff-chg">environment.
-</ins>
-WebID
-<del class="diff-old">web
-site
-is
-just
-a
-button.
-No
-need
-to
-enter
-any
-identifier
-like
-one
-has
-to
-for
-OpenID.
-Just
-click
-</del>
-<ins class="diff-chg">can
-also
-operate
-without
-requiring
-</ins>
-the
-<del class="diff-old">button.
-Your
-browser
-will
-then
-ask
-you
-what
-identity
-you
-wish
-</del>
-<ins class="diff-chg">use
-of
-any
-passwords.
-This
-is
-useful
-</ins>
-to
-<del class="diff-old">use.
-The
-person
-</del>
-<ins class="diff-chg">developers
-</ins>
-that
-<del class="diff-old">is
-browsing
-does
-not
-need
-</del>
-<ins class="diff-chg">may
-want
-</ins>
-to
-<del class="diff-old">remember
-either
-the
-</del>
-<ins class="diff-chg">use
-</ins>
-WebID
-<del class="diff-old">URL
-or
-the
-website
-password.
-The
-only
-password
-one
-needs
-</del>
-to
-<del class="diff-old">remember
-is
-the
-one
-</del>
-<ins class="diff-chg">perform
-server-to-server
-or
-peer-to-peer
-verification
-of
-identity.
-WebID
-works
-for
-automated
-agents
-such
-as
-Search
-Agents,
-API
-Agents,
-and
-other
-automated
-mechanisms
-</ins>
-that
-<del class="diff-old">is
-used
-to
-access
-their
-collection
-</del>
-<ins class="diff-chg">are
-often
-found
-outside
-</ins>
-of
-<del class="diff-old">WebIDs
-in
-their
-browser.
-</del>
-<ins class="diff-chg">the
-browser
-environment.
-</ins>
-</p>
-<p>
-The
-WebID
-protocol
-requires
-just
-one
-direct
-network
-connection
-to
-establish
-identity
-via
-the
-client.
-The
-server
-requires
-one
-connection
-to
-the
-client
-and
-one
-connection
-to
-retrieve
-the
-WebID
-Profile
-if
-it
-does
-not
-have
-the
-credential
-information
-cached.
-Compare
-this
-to
-the
-much
-more
-complex
-OpenID
-sequence,
-which
-requires
-six
-connections
-by
-the
-client
-to
-establish
-a
-login.
-In
-a
-world
-of
-distributed
-data
-where
-each
-site
-can
-point
-to
-data
-on
-any
-other
-site,
-multiple
-connections
-become
-costly
-to
-manage.
-</p>
-<p>
-WebID
-builds
-on
-a
-number
-of
-well
-established
-Internet
-and
-Web
-standards;
-<a href="http://en.wikipedia.org/wiki/REST">
-REST
-</a>,
-RDF
-[
-<a class="bibref" rel="biblioentry" href="#bib-RDF-PRIMER">
-RDF-PRIMER
-</a>
-],
-RDFa
-[
-<a class="bibref" rel="biblioentry" href="#bib-RDFA-CORE">
-RDFA-CORE
-</a>
-],
-RDF/XML
-[
-<a class="bibref" rel="biblioentry" href="#bib-RDF-SYNTAX-GRAMMAR">
-RDF-SYNTAX-GRAMMAR
-</a>
-],
-TLS
-[
-<a class="bibref" rel="biblioentry" href="#bib-HTTP-TLS">
-HTTP-TLS
-</a>
-],
-and
-X.509
-[
-<a class="bibref" rel="biblioentry" href="#bib-X509V3">
-X509V3
-</a>
-].
-By
-building
-on
-previous
-standards,
-it
-makes
-both
-explaining
-and
-implementing
-WebID
-easier
-on
-developers.
-</p>
-<p>
-Since
-WebID
-is
-RESTful,
-you
-can
-perform
-basic
-HTTP
-operations
-to
-<code>
-GET
-</code>
-your
-WebID,
-and
-if
-you
-needed
-update
-it,
-you
-can
-use
-HTTP
-<code>
-PUT
-</code>
-semantics.
-You
-can
-also
-create
-a
-WebID
-via
-<code>
-POST
-</code>.
-This
-is
-improved
-from
-the
-OpenID
-specification,
-which
-requires
-a
-new
-set
-of
-operations
-described
-in
-the
-OpenID
-Attribute
-Exchange
-specification.
-</p>
-<p>
-WebID
-is
-built
-on
-RDF
-and
-thus
-enables
-all
-of
-the
-advanced
-semantic
-web
-concepts
-that
-RDF
-enables.
-For
-example,
-a
-developer
-may
-perform
-machine
-reasoning
-with
-a
-WebID.
-One
-can
-construct
-machine-executable
-statements
-like
-"If
-this
-WebID
-claims
-to
-be
-a
-friend
-of
-one
-of
-our
-partner
-WebIDs
-that
-is
-trusted
-and
-the
-relationship
-is
-bi-directional,
-trust
-the
-WebID."
-While
-OpenID
-attempts
-to
-support
-this
-use
-case
-by
-mapping
-OpenID
-to
-RDF,
-it's
-far
-easier
-to
-do
-with
-WebID
-because
-WebID
-is
-natively
-RDF-aware.
-</p>
-<p>
-It
-is
-easy
-to
-extend
-a
-WebID
-with
-new
-attributes
-via
-RDF.
-The
-power
-of
-RDF
-allows
-developers
-to
-add
-extensions
-to
-WebID
-by
-defining
-new
-vocabularies
-that
-they
-publish.
-There
-is
-no
-authorization
-process
-necessary
-and
-thus
-WebID
-allows
-for
-distributed
-innovation.
-Every
-WebID
-property
-is
-a
-URI,
-which
-when
-clicked,
-can
-give
-you
-yet
-more
-information
-about
-what
-the
-property
-means.
-A
-developer
-can
-create
-new
-usage
-classes
-by
-extending
-their
-vocabulary
-at
-will.
-A
-developer
-can
-add
-relationships
-to
-a
-WebID
-by
-simply
-adding
-more
-HTML
-to
-the
-developer's
-page.
-OpenID
-does
-not
-provide
-any
-type
-of
-distributed
-innovation
-akin
-to
-RDF.
-</p>
-<p>
-Implementing
-WebID
-is
-easier
-than
-OpenID
-because
-all
-of
-the
-basic
-technologies
-have
-been
-working
-and
-integrated
-into
-Web
-browsers
-for
-many
-years.
-There
-were
-already
-three
-interoperable
-implementations
-of
-WebID
-before
-this
-specification
-was
-written.
-</p>
-<p>
-WebID
-is
-truly
-decentralized
--
-with
-WebID
-you
-get
-a
-web
-of
-trust.
-OpenID
-only
-supports
-the
-Web
-of
-Trust
-model
-if
-you
-indirectly
-trust
-the
-OpenID
-provider.
-In
-other
-words
--
-OpenID
-is
-not
-truly
-decentralized.
-In
-OpenID
-you
-must
-trust
-OpenID
-providers.
-With
-WebID
-you
-only
-have
-to
-trust
-the
-people
-and
-the
-organizations
-with
-which
-you
-are
-communicating.
-In
-other
-words,
-you
-don't
-have
-to
-ask
-anyone
-whether
-or
-not
-you
-can
-trust
-your
-friends.
-You
-can
-query
-people
-that
-you
-trust
-directly
-to
-see
-if
-someone
-is
-trustworthy
-or
-not.
-There
-is
-no
-need
-for
-a
-central
-WebID
-authority.
-</p>
-<p>
-WebID
-is
-fully
-distributed,
-anyone
-can
-setup
-a
-WebID
-by
-placing
-a
-single
-file
-on
-a
-web
-server
-of
-their
-choosing.
-There
-is
-no
-need
-for
-a
-special
-OpenID-like
-provider
-service.
-The
-only
-thing
-anyone
-that
-wants
-a
-WebID
-needs
-is
-a
-web
-account
-where
-you
-can
-post
-your
-WebID
-file,
-ideally
-on
-your
-own
-domain
-name.
-You
-can
-also
-use
-a
-WebID
-hosting
-provider,
-but
-it's
-not
-necessary
-for
-WebID
-to
-work.
-While
-it
-is
-possible
-to
-run
-an
-OpenID
-server,
-other
-OpenID
-applications
-may
-not
-trust
-you
-and
-thus
-you
-won't
-be
-able
-to
-fully
-utilize
-your
-private
-OpenID
-credentials.
-The
-reason
-that
-there
-are
-a
-few
-large
-OpenID
-providers
-and
-very
-few
-small
-OpenID
-providers
-is
-because
-of
-this
-trust
-design
-issue
-related
-to
-OpenID.
-</p>
-<p>
-WebID
-does
-not
-require
-HTTP
-redirects.
-Redirects
-are
-problematic
-on
-many
-cell
-phones,
-because
-telecoms
-heavily
-rely
-on
-proxys,
-which
-selectively
-block
-redirects.
-</p>
-<p>
-A
-WebID
-provider
-is
-100%
-compatible
-with
-an
-OpenID
-provider
-and
-thus
-can
-inter-operate
-with
-OpenID-powered
-networks.
-</p>
-</div>
-<div class="informative section" id="relation-to-oauth" typeof="bibo:Chapter" about="#relation-to-oauth">
-<h3>
-<span class="secno">
-1.3
-</span>
-Relation
-to
-OAuth
-</h3>
-<p>
-<em>
-This
-section
-is
-non-normative.
-</em>
-</p>
-<p>
-OAuth
-and
-WebID
-are
-mutually
-beneficial
-when
-used
-together.
-WebID
-can
-be
-used
-to
-provide
-RSA
-parameters
-to
-the
-RSA-SHA1
-signature
-method
-required
-by
-OAuth
-1.0.
-WebID
-can
-also
-be
-used
-to
-establish
-the
-consumer_key
-and
-HTTPS
-connection
-that
-will
-be
-used
-to
-transmit
-OAuth
-Tokens
-in
-OAuth
-2.0.
-</p>
-</div>
-</div>
-<div class="normative section" id="the-webid-protocol" typeof="bibo:Chapter" about="#the-webid-protocol">
-<h2>
-<span class="secno">
-2.
-</span>
-The
-WebID
-Protocol
-</h2>
-<div class="normative section" id="terminology" typeof="bibo:Chapter" about="#terminology">
-<h3>
-<span class="secno">
-2.1
-</span>
-Terminology
-</h3>
-<dl>
-<dt>
-<dfn title="Verification_Agent" id="dfn-verification_agent">
-Verification
-Agent
-</dfn>
-</dt>
-<dd>
-Performs
-authentication
-on
-provided
-WebID
-credentials
-and
-determines
-if
-an
-<a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent">
-Identification
-Agent
-</a>
-can
-have
-access
-to
-a
-particular
-resource.
-A
-<a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">
-Verification
-Agent
-</a>
-is
-typically
-a
-Web
-server,
-but
-may
-also
-be
-a
-peer
-on
-a
-peer-to-peer
-network.
-</dd>
-<dt>
-<dfn title="Identification_Agent" id="dfn-identification_agent">
-Identification
-Agent
-</dfn>
-</dt>
-<dd>
-Provides
-identification
-credentials
-to
-a
-Verification
-Agent.
-The
-<a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent">
-Identification
-Agent
-</a>
-is
-typically
-also
-a
-User
-Agent.
-</dd>
-<dt>
-<dfn title="Identification_Certificate" id="dfn-identification_certificate">
-Identification
-Certificate
-</dfn>
-</dt>
-<dd>
-An
-X.509
-[
-<a class="bibref" rel="biblioentry" href="#bib-X509V3">
-X509V3
-</a>
-]
-Certificate
-that
-<em class="rfc2119" title="must">
-must
-</em>
-contain
-a
-<code>
-Subject
-Alternative
-Name
-</code>
-extension
-with
-a
-URI
-entry.
-The
-URI
-<em class="rfc2119" title="should">
-should
-</em>
-be
-a
-URL,
-and
-<em class="rfc2119" title="should not">
-should
-not
-</em>
-be
-a
-URN.
-The
-URL
-identifies
-the
-<a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent">
-Identification
-Agent
-</a>.
-The
-URL
-<em class="rfc2119" title="must">
-must
-</em>
-be
-dereference-able
-and
-result
-in
-a
-document
-containing
-RDF
-data.
-For
-example,
-the
-certificate
-would
-contain
-<code>
-http://example.org/webid#public
-</code>,
-known
-as
-a
-<a class="tref internalDFN" title="WebID_URL" href="#dfn-webid_url">
-WebID
-URL
-</a>,
-as
-the
-<code>
-Subject
-Alternative
-Name
-</code>:
-<code><pre>
-X509v3 extensions:
- ...
- X509v3 Subject Alternative Name:
- URI:http://example.org/webid#public
-</pre>
-</code>
-</dd>
-<dt>
-<dfn title="WebID_URL" id="dfn-webid_url">
-WebID
-URL
-</dfn>
-</dt>
-<dd>
-A
-URL
-specified
-via
-the
-<code>
-Subject
-Alternative
-Name
-</code>
-extension
-of
-the
-<a class="tref internalDFN" title="Identification_Certificate" href="#dfn-identification_certificate">
-Identification
-Certificate
-</a>
-that
-identifies
-an
-<a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent">
-Identification
-Agent
-</a>.
-</dd>
-<dt>
-<dfn title="public_key" id="dfn-public_key">
-public
-key
-</dfn>
-</dt>
-<dd>
-A
-widely
-distributed
-crytographic
-key
-that
-can
-be
-used
-to
-verify
-digital
-signatures
-and
-encrypt
-data
-between
-a
-sender
-and
-a
-receiver.
-A
-public
-key
-is
-always
-included
-in
-an
-<a class="tref internalDFN" title="Identification_Certificate" href="#dfn-identification_certificate">
-Identification
-Certificate
-</a>
-</dd>
-<dt>
-<dfn title="WebID_Profile" id="dfn-webid_profile">
-WebID
-Profile
-</dfn>
-</dt>
-<dd>
-A
-structured
-document
-that
-contains
-identification
-credentials
-for
-the
-<a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent">
-Identification
-Agent
-</a>
-expressed
-using
-the
-Resource
-Description
-Framework
-[
-<a class="bibref" rel="biblioentry" href="#bib-RDF-CONCEPTS">
-RDF-CONCEPTS
-</a>
-].
-Either
-the
-XHTML+RDFa
-1.1
-[
-<a class="bibref" rel="biblioentry" href="#bib-XHTML-RDFA">
-XHTML-RDFA
-</a>
-]
-serialization
-format
-or
-the
-RDF/XML
-[
-<a class="bibref" rel="biblioentry" href="#bib-RDF-SYNTAX-GRAMMAR">
-RDF-SYNTAX-GRAMMAR
-</a>
-]
-serialization
-format
-<em class="rfc2119" title="must">
-must
-</em>
-be
-supported
-by
-the
-mechanism,
-e.g.
-a
-Web
-Service,
-providing
-the
-WebID
-Profile
-document.
-Alternate
-RDF
-serialization
-formats,
-such
-as
-N3
-[
-<a class="bibref" rel="biblioentry" href="#bib-N3">
-N3
-</a>
-]
-or
-Turtle
-[
-<a class="bibref" rel="biblioentry" href="#bib-TURTLE">
-TURTLE
-</a>
-],
-<em class="rfc2119" title="may">
-may
-</em>
-be
-supported
-by
-the
-mechanism
-providing
-the
-WebID
-Profile
-document.
-</dd>
-</dl>
-<p class="issue">
-Whether
-or
-not
-RDF/XML,
-XHTML+RDFa
-1.1,
-both
-or
-neither
-serialization
-of
-RDF
-should
-be
-required
-serialization
-formats
-in
-the
-specification
-is
-currently
-under
-heavy
-debate.
-</p>
-</div>
-<div class="normative section" id="authentication-sequence" typeof="bibo:Chapter" about="#authentication-sequence">
-<h3>
-<span class="secno">
-2.2
-</span>
-Authentication
-Sequence
-</h3>
-<p>
-The
-following
-steps
-are
-executed
-by
-Verification
-Agents
-and
-Identification
-Agents
-to
-determine
-if
-access
-should
-be
-granted
-to
-a
-particular
-resource.
-</p>
-<ol>
-<li>
-The
-<a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent">
-Identification
-Agent
-</a>
-attempts
-to
-access
-a
-resource
-using
-HTTP
-over
-TLS
-[
-<a class="bibref" rel="biblioentry" href="#bib-HTTP-TLS">
-HTTP-TLS
-</a>
-]
-via
-the
-<a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">
-Verification
-Agent
-</a>.
-</li>
-<li>
-The
-<a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">
-Verification
-Agent
-</a>
-<em class="rfc2119" title="must">
-must
-</em>
-request
-the
-<a class="tref internalDFN" title="Identification_Certificate" href="#dfn-identification_certificate">
-Identification
-Certificate
-</a>
-of
-the
-<a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent">
-Identification
-Agent
-</a>
-as
-a
-part
-of
-the
-TLS
-client-cerificate
-retrieval
-protocol.
-</li>
-<li>
-The
-<a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">
-Verification
-Agent
-</a>
-<em class="rfc2119" title="must">
-must
-</em>
-extract
-the
-<a class="tref internalDFN" title="public_key" href="#dfn-public_key">
-public
-key
-</a>
-and
-the
-<a class="tref internalDFN" title="WebID_URL" href="#dfn-webid_url">
-WebID
-URL
-</a>
-contained
-in
-the
-<code>
-Subject
-Alternative
-Name
-</code>
-extension
-of
-the
-<a class="tref internalDFN" title="Identification_Certificate" href="#dfn-identification_certificate">
-Identification
-Certificate
-</a>.
-</li>
-<li>
-The
-<a class="tref internalDFN" title="public_key" href="#dfn-public_key">
-public
-key
-</a>
-information
-associated
-with
-the
-<a class="tref internalDFN" title="WebID_URL" href="#dfn-webid_url">
-WebID
-URL
-</a>
-<em class="rfc2119" title="must">
-must
-</em>
-be
-<del class="diff-old">verified
-</del>
-<ins class="diff-chg">checked
-</ins>
-by
-the
-<a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">
-Verification
-Agent
-</a>.
-This
-<del class="diff-old">must
-be
-performed
-by
-validating
-the
-public
-key
-associated
-with
-the
-WebID
-URL
-.
-This
-</del>
-process
-<em class="rfc2119" title="should">
-should
-</em>
-occur
-either
-by
-dereferencing
-the
-<a class="tref internalDFN" title="WebID_URL" href="#dfn-webid_url">
-WebID
-URL
-</a>
-and
-extracting
-RDF
-data
-from
-the
-resulting
-document,
-or
-by
-utilizing
-a
-cached
-version
-of
-the
-RDF
-data
-contained
-in
-the
-document
-or
-other
-data
-source
-that
-is
-up-to-date
-and
-trusted
-by
-the
-<a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">
-Verification
-Agent
-</a>.
-The
-processing
-and
-extraction
-mechanism
-is
-further
-detailed
-in
-the
-sections
-titled
-<a href="#processing-the-webid-profile">
-Processing
-the
-WebID
-Profile
-</a>
-and
-<a href="#extracting-webid-url-details">
-Extracting
-WebID
-URL
-Details
-</a>.
-</li>
-<li>
-If
-the
-<a class="tref internalDFN" title="public_key" href="#dfn-public_key">
-public
-key
-</a>
-in
-the
-<a class="tref internalDFN" title="Identification_Certificate" href="#dfn-identification_certificate">
-Identification
-Certificate
-</a>
-is
-found
-in
-the
-list
-of
-<a class="tref internalDFN" title="public_key" href="#dfn-public_key">
-public
-key
-</a>
-s
-associated
-with
-the
-<a class="tref internalDFN" title="WebID_URL" href="#dfn-webid_url">
-WebID
-URL
-</a>,
-the
-<a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">
-Verification
-Agent
-</a>
-<em class="rfc2119" title="must">
-must
-</em>
-assume
-that
-the
-client
-<del class="diff-old">has
-write
-access
-</del>
-<ins class="diff-chg">intends
-</ins>
-to
-<ins class="diff-new">use
-</ins>
-the
-<del class="diff-old">WebID
-Profile
-</del>
-<a class="tref internalDFN" title="public_key" href="#dfn-public_key">
-<ins class="diff-chg">public
-key
-</ins>
-</a>
-<del class="diff-old">and
-therefore
-owns
-</del>
-<ins class="diff-chg">to
-verify
-their
-ownership
-of
-</ins>
-the
-<del class="diff-old">document.
-</del>
-<ins class="diff-chg">WebID
-URL.
-</ins>
-</li>
-<li>
-<del class="diff-old">If
-the
-</del>
-<ins class="diff-chg">The
-</ins>
-<a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">
-Verification
-Agent
-</a>
-<del class="diff-old">has
-verified
-</del>
-<ins class="diff-chg">verifies
-</ins>
-that
-the
-<a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent">
-<ins class="diff-new">Identification
-Agent
-</ins></a><ins class="diff-new">
-owns
-the
-</ins>
-<a class="tref internalDFN" title="WebID_Profile" href="#dfn-webid_profile">
-WebID
-Profile
-</a>
-<del class="diff-old">is
-owned
-</del>
-by
-<ins class="diff-new">using
-the
-</ins><a class="tref internalDFN" title="public_key" href="#dfn-public_key"><ins class="diff-new">
-public
-key
-</ins></a><ins class="diff-new">
-to
-create
-a
-cryptographic
-challenge.
-The
-challenge
-</ins><em class="rfc2119" title="should"><ins class="diff-new">
-should
-</ins></em><ins class="diff-new">
-be
-fulfilled
-by
-performing
-TLS
-mutual-authentication
-between
-the
-</ins><a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent"><ins class="diff-new">
-Verification
-Agent
-</ins></a><ins class="diff-new">
-and
-</ins>
-the
-<a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent">
-Identification
-Agent
-<del class="diff-old">,
-</del>
-</a>.
-<ins class="diff-chg">If
-</ins>
-the
-<a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">
-Verification
-Agent
-</a>
-<ins class="diff-new">does
-not
-have
-access
-to
-the
-TLS
-layer,
-a
-digital
-signature
-challenge
-</ins>
-<em class="rfc2119" title="must">
-must
-</em>
-<del class="diff-old">use
-</del>
-<ins class="diff-chg">be
-provided
-by
-</ins>
-the
-<del class="diff-old">verified
-public
-key
-contained
-</del>
-<a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">
-<ins class="diff-chg">Verification
-Agent
-</ins></a>.<ins class="diff-chg">
-These
-processes
-are
-detailed
-</ins>
-in
-the
-<del class="diff-old">Identification
-Certificate
-</del>
-<ins class="diff-chg">sections
-titled
-</ins><a href="#authorization"><ins class="diff-chg">
-Authorization
-</ins>
-</a>
-<del class="diff-old">for
-all
-TLS-based
-communication
-with
-the
-Identification
-Agent
-</del>
-<ins class="diff-chg">and
-</ins><a href="#secure-communication"><ins class="diff-chg">
-Secure
-Communication
-</ins>
-</a>.
-</li>
-</ol>
-<p>
-The
-<a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent">
-Identification
-Agent
-</a>
-<em class="rfc2119" title="may">
-may
-</em>
-re-establish
-a
-different
-identity
-at
-any
-time
-by
-executing
-all
-of
-the
-steps
-in
-the
-Authentication
-Sequence
-again.
-Additional
-algorithms,
-detailed
-in
-the
-next
-section,
-<em class="rfc2119" title="may">
-may
-</em>
-be
-performed
-to
-determine
-if
-the
-<a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">
-Verification
-Agent
-</a>
-can
-access
-a
-particular
-resource
-after
-the
-last
-step
-of
-the
-Authentication
-Sequence
-has
-been
-completed.
-</p>
-</div>
-<div class="normative section" id="authentication-sequence-details" typeof="bibo:Chapter" about="#authentication-sequence-details">
-<h3>
-<span class="secno">
-2.3
-</span>
-Authentication
-Sequence
-Details
-</h3>
-<p>
-This
-section
-covers
-details
-about
-each
-step
-in
-the
-authentication
-process.
-</p>
-<div class="normative section" id="initiating-a-tls-connection" typeof="bibo:Chapter" about="#initiating-a-tls-connection">
-<h4>
-<span class="secno">
-2.3.1
-</span>
-Initiating
-a
-TLS
-Connection
-</h4>
-<p class="issue">
-This
-section
-will
-detail
-how
-the
-TLS
-connection
-process
-is
-started
-and
-used
-by
-WebID
-to
-create
-a
-secure
-channel
-between
-the
-Identification
-Agent
-and
-the
-Verification
-Agent.
-</p>
-</div>
-<div class="normative section" id="exchanging-the-identification-certificate" typeof="bibo:Chapter" about="#exchanging-the-identification-certificate">
-<h4>
-<span class="secno">
-2.3.2
-</span>
-Exchanging
-the
-Identification
-Certificate
-</h4>
-<p class="issue">
-This
-section
-will
-detail
-how
-the
-certificate
-is
-selected
-and
-sent
-to
-the
-Verification
-Agent.
-</p>
-</div>
-<div class="normative section" id="processing-the-webid-profile" typeof="bibo:Chapter" about="#processing-the-webid-profile">
-<h4>
-<span class="secno">
-2.3.3
-</span>
-Processing
-the
-WebID
-Profile
-</h4>
-<p>
-A
-Verification
-Agent
-<em class="rfc2119" title="must">
-must
-</em>
-be
-able
-to
-process
-documents
-in
-RDF/XML
-[
-<a class="bibref" rel="biblioentry" href="#bib-RDF-SYNTAX-GRAMMAR">
-RDF-SYNTAX-GRAMMAR
-</a>
-]
-and
-XHTML+RDFa
-[
-<a class="bibref" rel="biblioentry" href="#bib-XHTML-RDFA">
-XHTML-RDFA
-</a>
-].
-A
-server
-responding
-to
-a
-WebID
-Profile
-request
-<em class="rfc2119" title="should">
-should
-</em>
-support
-HTTP
-content
-negotiation.
-The
-server
-<em class="rfc2119" title="must">
-must
-</em>
-return
-a
-representation
-in
-RDF/XML
-for
-media
-type
-<code>
-application/rdf+xml
-</code>.
-The
-server
-<em class="rfc2119" title="must">
-must
-</em>
-return
-a
-representation
-in
-XHTML+RDFa
-for
-media
-type
-<code>
-text/html
-</code>
-or
-media
-type
-<code>
-application/xhtml+xml
-</code>.
-<a class="tref" title="Verification_Agents">
-Verification
-Agents
-</a>
-and
-<a class="tref" title="Identification_Agents">
-Identification
-Agents
-</a>
-<em class="rfc2119" title="may">
-may
-</em>
-support
-any
-other
-RDF
-format
-via
-HTTP
-content
-negotiation.
-</p>
-<p class="issue">
-This
-section
-will
-explain
-how
-a
-Verification
-Agent
-extracts
-semantic
-data
-describing
-the
-identification
-credentials
-from
-a
-WebID
-Profile.
-</p>
-</div>
-<div class="normative section" id="extracting-webid-url-details" typeof="bibo:Chapter" about="#extracting-webid-url-details">
-<h4>
-<span class="secno">
-2.3.4
-</span>
-Extracting
-WebID
-URL
-Details
-</h4>
-<p>
-The
-<a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">
-Verification
-Agent
-</a>
-may
-use
-a
-number
-of
-different
-methods
-to
-extract
-the
-<a class="tref internalDFN" title="public_key" href="#dfn-public_key">
-public
-key
-</a>
-information
-from
-the
-<a class="tref internalDFN" title="WebID_Profile" href="#dfn-webid_profile">
-WebID
-Profile
-</a>.
-</p>
-The
-following
-SPARQL
-query
-outlines
-one
-way
-in
-which
-the
-<a class="tref internalDFN" title="public_key" href="#dfn-public_key">
-public
-key
-</a>
-could
-be
-extracted
-from
-the
-<a class="tref internalDFN" title="WebID_Profile" href="#dfn-webid_profile">
-WebID
-Profile
-</a>:
-<code><pre>
-PREFIX cert: <http://www.w3.org/ns/auth/cert#>
-PREFIX rsa: <http://www.w3.org/ns/auth/rsa#>
-SELECT ?modulus ?exp
-WHERE {
- ?key cert:identity <http://example.org/webid#public>;
- a rsa:RSAPublicKey;
- rsa:modulus [ cert:hex ?modulus; ];
- rsa:public_exponent [ cert:decimal ?exp ] .
-}
-</pre>
-</code>
-<p class="issue">
-This
-section
-still
-needs
-more
-information.
-</p>
-</div>
-<div class="normative section" id="authorization" typeof="bibo:Chapter" about="#authorization">
-<h4>
-<span class="secno">
-2.3.5
-</span>
-<del class="diff-old">Determining
-Access
-Privileges
-</del>
-<ins class="diff-chg">Authorization
-</ins>
-</h4>
-<p class="issue">
-This
-section
-will
-explain
-how
-a
-Verification
-Agent
-may
-use
-the
-information
-discovered
-via
-a
-WebID
-URL
-to
-determine
-if
-one
-should
-be
-able
-to
-access
-a
-particular
-resource.
-It
-will
-explain
-how
-a
-Verification
-Agent
-can
-use
-links
-to
-other
-RDFa
-documents
-to
-build
-knowledge
-about
-the
-given
-WebID.
-</p>
-</div>
-<div class="normative section" id="secure-communication" typeof="bibo:Chapter" about="#secure-communication">
-<h4>
-<span class="secno">
-<ins class="diff-new">2.3.6
-</ins></span><ins class="diff-new">
-Secure
-Communication
-</ins></h4><p class="issue"><ins class="diff-new">
-This
-section
-will
-explain
-how
-an
-Identification
-Agent
-and
-a
-Verification
-Agent
-may
-communicate
-securely
-using
-a
-set
-of
-verified
-identification
-credentials.
-</ins></p><p><ins class="diff-new">
-If
-the
-</ins><a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent"><ins class="diff-new">
-Verification
-Agent
-</ins></a><ins class="diff-new">
-has
-verified
-that
-the
-</ins><a class="tref internalDFN" title="WebID_Profile" href="#dfn-webid_profile"><ins class="diff-new">
-WebID
-Profile
-</ins></a><ins class="diff-new">
-is
-owned
-by
-the
-</ins><a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent"><ins class="diff-new">
-Identification
-Agent
-</ins></a>,<ins class="diff-new">
-the
-</ins><a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent"><ins class="diff-new">
-Verification
-Agent
-</ins></a><em class="rfc2119" title="should"><ins class="diff-new">
-should
-</ins></em><ins class="diff-new">
-use
-the
-verified
-</ins><a class="tref internalDFN" title="public_key" href="#dfn-public_key"><ins class="diff-new">
-public
-key
-</ins></a><ins class="diff-new">
-contained
-in
-the
-</ins><a class="tref internalDFN" title="Identification_Certificate" href="#dfn-identification_certificate"><ins class="diff-new">
-Identification
-Certificate
-</ins></a><ins class="diff-new">
-for
-all
-TLS-based
-communication
-with
-the
-</ins><a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent"><ins class="diff-new">
-Identification
-Agent
-</ins></a>.<ins class="diff-new">
-This
-ensures
-that
-both
-the
-</ins><a class="tref" title="Authorization_Agent"><ins class="diff-new">
-Authorization
-Agent
-</ins></a><ins class="diff-new">
-and
-the
-</ins><a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent"><ins class="diff-new">
-Identification
-Agent
-</ins></a><ins class="diff-new">
-are
-communicating
-in
-a
-secure
-manner,
-ensuring
-cryptographically
-protected
-privacy
-for
-both
-sides.
-</ins></p></div></div><div class="normative section" id="the-webid-profile" typeof="bibo:Chapter" about="#the-webid-profile"><h3><span class="secno"><ins class="diff-new">
-2.4
-</ins></span><ins class="diff-new">
-The
-WebID
-Profile
-</ins></h3><p><ins class="diff-new">
-The
-</ins><a class="tref internalDFN" title="WebID_Profile" href="#dfn-webid_profile"><ins class="diff-new">
-WebID
-Profile
-</ins></a><ins class="diff-new">
-is
-a
-structured
-document
-that
-contains
-identification
-credentials
-for
-the
-</ins><a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent"><ins class="diff-new">
-Identification
-Agent
-</ins></a><ins class="diff-new">
-expressed
-using
-the
-Resource
-Description
-Framework
-[
-</ins><a class="bibref" rel="biblioentry" href="#bib-RDF-CONCEPTS"><ins class="diff-new">
-RDF-CONCEPTS
-</ins></a><ins class="diff-new">
-].
-The
-following
-sections
-describe
-how
-to
-express
-certain
-common
-properties
-that
-could
-be
-used
-by
-</ins><a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent"><ins class="diff-new">
-Verification
-Agent
-</ins></a><ins class="diff-new">
-s
-and
-other
-entities
-that
-consume
-a
-</ins><a class="tref internalDFN" title="WebID_Profile" href="#dfn-webid_profile"><ins class="diff-new">
-WebID
-Profile
-</ins></a>.</p><p><ins class="diff-new">
-The
-following
-vocabularies
-are
-used
-in
-their
-shortened
-form
-in
-the
-subsequent
-sections:
-</ins></p><dl><dt><ins class="diff-new">
-foaf
-</ins></dt><dd><ins class="diff-new">
-http://xmlns.com/foaf/0.1/
-</ins></dd><dt><ins class="diff-new">
-cert
-</ins></dt><dd><ins class="diff-new">
-http://www.w3.org/ns/auth/cert#
-</ins></dd><dt><ins class="diff-new">
-rsa
-</ins></dt><dd><ins class="diff-new">
-http://www.w3.org/ns/auth/rsa#
-</ins></dd></dl><div class="normative section" id="personal-information" typeof="bibo:Chapter" about="#personal-information"><h4><span class="secno"><ins class="diff-new">
-2.4.1
-</ins></span><ins class="diff-new">
-Personal
-Information
-</ins></h4><p><ins class="diff-new">
-Personal
-details
-are
-the
-most
-common
-requirement
-when
-registering
-an
-account
-with
-a
-website.
-Some
-of
-these
-pieces
-of
-information
-include
-an
-e-mail
-address,
-a
-name
-and
-perhaps
-an
-avatar
-image.
-This
-section
-includes
-properties
-that
-</ins><em class="rfc2119" title="should"><ins class="diff-new">
-should
-</ins></em><ins class="diff-new">
-be
-used
-when
-conveying
-key
-pieces
-of
-personal
-information
-but
-are
-</ins><em class="rfc2119" title="not required"><ins class="diff-new">
-not
-required
-</ins></em><ins class="diff-new">
-to
-be
-present
-in
-a
-WebID
-Profile:
-</ins></p><dl><dt><ins class="diff-new">
-foaf:mbox
-</ins></dt><dd><ins class="diff-new">
-The
-e-mail
-address
-that
-is
-associated
-with
-the
-WebID
-URL.
-</ins></dd><dt><ins class="diff-new">
-foaf:name
-</ins></dt><dd><ins class="diff-new">
-The
-name
-that
-is
-most
-commonly
-used
-to
-refer
-to
-the
-individual
-or
-agent.
-</ins></dd><dt><ins class="diff-new">
-foaf:depiction
-</ins></dt><dd><ins class="diff-new">
-An
-image
-representation
-of
-the
-individual
-or
-agent.
-</ins></dd></dl></div><div class="normative section" id="cryptographic-details" typeof="bibo:Chapter" about="#cryptographic-details"><h4><span class="secno"><ins class="diff-new">
-2.4.2
-</ins></span><ins class="diff-new">
-Cryptographic
-Details
-</ins></h4><p><ins class="diff-new">
-Cryptographic
-details
-are
-important
-when
-</ins><a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent"><ins class="diff-new">
-Verification
-Agent
-</ins></a><ins class="diff-new">
-s
-and
-</ins><a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent"><ins class="diff-new">
-Identification
-Agent
-</ins></a><ins class="diff-new">
-s
-interact.
-The
-following
-properties
-</ins><em class="rfc2119" title="should"><ins class="diff-new">
-should
-</ins></em><ins class="diff-new">
-be
-used
-when
-conveying
-cryptographic
-information
-in
-WebID
-Profile
-documents:
-</ins></p><dl><dt><ins class="diff-new">
-rsa:RSAPublicKey
-</ins></dt><dd><ins class="diff-new">
-Expresses
-an
-RSA
-public
-key.
-The
-RSAPublicKey
-</ins><em class="rfc2119" title="must"><ins class="diff-new">
-must
-</ins></em><ins class="diff-new">
-specify
-the
-rsa:modulus
-and
-rsa:public_exponent
-properties.
-</ins></dd><dt><ins class="diff-new">
-cert:identity
-</ins></dt><dd><ins class="diff-new">
-Used
-to
-associate
-an
-RSAPublicKey
-with
-a
-WebID
-URL.
-A
-WebID
-Profile
-</ins><em class="rfc2119" title="must"><ins class="diff-new">
-must
-</ins></em><ins class="diff-new">
-contain
-at
-least
-one
-RSAPublicKey
-that
-is
-associated
-with
-the
-corresponding
-WebID
-URL.
-</ins></dd></dl></div>
-</div>
-<div id="appendix" typeof="bibo:Chapter" about="#appendix" class="section">
-<div class="informative section" id="history" typeof="bibo:Chapter" about="#history">
-<h4>
-Change
-History
-</h4>
-<p>
-<em>
-This
-section
-is
-non-normative.
-</em>
-</p>
-<p>
-<a href="http://github.com/msporny/webid-spec/commit/b19d2812901b4511fdf9876c1be53bb36ee3201e">
-<ins class="diff-new">2010-07-25
-</ins></a><ins class="diff-new">
-Added
-WebID
-Profile
-section.
-</ins></p><p><a href="http://github.com/msporny/webid-spec/commit/211d197510ca119c21ae48f3e5aa3f931ea88672"><ins class="diff-new">
-2010-07-18
-</ins></a><ins class="diff-new">
-Updates
-from
-WebID
-community
-related
-to
-RDF/XML
-support,
-authentication
-sequence
-corrections,
-abstract
-and
-introduction
-updates.
-</ins></p><p><a href="http://github.com/msporny/webid-spec/commit/a54dee9c242b08edaac617d678215b389dd3556d">
-2010-07-11
-</a>
-Initial
-version.
-</p>
-</div>
-<div class="informative section" id="acknowledgements" typeof="bibo:Chapter" about="#acknowledgements">
-<h4>
-Acknowledgments
-</h4>
-<p>
-<em>
-This
-section
-is
-non-normative.
-</em>
-</p>
-<p>
-The
-following
-people
-have
-been
-instrumental
-in
-providing
-thoughts,
-feedback,
-reviews,
-criticism
-and
-input
-in
-the
-creation
-of
-this
-specification:
-</p>
-<ul>
-<li>
-Melvin
-Carvalho
-</li>
-<li>
-Bruno
-Harbulot
-</li>
-<li>
-Toby
-Inkster
-</li>
-<li>
-Ian
-Jacobi
-</li>
-<li>
-Jeff
-Sayre
-</li>
-<li>
-Henry
-Story
-</li>
-</ul>
-</div>
-</div>
-</div>
-<div id="references" class="appendix section" typeof="bibo:Chapter" about="#references">
-<h2>
-<span class="secno">
-A.
-</span>
-References
-</h2>
-<div id="normative-references" typeof="bibo:Chapter" about="#normative-references" class="section">
-<h3>
-<span class="secno">
-A.1
-</span>
-Normative
-references
-</h3>
-<dl class="bibliography" about="">
-<dt id="bib-HTTP-TLS">
-[HTTP-TLS]
-</dt>
-<dd rel="dcterms:requires">
-E.
-Rescorla.
-<a href="http://www.ietf.org/rfc/rfc2818.txt">
-<cite>
-HTTP
-Over
-TLS.
-</cite>
-</a>
-May
-2000.
-Internet
-RFC
-2818.
-URL:
-<a href="http://www.ietf.org/rfc/rfc2818.txt">
-http://www.ietf.org/rfc/rfc2818.txt
-</a>
-</dd>
-<dt id="bib-N3">
-[N3]
-</dt>
-<dd rel="dcterms:requires">
-Tim
-Berners-Lee;
-Dan
-Connolly.
-<a href="http://www.w3.org/TeamSubmission/2008/SUBM-n3-20080114/">
-<cite>
-Notation3
-(N3):
-A
-readable
-RDF
-syntax.
-</cite>
-</a>
-14
-January
-2008.
-W3C
-Team
-Submission.
-URL:
-<a href="http://www.w3.org/TeamSubmission/2008/SUBM-n3-20080114/">
-http://www.w3.org/TeamSubmission/2008/SUBM-n3-20080114/
-</a>
-</dd>
-<dt id="bib-RDF-PRIMER">
-[RDF-PRIMER]
-</dt>
-<dd rel="dcterms:requires">
-Frank
-Manola;
-Eric
-Miller.
-<a href="http://www.w3.org/TR/2004/REC-rdf-primer-20040210/">
-<cite>
-RDF
-Primer.
-</cite>
-</a>
-10
-February
-2004.
-W3C
-Recommendation.
-URL:
-<a href="http://www.w3.org/TR/2004/REC-rdf-primer-20040210/">
-http://www.w3.org/TR/2004/REC-rdf-primer-20040210/
-</a>
-</dd>
-<dt id="bib-RDF-SYNTAX-GRAMMAR">
-[RDF-SYNTAX-GRAMMAR]
-</dt>
-<dd rel="dcterms:requires">
-Dave
-Beckett.
-<a href="http://www.w3.org/TR/2004/REC-rdf-syntax-grammar-20040210">
-<cite>
-RDF/XML
-Syntax
-Specification
-(Revised).
-</cite>
-</a>
-10
-February
-2004.
-W3C
-Recommendation.
-URL:
-<a href="http://www.w3.org/TR/2004/REC-rdf-syntax-grammar-20040210">
-http://www.w3.org/TR/2004/REC-rdf-syntax-grammar-20040210
-</a>
-</dd>
-<dt id="bib-RDFA-CORE">
-[RDFA-CORE]
-</dt>
-<dd rel="dcterms:requires">
-Shane
-McCarron;
-et
-al.
-<a href="http://www.w3.org/TR/2010/WD-rdfa-core-20100422">
-<cite>
-RDFa
-Core
-1.1:
-Syntax
-and
-processing
-rules
-for
-embedding
-RDF
-through
-attributes.
-</cite>
-</a>
-22
-April
-2010.
-W3C
-Working
-Draft.
-URL:
-<a href="http://www.w3.org/TR/2010/WD-rdfa-core-20100422">
-http://www.w3.org/TR/2010/WD-rdfa-core-20100422
-</a>
-</dd>
-<dt id="bib-TURTLE">
-[TURTLE]
-</dt>
-<dd rel="dcterms:requires">
-David
-Beckett,
-Tim
-Berners-Lee.
-<a href="http://www.w3.org/TeamSubmission/turtle/">
-Turtle:
-Terse
-RDF
-Triple
-Language
-</a>
-January
-2008.
-W3C
-Team
-Submission.
-URL:
-<a href="http://www.w3.org/TeamSubmission/turtle/">
-http://www.w3.org/TeamSubmission/turtle/
-</a>
-</dd>
-<dt id="bib-X509V3">
-[X509V3]
-</dt>
-<dd rel="dcterms:requires">
-<cite>
-ITU-T
-Recommendation
-X.509
-version
-3
-(1997).
-"Information
-Technology
--
-Open
-Systems
-Interconnection
--
-The
-Directory
-Authentication
-Framework"
-ISO/IEC
-9594-8:1997
-</cite>.
-</dd>
-<dt id="bib-XHTML-RDFA">
-[XHTML-RDFA]
-</dt>
-<dd rel="dcterms:requires">
-Shane
-McCarron;
-et.
-al.
-<a href="http://www.w3.org/TR/2010/WD-xhtml-rdfa-20100422">
-<cite>
-XHTML+RDFa
-1.1.
-</cite>
-</a>
-22
-April
-2010.
-W3C
-Working
-Draft.
-URL:
-<a href="http://www.w3.org/TR/2010/WD-xhtml-rdfa-20100422">
-http://www.w3.org/TR/WD-xhtml-rdfa-20100422
-</a>
-</dd>
-</dl>
-</div>
-<div id="informative-references" typeof="bibo:Chapter" about="#informative-references" class="section">
-<h3>
-<span class="secno">
-A.2
-</span>
-Informative
-references
-</h3>
-<dl class="bibliography" about="">
-<dt id="bib-RDF-CONCEPTS">
-[RDF-CONCEPTS]
-</dt>
-<dd rel="dcterms:references">
-Graham
-Klyne;
-Jeremy
-J.
-Carroll.
-<a href="http://www.w3.org/TR/2004/REC-rdf-concepts-20040210">
-<cite>
-Resource
-Description
-Framework
-(RDF):
-Concepts
-and
-Abstract
-Syntax.
-</cite>
-</a>
-10
-February
-2004.
-W3C
-Recommendation.
-URL:
-<a href="http://www.w3.org/TR/2004/REC-rdf-concepts-20040210">
-http://www.w3.org/TR/2004/REC-rdf-concepts-20040210
-</a>
-</dd>
-</dl>
-</div>
-</div>
-</body>
-</html>
--- a/drafts/ED-webid-20100725/index.html Tue Jan 25 09:51:23 2011 -0500
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,635 +0,0 @@
-<?xml version='1.0' encoding='UTF-8'?>
-<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML+RDFa 1.0//EN' 'http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd'>
-<html dir="ltr" about="" property="dcterms:language" content="en" xmlns="http://www.w3.org/1999/xhtml" xmlns:dcterms='http://purl.org/dc/terms/' xmlns:bibo='http://purl.org/ontology/bibo/' xmlns:foaf='http://xmlns.com/foaf/0.1/' xmlns:xsd='http://www.w3.org/2001/XMLSchema#'>
-<head>
- <title>WebID 1.0</title>
- <meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
-
-<!--
- === NOTA BENE ===
- For the three scripts below, if your spec resides on dev.w3 you can check them
- out in the same tree and use relative links so that they'll work offline,
- -->
-
-<style type="text/css">
-code { font-family: monospace; }
-
-span.hilite { color: red; /* font-weight: bold */ }
-
-li p { margin-top: 0.3em;
- margin-bottom: 0.3em; }
-
-div.explanation { background-color: #ADD8E6;
- width: 80%;
- margin: 12px; padding: 8px; }
-div.explanation li { margin-top: 8px; }
-div.explanation dd { margin: 4px; }
-
-.adef {
- font-family: monospace;
- font-weight: bold;
- color: #ff4500 !important;
-}
-
-.aref {
- font-family: monospace;
- font-weight: bold;
- color: #ff4500 !important;
-}
-
-span.entity { color: red; }
-
-span.element { color: green; }
-</style>
-
-
-
-<!-- <script src='/ReSpec.js/js/respec.js' class='remove'></script> -->
-
-
- <link href="http://dev.w3.org/2009/dap/ReSpec.js/css/respec.css" rel="stylesheet" type="text/css" charset="utf-8" /><link href="http://www.w3.org/StyleSheets/TR/w3c-unofficial" rel="stylesheet" type="text/css" charset="utf-8" /></head><body style="display: inherit; "><div class="head"><p></p><h1 rel="dcterms:title" class="title" id="title">WebID 1.0</h1><h2 rel="bibo:subtitle" id="subtitle">Web Identification and Discovery</h2><h2 property="dcterms:issued" datatype="xsd:dateTime" content="2010-07-25T22:59:59+0000" id="unofficial-draft-25-july-2010">Unofficial Draft 25 July 2010</h2><dl><dt>Editor:</dt><dd rel="bibo:editor"><span typeof="foaf:Person"><span property="foaf:name">Manu Sporny</span>, <a rel="foaf:workplaceHomepage" href="http://blog.digitalbazaar.com/">Digital Bazaar, Inc.</a> <a rel="foaf:mbox" href="mailto:msporny@digitalbazaar.com">msporny@digitalbazaar.com</a> </span>
-</dd>
-<dt>Authors:</dt><dd><span><a content="Toby Inkster" href="http://tobyinkster.co.uk/">Toby Inkster</a></span>
-</dd>
-<dd><span><a content="Henry Story" href="http://bblfish.net/">Henry Story</a></span>
-</dd>
-<dd><span><a content="Bruno Harbulot" href="http://blog.distributedmatter.net/">Bruno Harbulot</a></span>
-</dd>
-<dd><span><a content="Reto Bachmann-Gmür" href="http://www.facebook.com/farewellutopia">Reto Bachmann-Gmür</a></span>
-</dd>
-</dl><p>This document is also available in this non-normative format: <a href="diff-20100718.html">Diff from previous Editors Draft</a>.</p><p class="copyright">This document is licensed under a <a class="subfoot" href="http://creativecommons.org/licenses/by/3.0/" rel="license">Creative Commons Attribution 3.0 License</a>.</p><hr></hr></div>
- <div id="abstract" class="introductory section" property="dcterms:abstract" datatype="" typeof="bibo:Chapter" about="#abstract"><h2>Abstract</h2>
-
-<p>Social networking, identity and privacy have been at the center of how we
-interact with the Web in the last decade. The explosion of social networking
-sites has brought the world closer together as well as created new points of
-pain regarding ease of use and the Web. Remembering login details, passwords,
-and sharing private information across the many websites and social groups
-that we are a part of has become more difficult and complicated than necessary.
-The Social Web is designed to ensure that control of identity and privacy
-settings is always simple and under one's control. WebID is a key enabler of the
-Social Web. This specification outlines a simple universal identification
-mechanism that is distributed, openly extensible, improves privacy, security
-and control over how one can identify themselves and control access to their
-information on the Web.
-</p>
-
-<div typeof="bibo:Chapter" about="#how-to-read-this-document" class="section">
-<h3 id="how-to-read-this-document">How to Read this Document</h3>
-
-<p>There are a number of concepts that are covered in this document that the
-reader may want to be aware of before continuing. General knowledge of
-<a href="http://en.wikipedia.org/wiki/Public_key_cryptography">public key cryptography</a>
-and RDF [<a class="bibref" rel="biblioentry" href="#bib-RDF-PRIMER">RDF-PRIMER</a>] and RDFa [<a class="bibref" rel="biblioentry" href="#bib-RDFA-CORE">RDFA-CORE</a>] is necessary to understand how
-to implement this specification. WebID uses a number of specific technologies
-like HTTP over TLS [<a class="bibref" rel="biblioentry" href="#bib-HTTP-TLS">HTTP-TLS</a>], X.509 certificates [<a class="bibref" rel="biblioentry" href="#bib-X509V3">X509V3</a>],
-RDF/XML [<a class="bibref" rel="biblioentry" href="#bib-RDF-SYNTAX-GRAMMAR">RDF-SYNTAX-GRAMMAR</a>] and XHTML+RDFa [<a class="bibref" rel="biblioentry" href="#bib-XHTML-RDFA">XHTML-RDFA</a>].</p>
-
-<p>A general <a href="#introduction">Introduction</a> is provided for all that
-would like to understand why this specification is necessary to simplify usage
-of the Web.</p>
-
-<p>The terms used throughout this specification are listed in the section
-titled <a href="#terminology">Terminology</a>.</p>
-
-<p>Developers that are interested in implementing this specification will be
-most interested in the sections titled
-<a href="#authentication-sequence">Authentication Sequence</a> and
-<a href="#authentication-sequence-details">Authentication Sequence Details</a>.
-
-</p></div>
-</div><div id="sotd" class="introductory section" typeof="bibo:Chapter" about="#sotd"><h2>Status of This Document</h2><p>This document is merely a public working draft of a potential specification. It has no official standing of any kind and does not represent the support or consensus of any standards organisation.</p>
-
-<!-- <p>This document has been reviewed by W3C Members, by software
-developers, and by other W3C groups and interested parties, and is
-endorsed by the Director as a W3C Recommendation. It is a stable
-document and may be used as reference material or cited from another
-document. W3C's role in making the Recommendation is to draw attention
-to the specification and to promote its widespread deployment. This
-enhances the functionality and interoperability of the Web.</p> -->
-
-
-The source code for this document is available via Github at the following
-URL: <a href="http://github.com/msporny/webid-spec">http://github.com/msporny/webid-spec</a>
-
-</div><div id="toc" typeof="bibo:Chapter" about="#toc" class="section"><h2 class="introductory">Table of Contents</h2><ul class="toc"><li class="tocline"><a href="#introduction" class="tocxref"><span class="secno">1. </span>Introduction</a><ul class="toc"><li class="tocline"><a href="#motivation" class="tocxref"><span class="secno">1.1 </span>Motivation</a></li><li class="tocline"><a href="#relation-to-openid" class="tocxref"><span class="secno">1.2 </span>Relation to OpenID</a></li><li class="tocline"><a href="#relation-to-oauth" class="tocxref"><span class="secno">1.3 </span>Relation to OAuth</a></li></ul></li><li class="tocline"><a href="#the-webid-protocol" class="tocxref"><span class="secno">2. </span>The WebID Protocol</a><ul class="toc"><li class="tocline"><a href="#terminology" class="tocxref"><span class="secno">2.1 </span>Terminology</a></li><li class="tocline"><a href="#authentication-sequence" class="tocxref"><span class="secno">2.2 </span>Authentication Sequence</a></li><li class="tocline"><a href="#authentication-sequence-details" class="tocxref"><span class="secno">2.3 </span>Authentication Sequence Details</a><ul class="toc"><li class="tocline"><a href="#initiating-a-tls-connection" class="tocxref"><span class="secno">2.3.1 </span>Initiating a TLS Connection</a></li><li class="tocline"><a href="#exchanging-the-identification-certificate" class="tocxref"><span class="secno">2.3.2 </span>Exchanging the Identification Certificate</a></li><li class="tocline"><a href="#processing-the-webid-profile" class="tocxref"><span class="secno">2.3.3 </span>Processing the WebID Profile</a></li><li class="tocline"><a href="#extracting-webid-url-details" class="tocxref"><span class="secno">2.3.4 </span>Extracting WebID URL Details</a></li><li class="tocline"><a href="#authorization" class="tocxref"><span class="secno">2.3.5 </span>Authorization</a></li><li class="tocline"><a href="#secure-communication" class="tocxref"><span class="secno">2.3.6 </span>Secure Communication</a></li></ul></li><li class="tocline"><a href="#the-webid-profile" class="tocxref"><span class="secno">2.4 </span>The WebID Profile</a><ul class="toc"><li class="tocline"><a href="#personal-information" class="tocxref"><span class="secno">2.4.1 </span>Personal Information</a></li><li class="tocline"><a href="#cryptographic-details" class="tocxref"><span class="secno">2.4.2 </span>Cryptographic Details</a></li></ul></li></ul></li><li class="tocline"><a href="#references" class="tocxref"><span class="secno">A. </span>References</a><ul class="toc"><li class="tocline"><a href="#normative-references" class="tocxref"><span class="secno">A.1 </span>Normative references</a></li><li class="tocline"><a href="#informative-references" class="tocxref"><span class="secno">A.2 </span>Informative references</a></li></ul></li></ul></div>
-
-
-
-<div class="informative section" id="introduction" typeof="bibo:Chapter" about="#introduction">
-
-<!-- OddPage -->
-<h2><span class="secno">1. </span>Introduction</h2><p><em>This section is non-normative.</em></p>
-
-<p>
-The WebID specification is designed to help alleviate the difficultly that
-remembering different logins, passwords and settings for websites has created.
-It is also designed to provide a universal and extensible mechanism to express
-public and private information about yourself. This section outlines the
-motivation behind the specification and the relationship to other similar
-specifications that are in active use today.
-</p>
-
-<div class="informative section" id="motivation" typeof="bibo:Chapter" about="#motivation">
-<h3><span class="secno">1.1 </span>Motivation</h3><p><em>This section is non-normative.</em></p>
-
-<p>
-It is a fundamental design criteria of the Web to enable individuals and
-organizations to control how they interact with the rest of society. This
-includes how one expresses their identity, public information and personal
-details to social networks, Web sites and services.
-</p>
-
-<p>
-Semantic Web vocabularies such as Friend-of-a-Friend (FOAF) permit distributed
-hyperlinked social networks to exist. This vocabulary, along with other
-vocabularies, allow one to add information and services protection to
-distributed social networks.
-</p>
-
-<p>
-One major criticism of open networks is that they seem to have no way of
-protecting the personal information distributed on the web or limiting
-access to resources. Few people are willing to make all their personal
-information public, many would like large pieces to be protected, making
-it available only to a select group of agents. Giving access to
-information is very similar to giving access to services. There are many
-occasions when people would like services to only be accessible to
-members of a group, such as allowing only friends, family members,
-colleagues to post an article, photo or comment on a blog. How does one do
-this in a flexible way, without requiring a central point of
-access control?
-</p>
-
-<p>
-Using an process made popular by OpenID, we show how one can tie a User
-Agent to a URL by proving that one has write access to the URL. WebID is
-a simpler alternative to OpenID (fewer connections), that uses X.509
-certificates to tie a User Agent (Browser) to a Person identified via a URL.
-WebID also provides a few additional features to OpenID. These
-features include trust management, via digital signatures, and free-form
-extensibility via RDFa. By using the existing SSL certificate exchange
-mechanism, WebID integrates more smoothly with existing Web browsers, including
-browsers on mobile devices. WebID also permits automated session login
-in addition to interactive session login. Additionally, all data is encrypted
-and guaranteed to only be received by the person or organization that was
-intended to receive it.
-</p>
-
-</div>
-
-<div class="informative section" id="relation-to-openid" typeof="bibo:Chapter" about="#relation-to-openid">
-<h3><span class="secno">1.2 </span>Relation to OpenID</h3><p><em>This section is non-normative.</em></p>
-
-<p class="issue">This section needs to be re-written. The flow and grammar
-leaves much to be desired. -- manu</p>
-
-<p>WebID is compatible with OpenID. Both protocols use a URL that dereferences
-to a Personal Profile Document. This Personal Profile Document is where further
-information about an identity can be discovered. This mechanism is compatible
-with both WebID and OpenID. Therefore, WebID does not intend to replace OpenID,
-but can work beside OpenID by sharing the content in the Personal Profile
-Document.</p>
-
-<p>That said, there are a number of benefits that WebID achieves over OpenID:
-</p>
-
-<p>WebID gives people and other agents a WebID URL for identification. OpenID
-also provides a URL to a Personal Profile Document. However, in the case of
-WebID, one does not need to remember the URL since the User Agent remembers
-the URL on behalf of the person browsing. To log in on a WebID web site there
-is no need to enter any identifier like one has to do for OpenID. Just one click
-tells the browser to send the WebID URL. The person that is browsing does
-not need to remember either their WebID URL or the website password. The only
-password one may need to remember is the one that is used to access their
-collection of WebIDs in their browser, and that's only if they opt-in to
-password protect their WebIDs.
-</p>
-
-<p>
-While WebID works well in a browser environment, it is also very useful outside
-of the browser environment. WebID can also operate without requiring the use
-of any passwords. This is useful to developers that may
-want to use WebID to perform server-to-server or peer-to-peer verification of
-identity. WebID works for automated agents such as Search Agents, API Agents,
-and other automated mechanisms that are often found outside of the browser
-environment.
-</p>
-
-<p>The WebID protocol requires just one direct network connection to establish
-identity via the client. The server requires one connection to the client and
-one connection to retrieve the WebID Profile if it does not have the credential
-information cached. Compare this to the much more complex OpenID sequence, which
-requires six connections by the client to establish a login. In a world of
-distributed data where each site can point to data on any other site, multiple
-connections become costly to manage.</p>
-
-<p>WebID builds on a number of well established Internet and Web standards;
-<a href="http://en.wikipedia.org/wiki/REST">REST</a>,
-RDF [<a class="bibref" rel="biblioentry" href="#bib-RDF-PRIMER">RDF-PRIMER</a>], RDFa [<a class="bibref" rel="biblioentry" href="#bib-RDFA-CORE">RDFA-CORE</a>], RDF/XML [<a class="bibref" rel="biblioentry" href="#bib-RDF-SYNTAX-GRAMMAR">RDF-SYNTAX-GRAMMAR</a>],
-TLS [<a class="bibref" rel="biblioentry" href="#bib-HTTP-TLS">HTTP-TLS</a>], and X.509 [<a class="bibref" rel="biblioentry" href="#bib-X509V3">X509V3</a>]. By building on previous standards,
-it makes both explaining and implementing WebID easier on developers.</p>
-
-<p>Since WebID is RESTful, you can perform basic HTTP operations to
-<code>GET</code> your WebID, and if you needed update it, you can use
-HTTP <code>PUT</code> semantics. You can also create a WebID via
-<code>POST</code>. This is improved from the OpenID specification, which
-requires a new set of operations described in the OpenID Attribute Exchange
-specification.</p>
-
-<p>WebID is built on RDF and thus enables all of the advanced semantic web
-concepts that RDF enables. For example, a developer may perform machine
-reasoning with a WebID. One can construct machine-executable statements like
-"If this WebID claims to be a friend of one of our partner WebIDs that is
-trusted and the relationship is bi-directional, trust the WebID."
-While OpenID attempts to support this use case by mapping OpenID to RDF, it's
-far easier to do with WebID because WebID is natively RDF-aware.</p>
-
-<p>It is easy to extend a WebID with new attributes via RDF. The power of
-RDF allows developers to add extensions to WebID by defining new
-vocabularies that they publish. There is no authorization process necessary
-and thus WebID allows for distributed innovation. Every WebID property is
-a URI, which when clicked, can give you yet more information about what the
-property means. A developer can create new usage classes by extending their
-vocabulary at will. A developer can add relationships to a WebID by simply
-adding more HTML to the developer's page. OpenID does not provide any type of
-distributed innovation akin to RDF.</p>
-
-<p>Implementing WebID is easier than OpenID because all of the basic
-technologies have been working and integrated into Web browsers for many years.
-There were already three interoperable implementations of WebID before this
-specification was written.</p>
-
-<p>WebID is truly decentralized - with WebID you get a web of trust.
-OpenID only supports the Web of Trust model if you indirectly trust the
-OpenID provider. In other words - OpenID is not truly decentralized. In OpenID
-you must trust OpenID providers. With WebID you only have to trust the people
-and the organizations with which you are communicating. In other words, you
-don't have to ask anyone whether or not you can trust your friends. You can
-query people that you trust directly to see if someone is trustworthy or not.
-There is no need for a central WebID authority.
-</p>
-
-<p>WebID is fully distributed, anyone can setup a WebID by placing a single
-file on a web server of their choosing. There is no need for a special
-OpenID-like provider service. The only thing anyone that wants a WebID needs
-is a web account where you can post your WebID file, ideally on your own domain
-name. You can also use a WebID hosting provider, but it's not necessary for
-WebID to work. While it is possible to run an OpenID server, other
-OpenID applications may not trust you and thus you won't be able to fully
-utilize your private OpenID credentials. The reason that there are a few
-large OpenID providers and very few small OpenID providers is because of this
-trust design issue related to OpenID.</p>
-
-<p>WebID does not require HTTP redirects. Redirects are problematic on many
-cell phones, because telecoms heavily rely on proxys, which selectively block
-redirects.</p>
-
-<p>A WebID provider is 100% compatible with an OpenID provider and thus can
-inter-operate with OpenID-powered networks.</p>
-
-</div>
-
-<div class="informative section" id="relation-to-oauth" typeof="bibo:Chapter" about="#relation-to-oauth">
-<h3><span class="secno">1.3 </span>Relation to OAuth</h3><p><em>This section is non-normative.</em></p>
-
-<p>
-OAuth and WebID are mutually beneficial when used together. WebID can be
-used to provide RSA parameters to the RSA-SHA1 signature method required by
-OAuth 1.0. WebID can also be used to establish the consumer_key and HTTPS
-connection that will be used to transmit OAuth Tokens in OAuth 2.0.
-</p>
-
-</div>
-</div>
-
-<div class="normative section" id="the-webid-protocol" typeof="bibo:Chapter" about="#the-webid-protocol">
-
-<!-- OddPage -->
-<h2><span class="secno">2. </span>The WebID Protocol</h2>
-
-<div class="normative section" id="terminology" typeof="bibo:Chapter" about="#terminology">
-<h3><span class="secno">2.1 </span>Terminology</h3>
-
-<dl>
-
-<dt><dfn title="Verification_Agent" id="dfn-verification_agent">Verification Agent</dfn></dt>
-<dd>Performs authentication on provided WebID credentials and determines if
-an <a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent">Identification Agent</a> can have access to a particular
-resource. A <a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">Verification Agent</a> is typically a Web server, but
-may also be a peer on a peer-to-peer network.</dd>
-
-<dt><dfn title="Identification_Agent" id="dfn-identification_agent">Identification Agent</dfn></dt>
-<dd>Provides identification credentials to a Verification Agent. The
-<a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent">Identification Agent</a> is typically also a User Agent.</dd>
-
-<dt><dfn title="Identification_Certificate" id="dfn-identification_certificate">Identification Certificate</dfn></dt>
-<dd>An X.509 [<a class="bibref" rel="biblioentry" href="#bib-X509V3">X509V3</a>] Certificate that <em class="rfc2119" title="must">must</em> contain a
-<code>Subject Alternative Name</code> extension with a URI entry. The URI
-<em class="rfc2119" title="should">should</em> be a URL, and <em class="rfc2119" title="should not">should not</em> be a URN. The URL
-identifies the <a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent">Identification Agent</a>. The URL <em class="rfc2119" title="must">must</em> be
-dereference-able and result in a document containing RDF data. For example,
-the certificate would contain <code>http://example.org/webid#public</code>,
-known as a <a class="tref internalDFN" title="WebID_URL" href="#dfn-webid_url">WebID URL</a>, as the <code>Subject Alternative Name</code>:
-<code><pre>
-X509v3 extensions:
- ...
- X509v3 Subject Alternative Name:
- URI:http://example.org/webid#public
-</pre></code>
-
-</dd><dt><dfn title="WebID_URL" id="dfn-webid_url">WebID URL</dfn></dt>
-<dd>A URL specified via the <code>Subject Alternative Name</code> extension
-of the <a class="tref internalDFN" title="Identification_Certificate" href="#dfn-identification_certificate">Identification Certificate</a> that identifies an
-<a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent">Identification Agent</a>.</dd>
-
-<dt><dfn title="public_key" id="dfn-public_key">public key</dfn></dt>
-<dd>A widely distributed crytographic key that can be used to verify
-digital signatures and encrypt data between a sender and a receiver. A public
-key is always included in an <a class="tref internalDFN" title="Identification_Certificate" href="#dfn-identification_certificate">Identification Certificate</a></dd>
-
-<dt><dfn title="WebID_Profile" id="dfn-webid_profile">WebID Profile</dfn></dt>
-<dd>
-A structured document that contains identification credentials for the
-<a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent">Identification Agent</a> expressed using the Resource Description
-Framework [<a class="bibref" rel="biblioentry" href="#bib-RDF-CONCEPTS">RDF-CONCEPTS</a>]. Either the XHTML+RDFa 1.1 [<a class="bibref" rel="biblioentry" href="#bib-XHTML-RDFA">XHTML-RDFA</a>]
-serialization format or the RDF/XML [<a class="bibref" rel="biblioentry" href="#bib-RDF-SYNTAX-GRAMMAR">RDF-SYNTAX-GRAMMAR</a>] serialization
-format <em class="rfc2119" title="must">must</em> be supported by the mechanism, e.g. a Web Service, providing the
-WebID Profile document. Alternate RDF serialization
-formats, such as N3 [<a class="bibref" rel="biblioentry" href="#bib-N3">N3</a>] or Turtle [<a class="bibref" rel="biblioentry" href="#bib-TURTLE">TURTLE</a>], <em class="rfc2119" title="may">may</em> be supported by the
-mechanism providing the WebID Profile document.
-</dd>
-
-</dl>
-
-<p class="issue">Whether or not RDF/XML, XHTML+RDFa 1.1, both or neither
-serialization of RDF should be required serialization formats in the
-specification is currently under heavy debate.</p>
-
-</div>
-
-<div class="normative section" id="authentication-sequence" typeof="bibo:Chapter" about="#authentication-sequence">
-<h3><span class="secno">2.2 </span>Authentication Sequence</h3>
-
-<p>The following steps are executed by Verification Agents and Identification
-Agents to determine if access should be granted to a particular resource.
-</p>
-
-<ol>
-<li>The <a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent">Identification Agent</a> attempts to access a resource
-using HTTP over TLS [<a class="bibref" rel="biblioentry" href="#bib-HTTP-TLS">HTTP-TLS</a>] via the <a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">Verification Agent</a>.</li>
-
-<li>The <a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">Verification Agent</a> <em class="rfc2119" title="must">must</em> request the
-<a class="tref internalDFN" title="Identification_Certificate" href="#dfn-identification_certificate">Identification Certificate</a> of the <a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent">Identification Agent</a>
-as a part of the TLS client-cerificate retrieval protocol.</li>
-
-<li>The <a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">Verification Agent</a> <em class="rfc2119" title="must">must</em> extract the <a class="tref internalDFN" title="public_key" href="#dfn-public_key">public key</a> and the
-<a class="tref internalDFN" title="WebID_URL" href="#dfn-webid_url">WebID URL</a> contained in the <code>Subject Alternative Name</code>
-extension of the <a class="tref internalDFN" title="Identification_Certificate" href="#dfn-identification_certificate">Identification Certificate</a>.</li>
-
-<li>The <a class="tref internalDFN" title="public_key" href="#dfn-public_key">public key</a> information associated with the
-<a class="tref internalDFN" title="WebID_URL" href="#dfn-webid_url">WebID URL</a> <em class="rfc2119" title="must">must</em> be checked by the <a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">Verification Agent</a>.
-This process <em class="rfc2119" title="should">should</em> occur either by dereferencing the <a class="tref internalDFN" title="WebID_URL" href="#dfn-webid_url">WebID URL</a> and
-extracting RDF data from the resulting document, or by utilizing a cached
-version of the RDF data contained in the document or other data source that is
-up-to-date and trusted by the <a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">Verification Agent</a>. The processing
-and extraction mechanism is further detailed in the sections titled
-<a href="#processing-the-webid-profile">Processing the WebID Profile</a> and
-<a href="#extracting-webid-url-details">Extracting WebID URL Details</a>.
-</li>
-
-<li>If the <a class="tref internalDFN" title="public_key" href="#dfn-public_key">public key</a> in the
-<a class="tref internalDFN" title="Identification_Certificate" href="#dfn-identification_certificate">Identification Certificate</a> is found in the list of
-<a class="tref internalDFN" title="public_key" href="#dfn-public_key">public key</a>s associated with the <a class="tref internalDFN" title="WebID_URL" href="#dfn-webid_url">WebID URL</a>, the
-<a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">Verification Agent</a> <em class="rfc2119" title="must">must</em> assume that the client intends to use
-the <a class="tref internalDFN" title="public_key" href="#dfn-public_key">public key</a> to verify their ownership of the WebID URL.</li>
-
-<li>
-The <a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">Verification Agent</a> verifies that the
-<a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent">Identification Agent</a> owns the <a class="tref internalDFN" title="WebID_Profile" href="#dfn-webid_profile">WebID Profile</a>
-by using the <a class="tref internalDFN" title="public_key" href="#dfn-public_key">public key</a> to create a cryptographic challenge.
-The challenge <em class="rfc2119" title="should">should</em> be fulfilled by performing TLS mutual-authentication
-between the <a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">Verification Agent</a> and the
-<a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent">Identification Agent</a>.
-If the <a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">Verification Agent</a> does not have access to the TLS layer,
-a digital signature challenge <em class="rfc2119" title="must">must</em> be provided by the
-<a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">Verification Agent</a>. These processes are detailed in the sections
-titled <a href="#authorization">Authorization</a> and
-<a href="#secure-communication">Secure Communication</a>.</li>
-
-</ol>
-
-<p>
-The <a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent">Identification Agent</a> <em class="rfc2119" title="may">may</em> re-establish a different identity at
-any time by executing all of the steps in the Authentication Sequence again.
-Additional algorithms, detailed in the next section, <em class="rfc2119" title="may">may</em> be performed to
-determine if the <a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">Verification Agent</a> can access a particular
-resource after the last step of the Authentication Sequence has been
-completed.
-</p>
-
-</div>
-
-<div class="normative section" id="authentication-sequence-details" typeof="bibo:Chapter" about="#authentication-sequence-details">
-<h3><span class="secno">2.3 </span>Authentication Sequence Details</h3>
-
-<p>This section covers details about each step in the authentication process.
-</p>
-
-<div class="normative section" id="initiating-a-tls-connection" typeof="bibo:Chapter" about="#initiating-a-tls-connection">
-<h4><span class="secno">2.3.1 </span>Initiating a TLS Connection</h4>
-
-<p class="issue">This section will detail how the TLS connection process is
-started and used by WebID to create a secure channel between the
-Identification Agent and the Verification Agent.</p>
-</div>
-
-<div class="normative section" id="exchanging-the-identification-certificate" typeof="bibo:Chapter" about="#exchanging-the-identification-certificate">
-<h4><span class="secno">2.3.2 </span>Exchanging the Identification Certificate</h4>
-
-<p class="issue">This section will detail how the certificate is selected and
-sent to the Verification Agent.</p>
-</div>
-
-<div class="normative section" id="processing-the-webid-profile" typeof="bibo:Chapter" about="#processing-the-webid-profile">
-<h4><span class="secno">2.3.3 </span>Processing the WebID Profile</h4>
-
-<p>A Verification Agent <em class="rfc2119" title="must">must</em> be able to process documents in RDF/XML
-[<a class="bibref" rel="biblioentry" href="#bib-RDF-SYNTAX-GRAMMAR">RDF-SYNTAX-GRAMMAR</a>] and XHTML+RDFa [<a class="bibref" rel="biblioentry" href="#bib-XHTML-RDFA">XHTML-RDFA</a>]. A server responding to
-a WebID Profile request <em class="rfc2119" title="should">should</em> support HTTP content negotiation. The server
-<em class="rfc2119" title="must">must</em> return a representation in RDF/XML for media type
-<code>application/rdf+xml</code>.
-The server <em class="rfc2119" title="must">must</em> return a representation in XHTML+RDFa for media type
-<code>text/html</code> or media type
-<code>application/xhtml+xml</code>. <a class="tref" title="Verification_Agents">Verification Agents</a> and
-<a class="tref" title="Identification_Agents">Identification Agents</a> <em class="rfc2119" title="may">may</em> support any other RDF format via
-HTTP content negotiation.
-</p>
-
-<p class="issue">This section will explain how a Verification Agent extracts
-semantic data describing the identification credentials from a WebID Profile.</p>
-</div>
-
-<div class="normative section" id="extracting-webid-url-details" typeof="bibo:Chapter" about="#extracting-webid-url-details">
-<h4><span class="secno">2.3.4 </span>Extracting WebID URL Details</h4>
-
-<p>
-The <a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">Verification Agent</a> may use a number of different methods to
-extract the <a class="tref internalDFN" title="public_key" href="#dfn-public_key">public key</a> information from the <a class="tref internalDFN" title="WebID_Profile" href="#dfn-webid_profile">WebID Profile</a>.
-</p>
-The following SPARQL query outlines one way in which the <a class="tref internalDFN" title="public_key" href="#dfn-public_key">public key</a>
-could be extracted from the <a class="tref internalDFN" title="WebID_Profile" href="#dfn-webid_profile">WebID Profile</a>:
-<code><pre>
-PREFIX cert: <http://www.w3.org/ns/auth/cert#>
-PREFIX rsa: <http://www.w3.org/ns/auth/rsa#>
-SELECT ?modulus ?exp
-WHERE {
- ?key cert:identity <http://example.org/webid#public>;
- a rsa:RSAPublicKey;
- rsa:modulus [ cert:hex ?modulus; ];
- rsa:public_exponent [ cert:decimal ?exp ] .
-}
-</pre></code>
-
-<p class="issue">This section still needs more information.</p>
-
-</div>
-
-<div class="normative section" id="authorization" typeof="bibo:Chapter" about="#authorization">
-<h4><span class="secno">2.3.5 </span>Authorization</h4>
-
-<p class="issue">This section will explain how a Verification Agent may
-use the information discovered via a WebID URL to determine if one should
-be able to access a particular resource. It will explain how a Verification
-Agent can use links to other RDFa documents to build knowledge about the
-given WebID.</p>
-
-</div>
-
-<div class="normative section" id="secure-communication" typeof="bibo:Chapter" about="#secure-communication">
-<h4><span class="secno">2.3.6 </span>Secure Communication</h4>
-
-<p class="issue">This section will explain how an Identification Agent and
-a Verification Agent may communicate securely using a set of verified
-identification credentials.</p>
-
-<p>
-If the <a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">Verification Agent</a> has verified that the
-<a class="tref internalDFN" title="WebID_Profile" href="#dfn-webid_profile">WebID Profile</a> is owned by the <a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent">Identification Agent</a>,
-the <a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">Verification Agent</a> <em class="rfc2119" title="should">should</em> use the verified
-<a class="tref internalDFN" title="public_key" href="#dfn-public_key">public key</a> contained in the <a class="tref internalDFN" title="Identification_Certificate" href="#dfn-identification_certificate">Identification Certificate</a>
-for all TLS-based communication with the <a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent">Identification Agent</a>.
-This ensures that both the <a class="tref" title="Authorization_Agent">Authorization Agent</a> and the
-<a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent">Identification Agent</a>
-are communicating in a secure manner, ensuring cryptographically protected
-privacy for both sides.
-</p>
-
-</div>
-
-</div>
-
-<div class="normative section" id="the-webid-profile" typeof="bibo:Chapter" about="#the-webid-profile">
-<h3><span class="secno">2.4 </span>The WebID Profile</h3>
-
-<p>The <a class="tref internalDFN" title="WebID_Profile" href="#dfn-webid_profile">WebID Profile</a> is a structured document that contains
-identification credentials for the <a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent">Identification Agent</a> expressed
-using the Resource Description Framework [<a class="bibref" rel="biblioentry" href="#bib-RDF-CONCEPTS">RDF-CONCEPTS</a>]. The following
-sections describe how to express certain common properties that could be used
-by <a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">Verification Agent</a>s and other entities that consume a
-<a class="tref internalDFN" title="WebID_Profile" href="#dfn-webid_profile">WebID Profile</a>.</p>
-
-<p>The following vocabularies are used in their shortened form in the
-subsequent sections:</p>
-
-<dl>
- <dt>foaf</dt>
- <dd>http://xmlns.com/foaf/0.1/</dd>
- <dt>cert</dt>
- <dd>http://www.w3.org/ns/auth/cert#</dd>
- <dt>rsa</dt>
- <dd>http://www.w3.org/ns/auth/rsa#</dd>
-</dl>
-
-<div class="normative section" id="personal-information" typeof="bibo:Chapter" about="#personal-information">
-<h4><span class="secno">2.4.1 </span>Personal Information</h4>
-
-<p>Personal details are the most common requirement when registering an
-account with a website. Some of these pieces of information include an e-mail
-address, a name and perhaps an avatar image. This section includes
-properties that <em class="rfc2119" title="should">should</em> be used when conveying key pieces of personal
-information but are <em class="rfc2119" title="not required">not required</em> to be present in a WebID Profile:</p>
-
-<dl>
- <dt>foaf:mbox</dt>
- <dd>The e-mail address that is associated with the WebID URL.</dd>
- <dt>foaf:name</dt>
- <dd>The name that is most commonly used to refer to the individual
- or agent.</dd>
- <dt>foaf:depiction</dt>
- <dd>An image representation of the individual or agent.</dd>
-</dl>
-</div>
-
-<div class="normative section" id="cryptographic-details" typeof="bibo:Chapter" about="#cryptographic-details">
-<h4><span class="secno">2.4.2 </span>Cryptographic Details</h4>
-
-<p>Cryptographic details are important when <a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">Verification Agent</a>s
-and <a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent">Identification Agent</a>s interact. The following properties
-<em class="rfc2119" title="should">should</em> be used when conveying cryptographic information in WebID Profile
-documents:</p>
-
-<dl>
- <dt>rsa:RSAPublicKey</dt>
- <dd>Expresses an RSA public key. The RSAPublicKey <em class="rfc2119" title="must">must</em> specify the
- rsa:modulus and rsa:public_exponent properties.</dd>
- <dt>cert:identity</dt>
- <dd>Used to associate an RSAPublicKey with a WebID URL. A WebID Profile
- <em class="rfc2119" title="must">must</em> contain at least one RSAPublicKey that is associated with the
- corresponding WebID URL.</dd>
-</dl>
-</div>
-
-</div>
-
-<div id="appendix" typeof="bibo:Chapter" about="#appendix" class="section">
-
-<div class="informative section" id="history" typeof="bibo:Chapter" about="#history">
-<h4>Change History</h4><p><em>This section is non-normative.</em></p>
-<p><a href="http://github.com/msporny/webid-spec/commit/b19d2812901b4511fdf9876c1be53bb36ee3201e">2010-07-25</a> Added WebID Profile section.</p>
-<p><a href="http://github.com/msporny/webid-spec/commit/211d197510ca119c21ae48f3e5aa3f931ea88672">2010-07-18</a> Updates from WebID community related to RDF/XML support, authentication sequence corrections, abstract and introduction updates.</p>
-<p><a href="http://github.com/msporny/webid-spec/commit/a54dee9c242b08edaac617d678215b389dd3556d">2010-07-11</a> Initial version.</p>
-</div>
-
-<div class="informative section" id="acknowledgements" typeof="bibo:Chapter" about="#acknowledgements">
-<h4>Acknowledgments</h4><p><em>This section is non-normative.</em></p>
-
-<p>The following people have been instrumental in providing thoughts, feedback,
-reviews, criticism and input in the creation of this specification:</p>
-
-<ul>
-<li>Melvin Carvalho</li>
-<li>Bruno Harbulot</li>
-<li>Toby Inkster</li>
-<li>Ian Jacobi</li>
-<li>Jeff Sayre</li>
-<li>Henry Story</li>
-</ul>
-
-</div>
-</div>
-
-
-
-</div><div id="references" class="appendix section" typeof="bibo:Chapter" about="#references">
-<!-- OddPage -->
-<h2><span class="secno">A. </span>References</h2><div id="normative-references" typeof="bibo:Chapter" about="#normative-references" class="section"><h3><span class="secno">A.1 </span>Normative references</h3><dl class="bibliography" about=""><dt id="bib-HTTP-TLS">[HTTP-TLS]</dt><dd rel="dcterms:requires">E. Rescorla. <a href="http://www.ietf.org/rfc/rfc2818.txt"><cite>HTTP Over TLS.</cite></a> May 2000. Internet RFC 2818. URL: <a href="http://www.ietf.org/rfc/rfc2818.txt">http://www.ietf.org/rfc/rfc2818.txt</a>
-</dd><dt id="bib-N3">[N3]</dt><dd rel="dcterms:requires">Tim Berners-Lee; Dan Connolly. <a href="http://www.w3.org/TeamSubmission/2008/SUBM-n3-20080114/"><cite>Notation3 (N3): A readable RDF syntax.</cite></a> 14 January 2008. W3C Team Submission. URL: <a href="http://www.w3.org/TeamSubmission/2008/SUBM-n3-20080114/">http://www.w3.org/TeamSubmission/2008/SUBM-n3-20080114/</a>
-</dd><dt id="bib-RDF-PRIMER">[RDF-PRIMER]</dt><dd rel="dcterms:requires">Frank Manola; Eric Miller. <a href="http://www.w3.org/TR/2004/REC-rdf-primer-20040210/"><cite>RDF Primer.</cite></a> 10 February 2004. W3C Recommendation. URL: <a href="http://www.w3.org/TR/2004/REC-rdf-primer-20040210/">http://www.w3.org/TR/2004/REC-rdf-primer-20040210/</a>
-</dd><dt id="bib-RDF-SYNTAX-GRAMMAR">[RDF-SYNTAX-GRAMMAR]</dt><dd rel="dcterms:requires">Dave Beckett. <a href="http://www.w3.org/TR/2004/REC-rdf-syntax-grammar-20040210"><cite>RDF/XML Syntax Specification (Revised).</cite></a> 10 February 2004. W3C Recommendation. URL: <a href="http://www.w3.org/TR/2004/REC-rdf-syntax-grammar-20040210">http://www.w3.org/TR/2004/REC-rdf-syntax-grammar-20040210</a>
-</dd><dt id="bib-RDFA-CORE">[RDFA-CORE]</dt><dd rel="dcterms:requires">Shane McCarron; et al. <a href="http://www.w3.org/TR/2010/WD-rdfa-core-20100422"><cite>RDFa Core 1.1: Syntax and processing rules for embedding RDF through attributes.</cite></a>22 April 2010. W3C Working Draft. URL: <a href="http://www.w3.org/TR/2010/WD-rdfa-core-20100422">http://www.w3.org/TR/2010/WD-rdfa-core-20100422</a>
-</dd><dt id="bib-TURTLE">[TURTLE]</dt><dd rel="dcterms:requires">David Beckett, Tim Berners-Lee. <a href="http://www.w3.org/TeamSubmission/turtle/">Turtle: Terse RDF Triple Language</a> January 2008. W3C Team Submission. URL: <a href="http://www.w3.org/TeamSubmission/turtle/">http://www.w3.org/TeamSubmission/turtle/</a>
-</dd><dt id="bib-X509V3">[X509V3]</dt><dd rel="dcterms:requires"><cite>ITU-T Recommendation X.509 version 3 (1997). "Information Technology - Open Systems Interconnection - The Directory Authentication Framework" ISO/IEC 9594-8:1997</cite>.
-</dd><dt id="bib-XHTML-RDFA">[XHTML-RDFA]</dt><dd rel="dcterms:requires">Shane McCarron; et. al. <a href="http://www.w3.org/TR/2010/WD-xhtml-rdfa-20100422"><cite>XHTML+RDFa 1.1.</cite></a> 22 April 2010. W3C Working Draft. URL: <a href="http://www.w3.org/TR/2010/WD-xhtml-rdfa-20100422">http://www.w3.org/TR/WD-xhtml-rdfa-20100422</a>
-</dd></dl></div><div id="informative-references" typeof="bibo:Chapter" about="#informative-references" class="section"><h3><span class="secno">A.2 </span>Informative references</h3><dl class="bibliography" about=""><dt id="bib-RDF-CONCEPTS">[RDF-CONCEPTS]</dt><dd rel="dcterms:references">Graham Klyne; Jeremy J. Carroll. <a href="http://www.w3.org/TR/2004/REC-rdf-concepts-20040210"><cite>Resource Description Framework (RDF): Concepts and Abstract Syntax.</cite></a> 10 February 2004. W3C Recommendation. URL: <a href="http://www.w3.org/TR/2004/REC-rdf-concepts-20040210">http://www.w3.org/TR/2004/REC-rdf-concepts-20040210</a>
-</dd></dl></div></div></body></html>
--- a/drafts/ED-webid-20100809/diff-20100725.html Tue Jan 25 09:51:23 2011 -0500
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,6604 +0,0 @@
-<!DOCTYPE html PUBLIC '-//W3C//DTD HTML 4.01 Transitional//EN' 'http://www.w3.org/TR/html4/loose.dtd'>
-<html lang="en" dir="ltr" about="" property="dcterms:language" content="en" prefix="dcterms: http://purl.org/dc/terms/ bibo: http://purl.org/ontology/bibo/ foaf: http://xmlns.com/foaf/0.1/ xsd: http://www.w3.org/2001/XMLSchema#">
-<head>
-
-
-
- <title>WebID 1.0</title>
- <meta http-equiv="Content-Type" content="text/html;charset=utf-8">
- <!--
- === NOTA BENE ===
- For the three scripts below, if your spec resides on dev.w3 you can check them
- out in the same tree and use relative links so that they'll work offline,
- -->
-<style type="text/css">
-code { font-family: monospace; }
-
-span.hilite { color: red; /* font-weight: bold */ }
-
-li p { margin-top: 0.3em;
- margin-bottom: 0.3em; }
-
-div.explanation { background-color: #ADD8E6;
- width: 80%;
- margin: 12px; padding: 8px; }
-div.explanation li { margin-top: 8px; }
-div.explanation dd { margin: 4px; }
-
-.adef {
- font-family: monospace;
- font-weight: bold;
- color: #ff4500 !important;
-}
-
-.aref {
- font-family: monospace;
- font-weight: bold;
- color: #ff4500 !important;
-}
-
-span.entity { color: red; }
-
-span.element { color: green; }
-</style>
-
-
-<!-- <script src='/ReSpec.js/js/respec.js' class='remove'></script> -->
-
-
- <style type="text/css">
-/*****************************************************************
- * ReSpec CSS
- * Robin Berjon (robin at berjon dot com)
- * v0.05 - 2009-07-31
- *****************************************************************/
-
-
-/* --- INLINES --- */
-em.rfc2119 {
- text-transform: lowercase;
- font-variant: small-caps;
- font-style: normal;
- color: #900;
-}
-
-h1 acronym, h2 acronym, h3 acronym, h4 acronym, h5 acronym, h6 acronym, a acronym,
-h1 abbr, h2 abbr, h3 abbr, h4 abbr, h5 abbr, h6 abbr, a abbr {
- border: none;
-}
-
-dfn {
- font-weight: bold;
-}
-
-a.internalDFN {
- color: inherit;
- border-bottom: medium solid #99c;
- text-decoration: none;
-}
-
-a.externalDFN {
- color: inherit;
- border-bottom: medium dotted #ccc;
- text-decoration: none;
-}
-
-a.bibref {
- text-decoration: none;
-}
-
-code {
- color: #ff4500;
-}
-
-
-/* --- WEB IDL --- */
-pre.idl {
- border-top: 1px solid #90b8de;
- border-bottom: 1px solid #90b8de;
- padding: 1em;
- line-height: 120%;
-}
-
-pre.idl::before {
- content: "WebIDL";
- display: block;
- width: 150px;
- background: #90b8de;
- color: #fff;
- font-family: initial;
- padding: 3px;
- font-weight: bold;
- margin: -1em 0 1em -1em;
-}
-
-.idlType {
- color: #ff4500;
- font-weight: bold;
- text-decoration: none;
-}
-
-/*.idlModule*/
-/*.idlModuleID*/
-/*.idlInterface*/
-.idlInterfaceID {
- font-weight: bold;
- color: #005a9c;
-}
-
-.idlSuperclass {
- font-style: italic;
- color: #005a9c;
-}
-
-/*.idlAttribute*/
-.idlAttrType, .idlFieldType {
- color: #005a9c;
-}
-.idlAttrName, .idlFieldName {
- color: #ff4500;
-}
-.idlAttrName a, .idlFieldName a {
- color: #ff4500;
- border-bottom: 1px dotted #ff4500;
- text-decoration: none;
-}
-
-/*.idlMethod*/
-.idlMethType {
- color: #005a9c;
-}
-.idlMethName {
- color: #ff4500;
-}
-.idlMethName a {
- color: #ff4500;
- border-bottom: 1px dotted #ff4500;
- text-decoration: none;
-}
-
-/*.idlParam*/
-.idlParamType {
- color: #005a9c;
-}
-.idlParamName {
- font-style: italic;
-}
-
-.extAttr {
- color: #666;
-}
-
-/*.idlConst*/
-.idlConstType {
- color: #005a9c;
-}
-.idlConstName {
- color: #ff4500;
-}
-.idlConstName a {
- color: #ff4500;
- border-bottom: 1px dotted #ff4500;
- text-decoration: none;
-}
-
-/*.idlException*/
-.idlExceptionID {
- font-weight: bold;
- color: #c00;
-}
-
-.idlTypedefID, .idlTypedefType {
- color: #005a9c;
-}
-
-.idlRaises, .idlRaises a.idlType, .idlRaises a.idlType code, .excName a, .excName a code {
- color: #c00;
- font-weight: normal;
-}
-
-.excName a {
- font-family: monospace;
-}
-
-.idlRaises a.idlType, .excName a.idlType {
- border-bottom: 1px dotted #c00;
-}
-
-.excGetSetTrue, .excGetSetFalse, .prmNullTrue, .prmNullFalse, .prmOptTrue, .prmOptFalse {
- width: 45px;
- text-align: center;
-}
-.excGetSetTrue, .prmNullTrue, .prmOptTrue { color: #0c0; }
-.excGetSetFalse, .prmNullFalse, .prmOptFalse { color: #c00; }
-
-.idlImplements a {
- font-weight: bold;
-}
-
-dl.attributes, dl.methods, dl.constants, dl.fields {
- margin-left: 2em;
-}
-
-.attributes dt, .methods dt, .constants dt, .fields dt {
- font-weight: normal;
-}
-
-.attributes dt code, .methods dt code, .constants dt code, .fields dt code {
- font-weight: bold;
- color: #000;
- font-family: monospace;
-}
-
-.attributes dt code, .fields dt code {
- background: #ffffd2;
-}
-
-.attributes dt .idlAttrType code, .fields dt .idlFieldType code {
- color: #005a9c;
- background: transparent;
- font-family: inherit;
- font-weight: normal;
- font-style: italic;
-}
-
-.methods dt code {
- background: #d9e6f8;
-}
-
-.constants dt code {
- background: #ddffd2;
-}
-
-.attributes dd, .methods dd, .constants dd, .fields dd {
- margin-bottom: 1em;
-}
-
-table.parameters, table.exceptions {
- border-spacing: 0;
- border-collapse: collapse;
- margin: 0.5em 0;
- width: 100%;
-}
-table.parameters { border-bottom: 1px solid #90b8de; }
-table.exceptions { border-bottom: 1px solid #deb890; }
-
-.parameters th, .exceptions th {
- color: #fff;
- padding: 3px 5px;
- text-align: left;
- font-family: initial;
- font-weight: normal;
- text-shadow: #666 1px 1px 0;
-}
-.parameters th { background: #90b8de; }
-.exceptions th { background: #deb890; }
-
-.parameters td, .exceptions td {
- padding: 3px 10px;
- border-top: 1px solid #ddd;
- vertical-align: top;
-}
-
-.parameters tr:first-child td, .exceptions tr:first-child td {
- border-top: none;
-}
-
-.parameters td.prmName, .exceptions td.excName, .exceptions td.excCodeName {
- width: 100px;
-}
-
-.parameters td.prmType {
- width: 120px;
-}
-
-table.exceptions table {
- border-spacing: 0;
- border-collapse: collapse;
- width: 100%;
-}
-
-/* --- TOC --- */
-.toc a {
- text-decoration: none;
-}
-
-a .secno {
- color: #000;
-}
-
-/* --- TABLE --- */
-table.simple {
- border-spacing: 0;
- border-collapse: collapse;
- border-bottom: 3px solid #005a9c;
-}
-
-.simple th {
- background: #005a9c;
- color: #fff;
- padding: 3px 5px;
- text-align: left;
-}
-
-.simple th[scope="row"] {
- background: inherit;
- color: inherit;
- border-top: 1px solid #ddd;
-}
-
-.simple td {
- padding: 3px 10px;
- border-top: 1px solid #ddd;
-}
-
-.simple tr:nth-child(even) {
- background: #f0f6ff;
-}
-
-/* --- DL --- */
-.section dd > p:first-child {
- margin-top: 0;
-}
-
-.section dd > p:last-child {
- margin-bottom: 0;
-}
-
-.section dd {
- margin-bottom: 1em;
-}
-
-.section dl.attrs dd, .section dl.eldef dd {
- margin-bottom: 0;
-}
-
-/* --- EXAMPLES --- */
-pre.example {
- border-top: 1px solid #ff4500;
- border-bottom: 1px solid #ff4500;
- padding: 1em;
- margin-top: 1em;
-}
-
-pre.example::before {
- content: "Example";
- display: block;
- width: 150px;
- background: #ff4500;
- color: #fff;
- font-family: initial;
- padding: 3px;
- font-weight: bold;
- margin: -1em 0 1em -1em;
-}
-
-/* --- EDITORIAL NOTES --- */
-.issue {
- padding: 1em;
- border: 1px solid #f00;
- background: #ffc;
-}
-
-.issue::before {
- content: "Issue";
- display: block;
- width: 150px;
- margin: -1.5em 0 0.5em 0;
- font-weight: bold;
- border: 1px solid #f00;
- background: #fff;
- padding: 3px 1em;
-}
-
-.note {
- padding: 1em;
- border: 2px solid #cff6d9;
- background: #e2fff0;
-}
-
-.note::before {
- content: "Note";
- display: block;
- width: 150px;
- margin: -1.5em 0 0.5em 0;
- font-weight: bold;
- border: 1px solid #cff6d9;
- background: #fff;
- padding: 3px 1em;
-}
-
-/* --- SYNTAX HIGHLIGHTING --- */
-pre.sh_sourceCode {
- background-color: white;
- color: black;
- font-style: normal;
- font-weight: normal;
-}
-
-pre.sh_sourceCode .sh_keyword { color: #005a9c; font-weight: bold; } /* language keywords */
-pre.sh_sourceCode .sh_type { color: #666; } /* basic types */
-pre.sh_sourceCode .sh_usertype { color: teal; } /* user defined types */
-pre.sh_sourceCode .sh_string { color: red; font-family: monospace; } /* strings and chars */
-pre.sh_sourceCode .sh_regexp { color: orange; font-family: monospace; } /* regular expressions */
-pre.sh_sourceCode .sh_specialchar { color: #ffc0cb; font-family: monospace; } /* e.g., \n, \t, \\ */
-pre.sh_sourceCode .sh_comment { color: #A52A2A; font-style: italic; } /* comments */
-pre.sh_sourceCode .sh_number { color: purple; } /* literal numbers */
-pre.sh_sourceCode .sh_preproc { color: #00008B; font-weight: bold; } /* e.g., #include, import */
-pre.sh_sourceCode .sh_symbol { color: blue; } /* e.g., *, + */
-pre.sh_sourceCode .sh_function { color: black; font-weight: bold; } /* function calls and declarations */
-pre.sh_sourceCode .sh_cbracket { color: red; } /* block brackets (e.g., {, }) */
-pre.sh_sourceCode .sh_todo { font-weight: bold; background-color: #00FFFF; } /* TODO and FIXME */
-
-/* Predefined variables and functions (for instance glsl) */
-pre.sh_sourceCode .sh_predef_var { color: #00008B; }
-pre.sh_sourceCode .sh_predef_func { color: #00008B; font-weight: bold; }
-
-/* for OOP */
-pre.sh_sourceCode .sh_classname { color: teal; }
-
-/* line numbers (not yet implemented) */
-pre.sh_sourceCode .sh_linenum { display: none; }
-
-/* Internet related */
-pre.sh_sourceCode .sh_url { color: blue; text-decoration: underline; font-family: monospace; }
-
-/* for ChangeLog and Log files */
-pre.sh_sourceCode .sh_date { color: blue; font-weight: bold; }
-pre.sh_sourceCode .sh_time, pre.sh_sourceCode .sh_file { color: #00008B; font-weight: bold; }
-pre.sh_sourceCode .sh_ip, pre.sh_sourceCode .sh_name { color: #006400; }
-
-/* for Prolog, Perl... */
-pre.sh_sourceCode .sh_variable { color: #006400; }
-
-/* for LaTeX */
-pre.sh_sourceCode .sh_italics { color: #006400; font-style: italic; }
-pre.sh_sourceCode .sh_bold { color: #006400; font-weight: bold; }
-pre.sh_sourceCode .sh_underline { color: #006400; text-decoration: underline; }
-pre.sh_sourceCode .sh_fixed { color: green; font-family: monospace; }
-pre.sh_sourceCode .sh_argument { color: #006400; }
-pre.sh_sourceCode .sh_optionalargument { color: purple; }
-pre.sh_sourceCode .sh_math { color: orange; }
-pre.sh_sourceCode .sh_bibtex { color: blue; }
-
-/* for diffs */
-pre.sh_sourceCode .sh_oldfile { color: orange; }
-pre.sh_sourceCode .sh_newfile { color: #006400; }
-pre.sh_sourceCode .sh_difflines { color: blue; }
-
-/* for css */
-pre.sh_sourceCode .sh_selector { color: purple; }
-pre.sh_sourceCode .sh_property { color: blue; }
-pre.sh_sourceCode .sh_value { color: #006400; font-style: italic; }
-
-/* other */
-pre.sh_sourceCode .sh_section { color: black; font-weight: bold; }
-pre.sh_sourceCode .sh_paren { color: red; }
-pre.sh_sourceCode .sh_attribute { color: #006400; }
-
-</style><link charset="utf-8" type="text/css" rel="stylesheet" href="http://www.w3.org/StyleSheets/TR/w3c-unofficial"><style type='text/css'>
-.diff-old-a {
- font-size: smaller;
- color: red;
-}
-
-.diff-new { background-color: yellow; }
-.diff-chg { background-color: lime; }
-.diff-new:before,
-.diff-new:after
- { content: "\2191" }
-.diff-chg:before, .diff-chg:after
- { content: "\2195" }
-.diff-old { text-decoration: line-through; background-color: #FBB; }
-.diff-old:before,
-.diff-old:after
- { content: "\2193" }
-:focus { border: thin red solid}
-</style>
-</head>
-<body style="display: inherit;">
-<div class="head">
-<p>
-</p>
-<h1 property="dcterms:title" class="title" id="title">
-WebID
-1.0
-</h1>
-<h2 property="bibo:subtitle" id="subtitle">
-Web
-Identification
-and
-Discovery
-</h2>
-<h2 id="unofficial-draft-09-august-2010" property="dcterms:issued" datatype="xsd:dateTime" content="2010-08-09T16:37:31+0000">
-Unofficial
-Draft
-
-<del class="diff-old">25
-July
-</del>
-<ins class="diff-chg">09
-August
-</ins>
-2010
-</h2>
-<dl>
-<dt>
-<del class="diff-old">Editor:
-</del>
-<ins class="diff-chg">Editors:
-</ins>
-</dt>
-<dd rel="bibo:editor">
-<span typeof="foaf:Person">
-<span property="foaf:name">
-Manu
-Sporny
-
-</span>,
-<a rel="foaf:workplaceHomepage" href="http://blog.digitalbazaar.com/">
-Digital
-Bazaar,
-Inc.
-</a>
-<a rel="foaf:mbox" href="mailto:msporny@digitalbazaar.com">
-msporny@digitalbazaar.com
-</a>
-</span>
-</dd>
-<dd rel="bibo:editor">
-<span typeof="foaf:Person">
-<span property="foaf:name">
-<ins class="diff-new">Stéphane
-Corlosquet
-</ins></span>,<a rel="foaf:workplaceHomepage" href="http://massgeneral.org/"><ins class="diff-new">
-Massachusetts
-General
-Hospital
-</ins></a><a rel="foaf:mbox" href="mailto:scorlosquet@gmail.com"><ins class="diff-new">
-
-scorlosquet@gmail.com
-</ins></a></span></dd>
-<dt>
-Authors:
-</dt>
-<dd rel="dcterms:contributor">
-<span typeof="foaf:Person">
-<a rel="foaf:homepage" property="foaf:name" content="Toby Inkster" href="http://tobyinkster.co.uk/">
-Toby
-Inkster
-</a>
-</span>
-</dd>
-<dd rel="dcterms:contributor">
-<span typeof="foaf:Person">
-<a rel="foaf:homepage" property="foaf:name" content="Henry Story" href="http://bblfish.net/">
-Henry
-Story
-</a>
-
-</span>
-</dd>
-<dd rel="dcterms:contributor">
-<span typeof="foaf:Person">
-<a rel="foaf:homepage" property="foaf:name" content="Bruno Harbulot" href="http://blog.distributedmatter.net/">
-Bruno
-Harbulot
-</a>
-</span>
-</dd>
-<dd rel="dcterms:contributor">
-<span typeof="foaf:Person">
-<a rel="foaf:homepage" property="foaf:name" content="Reto Bachmann-Gmür" href="http://trialox.org/">
-Reto
-Bachmann-Gmür
-</a>
-</span>
-</dd>
-</dl>
-
-<p>
-This
-document
-is
-also
-available
-in
-this
-non-normative
-format:
-<a href="drafts/ED-webid-20100809/diff-20100725.html">
-Diff
-from
-previous
-Editors
-Draft
-</a>.
-</p>
-<p class="copyright">
-This
-document
-is
-licensed
-under
-a
-<a class="subfoot" href="http://creativecommons.org/licenses/by/3.0/" rel="license">
-Creative
-Commons
-Attribution
-3.0
-License
-</a>.
-</p>
-<hr>
-</div>
-<div about="#abstract" typeof="bibo:Chapter" datatype="" property="dcterms:abstract" class="introductory section" id="abstract">
-<h2>
-Abstract
-
-</h2>
-<p>
-Social
-networking,
-identity
-and
-privacy
-have
-been
-at
-the
-center
-of
-how
-we
-interact
-with
-the
-Web
-in
-the
-last
-decade.
-The
-explosion
-of
-social
-networking
-sites
-has
-brought
-the
-world
-closer
-together
-as
-well
-as
-created
-new
-points
-of
-pain
-regarding
-ease
-of
-use
-and
-the
-Web.
-Remembering
-login
-details,
-passwords,
-and
-sharing
-private
-information
-across
-the
-many
-websites
-and
-social
-groups
-that
-we
-are
-a
-part
-of
-has
-become
-more
-difficult
-and
-complicated
-than
-necessary.
-The
-Social
-Web
-is
-designed
-to
-ensure
-that
-control
-of
-identity
-and
-privacy
-settings
-is
-always
-simple
-and
-under
-one's
-control.
-WebID
-is
-a
-key
-enabler
-of
-the
-Social
-Web.
-This
-specification
-outlines
-a
-simple
-universal
-identification
-mechanism
-that
-is
-distributed,
-openly
-extensible,
-improves
-privacy,
-security
-and
-control
-over
-how
-one
-can
-identify
-themselves
-and
-control
-access
-to
-their
-information
-on
-the
-Web.
-</p>
-<div class="section" about="#how-to-read-this-document" typeof="bibo:Chapter">
-<h3 id="how-to-read-this-document">
-How
-to
-Read
-this
-Document
-</h3>
-<p>
-There
-are
-a
-number
-of
-concepts
-that
-are
-covered
-in
-this
-document
-that
-the
-reader
-may
-want
-to
-be
-aware
-of
-before
-continuing.
-General
-knowledge
-of
-<a href="http://en.wikipedia.org/wiki/Public_key_cryptography">
-public
-key
-cryptography
-</a>
-and
-RDF
-[
-<cite>
-<a href="#bib-RDF-PRIMER" rel="biblioentry" class="bibref">
-RDF-PRIMER
-
-</a>
-</cite>
-]
-and
-RDFa
-[
-<cite>
-<a href="#bib-RDFA-CORE" rel="biblioentry" class="bibref">
-RDFA-CORE
-</a>
-</cite>
-]
-is
-necessary
-to
-understand
-how
-to
-implement
-this
-specification.
-WebID
-uses
-a
-number
-of
-specific
-technologies
-like
-HTTP
-over
-TLS
-[
-<cite>
-<a href="#bib-HTTP-TLS" rel="biblioentry" class="bibref">
-HTTP-TLS
-</a>
-</cite>
-],
-X.509
-certificates
-[
-<cite>
-<a href="#bib-X509V3" rel="biblioentry" class="bibref">
-
-X509V3
-</a>
-</cite>
-],
-RDF/XML
-[
-<cite>
-<a href="#bib-RDF-SYNTAX-GRAMMAR" rel="biblioentry" class="bibref">
-RDF-SYNTAX-GRAMMAR
-</a>
-</cite>
-]
-and
-XHTML+RDFa
-[
-<cite>
-<a href="#bib-XHTML-RDFA" rel="biblioentry" class="bibref">
-XHTML-RDFA
-</a>
-</cite>
-].
-</p>
-
-<p>
-A
-general
-<a href="#introduction">
-Introduction
-</a>
-is
-provided
-for
-all
-that
-would
-like
-to
-understand
-why
-this
-specification
-is
-necessary
-to
-simplify
-usage
-of
-the
-Web.
-</p>
-<p>
-The
-terms
-used
-throughout
-this
-specification
-are
-listed
-in
-the
-section
-titled
-<a href="#terminology">
-Terminology
-</a>.
-</p>
-<p>
-Developers
-that
-are
-interested
-in
-implementing
-this
-specification
-will
-be
-most
-interested
-in
-the
-sections
-titled
-<a href="#authentication-sequence">
-Authentication
-Sequence
-
-</a>
-and
-<a href="#authentication-sequence-details">
-Authentication
-Sequence
-Details
-</a>.
-</p>
-</div>
-</div>
-<div about="#sotd" typeof="bibo:Chapter" id="sotd" class="introductory section">
-<h2>
-Status
-of
-This
-Document
-</h2>
-<p>
-This
-document
-is
-merely
-a
-public
-working
-draft
-of
-a
-potential
-specification.
-It
-has
-no
-official
-standing
-of
-any
-kind
-and
-does
-not
-represent
-the
-support
-or
-consensus
-of
-any
-standards
-organisation.
-</p>
-The
-source
-code
-for
-this
-document
-is
-available
-via
-Github
-at
-the
-following
-<del class="diff-old">URL:
-
-</del>
-<ins class="diff-chg">URI:
-</ins>
-<a href="http://github.com/msporny/webid-spec">
-http://github.com/msporny/webid-spec
-</a>
-</div>
-<div class="section" about="#toc" typeof="bibo:Chapter" id="toc">
-<h2 class="introductory">
-Table
-of
-Contents
-</h2>
-<ul class="toc">
-<li class="tocline">
-<a class="tocxref" href="#introduction">
-<span class="secno">
-1.
-</span>
-
-Introduction
-</a>
-<ul class="toc">
-<li class="tocline">
-<a class="tocxref" href="#motivation">
-<span class="secno">
-1.1
-</span>
-Motivation
-</a>
-</li>
-</ul>
-</li>
-<li class="tocline">
-<a class="tocxref" href="#preconditions">
-<span class="secno">
-<del class="diff-old">1.2
-
-</del>
-<ins class="diff-chg">2.
-</ins>
-</span>
-<del class="diff-old">Relation
-to
-OpenID
-</del>
-<ins class="diff-chg">Preconditions
-</ins>
-</a>
-<ul class="toc">
-<li class="tocline">
-<a class="tocxref" href="#terminology">
-<span class="secno">
-<del class="diff-old">1.3
-</del>
-<ins class="diff-chg">2.1
-</ins>
-
-</span>
-<del class="diff-old">Relation
-to
-OAuth
-</del>
-<ins class="diff-chg">Terminology
-</ins>
-</a>
-</li>
-<li class="tocline">
-<a class="tocxref" href="#creating-the-certificate">
-<span class="secno">
-<ins class="diff-chg">2.2
-</ins></span><ins class="diff-chg">
-Creating
-the
-certificate
-</ins></a>
-</li>
-<li class="tocline">
-<a class="tocxref" href="#publishing-the-webid-profile-document">
-
-<span class="secno">
-<del class="diff-old">2.
-</del>
-<ins class="diff-chg">2.3
-</ins>
-</span>
-<del class="diff-old">The
-</del>
-<ins class="diff-chg">Publishing
-the
-</ins>
-WebID
-<del class="diff-old">Protocol
-</del>
-<ins class="diff-chg">Profile
-Document
-</ins>
-</a>
-<ul class="toc">
-
-<li class="tocline">
-<a class="tocxref" href="#turtle">
-<span class="secno">
-<del class="diff-old">2.1
-</del>
-<ins class="diff-chg">2.3.1
-</ins>
-</span>
-<del class="diff-old">Terminology
-</del>
-<ins class="diff-chg">Turtle
-</ins>
-</a>
-</li>
-<li class="tocline">
-<a class="tocxref" href="#rdfa-html-notation">
-<span class="secno">
-
-<del class="diff-old">2.2
-</del>
-<ins class="diff-chg">2.3.2
-</ins></span><ins class="diff-chg">
-RDFa
-HTML
-notation
-</ins></a></li><li class="tocline"><a class="tocxref" href="#in-rdf-xml"><span class="secno"><ins class="diff-chg">
-2.3.3
-</ins></span><ins class="diff-chg">
-In
-RDF/XML
-</ins></a></li><li class="tocline"><a class="tocxref" href="#in-portable-contacts-format-using-grddl"><span class="secno"><ins class="diff-chg">
-2.3.4
-</ins></span><ins class="diff-chg">
-In
-Portable
-Contacts
-format
-using
-GRDDL
-</ins></a></li></ul></li></ul></li><li class="tocline"><a class="tocxref" href="#the-webid-protocol"><span class="secno"><ins class="diff-chg">
-3.
-</ins></span><ins class="diff-chg">
-The
-WebID
-Protocol
-
-</ins></a><ul class="toc"><li class="tocline"><a class="tocxref" href="#authentication-sequence"><span class="secno"><ins class="diff-chg">
-3.1
-</ins>
-</span>
-Authentication
-Sequence
-</a>
-</li>
-<li class="tocline">
-<a class="tocxref" href="#authentication-sequence-details">
-<span class="secno">
-<del class="diff-old">2.3
-</del>
-<ins class="diff-chg">3.2
-</ins>
-</span>
-Authentication
-Sequence
-Details
-</a>
-
-<ul class="toc">
-<li class="tocline">
-<a class="tocxref" href="#initiating-a-tls-connection">
-<span class="secno">
-<del class="diff-old">2.3.1
-</del>
-<ins class="diff-chg">3.2.1
-</ins>
-</span>
-Initiating
-a
-TLS
-Connection
-</a>
-</li>
-<li class="tocline">
-<a class="tocxref" href="#exchanging-the-identification-certificate">
-<span class="secno">
-<del class="diff-old">2.3.2
-</del>
-
-<ins class="diff-chg">3.2.2
-</ins>
-</span>
-Exchanging
-the
-Identification
-Certificate
-</a>
-</li>
-<li class="tocline">
-<a class="tocxref" href="#processing-the-webid-profile">
-<span class="secno">
-<del class="diff-old">2.3.3
-</del>
-<ins class="diff-chg">3.2.3
-</ins>
-</span>
-Processing
-the
-WebID
-Profile
-</a>
-</li>
-
-<li class="tocline">
-<a class="tocxref" href="#verifying-the-webid-is-identified-by-that-public-key">
-<span class="secno">
-<del class="diff-old">2.3.4
-</del>
-<ins class="diff-chg">3.2.4
-</ins>
-</span>
-<del class="diff-old">Extracting
-</del>
-<ins class="diff-chg">Verifying
-the
-</ins>
-WebID
-<del class="diff-old">URL
-Details
-</del>
-<ins class="diff-chg">is
-identified
-by
-that
-public
-key
-</ins>
-
-</a>
-</li>
-<li class="tocline">
-<a class="tocxref" href="#authorization">
-<span class="secno">
-<del class="diff-old">2.3.5
-</del>
-<ins class="diff-chg">3.2.5
-</ins>
-</span>
-Authorization
-</a>
-</li>
-<li class="tocline">
-<a class="tocxref" href="#secure-communication">
-<span class="secno">
-<del class="diff-old">2.3.6
-
-</del>
-<ins class="diff-chg">3.2.6
-</ins>
-</span>
-Secure
-Communication
-</a>
-</li>
-</ul>
-</li>
-<li class="tocline">
-<a class="tocxref" href="#the-webid-profile">
-<span class="secno">
-<del class="diff-old">2.4
-</del>
-<ins class="diff-chg">3.3
-</ins>
-</span>
-
-The
-WebID
-Profile
-</a>
-<ul class="toc">
-<li class="tocline">
-<a class="tocxref" href="#personal-information">
-<span class="secno">
-<del class="diff-old">2.4.1
-</del>
-<ins class="diff-chg">3.3.1
-</ins>
-</span>
-Personal
-Information
-</a>
-</li>
-<li class="tocline">
-<a class="tocxref" href="#cryptographic-details">
-<span class="secno">
-
-<del class="diff-old">2.4.2
-</del>
-<ins class="diff-chg">3.3.2
-</ins>
-</span>
-Cryptographic
-Details
-</a>
-</li>
-</ul>
-</li>
-</ul>
-</li>
-<li class="tocline">
-<a class="tocxref" href="#history">
-<span class="secno">
-A.
-</span>
-
-<ins class="diff-new">Change
-History
-</ins></a></li><li class="tocline"><a class="tocxref" href="#acknowledgements"><span class="secno"><ins class="diff-new">
-B.
-</ins></span><ins class="diff-new">
-Acknowledgments
-</ins></a></li><li class="tocline"><a class="tocxref" href="#references"><span class="secno"><ins class="diff-new">
-C.
-</ins></span>
-References
-</a>
-<ul class="toc">
-<li class="tocline">
-<a class="tocxref" href="#normative-references">
-<span class="secno">
-<del class="diff-old">A.1
-</del>
-<ins class="diff-chg">C.1
-
-</ins>
-</span>
-Normative
-references
-</a>
-</li>
-<li class="tocline">
-<a class="tocxref" href="#informative-references">
-<span class="secno">
-<del class="diff-old">A.2
-</del>
-<ins class="diff-chg">C.2
-</ins>
-</span>
-Informative
-references
-</a>
-</li>
-</ul>
-
-</li>
-</ul>
-</div>
-<div about="#introduction" typeof="bibo:Chapter" id="introduction" class="informative section">
-<h2>
-<span class="secno">
-1.
-</span>
-Introduction
-</h2>
-<p>
-<em>
-This
-section
-is
-non-normative.
-</em>
-</p>
-<p>
-The
-WebID
-specification
-is
-designed
-to
-help
-alleviate
-the
-difficultly
-that
-remembering
-different
-logins,
-passwords
-and
-settings
-for
-websites
-has
-created.
-It
-is
-also
-designed
-to
-provide
-a
-universal
-and
-extensible
-mechanism
-to
-express
-public
-and
-private
-information
-about
-yourself.
-This
-section
-outlines
-the
-motivation
-behind
-the
-specification
-and
-the
-relationship
-to
-other
-similar
-specifications
-that
-are
-in
-active
-use
-today.
-
-</p>
-<div about="#motivation" typeof="bibo:Chapter" id="motivation" class="informative section">
-<h3>
-<span class="secno">
-1.1
-</span>
-Motivation
-</h3>
-<p>
-<em>
-This
-section
-is
-non-normative.
-</em>
-</p>
-<p>
-It
-is
-a
-fundamental
-design
-criteria
-of
-the
-Web
-to
-enable
-individuals
-and
-organizations
-to
-control
-how
-they
-interact
-with
-the
-rest
-of
-society.
-This
-includes
-how
-one
-expresses
-their
-identity,
-public
-information
-and
-personal
-details
-to
-social
-networks,
-Web
-sites
-and
-services.
-</p>
-<p>
-
-Semantic
-Web
-vocabularies
-such
-as
-Friend-of-a-Friend
-(FOAF)
-permit
-distributed
-hyperlinked
-social
-networks
-to
-exist.
-This
-vocabulary,
-along
-with
-other
-vocabularies,
-allow
-one
-to
-add
-information
-and
-services
-protection
-to
-distributed
-social
-networks.
-</p>
-<p>
-One
-major
-criticism
-of
-open
-networks
-is
-that
-they
-seem
-to
-have
-no
-way
-of
-protecting
-the
-personal
-information
-distributed
-on
-the
-web
-or
-limiting
-access
-to
-resources.
-Few
-people
-are
-willing
-to
-make
-all
-their
-personal
-information
-public,
-many
-would
-like
-large
-pieces
-to
-be
-protected,
-making
-it
-available
-only
-to
-a
-<del class="diff-old">select
-</del>
-<ins class="diff-chg">selected
-</ins>
-group
-of
-agents.
-Giving
-access
-to
-information
-is
-very
-similar
-to
-giving
-access
-to
-services.
-There
-are
-many
-occasions
-when
-people
-would
-like
-services
-to
-only
-be
-accessible
-to
-members
-of
-a
-group,
-such
-as
-allowing
-only
-friends,
-family
-members,
-colleagues
-to
-post
-an
-article,
-photo
-or
-comment
-on
-a
-blog.
-How
-does
-one
-do
-this
-in
-a
-flexible
-way,
-without
-requiring
-a
-central
-point
-of
-access
-control?
-</p>
-<p>
-Using
-<del class="diff-old">an
-</del>
-<ins class="diff-chg">a
-</ins>
-process
-made
-popular
-by
-OpenID,
-we
-show
-how
-one
-can
-tie
-a
-User
-Agent
-to
-a
-
-<del class="diff-old">URL
-</del>
-<ins class="diff-chg">URI
-</ins>
-by
-proving
-that
-one
-has
-write
-access
-to
-the
-<del class="diff-old">URL.
-</del>
-<ins class="diff-chg">URI.
-</ins>
-WebID
-is
-<del class="diff-old">a
-simpler
-alternative
-to
-OpenID
-(fewer
-connections),
-that
-</del>
-<ins class="diff-chg">an
-authentication
-protocol
-which
-</ins>
-uses
-X.509
-certificates
-to
-<del class="diff-old">tie
-</del>
-
-<ins class="diff-chg">associate
-</ins>
-a
-User
-Agent
-(Browser)
-to
-a
-Person
-identified
-via
-a
-<del class="diff-old">URL.
-</del>
-<ins class="diff-chg">URI.
-</ins>
-WebID
-<del class="diff-old">also
-</del>
-<ins class="diff-chg">is
-compatible
-with
-OpenID
-and
-</ins>
-provides
-a
-few
-additional
-features
-<del class="diff-old">to
-OpenID.
-These
-features
-include
-</del>
-<ins class="diff-chg">such
-as
-</ins>
-
-trust
-<del class="diff-old">management,
-</del>
-<ins class="diff-chg">management
-</ins>
-via
-digital
-signatures,
-and
-free-form
-extensibility
-via
-<del class="diff-old">RDFa.
-</del>
-<ins class="diff-chg">RDF.
-</ins>
-By
-using
-the
-existing
-SSL
-certificate
-exchange
-mechanism,
-WebID
-integrates
-<del class="diff-old">more
-</del>
-smoothly
-with
-existing
-Web
-browsers,
-including
-browsers
-on
-mobile
-devices.
-WebID
-also
-permits
-automated
-session
-login
-in
-addition
-to
-interactive
-session
-login.
-Additionally,
-all
-data
-is
-encrypted
-and
-guaranteed
-to
-only
-be
-received
-by
-the
-person
-or
-organization
-that
-was
-intended
-to
-receive
-it.
-</p>
-</div>
-<del class="diff-old">1.2
-Relation
-to
-OpenID
-This
-section
-is
-non-normative.
-This
-section
-needs
-to
-be
-re-written.
-The
-flow
-and
-grammar
-leaves
-much
-to
-be
-desired.
---
-manu
-WebID
-is
-compatible
-with
-OpenID.
-Both
-protocols
-use
-a
-URL
-that
-dereferences
-to
-a
-Personal
-Profile
-Document.
-This
-Personal
-Profile
-Document
-is
-where
-further
-information
-about
-an
-identity
-can
-be
-discovered.
-This
-mechanism
-is
-compatible
-with
-both
-WebID
-and
-OpenID.
-Therefore,
-WebID
-does
-not
-intend
-to
-replace
-OpenID,
-but
-can
-work
-beside
-OpenID
-by
-sharing
-the
-content
-in
-the
-Personal
-Profile
-Document.
-That
-said,
-there
-are
-a
-number
-of
-benefits
-that
-WebID
-achieves
-over
-OpenID:
-WebID
-gives
-people
-and
-other
-agents
-a
-WebID
-URL
-for
-identification.
-OpenID
-also
-provides
-a
-URL
-to
-a
-Personal
-Profile
-Document.
-However,
-in
-the
-case
-of
-WebID,
-one
-does
-not
-need
-to
-remember
-the
-URL
-since
-the
-User
-Agent
-remembers
-the
-URL
-on
-behalf
-of
-the
-person
-browsing.
-To
-log
-in
-on
-a
-WebID
-web
-site
-there
-is
-no
-need
-to
-enter
-any
-identifier
-like
-one
-has
-to
-do
-for
-OpenID.
-Just
-one
-click
-tells
-the
-browser
-to
-send
-the
-WebID
-URL.
-The
-person
-that
-is
-browsing
-does
-not
-need
-to
-remember
-either
-their
-WebID
-URL
-or
-the
-website
-password.
-The
-only
-password
-one
-may
-need
-to
-remember
-is
-the
-one
-that
-is
-used
-to
-access
-their
-collection
-of
-WebIDs
-in
-their
-browser,
-and
-that's
-only
-if
-they
-opt-in
-to
-password
-protect
-their
-WebIDs.
-While
-WebID
-works
-well
-in
-a
-browser
-environment,
-it
-is
-also
-very
-useful
-outside
-of
-the
-browser
-environment.
-WebID
-can
-also
-operate
-without
-requiring
-the
-use
-of
-any
-passwords.
-This
-is
-useful
-to
-developers
-that
-may
-want
-to
-use
-WebID
-to
-perform
-server-to-server
-or
-peer-to-peer
-verification
-of
-identity.
-WebID
-works
-for
-automated
-agents
-such
-as
-Search
-Agents,
-API
-Agents,
-and
-other
-automated
-mechanisms
-that
-are
-often
-found
-outside
-of
-the
-browser
-environment.
-The
-WebID
-protocol
-requires
-just
-one
-direct
-network
-connection
-to
-establish
-identity
-via
-the
-client.
-The
-server
-requires
-one
-connection
-to
-the
-client
-and
-one
-connection
-to
-retrieve
-the
-WebID
-Profile
-if
-it
-does
-not
-have
-the
-credential
-information
-cached.
-Compare
-this
-to
-the
-much
-more
-complex
-OpenID
-sequence,
-which
-requires
-six
-connections
-by
-the
-client
-to
-establish
-a
-login.
-In
-a
-world
-of
-distributed
-data
-where
-each
-site
-can
-point
-to
-data
-on
-any
-other
-site,
-multiple
-connections
-become
-costly
-to
-manage.
-WebID
-builds
-on
-a
-number
-of
-well
-established
-Internet
-and
-Web
-standards;
-REST
-,
-RDF
-[
-RDF-PRIMER
-],
-RDFa
-[
-RDFA-CORE
-],
-RDF/XML
-[
-RDF-SYNTAX-GRAMMAR
-],
-TLS
-[
-HTTP-TLS
-],
-and
-X.509
-[
-X509V3
-].
-By
-building
-on
-previous
-standards,
-it
-makes
-both
-explaining
-and
-implementing
-WebID
-easier
-on
-developers.
-Since
-WebID
-is
-RESTful,
-you
-can
-perform
-basic
-HTTP
-operations
-to
-GET
-your
-WebID,
-and
-if
-you
-needed
-update
-it,
-you
-can
-use
-HTTP
-PUT
-semantics.
-You
-can
-also
-create
-a
-WebID
-via
-POST
-.
-This
-is
-improved
-from
-the
-OpenID
-specification,
-which
-requires
-a
-new
-set
-of
-operations
-described
-in
-the
-OpenID
-Attribute
-Exchange
-specification.
-WebID
-is
-built
-on
-RDF
-and
-thus
-enables
-all
-of
-the
-advanced
-semantic
-web
-concepts
-that
-RDF
-enables.
-For
-example,
-a
-developer
-may
-perform
-machine
-reasoning
-with
-a
-WebID.
-One
-can
-construct
-machine-executable
-statements
-like
-"If
-this
-WebID
-claims
-to
-be
-a
-friend
-of
-one
-of
-our
-partner
-WebIDs
-that
-is
-trusted
-and
-the
-relationship
-is
-bi-directional,
-trust
-the
-WebID."
-While
-OpenID
-attempts
-to
-support
-this
-use
-case
-by
-mapping
-OpenID
-to
-RDF,
-it's
-far
-easier
-to
-do
-with
-WebID
-because
-WebID
-is
-natively
-RDF-aware.
-It
-is
-easy
-to
-extend
-a
-WebID
-with
-new
-attributes
-via
-RDF.
-The
-power
-of
-RDF
-allows
-developers
-to
-add
-extensions
-to
-WebID
-by
-defining
-new
-vocabularies
-that
-they
-publish.
-There
-is
-no
-authorization
-process
-necessary
-and
-thus
-WebID
-allows
-for
-distributed
-innovation.
-Every
-WebID
-property
-is
-a
-URI,
-which
-when
-clicked,
-can
-give
-you
-yet
-more
-information
-about
-what
-the
-property
-means.
-A
-developer
-can
-create
-new
-usage
-classes
-by
-extending
-their
-vocabulary
-at
-will.
-A
-developer
-can
-add
-relationships
-to
-a
-WebID
-by
-simply
-adding
-more
-HTML
-to
-the
-developer's
-page.
-OpenID
-does
-not
-provide
-any
-type
-of
-distributed
-innovation
-akin
-to
-RDF.
-Implementing
-WebID
-is
-easier
-than
-OpenID
-because
-all
-of
-the
-basic
-technologies
-have
-been
-working
-and
-integrated
-into
-Web
-browsers
-for
-many
-years.
-There
-were
-already
-three
-interoperable
-implementations
-of
-WebID
-before
-this
-specification
-was
-written.
-WebID
-is
-truly
-decentralized
--
-with
-WebID
-you
-get
-a
-web
-of
-trust.
-OpenID
-only
-supports
-the
-Web
-of
-Trust
-model
-if
-you
-indirectly
-trust
-the
-OpenID
-provider.
-In
-other
-words
--
-OpenID
-is
-not
-truly
-decentralized.
-In
-OpenID
-you
-must
-trust
-OpenID
-providers.
-With
-WebID
-you
-only
-have
-to
-trust
-the
-people
-and
-the
-organizations
-with
-which
-you
-are
-communicating.
-In
-other
-words,
-you
-don't
-have
-to
-ask
-anyone
-whether
-or
-not
-you
-can
-trust
-your
-friends.
-You
-can
-query
-people
-that
-you
-trust
-directly
-to
-see
-if
-someone
-is
-trustworthy
-or
-not.
-There
-is
-no
-need
-for
-a
-central
-WebID
-authority.
-WebID
-is
-fully
-distributed,
-anyone
-can
-setup
-a
-WebID
-by
-placing
-a
-single
-file
-on
-a
-web
-server
-of
-their
-choosing.
-There
-is
-no
-need
-for
-a
-special
-OpenID-like
-provider
-service.
-The
-only
-thing
-anyone
-that
-wants
-a
-WebID
-needs
-is
-a
-web
-account
-where
-you
-can
-post
-your
-WebID
-file,
-ideally
-on
-your
-own
-domain
-name.
-You
-can
-also
-use
-a
-WebID
-hosting
-provider,
-but
-it's
-not
-necessary
-for
-WebID
-to
-work.
-While
-it
-is
-possible
-to
-run
-an
-OpenID
-server,
-other
-OpenID
-applications
-may
-not
-trust
-you
-and
-thus
-you
-won't
-be
-able
-to
-fully
-utilize
-your
-private
-OpenID
-credentials.
-The
-reason
-that
-there
-are
-a
-few
-large
-OpenID
-providers
-and
-very
-few
-small
-OpenID
-providers
-is
-because
-of
-this
-trust
-design
-issue
-related
-to
-OpenID.
-WebID
-does
-not
-require
-HTTP
-redirects.
-Redirects
-are
-problematic
-on
-many
-cell
-phones,
-because
-telecoms
-heavily
-rely
-on
-proxys,
-which
-selectively
-block
-redirects.
-A
-WebID
-provider
-is
-100%
-compatible
-with
-an
-OpenID
-provider
-and
-thus
-can
-inter-operate
-with
-OpenID-powered
-networks.
-
-</del>
-</div>
-<del class="diff-old">1.3
-Relation
-to
-OAuth
-This
-section
-is
-non-normative.
-OAuth
-and
-WebID
-are
-mutually
-beneficial
-when
-used
-together.
-WebID
-can
-be
-used
-to
-provide
-RSA
-parameters
-to
-the
-RSA-SHA1
-signature
-method
-required
-by
-OAuth
-1.0.
-WebID
-can
-also
-be
-used
-to
-establish
-the
-consumer_key
-and
-HTTPS
-connection
-that
-will
-be
-used
-to
-transmit
-OAuth
-Tokens
-in
-OAuth
-2.0.
-</del>
-<div class="section" about="#preconditions" typeof="bibo:Chapter" id="preconditions">
-<h2>
-<span class="secno">
-2.
-</span>
-<del class="diff-old">The
-WebID
-Protocol
-</del>
-<ins class="diff-chg">Preconditions
-</ins>
-</h2>
-<div class="section" about="#terminology" typeof="bibo:Chapter" id="terminology">
-<h3>
-<span class="secno">
-
-2.1
-</span>
-Terminology
-</h3>
-<dl>
-<dt>
-<dfn id="dfn-verification_agent" title="Verification_Agent">
-Verification
-Agent
-</dfn>
-</dt>
-<dd>
-Performs
-authentication
-on
-provided
-WebID
-credentials
-and
-determines
-if
-an
-<a href="#dfn-identification_agent" title="Identification_Agent" class="tref internalDFN">
-Identification
-Agent
-</a>
-can
-have
-access
-to
-a
-particular
-resource.
-A
-<a href="#dfn-verification_agent" title="Verification_Agent" class="tref internalDFN">
-
-Verification
-Agent
-</a>
-is
-typically
-a
-Web
-server,
-but
-may
-also
-be
-a
-peer
-on
-a
-peer-to-peer
-network.
-</dd>
-<dt>
-<dfn id="dfn-identification_agent" title="Identification_Agent">
-Identification
-Agent
-</dfn>
-</dt>
-<dd>
-Provides
-identification
-credentials
-to
-a
-<a href="#dfn-verification_agent" title="Verification_Agent" class="tref internalDFN">
-Verification
-<del class="diff-old">Agent.
-</del>
-<ins class="diff-chg">Agent
-</ins></a>.
-The
-
-<a href="#dfn-identification_agent" title="Identification_Agent" class="tref internalDFN">
-Identification
-Agent
-</a>
-is
-typically
-also
-a
-User
-Agent.
-</dd>
-<dt>
-<dfn id="dfn-identification_certificate" title="Identification_Certificate">
-Identification
-Certificate
-</dfn>
-</dt>
-<dd>
-An
-X.509
-[
-<cite>
-<a href="#bib-X509V3" rel="biblioentry" class="bibref">
-X509V3
-</a>
-</cite>
-
-]
-Certificate
-that
-<em title="must" class="rfc2119">
-must
-</em>
-contain
-a
-<code>
-Subject
-Alternative
-Name
-</code>
-extension
-with
-a
-URI
-entry.
-The
-URI
-<del class="diff-old">should
-be
-a
-URL,
-and
-should
-not
-be
-a
-URN.
-The
-URL
-</del>
-identifies
-the
-<a href="#dfn-identification_agent" title="Identification_Agent" class="tref internalDFN">
-Identification
-Agent
-</a>.
-The
-<del class="diff-old">URL
-must
-</del>
-
-<ins class="diff-chg">URI
-</ins><em title="should" class="rfc2119"><ins class="diff-chg">
-should
-</ins>
-</em>
-be
-dereference-able
-and
-result
-in
-a
-document
-containing
-RDF
-data.
-For
-example,
-the
-certificate
-would
-contain
-<code>
-http://example.org/webid#public
-</code>,
-known
-as
-a
-<a href="#dfn-webid_uri" title="WebID_URI" class="tref internalDFN">
-WebID
-<del class="diff-old">URL
-</del>
-<ins class="diff-chg">URI
-</ins>
-</a>,
-as
-the
-<code>
-
-Subject
-Alternative
-Name
-</code>:
-<del class="diff-old">X509v3 extensions:
- ...
- X509v3 Subject Alternative Name:
- URI:http://example.org/webid#public
-</del>
-<pre>X509v3 extensions:
-<ins class="diff-chg"> ...
- X509v3 Subject Alternative Name:
- URI:http://example.org/webid#public
-</ins>
-</pre>
-<p class="issue">
-<ins class="diff-chg">TODO:
-cover
-the
-case
-where
-there
-are
-more
-than
-one
-URI
-entry
-</ins></p>
-</dd>
-<dt>
-<dfn id="dfn-webid_uri" title="WebID_URI">
-WebID
-<del class="diff-old">URL
-
-</del>
-<ins class="diff-chg">URI
-</ins>
-</dfn>
-</dt>
-<dd>
-A
-<del class="diff-old">URL
-</del>
-<ins class="diff-chg">URI
-</ins>
-specified
-via
-the
-<code>
-Subject
-Alternative
-Name
-</code>
-extension
-of
-the
-<a href="#dfn-identification_certificate" title="Identification_Certificate" class="tref internalDFN">
-
-Identification
-Certificate
-</a>
-that
-identifies
-an
-<a href="#dfn-identification_agent" title="Identification_Agent" class="tref internalDFN">
-Identification
-Agent
-</a>.
-</dd>
-<dt>
-<dfn id="dfn-public_key" title="public_key">
-public
-key
-</dfn>
-</dt>
-<dd>
-A
-widely
-distributed
-<del class="diff-old">crytographic
-</del>
-<ins class="diff-chg">cryptographic
-
-</ins>
-key
-that
-can
-be
-used
-to
-verify
-digital
-signatures
-and
-encrypt
-data
-between
-a
-sender
-and
-a
-receiver.
-A
-public
-key
-is
-always
-included
-in
-an
-<a href="#dfn-identification_certificate" title="Identification_Certificate" class="tref internalDFN">
-Identification
-Certificate
-</a>.
-</dd>
-<dt>
-<dfn id="dfn-webid_profile" title="WebID_Profile">
-WebID
-Profile
-</dfn>
-</dt>
-<dd>
-A
-structured
-document
-that
-contains
-identification
-credentials
-for
-the
-<a href="#dfn-identification_agent" title="Identification_Agent" class="tref internalDFN">
-Identification
-Agent
-</a>
-expressed
-using
-the
-Resource
-Description
-Framework
-[
-
-<cite>
-<a href="#bib-RDF-CONCEPTS" rel="biblioentry" class="bibref">
-RDF-CONCEPTS
-</a>
-</cite>
-].
-Either
-the
-XHTML+RDFa
-1.1
-[
-<cite>
-<a href="#bib-XHTML-RDFA" rel="biblioentry" class="bibref">
-XHTML-RDFA
-</a>
-</cite>
-]
-serialization
-format
-or
-the
-RDF/XML
-[
-<cite>
-<a href="#bib-RDF-SYNTAX-GRAMMAR" rel="biblioentry" class="bibref">
-RDF-SYNTAX-GRAMMAR
-</a>
-</cite>
-
-]
-serialization
-format
-<em title="must" class="rfc2119">
-must
-</em>
-be
-supported
-by
-the
-mechanism,
-e.g.
-a
-Web
-Service,
-providing
-the
-WebID
-Profile
-document.
-Alternate
-RDF
-serialization
-formats,
-such
-as
-N3
-[
-<cite>
-<a href="#bib-N3" rel="biblioentry" class="bibref">
-N3
-</a>
-</cite>
-]
-or
-Turtle
-[
-<cite>
-<a href="#bib-TURTLE" rel="biblioentry" class="bibref">
-TURTLE
-</a>
-</cite>
-],
-
-<em title="may" class="rfc2119">
-may
-</em>
-be
-supported
-by
-the
-mechanism
-providing
-the
-WebID
-Profile
-document.
-<p class="issue">
-Whether
-or
-not
-RDF/XML,
-XHTML+RDFa
-1.1,
-both
-or
-neither
-serialization
-of
-RDF
-should
-be
-required
-serialization
-formats
-in
-the
-specification
-is
-currently
-under
-heavy
-debate.
-</p>
-</dd>
-</dl>
-</div>
-<div about="#creating-the-certificate" typeof="bibo:Chapter" id="creating-the-certificate" class="normative section">
-<h3>
-<span class="secno">
-2.2
-</span>
-<ins class="diff-new">Creating
-the
-certificate
-</ins></h3><p><ins class="diff-new">
-
-The
-user
-agent
-will
-create
-a
-</ins><a href="#dfn-identification_certificate" title="Identification_Certificate" class="tref internalDFN"><ins class="diff-new">
-Identification
-Certificate
-</ins></a><ins class="diff-new">
-with
-a
-</ins><code><ins class="diff-new">
-Subject
-Alternative
-Name
-</ins></code><ins class="diff-new">
-URI
-entry.
-This
-URI
-must
-be
-one
-that
-dereferences
-to
-a
-document
-the
-user
-controls
-so
-that
-he
-can
-publish
-the
-public
-key
-of
-the
-</ins><a href="#dfn-identification_certificate" title="Identification_Certificate" class="tref internalDFN"><ins class="diff-new">
-Identification
-Certificate
-</ins></a><ins class="diff-new">
-at
-this
-URI.
-</ins></p><p><ins class="diff-new">
-For
-example,
-if
-a
-user
-Joe
-controls
-</ins><code><ins class="diff-new">
-http://joe.example/profile
-
-</ins></code>,<ins class="diff-new">
-then
-his
-WebID
-can
-be
-</ins><code><ins class="diff-new">
-http://joe.example/profile#me
-</ins></code></p><p class="issue"><ins class="diff-new">
-explain
-why
-the
-WebID
-URI
-is
-different
-from
-the
-URI
-of
-the
-WebID
-profile
-document.
-</ins></p><p><ins class="diff-new">
-As
-an
-example
-to
-use
-throughout
-this
-specification
-here
-is
-the
-following
-certificate
-as
-an
-output
-of
-the
-openssl
-program.
-</ins></p><p class="example"></p><pre>Certificate:
-<ins class="diff-new">
- Data:
- Version: 3 (0x2)
- Serial Number:
- 5f:df:d6:be:2c:73:c1:fb:aa:2a:2d:23:a6:91:3b:5c
- Signature Algorithm: sha1WithRSAEncryption
-</ins> <span style="color: red;">Issuer:</span> O=FOAF+SSL, OU=The Community of Self Signers, CN=Not a Certification Authority
-
-<ins class="diff-new">
- Validity
- Not Before: Jun 8 14:16:14 2010 GMT
- Not After : Jun 8 16:16:14 2010 GMT
-</ins> <span style="color: red;">Subject:</span> O=FOAF+SSL, OU=The Community Of Self Signers/UID=https://example.org/profile#me, CN=Joe (Personal)
-<ins class="diff-new">
- Subject Public Key Info:
-</ins><span style="color: red;"> Public Key Algorithm:</span> rsaEncryption
- <span style="color: red;">Public-Key:</span> (2048 bit)
- <span style="color: red;">Modulus:</span>
-
-<ins class="diff-new">
- 00:cb:24:ed:85:d6:4d:79:4b:69:c7:01:c1:86:ac:
- c0:59:50:1e:85:60:00:f6:61:c9:32:04:d8:38:0e:
- 07:19:1c:5c:8b:36:8d:2a:c3:2a:42:8a:cb:97:03:
- 98:66:43:68:dc:2a:86:73:20:22:0f:75:5e:99:ca:
- 2e:ec:da:e6:2e:8d:15:fb:58:e1:b7:6a:e5:9c:b7:
- ac:e8:83:83:94:d5:9e:72:50:b4:49:17:6e:51:a4:
- 94:95:1a:1c:36:6c:62:17:d8:76:8d:68:2d:de:78:
- dd:4d:55:e6:13:f8:83:9c:f2:75:d4:c8:40:37:43:
- e7:86:26:01:f3:c4:9a:63:66:e1:2b:b8:f4:98:26:
- 2c:3c:77:de:19:bc:e4:0b:32:f8:9a:e6:2c:37:80:
- f5:b6:27:5b:e3:37:e2:b3:15:3a:e2:ba:72:a9:97:
- 5a:e7:1a:b7:24:64:94:97:06:6b:66:0f:cf:77:4b:
- 75:43:d9:80:95:2d:2e:85:86:20:0e:da:41:58:b0:
- 14:e7:54:65:d9:1e:cf:93:ef:c7:ac:17:0c:11:fc:
- 72:46:fc:6d:ed:79:c3:77:80:00:0a:c4:e0:79:f6:
- 71:fd:4f:20:7a:d7:70:80:9e:0e:2d:7b:0e:f5:49:
- 3b:ef:e7:35:44:d8:e1:be:3d:dd:b5:24:55:c6:13:
- 91:a1
-</ins> <span style="color: red;">Exponent:</span> 65537 (0x10001)
-<ins class="diff-new">
- X509v3 extensions:
- X509v3 Basic Constraints: critical
- CA:FALSE
- X509v3 Key Usage: critical
- Digital Signature, Non Repudiation, Key Encipherment, Key Agreement, Certificate Sign
- Netscape Cert Type:
- SSL Client, S/MIME
- X509v3 Subject Key Identifier:
- 08:8E:A5:5B:AE:5D:C3:8B:00:B7:30:62:65:2A:5A:F5:D2:E9:00:FA
-</ins> <span style="color: red;">X509v3 Subject Alternative Name:</span> critical
- <span style="color: red;">URI:</span>https://joe.example/profile#me
-<ins class="diff-new">
-
- Signature Algorithm: sha1WithRSAEncryption
- cf:8c:f8:7b:b2:af:63:f0:0e:dc:64:22:e5:8a:ba:03:1e:f1:
- ee:6f:2c:f5:f5:10:ad:4c:54:fc:49:2b:e1:0d:cd:be:3d:7c:
- 78:66:c8:ae:42:9d:75:9f:2c:29:71:91:5c:29:5b:96:ea:e1:
- e4:ef:0e:5c:f7:07:a0:1e:9c:bf:50:ca:21:e6:6c:c3:df:64:
- 29:6b:d3:8a:bd:49:e8:72:39:dd:07:07:94:ac:d5:ec:85:b1:
- a0:5c:c0:08:d3:28:2a:e6:be:ad:88:5e:2a:40:64:59:e7:f2:
- 45:0c:b9:48:c0:fd:ac:bc:fb:1b:c9:e0:1c:01:18:5e:44:bb:
- d8:b8
-</ins></pre><p class="issue"><ins class="diff-new">
-Should
-we
-formally
-require
-the
-Issuer
-to
-be
-O=FOAF+SSL,
-OU=The
-Community
-of
-Self
-Signers,
-CN=Not
-a
-Certification
-Authority.
-This
-was
-discussed
-on
-the
-list
-as
-allowing
-servers
-to
-distinguish
-certificates
-that
-are
-foaf+Ssl
-enabled
-from
-others.
-Will
-probably
-need
-some
-very
-deep
-TLS
-thinking
-to
-get
-this
-right.
-</ins></p><p class="issue"><ins class="diff-new">
-discuss
-the
-importance
-for
-UIs
-of
-the
-CN
-</ins></p></div><div about="#publishing-the-webid-profile-document" typeof="bibo:Chapter" id="publishing-the-webid-profile-document" class="normative section"><h3><span class="secno"><ins class="diff-new">
-2.3
-</ins></span><ins class="diff-new">
-Publishing
-the
-WebID
-Profile
-Document
-</ins></h3><p><ins class="diff-new">
-The
-</ins><a href="#dfn-webid_profile" title="WebID_Profile" class="tref internalDFN"><ins class="diff-new">
-WebID
-Profile
-</ins></a><ins class="diff-new">
-document
-</ins><em title="must" class="rfc2119"><ins class="diff-new">
-
-must
-</ins></em><ins class="diff-new">
-expose
-the
-relation
-between
-the
-</ins><a href="#dfn-webid_uri" title="WebID_URI" class="tref internalDFN"><ins class="diff-new">
-WebID
-URI
-</ins></a><ins class="diff-new">
-and
-the
-</ins><a href="#dfn-identification_agent" title="Identification_Agent" class="tref internalDFN"><ins class="diff-new">
-Identification
-Agent
-</ins></a><ins class="diff-new">
-'s
-</ins><a href="#dfn-public_key" title="public_key" class="tref internalDFN"><ins class="diff-new">
-public
-key
-</ins></a><ins class="diff-new">
-s
-using
-the
-</ins><code><ins class="diff-new">
-cert
-
-</ins></code><ins class="diff-new">
-and
-</ins><code><ins class="diff-new">
-rsa
-</ins></code><ins class="diff-new">
-ontologies,
-as
-well
-as
-the
-</ins><code><ins class="diff-new">
-cert
-</ins></code><ins class="diff-new">
-or
-</ins><code><ins class="diff-new">
-xsd
-</ins></code><ins class="diff-new">
-datatypes.
-The
-set
-of
-relations
-to
-be
-published
-at
-the
-</ins><a href="#dfn-webid_profile" title="WebID_Profile" class="tref internalDFN"><ins class="diff-new">
-WebID
-Profile
-</ins></a><ins class="diff-new">
-
-document
-can
-be
-presented
-in
-a
-graphical
-notation
-as
-follows.
-</ins></p><img alt="Web ID graph" src="img/WebIdGraph.jpg"><p><ins class="diff-new">
-The
-document
-can
-publish
-many
-more
-relations
-than
-are
-of
-interest
-to
-the
-WebID
-protocol,
-as
-shown
-in
-the
-above
-graph
-by
-the
-grayed
-out
-relations.
-</ins></p><p><ins class="diff-new">
-The
-encoding
-of
-this
-graph
-is
-immaterial
-to
-the
-protocol,
-so
-long
-as
-a
-well
-known
-mapping
-to
-the
-format
-of
-the
-representation
-to
-such
-a
-graph
-can
-be
-found.
-Below
-we
-discuss
-the
-most
-well
-known
-formats,
-and
-a
-method
-for
-dealing
-with
-new
-unknown
-formats
-as
-they
-come
-along.
-</ins></p><p><ins class="diff-new">
-The
-WebID
-provider
-must
-publish
-the
-graph
-of
-relations
-in
-one
-of
-the
-well
-known
-formats,
-though
-he
-may
-publish
-it
-in
-a
-number
-of
-formats
-to
-increase
-the
-useabulity
-of
-his
-site
-using
-Content
-Negotations.
-</ins></p><p class="issue"><ins class="diff-new">
-Add
-content
-negoatiation
-pointers
-</ins></p><p><ins class="diff-new">
-It
-is
-particularly
-useful
-to
-have
-one
-of
-the
-representations
-be
-in
-HTML
-or
-XHTML
-even
-if
-it
-is
-not
-marked
-up
-in
-RDFa
-as
-this
-allows
-people
-using
-a
-web
-browser
-to
-understand
-what
-the
-information
-at
-that
-URI
-represents.
-</ins></p><div about="#turtle" typeof="bibo:Chapter" id="turtle" class="normative section"><h4><span class="secno"><ins class="diff-new">
-2.3.1
-</ins></span><ins class="diff-new">
-Turtle
-</ins></h4><p><ins class="diff-new">
-A
-widely
-used
-format
-for
-writing
-RDF
-graphs
-is
-the
-Turtle
-notation.
-
-</ins></p><p class="example"></p><pre> @prefix cert: <http://www.w3.org/ns/auth/cert#> .
-<ins class="diff-new">
- @prefix rsa: <http://www.w3.org/ns/auth/rsa#> .
- @prefix foaf: <http://xmlns.com/foaf/0.1/> .
- @prefix : <https://joe.example/profile#> .
-
- :me a foaf:Person;
- foaf:name "Joe" .
-
- [] a rsa:RSAPublicKey;
- rsa:modulus """
- 00:cb:24:ed:85:d6:4d:79:4b:69:c7:01:c1:86:ac:
- c0:59:50:1e:85:60:00:f6:61:c9:32:04:d8:38:0e:
- 07:19:1c:5c:8b:36:8d:2a:c3:2a:42:8a:cb:97:03:
- 98:66:43:68:dc:2a:86:73:20:22:0f:75:5e:99:ca:
- 2e:ec:da:e6:2e:8d:15:fb:58:e1:b7:6a:e5:9c:b7:
- ac:e8:83:83:94:d5:9e:72:50:b4:49:17:6e:51:a4:
- 94:95:1a:1c:36:6c:62:17:d8:76:8d:68:2d:de:78:
- dd:4d:55:e6:13:f8:83:9c:f2:75:d4:c8:40:37:43:
- e7:86:26:01:f3:c4:9a:63:66:e1:2b:b8:f4:98:26:
- 2c:3c:77:de:19:bc:e4:0b:32:f8:9a:e6:2c:37:80:
- f5:b6:27:5b:e3:37:e2:b3:15:3a:e2:ba:72:a9:97:
- 5a:e7:1a:b7:24:64:94:97:06:6b:66:0f:cf:77:4b:
- 75:43:d9:80:95:2d:2e:85:86:20:0e:da:41:58:b0:
- 14:e7:54:65:d9:1e:cf:93:ef:c7:ac:17:0c:11:fc:
- 72:46:fc:6d:ed:79:c3:77:80:00:0a:c4:e0:79:f6:
- 71:fd:4f:20:7a:d7:70:80:9e:0e:2d:7b:0e:f5:49:
- 3b:ef:e7:35:44:d8:e1:be:3d:dd:b5:24:55:c6:13:
- 91:a1
- """^^cert:hex;
- rsa:public_exponent "65537"^^cert:int;
- cert:identity :me .
-
-</ins></pre></div><div class="section" about="#rdfa-html-notation" typeof="bibo:Chapter" id="rdfa-html-notation"><h4><span class="secno"><ins class="diff-new">
-2.3.2
-</ins></span><ins class="diff-new">
-RDFa
-HTML
-notation
-</ins></h4><p><ins class="diff-new">
-There
-are
-many
-ways
-of
-writing
-out
-the
-above
-graph
-using
-RDFa
-in
-html.
-Here
-is
-just
-one
-example.
-</ins></p><p class="example"></p><pre><html xmlns="http://www.w3.org/1999/xhtml"
-<ins class="diff-new">
- xmlns:cert="http://www.w3.org/ns/auth/cert#"
- xmlns:foaf="http://xmlns.com/foaf/0.1/"
- xmlns:owl="http://www.w3.org/2002/07/owl#"
- xmlns:rsa="http://www.w3.org/ns/auth/rsa#"
- xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#">
-<head>
-</head>
-<body>
-
-<h2>My RSA Public Key</h2>
-
- <dl typeof="rsa:RSAPublicKey">
- <dt>WebId</dt><dd href="#me" rel="cert:identity">http://joe.example/profile#me</dd>
- <dt>Modulus (hexadecimal)</dt>
- <dd property="rsa:modulus" datatype="cert:hex">
- 00:cb:24:ed:85:d6:4d:79:4b:69:c7:01:c1:86:ac:
- c0:59:50:1e:85:60:00:f6:61:c9:32:04:d8:38:0e:
- 07:19:1c:5c:8b:36:8d:2a:c3:2a:42:8a:cb:97:03:
- 98:66:43:68:dc:2a:86:73:20:22:0f:75:5e:99:ca:
- 2e:ec:da:e6:2e:8d:15:fb:58:e1:b7:6a:e5:9c:b7:
- ac:e8:83:83:94:d5:9e:72:50:b4:49:17:6e:51:a4:
- 94:95:1a:1c:36:6c:62:17:d8:76:8d:68:2d:de:78:
- dd:4d:55:e6:13:f8:83:9c:f2:75:d4:c8:40:37:43:
- e7:86:26:01:f3:c4:9a:63:66:e1:2b:b8:f4:98:26:
- 2c:3c:77:de:19:bc:e4:0b:32:f8:9a:e6:2c:37:80:
- f5:b6:27:5b:e3:37:e2:b3:15:3a:e2:ba:72:a9:97:
- 5a:e7:1a:b7:24:64:94:97:06:6b:66:0f:cf:77:4b:
- 75:43:d9:80:95:2d:2e:85:86:20:0e:da:41:58:b0:
- 14:e7:54:65:d9:1e:cf:93:ef:c7:ac:17:0c:11:fc:
- 72:46:fc:6d:ed:79:c3:77:80:00:0a:c4:e0:79:f6:
- 71:fd:4f:20:7a:d7:70:80:9e:0e:2d:7b:0e:f5:49:
- 3b:ef:e7:35:44:d8:e1:be:3d:dd:b5:24:55:c6:13:
- 91:a1
- </dd>
- <dt>Exponent (decimal)</dt>
- <dd property="rsa:public_exponent" datatype="cert:int">65537</dd>
- </dl>
-
-</body>
-</html>
-</ins></pre><p><ins class="diff-new">
-If
-a
-WebId
-provider
-would
-rather
-prefer
-not
-to
-mark
-up
-his
-data
-in
-RDFa,
-but
-just
-provide
-a
-human
-readable
-format
-for
-users
-and
-have
-the
-RDF
-graph
-appear
-in
-a
-machine
-readable
-format
-such
-as
-RDF/XML
-then
-he
-should
-publish
-the
-link
-from
-the
-HTML
-to
-the
-machine
-readable
-format
-as
-follows:
-</ins></p><p class="example"></p><pre><html>
-<ins class="diff-new">
-<head>
-<link type="rel" type="application/rdf+xml" href="profile.rdf"/>
-</head>
-<body> ... </body>
-
-</html>
-</ins></pre></div><div class="section" about="#in-rdf-xml" typeof="bibo:Chapter" id="in-rdf-xml"><h4><span class="secno"><ins class="diff-new">
-2.3.3
-</ins></span><ins class="diff-new">
-In
-RDF/XML
-</ins></h4><p><ins class="diff-new">
-RDF/XML
-is
-easy
-to
-generate
-automatically
-from
-structured
-data,
-be
-it
-in
-object
-notiation
-or
-in
-relational
-databases.
-Parsers
-for
-it
-are
-also
-widely
-available.
-</ins></p><p class="issue"><ins class="diff-new">
-TODO:
-the
-dsa
-ontology
-</ins></p></div><div class="section" about="#in-portable-contacts-format-using-grddl" typeof="bibo:Chapter" id="in-portable-contacts-format-using-grddl"><h4><span class="secno"><ins class="diff-new">
-2.3.4
-</ins></span><ins class="diff-new">
-In
-Portable
-Contacts
-format
-using
-GRDDL
-</ins></h4><p class="issue"><ins class="diff-new">
-TODO:
-discuss
-other
-formats
-and
-GRDDL,
-XSPARQL
-options
-for
-xml
-formats
-</ins></p><p class="issue"><ins class="diff-new">
-
-summarize
-and
-point
-to
-content
-negotiation
-documents
-</ins></p></div></div></div><div about="#the-webid-protocol" typeof="bibo:Chapter" id="the-webid-protocol" class="normative section"><h2><span class="secno"><ins class="diff-new">
-3.
-</ins></span><ins class="diff-new">
-The
-WebID
-Protocol
-</ins></h2><div about="#authentication-sequence" typeof="bibo:Chapter" id="authentication-sequence" class="normative section"><h3><span class="secno"><ins class="diff-new">
-3.1
-</ins></span>
-Authentication
-Sequence
-</h3>
-<p>
-The
-following
-steps
-are
-executed
-by
-<a href="#dfn-verification_agent" title="Verification_Agent" class="tref internalDFN">
-Verification
-<del class="diff-old">Agents
-</del>
-<ins class="diff-chg">Agent
-
-</ins></a><ins class="diff-chg">
-s
-</ins>
-and
-<a href="#dfn-identification_agent" title="Identification_Agent" class="tref internalDFN">
-Identification
-<del class="diff-old">Agents
-</del>
-<ins class="diff-chg">Agent
-</ins></a><ins class="diff-chg">
-s
-to
-determine
-the
-global
-identity
-of
-the
-requesting
-agent.
-Once
-this
-is
-known,
-the
-identity
-can
-be
-used
-</ins>
-to
-determine
-if
-access
-should
-be
-granted
-to
-<del class="diff-old">a
-particular
-</del>
-<ins class="diff-chg">the
-requested
-</ins>
-
-resource.
-</p>
-<ol>
-<li>
-The
-<a href="#dfn-identification_agent" title="Identification_Agent" class="tref internalDFN">
-Identification
-Agent
-</a>
-attempts
-to
-access
-a
-resource
-using
-HTTP
-over
-TLS
-[
-<cite>
-<a href="#bib-HTTP-TLS" rel="biblioentry" class="bibref">
-HTTP-TLS
-</a>
-</cite>
-]
-via
-the
-<a href="#dfn-verification_agent" title="Verification_Agent" class="tref internalDFN">
-Verification
-Agent
-
-</a>.
-</li>
-<li>
-The
-<a href="#dfn-verification_agent" title="Verification_Agent" class="tref internalDFN">
-Verification
-Agent
-</a>
-<em title="must" class="rfc2119">
-must
-</em>
-request
-the
-<a href="#dfn-identification_certificate" title="Identification_Certificate" class="tref internalDFN">
-Identification
-Certificate
-</a>
-of
-the
-<a href="#dfn-identification_agent" title="Identification_Agent" class="tref internalDFN">
-Identification
-Agent
-
-</a>
-as
-a
-part
-of
-the
-TLS
-<del class="diff-old">client-cerificate
-</del>
-<ins class="diff-chg">client-certificate
-</ins>
-retrieval
-protocol.
-</li>
-<li>
-The
-<a href="#dfn-verification_agent" title="Verification_Agent" class="tref internalDFN">
-Verification
-Agent
-</a>
-<em title="must" class="rfc2119">
-must
-</em>
-extract
-the
-
-<a href="#dfn-public_key" title="public_key" class="tref internalDFN">
-public
-key
-</a>
-and
-the
-<a href="#dfn-webid_uri" title="WebID_URI" class="tref internalDFN">
-WebID
-<del class="diff-old">URL
-</del>
-<ins class="diff-chg">URI
-</ins>
-</a>
-contained
-in
-the
-<code>
-Subject
-Alternative
-Name
-</code>
-extension
-of
-the
-<a href="#dfn-identification_certificate" title="Identification_Certificate" class="tref internalDFN">
-
-Identification
-Certificate
-</a>.
-<p class="issue">
-<ins class="diff-new">There
-may
-be
-more
-than
-one
-URI
-in
-the
-SAN
-</ins></p>
-</li>
-<li>
-The
-<a href="#dfn-verification_agent" title="Verification_Agent" class="tref internalDFN">
-<ins class="diff-chg">Verification
-Agent
-</ins></a><ins class="diff-chg">
-verifies
-that
-the
-</ins><a href="#dfn-identification_agent" title="Identification_Agent" class="tref internalDFN"><ins class="diff-chg">
-Identification
-Agent
-</ins></a><ins class="diff-chg">
-owns
-the
-private
-key
-corresponding
-to
-the
-</ins>
-
-public
-key
-<ins class="diff-new">sent
-in
-the
-</ins><a href="#dfn-identification_certificate" title="Identification_Certificate" class="tref internalDFN"><ins class="diff-new">
-Identification
-Certificate
-</ins></a>.<ins class="diff-new">
-This
-</ins><em title="should" class="rfc2119"><ins class="diff-new">
-should
-</ins></em><ins class="diff-new">
-be
-fulfilled
-by
-performing
-TLS
-mutual-authentication
-between
-the
-</ins><a href="#dfn-verification_agent" title="Verification_Agent" class="tref internalDFN"><ins class="diff-new">
-Verification
-Agent
-</ins>
-</a>
-<del class="diff-old">information
-associated
-with
-</del>
-
-<ins class="diff-chg">and
-</ins>
-the
-<del class="diff-old">WebID
-URL
-</del>
-<a href="#dfn-identification_agent" title="Identification_Agent" class="tref internalDFN">
-<ins class="diff-chg">Identification
-Agent
-</ins></a>.<ins class="diff-chg">
-If
-the
-</ins><a href="#dfn-verification_agent" title="Verification_Agent" class="tref internalDFN"><ins class="diff-chg">
-Verification
-Agent
-</ins>
-</a>
-<del class="diff-old">must
-</del>
-<ins class="diff-chg">does
-not
-have
-access
-to
-the
-TLS
-layer,
-a
-digital
-signature
-challenge
-
-</ins><em title="may" class="rfc2119"><ins class="diff-chg">
-may
-</ins>
-</em>
-be
-<del class="diff-old">checked
-</del>
-<ins class="diff-chg">provided
-</ins>
-by
-the
-<a href="#dfn-verification_agent" title="Verification_Agent" class="tref internalDFN">
-Verification
-Agent
-</a>.
-<del class="diff-old">This
-process
-should
-occur
-</del>
-<ins class="diff-chg">These
-processes
-are
-detailed
-in
-the
-section
-on
-</ins><a href="#secure-communication"><ins class="diff-chg">
-
-Secure
-Communication
-</ins></a>.<p class="issue"><ins class="diff-chg">
-We
-don't
-have
-any
-implementations
-for
-this
-second
-way
-of
-doing
-things,
-so
-this
-is
-still
-hypothetical.
-Implementations
-using
-TLS
-mutual-authentication
-are
-many
-</ins></p></li><li><ins class="diff-chg">
-The
-meaning
-of
-the
-</ins><a href="#dfn-webid_uri" title="WebID_URI" class="tref internalDFN"><ins class="diff-chg">
-WebID
-URI
-</ins></a><ins class="diff-chg">
-is
-a
-graph
-of
-relations
-that
-is
-fetched
-by
-the
-</ins><a href="#dfn-verification_agent" title="Verification_Agent" class="tref internalDFN"><ins class="diff-chg">
-Verification
-Agent
-</ins></a>
-either
-by
-dereferencing
-the
-<a href="#dfn-webid_uri" title="WebID_URI" class="tref internalDFN">
-WebID
-<del class="diff-old">URL
-
-</del>
-<ins class="diff-chg">URI
-</ins>
-</a>
-and
-extracting
-RDF
-data
-from
-the
-resulting
-document,
-or
-by
-utilizing
-a
-cached
-version
-of
-the
-RDF
-data
-contained
-in
-the
-document
-or
-other
-data
-source
-that
-is
-up-to-date
-and
-trusted
-by
-the
-<a href="#dfn-verification_agent" title="Verification_Agent" class="tref internalDFN">
-Verification
-Agent
-</a>.
-The
-processing
-<del class="diff-old">and
-extraction
-</del>
-mechanism
-is
-further
-detailed
-in
-the
-sections
-titled
-<a href="#processing-the-webid-profile">
-Processing
-the
-WebID
-Profile
-</a>
-<del class="diff-old">and
-Extracting
-WebID
-URL
-Details
-.
-</del>
-</li>
-
-<li>
-If
-the
-<a href="#dfn-public_key" title="public_key" class="tref internalDFN">
-public
-key
-</a>
-in
-the
-<a href="#dfn-identification_certificate" title="Identification_Certificate" class="tref internalDFN">
-Identification
-Certificate
-</a>
-<del class="diff-old">is
-found
-</del>
-<ins class="diff-chg">matches
-one
-</ins>
-in
-the
-<del class="diff-old">list
-of
-public
-key
-s
-associated
-with
-the
-WebID
-URL
-,
-the
-Verification
-Agent
-must
-assume
-that
-the
-client
-intends
-to
-use
-</del>
-<ins class="diff-chg">set
-given
-by
-
-</ins>
-the
-<del class="diff-old">public
-key
-to
-verify
-their
-ownership
-of
-</del>
-<ins class="diff-chg">profile
-document
-graph
-given
-above
-then
-</ins>
-the
-<del class="diff-old">WebID
-URL.
-The
-</del>
-<a href="#dfn-verification_agent" title="Verification_Agent" class="tref internalDFN">
-Verification
-Agent
-</a>
-<del class="diff-old">verifies
-</del>
-<ins class="diff-chg">knows
-</ins>
-that
-the
-
-<a href="#dfn-identification_agent" title="Identification_Agent" class="tref internalDFN">
-Identification
-Agent
-</a>
-<del class="diff-old">owns
-the
-WebID
-Profile
-by
-using
-the
-public
-key
-to
-create
-a
-cryptographic
-challenge.
-The
-challenge
-should
-be
-fulfilled
-</del>
-<ins class="diff-chg">is
-indeed
-identified
-</ins>
-by
-<del class="diff-old">performing
-TLS
-mutual-authentication
-between
-the
-Verification
-Agent
-and
-</del>
-the
-<del class="diff-old">Identification
-Agent
-</del>
-<a href="#dfn-webid_uri" title="WebID_URI" class="tref internalDFN">
-<ins class="diff-chg">WebID
-URI
-</ins>
-</a>.
-
-<del class="diff-old">If
-the
-Verification
-Agent
-does
-not
-have
-access
-to
-the
-TLS
-layer,
-a
-digital
-signature
-challenge
-must
-be
-provided
-</del>
-<ins class="diff-chg">The
-verification
-is
-done
-</ins>
-by
-<ins class="diff-new">querying
-</ins>
-the
-<del class="diff-old">Verification
-Agent
-.
-These
-processes
-are
-detailed
-</del>
-<ins class="diff-chg">Personal
-Profile
-graph
-as
-specified
-</ins>
-in
-<a href="#extracting-webid-uri-details">
-<ins class="diff-new">querying
-</ins>
-the
-
-<del class="diff-old">sections
-titled
-Authorization
-and
-Secure
-Communication
-</del>
-<ins class="diff-chg">RDF
-graph
-</ins>
-</a>.
-</li>
-</ol>
-<p>
-The
-<a href="#dfn-identification_agent" title="Identification_Agent" class="tref internalDFN">
-Identification
-Agent
-</a>
-<em title="may" class="rfc2119">
-may
-</em>
-re-establish
-a
-different
-identity
-at
-any
-time
-by
-executing
-all
-of
-the
-steps
-in
-the
-Authentication
-Sequence
-again.
-Additional
-algorithms,
-detailed
-in
-the
-next
-section,
-<em title="may" class="rfc2119">
-
-may
-</em>
-be
-performed
-to
-determine
-if
-the
-<a href="#dfn-verification_agent" title="Verification_Agent" class="tref internalDFN">
-Verification
-Agent
-</a>
-can
-access
-a
-particular
-resource
-after
-the
-last
-step
-of
-the
-Authentication
-Sequence
-has
-been
-completed.
-</p>
-</div>
-<div about="#authentication-sequence-details" typeof="bibo:Chapter" id="authentication-sequence-details" class="normative section">
-<h3>
-<span class="secno">
-<del class="diff-old">2.3
-</del>
-<ins class="diff-chg">3.2
-</ins>
-</span>
-
-Authentication
-Sequence
-Details
-</h3>
-<p>
-This
-section
-covers
-details
-about
-each
-step
-in
-the
-authentication
-process.
-</p>
-<div about="#initiating-a-tls-connection" typeof="bibo:Chapter" id="initiating-a-tls-connection" class="normative section">
-<h4>
-<span class="secno">
-<del class="diff-old">2.3.1
-</del>
-<ins class="diff-chg">3.2.1
-</ins>
-</span>
-Initiating
-a
-TLS
-Connection
-</h4>
-<p class="issue">
-This
-section
-will
-detail
-how
-the
-TLS
-connection
-process
-is
-started
-and
-used
-by
-WebID
-to
-create
-a
-secure
-channel
-between
-the
-Identification
-Agent
-and
-the
-Verification
-Agent.
-
-</p>
-</div>
-<div about="#exchanging-the-identification-certificate" typeof="bibo:Chapter" id="exchanging-the-identification-certificate" class="normative section">
-<h4>
-<span class="secno">
-<del class="diff-old">2.3.2
-</del>
-<ins class="diff-chg">3.2.2
-</ins>
-</span>
-Exchanging
-the
-Identification
-Certificate
-</h4>
-<p class="issue">
-This
-section
-will
-detail
-how
-the
-certificate
-is
-selected
-and
-sent
-to
-the
-Verification
-Agent.
-</p>
-</div>
-<div about="#processing-the-webid-profile" typeof="bibo:Chapter" id="processing-the-webid-profile" class="normative section">
-
-<h4>
-<span class="secno">
-<del class="diff-old">2.3.3
-</del>
-<ins class="diff-chg">3.2.3
-</ins>
-</span>
-Processing
-the
-WebID
-Profile
-</h4>
-<p>
-A
-<a href="#dfn-verification_agent" title="Verification_Agent" class="tref internalDFN">
-Verification
-Agent
-</a>
-<em title="must" class="rfc2119">
-must
-</em>
-
-be
-able
-to
-process
-documents
-in
-RDF/XML
-[
-<cite>
-<a href="#bib-RDF-SYNTAX-GRAMMAR" rel="biblioentry" class="bibref">
-RDF-SYNTAX-GRAMMAR
-</a>
-</cite>
-]
-and
-XHTML+RDFa
-[
-<cite>
-<a href="#bib-XHTML-RDFA" rel="biblioentry" class="bibref">
-XHTML-RDFA
-</a>
-</cite>
-].
-A
-server
-responding
-to
-a
-<a href="#dfn-webid_profile" title="WebID_Profile" class="tref internalDFN">
-WebID
-Profile
-</a>
-request
-
-<em title="should" class="rfc2119">
-should
-</em>
-<del class="diff-old">support
-HTTP
-content
-negotiation.
-</del>
-<ins class="diff-chg">be
-able
-to
-deliver
-at
-least
-RDF/XML
-or
-RDFa.
-</ins>
-The
-<del class="diff-old">server
-</del>
-<a href="#dfn-verification_agent" title="Verification_Agent" class="tref internalDFN">
-<ins class="diff-chg">Verification
-Agent
-</ins></a><em title="must" class="rfc2119">
-must
-</em>
-<del class="diff-old">return
-a
-representation
-in
-RDF/XML
-for
-media
-type
-</del>
-
-<ins class="diff-chg">set
-the
-Accept-Header
-to
-request
-</ins>
-<code>
-application/rdf+xml
-<del class="diff-old">.
-The
-server
-must
-return
-</del>
-</code>
-<ins class="diff-chg">with
-</ins>
-a
-<del class="diff-old">representation
-in
-XHTML+RDFa
-for
-media
-type
-</del>
-<ins class="diff-chg">higher
-priority
-than
-</ins>
-<code>
-text/html
-</code>
-
-<del class="diff-old">or
-media
-type
-</del>
-<ins class="diff-chg">and
-</ins>
-<code>
-application/xhtml+xml
-</code>.
-<del class="diff-old">Verification
-Agents
-and
-Identification
-Agents
-may
-</del>
-<ins class="diff-chg">If
-the
-server
-answers
-such
-a
-request
-with
-an
-HTML
-representation
-of
-the
-resource,
-this
-</ins><em title="should" class="rfc2119"><ins class="diff-chg">
-should
-</ins>
-</em>
-<del class="diff-old">support
-any
-other
-RDF
-format
-via
-HTTP
-content
-negotiation.
-</del>
-<ins class="diff-chg">describe
-the
-WebId
-Profile
-with
-RDFa.
-
-</ins>
-</p>
-<p class="issue">
-This
-section
-will
-explain
-how
-a
-Verification
-Agent
-extracts
-semantic
-data
-describing
-the
-identification
-credentials
-from
-a
-WebID
-Profile.
-</p>
-</div>
-<div about="#verifying-the-webid-is-identified-by-that-public-key" typeof="bibo:Chapter" id="verifying-the-webid-is-identified-by-that-public-key" class="normative section">
-<h4>
-<span class="secno">
-<del class="diff-old">2.3.4
-</del>
-<ins class="diff-chg">3.2.4
-</ins>
-</span>
-<del class="diff-old">Extracting
-</del>
-<ins class="diff-chg">Verifying
-the
-
-</ins>
-WebID
-<del class="diff-old">URL
-Details
-</del>
-<ins class="diff-chg">is
-identified
-by
-that
-public
-key
-</ins>
-</h4>
-<p>
-The
-<a href="#dfn-verification_agent" title="Verification_Agent" class="tref internalDFN">
-Verification
-Agent
-</a>
-<del class="diff-old">may
-use
-a
-</del>
-<ins class="diff-chg">must
-check
-that
-the
-</ins><a href="#dfn-webid_profile" title="WebID_Profile" class="tref internalDFN"><ins class="diff-chg">
-WebID
-Profile
-
-</ins></a><ins class="diff-chg">
-associates
-the
-WebID
-with
-the
-public
-key
-given
-in
-the
-X.509
-Certificate.
-There
-are
-</ins>
-number
-of
-<del class="diff-old">different
-methods
-to
-extract
-</del>
-<ins class="diff-chg">ways
-of
-doing
-this,
-each
-of
-which
-essentially
-consists
-in
-checking
-that
-the
-graph
-of
-relations
-in
-the
-Profile
-contain
-a
-pattern
-of
-relations.
-</ins></p><p><ins class="diff-chg">
-Assuming
-</ins>
-the
-public
-key
-<del class="diff-old">information
-from
-</del>
-<ins class="diff-chg">is
-an
-RSA
-key,
-and
-that
-its
-modulus
-is
-"9D79BFE2498..."
-and
-exponent
-"65537"
-then
-</ins>
-the
-<del class="diff-old">WebID
-Profile
-.
-
-</del>
-<ins class="diff-chg">query
-to
-ask
-the
-graph
-is
-</ins>
-</p>
-<del class="diff-old">The
-following
-SPARQL
-</del>
-<pre class="example">PREFIX cert: <http://www.w3.org/ns/auth/cert#>
-<ins class="diff-chg">PREFIX rsa: <http://www.w3.org/ns/auth/rsa#>
-ASK {
- [] cert:identity <http://example.org/webid#public>;
- rsa:modulus "9D79BFE2498..."^^cert:hex;
- rsa:public_exponent "65537"^^cert:int .
-}
-</ins></pre><p><ins class="diff-chg">
-If
-the
-
-</ins>
-query
-<del class="diff-old">outlines
-one
-way
-in
-which
-</del>
-<ins class="diff-chg">returns
-true,
-then
-</ins>
-the
-<ins class="diff-chg">graph
-has
-validated
-the
-associated
-</ins>
-public
-key
-<ins class="diff-chg">with
-the
-WebID.
-</ins></p><p><ins class="diff-chg">
-The
-above
-requires
-the
-graph
-to
-be
-able
-to
-do
-inferencing
-on
-dataytypes.
-This
-is
-because
-people
-may
-publish
-their
-modulus
-string
-in
-a
-number
-of
-syntactical
-ways.
-The
-modulus
-can
-be
-colon
-seperated,
-spread
-over
-a
-number
-of
-lines,
-or
-contain
-arbitrary
-non
-hex
-characters
-such
-as
-"9D
-☮
-79
-☮
-BF
-☮
-E2
-☮
-F4
-☮
-98
-☮..."
-.
-The
-datatype
-itself
-need
-not
-necessarily
-be
-expressed
-in
-cert:hex,
-but
-</ins>
-could
-<ins class="diff-new">use
-a
-number
-of
-xsd
-integer
-datatype
-notations,
-cert:int
-or
-future
-base64
-notations.
-</ins></p><p class="issue"><ins class="diff-new">
-
-Should
-we
-define
-the
-base64
-notation?
-</ins></p><p><ins class="diff-new">
-If
-a
-</ins><a title="Verifying_Agent" class="tref"><ins class="diff-new">
-Verifying
-Agent
-</ins></a><ins class="diff-new">
-does
-not
-have
-access
-to
-a
-literal
-inferencing
-engine,
-then
-the
-modulus
-should
-</ins>
-be
-extracted
-from
-the
-<del class="diff-old">WebID
-</del>
-<ins class="diff-chg">graph,
-normalised
-into
-a
-big
-integer
-(integers
-without
-an
-upper
-bound),
-and
-compared
-with
-the
-values
-given
-in
-the
-public
-key
-certificate.
-After
-replacing
-the
-</ins><code><ins class="diff-chg">
-?webid
-</ins></code><ins class="diff-chg">
-variable
-in
-the
-following
-query
-with
-the
-required
-value
-the
-</ins><a title="Verifying_Agent" class="tref"><ins class="diff-chg">
-
-Verifying
-Agent
-</ins></a><ins class="diff-chg">
-can
-query
-the
-</ins>
-Profile
-<del class="diff-old">:
-PREFIX cert: <http://www.w3.org/ns/auth/cert#>
-PREFIX rsa: <http://www.w3.org/ns/auth/rsa#>
-SELECT ?modulus ?exp
-WHERE {
- ?key cert:identity <http://example.org/webid#public>;
- a rsa:RSAPublicKey;
- rsa:modulus [ cert:hex ?modulus; ];
- rsa:public_exponent [ cert:decimal ?exp ] .
-</del>
-<ins class="diff-chg">Graph
-with
-</ins></p><pre class="example">PREFIX cert: <http://www.w3.org/ns/auth/cert#>
-
-<ins class="diff-chg">
-PREFIX rsa: <http://www.w3.org/ns/auth/rsa#>
-SELECT ?m ?e
-WHERE {
- [] cert:identity ?webid ;
- rsa:modulus ?m ;
- rsa:public_exponent ?e .
-</ins>
-}
-</pre>
-<p>
-<ins class="diff-chg">Here
-the
-verification
-agent
-must
-check
-that
-one
-of
-the
-answers
-for
-?m
-and
-?e
-matches
-the
-integer
-values
-of
-the
-modulus
-and
-exponent
-given
-in
-the
-public
-key
-in
-the
-certificate.
-</ins></p>
-<p class="issue">
-<del class="diff-old">This
-section
-still
-needs
-more
-information.
-</del>
-<ins class="diff-chg">The
-public
-key
-could
-be
-a
-DSA
-key.
-We
-need
-to
-add
-an
-ontology
-for
-DSA
-too.
-What
-other
-cryptographic
-ontologies
-should
-we
-add?
-</ins>
-</p>
-
-</div>
-<div about="#authorization" typeof="bibo:Chapter" id="authorization" class="normative section">
-<h4>
-<span class="secno">
-<del class="diff-old">2.3.5
-</del>
-<ins class="diff-chg">3.2.5
-</ins>
-</span>
-Authorization
-</h4>
-<p class="issue">
-This
-section
-will
-explain
-how
-a
-Verification
-Agent
-may
-use
-the
-information
-discovered
-via
-a
-WebID
-<del class="diff-old">URL
-</del>
-<ins class="diff-chg">URI
-</ins>
-
-to
-determine
-if
-one
-should
-be
-able
-to
-access
-a
-particular
-resource.
-It
-will
-explain
-how
-a
-Verification
-Agent
-can
-use
-links
-to
-other
-RDFa
-documents
-to
-build
-knowledge
-about
-the
-given
-WebID.
-</p>
-</div>
-<div about="#secure-communication" typeof="bibo:Chapter" id="secure-communication" class="normative section">
-<h4>
-<span class="secno">
-<del class="diff-old">2.3.6
-</del>
-<ins class="diff-chg">3.2.6
-</ins>
-</span>
-Secure
-Communication
-</h4>
-<p class="issue">
-This
-section
-will
-explain
-how
-an
-Identification
-Agent
-and
-a
-Verification
-Agent
-may
-communicate
-securely
-using
-a
-set
-of
-verified
-identification
-credentials.
-</p>
-<p>
-
-If
-the
-<a href="#dfn-verification_agent" title="Verification_Agent" class="tref internalDFN">
-Verification
-Agent
-</a>
-has
-verified
-that
-the
-<a href="#dfn-webid_profile" title="WebID_Profile" class="tref internalDFN">
-WebID
-Profile
-</a>
-is
-owned
-by
-the
-<a href="#dfn-identification_agent" title="Identification_Agent" class="tref internalDFN">
-Identification
-Agent
-</a>,
-the
-<a href="#dfn-verification_agent" title="Verification_Agent" class="tref internalDFN">
-Verification
-Agent
-</a>
-<em title="should" class="rfc2119">
-should
-
-</em>
-use
-the
-verified
-<a href="#dfn-public_key" title="public_key" class="tref internalDFN">
-public
-key
-</a>
-contained
-in
-the
-<a href="#dfn-identification_certificate" title="Identification_Certificate" class="tref internalDFN">
-Identification
-Certificate
-</a>
-for
-all
-TLS-based
-communication
-with
-the
-<a href="#dfn-identification_agent" title="Identification_Agent" class="tref internalDFN">
-Identification
-Agent
-</a>.
-This
-ensures
-that
-both
-the
-<del class="diff-old">Authorization
-</del>
-<a href="#dfn-verification_agent" title="Verification_Agent" class="tref internalDFN">
-<ins class="diff-chg">Verification
-
-</ins>
-Agent
-</a>
-and
-the
-<a href="#dfn-identification_agent" title="Identification_Agent" class="tref internalDFN">
-Identification
-Agent
-</a>
-are
-communicating
-in
-a
-secure
-manner,
-ensuring
-cryptographically
-protected
-privacy
-for
-both
-sides.
-</p>
-</div>
-</div>
-<div about="#the-webid-profile" typeof="bibo:Chapter" id="the-webid-profile" class="normative section">
-<h3>
-<span class="secno">
-<del class="diff-old">2.4
-</del>
-<ins class="diff-chg">3.3
-
-</ins>
-</span>
-The
-WebID
-Profile
-</h3>
-<p>
-The
-<a href="#dfn-webid_profile" title="WebID_Profile" class="tref internalDFN">
-WebID
-Profile
-</a>
-is
-a
-structured
-document
-that
-contains
-identification
-credentials
-for
-the
-<a href="#dfn-identification_agent" title="Identification_Agent" class="tref internalDFN">
-Identification
-Agent
-</a>
-expressed
-using
-the
-Resource
-Description
-Framework
-[
-<cite>
-<a href="#bib-RDF-CONCEPTS" rel="biblioentry" class="bibref">
-RDF-CONCEPTS
-
-</a>
-</cite>
-].
-The
-following
-sections
-describe
-how
-to
-express
-certain
-common
-properties
-that
-could
-be
-used
-by
-<a href="#dfn-verification_agent" title="Verification_Agent" class="tref internalDFN">
-Verification
-Agent
-</a>
-s
-and
-other
-entities
-that
-consume
-a
-<a href="#dfn-webid_profile" title="WebID_Profile" class="tref internalDFN">
-WebID
-Profile
-</a>.
-</p>
-<p>
-The
-following
-vocabularies
-are
-used
-in
-their
-shortened
-form
-in
-the
-subsequent
-sections:
-</p>
-<dl>
-<dt>
-foaf
-
-</dt>
-<dd>
-http://xmlns.com/foaf/0.1/
-</dd>
-<dt>
-cert
-</dt>
-<dd>
-http://www.w3.org/ns/auth/cert#
-</dd>
-<dt>
-rsa
-</dt>
-<dd>
-http://www.w3.org/ns/auth/rsa#
-</dd>
-</dl>
-
-<div about="#personal-information" typeof="bibo:Chapter" id="personal-information" class="normative section">
-<h4>
-<span class="secno">
-<del class="diff-old">2.4.1
-</del>
-<ins class="diff-chg">3.3.1
-</ins>
-</span>
-Personal
-Information
-</h4>
-<p>
-Personal
-details
-are
-the
-most
-common
-requirement
-when
-registering
-an
-account
-with
-a
-website.
-Some
-of
-these
-pieces
-of
-information
-include
-an
-e-mail
-address,
-a
-name
-and
-perhaps
-an
-avatar
-image.
-This
-section
-includes
-properties
-that
-<em title="should" class="rfc2119">
-should
-</em>
-be
-used
-when
-conveying
-key
-pieces
-of
-personal
-information
-but
-are
-<em title="not required" class="rfc2119">
-
-not
-required
-</em>
-to
-be
-present
-in
-a
-<a href="#dfn-webid_profile" title="WebID_Profile" class="tref internalDFN">
-WebID
-<del class="diff-old">Profile:
-</del>
-<ins class="diff-chg">Profile
-</ins></a>:
-</p>
-<dl>
-<dt>
-foaf:mbox
-</dt>
-<dd>
-The
-e-mail
-address
-that
-is
-associated
-with
-the
-WebID
-<del class="diff-old">URL.
-
-</del>
-<ins class="diff-chg">URI.
-</ins>
-</dd>
-<dt>
-foaf:name
-</dt>
-<dd>
-The
-name
-that
-is
-most
-commonly
-used
-to
-refer
-to
-the
-individual
-or
-agent.
-</dd>
-<dt>
-foaf:depiction
-</dt>
-<dd>
-An
-image
-representation
-of
-the
-individual
-or
-agent.
-</dd>
-</dl>
-
-</div>
-<div about="#cryptographic-details" typeof="bibo:Chapter" id="cryptographic-details" class="normative section">
-<h4>
-<span class="secno">
-<del class="diff-old">2.4.2
-</del>
-<ins class="diff-chg">3.3.2
-</ins>
-</span>
-Cryptographic
-Details
-</h4>
-<p>
-Cryptographic
-details
-are
-important
-when
-<a href="#dfn-verification_agent" title="Verification_Agent" class="tref internalDFN">
-Verification
-Agent
-</a>
-s
-and
-
-<a href="#dfn-identification_agent" title="Identification_Agent" class="tref internalDFN">
-Identification
-Agent
-</a>
-s
-interact.
-The
-following
-properties
-<em title="should" class="rfc2119">
-should
-</em>
-be
-used
-when
-conveying
-cryptographic
-information
-in
-<a href="#dfn-webid_profile" title="WebID_Profile" class="tref internalDFN">
-WebID
-Profile
-</a>
-documents:
-</p>
-<dl>
-<dt>
-rsa:RSAPublicKey
-</dt>
-
-<dd>
-Expresses
-an
-RSA
-public
-key.
-The
-RSAPublicKey
-<em title="must" class="rfc2119">
-must
-</em>
-specify
-the
-rsa:modulus
-and
-rsa:public_exponent
-properties.
-</dd>
-<dt>
-cert:identity
-</dt>
-<dd>
-Used
-to
-associate
-an
-RSAPublicKey
-with
-a
-WebID
-<del class="diff-old">URL.
-</del>
-<ins class="diff-chg">URI.
-</ins>
-A
-WebID
-Profile
-
-<em title="must" class="rfc2119">
-must
-</em>
-contain
-at
-least
-one
-RSAPublicKey
-that
-is
-associated
-with
-the
-corresponding
-WebID
-<del class="diff-old">URL.
-</del>
-<ins class="diff-chg">URI.
-</ins>
-</dd>
-</dl>
-</div>
-</div>
-</div>
-<div about="#history" typeof="bibo:Chapter" class="appendix informative section" id="history">
-<h2>
-<span class="secno">
-<ins class="diff-chg">A.
-
-</ins></span>
-Change
-History
-</h2>
-<p>
-<em>
-This
-section
-is
-non-normative.
-</em>
-</p>
-<p>
-<a href="">
-<ins class="diff-new">2010-08-09
-</ins></a><ins class="diff-new">
-Updates
-from
-WebID
-community:
-moved
-OpenID/OAuth
-sections
-to
-separate
-document,
-switched
-to
-the
-URI
-terminology
-instead
-of
-URL,
-added
-"Creating
-the
-certificate"
-and
-"Publishing
-the
-WebID
-Profile
-document"
-sections
-with
-a
-WebID
-graph
-and
-serializations
-in
-Turtle
-and
-RDFa,
-improved
-SPARQL
-queries
-using
-literal
-notation
-with
-cert
-datatypes,
-updated
-list
-of
-contributors,
-and
-many
-other
-fixes.
-</ins></p><p>
-<a href="http://github.com/msporny/webid-spec/commit/b19d2812901b4511fdf9876c1be53bb36ee3201e">
-2010-07-25
-</a>
-
-Added
-WebID
-Profile
-section.
-</p>
-<p>
-<a href="http://github.com/msporny/webid-spec/commit/211d197510ca119c21ae48f3e5aa3f931ea88672">
-2010-07-18
-</a>
-Updates
-from
-WebID
-community
-related
-to
-RDF/XML
-support,
-authentication
-sequence
-corrections,
-abstract
-and
-introduction
-updates.
-</p>
-<p>
-<a href="http://github.com/msporny/webid-spec/commit/a54dee9c242b08edaac617d678215b389dd3556d">
-2010-07-11
-</a>
-Initial
-version.
-</p>
-</div>
-<div about="#acknowledgements" typeof="bibo:Chapter" class="informative section" id="acknowledgements">
-<h2>
-
-<span class="secno">
-<ins class="diff-chg">B.
-</ins></span>
-Acknowledgments
-</h2>
-<p>
-<em>
-This
-section
-is
-non-normative.
-</em>
-</p>
-<p>
-The
-following
-people
-have
-been
-instrumental
-in
-providing
-thoughts,
-feedback,
-reviews,
-criticism
-and
-input
-in
-the
-creation
-of
-this
-specification:
-</p>
-<ul>
-<li>
-Melvin
-Carvalho
-</li>
-
-<li>
-Bruno
-Harbulot
-</li>
-<li>
-Toby
-Inkster
-</li>
-<li>
-Ian
-Jacobi
-</li>
-<li>
-Jeff
-Sayre
-</li>
-<li>
-Henry
-Story
-</li>
-<li>
-<ins class="diff-new">Kingsley
-Idehen,
-OpenLink
-Software
-
-</ins></li><li><ins class="diff-new">
-Seth
-Russell
-</ins></li><li><ins class="diff-new">
-Sarven
-Capadisli
-</ins></li><li><ins class="diff-new">
-Nathan
-Rixham
-</ins></li>
-</ul>
-</div>
-<div about="#references" typeof="bibo:Chapter" class="appendix section" id="references">
-<h2>
-<span class="secno">
-<del class="diff-old">A.
-</del>
-<ins class="diff-chg">C.
-</ins>
-</span>
-
-References
-</h2>
-<div class="section" about="#normative-references" typeof="bibo:Chapter" id="normative-references">
-<h3>
-<span class="secno">
-<del class="diff-old">A.1
-</del>
-<ins class="diff-chg">C.1
-</ins>
-</span>
-Normative
-references
-</h3>
-<dl about="" class="bibliography">
-<dt id="bib-HTTP-TLS">
-[HTTP-TLS]
-</dt>
-<dd rel="dcterms:requires">
-
-E.
-Rescorla.
-<a href="http://www.ietf.org/rfc/rfc2818.txt">
-<cite>
-HTTP
-Over
-TLS.
-</cite>
-</a>
-May
-2000.
-Internet
-RFC
-2818.
-URL:
-<a href="http://www.ietf.org/rfc/rfc2818.txt">
-http://www.ietf.org/rfc/rfc2818.txt
-</a>
-</dd>
-<dt id="bib-N3">
-[N3]
-</dt>
-<dd rel="dcterms:requires">
-Tim
-Berners-Lee;
-Dan
-Connolly.
-<a href="http://www.w3.org/TeamSubmission/2008/SUBM-n3-20080114/">
-
-<cite>
-Notation3
-(N3):
-A
-readable
-RDF
-syntax.
-</cite>
-</a>
-14
-January
-2008.
-W3C
-Team
-Submission.
-URL:
-<a href="http://www.w3.org/TeamSubmission/2008/SUBM-n3-20080114/">
-http://www.w3.org/TeamSubmission/2008/SUBM-n3-20080114/
-</a>
-</dd>
-<dt id="bib-RDF-PRIMER">
-[RDF-PRIMER]
-</dt>
-<dd rel="dcterms:requires">
-Frank
-Manola;
-Eric
-Miller.
-<a href="http://www.w3.org/TR/2004/REC-rdf-primer-20040210/">
-<cite>
-RDF
-Primer.
-
-</cite>
-</a>
-10
-February
-2004.
-W3C
-Recommendation.
-URL:
-<a href="http://www.w3.org/TR/2004/REC-rdf-primer-20040210/">
-http://www.w3.org/TR/2004/REC-rdf-primer-20040210/
-</a>
-</dd>
-<dt id="bib-RDF-SYNTAX-GRAMMAR">
-[RDF-SYNTAX-GRAMMAR]
-</dt>
-<dd rel="dcterms:requires">
-Dave
-Beckett.
-<a href="http://www.w3.org/TR/2004/REC-rdf-syntax-grammar-20040210">
-<cite>
-RDF/XML
-Syntax
-Specification
-(Revised).
-</cite>
-</a>
-
-10
-February
-2004.
-W3C
-Recommendation.
-URL:
-<a href="http://www.w3.org/TR/2004/REC-rdf-syntax-grammar-20040210">
-http://www.w3.org/TR/2004/REC-rdf-syntax-grammar-20040210
-</a>
-</dd>
-<dt id="bib-RDFA-CORE">
-[RDFA-CORE]
-</dt>
-<dd rel="dcterms:requires">
-Shane
-McCarron;
-et
-al.
-<a href="http://www.w3.org/TR/2010/WD-rdfa-core-20100803">
-<cite>
-RDFa
-Core
-1.1:
-Syntax
-and
-processing
-rules
-for
-embedding
-RDF
-through
-attributes.
-</cite>
-</a>
-<del class="diff-old">22
-April
-</del>
-
-<ins class="diff-chg">3
-August
-</ins>
-2010.
-W3C
-Working
-Draft.
-URL:
-<del class="diff-old">http://www.w3.org/TR/2010/WD-rdfa-core-20100422
-</del>
-<a href="http://www.w3.org/TR/2010/WD-rdfa-core-20100803">
-<ins class="diff-chg">http://www.w3.org/TR/2010/WD-rdfa-core-20100803
-</ins>
-</a>
-</dd>
-<dt id="bib-TURTLE">
-[TURTLE]
-</dt>
-<dd rel="dcterms:requires">
-David
-Beckett,
-Tim
-Berners-Lee.
-<a href="http://www.w3.org/TeamSubmission/turtle/">
-Turtle:
-Terse
-RDF
-Triple
-Language
-
-</a>
-January
-2008.
-W3C
-Team
-Submission.
-URL:
-<a href="http://www.w3.org/TeamSubmission/turtle/">
-http://www.w3.org/TeamSubmission/turtle/
-</a>
-</dd>
-<dt id="bib-X509V3">
-[X509V3]
-</dt>
-<dd rel="dcterms:requires">
-<cite>
-ITU-T
-Recommendation
-X.509
-version
-3
-(1997).
-"Information
-Technology
--
-Open
-Systems
-Interconnection
--
-The
-Directory
-Authentication
-<del class="diff-old">Framework"
-</del>
-<ins class="diff-chg">Framework"
-</ins>
-
-ISO/IEC
-9594-8:1997
-</cite>.
-</dd>
-<dt id="bib-XHTML-RDFA">
-[XHTML-RDFA]
-</dt>
-<dd rel="dcterms:requires">
-Shane
-McCarron;
-et.
-al.
-<a href="http://www.w3.org/TR/2010/WD-xhtml-rdfa-20100803">
-<cite>
-XHTML+RDFa
-1.1.
-</cite>
-</a>
-<del class="diff-old">22
-April
-</del>
-<ins class="diff-chg">3
-August
-</ins>
-
-2010.
-W3C
-Working
-Draft.
-URL:
-<del class="diff-old">http://www.w3.org/TR/WD-xhtml-rdfa-20100422
-</del>
-<a href="http://www.w3.org/TR/2010/WD-xhtml-rdfa-20100803">
-<ins class="diff-chg">http://www.w3.org/TR/WD-xhtml-rdfa-20100803
-</ins>
-</a>
-</dd>
-</dl>
-</div>
-<div class="section" about="#informative-references" typeof="bibo:Chapter" id="informative-references">
-<h3>
-<span class="secno">
-<del class="diff-old">A.2
-</del>
-<ins class="diff-chg">C.2
-</ins>
-
-</span>
-Informative
-references
-</h3>
-<dl about="" class="bibliography">
-<dt id="bib-RDF-CONCEPTS">
-[RDF-CONCEPTS]
-</dt>
-<dd rel="dcterms:references">
-Graham
-Klyne;
-Jeremy
-J.
-Carroll.
-<a href="http://www.w3.org/TR/2004/REC-rdf-concepts-20040210">
-<cite>
-Resource
-Description
-Framework
-(RDF):
-Concepts
-and
-Abstract
-Syntax.
-</cite>
-</a>
-10
-February
-2004.
-W3C
-Recommendation.
-URL:
-<a href="http://www.w3.org/TR/2004/REC-rdf-concepts-20040210">
-http://www.w3.org/TR/2004/REC-rdf-concepts-20040210
-
-</a>
-</dd>
-</dl>
-</div>
-</div>
-</body>
-</html>
Binary file drafts/ED-webid-20100809/img/WebIdGraph.jpg has changed
--- a/drafts/ED-webid-20100809/index.html Tue Jan 25 09:51:23 2011 -0500
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,1177 +0,0 @@
-<?xml version='1.0' encoding='UTF-8'?>
-<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML+RDFa 1.0//EN' 'http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd'>
-<html dir="ltr" about="" property="dcterms:language" content="en" xmlns="http://www.w3.org/1999/xhtml" xmlns:dcterms='http://purl.org/dc/terms/' xmlns:bibo='http://purl.org/ontology/bibo/' xmlns:foaf='http://xmlns.com/foaf/0.1/' xmlns:xsd='http://www.w3.org/2001/XMLSchema#'>
-<head>
-
-
-
- <title>WebID 1.0</title>
- <meta content="text/html;charset=utf-8" http-equiv="Content-Type" />
-
-<!--
- === NOTA BENE ===
- For the three scripts below, if your spec resides on dev.w3 you can check them
- out in the same tree and use relative links so that they'll work offline,
- -->
-
-<style type="text/css">
-code { font-family: monospace; }
-
-span.hilite { color: red; /* font-weight: bold */ }
-
-li p { margin-top: 0.3em;
- margin-bottom: 0.3em; }
-
-div.explanation { background-color: #ADD8E6;
- width: 80%;
- margin: 12px; padding: 8px; }
-div.explanation li { margin-top: 8px; }
-div.explanation dd { margin: 4px; }
-
-.adef {
- font-family: monospace;
- font-weight: bold;
- color: #ff4500 !important;
-}
-
-.aref {
- font-family: monospace;
- font-weight: bold;
- color: #ff4500 !important;
-}
-
-span.entity { color: red; }
-
-span.element { color: green; }
-</style>
-
-
-
-<!-- <script src='/ReSpec.js/js/respec.js' class='remove'></script> -->
-
-
- <style type="text/css">
-/*****************************************************************
- * ReSpec CSS
- * Robin Berjon (robin at berjon dot com)
- * v0.05 - 2009-07-31
- *****************************************************************/
-
-
-/* --- INLINES --- */
-em.rfc2119 {
- text-transform: lowercase;
- font-variant: small-caps;
- font-style: normal;
- color: #900;
-}
-
-h1 acronym, h2 acronym, h3 acronym, h4 acronym, h5 acronym, h6 acronym, a acronym,
-h1 abbr, h2 abbr, h3 abbr, h4 abbr, h5 abbr, h6 abbr, a abbr {
- border: none;
-}
-
-dfn {
- font-weight: bold;
-}
-
-a.internalDFN {
- color: inherit;
- border-bottom: medium solid #99c;
- text-decoration: none;
-}
-
-a.externalDFN {
- color: inherit;
- border-bottom: medium dotted #ccc;
- text-decoration: none;
-}
-
-a.bibref {
- text-decoration: none;
-}
-
-code {
- color: #ff4500;
-}
-
-
-/* --- WEB IDL --- */
-pre.idl {
- border-top: 1px solid #90b8de;
- border-bottom: 1px solid #90b8de;
- padding: 1em;
- line-height: 120%;
-}
-
-pre.idl::before {
- content: "WebIDL";
- display: block;
- width: 150px;
- background: #90b8de;
- color: #fff;
- font-family: initial;
- padding: 3px;
- font-weight: bold;
- margin: -1em 0 1em -1em;
-}
-
-.idlType {
- color: #ff4500;
- font-weight: bold;
- text-decoration: none;
-}
-
-/*.idlModule*/
-/*.idlModuleID*/
-/*.idlInterface*/
-.idlInterfaceID {
- font-weight: bold;
- color: #005a9c;
-}
-
-.idlSuperclass {
- font-style: italic;
- color: #005a9c;
-}
-
-/*.idlAttribute*/
-.idlAttrType, .idlFieldType {
- color: #005a9c;
-}
-.idlAttrName, .idlFieldName {
- color: #ff4500;
-}
-.idlAttrName a, .idlFieldName a {
- color: #ff4500;
- border-bottom: 1px dotted #ff4500;
- text-decoration: none;
-}
-
-/*.idlMethod*/
-.idlMethType {
- color: #005a9c;
-}
-.idlMethName {
- color: #ff4500;
-}
-.idlMethName a {
- color: #ff4500;
- border-bottom: 1px dotted #ff4500;
- text-decoration: none;
-}
-
-/*.idlParam*/
-.idlParamType {
- color: #005a9c;
-}
-.idlParamName {
- font-style: italic;
-}
-
-.extAttr {
- color: #666;
-}
-
-/*.idlConst*/
-.idlConstType {
- color: #005a9c;
-}
-.idlConstName {
- color: #ff4500;
-}
-.idlConstName a {
- color: #ff4500;
- border-bottom: 1px dotted #ff4500;
- text-decoration: none;
-}
-
-/*.idlException*/
-.idlExceptionID {
- font-weight: bold;
- color: #c00;
-}
-
-.idlTypedefID, .idlTypedefType {
- color: #005a9c;
-}
-
-.idlRaises, .idlRaises a.idlType, .idlRaises a.idlType code, .excName a, .excName a code {
- color: #c00;
- font-weight: normal;
-}
-
-.excName a {
- font-family: monospace;
-}
-
-.idlRaises a.idlType, .excName a.idlType {
- border-bottom: 1px dotted #c00;
-}
-
-.excGetSetTrue, .excGetSetFalse, .prmNullTrue, .prmNullFalse, .prmOptTrue, .prmOptFalse {
- width: 45px;
- text-align: center;
-}
-.excGetSetTrue, .prmNullTrue, .prmOptTrue { color: #0c0; }
-.excGetSetFalse, .prmNullFalse, .prmOptFalse { color: #c00; }
-
-.idlImplements a {
- font-weight: bold;
-}
-
-dl.attributes, dl.methods, dl.constants, dl.fields {
- margin-left: 2em;
-}
-
-.attributes dt, .methods dt, .constants dt, .fields dt {
- font-weight: normal;
-}
-
-.attributes dt code, .methods dt code, .constants dt code, .fields dt code {
- font-weight: bold;
- color: #000;
- font-family: monospace;
-}
-
-.attributes dt code, .fields dt code {
- background: #ffffd2;
-}
-
-.attributes dt .idlAttrType code, .fields dt .idlFieldType code {
- color: #005a9c;
- background: transparent;
- font-family: inherit;
- font-weight: normal;
- font-style: italic;
-}
-
-.methods dt code {
- background: #d9e6f8;
-}
-
-.constants dt code {
- background: #ddffd2;
-}
-
-.attributes dd, .methods dd, .constants dd, .fields dd {
- margin-bottom: 1em;
-}
-
-table.parameters, table.exceptions {
- border-spacing: 0;
- border-collapse: collapse;
- margin: 0.5em 0;
- width: 100%;
-}
-table.parameters { border-bottom: 1px solid #90b8de; }
-table.exceptions { border-bottom: 1px solid #deb890; }
-
-.parameters th, .exceptions th {
- color: #fff;
- padding: 3px 5px;
- text-align: left;
- font-family: initial;
- font-weight: normal;
- text-shadow: #666 1px 1px 0;
-}
-.parameters th { background: #90b8de; }
-.exceptions th { background: #deb890; }
-
-.parameters td, .exceptions td {
- padding: 3px 10px;
- border-top: 1px solid #ddd;
- vertical-align: top;
-}
-
-.parameters tr:first-child td, .exceptions tr:first-child td {
- border-top: none;
-}
-
-.parameters td.prmName, .exceptions td.excName, .exceptions td.excCodeName {
- width: 100px;
-}
-
-.parameters td.prmType {
- width: 120px;
-}
-
-table.exceptions table {
- border-spacing: 0;
- border-collapse: collapse;
- width: 100%;
-}
-
-/* --- TOC --- */
-.toc a {
- text-decoration: none;
-}
-
-a .secno {
- color: #000;
-}
-
-/* --- TABLE --- */
-table.simple {
- border-spacing: 0;
- border-collapse: collapse;
- border-bottom: 3px solid #005a9c;
-}
-
-.simple th {
- background: #005a9c;
- color: #fff;
- padding: 3px 5px;
- text-align: left;
-}
-
-.simple th[scope="row"] {
- background: inherit;
- color: inherit;
- border-top: 1px solid #ddd;
-}
-
-.simple td {
- padding: 3px 10px;
- border-top: 1px solid #ddd;
-}
-
-.simple tr:nth-child(even) {
- background: #f0f6ff;
-}
-
-/* --- DL --- */
-.section dd > p:first-child {
- margin-top: 0;
-}
-
-.section dd > p:last-child {
- margin-bottom: 0;
-}
-
-.section dd {
- margin-bottom: 1em;
-}
-
-.section dl.attrs dd, .section dl.eldef dd {
- margin-bottom: 0;
-}
-
-/* --- EXAMPLES --- */
-pre.example {
- border-top: 1px solid #ff4500;
- border-bottom: 1px solid #ff4500;
- padding: 1em;
- margin-top: 1em;
-}
-
-pre.example::before {
- content: "Example";
- display: block;
- width: 150px;
- background: #ff4500;
- color: #fff;
- font-family: initial;
- padding: 3px;
- font-weight: bold;
- margin: -1em 0 1em -1em;
-}
-
-/* --- EDITORIAL NOTES --- */
-.issue {
- padding: 1em;
- border: 1px solid #f00;
- background: #ffc;
-}
-
-.issue::before {
- content: "Issue";
- display: block;
- width: 150px;
- margin: -1.5em 0 0.5em 0;
- font-weight: bold;
- border: 1px solid #f00;
- background: #fff;
- padding: 3px 1em;
-}
-
-.note {
- padding: 1em;
- border: 2px solid #cff6d9;
- background: #e2fff0;
-}
-
-.note::before {
- content: "Note";
- display: block;
- width: 150px;
- margin: -1.5em 0 0.5em 0;
- font-weight: bold;
- border: 1px solid #cff6d9;
- background: #fff;
- padding: 3px 1em;
-}
-
-/* --- SYNTAX HIGHLIGHTING --- */
-pre.sh_sourceCode {
- background-color: white;
- color: black;
- font-style: normal;
- font-weight: normal;
-}
-
-pre.sh_sourceCode .sh_keyword { color: #005a9c; font-weight: bold; } /* language keywords */
-pre.sh_sourceCode .sh_type { color: #666; } /* basic types */
-pre.sh_sourceCode .sh_usertype { color: teal; } /* user defined types */
-pre.sh_sourceCode .sh_string { color: red; font-family: monospace; } /* strings and chars */
-pre.sh_sourceCode .sh_regexp { color: orange; font-family: monospace; } /* regular expressions */
-pre.sh_sourceCode .sh_specialchar { color: #ffc0cb; font-family: monospace; } /* e.g., \n, \t, \\ */
-pre.sh_sourceCode .sh_comment { color: #A52A2A; font-style: italic; } /* comments */
-pre.sh_sourceCode .sh_number { color: purple; } /* literal numbers */
-pre.sh_sourceCode .sh_preproc { color: #00008B; font-weight: bold; } /* e.g., #include, import */
-pre.sh_sourceCode .sh_symbol { color: blue; } /* e.g., *, + */
-pre.sh_sourceCode .sh_function { color: black; font-weight: bold; } /* function calls and declarations */
-pre.sh_sourceCode .sh_cbracket { color: red; } /* block brackets (e.g., {, }) */
-pre.sh_sourceCode .sh_todo { font-weight: bold; background-color: #00FFFF; } /* TODO and FIXME */
-
-/* Predefined variables and functions (for instance glsl) */
-pre.sh_sourceCode .sh_predef_var { color: #00008B; }
-pre.sh_sourceCode .sh_predef_func { color: #00008B; font-weight: bold; }
-
-/* for OOP */
-pre.sh_sourceCode .sh_classname { color: teal; }
-
-/* line numbers (not yet implemented) */
-pre.sh_sourceCode .sh_linenum { display: none; }
-
-/* Internet related */
-pre.sh_sourceCode .sh_url { color: blue; text-decoration: underline; font-family: monospace; }
-
-/* for ChangeLog and Log files */
-pre.sh_sourceCode .sh_date { color: blue; font-weight: bold; }
-pre.sh_sourceCode .sh_time, pre.sh_sourceCode .sh_file { color: #00008B; font-weight: bold; }
-pre.sh_sourceCode .sh_ip, pre.sh_sourceCode .sh_name { color: #006400; }
-
-/* for Prolog, Perl... */
-pre.sh_sourceCode .sh_variable { color: #006400; }
-
-/* for LaTeX */
-pre.sh_sourceCode .sh_italics { color: #006400; font-style: italic; }
-pre.sh_sourceCode .sh_bold { color: #006400; font-weight: bold; }
-pre.sh_sourceCode .sh_underline { color: #006400; text-decoration: underline; }
-pre.sh_sourceCode .sh_fixed { color: green; font-family: monospace; }
-pre.sh_sourceCode .sh_argument { color: #006400; }
-pre.sh_sourceCode .sh_optionalargument { color: purple; }
-pre.sh_sourceCode .sh_math { color: orange; }
-pre.sh_sourceCode .sh_bibtex { color: blue; }
-
-/* for diffs */
-pre.sh_sourceCode .sh_oldfile { color: orange; }
-pre.sh_sourceCode .sh_newfile { color: #006400; }
-pre.sh_sourceCode .sh_difflines { color: blue; }
-
-/* for css */
-pre.sh_sourceCode .sh_selector { color: purple; }
-pre.sh_sourceCode .sh_property { color: blue; }
-pre.sh_sourceCode .sh_value { color: #006400; font-style: italic; }
-
-/* other */
-pre.sh_sourceCode .sh_section { color: black; font-weight: bold; }
-pre.sh_sourceCode .sh_paren { color: red; }
-pre.sh_sourceCode .sh_attribute { color: #006400; }
-
-</style><link href="http://www.w3.org/StyleSheets/TR/w3c-unofficial" rel="stylesheet" type="text/css" charset="utf-8" /></head><body style="display: inherit;"><div class="head"><p></p><h1 id="title" class="title" property="dcterms:title">WebID 1.0</h1><h2 id="subtitle" property="bibo:subtitle">Web Identification and Discovery</h2><h2 content="2010-08-09T16:28:49+0000" datatype="xsd:dateTime" property="dcterms:issued" id="unofficial-draft-09-august-2010">Unofficial Draft 09 August 2010</h2><dl><dt>Editors:</dt><dd rel="bibo:editor"><span typeof="foaf:Person"><span property="foaf:name">Manu Sporny</span>, <a href="http://blog.digitalbazaar.com/" rel="foaf:workplaceHomepage">Digital Bazaar, Inc.</a> <a href="mailto:msporny@digitalbazaar.com" rel="foaf:mbox">msporny@digitalbazaar.com</a> </span>
-</dd>
-<dd rel="bibo:editor"><span typeof="foaf:Person"><span property="foaf:name">Stéphane Corlosquet</span>, <a href="http://massgeneral.org/" rel="foaf:workplaceHomepage">Massachusetts General Hospital</a> <a href="mailto:scorlosquet@gmail.com" rel="foaf:mbox">scorlosquet@gmail.com</a> </span>
-</dd>
-<dt>Authors:</dt><dd rel="dcterms:contributor"><span typeof="foaf:Person"><a href="http://tobyinkster.co.uk/" content="Toby Inkster" property="foaf:name" rel="foaf:homepage">Toby Inkster</a></span>
-</dd>
-<dd rel="dcterms:contributor"><span typeof="foaf:Person"><a href="http://bblfish.net/" content="Henry Story" property="foaf:name" rel="foaf:homepage">Henry Story</a></span>
-</dd>
-<dd rel="dcterms:contributor"><span typeof="foaf:Person"><a href="http://blog.distributedmatter.net/" content="Bruno Harbulot" property="foaf:name" rel="foaf:homepage">Bruno Harbulot</a></span>
-</dd>
-<dd rel="dcterms:contributor"><span typeof="foaf:Person"><a href="http://trialox.org/" content="Reto Bachmann-Gmür" property="foaf:name" rel="foaf:homepage">Reto Bachmann-Gmür</a></span>
-</dd>
-</dl><p>This document is also available in this non-normative format: <a href="drafts/ED-webid-20100809/diff-20100725.html">Diff from previous Editors Draft</a>.</p><p class="copyright">This document is licensed under a <a rel="license" href="http://creativecommons.org/licenses/by/3.0/" class="subfoot">Creative Commons Attribution 3.0 License</a>.</p><hr /></div>
- <div id="abstract" class="introductory section" property="dcterms:abstract" datatype="" typeof="bibo:Chapter" about="#abstract"><h2>Abstract</h2>
-
-<p>Social networking, identity and privacy have been at the center of how we
-interact with the Web in the last decade. The explosion of social networking
-sites has brought the world closer together as well as created new points of
-pain regarding ease of use and the Web. Remembering login details, passwords,
-and sharing private information across the many websites and social groups
-that we are a part of has become more difficult and complicated than necessary.
-The Social Web is designed to ensure that control of identity and privacy
-settings is always simple and under one's control. WebID is a key enabler of the
-Social Web. This specification outlines a simple universal identification
-mechanism that is distributed, openly extensible, improves privacy, security
-and control over how one can identify themselves and control access to their
-information on the Web.
-</p>
-
-<div typeof="bibo:Chapter" about="#how-to-read-this-document" class="section">
-<h3 id="how-to-read-this-document">How to Read this Document</h3>
-
-<p>There are a number of concepts that are covered in this document that the
-reader may want to be aware of before continuing. General knowledge of
-<a href="http://en.wikipedia.org/wiki/Public_key_cryptography">public key cryptography</a>
-and RDF [<cite><a class="bibref" rel="biblioentry" href="#bib-RDF-PRIMER">RDF-PRIMER</a></cite>] and RDFa [<cite><a class="bibref" rel="biblioentry" href="#bib-RDFA-CORE">RDFA-CORE</a></cite>] is necessary to understand how
-to implement this specification. WebID uses a number of specific technologies
-like HTTP over TLS [<cite><a class="bibref" rel="biblioentry" href="#bib-HTTP-TLS">HTTP-TLS</a></cite>], X.509 certificates [<cite><a class="bibref" rel="biblioentry" href="#bib-X509V3">X509V3</a></cite>],
-RDF/XML [<cite><a class="bibref" rel="biblioentry" href="#bib-RDF-SYNTAX-GRAMMAR">RDF-SYNTAX-GRAMMAR</a></cite>] and XHTML+RDFa [<cite><a class="bibref" rel="biblioentry" href="#bib-XHTML-RDFA">XHTML-RDFA</a></cite>].</p>
-
-<p>A general <a href="#introduction">Introduction</a> is provided for all that
-would like to understand why this specification is necessary to simplify usage
-of the Web.</p>
-
-<p>The terms used throughout this specification are listed in the section
-titled <a href="#terminology">Terminology</a>.</p>
-
-<p>Developers that are interested in implementing this specification will be
-most interested in the sections titled
-<a href="#authentication-sequence">Authentication Sequence</a> and
-<a href="#authentication-sequence-details">Authentication Sequence Details</a>.</p>
-
-</div>
-</div><div class="introductory section" id="sotd" typeof="bibo:Chapter" about="#sotd"><h2>Status of This Document</h2><p>This document is merely a public working draft of a potential specification. It has no official standing of any kind and does not represent the support or consensus of any standards organisation.</p>
-
-<!-- <p>This document has been reviewed by W3C Members, by software
-developers, and by other W3C groups and interested parties, and is
-endorsed by the Director as a W3C Recommendation. It is a stable
-document and may be used as reference material or cited from another
-document. W3C's role in making the Recommendation is to draw attention
-to the specification and to promote its widespread deployment. This
-enhances the functionality and interoperability of the Web.</p> -->
-
-
-The source code for this document is available via Github at the following
-URI: <a href="http://github.com/msporny/webid-spec">http://github.com/msporny/webid-spec</a>
-
-</div><div id="toc" typeof="bibo:Chapter" about="#toc" class="section"><h2 class="introductory">Table of Contents</h2><ul class="toc"><li class="tocline"><a href="#introduction" class="tocxref"><span class="secno">1. </span>Introduction</a><ul class="toc"><li class="tocline"><a href="#motivation" class="tocxref"><span class="secno">1.1 </span>Motivation</a></li></ul></li><li class="tocline"><a href="#preconditions" class="tocxref"><span class="secno">2. </span>Preconditions</a><ul class="toc"><li class="tocline"><a href="#terminology" class="tocxref"><span class="secno">2.1 </span>Terminology</a></li><li class="tocline"><a href="#creating-the-certificate" class="tocxref"><span class="secno">2.2 </span>Creating the certificate</a></li><li class="tocline"><a href="#publishing-the-webid-profile-document" class="tocxref"><span class="secno">2.3 </span>Publishing the WebID Profile Document</a><ul class="toc"><li class="tocline"><a href="#turtle" class="tocxref"><span class="secno">2.3.1 </span>Turtle</a></li><li class="tocline"><a href="#rdfa-html-notation" class="tocxref"><span class="secno">2.3.2 </span>RDFa HTML notation</a></li><li class="tocline"><a href="#in-rdf-xml" class="tocxref"><span class="secno">2.3.3 </span>In RDF/XML</a></li><li class="tocline"><a href="#in-portable-contacts-format-using-grddl" class="tocxref"><span class="secno">2.3.4 </span>In Portable Contacts format using GRDDL</a></li></ul></li></ul></li><li class="tocline"><a href="#the-webid-protocol" class="tocxref"><span class="secno">3. </span>The WebID Protocol</a><ul class="toc"><li class="tocline"><a href="#authentication-sequence" class="tocxref"><span class="secno">3.1 </span>Authentication Sequence</a></li><li class="tocline"><a href="#authentication-sequence-details" class="tocxref"><span class="secno">3.2 </span>Authentication Sequence Details</a><ul class="toc"><li class="tocline"><a href="#initiating-a-tls-connection" class="tocxref"><span class="secno">3.2.1 </span>Initiating a TLS Connection</a></li><li class="tocline"><a href="#exchanging-the-identification-certificate" class="tocxref"><span class="secno">3.2.2 </span>Exchanging the Identification Certificate</a></li><li class="tocline"><a href="#processing-the-webid-profile" class="tocxref"><span class="secno">3.2.3 </span>Processing the WebID Profile</a></li><li class="tocline"><a href="#verifying-the-webid-is-identified-by-that-public-key" class="tocxref"><span class="secno">3.2.4 </span>Verifying the WebID is identified by that public key</a></li><li class="tocline"><a href="#authorization" class="tocxref"><span class="secno">3.2.5 </span>Authorization</a></li><li class="tocline"><a href="#secure-communication" class="tocxref"><span class="secno">3.2.6 </span>Secure Communication</a></li></ul></li><li class="tocline"><a href="#the-webid-profile" class="tocxref"><span class="secno">3.3 </span>The WebID Profile</a><ul class="toc"><li class="tocline"><a href="#personal-information" class="tocxref"><span class="secno">3.3.1 </span>Personal Information</a></li><li class="tocline"><a href="#cryptographic-details" class="tocxref"><span class="secno">3.3.2 </span>Cryptographic Details</a></li></ul></li></ul></li><li class="tocline"><a href="#history" class="tocxref"><span class="secno">A. </span>Change History</a></li><li class="tocline"><a href="#acknowledgements" class="tocxref"><span class="secno">B. </span>Acknowledgments</a></li><li class="tocline"><a href="#references" class="tocxref"><span class="secno">C. </span>References</a><ul class="toc"><li class="tocline"><a href="#normative-references" class="tocxref"><span class="secno">C.1 </span>Normative references</a></li><li class="tocline"><a href="#informative-references" class="tocxref"><span class="secno">C.2 </span>Informative references</a></li></ul></li></ul></div>
-
-
-
-<div class="informative section" id="introduction" typeof="bibo:Chapter" about="#introduction">
-
-<!-- OddPage -->
-<h2><span class="secno">1. </span>Introduction</h2><p><em>This section is non-normative.</em></p>
-
-<p>
-The WebID specification is designed to help alleviate the difficultly that
-remembering different logins, passwords and settings for websites has created.
-It is also designed to provide a universal and extensible mechanism to express
-public and private information about yourself. This section outlines the
-motivation behind the specification and the relationship to other similar
-specifications that are in active use today.
-</p>
-
-<div class="informative section" id="motivation" typeof="bibo:Chapter" about="#motivation">
-<h3><span class="secno">1.1 </span>Motivation</h3><p><em>This section is non-normative.</em></p>
-
-<p>
-It is a fundamental design criteria of the Web to enable individuals and
-organizations to control how they interact with the rest of society. This
-includes how one expresses their identity, public information and personal
-details to social networks, Web sites and services.
-</p>
-
-<p>
-Semantic Web vocabularies such as Friend-of-a-Friend (FOAF) permit distributed
-hyperlinked social networks to exist. This vocabulary, along with other
-vocabularies, allow one to add information and services protection to
-distributed social networks.
-</p>
-
-<p>
-One major criticism of open networks is that they seem to have no way of
-protecting the personal information distributed on the web or limiting
-access to resources. Few people are willing to make all their personal
-information public, many would like large pieces to be protected, making
-it available only to a selected group of agents. Giving access to
-information is very similar to giving access to services. There are many
-occasions when people would like services to only be accessible to
-members of a group, such as allowing only friends, family members,
-colleagues to post an article, photo or comment on a blog. How does one do
-this in a flexible way, without requiring a central point of
-access control?
-</p>
-
-<p>
-Using a process made popular by OpenID, we show how one can tie a User
-Agent to a URI by proving that one has write access to the URI.
-WebID is an authentication protocol which uses X.509
-certificates to associate a User Agent (Browser) to a Person identified via a URI.
-WebID is compatible with OpenID and provides a few additional features such as
-trust management via digital signatures, and free-form
-extensibility via RDF. By using the existing SSL certificate exchange
-mechanism, WebID integrates smoothly with existing Web browsers, including
-browsers on mobile devices. WebID also permits automated session login
-in addition to interactive session login. Additionally, all data is encrypted
-and guaranteed to only be received by the person or organization that was
-intended to receive it.
-</p>
-
-</div>
-
-</div>
-
-<div id="preconditions" typeof="bibo:Chapter" about="#preconditions" class="section">
-
-<!-- OddPage -->
-<h2><span class="secno">2. </span>Preconditions</h2>
-
-<div id="terminology" typeof="bibo:Chapter" about="#terminology" class="section">
-<h3><span class="secno">2.1 </span>Terminology</h3>
-
-<dl>
-
-<dt><dfn title="Verification_Agent" id="dfn-verification_agent">Verification Agent</dfn></dt>
-<dd>Performs authentication on provided WebID credentials and determines if
-an <a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent">Identification Agent</a> can have access to a particular
-resource. A <a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">Verification Agent</a> is typically a Web server, but
-may also be a peer on a peer-to-peer network.</dd>
-
-<dt><dfn title="Identification_Agent" id="dfn-identification_agent">Identification Agent</dfn></dt>
-<dd>Provides identification credentials to a <a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">Verification Agent</a>. The
-<a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent">Identification Agent</a> is typically also a User Agent.</dd>
-
-<dt><dfn title="Identification_Certificate" id="dfn-identification_certificate">Identification Certificate</dfn></dt>
-<dd>An X.509 [<cite><a class="bibref" rel="biblioentry" href="#bib-X509V3">X509V3</a></cite>] Certificate that <em class="rfc2119" title="must">must</em> contain a
-<code>Subject Alternative Name</code> extension with a URI entry. The URI
-identifies the <a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent">Identification Agent</a>. The URI <em class="rfc2119" title="should">should</em> be
-dereference-able and result in a document containing RDF data. For example,
-the certificate would contain <code>http://example.org/webid#public</code>,
-known as a <a class="tref internalDFN" title="WebID_URI" href="#dfn-webid_uri">WebID URI</a>, as the <code>Subject Alternative Name</code>:
-<pre>
-X509v3 extensions:
- ...
- X509v3 Subject Alternative Name:
- URI:http://example.org/webid#public
-</pre>
-<p class="issue">TODO: cover the case where there are more than one URI entry</p>
-</dd>
-
-<dt><dfn title="WebID_URI" id="dfn-webid_uri">WebID URI</dfn></dt>
-<dd>A URI specified via the <code>Subject Alternative Name</code> extension
-of the <a class="tref internalDFN" title="Identification_Certificate" href="#dfn-identification_certificate">Identification Certificate</a> that identifies an
-<a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent">Identification Agent</a>.</dd>
-
-<dt><dfn title="public_key" id="dfn-public_key">public key</dfn></dt>
-<dd>A widely distributed cryptographic key that can be used to verify
-digital signatures and encrypt data between a sender and a receiver. A public
-key is always included in an <a class="tref internalDFN" title="Identification_Certificate" href="#dfn-identification_certificate">Identification Certificate</a>.</dd>
-
-<dt><dfn title="WebID_Profile" id="dfn-webid_profile">WebID Profile</dfn></dt>
-<dd>
-A structured document that contains identification credentials for the
-<a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent">Identification Agent</a> expressed using the Resource Description
-Framework [<cite><a class="bibref" rel="biblioentry" href="#bib-RDF-CONCEPTS">RDF-CONCEPTS</a></cite>]. Either the XHTML+RDFa 1.1 [<cite><a class="bibref" rel="biblioentry" href="#bib-XHTML-RDFA">XHTML-RDFA</a></cite>]
-serialization format or the RDF/XML [<cite><a class="bibref" rel="biblioentry" href="#bib-RDF-SYNTAX-GRAMMAR">RDF-SYNTAX-GRAMMAR</a></cite>] serialization
-format <em class="rfc2119" title="must">must</em> be supported by the mechanism, e.g. a Web Service, providing the
-WebID Profile document. Alternate RDF serialization
-formats, such as N3 [<cite><a class="bibref" rel="biblioentry" href="#bib-N3">N3</a></cite>] or Turtle [<cite><a class="bibref" rel="biblioentry" href="#bib-TURTLE">TURTLE</a></cite>], <em class="rfc2119" title="may">may</em> be supported by the
-mechanism providing the WebID Profile document.
-<p class="issue">Whether or not RDF/XML, XHTML+RDFa 1.1, both or neither
-serialization of RDF should be required serialization formats in the
-specification is currently under heavy debate.</p>
-</dd>
-
-</dl>
-
-
-</div>
-
-
-<div class="normative section" id="creating-the-certificate" typeof="bibo:Chapter" about="#creating-the-certificate">
-<h3><span class="secno">2.2 </span>Creating the certificate</h3>
-
-<p>The user agent will create a <a class="tref internalDFN" title="Identification_Certificate" href="#dfn-identification_certificate">Identification Certificate</a> with a
-<code>Subject Alternative Name</code> URI entry. This URI must be one that
-dereferences to a document the user controls so that he can publish the
-public key of the <a class="tref internalDFN" title="Identification_Certificate" href="#dfn-identification_certificate">Identification Certificate</a> at this URI.</p>
-<p>For example, if a user Joe controls <code>http://joe.example/profile</code>,
-then his WebID can be <code>http://joe.example/profile#me</code></p>
-
-<p class="issue">explain why the WebID URI is different from the URI of the WebID profile document.</p>
-
-<p>As an example to use throughout this specification here is the
-following certificate as an output of the openssl program.</p>
-<p class="example">
-</p><pre>
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number:
- 5f:df:d6:be:2c:73:c1:fb:aa:2a:2d:23:a6:91:3b:5c
- Signature Algorithm: sha1WithRSAEncryption
- <span style="color: red;">Issuer:</span> O=FOAF+SSL, OU=The Community of Self Signers, CN=Not a Certification Authority
- Validity
- Not Before: Jun 8 14:16:14 2010 GMT
- Not After : Jun 8 16:16:14 2010 GMT
- <span style="color: red;">Subject:</span> O=FOAF+SSL, OU=The Community Of Self Signers/UID=https://example.org/profile#me, CN=Joe (Personal)
- Subject Public Key Info:
-<span style="color: red;"> Public Key Algorithm:</span> rsaEncryption
- <span style="color: red;">Public-Key:</span> (2048 bit)
- <span style="color: red;">Modulus:</span>
- 00:cb:24:ed:85:d6:4d:79:4b:69:c7:01:c1:86:ac:
- c0:59:50:1e:85:60:00:f6:61:c9:32:04:d8:38:0e:
- 07:19:1c:5c:8b:36:8d:2a:c3:2a:42:8a:cb:97:03:
- 98:66:43:68:dc:2a:86:73:20:22:0f:75:5e:99:ca:
- 2e:ec:da:e6:2e:8d:15:fb:58:e1:b7:6a:e5:9c:b7:
- ac:e8:83:83:94:d5:9e:72:50:b4:49:17:6e:51:a4:
- 94:95:1a:1c:36:6c:62:17:d8:76:8d:68:2d:de:78:
- dd:4d:55:e6:13:f8:83:9c:f2:75:d4:c8:40:37:43:
- e7:86:26:01:f3:c4:9a:63:66:e1:2b:b8:f4:98:26:
- 2c:3c:77:de:19:bc:e4:0b:32:f8:9a:e6:2c:37:80:
- f5:b6:27:5b:e3:37:e2:b3:15:3a:e2:ba:72:a9:97:
- 5a:e7:1a:b7:24:64:94:97:06:6b:66:0f:cf:77:4b:
- 75:43:d9:80:95:2d:2e:85:86:20:0e:da:41:58:b0:
- 14:e7:54:65:d9:1e:cf:93:ef:c7:ac:17:0c:11:fc:
- 72:46:fc:6d:ed:79:c3:77:80:00:0a:c4:e0:79:f6:
- 71:fd:4f:20:7a:d7:70:80:9e:0e:2d:7b:0e:f5:49:
- 3b:ef:e7:35:44:d8:e1:be:3d:dd:b5:24:55:c6:13:
- 91:a1
- <span style="color: red;">Exponent:</span> 65537 (0x10001)
- X509v3 extensions:
- X509v3 Basic Constraints: critical
- CA:FALSE
- X509v3 Key Usage: critical
- Digital Signature, Non Repudiation, Key Encipherment, Key Agreement, Certificate Sign
- Netscape Cert Type:
- SSL Client, S/MIME
- X509v3 Subject Key Identifier:
- 08:8E:A5:5B:AE:5D:C3:8B:00:B7:30:62:65:2A:5A:F5:D2:E9:00:FA
- <span style="color: red;">X509v3 Subject Alternative Name:</span> critical
- <span style="color: red;">URI:</span>https://joe.example/profile#me
- Signature Algorithm: sha1WithRSAEncryption
- cf:8c:f8:7b:b2:af:63:f0:0e:dc:64:22:e5:8a:ba:03:1e:f1:
- ee:6f:2c:f5:f5:10:ad:4c:54:fc:49:2b:e1:0d:cd:be:3d:7c:
- 78:66:c8:ae:42:9d:75:9f:2c:29:71:91:5c:29:5b:96:ea:e1:
- e4:ef:0e:5c:f7:07:a0:1e:9c:bf:50:ca:21:e6:6c:c3:df:64:
- 29:6b:d3:8a:bd:49:e8:72:39:dd:07:07:94:ac:d5:ec:85:b1:
- a0:5c:c0:08:d3:28:2a:e6:be:ad:88:5e:2a:40:64:59:e7:f2:
- 45:0c:b9:48:c0:fd:ac:bc:fb:1b:c9:e0:1c:01:18:5e:44:bb:
- d8:b8
-</pre>
-
-<p class="issue">Should we formally require the Issuer to be
- O=FOAF+SSL, OU=The Community of Self Signers, CN=Not a Certification Authority. This was discussed on the list as allowing servers to distinguish certificates that are foaf+Ssl enabled from others. Will probably need some very deep TLS thinking to get this right.</p>
-<p class="issue">discuss the importance for UIs of the CN</p>
-</div>
-
-
-<div class="normative section" id="publishing-the-webid-profile-document" typeof="bibo:Chapter" about="#publishing-the-webid-profile-document">
-<h3><span class="secno">2.3 </span>Publishing the WebID Profile Document</h3>
-
-<p>The <a class="tref internalDFN" title="WebID_Profile" href="#dfn-webid_profile">WebID Profile</a> document <em class="rfc2119" title="must">must</em> expose the relation between the
-<a class="tref internalDFN" title="WebID_URI" href="#dfn-webid_uri">WebID URI</a> and the <a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent">Identification Agent</a>'s <a class="tref internalDFN" title="public_key" href="#dfn-public_key">public key</a>s
-using the <code>cert</code> and <code>rsa</code> ontologies, as well as the
-<code>cert</code> or <code>xsd</code> datatypes. The set of relations to be
-published at the <a class="tref internalDFN" title="WebID_Profile" href="#dfn-webid_profile">WebID Profile</a> document can be presented in a
-graphical notation as follows.</p>
-<img src="drafts/ED-webid-20100809/img/WebIdGraph.jpg" alt="Web ID graph" />
-<p>The document can publish many more relations than are of interest to the WebID protocol, as shown in the above graph by the grayed out relations.</p>
-<p>The encoding of this graph is immaterial to the protocol, so long as a well known mapping to the format of the representation to such a graph can be found. Below we discuss the most well known formats, and a method for dealing with new unknown formats as they come along.</p>
-<p>The WebID provider must publish the graph of relations in one of the well known formats, though he may publish it in a number of formats to increase the useabulity of his site using Content Negotations.</p>
-<p class="issue">Add content negoatiation pointers</p>
-<p>It is particularly useful to have one of the representations be in HTML or XHTML even if it is not marked up in RDFa as this allows people using a web browser to understand what the information at that URI represents.</p>
-<div class="normative section" id="turtle" typeof="bibo:Chapter" about="#turtle">
-<h4><span class="secno">2.3.1 </span>Turtle</h4>
-<p>A widely used format for writing RDF graphs is the Turtle notation. </p>
-<p class="example">
-</p><pre>
- @prefix cert: <http://www.w3.org/ns/auth/cert#> .
- @prefix rsa: <http://www.w3.org/ns/auth/rsa#> .
- @prefix foaf: <http://xmlns.com/foaf/0.1/> .
- @prefix : <https://joe.example/profile#> .
-
- :me a foaf:Person;
- foaf:name "Joe" .
-
- [] a rsa:RSAPublicKey;
- rsa:modulus """
- 00:cb:24:ed:85:d6:4d:79:4b:69:c7:01:c1:86:ac:
- c0:59:50:1e:85:60:00:f6:61:c9:32:04:d8:38:0e:
- 07:19:1c:5c:8b:36:8d:2a:c3:2a:42:8a:cb:97:03:
- 98:66:43:68:dc:2a:86:73:20:22:0f:75:5e:99:ca:
- 2e:ec:da:e6:2e:8d:15:fb:58:e1:b7:6a:e5:9c:b7:
- ac:e8:83:83:94:d5:9e:72:50:b4:49:17:6e:51:a4:
- 94:95:1a:1c:36:6c:62:17:d8:76:8d:68:2d:de:78:
- dd:4d:55:e6:13:f8:83:9c:f2:75:d4:c8:40:37:43:
- e7:86:26:01:f3:c4:9a:63:66:e1:2b:b8:f4:98:26:
- 2c:3c:77:de:19:bc:e4:0b:32:f8:9a:e6:2c:37:80:
- f5:b6:27:5b:e3:37:e2:b3:15:3a:e2:ba:72:a9:97:
- 5a:e7:1a:b7:24:64:94:97:06:6b:66:0f:cf:77:4b:
- 75:43:d9:80:95:2d:2e:85:86:20:0e:da:41:58:b0:
- 14:e7:54:65:d9:1e:cf:93:ef:c7:ac:17:0c:11:fc:
- 72:46:fc:6d:ed:79:c3:77:80:00:0a:c4:e0:79:f6:
- 71:fd:4f:20:7a:d7:70:80:9e:0e:2d:7b:0e:f5:49:
- 3b:ef:e7:35:44:d8:e1:be:3d:dd:b5:24:55:c6:13:
- 91:a1
- """^^cert:hex;
- rsa:public_exponent "65537"^^cert:int;
- cert:identity :me .
-</pre>
-
-</div>
-<div id="rdfa-html-notation" typeof="bibo:Chapter" about="#rdfa-html-notation" class="section">
-<h4><span class="secno">2.3.2 </span>RDFa HTML notation</h4>
-<p>There are many ways of writing out the above graph using RDFa in
-html. Here is just one example.</p>
-<p class="example">
-</p><pre>
-<html xmlns="http://www.w3.org/1999/xhtml"
- xmlns:cert="http://www.w3.org/ns/auth/cert#"
- xmlns:foaf="http://xmlns.com/foaf/0.1/"
- xmlns:owl="http://www.w3.org/2002/07/owl#"
- xmlns:rsa="http://www.w3.org/ns/auth/rsa#"
- xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#">
-<head>
-</head>
-<body>
-<h2>My RSA Public Key</h2>
-
- <dl typeof="rsa:RSAPublicKey">
- <dt>WebId</dt><dd href="#me" rel="cert:identity">http://joe.example/profile#me</dd>
- <dt>Modulus (hexadecimal)</dt>
- <dd property="rsa:modulus" datatype="cert:hex">
- 00:cb:24:ed:85:d6:4d:79:4b:69:c7:01:c1:86:ac:
- c0:59:50:1e:85:60:00:f6:61:c9:32:04:d8:38:0e:
- 07:19:1c:5c:8b:36:8d:2a:c3:2a:42:8a:cb:97:03:
- 98:66:43:68:dc:2a:86:73:20:22:0f:75:5e:99:ca:
- 2e:ec:da:e6:2e:8d:15:fb:58:e1:b7:6a:e5:9c:b7:
- ac:e8:83:83:94:d5:9e:72:50:b4:49:17:6e:51:a4:
- 94:95:1a:1c:36:6c:62:17:d8:76:8d:68:2d:de:78:
- dd:4d:55:e6:13:f8:83:9c:f2:75:d4:c8:40:37:43:
- e7:86:26:01:f3:c4:9a:63:66:e1:2b:b8:f4:98:26:
- 2c:3c:77:de:19:bc:e4:0b:32:f8:9a:e6:2c:37:80:
- f5:b6:27:5b:e3:37:e2:b3:15:3a:e2:ba:72:a9:97:
- 5a:e7:1a:b7:24:64:94:97:06:6b:66:0f:cf:77:4b:
- 75:43:d9:80:95:2d:2e:85:86:20:0e:da:41:58:b0:
- 14:e7:54:65:d9:1e:cf:93:ef:c7:ac:17:0c:11:fc:
- 72:46:fc:6d:ed:79:c3:77:80:00:0a:c4:e0:79:f6:
- 71:fd:4f:20:7a:d7:70:80:9e:0e:2d:7b:0e:f5:49:
- 3b:ef:e7:35:44:d8:e1:be:3d:dd:b5:24:55:c6:13:
- 91:a1
- </dd>
- <dt>Exponent (decimal)</dt>
- <dd property="rsa:public_exponent" datatype="cert:int">65537</dd>
- </dl>
-</body>
-</html>
-</pre>
-
-<p>If a WebId provider would rather prefer not to mark up his data in RDFa, but just provide a human readable format for users and have the RDF graph appear in a machine readable format such as RDF/XML then he should publish the link from the HTML to the machine readable format as follows:</p>
- <p class="example">
-</p><pre>
-<html>
-<head>
-<link type="rel" type="application/rdf+xml" href="profile.rdf"/>
-</head>
-<body> ... </body>
-</html>
-</pre>
-
-</div>
-<div id="in-rdf-xml" typeof="bibo:Chapter" about="#in-rdf-xml" class="section">
-<h4><span class="secno">2.3.3 </span>In RDF/XML</h4>
-<p>RDF/XML is easy to generate automatically from structured data, be it in object notiation or in relational databases. Parsers for it are also widely available.</p>
-<p class="issue">TODO: the dsa ontology</p>
-</div>
-<div id="in-portable-contacts-format-using-grddl" typeof="bibo:Chapter" about="#in-portable-contacts-format-using-grddl" class="section">
-<h4><span class="secno">2.3.4 </span>In Portable Contacts format using GRDDL</h4>
-<p class="issue">TODO: discuss other formats and GRDDL, XSPARQL options for xml formats</p>
- <p class="issue">summarize and point to content negotiation documents</p>
-</div>
-</div>
-</div>
-
-<div class="normative section" id="the-webid-protocol" typeof="bibo:Chapter" about="#the-webid-protocol">
-
-<!-- OddPage -->
-<h2><span class="secno">3. </span>The WebID Protocol</h2>
-
-<div class="normative section" id="authentication-sequence" typeof="bibo:Chapter" about="#authentication-sequence">
-<h3><span class="secno">3.1 </span>Authentication Sequence</h3>
-
-<p>The following steps are executed by <a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">Verification Agent</a>s and
-<a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent">Identification Agent</a>s to determine the global identity of the
-requesting agent. Once this is known, the identity can be used to determine
-if access should be granted to the requested resource.
-</p>
-
-<ol>
-<li>The <a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent">Identification Agent</a> attempts to access a resource
-using HTTP over TLS [<cite><a class="bibref" rel="biblioentry" href="#bib-HTTP-TLS">HTTP-TLS</a></cite>] via the <a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">Verification Agent</a>.</li>
-
-<li>The <a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">Verification Agent</a> <em class="rfc2119" title="must">must</em> request the
-<a class="tref internalDFN" title="Identification_Certificate" href="#dfn-identification_certificate">Identification Certificate</a> of the <a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent">Identification Agent</a>
-as a part of the TLS client-certificate retrieval protocol.</li>
-
-<li>The <a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">Verification Agent</a> <em class="rfc2119" title="must">must</em> extract the <a class="tref internalDFN" title="public_key" href="#dfn-public_key">public key</a> and the
-<a class="tref internalDFN" title="WebID_URI" href="#dfn-webid_uri">WebID URI</a> contained in the <code>Subject Alternative Name</code>
-extension of the <a class="tref internalDFN" title="Identification_Certificate" href="#dfn-identification_certificate">Identification Certificate</a>.
-<p class="issue">There may be more than one URI in the SAN</p></li>
-
-<li>
-The <a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">Verification Agent</a> verifies that the
-<a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent">Identification Agent</a> owns the private key corresponding to the public key sent in the
-<a class="tref internalDFN" title="Identification_Certificate" href="#dfn-identification_certificate">Identification Certificate</a>. This <em class="rfc2119" title="should">should</em> be fulfilled by performing TLS mutual-authentication
-between the <a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">Verification Agent</a> and the
-<a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent">Identification Agent</a>.
-If the <a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">Verification Agent</a> does not have access to the TLS layer,
-a digital signature challenge <em class="rfc2119" title="may">may</em> be provided by the
-<a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">Verification Agent</a>. These processes are detailed in the section
-on
-<a href="#secure-communication">Secure Communication</a>.
-<p class="issue">We don't have any implementations for this second way of doing
-things, so this is still hypothetical. Implementations using TLS mutual-authentication are many</p>
-</li>
-
-<li>The meaning of the
-<a class="tref internalDFN" title="WebID_URI" href="#dfn-webid_uri">WebID URI</a> is a graph of relations that is fetched by the <a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">Verification Agent</a>
-either by dereferencing the <a class="tref internalDFN" title="WebID_URI" href="#dfn-webid_uri">WebID URI</a> and
-extracting RDF data from the resulting document, or by utilizing a cached
-version of the RDF data contained in the document or other data source that is
-up-to-date and trusted by the <a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">Verification Agent</a>. The processing
- mechanism is further detailed in the sections titled
-<a href="#processing-the-webid-profile">Processing the WebID Profile</a>
-</li>
-
-<li>If the <a class="tref internalDFN" title="public_key" href="#dfn-public_key">public key</a> in the
-<a class="tref internalDFN" title="Identification_Certificate" href="#dfn-identification_certificate">Identification Certificate</a> matches one in the set given by the
-profile document graph given above then the <a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">Verification Agent</a>
-knows that the <a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent">Identification Agent</a> is indeed identified by the
-<a class="tref internalDFN" title="WebID_URI" href="#dfn-webid_uri">WebID URI</a>. The verification is done by querying the
-Personal Profile graph as specified in <a href="#extracting-webid-uri-details">querying the RDF graph</a>.</li>
-</ol>
-
-<p>
-The <a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent">Identification Agent</a> <em class="rfc2119" title="may">may</em> re-establish a different identity at
-any time by executing all of the steps in the Authentication Sequence again.
-Additional algorithms, detailed in the next section, <em class="rfc2119" title="may">may</em> be performed to
-determine if the <a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">Verification Agent</a> can access a particular
-resource after the last step of the Authentication Sequence has been
-completed.
-</p>
-
-</div>
-
-<div class="normative section" id="authentication-sequence-details" typeof="bibo:Chapter" about="#authentication-sequence-details">
-<h3><span class="secno">3.2 </span>Authentication Sequence Details</h3>
-
-<p>This section covers details about each step in the authentication process.
-</p>
-
-<div class="normative section" id="initiating-a-tls-connection" typeof="bibo:Chapter" about="#initiating-a-tls-connection">
-<h4><span class="secno">3.2.1 </span>Initiating a TLS Connection</h4>
-
-<p class="issue">This section will detail how the TLS connection process is
-started and used by WebID to create a secure channel between the
-Identification Agent and the Verification Agent.</p>
-</div>
-
-<div class="normative section" id="exchanging-the-identification-certificate" typeof="bibo:Chapter" about="#exchanging-the-identification-certificate">
-<h4><span class="secno">3.2.2 </span>Exchanging the Identification Certificate</h4>
-
-<p class="issue">This section will detail how the certificate is selected and
-sent to the Verification Agent.</p>
-</div>
-
-<div class="normative section" id="processing-the-webid-profile" typeof="bibo:Chapter" about="#processing-the-webid-profile">
-<h4><span class="secno">3.2.3 </span>Processing the WebID Profile</h4>
-
-<p>A <a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">Verification Agent</a> <em class="rfc2119" title="must">must</em> be able to process documents in RDF/XML
-[<cite><a class="bibref" rel="biblioentry" href="#bib-RDF-SYNTAX-GRAMMAR">RDF-SYNTAX-GRAMMAR</a></cite>] and XHTML+RDFa [<cite><a class="bibref" rel="biblioentry" href="#bib-XHTML-RDFA">XHTML-RDFA</a></cite>]. A server responding to
-a <a class="tref internalDFN" title="WebID_Profile" href="#dfn-webid_profile">WebID Profile</a> request <em class="rfc2119" title="should">should</em> be able to deliver at least RDF/XML
-or RDFa. The <a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">Verification Agent</a> <em class="rfc2119" title="must">must</em> set the Accept-Header to request
-<code>application/rdf+xml</code> with a higher priority than <code>text/html</code>
-and <code>application/xhtml+xml</code>. If the server answers such a request
-with an HTML representation of the resource, this <em class="rfc2119" title="should">should</em> describe the WebId Profile
-with RDFa.
-</p>
-
-<p class="issue">This section will explain how a Verification Agent extracts
-semantic data describing the identification credentials from a WebID Profile.</p>
-</div>
-
-<div class="normative section" id="verifying-the-webid-is-identified-by-that-public-key" typeof="bibo:Chapter" about="#verifying-the-webid-is-identified-by-that-public-key">
-<h4><span class="secno">3.2.4 </span>Verifying the WebID is identified by that public key</h4>
-
-<p>
-The <a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">Verification Agent</a> must check that the <a class="tref internalDFN" title="WebID_Profile" href="#dfn-webid_profile">WebID Profile</a> associates the WebID with the public key given in the X.509 Certificate. There are number of ways of doing this, each of which essentially consists in checking that the graph of relations in the Profile contain a pattern of relations.
-</p>
-<p>Assuming the public key is an RSA key, and that its modulus is
- "9D79BFE2498..." and exponent "65537" then the query to ask the graph is
-</p>
-<pre class="example">
-PREFIX cert: <http://www.w3.org/ns/auth/cert#>
-PREFIX rsa: <http://www.w3.org/ns/auth/rsa#>
-ASK {
- [] cert:identity <http://example.org/webid#public>;
- rsa:modulus "9D79BFE2498..."^^cert:hex;
- rsa:public_exponent "65537"^^cert:int .
-}</pre>
-<p>If the query returns true, then the graph has validated the associated public key with the WebID.</p>
-<p>The above requires the graph to be able to do inferencing on dataytypes. This is because people may publish their modulus string in a number of syntactical ways. The modulus can be colon seperated, spread over a number of lines, or contain arbitrary non hex characters such as "9D ☮ 79 ☮ BF ☮ E2 ☮ F4 ☮ 98 ☮..." . The datatype itself need not necessarily be expressed in cert:hex, but could use a number of xsd integer datatype notations, cert:int or future base64 notations.
-</p>
-<p class="issue">Should we define the base64 notation?</p>
-<p>If a <a class="tref" title="Verifying_Agent">Verifying Agent</a> does not have access to a literal inferencing engine, then the modulus should be extracted from the graph, normalised into a big integer (integers without an upper bound), and compared with the values given in the public key certificate. After replacing the <code>?webid</code> variable in the following query with the required value the <a class="tref" title="Verifying_Agent">Verifying Agent</a> can query the Profile Graph with</p>
-<pre class="example">
-PREFIX cert: <http://www.w3.org/ns/auth/cert#>
-PREFIX rsa: <http://www.w3.org/ns/auth/rsa#>
-SELECT ?m ?e
-WHERE {
- [] cert:identity ?webid ;
- rsa:modulus ?m ;
- rsa:public_exponent ?e .
-}</pre>
-<p>Here the verification agent must check that one of the answers for ?m and ?e
-matches the integer values of the modulus and exponent given in the public key in the certificate.</p>
-<p class="issue"> The public key could be a DSA key. We need to add an ontology for DSA too. What other cryptographic ontologies should we add?</p>
-
-</div>
-
-<div class="normative section" id="authorization" typeof="bibo:Chapter" about="#authorization">
-<h4><span class="secno">3.2.5 </span>Authorization</h4>
-
-<p class="issue">This section will explain how a Verification Agent may
-use the information discovered via a WebID URI to determine if one should
-be able to access a particular resource. It will explain how a Verification
-Agent can use links to other RDFa documents to build knowledge about the
-given WebID.</p>
-
-</div>
-
-<div class="normative section" id="secure-communication" typeof="bibo:Chapter" about="#secure-communication">
-<h4><span class="secno">3.2.6 </span>Secure Communication</h4>
-
-<p class="issue">This section will explain how an Identification Agent and
-a Verification Agent may communicate securely using a set of verified
-identification credentials.</p>
-
-<p>
-If the <a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">Verification Agent</a> has verified that the
-<a class="tref internalDFN" title="WebID_Profile" href="#dfn-webid_profile">WebID Profile</a> is owned by the <a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent">Identification Agent</a>,
-the <a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">Verification Agent</a> <em class="rfc2119" title="should">should</em> use the verified
-<a class="tref internalDFN" title="public_key" href="#dfn-public_key">public key</a> contained in the <a class="tref internalDFN" title="Identification_Certificate" href="#dfn-identification_certificate">Identification Certificate</a>
-for all TLS-based communication with the <a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent">Identification Agent</a>.
-This ensures that both the <a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">Verification Agent</a> and the
-<a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent">Identification Agent</a>
-are communicating in a secure manner, ensuring cryptographically protected
-privacy for both sides.
-</p>
-
-</div>
-
-</div>
-
-<div class="normative section" id="the-webid-profile" typeof="bibo:Chapter" about="#the-webid-profile">
-<h3><span class="secno">3.3 </span>The WebID Profile</h3>
-
-<p>The <a class="tref internalDFN" title="WebID_Profile" href="#dfn-webid_profile">WebID Profile</a> is a structured document that contains
-identification credentials for the <a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent">Identification Agent</a> expressed
-using the Resource Description Framework [<cite><a class="bibref" rel="biblioentry" href="#bib-RDF-CONCEPTS">RDF-CONCEPTS</a></cite>]. The following
-sections describe how to express certain common properties that could be used
-by <a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">Verification Agent</a>s and other entities that consume a
-<a class="tref internalDFN" title="WebID_Profile" href="#dfn-webid_profile">WebID Profile</a>.</p>
-
-<p>The following vocabularies are used in their shortened form in the
-subsequent sections:</p>
-
-<dl>
- <dt>foaf</dt>
- <dd>http://xmlns.com/foaf/0.1/</dd>
- <dt>cert</dt>
- <dd>http://www.w3.org/ns/auth/cert#</dd>
- <dt>rsa</dt>
- <dd>http://www.w3.org/ns/auth/rsa#</dd>
-</dl>
-
-<div class="normative section" id="personal-information" typeof="bibo:Chapter" about="#personal-information">
-<h4><span class="secno">3.3.1 </span>Personal Information</h4>
-
-<p>Personal details are the most common requirement when registering an
-account with a website. Some of these pieces of information include an e-mail
-address, a name and perhaps an avatar image. This section includes
-properties that <em class="rfc2119" title="should">should</em> be used when conveying key pieces of personal
-information but are <em class="rfc2119" title="not required">not required</em> to be present in a <a class="tref internalDFN" title="WebID_Profile" href="#dfn-webid_profile">WebID Profile</a>:</p>
-
-<dl>
- <dt>foaf:mbox</dt>
- <dd>The e-mail address that is associated with the WebID URI.</dd>
- <dt>foaf:name</dt>
- <dd>The name that is most commonly used to refer to the individual
- or agent.</dd>
- <dt>foaf:depiction</dt>
- <dd>An image representation of the individual or agent.</dd>
-</dl>
-</div>
-
-<div class="normative section" id="cryptographic-details" typeof="bibo:Chapter" about="#cryptographic-details">
-<h4><span class="secno">3.3.2 </span>Cryptographic Details</h4>
-
-<p>Cryptographic details are important when <a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">Verification Agent</a>s
-and <a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent">Identification Agent</a>s interact. The following properties
-<em class="rfc2119" title="should">should</em> be used when conveying cryptographic information in <a class="tref internalDFN" title="WebID_Profile" href="#dfn-webid_profile">WebID Profile</a>
-documents:</p>
-
-<dl>
- <dt>rsa:RSAPublicKey</dt>
- <dd>Expresses an RSA public key. The RSAPublicKey <em class="rfc2119" title="must">must</em> specify the
- rsa:modulus and rsa:public_exponent properties.</dd>
- <dt>cert:identity</dt>
- <dd>Used to associate an RSAPublicKey with a WebID URI. A WebID Profile
- <em class="rfc2119" title="must">must</em> contain at least one RSAPublicKey that is associated with the
- corresponding WebID URI.</dd>
-</dl>
-</div>
-
-</div>
-
-</div>
-
-<div id="history" class="appendix informative section" typeof="bibo:Chapter" about="#history">
-
-<!-- OddPage -->
-<h2><span class="secno">A. </span>Change History</h2><p><em>This section is non-normative.</em></p>
-<p><a href="">2010-08-09</a> Updates from WebID community: moved OpenID/OAuth sections to separate document, switched to the URI terminology instead of URL, added "Creating the certificate" and "Publishing the WebID Profile document" sections with a WebID graph and serializations in Turtle and RDFa, improved SPARQL queries using literal notation with cert datatypes, updated list of contributors, and many other fixes.</p>
-<p><a href="http://github.com/msporny/webid-spec/commit/b19d2812901b4511fdf9876c1be53bb36ee3201e">2010-07-25</a> Added WebID Profile section.</p>
-<p><a href="http://github.com/msporny/webid-spec/commit/211d197510ca119c21ae48f3e5aa3f931ea88672">2010-07-18</a> Updates from WebID community related to RDF/XML support, authentication sequence corrections, abstract and introduction updates.</p>
-<p><a href="http://github.com/msporny/webid-spec/commit/a54dee9c242b08edaac617d678215b389dd3556d">2010-07-11</a> Initial version.</p>
-</div>
-
-<div id="acknowledgements" class="informative section" typeof="bibo:Chapter" about="#acknowledgements">
-
-<!-- OddPage -->
-<h2><span class="secno">B. </span>Acknowledgments</h2><p><em>This section is non-normative.</em></p>
-
-<p>The following people have been instrumental in providing thoughts, feedback,
-reviews, criticism and input in the creation of this specification:</p>
-
-<ul>
-<li>Melvin Carvalho</li>
-<li>Bruno Harbulot</li>
-<li>Toby Inkster</li>
-<li>Ian Jacobi</li>
-<li>Jeff Sayre</li>
-<li>Henry Story</li>
-<li>Kingsley Idehen, OpenLink Software</li>
-<li>Seth Russell</li>
-<li>Sarven Capadisli</li>
-<li>Nathan Rixham</li>
-</ul>
-
-</div>
- <div id="references" class="appendix section" typeof="bibo:Chapter" about="#references">
-<!-- OddPage -->
-<h2><span class="secno">C. </span>References</h2><div id="normative-references" typeof="bibo:Chapter" about="#normative-references" class="section"><h3><span class="secno">C.1 </span>Normative references</h3><dl class="bibliography" about=""><dt id="bib-HTTP-TLS">[HTTP-TLS]</dt><dd rel="dcterms:requires">E. Rescorla. <a href="http://www.ietf.org/rfc/rfc2818.txt"><cite>HTTP Over TLS.</cite></a> May 2000. Internet RFC 2818. URL: <a href="http://www.ietf.org/rfc/rfc2818.txt">http://www.ietf.org/rfc/rfc2818.txt</a>
-</dd><dt id="bib-N3">[N3]</dt><dd rel="dcterms:requires">Tim Berners-Lee; Dan Connolly. <a href="http://www.w3.org/TeamSubmission/2008/SUBM-n3-20080114/"><cite>Notation3 (N3): A readable RDF syntax.</cite></a> 14 January 2008. W3C Team Submission. URL: <a href="http://www.w3.org/TeamSubmission/2008/SUBM-n3-20080114/">http://www.w3.org/TeamSubmission/2008/SUBM-n3-20080114/</a>
-</dd><dt id="bib-RDF-PRIMER">[RDF-PRIMER]</dt><dd rel="dcterms:requires">Frank Manola; Eric Miller. <a href="http://www.w3.org/TR/2004/REC-rdf-primer-20040210/"><cite>RDF Primer.</cite></a> 10 February 2004. W3C Recommendation. URL: <a href="http://www.w3.org/TR/2004/REC-rdf-primer-20040210/">http://www.w3.org/TR/2004/REC-rdf-primer-20040210/</a>
-</dd><dt id="bib-RDF-SYNTAX-GRAMMAR">[RDF-SYNTAX-GRAMMAR]</dt><dd rel="dcterms:requires">Dave Beckett. <a href="http://www.w3.org/TR/2004/REC-rdf-syntax-grammar-20040210"><cite>RDF/XML Syntax Specification (Revised).</cite></a> 10 February 2004. W3C Recommendation. URL: <a href="http://www.w3.org/TR/2004/REC-rdf-syntax-grammar-20040210">http://www.w3.org/TR/2004/REC-rdf-syntax-grammar-20040210</a>
-</dd><dt id="bib-RDFA-CORE">[RDFA-CORE]</dt><dd rel="dcterms:requires">Shane McCarron; et al. <a href="http://www.w3.org/TR/2010/WD-rdfa-core-20100803"><cite>RDFa Core 1.1: Syntax and processing rules for embedding RDF through attributes.</cite></a>3 August 2010. W3C Working Draft. URL: <a href="http://www.w3.org/TR/2010/WD-rdfa-core-20100803">http://www.w3.org/TR/2010/WD-rdfa-core-20100803</a>
-</dd><dt id="bib-TURTLE">[TURTLE]</dt><dd rel="dcterms:requires">David Beckett, Tim Berners-Lee. <a href="http://www.w3.org/TeamSubmission/turtle/">Turtle: Terse RDF Triple Language</a> January 2008. W3C Team Submission. URL: <a href="http://www.w3.org/TeamSubmission/turtle/">http://www.w3.org/TeamSubmission/turtle/</a>
-</dd><dt id="bib-X509V3">[X509V3]</dt><dd rel="dcterms:requires"><cite>ITU-T Recommendation X.509 version 3 (1997). "Information Technology - Open Systems Interconnection - The Directory Authentication Framework" ISO/IEC 9594-8:1997</cite>.
-</dd><dt id="bib-XHTML-RDFA">[XHTML-RDFA]</dt><dd rel="dcterms:requires">Shane McCarron; et. al. <a href="http://www.w3.org/TR/2010/WD-xhtml-rdfa-20100803"><cite>XHTML+RDFa 1.1.</cite></a> 3 August 2010. W3C Working Draft. URL: <a href="http://www.w3.org/TR/2010/WD-xhtml-rdfa-20100803">http://www.w3.org/TR/WD-xhtml-rdfa-20100803</a>
-</dd></dl></div><div id="informative-references" typeof="bibo:Chapter" about="#informative-references" class="section"><h3><span class="secno">C.2 </span>Informative references</h3><dl class="bibliography" about=""><dt id="bib-RDF-CONCEPTS">[RDF-CONCEPTS]</dt><dd rel="dcterms:references">Graham Klyne; Jeremy J. Carroll. <a href="http://www.w3.org/TR/2004/REC-rdf-concepts-20040210"><cite>Resource Description Framework (RDF): Concepts and Abstract Syntax.</cite></a> 10 February 2004. W3C Recommendation. URL: <a href="http://www.w3.org/TR/2004/REC-rdf-concepts-20040210">http://www.w3.org/TR/2004/REC-rdf-concepts-20040210</a>
-</dd></dl></div></div></body></html>
--- a/img/WebIdGraph.graffle Tue Jan 25 09:51:23 2011 -0500
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,3839 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
-<plist version="1.0">
-<dict>
- <key>ActiveLayerIndex</key>
- <integer>0</integer>
- <key>ApplicationVersion</key>
- <array>
- <string>com.omnigroup.OmniGrafflePro</string>
- <string>138.17.0.133677</string>
- </array>
- <key>AutoAdjust</key>
- <true/>
- <key>BackgroundGraphic</key>
- <dict>
- <key>Bounds</key>
- <string>{{0, 0}, {559, 783}}</string>
- <key>Class</key>
- <string>SolidGraphic</string>
- <key>ID</key>
- <integer>2</integer>
- <key>Style</key>
- <dict>
- <key>shadow</key>
- <dict>
- <key>Draws</key>
- <string>NO</string>
- </dict>
- <key>stroke</key>
- <dict>
- <key>Draws</key>
- <string>NO</string>
- </dict>
- </dict>
- </dict>
- <key>CanvasOrigin</key>
- <string>{0, 0}</string>
- <key>ColumnAlign</key>
- <integer>1</integer>
- <key>ColumnSpacing</key>
- <real>36</real>
- <key>CreationDate</key>
- <string>2010-08-07 16:48:58 +0200</string>
- <key>Creator</key>
- <string>Henry Story</string>
- <key>DisplayScale</key>
- <string>1.000 cm = 1.000 cm</string>
- <key>GraphDocumentVersion</key>
- <integer>6</integer>
- <key>GraphicsList</key>
- <array>
- <dict>
- <key>Bounds</key>
- <string>{{192.59, 185.387}, {57, 24}}</string>
- <key>Class</key>
- <string>ShapedGraphic</string>
- <key>FitText</key>
- <string>YES</string>
- <key>Flow</key>
- <string>Resize</string>
- <key>FontInfo</key>
- <dict>
- <key>Color</key>
- <dict>
- <key>w</key>
- <string>0</string>
- </dict>
- <key>Font</key>
- <string>Helvetica</string>
- <key>Size</key>
- <real>12</real>
- </dict>
- <key>ID</key>
- <integer>54</integer>
- <key>Line</key>
- <dict>
- <key>ID</key>
- <integer>52</integer>
- <key>Position</key>
- <real>0.48328354954719543</real>
- <key>RotationType</key>
- <integer>0</integer>
- </dict>
- <key>Shape</key>
- <string>Rectangle</string>
- <key>Style</key>
- <dict>
- <key>shadow</key>
- <dict>
- <key>Draws</key>
- <string>NO</string>
- </dict>
- <key>stroke</key>
- <dict>
- <key>Draws</key>
- <string>NO</string>
- </dict>
- </dict>
- <key>Text</key>
- <dict>
- <key>Text</key>
- <string>{\rtf1\ansi\ansicpg1252\cocoartf1038\cocoasubrtf320
-{\fonttbl\f0\fswiss\fcharset0 Helvetica;}
-{\colortbl;\red255\green255\blue255;\red102\green102\blue102;}
-\pard\tx560\tx1120\tx1680\tx2240\tx2800\tx3360\tx3920\tx4480\tx5040\tx5600\tx6160\tx6720\qc\pardirnatural
-
-\f0\fs24 \cf2 foaf:blog}</string>
- </dict>
- <key>Wrap</key>
- <string>NO</string>
- </dict>
- <dict>
- <key>Bounds</key>
- <string>{{331.633, 207}, {144, 24}}</string>
- <key>Class</key>
- <string>ShapedGraphic</string>
- <key>ID</key>
- <integer>53</integer>
- <key>Magnets</key>
- <array>
- <string>{0, 1}</string>
- <string>{0, -1}</string>
- <string>{1, 0}</string>
- <string>{-1, 0}</string>
- <string>{1, 1}</string>
- <string>{1, -1}</string>
- <string>{-1, 1}</string>
- <string>{-1, -1}</string>
- </array>
- <key>Shape</key>
- <string>Rectangle</string>
- <key>Style</key>
- <dict>
- <key>stroke</key>
- <dict>
- <key>Color</key>
- <dict>
- <key>b</key>
- <string>0.8</string>
- <key>g</key>
- <string>0.8</string>
- <key>r</key>
- <string>0.8</string>
- </dict>
- <key>CornerRadius</key>
- <real>4</real>
- </dict>
- </dict>
- <key>Text</key>
- <dict>
- <key>Text</key>
- <string>{\rtf1\ansi\ansicpg1252\cocoartf1038\cocoasubrtf320
-{\fonttbl\f0\fswiss\fcharset0 Helvetica;}
-{\colortbl;\red255\green255\blue255;\red102\green102\blue102;}
-\pard\tx560\tx1120\tx1680\tx2240\tx2800\tx3360\tx3920\tx4480\tx5040\tx5600\tx6160\tx6720\qc\pardirnatural
-
-\f0\fs24 \cf2 http://joe.example/blog}</string>
- </dict>
- </dict>
- <dict>
- <key>Class</key>
- <string>LineGraphic</string>
- <key>Head</key>
- <dict>
- <key>ID</key>
- <integer>53</integer>
- <key>Info</key>
- <integer>4</integer>
- </dict>
- <key>ID</key>
- <integer>52</integer>
- <key>Points</key>
- <array>
- <string>{116, 194.975}</string>
- <string>{195, 193}</string>
- <string>{287, 213}</string>
- <string>{331.633, 219}</string>
- </array>
- <key>Style</key>
- <dict>
- <key>stroke</key>
- <dict>
- <key>Color</key>
- <dict>
- <key>b</key>
- <string>0.8</string>
- <key>g</key>
- <string>0.8</string>
- <key>r</key>
- <string>0.8</string>
- </dict>
- <key>HeadArrow</key>
- <string>FilledArrow</string>
- <key>LineType</key>
- <integer>1</integer>
- <key>TailArrow</key>
- <string>0</string>
- </dict>
- </dict>
- <key>Tail</key>
- <dict>
- <key>ID</key>
- <integer>30</integer>
- </dict>
- </dict>
- <dict>
- <key>Bounds</key>
- <string>{{471, 395}, {57, 18}}</string>
- <key>Class</key>
- <string>ShapedGraphic</string>
- <key>ID</key>
- <integer>51</integer>
- <key>Magnets</key>
- <array>
- <string>{0, 1}</string>
- <string>{0, -1}</string>
- <string>{1, 0}</string>
- <string>{-1, 0}</string>
- <string>{1, 1}</string>
- <string>{1, -1}</string>
- <string>{-1, 1}</string>
- <string>{-1, -1}</string>
- </array>
- <key>Shape</key>
- <string>Rectangle</string>
- <key>Text</key>
- <dict>
- <key>Text</key>
- <string>{\rtf1\ansi\ansicpg1252\cocoartf1038\cocoasubrtf320
-{\fonttbl\f0\fswiss\fcharset0 Helvetica;}
-{\colortbl;\red255\green255\blue255;}
-\pard\tx560\tx1120\tx1680\tx2240\tx2800\tx3360\tx3920\tx4480\tx5040\tx5600\tx6160\tx6720\qc\pardirnatural
-
-\f0\fs24 \cf0 cert:hex}</string>
- </dict>
- </dict>
- <dict>
- <key>Bounds</key>
- <string>{{81.9193, 530.02}, {49.9996, 18}}</string>
- <key>Class</key>
- <string>ShapedGraphic</string>
- <key>ID</key>
- <integer>50</integer>
- <key>Magnets</key>
- <array>
- <string>{0, 1}</string>
- <string>{0, -1}</string>
- <string>{1, 0}</string>
- <string>{-1, 0}</string>
- <string>{1, 1}</string>
- <string>{1, -1}</string>
- <string>{-1, 1}</string>
- <string>{-1, -1}</string>
- </array>
- <key>Shape</key>
- <string>Rectangle</string>
- <key>Text</key>
- <dict>
- <key>Text</key>
- <string>{\rtf1\ansi\ansicpg1252\cocoartf1038\cocoasubrtf320
-{\fonttbl\f0\fswiss\fcharset0 Helvetica;}
-{\colortbl;\red255\green255\blue255;}
-\pard\tx560\tx1120\tx1680\tx2240\tx2800\tx3360\tx3920\tx4480\tx5040\tx5600\tx6160\tx6720\qc\pardirnatural
-
-\f0\fs24 \cf0 cert:int}</string>
- </dict>
- </dict>
- <dict>
- <key>Bounds</key>
- <string>{{186.674, 140.635}, {64, 24}}</string>
- <key>Class</key>
- <string>ShapedGraphic</string>
- <key>FitText</key>
- <string>YES</string>
- <key>Flow</key>
- <string>Resize</string>
- <key>FontInfo</key>
- <dict>
- <key>Color</key>
- <dict>
- <key>w</key>
- <string>0</string>
- </dict>
- <key>Font</key>
- <string>Helvetica</string>
- <key>Size</key>
- <real>12</real>
- </dict>
- <key>ID</key>
- <integer>49</integer>
- <key>Line</key>
- <dict>
- <key>ID</key>
- <integer>31</integer>
- <key>Position</key>
- <real>0.48328354954719543</real>
- <key>RotationType</key>
- <integer>0</integer>
- </dict>
- <key>Shape</key>
- <string>Rectangle</string>
- <key>Style</key>
- <dict>
- <key>shadow</key>
- <dict>
- <key>Draws</key>
- <string>NO</string>
- </dict>
- <key>stroke</key>
- <dict>
- <key>Draws</key>
- <string>NO</string>
- </dict>
- </dict>
- <key>Text</key>
- <dict>
- <key>Text</key>
- <string>{\rtf1\ansi\ansicpg1252\cocoartf1038\cocoasubrtf320
-{\fonttbl\f0\fswiss\fcharset0 Helvetica;}
-{\colortbl;\red255\green255\blue255;\red102\green102\blue102;}
-\pard\tx560\tx1120\tx1680\tx2240\tx2800\tx3360\tx3920\tx4480\tx5040\tx5600\tx6160\tx6720\qc\pardirnatural
-
-\f0\fs24 \cf2 foaf:name}</string>
- </dict>
- <key>Wrap</key>
- <string>NO</string>
- </dict>
- <dict>
- <key>Bounds</key>
- <string>{{59.1444, 288.845}, {72, 24}}</string>
- <key>Class</key>
- <string>ShapedGraphic</string>
- <key>FitText</key>
- <string>YES</string>
- <key>Flow</key>
- <string>Resize</string>
- <key>FontInfo</key>
- <dict>
- <key>Color</key>
- <dict>
- <key>w</key>
- <string>0</string>
- </dict>
- <key>Font</key>
- <string>Helvetica</string>
- <key>Size</key>
- <real>12</real>
- </dict>
- <key>ID</key>
- <integer>48</integer>
- <key>Line</key>
- <dict>
- <key>ID</key>
- <integer>47</integer>
- <key>Position</key>
- <real>0.42995861172676086</real>
- <key>RotationType</key>
- <integer>0</integer>
- </dict>
- <key>Shape</key>
- <string>Rectangle</string>
- <key>Style</key>
- <dict>
- <key>shadow</key>
- <dict>
- <key>Draws</key>
- <string>NO</string>
- </dict>
- <key>stroke</key>
- <dict>
- <key>Draws</key>
- <string>NO</string>
- </dict>
- </dict>
- <key>Text</key>
- <dict>
- <key>Text</key>
- <string>{\rtf1\ansi\ansicpg1252\cocoartf1038\cocoasubrtf320
-{\fonttbl\f0\fswiss\fcharset0 Helvetica;}
-{\colortbl;\red255\green255\blue255;}
-\pard\tx560\tx1120\tx1680\tx2240\tx2800\tx3360\tx3920\tx4480\tx5040\tx5600\tx6160\tx6720\qc\pardirnatural
-
-\f0\fs24 \cf0 cert:identity}</string>
- </dict>
- <key>Wrap</key>
- <string>NO</string>
- </dict>
- <dict>
- <key>Class</key>
- <string>LineGraphic</string>
- <key>ID</key>
- <integer>47</integer>
- <key>Points</key>
- <array>
- <string>{96.1582, 339.952}</string>
- <string>{96.238, 335.109}</string>
- <string>{93.4898, 249}</string>
- </array>
- <key>Style</key>
- <dict>
- <key>stroke</key>
- <dict>
- <key>HeadArrow</key>
- <string>FilledArrow</string>
- <key>LineType</key>
- <integer>1</integer>
- <key>TailArrow</key>
- <string>0</string>
- </dict>
- </dict>
- <key>Tail</key>
- <dict>
- <key>ID</key>
- <integer>33</integer>
- </dict>
- </dict>
- <dict>
- <key>Bounds</key>
- <string>{{191.359, 395}, {336.641, 276}}</string>
- <key>Class</key>
- <string>ShapedGraphic</string>
- <key>ID</key>
- <integer>46</integer>
- <key>Magnets</key>
- <array>
- <string>{0, 1}</string>
- <string>{0, -1}</string>
- <string>{1, 0}</string>
- <string>{-1, 0}</string>
- <string>{1, 1}</string>
- <string>{1, -1}</string>
- <string>{-1, 1}</string>
- <string>{-1, -1}</string>
- </array>
- <key>Shape</key>
- <string>Rectangle</string>
- <key>Style</key>
- <dict/>
- <key>Text</key>
- <dict>
- <key>Align</key>
- <integer>0</integer>
- <key>Text</key>
- <string>{\rtf1\ansi\ansicpg1252\cocoartf1038\cocoasubrtf320
-{\fonttbl\f0\fmodern\fcharset0 Courier;}
-{\colortbl;\red255\green255\blue255;}
-\deftab720
-\pard\pardeftab720\ql\qnatural
-
-\f0\fs24 \cf0 00:cb:24:ed:85:d6:4d:79:4b:69:c7:01:c1:86:ac:\
-c0:59:50:1e:85:60:00:f6:61:c9:32:04:d8:38:0e:\
-07:19:1c:5c:8b:36:8d:2a:c3:2a:42:8a:cb:97:03:\
-98:66:43:68:dc:2a:86:73:20:22:0f:75:5e:99:ca:\
-2e:ec:da:e6:2e:8d:15:fb:58:e1:b7:6a:e5:9c:b7:\
-ac:e8:83:83:94:d5:9e:72:50:b4:49:17:6e:51:a4:\
-94:95:1a:1c:36:6c:62:17:d8:76:8d:68:2d:de:78:\
-dd:4d:55:e6:13:f8:83:9c:f2:75:d4:c8:40:37:43:\
-e7:86:26:01:f3:c4:9a:63:66:e1:2b:b8:f4:98:26:\
-2c:3c:77:de:19:bc:e4:0b:32:f8:9a:e6:2c:37:80:\
-f5:b6:27:5b:e3:37:e2:b3:15:3a:e2:ba:72:a9:97:\
-5a:e7:1a:b7:24:64:94:97:06:6b:66:0f:cf:77:4b:\
-75:43:d9:80:95:2d:2e:85:86:20:0e:da:41:58:b0:\
-14:e7:54:65:d9:1e:cf:93:ef:c7:ac:17:0c:11:fc:\
-72:46:fc:6d:ed:79:c3:77:80:00:0a:c4:e0:79:f6:\
-71:fd:4f:20:7a:d7:70:80:9e:0e:2d:7b:0e:f5:49:\
-3b:ef:e7:35:44:d8:e1:be:3d:dd:b5:24:55:c6:13:\
-91:a1}</string>
- </dict>
- <key>TextPlacement</key>
- <integer>2</integer>
- </dict>
- <dict>
- <key>Bounds</key>
- <string>{{188.776, 344.446}, {76, 24}}</string>
- <key>Class</key>
- <string>ShapedGraphic</string>
- <key>FitText</key>
- <string>YES</string>
- <key>Flow</key>
- <string>Resize</string>
- <key>FontInfo</key>
- <dict>
- <key>Color</key>
- <dict>
- <key>w</key>
- <string>0</string>
- </dict>
- <key>Font</key>
- <string>Helvetica</string>
- <key>Size</key>
- <real>12</real>
- </dict>
- <key>ID</key>
- <integer>45</integer>
- <key>Line</key>
- <dict>
- <key>ID</key>
- <integer>44</integer>
- <key>Position</key>
- <real>0.42995861172676086</real>
- <key>RotationType</key>
- <integer>0</integer>
- </dict>
- <key>Shape</key>
- <string>Rectangle</string>
- <key>Style</key>
- <dict>
- <key>shadow</key>
- <dict>
- <key>Draws</key>
- <string>NO</string>
- </dict>
- <key>stroke</key>
- <dict>
- <key>Draws</key>
- <string>NO</string>
- </dict>
- </dict>
- <key>Text</key>
- <dict>
- <key>Text</key>
- <string>{\rtf1\ansi\ansicpg1252\cocoartf1038\cocoasubrtf320
-{\fonttbl\f0\fswiss\fcharset0 Helvetica;}
-{\colortbl;\red255\green255\blue255;}
-\pard\tx560\tx1120\tx1680\tx2240\tx2800\tx3360\tx3920\tx4480\tx5040\tx5600\tx6160\tx6720\qc\pardirnatural
-
-\f0\fs24 \cf0 rsa:modulus}</string>
- </dict>
- <key>Wrap</key>
- <string>NO</string>
- </dict>
- <dict>
- <key>Class</key>
- <string>LineGraphic</string>
- <key>Head</key>
- <dict>
- <key>ID</key>
- <integer>46</integer>
- </dict>
- <key>ID</key>
- <integer>44</integer>
- <key>Points</key>
- <array>
- <string>{110.416, 354.774}</string>
- <string>{255, 358}</string>
- <string>{322, 373}</string>
- <string>{359.68, 395}</string>
- </array>
- <key>Style</key>
- <dict>
- <key>stroke</key>
- <dict>
- <key>HeadArrow</key>
- <string>FilledArrow</string>
- <key>LineType</key>
- <integer>1</integer>
- <key>TailArrow</key>
- <string>0</string>
- </dict>
- </dict>
- <key>Tail</key>
- <dict>
- <key>ID</key>
- <integer>33</integer>
- </dict>
- </dict>
- <dict>
- <key>Bounds</key>
- <string>{{67.9189, 530.02}, {64, 42}}</string>
- <key>Class</key>
- <string>ShapedGraphic</string>
- <key>ID</key>
- <integer>43</integer>
- <key>Magnets</key>
- <array>
- <string>{0, 1}</string>
- <string>{0, -1}</string>
- <string>{1, 0}</string>
- <string>{-1, 0}</string>
- <string>{1, 1}</string>
- <string>{1, -1}</string>
- <string>{-1, 1}</string>
- <string>{-1, -1}</string>
- </array>
- <key>Shape</key>
- <string>Rectangle</string>
- <key>Style</key>
- <dict/>
- <key>Text</key>
- <dict>
- <key>Text</key>
- <string>{\rtf1\ansi\ansicpg1252\cocoartf1038\cocoasubrtf320
-{\fonttbl\f0\fswiss\fcharset0 Helvetica;}
-{\colortbl;\red255\green255\blue255;}
-\pard\tx560\tx1120\tx1680\tx2240\tx2800\tx3360\tx3920\tx4480\tx5040\tx5600\tx6160\tx6720\qc\pardirnatural
-
-\f0\fs24 \cf0 65537}</string>
- </dict>
- <key>TextPlacement</key>
- <integer>2</integer>
- </dict>
- <dict>
- <key>Bounds</key>
- <string>{{32.1215, 424.734}, {118, 24}}</string>
- <key>Class</key>
- <string>ShapedGraphic</string>
- <key>FitText</key>
- <string>YES</string>
- <key>Flow</key>
- <string>Resize</string>
- <key>FontInfo</key>
- <dict>
- <key>Color</key>
- <dict>
- <key>w</key>
- <string>0</string>
- </dict>
- <key>Font</key>
- <string>Helvetica</string>
- <key>Size</key>
- <real>12</real>
- </dict>
- <key>ID</key>
- <integer>42</integer>
- <key>Line</key>
- <dict>
- <key>ID</key>
- <integer>41</integer>
- <key>Position</key>
- <real>0.42995861172676086</real>
- <key>RotationType</key>
- <integer>0</integer>
- </dict>
- <key>Shape</key>
- <string>Rectangle</string>
- <key>Style</key>
- <dict>
- <key>shadow</key>
- <dict>
- <key>Draws</key>
- <string>NO</string>
- </dict>
- <key>stroke</key>
- <dict>
- <key>Draws</key>
- <string>NO</string>
- </dict>
- </dict>
- <key>Text</key>
- <dict>
- <key>Text</key>
- <string>{\rtf1\ansi\ansicpg1252\cocoartf1038\cocoasubrtf320
-{\fonttbl\f0\fswiss\fcharset0 Helvetica;}
-{\colortbl;\red255\green255\blue255;}
-\pard\tx560\tx1120\tx1680\tx2240\tx2800\tx3360\tx3920\tx4480\tx5040\tx5600\tx6160\tx6720\qc\pardirnatural
-
-\f0\fs24 \cf0 rsa:public_exponent}</string>
- </dict>
- <key>Wrap</key>
- <string>NO</string>
- </dict>
- <dict>
- <key>Class</key>
- <string>LineGraphic</string>
- <key>Head</key>
- <dict>
- <key>ID</key>
- <integer>43</integer>
- </dict>
- <key>ID</key>
- <integer>41</integer>
- <key>Points</key>
- <array>
- <string>{94.946, 368.918}</string>
- <string>{90.8379, 429.98}</string>
- <string>{99.9189, 530.02}</string>
- </array>
- <key>Style</key>
- <dict>
- <key>stroke</key>
- <dict>
- <key>HeadArrow</key>
- <string>FilledArrow</string>
- <key>LineType</key>
- <integer>1</integer>
- <key>TailArrow</key>
- <string>0</string>
- </dict>
- </dict>
- <key>Tail</key>
- <dict>
- <key>ID</key>
- <integer>33</integer>
- </dict>
- </dict>
- <dict>
- <key>Bounds</key>
- <string>{{195.926, 307.774}, {51, 24}}</string>
- <key>Class</key>
- <string>ShapedGraphic</string>
- <key>FitText</key>
- <string>YES</string>
- <key>Flow</key>
- <string>Resize</string>
- <key>FontInfo</key>
- <dict>
- <key>Color</key>
- <dict>
- <key>w</key>
- <string>0</string>
- </dict>
- <key>Font</key>
- <string>Helvetica</string>
- <key>Size</key>
- <real>12</real>
- </dict>
- <key>ID</key>
- <integer>40</integer>
- <key>Line</key>
- <dict>
- <key>ID</key>
- <integer>34</integer>
- <key>Position</key>
- <real>0.42995861172676086</real>
- <key>RotationType</key>
- <integer>0</integer>
- </dict>
- <key>Shape</key>
- <string>Rectangle</string>
- <key>Style</key>
- <dict>
- <key>shadow</key>
- <dict>
- <key>Draws</key>
- <string>NO</string>
- </dict>
- <key>stroke</key>
- <dict>
- <key>Draws</key>
- <string>NO</string>
- </dict>
- </dict>
- <key>Text</key>
- <dict>
- <key>Text</key>
- <string>{\rtf1\ansi\ansicpg1252\cocoartf1038\cocoasubrtf320
-{\fonttbl\f0\fswiss\fcharset0 Helvetica;}
-{\colortbl;\red255\green255\blue255;}
-\pard\tx560\tx1120\tx1680\tx2240\tx2800\tx3360\tx3920\tx4480\tx5040\tx5600\tx6160\tx6720\qc\pardirnatural
-
-\f0\fs24 \cf0 rdf:type}</string>
- </dict>
- <key>Wrap</key>
- <string>NO</string>
- </dict>
- <dict>
- <key>Class</key>
- <string>TableGroup</string>
- <key>Graphics</key>
- <array>
- <dict>
- <key>Bounds</key>
- <string>{{377, 308.086}, {151, 14}}</string>
- <key>Class</key>
- <string>ShapedGraphic</string>
- <key>FitText</key>
- <string>Vertical</string>
- <key>Flow</key>
- <string>Resize</string>
- <key>ID</key>
- <integer>36</integer>
- <key>Shape</key>
- <string>Rectangle</string>
- <key>Style</key>
- <dict>
- <key>fill</key>
- <dict>
- <key>GradientCenter</key>
- <string>{-0.294118, -0.264706}</string>
- </dict>
- </dict>
- <key>Text</key>
- <dict>
- <key>Text</key>
- <string>{\rtf1\ansi\ansicpg1252\cocoartf1038\cocoasubrtf320
-{\fonttbl\f0\fswiss\fcharset0 Helvetica;}
-{\colortbl;\red255\green255\blue255;}
-\pard\tx560\tx1120\tx1680\tx2240\tx2800\tx3360\tx3920\tx4480\tx5040\tx5600\tx6160\tx6720\qc
-
-\f0\b\fs24 \cf0 rsa:RSAPublicKey}</string>
- <key>VerticalPad</key>
- <integer>0</integer>
- </dict>
- <key>TextPlacement</key>
- <integer>0</integer>
- </dict>
- <dict>
- <key>Bounds</key>
- <string>{{377, 322.086}, {151, 28}}</string>
- <key>Class</key>
- <string>ShapedGraphic</string>
- <key>FitText</key>
- <string>Vertical</string>
- <key>Flow</key>
- <string>Resize</string>
- <key>ID</key>
- <integer>37</integer>
- <key>Shape</key>
- <string>Rectangle</string>
- <key>Style</key>
- <dict>
- <key>fill</key>
- <dict>
- <key>GradientCenter</key>
- <string>{-0.294118, -0.264706}</string>
- </dict>
- </dict>
- <key>Text</key>
- <dict>
- <key>Align</key>
- <integer>0</integer>
- <key>Text</key>
- <string>{\rtf1\ansi\ansicpg1252\cocoartf1038\cocoasubrtf320
-{\fonttbl\f0\fswiss\fcharset0 Helvetica;}
-{\colortbl;\red255\green255\blue255;}
-\pard\tx560\tx1120\tx1680\tx2240\tx2800\tx3360\tx3920\tx4480\tx5040\tx5600\tx6160\tx6720\ql\qnatural
-
-\f0\fs24 \cf0 rsa:public_exponent\
-rsa:modulus}</string>
- <key>VerticalPad</key>
- <integer>0</integer>
- </dict>
- <key>TextPlacement</key>
- <integer>0</integer>
- </dict>
- </array>
- <key>GridH</key>
- <array>
- <integer>36</integer>
- <integer>37</integer>
- <array/>
- </array>
- <key>ID</key>
- <integer>35</integer>
- </dict>
- <dict>
- <key>Class</key>
- <string>LineGraphic</string>
- <key>Head</key>
- <dict>
- <key>ID</key>
- <integer>36</integer>
- </dict>
- <key>ID</key>
- <integer>34</integer>
- <key>Points</key>
- <array>
- <string>{109.919, 350.664}</string>
- <string>{227, 319}</string>
- <string>{376.5, 316.405}</string>
- </array>
- <key>Style</key>
- <dict>
- <key>stroke</key>
- <dict>
- <key>HeadArrow</key>
- <string>FilledArrow</string>
- <key>LineType</key>
- <integer>1</integer>
- <key>TailArrow</key>
- <string>0</string>
- </dict>
- </dict>
- <key>Tail</key>
- <dict>
- <key>ID</key>
- <integer>33</integer>
- </dict>
- </dict>
- <dict>
- <key>Bounds</key>
- <string>{{81.9193, 340.45}, {28, 28}}</string>
- <key>Class</key>
- <string>ShapedGraphic</string>
- <key>ID</key>
- <integer>33</integer>
- <key>Shape</key>
- <string>Circle</string>
- <key>Style</key>
- <dict/>
- </dict>
- <dict>
- <key>Bounds</key>
- <string>{{331.633, 159}, {90, 24}}</string>
- <key>Class</key>
- <string>ShapedGraphic</string>
- <key>ID</key>
- <integer>1</integer>
- <key>Magnets</key>
- <array>
- <string>{0, 1}</string>
- <string>{0, -1}</string>
- <string>{1, 0}</string>
- <string>{-1, 0}</string>
- <string>{1, 1}</string>
- <string>{1, -1}</string>
- <string>{-1, 1}</string>
- <string>{-1, -1}</string>
- </array>
- <key>Shape</key>
- <string>Rectangle</string>
- <key>Style</key>
- <dict>
- <key>stroke</key>
- <dict>
- <key>Color</key>
- <dict>
- <key>b</key>
- <string>0.8</string>
- <key>g</key>
- <string>0.8</string>
- <key>r</key>
- <string>0.8</string>
- </dict>
- </dict>
- </dict>
- <key>Text</key>
- <dict>
- <key>Text</key>
- <string>{\rtf1\ansi\ansicpg1252\cocoartf1038\cocoasubrtf320
-{\fonttbl\f0\fswiss\fcharset0 Helvetica;}
-{\colortbl;\red255\green255\blue255;\red102\green102\blue102;}
-\pard\tx560\tx1120\tx1680\tx2240\tx2800\tx3360\tx3920\tx4480\tx5040\tx5600\tx6160\tx6720\qc\pardirnatural
-
-\f0\fs24 \cf2 Joe}</string>
- </dict>
- </dict>
- <dict>
- <key>Class</key>
- <string>LineGraphic</string>
- <key>Head</key>
- <dict>
- <key>ID</key>
- <integer>1</integer>
- <key>Info</key>
- <integer>4</integer>
- </dict>
- <key>ID</key>
- <integer>31</integer>
- <key>Points</key>
- <array>
- <string>{116, 186}</string>
- <string>{188.776, 156}</string>
- <string>{279.204, 154.184}</string>
- <string>{331.633, 171}</string>
- </array>
- <key>Style</key>
- <dict>
- <key>stroke</key>
- <dict>
- <key>Color</key>
- <dict>
- <key>b</key>
- <string>0.8</string>
- <key>g</key>
- <string>0.8</string>
- <key>r</key>
- <string>0.8</string>
- </dict>
- <key>HeadArrow</key>
- <string>FilledArrow</string>
- <key>LineType</key>
- <integer>1</integer>
- <key>TailArrow</key>
- <string>0</string>
- </dict>
- </dict>
- <key>Tail</key>
- <dict>
- <key>ID</key>
- <integer>24</integer>
- </dict>
- </dict>
- <dict>
- <key>Bounds</key>
- <string>{{16.9592, 231}, {178.041, 18}}</string>
- <key>Class</key>
- <string>ShapedGraphic</string>
- <key>ID</key>
- <integer>22</integer>
- <key>Shape</key>
- <string>Rectangle</string>
- <key>Style</key>
- <dict>
- <key>fill</key>
- <dict>
- <key>Draws</key>
- <string>NO</string>
- </dict>
- <key>shadow</key>
- <dict>
- <key>Draws</key>
- <string>NO</string>
- </dict>
- <key>stroke</key>
- <dict>
- <key>Width</key>
- <real>0.5</real>
- </dict>
- </dict>
- <key>Text</key>
- <dict>
- <key>Text</key>
- <string>{\rtf1\ansi\ansicpg1252\cocoartf1038\cocoasubrtf320
-{\fonttbl\f0\fswiss\fcharset0 Helvetica;}
-{\colortbl;\red255\green255\blue255;\red0\green0\blue0;}
-\pard\tx560\tx1120\tx1680\tx2240\tx2800\tx3360\tx3920\tx4480\tx5040\tx5600\tx6160\tx6720\qc
-
-\f0\b\fs24 \cf2 http://joe.example/profile#me}</string>
- <key>VerticalPad</key>
- <integer>0</integer>
- </dict>
- </dict>
- <dict>
- <key>Class</key>
- <string>Group</string>
- <key>Graphics</key>
- <array>
- <dict>
- <key>AllowLabelDrop</key>
- <false/>
- <key>Class</key>
- <string>LineGraphic</string>
- <key>ID</key>
- <integer>24</integer>
- <key>Points</key>
- <array>
- <string>{116, 186}</string>
- <string>{98, 186}</string>
- </array>
- <key>Style</key>
- <dict>
- <key>stroke</key>
- <dict>
- <key>HeadArrow</key>
- <string>0</string>
- <key>TailArrow</key>
- <string>0</string>
- </dict>
- </dict>
- </dict>
- <dict>
- <key>AllowLabelDrop</key>
- <false/>
- <key>Class</key>
- <string>LineGraphic</string>
- <key>ID</key>
- <integer>25</integer>
- <key>Points</key>
- <array>
- <string>{98, 186}</string>
- <string>{80, 186}</string>
- </array>
- <key>Style</key>
- <dict>
- <key>stroke</key>
- <dict>
- <key>HeadArrow</key>
- <string>0</string>
- <key>TailArrow</key>
- <string>0</string>
- </dict>
- </dict>
- </dict>
- <dict>
- <key>AllowLabelDrop</key>
- <false/>
- <key>Class</key>
- <string>LineGraphic</string>
- <key>ID</key>
- <integer>26</integer>
- <key>Points</key>
- <array>
- <string>{98, 204}</string>
- <string>{107, 231}</string>
- </array>
- <key>Style</key>
- <dict>
- <key>stroke</key>
- <dict>
- <key>HeadArrow</key>
- <string>0</string>
- <key>TailArrow</key>
- <string>0</string>
- </dict>
- </dict>
- </dict>
- <dict>
- <key>AllowLabelDrop</key>
- <false/>
- <key>Class</key>
- <string>LineGraphic</string>
- <key>ID</key>
- <integer>27</integer>
- <key>Points</key>
- <array>
- <string>{98, 204}</string>
- <string>{89, 231}</string>
- </array>
- <key>Style</key>
- <dict>
- <key>stroke</key>
- <dict>
- <key>HeadArrow</key>
- <string>0</string>
- <key>TailArrow</key>
- <string>0</string>
- </dict>
- </dict>
- </dict>
- <dict>
- <key>AllowConnections</key>
- <string>NO</string>
- <key>AllowLabelDrop</key>
- <false/>
- <key>AllowToConnect</key>
- <false/>
- <key>Class</key>
- <string>LineGraphic</string>
- <key>ID</key>
- <integer>28</integer>
- <key>Points</key>
- <array>
- <string>{98, 177}</string>
- <string>{98, 204}</string>
- </array>
- <key>Style</key>
- <dict>
- <key>stroke</key>
- <dict>
- <key>HeadArrow</key>
- <string>0</string>
- <key>TailArrow</key>
- <string>0</string>
- </dict>
- </dict>
- </dict>
- <dict>
- <key>Bounds</key>
- <string>{{89, 159}, {18, 18}}</string>
- <key>Class</key>
- <string>ShapedGraphic</string>
- <key>ID</key>
- <integer>29</integer>
- <key>Shape</key>
- <string>Circle</string>
- <key>Style</key>
- <dict/>
- </dict>
- </array>
- <key>ID</key>
- <integer>23</integer>
- </dict>
- <dict>
- <key>Bounds</key>
- <string>{{74, 146}, {42, 99}}</string>
- <key>Class</key>
- <string>ShapedGraphic</string>
- <key>ID</key>
- <integer>30</integer>
- <key>Shape</key>
- <string>Rectangle</string>
- <key>Style</key>
- <dict>
- <key>fill</key>
- <dict>
- <key>Draws</key>
- <string>NO</string>
- </dict>
- <key>shadow</key>
- <dict>
- <key>Draws</key>
- <string>NO</string>
- </dict>
- <key>stroke</key>
- <dict>
- <key>Draws</key>
- <string>NO</string>
- </dict>
- </dict>
- </dict>
- <dict>
- <key>Bounds</key>
- <string>{{9, 70.4975}, {537.282, 610.013}}</string>
- <key>Class</key>
- <string>ShapedGraphic</string>
- <key>ID</key>
- <integer>15</integer>
- <key>Shape</key>
- <string>NoteShape</string>
- <key>Style</key>
- <dict/>
- <key>Text</key>
- <dict>
- <key>Align</key>
- <integer>0</integer>
- <key>Text</key>
- <string>{\rtf1\ansi\ansicpg1252\cocoartf1038\cocoasubrtf320
-{\fonttbl\f0\fswiss\fcharset0 Helvetica;}
-{\colortbl;\red255\green255\blue255;}
-\pard\tx560\tx1120\tx1680\tx2240\tx2800\tx3360\tx3920\tx4480\tx5040\tx5600\tx6160\tx6720
-
-\f0\fs24 \cf0 http://joe.example/profile}</string>
- <key>VerticalPad</key>
- <integer>0</integer>
- </dict>
- <key>TextPlacement</key>
- <integer>0</integer>
- </dict>
- </array>
- <key>GridInfo</key>
- <dict/>
- <key>GuidesLocked</key>
- <string>NO</string>
- <key>GuidesVisible</key>
- <string>YES</string>
- <key>HPages</key>
- <integer>1</integer>
- <key>ImageCounter</key>
- <integer>2</integer>
- <key>KeepToScale</key>
- <false/>
- <key>Layers</key>
- <array>
- <dict>
- <key>Lock</key>
- <string>NO</string>
- <key>Name</key>
- <string>Layer 1</string>
- <key>Print</key>
- <string>YES</string>
- <key>View</key>
- <string>YES</string>
- </dict>
- </array>
- <key>LayoutInfo</key>
- <dict>
- <key>Animate</key>
- <string>NO</string>
- <key>circoMinDist</key>
- <real>18</real>
- <key>circoSeparation</key>
- <real>0.0</real>
- <key>layoutEngine</key>
- <string>dot</string>
- <key>neatoSeparation</key>
- <real>0.0</real>
- <key>twopiSeparation</key>
- <real>0.0</real>
- </dict>
- <key>LinksVisible</key>
- <string>NO</string>
- <key>MagnetsVisible</key>
- <string>NO</string>
- <key>MasterSheets</key>
- <array/>
- <key>ModificationDate</key>
- <string>2010-08-07 18:27:48 +0200</string>
- <key>Modifier</key>
- <string>Henry Story</string>
- <key>NotesVisible</key>
- <string>NO</string>
- <key>Orientation</key>
- <integer>2</integer>
- <key>OriginVisible</key>
- <string>NO</string>
- <key>PageBreaks</key>
- <string>YES</string>
- <key>PrintInfo</key>
- <dict>
- <key>NSBottomMargin</key>
- <array>
- <string>float</string>
- <string>41</string>
- </array>
- <key>NSLeftMargin</key>
- <array>
- <string>float</string>
- <string>18</string>
- </array>
- <key>NSPaperSize</key>
- <array>
- <string>size</string>
- <string>{595, 842}</string>
- </array>
- <key>NSRightMargin</key>
- <array>
- <string>float</string>
- <string>18</string>
- </array>
- <key>NSTopMargin</key>
- <array>
- <string>float</string>
- <string>18</string>
- </array>
- </dict>
- <key>PrintOnePage</key>
- <false/>
- <key>QuickLookPreview</key>
- <data>
- JVBERi0xLjMKJcTl8uXrp/Og0MTGCjUgMCBvYmoKPDwgL0xlbmd0aCA2IDAgUiAvRmls
- dGVyIC9GbGF0ZURlY29kZSA+PgpzdHJlYW0KeAHNmsmOHcl1hvf5FAl4U1xUMuZpZ9M2
- 4PZGEgl4IRhC3clio0pUFylLelk/i78TmRGZdyJ7UQuBXX0zI2M4cYb/DBG/jL8dfxkV
- /7zPY0x2fD2O/zX+aXz/4ase919HXf993Y+PavKj/G06nsb3vzm+7o9//vaXp+fh9TNT
- +SCTqTFYOz6aMYXJK+PyuH8Z3//Hix7/9Utd0c29+Ilp9Jml6ndTvw+/jFqbOo0LozVq
- CtaE0Se/dLNtGj9Pw09UU9bZjjbnybd+bliW09HW6ehoQxidjvR2ZpnOt+laN8uq0s35
- bbfQZkth3qJjt3RI2Yw60zWptnBsM1q4KjSanEad1CTvObLuADdS6xWXza7bMDpv58u9
- 5zwdfHMw2tadylRatR4awmXFM85ZWbIKYJHA+98dn5++ff7f44cvz19eP78cv71+3o+v
- nwfvwmSShttWTzlD9su4tqU8xRQsH/PkfNKIDg5YD6/4FLTzY/Bu0sbZYV/bVEq1Keqg
- x+fR2cS+tB6jNqIZDKQFWvu7TXFSNsS1ZT9YnSYfWKX3QlfbBJvH/ZhHrcwEMZHFOt1r
- 2439PY9/XHtudn1C83/i7+fZFj58rGxV48cPqLmuL4/yg9EMMLcvZryelFJmyzg0czIa
- KXTGaSxDBedWxmmTphR93DBOmkyy+YxxanI5ysCFce19ZVxr2TKutcGtG4/CuIB6eq3s
- lnFr28q4vr8zxhmXJmWsu71rDCl6D5YsfBgW4tv7iLLM2+kts65UzZhU9ia1Hp1+m9Wk
- kzdDb9mPH0EXoAvL/opogK2NqEyMU3CKiVSEh6Ga/798GheoeeT30QQ793k02SHG4IZP
- GM6/I1Jk/uk0/n58+OM7AUMzPnx7ByBufv/cPpTlw/uz3+Hh59bhS3s4todp6dob/vbU
- Pr30eZ9b0/HdMJPQVuhdXvvU//du/O/x00/jv32qiNs19ooNor2wQc1a+2l/xhBQcjJO
- OVizMGQ8Z8jDMyR/+rkuM1x5Da3cZIMbg9H19wX7jKh5imMAhJMT7FxbzKQ9AlpGDUEl
- oD+gHVqpuXNQHnjRdgRw6RvDuLZo6QwGr8NSqp31EECLOnVrWZfPfdhCI8bQ5zZuJnZd
- f2kZLne2H09bZau4IKDb+oF/dS8bDuhQ10nMtfBEo8oLT2a+6Tj/bjigUePKwE7l2rJs
- ZViH9f32qdeWZfmxc6DRuHJg0H5m4SqBTctC47Kz2fo2Btd5IM4vxuFl5MGgS8/VTu/0
- lA4vY8qjseIxxKIve4rGLlNVdn6nq4hAlsdnMylGzMP9STWOb+66jJm7Stjz1ysqqnRx
- f4QvsVKgIxgoAKPTQBgllM/xyTkOaVQ4x4yLdVbmuICgZCcFrPnRzZZmJjVsoGdGnG8Y
- fH0qDQHaLxhTP4AD9bcDyowww0Nv+FtDkxVpWkubHcA5n6StMncYHl7biLbcPdS5sWkQ
- rPrJc8TBj+RskcOCvGx/Rl6A5p9eVqyh8a8Ql/rfDb9cJTSLFOXTjr14YF9HfK/So6i7
- J/6UX6sMH7CNCKRoQo39aLTICe8LcEwh09F4P9kcMQoMTfyyiXkSfdUS9CSJsiTSm7wj
- 3mQSfL6Lo1WEpNYwTzCTdcRn1siDZ1yIE2EULr8qy2Y3qAxDBAxAOMCL6EfMwho7WUIw
- 2ggNJP57pk3I98RZ0k+5PIhnvjX6hD7+xN/PN3W5jxCosA7cfRn6ejq4KQbiu816tV/G
- rZ+tt46um4LN/PtKLEJAWeP4oNSYCYmd5BprlHVp5CK8PkZL3LyMGWZeOSQ//52bl0W6
- 8zo49GvzIkyNNkk4gXkN5579J7R49qvo2eo82xbAQD8llGQORVz2SERrTYwWNCGNIbQ1
- dF5aRoev0IDCZhxSC17ShIqn1mviOG1Fd7TAsEtRu6G3SIyoCZfp08dJlOaNxH9t9rWl
- UdDGzWGW0AmiL7OT1ViSliBUST4iFKwtl/sTr1YxbLhnXo0l1jkIY2srS8hPMHEd0fzG
- Eos7SckYXN6yFNEBylZJ7ATZgObrgMgb0b2lbY0EbR6H7XQGtNm3LQsF67hG54YllnRG
- JStULSxpLavo+v7uuzmNoZMOYvECGMHmCjrgmdN5tKCPJhgAZMh8IsmnRYBRkbMawxC6
- AB4B8FA28UocyhTSTqalLTlQIPdKTjJTrNx4PpFcC5cW9KiCEtwgZsDGDCkgHaIVkcgg
- HxC6g7UuGcGIOhF4RJuljYS92vGN0d/FjaGvJwQ5E87Wk414HQUj+nqyJwiXFA2cauu1
- 0TBNDLwbnY0Re8O2JGEHeUds98fAwSBBWZXAxXlQc8n30gPnkQu2ICn9XBq4cMygoh8f
- 7TVsvH7tHrRF/j0e/0tDlF176EH857lleNj/oX1bfXOfoEPSn6469RYSEUGr4TLU/3Vb
- Ihs/D+nJcWRLS4rRtvTSKTk0Svrm+p56y9ctgEpaMGyLSVWmQUo2i0xBoSrTX5C74E3L
- rKsTEFmSCXRZApFLePUDWeJd78gSWYfkPJo153c9ypC9t+2xh9kbrOL9XWv6+M/t6Tfs
- uQZJu3dD/W1BE/Kt7/vW8z/bQxfz3y+51EtuA4YsRaVqTwDAFA3UivYvnLq3dUM0MA/C
- qg2DlvTuLMuVyCuLXd2QfJfuaaG/KcC3ZX9/77p55iVviY6UMTtPLG0BNsJkgQZKAD4G
- 0gFLycgEPpLHQ46WxBxXaLFvWoimyA0dMdBcVxNf4Kk90YtgC8isKWA2QOogxScV8TPE
- Xhkgg1EUDbV0nrFRFHAuCYhywVqqhER2hDiGyXC6WdyWouIVBykBaE3Y9Sx5YM4B/2uI
- 3PC6M2LdGnsfIWuu0lajjEFCyoRtNSSKq0s1J+qrCfFOQkjBx75aG3uFj4RVhKqaYElC
- NKJXOPkjLYGZZNEySOp9IdxQEm/xTo7Y44aOfBfwFty4C3jjrwa8ZaZuLpeAN9c2mnC7
- x6hmnygqoxyz9iBSapmomjMCHd8POvtwbyV4IDTZDBeYEvck5ieQdllkQlxSEWZtqZ8u
- FeH71RVceYUh8ZIXlaaH4L2NvbZyM2QnoJicBhgsahxnVy/5OVUQ7ItsJWEasKHqHxED
- vah7idbLi1iHwdSMFE0sSZDCGQO1Esh54hNihkRFDz+KjydVRcPIfwjocNoR5SCzspSH
- spGAhbQ1UuIloKTQA5yLdQdD+nNhgcNigRKrEXMxlxivBZ6IUoDlnMmULLaQiIwIGpzQ
- LoGQYILHYmvQsAyuGLIMvm+C1Yn05cAfbFrq2uty1JypwUhMtC5HwciRc22Xg4g++CxG
- kcTRkDgii0kJkTXDlBjMVF/FQcm9oqQhrJOR/CJv8s6rggCxD3VYOY+40JDFTy9OqsH0
- r/TTi21d+enugQQmNTghRxZyHGMtygoeyD7PbYjyxKXPbgMR5OXAZj23SrSsRXrGGOPV
- AkniG8jVz4sEj2D7xMEQ8ZjUzvwMURROCB8o0j4oVfa7Ylw5Hkry5RCKO5SYi9uVkMs+
- FqXLXpcUytO+vBuW8uXWxLaULDL5ESXi2GYJrYTsVfG5eFX0UQgJqkDaKZTA+rlYU5Qr
- h1RsKuqIAH9AyK9kCUWJa47EonPR++L3Je2KDSUdinkqeyv/d6Yknnclwxr7ZhyhwHjF
- kZxKQBy2hFQOe1kcKUSoUMXAjlOJvvhjyYjp6c04AihdccQcy3FfDk/lGArPsEP7ctoV
- n8pRl10sgU++5L08v5WOWJT1UkdQwWMqycp/GXVgzWOJRrRm54pDatByLF6XJ/dmHKGO
- dMURFs++6CdRExQk7EswsjgKGqu+IDJzKAeoS2/GEXT1kiGHg5ir9yIZbcupMgc5nIwo
- x8GVfSpOFRtFjd7IaPB5lyByjKKaJghYnGzZw52nElDcIApidmWXyolGmBLeih1y0HnJ
- DoM09iUih6PY8A51cUVhw0ZYA02iwPSBXPVW7MDnXPHj5MuOlWLxu3K0st7RlJ0Vs7EQ
- wfOTqO1TFhR5I4MhOr3ih2cx0OxJ7BKID4iA/wAuVBZ8R16nsgdHUI/dW/GDXPWKH+gi
- +nfIwnbsBssQGPFVacD5o2CL04InO+TyNk6GYskVPzRuDqHACYwDtDjK7rMtR9gQxcFh
- wor/o8U4u7fxMcQ71/wwxQVZIxzE7+JucS5IAfbg9BT+BUKVtOMA34gfcrJ/xZDIToGQ
- k/iU+FQOsURVhXQUqSCnuJMH9BlwfSOGcHJ0zRGLoZxEOJalqqMXz3IsFhA9lB064wTm
- 9hXm3oojJC1XHMn4Dn1zp+sZXeCANEmYRwZD9E+iTmZok9JU7jmnVHILgRCHlIbTEUM4
- nYjT5vOxloFJFDin13iXWsfk3IOhku9K+K6iHqhdS7YvsT0LkPkSxEmbUWpJr6/H3g/t
- a3bdBhA0QpSk8stilcyc68R9MSE9csRUI3uJ2Sqhy9jL5Jq+XNLg2MNR/eNqi1xLqakk
- WdUPCjGkMHoeSsGXA6JbhRhkRbhLCfdGkr3vae9ru2iAstaK0udWm+u1mt53myIvfS9u
- K1zVnM4qc3IvhdNjXQ+YUkARyIHaVtuBi/ySHWwqPkYOKOowtmQZdqOgQIbDoRnZxI3N
- tlpTrzH2kttpqTq1vfcN9h5yKHjjsCYhKG6TkIiT9EoiTmpHDUDO/+rx7PeLAG10rwFs
- Rv+oBqCV1JClBiAHK2sNYFuCg1+KMzuSul5e6ae835X8Is3OhqX2e1YKYSb5h4gclXcb
- ud0X2fX9Emvthjn3bi1Ju1XicNQ4yOoot13nqnIU6bhhstnWnJL9njJ3V9Irhe5XanoX
- DqdXmWLWKP789/GDXA+8TjjlmFfKjbXGKLdWrMXupYmDBTnjBZ+VHMJSbpi1IPtB9IMa
- CMEwd6pgGSCh5PjFcLhkOBLmtgJ6HfhkONaRaycUQaiPUFiiE5BvWI7axcQNGTtIAyc0
- tMCGpDhQMXLHZT7vWzg6lyE3+0FIcvAaHSUZznipbFKIoDbB4YV2csOOyqk2tRwp01IK
- NrTxMUJeLU5cjgb/OmDe5FVfT6yWsqllRF+PI2sKorUg2deDpokzo9QPliu1m9FnxRBx
- F/OFTSoFL6KC6yu3uiI+hPPMgSIwL72reABMZtPC6e3mFacjg1t/qU5mfNI6HVC1LsXL
- XK6aCeGV2o5FzJyZc4NV3Fyjqs3UWgbxbzK4d6DMdfdl25FrnLJKG0esJlvCfbZ12fEZ
- c/Zy/nXOre+iUvXEdUcoyZa18rqyFq3FABurRIUXVi3MM1puHKwdal178yp3GqooZknV
- uy2dtXIrZ8NaXqVs1rYoXzsHDJpZZ9q0SD3w7HX7st4RkCPRbUfOqDas7Vta12XHnZNi
- QWesnbklSnrfg8nZw6wsOLxrYCMBsLHydU7P/tEvBF5X37tr/Z8ttHZPobOclnJvlrNp
- zj8sKAPiLdXL+2yT46Z5WEK7ZNjMu9uXex5B2uVy0wUbH05fnk5l9/wF6loV7Lf/D26W
- mTAKZW5kc3RyZWFtCmVuZG9iago2IDAgb2JqCjQxMDYKZW5kb2JqCjMgMCBvYmoKPDwg
- L1R5cGUgL1BhZ2UgL1BhcmVudCA0IDAgUiAvUmVzb3VyY2VzIDcgMCBSIC9Db250ZW50
- cyA1IDAgUiAvTWVkaWFCb3ggWzAgMCA1NTkgNzgzXQo+PgplbmRvYmoKNyAwIG9iago8
- PCAvUHJvY1NldCBbIC9QREYgL1RleHQgL0ltYWdlQiAvSW1hZ2VDIC9JbWFnZUkgXSAv
- Q29sb3JTcGFjZSA8PCAvQ3MyIDMxIDAgUgovQ3MxIDggMCBSID4+IC9Gb250IDw8IC9G
- MS4wIDMyIDAgUiAvRjIuMCAzMyAwIFIgL0YzLjAgMzQgMCBSID4+IC9YT2JqZWN0Cjw8
- IC9JbTQgMTUgMCBSIC9JbTEwIDI3IDAgUiAvSW0xMSAyOSAwIFIgL0ltMiAxMSAwIFIg
- L0ltMSA5IDAgUiAvSW01IDE3IDAgUgovSW04IDIzIDAgUiAvSW05IDI1IDAgUiAvSW0z
- IDEzIDAgUiAvSW03IDIxIDAgUiAvSW02IDE5IDAgUiA+PiA+PgplbmRvYmoKMTUgMCBv
- YmoKPDwgL0xlbmd0aCAxNiAwIFIgL1R5cGUgL1hPYmplY3QgL1N1YnR5cGUgL0ltYWdl
- IC9XaWR0aCAxMDAgL0hlaWdodCAxMDAgL0ludGVycG9sYXRlCnRydWUgL0NvbG9yU3Bh
- Y2UgMzUgMCBSIC9JbnRlbnQgL1BlcmNlcHR1YWwgL1NNYXNrIDM2IDAgUiAvQml0c1Bl
- ckNvbXBvbmVudAo4IC9GaWx0ZXIgL0ZsYXRlRGVjb2RlID4+CnN0cmVhbQp4Ae3QMQEA
- AADCoPVPbQlPiEBhwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIAB
- AwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBg
- wIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwICBz8AAdTAAAQplbmRz
- dHJlYW0KZW5kb2JqCjE2IDAgb2JqCjE1NQplbmRvYmoKMjcgMCBvYmoKPDwgL0xlbmd0
- aCAyOCAwIFIgL1R5cGUgL1hPYmplY3QgL1N1YnR5cGUgL0ltYWdlIC9XaWR0aCAxNTgg
- L0hlaWdodCA4MCAvSW50ZXJwb2xhdGUKdHJ1ZSAvQ29sb3JTcGFjZSAzNSAwIFIgL0lu
- dGVudCAvUGVyY2VwdHVhbCAvU01hc2sgMzggMCBSIC9CaXRzUGVyQ29tcG9uZW50Cjgg
- L0ZpbHRlciAvRmxhdGVEZWNvZGUgPj4Kc3RyZWFtCngB7dCBAAAAAMOg+VMf5IVQYcCA
- AQMGDBgwYMCAAQMGDBgwYMCAAQMGDBgwYMCAAQMGDBgwYMCAAQMGDBgwYMCAAQMGDBgw
- YMCAAQMGDBgwYMCAAQMGDBgwYMCAAQMGDBgwYMCAAQMGDBgwYMCAAQMGDBgwYMCAAQMG
- DBgwYMCAAQMGDBgwYMCAAQMGDBgwYMCAAQMGDBgwYMCAAQMGDBgwYMCAAQMGDBgwYMCA
- AQMGDBgwYOB3YJQgAAEKZW5kc3RyZWFtCmVuZG9iagoyOCAwIG9iagoxODcKZW5kb2Jq
- CjI5IDAgb2JqCjw8IC9MZW5ndGggMzAgMCBSIC9UeXBlIC9YT2JqZWN0IC9TdWJ0eXBl
- IC9JbWFnZSAvV2lkdGggMzMyIC9IZWlnaHQgOTIgL0ludGVycG9sYXRlCnRydWUgL0Nv
- bG9yU3BhY2UgMzUgMCBSIC9JbnRlbnQgL1BlcmNlcHR1YWwgL1NNYXNrIDQwIDAgUiAv
- Qml0c1BlckNvbXBvbmVudAo4IC9GaWx0ZXIgL0ZsYXRlRGVjb2RlID4+CnN0cmVhbQp4
- Ae3QgQAAAADDoPlTX+EAhVBhwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYM
- GDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIAB
- AwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBg
- wIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYM
- GDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIAB
- AwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBg
- wIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYM
- GDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIAB
- AwYMGDBgwMA7MGX/AAEKZW5kc3RyZWFtCmVuZG9iagozMCAwIG9iago0MjMKZW5kb2Jq
- CjExIDAgb2JqCjw8IC9MZW5ndGggMTIgMCBSIC9UeXBlIC9YT2JqZWN0IC9TdWJ0eXBl
- IC9JbWFnZSAvV2lkdGggODAgL0hlaWdodCA4MCAvSW50ZXJwb2xhdGUKdHJ1ZSAvQ29s
- b3JTcGFjZSAzNSAwIFIgL0ludGVudCAvUGVyY2VwdHVhbCAvU01hc2sgNDIgMCBSIC9C
- aXRzUGVyQ29tcG9uZW50CjggL0ZpbHRlciAvRmxhdGVEZWNvZGUgPj4Kc3RyZWFtCngB
- 7dAxAQAAAMKg9U9tCy+IQGHAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
- MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDgNzBL
- AAABCmVuZHN0cmVhbQplbmRvYmoKMTIgMCBvYmoKMTA3CmVuZG9iago5IDAgb2JqCjw8
- IC9MZW5ndGggMTAgMCBSIC9UeXBlIC9YT2JqZWN0IC9TdWJ0eXBlIC9JbWFnZSAvV2lk
- dGggOTQyIC9IZWlnaHQgMTA2NSAvSW50ZXJwb2xhdGUKdHJ1ZSAvQ29sb3JTcGFjZSAz
- NSAwIFIgL0ludGVudCAvUGVyY2VwdHVhbCAvU01hc2sgNDQgMCBSIC9CaXRzUGVyQ29t
- cG9uZW50CjggL0ZpbHRlciAvRmxhdGVEZWNvZGUgPj4Kc3RyZWFtCngB7dAxAQAAAMKg
- 9U9tDB+IQGHAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
- MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
- BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
- gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
- MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
- BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
- gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
- MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
- BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
- gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
- MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
- BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
- gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
- MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
- BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
- gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
- MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
- BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
- gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
- MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
- BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
- gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
- MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
- BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
- gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
- MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
- BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
- gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
- MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
- BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
- gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
- MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
- BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
- gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
- MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
- BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
- gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
- MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
- BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
- gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
- MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
- BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
- gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
- MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
- BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
- gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
- MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
- BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
- gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
- MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
- BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
- gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
- MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
- BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
- gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
- MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
- BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
- gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
- MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
- BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
- gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
- MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
- BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
- gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
- MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
- BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
- gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
- MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
- BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
- gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
- MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
- BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
- gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
- MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
- BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
- gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
- MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
- BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
- gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
- MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
- BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
- gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
- MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
- BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
- gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
- MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
- BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
- gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
- MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
- BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
- gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
- MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
- BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
- gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
- MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
- BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
- gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
- MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
- BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
- gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
- MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
- BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
- gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
- MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
- BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
- gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
- MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
- BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
- gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
- MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
- BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
- gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
- MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
- BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
- gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
- MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
- BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
- gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
- MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
- BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
- gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
- MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
- BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
- gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
- MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
- BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
- gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
- MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
- BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
- gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
- MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
- BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
- gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
- MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
- BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
- gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
- MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
- BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
- gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
- MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
- BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
- gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
- MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
- BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
- gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
- MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
- BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
- gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
- MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
- BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
- gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
- MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
- BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
- gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
- MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
- BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
- gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
- MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
- BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
- gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
- MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
- BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
- gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
- MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
- BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
- gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
- MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
- BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
- gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
- MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
- BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
- gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
- MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
- BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
- gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
- MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
- BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
- gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
- MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
- BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
- gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
- MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
- BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
- gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
- MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
- BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
- gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
- MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
- BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
- gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
- MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
- BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
- gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
- MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
- BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
- gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
- MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
- BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
- gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
- MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
- BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
- gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
- MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
- BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
- gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
- MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
- BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
- gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
- MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
- BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
- gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
- MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
- BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
- gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
- MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
- BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
- gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
- MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
- BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
- gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
- MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
- BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
- gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
- MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
- BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
- gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
- MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
- BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
- gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
- MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
- BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
- gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
- MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
- BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
- gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
- MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
- BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
- gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
- MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
- BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
- gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
- MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
- BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
- gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
- MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
- BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
- gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
- MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
- BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
- gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
- MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
- BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
- gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
- MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
- BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
- gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
- MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
- BgwYMGDAgAEDBgwYMGDAgAEDBgwYMPAZGO89AAEKZW5kc3RyZWFtCmVuZG9iagoxMCAw
- IG9iagoxMzE0NwplbmRvYmoKMTcgMCBvYmoKPDwgL0xlbmd0aCAxOCAwIFIgL1R5cGUg
- L1hPYmplY3QgL1N1YnR5cGUgL0ltYWdlIC9XaWR0aCAzNDYgL0hlaWdodCAxMDAgL0lu
- dGVycG9sYXRlCnRydWUgL0NvbG9yU3BhY2UgMzUgMCBSIC9JbnRlbnQgL1BlcmNlcHR1
- YWwgL1NNYXNrIDQ2IDAgUiAvQml0c1BlckNvbXBvbmVudAo4IC9GaWx0ZXIgL0ZsYXRl
- RGVjb2RlID4+CnN0cmVhbQp4Ae3QMQEAAADCoPVPbQlPiEBhwIABAwYMGDBgwIABAwYM
- GDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIAB
- AwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBg
- wIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYM
- GDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIAB
- AwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBg
- wIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYM
- GDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIAB
- AwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBg
- wIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBg4D8wlYcAAQplbmRzdHJlYW0KZW5kb2Jq
- CjE4IDAgb2JqCjQ3NgplbmRvYmoKMjMgMCBvYmoKPDwgL0xlbmd0aCAyNCAwIFIgL1R5
- cGUgL1hPYmplY3QgL1N1YnR5cGUgL0ltYWdlIC9XaWR0aCA3MTggL0hlaWdodCA1OTYg
- L0ludGVycG9sYXRlCnRydWUgL0NvbG9yU3BhY2UgMzUgMCBSIC9JbnRlbnQgL1BlcmNl
- cHR1YWwgL1NNYXNrIDQ4IDAgUiAvQml0c1BlckNvbXBvbmVudAo4IC9GaWx0ZXIgL0Zs
- YXRlRGVjb2RlID4+CnN0cmVhbQp4Ae3QgQAAAADDoPlTH+SFUGHAgAEDBgwYMGDAgAED
- BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
- gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
- MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
- BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
- gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
- MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
- BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
- gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
- MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
- BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
- gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
- MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
- BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
- gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
- MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
- BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
- gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
- MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
- BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
- gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
- MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
- BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
- gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
- MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
- BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
- gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
- MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
- BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
- gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
- MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
- BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
- gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
- MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
- BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
- gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
- MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
- BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
- gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
- MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
- BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
- gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
- MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
- BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
- gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
- MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
- BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
- gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
- MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
- BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
- gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
- MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
- BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
- gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
- MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
- BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
- gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
- MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
- BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
- gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
- MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
- BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
- gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
- MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
- BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
- gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
- MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
- BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
- gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
- MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
- BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
- gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
- MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
- BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
- gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
- MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
- BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
- gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
- MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
- BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
- gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
- MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
- BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
- gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
- MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
- BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
- gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
- MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
- BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
- gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
- MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
- BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
- gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
- MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
- BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
- gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
- MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
- BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
- gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
- MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
- BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
- gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
- MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
- BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
- gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
- MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
- BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
- gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
- MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
- BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
- gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgy8DAyX5QABCmVuZHN0cmVhbQplbmRvYmoKMjQg
- MCBvYmoKNTYyMAplbmRvYmoKMjUgMCBvYmoKPDwgL0xlbmd0aCAyNiAwIFIgL1R5cGUg
- L1hPYmplY3QgL1N1YnR5cGUgL0ltYWdlIC9XaWR0aCAxNDQgL0hlaWdodCA4MCAvSW50
- ZXJwb2xhdGUKdHJ1ZSAvQ29sb3JTcGFjZSAzNSAwIFIgL0ludGVudCAvUGVyY2VwdHVh
- bCAvU01hc2sgNTAgMCBSIC9CaXRzUGVyQ29tcG9uZW50CjggL0ZpbHRlciAvRmxhdGVE
- ZWNvZGUgPj4Kc3RyZWFtCngB7dCBAAAAAMOg+VMf5IVQYcCAAQMGDBgwYMCAAQMGDBgw
- YMCAAQMGDBgwYMCAAQMGDBgwYMCAAQMGDBgwYMCAAQMGDBgwYMCAAQMGDBgwYMCAAQMG
- DBgwYMCAAQMGDBgwYMCAAQMGDBgwYMCAAQMGDBgwYMCAAQMGDBgwYMCAAQMGDBgwYMCA
- AQMGDBgwYMCAAQMGDBgwYMCAAQMGDBgwYMCAAQOPAwOHAAABCmVuZHN0cmVhbQplbmRv
- YmoKMjYgMCBvYmoKMTczCmVuZG9iagoxMyAwIG9iago8PCAvTGVuZ3RoIDE0IDAgUiAv
- VHlwZSAvWE9iamVjdCAvU3VidHlwZSAvSW1hZ2UgL1dpZHRoIDIyNCAvSGVpZ2h0IDky
- IC9JbnRlcnBvbGF0ZQp0cnVlIC9Db2xvclNwYWNlIDM1IDAgUiAvSW50ZW50IC9QZXJj
- ZXB0dWFsIC9TTWFzayA1MiAwIFIgL0JpdHNQZXJDb21wb25lbnQKOCAvRmlsdGVyIC9G
- bGF0ZURlY29kZSA+PgpzdHJlYW0KeAHt0DEBAAAAwqD1T20ND4hAYcCAAQMGDBgwYMCA
- AQMGDBgwYMCAAQMGDBgwYMCAAQMGDBgwYMCAAQMGDBgwYMCAAQMGDBgwYMCAAQMGDBgw
- YMCAAQMGDBgwYMCAAQMGDBgwYMCAAQMGDBgwYMCAAQMGDBgwYMCAAQMGDBgwYMCAAQMG
- DBgwYMCAAQMGDBgwYMCAAQMGDBgwYMCAAQMGDBgwYMCAAQMGDBgwYMCAAQMGDBgwYMCA
- AQMGDBgwYMCAAQMGDBgwYMCAAQMGDBgwYMCAAQMGDBgwYMCAAQMGDBgwYMCAAQMGDBgw
- YMCAAQMGDBgwYMCAAQMGDBgwYMCAAQMGDBgwYMCAAQMGDBgwYMCAAQMGDBgwYMCAAQMG
- DLwPDPGAAAEKZW5kc3RyZWFtCmVuZG9iagoxNCAwIG9iagoyOTMKZW5kb2JqCjIxIDAg
- b2JqCjw8IC9MZW5ndGggMjIgMCBSIC9UeXBlIC9YT2JqZWN0IC9TdWJ0eXBlIC9JbWFn
- ZSAvV2lkdGggMTcyIC9IZWlnaHQgMTI4IC9JbnRlcnBvbGF0ZQp0cnVlIC9Db2xvclNw
- YWNlIDM1IDAgUiAvSW50ZW50IC9QZXJjZXB0dWFsIC9TTWFzayA1NCAwIFIgL0JpdHNQ
- ZXJDb21wb25lbnQKOCAvRmlsdGVyIC9GbGF0ZURlY29kZSA+PgpzdHJlYW0KeAHt0IEA
- AAAAw6D5Ux/khVBhwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIAB
- AwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBg
- wIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYM
- GDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIAB
- AwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBg
- wIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMvA8MAg8AAQpl
- bmRzdHJlYW0KZW5kb2JqCjIyIDAgb2JqCjMxMAplbmRvYmoKMTkgMCBvYmoKPDwgL0xl
- bmd0aCAyMCAwIFIgL1R5cGUgL1hPYmplY3QgL1N1YnR5cGUgL0ltYWdlIC9XaWR0aCAz
- NDYgL0hlaWdodCA3MiAvSW50ZXJwb2xhdGUKdHJ1ZSAvQ29sb3JTcGFjZSAzNSAwIFIg
- L0ludGVudCAvUGVyY2VwdHVhbCAvU01hc2sgNTYgMCBSIC9CaXRzUGVyQ29tcG9uZW50
- CjggL0ZpbHRlciAvRmxhdGVEZWNvZGUgPj4Kc3RyZWFtCngB7dABDQAAAMKg909tDjeI
- QGHAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
- BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
- gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
- MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
- BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
- gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
- MGDAgAEDBgwYMGDAgAEDBgwYMPA0MCP/AAEKZW5kc3RyZWFtCmVuZG9iagoyMCAwIG9i
- agozNDkKZW5kb2JqCjU0IDAgb2JqCjw8IC9MZW5ndGggNTUgMCBSIC9UeXBlIC9YT2Jq
- ZWN0IC9TdWJ0eXBlIC9JbWFnZSAvV2lkdGggMTcyIC9IZWlnaHQgMTI4IC9Db2xvclNw
- YWNlCi9EZXZpY2VHcmF5IC9JbnRlcnBvbGF0ZSB0cnVlIC9CaXRzUGVyQ29tcG9uZW50
- IDggL0ZpbHRlciAvRmxhdGVEZWNvZGUgPj4Kc3RyZWFtCngB7Zz7T1JvHMe9oMgdFEG5
- BB68ASGdxEipwMG8W2pZdNFZmAtDSReLZRecKYuVaem8TM1c2tScNmbOpfv+a9/Pwb5r
- Kp62s3HqfPe8f1KePT6vvficB9yez5OUhIIMIAPIwEkGkv9QTuKJ+zowpvxKKm35tWYK
- IMRFO/ziASfwsVhpfyQsFixOYP8ON0Z6gJnOZmcchENLfi7GZqeDIgD+De1P0rS0dMDk
- cLk8Ho/P5wtoCiwFC3K5nIwMgpeclkBNhXceQAGTLxAKRWKxhMaIxSKhUADEXMA9oD2h
- EGKo4JQgFQhFEklmllSanS2TyWmJTJadLZVmZUokIqGAoAW3UAjxYQmrhFSCVAycMnlO
- rkKhVKnUtESlUioUuTlyGfCKY7SgloA9/OzHfouhQqHy+EAKoECp1mi1eZiOpmB5Wq1G
- DcSAC7R8HlG28WGTiVplc0CqJEuWowBOTFdQWFSs1xsMxoTHYNDri4sKC3QY8CpyZFkS
- UMthE0/YcbGgFVAzeAKRRCpXqLVYfqHecNpkNuM4fpaGwDJms+m0QV+Yj2nVCrlUIhKA
- 2TRWnCoArfBYcWOoSg1WUGw0mfHSsnPW8gqILcEh1ii3nisrxc0mY3EBplHGYLnwgMUR
- mwxaM7h8oUSao9ToiowluMVabrtod1Q6nU5XwgOLVDrsF23lVgteYizSaZQ5UomQz80A
- sUeL4EArD1DlSm2+3oRbztvsla6qmtr6hsbLNKSxob62pspVabedt+Amfb6WMCvkxRNL
- sEIFiAFVk683l1ovOJzVdY1XWq62XnfTkuutV1uuNNZVOx0XrKVmfT5RBmIBiD1WBFAC
- 6Rk8YaZModHpSywVdldtQ/M19+229o57Hk9nwuPx3Otob7vtvtbcUOuyV1hK9DqNQpZJ
- iD1WBMkpsF+B1hw1VmQqrXBU1Te13mzr8HR5H/p6ev0JT2+P76G3y9PRdrO1qb7KUVFq
- KsLUOSAW9q2jBUuUAFSrTKEtMOJWe1VDi/vO3ften7//ceBJkIY8CTzu9/u89+/ecbc0
- VNmtuLFAq5ARFQtFcPijK8YqypKrseISywUXoLZ7vD19geDA8xehQRoSevF8IBjo6/F6
- 2gHWdcFSUoyp5VmiuKzpHL5YmqvJN+LnHbVN7vbObn8g+Dw0NBx+HaEhr8PDQ6HnwYC/
- u7Pd3VTrOI8b8zW5UjGfk37MKyudIyBKoNBksTkbW+94uh8FBkKvwpG378be05Cxd28j
- 4VehgcCjbs+d1kanzWIqJIpAwIGH60gNsNhcYaZchRWbrZeqm2/efeAPDAyOREbHJyan
- p2cSnunpyYnx0cjI4EDA/+DuzebqS1ZzMaaSZwq57DisPCGUq86Al1fWXWu77wPU8Jux
- ianZuYWPiwnPx4W52amJsTdhgPXdb7tWV1mOG3RQsEJeHFbYBqS5pwpOl0IJuDu8fcGX
- I2/GJ2fmF5c+L68kPMuflxbnZybH34y8DPZ5O9xQBKWnC07lSmEjOOYVtiyRlCjXsotV
- V255fIFnQ5GxydmFT8tfVtfWE5611S/LnxZmJ8ciQ88CPs+tK1UXy4iClRIbwdF6BVYx
- sBaZrfaalrYufzAUHp2YWVhaWVvf2NxKeDY31tdWlhZmJkbDoaC/q62lxm41FwGrOC4r
- X5ytyINHy1F7td3b/3QoMj41D6gbW9+iNOTb1gbAzk+NR4ae9nvbr9Y64OHKU2SL+fG8
- 8iXZSkx/pryyvrWj+/Gz4bcfZheXVze2otvfdxKe79vRrY3V5cXZD2+Hnz3u7mitryw/
- o8eU2ZITWGUqTI9XOBuu3/MFXoRHJ+eWvnzdjG7v7NKQne3o5tcvS3OTo+EXAd+96w3O
- ClyPqWQns8KWBaw3PD1PQq/fTS18Xt34Bqg/9hKeH7s72982Vj8vTL17HXrS47lBsBp0
- v2VtdHt6g4OR8emPy2ub0e+Aup/w7P3Y/R7dXFv+OD0eGQz2emDTOokVvhJm8CUyVcxr
- HNZ/Epx9ctZD/8Ukp6bB1wH42DKetbkuuzv94PX9zOLK+lZ0Z3dvP8Gk8Of393Z3olvr
- K4sz78Grv9N92WU7a4QPLvhCkJaKWKm+A8grVXPk85BXcj9UR5FXqubI5yGv5H6ojiKv
- VM2Rz0Neyf1QHUVeqZojn4e8kvuhOoq8UjVHPg95JfdDdRR5pWqOfB7ySu6H6ijyStUc
- +TzkldwP1VHklao58nnIK7kfqqPIK1Vz5POQV3I/VEeRV6rmyOchr+R+qI4ir1TNkc9D
- Xsn9UB1FXqmaI5+HvJL7oTr6f/XKoLM5Sb9h/ZvOPB1iZchZMuac0WPQ2UcGnSll0lld
- 5pyBZjHobDmLzaAz+0zqhWBQj0kqg3p3iP4txvREMafXjEk9fMzqjWRSzynRIs2MXt4k
- BvVIAyuTes+Z09NPiGXKXQnASlQBM+6gOIBlxt0eSUy6M+UAlhl30STFYGM35/z9d/xA
- 1/TPG4mIK57+8ruTiBbvGG0KE+6kijWkM+aurxjtf8hATX9+EaCfkAFkABk4auBfMK1R
- rQplbmRzdHJlYW0KZW5kb2JqCjU1IDAgb2JqCjE5MDUKZW5kb2JqCjQwIDAgb2JqCjw8
- IC9MZW5ndGggNDEgMCBSIC9UeXBlIC9YT2JqZWN0IC9TdWJ0eXBlIC9JbWFnZSAvV2lk
- dGggMzMyIC9IZWlnaHQgOTIgL0NvbG9yU3BhY2UKL0RldmljZUdyYXkgL0ludGVycG9s
- YXRlIHRydWUgL0JpdHNQZXJDb21wb25lbnQgOCAvRmlsdGVyIC9GbGF0ZURlY29kZSA+
- PgpzdHJlYW0KeAHtnftPWtkWx31NRV6CgigPBREoqAP4LlpDxWhw4BJb0dYaouWGjFZk
- QupjSoYpM61Go1Nq67OtGANDirXqOPW2dW7uv3bXBrVFHvbY/tSzvz+hxmP2x7X22mef
- tb8nIwMLE8AEMAFMABPABL5VAplYpwQu+j+GC2R9VDbJ9ZFEFoAhwvSYY3Z2Tk7Od1in
- BABHdjbC+rk8Y/EIGOESl3Jzcykx5ZFYxwgAxiWAAkBjPM8LzyjJ7BhHCiWPSqXRaHQQ
- g9RCBAAElZpHocR4IpznJDtCiUheQhxpdAaTycxnsdhYbBYrH2Aw6DTEE8ITBWdamKjc
- REkCSAZQZBcUcjgcblFREY/UAgBcAFFYwAaiDIQT0UShmTLPY0EJMYlIstiFnCJecQmf
- LxAIhSJSSygUCPj8kmJeEaeQzUI0UWxGQzMFzBOUeTRGPoDkFfMFIlGZWCwpl5Je5RKx
- uEwkEvCLeYAzn0FDoZkGZiaaKnMpVDqTVcDhlQhEZRJphUyuuKxUqpAqSano0JXKywq5
- rEIqKRMJSnicAhaTTqXkIpjJsxzCEqGk0ZlsICkslUjlCmVl1fdqjRZUQ2Kh8WvU31dV
- KhVyqaRUCDTZTDoNwUwxZUIFh/qN8pvD45dKKhTKKrW2pq6+semK7kTNJNPJuHVXmhrr
- 62q06iqlokJSygeYkOeQ5lDNk8yYkOGAkkrPL+AWC8VSuapaW9fQpLvaqr/WZgC1k1Zo
- 9G3X9K1XdU0NddpqlVwqFhZzC/IhzRHMJFmeiTI8DxIcoZQpgWRTc+s1Q0ensctkMpv/
- RWKZzSZTl7Gzw3CttbkJaCplCCakeR7K8kSWsbCkwVwJKOUqdW1ji97Q2WWyXL9h7e27
- SXL19VpvXLeYujoN+pbGWrVKDjBhzoxleQJMxJJCZbA4PEBZqanX6duN5u6evv4B2+DQ
- Hbvd/m/SCgZ/Z2jQNtDf19NtNrbrdfWaSoDJ47AYVEqyJIcUh8LDLODxxTKVpqGlrdN0
- vbffNmh3DI+MOp1jYy7SamzM6RwdGXbYB239vddNnW0tDRqVTMznFaDATJLkEJa5VAab
- U1IqVarrWwxGS88tm90x4vzJfW98corkmhy/5/7JOeKw2271WIyGlnq1UlpawmEzqLkQ
- mGcqeTTFUVgKJfLqWl2b0WK9PeS463JP/Ozx/vrAR3I9+NXr+XnC7brrGLpttRjbdLXV
- cokwGpiJSY5SPI/OgrCsUGkb9Z0W64B9eMw96fH6Hk7PzM6RXLMz0w99Xs+ke2zYPmC1
- dOobtaoKCEwWPS8xyTOzIMWZ7CKBWFFd19Ju6rltH3aN3/f+Pj03/8dj/5NFUuuJ//Ef
- 83PTv3vvj7uG7bd7TO0tddUKsaCIzYQkP7sqApZQeQqLRVKlplFv7L419KNr3ON7NLfg
- f7q0srq6ukZiwfBXlp76F+Ye+Tzjrh+HbnUb9Y0apVRUXAjVJ4ElWhHRWBx+mayqttlg
- ttocY4ByZt7/bGX9xcZGILBJYgUCGxsv1lee+ednAOaYw2Y1G5prq2RlfA4LWJ4tPlnZ
- MF2yuQKJQt3Q2tHdb7/rvu+bWVhcWnu5uRUMhkJ/klihUDC4tflybWlxYcZ3333X3t/d
- 0dqgVkgEXDZMmMlYMtg8oVSpbdJ39dgcrknvo/nF5eeBrVD4VSQS2SaxYPivwqGtwPPl
- xflH3kmXw9bTpW/SKqVCHpuRhGUOlJ4CnqiiskZnMPUNjrg9v835l59vBsOR1zu7u3uk
- 1u7uzutIOLj5fNk/95vHPTLYZzLoaiorRLAqoubmnFlgZuXkotJTKququ9ph6bc7J7zT
- C8/WA8Hw9pu9vw5Ir7/23myHg4H1ZwvT3gmnvd/ScbWuSlaKik8SlhRaPqdELK+ub+3s
- HnC4pnyz/pWXW+Ht3f2Dt4eHh/8hsWD4bw/2d7fDWy9X/LO+KZdjoLuztb5aLi7h5NMo
- CXEJZTyfwxcr1LAiumEbdnsezj9d3wxFdvb/Pnz3nvR6d/j3/k4ktLn+dP6hxz1suwGr
- IrVCzEcsvzub42hJxOVLLquh9FgHR+79Mr2w9GIr/Hrv4PD9h6Ojf0ito6MP7w8P9l6H
- t14sLUz/cm9k0ArFR31ZwueiRVEiSzqLKyhXaq60/WAdGh33zjxe3gi+2tl/++4D4vhf
- EguN/8O7t/s7r4Iby49nvOOjQ9Yf2q5olOUCLouelCXcQZYrtVDGe++MTjyY9a9uBCNv
- ICyPPoL8H8l0GkD/HEFgvokEN1b9sw8mRu/0QiHXAssidiqWQqkKseyzOycRy0AosvsJ
- S5JxPB5uDGeU5W4kFEAsJ512tCjSqqTC81iab9rHpnxzTzBLhPMsyydzvqkx+03zF7Ak
- Z1DGRg04P8YlZvlFoYBZfhG+uF/+uizjLk3CL4jkONoKprOLYnU8Se0hIb64IZ/DMu4J
- eSZsBcOWm0iqgm2iY5aLa5uhbXTbA8vLuAuT8AsoPujGZzu0ubZ4WsdrVFIRbLrBZjBm
- SSAmCLHEOZ6WLJEcz8Asv4RlfLPBOSzJPWN+3TURZon2NqL34/i+J20Gn/fDrx2XcL3z
- /uS3+XMYOOii9+N4z+3TqDjL8nP33PBe8KcU4XMM5ElcEtgLxs8oTtHFfyD+jAI/O0PM
- korwszP8TDfNk2tCz3RzcK9Bym4Kor0GuAcmbZ8PsR4Y3JuVuv2MYG8W9F/insEUfZFE
- ewZxL2vqZl3Cvay4xzplFznBHmvc+5/mbAPB3n98JiXdoRuiZ1LwWak058EInpVCh1Lw
- Gb4UZxUJneHLwGdL0x2fJXS2NAOfeU55ppvwmWd8Fj+l18AFzuJHXWCwR0RSNwxiHhEo
- ybF3SXKDFqLeJcASe+oktw0i7qmTgb2eEo2sLuj1BIGJPciSG60R9yBDWY698RL8/y7k
- jYcCE2BeomDPxkSLSqKejacwsZfoGedU4l6iGQgmzJkoNLHH7aemvhfwuAWYsTwHmth7
- Od5wmrD3cgxm1MkavNWxJ/iJEfqFPMGhwRWFJipCMY917FUPHv0X9KqPdgvjdyicvjYh
- 7gPhdygc914f80QxCiL5qz2Qy/+JPvddFPE97CcxCr+NhQgkwYO/hQlgApgAJoAJYALf
- CIH/A4keoYwKZW5kc3RyZWFtCmVuZG9iago0MSAwIG9iagoyMzQ1CmVuZG9iagozNiAw
- IG9iago8PCAvTGVuZ3RoIDM3IDAgUiAvVHlwZSAvWE9iamVjdCAvU3VidHlwZSAvSW1h
- Z2UgL1dpZHRoIDEwMCAvSGVpZ2h0IDEwMCAvQ29sb3JTcGFjZQovRGV2aWNlR3JheSAv
- SW50ZXJwb2xhdGUgdHJ1ZSAvQml0c1BlckNvbXBvbmVudCA4IC9GaWx0ZXIgL0ZsYXRl
- RGVjb2RlID4+CnN0cmVhbQp4Ae2a+VNS+xvHta5rSqAoAiKyuCAYIV5JuS6FMmpwXcYV
- xxgueo3BNfNKloxrenHMpXFJS/OmmRhJmVt1p3/t+zzngFpxbbvH+c6dnh9Y1Dkv3+/3
- 8xzO+Xzw8/tRPxz4bzvgj3XmsIi3/6Zi78HPQv0Ehc8kzd//3+CQ/z0eOwAq0FP4GllA
- gj/4Pg6h4CwePjAoODg4JCQkFAqe4E1QIIJIzLdTkIAAPH5I6LlzYeHhNKLCw8POnQsF
- EHIQ861avAQAhMLhaefpDAYjgih4QT9PA1AoYL6d4iGAhBAE0BkRTGZUNMtT0VFMZgSD
- jpgQFPNNWjwuBYEEBEQyo1lsDjeWx+PFxcFDLJfDZkUzIxEDYrxaviYWjwjUEE4DBdEx
- HC6PHy8QicREiUSCeD6Py4mJBjVAAS1fKwURPwUEoks0kMBic3nxQlFCUrIkRSqDkqZI
- kpMSRMJ4HpfNAjE0dAwM+4rsAQHdFAg20egRTBYnli8QJ0qksgtyRZpSmZ6uVKYp5Bdk
- UkmiWMCP5bCYEXQaGEak8oUNRkYRFIwiCIIwIVmaejEtPUOVmaX+BUqdlanKSE+7mCpN
- ThASFJTi9esLQkFEQEAQJEGPiIrh8oUJEpk87WdVVnZu3hVNfoFWW5CvuZKXm52l+jlN
- LpMAhRsTFUGHVCB6nJXPQtAoIgpCBE8gTpbJlQDI02gLi3X6EqL0uuJCrSYPMEq5LFks
- 4IFhDBoRytkvmEdEBEDaiODyRUlSIKhzNdpifWl5ZXVNraGuzlBbU11ZXqov1mpy1UCR
- Jon4XA8ElXxOCBE3iYiJjRdLUhUqdV5+ka60oqau3mgymxuhzGaTsb6upqJUV5Sfp1Yp
- UiXi+NgYUgn28MkQomkhCxojis0TJKbI0zNzNIX68irDNVNDk8Xa0toG1dpitTQ1mK4Z
- qsr1hZqczHR5SqKAx45Cu2BQTo7kA4QwUabIUF/W6sqq6ozmJmtrR2dXt81265bN1t3V
- 2dFqbTIb66rKdNrL6gyFLFF4CDk5dzJvzILNEybJFKpsTVFJpcHYYGnpuGnruWPv6x+A
- 6u+z3+mx3exosTQYDZUlRZpslUKWBBC0C+bkJLdQRmDwuXAGMwYRaZdyCq6WVdebrzff
- +KOnt29weGTUQdToyPBgX2/PHzear5vrq8uuFuRcSkMIZBIOkJPcQhlBoWH0SFasIBEQ
- uVpdea2x0dre1WMfuPvn2PjE5DRRkxPjY3/eHbD3dLVbG4215TptLkASBbGsSHpYaNAJ
- QrxORbC48ZAFIPQVdaamlk6bfWDEMT45PTM7P/8Aan5+dmZ6ctwxMmC3dbY0meoq9ACB
- TOK5rIiT3fKHE2EwthSHL05RqHIQ8Zulret2/13HvemZuYXFR0vLj6GWlx4tLszNTN9z
- 3O2/3dVm+Q0hOSpFipjPweYKht7y3b+EUyFhdAhDJJFnZBfoENHe3Ts4Oj41M7+49Hjl
- yeraU6i11Scrj5cW52emxkcHe7vbEaIryM6QS0QQCT0MGvgfYvfIQKeSUtPVmqvlgOiw
- 2YccE/eBsLL6dH3D6dyEcjo31p+urgDl/oRjyG7rAEj5VY06PTXJ49Y/CcHAUQY7TixV
- ZF4uKqs1WdoRMTmzAIT1jU2X68WWG2rrhcu1ubEOlIWZSYS0W0y1ZUWXMxVScRzbK8TH
- qRGtgjQiWLHCZDmEUVJtbGrrtg+NTc0uLq+uO5+73O5X25565Xa7njvXV5cXZ6fGhuzd
- bU3G6hKIRJ4sjCVi920WWBWIMjj8BJlSrdFV1je2dPUOOabmHq6sPtt0AeD1zu7u7t4e
- POy83n7ldm0+W115ODflGOrtammsr9Rp1EpZAp+DQmBGfKR+JEMiV+UVlhnM1s7bg47J
- 2Ycraxsu98vtnd29/QNP7e/t7my/dLs21lYezk46Bm93Ws2GssI8lVxyJOQTs0irzjPZ
- hIx8fZXxerutf3RiZnFlzelyAwEAb96+ffvuHTy8OTjYB4rb5VxbWZyZGO23tV83Vunz
- CSFs5nloXx+dRVgVzojmCiCN3MLyOnNzl314/P7C8iqo2N7dQ8K7w0LK3i5ANlaXF+6P
- D9u7ms115YW5kIiAG80I92mW/xlMPJLFE6UosjS6KqPlRs+AY2p+6ckzEkES/iYKUUAh
- IM+eLM1POQZ6bliMVTpNliJFxGNF4hx+GggRByQen5ianq0tNaCMkXvg1Prm1vbOHimC
- JOCjB7KzvbW5Dm7dG0EhhlJtdnpqYjykTpj1cSDYVV6r8oorrjV1gIzp+SVw6uXrTxCH
- kNcvwa2l+WkQ0tF0raIYUj8yywcjFIaDtEpfbbLe7B0eRxnPIYx9wqgjFYdK9iGS5yhk
- fLj3ptVUrfeYFUELhe79iAFxBEEcMXEJMsKqhtbuvtHJOUIGOIVpf4gglRzs7RBC5iZH
- +7pbGwizZAlxMRBI0CeBEJGfxzguZEBX1f/e0TM4Nv3g8VPn1vbuwZtjiPfvvTD44ZuD
- 3e0t59PHD6bHBns6fq+Hzsq4gIFg934cOjLC6FEc7Ny84kqjpfOO1ypIA2R4D/weyvsa
- mutg77XXrDudFmMlGQgnih7mgwEnqzBGdKxQosi8oqsyWaGrJmYfQeO+3NkHhvewiDgG
- eXuwD2Y9e/JodgI6y2qq0l3JVMCoRzOAcfajs4n/2QBoK2/kNeZmjAO6yvniFST+oYxj
- jHdv9ndfvXBCZ2EgzeYab+gwhT4Y2LrAkKap83+tNbfa+mEAl9eIOA5lkCqOKQGzMJC1
- ZRjDflurufbXfHWaFKYQJ/1THYEh2LpiqVJdUGJoaAMGRP4h4wjhleJlQOjAaGswlBSo
- lVIxD87vJzBkyl+A0dh2CyYQ2moTpsMbx3GEB0Iw3JvYWI6BW22NwPhFKft/YFDsFfWZ
- n0bvnsIMnsa5BD8GqT8nUn5u94PPQao/o5BB/WctXolSfM1wGtc+p3MNh2ZRey3qdwrX
- 1H6ncW9wGvc4aBbV92poFl66U3rP+fl757+O7p3/+rZ7Z68QKtcAgIGrfKRbVK1lEJBj
- azKZX7Mmk/llazLAgLMvxWtLh25RuEaGQnBIyOVEitb6CLcOIdSsWfqhWzCJxPIuVWuv
- BITqNWS/01gLJ3PHTKhb00e3MBNfexOXjvYmLn3X3gRAiOB97LFcPNpjufh9eywEhOq9
- IhJC+EXdnhesc5ChQCqU7d0hhKRQuQd5RAEtVO2l4rqQRwuFe8JeCk4LdXvbJAWCOUPl
- Hj1SSM/wuwVUfdeApCCH/NYBsqCIt97f/Xj+4cB/1YH/AcZ8jSMKZW5kc3RyZWFtCmVu
- ZG9iagozNyAwIG9iagoyNDY5CmVuZG9iago0OCAwIG9iago8PCAvTGVuZ3RoIDQ5IDAg
- UiAvVHlwZSAvWE9iamVjdCAvU3VidHlwZSAvSW1hZ2UgL1dpZHRoIDcxOCAvSGVpZ2h0
- IDU5NiAvQ29sb3JTcGFjZQovRGV2aWNlR3JheSAvSW50ZXJwb2xhdGUgdHJ1ZSAvQml0
- c1BlckNvbXBvbmVudCA4IC9GaWx0ZXIgL0ZsYXRlRGVjb2RlID4+CnN0cmVhbQp4Ae2a
- +1cVZKKGS1DuV7nJRZCbbkARRVHUhDDyrpEmaZpGMmkoyURyMk1TI03zUo6YhZe8LC1T
- F5NOJ13nXzvfxmbNGcVp3vPLftes5/uh1Q+vq9fnffrWtze88AIHAhCAAAQgAAEIQAAC
- EIAABCAAAQj8JxF4kQMBRwLa/2ThbzDuHyeOAwETAv+wMjj670j9xOTQPj5+PAcCfgTi
- 4+Pj4qJe/6HRoy4/EXlCQkLik5PEgUDsCfxuY0LChAnhf7H434V+/g39u8vjx08IIicl
- J6ekpKSmpqZxIOBAILgYjExJTkpMTAhCj97Qz39wRGWOC++LoHIQOTUtPT0jMzOLAwEX
- ApmZGenp6WmpUaOD0KP383Pez6Myh3s56nJaekZWVvbEnJzc3Ly8fA4EDAjk5eXm5EzM
- zsrKiAodfH7y3hhb5+jNHL2Yoy5nBpPz8gsmFRYWFReXcCAQewLFxUWFhZMK8oPT2UHo
- lOS/X89j6Twqc3gwp6QGl4PKweOS0rKyKeUVHAg4ECgvn1JWOrmkqLAgP2diVnpauJ7D
- ayN8tzHGJ8EXo2/mhKRwMWdNzCsoDCaXV1RVT50WidTU1HIgEFsCNTWRSGRadXVlxZTS
- kqJJ+TlZGU90Dt9tPKtzuJqDzIkpaRlZOfmFJWXlldWRmrrp9fUNDQ2zOBCINYHg4cz6
- GXW1kalVFWUlRQW52ZlRnaMfBceyOS58AEwelbmotLxqWu30+obZc+Y2zW8OZwEHArEk
- EJVw/rymOY2zZs6oi1RXlBVPCjqnpyQlRN8azzw1XgxXc2JyanpWTkFRacXU2hkNjU3z
- Fyxa3NLa1ta2hAOB2BIIFr7c0rJoYXNT46z6ukhVWUnQOTw2wtP52cs5vJrD1ZwSZM4v
- KquMTG9onLdgceuS9qXLVqxctZoDgVgTWLVy5fJl7a+83LKoee6s+prqUZ3TU8PlPLbN
- 4Z2RGWQurYzUz25a2NL26vJVazpeX/9GJwcCsSewYf26jrWrVyx9pXXR/Mb6mqqy4oKc
- rPRwOcc/83AOD43o1ZydV1haEZnR2Lx4ybKVr63r3LR5y9Z3urre5UAgtgS6ut7Z9vaW
- TZ3rO1Yvb29ZMHdm0Lkof2Lmk8v5qYfzi+PCt3Phai4oKZ86fXZzS/uKtevf3Ly1q3vH
- +z27dvdyIBBbArt39by/40/vbtuy6Y2OVUtfXjinPlIxuTA3ejmHp8ZTNodnc/TVnFdY
- VlXb0LS4fWVH51vbtu/o6e37sH/vAAcCsSaw96P+vg927ezu2vLmutVLW5tnT6+eUpw/
- MWpz/Jg2Z0zMLymfNqNx4ZIg85auHbv29A/s23/g4CEOBGJN4OCnB/b910d9u3du37px
- 3ar2l5pmhst5Uk54ajz7cB4XNyEpNTNnUmllbcO8lmVrO7e8u7O3f2D/wcNHB48d50Ag
- 1gSODX5+5NCBj/v39HRv3dixoq15dl11WVFeVlpywvinPwaGD4FJadGHRvX0xgVtq9a/
- 1bXzg/59B48MHj956vRZDgRiTeD0qZNffnH00CcDfT3db3euaX9pbv208pL87PSUsWxO
- SE7Pzi8un1bf9NKrr7257b3e/n2HPj/+1Zlvzg0NXeBAILYEhob+cu7sqS8HPzsw0Pd+
- 16bXl7fOb6ipnFww+nB+9m5OSEkPz+aKmob5rcvXbd7eE2QePHH6m/Pffjd86TIHArEl
- cGn4+4tD586c/OLw/o9639u6YVXbgvDUKC3MyYh+qfHUb2qMiw9faeRMmlxVNzs8NDq3
- 7tgz8OnnJ86cu/D95avXrt/gQCC2BK5fu3pl+OL5sycHD+37c0/XxrXti+bMmFpWGD4G
- jmFz+IIuIyf6bJ6zqH3Nxq6e/k8OHz997tvhK9dv3rr9IwcCsSVw+9bNGz9cunj+zImj
- B/b2dm/uWNbSVB+ZUpSblTa2zZnB5qn1TYuXdmzu7h04OPjVNxeGr964/eOdu/c4EIgt
- gbt3frp989rli+dOHftsX9+Ot9evaJ0XvqMrDl9qJE545qUxPjE1M7dwSvgQ2LLs9S07
- +j4+fPzM+e+DzHfu3R/hQCDWBO7f+/nHmz8MD3194uj+/p5tG1a2NTfUVJTkZ6UljWlz
- Vm5ReWTm/NYV67fu/PCToye//vby9Vt37o388uAhBwKxJfDgl5H7P9++cSVczoOf7t3V
- 1bl6yYJZtZXRr+ieY3NecXmkoblt5Rvv9PQfGPzq3HdXb/50d+SXh79yIBBrAg8fjNy7
- c+va8NDp44cGerdvXPPKwtl1lZP/lc3hC7pg84auXXsPHjt1fvjarTv3g8y/PeJAILYE
- fvv1bw9G7t6+funC2S8Pf/xB96Y17Ysa66r+2OZVnV27Bw4dPzN06frtuyMPgsyPORCI
- LYFHv/368K/3frp55eLXJ47s29O9KXxF9zybwy+EJqZm5RWP3s1j2Pw/HAjEksDjx48E
- m+PGh1/TCD8KrJ21YMnqznd7w9189sLlGz/eG3n466PHsfx78N+GQCDw+NF//+2X+3fC
- 3fzNySP7+v701muvLmqcXl0afrSdnPDUr4S+iM04Y00Am63noZxEAJslXIStCWCz9TyU
- kwhgs4SLsDUBbLaeh3ISAWyWcBG2JoDN1vNQTiKAzRIuwtYEsNl6HspJBLBZwkXYmgA2
- W89DOYkANku4CFsTwGbreSgnEcBmCRdhawLYbD0P5SQC2CzhImxNAJut56GcRACbJVyE
- rQlgs/U8lJMIYLOEi7A1AWy2nodyEgFslnARtiaAzdbzUE4igM0SLsLWBLDZeh7KSQSw
- WcJF2JoANlvPQzmJADZLuAhbE8Bm63koJxHAZgkXYWsC2Gw9D+UkAtgs4SJsTQCbreeh
- nEQAmyVchK0JYLP1PJSTCGCzhIuwNQFstp6HchIBbJZwEbYmgM3W81BOIoDNEi7C1gSw
- 2XoeykkEsFnCRdiaADZbz0M5iQA2S7gIWxPAZut5KCcRwGYJF2FrAthsPQ/lJALYLOEi
- bE0Am63noZxEAJslXIStCWCz9TyUkwhgs4SLsDUBbLaeh3ISAWyWcBG2JoDN1vNQTiKA
- zRIuwtYEsNl6HspJBLBZwkXYmgA2W89DOYkANku4CFsTwGbreSgnEcBmCRdhawLYbD0P
- 5SQC2CzhImxNAJut56GcRACbJVyErQlgs/U8lJMIYLOEi7A1AWy2nodyEgFslnARtiaA
- zdbzUE4igM0SLsLWBLDZeh7KSQSwWcJF2JoANlvPQzmJADZLuAhbE8Bm63koJxHAZgkX
- YWsC2Gw9D+UkAtgs4SJsTQCbreehnEQAmyVchK0JYLP1PJSTCGCzhIuwNQFstp6HchIB
- bJZwEbYmgM3W81BOIoDNEi7C1gSw2XoeykkEsFnCRdiaADZbz0M5iQA2S7gIWxPAZut5
- KCcRwGYJF2FrAthsPQ/lJALYLOEibE0Am63noZxEAJslXIStCWCz9TyUkwhgs4SLsDUB
- bLaeh3ISAWyWcBG2JoDN1vNQTiKAzRIuwtYEsNl6HspJBLBZwkXYmgA2W89DOYkANku4
- CFsTwGbreSgnEcBmCRdhawLYbD0P5SQC2CzhImxNAJut56GcRACbJVyErQlgs/U8lJMI
- YLOEi7A1AWy2nodyEgFslnARtiaAzdbzUE4igM0SLsLWBLDZeh7KSQSwWcJF2JoANlvP
- QzmJADZLuAhbE8Bm63koJxHAZgkXYWsC2Gw9D+UkAtgs4SJsTQCbreehnEQAmyVchK0J
- YLP1PJSTCGCzhIuwNQFstp6HchIBbJZwEbYmgM3W81BOIoDNEi7C1gSw2XoeykkEsFnC
- RdiaADZbz0M5iQA2S7gIWxPAZut5KCcRwGYJF2FrAthsPQ/lJALYLOEibE0Am63noZxE
- AJslXIStCWCz9TyUkwhgs4SLsDUBbLaeh3ISAWyWcBG2JoDN1vNQTiKAzRIuwtYEsNl6
- HspJBLBZwkXYmgA2W89DOYkANku4CFsTwGbreSgnEcBmCRdhawLYbD0P5SQC2CzhImxN
- AJut56GcRACbJVyErQlgs/U8lJMIYLOEi7A1AWy2nodyEgFslnARtiaAzdbzUE4igM0S
- LsLWBLDZeh7KSQSwWcJF2JoANlvPQzmJADZLuAhbE8Bm63koJxHAZgkXYWsC2Gw9D+Uk
- Atgs4SJsTQCbreehnEQAmyVchK0JYLP1PJSTCGCzhIuwNQFstp6HchIBbJZwEbYmgM3W
- 81BOIoDNEi7C1gSw2XoeykkEsFnCRdiaADZbz0M5iQA2S7gIWxPAZut5KCcRwGYJF2Fr
- AthsPQ/lJALYLOEibE0Am63noZxEAJslXIStCWCz9TyUkwhgs4SLsDUBbLaeh3ISAWyW
- cBG2JoDN1vNQTiKAzRIuwtYEsNl6HspJBLBZwkXYmgA2W89DOYkANku4CFsTwGbreSgn
- EcBmCRdhawLYbD0P5SQC2CzhImxNAJut56GcRACbJVyErQlgs/U8lJMIYLOEi7A1AWy2
- nodyEgFslnARtiaAzdbzUE4igM0SLsLWBLDZeh7KSQSwWcJF2JoANlvPQzmJADZLuAhb
- E8Bm63koJxHAZgkXYWsC2Gw9D+UkAtgs4SJsTQCbreehnEQAmyVchK0JYLP1PJSTCGCz
- hIuwNQFstp6HchIBbJZwEbYmgM3W81BOIoDNEi7C1gSw2XoeykkEsFnCRdiaADZbz0M5
- iQA2S7gIWxPAZut5KCcRwGYJF2FrAthsPQ/lJALYLOEibE0Am63noZxEAJslXIStCWCz
- 9TyUkwhgs4SLsDUBbLaeh3ISAWyWcBG2JoDN1vNQTiKAzRIuwtYEsNl6HspJBLBZwkXY
- mgA2W89DOYkANku4CFsTwGbreSgnEcBmCRdhawLYbD0P5SQC2CzhImxNAJut56GcRACb
- JVyErQlgs/U8lJMIYLOEi7A1AWy2nodyEgFslnARtiaAzdbzUE4igM0SLsLWBLDZeh7K
- SQSwWcJF2JoANlvPQzmJADZLuAhbE8Bm63koJxHAZgkXYWsC2Gw9D+UkAtgs4SJsTQCb
- reehnEQAmyVchK0JYLP1PJSTCGCzhIuwNQFstp6HchIBbJZwEbYmgM3W81BOIoDNEi7C
- 1gSw2XoeykkEsFnCRdiaADZbz0M5iQA2S7gIWxPAZut5KCcRwGYJF2FrAthsPQ/lJALY
- LOEibE0Am63noZxEAJslXIStCWCz9TyUkwhgs4SLsDUBbLaeh3ISAWyWcBG2JoDN1vNQ
- TiKAzRIuwtYEsNl6HspJBLBZwkXYmgA2W89DOYkANku4CFsTwGbreSgnEcBmCRdhawLY
- bD0P5SQC2CzhImxNAJut56GcRACbJVyErQlgs/U8lJMIYLOEi7A1AWy2nodyEgFslnAR
- tiaAzdbzUE4igM0SLsLWBLDZeh7KSQSwWcJF2JoANlvPQzmJADZLuAhbE8Bm63koJxHA
- ZgkXYWsC2Gw9D+UkAtgs4SJsTQCbreehnEQAmyVchK0JYLP1PJSTCGCzhIuwNQFstp6H
- chIBbJZwEbYmgM3W81BOIoDNEi7C1gSw2XoeykkEsFnCRdiaADZbz0M5iQA2S7gIWxPA
- Zut5KCcRwGYJF2FrAthsPQ/lJALYLOEibE0Am63noZxEAJslXIStCWCz9TyUkwhgs4SL
- sDUBbLaeh3ISAWyWcBG2JoDN1vNQTiKAzRIuwtYEsNl6HspJBLBZwkXYmgA2W89DOYkA
- Nku4CFsTwGbreSgnEcBmCRdhawLYbD0P5SQC2CzhImxNAJut56GcRACbJVyErQlgs/U8
- lJMIYLOEi7A1AWy2nodyEgFslnARtiaAzdbzUE4igM0SLsLWBLDZeh7KSQSwWcJF2JoA
- NlvPQzmJADZLuAhbE8Bm63koJxHAZgkXYWsC2Gw9D+UkAtgs4SJsTQCbreehnEQAmyVc
- hK0JYLP1PJSTCGCzhIuwNQFstp6HchIBbJZwEbYmgM3W81BOIoDNEi7C1gSw2XoeykkE
- sFnCRdiaADZbz0M5iQA2S7gIWxPAZut5KCcRwGYJF2FrAthsPQ/lJALYLOEibE0Am63n
- oZxEAJslXIStCWCz9TyUkwhgs4SLsDUBbLaeh3ISAWyWcBG2JoDN1vNQTiKAzRIuwtYE
- sNl6HspJBLBZwkXYmgA2W89DOYkANku4CFsTwGbreSgnEcBmCRdhawLYbD0P5SQC2Czh
- ImxNAJut56GcRACbJVyErQlgs/U8lJMIYLOEi7A1AWy2nodyEgFslnARtiaAzdbzUE4i
- gM0SLsLWBLDZeh7KSQSwWcJF2JoANlvPQzmJADZLuAhbE8Bm63koJxHAZgkXYWsC2Gw9
- D+UkAtgs4SJsTQCbreehnEQAmyVchK0JYLP1PJSTCGCzhIuwNQFstp6HchIBbJZwEbYm
- gM3W81BOIoDNEi7C1gSw2XoeykkEsFnCRdiaADZbz0M5iQA2S7gIWxPAZut5KCcRwGYJ
- F2FrAthsPQ/lJALYLOEibE0Am63noZxEAJslXIStCWCz9TyUkwhgs4SLsDUBbLaeh3IS
- AWyWcBG2JoDN1vNQTiKAzRIuwtYEsNl6HspJBLBZwkXYmgA2W89DOYkANku4CFsTwGbr
- eSgnEcBmCRdhawLYbD0P5SQC2CzhImxNAJut56GcRACbJVyErQlgs/U8lJMIYLOEi7A1
- AWy2nodyEgFslnARtiaAzdbzUE4igM0SLsLWBLDZeh7KSQSwWcJF2JoANlvPQzmJADZL
- uAhbE8Bm63koJxHAZgkXYWsC2Gw9D+UkAtgs4SJsTQCbreehnEQAmyVchK0JYLP1PJST
- CGCzhIuwNQFstp6HchIBbJZwEbYmgM3W81BOIoDNEi7C1gSw2XoeykkEsFnCRdiaADZb
- z0M5iQA2S7gIWxPAZut5KCcRwGYJF2FrAthsPQ/lJALYLOEibE0Am63noZxEAJslXISt
- CWCz9TyUkwhgs4SLsDUBbLaeh3ISAWyWcBG2JoDN1vNQTiKAzRIuwtYEsNl6HspJBLBZ
- wkXYmgA2W89DOYkANku4CFsTwGbreSgnEcBmCRdhawLYbD0P5SQC2CzhImxNAJut56Gc
- RACbJVyErQlgs/U8lJMIYLOEi7A1AWy2nodyEgFslnARtiaAzdbzUE4igM0SLsLWBLDZ
- eh7KSQSwWcJF2JoANlvPQzmJADZLuAhbE8Bm63koJxHAZgkXYWsC2Gw9D+UkAtgs4SJs
- TQCbreehnEQAmyVchK0JYLP1PJSTCGCzhIuwNQFstp6HchIBbJZwEbYmINk8bnxialZe
- cUVNQ3Pbqs6u3QOHjp8ZunT99t2RB7/+9uix9V+Ucv/5BB4/fvTrw7/e++nmlYtfnziy
- b0/3prXtixrrqibnZ6cnTYh78YV/On9g82MOBGJK4NFv/0+bV27o2rX34LFT54ev3bpz
- /5eH4XLmQCC2BH779W8PRu7evn7pwtkvD3/8QfemNX98N5dHwktj5Rvv9PQfGPzq3HdX
- b/50dyTozIFArAk8fDBy786ta8NDp48fGujdvnHNKwtn11X+i5dGblF5ZOb81hXrt+78
- 8JOjJ7/+9vL1W3fujfzy4CEHArEl8OCXkfs/375x5eK5U4Of7t3V1bl6yYJZtZUlz303
- Z+YWTplW39Sy7PUtO/o+Pnz8zPnvr964fefe/REOBGJN4P69n3+8+cPw0Ncnju7v79m2
- YWVbc0NNRUl+VtqYnwJTMnMKy6bWNy1e2rG5u3fg4OBX31wYDjr/eOfuPQ4EYkvg7p2f
- bt+8djlczcc+29e34+31K1rnzYxUFOdlpSWO9Z1GSkawuXr6nEXtazZ29fR/cvj46XPf
- Dl+5fvPW7R85EIgtgdu3bt744dLF82dOHD2wt7d7c8eylqb6yJSi3GDz+Ge+oYtPTEnP
- mTS5qm72gvCF89YdewY+/fzEmXMXvr989dr1GxwIxJbA9WtXrwxfPH/25OChfX/u6doY
- vm6eM2NqWWFOZupYNiekpE/MLwk/Ppnfunzd5u09/fsODZ44/c35b78bvnSZA4HYErg0
- /P3FoXNnTn5xeP9Hve9t3bCqbcHsuurSwpyMlDFtTk7Pzi8uDx8DX3r1tTe3vdcbdP78
- +Fdnvjk3NHSBA4HYEhga+su5s6e+HPzswEDf+12bXl/eOr+hpnJywcT0YPO4p38WGD8h
- KS0rL/pwbgxPjfVvde38oH/fwSODx0+eOn2WA4FYEzh96uSXXxw99MlAX0/3251r2l+a
- Wz+tPPoFXUrCszbHTUhKzcyZVFpZ2zCvZdnazi3v7uztH9h/8PDRwWPHORCINYFjg58f
- OXTg4/49Pd1bN3asaGsOD42yovCVRvJYNo9PTMkID+fyaTMaFy5Z2dG5pWvHrj39A/v2
- Hzh4iAOBWBM4+OmBff/1Ud/undu3bly3qv2lpvD93ORJ4UNg0oT4Z14accHm9OhTo6q2
- oWlxe9D5rW3bd/T09n3Yv3eAA4FYE9j7UX/fB7t2dndteXPd6qWtzbOnV08pzh99NseP
- +6ffoHvhhRfHjU9ISsvMKSgpnzp9dnNL+4q169/cvLWre8f7Pbt293IgEFsCu3f1vL/j
- T+9u27LpjY5VS19eOKc+XM2FuVnRD4Fxz9ocPyFcztl5haUVkRmNzYuXLFv52rrOTZu3
- bH2nq+tdDgRiS6Cr651tb2/Z1Lm+Y/Xy9pYFc2fWVJUV5U8MD42EsWwOT43kcDnnF5VW
- RupnNy1saXt1+ao1Ha+vf6OTA4HYE9iwfl3H2tUrlr7Sumh+Y32QubggJ3o1P/tsDi+N
- uPHRyzkr6FxWGZne0DhvweLWJe1Ll61YuWo1BwKxJrBq5crly9pfebllUfPcWfU11WUl
- k3Kz059czU993Rx9OMeHyzk16FxQVFoxtXZGQ2PT/AWLFre0trW1LeFAILYEgoUvt7Qs
- Wtjc1Dirvi5SNSpzRlq4msNDYwybo5dzclpG9HYuLa+aVju9vmH2nLlN85vDWcCBQCwJ
- RCWcP69pTuOsmTPqItUVZcXhZs5MTwmv5vhxT38IjN7N4XJOSEwZ1bmwpKy8sjpSUze9
- vr6hoWEWBwKxJhA8nFk/o642MrWqoqykqCDInJaSlDg+foyrOapzXNA5KSUtPWtiXkFh
- SWlZeUVV9dRpkUhNTS0HArElUFMTiUSmVVdXVkwpLSmalJ+TFZ4ZSaPvjGcfGqOXc3hr
- hNs5NT0zOycvv7CoOBhdNqW8ggMBBwLl5VPKSieXFBUW5OdMzEp/InN4Zzzzao7+LCW8
- NeLGh8dGcrieM7MnBqELJhUGp4tLOBCIPYHi4qLCwkkF+Xm5OdlZGekpyYkJE6LvjOfY
- /ETnCYmjPmdkZQWjc3Jz8/LyORAwIJAXPM6ZmJ0VVE5LDa+MhPHPlzlczlGd46PXc/A5
- JTUtPT0jMzOLAwEXApmZGenpUZWTg8tPLuaxb+bRt0bQedTn8HxOTEoOSqekpqamcSDg
- QCC4GIyMmhxVOdzL0VfGmI/m338JKXo9B5/DBR0+EAalR08SBwKxJ/C7jQkJE4LKo2+M
- P5A5+lkw6vO4uLgnSoc/xoGAFYH4+NFbOaryv7qYf7+fg9CjRketDieIzYGABYEnRkb/
- +e+Z/HejR2/p8Ec4EHAj8H8c5V8hAAEIQAACEIAABCAAAQhAAAIQgMB/AoH/Bag8DQgK
- ZW5kc3RyZWFtCmVuZG9iago0OSAwIG9iago3MjQ1CmVuZG9iago1MCAwIG9iago8PCAv
- TGVuZ3RoIDUxIDAgUiAvVHlwZSAvWE9iamVjdCAvU3VidHlwZSAvSW1hZ2UgL1dpZHRo
- IDE0NCAvSGVpZ2h0IDgwIC9Db2xvclNwYWNlCi9EZXZpY2VHcmF5IC9JbnRlcnBvbGF0
- ZSB0cnVlIC9CaXRzUGVyQ29tcG9uZW50IDggL0ZpbHRlciAvRmxhdGVEZWNvZGUgPj4K
- c3RyZWFtCngB7ZrpTxprFMZdUGQHRVCWgoMbINKpWFS0QCDu1t1iq0ZFTbEo1UgkdSnG
- WiJxbSUucatxiVqihqgx1dx/7Z7B3jRVrPcm02Zu4vOJT+/8eM4577zznhMW9qAHBx4c
- +PMOhP9G/ad/AxwRPxSJq36sGwGP+RdY1yzAQCJF/TaRSPAADO0+pCDNNUo0mRxzLQpu
- +r4gmRwNfxWg7iH6ThMVFQ0oFCqVRqPR6XQGjoLlYFEqlRITgzH9mgjDiYQoAQyg0BlM
- JovN5uAsNpvFZDKAigpI10R3BC2IA95gNAwmi8OJjeNy4+N5PD5u4vHi47ncuFgOh8Vk
- YETgEQQtNBDmDmYORsMGFh4/IVEgEIpEYtwkEgkFgsQEPg+Y2EEisAgDClFoQRxIHBod
- aAAGSMQSqTQJkeEoJEkqlYiBCpCAiE7D0ig0UDiWO2QKmMOJ4yUIgAWRpaSmpcvlCoUS
- FykUcnl6WmqKDAEmQQIvjgMWUchYVt82COwBnBgag8Xh8gViKZKcKldkqNRqFEWf4CRY
- Sq1WZSjkqcmIVCzgczksBjgURQoRMbAHUpkaxBFKkJR0pUqNZmU/1ebmgXQ4CFsnV/s0
- OwtVq5TpKYhEGASiQlKHMCgc7Imh0pkcboJQIktTZqIaba6uQG8wmkwmMy6ChYwGfYEu
- V6tBM5VpMokwgcth0qkxYNDNgF3bQwMcvlCaLFehmhyd3mguLC4pK694jpMqystKigvN
- Rr0uR4Oq5MlSzCEmLZRBGA9Eiw04kmS5OkubbzAVlVZU1tTWN1hwU0N9bU1lRWmRyZCv
- zVLLk7GQsRlg0K2AQbiiY2jMWJ5AIpNnavL05pLy6jrLq+aW1nartQMXWa3trS3Nryx1
- 1eUlZn2eJlMukwh4sZhBtwIWHgG1DvYkiJE0VVaeobCsqr6xudXaZXtj7+l14KLeHvsb
- W5e1tbmxvqqs0JCXpUpDxAlgENT8zQTCwgXZwxNIU5SoVl9YXmNpauu02R39A85BF04a
- dA70O+y2zrYmS015oV6LKlOkAh6WQRCwn7foIA8rji9G0jM1+WbAabHaevqcrqGRUfcY
- TnKPjgy5nH09NmsLAJnzNZnpiJgfxwrJE02hs7mJkmQlmmMoqbK0dHQ7nK4R9/iEZ9KL
- kyY9E+PuEZfT0d3RYqkqMeSgymRJIpdNp0Tf8ocUTWFg4UpVaXSmivoma/db55D7g8c7
- PTv3CSfNzU57PR/cQ8633dam+gqTTqNKxQLGoEBC34gXiUxlxvJFSLpa+6yourHttcM5
- NPbROzO/4FtaWsZFS0u+hfkZ78exIafjdVtjddEzrTodEfFjmVRyCB4aE9JHpkBzjaV1
- zZ12wPFMzS0srqyub2zioo311ZXFhbkpDwDZO5vrSo25qEIGCcSkheCB8uImPkrJyIJw
- WVptfa73H6fmfctrm1vbO7u4aGd7a3Nt2Tc/9fG9q8/WaoGAZWWkPErkQoHd8gfKncXF
- 0ie7oLDypdXuHB73zvlW1r/s7O0fHOKig/29nS/rK7457/iw0259WVlYkI0lEBcrsJv5
- Azxs4ElTa/XFNc1dDpfbM7OwvL61e3DoPzrGRUf+w4PdrfXlhRmP2+Xoaq4p1mvVacDD
- DslDZ8cLkiCdDSW1Lbb+d+Pe+cU1wPEfnwRw0smxH4DWFue94+/6bS21JQZI6CRBPJse
- yh86J16IyB/nGsvqW7sHhiemP69s7uz7jwOnZ+e46Ow0cOzf39lc+Tw9MTzQ3VpfZsx9
- LEeE8Zw7eHgiRI7mmcob2u3OUc+Mb3Vr7+tR4PT8AiednwaOvu5trfpmPKNOe3tDuSkP
- lSMi3t08UO7A88LaM+ienF1c3973nwDOt0tc9O3i/PTEv7+9vjg76R7ssb7AeBSye3kq
- LNZe15h3fmlj5+AocAY4V7jo8tvFWeDoYGdjad475uq1QsHfxQPHjRg6hycK+hOC5y8c
- dPVrnp9OrOGRUfD6gu1Z+URnfm7pcIA/n5Y3dw+PA+cXl1c40MASV5cX54Hjw93N5U/g
- j6PD8tyse6KEDRpeYFGRDzz/Z38Ils9h9/D86Xr/iYdA+yGx3hcEe58S7LxBtPMYsc6r
- JIKd50lkgn3vEO17kGDfy5EEu0/A7n8Idd9CrPsoot3XEe8+k2j3vVi7gDj34WEE6xcA
- D9H6KcTqN2EGEakfBzxYxIjTr7wGIk4/N4xo/e5rIOLMA4QFgYITCsSYl4AOwvcJDmy0
- hQDzJFhLI0gUQZR5m2CThVDzSEGif7CA7Pfox1Mefj048ODAn3Pgb4RwH1IKZW5kc3Ry
- ZWFtCmVuZG9iago1MSAwIG9iagoxNzIwCmVuZG9iagozOCAwIG9iago8PCAvTGVuZ3Ro
- IDM5IDAgUiAvVHlwZSAvWE9iamVjdCAvU3VidHlwZSAvSW1hZ2UgL1dpZHRoIDE1OCAv
- SGVpZ2h0IDgwIC9Db2xvclNwYWNlCi9EZXZpY2VHcmF5IC9JbnRlcnBvbGF0ZSB0cnVl
- IC9CaXRzUGVyQ29tcG9uZW50IDggL0ZpbHRlciAvRmxhdGVEZWNvZGUgPj4Kc3RyZWFt
- CngB7Zr5T1pZFMddUGQHRVCWAR9ugEhfxaKiBQNRcam7xVaNippiUaqRSOpSjFUicW01
- LlG0xiVqjRqixlQz/9qch500VawzSV/nTeP3J36675PvOefeyz0nJORBDw48OPB7OBD6
- y/Sv/AKqsG8Kx1HfvhIGH/0HkNdkQEQiRfwikUjwOQz0PsAA2zVYJJkcdS0KTvq6PJkc
- CTYA4j18X9kiIiIBjEKl0mg0Op3OwE2wOHyCSqVERWGEP+bD4MIhnoAGYHQGk8liszm4
- is1mMZkMYKQC4DXfHeENwIFvGBuDyeJwomO43NhYHo+Pk3i82FguNyaaw2ExGRgf+Afh
- DY6HOYcZh7GxgYzHj4sXCIQikRgniURCgSA+js8DQnaAD+zD8IIUbwAOEo5GBzZAAy6x
- RCpNQGS4CUmQSiViYARA4KPTsPQLjheK5RyZAsZxYnhxAiBDZEnJKalyuUKhxEEKhVye
- mpKcJEOAUBDHi+GAfRQyVhu3zQPrAC6KxmBxuHyBWIokJssVaSq1GkXRx7gIFlarVWkK
- eXIiIhUL+FwOiwHuRZCCxBasg4KgBuCEEiQpValSoxmZT7TZOSDdTxe2arb2SWYGqlYp
- U5MQiTCAR4XSCGJeKFgXRaUzOdw4oUSWokxHNdpsXZ7ekG80Gk04CJbNN+jzdNlaDZqu
- TJFJhHFcDpNOjQLzbob22joawPGF0kS5CtVk6fT5poIic0lp2TNcVFZaYi4qMOXrdVka
- VCVPlGLuMWnBzMPoIK5sgJMkytUZ2lyDsbC4rLyqurbOgpPqaqurysuKC42GXG2GWp6I
- BZfNAPNuhRYCGxlFY0bzBBKZPF2TozeZSytrLC8bm5pbrdY2HGS1tjY3Nb601FSWmk36
- HE26XCYR8KIx826FNjQMdhOwLk6MpKgycgwFJRW19Y3N1g7ba3tXtwMHdXfZX9s6rM2N
- 9bUVJQWGnAxVCiKOA/NgV7mZeFhgIet4AmmSEtXqC0qrLA0t7Ta7o7fP2e/CRf3Ovl6H
- 3dbe0mCpKi3Qa1FlklTAwzIPQvv9cRGgY8XwxUhquibXBHBNVltXj9M1MDTsHsFF7uGh
- AZezp8tmbQI8U64mPRUR82NYQekiKXQ2N16SqESzDOYKS1Nbp8PpGnKPjnkmvLhowjM2
- 6h5yOR2dbU2WCrMhC1UmSuK5bDol8pZ3pEgKAwtsskqjM5bVNlg73zgH3O893qmZ2Q+4
- aHZmyut57x5wvum0NtSWGXUaVTIWWgYFyuJGZElkKjOaL0JS1dqnhZX1La8czoGRce/0
- 3PzC0tIyDlpaWpifm/aOjww4Ha9a6isLn2rVqYiIH82kkoPQ0ZiQdjIFmp1fXNPYbgc4
- z+Ts/OLKqm99Awet+1ZXFudnJz2AZ29vrCnOz0YVMkg8Ji0IHZQsN/6PpLQMCKyl2dbj
- ejc+ObewvLaxubW9g4O2tzY31pYX5ibH37l6bM0WCG1GWtIf8Vwo2lvewYbC4mJpl5lX
- UP7CancOjnpnF1Z8n7Z39/YPcND+3u72J9/Kwqx3dNBpt74oL8jLxBKPixXtzbwDOjbQ
- pai1+qKqxg6Hy+2Znl/2be7sHxweHeOgo8OD/Z1N3/L8tMftcnQ0VhXpteoUoGMHpaOz
- YwUJUBQGc3WTrfftqHducQ3gDo9P/Ljo5PgQ8NYW57yjb3ttTdVmA5RFgiCWTQ/mHZ0T
- K0Tkj7LzS2qbO/sGx6Y+rmxs7x0e+0/PznHQ2an/+HBve2Pl49TYYF9nc21JfvYjOSKM
- 5dxBxxMhcjTHWFrXancOe6YXVjd3Px/5T88vcNH5qf/o8+7m6sK0Z9hpb60rNeagckTE
- u5sONhSge27t6ndPzCz6tvYOTwDuyyUO+nJxfnpyuLflW5yZcPd3WZ9jdArZvXRlFmu3
- a8Q7t7S+vX/kPwO4Kxx0+eXizH+0v72+NOcdcXVbYUu5iw4uUFF0Dk8U8C4I3Z8/XVc/
- pvvu7h4aHgHHLBwVysc60zNLmwO8+7C8sXNw7D+/uLz66Wyw4NXlxbn/+GBnY/kDeOdo
- szwz6R4r4bCAgzYi/IHuR57/Pt4RuipC7qH7b3eU7+gIuxsT+SQj9C2A0DcoYt8+iXxz
- JxH6Xw+JTOh/jMT+t03ol4pwQr/yYO93BH4hI/LrIrFfZon+qk3sjgDWiCJqNyWE0J0o
- oCN2F4/IHVDMPOJ2j4EOiy1RO+/XeESdWggh9sTHNR5Rp2VCAniBaR4iThpBb+rrJBQ2
- Pka4KS2sdRbgCyPmhFugtUfg6cAA39+QwPkr9O2bD78eHHhw4P/twF9XGKfRCmVuZHN0
- cmVhbQplbmRvYmoKMzkgMCBvYmoKMTcyNwplbmRvYmoKNDIgMCBvYmoKPDwgL0xlbmd0
- aCA0MyAwIFIgL1R5cGUgL1hPYmplY3QgL1N1YnR5cGUgL0ltYWdlIC9XaWR0aCA4MCAv
- SGVpZ2h0IDgwIC9Db2xvclNwYWNlCi9EZXZpY2VHcmF5IC9JbnRlcnBvbGF0ZSB0cnVl
- IC9CaXRzUGVyQ29tcG9uZW50IDggL0ZpbHRlciAvRmxhdGVEZWNvZGUgPj4Kc3RyZWFt
- CngB7ZjpT1pZGIfFBZUdvIKgUCgKqIBLoUQjAatisFoi7kJFYwm5iStGa3BJDEpcQl1J
- tUaj1i22Lo1Gq84fN++56HQi6tjO/ej7AdDEJ7/leDnnREU9z3MC5CVAuTP/h0yhRIcn
- hpibHyiUP2ISsJiY2Ni4f01sbEwMYH8beQuLi6NS4xP+mXgqNS7uD5DIZwwIA1YijUan
- 0xkw8EajJSbEE0gk8qm2kTigETA6g8lisTkcLpfDYbNYTAY9jIwF2090/YtGZwCKy8Mw
- LBkG3nhcgDLohEiC+ASJYRwYpTNZHG4SxhcIRSJRaiq8CAV8LInLYTEREXJ8gmfkFawC
- jcHi8DB+iihNLJFKZTBSqUScJkrhYzwOoZEaF/vfnm9wNDqiCYSpYulLeYZCqYJRKjLk
- L6XiVKEAEem0hDDwUcu3OAaLi/GFaRKZXKHKUmtyiNGos1QKuUySJuRjXBbjCUACF59A
- Z7K5mCBVIktXZmly8nR6AzF6XV6OJkuZLpOkCjAum0lHIT6WIeBiIDvA8ZKFYqlcma3N
- 0xkKi4wmM4zJWFRo0OVps5VyqViYzENAatxjpVBucJwkvkgsU2Rq8/QFRnNJWbnVWlFh
- tZaXlZiNBfo8baZCJhbxkzg3wIcWNuBiqQk0JhtwErlSnasvNL6xWCtt1TW1dXW1NdW2
- SqvljbFQn6tWyiUAZDMhQ1g2DwDRSolPZLB5CKfS5BuMxZa3Nnt9k6OlxeVqaXE01dtt
- by3FRkO+RoWAPDYjkYjw3o5v3LK4yYDL1OoKTKVWW02js7Xd7cFhPO72Vmdjjc1aairQ
- aTMBmMxlhSO8VyAF5CXQYaEIxXKVVldotlTaG5xtbryju9fb1+ft7e7A3W3OBnulxVyo
- 06rkYiEsG3oCdHwfD8lDbjFBmkypAVx5VW2zy413efsHfUPDw0O+wX5vF+52NddWlQNQ
- o5SlCTDC8b0J3siD8KQKdX6BufxdnaPN0+kdGBod849PTIz7x0aHBrydnjZH3btyc0G+
- WiGFCB8UGB2N5HEwIYSXazBZquqc7Xh3v2/UH5iaCcLMTAX8o77+brzdWVdlMRlyIUIh
- xkGVREdHNILsQno8QapMqdUVlVbWOtrxnoHhscB0cG5hKRRaWpgLTgfGhgd68HZHbWVp
- kU6rlKUKCIH3GAa71LC89Oy8gmKrvbkN7/k44p8MzoeWV1ZhVpZD88FJ/8jHHryt2W4t
- LsjLTg8LpN7TCAXs0lhcPpKnN1psDS5P98DI+PTs4vLq+sYmzMb66vLi7PT4yEC3x9Vg
- sxj1SCCfy6KB4YiGKYTdpBSxPAvkVdQ4P3T2D/unZ0Mra5vbO3swO9ubayuh2Wn/cH/n
- B2dNBQjMkotTklAjMRE8FB+0AeVqdCCvsQ33+sYmZ0Nf1rd29w++wxzs726tfwnNTo75
- vHhbIwjUaaBiaAR4EYWg+JjIrirHYLbane6ugdFAcHFl/eveweHxCczx4cHe1/WVxWBg
- dKDL7bRbzYYcFTLMTIQA7xYcHQvx8QTIbmFJZX0r7h3yT88vr23tfTs6OT09Ozs9PTn6
- tre1tjw/7R/y4q31lSWFyDA0TIuP4KE66KykFEmG+lVRma2pvaN/NPAptLq5e3D04/T8
- /OLi/Pz0x9HB7uZq6FNgtL+jvclWVvRKnSFBAUYWArwEOhsTvlBooN1qh7t7cGxq7vP6
- 9v7hyen5z0uYn+enJ4f72+uf56bGBrvdjmpoWKN4IcTYUMjdggkeqkOZ89pktb/39Pr8
- MwsrGzsHxwh3dX19hYDHBzsbKwszfl+v573danqdo0SFPMYj6qhtgfjGg0urm3vfQd7l
- 1V8wV5cg8Pve5upScBwCbKklCnmUlywi6q2oc+F9wxNBiA94ZxeX14h3fXlxRvBCwYnh
- PtxVV0EULEp+WB/ZPMiPVL8k90HueiF1PUeR/P8GPJKfByQ/r8h+npL+vCf9+4jc78so
- kr/Po8jeb5C9H7oVSNZ+DXjEZpy0/SQ0Qup+FwkkdT9+65hJ0nkBeOEIyTrPICBESNp5
- KyoMhDMNSefBX0CSzqtRZJ+nCYVwGUHWeR+2hajl8O0GKfcRAPxFpJFwXxKWiDSSdJ+D
- gCAxGi6vSLpvQpvrWyQp92EIeIMEoaAUDfoE88RrpjAi4vXOdWLEuSXiD55/8ZzAbyTw
- N83zNFIKZW5kc3RyZWFtCmVuZG9iago0MyAwIG9iagoxNjM2CmVuZG9iago0NCAwIG9i
- ago8PCAvTGVuZ3RoIDQ1IDAgUiAvVHlwZSAvWE9iamVjdCAvU3VidHlwZSAvSW1hZ2Ug
- L1dpZHRoIDk0MiAvSGVpZ2h0IDEwNjUgL0NvbG9yU3BhY2UKL0RldmljZUdyYXkgL0lu
- dGVycG9sYXRlIHRydWUgL0JpdHNQZXJDb21wb25lbnQgOCAvRmlsdGVyIC9GbGF0ZURl
- Y29kZSA+PgpzdHJlYW0KeAHtnfd/FdW+hpUeSigJvRNAAqGEFqT3IlWUIqF3FKRrpAfp
- HQSl1yhVQEEE9Xzuv3a/a2bvnZ0QFEh2MuvNMz+c6z1HtvM+7zxOWWvWfPABGwQgAAEI
- QAACEIAABCAAAQhAAAIQgAAEUkfgQzYIVD2B1B3gAr9s9dSIbzXZIFDFBOLHYqn/G/5b
- RMC3ckQITK1Zs1at2m6rwwaBSBAIDsfi/6jlNvdvkVBhZ245DnpP/6hztaaJWqduvXr1
- 0tLq29aADQJVRsAdgYktLdzs0Ay2unXr1qkTCOzEDbStVs6GrpqqafUbNGyUnp7euHHj
- JmwQqBoCdvQlbXY4xrdGjRo1bNjQ/Sukfv20NFPXvDVtTVrnbDVR1slau3bdevUbNEpv
- 0rRZRmZmZvPmLdggUIUEmic2OxzDLSMjo1mzprY1adLYBDZ1A21N2sDZ6qGsyVqrdh1z
- 1VTNbN6yZes2bdu2a88GgSon0C7Y2rqtjdtat27VqqVtLZqbvxlmrtM2kDZUNjjJap9j
- P7Qzq8nasHHTzJat27bv0KlzVlbXrt3YIFC1BLoGW1Zs69KlS+fOnTp16tixg/1bpJ3p
- 27pVoK1Ja842bFA/LTjJhsZ6+gDpP3c7lLVBoyYZLVq369i5a/ce2b1yevfuwwaBqiXQ
- O9hywq1Xr149e2ZnZ/fo8VH37t26ZmV1MXXN27ZO2uaZGU7ZRoGxdiNrF8WiZ9gP7Tq4
- Xv1GTTJbtumY1T07p29u/4GD8vLyhrBBoGoI2NGXtA22bdCggbYNGNA/Nze3X9++fXrn
- 5PTqmd2je/euWV2ctG3bOGWbmbENGwSnWFVh7Tq4blrDJhkt23bqlt07d2De0OEjR48Z
- O44NAlVLYKzbxtg22m2jRo0cOWLE8OHDhg79eEje4EEDTd1+fXvn9DJpu2Z17tS+nRlr
- 59gmobC1a7unTmqjsXZqrVOvQXozk7V7Tu6goSPGjJ80Zer0GTPZIFC1BGa4bfr06dPc
- NnXqJ59MmTJl8qSJEyeMHzd2zOhRI0YMG2raDuyfa86asnaWNWPtFBsTtk54Rfyft4I+
- /Q0f1qhdt36jpi3amKwDhowcN3nazM/mzF+Qn7+QDQJVRCA/aVuwYMEXX8y3bd68uXPm
- fP7Z7Nmfzpo5Y/q0qVMmT5wwbqxZO+zjvEEDcvvm9DRjO3dwwmY0bWz3sPXqyvlqttZr
- 0DizdcduOQOGjpk0ffa8/CXLV65eu44NAlVNYK1ta9asWe22VStXrlixfNnSpUsWL1qY
- v2C+ufvZ7Jkzpn0yeeL4saNN2cEDzdjs7l07dzRhM5vZFbHz1V0Q61wP16hZJ61R05bt
- srJzPx4zZdbchctWf7lh05Zt29kgUPUEttm2devWLbZt3rxp48aNX29Y/9WX69auWb1y
- xbKlixflfzFvzuxZM6ZNmThuzMhhQwb1d8JmdWrftlWLjKZ2Byvma41adeunZ7Tu2L33
- oJGTZs5fvOrLjdsKdu7ZW8gGgSomsM9te23b47bdu3bt3Lljx3cFBd9s3751y+aNX6//
- at2a1SuWLVmUP3/O7JnO2NEjhg4eEArbrnXLzJivwQNin25P37ivZqtdCLfpnJ07dNz0
- uUtWb9hasKfw4OGjx9kgULUEjiW2o0ePHjly2LZDBw8cOPB9YeG+vXt279xR8O32bVs2
- fb1+3ZpVy5cs/GKuGTt5/BgTtn/fXh/ZCdYuiM3X2P2rxACs3bY2bNqifVbOwBGTZy9c
- tX77zsJDx06eOXf+AhsEqo7A+dj2g9vOue3s2TNnTp8+ferkyRPHjx0zeQ8e2F+4d8+u
- HQXbt242ZVcvX5I///NZ06aMHz18yMB+OdndOid8rSNy+2q22m1rh+598sZMm7fsq607
- 9x85ee7CxStXr7FBoEoJXA23K7Ht8uVLly5evPjTjz9euHD+h3Nnz5i4x83ag98X7t1t
- ym7Z+NXalUsXOmEnjRs5dFBu74SvNmNC4/Gw2ZrerFWnj/oNHT8zf/WmgsIjp89fvHbz
- dhEbBKJB4I7bbt++fcu2mzdvXL9+/drVK1cuX7r404ULP5w7c9qcPXxw/77dO77duml9
- IOxnM6ZMGD0sr3+f7G6d2rdu0axJI/e4qZb/T4dr1E5Lz7Db1v4jJs1esm777kMnz1++
- ceeXew8eskGgCgk8KLndv3//3r17d2375eefi4rumLsm7rUrVy5d/PHCubOnTzpj9+ws
- 2GbCrli8YM6sqRNHD8/r3zu7a6d2rcLbVzea4/ndq7M1s02XngNHTpmzfENB4bFzF28U
- 3Xv061M2CESGwBO3PX78+FfbHj16+PDBA5PXvC0qun3rpjl7+eKFH86ePnH00Pd7dxZs
- 3fjl6qX5cz+dNnHM8LzcnB5ZHe1xU5N0hdNrjdr10zPbZuUMGj1t/sqNOw+cunDtzr1f
- n/7+/A82CESAwPPY9izcfv/9999+s3+LPHHmPnr4wElbdMeUvWrGnrNT7KH9e3Zs37x+
- zfJF82ZPmzh62KB+vbp3bt+6ebP0huHdq89zJczWxs3N1rwx079YvWXP4TMXb959+PTZ
- i5ev2CBQ9QReJrY/3fYi2P744/nzZ8/M28DaRw8e3Lv7c9Gtm9euOGFPHD1QuOvbLRvW
- mq+fTp0weujAvnY53NZOr3b36h4Oe3w1HNjarmvvvLEz8tdu23v03JXb9x8/e/Hqr7/Z
- IBAhAn+FW/jvD1M4MPcPJ+1v7kT70Iwtun3zuhP2lJ1gdxdsNV8Xzp01ZdwIuxz+qIud
- XpumN0jz+2FTwtZxM/PXbS88dv5q0YOnz1/+9c//2CBQ1QT+KXuzf4mYu07cQFpz9ven
- T83Y+3d/vnPz2uWffjh94vD3e8zXNcvy58yYPGbYIHd6bdMyo7HNlXBjOZ5eDX9Ys45d
- Cbfv1icvtPX4+Wtm6x+v/v7f/7FBoKoJvOHfFgmHnbWm7Ms/XwTGPnHCFt26YSfYMyed
- r1vWr17yxexpE0YO6Z9jd6/2cDh+NfzGyX1R/h/M1gZNWpitQ8bNXGjn1uMXrhU9xNaq
- Pkr555dJ4DV5A21jyr548YedYp/8+uDeL3aCvXTh7InD+3d9s+nLFYvmzpwydpjdvWZ1
- aOOuhm3o1dMXc7C1zMOC/zKiBF7z1f6LUFl3jrVTrAn7+NEDO8Gar2dOHC7cuf3rNUsX
- uNNrXm6v7vawya6Gvb15xdaIHpbs1r8QeN1ZZ+zfobDPn/1mJ1jn68Xzp48d2Fuw5auV
- i+fOnDx66IDe9rDJPRt2N68+TmzC1n85KPifokygtLJxYd0JNvT15tWL504d2b9r+8a1
- S7+Y/cm44fawKat9a5vZZEM5Pj5rwtYoH5Ds238RKKmsO8HaGfZl3Nc7N678ePbEIXd6
- XbFwzvSJdjXcs2vH8OY1GHmN8iOlMvYNW//reOB/jziBEsLGTrChr4/u/3L7+qXzp4/a
- 6fXr1Uvm2dXwx/Zs2G5em7mzq5soUYYSEf6vsDXixyK79xYEkoVN8vXp44f3im5e+ens
- 8YN7CjatW+auhocN7P1R53axZ02+6Yqtb3Ew8LdEn0ApYYPr4efPntrjJnd6PXW4cIdd
- Ded/Pm38iEF9e3Sxkdfg0bBnumJr9A9E9vCtCCT5GpxfX73684U9bnrkTq8/njl2YNf2
- DasXBzev/exZU6vMJm4kx3T16GoYW9/qSOBv8oFASV9jj5vs9PrL7WsXz504uOfbjWuW
- zps5afQQe9bUobUbyfFs1jC2+nAYso9vTSBhrHs+/JedXp//9uTh3aIbl93V8Heb7eb1
- 0ymjP87t1a1jG5uG6NnAK7a+9XHA3+gDgYStwRSncDTn6a/3f7515YI9G9651W5eZ08Z
- O3SAPRq2kRzPdMVWHw5B9vEdCJTwNTi9Bg+bbl376azdvG5bvyL/s6n2aDjU1UZyPJrW
- hK3vcBzwt/pBINnX8OHw73Y1fOd6cPO6fcOqRZ9PGzd8YG87u7Zw05r80RVb/TgA2ct3
- IxAX1t29vnplc5ue2rNhu3k9ecieNdmjYRvJcbq29UtXbH23o4C/2w8CcVvd3Wv8avj+
- zzevXDh1eF/BxjWL506fMGJQn486+6Urtvpx9LGX70wgLmyg60sberWhHPes6Uhhwaa1
- S+bNmGjzJDzTFVvf+SjgD/hBIG6rO726Z8PPf3v84O6tqz+eOepGcpbOnzlxxOC+PTqH
- k4b9uHfFVj8OPfby3Qkk6+puXp+7Z0233aPh/Tu2BLqOdLq2C+b4e6Ertr77UcCf8IZA
- TNjYzat71uQeDZ899v3OLeuW2dk1pmv8yXCEX78Jdg1bvTny2NF3J5B0enXPmsJHwzaS
- c/z7nVu/DHTNC86unuiKre9+CPAn/CFQStcXNlHiXpHT9UCo66Tg7Jp4MhzxGf7Y6s+R
- x56+F4Hiq2H3rMl0vV9049K5Ewd2bf1q+fyZk0a6s6snumLrex0B/CGPCLxR122m66xi
- XYMp/pE+u2KrR4cdu/peBOJXw8G8pnDg1c6uP9jZ1XT9ws6ug2PjrqZrtF9Px9b3OgD4
- Qz4RKKXrc5sn8fPNyzFdwyfDwTQJ975rpHXFVp8OO/b1/Qj8m67hQE6fj8IX6KKtK7a+
- X//8Ka8IvFnXcCDHzRn2QFds9eqoY2ffm0AobOze1c1CjF0MJ3QNX08P12qK6DQJbH3v
- +vmDfhFI0tVmISZ0tXHXYM5w8L5rYmm1aOqKrX4dcuzt+xNI0jWc4//zTfdk2CYhLp03
- Y8IIW03C1mqylRCjuyw4tr5/+/xJzwgk6Ro7u9o0CZvVFOo6fGBOt462EqLpGtVPWmGr
- Z0ccu1sOAqGu9gpd8EqODeS4WU02Z9h0nTt9/LABOd1s4dLG7pNW0fwCHbaWo3z+qG8E
- 3qjr2iVzpo0bNqBX1w6tMqKrK7b6dsCxv+UgELO1+Ox6303xt/ddN6+1tZrGDe3fK6t9
- y4zYymrRe9KEreXonj/qHYFkXYNJiDFdv9u0ZvGcqWOH5vY0Xd0X6Ozt9OhNGcZW7w44
- drg8BErp6t7Ica+nFxbYSoifTx37ca59IyeyumJrearnz/pHoExdba0m03XhZ5+MGdIv
- u0u7lk3TIznDH1v9O97Y43IReE3Xe3eu/3TmiC1cumrh7Cmj8/pmd7HXXSM5wx9by9U8
- f9hDAmXoeu3H00f2ffv1SvtGjunao3PwiZzozfDHVg8PN3a5nARCX+Pvu7ql1UzXw3u/
- 2bBiwaeTRtnrrm6Gf+zzrlF6Moyt5SyeP+4jgdd0vX3VVvHfs339ii9mTRw5qI/N8A/n
- IEZrlgS2+niwsc/lJZDQ1X3i1S1caqv4nzq0Z7tbqmmi+0SOzUGM3iwJbC1v7/x5Lwkk
- 6/rHM1sW3HQ9eXD3Nlu3dMYEN2W4Q6u4rtG5FsZWL481drrcBErp6r6Rc/6krVtqL+QE
- U4a7tm8Vm9QUnVkS2Fru2vkBPwnEdQ2WBf/98YNfgqWabIa/mzIczkGM2qQmbPXzUGOv
- y0+gtK72uqu9kBNMGXZzEMNJTZGaJYGt5W+dX/CTQGirm+H/V/i6a9ENN8P/u02rF30e
- m9RkH2OO0jqI2OrnkcZel59AzNaErklThsNJTcEa/lGa1ISt5W+dX/CUQJKu7psbvwW6
- njm6r+DrVfmzJ4/Ki9wsCWz19EhjtyuAQCld7YtWd679lJjUNHJw1GZJYGsFlM5P+Erg
- NV3ta8w2BzGY1BTBWRLY6uuBxn5XBIHSuj666+YguklNtoZ/0iwJ9+n0qp8lga0V0Tm/
- 4S2BmK42wz/8XmRsUtOu+CyJXl0TS79U/SwJbPX2OGPHK4RAsq728fQnD92kpmCV4XCW
- RGLplwh8zwpbK6RyfsRfAiV1/f2Jm9RUPEvCLf0SrCURhbddsdXfw4w9ryACoa/BxfCf
- f9gcxJ9tleFwlkRs6ZeorCWBrRXUOD/jMYG4ruGkJlsU3BZWcys1xZZ+6RF8fi4C37PC
- Vo8PMna9ogiU0tWtg2grNbmlXz6dPKp42LWql/DH1ooqnN/xmEDi3vVvN6kpmCURLP2y
- fsWCWRNHDIrKy+nY6vExxq5XFIGYrcEa/k7XcNjVzZII15KIv5xexcOu2FpRhfM7PhN4
- Xdf4WhL2tUj7nlU0hl2x1edjjH2vMAKJa+FwlkSw9ItbS8J9fs5eTi/+4kZVDrtia4X1
- zQ95TSBZVxvHsWHXW5eDbzHb96zCL25U/bArtnp9iLHzFUeglK427GprScSHXUfbFzc6
- V/mwK7ZWXN38kucEQl+DtST+fP7b42DYNfieVfhyetWvCY6tnh9h7H4FEkjS9cXzxMvp
- 0Rl2xdYKLJuf8p1Asa4vXzx3w67Xg5fTgyX8Sw67Vsnrc9jq+wHG/lcggcS9a3yWhL3t
- GrycbsOuE0YEa4Jn2BL+VfUpZmytwK75Kd8JxGxNmiVRPOxqa4L3r+JhV2z1/QBj/yuS
- QOLkmvRyejjsGrztGht2rapFhrG1Irvmt7wnkKxrYtj1+Pc7N8eHXbu0q7pPMWOr98cX
- ASqUQCldS7ztGn6K2Q27Vs3rc9haoVXzY/4TKKFr8rCrLTLsdHXDrk0aptWpXflzELHV
- /8OLBBVMIPQ1/sWNcE3w2NuukxKLDNerU/lvu2JrBTfNzwkQKNY16W3XxCLDOUmfYq7c
- YVdsFTi4iFDBBBIXw+Gwa/Iiw8GnmLt2qJpvu2JrBRfNzwkQiNlaeth119Yv7VPM42zY
- Nat9y+DbrpV864qtAgcXESqaQOLk+k9wdg3fdi1eZLiqhl2xtaKL5vcUCBTr+tercNg1
- tsjwmsWfTx1jr89VybArtiocW2SocAKldE0Mu25cveiz2LBr80ofdsXWCu+ZH5QgkND1
- tUWGE992zazsYVdslTi0CJECAqGvycOuP505svebDbZq6aSRtmpppzaZ9j5OZQ67YmsK
- auYnNQgkdE1eZDh51dLWcV0radgVWzUOLFKkgEDxxXCga2zYdfc2+7arDbsOyOnavpKH
- XbE1BS3zkxoEYraWGHY9f/Kg+7arW7W08oddsVXjwCJFKggkTq427Br/tmt81dJpY4dW
- +scisTUVLfObIgSKdY0Nu7pVS4/v37HJhl0/CYZdK3XVUmwVOa6IkRICpXS1VUtvXDyX
- tGpp5X4sEltTUjI/KkMg9DV5HOfiGfu2q30scnalfywSW2UOK4KkhsDrugarlrph18r+
- WCS2pqZiflWHQELXNw27tnLDrpWxaim26hxVJEkNgcS9a9LbricP7d725bLgY5E27Noy
- I71SdMXW1DTMr+oQSNgavj739OHdW1eSPhbZv2elve2KrTpHFUlSRCBZVzfsWmUfi8TW
- FDXMzwoRKNY1GHaNfyxyxyZ7fS4Ydq2kj0Viq9BBRZRUESiha7Bq6Y2LZ5OGXWMfi0z1
- qqXYmqqC+V0pAqGvpYZd9wUfi6y8VUuxVeqYIkzKCJTQ1X0s8lr8Y5EzJ44Y2LtSVi3F
- 1pTVyw9LEUhcDMc+FnnXPhZ56nD4tuuE4eHHIlM9joOtUocUYVJGIGZridfnLpw8uDtY
- tdR9LLISxnGwNWX18sNaBBIn1/BjkeGqpScP7NyyrtI+FomtWocUaVJHIFnXpFVLd25e
- s3jO1DEf56Z+1VJsTV27/LIYgVK6JlYtdcOulbJqKbaKHVHESSGBZF1flPpY5ORRwcci
- g1VLU/X1OWxNYbn8tByB0NfkYVdbtXTft8WrliaWQfwwBesgYqvcAUWgVBJI6Fr69bkv
- 3LBrTjf7+lzqXp/D1lRWy2/LEUhcDCe9Pnfq0J5g1dLxw9yqpSl8fQ5b5Y4nAqWSQMzW
- 0sOuiVVLU/r6HLamslp+W49A4uQaX7XU3nYtXrU0GMdp2TS9ft3aKfi2K7bqHU8kSimB
- Yl0TH4sssWppj85tU/X1OWxNabP8uCCBUrq6YdcSq5a61+eCr8/VqFHBD4axVfBwIlJq
- CSR0jX0s8n7RdVu1tBJen8PW1BbLr0sSCH1NDLveK7qe/PpcTreO8WHXij25Yqvk0USo
- FBNI6Bofdg1fnwu/PjcwVV+fw9YU18rPSxIovhiOfyzyir0+tyt4fS51X5/DVsmDiVAp
- JpCw9bVVS8PX57Kz2qVgHAdbU1wrP69JIFnXpNfndtjrc+HX51IxjoOtmgcTqVJNoFjX
- +KqlNy4lf30uPo5Tke/jYGuqW+X3RQkk62qvz/36wMZxzoZfn/t08sjBfbp3auO+j1PH
- dK2o13GwVfRYIlbqCYS+JsZxbNi15DhOhb+Pg62pL5V/giqBhK7xcZxrP562ZRDDcZzi
- 93EqbMYwtqoeSeRKPYHExXDi9Tk3jrN767qlc6fZOI57H6dCJ/hja+o75Z+gSiBma+L1
- ueKvz9k4ztj4umppFfY+DraqHknkqgQCiZNr7PW5B7/cvHzu+Pc7Nq2xz1mNzuvbo3Ob
- 5k0bprknTRUxBxFbK6FT/hGyBIp1LTWOsyp/9pRR4YPhJsGDYWyVPQgI5guBhK72Ps6f
- No4Tfx9nw8oFsyaNGBT/Pk7tWhVxcuXc6sthwX5Gk0Cyrm7YNRzHKf4+Tnyhpop4MIyt
- 0TwG2Ct/CIS+umHXly+eua/P2fs4h3Zv+3LpvOmxB8PNKmjlF2z156hgTyNKIKFr7H2c
- WzaOc2BX8H2c4MFw2xZNG1XIg2FsjegRwG75Q6D4YjjQ9eEv4bpqwQR/92A4tvJL+acg
- Yqs/BwV7GlECCVuDcZzfnzz4+aZN8N9fsHH1wtmTYw+GK2RJcGyN6BHAbnlEoFjX2DhO
- 0Q03wf/br+3BcHwFf/cl5vI+acJWjw4KdjWqBBK6Fq+rZhP84w+GgxnD9qSp3Lpia1QP
- APbLJwIldA0eDF9LejCca0tJ2JOmci8Jjq0+HRPsa3QJhL7aOE7SQk3uw+n2JeaxQ/pl
- u6UkwimI5XjZFVuj2z975hOB4rNr+GDYfXDDzRiOfYnZlpLILPcURGz16YhgX6NLIGFr
- fIJ/8GC4sGDjqvxPJ410UxBbZZb3SRO2Rrd/9swrAsW6xh8M2wr+R/Z9s35F+GlXm4JY
- 3jlN2OrVEcHORphAQtdSD4a/WuamIOb2DJ40lWtOE7ZGuH52zS8CJXR1D4ZvXw2WBF8X
- vJtuT5rCr1m9/+s42OrXAcHeRppA6Gvxg+FbV86fOLBzs72bPsWmILonTeWa04StkW6f
- nfOMQAldnzx0S0m4KYixJ03dbBXE8jxpwlbPDgd2N9IE4raGM4aDT7uetW9FbnBPmoYP
- 6GXLqpXnSRO2Rrp8ds4zAolb138SS0kEUxC/Cl52zc3uErw9974rgmOrZ4cDuxttAgld
- gwfD4bvp9vE597Lr1DFD3NtzbpLEey78gq3RLp+9841Akq5uKYlHNqfp/IlgTlO4rJp9
- iPm9b12x1bejgf2NOoH4vWswY9g9aQq/ZrUyP3h7rjyTJLA16t2zf74RKD67vrJvRdqT
- Jjenae8365fPnzHeLeDvXsdxSwy/+5ql2OrbscD+Rp1AwtbiJ00/ng6WVXML+PezFcHf
- 99YVW6PePfvnHYGErvEnTbfdsmo7t6xZ7CZJ9OnesfV7jrpiq3fHAjsceQLFusZXQbz8
- w/H93wWTJEYMzInfur7zh12xNfLVs4P+ESipqy2r5tZp2vft+hXzZ44fFt66Bq+mv+Ot
- K7b6dyiwxx4QCH39x926uidNwYeY99iK4HODW9fYhOF3XVUNWz1onl30j0DcVtPVfW/D
- LeCfuHW1j1l1dBOG3/lLkdjq34HAHntAoPha2HQNJ0nEb13dmqXuO8zvPoyDrR40zy56
- SKBYV/ek6Yl92fWS3brGRl3dhOHmTRq+6wxEbPXwQGCXfSCQpGvyreu6pTZh2L3r+h4z
- ELHVh+LZRy8JxO9dS9y62qvpsyePHJTTLfby3LtMacJWL48DdtoHAnFb3ZOm8Nb13LHC
- AvvcxswJwTCOrTBc751mIGKrD7Wzj14SSLoWDm5d3ajrkb3bbVW19xzGwVYvjwN22gsC
- Sbq6W1f7bPqPpw7t2rLWZiCOGty7W4dwIYm3vxbGVi9qZyc9JRC/GA5Xkrh3273r6mYg
- zgrWfbG3cd7pWhhbPT0M2G0vCMRtdfP7nz0N33UNhnGmj7O3cd51ShO2elE6O+kpgaRr
- 4eDWNZiBuHvrusWfTxk9uHf38Fr4rV91xVZPDwN22w8CSbr++Ud8BqJ9yyr/04kjbA3E
- 4Fr4rb/CjK1+lM5eeksg8PUfN78/HMaxFYYLv7WFJOLXwuEqTW/1nUhs9fYoYMf9IFB8
- 6xofxrGvpsevhW2OxDvMF8ZWPypnL70lUOJa+Pdf79+5Zm/juGthey7cv6ebL2wrlr7d
- u3PY6u1RwI57QiChq5uB6JYsjV0L2xyJIW6+cEZ6/bq132rQFVs9qZzd9JhA7Nb177/C
- a+HrF08fds+FP5syMlj2xQZd3+7kiq0eHwTsuicEEreubiEJuxZ2b6bv2OjmCw/Nte9E
- Bh+ee5tFmrDVk8LZTY8JlHEtfHTf9q/s3Tm3BKINur7li+nY6vFBwK77QiBxcg2vhd0c
- CZsvvGbh7EkjBvTMij9o+s9RHGz1pXD202cCCV2Da2E3X/j4/oKvV7hB174fufWF69d9
- ixlN2OrzMcC++0Ig+VrYXnX95aa9O7dnm5uAaA+astq72f32oOm/Tq7Y6kvf7KfXBBIn
- V3ctbCuWBoOuG1ctmDl+aK6b3f9WJ1ds9foYYOf9IRD4+k/w0fTffg0GXfd9Yw+aPrHZ
- /W5G09ucXLHVn7rZU68JxM+uwXxh+/CcPWjaucXN7h8WjOK45YX/a4oEtnp9BLDz/hCI
- 22qfdQ0GXe1BU2HB+uXzpo3J6xNMF/7vO1ds9adu9tRzAsXXwjYB0R40nTm8e8vaRW4U
- J5wi8Z8nV2z1/Ahg9/0hED+7Jh40nfjejeJMG5vX16ZING30nydXbPWnbPbUcwJxW/9+
- 9ad9GufurUvhKE4wRaKLm3/4X2Ou2Or5EcDue0Qgrqt70PQkHMX5bqObIjHk7U6u2OpR
- 2eyq5wTitroHTeEozlE3ReKzyTb/8G1Ortjq+QHA7vtEIK5rOIpjywu7d3Hs5Govuro7
- 1/8ac8VWn8pmX30nENM1HMVxUySO7t2+bnH8zvW/JjRhq+/9s/8+EYifXP92S6rZF9MT
- J1d7cy6c0PRvMySw1aeu2Vf/CQS+2gqIbopEeHK1O1c7ufZ3Y67p9e0rVm+e24+t/vdP
- Ap8IxGxNOrm6x8I2oclmC7doaguq/cvJFVt9app99Z9A/FrYpkiEJ9cje7auXRTMFnYL
- qqXV+ZcX57DV//5J4BWBxMn1z+DO9cLJ7ws2LJ87dfSgnKx2zf99hgS2etU0O+s/geKT
- azDmeumszRZekz9r/NB+H3Vs5aYfvvlSGFv9r58EfhFInFxjE5pO7P92/dI5tohEL5sh
- 8a/PmbDVr6bZW/8JlDy53rxo77luXrVghpt+aIM4//acCVv9b58EnhFIOrk+vn/nyg/H
- 9m3/0gZxhvfPDp4z1a754RsGcbDVs6bZXf8JxE+ur14+tw8wX//plJt+OG/a6MGJ50zY
- 6n/LJFAh4HwNvhH5+6/3bPqhG8RZOGvCUFusNJgs/KbnTJxbVQ4AcnhEILwWdu+52vRD
- W/5wf4F7zmRv4rj5TDbk+oZLYWz1qGN2VYZA7OT68oW9OBc8Z9q06ovpY/N6d23fool7
- Kb3sS2FslTkACOIRgfjJ1QZxYs+Z1i2aPXForg25NrP35t5wKYytHlXMrsoQCG21uf32
- nOln9yZOwYZlbsjVvZRuQ65vuBTGVpkDgCAeEYjZanP73WThS271w9ULZtilsE3tf/Ol
- MLZ6VDG7qkMgfin8py3QdOfq+WOF7qX08FLYLSFR9qUwtuocACTxiEDiUviPp4+CS+Hv
- vl6euBROe8MECWz1qGF2VYhA/OQaXgq7qf2rY0+Fm9ulcNmvzWGr0AFAFI8IxE6ur9yl
- cNFVN/tw3eJPJ7gXccIJEmWN4WCrRwWzq0oEnK7Bii9u9mH8qXDwkQ17J73sG1dsVToA
- yOIRgZKXwmcO79q8an58rvAbxnCw1aN+2VUpAuHJNbgUvnPl3LG929YunDn+4/C1ubKn
- M2Gr1AFAGI8IJF0KF10P5gov+WzS8NzsTq2auRUkyrhxxVaP6mVXpQgkXwrbXOGDOzeu
- mPvJqHAFibJvXLFV6gAgjE8EYpfCL549Dl+bs+lM4cz+5o3LvnHFVp/qZV+lCMQvhd1r
- c1ftS+nb1y2yMZzgizhlv4eDrVL9E8YnAvFL4T9+C6YzfW8vuX4+OVjv5Q03rtjqU73s
- qxaB4OQazuwPXnK19V7+9cYVW7X6J41PBGI3rn8+e3z/9hVb7yV+42qrgJd544qtPrXL
- vmoRCC+F3UuuiRvXWW7E1T7lalOFX1/uBVu1+ieNVwRil8J/hK+kuxvXzyYNy+3RqZW9
- NVfGci/Y6lW77KwWgZI3rsGIq1tAonObjPSy5kdgq1b9pPGKQOzGNRxxdW/NuanC9vmq
- trbyYRkT+7HVq3bZWTECga5/BQtI2Jr9NlU4f+a4vD7Bci9lLM6ErWL1E8crAuGl8Eu7
- cbVlhU8UfvOle8c1Pj/itcdM2OpVueysGIH4jetvj+wLG7byoXvMNNw9ZrJ1Sl9/zISt
- YvUTxy8Cpus//wQrH8bmR8ydMtIt2Z9R1ms42OpXueytGIHg5GrvuLqJ/a89Zir90hy2
- irVPHL8IBLb+9edzW6c0eCN9Tb5bVbhr+zJnM2GrX+Wyt2IEwhtXe8zkvl51vPCbdYuC
- 2UztW7qFD0s/ZsJWsfaJ4xkBd+P69yt7DcctpWazmZaEa4C7j6TXwlbPymR3xQmEtrpV
- hd36ETu+XjZn8gj3kfSyXprj3Cp+MBAv4gScrfZQ+Jl9dtk+h7Nrk700N9Kt9lLW3ENs
- jXiZ7J44geDG1c1mir8090WwTGk497DUQ2FsFT8YiBd1Au7kGr40Z3MP97m5h2Pd3MOy
- Hgpja9TLZP/UCbjHTElzD//loTC2qh8L5Is6geCh8IsyHgrXLf1QGFuj3iX7p04gfMxk
- D4VvXDx9IOmh8OszhbFV/VggX9QJhLY+s2+kXzxz2C0BHnsh/fWZwtga9S7ZP3UCwWMm
- t5LarcvnjiReSG8TvJBe8qEwtqofC+SLPAE7uf710j7j6mYK79lqC/aPycvJapeZXr/0
- x3CwNfJdsoPqBNxjpti6h+6jy/HlIxo3qFOj5NxDbFU/FMgXeQLO1ldu+Yjr4fIRiXn9
- pRd7wdbId8kOqhMIbLUhnJ+L5/X3+6hjGWsKY6v6oUC+yBMwW8PlI278dOrAdxvii724
- NYW5Eo58e+xg9SLgHgrHF3uxNYWXx9/CeW3AlXNr9TowSBtBAqGtbsDV3sLZuenNA67Y
- GsH22KXqRSA+4BouzbR55bypsS+kl16vH1ur14FB2ggSiNmaeGcuXK+/jOkR2BrB9til
- 6kUgsPVluJDaUZse8cY3XLG1eh0YpI0gAWdrbHpE+HWNYNlD9xHXUpOZsDWC7bFL1YtA
- aKtb9vDq+WOFsclM4SKlNUpMFMbW6nVgkDaCBAJbg8lMbpHS7esWzhw3JPblKmyNYF/s
- UrUmEExmCj65HEw9jK0e0aJJg1JTDzm3VuvDhPCRIBDYGkw9vHBy/7dfLf50fPCdOWyN
- RDvsBASSCRTbGiwAvnj2hKH9und4faIw59Zkavw1BKqCgNlqUw8TX4V0y/WXOa0fW6ui
- Hf6ZEEgmENr6+6+/uGn99g3X2ROH5Zb1Eg62JlPjryFQFQTitt6Nv4RjtvYIXpkr+RIO
- tlZFO/wzIZBMIGGrfQrHVj0sfmWu1Bql2JpMjb+GQFUQSLbVfbjq80nDc3t0avXaC67Y
- WhXt8M+EQDIBNz0i+QXXzyePyM3u1KpZ6dfRsTWZGn8NgaogENoarCh8+lDJ19FLLB6B
- rVXRDv9MCCQTKGXrijlTwk+4cm5NpsRfQyASBIIr4WDxCHduTdjaqNTCTJxbI9EWO1G9
- CZitf7149jhc6iWwdUD4eXRGcKr3gUH6CBJwttq3NeKfR7cr4QHZnVs349wawa7YpepO
- oJStcwNb22SYrSVemeNKuLofKOSPAIHXbB05oGdnbI1AM+wCBEoTSNh6+ezhXZtWFn8T
- knNraVT8/xCoYgIlbN28cu4nIwdybq3iTvjHQ6BsAsm27rYFhbG1bE78txCoegJl2drF
- 3beWXPSQp0xVXxV7UO0JvGbrqIE9sbXaHxYAiCSBkraumvcJtkayJ3YKAv/3f9jKUQAB
- XwjEbL1/y0Zwdm/h3OpLb+xndSSArdWxdTL7SSDJ1iOcW/3skL2uLgRK22ofcOWZcHUp
- n5yeEXiDremMt3pWJLtbDQiEtj5xT5mCK+HYuRVbq0H3RPSNQNzW29jqW3Xsb7UjUIat
- vWwuE+fWanckEDj6BJytL589uX/78rn4lbDZmomt0a+OPax2BMzWvwNbr5w7smfLqvl2
- 34qt1e4oILAnBLDVk6LYTQj83//ZufW5XQlzbuVggEDkCZRtaxrvt0a+OXaw+hFItnX1
- /Kmjw/tWbK1+RwKJo0/gdVuz7Jkwtka/Ofaw+hHA1urXOYl9JYCtvjbHflc/Atha/Ton
- sa8EsNXX5tjv6kcAW6tf5yT2lQC2+toc+139CGBr9eucxL4SwFZfm2O/qx8BbK1+nZPY
- VwLY6mtz7Hf1I4Ct1a9zEvtKAFt9bY79rn4EsLX6dU5iXwkEtj6wt9GP7tmyev600YN6
- 8Q6Or12y3+oEsFW9YfLpEMBWnS5Jok4AW9UbJp8OAWzV6ZIk6gSwVb1h8ukQwFadLkmi
- TgBb1Rsmnw4BbNXpkiTqBLBVvWHy6RDAVp0uSaJOAFvVGyafDgFs1emSJOoEsFW9YfLp
- EMBWnS5Jok4AW9UbJp8OAWzV6ZIk6gSwVb1h8ukQwFadLkmiTgBb1Rsmnw4BbNXpkiTq
- BLBVvWHy6RDAVp0uSaJOAFvVGyafDgFs1emSJOoEsFW9YfLpEMBWnS5Jok4AW9UbJp8O
- AWzV6ZIk6gSwVb1h8ukQwFadLkmiTgBb1Rsmnw4BbNXpkiTqBLBVvWHy6RDAVp0uSaJO
- AFvVGyafDgFs1emSJOoEsFW9YfLpEMBWnS5Jok4AW9UbJp8OAWzV6ZIk6gSwVb1h8ukQ
- wFadLkmiTgBb1Rsmnw4BbNXpkiTqBLBVvWHy6RDAVp0uSaJOAFvVGyafDgFs1emSJOoE
- sFW9YfLpEMBWnS5Jok4AW9UbJp8OAWzV6ZIk6gSwVb1h8ukQwFadLkmiTgBb1Rsmnw4B
- bNXpkiTqBLBVvWHy6RDAVp0uSaJOAFvVGyafDgFs1emSJOoEsFW9YfLpEMBWnS5Jok4A
- W9UbJp8OAWzV6ZIk6gSwVb1h8ukQwFadLkmiTgBb1Rsmnw4BbNXpkiTqBLBVvWHy6RDA
- Vp0uSaJOAFvVGyafDgFs1emSJOoEsFW9YfLpEMBWnS5Jok4AW9UbJp8OAWzV6ZIk6gSw
- Vb1h8ukQwFadLkmiTgBb1Rsmnw4BbNXpkiTqBLBVvWHy6RDAVp0uSaJOAFvVGyafDgFs
- 1emSJOoEsFW9YfLpEMBWnS5Jok4AW9UbJp8OAWzV6ZIk6gSwVb1h8ukQwFadLkmiTgBb
- 1Rsmnw4BbNXpkiTqBLBVvWHy6RDAVp0uSaJOAFvVGyafDgFs1emSJOoEsFW9YfLpEMBW
- nS5Jok4AW9UbJp8OAWzV6ZIk6gSwVb1h8ukQwFadLkmiTgBb1Rsmnw4BbNXpkiTqBLBV
- vWHy6RDAVp0uSaJOAFvVGyafDgFs1emSJOoEsFW9YfLpEMBWnS5Jok4AW9UbJp8OAWzV
- 6ZIk6gSwVb1h8ukQwFadLkmiTgBb1Rsmnw4BbNXpkiTqBLBVvWHy6RDAVp0uSaJOAFvV
- GyafDgFs1emSJOoEsFW9YfLpEMBWnS5Jok4AW9UbJp8OAWzV6ZIk6gSwVb1h8ukQwFad
- LkmiTgBb1Rsmnw4BbNXpkiTqBLBVvWHy6RDAVp0uSaJOAFvVGyafDgFs1emSJOoEsFW9
- YfLpEMBWnS5Jok4AW9UbJp8OAWzV6ZIk6gSwVb1h8ukQwFadLkmiTgBb1Rsmnw4BbNXp
- kiTqBLBVvWHy6RDAVp0uSaJOAFvVGyafDgFs1emSJOoEsFW9YfLpEMBWnS5Jok4AW9Ub
- Jp8OAWzV6ZIk6gSwVb1h8ukQwFadLkmiTgBb1Rsmnw4BbNXpkiTqBLBVvWHy6RDAVp0u
- SaJOAFvVGyafDgFs1emSJOoEsFW9YfLpEMBWnS5Jok4AW9UbJp8OAWzV6ZIk6gSwVb1h
- 8ukQwFadLkmiTgBb1Rsmnw4BbNXpkiTqBLBVvWHy6RDAVp0uSaJOAFvVGyafDgFs1emS
- JOoEsFW9YfLpEMBWnS5Jok4AW9UbJp8OAWzV6ZIk6gSwVb1h8ukQwFadLkmiTgBb1Rsm
- nw4BbNXpkiTqBLBVvWHy6RDAVp0uSaJOAFvVGyafDgFs1emSJOoEsFW9YfLpEMBWnS5J
- ok4AW9UbJp8OAWzV6ZIk6gSwVb1h8ukQwFadLkmiTgBb1Rsmnw4BbNXpkiTqBLBVvWHy
- 6RDAVp0uSaJOAFvVGyafDgFs1emSJOoEsFW9YfLpEMBWnS5Jok4AW9UbJp8OAWzV6ZIk
- 6gSwVb1h8ukQwFadLkmiTgBb1Rsmnw4BbNXpkiTqBLBVvWHy6RDAVp0uSaJOAFvVGyaf
- DgFs1emSJOoEsFW9YfLpEMBWnS5Jok4AW9UbJp8OAWzV6ZIk6gSwVb1h8ukQwFadLkmi
- TgBb1Rsmnw4BbNXpkiTqBLBVvWHy6RDAVp0uSaJOAFvVGyafDgFs1emSJOoEsFW9YfLp
- EMBWnS5Jok4AW9UbJp8OAWzV6ZIk6gSwVb1h8ukQwFadLkmiTgBb1Rsmnw4BbNXpkiTq
- BLBVvWHy6RDAVp0uSaJOAFvVGyafDgFs1emSJOoEsFW9YfLpEMBWnS5Jok4AW9UbJp8O
- AWzV6ZIk6gSwVb1h8ukQwFadLkmiTgBb1Rsmnw4BbNXpkiTqBLBVvWHy6RDAVp0uSaJO
- AFvVGyafDgFs1emSJOoEsFW9YfLpEMBWnS5Jok4AW9UbJp8OAWzV6ZIk6gSwVb1h8ukQ
- wFadLkmiTgBb1Rsmnw4BbNXpkiTqBLBVvWHy6RDAVp0uSaJOAFvVGyafDgFs1emSJOoE
- sFW9YfLpEMBWnS5Jok4AW9UbJp8OAWzV6ZIk6gSwVb1h8ukQwFadLkmiTgBb1Rsmnw4B
- bNXpkiTqBLBVvWHy6RDAVp0uSaJOAFvVGyafDgFs1emSJOoEsFW9YfLpEMBWnS5Jok4A
- W9UbJp8OAWzV6ZIk6gSwVb1h8ukQwFadLkmiTgBb1Rsmnw4BbNXpkiTqBLBVvWHy6RDA
- Vp0uSaJOAFvVGyafDgFs1emSJOoEsFW9YfLpEMBWnS5Jok4AW9UbJp8OAWzV6ZIk6gSw
- Vb1h8ukQwFadLkmiTgBb1Rsmnw4BbNXpkiTqBLBVvWHy6RDAVp0uSaJOAFvVGyafDgFs
- 1emSJOoEsFW9YfLpEMBWnS5Jok4AW9UbJp8OAWzV6ZIk6gSwVb1h8ukQwFadLkmiTgBb
- 1Rsmnw4BbNXpkiTqBLBVvWHy6RDAVp0uSaJOAFvVGyafDgFs1emSJOoEsFW9YfLpEMBW
- nS5Jok4AW9UbJp8OAWzV6ZIk6gSwVb1h8ukQwFadLkmiTgBb1Rsmnw4BbNXpkiTqBLBV
- vWHy6RDAVp0uSaJOAFvVGyafDgFs1emSJOoEsFW9YfLpEMBWnS5Jok4AW9UbJp8OAWzV
- 6ZIk6gSwVb1h8ukQwFadLkmiTgBb1Rsmnw4BbNXpkiTqBLBVvWHy6RDAVp0uSaJOAFvV
- GyafDgFs1emSJOoEsFW9YfLpEMBWnS5Jok4AW9UbJp8OAWzV6ZIk6gSwVb1h8ukQwFad
- LkmiTgBb1Rsmnw4BbNXpkiTqBLBVvWHy6RDAVp0uSaJOAFvVGyafDgFs1emSJOoEsFW9
- YfLpEMBWnS5Jok4AW9UbJp8OAWzV6ZIk6gSwVb1h8ukQwFadLkmiTgBb1Rsmnw4BbNXp
- kiTqBLBVvWHy6RDAVp0uSaJOAFvVGyafDgFs1emSJOoEsFW9YfLpEMBWnS5Jok4AW9Ub
- Jp8OAWzV6ZIk6gSwVb1h8ukQwFadLkmiTgBb1Rsmnw4BbNXpkiTqBLBVvWHy6RDAVp0u
- SaJOAFvVGyafDgFs1emSJOoEsFW9YfLpEMBWnS5Jok4AW9UbJp8OAWzV6ZIk6gSwVb1h
- 8ukQwFadLkmiTgBb1Rsmnw4BbNXpkiTqBLBVvWHy6RDAVp0uSaJOAFvVGyafDgFs1emS
- JOoEsFW9YfLpEMBWnS5Jok4AW9UbJp8OAWzV6ZIk6gSwVb1h8ukQwFadLkmiTgBb1Rsm
- nw4BbNXpkiTqBLBVvWHy6RDAVp0uSaJOAFvVGyafDgFs1emSJOoEsFW9YfLpEMBWnS5J
- ok4AW9UbJp8OAWzV6ZIk6gSwVb1h8ukQwFadLkmiTgBb1Rsmnw4BbNXpkiTqBLBVvWHy
- 6RDAVp0uSaJOAFvVGyafDgFs1emSJOoEsFW9YfLpEMBWnS5Jok4AW9UbJp8OAWzV6ZIk
- 6gSwVb1h8ukQwFadLkmiTgBb1Rsmnw4BbNXpkiTqBLBVvWHy6RDAVp0uSaJOAFvVGyaf
- DgFs1emSJOoEsFW9YfLpEMBWnS5Jok4AW9UbJp8OAWzV6ZIk6gSwVb1h8ukQwFadLkmi
- TgBb1Rsmnw4BbNXpkiTqBLBVvWHy6RDAVp0uSaJOAFvVGyafDgFs1emSJOoEsFW9YfLp
- EMBWnS5Jok4AW9UbJp8OAWzV6ZIk6gSwVb1h8ukQwFadLkmiTgBb1Rsmnw4BbNXpkiTq
- BLBVvWHy6RDAVp0uSaJOAFvVGyafDgFs1emSJOoEsFW9YfLpEMBWnS5Jok4AW9UbJp8O
- AWzV6ZIk6gSwVb1h8ukQwFadLkmiTgBb1Rsmnw4BbNXpkiTqBLBVvWHy6RDAVp0uSaJO
- AFvVGyafDgFs1emSJOoEsFW9YfLpEMBWnS5Jok4AW9UbJp8OAWzV6ZIk6gSwVb1h8ukQ
- wFadLkmiTgBb1Rsmnw4BbNXpkiTqBLBVvWHy6RDAVp0uSaJOAFvVGyafDgFs1emSJOoE
- sFW9YfLpEMBWnS5Jok4AW9UbJp8OAWzV6ZIk6gSwVb1h8ukQwFadLkmiTgBb1Rsmnw4B
- bNXpkiTqBLBVvWHy6RDAVp0uSaJOAFvVGyafDgFs1emSJOoEsFW9YfLpEMBWnS5Jok4A
- W9UbJp8OAWzV6ZIk6gSwVb1h8ukQwFadLkmiTgBb1Rsmnw4BbNXpkiTqBLBVvWHy6RDA
- Vp0uSaJOAFvVGyafDgFs1emSJOoEsFW9YfLpEMBWnS5Jok4AW9UbJp8OAWzV6ZIk6gSw
- Vb1h8ukQwFadLkmiTgBb1Rsmnw4BbNXpkiTqBLBVvWHy6RDAVp0uSaJOAFvVGyafDgFs
- 1emSJOoEsFW9YfLpEMBWnS5Jok4AW9UbJp8OAWzV6ZIk6gSwVb1h8ukQwFadLkmiTgBb
- 1Rsmnw4BbNXpkiTqBLBVvWHy6RDAVp0uSaJOAFvVGyafDgFs1emSJOoEsFW9YfLpEMBW
- nS5Jok4AW9UbJp8OAWzV6ZIk6gSwVb1h8ukQwFadLkmiTgBb1Rsmnw4BbNXpkiTqBLBV
- vWHy6RDAVp0uSaJOAFvVGyafDgFs1emSJOoEsFW9YfLpEMBWnS5Jok4AW9UbJp8OAWzV
- 6ZIk6gSwVb1h8ukQwFadLkmiTgBb1Rsmnw4BbNXpkiTqBLBVvWHy6RDAVp0uSaJOAFvV
- GyafDgFs1emSJOoEsFW9YfLpEMBWnS5Jok4AW9UbJp8OAWzV6ZIk6gSwVb1h8ukQwFad
- LkmiTgBb1Rsmnw4BbNXpkiTqBLBVvWHy6RDAVp0uSaJOAFvVGyafDgFs1emSJOoEsFW9
- YfLpEMBWnS5Jok4AW9UbJp8OAWzV6ZIk6gSwVb1h8ukQwFadLkmiTgBb1Rsmnw4BbNXp
- kiTqBLBVvWHy6RDAVp0uSaJOAFvVGyafDgFs1emSJOoEsFW9YfLpEMBWnS5Jok4AW9Ub
- Jp8OAWzV6ZIk6gSwVb1h8ukQwFadLkmiTgBb1Rsmnw4BbNXpkiTqBLBVvWHy6RDAVp0u
- SaJOAFvVGyafDgFs1emSJOoEsFW9YfLpEMBWnS5Jok4AW9UbJp8OAWzV6ZIk6gSwVb1h
- 8ukQwFadLkmiTgBb1Rsmnw4BbNXpkiTqBLBVvWHy6RDAVp0uSaJOAFvVGyafDgFs1emS
- JOoEsFW9YfLpEMBWnS5Jok4AW9UbJp8OAWzV6ZIk6gSwVb1h8ukQwFadLkmiTgBb1Rsm
- nw4BbNXpkiTqBLBVvWHy6RDAVp0uSaJOAFvVGyafDgFs1emSJOoEsFW9YfLpEMBWnS5J
- ok4AW9UbJp8OAWzV6ZIk6gSwVb1h8ukQwFadLkmiTgBb1Rsmnw4BbNXpkiTqBLBVvWHy
- 6RDAVp0uSaJOAFvVGyafDgFs1emSJOoEsFW9YfLpEMBWnS5Jok4AW9UbJp8OAWzV6ZIk
- 6gSwVb1h8ukQwFadLkmiTgBb1Rsmnw4BbNXpkiTqBLBVvWHy6RDAVp0uSaJOAFvVGyaf
- DgFs1emSJOoEsFW9YfLpEMBWnS5Jok4AW9UbJp8OAWzV6ZIk6gSwVb1h8ukQwFadLkmi
- TgBb1Rsmnw4BbNXpkiTqBLBVvWHy6RDAVp0uSaJOAFvVGyafDgFs1emSJOoEsFW9YfLp
- EMBWnS5Jok4AW9UbJp8OAWzV6ZIk6gSwVb1h8ukQwFadLkmiTgBb1Rsmnw4BbNXpkiTq
- BLBVvWHy6RDAVp0uSaJOAFvVGyafDgFs1emSJOoEsFW9YfLpEMBWnS5Jok4AW9UbJp8O
- AWzV6ZIk6gSwVb1h8ukQwFadLkmiTgBb1Rsmnw4BbNXpkiTqBLBVvWHy6RDAVp0uSaJO
- AFvVGyafDgFs1emSJOoEsFW9YfLpEMBWnS5Jok4AW9UbJp8OAWzV6ZIk6gSwVb1h8ukQ
- wFadLkmiTgBb1Rsmnw4BbNXpkiTqBLBVvWHy6RDAVp0uSaJOAFvVGyafDgFs1emSJOoE
- sFW9YfLpEMBWnS5Jok4AW9UbJp8OAWzV6ZIk6gSwVb1h8ukQwFadLkmiTgBb1Rsmnw4B
- bNXpkiTqBLBVvWHy6RDAVp0uSaJOAFvVGyafDgFs1emSJOoEsFW9YfLpEMBWnS5Jok4A
- W9UbJp8OAWzV6ZIk6gSwVb1h8ukQwFadLkmiTgBb1Rsmnw4BbNXpkiTqBLBVvWHy6RDA
- Vp0uSaJOAFvVGyafDgFs1emSJOoEsFW9YfLpEMBWnS5Jok4AW9UbJp8OAWzV6ZIk6gSw
- Vb1h8ukQwFadLkmiTgBb1Rsmnw4BbNXpkiTqBLBVvWHy6RDAVp0uSaJOAFvVGyafDoG3
- tbV+4+btu/XJGzczf932wuPnrxU9fPrHq7//pwOCJBCIOoH/ma3Pnty/feXckT1bVs2f
- Ompgry5tMtPTatf4IHmrUdtsbde1d8zWY+evFj14+vzlX//8jw0CEKgsAv/89eezx/dv
- XT57ZPeWVfPM1p5d2mQ0qvcmW8fOyF+7be/Rc1du33/87MWrv/9hgwAEKovAX69e/P7r
- 3ZsXTx/etXnl3E9G/putWTl5Y6Z/sXrLnsNnLt68++jpsxcvX7FBAAKVReDPF8+ePPj5
- +o+nDu7YuGLOlBEDszuXfW5Nz2yblTNo9LT5KzftPHDqwrU79359+uz5H2wQgEBlEXj+
- 7Omju7ev/HB8f8GGpZ9NHtE/u1PrZmVcCaelZ7bp0nPgyClzlm8oKDx27tKNonuPHj9l
- gwAEKo/A44d371z/6czhvdu/XDx74rDcHp1aNWv4+n2rs7Vzdv8Rkz5bsm77nkMnz1++
- cefuvQcP2SAAgcoi8ODeL7evXzp34sDOzWvyZ47/uG/3ji2blmFrvfRmrTp9lDt0wsz8
- 1ZsKCo+cvnDp2s3bRUU/s0EAApVDoKjo9o2rF384eWjPtxtWzJ82Jq9Pt/YtmzaoV6v0
- CE69Rk1bdujeN2/MtHnLvtq6c/+RU+d+vHTl2nU2CECgsghcvXLxwtmTh/cVbF67+PMp
- IwfmZLVr3qRB3ddtbdi0RfusnIEjJ89euGrD9p2Fh4+dOnvuAhsEIFBpBM6fO3Py2MG9
- 3235avmCmeOH5doj4czG9V+ztVbdBo3djWvu0HHT5y5ZvWHrd3v2Hzxy7PgJNghAoLII
- HDt2+EDh7m+3fLVy4eefjM6z29bWGelpdWp+mDyV6YMaterWT89o3bF7n8EjJ82cv3jV
- V5u2F+zcs7eQDQIQqDwCe/fs/HbrxnUrFs2ZMWHYgF5d7bbVBnBK21qzTprduLbLys79
- eMyUWXMXLlv95debtmzb/g0bBCBQWQS2b9uyaf26VUvz58yYNGpw3486tbHbVhvAKXlu
- /bBG7Xp2Kdy6Y7ecAUPHTJ4+e37+kuWr1qxdt+5LNghAoHIIrFu3dvXKZYvz5346beLo
- If2ys9q3zEhvULcMW+1SuGmLtp265wz4eNS4ydNmfTZ3/oL8hYvYIACByiKwMH/B/Dmz
- Z06dNG5EXm7Prh3aZDZpmFan1CPhDz6sUauOnVwzWrYzXXMHDx05ZsKkKdOmz5jJBgEI
- VB6BGdOnTZk0bvSIjwf27dm1Y5sWTdPtQrhmyeHWDz6oUbN23bSGTTJN127ZfXIH5g0d
- MWr0mHFsEIBAZRIYM3rk8KF5A/vlZGeZrM1MVju1lrxt/cCdXGvXq9/IdG3bMat7dk7f
- 3AEDB+flDWGDAAQqj0Be3qCB/fv16ZXdrUsHk7Vxw7S6dmp93daate1auFGTjBZt2nfq
- 0rV7j569cnr36csGAQhUGoE+fXrn9Mru0T2rc4d2rZqbrPXr1a5Vo/SFsDu5hro2bprZ
- snXb9h07dcnK6tqtW3c2CECgsgh069Y1K6tzpw7t27Rqkdk03WStU8ap1dlq18J16tVv
- kN6kaWbzlq1at2nbrj0bBCBQqQTatWvbpnXLFpkZTRs3apAWylr6QtgmNpmudnata742
- MmGbZWRmNm/egg0CEKhMAs2bZ5qpTZukN2pQv17d2rVq1njtrjWYheh0tdNr3XppDRo0
- bJSent64cRM2CECgMgk0bmzmNWrYoH6aufpmWe3sGvrqhK1XLy2tfv36DdggAIHKJGDW
- paWZf3XrxFwt4zI4NsXf+Vqjpp1h3VaHDQIQqHQCgXy1atW0a+AaH77Z1fB6ODDW/kan
- LRsEIFDJBAL37D8+/C9VY6fYuLb297NBAAKVTCBZQ/4aAhCAAAQgAAEIQAACEIAABCAA
- AQhAAAIQgAAEIAABCEAg2gT+H7bgdu8KZW5kc3RyZWFtCmVuZG9iago0NSAwIG9iagox
- NzU1MgplbmRvYmoKNDYgMCBvYmoKPDwgL0xlbmd0aCA0NyAwIFIgL1R5cGUgL1hPYmpl
- Y3QgL1N1YnR5cGUgL0ltYWdlIC9XaWR0aCAzNDYgL0hlaWdodCAxMDAgL0NvbG9yU3Bh
- Y2UKL0RldmljZUdyYXkgL0ludGVycG9sYXRlIHRydWUgL0JpdHNQZXJDb21wb25lbnQg
- OCAvRmlsdGVyIC9GbGF0ZURlY29kZSA+PgpzdHJlYW0KeAHt3etPE1kUAHCQQum7hdJC
- H9va8mpr6VbqVkC3JW1QBHyguNUVghbNli12NTY2i7olrDY2iuBCeESRJYIBloBpkBA1
- +6/tmeIqM51emPl8zqfeGYcPv5ycDnjvOQUFGCiAAiiAAiiAAihwEIFCjAMIHETy67+B
- n3foWxRhsAp8EzoEYF/x8n/YVYWfJRAUY+wrIBAAFYW8H27WdRe1RCgs3Q0RRo7AFxqh
- sATwgXcf2y+uxcUlgCoSiyUSiVQqlWGwCAAM8IjFotJSSpdsS8EWQQ0AVkCVyuRyhVKp
- wsgjoFQq5HIZ+IoBd9c2T0nIwkK+Uq4yuUKlKitXqysqNBotRo6ARlNRoVaXl6lUCrmM
- soW8hZLATktlLJWwlKsSVDXayiqdTm8wGDFyBAwGvU5XVanVgK4yawtpS9GyvBtkYaHA
- SqTgCqxgajSZzYctVgwWAcths9lkBF/ABVuphCq37LSFVI0ViiBhVeWaSh2oWqw1tXX1
- Npvd7sCgCdjtNlt9XW2N1QK6ukpNuQrSViSkvsdykxZSFmBLJTKFSq3VGc2W6lqb/YjT
- 5XK73UcxGAKA4nI5j9httdUWs1GnVasUMsjaYgFLPYCUhS8vcRZWb7LU1DucLnfjsR+8
- Tc0QLRh7BCiRJu8PxxrdLqejvsZi0mdpxfA1xpK0hZCypWKpXKWu1JusdY4Gt8fb1HLS
- 528NBAJBDJoAkLT6fSdbmrwed4OjzmrSV6pVcqm4FJKWWQ52U1YCsFq9udrmdHuOt/ha
- g22n2zs6u85iMAS6OjvaT7cFW30txz1up63aTGWtXMKWtJQs1AIlwJqqba5G7wl/4NSZ
- rnPdF3suhzByBC73XOw+13XmVMB/wtvoslVTBUEpg6TNKQdQDEpKJfIyjc5ktTV4mn3B
- 9s4Ll0I/9/b13wiHBzBoAuHwjf6+3p9Dly50tgd9zZ4Gm9Wk05RRSZtTDgoPwRsXpGyl
- 0VLnbGz2t3Wc77nS2x++Ffk1OnQ7hkETuD0U/TVyK9zfe6XnfEebv7nRWWcxVkLSwpsX
- s9BSxQCqrEZnrnG4vb62zu7Qtes3I9HY3Xvx+wkMhsD9+L27sWjk5vVroe7ONp/X7agx
- 6zRUpYVyQP81LCurKNcaLfUNnhNBgO0LR4buxBPDDx8lRzAYAslHD4cT8TtDkXAf0AZP
- eBrqLUZtuYJVtkQkVaqrTNUO93F/+/lQ38BgLJ54mBx9nHqaxmAIPE09Hk0+TMRjgwN9
- ofPt/uNuR7WpSq2UikpyclZQIpJRxaDW6WkJdPVcCw/+Fh9O/plKP38x/hKDITD+4nk6
- 9WdyOP7bYPhaT1egxeOspcqBTARfYYxqIBCK5WVag6Xe5f3x1IUr13+JxYdHnqTHJian
- ZmZmMWgCMzNTkxNj6Scjw/HYL9evXDj1o9dVbzFoy+RiIYusRA5l1mp3N7WeudR7Mwqw
- qWfjk9Nzr+bfLGDQBN7Mv5qbnhx/lgLa6M3eS2dam9x2KxRauYRFFl4N1FXf1RxphGIQ
- 6o/cSfzx5NnE1OzrhcW3S8sYNIGlt4sLr2enJp49+SNxJ9IfgnLQeKTmuyo1vBzk5Cy8
- dCnUVJk9drLt3NVwNP5gND0+NTf/99K7ldU1DJrA6sq7pb/n56bG06MP4tHw1XNtJ49R
- hVZNvRww6yzIKkG2zuX1ne7uvRVLJFNjk7Pzi8ura+sbmxg0gY31tdXlxfnZybFUMhG7
- 1dt92ud11YGsklVWqqzQHYYvMH/7xb7I3d9H0xPTrwF2ffN9BoMh8H5zHWhfT0+kR3+/
- G+m72O6Hr7DDugqllC1npaoKvcX2fVNrR0//4L0Hj5//NbewtLK+mdn6sI1BE/iwldlc
- X1lamPvr+eMH9wb7ezpam763WfQVqjyyGoPF5m4OdF6+EY0/So1NvVp8989GZmt7B4Mh
- sL2V2fjn3eKrqbHUo3j0xuXOQLPbZjFo8svCSxfI/hQeup98+mJ6/u3K+nuA/fgJgybw
- cWd76/36ytv56RdPk/eHwj9RsnbrvrJdofDtxEh6YubN0upG5gPAfsagCXz6uPMhs7G6
- 9GZmIj2SuB2G1658svBHxFKpSmPI5iyL7L8YewQ+k2Vp/19TWFQMfzaAX8EcR1uCZ0MD
- McjZl7MLy2ubme2dT5/3/FT8CAKfP+1sZzbXlhdmX0LOxgZCZ4MtRx3wSxj84aC4CGX5
- JwnK8rcjP4myZB/+d1GWvx35SZQl+/C/i7L87chPoizZh/9dlOVvR34SZck+/O+iLH87
- 8pMoS/bhfxdl+duRn0RZsg//uyjL3478JMqSffjfRVn+duQnUZbsw/8uyvK3Iz+JsmQf
- /ndRlr8d+UmUJfvwv4uy/O3IT6Is2Yf/XS6yuJODgzOXnRwF+8jS9t7ggrxHhnECZM/u
- I9wxR9sex7LgsWMOd3kytnPmWXLd5Yk7k2n7j/MvuO5Mxt30jD3z+ZfcdtPjCRDaKQ/S
- guMJEDy1RDuZRFpwOrUkwJN2tMN0xAWnk3YCIZ4OpZ0AJS24nQ7FE820Q8vEBbcTzXgK
- n3HSnrTkcgq/CDtHMLpDkJZcOkdQfWSw2wmjqUneJaduJ9ihh9GFh7Tk0KEHu0rR2kbt
- s+DSVQo7odFane2z4NYJDbv35bToI1zg0r2PapKKHScZnSXzLTl0nCzALqm0PqjkBZcu
- qSCLnX33NO8lfuTa2Re7UTNaThOWXLpRU0mLHdRpfdLzLzh1UAdZqh5g13+WDv9slzh0
- /d+lxUkVOUMpWC9wmVRRgNNVcmao5L/AabrKLi1OBMozACjn8sEnAhVkabPTlnCKFcvc
- KvolTlOsYNfMlwlh1Dg7nLyWM25tzwWOk9eoDUlZ20M4LXDfOYG7/+DA0wKzm71wwiXr
- SEvGRc4TLrO2/wODMQZZ4JsXfkIBFEABFEABFEABksB/R7vxwwplbmRzdHJlYW0KZW5k
- b2JqCjQ3IDAgb2JqCjIxOTcKZW5kb2JqCjUyIDAgb2JqCjw8IC9MZW5ndGggNTMgMCBS
- IC9UeXBlIC9YT2JqZWN0IC9TdWJ0eXBlIC9JbWFnZSAvV2lkdGggMjI0IC9IZWlnaHQg
- OTIgL0NvbG9yU3BhY2UKL0RldmljZUdyYXkgL0ludGVycG9sYXRlIHRydWUgL0JpdHNQ
- ZXJDb21wb25lbnQgOCAvRmlsdGVyIC9GbGF0ZURlY29kZSA+PgpzdHJlYW0KeAHtnPtP
- Un0cx72g3G+KoFwCDygCIZ3EENGAwSwTu5gWljoSdWEo6WSyvIQzZbJSKZ2XlZnzMjWn
- jZlz2Z5/7fkc7HlcSvU8W6vT2Xn/5PyF7+v7/nw+33O+3+/npKSQImeAnAFyBsgZ+Lkz
- kPoH6X+RA1faidJxrZNxpsGw/wPmMRswUSgZf4woFBgwhvojxATdMVomlUo7Fh23+jJA
- KjUTrADIHxB+ocvIyAQ0OoPBZDJZLBYbx4LhwSAZDDqNhjF+nxDDS4eoBDhAY7E5HC6P
- x8e5eDwuh8MGSgYgHhN+I0gTeOAdRsfmcPn8rGyBICdHKBThVkJhTo5AkJ3F53M5bIwQ
- PIQgTQ6IuYeZh9HxgE0oys0TiyVSqQy3kkolYnFerkgIjLwEIViIASYppAk8SDwmC+gA
- DshkcoUiH1HiWEi+QiGXASUgAiGLiaVhcsBULPeodDCPny3MFQMboiwoVBdpNFqtDpfS
- ajWaInVhgRIBRnGuMJsPFtKpWJU5ayDYB3g0JpvLF4jEMgWiKtRoz+sNBhRFL+JUMDSD
- QX9eqylUIQqZWCTgc9ngYAYlSYSCfVBaGAk8iRwpKNLpDWhJ6SWTuRxkwaGwcZlNl0pL
- UINeV1SAyCUJQAYUmSQGpoJ9NAaLwxfkSuRKta4YNZrMlkqrze5wOJy4FAzMbrNWWswm
- I1qsUyvlklwBn8Ni0MDA0wF6bB8T8EQShUqjR41lFqvdWXW1usZVex2nqnXVVF+tctqt
- ljIjqteoFJiDHGYyAzE+iE4e4MlVGkOJqcLmuHKt9kbd7YY7btzqTsPtuhu11644bBWm
- EoNGhYUojw0GnglQCM9MGpOTJRTLlZpiY7nVWe26Ve++39ziafV623Apr7fV09J8311/
- y1XttJYbizVKuViYhRl4JkBT02BtAPtyZYhaX1Juq6q52dDY7PF2+B75u7oDuFR3l/+R
- r8PraW5suFlTZSsv0asRWS4YCGvE6QTEwhOyTyhWFOhQk7XKVeduetDu8wd6+4L9IZyq
- P9jXG/D72h80uetcVVYTqitQiIVYBkKAfv0Ik+DjZotkSFGxscIJeC1eX1dPMDQwNBwe
- wanCw0MDoWBPl8/bAoDOCmNxESITZXOT8mXSWTxBnlylQ8ts1TfdLW2dgWBoKDw6FpmI
- 4lQTkbHR8FAoGOhsa3HfrLaVoTqVPE/AY9Ezz/hHyaSzsfAs1BstjtqGJm/n4+BA+Fkk
- +mJq+iVONT31Ihp5Fh4IPu70NjXUOixGfSEWoGw6FJhT8UmhMjhZIilSZDBdvnKr8cHD
- QHBgZDw6GZuZnZ9fwKXm52dnYpPR8ZGBYODhg8ZbVy6bDEWIVJTFYVCT8DE5kH5KLWq2
- X6tvbvcDXuT59Mzc4uult8u41Nul14tzM9PPIwDob2+uv2Y3o1olJCCHmYQPyqcg71zB
- +RIIT7fH1xN6Ov48NrvwZnlldW0dl1pbXVl+szAbez7+NNTj87ghQEvOF5zLE0ABPeMf
- LA9cAZZ+pZVVN+55/cHB0ej07OLSu7WNza1tXGprc2Pt3dLi7HR0dDDo9967UVVZiiWg
- ACugp/MP+HjApzaYrFfrmjsCoXBkcmZhaWV9a3tndw+X2t3Z3lpfWVqYmYyEQ4GO5rqr
- VpNBDXy8pHwsXo44H8qLrfp2i6/3yWg0NvcG8Hb2PsRxqg97OwD4Zi4WHX3S62u5XW2D
- ApMvzuGxkvnH4udIEM0Fs72mwdPZNzj24tXi8trmzl58/+MBLvVxP763s7m2vPjqxdhg
- X6enocZuvqBBJDn8b/AJpYgGLXe47rT6g8ORydnXKxvvd+P7B4c41cF+fPf9xsrr2cnI
- cNDfesflKEc1iFT4bT5YHoDvrrerPzwxNbe0urnzAfA+HeFSnw4P9j/sbK4uzU1NhPu7
- vHcxPq3yh3y1bm93aCQam3+7trUb/wh4n3Gpo0+HH+O7W2tv52PRkVC3FxaIb/HB6xGN
- xRdKE/4l4fsLh/r8fb6vdihS0zPg8RMeX3QXLc7r7rYA+PdyYXl9ey9+cHj0GYd0MKTP
- R4cH8b3t9eWFl+BfoM193Wm5qIMHGHgAzUgn+Uj/fm/ckvH57zsgWV9+bygm/XUyPsn4
- JNf3pKnxS/5J5h+Zf2T+/ZJUS/ojZP6d5B/B329TfsD3p+9PfMVH4P0lYu8PEnx/l+D7
- 80Q/XyH2+RiF4OebFCrBz6eJfr+A4PdD0gl+vwe7f0bo+1nEvl9H9PuRxL/fSvT7yVh7
- AHHvl6cQvD8A+Ije30Hs/hzMQCL3VwEfFqHE7Y87BiRuf2MK0ftTjwGJ21+ckgBMdFAT
- sz8cTiO+dMBjny4gYH8/dtySIEwj6vcZEgdKhP6+RoLwH0wg/TN0MmryL3IGyBkgZ4Cc
- gZ8zA38D4W08UwplbmRzdHJlYW0KZW5kb2JqCjUzIDAgb2JqCjE4MDEKZW5kb2JqCjU2
- IDAgb2JqCjw8IC9MZW5ndGggNTcgMCBSIC9UeXBlIC9YT2JqZWN0IC9TdWJ0eXBlIC9J
- bWFnZSAvV2lkdGggMzQ2IC9IZWlnaHQgNzIgL0NvbG9yU3BhY2UKL0RldmljZUdyYXkg
- L0ludGVycG9sYXRlIHRydWUgL0JpdHNQZXJDb21wb25lbnQgOCAvRmlsdGVyIC9GbGF0
- ZURlY29kZSA+PgpzdHJlYW0KeAHtnOtTUmsUxtVQ5A6KoCBBG2+ASPuI4a3AwbFMPZVm
- Uamjkk4YRjpSTF4bS4pR05OO6aSZZXdHG7tMnX/urI2dam826O7zej6x9jB8+M3ied/9
- vmutpCQUEkACSAAJIAEkgAQOQiAZdQACByH58zvweym/dAjFSuAXoRQA9hNe/A97VOG3
- eLxU1L4EeDxARUHeD26U6x7UND4/fU8CVAyBH2j4/DSAD3j3YfuDa2pqGkAVCIUikUgs
- FktQLAQADOARCgXp6RTdxGwpsIfAAwArQBVLpFKZXK5AxSEgl8ukUgnwFQLcPbZxLCEK
- FvKV4iqRyhSKjEylMitLpVKjYgioVFlZSmVmhkIhk0ootpC3YAnsaKmMpRKW4ioHqip1
- do5Go83N1aFiCOTmajWanGy1CujKo2whbSm0LHuDKFgwWJEYuAJWYKrTGwxHCCOKhQBx
- xGDQ64AvwAW2YhFlt+xokymP5QsgYRWZqmwNUCWM+QWFRSaT2WxB0QiYzSZTUWFBvpEA
- uppsVaYC0lbAp9ax2KSFlAWw6SKJTKFUa3QGIq/AZC622mwkSf6FYhAAKDabtdhsKsgj
- DDqNWqmQSSBrU3ksfgApC4uXMApWqyfyiyxWG1ladsxRUQmqQv1GgCJS4ThWVkrarJai
- fEKvjaIVwjLGkrTJkLLpQrFUoczW6o2FlhLS7qioOu501bjd7loUjQAgqXE5j1dVOOxk
- iaXQqNdmKxVSsTAdkpZpB3spKwKwaq0hz2Ql7eVVzpraulP1DY1Nf6MYBJoaG+pP1dXW
- OKvK7aTVlGegslYqYktaiix4gRzA6vNMtlJHtct98nTTmeaW1gseVAyBC60tzWeaTp90
- u6odpTZTHmUIcgkkbYwdgBmkpYukGSqN3mgqsVc6a+sbz533XGnv6Oz2eq+iaAS83u7O
- jvYrnvPnGutrnZX2EpNRr1FlUEkbYwfJKbDjgpTN1hGF1tJKV13D2dZL7Z3eXt91f/+N
- AIpG4Ea//7qv19vZfqn1bEOdq7LUWkjosiFpYefFNFrKDMBlVRpDvoV0OOsamz1tXT0+
- f2BwKHg7hGIQuB0cGgz4fT1dbZ7mxjqng7TkGzQqymnBDuivYVGysky1jigqsVfXAtgO
- r69/IBgaHh2buItiEJgYGx0OBQf6fd4OQFtbbS8pInTqTBkr2TSBWK7M0edZyHJX/VlP
- x9W+QDA0OjF5P/wwgmIQeBi+PzkxGgoG+q52eM7Wu8pJS54+RykXC9JicpaXJpBQZlBg
- tVe5m1rbvH03g8MT98KRmUdz/6AYBOYezUTC9yaGgzf7vG2tTe4qu7WAsgOJAJYwhhvw
- +EJphjqXKLI5Tpw8d6nrWiA4fHcqMju/sPjkyTKKRuDJk8WF+dnI1N3hYOBa16VzJ084
- bEVErjpDKuSzkBVJwWaNZrKi5vT59h4/gA1Pzy0srTxde7aOohF4tvZ0ZWlhbjoMaP09
- 7edP11SQZiMYrVTEQha2Bsqcw/nFpWAGnk7fQGh8anp+cXl1fePl5isUjcDmy4311eXF
- +emp8dCAr9MDdlBanH84Rwmbg5ichU2XTEnZbNnxujOXvf7gyGRkbnFl7fnm67fv3qNo
- BN69fb35fG1lcS4yORL0ey+fqTteRhmtktocMH0WyMqBbKHN4TzV3N4bCE2EZxeW1zZe
- vXu/tb2DohHY3nr/7tXG2vLCbHgiFOhtbz7ldNgKgayclaxYnqU5AguYq76lwzd4ZzIy
- v7QKYLd2Pu6iGAQ+7mwB2tWl+cjknUFfR0u9C5awI5osuZgtZ8WKLC1hOlpR09Da2Tc0
- cn/m8cr65tutnd3PX76iaAS+fN7d2Xq7ub7yeOb+yFBfZ2tDTcVRE6HNUsQhq8olTGSl
- u/FCtz84Fp5dfLrx+sP27uev31AMAl8/725/eL3xdHE2PBb0d19odFeSJiJXFZ8sbLqA
- 7EWv/9b4g0dLqy/ebO18+vLt+78oGoHv37582tl682J16dGD8Vt+70WKrNmIZGmU/iT4
- A7LoBoy/fZyQqxvgCkZbp+IHXFcw3HUx9lbxQ267LnxToL0NJAo4ving2y3tDTZRwOnt
- locnMrRDl4QBpxMZHh9PEWknhYkCbqeIePJNO9xOGHA7+cbbGsaNTKKQy23NIbxhZNwi
- Jgq53DBS9QZ4K864/I4bcroVx0oORrVGopBDJQdWH9HKi/YJuFQfYcUcrSRun4BbxRxW
- ecaUciZ4wKXKkyqmx8pkRgVyvJBDZXISVtPT6uUTB1yq6YEsdoD81uSR8CPXDhDsWmK0
- JiUIuXQtUUmLnXa0frr4AadOOyBL+QF2h7J0grI94tAduocWO5pjmpdZH3DpaE7CLvyY
- Xvv4Dzh14e+hxckRcQZFxDw++OSIpCja6FQOnHbCMt+E/ojTtBOor/8xSYYae4QTemLG
- 8vz2gOOEHqp1Ico2BadK7TtPau8LB54qFW0LwUlorKPPGA85T0KLsv0fMDBGJSbwixd+
- QgJIAAkgASSABJBAIgL/AYb0LTsKZW5kc3RyZWFtCmVuZG9iago1NyAwIG9iagoxODg5
- CmVuZG9iago1OCAwIG9iago8PCAvTGVuZ3RoIDU5IDAgUiAvTiAzIC9BbHRlcm5hdGUg
- L0RldmljZVJHQiAvRmlsdGVyIC9GbGF0ZURlY29kZSA+PgpzdHJlYW0KeAHVWXVYVU23
- n32SOnR3d3c3SHeKCIfuDglBUUFAEAEJCQlpxSAEVKQUUKREQEAEFKVUFJAU7kbf9/2+
- +3z3/nf/ufs8Z/Zvr7VmzZy9ZmbFAYBhDR8U5IcgB8A/ICzE4oQmu539SXbsFMACavhD
- DpjwrqFBGmZmRuB/vX6OA+iY+VrkWNf/KvY/Myjc3ENdAYDMYLaLW6irP4wbAUBougaF
- hAGA3IHpw5FhQTBG9cGYOgSeIIxnjrHnH7x+jF1+YzTqt4yVhRYAaHoACEjw+BBPAHDc
- MJ09wtUT1oPTBgBDGeDmHQAAlR2MVV298G4AMOTBMsL+/oHHuAfG/C7/psfz3zAe7/KP
- Tjze8x/857fAPeGBtb1Dg/zwUb8f/i8bf79w+H39vijhliTAz+TYNrTwd8kNr20I35nh
- 72GQ32+bwTIQo3uAtSVMO8bCAS4mpn9hVY8QXQsYw30hs6AwzWMMvzPIIyjMzOovely0
- l5YJjElgerZ7qM7fekp88AbHNiOF6Q9Cwi2sYcwN447QCEsdGMMrCvoY7WVl+5fMppu7
- 9l90BMLDW1f/jwyC0jtM/3gsatjmnL6BhsdzgMdCyAJD4AfcQTgIgdsAIAKMgBbQ/qsV
- AR4AD3MiYF4o8AWfYOwP9wiE+wTCmP0vOa3/oOj+7ucJ9/vvGtmBKywb/s+Yf0Zjh8f8
- W6c3cIPx33Q8PMYx73h2oU7eCf8a82+JY32/ZyNeJ74sfvD3nFC8KEmUDEoTpYJSRSkA
- dhQtihGIoKRR8igNlBpKCeYpAF3wEdbs+fccj/X7P/CIyAuMUrTxgrnHv93lby6w+S3t
- /c/zf8wAeA+uPVz7ewYAhLmfgfcBAFqBQVEh3p5eYewa8M51F2bXD3AVFWaXFJcQP2b/
- v7mOz6w/k92w+H0WQbRD/6IFPgBAsRFeUyb/orliAWjiAoDC8F80blZ42QoA8DTbNTwk
- 4o8+1PENDYgAGbxCGQAr4AL88HuWBLJACagDHWAATIEVsAen4fXjBa/BEBAJYsF5kAhS
- QQa4Dm6Am6AcVIM74AF4CB6DTvAcvATD4A2YBnNgEayCdfAT7EMQhIVwEBXEALFBPJAQ
- JAnJQ6qQDmQEWUD2kDPkCQVA4VAsdAFKhTKhG1ApVAPdh1qhTqgfGoHeQvPQMvQD2kMg
- ESQIagQLghchhpBHaCAMEVYIR4QnIhgRjbiISEfkIcoQtxHNiE7ES8QbxBxiFbGFBEhi
- JC2SAymClEdqIU2RJ5EeyBBkHDIFmYMsQ9Yj25C9yNfIOeQacheFQVGh2FEi8DrVQ1mj
- XFHBqDjUFdQNVDWqGdWDeo2aR62jDtE4NDNaCK2I1kfboT3RkehEdA66Et2EfoZ+g15E
- /8RgMLQYPowcRg9jj/HBxGCuYIowdzEdmBHMB8wWFotlwAphVbCmWDw2DJuIzcfexj7F
- jmIXsTsExARsBJIEugQnCQIIEghyCGoJ2glGCT4T7BOSE/IQKhKaEroRRhFeJbxF2EY4
- RLhIuE9EQcRHpEJkReRDdJ4oj6ie6BnRDNEGMTExJ7ECsTmxN/E54jzie8R9xPPEuySU
- JIIkWiSnSMJJ0kmqSDpI3pJs4HA4Xpw67iQuDJeOq8F142ZxO6RUpKKk+qRupPGkBaTN
- pKOkX8kIyXjINMhOk0WT5ZA1kA2RrZETkvOSa5HjyePIC8hbySfItyioKCQoTCn8Ka5Q
- 1FL0UyxRYil5KXUo3SgvUpZTdlN+oEJScVFpUblSXaC6RfWMapEaQ81HrU/tQ51KfYd6
- kHqdhpJGmsaG5gxNAc0TmjlaJC0vrT6tH+1V2ge047R7dCx0GnTudMl09XSjdNv0TPTq
- 9O70KfR36d/Q7zGwM+gw+DJcY3jI8I4RxSjIaM4YyVjM+IxxjYmaSYnJlSmF6QHTFDOC
- WZDZgjmGuZx5gHmLhZXlBEsQSz5LN8saKy2rOqsPazZrO+syGxWbKps3WzbbU7YVdhp2
- DXY/9jz2HvZ1DmYOPY5wjlKOQY59Tj5Oa84Ezruc77iIuOS5PLiyubq41rnZuI25Y7nr
- uKd4CHnkebx4cnl6ebZ5+XhteZN4H/Iu8dHz6fNF89XxzfDj+NX4g/nL+McEMALyAr4C
- RQLDgghBGUEvwQLBISGEkKyQt1CR0IgwWlhBOEC4THhChEREQyRCpE5kXpRW1Eg0QfSh
- 6FcxbrGTYtfEesUOxWXE/cRviU9LUEoYSCRItEn8kBSUdJUskByTwknpSsVLtUh9lxaS
- dpculp6UoZIxlkmS6ZL5JSsnGyJbL7ssxy3nLFcoNyFPLW8mf0W+TwGtoKkQr/BYYVdR
- VjFM8YHiNyURJV+lWqUlZT5ld+Vbyh9UOFXwKqUqc6rsqs6qJapzahxqeLUytQV1LnU3
- 9Ur1zxoCGj4atzW+aoprhmg2aW5rKWqd1erQRmqf0E7RHtSh1LHWuaEzq8up66lbp7t+
- QuZEzIkOPbSeod41vQl9Fn1X/Rr9dQM5g7MGPYYkhpaGNwwXjASNQozajBHGBsZZxjMm
- PCYBJg9Ngam+aZbpOzM+s2CzR+YYczPzAvNPFhIWsRa9llSWTpa1lj+tNK2uWk1b81uH
- W3fZkNmcsqmx2bbVts20nbMTsztr99Ke0d7bvuUk9qTNycqTWw46DtcdFk/JnEo8Ne7I
- 53jGsf8042m/00+cyJzwTg3OaGdb51rnA7wpvgy/5aLvUuiy7qrlmuu66qbulu227K7i
- nun+2UPFI9NjyVPFM8tz2UvNK8drzVvL+4b3dx89n5s+276mvlW+R362fnf9Cfyd/VsD
- KAN8A3oCWQPPBI4ECQUlBs0FKwZfD14PMQypDIVCHUNbwqjh4HAgnD/8Uvh8hGpEQcRO
- pE1kwxmKMwFnBqIEo5KjPkfrRlfEoGJcY7piOWLPx86f1ThbGgfFucR1xXPFX4xfPHfi
- XPV5ovO+518liCdkJmxesL3QdpHl4rmLHy6duFSXSJoYkjiRpJR08zLqsvflwWSp5Pzk
- wxS3lBep4qk5qQdXXK+8SJNIy0s7SvdIH7wqe7U4A5MRkDF+Te1adSZFZnTmhyzjrOZs
- 9uyU7M3rTtf7c6RzbuYS5YbnzuUZ5bXkc+dn5B/c8LrxpkCz4G4hc2Fy4XaRW9FosXpx
- /U2Wm6k390q8SyZLT5Q2l/GW5ZRjyiPKP92yudVbIV9RU8lYmVr5qyqgaq7aorqnRq6m
- ppa59modoi68bvn2qdvDd7TvtNSL1Jfepb2beg/cC7+3ct/5/vgDwwddDfIN9Y08jYVN
- VE0pzVBzVPP6Q6+Hcy32LSOtBq1dbUptTY9EH1U95nhc8ITmydV2ovaL7UdPo59udQR1
- rHV6dn7ocuqa7rbrHusx7xl8Zvis77nu8+5ejd6nfSp9j/sV+1tfyL94+FL2ZfOAzEDT
- K5lXTYOyg81DckMtwwrDbSPKI+2jaqOdr7VfPx/TH3v5xuTNyLj1+OTEqYm5SbfJpbd+
- b79PRUztT5+bQc+kvCN/lzPLPFv2XuD93TnZuSfz2vMDC5YL0x9cP6x+DP14sHjxE+5T
- zme2zzVLkkuPl3WXh1ccVhZXg1b31xK/UHwp/Mr/tfGb+reBdbv1xe8h349+XNlg2Kja
- lN7s2jLbmv3p/3N/O2WHYad6V363d8927/N+5AH2IO+XwK+2Q8PDmSP/o6MgfAj+dyyA
- hFuEhwcAP6rgHMIezh2GASDq+JNT/JaA0xUIloExCZAHybBPN4HuIlgRaUgcMgvFh+pD
- h2GEMV+xHQTlhBlEl4gvkWTjqkgnyBko3CkbqCEae9r79EQM9ozVTF9Z+FhN2XzYIzii
- OOO5krmzeAp4y/gq+SsEKgRLhPKFM0SSROPFosQjJCIkY6XOSJ+UEZNFy76Ta5JPV/BW
- 1FXiVkYoL6h0qZarXVL30bDSVNUS0mbQIdQ50P124rPee/1pg0nDcaNx40mTCdMxs9fm
- oxajlmNWk9bvbD7artpt2B86EJ6icKQ4Te5E7kyOp3ShdqV3Y3bn9OD3FPdS9Db2CfMt
- 8uvxXwkkC5IOtg6JCM0KuxveH7EQuR9FHS0coxvrdDYqLiv+zrnn598n7FykuCSYqJlk
- fzkkOS2lLnXgyo905qtGGXHXGjPXsvmuO+Vk5T7L274hUGBfeLnoYfFiCWWpWplvedqt
- ior2yomqHzW4WsE6vdued5Lqa+6+vPftAV2DWqNHU2pz/cPBlrU2gkccj+WfmLTbPLXo
- MO7U79LuVu9Rfib/XKpXrE+on6X/4MX4y7sDia8cBkUHj4YGh2+MeIxKvgavp8aa32SN
- B02YToq/pXi7MTU+3TZT8i5x1v+91ZzSPMcCdmHtw/DHxsW8T7GfHZeUl5mWd1fGVxvW
- rn7x/ar7jePb0frhD74N+83rWzPbkjtZu0f74Qcbh5FHR7D90YAGjhGdQAFYgmSgZGgN
- YYcYRTrC8VMx2hxDhfmIfUJQQVhAlENcSNKN2yNTJo+n6KFCUqvRxNDW071noGaEvTJz
- EksVay/bAvtXjk+cY1xPuCt4rvAG8Znw8/EfCAwKFgp5CksK74p0iCaKGYuziW9LDElW
- SsVIG8kwynyUrZMLkpeU/6FwTzFUSU2ZRvmHyphqi1qherzGaU15LSKtEe10HQ2ddd2n
- J27rFelnGqQYJhklGaeYZJjmmd00r7Kot7xlFWNtYsNps2P72q7RvvBkmkPyqTTH/NN3
- nFqd7+OrXUpd890y3a94JHqe94r1jvQJ9Q3yC/D3C/AJ9A7yDvYO8Qn1CwuEA+nwyKgz
- Z6MSopNi0mKzzxbFVcU3nOs8P5ywcGHrEmEia5LsZbNk35TE1NIrT9Lepm9lUF4TyzTO
- 8slOuH49pyb3cd5I/uKN/UKKIv5itZu2JUGlyWU15X23lioJqwSqDWp8a6/U3bk9dGf9
- LuU96fvWD8Ibrjc2NI00f2nBtnK0KT4yf+zyJLj93NOrHQWdVV33u9t6OuHzarD3dV9f
- f/uLxpe3BypflQwWDuUP543kjha8rh5redM3/nZiZXJ/CjfNNiPxTnvW9n3IXO58x8Ly
- R6pFtU9+n/OXepe3VrnXTn+p/Ua0fukHw8bAVvF2ym76fsWvgb/szwCUQTBogUjgM6AQ
- 2obt/wyOrcdQIWh29ArmMbaGoInwDdEmCTVOhNSKLJq8iKKd8j01ikaQ1pDOkz6GIZ4x
- himaOZolnNWfzYXdnEOJk5nzJ1cXdxyPGM8sbyqfPN88f6KAoMBzQRfBA6FsYWHhXhFX
- USBaKKYo9kY8SAInUSOpK7kglSDNI/1a5oKspOy83DV5Dfl1hZuKZkpA6Y6ygwqhSquq
- txqT2pD6JQ0VjS3Nu1p+2kLaKzo1ul4n+OFzolLf3YDH4KNhuRHemNX4nUmxKd6M22zF
- /L5FtKWOFZXVvPU9mzhbYzsmuxX71pOXHWxP8ZzadOw5nePk46yGp8Ovu7x0rXJLdHf3
- 0Pbk9kJ6LXh3+pT4xvud9lcIoA74FjgQVBucEuIbahwmFk4Vvh0xFfn4TFFUbPTJGNlY
- ithvZ6fi3sSPnHt1/mVC34Xei72XehN7k55f7k7uSulO7b3yKm08fe7qasbWtb3M/axd
- 2Luu5szmDuW15zfdGC5YLcIUc91UKzlVGgX7zcZbAxULlXvVNDVStVZ1Z24X33lev3qP
- 8r78A6eGxMb6pvHmwxa+Vou2uEe1jyfaUU+lOvCdGV0d3WvPqJ8r9Dr2xfUXwh5tZODH
- oMFQxQhm1O/12zem4wOTZm/fzbDNNs53L4Ysj3x9uam8e3hs/z+1pWOfgJEFoLwfAFsJ
- AMwYASjagMsk6wCQBcLPOACsFACCawJAL1QAZL76j//AwjUZAaAKZ5a+4AJ8ijSAAfAJ
- gis5kCxkCnnDWWAx1AZNQJsISoQEwhwRiriOaEPMIQmRMkg3ZC5yCEUAVxjOotpQe2gl
- 9Dl0L4Yc44i5jTnEmmMrsQcElgS1hAhCH8IZIjOi58RqxK0kMiQNOClcE6kiaQeZHtkQ
- uR35AkUAxR7lZSo6qkpqOeo+Ggeab7QX6RjpHtJb0W8wZDPKMr5lOsvMydzPEszKxPqM
- LZidi/0dRy6nFRcl1yjssWx4GXnfwz4rQEBOYFfwvpCPMI/wB5Fboh5iQmKb4k8l0iWd
- pKSlSaQ/yXTJlsidk8craCsKKJEp7cDx87DqU7V76rc08jWvaV3RTtJJ0D17IlIvSN/T
- 4JShmZG2sZyJoCmLGYU5kQXWEmtFaE1iQ2nLZMdrL3VSy8H6lLdj/Olcp3bnby4crlZu
- l93bPTa9BL1dfG74jvmTBugHJgY9Dd4NlQuLDH8UiTxjFlUavR1rfvZ+PPW56ATkhexL
- /Intl22S11PT0kTThzPCM5mzdq+v5M7lzxZ8LtotoS9TvxVYWVbdWNtz+03953s7DURN
- LA/FW7Uf2T3xe3qhs7j7ybP5PqIX8gO+g6XDU6853gROdE0xzkTMTs6rfbj9iXlJaQW3
- OvEl55vB+saPjE2erfvbsjvNexL7Vb+YD9N/nx9UQBiu8jiBKJAFVw76wAdwCDFBcpA5
- 5AclQeVQBzQLHSLY4PzeHZGKeICYQqKREkgn5FVkJ3ITJYhyR1WhvqDl0BfQoxheTDxm
- BquKrSSgIDhPsEXoTzgPZ8MviLWJe0j0ScZw7rhfpDfIlMkmyP0pAEUWJT9lB5UjNYL6
- Hk0ArSYdG91z+gAGaoZHjHgmLNMdZkvmPZZyVhPWfbY69gsc7px6XELcxNyLPG28l/nM
- +Wn5JwXyBEOEzITFRChEtkSnxDrFayWuS16QCpF2lbGW1ZdTl5dXkFAUURJUFlARUBVS
- E1OX0VDR1NWy0D6t46cbcyJVr0C/zuCx4SujWePvpigzBnNhC3VLGyt/60SbUtsndtP2
- +w7Mp9Qc3U6nOLU5r7vwu7q4FbpPedJ52Xrn+kz5sfq7BNQEfg+WCjkT2h6OiTCLLDiz
- FC0Xczl2Ok4s/tK5dwmyF7Iu/ki0TGpJZk9JTd1L809fyHC4Np7lkL2UcyaPKL+kQKlw
- qvhsCU/paPn5CpnK1equ2oLbYfUm9/geQA3TTU0PM1r9Hqk/QbW/6Mjscujhe7bZ29Wf
- 9dLjlcIQ2fCn0aoxl3HWiam3udNW7yhnh+cyFsw/Ui9Ofs5dVl2ZXMN/mfymup77fWGD
- ddNsK+Zn4Xbzzqvdmb3l/R8HO78ODn+fH3D1VAjowRWlOJAL7oN+uFK0DZFDgpAu5ALF
- w3u/HZqDKz18CCN45xciehE/kYKw9a8jB1FEcF0mBTWMZkL7op9hxDDFWCpsOgEVQRlc
- G3lLFE3MRtxPEo0Tx62S1pF5k7OST1LkUNpRsVGtULfSXKP1pdOj52PAMiwxDjDdY85m
- iWX1YrNlN+TQ4lTlUuHW4jHmteNz4w8WiBdMFyoSrhN5LDoitiyBluSW0pX2k8mV7ZZb
- V2BVNFKKVq5WmVDDqMtp+GiWak3r0OvanSjU+2AgDUcZMyaSppfN3lvIWWZafbExtr1v
- z3gyxeHIMeb0gXM4/oUrp1u0+xgcZ6Z5r/oa+t0JoAqMD1oNsQntDBeMyIIjTPfooVjN
- s0/jNc8NJDhf+HWpPMns8k6KR+p4ml56W4bYtYosluzcHKrcq/m0N8oKRYtab2qW9JeZ
- lo9V2FVOV7vVfK2LvoOpz7nHe7+lwbBxrjmiBdda/kjp8Vh7QAdhZ0W3Vs/C84Q+7v6X
- L2NeiQ0uDVeO+ozJjGMmZt4+mJadaZ1VfN86L7Nw5yPHYsanvSWX5d5VQTjXiP0a8M14
- nXd95fvdH/YbiI1bmzKbz7est8Z+Wv4c3TbYfrIjtlO2S7YbtbuwZ7TXuE+/f3Z//kDn
- oOoXwS+vX/2HgodJh4tHWkelx/s/1ENK8th7AIhEEw4mZ4+ONngBwGYC8Ova0dF+2dHR
- r3I42YD/A+nw+/N/xbEwBq65F8I5CQC9Lu9Lj+//fv0XqSaZeAplbmRzdHJlYW0KZW5k
- b2JqCjU5IDAgb2JqCjU5NjIKZW5kb2JqCjM1IDAgb2JqClsgL0lDQ0Jhc2VkIDU4IDAg
- UiBdCmVuZG9iago2MCAwIG9iago8PCAvTGVuZ3RoIDYxIDAgUiAvTiAxIC9BbHRlcm5h
- dGUgL0RldmljZUdyYXkgL0ZpbHRlciAvRmxhdGVEZWNvZGUgPj4Kc3RyZWFtCngBhVJP
- SBRRHP7NNhKEiEGFeIh3CgmVKaysoNp2dVmVbVuV0qIYZ9+6o7Mz05vZNcWTBF2iPHUP
- omN07NChm5eiwKxL1yCpIAg8dej7zezqKIRveTvf+/39ft97RG2dpu87KUFUc0OVK6Wn
- bk5Ni4MfKUUd1E5YphX46WJxjLHruZK/u9fWZ9LYst7HtXb79j21lWVgIeottrcQ+iGR
- ZgAfmZ8oZYCzwB2Wr9g+ATxYDqwa8COiAw+auTDT0Zx0pbItkVPmoigqr2I7Sa77+bnG
- vou1iYP+XI9m1o69s+qq0UzUtPdEobwPrkQZz19U9mw1FKcN45xIQxop8q7V3ytMxxGR
- KxBKBlI1ZLmfak6ddeB1GLtdupPj+PYQpT7JYKiJtemymR2FfQB2KsvsEPAF6PGyYg/n
- gXth/1tRw5PAJ2E/ZId51q0f9heuU+B7hD014M4UrsXx2oofXi0BQ/dUI2iMc03E09c5
- c6SI7zHUGZj3RjmmCzF3lqoTN4A7YR9ZqmYKsV37ruol7nsCd9PjO9GbOQtcoBxJcrEV
- 2RTQPAlYFH2LsEkOPD7OHlXgd6iYwBy5idzNKPce1REbZ6NSgVZ6jVfGT+O58cX4ZWwY
- z4B+rHbXe3z/6eMVdde2Pjz5jXrcOa69nRtVYVZxZQvd/8cyhI/ZJzmmwdOhWVhr2Hbk
- D5rMTLAMKMR/BT6X+pITVdzV7u24RRLMUD4sbCW6S1RuKdTqPYNKrBwr2AB2cJLELFoc
- uFNrujl4d9giem35TVey64b++vZ6+9ryHm3KqCkoE82zRGaUsVuj5N142/1mkRGfODq+
- 572KWsn+SUUQP4U5WiryFFX0VlDWxG9nDn4btn5cP6Xn9UH9PAk9rZ/Rr+ijEb4MdEnP
- wnNRH6NJ8LBpIeISoIqDM9ROVGONA+Ip8fK0W2SR/Q9AGf1mCmVuZHN0cmVhbQplbmRv
- YmoKNjEgMCBvYmoKNzA0CmVuZG9iagozMSAwIG9iagpbIC9JQ0NCYXNlZCA2MCAwIFIg
- XQplbmRvYmoKNjIgMCBvYmoKPDwgL0xlbmd0aCA2MyAwIFIgL04gMyAvQWx0ZXJuYXRl
- IC9EZXZpY2VSR0IgL0ZpbHRlciAvRmxhdGVEZWNvZGUgPj4Kc3RyZWFtCngBhVTPaxNB
- FP42bqnQIghaaw6yeJAiSVmraEXUNv0RYmsM2x+2RZBkM0nWbjbr7ia1pYjk4tEq3kXt
- oQf/gB568GQvSoVaRSjeqyhioRct8c1uTLal6sDOfvPeN+99b3bfAA1y0jT1gATkDcdS
- ohFpbHxCavyIAI6iCUE0JVXb7E4kBkGDc/l759h6D4FbVsN7+3eyd62a0raaB4T9QOBH
- mtkqsO8XcQpZEgKIPN+hKcd0CN/j2PLsjzlOeXjBtQ8rPcRZInxANS3Of024U80l00CD
- SDiU9XFSPpzXi5TXHQdpbmbGyBC9T5Cmu8zuq2KhnE72DpC9nfR+TrPePsIhwgsZrT9G
- uI2e9YzVP+Jh4aTmxIY9HBg19PhgFbcaqfg1whRfEE0nolRx2S4N8Ziu/VbySoJwkDjK
- ZGGAc1pIT9dMbvi6hwV9JtcTr+J3VlHheY8TZ97U3e9F2gKvMA4dDBoMmg1IUBBFBGGY
- sFBAhjwaMTSycj8jqwYbk3sydSRqu3RiRLFBezbcPbdRpN08/igicZRDtQiS/EH+Kq/J
- T+V5+ctcsNhW95Stm5q68uA7xeWZuRoe19PI43NNXnyV1HaTV0eWrHl6vJrsGj/sV5cx
- 5oI1j8RzsPvxLV+VzJcpjBTF41Xz6kuEdVoxN9+fbH87PeIuzy611nOtiYs3VpuXZ/1q
- SPvuqryT5lX5T1718fxnzcRj4ikxJnaK5yGJl8Uu8ZLYS6sL4mBtxwidlYYp0m2R+iTV
- YGCavPUvXT9beL1Gfwz1UZQZzNJUifd/wipkNJ25Dm/6j9vH/Bfk94rnnygCL2zgyJm6
- bVNx7xChZaVuc64CF7/RffC2bmujfjj8BFg8qxatUjWfILwBHHaHeh7oKZjTlpbNOVKH
- LJ+TuunKYlLMUNtDUlLXJddlSxazmVVi6XbYmdMdbhyhOUL3xKdKZZP6r/ERsP2wUvn5
- rFLZfk4a1oGX+m/AvP1FCmVuZHN0cmVhbQplbmRvYmoKNjMgMCBvYmoKNzM3CmVuZG9i
- ago4IDAgb2JqClsgL0lDQ0Jhc2VkIDYyIDAgUiBdCmVuZG9iago0IDAgb2JqCjw8IC9U
- eXBlIC9QYWdlcyAvTWVkaWFCb3ggWzAgMCA2MTIgNzkyXSAvQ291bnQgMSAvS2lkcyBb
- IDMgMCBSIF0gPj4KZW5kb2JqCjY0IDAgb2JqCjw8IC9UeXBlIC9DYXRhbG9nIC9PdXRs
- aW5lcyAyIDAgUiAvUGFnZXMgNCAwIFIgL1ZlcnNpb24gLzEuNCA+PgplbmRvYmoKMiAw
- IG9iago8PCAvTGFzdCA2NSAwIFIgL0ZpcnN0IDY2IDAgUiA+PgplbmRvYmoKNjYgMCBv
- YmoKPDwgL1BhcmVudCA2NyAwIFIgL0NvdW50IDAgL0Rlc3QgWyAzIDAgUiAvWFlaIDAg
- NzgzIDAgXSAvVGl0bGUgKENhbnZhcyAxKQo+PgplbmRvYmoKNjcgMCBvYmoKPDwgPj4K
- ZW5kb2JqCjY1IDAgb2JqCjw8IC9QYXJlbnQgNjcgMCBSIC9Db3VudCAwIC9EZXN0IFsg
- MyAwIFIgL1hZWiAwIDc4MyAwIF0gL1RpdGxlIChDYW52YXMgMSkKPj4KZW5kb2JqCjY4
- IDAgb2JqCjw8IC9MZW5ndGggNjkgMCBSIC9MZW5ndGgxIDEyNTkyIC9GaWx0ZXIgL0Zs
- YXRlRGVjb2RlID4+CnN0cmVhbQp4AdV7eXhURbZ41d17Te97p/um01v2hWwkkCZkYwmG
- hCVBggkkbIoghgiMYFAcISqKKET0qSiyqmlChAbExzggOuOMqAwqLm8cwXHmmee8eeiM
- Qrp/p24nATLjfP7hN9/365tTVaeqbt1Tp06dpe5N+/IVbUiFOhGName1LJuPpF/GCwhR
- 6+ctaVkWx/WjEMKr53W0u+M4G0CIvmX+sgVL4rjwKEJy54JbVg3eb7iEkDVrYVtLa7wd
- XYE8fyFUxHEM46HkhUvaV8ZxXR/knbcsnTfYbggDXrakZeXg89HHgLtvbVnSFu+fsQHy
- 5GVLb28fxJMhb122vG2wP24A+t5GGGrdaCmSoZsRjyikgasJIf5LuRMx0Era4deapthy
- U0LJN0grSPhNNQ9J+eviK+f+3nbFr9gsfAcVsqH+JOeC0SBCSgzt/YrNwy3SfZC4I6g+
- NYImAJQC5AGkpo6zoE68Cz0M8AwAjRbh+9EqgI0AjwMww6W9gB3B9/cyQugoXoVseGJI
- wbimGawui1zhejeCub6nXB9aPj+GrbB6n2FrrwrJxsnxM/hp1Ipc+HnkxatRNQrg7QeD
- t7iaoWkvWgbQCUBLKcZ7exNzXK/iNORlMNzjQ4kMPuT6Y3a662J2hMK9rtf8EQayXyQC
- FkpwnXA+5fpP5wLXqwD74037gtDjkGuv8xbXlsQI3t7resQZwXDP5ni2wgm3HnItCW51
- tWZL7ZO3Rqj9va4iaJ8RUrjyC0VXnvOCK9MfETDg6c7JrpTs37iS4Ubo5oZBvSGty+Hc
- 4hoNTYnOCv9ogGN4H34CpeAner0TXUehCNM9OCFYuDWCf3awOpDtjeDVofzqwNZgtd8b
- nOzyBiv9fijPeINfz9/Ij+Nz+FQ+wPt4kbfzBkEnaAS1oBTkgiDwEfxCb6mLO4b3o1Jg
- y/6DAiewEfwSVDLH8ItS5YuHBUagBCQYIrHfg/BiZIjg/X0aUoLCIU4qcRH84sF41Ysh
- F0NKjNSgoUgZEkgRhQUKTURh/GCEQ/eaOkotpbqx2qLK8h9KmqWWoTT1h38W7AxvnVTf
- EN7nbAznkELM2TjU3TJU+MG8fQU0tZWlpk6qW3WwY9ni+RVtnopmT0UbQHP4/o6FlnDn
- XLf7wOJlpMEdpn3Nc+ctJHlLW3iZp608vNhT7j7QId03onk+ae7wlB9A8yumNRyYH2or
- 7+0IdVR4WsobD84tW9503bM2Dj9redk/eVYZGWw5edZc6b4Rz2oizXPJs5rIs5rIs+aG
- 5krPIpOvWFRfdns7SKe7YtEkdzhQH54wdVZD2N3SWB7Bu6CyfAViTyANexwF2E5kYzKR
- C6HYhwDnSR6dHvuCPY000SWx/6WLYVGPEKCipSXoBHoQPYF6EIf2QDmA5qBu9CZeDHt7
- NupD53AiygDdy6AImozewrHYO2g+2gn929Fr6DF0ACnhniXICK2bsDe2GvAQlOei9bFn
- UTIqRD9Hx1ERjLoJ9cf2xg5Cax2ajvah/XD/r7GHOsDoYy/FLiABTYUx10PLO7HJsR6k
- Q2moDNVC7Xr0KvbS52MLkQUVA3VPoqfRDvQL9BW+G/fFFsY6Ymdin4GoWpAD1cO1Bvfh
- z+ge5uexJ2N/jkWBEwGUAk9tRlvQczB+D1wnQLVW4JtxO96CH6NC1N1UH3Mva44OAB+C
- qAquatDKG4ADR9BJ9Ff0Hf6astAaup0+FcuL/R9SoEkwSzKTNtQB131wbYI5HcMczsLj
- cS1egx/Fj+H3qBRqOtVA3UGtpL6gp9Cz6VX0e8ztTC/7ANvNKaLfxI7FTsd+h8zIiW5E
- y9FamN1r6Ay6hL7HNIzlwF5cjMvwHLg68RPUEbwDH6Fq8Ql8htqH/wt/jr/GlymWUlJG
- KpVqp7ZQ+6nXqN/Si+jH6Mfp/6K/YcayFLuDvch5+Y+ic6Mbo7+NFcc+i/0dVKyARFiZ
- MjQF3YRaYLbL0Ch0F8ziRbh6YNVOolPoTen6HDtQP/o7cAFhHbbhHFwD1xR8A56PF+Gn
- 8FG4XpVo+ZaChaBklJYyUw6qnppLLaE6qd9RnbSdTqEn0rPoHrjeoM/Rl+nLDMvoGSNT
- xUxADzBLmO1w7WL2ML3M22wRO5adws5gO9mN7AP0PPYd9hy3ltvE9XJfc38BtTiZX8o/
- AKvzJsjsL0CWr/4YnAzU56Bb0TxcjueirbAaO3AL6gLpasUbgF/LUCDWRK+lq6gskIZX
- 0c9AWrejNWgjPRvtiH1A70Pvg6TcAkN2ot1MGXKy22B17kZZIEWDVyiYEgz4fd5kT5Lo
- BpXvsNusFrPJaNDrtBqVUiGXCTzHMjSFUVqFp7LZHfY1hxmfp7o6neCeFqhouaaiGbay
- O1x5fZ+wm9zXAk3X9QxBz/kjeobiPUPDPbHGXYJK0tPcFR53+DflHncEz5raAOUHyz2N
- 7nC/VK6Ryg9LZRWURRFucFdYFpa7w7jZXRGu7FjYVdFcnp6Gj4SAHfL0NKI4QkhBBg6j
- 8S1rQMGi8aRHRdjmKa8IWz1QhjbaW9HSGq6d2lBRbhfFRqiDqroGeEZ62qIw0InuV7Z6
- Wu+PhNDcZlJqmd0Qplsaw1QzGUubGjZ7ysPm1RctV9GhUsUD1zSGKW9lS1tXZTjUfD8w
- l6DNBGt5ALBJ9W4Ylrq3sSGM7x0kgtC4GCgl5MZtgrd5sTss85R5FnYtbgbmorqGXlvI
- JinfMKpt6LWGrBKSnnbEsrZYhNkfSR+XPo7kxaJlbTz/4z3x+ndPkNyy9uTvIZ9UN8wA
- TDjgmQB0ht3zpId4gNhCkrQVoq55hcAn+DVimOYioGd8mAKZob1h1juhJdxZP0TGwvI4
- cc2Ly3tlVptkhMoaoX9zl2Y0rBT013jcXd+AtW729H91fU3LYA3n1XyDSCNZ6GFZCeOW
- oXIHMZZemPVCi2chWd8OaU0B91gqrqkAnLCG0Bw2gAGvbRDD7kaoAG8ybVIEyWobDmC8
- qTGCY/dGULnzCPio9E1zoDmNiNqicng+IOlpUJEiQikjzV0JT64ksuLucndNaO1yV7oX
- gjAxXimHhrauxkzgYH0D8AlNgyeGGu3DxbbGxtEwTiYZB26B7l2NMMLiwREgl6oyB6BT
- VhoYU9pX2zC1IdxZbg+HyhthFUB8T9Q2hE+A5DY2Qq/sYUqB4jWLLIM05wDN2SnQnhsf
- BXyXThiisauLjFnf4BHDJ7q67F1kv8XxCEYjK0KDFRFEuhCWR3BnLdwLmUe0S2sgekQg
- q5HwdBSI9JBEgc/+rzmcP0w33FkA1OZLHC78iThc9GM4PPpHcbh4mNLrOFwCNBcTDo/5
- 93F47HUcLv3XHA4N0w1EjgNqQxKHy34iDo//MRwu/1Ecrhim9DoOVwLNFYTDVf8+Dldf
- x+EJ/5rDE4fpBiInAbUTJQ5P/ok4XPNjODzlR3H4hmFKr+NwLdB8A+Hw1H8fh+uu43D9
- v+bwtGG6gcjpQO00icMzfiIOz/wxHG74URxuHKb0Og7PApobCYdvHOZwyB5G1+rhzhFq
- F/3kinn2NSwHT4nVoTKqCPUAIOZ2lA1QBlADMAnqPodA2wNl0lYH0AF4MeSFANXQ7oB8
- DMB6fJpA7DzkG7l9aD2pAyB9O6h9aCPcR55jBrwTygoAI4ADSBg6O1IiDhNfNgNitXhA
- Dwh4//BwxEK0Q368lP5wEj90+uH2qy0yKMohOlLCmY8aJcBplhYiOT3UGiBGNEGcY4Gy
- FdmQXaISgWedePX2/89LEHNLv1FoGlqJk3GEmkJ1UydpjrbRF5gpzBm2hOO4Ou57fiK/
- ku/lzwq1wguyZNlW2cfyVxRKxXzFM8p8ZTeMQUFchqD/cVgpHpXGz+qETHCoAARNBKEz
- AASHMv1xBDEACMr8x+iotJ4zUo/CKCyakZqVnasVtX6AMmZT5Mof2OPfj48wNZfh3Ack
- ogeSTnQenuML6XEKLWfNZhtuRVaGbRXntcEZzJRLNQNTKtrKv0ClNf3ZWQW5Rk/PO++c
- h4MFcj/8qMUSnakhM4/NeBsErhTl0NE0omg5ETnammk5i0pLSkvY+zJS12hO4iaciz34
- 3e5oRjehhoyTHfuQsbHbUTY6GXJNUNantwXnpa8IrkjntvrwJCFVbkk1qOjvsg15Kghm
- PCGDNk9zl0qVbc9LZvm8bJVlq79cG4FTyAR5YcZSyhV0r6P9VG5VjqbjpOVs/6V+zTf9
- kKLS/tJ+XVHmpYEvNP2afq2uCANkZ41fFcrPzLL6kIz1Ob1JPg7RAcTQQpY8gB0eVwDZ
- vJYAZjAfgCWAJFG0B7DVBwkcm6amYgBNCSmtW7cONeEmhsrLNZlNuTn5eaN8niSOz0vE
- uTkFcYzneM+ognwxByJGKCdiowF5sOniK8pA5eFNL7y8Q+fVO3ymtnHLu9v6Knxsb+hW
- bPzoL1VplbfdFf3r3/3Y/Mb9pbd1r3y0A+Onacpd+PDN7SvLVj+z7I1fHllfl+t0Hej8
- TTQaX5+y2MeMA86E3OhYKLVat8FFFSkr9TP1C/TMaEGp4pFSnqBWr9Dp9Tp1glun55He
- LDfnySM4KWRT3aVWO3WjExgmz33aqdLyhbalqNCdVCXGufpN/0lgaH/pAHD0wqUhbhbp
- ioqkhT6F4uwF/lqAwQGLC8soH50IBzJwnOtmHXwAyyyQYBcTQJwdEsEKDCcsBY5qSghL
- CT+b9Nfx0q8XjSKdX5Cfm8MYDZSYlOwf0K0JTXtm++HOpnszn1xCfTnw9Jic9NpFp7Du
- crS/J/p/Grxke3HiW3du3VkdktH0S9HlPr0Y/eWvo7869RYRYVQT+4jxsE+BXvKjvaGi
- O2zYLHgFv7XB+nN0H94g46sEuegX89RqA32az7Oz/jyQxyC1LrFQu9Qsp0rkydnmYFVA
- YsxA0Z2T6lauzrSA0A3KHBE6wiBJ1EZ5fQ53gglxrM+dkBjAPmNyADn0UCJyhxnapRED
- 2GvyB5BTBwmROyJiqTguZETK1uEmeFVgMnp8fhAw6io7PElIqynQibpB0TMaTLl01fFe
- jWfc+m298rFzZizuw8rof78Z/XjcGjx53YNrd7X3PP0g+9R366dnzYr+KXrlxvTAFxd+
- GX0PZ8PxjuIobv3+k/+8+9bT25/YQM4NMZx9ISYTZCoB1YfyWYWVKlSMVhapJqqmUzOY
- udRhXn6nqk91SkVTMqxSj0YJjExJqcCKLFULhbIX1NoqjcQm2JQXgSVFqLS0ZKAExAY3
- ZWc1YSNHwa6APaLT5xeIeUxmxcWGmenOjNPlX27cduVLtvM/xkf7ThzbPu9jvB1v/Z8X
- Xybr9zkQ1seIkr7MCdnYFJ5OQRwvl4E6Y3Erg6yCrFVceWdcocHjBlUa6DQNaDU9aDUt
- wOfvwI8Rzw9sGdRvntiH9BLQb3pUFkqScVZugWI1t41iVzJYJmN0lOoRRqb1IptR7uWt
- BmMETz0oPrAs/pT+KZpvaySVA4svTQ22u5jkG4NzyaIQdaDNpZcUzI/+4fk/H7v5tqez
- E0/hQ0cXvHLw4qJFK1ctGX+Ufk/SsTHwFGJtMLeEl3ElolgEOwNlAtnaPNEITagNXjvR
- qA72OjlNS4Bz0hL0SagwJQvLNQq70uHPrdYski3W8EWCTimj7Tl8ssypUTqLU6mMYPHh
- Yqo4J8Wr0/Cs4PAnmR0R3BXymJ0u3u/MUFDOPEUJX1LiMPDBlD3JtrH2oGNigr/QOmbs
- K3gbHCIewVvR4IQvSVO+MHASJgyrCroW1IOuSKszFzXBSmf0Z/QTfas1x/dBIL/AmISw
- 1YvzE0RkSbSLyOQ2iFhMQgWUiGxOs4iNIiSSRrhOwSZL/BuD1TgBg7AYMagDSdUSwRkL
- uhaO47SEyfAINfYk+X1+kvnyRuUX6LF6+ZSbGreKC3OWzM2ux31jjcp7Vj9YLMr3sH97
- 7njHCrNXmahNSfM1pZhkBb+987HjR7d1vT0rbcKuzUYHp1Y5MhfgW4Q0S/rs+skp9a8/
- UV3dPbDNkUTT9yq5Mk+oevHLGx7bqccXiFx2xD5lvOxr4AclomWhjF38bsf7DjpJSEiE
- ZURmJ8tr5YlOhcLgF2xuW4YmAweR1upy3yceb5KYWlIzcOHCsCABQ7VF2jj3LDoTJzdx
- Bh/WySEx8mYf1ssSfcAsUBZEb+pztYQVOq2Bkjhg9CQPKwUwTh09xTub3/ju2/Orp+UU
- 7aLmb9784M+O+KpeY18b+O+aqdH+6KVoNFzsqdm45stX93566J1tcw5IuhJOkOkzzBTJ
- i9sdytxtxd2WPcI+Cz1R0D5hoGkD57TxKqdBYeftdrPGr8NgirU2p9xvtjrgtRp/UFy+
- 5uoWKanpLyoi+jEuMVAgOxIMxijYtF6lUe5Dar0GZqlN0PBWwFhEixhTDK0wqXwoQQeJ
- zML5wDxz4pCaJMISNyCpkkFGJrMnAwQARCUuFblEHKg8DcrlqXOfm3s0y9e+MDFrwyPL
- 7rH2JP7l2LvfY91ZBzMl/P68e/YseWbHxxvv+N0pnPsFHH+PZmFdC2Pn6X5YVwV4sHeE
- cgrUVeqZ6t3MXjvrFQxUglODBKeT18spp1nBZugzNEGtzuZS+G3WRNd94vKya6cPC0z8
- kmvX1mZxyOQIY4sC5uaABFkpH5LbBR9MUFpdmJWOiHfcvzAis8mszdV68si0UN4oXe63
- j+xYs2PX6g17cVd91pgXny19YenB6Pdff4pv+vL9N3/9yzO/ogpGJU6inN+PfWxeA07/
- /s94JuiQ6th5xgY6xAFvb7xYGVq1TXjctttFs2oqgTUY1boEoyGkDBmEoA1PUhyiT+PX
- 6dP2D4QPZedcH3i+NH/pUZzWntZRswVWTE7YbnImF3E8bxKdDl7uNCm8/DbHbsdh2AOM
- 15TgdbBWuZLXqv0JTj9r8ydn8H6r1ec/K+6KCz/IviT6ZweIU0FsBdGkw3ICalzy4SRp
- qYSYiqXhdQdmGc7l02p0Gr3GoGE4pTfJnuwDD8jpw4lOmZn3IYVR7QPT5LGJUMVCIlhA
- rlQaSOL+XFx8wOKmpKasw7c1oduawNgCj01GMe7JFYAAETMlmVuUiyUzzPGY6jtXmK/T
- XPmafXjbg9OyDAf4G7LrVo2reyP6Z2z5A3YpAhNfvHMPiz1M1c3Tp94y8dnnTjXlVxVv
- zqh1aMAp5jCFy6K+FZV3H+zC5KMCsLcQz1Fm9l2InmpCqbyTkztpnGAoMqk4ndwK9k2t
- 0gbNOl6XoHapKfUVg9VivSIuWBsXsYGmopOZhFFDBg8USklp/1nYYjriQZnMRrIvOCOx
- gHDl5ea97Cnt0yabHVZFnbu3r/exx9iyUbMpaieFp7+06Uor/eSmPUAXjcZEi+kvQVZc
- KB3iy8OhmnzDBGGCrEFolG1Q7rXvce7170o9YleEBNqUFFSflCeBSWG4oNMq1znlCRl8
- RgbroDNMGelB1palVPtVY31+hzUz65oNcqm/iEjAwIVvYPWHbEpp3HWPq8E0T8CWqNAm
- ezU+T6LPhwI2SLQKtYgS1EqV15nkw357EPSEUidKqwtO1FU3CnwoWNW8XG3cNPvjXntB
- vmQtkrWgHhC4V4NaA0wMpu6ck5u3q2RZ9M0Xv1IfVvnH3PN2yEfnd695KXoZ80dx+c67
- Xq30brnztRvSou8wZWM94++7kvNWx/knnq/2lzwy45O62r9hJ1bhjOiOE703bX/5eM+8
- 9VS6tM7rgalEp5jAr0qDXSOYebPgZ/z6FfwKQdCrKL0RIa2T441KuSoot1mwMYhMVrMF
- vrY4KM6N6xSyvIPmApYZrEURJl6nZAwkl5kYRo92FPEaOSit7wvlzrz7T/XpRxKz71t2
- qA+U/8dTxaLnGp8amEo911HQsP3cwBtEDil4E4tw8WBMmh9y8BcZEE6OlnwskNsgTxMv
- a99VSk4OlJwcFjspegSLJPlZ6w/Dj0m5fI49LvnfsfPRWlwoja0lcW09hK9E9GfAdymY
- xLUk3oVcdgbeRKuhgzbzKEggkuJbDEKLx2JwpsgqgpH348K+vuizq7L7fKVhldPF9J/5
- bhTjmc0culywYvRcitwIg2+EZIz0zGAIODsY+1JBiFgZ9pppXHUWiaOo9Wzs64uHrTAG
- 8ITzMlXIh+4NFfMCr+YSzIJZbU7wC35Qa9XWGYoFCqXHK7c5PVY5xZi9otPsVHE8xDsO
- L62XB2ADa4PwcQbutQXJNykh0PsZXhBYqz8QwaprF/aC5lL/paFg3FwCbnNNPwQVZimI
- HVpl4+Aqm4e8IFjswbW+ZtV7Q6Mab+uckpZc8mzbB1NSjt1cs/jxw7bgsvm7+5jM7huS
- x5QmV86of3LapoEC6subazftGthMHVuSM+mpt4k0SLJA98PeJ2c5c0LZh7nTHMVwBs5v
- 6ODaedagpAwWDXg3iLMo5DbeZkPKoMzmwBmWoBVZ7eBiXieycTUf3+Ewr/6rYovBizFe
- MxUit6B31RhkF6/fP3nfwgu1aYedWWtDwYmF6fY+vBvon1P39MxnifzOLWlVmcrybls0
- 8DYQCxJTDOcMIvguSjiJsqKHQ7ndwlbN46bnmT3CLs1eU0R4Q3ifuaj+k0E5WuCcFl7p
- 1CmsvNVqpPwJNrvMb7Ta7BEsAw9m0ELFnfxh3SSZojQ4kvMp9DKwJlrKh3kzlFgVlOQG
- pQ/kGRLBBA4LrYZEiutIQhyVZF3e4M4EL0UHgRxEtyjupPz+3qzJR5/fuvU5+CjjSvRv
- n0SvYN0fuXacsGvrnEev9O6/QJ+PfgUu20D0JZx6BRzjEPFTOqLTGS9MXY2SUHsoba+w
- 20wFBLdDq+acRj6BUzsdiiQ15bfYkuXgfYrBpASrJ/mfep+Si6IFCyzN0WGyI9bmY3zI
- DhNjTZBgq9qHaLM0J2laxAclHmd8zYwG8Dkh9JHkE16Uk60KbrnWQ72+21t59FiFF9Jo
- Rk9+6MafHYoebt++qi6ruG/Ve+92zj5wrHX7nTN30Qc2TQiUQIg6EH126015iRMGPhnc
- x9QjsAe16IaQz0/7VAV0FcOoBQ2llmllSr9AxFArF2x6TPwwZNXpI7gCNlbcRBIPe4oG
- jrdKa0pPDpwkXkb8UIjoTEn0hm0k7P39xp03sxanxq7Z8AhslSP5T1D0qzTVs3ygm+yL
- stj79CFmEtjDTJwReqhQ1s1u1T1u6DZ2p3CBZK8/X6wUq5Kr/DOSZ/rnJy/wrVKuUq1S
- d3jak9u97b5diXvS9DS4J2w6k6GHqNJudliM6YaMQIJikeDz5nspb5JKzqTqLa87nHqe
- cWZsT1Vk8jK1huJRpphpc1lMFr95bMDH+wO2bLXLrxmL/BnWrOzeYZ8KVEjcphZpoESm
- W5QJKWw54liRiI2olNukVZ6M0ymf0WvziWqXiGTwORqm0yDmg/haxE4d1NkNFhG7E5JE
- JCapVYJfLmKfVybH6RCMc0FIErUOEVtNkEiulWR8pUQSkSHBhzOz4UMevy+TuFMQqpEw
- jo+fcIDfbja5MPHADHEd/7XgLd/T2j3Gf/tDG8e1f3TkrzePp/axvrGPz19UEZhyx2tl
- iz789OvTPD6Ma2dlzZx5Y0UyeKNJKRPWdb+yadbCMTlVU0KVKVa9MzOt4tGHznz4DPUd
- 6HNz7GtKxs4C7VD3sipDfkKNI7g05GVMRWaaU8u1NlDX8GVOEBnVxgTaRVP0FZPVagN/
- azCiGeFvZRIlPVDSrxm4IBkP4mWRfTAUl/ryiMu159D+/T5jtirR4BrvXztr82Z2VvR3
- WwYqCvUKTG2SCesWUKe2gM2iUGfsc/pT2M/kJH1OaHTE8IaBkukFg1VvNQS4O+j3wW1A
- rFqOOJWcBd1l4S0WCJMy5EGlwmbDQULsu0MWuoYoLyL+w75VaQkRCOIuwCFtnFBwekhg
- USD5urAqWi8utGXd80q5t28f5Rm1YMvF+nTcw2QOFNWNat4z6z8o9eV3nhqTMu3xuo3U
- BzayPxWgeD9jMiHPI5YdLDgx8TQAByADS06RNxHw4KPwVmKoJAyWsrL1uXZslmEP/OHE
- P3373UfRbXjVF9Fvo9ELeBWTGb0Pr2IHLg98hB+J3kp5iW2nkDE6QfJNiZb/VejWLuMG
- y24LzXNmrlBXrWvQLeDvoO/gHzB0o21st3GbaZt5D9pj0lSjScYq85tGppx9naXuY3eh
- XXg3u8fMJgdYi9FsAn/HqFQkOAU1MQomOzldQrjHbLT0KB8ygW04G3e8rXBqfsEyUFQE
- f1bJBbLETUTNQFEOnIeXlpSUED0DHy6GdEZ4NWJaojObLSzGS3QIWeD4VLPmpJQJkOMm
- 2I23kQM/nMvRFE9JG0A6Us4vGIsL4DidpsXTvnvmlj3Z+aQvmJiZosnJ1LBj1dH2t7AL
- M5kLopujX70Und/HCTtVnGgRHk1mplzppu8mNhHiC3qlFF/YwZdvCeXbL1rR1TjDCYGG
- SysXYa72xKDF9Q/hhlt8V1wwGNEOi/+5q2dscPJP9gAJOkr78Q/HHd68XCMPovYP8Qel
- 74PfP0YhrrfeOn35nLTeZNURnJHBQdg/+bmhjryJMklW34acELGUoXJUgSqlb/0mwOet
- 5Iu+GnSD9M1hHXxHOB3NQDNRA3yXNxudkMbEMAKWShy82UIVNXVl1VNTq9tu6WhrXzSv
- BVriraTLBoBHAXYCkG/HTwKcBbgAcAk6MgAGgGSAUQDlANMAWgHaAdYDPAqwE6AP4CTA
- WYALAJdAwBkAA0AywCiAcoBpAK0A7bHBHzwLDZcx2KTr8cwReO4IPG8Enj8CLxiBjx6B
- TxyB3zQCJxy7lr65I/B5I3CY23X9pbW+Zn7zR7QvGIEvHIEvGoEvHoGT96bX0if9L8E1
- z7t1RPvSEfiyEfjyEfjtI/D2EfiKEfjKEfiq6/HLkvT9P9FPsCsKZW5kc3RyZWFtCmVu
- ZG9iago2OSAwIG9iago4MTI3CmVuZG9iago3MCAwIG9iago8PCAvVHlwZSAvRm9udERl
- c2NyaXB0b3IgL0FzY2VudCA3NzAgL0NhcEhlaWdodCA3MTcgL0Rlc2NlbnQgLTIzMCAv
- RmxhZ3MgMzIKL0ZvbnRCQm94IFstOTUxIC00ODEgMTQ0NSAxMTIyXSAvRm9udE5hbWUg
- L0VNUkJIUStIZWx2ZXRpY2EgL0l0YWxpY0FuZ2xlIDAKL1N0ZW1WIDAgL01heFdpZHRo
- IDE1MDAgL1hIZWlnaHQgNTQwIC9Gb250RmlsZTIgNjggMCBSID4+CmVuZG9iago3MSAw
- IG9iagpbIDI3OCAyNzggMCAwIDAgNTU2IDAgNTU2IDU1NiA1NTYgMCAwIDI3OCAwIDAg
- MCAwIDAgMCAwIDAgMCAwIDAgMCAwIDAgMCA1MDAKMCAwIDAgMCAwIDAgMCAwIDAgMCAw
- IDAgMCAwIDAgMCAwIDAgMCAwIDU1NiAwIDU1NiA1NTYgNTAwIDU1NiA1NTYgMjc4IDU1
- Ngo1NTYgMjIyIDIyMiAwIDIyMiA4MzMgNTU2IDU1NiA1NTYgMCAzMzMgNTAwIDI3OCA1
- NTYgMCAwIDUwMCA1MDAgMCAwIDAgMCAwCjAgMCAwIDAgMCAwIDAgMCAwIDAgMCAwIDAg
- MCAwIDAgMCAwIDAgMCAwIDAgMCAwIDAgMCAwIDAgMCAwIDAgMCAwIDAgMCAwIDAKMCAw
- IDAgMCAwIDAgMCAwIDAgMCAwIDAgMCAwIDAgMCAwIDAgMCAwIDAgMCAwIDAgMCAwIDAg
- MCAwIDAgMCAwIDAgMCAwIDAgMAowIDAgMCAwIDAgMCAwIDAgMCAwIDAgMCAwIDAgMCAw
- IDAgMCAwIDAgMCA1MDAgXQplbmRvYmoKMzIgMCBvYmoKPDwgL1R5cGUgL0ZvbnQgL1N1
- YnR5cGUgL1RydWVUeXBlIC9CYXNlRm9udCAvRU1SQkhRK0hlbHZldGljYSAvRm9udERl
- c2NyaXB0b3IKNzAgMCBSIC9XaWR0aHMgNzEgMCBSIC9GaXJzdENoYXIgNDYgL0xhc3RD
- aGFyIDIyMiAvRW5jb2RpbmcgL01hY1JvbWFuRW5jb2RpbmcKPj4KZW5kb2JqCjcyIDAg
- b2JqCjw8IC9MZW5ndGggNzMgMCBSIC9MZW5ndGgxIDExOTQwIC9GaWx0ZXIgL0ZsYXRl
- RGVjb2RlID4+CnN0cmVhbQp4Ad16e3hURbZvVe1n736k36+k093pTjrvEEIeTQJpQhIC
- SSAEgklMNAHCBCQaGESQwYmAAsEH6iAPmaMoKuKoTfBgIyOHw+BRQe5FZcYXo+MZfGKG
- mTlRBqF331W7Q4Rcv/n8vus3f9y9e+167qpVv1q1atXavWzprV1Ii/oQgxpaO3sXIOXK
- 7kWIjJvX0wkhvUyVCOHN85Yv8yhJxKUjxNy9oPdnPfG0GEZI8v9s8crh9y16hKxnurs6
- 58fL0WUIi7ohI57G4yD0d/csWxFPG09D2Lv4lnnD5WaaHt/TuWK4f3QG0p6bO3u64vWz
- ayBM773l58vi6ayvIWzrXdo1XB83A3//G2HITUKLkAotRiIiSA93G0LCF5IfsVBKy4Em
- 5TQ9dmNC2TfIICrNPR7I7aOR//L+9uKFM5cD6jtU1VBPpdSnBfAOnyFnIKTBUP6h+o6R
- ElpKr6QIasyKoBqgiUDjgDKz9omhl/FmZG4fCqmwm0Vq93uOvxzGuYD/Z8ozjHNDGi1S
- zVtb5p63dm1NxiQVrkXFLEZuXIX8Slg54H/WHcETB/w+CCbEAzJQ7IIUCqmK/e5o8Vz3
- 5eKIiEOJ7n/4H3JfAPrWX+7+xp/vfgvqnSqe4j45CcoH3CcyIwSC4/4Ii0MJ7tf9d7r/
- vTjD/WJxqXsgAHkD7n2TIDjg3l18p/uJdUrO45lKsMsfwTsG3I/R4ID7UWj/4bVKwZb4
- i2viQe86paNb9ivBzfsj5NkD7h5/mnsuvIhDane7f7G7zR90z54UwakD7nr62gF3XeCk
- u5Z2PeAOxTsqirde6Fc4HhvvNtt/yJ0e7yGF1g6Z3B5/ndsF7Wc/9rA723+De1JmBO95
- qSY9018TeLgogoeUPmgAjNLg5ngwL/AKfhpNQRm4FaXi7ftrMoBnvHnAvRaCHftr0otT
- I8wXIaN7f6AmsA6oCCgVqCmCZ4eyha3CfKFJKBCyhAwhTfAKyUKiYBaNol7UiRpREkWR
- F1mRiEg0R2J/CmVRKTLzsE4w4ln6ZJW4ntA4POCJCBYJmoYiPLrLurzcXm6caAhWV/7A
- o0PJ7KjM+v6yfx/NsmNX+OHaWc3hva6W8Fgaiblarir/f4l2VcDbtY0r9zeuPDenqstX
- 1eGr6gLqCG9a3m0P9831ePadW0kLPGEmrWPuvG4adnaFV/q6KsPnfJWefY3Ke6OK59Di
- Rl/lPjSnanbzvjmhrsqBxlBjla+zsmV/Q1XN9Gv62jjSV03VD/RVRRuroX01KO+N6ms6
- LW6gfU2nfU2nfTWEGpS+srKqFs6qQNwRZOCOohxuK3KxFciFUOwDoA9pKM+KnedOISkW
- jQ0yoNlwCqWPL2EzegEJ6CV0B2ibt9FerEI+NIjHovexC2ei95CMPkT/jZxoE3oMnlXo
- C/wtaJkvcTrUKUJr0L+hR2O9qBeVw/0F5pAFlaAvY6tir8cuogrUj45hAZuwK3YQ5aH1
- cO9AO7GGzI3tQ3ZUh24Drb4GvYE+iA3EvoL2i9Cn2IDz2NLYH0HAOMgJoo1oL3oJe7EP
- Z+LrY59Cvh14bEN7Y/Wx5fDeeaiVh6ajVdDbJ9iN03AW3oE/YgZjfbH7YGxJUNaE5sHd
- g+5E29BO9JxSay6bxFmg/UpUC2X3oTfRF+jvoHAzcAVeQX7PfMX8lS1ld8SOAR9N0F8H
- ehQzgIofN+H5uBc/h1/Ev8PfkmLSyQSZ37O97C7grQltQLvQK+g19A76IzqHBtF3KIpZ
- 4GkinoFX4V/De/9NCkg7WU3uIR+Q80w+8xErsJu4u7hDMTb2+9h3wHMyykSlsNJnombU
- BfcCdDO6Ff0SrcMC2or2od8Btx+jj7GE9TgP5+MpeDa+Ht+EV6IH8G78Mj6Dz+LP8JfA
- nYm4iY/kkeXQ3xqykTxHBshBMsgYmGXMauYI8xHzLWth29kjcH/M5XDL+CS+Vpgp/0r+
- OJYT2xzbAfNihduPMlAOmohZQLEHrYOZ3AiY7US70bPoeTSABmKXcBAdQ28BX5+g8+gC
- zFgS3F48FpfgBjwTOFyMe/Av8TbgcC8+AFwewofQu/hdfAluGTmIiuSQ60knWQn3DrSN
- vKPgo2G8TDqTw9Qys2J/Y55j9jF/Z1PZVnYJu4rtZ7exj3JJ3ATuOq6V6+W2cAe4E9wf
- uPPcEO/i1/O7+Rf5dwRRGCdsE2ScArx4cCp6ER0GqXuY6YW0H03G62BW56A3QXoH0avo
- ErqIjqCnsQvJDJ3NtNguFIltgNl8Bf078wtUhh4gD5FpsXJmD6PCY2MXoK0xMF9XbhTK
- zEgPpKX6fSlejzvZlZTodNhtVovZZDToE3RajVpSiQLPsQzBKLvKV93hCad1hNk0X01N
- Dk37OiGj86qMjrAHsqqvrRP20Pc6oeiamiGouWBUzVC8ZmikJtZ7ylBZTranyucJn6z0
- eSK4dWYzxO+t9LV4woNKvF6Jb1biWoh7vfCCp8reXekJ4w5PVbh6eXd/VUdlTjY+GILN
- QMrJRgcRCiE1bTiMJneuBuWKJtMaVWGnr7Iq7PBBHMqY1KrO+eGGmc1VlYleb0tOdhhP
- nuebG0a+inBC1vDr9D1QgqmNzdB3TvbCMPCPNmnm++ZvioTQ3A4a62xrDjOdLWHSQfsw
- ZIVtvsqw7fZP7d8nr8Sq7rmqMExSqzu7+qvDoY5NADpNdtBU5z2Qqp3lgWbJXS3NYXwX
- MEeZUHiPjyK+TaR2LPKEVb4KX3f/og7AHDU0DzhDzipfR2VLGDU2DzhCDiWRk33Qfkep
- F0A5mDMpZxINS732O+Lh52vj+W8foaH9jmN/grC2cQQXTPv2TQU2w5550AlgAbyW0EdX
- CeqfVwLwwdWCYZQLgZ/JYQKixKSGudSpneG+WcNsdHZXDjO3qHJA5XAq+1JFC9Tv6NeP
- hwmE+nqfp/8bBDPrG/z62pzO4Rw+Vf8NooV0/kdEKIw7r8SX0/0zFbakbruvm07fcmWq
- Ie2zV12VAWm6b+WAwZldG0GqhuZ9GN/XEsGxuyKo0nUQNhjmxhugOIsK3MJK6A4S2dmQ
- kemFGHBQDR1VU8nw9Hv6p87v91R7ukGk2FQlhIKu/pY8AGxWM8CCZjd7w6GWxJFoV0vL
- eGgnl7YDr0D1/hZoYdFwCxAqWXlRqJSXXQujSmtontkc7qtMDIcqWwB0EOIjDc3hIyC/
- LS1Qa8wIp8Dx6oX2YZ7zgecxmVA+Nt4KmDV90ERLfz9tc1azzxs+0t+f2E9XXTwNFvLo
- jNBwRgTRKhThCO5rgHch8HkTFci9Pi+w1UIxLQABviJAYNb/c4QLR/iGN4uA20IF4eKf
- COGSH4Nw8EchPH6E02sQLgWex1OEy/51CE+4BuGJ/xzh8hG+gckQcFuuIDzpJ0K44scg
- PPlHIVw5wuk1CFcBz5UU4ep/HcJTrkG45p8jPHWEb2ByGnA7VUG49idCuO7HIFz/oxCe
- PsLpNQjPAJ6nU4Qb/nUIz7wG4cZ/jvCsEb6BydnA7SwF4aafCOE5Pwbh634Uws0jnF6D
- cAvw3EwRbh1BOJQYRlfr4b5Rahf95Ir5+qsg515DO9ifw/E5iPpIMLaZ7EVfQN44oF3c
- HPQEhE9A2AR1Stk/o1UQTgHKg/h6eGcjkApok+BCfZBXAbSacaE1UKcC2rLQNMSdQDSe
- BPZZ3JcEDiHE4zWQ9qHf0gP8D1wEPG0/dIEP4KqLuyp+JcpficAZBoE/SzWS/r8jElID
- Lwg8S/TSoQTwfCFkQEZ4mpAZnhY4d9jgtEcvB5zy/n+5EpWBjMNl+AY4qb5O5pDjjJ7p
- Yz3sMTjL9PPJfDe/k/+TgIQ9giy2iU+pslXLVcelRWqivhneJXCKRnDmOQrzJKCJIS/H
- u+AswQouBkkc62IY4lTxggsjh6ja611cBo6W6UNl9dGy6fpvy+r10TJUXhYto5Q/psDg
- NQSAdrBPRC6f5I5+NzHCNl56nrJI6INdAv4EBrx7j4W+lrRigqRX2SS72qFyBlVBzTTV
- NE0zatW26pvNLfYWx0L7QsfKhK3m7cm/kZ5T70l4Wv+4/XHHIemQ+mDCAfsBxxu6D9B7
- Ce85v9J+lfC5+fOkiwkXkrJUWKVWmezYprebMnRp9ozk6xxbzE+ZNf2430mMFqvVwApu
- t4hYi0OHBaNDRwRjkpphLUlqjrW4JF4wuuBQZXBJGtGQpNaKBodOLxrsCSbBaE8wsxZ7
- gs1ttSc43VaHLtFtTVInu60uyWoxigLLG9wqnktmXVoM68WhIUwiq05KiuAnQzqjyyXp
- TWYba09IsNtplsXocOhcSQ57gk4tiQa3TmKhzwh+6iXg6aAVeIJ4yAqd3OVIcjF2yWuz
- OQ3/4XZ7fjbFnqUv00fBu1P5WT0qt5UNlcEMlOnjQXkZNhhtwfW5Wav1rwq2svW5dhqz
- lemVn1KYMOpary8ro5Q/Bi9d0o5NPsZbYPIVF5gKGIUEH1MA5IMCIDJv5lPT5Z4TM97M
- ebPntZ6nFr226I2cN2ZC6qbXbtoNOSdICfbLZ7B/D35I7qG0Rz6zR+7FmylRDdIHjxfA
- L8SgtJAJpzMSB6PDvcjBcr3eX8blrD4+QlReP5g/xuQ1ePtwnvwWzpT/QMUJx6AhEuHO
- QxstoTFBHCS3oeV4Pd5K9qCXyGvkXXwBqzEh7UYGtBABlwtiCCNhJ8dALy/jHuTFGfv+
- CiLtmH5W/60dRLm8rB7gCQ5jB2C04wJwF50YjP7uHHf+OwPtl4B3BxEba1PWTMEAMB/B
- lpCFSxckFQyCw70sXS693juvWi50quhAvh0eCqwT7xfKcGBIrE3+gzwBhsUg8Khxe2A9
- EkS12pnQTd0EB7h0qYQvVtXw3dIKaQO7gd/BbGG38XuZJ9k9fARHpNfx69J7zHuSBQs8
- T5CoUsFDwgJHzJKUaoSkmeNSjVAmiJnU1yqpwWnAqySGE9VaYFotsTwXweYBFUMgOCA5
- NF23LrVnLZ+uH7LXR4NB+BmCDkXi7HlU5OrLy8oAqTwQPE4RtVo41rBHEsPssZa4xNEM
- BjKYYy0UUworSJgQl7J21I69anDqeMEp48UkDy+PPIvbiCQP3Bj9ZIF8mLwMPpxKPPO7
- iRQlQASDNwyBV+Yo4PKb0M9OEdzMr2T6AYuLPOdgTnHEzhSzRVwNM4WdwrUwmxiR43hR
- FFSEIekMU2dkWXCXkHRRJQAUUCSA54RT8SqRI6zEMphIAi/yTi1RpSKHRrvd2wgIgL4D
- deeYrv+MCghISBmsLWUNcUJ9bpa4urZxxe36YwIHq0zPDqf0Ypl4DMRnydJ2tBQkF3tV
- MFTB4N2F80gQ3xfdTVbJy+TgQ3Rk0V3kxuiuy78m67bKJipfT8A41TBOEXaviaGkrXgr
- TzSZLKtjMhOIThSLTU4Lo03VOcygIlz7vY1zrrAJWrl+EJWXDxqDeSBouB2l+UDQxhYV
- IpZGIMpamA9W9sjg3+xZifPlf3wjvyb/L7LmIyyyHXPl6Yt+Lkffi/6FO3r2vCLrlJcl
- wIsEXqnmUKbHl2i3cAFTWiYGt1ZmBgm4RJcnxcTbUvhiW+J1emc2CqSmO7KyIzh5NGdn
- j0WPgSQYgkG61CiP0aDBFgQ+ga/iosJxgTRfkdWWjC1mXkgGV5rZZrVZvGmBtDyci+P8
- 41O4vXtcW8vY+R8+PX5MyaLbFzSJmmz5OR2vgaU+b4N8VH6HvMMelZfZM39xd64zWl1Z
- suG6hScyM7Y+Mq/LH0xMzU+eOGnjvTdED8OowMsa+4DTgQ7JBc/vE6FFYgJ8zUhzqB0J
- Nq8tbYGmS7sw5dMcdYY+w5LuTAuMt5Q4D1qOW85Y3s4+ZzpnvWj6znoxJ0GHDOoUuzvV
- Jqam6NSsPfd0lv100qQ8M8NOylLl2R/OM9hmiA+nO/PdRYbrUFGuY0y+gs9zwzM3ODSo
- TN2QITgIq2uwvGxwUD8I2FBtRBcPkDKd7dhqsxYMg5WHAZrCcQgm1UZR8qXwFoDMTetY
- zMjrQYUYr9Jl1B7oqbwzFNq487PmLdiDbV/iqaL8nri45qbb7qvOeUh+ummdfEL+TP6T
- fIDMxK91jb3enrt6anog2TduwoL3/wvzF87dVZLaMWdGwOmbkD65+9Xj8jdY+IxNB31V
- GvuILWFvBKsriMaj+0MzSklh0Uq8EbPvJeO0//ks83OfTsuBB97kzAI/JpuWm5abSTPY
- RHVKojV7vFvIlNTZY9XjTfWoPnd8YebENGeZsz4xR6wvdJSW/RY7kBfV4OdRXMaHkTpr
- CJ789FMFKjA+TgI+NqpglHVJ41nDaOlwAuYFgAVAKyoOFFEpA5wEXvBC3DsWgDKYQeJA
- zHJxAGr6UgDR4qJiE/kosXhMqDVQMXN82yPMczNSJrS3dmUmS/KgasoSbNq/aRNhkpLk
- 41qJKa1vW/ar/3yk6cleYjRYVBq9LdA4ddLi+89LCc7iyQVjU8vvb9s8ZcqrsmbctJJ0
- baZ3fGoop/CZR95ozbfg0/E9ZVXsz+xO7gjYrB5UEUpVedQ6owY5/EZBLXn8nNqyjjhT
- XG7JrQ2oHd6Ubd6G6cOLfujs8KofhHVfboiLCjJazMSXEkgLWOiyh7EWGOMLDMZO0WCe
- +Z+/vru+MT8of4mTiibV35Z6e3Jw+yPjk3/xS7ZVPv6NLA8UeRo2ckeiQ3XpYy8vG3hg
- Wd3me2tvuycS53dK7AN2HMy7C74w3Byq2m7dYyXrk/BUS7Ox27hCWmmMWF4zvW4R7YRn
- XW+z/mSnYNVJGv1LGr9ZnawvSnCjomSby+kRi2wOt2e9t2Z4PMpCMASjQ8pCGARlEaSr
- gYZ0TpfAvqGIOh0GXQpFxV6YNq+HFOpRASwEzOhF75iuzYVJSQX3zp+twj5p9t3yRfni
- P7DxbycxZ5cTyaEJ+RX3192xYuqGxXPWLDuESy5iBy6JfIl3w+AYlBc7w46HsfEgeSno
- 2dDUanG9eSveDnskVnG8nnPWctX6qZ678V0J690SY2VsJqvJViPWWetsU51t1jZbq/MM
- /pD90vW554JHPw1X6zdwa/UsbK1bQgUzdDfqbtExOl0i70/xCjZjdqLaypAUpsi2KiW5
- Q9OnIRqnn7h1W5IdPv+2EWSidKLb6w3Bs4N5oA9ATZwEZECLtkfzxyCw2pa0I5Br0JSg
- ROEWvMO6QkHIl4IMelSK8akeHT4krLp+wwdTQiY1iVr5ztJZzcXJNuxTt95z+ZR8FLs/
- NTPLfrFoya3nFtzc2Vd77+6KjLGJYzrnP4o1oIgT4fM9XBi+3CD2Bu4VOFmVh1I5EiDN
- um4da7YZkcZvE/SCJBZxTodJHzA47I7D3oaqUdsU7AEgr8pKVbQ+CCrdAkCL0Z3KMBEX
- MJOfLMwxy39MDvQsuVU+i5MmPtHK3lBdM+HOB6N9ZGtzUd3We6ID3CvRCzfWxuVyIzC2
- lzsBsyig0lBKHarDbagNPpvtA5XDxy00xAewABbawBWWlANN3EIrV4xNapwYwDYB2it/
- jL1xYuETpHzbpcN0j1bJNfgFpR8TKqX/f3gZjp8saoL/Pmj1sEZOxUN8JoKk4bjlDIog
- fV4EmfJeBv4QVB6Tr/SRjEGOC2HIZqp/AvgF+c/YJbfazWJmFnatOawtSKN9X5xPcEYp
- +9yl6U/+G5zSlDnYBOOl9iKDUkMmgrBiR6MABgt3ZHgjdnR5/pgMDGPaQ9uHl+J2OL+T
- bYUvckcn1aNiGBl8ooenFSgVaCGcphfBiXklhLdDuBHCfgi3Q7gdwmeADgJ9DlaZDup7
- 4esenPEADD+0aVeeqTAXbmjVBdpNBEsiDyTGBu/w8JVWhRPgDQOqR2aIJYP2c6EAhA66
- I2MftNcA34qHBeeYfmgwOHTlVADGGNjr8X0yru6RIvcWZliOQEVcEal41GuhihCUvo2G
- 3P33BHP1EpHPmNMWLM+xyZ+Y/Qtvz7TBZFsK82atW10/0VMyq3kx21pSHZxVvCg6kxyY
- mF43d9zU6G1kY2f2jBk5LdFeNvRokz9UXNDQkZMDI68AvbiT7QI0qL+hPpRuY7Co2aDZ
- oGdsWnvCAi3D+e1mQe3Xqe12kRTZnE6xyOBwOCN4+f6RpR63BgzBYVsARrcULV3ij29e
- iv72K9s77P0eZMHk3N13r169fv1qkit/LX8O99fYDCrNgc3Rd94Y2L17377duwcWyM/i
- pr9+jVvlp74mIZir1fIsdgfMvRZQnxbKsJlEKclJ/B7ByUt+k9qhE7V2bZHemcK7E932
- gOMH9x1FE8FCLgcVbYA9GFSRssEOa+dCI1U7yk5EF7UyAcyyn98JO01XWeNtq11YJUff
- XDMnL0f+DBtyx924ljx69KHpKw7X50S2kyBYJefBLnl7kr8q+jp3fteUjKlxuQe/E7nE
- toGFPO0gYvCU/SRBC0ehKSGHSdDyGslDxpAQYSxwtiE6dUCj2Mrz93sbFlyRpdPx43M7
- mMuU99NgL4P8GEB90i1yhFnyR7UpMVP7m1Iv2Mz6ivyGPrYNY/kMQ3rL10YvsBWHe9In
- U54IzP2H8D25E2WhbHRHaIZKz6c5tIyK9arVtdJU9RRvpacm411GdKV4NBJrzWKtzuxs
- o8Bmp6uzsxMsksdlrU8RLDlCfaozV4Nc9Qk5qD7LkZN71e44BAp/xFSETRHgjwtJ9KT+
- pGJM39B+AxxbFdWv7PipipEIYn+NkUg3CDCzfZ40sBHnqZIL7589Lz1djh2sqxt8902M
- TfKfeUfekvYZmZmxvU2z/3ZZjn0DH9fb6jzBsWPHOBwTcqsq+7a+/8TrxZ7x4wP5VltJ
- +szGVY+ffH8PPWxjZIl9RVZw3aBHph3QZye4NdmGl/ESxOK2kFVAbTzm7TA1CfwQqwqg
- B2GewCei2+/toNNzuuxsFFwadH7+Au4NOGEOlkeHzoIPoJD6mAosPkPcnrMIPBjABss2
- 7Ny3L+U6rUu3/vi0MUzPCTxGPnUiemSyF+PfwzEtfwF5lMp77Au2CfZ16gGsC+VKVqc1
- 01pinSN0CbxTkBBv1WklDuwTp1YKOO1qZxIusjsSk77fuui6NAbro6cVzKllAioV0AYb
- EkwRMC6p2BSCZ0kHUkRZS8W7rIGlDxbB3xfkc6zHOnn17L/PzsNfsxXRW9rzZi0PLSQz
- Lx3ewY01lWU/33GIPOAC7MA/yTaw8PkbM6GtIqgRIrAm1ikxAeJn0/hMqYgNSlXsVKmJ
- bZG2sNulx9gXpBfZl4RD0jH2uPQ2+6H0KXuBtbGMneWYgJEQzHJ2OOsGjGAqSSq7pFYF
- jIIoSmq7pFIHjNAnZgWJRTwHXgG1CpS0SuB4NYMliSU8/C+L+gjEZ+BU3KXRPhOfpWHX
- QNwnUJ9nP6Y/BvIIRjg94NETnnJYVk7L+vX0nDyz+fYW/at2Pbc+a7V4dWqkjFuvt39f
- E9Zj+xLcXgBH50TlAK3GTrxM3onbDwzgWfIOiP/6t6+QdGKXj+Gy6GD0HTxFPgjzbJGn
- AH43Kr7f90O9AWmOtEDaIu2W3pF4TsI8nyQYtDmCRztByNfWCu1Cs7pbfZuwUqu1JRRp
- 16s2qLepI2rebNaIWuLRaAJGtRo8g8QtigHwpdCoVrJoACdeUCE3yTa59QlmwQoY6bRq
- TQRr9kOBBGFIY3pQdHRZrCOYDdWftV8GfCgNu1NAAdWfjZ6FzUzxqMCKxuBQ4VbrqWfh
- 1YJhZwqN09NgHhW4JWDuwTGvqHgiDijoYBK3HPb5M+ucjiwW3GwT/vIJeE76F9/xSlpu
- Ll7zFiGS0bBYwy69fIbxXzolH9+CGR6c4wz16bPXcW9BTICdYFFoUh2pY+p1baSNadfx
- arfOL7k9mNkH1Xizoy3RyFsFKQVGy7lxQEDmfslqCNjcSQ/SHQJGOmznDcEqPn32ozKw
- W4cdlYqjmJ5SYLh0dqnxQ88noHctVO/yNgtd3F6Dr7CAnsIKmFJsowcU+awcLXKZ0xIn
- J5NDh+Szj+6srzrNnZAv91/6HfcWS77AeNoM8xuXH2BueaP6+aaGuD6mTxSj/3r6oYt+
- yeCVrwQusFJyUQEqBHukEqyNalQD/+SqA5tkBlgfjWgW/BdrDroO/kF1Pfx764jSGAZb
- BisxHr4uoOqpU2c3zcmq6Vq8vGvZwnmdORW3LJ5P9eCVawVE1gH9CoieMl4EOgZEj39n
- gYagMgtkBvIDjQOqBJoNNB9oGdA6oF8B7QZ6EegY0Gmgs0BDsAGxQGYgf2z4gnbRSBzD
- d5pr04oZf1V53qjy8aPSk0alFZP7qvcV2K9KN46qP2tUunNUeu6o9LxRaWUer2q/e1T5
- wlHpRaPSi0ellf9zX9XeLaPKe0ell45Kw1e3a/BdNip966g0lYGr52PltelLirT8H8J9
- DbMKZW5kc3RyZWFtCmVuZG9iago3MyAwIG9iago3NzM3CmVuZG9iago3NCAwIG9iago8
- PCAvVHlwZSAvRm9udERlc2NyaXB0b3IgL0FzY2VudCA3NzAgL0NhcEhlaWdodCA3MjAg
- L0Rlc2NlbnQgLTIzMCAvRmxhZ3MgMzIKL0ZvbnRCQm94IFstMTAxOCAtNDgxIDE0MzYg
- MTE1OV0gL0ZvbnROYW1lIC9GSUlUVVYrSGVsdmV0aWNhLUJvbGQgL0l0YWxpY0FuZ2xl
- CjAgL1N0ZW1WIDAgL01heFdpZHRoIDE1MDAgL1hIZWlnaHQgNTQ5IC9Gb250RmlsZTIg
- NzIgMCBSID4+CmVuZG9iago3NSAwIG9iagpbIDU1NiAwIDAgMCAwIDAgMCAwIDAgMCAw
- IDI3OCAyNzggMCAwIDAgMCAwIDAgMCAwIDAgMCAzMzMgMCAwIDAgMCAwIDAgNzIyCjAg
- MCAwIDAgMCAwIDAgMCAwIDcyMiAwIDAgMCAwIDY2NyAwIDcyMiA2NjcgMCAwIDAgMCAw
- IDAgMCAwIDAgMCAwIDAgMCA1NTYKNjExIDU1NiAwIDU1NiAwIDAgNjExIDI3OCAyNzgg
- MCAyNzggODg5IDAgNjExIDYxMSAwIDM4OSA1NTYgMzMzIDYxMSAwIDAgNTU2CjU1NiAw
- IDAgMCAwIDAgMCAwIDAgMCAwIDAgMCAwIDAgMCAwIDAgMCAwIDAgMCAwIDAgMCAwIDAg
- MCAwIDAgMCAwIDAgMCAwIDAKMCAwIDAgMCAwIDAgMCAwIDAgMCAwIDAgMCAwIDAgMCAw
- IDAgMCAwIDAgMCAwIDAgMCAwIDAgMCAwIDAgMCAwIDAgMCAwIDAgMAowIDAgMCAwIDAg
- MCAwIDAgMCAwIDAgMCAwIDAgMCAwIDAgMCAwIDAgMCAwIDAgMCAwIDAgMCAwIDYxMSBd
- CmVuZG9iagozMyAwIG9iago8PCAvVHlwZSAvRm9udCAvU3VidHlwZSAvVHJ1ZVR5cGUg
- L0Jhc2VGb250IC9GSUlUVVYrSGVsdmV0aWNhLUJvbGQgL0ZvbnREZXNjcmlwdG9yCjc0
- IDAgUiAvV2lkdGhzIDc1IDAgUiAvRmlyc3RDaGFyIDM1IC9MYXN0Q2hhciAyMjIgL0Vu
- Y29kaW5nIC9NYWNSb21hbkVuY29kaW5nCj4+CmVuZG9iago3NiAwIG9iago8PCAvTGVu
- Z3RoIDc3IDAgUiAvTGVuZ3RoMSA5MDQwIC9GaWx0ZXIgL0ZsYXRlRGVjb2RlID4+CnN0
- cmVhbQp4AdVaeXzURZZ/9atf3530kXQ6Td/p7nRC7guIIAQNeKCIiBjAjEBCAAEBuYlO
- QEBFzCASWQRExRABESNHNICMjgF1NaMOoOLJjJnRmYlZV1EYjJ39VqVxmHx2/9t/pn/U
- q3pHXa/ee3WEhXcvmkYJtII4jZk4ZV4NyV+wg4jNrpozZV4vbpmM/P6qxQsDvbjpApHy
- SM286XN68cQHkddPn70sXt9qJbLNnjFtSnUvn7qRD5gBQi/OipGHZ8xZuLQXt6Qiv3b2
- 3Ko43/I18PQ5U5bG+6dPgQfumjJnWq98sE3g8+YuWBjH70F+7by7p8XlWQWR8QlioNrZ
- BjLQctKQQlYqIxuR7mvj05gvk3zIrH3vro47LEN+YDa9bO6Zlb35a57SeRdf7z6i9elf
- AkMr5YUE6mj1MQhpN118/eLvtL5fOLI+gH14j7KCDack4qyMzIBDKQZ4pYRX0FCUS+kI
- 4CBJGSjLA6gSlBLaBFgs6UWSXkjVoORLSo6E2SyMXMP6SyyTZoGfQSWAUVlOl31GJFdI
- chaSrQaYn9JQLyBposyZT8p6mYduAccr5USZMzfdANhPll2yRipzItdIyFkKvSaxZMlL
- kv3b6RrUsTErXYScTXJEmTOLLJslNEloZAbyQkpAzvT0PRmB6bFOnOnoD2hJg7wcmFbK
- ayRU43KqxLiEitQoo1zIkpgB9YCeiFUXuZD5GVYg6icCE2UOm4Q0/ST5F+kfdC/4FyUm
- ypwukB3wPP1IDeCcl5zz9CqpoPxAU0ATHA64ArQf6Bza00gOpx+G98DWVNDknCSPyzKn
- b8mBWv8l2+uib8iEWl0SE2VOnfQXcoLWKWl/p79Jib9LTJQ5/ZV8gF9TE+BXVAr4F/oz
- 6VFH1OSyzKmDXhD6RC408KWEfxIWRn+U5bPgc/pClj+X8BMJP6Zk0M/QR1IjZyRNlDl9
- KDkfSMppOkjD0fppiZ2S8GTvmtFJuQJi/Ti9LznvSfgu9QPl97KVdll+R9Lfpv8Ua01v
- S0yUOb1Fb0JOg1yMXpQ5vUEnJE1ATseFpVOb8BB6nX4nOa9TRGA9YpV+F5+/4HBpqZyO
- 0Sv0MFo9Jls9JlfzFTpKE0ATHA4oVvMoWk0HTXA4oFhLQeF0OD7vw1QIrFXq5WXZ2ksS
- tsh5HcL69+rnkKQe6nkPLQgKpwO0X47hgOQckGPYTy/KMQgOB1+M4UVqlmMQHA5MjKE5
- PifB4bLM2QjKgNWXC0j75Jo+L1veK+FzEu6BdXDaJcvPStgkYSM9I/xUQk47hJ/S0zQK
- 8Cl6UsQD5EK/osxpu6zzBG2TliEgpy30OKgaCTltlhKPSU4DIuYV4DTI9jaKKEOPSv4G
- ekTatICc1gvfpd9QPWVC+jfSK0WZQxdi7ddJ+JCEa+lBSGtorexBlDk9IDn3S8teI21i
- Na0CTSMhp/skfyXGwqFXRDyqo1/TSPDraA8wUea0TNZfKttdImsspkVy/IslJsqc5svy
- XRLOodlkQStzqAgcUeboXYz4Toph/TnNpBmIZRrkwtNEmdN0GghYQxOlb9aI6EbTZK/V
- NE5KV8tVqKKp0JiGqmSLoswRcyZjr9YgzwEmypx+hXELPxGQ06R4u5NkLdEHh/WIMVXE
- W6+Qmr2N/DIe3iZ542X/t8YlbpU0MRaOVRd1x9IAuV5jJXazbGGMLI+W1n6jrH+DhKNo
- EGpcL7nXiX2LrpXla2RMGClj1ghJuVpGsavibV9FSyE7XLZdhnUVkatM1h8Wx4bJFgSH
- 05USDpHtDJbwCglLJRwEHaei/iCpyYHxHgSNyzKnYtlWkZQulLBAwnxZI4+yIZkrKXK/
- BS70kCVhfymTSTpQMuI2niHnHpW+ki6khm9CJBL7UBi9ivUJS1sNyRbSJAxKKHdiuRoc
- +lClrE9ahRda5OSJ0zxS2g19Z6A1t8REmZMr3oNL0kRvHLuAGG+KhHJ3xknELncIATlO
- QVZoWiMhh+UmYqfXIBf+L8octtXrvQmyDTPWX3iUgBy6N6BtjYQc7QmaLi6vkzoQdTkk
- euejkRFAlDk+Ic2k3eCcJMosdU09y/o3/tG/19i9vafUzdjLJmJnbUfUbiKj4laupVrY
- 8UHg22gvHVeMbBOdZsPYy7SRrWWvsWq2Vkq3o4FkngfrMbPXVL3SiRr7QFuLWNzOvlTP
- 0Cew3Xr6hG+hZXwYOMtoH5vIr8I5b76aLPFGyJwmUkv5YNrEjOwoO8M+Yeuoib3B0Duv
- oO/Q3lq+jbdglGtVF33Hi7iCnjahj12yDbQL+mausB3sM9ZFLeRkNWwfM9MuZTP6XMIu
- IoZvorUshzbQBjYMMXOq+hRoKxEPxfctetlM9extzLse6TV+A+T3YbbtzI1xtNNBNp+q
- uZ6txHkxxi7yRO4UbWEvfADfRtqsrGIj2QbFi5OU0EA9IKk/qjt6PyB+6K0LfdZTUO0S
- nyaRFilujAQyoNZrk7Xj2RtKDnuZvQFNVytOpZ7NwZmGyMWqRS1uhNwGZTSvo3r+vuLC
- iaQec1jJatUdSqNSA8yMmaxnm5WJqLVJGYyYXatNVo3Qn/xArRczVa7VtGuu1Hgx5018
- G1vPt9ExpiUX8lrazjdp10BnS9geaO9eoX+aD61Vq09hpHPxzUeqRVsV2OO+xY42l+ux
- A7WL0WLUTmjKKDSFNuZDU0Gq1czHWWuB8j4tkHAjtLUM++4XGA1+dT0Y02bs0PllOq1G
- xUJSdsDarESuq24uu7ki8OaEYE52HzRg1QWaaUxzwrLAyz09YypUt2ZCs8bTzCP6ZjUS
- +uP/xfxjTvaoMRWBl9nVI8rjzY6YXA7iLRXoAf8EGd2NKM/ByNR2qkFqV9uZinwHUgvS
- fqS9SKDTu/H0FmQE/wGkcqTJSBVIov5RNNV7zySskBZ7HFE+dieG2yhHdNSApkMENSCm
- msD7//uZEcETEdGt4sYrf2l0P33M7mTdynaewu/jX6tL1b9pApq92l9pP9c9ou+vb4Gc
- QjWxTWqNphHj05GzzKCSluk1ikp573z6TgFZT71z6p38JFvQFgnagjUqdS/g7u4/xzbp
- Ei98d7c2U3SlUHvPF5hcIubkpNllk7StZmq1HzOfTh1sGqwrZsWaUaZRunJWrplkm5Qw
- LmmWbVZCddJW01ZdA2vQ7Dbt1jWxJk2rqVXXwlo0J9gJzYe2DxM+SvrI+ZXtq4Svk752
- hg06B9dZPKnWc52nOgsqydrR3WntymdpiiPZXlRoLylWeJpis4qyzaooNQtWrFiwcMWK
- hUc/++zo0c8/V+ti3174R+y/mO0fF5j1p8msipWwYlYV2xZrx7dVzIMxlYhf1OgpSMPL
- wkGrEXdInnDMb2tLNQZS7Q4ruQx+NaB1WL0BrcXDPGnWU5Vtp7rbbHZnqc1eWmovLaC8
- zsLuNmdpPktkobT0kuIBAyNDWVFhisMmQLI2FJTUwbg0L0lI0PijaQGWaXKYklKempCf
- kfHznoyM/AlNaoGihLypYcMYzkO+n054M8L4ZXj5+8LCdmCcX0LfRbSmrCqshX8ntNYl
- s2RvZqTNe4x8rlrzck2t/v60teqT+q2aLeoW9yb/E65GS6N9j3aPbo9+j2aP+rxrZ6RV
- fyhyRHdEe8R9VD2q8eRlF+Wnc9KGNfq0iC7AjbrsQMTJi62n2l491dYppomJlkL/eZ3d
- bdYTlV1i1qX5ckrD2ICBVFKcHkrT6vDFJ98792SmtbBgvKx16KAbZiwpetXrHcgmLp8y
- bEFImxDJDfsSk8peqWr6Irb3ttxa9pYaDQbTFT33pWblDD/g8RSzkY/NWlOcrU+6Onto
- OJg09LoPtrXFjtycuzgrJzudW/iN/pBYR2rp+YJfgH4K6D/KFpLXEWrNT2fp2d5Wh6XV
- rD2dfcxRqOYk54wNj02cZK0KVyXOtM4Lz0usTa711VobsHU0FDSEH81t0GxI3JnbWNDI
- nkrcmfBUuDnxAB0s2M8O5jaHf6sPOsgV0OXZdfM445Mz52UqmVZXwKW4DL5C67m2yrbK
- U5UwVlup0Je1rfNcGyw2rrN85mPCFqQpwC6KCgdAc1F8JcUDBwwcynr1+AsfslxZtPLC
- 8c3fZPltp29f8tj0ie7scWMDjtGTF08a92KKJ3L2wW3vVinNgd3LX/hi0UhftObB2RNq
- bRquGT7YyFXzjOvvWDoj7L5y2SsPzXxQ+Ox+2FCXxozSIHq8rOohdpgpLOD19HMk6yKp
- 2RZrlmqKBKktz1RgaEs9xjMcgxzjlRplsXK/0qA0KYcUQ1bGoMK8NDU7oCSbuUXr9QQM
- 3MG1RCWsJDtD6zeS15LBMvz5gToLs5TCWU4N6ajsHtJhPVFYKYwJxtPrOpesqqur8NSQ
- 2JAT0p/gRJXMZmBxfymBlV3JhHqYMCRnil8oEV41oNexLPC4LOaIe5lyOLaGWfLTQtGF
- sRyXx6vhrCnRbtFaVLUm0VaUkmpJ9ihcr3N7x4XK4HesXWn6eWKsyJ8ZDu4K+EZkZCMK
- vuNKVBizKu6Un/UhX4rBos8M99vlTw+HZbygvYh7itpF/WlJ2U3+zDTy8WHum9x3uLk7
- tdUCs/jQ3joGUzdktqV9YDidNcs5O2mWvtZ5T1KD6xFbo+spmyHNlxkihy7dosW+7J1r
- rjMr5sk+5ssSoQX2Uwm3k4ElHvPgcz9WxtoqpeoQZeI+pf5iKr2mBCcUFFvxgKJgPOyw
- NVfNK3rhr7HYW7u+7O8xnZ50/7Pbl0583u5zZRaxi/n5hbmxwTwx1fn9wd9emDS8X+aN
- T9fds3Ni9hXsu6A3Go1k9sZ53i3jfJimlI0IuNPMDsMZC2b4IW91pLW6jzlOR9RQcmhc
- yjhlln6WWq1Up9Tqa9WFysKU1f1WJ6+2NoWsWp0vzU4Bs84eTPVErOc6ujusHV2/BPUf
- K7vsIprms+S4X2Ay0UuxIySiPMk5iSijsPX31UyuraueUpcyYPXo7Z998Ozxb9ivmH/K
- 0MWj87YfZ2tqtz66ePnmRzePHNm1r+VvrJRp2Dj2hCdapjCDL9Yj48W7PV28E+uYhlmV
- +Zz+FLVfmhmPFVZzW78P+OHQTNMaWmfeYt5ieoZ2mw/QEXOryehM6ceTEtLcZpMGe6dP
- n+DTT05iSSGxcG3xLcEpfR97VRsW0VYKs86PwEoVadIDWfDSHjFMrCMm5WXJWp2ySJ+Y
- ZLsm2ck5WxtTeTiUFmTMiH1AeczrNpqSUxOtiXqLUc3Ky0kLG43qRI/PhaWIBuHS9C5i
- Xyy+F+fRhrIF4VTLCwZm+Ji39ne0+o71P51v9Gr8/bwO/3L9cnWRcZGyOmV14n3G+5R1
- yeus6/Tr1K3erVkN/obMrakN4a15W10NoYZIY6gx8lzec67dnqZAS6Al1BJp9bS6WnPT
- w6lmuy4Y0uqiZp07FCVdjicfu3TbOUS7c13x6Cd363OVv8decfmqJl22wkm5CHpxV9Zd
- Fh3ZgjV3zV3z4OxZDxpX1UxftWr69PuCU6Z+/vyeP02eNm32l4cO/Wk2q7hz9Yo7Z6ys
- Y11Vv66rnnzvvbFl+Runbn3jzUdmNeRnPjlr53t/eLbmSeGzCr0V3xtScUefU3YzGXiy
- JSXtDN7U+IeeVkNKq+W04VjEpDepJqfbOS44yT3JWO2tDs5yzzIu9C4M1rprjUJJDyVu
- 1W9N3O3cY0xxBUhnDvp19jSttOfOc90dwpw7hQ5gzjBmac+XVlueUUhumohmA+xJctN0
- SGXw6wfcBzM+3dT2bezp2MeVVy65KXf7cc2qmilLf101ZYVy+4jyb55v+XvseKw7tjs2
- 3ZNexhWDF4fOT+8Rhv74RsyR7ej5jmfh9iDOY4Eyq+EUt5xynOTfp9q1bjOlWk8N6SzE
- 2U6OL59d0joChogXveEiLZ3tmHPbhNlzKipmX8qV9tHVU8eMmTo1Fo0XoM8Her5SH+AH
- cd4toVVlty3XrNPgxOF4TPecplEHm8nY4zhkPOI/bEvo53WVJBQYyNzflcnPnk1hKd2G
- i9bABe/Z9PPWk/1/KsiyXWE/bOcFWbklhQl4kfG7KJo5RpsRShpg/RQbaGdhR++mIQ8g
- Hd2IG12xyi7hWfL4JZRcyXJx7tL2KrPE+U+Vpzj77qnxA1kWNpgoLx84vWjL/rnj687o
- x75W89hL3396xeKhdy0c/arfm/7Z3uaDBddgk3jCE9ayw3bbjIryijXXvnv96KY12/dZ
- rLoFd43Liwwee+CF2GBfNBxOC0Av5T1d6iqczEy4AZwZfitdjRP6LUh78ZbyDPKjyA8g
- 14KfjdcjM07vuJnhdccDOz2LvxpE8LeNbNDOgnMe+ElgPRTC3zA8eGERrywML4AaJEY7
- ce7fiVefQ8gPIdfjxTgTsl7U4RRAjRzYu0G2L94WM/AWg5WgKPJbIXkLZMZC4mYqsHZ3
- dHTgdCd8Fxottf1zc+6IdeEIE2dIbUfkwaVX4VzEaHIkEwwpihOLUCxcGifd3s1pMINp
- Kdvqmw88tO7FF58ftOvOt5g59s2JmdsKk1JeiqbnljuSygszopt97nX7f7Pu4IGHHz6o
- rBx5fey/3zwe67p+1Bh3qjgCqxTAYTjZgVlPhu3lwPayqbbs9jWe9ZbHQ09atiY+bm/M
- PmI5HDqYbdSbdIy4Tb3JdIdprqnas9BTZ3rS9IKp0dPsM/qcF8Mm21m1//nwyZxye3nK
- OPu4lN3puzMOpx/O0CcmU0FQNy45Izo+x9otjm/y5IubR1tnmxVbsDy6CIvrjVsidouZ
- X2Z/wrulP2F7xtGYUOYb0zMy/enp7qgnf+2Eba8f2Xj1sgFJgeERfzR2eteZ2Bcs8NEN
- j/PJatCfP+pwJOIvuPmWlx997JVIxOwqifpv2slS3nuPOcXFS6EKzH8LbCwMG/pw+HjY
- mAUraYGNafDWrYedWWBnGrz86GFrFkAP7Eu8BubC8sSNlGAJZ3Hzs8HWUkE9C/p54CeB
- 9cB6foJEOeUhRfFenIcURcsmJANaNSEZ0KoLUlkYhQ83J9GDHS2L1h2Qy0JvUdBvA+dW
- 2HkG7r7jhZV1YuNv67h0ceq9VHTKjeJfLAxh8kp5l1J6Fei83Jou3aku31T4RodtyMGZ
- r/Qw69vTGweX3FaUGW33uXMKstMD3c371z60/8V19fscvrGjbmEJb77Lkq67htXh2AeT
- +unxYBiB77WHml+qX3cwfj+GjifiVcoDb3pl+Gi85WtoMVKTTCm0G/PbjbVoAS7eiIW3
- BgEd0F4rrYD/MqT10NBZJEVcM8E7D6mT0Fg5KOOQmhCpd8Nvd2N1dqPGIeCHgR8Gfhi4
- EW/AQrOEVu0oGaDrDMBUvM14pTePp/AlK4Vn4p88UHV2i1OkcFrYqQ/+Ge6N7+IGFjdJ
- eCxcNRKUdsuS9Qe2LsJN0pfRP7f69Ex4PEv760mWkjfD8vM0ZZ1ld+2aFrbjkSfuTfd4
- 850FxUx35jNm76GWQemrlmx4GAPEaPEOog7W+HH/Wj+8CKsvXsXdiHdBlM6ilIfZt2LU
- FtAYpTAFtB5YHsHetKBZUdbBfpyYN64TiE95wPKhXSdaiyL3weejoEShIyNePgqxQeDe
- fapNxK347QF38a5CbBBDugrhrtAItodInzv4pcj0y9EDBEQzL7t0arbxLZlZmdGf7xZw
- T2NmTv+M7b//y7xZuWH72oL5U9nUzKzs9FjT+nBIXNBDYaUqHaXyQ88UlvgzUu+4qxTb
- QfTnJ4ResPbiF9sI+/nffnYQk/Bq7oAGnNCYC6/mYtW9sJIR+KvVNfjbynWyIoMNwGHx
- 02LudOPIa28dMyrr6rmL7p457e44R3DHIN2ONBvpHiSxPNuQ9iJhjegdpE+ROpG6sXBm
- JA9SNtIQpBuQbu+J/yBDv5QZdP+veEEfvLAPXtQHF/8n5PL2SvrgA/rgA/vgg/rgpX3w
- K/rgU/rgU/vgVX3w6j64/L8ol82/RvD/B5QKBVgKZW5kc3RyZWFtCmVuZG9iago3NyAw
- IG9iago1OTQwCmVuZG9iago3OCAwIG9iago8PCAvVHlwZSAvRm9udERlc2NyaXB0b3Ig
- L0FzY2VudCA3NTQgL0NhcEhlaWdodCA2NzAgL0Rlc2NlbnQgLTI0NiAvRmxhZ3MgMzIK
- L0ZvbnRCQm94IFstNjU1IC00MDkgNzY0IDEwODldIC9Gb250TmFtZSAvTUZIVVBLK0Nv
- dXJpZXIgL0l0YWxpY0FuZ2xlIDAgL1N0ZW1WCjAgL01heFdpZHRoIDgyMyAvWEhlaWdo
- dCA1MDIgL0ZvbnRGaWxlMiA3NiAwIFIgPj4KZW5kb2JqCjc5IDAgb2JqClsgNjAwIDYw
- MCA2MDAgNjAwIDYwMCA2MDAgNjAwIDYwMCA2MDAgNjAwIDYwMCAwIDAgMCAwIDAgMCAw
- IDAgMCAwIDAgMCAwIDAKMCAwIDAgMCAwIDAgMCAwIDAgMCAwIDAgMCAwIDAgMCAwIDAg
- MCAwIDAgMCAwIDAgNjAwIDYwMCA2MDAgNjAwIDYwMCA2MDAgXQplbmRvYmoKMzQgMCBv
- YmoKPDwgL1R5cGUgL0ZvbnQgL1N1YnR5cGUgL1RydWVUeXBlIC9CYXNlRm9udCAvTUZI
- VVBLK0NvdXJpZXIgL0ZvbnREZXNjcmlwdG9yCjc4IDAgUiAvV2lkdGhzIDc5IDAgUiAv
- Rmlyc3RDaGFyIDQ4IC9MYXN0Q2hhciAxMDIgL0VuY29kaW5nIC9NYWNSb21hbkVuY29k
- aW5nCj4+CmVuZG9iago4MCAwIG9iagooTWFjIE9TIFggMTAuNi40IFF1YXJ0eiBQREZD
- b250ZXh0KQplbmRvYmoKODEgMCBvYmoKKEQ6MjAxMDA4MDcxNjI3NTNaMDAnMDAnKQpl
- bmRvYmoKMSAwIG9iago8PCAvUHJvZHVjZXIgODAgMCBSIC9DcmVhdGlvbkRhdGUgODEg
- MCBSIC9Nb2REYXRlIDgxIDAgUiA+PgplbmRvYmoKeHJlZgowIDgyCjAwMDAwMDAwMDAg
- NjU1MzUgZiAKMDAwMDEwNjEzNyAwMDAwMCBuIAowMDAwMDgxMzkzIDAwMDAwIG4gCjAw
- MDAwMDQyMjIgMDAwMDAgbiAKMDAwMDA4MTIzMCAwMDAwMCBuIAowMDAwMDAwMDIyIDAw
- MDAwIG4gCjAwMDAwMDQyMDIgMDAwMDAgbiAKMDAwMDAwNDMyNiAwMDAwMCBuIAowMDAw
- MDgxMTk0IDAwMDAwIG4gCjAwMDAwMDY0NjcgMDAwMDAgbiAKMDAwMDAxOTgzNSAwMDAw
- MCBuIAowMDAwMDA2MTIxIDAwMDAwIG4gCjAwMDAwMDY0NDcgMDAwMDAgbiAKMDAwMDAy
- Njg0OSAwMDAwMCBuIAowMDAwMDI3MzYyIDAwMDAwIG4gCjAwMDAwMDQ2MzUgMDAwMDAg
- biAKMDAwMDAwNTAxMSAwMDAwMCBuIAowMDAwMDE5ODU3IDAwMDAwIG4gCjAwMDAwMjA1
- NTQgMDAwMDAgbiAKMDAwMDAyNzkzMyAwMDAwMCBuIAowMDAwMDI4NTAyIDAwMDAwIG4g
- CjAwMDAwMjczODIgMDAwMDAgbiAKMDAwMDAyNzkxMyAwMDAwMCBuIAowMDAwMDIwNTc0
- IDAwMDAwIG4gCjAwMDAwMjY0MTUgMDAwMDAgbiAKMDAwMDAyNjQzNiAwMDAwMCBuIAow
- MDAwMDI2ODI5IDAwMDAwIG4gCjAwMDAwMDUwMzEgMDAwMDAgbiAKMDAwMDAwNTQzOCAw
- MDAwMCBuIAowMDAwMDA1NDU4IDAwMDAwIG4gCjAwMDAwMDYxMDEgMDAwMDAgbiAKMDAw
- MDA4MDI5NyAwMDAwMCBuIAowMDAwMDkwNTQ5IDAwMDAwIG4gCjAwMDAwOTkyNTQgMDAw
- MDAgbiAKMDAwMDEwNTg3MCAwMDAwMCBuIAowMDAwMDc5NDMyIDAwMDAwIG4gCjAwMDAw
- MzMxOTcgMDAwMDAgbiAKMDAwMDAzNTg1OCAwMDAwMCBuIAowMDAwMDQ1MjY5IDAwMDAw
- IG4gCjAwMDAwNDcxODcgMDAwMDAgbiAKMDAwMDAzMDY0MCAwMDAwMCBuIAowMDAwMDMz
- MTc2IDAwMDAwIG4gCjAwMDAwNDcyMDggMDAwMDAgbiAKMDAwMDA0OTAzNCAwMDAwMCBu
- IAowMDAwMDQ5MDU1IDAwMDAwIG4gCjAwMDAwNjY4MDAgMDAwMDAgbiAKMDAwMDA2Njgy
- MiAwMDAwMCBuIAowMDAwMDY5MjExIDAwMDAwIG4gCjAwMDAwMzU4NzkgMDAwMDAgbiAK
- MDAwMDA0MzMxNiAwMDAwMCBuIAowMDAwMDQzMzM3IDAwMDAwIG4gCjAwMDAwNDUyNDgg
- MDAwMDAgbiAKMDAwMDA2OTIzMiAwMDAwMCBuIAowMDAwMDcxMjI0IDAwMDAwIG4gCjAw
- MDAwMjg1MjIgMDAwMDAgbiAKMDAwMDAzMDYxOSAwMDAwMCBuIAowMDAwMDcxMjQ1IDAw
- MDAwIG4gCjAwMDAwNzMzMjUgMDAwMDAgbiAKMDAwMDA3MzM0NiAwMDAwMCBuIAowMDAw
- MDc5NDExIDAwMDAwIG4gCjAwMDAwNzk0NjkgMDAwMDAgbiAKMDAwMDA4MDI3NyAwMDAw
- MCBuIAowMDAwMDgwMzM0IDAwMDAwIG4gCjAwMDAwODExNzQgMDAwMDAgbiAKMDAwMDA4
- MTMxMyAwMDAwMCBuIAowMDAwMDgxNTU2IDAwMDAwIG4gCjAwMDAwODE0NDEgMDAwMDAg
- biAKMDAwMDA4MTUzNCAwMDAwMCBuIAowMDAwMDgxNjQ5IDAwMDAwIG4gCjAwMDAwODk4
- NjcgMDAwMDAgbiAKMDAwMDA4OTg4OCAwMDAwMCBuIAowMDAwMDkwMTEzIDAwMDAwIG4g
- CjAwMDAwOTA3MjQgMDAwMDAgbiAKMDAwMDA5ODU1MiAwMDAwMCBuIAowMDAwMDk4NTcz
- IDAwMDAwIG4gCjAwMDAwOTg4MDQgMDAwMDAgbiAKMDAwMDA5OTQzNCAwMDAwMCBuIAow
- MDAwMTA1NDY0IDAwMDAwIG4gCjAwMDAxMDU0ODUgMDAwMDAgbiAKMDAwMDEwNTcwNiAw
- MDAwMCBuIAowMDAwMTA2MDQzIDAwMDAwIG4gCjAwMDAxMDYwOTUgMDAwMDAgbiAKdHJh
- aWxlcgo8PCAvU2l6ZSA4MiAvUm9vdCA2NCAwIFIgL0luZm8gMSAwIFIgL0lEIFsgPDk1
- NjcxNjAxOGM2YzM0ZTIwZGRkMDAxOGVhODM0OTUyPgo8OTU2NzE2MDE4YzZjMzRlMjBk
- ZGQwMDE4ZWE4MzQ5NTI+IF0gPj4Kc3RhcnR4cmVmCjEwNjIxMgolJUVPRgoxIDAgb2Jq
- Cjw8L0F1dGhvciAoSGVucnkgU3RvcnkpL0NyZWF0aW9uRGF0ZSAoRDoyMDEwMDgwNzE0
- NDgwMFopL0NyZWF0b3IgKE9tbmlHcmFmZmxlIFByb2Zlc3Npb25hbCA1LjIuMykvTW9k
- RGF0ZSAoRDoyMDEwMDgwNzE2MjcwMFopL1Byb2R1Y2VyIDgwIDAgUiAvVGl0bGUgKFdl
- YklkR3JhcGguZ3JhZmZsZSk+PgplbmRvYmoKeHJlZgoxIDEKMDAwMDEwODAxMSAwMDAw
- MCBuIAp0cmFpbGVyCjw8L0lEIFs8OTU2NzE2MDE4YzZjMzRlMjBkZGQwMDE4ZWE4MzQ5
- NTI+IDw5NTY3MTYwMThjNmMzNGUyMGRkZDAwMThlYTgzNDk1Mj5dIC9JbmZvIDEgMCBS
- IC9QcmV2IDEwNjIxMiAvUm9vdCA2NCAwIFIgL1NpemUgODI+PgpzdGFydHhyZWYKMTA4
- MTk4CiUlRU9GCg==
- </data>
- <key>QuickLookThumbnail</key>
- <data>
- TU0AKgAAKLCANiBNgTwUTgCEQmFQuGQ2HQ+IRGJROKRWLReMRmNRuOR2PR+QQuBtgNyU
- TvZ1OYAPAAgmEP4BAAJhAEQh+PQAOl8gQABcFzUA0EAP+iQ+ggEAPd6TgCAsFgCeQx7V
- MAAoFAYAPh+VF6OgAPQChQABQF1GQ2e0WkAUeh0WHWyiP+NvK6AAE3ev0sABC+AB/X8A
- A7BAAD4W10K1YmJyO6PIThV/u0AMJqPMAAt+Sp1hEZAAdBd8AB7A4GABwtnJPt1OoACQ
- cBAAMhjuy7BACgB5vQDgAWCILgB1thqZcdEQAPtkr4AAUOA8AOBzwgSBfSgfSgB6gfnO
- VmPIAFAvjwATXFRu4W6I+e5Wf1R/22x3/G7Xh4/Wq1YAOf9YHBvz/AAC0ApkCYJsIwzy
- vKka/n8E4UwchabnerIEAiAAGKifEMvGBDyI6eh3pxCjSrNCMJwrC8ERTFUVxYh6lpwa
- EYgAE0aAAxqxgosS+NhFqPQUv8GwfHshyJIsjSOhp4SVGy6pKDYAHLKIAAFKgAA5K8kI
- pH8GQcFMsy/MEwzEjK4gAbczgAEs1MOpByTcvzAA9OUxoVLcgy9Ok8z1PcwHBPyegu36
- 7pchRv0MAAB0SAE5A9Mc7S7PlI0lScEHRS0NprHaHnDTgAANT4AAzUUv0fIVKVPVFUou
- dtWTgfwAArWKJ04cIAAfW69r7ItSzxVVfV/YCVyWe9iVDUaJH7ZLnz/AkC01FteWDaVp
- 0lF4APqeIASci5927ZZwAADVxMup0VWjal0XTMB63YAFWMlRiN2Ie4AG7ezWhIElMMVc
- 91X9f8W3mnJ0nSAAQYOj554UAFLK8EOHqgAizJBfuAYti60nzjQAHNjoAYeEK0HdkdhH
- hg2ESomMfIHBc74wtR5nCa0oNCAB+nzmp/AGAAIg6sR6nieoAHcdKcAE9YEvICIUs6Dd
- CZexR9akABx6qAAR6wxWCYLROdxysWVoFltIagjUy7O/57nlCR5n00IBAWCyxgerB76I
- /J5J4DAHtvYh9LtQLxn8fdXKMoS2cQoWUzZi9u8IcXIavrMU6qcdPVBQLfo1isjSicrs
- XbWIK54CMKsTZJ+8LBfGYlifGIUtjEzKhWzqL1fV8XxeuoXjR80mwrdv8fgAUMb80zXF
- PV+LAdnV0ivORbdmhP06IRetM00XEDQAAb7qLzL1HCrZ3Mq9jdPV/D8OBUHfaLH0d9am
- 2crLH7qYJ6ZbWnor3sDN38K9huozRqi14TxFDgdgQ+0iL0EWPSY4x56wIgADegogBASt
- znEOfAsp8Lu3dvmbKQ98KSmTKfKw90BpFx5sEOOUgAA+XhoWcCA1nZF3+PAcKNyHUAgT
- JGYUZZrYAIIpTSqQ6BiQ03DkABDobgAFIOZIXBt1MHVFQfMRCEj8N0Dphi0btMo2owAA
- IMl+ILq1RAZIfEcxQ7I2HAHWOshcYBtQ8IW6VCsdlERVUVCCLDGWNqShwmUbMgwAAokM
- l91cAAAQIA7AohEakijXklE5UxCHanrIS7MhsmiGJlj4QofY6RxH5H+bsAo/nhv1dS1I
- nAAwEQpYkApTyigLAbLFDWPpipJDXkol6S5bS5ScmA68hL43yxXIYtha59l4p1ZYkBsi
- YZdy9Qgf91cn5izIIXNiSx6CXj3MsO2N5eScABAlGgAw+EJD3AIc4Ag+icDtHQ0IFoPj
- Ov6lyWkgc23FJVk9P0mM/ykTCgKWwAtB19lWllEFrAI2Ik8kgkRGI0AAAwossCYUGiil
- sgK+QmM3J8qRTLAVgUJGbLKgwAACVKwAURRWwIZVMQAA1pofeWTUEyu3MBNegDjHF0gI
- k1Jv74XFvuH06lT8uCQSqUQAZnZSm/gJAYVgiUBYTHLoQYmQY2TcMLBpV+lsz0uSVSNE
- FG4DK0LGjRSEh9OadmAl+4kpEfEMmhd2+wfr8AADKGqrV3xMQBAMA5EIBrhGCHRH8AeF
- I8x4s7BYBwnA3x7kubUtkAgCTYD+HkPYqpu1EN0AAO8cxoQDj+MsAkFEPR+jrd9Z5NIN
- QVF2ITF0xS1hfW3AAE63VYWxTQrIkVM421wrjc9HSthHpfzCfCu8/gDlyFPIcPQlJWQE
- m/ApDS0I6TJIUhSzYhACQDSrH6zt+rf1EEuqc6keA60JANlszYe9SIXgAH0Aam4+l6Dn
- G+awDIKoJNPrrI4tD4Rp4ForRelximBPUiE9d5cUKFXHSKVOzj7KgLSTLUJ/qKhn4dAA
- DHEFvBsNjQfGxWoyBfDNL8jZKA8jSgnBgC4AAGB8jYAANQeCFQMAJcIWtwgDgPAfJyNk
- bzNh/QpAiAYuTUivDwAYBg8Y9F6AMuctcekLi1mBAmhUAQ9DJDwHVkUbw9SngXAsb8Bg
- 8FwDuZ6VUAwEixmiVCDPGSPEcNgYA+HDVRWX1XwuSAXugQABD0JiLEiXo2OfH0PBeg8B
- 3xwGcLsWxgQnBricP81g+x8t/HUXUATUwFgoyEOsaso1ELOH0bQfWVQAgNJcOMb5WAbA
- icIM0cxLgSgEVqPMDwNkADtZmPACEjQFD7XoOgc5tB+gFNgCAERTyYmlHUNx4wKAiBCS
- mPA2jX8JbdMSNHcAAAX7j0Nb7REbdubeIlGzbaOd1bvJBRPA4MNy1j3ObRIo0t9YNglW
- g66kd07w4ERqaakMEopDdwkAAUeGAACDw/gfEWMcFQfwdBDHSVFOKfSniXHV/cUS9xY8
- uDH2LP49ydafIN6suSyw3DceOUcxWByrkRirmOL5hzLnSqOaVi5ZzvoHQSG89t7vYtI/
- EJDcHEyYfg7mTD72WXYCxWOoKZzkO8epOB5j1lTKVKwIQQKLA06boXZUV9ExHuYtI+CV
- DTG4bQeDRWDAi7CP6d67h1mhhSyYegAyngIAOTVRLwx0jzOcD0GT2+zeLQR2jQ6X3HTD
- qv4xPk+6CD1NYOuziiCEgEAVnAfA3BhJmH0S5ZJvwUAJQkP7OAABrjiNKDMFJTx2E4MI
- PU1OwyoDseMPYBr2wKARKebtnat7oENLZIYFBC/HdqSzSZgUZ1JjqHFcIbw1GZj1BCQc
- CQ9lXgTAaUgezqSEALygCgD3ZF0DU/YtokrDFLzRIQO8ZwuAADFHI58cY5icAVBoCmAA
- BWH4jmHOH4LkG0GocIBKAcK8H6BCBYJkH8uEGIHOOcAeHoLkBI8U06Z2y2b+HoHyJwG4
- HyQKAOHSlkDQDQB6Ie5UIU+a6MSyRuWse0+mHEZmG8G2HcW0BmX0H2G2xsG4HcaEH2AI
- hSAcAs+WBiBCoWhYdaiIZUmyrmm0cWl+o0kwm7Cuiim8AAEzC6AABbDA3E3I/kV8eGK0
- J4AQdc+YknDJBe5+SOh+mWWySusGSKfCWsgcfY40cYrlCen4ywhCFeFIE2JyHgs4qOd8
- H0AQzQHqNoH2AUbkAUHicsHUH+Z2AKAIzgBQBaUaHSGgGUOAH2KwaSIQAO+EyMJcAEHw
- WyHOtYPGAMNuBABgBaJkNuI2CPFxDWl44M59DISKWsPiQkkYMUwDDiWsw1D238QsrTCc
- 6AmmBKBCkaHohjCcHcHIO8AkAmlkAQaeAQNKJuNCHuHsXoAKAVFsKgNwHQNYAiBAbkIQ
- JqJqNDGmJ4AZDSI/BaITDdF8SIwoXcVbGGI0YERvDiLYMEudGUfY8oIeGYF6FiLWAie2
- yWheAOsGAGHGGiZsAiN+H2HoaEHkHqJqBEAkXoHWACucAoAghqAqxkBaAtDURZHwIRH0
- t+RYeWTLCc8iiGIUgdDjDioONuhQe4e8hxIUI0GmGYGYY+A8bkHWHqXoH/EWQsAGb+AC
- Y2HmH4NCZ0PIHkKZHMUQAKKwAHIgXCRQkjDYrJJmV6RWZHB04wN4BZAgIVLYaoasQ4Jq
- fZGVKDJ+LUNCHEGmuERwNEXoMuHsOiHhEgLsJgU8OwLsAmkaHvBwKgAaJ4H4AqBKUWAj
- JeVU8tC2ag+SkPBdLO5DF7JoPK5dLsVyztCwr2plIMmIIQj5Coo2m0dgm0gQQqHSG6iU
- HQYWHcHuN+BWAorsA4QKHQzGKqzktapUAKWyG6HUd8AcA+M6BYA8KwdXL2d3KKSRLSR6
- pMiCjGIUuKmUBVPJC0mDM6kyKKozPTCyisoHNnPfCzCsraKLH7Lm8iTKfYfYwiwjO0LT
- O4SKiSjcjhGULYiGz44igKwCYEWs8jKDNdD3P8IvQASQNWNYd2WbQkmqeHDimU8ijwpW
- zhQRQ1QoSPLdD245Q0Io8jLmmUQCbk5NO1RKSMcqeYptRUI68jQEIVGUdE8XRmSKkVGG
- 8nRwLOF1SOAAFZSUAAEbSbKEu653SASIq2jEIKT3M5PlSKSIuYNENYHMHWJwHsASOcAK
- HsLkAGHYlGH9OIK+Has4AoBQBoYMAaLkBlTtF0mo5qMSn2+UT3JjS1LMl4BCAwQKHeQ1
- Kge2AkACJwykvMAINCHmHgeGAWAyUaHMG4OGos3pNDF24rNJLUSMiYXwX0T1T+rZKweG
- AJHsRXDMZqQ5M1QnNELQ3lU1TxF46LDfVCh2XzVITymmA6ACVqGIHzHcHUcIXyzgv0YK
- HqHcJwBOB2xkAiH2K8Gw80gmHWhSBkA2ucHgG+GmAAHYHwJwAmBiCAkWHgGAMmH4BikW
- hcAqJ+JWGyGOY4vqAABUCUB8pUHoiUFyGQOivAQKBYBCUalkMkHYHKq43FXyA4H6iUF4
- GWOiqcjQBmBMlkHfARXAhcAoBpXyAwH7B0HEHeZ2AgH2KQAcAUeGHQHAjmACBGZCKayg
- ASHyZMv0WyASAUNKHsHcyKHWG1IwHoAqucHyAgtiA8AYeGHOGyNoASAKeGAmA+UaAiAq
- bklEyKCXavVtU9VxH2SGdwiLV9DZGgKzHQAAP+YjbKK0IQH2eGREKhXEK+PGJtVSYkIQ
- HuNCNCcIQoQqARKwKyhjVTbJbKnAu+NvVUNKJqeGHoHgJxCJLvbpVfbRVcJrMonIOOH2
- Jq1cIVDNHRNQJ5HkHxHpHtKwZqIUAJDMH5cmKjVQITbZboJsIRbpDOYieGnAeHaZDRHr
- azVBSkIZKwZMHWHnDQH+cIAayrN8NuAcACjgHIOiMCA6jQAKx6dK/mHUeGoOeGcIJ4KR
- ewH2LkAbeiJWZqAIH/bYXG3+4IkmBKA6ygMsMsUMdSBMBKdGHkHUQkHkHMZMAwBhMuAI
- HUuEG+naOOMkRmA4bkAJaaSYO88+9aHUooGoH4N+AgH8NLOINuHQHINoZ2O8AGBCtjJd
- B0GsGuYKKgQKBNgKYYGyooHsAQKxTgtiAkH4NYGsHIKQluQAAuuceGs4HOG4yKAOBS3o
- AsAQXoHAG4ZMJ4N2A5hwAAHUHIjmH4AoygdKzgNueGHIRkHsAMygBVUGKyHaeMHWH2aE
- HaAWX0BZiEaGHJB0AQAUJ5gWX2G3VlU5TzU+IoH4NoGAFgGcOwbcW0BQZ2G4HUzgAYHi
- c+HwzfACBySenEhSBgA6QkFoF4YKAsAkJjZ0aELCKesEtiAUGs9GHWAQzgAeA6e2BEBS
- +W/UIymmBCb4AAHIAKKeHu8KVtkovos2U9HEKriWAIADZSHuKQH282ASAIN2AmAcdSHI
- GoiaAgBSocx4K8HFMqKqVfHQhrlyAOAKXoAGAwsHmGcIHIHA3xCKLtmJbqNC9oOOA6ZC
- sWAAGycsXDFtDSb+hhdoACcIAYAvm6PIHSHIjgHsHYJiA4bAhhKeAeJcH0H+KeKweGHM
- G6c+swe2AyASb+AEANQ4H6s4HeH+jQAoAYJdUenCG4XBmYodake2HHjimpjnVu7TBgSQ
- WIcILvHOTpGeb3iZOQH4HmLkTkQqJSQkH5HGQBA0IQukNxEytlHfb4AAHFCCQAA4udcM
- /mlGtGucAsAiNgQ5qkJUH7dMPGAsUaNK6StGKrVUuHp6HEJVEgzhc7bKKzbSbUeGAiAs
- NKHoHMlGHvCOZ5dzdMJwHMHdVTAMQA7GtDqYOOAssGAdrLVWHwHYOiHdLEXCAiJqHfsK
- MClkbazhKWJ4NWMsAKHwXoASA8e2Q7T/d4R7VMmkkmA7OYAAGeYMauAMXoO8dGY4iUHo
- HsZMAuBRtGACs4HSHfcSH6KeAXbWOWH1YM82A3qGAIHkiaGraGU8H2JcAqAM42WuWEc+
- AUBUM6udB0GWGMgCH6AgygBCAgdGAK1SvoHgxsHsBOCCUXuuHEHoKeNgd8qfHQaEHGHA
- yKAMBZveBEASNoGEGss4N+lkA/tovWeMH0AyQqHMHnhKAiKQHWUPGuzgBoBOugH2jgH6
- A9AgAcH+dSHll+KgHsb+H+HsWyAbpsAPq+YZpTDbVlT0LUuC34jyqUS/tQnzdXVVVggI
- Q0Q3cCSztLxljqSygoyKW3KJtTUEAKOiF1oAaGHCJ4B4ByN+G4GsMkAMH0cIBcBwodTb
- XAyeJWG8JUAgAWlkHMUOHuH0J4BkB8+WACHegCGaHOJiQJRgMuOOHWgC/mIQBSBwJ6AC
- iUFsFwibi0IPW0dHYKu8jgHpmYJ6x5naG4WyAhFgQspuNEjgHO82AkBQ+4xYGcGeJUvw
- NKBpYqSmAIcJTcZMHcAMZCAyAdcQHCGqAAG0HWN2BaBMNgHmHAOGHrlrJKZCBUAhaQG+
- WyH+vwTSBkocAaAlpPxhLRyLa3NKR6VoVgVlP7yYidbENDMoP+YkPJ3BrbVUQ7c/dLcD
- cohifaJutCZrExcndZbsKhfBdQRPq6HpbTdhcDcgJu9tGZ3aHVdAMDbp3UH4XpdJG9b3
- raQyeHbNVX3KJtbvyFci86PHJfdV4pdWOOXpb1cDyJU7NH2pVASLLdKDKCTFGeAmKQGk
- HaPWH6JqAwAuJ4HQG6aEAcAMcIAOA6N+sKYKGmHWJ4AWsCxmAeJ5fugCHGHmlkBqBosH
- 1VB0G15dNgNKAwpvBsc+A4BA2gAwZDmGO8TcWyW75iAeNgHQGttcHuqoA6Bc18AaAQO8
- UMWyHqHWXoXyyhFWyaH3Fji4IQHx7AHYd8RsdToFzSG4xsASBKe2HqH+LEAmAS2OG7B0
- AcAgQrG0J4HYHDKSHjf0QAAhqgHwVqGwHAKeBIAWXoAUBCzRrkeJjlHz2npbVySLQtxv
- Rt5TfTpsHUH6/EHsKRmMJqHaHYs55wIQ8+UI2MYYHgaEH5vEpVK8H4HkNoH8AVJOAlir
- +QHl92NE9KMCIWb+KwO8HsAULENJ6O/5qSKgK2Jss4KQO8H+AkyhjaIQLp28H4Z3jacJ
- btB0HgH6IACgAGQyEgAAH49gA6HlAg4EgRCHk7oRFX2AX4AHa9wMAAuDoi7XY7wADgUE
- AACgI+4PFX4BgIAH0AI6BQBLJFLA4GINMXvCAYEQA32u1wAKaRLYPRaNSBSAGxUWw/qo
- J6dSqxWa1W65XXdX5u+5YF7JXbNZ7RWqZRxKIQA+ABMYqAAQCJi+LwAHk6ooEg8GoO73
- EAHNJbi+5iGgtEXU4nUAADLQbf7jgsI/AdcX/EcVEXo5sG4nfMwyJxIAKFJMdkQsEgZd
- LthG5hQMCoyAwsHtQAHphHdGZi/wAFgtQsbjwUDYy9gTgAsBN65t/cX5wgsGqE9HVjwJ
- tgA6ntBg8FoPoHkAAlrdhMXU3G5kApmQICPIEYjWM/hQIGsB9wAtarqVACkqkqaqwCtM
- EwUg55QaAB5wgAANwnBcKwqtYQgWdgAFubYBIGCShAgBiMmoaJ1uGBgFgAEwXMAfZ3Pe
- aoCBM4Z7HmACbJiep1HaAAHgtFYIgwB4AAGfkNmwd6WHSdqIhOCCBHqcijH8C7yAsD4R
- JKBCMmsY5oL0Bi3QzFYOAomJ6HiwZ/gzLa7IychvHqkoFAOAB/n2eIAHudZygAdh8n6A
- AKhYGqPAKdIAGEax/AAEQCw+BqULiAqWAODgOIOe9Bnkea4Hgb5tgAch3gSAAXyguIAT
- ofIGUoA8ire3ptGQcb0IMAAPhc04GNyhZtqapMBKKo8CKkqh/KtYcLWarZ72gAB02mAA
- QWtZ1sK7AAQg63j5uog66oOvCM2gjIIgi19ZreAjXtjCp8N63r7oyAAGAYu56LgBAGP8
- pSMnoel61Xe65JafB3sefgGvJfFx4CiqY3uiOEMefACoFe7XruAB3nomIEn2uACXTh6s
- Lg19+4BgTDuBkuDK6uGEoyBKBLpe6sQGp9iWEp8C2TZed2zoaxJYcOjgAEmlaHpmeAAE
- ICnOABgHRD50HRU4cBsDYAHWaBuxyBk7hAFDASPPZ0HxQZsmxQYTg4CunhCjpqGSawAA
- m0wAAoBiFGobx0AAcZ3qEFoLI6eByQ2CgLJsB4UN03k/mAZbzgwDLAAqA0VhCENcnuci
- 9AMzJ+HnP5lGmhSDTuDoORWBoMJsbRjmo4Ydh0wzHl0YiKAYeiZhOF2uH2chszwC6Dm+
- fwXgAFgNpidZrVGdJ0Ud4OuAIes/nlD9WAgE4AA0BoGrie0UHOampBAHVe1+dFg2NoSl
- 2Kq+fwPZmm2af/9gAbP/AABRAF/LTWdQDgNAeBBWh+F5NgquBMDy0QFac/VZD935QQQS
- NqDSLATI1gwgstYHQCobGCORRw9x3gDAADAG7yBoDAMGBwAyih/gvCAAAEo/mwDXH4Bg
- g48yMgVAWRFUKYRxj9AoAAIIOwRlxHwj4cYCIfD1G8YUCACzMqhG+ZAfRgwCg7CUAADg
- AXQi2GIQoFAHHyRXiy/8AwIjyAcBMpoAA8FFDOHUTECA9SMgeAqTYARKwADVGyn8DYNw
- ZElHwooYwzkUG8JsDoGTcR4j2IUAMfo2AADMH+DkAANgOEZheqME4KEtgMZspYwo7wGA
- gRyANU4BDoAAhe4EGEIgAALBOboBoEjADjfggh+bPSoQVWVMKD5aBATLAAGCZy1VrzJL
- MgAEq3WPEtLkAlfi4y4D8H2T9khQkulwHwvU4EDlNlwAAAkmJdV6LyH4v6dBCDgAEXrN
- smLAJyzYnmxEuc+C3m8n2Ps84AAGgOJifMiMCzezxXdAtjs6lTkHlkv+ik+Z0FygZRWj
- E9CDs4oxOWjU6iWr8nlBIlsBX7THfxNIswlaYAACvTNvYFIk0uK4WuaoEwAEUMiO4chc
- AOAgfIOQayfwCAFTuBgEqmgCOgAAOAeBwh7D5RWCYC5Ah3DpPOA4DjDWDD3MeNwe5Ni9
- HCA4Bcgw9h7kUH8PNwI9ALgqjEAQij0k6AYA23EB1Zh0OKAABABJPx7AUBKcMAhjxrVB
- RyPYiJbSDD4oIx0ehCgKgeqcPwn7xXQj3AW8gEoEyBDmHJFsBIC06DhAIacFhzwADaa+
- SkAzcQQOeO+N92o+XyEaAPay1w6BwEkJuoOpimp3AAWDMSCaxyotAmRAMqSeH+Dguo+E
- CZNhrjgQ2POwA/qDt7AuTYeg807gPAGR0EIKVujmvYAAJN74DQhAWT8b4BEtgcAUT8eY
- +ibD2q4qtRwFKskHH6ecdA/IVDwHgTECgCU7kdIyAUBz5ChE/HwTAmQBKftpnQPweSdA
- DgOkuBAtwDQEEseLFseA+yDAZAoitPhCgIAPIyPoBzyFTo4GyOMfNgQAJ3AkAkmY9R2G
- DHKAE8gJgVtcALE9/o5SFUEI6CADM+R5IbOZCofKmG9pdAAPEds6h6qDAgmhVeFgBksH
- em1va6h2DeT2A4BeDMBgEl84KYNLaVTGaDA+As1L1jmHgACSxLAKAYbiPyiC7SUJdIzS
- YAAttJAACVpW+KxadnfH2ZnIM7T7sJLhd9cLGzPgAHEPYjpb4VAeA8dk0BegFHkA0BCh
- Z2kHo5QePImxfyY3sJ+a2ia4qQsQHdY58Nrh3nSLevWy55E0mEHUyPBBwzsFvMbqYeJM
- 8SGnPIaodWuwNLqJboqbo8yKDuALrJEh3xzE/AcA5U+kDtGDH3hi/Z4jyGEHERQAtFQI
- mKnRSiYb8Zi3Ngtn5+hSeBNM0kLbSmloBoYxoAAaQ6VHKOJsBACe+R4p/HgOsn4FwSGA
- AgRBPm9Z0kaHQjhKYzgADdHYqcGQQQYZdIUO0f5Ah1jiToBDVI8BvDhLjV8AAI40kIHe
- 6EZg20Nj6AI8hKBAibKDH6PAcAAB/AheYBcCpERyDa6uPXBaum4gAHyPtOg6x2mPAaC0
- HBHsvDZGqn8d44UcAlBa3EfY5XjDsAdEkAoEgPqEZs9FUcuQMgAAwpQBLIS3gLU0SpTq
- nI6jccCAlEaEgMECNwbp99yqU8JZ9ny57+c9jNAAOcc8lwAKDIOTYBQAyZjwH0SwBIF1
- ugSZgQcb3vQABL+Bpf0FOIDwLnVsL4nySDkZgYXX3azYFnAXf6H4Z//RcFQNSyC/Efrm
- 8k0KwXBhQLbrToqcDcey9ALNOCsFJpwI/P4W0OnTsQADcHhCodY5jegZAsQoaAa4lg14
- 4QGgHCJoAgfBwIbAfQ8gBabxHIfYjIeAcqLYdoehRwFQHYFxHIdqTQb4BBGqEZHyK5uI
- AgeAwYA4DJFYfICB5ABS7jigbzHoBYBYlCIQ8obLoQDIEjCACYp4C4Bo4QbyI6wIfbHo
- kwjIfwfYwp6RPYDIHIHZvAfB0IaQcjjIlqPwmwcaDYAYEIzIeQALwYDzIIhAdDjweojs
- LDL4cwbR7w14cwAItwFS8L1MKhvYDZFcFiniXqX7PKC7Pbgz7ThD6qBL+JbKagtyfYuY
- uIuQe5HCgyiahRkw3plI+5cj5YjKbzR5l5eJbxeiihf7R5forQuAegeAuAexb6hCfIe5
- kasxdpjagJgJgadpgzRSgIlgugoRfEUhlgfYhSgyhCegn5SpPgfhkBcQuxmQdQjKg6fK
- zQhAAiWKiorCe76YrLhcP77LPsQj7qDEQpbCEKEYAAagf5TQAw3rxQDgmIdAbpOgCgAw
- lgBQEJ5DE4igdAfogTK4yJIgjIcQbhRQBYBpFcHUehGC14dohQdQeIoRFwmMfxFD87QY
- eADIGyMQBJwIZIYpsBvBGpFwiIcT/4jwFQlAfoCBGoCauwAAZ4aBW7rCngGIEgzIcwbi
- TQdQmbooGkip8iLYZIbIjIAwfJU8mAzIdgcIaTswEI04AgfwlDeAnAcbIzb4AAG4FSHw
- fAfRwIeoBAzIe4fQ14CYCI4QbAZJsABTDAD4FpLYCICo8goj6sbK5ylq6AqK6Q4SD4AM
- vCACAT7gpoEKHwdQd5HAdweIyIC4DB8gkQhQnYnpPkW4vQvIeQeBU4CQBQmwhJDYAwCh
- TQCCp4t6b4vQAIgTDwlguxU6/pHKewm4BQzLfog4ewdycg6oukaLXAhQBMykRZcZepBo
- 4E2QlQlkTCyghQBYCyH036nodwyIiI4U484I7pU4lis0WweZTwlo14iAlgAgk0RcZxcs
- YxPgdwx4mQmYBQCingBACAoUtzgi5b0cQEbb5U+L+R+gDpIocQeQjqWQzgxbdhHAAsZ4
- BIyhLo3swBHCyR8gv4xgcQwoAJb7f7fIywcwzAzQxL8Y79BYlICw+Rds2Y6MZY9ABxdw
- +4471ofQhQBAED9xjr+ocwuDzh8I8Y3jV4d5eoBgDQ3Q1LU0qQ1oiL5whETic4uNHs1I
- dQc0Rwlo644w9wyAB4joe4/YAADwBJHDdomywYhQBrgBg0bD66lc+E+VMBCxbanlIwuA
- dAb5PYBQDENwaBRR1p15Igm4eboQaoeJIoBYfzjLDBHg2gCx5ADzzZPBJAqAex8gBcX4
- mxO4AofRDY4TQYAIDYp4CQApOgawapsE/A3RDJHZHojxrj1oCpLYzIigZwaZPbWhIrWY
- lhQZOgdAd6ywEwFgksA5/oarq4dIdYyJVIlAfgepFAfQBZD4cIe7JIDBU4c1NpvACwlA
- BQBc7JVgvUXz1IAwtwEAAZHAagaokgEoER5ADdQLzpYEt9Lr0kuVMNc4s5bZbofBb6f8
- aw3ia4BBkot4kjUKdFHxeI3oe8XBdDcT5gvLR5e1d4tJgFGhew+1eBeZSwoCcQrQeia4
- oLcRcZhIhBhhez54rYfhiCBxHAiI+xfJfcURf9jYuUYxdwuVh8SdeYtUbrgaCk970tdF
- mVlgowEriYa5fQAAZoaRRwHAF5U4ZwZZPYHKSadc7Yf4fAwoblgwbocp8gGaGSOoclBh
- FRpJstOQ94Z4dDGFJ5p4CxuJzogwcgYYWSOoFoHh8KnoABo4ijTYtzRJVgchW4CRqDsw
- CCJoB4fCLYaDq4mgfozIFTfIeofROg/YlABc1ZcYx4YwZAvoCRuIDpSipLEADowBG4yI
- 6qswcpu4cAe5uIEdyVShIwB5FcwjwAfY3ocAbUETQhvBvQCgDrz0PpnNclmFc1md3D6k
- 9l3N3l3tdFLiYlL1mN3135+j+gaaFIm4eIjIDAEA18sboUswjoFAGKpwvRUgdiFQyAmI
- BzVMh6dZUgm4ELt4EgA5RQdErQwgcaNAEg3RJB0IeoeqLYfgEgISMQAo84dIeA3oe0L7
- xSmwhAdh0IAQBwlgfEkxvF8IXoZjHp5xFYB4B4gQekoxwUYYDQGVtAC8lIZ95B8KK5vG
- CIt4fQ84AjOYm4BKHwlYkkdg5ABZIuCBm0rCnoexOgdIASw4FADYll6C2QgV6i4wCMtt
- lr614Ncr7d4lmUQ5WYigcAdxD5K4lCtoiidhkCvsT5PidUroyKewmM04ed/qdc8xHIf5
- HAexi7QgfY4ShAzLd4uU14hDd75YlgeSqqko6l7kYKWReqjUBwr4yIBqdkB4hU4JtSj4
- CIzIpQibQYeQdrAIC4iKew4EYIeQjidaswkQ84CYCYgxSwhU7RmwhIvQl81CH4dw4QBq
- QQBOK1g4oeIcuDg+JF3inQDpFYbk5MRZU4ngmK2BwIDABeRYDLmtawiisomIcgcgjMeY
- gyoB4weoAooQDoEDZwfgx+JogQkF7gAoiIeQchMIc4f5Fay6w78Yn4cAbBW4ewf4lCOY
- zJ4pW4A9ZxIwEKug8iu4b7HoDACZFbeCrTr57yHzRAgxU6zaxhJBqQCgE5Gof4dqLYhg
- lgB6Do9AuSoBFA7ufZmpPgdMNiqYmwfACZMgBxOIayR4fQuADAGCw5foiK5N3dly5kbV
- 4eWM+RbaH1gxaQcjQc1YmLMBepxJewECJo+whQdgfCFQ6p8gAgfRR08BPGjACuPIBU6D
- Jwagbg4TFwiIe4c7q4B4Eh8A4omwn6iYfBFAchwKdZgzD7H4BQlgAYDBTSdjFAcBwIeA
- dQyIEFKT5Yn4dgdWioEIFsixPYbIdEm4d5QYDYDJU4CICYzIeYdobxQAAzwYB4BCWIeg
- wYbocGu2vCjAf+EOSj2ABAmweJwAumEwCIj4ujO6YFceIt22I+mVMGWZIodQeYgRELRs
- Sqfebjq4AtFI3acgitIoljVg1IcSLYdgfRO8pIwEA43qkgdweVCozzV4c1wawMpKxD5j
- YgfYzgoQwjdo4YC0SGSA3jaCigiYkt9qJ252PabdAagOrEVg1Bkoz7egB2gW901Id6a8
- T9ftH6bqtqnrdJ8Jh1Iokk/+sNAV3SZGV8QO2FmZAADAyIZzU6OoegyIxSFRExFAEBK5
- aoEZIoeYdRu4b4BjmoFBmwduwZH475QG5NGBIof4fhPZQLHrHYmzqNuIoweV7QDIGbt4
- CaqAZgcIyIDgCYlBSxUDoJPAA43oAwFEKAEQDLrwaaTQcgcojIEpVRVh84eZQYDQFFWV
- SZPYagcA4QDQBb2ExtVgoBFeovJDXDL5RQg5FYgQn4eosW0pOgckcrwjsq0hI0eCg1OI
- A5912c9r7EuO1/B75Ub/RnR/SCCOV12umF2/SKlxDBqIAAXQebxI8iFTAQmwcQaQkgFw
- HiuhvieXS/Vd4u1jgl4XS3Vkbx+gtqgL5afY+YnyIGSydtkXWXX+2PSe1vSvRfYEbkQf
- Y3ZOmV4HV+I3ZSaS6J/cu3Z/amJEvAyKAIFF2nYfaQE/aXavcHcPcR/Pa8vXbRAoE/dJ
- 8HcfdndvdxZwgIAAAA8BAAADAAAAAQBbAAABAQADAAAAAQBnAAABAgADAAAABAAAKWoB
- AwADAAAAAQAFAAABBgADAAAAAQACAAABEQAEAAAAAQAAAAgBEgADAAAAAQABAAABFQAD
- AAAAAQAEAAABFgADAAAAAQBnAAABFwAEAAAAAQAAKKcBHAADAAAAAQABAAABPQADAAAA
- AQACAAABUgADAAAAAQABAAABUwADAAAABAAAKXKHcwAHAAAZ7AAAKXoAAAAAAAgACAAI
- AAgAAQABAAEAAQAAGexhcHBsAhAAAG1udHJSR0IgWFlaIAfaAAcAFAAUABAAG2Fjc3BB
- UFBMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD21gABAAAAANMtYXBwbAAAAAAAAAAA
- AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEWRlc2MAAAFQAAAA
- YmRzY20AAAG0AAACQmNwcnQAAAP4AAAA0Hd0cHQAAATIAAAAFHJYWVoAAATcAAAAFGdY
- WVoAAATwAAAAFGJYWVoAAAUEAAAAFHJUUkMAAAUYAAAIDGFhcmcAAA0kAAAAIHZjZ3QA
- AA1EAAAGEm5kaW4AABNYAAAGPmNoYWQAABmYAAAALG1tb2QAABnEAAAAKGJUUkMAAAUY
- AAAIDGdUUkMAAAUYAAAIDGFhYmcAAA0kAAAAIGFhZ2cAAA0kAAAAIGRlc2MAAAAAAAAA
- CERpc3BsYXkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
- AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABtbHVjAAAAAAAAABIA
- AAAMbmxOTAAAABYAAADoZGFESwAAABwAAAD+cGxQTAAAABIAAAEaZW5VUwAAABIAAAEs
- bmJOTwAAABIAAAE+ZnJGUgAAABYAAAFQcHRCUgAAABgAAAFmcHRQVAAAABYAAAF+emhD
- TgAAAAwAAAGUZXNFUwAAABIAAAGgamFKUAAAAA4AAAGycnVSVQAAACQAAAHAc3ZTRQAA
- ABAAAAHkemhUVwAAAA4AAAH0ZGVERQAAABAAAAICZmlGSQAAABAAAAISaXRJVAAAABQA
- AAIia29LUgAAAAwAAAI2AEsAbABlAHUAcgBlAG4ALQBMAEMARABMAEMARAAtAGYAYQBy
- AHYAZQBzAGsA5gByAG0ASwBvAGwAbwByACAATABDAEQAQwBvAGwAbwByACAATABDAEQA
- RgBhAHIAZwBlAC0ATABDAEQATABDAEQAIABjAG8AdQBsAGUAdQByAEwAQwBEACAAQwBv
- AGwAbwByAGkAZABvAEwAQwBEACAAYQAgAEMAbwByAGUAc19pgnIAIABMAEMARABMAEMA
- RAAgAGMAbwBsAG8AcjCrMOkw/AAgAEwAQwBEBCYEMgQ1BEIEPQQ+BDkAIAQWBBoALQQ0
- BDgEQQQ/BDsENQQ5AEYA5AByAGcALQBMAEMARF9pgnJtsmZ2mG95OlZoAEYAYQByAGIA
- LQBMAEMARABWAOQAcgBpAC0ATABDAEQATABDAEQAIABjAG8AbABvAHIAac7st+wAIABM
- AEMARAAAdGV4dAAAAABDb3B5cmlnaHQgQXBwbGUsIEluYy4sIDIwMTAAAAAAAAAAAAAA
- AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
- AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
- AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
- AAAAAAAAAAAAAFhZWiAAAAAAAADzUgABAAAAARbPWFlaIAAAAAAAAG+yAAA6tAAAAk5Y
- WVogAAAAAAAAYwcAALUjAAARS1hZWiAAAAAAAAAkHgAAECkAAL+UY3VydgAAAAAAAAQA
- AAAABQAKAA8AFAAZAB4AIwAoAC0AMgA2ADsAQABFAEoATwBUAFkAXgBjAGgAbQByAHcA
- fACBAIYAiwCQAJUAmgCfAKMAqACtALIAtwC8AMEAxgDLANAA1QDbAOAA5QDrAPAA9gD7
- AQEBBwENARMBGQEfASUBKwEyATgBPgFFAUwBUgFZAWABZwFuAXUBfAGDAYsBkgGaAaEB
- qQGxAbkBwQHJAdEB2QHhAekB8gH6AgMCDAIUAh0CJgIvAjgCQQJLAlQCXQJnAnECegKE
- Ao4CmAKiAqwCtgLBAssC1QLgAusC9QMAAwsDFgMhAy0DOANDA08DWgNmA3IDfgOKA5YD
- ogOuA7oDxwPTA+AD7AP5BAYEEwQgBC0EOwRIBFUEYwRxBH4EjASaBKgEtgTEBNME4QTw
- BP4FDQUcBSsFOgVJBVgFZwV3BYYFlgWmBbUFxQXVBeUF9gYGBhYGJwY3BkgGWQZqBnsG
- jAadBq8GwAbRBuMG9QcHBxkHKwc9B08HYQd0B4YHmQesB78H0gflB/gICwgfCDIIRgha
- CG4IggiWCKoIvgjSCOcI+wkQCSUJOglPCWQJeQmPCaQJugnPCeUJ+woRCicKPQpUCmoK
- gQqYCq4KxQrcCvMLCwsiCzkLUQtpC4ALmAuwC8gL4Qv5DBIMKgxDDFwMdQyODKcMwAzZ
- DPMNDQ0mDUANWg10DY4NqQ3DDd4N+A4TDi4OSQ5kDn8Omw62DtIO7g8JDyUPQQ9eD3oP
- lg+zD88P7BAJECYQQxBhEH4QmxC5ENcQ9RETETERTxFtEYwRqhHJEegSBxImEkUSZBKE
- EqMSwxLjEwMTIxNDE2MTgxOkE8UT5RQGFCcUSRRqFIsUrRTOFPAVEhU0FVYVeBWbFb0V
- 4BYDFiYWSRZsFo8WshbWFvoXHRdBF2UXiReuF9IX9xgbGEAYZRiKGK8Y1Rj6GSAZRRlr
- GZEZtxndGgQaKhpRGncanhrFGuwbFBs7G2MbihuyG9ocAhwqHFIcexyjHMwc9R0eHUcd
- cB2ZHcMd7B4WHkAeah6UHr4e6R8THz4faR+UH78f6iAVIEEgbCCYIMQg8CEcIUghdSGh
- Ic4h+yInIlUigiKvIt0jCiM4I2YjlCPCI/AkHyRNJHwkqyTaJQklOCVoJZclxyX3Jicm
- VyaHJrcm6CcYJ0kneierJ9woDSg/KHEooijUKQYpOClrKZ0p0CoCKjUqaCqbKs8rAis2
- K2krnSvRLAUsOSxuLKIs1y0MLUEtdi2rLeEuFi5MLoIuty7uLyQvWi+RL8cv/jA1MGww
- pDDbMRIxSjGCMbox8jIqMmMymzLUMw0zRjN/M7gz8TQrNGU0njTYNRM1TTWHNcI1/TY3
- NnI2rjbpNyQ3YDecN9c4FDhQOIw4yDkFOUI5fzm8Ofk6Njp0OrI67zstO2s7qjvoPCc8
- ZTykPOM9Ij1hPaE94D4gPmA+oD7gPyE/YT+iP+JAI0BkQKZA50EpQWpBrEHuQjBCckK1
- QvdDOkN9Q8BEA0RHRIpEzkUSRVVFmkXeRiJGZ0arRvBHNUd7R8BIBUhLSJFI10kdSWNJ
- qUnwSjdKfUrESwxLU0uaS+JMKkxyTLpNAk1KTZNN3E4lTm5Ot08AT0lPk0/dUCdQcVC7
- UQZRUFGbUeZSMVJ8UsdTE1NfU6pT9lRCVI9U21UoVXVVwlYPVlxWqVb3V0RXklfgWC9Y
- fVjLWRpZaVm4WgdaVlqmWvVbRVuVW+VcNVyGXNZdJ114XcleGl5sXr1fD19hX7NgBWBX
- YKpg/GFPYaJh9WJJYpxi8GNDY5dj62RAZJRk6WU9ZZJl52Y9ZpJm6Gc9Z5Nn6Wg/aJZo
- 7GlDaZpp8WpIap9q92tPa6dr/2xXbK9tCG1gbbluEm5rbsRvHm94b9FwK3CGcOBxOnGV
- cfByS3KmcwFzXXO4dBR0cHTMdSh1hXXhdj52m3b4d1Z3s3gReG54zHkqeYl553pGeqV7
- BHtje8J8IXyBfOF9QX2hfgF+Yn7CfyN/hH/lgEeAqIEKgWuBzYIwgpKC9INXg7qEHYSA
- hOOFR4Wrhg6GcobXhzuHn4gEiGmIzokziZmJ/opkisqLMIuWi/yMY4zKjTGNmI3/jmaO
- zo82j56QBpBukNaRP5GokhGSepLjk02TtpQglIqU9JVflcmWNJaflwqXdZfgmEyYuJkk
- mZCZ/JpomtWbQpuvnByciZz3nWSd0p5Anq6fHZ+Ln/qgaaDYoUehtqImopajBqN2o+ak
- VqTHpTilqaYapoum/adup+CoUqjEqTepqaocqo+rAqt1q+msXKzQrUStuK4trqGvFq+L
- sACwdbDqsWCx1rJLssKzOLOutCW0nLUTtYq2AbZ5tvC3aLfguFm40blKucK6O7q1uy67
- p7whvJu9Fb2Pvgq+hL7/v3q/9cBwwOzBZ8Hjwl/C28NYw9TEUcTOxUvFyMZGxsPHQce/
- yD3IvMk6ybnKOMq3yzbLtsw1zLXNNc21zjbOts83z7jQOdC60TzRvtI/0sHTRNPG1EnU
- y9VO1dHWVdbY11zX4Nhk2OjZbNnx2nba+9uA3AXcit0Q3ZbeHN6i3ynfr+A24L3hROHM
- 4lPi2+Nj4+vkc+T85YTmDeaW5x/nqegy6LzpRunQ6lvq5etw6/vshu0R7ZzuKO6070Dv
- zPBY8OXxcvH/8ozzGfOn9DT0wvVQ9d72bfb794r4Gfio+Tj5x/pX+uf7d/wH/Jj9Kf26
- /kv+3P9t//9wYXJhAAAAAAADAAAAAmZmAADypwAADVkAABPQAAAKwHZjZ3QAAAAAAAAA
- AAADAQAAAgAAAAwAOACJAQEBTgGvAh4CjQMNA5MEJwTIBXQGLAbuB8AIowmQCoULhQyU
- DacO1xAZEWUSsxQBFVkWsRgKGVkaqBvuHSceTx9qIHYheSJ/I4kkkyWbJqInpiilKaUq
- oCuZLJAthy5/L3kwdjF2MnwzeDRaNS82BTbdN7U4jjlpOkY7JDwCPOI9wj6jP4VAakFU
- Qj5DK0QZRQlF/EbvR+dI30nbSthL1kzWTdhO10/UUNNR0lLSU9RU2FXdVuRX61jzWf5b
- CVwRXRFeEF8QYBBhEmIUYxhkHGUiZihnMGg6aU1qdGudbMRt6m8PcDRxVXJ2c5N0r3XJ
- duJ3+3kUeix7RnxffXl+k3+tgMaB34L4hBGFKoZCh1mIcomNiquLzIzyjhyPTJB+kbSS
- 7JQnlV+Wk5fFmPeaKZtZnIidt57loBKhP6Jro42kpaW+pten8qkNqiqrSKxnrYeuqa/L
- sO+yF7M/tGa1i7aut8647LoIuyG8OL1Ovla/UsBNwUnCRMNAxDzFOMYzxy/IK8kdyfzK
- 1suvzIbNW84uzv/PztCa0WbSMtMA09rUttWT1nDXT9gw2RHZ89rW27rcoN2G3m3fVOA7
- 4SHiB+Ls49DktOWY5nznXeg86Rvp+erW67Psj+1r7kbvIe//8P7yJ/NZ9JX13Pcy+JP5
- //t1/PP+d///AAAABQAVADIAXwCbAOgBNQGJAewCWALSA10D+QSeBVEGEwbkB70IpQmb
- CpYLnAzDDfoPPBB/EcQTAxQ/FXsWrhffGRQaOxtjHIcdpx7HH+Ig7iHmItQjvSSlJYwm
- cCdOKCco/CnOKpwrZywyLPktwC6GL00wHzD3Mc8ypjN7NEw1GjXkNqs3cDgyOPI5sDpz
- Oz88FTzyPdQ+uD+cQH9BXkI4QwpD0USORUFF8Ea/R6xInUmSSopLh0yHTYpOkE+YUJ9R
- p1KuU6RUe1VOViJW+FfTWLRZnFqNW4lcjV2ZXq1fuWCxYahioWOZZJJljGaGZ4FofGl3
- anNrcGxubWxuam9pcGlxaXJqc2x0b3VydnV3eXh9eYJ6h3uNfJR9nX6nf7OAwYHQguKD
- 9YUJhh6HNohQiWuKhouhjL2N2Y71kBKRL5JNk2qUgpWVlqmXvJjRmeWa+5wRnSieP59X
- oHChiaKpo8ik6KYJpymoSqlrqoyrrazPrfCvErA0sVWydbOVtLO10bbtuAe5Ibo6u1G8
- Yr1xvoC/j8CbwafCscO6xMHFyMbOx9PIyMm+yrTLrMymzaDOnM+Z0JjRl9Kb06jUuNXI
- 1tnX6tj72g3bH9wx3UTeV99y4JfhwOLp5BPlP+Zs55nox+n16yTsXu2q7wrwhfIZ88z1
- nveK+Y77pf3M//8AAAAFABkAPABxALgBDAFOAZwB9wJYAsUDQwPUBHIFIAXqBrwHqQi1
- CdUK9AwUDS0OVA96EJ0RvhLfFAQVKhZLF2cYexl/Gnsbehx6HXUebR9iIFEhOyIcIvYj
- wiR+JS8l3iaLJzgn4SiGKSopxipiKvwrlCwsLMctYy4ALpwvOi/VMHAxDTGpMkYy4jOC
- NCU00zWDNjI24TeROEE48DmfOlA7ADutPFs9CT25Pmk/Gz/PQIVBPUH1Qq9DbEQrROpF
- qUZoRyhH50imSWVKJUrkS6NMYU0eTd1Onk9hUCRQ6lGxUnpTRVQTVOFVsFZ+V01YG1jq
- WblaiFtXXCVc9F3EXpZfamA/YRdh8GLLY6dkhmVlZkRnJGgDaOJpwWqga39sXm05bhRu
- 72/McKpxinJrc010L3UTdfd22ne8eJ15fHpaezZ8EXzvfdp+1X/RgM2By4LIg8eEx4XH
- hseHxojDicKKw4vHjM2N1o7gj+uQ9ZH6kvuT+ZT0leuW3pfPmL6ZtZrQm+udBp4jnz+g
- XKF5opajtKTMpeKm+qgVqTOqVKt4rJ6txq7rsBKxOLJfs4a0rrXWtv64J7lSun67qrzX
- vgS/M8BhwZDCwMPsxRTGOcddyH7JnMq3y9HM8s5Kz6XRBtJs09nVT9bM2FDZ3dwf3rTh
- w+Vy6dHuy/Q8+f7//wAAbmRpbgAAAAAAAAY2AACjyQAAVzEAAFAaAACd8wAAJPAAAA9v
- AABQDQAAVDkAAiPXAAHKPQABUesAAwEAAAIAAAAHABYAKQA+AFQAawCDAJsAswDMAOYB
- AAEaATYBTwFpAYMBngG6AdcB9AISAjECUQJzApUCugLgAwkDNQNkA5cDzwQIBEIEfQS6
- BPoFOwWABccGEAZdBqwG/gdRB6YH/AhTCKoJAglqCdwKUArGCz8LuQw1DLMNMw21DjoO
- wA9ID88QWBDiEW4R+hKIExcTphQ3FMgVWxXvFoQXGhe3GFQY8xmUGjYa2Rt9HCIcyR1x
- HhsexR9xICMg3SGXIlQjEiPSJJMlViYaJt8npihuKTcp+SqxK2osJSzjLaQuZi8rL/Qw
- vzGOMl8zNDQMNOY1wjagN4A4YTlEOik7Dzv4POM90D6/P7BApEGZQpFDjESHRYJGfUd3
- SHBJZ0pcS1BMRE03TipPHVARUQpSB1MHVAlVDFYSVxtYJlkzWkNbVVxpXX9el1++YO9i
- IWNUZIhlvmb0aCppYmqaa9RtDm5Jb4Zwv3H5czd0d3W7dwN4UHmhevd8UX2xfxSAeoID
- g5SFKIa+iFaJ8IuNjS6O0JB1khyT+ZXql+CZ3pvnnfmgGKJApG+moqi0qsSs1a7nsPiz
- CrUdtzC5RLtYvWy/g8Gew73F4cgKyjjMa86h0NrTIdVv18LaGtx23tjhP+Os5hzoO+oN
- 69ftlu9K8PPykPQl9bH3Nvi2+jH7p/0c/o7//wAAABMALABGAF8AeQCTAK0AyADjAP4B
- GwE3AVEBbAGHAaMBwAHeAf4CHwJBAmUCiwKyAtoDBQMxA18DjwPBA/QEKgRlBKcE7QU3
- BYMF0gYmBn8G3Ac+B6YIEQiBCPUJbQnhClQKygtEC8QMSQzUDWUN/Q6aDzwP1xBtEQAR
- kxIoEsATXRQCFLAVbhZCFx8XxhhuGRQZuxphGwcbrRxTHPodox5OHvsfqyCDIWUiSCMr
- JAsk5SW6JognUSgWKNgpmCpyK1AsLy0RLfUu2i/BMKoxlTKDM3I0YzVVNkk3QDg4OTE6
- LTsqPCk9KT4rPy9ANUE9QkZDUkReRWxGe0eLSJtJq0q8S81M3k3xTwRQGVEsUkBTVlRt
- VYZWoVe9WNtZ+1scXD9dZF6KX7pg8GIoY2JknGXaZxdoV2mXatpsHm1ibqlv8XEzcnhz
- vnUGdlB3m3joejd7iHzbfi9/hYDdgjaDk4TyhlOHuIkgiouL+o1tjuKQW5HWk1uU6JZ4
- mAqZoJs7nNqefaAlodKjgaU1puuowqqbrHSuTrAnsgGz27W1t5C5bLtAvQS+ysCSwlvE
- J8X0x8LJk8tmzTnPD9Dm0qfUYtYe19rZl9tU3RLe0OCQ4lHkFOXY55fpPurY7GHt2O8+
- 8Jfx4vMe9FD1e/ac97b4zfnc+un78vz4/fz+/v//AAAAEAArAEgAYwB+AJcAsQDJAOAA
- 9wEQASoBRgFiAX8BngG+AeACAwInAkwCcwKcAscC9gMqA18DlQPOBAoESASKBNAFGwVr
- BcUGLwaeBxMHjggTCKIJOgnZCnoLHwvJDHoNMA3rDqsPaRAeENgRlhJYEx8T6hS5FZEW
- axdIGCcZBxnoGswbsByUHXweaB9XIEshQyI+Iz0kQyVNJlgnZChxKX8qjiudLKstvC7R
- L+kxBTIkM0Y0bDWXNsM38DkeOkw7ejyoPdc/BkA3QWpCoUPbRRhGWEecSONKNEuHTNxO
- Mk+IUN9SN1OSVO1WTVexWRpailv/XXte/GB1YcpjImR6ZdRnMGiNaetrS2ytbhNvf3Dr
- clZzwXUqdpN3+3lles98Qn2/f0KAzIJgg/2Fo4dQiPiKZovWjUiOupAvkaWTHZSXlhOX
- j5kWmqKcLp25n0KgyaJPo9SlWKbbqGSp7qt6rQaulrAmsbizS7Tgtna4Dbmjuzu81L5u
- wAnBpcNDxOLGgsgkycvLe80vzujQptJq1DXWBtfc2bLbNty53jrfueE14q3kIeWQ5vro
- YunH6yrshu187m7vTfAm8Orxr/JZ8wLzpPQ19Mb1VfXU9lP20vdK9734L/ii+Q/5efni
- +kz6tPsY+3374fxF/Kf9CP1o/cn+Kv6H/uX/Q/+h//8AAHNmMzIAAAAAAAEMQgAABd7/
- //MmAAAHkgAA/ZH///ui///9owAAA9wAAMBsbW1vZAAAAAAAAAYQAACc0AAAAADHYt+h
- AAAAAAAAAAAAAAAAAAAAAA==
- </data>
- <key>ReadOnly</key>
- <string>NO</string>
- <key>RowAlign</key>
- <integer>1</integer>
- <key>RowSpacing</key>
- <real>36</real>
- <key>SheetTitle</key>
- <string>Canvas 1</string>
- <key>SmartAlignmentGuidesActive</key>
- <string>YES</string>
- <key>SmartDistanceGuidesActive</key>
- <string>YES</string>
- <key>UniqueID</key>
- <integer>1</integer>
- <key>UseEntirePage</key>
- <false/>
- <key>VPages</key>
- <integer>1</integer>
- <key>WindowInfo</key>
- <dict>
- <key>CurrentSheet</key>
- <integer>0</integer>
- <key>ExpandedCanvases</key>
- <array>
- <dict>
- <key>name</key>
- <string>Canvas 1</string>
- </dict>
- </array>
- <key>Frame</key>
- <string>{{691, 169}, {842, 932}}</string>
- <key>ListView</key>
- <true/>
- <key>OutlineWidth</key>
- <integer>142</integer>
- <key>RightSidebar</key>
- <false/>
- <key>ShowRuler</key>
- <true/>
- <key>Sidebar</key>
- <true/>
- <key>SidebarWidth</key>
- <integer>120</integer>
- <key>VisibleRegion</key>
- <string>{{-81, -5.00002}, {721.429, 793.878}}</string>
- <key>Zoom</key>
- <real>0.98000001907348633</real>
- <key>ZoomValues</key>
- <array>
- <array>
- <string>Canvas 1</string>
- <real>0.98000001907348633</real>
- <real>0.99000000953674316</real>
- </array>
- </array>
- </dict>
- <key>saveQuickLookFiles</key>
- <string>YES</string>
-</dict>
-</plist>
Binary file img/WebIdGraph.jpg has changed
--- a/index-respec.html Tue Jan 25 09:51:23 2011 -0500
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,966 +0,0 @@
-<?xml version='1.0' encoding='UTF-8'?>
-<!DOCTYPE html>
-<html>
- <head>
- <title>WebID 1.0</title>
- <meta http-equiv='Content-Type' content='text/html;charset=utf-8'/>
- <!--
- === NOTA BENE ===
- For the three scripts below, if your spec resides on dev.w3 you can check them
- out in the same tree and use relative links so that they'll work offline,
- -->
-<style type='text/css'>
-code { font-family: monospace; }
-
-span.hilite { color: red; /* font-weight: bold */ }
-
-li p { margin-top: 0.3em;
- margin-bottom: 0.3em; }
-
-div.explanation { background-color: #ADD8E6;
- width: 80%;
- margin: 12px; padding: 8px; }
-div.explanation li { margin-top: 8px; }
-div.explanation dd { margin: 4px; }
-
-.adef {
- font-family: monospace;
- font-weight: bold;
- color: #ff4500 !important;
-}
-
-.aref {
- font-family: monospace;
- font-weight: bold;
- color: #ff4500 !important;
-}
-
-span.entity { color: red; }
-
-span.element { color: green; }
-</style>
-
- <script src='http://dev.w3.org/2009/dap/ReSpec.js/js/respec.js' class='remove'></script>
-<!-- <script src='/ReSpec.js/js/respec.js' class='remove'></script> -->
- <script class='remove'>
- var preProc = {
- apply: function(c) {
- // process the document before anything else is done
- var refs = document.querySelectorAll('adef') ;
- for (var i = 0; i < refs.length; i++) {
- var item = refs[i];
- var p = item.parentNode ;
- var con = item.innerHTML ;
- var sp = document.createElement( 'dfn' ) ;
- var tit = item.getAttribute('title') ;
- if (!tit) {
- tit = con;
- }
- sp.className = 'adef' ;
- sp.title=tit ;
- sp.innerHTML = con ;
- p.replaceChild(sp, item) ;
- }
- refs = document.querySelectorAll('aref') ;
- for (var i = 0; i < refs.length; i++) {
- var item = refs[i];
- var p = item.parentNode ;
- var con = item.innerHTML ;
- var sp = document.createElement( 'a' ) ;
- sp.className = 'aref' ;
- sp.setAttribute('title', con);
- sp.innerHTML = '@'+con ;
- p.replaceChild(sp, item) ;
- }
- // local datatype references
- refs = document.querySelectorAll('ldtref') ;
- for (var i = 0; i < refs.length; i++) {
- var item = refs[i];
- if (!item) continue ;
- var p = item.parentNode ;
- var con = item.innerHTML ;
- var ref = item.getAttribute('title') ;
- if (!ref) {
- ref = item.textContent ;
- }
- if (ref) {
- ref = ref.replace(/\n/g, '_') ;
- ref = ref.replace(/\s+/g, '_') ;
- }
- var sp = document.createElement( 'a' ) ;
- sp.className = 'datatype';
- sp.title = ref ;
- sp.innerHTML = con ;
- p.replaceChild(sp, item) ;
- }
- // external datatype references
- refs = document.querySelectorAll('dtref') ;
- for (var i = 0; i < refs.length; i++) {
- var item = refs[i];
- if (!item) continue ;
- var p = item.parentNode ;
- var con = item.innerHTML ;
- var ref = item.getAttribute('title') ;
- if (!ref) {
- ref = item.textContent ;
- }
- if (ref) {
- ref = ref.replace(/\n/g, '_') ;
- ref = ref.replace(/\s+/g, '_') ;
- }
- var sp = document.createElement( 'a' ) ;
- sp.className = 'externalDFN';
- sp.title = ref ;
- sp.innerHTML = con ;
- p.replaceChild(sp, item) ;
- }
- // now do terms
- refs = document.querySelectorAll('tdef') ;
- for (var i = 0; i < refs.length; i++) {
- var item = refs[i];
- if (!item) continue ;
- var p = item.parentNode ;
- var con = item.innerHTML ;
- var ref = item.getAttribute('title') ;
- if (!ref) {
- ref = item.textContent ;
- }
- if (ref) {
- ref = ref.replace(/\n/g, '_') ;
- ref = ref.replace(/\s+/g, '_') ;
- }
- var sp = document.createElement( 'dfn' ) ;
- sp.title = ref ;
- sp.innerHTML = con ;
- p.replaceChild(sp, item) ;
- }
- // now term references
- refs = document.querySelectorAll('tref') ;
- for (var i = 0; i < refs.length; i++) {
- var item = refs[i];
- if (!item) continue ;
- var p = item.parentNode ;
- var con = item.innerHTML ;
- var ref = item.getAttribute('title') ;
- if (!ref) {
- ref = item.textContent ;
- }
- if (ref) {
- ref = ref.replace(/\n/g, '_') ;
- ref = ref.replace(/\s+/g, '_') ;
- }
-
- var sp = document.createElement( 'a' ) ;
- var id = item.textContent ;
- sp.className = 'tref' ;
- sp.title = ref ;
- sp.innerHTML = con ;
- p.replaceChild(sp, item) ;
- }
- }
- } ;
-
-
- var respecConfig = {
- // specification status (e.g. WD, LCWD, NOTE, etc.). If in doubt use ED.
- // embed RDFa data in the output
- doRDFa: true,
- specStatus: "unofficial",
- //publishDate: "2010-07-05",
- diffTool: "http://www3.aptest.com/standards/htmldiff/htmldiff.pl",
-
- // the specifications short name, as in http://www.w3.org/TR/short-name/
- shortName: "webid",
- subtitle: "Web Identification and Discovery",
-
- // if you wish the publication date to be other than today, set this
- // publishDate: "2009-08-06",
- copyrightStart: "2010",
-
- // if there is a previously published draft, uncomment this and set its YYYY-MM-DD date
- // and its maturity status
- previousPublishDate: "2010-07-25",
- previousMaturity: "ED",
- previousURI: "http://payswarm.com/webid/drafts/ED-webid-20100725/",
-
-
- // if there a publicly available Editors Draft, this is the link
- edDraftURI: "http://payswarm.com/webid/",
-
- // if this is a LCWD, uncomment and set the end of its review period
- // lcEnd: "2009-08-05",
-
- // if you want to have extra CSS, append them to this list
- // it is recommended that the respec.css stylesheet be kept
- extraCSS: ['http://dev.w3.org/2009/dap/ReSpec.js/css/respec.css'],
-
- // editors, add as many as you like
- // only "name" is required
- editors: [
- { name: "Manu Sporny", mailto:"msporny@digitalbazaar.com",
- company: "Digital Bazaar, Inc.", companyURL: "http://blog.digitalbazaar.com/" },
- { name: "Stéphane Corlosquet", mailto:"scorlosquet@gmail.com",
- company: "Massachusetts General Hospital", companyURL: "http://massgeneral.org/" }
- ],
-
- // authors, add as many as you like.
- // This is optional, uncomment if you have authors as well as editors.
- // only "name" is required. Same format as editors.
-
- authors: [
- { name: "Toby Inkster", url: "http://tobyinkster.co.uk/" },
- { name: "Henry Story", url: "http://bblfish.net/" },
- { name: "Bruno Harbulot", url: "http://blog.distributedmatter.net/" },
- { name: "Reto Bachmann-Gmür", url: "http://trialox.org/" }
- ],
-
-// errata: 'http://www.w3.org/MarkUp/2008/REC-rdfa-syntax-20081014-errata',
-
- // name of the WG
- wg: "Social Web XG",
-
- // URI of the public WG page
- wgURI: "http://esw.w3.org/Foaf%2Bssl",
-
- // name (with the @w3c.org) of the public mailing to which comments are due
- wgPublicList: "socialweb-xg",
-
- // alternate formats for this document
- alternateFormats: [
- { uri: 'drafts/ED-webid-20100809/diff-20100725.html',
- label: "Diff from previous Editors Draft" }],
-
- // URI of the patent status for this WG, for Rec-track documents
- // !!!! IMPORTANT !!!!
- // This is important for Rec-track documents, do not copy a patent URI from a random
- // document unless you know what you're doing. If in doubt ask your friendly neighbourhood
- // Team Contact.
- wgPatentURI: "http://www.w3.org/2004/01/pp-impl/44350/status",
- maxTocLevel: 4,
- preProcess: [ preProc ]
- };
-
-
- function updateExample(doc, content) {
- // perform transformations to make it render and prettier
- content = content.replace(/<!--/, '');
- content = content.replace(/-->/, '');
- content = doc._esc(content);
- content = content.replace(/\*\*\*\*([^*]*)\*\*\*\*/g, '<span class="hilite">$1</span>') ;
- return content ;
- }
-
- function updateDTD(doc, content) {
- // perform transformations to
- // make it render and prettier
- content = '<pre class="dtd">' + doc._esc(content) + '</pre>';
- content = content.replace(/!ENTITY % ([^ \t\r\n]*)/g, '!ENTITY <span class="entity">% $1</span>');
- content = content.replace(/!ELEMENT ([^ \t$]*)/mg, '!ELEMENT <span class="element">$1</span>');
- return content;
- }
-
- function updateSchema(doc, content) {
- // perform transformations to
- // make it render and prettier
- content = '<pre class="dtd">' + doc._esc(content) + '</pre>';
- content = content.replace(/<xs:element\s+name="([^&]*)"/g, '<xs:element name="<span class="element" id="schema_element_$1">$1</span>"') ;
- return content;
- }
-
- function updateTTL(doc, content) {
- // perform transformations to
- // make it render and prettier
- content = '<pre class="sh_sourceCode">' + doc._esc(content) + '</pre>';
- content = content.replace(/@prefix/g, '<span class="sh_keyword">@prefix</span>');
- return content;
- }
- </script>
- </head>
- <body>
- <section id='abstract'>
-
-<p>Social networking, identity and privacy have been at the center of how we
-interact with the Web in the last decade. The explosion of social networking
-sites has brought the world closer together as well as created new points of
-pain regarding ease of use and the Web. Remembering login details, passwords,
-and sharing private information across the many websites and social groups
-that we are a part of has become more difficult and complicated than necessary.
-The Social Web is designed to ensure that control of identity and privacy
-settings is always simple and under one's control. WebID is a key enabler of the
-Social Web. This specification outlines a simple universal identification
-mechanism that is distributed, openly extensible, improves privacy, security
-and control over how one can identify themselves and control access to their
-information on the Web.
-</p>
-
-<section>
-<h2>How to Read this Document</h2>
-
-<p>There are a number of concepts that are covered in this document that the
-reader may want to be aware of before continuing. General knowledge of
-<a href="http://en.wikipedia.org/wiki/Public_key_cryptography">public key cryptography</a>
-and RDF [[!RDF-PRIMER]] and RDFa [[!RDFA-CORE]] is necessary to understand how
-to implement this specification. WebID uses a number of specific technologies
-like HTTP over TLS [[!HTTP-TLS]], X.509 certificates [[!X509V3]],
-RDF/XML [[!RDF-SYNTAX-GRAMMAR]] and XHTML+RDFa [[!XHTML-RDFA]].</p>
-
-<p>A general <a href="#introduction">Introduction</a> is provided for all that
-would like to understand why this specification is necessary to simplify usage
-of the Web.</p>
-
-<p>The terms used throughout this specification are listed in the section
-titled <a href="#terminology">Terminology</a>.</p>
-
-<p>Developers that are interested in implementing this specification will be
-most interested in the sections titled
-<a href="#authentication-sequence">Authentication Sequence</a> and
-<a href="#authentication-sequence-details">Authentication Sequence Details</a>.</p>
-
-</section>
-</section>
-
-<section id='sotd'>
-<!-- <p>This document has been reviewed by W3C Members, by software
-developers, and by other W3C groups and interested parties, and is
-endorsed by the Director as a W3C Recommendation. It is a stable
-document and may be used as reference material or cited from another
-document. W3C's role in making the Recommendation is to draw attention
-to the specification and to promote its widespread deployment. This
-enhances the functionality and interoperability of the Web.</p> -->
-
-The source code for this document is available via Github at the following
-URI: <a href="https://github.com/webid-community/webid-spec">https://github.com/webid-community/webid-spec</a>
-
-</section>
-
-<section class='informative'>
-<h1>Introduction</h1>
-
-<p>
-The WebID specification is designed to help alleviate the difficultly that
-remembering different logins, passwords and settings for websites has created.
-It is also designed to provide a universal and extensible mechanism to express
-public and private information about yourself. This section outlines the
-motivation behind the specification and the relationship to other similar
-specifications that are in active use today.
-</p>
-
-<section class='informative'>
-<h1>Motivation</h1>
-
-<p>
-It is a fundamental design criteria of the Web to enable individuals and
-organizations to control how they interact with the rest of society. This
-includes how one expresses their identity, public information and personal
-details to social networks, Web sites and services.
-</p>
-
-<p>
-Semantic Web vocabularies such as Friend-of-a-Friend (FOAF) permit distributed
-hyperlinked social networks to exist. This vocabulary, along with other
-vocabularies, allow one to add information and services protection to
-distributed social networks.
-</p>
-
-<p>
-One major criticism of open networks is that they seem to have no way of
-protecting the personal information distributed on the web or limiting
-access to resources. Few people are willing to make all their personal
-information public, many would like large pieces to be protected, making
-it available only to a selected group of agents. Giving access to
-information is very similar to giving access to services. There are many
-occasions when people would like services to only be accessible to
-members of a group, such as allowing only friends, family members,
-colleagues to post an article, photo or comment on a blog. How does one do
-this in a flexible way, without requiring a central point of
-access control?
-</p>
-
-<p>
-Using a process made popular by OpenID, we show how one can tie a User
-Agent to a URI by proving that one has write access to the URI.
-WebID is an authentication protocol which uses X.509
-certificates to associate a User Agent (Browser) to a Person identified via a URI.
-A WebID profile can also be used for OpenID, WebId provides a few additional features such as
-trust management via digital signatures, and free-form
-extensibility via RDF. By using the existing SSL certificate exchange
-mechanism, WebID integrates smoothly with existing Web browsers, including
-browsers on mobile devices. WebID also permits automated session login
-in addition to interactive session login. Additionally, all data is encrypted
-and guaranteed to only be received by the person or organization that was
-intended to receive it.
-</p>
-
-</section>
-
-</section>
-
-<section>
-<h1>Preconditions</h1>
-
-<section>
-<h1>Terminology</h1>
-
-<dl>
-
-<dt><tdef>Verification Agent</tdef></dt>
-<dd>Performs authentication on provided WebID credentials and determines if
-an <tref>Identification Agent</tref> can have access to a particular
-resource. A <tref>Verification Agent</tref> is typically a Web server, but
-may also be a peer on a peer-to-peer network.</dd>
-
-<dt><tdef>Identification Agent</tdef></dt>
-<dd>Provides identification credentials to a <tref>Verification Agent</tref>. The
-<tref>Identification Agent</tref> is typically also a User Agent.</dd>
-
-<dt><tdef>Identification Certificate</tdef></dt>
-<dd>An X.509 [[!X509V3]] Certificate that MUST contain a
-<code>Subject Alternative Name</code> extension with at least one URI entry
-identifying the <tref>Identification Agent</tref>. This URI SHOULD be
-dereference-able and result in a document containing RDF data. For example,
-a certificate identifying the WebID URI <code>http://example.org/webid#public</code>
-would contain the following:
-<pre>
-X509v3 extensions:
- ...
- X509v3 Subject Alternative Name:
- URI:http://example.org/webid#public
-</pre>
-<p class="issue">TODO: cover the case where there are more than one URI entry</p>
-</dd>
-
-<dt><tdef>WebID URI</tdef></dt>
-<dd>A URI specified via the <code>Subject Alternative Name</code> extension
-of the <tref>Identification Certificate</tref> that identifies an
-<tref>Identification Agent</tref>.</dd>
-
-<dt><tdef>public key</tdef></dt>
-<dd>A widely distributed cryptographic key that can be used to verify
-digital signatures and encrypt data between a sender and a receiver. A public
-key is always included in an <tref>Identification Certificate</tref>.</dd>
-
-<dt><tdef>WebID Profile</tdef></dt>
-<dd>
-A structured document that contains identification credentials for the
-<tref>Identification Agent</tref> expressed using the Resource Description
-Framework [[RDF-CONCEPTS]]. Either the XHTML+RDFa 1.1 [[!XHTML-RDFA]]
-serialization format or the RDF/XML [[!RDF-SYNTAX-GRAMMAR]] serialization
-format MUST be supported by the mechanism, e.g. a Web Service, providing the
-WebID Profile document. Alternate RDF serialization
-formats, such as N3 [[!N3]] or Turtle [[!TURTLE]], MAY be supported by the
-mechanism providing the WebID Profile document.
-<p class="issue">Whether or not RDF/XML, XHTML+RDFa 1.1, both or neither
-serialization of RDF should be required serialization formats in the
-specification is currently under heavy debate.</p>
-</dd>
-
-</dl>
-
-
-</section>
-
-
-<section class='normative'>
-<h1>Creating the certificate</h1>
-
-<p>The user agent will create a <tref>Identification Certificate</tref> with a
-<code>Subject Alternative Name</code> URI entry. This URI must be one that
-dereferences to a document the user controls so that he can publish the
-public key of the <tref>Identification Certificate</tref> at this URI.</p>
-<p>For example, if a user Joe controls <code>http://joe.example/profile</code>,
-then his WebID can be <code>http://joe.example/profile#me</code></p>
-
-<p class="issue">explain why the WebID URI is different from the URI of the WebID profile document.</p>
-
-<p>As an example to use throughout this specification here is the
-following certificate as an output of the openssl program.</p>
-<p class="example">
-<pre>
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number:
- 5f:df:d6:be:2c:73:c1:fb:aa:2a:2d:23:a6:91:3b:5c
- Signature Algorithm: sha1WithRSAEncryption
- <span style="color: red">Issuer:</span> O=FOAF+SSL, OU=The Community of Self Signers, CN=Not a Certification Authority
- Validity
- Not Before: Jun 8 14:16:14 2010 GMT
- Not After : Jun 8 16:16:14 2010 GMT
- <span style="color: red">Subject:</span> O=FOAF+SSL, OU=The Community Of Self Signers/UID=https://example.org/profile#me, CN=Joe (Personal)
- Subject Public Key Info:
-<span style="color: red"> Public Key Algorithm:</span> rsaEncryption
- <span style="color: red">Public-Key:</span> (2048 bit)
- <span style="color: red">Modulus:</span>
- 00:cb:24:ed:85:d6:4d:79:4b:69:c7:01:c1:86:ac:
- c0:59:50:1e:85:60:00:f6:61:c9:32:04:d8:38:0e:
- 07:19:1c:5c:8b:36:8d:2a:c3:2a:42:8a:cb:97:03:
- 98:66:43:68:dc:2a:86:73:20:22:0f:75:5e:99:ca:
- 2e:ec:da:e6:2e:8d:15:fb:58:e1:b7:6a:e5:9c:b7:
- ac:e8:83:83:94:d5:9e:72:50:b4:49:17:6e:51:a4:
- 94:95:1a:1c:36:6c:62:17:d8:76:8d:68:2d:de:78:
- dd:4d:55:e6:13:f8:83:9c:f2:75:d4:c8:40:37:43:
- e7:86:26:01:f3:c4:9a:63:66:e1:2b:b8:f4:98:26:
- 2c:3c:77:de:19:bc:e4:0b:32:f8:9a:e6:2c:37:80:
- f5:b6:27:5b:e3:37:e2:b3:15:3a:e2:ba:72:a9:97:
- 5a:e7:1a:b7:24:64:94:97:06:6b:66:0f:cf:77:4b:
- 75:43:d9:80:95:2d:2e:85:86:20:0e:da:41:58:b0:
- 14:e7:54:65:d9:1e:cf:93:ef:c7:ac:17:0c:11:fc:
- 72:46:fc:6d:ed:79:c3:77:80:00:0a:c4:e0:79:f6:
- 71:fd:4f:20:7a:d7:70:80:9e:0e:2d:7b:0e:f5:49:
- 3b:ef:e7:35:44:d8:e1:be:3d:dd:b5:24:55:c6:13:
- 91:a1
- <span style="color: red">Exponent:</span> 65537 (0x10001)
- X509v3 extensions:
- X509v3 Basic Constraints: critical
- CA:FALSE
- X509v3 Key Usage: critical
- Digital Signature, Non Repudiation, Key Encipherment, Key Agreement, Certificate Sign
- Netscape Cert Type:
- SSL Client, S/MIME
- X509v3 Subject Key Identifier:
- 08:8E:A5:5B:AE:5D:C3:8B:00:B7:30:62:65:2A:5A:F5:D2:E9:00:FA
- <span style="color: red">X509v3 Subject Alternative Name:</span> critical
- <span style="color: red">URI:</span>https://joe.example/profile#me
- Signature Algorithm: sha1WithRSAEncryption
- cf:8c:f8:7b:b2:af:63:f0:0e:dc:64:22:e5:8a:ba:03:1e:f1:
- ee:6f:2c:f5:f5:10:ad:4c:54:fc:49:2b:e1:0d:cd:be:3d:7c:
- 78:66:c8:ae:42:9d:75:9f:2c:29:71:91:5c:29:5b:96:ea:e1:
- e4:ef:0e:5c:f7:07:a0:1e:9c:bf:50:ca:21:e6:6c:c3:df:64:
- 29:6b:d3:8a:bd:49:e8:72:39:dd:07:07:94:ac:d5:ec:85:b1:
- a0:5c:c0:08:d3:28:2a:e6:be:ad:88:5e:2a:40:64:59:e7:f2:
- 45:0c:b9:48:c0:fd:ac:bc:fb:1b:c9:e0:1c:01:18:5e:44:bb:
- d8:b8
-</pre>
-</p>
-<p class="issue">Should we formally require the Issuer to be
- O=FOAF+SSL, OU=The Community of Self Signers, CN=Not a Certification Authority. This was discussed on the list as allowing servers to distinguish certificates that are foaf+Ssl enabled from others. Will probably need some very deep TLS thinking to get this right.</p>
-<p class="issue">discuss the importance for UIs of the CN</p>
-<p class="issue">The above certificate is no longer valid, as I took an valid certificate and change the time and WebID. As a result the Signatiure is now false. A completely valid certificate should be generated to avoid nit-pickers picking nits</p>
-</section>
-
-
-<section class='normative'>
-<h1>Publishing the WebID Profile Document</h1>
-
-<p>The <tref>WebID Profile</tref> document MUST expose the relation between the
-<tref>WebID URI</tref> and the <tref>Identification Agent</tref>'s <tref>public key</tref>s
-using the <code>cert</code> and <code>rsa</code> ontologies, as well as the
-<code>cert</code> or <code>xsd</code> datatypes. The set of relations to be
-published at the <tref>WebID Profile</tref> document can be presented in a
-graphical notation as follows.</p>
-<img alt="Web ID graph" src="img/WebIdGraph.jpg"/>
-<p>The document can publish many more relations than are of interest to the WebID protocol, as shown in the above graph by the grayed out relations.</p>
-<p>The encoding of this graph is immaterial to the protocol, so long as a well known mapping to the format of the representation to such a graph can be found. Below we discuss the most well known formats, and a method for dealing with new unknown formats as they come along.</p>
-<p>The WebID provider must publish the graph of relations in one of the well known formats, though he may publish it in a number of formats to increase the useabulity of his site using Content Negotations.</p>
-<p class="issue">Add content negoatiation pointers</p>
-<p>It is particularly useful to have one of the representations be in HTML or XHTML even if it is not marked up in RDFa as this allows people using a web browser to understand what the information at that URI represents.</p>
-<section class='normative'>
-<h1>Turtle</h1>
-<p>A widely used format for writing RDF graphs is the Turtle notation. </p>
-<p class="example">
-<pre>
- @prefix cert: <http://www.w3.org/ns/auth/cert#> .
- @prefix rsa: <http://www.w3.org/ns/auth/rsa#> .
- @prefix foaf: <http://xmlns.com/foaf/0.1/> .
- @prefix : <https://joe.example/profile#> .
-
- :me a foaf:Person;
- foaf:name "Joe" .
-
- [] a rsa:RSAPublicKey;
- rsa:modulus """
- 00:cb:24:ed:85:d6:4d:79:4b:69:c7:01:c1:86:ac:
- c0:59:50:1e:85:60:00:f6:61:c9:32:04:d8:38:0e:
- 07:19:1c:5c:8b:36:8d:2a:c3:2a:42:8a:cb:97:03:
- 98:66:43:68:dc:2a:86:73:20:22:0f:75:5e:99:ca:
- 2e:ec:da:e6:2e:8d:15:fb:58:e1:b7:6a:e5:9c:b7:
- ac:e8:83:83:94:d5:9e:72:50:b4:49:17:6e:51:a4:
- 94:95:1a:1c:36:6c:62:17:d8:76:8d:68:2d:de:78:
- dd:4d:55:e6:13:f8:83:9c:f2:75:d4:c8:40:37:43:
- e7:86:26:01:f3:c4:9a:63:66:e1:2b:b8:f4:98:26:
- 2c:3c:77:de:19:bc:e4:0b:32:f8:9a:e6:2c:37:80:
- f5:b6:27:5b:e3:37:e2:b3:15:3a:e2:ba:72:a9:97:
- 5a:e7:1a:b7:24:64:94:97:06:6b:66:0f:cf:77:4b:
- 75:43:d9:80:95:2d:2e:85:86:20:0e:da:41:58:b0:
- 14:e7:54:65:d9:1e:cf:93:ef:c7:ac:17:0c:11:fc:
- 72:46:fc:6d:ed:79:c3:77:80:00:0a:c4:e0:79:f6:
- 71:fd:4f:20:7a:d7:70:80:9e:0e:2d:7b:0e:f5:49:
- 3b:ef:e7:35:44:d8:e1:be:3d:dd:b5:24:55:c6:13:
- 91:a1
- """^^cert:hex;
- rsa:public_exponent "65537"^^cert:int;
- cert:identity :me .
-</pre>
-</p>
-</section>
-<section>
-<h1>RDFa HTML notation</h1>
-<p>There are many ways of writing out the above graph using RDFa in
-html. Here is just one example.</p>
-<p class="example">
-<pre>
-<html xmlns="http://www.w3.org/1999/xhtml"
- xmlns:cert="http://www.w3.org/ns/auth/cert#"
- xmlns:foaf="http://xmlns.com/foaf/0.1/"
- xmlns:owl="http://www.w3.org/2002/07/owl#"
- xmlns:rsa="http://www.w3.org/ns/auth/rsa#"
- xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#">
-<head>
-</head>
-<body>
-<h2>My RSA Public Key</h2>
-
- <dl typeof="rsa:RSAPublicKey">
- <dt>WebId</dt><dd href="#me" rel="cert:identity">http://joe.example/profile#me</dd>
- <dt>Modulus (hexadecimal)</dt>
- <dd property="rsa:modulus" datatype="cert:hex">
- 00:cb:24:ed:85:d6:4d:79:4b:69:c7:01:c1:86:ac:
- c0:59:50:1e:85:60:00:f6:61:c9:32:04:d8:38:0e:
- 07:19:1c:5c:8b:36:8d:2a:c3:2a:42:8a:cb:97:03:
- 98:66:43:68:dc:2a:86:73:20:22:0f:75:5e:99:ca:
- 2e:ec:da:e6:2e:8d:15:fb:58:e1:b7:6a:e5:9c:b7:
- ac:e8:83:83:94:d5:9e:72:50:b4:49:17:6e:51:a4:
- 94:95:1a:1c:36:6c:62:17:d8:76:8d:68:2d:de:78:
- dd:4d:55:e6:13:f8:83:9c:f2:75:d4:c8:40:37:43:
- e7:86:26:01:f3:c4:9a:63:66:e1:2b:b8:f4:98:26:
- 2c:3c:77:de:19:bc:e4:0b:32:f8:9a:e6:2c:37:80:
- f5:b6:27:5b:e3:37:e2:b3:15:3a:e2:ba:72:a9:97:
- 5a:e7:1a:b7:24:64:94:97:06:6b:66:0f:cf:77:4b:
- 75:43:d9:80:95:2d:2e:85:86:20:0e:da:41:58:b0:
- 14:e7:54:65:d9:1e:cf:93:ef:c7:ac:17:0c:11:fc:
- 72:46:fc:6d:ed:79:c3:77:80:00:0a:c4:e0:79:f6:
- 71:fd:4f:20:7a:d7:70:80:9e:0e:2d:7b:0e:f5:49:
- 3b:ef:e7:35:44:d8:e1:be:3d:dd:b5:24:55:c6:13:
- 91:a1
- </dd>
- <dt>Exponent (decimal)</dt>
- <dd property="rsa:public_exponent" datatype="cert:int">65537</dd>
- </dl>
-</body>
-</html>
-</pre>
-</p>
-<p>If a WebId provider would rather prefer not to mark up his data in RDFa, but just provide a human readable format for users and have the RDF graph appear in a machine readable format such as RDF/XML then he MAY publish the link from the HTML to a machine readable format (it this is available at a dedicated URI) as follows:</p>
- <p class="example">
-<pre>
-<html>
-<head>
-<link type="rel" type="application/rdf+xml" href="profile.rdf"/>
-</head>
-<body> ... </body>
-</html>
-</pre>
-</p>
-</section>
-<section>
-<h1>In RDF/XML</h1>
-<p>RDF/XML is easy to generate automatically from structured data, be it in object notiation or in relational databases. Parsers for it are also widely available.</p>
-<p class="issue">TODO: the dsa ontology</p>
-</section>
-<section>
-<h1>In Portable Contacts format using GRDDL</h1>
-<p class="issue">TODO: discuss other formats and GRDDL, XSPARQL options for xml formats</p>
- <p class="issue">summarize and point to content negotiation documents</p>
-</section>
-</section>
-</section>
-
-<section class='normative'>
-<h1>The WebID Protocol</h1>
-
-<section class='normative'>
-<h1>Authentication Sequence</h1>
-
-<p>The following steps are executed by <tref>Verification Agent</tref>s and
-<tref>Identification Agent</tref>s to determine the global identity of the
-requesting agent. Once this is known, the identity can be used to determine
-if access should be granted to the requested resource.
-</p>
-
-<ol>
-<li>The <tref>Identification Agent</tref> attempts to access a resource
-using HTTP over TLS [[!HTTP-TLS]] via the <tref>Verification Agent</tref>.</li>
-
-<li>The <tref>Verification Agent</tref> MUST request the
-<tref>Identification Certificate</tref> of the <tref>Identification Agent</tref>
-as a part of the TLS client-certificate retrieval protocol.</li>
-
-<li>The <tref>Verification Agent</tref> MUST extract the <tref>public key</tref>
-and all the URI entries contained in the <code>Subject Alternative Name</code>
-extension of the <tref>Identification Certificate</tref>.
-An <tref>Identification Certificate</tref> MAY contain multiple URI entries
-which are considered claimed <tref>WebID URI</tref>s.</li>
-
-<li>The <tref>Verification Agent</tref> MUST attempt to verify the
-<tref>public key</tref> information associated with at least one of the claimed
-<tref>WebID URI</tref>s. The <tref>Verification Agent</tref> MAY attempt to
-verify more than one claimed <tref>WebID URI</tref>.
-This verification process SHOULD occur either by dereferencing the <tref>WebID URI</tref> and
-extracting RDF data from the resulting document, or by utilizing a cached
-version of the RDF data contained in the document or other data source that is
-up-to-date and trusted by the <tref>Verification Agent</tref>. The processing
-and extraction mechanism is further detailed in the sections titled
-<a href="#processing-the-webid-profile">Processing the WebID Profile</a> and
-<a href="#extracting-webid-URI-details">Extracting WebID URI Details</a>.
-</li>
-
-<li>If the <tref>public key</tref> in the
-<tref>Identification Certificate</tref> is found in the list of
-<tref>public key</tref>s associated with the claimed <tref>WebID URI</tref>, the
-<tref>Verification Agent</tref> MUST assume that the client intends to use
-this <tref>public key</tref> to verify their ownership of the
-<tref>WebID URI</tref>.
-On the other hand, if no matching <tref>public key</tref> is found in the list
-of <tref>public key</tref>s associated with the claimed <tref>WebID URI</tref>,
-the <tref>Verification Agent</tref> MUST attempt to verify another claimed
-<tref>WebID URI</tref>. The authentication MUST fail if no matching
-<tref>public key</tref> is found among all the claimed <tref>WebID URI</tref>s.</li>
-
-<li>The <tref>Verification Agent</tref> verifies that the
-<tref>Identification Agent</tref> owns the private key corresponding to the public key sent in the
-<tref>Identification Certificate</tref>. This SHOULD be fulfilled by performing TLS mutual-authentication
-between the <tref>Verification Agent</tref> and the
-<tref>Identification Agent</tref>.
-If the <tref>Verification Agent</tref> does not have access to the TLS layer,
-a digital signature challenge MUST be provided by the
-<tref>Verification Agent</tref>. These processes are detailed in the sections
-titled <a href="#authorization">Authorization</a> and
-<a href="#secure-communication">Secure Communication</a>.</li>
-
-<li>If the <tref>public key</tref> in the
-<tref>Identification Certificate</tref> matches one in the set given by the
-profile document graph given above then the <tref>Verification Agent</tref>
-knows that the <tref>Identification Agent</tref> is indeed identified by the
-<tref>WebID URI</tref>. The verification is done by querying the
-Personal Profile graph as specified in <a href="#extracting-webid-uri-details">querying the RDF graph</a>.</li>
-</ol>
-
-<p>
-The <tref>Identification Agent</tref> MAY re-establish a different identity at
-any time by executing all of the steps in the Authentication Sequence again.
-Additional algorithms, detailed in the next section, MAY be performed to
-determine if the <tref>Verification Agent</tref> can access a particular
-resource after the last step of the Authentication Sequence has been
-completed.
-</p>
-
-</section>
-
-<section class='normative'>
-<h1>Authentication Sequence Details</h1>
-
-<p>This section covers details about each step in the authentication process.
-</p>
-
-<section class='normative'>
-<h2>Initiating a TLS Connection</h2>
-
-<p class="issue">This section will detail how the TLS connection process is
-started and used by WebID to create a secure channel between the
-Identification Agent and the Verification Agent.</p>
-</section>
-
-<section class='normative'>
-<h2>Exchanging the Identification Certificate</h2>
-
-<p class="issue">This section will detail how the certificate is selected and
-sent to the Verification Agent.</p>
-</section>
-
-<section class='normative'>
-<h2>Processing the WebID Profile</h2>
-
-<p>A <tref>Verification Agent</tref> MUST be able to process documents in RDF/XML
-[[!RDF-SYNTAX-GRAMMAR]] and XHTML+RDFa [[!XHTML-RDFA]]. A server responding to
-a <tref>WebID Profile</tref> request SHOULD be able to deliver at least RDF/XML
-or RDFa. The <tref>Verification Agent</tref> MUST set the Accept-Header to request
-<code>application/rdf+xml</code> with a higher priority than <code>text/html</code>
-and <code>application/xhtml+xml</code>. If the server answers such a request
-with an HTML representation of the resource, this SHOULD describe the WebId Profile
-with RDFa.
-</p>
-
-<p class="issue">This section will explain how a Verification Agent extracts
-semantic data describing the identification credentials from a WebID Profile.</p>
-</section>
-
-<section class='normative'>
-<h2>Verifying the WebID is identified by that public key</h2>
-
-<p>
-There are number of different ways to check that the public key given in the X.509
-certificate against the one provided by the <tref>WebID Profile</tref> or another
-trusted source, the essence is checking that the graph of relations in the
-Profile contains a pattern of relations.
-</p>
-<p>Assuming the public key is an RSA key, and that its modulus is
- "9D79BFE2498..." and exponent "65537" then the following SPARQL query could be used:
-</p>
-<pre class='example'>
-PREFIX cert: <http://www.w3.org/ns/auth/cert#>
-PREFIX rsa: <http://www.w3.org/ns/auth/rsa#>
-ASK {
- [] cert:identity <http://example.org/webid#public>;
- rsa:modulus "9D79BFE2498..."^^cert:hex;
- rsa:public_exponent "65537"^^cert:int .
-}
-</pre>
-<p>If the query returns true, then the graph has validated the associated
-public key with the WebID.</p>
-<p>The above requires the sparql endpoint (or the underlying triple store
-to be able to do inferencing on dataytypes. This is because the numerical
-values may be expressed with different xsd and cert datatypes which must all
-be supported by <tref>VerificationAgent</tref>s. The cert datatypes allow
-the numerical expression to be spread over a number of lines, or contain
-arbitrary characters such as "9D ☮ 79 ☮ BF ☮ E2 ☮ F4 ☮ 98 ☮..." . The datatype
-itself need not necessarily be expressed in cert:hex, but could use a number of
-xsd integer datatype notations, cert:int or future base64 notations.
-</p>
-<p class="issue">Should we define the base64 notation?</p>
-<p>If the SPARQL endpoint doesn't provide a literal inferencing engine, then the modulus should be extracted from the graph, normalised into a big integer (integers without an upper bound), and compared with the values given in the public key certificate. After replacing the <code>?webid</code> variable in the following query with the required value the <tref>Verifying Agent</tref> can query the Profile Graph with</p>
-<pre class='example'>
-PREFIX cert: <http://www.w3.org/ns/auth/cert#>
-PREFIX rsa: <http://www.w3.org/ns/auth/rsa#>
-SELECT ?m ?e
-WHERE {
- [] cert:identity ?webid ;
- rsa:modulus ?m ;
- rsa:public_exponent ?e .
-}
-</pre>
-<p>Here the verification agent must check that one of the answers for ?m and ?e
-matches the integer values of the modulus and exponent given in the public key in the certificate.</p>
-<p class="issue"> The public key could be a DSA key. We need to add an ontology for DSA too. What other cryptographic ontologies should we add?</p>
-
-</section>
-
-<section class='normative'>
-<h2>Authorization</h2>
-
-<p class="issue">This section will explain how a Verification Agent may
-use the information discovered via a WebID URI to determine if one should
-be able to access a particular resource. It will explain how a Verification
-Agent can use links to other RDFa documents to build knowledge about the
-given WebID.</p>
-
-</section>
-
-<section class='normative'>
-<h2>Secure Communication</h2>
-
-<p class="issue">This section will explain how an Identification Agent and
-a Verification Agent may communicate securely using a set of verified
-identification credentials.</p>
-
-<p>
-If the <tref>Verification Agent</tref> has verified that the
-<tref>WebID Profile</tref> is owned by the <tref>Identification Agent</tref>,
-the <tref>Verification Agent</tref> SHOULD use the verified
-<tref>public key</tref> contained in the <tref>Identification Certificate</tref>
-for all TLS-based communication with the <tref>Identification Agent</tref>.
-This ensures that both the <tref>Verification Agent</tref> and the
-<tref>Identification Agent</tref>
-are communicating in a secure manner, ensuring cryptographically protected
-privacy for both sides.
-</p>
-
-</section>
-
-</section>
-
-<section class='normative'>
-<h2>The WebID Profile</h2>
-
-<p>The <tref>WebID Profile</tref> is a structured document that contains
-identification credentials for the <tref>Identification Agent</tref> expressed
-using the Resource Description Framework [[RDF-CONCEPTS]]. The following
-sections describe how to express certain common properties that could be used
-by <tref>Verification Agent</tref>s and other entities that consume a
-<tref>WebID Profile</tref>.</p>
-
-<p>The following vocabularies are used in their shortened form in the
-subsequent sections:</p>
-
-<dl>
- <dt>foaf</dt>
- <dd>http://xmlns.com/foaf/0.1/</dd>
- <dt>cert</dt>
- <dd>http://www.w3.org/ns/auth/cert#</dd>
- <dt>rsa</dt>
- <dd>http://www.w3.org/ns/auth/rsa#</dd>
-</dl>
-
-<section class='normative'>
-<h2>Personal Information</h2>
-
-<p>Personal details are the most common requirement when registering an
-account with a website. Some of these pieces of information include an e-mail
-address, a name and perhaps an avatar image. This section includes
-properties that SHOULD be used when conveying key pieces of personal
-information but are NOT REQUIRED to be present in a <tref>WebID Profile</tref>:</p>
-
-<dl>
- <dt>foaf:mbox</dt>
- <dd>The e-mail address that is associated with the WebID URI.</dd>
- <dt>foaf:name</dt>
- <dd>The name that is most commonly used to refer to the individual
- or agent.</dd>
- <dt>foaf:depiction</dt>
- <dd>An image representation of the individual or agent.</dd>
-</dl>
-</section>
-
-<section class='normative'>
-<h2>Cryptographic Details</h2>
-
-<p>Cryptographic details are important when <tref>Verification Agent</tref>s
-and <tref>Identification Agent</tref>s interact. The following properties
-SHOULD be used when conveying cryptographic information in <tref>WebID Profile</tref>
-documents:</p>
-
-<dl>
- <dt>rsa:RSAPublicKey</dt>
- <dd>Expresses an RSA public key. The RSAPublicKey MUST specify the
- rsa:modulus and rsa:public_exponent properties.</dd>
- <dt>cert:identity</dt>
- <dd>Used to associate an RSAPublicKey with a WebID URI. A WebID Profile
- MUST contain at least one RSAPublicKey that is associated with the
- corresponding WebID URI.</dd>
-</dl>
-</section>
-
-</section>
-
-</section>
-
-<section class='appendix informative' id="history">
-<h1>Change History</h1>
-<p><a href="https://github.com/webid-community/webid-spec/commit/21deeba1918df73047081d62204dd781f36f5fd7">2010-08-09</a> Updates from WebID community: moved OpenID/OAuth sections to separate document, switched to the URI terminology instead of URL, added "Creating the certificate" and "Publishing the WebID Profile document" sections with a WebID graph and serializations in Turtle and RDFa, improved SPARQL queries using literal notation with cert datatypes, updated list of contributors, and many other fixes.</p>
-<p><a href="http://github.com/webid-community/webid-spec/commit/b19d2812901b4511fdf9876c1be53bb36ee3201e">2010-07-25</a> Added WebID Profile section.</p>
-<p><a href="http://github.com/webid-community/webid-spec/commit/211d197510ca119c21ae48f3e5aa3f931ea88672">2010-07-18</a> Updates from WebID community related to RDF/XML support, authentication sequence corrections, abstract and introduction updates.</p>
-<p><a href="http://github.com/webid-community/webid-spec/commit/a54dee9c242b08edaac617d678215b389dd3556d">2010-07-11</a> Initial version.</p>
-</section>
-
-<section class='informative' id="acknowledgements">
-<h1>Acknowledgments</h1>
-
-<p>The following people have been instrumental in providing thoughts, feedback,
-reviews, criticism and input in the creation of this specification:</p>
-
-<ul>
-<li>Melvin Carvalho</li>
-<li>Bruno Harbulot</li>
-<li>Toby Inkster</li>
-<li>Ian Jacobi</li>
-<li>Jeff Sayre</li>
-<li>Henry Story</li>
-<li>Kingsley Idehen, OpenLink Software</li>
-<li>Seth Russell</li>
-<li>Sarven Capadisli</li>
-<li>Nathan Rixham</li>
-</ul>
-
-</section>
- </body>
-</html>
-
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/spec/README Wed Feb 02 17:27:40 2011 -0500
@@ -0,0 +1,59 @@
+Abstract
+--------
+WebID 1.0
+Web Identification and Discovery
+
+Identification and privacy have been at the center of how we interact
+with sites on the Web. The explosion of Websites over the last decade
+and a half has created a point of pain for anyone that uses the Web on a
+regular basis. Remembering login details, passwords, and sharing private
+information across the many websites that people use on a daily basis
+has become more difficult and complicated than necessary. This
+specification outlines a simple universal identification mechanism that
+is distributed, openly extensible, improves privacy, security and
+control over how one can identify themselves and control access to their
+information on the Web.
+
+Source
+------
+
+You can read, branch and modify the source code for this specification via
+github:
+
+https://github.com/webid-community/webid-spec
+
+Feedback
+--------
+
+Don't e-mail patches to the editors, don't send tweets, IMs, or e-mails.
+Log bugs if you want to request changes to the spec, it is the only way
+you can make sure that your input will be tracked and considered by
+the group:
+
+https://github.com/webid-community/webid-spec/issues
+
+When logging an issue, be very specific about the problem and the
+exact change and wording that you would like to suggest. The easier
+you make changing the spec, the more likely that your change will be
+placed into the specification.
+
+Contributing
+------------
+
+To directly contribute to the specification:
+
+1. You MUST modify the 'index-respec.html' file via github - it is the
+ primary source document.
+2. You MUST agree to transferring the specification text to a governing
+ specification body such as the IETF or W3C when the time comes to
+ transition the documents to an official specification.
+3. You MUST NOT add in any text that you know to be in violation of a trade
+ secret, patent or other form of intellectual property.
+4. Understand that this will be a patent and royalty-free specification and
+ no payment will be made to any of the editors, authors or contributors. That
+ said, millions of people will be thankful for your contribution in ensuring
+ that the web continutes to be accessible in a patent and royalty-free way.
+5. You will want to become familiar with ReSpec before you edit the
+ 'index-respec.html' file. Documentation for respec is available here:
+ http://dev.w3.org/2009/dap/ReSpec.js/documentation.html
+
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/spec/drafts/ED-webid-20100711/index.html Wed Feb 02 17:27:40 2011 -0500
@@ -0,0 +1,492 @@
+<?xml version='1.0' encoding='UTF-8'?>
+<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML+RDFa 1.0//EN' 'http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd'>
+<html dir="ltr" about="" property="dcterms:language" content="en" xmlns="http://www.w3.org/1999/xhtml" xmlns:dcterms='http://purl.org/dc/terms/' xmlns:bibo='http://purl.org/ontology/bibo/' xmlns:foaf='http://xmlns.com/foaf/0.1/' xmlns:xsd='http://www.w3.org/2001/XMLSchema#'>
+<head>
+ <title>WebID 1.0</title>
+ <meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
+
+<!--
+ === NOTA BENE ===
+ For the three scripts below, if your spec resides on dev.w3 you can check them
+ out in the same tree and use relative links so that they'll work offline,
+ -->
+
+<style type="text/css">
+code { font-family: monospace; }
+
+span.hilite { color: red; /* font-weight: bold */ }
+
+li p { margin-top: 0.3em;
+ margin-bottom: 0.3em; }
+
+div.explanation { background-color: #ADD8E6;
+ width: 80%;
+ margin: 12px; padding: 8px; }
+div.explanation li { margin-top: 8px; }
+div.explanation dd { margin: 4px; }
+
+.adef {
+ font-family: monospace;
+ font-weight: bold;
+ color: #ff4500 !important;
+}
+
+.aref {
+ font-family: monospace;
+ font-weight: bold;
+ color: #ff4500 !important;
+}
+
+span.entity { color: red; }
+
+span.element { color: green; }
+</style>
+
+
+
+<!-- <script src='/ReSpec.js/js/respec.js' class='remove'></script> -->
+
+
+ <link href="http://dev.w3.org/2009/dap/ReSpec.js/css/respec.css" rel="stylesheet" type="text/css" charset="utf-8" /><link href="http://www.w3.org/StyleSheets/TR/w3c-unofficial" rel="stylesheet" type="text/css" charset="utf-8" /></head><body style="display: inherit; "><div class="head"><p></p><h1 rel="dcterms:title" class="title" id="title">WebID 1.0</h1><h2 rel="bibo:subtitle" id="subtitle">Web Identification and Discovery</h2><h2 property="dcterms:issued" datatype="xsd:dateTime" content="2010-07-12T01:01:38+0000" id="unofficial-draft-11-july-2010">Unofficial Draft 11 July 2010</h2><dl><dt>Editor:</dt><dd rel="bibo:editor"><span typeof="foaf:Person"><span property="foaf:name">Manu Sporny</span>, <a rel="foaf:workplaceHomepage" href="http://blog.digitalbazaar.com/">Digital Bazaar, Inc.</a> <a rel="foaf:mbox" href="mailto:msporny@digitalbazaar.com">msporny@digitalbazaar.com</a> </span>
+</dd>
+<dt>Authors:</dt><dd><span><span>Toby Inkster</span></span>
+</dd>
+<dd><span><a content="Henry Story" href="http://bblfish.net/">Henry Story</a></span>
+</dd>
+</dl><p class="copyright">This document is licensed under a <a class="subfoot" href="http://creativecommons.org/licenses/by/3.0/" rel="license">Creative Commons Attribution 3.0 License</a>.</p><hr></hr></div>
+ <div id="abstract" class="introductory section" property="dcterms:abstract" datatype="" typeof="bibo:Chapter" about="#abstract"><h2>Abstract</h2>
+
+<p>Identification and privacy have been at the center of how we
+interact with sites on the Web. The explosion of Websites over the last decade
+and a half has created a point of pain for anyone that uses the Web on a
+regular basis. Remembering login details, passwords,
+and sharing private information across the many websites that people use on a
+daily basis has become more difficult and complicated than necessary. This
+specification outlines a simple universal identification mechanism that is
+distributed, openly extensible, improves privacy, security and control over how
+one can identify themselves and control access to their information on the Web.
+</p>
+
+<div typeof="bibo:Chapter" about="#how-to-read-this-document" class="section">
+<h3 id="how-to-read-this-document">How to Read this Document</h3>
+
+<p>There are a number of concepts that are covered in this document that the
+reader may want to be aware of before continuing. General knowledge of
+<a href="http://en.wikipedia.org/wiki/Public_key_cryptography">public key cryptography</a>
+is necessary to understand how to implement this specification.
+WebID also uses HTTP over TLS [<a class="bibref" rel="biblioentry" href="#bib-HTTP-TLS">HTTP-TLS</a>], X.509 certificates
+[<a class="bibref" rel="biblioentry" href="#bib-X509V3">X509V3</a>], and RDFa [<a class="bibref" rel="biblioentry" href="#bib-RDFA-CORE">RDFA-CORE</a>].</p>
+
+<p>A general <a href="#introduction">Introduction</a> is provided for all that
+would like to understand why this specification is necessary to simplify usage
+of the Web.</p>
+
+<p>The terms used throughout this specification are listed in the section
+titled <a href="#terminology">Terminology</a>.</p>
+
+<p>Developers that are interested in implementing this specification will be
+most interested in the sections titled
+<a href="#authentication-sequence">Authentication Sequence</a> and
+<a href="#authentication-sequence-details">Authentication Sequence Details</a>.
+
+</p></div>
+</div><div id="sotd" class="introductory section" typeof="bibo:Chapter" about="#sotd"><h2>Status of This Document</h2><p>This document is merely a public working draft of a potential specification. It has no official standing of any kind and does not represent the support or consensus of any standards organisation.</p>
+
+<!-- <p>This document has been reviewed by W3C Members, by software
+developers, and by other W3C groups and interested parties, and is
+endorsed by the Director as a W3C Recommendation. It is a stable
+document and may be used as reference material or cited from another
+document. W3C's role in making the Recommendation is to draw attention
+to the specification and to promote its widespread deployment. This
+enhances the functionality and interoperability of the Web.</p> -->
+
+
+The source code for this document is available via Github at the following
+URL: <a href="http://github.com/msporny/webid-spec">http://github.com/msporny/webid-spec</a>
+
+</div><div id="toc" typeof="bibo:Chapter" about="#toc" class="section"><h2 class="introductory">Table of Contents</h2><ul class="toc"><li class="tocline"><a href="#introduction" class="tocxref"><span class="secno">1. </span>Introduction</a><ul class="toc"><li class="tocline"><a href="#motivation" class="tocxref"><span class="secno">1.1 </span>Motivation</a></li><li class="tocline"><a href="#relation-to-openid" class="tocxref"><span class="secno">1.2 </span>Relation to OpenID</a></li><li class="tocline"><a href="#relation-to-oauth" class="tocxref"><span class="secno">1.3 </span>Relation to OAuth</a></li></ul></li><li class="tocline"><a href="#the-webid-protocol" class="tocxref"><span class="secno">2. </span>The WebID Protocol</a><ul class="toc"><li class="tocline"><a href="#terminology" class="tocxref"><span class="secno">2.1 </span>Terminology</a></li><li class="tocline"><a href="#authentication-sequence" class="tocxref"><span class="secno">2.2 </span>Authentication Sequence</a></li><li class="tocline"><a href="#authentication-sequence-details" class="tocxref"><span class="secno">2.3 </span>Authentication Sequence Details</a><ul class="toc"><li class="tocline"><a href="#initiating-a-tls-connection" class="tocxref"><span class="secno">2.3.1 </span>Initiating a TLS Connection</a></li><li class="tocline"><a href="#exchanging-the-identification-certificate" class="tocxref"><span class="secno">2.3.2 </span>Exchanging the Identification Certificate</a></li><li class="tocline"><a href="#processing-the-webid-profile" class="tocxref"><span class="secno">2.3.3 </span>Processing the WebID Profile</a></li><li class="tocline"><a href="#extracting-identification-url-details" class="tocxref"><span class="secno">2.3.4 </span>Extracting Identification URL Details</a></li><li class="tocline"><a href="#determining-access-privileges" class="tocxref"><span class="secno">2.3.5 </span>Determining Access Privileges</a></li></ul></li></ul></li><li class="tocline"><a href="#references" class="tocxref"><span class="secno">A. </span>References</a><ul class="toc"><li class="tocline"><a href="#normative-references" class="tocxref"><span class="secno">A.1 </span>Normative references</a></li><li class="tocline"><a href="#informative-references" class="tocxref"><span class="secno">A.2 </span>Informative references</a></li></ul></li></ul></div>
+
+
+
+<div class="informative section" id="introduction" typeof="bibo:Chapter" about="#introduction">
+
+<!-- OddPage -->
+<h2><span class="secno">1. </span>Introduction</h2><p><em>This section is non-normative.</em></p>
+
+<p>
+The WebID specification is designed to help alleviate the difficultly that
+remembering different logins, passwords and settings for websites has created.
+It is also designed to provide a universal and extensible mechanism to express
+public and private information about yourself. This section outlines the
+motivation behind the specification and the relationship to other similar
+specifications that are in active use today.
+</p>
+
+<div class="informative section" id="motivation" typeof="bibo:Chapter" about="#motivation">
+<h3><span class="secno">1.1 </span>Motivation</h3><p><em>This section is non-normative.</em></p>
+
+<p>
+It is a fundamental design criteria of the Web to enable individuals and
+organizations to control how they interact with the rest of society. This
+includes how one expresses their identity, public information and personal
+details to social networks, Web sites and services.
+</p>
+
+<p>
+Semantic Web vocabularies such as Friend-of-a-Friend (FOAF) permit distributed
+hyperlinked social networks to exist. This vocabulary, along with other
+vocabularies, allow one to add information and services protection to
+distributed social networks.
+</p>
+
+<p>
+One major criticism of open networks is that they seem to have no way of
+protecting the personal information distributed on the web or limiting
+access to resources. Few people are willing to make all their personal
+information public, many would like large pieces to be protected, making
+it available only to a select group of agents. Giving access to
+information is very similar to giving access to services. There are many
+occasions when people would like services to only be accessible to
+members of a group, such as allowing only friends, family members,
+colleagues to post an article, photo or comment on a blog. How does one do
+this in a flexible way, without requiring a central point of
+access control?
+</p>
+
+<p>
+Using an process made popular by OpenID, we show how one can tie a User
+Agent to a URL by proving that one has write access to the URL. WebID is
+a simpler alternative to OpenID (fewer connections), that uses X.509
+certificates to tie a User Agent (Browser) to a Person identified via a URL.
+WebID also provides a few additional features to OpenID. These
+features include trust management, via digital signatures, and free-form
+extensibility via RDFa. By using the existing SSL certificate exchange
+mechanism, WebID integrates more smoothly with existing Web browsers, including
+browsers on mobile devices. WebID also permits automated session login
+in addition to interactive session login. Additionally, all data is encrypted
+and guaranteed to only be received by the person or organization that was
+intended to receive it.
+</p>
+
+</div>
+
+<div class="informative section" id="relation-to-openid" typeof="bibo:Chapter" about="#relation-to-openid">
+<h3><span class="secno">1.2 </span>Relation to OpenID</h3><p><em>This section is non-normative.</em></p>
+
+<p>While some may say that OpenID and WebID conflict, WebID is 100% compatible
+with OpenID since both use a URL for identification. Therefore, WebID does not
+intend to replace OpenID, but can work beside OpenID just as easily as providing
+a complete solution. That said, there are a number of benefits that WebID
+achieves over OpenID:
+</p>
+
+<p>WebID gives people and other agents a Web ID URL for identification, just
+like OpenId does. However, in the case of WebID, the user does not need to
+remember the URL, the browser or User Agent does. A login button on a
+WebID web site is just a button. No need to enter any identifier like one
+has to for OpenID. Just click the button. Your browser will then ask you what
+identity you wish to use. The person that is browsing does not need to
+remember either the WebID URL or the website password. The only password one
+needs to remember is the one that is used to access their collection of
+WebIDs in their browser.</p>
+
+<p>The WebID protocol requires just one direct network connection to establish
+identity via the client. The server requires one connection to the client and
+one connection to retrieve the WebID Profile if it does not have the credential
+information cached. Compare this to the much more complex OpenID sequence, which
+requires six connections by the client to establish a login. In a world of
+distributed data where each site can point to data on any other site, multiple
+connections become costly to manage.</p>
+
+<p>WebID builds on well established Internet and Web standards;
+<a href="http://en.wikipedia.org/wiki/REST">REST</a>,
+RDF [<a class="bibref" rel="biblioentry" href="#bib-RDF-PRIMER">RDF-PRIMER</a>], RDFa [<a class="bibref" rel="biblioentry" href="#bib-RDFA-CORE">RDFA-CORE</a>], TLS [<a class="bibref" rel="biblioentry" href="#bib-HTTP-TLS">HTTP-TLS</a>], and X.509
+[<a class="bibref" rel="biblioentry" href="#bib-X509V3">X509V3</a>]. By building on previous standards, it makes both explaining and
+implementing WebID easier on developers.</p>
+
+<p>Since WebID is RESTful, you can perform basic HTTP operations to
+<code>GET</code> your WebID, and if you needed update it, you can use
+HTTP <code>PUT</code> semantics. You can also create a WebID via
+<code>POST</code>. This is improved from the OpenID specification, which
+requires a new set of operations described in the OpenID Attribute Exchange
+specification.</p>
+
+<p>It is easy to extend a WebID with new attributes via RDF. The power of
+RDF and RDFa allows developers to add extensions to WebID by defining new
+vocabularies that they publish. There is no authorization process necessary
+and thus WebID allows for distributed innovation. Every WebID property is
+a URI, which when clicked, can give you yet more information about what the
+property means. A developer can create new usage classes by extending their
+vocabulary at will. A developer can add relationships to a WebID by simply
+adding more HTML to the developer's page. OpenID does not provide any type of
+distributed innovation akin to RDF or RDFa.</p>
+
+<p>WebID is built on RDF and thus enables all of the advanced semantic web
+concepts that RDF enables. For example, a developer may perform machine
+reasoning with a WebID. One can construct machine-executable statements like
+"If this WebID claims to be a friend of one of our partner WebIDs that is
+trusted and the relationship is bi-directional, trust the WebID."
+While OpenID attempts to support this use case by mapping OpenID to RDF, it's
+far easier to do with WebID because WebID is natively RDF-aware.</p>
+
+<p>Implementing WebID is easier than OpenID because all of the basic
+technologies have been working and integrated into Web browsers for many years.
+There were already three interoperable implementations of WebID before this
+specification was written.</p>
+
+<p>WebID is truly decentralized - with WebID you get a web of trust.
+OpenID only supports the Web of Trust model if you indirectly trust the
+OpenID provider. In other words - OpenID is not truly decentralized. In OpenID
+you must trust OpenID providers. With WebID you only have to trust the people
+and the organizations with which you are communicating. In other words, you
+don't have to ask anyone whether or not you can trust your friends. You can
+query people that you trust directly to see if someone is trustworthy or not.
+There is no need for a central WebID authority.
+</p>
+
+<p>WebID is fully distributed, anyone can setup a WebID by placing a single
+file on a web server of their choosing. There is no need for a special
+OpenID-like provider service. The only thing anyone that wants a WebID needs
+is a web account where you can post your WebID file, ideally on your own domain
+name. You can also use a WebID hosting provider, but it's not necessary for
+WebID to work. While it is possible to run an OpenID server, other
+OpenID applications may not trust you and thus you won't be able to fully
+utilize your private OpenID credentials. The reason that there are a few
+large OpenID providers and very few small OpenID providers is because of this
+trust design issue related to OpenID.</p>
+
+<p>WebID does not require HTTP redirects. Redirects are are problematic on many
+cell phones, because telecoms heavily rely on proxys, which selectively block
+redirects.</p>
+
+<p>A WebID provider is 100% compatible with an OpenID provider and thus can
+inter-operate with OpenID-powered networks.</p>
+
+</div>
+
+<div class="informative section" id="relation-to-oauth" typeof="bibo:Chapter" about="#relation-to-oauth">
+<h3><span class="secno">1.3 </span>Relation to OAuth</h3><p><em>This section is non-normative.</em></p>
+
+<p>
+OAuth and WebID are mutually beneficial when used together. WebID can be
+used to provide RSA parameters to the RSA-SHA1 signature method required by
+OAuth 1.0. WebID can also be used to establish the consumer_key and HTTPS
+connection that will be used to transmit OAuth Tokens in OAuth 2.0.
+</p>
+
+</div>
+</div>
+
+<div class="normative section" id="the-webid-protocol" typeof="bibo:Chapter" about="#the-webid-protocol">
+
+<!-- OddPage -->
+<h2><span class="secno">2. </span>The WebID Protocol</h2>
+
+<div class="normative section" id="terminology" typeof="bibo:Chapter" about="#terminology">
+<h3><span class="secno">2.1 </span>Terminology</h3>
+
+<dl>
+
+<dt><dfn title="Verification_Agent" id="dfn-verification_agent">Verification Agent</dfn></dt>
+<dd>Performs authentication on provided WebID credentials and determines if
+an <a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent">Identification Agent</a> can have access to a particular
+resource. A <a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">Verification Agent</a> is typically a Web server, but
+may also be a peer on a peer-to-peer network.</dd>
+
+<dt><dfn title="Identification_Agent" id="dfn-identification_agent">Identification Agent</dfn></dt>
+<dd>Provides identification credentials to a Verification Agent. The
+<a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent">Identification Agent</a> is typically also a User Agent.</dd>
+
+<dt><dfn title="Identification_Certificate" id="dfn-identification_certificate">Identification Certificate</dfn></dt>
+<dd>An X.509 [<a class="bibref" rel="biblioentry" href="#bib-X509V3">X509V3</a>] Certificate that <em class="rfc2119" title="must">must</em> contain the
+<code>Subject Alternative Name</code> field pointing to a URL that is
+dereference-able and results in a document containing RDF data. For example
+the certificate would contain <code>http://example.org/webid#public</code>,
+known as a <a class="tref internalDFN" title="WebID_URL" href="#dfn-webid_url">WebID URL</a>, as
+the <code>Subject Alternative Name</code>:
+<code><pre>
+X509v3 extensions:
+ ...
+ X509v3 Subject Alternative Name:
+ URI:http://example.org/webid#public
+</pre></code>
+
+</dd><dt><dfn title="WebID_URL" id="dfn-webid_url">WebID URL</dfn></dt>
+<dd>A URL specified in the <code>Subject Alternative Name</code> field of the
+<a class="tref internalDFN" title="Identification_Certificate" href="#dfn-identification_certificate">Identification Certificate</a> that identifies a
+<a class="tref internalDFN" title="WebID_Profile" href="#dfn-webid_profile">WebID Profile</a> document.</dd>
+
+<dt><dfn title="WebID_Profile" id="dfn-webid_profile">WebID Profile</dfn></dt>
+<dd>
+A structured document that contains identification credentials for the
+<a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent">Identification Agent</a> expressed using the Resource Description
+Framework [<a class="bibref" rel="biblioentry" href="#bib-RDF-CONCEPTS">RDF-CONCEPTS</a>]. The XHTML+RDFa 1.1 [<a class="bibref" rel="biblioentry" href="#bib-XHTML-RDFA">XHTML-RDFA</a>] serialization
+format <em class="rfc2119" title="must">must</em> be supported by the mechanism, e.g. a Web Service, providing the
+WebID Profile document. Alternate RDF serialization
+formats, such as N3 [<a class="bibref" rel="biblioentry" href="#bib-N3">N3</a>], Turtle [<a class="bibref" rel="biblioentry" href="#bib-TURTLE">TURTLE</a>], or RDF/XML
+[<a class="bibref" rel="biblioentry" href="#bib-RDF-SYNTAX-GRAMMAR">RDF-SYNTAX-GRAMMAR</a>] <em class="rfc2119" title="may">may</em> be supported by the mechanism providing the
+WebID Profile document.
+</dd>
+
+</dl>
+
+</div>
+
+<div class="normative section" id="authentication-sequence" typeof="bibo:Chapter" about="#authentication-sequence">
+<h3><span class="secno">2.2 </span>Authentication Sequence</h3>
+
+<p>The following steps are executed by Verification Agents and Identification
+Agents to determine if access should be granted to a particular resource.
+</p>
+
+<ol>
+<li>The <a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent">Identification Agent</a> attempts to access a resource
+using HTTP over TLS [<a class="bibref" rel="biblioentry" href="#bib-HTTP-TLS">HTTP-TLS</a>] via the <a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">Verification Agent</a>.</li>
+
+<li>The <a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">Verification Agent</a> <em class="rfc2119" title="must">must</em> request the
+<a class="tref internalDFN" title="Identification_Certificate" href="#dfn-identification_certificate">Identification Certificate</a> of the <a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent">Identification Agent</a>
+as a part of the TLS client-cerificate retrieval protocol.</li>
+
+<li>The <a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">Verification Agent</a> <em class="rfc2119" title="must">must</em> extract the <a class="tref internalDFN" title="WebID_URL" href="#dfn-webid_url">WebID URL</a>
+contained in the <code>Subject Alternative Name</code> field of the
+<a class="tref internalDFN" title="Identification_Certificate" href="#dfn-identification_certificate">Identification Certificate</a>. The <a class="tref internalDFN" title="WebID_Profile" href="#dfn-webid_profile">WebID Profile</a> document
+<em class="rfc2119" title="must">must</em> be dereferenced and all triples pertaining to the public key associated
+with the <a class="tref internalDFN" title="WebID_URL" href="#dfn-webid_url">WebID URL</a> <em class="rfc2119" title="must">must</em> be extracted.
+</li>
+
+<li>The remote document triples <em class="rfc2119" title="must">must</em> be queried for information about the
+public key contained in the <a class="tref internalDFN" title="Identification_Certificate" href="#dfn-identification_certificate">Identification Certificate</a>.
+If the public key in the certificate is found in the list of public keys
+associated with the <a class="tref internalDFN" title="WebID_URL" href="#dfn-webid_url">WebID URL</a>, the <a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">Verification Agent</a>
+<em class="rfc2119" title="must">must</em> assume that the client has write access to the <a class="tref internalDFN" title="WebID_Profile" href="#dfn-webid_profile">WebID Profile</a> and
+therefore owns the document.</li>
+
+<li>At this point, the <a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">Verification Agent</a> has verified that the
+<a class="tref internalDFN" title="WebID_Profile" href="#dfn-webid_profile">WebID Profile</a> is owned by the <a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent">Identification Agent</a>. The
+<a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">Verification Agent</a> <em class="rfc2119" title="must">must</em> use the now verified public key contained
+in the <a class="tref internalDFN" title="Identification_Certificate" href="#dfn-identification_certificate">Identification Certificate</a> for all TLS-based communication
+with the <a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent">Identification Agent</a>.
+</li></ol>
+
+<p>
+The <a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent">Identification Agent</a> <em class="rfc2119" title="may">may</em> re-establish a different identity at
+any time by executing all of the steps in the Authentication Sequence again.
+Additional algorithms, detailed in the next section, <em class="rfc2119" title="may">may</em> be performed to
+determine if the <a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">Verification Agent</a> can access a particular
+resource after the last step of the Authentication Sequence has been
+completed.
+</p>
+
+</div>
+
+<div class="normative section" id="authentication-sequence-details" typeof="bibo:Chapter" about="#authentication-sequence-details">
+<h3><span class="secno">2.3 </span>Authentication Sequence Details</h3>
+
+<p>This section covers details about each step in the authentication process.
+</p>
+
+<div class="normative section" id="initiating-a-tls-connection" typeof="bibo:Chapter" about="#initiating-a-tls-connection">
+<h4><span class="secno">2.3.1 </span>Initiating a TLS Connection</h4>
+
+<p class="issue">This section will detail how the TLS connection process is
+started and used by WebID to create a secure channel between the
+Identification Agent and the Verification Agent.</p>
+</div>
+
+<div class="normative section" id="exchanging-the-identification-certificate" typeof="bibo:Chapter" about="#exchanging-the-identification-certificate">
+<h4><span class="secno">2.3.2 </span>Exchanging the Identification Certificate</h4>
+
+<p class="issue">This section will detail how the certificate is selected and
+sent to the Verification Agent.</p>
+</div>
+
+<div class="normative section" id="processing-the-webid-profile" typeof="bibo:Chapter" about="#processing-the-webid-profile">
+<h4><span class="secno">2.3.3 </span>Processing the WebID Profile</h4>
+
+<p>A server responding to a WebID Profile request <em class="rfc2119" title="must">must</em> support returning an
+XHTML+RDFa [<a class="bibref" rel="biblioentry" href="#bib-XHTML-RDFA">XHTML-RDFA</a>] document with either a <code>text/html</code> or
+<code>application/xhtml+xml</code> MIMEtype. A server <em class="rfc2119" title="may">may</em> support HTTP content
+negotiation and return a document that conforms to N3 [<a class="bibref" rel="biblioentry" href="#bib-N3">N3</a>], Turtle
+[<a class="bibref" rel="biblioentry" href="#bib-TURTLE">TURTLE</a>], or RDF/XML [<a class="bibref" rel="biblioentry" href="#bib-RDF-SYNTAX-GRAMMAR">RDF-SYNTAX-GRAMMAR</a>].
+
+</p><p class="issue">This section will explain how a Verification Agent extracts
+semantic data describing the identification credentials from a WebID Profile.</p>
+</div>
+
+<div class="normative section" id="extracting-identification-url-details" typeof="bibo:Chapter" about="#extracting-identification-url-details">
+<h4><span class="secno">2.3.4 </span>Extracting Identification URL Details</h4>
+
+<p>
+The <a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">Verification Agent</a> may use a number of different methods to
+extract the public key information from the <a class="tref internalDFN" title="WebID_Profile" href="#dfn-webid_profile">WebID Profile</a>.
+</p>
+The following SPARQL query outlines one way in which the public key
+could be extracted from the <a class="tref internalDFN" title="WebID_Profile" href="#dfn-webid_profile">WebID Profile</a>:
+<code><pre>
+PREFIX cert: <http://www.w3.org/ns/auth/cert#>
+PREFIX rsa: <http://www.w3.org/ns/auth/rsa#>
+SELECT ?modulus ?exp
+WHERE {
+ ?key cert:identity <http://example.org/webid#public>;
+ a rsa:RSAPublicKey;
+ rsa:modulus [ cert:hex ?modulus; ];
+ rsa:public_exponent [ cert:decimal ?exp ] .
+}
+</pre></code>
+
+<p class="issue">This section still needs more information.</p>
+
+</div>
+
+<div class="normative section" id="determining-access-privileges" typeof="bibo:Chapter" about="#determining-access-privileges">
+<h4><span class="secno">2.3.5 </span>Determining Access Privileges</h4>
+
+<p class="issue">This section will explain how a Verification Agent may
+use the information discovered via a WebID URL to determine if one should
+be able to access a particular resource. It will explain how a Verification
+Agent can use links to other RDFa documents to build knowledge about the
+given WebID.</p>
+
+</div>
+
+</div>
+
+<div id="appendix" typeof="bibo:Chapter" about="#appendix" class="section">
+
+<div class="informative section" id="history" typeof="bibo:Chapter" about="#history">
+<h4>Change History</h4><p><em>This section is non-normative.</em></p>
+<p>2010-07-11 Initial version.</p>
+</div>
+
+<div class="informative section" id="acknowledgements" typeof="bibo:Chapter" about="#acknowledgements">
+<h4>Acknowledgments</h4><p><em>This section is non-normative.</em></p>
+
+<p>The following people have been instrumental in providing thoughts, feedback,
+reviews, criticism and input in the creation of this specification:</p>
+
+<ul>
+<li>Melvin Carvalho</li>
+<li>Bruno Harbulot</li>
+<li>Toby Inkster</li>
+<li>Ian Jacobi</li>
+<li>Jeff Sayre</li>
+<li>Henry Story</li>
+</ul>
+
+</div>
+</div>
+
+
+
+</div><div id="references" class="appendix section" typeof="bibo:Chapter" about="#references">
+<!-- OddPage -->
+<h2><span class="secno">A. </span>References</h2><div id="normative-references" typeof="bibo:Chapter" about="#normative-references" class="section"><h3><span class="secno">A.1 </span>Normative references</h3><dl class="bibliography" about=""><dt id="bib-HTTP-TLS">[HTTP-TLS]</dt><dd rel="dcterms:requires">E. Rescorla. <a href="http://www.ietf.org/rfc/rfc2818.txt"><cite>HTTP Over TLS.</cite></a> May 2000. Internet RFC 2818. URL: <a href="http://www.ietf.org/rfc/rfc2818.txt">http://www.ietf.org/rfc/rfc2818.txt</a>
+</dd><dt id="bib-N3">[N3]</dt><dd rel="dcterms:requires">Tim Berners-Lee; Dan Connolly. <a href="http://www.w3.org/TeamSubmission/2008/SUBM-n3-20080114/"><cite>Notation3 (N3): A readable RDF syntax.</cite></a> 14 January 2008. W3C Team Submission. URL: <a href="http://www.w3.org/TeamSubmission/2008/SUBM-n3-20080114/">http://www.w3.org/TeamSubmission/2008/SUBM-n3-20080114/</a>
+</dd><dt id="bib-RDF-SYNTAX-GRAMMAR">[RDF-SYNTAX-GRAMMAR]</dt><dd rel="dcterms:requires">Dave Beckett. <a href="http://www.w3.org/TR/2004/REC-rdf-syntax-grammar-20040210"><cite>RDF/XML Syntax Specification (Revised).</cite></a> 10 February 2004. W3C Recommendation. URL: <a href="http://www.w3.org/TR/2004/REC-rdf-syntax-grammar-20040210">http://www.w3.org/TR/2004/REC-rdf-syntax-grammar-20040210</a>
+</dd><dt id="bib-RDFA-CORE">[RDFA-CORE]</dt><dd rel="dcterms:requires">Shane McCarron; et al. <a href="http://www.w3.org/TR/2010/WD-rdfa-core-20100422"><cite>RDFa Core 1.1: Syntax and processing rules for embedding RDF through attributes.</cite></a>22 April 2010. W3C Working Draft. URL: <a href="http://www.w3.org/TR/2010/WD-rdfa-core-20100422">http://www.w3.org/TR/2010/WD-rdfa-core-20100422</a>
+</dd><dt id="bib-TURTLE">[TURTLE]</dt><dd rel="dcterms:requires">David Beckett, Tim Berners-Lee. <a href="http://www.w3.org/TeamSubmission/turtle/">Turtle: Terse RDF Triple Language</a> January 2008. W3C Team Submission. URL: <a href="http://www.w3.org/TeamSubmission/turtle/">http://www.w3.org/TeamSubmission/turtle/</a>
+</dd><dt id="bib-X509V3">[X509V3]</dt><dd rel="dcterms:requires"><cite>ITU-T Recommendation X.509 version 3 (1997). "Information Technology - Open Systems Interconnection - The Directory Authentication Framework" ISO/IEC 9594-8:1997</cite>.
+</dd><dt id="bib-XHTML-RDFA">[XHTML-RDFA]</dt><dd rel="dcterms:requires">Shane McCarron; et. al. <a href="http://www.w3.org/TR/2010/WD-xhtml-rdfa-20100422"><cite>XHTML+RDFa 1.1.</cite></a> 22 April 2010. W3C Working Draft. URL: <a href="http://www.w3.org/TR/2010/WD-xhtml-rdfa-20100422">http://www.w3.org/TR/WD-xhtml-rdfa-20100422</a>
+</dd></dl></div><div id="informative-references" typeof="bibo:Chapter" about="#informative-references" class="section"><h3><span class="secno">A.2 </span>Informative references</h3><dl class="bibliography" about=""><dt id="bib-RDF-CONCEPTS">[RDF-CONCEPTS]</dt><dd rel="dcterms:references">Graham Klyne; Jeremy J. Carroll. <a href="http://www.w3.org/TR/2004/REC-rdf-concepts-20040210"><cite>Resource Description Framework (RDF): Concepts and Abstract Syntax.</cite></a> 10 February 2004. W3C Recommendation. URL: <a href="http://www.w3.org/TR/2004/REC-rdf-concepts-20040210">http://www.w3.org/TR/2004/REC-rdf-concepts-20040210</a>
+</dd><dt id="bib-RDF-PRIMER">[RDF-PRIMER]</dt><dd rel="dcterms:references">Frank Manola; Eric Miller. <a href="http://www.w3.org/TR/2004/REC-rdf-primer-20040210/"><cite>RDF Primer.</cite></a> 10 February 2004. W3C Recommendation. URL: <a href="http://www.w3.org/TR/2004/REC-rdf-primer-20040210/">http://www.w3.org/TR/2004/REC-rdf-primer-20040210/</a>
+</dd></dl></div></div></body></html>
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/spec/drafts/ED-webid-20100718/diff-20100711.html Wed Feb 02 17:27:40 2011 -0500
@@ -0,0 +1,4224 @@
+<?xml version='1.0' encoding='UTF-8'?>
+<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML+RDFa 1.0//EN' 'http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd'>
+<html dir="ltr" about="" property="dcterms:language" content="en" xmlns="http://www.w3.org/1999/xhtml" xmlns:dcterms='http://purl.org/dc/terms/' xmlns:bibo='http://purl.org/ontology/bibo/' xmlns:foaf='http://xmlns.com/foaf/0.1/' xmlns:xsd='http://www.w3.org/2001/XMLSchema#'>
+<head>
+ <title>WebID 1.0</title>
+ <meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
+
+<!--
+ === NOTA BENE ===
+ For the three scripts below, if your spec resides on dev.w3 you can check them
+ out in the same tree and use relative links so that they'll work offline,
+ -->
+
+<style type="text/css">
+code { font-family: monospace; }
+
+span.hilite { color: red; /* font-weight: bold */ }
+
+li p { margin-top: 0.3em;
+ margin-bottom: 0.3em; }
+
+div.explanation { background-color: #ADD8E6;
+ width: 80%;
+ margin: 12px; padding: 8px; }
+div.explanation li { margin-top: 8px; }
+div.explanation dd { margin: 4px; }
+
+.adef {
+ font-family: monospace;
+ font-weight: bold;
+ color: #ff4500 !important;
+}
+
+.aref {
+ font-family: monospace;
+ font-weight: bold;
+ color: #ff4500 !important;
+}
+
+span.entity { color: red; }
+
+span.element { color: green; }
+</style>
+
+
+
+<!-- <script src='/ReSpec.js/js/respec.js' class='remove'></script> -->
+
+
+ <link href="http://dev.w3.org/2009/dap/ReSpec.js/css/respec.css" rel="stylesheet" type="text/css" charset="utf-8" /><link href="http://www.w3.org/StyleSheets/TR/w3c-unofficial" rel="stylesheet" type="text/css" charset="utf-8" /><style type='text/css'>
+.diff-old-a {
+ font-size: smaller;
+ color: red;
+}
+
+.diff-new { background-color: yellow; }
+.diff-chg { background-color: lime; }
+.diff-new:before,
+.diff-new:after
+ { content: "\2191" }
+.diff-chg:before, .diff-chg:after
+ { content: "\2195" }
+.diff-old { text-decoration: line-through; background-color: #FBB; }
+.diff-old:before,
+.diff-old:after
+ { content: "\2193" }
+:focus { border: thin red solid}
+</style>
+</head>
+<body style="display: inherit; ">
+<div class="head">
+<p>
+</p>
+<h1 rel="dcterms:title" class="title" id="title">
+WebID
+1.0
+</h1>
+<h2 rel="bibo:subtitle" id="subtitle">
+Web
+Identification
+and
+Discovery
+</h2>
+<h2 property="dcterms:issued" datatype="xsd:dateTime" content="2010-07-18T14:10:06+0000" id="unofficial-draft-18-july-2010">
+Unofficial
+Draft
+<del class="diff-old">11
+</del>
+<ins class="diff-chg">18
+</ins>
+July
+2010
+</h2>
+<dl>
+<dt>
+Editor:
+</dt>
+<dd rel="bibo:editor">
+<span typeof="foaf:Person">
+<span property="foaf:name">
+Manu
+Sporny
+</span>,
+<a rel="foaf:workplaceHomepage" href="http://blog.digitalbazaar.com/">
+Digital
+Bazaar,
+Inc.
+</a>
+<a rel="foaf:mbox" href="mailto:msporny@digitalbazaar.com">
+msporny@digitalbazaar.com
+</a>
+</span>
+</dd>
+<dt>
+Authors:
+</dt>
+<dd>
+<span>
+<a content="Toby Inkster" href="http://tobyinkster.co.uk/">
+Toby
+Inkster
+</a>
+</span>
+</dd>
+<dd>
+<span>
+<a content="Henry Story" href="http://bblfish.net/">
+Henry
+Story
+</a>
+</span>
+</dd>
+<dd>
+<span>
+<a content="Bruno Harbulot" href="http://blog.distributedmatter.net/">
+<ins class="diff-new">Bruno
+Harbulot
+</ins></a></span></dd><dd><span><a content="Reto Bachmann-Gmür" href="http://www.facebook.com/farewellutopia"><ins class="diff-new">
+Reto
+Bachmann-Gmür
+</ins></a></span></dd>
+</dl>
+<p>
+<ins class="diff-new">This
+document
+is
+also
+available
+in
+this
+non-normative
+format:
+</ins><a href="diff-20100711.html"><ins class="diff-new">
+Diff
+from
+previous
+Editors
+Draft
+</ins></a>.</p>
+<p class="copyright">
+This
+document
+is
+licensed
+under
+a
+<a class="subfoot" href="http://creativecommons.org/licenses/by/3.0/" rel="license">
+Creative
+Commons
+Attribution
+3.0
+License
+</a>.
+</p>
+<hr>
+</hr>
+</div>
+<div id="abstract" class="introductory section" property="dcterms:abstract" datatype="" typeof="bibo:Chapter" about="#abstract">
+<h2>
+Abstract
+</h2>
+<p>
+<del class="diff-old">Identification
+</del>
+<ins class="diff-chg">Social
+networking,
+identity
+</ins>
+and
+privacy
+have
+been
+at
+the
+center
+of
+how
+we
+interact
+with
+<del class="diff-old">sites
+on
+</del>
+the
+<del class="diff-old">Web.
+</del>
+<ins class="diff-chg">Web
+in
+the
+last
+decade.
+</ins>
+The
+explosion
+of
+<del class="diff-old">Websites
+over
+the
+last
+decade
+and
+a
+half
+</del>
+<ins class="diff-chg">social
+networking
+sites
+</ins>
+has
+<ins class="diff-new">brought
+the
+world
+closer
+together
+as
+well
+as
+</ins>
+created
+<del class="diff-old">a
+point
+</del>
+<ins class="diff-chg">new
+points
+</ins>
+of
+pain
+<del class="diff-old">for
+anyone
+that
+uses
+</del>
+<ins class="diff-chg">regarding
+ease
+of
+use
+and
+</ins>
+the
+<del class="diff-old">Web
+on
+a
+regular
+basis.
+</del>
+<ins class="diff-chg">Web.
+</ins>
+Remembering
+login
+details,
+passwords,
+and
+sharing
+private
+information
+across
+the
+many
+websites
+<ins class="diff-new">and
+social
+groups
+</ins>
+that
+<del class="diff-old">people
+use
+on
+</del>
+<ins class="diff-chg">we
+are
+</ins>
+a
+<del class="diff-old">daily
+basis
+</del>
+<ins class="diff-chg">part
+of
+</ins>
+has
+become
+more
+difficult
+and
+complicated
+than
+necessary.
+<ins class="diff-new">The
+Social
+Web
+is
+designed
+to
+ensure
+that
+control
+of
+identity
+and
+privacy
+settings
+is
+always
+simple
+and
+under
+one's
+control.
+WebID
+is
+a
+key
+enabler
+of
+the
+Social
+Web.
+</ins>
+This
+specification
+outlines
+a
+simple
+universal
+identification
+mechanism
+that
+is
+distributed,
+openly
+extensible,
+improves
+privacy,
+security
+and
+control
+over
+how
+one
+can
+identify
+themselves
+and
+control
+access
+to
+their
+information
+on
+the
+Web.
+</p>
+<div typeof="bibo:Chapter" about="#how-to-read-this-document" class="section">
+<h3 id="how-to-read-this-document">
+How
+to
+Read
+this
+Document
+</h3>
+<p>
+There
+are
+a
+number
+of
+concepts
+that
+are
+covered
+in
+this
+document
+that
+the
+reader
+may
+want
+to
+be
+aware
+of
+before
+continuing.
+General
+knowledge
+of
+<a href="http://en.wikipedia.org/wiki/Public_key_cryptography">
+public
+key
+cryptography
+</a>
+<ins class="diff-new">and
+RDF
+[
+</ins><a class="bibref" rel="biblioentry" href="#bib-RDF-PRIMER"><ins class="diff-new">
+RDF-PRIMER
+</ins></a><ins class="diff-new">
+]
+and
+RDFa
+[
+</ins><a class="bibref" rel="biblioentry" href="#bib-RDFA-CORE"><ins class="diff-new">
+RDFA-CORE
+</ins></a><ins class="diff-new">
+]
+</ins>
+is
+necessary
+to
+understand
+how
+to
+implement
+this
+specification.
+WebID
+<del class="diff-old">also
+</del>
+uses
+<ins class="diff-new">a
+number
+of
+specific
+technologies
+like
+</ins>
+HTTP
+over
+TLS
+[
+<a class="bibref" rel="biblioentry" href="#bib-HTTP-TLS">
+HTTP-TLS
+</a>
+],
+X.509
+certificates
+[
+<a class="bibref" rel="biblioentry" href="#bib-X509V3">
+X509V3
+</a>
+],
+<ins class="diff-new">RDF/XML
+[
+</ins><a class="bibref" rel="biblioentry" href="#bib-RDF-SYNTAX-GRAMMAR"><ins class="diff-new">
+RDF-SYNTAX-GRAMMAR
+</ins></a><ins class="diff-new">
+]
+</ins>
+and
+<del class="diff-old">RDFa
+</del>
+<ins class="diff-chg">XHTML+RDFa
+</ins>
+[
+<del class="diff-old">RDFA-CORE
+</del>
+<a class="bibref" rel="biblioentry" href="#bib-XHTML-RDFA">
+<ins class="diff-chg">XHTML-RDFA
+</ins>
+</a>
+].
+</p>
+<p>
+A
+general
+<a href="#introduction">
+Introduction
+</a>
+is
+provided
+for
+all
+that
+would
+like
+to
+understand
+why
+this
+specification
+is
+necessary
+to
+simplify
+usage
+of
+the
+Web.
+</p>
+<p>
+The
+terms
+used
+throughout
+this
+specification
+are
+listed
+in
+the
+section
+titled
+<a href="#terminology">
+Terminology
+</a>.
+</p>
+<p>
+Developers
+that
+are
+interested
+in
+implementing
+this
+specification
+will
+be
+most
+interested
+in
+the
+sections
+titled
+<a href="#authentication-sequence">
+Authentication
+Sequence
+</a>
+and
+<a href="#authentication-sequence-details">
+Authentication
+Sequence
+Details
+</a>.
+</p>
+</div>
+</div>
+<div id="sotd" class="introductory section" typeof="bibo:Chapter" about="#sotd">
+<h2>
+Status
+of
+This
+Document
+</h2>
+<p>
+This
+document
+is
+merely
+a
+public
+working
+draft
+of
+a
+potential
+specification.
+It
+has
+no
+official
+standing
+of
+any
+kind
+and
+does
+not
+represent
+the
+support
+or
+consensus
+of
+any
+standards
+organisation.
+</p>
+The
+source
+code
+for
+this
+document
+is
+available
+via
+Github
+at
+the
+following
+URL:
+<a href="http://github.com/msporny/webid-spec">
+http://github.com/msporny/webid-spec
+</a>
+</div>
+<div id="toc" typeof="bibo:Chapter" about="#toc" class="section">
+<h2 class="introductory">
+Table
+of
+Contents
+</h2>
+<ul class="toc">
+<li class="tocline">
+<a href="#introduction" class="tocxref">
+<span class="secno">
+1.
+</span>
+Introduction
+</a>
+<ul class="toc">
+<li class="tocline">
+<a href="#motivation" class="tocxref">
+<span class="secno">
+1.1
+</span>
+Motivation
+</a>
+</li>
+<li class="tocline">
+<a href="#relation-to-openid" class="tocxref">
+<span class="secno">
+1.2
+</span>
+Relation
+to
+OpenID
+</a>
+</li>
+<li class="tocline">
+<a href="#relation-to-oauth" class="tocxref">
+<span class="secno">
+1.3
+</span>
+Relation
+to
+OAuth
+</a>
+</li>
+</ul>
+</li>
+<li class="tocline">
+<a href="#the-webid-protocol" class="tocxref">
+<span class="secno">
+2.
+</span>
+The
+WebID
+Protocol
+</a>
+<ul class="toc">
+<li class="tocline">
+<a href="#terminology" class="tocxref">
+<span class="secno">
+2.1
+</span>
+Terminology
+</a>
+</li>
+<li class="tocline">
+<a href="#authentication-sequence" class="tocxref">
+<span class="secno">
+2.2
+</span>
+Authentication
+Sequence
+</a>
+</li>
+<li class="tocline">
+<a href="#authentication-sequence-details" class="tocxref">
+<span class="secno">
+2.3
+</span>
+Authentication
+Sequence
+Details
+</a>
+<ul class="toc">
+<li class="tocline">
+<a href="#initiating-a-tls-connection" class="tocxref">
+<span class="secno">
+2.3.1
+</span>
+Initiating
+a
+TLS
+Connection
+</a>
+</li>
+<li class="tocline">
+<a href="#exchanging-the-identification-certificate" class="tocxref">
+<span class="secno">
+2.3.2
+</span>
+Exchanging
+the
+Identification
+Certificate
+</a>
+</li>
+<li class="tocline">
+<a href="#processing-the-webid-profile" class="tocxref">
+<span class="secno">
+2.3.3
+</span>
+Processing
+the
+WebID
+Profile
+</a>
+</li>
+<li class="tocline">
+<a href="#extracting-webid-url-details" class="tocxref">
+<span class="secno">
+2.3.4
+</span>
+Extracting
+<del class="diff-old">Identification
+</del>
+<ins class="diff-chg">WebID
+</ins>
+URL
+Details
+</a>
+</li>
+<li class="tocline">
+<a href="#determining-access-privileges" class="tocxref">
+<span class="secno">
+2.3.5
+</span>
+Determining
+Access
+Privileges
+</a>
+</li>
+</ul>
+</li>
+</ul>
+</li>
+<li class="tocline">
+<a href="#references" class="tocxref">
+<span class="secno">
+A.
+</span>
+References
+</a>
+<ul class="toc">
+<li class="tocline">
+<a href="#normative-references" class="tocxref">
+<span class="secno">
+A.1
+</span>
+Normative
+references
+</a>
+</li>
+<li class="tocline">
+<a href="#informative-references" class="tocxref">
+<span class="secno">
+A.2
+</span>
+Informative
+references
+</a>
+</li>
+</ul>
+</li>
+</ul>
+</div>
+<div class="informative section" id="introduction" typeof="bibo:Chapter" about="#introduction">
+<h2>
+<span class="secno">
+1.
+</span>
+Introduction
+</h2>
+<p>
+<em>
+This
+section
+is
+non-normative.
+</em>
+</p>
+<p>
+The
+WebID
+specification
+is
+designed
+to
+help
+alleviate
+the
+difficultly
+that
+remembering
+different
+logins,
+passwords
+and
+settings
+for
+websites
+has
+created.
+It
+is
+also
+designed
+to
+provide
+a
+universal
+and
+extensible
+mechanism
+to
+express
+public
+and
+private
+information
+about
+yourself.
+This
+section
+outlines
+the
+motivation
+behind
+the
+specification
+and
+the
+relationship
+to
+other
+similar
+specifications
+that
+are
+in
+active
+use
+today.
+</p>
+<div class="informative section" id="motivation" typeof="bibo:Chapter" about="#motivation">
+<h3>
+<span class="secno">
+1.1
+</span>
+Motivation
+</h3>
+<p>
+<em>
+This
+section
+is
+non-normative.
+</em>
+</p>
+<p>
+It
+is
+a
+fundamental
+design
+criteria
+of
+the
+Web
+to
+enable
+individuals
+and
+organizations
+to
+control
+how
+they
+interact
+with
+the
+rest
+of
+society.
+This
+includes
+how
+one
+expresses
+their
+identity,
+public
+information
+and
+personal
+details
+to
+social
+networks,
+Web
+sites
+and
+services.
+</p>
+<p>
+Semantic
+Web
+vocabularies
+such
+as
+Friend-of-a-Friend
+(FOAF)
+permit
+distributed
+hyperlinked
+social
+networks
+to
+exist.
+This
+vocabulary,
+along
+with
+other
+vocabularies,
+allow
+one
+to
+add
+information
+and
+services
+protection
+to
+distributed
+social
+networks.
+</p>
+<p>
+One
+major
+criticism
+of
+open
+networks
+is
+that
+they
+seem
+to
+have
+no
+way
+of
+protecting
+the
+personal
+information
+distributed
+on
+the
+web
+or
+limiting
+access
+to
+resources.
+Few
+people
+are
+willing
+to
+make
+all
+their
+personal
+information
+public,
+many
+would
+like
+large
+pieces
+to
+be
+protected,
+making
+it
+available
+only
+to
+a
+select
+group
+of
+agents.
+Giving
+access
+to
+information
+is
+very
+similar
+to
+giving
+access
+to
+services.
+There
+are
+many
+occasions
+when
+people
+would
+like
+services
+to
+only
+be
+accessible
+to
+members
+of
+a
+group,
+such
+as
+allowing
+only
+friends,
+family
+members,
+colleagues
+to
+post
+an
+article,
+photo
+or
+comment
+on
+a
+blog.
+How
+does
+one
+do
+this
+in
+a
+flexible
+way,
+without
+requiring
+a
+central
+point
+of
+access
+control?
+</p>
+<p>
+Using
+an
+process
+made
+popular
+by
+OpenID,
+we
+show
+how
+one
+can
+tie
+a
+User
+Agent
+to
+a
+URL
+by
+proving
+that
+one
+has
+write
+access
+to
+the
+URL.
+WebID
+is
+a
+simpler
+alternative
+to
+OpenID
+(fewer
+connections),
+that
+uses
+X.509
+certificates
+to
+tie
+a
+User
+Agent
+(Browser)
+to
+a
+Person
+identified
+via
+a
+URL.
+WebID
+also
+provides
+a
+few
+additional
+features
+to
+OpenID.
+These
+features
+include
+trust
+management,
+via
+digital
+signatures,
+and
+free-form
+extensibility
+via
+RDFa.
+By
+using
+the
+existing
+SSL
+certificate
+exchange
+mechanism,
+WebID
+integrates
+more
+smoothly
+with
+existing
+Web
+browsers,
+including
+browsers
+on
+mobile
+devices.
+WebID
+also
+permits
+automated
+session
+login
+in
+addition
+to
+interactive
+session
+login.
+Additionally,
+all
+data
+is
+encrypted
+and
+guaranteed
+to
+only
+be
+received
+by
+the
+person
+or
+organization
+that
+was
+intended
+to
+receive
+it.
+</p>
+</div>
+<div class="informative section" id="relation-to-openid" typeof="bibo:Chapter" about="#relation-to-openid">
+<h3>
+<span class="secno">
+1.2
+</span>
+Relation
+to
+OpenID
+</h3>
+<p>
+<em>
+This
+section
+is
+non-normative.
+</em>
+</p>
+<del class="diff-old">While
+some
+may
+say
+that
+OpenID
+</del>
+<p class="issue">
+<ins class="diff-chg">This
+section
+needs
+to
+be
+re-written.
+The
+flow
+</ins>
+and
+<del class="diff-old">WebID
+conflict,
+</del>
+<ins class="diff-chg">grammar
+leaves
+much
+to
+be
+desired.
+--
+manu
+</ins></p><p>
+WebID
+is
+<del class="diff-old">100%
+</del>
+compatible
+with
+<del class="diff-old">OpenID
+since
+both
+</del>
+<ins class="diff-chg">OpenID.
+Both
+protocols
+</ins>
+use
+a
+URL
+<del class="diff-old">for
+identification.
+</del>
+<ins class="diff-chg">that
+dereferences
+to
+a
+Personal
+Profile
+Document.
+This
+Personal
+Profile
+Document
+is
+where
+further
+information
+about
+an
+identity
+can
+be
+discovered.
+This
+mechanism
+is
+compatible
+with
+both
+WebID
+and
+OpenID.
+</ins>
+Therefore,
+WebID
+does
+not
+intend
+to
+replace
+OpenID,
+but
+can
+work
+beside
+OpenID
+<del class="diff-old">just
+as
+easily
+as
+providing
+a
+complete
+solution.
+</del>
+<ins class="diff-chg">by
+sharing
+the
+content
+in
+the
+Personal
+Profile
+Document.
+</ins></p><p>
+That
+said,
+there
+are
+a
+number
+of
+benefits
+that
+WebID
+achieves
+over
+OpenID:
+</p>
+<p>
+WebID
+gives
+people
+and
+other
+agents
+a
+<ins class="diff-new">WebID
+URL
+for
+identification.
+OpenID
+also
+provides
+a
+URL
+to
+a
+Personal
+Profile
+Document.
+However,
+in
+the
+case
+of
+WebID,
+one
+does
+not
+need
+to
+remember
+the
+URL
+since
+the
+User
+Agent
+remembers
+the
+URL
+on
+behalf
+of
+the
+person
+browsing.
+To
+log
+in
+on
+a
+WebID
+web
+site
+there
+is
+no
+need
+to
+enter
+any
+identifier
+like
+one
+has
+to
+do
+for
+OpenID.
+Just
+one
+click
+tells
+the
+browser
+to
+send
+the
+WebID
+URL.
+The
+person
+that
+is
+browsing
+does
+not
+need
+to
+remember
+either
+their
+WebID
+URL
+or
+the
+website
+password.
+The
+only
+password
+one
+may
+need
+to
+remember
+is
+the
+one
+that
+is
+used
+to
+access
+their
+collection
+of
+WebIDs
+in
+their
+browser,
+and
+that's
+only
+if
+they
+opt-in
+to
+password
+protect
+their
+WebIDs.
+</ins></p><p><ins class="diff-new">
+WebID
+gives
+people
+and
+other
+agents
+a
+</ins>
+Web
+ID
+URL
+for
+<del class="diff-old">identification,
+just
+like
+OpenId
+does.
+</del>
+<ins class="diff-chg">identification.
+OpenID
+also
+provides
+a
+URL
+to
+a
+Personal
+Profile
+Document.
+</ins>
+However,
+in
+the
+case
+of
+WebID,
+the
+user
+does
+not
+need
+to
+remember
+the
+URL,
+the
+browser
+or
+User
+Agent
+does.
+A
+login
+button
+on
+a
+WebID
+web
+site
+is
+just
+a
+button.
+No
+need
+to
+enter
+any
+identifier
+like
+one
+has
+to
+for
+OpenID.
+Just
+click
+the
+button.
+Your
+browser
+will
+then
+ask
+you
+what
+identity
+you
+wish
+to
+use.
+The
+person
+that
+is
+browsing
+does
+not
+need
+to
+remember
+either
+the
+WebID
+URL
+or
+the
+website
+password.
+The
+only
+password
+one
+needs
+to
+remember
+is
+the
+one
+that
+is
+used
+to
+access
+their
+collection
+of
+WebIDs
+in
+their
+browser.
+</p>
+<p>
+The
+WebID
+protocol
+requires
+just
+one
+direct
+network
+connection
+to
+establish
+identity
+via
+the
+client.
+The
+server
+requires
+one
+connection
+to
+the
+client
+and
+one
+connection
+to
+retrieve
+the
+WebID
+Profile
+if
+it
+does
+not
+have
+the
+credential
+information
+cached.
+Compare
+this
+to
+the
+much
+more
+complex
+OpenID
+sequence,
+which
+requires
+six
+connections
+by
+the
+client
+to
+establish
+a
+login.
+In
+a
+world
+of
+distributed
+data
+where
+each
+site
+can
+point
+to
+data
+on
+any
+other
+site,
+multiple
+connections
+become
+costly
+to
+manage.
+</p>
+<p>
+WebID
+builds
+on
+<ins class="diff-new">a
+number
+of
+</ins>
+well
+established
+Internet
+and
+Web
+standards;
+<a href="http://en.wikipedia.org/wiki/REST">
+REST
+</a>,
+RDF
+[
+<a class="bibref" rel="biblioentry" href="#bib-RDF-PRIMER">
+RDF-PRIMER
+</a>
+],
+RDFa
+[
+<a class="bibref" rel="biblioentry" href="#bib-RDFA-CORE">
+RDFA-CORE
+</a>
+],
+<ins class="diff-new">RDF/XML
+[
+</ins><a class="bibref" rel="biblioentry" href="#bib-RDF-SYNTAX-GRAMMAR"><ins class="diff-new">
+RDF-SYNTAX-GRAMMAR
+</ins></a><ins class="diff-new">
+],
+</ins>
+TLS
+[
+<a class="bibref" rel="biblioentry" href="#bib-HTTP-TLS">
+HTTP-TLS
+</a>
+],
+and
+X.509
+[
+<a class="bibref" rel="biblioentry" href="#bib-X509V3">
+X509V3
+</a>
+].
+By
+building
+on
+previous
+standards,
+it
+makes
+both
+explaining
+and
+implementing
+WebID
+easier
+on
+developers.
+</p>
+<p>
+Since
+WebID
+is
+RESTful,
+you
+can
+perform
+basic
+HTTP
+operations
+to
+<code>
+GET
+</code>
+your
+WebID,
+and
+if
+you
+needed
+update
+it,
+you
+can
+use
+HTTP
+<code>
+PUT
+</code>
+semantics.
+You
+can
+also
+create
+a
+WebID
+via
+<code>
+POST
+</code>.
+This
+is
+improved
+from
+the
+OpenID
+specification,
+which
+requires
+a
+new
+set
+of
+operations
+described
+in
+the
+OpenID
+Attribute
+Exchange
+specification.
+</p>
+<p>
+<ins class="diff-new">WebID
+is
+built
+on
+RDF
+and
+thus
+enables
+all
+of
+the
+advanced
+semantic
+web
+concepts
+that
+RDF
+enables.
+For
+example,
+a
+developer
+may
+perform
+machine
+reasoning
+with
+a
+WebID.
+One
+can
+construct
+machine-executable
+statements
+like
+"If
+this
+WebID
+claims
+to
+be
+a
+friend
+of
+one
+of
+our
+partner
+WebIDs
+that
+is
+trusted
+and
+the
+relationship
+is
+bi-directional,
+trust
+the
+WebID."
+While
+OpenID
+attempts
+to
+support
+this
+use
+case
+by
+mapping
+OpenID
+to
+RDF,
+it's
+far
+easier
+to
+do
+with
+WebID
+because
+WebID
+is
+natively
+RDF-aware.
+</ins></p><p>
+It
+is
+easy
+to
+extend
+a
+WebID
+with
+new
+attributes
+via
+RDF.
+The
+power
+of
+RDF
+<del class="diff-old">and
+RDFa
+</del>
+allows
+developers
+to
+add
+extensions
+to
+WebID
+by
+defining
+new
+vocabularies
+that
+they
+publish.
+There
+is
+no
+authorization
+process
+necessary
+and
+thus
+WebID
+allows
+for
+distributed
+innovation.
+Every
+WebID
+property
+is
+a
+URI,
+which
+when
+clicked,
+can
+give
+you
+yet
+more
+information
+about
+what
+the
+property
+means.
+A
+developer
+can
+create
+new
+usage
+classes
+by
+extending
+their
+vocabulary
+at
+will.
+A
+developer
+can
+add
+relationships
+to
+a
+WebID
+by
+simply
+adding
+more
+HTML
+to
+the
+developer's
+page.
+OpenID
+does
+not
+provide
+any
+type
+of
+distributed
+innovation
+akin
+to
+<del class="diff-old">RDF
+or
+RDFa.
+WebID
+is
+built
+on
+RDF
+and
+thus
+enables
+all
+of
+the
+advanced
+semantic
+web
+concepts
+that
+RDF
+enables.
+For
+example,
+a
+developer
+may
+perform
+machine
+reasoning
+with
+a
+WebID.
+One
+can
+construct
+machine-executable
+statements
+like
+"If
+this
+WebID
+claims
+to
+be
+a
+friend
+of
+one
+of
+our
+partner
+WebIDs
+that
+is
+trusted
+and
+the
+relationship
+is
+bi-directional,
+trust
+the
+WebID."
+While
+OpenID
+attempts
+to
+support
+this
+use
+case
+by
+mapping
+OpenID
+to
+RDF,
+it's
+far
+easier
+to
+do
+with
+WebID
+because
+WebID
+is
+natively
+RDF-aware.
+</del>
+<ins class="diff-chg">RDF.
+</ins>
+</p>
+<p>
+Implementing
+WebID
+is
+easier
+than
+OpenID
+because
+all
+of
+the
+basic
+technologies
+have
+been
+working
+and
+integrated
+into
+Web
+browsers
+for
+many
+years.
+There
+were
+already
+three
+interoperable
+implementations
+of
+WebID
+before
+this
+specification
+was
+written.
+</p>
+<p>
+WebID
+is
+truly
+decentralized
+-
+with
+WebID
+you
+get
+a
+web
+of
+trust.
+OpenID
+only
+supports
+the
+Web
+of
+Trust
+model
+if
+you
+indirectly
+trust
+the
+OpenID
+provider.
+In
+other
+words
+-
+OpenID
+is
+not
+truly
+decentralized.
+In
+OpenID
+you
+must
+trust
+OpenID
+providers.
+With
+WebID
+you
+only
+have
+to
+trust
+the
+people
+and
+the
+organizations
+with
+which
+you
+are
+communicating.
+In
+other
+words,
+you
+don't
+have
+to
+ask
+anyone
+whether
+or
+not
+you
+can
+trust
+your
+friends.
+You
+can
+query
+people
+that
+you
+trust
+directly
+to
+see
+if
+someone
+is
+trustworthy
+or
+not.
+There
+is
+no
+need
+for
+a
+central
+WebID
+authority.
+</p>
+<p>
+WebID
+is
+fully
+distributed,
+anyone
+can
+setup
+a
+WebID
+by
+placing
+a
+single
+file
+on
+a
+web
+server
+of
+their
+choosing.
+There
+is
+no
+need
+for
+a
+special
+OpenID-like
+provider
+service.
+The
+only
+thing
+anyone
+that
+wants
+a
+WebID
+needs
+is
+a
+web
+account
+where
+you
+can
+post
+your
+WebID
+file,
+ideally
+on
+your
+own
+domain
+name.
+You
+can
+also
+use
+a
+WebID
+hosting
+provider,
+but
+it's
+not
+necessary
+for
+WebID
+to
+work.
+While
+it
+is
+possible
+to
+run
+an
+OpenID
+server,
+other
+OpenID
+applications
+may
+not
+trust
+you
+and
+thus
+you
+won't
+be
+able
+to
+fully
+utilize
+your
+private
+OpenID
+credentials.
+The
+reason
+that
+there
+are
+a
+few
+large
+OpenID
+providers
+and
+very
+few
+small
+OpenID
+providers
+is
+because
+of
+this
+trust
+design
+issue
+related
+to
+OpenID.
+</p>
+<p>
+WebID
+does
+not
+require
+HTTP
+redirects.
+Redirects
+are
+<del class="diff-old">are
+</del>
+problematic
+on
+many
+cell
+phones,
+because
+telecoms
+heavily
+rely
+on
+proxys,
+which
+selectively
+block
+redirects.
+</p>
+<p>
+A
+WebID
+provider
+is
+100%
+compatible
+with
+an
+OpenID
+provider
+and
+thus
+can
+inter-operate
+with
+OpenID-powered
+networks.
+</p>
+</div>
+<div class="informative section" id="relation-to-oauth" typeof="bibo:Chapter" about="#relation-to-oauth">
+<h3>
+<span class="secno">
+1.3
+</span>
+Relation
+to
+OAuth
+</h3>
+<p>
+<em>
+This
+section
+is
+non-normative.
+</em>
+</p>
+<p>
+OAuth
+and
+WebID
+are
+mutually
+beneficial
+when
+used
+together.
+WebID
+can
+be
+used
+to
+provide
+RSA
+parameters
+to
+the
+RSA-SHA1
+signature
+method
+required
+by
+OAuth
+1.0.
+WebID
+can
+also
+be
+used
+to
+establish
+the
+consumer_key
+and
+HTTPS
+connection
+that
+will
+be
+used
+to
+transmit
+OAuth
+Tokens
+in
+OAuth
+2.0.
+</p>
+</div>
+</div>
+<div class="normative section" id="the-webid-protocol" typeof="bibo:Chapter" about="#the-webid-protocol">
+<h2>
+<span class="secno">
+2.
+</span>
+The
+WebID
+Protocol
+</h2>
+<div class="normative section" id="terminology" typeof="bibo:Chapter" about="#terminology">
+<h3>
+<span class="secno">
+2.1
+</span>
+Terminology
+</h3>
+<dl>
+<dt>
+<dfn title="Verification_Agent" id="dfn-verification_agent">
+Verification
+Agent
+</dfn>
+</dt>
+<dd>
+Performs
+authentication
+on
+provided
+WebID
+credentials
+and
+determines
+if
+an
+<a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent">
+Identification
+Agent
+</a>
+can
+have
+access
+to
+a
+particular
+resource.
+A
+<a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">
+Verification
+Agent
+</a>
+is
+typically
+a
+Web
+server,
+but
+may
+also
+be
+a
+peer
+on
+a
+peer-to-peer
+network.
+</dd>
+<dt>
+<dfn title="Identification_Agent" id="dfn-identification_agent">
+Identification
+Agent
+</dfn>
+</dt>
+<dd>
+Provides
+identification
+credentials
+to
+a
+Verification
+Agent.
+The
+<a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent">
+Identification
+Agent
+</a>
+is
+typically
+also
+a
+User
+Agent.
+</dd>
+<dt>
+<dfn title="Identification_Certificate" id="dfn-identification_certificate">
+Identification
+Certificate
+</dfn>
+</dt>
+<dd>
+An
+X.509
+[
+<a class="bibref" rel="biblioentry" href="#bib-X509V3">
+X509V3
+</a>
+]
+Certificate
+that
+<em class="rfc2119" title="must">
+must
+</em>
+contain
+<del class="diff-old">the
+</del>
+<ins class="diff-chg">a
+</ins>
+<code>
+Subject
+Alternative
+Name
+</code>
+<del class="diff-old">field
+pointing
+to
+</del>
+<ins class="diff-chg">extension
+with
+a
+URI
+entry.
+The
+URI
+</ins><em class="rfc2119" title="should"><ins class="diff-chg">
+should
+</ins></em><ins class="diff-chg">
+be
+a
+URL,
+and
+</ins><em class="rfc2119" title="should not"><ins class="diff-chg">
+should
+not
+</ins></em><ins class="diff-chg">
+be
+</ins>
+a
+<ins class="diff-new">URN.
+The
+</ins>
+URL
+<del class="diff-old">that
+is
+</del>
+<ins class="diff-chg">identifies
+the
+</ins><a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent"><ins class="diff-chg">
+Identification
+Agent
+</ins></a>.<ins class="diff-chg">
+The
+URL
+</ins><em class="rfc2119" title="must"><ins class="diff-chg">
+must
+</ins></em><ins class="diff-chg">
+be
+</ins>
+dereference-able
+and
+<del class="diff-old">results
+</del>
+<ins class="diff-chg">result
+</ins>
+in
+a
+document
+containing
+RDF
+data.
+For
+<del class="diff-old">example
+</del>
+<ins class="diff-chg">example,
+</ins>
+the
+certificate
+would
+contain
+<code>
+http://example.org/webid#public
+</code>,
+known
+as
+a
+<a class="tref internalDFN" title="WebID_URL" href="#dfn-webid_url">
+WebID
+URL
+</a>,
+as
+the
+<code>
+Subject
+Alternative
+Name
+</code>:
+<code><pre>
+X509v3 extensions:
+ ...
+ X509v3 Subject Alternative Name:
+ URI:http://example.org/webid#public
+</pre>
+</code>
+</dd>
+<dt>
+<dfn title="WebID_URL" id="dfn-webid_url">
+WebID
+URL
+</dfn>
+</dt>
+<dd>
+A
+URL
+specified
+<del class="diff-old">in
+</del>
+<ins class="diff-chg">via
+</ins>
+the
+<code>
+Subject
+Alternative
+Name
+</code>
+<del class="diff-old">field
+</del>
+<ins class="diff-chg">extension
+</ins>
+of
+the
+<a class="tref internalDFN" title="Identification_Certificate" href="#dfn-identification_certificate">
+Identification
+Certificate
+</a>
+that
+identifies
+<ins class="diff-new">an
+</ins><a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent"><ins class="diff-new">
+Identification
+Agent
+</ins></a>.</dd><dt><dfn title="public_key" id="dfn-public_key"><ins class="diff-new">
+public
+key
+</ins></dfn></dt><dd><ins class="diff-new">
+A
+widely
+distributed
+crytographic
+key
+that
+can
+be
+used
+to
+verify
+digital
+signatures
+and
+encrypt
+data
+between
+</ins>
+a
+<del class="diff-old">WebID
+Profile
+</del>
+<ins class="diff-chg">sender
+and
+a
+receiver.
+A
+public
+key
+is
+always
+included
+in
+an
+</ins><a class="tref internalDFN" title="Identification_Certificate" href="#dfn-identification_certificate"><ins class="diff-chg">
+Identification
+Certificate
+</ins>
+</a>
+<del class="diff-old">document.
+</del>
+</dd>
+<dt>
+<dfn title="WebID_Profile" id="dfn-webid_profile">
+WebID
+Profile
+</dfn>
+</dt>
+<dd>
+A
+structured
+document
+that
+contains
+identification
+credentials
+for
+the
+<a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent">
+Identification
+Agent
+</a>
+expressed
+using
+the
+Resource
+Description
+Framework
+[
+<a class="bibref" rel="biblioentry" href="#bib-RDF-CONCEPTS">
+RDF-CONCEPTS
+</a>
+].
+<del class="diff-old">The
+</del>
+<ins class="diff-chg">Either
+the
+</ins>
+XHTML+RDFa
+1.1
+[
+<a class="bibref" rel="biblioentry" href="#bib-XHTML-RDFA">
+XHTML-RDFA
+</a>
+]
+serialization
+format
+<ins class="diff-new">or
+the
+RDF/XML
+[
+</ins><a class="bibref" rel="biblioentry" href="#bib-RDF-SYNTAX-GRAMMAR"><ins class="diff-new">
+RDF-SYNTAX-GRAMMAR
+</ins></a><ins class="diff-new">
+]
+serialization
+format
+</ins>
+<em class="rfc2119" title="must">
+must
+</em>
+be
+supported
+by
+the
+mechanism,
+e.g.
+a
+Web
+Service,
+providing
+the
+WebID
+Profile
+document.
+Alternate
+RDF
+serialization
+formats,
+such
+as
+N3
+[
+<a class="bibref" rel="biblioentry" href="#bib-N3">
+N3
+</a>
+<del class="diff-old">],
+</del>
+<ins class="diff-chg">]
+or
+</ins>
+Turtle
+[
+<a class="bibref" rel="biblioentry" href="#bib-TURTLE">
+TURTLE
+</a>
+],
+<del class="diff-old">or
+RDF/XML
+[
+RDF-SYNTAX-GRAMMAR
+]
+</del>
+<em class="rfc2119" title="may">
+may
+</em>
+be
+supported
+by
+the
+mechanism
+providing
+the
+WebID
+Profile
+document.
+</dd>
+</dl>
+<p class="issue">
+<ins class="diff-new">Whether
+or
+not
+RDF/XML,
+XHTML+RDFa
+1.1,
+both
+or
+neither
+serialization
+of
+RDF
+should
+be
+required
+serialization
+formats
+in
+the
+specification
+is
+currently
+under
+heavy
+debate.
+</ins></p>
+</div>
+<div class="normative section" id="authentication-sequence" typeof="bibo:Chapter" about="#authentication-sequence">
+<h3>
+<span class="secno">
+2.2
+</span>
+Authentication
+Sequence
+</h3>
+<p>
+The
+following
+steps
+are
+executed
+by
+Verification
+Agents
+and
+Identification
+Agents
+to
+determine
+if
+access
+should
+be
+granted
+to
+a
+particular
+resource.
+</p>
+<ol>
+<li>
+The
+<a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent">
+Identification
+Agent
+</a>
+attempts
+to
+access
+a
+resource
+using
+HTTP
+over
+TLS
+[
+<a class="bibref" rel="biblioentry" href="#bib-HTTP-TLS">
+HTTP-TLS
+</a>
+]
+via
+the
+<a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">
+Verification
+Agent
+</a>.
+</li>
+<li>
+The
+<a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">
+Verification
+Agent
+</a>
+<em class="rfc2119" title="must">
+must
+</em>
+request
+the
+<a class="tref internalDFN" title="Identification_Certificate" href="#dfn-identification_certificate">
+Identification
+Certificate
+</a>
+of
+the
+<a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent">
+Identification
+Agent
+</a>
+as
+a
+part
+of
+the
+TLS
+client-cerificate
+retrieval
+protocol.
+</li>
+<li>
+The
+<a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">
+Verification
+Agent
+</a>
+<em class="rfc2119" title="must">
+must
+</em>
+extract
+the
+<a class="tref internalDFN" title="public_key" href="#dfn-public_key">
+<ins class="diff-new">public
+key
+</ins></a><ins class="diff-new">
+and
+the
+</ins>
+<a class="tref internalDFN" title="WebID_URL" href="#dfn-webid_url">
+WebID
+URL
+</a>
+contained
+in
+the
+<code>
+Subject
+Alternative
+Name
+</code>
+<del class="diff-old">field
+</del>
+<ins class="diff-chg">extension
+</ins>
+of
+the
+<a class="tref internalDFN" title="Identification_Certificate" href="#dfn-identification_certificate">
+Identification
+Certificate
+</a>.
+</li>
+<li>
+The
+<del class="diff-old">WebID
+Profile
+document
+must
+be
+dereferenced
+and
+all
+triples
+pertaining
+to
+the
+</del>
+<a class="tref internalDFN" title="public_key" href="#dfn-public_key">
+public
+key
+</a>
+<ins class="diff-new">information
+</ins>
+associated
+with
+the
+<a class="tref internalDFN" title="WebID_URL" href="#dfn-webid_url">
+WebID
+URL
+</a>
+<em class="rfc2119" title="must">
+must
+</em>
+be
+<del class="diff-old">extracted.
+The
+remote
+document
+triples
+</del>
+<ins class="diff-chg">verified
+by
+the
+</ins><a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent"><ins class="diff-chg">
+Verification
+Agent
+</ins></a>.<ins class="diff-chg">
+This
+</ins>
+<em class="rfc2119" title="must">
+must
+</em>
+be
+<del class="diff-old">queried
+for
+information
+about
+</del>
+<ins class="diff-chg">performed
+by
+validating
+</ins>
+the
+<a class="tref internalDFN" title="public_key" href="#dfn-public_key">
+public
+key
+</a>
+<ins class="diff-new">associated
+with
+the
+</ins><a class="tref internalDFN" title="WebID_URL" href="#dfn-webid_url"><ins class="diff-new">
+WebID
+URL
+</ins></a>.<ins class="diff-new">
+This
+process
+</ins><em class="rfc2119" title="should"><ins class="diff-new">
+should
+</ins></em><ins class="diff-new">
+occur
+either
+by
+dereferencing
+the
+</ins><a class="tref internalDFN" title="WebID_URL" href="#dfn-webid_url"><ins class="diff-new">
+WebID
+URL
+</ins></a><ins class="diff-new">
+and
+extracting
+RDF
+data
+from
+the
+resulting
+document,
+or
+by
+utilizing
+a
+cached
+version
+of
+the
+RDF
+data
+</ins>
+contained
+in
+the
+<del class="diff-old">Identification
+Certificate
+</del>
+<ins class="diff-chg">document
+or
+other
+data
+source
+that
+is
+up-to-date
+and
+trusted
+by
+the
+</ins><a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent"><ins class="diff-chg">
+Verification
+Agent
+</ins></a>.<ins class="diff-chg">
+The
+processing
+and
+extraction
+mechanism
+is
+further
+detailed
+in
+the
+sections
+titled
+</ins><a href="#processing-the-webid-profile"><ins class="diff-chg">
+Processing
+the
+WebID
+Profile
+</ins></a><ins class="diff-chg">
+and
+</ins><a href="#extracting-webid-url-details"><ins class="diff-chg">
+Extracting
+WebID
+URL
+Details
+</ins>
+</a>.
+</li>
+<li>
+If
+the
+<a class="tref internalDFN" title="public_key" href="#dfn-public_key">
+public
+key
+</a>
+in
+the
+<del class="diff-old">certificate
+</del>
+<a class="tref internalDFN" title="Identification_Certificate" href="#dfn-identification_certificate">
+<ins class="diff-chg">Identification
+Certificate
+</ins></a>
+is
+found
+in
+the
+list
+of
+<a class="tref internalDFN" title="public_key" href="#dfn-public_key">
+public
+<del class="diff-old">keys
+</del>
+<ins class="diff-chg">key
+</ins></a><ins class="diff-chg">
+s
+</ins>
+associated
+with
+the
+<a class="tref internalDFN" title="WebID_URL" href="#dfn-webid_url">
+WebID
+URL
+</a>,
+the
+<a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">
+Verification
+Agent
+</a>
+<em class="rfc2119" title="must">
+must
+</em>
+assume
+that
+the
+client
+has
+write
+access
+to
+the
+<a class="tref internalDFN" title="WebID_Profile" href="#dfn-webid_profile">
+WebID
+Profile
+</a>
+and
+therefore
+owns
+the
+document.
+</li>
+<li>
+<del class="diff-old">At
+this
+point,
+</del>
+<ins class="diff-chg">If
+</ins>
+the
+<a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">
+Verification
+Agent
+</a>
+has
+verified
+that
+the
+<a class="tref internalDFN" title="WebID_Profile" href="#dfn-webid_profile">
+WebID
+Profile
+</a>
+is
+owned
+by
+the
+<a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent">
+Identification
+Agent
+<del class="diff-old">.
+The
+</del>
+</a>,
+<ins class="diff-chg">the
+</ins>
+<a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">
+Verification
+Agent
+</a>
+<em class="rfc2119" title="must">
+must
+</em>
+use
+the
+<del class="diff-old">now
+</del>
+verified
+<a class="tref internalDFN" title="public_key" href="#dfn-public_key">
+public
+key
+</a>
+contained
+in
+the
+<a class="tref internalDFN" title="Identification_Certificate" href="#dfn-identification_certificate">
+Identification
+Certificate
+</a>
+for
+all
+TLS-based
+communication
+with
+the
+<a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent">
+Identification
+Agent
+</a>.
+</li>
+</ol>
+<p>
+The
+<a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent">
+Identification
+Agent
+</a>
+<em class="rfc2119" title="may">
+may
+</em>
+re-establish
+a
+different
+identity
+at
+any
+time
+by
+executing
+all
+of
+the
+steps
+in
+the
+Authentication
+Sequence
+again.
+Additional
+algorithms,
+detailed
+in
+the
+next
+section,
+<em class="rfc2119" title="may">
+may
+</em>
+be
+performed
+to
+determine
+if
+the
+<a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">
+Verification
+Agent
+</a>
+can
+access
+a
+particular
+resource
+after
+the
+last
+step
+of
+the
+Authentication
+Sequence
+has
+been
+completed.
+</p>
+</div>
+<div class="normative section" id="authentication-sequence-details" typeof="bibo:Chapter" about="#authentication-sequence-details">
+<h3>
+<span class="secno">
+2.3
+</span>
+Authentication
+Sequence
+Details
+</h3>
+<p>
+This
+section
+covers
+details
+about
+each
+step
+in
+the
+authentication
+process.
+</p>
+<div class="normative section" id="initiating-a-tls-connection" typeof="bibo:Chapter" about="#initiating-a-tls-connection">
+<h4>
+<span class="secno">
+2.3.1
+</span>
+Initiating
+a
+TLS
+Connection
+</h4>
+<p class="issue">
+This
+section
+will
+detail
+how
+the
+TLS
+connection
+process
+is
+started
+and
+used
+by
+WebID
+to
+create
+a
+secure
+channel
+between
+the
+Identification
+Agent
+and
+the
+Verification
+Agent.
+</p>
+</div>
+<div class="normative section" id="exchanging-the-identification-certificate" typeof="bibo:Chapter" about="#exchanging-the-identification-certificate">
+<h4>
+<span class="secno">
+2.3.2
+</span>
+Exchanging
+the
+Identification
+Certificate
+</h4>
+<p class="issue">
+This
+section
+will
+detail
+how
+the
+certificate
+is
+selected
+and
+sent
+to
+the
+Verification
+Agent.
+</p>
+</div>
+<div class="normative section" id="processing-the-webid-profile" typeof="bibo:Chapter" about="#processing-the-webid-profile">
+<h4>
+<span class="secno">
+2.3.3
+</span>
+Processing
+the
+WebID
+Profile
+</h4>
+<p>
+A
+<ins class="diff-new">Verification
+Agent
+</ins><em class="rfc2119" title="must"><ins class="diff-new">
+must
+</ins></em><ins class="diff-new">
+be
+able
+to
+process
+documents
+in
+RDF/XML
+[
+</ins><a class="bibref" rel="biblioentry" href="#bib-RDF-SYNTAX-GRAMMAR"><ins class="diff-new">
+RDF-SYNTAX-GRAMMAR
+</ins></a><ins class="diff-new">
+]
+and
+XHTML+RDFa
+[
+</ins><a class="bibref" rel="biblioentry" href="#bib-XHTML-RDFA"><ins class="diff-new">
+XHTML-RDFA
+</ins></a><ins class="diff-new">
+].
+A
+</ins>
+server
+responding
+to
+a
+WebID
+Profile
+request
+<em class="rfc2119" title="should">
+<ins class="diff-new">should
+</ins></em><ins class="diff-new">
+support
+HTTP
+content
+negotiation.
+The
+server
+</ins>
+<em class="rfc2119" title="must">
+must
+</em>
+<del class="diff-old">support
+returning
+an
+XHTML+RDFa
+[
+XHTML-RDFA
+]
+document
+with
+either
+</del>
+<ins class="diff-chg">return
+</ins>
+a
+<ins class="diff-new">representation
+in
+RDF/XML
+for
+media
+type
+</ins><code><ins class="diff-new">
+application/rdf+xml
+</ins></code>.<ins class="diff-new">
+The
+server
+</ins><em class="rfc2119" title="must"><ins class="diff-new">
+must
+</ins></em><ins class="diff-new">
+return
+a
+representation
+in
+XHTML+RDFa
+for
+media
+type
+</ins>
+<code>
+text/html
+</code>
+or
+<ins class="diff-new">media
+type
+</ins>
+<code>
+application/xhtml+xml
+<del class="diff-old">MIMEtype.
+A
+server
+</del>
+</code>.
+<a class="tref" title="Verification_Agents">
+<ins class="diff-chg">Verification
+Agents
+</ins></a><ins class="diff-chg">
+and
+</ins><a class="tref" title="Identification_Agents"><ins class="diff-chg">
+Identification
+Agents
+</ins></a>
+<em class="rfc2119" title="may">
+may
+</em>
+support
+<ins class="diff-new">any
+other
+RDF
+format
+via
+</ins>
+HTTP
+content
+<del class="diff-old">negotiation
+and
+return
+a
+document
+that
+conforms
+to
+N3
+[
+N3
+],
+Turtle
+[
+TURTLE
+],
+or
+RDF/XML
+[
+RDF-SYNTAX-GRAMMAR
+].
+</del>
+<ins class="diff-chg">negotiation.
+</ins>
+</p>
+<p class="issue">
+This
+section
+will
+explain
+how
+a
+Verification
+Agent
+extracts
+semantic
+data
+describing
+the
+identification
+credentials
+from
+a
+WebID
+Profile.
+</p>
+</div>
+<div class="normative section" id="extracting-webid-url-details" typeof="bibo:Chapter" about="#extracting-webid-url-details">
+<h4>
+<span class="secno">
+2.3.4
+</span>
+Extracting
+<del class="diff-old">Identification
+</del>
+<ins class="diff-chg">WebID
+</ins>
+URL
+Details
+</h4>
+<p>
+The
+<a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">
+Verification
+Agent
+</a>
+may
+use
+a
+number
+of
+different
+methods
+to
+extract
+the
+<a class="tref internalDFN" title="public_key" href="#dfn-public_key">
+public
+key
+</a>
+information
+from
+the
+<a class="tref internalDFN" title="WebID_Profile" href="#dfn-webid_profile">
+WebID
+Profile
+</a>.
+</p>
+The
+following
+SPARQL
+query
+outlines
+one
+way
+in
+which
+the
+<a class="tref internalDFN" title="public_key" href="#dfn-public_key">
+public
+key
+</a>
+could
+be
+extracted
+from
+the
+<a class="tref internalDFN" title="WebID_Profile" href="#dfn-webid_profile">
+WebID
+Profile
+</a>:
+<code><pre>
+PREFIX cert: <http://www.w3.org/ns/auth/cert#>
+PREFIX rsa: <http://www.w3.org/ns/auth/rsa#>
+SELECT ?modulus ?exp
+WHERE {
+ ?key cert:identity <http://example.org/webid#public>;
+ a rsa:RSAPublicKey;
+ rsa:modulus [ cert:hex ?modulus; ];
+ rsa:public_exponent [ cert:decimal ?exp ] .
+}
+</pre>
+</code>
+<p class="issue">
+This
+section
+still
+needs
+more
+information.
+</p>
+</div>
+<div class="normative section" id="determining-access-privileges" typeof="bibo:Chapter" about="#determining-access-privileges">
+<h4>
+<span class="secno">
+2.3.5
+</span>
+Determining
+Access
+Privileges
+</h4>
+<p class="issue">
+This
+section
+will
+explain
+how
+a
+Verification
+Agent
+may
+use
+the
+information
+discovered
+via
+a
+WebID
+URL
+to
+determine
+if
+one
+should
+be
+able
+to
+access
+a
+particular
+resource.
+It
+will
+explain
+how
+a
+Verification
+Agent
+can
+use
+links
+to
+other
+RDFa
+documents
+to
+build
+knowledge
+about
+the
+given
+WebID.
+</p>
+</div>
+</div>
+<div id="appendix" typeof="bibo:Chapter" about="#appendix" class="section">
+<div class="informative section" id="history" typeof="bibo:Chapter" about="#history">
+<h4>
+Change
+History
+</h4>
+<p>
+<em>
+This
+section
+is
+non-normative.
+</em>
+</p>
+<p>
+2010-07-11
+Initial
+version.
+</p>
+</div>
+<div class="informative section" id="acknowledgements" typeof="bibo:Chapter" about="#acknowledgements">
+<h4>
+Acknowledgments
+</h4>
+<p>
+<em>
+This
+section
+is
+non-normative.
+</em>
+</p>
+<p>
+The
+following
+people
+have
+been
+instrumental
+in
+providing
+thoughts,
+feedback,
+reviews,
+criticism
+and
+input
+in
+the
+creation
+of
+this
+specification:
+</p>
+<ul>
+<li>
+Melvin
+Carvalho
+</li>
+<li>
+Bruno
+Harbulot
+</li>
+<li>
+Toby
+Inkster
+</li>
+<li>
+Ian
+Jacobi
+</li>
+<li>
+Jeff
+Sayre
+</li>
+<li>
+Henry
+Story
+</li>
+</ul>
+</div>
+</div>
+</div>
+<div id="references" class="appendix section" typeof="bibo:Chapter" about="#references">
+<h2>
+<span class="secno">
+A.
+</span>
+References
+</h2>
+<div id="normative-references" typeof="bibo:Chapter" about="#normative-references" class="section">
+<h3>
+<span class="secno">
+A.1
+</span>
+Normative
+references
+</h3>
+<dl class="bibliography" about="">
+<dt id="bib-HTTP-TLS">
+[HTTP-TLS]
+</dt>
+<dd rel="dcterms:requires">
+E.
+Rescorla.
+<a href="http://www.ietf.org/rfc/rfc2818.txt">
+<cite>
+HTTP
+Over
+TLS.
+</cite>
+</a>
+May
+2000.
+Internet
+RFC
+2818.
+URL:
+<a href="http://www.ietf.org/rfc/rfc2818.txt">
+http://www.ietf.org/rfc/rfc2818.txt
+</a>
+</dd>
+<dt id="bib-N3">
+[N3]
+</dt>
+<dd rel="dcterms:requires">
+Tim
+Berners-Lee;
+Dan
+Connolly.
+<a href="http://www.w3.org/TeamSubmission/2008/SUBM-n3-20080114/">
+<cite>
+Notation3
+(N3):
+A
+readable
+RDF
+syntax.
+</cite>
+</a>
+14
+January
+2008.
+W3C
+Team
+Submission.
+URL:
+<a href="http://www.w3.org/TeamSubmission/2008/SUBM-n3-20080114/">
+http://www.w3.org/TeamSubmission/2008/SUBM-n3-20080114/
+</a>
+</dd>
+<dt id="bib-RDF-PRIMER">
+<ins class="diff-new">[RDF-PRIMER]
+</ins></dt><dd rel="dcterms:requires"><ins class="diff-new">
+Frank
+Manola;
+Eric
+Miller.
+</ins><a href="http://www.w3.org/TR/2004/REC-rdf-primer-20040210/"><cite><ins class="diff-new">
+RDF
+Primer.
+</ins></cite></a><ins class="diff-new">
+10
+February
+2004.
+W3C
+Recommendation.
+URL:
+</ins><a href="http://www.w3.org/TR/2004/REC-rdf-primer-20040210/"><ins class="diff-new">
+http://www.w3.org/TR/2004/REC-rdf-primer-20040210/
+</ins></a></dd>
+<dt id="bib-RDF-SYNTAX-GRAMMAR">
+[RDF-SYNTAX-GRAMMAR]
+</dt>
+<dd rel="dcterms:requires">
+Dave
+Beckett.
+<a href="http://www.w3.org/TR/2004/REC-rdf-syntax-grammar-20040210">
+<cite>
+RDF/XML
+Syntax
+Specification
+(Revised).
+</cite>
+</a>
+10
+February
+2004.
+W3C
+Recommendation.
+URL:
+<a href="http://www.w3.org/TR/2004/REC-rdf-syntax-grammar-20040210">
+http://www.w3.org/TR/2004/REC-rdf-syntax-grammar-20040210
+</a>
+</dd>
+<dt id="bib-RDFA-CORE">
+[RDFA-CORE]
+</dt>
+<dd rel="dcterms:requires">
+Shane
+McCarron;
+et
+al.
+<a href="http://www.w3.org/TR/2010/WD-rdfa-core-20100422">
+<cite>
+RDFa
+Core
+1.1:
+Syntax
+and
+processing
+rules
+for
+embedding
+RDF
+through
+attributes.
+</cite>
+</a>
+22
+April
+2010.
+W3C
+Working
+Draft.
+URL:
+<a href="http://www.w3.org/TR/2010/WD-rdfa-core-20100422">
+http://www.w3.org/TR/2010/WD-rdfa-core-20100422
+</a>
+</dd>
+<dt id="bib-TURTLE">
+[TURTLE]
+</dt>
+<dd rel="dcterms:requires">
+David
+Beckett,
+Tim
+Berners-Lee.
+<a href="http://www.w3.org/TeamSubmission/turtle/">
+Turtle:
+Terse
+RDF
+Triple
+Language
+</a>
+January
+2008.
+W3C
+Team
+Submission.
+URL:
+<a href="http://www.w3.org/TeamSubmission/turtle/">
+http://www.w3.org/TeamSubmission/turtle/
+</a>
+</dd>
+<dt id="bib-X509V3">
+[X509V3]
+</dt>
+<dd rel="dcterms:requires">
+<cite>
+ITU-T
+Recommendation
+X.509
+version
+3
+(1997).
+"Information
+Technology
+-
+Open
+Systems
+Interconnection
+-
+The
+Directory
+Authentication
+Framework"
+ISO/IEC
+9594-8:1997
+</cite>.
+</dd>
+<dt id="bib-XHTML-RDFA">
+[XHTML-RDFA]
+</dt>
+<dd rel="dcterms:requires">
+Shane
+McCarron;
+et.
+al.
+<a href="http://www.w3.org/TR/2010/WD-xhtml-rdfa-20100422">
+<cite>
+XHTML+RDFa
+1.1.
+</cite>
+</a>
+22
+April
+2010.
+W3C
+Working
+Draft.
+URL:
+<a href="http://www.w3.org/TR/2010/WD-xhtml-rdfa-20100422">
+http://www.w3.org/TR/WD-xhtml-rdfa-20100422
+</a>
+</dd>
+</dl>
+</div>
+<div id="informative-references" typeof="bibo:Chapter" about="#informative-references" class="section">
+<h3>
+<span class="secno">
+A.2
+</span>
+Informative
+references
+</h3>
+<dl class="bibliography" about="">
+<dt id="bib-RDF-CONCEPTS">
+[RDF-CONCEPTS]
+</dt>
+<dd rel="dcterms:references">
+Graham
+Klyne;
+Jeremy
+J.
+Carroll.
+<a href="http://www.w3.org/TR/2004/REC-rdf-concepts-20040210">
+<cite>
+Resource
+Description
+Framework
+(RDF):
+Concepts
+and
+Abstract
+Syntax.
+</cite>
+</a>
+10
+February
+2004.
+W3C
+Recommendation.
+URL:
+<a href="http://www.w3.org/TR/2004/REC-rdf-concepts-20040210">
+http://www.w3.org/TR/2004/REC-rdf-concepts-20040210
+<del class="diff-old">[RDF-PRIMER]
+Frank
+Manola;
+Eric
+Miller.
+RDF
+Primer.
+10
+February
+2004.
+W3C
+Recommendation.
+URL:
+http://www.w3.org/TR/2004/REC-rdf-primer-20040210/
+</del>
+</a>
+</dd>
+</dl>
+</div>
+</div>
+</body>
+</html>
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/spec/drafts/ED-webid-20100718/index.html Wed Feb 02 17:27:40 2011 -0500
@@ -0,0 +1,541 @@
+<?xml version='1.0' encoding='UTF-8'?>
+<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML+RDFa 1.0//EN' 'http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd'>
+<html dir="ltr" about="" property="dcterms:language" content="en" xmlns="http://www.w3.org/1999/xhtml" xmlns:dcterms='http://purl.org/dc/terms/' xmlns:bibo='http://purl.org/ontology/bibo/' xmlns:foaf='http://xmlns.com/foaf/0.1/' xmlns:xsd='http://www.w3.org/2001/XMLSchema#'>
+<head>
+ <title>WebID 1.0</title>
+ <meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
+
+<!--
+ === NOTA BENE ===
+ For the three scripts below, if your spec resides on dev.w3 you can check them
+ out in the same tree and use relative links so that they'll work offline,
+ -->
+
+<style type="text/css">
+code { font-family: monospace; }
+
+span.hilite { color: red; /* font-weight: bold */ }
+
+li p { margin-top: 0.3em;
+ margin-bottom: 0.3em; }
+
+div.explanation { background-color: #ADD8E6;
+ width: 80%;
+ margin: 12px; padding: 8px; }
+div.explanation li { margin-top: 8px; }
+div.explanation dd { margin: 4px; }
+
+.adef {
+ font-family: monospace;
+ font-weight: bold;
+ color: #ff4500 !important;
+}
+
+.aref {
+ font-family: monospace;
+ font-weight: bold;
+ color: #ff4500 !important;
+}
+
+span.entity { color: red; }
+
+span.element { color: green; }
+</style>
+
+
+
+<!-- <script src='/ReSpec.js/js/respec.js' class='remove'></script> -->
+
+
+ <link href="http://dev.w3.org/2009/dap/ReSpec.js/css/respec.css" rel="stylesheet" type="text/css" charset="utf-8" /><link href="http://www.w3.org/StyleSheets/TR/w3c-unofficial" rel="stylesheet" type="text/css" charset="utf-8" /></head><body style="display: inherit; "><div class="head"><p></p><h1 rel="dcterms:title" class="title" id="title">WebID 1.0</h1><h2 rel="bibo:subtitle" id="subtitle">Web Identification and Discovery</h2><h2 property="dcterms:issued" datatype="xsd:dateTime" content="2010-07-18T14:10:06+0000" id="unofficial-draft-18-july-2010">Unofficial Draft 18 July 2010</h2><dl><dt>Editor:</dt><dd rel="bibo:editor"><span typeof="foaf:Person"><span property="foaf:name">Manu Sporny</span>, <a rel="foaf:workplaceHomepage" href="http://blog.digitalbazaar.com/">Digital Bazaar, Inc.</a> <a rel="foaf:mbox" href="mailto:msporny@digitalbazaar.com">msporny@digitalbazaar.com</a> </span>
+</dd>
+<dt>Authors:</dt><dd><span><a content="Toby Inkster" href="http://tobyinkster.co.uk/">Toby Inkster</a></span>
+</dd>
+<dd><span><a content="Henry Story" href="http://bblfish.net/">Henry Story</a></span>
+</dd>
+<dd><span><a content="Bruno Harbulot" href="http://blog.distributedmatter.net/">Bruno Harbulot</a></span>
+</dd>
+<dd><span><a content="Reto Bachmann-Gmür" href="http://www.facebook.com/farewellutopia">Reto Bachmann-Gmür</a></span>
+</dd>
+</dl><p>This document is also available in this non-normative format: <a href="diff-20100711.html">Diff from previous Editors Draft</a>.</p><p class="copyright">This document is licensed under a <a class="subfoot" href="http://creativecommons.org/licenses/by/3.0/" rel="license">Creative Commons Attribution 3.0 License</a>.</p><hr></hr></div>
+ <div id="abstract" class="introductory section" property="dcterms:abstract" datatype="" typeof="bibo:Chapter" about="#abstract"><h2>Abstract</h2>
+
+<p>Social networking, identity and privacy have been at the center of how we
+interact with the Web in the last decade. The explosion of social networking
+sites has brought the world closer together as well as created new points of
+pain regarding ease of use and the Web. Remembering login details, passwords,
+and sharing private information across the many websites and social groups
+that we are a part of has become more difficult and complicated than necessary.
+The Social Web is designed to ensure that control of identity and privacy
+settings is always simple and under one's control. WebID is a key enabler of the
+Social Web. This specification outlines a simple universal identification
+mechanism that is distributed, openly extensible, improves privacy, security
+and control over how one can identify themselves and control access to their
+information on the Web.
+</p>
+
+<div typeof="bibo:Chapter" about="#how-to-read-this-document" class="section">
+<h3 id="how-to-read-this-document">How to Read this Document</h3>
+
+<p>There are a number of concepts that are covered in this document that the
+reader may want to be aware of before continuing. General knowledge of
+<a href="http://en.wikipedia.org/wiki/Public_key_cryptography">public key cryptography</a>
+and RDF [<a class="bibref" rel="biblioentry" href="#bib-RDF-PRIMER">RDF-PRIMER</a>] and RDFa [<a class="bibref" rel="biblioentry" href="#bib-RDFA-CORE">RDFA-CORE</a>] is necessary to understand how
+to implement this specification. WebID uses a number of specific technologies
+like HTTP over TLS [<a class="bibref" rel="biblioentry" href="#bib-HTTP-TLS">HTTP-TLS</a>], X.509 certificates [<a class="bibref" rel="biblioentry" href="#bib-X509V3">X509V3</a>],
+RDF/XML [<a class="bibref" rel="biblioentry" href="#bib-RDF-SYNTAX-GRAMMAR">RDF-SYNTAX-GRAMMAR</a>] and XHTML+RDFa [<a class="bibref" rel="biblioentry" href="#bib-XHTML-RDFA">XHTML-RDFA</a>].</p>
+
+<p>A general <a href="#introduction">Introduction</a> is provided for all that
+would like to understand why this specification is necessary to simplify usage
+of the Web.</p>
+
+<p>The terms used throughout this specification are listed in the section
+titled <a href="#terminology">Terminology</a>.</p>
+
+<p>Developers that are interested in implementing this specification will be
+most interested in the sections titled
+<a href="#authentication-sequence">Authentication Sequence</a> and
+<a href="#authentication-sequence-details">Authentication Sequence Details</a>.
+
+</p></div>
+</div><div id="sotd" class="introductory section" typeof="bibo:Chapter" about="#sotd"><h2>Status of This Document</h2><p>This document is merely a public working draft of a potential specification. It has no official standing of any kind and does not represent the support or consensus of any standards organisation.</p>
+
+<!-- <p>This document has been reviewed by W3C Members, by software
+developers, and by other W3C groups and interested parties, and is
+endorsed by the Director as a W3C Recommendation. It is a stable
+document and may be used as reference material or cited from another
+document. W3C's role in making the Recommendation is to draw attention
+to the specification and to promote its widespread deployment. This
+enhances the functionality and interoperability of the Web.</p> -->
+
+
+The source code for this document is available via Github at the following
+URL: <a href="http://github.com/msporny/webid-spec">http://github.com/msporny/webid-spec</a>
+
+</div><div id="toc" typeof="bibo:Chapter" about="#toc" class="section"><h2 class="introductory">Table of Contents</h2><ul class="toc"><li class="tocline"><a href="#introduction" class="tocxref"><span class="secno">1. </span>Introduction</a><ul class="toc"><li class="tocline"><a href="#motivation" class="tocxref"><span class="secno">1.1 </span>Motivation</a></li><li class="tocline"><a href="#relation-to-openid" class="tocxref"><span class="secno">1.2 </span>Relation to OpenID</a></li><li class="tocline"><a href="#relation-to-oauth" class="tocxref"><span class="secno">1.3 </span>Relation to OAuth</a></li></ul></li><li class="tocline"><a href="#the-webid-protocol" class="tocxref"><span class="secno">2. </span>The WebID Protocol</a><ul class="toc"><li class="tocline"><a href="#terminology" class="tocxref"><span class="secno">2.1 </span>Terminology</a></li><li class="tocline"><a href="#authentication-sequence" class="tocxref"><span class="secno">2.2 </span>Authentication Sequence</a></li><li class="tocline"><a href="#authentication-sequence-details" class="tocxref"><span class="secno">2.3 </span>Authentication Sequence Details</a><ul class="toc"><li class="tocline"><a href="#initiating-a-tls-connection" class="tocxref"><span class="secno">2.3.1 </span>Initiating a TLS Connection</a></li><li class="tocline"><a href="#exchanging-the-identification-certificate" class="tocxref"><span class="secno">2.3.2 </span>Exchanging the Identification Certificate</a></li><li class="tocline"><a href="#processing-the-webid-profile" class="tocxref"><span class="secno">2.3.3 </span>Processing the WebID Profile</a></li><li class="tocline"><a href="#extracting-webid-url-details" class="tocxref"><span class="secno">2.3.4 </span>Extracting WebID URL Details</a></li><li class="tocline"><a href="#determining-access-privileges" class="tocxref"><span class="secno">2.3.5 </span>Determining Access Privileges</a></li></ul></li></ul></li><li class="tocline"><a href="#references" class="tocxref"><span class="secno">A. </span>References</a><ul class="toc"><li class="tocline"><a href="#normative-references" class="tocxref"><span class="secno">A.1 </span>Normative references</a></li><li class="tocline"><a href="#informative-references" class="tocxref"><span class="secno">A.2 </span>Informative references</a></li></ul></li></ul></div>
+
+
+
+<div class="informative section" id="introduction" typeof="bibo:Chapter" about="#introduction">
+
+<!-- OddPage -->
+<h2><span class="secno">1. </span>Introduction</h2><p><em>This section is non-normative.</em></p>
+
+<p>
+The WebID specification is designed to help alleviate the difficultly that
+remembering different logins, passwords and settings for websites has created.
+It is also designed to provide a universal and extensible mechanism to express
+public and private information about yourself. This section outlines the
+motivation behind the specification and the relationship to other similar
+specifications that are in active use today.
+</p>
+
+<div class="informative section" id="motivation" typeof="bibo:Chapter" about="#motivation">
+<h3><span class="secno">1.1 </span>Motivation</h3><p><em>This section is non-normative.</em></p>
+
+<p>
+It is a fundamental design criteria of the Web to enable individuals and
+organizations to control how they interact with the rest of society. This
+includes how one expresses their identity, public information and personal
+details to social networks, Web sites and services.
+</p>
+
+<p>
+Semantic Web vocabularies such as Friend-of-a-Friend (FOAF) permit distributed
+hyperlinked social networks to exist. This vocabulary, along with other
+vocabularies, allow one to add information and services protection to
+distributed social networks.
+</p>
+
+<p>
+One major criticism of open networks is that they seem to have no way of
+protecting the personal information distributed on the web or limiting
+access to resources. Few people are willing to make all their personal
+information public, many would like large pieces to be protected, making
+it available only to a select group of agents. Giving access to
+information is very similar to giving access to services. There are many
+occasions when people would like services to only be accessible to
+members of a group, such as allowing only friends, family members,
+colleagues to post an article, photo or comment on a blog. How does one do
+this in a flexible way, without requiring a central point of
+access control?
+</p>
+
+<p>
+Using an process made popular by OpenID, we show how one can tie a User
+Agent to a URL by proving that one has write access to the URL. WebID is
+a simpler alternative to OpenID (fewer connections), that uses X.509
+certificates to tie a User Agent (Browser) to a Person identified via a URL.
+WebID also provides a few additional features to OpenID. These
+features include trust management, via digital signatures, and free-form
+extensibility via RDFa. By using the existing SSL certificate exchange
+mechanism, WebID integrates more smoothly with existing Web browsers, including
+browsers on mobile devices. WebID also permits automated session login
+in addition to interactive session login. Additionally, all data is encrypted
+and guaranteed to only be received by the person or organization that was
+intended to receive it.
+</p>
+
+</div>
+
+<div class="informative section" id="relation-to-openid" typeof="bibo:Chapter" about="#relation-to-openid">
+<h3><span class="secno">1.2 </span>Relation to OpenID</h3><p><em>This section is non-normative.</em></p>
+
+<p class="issue">This section needs to be re-written. The flow and grammar
+leaves much to be desired. -- manu</p>
+
+<p>WebID is compatible with OpenID. Both protocols use a URL that dereferences
+to a Personal Profile Document. This Personal Profile Document is where further
+information about an identity can be discovered. This mechanism is compatible
+with both WebID and OpenID. Therefore, WebID does not intend to replace OpenID,
+but can work beside OpenID by sharing the content in the Personal Profile
+Document.</p>
+
+<p>That said, there are a number of benefits that WebID achieves over OpenID:
+</p>
+
+<p>WebID gives people and other agents a WebID URL for identification. OpenID
+also provides a URL to a Personal Profile Document. However, in the case of
+WebID, one does not need to remember the URL since the User Agent remembers
+the URL on behalf of the person browsing. To log in on a WebID web site there
+is no need to enter any identifier like one has to do for OpenID. Just one click
+tells the browser to send the WebID URL. The person that is browsing does
+not need to remember either their WebID URL or the website password. The only
+password one may need to remember is the one that is used to access their
+collection of WebIDs in their browser, and that's only if they opt-in to
+password protect their WebIDs.
+</p>
+
+<p>WebID gives people and other agents a Web ID URL for identification. OpenID
+also provides a URL to a Personal Profile Document. However, in the case of
+WebID, the user does not need to remember the URL, the browser or User Agent
+does. A login button on a WebID web site is just a button. No need to enter any
+identifier like one has to for OpenID. Just click the button. Your browser will
+then ask you what identity you wish to use. The person that is browsing does
+not need to remember either the WebID URL or the website password. The only
+password one needs to remember is the one that is used to access their
+collection of WebIDs in their browser.</p>
+
+<p>The WebID protocol requires just one direct network connection to establish
+identity via the client. The server requires one connection to the client and
+one connection to retrieve the WebID Profile if it does not have the credential
+information cached. Compare this to the much more complex OpenID sequence, which
+requires six connections by the client to establish a login. In a world of
+distributed data where each site can point to data on any other site, multiple
+connections become costly to manage.</p>
+
+<p>WebID builds on a number of well established Internet and Web standards;
+<a href="http://en.wikipedia.org/wiki/REST">REST</a>,
+RDF [<a class="bibref" rel="biblioentry" href="#bib-RDF-PRIMER">RDF-PRIMER</a>], RDFa [<a class="bibref" rel="biblioentry" href="#bib-RDFA-CORE">RDFA-CORE</a>], RDF/XML [<a class="bibref" rel="biblioentry" href="#bib-RDF-SYNTAX-GRAMMAR">RDF-SYNTAX-GRAMMAR</a>],
+TLS [<a class="bibref" rel="biblioentry" href="#bib-HTTP-TLS">HTTP-TLS</a>], and X.509 [<a class="bibref" rel="biblioentry" href="#bib-X509V3">X509V3</a>]. By building on previous standards,
+it makes both explaining and implementing WebID easier on developers.</p>
+
+<p>Since WebID is RESTful, you can perform basic HTTP operations to
+<code>GET</code> your WebID, and if you needed update it, you can use
+HTTP <code>PUT</code> semantics. You can also create a WebID via
+<code>POST</code>. This is improved from the OpenID specification, which
+requires a new set of operations described in the OpenID Attribute Exchange
+specification.</p>
+
+<p>WebID is built on RDF and thus enables all of the advanced semantic web
+concepts that RDF enables. For example, a developer may perform machine
+reasoning with a WebID. One can construct machine-executable statements like
+"If this WebID claims to be a friend of one of our partner WebIDs that is
+trusted and the relationship is bi-directional, trust the WebID."
+While OpenID attempts to support this use case by mapping OpenID to RDF, it's
+far easier to do with WebID because WebID is natively RDF-aware.</p>
+
+<p>It is easy to extend a WebID with new attributes via RDF. The power of
+RDF allows developers to add extensions to WebID by defining new
+vocabularies that they publish. There is no authorization process necessary
+and thus WebID allows for distributed innovation. Every WebID property is
+a URI, which when clicked, can give you yet more information about what the
+property means. A developer can create new usage classes by extending their
+vocabulary at will. A developer can add relationships to a WebID by simply
+adding more HTML to the developer's page. OpenID does not provide any type of
+distributed innovation akin to RDF.</p>
+
+<p>Implementing WebID is easier than OpenID because all of the basic
+technologies have been working and integrated into Web browsers for many years.
+There were already three interoperable implementations of WebID before this
+specification was written.</p>
+
+<p>WebID is truly decentralized - with WebID you get a web of trust.
+OpenID only supports the Web of Trust model if you indirectly trust the
+OpenID provider. In other words - OpenID is not truly decentralized. In OpenID
+you must trust OpenID providers. With WebID you only have to trust the people
+and the organizations with which you are communicating. In other words, you
+don't have to ask anyone whether or not you can trust your friends. You can
+query people that you trust directly to see if someone is trustworthy or not.
+There is no need for a central WebID authority.
+</p>
+
+<p>WebID is fully distributed, anyone can setup a WebID by placing a single
+file on a web server of their choosing. There is no need for a special
+OpenID-like provider service. The only thing anyone that wants a WebID needs
+is a web account where you can post your WebID file, ideally on your own domain
+name. You can also use a WebID hosting provider, but it's not necessary for
+WebID to work. While it is possible to run an OpenID server, other
+OpenID applications may not trust you and thus you won't be able to fully
+utilize your private OpenID credentials. The reason that there are a few
+large OpenID providers and very few small OpenID providers is because of this
+trust design issue related to OpenID.</p>
+
+<p>WebID does not require HTTP redirects. Redirects are problematic on many
+cell phones, because telecoms heavily rely on proxys, which selectively block
+redirects.</p>
+
+<p>A WebID provider is 100% compatible with an OpenID provider and thus can
+inter-operate with OpenID-powered networks.</p>
+
+</div>
+
+<div class="informative section" id="relation-to-oauth" typeof="bibo:Chapter" about="#relation-to-oauth">
+<h3><span class="secno">1.3 </span>Relation to OAuth</h3><p><em>This section is non-normative.</em></p>
+
+<p>
+OAuth and WebID are mutually beneficial when used together. WebID can be
+used to provide RSA parameters to the RSA-SHA1 signature method required by
+OAuth 1.0. WebID can also be used to establish the consumer_key and HTTPS
+connection that will be used to transmit OAuth Tokens in OAuth 2.0.
+</p>
+
+</div>
+</div>
+
+<div class="normative section" id="the-webid-protocol" typeof="bibo:Chapter" about="#the-webid-protocol">
+
+<!-- OddPage -->
+<h2><span class="secno">2. </span>The WebID Protocol</h2>
+
+<div class="normative section" id="terminology" typeof="bibo:Chapter" about="#terminology">
+<h3><span class="secno">2.1 </span>Terminology</h3>
+
+<dl>
+
+<dt><dfn title="Verification_Agent" id="dfn-verification_agent">Verification Agent</dfn></dt>
+<dd>Performs authentication on provided WebID credentials and determines if
+an <a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent">Identification Agent</a> can have access to a particular
+resource. A <a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">Verification Agent</a> is typically a Web server, but
+may also be a peer on a peer-to-peer network.</dd>
+
+<dt><dfn title="Identification_Agent" id="dfn-identification_agent">Identification Agent</dfn></dt>
+<dd>Provides identification credentials to a Verification Agent. The
+<a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent">Identification Agent</a> is typically also a User Agent.</dd>
+
+<dt><dfn title="Identification_Certificate" id="dfn-identification_certificate">Identification Certificate</dfn></dt>
+<dd>An X.509 [<a class="bibref" rel="biblioentry" href="#bib-X509V3">X509V3</a>] Certificate that <em class="rfc2119" title="must">must</em> contain a
+<code>Subject Alternative Name</code> extension with a URI entry. The URI
+<em class="rfc2119" title="should">should</em> be a URL, and <em class="rfc2119" title="should not">should not</em> be a URN. The URL
+identifies the <a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent">Identification Agent</a>. The URL <em class="rfc2119" title="must">must</em> be
+dereference-able and result in a document containing RDF data. For example,
+the certificate would contain <code>http://example.org/webid#public</code>,
+known as a <a class="tref internalDFN" title="WebID_URL" href="#dfn-webid_url">WebID URL</a>, as the <code>Subject Alternative Name</code>:
+<code><pre>
+X509v3 extensions:
+ ...
+ X509v3 Subject Alternative Name:
+ URI:http://example.org/webid#public
+</pre></code>
+
+</dd><dt><dfn title="WebID_URL" id="dfn-webid_url">WebID URL</dfn></dt>
+<dd>A URL specified via the <code>Subject Alternative Name</code> extension
+of the <a class="tref internalDFN" title="Identification_Certificate" href="#dfn-identification_certificate">Identification Certificate</a> that identifies an
+<a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent">Identification Agent</a>.</dd>
+
+<dt><dfn title="public_key" id="dfn-public_key">public key</dfn></dt>
+<dd>A widely distributed crytographic key that can be used to verify
+digital signatures and encrypt data between a sender and a receiver. A public
+key is always included in an <a class="tref internalDFN" title="Identification_Certificate" href="#dfn-identification_certificate">Identification Certificate</a></dd>
+
+<dt><dfn title="WebID_Profile" id="dfn-webid_profile">WebID Profile</dfn></dt>
+<dd>
+A structured document that contains identification credentials for the
+<a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent">Identification Agent</a> expressed using the Resource Description
+Framework [<a class="bibref" rel="biblioentry" href="#bib-RDF-CONCEPTS">RDF-CONCEPTS</a>]. Either the XHTML+RDFa 1.1 [<a class="bibref" rel="biblioentry" href="#bib-XHTML-RDFA">XHTML-RDFA</a>]
+serialization format or the RDF/XML [<a class="bibref" rel="biblioentry" href="#bib-RDF-SYNTAX-GRAMMAR">RDF-SYNTAX-GRAMMAR</a>] serialization
+format <em class="rfc2119" title="must">must</em> be supported by the mechanism, e.g. a Web Service, providing the
+WebID Profile document. Alternate RDF serialization
+formats, such as N3 [<a class="bibref" rel="biblioentry" href="#bib-N3">N3</a>] or Turtle [<a class="bibref" rel="biblioentry" href="#bib-TURTLE">TURTLE</a>], <em class="rfc2119" title="may">may</em> be supported by the
+mechanism providing the WebID Profile document.
+</dd>
+
+</dl>
+
+<p class="issue">Whether or not RDF/XML, XHTML+RDFa 1.1, both or neither
+serialization of RDF should be required serialization formats in the
+specification is currently under heavy debate.</p>
+
+</div>
+
+<div class="normative section" id="authentication-sequence" typeof="bibo:Chapter" about="#authentication-sequence">
+<h3><span class="secno">2.2 </span>Authentication Sequence</h3>
+
+<p>The following steps are executed by Verification Agents and Identification
+Agents to determine if access should be granted to a particular resource.
+</p>
+
+<ol>
+<li>The <a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent">Identification Agent</a> attempts to access a resource
+using HTTP over TLS [<a class="bibref" rel="biblioentry" href="#bib-HTTP-TLS">HTTP-TLS</a>] via the <a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">Verification Agent</a>.</li>
+
+<li>The <a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">Verification Agent</a> <em class="rfc2119" title="must">must</em> request the
+<a class="tref internalDFN" title="Identification_Certificate" href="#dfn-identification_certificate">Identification Certificate</a> of the <a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent">Identification Agent</a>
+as a part of the TLS client-cerificate retrieval protocol.</li>
+
+<li>The <a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">Verification Agent</a> <em class="rfc2119" title="must">must</em> extract the <a class="tref internalDFN" title="public_key" href="#dfn-public_key">public key</a> and the
+<a class="tref internalDFN" title="WebID_URL" href="#dfn-webid_url">WebID URL</a> contained in the <code>Subject Alternative Name</code>
+extension of the <a class="tref internalDFN" title="Identification_Certificate" href="#dfn-identification_certificate">Identification Certificate</a>.</li>
+
+<li>The <a class="tref internalDFN" title="public_key" href="#dfn-public_key">public key</a> information associated with the <a class="tref internalDFN" title="WebID_URL" href="#dfn-webid_url">WebID URL</a> <em class="rfc2119" title="must">must</em>
+be verified by the <a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">Verification Agent</a>. This <em class="rfc2119" title="must">must</em> be performed
+by validating the <a class="tref internalDFN" title="public_key" href="#dfn-public_key">public key</a> associated with the <a class="tref internalDFN" title="WebID_URL" href="#dfn-webid_url">WebID URL</a>. This
+process <em class="rfc2119" title="should">should</em> occur either by dereferencing the <a class="tref internalDFN" title="WebID_URL" href="#dfn-webid_url">WebID URL</a> and
+extracting RDF data from the resulting document, or by utilizing a cached
+version of the RDF data contained in the document or other data source that is
+up-to-date and trusted by the <a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">Verification Agent</a>. The processing
+and extraction mechanism is further detailed in the sections titled
+<a href="#processing-the-webid-profile">Processing the WebID Profile</a> and
+<a href="#extracting-webid-url-details">Extracting WebID URL Details</a>.
+</li>
+
+<li>If the <a class="tref internalDFN" title="public_key" href="#dfn-public_key">public key</a> in the <a class="tref internalDFN" title="Identification_Certificate" href="#dfn-identification_certificate">Identification Certificate</a> is found
+in the list of <a class="tref internalDFN" title="public_key" href="#dfn-public_key">public key</a>s associated with the <a class="tref internalDFN" title="WebID_URL" href="#dfn-webid_url">WebID URL</a>, the
+<a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">Verification Agent</a> <em class="rfc2119" title="must">must</em> assume that the client has write access to
+the <a class="tref internalDFN" title="WebID_Profile" href="#dfn-webid_profile">WebID Profile</a> and therefore owns the document.</li>
+
+<li>If the <a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">Verification Agent</a> has verified that the
+<a class="tref internalDFN" title="WebID_Profile" href="#dfn-webid_profile">WebID Profile</a> is owned by the <a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent">Identification Agent</a>, the
+<a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">Verification Agent</a> <em class="rfc2119" title="must">must</em> use the verified <a class="tref internalDFN" title="public_key" href="#dfn-public_key">public key</a> contained
+in the <a class="tref internalDFN" title="Identification_Certificate" href="#dfn-identification_certificate">Identification Certificate</a> for all TLS-based communication
+with the <a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent">Identification Agent</a>.
+</li></ol>
+
+<p>
+The <a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent">Identification Agent</a> <em class="rfc2119" title="may">may</em> re-establish a different identity at
+any time by executing all of the steps in the Authentication Sequence again.
+Additional algorithms, detailed in the next section, <em class="rfc2119" title="may">may</em> be performed to
+determine if the <a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">Verification Agent</a> can access a particular
+resource after the last step of the Authentication Sequence has been
+completed.
+</p>
+
+</div>
+
+<div class="normative section" id="authentication-sequence-details" typeof="bibo:Chapter" about="#authentication-sequence-details">
+<h3><span class="secno">2.3 </span>Authentication Sequence Details</h3>
+
+<p>This section covers details about each step in the authentication process.
+</p>
+
+<div class="normative section" id="initiating-a-tls-connection" typeof="bibo:Chapter" about="#initiating-a-tls-connection">
+<h4><span class="secno">2.3.1 </span>Initiating a TLS Connection</h4>
+
+<p class="issue">This section will detail how the TLS connection process is
+started and used by WebID to create a secure channel between the
+Identification Agent and the Verification Agent.</p>
+</div>
+
+<div class="normative section" id="exchanging-the-identification-certificate" typeof="bibo:Chapter" about="#exchanging-the-identification-certificate">
+<h4><span class="secno">2.3.2 </span>Exchanging the Identification Certificate</h4>
+
+<p class="issue">This section will detail how the certificate is selected and
+sent to the Verification Agent.</p>
+</div>
+
+<div class="normative section" id="processing-the-webid-profile" typeof="bibo:Chapter" about="#processing-the-webid-profile">
+<h4><span class="secno">2.3.3 </span>Processing the WebID Profile</h4>
+
+<p>A Verification Agent <em class="rfc2119" title="must">must</em> be able to process documents in RDF/XML
+[<a class="bibref" rel="biblioentry" href="#bib-RDF-SYNTAX-GRAMMAR">RDF-SYNTAX-GRAMMAR</a>] and XHTML+RDFa [<a class="bibref" rel="biblioentry" href="#bib-XHTML-RDFA">XHTML-RDFA</a>]. A server responding to
+a WebID Profile request <em class="rfc2119" title="should">should</em> support HTTP content negotiation. The server
+<em class="rfc2119" title="must">must</em> return a representation in RDF/XML for media type
+<code>application/rdf+xml</code>.
+The server <em class="rfc2119" title="must">must</em> return a representation in XHTML+RDFa for media type
+<code>text/html</code> or media type
+<code>application/xhtml+xml</code>. <a class="tref" title="Verification_Agents">Verification Agents</a> and
+<a class="tref" title="Identification_Agents">Identification Agents</a> <em class="rfc2119" title="may">may</em> support any other RDF format via
+HTTP content negotiation.
+</p>
+
+<p class="issue">This section will explain how a Verification Agent extracts
+semantic data describing the identification credentials from a WebID Profile.</p>
+</div>
+
+<div class="normative section" id="extracting-webid-url-details" typeof="bibo:Chapter" about="#extracting-webid-url-details">
+<h4><span class="secno">2.3.4 </span>Extracting WebID URL Details</h4>
+
+<p>
+The <a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">Verification Agent</a> may use a number of different methods to
+extract the <a class="tref internalDFN" title="public_key" href="#dfn-public_key">public key</a> information from the <a class="tref internalDFN" title="WebID_Profile" href="#dfn-webid_profile">WebID Profile</a>.
+</p>
+The following SPARQL query outlines one way in which the <a class="tref internalDFN" title="public_key" href="#dfn-public_key">public key</a>
+could be extracted from the <a class="tref internalDFN" title="WebID_Profile" href="#dfn-webid_profile">WebID Profile</a>:
+<code><pre>
+PREFIX cert: <http://www.w3.org/ns/auth/cert#>
+PREFIX rsa: <http://www.w3.org/ns/auth/rsa#>
+SELECT ?modulus ?exp
+WHERE {
+ ?key cert:identity <http://example.org/webid#public>;
+ a rsa:RSAPublicKey;
+ rsa:modulus [ cert:hex ?modulus; ];
+ rsa:public_exponent [ cert:decimal ?exp ] .
+}
+</pre></code>
+
+<p class="issue">This section still needs more information.</p>
+
+</div>
+
+<div class="normative section" id="determining-access-privileges" typeof="bibo:Chapter" about="#determining-access-privileges">
+<h4><span class="secno">2.3.5 </span>Determining Access Privileges</h4>
+
+<p class="issue">This section will explain how a Verification Agent may
+use the information discovered via a WebID URL to determine if one should
+be able to access a particular resource. It will explain how a Verification
+Agent can use links to other RDFa documents to build knowledge about the
+given WebID.</p>
+
+</div>
+
+</div>
+
+<div id="appendix" typeof="bibo:Chapter" about="#appendix" class="section">
+
+<div class="informative section" id="history" typeof="bibo:Chapter" about="#history">
+<h4>Change History</h4><p><em>This section is non-normative.</em></p>
+<p>2010-07-11 Initial version.</p>
+</div>
+
+<div class="informative section" id="acknowledgements" typeof="bibo:Chapter" about="#acknowledgements">
+<h4>Acknowledgments</h4><p><em>This section is non-normative.</em></p>
+
+<p>The following people have been instrumental in providing thoughts, feedback,
+reviews, criticism and input in the creation of this specification:</p>
+
+<ul>
+<li>Melvin Carvalho</li>
+<li>Bruno Harbulot</li>
+<li>Toby Inkster</li>
+<li>Ian Jacobi</li>
+<li>Jeff Sayre</li>
+<li>Henry Story</li>
+</ul>
+
+</div>
+</div>
+
+
+
+</div><div id="references" class="appendix section" typeof="bibo:Chapter" about="#references">
+<!-- OddPage -->
+<h2><span class="secno">A. </span>References</h2><div id="normative-references" typeof="bibo:Chapter" about="#normative-references" class="section"><h3><span class="secno">A.1 </span>Normative references</h3><dl class="bibliography" about=""><dt id="bib-HTTP-TLS">[HTTP-TLS]</dt><dd rel="dcterms:requires">E. Rescorla. <a href="http://www.ietf.org/rfc/rfc2818.txt"><cite>HTTP Over TLS.</cite></a> May 2000. Internet RFC 2818. URL: <a href="http://www.ietf.org/rfc/rfc2818.txt">http://www.ietf.org/rfc/rfc2818.txt</a>
+</dd><dt id="bib-N3">[N3]</dt><dd rel="dcterms:requires">Tim Berners-Lee; Dan Connolly. <a href="http://www.w3.org/TeamSubmission/2008/SUBM-n3-20080114/"><cite>Notation3 (N3): A readable RDF syntax.</cite></a> 14 January 2008. W3C Team Submission. URL: <a href="http://www.w3.org/TeamSubmission/2008/SUBM-n3-20080114/">http://www.w3.org/TeamSubmission/2008/SUBM-n3-20080114/</a>
+</dd><dt id="bib-RDF-PRIMER">[RDF-PRIMER]</dt><dd rel="dcterms:requires">Frank Manola; Eric Miller. <a href="http://www.w3.org/TR/2004/REC-rdf-primer-20040210/"><cite>RDF Primer.</cite></a> 10 February 2004. W3C Recommendation. URL: <a href="http://www.w3.org/TR/2004/REC-rdf-primer-20040210/">http://www.w3.org/TR/2004/REC-rdf-primer-20040210/</a>
+</dd><dt id="bib-RDF-SYNTAX-GRAMMAR">[RDF-SYNTAX-GRAMMAR]</dt><dd rel="dcterms:requires">Dave Beckett. <a href="http://www.w3.org/TR/2004/REC-rdf-syntax-grammar-20040210"><cite>RDF/XML Syntax Specification (Revised).</cite></a> 10 February 2004. W3C Recommendation. URL: <a href="http://www.w3.org/TR/2004/REC-rdf-syntax-grammar-20040210">http://www.w3.org/TR/2004/REC-rdf-syntax-grammar-20040210</a>
+</dd><dt id="bib-RDFA-CORE">[RDFA-CORE]</dt><dd rel="dcterms:requires">Shane McCarron; et al. <a href="http://www.w3.org/TR/2010/WD-rdfa-core-20100422"><cite>RDFa Core 1.1: Syntax and processing rules for embedding RDF through attributes.</cite></a>22 April 2010. W3C Working Draft. URL: <a href="http://www.w3.org/TR/2010/WD-rdfa-core-20100422">http://www.w3.org/TR/2010/WD-rdfa-core-20100422</a>
+</dd><dt id="bib-TURTLE">[TURTLE]</dt><dd rel="dcterms:requires">David Beckett, Tim Berners-Lee. <a href="http://www.w3.org/TeamSubmission/turtle/">Turtle: Terse RDF Triple Language</a> January 2008. W3C Team Submission. URL: <a href="http://www.w3.org/TeamSubmission/turtle/">http://www.w3.org/TeamSubmission/turtle/</a>
+</dd><dt id="bib-X509V3">[X509V3]</dt><dd rel="dcterms:requires"><cite>ITU-T Recommendation X.509 version 3 (1997). "Information Technology - Open Systems Interconnection - The Directory Authentication Framework" ISO/IEC 9594-8:1997</cite>.
+</dd><dt id="bib-XHTML-RDFA">[XHTML-RDFA]</dt><dd rel="dcterms:requires">Shane McCarron; et. al. <a href="http://www.w3.org/TR/2010/WD-xhtml-rdfa-20100422"><cite>XHTML+RDFa 1.1.</cite></a> 22 April 2010. W3C Working Draft. URL: <a href="http://www.w3.org/TR/2010/WD-xhtml-rdfa-20100422">http://www.w3.org/TR/WD-xhtml-rdfa-20100422</a>
+</dd></dl></div><div id="informative-references" typeof="bibo:Chapter" about="#informative-references" class="section"><h3><span class="secno">A.2 </span>Informative references</h3><dl class="bibliography" about=""><dt id="bib-RDF-CONCEPTS">[RDF-CONCEPTS]</dt><dd rel="dcterms:references">Graham Klyne; Jeremy J. Carroll. <a href="http://www.w3.org/TR/2004/REC-rdf-concepts-20040210"><cite>Resource Description Framework (RDF): Concepts and Abstract Syntax.</cite></a> 10 February 2004. W3C Recommendation. URL: <a href="http://www.w3.org/TR/2004/REC-rdf-concepts-20040210">http://www.w3.org/TR/2004/REC-rdf-concepts-20040210</a>
+</dd></dl></div></div></body></html>
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/spec/drafts/ED-webid-20100725/diff-20100718.html Wed Feb 02 17:27:40 2011 -0500
@@ -0,0 +1,4531 @@
+<?xml version='1.0' encoding='UTF-8'?>
+<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML+RDFa 1.0//EN' 'http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd'>
+<html dir="ltr" about="" property="dcterms:language" content="en" xmlns="http://www.w3.org/1999/xhtml" xmlns:dcterms='http://purl.org/dc/terms/' xmlns:bibo='http://purl.org/ontology/bibo/' xmlns:foaf='http://xmlns.com/foaf/0.1/' xmlns:xsd='http://www.w3.org/2001/XMLSchema#'>
+<head>
+ <title>WebID 1.0</title>
+ <meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
+
+<!--
+ === NOTA BENE ===
+ For the three scripts below, if your spec resides on dev.w3 you can check them
+ out in the same tree and use relative links so that they'll work offline,
+ -->
+
+<style type="text/css">
+code { font-family: monospace; }
+
+span.hilite { color: red; /* font-weight: bold */ }
+
+li p { margin-top: 0.3em;
+ margin-bottom: 0.3em; }
+
+div.explanation { background-color: #ADD8E6;
+ width: 80%;
+ margin: 12px; padding: 8px; }
+div.explanation li { margin-top: 8px; }
+div.explanation dd { margin: 4px; }
+
+.adef {
+ font-family: monospace;
+ font-weight: bold;
+ color: #ff4500 !important;
+}
+
+.aref {
+ font-family: monospace;
+ font-weight: bold;
+ color: #ff4500 !important;
+}
+
+span.entity { color: red; }
+
+span.element { color: green; }
+</style>
+
+
+
+<!-- <script src='/ReSpec.js/js/respec.js' class='remove'></script> -->
+
+
+ <link href="http://dev.w3.org/2009/dap/ReSpec.js/css/respec.css" rel="stylesheet" type="text/css" charset="utf-8" /><link href="http://www.w3.org/StyleSheets/TR/w3c-unofficial" rel="stylesheet" type="text/css" charset="utf-8" /><style type='text/css'>
+.diff-old-a {
+ font-size: smaller;
+ color: red;
+}
+
+.diff-new { background-color: yellow; }
+.diff-chg { background-color: lime; }
+.diff-new:before,
+.diff-new:after
+ { content: "\2191" }
+.diff-chg:before, .diff-chg:after
+ { content: "\2195" }
+.diff-old { text-decoration: line-through; background-color: #FBB; }
+.diff-old:before,
+.diff-old:after
+ { content: "\2193" }
+:focus { border: thin red solid}
+</style>
+</head>
+<body style="display: inherit; ">
+<div class="head">
+<p>
+</p>
+<h1 rel="dcterms:title" class="title" id="title">
+WebID
+1.0
+</h1>
+<h2 rel="bibo:subtitle" id="subtitle">
+Web
+Identification
+and
+Discovery
+</h2>
+<h2 property="dcterms:issued" datatype="xsd:dateTime" content="2010-07-25T22:59:59+0000" id="unofficial-draft-25-july-2010">
+Unofficial
+Draft
+<del class="diff-old">18
+</del>
+<ins class="diff-chg">25
+</ins>
+July
+2010
+</h2>
+<dl>
+<dt>
+Editor:
+</dt>
+<dd rel="bibo:editor">
+<span typeof="foaf:Person">
+<span property="foaf:name">
+Manu
+Sporny
+</span>,
+<a rel="foaf:workplaceHomepage" href="http://blog.digitalbazaar.com/">
+Digital
+Bazaar,
+Inc.
+</a>
+<a rel="foaf:mbox" href="mailto:msporny@digitalbazaar.com">
+msporny@digitalbazaar.com
+</a>
+</span>
+</dd>
+<dt>
+Authors:
+</dt>
+<dd>
+<span>
+<a content="Toby Inkster" href="http://tobyinkster.co.uk/">
+Toby
+Inkster
+</a>
+</span>
+</dd>
+<dd>
+<span>
+<a content="Henry Story" href="http://bblfish.net/">
+Henry
+Story
+</a>
+</span>
+</dd>
+<dd>
+<span>
+<a content="Bruno Harbulot" href="http://blog.distributedmatter.net/">
+Bruno
+Harbulot
+</a>
+</span>
+</dd>
+<dd>
+<span>
+<a content="Reto Bachmann-Gmür" href="http://www.facebook.com/farewellutopia">
+Reto
+Bachmann-Gmür
+</a>
+</span>
+</dd>
+</dl>
+<p>
+This
+document
+is
+also
+available
+in
+this
+non-normative
+format:
+<a href="diff-20100711.html">
+Diff
+from
+previous
+Editors
+Draft
+</a>.
+</p>
+<p class="copyright">
+This
+document
+is
+licensed
+under
+a
+<a class="subfoot" href="http://creativecommons.org/licenses/by/3.0/" rel="license">
+Creative
+Commons
+Attribution
+3.0
+License
+</a>.
+</p>
+<hr>
+</hr>
+</div>
+<div id="abstract" class="introductory section" property="dcterms:abstract" datatype="" typeof="bibo:Chapter" about="#abstract">
+<h2>
+Abstract
+</h2>
+<p>
+Social
+networking,
+identity
+and
+privacy
+have
+been
+at
+the
+center
+of
+how
+we
+interact
+with
+the
+Web
+in
+the
+last
+decade.
+The
+explosion
+of
+social
+networking
+sites
+has
+brought
+the
+world
+closer
+together
+as
+well
+as
+created
+new
+points
+of
+pain
+regarding
+ease
+of
+use
+and
+the
+Web.
+Remembering
+login
+details,
+passwords,
+and
+sharing
+private
+information
+across
+the
+many
+websites
+and
+social
+groups
+that
+we
+are
+a
+part
+of
+has
+become
+more
+difficult
+and
+complicated
+than
+necessary.
+The
+Social
+Web
+is
+designed
+to
+ensure
+that
+control
+of
+identity
+and
+privacy
+settings
+is
+always
+simple
+and
+under
+one's
+control.
+WebID
+is
+a
+key
+enabler
+of
+the
+Social
+Web.
+This
+specification
+outlines
+a
+simple
+universal
+identification
+mechanism
+that
+is
+distributed,
+openly
+extensible,
+improves
+privacy,
+security
+and
+control
+over
+how
+one
+can
+identify
+themselves
+and
+control
+access
+to
+their
+information
+on
+the
+Web.
+</p>
+<div typeof="bibo:Chapter" about="#how-to-read-this-document" class="section">
+<h3 id="how-to-read-this-document">
+How
+to
+Read
+this
+Document
+</h3>
+<p>
+There
+are
+a
+number
+of
+concepts
+that
+are
+covered
+in
+this
+document
+that
+the
+reader
+may
+want
+to
+be
+aware
+of
+before
+continuing.
+General
+knowledge
+of
+<a href="http://en.wikipedia.org/wiki/Public_key_cryptography">
+public
+key
+cryptography
+</a>
+and
+RDF
+[
+<a class="bibref" rel="biblioentry" href="#bib-RDF-PRIMER">
+RDF-PRIMER
+</a>
+]
+and
+RDFa
+[
+<a class="bibref" rel="biblioentry" href="#bib-RDFA-CORE">
+RDFA-CORE
+</a>
+]
+is
+necessary
+to
+understand
+how
+to
+implement
+this
+specification.
+WebID
+uses
+a
+number
+of
+specific
+technologies
+like
+HTTP
+over
+TLS
+[
+<a class="bibref" rel="biblioentry" href="#bib-HTTP-TLS">
+HTTP-TLS
+</a>
+],
+X.509
+certificates
+[
+<a class="bibref" rel="biblioentry" href="#bib-X509V3">
+X509V3
+</a>
+],
+RDF/XML
+[
+<a class="bibref" rel="biblioentry" href="#bib-RDF-SYNTAX-GRAMMAR">
+RDF-SYNTAX-GRAMMAR
+</a>
+]
+and
+XHTML+RDFa
+[
+<a class="bibref" rel="biblioentry" href="#bib-XHTML-RDFA">
+XHTML-RDFA
+</a>
+].
+</p>
+<p>
+A
+general
+<a href="#introduction">
+Introduction
+</a>
+is
+provided
+for
+all
+that
+would
+like
+to
+understand
+why
+this
+specification
+is
+necessary
+to
+simplify
+usage
+of
+the
+Web.
+</p>
+<p>
+The
+terms
+used
+throughout
+this
+specification
+are
+listed
+in
+the
+section
+titled
+<a href="#terminology">
+Terminology
+</a>.
+</p>
+<p>
+Developers
+that
+are
+interested
+in
+implementing
+this
+specification
+will
+be
+most
+interested
+in
+the
+sections
+titled
+<a href="#authentication-sequence">
+Authentication
+Sequence
+</a>
+and
+<a href="#authentication-sequence-details">
+Authentication
+Sequence
+Details
+</a>.
+</p>
+</div>
+</div>
+<div id="sotd" class="introductory section" typeof="bibo:Chapter" about="#sotd">
+<h2>
+Status
+of
+This
+Document
+</h2>
+<p>
+This
+document
+is
+merely
+a
+public
+working
+draft
+of
+a
+potential
+specification.
+It
+has
+no
+official
+standing
+of
+any
+kind
+and
+does
+not
+represent
+the
+support
+or
+consensus
+of
+any
+standards
+organisation.
+</p>
+The
+source
+code
+for
+this
+document
+is
+available
+via
+Github
+at
+the
+following
+URL:
+<a href="http://github.com/msporny/webid-spec">
+http://github.com/msporny/webid-spec
+</a>
+</div>
+<div id="toc" typeof="bibo:Chapter" about="#toc" class="section">
+<h2 class="introductory">
+Table
+of
+Contents
+</h2>
+<ul class="toc">
+<li class="tocline">
+<a href="#introduction" class="tocxref">
+<span class="secno">
+1.
+</span>
+Introduction
+</a>
+<ul class="toc">
+<li class="tocline">
+<a href="#motivation" class="tocxref">
+<span class="secno">
+1.1
+</span>
+Motivation
+</a>
+</li>
+<li class="tocline">
+<a href="#relation-to-openid" class="tocxref">
+<span class="secno">
+1.2
+</span>
+Relation
+to
+OpenID
+</a>
+</li>
+<li class="tocline">
+<a href="#relation-to-oauth" class="tocxref">
+<span class="secno">
+1.3
+</span>
+Relation
+to
+OAuth
+</a>
+</li>
+</ul>
+</li>
+<li class="tocline">
+<a href="#the-webid-protocol" class="tocxref">
+<span class="secno">
+2.
+</span>
+The
+WebID
+Protocol
+</a>
+<ul class="toc">
+<li class="tocline">
+<a href="#terminology" class="tocxref">
+<span class="secno">
+2.1
+</span>
+Terminology
+</a>
+</li>
+<li class="tocline">
+<a href="#authentication-sequence" class="tocxref">
+<span class="secno">
+2.2
+</span>
+Authentication
+Sequence
+</a>
+</li>
+<li class="tocline">
+<a href="#authentication-sequence-details" class="tocxref">
+<span class="secno">
+2.3
+</span>
+Authentication
+Sequence
+Details
+</a>
+<ul class="toc">
+<li class="tocline">
+<a href="#initiating-a-tls-connection" class="tocxref">
+<span class="secno">
+2.3.1
+</span>
+Initiating
+a
+TLS
+Connection
+</a>
+</li>
+<li class="tocline">
+<a href="#exchanging-the-identification-certificate" class="tocxref">
+<span class="secno">
+2.3.2
+</span>
+Exchanging
+the
+Identification
+Certificate
+</a>
+</li>
+<li class="tocline">
+<a href="#processing-the-webid-profile" class="tocxref">
+<span class="secno">
+2.3.3
+</span>
+Processing
+the
+WebID
+Profile
+</a>
+</li>
+<li class="tocline">
+<a href="#extracting-webid-url-details" class="tocxref">
+<span class="secno">
+2.3.4
+</span>
+Extracting
+WebID
+URL
+Details
+</a>
+</li>
+<li class="tocline">
+<a href="#authorization" class="tocxref">
+<span class="secno">
+2.3.5
+</span>
+<del class="diff-old">Determining
+Access
+Privileges
+</del>
+<ins class="diff-chg">Authorization
+</ins></a></li><li class="tocline"><a href="#secure-communication" class="tocxref"><span class="secno"><ins class="diff-chg">
+2.3.6
+</ins></span><ins class="diff-chg">
+Secure
+Communication
+</ins></a></li></ul></li><li class="tocline"><a href="#the-webid-profile" class="tocxref"><span class="secno"><ins class="diff-chg">
+2.4
+</ins></span><ins class="diff-chg">
+The
+WebID
+Profile
+</ins></a><ul class="toc"><li class="tocline"><a href="#personal-information" class="tocxref"><span class="secno"><ins class="diff-chg">
+2.4.1
+</ins></span><ins class="diff-chg">
+Personal
+Information
+</ins></a></li><li class="tocline"><a href="#cryptographic-details" class="tocxref"><span class="secno"><ins class="diff-chg">
+2.4.2
+</ins></span><ins class="diff-chg">
+Cryptographic
+Details
+</ins>
+</a>
+</li>
+</ul>
+</li>
+</ul>
+</li>
+<li class="tocline">
+<a href="#references" class="tocxref">
+<span class="secno">
+A.
+</span>
+References
+</a>
+<ul class="toc">
+<li class="tocline">
+<a href="#normative-references" class="tocxref">
+<span class="secno">
+A.1
+</span>
+Normative
+references
+</a>
+</li>
+<li class="tocline">
+<a href="#informative-references" class="tocxref">
+<span class="secno">
+A.2
+</span>
+Informative
+references
+</a>
+</li>
+</ul>
+</li>
+</ul>
+</div>
+<div class="informative section" id="introduction" typeof="bibo:Chapter" about="#introduction">
+<h2>
+<span class="secno">
+1.
+</span>
+Introduction
+</h2>
+<p>
+<em>
+This
+section
+is
+non-normative.
+</em>
+</p>
+<p>
+The
+WebID
+specification
+is
+designed
+to
+help
+alleviate
+the
+difficultly
+that
+remembering
+different
+logins,
+passwords
+and
+settings
+for
+websites
+has
+created.
+It
+is
+also
+designed
+to
+provide
+a
+universal
+and
+extensible
+mechanism
+to
+express
+public
+and
+private
+information
+about
+yourself.
+This
+section
+outlines
+the
+motivation
+behind
+the
+specification
+and
+the
+relationship
+to
+other
+similar
+specifications
+that
+are
+in
+active
+use
+today.
+</p>
+<div class="informative section" id="motivation" typeof="bibo:Chapter" about="#motivation">
+<h3>
+<span class="secno">
+1.1
+</span>
+Motivation
+</h3>
+<p>
+<em>
+This
+section
+is
+non-normative.
+</em>
+</p>
+<p>
+It
+is
+a
+fundamental
+design
+criteria
+of
+the
+Web
+to
+enable
+individuals
+and
+organizations
+to
+control
+how
+they
+interact
+with
+the
+rest
+of
+society.
+This
+includes
+how
+one
+expresses
+their
+identity,
+public
+information
+and
+personal
+details
+to
+social
+networks,
+Web
+sites
+and
+services.
+</p>
+<p>
+Semantic
+Web
+vocabularies
+such
+as
+Friend-of-a-Friend
+(FOAF)
+permit
+distributed
+hyperlinked
+social
+networks
+to
+exist.
+This
+vocabulary,
+along
+with
+other
+vocabularies,
+allow
+one
+to
+add
+information
+and
+services
+protection
+to
+distributed
+social
+networks.
+</p>
+<p>
+One
+major
+criticism
+of
+open
+networks
+is
+that
+they
+seem
+to
+have
+no
+way
+of
+protecting
+the
+personal
+information
+distributed
+on
+the
+web
+or
+limiting
+access
+to
+resources.
+Few
+people
+are
+willing
+to
+make
+all
+their
+personal
+information
+public,
+many
+would
+like
+large
+pieces
+to
+be
+protected,
+making
+it
+available
+only
+to
+a
+select
+group
+of
+agents.
+Giving
+access
+to
+information
+is
+very
+similar
+to
+giving
+access
+to
+services.
+There
+are
+many
+occasions
+when
+people
+would
+like
+services
+to
+only
+be
+accessible
+to
+members
+of
+a
+group,
+such
+as
+allowing
+only
+friends,
+family
+members,
+colleagues
+to
+post
+an
+article,
+photo
+or
+comment
+on
+a
+blog.
+How
+does
+one
+do
+this
+in
+a
+flexible
+way,
+without
+requiring
+a
+central
+point
+of
+access
+control?
+</p>
+<p>
+Using
+an
+process
+made
+popular
+by
+OpenID,
+we
+show
+how
+one
+can
+tie
+a
+User
+Agent
+to
+a
+URL
+by
+proving
+that
+one
+has
+write
+access
+to
+the
+URL.
+WebID
+is
+a
+simpler
+alternative
+to
+OpenID
+(fewer
+connections),
+that
+uses
+X.509
+certificates
+to
+tie
+a
+User
+Agent
+(Browser)
+to
+a
+Person
+identified
+via
+a
+URL.
+WebID
+also
+provides
+a
+few
+additional
+features
+to
+OpenID.
+These
+features
+include
+trust
+management,
+via
+digital
+signatures,
+and
+free-form
+extensibility
+via
+RDFa.
+By
+using
+the
+existing
+SSL
+certificate
+exchange
+mechanism,
+WebID
+integrates
+more
+smoothly
+with
+existing
+Web
+browsers,
+including
+browsers
+on
+mobile
+devices.
+WebID
+also
+permits
+automated
+session
+login
+in
+addition
+to
+interactive
+session
+login.
+Additionally,
+all
+data
+is
+encrypted
+and
+guaranteed
+to
+only
+be
+received
+by
+the
+person
+or
+organization
+that
+was
+intended
+to
+receive
+it.
+</p>
+</div>
+<div class="informative section" id="relation-to-openid" typeof="bibo:Chapter" about="#relation-to-openid">
+<h3>
+<span class="secno">
+1.2
+</span>
+Relation
+to
+OpenID
+</h3>
+<p>
+<em>
+This
+section
+is
+non-normative.
+</em>
+</p>
+<p class="issue">
+This
+section
+needs
+to
+be
+re-written.
+The
+flow
+and
+grammar
+leaves
+much
+to
+be
+desired.
+--
+manu
+</p>
+<p>
+WebID
+is
+compatible
+with
+OpenID.
+Both
+protocols
+use
+a
+URL
+that
+dereferences
+to
+a
+Personal
+Profile
+Document.
+This
+Personal
+Profile
+Document
+is
+where
+further
+information
+about
+an
+identity
+can
+be
+discovered.
+This
+mechanism
+is
+compatible
+with
+both
+WebID
+and
+OpenID.
+Therefore,
+WebID
+does
+not
+intend
+to
+replace
+OpenID,
+but
+can
+work
+beside
+OpenID
+by
+sharing
+the
+content
+in
+the
+Personal
+Profile
+Document.
+</p>
+<p>
+That
+said,
+there
+are
+a
+number
+of
+benefits
+that
+WebID
+achieves
+over
+OpenID:
+</p>
+<p>
+WebID
+gives
+people
+and
+other
+agents
+a
+WebID
+URL
+for
+identification.
+OpenID
+also
+provides
+a
+URL
+to
+a
+Personal
+Profile
+Document.
+However,
+in
+the
+case
+of
+WebID,
+one
+does
+not
+need
+to
+remember
+the
+URL
+since
+the
+User
+Agent
+remembers
+the
+URL
+on
+behalf
+of
+the
+person
+browsing.
+To
+log
+in
+on
+a
+WebID
+web
+site
+there
+is
+no
+need
+to
+enter
+any
+identifier
+like
+one
+has
+to
+do
+for
+OpenID.
+Just
+one
+click
+tells
+the
+browser
+to
+send
+the
+WebID
+URL.
+The
+person
+that
+is
+browsing
+does
+not
+need
+to
+remember
+either
+their
+WebID
+URL
+or
+the
+website
+password.
+The
+only
+password
+one
+may
+need
+to
+remember
+is
+the
+one
+that
+is
+used
+to
+access
+their
+collection
+of
+WebIDs
+in
+their
+browser,
+and
+that's
+only
+if
+they
+opt-in
+to
+password
+protect
+their
+WebIDs.
+</p>
+<p>
+<ins class="diff-new">While
+</ins>
+WebID
+<del class="diff-old">gives
+people
+and
+other
+agents
+</del>
+<ins class="diff-chg">works
+well
+in
+</ins>
+a
+<del class="diff-old">Web
+ID
+URL
+for
+identification.
+OpenID
+</del>
+<ins class="diff-chg">browser
+environment,
+it
+is
+</ins>
+also
+<del class="diff-old">provides
+a
+URL
+to
+a
+Personal
+Profile
+Document.
+However,
+in
+the
+case
+</del>
+<ins class="diff-chg">very
+useful
+outside
+</ins>
+of
+<del class="diff-old">WebID,
+the
+user
+does
+not
+need
+to
+remember
+the
+URL,
+</del>
+the
+browser
+<del class="diff-old">or
+User
+Agent
+does.
+A
+login
+button
+on
+a
+</del>
+<ins class="diff-chg">environment.
+</ins>
+WebID
+<del class="diff-old">web
+site
+is
+just
+a
+button.
+No
+need
+to
+enter
+any
+identifier
+like
+one
+has
+to
+for
+OpenID.
+Just
+click
+</del>
+<ins class="diff-chg">can
+also
+operate
+without
+requiring
+</ins>
+the
+<del class="diff-old">button.
+Your
+browser
+will
+then
+ask
+you
+what
+identity
+you
+wish
+</del>
+<ins class="diff-chg">use
+of
+any
+passwords.
+This
+is
+useful
+</ins>
+to
+<del class="diff-old">use.
+The
+person
+</del>
+<ins class="diff-chg">developers
+</ins>
+that
+<del class="diff-old">is
+browsing
+does
+not
+need
+</del>
+<ins class="diff-chg">may
+want
+</ins>
+to
+<del class="diff-old">remember
+either
+the
+</del>
+<ins class="diff-chg">use
+</ins>
+WebID
+<del class="diff-old">URL
+or
+the
+website
+password.
+The
+only
+password
+one
+needs
+</del>
+to
+<del class="diff-old">remember
+is
+the
+one
+</del>
+<ins class="diff-chg">perform
+server-to-server
+or
+peer-to-peer
+verification
+of
+identity.
+WebID
+works
+for
+automated
+agents
+such
+as
+Search
+Agents,
+API
+Agents,
+and
+other
+automated
+mechanisms
+</ins>
+that
+<del class="diff-old">is
+used
+to
+access
+their
+collection
+</del>
+<ins class="diff-chg">are
+often
+found
+outside
+</ins>
+of
+<del class="diff-old">WebIDs
+in
+their
+browser.
+</del>
+<ins class="diff-chg">the
+browser
+environment.
+</ins>
+</p>
+<p>
+The
+WebID
+protocol
+requires
+just
+one
+direct
+network
+connection
+to
+establish
+identity
+via
+the
+client.
+The
+server
+requires
+one
+connection
+to
+the
+client
+and
+one
+connection
+to
+retrieve
+the
+WebID
+Profile
+if
+it
+does
+not
+have
+the
+credential
+information
+cached.
+Compare
+this
+to
+the
+much
+more
+complex
+OpenID
+sequence,
+which
+requires
+six
+connections
+by
+the
+client
+to
+establish
+a
+login.
+In
+a
+world
+of
+distributed
+data
+where
+each
+site
+can
+point
+to
+data
+on
+any
+other
+site,
+multiple
+connections
+become
+costly
+to
+manage.
+</p>
+<p>
+WebID
+builds
+on
+a
+number
+of
+well
+established
+Internet
+and
+Web
+standards;
+<a href="http://en.wikipedia.org/wiki/REST">
+REST
+</a>,
+RDF
+[
+<a class="bibref" rel="biblioentry" href="#bib-RDF-PRIMER">
+RDF-PRIMER
+</a>
+],
+RDFa
+[
+<a class="bibref" rel="biblioentry" href="#bib-RDFA-CORE">
+RDFA-CORE
+</a>
+],
+RDF/XML
+[
+<a class="bibref" rel="biblioentry" href="#bib-RDF-SYNTAX-GRAMMAR">
+RDF-SYNTAX-GRAMMAR
+</a>
+],
+TLS
+[
+<a class="bibref" rel="biblioentry" href="#bib-HTTP-TLS">
+HTTP-TLS
+</a>
+],
+and
+X.509
+[
+<a class="bibref" rel="biblioentry" href="#bib-X509V3">
+X509V3
+</a>
+].
+By
+building
+on
+previous
+standards,
+it
+makes
+both
+explaining
+and
+implementing
+WebID
+easier
+on
+developers.
+</p>
+<p>
+Since
+WebID
+is
+RESTful,
+you
+can
+perform
+basic
+HTTP
+operations
+to
+<code>
+GET
+</code>
+your
+WebID,
+and
+if
+you
+needed
+update
+it,
+you
+can
+use
+HTTP
+<code>
+PUT
+</code>
+semantics.
+You
+can
+also
+create
+a
+WebID
+via
+<code>
+POST
+</code>.
+This
+is
+improved
+from
+the
+OpenID
+specification,
+which
+requires
+a
+new
+set
+of
+operations
+described
+in
+the
+OpenID
+Attribute
+Exchange
+specification.
+</p>
+<p>
+WebID
+is
+built
+on
+RDF
+and
+thus
+enables
+all
+of
+the
+advanced
+semantic
+web
+concepts
+that
+RDF
+enables.
+For
+example,
+a
+developer
+may
+perform
+machine
+reasoning
+with
+a
+WebID.
+One
+can
+construct
+machine-executable
+statements
+like
+"If
+this
+WebID
+claims
+to
+be
+a
+friend
+of
+one
+of
+our
+partner
+WebIDs
+that
+is
+trusted
+and
+the
+relationship
+is
+bi-directional,
+trust
+the
+WebID."
+While
+OpenID
+attempts
+to
+support
+this
+use
+case
+by
+mapping
+OpenID
+to
+RDF,
+it's
+far
+easier
+to
+do
+with
+WebID
+because
+WebID
+is
+natively
+RDF-aware.
+</p>
+<p>
+It
+is
+easy
+to
+extend
+a
+WebID
+with
+new
+attributes
+via
+RDF.
+The
+power
+of
+RDF
+allows
+developers
+to
+add
+extensions
+to
+WebID
+by
+defining
+new
+vocabularies
+that
+they
+publish.
+There
+is
+no
+authorization
+process
+necessary
+and
+thus
+WebID
+allows
+for
+distributed
+innovation.
+Every
+WebID
+property
+is
+a
+URI,
+which
+when
+clicked,
+can
+give
+you
+yet
+more
+information
+about
+what
+the
+property
+means.
+A
+developer
+can
+create
+new
+usage
+classes
+by
+extending
+their
+vocabulary
+at
+will.
+A
+developer
+can
+add
+relationships
+to
+a
+WebID
+by
+simply
+adding
+more
+HTML
+to
+the
+developer's
+page.
+OpenID
+does
+not
+provide
+any
+type
+of
+distributed
+innovation
+akin
+to
+RDF.
+</p>
+<p>
+Implementing
+WebID
+is
+easier
+than
+OpenID
+because
+all
+of
+the
+basic
+technologies
+have
+been
+working
+and
+integrated
+into
+Web
+browsers
+for
+many
+years.
+There
+were
+already
+three
+interoperable
+implementations
+of
+WebID
+before
+this
+specification
+was
+written.
+</p>
+<p>
+WebID
+is
+truly
+decentralized
+-
+with
+WebID
+you
+get
+a
+web
+of
+trust.
+OpenID
+only
+supports
+the
+Web
+of
+Trust
+model
+if
+you
+indirectly
+trust
+the
+OpenID
+provider.
+In
+other
+words
+-
+OpenID
+is
+not
+truly
+decentralized.
+In
+OpenID
+you
+must
+trust
+OpenID
+providers.
+With
+WebID
+you
+only
+have
+to
+trust
+the
+people
+and
+the
+organizations
+with
+which
+you
+are
+communicating.
+In
+other
+words,
+you
+don't
+have
+to
+ask
+anyone
+whether
+or
+not
+you
+can
+trust
+your
+friends.
+You
+can
+query
+people
+that
+you
+trust
+directly
+to
+see
+if
+someone
+is
+trustworthy
+or
+not.
+There
+is
+no
+need
+for
+a
+central
+WebID
+authority.
+</p>
+<p>
+WebID
+is
+fully
+distributed,
+anyone
+can
+setup
+a
+WebID
+by
+placing
+a
+single
+file
+on
+a
+web
+server
+of
+their
+choosing.
+There
+is
+no
+need
+for
+a
+special
+OpenID-like
+provider
+service.
+The
+only
+thing
+anyone
+that
+wants
+a
+WebID
+needs
+is
+a
+web
+account
+where
+you
+can
+post
+your
+WebID
+file,
+ideally
+on
+your
+own
+domain
+name.
+You
+can
+also
+use
+a
+WebID
+hosting
+provider,
+but
+it's
+not
+necessary
+for
+WebID
+to
+work.
+While
+it
+is
+possible
+to
+run
+an
+OpenID
+server,
+other
+OpenID
+applications
+may
+not
+trust
+you
+and
+thus
+you
+won't
+be
+able
+to
+fully
+utilize
+your
+private
+OpenID
+credentials.
+The
+reason
+that
+there
+are
+a
+few
+large
+OpenID
+providers
+and
+very
+few
+small
+OpenID
+providers
+is
+because
+of
+this
+trust
+design
+issue
+related
+to
+OpenID.
+</p>
+<p>
+WebID
+does
+not
+require
+HTTP
+redirects.
+Redirects
+are
+problematic
+on
+many
+cell
+phones,
+because
+telecoms
+heavily
+rely
+on
+proxys,
+which
+selectively
+block
+redirects.
+</p>
+<p>
+A
+WebID
+provider
+is
+100%
+compatible
+with
+an
+OpenID
+provider
+and
+thus
+can
+inter-operate
+with
+OpenID-powered
+networks.
+</p>
+</div>
+<div class="informative section" id="relation-to-oauth" typeof="bibo:Chapter" about="#relation-to-oauth">
+<h3>
+<span class="secno">
+1.3
+</span>
+Relation
+to
+OAuth
+</h3>
+<p>
+<em>
+This
+section
+is
+non-normative.
+</em>
+</p>
+<p>
+OAuth
+and
+WebID
+are
+mutually
+beneficial
+when
+used
+together.
+WebID
+can
+be
+used
+to
+provide
+RSA
+parameters
+to
+the
+RSA-SHA1
+signature
+method
+required
+by
+OAuth
+1.0.
+WebID
+can
+also
+be
+used
+to
+establish
+the
+consumer_key
+and
+HTTPS
+connection
+that
+will
+be
+used
+to
+transmit
+OAuth
+Tokens
+in
+OAuth
+2.0.
+</p>
+</div>
+</div>
+<div class="normative section" id="the-webid-protocol" typeof="bibo:Chapter" about="#the-webid-protocol">
+<h2>
+<span class="secno">
+2.
+</span>
+The
+WebID
+Protocol
+</h2>
+<div class="normative section" id="terminology" typeof="bibo:Chapter" about="#terminology">
+<h3>
+<span class="secno">
+2.1
+</span>
+Terminology
+</h3>
+<dl>
+<dt>
+<dfn title="Verification_Agent" id="dfn-verification_agent">
+Verification
+Agent
+</dfn>
+</dt>
+<dd>
+Performs
+authentication
+on
+provided
+WebID
+credentials
+and
+determines
+if
+an
+<a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent">
+Identification
+Agent
+</a>
+can
+have
+access
+to
+a
+particular
+resource.
+A
+<a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">
+Verification
+Agent
+</a>
+is
+typically
+a
+Web
+server,
+but
+may
+also
+be
+a
+peer
+on
+a
+peer-to-peer
+network.
+</dd>
+<dt>
+<dfn title="Identification_Agent" id="dfn-identification_agent">
+Identification
+Agent
+</dfn>
+</dt>
+<dd>
+Provides
+identification
+credentials
+to
+a
+Verification
+Agent.
+The
+<a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent">
+Identification
+Agent
+</a>
+is
+typically
+also
+a
+User
+Agent.
+</dd>
+<dt>
+<dfn title="Identification_Certificate" id="dfn-identification_certificate">
+Identification
+Certificate
+</dfn>
+</dt>
+<dd>
+An
+X.509
+[
+<a class="bibref" rel="biblioentry" href="#bib-X509V3">
+X509V3
+</a>
+]
+Certificate
+that
+<em class="rfc2119" title="must">
+must
+</em>
+contain
+a
+<code>
+Subject
+Alternative
+Name
+</code>
+extension
+with
+a
+URI
+entry.
+The
+URI
+<em class="rfc2119" title="should">
+should
+</em>
+be
+a
+URL,
+and
+<em class="rfc2119" title="should not">
+should
+not
+</em>
+be
+a
+URN.
+The
+URL
+identifies
+the
+<a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent">
+Identification
+Agent
+</a>.
+The
+URL
+<em class="rfc2119" title="must">
+must
+</em>
+be
+dereference-able
+and
+result
+in
+a
+document
+containing
+RDF
+data.
+For
+example,
+the
+certificate
+would
+contain
+<code>
+http://example.org/webid#public
+</code>,
+known
+as
+a
+<a class="tref internalDFN" title="WebID_URL" href="#dfn-webid_url">
+WebID
+URL
+</a>,
+as
+the
+<code>
+Subject
+Alternative
+Name
+</code>:
+<code><pre>
+X509v3 extensions:
+ ...
+ X509v3 Subject Alternative Name:
+ URI:http://example.org/webid#public
+</pre>
+</code>
+</dd>
+<dt>
+<dfn title="WebID_URL" id="dfn-webid_url">
+WebID
+URL
+</dfn>
+</dt>
+<dd>
+A
+URL
+specified
+via
+the
+<code>
+Subject
+Alternative
+Name
+</code>
+extension
+of
+the
+<a class="tref internalDFN" title="Identification_Certificate" href="#dfn-identification_certificate">
+Identification
+Certificate
+</a>
+that
+identifies
+an
+<a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent">
+Identification
+Agent
+</a>.
+</dd>
+<dt>
+<dfn title="public_key" id="dfn-public_key">
+public
+key
+</dfn>
+</dt>
+<dd>
+A
+widely
+distributed
+crytographic
+key
+that
+can
+be
+used
+to
+verify
+digital
+signatures
+and
+encrypt
+data
+between
+a
+sender
+and
+a
+receiver.
+A
+public
+key
+is
+always
+included
+in
+an
+<a class="tref internalDFN" title="Identification_Certificate" href="#dfn-identification_certificate">
+Identification
+Certificate
+</a>
+</dd>
+<dt>
+<dfn title="WebID_Profile" id="dfn-webid_profile">
+WebID
+Profile
+</dfn>
+</dt>
+<dd>
+A
+structured
+document
+that
+contains
+identification
+credentials
+for
+the
+<a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent">
+Identification
+Agent
+</a>
+expressed
+using
+the
+Resource
+Description
+Framework
+[
+<a class="bibref" rel="biblioentry" href="#bib-RDF-CONCEPTS">
+RDF-CONCEPTS
+</a>
+].
+Either
+the
+XHTML+RDFa
+1.1
+[
+<a class="bibref" rel="biblioentry" href="#bib-XHTML-RDFA">
+XHTML-RDFA
+</a>
+]
+serialization
+format
+or
+the
+RDF/XML
+[
+<a class="bibref" rel="biblioentry" href="#bib-RDF-SYNTAX-GRAMMAR">
+RDF-SYNTAX-GRAMMAR
+</a>
+]
+serialization
+format
+<em class="rfc2119" title="must">
+must
+</em>
+be
+supported
+by
+the
+mechanism,
+e.g.
+a
+Web
+Service,
+providing
+the
+WebID
+Profile
+document.
+Alternate
+RDF
+serialization
+formats,
+such
+as
+N3
+[
+<a class="bibref" rel="biblioentry" href="#bib-N3">
+N3
+</a>
+]
+or
+Turtle
+[
+<a class="bibref" rel="biblioentry" href="#bib-TURTLE">
+TURTLE
+</a>
+],
+<em class="rfc2119" title="may">
+may
+</em>
+be
+supported
+by
+the
+mechanism
+providing
+the
+WebID
+Profile
+document.
+</dd>
+</dl>
+<p class="issue">
+Whether
+or
+not
+RDF/XML,
+XHTML+RDFa
+1.1,
+both
+or
+neither
+serialization
+of
+RDF
+should
+be
+required
+serialization
+formats
+in
+the
+specification
+is
+currently
+under
+heavy
+debate.
+</p>
+</div>
+<div class="normative section" id="authentication-sequence" typeof="bibo:Chapter" about="#authentication-sequence">
+<h3>
+<span class="secno">
+2.2
+</span>
+Authentication
+Sequence
+</h3>
+<p>
+The
+following
+steps
+are
+executed
+by
+Verification
+Agents
+and
+Identification
+Agents
+to
+determine
+if
+access
+should
+be
+granted
+to
+a
+particular
+resource.
+</p>
+<ol>
+<li>
+The
+<a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent">
+Identification
+Agent
+</a>
+attempts
+to
+access
+a
+resource
+using
+HTTP
+over
+TLS
+[
+<a class="bibref" rel="biblioentry" href="#bib-HTTP-TLS">
+HTTP-TLS
+</a>
+]
+via
+the
+<a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">
+Verification
+Agent
+</a>.
+</li>
+<li>
+The
+<a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">
+Verification
+Agent
+</a>
+<em class="rfc2119" title="must">
+must
+</em>
+request
+the
+<a class="tref internalDFN" title="Identification_Certificate" href="#dfn-identification_certificate">
+Identification
+Certificate
+</a>
+of
+the
+<a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent">
+Identification
+Agent
+</a>
+as
+a
+part
+of
+the
+TLS
+client-cerificate
+retrieval
+protocol.
+</li>
+<li>
+The
+<a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">
+Verification
+Agent
+</a>
+<em class="rfc2119" title="must">
+must
+</em>
+extract
+the
+<a class="tref internalDFN" title="public_key" href="#dfn-public_key">
+public
+key
+</a>
+and
+the
+<a class="tref internalDFN" title="WebID_URL" href="#dfn-webid_url">
+WebID
+URL
+</a>
+contained
+in
+the
+<code>
+Subject
+Alternative
+Name
+</code>
+extension
+of
+the
+<a class="tref internalDFN" title="Identification_Certificate" href="#dfn-identification_certificate">
+Identification
+Certificate
+</a>.
+</li>
+<li>
+The
+<a class="tref internalDFN" title="public_key" href="#dfn-public_key">
+public
+key
+</a>
+information
+associated
+with
+the
+<a class="tref internalDFN" title="WebID_URL" href="#dfn-webid_url">
+WebID
+URL
+</a>
+<em class="rfc2119" title="must">
+must
+</em>
+be
+<del class="diff-old">verified
+</del>
+<ins class="diff-chg">checked
+</ins>
+by
+the
+<a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">
+Verification
+Agent
+</a>.
+This
+<del class="diff-old">must
+be
+performed
+by
+validating
+the
+public
+key
+associated
+with
+the
+WebID
+URL
+.
+This
+</del>
+process
+<em class="rfc2119" title="should">
+should
+</em>
+occur
+either
+by
+dereferencing
+the
+<a class="tref internalDFN" title="WebID_URL" href="#dfn-webid_url">
+WebID
+URL
+</a>
+and
+extracting
+RDF
+data
+from
+the
+resulting
+document,
+or
+by
+utilizing
+a
+cached
+version
+of
+the
+RDF
+data
+contained
+in
+the
+document
+or
+other
+data
+source
+that
+is
+up-to-date
+and
+trusted
+by
+the
+<a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">
+Verification
+Agent
+</a>.
+The
+processing
+and
+extraction
+mechanism
+is
+further
+detailed
+in
+the
+sections
+titled
+<a href="#processing-the-webid-profile">
+Processing
+the
+WebID
+Profile
+</a>
+and
+<a href="#extracting-webid-url-details">
+Extracting
+WebID
+URL
+Details
+</a>.
+</li>
+<li>
+If
+the
+<a class="tref internalDFN" title="public_key" href="#dfn-public_key">
+public
+key
+</a>
+in
+the
+<a class="tref internalDFN" title="Identification_Certificate" href="#dfn-identification_certificate">
+Identification
+Certificate
+</a>
+is
+found
+in
+the
+list
+of
+<a class="tref internalDFN" title="public_key" href="#dfn-public_key">
+public
+key
+</a>
+s
+associated
+with
+the
+<a class="tref internalDFN" title="WebID_URL" href="#dfn-webid_url">
+WebID
+URL
+</a>,
+the
+<a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">
+Verification
+Agent
+</a>
+<em class="rfc2119" title="must">
+must
+</em>
+assume
+that
+the
+client
+<del class="diff-old">has
+write
+access
+</del>
+<ins class="diff-chg">intends
+</ins>
+to
+<ins class="diff-new">use
+</ins>
+the
+<del class="diff-old">WebID
+Profile
+</del>
+<a class="tref internalDFN" title="public_key" href="#dfn-public_key">
+<ins class="diff-chg">public
+key
+</ins>
+</a>
+<del class="diff-old">and
+therefore
+owns
+</del>
+<ins class="diff-chg">to
+verify
+their
+ownership
+of
+</ins>
+the
+<del class="diff-old">document.
+</del>
+<ins class="diff-chg">WebID
+URL.
+</ins>
+</li>
+<li>
+<del class="diff-old">If
+the
+</del>
+<ins class="diff-chg">The
+</ins>
+<a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">
+Verification
+Agent
+</a>
+<del class="diff-old">has
+verified
+</del>
+<ins class="diff-chg">verifies
+</ins>
+that
+the
+<a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent">
+<ins class="diff-new">Identification
+Agent
+</ins></a><ins class="diff-new">
+owns
+the
+</ins>
+<a class="tref internalDFN" title="WebID_Profile" href="#dfn-webid_profile">
+WebID
+Profile
+</a>
+<del class="diff-old">is
+owned
+</del>
+by
+<ins class="diff-new">using
+the
+</ins><a class="tref internalDFN" title="public_key" href="#dfn-public_key"><ins class="diff-new">
+public
+key
+</ins></a><ins class="diff-new">
+to
+create
+a
+cryptographic
+challenge.
+The
+challenge
+</ins><em class="rfc2119" title="should"><ins class="diff-new">
+should
+</ins></em><ins class="diff-new">
+be
+fulfilled
+by
+performing
+TLS
+mutual-authentication
+between
+the
+</ins><a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent"><ins class="diff-new">
+Verification
+Agent
+</ins></a><ins class="diff-new">
+and
+</ins>
+the
+<a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent">
+Identification
+Agent
+<del class="diff-old">,
+</del>
+</a>.
+<ins class="diff-chg">If
+</ins>
+the
+<a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">
+Verification
+Agent
+</a>
+<ins class="diff-new">does
+not
+have
+access
+to
+the
+TLS
+layer,
+a
+digital
+signature
+challenge
+</ins>
+<em class="rfc2119" title="must">
+must
+</em>
+<del class="diff-old">use
+</del>
+<ins class="diff-chg">be
+provided
+by
+</ins>
+the
+<del class="diff-old">verified
+public
+key
+contained
+</del>
+<a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">
+<ins class="diff-chg">Verification
+Agent
+</ins></a>.<ins class="diff-chg">
+These
+processes
+are
+detailed
+</ins>
+in
+the
+<del class="diff-old">Identification
+Certificate
+</del>
+<ins class="diff-chg">sections
+titled
+</ins><a href="#authorization"><ins class="diff-chg">
+Authorization
+</ins>
+</a>
+<del class="diff-old">for
+all
+TLS-based
+communication
+with
+the
+Identification
+Agent
+</del>
+<ins class="diff-chg">and
+</ins><a href="#secure-communication"><ins class="diff-chg">
+Secure
+Communication
+</ins>
+</a>.
+</li>
+</ol>
+<p>
+The
+<a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent">
+Identification
+Agent
+</a>
+<em class="rfc2119" title="may">
+may
+</em>
+re-establish
+a
+different
+identity
+at
+any
+time
+by
+executing
+all
+of
+the
+steps
+in
+the
+Authentication
+Sequence
+again.
+Additional
+algorithms,
+detailed
+in
+the
+next
+section,
+<em class="rfc2119" title="may">
+may
+</em>
+be
+performed
+to
+determine
+if
+the
+<a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">
+Verification
+Agent
+</a>
+can
+access
+a
+particular
+resource
+after
+the
+last
+step
+of
+the
+Authentication
+Sequence
+has
+been
+completed.
+</p>
+</div>
+<div class="normative section" id="authentication-sequence-details" typeof="bibo:Chapter" about="#authentication-sequence-details">
+<h3>
+<span class="secno">
+2.3
+</span>
+Authentication
+Sequence
+Details
+</h3>
+<p>
+This
+section
+covers
+details
+about
+each
+step
+in
+the
+authentication
+process.
+</p>
+<div class="normative section" id="initiating-a-tls-connection" typeof="bibo:Chapter" about="#initiating-a-tls-connection">
+<h4>
+<span class="secno">
+2.3.1
+</span>
+Initiating
+a
+TLS
+Connection
+</h4>
+<p class="issue">
+This
+section
+will
+detail
+how
+the
+TLS
+connection
+process
+is
+started
+and
+used
+by
+WebID
+to
+create
+a
+secure
+channel
+between
+the
+Identification
+Agent
+and
+the
+Verification
+Agent.
+</p>
+</div>
+<div class="normative section" id="exchanging-the-identification-certificate" typeof="bibo:Chapter" about="#exchanging-the-identification-certificate">
+<h4>
+<span class="secno">
+2.3.2
+</span>
+Exchanging
+the
+Identification
+Certificate
+</h4>
+<p class="issue">
+This
+section
+will
+detail
+how
+the
+certificate
+is
+selected
+and
+sent
+to
+the
+Verification
+Agent.
+</p>
+</div>
+<div class="normative section" id="processing-the-webid-profile" typeof="bibo:Chapter" about="#processing-the-webid-profile">
+<h4>
+<span class="secno">
+2.3.3
+</span>
+Processing
+the
+WebID
+Profile
+</h4>
+<p>
+A
+Verification
+Agent
+<em class="rfc2119" title="must">
+must
+</em>
+be
+able
+to
+process
+documents
+in
+RDF/XML
+[
+<a class="bibref" rel="biblioentry" href="#bib-RDF-SYNTAX-GRAMMAR">
+RDF-SYNTAX-GRAMMAR
+</a>
+]
+and
+XHTML+RDFa
+[
+<a class="bibref" rel="biblioentry" href="#bib-XHTML-RDFA">
+XHTML-RDFA
+</a>
+].
+A
+server
+responding
+to
+a
+WebID
+Profile
+request
+<em class="rfc2119" title="should">
+should
+</em>
+support
+HTTP
+content
+negotiation.
+The
+server
+<em class="rfc2119" title="must">
+must
+</em>
+return
+a
+representation
+in
+RDF/XML
+for
+media
+type
+<code>
+application/rdf+xml
+</code>.
+The
+server
+<em class="rfc2119" title="must">
+must
+</em>
+return
+a
+representation
+in
+XHTML+RDFa
+for
+media
+type
+<code>
+text/html
+</code>
+or
+media
+type
+<code>
+application/xhtml+xml
+</code>.
+<a class="tref" title="Verification_Agents">
+Verification
+Agents
+</a>
+and
+<a class="tref" title="Identification_Agents">
+Identification
+Agents
+</a>
+<em class="rfc2119" title="may">
+may
+</em>
+support
+any
+other
+RDF
+format
+via
+HTTP
+content
+negotiation.
+</p>
+<p class="issue">
+This
+section
+will
+explain
+how
+a
+Verification
+Agent
+extracts
+semantic
+data
+describing
+the
+identification
+credentials
+from
+a
+WebID
+Profile.
+</p>
+</div>
+<div class="normative section" id="extracting-webid-url-details" typeof="bibo:Chapter" about="#extracting-webid-url-details">
+<h4>
+<span class="secno">
+2.3.4
+</span>
+Extracting
+WebID
+URL
+Details
+</h4>
+<p>
+The
+<a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">
+Verification
+Agent
+</a>
+may
+use
+a
+number
+of
+different
+methods
+to
+extract
+the
+<a class="tref internalDFN" title="public_key" href="#dfn-public_key">
+public
+key
+</a>
+information
+from
+the
+<a class="tref internalDFN" title="WebID_Profile" href="#dfn-webid_profile">
+WebID
+Profile
+</a>.
+</p>
+The
+following
+SPARQL
+query
+outlines
+one
+way
+in
+which
+the
+<a class="tref internalDFN" title="public_key" href="#dfn-public_key">
+public
+key
+</a>
+could
+be
+extracted
+from
+the
+<a class="tref internalDFN" title="WebID_Profile" href="#dfn-webid_profile">
+WebID
+Profile
+</a>:
+<code><pre>
+PREFIX cert: <http://www.w3.org/ns/auth/cert#>
+PREFIX rsa: <http://www.w3.org/ns/auth/rsa#>
+SELECT ?modulus ?exp
+WHERE {
+ ?key cert:identity <http://example.org/webid#public>;
+ a rsa:RSAPublicKey;
+ rsa:modulus [ cert:hex ?modulus; ];
+ rsa:public_exponent [ cert:decimal ?exp ] .
+}
+</pre>
+</code>
+<p class="issue">
+This
+section
+still
+needs
+more
+information.
+</p>
+</div>
+<div class="normative section" id="authorization" typeof="bibo:Chapter" about="#authorization">
+<h4>
+<span class="secno">
+2.3.5
+</span>
+<del class="diff-old">Determining
+Access
+Privileges
+</del>
+<ins class="diff-chg">Authorization
+</ins>
+</h4>
+<p class="issue">
+This
+section
+will
+explain
+how
+a
+Verification
+Agent
+may
+use
+the
+information
+discovered
+via
+a
+WebID
+URL
+to
+determine
+if
+one
+should
+be
+able
+to
+access
+a
+particular
+resource.
+It
+will
+explain
+how
+a
+Verification
+Agent
+can
+use
+links
+to
+other
+RDFa
+documents
+to
+build
+knowledge
+about
+the
+given
+WebID.
+</p>
+</div>
+<div class="normative section" id="secure-communication" typeof="bibo:Chapter" about="#secure-communication">
+<h4>
+<span class="secno">
+<ins class="diff-new">2.3.6
+</ins></span><ins class="diff-new">
+Secure
+Communication
+</ins></h4><p class="issue"><ins class="diff-new">
+This
+section
+will
+explain
+how
+an
+Identification
+Agent
+and
+a
+Verification
+Agent
+may
+communicate
+securely
+using
+a
+set
+of
+verified
+identification
+credentials.
+</ins></p><p><ins class="diff-new">
+If
+the
+</ins><a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent"><ins class="diff-new">
+Verification
+Agent
+</ins></a><ins class="diff-new">
+has
+verified
+that
+the
+</ins><a class="tref internalDFN" title="WebID_Profile" href="#dfn-webid_profile"><ins class="diff-new">
+WebID
+Profile
+</ins></a><ins class="diff-new">
+is
+owned
+by
+the
+</ins><a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent"><ins class="diff-new">
+Identification
+Agent
+</ins></a>,<ins class="diff-new">
+the
+</ins><a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent"><ins class="diff-new">
+Verification
+Agent
+</ins></a><em class="rfc2119" title="should"><ins class="diff-new">
+should
+</ins></em><ins class="diff-new">
+use
+the
+verified
+</ins><a class="tref internalDFN" title="public_key" href="#dfn-public_key"><ins class="diff-new">
+public
+key
+</ins></a><ins class="diff-new">
+contained
+in
+the
+</ins><a class="tref internalDFN" title="Identification_Certificate" href="#dfn-identification_certificate"><ins class="diff-new">
+Identification
+Certificate
+</ins></a><ins class="diff-new">
+for
+all
+TLS-based
+communication
+with
+the
+</ins><a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent"><ins class="diff-new">
+Identification
+Agent
+</ins></a>.<ins class="diff-new">
+This
+ensures
+that
+both
+the
+</ins><a class="tref" title="Authorization_Agent"><ins class="diff-new">
+Authorization
+Agent
+</ins></a><ins class="diff-new">
+and
+the
+</ins><a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent"><ins class="diff-new">
+Identification
+Agent
+</ins></a><ins class="diff-new">
+are
+communicating
+in
+a
+secure
+manner,
+ensuring
+cryptographically
+protected
+privacy
+for
+both
+sides.
+</ins></p></div></div><div class="normative section" id="the-webid-profile" typeof="bibo:Chapter" about="#the-webid-profile"><h3><span class="secno"><ins class="diff-new">
+2.4
+</ins></span><ins class="diff-new">
+The
+WebID
+Profile
+</ins></h3><p><ins class="diff-new">
+The
+</ins><a class="tref internalDFN" title="WebID_Profile" href="#dfn-webid_profile"><ins class="diff-new">
+WebID
+Profile
+</ins></a><ins class="diff-new">
+is
+a
+structured
+document
+that
+contains
+identification
+credentials
+for
+the
+</ins><a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent"><ins class="diff-new">
+Identification
+Agent
+</ins></a><ins class="diff-new">
+expressed
+using
+the
+Resource
+Description
+Framework
+[
+</ins><a class="bibref" rel="biblioentry" href="#bib-RDF-CONCEPTS"><ins class="diff-new">
+RDF-CONCEPTS
+</ins></a><ins class="diff-new">
+].
+The
+following
+sections
+describe
+how
+to
+express
+certain
+common
+properties
+that
+could
+be
+used
+by
+</ins><a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent"><ins class="diff-new">
+Verification
+Agent
+</ins></a><ins class="diff-new">
+s
+and
+other
+entities
+that
+consume
+a
+</ins><a class="tref internalDFN" title="WebID_Profile" href="#dfn-webid_profile"><ins class="diff-new">
+WebID
+Profile
+</ins></a>.</p><p><ins class="diff-new">
+The
+following
+vocabularies
+are
+used
+in
+their
+shortened
+form
+in
+the
+subsequent
+sections:
+</ins></p><dl><dt><ins class="diff-new">
+foaf
+</ins></dt><dd><ins class="diff-new">
+http://xmlns.com/foaf/0.1/
+</ins></dd><dt><ins class="diff-new">
+cert
+</ins></dt><dd><ins class="diff-new">
+http://www.w3.org/ns/auth/cert#
+</ins></dd><dt><ins class="diff-new">
+rsa
+</ins></dt><dd><ins class="diff-new">
+http://www.w3.org/ns/auth/rsa#
+</ins></dd></dl><div class="normative section" id="personal-information" typeof="bibo:Chapter" about="#personal-information"><h4><span class="secno"><ins class="diff-new">
+2.4.1
+</ins></span><ins class="diff-new">
+Personal
+Information
+</ins></h4><p><ins class="diff-new">
+Personal
+details
+are
+the
+most
+common
+requirement
+when
+registering
+an
+account
+with
+a
+website.
+Some
+of
+these
+pieces
+of
+information
+include
+an
+e-mail
+address,
+a
+name
+and
+perhaps
+an
+avatar
+image.
+This
+section
+includes
+properties
+that
+</ins><em class="rfc2119" title="should"><ins class="diff-new">
+should
+</ins></em><ins class="diff-new">
+be
+used
+when
+conveying
+key
+pieces
+of
+personal
+information
+but
+are
+</ins><em class="rfc2119" title="not required"><ins class="diff-new">
+not
+required
+</ins></em><ins class="diff-new">
+to
+be
+present
+in
+a
+WebID
+Profile:
+</ins></p><dl><dt><ins class="diff-new">
+foaf:mbox
+</ins></dt><dd><ins class="diff-new">
+The
+e-mail
+address
+that
+is
+associated
+with
+the
+WebID
+URL.
+</ins></dd><dt><ins class="diff-new">
+foaf:name
+</ins></dt><dd><ins class="diff-new">
+The
+name
+that
+is
+most
+commonly
+used
+to
+refer
+to
+the
+individual
+or
+agent.
+</ins></dd><dt><ins class="diff-new">
+foaf:depiction
+</ins></dt><dd><ins class="diff-new">
+An
+image
+representation
+of
+the
+individual
+or
+agent.
+</ins></dd></dl></div><div class="normative section" id="cryptographic-details" typeof="bibo:Chapter" about="#cryptographic-details"><h4><span class="secno"><ins class="diff-new">
+2.4.2
+</ins></span><ins class="diff-new">
+Cryptographic
+Details
+</ins></h4><p><ins class="diff-new">
+Cryptographic
+details
+are
+important
+when
+</ins><a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent"><ins class="diff-new">
+Verification
+Agent
+</ins></a><ins class="diff-new">
+s
+and
+</ins><a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent"><ins class="diff-new">
+Identification
+Agent
+</ins></a><ins class="diff-new">
+s
+interact.
+The
+following
+properties
+</ins><em class="rfc2119" title="should"><ins class="diff-new">
+should
+</ins></em><ins class="diff-new">
+be
+used
+when
+conveying
+cryptographic
+information
+in
+WebID
+Profile
+documents:
+</ins></p><dl><dt><ins class="diff-new">
+rsa:RSAPublicKey
+</ins></dt><dd><ins class="diff-new">
+Expresses
+an
+RSA
+public
+key.
+The
+RSAPublicKey
+</ins><em class="rfc2119" title="must"><ins class="diff-new">
+must
+</ins></em><ins class="diff-new">
+specify
+the
+rsa:modulus
+and
+rsa:public_exponent
+properties.
+</ins></dd><dt><ins class="diff-new">
+cert:identity
+</ins></dt><dd><ins class="diff-new">
+Used
+to
+associate
+an
+RSAPublicKey
+with
+a
+WebID
+URL.
+A
+WebID
+Profile
+</ins><em class="rfc2119" title="must"><ins class="diff-new">
+must
+</ins></em><ins class="diff-new">
+contain
+at
+least
+one
+RSAPublicKey
+that
+is
+associated
+with
+the
+corresponding
+WebID
+URL.
+</ins></dd></dl></div>
+</div>
+<div id="appendix" typeof="bibo:Chapter" about="#appendix" class="section">
+<div class="informative section" id="history" typeof="bibo:Chapter" about="#history">
+<h4>
+Change
+History
+</h4>
+<p>
+<em>
+This
+section
+is
+non-normative.
+</em>
+</p>
+<p>
+<a href="http://github.com/msporny/webid-spec/commit/b19d2812901b4511fdf9876c1be53bb36ee3201e">
+<ins class="diff-new">2010-07-25
+</ins></a><ins class="diff-new">
+Added
+WebID
+Profile
+section.
+</ins></p><p><a href="http://github.com/msporny/webid-spec/commit/211d197510ca119c21ae48f3e5aa3f931ea88672"><ins class="diff-new">
+2010-07-18
+</ins></a><ins class="diff-new">
+Updates
+from
+WebID
+community
+related
+to
+RDF/XML
+support,
+authentication
+sequence
+corrections,
+abstract
+and
+introduction
+updates.
+</ins></p><p><a href="http://github.com/msporny/webid-spec/commit/a54dee9c242b08edaac617d678215b389dd3556d">
+2010-07-11
+</a>
+Initial
+version.
+</p>
+</div>
+<div class="informative section" id="acknowledgements" typeof="bibo:Chapter" about="#acknowledgements">
+<h4>
+Acknowledgments
+</h4>
+<p>
+<em>
+This
+section
+is
+non-normative.
+</em>
+</p>
+<p>
+The
+following
+people
+have
+been
+instrumental
+in
+providing
+thoughts,
+feedback,
+reviews,
+criticism
+and
+input
+in
+the
+creation
+of
+this
+specification:
+</p>
+<ul>
+<li>
+Melvin
+Carvalho
+</li>
+<li>
+Bruno
+Harbulot
+</li>
+<li>
+Toby
+Inkster
+</li>
+<li>
+Ian
+Jacobi
+</li>
+<li>
+Jeff
+Sayre
+</li>
+<li>
+Henry
+Story
+</li>
+</ul>
+</div>
+</div>
+</div>
+<div id="references" class="appendix section" typeof="bibo:Chapter" about="#references">
+<h2>
+<span class="secno">
+A.
+</span>
+References
+</h2>
+<div id="normative-references" typeof="bibo:Chapter" about="#normative-references" class="section">
+<h3>
+<span class="secno">
+A.1
+</span>
+Normative
+references
+</h3>
+<dl class="bibliography" about="">
+<dt id="bib-HTTP-TLS">
+[HTTP-TLS]
+</dt>
+<dd rel="dcterms:requires">
+E.
+Rescorla.
+<a href="http://www.ietf.org/rfc/rfc2818.txt">
+<cite>
+HTTP
+Over
+TLS.
+</cite>
+</a>
+May
+2000.
+Internet
+RFC
+2818.
+URL:
+<a href="http://www.ietf.org/rfc/rfc2818.txt">
+http://www.ietf.org/rfc/rfc2818.txt
+</a>
+</dd>
+<dt id="bib-N3">
+[N3]
+</dt>
+<dd rel="dcterms:requires">
+Tim
+Berners-Lee;
+Dan
+Connolly.
+<a href="http://www.w3.org/TeamSubmission/2008/SUBM-n3-20080114/">
+<cite>
+Notation3
+(N3):
+A
+readable
+RDF
+syntax.
+</cite>
+</a>
+14
+January
+2008.
+W3C
+Team
+Submission.
+URL:
+<a href="http://www.w3.org/TeamSubmission/2008/SUBM-n3-20080114/">
+http://www.w3.org/TeamSubmission/2008/SUBM-n3-20080114/
+</a>
+</dd>
+<dt id="bib-RDF-PRIMER">
+[RDF-PRIMER]
+</dt>
+<dd rel="dcterms:requires">
+Frank
+Manola;
+Eric
+Miller.
+<a href="http://www.w3.org/TR/2004/REC-rdf-primer-20040210/">
+<cite>
+RDF
+Primer.
+</cite>
+</a>
+10
+February
+2004.
+W3C
+Recommendation.
+URL:
+<a href="http://www.w3.org/TR/2004/REC-rdf-primer-20040210/">
+http://www.w3.org/TR/2004/REC-rdf-primer-20040210/
+</a>
+</dd>
+<dt id="bib-RDF-SYNTAX-GRAMMAR">
+[RDF-SYNTAX-GRAMMAR]
+</dt>
+<dd rel="dcterms:requires">
+Dave
+Beckett.
+<a href="http://www.w3.org/TR/2004/REC-rdf-syntax-grammar-20040210">
+<cite>
+RDF/XML
+Syntax
+Specification
+(Revised).
+</cite>
+</a>
+10
+February
+2004.
+W3C
+Recommendation.
+URL:
+<a href="http://www.w3.org/TR/2004/REC-rdf-syntax-grammar-20040210">
+http://www.w3.org/TR/2004/REC-rdf-syntax-grammar-20040210
+</a>
+</dd>
+<dt id="bib-RDFA-CORE">
+[RDFA-CORE]
+</dt>
+<dd rel="dcterms:requires">
+Shane
+McCarron;
+et
+al.
+<a href="http://www.w3.org/TR/2010/WD-rdfa-core-20100422">
+<cite>
+RDFa
+Core
+1.1:
+Syntax
+and
+processing
+rules
+for
+embedding
+RDF
+through
+attributes.
+</cite>
+</a>
+22
+April
+2010.
+W3C
+Working
+Draft.
+URL:
+<a href="http://www.w3.org/TR/2010/WD-rdfa-core-20100422">
+http://www.w3.org/TR/2010/WD-rdfa-core-20100422
+</a>
+</dd>
+<dt id="bib-TURTLE">
+[TURTLE]
+</dt>
+<dd rel="dcterms:requires">
+David
+Beckett,
+Tim
+Berners-Lee.
+<a href="http://www.w3.org/TeamSubmission/turtle/">
+Turtle:
+Terse
+RDF
+Triple
+Language
+</a>
+January
+2008.
+W3C
+Team
+Submission.
+URL:
+<a href="http://www.w3.org/TeamSubmission/turtle/">
+http://www.w3.org/TeamSubmission/turtle/
+</a>
+</dd>
+<dt id="bib-X509V3">
+[X509V3]
+</dt>
+<dd rel="dcterms:requires">
+<cite>
+ITU-T
+Recommendation
+X.509
+version
+3
+(1997).
+"Information
+Technology
+-
+Open
+Systems
+Interconnection
+-
+The
+Directory
+Authentication
+Framework"
+ISO/IEC
+9594-8:1997
+</cite>.
+</dd>
+<dt id="bib-XHTML-RDFA">
+[XHTML-RDFA]
+</dt>
+<dd rel="dcterms:requires">
+Shane
+McCarron;
+et.
+al.
+<a href="http://www.w3.org/TR/2010/WD-xhtml-rdfa-20100422">
+<cite>
+XHTML+RDFa
+1.1.
+</cite>
+</a>
+22
+April
+2010.
+W3C
+Working
+Draft.
+URL:
+<a href="http://www.w3.org/TR/2010/WD-xhtml-rdfa-20100422">
+http://www.w3.org/TR/WD-xhtml-rdfa-20100422
+</a>
+</dd>
+</dl>
+</div>
+<div id="informative-references" typeof="bibo:Chapter" about="#informative-references" class="section">
+<h3>
+<span class="secno">
+A.2
+</span>
+Informative
+references
+</h3>
+<dl class="bibliography" about="">
+<dt id="bib-RDF-CONCEPTS">
+[RDF-CONCEPTS]
+</dt>
+<dd rel="dcterms:references">
+Graham
+Klyne;
+Jeremy
+J.
+Carroll.
+<a href="http://www.w3.org/TR/2004/REC-rdf-concepts-20040210">
+<cite>
+Resource
+Description
+Framework
+(RDF):
+Concepts
+and
+Abstract
+Syntax.
+</cite>
+</a>
+10
+February
+2004.
+W3C
+Recommendation.
+URL:
+<a href="http://www.w3.org/TR/2004/REC-rdf-concepts-20040210">
+http://www.w3.org/TR/2004/REC-rdf-concepts-20040210
+</a>
+</dd>
+</dl>
+</div>
+</div>
+</body>
+</html>
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/spec/drafts/ED-webid-20100725/index.html Wed Feb 02 17:27:40 2011 -0500
@@ -0,0 +1,635 @@
+<?xml version='1.0' encoding='UTF-8'?>
+<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML+RDFa 1.0//EN' 'http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd'>
+<html dir="ltr" about="" property="dcterms:language" content="en" xmlns="http://www.w3.org/1999/xhtml" xmlns:dcterms='http://purl.org/dc/terms/' xmlns:bibo='http://purl.org/ontology/bibo/' xmlns:foaf='http://xmlns.com/foaf/0.1/' xmlns:xsd='http://www.w3.org/2001/XMLSchema#'>
+<head>
+ <title>WebID 1.0</title>
+ <meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
+
+<!--
+ === NOTA BENE ===
+ For the three scripts below, if your spec resides on dev.w3 you can check them
+ out in the same tree and use relative links so that they'll work offline,
+ -->
+
+<style type="text/css">
+code { font-family: monospace; }
+
+span.hilite { color: red; /* font-weight: bold */ }
+
+li p { margin-top: 0.3em;
+ margin-bottom: 0.3em; }
+
+div.explanation { background-color: #ADD8E6;
+ width: 80%;
+ margin: 12px; padding: 8px; }
+div.explanation li { margin-top: 8px; }
+div.explanation dd { margin: 4px; }
+
+.adef {
+ font-family: monospace;
+ font-weight: bold;
+ color: #ff4500 !important;
+}
+
+.aref {
+ font-family: monospace;
+ font-weight: bold;
+ color: #ff4500 !important;
+}
+
+span.entity { color: red; }
+
+span.element { color: green; }
+</style>
+
+
+
+<!-- <script src='/ReSpec.js/js/respec.js' class='remove'></script> -->
+
+
+ <link href="http://dev.w3.org/2009/dap/ReSpec.js/css/respec.css" rel="stylesheet" type="text/css" charset="utf-8" /><link href="http://www.w3.org/StyleSheets/TR/w3c-unofficial" rel="stylesheet" type="text/css" charset="utf-8" /></head><body style="display: inherit; "><div class="head"><p></p><h1 rel="dcterms:title" class="title" id="title">WebID 1.0</h1><h2 rel="bibo:subtitle" id="subtitle">Web Identification and Discovery</h2><h2 property="dcterms:issued" datatype="xsd:dateTime" content="2010-07-25T22:59:59+0000" id="unofficial-draft-25-july-2010">Unofficial Draft 25 July 2010</h2><dl><dt>Editor:</dt><dd rel="bibo:editor"><span typeof="foaf:Person"><span property="foaf:name">Manu Sporny</span>, <a rel="foaf:workplaceHomepage" href="http://blog.digitalbazaar.com/">Digital Bazaar, Inc.</a> <a rel="foaf:mbox" href="mailto:msporny@digitalbazaar.com">msporny@digitalbazaar.com</a> </span>
+</dd>
+<dt>Authors:</dt><dd><span><a content="Toby Inkster" href="http://tobyinkster.co.uk/">Toby Inkster</a></span>
+</dd>
+<dd><span><a content="Henry Story" href="http://bblfish.net/">Henry Story</a></span>
+</dd>
+<dd><span><a content="Bruno Harbulot" href="http://blog.distributedmatter.net/">Bruno Harbulot</a></span>
+</dd>
+<dd><span><a content="Reto Bachmann-Gmür" href="http://www.facebook.com/farewellutopia">Reto Bachmann-Gmür</a></span>
+</dd>
+</dl><p>This document is also available in this non-normative format: <a href="diff-20100718.html">Diff from previous Editors Draft</a>.</p><p class="copyright">This document is licensed under a <a class="subfoot" href="http://creativecommons.org/licenses/by/3.0/" rel="license">Creative Commons Attribution 3.0 License</a>.</p><hr></hr></div>
+ <div id="abstract" class="introductory section" property="dcterms:abstract" datatype="" typeof="bibo:Chapter" about="#abstract"><h2>Abstract</h2>
+
+<p>Social networking, identity and privacy have been at the center of how we
+interact with the Web in the last decade. The explosion of social networking
+sites has brought the world closer together as well as created new points of
+pain regarding ease of use and the Web. Remembering login details, passwords,
+and sharing private information across the many websites and social groups
+that we are a part of has become more difficult and complicated than necessary.
+The Social Web is designed to ensure that control of identity and privacy
+settings is always simple and under one's control. WebID is a key enabler of the
+Social Web. This specification outlines a simple universal identification
+mechanism that is distributed, openly extensible, improves privacy, security
+and control over how one can identify themselves and control access to their
+information on the Web.
+</p>
+
+<div typeof="bibo:Chapter" about="#how-to-read-this-document" class="section">
+<h3 id="how-to-read-this-document">How to Read this Document</h3>
+
+<p>There are a number of concepts that are covered in this document that the
+reader may want to be aware of before continuing. General knowledge of
+<a href="http://en.wikipedia.org/wiki/Public_key_cryptography">public key cryptography</a>
+and RDF [<a class="bibref" rel="biblioentry" href="#bib-RDF-PRIMER">RDF-PRIMER</a>] and RDFa [<a class="bibref" rel="biblioentry" href="#bib-RDFA-CORE">RDFA-CORE</a>] is necessary to understand how
+to implement this specification. WebID uses a number of specific technologies
+like HTTP over TLS [<a class="bibref" rel="biblioentry" href="#bib-HTTP-TLS">HTTP-TLS</a>], X.509 certificates [<a class="bibref" rel="biblioentry" href="#bib-X509V3">X509V3</a>],
+RDF/XML [<a class="bibref" rel="biblioentry" href="#bib-RDF-SYNTAX-GRAMMAR">RDF-SYNTAX-GRAMMAR</a>] and XHTML+RDFa [<a class="bibref" rel="biblioentry" href="#bib-XHTML-RDFA">XHTML-RDFA</a>].</p>
+
+<p>A general <a href="#introduction">Introduction</a> is provided for all that
+would like to understand why this specification is necessary to simplify usage
+of the Web.</p>
+
+<p>The terms used throughout this specification are listed in the section
+titled <a href="#terminology">Terminology</a>.</p>
+
+<p>Developers that are interested in implementing this specification will be
+most interested in the sections titled
+<a href="#authentication-sequence">Authentication Sequence</a> and
+<a href="#authentication-sequence-details">Authentication Sequence Details</a>.
+
+</p></div>
+</div><div id="sotd" class="introductory section" typeof="bibo:Chapter" about="#sotd"><h2>Status of This Document</h2><p>This document is merely a public working draft of a potential specification. It has no official standing of any kind and does not represent the support or consensus of any standards organisation.</p>
+
+<!-- <p>This document has been reviewed by W3C Members, by software
+developers, and by other W3C groups and interested parties, and is
+endorsed by the Director as a W3C Recommendation. It is a stable
+document and may be used as reference material or cited from another
+document. W3C's role in making the Recommendation is to draw attention
+to the specification and to promote its widespread deployment. This
+enhances the functionality and interoperability of the Web.</p> -->
+
+
+The source code for this document is available via Github at the following
+URL: <a href="http://github.com/msporny/webid-spec">http://github.com/msporny/webid-spec</a>
+
+</div><div id="toc" typeof="bibo:Chapter" about="#toc" class="section"><h2 class="introductory">Table of Contents</h2><ul class="toc"><li class="tocline"><a href="#introduction" class="tocxref"><span class="secno">1. </span>Introduction</a><ul class="toc"><li class="tocline"><a href="#motivation" class="tocxref"><span class="secno">1.1 </span>Motivation</a></li><li class="tocline"><a href="#relation-to-openid" class="tocxref"><span class="secno">1.2 </span>Relation to OpenID</a></li><li class="tocline"><a href="#relation-to-oauth" class="tocxref"><span class="secno">1.3 </span>Relation to OAuth</a></li></ul></li><li class="tocline"><a href="#the-webid-protocol" class="tocxref"><span class="secno">2. </span>The WebID Protocol</a><ul class="toc"><li class="tocline"><a href="#terminology" class="tocxref"><span class="secno">2.1 </span>Terminology</a></li><li class="tocline"><a href="#authentication-sequence" class="tocxref"><span class="secno">2.2 </span>Authentication Sequence</a></li><li class="tocline"><a href="#authentication-sequence-details" class="tocxref"><span class="secno">2.3 </span>Authentication Sequence Details</a><ul class="toc"><li class="tocline"><a href="#initiating-a-tls-connection" class="tocxref"><span class="secno">2.3.1 </span>Initiating a TLS Connection</a></li><li class="tocline"><a href="#exchanging-the-identification-certificate" class="tocxref"><span class="secno">2.3.2 </span>Exchanging the Identification Certificate</a></li><li class="tocline"><a href="#processing-the-webid-profile" class="tocxref"><span class="secno">2.3.3 </span>Processing the WebID Profile</a></li><li class="tocline"><a href="#extracting-webid-url-details" class="tocxref"><span class="secno">2.3.4 </span>Extracting WebID URL Details</a></li><li class="tocline"><a href="#authorization" class="tocxref"><span class="secno">2.3.5 </span>Authorization</a></li><li class="tocline"><a href="#secure-communication" class="tocxref"><span class="secno">2.3.6 </span>Secure Communication</a></li></ul></li><li class="tocline"><a href="#the-webid-profile" class="tocxref"><span class="secno">2.4 </span>The WebID Profile</a><ul class="toc"><li class="tocline"><a href="#personal-information" class="tocxref"><span class="secno">2.4.1 </span>Personal Information</a></li><li class="tocline"><a href="#cryptographic-details" class="tocxref"><span class="secno">2.4.2 </span>Cryptographic Details</a></li></ul></li></ul></li><li class="tocline"><a href="#references" class="tocxref"><span class="secno">A. </span>References</a><ul class="toc"><li class="tocline"><a href="#normative-references" class="tocxref"><span class="secno">A.1 </span>Normative references</a></li><li class="tocline"><a href="#informative-references" class="tocxref"><span class="secno">A.2 </span>Informative references</a></li></ul></li></ul></div>
+
+
+
+<div class="informative section" id="introduction" typeof="bibo:Chapter" about="#introduction">
+
+<!-- OddPage -->
+<h2><span class="secno">1. </span>Introduction</h2><p><em>This section is non-normative.</em></p>
+
+<p>
+The WebID specification is designed to help alleviate the difficultly that
+remembering different logins, passwords and settings for websites has created.
+It is also designed to provide a universal and extensible mechanism to express
+public and private information about yourself. This section outlines the
+motivation behind the specification and the relationship to other similar
+specifications that are in active use today.
+</p>
+
+<div class="informative section" id="motivation" typeof="bibo:Chapter" about="#motivation">
+<h3><span class="secno">1.1 </span>Motivation</h3><p><em>This section is non-normative.</em></p>
+
+<p>
+It is a fundamental design criteria of the Web to enable individuals and
+organizations to control how they interact with the rest of society. This
+includes how one expresses their identity, public information and personal
+details to social networks, Web sites and services.
+</p>
+
+<p>
+Semantic Web vocabularies such as Friend-of-a-Friend (FOAF) permit distributed
+hyperlinked social networks to exist. This vocabulary, along with other
+vocabularies, allow one to add information and services protection to
+distributed social networks.
+</p>
+
+<p>
+One major criticism of open networks is that they seem to have no way of
+protecting the personal information distributed on the web or limiting
+access to resources. Few people are willing to make all their personal
+information public, many would like large pieces to be protected, making
+it available only to a select group of agents. Giving access to
+information is very similar to giving access to services. There are many
+occasions when people would like services to only be accessible to
+members of a group, such as allowing only friends, family members,
+colleagues to post an article, photo or comment on a blog. How does one do
+this in a flexible way, without requiring a central point of
+access control?
+</p>
+
+<p>
+Using an process made popular by OpenID, we show how one can tie a User
+Agent to a URL by proving that one has write access to the URL. WebID is
+a simpler alternative to OpenID (fewer connections), that uses X.509
+certificates to tie a User Agent (Browser) to a Person identified via a URL.
+WebID also provides a few additional features to OpenID. These
+features include trust management, via digital signatures, and free-form
+extensibility via RDFa. By using the existing SSL certificate exchange
+mechanism, WebID integrates more smoothly with existing Web browsers, including
+browsers on mobile devices. WebID also permits automated session login
+in addition to interactive session login. Additionally, all data is encrypted
+and guaranteed to only be received by the person or organization that was
+intended to receive it.
+</p>
+
+</div>
+
+<div class="informative section" id="relation-to-openid" typeof="bibo:Chapter" about="#relation-to-openid">
+<h3><span class="secno">1.2 </span>Relation to OpenID</h3><p><em>This section is non-normative.</em></p>
+
+<p class="issue">This section needs to be re-written. The flow and grammar
+leaves much to be desired. -- manu</p>
+
+<p>WebID is compatible with OpenID. Both protocols use a URL that dereferences
+to a Personal Profile Document. This Personal Profile Document is where further
+information about an identity can be discovered. This mechanism is compatible
+with both WebID and OpenID. Therefore, WebID does not intend to replace OpenID,
+but can work beside OpenID by sharing the content in the Personal Profile
+Document.</p>
+
+<p>That said, there are a number of benefits that WebID achieves over OpenID:
+</p>
+
+<p>WebID gives people and other agents a WebID URL for identification. OpenID
+also provides a URL to a Personal Profile Document. However, in the case of
+WebID, one does not need to remember the URL since the User Agent remembers
+the URL on behalf of the person browsing. To log in on a WebID web site there
+is no need to enter any identifier like one has to do for OpenID. Just one click
+tells the browser to send the WebID URL. The person that is browsing does
+not need to remember either their WebID URL or the website password. The only
+password one may need to remember is the one that is used to access their
+collection of WebIDs in their browser, and that's only if they opt-in to
+password protect their WebIDs.
+</p>
+
+<p>
+While WebID works well in a browser environment, it is also very useful outside
+of the browser environment. WebID can also operate without requiring the use
+of any passwords. This is useful to developers that may
+want to use WebID to perform server-to-server or peer-to-peer verification of
+identity. WebID works for automated agents such as Search Agents, API Agents,
+and other automated mechanisms that are often found outside of the browser
+environment.
+</p>
+
+<p>The WebID protocol requires just one direct network connection to establish
+identity via the client. The server requires one connection to the client and
+one connection to retrieve the WebID Profile if it does not have the credential
+information cached. Compare this to the much more complex OpenID sequence, which
+requires six connections by the client to establish a login. In a world of
+distributed data where each site can point to data on any other site, multiple
+connections become costly to manage.</p>
+
+<p>WebID builds on a number of well established Internet and Web standards;
+<a href="http://en.wikipedia.org/wiki/REST">REST</a>,
+RDF [<a class="bibref" rel="biblioentry" href="#bib-RDF-PRIMER">RDF-PRIMER</a>], RDFa [<a class="bibref" rel="biblioentry" href="#bib-RDFA-CORE">RDFA-CORE</a>], RDF/XML [<a class="bibref" rel="biblioentry" href="#bib-RDF-SYNTAX-GRAMMAR">RDF-SYNTAX-GRAMMAR</a>],
+TLS [<a class="bibref" rel="biblioentry" href="#bib-HTTP-TLS">HTTP-TLS</a>], and X.509 [<a class="bibref" rel="biblioentry" href="#bib-X509V3">X509V3</a>]. By building on previous standards,
+it makes both explaining and implementing WebID easier on developers.</p>
+
+<p>Since WebID is RESTful, you can perform basic HTTP operations to
+<code>GET</code> your WebID, and if you needed update it, you can use
+HTTP <code>PUT</code> semantics. You can also create a WebID via
+<code>POST</code>. This is improved from the OpenID specification, which
+requires a new set of operations described in the OpenID Attribute Exchange
+specification.</p>
+
+<p>WebID is built on RDF and thus enables all of the advanced semantic web
+concepts that RDF enables. For example, a developer may perform machine
+reasoning with a WebID. One can construct machine-executable statements like
+"If this WebID claims to be a friend of one of our partner WebIDs that is
+trusted and the relationship is bi-directional, trust the WebID."
+While OpenID attempts to support this use case by mapping OpenID to RDF, it's
+far easier to do with WebID because WebID is natively RDF-aware.</p>
+
+<p>It is easy to extend a WebID with new attributes via RDF. The power of
+RDF allows developers to add extensions to WebID by defining new
+vocabularies that they publish. There is no authorization process necessary
+and thus WebID allows for distributed innovation. Every WebID property is
+a URI, which when clicked, can give you yet more information about what the
+property means. A developer can create new usage classes by extending their
+vocabulary at will. A developer can add relationships to a WebID by simply
+adding more HTML to the developer's page. OpenID does not provide any type of
+distributed innovation akin to RDF.</p>
+
+<p>Implementing WebID is easier than OpenID because all of the basic
+technologies have been working and integrated into Web browsers for many years.
+There were already three interoperable implementations of WebID before this
+specification was written.</p>
+
+<p>WebID is truly decentralized - with WebID you get a web of trust.
+OpenID only supports the Web of Trust model if you indirectly trust the
+OpenID provider. In other words - OpenID is not truly decentralized. In OpenID
+you must trust OpenID providers. With WebID you only have to trust the people
+and the organizations with which you are communicating. In other words, you
+don't have to ask anyone whether or not you can trust your friends. You can
+query people that you trust directly to see if someone is trustworthy or not.
+There is no need for a central WebID authority.
+</p>
+
+<p>WebID is fully distributed, anyone can setup a WebID by placing a single
+file on a web server of their choosing. There is no need for a special
+OpenID-like provider service. The only thing anyone that wants a WebID needs
+is a web account where you can post your WebID file, ideally on your own domain
+name. You can also use a WebID hosting provider, but it's not necessary for
+WebID to work. While it is possible to run an OpenID server, other
+OpenID applications may not trust you and thus you won't be able to fully
+utilize your private OpenID credentials. The reason that there are a few
+large OpenID providers and very few small OpenID providers is because of this
+trust design issue related to OpenID.</p>
+
+<p>WebID does not require HTTP redirects. Redirects are problematic on many
+cell phones, because telecoms heavily rely on proxys, which selectively block
+redirects.</p>
+
+<p>A WebID provider is 100% compatible with an OpenID provider and thus can
+inter-operate with OpenID-powered networks.</p>
+
+</div>
+
+<div class="informative section" id="relation-to-oauth" typeof="bibo:Chapter" about="#relation-to-oauth">
+<h3><span class="secno">1.3 </span>Relation to OAuth</h3><p><em>This section is non-normative.</em></p>
+
+<p>
+OAuth and WebID are mutually beneficial when used together. WebID can be
+used to provide RSA parameters to the RSA-SHA1 signature method required by
+OAuth 1.0. WebID can also be used to establish the consumer_key and HTTPS
+connection that will be used to transmit OAuth Tokens in OAuth 2.0.
+</p>
+
+</div>
+</div>
+
+<div class="normative section" id="the-webid-protocol" typeof="bibo:Chapter" about="#the-webid-protocol">
+
+<!-- OddPage -->
+<h2><span class="secno">2. </span>The WebID Protocol</h2>
+
+<div class="normative section" id="terminology" typeof="bibo:Chapter" about="#terminology">
+<h3><span class="secno">2.1 </span>Terminology</h3>
+
+<dl>
+
+<dt><dfn title="Verification_Agent" id="dfn-verification_agent">Verification Agent</dfn></dt>
+<dd>Performs authentication on provided WebID credentials and determines if
+an <a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent">Identification Agent</a> can have access to a particular
+resource. A <a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">Verification Agent</a> is typically a Web server, but
+may also be a peer on a peer-to-peer network.</dd>
+
+<dt><dfn title="Identification_Agent" id="dfn-identification_agent">Identification Agent</dfn></dt>
+<dd>Provides identification credentials to a Verification Agent. The
+<a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent">Identification Agent</a> is typically also a User Agent.</dd>
+
+<dt><dfn title="Identification_Certificate" id="dfn-identification_certificate">Identification Certificate</dfn></dt>
+<dd>An X.509 [<a class="bibref" rel="biblioentry" href="#bib-X509V3">X509V3</a>] Certificate that <em class="rfc2119" title="must">must</em> contain a
+<code>Subject Alternative Name</code> extension with a URI entry. The URI
+<em class="rfc2119" title="should">should</em> be a URL, and <em class="rfc2119" title="should not">should not</em> be a URN. The URL
+identifies the <a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent">Identification Agent</a>. The URL <em class="rfc2119" title="must">must</em> be
+dereference-able and result in a document containing RDF data. For example,
+the certificate would contain <code>http://example.org/webid#public</code>,
+known as a <a class="tref internalDFN" title="WebID_URL" href="#dfn-webid_url">WebID URL</a>, as the <code>Subject Alternative Name</code>:
+<code><pre>
+X509v3 extensions:
+ ...
+ X509v3 Subject Alternative Name:
+ URI:http://example.org/webid#public
+</pre></code>
+
+</dd><dt><dfn title="WebID_URL" id="dfn-webid_url">WebID URL</dfn></dt>
+<dd>A URL specified via the <code>Subject Alternative Name</code> extension
+of the <a class="tref internalDFN" title="Identification_Certificate" href="#dfn-identification_certificate">Identification Certificate</a> that identifies an
+<a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent">Identification Agent</a>.</dd>
+
+<dt><dfn title="public_key" id="dfn-public_key">public key</dfn></dt>
+<dd>A widely distributed crytographic key that can be used to verify
+digital signatures and encrypt data between a sender and a receiver. A public
+key is always included in an <a class="tref internalDFN" title="Identification_Certificate" href="#dfn-identification_certificate">Identification Certificate</a></dd>
+
+<dt><dfn title="WebID_Profile" id="dfn-webid_profile">WebID Profile</dfn></dt>
+<dd>
+A structured document that contains identification credentials for the
+<a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent">Identification Agent</a> expressed using the Resource Description
+Framework [<a class="bibref" rel="biblioentry" href="#bib-RDF-CONCEPTS">RDF-CONCEPTS</a>]. Either the XHTML+RDFa 1.1 [<a class="bibref" rel="biblioentry" href="#bib-XHTML-RDFA">XHTML-RDFA</a>]
+serialization format or the RDF/XML [<a class="bibref" rel="biblioentry" href="#bib-RDF-SYNTAX-GRAMMAR">RDF-SYNTAX-GRAMMAR</a>] serialization
+format <em class="rfc2119" title="must">must</em> be supported by the mechanism, e.g. a Web Service, providing the
+WebID Profile document. Alternate RDF serialization
+formats, such as N3 [<a class="bibref" rel="biblioentry" href="#bib-N3">N3</a>] or Turtle [<a class="bibref" rel="biblioentry" href="#bib-TURTLE">TURTLE</a>], <em class="rfc2119" title="may">may</em> be supported by the
+mechanism providing the WebID Profile document.
+</dd>
+
+</dl>
+
+<p class="issue">Whether or not RDF/XML, XHTML+RDFa 1.1, both or neither
+serialization of RDF should be required serialization formats in the
+specification is currently under heavy debate.</p>
+
+</div>
+
+<div class="normative section" id="authentication-sequence" typeof="bibo:Chapter" about="#authentication-sequence">
+<h3><span class="secno">2.2 </span>Authentication Sequence</h3>
+
+<p>The following steps are executed by Verification Agents and Identification
+Agents to determine if access should be granted to a particular resource.
+</p>
+
+<ol>
+<li>The <a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent">Identification Agent</a> attempts to access a resource
+using HTTP over TLS [<a class="bibref" rel="biblioentry" href="#bib-HTTP-TLS">HTTP-TLS</a>] via the <a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">Verification Agent</a>.</li>
+
+<li>The <a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">Verification Agent</a> <em class="rfc2119" title="must">must</em> request the
+<a class="tref internalDFN" title="Identification_Certificate" href="#dfn-identification_certificate">Identification Certificate</a> of the <a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent">Identification Agent</a>
+as a part of the TLS client-cerificate retrieval protocol.</li>
+
+<li>The <a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">Verification Agent</a> <em class="rfc2119" title="must">must</em> extract the <a class="tref internalDFN" title="public_key" href="#dfn-public_key">public key</a> and the
+<a class="tref internalDFN" title="WebID_URL" href="#dfn-webid_url">WebID URL</a> contained in the <code>Subject Alternative Name</code>
+extension of the <a class="tref internalDFN" title="Identification_Certificate" href="#dfn-identification_certificate">Identification Certificate</a>.</li>
+
+<li>The <a class="tref internalDFN" title="public_key" href="#dfn-public_key">public key</a> information associated with the
+<a class="tref internalDFN" title="WebID_URL" href="#dfn-webid_url">WebID URL</a> <em class="rfc2119" title="must">must</em> be checked by the <a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">Verification Agent</a>.
+This process <em class="rfc2119" title="should">should</em> occur either by dereferencing the <a class="tref internalDFN" title="WebID_URL" href="#dfn-webid_url">WebID URL</a> and
+extracting RDF data from the resulting document, or by utilizing a cached
+version of the RDF data contained in the document or other data source that is
+up-to-date and trusted by the <a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">Verification Agent</a>. The processing
+and extraction mechanism is further detailed in the sections titled
+<a href="#processing-the-webid-profile">Processing the WebID Profile</a> and
+<a href="#extracting-webid-url-details">Extracting WebID URL Details</a>.
+</li>
+
+<li>If the <a class="tref internalDFN" title="public_key" href="#dfn-public_key">public key</a> in the
+<a class="tref internalDFN" title="Identification_Certificate" href="#dfn-identification_certificate">Identification Certificate</a> is found in the list of
+<a class="tref internalDFN" title="public_key" href="#dfn-public_key">public key</a>s associated with the <a class="tref internalDFN" title="WebID_URL" href="#dfn-webid_url">WebID URL</a>, the
+<a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">Verification Agent</a> <em class="rfc2119" title="must">must</em> assume that the client intends to use
+the <a class="tref internalDFN" title="public_key" href="#dfn-public_key">public key</a> to verify their ownership of the WebID URL.</li>
+
+<li>
+The <a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">Verification Agent</a> verifies that the
+<a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent">Identification Agent</a> owns the <a class="tref internalDFN" title="WebID_Profile" href="#dfn-webid_profile">WebID Profile</a>
+by using the <a class="tref internalDFN" title="public_key" href="#dfn-public_key">public key</a> to create a cryptographic challenge.
+The challenge <em class="rfc2119" title="should">should</em> be fulfilled by performing TLS mutual-authentication
+between the <a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">Verification Agent</a> and the
+<a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent">Identification Agent</a>.
+If the <a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">Verification Agent</a> does not have access to the TLS layer,
+a digital signature challenge <em class="rfc2119" title="must">must</em> be provided by the
+<a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">Verification Agent</a>. These processes are detailed in the sections
+titled <a href="#authorization">Authorization</a> and
+<a href="#secure-communication">Secure Communication</a>.</li>
+
+</ol>
+
+<p>
+The <a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent">Identification Agent</a> <em class="rfc2119" title="may">may</em> re-establish a different identity at
+any time by executing all of the steps in the Authentication Sequence again.
+Additional algorithms, detailed in the next section, <em class="rfc2119" title="may">may</em> be performed to
+determine if the <a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">Verification Agent</a> can access a particular
+resource after the last step of the Authentication Sequence has been
+completed.
+</p>
+
+</div>
+
+<div class="normative section" id="authentication-sequence-details" typeof="bibo:Chapter" about="#authentication-sequence-details">
+<h3><span class="secno">2.3 </span>Authentication Sequence Details</h3>
+
+<p>This section covers details about each step in the authentication process.
+</p>
+
+<div class="normative section" id="initiating-a-tls-connection" typeof="bibo:Chapter" about="#initiating-a-tls-connection">
+<h4><span class="secno">2.3.1 </span>Initiating a TLS Connection</h4>
+
+<p class="issue">This section will detail how the TLS connection process is
+started and used by WebID to create a secure channel between the
+Identification Agent and the Verification Agent.</p>
+</div>
+
+<div class="normative section" id="exchanging-the-identification-certificate" typeof="bibo:Chapter" about="#exchanging-the-identification-certificate">
+<h4><span class="secno">2.3.2 </span>Exchanging the Identification Certificate</h4>
+
+<p class="issue">This section will detail how the certificate is selected and
+sent to the Verification Agent.</p>
+</div>
+
+<div class="normative section" id="processing-the-webid-profile" typeof="bibo:Chapter" about="#processing-the-webid-profile">
+<h4><span class="secno">2.3.3 </span>Processing the WebID Profile</h4>
+
+<p>A Verification Agent <em class="rfc2119" title="must">must</em> be able to process documents in RDF/XML
+[<a class="bibref" rel="biblioentry" href="#bib-RDF-SYNTAX-GRAMMAR">RDF-SYNTAX-GRAMMAR</a>] and XHTML+RDFa [<a class="bibref" rel="biblioentry" href="#bib-XHTML-RDFA">XHTML-RDFA</a>]. A server responding to
+a WebID Profile request <em class="rfc2119" title="should">should</em> support HTTP content negotiation. The server
+<em class="rfc2119" title="must">must</em> return a representation in RDF/XML for media type
+<code>application/rdf+xml</code>.
+The server <em class="rfc2119" title="must">must</em> return a representation in XHTML+RDFa for media type
+<code>text/html</code> or media type
+<code>application/xhtml+xml</code>. <a class="tref" title="Verification_Agents">Verification Agents</a> and
+<a class="tref" title="Identification_Agents">Identification Agents</a> <em class="rfc2119" title="may">may</em> support any other RDF format via
+HTTP content negotiation.
+</p>
+
+<p class="issue">This section will explain how a Verification Agent extracts
+semantic data describing the identification credentials from a WebID Profile.</p>
+</div>
+
+<div class="normative section" id="extracting-webid-url-details" typeof="bibo:Chapter" about="#extracting-webid-url-details">
+<h4><span class="secno">2.3.4 </span>Extracting WebID URL Details</h4>
+
+<p>
+The <a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">Verification Agent</a> may use a number of different methods to
+extract the <a class="tref internalDFN" title="public_key" href="#dfn-public_key">public key</a> information from the <a class="tref internalDFN" title="WebID_Profile" href="#dfn-webid_profile">WebID Profile</a>.
+</p>
+The following SPARQL query outlines one way in which the <a class="tref internalDFN" title="public_key" href="#dfn-public_key">public key</a>
+could be extracted from the <a class="tref internalDFN" title="WebID_Profile" href="#dfn-webid_profile">WebID Profile</a>:
+<code><pre>
+PREFIX cert: <http://www.w3.org/ns/auth/cert#>
+PREFIX rsa: <http://www.w3.org/ns/auth/rsa#>
+SELECT ?modulus ?exp
+WHERE {
+ ?key cert:identity <http://example.org/webid#public>;
+ a rsa:RSAPublicKey;
+ rsa:modulus [ cert:hex ?modulus; ];
+ rsa:public_exponent [ cert:decimal ?exp ] .
+}
+</pre></code>
+
+<p class="issue">This section still needs more information.</p>
+
+</div>
+
+<div class="normative section" id="authorization" typeof="bibo:Chapter" about="#authorization">
+<h4><span class="secno">2.3.5 </span>Authorization</h4>
+
+<p class="issue">This section will explain how a Verification Agent may
+use the information discovered via a WebID URL to determine if one should
+be able to access a particular resource. It will explain how a Verification
+Agent can use links to other RDFa documents to build knowledge about the
+given WebID.</p>
+
+</div>
+
+<div class="normative section" id="secure-communication" typeof="bibo:Chapter" about="#secure-communication">
+<h4><span class="secno">2.3.6 </span>Secure Communication</h4>
+
+<p class="issue">This section will explain how an Identification Agent and
+a Verification Agent may communicate securely using a set of verified
+identification credentials.</p>
+
+<p>
+If the <a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">Verification Agent</a> has verified that the
+<a class="tref internalDFN" title="WebID_Profile" href="#dfn-webid_profile">WebID Profile</a> is owned by the <a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent">Identification Agent</a>,
+the <a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">Verification Agent</a> <em class="rfc2119" title="should">should</em> use the verified
+<a class="tref internalDFN" title="public_key" href="#dfn-public_key">public key</a> contained in the <a class="tref internalDFN" title="Identification_Certificate" href="#dfn-identification_certificate">Identification Certificate</a>
+for all TLS-based communication with the <a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent">Identification Agent</a>.
+This ensures that both the <a class="tref" title="Authorization_Agent">Authorization Agent</a> and the
+<a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent">Identification Agent</a>
+are communicating in a secure manner, ensuring cryptographically protected
+privacy for both sides.
+</p>
+
+</div>
+
+</div>
+
+<div class="normative section" id="the-webid-profile" typeof="bibo:Chapter" about="#the-webid-profile">
+<h3><span class="secno">2.4 </span>The WebID Profile</h3>
+
+<p>The <a class="tref internalDFN" title="WebID_Profile" href="#dfn-webid_profile">WebID Profile</a> is a structured document that contains
+identification credentials for the <a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent">Identification Agent</a> expressed
+using the Resource Description Framework [<a class="bibref" rel="biblioentry" href="#bib-RDF-CONCEPTS">RDF-CONCEPTS</a>]. The following
+sections describe how to express certain common properties that could be used
+by <a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">Verification Agent</a>s and other entities that consume a
+<a class="tref internalDFN" title="WebID_Profile" href="#dfn-webid_profile">WebID Profile</a>.</p>
+
+<p>The following vocabularies are used in their shortened form in the
+subsequent sections:</p>
+
+<dl>
+ <dt>foaf</dt>
+ <dd>http://xmlns.com/foaf/0.1/</dd>
+ <dt>cert</dt>
+ <dd>http://www.w3.org/ns/auth/cert#</dd>
+ <dt>rsa</dt>
+ <dd>http://www.w3.org/ns/auth/rsa#</dd>
+</dl>
+
+<div class="normative section" id="personal-information" typeof="bibo:Chapter" about="#personal-information">
+<h4><span class="secno">2.4.1 </span>Personal Information</h4>
+
+<p>Personal details are the most common requirement when registering an
+account with a website. Some of these pieces of information include an e-mail
+address, a name and perhaps an avatar image. This section includes
+properties that <em class="rfc2119" title="should">should</em> be used when conveying key pieces of personal
+information but are <em class="rfc2119" title="not required">not required</em> to be present in a WebID Profile:</p>
+
+<dl>
+ <dt>foaf:mbox</dt>
+ <dd>The e-mail address that is associated with the WebID URL.</dd>
+ <dt>foaf:name</dt>
+ <dd>The name that is most commonly used to refer to the individual
+ or agent.</dd>
+ <dt>foaf:depiction</dt>
+ <dd>An image representation of the individual or agent.</dd>
+</dl>
+</div>
+
+<div class="normative section" id="cryptographic-details" typeof="bibo:Chapter" about="#cryptographic-details">
+<h4><span class="secno">2.4.2 </span>Cryptographic Details</h4>
+
+<p>Cryptographic details are important when <a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">Verification Agent</a>s
+and <a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent">Identification Agent</a>s interact. The following properties
+<em class="rfc2119" title="should">should</em> be used when conveying cryptographic information in WebID Profile
+documents:</p>
+
+<dl>
+ <dt>rsa:RSAPublicKey</dt>
+ <dd>Expresses an RSA public key. The RSAPublicKey <em class="rfc2119" title="must">must</em> specify the
+ rsa:modulus and rsa:public_exponent properties.</dd>
+ <dt>cert:identity</dt>
+ <dd>Used to associate an RSAPublicKey with a WebID URL. A WebID Profile
+ <em class="rfc2119" title="must">must</em> contain at least one RSAPublicKey that is associated with the
+ corresponding WebID URL.</dd>
+</dl>
+</div>
+
+</div>
+
+<div id="appendix" typeof="bibo:Chapter" about="#appendix" class="section">
+
+<div class="informative section" id="history" typeof="bibo:Chapter" about="#history">
+<h4>Change History</h4><p><em>This section is non-normative.</em></p>
+<p><a href="http://github.com/msporny/webid-spec/commit/b19d2812901b4511fdf9876c1be53bb36ee3201e">2010-07-25</a> Added WebID Profile section.</p>
+<p><a href="http://github.com/msporny/webid-spec/commit/211d197510ca119c21ae48f3e5aa3f931ea88672">2010-07-18</a> Updates from WebID community related to RDF/XML support, authentication sequence corrections, abstract and introduction updates.</p>
+<p><a href="http://github.com/msporny/webid-spec/commit/a54dee9c242b08edaac617d678215b389dd3556d">2010-07-11</a> Initial version.</p>
+</div>
+
+<div class="informative section" id="acknowledgements" typeof="bibo:Chapter" about="#acknowledgements">
+<h4>Acknowledgments</h4><p><em>This section is non-normative.</em></p>
+
+<p>The following people have been instrumental in providing thoughts, feedback,
+reviews, criticism and input in the creation of this specification:</p>
+
+<ul>
+<li>Melvin Carvalho</li>
+<li>Bruno Harbulot</li>
+<li>Toby Inkster</li>
+<li>Ian Jacobi</li>
+<li>Jeff Sayre</li>
+<li>Henry Story</li>
+</ul>
+
+</div>
+</div>
+
+
+
+</div><div id="references" class="appendix section" typeof="bibo:Chapter" about="#references">
+<!-- OddPage -->
+<h2><span class="secno">A. </span>References</h2><div id="normative-references" typeof="bibo:Chapter" about="#normative-references" class="section"><h3><span class="secno">A.1 </span>Normative references</h3><dl class="bibliography" about=""><dt id="bib-HTTP-TLS">[HTTP-TLS]</dt><dd rel="dcterms:requires">E. Rescorla. <a href="http://www.ietf.org/rfc/rfc2818.txt"><cite>HTTP Over TLS.</cite></a> May 2000. Internet RFC 2818. URL: <a href="http://www.ietf.org/rfc/rfc2818.txt">http://www.ietf.org/rfc/rfc2818.txt</a>
+</dd><dt id="bib-N3">[N3]</dt><dd rel="dcterms:requires">Tim Berners-Lee; Dan Connolly. <a href="http://www.w3.org/TeamSubmission/2008/SUBM-n3-20080114/"><cite>Notation3 (N3): A readable RDF syntax.</cite></a> 14 January 2008. W3C Team Submission. URL: <a href="http://www.w3.org/TeamSubmission/2008/SUBM-n3-20080114/">http://www.w3.org/TeamSubmission/2008/SUBM-n3-20080114/</a>
+</dd><dt id="bib-RDF-PRIMER">[RDF-PRIMER]</dt><dd rel="dcterms:requires">Frank Manola; Eric Miller. <a href="http://www.w3.org/TR/2004/REC-rdf-primer-20040210/"><cite>RDF Primer.</cite></a> 10 February 2004. W3C Recommendation. URL: <a href="http://www.w3.org/TR/2004/REC-rdf-primer-20040210/">http://www.w3.org/TR/2004/REC-rdf-primer-20040210/</a>
+</dd><dt id="bib-RDF-SYNTAX-GRAMMAR">[RDF-SYNTAX-GRAMMAR]</dt><dd rel="dcterms:requires">Dave Beckett. <a href="http://www.w3.org/TR/2004/REC-rdf-syntax-grammar-20040210"><cite>RDF/XML Syntax Specification (Revised).</cite></a> 10 February 2004. W3C Recommendation. URL: <a href="http://www.w3.org/TR/2004/REC-rdf-syntax-grammar-20040210">http://www.w3.org/TR/2004/REC-rdf-syntax-grammar-20040210</a>
+</dd><dt id="bib-RDFA-CORE">[RDFA-CORE]</dt><dd rel="dcterms:requires">Shane McCarron; et al. <a href="http://www.w3.org/TR/2010/WD-rdfa-core-20100422"><cite>RDFa Core 1.1: Syntax and processing rules for embedding RDF through attributes.</cite></a>22 April 2010. W3C Working Draft. URL: <a href="http://www.w3.org/TR/2010/WD-rdfa-core-20100422">http://www.w3.org/TR/2010/WD-rdfa-core-20100422</a>
+</dd><dt id="bib-TURTLE">[TURTLE]</dt><dd rel="dcterms:requires">David Beckett, Tim Berners-Lee. <a href="http://www.w3.org/TeamSubmission/turtle/">Turtle: Terse RDF Triple Language</a> January 2008. W3C Team Submission. URL: <a href="http://www.w3.org/TeamSubmission/turtle/">http://www.w3.org/TeamSubmission/turtle/</a>
+</dd><dt id="bib-X509V3">[X509V3]</dt><dd rel="dcterms:requires"><cite>ITU-T Recommendation X.509 version 3 (1997). "Information Technology - Open Systems Interconnection - The Directory Authentication Framework" ISO/IEC 9594-8:1997</cite>.
+</dd><dt id="bib-XHTML-RDFA">[XHTML-RDFA]</dt><dd rel="dcterms:requires">Shane McCarron; et. al. <a href="http://www.w3.org/TR/2010/WD-xhtml-rdfa-20100422"><cite>XHTML+RDFa 1.1.</cite></a> 22 April 2010. W3C Working Draft. URL: <a href="http://www.w3.org/TR/2010/WD-xhtml-rdfa-20100422">http://www.w3.org/TR/WD-xhtml-rdfa-20100422</a>
+</dd></dl></div><div id="informative-references" typeof="bibo:Chapter" about="#informative-references" class="section"><h3><span class="secno">A.2 </span>Informative references</h3><dl class="bibliography" about=""><dt id="bib-RDF-CONCEPTS">[RDF-CONCEPTS]</dt><dd rel="dcterms:references">Graham Klyne; Jeremy J. Carroll. <a href="http://www.w3.org/TR/2004/REC-rdf-concepts-20040210"><cite>Resource Description Framework (RDF): Concepts and Abstract Syntax.</cite></a> 10 February 2004. W3C Recommendation. URL: <a href="http://www.w3.org/TR/2004/REC-rdf-concepts-20040210">http://www.w3.org/TR/2004/REC-rdf-concepts-20040210</a>
+</dd></dl></div></div></body></html>
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/spec/drafts/ED-webid-20100809/diff-20100725.html Wed Feb 02 17:27:40 2011 -0500
@@ -0,0 +1,6604 @@
+<!DOCTYPE html PUBLIC '-//W3C//DTD HTML 4.01 Transitional//EN' 'http://www.w3.org/TR/html4/loose.dtd'>
+<html lang="en" dir="ltr" about="" property="dcterms:language" content="en" prefix="dcterms: http://purl.org/dc/terms/ bibo: http://purl.org/ontology/bibo/ foaf: http://xmlns.com/foaf/0.1/ xsd: http://www.w3.org/2001/XMLSchema#">
+<head>
+
+
+
+ <title>WebID 1.0</title>
+ <meta http-equiv="Content-Type" content="text/html;charset=utf-8">
+ <!--
+ === NOTA BENE ===
+ For the three scripts below, if your spec resides on dev.w3 you can check them
+ out in the same tree and use relative links so that they'll work offline,
+ -->
+<style type="text/css">
+code { font-family: monospace; }
+
+span.hilite { color: red; /* font-weight: bold */ }
+
+li p { margin-top: 0.3em;
+ margin-bottom: 0.3em; }
+
+div.explanation { background-color: #ADD8E6;
+ width: 80%;
+ margin: 12px; padding: 8px; }
+div.explanation li { margin-top: 8px; }
+div.explanation dd { margin: 4px; }
+
+.adef {
+ font-family: monospace;
+ font-weight: bold;
+ color: #ff4500 !important;
+}
+
+.aref {
+ font-family: monospace;
+ font-weight: bold;
+ color: #ff4500 !important;
+}
+
+span.entity { color: red; }
+
+span.element { color: green; }
+</style>
+
+
+<!-- <script src='/ReSpec.js/js/respec.js' class='remove'></script> -->
+
+
+ <style type="text/css">
+/*****************************************************************
+ * ReSpec CSS
+ * Robin Berjon (robin at berjon dot com)
+ * v0.05 - 2009-07-31
+ *****************************************************************/
+
+
+/* --- INLINES --- */
+em.rfc2119 {
+ text-transform: lowercase;
+ font-variant: small-caps;
+ font-style: normal;
+ color: #900;
+}
+
+h1 acronym, h2 acronym, h3 acronym, h4 acronym, h5 acronym, h6 acronym, a acronym,
+h1 abbr, h2 abbr, h3 abbr, h4 abbr, h5 abbr, h6 abbr, a abbr {
+ border: none;
+}
+
+dfn {
+ font-weight: bold;
+}
+
+a.internalDFN {
+ color: inherit;
+ border-bottom: medium solid #99c;
+ text-decoration: none;
+}
+
+a.externalDFN {
+ color: inherit;
+ border-bottom: medium dotted #ccc;
+ text-decoration: none;
+}
+
+a.bibref {
+ text-decoration: none;
+}
+
+code {
+ color: #ff4500;
+}
+
+
+/* --- WEB IDL --- */
+pre.idl {
+ border-top: 1px solid #90b8de;
+ border-bottom: 1px solid #90b8de;
+ padding: 1em;
+ line-height: 120%;
+}
+
+pre.idl::before {
+ content: "WebIDL";
+ display: block;
+ width: 150px;
+ background: #90b8de;
+ color: #fff;
+ font-family: initial;
+ padding: 3px;
+ font-weight: bold;
+ margin: -1em 0 1em -1em;
+}
+
+.idlType {
+ color: #ff4500;
+ font-weight: bold;
+ text-decoration: none;
+}
+
+/*.idlModule*/
+/*.idlModuleID*/
+/*.idlInterface*/
+.idlInterfaceID {
+ font-weight: bold;
+ color: #005a9c;
+}
+
+.idlSuperclass {
+ font-style: italic;
+ color: #005a9c;
+}
+
+/*.idlAttribute*/
+.idlAttrType, .idlFieldType {
+ color: #005a9c;
+}
+.idlAttrName, .idlFieldName {
+ color: #ff4500;
+}
+.idlAttrName a, .idlFieldName a {
+ color: #ff4500;
+ border-bottom: 1px dotted #ff4500;
+ text-decoration: none;
+}
+
+/*.idlMethod*/
+.idlMethType {
+ color: #005a9c;
+}
+.idlMethName {
+ color: #ff4500;
+}
+.idlMethName a {
+ color: #ff4500;
+ border-bottom: 1px dotted #ff4500;
+ text-decoration: none;
+}
+
+/*.idlParam*/
+.idlParamType {
+ color: #005a9c;
+}
+.idlParamName {
+ font-style: italic;
+}
+
+.extAttr {
+ color: #666;
+}
+
+/*.idlConst*/
+.idlConstType {
+ color: #005a9c;
+}
+.idlConstName {
+ color: #ff4500;
+}
+.idlConstName a {
+ color: #ff4500;
+ border-bottom: 1px dotted #ff4500;
+ text-decoration: none;
+}
+
+/*.idlException*/
+.idlExceptionID {
+ font-weight: bold;
+ color: #c00;
+}
+
+.idlTypedefID, .idlTypedefType {
+ color: #005a9c;
+}
+
+.idlRaises, .idlRaises a.idlType, .idlRaises a.idlType code, .excName a, .excName a code {
+ color: #c00;
+ font-weight: normal;
+}
+
+.excName a {
+ font-family: monospace;
+}
+
+.idlRaises a.idlType, .excName a.idlType {
+ border-bottom: 1px dotted #c00;
+}
+
+.excGetSetTrue, .excGetSetFalse, .prmNullTrue, .prmNullFalse, .prmOptTrue, .prmOptFalse {
+ width: 45px;
+ text-align: center;
+}
+.excGetSetTrue, .prmNullTrue, .prmOptTrue { color: #0c0; }
+.excGetSetFalse, .prmNullFalse, .prmOptFalse { color: #c00; }
+
+.idlImplements a {
+ font-weight: bold;
+}
+
+dl.attributes, dl.methods, dl.constants, dl.fields {
+ margin-left: 2em;
+}
+
+.attributes dt, .methods dt, .constants dt, .fields dt {
+ font-weight: normal;
+}
+
+.attributes dt code, .methods dt code, .constants dt code, .fields dt code {
+ font-weight: bold;
+ color: #000;
+ font-family: monospace;
+}
+
+.attributes dt code, .fields dt code {
+ background: #ffffd2;
+}
+
+.attributes dt .idlAttrType code, .fields dt .idlFieldType code {
+ color: #005a9c;
+ background: transparent;
+ font-family: inherit;
+ font-weight: normal;
+ font-style: italic;
+}
+
+.methods dt code {
+ background: #d9e6f8;
+}
+
+.constants dt code {
+ background: #ddffd2;
+}
+
+.attributes dd, .methods dd, .constants dd, .fields dd {
+ margin-bottom: 1em;
+}
+
+table.parameters, table.exceptions {
+ border-spacing: 0;
+ border-collapse: collapse;
+ margin: 0.5em 0;
+ width: 100%;
+}
+table.parameters { border-bottom: 1px solid #90b8de; }
+table.exceptions { border-bottom: 1px solid #deb890; }
+
+.parameters th, .exceptions th {
+ color: #fff;
+ padding: 3px 5px;
+ text-align: left;
+ font-family: initial;
+ font-weight: normal;
+ text-shadow: #666 1px 1px 0;
+}
+.parameters th { background: #90b8de; }
+.exceptions th { background: #deb890; }
+
+.parameters td, .exceptions td {
+ padding: 3px 10px;
+ border-top: 1px solid #ddd;
+ vertical-align: top;
+}
+
+.parameters tr:first-child td, .exceptions tr:first-child td {
+ border-top: none;
+}
+
+.parameters td.prmName, .exceptions td.excName, .exceptions td.excCodeName {
+ width: 100px;
+}
+
+.parameters td.prmType {
+ width: 120px;
+}
+
+table.exceptions table {
+ border-spacing: 0;
+ border-collapse: collapse;
+ width: 100%;
+}
+
+/* --- TOC --- */
+.toc a {
+ text-decoration: none;
+}
+
+a .secno {
+ color: #000;
+}
+
+/* --- TABLE --- */
+table.simple {
+ border-spacing: 0;
+ border-collapse: collapse;
+ border-bottom: 3px solid #005a9c;
+}
+
+.simple th {
+ background: #005a9c;
+ color: #fff;
+ padding: 3px 5px;
+ text-align: left;
+}
+
+.simple th[scope="row"] {
+ background: inherit;
+ color: inherit;
+ border-top: 1px solid #ddd;
+}
+
+.simple td {
+ padding: 3px 10px;
+ border-top: 1px solid #ddd;
+}
+
+.simple tr:nth-child(even) {
+ background: #f0f6ff;
+}
+
+/* --- DL --- */
+.section dd > p:first-child {
+ margin-top: 0;
+}
+
+.section dd > p:last-child {
+ margin-bottom: 0;
+}
+
+.section dd {
+ margin-bottom: 1em;
+}
+
+.section dl.attrs dd, .section dl.eldef dd {
+ margin-bottom: 0;
+}
+
+/* --- EXAMPLES --- */
+pre.example {
+ border-top: 1px solid #ff4500;
+ border-bottom: 1px solid #ff4500;
+ padding: 1em;
+ margin-top: 1em;
+}
+
+pre.example::before {
+ content: "Example";
+ display: block;
+ width: 150px;
+ background: #ff4500;
+ color: #fff;
+ font-family: initial;
+ padding: 3px;
+ font-weight: bold;
+ margin: -1em 0 1em -1em;
+}
+
+/* --- EDITORIAL NOTES --- */
+.issue {
+ padding: 1em;
+ border: 1px solid #f00;
+ background: #ffc;
+}
+
+.issue::before {
+ content: "Issue";
+ display: block;
+ width: 150px;
+ margin: -1.5em 0 0.5em 0;
+ font-weight: bold;
+ border: 1px solid #f00;
+ background: #fff;
+ padding: 3px 1em;
+}
+
+.note {
+ padding: 1em;
+ border: 2px solid #cff6d9;
+ background: #e2fff0;
+}
+
+.note::before {
+ content: "Note";
+ display: block;
+ width: 150px;
+ margin: -1.5em 0 0.5em 0;
+ font-weight: bold;
+ border: 1px solid #cff6d9;
+ background: #fff;
+ padding: 3px 1em;
+}
+
+/* --- SYNTAX HIGHLIGHTING --- */
+pre.sh_sourceCode {
+ background-color: white;
+ color: black;
+ font-style: normal;
+ font-weight: normal;
+}
+
+pre.sh_sourceCode .sh_keyword { color: #005a9c; font-weight: bold; } /* language keywords */
+pre.sh_sourceCode .sh_type { color: #666; } /* basic types */
+pre.sh_sourceCode .sh_usertype { color: teal; } /* user defined types */
+pre.sh_sourceCode .sh_string { color: red; font-family: monospace; } /* strings and chars */
+pre.sh_sourceCode .sh_regexp { color: orange; font-family: monospace; } /* regular expressions */
+pre.sh_sourceCode .sh_specialchar { color: #ffc0cb; font-family: monospace; } /* e.g., \n, \t, \\ */
+pre.sh_sourceCode .sh_comment { color: #A52A2A; font-style: italic; } /* comments */
+pre.sh_sourceCode .sh_number { color: purple; } /* literal numbers */
+pre.sh_sourceCode .sh_preproc { color: #00008B; font-weight: bold; } /* e.g., #include, import */
+pre.sh_sourceCode .sh_symbol { color: blue; } /* e.g., *, + */
+pre.sh_sourceCode .sh_function { color: black; font-weight: bold; } /* function calls and declarations */
+pre.sh_sourceCode .sh_cbracket { color: red; } /* block brackets (e.g., {, }) */
+pre.sh_sourceCode .sh_todo { font-weight: bold; background-color: #00FFFF; } /* TODO and FIXME */
+
+/* Predefined variables and functions (for instance glsl) */
+pre.sh_sourceCode .sh_predef_var { color: #00008B; }
+pre.sh_sourceCode .sh_predef_func { color: #00008B; font-weight: bold; }
+
+/* for OOP */
+pre.sh_sourceCode .sh_classname { color: teal; }
+
+/* line numbers (not yet implemented) */
+pre.sh_sourceCode .sh_linenum { display: none; }
+
+/* Internet related */
+pre.sh_sourceCode .sh_url { color: blue; text-decoration: underline; font-family: monospace; }
+
+/* for ChangeLog and Log files */
+pre.sh_sourceCode .sh_date { color: blue; font-weight: bold; }
+pre.sh_sourceCode .sh_time, pre.sh_sourceCode .sh_file { color: #00008B; font-weight: bold; }
+pre.sh_sourceCode .sh_ip, pre.sh_sourceCode .sh_name { color: #006400; }
+
+/* for Prolog, Perl... */
+pre.sh_sourceCode .sh_variable { color: #006400; }
+
+/* for LaTeX */
+pre.sh_sourceCode .sh_italics { color: #006400; font-style: italic; }
+pre.sh_sourceCode .sh_bold { color: #006400; font-weight: bold; }
+pre.sh_sourceCode .sh_underline { color: #006400; text-decoration: underline; }
+pre.sh_sourceCode .sh_fixed { color: green; font-family: monospace; }
+pre.sh_sourceCode .sh_argument { color: #006400; }
+pre.sh_sourceCode .sh_optionalargument { color: purple; }
+pre.sh_sourceCode .sh_math { color: orange; }
+pre.sh_sourceCode .sh_bibtex { color: blue; }
+
+/* for diffs */
+pre.sh_sourceCode .sh_oldfile { color: orange; }
+pre.sh_sourceCode .sh_newfile { color: #006400; }
+pre.sh_sourceCode .sh_difflines { color: blue; }
+
+/* for css */
+pre.sh_sourceCode .sh_selector { color: purple; }
+pre.sh_sourceCode .sh_property { color: blue; }
+pre.sh_sourceCode .sh_value { color: #006400; font-style: italic; }
+
+/* other */
+pre.sh_sourceCode .sh_section { color: black; font-weight: bold; }
+pre.sh_sourceCode .sh_paren { color: red; }
+pre.sh_sourceCode .sh_attribute { color: #006400; }
+
+</style><link charset="utf-8" type="text/css" rel="stylesheet" href="http://www.w3.org/StyleSheets/TR/w3c-unofficial"><style type='text/css'>
+.diff-old-a {
+ font-size: smaller;
+ color: red;
+}
+
+.diff-new { background-color: yellow; }
+.diff-chg { background-color: lime; }
+.diff-new:before,
+.diff-new:after
+ { content: "\2191" }
+.diff-chg:before, .diff-chg:after
+ { content: "\2195" }
+.diff-old { text-decoration: line-through; background-color: #FBB; }
+.diff-old:before,
+.diff-old:after
+ { content: "\2193" }
+:focus { border: thin red solid}
+</style>
+</head>
+<body style="display: inherit;">
+<div class="head">
+<p>
+</p>
+<h1 property="dcterms:title" class="title" id="title">
+WebID
+1.0
+</h1>
+<h2 property="bibo:subtitle" id="subtitle">
+Web
+Identification
+and
+Discovery
+</h2>
+<h2 id="unofficial-draft-09-august-2010" property="dcterms:issued" datatype="xsd:dateTime" content="2010-08-09T16:37:31+0000">
+Unofficial
+Draft
+
+<del class="diff-old">25
+July
+</del>
+<ins class="diff-chg">09
+August
+</ins>
+2010
+</h2>
+<dl>
+<dt>
+<del class="diff-old">Editor:
+</del>
+<ins class="diff-chg">Editors:
+</ins>
+</dt>
+<dd rel="bibo:editor">
+<span typeof="foaf:Person">
+<span property="foaf:name">
+Manu
+Sporny
+
+</span>,
+<a rel="foaf:workplaceHomepage" href="http://blog.digitalbazaar.com/">
+Digital
+Bazaar,
+Inc.
+</a>
+<a rel="foaf:mbox" href="mailto:msporny@digitalbazaar.com">
+msporny@digitalbazaar.com
+</a>
+</span>
+</dd>
+<dd rel="bibo:editor">
+<span typeof="foaf:Person">
+<span property="foaf:name">
+<ins class="diff-new">Stéphane
+Corlosquet
+</ins></span>,<a rel="foaf:workplaceHomepage" href="http://massgeneral.org/"><ins class="diff-new">
+Massachusetts
+General
+Hospital
+</ins></a><a rel="foaf:mbox" href="mailto:scorlosquet@gmail.com"><ins class="diff-new">
+
+scorlosquet@gmail.com
+</ins></a></span></dd>
+<dt>
+Authors:
+</dt>
+<dd rel="dcterms:contributor">
+<span typeof="foaf:Person">
+<a rel="foaf:homepage" property="foaf:name" content="Toby Inkster" href="http://tobyinkster.co.uk/">
+Toby
+Inkster
+</a>
+</span>
+</dd>
+<dd rel="dcterms:contributor">
+<span typeof="foaf:Person">
+<a rel="foaf:homepage" property="foaf:name" content="Henry Story" href="http://bblfish.net/">
+Henry
+Story
+</a>
+
+</span>
+</dd>
+<dd rel="dcterms:contributor">
+<span typeof="foaf:Person">
+<a rel="foaf:homepage" property="foaf:name" content="Bruno Harbulot" href="http://blog.distributedmatter.net/">
+Bruno
+Harbulot
+</a>
+</span>
+</dd>
+<dd rel="dcterms:contributor">
+<span typeof="foaf:Person">
+<a rel="foaf:homepage" property="foaf:name" content="Reto Bachmann-Gmür" href="http://trialox.org/">
+Reto
+Bachmann-Gmür
+</a>
+</span>
+</dd>
+</dl>
+
+<p>
+This
+document
+is
+also
+available
+in
+this
+non-normative
+format:
+<a href="drafts/ED-webid-20100809/diff-20100725.html">
+Diff
+from
+previous
+Editors
+Draft
+</a>.
+</p>
+<p class="copyright">
+This
+document
+is
+licensed
+under
+a
+<a class="subfoot" href="http://creativecommons.org/licenses/by/3.0/" rel="license">
+Creative
+Commons
+Attribution
+3.0
+License
+</a>.
+</p>
+<hr>
+</div>
+<div about="#abstract" typeof="bibo:Chapter" datatype="" property="dcterms:abstract" class="introductory section" id="abstract">
+<h2>
+Abstract
+
+</h2>
+<p>
+Social
+networking,
+identity
+and
+privacy
+have
+been
+at
+the
+center
+of
+how
+we
+interact
+with
+the
+Web
+in
+the
+last
+decade.
+The
+explosion
+of
+social
+networking
+sites
+has
+brought
+the
+world
+closer
+together
+as
+well
+as
+created
+new
+points
+of
+pain
+regarding
+ease
+of
+use
+and
+the
+Web.
+Remembering
+login
+details,
+passwords,
+and
+sharing
+private
+information
+across
+the
+many
+websites
+and
+social
+groups
+that
+we
+are
+a
+part
+of
+has
+become
+more
+difficult
+and
+complicated
+than
+necessary.
+The
+Social
+Web
+is
+designed
+to
+ensure
+that
+control
+of
+identity
+and
+privacy
+settings
+is
+always
+simple
+and
+under
+one's
+control.
+WebID
+is
+a
+key
+enabler
+of
+the
+Social
+Web.
+This
+specification
+outlines
+a
+simple
+universal
+identification
+mechanism
+that
+is
+distributed,
+openly
+extensible,
+improves
+privacy,
+security
+and
+control
+over
+how
+one
+can
+identify
+themselves
+and
+control
+access
+to
+their
+information
+on
+the
+Web.
+</p>
+<div class="section" about="#how-to-read-this-document" typeof="bibo:Chapter">
+<h3 id="how-to-read-this-document">
+How
+to
+Read
+this
+Document
+</h3>
+<p>
+There
+are
+a
+number
+of
+concepts
+that
+are
+covered
+in
+this
+document
+that
+the
+reader
+may
+want
+to
+be
+aware
+of
+before
+continuing.
+General
+knowledge
+of
+<a href="http://en.wikipedia.org/wiki/Public_key_cryptography">
+public
+key
+cryptography
+</a>
+and
+RDF
+[
+<cite>
+<a href="#bib-RDF-PRIMER" rel="biblioentry" class="bibref">
+RDF-PRIMER
+
+</a>
+</cite>
+]
+and
+RDFa
+[
+<cite>
+<a href="#bib-RDFA-CORE" rel="biblioentry" class="bibref">
+RDFA-CORE
+</a>
+</cite>
+]
+is
+necessary
+to
+understand
+how
+to
+implement
+this
+specification.
+WebID
+uses
+a
+number
+of
+specific
+technologies
+like
+HTTP
+over
+TLS
+[
+<cite>
+<a href="#bib-HTTP-TLS" rel="biblioentry" class="bibref">
+HTTP-TLS
+</a>
+</cite>
+],
+X.509
+certificates
+[
+<cite>
+<a href="#bib-X509V3" rel="biblioentry" class="bibref">
+
+X509V3
+</a>
+</cite>
+],
+RDF/XML
+[
+<cite>
+<a href="#bib-RDF-SYNTAX-GRAMMAR" rel="biblioentry" class="bibref">
+RDF-SYNTAX-GRAMMAR
+</a>
+</cite>
+]
+and
+XHTML+RDFa
+[
+<cite>
+<a href="#bib-XHTML-RDFA" rel="biblioentry" class="bibref">
+XHTML-RDFA
+</a>
+</cite>
+].
+</p>
+
+<p>
+A
+general
+<a href="#introduction">
+Introduction
+</a>
+is
+provided
+for
+all
+that
+would
+like
+to
+understand
+why
+this
+specification
+is
+necessary
+to
+simplify
+usage
+of
+the
+Web.
+</p>
+<p>
+The
+terms
+used
+throughout
+this
+specification
+are
+listed
+in
+the
+section
+titled
+<a href="#terminology">
+Terminology
+</a>.
+</p>
+<p>
+Developers
+that
+are
+interested
+in
+implementing
+this
+specification
+will
+be
+most
+interested
+in
+the
+sections
+titled
+<a href="#authentication-sequence">
+Authentication
+Sequence
+
+</a>
+and
+<a href="#authentication-sequence-details">
+Authentication
+Sequence
+Details
+</a>.
+</p>
+</div>
+</div>
+<div about="#sotd" typeof="bibo:Chapter" id="sotd" class="introductory section">
+<h2>
+Status
+of
+This
+Document
+</h2>
+<p>
+This
+document
+is
+merely
+a
+public
+working
+draft
+of
+a
+potential
+specification.
+It
+has
+no
+official
+standing
+of
+any
+kind
+and
+does
+not
+represent
+the
+support
+or
+consensus
+of
+any
+standards
+organisation.
+</p>
+The
+source
+code
+for
+this
+document
+is
+available
+via
+Github
+at
+the
+following
+<del class="diff-old">URL:
+
+</del>
+<ins class="diff-chg">URI:
+</ins>
+<a href="http://github.com/msporny/webid-spec">
+http://github.com/msporny/webid-spec
+</a>
+</div>
+<div class="section" about="#toc" typeof="bibo:Chapter" id="toc">
+<h2 class="introductory">
+Table
+of
+Contents
+</h2>
+<ul class="toc">
+<li class="tocline">
+<a class="tocxref" href="#introduction">
+<span class="secno">
+1.
+</span>
+
+Introduction
+</a>
+<ul class="toc">
+<li class="tocline">
+<a class="tocxref" href="#motivation">
+<span class="secno">
+1.1
+</span>
+Motivation
+</a>
+</li>
+</ul>
+</li>
+<li class="tocline">
+<a class="tocxref" href="#preconditions">
+<span class="secno">
+<del class="diff-old">1.2
+
+</del>
+<ins class="diff-chg">2.
+</ins>
+</span>
+<del class="diff-old">Relation
+to
+OpenID
+</del>
+<ins class="diff-chg">Preconditions
+</ins>
+</a>
+<ul class="toc">
+<li class="tocline">
+<a class="tocxref" href="#terminology">
+<span class="secno">
+<del class="diff-old">1.3
+</del>
+<ins class="diff-chg">2.1
+</ins>
+
+</span>
+<del class="diff-old">Relation
+to
+OAuth
+</del>
+<ins class="diff-chg">Terminology
+</ins>
+</a>
+</li>
+<li class="tocline">
+<a class="tocxref" href="#creating-the-certificate">
+<span class="secno">
+<ins class="diff-chg">2.2
+</ins></span><ins class="diff-chg">
+Creating
+the
+certificate
+</ins></a>
+</li>
+<li class="tocline">
+<a class="tocxref" href="#publishing-the-webid-profile-document">
+
+<span class="secno">
+<del class="diff-old">2.
+</del>
+<ins class="diff-chg">2.3
+</ins>
+</span>
+<del class="diff-old">The
+</del>
+<ins class="diff-chg">Publishing
+the
+</ins>
+WebID
+<del class="diff-old">Protocol
+</del>
+<ins class="diff-chg">Profile
+Document
+</ins>
+</a>
+<ul class="toc">
+
+<li class="tocline">
+<a class="tocxref" href="#turtle">
+<span class="secno">
+<del class="diff-old">2.1
+</del>
+<ins class="diff-chg">2.3.1
+</ins>
+</span>
+<del class="diff-old">Terminology
+</del>
+<ins class="diff-chg">Turtle
+</ins>
+</a>
+</li>
+<li class="tocline">
+<a class="tocxref" href="#rdfa-html-notation">
+<span class="secno">
+
+<del class="diff-old">2.2
+</del>
+<ins class="diff-chg">2.3.2
+</ins></span><ins class="diff-chg">
+RDFa
+HTML
+notation
+</ins></a></li><li class="tocline"><a class="tocxref" href="#in-rdf-xml"><span class="secno"><ins class="diff-chg">
+2.3.3
+</ins></span><ins class="diff-chg">
+In
+RDF/XML
+</ins></a></li><li class="tocline"><a class="tocxref" href="#in-portable-contacts-format-using-grddl"><span class="secno"><ins class="diff-chg">
+2.3.4
+</ins></span><ins class="diff-chg">
+In
+Portable
+Contacts
+format
+using
+GRDDL
+</ins></a></li></ul></li></ul></li><li class="tocline"><a class="tocxref" href="#the-webid-protocol"><span class="secno"><ins class="diff-chg">
+3.
+</ins></span><ins class="diff-chg">
+The
+WebID
+Protocol
+
+</ins></a><ul class="toc"><li class="tocline"><a class="tocxref" href="#authentication-sequence"><span class="secno"><ins class="diff-chg">
+3.1
+</ins>
+</span>
+Authentication
+Sequence
+</a>
+</li>
+<li class="tocline">
+<a class="tocxref" href="#authentication-sequence-details">
+<span class="secno">
+<del class="diff-old">2.3
+</del>
+<ins class="diff-chg">3.2
+</ins>
+</span>
+Authentication
+Sequence
+Details
+</a>
+
+<ul class="toc">
+<li class="tocline">
+<a class="tocxref" href="#initiating-a-tls-connection">
+<span class="secno">
+<del class="diff-old">2.3.1
+</del>
+<ins class="diff-chg">3.2.1
+</ins>
+</span>
+Initiating
+a
+TLS
+Connection
+</a>
+</li>
+<li class="tocline">
+<a class="tocxref" href="#exchanging-the-identification-certificate">
+<span class="secno">
+<del class="diff-old">2.3.2
+</del>
+
+<ins class="diff-chg">3.2.2
+</ins>
+</span>
+Exchanging
+the
+Identification
+Certificate
+</a>
+</li>
+<li class="tocline">
+<a class="tocxref" href="#processing-the-webid-profile">
+<span class="secno">
+<del class="diff-old">2.3.3
+</del>
+<ins class="diff-chg">3.2.3
+</ins>
+</span>
+Processing
+the
+WebID
+Profile
+</a>
+</li>
+
+<li class="tocline">
+<a class="tocxref" href="#verifying-the-webid-is-identified-by-that-public-key">
+<span class="secno">
+<del class="diff-old">2.3.4
+</del>
+<ins class="diff-chg">3.2.4
+</ins>
+</span>
+<del class="diff-old">Extracting
+</del>
+<ins class="diff-chg">Verifying
+the
+</ins>
+WebID
+<del class="diff-old">URL
+Details
+</del>
+<ins class="diff-chg">is
+identified
+by
+that
+public
+key
+</ins>
+
+</a>
+</li>
+<li class="tocline">
+<a class="tocxref" href="#authorization">
+<span class="secno">
+<del class="diff-old">2.3.5
+</del>
+<ins class="diff-chg">3.2.5
+</ins>
+</span>
+Authorization
+</a>
+</li>
+<li class="tocline">
+<a class="tocxref" href="#secure-communication">
+<span class="secno">
+<del class="diff-old">2.3.6
+
+</del>
+<ins class="diff-chg">3.2.6
+</ins>
+</span>
+Secure
+Communication
+</a>
+</li>
+</ul>
+</li>
+<li class="tocline">
+<a class="tocxref" href="#the-webid-profile">
+<span class="secno">
+<del class="diff-old">2.4
+</del>
+<ins class="diff-chg">3.3
+</ins>
+</span>
+
+The
+WebID
+Profile
+</a>
+<ul class="toc">
+<li class="tocline">
+<a class="tocxref" href="#personal-information">
+<span class="secno">
+<del class="diff-old">2.4.1
+</del>
+<ins class="diff-chg">3.3.1
+</ins>
+</span>
+Personal
+Information
+</a>
+</li>
+<li class="tocline">
+<a class="tocxref" href="#cryptographic-details">
+<span class="secno">
+
+<del class="diff-old">2.4.2
+</del>
+<ins class="diff-chg">3.3.2
+</ins>
+</span>
+Cryptographic
+Details
+</a>
+</li>
+</ul>
+</li>
+</ul>
+</li>
+<li class="tocline">
+<a class="tocxref" href="#history">
+<span class="secno">
+A.
+</span>
+
+<ins class="diff-new">Change
+History
+</ins></a></li><li class="tocline"><a class="tocxref" href="#acknowledgements"><span class="secno"><ins class="diff-new">
+B.
+</ins></span><ins class="diff-new">
+Acknowledgments
+</ins></a></li><li class="tocline"><a class="tocxref" href="#references"><span class="secno"><ins class="diff-new">
+C.
+</ins></span>
+References
+</a>
+<ul class="toc">
+<li class="tocline">
+<a class="tocxref" href="#normative-references">
+<span class="secno">
+<del class="diff-old">A.1
+</del>
+<ins class="diff-chg">C.1
+
+</ins>
+</span>
+Normative
+references
+</a>
+</li>
+<li class="tocline">
+<a class="tocxref" href="#informative-references">
+<span class="secno">
+<del class="diff-old">A.2
+</del>
+<ins class="diff-chg">C.2
+</ins>
+</span>
+Informative
+references
+</a>
+</li>
+</ul>
+
+</li>
+</ul>
+</div>
+<div about="#introduction" typeof="bibo:Chapter" id="introduction" class="informative section">
+<h2>
+<span class="secno">
+1.
+</span>
+Introduction
+</h2>
+<p>
+<em>
+This
+section
+is
+non-normative.
+</em>
+</p>
+<p>
+The
+WebID
+specification
+is
+designed
+to
+help
+alleviate
+the
+difficultly
+that
+remembering
+different
+logins,
+passwords
+and
+settings
+for
+websites
+has
+created.
+It
+is
+also
+designed
+to
+provide
+a
+universal
+and
+extensible
+mechanism
+to
+express
+public
+and
+private
+information
+about
+yourself.
+This
+section
+outlines
+the
+motivation
+behind
+the
+specification
+and
+the
+relationship
+to
+other
+similar
+specifications
+that
+are
+in
+active
+use
+today.
+
+</p>
+<div about="#motivation" typeof="bibo:Chapter" id="motivation" class="informative section">
+<h3>
+<span class="secno">
+1.1
+</span>
+Motivation
+</h3>
+<p>
+<em>
+This
+section
+is
+non-normative.
+</em>
+</p>
+<p>
+It
+is
+a
+fundamental
+design
+criteria
+of
+the
+Web
+to
+enable
+individuals
+and
+organizations
+to
+control
+how
+they
+interact
+with
+the
+rest
+of
+society.
+This
+includes
+how
+one
+expresses
+their
+identity,
+public
+information
+and
+personal
+details
+to
+social
+networks,
+Web
+sites
+and
+services.
+</p>
+<p>
+
+Semantic
+Web
+vocabularies
+such
+as
+Friend-of-a-Friend
+(FOAF)
+permit
+distributed
+hyperlinked
+social
+networks
+to
+exist.
+This
+vocabulary,
+along
+with
+other
+vocabularies,
+allow
+one
+to
+add
+information
+and
+services
+protection
+to
+distributed
+social
+networks.
+</p>
+<p>
+One
+major
+criticism
+of
+open
+networks
+is
+that
+they
+seem
+to
+have
+no
+way
+of
+protecting
+the
+personal
+information
+distributed
+on
+the
+web
+or
+limiting
+access
+to
+resources.
+Few
+people
+are
+willing
+to
+make
+all
+their
+personal
+information
+public,
+many
+would
+like
+large
+pieces
+to
+be
+protected,
+making
+it
+available
+only
+to
+a
+<del class="diff-old">select
+</del>
+<ins class="diff-chg">selected
+</ins>
+group
+of
+agents.
+Giving
+access
+to
+information
+is
+very
+similar
+to
+giving
+access
+to
+services.
+There
+are
+many
+occasions
+when
+people
+would
+like
+services
+to
+only
+be
+accessible
+to
+members
+of
+a
+group,
+such
+as
+allowing
+only
+friends,
+family
+members,
+colleagues
+to
+post
+an
+article,
+photo
+or
+comment
+on
+a
+blog.
+How
+does
+one
+do
+this
+in
+a
+flexible
+way,
+without
+requiring
+a
+central
+point
+of
+access
+control?
+</p>
+<p>
+Using
+<del class="diff-old">an
+</del>
+<ins class="diff-chg">a
+</ins>
+process
+made
+popular
+by
+OpenID,
+we
+show
+how
+one
+can
+tie
+a
+User
+Agent
+to
+a
+
+<del class="diff-old">URL
+</del>
+<ins class="diff-chg">URI
+</ins>
+by
+proving
+that
+one
+has
+write
+access
+to
+the
+<del class="diff-old">URL.
+</del>
+<ins class="diff-chg">URI.
+</ins>
+WebID
+is
+<del class="diff-old">a
+simpler
+alternative
+to
+OpenID
+(fewer
+connections),
+that
+</del>
+<ins class="diff-chg">an
+authentication
+protocol
+which
+</ins>
+uses
+X.509
+certificates
+to
+<del class="diff-old">tie
+</del>
+
+<ins class="diff-chg">associate
+</ins>
+a
+User
+Agent
+(Browser)
+to
+a
+Person
+identified
+via
+a
+<del class="diff-old">URL.
+</del>
+<ins class="diff-chg">URI.
+</ins>
+WebID
+<del class="diff-old">also
+</del>
+<ins class="diff-chg">is
+compatible
+with
+OpenID
+and
+</ins>
+provides
+a
+few
+additional
+features
+<del class="diff-old">to
+OpenID.
+These
+features
+include
+</del>
+<ins class="diff-chg">such
+as
+</ins>
+
+trust
+<del class="diff-old">management,
+</del>
+<ins class="diff-chg">management
+</ins>
+via
+digital
+signatures,
+and
+free-form
+extensibility
+via
+<del class="diff-old">RDFa.
+</del>
+<ins class="diff-chg">RDF.
+</ins>
+By
+using
+the
+existing
+SSL
+certificate
+exchange
+mechanism,
+WebID
+integrates
+<del class="diff-old">more
+</del>
+smoothly
+with
+existing
+Web
+browsers,
+including
+browsers
+on
+mobile
+devices.
+WebID
+also
+permits
+automated
+session
+login
+in
+addition
+to
+interactive
+session
+login.
+Additionally,
+all
+data
+is
+encrypted
+and
+guaranteed
+to
+only
+be
+received
+by
+the
+person
+or
+organization
+that
+was
+intended
+to
+receive
+it.
+</p>
+</div>
+<del class="diff-old">1.2
+Relation
+to
+OpenID
+This
+section
+is
+non-normative.
+This
+section
+needs
+to
+be
+re-written.
+The
+flow
+and
+grammar
+leaves
+much
+to
+be
+desired.
+--
+manu
+WebID
+is
+compatible
+with
+OpenID.
+Both
+protocols
+use
+a
+URL
+that
+dereferences
+to
+a
+Personal
+Profile
+Document.
+This
+Personal
+Profile
+Document
+is
+where
+further
+information
+about
+an
+identity
+can
+be
+discovered.
+This
+mechanism
+is
+compatible
+with
+both
+WebID
+and
+OpenID.
+Therefore,
+WebID
+does
+not
+intend
+to
+replace
+OpenID,
+but
+can
+work
+beside
+OpenID
+by
+sharing
+the
+content
+in
+the
+Personal
+Profile
+Document.
+That
+said,
+there
+are
+a
+number
+of
+benefits
+that
+WebID
+achieves
+over
+OpenID:
+WebID
+gives
+people
+and
+other
+agents
+a
+WebID
+URL
+for
+identification.
+OpenID
+also
+provides
+a
+URL
+to
+a
+Personal
+Profile
+Document.
+However,
+in
+the
+case
+of
+WebID,
+one
+does
+not
+need
+to
+remember
+the
+URL
+since
+the
+User
+Agent
+remembers
+the
+URL
+on
+behalf
+of
+the
+person
+browsing.
+To
+log
+in
+on
+a
+WebID
+web
+site
+there
+is
+no
+need
+to
+enter
+any
+identifier
+like
+one
+has
+to
+do
+for
+OpenID.
+Just
+one
+click
+tells
+the
+browser
+to
+send
+the
+WebID
+URL.
+The
+person
+that
+is
+browsing
+does
+not
+need
+to
+remember
+either
+their
+WebID
+URL
+or
+the
+website
+password.
+The
+only
+password
+one
+may
+need
+to
+remember
+is
+the
+one
+that
+is
+used
+to
+access
+their
+collection
+of
+WebIDs
+in
+their
+browser,
+and
+that's
+only
+if
+they
+opt-in
+to
+password
+protect
+their
+WebIDs.
+While
+WebID
+works
+well
+in
+a
+browser
+environment,
+it
+is
+also
+very
+useful
+outside
+of
+the
+browser
+environment.
+WebID
+can
+also
+operate
+without
+requiring
+the
+use
+of
+any
+passwords.
+This
+is
+useful
+to
+developers
+that
+may
+want
+to
+use
+WebID
+to
+perform
+server-to-server
+or
+peer-to-peer
+verification
+of
+identity.
+WebID
+works
+for
+automated
+agents
+such
+as
+Search
+Agents,
+API
+Agents,
+and
+other
+automated
+mechanisms
+that
+are
+often
+found
+outside
+of
+the
+browser
+environment.
+The
+WebID
+protocol
+requires
+just
+one
+direct
+network
+connection
+to
+establish
+identity
+via
+the
+client.
+The
+server
+requires
+one
+connection
+to
+the
+client
+and
+one
+connection
+to
+retrieve
+the
+WebID
+Profile
+if
+it
+does
+not
+have
+the
+credential
+information
+cached.
+Compare
+this
+to
+the
+much
+more
+complex
+OpenID
+sequence,
+which
+requires
+six
+connections
+by
+the
+client
+to
+establish
+a
+login.
+In
+a
+world
+of
+distributed
+data
+where
+each
+site
+can
+point
+to
+data
+on
+any
+other
+site,
+multiple
+connections
+become
+costly
+to
+manage.
+WebID
+builds
+on
+a
+number
+of
+well
+established
+Internet
+and
+Web
+standards;
+REST
+,
+RDF
+[
+RDF-PRIMER
+],
+RDFa
+[
+RDFA-CORE
+],
+RDF/XML
+[
+RDF-SYNTAX-GRAMMAR
+],
+TLS
+[
+HTTP-TLS
+],
+and
+X.509
+[
+X509V3
+].
+By
+building
+on
+previous
+standards,
+it
+makes
+both
+explaining
+and
+implementing
+WebID
+easier
+on
+developers.
+Since
+WebID
+is
+RESTful,
+you
+can
+perform
+basic
+HTTP
+operations
+to
+GET
+your
+WebID,
+and
+if
+you
+needed
+update
+it,
+you
+can
+use
+HTTP
+PUT
+semantics.
+You
+can
+also
+create
+a
+WebID
+via
+POST
+.
+This
+is
+improved
+from
+the
+OpenID
+specification,
+which
+requires
+a
+new
+set
+of
+operations
+described
+in
+the
+OpenID
+Attribute
+Exchange
+specification.
+WebID
+is
+built
+on
+RDF
+and
+thus
+enables
+all
+of
+the
+advanced
+semantic
+web
+concepts
+that
+RDF
+enables.
+For
+example,
+a
+developer
+may
+perform
+machine
+reasoning
+with
+a
+WebID.
+One
+can
+construct
+machine-executable
+statements
+like
+"If
+this
+WebID
+claims
+to
+be
+a
+friend
+of
+one
+of
+our
+partner
+WebIDs
+that
+is
+trusted
+and
+the
+relationship
+is
+bi-directional,
+trust
+the
+WebID."
+While
+OpenID
+attempts
+to
+support
+this
+use
+case
+by
+mapping
+OpenID
+to
+RDF,
+it's
+far
+easier
+to
+do
+with
+WebID
+because
+WebID
+is
+natively
+RDF-aware.
+It
+is
+easy
+to
+extend
+a
+WebID
+with
+new
+attributes
+via
+RDF.
+The
+power
+of
+RDF
+allows
+developers
+to
+add
+extensions
+to
+WebID
+by
+defining
+new
+vocabularies
+that
+they
+publish.
+There
+is
+no
+authorization
+process
+necessary
+and
+thus
+WebID
+allows
+for
+distributed
+innovation.
+Every
+WebID
+property
+is
+a
+URI,
+which
+when
+clicked,
+can
+give
+you
+yet
+more
+information
+about
+what
+the
+property
+means.
+A
+developer
+can
+create
+new
+usage
+classes
+by
+extending
+their
+vocabulary
+at
+will.
+A
+developer
+can
+add
+relationships
+to
+a
+WebID
+by
+simply
+adding
+more
+HTML
+to
+the
+developer's
+page.
+OpenID
+does
+not
+provide
+any
+type
+of
+distributed
+innovation
+akin
+to
+RDF.
+Implementing
+WebID
+is
+easier
+than
+OpenID
+because
+all
+of
+the
+basic
+technologies
+have
+been
+working
+and
+integrated
+into
+Web
+browsers
+for
+many
+years.
+There
+were
+already
+three
+interoperable
+implementations
+of
+WebID
+before
+this
+specification
+was
+written.
+WebID
+is
+truly
+decentralized
+-
+with
+WebID
+you
+get
+a
+web
+of
+trust.
+OpenID
+only
+supports
+the
+Web
+of
+Trust
+model
+if
+you
+indirectly
+trust
+the
+OpenID
+provider.
+In
+other
+words
+-
+OpenID
+is
+not
+truly
+decentralized.
+In
+OpenID
+you
+must
+trust
+OpenID
+providers.
+With
+WebID
+you
+only
+have
+to
+trust
+the
+people
+and
+the
+organizations
+with
+which
+you
+are
+communicating.
+In
+other
+words,
+you
+don't
+have
+to
+ask
+anyone
+whether
+or
+not
+you
+can
+trust
+your
+friends.
+You
+can
+query
+people
+that
+you
+trust
+directly
+to
+see
+if
+someone
+is
+trustworthy
+or
+not.
+There
+is
+no
+need
+for
+a
+central
+WebID
+authority.
+WebID
+is
+fully
+distributed,
+anyone
+can
+setup
+a
+WebID
+by
+placing
+a
+single
+file
+on
+a
+web
+server
+of
+their
+choosing.
+There
+is
+no
+need
+for
+a
+special
+OpenID-like
+provider
+service.
+The
+only
+thing
+anyone
+that
+wants
+a
+WebID
+needs
+is
+a
+web
+account
+where
+you
+can
+post
+your
+WebID
+file,
+ideally
+on
+your
+own
+domain
+name.
+You
+can
+also
+use
+a
+WebID
+hosting
+provider,
+but
+it's
+not
+necessary
+for
+WebID
+to
+work.
+While
+it
+is
+possible
+to
+run
+an
+OpenID
+server,
+other
+OpenID
+applications
+may
+not
+trust
+you
+and
+thus
+you
+won't
+be
+able
+to
+fully
+utilize
+your
+private
+OpenID
+credentials.
+The
+reason
+that
+there
+are
+a
+few
+large
+OpenID
+providers
+and
+very
+few
+small
+OpenID
+providers
+is
+because
+of
+this
+trust
+design
+issue
+related
+to
+OpenID.
+WebID
+does
+not
+require
+HTTP
+redirects.
+Redirects
+are
+problematic
+on
+many
+cell
+phones,
+because
+telecoms
+heavily
+rely
+on
+proxys,
+which
+selectively
+block
+redirects.
+A
+WebID
+provider
+is
+100%
+compatible
+with
+an
+OpenID
+provider
+and
+thus
+can
+inter-operate
+with
+OpenID-powered
+networks.
+
+</del>
+</div>
+<del class="diff-old">1.3
+Relation
+to
+OAuth
+This
+section
+is
+non-normative.
+OAuth
+and
+WebID
+are
+mutually
+beneficial
+when
+used
+together.
+WebID
+can
+be
+used
+to
+provide
+RSA
+parameters
+to
+the
+RSA-SHA1
+signature
+method
+required
+by
+OAuth
+1.0.
+WebID
+can
+also
+be
+used
+to
+establish
+the
+consumer_key
+and
+HTTPS
+connection
+that
+will
+be
+used
+to
+transmit
+OAuth
+Tokens
+in
+OAuth
+2.0.
+</del>
+<div class="section" about="#preconditions" typeof="bibo:Chapter" id="preconditions">
+<h2>
+<span class="secno">
+2.
+</span>
+<del class="diff-old">The
+WebID
+Protocol
+</del>
+<ins class="diff-chg">Preconditions
+</ins>
+</h2>
+<div class="section" about="#terminology" typeof="bibo:Chapter" id="terminology">
+<h3>
+<span class="secno">
+
+2.1
+</span>
+Terminology
+</h3>
+<dl>
+<dt>
+<dfn id="dfn-verification_agent" title="Verification_Agent">
+Verification
+Agent
+</dfn>
+</dt>
+<dd>
+Performs
+authentication
+on
+provided
+WebID
+credentials
+and
+determines
+if
+an
+<a href="#dfn-identification_agent" title="Identification_Agent" class="tref internalDFN">
+Identification
+Agent
+</a>
+can
+have
+access
+to
+a
+particular
+resource.
+A
+<a href="#dfn-verification_agent" title="Verification_Agent" class="tref internalDFN">
+
+Verification
+Agent
+</a>
+is
+typically
+a
+Web
+server,
+but
+may
+also
+be
+a
+peer
+on
+a
+peer-to-peer
+network.
+</dd>
+<dt>
+<dfn id="dfn-identification_agent" title="Identification_Agent">
+Identification
+Agent
+</dfn>
+</dt>
+<dd>
+Provides
+identification
+credentials
+to
+a
+<a href="#dfn-verification_agent" title="Verification_Agent" class="tref internalDFN">
+Verification
+<del class="diff-old">Agent.
+</del>
+<ins class="diff-chg">Agent
+</ins></a>.
+The
+
+<a href="#dfn-identification_agent" title="Identification_Agent" class="tref internalDFN">
+Identification
+Agent
+</a>
+is
+typically
+also
+a
+User
+Agent.
+</dd>
+<dt>
+<dfn id="dfn-identification_certificate" title="Identification_Certificate">
+Identification
+Certificate
+</dfn>
+</dt>
+<dd>
+An
+X.509
+[
+<cite>
+<a href="#bib-X509V3" rel="biblioentry" class="bibref">
+X509V3
+</a>
+</cite>
+
+]
+Certificate
+that
+<em title="must" class="rfc2119">
+must
+</em>
+contain
+a
+<code>
+Subject
+Alternative
+Name
+</code>
+extension
+with
+a
+URI
+entry.
+The
+URI
+<del class="diff-old">should
+be
+a
+URL,
+and
+should
+not
+be
+a
+URN.
+The
+URL
+</del>
+identifies
+the
+<a href="#dfn-identification_agent" title="Identification_Agent" class="tref internalDFN">
+Identification
+Agent
+</a>.
+The
+<del class="diff-old">URL
+must
+</del>
+
+<ins class="diff-chg">URI
+</ins><em title="should" class="rfc2119"><ins class="diff-chg">
+should
+</ins>
+</em>
+be
+dereference-able
+and
+result
+in
+a
+document
+containing
+RDF
+data.
+For
+example,
+the
+certificate
+would
+contain
+<code>
+http://example.org/webid#public
+</code>,
+known
+as
+a
+<a href="#dfn-webid_uri" title="WebID_URI" class="tref internalDFN">
+WebID
+<del class="diff-old">URL
+</del>
+<ins class="diff-chg">URI
+</ins>
+</a>,
+as
+the
+<code>
+
+Subject
+Alternative
+Name
+</code>:
+<del class="diff-old">X509v3 extensions:
+ ...
+ X509v3 Subject Alternative Name:
+ URI:http://example.org/webid#public
+</del>
+<pre>X509v3 extensions:
+<ins class="diff-chg"> ...
+ X509v3 Subject Alternative Name:
+ URI:http://example.org/webid#public
+</ins>
+</pre>
+<p class="issue">
+<ins class="diff-chg">TODO:
+cover
+the
+case
+where
+there
+are
+more
+than
+one
+URI
+entry
+</ins></p>
+</dd>
+<dt>
+<dfn id="dfn-webid_uri" title="WebID_URI">
+WebID
+<del class="diff-old">URL
+
+</del>
+<ins class="diff-chg">URI
+</ins>
+</dfn>
+</dt>
+<dd>
+A
+<del class="diff-old">URL
+</del>
+<ins class="diff-chg">URI
+</ins>
+specified
+via
+the
+<code>
+Subject
+Alternative
+Name
+</code>
+extension
+of
+the
+<a href="#dfn-identification_certificate" title="Identification_Certificate" class="tref internalDFN">
+
+Identification
+Certificate
+</a>
+that
+identifies
+an
+<a href="#dfn-identification_agent" title="Identification_Agent" class="tref internalDFN">
+Identification
+Agent
+</a>.
+</dd>
+<dt>
+<dfn id="dfn-public_key" title="public_key">
+public
+key
+</dfn>
+</dt>
+<dd>
+A
+widely
+distributed
+<del class="diff-old">crytographic
+</del>
+<ins class="diff-chg">cryptographic
+
+</ins>
+key
+that
+can
+be
+used
+to
+verify
+digital
+signatures
+and
+encrypt
+data
+between
+a
+sender
+and
+a
+receiver.
+A
+public
+key
+is
+always
+included
+in
+an
+<a href="#dfn-identification_certificate" title="Identification_Certificate" class="tref internalDFN">
+Identification
+Certificate
+</a>.
+</dd>
+<dt>
+<dfn id="dfn-webid_profile" title="WebID_Profile">
+WebID
+Profile
+</dfn>
+</dt>
+<dd>
+A
+structured
+document
+that
+contains
+identification
+credentials
+for
+the
+<a href="#dfn-identification_agent" title="Identification_Agent" class="tref internalDFN">
+Identification
+Agent
+</a>
+expressed
+using
+the
+Resource
+Description
+Framework
+[
+
+<cite>
+<a href="#bib-RDF-CONCEPTS" rel="biblioentry" class="bibref">
+RDF-CONCEPTS
+</a>
+</cite>
+].
+Either
+the
+XHTML+RDFa
+1.1
+[
+<cite>
+<a href="#bib-XHTML-RDFA" rel="biblioentry" class="bibref">
+XHTML-RDFA
+</a>
+</cite>
+]
+serialization
+format
+or
+the
+RDF/XML
+[
+<cite>
+<a href="#bib-RDF-SYNTAX-GRAMMAR" rel="biblioentry" class="bibref">
+RDF-SYNTAX-GRAMMAR
+</a>
+</cite>
+
+]
+serialization
+format
+<em title="must" class="rfc2119">
+must
+</em>
+be
+supported
+by
+the
+mechanism,
+e.g.
+a
+Web
+Service,
+providing
+the
+WebID
+Profile
+document.
+Alternate
+RDF
+serialization
+formats,
+such
+as
+N3
+[
+<cite>
+<a href="#bib-N3" rel="biblioentry" class="bibref">
+N3
+</a>
+</cite>
+]
+or
+Turtle
+[
+<cite>
+<a href="#bib-TURTLE" rel="biblioentry" class="bibref">
+TURTLE
+</a>
+</cite>
+],
+
+<em title="may" class="rfc2119">
+may
+</em>
+be
+supported
+by
+the
+mechanism
+providing
+the
+WebID
+Profile
+document.
+<p class="issue">
+Whether
+or
+not
+RDF/XML,
+XHTML+RDFa
+1.1,
+both
+or
+neither
+serialization
+of
+RDF
+should
+be
+required
+serialization
+formats
+in
+the
+specification
+is
+currently
+under
+heavy
+debate.
+</p>
+</dd>
+</dl>
+</div>
+<div about="#creating-the-certificate" typeof="bibo:Chapter" id="creating-the-certificate" class="normative section">
+<h3>
+<span class="secno">
+2.2
+</span>
+<ins class="diff-new">Creating
+the
+certificate
+</ins></h3><p><ins class="diff-new">
+
+The
+user
+agent
+will
+create
+a
+</ins><a href="#dfn-identification_certificate" title="Identification_Certificate" class="tref internalDFN"><ins class="diff-new">
+Identification
+Certificate
+</ins></a><ins class="diff-new">
+with
+a
+</ins><code><ins class="diff-new">
+Subject
+Alternative
+Name
+</ins></code><ins class="diff-new">
+URI
+entry.
+This
+URI
+must
+be
+one
+that
+dereferences
+to
+a
+document
+the
+user
+controls
+so
+that
+he
+can
+publish
+the
+public
+key
+of
+the
+</ins><a href="#dfn-identification_certificate" title="Identification_Certificate" class="tref internalDFN"><ins class="diff-new">
+Identification
+Certificate
+</ins></a><ins class="diff-new">
+at
+this
+URI.
+</ins></p><p><ins class="diff-new">
+For
+example,
+if
+a
+user
+Joe
+controls
+</ins><code><ins class="diff-new">
+http://joe.example/profile
+
+</ins></code>,<ins class="diff-new">
+then
+his
+WebID
+can
+be
+</ins><code><ins class="diff-new">
+http://joe.example/profile#me
+</ins></code></p><p class="issue"><ins class="diff-new">
+explain
+why
+the
+WebID
+URI
+is
+different
+from
+the
+URI
+of
+the
+WebID
+profile
+document.
+</ins></p><p><ins class="diff-new">
+As
+an
+example
+to
+use
+throughout
+this
+specification
+here
+is
+the
+following
+certificate
+as
+an
+output
+of
+the
+openssl
+program.
+</ins></p><p class="example"></p><pre>Certificate:
+<ins class="diff-new">
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ 5f:df:d6:be:2c:73:c1:fb:aa:2a:2d:23:a6:91:3b:5c
+ Signature Algorithm: sha1WithRSAEncryption
+</ins> <span style="color: red;">Issuer:</span> O=FOAF+SSL, OU=The Community of Self Signers, CN=Not a Certification Authority
+
+<ins class="diff-new">
+ Validity
+ Not Before: Jun 8 14:16:14 2010 GMT
+ Not After : Jun 8 16:16:14 2010 GMT
+</ins> <span style="color: red;">Subject:</span> O=FOAF+SSL, OU=The Community Of Self Signers/UID=https://example.org/profile#me, CN=Joe (Personal)
+<ins class="diff-new">
+ Subject Public Key Info:
+</ins><span style="color: red;"> Public Key Algorithm:</span> rsaEncryption
+ <span style="color: red;">Public-Key:</span> (2048 bit)
+ <span style="color: red;">Modulus:</span>
+
+<ins class="diff-new">
+ 00:cb:24:ed:85:d6:4d:79:4b:69:c7:01:c1:86:ac:
+ c0:59:50:1e:85:60:00:f6:61:c9:32:04:d8:38:0e:
+ 07:19:1c:5c:8b:36:8d:2a:c3:2a:42:8a:cb:97:03:
+ 98:66:43:68:dc:2a:86:73:20:22:0f:75:5e:99:ca:
+ 2e:ec:da:e6:2e:8d:15:fb:58:e1:b7:6a:e5:9c:b7:
+ ac:e8:83:83:94:d5:9e:72:50:b4:49:17:6e:51:a4:
+ 94:95:1a:1c:36:6c:62:17:d8:76:8d:68:2d:de:78:
+ dd:4d:55:e6:13:f8:83:9c:f2:75:d4:c8:40:37:43:
+ e7:86:26:01:f3:c4:9a:63:66:e1:2b:b8:f4:98:26:
+ 2c:3c:77:de:19:bc:e4:0b:32:f8:9a:e6:2c:37:80:
+ f5:b6:27:5b:e3:37:e2:b3:15:3a:e2:ba:72:a9:97:
+ 5a:e7:1a:b7:24:64:94:97:06:6b:66:0f:cf:77:4b:
+ 75:43:d9:80:95:2d:2e:85:86:20:0e:da:41:58:b0:
+ 14:e7:54:65:d9:1e:cf:93:ef:c7:ac:17:0c:11:fc:
+ 72:46:fc:6d:ed:79:c3:77:80:00:0a:c4:e0:79:f6:
+ 71:fd:4f:20:7a:d7:70:80:9e:0e:2d:7b:0e:f5:49:
+ 3b:ef:e7:35:44:d8:e1:be:3d:dd:b5:24:55:c6:13:
+ 91:a1
+</ins> <span style="color: red;">Exponent:</span> 65537 (0x10001)
+<ins class="diff-new">
+ X509v3 extensions:
+ X509v3 Basic Constraints: critical
+ CA:FALSE
+ X509v3 Key Usage: critical
+ Digital Signature, Non Repudiation, Key Encipherment, Key Agreement, Certificate Sign
+ Netscape Cert Type:
+ SSL Client, S/MIME
+ X509v3 Subject Key Identifier:
+ 08:8E:A5:5B:AE:5D:C3:8B:00:B7:30:62:65:2A:5A:F5:D2:E9:00:FA
+</ins> <span style="color: red;">X509v3 Subject Alternative Name:</span> critical
+ <span style="color: red;">URI:</span>https://joe.example/profile#me
+<ins class="diff-new">
+
+ Signature Algorithm: sha1WithRSAEncryption
+ cf:8c:f8:7b:b2:af:63:f0:0e:dc:64:22:e5:8a:ba:03:1e:f1:
+ ee:6f:2c:f5:f5:10:ad:4c:54:fc:49:2b:e1:0d:cd:be:3d:7c:
+ 78:66:c8:ae:42:9d:75:9f:2c:29:71:91:5c:29:5b:96:ea:e1:
+ e4:ef:0e:5c:f7:07:a0:1e:9c:bf:50:ca:21:e6:6c:c3:df:64:
+ 29:6b:d3:8a:bd:49:e8:72:39:dd:07:07:94:ac:d5:ec:85:b1:
+ a0:5c:c0:08:d3:28:2a:e6:be:ad:88:5e:2a:40:64:59:e7:f2:
+ 45:0c:b9:48:c0:fd:ac:bc:fb:1b:c9:e0:1c:01:18:5e:44:bb:
+ d8:b8
+</ins></pre><p class="issue"><ins class="diff-new">
+Should
+we
+formally
+require
+the
+Issuer
+to
+be
+O=FOAF+SSL,
+OU=The
+Community
+of
+Self
+Signers,
+CN=Not
+a
+Certification
+Authority.
+This
+was
+discussed
+on
+the
+list
+as
+allowing
+servers
+to
+distinguish
+certificates
+that
+are
+foaf+Ssl
+enabled
+from
+others.
+Will
+probably
+need
+some
+very
+deep
+TLS
+thinking
+to
+get
+this
+right.
+</ins></p><p class="issue"><ins class="diff-new">
+discuss
+the
+importance
+for
+UIs
+of
+the
+CN
+</ins></p></div><div about="#publishing-the-webid-profile-document" typeof="bibo:Chapter" id="publishing-the-webid-profile-document" class="normative section"><h3><span class="secno"><ins class="diff-new">
+2.3
+</ins></span><ins class="diff-new">
+Publishing
+the
+WebID
+Profile
+Document
+</ins></h3><p><ins class="diff-new">
+The
+</ins><a href="#dfn-webid_profile" title="WebID_Profile" class="tref internalDFN"><ins class="diff-new">
+WebID
+Profile
+</ins></a><ins class="diff-new">
+document
+</ins><em title="must" class="rfc2119"><ins class="diff-new">
+
+must
+</ins></em><ins class="diff-new">
+expose
+the
+relation
+between
+the
+</ins><a href="#dfn-webid_uri" title="WebID_URI" class="tref internalDFN"><ins class="diff-new">
+WebID
+URI
+</ins></a><ins class="diff-new">
+and
+the
+</ins><a href="#dfn-identification_agent" title="Identification_Agent" class="tref internalDFN"><ins class="diff-new">
+Identification
+Agent
+</ins></a><ins class="diff-new">
+'s
+</ins><a href="#dfn-public_key" title="public_key" class="tref internalDFN"><ins class="diff-new">
+public
+key
+</ins></a><ins class="diff-new">
+s
+using
+the
+</ins><code><ins class="diff-new">
+cert
+
+</ins></code><ins class="diff-new">
+and
+</ins><code><ins class="diff-new">
+rsa
+</ins></code><ins class="diff-new">
+ontologies,
+as
+well
+as
+the
+</ins><code><ins class="diff-new">
+cert
+</ins></code><ins class="diff-new">
+or
+</ins><code><ins class="diff-new">
+xsd
+</ins></code><ins class="diff-new">
+datatypes.
+The
+set
+of
+relations
+to
+be
+published
+at
+the
+</ins><a href="#dfn-webid_profile" title="WebID_Profile" class="tref internalDFN"><ins class="diff-new">
+WebID
+Profile
+</ins></a><ins class="diff-new">
+
+document
+can
+be
+presented
+in
+a
+graphical
+notation
+as
+follows.
+</ins></p><img alt="Web ID graph" src="img/WebIdGraph.jpg"><p><ins class="diff-new">
+The
+document
+can
+publish
+many
+more
+relations
+than
+are
+of
+interest
+to
+the
+WebID
+protocol,
+as
+shown
+in
+the
+above
+graph
+by
+the
+grayed
+out
+relations.
+</ins></p><p><ins class="diff-new">
+The
+encoding
+of
+this
+graph
+is
+immaterial
+to
+the
+protocol,
+so
+long
+as
+a
+well
+known
+mapping
+to
+the
+format
+of
+the
+representation
+to
+such
+a
+graph
+can
+be
+found.
+Below
+we
+discuss
+the
+most
+well
+known
+formats,
+and
+a
+method
+for
+dealing
+with
+new
+unknown
+formats
+as
+they
+come
+along.
+</ins></p><p><ins class="diff-new">
+The
+WebID
+provider
+must
+publish
+the
+graph
+of
+relations
+in
+one
+of
+the
+well
+known
+formats,
+though
+he
+may
+publish
+it
+in
+a
+number
+of
+formats
+to
+increase
+the
+useabulity
+of
+his
+site
+using
+Content
+Negotations.
+</ins></p><p class="issue"><ins class="diff-new">
+Add
+content
+negoatiation
+pointers
+</ins></p><p><ins class="diff-new">
+It
+is
+particularly
+useful
+to
+have
+one
+of
+the
+representations
+be
+in
+HTML
+or
+XHTML
+even
+if
+it
+is
+not
+marked
+up
+in
+RDFa
+as
+this
+allows
+people
+using
+a
+web
+browser
+to
+understand
+what
+the
+information
+at
+that
+URI
+represents.
+</ins></p><div about="#turtle" typeof="bibo:Chapter" id="turtle" class="normative section"><h4><span class="secno"><ins class="diff-new">
+2.3.1
+</ins></span><ins class="diff-new">
+Turtle
+</ins></h4><p><ins class="diff-new">
+A
+widely
+used
+format
+for
+writing
+RDF
+graphs
+is
+the
+Turtle
+notation.
+
+</ins></p><p class="example"></p><pre> @prefix cert: <http://www.w3.org/ns/auth/cert#> .
+<ins class="diff-new">
+ @prefix rsa: <http://www.w3.org/ns/auth/rsa#> .
+ @prefix foaf: <http://xmlns.com/foaf/0.1/> .
+ @prefix : <https://joe.example/profile#> .
+
+ :me a foaf:Person;
+ foaf:name "Joe" .
+
+ [] a rsa:RSAPublicKey;
+ rsa:modulus """
+ 00:cb:24:ed:85:d6:4d:79:4b:69:c7:01:c1:86:ac:
+ c0:59:50:1e:85:60:00:f6:61:c9:32:04:d8:38:0e:
+ 07:19:1c:5c:8b:36:8d:2a:c3:2a:42:8a:cb:97:03:
+ 98:66:43:68:dc:2a:86:73:20:22:0f:75:5e:99:ca:
+ 2e:ec:da:e6:2e:8d:15:fb:58:e1:b7:6a:e5:9c:b7:
+ ac:e8:83:83:94:d5:9e:72:50:b4:49:17:6e:51:a4:
+ 94:95:1a:1c:36:6c:62:17:d8:76:8d:68:2d:de:78:
+ dd:4d:55:e6:13:f8:83:9c:f2:75:d4:c8:40:37:43:
+ e7:86:26:01:f3:c4:9a:63:66:e1:2b:b8:f4:98:26:
+ 2c:3c:77:de:19:bc:e4:0b:32:f8:9a:e6:2c:37:80:
+ f5:b6:27:5b:e3:37:e2:b3:15:3a:e2:ba:72:a9:97:
+ 5a:e7:1a:b7:24:64:94:97:06:6b:66:0f:cf:77:4b:
+ 75:43:d9:80:95:2d:2e:85:86:20:0e:da:41:58:b0:
+ 14:e7:54:65:d9:1e:cf:93:ef:c7:ac:17:0c:11:fc:
+ 72:46:fc:6d:ed:79:c3:77:80:00:0a:c4:e0:79:f6:
+ 71:fd:4f:20:7a:d7:70:80:9e:0e:2d:7b:0e:f5:49:
+ 3b:ef:e7:35:44:d8:e1:be:3d:dd:b5:24:55:c6:13:
+ 91:a1
+ """^^cert:hex;
+ rsa:public_exponent "65537"^^cert:int;
+ cert:identity :me .
+
+</ins></pre></div><div class="section" about="#rdfa-html-notation" typeof="bibo:Chapter" id="rdfa-html-notation"><h4><span class="secno"><ins class="diff-new">
+2.3.2
+</ins></span><ins class="diff-new">
+RDFa
+HTML
+notation
+</ins></h4><p><ins class="diff-new">
+There
+are
+many
+ways
+of
+writing
+out
+the
+above
+graph
+using
+RDFa
+in
+html.
+Here
+is
+just
+one
+example.
+</ins></p><p class="example"></p><pre><html xmlns="http://www.w3.org/1999/xhtml"
+<ins class="diff-new">
+ xmlns:cert="http://www.w3.org/ns/auth/cert#"
+ xmlns:foaf="http://xmlns.com/foaf/0.1/"
+ xmlns:owl="http://www.w3.org/2002/07/owl#"
+ xmlns:rsa="http://www.w3.org/ns/auth/rsa#"
+ xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#">
+<head>
+</head>
+<body>
+
+<h2>My RSA Public Key</h2>
+
+ <dl typeof="rsa:RSAPublicKey">
+ <dt>WebId</dt><dd href="#me" rel="cert:identity">http://joe.example/profile#me</dd>
+ <dt>Modulus (hexadecimal)</dt>
+ <dd property="rsa:modulus" datatype="cert:hex">
+ 00:cb:24:ed:85:d6:4d:79:4b:69:c7:01:c1:86:ac:
+ c0:59:50:1e:85:60:00:f6:61:c9:32:04:d8:38:0e:
+ 07:19:1c:5c:8b:36:8d:2a:c3:2a:42:8a:cb:97:03:
+ 98:66:43:68:dc:2a:86:73:20:22:0f:75:5e:99:ca:
+ 2e:ec:da:e6:2e:8d:15:fb:58:e1:b7:6a:e5:9c:b7:
+ ac:e8:83:83:94:d5:9e:72:50:b4:49:17:6e:51:a4:
+ 94:95:1a:1c:36:6c:62:17:d8:76:8d:68:2d:de:78:
+ dd:4d:55:e6:13:f8:83:9c:f2:75:d4:c8:40:37:43:
+ e7:86:26:01:f3:c4:9a:63:66:e1:2b:b8:f4:98:26:
+ 2c:3c:77:de:19:bc:e4:0b:32:f8:9a:e6:2c:37:80:
+ f5:b6:27:5b:e3:37:e2:b3:15:3a:e2:ba:72:a9:97:
+ 5a:e7:1a:b7:24:64:94:97:06:6b:66:0f:cf:77:4b:
+ 75:43:d9:80:95:2d:2e:85:86:20:0e:da:41:58:b0:
+ 14:e7:54:65:d9:1e:cf:93:ef:c7:ac:17:0c:11:fc:
+ 72:46:fc:6d:ed:79:c3:77:80:00:0a:c4:e0:79:f6:
+ 71:fd:4f:20:7a:d7:70:80:9e:0e:2d:7b:0e:f5:49:
+ 3b:ef:e7:35:44:d8:e1:be:3d:dd:b5:24:55:c6:13:
+ 91:a1
+ </dd>
+ <dt>Exponent (decimal)</dt>
+ <dd property="rsa:public_exponent" datatype="cert:int">65537</dd>
+ </dl>
+
+</body>
+</html>
+</ins></pre><p><ins class="diff-new">
+If
+a
+WebId
+provider
+would
+rather
+prefer
+not
+to
+mark
+up
+his
+data
+in
+RDFa,
+but
+just
+provide
+a
+human
+readable
+format
+for
+users
+and
+have
+the
+RDF
+graph
+appear
+in
+a
+machine
+readable
+format
+such
+as
+RDF/XML
+then
+he
+should
+publish
+the
+link
+from
+the
+HTML
+to
+the
+machine
+readable
+format
+as
+follows:
+</ins></p><p class="example"></p><pre><html>
+<ins class="diff-new">
+<head>
+<link type="rel" type="application/rdf+xml" href="profile.rdf"/>
+</head>
+<body> ... </body>
+
+</html>
+</ins></pre></div><div class="section" about="#in-rdf-xml" typeof="bibo:Chapter" id="in-rdf-xml"><h4><span class="secno"><ins class="diff-new">
+2.3.3
+</ins></span><ins class="diff-new">
+In
+RDF/XML
+</ins></h4><p><ins class="diff-new">
+RDF/XML
+is
+easy
+to
+generate
+automatically
+from
+structured
+data,
+be
+it
+in
+object
+notiation
+or
+in
+relational
+databases.
+Parsers
+for
+it
+are
+also
+widely
+available.
+</ins></p><p class="issue"><ins class="diff-new">
+TODO:
+the
+dsa
+ontology
+</ins></p></div><div class="section" about="#in-portable-contacts-format-using-grddl" typeof="bibo:Chapter" id="in-portable-contacts-format-using-grddl"><h4><span class="secno"><ins class="diff-new">
+2.3.4
+</ins></span><ins class="diff-new">
+In
+Portable
+Contacts
+format
+using
+GRDDL
+</ins></h4><p class="issue"><ins class="diff-new">
+TODO:
+discuss
+other
+formats
+and
+GRDDL,
+XSPARQL
+options
+for
+xml
+formats
+</ins></p><p class="issue"><ins class="diff-new">
+
+summarize
+and
+point
+to
+content
+negotiation
+documents
+</ins></p></div></div></div><div about="#the-webid-protocol" typeof="bibo:Chapter" id="the-webid-protocol" class="normative section"><h2><span class="secno"><ins class="diff-new">
+3.
+</ins></span><ins class="diff-new">
+The
+WebID
+Protocol
+</ins></h2><div about="#authentication-sequence" typeof="bibo:Chapter" id="authentication-sequence" class="normative section"><h3><span class="secno"><ins class="diff-new">
+3.1
+</ins></span>
+Authentication
+Sequence
+</h3>
+<p>
+The
+following
+steps
+are
+executed
+by
+<a href="#dfn-verification_agent" title="Verification_Agent" class="tref internalDFN">
+Verification
+<del class="diff-old">Agents
+</del>
+<ins class="diff-chg">Agent
+
+</ins></a><ins class="diff-chg">
+s
+</ins>
+and
+<a href="#dfn-identification_agent" title="Identification_Agent" class="tref internalDFN">
+Identification
+<del class="diff-old">Agents
+</del>
+<ins class="diff-chg">Agent
+</ins></a><ins class="diff-chg">
+s
+to
+determine
+the
+global
+identity
+of
+the
+requesting
+agent.
+Once
+this
+is
+known,
+the
+identity
+can
+be
+used
+</ins>
+to
+determine
+if
+access
+should
+be
+granted
+to
+<del class="diff-old">a
+particular
+</del>
+<ins class="diff-chg">the
+requested
+</ins>
+
+resource.
+</p>
+<ol>
+<li>
+The
+<a href="#dfn-identification_agent" title="Identification_Agent" class="tref internalDFN">
+Identification
+Agent
+</a>
+attempts
+to
+access
+a
+resource
+using
+HTTP
+over
+TLS
+[
+<cite>
+<a href="#bib-HTTP-TLS" rel="biblioentry" class="bibref">
+HTTP-TLS
+</a>
+</cite>
+]
+via
+the
+<a href="#dfn-verification_agent" title="Verification_Agent" class="tref internalDFN">
+Verification
+Agent
+
+</a>.
+</li>
+<li>
+The
+<a href="#dfn-verification_agent" title="Verification_Agent" class="tref internalDFN">
+Verification
+Agent
+</a>
+<em title="must" class="rfc2119">
+must
+</em>
+request
+the
+<a href="#dfn-identification_certificate" title="Identification_Certificate" class="tref internalDFN">
+Identification
+Certificate
+</a>
+of
+the
+<a href="#dfn-identification_agent" title="Identification_Agent" class="tref internalDFN">
+Identification
+Agent
+
+</a>
+as
+a
+part
+of
+the
+TLS
+<del class="diff-old">client-cerificate
+</del>
+<ins class="diff-chg">client-certificate
+</ins>
+retrieval
+protocol.
+</li>
+<li>
+The
+<a href="#dfn-verification_agent" title="Verification_Agent" class="tref internalDFN">
+Verification
+Agent
+</a>
+<em title="must" class="rfc2119">
+must
+</em>
+extract
+the
+
+<a href="#dfn-public_key" title="public_key" class="tref internalDFN">
+public
+key
+</a>
+and
+the
+<a href="#dfn-webid_uri" title="WebID_URI" class="tref internalDFN">
+WebID
+<del class="diff-old">URL
+</del>
+<ins class="diff-chg">URI
+</ins>
+</a>
+contained
+in
+the
+<code>
+Subject
+Alternative
+Name
+</code>
+extension
+of
+the
+<a href="#dfn-identification_certificate" title="Identification_Certificate" class="tref internalDFN">
+
+Identification
+Certificate
+</a>.
+<p class="issue">
+<ins class="diff-new">There
+may
+be
+more
+than
+one
+URI
+in
+the
+SAN
+</ins></p>
+</li>
+<li>
+The
+<a href="#dfn-verification_agent" title="Verification_Agent" class="tref internalDFN">
+<ins class="diff-chg">Verification
+Agent
+</ins></a><ins class="diff-chg">
+verifies
+that
+the
+</ins><a href="#dfn-identification_agent" title="Identification_Agent" class="tref internalDFN"><ins class="diff-chg">
+Identification
+Agent
+</ins></a><ins class="diff-chg">
+owns
+the
+private
+key
+corresponding
+to
+the
+</ins>
+
+public
+key
+<ins class="diff-new">sent
+in
+the
+</ins><a href="#dfn-identification_certificate" title="Identification_Certificate" class="tref internalDFN"><ins class="diff-new">
+Identification
+Certificate
+</ins></a>.<ins class="diff-new">
+This
+</ins><em title="should" class="rfc2119"><ins class="diff-new">
+should
+</ins></em><ins class="diff-new">
+be
+fulfilled
+by
+performing
+TLS
+mutual-authentication
+between
+the
+</ins><a href="#dfn-verification_agent" title="Verification_Agent" class="tref internalDFN"><ins class="diff-new">
+Verification
+Agent
+</ins>
+</a>
+<del class="diff-old">information
+associated
+with
+</del>
+
+<ins class="diff-chg">and
+</ins>
+the
+<del class="diff-old">WebID
+URL
+</del>
+<a href="#dfn-identification_agent" title="Identification_Agent" class="tref internalDFN">
+<ins class="diff-chg">Identification
+Agent
+</ins></a>.<ins class="diff-chg">
+If
+the
+</ins><a href="#dfn-verification_agent" title="Verification_Agent" class="tref internalDFN"><ins class="diff-chg">
+Verification
+Agent
+</ins>
+</a>
+<del class="diff-old">must
+</del>
+<ins class="diff-chg">does
+not
+have
+access
+to
+the
+TLS
+layer,
+a
+digital
+signature
+challenge
+
+</ins><em title="may" class="rfc2119"><ins class="diff-chg">
+may
+</ins>
+</em>
+be
+<del class="diff-old">checked
+</del>
+<ins class="diff-chg">provided
+</ins>
+by
+the
+<a href="#dfn-verification_agent" title="Verification_Agent" class="tref internalDFN">
+Verification
+Agent
+</a>.
+<del class="diff-old">This
+process
+should
+occur
+</del>
+<ins class="diff-chg">These
+processes
+are
+detailed
+in
+the
+section
+on
+</ins><a href="#secure-communication"><ins class="diff-chg">
+
+Secure
+Communication
+</ins></a>.<p class="issue"><ins class="diff-chg">
+We
+don't
+have
+any
+implementations
+for
+this
+second
+way
+of
+doing
+things,
+so
+this
+is
+still
+hypothetical.
+Implementations
+using
+TLS
+mutual-authentication
+are
+many
+</ins></p></li><li><ins class="diff-chg">
+The
+meaning
+of
+the
+</ins><a href="#dfn-webid_uri" title="WebID_URI" class="tref internalDFN"><ins class="diff-chg">
+WebID
+URI
+</ins></a><ins class="diff-chg">
+is
+a
+graph
+of
+relations
+that
+is
+fetched
+by
+the
+</ins><a href="#dfn-verification_agent" title="Verification_Agent" class="tref internalDFN"><ins class="diff-chg">
+Verification
+Agent
+</ins></a>
+either
+by
+dereferencing
+the
+<a href="#dfn-webid_uri" title="WebID_URI" class="tref internalDFN">
+WebID
+<del class="diff-old">URL
+
+</del>
+<ins class="diff-chg">URI
+</ins>
+</a>
+and
+extracting
+RDF
+data
+from
+the
+resulting
+document,
+or
+by
+utilizing
+a
+cached
+version
+of
+the
+RDF
+data
+contained
+in
+the
+document
+or
+other
+data
+source
+that
+is
+up-to-date
+and
+trusted
+by
+the
+<a href="#dfn-verification_agent" title="Verification_Agent" class="tref internalDFN">
+Verification
+Agent
+</a>.
+The
+processing
+<del class="diff-old">and
+extraction
+</del>
+mechanism
+is
+further
+detailed
+in
+the
+sections
+titled
+<a href="#processing-the-webid-profile">
+Processing
+the
+WebID
+Profile
+</a>
+<del class="diff-old">and
+Extracting
+WebID
+URL
+Details
+.
+</del>
+</li>
+
+<li>
+If
+the
+<a href="#dfn-public_key" title="public_key" class="tref internalDFN">
+public
+key
+</a>
+in
+the
+<a href="#dfn-identification_certificate" title="Identification_Certificate" class="tref internalDFN">
+Identification
+Certificate
+</a>
+<del class="diff-old">is
+found
+</del>
+<ins class="diff-chg">matches
+one
+</ins>
+in
+the
+<del class="diff-old">list
+of
+public
+key
+s
+associated
+with
+the
+WebID
+URL
+,
+the
+Verification
+Agent
+must
+assume
+that
+the
+client
+intends
+to
+use
+</del>
+<ins class="diff-chg">set
+given
+by
+
+</ins>
+the
+<del class="diff-old">public
+key
+to
+verify
+their
+ownership
+of
+</del>
+<ins class="diff-chg">profile
+document
+graph
+given
+above
+then
+</ins>
+the
+<del class="diff-old">WebID
+URL.
+The
+</del>
+<a href="#dfn-verification_agent" title="Verification_Agent" class="tref internalDFN">
+Verification
+Agent
+</a>
+<del class="diff-old">verifies
+</del>
+<ins class="diff-chg">knows
+</ins>
+that
+the
+
+<a href="#dfn-identification_agent" title="Identification_Agent" class="tref internalDFN">
+Identification
+Agent
+</a>
+<del class="diff-old">owns
+the
+WebID
+Profile
+by
+using
+the
+public
+key
+to
+create
+a
+cryptographic
+challenge.
+The
+challenge
+should
+be
+fulfilled
+</del>
+<ins class="diff-chg">is
+indeed
+identified
+</ins>
+by
+<del class="diff-old">performing
+TLS
+mutual-authentication
+between
+the
+Verification
+Agent
+and
+</del>
+the
+<del class="diff-old">Identification
+Agent
+</del>
+<a href="#dfn-webid_uri" title="WebID_URI" class="tref internalDFN">
+<ins class="diff-chg">WebID
+URI
+</ins>
+</a>.
+
+<del class="diff-old">If
+the
+Verification
+Agent
+does
+not
+have
+access
+to
+the
+TLS
+layer,
+a
+digital
+signature
+challenge
+must
+be
+provided
+</del>
+<ins class="diff-chg">The
+verification
+is
+done
+</ins>
+by
+<ins class="diff-new">querying
+</ins>
+the
+<del class="diff-old">Verification
+Agent
+.
+These
+processes
+are
+detailed
+</del>
+<ins class="diff-chg">Personal
+Profile
+graph
+as
+specified
+</ins>
+in
+<a href="#extracting-webid-uri-details">
+<ins class="diff-new">querying
+</ins>
+the
+
+<del class="diff-old">sections
+titled
+Authorization
+and
+Secure
+Communication
+</del>
+<ins class="diff-chg">RDF
+graph
+</ins>
+</a>.
+</li>
+</ol>
+<p>
+The
+<a href="#dfn-identification_agent" title="Identification_Agent" class="tref internalDFN">
+Identification
+Agent
+</a>
+<em title="may" class="rfc2119">
+may
+</em>
+re-establish
+a
+different
+identity
+at
+any
+time
+by
+executing
+all
+of
+the
+steps
+in
+the
+Authentication
+Sequence
+again.
+Additional
+algorithms,
+detailed
+in
+the
+next
+section,
+<em title="may" class="rfc2119">
+
+may
+</em>
+be
+performed
+to
+determine
+if
+the
+<a href="#dfn-verification_agent" title="Verification_Agent" class="tref internalDFN">
+Verification
+Agent
+</a>
+can
+access
+a
+particular
+resource
+after
+the
+last
+step
+of
+the
+Authentication
+Sequence
+has
+been
+completed.
+</p>
+</div>
+<div about="#authentication-sequence-details" typeof="bibo:Chapter" id="authentication-sequence-details" class="normative section">
+<h3>
+<span class="secno">
+<del class="diff-old">2.3
+</del>
+<ins class="diff-chg">3.2
+</ins>
+</span>
+
+Authentication
+Sequence
+Details
+</h3>
+<p>
+This
+section
+covers
+details
+about
+each
+step
+in
+the
+authentication
+process.
+</p>
+<div about="#initiating-a-tls-connection" typeof="bibo:Chapter" id="initiating-a-tls-connection" class="normative section">
+<h4>
+<span class="secno">
+<del class="diff-old">2.3.1
+</del>
+<ins class="diff-chg">3.2.1
+</ins>
+</span>
+Initiating
+a
+TLS
+Connection
+</h4>
+<p class="issue">
+This
+section
+will
+detail
+how
+the
+TLS
+connection
+process
+is
+started
+and
+used
+by
+WebID
+to
+create
+a
+secure
+channel
+between
+the
+Identification
+Agent
+and
+the
+Verification
+Agent.
+
+</p>
+</div>
+<div about="#exchanging-the-identification-certificate" typeof="bibo:Chapter" id="exchanging-the-identification-certificate" class="normative section">
+<h4>
+<span class="secno">
+<del class="diff-old">2.3.2
+</del>
+<ins class="diff-chg">3.2.2
+</ins>
+</span>
+Exchanging
+the
+Identification
+Certificate
+</h4>
+<p class="issue">
+This
+section
+will
+detail
+how
+the
+certificate
+is
+selected
+and
+sent
+to
+the
+Verification
+Agent.
+</p>
+</div>
+<div about="#processing-the-webid-profile" typeof="bibo:Chapter" id="processing-the-webid-profile" class="normative section">
+
+<h4>
+<span class="secno">
+<del class="diff-old">2.3.3
+</del>
+<ins class="diff-chg">3.2.3
+</ins>
+</span>
+Processing
+the
+WebID
+Profile
+</h4>
+<p>
+A
+<a href="#dfn-verification_agent" title="Verification_Agent" class="tref internalDFN">
+Verification
+Agent
+</a>
+<em title="must" class="rfc2119">
+must
+</em>
+
+be
+able
+to
+process
+documents
+in
+RDF/XML
+[
+<cite>
+<a href="#bib-RDF-SYNTAX-GRAMMAR" rel="biblioentry" class="bibref">
+RDF-SYNTAX-GRAMMAR
+</a>
+</cite>
+]
+and
+XHTML+RDFa
+[
+<cite>
+<a href="#bib-XHTML-RDFA" rel="biblioentry" class="bibref">
+XHTML-RDFA
+</a>
+</cite>
+].
+A
+server
+responding
+to
+a
+<a href="#dfn-webid_profile" title="WebID_Profile" class="tref internalDFN">
+WebID
+Profile
+</a>
+request
+
+<em title="should" class="rfc2119">
+should
+</em>
+<del class="diff-old">support
+HTTP
+content
+negotiation.
+</del>
+<ins class="diff-chg">be
+able
+to
+deliver
+at
+least
+RDF/XML
+or
+RDFa.
+</ins>
+The
+<del class="diff-old">server
+</del>
+<a href="#dfn-verification_agent" title="Verification_Agent" class="tref internalDFN">
+<ins class="diff-chg">Verification
+Agent
+</ins></a><em title="must" class="rfc2119">
+must
+</em>
+<del class="diff-old">return
+a
+representation
+in
+RDF/XML
+for
+media
+type
+</del>
+
+<ins class="diff-chg">set
+the
+Accept-Header
+to
+request
+</ins>
+<code>
+application/rdf+xml
+<del class="diff-old">.
+The
+server
+must
+return
+</del>
+</code>
+<ins class="diff-chg">with
+</ins>
+a
+<del class="diff-old">representation
+in
+XHTML+RDFa
+for
+media
+type
+</del>
+<ins class="diff-chg">higher
+priority
+than
+</ins>
+<code>
+text/html
+</code>
+
+<del class="diff-old">or
+media
+type
+</del>
+<ins class="diff-chg">and
+</ins>
+<code>
+application/xhtml+xml
+</code>.
+<del class="diff-old">Verification
+Agents
+and
+Identification
+Agents
+may
+</del>
+<ins class="diff-chg">If
+the
+server
+answers
+such
+a
+request
+with
+an
+HTML
+representation
+of
+the
+resource,
+this
+</ins><em title="should" class="rfc2119"><ins class="diff-chg">
+should
+</ins>
+</em>
+<del class="diff-old">support
+any
+other
+RDF
+format
+via
+HTTP
+content
+negotiation.
+</del>
+<ins class="diff-chg">describe
+the
+WebId
+Profile
+with
+RDFa.
+
+</ins>
+</p>
+<p class="issue">
+This
+section
+will
+explain
+how
+a
+Verification
+Agent
+extracts
+semantic
+data
+describing
+the
+identification
+credentials
+from
+a
+WebID
+Profile.
+</p>
+</div>
+<div about="#verifying-the-webid-is-identified-by-that-public-key" typeof="bibo:Chapter" id="verifying-the-webid-is-identified-by-that-public-key" class="normative section">
+<h4>
+<span class="secno">
+<del class="diff-old">2.3.4
+</del>
+<ins class="diff-chg">3.2.4
+</ins>
+</span>
+<del class="diff-old">Extracting
+</del>
+<ins class="diff-chg">Verifying
+the
+
+</ins>
+WebID
+<del class="diff-old">URL
+Details
+</del>
+<ins class="diff-chg">is
+identified
+by
+that
+public
+key
+</ins>
+</h4>
+<p>
+The
+<a href="#dfn-verification_agent" title="Verification_Agent" class="tref internalDFN">
+Verification
+Agent
+</a>
+<del class="diff-old">may
+use
+a
+</del>
+<ins class="diff-chg">must
+check
+that
+the
+</ins><a href="#dfn-webid_profile" title="WebID_Profile" class="tref internalDFN"><ins class="diff-chg">
+WebID
+Profile
+
+</ins></a><ins class="diff-chg">
+associates
+the
+WebID
+with
+the
+public
+key
+given
+in
+the
+X.509
+Certificate.
+There
+are
+</ins>
+number
+of
+<del class="diff-old">different
+methods
+to
+extract
+</del>
+<ins class="diff-chg">ways
+of
+doing
+this,
+each
+of
+which
+essentially
+consists
+in
+checking
+that
+the
+graph
+of
+relations
+in
+the
+Profile
+contain
+a
+pattern
+of
+relations.
+</ins></p><p><ins class="diff-chg">
+Assuming
+</ins>
+the
+public
+key
+<del class="diff-old">information
+from
+</del>
+<ins class="diff-chg">is
+an
+RSA
+key,
+and
+that
+its
+modulus
+is
+"9D79BFE2498..."
+and
+exponent
+"65537"
+then
+</ins>
+the
+<del class="diff-old">WebID
+Profile
+.
+
+</del>
+<ins class="diff-chg">query
+to
+ask
+the
+graph
+is
+</ins>
+</p>
+<del class="diff-old">The
+following
+SPARQL
+</del>
+<pre class="example">PREFIX cert: <http://www.w3.org/ns/auth/cert#>
+<ins class="diff-chg">PREFIX rsa: <http://www.w3.org/ns/auth/rsa#>
+ASK {
+ [] cert:identity <http://example.org/webid#public>;
+ rsa:modulus "9D79BFE2498..."^^cert:hex;
+ rsa:public_exponent "65537"^^cert:int .
+}
+</ins></pre><p><ins class="diff-chg">
+If
+the
+
+</ins>
+query
+<del class="diff-old">outlines
+one
+way
+in
+which
+</del>
+<ins class="diff-chg">returns
+true,
+then
+</ins>
+the
+<ins class="diff-chg">graph
+has
+validated
+the
+associated
+</ins>
+public
+key
+<ins class="diff-chg">with
+the
+WebID.
+</ins></p><p><ins class="diff-chg">
+The
+above
+requires
+the
+graph
+to
+be
+able
+to
+do
+inferencing
+on
+dataytypes.
+This
+is
+because
+people
+may
+publish
+their
+modulus
+string
+in
+a
+number
+of
+syntactical
+ways.
+The
+modulus
+can
+be
+colon
+seperated,
+spread
+over
+a
+number
+of
+lines,
+or
+contain
+arbitrary
+non
+hex
+characters
+such
+as
+"9D
+☮
+79
+☮
+BF
+☮
+E2
+☮
+F4
+☮
+98
+☮..."
+.
+The
+datatype
+itself
+need
+not
+necessarily
+be
+expressed
+in
+cert:hex,
+but
+</ins>
+could
+<ins class="diff-new">use
+a
+number
+of
+xsd
+integer
+datatype
+notations,
+cert:int
+or
+future
+base64
+notations.
+</ins></p><p class="issue"><ins class="diff-new">
+
+Should
+we
+define
+the
+base64
+notation?
+</ins></p><p><ins class="diff-new">
+If
+a
+</ins><a title="Verifying_Agent" class="tref"><ins class="diff-new">
+Verifying
+Agent
+</ins></a><ins class="diff-new">
+does
+not
+have
+access
+to
+a
+literal
+inferencing
+engine,
+then
+the
+modulus
+should
+</ins>
+be
+extracted
+from
+the
+<del class="diff-old">WebID
+</del>
+<ins class="diff-chg">graph,
+normalised
+into
+a
+big
+integer
+(integers
+without
+an
+upper
+bound),
+and
+compared
+with
+the
+values
+given
+in
+the
+public
+key
+certificate.
+After
+replacing
+the
+</ins><code><ins class="diff-chg">
+?webid
+</ins></code><ins class="diff-chg">
+variable
+in
+the
+following
+query
+with
+the
+required
+value
+the
+</ins><a title="Verifying_Agent" class="tref"><ins class="diff-chg">
+
+Verifying
+Agent
+</ins></a><ins class="diff-chg">
+can
+query
+the
+</ins>
+Profile
+<del class="diff-old">:
+PREFIX cert: <http://www.w3.org/ns/auth/cert#>
+PREFIX rsa: <http://www.w3.org/ns/auth/rsa#>
+SELECT ?modulus ?exp
+WHERE {
+ ?key cert:identity <http://example.org/webid#public>;
+ a rsa:RSAPublicKey;
+ rsa:modulus [ cert:hex ?modulus; ];
+ rsa:public_exponent [ cert:decimal ?exp ] .
+</del>
+<ins class="diff-chg">Graph
+with
+</ins></p><pre class="example">PREFIX cert: <http://www.w3.org/ns/auth/cert#>
+
+<ins class="diff-chg">
+PREFIX rsa: <http://www.w3.org/ns/auth/rsa#>
+SELECT ?m ?e
+WHERE {
+ [] cert:identity ?webid ;
+ rsa:modulus ?m ;
+ rsa:public_exponent ?e .
+</ins>
+}
+</pre>
+<p>
+<ins class="diff-chg">Here
+the
+verification
+agent
+must
+check
+that
+one
+of
+the
+answers
+for
+?m
+and
+?e
+matches
+the
+integer
+values
+of
+the
+modulus
+and
+exponent
+given
+in
+the
+public
+key
+in
+the
+certificate.
+</ins></p>
+<p class="issue">
+<del class="diff-old">This
+section
+still
+needs
+more
+information.
+</del>
+<ins class="diff-chg">The
+public
+key
+could
+be
+a
+DSA
+key.
+We
+need
+to
+add
+an
+ontology
+for
+DSA
+too.
+What
+other
+cryptographic
+ontologies
+should
+we
+add?
+</ins>
+</p>
+
+</div>
+<div about="#authorization" typeof="bibo:Chapter" id="authorization" class="normative section">
+<h4>
+<span class="secno">
+<del class="diff-old">2.3.5
+</del>
+<ins class="diff-chg">3.2.5
+</ins>
+</span>
+Authorization
+</h4>
+<p class="issue">
+This
+section
+will
+explain
+how
+a
+Verification
+Agent
+may
+use
+the
+information
+discovered
+via
+a
+WebID
+<del class="diff-old">URL
+</del>
+<ins class="diff-chg">URI
+</ins>
+
+to
+determine
+if
+one
+should
+be
+able
+to
+access
+a
+particular
+resource.
+It
+will
+explain
+how
+a
+Verification
+Agent
+can
+use
+links
+to
+other
+RDFa
+documents
+to
+build
+knowledge
+about
+the
+given
+WebID.
+</p>
+</div>
+<div about="#secure-communication" typeof="bibo:Chapter" id="secure-communication" class="normative section">
+<h4>
+<span class="secno">
+<del class="diff-old">2.3.6
+</del>
+<ins class="diff-chg">3.2.6
+</ins>
+</span>
+Secure
+Communication
+</h4>
+<p class="issue">
+This
+section
+will
+explain
+how
+an
+Identification
+Agent
+and
+a
+Verification
+Agent
+may
+communicate
+securely
+using
+a
+set
+of
+verified
+identification
+credentials.
+</p>
+<p>
+
+If
+the
+<a href="#dfn-verification_agent" title="Verification_Agent" class="tref internalDFN">
+Verification
+Agent
+</a>
+has
+verified
+that
+the
+<a href="#dfn-webid_profile" title="WebID_Profile" class="tref internalDFN">
+WebID
+Profile
+</a>
+is
+owned
+by
+the
+<a href="#dfn-identification_agent" title="Identification_Agent" class="tref internalDFN">
+Identification
+Agent
+</a>,
+the
+<a href="#dfn-verification_agent" title="Verification_Agent" class="tref internalDFN">
+Verification
+Agent
+</a>
+<em title="should" class="rfc2119">
+should
+
+</em>
+use
+the
+verified
+<a href="#dfn-public_key" title="public_key" class="tref internalDFN">
+public
+key
+</a>
+contained
+in
+the
+<a href="#dfn-identification_certificate" title="Identification_Certificate" class="tref internalDFN">
+Identification
+Certificate
+</a>
+for
+all
+TLS-based
+communication
+with
+the
+<a href="#dfn-identification_agent" title="Identification_Agent" class="tref internalDFN">
+Identification
+Agent
+</a>.
+This
+ensures
+that
+both
+the
+<del class="diff-old">Authorization
+</del>
+<a href="#dfn-verification_agent" title="Verification_Agent" class="tref internalDFN">
+<ins class="diff-chg">Verification
+
+</ins>
+Agent
+</a>
+and
+the
+<a href="#dfn-identification_agent" title="Identification_Agent" class="tref internalDFN">
+Identification
+Agent
+</a>
+are
+communicating
+in
+a
+secure
+manner,
+ensuring
+cryptographically
+protected
+privacy
+for
+both
+sides.
+</p>
+</div>
+</div>
+<div about="#the-webid-profile" typeof="bibo:Chapter" id="the-webid-profile" class="normative section">
+<h3>
+<span class="secno">
+<del class="diff-old">2.4
+</del>
+<ins class="diff-chg">3.3
+
+</ins>
+</span>
+The
+WebID
+Profile
+</h3>
+<p>
+The
+<a href="#dfn-webid_profile" title="WebID_Profile" class="tref internalDFN">
+WebID
+Profile
+</a>
+is
+a
+structured
+document
+that
+contains
+identification
+credentials
+for
+the
+<a href="#dfn-identification_agent" title="Identification_Agent" class="tref internalDFN">
+Identification
+Agent
+</a>
+expressed
+using
+the
+Resource
+Description
+Framework
+[
+<cite>
+<a href="#bib-RDF-CONCEPTS" rel="biblioentry" class="bibref">
+RDF-CONCEPTS
+
+</a>
+</cite>
+].
+The
+following
+sections
+describe
+how
+to
+express
+certain
+common
+properties
+that
+could
+be
+used
+by
+<a href="#dfn-verification_agent" title="Verification_Agent" class="tref internalDFN">
+Verification
+Agent
+</a>
+s
+and
+other
+entities
+that
+consume
+a
+<a href="#dfn-webid_profile" title="WebID_Profile" class="tref internalDFN">
+WebID
+Profile
+</a>.
+</p>
+<p>
+The
+following
+vocabularies
+are
+used
+in
+their
+shortened
+form
+in
+the
+subsequent
+sections:
+</p>
+<dl>
+<dt>
+foaf
+
+</dt>
+<dd>
+http://xmlns.com/foaf/0.1/
+</dd>
+<dt>
+cert
+</dt>
+<dd>
+http://www.w3.org/ns/auth/cert#
+</dd>
+<dt>
+rsa
+</dt>
+<dd>
+http://www.w3.org/ns/auth/rsa#
+</dd>
+</dl>
+
+<div about="#personal-information" typeof="bibo:Chapter" id="personal-information" class="normative section">
+<h4>
+<span class="secno">
+<del class="diff-old">2.4.1
+</del>
+<ins class="diff-chg">3.3.1
+</ins>
+</span>
+Personal
+Information
+</h4>
+<p>
+Personal
+details
+are
+the
+most
+common
+requirement
+when
+registering
+an
+account
+with
+a
+website.
+Some
+of
+these
+pieces
+of
+information
+include
+an
+e-mail
+address,
+a
+name
+and
+perhaps
+an
+avatar
+image.
+This
+section
+includes
+properties
+that
+<em title="should" class="rfc2119">
+should
+</em>
+be
+used
+when
+conveying
+key
+pieces
+of
+personal
+information
+but
+are
+<em title="not required" class="rfc2119">
+
+not
+required
+</em>
+to
+be
+present
+in
+a
+<a href="#dfn-webid_profile" title="WebID_Profile" class="tref internalDFN">
+WebID
+<del class="diff-old">Profile:
+</del>
+<ins class="diff-chg">Profile
+</ins></a>:
+</p>
+<dl>
+<dt>
+foaf:mbox
+</dt>
+<dd>
+The
+e-mail
+address
+that
+is
+associated
+with
+the
+WebID
+<del class="diff-old">URL.
+
+</del>
+<ins class="diff-chg">URI.
+</ins>
+</dd>
+<dt>
+foaf:name
+</dt>
+<dd>
+The
+name
+that
+is
+most
+commonly
+used
+to
+refer
+to
+the
+individual
+or
+agent.
+</dd>
+<dt>
+foaf:depiction
+</dt>
+<dd>
+An
+image
+representation
+of
+the
+individual
+or
+agent.
+</dd>
+</dl>
+
+</div>
+<div about="#cryptographic-details" typeof="bibo:Chapter" id="cryptographic-details" class="normative section">
+<h4>
+<span class="secno">
+<del class="diff-old">2.4.2
+</del>
+<ins class="diff-chg">3.3.2
+</ins>
+</span>
+Cryptographic
+Details
+</h4>
+<p>
+Cryptographic
+details
+are
+important
+when
+<a href="#dfn-verification_agent" title="Verification_Agent" class="tref internalDFN">
+Verification
+Agent
+</a>
+s
+and
+
+<a href="#dfn-identification_agent" title="Identification_Agent" class="tref internalDFN">
+Identification
+Agent
+</a>
+s
+interact.
+The
+following
+properties
+<em title="should" class="rfc2119">
+should
+</em>
+be
+used
+when
+conveying
+cryptographic
+information
+in
+<a href="#dfn-webid_profile" title="WebID_Profile" class="tref internalDFN">
+WebID
+Profile
+</a>
+documents:
+</p>
+<dl>
+<dt>
+rsa:RSAPublicKey
+</dt>
+
+<dd>
+Expresses
+an
+RSA
+public
+key.
+The
+RSAPublicKey
+<em title="must" class="rfc2119">
+must
+</em>
+specify
+the
+rsa:modulus
+and
+rsa:public_exponent
+properties.
+</dd>
+<dt>
+cert:identity
+</dt>
+<dd>
+Used
+to
+associate
+an
+RSAPublicKey
+with
+a
+WebID
+<del class="diff-old">URL.
+</del>
+<ins class="diff-chg">URI.
+</ins>
+A
+WebID
+Profile
+
+<em title="must" class="rfc2119">
+must
+</em>
+contain
+at
+least
+one
+RSAPublicKey
+that
+is
+associated
+with
+the
+corresponding
+WebID
+<del class="diff-old">URL.
+</del>
+<ins class="diff-chg">URI.
+</ins>
+</dd>
+</dl>
+</div>
+</div>
+</div>
+<div about="#history" typeof="bibo:Chapter" class="appendix informative section" id="history">
+<h2>
+<span class="secno">
+<ins class="diff-chg">A.
+
+</ins></span>
+Change
+History
+</h2>
+<p>
+<em>
+This
+section
+is
+non-normative.
+</em>
+</p>
+<p>
+<a href="">
+<ins class="diff-new">2010-08-09
+</ins></a><ins class="diff-new">
+Updates
+from
+WebID
+community:
+moved
+OpenID/OAuth
+sections
+to
+separate
+document,
+switched
+to
+the
+URI
+terminology
+instead
+of
+URL,
+added
+"Creating
+the
+certificate"
+and
+"Publishing
+the
+WebID
+Profile
+document"
+sections
+with
+a
+WebID
+graph
+and
+serializations
+in
+Turtle
+and
+RDFa,
+improved
+SPARQL
+queries
+using
+literal
+notation
+with
+cert
+datatypes,
+updated
+list
+of
+contributors,
+and
+many
+other
+fixes.
+</ins></p><p>
+<a href="http://github.com/msporny/webid-spec/commit/b19d2812901b4511fdf9876c1be53bb36ee3201e">
+2010-07-25
+</a>
+
+Added
+WebID
+Profile
+section.
+</p>
+<p>
+<a href="http://github.com/msporny/webid-spec/commit/211d197510ca119c21ae48f3e5aa3f931ea88672">
+2010-07-18
+</a>
+Updates
+from
+WebID
+community
+related
+to
+RDF/XML
+support,
+authentication
+sequence
+corrections,
+abstract
+and
+introduction
+updates.
+</p>
+<p>
+<a href="http://github.com/msporny/webid-spec/commit/a54dee9c242b08edaac617d678215b389dd3556d">
+2010-07-11
+</a>
+Initial
+version.
+</p>
+</div>
+<div about="#acknowledgements" typeof="bibo:Chapter" class="informative section" id="acknowledgements">
+<h2>
+
+<span class="secno">
+<ins class="diff-chg">B.
+</ins></span>
+Acknowledgments
+</h2>
+<p>
+<em>
+This
+section
+is
+non-normative.
+</em>
+</p>
+<p>
+The
+following
+people
+have
+been
+instrumental
+in
+providing
+thoughts,
+feedback,
+reviews,
+criticism
+and
+input
+in
+the
+creation
+of
+this
+specification:
+</p>
+<ul>
+<li>
+Melvin
+Carvalho
+</li>
+
+<li>
+Bruno
+Harbulot
+</li>
+<li>
+Toby
+Inkster
+</li>
+<li>
+Ian
+Jacobi
+</li>
+<li>
+Jeff
+Sayre
+</li>
+<li>
+Henry
+Story
+</li>
+<li>
+<ins class="diff-new">Kingsley
+Idehen,
+OpenLink
+Software
+
+</ins></li><li><ins class="diff-new">
+Seth
+Russell
+</ins></li><li><ins class="diff-new">
+Sarven
+Capadisli
+</ins></li><li><ins class="diff-new">
+Nathan
+Rixham
+</ins></li>
+</ul>
+</div>
+<div about="#references" typeof="bibo:Chapter" class="appendix section" id="references">
+<h2>
+<span class="secno">
+<del class="diff-old">A.
+</del>
+<ins class="diff-chg">C.
+</ins>
+</span>
+
+References
+</h2>
+<div class="section" about="#normative-references" typeof="bibo:Chapter" id="normative-references">
+<h3>
+<span class="secno">
+<del class="diff-old">A.1
+</del>
+<ins class="diff-chg">C.1
+</ins>
+</span>
+Normative
+references
+</h3>
+<dl about="" class="bibliography">
+<dt id="bib-HTTP-TLS">
+[HTTP-TLS]
+</dt>
+<dd rel="dcterms:requires">
+
+E.
+Rescorla.
+<a href="http://www.ietf.org/rfc/rfc2818.txt">
+<cite>
+HTTP
+Over
+TLS.
+</cite>
+</a>
+May
+2000.
+Internet
+RFC
+2818.
+URL:
+<a href="http://www.ietf.org/rfc/rfc2818.txt">
+http://www.ietf.org/rfc/rfc2818.txt
+</a>
+</dd>
+<dt id="bib-N3">
+[N3]
+</dt>
+<dd rel="dcterms:requires">
+Tim
+Berners-Lee;
+Dan
+Connolly.
+<a href="http://www.w3.org/TeamSubmission/2008/SUBM-n3-20080114/">
+
+<cite>
+Notation3
+(N3):
+A
+readable
+RDF
+syntax.
+</cite>
+</a>
+14
+January
+2008.
+W3C
+Team
+Submission.
+URL:
+<a href="http://www.w3.org/TeamSubmission/2008/SUBM-n3-20080114/">
+http://www.w3.org/TeamSubmission/2008/SUBM-n3-20080114/
+</a>
+</dd>
+<dt id="bib-RDF-PRIMER">
+[RDF-PRIMER]
+</dt>
+<dd rel="dcterms:requires">
+Frank
+Manola;
+Eric
+Miller.
+<a href="http://www.w3.org/TR/2004/REC-rdf-primer-20040210/">
+<cite>
+RDF
+Primer.
+
+</cite>
+</a>
+10
+February
+2004.
+W3C
+Recommendation.
+URL:
+<a href="http://www.w3.org/TR/2004/REC-rdf-primer-20040210/">
+http://www.w3.org/TR/2004/REC-rdf-primer-20040210/
+</a>
+</dd>
+<dt id="bib-RDF-SYNTAX-GRAMMAR">
+[RDF-SYNTAX-GRAMMAR]
+</dt>
+<dd rel="dcterms:requires">
+Dave
+Beckett.
+<a href="http://www.w3.org/TR/2004/REC-rdf-syntax-grammar-20040210">
+<cite>
+RDF/XML
+Syntax
+Specification
+(Revised).
+</cite>
+</a>
+
+10
+February
+2004.
+W3C
+Recommendation.
+URL:
+<a href="http://www.w3.org/TR/2004/REC-rdf-syntax-grammar-20040210">
+http://www.w3.org/TR/2004/REC-rdf-syntax-grammar-20040210
+</a>
+</dd>
+<dt id="bib-RDFA-CORE">
+[RDFA-CORE]
+</dt>
+<dd rel="dcterms:requires">
+Shane
+McCarron;
+et
+al.
+<a href="http://www.w3.org/TR/2010/WD-rdfa-core-20100803">
+<cite>
+RDFa
+Core
+1.1:
+Syntax
+and
+processing
+rules
+for
+embedding
+RDF
+through
+attributes.
+</cite>
+</a>
+<del class="diff-old">22
+April
+</del>
+
+<ins class="diff-chg">3
+August
+</ins>
+2010.
+W3C
+Working
+Draft.
+URL:
+<del class="diff-old">http://www.w3.org/TR/2010/WD-rdfa-core-20100422
+</del>
+<a href="http://www.w3.org/TR/2010/WD-rdfa-core-20100803">
+<ins class="diff-chg">http://www.w3.org/TR/2010/WD-rdfa-core-20100803
+</ins>
+</a>
+</dd>
+<dt id="bib-TURTLE">
+[TURTLE]
+</dt>
+<dd rel="dcterms:requires">
+David
+Beckett,
+Tim
+Berners-Lee.
+<a href="http://www.w3.org/TeamSubmission/turtle/">
+Turtle:
+Terse
+RDF
+Triple
+Language
+
+</a>
+January
+2008.
+W3C
+Team
+Submission.
+URL:
+<a href="http://www.w3.org/TeamSubmission/turtle/">
+http://www.w3.org/TeamSubmission/turtle/
+</a>
+</dd>
+<dt id="bib-X509V3">
+[X509V3]
+</dt>
+<dd rel="dcterms:requires">
+<cite>
+ITU-T
+Recommendation
+X.509
+version
+3
+(1997).
+"Information
+Technology
+-
+Open
+Systems
+Interconnection
+-
+The
+Directory
+Authentication
+<del class="diff-old">Framework"
+</del>
+<ins class="diff-chg">Framework"
+</ins>
+
+ISO/IEC
+9594-8:1997
+</cite>.
+</dd>
+<dt id="bib-XHTML-RDFA">
+[XHTML-RDFA]
+</dt>
+<dd rel="dcterms:requires">
+Shane
+McCarron;
+et.
+al.
+<a href="http://www.w3.org/TR/2010/WD-xhtml-rdfa-20100803">
+<cite>
+XHTML+RDFa
+1.1.
+</cite>
+</a>
+<del class="diff-old">22
+April
+</del>
+<ins class="diff-chg">3
+August
+</ins>
+
+2010.
+W3C
+Working
+Draft.
+URL:
+<del class="diff-old">http://www.w3.org/TR/WD-xhtml-rdfa-20100422
+</del>
+<a href="http://www.w3.org/TR/2010/WD-xhtml-rdfa-20100803">
+<ins class="diff-chg">http://www.w3.org/TR/WD-xhtml-rdfa-20100803
+</ins>
+</a>
+</dd>
+</dl>
+</div>
+<div class="section" about="#informative-references" typeof="bibo:Chapter" id="informative-references">
+<h3>
+<span class="secno">
+<del class="diff-old">A.2
+</del>
+<ins class="diff-chg">C.2
+</ins>
+
+</span>
+Informative
+references
+</h3>
+<dl about="" class="bibliography">
+<dt id="bib-RDF-CONCEPTS">
+[RDF-CONCEPTS]
+</dt>
+<dd rel="dcterms:references">
+Graham
+Klyne;
+Jeremy
+J.
+Carroll.
+<a href="http://www.w3.org/TR/2004/REC-rdf-concepts-20040210">
+<cite>
+Resource
+Description
+Framework
+(RDF):
+Concepts
+and
+Abstract
+Syntax.
+</cite>
+</a>
+10
+February
+2004.
+W3C
+Recommendation.
+URL:
+<a href="http://www.w3.org/TR/2004/REC-rdf-concepts-20040210">
+http://www.w3.org/TR/2004/REC-rdf-concepts-20040210
+
+</a>
+</dd>
+</dl>
+</div>
+</div>
+</body>
+</html>
Binary file spec/drafts/ED-webid-20100809/img/WebIdGraph.jpg has changed
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/spec/drafts/ED-webid-20100809/index.html Wed Feb 02 17:27:40 2011 -0500
@@ -0,0 +1,1177 @@
+<?xml version='1.0' encoding='UTF-8'?>
+<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML+RDFa 1.0//EN' 'http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd'>
+<html dir="ltr" about="" property="dcterms:language" content="en" xmlns="http://www.w3.org/1999/xhtml" xmlns:dcterms='http://purl.org/dc/terms/' xmlns:bibo='http://purl.org/ontology/bibo/' xmlns:foaf='http://xmlns.com/foaf/0.1/' xmlns:xsd='http://www.w3.org/2001/XMLSchema#'>
+<head>
+
+
+
+ <title>WebID 1.0</title>
+ <meta content="text/html;charset=utf-8" http-equiv="Content-Type" />
+
+<!--
+ === NOTA BENE ===
+ For the three scripts below, if your spec resides on dev.w3 you can check them
+ out in the same tree and use relative links so that they'll work offline,
+ -->
+
+<style type="text/css">
+code { font-family: monospace; }
+
+span.hilite { color: red; /* font-weight: bold */ }
+
+li p { margin-top: 0.3em;
+ margin-bottom: 0.3em; }
+
+div.explanation { background-color: #ADD8E6;
+ width: 80%;
+ margin: 12px; padding: 8px; }
+div.explanation li { margin-top: 8px; }
+div.explanation dd { margin: 4px; }
+
+.adef {
+ font-family: monospace;
+ font-weight: bold;
+ color: #ff4500 !important;
+}
+
+.aref {
+ font-family: monospace;
+ font-weight: bold;
+ color: #ff4500 !important;
+}
+
+span.entity { color: red; }
+
+span.element { color: green; }
+</style>
+
+
+
+<!-- <script src='/ReSpec.js/js/respec.js' class='remove'></script> -->
+
+
+ <style type="text/css">
+/*****************************************************************
+ * ReSpec CSS
+ * Robin Berjon (robin at berjon dot com)
+ * v0.05 - 2009-07-31
+ *****************************************************************/
+
+
+/* --- INLINES --- */
+em.rfc2119 {
+ text-transform: lowercase;
+ font-variant: small-caps;
+ font-style: normal;
+ color: #900;
+}
+
+h1 acronym, h2 acronym, h3 acronym, h4 acronym, h5 acronym, h6 acronym, a acronym,
+h1 abbr, h2 abbr, h3 abbr, h4 abbr, h5 abbr, h6 abbr, a abbr {
+ border: none;
+}
+
+dfn {
+ font-weight: bold;
+}
+
+a.internalDFN {
+ color: inherit;
+ border-bottom: medium solid #99c;
+ text-decoration: none;
+}
+
+a.externalDFN {
+ color: inherit;
+ border-bottom: medium dotted #ccc;
+ text-decoration: none;
+}
+
+a.bibref {
+ text-decoration: none;
+}
+
+code {
+ color: #ff4500;
+}
+
+
+/* --- WEB IDL --- */
+pre.idl {
+ border-top: 1px solid #90b8de;
+ border-bottom: 1px solid #90b8de;
+ padding: 1em;
+ line-height: 120%;
+}
+
+pre.idl::before {
+ content: "WebIDL";
+ display: block;
+ width: 150px;
+ background: #90b8de;
+ color: #fff;
+ font-family: initial;
+ padding: 3px;
+ font-weight: bold;
+ margin: -1em 0 1em -1em;
+}
+
+.idlType {
+ color: #ff4500;
+ font-weight: bold;
+ text-decoration: none;
+}
+
+/*.idlModule*/
+/*.idlModuleID*/
+/*.idlInterface*/
+.idlInterfaceID {
+ font-weight: bold;
+ color: #005a9c;
+}
+
+.idlSuperclass {
+ font-style: italic;
+ color: #005a9c;
+}
+
+/*.idlAttribute*/
+.idlAttrType, .idlFieldType {
+ color: #005a9c;
+}
+.idlAttrName, .idlFieldName {
+ color: #ff4500;
+}
+.idlAttrName a, .idlFieldName a {
+ color: #ff4500;
+ border-bottom: 1px dotted #ff4500;
+ text-decoration: none;
+}
+
+/*.idlMethod*/
+.idlMethType {
+ color: #005a9c;
+}
+.idlMethName {
+ color: #ff4500;
+}
+.idlMethName a {
+ color: #ff4500;
+ border-bottom: 1px dotted #ff4500;
+ text-decoration: none;
+}
+
+/*.idlParam*/
+.idlParamType {
+ color: #005a9c;
+}
+.idlParamName {
+ font-style: italic;
+}
+
+.extAttr {
+ color: #666;
+}
+
+/*.idlConst*/
+.idlConstType {
+ color: #005a9c;
+}
+.idlConstName {
+ color: #ff4500;
+}
+.idlConstName a {
+ color: #ff4500;
+ border-bottom: 1px dotted #ff4500;
+ text-decoration: none;
+}
+
+/*.idlException*/
+.idlExceptionID {
+ font-weight: bold;
+ color: #c00;
+}
+
+.idlTypedefID, .idlTypedefType {
+ color: #005a9c;
+}
+
+.idlRaises, .idlRaises a.idlType, .idlRaises a.idlType code, .excName a, .excName a code {
+ color: #c00;
+ font-weight: normal;
+}
+
+.excName a {
+ font-family: monospace;
+}
+
+.idlRaises a.idlType, .excName a.idlType {
+ border-bottom: 1px dotted #c00;
+}
+
+.excGetSetTrue, .excGetSetFalse, .prmNullTrue, .prmNullFalse, .prmOptTrue, .prmOptFalse {
+ width: 45px;
+ text-align: center;
+}
+.excGetSetTrue, .prmNullTrue, .prmOptTrue { color: #0c0; }
+.excGetSetFalse, .prmNullFalse, .prmOptFalse { color: #c00; }
+
+.idlImplements a {
+ font-weight: bold;
+}
+
+dl.attributes, dl.methods, dl.constants, dl.fields {
+ margin-left: 2em;
+}
+
+.attributes dt, .methods dt, .constants dt, .fields dt {
+ font-weight: normal;
+}
+
+.attributes dt code, .methods dt code, .constants dt code, .fields dt code {
+ font-weight: bold;
+ color: #000;
+ font-family: monospace;
+}
+
+.attributes dt code, .fields dt code {
+ background: #ffffd2;
+}
+
+.attributes dt .idlAttrType code, .fields dt .idlFieldType code {
+ color: #005a9c;
+ background: transparent;
+ font-family: inherit;
+ font-weight: normal;
+ font-style: italic;
+}
+
+.methods dt code {
+ background: #d9e6f8;
+}
+
+.constants dt code {
+ background: #ddffd2;
+}
+
+.attributes dd, .methods dd, .constants dd, .fields dd {
+ margin-bottom: 1em;
+}
+
+table.parameters, table.exceptions {
+ border-spacing: 0;
+ border-collapse: collapse;
+ margin: 0.5em 0;
+ width: 100%;
+}
+table.parameters { border-bottom: 1px solid #90b8de; }
+table.exceptions { border-bottom: 1px solid #deb890; }
+
+.parameters th, .exceptions th {
+ color: #fff;
+ padding: 3px 5px;
+ text-align: left;
+ font-family: initial;
+ font-weight: normal;
+ text-shadow: #666 1px 1px 0;
+}
+.parameters th { background: #90b8de; }
+.exceptions th { background: #deb890; }
+
+.parameters td, .exceptions td {
+ padding: 3px 10px;
+ border-top: 1px solid #ddd;
+ vertical-align: top;
+}
+
+.parameters tr:first-child td, .exceptions tr:first-child td {
+ border-top: none;
+}
+
+.parameters td.prmName, .exceptions td.excName, .exceptions td.excCodeName {
+ width: 100px;
+}
+
+.parameters td.prmType {
+ width: 120px;
+}
+
+table.exceptions table {
+ border-spacing: 0;
+ border-collapse: collapse;
+ width: 100%;
+}
+
+/* --- TOC --- */
+.toc a {
+ text-decoration: none;
+}
+
+a .secno {
+ color: #000;
+}
+
+/* --- TABLE --- */
+table.simple {
+ border-spacing: 0;
+ border-collapse: collapse;
+ border-bottom: 3px solid #005a9c;
+}
+
+.simple th {
+ background: #005a9c;
+ color: #fff;
+ padding: 3px 5px;
+ text-align: left;
+}
+
+.simple th[scope="row"] {
+ background: inherit;
+ color: inherit;
+ border-top: 1px solid #ddd;
+}
+
+.simple td {
+ padding: 3px 10px;
+ border-top: 1px solid #ddd;
+}
+
+.simple tr:nth-child(even) {
+ background: #f0f6ff;
+}
+
+/* --- DL --- */
+.section dd > p:first-child {
+ margin-top: 0;
+}
+
+.section dd > p:last-child {
+ margin-bottom: 0;
+}
+
+.section dd {
+ margin-bottom: 1em;
+}
+
+.section dl.attrs dd, .section dl.eldef dd {
+ margin-bottom: 0;
+}
+
+/* --- EXAMPLES --- */
+pre.example {
+ border-top: 1px solid #ff4500;
+ border-bottom: 1px solid #ff4500;
+ padding: 1em;
+ margin-top: 1em;
+}
+
+pre.example::before {
+ content: "Example";
+ display: block;
+ width: 150px;
+ background: #ff4500;
+ color: #fff;
+ font-family: initial;
+ padding: 3px;
+ font-weight: bold;
+ margin: -1em 0 1em -1em;
+}
+
+/* --- EDITORIAL NOTES --- */
+.issue {
+ padding: 1em;
+ border: 1px solid #f00;
+ background: #ffc;
+}
+
+.issue::before {
+ content: "Issue";
+ display: block;
+ width: 150px;
+ margin: -1.5em 0 0.5em 0;
+ font-weight: bold;
+ border: 1px solid #f00;
+ background: #fff;
+ padding: 3px 1em;
+}
+
+.note {
+ padding: 1em;
+ border: 2px solid #cff6d9;
+ background: #e2fff0;
+}
+
+.note::before {
+ content: "Note";
+ display: block;
+ width: 150px;
+ margin: -1.5em 0 0.5em 0;
+ font-weight: bold;
+ border: 1px solid #cff6d9;
+ background: #fff;
+ padding: 3px 1em;
+}
+
+/* --- SYNTAX HIGHLIGHTING --- */
+pre.sh_sourceCode {
+ background-color: white;
+ color: black;
+ font-style: normal;
+ font-weight: normal;
+}
+
+pre.sh_sourceCode .sh_keyword { color: #005a9c; font-weight: bold; } /* language keywords */
+pre.sh_sourceCode .sh_type { color: #666; } /* basic types */
+pre.sh_sourceCode .sh_usertype { color: teal; } /* user defined types */
+pre.sh_sourceCode .sh_string { color: red; font-family: monospace; } /* strings and chars */
+pre.sh_sourceCode .sh_regexp { color: orange; font-family: monospace; } /* regular expressions */
+pre.sh_sourceCode .sh_specialchar { color: #ffc0cb; font-family: monospace; } /* e.g., \n, \t, \\ */
+pre.sh_sourceCode .sh_comment { color: #A52A2A; font-style: italic; } /* comments */
+pre.sh_sourceCode .sh_number { color: purple; } /* literal numbers */
+pre.sh_sourceCode .sh_preproc { color: #00008B; font-weight: bold; } /* e.g., #include, import */
+pre.sh_sourceCode .sh_symbol { color: blue; } /* e.g., *, + */
+pre.sh_sourceCode .sh_function { color: black; font-weight: bold; } /* function calls and declarations */
+pre.sh_sourceCode .sh_cbracket { color: red; } /* block brackets (e.g., {, }) */
+pre.sh_sourceCode .sh_todo { font-weight: bold; background-color: #00FFFF; } /* TODO and FIXME */
+
+/* Predefined variables and functions (for instance glsl) */
+pre.sh_sourceCode .sh_predef_var { color: #00008B; }
+pre.sh_sourceCode .sh_predef_func { color: #00008B; font-weight: bold; }
+
+/* for OOP */
+pre.sh_sourceCode .sh_classname { color: teal; }
+
+/* line numbers (not yet implemented) */
+pre.sh_sourceCode .sh_linenum { display: none; }
+
+/* Internet related */
+pre.sh_sourceCode .sh_url { color: blue; text-decoration: underline; font-family: monospace; }
+
+/* for ChangeLog and Log files */
+pre.sh_sourceCode .sh_date { color: blue; font-weight: bold; }
+pre.sh_sourceCode .sh_time, pre.sh_sourceCode .sh_file { color: #00008B; font-weight: bold; }
+pre.sh_sourceCode .sh_ip, pre.sh_sourceCode .sh_name { color: #006400; }
+
+/* for Prolog, Perl... */
+pre.sh_sourceCode .sh_variable { color: #006400; }
+
+/* for LaTeX */
+pre.sh_sourceCode .sh_italics { color: #006400; font-style: italic; }
+pre.sh_sourceCode .sh_bold { color: #006400; font-weight: bold; }
+pre.sh_sourceCode .sh_underline { color: #006400; text-decoration: underline; }
+pre.sh_sourceCode .sh_fixed { color: green; font-family: monospace; }
+pre.sh_sourceCode .sh_argument { color: #006400; }
+pre.sh_sourceCode .sh_optionalargument { color: purple; }
+pre.sh_sourceCode .sh_math { color: orange; }
+pre.sh_sourceCode .sh_bibtex { color: blue; }
+
+/* for diffs */
+pre.sh_sourceCode .sh_oldfile { color: orange; }
+pre.sh_sourceCode .sh_newfile { color: #006400; }
+pre.sh_sourceCode .sh_difflines { color: blue; }
+
+/* for css */
+pre.sh_sourceCode .sh_selector { color: purple; }
+pre.sh_sourceCode .sh_property { color: blue; }
+pre.sh_sourceCode .sh_value { color: #006400; font-style: italic; }
+
+/* other */
+pre.sh_sourceCode .sh_section { color: black; font-weight: bold; }
+pre.sh_sourceCode .sh_paren { color: red; }
+pre.sh_sourceCode .sh_attribute { color: #006400; }
+
+</style><link href="http://www.w3.org/StyleSheets/TR/w3c-unofficial" rel="stylesheet" type="text/css" charset="utf-8" /></head><body style="display: inherit;"><div class="head"><p></p><h1 id="title" class="title" property="dcterms:title">WebID 1.0</h1><h2 id="subtitle" property="bibo:subtitle">Web Identification and Discovery</h2><h2 content="2010-08-09T16:28:49+0000" datatype="xsd:dateTime" property="dcterms:issued" id="unofficial-draft-09-august-2010">Unofficial Draft 09 August 2010</h2><dl><dt>Editors:</dt><dd rel="bibo:editor"><span typeof="foaf:Person"><span property="foaf:name">Manu Sporny</span>, <a href="http://blog.digitalbazaar.com/" rel="foaf:workplaceHomepage">Digital Bazaar, Inc.</a> <a href="mailto:msporny@digitalbazaar.com" rel="foaf:mbox">msporny@digitalbazaar.com</a> </span>
+</dd>
+<dd rel="bibo:editor"><span typeof="foaf:Person"><span property="foaf:name">Stéphane Corlosquet</span>, <a href="http://massgeneral.org/" rel="foaf:workplaceHomepage">Massachusetts General Hospital</a> <a href="mailto:scorlosquet@gmail.com" rel="foaf:mbox">scorlosquet@gmail.com</a> </span>
+</dd>
+<dt>Authors:</dt><dd rel="dcterms:contributor"><span typeof="foaf:Person"><a href="http://tobyinkster.co.uk/" content="Toby Inkster" property="foaf:name" rel="foaf:homepage">Toby Inkster</a></span>
+</dd>
+<dd rel="dcterms:contributor"><span typeof="foaf:Person"><a href="http://bblfish.net/" content="Henry Story" property="foaf:name" rel="foaf:homepage">Henry Story</a></span>
+</dd>
+<dd rel="dcterms:contributor"><span typeof="foaf:Person"><a href="http://blog.distributedmatter.net/" content="Bruno Harbulot" property="foaf:name" rel="foaf:homepage">Bruno Harbulot</a></span>
+</dd>
+<dd rel="dcterms:contributor"><span typeof="foaf:Person"><a href="http://trialox.org/" content="Reto Bachmann-Gmür" property="foaf:name" rel="foaf:homepage">Reto Bachmann-Gmür</a></span>
+</dd>
+</dl><p>This document is also available in this non-normative format: <a href="drafts/ED-webid-20100809/diff-20100725.html">Diff from previous Editors Draft</a>.</p><p class="copyright">This document is licensed under a <a rel="license" href="http://creativecommons.org/licenses/by/3.0/" class="subfoot">Creative Commons Attribution 3.0 License</a>.</p><hr /></div>
+ <div id="abstract" class="introductory section" property="dcterms:abstract" datatype="" typeof="bibo:Chapter" about="#abstract"><h2>Abstract</h2>
+
+<p>Social networking, identity and privacy have been at the center of how we
+interact with the Web in the last decade. The explosion of social networking
+sites has brought the world closer together as well as created new points of
+pain regarding ease of use and the Web. Remembering login details, passwords,
+and sharing private information across the many websites and social groups
+that we are a part of has become more difficult and complicated than necessary.
+The Social Web is designed to ensure that control of identity and privacy
+settings is always simple and under one's control. WebID is a key enabler of the
+Social Web. This specification outlines a simple universal identification
+mechanism that is distributed, openly extensible, improves privacy, security
+and control over how one can identify themselves and control access to their
+information on the Web.
+</p>
+
+<div typeof="bibo:Chapter" about="#how-to-read-this-document" class="section">
+<h3 id="how-to-read-this-document">How to Read this Document</h3>
+
+<p>There are a number of concepts that are covered in this document that the
+reader may want to be aware of before continuing. General knowledge of
+<a href="http://en.wikipedia.org/wiki/Public_key_cryptography">public key cryptography</a>
+and RDF [<cite><a class="bibref" rel="biblioentry" href="#bib-RDF-PRIMER">RDF-PRIMER</a></cite>] and RDFa [<cite><a class="bibref" rel="biblioentry" href="#bib-RDFA-CORE">RDFA-CORE</a></cite>] is necessary to understand how
+to implement this specification. WebID uses a number of specific technologies
+like HTTP over TLS [<cite><a class="bibref" rel="biblioentry" href="#bib-HTTP-TLS">HTTP-TLS</a></cite>], X.509 certificates [<cite><a class="bibref" rel="biblioentry" href="#bib-X509V3">X509V3</a></cite>],
+RDF/XML [<cite><a class="bibref" rel="biblioentry" href="#bib-RDF-SYNTAX-GRAMMAR">RDF-SYNTAX-GRAMMAR</a></cite>] and XHTML+RDFa [<cite><a class="bibref" rel="biblioentry" href="#bib-XHTML-RDFA">XHTML-RDFA</a></cite>].</p>
+
+<p>A general <a href="#introduction">Introduction</a> is provided for all that
+would like to understand why this specification is necessary to simplify usage
+of the Web.</p>
+
+<p>The terms used throughout this specification are listed in the section
+titled <a href="#terminology">Terminology</a>.</p>
+
+<p>Developers that are interested in implementing this specification will be
+most interested in the sections titled
+<a href="#authentication-sequence">Authentication Sequence</a> and
+<a href="#authentication-sequence-details">Authentication Sequence Details</a>.</p>
+
+</div>
+</div><div class="introductory section" id="sotd" typeof="bibo:Chapter" about="#sotd"><h2>Status of This Document</h2><p>This document is merely a public working draft of a potential specification. It has no official standing of any kind and does not represent the support or consensus of any standards organisation.</p>
+
+<!-- <p>This document has been reviewed by W3C Members, by software
+developers, and by other W3C groups and interested parties, and is
+endorsed by the Director as a W3C Recommendation. It is a stable
+document and may be used as reference material or cited from another
+document. W3C's role in making the Recommendation is to draw attention
+to the specification and to promote its widespread deployment. This
+enhances the functionality and interoperability of the Web.</p> -->
+
+
+The source code for this document is available via Github at the following
+URI: <a href="http://github.com/msporny/webid-spec">http://github.com/msporny/webid-spec</a>
+
+</div><div id="toc" typeof="bibo:Chapter" about="#toc" class="section"><h2 class="introductory">Table of Contents</h2><ul class="toc"><li class="tocline"><a href="#introduction" class="tocxref"><span class="secno">1. </span>Introduction</a><ul class="toc"><li class="tocline"><a href="#motivation" class="tocxref"><span class="secno">1.1 </span>Motivation</a></li></ul></li><li class="tocline"><a href="#preconditions" class="tocxref"><span class="secno">2. </span>Preconditions</a><ul class="toc"><li class="tocline"><a href="#terminology" class="tocxref"><span class="secno">2.1 </span>Terminology</a></li><li class="tocline"><a href="#creating-the-certificate" class="tocxref"><span class="secno">2.2 </span>Creating the certificate</a></li><li class="tocline"><a href="#publishing-the-webid-profile-document" class="tocxref"><span class="secno">2.3 </span>Publishing the WebID Profile Document</a><ul class="toc"><li class="tocline"><a href="#turtle" class="tocxref"><span class="secno">2.3.1 </span>Turtle</a></li><li class="tocline"><a href="#rdfa-html-notation" class="tocxref"><span class="secno">2.3.2 </span>RDFa HTML notation</a></li><li class="tocline"><a href="#in-rdf-xml" class="tocxref"><span class="secno">2.3.3 </span>In RDF/XML</a></li><li class="tocline"><a href="#in-portable-contacts-format-using-grddl" class="tocxref"><span class="secno">2.3.4 </span>In Portable Contacts format using GRDDL</a></li></ul></li></ul></li><li class="tocline"><a href="#the-webid-protocol" class="tocxref"><span class="secno">3. </span>The WebID Protocol</a><ul class="toc"><li class="tocline"><a href="#authentication-sequence" class="tocxref"><span class="secno">3.1 </span>Authentication Sequence</a></li><li class="tocline"><a href="#authentication-sequence-details" class="tocxref"><span class="secno">3.2 </span>Authentication Sequence Details</a><ul class="toc"><li class="tocline"><a href="#initiating-a-tls-connection" class="tocxref"><span class="secno">3.2.1 </span>Initiating a TLS Connection</a></li><li class="tocline"><a href="#exchanging-the-identification-certificate" class="tocxref"><span class="secno">3.2.2 </span>Exchanging the Identification Certificate</a></li><li class="tocline"><a href="#processing-the-webid-profile" class="tocxref"><span class="secno">3.2.3 </span>Processing the WebID Profile</a></li><li class="tocline"><a href="#verifying-the-webid-is-identified-by-that-public-key" class="tocxref"><span class="secno">3.2.4 </span>Verifying the WebID is identified by that public key</a></li><li class="tocline"><a href="#authorization" class="tocxref"><span class="secno">3.2.5 </span>Authorization</a></li><li class="tocline"><a href="#secure-communication" class="tocxref"><span class="secno">3.2.6 </span>Secure Communication</a></li></ul></li><li class="tocline"><a href="#the-webid-profile" class="tocxref"><span class="secno">3.3 </span>The WebID Profile</a><ul class="toc"><li class="tocline"><a href="#personal-information" class="tocxref"><span class="secno">3.3.1 </span>Personal Information</a></li><li class="tocline"><a href="#cryptographic-details" class="tocxref"><span class="secno">3.3.2 </span>Cryptographic Details</a></li></ul></li></ul></li><li class="tocline"><a href="#history" class="tocxref"><span class="secno">A. </span>Change History</a></li><li class="tocline"><a href="#acknowledgements" class="tocxref"><span class="secno">B. </span>Acknowledgments</a></li><li class="tocline"><a href="#references" class="tocxref"><span class="secno">C. </span>References</a><ul class="toc"><li class="tocline"><a href="#normative-references" class="tocxref"><span class="secno">C.1 </span>Normative references</a></li><li class="tocline"><a href="#informative-references" class="tocxref"><span class="secno">C.2 </span>Informative references</a></li></ul></li></ul></div>
+
+
+
+<div class="informative section" id="introduction" typeof="bibo:Chapter" about="#introduction">
+
+<!-- OddPage -->
+<h2><span class="secno">1. </span>Introduction</h2><p><em>This section is non-normative.</em></p>
+
+<p>
+The WebID specification is designed to help alleviate the difficultly that
+remembering different logins, passwords and settings for websites has created.
+It is also designed to provide a universal and extensible mechanism to express
+public and private information about yourself. This section outlines the
+motivation behind the specification and the relationship to other similar
+specifications that are in active use today.
+</p>
+
+<div class="informative section" id="motivation" typeof="bibo:Chapter" about="#motivation">
+<h3><span class="secno">1.1 </span>Motivation</h3><p><em>This section is non-normative.</em></p>
+
+<p>
+It is a fundamental design criteria of the Web to enable individuals and
+organizations to control how they interact with the rest of society. This
+includes how one expresses their identity, public information and personal
+details to social networks, Web sites and services.
+</p>
+
+<p>
+Semantic Web vocabularies such as Friend-of-a-Friend (FOAF) permit distributed
+hyperlinked social networks to exist. This vocabulary, along with other
+vocabularies, allow one to add information and services protection to
+distributed social networks.
+</p>
+
+<p>
+One major criticism of open networks is that they seem to have no way of
+protecting the personal information distributed on the web or limiting
+access to resources. Few people are willing to make all their personal
+information public, many would like large pieces to be protected, making
+it available only to a selected group of agents. Giving access to
+information is very similar to giving access to services. There are many
+occasions when people would like services to only be accessible to
+members of a group, such as allowing only friends, family members,
+colleagues to post an article, photo or comment on a blog. How does one do
+this in a flexible way, without requiring a central point of
+access control?
+</p>
+
+<p>
+Using a process made popular by OpenID, we show how one can tie a User
+Agent to a URI by proving that one has write access to the URI.
+WebID is an authentication protocol which uses X.509
+certificates to associate a User Agent (Browser) to a Person identified via a URI.
+WebID is compatible with OpenID and provides a few additional features such as
+trust management via digital signatures, and free-form
+extensibility via RDF. By using the existing SSL certificate exchange
+mechanism, WebID integrates smoothly with existing Web browsers, including
+browsers on mobile devices. WebID also permits automated session login
+in addition to interactive session login. Additionally, all data is encrypted
+and guaranteed to only be received by the person or organization that was
+intended to receive it.
+</p>
+
+</div>
+
+</div>
+
+<div id="preconditions" typeof="bibo:Chapter" about="#preconditions" class="section">
+
+<!-- OddPage -->
+<h2><span class="secno">2. </span>Preconditions</h2>
+
+<div id="terminology" typeof="bibo:Chapter" about="#terminology" class="section">
+<h3><span class="secno">2.1 </span>Terminology</h3>
+
+<dl>
+
+<dt><dfn title="Verification_Agent" id="dfn-verification_agent">Verification Agent</dfn></dt>
+<dd>Performs authentication on provided WebID credentials and determines if
+an <a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent">Identification Agent</a> can have access to a particular
+resource. A <a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">Verification Agent</a> is typically a Web server, but
+may also be a peer on a peer-to-peer network.</dd>
+
+<dt><dfn title="Identification_Agent" id="dfn-identification_agent">Identification Agent</dfn></dt>
+<dd>Provides identification credentials to a <a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">Verification Agent</a>. The
+<a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent">Identification Agent</a> is typically also a User Agent.</dd>
+
+<dt><dfn title="Identification_Certificate" id="dfn-identification_certificate">Identification Certificate</dfn></dt>
+<dd>An X.509 [<cite><a class="bibref" rel="biblioentry" href="#bib-X509V3">X509V3</a></cite>] Certificate that <em class="rfc2119" title="must">must</em> contain a
+<code>Subject Alternative Name</code> extension with a URI entry. The URI
+identifies the <a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent">Identification Agent</a>. The URI <em class="rfc2119" title="should">should</em> be
+dereference-able and result in a document containing RDF data. For example,
+the certificate would contain <code>http://example.org/webid#public</code>,
+known as a <a class="tref internalDFN" title="WebID_URI" href="#dfn-webid_uri">WebID URI</a>, as the <code>Subject Alternative Name</code>:
+<pre>
+X509v3 extensions:
+ ...
+ X509v3 Subject Alternative Name:
+ URI:http://example.org/webid#public
+</pre>
+<p class="issue">TODO: cover the case where there are more than one URI entry</p>
+</dd>
+
+<dt><dfn title="WebID_URI" id="dfn-webid_uri">WebID URI</dfn></dt>
+<dd>A URI specified via the <code>Subject Alternative Name</code> extension
+of the <a class="tref internalDFN" title="Identification_Certificate" href="#dfn-identification_certificate">Identification Certificate</a> that identifies an
+<a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent">Identification Agent</a>.</dd>
+
+<dt><dfn title="public_key" id="dfn-public_key">public key</dfn></dt>
+<dd>A widely distributed cryptographic key that can be used to verify
+digital signatures and encrypt data between a sender and a receiver. A public
+key is always included in an <a class="tref internalDFN" title="Identification_Certificate" href="#dfn-identification_certificate">Identification Certificate</a>.</dd>
+
+<dt><dfn title="WebID_Profile" id="dfn-webid_profile">WebID Profile</dfn></dt>
+<dd>
+A structured document that contains identification credentials for the
+<a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent">Identification Agent</a> expressed using the Resource Description
+Framework [<cite><a class="bibref" rel="biblioentry" href="#bib-RDF-CONCEPTS">RDF-CONCEPTS</a></cite>]. Either the XHTML+RDFa 1.1 [<cite><a class="bibref" rel="biblioentry" href="#bib-XHTML-RDFA">XHTML-RDFA</a></cite>]
+serialization format or the RDF/XML [<cite><a class="bibref" rel="biblioentry" href="#bib-RDF-SYNTAX-GRAMMAR">RDF-SYNTAX-GRAMMAR</a></cite>] serialization
+format <em class="rfc2119" title="must">must</em> be supported by the mechanism, e.g. a Web Service, providing the
+WebID Profile document. Alternate RDF serialization
+formats, such as N3 [<cite><a class="bibref" rel="biblioentry" href="#bib-N3">N3</a></cite>] or Turtle [<cite><a class="bibref" rel="biblioentry" href="#bib-TURTLE">TURTLE</a></cite>], <em class="rfc2119" title="may">may</em> be supported by the
+mechanism providing the WebID Profile document.
+<p class="issue">Whether or not RDF/XML, XHTML+RDFa 1.1, both or neither
+serialization of RDF should be required serialization formats in the
+specification is currently under heavy debate.</p>
+</dd>
+
+</dl>
+
+
+</div>
+
+
+<div class="normative section" id="creating-the-certificate" typeof="bibo:Chapter" about="#creating-the-certificate">
+<h3><span class="secno">2.2 </span>Creating the certificate</h3>
+
+<p>The user agent will create a <a class="tref internalDFN" title="Identification_Certificate" href="#dfn-identification_certificate">Identification Certificate</a> with a
+<code>Subject Alternative Name</code> URI entry. This URI must be one that
+dereferences to a document the user controls so that he can publish the
+public key of the <a class="tref internalDFN" title="Identification_Certificate" href="#dfn-identification_certificate">Identification Certificate</a> at this URI.</p>
+<p>For example, if a user Joe controls <code>http://joe.example/profile</code>,
+then his WebID can be <code>http://joe.example/profile#me</code></p>
+
+<p class="issue">explain why the WebID URI is different from the URI of the WebID profile document.</p>
+
+<p>As an example to use throughout this specification here is the
+following certificate as an output of the openssl program.</p>
+<p class="example">
+</p><pre>
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ 5f:df:d6:be:2c:73:c1:fb:aa:2a:2d:23:a6:91:3b:5c
+ Signature Algorithm: sha1WithRSAEncryption
+ <span style="color: red;">Issuer:</span> O=FOAF+SSL, OU=The Community of Self Signers, CN=Not a Certification Authority
+ Validity
+ Not Before: Jun 8 14:16:14 2010 GMT
+ Not After : Jun 8 16:16:14 2010 GMT
+ <span style="color: red;">Subject:</span> O=FOAF+SSL, OU=The Community Of Self Signers/UID=https://example.org/profile#me, CN=Joe (Personal)
+ Subject Public Key Info:
+<span style="color: red;"> Public Key Algorithm:</span> rsaEncryption
+ <span style="color: red;">Public-Key:</span> (2048 bit)
+ <span style="color: red;">Modulus:</span>
+ 00:cb:24:ed:85:d6:4d:79:4b:69:c7:01:c1:86:ac:
+ c0:59:50:1e:85:60:00:f6:61:c9:32:04:d8:38:0e:
+ 07:19:1c:5c:8b:36:8d:2a:c3:2a:42:8a:cb:97:03:
+ 98:66:43:68:dc:2a:86:73:20:22:0f:75:5e:99:ca:
+ 2e:ec:da:e6:2e:8d:15:fb:58:e1:b7:6a:e5:9c:b7:
+ ac:e8:83:83:94:d5:9e:72:50:b4:49:17:6e:51:a4:
+ 94:95:1a:1c:36:6c:62:17:d8:76:8d:68:2d:de:78:
+ dd:4d:55:e6:13:f8:83:9c:f2:75:d4:c8:40:37:43:
+ e7:86:26:01:f3:c4:9a:63:66:e1:2b:b8:f4:98:26:
+ 2c:3c:77:de:19:bc:e4:0b:32:f8:9a:e6:2c:37:80:
+ f5:b6:27:5b:e3:37:e2:b3:15:3a:e2:ba:72:a9:97:
+ 5a:e7:1a:b7:24:64:94:97:06:6b:66:0f:cf:77:4b:
+ 75:43:d9:80:95:2d:2e:85:86:20:0e:da:41:58:b0:
+ 14:e7:54:65:d9:1e:cf:93:ef:c7:ac:17:0c:11:fc:
+ 72:46:fc:6d:ed:79:c3:77:80:00:0a:c4:e0:79:f6:
+ 71:fd:4f:20:7a:d7:70:80:9e:0e:2d:7b:0e:f5:49:
+ 3b:ef:e7:35:44:d8:e1:be:3d:dd:b5:24:55:c6:13:
+ 91:a1
+ <span style="color: red;">Exponent:</span> 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints: critical
+ CA:FALSE
+ X509v3 Key Usage: critical
+ Digital Signature, Non Repudiation, Key Encipherment, Key Agreement, Certificate Sign
+ Netscape Cert Type:
+ SSL Client, S/MIME
+ X509v3 Subject Key Identifier:
+ 08:8E:A5:5B:AE:5D:C3:8B:00:B7:30:62:65:2A:5A:F5:D2:E9:00:FA
+ <span style="color: red;">X509v3 Subject Alternative Name:</span> critical
+ <span style="color: red;">URI:</span>https://joe.example/profile#me
+ Signature Algorithm: sha1WithRSAEncryption
+ cf:8c:f8:7b:b2:af:63:f0:0e:dc:64:22:e5:8a:ba:03:1e:f1:
+ ee:6f:2c:f5:f5:10:ad:4c:54:fc:49:2b:e1:0d:cd:be:3d:7c:
+ 78:66:c8:ae:42:9d:75:9f:2c:29:71:91:5c:29:5b:96:ea:e1:
+ e4:ef:0e:5c:f7:07:a0:1e:9c:bf:50:ca:21:e6:6c:c3:df:64:
+ 29:6b:d3:8a:bd:49:e8:72:39:dd:07:07:94:ac:d5:ec:85:b1:
+ a0:5c:c0:08:d3:28:2a:e6:be:ad:88:5e:2a:40:64:59:e7:f2:
+ 45:0c:b9:48:c0:fd:ac:bc:fb:1b:c9:e0:1c:01:18:5e:44:bb:
+ d8:b8
+</pre>
+
+<p class="issue">Should we formally require the Issuer to be
+ O=FOAF+SSL, OU=The Community of Self Signers, CN=Not a Certification Authority. This was discussed on the list as allowing servers to distinguish certificates that are foaf+Ssl enabled from others. Will probably need some very deep TLS thinking to get this right.</p>
+<p class="issue">discuss the importance for UIs of the CN</p>
+</div>
+
+
+<div class="normative section" id="publishing-the-webid-profile-document" typeof="bibo:Chapter" about="#publishing-the-webid-profile-document">
+<h3><span class="secno">2.3 </span>Publishing the WebID Profile Document</h3>
+
+<p>The <a class="tref internalDFN" title="WebID_Profile" href="#dfn-webid_profile">WebID Profile</a> document <em class="rfc2119" title="must">must</em> expose the relation between the
+<a class="tref internalDFN" title="WebID_URI" href="#dfn-webid_uri">WebID URI</a> and the <a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent">Identification Agent</a>'s <a class="tref internalDFN" title="public_key" href="#dfn-public_key">public key</a>s
+using the <code>cert</code> and <code>rsa</code> ontologies, as well as the
+<code>cert</code> or <code>xsd</code> datatypes. The set of relations to be
+published at the <a class="tref internalDFN" title="WebID_Profile" href="#dfn-webid_profile">WebID Profile</a> document can be presented in a
+graphical notation as follows.</p>
+<img src="drafts/ED-webid-20100809/img/WebIdGraph.jpg" alt="Web ID graph" />
+<p>The document can publish many more relations than are of interest to the WebID protocol, as shown in the above graph by the grayed out relations.</p>
+<p>The encoding of this graph is immaterial to the protocol, so long as a well known mapping to the format of the representation to such a graph can be found. Below we discuss the most well known formats, and a method for dealing with new unknown formats as they come along.</p>
+<p>The WebID provider must publish the graph of relations in one of the well known formats, though he may publish it in a number of formats to increase the useabulity of his site using Content Negotations.</p>
+<p class="issue">Add content negoatiation pointers</p>
+<p>It is particularly useful to have one of the representations be in HTML or XHTML even if it is not marked up in RDFa as this allows people using a web browser to understand what the information at that URI represents.</p>
+<div class="normative section" id="turtle" typeof="bibo:Chapter" about="#turtle">
+<h4><span class="secno">2.3.1 </span>Turtle</h4>
+<p>A widely used format for writing RDF graphs is the Turtle notation. </p>
+<p class="example">
+</p><pre>
+ @prefix cert: <http://www.w3.org/ns/auth/cert#> .
+ @prefix rsa: <http://www.w3.org/ns/auth/rsa#> .
+ @prefix foaf: <http://xmlns.com/foaf/0.1/> .
+ @prefix : <https://joe.example/profile#> .
+
+ :me a foaf:Person;
+ foaf:name "Joe" .
+
+ [] a rsa:RSAPublicKey;
+ rsa:modulus """
+ 00:cb:24:ed:85:d6:4d:79:4b:69:c7:01:c1:86:ac:
+ c0:59:50:1e:85:60:00:f6:61:c9:32:04:d8:38:0e:
+ 07:19:1c:5c:8b:36:8d:2a:c3:2a:42:8a:cb:97:03:
+ 98:66:43:68:dc:2a:86:73:20:22:0f:75:5e:99:ca:
+ 2e:ec:da:e6:2e:8d:15:fb:58:e1:b7:6a:e5:9c:b7:
+ ac:e8:83:83:94:d5:9e:72:50:b4:49:17:6e:51:a4:
+ 94:95:1a:1c:36:6c:62:17:d8:76:8d:68:2d:de:78:
+ dd:4d:55:e6:13:f8:83:9c:f2:75:d4:c8:40:37:43:
+ e7:86:26:01:f3:c4:9a:63:66:e1:2b:b8:f4:98:26:
+ 2c:3c:77:de:19:bc:e4:0b:32:f8:9a:e6:2c:37:80:
+ f5:b6:27:5b:e3:37:e2:b3:15:3a:e2:ba:72:a9:97:
+ 5a:e7:1a:b7:24:64:94:97:06:6b:66:0f:cf:77:4b:
+ 75:43:d9:80:95:2d:2e:85:86:20:0e:da:41:58:b0:
+ 14:e7:54:65:d9:1e:cf:93:ef:c7:ac:17:0c:11:fc:
+ 72:46:fc:6d:ed:79:c3:77:80:00:0a:c4:e0:79:f6:
+ 71:fd:4f:20:7a:d7:70:80:9e:0e:2d:7b:0e:f5:49:
+ 3b:ef:e7:35:44:d8:e1:be:3d:dd:b5:24:55:c6:13:
+ 91:a1
+ """^^cert:hex;
+ rsa:public_exponent "65537"^^cert:int;
+ cert:identity :me .
+</pre>
+
+</div>
+<div id="rdfa-html-notation" typeof="bibo:Chapter" about="#rdfa-html-notation" class="section">
+<h4><span class="secno">2.3.2 </span>RDFa HTML notation</h4>
+<p>There are many ways of writing out the above graph using RDFa in
+html. Here is just one example.</p>
+<p class="example">
+</p><pre>
+<html xmlns="http://www.w3.org/1999/xhtml"
+ xmlns:cert="http://www.w3.org/ns/auth/cert#"
+ xmlns:foaf="http://xmlns.com/foaf/0.1/"
+ xmlns:owl="http://www.w3.org/2002/07/owl#"
+ xmlns:rsa="http://www.w3.org/ns/auth/rsa#"
+ xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#">
+<head>
+</head>
+<body>
+<h2>My RSA Public Key</h2>
+
+ <dl typeof="rsa:RSAPublicKey">
+ <dt>WebId</dt><dd href="#me" rel="cert:identity">http://joe.example/profile#me</dd>
+ <dt>Modulus (hexadecimal)</dt>
+ <dd property="rsa:modulus" datatype="cert:hex">
+ 00:cb:24:ed:85:d6:4d:79:4b:69:c7:01:c1:86:ac:
+ c0:59:50:1e:85:60:00:f6:61:c9:32:04:d8:38:0e:
+ 07:19:1c:5c:8b:36:8d:2a:c3:2a:42:8a:cb:97:03:
+ 98:66:43:68:dc:2a:86:73:20:22:0f:75:5e:99:ca:
+ 2e:ec:da:e6:2e:8d:15:fb:58:e1:b7:6a:e5:9c:b7:
+ ac:e8:83:83:94:d5:9e:72:50:b4:49:17:6e:51:a4:
+ 94:95:1a:1c:36:6c:62:17:d8:76:8d:68:2d:de:78:
+ dd:4d:55:e6:13:f8:83:9c:f2:75:d4:c8:40:37:43:
+ e7:86:26:01:f3:c4:9a:63:66:e1:2b:b8:f4:98:26:
+ 2c:3c:77:de:19:bc:e4:0b:32:f8:9a:e6:2c:37:80:
+ f5:b6:27:5b:e3:37:e2:b3:15:3a:e2:ba:72:a9:97:
+ 5a:e7:1a:b7:24:64:94:97:06:6b:66:0f:cf:77:4b:
+ 75:43:d9:80:95:2d:2e:85:86:20:0e:da:41:58:b0:
+ 14:e7:54:65:d9:1e:cf:93:ef:c7:ac:17:0c:11:fc:
+ 72:46:fc:6d:ed:79:c3:77:80:00:0a:c4:e0:79:f6:
+ 71:fd:4f:20:7a:d7:70:80:9e:0e:2d:7b:0e:f5:49:
+ 3b:ef:e7:35:44:d8:e1:be:3d:dd:b5:24:55:c6:13:
+ 91:a1
+ </dd>
+ <dt>Exponent (decimal)</dt>
+ <dd property="rsa:public_exponent" datatype="cert:int">65537</dd>
+ </dl>
+</body>
+</html>
+</pre>
+
+<p>If a WebId provider would rather prefer not to mark up his data in RDFa, but just provide a human readable format for users and have the RDF graph appear in a machine readable format such as RDF/XML then he should publish the link from the HTML to the machine readable format as follows:</p>
+ <p class="example">
+</p><pre>
+<html>
+<head>
+<link type="rel" type="application/rdf+xml" href="profile.rdf"/>
+</head>
+<body> ... </body>
+</html>
+</pre>
+
+</div>
+<div id="in-rdf-xml" typeof="bibo:Chapter" about="#in-rdf-xml" class="section">
+<h4><span class="secno">2.3.3 </span>In RDF/XML</h4>
+<p>RDF/XML is easy to generate automatically from structured data, be it in object notiation or in relational databases. Parsers for it are also widely available.</p>
+<p class="issue">TODO: the dsa ontology</p>
+</div>
+<div id="in-portable-contacts-format-using-grddl" typeof="bibo:Chapter" about="#in-portable-contacts-format-using-grddl" class="section">
+<h4><span class="secno">2.3.4 </span>In Portable Contacts format using GRDDL</h4>
+<p class="issue">TODO: discuss other formats and GRDDL, XSPARQL options for xml formats</p>
+ <p class="issue">summarize and point to content negotiation documents</p>
+</div>
+</div>
+</div>
+
+<div class="normative section" id="the-webid-protocol" typeof="bibo:Chapter" about="#the-webid-protocol">
+
+<!-- OddPage -->
+<h2><span class="secno">3. </span>The WebID Protocol</h2>
+
+<div class="normative section" id="authentication-sequence" typeof="bibo:Chapter" about="#authentication-sequence">
+<h3><span class="secno">3.1 </span>Authentication Sequence</h3>
+
+<p>The following steps are executed by <a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">Verification Agent</a>s and
+<a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent">Identification Agent</a>s to determine the global identity of the
+requesting agent. Once this is known, the identity can be used to determine
+if access should be granted to the requested resource.
+</p>
+
+<ol>
+<li>The <a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent">Identification Agent</a> attempts to access a resource
+using HTTP over TLS [<cite><a class="bibref" rel="biblioentry" href="#bib-HTTP-TLS">HTTP-TLS</a></cite>] via the <a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">Verification Agent</a>.</li>
+
+<li>The <a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">Verification Agent</a> <em class="rfc2119" title="must">must</em> request the
+<a class="tref internalDFN" title="Identification_Certificate" href="#dfn-identification_certificate">Identification Certificate</a> of the <a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent">Identification Agent</a>
+as a part of the TLS client-certificate retrieval protocol.</li>
+
+<li>The <a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">Verification Agent</a> <em class="rfc2119" title="must">must</em> extract the <a class="tref internalDFN" title="public_key" href="#dfn-public_key">public key</a> and the
+<a class="tref internalDFN" title="WebID_URI" href="#dfn-webid_uri">WebID URI</a> contained in the <code>Subject Alternative Name</code>
+extension of the <a class="tref internalDFN" title="Identification_Certificate" href="#dfn-identification_certificate">Identification Certificate</a>.
+<p class="issue">There may be more than one URI in the SAN</p></li>
+
+<li>
+The <a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">Verification Agent</a> verifies that the
+<a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent">Identification Agent</a> owns the private key corresponding to the public key sent in the
+<a class="tref internalDFN" title="Identification_Certificate" href="#dfn-identification_certificate">Identification Certificate</a>. This <em class="rfc2119" title="should">should</em> be fulfilled by performing TLS mutual-authentication
+between the <a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">Verification Agent</a> and the
+<a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent">Identification Agent</a>.
+If the <a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">Verification Agent</a> does not have access to the TLS layer,
+a digital signature challenge <em class="rfc2119" title="may">may</em> be provided by the
+<a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">Verification Agent</a>. These processes are detailed in the section
+on
+<a href="#secure-communication">Secure Communication</a>.
+<p class="issue">We don't have any implementations for this second way of doing
+things, so this is still hypothetical. Implementations using TLS mutual-authentication are many</p>
+</li>
+
+<li>The meaning of the
+<a class="tref internalDFN" title="WebID_URI" href="#dfn-webid_uri">WebID URI</a> is a graph of relations that is fetched by the <a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">Verification Agent</a>
+either by dereferencing the <a class="tref internalDFN" title="WebID_URI" href="#dfn-webid_uri">WebID URI</a> and
+extracting RDF data from the resulting document, or by utilizing a cached
+version of the RDF data contained in the document or other data source that is
+up-to-date and trusted by the <a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">Verification Agent</a>. The processing
+ mechanism is further detailed in the sections titled
+<a href="#processing-the-webid-profile">Processing the WebID Profile</a>
+</li>
+
+<li>If the <a class="tref internalDFN" title="public_key" href="#dfn-public_key">public key</a> in the
+<a class="tref internalDFN" title="Identification_Certificate" href="#dfn-identification_certificate">Identification Certificate</a> matches one in the set given by the
+profile document graph given above then the <a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">Verification Agent</a>
+knows that the <a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent">Identification Agent</a> is indeed identified by the
+<a class="tref internalDFN" title="WebID_URI" href="#dfn-webid_uri">WebID URI</a>. The verification is done by querying the
+Personal Profile graph as specified in <a href="#extracting-webid-uri-details">querying the RDF graph</a>.</li>
+</ol>
+
+<p>
+The <a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent">Identification Agent</a> <em class="rfc2119" title="may">may</em> re-establish a different identity at
+any time by executing all of the steps in the Authentication Sequence again.
+Additional algorithms, detailed in the next section, <em class="rfc2119" title="may">may</em> be performed to
+determine if the <a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">Verification Agent</a> can access a particular
+resource after the last step of the Authentication Sequence has been
+completed.
+</p>
+
+</div>
+
+<div class="normative section" id="authentication-sequence-details" typeof="bibo:Chapter" about="#authentication-sequence-details">
+<h3><span class="secno">3.2 </span>Authentication Sequence Details</h3>
+
+<p>This section covers details about each step in the authentication process.
+</p>
+
+<div class="normative section" id="initiating-a-tls-connection" typeof="bibo:Chapter" about="#initiating-a-tls-connection">
+<h4><span class="secno">3.2.1 </span>Initiating a TLS Connection</h4>
+
+<p class="issue">This section will detail how the TLS connection process is
+started and used by WebID to create a secure channel between the
+Identification Agent and the Verification Agent.</p>
+</div>
+
+<div class="normative section" id="exchanging-the-identification-certificate" typeof="bibo:Chapter" about="#exchanging-the-identification-certificate">
+<h4><span class="secno">3.2.2 </span>Exchanging the Identification Certificate</h4>
+
+<p class="issue">This section will detail how the certificate is selected and
+sent to the Verification Agent.</p>
+</div>
+
+<div class="normative section" id="processing-the-webid-profile" typeof="bibo:Chapter" about="#processing-the-webid-profile">
+<h4><span class="secno">3.2.3 </span>Processing the WebID Profile</h4>
+
+<p>A <a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">Verification Agent</a> <em class="rfc2119" title="must">must</em> be able to process documents in RDF/XML
+[<cite><a class="bibref" rel="biblioentry" href="#bib-RDF-SYNTAX-GRAMMAR">RDF-SYNTAX-GRAMMAR</a></cite>] and XHTML+RDFa [<cite><a class="bibref" rel="biblioentry" href="#bib-XHTML-RDFA">XHTML-RDFA</a></cite>]. A server responding to
+a <a class="tref internalDFN" title="WebID_Profile" href="#dfn-webid_profile">WebID Profile</a> request <em class="rfc2119" title="should">should</em> be able to deliver at least RDF/XML
+or RDFa. The <a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">Verification Agent</a> <em class="rfc2119" title="must">must</em> set the Accept-Header to request
+<code>application/rdf+xml</code> with a higher priority than <code>text/html</code>
+and <code>application/xhtml+xml</code>. If the server answers such a request
+with an HTML representation of the resource, this <em class="rfc2119" title="should">should</em> describe the WebId Profile
+with RDFa.
+</p>
+
+<p class="issue">This section will explain how a Verification Agent extracts
+semantic data describing the identification credentials from a WebID Profile.</p>
+</div>
+
+<div class="normative section" id="verifying-the-webid-is-identified-by-that-public-key" typeof="bibo:Chapter" about="#verifying-the-webid-is-identified-by-that-public-key">
+<h4><span class="secno">3.2.4 </span>Verifying the WebID is identified by that public key</h4>
+
+<p>
+The <a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">Verification Agent</a> must check that the <a class="tref internalDFN" title="WebID_Profile" href="#dfn-webid_profile">WebID Profile</a> associates the WebID with the public key given in the X.509 Certificate. There are number of ways of doing this, each of which essentially consists in checking that the graph of relations in the Profile contain a pattern of relations.
+</p>
+<p>Assuming the public key is an RSA key, and that its modulus is
+ "9D79BFE2498..." and exponent "65537" then the query to ask the graph is
+</p>
+<pre class="example">
+PREFIX cert: <http://www.w3.org/ns/auth/cert#>
+PREFIX rsa: <http://www.w3.org/ns/auth/rsa#>
+ASK {
+ [] cert:identity <http://example.org/webid#public>;
+ rsa:modulus "9D79BFE2498..."^^cert:hex;
+ rsa:public_exponent "65537"^^cert:int .
+}</pre>
+<p>If the query returns true, then the graph has validated the associated public key with the WebID.</p>
+<p>The above requires the graph to be able to do inferencing on dataytypes. This is because people may publish their modulus string in a number of syntactical ways. The modulus can be colon seperated, spread over a number of lines, or contain arbitrary non hex characters such as "9D ☮ 79 ☮ BF ☮ E2 ☮ F4 ☮ 98 ☮..." . The datatype itself need not necessarily be expressed in cert:hex, but could use a number of xsd integer datatype notations, cert:int or future base64 notations.
+</p>
+<p class="issue">Should we define the base64 notation?</p>
+<p>If a <a class="tref" title="Verifying_Agent">Verifying Agent</a> does not have access to a literal inferencing engine, then the modulus should be extracted from the graph, normalised into a big integer (integers without an upper bound), and compared with the values given in the public key certificate. After replacing the <code>?webid</code> variable in the following query with the required value the <a class="tref" title="Verifying_Agent">Verifying Agent</a> can query the Profile Graph with</p>
+<pre class="example">
+PREFIX cert: <http://www.w3.org/ns/auth/cert#>
+PREFIX rsa: <http://www.w3.org/ns/auth/rsa#>
+SELECT ?m ?e
+WHERE {
+ [] cert:identity ?webid ;
+ rsa:modulus ?m ;
+ rsa:public_exponent ?e .
+}</pre>
+<p>Here the verification agent must check that one of the answers for ?m and ?e
+matches the integer values of the modulus and exponent given in the public key in the certificate.</p>
+<p class="issue"> The public key could be a DSA key. We need to add an ontology for DSA too. What other cryptographic ontologies should we add?</p>
+
+</div>
+
+<div class="normative section" id="authorization" typeof="bibo:Chapter" about="#authorization">
+<h4><span class="secno">3.2.5 </span>Authorization</h4>
+
+<p class="issue">This section will explain how a Verification Agent may
+use the information discovered via a WebID URI to determine if one should
+be able to access a particular resource. It will explain how a Verification
+Agent can use links to other RDFa documents to build knowledge about the
+given WebID.</p>
+
+</div>
+
+<div class="normative section" id="secure-communication" typeof="bibo:Chapter" about="#secure-communication">
+<h4><span class="secno">3.2.6 </span>Secure Communication</h4>
+
+<p class="issue">This section will explain how an Identification Agent and
+a Verification Agent may communicate securely using a set of verified
+identification credentials.</p>
+
+<p>
+If the <a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">Verification Agent</a> has verified that the
+<a class="tref internalDFN" title="WebID_Profile" href="#dfn-webid_profile">WebID Profile</a> is owned by the <a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent">Identification Agent</a>,
+the <a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">Verification Agent</a> <em class="rfc2119" title="should">should</em> use the verified
+<a class="tref internalDFN" title="public_key" href="#dfn-public_key">public key</a> contained in the <a class="tref internalDFN" title="Identification_Certificate" href="#dfn-identification_certificate">Identification Certificate</a>
+for all TLS-based communication with the <a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent">Identification Agent</a>.
+This ensures that both the <a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">Verification Agent</a> and the
+<a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent">Identification Agent</a>
+are communicating in a secure manner, ensuring cryptographically protected
+privacy for both sides.
+</p>
+
+</div>
+
+</div>
+
+<div class="normative section" id="the-webid-profile" typeof="bibo:Chapter" about="#the-webid-profile">
+<h3><span class="secno">3.3 </span>The WebID Profile</h3>
+
+<p>The <a class="tref internalDFN" title="WebID_Profile" href="#dfn-webid_profile">WebID Profile</a> is a structured document that contains
+identification credentials for the <a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent">Identification Agent</a> expressed
+using the Resource Description Framework [<cite><a class="bibref" rel="biblioentry" href="#bib-RDF-CONCEPTS">RDF-CONCEPTS</a></cite>]. The following
+sections describe how to express certain common properties that could be used
+by <a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">Verification Agent</a>s and other entities that consume a
+<a class="tref internalDFN" title="WebID_Profile" href="#dfn-webid_profile">WebID Profile</a>.</p>
+
+<p>The following vocabularies are used in their shortened form in the
+subsequent sections:</p>
+
+<dl>
+ <dt>foaf</dt>
+ <dd>http://xmlns.com/foaf/0.1/</dd>
+ <dt>cert</dt>
+ <dd>http://www.w3.org/ns/auth/cert#</dd>
+ <dt>rsa</dt>
+ <dd>http://www.w3.org/ns/auth/rsa#</dd>
+</dl>
+
+<div class="normative section" id="personal-information" typeof="bibo:Chapter" about="#personal-information">
+<h4><span class="secno">3.3.1 </span>Personal Information</h4>
+
+<p>Personal details are the most common requirement when registering an
+account with a website. Some of these pieces of information include an e-mail
+address, a name and perhaps an avatar image. This section includes
+properties that <em class="rfc2119" title="should">should</em> be used when conveying key pieces of personal
+information but are <em class="rfc2119" title="not required">not required</em> to be present in a <a class="tref internalDFN" title="WebID_Profile" href="#dfn-webid_profile">WebID Profile</a>:</p>
+
+<dl>
+ <dt>foaf:mbox</dt>
+ <dd>The e-mail address that is associated with the WebID URI.</dd>
+ <dt>foaf:name</dt>
+ <dd>The name that is most commonly used to refer to the individual
+ or agent.</dd>
+ <dt>foaf:depiction</dt>
+ <dd>An image representation of the individual or agent.</dd>
+</dl>
+</div>
+
+<div class="normative section" id="cryptographic-details" typeof="bibo:Chapter" about="#cryptographic-details">
+<h4><span class="secno">3.3.2 </span>Cryptographic Details</h4>
+
+<p>Cryptographic details are important when <a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">Verification Agent</a>s
+and <a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent">Identification Agent</a>s interact. The following properties
+<em class="rfc2119" title="should">should</em> be used when conveying cryptographic information in <a class="tref internalDFN" title="WebID_Profile" href="#dfn-webid_profile">WebID Profile</a>
+documents:</p>
+
+<dl>
+ <dt>rsa:RSAPublicKey</dt>
+ <dd>Expresses an RSA public key. The RSAPublicKey <em class="rfc2119" title="must">must</em> specify the
+ rsa:modulus and rsa:public_exponent properties.</dd>
+ <dt>cert:identity</dt>
+ <dd>Used to associate an RSAPublicKey with a WebID URI. A WebID Profile
+ <em class="rfc2119" title="must">must</em> contain at least one RSAPublicKey that is associated with the
+ corresponding WebID URI.</dd>
+</dl>
+</div>
+
+</div>
+
+</div>
+
+<div id="history" class="appendix informative section" typeof="bibo:Chapter" about="#history">
+
+<!-- OddPage -->
+<h2><span class="secno">A. </span>Change History</h2><p><em>This section is non-normative.</em></p>
+<p><a href="">2010-08-09</a> Updates from WebID community: moved OpenID/OAuth sections to separate document, switched to the URI terminology instead of URL, added "Creating the certificate" and "Publishing the WebID Profile document" sections with a WebID graph and serializations in Turtle and RDFa, improved SPARQL queries using literal notation with cert datatypes, updated list of contributors, and many other fixes.</p>
+<p><a href="http://github.com/msporny/webid-spec/commit/b19d2812901b4511fdf9876c1be53bb36ee3201e">2010-07-25</a> Added WebID Profile section.</p>
+<p><a href="http://github.com/msporny/webid-spec/commit/211d197510ca119c21ae48f3e5aa3f931ea88672">2010-07-18</a> Updates from WebID community related to RDF/XML support, authentication sequence corrections, abstract and introduction updates.</p>
+<p><a href="http://github.com/msporny/webid-spec/commit/a54dee9c242b08edaac617d678215b389dd3556d">2010-07-11</a> Initial version.</p>
+</div>
+
+<div id="acknowledgements" class="informative section" typeof="bibo:Chapter" about="#acknowledgements">
+
+<!-- OddPage -->
+<h2><span class="secno">B. </span>Acknowledgments</h2><p><em>This section is non-normative.</em></p>
+
+<p>The following people have been instrumental in providing thoughts, feedback,
+reviews, criticism and input in the creation of this specification:</p>
+
+<ul>
+<li>Melvin Carvalho</li>
+<li>Bruno Harbulot</li>
+<li>Toby Inkster</li>
+<li>Ian Jacobi</li>
+<li>Jeff Sayre</li>
+<li>Henry Story</li>
+<li>Kingsley Idehen, OpenLink Software</li>
+<li>Seth Russell</li>
+<li>Sarven Capadisli</li>
+<li>Nathan Rixham</li>
+</ul>
+
+</div>
+ <div id="references" class="appendix section" typeof="bibo:Chapter" about="#references">
+<!-- OddPage -->
+<h2><span class="secno">C. </span>References</h2><div id="normative-references" typeof="bibo:Chapter" about="#normative-references" class="section"><h3><span class="secno">C.1 </span>Normative references</h3><dl class="bibliography" about=""><dt id="bib-HTTP-TLS">[HTTP-TLS]</dt><dd rel="dcterms:requires">E. Rescorla. <a href="http://www.ietf.org/rfc/rfc2818.txt"><cite>HTTP Over TLS.</cite></a> May 2000. Internet RFC 2818. URL: <a href="http://www.ietf.org/rfc/rfc2818.txt">http://www.ietf.org/rfc/rfc2818.txt</a>
+</dd><dt id="bib-N3">[N3]</dt><dd rel="dcterms:requires">Tim Berners-Lee; Dan Connolly. <a href="http://www.w3.org/TeamSubmission/2008/SUBM-n3-20080114/"><cite>Notation3 (N3): A readable RDF syntax.</cite></a> 14 January 2008. W3C Team Submission. URL: <a href="http://www.w3.org/TeamSubmission/2008/SUBM-n3-20080114/">http://www.w3.org/TeamSubmission/2008/SUBM-n3-20080114/</a>
+</dd><dt id="bib-RDF-PRIMER">[RDF-PRIMER]</dt><dd rel="dcterms:requires">Frank Manola; Eric Miller. <a href="http://www.w3.org/TR/2004/REC-rdf-primer-20040210/"><cite>RDF Primer.</cite></a> 10 February 2004. W3C Recommendation. URL: <a href="http://www.w3.org/TR/2004/REC-rdf-primer-20040210/">http://www.w3.org/TR/2004/REC-rdf-primer-20040210/</a>
+</dd><dt id="bib-RDF-SYNTAX-GRAMMAR">[RDF-SYNTAX-GRAMMAR]</dt><dd rel="dcterms:requires">Dave Beckett. <a href="http://www.w3.org/TR/2004/REC-rdf-syntax-grammar-20040210"><cite>RDF/XML Syntax Specification (Revised).</cite></a> 10 February 2004. W3C Recommendation. URL: <a href="http://www.w3.org/TR/2004/REC-rdf-syntax-grammar-20040210">http://www.w3.org/TR/2004/REC-rdf-syntax-grammar-20040210</a>
+</dd><dt id="bib-RDFA-CORE">[RDFA-CORE]</dt><dd rel="dcterms:requires">Shane McCarron; et al. <a href="http://www.w3.org/TR/2010/WD-rdfa-core-20100803"><cite>RDFa Core 1.1: Syntax and processing rules for embedding RDF through attributes.</cite></a>3 August 2010. W3C Working Draft. URL: <a href="http://www.w3.org/TR/2010/WD-rdfa-core-20100803">http://www.w3.org/TR/2010/WD-rdfa-core-20100803</a>
+</dd><dt id="bib-TURTLE">[TURTLE]</dt><dd rel="dcterms:requires">David Beckett, Tim Berners-Lee. <a href="http://www.w3.org/TeamSubmission/turtle/">Turtle: Terse RDF Triple Language</a> January 2008. W3C Team Submission. URL: <a href="http://www.w3.org/TeamSubmission/turtle/">http://www.w3.org/TeamSubmission/turtle/</a>
+</dd><dt id="bib-X509V3">[X509V3]</dt><dd rel="dcterms:requires"><cite>ITU-T Recommendation X.509 version 3 (1997). "Information Technology - Open Systems Interconnection - The Directory Authentication Framework" ISO/IEC 9594-8:1997</cite>.
+</dd><dt id="bib-XHTML-RDFA">[XHTML-RDFA]</dt><dd rel="dcterms:requires">Shane McCarron; et. al. <a href="http://www.w3.org/TR/2010/WD-xhtml-rdfa-20100803"><cite>XHTML+RDFa 1.1.</cite></a> 3 August 2010. W3C Working Draft. URL: <a href="http://www.w3.org/TR/2010/WD-xhtml-rdfa-20100803">http://www.w3.org/TR/WD-xhtml-rdfa-20100803</a>
+</dd></dl></div><div id="informative-references" typeof="bibo:Chapter" about="#informative-references" class="section"><h3><span class="secno">C.2 </span>Informative references</h3><dl class="bibliography" about=""><dt id="bib-RDF-CONCEPTS">[RDF-CONCEPTS]</dt><dd rel="dcterms:references">Graham Klyne; Jeremy J. Carroll. <a href="http://www.w3.org/TR/2004/REC-rdf-concepts-20040210"><cite>Resource Description Framework (RDF): Concepts and Abstract Syntax.</cite></a> 10 February 2004. W3C Recommendation. URL: <a href="http://www.w3.org/TR/2004/REC-rdf-concepts-20040210">http://www.w3.org/TR/2004/REC-rdf-concepts-20040210</a>
+</dd></dl></div></div></body></html>
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/spec/img/WebIdGraph.graffle Wed Feb 02 17:27:40 2011 -0500
@@ -0,0 +1,3839 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+ <key>ActiveLayerIndex</key>
+ <integer>0</integer>
+ <key>ApplicationVersion</key>
+ <array>
+ <string>com.omnigroup.OmniGrafflePro</string>
+ <string>138.17.0.133677</string>
+ </array>
+ <key>AutoAdjust</key>
+ <true/>
+ <key>BackgroundGraphic</key>
+ <dict>
+ <key>Bounds</key>
+ <string>{{0, 0}, {559, 783}}</string>
+ <key>Class</key>
+ <string>SolidGraphic</string>
+ <key>ID</key>
+ <integer>2</integer>
+ <key>Style</key>
+ <dict>
+ <key>shadow</key>
+ <dict>
+ <key>Draws</key>
+ <string>NO</string>
+ </dict>
+ <key>stroke</key>
+ <dict>
+ <key>Draws</key>
+ <string>NO</string>
+ </dict>
+ </dict>
+ </dict>
+ <key>CanvasOrigin</key>
+ <string>{0, 0}</string>
+ <key>ColumnAlign</key>
+ <integer>1</integer>
+ <key>ColumnSpacing</key>
+ <real>36</real>
+ <key>CreationDate</key>
+ <string>2010-08-07 16:48:58 +0200</string>
+ <key>Creator</key>
+ <string>Henry Story</string>
+ <key>DisplayScale</key>
+ <string>1.000 cm = 1.000 cm</string>
+ <key>GraphDocumentVersion</key>
+ <integer>6</integer>
+ <key>GraphicsList</key>
+ <array>
+ <dict>
+ <key>Bounds</key>
+ <string>{{192.59, 185.387}, {57, 24}}</string>
+ <key>Class</key>
+ <string>ShapedGraphic</string>
+ <key>FitText</key>
+ <string>YES</string>
+ <key>Flow</key>
+ <string>Resize</string>
+ <key>FontInfo</key>
+ <dict>
+ <key>Color</key>
+ <dict>
+ <key>w</key>
+ <string>0</string>
+ </dict>
+ <key>Font</key>
+ <string>Helvetica</string>
+ <key>Size</key>
+ <real>12</real>
+ </dict>
+ <key>ID</key>
+ <integer>54</integer>
+ <key>Line</key>
+ <dict>
+ <key>ID</key>
+ <integer>52</integer>
+ <key>Position</key>
+ <real>0.48328354954719543</real>
+ <key>RotationType</key>
+ <integer>0</integer>
+ </dict>
+ <key>Shape</key>
+ <string>Rectangle</string>
+ <key>Style</key>
+ <dict>
+ <key>shadow</key>
+ <dict>
+ <key>Draws</key>
+ <string>NO</string>
+ </dict>
+ <key>stroke</key>
+ <dict>
+ <key>Draws</key>
+ <string>NO</string>
+ </dict>
+ </dict>
+ <key>Text</key>
+ <dict>
+ <key>Text</key>
+ <string>{\rtf1\ansi\ansicpg1252\cocoartf1038\cocoasubrtf320
+{\fonttbl\f0\fswiss\fcharset0 Helvetica;}
+{\colortbl;\red255\green255\blue255;\red102\green102\blue102;}
+\pard\tx560\tx1120\tx1680\tx2240\tx2800\tx3360\tx3920\tx4480\tx5040\tx5600\tx6160\tx6720\qc\pardirnatural
+
+\f0\fs24 \cf2 foaf:blog}</string>
+ </dict>
+ <key>Wrap</key>
+ <string>NO</string>
+ </dict>
+ <dict>
+ <key>Bounds</key>
+ <string>{{331.633, 207}, {144, 24}}</string>
+ <key>Class</key>
+ <string>ShapedGraphic</string>
+ <key>ID</key>
+ <integer>53</integer>
+ <key>Magnets</key>
+ <array>
+ <string>{0, 1}</string>
+ <string>{0, -1}</string>
+ <string>{1, 0}</string>
+ <string>{-1, 0}</string>
+ <string>{1, 1}</string>
+ <string>{1, -1}</string>
+ <string>{-1, 1}</string>
+ <string>{-1, -1}</string>
+ </array>
+ <key>Shape</key>
+ <string>Rectangle</string>
+ <key>Style</key>
+ <dict>
+ <key>stroke</key>
+ <dict>
+ <key>Color</key>
+ <dict>
+ <key>b</key>
+ <string>0.8</string>
+ <key>g</key>
+ <string>0.8</string>
+ <key>r</key>
+ <string>0.8</string>
+ </dict>
+ <key>CornerRadius</key>
+ <real>4</real>
+ </dict>
+ </dict>
+ <key>Text</key>
+ <dict>
+ <key>Text</key>
+ <string>{\rtf1\ansi\ansicpg1252\cocoartf1038\cocoasubrtf320
+{\fonttbl\f0\fswiss\fcharset0 Helvetica;}
+{\colortbl;\red255\green255\blue255;\red102\green102\blue102;}
+\pard\tx560\tx1120\tx1680\tx2240\tx2800\tx3360\tx3920\tx4480\tx5040\tx5600\tx6160\tx6720\qc\pardirnatural
+
+\f0\fs24 \cf2 http://joe.example/blog}</string>
+ </dict>
+ </dict>
+ <dict>
+ <key>Class</key>
+ <string>LineGraphic</string>
+ <key>Head</key>
+ <dict>
+ <key>ID</key>
+ <integer>53</integer>
+ <key>Info</key>
+ <integer>4</integer>
+ </dict>
+ <key>ID</key>
+ <integer>52</integer>
+ <key>Points</key>
+ <array>
+ <string>{116, 194.975}</string>
+ <string>{195, 193}</string>
+ <string>{287, 213}</string>
+ <string>{331.633, 219}</string>
+ </array>
+ <key>Style</key>
+ <dict>
+ <key>stroke</key>
+ <dict>
+ <key>Color</key>
+ <dict>
+ <key>b</key>
+ <string>0.8</string>
+ <key>g</key>
+ <string>0.8</string>
+ <key>r</key>
+ <string>0.8</string>
+ </dict>
+ <key>HeadArrow</key>
+ <string>FilledArrow</string>
+ <key>LineType</key>
+ <integer>1</integer>
+ <key>TailArrow</key>
+ <string>0</string>
+ </dict>
+ </dict>
+ <key>Tail</key>
+ <dict>
+ <key>ID</key>
+ <integer>30</integer>
+ </dict>
+ </dict>
+ <dict>
+ <key>Bounds</key>
+ <string>{{471, 395}, {57, 18}}</string>
+ <key>Class</key>
+ <string>ShapedGraphic</string>
+ <key>ID</key>
+ <integer>51</integer>
+ <key>Magnets</key>
+ <array>
+ <string>{0, 1}</string>
+ <string>{0, -1}</string>
+ <string>{1, 0}</string>
+ <string>{-1, 0}</string>
+ <string>{1, 1}</string>
+ <string>{1, -1}</string>
+ <string>{-1, 1}</string>
+ <string>{-1, -1}</string>
+ </array>
+ <key>Shape</key>
+ <string>Rectangle</string>
+ <key>Text</key>
+ <dict>
+ <key>Text</key>
+ <string>{\rtf1\ansi\ansicpg1252\cocoartf1038\cocoasubrtf320
+{\fonttbl\f0\fswiss\fcharset0 Helvetica;}
+{\colortbl;\red255\green255\blue255;}
+\pard\tx560\tx1120\tx1680\tx2240\tx2800\tx3360\tx3920\tx4480\tx5040\tx5600\tx6160\tx6720\qc\pardirnatural
+
+\f0\fs24 \cf0 cert:hex}</string>
+ </dict>
+ </dict>
+ <dict>
+ <key>Bounds</key>
+ <string>{{81.9193, 530.02}, {49.9996, 18}}</string>
+ <key>Class</key>
+ <string>ShapedGraphic</string>
+ <key>ID</key>
+ <integer>50</integer>
+ <key>Magnets</key>
+ <array>
+ <string>{0, 1}</string>
+ <string>{0, -1}</string>
+ <string>{1, 0}</string>
+ <string>{-1, 0}</string>
+ <string>{1, 1}</string>
+ <string>{1, -1}</string>
+ <string>{-1, 1}</string>
+ <string>{-1, -1}</string>
+ </array>
+ <key>Shape</key>
+ <string>Rectangle</string>
+ <key>Text</key>
+ <dict>
+ <key>Text</key>
+ <string>{\rtf1\ansi\ansicpg1252\cocoartf1038\cocoasubrtf320
+{\fonttbl\f0\fswiss\fcharset0 Helvetica;}
+{\colortbl;\red255\green255\blue255;}
+\pard\tx560\tx1120\tx1680\tx2240\tx2800\tx3360\tx3920\tx4480\tx5040\tx5600\tx6160\tx6720\qc\pardirnatural
+
+\f0\fs24 \cf0 cert:int}</string>
+ </dict>
+ </dict>
+ <dict>
+ <key>Bounds</key>
+ <string>{{186.674, 140.635}, {64, 24}}</string>
+ <key>Class</key>
+ <string>ShapedGraphic</string>
+ <key>FitText</key>
+ <string>YES</string>
+ <key>Flow</key>
+ <string>Resize</string>
+ <key>FontInfo</key>
+ <dict>
+ <key>Color</key>
+ <dict>
+ <key>w</key>
+ <string>0</string>
+ </dict>
+ <key>Font</key>
+ <string>Helvetica</string>
+ <key>Size</key>
+ <real>12</real>
+ </dict>
+ <key>ID</key>
+ <integer>49</integer>
+ <key>Line</key>
+ <dict>
+ <key>ID</key>
+ <integer>31</integer>
+ <key>Position</key>
+ <real>0.48328354954719543</real>
+ <key>RotationType</key>
+ <integer>0</integer>
+ </dict>
+ <key>Shape</key>
+ <string>Rectangle</string>
+ <key>Style</key>
+ <dict>
+ <key>shadow</key>
+ <dict>
+ <key>Draws</key>
+ <string>NO</string>
+ </dict>
+ <key>stroke</key>
+ <dict>
+ <key>Draws</key>
+ <string>NO</string>
+ </dict>
+ </dict>
+ <key>Text</key>
+ <dict>
+ <key>Text</key>
+ <string>{\rtf1\ansi\ansicpg1252\cocoartf1038\cocoasubrtf320
+{\fonttbl\f0\fswiss\fcharset0 Helvetica;}
+{\colortbl;\red255\green255\blue255;\red102\green102\blue102;}
+\pard\tx560\tx1120\tx1680\tx2240\tx2800\tx3360\tx3920\tx4480\tx5040\tx5600\tx6160\tx6720\qc\pardirnatural
+
+\f0\fs24 \cf2 foaf:name}</string>
+ </dict>
+ <key>Wrap</key>
+ <string>NO</string>
+ </dict>
+ <dict>
+ <key>Bounds</key>
+ <string>{{59.1444, 288.845}, {72, 24}}</string>
+ <key>Class</key>
+ <string>ShapedGraphic</string>
+ <key>FitText</key>
+ <string>YES</string>
+ <key>Flow</key>
+ <string>Resize</string>
+ <key>FontInfo</key>
+ <dict>
+ <key>Color</key>
+ <dict>
+ <key>w</key>
+ <string>0</string>
+ </dict>
+ <key>Font</key>
+ <string>Helvetica</string>
+ <key>Size</key>
+ <real>12</real>
+ </dict>
+ <key>ID</key>
+ <integer>48</integer>
+ <key>Line</key>
+ <dict>
+ <key>ID</key>
+ <integer>47</integer>
+ <key>Position</key>
+ <real>0.42995861172676086</real>
+ <key>RotationType</key>
+ <integer>0</integer>
+ </dict>
+ <key>Shape</key>
+ <string>Rectangle</string>
+ <key>Style</key>
+ <dict>
+ <key>shadow</key>
+ <dict>
+ <key>Draws</key>
+ <string>NO</string>
+ </dict>
+ <key>stroke</key>
+ <dict>
+ <key>Draws</key>
+ <string>NO</string>
+ </dict>
+ </dict>
+ <key>Text</key>
+ <dict>
+ <key>Text</key>
+ <string>{\rtf1\ansi\ansicpg1252\cocoartf1038\cocoasubrtf320
+{\fonttbl\f0\fswiss\fcharset0 Helvetica;}
+{\colortbl;\red255\green255\blue255;}
+\pard\tx560\tx1120\tx1680\tx2240\tx2800\tx3360\tx3920\tx4480\tx5040\tx5600\tx6160\tx6720\qc\pardirnatural
+
+\f0\fs24 \cf0 cert:identity}</string>
+ </dict>
+ <key>Wrap</key>
+ <string>NO</string>
+ </dict>
+ <dict>
+ <key>Class</key>
+ <string>LineGraphic</string>
+ <key>ID</key>
+ <integer>47</integer>
+ <key>Points</key>
+ <array>
+ <string>{96.1582, 339.952}</string>
+ <string>{96.238, 335.109}</string>
+ <string>{93.4898, 249}</string>
+ </array>
+ <key>Style</key>
+ <dict>
+ <key>stroke</key>
+ <dict>
+ <key>HeadArrow</key>
+ <string>FilledArrow</string>
+ <key>LineType</key>
+ <integer>1</integer>
+ <key>TailArrow</key>
+ <string>0</string>
+ </dict>
+ </dict>
+ <key>Tail</key>
+ <dict>
+ <key>ID</key>
+ <integer>33</integer>
+ </dict>
+ </dict>
+ <dict>
+ <key>Bounds</key>
+ <string>{{191.359, 395}, {336.641, 276}}</string>
+ <key>Class</key>
+ <string>ShapedGraphic</string>
+ <key>ID</key>
+ <integer>46</integer>
+ <key>Magnets</key>
+ <array>
+ <string>{0, 1}</string>
+ <string>{0, -1}</string>
+ <string>{1, 0}</string>
+ <string>{-1, 0}</string>
+ <string>{1, 1}</string>
+ <string>{1, -1}</string>
+ <string>{-1, 1}</string>
+ <string>{-1, -1}</string>
+ </array>
+ <key>Shape</key>
+ <string>Rectangle</string>
+ <key>Style</key>
+ <dict/>
+ <key>Text</key>
+ <dict>
+ <key>Align</key>
+ <integer>0</integer>
+ <key>Text</key>
+ <string>{\rtf1\ansi\ansicpg1252\cocoartf1038\cocoasubrtf320
+{\fonttbl\f0\fmodern\fcharset0 Courier;}
+{\colortbl;\red255\green255\blue255;}
+\deftab720
+\pard\pardeftab720\ql\qnatural
+
+\f0\fs24 \cf0 00:cb:24:ed:85:d6:4d:79:4b:69:c7:01:c1:86:ac:\
+c0:59:50:1e:85:60:00:f6:61:c9:32:04:d8:38:0e:\
+07:19:1c:5c:8b:36:8d:2a:c3:2a:42:8a:cb:97:03:\
+98:66:43:68:dc:2a:86:73:20:22:0f:75:5e:99:ca:\
+2e:ec:da:e6:2e:8d:15:fb:58:e1:b7:6a:e5:9c:b7:\
+ac:e8:83:83:94:d5:9e:72:50:b4:49:17:6e:51:a4:\
+94:95:1a:1c:36:6c:62:17:d8:76:8d:68:2d:de:78:\
+dd:4d:55:e6:13:f8:83:9c:f2:75:d4:c8:40:37:43:\
+e7:86:26:01:f3:c4:9a:63:66:e1:2b:b8:f4:98:26:\
+2c:3c:77:de:19:bc:e4:0b:32:f8:9a:e6:2c:37:80:\
+f5:b6:27:5b:e3:37:e2:b3:15:3a:e2:ba:72:a9:97:\
+5a:e7:1a:b7:24:64:94:97:06:6b:66:0f:cf:77:4b:\
+75:43:d9:80:95:2d:2e:85:86:20:0e:da:41:58:b0:\
+14:e7:54:65:d9:1e:cf:93:ef:c7:ac:17:0c:11:fc:\
+72:46:fc:6d:ed:79:c3:77:80:00:0a:c4:e0:79:f6:\
+71:fd:4f:20:7a:d7:70:80:9e:0e:2d:7b:0e:f5:49:\
+3b:ef:e7:35:44:d8:e1:be:3d:dd:b5:24:55:c6:13:\
+91:a1}</string>
+ </dict>
+ <key>TextPlacement</key>
+ <integer>2</integer>
+ </dict>
+ <dict>
+ <key>Bounds</key>
+ <string>{{188.776, 344.446}, {76, 24}}</string>
+ <key>Class</key>
+ <string>ShapedGraphic</string>
+ <key>FitText</key>
+ <string>YES</string>
+ <key>Flow</key>
+ <string>Resize</string>
+ <key>FontInfo</key>
+ <dict>
+ <key>Color</key>
+ <dict>
+ <key>w</key>
+ <string>0</string>
+ </dict>
+ <key>Font</key>
+ <string>Helvetica</string>
+ <key>Size</key>
+ <real>12</real>
+ </dict>
+ <key>ID</key>
+ <integer>45</integer>
+ <key>Line</key>
+ <dict>
+ <key>ID</key>
+ <integer>44</integer>
+ <key>Position</key>
+ <real>0.42995861172676086</real>
+ <key>RotationType</key>
+ <integer>0</integer>
+ </dict>
+ <key>Shape</key>
+ <string>Rectangle</string>
+ <key>Style</key>
+ <dict>
+ <key>shadow</key>
+ <dict>
+ <key>Draws</key>
+ <string>NO</string>
+ </dict>
+ <key>stroke</key>
+ <dict>
+ <key>Draws</key>
+ <string>NO</string>
+ </dict>
+ </dict>
+ <key>Text</key>
+ <dict>
+ <key>Text</key>
+ <string>{\rtf1\ansi\ansicpg1252\cocoartf1038\cocoasubrtf320
+{\fonttbl\f0\fswiss\fcharset0 Helvetica;}
+{\colortbl;\red255\green255\blue255;}
+\pard\tx560\tx1120\tx1680\tx2240\tx2800\tx3360\tx3920\tx4480\tx5040\tx5600\tx6160\tx6720\qc\pardirnatural
+
+\f0\fs24 \cf0 rsa:modulus}</string>
+ </dict>
+ <key>Wrap</key>
+ <string>NO</string>
+ </dict>
+ <dict>
+ <key>Class</key>
+ <string>LineGraphic</string>
+ <key>Head</key>
+ <dict>
+ <key>ID</key>
+ <integer>46</integer>
+ </dict>
+ <key>ID</key>
+ <integer>44</integer>
+ <key>Points</key>
+ <array>
+ <string>{110.416, 354.774}</string>
+ <string>{255, 358}</string>
+ <string>{322, 373}</string>
+ <string>{359.68, 395}</string>
+ </array>
+ <key>Style</key>
+ <dict>
+ <key>stroke</key>
+ <dict>
+ <key>HeadArrow</key>
+ <string>FilledArrow</string>
+ <key>LineType</key>
+ <integer>1</integer>
+ <key>TailArrow</key>
+ <string>0</string>
+ </dict>
+ </dict>
+ <key>Tail</key>
+ <dict>
+ <key>ID</key>
+ <integer>33</integer>
+ </dict>
+ </dict>
+ <dict>
+ <key>Bounds</key>
+ <string>{{67.9189, 530.02}, {64, 42}}</string>
+ <key>Class</key>
+ <string>ShapedGraphic</string>
+ <key>ID</key>
+ <integer>43</integer>
+ <key>Magnets</key>
+ <array>
+ <string>{0, 1}</string>
+ <string>{0, -1}</string>
+ <string>{1, 0}</string>
+ <string>{-1, 0}</string>
+ <string>{1, 1}</string>
+ <string>{1, -1}</string>
+ <string>{-1, 1}</string>
+ <string>{-1, -1}</string>
+ </array>
+ <key>Shape</key>
+ <string>Rectangle</string>
+ <key>Style</key>
+ <dict/>
+ <key>Text</key>
+ <dict>
+ <key>Text</key>
+ <string>{\rtf1\ansi\ansicpg1252\cocoartf1038\cocoasubrtf320
+{\fonttbl\f0\fswiss\fcharset0 Helvetica;}
+{\colortbl;\red255\green255\blue255;}
+\pard\tx560\tx1120\tx1680\tx2240\tx2800\tx3360\tx3920\tx4480\tx5040\tx5600\tx6160\tx6720\qc\pardirnatural
+
+\f0\fs24 \cf0 65537}</string>
+ </dict>
+ <key>TextPlacement</key>
+ <integer>2</integer>
+ </dict>
+ <dict>
+ <key>Bounds</key>
+ <string>{{32.1215, 424.734}, {118, 24}}</string>
+ <key>Class</key>
+ <string>ShapedGraphic</string>
+ <key>FitText</key>
+ <string>YES</string>
+ <key>Flow</key>
+ <string>Resize</string>
+ <key>FontInfo</key>
+ <dict>
+ <key>Color</key>
+ <dict>
+ <key>w</key>
+ <string>0</string>
+ </dict>
+ <key>Font</key>
+ <string>Helvetica</string>
+ <key>Size</key>
+ <real>12</real>
+ </dict>
+ <key>ID</key>
+ <integer>42</integer>
+ <key>Line</key>
+ <dict>
+ <key>ID</key>
+ <integer>41</integer>
+ <key>Position</key>
+ <real>0.42995861172676086</real>
+ <key>RotationType</key>
+ <integer>0</integer>
+ </dict>
+ <key>Shape</key>
+ <string>Rectangle</string>
+ <key>Style</key>
+ <dict>
+ <key>shadow</key>
+ <dict>
+ <key>Draws</key>
+ <string>NO</string>
+ </dict>
+ <key>stroke</key>
+ <dict>
+ <key>Draws</key>
+ <string>NO</string>
+ </dict>
+ </dict>
+ <key>Text</key>
+ <dict>
+ <key>Text</key>
+ <string>{\rtf1\ansi\ansicpg1252\cocoartf1038\cocoasubrtf320
+{\fonttbl\f0\fswiss\fcharset0 Helvetica;}
+{\colortbl;\red255\green255\blue255;}
+\pard\tx560\tx1120\tx1680\tx2240\tx2800\tx3360\tx3920\tx4480\tx5040\tx5600\tx6160\tx6720\qc\pardirnatural
+
+\f0\fs24 \cf0 rsa:public_exponent}</string>
+ </dict>
+ <key>Wrap</key>
+ <string>NO</string>
+ </dict>
+ <dict>
+ <key>Class</key>
+ <string>LineGraphic</string>
+ <key>Head</key>
+ <dict>
+ <key>ID</key>
+ <integer>43</integer>
+ </dict>
+ <key>ID</key>
+ <integer>41</integer>
+ <key>Points</key>
+ <array>
+ <string>{94.946, 368.918}</string>
+ <string>{90.8379, 429.98}</string>
+ <string>{99.9189, 530.02}</string>
+ </array>
+ <key>Style</key>
+ <dict>
+ <key>stroke</key>
+ <dict>
+ <key>HeadArrow</key>
+ <string>FilledArrow</string>
+ <key>LineType</key>
+ <integer>1</integer>
+ <key>TailArrow</key>
+ <string>0</string>
+ </dict>
+ </dict>
+ <key>Tail</key>
+ <dict>
+ <key>ID</key>
+ <integer>33</integer>
+ </dict>
+ </dict>
+ <dict>
+ <key>Bounds</key>
+ <string>{{195.926, 307.774}, {51, 24}}</string>
+ <key>Class</key>
+ <string>ShapedGraphic</string>
+ <key>FitText</key>
+ <string>YES</string>
+ <key>Flow</key>
+ <string>Resize</string>
+ <key>FontInfo</key>
+ <dict>
+ <key>Color</key>
+ <dict>
+ <key>w</key>
+ <string>0</string>
+ </dict>
+ <key>Font</key>
+ <string>Helvetica</string>
+ <key>Size</key>
+ <real>12</real>
+ </dict>
+ <key>ID</key>
+ <integer>40</integer>
+ <key>Line</key>
+ <dict>
+ <key>ID</key>
+ <integer>34</integer>
+ <key>Position</key>
+ <real>0.42995861172676086</real>
+ <key>RotationType</key>
+ <integer>0</integer>
+ </dict>
+ <key>Shape</key>
+ <string>Rectangle</string>
+ <key>Style</key>
+ <dict>
+ <key>shadow</key>
+ <dict>
+ <key>Draws</key>
+ <string>NO</string>
+ </dict>
+ <key>stroke</key>
+ <dict>
+ <key>Draws</key>
+ <string>NO</string>
+ </dict>
+ </dict>
+ <key>Text</key>
+ <dict>
+ <key>Text</key>
+ <string>{\rtf1\ansi\ansicpg1252\cocoartf1038\cocoasubrtf320
+{\fonttbl\f0\fswiss\fcharset0 Helvetica;}
+{\colortbl;\red255\green255\blue255;}
+\pard\tx560\tx1120\tx1680\tx2240\tx2800\tx3360\tx3920\tx4480\tx5040\tx5600\tx6160\tx6720\qc\pardirnatural
+
+\f0\fs24 \cf0 rdf:type}</string>
+ </dict>
+ <key>Wrap</key>
+ <string>NO</string>
+ </dict>
+ <dict>
+ <key>Class</key>
+ <string>TableGroup</string>
+ <key>Graphics</key>
+ <array>
+ <dict>
+ <key>Bounds</key>
+ <string>{{377, 308.086}, {151, 14}}</string>
+ <key>Class</key>
+ <string>ShapedGraphic</string>
+ <key>FitText</key>
+ <string>Vertical</string>
+ <key>Flow</key>
+ <string>Resize</string>
+ <key>ID</key>
+ <integer>36</integer>
+ <key>Shape</key>
+ <string>Rectangle</string>
+ <key>Style</key>
+ <dict>
+ <key>fill</key>
+ <dict>
+ <key>GradientCenter</key>
+ <string>{-0.294118, -0.264706}</string>
+ </dict>
+ </dict>
+ <key>Text</key>
+ <dict>
+ <key>Text</key>
+ <string>{\rtf1\ansi\ansicpg1252\cocoartf1038\cocoasubrtf320
+{\fonttbl\f0\fswiss\fcharset0 Helvetica;}
+{\colortbl;\red255\green255\blue255;}
+\pard\tx560\tx1120\tx1680\tx2240\tx2800\tx3360\tx3920\tx4480\tx5040\tx5600\tx6160\tx6720\qc
+
+\f0\b\fs24 \cf0 rsa:RSAPublicKey}</string>
+ <key>VerticalPad</key>
+ <integer>0</integer>
+ </dict>
+ <key>TextPlacement</key>
+ <integer>0</integer>
+ </dict>
+ <dict>
+ <key>Bounds</key>
+ <string>{{377, 322.086}, {151, 28}}</string>
+ <key>Class</key>
+ <string>ShapedGraphic</string>
+ <key>FitText</key>
+ <string>Vertical</string>
+ <key>Flow</key>
+ <string>Resize</string>
+ <key>ID</key>
+ <integer>37</integer>
+ <key>Shape</key>
+ <string>Rectangle</string>
+ <key>Style</key>
+ <dict>
+ <key>fill</key>
+ <dict>
+ <key>GradientCenter</key>
+ <string>{-0.294118, -0.264706}</string>
+ </dict>
+ </dict>
+ <key>Text</key>
+ <dict>
+ <key>Align</key>
+ <integer>0</integer>
+ <key>Text</key>
+ <string>{\rtf1\ansi\ansicpg1252\cocoartf1038\cocoasubrtf320
+{\fonttbl\f0\fswiss\fcharset0 Helvetica;}
+{\colortbl;\red255\green255\blue255;}
+\pard\tx560\tx1120\tx1680\tx2240\tx2800\tx3360\tx3920\tx4480\tx5040\tx5600\tx6160\tx6720\ql\qnatural
+
+\f0\fs24 \cf0 rsa:public_exponent\
+rsa:modulus}</string>
+ <key>VerticalPad</key>
+ <integer>0</integer>
+ </dict>
+ <key>TextPlacement</key>
+ <integer>0</integer>
+ </dict>
+ </array>
+ <key>GridH</key>
+ <array>
+ <integer>36</integer>
+ <integer>37</integer>
+ <array/>
+ </array>
+ <key>ID</key>
+ <integer>35</integer>
+ </dict>
+ <dict>
+ <key>Class</key>
+ <string>LineGraphic</string>
+ <key>Head</key>
+ <dict>
+ <key>ID</key>
+ <integer>36</integer>
+ </dict>
+ <key>ID</key>
+ <integer>34</integer>
+ <key>Points</key>
+ <array>
+ <string>{109.919, 350.664}</string>
+ <string>{227, 319}</string>
+ <string>{376.5, 316.405}</string>
+ </array>
+ <key>Style</key>
+ <dict>
+ <key>stroke</key>
+ <dict>
+ <key>HeadArrow</key>
+ <string>FilledArrow</string>
+ <key>LineType</key>
+ <integer>1</integer>
+ <key>TailArrow</key>
+ <string>0</string>
+ </dict>
+ </dict>
+ <key>Tail</key>
+ <dict>
+ <key>ID</key>
+ <integer>33</integer>
+ </dict>
+ </dict>
+ <dict>
+ <key>Bounds</key>
+ <string>{{81.9193, 340.45}, {28, 28}}</string>
+ <key>Class</key>
+ <string>ShapedGraphic</string>
+ <key>ID</key>
+ <integer>33</integer>
+ <key>Shape</key>
+ <string>Circle</string>
+ <key>Style</key>
+ <dict/>
+ </dict>
+ <dict>
+ <key>Bounds</key>
+ <string>{{331.633, 159}, {90, 24}}</string>
+ <key>Class</key>
+ <string>ShapedGraphic</string>
+ <key>ID</key>
+ <integer>1</integer>
+ <key>Magnets</key>
+ <array>
+ <string>{0, 1}</string>
+ <string>{0, -1}</string>
+ <string>{1, 0}</string>
+ <string>{-1, 0}</string>
+ <string>{1, 1}</string>
+ <string>{1, -1}</string>
+ <string>{-1, 1}</string>
+ <string>{-1, -1}</string>
+ </array>
+ <key>Shape</key>
+ <string>Rectangle</string>
+ <key>Style</key>
+ <dict>
+ <key>stroke</key>
+ <dict>
+ <key>Color</key>
+ <dict>
+ <key>b</key>
+ <string>0.8</string>
+ <key>g</key>
+ <string>0.8</string>
+ <key>r</key>
+ <string>0.8</string>
+ </dict>
+ </dict>
+ </dict>
+ <key>Text</key>
+ <dict>
+ <key>Text</key>
+ <string>{\rtf1\ansi\ansicpg1252\cocoartf1038\cocoasubrtf320
+{\fonttbl\f0\fswiss\fcharset0 Helvetica;}
+{\colortbl;\red255\green255\blue255;\red102\green102\blue102;}
+\pard\tx560\tx1120\tx1680\tx2240\tx2800\tx3360\tx3920\tx4480\tx5040\tx5600\tx6160\tx6720\qc\pardirnatural
+
+\f0\fs24 \cf2 Joe}</string>
+ </dict>
+ </dict>
+ <dict>
+ <key>Class</key>
+ <string>LineGraphic</string>
+ <key>Head</key>
+ <dict>
+ <key>ID</key>
+ <integer>1</integer>
+ <key>Info</key>
+ <integer>4</integer>
+ </dict>
+ <key>ID</key>
+ <integer>31</integer>
+ <key>Points</key>
+ <array>
+ <string>{116, 186}</string>
+ <string>{188.776, 156}</string>
+ <string>{279.204, 154.184}</string>
+ <string>{331.633, 171}</string>
+ </array>
+ <key>Style</key>
+ <dict>
+ <key>stroke</key>
+ <dict>
+ <key>Color</key>
+ <dict>
+ <key>b</key>
+ <string>0.8</string>
+ <key>g</key>
+ <string>0.8</string>
+ <key>r</key>
+ <string>0.8</string>
+ </dict>
+ <key>HeadArrow</key>
+ <string>FilledArrow</string>
+ <key>LineType</key>
+ <integer>1</integer>
+ <key>TailArrow</key>
+ <string>0</string>
+ </dict>
+ </dict>
+ <key>Tail</key>
+ <dict>
+ <key>ID</key>
+ <integer>24</integer>
+ </dict>
+ </dict>
+ <dict>
+ <key>Bounds</key>
+ <string>{{16.9592, 231}, {178.041, 18}}</string>
+ <key>Class</key>
+ <string>ShapedGraphic</string>
+ <key>ID</key>
+ <integer>22</integer>
+ <key>Shape</key>
+ <string>Rectangle</string>
+ <key>Style</key>
+ <dict>
+ <key>fill</key>
+ <dict>
+ <key>Draws</key>
+ <string>NO</string>
+ </dict>
+ <key>shadow</key>
+ <dict>
+ <key>Draws</key>
+ <string>NO</string>
+ </dict>
+ <key>stroke</key>
+ <dict>
+ <key>Width</key>
+ <real>0.5</real>
+ </dict>
+ </dict>
+ <key>Text</key>
+ <dict>
+ <key>Text</key>
+ <string>{\rtf1\ansi\ansicpg1252\cocoartf1038\cocoasubrtf320
+{\fonttbl\f0\fswiss\fcharset0 Helvetica;}
+{\colortbl;\red255\green255\blue255;\red0\green0\blue0;}
+\pard\tx560\tx1120\tx1680\tx2240\tx2800\tx3360\tx3920\tx4480\tx5040\tx5600\tx6160\tx6720\qc
+
+\f0\b\fs24 \cf2 http://joe.example/profile#me}</string>
+ <key>VerticalPad</key>
+ <integer>0</integer>
+ </dict>
+ </dict>
+ <dict>
+ <key>Class</key>
+ <string>Group</string>
+ <key>Graphics</key>
+ <array>
+ <dict>
+ <key>AllowLabelDrop</key>
+ <false/>
+ <key>Class</key>
+ <string>LineGraphic</string>
+ <key>ID</key>
+ <integer>24</integer>
+ <key>Points</key>
+ <array>
+ <string>{116, 186}</string>
+ <string>{98, 186}</string>
+ </array>
+ <key>Style</key>
+ <dict>
+ <key>stroke</key>
+ <dict>
+ <key>HeadArrow</key>
+ <string>0</string>
+ <key>TailArrow</key>
+ <string>0</string>
+ </dict>
+ </dict>
+ </dict>
+ <dict>
+ <key>AllowLabelDrop</key>
+ <false/>
+ <key>Class</key>
+ <string>LineGraphic</string>
+ <key>ID</key>
+ <integer>25</integer>
+ <key>Points</key>
+ <array>
+ <string>{98, 186}</string>
+ <string>{80, 186}</string>
+ </array>
+ <key>Style</key>
+ <dict>
+ <key>stroke</key>
+ <dict>
+ <key>HeadArrow</key>
+ <string>0</string>
+ <key>TailArrow</key>
+ <string>0</string>
+ </dict>
+ </dict>
+ </dict>
+ <dict>
+ <key>AllowLabelDrop</key>
+ <false/>
+ <key>Class</key>
+ <string>LineGraphic</string>
+ <key>ID</key>
+ <integer>26</integer>
+ <key>Points</key>
+ <array>
+ <string>{98, 204}</string>
+ <string>{107, 231}</string>
+ </array>
+ <key>Style</key>
+ <dict>
+ <key>stroke</key>
+ <dict>
+ <key>HeadArrow</key>
+ <string>0</string>
+ <key>TailArrow</key>
+ <string>0</string>
+ </dict>
+ </dict>
+ </dict>
+ <dict>
+ <key>AllowLabelDrop</key>
+ <false/>
+ <key>Class</key>
+ <string>LineGraphic</string>
+ <key>ID</key>
+ <integer>27</integer>
+ <key>Points</key>
+ <array>
+ <string>{98, 204}</string>
+ <string>{89, 231}</string>
+ </array>
+ <key>Style</key>
+ <dict>
+ <key>stroke</key>
+ <dict>
+ <key>HeadArrow</key>
+ <string>0</string>
+ <key>TailArrow</key>
+ <string>0</string>
+ </dict>
+ </dict>
+ </dict>
+ <dict>
+ <key>AllowConnections</key>
+ <string>NO</string>
+ <key>AllowLabelDrop</key>
+ <false/>
+ <key>AllowToConnect</key>
+ <false/>
+ <key>Class</key>
+ <string>LineGraphic</string>
+ <key>ID</key>
+ <integer>28</integer>
+ <key>Points</key>
+ <array>
+ <string>{98, 177}</string>
+ <string>{98, 204}</string>
+ </array>
+ <key>Style</key>
+ <dict>
+ <key>stroke</key>
+ <dict>
+ <key>HeadArrow</key>
+ <string>0</string>
+ <key>TailArrow</key>
+ <string>0</string>
+ </dict>
+ </dict>
+ </dict>
+ <dict>
+ <key>Bounds</key>
+ <string>{{89, 159}, {18, 18}}</string>
+ <key>Class</key>
+ <string>ShapedGraphic</string>
+ <key>ID</key>
+ <integer>29</integer>
+ <key>Shape</key>
+ <string>Circle</string>
+ <key>Style</key>
+ <dict/>
+ </dict>
+ </array>
+ <key>ID</key>
+ <integer>23</integer>
+ </dict>
+ <dict>
+ <key>Bounds</key>
+ <string>{{74, 146}, {42, 99}}</string>
+ <key>Class</key>
+ <string>ShapedGraphic</string>
+ <key>ID</key>
+ <integer>30</integer>
+ <key>Shape</key>
+ <string>Rectangle</string>
+ <key>Style</key>
+ <dict>
+ <key>fill</key>
+ <dict>
+ <key>Draws</key>
+ <string>NO</string>
+ </dict>
+ <key>shadow</key>
+ <dict>
+ <key>Draws</key>
+ <string>NO</string>
+ </dict>
+ <key>stroke</key>
+ <dict>
+ <key>Draws</key>
+ <string>NO</string>
+ </dict>
+ </dict>
+ </dict>
+ <dict>
+ <key>Bounds</key>
+ <string>{{9, 70.4975}, {537.282, 610.013}}</string>
+ <key>Class</key>
+ <string>ShapedGraphic</string>
+ <key>ID</key>
+ <integer>15</integer>
+ <key>Shape</key>
+ <string>NoteShape</string>
+ <key>Style</key>
+ <dict/>
+ <key>Text</key>
+ <dict>
+ <key>Align</key>
+ <integer>0</integer>
+ <key>Text</key>
+ <string>{\rtf1\ansi\ansicpg1252\cocoartf1038\cocoasubrtf320
+{\fonttbl\f0\fswiss\fcharset0 Helvetica;}
+{\colortbl;\red255\green255\blue255;}
+\pard\tx560\tx1120\tx1680\tx2240\tx2800\tx3360\tx3920\tx4480\tx5040\tx5600\tx6160\tx6720
+
+\f0\fs24 \cf0 http://joe.example/profile}</string>
+ <key>VerticalPad</key>
+ <integer>0</integer>
+ </dict>
+ <key>TextPlacement</key>
+ <integer>0</integer>
+ </dict>
+ </array>
+ <key>GridInfo</key>
+ <dict/>
+ <key>GuidesLocked</key>
+ <string>NO</string>
+ <key>GuidesVisible</key>
+ <string>YES</string>
+ <key>HPages</key>
+ <integer>1</integer>
+ <key>ImageCounter</key>
+ <integer>2</integer>
+ <key>KeepToScale</key>
+ <false/>
+ <key>Layers</key>
+ <array>
+ <dict>
+ <key>Lock</key>
+ <string>NO</string>
+ <key>Name</key>
+ <string>Layer 1</string>
+ <key>Print</key>
+ <string>YES</string>
+ <key>View</key>
+ <string>YES</string>
+ </dict>
+ </array>
+ <key>LayoutInfo</key>
+ <dict>
+ <key>Animate</key>
+ <string>NO</string>
+ <key>circoMinDist</key>
+ <real>18</real>
+ <key>circoSeparation</key>
+ <real>0.0</real>
+ <key>layoutEngine</key>
+ <string>dot</string>
+ <key>neatoSeparation</key>
+ <real>0.0</real>
+ <key>twopiSeparation</key>
+ <real>0.0</real>
+ </dict>
+ <key>LinksVisible</key>
+ <string>NO</string>
+ <key>MagnetsVisible</key>
+ <string>NO</string>
+ <key>MasterSheets</key>
+ <array/>
+ <key>ModificationDate</key>
+ <string>2010-08-07 18:27:48 +0200</string>
+ <key>Modifier</key>
+ <string>Henry Story</string>
+ <key>NotesVisible</key>
+ <string>NO</string>
+ <key>Orientation</key>
+ <integer>2</integer>
+ <key>OriginVisible</key>
+ <string>NO</string>
+ <key>PageBreaks</key>
+ <string>YES</string>
+ <key>PrintInfo</key>
+ <dict>
+ <key>NSBottomMargin</key>
+ <array>
+ <string>float</string>
+ <string>41</string>
+ </array>
+ <key>NSLeftMargin</key>
+ <array>
+ <string>float</string>
+ <string>18</string>
+ </array>
+ <key>NSPaperSize</key>
+ <array>
+ <string>size</string>
+ <string>{595, 842}</string>
+ </array>
+ <key>NSRightMargin</key>
+ <array>
+ <string>float</string>
+ <string>18</string>
+ </array>
+ <key>NSTopMargin</key>
+ <array>
+ <string>float</string>
+ <string>18</string>
+ </array>
+ </dict>
+ <key>PrintOnePage</key>
+ <false/>
+ <key>QuickLookPreview</key>
+ <data>
+ JVBERi0xLjMKJcTl8uXrp/Og0MTGCjUgMCBvYmoKPDwgL0xlbmd0aCA2IDAgUiAvRmls
+ dGVyIC9GbGF0ZURlY29kZSA+PgpzdHJlYW0KeAHNmsmOHcl1hvf5FAl4U1xUMuZpZ9M2
+ 4PZGEgl4IRhC3clio0pUFylLelk/i78TmRGZdyJ7UQuBXX0zI2M4cYb/DBG/jL8dfxkV
+ /7zPY0x2fD2O/zX+aXz/4ase919HXf993Y+PavKj/G06nsb3vzm+7o9//vaXp+fh9TNT
+ +SCTqTFYOz6aMYXJK+PyuH8Z3//Hix7/9Utd0c29+Ilp9Jml6ndTvw+/jFqbOo0LozVq
+ CtaE0Se/dLNtGj9Pw09UU9bZjjbnybd+bliW09HW6ehoQxidjvR2ZpnOt+laN8uq0s35
+ bbfQZkth3qJjt3RI2Yw60zWptnBsM1q4KjSanEad1CTvObLuADdS6xWXza7bMDpv58u9
+ 5zwdfHMw2tadylRatR4awmXFM85ZWbIKYJHA+98dn5++ff7f44cvz19eP78cv71+3o+v
+ nwfvwmSShttWTzlD9su4tqU8xRQsH/PkfNKIDg5YD6/4FLTzY/Bu0sbZYV/bVEq1Keqg
+ x+fR2cS+tB6jNqIZDKQFWvu7TXFSNsS1ZT9YnSYfWKX3QlfbBJvH/ZhHrcwEMZHFOt1r
+ 2439PY9/XHtudn1C83/i7+fZFj58rGxV48cPqLmuL4/yg9EMMLcvZryelFJmyzg0czIa
+ KXTGaSxDBedWxmmTphR93DBOmkyy+YxxanI5ysCFce19ZVxr2TKutcGtG4/CuIB6eq3s
+ lnFr28q4vr8zxhmXJmWsu71rDCl6D5YsfBgW4tv7iLLM2+kts65UzZhU9ia1Hp1+m9Wk
+ kzdDb9mPH0EXoAvL/opogK2NqEyMU3CKiVSEh6Ga/798GheoeeT30QQ793k02SHG4IZP
+ GM6/I1Jk/uk0/n58+OM7AUMzPnx7ByBufv/cPpTlw/uz3+Hh59bhS3s4todp6dob/vbU
+ Pr30eZ9b0/HdMJPQVuhdXvvU//du/O/x00/jv32qiNs19ooNor2wQc1a+2l/xhBQcjJO
+ OVizMGQ8Z8jDMyR/+rkuM1x5Da3cZIMbg9H19wX7jKh5imMAhJMT7FxbzKQ9AlpGDUEl
+ oD+gHVqpuXNQHnjRdgRw6RvDuLZo6QwGr8NSqp31EECLOnVrWZfPfdhCI8bQ5zZuJnZd
+ f2kZLne2H09bZau4IKDb+oF/dS8bDuhQ10nMtfBEo8oLT2a+6Tj/bjigUePKwE7l2rJs
+ ZViH9f32qdeWZfmxc6DRuHJg0H5m4SqBTctC47Kz2fo2Btd5IM4vxuFl5MGgS8/VTu/0
+ lA4vY8qjseIxxKIve4rGLlNVdn6nq4hAlsdnMylGzMP9STWOb+66jJm7Stjz1ysqqnRx
+ f4QvsVKgIxgoAKPTQBgllM/xyTkOaVQ4x4yLdVbmuICgZCcFrPnRzZZmJjVsoGdGnG8Y
+ fH0qDQHaLxhTP4AD9bcDyowww0Nv+FtDkxVpWkubHcA5n6StMncYHl7biLbcPdS5sWkQ
+ rPrJc8TBj+RskcOCvGx/Rl6A5p9eVqyh8a8Ql/rfDb9cJTSLFOXTjr14YF9HfK/So6i7
+ J/6UX6sMH7CNCKRoQo39aLTICe8LcEwh09F4P9kcMQoMTfyyiXkSfdUS9CSJsiTSm7wj
+ 3mQSfL6Lo1WEpNYwTzCTdcRn1siDZ1yIE2EULr8qy2Y3qAxDBAxAOMCL6EfMwho7WUIw
+ 2ggNJP57pk3I98RZ0k+5PIhnvjX6hD7+xN/PN3W5jxCosA7cfRn6ejq4KQbiu816tV/G
+ rZ+tt46um4LN/PtKLEJAWeP4oNSYCYmd5BprlHVp5CK8PkZL3LyMGWZeOSQ//52bl0W6
+ 8zo49GvzIkyNNkk4gXkN5579J7R49qvo2eo82xbAQD8llGQORVz2SERrTYwWNCGNIbQ1
+ dF5aRoev0IDCZhxSC17ShIqn1mviOG1Fd7TAsEtRu6G3SIyoCZfp08dJlOaNxH9t9rWl
+ UdDGzWGW0AmiL7OT1ViSliBUST4iFKwtl/sTr1YxbLhnXo0l1jkIY2srS8hPMHEd0fzG
+ Eos7SckYXN6yFNEBylZJ7ATZgObrgMgb0b2lbY0EbR6H7XQGtNm3LQsF67hG54YllnRG
+ JStULSxpLavo+v7uuzmNoZMOYvECGMHmCjrgmdN5tKCPJhgAZMh8IsmnRYBRkbMawxC6
+ AB4B8FA28UocyhTSTqalLTlQIPdKTjJTrNx4PpFcC5cW9KiCEtwgZsDGDCkgHaIVkcgg
+ HxC6g7UuGcGIOhF4RJuljYS92vGN0d/FjaGvJwQ5E87Wk414HQUj+nqyJwiXFA2cauu1
+ 0TBNDLwbnY0Re8O2JGEHeUds98fAwSBBWZXAxXlQc8n30gPnkQu2ICn9XBq4cMygoh8f
+ 7TVsvH7tHrRF/j0e/0tDlF176EH857lleNj/oX1bfXOfoEPSn6469RYSEUGr4TLU/3Vb
+ Ihs/D+nJcWRLS4rRtvTSKTk0Svrm+p56y9ctgEpaMGyLSVWmQUo2i0xBoSrTX5C74E3L
+ rKsTEFmSCXRZApFLePUDWeJd78gSWYfkPJo153c9ypC9t+2xh9kbrOL9XWv6+M/t6Tfs
+ uQZJu3dD/W1BE/Kt7/vW8z/bQxfz3y+51EtuA4YsRaVqTwDAFA3UivYvnLq3dUM0MA/C
+ qg2DlvTuLMuVyCuLXd2QfJfuaaG/KcC3ZX9/77p55iVviY6UMTtPLG0BNsJkgQZKAD4G
+ 0gFLycgEPpLHQ46WxBxXaLFvWoimyA0dMdBcVxNf4Kk90YtgC8isKWA2QOogxScV8TPE
+ Xhkgg1EUDbV0nrFRFHAuCYhywVqqhER2hDiGyXC6WdyWouIVBykBaE3Y9Sx5YM4B/2uI
+ 3PC6M2LdGnsfIWuu0lajjEFCyoRtNSSKq0s1J+qrCfFOQkjBx75aG3uFj4RVhKqaYElC
+ NKJXOPkjLYGZZNEySOp9IdxQEm/xTo7Y44aOfBfwFty4C3jjrwa8ZaZuLpeAN9c2mnC7
+ x6hmnygqoxyz9iBSapmomjMCHd8POvtwbyV4IDTZDBeYEvck5ieQdllkQlxSEWZtqZ8u
+ FeH71RVceYUh8ZIXlaaH4L2NvbZyM2QnoJicBhgsahxnVy/5OVUQ7ItsJWEasKHqHxED
+ vah7idbLi1iHwdSMFE0sSZDCGQO1Esh54hNihkRFDz+KjydVRcPIfwjocNoR5SCzspSH
+ spGAhbQ1UuIloKTQA5yLdQdD+nNhgcNigRKrEXMxlxivBZ6IUoDlnMmULLaQiIwIGpzQ
+ LoGQYILHYmvQsAyuGLIMvm+C1Yn05cAfbFrq2uty1JypwUhMtC5HwciRc22Xg4g++CxG
+ kcTRkDgii0kJkTXDlBjMVF/FQcm9oqQhrJOR/CJv8s6rggCxD3VYOY+40JDFTy9OqsH0
+ r/TTi21d+enugQQmNTghRxZyHGMtygoeyD7PbYjyxKXPbgMR5OXAZj23SrSsRXrGGOPV
+ AkniG8jVz4sEj2D7xMEQ8ZjUzvwMURROCB8o0j4oVfa7Ylw5Hkry5RCKO5SYi9uVkMs+
+ FqXLXpcUytO+vBuW8uXWxLaULDL5ESXi2GYJrYTsVfG5eFX0UQgJqkDaKZTA+rlYU5Qr
+ h1RsKuqIAH9AyK9kCUWJa47EonPR++L3Je2KDSUdinkqeyv/d6Yknnclwxr7ZhyhwHjF
+ kZxKQBy2hFQOe1kcKUSoUMXAjlOJvvhjyYjp6c04AihdccQcy3FfDk/lGArPsEP7ctoV
+ n8pRl10sgU++5L08v5WOWJT1UkdQwWMqycp/GXVgzWOJRrRm54pDatByLF6XJ/dmHKGO
+ dMURFs++6CdRExQk7EswsjgKGqu+IDJzKAeoS2/GEXT1kiGHg5ir9yIZbcupMgc5nIwo
+ x8GVfSpOFRtFjd7IaPB5lyByjKKaJghYnGzZw52nElDcIApidmWXyolGmBLeih1y0HnJ
+ DoM09iUih6PY8A51cUVhw0ZYA02iwPSBXPVW7MDnXPHj5MuOlWLxu3K0st7RlJ0Vs7EQ
+ wfOTqO1TFhR5I4MhOr3ih2cx0OxJ7BKID4iA/wAuVBZ8R16nsgdHUI/dW/GDXPWKH+gi
+ +nfIwnbsBssQGPFVacD5o2CL04InO+TyNk6GYskVPzRuDqHACYwDtDjK7rMtR9gQxcFh
+ wor/o8U4u7fxMcQ71/wwxQVZIxzE7+JucS5IAfbg9BT+BUKVtOMA34gfcrJ/xZDIToGQ
+ k/iU+FQOsURVhXQUqSCnuJMH9BlwfSOGcHJ0zRGLoZxEOJalqqMXz3IsFhA9lB064wTm
+ 9hXm3oojJC1XHMn4Dn1zp+sZXeCANEmYRwZD9E+iTmZok9JU7jmnVHILgRCHlIbTEUM4
+ nYjT5vOxloFJFDin13iXWsfk3IOhku9K+K6iHqhdS7YvsT0LkPkSxEmbUWpJr6/H3g/t
+ a3bdBhA0QpSk8stilcyc68R9MSE9csRUI3uJ2Sqhy9jL5Jq+XNLg2MNR/eNqi1xLqakk
+ WdUPCjGkMHoeSsGXA6JbhRhkRbhLCfdGkr3vae9ru2iAstaK0udWm+u1mt53myIvfS9u
+ K1zVnM4qc3IvhdNjXQ+YUkARyIHaVtuBi/ySHWwqPkYOKOowtmQZdqOgQIbDoRnZxI3N
+ tlpTrzH2kttpqTq1vfcN9h5yKHjjsCYhKG6TkIiT9EoiTmpHDUDO/+rx7PeLAG10rwFs
+ Rv+oBqCV1JClBiAHK2sNYFuCg1+KMzuSul5e6ae835X8Is3OhqX2e1YKYSb5h4gclXcb
+ ud0X2fX9Emvthjn3bi1Ju1XicNQ4yOoot13nqnIU6bhhstnWnJL9njJ3V9Irhe5XanoX
+ DqdXmWLWKP789/GDXA+8TjjlmFfKjbXGKLdWrMXupYmDBTnjBZ+VHMJSbpi1IPtB9IMa
+ CMEwd6pgGSCh5PjFcLhkOBLmtgJ6HfhkONaRaycUQaiPUFiiE5BvWI7axcQNGTtIAyc0
+ tMCGpDhQMXLHZT7vWzg6lyE3+0FIcvAaHSUZznipbFKIoDbB4YV2csOOyqk2tRwp01IK
+ NrTxMUJeLU5cjgb/OmDe5FVfT6yWsqllRF+PI2sKorUg2deDpokzo9QPliu1m9FnxRBx
+ F/OFTSoFL6KC6yu3uiI+hPPMgSIwL72reABMZtPC6e3mFacjg1t/qU5mfNI6HVC1LsXL
+ XK6aCeGV2o5FzJyZc4NV3Fyjqs3UWgbxbzK4d6DMdfdl25FrnLJKG0esJlvCfbZ12fEZ
+ c/Zy/nXOre+iUvXEdUcoyZa18rqyFq3FABurRIUXVi3MM1puHKwdal178yp3GqooZknV
+ uy2dtXIrZ8NaXqVs1rYoXzsHDJpZZ9q0SD3w7HX7st4RkCPRbUfOqDas7Vta12XHnZNi
+ QWesnbklSnrfg8nZw6wsOLxrYCMBsLHydU7P/tEvBF5X37tr/Z8ttHZPobOclnJvlrNp
+ zj8sKAPiLdXL+2yT46Z5WEK7ZNjMu9uXex5B2uVy0wUbH05fnk5l9/wF6loV7Lf/D26W
+ mTAKZW5kc3RyZWFtCmVuZG9iago2IDAgb2JqCjQxMDYKZW5kb2JqCjMgMCBvYmoKPDwg
+ L1R5cGUgL1BhZ2UgL1BhcmVudCA0IDAgUiAvUmVzb3VyY2VzIDcgMCBSIC9Db250ZW50
+ cyA1IDAgUiAvTWVkaWFCb3ggWzAgMCA1NTkgNzgzXQo+PgplbmRvYmoKNyAwIG9iago8
+ PCAvUHJvY1NldCBbIC9QREYgL1RleHQgL0ltYWdlQiAvSW1hZ2VDIC9JbWFnZUkgXSAv
+ Q29sb3JTcGFjZSA8PCAvQ3MyIDMxIDAgUgovQ3MxIDggMCBSID4+IC9Gb250IDw8IC9G
+ MS4wIDMyIDAgUiAvRjIuMCAzMyAwIFIgL0YzLjAgMzQgMCBSID4+IC9YT2JqZWN0Cjw8
+ IC9JbTQgMTUgMCBSIC9JbTEwIDI3IDAgUiAvSW0xMSAyOSAwIFIgL0ltMiAxMSAwIFIg
+ L0ltMSA5IDAgUiAvSW01IDE3IDAgUgovSW04IDIzIDAgUiAvSW05IDI1IDAgUiAvSW0z
+ IDEzIDAgUiAvSW03IDIxIDAgUiAvSW02IDE5IDAgUiA+PiA+PgplbmRvYmoKMTUgMCBv
+ YmoKPDwgL0xlbmd0aCAxNiAwIFIgL1R5cGUgL1hPYmplY3QgL1N1YnR5cGUgL0ltYWdl
+ IC9XaWR0aCAxMDAgL0hlaWdodCAxMDAgL0ludGVycG9sYXRlCnRydWUgL0NvbG9yU3Bh
+ Y2UgMzUgMCBSIC9JbnRlbnQgL1BlcmNlcHR1YWwgL1NNYXNrIDM2IDAgUiAvQml0c1Bl
+ ckNvbXBvbmVudAo4IC9GaWx0ZXIgL0ZsYXRlRGVjb2RlID4+CnN0cmVhbQp4Ae3QMQEA
+ AADCoPVPbQlPiEBhwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIAB
+ AwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBg
+ wIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwICBz8AAdTAAAQplbmRz
+ dHJlYW0KZW5kb2JqCjE2IDAgb2JqCjE1NQplbmRvYmoKMjcgMCBvYmoKPDwgL0xlbmd0
+ aCAyOCAwIFIgL1R5cGUgL1hPYmplY3QgL1N1YnR5cGUgL0ltYWdlIC9XaWR0aCAxNTgg
+ L0hlaWdodCA4MCAvSW50ZXJwb2xhdGUKdHJ1ZSAvQ29sb3JTcGFjZSAzNSAwIFIgL0lu
+ dGVudCAvUGVyY2VwdHVhbCAvU01hc2sgMzggMCBSIC9CaXRzUGVyQ29tcG9uZW50Cjgg
+ L0ZpbHRlciAvRmxhdGVEZWNvZGUgPj4Kc3RyZWFtCngB7dCBAAAAAMOg+VMf5IVQYcCA
+ AQMGDBgwYMCAAQMGDBgwYMCAAQMGDBgwYMCAAQMGDBgwYMCAAQMGDBgwYMCAAQMGDBgw
+ YMCAAQMGDBgwYMCAAQMGDBgwYMCAAQMGDBgwYMCAAQMGDBgwYMCAAQMGDBgwYMCAAQMG
+ DBgwYMCAAQMGDBgwYMCAAQMGDBgwYMCAAQMGDBgwYMCAAQMGDBgwYMCAAQMGDBgwYMCA
+ AQMGDBgwYOB3YJQgAAEKZW5kc3RyZWFtCmVuZG9iagoyOCAwIG9iagoxODcKZW5kb2Jq
+ CjI5IDAgb2JqCjw8IC9MZW5ndGggMzAgMCBSIC9UeXBlIC9YT2JqZWN0IC9TdWJ0eXBl
+ IC9JbWFnZSAvV2lkdGggMzMyIC9IZWlnaHQgOTIgL0ludGVycG9sYXRlCnRydWUgL0Nv
+ bG9yU3BhY2UgMzUgMCBSIC9JbnRlbnQgL1BlcmNlcHR1YWwgL1NNYXNrIDQwIDAgUiAv
+ Qml0c1BlckNvbXBvbmVudAo4IC9GaWx0ZXIgL0ZsYXRlRGVjb2RlID4+CnN0cmVhbQp4
+ Ae3QgQAAAADDoPlTX+EAhVBhwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYM
+ GDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIAB
+ AwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBg
+ wIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYM
+ GDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIAB
+ AwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBg
+ wIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYM
+ GDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIAB
+ AwYMGDBgwMA7MGX/AAEKZW5kc3RyZWFtCmVuZG9iagozMCAwIG9iago0MjMKZW5kb2Jq
+ CjExIDAgb2JqCjw8IC9MZW5ndGggMTIgMCBSIC9UeXBlIC9YT2JqZWN0IC9TdWJ0eXBl
+ IC9JbWFnZSAvV2lkdGggODAgL0hlaWdodCA4MCAvSW50ZXJwb2xhdGUKdHJ1ZSAvQ29s
+ b3JTcGFjZSAzNSAwIFIgL0ludGVudCAvUGVyY2VwdHVhbCAvU01hc2sgNDIgMCBSIC9C
+ aXRzUGVyQ29tcG9uZW50CjggL0ZpbHRlciAvRmxhdGVEZWNvZGUgPj4Kc3RyZWFtCngB
+ 7dAxAQAAAMKg9U9tCy+IQGHAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
+ MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDgNzBL
+ AAABCmVuZHN0cmVhbQplbmRvYmoKMTIgMCBvYmoKMTA3CmVuZG9iago5IDAgb2JqCjw8
+ IC9MZW5ndGggMTAgMCBSIC9UeXBlIC9YT2JqZWN0IC9TdWJ0eXBlIC9JbWFnZSAvV2lk
+ dGggOTQyIC9IZWlnaHQgMTA2NSAvSW50ZXJwb2xhdGUKdHJ1ZSAvQ29sb3JTcGFjZSAz
+ NSAwIFIgL0ludGVudCAvUGVyY2VwdHVhbCAvU01hc2sgNDQgMCBSIC9CaXRzUGVyQ29t
+ cG9uZW50CjggL0ZpbHRlciAvRmxhdGVEZWNvZGUgPj4Kc3RyZWFtCngB7dAxAQAAAMKg
+ 9U9tDB+IQGHAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
+ MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
+ BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
+ gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
+ MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
+ BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
+ gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
+ MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
+ BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
+ gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
+ MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
+ BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
+ gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
+ MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
+ BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
+ gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
+ MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
+ BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
+ gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
+ MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
+ BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
+ gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
+ MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
+ BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
+ gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
+ MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
+ BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
+ gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
+ MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
+ BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
+ gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
+ MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
+ BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
+ gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
+ MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
+ BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
+ gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
+ MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
+ BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
+ gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
+ MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
+ BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
+ gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
+ MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
+ BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
+ gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
+ MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
+ BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
+ gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
+ MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
+ BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
+ gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
+ MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
+ BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
+ gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
+ MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
+ BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
+ gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
+ MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
+ BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
+ gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
+ MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
+ BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
+ gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
+ MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
+ BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
+ gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
+ MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
+ BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
+ gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
+ MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
+ BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
+ gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
+ MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
+ BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
+ gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
+ MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
+ BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
+ gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
+ MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
+ BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
+ gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
+ MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
+ BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
+ gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
+ MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
+ BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
+ gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
+ MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
+ BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
+ gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
+ MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
+ BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
+ gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
+ MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
+ BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
+ gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
+ MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
+ BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
+ gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
+ MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
+ BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
+ gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
+ MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
+ BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
+ gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
+ MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
+ BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
+ gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
+ MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
+ BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
+ gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
+ MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
+ BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
+ gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
+ MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
+ BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
+ gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
+ MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
+ BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
+ gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
+ MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
+ BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
+ gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
+ MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
+ BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
+ gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
+ MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
+ BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
+ gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
+ MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
+ BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
+ gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
+ MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
+ BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
+ gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
+ MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
+ BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
+ gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
+ MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
+ BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
+ gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
+ MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
+ BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
+ gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
+ MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
+ BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
+ gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
+ MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
+ BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
+ gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
+ MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
+ BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
+ gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
+ MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
+ BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
+ gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
+ MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
+ BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
+ gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
+ MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
+ BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
+ gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
+ MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
+ BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
+ gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
+ MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
+ BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
+ gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
+ MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
+ BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
+ gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
+ MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
+ BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
+ gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
+ MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
+ BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
+ gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
+ MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
+ BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
+ gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
+ MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
+ BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
+ gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
+ MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
+ BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
+ gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
+ MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
+ BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
+ gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
+ MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
+ BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
+ gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
+ MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
+ BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
+ gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
+ MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
+ BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
+ gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
+ MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
+ BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
+ gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
+ MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
+ BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
+ gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
+ MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
+ BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
+ gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
+ MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
+ BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
+ gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
+ MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
+ BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
+ gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
+ MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
+ BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
+ gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
+ MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
+ BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
+ gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
+ MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
+ BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
+ gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
+ MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
+ BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
+ gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
+ MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
+ BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
+ gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
+ MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
+ BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
+ gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
+ MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
+ BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
+ gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
+ MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
+ BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
+ gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
+ MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
+ BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
+ gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
+ MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
+ BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
+ gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
+ MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
+ BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
+ gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
+ MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
+ BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
+ gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
+ MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
+ BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
+ gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
+ MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
+ BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
+ gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
+ MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
+ BgwYMGDAgAEDBgwYMGDAgAEDBgwYMPAZGO89AAEKZW5kc3RyZWFtCmVuZG9iagoxMCAw
+ IG9iagoxMzE0NwplbmRvYmoKMTcgMCBvYmoKPDwgL0xlbmd0aCAxOCAwIFIgL1R5cGUg
+ L1hPYmplY3QgL1N1YnR5cGUgL0ltYWdlIC9XaWR0aCAzNDYgL0hlaWdodCAxMDAgL0lu
+ dGVycG9sYXRlCnRydWUgL0NvbG9yU3BhY2UgMzUgMCBSIC9JbnRlbnQgL1BlcmNlcHR1
+ YWwgL1NNYXNrIDQ2IDAgUiAvQml0c1BlckNvbXBvbmVudAo4IC9GaWx0ZXIgL0ZsYXRl
+ RGVjb2RlID4+CnN0cmVhbQp4Ae3QMQEAAADCoPVPbQlPiEBhwIABAwYMGDBgwIABAwYM
+ GDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIAB
+ AwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBg
+ wIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYM
+ GDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIAB
+ AwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBg
+ wIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYM
+ GDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIAB
+ AwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBg
+ wIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBg4D8wlYcAAQplbmRzdHJlYW0KZW5kb2Jq
+ CjE4IDAgb2JqCjQ3NgplbmRvYmoKMjMgMCBvYmoKPDwgL0xlbmd0aCAyNCAwIFIgL1R5
+ cGUgL1hPYmplY3QgL1N1YnR5cGUgL0ltYWdlIC9XaWR0aCA3MTggL0hlaWdodCA1OTYg
+ L0ludGVycG9sYXRlCnRydWUgL0NvbG9yU3BhY2UgMzUgMCBSIC9JbnRlbnQgL1BlcmNl
+ cHR1YWwgL1NNYXNrIDQ4IDAgUiAvQml0c1BlckNvbXBvbmVudAo4IC9GaWx0ZXIgL0Zs
+ YXRlRGVjb2RlID4+CnN0cmVhbQp4Ae3QgQAAAADDoPlTH+SFUGHAgAEDBgwYMGDAgAED
+ BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
+ gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
+ MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
+ BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
+ gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
+ MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
+ BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
+ gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
+ MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
+ BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
+ gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
+ MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
+ BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
+ gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
+ MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
+ BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
+ gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
+ MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
+ BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
+ gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
+ MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
+ BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
+ gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
+ MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
+ BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
+ gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
+ MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
+ BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
+ gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
+ MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
+ BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
+ gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
+ MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
+ BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
+ gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
+ MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
+ BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
+ gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
+ MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
+ BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
+ gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
+ MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
+ BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
+ gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
+ MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
+ BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
+ gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
+ MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
+ BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
+ gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
+ MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
+ BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
+ gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
+ MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
+ BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
+ gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
+ MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
+ BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
+ gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
+ MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
+ BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
+ gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
+ MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
+ BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
+ gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
+ MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
+ BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
+ gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
+ MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
+ BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
+ gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
+ MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
+ BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
+ gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
+ MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
+ BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
+ gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
+ MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
+ BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
+ gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
+ MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
+ BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
+ gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
+ MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
+ BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
+ gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
+ MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
+ BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
+ gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
+ MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
+ BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
+ gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
+ MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
+ BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
+ gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
+ MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
+ BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
+ gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
+ MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
+ BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
+ gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
+ MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
+ BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
+ gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
+ MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
+ BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
+ gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
+ MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
+ BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
+ gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgy8DAyX5QABCmVuZHN0cmVhbQplbmRvYmoKMjQg
+ MCBvYmoKNTYyMAplbmRvYmoKMjUgMCBvYmoKPDwgL0xlbmd0aCAyNiAwIFIgL1R5cGUg
+ L1hPYmplY3QgL1N1YnR5cGUgL0ltYWdlIC9XaWR0aCAxNDQgL0hlaWdodCA4MCAvSW50
+ ZXJwb2xhdGUKdHJ1ZSAvQ29sb3JTcGFjZSAzNSAwIFIgL0ludGVudCAvUGVyY2VwdHVh
+ bCAvU01hc2sgNTAgMCBSIC9CaXRzUGVyQ29tcG9uZW50CjggL0ZpbHRlciAvRmxhdGVE
+ ZWNvZGUgPj4Kc3RyZWFtCngB7dCBAAAAAMOg+VMf5IVQYcCAAQMGDBgwYMCAAQMGDBgw
+ YMCAAQMGDBgwYMCAAQMGDBgwYMCAAQMGDBgwYMCAAQMGDBgwYMCAAQMGDBgwYMCAAQMG
+ DBgwYMCAAQMGDBgwYMCAAQMGDBgwYMCAAQMGDBgwYMCAAQMGDBgwYMCAAQMGDBgwYMCA
+ AQMGDBgwYMCAAQMGDBgwYMCAAQMGDBgwYMCAAQOPAwOHAAABCmVuZHN0cmVhbQplbmRv
+ YmoKMjYgMCBvYmoKMTczCmVuZG9iagoxMyAwIG9iago8PCAvTGVuZ3RoIDE0IDAgUiAv
+ VHlwZSAvWE9iamVjdCAvU3VidHlwZSAvSW1hZ2UgL1dpZHRoIDIyNCAvSGVpZ2h0IDky
+ IC9JbnRlcnBvbGF0ZQp0cnVlIC9Db2xvclNwYWNlIDM1IDAgUiAvSW50ZW50IC9QZXJj
+ ZXB0dWFsIC9TTWFzayA1MiAwIFIgL0JpdHNQZXJDb21wb25lbnQKOCAvRmlsdGVyIC9G
+ bGF0ZURlY29kZSA+PgpzdHJlYW0KeAHt0DEBAAAAwqD1T20ND4hAYcCAAQMGDBgwYMCA
+ AQMGDBgwYMCAAQMGDBgwYMCAAQMGDBgwYMCAAQMGDBgwYMCAAQMGDBgwYMCAAQMGDBgw
+ YMCAAQMGDBgwYMCAAQMGDBgwYMCAAQMGDBgwYMCAAQMGDBgwYMCAAQMGDBgwYMCAAQMG
+ DBgwYMCAAQMGDBgwYMCAAQMGDBgwYMCAAQMGDBgwYMCAAQMGDBgwYMCAAQMGDBgwYMCA
+ AQMGDBgwYMCAAQMGDBgwYMCAAQMGDBgwYMCAAQMGDBgwYMCAAQMGDBgwYMCAAQMGDBgw
+ YMCAAQMGDBgwYMCAAQMGDBgwYMCAAQMGDBgwYMCAAQMGDBgwYMCAAQMGDBgwYMCAAQMG
+ DLwPDPGAAAEKZW5kc3RyZWFtCmVuZG9iagoxNCAwIG9iagoyOTMKZW5kb2JqCjIxIDAg
+ b2JqCjw8IC9MZW5ndGggMjIgMCBSIC9UeXBlIC9YT2JqZWN0IC9TdWJ0eXBlIC9JbWFn
+ ZSAvV2lkdGggMTcyIC9IZWlnaHQgMTI4IC9JbnRlcnBvbGF0ZQp0cnVlIC9Db2xvclNw
+ YWNlIDM1IDAgUiAvSW50ZW50IC9QZXJjZXB0dWFsIC9TTWFzayA1NCAwIFIgL0JpdHNQ
+ ZXJDb21wb25lbnQKOCAvRmlsdGVyIC9GbGF0ZURlY29kZSA+PgpzdHJlYW0KeAHt0IEA
+ AAAAw6D5Ux/khVBhwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIAB
+ AwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBg
+ wIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYM
+ GDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIAB
+ AwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBg
+ wIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMvA8MAg8AAQpl
+ bmRzdHJlYW0KZW5kb2JqCjIyIDAgb2JqCjMxMAplbmRvYmoKMTkgMCBvYmoKPDwgL0xl
+ bmd0aCAyMCAwIFIgL1R5cGUgL1hPYmplY3QgL1N1YnR5cGUgL0ltYWdlIC9XaWR0aCAz
+ NDYgL0hlaWdodCA3MiAvSW50ZXJwb2xhdGUKdHJ1ZSAvQ29sb3JTcGFjZSAzNSAwIFIg
+ L0ludGVudCAvUGVyY2VwdHVhbCAvU01hc2sgNTYgMCBSIC9CaXRzUGVyQ29tcG9uZW50
+ CjggL0ZpbHRlciAvRmxhdGVEZWNvZGUgPj4Kc3RyZWFtCngB7dABDQAAAMKg909tDjeI
+ QGHAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
+ BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
+ gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
+ MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED
+ BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA
+ gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY
+ MGDAgAEDBgwYMGDAgAEDBgwYMPA0MCP/AAEKZW5kc3RyZWFtCmVuZG9iagoyMCAwIG9i
+ agozNDkKZW5kb2JqCjU0IDAgb2JqCjw8IC9MZW5ndGggNTUgMCBSIC9UeXBlIC9YT2Jq
+ ZWN0IC9TdWJ0eXBlIC9JbWFnZSAvV2lkdGggMTcyIC9IZWlnaHQgMTI4IC9Db2xvclNw
+ YWNlCi9EZXZpY2VHcmF5IC9JbnRlcnBvbGF0ZSB0cnVlIC9CaXRzUGVyQ29tcG9uZW50
+ IDggL0ZpbHRlciAvRmxhdGVEZWNvZGUgPj4Kc3RyZWFtCngB7Zz7T1JvHMe9oMgdFEG5
+ BB68ASGdxEipwMG8W2pZdNFZmAtDSReLZRecKYuVaem8TM1c2tScNmbOpfv+a9/Pwb5r
+ Kp62s3HqfPe8f1KePT6vvficB9yez5OUhIIMIAPIwEkGkv9QTuKJ+zowpvxKKm35tWYK
+ IMRFO/ziASfwsVhpfyQsFixOYP8ON0Z6gJnOZmcchENLfi7GZqeDIgD+De1P0rS0dMDk
+ cLk8Ho/P5wtoCiwFC3K5nIwMgpeclkBNhXceQAGTLxAKRWKxhMaIxSKhUADEXMA9oD2h
+ EGKo4JQgFQhFEklmllSanS2TyWmJTJadLZVmZUokIqGAoAW3UAjxYQmrhFSCVAycMnlO
+ rkKhVKnUtESlUioUuTlyGfCKY7SgloA9/OzHfouhQqHy+EAKoECp1mi1eZiOpmB5Wq1G
+ DcSAC7R8HlG28WGTiVplc0CqJEuWowBOTFdQWFSs1xsMxoTHYNDri4sKC3QY8CpyZFkS
+ UMthE0/YcbGgFVAzeAKRRCpXqLVYfqHecNpkNuM4fpaGwDJms+m0QV+Yj2nVCrlUIhKA
+ 2TRWnCoArfBYcWOoSg1WUGw0mfHSsnPW8gqILcEh1ii3nisrxc0mY3EBplHGYLnwgMUR
+ mwxaM7h8oUSao9ToiowluMVabrtod1Q6nU5XwgOLVDrsF23lVgteYizSaZQ5UomQz80A
+ sUeL4EArD1DlSm2+3oRbztvsla6qmtr6hsbLNKSxob62pspVabedt+Amfb6WMCvkxRNL
+ sEIFiAFVk683l1ovOJzVdY1XWq62XnfTkuutV1uuNNZVOx0XrKVmfT5RBmIBiD1WBFAC
+ 6Rk8YaZModHpSywVdldtQ/M19+229o57Hk9nwuPx3Otob7vtvtbcUOuyV1hK9DqNQpZJ
+ iD1WBMkpsF+B1hw1VmQqrXBU1Te13mzr8HR5H/p6ev0JT2+P76G3y9PRdrO1qb7KUVFq
+ KsLUOSAW9q2jBUuUAFSrTKEtMOJWe1VDi/vO3ften7//ceBJkIY8CTzu9/u89+/ecbc0
+ VNmtuLFAq5ARFQtFcPijK8YqypKrseISywUXoLZ7vD19geDA8xehQRoSevF8IBjo6/F6
+ 2gHWdcFSUoyp5VmiuKzpHL5YmqvJN+LnHbVN7vbObn8g+Dw0NBx+HaEhr8PDQ6HnwYC/
+ u7Pd3VTrOI8b8zW5UjGfk37MKyudIyBKoNBksTkbW+94uh8FBkKvwpG378be05Cxd28j
+ 4VehgcCjbs+d1kanzWIqJIpAwIGH60gNsNhcYaZchRWbrZeqm2/efeAPDAyOREbHJyan
+ p2cSnunpyYnx0cjI4EDA/+DuzebqS1ZzMaaSZwq57DisPCGUq86Al1fWXWu77wPU8Jux
+ ianZuYWPiwnPx4W52amJsTdhgPXdb7tWV1mOG3RQsEJeHFbYBqS5pwpOl0IJuDu8fcGX
+ I2/GJ2fmF5c+L68kPMuflxbnZybH34y8DPZ5O9xQBKWnC07lSmEjOOYVtiyRlCjXsotV
+ V255fIFnQ5GxydmFT8tfVtfWE5611S/LnxZmJ8ciQ88CPs+tK1UXy4iClRIbwdF6BVYx
+ sBaZrfaalrYufzAUHp2YWVhaWVvf2NxKeDY31tdWlhZmJkbDoaC/q62lxm41FwGrOC4r
+ X5ytyINHy1F7td3b/3QoMj41D6gbW9+iNOTb1gbAzk+NR4ae9nvbr9Y64OHKU2SL+fG8
+ 8iXZSkx/pryyvrWj+/Gz4bcfZheXVze2otvfdxKe79vRrY3V5cXZD2+Hnz3u7mitryw/
+ o8eU2ZITWGUqTI9XOBuu3/MFXoRHJ+eWvnzdjG7v7NKQne3o5tcvS3OTo+EXAd+96w3O
+ ClyPqWQns8KWBaw3PD1PQq/fTS18Xt34Bqg/9hKeH7s72982Vj8vTL17HXrS47lBsBp0
+ v2VtdHt6g4OR8emPy2ub0e+Aup/w7P3Y/R7dXFv+OD0eGQz2emDTOokVvhJm8CUyVcxr
+ HNZ/Epx9ctZD/8Ukp6bB1wH42DKetbkuuzv94PX9zOLK+lZ0Z3dvP8Gk8Of393Z3olvr
+ K4sz78Grv9N92WU7a4QPLvhCkJaKWKm+A8grVXPk85BXcj9UR5FXqubI5yGv5H6ojiKv
+ VM2Rz0Neyf1QHUVeqZojn4e8kvuhOoq8UjVHPg95JfdDdRR5pWqOfB7ySu6H6ijyStUc
+ +TzkldwP1VHklao58nnIK7kfqqPIK1Vz5POQV3I/VEeRV6rmyOchr+R+qI4ir1TNkc9D
+ Xsn9UB1FXqmaI5+HvJL7oTr6f/XKoLM5Sb9h/ZvOPB1iZchZMuac0WPQ2UcGnSll0lld
+ 5pyBZjHobDmLzaAz+0zqhWBQj0kqg3p3iP4txvREMafXjEk9fMzqjWRSzynRIs2MXt4k
+ BvVIAyuTes+Z09NPiGXKXQnASlQBM+6gOIBlxt0eSUy6M+UAlhl30STFYGM35/z9d/xA
+ 1/TPG4mIK57+8ruTiBbvGG0KE+6kijWkM+aurxjtf8hATX9+EaCfkAFkABk4auBfMK1R
+ rQplbmRzdHJlYW0KZW5kb2JqCjU1IDAgb2JqCjE5MDUKZW5kb2JqCjQwIDAgb2JqCjw8
+ IC9MZW5ndGggNDEgMCBSIC9UeXBlIC9YT2JqZWN0IC9TdWJ0eXBlIC9JbWFnZSAvV2lk
+ dGggMzMyIC9IZWlnaHQgOTIgL0NvbG9yU3BhY2UKL0RldmljZUdyYXkgL0ludGVycG9s
+ YXRlIHRydWUgL0JpdHNQZXJDb21wb25lbnQgOCAvRmlsdGVyIC9GbGF0ZURlY29kZSA+
+ PgpzdHJlYW0KeAHtnftPWtkWx31NRV6CgigPBREoqAP4LlpDxWhw4BJb0dYaouWGjFZk
+ QupjSoYpM61Go1Nq67OtGANDirXqOPW2dW7uv3bXBrVFHvbY/tSzvz+hxmP2x7X22mef
+ tb8nIwMLE8AEMAFMABPABL5VAplYpwQu+j+GC2R9VDbJ9ZFEFoAhwvSYY3Z2Tk7Od1in
+ BABHdjbC+rk8Y/EIGOESl3Jzcykx5ZFYxwgAxiWAAkBjPM8LzyjJ7BhHCiWPSqXRaHQQ
+ g9RCBAAElZpHocR4IpznJDtCiUheQhxpdAaTycxnsdhYbBYrH2Aw6DTEE8ITBWdamKjc
+ REkCSAZQZBcUcjgcblFREY/UAgBcAFFYwAaiDIQT0UShmTLPY0EJMYlIstiFnCJecQmf
+ LxAIhSJSSygUCPj8kmJeEaeQzUI0UWxGQzMFzBOUeTRGPoDkFfMFIlGZWCwpl5Je5RKx
+ uEwkEvCLeYAzn0FDoZkGZiaaKnMpVDqTVcDhlQhEZRJphUyuuKxUqpAqSano0JXKywq5
+ rEIqKRMJSnicAhaTTqXkIpjJsxzCEqGk0ZlsICkslUjlCmVl1fdqjRZUQ2Kh8WvU31dV
+ KhVyqaRUCDTZTDoNwUwxZUIFh/qN8pvD45dKKhTKKrW2pq6+semK7kTNJNPJuHVXmhrr
+ 62q06iqlokJSygeYkOeQ5lDNk8yYkOGAkkrPL+AWC8VSuapaW9fQpLvaqr/WZgC1k1Zo
+ 9G3X9K1XdU0NddpqlVwqFhZzC/IhzRHMJFmeiTI8DxIcoZQpgWRTc+s1Q0ensctkMpv/
+ RWKZzSZTl7Gzw3CttbkJaCplCCakeR7K8kSWsbCkwVwJKOUqdW1ji97Q2WWyXL9h7e27
+ SXL19VpvXLeYujoN+pbGWrVKDjBhzoxleQJMxJJCZbA4PEBZqanX6duN5u6evv4B2+DQ
+ Hbvd/m/SCgZ/Z2jQNtDf19NtNrbrdfWaSoDJ47AYVEqyJIcUh8LDLODxxTKVpqGlrdN0
+ vbffNmh3DI+MOp1jYy7SamzM6RwdGXbYB239vddNnW0tDRqVTMznFaDATJLkEJa5VAab
+ U1IqVarrWwxGS88tm90x4vzJfW98corkmhy/5/7JOeKw2271WIyGlnq1UlpawmEzqLkQ
+ mGcqeTTFUVgKJfLqWl2b0WK9PeS463JP/Ozx/vrAR3I9+NXr+XnC7brrGLpttRjbdLXV
+ cokwGpiJSY5SPI/OgrCsUGkb9Z0W64B9eMw96fH6Hk7PzM6RXLMz0w99Xs+ke2zYPmC1
+ dOobtaoKCEwWPS8xyTOzIMWZ7CKBWFFd19Ju6rltH3aN3/f+Pj03/8dj/5NFUuuJ//Ef
+ 83PTv3vvj7uG7bd7TO0tddUKsaCIzYQkP7sqApZQeQqLRVKlplFv7L419KNr3ON7NLfg
+ f7q0srq6ukZiwfBXlp76F+Ye+Tzjrh+HbnUb9Y0apVRUXAjVJ4ElWhHRWBx+mayqttlg
+ ttocY4ByZt7/bGX9xcZGILBJYgUCGxsv1lee+ednAOaYw2Y1G5prq2RlfA4LWJ4tPlnZ
+ MF2yuQKJQt3Q2tHdb7/rvu+bWVhcWnu5uRUMhkJ/klihUDC4tflybWlxYcZ3333X3t/d
+ 0dqgVkgEXDZMmMlYMtg8oVSpbdJ39dgcrknvo/nF5eeBrVD4VSQS2SaxYPivwqGtwPPl
+ xflH3kmXw9bTpW/SKqVCHpuRhGUOlJ4CnqiiskZnMPUNjrg9v835l59vBsOR1zu7u3uk
+ 1u7uzutIOLj5fNk/95vHPTLYZzLoaiorRLAqoubmnFlgZuXkotJTKququ9ph6bc7J7zT
+ C8/WA8Hw9pu9vw5Ir7/23myHg4H1ZwvT3gmnvd/ScbWuSlaKik8SlhRaPqdELK+ub+3s
+ HnC4pnyz/pWXW+Ht3f2Dt4eHh/8hsWD4bw/2d7fDWy9X/LO+KZdjoLuztb5aLi7h5NMo
+ CXEJZTyfwxcr1LAiumEbdnsezj9d3wxFdvb/Pnz3nvR6d/j3/k4ktLn+dP6hxz1suwGr
+ IrVCzEcsvzub42hJxOVLLquh9FgHR+79Mr2w9GIr/Hrv4PD9h6Ojf0ito6MP7w8P9l6H
+ t14sLUz/cm9k0ArFR31ZwueiRVEiSzqLKyhXaq60/WAdGh33zjxe3gi+2tl/++4D4vhf
+ EguN/8O7t/s7r4Iby49nvOOjQ9Yf2q5olOUCLouelCXcQZYrtVDGe++MTjyY9a9uBCNv
+ ICyPPoL8H8l0GkD/HEFgvokEN1b9sw8mRu/0QiHXAssidiqWQqkKseyzOycRy0AosvsJ
+ S5JxPB5uDGeU5W4kFEAsJ512tCjSqqTC81iab9rHpnxzTzBLhPMsyydzvqkx+03zF7Ak
+ Z1DGRg04P8YlZvlFoYBZfhG+uF/+uizjLk3CL4jkONoKprOLYnU8Se0hIb64IZ/DMu4J
+ eSZsBcOWm0iqgm2iY5aLa5uhbXTbA8vLuAuT8AsoPujGZzu0ubZ4WsdrVFIRbLrBZjBm
+ SSAmCLHEOZ6WLJEcz8Asv4RlfLPBOSzJPWN+3TURZon2NqL34/i+J20Gn/fDrx2XcL3z
+ /uS3+XMYOOii9+N4z+3TqDjL8nP33PBe8KcU4XMM5ElcEtgLxs8oTtHFfyD+jAI/O0PM
+ korwszP8TDfNk2tCz3RzcK9Bym4Kor0GuAcmbZ8PsR4Y3JuVuv2MYG8W9F/insEUfZFE
+ ewZxL2vqZl3Cvay4xzplFznBHmvc+5/mbAPB3n98JiXdoRuiZ1LwWak058EInpVCh1Lw
+ Gb4UZxUJneHLwGdL0x2fJXS2NAOfeU55ppvwmWd8Fj+l18AFzuJHXWCwR0RSNwxiHhEo
+ ybF3SXKDFqLeJcASe+oktw0i7qmTgb2eEo2sLuj1BIGJPciSG60R9yBDWY698RL8/y7k
+ jYcCE2BeomDPxkSLSqKejacwsZfoGedU4l6iGQgmzJkoNLHH7aemvhfwuAWYsTwHmth7
+ Od5wmrD3cgxm1MkavNWxJ/iJEfqFPMGhwRWFJipCMY917FUPHv0X9KqPdgvjdyicvjYh
+ 7gPhdygc914f80QxCiL5qz2Qy/+JPvddFPE97CcxCr+NhQgkwYO/hQlgApgAJoAJYALf
+ CIH/A4keoYwKZW5kc3RyZWFtCmVuZG9iago0MSAwIG9iagoyMzQ1CmVuZG9iagozNiAw
+ IG9iago8PCAvTGVuZ3RoIDM3IDAgUiAvVHlwZSAvWE9iamVjdCAvU3VidHlwZSAvSW1h
+ Z2UgL1dpZHRoIDEwMCAvSGVpZ2h0IDEwMCAvQ29sb3JTcGFjZQovRGV2aWNlR3JheSAv
+ SW50ZXJwb2xhdGUgdHJ1ZSAvQml0c1BlckNvbXBvbmVudCA4IC9GaWx0ZXIgL0ZsYXRl
+ RGVjb2RlID4+CnN0cmVhbQp4Ae2a+VNS+xvHta5rSqAoAiKyuCAYIV5JuS6FMmpwXcYV
+ xxgueo3BNfNKloxrenHMpXFJS/OmmRhJmVt1p3/t+zzngFpxbbvH+c6dnh9Y1Dkv3+/3
+ 8xzO+Xzw8/tRPxz4bzvgj3XmsIi3/6Zi78HPQv0Ehc8kzd//3+CQ/z0eOwAq0FP4GllA
+ gj/4Pg6h4CwePjAoODg4JCQkFAqe4E1QIIJIzLdTkIAAPH5I6LlzYeHhNKLCw8POnQsF
+ EHIQ861avAQAhMLhaefpDAYjgih4QT9PA1AoYL6d4iGAhBAE0BkRTGZUNMtT0VFMZgSD
+ jpgQFPNNWjwuBYEEBEQyo1lsDjeWx+PFxcFDLJfDZkUzIxEDYrxaviYWjwjUEE4DBdEx
+ HC6PHy8QicREiUSCeD6Py4mJBjVAAS1fKwURPwUEoks0kMBic3nxQlFCUrIkRSqDkqZI
+ kpMSRMJ4HpfNAjE0dAwM+4rsAQHdFAg20egRTBYnli8QJ0qksgtyRZpSmZ6uVKYp5Bdk
+ UkmiWMCP5bCYEXQaGEak8oUNRkYRFIwiCIIwIVmaejEtPUOVmaX+BUqdlanKSE+7mCpN
+ ThASFJTi9esLQkFEQEAQJEGPiIrh8oUJEpk87WdVVnZu3hVNfoFWW5CvuZKXm52l+jlN
+ LpMAhRsTFUGHVCB6nJXPQtAoIgpCBE8gTpbJlQDI02gLi3X6EqL0uuJCrSYPMEq5LFks
+ 4IFhDBoRytkvmEdEBEDaiODyRUlSIKhzNdpifWl5ZXVNraGuzlBbU11ZXqov1mpy1UCR
+ Jon4XA8ElXxOCBE3iYiJjRdLUhUqdV5+ka60oqau3mgymxuhzGaTsb6upqJUV5Sfp1Yp
+ UiXi+NgYUgn28MkQomkhCxojis0TJKbI0zNzNIX68irDNVNDk8Xa0toG1dpitTQ1mK4Z
+ qsr1hZqczHR5SqKAx45Cu2BQTo7kA4QwUabIUF/W6sqq6ozmJmtrR2dXt81265bN1t3V
+ 2dFqbTIb66rKdNrL6gyFLFF4CDk5dzJvzILNEybJFKpsTVFJpcHYYGnpuGnruWPv6x+A
+ 6u+z3+mx3exosTQYDZUlRZpslUKWBBC0C+bkJLdQRmDwuXAGMwYRaZdyCq6WVdebrzff
+ +KOnt29weGTUQdToyPBgX2/PHzear5vrq8uuFuRcSkMIZBIOkJPcQhlBoWH0SFasIBEQ
+ uVpdea2x0dre1WMfuPvn2PjE5DRRkxPjY3/eHbD3dLVbG4215TptLkASBbGsSHpYaNAJ
+ QrxORbC48ZAFIPQVdaamlk6bfWDEMT45PTM7P/8Aan5+dmZ6ctwxMmC3dbY0meoq9ACB
+ TOK5rIiT3fKHE2EwthSHL05RqHIQ8Zulret2/13HvemZuYXFR0vLj6GWlx4tLszNTN9z
+ 3O2/3dVm+Q0hOSpFipjPweYKht7y3b+EUyFhdAhDJJFnZBfoENHe3Ts4Oj41M7+49Hjl
+ yeraU6i11Scrj5cW52emxkcHe7vbEaIryM6QS0QQCT0MGvgfYvfIQKeSUtPVmqvlgOiw
+ 2YccE/eBsLL6dH3D6dyEcjo31p+urgDl/oRjyG7rAEj5VY06PTXJ49Y/CcHAUQY7TixV
+ ZF4uKqs1WdoRMTmzAIT1jU2X68WWG2rrhcu1ubEOlIWZSYS0W0y1ZUWXMxVScRzbK8TH
+ qRGtgjQiWLHCZDmEUVJtbGrrtg+NTc0uLq+uO5+73O5X25565Xa7njvXV5cXZ6fGhuzd
+ bU3G6hKIRJ4sjCVi920WWBWIMjj8BJlSrdFV1je2dPUOOabmHq6sPtt0AeD1zu7u7t4e
+ POy83n7ldm0+W115ODflGOrtammsr9Rp1EpZAp+DQmBGfKR+JEMiV+UVlhnM1s7bg47J
+ 2Ycraxsu98vtnd29/QNP7e/t7my/dLs21lYezk46Bm93Ws2GssI8lVxyJOQTs0irzjPZ
+ hIx8fZXxerutf3RiZnFlzelyAwEAb96+ffvuHTy8OTjYB4rb5VxbWZyZGO23tV83Vunz
+ CSFs5nloXx+dRVgVzojmCiCN3MLyOnNzl314/P7C8iqo2N7dQ8K7w0LK3i5ANlaXF+6P
+ D9u7ms115YW5kIiAG80I92mW/xlMPJLFE6UosjS6KqPlRs+AY2p+6ckzEkES/iYKUUAh
+ IM+eLM1POQZ6bliMVTpNliJFxGNF4hx+GggRByQen5ianq0tNaCMkXvg1Prm1vbOHimC
+ JOCjB7KzvbW5Dm7dG0EhhlJtdnpqYjykTpj1cSDYVV6r8oorrjV1gIzp+SVw6uXrTxCH
+ kNcvwa2l+WkQ0tF0raIYUj8yywcjFIaDtEpfbbLe7B0eRxnPIYx9wqgjFYdK9iGS5yhk
+ fLj3ptVUrfeYFUELhe79iAFxBEEcMXEJMsKqhtbuvtHJOUIGOIVpf4gglRzs7RBC5iZH
+ +7pbGwizZAlxMRBI0CeBEJGfxzguZEBX1f/e0TM4Nv3g8VPn1vbuwZtjiPfvvTD44ZuD
+ 3e0t59PHD6bHBns6fq+Hzsq4gIFg934cOjLC6FEc7Ny84kqjpfOO1ypIA2R4D/weyvsa
+ mutg77XXrDudFmMlGQgnih7mgwEnqzBGdKxQosi8oqsyWaGrJmYfQeO+3NkHhvewiDgG
+ eXuwD2Y9e/JodgI6y2qq0l3JVMCoRzOAcfajs4n/2QBoK2/kNeZmjAO6yvniFST+oYxj
+ jHdv9ndfvXBCZ2EgzeYab+gwhT4Y2LrAkKap83+tNbfa+mEAl9eIOA5lkCqOKQGzMJC1
+ ZRjDflurufbXfHWaFKYQJ/1THYEh2LpiqVJdUGJoaAMGRP4h4wjhleJlQOjAaGswlBSo
+ lVIxD87vJzBkyl+A0dh2CyYQ2moTpsMbx3GEB0Iw3JvYWI6BW22NwPhFKft/YFDsFfWZ
+ n0bvnsIMnsa5BD8GqT8nUn5u94PPQao/o5BB/WctXolSfM1wGtc+p3MNh2ZRey3qdwrX
+ 1H6ncW9wGvc4aBbV92poFl66U3rP+fl757+O7p3/+rZ7Z68QKtcAgIGrfKRbVK1lEJBj
+ azKZX7Mmk/llazLAgLMvxWtLh25RuEaGQnBIyOVEitb6CLcOIdSsWfqhWzCJxPIuVWuv
+ BITqNWS/01gLJ3PHTKhb00e3MBNfexOXjvYmLn3X3gRAiOB97LFcPNpjufh9eywEhOq9
+ IhJC+EXdnhesc5ChQCqU7d0hhKRQuQd5RAEtVO2l4rqQRwuFe8JeCk4LdXvbJAWCOUPl
+ Hj1SSM/wuwVUfdeApCCH/NYBsqCIt97f/Xj+4cB/1YH/AcZ8jSMKZW5kc3RyZWFtCmVu
+ ZG9iagozNyAwIG9iagoyNDY5CmVuZG9iago0OCAwIG9iago8PCAvTGVuZ3RoIDQ5IDAg
+ UiAvVHlwZSAvWE9iamVjdCAvU3VidHlwZSAvSW1hZ2UgL1dpZHRoIDcxOCAvSGVpZ2h0
+ IDU5NiAvQ29sb3JTcGFjZQovRGV2aWNlR3JheSAvSW50ZXJwb2xhdGUgdHJ1ZSAvQml0
+ c1BlckNvbXBvbmVudCA4IC9GaWx0ZXIgL0ZsYXRlRGVjb2RlID4+CnN0cmVhbQp4Ae2a
+ +1cVZKKGS1DuV7nJRZCbbkARRVHUhDDyrpEmaZpGMmkoyURyMk1TI03zUo6YhZe8LC1T
+ F5NOJ13nXzvfxmbNGcVp3vPLftes5/uh1Q+vq9fnffrWtze88AIHAhCAAAQgAAEIQAAC
+ EIAABCAAAQj8JxF4kQMBRwLa/2ThbzDuHyeOAwETAv+wMjj670j9xOTQPj5+PAcCfgTi
+ 4+Pj4qJe/6HRoy4/EXlCQkLik5PEgUDsCfxuY0LChAnhf7H434V+/g39u8vjx08IIicl
+ J6ekpKSmpqZxIOBAILgYjExJTkpMTAhCj97Qz39wRGWOC++LoHIQOTUtPT0jMzOLAwEX
+ ApmZGenp6WmpUaOD0KP383Pez6Myh3s56nJaekZWVvbEnJzc3Ly8fA4EDAjk5eXm5EzM
+ zsrKiAodfH7y3hhb5+jNHL2Yoy5nBpPz8gsmFRYWFReXcCAQewLFxUWFhZMK8oPT2UHo
+ lOS/X89j6Twqc3gwp6QGl4PKweOS0rKyKeUVHAg4ECgvn1JWOrmkqLAgP2diVnpauJ7D
+ ayN8tzHGJ8EXo2/mhKRwMWdNzCsoDCaXV1RVT50WidTU1HIgEFsCNTWRSGRadXVlxZTS
+ kqJJ+TlZGU90Dt9tPKtzuJqDzIkpaRlZOfmFJWXlldWRmrrp9fUNDQ2zOBCINYHg4cz6
+ GXW1kalVFWUlRQW52ZlRnaMfBceyOS58AEwelbmotLxqWu30+obZc+Y2zW8OZwEHArEk
+ EJVw/rymOY2zZs6oi1RXlBVPCjqnpyQlRN8azzw1XgxXc2JyanpWTkFRacXU2hkNjU3z
+ Fyxa3NLa1ta2hAOB2BIIFr7c0rJoYXNT46z6ukhVWUnQOTw2wtP52cs5vJrD1ZwSZM4v
+ KquMTG9onLdgceuS9qXLVqxctZoDgVgTWLVy5fJl7a+83LKoee6s+prqUZ3TU8PlPLbN
+ 4Z2RGWQurYzUz25a2NL26vJVazpeX/9GJwcCsSewYf26jrWrVyx9pXXR/Mb6mqqy4oKc
+ rPRwOcc/83AOD43o1ZydV1haEZnR2Lx4ybKVr63r3LR5y9Z3urre5UAgtgS6ut7Z9vaW
+ TZ3rO1Yvb29ZMHdm0Lkof2Lmk8v5qYfzi+PCt3Phai4oKZ86fXZzS/uKtevf3Ly1q3vH
+ +z27dvdyIBBbArt39by/40/vbtuy6Y2OVUtfXjinPlIxuTA3ejmHp8ZTNodnc/TVnFdY
+ VlXb0LS4fWVH51vbtu/o6e37sH/vAAcCsSaw96P+vg927ezu2vLmutVLW5tnT6+eUpw/
+ MWpz/Jg2Z0zMLymfNqNx4ZIg85auHbv29A/s23/g4CEOBGJN4OCnB/b910d9u3du37px
+ 3ar2l5pmhst5Uk54ajz7cB4XNyEpNTNnUmllbcO8lmVrO7e8u7O3f2D/wcNHB48d50Ag
+ 1gSODX5+5NCBj/v39HRv3dixoq15dl11WVFeVlpywvinPwaGD4FJadGHRvX0xgVtq9a/
+ 1bXzg/59B48MHj956vRZDgRiTeD0qZNffnH00CcDfT3db3euaX9pbv208pL87PSUsWxO
+ SE7Pzi8un1bf9NKrr7257b3e/n2HPj/+1Zlvzg0NXeBAILYEhob+cu7sqS8HPzsw0Pd+
+ 16bXl7fOb6ipnFww+nB+9m5OSEkPz+aKmob5rcvXbd7eE2QePHH6m/Pffjd86TIHArEl
+ cGn4+4tD586c/OLw/o9639u6YVXbgvDUKC3MyYh+qfHUb2qMiw9faeRMmlxVNzs8NDq3
+ 7tgz8OnnJ86cu/D95avXrt/gQCC2BK5fu3pl+OL5sycHD+37c0/XxrXti+bMmFpWGD4G
+ jmFz+IIuIyf6bJ6zqH3Nxq6e/k8OHz997tvhK9dv3rr9IwcCsSVw+9bNGz9cunj+zImj
+ B/b2dm/uWNbSVB+ZUpSblTa2zZnB5qn1TYuXdmzu7h04OPjVNxeGr964/eOdu/c4EIgt
+ gbt3frp989rli+dOHftsX9+Ot9evaJ0XvqMrDl9qJE545qUxPjE1M7dwSvgQ2LLs9S07
+ +j4+fPzM+e+DzHfu3R/hQCDWBO7f+/nHmz8MD3194uj+/p5tG1a2NTfUVJTkZ6UljWlz
+ Vm5ReWTm/NYV67fu/PCToye//vby9Vt37o388uAhBwKxJfDgl5H7P9++cSVczoOf7t3V
+ 1bl6yYJZtZXRr+ieY3NecXmkoblt5Rvv9PQfGPzq3HdXb/50d+SXh79yIBBrAg8fjNy7
+ c+va8NDp44cGerdvXPPKwtl1lZP/lc3hC7pg84auXXsPHjt1fvjarTv3g8y/PeJAILYE
+ fvv1bw9G7t6+funC2S8Pf/xB96Y17Ysa66r+2OZVnV27Bw4dPzN06frtuyMPgsyPORCI
+ LYFHv/368K/3frp55eLXJ47s29O9KXxF9zybwy+EJqZm5RWP3s1j2Pw/HAjEksDjx48E
+ m+PGh1/TCD8KrJ21YMnqznd7w9189sLlGz/eG3n466PHsfx78N+GQCDw+NF//+2X+3fC
+ 3fzNySP7+v701muvLmqcXl0afrSdnPDUr4S+iM04Y00Am63noZxEAJslXIStCWCz9TyU
+ kwhgs4SLsDUBbLaeh3ISAWyWcBG2JoDN1vNQTiKAzRIuwtYEsNl6HspJBLBZwkXYmgA2
+ W89DOYkANku4CFsTwGbreSgnEcBmCRdhawLYbD0P5SQC2CzhImxNAJut56GcRACbJVyE
+ rQlgs/U8lJMIYLOEi7A1AWy2nodyEgFslnARtiaAzdbzUE4igM0SLsLWBLDZeh7KSQSw
+ WcJF2JoANlvPQzmJADZLuAhbE8Bm63koJxHAZgkXYWsC2Gw9D+UkAtgs4SJsTQCbreeh
+ nEQAmyVchK0JYLP1PJSTCGCzhIuwNQFstp6HchIBbJZwEbYmgM3W81BOIoDNEi7C1gSw
+ 2XoeykkEsFnCRdiaADZbz0M5iQA2S7gIWxPAZut5KCcRwGYJF2FrAthsPQ/lJALYLOEi
+ bE0Am63noZxEAJslXIStCWCz9TyUkwhgs4SLsDUBbLaeh3ISAWyWcBG2JoDN1vNQTiKA
+ zRIuwtYEsNl6HspJBLBZwkXYmgA2W89DOYkANku4CFsTwGbreSgnEcBmCRdhawLYbD0P
+ 5SQC2CzhImxNAJut56GcRACbJVyErQlgs/U8lJMIYLOEi7A1AWy2nodyEgFslnARtiaA
+ zdbzUE4igM0SLsLWBLDZeh7KSQSwWcJF2JoANlvPQzmJADZLuAhbE8Bm63koJxHAZgkX
+ YWsC2Gw9D+UkAtgs4SJsTQCbreehnEQAmyVchK0JYLP1PJSTCGCzhIuwNQFstp6HchIB
+ bJZwEbYmgM3W81BOIoDNEi7C1gSw2XoeykkEsFnCRdiaADZbz0M5iQA2S7gIWxPAZut5
+ KCcRwGYJF2FrAthsPQ/lJALYLOEibE0Am63noZxEAJslXIStCWCz9TyUkwhgs4SLsDUB
+ bLaeh3ISAWyWcBG2JoDN1vNQTiKAzRIuwtYEsNl6HspJBLBZwkXYmgA2W89DOYkANku4
+ CFsTwGbreSgnEcBmCRdhawLYbD0P5SQC2CzhImxNAJut56GcRACbJVyErQlgs/U8lJMI
+ YLOEi7A1AWy2nodyEgFslnARtiaAzdbzUE4igM0SLsLWBLDZeh7KSQSwWcJF2JoANlvP
+ QzmJADZLuAhbE8Bm63koJxHAZgkXYWsC2Gw9D+UkAtgs4SJsTQCbreehnEQAmyVchK0J
+ YLP1PJSTCGCzhIuwNQFstp6HchIBbJZwEbYmgM3W81BOIoDNEi7C1gSw2XoeykkEsFnC
+ RdiaADZbz0M5iQA2S7gIWxPAZut5KCcRwGYJF2FrAthsPQ/lJALYLOEibE0Am63noZxE
+ AJslXIStCWCz9TyUkwhgs4SLsDUBbLaeh3ISAWyWcBG2JoDN1vNQTiKAzRIuwtYEsNl6
+ HspJBLBZwkXYmgA2W89DOYkANku4CFsTwGbreSgnEcBmCRdhawLYbD0P5SQC2CzhImxN
+ AJut56GcRACbJVyErQlgs/U8lJMIYLOEi7A1AWy2nodyEgFslnARtiaAzdbzUE4igM0S
+ LsLWBLDZeh7KSQSwWcJF2JoANlvPQzmJADZLuAhbE8Bm63koJxHAZgkXYWsC2Gw9D+Uk
+ Atgs4SJsTQCbreehnEQAmyVchK0JYLP1PJSTCGCzhIuwNQFstp6HchIBbJZwEbYmgM3W
+ 81BOIoDNEi7C1gSw2XoeykkEsFnCRdiaADZbz0M5iQA2S7gIWxPAZut5KCcRwGYJF2Fr
+ AthsPQ/lJALYLOEibE0Am63noZxEAJslXIStCWCz9TyUkwhgs4SLsDUBbLaeh3ISAWyW
+ cBG2JoDN1vNQTiKAzRIuwtYEsNl6HspJBLBZwkXYmgA2W89DOYkANku4CFsTwGbreSgn
+ EcBmCRdhawLYbD0P5SQC2CzhImxNAJut56GcRACbJVyErQlgs/U8lJMIYLOEi7A1AWy2
+ nodyEgFslnARtiaAzdbzUE4igM0SLsLWBLDZeh7KSQSwWcJF2JoANlvPQzmJADZLuAhb
+ E8Bm63koJxHAZgkXYWsC2Gw9D+UkAtgs4SJsTQCbreehnEQAmyVchK0JYLP1PJSTCGCz
+ hIuwNQFstp6HchIBbJZwEbYmgM3W81BOIoDNEi7C1gSw2XoeykkEsFnCRdiaADZbz0M5
+ iQA2S7gIWxPAZut5KCcRwGYJF2FrAthsPQ/lJALYLOEibE0Am63noZxEAJslXIStCWCz
+ 9TyUkwhgs4SLsDUBbLaeh3ISAWyWcBG2JoDN1vNQTiKAzRIuwtYEsNl6HspJBLBZwkXY
+ mgA2W89DOYkANku4CFsTwGbreSgnEcBmCRdhawLYbD0P5SQC2CzhImxNAJut56GcRACb
+ JVyErQlgs/U8lJMIYLOEi7A1AWy2nodyEgFslnARtiaAzdbzUE4igM0SLsLWBLDZeh7K
+ SQSwWcJF2JoANlvPQzmJADZLuAhbE8Bm63koJxHAZgkXYWsC2Gw9D+UkAtgs4SJsTQCb
+ reehnEQAmyVchK0JYLP1PJSTCGCzhIuwNQFstp6HchIBbJZwEbYmgM3W81BOIoDNEi7C
+ 1gSw2XoeykkEsFnCRdiaADZbz0M5iQA2S7gIWxPAZut5KCcRwGYJF2FrAthsPQ/lJALY
+ LOEibE0Am63noZxEAJslXIStCWCz9TyUkwhgs4SLsDUBbLaeh3ISAWyWcBG2JoDN1vNQ
+ TiKAzRIuwtYEsNl6HspJBLBZwkXYmgA2W89DOYkANku4CFsTwGbreSgnEcBmCRdhawLY
+ bD0P5SQC2CzhImxNAJut56GcRACbJVyErQlgs/U8lJMIYLOEi7A1AWy2nodyEgFslnAR
+ tiaAzdbzUE4igM0SLsLWBLDZeh7KSQSwWcJF2JoANlvPQzmJADZLuAhbE8Bm63koJxHA
+ ZgkXYWsC2Gw9D+UkAtgs4SJsTQCbreehnEQAmyVchK0JYLP1PJSTCGCzhIuwNQFstp6H
+ chIBbJZwEbYmgM3W81BOIoDNEi7C1gSw2XoeykkEsFnCRdiaADZbz0M5iQA2S7gIWxPA
+ Zut5KCcRwGYJF2FrAthsPQ/lJALYLOEibE0Am63noZxEAJslXIStCWCz9TyUkwhgs4SL
+ sDUBbLaeh3ISAWyWcBG2JoDN1vNQTiKAzRIuwtYEsNl6HspJBLBZwkXYmgA2W89DOYkA
+ Nku4CFsTwGbreSgnEcBmCRdhawLYbD0P5SQC2CzhImxNAJut56GcRACbJVyErQlgs/U8
+ lJMIYLOEi7A1AWy2nodyEgFslnARtiaAzdbzUE4igM0SLsLWBLDZeh7KSQSwWcJF2JoA
+ NlvPQzmJADZLuAhbE8Bm63koJxHAZgkXYWsC2Gw9D+UkAtgs4SJsTQCbreehnEQAmyVc
+ hK0JYLP1PJSTCGCzhIuwNQFstp6HchIBbJZwEbYmgM3W81BOIoDNEi7C1gSw2XoeykkE
+ sFnCRdiaADZbz0M5iQA2S7gIWxPAZut5KCcRwGYJF2FrAthsPQ/lJALYLOEibE0Am63n
+ oZxEAJslXIStCWCz9TyUkwhgs4SLsDUBbLaeh3ISAWyWcBG2JoDN1vNQTiKAzRIuwtYE
+ sNl6HspJBLBZwkXYmgA2W89DOYkANku4CFsTwGbreSgnEcBmCRdhawLYbD0P5SQC2Czh
+ ImxNAJut56GcRACbJVyErQlgs/U8lJMIYLOEi7A1AWy2nodyEgFslnARtiaAzdbzUE4i
+ gM0SLsLWBLDZeh7KSQSwWcJF2JoANlvPQzmJADZLuAhbE8Bm63koJxHAZgkXYWsC2Gw9
+ D+UkAtgs4SJsTQCbreehnEQAmyVchK0JYLP1PJSTCGCzhIuwNQFstp6HchIBbJZwEbYm
+ gM3W81BOIoDNEi7C1gSw2XoeykkEsFnCRdiaADZbz0M5iQA2S7gIWxPAZut5KCcRwGYJ
+ F2FrAthsPQ/lJALYLOEibE0Am63noZxEAJslXIStCWCz9TyUkwhgs4SLsDUBbLaeh3IS
+ AWyWcBG2JoDN1vNQTiKAzRIuwtYEsNl6HspJBLBZwkXYmgA2W89DOYkANku4CFsTwGbr
+ eSgnEcBmCRdhawLYbD0P5SQC2CzhImxNAJut56GcRACbJVyErQlgs/U8lJMIYLOEi7A1
+ AWy2nodyEgFslnARtiaAzdbzUE4igM0SLsLWBLDZeh7KSQSwWcJF2JoANlvPQzmJADZL
+ uAhbE8Bm63koJxHAZgkXYWsC2Gw9D+UkAtgs4SJsTQCbreehnEQAmyVchK0JYLP1PJST
+ CGCzhIuwNQFstp6HchIBbJZwEbYmgM3W81BOIoDNEi7C1gSw2XoeykkEsFnCRdiaADZb
+ z0M5iQA2S7gIWxPAZut5KCcRwGYJF2FrAthsPQ/lJALYLOEibE0Am63noZxEAJslXISt
+ CWCz9TyUkwhgs4SLsDUBbLaeh3ISAWyWcBG2JoDN1vNQTiKAzRIuwtYEsNl6HspJBLBZ
+ wkXYmgA2W89DOYkANku4CFsTwGbreSgnEcBmCRdhawLYbD0P5SQC2CzhImxNAJut56Gc
+ RACbJVyErQlgs/U8lJMIYLOEi7A1AWy2nodyEgFslnARtiaAzdbzUE4igM0SLsLWBLDZ
+ eh7KSQSwWcJF2JoANlvPQzmJADZLuAhbE8Bm63koJxHAZgkXYWsC2Gw9D+UkAtgs4SJs
+ TQCbreehnEQAmyVchK0JYLP1PJSTCGCzhIuwNQFstp6HchIBbJZwEbYmINk8bnxialZe
+ cUVNQ3Pbqs6u3QOHjp8ZunT99t2RB7/+9uix9V+Ucv/5BB4/fvTrw7/e++nmlYtfnziy
+ b0/3prXtixrrqibnZ6cnTYh78YV/On9g82MOBGJK4NFv/0+bV27o2rX34LFT54ev3bpz
+ /5eH4XLmQCC2BH779W8PRu7evn7pwtkvD3/8QfemNX98N5dHwktj5Rvv9PQfGPzq3HdX
+ b/50dyTozIFArAk8fDBy786ta8NDp48fGujdvnHNKwtn11X+i5dGblF5ZOb81hXrt+78
+ 8JOjJ7/+9vL1W3fujfzy4CEHArEl8OCXkfs/375x5eK5U4Of7t3V1bl6yYJZtZUlz303
+ Z+YWTplW39Sy7PUtO/o+Pnz8zPnvr964fefe/REOBGJN4P69n3+8+cPw0Ncnju7v79m2
+ YWVbc0NNRUl+VtqYnwJTMnMKy6bWNy1e2rG5u3fg4OBX31wYDjr/eOfuPQ4EYkvg7p2f
+ bt+8djlczcc+29e34+31K1rnzYxUFOdlpSWO9Z1GSkawuXr6nEXtazZ29fR/cvj46XPf
+ Dl+5fvPW7R85EIgtgdu3bt744dLF82dOHD2wt7d7c8eylqb6yJSi3GDz+Ge+oYtPTEnP
+ mTS5qm72gvCF89YdewY+/fzEmXMXvr989dr1GxwIxJbA9WtXrwxfPH/25OChfX/u6doY
+ vm6eM2NqWWFOZupYNiekpE/MLwk/Ppnfunzd5u09/fsODZ44/c35b78bvnSZA4HYErg0
+ /P3FoXNnTn5xeP9Hve9t3bCqbcHsuurSwpyMlDFtTk7Pzi8uDx8DX3r1tTe3vdcbdP78
+ +Fdnvjk3NHSBA4HYEhga+su5s6e+HPzswEDf+12bXl/eOr+hpnJywcT0YPO4p38WGD8h
+ KS0rL/pwbgxPjfVvde38oH/fwSODx0+eOn2WA4FYEzh96uSXXxw99MlAX0/3251r2l+a
+ Wz+tPPoFXUrCszbHTUhKzcyZVFpZ2zCvZdnazi3v7uztH9h/8PDRwWPHORCINYFjg58f
+ OXTg4/49Pd1bN3asaGsOD42yovCVRvJYNo9PTMkID+fyaTMaFy5Z2dG5pWvHrj39A/v2
+ Hzh4iAOBWBM4+OmBff/1Ud/undu3bly3qv2lpvD93ORJ4UNg0oT4Z14accHm9OhTo6q2
+ oWlxe9D5rW3bd/T09n3Yv3eAA4FYE9j7UX/fB7t2dndteXPd6qWtzbOnV08pzh99NseP
+ +6ffoHvhhRfHjU9ISsvMKSgpnzp9dnNL+4q169/cvLWre8f7Pbt293IgEFsCu3f1vL/j
+ T+9u27LpjY5VS19eOKc+XM2FuVnRD4Fxz9ocPyFcztl5haUVkRmNzYuXLFv52rrOTZu3
+ bH2nq+tdDgRiS6Cr651tb2/Z1Lm+Y/Xy9pYFc2fWVJUV5U8MD42EsWwOT43kcDnnF5VW
+ RupnNy1saXt1+ao1Ha+vf6OTA4HYE9iwfl3H2tUrlr7Sumh+Y32QubggJ3o1P/tsDi+N
+ uPHRyzkr6FxWGZne0DhvweLWJe1Ll61YuWo1BwKxJrBq5crly9pfebllUfPcWfU11WUl
+ k3Kz059czU993Rx9OMeHyzk16FxQVFoxtXZGQ2PT/AWLFre0trW1LeFAILYEgoUvt7Qs
+ Wtjc1Dirvi5SNSpzRlq4msNDYwybo5dzclpG9HYuLa+aVju9vmH2nLlN85vDWcCBQCwJ
+ RCWcP69pTuOsmTPqItUVZcXhZs5MTwmv5vhxT38IjN7N4XJOSEwZ1bmwpKy8sjpSUze9
+ vr6hoWEWBwKxJhA8nFk/o642MrWqoqykqCDInJaSlDg+foyrOapzXNA5KSUtPWtiXkFh
+ SWlZeUVV9dRpkUhNTS0HArElUFMTiUSmVVdXVkwpLSmalJ+TFZ4ZSaPvjGcfGqOXc3hr
+ hNs5NT0zOycvv7CoOBhdNqW8ggMBBwLl5VPKSieXFBUW5OdMzEp/InN4Zzzzao7+LCW8
+ NeLGh8dGcrieM7MnBqELJhUGp4tLOBCIPYHi4qLCwkkF+Xm5OdlZGekpyYkJE6LvjOfY
+ /ETnCYmjPmdkZQWjc3Jz8/LyORAwIJAXPM6ZmJ0VVE5LDa+MhPHPlzlczlGd46PXc/A5
+ JTUtPT0jMzOLAwEXApmZGenpUZWTg8tPLuaxb+bRt0bQedTn8HxOTEoOSqekpqamcSDg
+ QCC4GIyMmhxVOdzL0VfGmI/m338JKXo9B5/DBR0+EAalR08SBwKxJ/C7jQkJE4LKo2+M
+ P5A5+lkw6vO4uLgnSoc/xoGAFYH4+NFbOaryv7qYf7+fg9CjRketDieIzYGABYEnRkb/
+ +e+Z/HejR2/p8Ec4EHAj8H8c5V8hAAEIQAACEIAABCAAAQhAAAIQgMB/AoH/Bag8DQgK
+ ZW5kc3RyZWFtCmVuZG9iago0OSAwIG9iago3MjQ1CmVuZG9iago1MCAwIG9iago8PCAv
+ TGVuZ3RoIDUxIDAgUiAvVHlwZSAvWE9iamVjdCAvU3VidHlwZSAvSW1hZ2UgL1dpZHRo
+ IDE0NCAvSGVpZ2h0IDgwIC9Db2xvclNwYWNlCi9EZXZpY2VHcmF5IC9JbnRlcnBvbGF0
+ ZSB0cnVlIC9CaXRzUGVyQ29tcG9uZW50IDggL0ZpbHRlciAvRmxhdGVEZWNvZGUgPj4K
+ c3RyZWFtCngB7ZrpTxprFMZdUGQHRVCWgoMbINKpWFS0QCDu1t1iq0ZFTbEo1UgkdSnG
+ WiJxbSUucatxiVqihqgx1dx/7Z7B3jRVrPcm02Zu4vOJT+/8eM4577zznhMW9qAHBx4c
+ +PMOhP9G/ad/AxwRPxSJq36sGwGP+RdY1yzAQCJF/TaRSPAADO0+pCDNNUo0mRxzLQpu
+ +r4gmRwNfxWg7iH6ThMVFQ0oFCqVRqPR6XQGjoLlYFEqlRITgzH9mgjDiYQoAQyg0BlM
+ JovN5uAsNpvFZDKAigpI10R3BC2IA95gNAwmi8OJjeNy4+N5PD5u4vHi47ncuFgOh8Vk
+ YETgEQQtNBDmDmYORsMGFh4/IVEgEIpEYtwkEgkFgsQEPg+Y2EEisAgDClFoQRxIHBod
+ aAAGSMQSqTQJkeEoJEkqlYiBCpCAiE7D0ig0UDiWO2QKmMOJ4yUIgAWRpaSmpcvlCoUS
+ FykUcnl6WmqKDAEmQQIvjgMWUchYVt82COwBnBgag8Xh8gViKZKcKldkqNRqFEWf4CRY
+ Sq1WZSjkqcmIVCzgczksBjgURQoRMbAHUpkaxBFKkJR0pUqNZmU/1ebmgXQ4CFsnV/s0
+ OwtVq5TpKYhEGASiQlKHMCgc7Imh0pkcboJQIktTZqIaba6uQG8wmkwmMy6ChYwGfYEu
+ V6tBM5VpMokwgcth0qkxYNDNgF3bQwMcvlCaLFehmhyd3mguLC4pK694jpMqystKigvN
+ Rr0uR4Oq5MlSzCEmLZRBGA9Eiw04kmS5OkubbzAVlVZU1tTWN1hwU0N9bU1lRWmRyZCv
+ zVLLk7GQsRlg0K2AQbiiY2jMWJ5AIpNnavL05pLy6jrLq+aW1nartQMXWa3trS3Nryx1
+ 1eUlZn2eJlMukwh4sZhBtwIWHgG1DvYkiJE0VVaeobCsqr6xudXaZXtj7+l14KLeHvsb
+ W5e1tbmxvqqs0JCXpUpDxAlgENT8zQTCwgXZwxNIU5SoVl9YXmNpauu02R39A85BF04a
+ dA70O+y2zrYmS015oV6LKlOkAh6WQRCwn7foIA8rji9G0jM1+WbAabHaevqcrqGRUfcY
+ TnKPjgy5nH09NmsLAJnzNZnpiJgfxwrJE02hs7mJkmQlmmMoqbK0dHQ7nK4R9/iEZ9KL
+ kyY9E+PuEZfT0d3RYqkqMeSgymRJIpdNp0Tf8ocUTWFg4UpVaXSmivoma/db55D7g8c7
+ PTv3CSfNzU57PR/cQ8633dam+gqTTqNKxQLGoEBC34gXiUxlxvJFSLpa+6yourHttcM5
+ NPbROzO/4FtaWsZFS0u+hfkZ78exIafjdVtjddEzrTodEfFjmVRyCB4aE9JHpkBzjaV1
+ zZ12wPFMzS0srqyub2zioo311ZXFhbkpDwDZO5vrSo25qEIGCcSkheCB8uImPkrJyIJw
+ WVptfa73H6fmfctrm1vbO7u4aGd7a3Nt2Tc/9fG9q8/WaoGAZWWkPErkQoHd8gfKncXF
+ 0ie7oLDypdXuHB73zvlW1r/s7O0fHOKig/29nS/rK7457/iw0259WVlYkI0lEBcrsJv5
+ Azxs4ElTa/XFNc1dDpfbM7OwvL61e3DoPzrGRUf+w4PdrfXlhRmP2+Xoaq4p1mvVacDD
+ DslDZ8cLkiCdDSW1Lbb+d+Pe+cU1wPEfnwRw0smxH4DWFue94+/6bS21JQZI6CRBPJse
+ yh86J16IyB/nGsvqW7sHhiemP69s7uz7jwOnZ+e46Ow0cOzf39lc+Tw9MTzQ3VpfZsx9
+ LEeE8Zw7eHgiRI7mmcob2u3OUc+Mb3Vr7+tR4PT8AiednwaOvu5trfpmPKNOe3tDuSkP
+ lSMi3t08UO7A88LaM+ienF1c3973nwDOt0tc9O3i/PTEv7+9vjg76R7ssb7AeBSye3kq
+ LNZe15h3fmlj5+AocAY4V7jo8tvFWeDoYGdjad475uq1QsHfxQPHjRg6hycK+hOC5y8c
+ dPVrnp9OrOGRUfD6gu1Z+URnfm7pcIA/n5Y3dw+PA+cXl1c40MASV5cX54Hjw93N5U/g
+ j6PD8tyse6KEDRpeYFGRDzz/Z38Ils9h9/D86Xr/iYdA+yGx3hcEe58S7LxBtPMYsc6r
+ JIKd50lkgn3vEO17kGDfy5EEu0/A7n8Idd9CrPsoot3XEe8+k2j3vVi7gDj34WEE6xcA
+ D9H6KcTqN2EGEakfBzxYxIjTr7wGIk4/N4xo/e5rIOLMA4QFgYITCsSYl4AOwvcJDmy0
+ hQDzJFhLI0gUQZR5m2CThVDzSEGif7CA7Pfox1Mefj048ODAn3Pgb4RwH1IKZW5kc3Ry
+ ZWFtCmVuZG9iago1MSAwIG9iagoxNzIwCmVuZG9iagozOCAwIG9iago8PCAvTGVuZ3Ro
+ IDM5IDAgUiAvVHlwZSAvWE9iamVjdCAvU3VidHlwZSAvSW1hZ2UgL1dpZHRoIDE1OCAv
+ SGVpZ2h0IDgwIC9Db2xvclNwYWNlCi9EZXZpY2VHcmF5IC9JbnRlcnBvbGF0ZSB0cnVl
+ IC9CaXRzUGVyQ29tcG9uZW50IDggL0ZpbHRlciAvRmxhdGVEZWNvZGUgPj4Kc3RyZWFt
+ CngB7Zr5T1pZFMddUGQHRVCWAR9ugEhfxaKiBQNRcam7xVaNippiUaqRSOpSjFUicW01
+ LlG0xiVqjRqixlQz/9qch500VawzSV/nTeP3J36675PvOefeyz0nJORBDw48OPB7OBD6
+ y/Sv/AKqsG8Kx1HfvhIGH/0HkNdkQEQiRfwikUjwOQz0PsAA2zVYJJkcdS0KTvq6PJkc
+ CTYA4j18X9kiIiIBjEKl0mg0Op3OwE2wOHyCSqVERWGEP+bD4MIhnoAGYHQGk8liszm4
+ is1mMZkMYKQC4DXfHeENwIFvGBuDyeJwomO43NhYHo+Pk3i82FguNyaaw2ExGRgf+Afh
+ DY6HOYcZh7GxgYzHj4sXCIQikRgniURCgSA+js8DQnaAD+zD8IIUbwAOEo5GBzZAAy6x
+ RCpNQGS4CUmQSiViYARA4KPTsPQLjheK5RyZAsZxYnhxAiBDZEnJKalyuUKhxEEKhVye
+ mpKcJEOAUBDHi+GAfRQyVhu3zQPrAC6KxmBxuHyBWIokJssVaSq1GkXRx7gIFlarVWkK
+ eXIiIhUL+FwOiwHuRZCCxBasg4KgBuCEEiQpValSoxmZT7TZOSDdTxe2arb2SWYGqlYp
+ U5MQiTCAR4XSCGJeKFgXRaUzOdw4oUSWokxHNdpsXZ7ekG80Gk04CJbNN+jzdNlaDZqu
+ TJFJhHFcDpNOjQLzbob22joawPGF0kS5CtVk6fT5poIic0lp2TNcVFZaYi4qMOXrdVka
+ VCVPlGLuMWnBzMPoIK5sgJMkytUZ2lyDsbC4rLyqurbOgpPqaqurysuKC42GXG2GWp6I
+ BZfNAPNuhRYCGxlFY0bzBBKZPF2TozeZSytrLC8bm5pbrdY2HGS1tjY3Nb601FSWmk36
+ HE26XCYR8KIx826FNjQMdhOwLk6MpKgycgwFJRW19Y3N1g7ba3tXtwMHdXfZX9s6rM2N
+ 9bUVJQWGnAxVCiKOA/NgV7mZeFhgIet4AmmSEtXqC0qrLA0t7Ta7o7fP2e/CRf3Ovl6H
+ 3dbe0mCpKi3Qa1FlklTAwzIPQvv9cRGgY8XwxUhquibXBHBNVltXj9M1MDTsHsFF7uGh
+ AZezp8tmbQI8U64mPRUR82NYQekiKXQ2N16SqESzDOYKS1Nbp8PpGnKPjnkmvLhowjM2
+ 6h5yOR2dbU2WCrMhC1UmSuK5bDol8pZ3pEgKAwtsskqjM5bVNlg73zgH3O893qmZ2Q+4
+ aHZmyut57x5wvum0NtSWGXUaVTIWWgYFyuJGZElkKjOaL0JS1dqnhZX1La8czoGRce/0
+ 3PzC0tIyDlpaWpifm/aOjww4Ha9a6isLn2rVqYiIH82kkoPQ0ZiQdjIFmp1fXNPYbgc4
+ z+Ts/OLKqm99Awet+1ZXFudnJz2AZ29vrCnOz0YVMkg8Ji0IHZQsN/6PpLQMCKyl2dbj
+ ejc+ObewvLaxubW9g4O2tzY31pYX5ibH37l6bM0WCG1GWtIf8Vwo2lvewYbC4mJpl5lX
+ UP7CancOjnpnF1Z8n7Z39/YPcND+3u72J9/Kwqx3dNBpt74oL8jLxBKPixXtzbwDOjbQ
+ pai1+qKqxg6Hy+2Znl/2be7sHxweHeOgo8OD/Z1N3/L8tMftcnQ0VhXpteoUoGMHpaOz
+ YwUJUBQGc3WTrfftqHducQ3gDo9P/Ljo5PgQ8NYW57yjb3ttTdVmA5RFgiCWTQ/mHZ0T
+ K0Tkj7LzS2qbO/sGx6Y+rmxs7x0e+0/PznHQ2an/+HBve2Pl49TYYF9nc21JfvYjOSKM
+ 5dxBxxMhcjTHWFrXancOe6YXVjd3Px/5T88vcNH5qf/o8+7m6sK0Z9hpb60rNeagckTE
+ u5sONhSge27t6ndPzCz6tvYOTwDuyyUO+nJxfnpyuLflW5yZcPd3WZ9jdArZvXRlFmu3
+ a8Q7t7S+vX/kPwO4Kxx0+eXizH+0v72+NOcdcXVbYUu5iw4uUFF0Dk8U8C4I3Z8/XVc/
+ pvvu7h4aHgHHLBwVysc60zNLmwO8+7C8sXNw7D+/uLz66Wyw4NXlxbn/+GBnY/kDeOdo
+ szwz6R4r4bCAgzYi/IHuR57/Pt4RuipC7qH7b3eU7+gIuxsT+SQj9C2A0DcoYt8+iXxz
+ JxH6Xw+JTOh/jMT+t03ol4pwQr/yYO93BH4hI/LrIrFfZon+qk3sjgDWiCJqNyWE0J0o
+ oCN2F4/IHVDMPOJ2j4EOiy1RO+/XeESdWggh9sTHNR5Rp2VCAniBaR4iThpBb+rrJBQ2
+ Pka4KS2sdRbgCyPmhFugtUfg6cAA39+QwPkr9O2bD78eHHhw4P/twF9XGKfRCmVuZHN0
+ cmVhbQplbmRvYmoKMzkgMCBvYmoKMTcyNwplbmRvYmoKNDIgMCBvYmoKPDwgL0xlbmd0
+ aCA0MyAwIFIgL1R5cGUgL1hPYmplY3QgL1N1YnR5cGUgL0ltYWdlIC9XaWR0aCA4MCAv
+ SGVpZ2h0IDgwIC9Db2xvclNwYWNlCi9EZXZpY2VHcmF5IC9JbnRlcnBvbGF0ZSB0cnVl
+ IC9CaXRzUGVyQ29tcG9uZW50IDggL0ZpbHRlciAvRmxhdGVEZWNvZGUgPj4Kc3RyZWFt
+ CngB7ZjpT1pZGIfFBZUdvIKgUCgKqIBLoUQjAatisFoi7kJFYwm5iStGa3BJDEpcQl1J
+ tUaj1i22Lo1Gq84fN++56HQi6tjO/ej7AdDEJ7/leDnnREU9z3MC5CVAuTP/h0yhRIcn
+ hpibHyiUP2ISsJiY2Ni4f01sbEwMYH8beQuLi6NS4xP+mXgqNS7uD5DIZwwIA1YijUan
+ 0xkw8EajJSbEE0gk8qm2kTigETA6g8lisTkcLpfDYbNYTAY9jIwF2090/YtGZwCKy8Mw
+ LBkG3nhcgDLohEiC+ASJYRwYpTNZHG4SxhcIRSJRaiq8CAV8LInLYTEREXJ8gmfkFawC
+ jcHi8DB+iihNLJFKZTBSqUScJkrhYzwOoZEaF/vfnm9wNDqiCYSpYulLeYZCqYJRKjLk
+ L6XiVKEAEem0hDDwUcu3OAaLi/GFaRKZXKHKUmtyiNGos1QKuUySJuRjXBbjCUACF59A
+ Z7K5mCBVIktXZmly8nR6AzF6XV6OJkuZLpOkCjAum0lHIT6WIeBiIDvA8ZKFYqlcma3N
+ 0xkKi4wmM4zJWFRo0OVps5VyqViYzENAatxjpVBucJwkvkgsU2Rq8/QFRnNJWbnVWlFh
+ tZaXlZiNBfo8baZCJhbxkzg3wIcWNuBiqQk0JhtwErlSnasvNL6xWCtt1TW1dXW1NdW2
+ SqvljbFQn6tWyiUAZDMhQ1g2DwDRSolPZLB5CKfS5BuMxZa3Nnt9k6OlxeVqaXE01dtt
+ by3FRkO+RoWAPDYjkYjw3o5v3LK4yYDL1OoKTKVWW02js7Xd7cFhPO72Vmdjjc1aairQ
+ aTMBmMxlhSO8VyAF5CXQYaEIxXKVVldotlTaG5xtbryju9fb1+ft7e7A3W3OBnulxVyo
+ 06rkYiEsG3oCdHwfD8lDbjFBmkypAVx5VW2zy413efsHfUPDw0O+wX5vF+52NddWlQNQ
+ o5SlCTDC8b0J3siD8KQKdX6BufxdnaPN0+kdGBod849PTIz7x0aHBrydnjZH3btyc0G+
+ WiGFCB8UGB2N5HEwIYSXazBZquqc7Xh3v2/UH5iaCcLMTAX8o77+brzdWVdlMRlyIUIh
+ xkGVREdHNILsQno8QapMqdUVlVbWOtrxnoHhscB0cG5hKRRaWpgLTgfGhgd68HZHbWVp
+ kU6rlKUKCIH3GAa71LC89Oy8gmKrvbkN7/k44p8MzoeWV1ZhVpZD88FJ/8jHHryt2W4t
+ LsjLTg8LpN7TCAXs0lhcPpKnN1psDS5P98DI+PTs4vLq+sYmzMb66vLi7PT4yEC3x9Vg
+ sxj1SCCfy6KB4YiGKYTdpBSxPAvkVdQ4P3T2D/unZ0Mra5vbO3swO9ubayuh2Wn/cH/n
+ B2dNBQjMkotTklAjMRE8FB+0AeVqdCCvsQ33+sYmZ0Nf1rd29w++wxzs726tfwnNTo75
+ vHhbIwjUaaBiaAR4EYWg+JjIrirHYLbane6ugdFAcHFl/eveweHxCczx4cHe1/WVxWBg
+ dKDL7bRbzYYcFTLMTIQA7xYcHQvx8QTIbmFJZX0r7h3yT88vr23tfTs6OT09Ozs9PTn6
+ tre1tjw/7R/y4q31lSWFyDA0TIuP4KE66KykFEmG+lVRma2pvaN/NPAptLq5e3D04/T8
+ /OLi/Pz0x9HB7uZq6FNgtL+jvclWVvRKnSFBAUYWArwEOhsTvlBooN1qh7t7cGxq7vP6
+ 9v7hyen5z0uYn+enJ4f72+uf56bGBrvdjmpoWKN4IcTYUMjdggkeqkOZ89pktb/39Pr8
+ MwsrGzsHxwh3dX19hYDHBzsbKwszfl+v573danqdo0SFPMYj6qhtgfjGg0urm3vfQd7l
+ 1V8wV5cg8Pve5upScBwCbKklCnmUlywi6q2oc+F9wxNBiA94ZxeX14h3fXlxRvBCwYnh
+ PtxVV0EULEp+WB/ZPMiPVL8k90HueiF1PUeR/P8GPJKfByQ/r8h+npL+vCf9+4jc78so
+ kr/Po8jeb5C9H7oVSNZ+DXjEZpy0/SQ0Qup+FwkkdT9+65hJ0nkBeOEIyTrPICBESNp5
+ KyoMhDMNSefBX0CSzqtRZJ+nCYVwGUHWeR+2hajl8O0GKfcRAPxFpJFwXxKWiDSSdJ+D
+ gCAxGi6vSLpvQpvrWyQp92EIeIMEoaAUDfoE88RrpjAi4vXOdWLEuSXiD55/8ZzAbyTw
+ N83zNFIKZW5kc3RyZWFtCmVuZG9iago0MyAwIG9iagoxNjM2CmVuZG9iago0NCAwIG9i
+ ago8PCAvTGVuZ3RoIDQ1IDAgUiAvVHlwZSAvWE9iamVjdCAvU3VidHlwZSAvSW1hZ2Ug
+ L1dpZHRoIDk0MiAvSGVpZ2h0IDEwNjUgL0NvbG9yU3BhY2UKL0RldmljZUdyYXkgL0lu
+ dGVycG9sYXRlIHRydWUgL0JpdHNQZXJDb21wb25lbnQgOCAvRmlsdGVyIC9GbGF0ZURl
+ Y29kZSA+PgpzdHJlYW0KeAHtnfd/FdW+hpUeSigJvRNAAqGEFqT3IlWUIqF3FKRrpAfp
+ HQSl1yhVQEEE9Xzuv3a/a2bvnZ0QFEh2MuvNMz+c6z1HtvM+7zxOWWvWfPABGwQgAAEI
+ QAACEIAABCAAAQhAAAIQgAAEUkfgQzYIVD2B1B3gAr9s9dSIbzXZIFDFBOLHYqn/G/5b
+ RMC3ckQITK1Zs1at2m6rwwaBSBAIDsfi/6jlNvdvkVBhZ245DnpP/6hztaaJWqduvXr1
+ 0tLq29aADQJVRsAdgYktLdzs0Ay2unXr1qkTCOzEDbStVs6GrpqqafUbNGyUnp7euHHj
+ JmwQqBoCdvQlbXY4xrdGjRo1bNjQ/Sukfv20NFPXvDVtTVrnbDVR1slau3bdevUbNEpv
+ 0rRZRmZmZvPmLdggUIUEmic2OxzDLSMjo1mzprY1adLYBDZ1A21N2sDZ6qGsyVqrdh1z
+ 1VTNbN6yZes2bdu2a88GgSon0C7Y2rqtjdtat27VqqVtLZqbvxlmrtM2kDZUNjjJap9j
+ P7Qzq8nasHHTzJat27bv0KlzVlbXrt3YIFC1BLoGW1Zs69KlS+fOnTp16tixg/1bpJ3p
+ 27pVoK1Ja842bFA/LTjJhsZ6+gDpP3c7lLVBoyYZLVq369i5a/ce2b1yevfuwwaBqiXQ
+ O9hywq1Xr149e2ZnZ/fo8VH37t26ZmV1MXXN27ZO2uaZGU7ZRoGxdiNrF8WiZ9gP7Tq4
+ Xv1GTTJbtumY1T07p29u/4GD8vLyhrBBoGoI2NGXtA22bdCggbYNGNA/Nze3X9++fXrn
+ 5PTqmd2je/euWV2ctG3bOGWbmbENGwSnWFVh7Tq4blrDJhkt23bqlt07d2De0OEjR48Z
+ O44NAlVLYKzbxtg22m2jRo0cOWLE8OHDhg79eEje4EEDTd1+fXvn9DJpu2Z17tS+nRlr
+ 59gmobC1a7unTmqjsXZqrVOvQXozk7V7Tu6goSPGjJ80Zer0GTPZIFC1BGa4bfr06dPc
+ NnXqJ59MmTJl8qSJEyeMHzd2zOhRI0YMG2raDuyfa86asnaWNWPtFBsTtk54Rfyft4I+
+ /Q0f1qhdt36jpi3amKwDhowcN3nazM/mzF+Qn7+QDQJVRCA/aVuwYMEXX8y3bd68uXPm
+ fP7Z7Nmfzpo5Y/q0qVMmT5wwbqxZO+zjvEEDcvvm9DRjO3dwwmY0bWz3sPXqyvlqttZr
+ 0DizdcduOQOGjpk0ffa8/CXLV65eu44NAlVNYK1ta9asWe22VStXrlixfNnSpUsWL1qY
+ v2C+ufvZ7Jkzpn0yeeL4saNN2cEDzdjs7l07dzRhM5vZFbHz1V0Q61wP16hZJ61R05bt
+ srJzPx4zZdbchctWf7lh05Zt29kgUPUEttm2devWLbZt3rxp48aNX29Y/9WX69auWb1y
+ xbKlixflfzFvzuxZM6ZNmThuzMhhQwb1d8JmdWrftlWLjKZ2Byvma41adeunZ7Tu2L33
+ oJGTZs5fvOrLjdsKdu7ZW8gGgSomsM9te23b47bdu3bt3Lljx3cFBd9s3751y+aNX6//
+ at2a1SuWLVmUP3/O7JnO2NEjhg4eEArbrnXLzJivwQNin25P37ivZqtdCLfpnJ07dNz0
+ uUtWb9hasKfw4OGjx9kgULUEjiW2o0ePHjly2LZDBw8cOPB9YeG+vXt279xR8O32bVs2
+ fb1+3ZpVy5cs/GKuGTt5/BgTtn/fXh/ZCdYuiM3X2P2rxACs3bY2bNqifVbOwBGTZy9c
+ tX77zsJDx06eOXf+AhsEqo7A+dj2g9vOue3s2TNnTp8+ferkyRPHjx0zeQ8e2F+4d8+u
+ HQXbt242ZVcvX5I///NZ06aMHz18yMB+OdndOid8rSNy+2q22m1rh+598sZMm7fsq607
+ 9x85ee7CxStXr7FBoEoJXA23K7Ht8uVLly5evPjTjz9euHD+h3Nnz5i4x83ag98X7t1t
+ ym7Z+NXalUsXOmEnjRs5dFBu74SvNmNC4/Gw2ZrerFWnj/oNHT8zf/WmgsIjp89fvHbz
+ dhEbBKJB4I7bbt++fcu2mzdvXL9+/drVK1cuX7r404ULP5w7c9qcPXxw/77dO77duml9
+ IOxnM6ZMGD0sr3+f7G6d2rdu0axJI/e4qZb/T4dr1E5Lz7Db1v4jJs1esm777kMnz1++
+ ceeXew8eskGgCgk8KLndv3//3r17d2375eefi4rumLsm7rUrVy5d/PHCubOnTzpj9+ws
+ 2GbCrli8YM6sqRNHD8/r3zu7a6d2rcLbVzea4/ndq7M1s02XngNHTpmzfENB4bFzF28U
+ 3Xv061M2CESGwBO3PX78+FfbHj16+PDBA5PXvC0qun3rpjl7+eKFH86ePnH00Pd7dxZs
+ 3fjl6qX5cz+dNnHM8LzcnB5ZHe1xU5N0hdNrjdr10zPbZuUMGj1t/sqNOw+cunDtzr1f
+ n/7+/A82CESAwPPY9izcfv/9999+s3+LPHHmPnr4wElbdMeUvWrGnrNT7KH9e3Zs37x+
+ zfJF82ZPmzh62KB+vbp3bt+6ebP0huHdq89zJczWxs3N1rwx079YvWXP4TMXb959+PTZ
+ i5ev2CBQ9QReJrY/3fYi2P744/nzZ8/M28DaRw8e3Lv7c9Gtm9euOGFPHD1QuOvbLRvW
+ mq+fTp0weujAvnY53NZOr3b36h4Oe3w1HNjarmvvvLEz8tdu23v03JXb9x8/e/Hqr7/Z
+ IBAhAn+FW/jvD1M4MPcPJ+1v7kT70Iwtun3zuhP2lJ1gdxdsNV8Xzp01ZdwIuxz+qIud
+ XpumN0jz+2FTwtZxM/PXbS88dv5q0YOnz1/+9c//2CBQ1QT+KXuzf4mYu07cQFpz9ven
+ T83Y+3d/vnPz2uWffjh94vD3e8zXNcvy58yYPGbYIHd6bdMyo7HNlXBjOZ5eDX9Ys45d
+ Cbfv1icvtPX4+Wtm6x+v/v7f/7FBoKoJvOHfFgmHnbWm7Ms/XwTGPnHCFt26YSfYMyed
+ r1vWr17yxexpE0YO6Z9jd6/2cDh+NfzGyX1R/h/M1gZNWpitQ8bNXGjn1uMXrhU9xNaq
+ Pkr555dJ4DV5A21jyr548YedYp/8+uDeL3aCvXTh7InD+3d9s+nLFYvmzpwydpjdvWZ1
+ aOOuhm3o1dMXc7C1zMOC/zKiBF7z1f6LUFl3jrVTrAn7+NEDO8Gar2dOHC7cuf3rNUsX
+ uNNrXm6v7vawya6Gvb15xdaIHpbs1r8QeN1ZZ+zfobDPn/1mJ1jn68Xzp48d2Fuw5auV
+ i+fOnDx66IDe9rDJPRt2N68+TmzC1n85KPifokygtLJxYd0JNvT15tWL504d2b9r+8a1
+ S7+Y/cm44fawKat9a5vZZEM5Pj5rwtYoH5Ds238RKKmsO8HaGfZl3Nc7N678ePbEIXd6
+ XbFwzvSJdjXcs2vH8OY1GHmN8iOlMvYNW//reOB/jziBEsLGTrChr4/u/3L7+qXzp4/a
+ 6fXr1Uvm2dXwx/Zs2G5em7mzq5soUYYSEf6vsDXixyK79xYEkoVN8vXp44f3im5e+ens
+ 8YN7CjatW+auhocN7P1R53axZ02+6Yqtb3Ew8LdEn0ApYYPr4efPntrjJnd6PXW4cIdd
+ Ded/Pm38iEF9e3Sxkdfg0bBnumJr9A9E9vCtCCT5GpxfX73684U9bnrkTq8/njl2YNf2
+ DasXBzev/exZU6vMJm4kx3T16GoYW9/qSOBv8oFASV9jj5vs9PrL7WsXz504uOfbjWuW
+ zps5afQQe9bUobUbyfFs1jC2+nAYso9vTSBhrHs+/JedXp//9uTh3aIbl93V8Heb7eb1
+ 0ymjP87t1a1jG5uG6NnAK7a+9XHA3+gDgYStwRSncDTn6a/3f7515YI9G9651W5eZ08Z
+ O3SAPRq2kRzPdMVWHw5B9vEdCJTwNTi9Bg+bbl376azdvG5bvyL/s6n2aDjU1UZyPJrW
+ hK3vcBzwt/pBINnX8OHw73Y1fOd6cPO6fcOqRZ9PGzd8YG87u7Zw05r80RVb/TgA2ct3
+ IxAX1t29vnplc5ue2rNhu3k9ecieNdmjYRvJcbq29UtXbH23o4C/2w8CcVvd3Wv8avj+
+ zzevXDh1eF/BxjWL506fMGJQn486+6Urtvpx9LGX70wgLmyg60sberWhHPes6Uhhwaa1
+ S+bNmGjzJDzTFVvf+SjgD/hBIG6rO726Z8PPf3v84O6tqz+eOepGcpbOnzlxxOC+PTqH
+ k4b9uHfFVj8OPfby3Qkk6+puXp+7Z0233aPh/Tu2BLqOdLq2C+b4e6Ertr77UcCf8IZA
+ TNjYzat71uQeDZ899v3OLeuW2dk1pmv8yXCEX78Jdg1bvTny2NF3J5B0enXPmsJHwzaS
+ c/z7nVu/DHTNC86unuiKre9+CPAn/CFQStcXNlHiXpHT9UCo66Tg7Jp4MhzxGf7Y6s+R
+ x56+F4Hiq2H3rMl0vV9049K5Ewd2bf1q+fyZk0a6s6snumLrex0B/CGPCLxR122m66xi
+ XYMp/pE+u2KrR4cdu/peBOJXw8G8pnDg1c6uP9jZ1XT9ws6ug2PjrqZrtF9Px9b3OgD4
+ Qz4RKKXrc5sn8fPNyzFdwyfDwTQJ975rpHXFVp8OO/b1/Qj8m67hQE6fj8IX6KKtK7a+
+ X//8Ka8IvFnXcCDHzRn2QFds9eqoY2ffm0AobOze1c1CjF0MJ3QNX08P12qK6DQJbH3v
+ +vmDfhFI0tVmISZ0tXHXYM5w8L5rYmm1aOqKrX4dcuzt+xNI0jWc4//zTfdk2CYhLp03
+ Y8IIW03C1mqylRCjuyw4tr5/+/xJzwgk6Ro7u9o0CZvVFOo6fGBOt462EqLpGtVPWmGr
+ Z0ccu1sOAqGu9gpd8EqODeS4WU02Z9h0nTt9/LABOd1s4dLG7pNW0fwCHbaWo3z+qG8E
+ 3qjr2iVzpo0bNqBX1w6tMqKrK7b6dsCxv+UgELO1+Ox6303xt/ddN6+1tZrGDe3fK6t9
+ y4zYymrRe9KEreXonj/qHYFkXYNJiDFdv9u0ZvGcqWOH5vY0Xd0X6Ozt9OhNGcZW7w44
+ drg8BErp6t7Ica+nFxbYSoifTx37ca59IyeyumJrearnz/pHoExdba0m03XhZ5+MGdIv
+ u0u7lk3TIznDH1v9O97Y43IReE3Xe3eu/3TmiC1cumrh7Cmj8/pmd7HXXSM5wx9by9U8
+ f9hDAmXoeu3H00f2ffv1SvtGjunao3PwiZzozfDHVg8PN3a5nARCX+Pvu7ql1UzXw3u/
+ 2bBiwaeTRtnrrm6Gf+zzrlF6Moyt5SyeP+4jgdd0vX3VVvHfs339ii9mTRw5qI/N8A/n
+ IEZrlgS2+niwsc/lJZDQ1X3i1S1caqv4nzq0Z7tbqmmi+0SOzUGM3iwJbC1v7/x5Lwkk
+ 6/rHM1sW3HQ9eXD3Nlu3dMYEN2W4Q6u4rtG5FsZWL481drrcBErp6r6Rc/6krVtqL+QE
+ U4a7tm8Vm9QUnVkS2Fru2vkBPwnEdQ2WBf/98YNfgqWabIa/mzIczkGM2qQmbPXzUGOv
+ y0+gtK72uqu9kBNMGXZzEMNJTZGaJYGt5W+dX/CTQGirm+H/V/i6a9ENN8P/u02rF30e
+ m9RkH2OO0jqI2OrnkcZel59AzNaErklThsNJTcEa/lGa1ISt5W+dX/CUQJKu7psbvwW6
+ njm6r+DrVfmzJ4/Ki9wsCWz19EhjtyuAQCld7YtWd679lJjUNHJw1GZJYGsFlM5P+Erg
+ NV3ta8w2BzGY1BTBWRLY6uuBxn5XBIHSuj666+YguklNtoZ/0iwJ9+n0qp8lga0V0Tm/
+ 4S2BmK42wz/8XmRsUtOu+CyJXl0TS79U/SwJbPX2OGPHK4RAsq728fQnD92kpmCV4XCW
+ RGLplwh8zwpbK6RyfsRfAiV1/f2Jm9RUPEvCLf0SrCURhbddsdXfw4w9ryACoa/BxfCf
+ f9gcxJ9tleFwlkRs6ZeorCWBrRXUOD/jMYG4ruGkJlsU3BZWcys1xZZ+6RF8fi4C37PC
+ Vo8PMna9ogiU0tWtg2grNbmlXz6dPKp42LWql/DH1ooqnN/xmEDi3vVvN6kpmCURLP2y
+ fsWCWRNHDIrKy+nY6vExxq5XFIGYrcEa/k7XcNjVzZII15KIv5xexcOu2FpRhfM7PhN4
+ Xdf4WhL2tUj7nlU0hl2x1edjjH2vMAKJa+FwlkSw9ItbS8J9fs5eTi/+4kZVDrtia4X1
+ zQ95TSBZVxvHsWHXW5eDbzHb96zCL25U/bArtnp9iLHzFUeglK427GprScSHXUfbFzc6
+ V/mwK7ZWXN38kucEQl+DtST+fP7b42DYNfieVfhyetWvCY6tnh9h7H4FEkjS9cXzxMvp
+ 0Rl2xdYKLJuf8p1Asa4vXzx3w67Xg5fTgyX8Sw67Vsnrc9jq+wHG/lcggcS9a3yWhL3t
+ GrycbsOuE0YEa4Jn2BL+VfUpZmytwK75Kd8JxGxNmiVRPOxqa4L3r+JhV2z1/QBj/yuS
+ QOLkmvRyejjsGrztGht2rapFhrG1Irvmt7wnkKxrYtj1+Pc7N8eHXbu0q7pPMWOr98cX
+ ASqUQCldS7ztGn6K2Q27Vs3rc9haoVXzY/4TKKFr8rCrLTLsdHXDrk0aptWpXflzELHV
+ /8OLBBVMIPQ1/sWNcE3w2NuukxKLDNerU/lvu2JrBTfNzwkQKNY16W3XxCLDOUmfYq7c
+ YVdsFTi4iFDBBBIXw+Gwa/Iiw8GnmLt2qJpvu2JrBRfNzwkQiNlaeth119Yv7VPM42zY
+ Nat9y+DbrpV864qtAgcXESqaQOLk+k9wdg3fdi1eZLiqhl2xtaKL5vcUCBTr+tercNg1
+ tsjwmsWfTx1jr89VybArtiocW2SocAKldE0Mu25cveiz2LBr80ofdsXWCu+ZH5QgkND1
+ tUWGE992zazsYVdslTi0CJECAqGvycOuP505svebDbZq6aSRtmpppzaZ9j5OZQ67YmsK
+ auYnNQgkdE1eZDh51dLWcV0radgVWzUOLFKkgEDxxXCga2zYdfc2+7arDbsOyOnavpKH
+ XbE1BS3zkxoEYraWGHY9f/Kg+7arW7W08oddsVXjwCJFKggkTq427Br/tmt81dJpY4dW
+ +scisTUVLfObIgSKdY0Nu7pVS4/v37HJhl0/CYZdK3XVUmwVOa6IkRICpXS1VUtvXDyX
+ tGpp5X4sEltTUjI/KkMg9DV5HOfiGfu2q30scnalfywSW2UOK4KkhsDrugarlrph18r+
+ WCS2pqZiflWHQELXNw27tnLDrpWxaim26hxVJEkNgcS9a9LbricP7d725bLgY5E27Noy
+ I71SdMXW1DTMr+oQSNgavj739OHdW1eSPhbZv2elve2KrTpHFUlSRCBZVzfsWmUfi8TW
+ FDXMzwoRKNY1GHaNfyxyxyZ7fS4Ydq2kj0Viq9BBRZRUESiha7Bq6Y2LZ5OGXWMfi0z1
+ qqXYmqqC+V0pAqGvpYZd9wUfi6y8VUuxVeqYIkzKCJTQ1X0s8lr8Y5EzJ44Y2LtSVi3F
+ 1pTVyw9LEUhcDMc+FnnXPhZ56nD4tuuE4eHHIlM9joOtUocUYVJGIGZridfnLpw8uDtY
+ tdR9LLISxnGwNWX18sNaBBIn1/BjkeGqpScP7NyyrtI+FomtWocUaVJHIFnXpFVLd25e
+ s3jO1DEf56Z+1VJsTV27/LIYgVK6JlYtdcOulbJqKbaKHVHESSGBZF1flPpY5ORRwcci
+ g1VLU/X1OWxNYbn8tByB0NfkYVdbtXTft8WrliaWQfwwBesgYqvcAUWgVBJI6Fr69bkv
+ 3LBrTjf7+lzqXp/D1lRWy2/LEUhcDCe9Pnfq0J5g1dLxw9yqpSl8fQ5b5Y4nAqWSQMzW
+ 0sOuiVVLU/r6HLamslp+W49A4uQaX7XU3nYtXrU0GMdp2TS9ft3aKfi2K7bqHU8kSimB
+ Yl0TH4sssWppj85tU/X1OWxNabP8uCCBUrq6YdcSq5a61+eCr8/VqFHBD4axVfBwIlJq
+ CSR0jX0s8n7RdVu1tBJen8PW1BbLr0sSCH1NDLveK7qe/PpcTreO8WHXij25Yqvk0USo
+ FBNI6Bofdg1fnwu/PjcwVV+fw9YU18rPSxIovhiOfyzyir0+tyt4fS51X5/DVsmDiVAp
+ JpCw9bVVS8PX57Kz2qVgHAdbU1wrP69JIFnXpNfndtjrc+HX51IxjoOtmgcTqVJNoFjX
+ +KqlNy4lf30uPo5Tke/jYGuqW+X3RQkk62qvz/36wMZxzoZfn/t08sjBfbp3auO+j1PH
+ dK2o13GwVfRYIlbqCYS+JsZxbNi15DhOhb+Pg62pL5V/giqBhK7xcZxrP562ZRDDcZzi
+ 93EqbMYwtqoeSeRKPYHExXDi9Tk3jrN767qlc6fZOI57H6dCJ/hja+o75Z+gSiBma+L1
+ ueKvz9k4ztj4umppFfY+DraqHknkqgQCiZNr7PW5B7/cvHzu+Pc7Nq2xz1mNzuvbo3Ob
+ 5k0bprknTRUxBxFbK6FT/hGyBIp1LTWOsyp/9pRR4YPhJsGDYWyVPQgI5guBhK72Ps6f
+ No4Tfx9nw8oFsyaNGBT/Pk7tWhVxcuXc6sthwX5Gk0Cyrm7YNRzHKf4+Tnyhpop4MIyt
+ 0TwG2Ct/CIS+umHXly+eua/P2fs4h3Zv+3LpvOmxB8PNKmjlF2z156hgTyNKIKFr7H2c
+ WzaOc2BX8H2c4MFw2xZNG1XIg2FsjegRwG75Q6D4YjjQ9eEv4bpqwQR/92A4tvJL+acg
+ Yqs/BwV7GlECCVuDcZzfnzz4+aZN8N9fsHH1wtmTYw+GK2RJcGyN6BHAbnlEoFjX2DhO
+ 0Q03wf/br+3BcHwFf/cl5vI+acJWjw4KdjWqBBK6Fq+rZhP84w+GgxnD9qSp3Lpia1QP
+ APbLJwIldA0eDF9LejCca0tJ2JOmci8Jjq0+HRPsa3QJhL7aOE7SQk3uw+n2JeaxQ/pl
+ u6UkwimI5XjZFVuj2z975hOB4rNr+GDYfXDDzRiOfYnZlpLILPcURGz16YhgX6NLIGFr
+ fIJ/8GC4sGDjqvxPJ410UxBbZZb3SRO2Rrd/9swrAsW6xh8M2wr+R/Z9s35F+GlXm4JY
+ 3jlN2OrVEcHORphAQtdSD4a/WuamIOb2DJ40lWtOE7ZGuH52zS8CJXR1D4ZvXw2WBF8X
+ vJtuT5rCr1m9/+s42OrXAcHeRppA6Gvxg+FbV86fOLBzs72bPsWmILonTeWa04StkW6f
+ nfOMQAldnzx0S0m4KYixJ03dbBXE8jxpwlbPDgd2N9IE4raGM4aDT7uetW9FbnBPmoYP
+ 6GXLqpXnSRO2Rrp8ds4zAolb138SS0kEUxC/Cl52zc3uErw9974rgmOrZ4cDuxttAgld
+ gwfD4bvp9vE597Lr1DFD3NtzbpLEey78gq3RLp+9841Akq5uKYlHNqfp/IlgTlO4rJp9
+ iPm9b12x1bejgf2NOoH4vWswY9g9aQq/ZrUyP3h7rjyTJLA16t2zf74RKD67vrJvRdqT
+ Jjenae8365fPnzHeLeDvXsdxSwy/+5ql2OrbscD+Rp1AwtbiJ00/ng6WVXML+PezFcHf
+ 99YVW6PePfvnHYGErvEnTbfdsmo7t6xZ7CZJ9OnesfV7jrpiq3fHAjsceQLFusZXQbz8
+ w/H93wWTJEYMzInfur7zh12xNfLVs4P+ESipqy2r5tZp2vft+hXzZ44fFt66Bq+mv+Ot
+ K7b6dyiwxx4QCH39x926uidNwYeY99iK4HODW9fYhOF3XVUNWz1onl30j0DcVtPVfW/D
+ LeCfuHW1j1l1dBOG3/lLkdjq34HAHntAoPha2HQNJ0nEb13dmqXuO8zvPoyDrR40zy56
+ SKBYV/ek6Yl92fWS3brGRl3dhOHmTRq+6wxEbPXwQGCXfSCQpGvyreu6pTZh2L3r+h4z
+ ELHVh+LZRy8JxO9dS9y62qvpsyePHJTTLfby3LtMacJWL48DdtoHAnFb3ZOm8Nb13LHC
+ AvvcxswJwTCOrTBc751mIGKrD7Wzj14SSLoWDm5d3ajrkb3bbVW19xzGwVYvjwN22gsC
+ Sbq6W1f7bPqPpw7t2rLWZiCOGty7W4dwIYm3vxbGVi9qZyc9JRC/GA5Xkrh3273r6mYg
+ zgrWfbG3cd7pWhhbPT0M2G0vCMRtdfP7nz0N33UNhnGmj7O3cd51ShO2elE6O+kpgaRr
+ 4eDWNZiBuHvrusWfTxk9uHf38Fr4rV91xVZPDwN22w8CSbr++Ud8BqJ9yyr/04kjbA3E
+ 4Fr4rb/CjK1+lM5eeksg8PUfN78/HMaxFYYLv7WFJOLXwuEqTW/1nUhs9fYoYMf9IFB8
+ 6xofxrGvpsevhW2OxDvMF8ZWPypnL70lUOJa+Pdf79+5Zm/juGthey7cv6ebL2wrlr7d
+ u3PY6u1RwI57QiChq5uB6JYsjV0L2xyJIW6+cEZ6/bq132rQFVs9qZzd9JhA7Nb177/C
+ a+HrF08fds+FP5syMlj2xQZd3+7kiq0eHwTsuicEEreubiEJuxZ2b6bv2OjmCw/Nte9E
+ Bh+ee5tFmrDVk8LZTY8JlHEtfHTf9q/s3Tm3BKINur7li+nY6vFBwK77QiBxcg2vhd0c
+ CZsvvGbh7EkjBvTMij9o+s9RHGz1pXD202cCCV2Da2E3X/j4/oKvV7hB174fufWF69d9
+ ixlN2OrzMcC++0Ig+VrYXnX95aa9O7dnm5uAaA+astq72f32oOm/Tq7Y6kvf7KfXBBIn
+ V3ctbCuWBoOuG1ctmDl+aK6b3f9WJ1ds9foYYOf9IRD4+k/w0fTffg0GXfd9Yw+aPrHZ
+ /W5G09ucXLHVn7rZU68JxM+uwXxh+/CcPWjaucXN7h8WjOK45YX/a4oEtnp9BLDz/hCI
+ 22qfdQ0GXe1BU2HB+uXzpo3J6xNMF/7vO1ds9adu9tRzAsXXwjYB0R40nTm8e8vaRW4U
+ J5wi8Z8nV2z1/Ahg9/0hED+7Jh40nfjejeJMG5vX16ZING30nydXbPWnbPbUcwJxW/9+
+ 9ad9GufurUvhKE4wRaKLm3/4X2Ou2Or5EcDue0Qgrqt70PQkHMX5bqObIjHk7U6u2OpR
+ 2eyq5wTitroHTeEozlE3ReKzyTb/8G1Ortjq+QHA7vtEIK5rOIpjywu7d3Hs5Govuro7
+ 1/8ac8VWn8pmX30nENM1HMVxUySO7t2+bnH8zvW/JjRhq+/9s/8+EYifXP92S6rZF9MT
+ J1d7cy6c0PRvMySw1aeu2Vf/CQS+2gqIbopEeHK1O1c7ufZ3Y67p9e0rVm+e24+t/vdP
+ Ap8IxGxNOrm6x8I2oclmC7doaguq/cvJFVt9app99Z9A/FrYpkiEJ9cje7auXRTMFnYL
+ qqXV+ZcX57DV//5J4BWBxMn1z+DO9cLJ7ws2LJ87dfSgnKx2zf99hgS2etU0O+s/geKT
+ azDmeumszRZekz9r/NB+H3Vs5aYfvvlSGFv9r58EfhFInFxjE5pO7P92/dI5tohEL5sh
+ 8a/PmbDVr6bZW/8JlDy53rxo77luXrVghpt+aIM4//acCVv9b58EnhFIOrk+vn/nyg/H
+ 9m3/0gZxhvfPDp4z1a754RsGcbDVs6bZXf8JxE+ur14+tw8wX//plJt+OG/a6MGJ50zY
+ 6n/LJFAh4HwNvhH5+6/3bPqhG8RZOGvCUFusNJgs/KbnTJxbVQ4AcnhEILwWdu+52vRD
+ W/5wf4F7zmRv4rj5TDbk+oZLYWz1qGN2VYZA7OT68oW9OBc8Z9q06ovpY/N6d23fool7
+ Kb3sS2FslTkACOIRgfjJ1QZxYs+Z1i2aPXForg25NrP35t5wKYytHlXMrsoQCG21uf32
+ nOln9yZOwYZlbsjVvZRuQ65vuBTGVpkDgCAeEYjZanP73WThS271w9ULZtilsE3tf/Ol
+ MLZ6VDG7qkMgfin8py3QdOfq+WOF7qX08FLYLSFR9qUwtuocACTxiEDiUviPp4+CS+Hv
+ vl6euBROe8MECWz1qGF2VYhA/OQaXgq7qf2rY0+Fm9ulcNmvzWGr0AFAFI8IxE6ur9yl
+ cNFVN/tw3eJPJ7gXccIJEmWN4WCrRwWzq0oEnK7Bii9u9mH8qXDwkQ17J73sG1dsVToA
+ yOIRgZKXwmcO79q8an58rvAbxnCw1aN+2VUpAuHJNbgUvnPl3LG929YunDn+4/C1ubKn
+ M2Gr1AFAGI8IJF0KF10P5gov+WzS8NzsTq2auRUkyrhxxVaP6mVXpQgkXwrbXOGDOzeu
+ mPvJqHAFibJvXLFV6gAgjE8EYpfCL549Dl+bs+lM4cz+5o3LvnHFVp/qZV+lCMQvhd1r
+ c1ftS+nb1y2yMZzgizhlv4eDrVL9E8YnAvFL4T9+C6YzfW8vuX4+OVjv5Q03rtjqU73s
+ qxaB4OQazuwPXnK19V7+9cYVW7X6J41PBGI3rn8+e3z/9hVb7yV+42qrgJd544qtPrXL
+ vmoRCC+F3UuuiRvXWW7E1T7lalOFX1/uBVu1+ieNVwRil8J/hK+kuxvXzyYNy+3RqZW9
+ NVfGci/Y6lW77KwWgZI3rsGIq1tAonObjPSy5kdgq1b9pPGKQOzGNRxxdW/NuanC9vmq
+ trbyYRkT+7HVq3bZWTECga5/BQtI2Jr9NlU4f+a4vD7Bci9lLM6ErWL1E8crAuGl8Eu7
+ cbVlhU8UfvOle8c1Pj/itcdM2OpVueysGIH4jetvj+wLG7byoXvMNNw9ZrJ1Sl9/zISt
+ YvUTxy8Cpus//wQrH8bmR8ydMtIt2Z9R1ms42OpXueytGIHg5GrvuLqJ/a89Zir90hy2
+ irVPHL8IBLb+9edzW6c0eCN9Tb5bVbhr+zJnM2GrX+Wyt2IEwhtXe8zkvl51vPCbdYuC
+ 2UztW7qFD0s/ZsJWsfaJ4xkBd+P69yt7DcctpWazmZaEa4C7j6TXwlbPymR3xQmEtrpV
+ hd36ETu+XjZn8gj3kfSyXprj3Cp+MBAv4gScrfZQ+Jl9dtk+h7Nrk700N9Kt9lLW3ENs
+ jXiZ7J44geDG1c1mir8090WwTGk497DUQ2FsFT8YiBd1Au7kGr40Z3MP97m5h2Pd3MOy
+ Hgpja9TLZP/UCbjHTElzD//loTC2qh8L5Is6geCh8IsyHgrXLf1QGFuj3iX7p04gfMxk
+ D4VvXDx9IOmh8OszhbFV/VggX9QJhLY+s2+kXzxz2C0BHnsh/fWZwtga9S7ZP3UCwWMm
+ t5LarcvnjiReSG8TvJBe8qEwtqofC+SLPAE7uf710j7j6mYK79lqC/aPycvJapeZXr/0
+ x3CwNfJdsoPqBNxjpti6h+6jy/HlIxo3qFOj5NxDbFU/FMgXeQLO1ldu+Yjr4fIRiXn9
+ pRd7wdbId8kOqhMIbLUhnJ+L5/X3+6hjGWsKY6v6oUC+yBMwW8PlI278dOrAdxvii724
+ NYW5Eo58e+xg9SLgHgrHF3uxNYWXx9/CeW3AlXNr9TowSBtBAqGtbsDV3sLZuenNA67Y
+ GsH22KXqRSA+4BouzbR55bypsS+kl16vH1ur14FB2ggSiNmaeGcuXK+/jOkR2BrB9til
+ 6kUgsPVluJDaUZse8cY3XLG1eh0YpI0gAWdrbHpE+HWNYNlD9xHXUpOZsDWC7bFL1YtA
+ aKtb9vDq+WOFsclM4SKlNUpMFMbW6nVgkDaCBAJbg8lMbpHS7esWzhw3JPblKmyNYF/s
+ UrUmEExmCj65HEw9jK0e0aJJg1JTDzm3VuvDhPCRIBDYGkw9vHBy/7dfLf50fPCdOWyN
+ RDvsBASSCRTbGiwAvnj2hKH9und4faIw59Zkavw1BKqCgNlqUw8TX4V0y/WXOa0fW6ui
+ Hf6ZEEgmENr6+6+/uGn99g3X2ROH5Zb1Eg62JlPjryFQFQTitt6Nv4RjtvYIXpkr+RIO
+ tlZFO/wzIZBMIGGrfQrHVj0sfmWu1Bql2JpMjb+GQFUQSLbVfbjq80nDc3t0avXaC67Y
+ WhXt8M+EQDIBNz0i+QXXzyePyM3u1KpZ6dfRsTWZGn8NgaogENoarCh8+lDJ19FLLB6B
+ rVXRDv9MCCQTKGXrijlTwk+4cm5NpsRfQyASBIIr4WDxCHduTdjaqNTCTJxbI9EWO1G9
+ CZitf7149jhc6iWwdUD4eXRGcKr3gUH6CBJwttq3NeKfR7cr4QHZnVs349wawa7YpepO
+ oJStcwNb22SYrSVemeNKuLofKOSPAIHXbB05oGdnbI1AM+wCBEoTSNh6+ezhXZtWFn8T
+ knNraVT8/xCoYgIlbN28cu4nIwdybq3iTvjHQ6BsAsm27rYFhbG1bE78txCoegJl2drF
+ 3beWXPSQp0xVXxV7UO0JvGbrqIE9sbXaHxYAiCSBkraumvcJtkayJ3YKAv/3f9jKUQAB
+ XwjEbL1/y0Zwdm/h3OpLb+xndSSArdWxdTL7SSDJ1iOcW/3skL2uLgRK22ofcOWZcHUp
+ n5yeEXiDremMt3pWJLtbDQiEtj5xT5mCK+HYuRVbq0H3RPSNQNzW29jqW3Xsb7UjUIat
+ vWwuE+fWanckEDj6BJytL589uX/78rn4lbDZmomt0a+OPax2BMzWvwNbr5w7smfLqvl2
+ 34qt1e4oILAnBLDVk6LYTQj83//ZufW5XQlzbuVggEDkCZRtaxrvt0a+OXaw+hFItnX1
+ /Kmjw/tWbK1+RwKJo0/gdVuz7Jkwtka/Ofaw+hHA1urXOYl9JYCtvjbHflc/Atha/Ton
+ sa8EsNXX5tjv6kcAW6tf5yT2lQC2+toc+139CGBr9eucxL4SwFZfm2O/qx8BbK1+nZPY
+ VwLY6mtz7Hf1I4Ct1a9zEvtKAFt9bY79rn4EsLX6dU5iXwkEtj6wt9GP7tmyev600YN6
+ 8Q6Or12y3+oEsFW9YfLpEMBWnS5Jok4AW9UbJp8OAWzV6ZIk6gSwVb1h8ukQwFadLkmi
+ TgBb1Rsmnw4BbNXpkiTqBLBVvWHy6RDAVp0uSaJOAFvVGyafDgFs1emSJOoEsFW9YfLp
+ EMBWnS5Jok4AW9UbJp8OAWzV6ZIk6gSwVb1h8ukQwFadLkmiTgBb1Rsmnw4BbNXpkiTq
+ BLBVvWHy6RDAVp0uSaJOAFvVGyafDgFs1emSJOoEsFW9YfLpEMBWnS5Jok4AW9UbJp8O
+ AWzV6ZIk6gSwVb1h8ukQwFadLkmiTgBb1Rsmnw4BbNXpkiTqBLBVvWHy6RDAVp0uSaJO
+ AFvVGyafDgFs1emSJOoEsFW9YfLpEMBWnS5Jok4AW9UbJp8OAWzV6ZIk6gSwVb1h8ukQ
+ wFadLkmiTgBb1Rsmnw4BbNXpkiTqBLBVvWHy6RDAVp0uSaJOAFvVGyafDgFs1emSJOoE
+ sFW9YfLpEMBWnS5Jok4AW9UbJp8OAWzV6ZIk6gSwVb1h8ukQwFadLkmiTgBb1Rsmnw4B
+ bNXpkiTqBLBVvWHy6RDAVp0uSaJOAFvVGyafDgFs1emSJOoEsFW9YfLpEMBWnS5Jok4A
+ W9UbJp8OAWzV6ZIk6gSwVb1h8ukQwFadLkmiTgBb1Rsmnw4BbNXpkiTqBLBVvWHy6RDA
+ Vp0uSaJOAFvVGyafDgFs1emSJOoEsFW9YfLpEMBWnS5Jok4AW9UbJp8OAWzV6ZIk6gSw
+ Vb1h8ukQwFadLkmiTgBb1Rsmnw4BbNXpkiTqBLBVvWHy6RDAVp0uSaJOAFvVGyafDgFs
+ 1emSJOoEsFW9YfLpEMBWnS5Jok4AW9UbJp8OAWzV6ZIk6gSwVb1h8ukQwFadLkmiTgBb
+ 1Rsmnw4BbNXpkiTqBLBVvWHy6RDAVp0uSaJOAFvVGyafDgFs1emSJOoEsFW9YfLpEMBW
+ nS5Jok4AW9UbJp8OAWzV6ZIk6gSwVb1h8ukQwFadLkmiTgBb1Rsmnw4BbNXpkiTqBLBV
+ vWHy6RDAVp0uSaJOAFvVGyafDgFs1emSJOoEsFW9YfLpEMBWnS5Jok4AW9UbJp8OAWzV
+ 6ZIk6gSwVb1h8ukQwFadLkmiTgBb1Rsmnw4BbNXpkiTqBLBVvWHy6RDAVp0uSaJOAFvV
+ GyafDgFs1emSJOoEsFW9YfLpEMBWnS5Jok4AW9UbJp8OAWzV6ZIk6gSwVb1h8ukQwFad
+ LkmiTgBb1Rsmnw4BbNXpkiTqBLBVvWHy6RDAVp0uSaJOAFvVGyafDgFs1emSJOoEsFW9
+ YfLpEMBWnS5Jok4AW9UbJp8OAWzV6ZIk6gSwVb1h8ukQwFadLkmiTgBb1Rsmnw4BbNXp
+ kiTqBLBVvWHy6RDAVp0uSaJOAFvVGyafDgFs1emSJOoEsFW9YfLpEMBWnS5Jok4AW9Ub
+ Jp8OAWzV6ZIk6gSwVb1h8ukQwFadLkmiTgBb1Rsmnw4BbNXpkiTqBLBVvWHy6RDAVp0u
+ SaJOAFvVGyafDgFs1emSJOoEsFW9YfLpEMBWnS5Jok4AW9UbJp8OAWzV6ZIk6gSwVb1h
+ 8ukQwFadLkmiTgBb1Rsmnw4BbNXpkiTqBLBVvWHy6RDAVp0uSaJOAFvVGyafDgFs1emS
+ JOoEsFW9YfLpEMBWnS5Jok4AW9UbJp8OAWzV6ZIk6gSwVb1h8ukQwFadLkmiTgBb1Rsm
+ nw4BbNXpkiTqBLBVvWHy6RDAVp0uSaJOAFvVGyafDgFs1emSJOoEsFW9YfLpEMBWnS5J
+ ok4AW9UbJp8OAWzV6ZIk6gSwVb1h8ukQwFadLkmiTgBb1Rsmnw4BbNXpkiTqBLBVvWHy
+ 6RDAVp0uSaJOAFvVGyafDgFs1emSJOoEsFW9YfLpEMBWnS5Jok4AW9UbJp8OAWzV6ZIk
+ 6gSwVb1h8ukQwFadLkmiTgBb1Rsmnw4BbNXpkiTqBLBVvWHy6RDAVp0uSaJOAFvVGyaf
+ DgFs1emSJOoEsFW9YfLpEMBWnS5Jok4AW9UbJp8OAWzV6ZIk6gSwVb1h8ukQwFadLkmi
+ TgBb1Rsmnw4BbNXpkiTqBLBVvWHy6RDAVp0uSaJOAFvVGyafDgFs1emSJOoEsFW9YfLp
+ EMBWnS5Jok4AW9UbJp8OAWzV6ZIk6gSwVb1h8ukQwFadLkmiTgBb1Rsmnw4BbNXpkiTq
+ BLBVvWHy6RDAVp0uSaJOAFvVGyafDgFs1emSJOoEsFW9YfLpEMBWnS5Jok4AW9UbJp8O
+ AWzV6ZIk6gSwVb1h8ukQwFadLkmiTgBb1Rsmnw4BbNXpkiTqBLBVvWHy6RDAVp0uSaJO
+ AFvVGyafDgFs1emSJOoEsFW9YfLpEMBWnS5Jok4AW9UbJp8OAWzV6ZIk6gSwVb1h8ukQ
+ wFadLkmiTgBb1Rsmnw4BbNXpkiTqBLBVvWHy6RDAVp0uSaJOAFvVGyafDgFs1emSJOoE
+ sFW9YfLpEMBWnS5Jok4AW9UbJp8OAWzV6ZIk6gSwVb1h8ukQwFadLkmiTgBb1Rsmnw4B
+ bNXpkiTqBLBVvWHy6RDAVp0uSaJOAFvVGyafDgFs1emSJOoEsFW9YfLpEMBWnS5Jok4A
+ W9UbJp8OAWzV6ZIk6gSwVb1h8ukQwFadLkmiTgBb1Rsmnw4BbNXpkiTqBLBVvWHy6RDA
+ Vp0uSaJOAFvVGyafDgFs1emSJOoEsFW9YfLpEMBWnS5Jok4AW9UbJp8OAWzV6ZIk6gSw
+ Vb1h8ukQwFadLkmiTgBb1Rsmnw4BbNXpkiTqBLBVvWHy6RDAVp0uSaJOAFvVGyafDgFs
+ 1emSJOoEsFW9YfLpEMBWnS5Jok4AW9UbJp8OAWzV6ZIk6gSwVb1h8ukQwFadLkmiTgBb
+ 1Rsmnw4BbNXpkiTqBLBVvWHy6RDAVp0uSaJOAFvVGyafDgFs1emSJOoEsFW9YfLpEMBW
+ nS5Jok4AW9UbJp8OAWzV6ZIk6gSwVb1h8ukQwFadLkmiTgBb1Rsmnw4BbNXpkiTqBLBV
+ vWHy6RDAVp0uSaJOAFvVGyafDgFs1emSJOoEsFW9YfLpEMBWnS5Jok4AW9UbJp8OAWzV
+ 6ZIk6gSwVb1h8ukQwFadLkmiTgBb1Rsmnw4BbNXpkiTqBLBVvWHy6RDAVp0uSaJOAFvV
+ GyafDgFs1emSJOoEsFW9YfLpEMBWnS5Jok4AW9UbJp8OAWzV6ZIk6gSwVb1h8ukQwFad
+ LkmiTgBb1Rsmnw4BbNXpkiTqBLBVvWHy6RDAVp0uSaJOAFvVGyafDgFs1emSJOoEsFW9
+ YfLpEMBWnS5Jok4AW9UbJp8OAWzV6ZIk6gSwVb1h8ukQwFadLkmiTgBb1Rsmnw4BbNXp
+ kiTqBLBVvWHy6RDAVp0uSaJOAFvVGyafDgFs1emSJOoEsFW9YfLpEMBWnS5Jok4AW9Ub
+ Jp8OAWzV6ZIk6gSwVb1h8ukQwFadLkmiTgBb1Rsmnw4BbNXpkiTqBLBVvWHy6RDAVp0u
+ SaJOAFvVGyafDgFs1emSJOoEsFW9YfLpEMBWnS5Jok4AW9UbJp8OAWzV6ZIk6gSwVb1h
+ 8ukQwFadLkmiTgBb1Rsmnw4BbNXpkiTqBLBVvWHy6RDAVp0uSaJOAFvVGyafDgFs1emS
+ JOoEsFW9YfLpEMBWnS5Jok4AW9UbJp8OAWzV6ZIk6gSwVb1h8ukQwFadLkmiTgBb1Rsm
+ nw4BbNXpkiTqBLBVvWHy6RDAVp0uSaJOAFvVGyafDgFs1emSJOoEsFW9YfLpEMBWnS5J
+ ok4AW9UbJp8OAWzV6ZIk6gSwVb1h8ukQwFadLkmiTgBb1Rsmnw4BbNXpkiTqBLBVvWHy
+ 6RDAVp0uSaJOAFvVGyafDgFs1emSJOoEsFW9YfLpEMBWnS5Jok4AW9UbJp8OAWzV6ZIk
+ 6gSwVb1h8ukQwFadLkmiTgBb1Rsmnw4BbNXpkiTqBLBVvWHy6RDAVp0uSaJOAFvVGyaf
+ DgFs1emSJOoEsFW9YfLpEMBWnS5Jok4AW9UbJp8OAWzV6ZIk6gSwVb1h8ukQwFadLkmi
+ TgBb1Rsmnw4BbNXpkiTqBLBVvWHy6RDAVp0uSaJOAFvVGyafDgFs1emSJOoEsFW9YfLp
+ EMBWnS5Jok4AW9UbJp8OAWzV6ZIk6gSwVb1h8ukQwFadLkmiTgBb1Rsmnw4BbNXpkiTq
+ BLBVvWHy6RDAVp0uSaJOAFvVGyafDgFs1emSJOoEsFW9YfLpEMBWnS5Jok4AW9UbJp8O
+ AWzV6ZIk6gSwVb1h8ukQwFadLkmiTgBb1Rsmnw4BbNXpkiTqBLBVvWHy6RDAVp0uSaJO
+ AFvVGyafDgFs1emSJOoEsFW9YfLpEMBWnS5Jok4AW9UbJp8OAWzV6ZIk6gSwVb1h8ukQ
+ wFadLkmiTgBb1Rsmnw4BbNXpkiTqBLBVvWHy6RDAVp0uSaJOAFvVGyafDgFs1emSJOoE
+ sFW9YfLpEMBWnS5Jok4AW9UbJp8OAWzV6ZIk6gSwVb1h8ukQwFadLkmiTgBb1Rsmnw4B
+ bNXpkiTqBLBVvWHy6RDAVp0uSaJOAFvVGyafDgFs1emSJOoEsFW9YfLpEMBWnS5Jok4A
+ W9UbJp8OAWzV6ZIk6gSwVb1h8ukQwFadLkmiTgBb1Rsmnw4BbNXpkiTqBLBVvWHy6RDA
+ Vp0uSaJOAFvVGyafDgFs1emSJOoEsFW9YfLpEMBWnS5Jok4AW9UbJp8OAWzV6ZIk6gSw
+ Vb1h8ukQwFadLkmiTgBb1Rsmnw4BbNXpkiTqBLBVvWHy6RDAVp0uSaJOAFvVGyafDgFs
+ 1emSJOoEsFW9YfLpEMBWnS5Jok4AW9UbJp8OAWzV6ZIk6gSwVb1h8ukQwFadLkmiTgBb
+ 1Rsmnw4BbNXpkiTqBLBVvWHy6RDAVp0uSaJOAFvVGyafDgFs1emSJOoEsFW9YfLpEMBW
+ nS5Jok4AW9UbJp8OAWzV6ZIk6gSwVb1h8ukQwFadLkmiTgBb1Rsmnw4BbNXpkiTqBLBV
+ vWHy6RDAVp0uSaJOAFvVGyafDgFs1emSJOoEsFW9YfLpEMBWnS5Jok4AW9UbJp8OAWzV
+ 6ZIk6gSwVb1h8ukQwFadLkmiTgBb1Rsmnw4BbNXpkiTqBLBVvWHy6RDAVp0uSaJOAFvV
+ GyafDgFs1emSJOoEsFW9YfLpEMBWnS5Jok4AW9UbJp8OAWzV6ZIk6gSwVb1h8ukQwFad
+ LkmiTgBb1Rsmnw4BbNXpkiTqBLBVvWHy6RDAVp0uSaJOAFvVGyafDgFs1emSJOoEsFW9
+ YfLpEMBWnS5Jok4AW9UbJp8OAWzV6ZIk6gSwVb1h8ukQwFadLkmiTgBb1Rsmnw4BbNXp
+ kiTqBLBVvWHy6RDAVp0uSaJOAFvVGyafDgFs1emSJOoEsFW9YfLpEMBWnS5Jok4AW9Ub
+ Jp8OAWzV6ZIk6gSwVb1h8ukQwFadLkmiTgBb1Rsmnw4BbNXpkiTqBLBVvWHy6RDAVp0u
+ SaJOAFvVGyafDgFs1emSJOoEsFW9YfLpEMBWnS5Jok4AW9UbJp8OAWzV6ZIk6gSwVb1h
+ 8ukQwFadLkmiTgBb1Rsmnw4BbNXpkiTqBLBVvWHy6RDAVp0uSaJOAFvVGyafDgFs1emS
+ JOoEsFW9YfLpEMBWnS5Jok4AW9UbJp8OAWzV6ZIk6gSwVb1h8ukQwFadLkmiTgBb1Rsm
+ nw4BbNXpkiTqBLBVvWHy6RDAVp0uSaJOAFvVGyafDgFs1emSJOoEsFW9YfLpEMBWnS5J
+ ok4AW9UbJp8OAWzV6ZIk6gSwVb1h8ukQwFadLkmiTgBb1Rsmnw4BbNXpkiTqBLBVvWHy
+ 6RDAVp0uSaJOAFvVGyafDgFs1emSJOoEsFW9YfLpEMBWnS5Jok4AW9UbJp8OAWzV6ZIk
+ 6gSwVb1h8ukQwFadLkmiTgBb1Rsmnw4BbNXpkiTqBLBVvWHy6RDAVp0uSaJOAFvVGyaf
+ DgFs1emSJOoEsFW9YfLpEMBWnS5Jok4AW9UbJp8OAWzV6ZIk6gSwVb1h8ukQwFadLkmi
+ TgBb1Rsmnw4BbNXpkiTqBLBVvWHy6RDAVp0uSaJOAFvVGyafDgFs1emSJOoEsFW9YfLp
+ EMBWnS5Jok4AW9UbJp8OAWzV6ZIk6gSwVb1h8ukQwFadLkmiTgBb1Rsmnw4BbNXpkiTq
+ BLBVvWHy6RDAVp0uSaJOAFvVGyafDgFs1emSJOoEsFW9YfLpEMBWnS5Jok4AW9UbJp8O
+ AWzV6ZIk6gSwVb1h8ukQwFadLkmiTgBb1Rsmnw4BbNXpkiTqBLBVvWHy6RDAVp0uSaJO
+ AFvVGyafDgFs1emSJOoEsFW9YfLpEMBWnS5Jok4AW9UbJp8OAWzV6ZIk6gSwVb1h8ukQ
+ wFadLkmiTgBb1Rsmnw4BbNXpkiTqBLBVvWHy6RDAVp0uSaJOAFvVGyafDgFs1emSJOoE
+ sFW9YfLpEMBWnS5Jok4AW9UbJp8OAWzV6ZIk6gSwVb1h8ukQwFadLkmiTgBb1Rsmnw4B
+ bNXpkiTqBLBVvWHy6RDAVp0uSaJOAFvVGyafDgFs1emSJOoEsFW9YfLpEMBWnS5Jok4A
+ W9UbJp8OAWzV6ZIk6gSwVb1h8ukQwFadLkmiTgBb1Rsmnw4BbNXpkiTqBLBVvWHy6RDA
+ Vp0uSaJOAFvVGyafDgFs1emSJOoEsFW9YfLpEMBWnS5Jok4AW9UbJp8OAWzV6ZIk6gSw
+ Vb1h8ukQwFadLkmiTgBb1Rsmnw4BbNXpkiTqBLBVvWHy6RDAVp0uSaJOAFvVGyafDoG3
+ tbV+4+btu/XJGzczf932wuPnrxU9fPrHq7//pwOCJBCIOoH/ma3Pnty/feXckT1bVs2f
+ Ompgry5tMtPTatf4IHmrUdtsbde1d8zWY+evFj14+vzlX//8jw0CEKgsAv/89eezx/dv
+ XT57ZPeWVfPM1p5d2mQ0qvcmW8fOyF+7be/Rc1du33/87MWrv/9hgwAEKovAX69e/P7r
+ 3ZsXTx/etXnl3E9G/putWTl5Y6Z/sXrLnsNnLt68++jpsxcvX7FBAAKVReDPF8+ePPj5
+ +o+nDu7YuGLOlBEDszuXfW5Nz2yblTNo9LT5KzftPHDqwrU79359+uz5H2wQgEBlEXj+
+ 7Omju7ev/HB8f8GGpZ9NHtE/u1PrZmVcCaelZ7bp0nPgyClzlm8oKDx27tKNonuPHj9l
+ gwAEKo/A44d371z/6czhvdu/XDx74rDcHp1aNWv4+n2rs7Vzdv8Rkz5bsm77nkMnz1++
+ cefuvQcP2SAAgcoi8ODeL7evXzp34sDOzWvyZ47/uG/3ji2blmFrvfRmrTp9lDt0wsz8
+ 1ZsKCo+cvnDp2s3bRUU/s0EAApVDoKjo9o2rF384eWjPtxtWzJ82Jq9Pt/YtmzaoV6v0
+ CE69Rk1bdujeN2/MtHnLvtq6c/+RU+d+vHTl2nU2CECgsghcvXLxwtmTh/cVbF67+PMp
+ IwfmZLVr3qRB3ddtbdi0RfusnIEjJ89euGrD9p2Fh4+dOnvuAhsEIFBpBM6fO3Py2MG9
+ 3235avmCmeOH5doj4czG9V+ztVbdBo3djWvu0HHT5y5ZvWHrd3v2Hzxy7PgJNghAoLII
+ HDt2+EDh7m+3fLVy4eefjM6z29bWGelpdWp+mDyV6YMaterWT89o3bF7n8EjJ82cv3jV
+ V5u2F+zcs7eQDQIQqDwCe/fs/HbrxnUrFs2ZMWHYgF5d7bbVBnBK21qzTprduLbLys79
+ eMyUWXMXLlv95debtmzb/g0bBCBQWQS2b9uyaf26VUvz58yYNGpw3486tbHbVhvAKXlu
+ /bBG7Xp2Kdy6Y7ecAUPHTJ4+e37+kuWr1qxdt+5LNghAoHIIrFu3dvXKZYvz5346beLo
+ If2ys9q3zEhvULcMW+1SuGmLtp265wz4eNS4ydNmfTZ3/oL8hYvYIACByiKwMH/B/Dmz
+ Z06dNG5EXm7Prh3aZDZpmFan1CPhDz6sUauOnVwzWrYzXXMHDx05ZsKkKdOmz5jJBgEI
+ VB6BGdOnTZk0bvSIjwf27dm1Y5sWTdPtQrhmyeHWDz6oUbN23bSGTTJN127ZfXIH5g0d
+ MWr0mHFsEIBAZRIYM3rk8KF5A/vlZGeZrM1MVju1lrxt/cCdXGvXq9/IdG3bMat7dk7f
+ 3AEDB+flDWGDAAQqj0Be3qCB/fv16ZXdrUsHk7Vxw7S6dmp93daate1auFGTjBZt2nfq
+ 0rV7j569cnr36csGAQhUGoE+fXrn9Mru0T2rc4d2rZqbrPXr1a5Vo/SFsDu5hro2bprZ
+ snXb9h07dcnK6tqtW3c2CECgsgh069Y1K6tzpw7t27Rqkdk03WStU8ap1dlq18J16tVv
+ kN6kaWbzlq1at2nbrj0bBCBQqQTatWvbpnXLFpkZTRs3apAWylr6QtgmNpmudnata742
+ MmGbZWRmNm/egg0CEKhMAs2bZ5qpTZukN2pQv17d2rVq1njtrjWYheh0tdNr3XppDRo0
+ bJSent64cRM2CECgMgk0bmzmNWrYoH6aufpmWe3sGvrqhK1XLy2tfv36DdggAIHKJGDW
+ paWZf3XrxFwt4zI4NsXf+Vqjpp1h3VaHDQIQqHQCgXy1atW0a+AaH77Z1fB6ODDW/kan
+ LRsEIFDJBAL37D8+/C9VY6fYuLb297NBAAKVTCBZQ/4aAhCAAAQgAAEIQAACEIAABCAA
+ AQhAAAIQgAAEIAABCEAg2gT+H7bgdu8KZW5kc3RyZWFtCmVuZG9iago0NSAwIG9iagox
+ NzU1MgplbmRvYmoKNDYgMCBvYmoKPDwgL0xlbmd0aCA0NyAwIFIgL1R5cGUgL1hPYmpl
+ Y3QgL1N1YnR5cGUgL0ltYWdlIC9XaWR0aCAzNDYgL0hlaWdodCAxMDAgL0NvbG9yU3Bh
+ Y2UKL0RldmljZUdyYXkgL0ludGVycG9sYXRlIHRydWUgL0JpdHNQZXJDb21wb25lbnQg
+ OCAvRmlsdGVyIC9GbGF0ZURlY29kZSA+PgpzdHJlYW0KeAHt3etPE1kUAHCQQum7hdJC
+ H9va8mpr6VbqVkC3JW1QBHyguNUVghbNli12NTY2i7olrDY2iuBCeESRJYIBloBpkBA1
+ +6/tmeIqM51emPl8zqfeGYcPv5ycDnjvOQUFGCiAAiiAAiiAAihwEIFCjAMIHETy67+B
+ n3foWxRhsAp8EzoEYF/x8n/YVYWfJRAUY+wrIBAAFYW8H27WdRe1RCgs3Q0RRo7AFxqh
+ sATwgXcf2y+uxcUlgCoSiyUSiVQqlWGwCAAM8IjFotJSSpdsS8EWQQ0AVkCVyuRyhVKp
+ wsgjoFQq5HIZ+IoBd9c2T0nIwkK+Uq4yuUKlKitXqysqNBotRo6ARlNRoVaXl6lUCrmM
+ soW8hZLATktlLJWwlKsSVDXayiqdTm8wGDFyBAwGvU5XVanVgK4yawtpS9GyvBtkYaHA
+ SqTgCqxgajSZzYctVgwWAcths9lkBF/ABVuphCq37LSFVI0ViiBhVeWaSh2oWqw1tXX1
+ Npvd7sCgCdjtNlt9XW2N1QK6ukpNuQrSViSkvsdykxZSFmBLJTKFSq3VGc2W6lqb/YjT
+ 5XK73UcxGAKA4nI5j9httdUWs1GnVasUMsjaYgFLPYCUhS8vcRZWb7LU1DucLnfjsR+8
+ Tc0QLRh7BCiRJu8PxxrdLqejvsZi0mdpxfA1xpK0hZCypWKpXKWu1JusdY4Gt8fb1HLS
+ 528NBAJBDJoAkLT6fSdbmrwed4OjzmrSV6pVcqm4FJKWWQ52U1YCsFq9udrmdHuOt/ha
+ g22n2zs6u85iMAS6OjvaT7cFW30txz1up63aTGWtXMKWtJQs1AIlwJqqba5G7wl/4NSZ
+ rnPdF3suhzByBC73XOw+13XmVMB/wtvoslVTBUEpg6TNKQdQDEpKJfIyjc5ktTV4mn3B
+ 9s4Ll0I/9/b13wiHBzBoAuHwjf6+3p9Dly50tgd9zZ4Gm9Wk05RRSZtTDgoPwRsXpGyl
+ 0VLnbGz2t3Wc77nS2x++Ffk1OnQ7hkETuD0U/TVyK9zfe6XnfEebv7nRWWcxVkLSwpsX
+ s9BSxQCqrEZnrnG4vb62zu7Qtes3I9HY3Xvx+wkMhsD9+L27sWjk5vVroe7ONp/X7agx
+ 6zRUpYVyQP81LCurKNcaLfUNnhNBgO0LR4buxBPDDx8lRzAYAslHD4cT8TtDkXAf0AZP
+ eBrqLUZtuYJVtkQkVaqrTNUO93F/+/lQ38BgLJ54mBx9nHqaxmAIPE09Hk0+TMRjgwN9
+ ofPt/uNuR7WpSq2UikpyclZQIpJRxaDW6WkJdPVcCw/+Fh9O/plKP38x/hKDITD+4nk6
+ 9WdyOP7bYPhaT1egxeOspcqBTARfYYxqIBCK5WVag6Xe5f3x1IUr13+JxYdHnqTHJian
+ ZmZmMWgCMzNTkxNj6Scjw/HYL9evXDj1o9dVbzFoy+RiIYusRA5l1mp3N7WeudR7Mwqw
+ qWfjk9Nzr+bfLGDQBN7Mv5qbnhx/lgLa6M3eS2dam9x2KxRauYRFFl4N1FXf1RxphGIQ
+ 6o/cSfzx5NnE1OzrhcW3S8sYNIGlt4sLr2enJp49+SNxJ9IfgnLQeKTmuyo1vBzk5Cy8
+ dCnUVJk9drLt3NVwNP5gND0+NTf/99K7ldU1DJrA6sq7pb/n56bG06MP4tHw1XNtJ49R
+ hVZNvRww6yzIKkG2zuX1ne7uvRVLJFNjk7Pzi8ura+sbmxg0gY31tdXlxfnZybFUMhG7
+ 1dt92ud11YGsklVWqqzQHYYvMH/7xb7I3d9H0xPTrwF2ffN9BoMh8H5zHWhfT0+kR3+/
+ G+m72O6Hr7DDugqllC1npaoKvcX2fVNrR0//4L0Hj5//NbewtLK+mdn6sI1BE/iwldlc
+ X1lamPvr+eMH9wb7ezpam763WfQVqjyyGoPF5m4OdF6+EY0/So1NvVp8989GZmt7B4Mh
+ sL2V2fjn3eKrqbHUo3j0xuXOQLPbZjFo8svCSxfI/hQeup98+mJ6/u3K+nuA/fgJgybw
+ cWd76/36ytv56RdPk/eHwj9RsnbrvrJdofDtxEh6YubN0upG5gPAfsagCXz6uPMhs7G6
+ 9GZmIj2SuB2G1658svBHxFKpSmPI5iyL7L8YewQ+k2Vp/19TWFQMfzaAX8EcR1uCZ0MD
+ McjZl7MLy2ubme2dT5/3/FT8CAKfP+1sZzbXlhdmX0LOxgZCZ4MtRx3wSxj84aC4CGX5
+ JwnK8rcjP4myZB/+d1GWvx35SZQl+/C/i7L87chPoizZh/9dlOVvR34SZck+/O+iLH87
+ 8pMoS/bhfxdl+duRn0RZsg//uyjL3478JMqSffjfRVn+duQnUZbsw/8uyvK3Iz+JsmQf
+ /ndRlr8d+UmUJfvwv4uy/O3IT6Is2Yf/XS6yuJODgzOXnRwF+8jS9t7ggrxHhnECZM/u
+ I9wxR9sex7LgsWMOd3kytnPmWXLd5Yk7k2n7j/MvuO5Mxt30jD3z+ZfcdtPjCRDaKQ/S
+ guMJEDy1RDuZRFpwOrUkwJN2tMN0xAWnk3YCIZ4OpZ0AJS24nQ7FE820Q8vEBbcTzXgK
+ n3HSnrTkcgq/CDtHMLpDkJZcOkdQfWSw2wmjqUneJaduJ9ihh9GFh7Tk0KEHu0rR2kbt
+ s+DSVQo7odFane2z4NYJDbv35bToI1zg0r2PapKKHScZnSXzLTl0nCzALqm0PqjkBZcu
+ qSCLnX33NO8lfuTa2Re7UTNaThOWXLpRU0mLHdRpfdLzLzh1UAdZqh5g13+WDv9slzh0
+ /d+lxUkVOUMpWC9wmVRRgNNVcmao5L/AabrKLi1OBMozACjn8sEnAhVkabPTlnCKFcvc
+ KvolTlOsYNfMlwlh1Dg7nLyWM25tzwWOk9eoDUlZ20M4LXDfOYG7/+DA0wKzm71wwiXr
+ SEvGRc4TLrO2/wODMQZZ4JsXfkIBFEABFEABFEABksB/R7vxwwplbmRzdHJlYW0KZW5k
+ b2JqCjQ3IDAgb2JqCjIxOTcKZW5kb2JqCjUyIDAgb2JqCjw8IC9MZW5ndGggNTMgMCBS
+ IC9UeXBlIC9YT2JqZWN0IC9TdWJ0eXBlIC9JbWFnZSAvV2lkdGggMjI0IC9IZWlnaHQg
+ OTIgL0NvbG9yU3BhY2UKL0RldmljZUdyYXkgL0ludGVycG9sYXRlIHRydWUgL0JpdHNQ
+ ZXJDb21wb25lbnQgOCAvRmlsdGVyIC9GbGF0ZURlY29kZSA+PgpzdHJlYW0KeAHtnPtP
+ Un0cx72g3G+KoFwCDygCIZ3EENGAwSwTu5gWljoSdWEo6WSyvIQzZbJSKZ2XlZnzMjWn
+ jZlz2Z5/7fkc7HlcSvU8W6vT2Xn/5PyF7+v7/nw+33O+3+/npKSQImeAnAFyBsgZ+Lkz
+ kPoH6X+RA1faidJxrZNxpsGw/wPmMRswUSgZf4woFBgwhvojxATdMVomlUo7Fh23+jJA
+ KjUTrADIHxB+ocvIyAQ0OoPBZDJZLBYbx4LhwSAZDDqNhjF+nxDDS4eoBDhAY7E5HC6P
+ x8e5eDwuh8MGSgYgHhN+I0gTeOAdRsfmcPn8rGyBICdHKBThVkJhTo5AkJ3F53M5bIwQ
+ PIQgTQ6IuYeZh9HxgE0oys0TiyVSqQy3kkolYnFerkgIjLwEIViIASYppAk8SDwmC+gA
+ DshkcoUiH1HiWEi+QiGXASUgAiGLiaVhcsBULPeodDCPny3MFQMboiwoVBdpNFqtDpfS
+ ajWaInVhgRIBRnGuMJsPFtKpWJU5ayDYB3g0JpvLF4jEMgWiKtRoz+sNBhRFL+JUMDSD
+ QX9eqylUIQqZWCTgc9ngYAYlSYSCfVBaGAk8iRwpKNLpDWhJ6SWTuRxkwaGwcZlNl0pL
+ UINeV1SAyCUJQAYUmSQGpoJ9NAaLwxfkSuRKta4YNZrMlkqrze5wOJy4FAzMbrNWWswm
+ I1qsUyvlklwBn8Ni0MDA0wF6bB8T8EQShUqjR41lFqvdWXW1usZVex2nqnXVVF+tctqt
+ ljIjqteoFJiDHGYyAzE+iE4e4MlVGkOJqcLmuHKt9kbd7YY7btzqTsPtuhu11644bBWm
+ EoNGhYUojw0GnglQCM9MGpOTJRTLlZpiY7nVWe26Ve++39ziafV623Apr7fV09J8311/
+ y1XttJYbizVKuViYhRl4JkBT02BtAPtyZYhaX1Juq6q52dDY7PF2+B75u7oDuFR3l/+R
+ r8PraW5suFlTZSsv0asRWS4YCGvE6QTEwhOyTyhWFOhQk7XKVeduetDu8wd6+4L9IZyq
+ P9jXG/D72h80uetcVVYTqitQiIVYBkKAfv0Ik+DjZotkSFGxscIJeC1eX1dPMDQwNBwe
+ wanCw0MDoWBPl8/bAoDOCmNxESITZXOT8mXSWTxBnlylQ8ts1TfdLW2dgWBoKDw6FpmI
+ 4lQTkbHR8FAoGOhsa3HfrLaVoTqVPE/AY9Ezz/hHyaSzsfAs1BstjtqGJm/n4+BA+Fkk
+ +mJq+iVONT31Ihp5Fh4IPu70NjXUOixGfSEWoGw6FJhT8UmhMjhZIilSZDBdvnKr8cHD
+ QHBgZDw6GZuZnZ9fwKXm52dnYpPR8ZGBYODhg8ZbVy6bDEWIVJTFYVCT8DE5kH5KLWq2
+ X6tvbvcDXuT59Mzc4uult8u41Nul14tzM9PPIwDob2+uv2Y3o1olJCCHmYQPyqcg71zB
+ +RIIT7fH1xN6Ov48NrvwZnlldW0dl1pbXVl+szAbez7+NNTj87ghQEvOF5zLE0ABPeMf
+ LA9cAZZ+pZVVN+55/cHB0ej07OLSu7WNza1tXGprc2Pt3dLi7HR0dDDo9967UVVZiiWg
+ ACugp/MP+HjApzaYrFfrmjsCoXBkcmZhaWV9a3tndw+X2t3Z3lpfWVqYmYyEQ4GO5rqr
+ VpNBDXy8pHwsXo44H8qLrfp2i6/3yWg0NvcG8Hb2PsRxqg97OwD4Zi4WHX3S62u5XW2D
+ ApMvzuGxkvnH4udIEM0Fs72mwdPZNzj24tXi8trmzl58/+MBLvVxP763s7m2vPjqxdhg
+ X6enocZuvqBBJDn8b/AJpYgGLXe47rT6g8ORydnXKxvvd+P7B4c41cF+fPf9xsrr2cnI
+ cNDfesflKEc1iFT4bT5YHoDvrrerPzwxNbe0urnzAfA+HeFSnw4P9j/sbK4uzU1NhPu7
+ vHcxPq3yh3y1bm93aCQam3+7trUb/wh4n3Gpo0+HH+O7W2tv52PRkVC3FxaIb/HB6xGN
+ xRdKE/4l4fsLh/r8fb6vdihS0zPg8RMeX3QXLc7r7rYA+PdyYXl9ey9+cHj0GYd0MKTP
+ R4cH8b3t9eWFl+BfoM193Wm5qIMHGHgAzUgn+Uj/fm/ckvH57zsgWV9+bygm/XUyPsn4
+ JNf3pKnxS/5J5h+Zf2T+/ZJUS/ojZP6d5B/B329TfsD3p+9PfMVH4P0lYu8PEnx/l+D7
+ 80Q/XyH2+RiF4OebFCrBz6eJfr+A4PdD0gl+vwe7f0bo+1nEvl9H9PuRxL/fSvT7yVh7
+ AHHvl6cQvD8A+Ije30Hs/hzMQCL3VwEfFqHE7Y87BiRuf2MK0ftTjwGJ21+ckgBMdFAT
+ sz8cTiO+dMBjny4gYH8/dtySIEwj6vcZEgdKhP6+RoLwH0wg/TN0MmryL3IGyBkgZ4Cc
+ gZ8zA38D4W08UwplbmRzdHJlYW0KZW5kb2JqCjUzIDAgb2JqCjE4MDEKZW5kb2JqCjU2
+ IDAgb2JqCjw8IC9MZW5ndGggNTcgMCBSIC9UeXBlIC9YT2JqZWN0IC9TdWJ0eXBlIC9J
+ bWFnZSAvV2lkdGggMzQ2IC9IZWlnaHQgNzIgL0NvbG9yU3BhY2UKL0RldmljZUdyYXkg
+ L0ludGVycG9sYXRlIHRydWUgL0JpdHNQZXJDb21wb25lbnQgOCAvRmlsdGVyIC9GbGF0
+ ZURlY29kZSA+PgpzdHJlYW0KeAHtnOtTUmsUxtVQ5A6KoCBBG2+ASPuI4a3AwbFMPZVm
+ Uamjkk4YRjpSTF4bS4pR05OO6aSZZXdHG7tMnX/urI2dam826O7zej6x9jB8+M3ied/9
+ vmutpCQUEkACSAAJIAEkgAQOQiAZdQACByH58zvweym/dAjFSuAXoRQA9hNe/A97VOG3
+ eLxU1L4EeDxARUHeD26U6x7UND4/fU8CVAyBH2j4/DSAD3j3YfuDa2pqGkAVCIUikUgs
+ FktQLAQADOARCgXp6RTdxGwpsIfAAwArQBVLpFKZXK5AxSEgl8ukUgnwFQLcPbZxLCEK
+ FvKV4iqRyhSKjEylMitLpVKjYgioVFlZSmVmhkIhk0ootpC3YAnsaKmMpRKW4ioHqip1
+ do5Go83N1aFiCOTmajWanGy1CujKo2whbSm0LHuDKFgwWJEYuAJWYKrTGwxHCCOKhQBx
+ xGDQ64AvwAW2YhFlt+xokymP5QsgYRWZqmwNUCWM+QWFRSaT2WxB0QiYzSZTUWFBvpEA
+ uppsVaYC0lbAp9ax2KSFlAWw6SKJTKFUa3QGIq/AZC622mwkSf6FYhAAKDabtdhsKsgj
+ DDqNWqmQSSBrU3ksfgApC4uXMApWqyfyiyxWG1ladsxRUQmqQv1GgCJS4ThWVkrarJai
+ fEKvjaIVwjLGkrTJkLLpQrFUoczW6o2FlhLS7qioOu501bjd7loUjQAgqXE5j1dVOOxk
+ iaXQqNdmKxVSsTAdkpZpB3spKwKwaq0hz2Ql7eVVzpraulP1DY1Nf6MYBJoaG+pP1dXW
+ OKvK7aTVlGegslYqYktaiix4gRzA6vNMtlJHtct98nTTmeaW1gseVAyBC60tzWeaTp90
+ u6odpTZTHmUIcgkkbYwdgBmkpYukGSqN3mgqsVc6a+sbz533XGnv6Oz2eq+iaAS83u7O
+ jvYrnvPnGutrnZX2EpNRr1FlUEkbYwfJKbDjgpTN1hGF1tJKV13D2dZL7Z3eXt91f/+N
+ AIpG4Ea//7qv19vZfqn1bEOdq7LUWkjosiFpYefFNFrKDMBlVRpDvoV0OOsamz1tXT0+
+ f2BwKHg7hGIQuB0cGgz4fT1dbZ7mxjqng7TkGzQqymnBDuivYVGysky1jigqsVfXAtgO
+ r69/IBgaHh2buItiEJgYGx0OBQf6fd4OQFtbbS8pInTqTBkr2TSBWK7M0edZyHJX/VlP
+ x9W+QDA0OjF5P/wwgmIQeBi+PzkxGgoG+q52eM7Wu8pJS54+RykXC9JicpaXJpBQZlBg
+ tVe5m1rbvH03g8MT98KRmUdz/6AYBOYezUTC9yaGgzf7vG2tTe4qu7WAsgOJAJYwhhvw
+ +EJphjqXKLI5Tpw8d6nrWiA4fHcqMju/sPjkyTKKRuDJk8WF+dnI1N3hYOBa16VzJ084
+ bEVErjpDKuSzkBVJwWaNZrKi5vT59h4/gA1Pzy0srTxde7aOohF4tvZ0ZWlhbjoMaP09
+ 7edP11SQZiMYrVTEQha2Bsqcw/nFpWAGnk7fQGh8anp+cXl1fePl5isUjcDmy4311eXF
+ +emp8dCAr9MDdlBanH84Rwmbg5ichU2XTEnZbNnxujOXvf7gyGRkbnFl7fnm67fv3qNo
+ BN69fb35fG1lcS4yORL0ey+fqTteRhmtktocMH0WyMqBbKHN4TzV3N4bCE2EZxeW1zZe
+ vXu/tb2DohHY3nr/7tXG2vLCbHgiFOhtbz7ldNgKgayclaxYnqU5AguYq76lwzd4ZzIy
+ v7QKYLd2Pu6iGAQ+7mwB2tWl+cjknUFfR0u9C5awI5osuZgtZ8WKLC1hOlpR09Da2Tc0
+ cn/m8cr65tutnd3PX76iaAS+fN7d2Xq7ub7yeOb+yFBfZ2tDTcVRE6HNUsQhq8olTGSl
+ u/FCtz84Fp5dfLrx+sP27uev31AMAl8/725/eL3xdHE2PBb0d19odFeSJiJXFZ8sbLqA
+ 7EWv/9b4g0dLqy/ebO18+vLt+78oGoHv37582tl682J16dGD8Vt+70WKrNmIZGmU/iT4
+ A7LoBoy/fZyQqxvgCkZbp+IHXFcw3HUx9lbxQ267LnxToL0NJAo4ving2y3tDTZRwOnt
+ locnMrRDl4QBpxMZHh9PEWknhYkCbqeIePJNO9xOGHA7+cbbGsaNTKKQy23NIbxhZNwi
+ Jgq53DBS9QZ4K864/I4bcroVx0oORrVGopBDJQdWH9HKi/YJuFQfYcUcrSRun4BbxRxW
+ ecaUciZ4wKXKkyqmx8pkRgVyvJBDZXISVtPT6uUTB1yq6YEsdoD81uSR8CPXDhDsWmK0
+ JiUIuXQtUUmLnXa0frr4AadOOyBL+QF2h7J0grI94tAduocWO5pjmpdZH3DpaE7CLvyY
+ Xvv4Dzh14e+hxckRcQZFxDw++OSIpCja6FQOnHbCMt+E/ojTtBOor/8xSYYae4QTemLG
+ 8vz2gOOEHqp1Ico2BadK7TtPau8LB54qFW0LwUlorKPPGA85T0KLsv0fMDBGJSbwixd+
+ QgJIAAkgASSABJBAIgL/AYb0LTsKZW5kc3RyZWFtCmVuZG9iago1NyAwIG9iagoxODg5
+ CmVuZG9iago1OCAwIG9iago8PCAvTGVuZ3RoIDU5IDAgUiAvTiAzIC9BbHRlcm5hdGUg
+ L0RldmljZVJHQiAvRmlsdGVyIC9GbGF0ZURlY29kZSA+PgpzdHJlYW0KeAHVWXVYVU23
+ n32SOnR3d3c3SHeKCIfuDglBUUFAEAEJCQlpxSAEVKQUUKREQEAEFKVUFJAU7kbf9/2+
+ +3z3/nf/ufs8Z/Zvr7VmzZy9ZmbFAYBhDR8U5IcgB8A/ICzE4oQmu539SXbsFMACavhD
+ DpjwrqFBGmZmRuB/vX6OA+iY+VrkWNf/KvY/Myjc3ENdAYDMYLaLW6irP4wbAUBougaF
+ hAGA3IHpw5FhQTBG9cGYOgSeIIxnjrHnH7x+jF1+YzTqt4yVhRYAaHoACEjw+BBPAHDc
+ MJ09wtUT1oPTBgBDGeDmHQAAlR2MVV298G4AMOTBMsL+/oHHuAfG/C7/psfz3zAe7/KP
+ Tjze8x/857fAPeGBtb1Dg/zwUb8f/i8bf79w+H39vijhliTAz+TYNrTwd8kNr20I35nh
+ 72GQ32+bwTIQo3uAtSVMO8bCAS4mpn9hVY8QXQsYw30hs6AwzWMMvzPIIyjMzOovely0
+ l5YJjElgerZ7qM7fekp88AbHNiOF6Q9Cwi2sYcwN447QCEsdGMMrCvoY7WVl+5fMppu7
+ 9l90BMLDW1f/jwyC0jtM/3gsatjmnL6BhsdzgMdCyAJD4AfcQTgIgdsAIAKMgBbQ/qsV
+ AR4AD3MiYF4o8AWfYOwP9wiE+wTCmP0vOa3/oOj+7ucJ9/vvGtmBKywb/s+Yf0Zjh8f8
+ W6c3cIPx33Q8PMYx73h2oU7eCf8a82+JY32/ZyNeJ74sfvD3nFC8KEmUDEoTpYJSRSkA
+ dhQtihGIoKRR8igNlBpKCeYpAF3wEdbs+fccj/X7P/CIyAuMUrTxgrnHv93lby6w+S3t
+ /c/zf8wAeA+uPVz7ewYAhLmfgfcBAFqBQVEh3p5eYewa8M51F2bXD3AVFWaXFJcQP2b/
+ v7mOz6w/k92w+H0WQbRD/6IFPgBAsRFeUyb/orliAWjiAoDC8F80blZ42QoA8DTbNTwk
+ 4o8+1PENDYgAGbxCGQAr4AL88HuWBLJACagDHWAATIEVsAen4fXjBa/BEBAJYsF5kAhS
+ QQa4Dm6Am6AcVIM74AF4CB6DTvAcvATD4A2YBnNgEayCdfAT7EMQhIVwEBXEALFBPJAQ
+ JAnJQ6qQDmQEWUD2kDPkCQVA4VAsdAFKhTKhG1ApVAPdh1qhTqgfGoHeQvPQMvQD2kMg
+ ESQIagQLghchhpBHaCAMEVYIR4QnIhgRjbiISEfkIcoQtxHNiE7ES8QbxBxiFbGFBEhi
+ JC2SAymClEdqIU2RJ5EeyBBkHDIFmYMsQ9Yj25C9yNfIOeQacheFQVGh2FEi8DrVQ1mj
+ XFHBqDjUFdQNVDWqGdWDeo2aR62jDtE4NDNaCK2I1kfboT3RkehEdA66Et2EfoZ+g15E
+ /8RgMLQYPowcRg9jj/HBxGCuYIowdzEdmBHMB8wWFotlwAphVbCmWDw2DJuIzcfexj7F
+ jmIXsTsExARsBJIEugQnCQIIEghyCGoJ2glGCT4T7BOSE/IQKhKaEroRRhFeJbxF2EY4
+ RLhIuE9EQcRHpEJkReRDdJ4oj6ie6BnRDNEGMTExJ7ECsTmxN/E54jzie8R9xPPEuySU
+ JIIkWiSnSMJJ0kmqSDpI3pJs4HA4Xpw67iQuDJeOq8F142ZxO6RUpKKk+qRupPGkBaTN
+ pKOkX8kIyXjINMhOk0WT5ZA1kA2RrZETkvOSa5HjyePIC8hbySfItyioKCQoTCn8Ka5Q
+ 1FL0UyxRYil5KXUo3SgvUpZTdlN+oEJScVFpUblSXaC6RfWMapEaQ81HrU/tQ51KfYd6
+ kHqdhpJGmsaG5gxNAc0TmjlaJC0vrT6tH+1V2ge047R7dCx0GnTudMl09XSjdNv0TPTq
+ 9O70KfR36d/Q7zGwM+gw+DJcY3jI8I4RxSjIaM4YyVjM+IxxjYmaSYnJlSmF6QHTFDOC
+ WZDZgjmGuZx5gHmLhZXlBEsQSz5LN8saKy2rOqsPazZrO+syGxWbKps3WzbbU7YVdhp2
+ DXY/9jz2HvZ1DmYOPY5wjlKOQY59Tj5Oa84Ezruc77iIuOS5PLiyubq41rnZuI25Y7nr
+ uKd4CHnkebx4cnl6ebZ5+XhteZN4H/Iu8dHz6fNF89XxzfDj+NX4g/nL+McEMALyAr4C
+ RQLDgghBGUEvwQLBISGEkKyQt1CR0IgwWlhBOEC4THhChEREQyRCpE5kXpRW1Eg0QfSh
+ 6FcxbrGTYtfEesUOxWXE/cRviU9LUEoYSCRItEn8kBSUdJUskByTwknpSsVLtUh9lxaS
+ dpculp6UoZIxlkmS6ZL5JSsnGyJbL7ssxy3nLFcoNyFPLW8mf0W+TwGtoKkQr/BYYVdR
+ VjFM8YHiNyURJV+lWqUlZT5ld+Vbyh9UOFXwKqUqc6rsqs6qJapzahxqeLUytQV1LnU3
+ 9Ur1zxoCGj4atzW+aoprhmg2aW5rKWqd1erQRmqf0E7RHtSh1LHWuaEzq8up66lbp7t+
+ QuZEzIkOPbSeod41vQl9Fn1X/Rr9dQM5g7MGPYYkhpaGNwwXjASNQozajBHGBsZZxjMm
+ PCYBJg9Ngam+aZbpOzM+s2CzR+YYczPzAvNPFhIWsRa9llSWTpa1lj+tNK2uWk1b81uH
+ W3fZkNmcsqmx2bbVts20nbMTsztr99Ke0d7bvuUk9qTNycqTWw46DtcdFk/JnEo8Ne7I
+ 53jGsf8042m/00+cyJzwTg3OaGdb51rnA7wpvgy/5aLvUuiy7qrlmuu66qbulu227K7i
+ nun+2UPFI9NjyVPFM8tz2UvNK8drzVvL+4b3dx89n5s+276mvlW+R362fnf9Cfyd/VsD
+ KAN8A3oCWQPPBI4ECQUlBs0FKwZfD14PMQypDIVCHUNbwqjh4HAgnD/8Uvh8hGpEQcRO
+ pE1kwxmKMwFnBqIEo5KjPkfrRlfEoGJcY7piOWLPx86f1ThbGgfFucR1xXPFX4xfPHfi
+ XPV5ovO+518liCdkJmxesL3QdpHl4rmLHy6duFSXSJoYkjiRpJR08zLqsvflwWSp5Pzk
+ wxS3lBep4qk5qQdXXK+8SJNIy0s7SvdIH7wqe7U4A5MRkDF+Te1adSZFZnTmhyzjrOZs
+ 9uyU7M3rTtf7c6RzbuYS5YbnzuUZ5bXkc+dn5B/c8LrxpkCz4G4hc2Fy4XaRW9FosXpx
+ /U2Wm6k390q8SyZLT5Q2l/GW5ZRjyiPKP92yudVbIV9RU8lYmVr5qyqgaq7aorqnRq6m
+ ppa59modoi68bvn2qdvDd7TvtNSL1Jfepb2beg/cC7+3ct/5/vgDwwddDfIN9Y08jYVN
+ VE0pzVBzVPP6Q6+Hcy32LSOtBq1dbUptTY9EH1U95nhc8ITmydV2ovaL7UdPo59udQR1
+ rHV6dn7ocuqa7rbrHusx7xl8Zvis77nu8+5ejd6nfSp9j/sV+1tfyL94+FL2ZfOAzEDT
+ K5lXTYOyg81DckMtwwrDbSPKI+2jaqOdr7VfPx/TH3v5xuTNyLj1+OTEqYm5SbfJpbd+
+ b79PRUztT5+bQc+kvCN/lzPLPFv2XuD93TnZuSfz2vMDC5YL0x9cP6x+DP14sHjxE+5T
+ zme2zzVLkkuPl3WXh1ccVhZXg1b31xK/UHwp/Mr/tfGb+reBdbv1xe8h349+XNlg2Kja
+ lN7s2jLbmv3p/3N/O2WHYad6V363d8927/N+5AH2IO+XwK+2Q8PDmSP/o6MgfAj+dyyA
+ hFuEhwcAP6rgHMIezh2GASDq+JNT/JaA0xUIloExCZAHybBPN4HuIlgRaUgcMgvFh+pD
+ h2GEMV+xHQTlhBlEl4gvkWTjqkgnyBko3CkbqCEae9r79EQM9ozVTF9Z+FhN2XzYIzii
+ OOO5krmzeAp4y/gq+SsEKgRLhPKFM0SSROPFosQjJCIkY6XOSJ+UEZNFy76Ta5JPV/BW
+ 1FXiVkYoL6h0qZarXVL30bDSVNUS0mbQIdQ50P124rPee/1pg0nDcaNx40mTCdMxs9fm
+ oxajlmNWk9bvbD7artpt2B86EJ6icKQ4Te5E7kyOp3ShdqV3Y3bn9OD3FPdS9Db2CfMt
+ 8uvxXwkkC5IOtg6JCM0KuxveH7EQuR9FHS0coxvrdDYqLiv+zrnn598n7FykuCSYqJlk
+ fzkkOS2lLnXgyo905qtGGXHXGjPXsvmuO+Vk5T7L274hUGBfeLnoYfFiCWWpWplvedqt
+ ior2yomqHzW4WsE6vdued5Lqa+6+vPftAV2DWqNHU2pz/cPBlrU2gkccj+WfmLTbPLXo
+ MO7U79LuVu9Rfib/XKpXrE+on6X/4MX4y7sDia8cBkUHj4YGh2+MeIxKvgavp8aa32SN
+ B02YToq/pXi7MTU+3TZT8i5x1v+91ZzSPMcCdmHtw/DHxsW8T7GfHZeUl5mWd1fGVxvW
+ rn7x/ar7jePb0frhD74N+83rWzPbkjtZu0f74Qcbh5FHR7D90YAGjhGdQAFYgmSgZGgN
+ YYcYRTrC8VMx2hxDhfmIfUJQQVhAlENcSNKN2yNTJo+n6KFCUqvRxNDW071noGaEvTJz
+ EksVay/bAvtXjk+cY1xPuCt4rvAG8Znw8/EfCAwKFgp5CksK74p0iCaKGYuziW9LDElW
+ SsVIG8kwynyUrZMLkpeU/6FwTzFUSU2ZRvmHyphqi1qherzGaU15LSKtEe10HQ2ddd2n
+ J27rFelnGqQYJhklGaeYZJjmmd00r7Kot7xlFWNtYsNps2P72q7RvvBkmkPyqTTH/NN3
+ nFqd7+OrXUpd890y3a94JHqe94r1jvQJ9Q3yC/D3C/AJ9A7yDvYO8Qn1CwuEA+nwyKgz
+ Z6MSopNi0mKzzxbFVcU3nOs8P5ywcGHrEmEia5LsZbNk35TE1NIrT9Lepm9lUF4TyzTO
+ 8slOuH49pyb3cd5I/uKN/UKKIv5itZu2JUGlyWU15X23lioJqwSqDWp8a6/U3bk9dGf9
+ LuU96fvWD8Ibrjc2NI00f2nBtnK0KT4yf+zyJLj93NOrHQWdVV33u9t6OuHzarD3dV9f
+ f/uLxpe3BypflQwWDuUP543kjha8rh5redM3/nZiZXJ/CjfNNiPxTnvW9n3IXO58x8Ly
+ R6pFtU9+n/OXepe3VrnXTn+p/Ua0fukHw8bAVvF2ym76fsWvgb/szwCUQTBogUjgM6AQ
+ 2obt/wyOrcdQIWh29ArmMbaGoInwDdEmCTVOhNSKLJq8iKKd8j01ikaQ1pDOkz6GIZ4x
+ himaOZolnNWfzYXdnEOJk5nzJ1cXdxyPGM8sbyqfPN88f6KAoMBzQRfBA6FsYWHhXhFX
+ USBaKKYo9kY8SAInUSOpK7kglSDNI/1a5oKspOy83DV5Dfl1hZuKZkpA6Y6ygwqhSquq
+ txqT2pD6JQ0VjS3Nu1p+2kLaKzo1ul4n+OFzolLf3YDH4KNhuRHemNX4nUmxKd6M22zF
+ /L5FtKWOFZXVvPU9mzhbYzsmuxX71pOXHWxP8ZzadOw5nePk46yGp8Ovu7x0rXJLdHf3
+ 0Pbk9kJ6LXh3+pT4xvud9lcIoA74FjgQVBucEuIbahwmFk4Vvh0xFfn4TFFUbPTJGNlY
+ ithvZ6fi3sSPnHt1/mVC34Xei72XehN7k55f7k7uSulO7b3yKm08fe7qasbWtb3M/axd
+ 2Luu5szmDuW15zfdGC5YLcIUc91UKzlVGgX7zcZbAxULlXvVNDVStVZ1Z24X33lev3qP
+ 8r78A6eGxMb6pvHmwxa+Vou2uEe1jyfaUU+lOvCdGV0d3WvPqJ8r9Dr2xfUXwh5tZODH
+ oMFQxQhm1O/12zem4wOTZm/fzbDNNs53L4Ysj3x9uam8e3hs/z+1pWOfgJEFoLwfAFsJ
+ AMwYASjagMsk6wCQBcLPOACsFACCawJAL1QAZL76j//AwjUZAaAKZ5a+4AJ8ijSAAfAJ
+ gis5kCxkCnnDWWAx1AZNQJsISoQEwhwRiriOaEPMIQmRMkg3ZC5yCEUAVxjOotpQe2gl
+ 9Dl0L4Yc44i5jTnEmmMrsQcElgS1hAhCH8IZIjOi58RqxK0kMiQNOClcE6kiaQeZHtkQ
+ uR35AkUAxR7lZSo6qkpqOeo+Ggeab7QX6RjpHtJb0W8wZDPKMr5lOsvMydzPEszKxPqM
+ LZidi/0dRy6nFRcl1yjssWx4GXnfwz4rQEBOYFfwvpCPMI/wB5Fboh5iQmKb4k8l0iWd
+ pKSlSaQ/yXTJlsidk8craCsKKJEp7cDx87DqU7V76rc08jWvaV3RTtJJ0D17IlIvSN/T
+ 4JShmZG2sZyJoCmLGYU5kQXWEmtFaE1iQ2nLZMdrL3VSy8H6lLdj/Olcp3bnby4crlZu
+ l93bPTa9BL1dfG74jvmTBugHJgY9Dd4NlQuLDH8UiTxjFlUavR1rfvZ+PPW56ATkhexL
+ /Intl22S11PT0kTThzPCM5mzdq+v5M7lzxZ8LtotoS9TvxVYWVbdWNtz+03953s7DURN
+ LA/FW7Uf2T3xe3qhs7j7ybP5PqIX8gO+g6XDU6853gROdE0xzkTMTs6rfbj9iXlJaQW3
+ OvEl55vB+saPjE2erfvbsjvNexL7Vb+YD9N/nx9UQBiu8jiBKJAFVw76wAdwCDFBcpA5
+ 5AclQeVQBzQLHSLY4PzeHZGKeICYQqKREkgn5FVkJ3ITJYhyR1WhvqDl0BfQoxheTDxm
+ BquKrSSgIDhPsEXoTzgPZ8MviLWJe0j0ScZw7rhfpDfIlMkmyP0pAEUWJT9lB5UjNYL6
+ Hk0ArSYdG91z+gAGaoZHjHgmLNMdZkvmPZZyVhPWfbY69gsc7px6XELcxNyLPG28l/nM
+ +Wn5JwXyBEOEzITFRChEtkSnxDrFayWuS16QCpF2lbGW1ZdTl5dXkFAUURJUFlARUBVS
+ E1OX0VDR1NWy0D6t46cbcyJVr0C/zuCx4SujWePvpigzBnNhC3VLGyt/60SbUtsndtP2
+ +w7Mp9Qc3U6nOLU5r7vwu7q4FbpPedJ52Xrn+kz5sfq7BNQEfg+WCjkT2h6OiTCLLDiz
+ FC0Xczl2Ok4s/tK5dwmyF7Iu/ki0TGpJZk9JTd1L809fyHC4Np7lkL2UcyaPKL+kQKlw
+ qvhsCU/paPn5CpnK1equ2oLbYfUm9/geQA3TTU0PM1r9Hqk/QbW/6Mjscujhe7bZ29Wf
+ 9dLjlcIQ2fCn0aoxl3HWiam3udNW7yhnh+cyFsw/Ui9Ofs5dVl2ZXMN/mfymup77fWGD
+ ddNsK+Zn4Xbzzqvdmb3l/R8HO78ODn+fH3D1VAjowRWlOJAL7oN+uFK0DZFDgpAu5ALF
+ w3u/HZqDKz18CCN45xciehE/kYKw9a8jB1FEcF0mBTWMZkL7op9hxDDFWCpsOgEVQRlc
+ G3lLFE3MRtxPEo0Tx62S1pF5k7OST1LkUNpRsVGtULfSXKP1pdOj52PAMiwxDjDdY85m
+ iWX1YrNlN+TQ4lTlUuHW4jHmteNz4w8WiBdMFyoSrhN5LDoitiyBluSW0pX2k8mV7ZZb
+ V2BVNFKKVq5WmVDDqMtp+GiWak3r0OvanSjU+2AgDUcZMyaSppfN3lvIWWZafbExtr1v
+ z3gyxeHIMeb0gXM4/oUrp1u0+xgcZ6Z5r/oa+t0JoAqMD1oNsQntDBeMyIIjTPfooVjN
+ s0/jNc8NJDhf+HWpPMns8k6KR+p4ml56W4bYtYosluzcHKrcq/m0N8oKRYtab2qW9JeZ
+ lo9V2FVOV7vVfK2LvoOpz7nHe7+lwbBxrjmiBdda/kjp8Vh7QAdhZ0W3Vs/C84Q+7v6X
+ L2NeiQ0uDVeO+ozJjGMmZt4+mJadaZ1VfN86L7Nw5yPHYsanvSWX5d5VQTjXiP0a8M14
+ nXd95fvdH/YbiI1bmzKbz7est8Z+Wv4c3TbYfrIjtlO2S7YbtbuwZ7TXuE+/f3Z//kDn
+ oOoXwS+vX/2HgodJh4tHWkelx/s/1ENK8th7AIhEEw4mZ4+ONngBwGYC8Ova0dF+2dHR
+ r3I42YD/A+nw+/N/xbEwBq65F8I5CQC9Lu9Lj+//fv0XqSaZeAplbmRzdHJlYW0KZW5k
+ b2JqCjU5IDAgb2JqCjU5NjIKZW5kb2JqCjM1IDAgb2JqClsgL0lDQ0Jhc2VkIDU4IDAg
+ UiBdCmVuZG9iago2MCAwIG9iago8PCAvTGVuZ3RoIDYxIDAgUiAvTiAxIC9BbHRlcm5h
+ dGUgL0RldmljZUdyYXkgL0ZpbHRlciAvRmxhdGVEZWNvZGUgPj4Kc3RyZWFtCngBhVJP
+ SBRRHP7NNhKEiEGFeIh3CgmVKaysoNp2dVmVbVuV0qIYZ9+6o7Mz05vZNcWTBF2iPHUP
+ omN07NChm5eiwKxL1yCpIAg8dej7zezqKIRveTvf+/39ft97RG2dpu87KUFUc0OVK6Wn
+ bk5Ni4MfKUUd1E5YphX46WJxjLHruZK/u9fWZ9LYst7HtXb79j21lWVgIeottrcQ+iGR
+ ZgAfmZ8oZYCzwB2Wr9g+ATxYDqwa8COiAw+auTDT0Zx0pbItkVPmoigqr2I7Sa77+bnG
+ vou1iYP+XI9m1o69s+qq0UzUtPdEobwPrkQZz19U9mw1FKcN45xIQxop8q7V3ytMxxGR
+ KxBKBlI1ZLmfak6ddeB1GLtdupPj+PYQpT7JYKiJtemymR2FfQB2KsvsEPAF6PGyYg/n
+ gXth/1tRw5PAJ2E/ZId51q0f9heuU+B7hD014M4UrsXx2oofXi0BQ/dUI2iMc03E09c5
+ c6SI7zHUGZj3RjmmCzF3lqoTN4A7YR9ZqmYKsV37ruol7nsCd9PjO9GbOQtcoBxJcrEV
+ 2RTQPAlYFH2LsEkOPD7OHlXgd6iYwBy5idzNKPce1REbZ6NSgVZ6jVfGT+O58cX4ZWwY
+ z4B+rHbXe3z/6eMVdde2Pjz5jXrcOa69nRtVYVZxZQvd/8cyhI/ZJzmmwdOhWVhr2Hbk
+ D5rMTLAMKMR/BT6X+pITVdzV7u24RRLMUD4sbCW6S1RuKdTqPYNKrBwr2AB2cJLELFoc
+ uFNrujl4d9giem35TVey64b++vZ6+9ryHm3KqCkoE82zRGaUsVuj5N142/1mkRGfODq+
+ 572KWsn+SUUQP4U5WiryFFX0VlDWxG9nDn4btn5cP6Xn9UH9PAk9rZ/Rr+ijEb4MdEnP
+ wnNRH6NJ8LBpIeISoIqDM9ROVGONA+Ip8fK0W2SR/Q9AGf1mCmVuZHN0cmVhbQplbmRv
+ YmoKNjEgMCBvYmoKNzA0CmVuZG9iagozMSAwIG9iagpbIC9JQ0NCYXNlZCA2MCAwIFIg
+ XQplbmRvYmoKNjIgMCBvYmoKPDwgL0xlbmd0aCA2MyAwIFIgL04gMyAvQWx0ZXJuYXRl
+ IC9EZXZpY2VSR0IgL0ZpbHRlciAvRmxhdGVEZWNvZGUgPj4Kc3RyZWFtCngBhVTPaxNB
+ FP42bqnQIghaaw6yeJAiSVmraEXUNv0RYmsM2x+2RZBkM0nWbjbr7ia1pYjk4tEq3kXt
+ oQf/gB568GQvSoVaRSjeqyhioRct8c1uTLal6sDOfvPeN+99b3bfAA1y0jT1gATkDcdS
+ ohFpbHxCavyIAI6iCUE0JVXb7E4kBkGDc/l759h6D4FbVsN7+3eyd62a0raaB4T9QOBH
+ mtkqsO8XcQpZEgKIPN+hKcd0CN/j2PLsjzlOeXjBtQ8rPcRZInxANS3Of024U80l00CD
+ SDiU9XFSPpzXi5TXHQdpbmbGyBC9T5Cmu8zuq2KhnE72DpC9nfR+TrPePsIhwgsZrT9G
+ uI2e9YzVP+Jh4aTmxIY9HBg19PhgFbcaqfg1whRfEE0nolRx2S4N8Ziu/VbySoJwkDjK
+ ZGGAc1pIT9dMbvi6hwV9JtcTr+J3VlHheY8TZ97U3e9F2gKvMA4dDBoMmg1IUBBFBGGY
+ sFBAhjwaMTSycj8jqwYbk3sydSRqu3RiRLFBezbcPbdRpN08/igicZRDtQiS/EH+Kq/J
+ T+V5+ctcsNhW95Stm5q68uA7xeWZuRoe19PI43NNXnyV1HaTV0eWrHl6vJrsGj/sV5cx
+ 5oI1j8RzsPvxLV+VzJcpjBTF41Xz6kuEdVoxN9+fbH87PeIuzy611nOtiYs3VpuXZ/1q
+ SPvuqryT5lX5T1718fxnzcRj4ikxJnaK5yGJl8Uu8ZLYS6sL4mBtxwidlYYp0m2R+iTV
+ YGCavPUvXT9beL1Gfwz1UZQZzNJUifd/wipkNJ25Dm/6j9vH/Bfk94rnnygCL2zgyJm6
+ bVNx7xChZaVuc64CF7/RffC2bmujfjj8BFg8qxatUjWfILwBHHaHeh7oKZjTlpbNOVKH
+ LJ+TuunKYlLMUNtDUlLXJddlSxazmVVi6XbYmdMdbhyhOUL3xKdKZZP6r/ERsP2wUvn5
+ rFLZfk4a1oGX+m/AvP1FCmVuZHN0cmVhbQplbmRvYmoKNjMgMCBvYmoKNzM3CmVuZG9i
+ ago4IDAgb2JqClsgL0lDQ0Jhc2VkIDYyIDAgUiBdCmVuZG9iago0IDAgb2JqCjw8IC9U
+ eXBlIC9QYWdlcyAvTWVkaWFCb3ggWzAgMCA2MTIgNzkyXSAvQ291bnQgMSAvS2lkcyBb
+ IDMgMCBSIF0gPj4KZW5kb2JqCjY0IDAgb2JqCjw8IC9UeXBlIC9DYXRhbG9nIC9PdXRs
+ aW5lcyAyIDAgUiAvUGFnZXMgNCAwIFIgL1ZlcnNpb24gLzEuNCA+PgplbmRvYmoKMiAw
+ IG9iago8PCAvTGFzdCA2NSAwIFIgL0ZpcnN0IDY2IDAgUiA+PgplbmRvYmoKNjYgMCBv
+ YmoKPDwgL1BhcmVudCA2NyAwIFIgL0NvdW50IDAgL0Rlc3QgWyAzIDAgUiAvWFlaIDAg
+ NzgzIDAgXSAvVGl0bGUgKENhbnZhcyAxKQo+PgplbmRvYmoKNjcgMCBvYmoKPDwgPj4K
+ ZW5kb2JqCjY1IDAgb2JqCjw8IC9QYXJlbnQgNjcgMCBSIC9Db3VudCAwIC9EZXN0IFsg
+ MyAwIFIgL1hZWiAwIDc4MyAwIF0gL1RpdGxlIChDYW52YXMgMSkKPj4KZW5kb2JqCjY4
+ IDAgb2JqCjw8IC9MZW5ndGggNjkgMCBSIC9MZW5ndGgxIDEyNTkyIC9GaWx0ZXIgL0Zs
+ YXRlRGVjb2RlID4+CnN0cmVhbQp4AdV7eXhURbZ41d17Te97p/um01v2hWwkkCZkYwmG
+ hCVBggkkbIoghgiMYFAcISqKKET0qSiyqmlChAbExzggOuOMqAwqLm8cwXHmmee8eeiM
+ Qrp/p24nATLjfP7hN9/365tTVaeqbt1Tp06dpe5N+/IVbUiFOhGName1LJuPpF/GCwhR
+ 6+ctaVkWx/WjEMKr53W0u+M4G0CIvmX+sgVL4rjwKEJy54JbVg3eb7iEkDVrYVtLa7wd
+ XYE8fyFUxHEM46HkhUvaV8ZxXR/knbcsnTfYbggDXrakZeXg89HHgLtvbVnSFu+fsQHy
+ 5GVLb28fxJMhb122vG2wP24A+t5GGGrdaCmSoZsRjyikgasJIf5LuRMx0Era4deapthy
+ U0LJN0grSPhNNQ9J+eviK+f+3nbFr9gsfAcVsqH+JOeC0SBCSgzt/YrNwy3SfZC4I6g+
+ NYImAJQC5AGkpo6zoE68Cz0M8AwAjRbh+9EqgI0AjwMww6W9gB3B9/cyQugoXoVseGJI
+ wbimGawui1zhejeCub6nXB9aPj+GrbB6n2FrrwrJxsnxM/hp1Ipc+HnkxatRNQrg7QeD
+ t7iaoWkvWgbQCUBLKcZ7exNzXK/iNORlMNzjQ4kMPuT6Y3a662J2hMK9rtf8EQayXyQC
+ FkpwnXA+5fpP5wLXqwD74037gtDjkGuv8xbXlsQI3t7resQZwXDP5ni2wgm3HnItCW51
+ tWZL7ZO3Rqj9va4iaJ8RUrjyC0VXnvOCK9MfETDg6c7JrpTs37iS4Ubo5oZBvSGty+Hc
+ 4hoNTYnOCv9ogGN4H34CpeAner0TXUehCNM9OCFYuDWCf3awOpDtjeDVofzqwNZgtd8b
+ nOzyBiv9fijPeINfz9/Ij+Nz+FQ+wPt4kbfzBkEnaAS1oBTkgiDwEfxCb6mLO4b3o1Jg
+ y/6DAiewEfwSVDLH8ItS5YuHBUagBCQYIrHfg/BiZIjg/X0aUoLCIU4qcRH84sF41Ysh
+ F0NKjNSgoUgZEkgRhQUKTURh/GCEQ/eaOkotpbqx2qLK8h9KmqWWoTT1h38W7AxvnVTf
+ EN7nbAznkELM2TjU3TJU+MG8fQU0tZWlpk6qW3WwY9ni+RVtnopmT0UbQHP4/o6FlnDn
+ XLf7wOJlpMEdpn3Nc+ctJHlLW3iZp608vNhT7j7QId03onk+ae7wlB9A8yumNRyYH2or
+ 7+0IdVR4WsobD84tW9503bM2Dj9redk/eVYZGWw5edZc6b4Rz2oizXPJs5rIs5rIs+aG
+ 5krPIpOvWFRfdns7SKe7YtEkdzhQH54wdVZD2N3SWB7Bu6CyfAViTyANexwF2E5kYzKR
+ C6HYhwDnSR6dHvuCPY000SWx/6WLYVGPEKCipSXoBHoQPYF6EIf2QDmA5qBu9CZeDHt7
+ NupD53AiygDdy6AImozewrHYO2g+2gn929Fr6DF0ACnhniXICK2bsDe2GvAQlOei9bFn
+ UTIqRD9Hx1ERjLoJ9cf2xg5Cax2ajvah/XD/r7GHOsDoYy/FLiABTYUx10PLO7HJsR6k
+ Q2moDNVC7Xr0KvbS52MLkQUVA3VPoqfRDvQL9BW+G/fFFsY6Ymdin4GoWpAD1cO1Bvfh
+ z+ge5uexJ2N/jkWBEwGUAk9tRlvQczB+D1wnQLVW4JtxO96CH6NC1N1UH3Mva44OAB+C
+ qAquatDKG4ADR9BJ9Ff0Hf6astAaup0+FcuL/R9SoEkwSzKTNtQB131wbYI5HcMczsLj
+ cS1egx/Fj+H3qBRqOtVA3UGtpL6gp9Cz6VX0e8ztTC/7ANvNKaLfxI7FTsd+h8zIiW5E
+ y9FamN1r6Ay6hL7HNIzlwF5cjMvwHLg68RPUEbwDH6Fq8Ql8htqH/wt/jr/GlymWUlJG
+ KpVqp7ZQ+6nXqN/Si+jH6Mfp/6K/YcayFLuDvch5+Y+ic6Mbo7+NFcc+i/0dVKyARFiZ
+ MjQF3YRaYLbL0Ch0F8ziRbh6YNVOolPoTen6HDtQP/o7cAFhHbbhHFwD1xR8A56PF+Gn
+ 8FG4XpVo+ZaChaBklJYyUw6qnppLLaE6qd9RnbSdTqEn0rPoHrjeoM/Rl+nLDMvoGSNT
+ xUxADzBLmO1w7WL2ML3M22wRO5adws5gO9mN7AP0PPYd9hy3ltvE9XJfc38BtTiZX8o/
+ AKvzJsjsL0CWr/4YnAzU56Bb0TxcjueirbAaO3AL6gLpasUbgF/LUCDWRK+lq6gskIZX
+ 0c9AWrejNWgjPRvtiH1A70Pvg6TcAkN2ot1MGXKy22B17kZZIEWDVyiYEgz4fd5kT5Lo
+ BpXvsNusFrPJaNDrtBqVUiGXCTzHMjSFUVqFp7LZHfY1hxmfp7o6neCeFqhouaaiGbay
+ O1x5fZ+wm9zXAk3X9QxBz/kjeobiPUPDPbHGXYJK0tPcFR53+DflHncEz5raAOUHyz2N
+ 7nC/VK6Ryg9LZRWURRFucFdYFpa7w7jZXRGu7FjYVdFcnp6Gj4SAHfL0NKI4QkhBBg6j
+ 8S1rQMGi8aRHRdjmKa8IWz1QhjbaW9HSGq6d2lBRbhfFRqiDqroGeEZ62qIw0InuV7Z6
+ Wu+PhNDcZlJqmd0Qplsaw1QzGUubGjZ7ysPm1RctV9GhUsUD1zSGKW9lS1tXZTjUfD8w
+ l6DNBGt5ALBJ9W4Ylrq3sSGM7x0kgtC4GCgl5MZtgrd5sTss85R5FnYtbgbmorqGXlvI
+ JinfMKpt6LWGrBKSnnbEsrZYhNkfSR+XPo7kxaJlbTz/4z3x+ndPkNyy9uTvIZ9UN8wA
+ TDjgmQB0ht3zpId4gNhCkrQVoq55hcAn+DVimOYioGd8mAKZob1h1juhJdxZP0TGwvI4
+ cc2Ly3tlVptkhMoaoX9zl2Y0rBT013jcXd+AtW729H91fU3LYA3n1XyDSCNZ6GFZCeOW
+ oXIHMZZemPVCi2chWd8OaU0B91gqrqkAnLCG0Bw2gAGvbRDD7kaoAG8ybVIEyWobDmC8
+ qTGCY/dGULnzCPio9E1zoDmNiNqicng+IOlpUJEiQikjzV0JT64ksuLucndNaO1yV7oX
+ gjAxXimHhrauxkzgYH0D8AlNgyeGGu3DxbbGxtEwTiYZB26B7l2NMMLiwREgl6oyB6BT
+ VhoYU9pX2zC1IdxZbg+HyhthFUB8T9Q2hE+A5DY2Qq/sYUqB4jWLLIM05wDN2SnQnhsf
+ BXyXThiisauLjFnf4BHDJ7q67F1kv8XxCEYjK0KDFRFEuhCWR3BnLdwLmUe0S2sgekQg
+ q5HwdBSI9JBEgc/+rzmcP0w33FkA1OZLHC78iThc9GM4PPpHcbh4mNLrOFwCNBcTDo/5
+ 93F47HUcLv3XHA4N0w1EjgNqQxKHy34iDo//MRwu/1Ecrhim9DoOVwLNFYTDVf8+Dldf
+ x+EJ/5rDE4fpBiInAbUTJQ5P/ok4XPNjODzlR3H4hmFKr+NwLdB8A+Hw1H8fh+uu43D9
+ v+bwtGG6gcjpQO00icMzfiIOz/wxHG74URxuHKb0Og7PApobCYdvHOZwyB5G1+rhzhFq
+ F/3kinn2NSwHT4nVoTKqCPUAIOZ2lA1QBlADMAnqPodA2wNl0lYH0AF4MeSFANXQ7oB8
+ DMB6fJpA7DzkG7l9aD2pAyB9O6h9aCPcR55jBrwTygoAI4ADSBg6O1IiDhNfNgNitXhA
+ Dwh4//BwxEK0Q368lP5wEj90+uH2qy0yKMohOlLCmY8aJcBplhYiOT3UGiBGNEGcY4Gy
+ FdmQXaISgWedePX2/89LEHNLv1FoGlqJk3GEmkJ1UydpjrbRF5gpzBm2hOO4Ou57fiK/
+ ku/lzwq1wguyZNlW2cfyVxRKxXzFM8p8ZTeMQUFchqD/cVgpHpXGz+qETHCoAARNBKEz
+ AASHMv1xBDEACMr8x+iotJ4zUo/CKCyakZqVnasVtX6AMmZT5Mof2OPfj48wNZfh3Ack
+ ogeSTnQenuML6XEKLWfNZhtuRVaGbRXntcEZzJRLNQNTKtrKv0ClNf3ZWQW5Rk/PO++c
+ h4MFcj/8qMUSnakhM4/NeBsErhTl0NE0omg5ETnammk5i0pLSkvY+zJS12hO4iaciz34
+ 3e5oRjehhoyTHfuQsbHbUTY6GXJNUNantwXnpa8IrkjntvrwJCFVbkk1qOjvsg15Kghm
+ PCGDNk9zl0qVbc9LZvm8bJVlq79cG4FTyAR5YcZSyhV0r6P9VG5VjqbjpOVs/6V+zTf9
+ kKLS/tJ+XVHmpYEvNP2afq2uCANkZ41fFcrPzLL6kIz1Ob1JPg7RAcTQQpY8gB0eVwDZ
+ vJYAZjAfgCWAJFG0B7DVBwkcm6amYgBNCSmtW7cONeEmhsrLNZlNuTn5eaN8niSOz0vE
+ uTkFcYzneM+ognwxByJGKCdiowF5sOniK8pA5eFNL7y8Q+fVO3ymtnHLu9v6Knxsb+hW
+ bPzoL1VplbfdFf3r3/3Y/Mb9pbd1r3y0A+Onacpd+PDN7SvLVj+z7I1fHllfl+t0Hej8
+ TTQaX5+y2MeMA86E3OhYKLVat8FFFSkr9TP1C/TMaEGp4pFSnqBWr9Dp9Tp1glun55He
+ LDfnySM4KWRT3aVWO3WjExgmz33aqdLyhbalqNCdVCXGufpN/0lgaH/pAHD0wqUhbhbp
+ ioqkhT6F4uwF/lqAwQGLC8soH50IBzJwnOtmHXwAyyyQYBcTQJwdEsEKDCcsBY5qSghL
+ CT+b9Nfx0q8XjSKdX5Cfm8MYDZSYlOwf0K0JTXtm++HOpnszn1xCfTnw9Jic9NpFp7Du
+ crS/J/p/Grxke3HiW3du3VkdktH0S9HlPr0Y/eWvo7869RYRYVQT+4jxsE+BXvKjvaGi
+ O2zYLHgFv7XB+nN0H94g46sEuegX89RqA32az7Oz/jyQxyC1LrFQu9Qsp0rkydnmYFVA
+ YsxA0Z2T6lauzrSA0A3KHBE6wiBJ1EZ5fQ53gglxrM+dkBjAPmNyADn0UCJyhxnapRED
+ 2GvyB5BTBwmROyJiqTguZETK1uEmeFVgMnp8fhAw6io7PElIqynQibpB0TMaTLl01fFe
+ jWfc+m298rFzZizuw8rof78Z/XjcGjx53YNrd7X3PP0g+9R366dnzYr+KXrlxvTAFxd+
+ GX0PZ8PxjuIobv3+k/+8+9bT25/YQM4NMZx9ISYTZCoB1YfyWYWVKlSMVhapJqqmUzOY
+ udRhXn6nqk91SkVTMqxSj0YJjExJqcCKLFULhbIX1NoqjcQm2JQXgSVFqLS0ZKAExAY3
+ ZWc1YSNHwa6APaLT5xeIeUxmxcWGmenOjNPlX27cduVLtvM/xkf7ThzbPu9jvB1v/Z8X
+ Xybr9zkQ1seIkr7MCdnYFJ5OQRwvl4E6Y3Erg6yCrFVceWdcocHjBlUa6DQNaDU9aDUt
+ wOfvwI8Rzw9sGdRvntiH9BLQb3pUFkqScVZugWI1t41iVzJYJmN0lOoRRqb1IptR7uWt
+ BmMETz0oPrAs/pT+KZpvaySVA4svTQ22u5jkG4NzyaIQdaDNpZcUzI/+4fk/H7v5tqez
+ E0/hQ0cXvHLw4qJFK1ctGX+Ufk/SsTHwFGJtMLeEl3ElolgEOwNlAtnaPNEITagNXjvR
+ qA72OjlNS4Bz0hL0SagwJQvLNQq70uHPrdYski3W8EWCTimj7Tl8ssypUTqLU6mMYPHh
+ Yqo4J8Wr0/Cs4PAnmR0R3BXymJ0u3u/MUFDOPEUJX1LiMPDBlD3JtrH2oGNigr/QOmbs
+ K3gbHCIewVvR4IQvSVO+MHASJgyrCroW1IOuSKszFzXBSmf0Z/QTfas1x/dBIL/AmISw
+ 1YvzE0RkSbSLyOQ2iFhMQgWUiGxOs4iNIiSSRrhOwSZL/BuD1TgBg7AYMagDSdUSwRkL
+ uhaO47SEyfAINfYk+X1+kvnyRuUX6LF6+ZSbGreKC3OWzM2ux31jjcp7Vj9YLMr3sH97
+ 7njHCrNXmahNSfM1pZhkBb+987HjR7d1vT0rbcKuzUYHp1Y5MhfgW4Q0S/rs+skp9a8/
+ UV3dPbDNkUTT9yq5Mk+oevHLGx7bqccXiFx2xD5lvOxr4AclomWhjF38bsf7DjpJSEiE
+ ZURmJ8tr5YlOhcLgF2xuW4YmAweR1upy3yceb5KYWlIzcOHCsCABQ7VF2jj3LDoTJzdx
+ Bh/WySEx8mYf1ssSfcAsUBZEb+pztYQVOq2Bkjhg9CQPKwUwTh09xTub3/ju2/Orp+UU
+ 7aLmb9784M+O+KpeY18b+O+aqdH+6KVoNFzsqdm45stX93566J1tcw5IuhJOkOkzzBTJ
+ i9sdytxtxd2WPcI+Cz1R0D5hoGkD57TxKqdBYeftdrPGr8NgirU2p9xvtjrgtRp/UFy+
+ 5uoWKanpLyoi+jEuMVAgOxIMxijYtF6lUe5Dar0GZqlN0PBWwFhEixhTDK0wqXwoQQeJ
+ zML5wDxz4pCaJMISNyCpkkFGJrMnAwQARCUuFblEHKg8DcrlqXOfm3s0y9e+MDFrwyPL
+ 7rH2JP7l2LvfY91ZBzMl/P68e/YseWbHxxvv+N0pnPsFHH+PZmFdC2Pn6X5YVwV4sHeE
+ cgrUVeqZ6t3MXjvrFQxUglODBKeT18spp1nBZugzNEGtzuZS+G3WRNd94vKya6cPC0z8
+ kmvX1mZxyOQIY4sC5uaABFkpH5LbBR9MUFpdmJWOiHfcvzAis8mszdV68si0UN4oXe63
+ j+xYs2PX6g17cVd91pgXny19YenB6Pdff4pv+vL9N3/9yzO/ogpGJU6inN+PfWxeA07/
+ /s94JuiQ6th5xgY6xAFvb7xYGVq1TXjctttFs2oqgTUY1boEoyGkDBmEoA1PUhyiT+PX
+ 6dP2D4QPZedcH3i+NH/pUZzWntZRswVWTE7YbnImF3E8bxKdDl7uNCm8/DbHbsdh2AOM
+ 15TgdbBWuZLXqv0JTj9r8ydn8H6r1ec/K+6KCz/IviT6ZweIU0FsBdGkw3ICalzy4SRp
+ qYSYiqXhdQdmGc7l02p0Gr3GoGE4pTfJnuwDD8jpw4lOmZn3IYVR7QPT5LGJUMVCIlhA
+ rlQaSOL+XFx8wOKmpKasw7c1oduawNgCj01GMe7JFYAAETMlmVuUiyUzzPGY6jtXmK/T
+ XPmafXjbg9OyDAf4G7LrVo2reyP6Z2z5A3YpAhNfvHMPiz1M1c3Tp94y8dnnTjXlVxVv
+ zqh1aMAp5jCFy6K+FZV3H+zC5KMCsLcQz1Fm9l2InmpCqbyTkztpnGAoMqk4ndwK9k2t
+ 0gbNOl6XoHapKfUVg9VivSIuWBsXsYGmopOZhFFDBg8USklp/1nYYjriQZnMRrIvOCOx
+ gHDl5ea97Cnt0yabHVZFnbu3r/exx9iyUbMpaieFp7+06Uor/eSmPUAXjcZEi+kvQVZc
+ KB3iy8OhmnzDBGGCrEFolG1Q7rXvce7170o9YleEBNqUFFSflCeBSWG4oNMq1znlCRl8
+ RgbroDNMGelB1palVPtVY31+hzUz65oNcqm/iEjAwIVvYPWHbEpp3HWPq8E0T8CWqNAm
+ ezU+T6LPhwI2SLQKtYgS1EqV15nkw357EPSEUidKqwtO1FU3CnwoWNW8XG3cNPvjXntB
+ vmQtkrWgHhC4V4NaA0wMpu6ck5u3q2RZ9M0Xv1IfVvnH3PN2yEfnd695KXoZ80dx+c67
+ Xq30brnztRvSou8wZWM94++7kvNWx/knnq/2lzwy45O62r9hJ1bhjOiOE703bX/5eM+8
+ 9VS6tM7rgalEp5jAr0qDXSOYebPgZ/z6FfwKQdCrKL0RIa2T441KuSoot1mwMYhMVrMF
+ vrY4KM6N6xSyvIPmApYZrEURJl6nZAwkl5kYRo92FPEaOSit7wvlzrz7T/XpRxKz71t2
+ qA+U/8dTxaLnGp8amEo911HQsP3cwBtEDil4E4tw8WBMmh9y8BcZEE6OlnwskNsgTxMv
+ a99VSk4OlJwcFjspegSLJPlZ6w/Dj0m5fI49LvnfsfPRWlwoja0lcW09hK9E9GfAdymY
+ xLUk3oVcdgbeRKuhgzbzKEggkuJbDEKLx2JwpsgqgpH348K+vuizq7L7fKVhldPF9J/5
+ bhTjmc0culywYvRcitwIg2+EZIz0zGAIODsY+1JBiFgZ9pppXHUWiaOo9Wzs64uHrTAG
+ 8ITzMlXIh+4NFfMCr+YSzIJZbU7wC35Qa9XWGYoFCqXHK7c5PVY5xZi9otPsVHE8xDsO
+ L62XB2ADa4PwcQbutQXJNykh0PsZXhBYqz8QwaprF/aC5lL/paFg3FwCbnNNPwQVZimI
+ HVpl4+Aqm4e8IFjswbW+ZtV7Q6Mab+uckpZc8mzbB1NSjt1cs/jxw7bgsvm7+5jM7huS
+ x5QmV86of3LapoEC6subazftGthMHVuSM+mpt4k0SLJA98PeJ2c5c0LZh7nTHMVwBs5v
+ 6ODaedagpAwWDXg3iLMo5DbeZkPKoMzmwBmWoBVZ7eBiXieycTUf3+Ewr/6rYovBizFe
+ MxUit6B31RhkF6/fP3nfwgu1aYedWWtDwYmF6fY+vBvon1P39MxnifzOLWlVmcrybls0
+ 8DYQCxJTDOcMIvguSjiJsqKHQ7ndwlbN46bnmT3CLs1eU0R4Q3ifuaj+k0E5WuCcFl7p
+ 1CmsvNVqpPwJNrvMb7Ta7BEsAw9m0ELFnfxh3SSZojQ4kvMp9DKwJlrKh3kzlFgVlOQG
+ pQ/kGRLBBA4LrYZEiutIQhyVZF3e4M4EL0UHgRxEtyjupPz+3qzJR5/fuvU5+CjjSvRv
+ n0SvYN0fuXacsGvrnEev9O6/QJ+PfgUu20D0JZx6BRzjEPFTOqLTGS9MXY2SUHsoba+w
+ 20wFBLdDq+acRj6BUzsdiiQ15bfYkuXgfYrBpASrJ/mfep+Si6IFCyzN0WGyI9bmY3zI
+ DhNjTZBgq9qHaLM0J2laxAclHmd8zYwG8Dkh9JHkE16Uk60KbrnWQ72+21t59FiFF9Jo
+ Rk9+6MafHYoebt++qi6ruG/Ve+92zj5wrHX7nTN30Qc2TQiUQIg6EH126015iRMGPhnc
+ x9QjsAe16IaQz0/7VAV0FcOoBQ2llmllSr9AxFArF2x6TPwwZNXpI7gCNlbcRBIPe4oG
+ jrdKa0pPDpwkXkb8UIjoTEn0hm0k7P39xp03sxanxq7Z8AhslSP5T1D0qzTVs3ygm+yL
+ stj79CFmEtjDTJwReqhQ1s1u1T1u6DZ2p3CBZK8/X6wUq5Kr/DOSZ/rnJy/wrVKuUq1S
+ d3jak9u97b5diXvS9DS4J2w6k6GHqNJudliM6YaMQIJikeDz5nspb5JKzqTqLa87nHqe
+ cWZsT1Vk8jK1huJRpphpc1lMFr95bMDH+wO2bLXLrxmL/BnWrOzeYZ8KVEjcphZpoESm
+ W5QJKWw54liRiI2olNukVZ6M0ymf0WvziWqXiGTwORqm0yDmg/haxE4d1NkNFhG7E5JE
+ JCapVYJfLmKfVybH6RCMc0FIErUOEVtNkEiulWR8pUQSkSHBhzOz4UMevy+TuFMQqpEw
+ jo+fcIDfbja5MPHADHEd/7XgLd/T2j3Gf/tDG8e1f3TkrzePp/axvrGPz19UEZhyx2tl
+ iz789OvTPD6Ma2dlzZx5Y0UyeKNJKRPWdb+yadbCMTlVU0KVKVa9MzOt4tGHznz4DPUd
+ 6HNz7GtKxs4C7VD3sipDfkKNI7g05GVMRWaaU8u1NlDX8GVOEBnVxgTaRVP0FZPVagN/
+ azCiGeFvZRIlPVDSrxm4IBkP4mWRfTAUl/ryiMu159D+/T5jtirR4BrvXztr82Z2VvR3
+ WwYqCvUKTG2SCesWUKe2gM2iUGfsc/pT2M/kJH1OaHTE8IaBkukFg1VvNQS4O+j3wW1A
+ rFqOOJWcBd1l4S0WCJMy5EGlwmbDQULsu0MWuoYoLyL+w75VaQkRCOIuwCFtnFBwekhg
+ USD5urAqWi8utGXd80q5t28f5Rm1YMvF+nTcw2QOFNWNat4z6z8o9eV3nhqTMu3xuo3U
+ BzayPxWgeD9jMiHPI5YdLDgx8TQAByADS06RNxHw4KPwVmKoJAyWsrL1uXZslmEP/OHE
+ P3373UfRbXjVF9Fvo9ELeBWTGb0Pr2IHLg98hB+J3kp5iW2nkDE6QfJNiZb/VejWLuMG
+ y24LzXNmrlBXrWvQLeDvoO/gHzB0o21st3GbaZt5D9pj0lSjScYq85tGppx9naXuY3eh
+ XXg3u8fMJgdYi9FsAn/HqFQkOAU1MQomOzldQrjHbLT0KB8ygW04G3e8rXBqfsEyUFQE
+ f1bJBbLETUTNQFEOnIeXlpSUED0DHy6GdEZ4NWJaojObLSzGS3QIWeD4VLPmpJQJkOMm
+ 2I23kQM/nMvRFE9JG0A6Us4vGIsL4DidpsXTvnvmlj3Z+aQvmJiZosnJ1LBj1dH2t7AL
+ M5kLopujX70Und/HCTtVnGgRHk1mplzppu8mNhHiC3qlFF/YwZdvCeXbL1rR1TjDCYGG
+ SysXYa72xKDF9Q/hhlt8V1wwGNEOi/+5q2dscPJP9gAJOkr78Q/HHd68XCMPovYP8Qel
+ 74PfP0YhrrfeOn35nLTeZNURnJHBQdg/+bmhjryJMklW34acELGUoXJUgSqlb/0mwOet
+ 5Iu+GnSD9M1hHXxHOB3NQDNRA3yXNxudkMbEMAKWShy82UIVNXVl1VNTq9tu6WhrXzSv
+ BVriraTLBoBHAXYCkG/HTwKcBbgAcAk6MgAGgGSAUQDlANMAWgHaAdYDPAqwE6AP4CTA
+ WYALAJdAwBkAA0AywCiAcoBpAK0A7bHBHzwLDZcx2KTr8cwReO4IPG8Enj8CLxiBjx6B
+ TxyB3zQCJxy7lr65I/B5I3CY23X9pbW+Zn7zR7QvGIEvHIEvGoEvHoGT96bX0if9L8E1
+ z7t1RPvSEfiyEfjyEfjtI/D2EfiKEfjKEfiq6/HLkvT9P9FPsCsKZW5kc3RyZWFtCmVu
+ ZG9iago2OSAwIG9iago4MTI3CmVuZG9iago3MCAwIG9iago8PCAvVHlwZSAvRm9udERl
+ c2NyaXB0b3IgL0FzY2VudCA3NzAgL0NhcEhlaWdodCA3MTcgL0Rlc2NlbnQgLTIzMCAv
+ RmxhZ3MgMzIKL0ZvbnRCQm94IFstOTUxIC00ODEgMTQ0NSAxMTIyXSAvRm9udE5hbWUg
+ L0VNUkJIUStIZWx2ZXRpY2EgL0l0YWxpY0FuZ2xlIDAKL1N0ZW1WIDAgL01heFdpZHRo
+ IDE1MDAgL1hIZWlnaHQgNTQwIC9Gb250RmlsZTIgNjggMCBSID4+CmVuZG9iago3MSAw
+ IG9iagpbIDI3OCAyNzggMCAwIDAgNTU2IDAgNTU2IDU1NiA1NTYgMCAwIDI3OCAwIDAg
+ MCAwIDAgMCAwIDAgMCAwIDAgMCAwIDAgMCA1MDAKMCAwIDAgMCAwIDAgMCAwIDAgMCAw
+ IDAgMCAwIDAgMCAwIDAgMCAwIDU1NiAwIDU1NiA1NTYgNTAwIDU1NiA1NTYgMjc4IDU1
+ Ngo1NTYgMjIyIDIyMiAwIDIyMiA4MzMgNTU2IDU1NiA1NTYgMCAzMzMgNTAwIDI3OCA1
+ NTYgMCAwIDUwMCA1MDAgMCAwIDAgMCAwCjAgMCAwIDAgMCAwIDAgMCAwIDAgMCAwIDAg
+ MCAwIDAgMCAwIDAgMCAwIDAgMCAwIDAgMCAwIDAgMCAwIDAgMCAwIDAgMCAwIDAKMCAw
+ IDAgMCAwIDAgMCAwIDAgMCAwIDAgMCAwIDAgMCAwIDAgMCAwIDAgMCAwIDAgMCAwIDAg
+ MCAwIDAgMCAwIDAgMCAwIDAgMAowIDAgMCAwIDAgMCAwIDAgMCAwIDAgMCAwIDAgMCAw
+ IDAgMCAwIDAgMCA1MDAgXQplbmRvYmoKMzIgMCBvYmoKPDwgL1R5cGUgL0ZvbnQgL1N1
+ YnR5cGUgL1RydWVUeXBlIC9CYXNlRm9udCAvRU1SQkhRK0hlbHZldGljYSAvRm9udERl
+ c2NyaXB0b3IKNzAgMCBSIC9XaWR0aHMgNzEgMCBSIC9GaXJzdENoYXIgNDYgL0xhc3RD
+ aGFyIDIyMiAvRW5jb2RpbmcgL01hY1JvbWFuRW5jb2RpbmcKPj4KZW5kb2JqCjcyIDAg
+ b2JqCjw8IC9MZW5ndGggNzMgMCBSIC9MZW5ndGgxIDExOTQwIC9GaWx0ZXIgL0ZsYXRl
+ RGVjb2RlID4+CnN0cmVhbQp4Ad16e3hURbZvVe1n736k36+k093pTjrvEEIeTQJpQhIC
+ SSAEgklMNAHCBCQaGESQwYmAAsEH6iAPmaMoKuKoTfBgIyOHw+BRQe5FZcYXo+MZfGKG
+ mTlRBqF331W7Q4Rcv/n8vus3f9y9e+167qpVv1q1atXavWzprV1Ii/oQgxpaO3sXIOXK
+ 7kWIjJvX0wkhvUyVCOHN85Yv8yhJxKUjxNy9oPdnPfG0GEZI8v9s8crh9y16hKxnurs6
+ 58fL0WUIi7ohI57G4yD0d/csWxFPG09D2Lv4lnnD5WaaHt/TuWK4f3QG0p6bO3u64vWz
+ ayBM773l58vi6ayvIWzrXdo1XB83A3//G2HITUKLkAotRiIiSA93G0LCF5IfsVBKy4Em
+ 5TQ9dmNC2TfIICrNPR7I7aOR//L+9uKFM5cD6jtU1VBPpdSnBfAOnyFnIKTBUP6h+o6R
+ ElpKr6QIasyKoBqgiUDjgDKz9omhl/FmZG4fCqmwm0Vq93uOvxzGuYD/Z8ozjHNDGi1S
+ zVtb5p63dm1NxiQVrkXFLEZuXIX8Slg54H/WHcETB/w+CCbEAzJQ7IIUCqmK/e5o8Vz3
+ 5eKIiEOJ7n/4H3JfAPrWX+7+xp/vfgvqnSqe4j45CcoH3CcyIwSC4/4Ii0MJ7tf9d7r/
+ vTjD/WJxqXsgAHkD7n2TIDjg3l18p/uJdUrO45lKsMsfwTsG3I/R4ID7UWj/4bVKwZb4
+ i2viQe86paNb9ivBzfsj5NkD7h5/mnsuvIhDane7f7G7zR90z54UwakD7nr62gF3XeCk
+ u5Z2PeAOxTsqirde6Fc4HhvvNtt/yJ0e7yGF1g6Z3B5/ndsF7Wc/9rA723+De1JmBO95
+ qSY9018TeLgogoeUPmgAjNLg5ngwL/AKfhpNQRm4FaXi7ftrMoBnvHnAvRaCHftr0otT
+ I8wXIaN7f6AmsA6oCCgVqCmCZ4eyha3CfKFJKBCyhAwhTfAKyUKiYBaNol7UiRpREkWR
+ F1mRiEg0R2J/CmVRKTLzsE4w4ln6ZJW4ntA4POCJCBYJmoYiPLrLurzcXm6caAhWV/7A
+ o0PJ7KjM+v6yfx/NsmNX+OHaWc3hva6W8Fgaiblarir/f4l2VcDbtY0r9zeuPDenqstX
+ 1eGr6gLqCG9a3m0P9831ePadW0kLPGEmrWPuvG4adnaFV/q6KsPnfJWefY3Ke6OK59Di
+ Rl/lPjSnanbzvjmhrsqBxlBjla+zsmV/Q1XN9Gv62jjSV03VD/RVRRuroX01KO+N6ms6
+ LW6gfU2nfU2nfTWEGpS+srKqFs6qQNwRZOCOohxuK3KxFciFUOwDoA9pKM+KnedOISkW
+ jQ0yoNlwCqWPL2EzegEJ6CV0B2ibt9FerEI+NIjHovexC2ei95CMPkT/jZxoE3oMnlXo
+ C/wtaJkvcTrUKUJr0L+hR2O9qBeVw/0F5pAFlaAvY6tir8cuogrUj45hAZuwK3YQ5aH1
+ cO9AO7GGzI3tQ3ZUh24Drb4GvYE+iA3EvoL2i9Cn2IDz2NLYH0HAOMgJoo1oL3oJe7EP
+ Z+LrY59Cvh14bEN7Y/Wx5fDeeaiVh6ajVdDbJ9iN03AW3oE/YgZjfbH7YGxJUNaE5sHd
+ g+5E29BO9JxSay6bxFmg/UpUC2X3oTfRF+jvoHAzcAVeQX7PfMX8lS1ld8SOAR9N0F8H
+ ehQzgIofN+H5uBc/h1/Ev8PfkmLSyQSZ37O97C7grQltQLvQK+g19A76IzqHBtF3KIpZ
+ 4GkinoFX4V/De/9NCkg7WU3uIR+Q80w+8xErsJu4u7hDMTb2+9h3wHMyykSlsNJnombU
+ BfcCdDO6Ff0SrcMC2or2od8Btx+jj7GE9TgP5+MpeDa+Ht+EV6IH8G78Mj6Dz+LP8JfA
+ nYm4iY/kkeXQ3xqykTxHBshBMsgYmGXMauYI8xHzLWth29kjcH/M5XDL+CS+Vpgp/0r+
+ OJYT2xzbAfNihduPMlAOmohZQLEHrYOZ3AiY7US70bPoeTSABmKXcBAdQ28BX5+g8+gC
+ zFgS3F48FpfgBjwTOFyMe/Av8TbgcC8+AFwewofQu/hdfAluGTmIiuSQ60knWQn3DrSN
+ vKPgo2G8TDqTw9Qys2J/Y55j9jF/Z1PZVnYJu4rtZ7exj3JJ3ATuOq6V6+W2cAe4E9wf
+ uPPcEO/i1/O7+Rf5dwRRGCdsE2ScArx4cCp6ER0GqXuY6YW0H03G62BW56A3QXoH0avo
+ ErqIjqCnsQvJDJ3NtNguFIltgNl8Bf078wtUhh4gD5FpsXJmD6PCY2MXoK0xMF9XbhTK
+ zEgPpKX6fSlejzvZlZTodNhtVovZZDToE3RajVpSiQLPsQzBKLvKV93hCad1hNk0X01N
+ Dk37OiGj86qMjrAHsqqvrRP20Pc6oeiamiGouWBUzVC8ZmikJtZ7ylBZTranyucJn6z0
+ eSK4dWYzxO+t9LV4woNKvF6Jb1biWoh7vfCCp8reXekJ4w5PVbh6eXd/VUdlTjY+GILN
+ QMrJRgcRCiE1bTiMJneuBuWKJtMaVWGnr7Iq7PBBHMqY1KrO+eGGmc1VlYleb0tOdhhP
+ nuebG0a+inBC1vDr9D1QgqmNzdB3TvbCMPCPNmnm++ZvioTQ3A4a62xrDjOdLWHSQfsw
+ ZIVtvsqw7fZP7d8nr8Sq7rmqMExSqzu7+qvDoY5NADpNdtBU5z2Qqp3lgWbJXS3NYXwX
+ MEeZUHiPjyK+TaR2LPKEVb4KX3f/og7AHDU0DzhDzipfR2VLGDU2DzhCDiWRk33Qfkep
+ F0A5mDMpZxINS732O+Lh52vj+W8foaH9jmN/grC2cQQXTPv2TQU2w5550AlgAbyW0EdX
+ CeqfVwLwwdWCYZQLgZ/JYQKixKSGudSpneG+WcNsdHZXDjO3qHJA5XAq+1JFC9Tv6NeP
+ hwmE+nqfp/8bBDPrG/z62pzO4Rw+Vf8NooV0/kdEKIw7r8SX0/0zFbakbruvm07fcmWq
+ Ie2zV12VAWm6b+WAwZldG0GqhuZ9GN/XEsGxuyKo0nUQNhjmxhugOIsK3MJK6A4S2dmQ
+ kemFGHBQDR1VU8nw9Hv6p87v91R7ukGk2FQlhIKu/pY8AGxWM8CCZjd7w6GWxJFoV0vL
+ eGgnl7YDr0D1/hZoYdFwCxAqWXlRqJSXXQujSmtontkc7qtMDIcqWwB0EOIjDc3hIyC/
+ LS1Qa8wIp8Dx6oX2YZ7zgecxmVA+Nt4KmDV90ERLfz9tc1azzxs+0t+f2E9XXTwNFvLo
+ jNBwRgTRKhThCO5rgHch8HkTFci9Pi+w1UIxLQABviJAYNb/c4QLR/iGN4uA20IF4eKf
+ COGSH4Nw8EchPH6E02sQLgWex1OEy/51CE+4BuGJ/xzh8hG+gckQcFuuIDzpJ0K44scg
+ PPlHIVw5wuk1CFcBz5UU4ep/HcJTrkG45p8jPHWEb2ByGnA7VUG49idCuO7HIFz/oxCe
+ PsLpNQjPAJ6nU4Qb/nUIz7wG4cZ/jvCsEb6BydnA7SwF4aafCOE5Pwbh634Uws0jnF6D
+ cAvw3EwRbh1BOJQYRlfr4b5Rahf95Ir5+qsg515DO9ifw/E5iPpIMLaZ7EVfQN44oF3c
+ HPQEhE9A2AR1Stk/o1UQTgHKg/h6eGcjkApok+BCfZBXAbSacaE1UKcC2rLQNMSdQDSe
+ BPZZ3JcEDiHE4zWQ9qHf0gP8D1wEPG0/dIEP4KqLuyp+JcpficAZBoE/SzWS/r8jElID
+ Lwg8S/TSoQTwfCFkQEZ4mpAZnhY4d9jgtEcvB5zy/n+5EpWBjMNl+AY4qb5O5pDjjJ7p
+ Yz3sMTjL9PPJfDe/k/+TgIQ9giy2iU+pslXLVcelRWqivhneJXCKRnDmOQrzJKCJIS/H
+ u+AswQouBkkc62IY4lTxggsjh6ja611cBo6W6UNl9dGy6fpvy+r10TJUXhYto5Q/psDg
+ NQSAdrBPRC6f5I5+NzHCNl56nrJI6INdAv4EBrx7j4W+lrRigqRX2SS72qFyBlVBzTTV
+ NE0zatW26pvNLfYWx0L7QsfKhK3m7cm/kZ5T70l4Wv+4/XHHIemQ+mDCAfsBxxu6D9B7
+ Ce85v9J+lfC5+fOkiwkXkrJUWKVWmezYprebMnRp9ozk6xxbzE+ZNf2430mMFqvVwApu
+ t4hYi0OHBaNDRwRjkpphLUlqjrW4JF4wuuBQZXBJGtGQpNaKBodOLxrsCSbBaE8wsxZ7
+ gs1ttSc43VaHLtFtTVInu60uyWoxigLLG9wqnktmXVoM68WhIUwiq05KiuAnQzqjyyXp
+ TWYba09IsNtplsXocOhcSQ57gk4tiQa3TmKhzwh+6iXg6aAVeIJ4yAqd3OVIcjF2yWuz
+ OQ3/4XZ7fjbFnqUv00fBu1P5WT0qt5UNlcEMlOnjQXkZNhhtwfW5Wav1rwq2svW5dhqz
+ lemVn1KYMOpary8ro5Q/Bi9d0o5NPsZbYPIVF5gKGIUEH1MA5IMCIDJv5lPT5Z4TM97M
+ ebPntZ6nFr226I2cN2ZC6qbXbtoNOSdICfbLZ7B/D35I7qG0Rz6zR+7FmylRDdIHjxfA
+ L8SgtJAJpzMSB6PDvcjBcr3eX8blrD4+QlReP5g/xuQ1ePtwnvwWzpT/QMUJx6AhEuHO
+ QxstoTFBHCS3oeV4Pd5K9qCXyGvkXXwBqzEh7UYGtBABlwtiCCNhJ8dALy/jHuTFGfv+
+ CiLtmH5W/60dRLm8rB7gCQ5jB2C04wJwF50YjP7uHHf+OwPtl4B3BxEba1PWTMEAMB/B
+ lpCFSxckFQyCw70sXS693juvWi50quhAvh0eCqwT7xfKcGBIrE3+gzwBhsUg8Khxe2A9
+ EkS12pnQTd0EB7h0qYQvVtXw3dIKaQO7gd/BbGG38XuZJ9k9fARHpNfx69J7zHuSBQs8
+ T5CoUsFDwgJHzJKUaoSkmeNSjVAmiJnU1yqpwWnAqySGE9VaYFotsTwXweYBFUMgOCA5
+ NF23LrVnLZ+uH7LXR4NB+BmCDkXi7HlU5OrLy8oAqTwQPE4RtVo41rBHEsPssZa4xNEM
+ BjKYYy0UUworSJgQl7J21I69anDqeMEp48UkDy+PPIvbiCQP3Bj9ZIF8mLwMPpxKPPO7
+ iRQlQASDNwyBV+Yo4PKb0M9OEdzMr2T6AYuLPOdgTnHEzhSzRVwNM4WdwrUwmxiR43hR
+ FFSEIekMU2dkWXCXkHRRJQAUUCSA54RT8SqRI6zEMphIAi/yTi1RpSKHRrvd2wgIgL4D
+ deeYrv+MCghISBmsLWUNcUJ9bpa4urZxxe36YwIHq0zPDqf0Ypl4DMRnydJ2tBQkF3tV
+ MFTB4N2F80gQ3xfdTVbJy+TgQ3Rk0V3kxuiuy78m67bKJipfT8A41TBOEXaviaGkrXgr
+ TzSZLKtjMhOIThSLTU4Lo03VOcygIlz7vY1zrrAJWrl+EJWXDxqDeSBouB2l+UDQxhYV
+ IpZGIMpamA9W9sjg3+xZifPlf3wjvyb/L7LmIyyyHXPl6Yt+Lkffi/6FO3r2vCLrlJcl
+ wIsEXqnmUKbHl2i3cAFTWiYGt1ZmBgm4RJcnxcTbUvhiW+J1emc2CqSmO7KyIzh5NGdn
+ j0WPgSQYgkG61CiP0aDBFgQ+ga/iosJxgTRfkdWWjC1mXkgGV5rZZrVZvGmBtDyci+P8
+ 41O4vXtcW8vY+R8+PX5MyaLbFzSJmmz5OR2vgaU+b4N8VH6HvMMelZfZM39xd64zWl1Z
+ suG6hScyM7Y+Mq/LH0xMzU+eOGnjvTdED8OowMsa+4DTgQ7JBc/vE6FFYgJ8zUhzqB0J
+ Nq8tbYGmS7sw5dMcdYY+w5LuTAuMt5Q4D1qOW85Y3s4+ZzpnvWj6znoxJ0GHDOoUuzvV
+ Jqam6NSsPfd0lv100qQ8M8NOylLl2R/OM9hmiA+nO/PdRYbrUFGuY0y+gs9zwzM3ODSo
+ TN2QITgIq2uwvGxwUD8I2FBtRBcPkDKd7dhqsxYMg5WHAZrCcQgm1UZR8qXwFoDMTetY
+ zMjrQYUYr9Jl1B7oqbwzFNq487PmLdiDbV/iqaL8nri45qbb7qvOeUh+ummdfEL+TP6T
+ fIDMxK91jb3enrt6anog2TduwoL3/wvzF87dVZLaMWdGwOmbkD65+9Xj8jdY+IxNB31V
+ GvuILWFvBKsriMaj+0MzSklh0Uq8EbPvJeO0//ks83OfTsuBB97kzAI/JpuWm5abSTPY
+ RHVKojV7vFvIlNTZY9XjTfWoPnd8YebENGeZsz4xR6wvdJSW/RY7kBfV4OdRXMaHkTpr
+ CJ789FMFKjA+TgI+NqpglHVJ41nDaOlwAuYFgAVAKyoOFFEpA5wEXvBC3DsWgDKYQeJA
+ zHJxAGr6UgDR4qJiE/kosXhMqDVQMXN82yPMczNSJrS3dmUmS/KgasoSbNq/aRNhkpLk
+ 41qJKa1vW/ar/3yk6cleYjRYVBq9LdA4ddLi+89LCc7iyQVjU8vvb9s8ZcqrsmbctJJ0
+ baZ3fGoop/CZR95ozbfg0/E9ZVXsz+xO7gjYrB5UEUpVedQ6owY5/EZBLXn8nNqyjjhT
+ XG7JrQ2oHd6Ubd6G6cOLfujs8KofhHVfboiLCjJazMSXEkgLWOiyh7EWGOMLDMZO0WCe
+ +Z+/vru+MT8of4mTiibV35Z6e3Jw+yPjk3/xS7ZVPv6NLA8UeRo2ckeiQ3XpYy8vG3hg
+ Wd3me2tvuycS53dK7AN2HMy7C74w3Byq2m7dYyXrk/BUS7Ox27hCWmmMWF4zvW4R7YRn
+ XW+z/mSnYNVJGv1LGr9ZnawvSnCjomSby+kRi2wOt2e9t2Z4PMpCMASjQ8pCGARlEaSr
+ gYZ0TpfAvqGIOh0GXQpFxV6YNq+HFOpRASwEzOhF75iuzYVJSQX3zp+twj5p9t3yRfni
+ P7DxbycxZ5cTyaEJ+RX3192xYuqGxXPWLDuESy5iBy6JfIl3w+AYlBc7w46HsfEgeSno
+ 2dDUanG9eSveDnskVnG8nnPWctX6qZ678V0J690SY2VsJqvJViPWWetsU51t1jZbq/MM
+ /pD90vW554JHPw1X6zdwa/UsbK1bQgUzdDfqbtExOl0i70/xCjZjdqLaypAUpsi2KiW5
+ Q9OnIRqnn7h1W5IdPv+2EWSidKLb6w3Bs4N5oA9ATZwEZECLtkfzxyCw2pa0I5Br0JSg
+ ROEWvMO6QkHIl4IMelSK8akeHT4krLp+wwdTQiY1iVr5ztJZzcXJNuxTt95z+ZR8FLs/
+ NTPLfrFoya3nFtzc2Vd77+6KjLGJYzrnP4o1oIgT4fM9XBi+3CD2Bu4VOFmVh1I5EiDN
+ um4da7YZkcZvE/SCJBZxTodJHzA47I7D3oaqUdsU7AEgr8pKVbQ+CCrdAkCL0Z3KMBEX
+ MJOfLMwxy39MDvQsuVU+i5MmPtHK3lBdM+HOB6N9ZGtzUd3We6ID3CvRCzfWxuVyIzC2
+ lzsBsyig0lBKHarDbagNPpvtA5XDxy00xAewABbawBWWlANN3EIrV4xNapwYwDYB2it/
+ jL1xYuETpHzbpcN0j1bJNfgFpR8TKqX/f3gZjp8saoL/Pmj1sEZOxUN8JoKk4bjlDIog
+ fV4EmfJeBv4QVB6Tr/SRjEGOC2HIZqp/AvgF+c/YJbfazWJmFnatOawtSKN9X5xPcEYp
+ +9yl6U/+G5zSlDnYBOOl9iKDUkMmgrBiR6MABgt3ZHgjdnR5/pgMDGPaQ9uHl+J2OL+T
+ bYUvckcn1aNiGBl8ooenFSgVaCGcphfBiXklhLdDuBHCfgi3Q7gdwmeADgJ9DlaZDup7
+ 4esenPEADD+0aVeeqTAXbmjVBdpNBEsiDyTGBu/w8JVWhRPgDQOqR2aIJYP2c6EAhA66
+ I2MftNcA34qHBeeYfmgwOHTlVADGGNjr8X0yru6RIvcWZliOQEVcEal41GuhihCUvo2G
+ 3P33BHP1EpHPmNMWLM+xyZ+Y/Qtvz7TBZFsK82atW10/0VMyq3kx21pSHZxVvCg6kxyY
+ mF43d9zU6G1kY2f2jBk5LdFeNvRokz9UXNDQkZMDI68AvbiT7QI0qL+hPpRuY7Co2aDZ
+ oGdsWnvCAi3D+e1mQe3Xqe12kRTZnE6xyOBwOCN4+f6RpR63BgzBYVsARrcULV3ij29e
+ iv72K9s77P0eZMHk3N13r169fv1qkit/LX8O99fYDCrNgc3Rd94Y2L17377duwcWyM/i
+ pr9+jVvlp74mIZir1fIsdgfMvRZQnxbKsJlEKclJ/B7ByUt+k9qhE7V2bZHemcK7E932
+ gOMH9x1FE8FCLgcVbYA9GFSRssEOa+dCI1U7yk5EF7UyAcyyn98JO01XWeNtq11YJUff
+ XDMnL0f+DBtyx924ljx69KHpKw7X50S2kyBYJefBLnl7kr8q+jp3fteUjKlxuQe/E7nE
+ toGFPO0gYvCU/SRBC0ehKSGHSdDyGslDxpAQYSxwtiE6dUCj2Mrz93sbFlyRpdPx43M7
+ mMuU99NgL4P8GEB90i1yhFnyR7UpMVP7m1Iv2Mz6ivyGPrYNY/kMQ3rL10YvsBWHe9In
+ U54IzP2H8D25E2WhbHRHaIZKz6c5tIyK9arVtdJU9RRvpacm411GdKV4NBJrzWKtzuxs
+ o8Bmp6uzsxMsksdlrU8RLDlCfaozV4Nc9Qk5qD7LkZN71e44BAp/xFSETRHgjwtJ9KT+
+ pGJM39B+AxxbFdWv7PipipEIYn+NkUg3CDCzfZ40sBHnqZIL7589Lz1djh2sqxt8902M
+ TfKfeUfekvYZmZmxvU2z/3ZZjn0DH9fb6jzBsWPHOBwTcqsq+7a+/8TrxZ7x4wP5VltJ
+ +szGVY+ffH8PPWxjZIl9RVZw3aBHph3QZye4NdmGl/ESxOK2kFVAbTzm7TA1CfwQqwqg
+ B2GewCei2+/toNNzuuxsFFwadH7+Au4NOGEOlkeHzoIPoJD6mAosPkPcnrMIPBjABss2
+ 7Ny3L+U6rUu3/vi0MUzPCTxGPnUiemSyF+PfwzEtfwF5lMp77Au2CfZ16gGsC+VKVqc1
+ 01pinSN0CbxTkBBv1WklDuwTp1YKOO1qZxIusjsSk77fuui6NAbro6cVzKllAioV0AYb
+ EkwRMC6p2BSCZ0kHUkRZS8W7rIGlDxbB3xfkc6zHOnn17L/PzsNfsxXRW9rzZi0PLSQz
+ Lx3ewY01lWU/33GIPOAC7MA/yTaw8PkbM6GtIqgRIrAm1ikxAeJn0/hMqYgNSlXsVKmJ
+ bZG2sNulx9gXpBfZl4RD0jH2uPQ2+6H0KXuBtbGMneWYgJEQzHJ2OOsGjGAqSSq7pFYF
+ jIIoSmq7pFIHjNAnZgWJRTwHXgG1CpS0SuB4NYMliSU8/C+L+gjEZ+BU3KXRPhOfpWHX
+ QNwnUJ9nP6Y/BvIIRjg94NETnnJYVk7L+vX0nDyz+fYW/at2Pbc+a7V4dWqkjFuvt39f
+ E9Zj+xLcXgBH50TlAK3GTrxM3onbDwzgWfIOiP/6t6+QdGKXj+Gy6GD0HTxFPgjzbJGn
+ AH43Kr7f90O9AWmOtEDaIu2W3pF4TsI8nyQYtDmCRztByNfWCu1Cs7pbfZuwUqu1JRRp
+ 16s2qLepI2rebNaIWuLRaAJGtRo8g8QtigHwpdCoVrJoACdeUCE3yTa59QlmwQoY6bRq
+ TQRr9kOBBGFIY3pQdHRZrCOYDdWftV8GfCgNu1NAAdWfjZ6FzUzxqMCKxuBQ4VbrqWfh
+ 1YJhZwqN09NgHhW4JWDuwTGvqHgiDijoYBK3HPb5M+ucjiwW3GwT/vIJeE76F9/xSlpu
+ Ll7zFiGS0bBYwy69fIbxXzolH9+CGR6c4wz16bPXcW9BTICdYFFoUh2pY+p1baSNadfx
+ arfOL7k9mNkH1Xizoy3RyFsFKQVGy7lxQEDmfslqCNjcSQ/SHQJGOmznDcEqPn32ozKw
+ W4cdlYqjmJ5SYLh0dqnxQ88noHctVO/yNgtd3F6Dr7CAnsIKmFJsowcU+awcLXKZ0xIn
+ J5NDh+Szj+6srzrNnZAv91/6HfcWS77AeNoM8xuXH2BueaP6+aaGuD6mTxSj/3r6oYt+
+ yeCVrwQusFJyUQEqBHukEqyNalQD/+SqA5tkBlgfjWgW/BdrDroO/kF1Pfx764jSGAZb
+ BisxHr4uoOqpU2c3zcmq6Vq8vGvZwnmdORW3LJ5P9eCVawVE1gH9CoieMl4EOgZEj39n
+ gYagMgtkBvIDjQOqBJoNNB9oGdA6oF8B7QZ6EegY0Gmgs0BDsAGxQGYgf2z4gnbRSBzD
+ d5pr04oZf1V53qjy8aPSk0alFZP7qvcV2K9KN46qP2tUunNUeu6o9LxRaWUer2q/e1T5
+ wlHpRaPSi0ellf9zX9XeLaPKe0ell45Kw1e3a/BdNip966g0lYGr52PltelLirT8H8J9
+ DbMKZW5kc3RyZWFtCmVuZG9iago3MyAwIG9iago3NzM3CmVuZG9iago3NCAwIG9iago8
+ PCAvVHlwZSAvRm9udERlc2NyaXB0b3IgL0FzY2VudCA3NzAgL0NhcEhlaWdodCA3MjAg
+ L0Rlc2NlbnQgLTIzMCAvRmxhZ3MgMzIKL0ZvbnRCQm94IFstMTAxOCAtNDgxIDE0MzYg
+ MTE1OV0gL0ZvbnROYW1lIC9GSUlUVVYrSGVsdmV0aWNhLUJvbGQgL0l0YWxpY0FuZ2xl
+ CjAgL1N0ZW1WIDAgL01heFdpZHRoIDE1MDAgL1hIZWlnaHQgNTQ5IC9Gb250RmlsZTIg
+ NzIgMCBSID4+CmVuZG9iago3NSAwIG9iagpbIDU1NiAwIDAgMCAwIDAgMCAwIDAgMCAw
+ IDI3OCAyNzggMCAwIDAgMCAwIDAgMCAwIDAgMCAzMzMgMCAwIDAgMCAwIDAgNzIyCjAg
+ MCAwIDAgMCAwIDAgMCAwIDcyMiAwIDAgMCAwIDY2NyAwIDcyMiA2NjcgMCAwIDAgMCAw
+ IDAgMCAwIDAgMCAwIDAgMCA1NTYKNjExIDU1NiAwIDU1NiAwIDAgNjExIDI3OCAyNzgg
+ MCAyNzggODg5IDAgNjExIDYxMSAwIDM4OSA1NTYgMzMzIDYxMSAwIDAgNTU2CjU1NiAw
+ IDAgMCAwIDAgMCAwIDAgMCAwIDAgMCAwIDAgMCAwIDAgMCAwIDAgMCAwIDAgMCAwIDAg
+ MCAwIDAgMCAwIDAgMCAwIDAKMCAwIDAgMCAwIDAgMCAwIDAgMCAwIDAgMCAwIDAgMCAw
+ IDAgMCAwIDAgMCAwIDAgMCAwIDAgMCAwIDAgMCAwIDAgMCAwIDAgMAowIDAgMCAwIDAg
+ MCAwIDAgMCAwIDAgMCAwIDAgMCAwIDAgMCAwIDAgMCAwIDAgMCAwIDAgMCAwIDYxMSBd
+ CmVuZG9iagozMyAwIG9iago8PCAvVHlwZSAvRm9udCAvU3VidHlwZSAvVHJ1ZVR5cGUg
+ L0Jhc2VGb250IC9GSUlUVVYrSGVsdmV0aWNhLUJvbGQgL0ZvbnREZXNjcmlwdG9yCjc0
+ IDAgUiAvV2lkdGhzIDc1IDAgUiAvRmlyc3RDaGFyIDM1IC9MYXN0Q2hhciAyMjIgL0Vu
+ Y29kaW5nIC9NYWNSb21hbkVuY29kaW5nCj4+CmVuZG9iago3NiAwIG9iago8PCAvTGVu
+ Z3RoIDc3IDAgUiAvTGVuZ3RoMSA5MDQwIC9GaWx0ZXIgL0ZsYXRlRGVjb2RlID4+CnN0
+ cmVhbQp4AdVaeXzURZZ/9atf3530kXQ6Td/p7nRC7guIIAQNeKCIiBjAjEBCAAEBuYlO
+ QEBFzCASWQRExRABESNHNICMjgF1NaMOoOLJjJnRmYlZV1EYjJ39VqVxmHx2/9t/pn/U
+ q3pHXa/ee3WEhXcvmkYJtII4jZk4ZV4NyV+wg4jNrpozZV4vbpmM/P6qxQsDvbjpApHy
+ SM286XN68cQHkddPn70sXt9qJbLNnjFtSnUvn7qRD5gBQi/OipGHZ8xZuLQXt6Qiv3b2
+ 3Ko43/I18PQ5U5bG+6dPgQfumjJnWq98sE3g8+YuWBjH70F+7by7p8XlWQWR8QlioNrZ
+ BjLQctKQQlYqIxuR7mvj05gvk3zIrH3vro47LEN+YDa9bO6Zlb35a57SeRdf7z6i9elf
+ AkMr5YUE6mj1MQhpN118/eLvtL5fOLI+gH14j7KCDack4qyMzIBDKQZ4pYRX0FCUS+kI
+ 4CBJGSjLA6gSlBLaBFgs6UWSXkjVoORLSo6E2SyMXMP6SyyTZoGfQSWAUVlOl31GJFdI
+ chaSrQaYn9JQLyBposyZT8p6mYduAccr5USZMzfdANhPll2yRipzItdIyFkKvSaxZMlL
+ kv3b6RrUsTErXYScTXJEmTOLLJslNEloZAbyQkpAzvT0PRmB6bFOnOnoD2hJg7wcmFbK
+ ayRU43KqxLiEitQoo1zIkpgB9YCeiFUXuZD5GVYg6icCE2UOm4Q0/ST5F+kfdC/4FyUm
+ ypwukB3wPP1IDeCcl5zz9CqpoPxAU0ATHA64ArQf6Bza00gOpx+G98DWVNDknCSPyzKn
+ b8mBWv8l2+uib8iEWl0SE2VOnfQXcoLWKWl/p79Jib9LTJQ5/ZV8gF9TE+BXVAr4F/oz
+ 6VFH1OSyzKmDXhD6RC408KWEfxIWRn+U5bPgc/pClj+X8BMJP6Zk0M/QR1IjZyRNlDl9
+ KDkfSMppOkjD0fppiZ2S8GTvmtFJuQJi/Ti9LznvSfgu9QPl97KVdll+R9Lfpv8Ua01v
+ S0yUOb1Fb0JOg1yMXpQ5vUEnJE1ATseFpVOb8BB6nX4nOa9TRGA9YpV+F5+/4HBpqZyO
+ 0Sv0MFo9Jls9JlfzFTpKE0ATHA4oVvMoWk0HTXA4oFhLQeF0OD7vw1QIrFXq5WXZ2ksS
+ tsh5HcL69+rnkKQe6nkPLQgKpwO0X47hgOQckGPYTy/KMQgOB1+M4UVqlmMQHA5MjKE5
+ PifB4bLM2QjKgNWXC0j75Jo+L1veK+FzEu6BdXDaJcvPStgkYSM9I/xUQk47hJ/S0zQK
+ 8Cl6UsQD5EK/osxpu6zzBG2TliEgpy30OKgaCTltlhKPSU4DIuYV4DTI9jaKKEOPSv4G
+ ekTatICc1gvfpd9QPWVC+jfSK0WZQxdi7ddJ+JCEa+lBSGtorexBlDk9IDn3S8teI21i
+ Na0CTSMhp/skfyXGwqFXRDyqo1/TSPDraA8wUea0TNZfKttdImsspkVy/IslJsqc5svy
+ XRLOodlkQStzqAgcUeboXYz4Toph/TnNpBmIZRrkwtNEmdN0GghYQxOlb9aI6EbTZK/V
+ NE5KV8tVqKKp0JiGqmSLoswRcyZjr9YgzwEmypx+hXELPxGQ06R4u5NkLdEHh/WIMVXE
+ W6+Qmr2N/DIe3iZ542X/t8YlbpU0MRaOVRd1x9IAuV5jJXazbGGMLI+W1n6jrH+DhKNo
+ EGpcL7nXiX2LrpXla2RMGClj1ghJuVpGsavibV9FSyE7XLZdhnUVkatM1h8Wx4bJFgSH
+ 05USDpHtDJbwCglLJRwEHaei/iCpyYHxHgSNyzKnYtlWkZQulLBAwnxZI4+yIZkrKXK/
+ BS70kCVhfymTSTpQMuI2niHnHpW+ki6khm9CJBL7UBi9ivUJS1sNyRbSJAxKKHdiuRoc
+ +lClrE9ahRda5OSJ0zxS2g19Z6A1t8REmZMr3oNL0kRvHLuAGG+KhHJ3xknELncIATlO
+ QVZoWiMhh+UmYqfXIBf+L8octtXrvQmyDTPWX3iUgBy6N6BtjYQc7QmaLi6vkzoQdTkk
+ euejkRFAlDk+Ic2k3eCcJMosdU09y/o3/tG/19i9vafUzdjLJmJnbUfUbiKj4laupVrY
+ 8UHg22gvHVeMbBOdZsPYy7SRrWWvsWq2Vkq3o4FkngfrMbPXVL3SiRr7QFuLWNzOvlTP
+ 0Cew3Xr6hG+hZXwYOMtoH5vIr8I5b76aLPFGyJwmUkv5YNrEjOwoO8M+Yeuoib3B0Duv
+ oO/Q3lq+jbdglGtVF33Hi7iCnjahj12yDbQL+mausB3sM9ZFLeRkNWwfM9MuZTP6XMIu
+ IoZvorUshzbQBjYMMXOq+hRoKxEPxfctetlM9extzLse6TV+A+T3YbbtzI1xtNNBNp+q
+ uZ6txHkxxi7yRO4UbWEvfADfRtqsrGIj2QbFi5OU0EA9IKk/qjt6PyB+6K0LfdZTUO0S
+ nyaRFilujAQyoNZrk7Xj2RtKDnuZvQFNVytOpZ7NwZmGyMWqRS1uhNwGZTSvo3r+vuLC
+ iaQec1jJatUdSqNSA8yMmaxnm5WJqLVJGYyYXatNVo3Qn/xArRczVa7VtGuu1Hgx5018
+ G1vPt9ExpiUX8lrazjdp10BnS9geaO9eoX+aD61Vq09hpHPxzUeqRVsV2OO+xY42l+ux
+ A7WL0WLUTmjKKDSFNuZDU0Gq1czHWWuB8j4tkHAjtLUM++4XGA1+dT0Y02bs0PllOq1G
+ xUJSdsDarESuq24uu7ki8OaEYE52HzRg1QWaaUxzwrLAyz09YypUt2ZCs8bTzCP6ZjUS
+ +uP/xfxjTvaoMRWBl9nVI8rjzY6YXA7iLRXoAf8EGd2NKM/ByNR2qkFqV9uZinwHUgvS
+ fqS9SKDTu/H0FmQE/wGkcqTJSBVIov5RNNV7zySskBZ7HFE+dieG2yhHdNSApkMENSCm
+ msD7//uZEcETEdGt4sYrf2l0P33M7mTdynaewu/jX6tL1b9pApq92l9pP9c9ou+vb4Gc
+ QjWxTWqNphHj05GzzKCSluk1ikp573z6TgFZT71z6p38JFvQFgnagjUqdS/g7u4/xzbp
+ Ei98d7c2U3SlUHvPF5hcIubkpNllk7StZmq1HzOfTh1sGqwrZsWaUaZRunJWrplkm5Qw
+ LmmWbVZCddJW01ZdA2vQ7Dbt1jWxJk2rqVXXwlo0J9gJzYe2DxM+SvrI+ZXtq4Svk752
+ hg06B9dZPKnWc52nOgsqydrR3WntymdpiiPZXlRoLylWeJpis4qyzaooNQtWrFiwcMWK
+ hUc/++zo0c8/V+ti3174R+y/mO0fF5j1p8msipWwYlYV2xZrx7dVzIMxlYhf1OgpSMPL
+ wkGrEXdInnDMb2tLNQZS7Q4ruQx+NaB1WL0BrcXDPGnWU5Vtp7rbbHZnqc1eWmovLaC8
+ zsLuNmdpPktkobT0kuIBAyNDWVFhisMmQLI2FJTUwbg0L0lI0PijaQGWaXKYklKempCf
+ kfHznoyM/AlNaoGihLypYcMYzkO+n054M8L4ZXj5+8LCdmCcX0LfRbSmrCqshX8ntNYl
+ s2RvZqTNe4x8rlrzck2t/v60teqT+q2aLeoW9yb/E65GS6N9j3aPbo9+j2aP+rxrZ6RV
+ fyhyRHdEe8R9VD2q8eRlF+Wnc9KGNfq0iC7AjbrsQMTJi62n2l491dYppomJlkL/eZ3d
+ bdYTlV1i1qX5ckrD2ICBVFKcHkrT6vDFJ98792SmtbBgvKx16KAbZiwpetXrHcgmLp8y
+ bEFImxDJDfsSk8peqWr6Irb3ttxa9pYaDQbTFT33pWblDD/g8RSzkY/NWlOcrU+6Onto
+ OJg09LoPtrXFjtycuzgrJzudW/iN/pBYR2rp+YJfgH4K6D/KFpLXEWrNT2fp2d5Wh6XV
+ rD2dfcxRqOYk54wNj02cZK0KVyXOtM4Lz0usTa711VobsHU0FDSEH81t0GxI3JnbWNDI
+ nkrcmfBUuDnxAB0s2M8O5jaHf6sPOsgV0OXZdfM445Mz52UqmVZXwKW4DL5C67m2yrbK
+ U5UwVlup0Je1rfNcGyw2rrN85mPCFqQpwC6KCgdAc1F8JcUDBwwcynr1+AsfslxZtPLC
+ 8c3fZPltp29f8tj0ie7scWMDjtGTF08a92KKJ3L2wW3vVinNgd3LX/hi0UhftObB2RNq
+ bRquGT7YyFXzjOvvWDoj7L5y2SsPzXxQ+Ox+2FCXxozSIHq8rOohdpgpLOD19HMk6yKp
+ 2RZrlmqKBKktz1RgaEs9xjMcgxzjlRplsXK/0qA0KYcUQ1bGoMK8NDU7oCSbuUXr9QQM
+ 3MG1RCWsJDtD6zeS15LBMvz5gToLs5TCWU4N6ajsHtJhPVFYKYwJxtPrOpesqqur8NSQ
+ 2JAT0p/gRJXMZmBxfymBlV3JhHqYMCRnil8oEV41oNexLPC4LOaIe5lyOLaGWfLTQtGF
+ sRyXx6vhrCnRbtFaVLUm0VaUkmpJ9ihcr3N7x4XK4HesXWn6eWKsyJ8ZDu4K+EZkZCMK
+ vuNKVBizKu6Un/UhX4rBos8M99vlTw+HZbygvYh7itpF/WlJ2U3+zDTy8WHum9x3uLk7
+ tdUCs/jQ3joGUzdktqV9YDidNcs5O2mWvtZ5T1KD6xFbo+spmyHNlxkihy7dosW+7J1r
+ rjMr5sk+5ssSoQX2Uwm3k4ElHvPgcz9WxtoqpeoQZeI+pf5iKr2mBCcUFFvxgKJgPOyw
+ NVfNK3rhr7HYW7u+7O8xnZ50/7Pbl0583u5zZRaxi/n5hbmxwTwx1fn9wd9emDS8X+aN
+ T9fds3Ni9hXsu6A3Go1k9sZ53i3jfJimlI0IuNPMDsMZC2b4IW91pLW6jzlOR9RQcmhc
+ yjhlln6WWq1Up9Tqa9WFysKU1f1WJ6+2NoWsWp0vzU4Bs84eTPVErOc6ujusHV2/BPUf
+ K7vsIprms+S4X2Ay0UuxIySiPMk5iSijsPX31UyuraueUpcyYPXo7Z998Ozxb9ivmH/K
+ 0MWj87YfZ2tqtz66ePnmRzePHNm1r+VvrJRp2Dj2hCdapjCDL9Yj48W7PV28E+uYhlmV
+ +Zz+FLVfmhmPFVZzW78P+OHQTNMaWmfeYt5ieoZ2mw/QEXOryehM6ceTEtLcZpMGe6dP
+ n+DTT05iSSGxcG3xLcEpfR97VRsW0VYKs86PwEoVadIDWfDSHjFMrCMm5WXJWp2ySJ+Y
+ ZLsm2ck5WxtTeTiUFmTMiH1AeczrNpqSUxOtiXqLUc3Ky0kLG43qRI/PhaWIBuHS9C5i
+ Xyy+F+fRhrIF4VTLCwZm+Ji39ne0+o71P51v9Gr8/bwO/3L9cnWRcZGyOmV14n3G+5R1
+ yeus6/Tr1K3erVkN/obMrakN4a15W10NoYZIY6gx8lzec67dnqZAS6Al1BJp9bS6WnPT
+ w6lmuy4Y0uqiZp07FCVdjicfu3TbOUS7c13x6Cd363OVv8decfmqJl22wkm5CHpxV9Zd
+ Fh3ZgjV3zV3z4OxZDxpX1UxftWr69PuCU6Z+/vyeP02eNm32l4cO/Wk2q7hz9Yo7Z6ys
+ Y11Vv66rnnzvvbFl+Runbn3jzUdmNeRnPjlr53t/eLbmSeGzCr0V3xtScUefU3YzGXiy
+ JSXtDN7U+IeeVkNKq+W04VjEpDepJqfbOS44yT3JWO2tDs5yzzIu9C4M1rprjUJJDyVu
+ 1W9N3O3cY0xxBUhnDvp19jSttOfOc90dwpw7hQ5gzjBmac+XVlueUUhumohmA+xJctN0
+ SGXw6wfcBzM+3dT2bezp2MeVVy65KXf7cc2qmilLf101ZYVy+4jyb55v+XvseKw7tjs2
+ 3ZNexhWDF4fOT+8Rhv74RsyR7ej5jmfh9iDOY4Eyq+EUt5xynOTfp9q1bjOlWk8N6SzE
+ 2U6OL59d0joChogXveEiLZ3tmHPbhNlzKipmX8qV9tHVU8eMmTo1Fo0XoM8Her5SH+AH
+ cd4toVVlty3XrNPgxOF4TPecplEHm8nY4zhkPOI/bEvo53WVJBQYyNzflcnPnk1hKd2G
+ i9bABe/Z9PPWk/1/KsiyXWE/bOcFWbklhQl4kfG7KJo5RpsRShpg/RQbaGdhR++mIQ8g
+ Hd2IG12xyi7hWfL4JZRcyXJx7tL2KrPE+U+Vpzj77qnxA1kWNpgoLx84vWjL/rnj687o
+ x75W89hL3396xeKhdy0c/arfm/7Z3uaDBddgk3jCE9ayw3bbjIryijXXvnv96KY12/dZ
+ rLoFd43Liwwee+CF2GBfNBxOC0Av5T1d6iqczEy4AZwZfitdjRP6LUh78ZbyDPKjyA8g
+ 14KfjdcjM07vuJnhdccDOz2LvxpE8LeNbNDOgnMe+ElgPRTC3zA8eGERrywML4AaJEY7
+ ce7fiVefQ8gPIdfjxTgTsl7U4RRAjRzYu0G2L94WM/AWg5WgKPJbIXkLZMZC4mYqsHZ3
+ dHTgdCd8Fxottf1zc+6IdeEIE2dIbUfkwaVX4VzEaHIkEwwpihOLUCxcGifd3s1pMINp
+ Kdvqmw88tO7FF58ftOvOt5g59s2JmdsKk1JeiqbnljuSygszopt97nX7f7Pu4IGHHz6o
+ rBx5fey/3zwe67p+1Bh3qjgCqxTAYTjZgVlPhu3lwPayqbbs9jWe9ZbHQ09atiY+bm/M
+ PmI5HDqYbdSbdIy4Tb3JdIdprqnas9BTZ3rS9IKp0dPsM/qcF8Mm21m1//nwyZxye3nK
+ OPu4lN3puzMOpx/O0CcmU0FQNy45Izo+x9otjm/y5IubR1tnmxVbsDy6CIvrjVsidouZ
+ X2Z/wrulP2F7xtGYUOYb0zMy/enp7qgnf+2Eba8f2Xj1sgFJgeERfzR2eteZ2Bcs8NEN
+ j/PJatCfP+pwJOIvuPmWlx997JVIxOwqifpv2slS3nuPOcXFS6EKzH8LbCwMG/pw+HjY
+ mAUraYGNafDWrYedWWBnGrz86GFrFkAP7Eu8BubC8sSNlGAJZ3Hzs8HWUkE9C/p54CeB
+ 9cB6foJEOeUhRfFenIcURcsmJANaNSEZ0KoLUlkYhQ83J9GDHS2L1h2Qy0JvUdBvA+dW
+ 2HkG7r7jhZV1YuNv67h0ceq9VHTKjeJfLAxh8kp5l1J6Fei83Jou3aku31T4RodtyMGZ
+ r/Qw69vTGweX3FaUGW33uXMKstMD3c371z60/8V19fscvrGjbmEJb77Lkq67htXh2AeT
+ +unxYBiB77WHml+qX3cwfj+GjifiVcoDb3pl+Gi85WtoMVKTTCm0G/PbjbVoAS7eiIW3
+ BgEd0F4rrYD/MqT10NBZJEVcM8E7D6mT0Fg5KOOQmhCpd8Nvd2N1dqPGIeCHgR8Gfhi4
+ EW/AQrOEVu0oGaDrDMBUvM14pTePp/AlK4Vn4p88UHV2i1OkcFrYqQ/+Ge6N7+IGFjdJ
+ eCxcNRKUdsuS9Qe2LsJN0pfRP7f69Ex4PEv760mWkjfD8vM0ZZ1ld+2aFrbjkSfuTfd4
+ 850FxUx35jNm76GWQemrlmx4GAPEaPEOog7W+HH/Wj+8CKsvXsXdiHdBlM6ilIfZt2LU
+ FtAYpTAFtB5YHsHetKBZUdbBfpyYN64TiE95wPKhXSdaiyL3weejoEShIyNePgqxQeDe
+ fapNxK347QF38a5CbBBDugrhrtAItodInzv4pcj0y9EDBEQzL7t0arbxLZlZmdGf7xZw
+ T2NmTv+M7b//y7xZuWH72oL5U9nUzKzs9FjT+nBIXNBDYaUqHaXyQ88UlvgzUu+4qxTb
+ QfTnJ4ResPbiF9sI+/nffnYQk/Bq7oAGnNCYC6/mYtW9sJIR+KvVNfjbynWyIoMNwGHx
+ 02LudOPIa28dMyrr6rmL7p457e44R3DHIN2ONBvpHiSxPNuQ9iJhjegdpE+ROpG6sXBm
+ JA9SNtIQpBuQbu+J/yBDv5QZdP+veEEfvLAPXtQHF/8n5PL2SvrgA/rgA/vgg/rgpX3w
+ K/rgU/rgU/vgVX3w6j64/L8ol82/RvD/B5QKBVgKZW5kc3RyZWFtCmVuZG9iago3NyAw
+ IG9iago1OTQwCmVuZG9iago3OCAwIG9iago8PCAvVHlwZSAvRm9udERlc2NyaXB0b3Ig
+ L0FzY2VudCA3NTQgL0NhcEhlaWdodCA2NzAgL0Rlc2NlbnQgLTI0NiAvRmxhZ3MgMzIK
+ L0ZvbnRCQm94IFstNjU1IC00MDkgNzY0IDEwODldIC9Gb250TmFtZSAvTUZIVVBLK0Nv
+ dXJpZXIgL0l0YWxpY0FuZ2xlIDAgL1N0ZW1WCjAgL01heFdpZHRoIDgyMyAvWEhlaWdo
+ dCA1MDIgL0ZvbnRGaWxlMiA3NiAwIFIgPj4KZW5kb2JqCjc5IDAgb2JqClsgNjAwIDYw
+ MCA2MDAgNjAwIDYwMCA2MDAgNjAwIDYwMCA2MDAgNjAwIDYwMCAwIDAgMCAwIDAgMCAw
+ IDAgMCAwIDAgMCAwIDAKMCAwIDAgMCAwIDAgMCAwIDAgMCAwIDAgMCAwIDAgMCAwIDAg
+ MCAwIDAgMCAwIDAgNjAwIDYwMCA2MDAgNjAwIDYwMCA2MDAgXQplbmRvYmoKMzQgMCBv
+ YmoKPDwgL1R5cGUgL0ZvbnQgL1N1YnR5cGUgL1RydWVUeXBlIC9CYXNlRm9udCAvTUZI
+ VVBLK0NvdXJpZXIgL0ZvbnREZXNjcmlwdG9yCjc4IDAgUiAvV2lkdGhzIDc5IDAgUiAv
+ Rmlyc3RDaGFyIDQ4IC9MYXN0Q2hhciAxMDIgL0VuY29kaW5nIC9NYWNSb21hbkVuY29k
+ aW5nCj4+CmVuZG9iago4MCAwIG9iagooTWFjIE9TIFggMTAuNi40IFF1YXJ0eiBQREZD
+ b250ZXh0KQplbmRvYmoKODEgMCBvYmoKKEQ6MjAxMDA4MDcxNjI3NTNaMDAnMDAnKQpl
+ bmRvYmoKMSAwIG9iago8PCAvUHJvZHVjZXIgODAgMCBSIC9DcmVhdGlvbkRhdGUgODEg
+ MCBSIC9Nb2REYXRlIDgxIDAgUiA+PgplbmRvYmoKeHJlZgowIDgyCjAwMDAwMDAwMDAg
+ NjU1MzUgZiAKMDAwMDEwNjEzNyAwMDAwMCBuIAowMDAwMDgxMzkzIDAwMDAwIG4gCjAw
+ MDAwMDQyMjIgMDAwMDAgbiAKMDAwMDA4MTIzMCAwMDAwMCBuIAowMDAwMDAwMDIyIDAw
+ MDAwIG4gCjAwMDAwMDQyMDIgMDAwMDAgbiAKMDAwMDAwNDMyNiAwMDAwMCBuIAowMDAw
+ MDgxMTk0IDAwMDAwIG4gCjAwMDAwMDY0NjcgMDAwMDAgbiAKMDAwMDAxOTgzNSAwMDAw
+ MCBuIAowMDAwMDA2MTIxIDAwMDAwIG4gCjAwMDAwMDY0NDcgMDAwMDAgbiAKMDAwMDAy
+ Njg0OSAwMDAwMCBuIAowMDAwMDI3MzYyIDAwMDAwIG4gCjAwMDAwMDQ2MzUgMDAwMDAg
+ biAKMDAwMDAwNTAxMSAwMDAwMCBuIAowMDAwMDE5ODU3IDAwMDAwIG4gCjAwMDAwMjA1
+ NTQgMDAwMDAgbiAKMDAwMDAyNzkzMyAwMDAwMCBuIAowMDAwMDI4NTAyIDAwMDAwIG4g
+ CjAwMDAwMjczODIgMDAwMDAgbiAKMDAwMDAyNzkxMyAwMDAwMCBuIAowMDAwMDIwNTc0
+ IDAwMDAwIG4gCjAwMDAwMjY0MTUgMDAwMDAgbiAKMDAwMDAyNjQzNiAwMDAwMCBuIAow
+ MDAwMDI2ODI5IDAwMDAwIG4gCjAwMDAwMDUwMzEgMDAwMDAgbiAKMDAwMDAwNTQzOCAw
+ MDAwMCBuIAowMDAwMDA1NDU4IDAwMDAwIG4gCjAwMDAwMDYxMDEgMDAwMDAgbiAKMDAw
+ MDA4MDI5NyAwMDAwMCBuIAowMDAwMDkwNTQ5IDAwMDAwIG4gCjAwMDAwOTkyNTQgMDAw
+ MDAgbiAKMDAwMDEwNTg3MCAwMDAwMCBuIAowMDAwMDc5NDMyIDAwMDAwIG4gCjAwMDAw
+ MzMxOTcgMDAwMDAgbiAKMDAwMDAzNTg1OCAwMDAwMCBuIAowMDAwMDQ1MjY5IDAwMDAw
+ IG4gCjAwMDAwNDcxODcgMDAwMDAgbiAKMDAwMDAzMDY0MCAwMDAwMCBuIAowMDAwMDMz
+ MTc2IDAwMDAwIG4gCjAwMDAwNDcyMDggMDAwMDAgbiAKMDAwMDA0OTAzNCAwMDAwMCBu
+ IAowMDAwMDQ5MDU1IDAwMDAwIG4gCjAwMDAwNjY4MDAgMDAwMDAgbiAKMDAwMDA2Njgy
+ MiAwMDAwMCBuIAowMDAwMDY5MjExIDAwMDAwIG4gCjAwMDAwMzU4NzkgMDAwMDAgbiAK
+ MDAwMDA0MzMxNiAwMDAwMCBuIAowMDAwMDQzMzM3IDAwMDAwIG4gCjAwMDAwNDUyNDgg
+ MDAwMDAgbiAKMDAwMDA2OTIzMiAwMDAwMCBuIAowMDAwMDcxMjI0IDAwMDAwIG4gCjAw
+ MDAwMjg1MjIgMDAwMDAgbiAKMDAwMDAzMDYxOSAwMDAwMCBuIAowMDAwMDcxMjQ1IDAw
+ MDAwIG4gCjAwMDAwNzMzMjUgMDAwMDAgbiAKMDAwMDA3MzM0NiAwMDAwMCBuIAowMDAw
+ MDc5NDExIDAwMDAwIG4gCjAwMDAwNzk0NjkgMDAwMDAgbiAKMDAwMDA4MDI3NyAwMDAw
+ MCBuIAowMDAwMDgwMzM0IDAwMDAwIG4gCjAwMDAwODExNzQgMDAwMDAgbiAKMDAwMDA4
+ MTMxMyAwMDAwMCBuIAowMDAwMDgxNTU2IDAwMDAwIG4gCjAwMDAwODE0NDEgMDAwMDAg
+ biAKMDAwMDA4MTUzNCAwMDAwMCBuIAowMDAwMDgxNjQ5IDAwMDAwIG4gCjAwMDAwODk4
+ NjcgMDAwMDAgbiAKMDAwMDA4OTg4OCAwMDAwMCBuIAowMDAwMDkwMTEzIDAwMDAwIG4g
+ CjAwMDAwOTA3MjQgMDAwMDAgbiAKMDAwMDA5ODU1MiAwMDAwMCBuIAowMDAwMDk4NTcz
+ IDAwMDAwIG4gCjAwMDAwOTg4MDQgMDAwMDAgbiAKMDAwMDA5OTQzNCAwMDAwMCBuIAow
+ MDAwMTA1NDY0IDAwMDAwIG4gCjAwMDAxMDU0ODUgMDAwMDAgbiAKMDAwMDEwNTcwNiAw
+ MDAwMCBuIAowMDAwMTA2MDQzIDAwMDAwIG4gCjAwMDAxMDYwOTUgMDAwMDAgbiAKdHJh
+ aWxlcgo8PCAvU2l6ZSA4MiAvUm9vdCA2NCAwIFIgL0luZm8gMSAwIFIgL0lEIFsgPDk1
+ NjcxNjAxOGM2YzM0ZTIwZGRkMDAxOGVhODM0OTUyPgo8OTU2NzE2MDE4YzZjMzRlMjBk
+ ZGQwMDE4ZWE4MzQ5NTI+IF0gPj4Kc3RhcnR4cmVmCjEwNjIxMgolJUVPRgoxIDAgb2Jq
+ Cjw8L0F1dGhvciAoSGVucnkgU3RvcnkpL0NyZWF0aW9uRGF0ZSAoRDoyMDEwMDgwNzE0
+ NDgwMFopL0NyZWF0b3IgKE9tbmlHcmFmZmxlIFByb2Zlc3Npb25hbCA1LjIuMykvTW9k
+ RGF0ZSAoRDoyMDEwMDgwNzE2MjcwMFopL1Byb2R1Y2VyIDgwIDAgUiAvVGl0bGUgKFdl
+ YklkR3JhcGguZ3JhZmZsZSk+PgplbmRvYmoKeHJlZgoxIDEKMDAwMDEwODAxMSAwMDAw
+ MCBuIAp0cmFpbGVyCjw8L0lEIFs8OTU2NzE2MDE4YzZjMzRlMjBkZGQwMDE4ZWE4MzQ5
+ NTI+IDw5NTY3MTYwMThjNmMzNGUyMGRkZDAwMThlYTgzNDk1Mj5dIC9JbmZvIDEgMCBS
+ IC9QcmV2IDEwNjIxMiAvUm9vdCA2NCAwIFIgL1NpemUgODI+PgpzdGFydHhyZWYKMTA4
+ MTk4CiUlRU9GCg==
+ </data>
+ <key>QuickLookThumbnail</key>
+ <data>
+ TU0AKgAAKLCANiBNgTwUTgCEQmFQuGQ2HQ+IRGJROKRWLReMRmNRuOR2PR+QQuBtgNyU
+ TvZ1OYAPAAgmEP4BAAJhAEQh+PQAOl8gQABcFzUA0EAP+iQ+ggEAPd6TgCAsFgCeQx7V
+ MAAoFAYAPh+VF6OgAPQChQABQF1GQ2e0WkAUeh0WHWyiP+NvK6AAE3ev0sABC+AB/X8A
+ A7BAAD4W10K1YmJyO6PIThV/u0AMJqPMAAt+Sp1hEZAAdBd8AB7A4GABwtnJPt1OoACQ
+ cBAAMhjuy7BACgB5vQDgAWCILgB1thqZcdEQAPtkr4AAUOA8AOBzwgSBfSgfSgB6gfnO
+ VmPIAFAvjwATXFRu4W6I+e5Wf1R/22x3/G7Xh4/Wq1YAOf9YHBvz/AAC0ApkCYJsIwzy
+ vKka/n8E4UwchabnerIEAiAAGKifEMvGBDyI6eh3pxCjSrNCMJwrC8ERTFUVxYh6lpwa
+ EYgAE0aAAxqxgosS+NhFqPQUv8GwfHshyJIsjSOhp4SVGy6pKDYAHLKIAAFKgAA5K8kI
+ pH8GQcFMsy/MEwzEjK4gAbczgAEs1MOpByTcvzAA9OUxoVLcgy9Ok8z1PcwHBPyegu36
+ 7pchRv0MAAB0SAE5A9Mc7S7PlI0lScEHRS0NprHaHnDTgAANT4AAzUUv0fIVKVPVFUou
+ dtWTgfwAArWKJ04cIAAfW69r7ItSzxVVfV/YCVyWe9iVDUaJH7ZLnz/AkC01FteWDaVp
+ 0lF4APqeIASci5927ZZwAADVxMup0VWjal0XTMB63YAFWMlRiN2Ie4AG7ezWhIElMMVc
+ 91X9f8W3mnJ0nSAAQYOj554UAFLK8EOHqgAizJBfuAYti60nzjQAHNjoAYeEK0HdkdhH
+ hg2ESomMfIHBc74wtR5nCa0oNCAB+nzmp/AGAAIg6sR6nieoAHcdKcAE9YEvICIUs6Dd
+ CZexR9akABx6qAAR6wxWCYLROdxysWVoFltIagjUy7O/57nlCR5n00IBAWCyxgerB76I
+ /J5J4DAHtvYh9LtQLxn8fdXKMoS2cQoWUzZi9u8IcXIavrMU6qcdPVBQLfo1isjSicrs
+ XbWIK54CMKsTZJ+8LBfGYlifGIUtjEzKhWzqL1fV8XxeuoXjR80mwrdv8fgAUMb80zXF
+ PV+LAdnV0ivORbdmhP06IRetM00XEDQAAb7qLzL1HCrZ3Mq9jdPV/D8OBUHfaLH0d9am
+ 2crLH7qYJ6ZbWnor3sDN38K9huozRqi14TxFDgdgQ+0iL0EWPSY4x56wIgADegogBASt
+ znEOfAsp8Lu3dvmbKQ98KSmTKfKw90BpFx5sEOOUgAA+XhoWcCA1nZF3+PAcKNyHUAgT
+ JGYUZZrYAIIpTSqQ6BiQ03DkABDobgAFIOZIXBt1MHVFQfMRCEj8N0Dphi0btMo2owAA
+ IMl+ILq1RAZIfEcxQ7I2HAHWOshcYBtQ8IW6VCsdlERVUVCCLDGWNqShwmUbMgwAAokM
+ l91cAAAQIA7AohEakijXklE5UxCHanrIS7MhsmiGJlj4QofY6RxH5H+bsAo/nhv1dS1I
+ nAAwEQpYkApTyigLAbLFDWPpipJDXkol6S5bS5ScmA68hL43yxXIYtha59l4p1ZYkBsi
+ YZdy9Qgf91cn5izIIXNiSx6CXj3MsO2N5eScABAlGgAw+EJD3AIc4Ag+icDtHQ0IFoPj
+ Ov6lyWkgc23FJVk9P0mM/ykTCgKWwAtB19lWllEFrAI2Ik8kgkRGI0AAAwossCYUGiil
+ sgK+QmM3J8qRTLAVgUJGbLKgwAACVKwAURRWwIZVMQAA1pofeWTUEyu3MBNegDjHF0gI
+ k1Jv74XFvuH06lT8uCQSqUQAZnZSm/gJAYVgiUBYTHLoQYmQY2TcMLBpV+lsz0uSVSNE
+ FG4DK0LGjRSEh9OadmAl+4kpEfEMmhd2+wfr8AADKGqrV3xMQBAMA5EIBrhGCHRH8AeF
+ I8x4s7BYBwnA3x7kubUtkAgCTYD+HkPYqpu1EN0AAO8cxoQDj+MsAkFEPR+jrd9Z5NIN
+ QVF2ITF0xS1hfW3AAE63VYWxTQrIkVM421wrjc9HSthHpfzCfCu8/gDlyFPIcPQlJWQE
+ m/ApDS0I6TJIUhSzYhACQDSrH6zt+rf1EEuqc6keA60JANlszYe9SIXgAH0Aam4+l6Dn
+ G+awDIKoJNPrrI4tD4Rp4ForRelximBPUiE9d5cUKFXHSKVOzj7KgLSTLUJ/qKhn4dAA
+ DHEFvBsNjQfGxWoyBfDNL8jZKA8jSgnBgC4AAGB8jYAANQeCFQMAJcIWtwgDgPAfJyNk
+ bzNh/QpAiAYuTUivDwAYBg8Y9F6AMuctcekLi1mBAmhUAQ9DJDwHVkUbw9SngXAsb8Bg
+ 8FwDuZ6VUAwEixmiVCDPGSPEcNgYA+HDVRWX1XwuSAXugQABD0JiLEiXo2OfH0PBeg8B
+ 3xwGcLsWxgQnBricP81g+x8t/HUXUATUwFgoyEOsaso1ELOH0bQfWVQAgNJcOMb5WAbA
+ icIM0cxLgSgEVqPMDwNkADtZmPACEjQFD7XoOgc5tB+gFNgCAERTyYmlHUNx4wKAiBCS
+ mPA2jX8JbdMSNHcAAAX7j0Nb7REbdubeIlGzbaOd1bvJBRPA4MNy1j3ObRIo0t9YNglW
+ g66kd07w4ERqaakMEopDdwkAAUeGAACDw/gfEWMcFQfwdBDHSVFOKfSniXHV/cUS9xY8
+ uDH2LP49ydafIN6suSyw3DceOUcxWByrkRirmOL5hzLnSqOaVi5ZzvoHQSG89t7vYtI/
+ EJDcHEyYfg7mTD72WXYCxWOoKZzkO8epOB5j1lTKVKwIQQKLA06boXZUV9ExHuYtI+CV
+ DTG4bQeDRWDAi7CP6d67h1mhhSyYegAyngIAOTVRLwx0jzOcD0GT2+zeLQR2jQ6X3HTD
+ qv4xPk+6CD1NYOuziiCEgEAVnAfA3BhJmH0S5ZJvwUAJQkP7OAABrjiNKDMFJTx2E4MI
+ PU1OwyoDseMPYBr2wKARKebtnat7oENLZIYFBC/HdqSzSZgUZ1JjqHFcIbw1GZj1BCQc
+ CQ9lXgTAaUgezqSEALygCgD3ZF0DU/YtokrDFLzRIQO8ZwuAADFHI58cY5icAVBoCmAA
+ BWH4jmHOH4LkG0GocIBKAcK8H6BCBYJkH8uEGIHOOcAeHoLkBI8U06Z2y2b+HoHyJwG4
+ HyQKAOHSlkDQDQB6Ie5UIU+a6MSyRuWse0+mHEZmG8G2HcW0BmX0H2G2xsG4HcaEH2AI
+ hSAcAs+WBiBCoWhYdaiIZUmyrmm0cWl+o0kwm7Cuiim8AAEzC6AABbDA3E3I/kV8eGK0
+ J4AQdc+YknDJBe5+SOh+mWWySusGSKfCWsgcfY40cYrlCen4ywhCFeFIE2JyHgs4qOd8
+ H0AQzQHqNoH2AUbkAUHicsHUH+Z2AKAIzgBQBaUaHSGgGUOAH2KwaSIQAO+EyMJcAEHw
+ WyHOtYPGAMNuBABgBaJkNuI2CPFxDWl44M59DISKWsPiQkkYMUwDDiWsw1D238QsrTCc
+ 6AmmBKBCkaHohjCcHcHIO8AkAmlkAQaeAQNKJuNCHuHsXoAKAVFsKgNwHQNYAiBAbkIQ
+ JqJqNDGmJ4AZDSI/BaITDdF8SIwoXcVbGGI0YERvDiLYMEudGUfY8oIeGYF6FiLWAie2
+ yWheAOsGAGHGGiZsAiN+H2HoaEHkHqJqBEAkXoHWACucAoAghqAqxkBaAtDURZHwIRH0
+ t+RYeWTLCc8iiGIUgdDjDioONuhQe4e8hxIUI0GmGYGYY+A8bkHWHqXoH/EWQsAGb+AC
+ Y2HmH4NCZ0PIHkKZHMUQAKKwAHIgXCRQkjDYrJJmV6RWZHB04wN4BZAgIVLYaoasQ4Jq
+ fZGVKDJ+LUNCHEGmuERwNEXoMuHsOiHhEgLsJgU8OwLsAmkaHvBwKgAaJ4H4AqBKUWAj
+ JeVU8tC2ag+SkPBdLO5DF7JoPK5dLsVyztCwr2plIMmIIQj5Coo2m0dgm0gQQqHSG6iU
+ HQYWHcHuN+BWAorsA4QKHQzGKqzktapUAKWyG6HUd8AcA+M6BYA8KwdXL2d3KKSRLSR6
+ pMiCjGIUuKmUBVPJC0mDM6kyKKozPTCyisoHNnPfCzCsraKLH7Lm8iTKfYfYwiwjO0LT
+ O4SKiSjcjhGULYiGz44igKwCYEWs8jKDNdD3P8IvQASQNWNYd2WbQkmqeHDimU8ijwpW
+ zhQRQ1QoSPLdD245Q0Io8jLmmUQCbk5NO1RKSMcqeYptRUI68jQEIVGUdE8XRmSKkVGG
+ 8nRwLOF1SOAAFZSUAAEbSbKEu653SASIq2jEIKT3M5PlSKSIuYNENYHMHWJwHsASOcAK
+ HsLkAGHYlGH9OIK+Has4AoBQBoYMAaLkBlTtF0mo5qMSn2+UT3JjS1LMl4BCAwQKHeQ1
+ Kge2AkACJwykvMAINCHmHgeGAWAyUaHMG4OGos3pNDF24rNJLUSMiYXwX0T1T+rZKweG
+ AJHsRXDMZqQ5M1QnNELQ3lU1TxF46LDfVCh2XzVITymmA6ACVqGIHzHcHUcIXyzgv0YK
+ HqHcJwBOB2xkAiH2K8Gw80gmHWhSBkA2ucHgG+GmAAHYHwJwAmBiCAkWHgGAMmH4BikW
+ hcAqJ+JWGyGOY4vqAABUCUB8pUHoiUFyGQOivAQKBYBCUalkMkHYHKq43FXyA4H6iUF4
+ GWOiqcjQBmBMlkHfARXAhcAoBpXyAwH7B0HEHeZ2AgH2KQAcAUeGHQHAjmACBGZCKayg
+ ASHyZMv0WyASAUNKHsHcyKHWG1IwHoAqucHyAgtiA8AYeGHOGyNoASAKeGAmA+UaAiAq
+ bklEyKCXavVtU9VxH2SGdwiLV9DZGgKzHQAAP+YjbKK0IQH2eGREKhXEK+PGJtVSYkIQ
+ HuNCNCcIQoQqARKwKyhjVTbJbKnAu+NvVUNKJqeGHoHgJxCJLvbpVfbRVcJrMonIOOH2
+ Jq1cIVDNHRNQJ5HkHxHpHtKwZqIUAJDMH5cmKjVQITbZboJsIRbpDOYieGnAeHaZDRHr
+ azVBSkIZKwZMHWHnDQH+cIAayrN8NuAcACjgHIOiMCA6jQAKx6dK/mHUeGoOeGcIJ4KR
+ ewH2LkAbeiJWZqAIH/bYXG3+4IkmBKA6ygMsMsUMdSBMBKdGHkHUQkHkHMZMAwBhMuAI
+ HUuEG+naOOMkRmA4bkAJaaSYO88+9aHUooGoH4N+AgH8NLOINuHQHINoZ2O8AGBCtjJd
+ B0GsGuYKKgQKBNgKYYGyooHsAQKxTgtiAkH4NYGsHIKQluQAAuuceGs4HOG4yKAOBS3o
+ AsAQXoHAG4ZMJ4N2A5hwAAHUHIjmH4AoygdKzgNueGHIRkHsAMygBVUGKyHaeMHWH2aE
+ HaAWX0BZiEaGHJB0AQAUJ5gWX2G3VlU5TzU+IoH4NoGAFgGcOwbcW0BQZ2G4HUzgAYHi
+ c+HwzfACBySenEhSBgA6QkFoF4YKAsAkJjZ0aELCKesEtiAUGs9GHWAQzgAeA6e2BEBS
+ +W/UIymmBCb4AAHIAKKeHu8KVtkovos2U9HEKriWAIADZSHuKQH282ASAIN2AmAcdSHI
+ GoiaAgBSocx4K8HFMqKqVfHQhrlyAOAKXoAGAwsHmGcIHIHA3xCKLtmJbqNC9oOOA6ZC
+ sWAAGycsXDFtDSb+hhdoACcIAYAvm6PIHSHIjgHsHYJiA4bAhhKeAeJcH0H+KeKweGHM
+ G6c+swe2AyASb+AEANQ4H6s4HeH+jQAoAYJdUenCG4XBmYodake2HHjimpjnVu7TBgSQ
+ WIcILvHOTpGeb3iZOQH4HmLkTkQqJSQkH5HGQBA0IQukNxEytlHfb4AAHFCCQAA4udcM
+ /mlGtGucAsAiNgQ5qkJUH7dMPGAsUaNK6StGKrVUuHp6HEJVEgzhc7bKKzbSbUeGAiAs
+ NKHoHMlGHvCOZ5dzdMJwHMHdVTAMQA7GtDqYOOAssGAdrLVWHwHYOiHdLEXCAiJqHfsK
+ MClkbazhKWJ4NWMsAKHwXoASA8e2Q7T/d4R7VMmkkmA7OYAAGeYMauAMXoO8dGY4iUHo
+ HsZMAuBRtGACs4HSHfcSH6KeAXbWOWH1YM82A3qGAIHkiaGraGU8H2JcAqAM42WuWEc+
+ AUBUM6udB0GWGMgCH6AgygBCAgdGAK1SvoHgxsHsBOCCUXuuHEHoKeNgd8qfHQaEHGHA
+ yKAMBZveBEASNoGEGss4N+lkA/tovWeMH0AyQqHMHnhKAiKQHWUPGuzgBoBOugH2jgH6
+ A9AgAcH+dSHll+KgHsb+H+HsWyAbpsAPq+YZpTDbVlT0LUuC34jyqUS/tQnzdXVVVggI
+ Q0Q3cCSztLxljqSygoyKW3KJtTUEAKOiF1oAaGHCJ4B4ByN+G4GsMkAMH0cIBcBwodTb
+ XAyeJWG8JUAgAWlkHMUOHuH0J4BkB8+WACHegCGaHOJiQJRgMuOOHWgC/mIQBSBwJ6AC
+ iUFsFwibi0IPW0dHYKu8jgHpmYJ6x5naG4WyAhFgQspuNEjgHO82AkBQ+4xYGcGeJUvw
+ NKBpYqSmAIcJTcZMHcAMZCAyAdcQHCGqAAG0HWN2BaBMNgHmHAOGHrlrJKZCBUAhaQG+
+ WyH+vwTSBkocAaAlpPxhLRyLa3NKR6VoVgVlP7yYidbENDMoP+YkPJ3BrbVUQ7c/dLcD
+ cohifaJutCZrExcndZbsKhfBdQRPq6HpbTdhcDcgJu9tGZ3aHVdAMDbp3UH4XpdJG9b3
+ raQyeHbNVX3KJtbvyFci86PHJfdV4pdWOOXpb1cDyJU7NH2pVASLLdKDKCTFGeAmKQGk
+ HaPWH6JqAwAuJ4HQG6aEAcAMcIAOA6N+sKYKGmHWJ4AWsCxmAeJ5fugCHGHmlkBqBosH
+ 1VB0G15dNgNKAwpvBsc+A4BA2gAwZDmGO8TcWyW75iAeNgHQGttcHuqoA6Bc18AaAQO8
+ UMWyHqHWXoXyyhFWyaH3Fji4IQHx7AHYd8RsdToFzSG4xsASBKe2HqH+LEAmAS2OG7B0
+ AcAgQrG0J4HYHDKSHjf0QAAhqgHwVqGwHAKeBIAWXoAUBCzRrkeJjlHz2npbVySLQtxv
+ Rt5TfTpsHUH6/EHsKRmMJqHaHYs55wIQ8+UI2MYYHgaEH5vEpVK8H4HkNoH8AVJOAlir
+ +QHl92NE9KMCIWb+KwO8HsAULENJ6O/5qSKgK2Jss4KQO8H+AkyhjaIQLp28H4Z3jacJ
+ btB0HgH6IACgAGQyEgAAH49gA6HlAg4EgRCHk7oRFX2AX4AHa9wMAAuDoi7XY7wADgUE
+ AACgI+4PFX4BgIAH0AI6BQBLJFLA4GINMXvCAYEQA32u1wAKaRLYPRaNSBSAGxUWw/qo
+ J6dSqxWa1W65XXdX5u+5YF7JXbNZ7RWqZRxKIQA+ABMYqAAQCJi+LwAHk6ooEg8GoO73
+ EAHNJbi+5iGgtEXU4nUAADLQbf7jgsI/AdcX/EcVEXo5sG4nfMwyJxIAKFJMdkQsEgZd
+ LthG5hQMCoyAwsHtQAHphHdGZi/wAFgtQsbjwUDYy9gTgAsBN65t/cX5wgsGqE9HVjwJ
+ tgA6ntBg8FoPoHkAAlrdhMXU3G5kApmQICPIEYjWM/hQIGsB9wAtarqVACkqkqaqwCtM
+ EwUg55QaAB5wgAANwnBcKwqtYQgWdgAFubYBIGCShAgBiMmoaJ1uGBgFgAEwXMAfZ3Pe
+ aoCBM4Z7HmACbJiep1HaAAHgtFYIgwB4AAGfkNmwd6WHSdqIhOCCBHqcijH8C7yAsD4R
+ JKBCMmsY5oL0Bi3QzFYOAomJ6HiwZ/gzLa7IychvHqkoFAOAB/n2eIAHudZygAdh8n6A
+ AKhYGqPAKdIAGEax/AAEQCw+BqULiAqWAODgOIOe9Bnkea4Hgb5tgAch3gSAAXyguIAT
+ ofIGUoA8ire3ptGQcb0IMAAPhc04GNyhZtqapMBKKo8CKkqh/KtYcLWarZ72gAB02mAA
+ QWtZ1sK7AAQg63j5uog66oOvCM2gjIIgi19ZreAjXtjCp8N63r7oyAAGAYu56LgBAGP8
+ pSMnoel61Xe65JafB3sefgGvJfFx4CiqY3uiOEMefACoFe7XruAB3nomIEn2uACXTh6s
+ Lg19+4BgTDuBkuDK6uGEoyBKBLpe6sQGp9iWEp8C2TZed2zoaxJYcOjgAEmlaHpmeAAE
+ ICnOABgHRD50HRU4cBsDYAHWaBuxyBk7hAFDASPPZ0HxQZsmxQYTg4CunhCjpqGSawAA
+ m0wAAoBiFGobx0AAcZ3qEFoLI6eByQ2CgLJsB4UN03k/mAZbzgwDLAAqA0VhCENcnuci
+ 9AMzJ+HnP5lGmhSDTuDoORWBoMJsbRjmo4Ydh0wzHl0YiKAYeiZhOF2uH2chszwC6Dm+
+ fwXgAFgNpidZrVGdJ0Ud4OuAIes/nlD9WAgE4AA0BoGrie0UHOampBAHVe1+dFg2NoSl
+ 2Kq+fwPZmm2af/9gAbP/AABRAF/LTWdQDgNAeBBWh+F5NgquBMDy0QFac/VZD935QQQS
+ NqDSLATI1gwgstYHQCobGCORRw9x3gDAADAG7yBoDAMGBwAyih/gvCAAAEo/mwDXH4Bg
+ g48yMgVAWRFUKYRxj9AoAAIIOwRlxHwj4cYCIfD1G8YUCACzMqhG+ZAfRgwCg7CUAADg
+ AXQi2GIQoFAHHyRXiy/8AwIjyAcBMpoAA8FFDOHUTECA9SMgeAqTYARKwADVGyn8DYNw
+ ZElHwooYwzkUG8JsDoGTcR4j2IUAMfo2AADMH+DkAANgOEZheqME4KEtgMZspYwo7wGA
+ gRyANU4BDoAAhe4EGEIgAALBOboBoEjADjfggh+bPSoQVWVMKD5aBATLAAGCZy1VrzJL
+ MgAEq3WPEtLkAlfi4y4D8H2T9khQkulwHwvU4EDlNlwAAAkmJdV6LyH4v6dBCDgAEXrN
+ smLAJyzYnmxEuc+C3m8n2Ps84AAGgOJifMiMCzezxXdAtjs6lTkHlkv+ik+Z0FygZRWj
+ E9CDs4oxOWjU6iWr8nlBIlsBX7THfxNIswlaYAACvTNvYFIk0uK4WuaoEwAEUMiO4chc
+ AOAgfIOQayfwCAFTuBgEqmgCOgAAOAeBwh7D5RWCYC5Ah3DpPOA4DjDWDD3MeNwe5Ni9
+ HCA4Bcgw9h7kUH8PNwI9ALgqjEAQij0k6AYA23EB1Zh0OKAABABJPx7AUBKcMAhjxrVB
+ RyPYiJbSDD4oIx0ehCgKgeqcPwn7xXQj3AW8gEoEyBDmHJFsBIC06DhAIacFhzwADaa+
+ SkAzcQQOeO+N92o+XyEaAPay1w6BwEkJuoOpimp3AAWDMSCaxyotAmRAMqSeH+Dguo+E
+ CZNhrjgQ2POwA/qDt7AuTYeg807gPAGR0EIKVujmvYAAJN74DQhAWT8b4BEtgcAUT8eY
+ +ibD2q4qtRwFKskHH6ecdA/IVDwHgTECgCU7kdIyAUBz5ChE/HwTAmQBKftpnQPweSdA
+ DgOkuBAtwDQEEseLFseA+yDAZAoitPhCgIAPIyPoBzyFTo4GyOMfNgQAJ3AkAkmY9R2G
+ DHKAE8gJgVtcALE9/o5SFUEI6CADM+R5IbOZCofKmG9pdAAPEds6h6qDAgmhVeFgBksH
+ em1va6h2DeT2A4BeDMBgEl84KYNLaVTGaDA+As1L1jmHgACSxLAKAYbiPyiC7SUJdIzS
+ YAAttJAACVpW+KxadnfH2ZnIM7T7sJLhd9cLGzPgAHEPYjpb4VAeA8dk0BegFHkA0BCh
+ Z2kHo5QePImxfyY3sJ+a2ia4qQsQHdY58Nrh3nSLevWy55E0mEHUyPBBwzsFvMbqYeJM
+ 8SGnPIaodWuwNLqJboqbo8yKDuALrJEh3xzE/AcA5U+kDtGDH3hi/Z4jyGEHERQAtFQI
+ mKnRSiYb8Zi3Ngtn5+hSeBNM0kLbSmloBoYxoAAaQ6VHKOJsBACe+R4p/HgOsn4FwSGA
+ AgRBPm9Z0kaHQjhKYzgADdHYqcGQQQYZdIUO0f5Ah1jiToBDVI8BvDhLjV8AAI40kIHe
+ 6EZg20Nj6AI8hKBAibKDH6PAcAAB/AheYBcCpERyDa6uPXBaum4gAHyPtOg6x2mPAaC0
+ HBHsvDZGqn8d44UcAlBa3EfY5XjDsAdEkAoEgPqEZs9FUcuQMgAAwpQBLIS3gLU0SpTq
+ nI6jccCAlEaEgMECNwbp99yqU8JZ9ny57+c9jNAAOcc8lwAKDIOTYBQAyZjwH0SwBIF1
+ ugSZgQcb3vQABL+Bpf0FOIDwLnVsL4nySDkZgYXX3azYFnAXf6H4Z//RcFQNSyC/Efrm
+ 8k0KwXBhQLbrToqcDcey9ALNOCsFJpwI/P4W0OnTsQADcHhCodY5jegZAsQoaAa4lg14
+ 4QGgHCJoAgfBwIbAfQ8gBabxHIfYjIeAcqLYdoehRwFQHYFxHIdqTQb4BBGqEZHyK5uI
+ AgeAwYA4DJFYfICB5ABS7jigbzHoBYBYlCIQ8obLoQDIEjCACYp4C4Bo4QbyI6wIfbHo
+ kwjIfwfYwp6RPYDIHIHZvAfB0IaQcjjIlqPwmwcaDYAYEIzIeQALwYDzIIhAdDjweojs
+ LDL4cwbR7w14cwAItwFS8L1MKhvYDZFcFiniXqX7PKC7Pbgz7ThD6qBL+JbKagtyfYuY
+ uIuQe5HCgyiahRkw3plI+5cj5YjKbzR5l5eJbxeiihf7R5forQuAegeAuAexb6hCfIe5
+ kasxdpjagJgJgadpgzRSgIlgugoRfEUhlgfYhSgyhCegn5SpPgfhkBcQuxmQdQjKg6fK
+ zQhAAiWKiorCe76YrLhcP77LPsQj7qDEQpbCEKEYAAagf5TQAw3rxQDgmIdAbpOgCgAw
+ lgBQEJ5DE4igdAfogTK4yJIgjIcQbhRQBYBpFcHUehGC14dohQdQeIoRFwmMfxFD87QY
+ eADIGyMQBJwIZIYpsBvBGpFwiIcT/4jwFQlAfoCBGoCauwAAZ4aBW7rCngGIEgzIcwbi
+ TQdQmbooGkip8iLYZIbIjIAwfJU8mAzIdgcIaTswEI04AgfwlDeAnAcbIzb4AAG4FSHw
+ fAfRwIeoBAzIe4fQ14CYCI4QbAZJsABTDAD4FpLYCICo8goj6sbK5ylq6AqK6Q4SD4AM
+ vCACAT7gpoEKHwdQd5HAdweIyIC4DB8gkQhQnYnpPkW4vQvIeQeBU4CQBQmwhJDYAwCh
+ TQCCp4t6b4vQAIgTDwlguxU6/pHKewm4BQzLfog4ewdycg6oukaLXAhQBMykRZcZepBo
+ 4E2QlQlkTCyghQBYCyH036nodwyIiI4U484I7pU4lis0WweZTwlo14iAlgAgk0RcZxcs
+ YxPgdwx4mQmYBQCingBACAoUtzgi5b0cQEbb5U+L+R+gDpIocQeQjqWQzgxbdhHAAsZ4
+ BIyhLo3swBHCyR8gv4xgcQwoAJb7f7fIywcwzAzQxL8Y79BYlICw+Rds2Y6MZY9ABxdw
+ +4471ofQhQBAED9xjr+ocwuDzh8I8Y3jV4d5eoBgDQ3Q1LU0qQ1oiL5whETic4uNHs1I
+ dQc0Rwlo644w9wyAB4joe4/YAADwBJHDdomywYhQBrgBg0bD66lc+E+VMBCxbanlIwuA
+ dAb5PYBQDENwaBRR1p15Igm4eboQaoeJIoBYfzjLDBHg2gCx5ADzzZPBJAqAex8gBcX4
+ mxO4AofRDY4TQYAIDYp4CQApOgawapsE/A3RDJHZHojxrj1oCpLYzIigZwaZPbWhIrWY
+ lhQZOgdAd6ywEwFgksA5/oarq4dIdYyJVIlAfgepFAfQBZD4cIe7JIDBU4c1NpvACwlA
+ BQBc7JVgvUXz1IAwtwEAAZHAagaokgEoER5ADdQLzpYEt9Lr0kuVMNc4s5bZbofBb6f8
+ aw3ia4BBkot4kjUKdFHxeI3oe8XBdDcT5gvLR5e1d4tJgFGhew+1eBeZSwoCcQrQeia4
+ oLcRcZhIhBhhez54rYfhiCBxHAiI+xfJfcURf9jYuUYxdwuVh8SdeYtUbrgaCk970tdF
+ mVlgowEriYa5fQAAZoaRRwHAF5U4ZwZZPYHKSadc7Yf4fAwoblgwbocp8gGaGSOoclBh
+ FRpJstOQ94Z4dDGFJ5p4CxuJzogwcgYYWSOoFoHh8KnoABo4ijTYtzRJVgchW4CRqDsw
+ CCJoB4fCLYaDq4mgfozIFTfIeofROg/YlABc1ZcYx4YwZAvoCRuIDpSipLEADowBG4yI
+ 6qswcpu4cAe5uIEdyVShIwB5FcwjwAfY3ocAbUETQhvBvQCgDrz0PpnNclmFc1md3D6k
+ 9l3N3l3tdFLiYlL1mN3135+j+gaaFIm4eIjIDAEA18sboUswjoFAGKpwvRUgdiFQyAmI
+ BzVMh6dZUgm4ELt4EgA5RQdErQwgcaNAEg3RJB0IeoeqLYfgEgISMQAo84dIeA3oe0L7
+ xSmwhAdh0IAQBwlgfEkxvF8IXoZjHp5xFYB4B4gQekoxwUYYDQGVtAC8lIZ95B8KK5vG
+ CIt4fQ84AjOYm4BKHwlYkkdg5ABZIuCBm0rCnoexOgdIASw4FADYll6C2QgV6i4wCMtt
+ lr614Ncr7d4lmUQ5WYigcAdxD5K4lCtoiidhkCvsT5PidUroyKewmM04ed/qdc8xHIf5
+ HAexi7QgfY4ShAzLd4uU14hDd75YlgeSqqko6l7kYKWReqjUBwr4yIBqdkB4hU4JtSj4
+ CIzIpQibQYeQdrAIC4iKew4EYIeQjidaswkQ84CYCYgxSwhU7RmwhIvQl81CH4dw4QBq
+ QQBOK1g4oeIcuDg+JF3inQDpFYbk5MRZU4ngmK2BwIDABeRYDLmtawiisomIcgcgjMeY
+ gyoB4weoAooQDoEDZwfgx+JogQkF7gAoiIeQchMIc4f5Fay6w78Yn4cAbBW4ewf4lCOY
+ zJ4pW4A9ZxIwEKug8iu4b7HoDACZFbeCrTr57yHzRAgxU6zaxhJBqQCgE5Gof4dqLYhg
+ lgB6Do9AuSoBFA7ufZmpPgdMNiqYmwfACZMgBxOIayR4fQuADAGCw5foiK5N3dly5kbV
+ 4eWM+RbaH1gxaQcjQc1YmLMBepxJewECJo+whQdgfCFQ6p8gAgfRR08BPGjACuPIBU6D
+ Jwagbg4TFwiIe4c7q4B4Eh8A4omwn6iYfBFAchwKdZgzD7H4BQlgAYDBTSdjFAcBwIeA
+ dQyIEFKT5Yn4dgdWioEIFsixPYbIdEm4d5QYDYDJU4CICYzIeYdobxQAAzwYB4BCWIeg
+ wYbocGu2vCjAf+EOSj2ABAmweJwAumEwCIj4ujO6YFceIt22I+mVMGWZIodQeYgRELRs
+ Sqfebjq4AtFI3acgitIoljVg1IcSLYdgfRO8pIwEA43qkgdweVCozzV4c1wawMpKxD5j
+ YgfYzgoQwjdo4YC0SGSA3jaCigiYkt9qJ252PabdAagOrEVg1Bkoz7egB2gW901Id6a8
+ T9ftH6bqtqnrdJ8Jh1Iokk/+sNAV3SZGV8QO2FmZAADAyIZzU6OoegyIxSFRExFAEBK5
+ aoEZIoeYdRu4b4BjmoFBmwduwZH475QG5NGBIof4fhPZQLHrHYmzqNuIoweV7QDIGbt4
+ CaqAZgcIyIDgCYlBSxUDoJPAA43oAwFEKAEQDLrwaaTQcgcojIEpVRVh84eZQYDQFFWV
+ SZPYagcA4QDQBb2ExtVgoBFeovJDXDL5RQg5FYgQn4eosW0pOgckcrwjsq0hI0eCg1OI
+ A5912c9r7EuO1/B75Ub/RnR/SCCOV12umF2/SKlxDBqIAAXQebxI8iFTAQmwcQaQkgFw
+ HiuhvieXS/Vd4u1jgl4XS3Vkbx+gtqgL5afY+YnyIGSydtkXWXX+2PSe1vSvRfYEbkQf
+ Y3ZOmV4HV+I3ZSaS6J/cu3Z/amJEvAyKAIFF2nYfaQE/aXavcHcPcR/Pa8vXbRAoE/dJ
+ 8HcfdndvdxZwgIAAAA8BAAADAAAAAQBbAAABAQADAAAAAQBnAAABAgADAAAABAAAKWoB
+ AwADAAAAAQAFAAABBgADAAAAAQACAAABEQAEAAAAAQAAAAgBEgADAAAAAQABAAABFQAD
+ AAAAAQAEAAABFgADAAAAAQBnAAABFwAEAAAAAQAAKKcBHAADAAAAAQABAAABPQADAAAA
+ AQACAAABUgADAAAAAQABAAABUwADAAAABAAAKXKHcwAHAAAZ7AAAKXoAAAAAAAgACAAI
+ AAgAAQABAAEAAQAAGexhcHBsAhAAAG1udHJSR0IgWFlaIAfaAAcAFAAUABAAG2Fjc3BB
+ UFBMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD21gABAAAAANMtYXBwbAAAAAAAAAAA
+ AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEWRlc2MAAAFQAAAA
+ YmRzY20AAAG0AAACQmNwcnQAAAP4AAAA0Hd0cHQAAATIAAAAFHJYWVoAAATcAAAAFGdY
+ WVoAAATwAAAAFGJYWVoAAAUEAAAAFHJUUkMAAAUYAAAIDGFhcmcAAA0kAAAAIHZjZ3QA
+ AA1EAAAGEm5kaW4AABNYAAAGPmNoYWQAABmYAAAALG1tb2QAABnEAAAAKGJUUkMAAAUY
+ AAAIDGdUUkMAAAUYAAAIDGFhYmcAAA0kAAAAIGFhZ2cAAA0kAAAAIGRlc2MAAAAAAAAA
+ CERpc3BsYXkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+ AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABtbHVjAAAAAAAAABIA
+ AAAMbmxOTAAAABYAAADoZGFESwAAABwAAAD+cGxQTAAAABIAAAEaZW5VUwAAABIAAAEs
+ bmJOTwAAABIAAAE+ZnJGUgAAABYAAAFQcHRCUgAAABgAAAFmcHRQVAAAABYAAAF+emhD
+ TgAAAAwAAAGUZXNFUwAAABIAAAGgamFKUAAAAA4AAAGycnVSVQAAACQAAAHAc3ZTRQAA
+ ABAAAAHkemhUVwAAAA4AAAH0ZGVERQAAABAAAAICZmlGSQAAABAAAAISaXRJVAAAABQA
+ AAIia29LUgAAAAwAAAI2AEsAbABlAHUAcgBlAG4ALQBMAEMARABMAEMARAAtAGYAYQBy
+ AHYAZQBzAGsA5gByAG0ASwBvAGwAbwByACAATABDAEQAQwBvAGwAbwByACAATABDAEQA
+ RgBhAHIAZwBlAC0ATABDAEQATABDAEQAIABjAG8AdQBsAGUAdQByAEwAQwBEACAAQwBv
+ AGwAbwByAGkAZABvAEwAQwBEACAAYQAgAEMAbwByAGUAc19pgnIAIABMAEMARABMAEMA
+ RAAgAGMAbwBsAG8AcjCrMOkw/AAgAEwAQwBEBCYEMgQ1BEIEPQQ+BDkAIAQWBBoALQQ0
+ BDgEQQQ/BDsENQQ5AEYA5AByAGcALQBMAEMARF9pgnJtsmZ2mG95OlZoAEYAYQByAGIA
+ LQBMAEMARABWAOQAcgBpAC0ATABDAEQATABDAEQAIABjAG8AbABvAHIAac7st+wAIABM
+ AEMARAAAdGV4dAAAAABDb3B5cmlnaHQgQXBwbGUsIEluYy4sIDIwMTAAAAAAAAAAAAAA
+ AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+ AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+ AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+ AAAAAAAAAAAAAFhZWiAAAAAAAADzUgABAAAAARbPWFlaIAAAAAAAAG+yAAA6tAAAAk5Y
+ WVogAAAAAAAAYwcAALUjAAARS1hZWiAAAAAAAAAkHgAAECkAAL+UY3VydgAAAAAAAAQA
+ AAAABQAKAA8AFAAZAB4AIwAoAC0AMgA2ADsAQABFAEoATwBUAFkAXgBjAGgAbQByAHcA
+ fACBAIYAiwCQAJUAmgCfAKMAqACtALIAtwC8AMEAxgDLANAA1QDbAOAA5QDrAPAA9gD7
+ AQEBBwENARMBGQEfASUBKwEyATgBPgFFAUwBUgFZAWABZwFuAXUBfAGDAYsBkgGaAaEB
+ qQGxAbkBwQHJAdEB2QHhAekB8gH6AgMCDAIUAh0CJgIvAjgCQQJLAlQCXQJnAnECegKE
+ Ao4CmAKiAqwCtgLBAssC1QLgAusC9QMAAwsDFgMhAy0DOANDA08DWgNmA3IDfgOKA5YD
+ ogOuA7oDxwPTA+AD7AP5BAYEEwQgBC0EOwRIBFUEYwRxBH4EjASaBKgEtgTEBNME4QTw
+ BP4FDQUcBSsFOgVJBVgFZwV3BYYFlgWmBbUFxQXVBeUF9gYGBhYGJwY3BkgGWQZqBnsG
+ jAadBq8GwAbRBuMG9QcHBxkHKwc9B08HYQd0B4YHmQesB78H0gflB/gICwgfCDIIRgha
+ CG4IggiWCKoIvgjSCOcI+wkQCSUJOglPCWQJeQmPCaQJugnPCeUJ+woRCicKPQpUCmoK
+ gQqYCq4KxQrcCvMLCwsiCzkLUQtpC4ALmAuwC8gL4Qv5DBIMKgxDDFwMdQyODKcMwAzZ
+ DPMNDQ0mDUANWg10DY4NqQ3DDd4N+A4TDi4OSQ5kDn8Omw62DtIO7g8JDyUPQQ9eD3oP
+ lg+zD88P7BAJECYQQxBhEH4QmxC5ENcQ9RETETERTxFtEYwRqhHJEegSBxImEkUSZBKE
+ EqMSwxLjEwMTIxNDE2MTgxOkE8UT5RQGFCcUSRRqFIsUrRTOFPAVEhU0FVYVeBWbFb0V
+ 4BYDFiYWSRZsFo8WshbWFvoXHRdBF2UXiReuF9IX9xgbGEAYZRiKGK8Y1Rj6GSAZRRlr
+ GZEZtxndGgQaKhpRGncanhrFGuwbFBs7G2MbihuyG9ocAhwqHFIcexyjHMwc9R0eHUcd
+ cB2ZHcMd7B4WHkAeah6UHr4e6R8THz4faR+UH78f6iAVIEEgbCCYIMQg8CEcIUghdSGh
+ Ic4h+yInIlUigiKvIt0jCiM4I2YjlCPCI/AkHyRNJHwkqyTaJQklOCVoJZclxyX3Jicm
+ VyaHJrcm6CcYJ0kneierJ9woDSg/KHEooijUKQYpOClrKZ0p0CoCKjUqaCqbKs8rAis2
+ K2krnSvRLAUsOSxuLKIs1y0MLUEtdi2rLeEuFi5MLoIuty7uLyQvWi+RL8cv/jA1MGww
+ pDDbMRIxSjGCMbox8jIqMmMymzLUMw0zRjN/M7gz8TQrNGU0njTYNRM1TTWHNcI1/TY3
+ NnI2rjbpNyQ3YDecN9c4FDhQOIw4yDkFOUI5fzm8Ofk6Njp0OrI67zstO2s7qjvoPCc8
+ ZTykPOM9Ij1hPaE94D4gPmA+oD7gPyE/YT+iP+JAI0BkQKZA50EpQWpBrEHuQjBCckK1
+ QvdDOkN9Q8BEA0RHRIpEzkUSRVVFmkXeRiJGZ0arRvBHNUd7R8BIBUhLSJFI10kdSWNJ
+ qUnwSjdKfUrESwxLU0uaS+JMKkxyTLpNAk1KTZNN3E4lTm5Ot08AT0lPk0/dUCdQcVC7
+ UQZRUFGbUeZSMVJ8UsdTE1NfU6pT9lRCVI9U21UoVXVVwlYPVlxWqVb3V0RXklfgWC9Y
+ fVjLWRpZaVm4WgdaVlqmWvVbRVuVW+VcNVyGXNZdJ114XcleGl5sXr1fD19hX7NgBWBX
+ YKpg/GFPYaJh9WJJYpxi8GNDY5dj62RAZJRk6WU9ZZJl52Y9ZpJm6Gc9Z5Nn6Wg/aJZo
+ 7GlDaZpp8WpIap9q92tPa6dr/2xXbK9tCG1gbbluEm5rbsRvHm94b9FwK3CGcOBxOnGV
+ cfByS3KmcwFzXXO4dBR0cHTMdSh1hXXhdj52m3b4d1Z3s3gReG54zHkqeYl553pGeqV7
+ BHtje8J8IXyBfOF9QX2hfgF+Yn7CfyN/hH/lgEeAqIEKgWuBzYIwgpKC9INXg7qEHYSA
+ hOOFR4Wrhg6GcobXhzuHn4gEiGmIzokziZmJ/opkisqLMIuWi/yMY4zKjTGNmI3/jmaO
+ zo82j56QBpBukNaRP5GokhGSepLjk02TtpQglIqU9JVflcmWNJaflwqXdZfgmEyYuJkk
+ mZCZ/JpomtWbQpuvnByciZz3nWSd0p5Anq6fHZ+Ln/qgaaDYoUehtqImopajBqN2o+ak
+ VqTHpTilqaYapoum/adup+CoUqjEqTepqaocqo+rAqt1q+msXKzQrUStuK4trqGvFq+L
+ sACwdbDqsWCx1rJLssKzOLOutCW0nLUTtYq2AbZ5tvC3aLfguFm40blKucK6O7q1uy67
+ p7whvJu9Fb2Pvgq+hL7/v3q/9cBwwOzBZ8Hjwl/C28NYw9TEUcTOxUvFyMZGxsPHQce/
+ yD3IvMk6ybnKOMq3yzbLtsw1zLXNNc21zjbOts83z7jQOdC60TzRvtI/0sHTRNPG1EnU
+ y9VO1dHWVdbY11zX4Nhk2OjZbNnx2nba+9uA3AXcit0Q3ZbeHN6i3ynfr+A24L3hROHM
+ 4lPi2+Nj4+vkc+T85YTmDeaW5x/nqegy6LzpRunQ6lvq5etw6/vshu0R7ZzuKO6070Dv
+ zPBY8OXxcvH/8ozzGfOn9DT0wvVQ9d72bfb794r4Gfio+Tj5x/pX+uf7d/wH/Jj9Kf26
+ /kv+3P9t//9wYXJhAAAAAAADAAAAAmZmAADypwAADVkAABPQAAAKwHZjZ3QAAAAAAAAA
+ AAADAQAAAgAAAAwAOACJAQEBTgGvAh4CjQMNA5MEJwTIBXQGLAbuB8AIowmQCoULhQyU
+ DacO1xAZEWUSsxQBFVkWsRgKGVkaqBvuHSceTx9qIHYheSJ/I4kkkyWbJqInpiilKaUq
+ oCuZLJAthy5/L3kwdjF2MnwzeDRaNS82BTbdN7U4jjlpOkY7JDwCPOI9wj6jP4VAakFU
+ Qj5DK0QZRQlF/EbvR+dI30nbSthL1kzWTdhO10/UUNNR0lLSU9RU2FXdVuRX61jzWf5b
+ CVwRXRFeEF8QYBBhEmIUYxhkHGUiZihnMGg6aU1qdGudbMRt6m8PcDRxVXJ2c5N0r3XJ
+ duJ3+3kUeix7RnxffXl+k3+tgMaB34L4hBGFKoZCh1mIcomNiquLzIzyjhyPTJB+kbSS
+ 7JQnlV+Wk5fFmPeaKZtZnIidt57loBKhP6Jro42kpaW+pten8qkNqiqrSKxnrYeuqa/L
+ sO+yF7M/tGa1i7aut8647LoIuyG8OL1Ovla/UsBNwUnCRMNAxDzFOMYzxy/IK8kdyfzK
+ 1suvzIbNW84uzv/PztCa0WbSMtMA09rUttWT1nDXT9gw2RHZ89rW27rcoN2G3m3fVOA7
+ 4SHiB+Ls49DktOWY5nznXeg86Rvp+erW67Psj+1r7kbvIe//8P7yJ/NZ9JX13Pcy+JP5
+ //t1/PP+d///AAAABQAVADIAXwCbAOgBNQGJAewCWALSA10D+QSeBVEGEwbkB70IpQmb
+ CpYLnAzDDfoPPBB/EcQTAxQ/FXsWrhffGRQaOxtjHIcdpx7HH+Ig7iHmItQjvSSlJYwm
+ cCdOKCco/CnOKpwrZywyLPktwC6GL00wHzD3Mc8ypjN7NEw1GjXkNqs3cDgyOPI5sDpz
+ Oz88FTzyPdQ+uD+cQH9BXkI4QwpD0USORUFF8Ea/R6xInUmSSopLh0yHTYpOkE+YUJ9R
+ p1KuU6RUe1VOViJW+FfTWLRZnFqNW4lcjV2ZXq1fuWCxYahioWOZZJJljGaGZ4FofGl3
+ anNrcGxubWxuam9pcGlxaXJqc2x0b3VydnV3eXh9eYJ6h3uNfJR9nX6nf7OAwYHQguKD
+ 9YUJhh6HNohQiWuKhouhjL2N2Y71kBKRL5JNk2qUgpWVlqmXvJjRmeWa+5wRnSieP59X
+ oHChiaKpo8ik6KYJpymoSqlrqoyrrazPrfCvErA0sVWydbOVtLO10bbtuAe5Ibo6u1G8
+ Yr1xvoC/j8CbwafCscO6xMHFyMbOx9PIyMm+yrTLrMymzaDOnM+Z0JjRl9Kb06jUuNXI
+ 1tnX6tj72g3bH9wx3UTeV99y4JfhwOLp5BPlP+Zs55nox+n16yTsXu2q7wrwhfIZ88z1
+ nveK+Y77pf3M//8AAAAFABkAPABxALgBDAFOAZwB9wJYAsUDQwPUBHIFIAXqBrwHqQi1
+ CdUK9AwUDS0OVA96EJ0RvhLfFAQVKhZLF2cYexl/Gnsbehx6HXUebR9iIFEhOyIcIvYj
+ wiR+JS8l3iaLJzgn4SiGKSopxipiKvwrlCwsLMctYy4ALpwvOi/VMHAxDTGpMkYy4jOC
+ NCU00zWDNjI24TeROEE48DmfOlA7ADutPFs9CT25Pmk/Gz/PQIVBPUH1Qq9DbEQrROpF
+ qUZoRyhH50imSWVKJUrkS6NMYU0eTd1Onk9hUCRQ6lGxUnpTRVQTVOFVsFZ+V01YG1jq
+ WblaiFtXXCVc9F3EXpZfamA/YRdh8GLLY6dkhmVlZkRnJGgDaOJpwWqga39sXm05bhRu
+ 72/McKpxinJrc010L3UTdfd22ne8eJ15fHpaezZ8EXzvfdp+1X/RgM2By4LIg8eEx4XH
+ hseHxojDicKKw4vHjM2N1o7gj+uQ9ZH6kvuT+ZT0leuW3pfPmL6ZtZrQm+udBp4jnz+g
+ XKF5opajtKTMpeKm+qgVqTOqVKt4rJ6txq7rsBKxOLJfs4a0rrXWtv64J7lSun67qrzX
+ vgS/M8BhwZDCwMPsxRTGOcddyH7JnMq3y9HM8s5Kz6XRBtJs09nVT9bM2FDZ3dwf3rTh
+ w+Vy6dHuy/Q8+f7//wAAbmRpbgAAAAAAAAY2AACjyQAAVzEAAFAaAACd8wAAJPAAAA9v
+ AABQDQAAVDkAAiPXAAHKPQABUesAAwEAAAIAAAAHABYAKQA+AFQAawCDAJsAswDMAOYB
+ AAEaATYBTwFpAYMBngG6AdcB9AISAjECUQJzApUCugLgAwkDNQNkA5cDzwQIBEIEfQS6
+ BPoFOwWABccGEAZdBqwG/gdRB6YH/AhTCKoJAglqCdwKUArGCz8LuQw1DLMNMw21DjoO
+ wA9ID88QWBDiEW4R+hKIExcTphQ3FMgVWxXvFoQXGhe3GFQY8xmUGjYa2Rt9HCIcyR1x
+ HhsexR9xICMg3SGXIlQjEiPSJJMlViYaJt8npihuKTcp+SqxK2osJSzjLaQuZi8rL/Qw
+ vzGOMl8zNDQMNOY1wjagN4A4YTlEOik7Dzv4POM90D6/P7BApEGZQpFDjESHRYJGfUd3
+ SHBJZ0pcS1BMRE03TipPHVARUQpSB1MHVAlVDFYSVxtYJlkzWkNbVVxpXX9el1++YO9i
+ IWNUZIhlvmb0aCppYmqaa9RtDm5Jb4Zwv3H5czd0d3W7dwN4UHmhevd8UX2xfxSAeoID
+ g5SFKIa+iFaJ8IuNjS6O0JB1khyT+ZXql+CZ3pvnnfmgGKJApG+moqi0qsSs1a7nsPiz
+ CrUdtzC5RLtYvWy/g8Gew73F4cgKyjjMa86h0NrTIdVv18LaGtx23tjhP+Os5hzoO+oN
+ 69ftlu9K8PPykPQl9bH3Nvi2+jH7p/0c/o7//wAAABMALABGAF8AeQCTAK0AyADjAP4B
+ GwE3AVEBbAGHAaMBwAHeAf4CHwJBAmUCiwKyAtoDBQMxA18DjwPBA/QEKgRlBKcE7QU3
+ BYMF0gYmBn8G3Ac+B6YIEQiBCPUJbQnhClQKygtEC8QMSQzUDWUN/Q6aDzwP1xBtEQAR
+ kxIoEsATXRQCFLAVbhZCFx8XxhhuGRQZuxphGwcbrRxTHPodox5OHvsfqyCDIWUiSCMr
+ JAsk5SW6JognUSgWKNgpmCpyK1AsLy0RLfUu2i/BMKoxlTKDM3I0YzVVNkk3QDg4OTE6
+ LTsqPCk9KT4rPy9ANUE9QkZDUkReRWxGe0eLSJtJq0q8S81M3k3xTwRQGVEsUkBTVlRt
+ VYZWoVe9WNtZ+1scXD9dZF6KX7pg8GIoY2JknGXaZxdoV2mXatpsHm1ibqlv8XEzcnhz
+ vnUGdlB3m3joejd7iHzbfi9/hYDdgjaDk4TyhlOHuIkgiouL+o1tjuKQW5HWk1uU6JZ4
+ mAqZoJs7nNqefaAlodKjgaU1puuowqqbrHSuTrAnsgGz27W1t5C5bLtAvQS+ysCSwlvE
+ J8X0x8LJk8tmzTnPD9Dm0qfUYtYe19rZl9tU3RLe0OCQ4lHkFOXY55fpPurY7GHt2O8+
+ 8Jfx4vMe9FD1e/ac97b4zfnc+un78vz4/fz+/v//AAAAEAArAEgAYwB+AJcAsQDJAOAA
+ 9wEQASoBRgFiAX8BngG+AeACAwInAkwCcwKcAscC9gMqA18DlQPOBAoESASKBNAFGwVr
+ BcUGLwaeBxMHjggTCKIJOgnZCnoLHwvJDHoNMA3rDqsPaRAeENgRlhJYEx8T6hS5FZEW
+ axdIGCcZBxnoGswbsByUHXweaB9XIEshQyI+Iz0kQyVNJlgnZChxKX8qjiudLKstvC7R
+ L+kxBTIkM0Y0bDWXNsM38DkeOkw7ejyoPdc/BkA3QWpCoUPbRRhGWEecSONKNEuHTNxO
+ Mk+IUN9SN1OSVO1WTVexWRpailv/XXte/GB1YcpjImR6ZdRnMGiNaetrS2ytbhNvf3Dr
+ clZzwXUqdpN3+3lles98Qn2/f0KAzIJgg/2Fo4dQiPiKZovWjUiOupAvkaWTHZSXlhOX
+ j5kWmqKcLp25n0KgyaJPo9SlWKbbqGSp7qt6rQaulrAmsbizS7Tgtna4Dbmjuzu81L5u
+ wAnBpcNDxOLGgsgkycvLe80vzujQptJq1DXWBtfc2bLbNty53jrfueE14q3kIeWQ5vro
+ YunH6yrshu187m7vTfAm8Orxr/JZ8wLzpPQ19Mb1VfXU9lP20vdK9734L/ii+Q/5efni
+ +kz6tPsY+3374fxF/Kf9CP1o/cn+Kv6H/uX/Q/+h//8AAHNmMzIAAAAAAAEMQgAABd7/
+ //MmAAAHkgAA/ZH///ui///9owAAA9wAAMBsbW1vZAAAAAAAAAYQAACc0AAAAADHYt+h
+ AAAAAAAAAAAAAAAAAAAAAA==
+ </data>
+ <key>ReadOnly</key>
+ <string>NO</string>
+ <key>RowAlign</key>
+ <integer>1</integer>
+ <key>RowSpacing</key>
+ <real>36</real>
+ <key>SheetTitle</key>
+ <string>Canvas 1</string>
+ <key>SmartAlignmentGuidesActive</key>
+ <string>YES</string>
+ <key>SmartDistanceGuidesActive</key>
+ <string>YES</string>
+ <key>UniqueID</key>
+ <integer>1</integer>
+ <key>UseEntirePage</key>
+ <false/>
+ <key>VPages</key>
+ <integer>1</integer>
+ <key>WindowInfo</key>
+ <dict>
+ <key>CurrentSheet</key>
+ <integer>0</integer>
+ <key>ExpandedCanvases</key>
+ <array>
+ <dict>
+ <key>name</key>
+ <string>Canvas 1</string>
+ </dict>
+ </array>
+ <key>Frame</key>
+ <string>{{691, 169}, {842, 932}}</string>
+ <key>ListView</key>
+ <true/>
+ <key>OutlineWidth</key>
+ <integer>142</integer>
+ <key>RightSidebar</key>
+ <false/>
+ <key>ShowRuler</key>
+ <true/>
+ <key>Sidebar</key>
+ <true/>
+ <key>SidebarWidth</key>
+ <integer>120</integer>
+ <key>VisibleRegion</key>
+ <string>{{-81, -5.00002}, {721.429, 793.878}}</string>
+ <key>Zoom</key>
+ <real>0.98000001907348633</real>
+ <key>ZoomValues</key>
+ <array>
+ <array>
+ <string>Canvas 1</string>
+ <real>0.98000001907348633</real>
+ <real>0.99000000953674316</real>
+ </array>
+ </array>
+ </dict>
+ <key>saveQuickLookFiles</key>
+ <string>YES</string>
+</dict>
+</plist>
Binary file spec/img/WebIdGraph.jpg has changed
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/spec/index-respec.html Wed Feb 02 17:27:40 2011 -0500
@@ -0,0 +1,966 @@
+<?xml version='1.0' encoding='UTF-8'?>
+<!DOCTYPE html>
+<html>
+ <head>
+ <title>WebID 1.0</title>
+ <meta http-equiv='Content-Type' content='text/html;charset=utf-8'/>
+ <!--
+ === NOTA BENE ===
+ For the three scripts below, if your spec resides on dev.w3 you can check them
+ out in the same tree and use relative links so that they'll work offline,
+ -->
+<style type='text/css'>
+code { font-family: monospace; }
+
+span.hilite { color: red; /* font-weight: bold */ }
+
+li p { margin-top: 0.3em;
+ margin-bottom: 0.3em; }
+
+div.explanation { background-color: #ADD8E6;
+ width: 80%;
+ margin: 12px; padding: 8px; }
+div.explanation li { margin-top: 8px; }
+div.explanation dd { margin: 4px; }
+
+.adef {
+ font-family: monospace;
+ font-weight: bold;
+ color: #ff4500 !important;
+}
+
+.aref {
+ font-family: monospace;
+ font-weight: bold;
+ color: #ff4500 !important;
+}
+
+span.entity { color: red; }
+
+span.element { color: green; }
+</style>
+
+ <script src='http://dev.w3.org/2009/dap/ReSpec.js/js/respec.js' class='remove'></script>
+<!-- <script src='/ReSpec.js/js/respec.js' class='remove'></script> -->
+ <script class='remove'>
+ var preProc = {
+ apply: function(c) {
+ // process the document before anything else is done
+ var refs = document.querySelectorAll('adef') ;
+ for (var i = 0; i < refs.length; i++) {
+ var item = refs[i];
+ var p = item.parentNode ;
+ var con = item.innerHTML ;
+ var sp = document.createElement( 'dfn' ) ;
+ var tit = item.getAttribute('title') ;
+ if (!tit) {
+ tit = con;
+ }
+ sp.className = 'adef' ;
+ sp.title=tit ;
+ sp.innerHTML = con ;
+ p.replaceChild(sp, item) ;
+ }
+ refs = document.querySelectorAll('aref') ;
+ for (var i = 0; i < refs.length; i++) {
+ var item = refs[i];
+ var p = item.parentNode ;
+ var con = item.innerHTML ;
+ var sp = document.createElement( 'a' ) ;
+ sp.className = 'aref' ;
+ sp.setAttribute('title', con);
+ sp.innerHTML = '@'+con ;
+ p.replaceChild(sp, item) ;
+ }
+ // local datatype references
+ refs = document.querySelectorAll('ldtref') ;
+ for (var i = 0; i < refs.length; i++) {
+ var item = refs[i];
+ if (!item) continue ;
+ var p = item.parentNode ;
+ var con = item.innerHTML ;
+ var ref = item.getAttribute('title') ;
+ if (!ref) {
+ ref = item.textContent ;
+ }
+ if (ref) {
+ ref = ref.replace(/\n/g, '_') ;
+ ref = ref.replace(/\s+/g, '_') ;
+ }
+ var sp = document.createElement( 'a' ) ;
+ sp.className = 'datatype';
+ sp.title = ref ;
+ sp.innerHTML = con ;
+ p.replaceChild(sp, item) ;
+ }
+ // external datatype references
+ refs = document.querySelectorAll('dtref') ;
+ for (var i = 0; i < refs.length; i++) {
+ var item = refs[i];
+ if (!item) continue ;
+ var p = item.parentNode ;
+ var con = item.innerHTML ;
+ var ref = item.getAttribute('title') ;
+ if (!ref) {
+ ref = item.textContent ;
+ }
+ if (ref) {
+ ref = ref.replace(/\n/g, '_') ;
+ ref = ref.replace(/\s+/g, '_') ;
+ }
+ var sp = document.createElement( 'a' ) ;
+ sp.className = 'externalDFN';
+ sp.title = ref ;
+ sp.innerHTML = con ;
+ p.replaceChild(sp, item) ;
+ }
+ // now do terms
+ refs = document.querySelectorAll('tdef') ;
+ for (var i = 0; i < refs.length; i++) {
+ var item = refs[i];
+ if (!item) continue ;
+ var p = item.parentNode ;
+ var con = item.innerHTML ;
+ var ref = item.getAttribute('title') ;
+ if (!ref) {
+ ref = item.textContent ;
+ }
+ if (ref) {
+ ref = ref.replace(/\n/g, '_') ;
+ ref = ref.replace(/\s+/g, '_') ;
+ }
+ var sp = document.createElement( 'dfn' ) ;
+ sp.title = ref ;
+ sp.innerHTML = con ;
+ p.replaceChild(sp, item) ;
+ }
+ // now term references
+ refs = document.querySelectorAll('tref') ;
+ for (var i = 0; i < refs.length; i++) {
+ var item = refs[i];
+ if (!item) continue ;
+ var p = item.parentNode ;
+ var con = item.innerHTML ;
+ var ref = item.getAttribute('title') ;
+ if (!ref) {
+ ref = item.textContent ;
+ }
+ if (ref) {
+ ref = ref.replace(/\n/g, '_') ;
+ ref = ref.replace(/\s+/g, '_') ;
+ }
+
+ var sp = document.createElement( 'a' ) ;
+ var id = item.textContent ;
+ sp.className = 'tref' ;
+ sp.title = ref ;
+ sp.innerHTML = con ;
+ p.replaceChild(sp, item) ;
+ }
+ }
+ } ;
+
+
+ var respecConfig = {
+ // specification status (e.g. WD, LCWD, NOTE, etc.). If in doubt use ED.
+ // embed RDFa data in the output
+ doRDFa: true,
+ specStatus: "unofficial",
+ //publishDate: "2010-07-05",
+ diffTool: "http://www3.aptest.com/standards/htmldiff/htmldiff.pl",
+
+ // the specifications short name, as in http://www.w3.org/TR/short-name/
+ shortName: "webid",
+ subtitle: "Web Identification and Discovery",
+
+ // if you wish the publication date to be other than today, set this
+ // publishDate: "2009-08-06",
+ copyrightStart: "2010",
+
+ // if there is a previously published draft, uncomment this and set its YYYY-MM-DD date
+ // and its maturity status
+ previousPublishDate: "2010-07-25",
+ previousMaturity: "ED",
+ previousURI: "http://payswarm.com/webid/drafts/ED-webid-20100725/",
+
+
+ // if there a publicly available Editors Draft, this is the link
+ edDraftURI: "http://payswarm.com/webid/",
+
+ // if this is a LCWD, uncomment and set the end of its review period
+ // lcEnd: "2009-08-05",
+
+ // if you want to have extra CSS, append them to this list
+ // it is recommended that the respec.css stylesheet be kept
+ extraCSS: ['http://dev.w3.org/2009/dap/ReSpec.js/css/respec.css'],
+
+ // editors, add as many as you like
+ // only "name" is required
+ editors: [
+ { name: "Manu Sporny", mailto:"msporny@digitalbazaar.com",
+ company: "Digital Bazaar, Inc.", companyURL: "http://blog.digitalbazaar.com/" },
+ { name: "Stéphane Corlosquet", mailto:"scorlosquet@gmail.com",
+ company: "Massachusetts General Hospital", companyURL: "http://massgeneral.org/" }
+ ],
+
+ // authors, add as many as you like.
+ // This is optional, uncomment if you have authors as well as editors.
+ // only "name" is required. Same format as editors.
+
+ authors: [
+ { name: "Toby Inkster", url: "http://tobyinkster.co.uk/" },
+ { name: "Henry Story", url: "http://bblfish.net/" },
+ { name: "Bruno Harbulot", url: "http://blog.distributedmatter.net/" },
+ { name: "Reto Bachmann-Gmür", url: "http://trialox.org/" }
+ ],
+
+// errata: 'http://www.w3.org/MarkUp/2008/REC-rdfa-syntax-20081014-errata',
+
+ // name of the WG
+ wg: "Social Web XG",
+
+ // URI of the public WG page
+ wgURI: "http://esw.w3.org/Foaf%2Bssl",
+
+ // name (with the @w3c.org) of the public mailing to which comments are due
+ wgPublicList: "socialweb-xg",
+
+ // alternate formats for this document
+ alternateFormats: [
+ { uri: 'drafts/ED-webid-20100809/diff-20100725.html',
+ label: "Diff from previous Editors Draft" }],
+
+ // URI of the patent status for this WG, for Rec-track documents
+ // !!!! IMPORTANT !!!!
+ // This is important for Rec-track documents, do not copy a patent URI from a random
+ // document unless you know what you're doing. If in doubt ask your friendly neighbourhood
+ // Team Contact.
+ wgPatentURI: "http://www.w3.org/2004/01/pp-impl/44350/status",
+ maxTocLevel: 4,
+ preProcess: [ preProc ]
+ };
+
+
+ function updateExample(doc, content) {
+ // perform transformations to make it render and prettier
+ content = content.replace(/<!--/, '');
+ content = content.replace(/-->/, '');
+ content = doc._esc(content);
+ content = content.replace(/\*\*\*\*([^*]*)\*\*\*\*/g, '<span class="hilite">$1</span>') ;
+ return content ;
+ }
+
+ function updateDTD(doc, content) {
+ // perform transformations to
+ // make it render and prettier
+ content = '<pre class="dtd">' + doc._esc(content) + '</pre>';
+ content = content.replace(/!ENTITY % ([^ \t\r\n]*)/g, '!ENTITY <span class="entity">% $1</span>');
+ content = content.replace(/!ELEMENT ([^ \t$]*)/mg, '!ELEMENT <span class="element">$1</span>');
+ return content;
+ }
+
+ function updateSchema(doc, content) {
+ // perform transformations to
+ // make it render and prettier
+ content = '<pre class="dtd">' + doc._esc(content) + '</pre>';
+ content = content.replace(/<xs:element\s+name="([^&]*)"/g, '<xs:element name="<span class="element" id="schema_element_$1">$1</span>"') ;
+ return content;
+ }
+
+ function updateTTL(doc, content) {
+ // perform transformations to
+ // make it render and prettier
+ content = '<pre class="sh_sourceCode">' + doc._esc(content) + '</pre>';
+ content = content.replace(/@prefix/g, '<span class="sh_keyword">@prefix</span>');
+ return content;
+ }
+ </script>
+ </head>
+ <body>
+ <section id='abstract'>
+
+<p>Social networking, identity and privacy have been at the center of how we
+interact with the Web in the last decade. The explosion of social networking
+sites has brought the world closer together as well as created new points of
+pain regarding ease of use and the Web. Remembering login details, passwords,
+and sharing private information across the many websites and social groups
+that we are a part of has become more difficult and complicated than necessary.
+The Social Web is designed to ensure that control of identity and privacy
+settings is always simple and under one's control. WebID is a key enabler of the
+Social Web. This specification outlines a simple universal identification
+mechanism that is distributed, openly extensible, improves privacy, security
+and control over how one can identify themselves and control access to their
+information on the Web.
+</p>
+
+<section>
+<h2>How to Read this Document</h2>
+
+<p>There are a number of concepts that are covered in this document that the
+reader may want to be aware of before continuing. General knowledge of
+<a href="http://en.wikipedia.org/wiki/Public_key_cryptography">public key cryptography</a>
+and RDF [[!RDF-PRIMER]] and RDFa [[!RDFA-CORE]] is necessary to understand how
+to implement this specification. WebID uses a number of specific technologies
+like HTTP over TLS [[!HTTP-TLS]], X.509 certificates [[!X509V3]],
+RDF/XML [[!RDF-SYNTAX-GRAMMAR]] and XHTML+RDFa [[!XHTML-RDFA]].</p>
+
+<p>A general <a href="#introduction">Introduction</a> is provided for all that
+would like to understand why this specification is necessary to simplify usage
+of the Web.</p>
+
+<p>The terms used throughout this specification are listed in the section
+titled <a href="#terminology">Terminology</a>.</p>
+
+<p>Developers that are interested in implementing this specification will be
+most interested in the sections titled
+<a href="#authentication-sequence">Authentication Sequence</a> and
+<a href="#authentication-sequence-details">Authentication Sequence Details</a>.</p>
+
+</section>
+</section>
+
+<section id='sotd'>
+<!-- <p>This document has been reviewed by W3C Members, by software
+developers, and by other W3C groups and interested parties, and is
+endorsed by the Director as a W3C Recommendation. It is a stable
+document and may be used as reference material or cited from another
+document. W3C's role in making the Recommendation is to draw attention
+to the specification and to promote its widespread deployment. This
+enhances the functionality and interoperability of the Web.</p> -->
+
+The source code for this document is available via Github at the following
+URI: <a href="https://github.com/webid-community/webid-spec">https://github.com/webid-community/webid-spec</a>
+
+</section>
+
+<section class='informative'>
+<h1>Introduction</h1>
+
+<p>
+The WebID specification is designed to help alleviate the difficultly that
+remembering different logins, passwords and settings for websites has created.
+It is also designed to provide a universal and extensible mechanism to express
+public and private information about yourself. This section outlines the
+motivation behind the specification and the relationship to other similar
+specifications that are in active use today.
+</p>
+
+<section class='informative'>
+<h1>Motivation</h1>
+
+<p>
+It is a fundamental design criteria of the Web to enable individuals and
+organizations to control how they interact with the rest of society. This
+includes how one expresses their identity, public information and personal
+details to social networks, Web sites and services.
+</p>
+
+<p>
+Semantic Web vocabularies such as Friend-of-a-Friend (FOAF) permit distributed
+hyperlinked social networks to exist. This vocabulary, along with other
+vocabularies, allow one to add information and services protection to
+distributed social networks.
+</p>
+
+<p>
+One major criticism of open networks is that they seem to have no way of
+protecting the personal information distributed on the web or limiting
+access to resources. Few people are willing to make all their personal
+information public, many would like large pieces to be protected, making
+it available only to a selected group of agents. Giving access to
+information is very similar to giving access to services. There are many
+occasions when people would like services to only be accessible to
+members of a group, such as allowing only friends, family members,
+colleagues to post an article, photo or comment on a blog. How does one do
+this in a flexible way, without requiring a central point of
+access control?
+</p>
+
+<p>
+Using a process made popular by OpenID, we show how one can tie a User
+Agent to a URI by proving that one has write access to the URI.
+WebID is an authentication protocol which uses X.509
+certificates to associate a User Agent (Browser) to a Person identified via a URI.
+A WebID profile can also be used for OpenID, WebId provides a few additional features such as
+trust management via digital signatures, and free-form
+extensibility via RDF. By using the existing SSL certificate exchange
+mechanism, WebID integrates smoothly with existing Web browsers, including
+browsers on mobile devices. WebID also permits automated session login
+in addition to interactive session login. Additionally, all data is encrypted
+and guaranteed to only be received by the person or organization that was
+intended to receive it.
+</p>
+
+</section>
+
+</section>
+
+<section>
+<h1>Preconditions</h1>
+
+<section>
+<h1>Terminology</h1>
+
+<dl>
+
+<dt><tdef>Verification Agent</tdef></dt>
+<dd>Performs authentication on provided WebID credentials and determines if
+an <tref>Identification Agent</tref> can have access to a particular
+resource. A <tref>Verification Agent</tref> is typically a Web server, but
+may also be a peer on a peer-to-peer network.</dd>
+
+<dt><tdef>Identification Agent</tdef></dt>
+<dd>Provides identification credentials to a <tref>Verification Agent</tref>. The
+<tref>Identification Agent</tref> is typically also a User Agent.</dd>
+
+<dt><tdef>Identification Certificate</tdef></dt>
+<dd>An X.509 [[!X509V3]] Certificate that MUST contain a
+<code>Subject Alternative Name</code> extension with at least one URI entry
+identifying the <tref>Identification Agent</tref>. This URI SHOULD be
+dereference-able and result in a document containing RDF data. For example,
+a certificate identifying the WebID URI <code>http://example.org/webid#public</code>
+would contain the following:
+<pre>
+X509v3 extensions:
+ ...
+ X509v3 Subject Alternative Name:
+ URI:http://example.org/webid#public
+</pre>
+<p class="issue">TODO: cover the case where there are more than one URI entry</p>
+</dd>
+
+<dt><tdef>WebID URI</tdef></dt>
+<dd>A URI specified via the <code>Subject Alternative Name</code> extension
+of the <tref>Identification Certificate</tref> that identifies an
+<tref>Identification Agent</tref>.</dd>
+
+<dt><tdef>public key</tdef></dt>
+<dd>A widely distributed cryptographic key that can be used to verify
+digital signatures and encrypt data between a sender and a receiver. A public
+key is always included in an <tref>Identification Certificate</tref>.</dd>
+
+<dt><tdef>WebID Profile</tdef></dt>
+<dd>
+A structured document that contains identification credentials for the
+<tref>Identification Agent</tref> expressed using the Resource Description
+Framework [[RDF-CONCEPTS]]. Either the XHTML+RDFa 1.1 [[!XHTML-RDFA]]
+serialization format or the RDF/XML [[!RDF-SYNTAX-GRAMMAR]] serialization
+format MUST be supported by the mechanism, e.g. a Web Service, providing the
+WebID Profile document. Alternate RDF serialization
+formats, such as N3 [[!N3]] or Turtle [[!TURTLE]], MAY be supported by the
+mechanism providing the WebID Profile document.
+<p class="issue">Whether or not RDF/XML, XHTML+RDFa 1.1, both or neither
+serialization of RDF should be required serialization formats in the
+specification is currently under heavy debate.</p>
+</dd>
+
+</dl>
+
+
+</section>
+
+
+<section class='normative'>
+<h1>Creating the certificate</h1>
+
+<p>The user agent will create a <tref>Identification Certificate</tref> with a
+<code>Subject Alternative Name</code> URI entry. This URI must be one that
+dereferences to a document the user controls so that he can publish the
+public key of the <tref>Identification Certificate</tref> at this URI.</p>
+<p>For example, if a user Joe controls <code>http://joe.example/profile</code>,
+then his WebID can be <code>http://joe.example/profile#me</code></p>
+
+<p class="issue">explain why the WebID URI is different from the URI of the WebID profile document.</p>
+
+<p>As an example to use throughout this specification here is the
+following certificate as an output of the openssl program.</p>
+<p class="example">
+<pre>
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ 5f:df:d6:be:2c:73:c1:fb:aa:2a:2d:23:a6:91:3b:5c
+ Signature Algorithm: sha1WithRSAEncryption
+ <span style="color: red">Issuer:</span> O=FOAF+SSL, OU=The Community of Self Signers, CN=Not a Certification Authority
+ Validity
+ Not Before: Jun 8 14:16:14 2010 GMT
+ Not After : Jun 8 16:16:14 2010 GMT
+ <span style="color: red">Subject:</span> O=FOAF+SSL, OU=The Community Of Self Signers/UID=https://example.org/profile#me, CN=Joe (Personal)
+ Subject Public Key Info:
+<span style="color: red"> Public Key Algorithm:</span> rsaEncryption
+ <span style="color: red">Public-Key:</span> (2048 bit)
+ <span style="color: red">Modulus:</span>
+ 00:cb:24:ed:85:d6:4d:79:4b:69:c7:01:c1:86:ac:
+ c0:59:50:1e:85:60:00:f6:61:c9:32:04:d8:38:0e:
+ 07:19:1c:5c:8b:36:8d:2a:c3:2a:42:8a:cb:97:03:
+ 98:66:43:68:dc:2a:86:73:20:22:0f:75:5e:99:ca:
+ 2e:ec:da:e6:2e:8d:15:fb:58:e1:b7:6a:e5:9c:b7:
+ ac:e8:83:83:94:d5:9e:72:50:b4:49:17:6e:51:a4:
+ 94:95:1a:1c:36:6c:62:17:d8:76:8d:68:2d:de:78:
+ dd:4d:55:e6:13:f8:83:9c:f2:75:d4:c8:40:37:43:
+ e7:86:26:01:f3:c4:9a:63:66:e1:2b:b8:f4:98:26:
+ 2c:3c:77:de:19:bc:e4:0b:32:f8:9a:e6:2c:37:80:
+ f5:b6:27:5b:e3:37:e2:b3:15:3a:e2:ba:72:a9:97:
+ 5a:e7:1a:b7:24:64:94:97:06:6b:66:0f:cf:77:4b:
+ 75:43:d9:80:95:2d:2e:85:86:20:0e:da:41:58:b0:
+ 14:e7:54:65:d9:1e:cf:93:ef:c7:ac:17:0c:11:fc:
+ 72:46:fc:6d:ed:79:c3:77:80:00:0a:c4:e0:79:f6:
+ 71:fd:4f:20:7a:d7:70:80:9e:0e:2d:7b:0e:f5:49:
+ 3b:ef:e7:35:44:d8:e1:be:3d:dd:b5:24:55:c6:13:
+ 91:a1
+ <span style="color: red">Exponent:</span> 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints: critical
+ CA:FALSE
+ X509v3 Key Usage: critical
+ Digital Signature, Non Repudiation, Key Encipherment, Key Agreement, Certificate Sign
+ Netscape Cert Type:
+ SSL Client, S/MIME
+ X509v3 Subject Key Identifier:
+ 08:8E:A5:5B:AE:5D:C3:8B:00:B7:30:62:65:2A:5A:F5:D2:E9:00:FA
+ <span style="color: red">X509v3 Subject Alternative Name:</span> critical
+ <span style="color: red">URI:</span>https://joe.example/profile#me
+ Signature Algorithm: sha1WithRSAEncryption
+ cf:8c:f8:7b:b2:af:63:f0:0e:dc:64:22:e5:8a:ba:03:1e:f1:
+ ee:6f:2c:f5:f5:10:ad:4c:54:fc:49:2b:e1:0d:cd:be:3d:7c:
+ 78:66:c8:ae:42:9d:75:9f:2c:29:71:91:5c:29:5b:96:ea:e1:
+ e4:ef:0e:5c:f7:07:a0:1e:9c:bf:50:ca:21:e6:6c:c3:df:64:
+ 29:6b:d3:8a:bd:49:e8:72:39:dd:07:07:94:ac:d5:ec:85:b1:
+ a0:5c:c0:08:d3:28:2a:e6:be:ad:88:5e:2a:40:64:59:e7:f2:
+ 45:0c:b9:48:c0:fd:ac:bc:fb:1b:c9:e0:1c:01:18:5e:44:bb:
+ d8:b8
+</pre>
+</p>
+<p class="issue">Should we formally require the Issuer to be
+ O=FOAF+SSL, OU=The Community of Self Signers, CN=Not a Certification Authority. This was discussed on the list as allowing servers to distinguish certificates that are foaf+Ssl enabled from others. Will probably need some very deep TLS thinking to get this right.</p>
+<p class="issue">discuss the importance for UIs of the CN</p>
+<p class="issue">The above certificate is no longer valid, as I took an valid certificate and change the time and WebID. As a result the Signatiure is now false. A completely valid certificate should be generated to avoid nit-pickers picking nits</p>
+</section>
+
+
+<section class='normative'>
+<h1>Publishing the WebID Profile Document</h1>
+
+<p>The <tref>WebID Profile</tref> document MUST expose the relation between the
+<tref>WebID URI</tref> and the <tref>Identification Agent</tref>'s <tref>public key</tref>s
+using the <code>cert</code> and <code>rsa</code> ontologies, as well as the
+<code>cert</code> or <code>xsd</code> datatypes. The set of relations to be
+published at the <tref>WebID Profile</tref> document can be presented in a
+graphical notation as follows.</p>
+<img alt="Web ID graph" src="img/WebIdGraph.jpg"/>
+<p>The document can publish many more relations than are of interest to the WebID protocol, as shown in the above graph by the grayed out relations.</p>
+<p>The encoding of this graph is immaterial to the protocol, so long as a well known mapping to the format of the representation to such a graph can be found. Below we discuss the most well known formats, and a method for dealing with new unknown formats as they come along.</p>
+<p>The WebID provider must publish the graph of relations in one of the well known formats, though he may publish it in a number of formats to increase the useabulity of his site using Content Negotations.</p>
+<p class="issue">Add content negoatiation pointers</p>
+<p>It is particularly useful to have one of the representations be in HTML or XHTML even if it is not marked up in RDFa as this allows people using a web browser to understand what the information at that URI represents.</p>
+<section class='normative'>
+<h1>Turtle</h1>
+<p>A widely used format for writing RDF graphs is the Turtle notation. </p>
+<p class="example">
+<pre>
+ @prefix cert: <http://www.w3.org/ns/auth/cert#> .
+ @prefix rsa: <http://www.w3.org/ns/auth/rsa#> .
+ @prefix foaf: <http://xmlns.com/foaf/0.1/> .
+ @prefix : <https://joe.example/profile#> .
+
+ :me a foaf:Person;
+ foaf:name "Joe" .
+
+ [] a rsa:RSAPublicKey;
+ rsa:modulus """
+ 00:cb:24:ed:85:d6:4d:79:4b:69:c7:01:c1:86:ac:
+ c0:59:50:1e:85:60:00:f6:61:c9:32:04:d8:38:0e:
+ 07:19:1c:5c:8b:36:8d:2a:c3:2a:42:8a:cb:97:03:
+ 98:66:43:68:dc:2a:86:73:20:22:0f:75:5e:99:ca:
+ 2e:ec:da:e6:2e:8d:15:fb:58:e1:b7:6a:e5:9c:b7:
+ ac:e8:83:83:94:d5:9e:72:50:b4:49:17:6e:51:a4:
+ 94:95:1a:1c:36:6c:62:17:d8:76:8d:68:2d:de:78:
+ dd:4d:55:e6:13:f8:83:9c:f2:75:d4:c8:40:37:43:
+ e7:86:26:01:f3:c4:9a:63:66:e1:2b:b8:f4:98:26:
+ 2c:3c:77:de:19:bc:e4:0b:32:f8:9a:e6:2c:37:80:
+ f5:b6:27:5b:e3:37:e2:b3:15:3a:e2:ba:72:a9:97:
+ 5a:e7:1a:b7:24:64:94:97:06:6b:66:0f:cf:77:4b:
+ 75:43:d9:80:95:2d:2e:85:86:20:0e:da:41:58:b0:
+ 14:e7:54:65:d9:1e:cf:93:ef:c7:ac:17:0c:11:fc:
+ 72:46:fc:6d:ed:79:c3:77:80:00:0a:c4:e0:79:f6:
+ 71:fd:4f:20:7a:d7:70:80:9e:0e:2d:7b:0e:f5:49:
+ 3b:ef:e7:35:44:d8:e1:be:3d:dd:b5:24:55:c6:13:
+ 91:a1
+ """^^cert:hex;
+ rsa:public_exponent "65537"^^cert:int;
+ cert:identity :me .
+</pre>
+</p>
+</section>
+<section>
+<h1>RDFa HTML notation</h1>
+<p>There are many ways of writing out the above graph using RDFa in
+html. Here is just one example.</p>
+<p class="example">
+<pre>
+<html xmlns="http://www.w3.org/1999/xhtml"
+ xmlns:cert="http://www.w3.org/ns/auth/cert#"
+ xmlns:foaf="http://xmlns.com/foaf/0.1/"
+ xmlns:owl="http://www.w3.org/2002/07/owl#"
+ xmlns:rsa="http://www.w3.org/ns/auth/rsa#"
+ xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#">
+<head>
+</head>
+<body>
+<h2>My RSA Public Key</h2>
+
+ <dl typeof="rsa:RSAPublicKey">
+ <dt>WebId</dt><dd href="#me" rel="cert:identity">http://joe.example/profile#me</dd>
+ <dt>Modulus (hexadecimal)</dt>
+ <dd property="rsa:modulus" datatype="cert:hex">
+ 00:cb:24:ed:85:d6:4d:79:4b:69:c7:01:c1:86:ac:
+ c0:59:50:1e:85:60:00:f6:61:c9:32:04:d8:38:0e:
+ 07:19:1c:5c:8b:36:8d:2a:c3:2a:42:8a:cb:97:03:
+ 98:66:43:68:dc:2a:86:73:20:22:0f:75:5e:99:ca:
+ 2e:ec:da:e6:2e:8d:15:fb:58:e1:b7:6a:e5:9c:b7:
+ ac:e8:83:83:94:d5:9e:72:50:b4:49:17:6e:51:a4:
+ 94:95:1a:1c:36:6c:62:17:d8:76:8d:68:2d:de:78:
+ dd:4d:55:e6:13:f8:83:9c:f2:75:d4:c8:40:37:43:
+ e7:86:26:01:f3:c4:9a:63:66:e1:2b:b8:f4:98:26:
+ 2c:3c:77:de:19:bc:e4:0b:32:f8:9a:e6:2c:37:80:
+ f5:b6:27:5b:e3:37:e2:b3:15:3a:e2:ba:72:a9:97:
+ 5a:e7:1a:b7:24:64:94:97:06:6b:66:0f:cf:77:4b:
+ 75:43:d9:80:95:2d:2e:85:86:20:0e:da:41:58:b0:
+ 14:e7:54:65:d9:1e:cf:93:ef:c7:ac:17:0c:11:fc:
+ 72:46:fc:6d:ed:79:c3:77:80:00:0a:c4:e0:79:f6:
+ 71:fd:4f:20:7a:d7:70:80:9e:0e:2d:7b:0e:f5:49:
+ 3b:ef:e7:35:44:d8:e1:be:3d:dd:b5:24:55:c6:13:
+ 91:a1
+ </dd>
+ <dt>Exponent (decimal)</dt>
+ <dd property="rsa:public_exponent" datatype="cert:int">65537</dd>
+ </dl>
+</body>
+</html>
+</pre>
+</p>
+<p>If a WebId provider would rather prefer not to mark up his data in RDFa, but just provide a human readable format for users and have the RDF graph appear in a machine readable format such as RDF/XML then he MAY publish the link from the HTML to a machine readable format (it this is available at a dedicated URI) as follows:</p>
+ <p class="example">
+<pre>
+<html>
+<head>
+<link type="rel" type="application/rdf+xml" href="profile.rdf"/>
+</head>
+<body> ... </body>
+</html>
+</pre>
+</p>
+</section>
+<section>
+<h1>In RDF/XML</h1>
+<p>RDF/XML is easy to generate automatically from structured data, be it in object notiation or in relational databases. Parsers for it are also widely available.</p>
+<p class="issue">TODO: the dsa ontology</p>
+</section>
+<section>
+<h1>In Portable Contacts format using GRDDL</h1>
+<p class="issue">TODO: discuss other formats and GRDDL, XSPARQL options for xml formats</p>
+ <p class="issue">summarize and point to content negotiation documents</p>
+</section>
+</section>
+</section>
+
+<section class='normative'>
+<h1>The WebID Protocol</h1>
+
+<section class='normative'>
+<h1>Authentication Sequence</h1>
+
+<p>The following steps are executed by <tref>Verification Agent</tref>s and
+<tref>Identification Agent</tref>s to determine the global identity of the
+requesting agent. Once this is known, the identity can be used to determine
+if access should be granted to the requested resource.
+</p>
+
+<ol>
+<li>The <tref>Identification Agent</tref> attempts to access a resource
+using HTTP over TLS [[!HTTP-TLS]] via the <tref>Verification Agent</tref>.</li>
+
+<li>The <tref>Verification Agent</tref> MUST request the
+<tref>Identification Certificate</tref> of the <tref>Identification Agent</tref>
+as a part of the TLS client-certificate retrieval protocol.</li>
+
+<li>The <tref>Verification Agent</tref> MUST extract the <tref>public key</tref>
+and all the URI entries contained in the <code>Subject Alternative Name</code>
+extension of the <tref>Identification Certificate</tref>.
+An <tref>Identification Certificate</tref> MAY contain multiple URI entries
+which are considered claimed <tref>WebID URI</tref>s.</li>
+
+<li>The <tref>Verification Agent</tref> MUST attempt to verify the
+<tref>public key</tref> information associated with at least one of the claimed
+<tref>WebID URI</tref>s. The <tref>Verification Agent</tref> MAY attempt to
+verify more than one claimed <tref>WebID URI</tref>.
+This verification process SHOULD occur either by dereferencing the <tref>WebID URI</tref> and
+extracting RDF data from the resulting document, or by utilizing a cached
+version of the RDF data contained in the document or other data source that is
+up-to-date and trusted by the <tref>Verification Agent</tref>. The processing
+and extraction mechanism is further detailed in the sections titled
+<a href="#processing-the-webid-profile">Processing the WebID Profile</a> and
+<a href="#extracting-webid-URI-details">Extracting WebID URI Details</a>.
+</li>
+
+<li>If the <tref>public key</tref> in the
+<tref>Identification Certificate</tref> is found in the list of
+<tref>public key</tref>s associated with the claimed <tref>WebID URI</tref>, the
+<tref>Verification Agent</tref> MUST assume that the client intends to use
+this <tref>public key</tref> to verify their ownership of the
+<tref>WebID URI</tref>.
+On the other hand, if no matching <tref>public key</tref> is found in the list
+of <tref>public key</tref>s associated with the claimed <tref>WebID URI</tref>,
+the <tref>Verification Agent</tref> MUST attempt to verify another claimed
+<tref>WebID URI</tref>. The authentication MUST fail if no matching
+<tref>public key</tref> is found among all the claimed <tref>WebID URI</tref>s.</li>
+
+<li>The <tref>Verification Agent</tref> verifies that the
+<tref>Identification Agent</tref> owns the private key corresponding to the public key sent in the
+<tref>Identification Certificate</tref>. This SHOULD be fulfilled by performing TLS mutual-authentication
+between the <tref>Verification Agent</tref> and the
+<tref>Identification Agent</tref>.
+If the <tref>Verification Agent</tref> does not have access to the TLS layer,
+a digital signature challenge MUST be provided by the
+<tref>Verification Agent</tref>. These processes are detailed in the sections
+titled <a href="#authorization">Authorization</a> and
+<a href="#secure-communication">Secure Communication</a>.</li>
+
+<li>If the <tref>public key</tref> in the
+<tref>Identification Certificate</tref> matches one in the set given by the
+profile document graph given above then the <tref>Verification Agent</tref>
+knows that the <tref>Identification Agent</tref> is indeed identified by the
+<tref>WebID URI</tref>. The verification is done by querying the
+Personal Profile graph as specified in <a href="#extracting-webid-uri-details">querying the RDF graph</a>.</li>
+</ol>
+
+<p>
+The <tref>Identification Agent</tref> MAY re-establish a different identity at
+any time by executing all of the steps in the Authentication Sequence again.
+Additional algorithms, detailed in the next section, MAY be performed to
+determine if the <tref>Verification Agent</tref> can access a particular
+resource after the last step of the Authentication Sequence has been
+completed.
+</p>
+
+</section>
+
+<section class='normative'>
+<h1>Authentication Sequence Details</h1>
+
+<p>This section covers details about each step in the authentication process.
+</p>
+
+<section class='normative'>
+<h2>Initiating a TLS Connection</h2>
+
+<p class="issue">This section will detail how the TLS connection process is
+started and used by WebID to create a secure channel between the
+Identification Agent and the Verification Agent.</p>
+</section>
+
+<section class='normative'>
+<h2>Exchanging the Identification Certificate</h2>
+
+<p class="issue">This section will detail how the certificate is selected and
+sent to the Verification Agent.</p>
+</section>
+
+<section class='normative'>
+<h2>Processing the WebID Profile</h2>
+
+<p>A <tref>Verification Agent</tref> MUST be able to process documents in RDF/XML
+[[!RDF-SYNTAX-GRAMMAR]] and XHTML+RDFa [[!XHTML-RDFA]]. A server responding to
+a <tref>WebID Profile</tref> request SHOULD be able to deliver at least RDF/XML
+or RDFa. The <tref>Verification Agent</tref> MUST set the Accept-Header to request
+<code>application/rdf+xml</code> with a higher priority than <code>text/html</code>
+and <code>application/xhtml+xml</code>. If the server answers such a request
+with an HTML representation of the resource, this SHOULD describe the WebId Profile
+with RDFa.
+</p>
+
+<p class="issue">This section will explain how a Verification Agent extracts
+semantic data describing the identification credentials from a WebID Profile.</p>
+</section>
+
+<section class='normative'>
+<h2>Verifying the WebID is identified by that public key</h2>
+
+<p>
+There are number of different ways to check that the public key given in the X.509
+certificate against the one provided by the <tref>WebID Profile</tref> or another
+trusted source, the essence is checking that the graph of relations in the
+Profile contains a pattern of relations.
+</p>
+<p>Assuming the public key is an RSA key, and that its modulus is
+ "9D79BFE2498..." and exponent "65537" then the following SPARQL query could be used:
+</p>
+<pre class='example'>
+PREFIX cert: <http://www.w3.org/ns/auth/cert#>
+PREFIX rsa: <http://www.w3.org/ns/auth/rsa#>
+ASK {
+ [] cert:identity <http://example.org/webid#public>;
+ rsa:modulus "9D79BFE2498..."^^cert:hex;
+ rsa:public_exponent "65537"^^cert:int .
+}
+</pre>
+<p>If the query returns true, then the graph has validated the associated
+public key with the WebID.</p>
+<p>The above requires the sparql endpoint (or the underlying triple store
+to be able to do inferencing on dataytypes. This is because the numerical
+values may be expressed with different xsd and cert datatypes which must all
+be supported by <tref>VerificationAgent</tref>s. The cert datatypes allow
+the numerical expression to be spread over a number of lines, or contain
+arbitrary characters such as "9D ☮ 79 ☮ BF ☮ E2 ☮ F4 ☮ 98 ☮..." . The datatype
+itself need not necessarily be expressed in cert:hex, but could use a number of
+xsd integer datatype notations, cert:int or future base64 notations.
+</p>
+<p class="issue">Should we define the base64 notation?</p>
+<p>If the SPARQL endpoint doesn't provide a literal inferencing engine, then the modulus should be extracted from the graph, normalised into a big integer (integers without an upper bound), and compared with the values given in the public key certificate. After replacing the <code>?webid</code> variable in the following query with the required value the <tref>Verifying Agent</tref> can query the Profile Graph with</p>
+<pre class='example'>
+PREFIX cert: <http://www.w3.org/ns/auth/cert#>
+PREFIX rsa: <http://www.w3.org/ns/auth/rsa#>
+SELECT ?m ?e
+WHERE {
+ [] cert:identity ?webid ;
+ rsa:modulus ?m ;
+ rsa:public_exponent ?e .
+}
+</pre>
+<p>Here the verification agent must check that one of the answers for ?m and ?e
+matches the integer values of the modulus and exponent given in the public key in the certificate.</p>
+<p class="issue"> The public key could be a DSA key. We need to add an ontology for DSA too. What other cryptographic ontologies should we add?</p>
+
+</section>
+
+<section class='normative'>
+<h2>Authorization</h2>
+
+<p class="issue">This section will explain how a Verification Agent may
+use the information discovered via a WebID URI to determine if one should
+be able to access a particular resource. It will explain how a Verification
+Agent can use links to other RDFa documents to build knowledge about the
+given WebID.</p>
+
+</section>
+
+<section class='normative'>
+<h2>Secure Communication</h2>
+
+<p class="issue">This section will explain how an Identification Agent and
+a Verification Agent may communicate securely using a set of verified
+identification credentials.</p>
+
+<p>
+If the <tref>Verification Agent</tref> has verified that the
+<tref>WebID Profile</tref> is owned by the <tref>Identification Agent</tref>,
+the <tref>Verification Agent</tref> SHOULD use the verified
+<tref>public key</tref> contained in the <tref>Identification Certificate</tref>
+for all TLS-based communication with the <tref>Identification Agent</tref>.
+This ensures that both the <tref>Verification Agent</tref> and the
+<tref>Identification Agent</tref>
+are communicating in a secure manner, ensuring cryptographically protected
+privacy for both sides.
+</p>
+
+</section>
+
+</section>
+
+<section class='normative'>
+<h2>The WebID Profile</h2>
+
+<p>The <tref>WebID Profile</tref> is a structured document that contains
+identification credentials for the <tref>Identification Agent</tref> expressed
+using the Resource Description Framework [[RDF-CONCEPTS]]. The following
+sections describe how to express certain common properties that could be used
+by <tref>Verification Agent</tref>s and other entities that consume a
+<tref>WebID Profile</tref>.</p>
+
+<p>The following vocabularies are used in their shortened form in the
+subsequent sections:</p>
+
+<dl>
+ <dt>foaf</dt>
+ <dd>http://xmlns.com/foaf/0.1/</dd>
+ <dt>cert</dt>
+ <dd>http://www.w3.org/ns/auth/cert#</dd>
+ <dt>rsa</dt>
+ <dd>http://www.w3.org/ns/auth/rsa#</dd>
+</dl>
+
+<section class='normative'>
+<h2>Personal Information</h2>
+
+<p>Personal details are the most common requirement when registering an
+account with a website. Some of these pieces of information include an e-mail
+address, a name and perhaps an avatar image. This section includes
+properties that SHOULD be used when conveying key pieces of personal
+information but are NOT REQUIRED to be present in a <tref>WebID Profile</tref>:</p>
+
+<dl>
+ <dt>foaf:mbox</dt>
+ <dd>The e-mail address that is associated with the WebID URI.</dd>
+ <dt>foaf:name</dt>
+ <dd>The name that is most commonly used to refer to the individual
+ or agent.</dd>
+ <dt>foaf:depiction</dt>
+ <dd>An image representation of the individual or agent.</dd>
+</dl>
+</section>
+
+<section class='normative'>
+<h2>Cryptographic Details</h2>
+
+<p>Cryptographic details are important when <tref>Verification Agent</tref>s
+and <tref>Identification Agent</tref>s interact. The following properties
+SHOULD be used when conveying cryptographic information in <tref>WebID Profile</tref>
+documents:</p>
+
+<dl>
+ <dt>rsa:RSAPublicKey</dt>
+ <dd>Expresses an RSA public key. The RSAPublicKey MUST specify the
+ rsa:modulus and rsa:public_exponent properties.</dd>
+ <dt>cert:identity</dt>
+ <dd>Used to associate an RSAPublicKey with a WebID URI. A WebID Profile
+ MUST contain at least one RSAPublicKey that is associated with the
+ corresponding WebID URI.</dd>
+</dl>
+</section>
+
+</section>
+
+</section>
+
+<section class='appendix informative' id="history">
+<h1>Change History</h1>
+<p><a href="https://github.com/webid-community/webid-spec/commit/21deeba1918df73047081d62204dd781f36f5fd7">2010-08-09</a> Updates from WebID community: moved OpenID/OAuth sections to separate document, switched to the URI terminology instead of URL, added "Creating the certificate" and "Publishing the WebID Profile document" sections with a WebID graph and serializations in Turtle and RDFa, improved SPARQL queries using literal notation with cert datatypes, updated list of contributors, and many other fixes.</p>
+<p><a href="http://github.com/webid-community/webid-spec/commit/b19d2812901b4511fdf9876c1be53bb36ee3201e">2010-07-25</a> Added WebID Profile section.</p>
+<p><a href="http://github.com/webid-community/webid-spec/commit/211d197510ca119c21ae48f3e5aa3f931ea88672">2010-07-18</a> Updates from WebID community related to RDF/XML support, authentication sequence corrections, abstract and introduction updates.</p>
+<p><a href="http://github.com/webid-community/webid-spec/commit/a54dee9c242b08edaac617d678215b389dd3556d">2010-07-11</a> Initial version.</p>
+</section>
+
+<section class='informative' id="acknowledgements">
+<h1>Acknowledgments</h1>
+
+<p>The following people have been instrumental in providing thoughts, feedback,
+reviews, criticism and input in the creation of this specification:</p>
+
+<ul>
+<li>Melvin Carvalho</li>
+<li>Bruno Harbulot</li>
+<li>Toby Inkster</li>
+<li>Ian Jacobi</li>
+<li>Jeff Sayre</li>
+<li>Henry Story</li>
+<li>Kingsley Idehen, OpenLink Software</li>
+<li>Seth Russell</li>
+<li>Sarven Capadisli</li>
+<li>Nathan Rixham</li>
+</ul>
+
+</section>
+ </body>
+</html>
+
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/spec/webid-related.respec.html Wed Feb 02 17:27:40 2011 -0500
@@ -0,0 +1,510 @@
+<?xml version='1.0' encoding='UTF-8'?>
+<!DOCTYPE html>
+<html>
+ <head>
+ <title>WebID in relation to other technologies</title>
+ <meta http-equiv='Content-Type' content='text/html;charset=utf-8'/>
+ <!--
+ === NOTA BENE ===
+ For the three scripts below, if your spec resides on dev.w3 you can check them
+ out in the same tree and use relative links so that they'll work offline,
+ -->
+<style type='text/css'>
+code { font-family: monospace; }
+
+span.hilite { color: red; /* font-weight: bold */ }
+
+li p { margin-top: 0.3em;
+ margin-bottom: 0.3em; }
+
+div.explanation { background-color: #ADD8E6;
+ width: 80%;
+ margin: 12px; padding: 8px; }
+div.explanation li { margin-top: 8px; }
+div.explanation dd { margin: 4px; }
+
+.adef {
+ font-family: monospace;
+ font-weight: bold;
+ color: #ff4500 !important;
+}
+
+.aref {
+ font-family: monospace;
+ font-weight: bold;
+ color: #ff4500 !important;
+}
+
+span.entity { color: red; }
+
+span.element { color: green; }
+</style>
+
+ <script src='http://dev.w3.org/2009/dap/ReSpec.js/js/respec.js' class='remove'></script>
+<!-- <script src='/ReSpec.js/js/respec.js' class='remove'></script> -->
+ <script class='remove'>
+ var preProc = {
+ apply: function(c) {
+ // process the document before anything else is done
+ var refs = document.querySelectorAll('adef') ;
+ for (var i = 0; i < refs.length; i++) {
+ var item = refs[i];
+ var p = item.parentNode ;
+ var con = item.innerHTML ;
+ var sp = document.createElement( 'dfn' ) ;
+ var tit = item.getAttribute('title') ;
+ if (!tit) {
+ tit = con;
+ }
+ sp.className = 'adef' ;
+ sp.title=tit ;
+ sp.innerHTML = con ;
+ p.replaceChild(sp, item) ;
+ }
+ refs = document.querySelectorAll('aref') ;
+ for (var i = 0; i < refs.length; i++) {
+ var item = refs[i];
+ var p = item.parentNode ;
+ var con = item.innerHTML ;
+ var sp = document.createElement( 'a' ) ;
+ sp.className = 'aref' ;
+ sp.setAttribute('title', con);
+ sp.innerHTML = '@'+con ;
+ p.replaceChild(sp, item) ;
+ }
+ // local datatype references
+ refs = document.querySelectorAll('ldtref') ;
+ for (var i = 0; i < refs.length; i++) {
+ var item = refs[i];
+ if (!item) continue ;
+ var p = item.parentNode ;
+ var con = item.innerHTML ;
+ var ref = item.getAttribute('title') ;
+ if (!ref) {
+ ref = item.textContent ;
+ }
+ if (ref) {
+ ref = ref.replace(/\n/g, '_') ;
+ ref = ref.replace(/\s+/g, '_') ;
+ }
+ var sp = document.createElement( 'a' ) ;
+ sp.className = 'datatype';
+ sp.title = ref ;
+ sp.innerHTML = con ;
+ p.replaceChild(sp, item) ;
+ }
+ // external datatype references
+ refs = document.querySelectorAll('dtref') ;
+ for (var i = 0; i < refs.length; i++) {
+ var item = refs[i];
+ if (!item) continue ;
+ var p = item.parentNode ;
+ var con = item.innerHTML ;
+ var ref = item.getAttribute('title') ;
+ if (!ref) {
+ ref = item.textContent ;
+ }
+ if (ref) {
+ ref = ref.replace(/\n/g, '_') ;
+ ref = ref.replace(/\s+/g, '_') ;
+ }
+ var sp = document.createElement( 'a' ) ;
+ sp.className = 'externalDFN';
+ sp.title = ref ;
+ sp.innerHTML = con ;
+ p.replaceChild(sp, item) ;
+ }
+ // now do terms
+ refs = document.querySelectorAll('tdef') ;
+ for (var i = 0; i < refs.length; i++) {
+ var item = refs[i];
+ if (!item) continue ;
+ var p = item.parentNode ;
+ var con = item.innerHTML ;
+ var ref = item.getAttribute('title') ;
+ if (!ref) {
+ ref = item.textContent ;
+ }
+ if (ref) {
+ ref = ref.replace(/\n/g, '_') ;
+ ref = ref.replace(/\s+/g, '_') ;
+ }
+ var sp = document.createElement( 'dfn' ) ;
+ sp.title = ref ;
+ sp.innerHTML = con ;
+ p.replaceChild(sp, item) ;
+ }
+ // now term references
+ refs = document.querySelectorAll('tref') ;
+ for (var i = 0; i < refs.length; i++) {
+ var item = refs[i];
+ if (!item) continue ;
+ var p = item.parentNode ;
+ var con = item.innerHTML ;
+ var ref = item.getAttribute('title') ;
+ if (!ref) {
+ ref = item.textContent ;
+ }
+ if (ref) {
+ ref = ref.replace(/\n/g, '_') ;
+ ref = ref.replace(/\s+/g, '_') ;
+ }
+
+ var sp = document.createElement( 'a' ) ;
+ var id = item.textContent ;
+ sp.className = 'tref' ;
+ sp.title = ref ;
+ sp.innerHTML = con ;
+ p.replaceChild(sp, item) ;
+ }
+ }
+ } ;
+
+
+ var respecConfig = {
+ // specification status (e.g. WD, LCWD, NOTE, etc.). If in doubt use ED.
+ // embed RDFa data in the output
+ doRDFa: true,
+ specStatus: "unofficial",
+ //publishDate: "2010-07-05",
+ diffTool: "http://www3.aptest.com/standards/htmldiff/htmldiff.pl",
+
+ // the specifications short name, as in http://www.w3.org/TR/short-name/
+ shortName: "webid-related",
+ subtitle: "How WebID relates and compares to other technologies",
+
+ // if you wish the publication date to be other than today, set this
+ // publishDate: "2009-08-06",
+ copyrightStart: "2010",
+
+ // if there is a previously published draft, uncomment this and set its YYYY-MM-DD date
+ // and its maturity status
+ previousPublishDate: "2010-07-11",
+ previousMaturity: "ED",
+ previousURI: "http://payswarm.com/webid/drafts/ED-webid-20100711/",
+
+
+ // if there a publicly available Editors Draft, this is the link
+ edDraftURI: "http://payswarm.com/webid/",
+
+ // if this is a LCWD, uncomment and set the end of its review period
+ // lcEnd: "2009-08-05",
+
+ // if you want to have extra CSS, append them to this list
+ // it is recommended that the respec.css stylesheet be kept
+ extraCSS: ['http://dev.w3.org/2009/dap/ReSpec.js/css/respec.css'],
+
+ // editors, add as many as you like
+ // only "name" is required
+ editors: [
+ { name: "Manu Sporny", mailto:"msporny@digitalbazaar.com",
+ company: "Digital Bazaar, Inc.", companyURL: "http://blog.digitalbazaar.com/" }
+ ],
+
+ // authors, add as many as you like.
+ // This is optional, uncomment if you have authors as well as editors.
+ // only "name" is required. Same format as editors.
+
+ authors: [
+ { name: "Toby Inkster", url: "http://tobyinkster.co.uk/" },
+ { name: "Henry Story", url: "http://bblfish.net/" },
+ { name: "Bruno Harbulot", url: "http://blog.distributedmatter.net/" },
+ { name: "Reto Bachmann-Gmür", url: "http://trialox.org/" }
+ ],
+
+// errata: 'http://www.w3.org/MarkUp/2008/REC-rdfa-syntax-20081014-errata',
+
+ // name of the WG
+ wg: "Social Web XG",
+
+ // URI of the public WG page
+ wgURI: "http://esw.w3.org/Foaf%2Bssl",
+
+ // name (with the @w3c.org) of the public mailing to which comments are due
+ wgPublicList: "socialweb-xg",
+
+ // alternate formats for this document
+ alternateFormats: [
+ { uri: 'diff-20100711.html',
+ label: "Diff from previous Editors Draft" }],
+
+ // URI of the patent status for this WG, for Rec-track documents
+ // !!!! IMPORTANT !!!!
+ // This is important for Rec-track documents, do not copy a patent URI from a random
+ // document unless you know what you're doing. If in doubt ask your friendly neighbourhood
+ // Team Contact.
+ wgPatentURI: "http://www.w3.org/2004/01/pp-impl/44350/status",
+ maxTocLevel: 4,
+ preProcess: [ preProc ]
+ };
+
+
+ function updateExample(doc, content) {
+ // perform transformations to make it render and prettier
+ content = content.replace(/<!--/, '');
+ content = content.replace(/-->/, '');
+ content = doc._esc(content);
+ content = content.replace(/\*\*\*\*([^*]*)\*\*\*\*/g, '<span class="hilite">$1</span>') ;
+ return content ;
+ }
+
+ function updateDTD(doc, content) {
+ // perform transformations to
+ // make it render and prettier
+ content = '<pre class="dtd">' + doc._esc(content) + '</pre>';
+ content = content.replace(/!ENTITY % ([^ \t\r\n]*)/g, '!ENTITY <span class="entity">% $1</span>');
+ content = content.replace(/!ELEMENT ([^ \t$]*)/mg, '!ELEMENT <span class="element">$1</span>');
+ return content;
+ }
+
+ function updateSchema(doc, content) {
+ // perform transformations to
+ // make it render and prettier
+ content = '<pre class="dtd">' + doc._esc(content) + '</pre>';
+ content = content.replace(/<xs:element\s+name="([^&]*)"/g, '<xs:element name="<span class="element" id="schema_element_$1">$1</span>"') ;
+ return content;
+ }
+
+ function updateTTL(doc, content) {
+ // perform transformations to
+ // make it render and prettier
+ content = '<pre class="sh_sourceCode">' + doc._esc(content) + '</pre>';
+ content = content.replace(/@prefix/g, '<span class="sh_keyword">@prefix</span>');
+ return content;
+ }
+ </script>
+ </head>
+ <body>
+ <section id='abstract'>
+
+<p>Social networking, identity and privacy have been at the center of how we
+interact with the Web in the last decade. The explosion of social networking
+sites has brought the world closer together as well as created new points of
+pain regarding ease of use and the Web. Remembering login details, passwords,
+and sharing private information across the many websites and social groups
+that we are a part of has become more difficult and complicated than necessary.
+The Social Web is designed to ensure that control of identity and privacy
+settings is always simple and under one's control. WebID is a key enabler of the
+Social Web. This specification outlines a simple universal identification
+mechanism that is distributed, openly extensible, improves privacy, security
+and control over how one can identify themselves and control access to their
+information on the Web.
+</p>
+
+<section>
+<h2>How to Read this Document</h2>
+
+<p>There are a number of concepts that are covered in this document that the
+reader may want to be aware of before continuing. General knowledge of
+<a href="http://en.wikipedia.org/wiki/Public_key_cryptography">public key cryptography</a>
+and RDF [[!RDF-PRIMER]] and RDFa [[!RDFA-CORE]] is necessary to understand how
+to implement this specification. WebID uses a number of specific technologies
+like HTTP over TLS [[!HTTP-TLS]], X.509 certificates [[!X509V3]],
+RDF/XML [[!RDF-SYNTAX-GRAMMAR]] and XHTML+RDFa [[!XHTML-RDFA]].</p>
+
+<p>A general <a href="#introduction">Introduction</a> is provided for all that
+would like to understand why this specification is necessary to simplify usage
+of the Web.</p>
+
+<p>The terms used throughout this specification are listed in the section
+titled <a href="#terminology">Terminology</a>.</p>
+
+<p>Developers that are interested in implementing this specification will be
+most interested in the sections titled
+<a href="#authentication-sequence">Authentication Sequence</a> and
+<a href="#authentication-sequence-details">Authentication Sequence Details</a>.
+
+</section>
+</section>
+
+<section id='sotd'>
+<!-- <p>This document has been reviewed by W3C Members, by software
+developers, and by other W3C groups and interested parties, and is
+endorsed by the Director as a W3C Recommendation. It is a stable
+document and may be used as reference material or cited from another
+document. W3C's role in making the Recommendation is to draw attention
+to the specification and to promote its widespread deployment. This
+enhances the functionality and interoperability of the Web.</p> -->
+
+The source code for this document is available via Github at the following
+URI: <a href="https://github.com/webid-community/webid-spec">https://github.com/webid-community/webid-spec</a>
+
+</section>
+
+<section class='informative'>
+<h1>Introduction</h1>
+
+<p>
+The WebID specification is designed to help alleviate the difficultly that
+remembering different logins, passwords and settings for websites has created.
+It is also designed to provide a universal and extensible mechanism to express
+public and private information about yourself. This section outlines the
+motivation behind the specification and the relationship to other similar
+specifications that are in active use today.
+</p>
+
+<section class='informative'>
+<h1>Motivation</h1>
+
+<p class='issue'>TODO</p>
+
+</section>
+
+</section>
+
+<section class='informative'>
+<h1>Relation to OpenID</h1>
+
+<p class='issue'>This section needs to be re-written. The flow and grammar
+leaves much to be desired. -- manu</p>
+
+<p>WebID is compatible with OpenID. Both protocols use a URI that dereferences
+to a Personal Profile Document. This Personal Profile Document is where further
+information about an identity can be discovered. This mechanism is compatible
+with both WebID and OpenID. Therefore, WebID does not intend to replace OpenID,
+but can work beside OpenID by sharing the content in the Personal Profile
+Document.</p>
+
+<p>That said, there are a number of benefits that WebID achieves over OpenID:
+</p>
+
+<p>WebID gives people and other agents a WebID URI for identification. OpenID
+also provides a URI to a Personal Profile Document. However, in the case of
+WebID, one does not need to remember the URI since the User Agent remembers
+the URI on behalf of the person browsing. To log in on a WebID web site there
+is no need to enter any identifier like one has to do for OpenID. Just one click
+tells the browser to send the WebID URI. The person that is browsing does
+not need to remember either their WebID URI or the website password, and because
+no password or other secret credential is exchanged with the website, WebID is
+immune from phishing attacks.
+</p>
+
+<p>
+While WebID works well in a browser environment, it is also very useful outside
+of the browser environment. WebID can also operate without requiring the use
+of any passwords. This is useful to developers that may
+want to use WebID to perform server-to-server or peer-to-peer verification of
+identity. WebID works for automated agents such as Search Agents, API Agents,
+and other automated mechanisms that are often found outside of the browser
+environment.
+</p>
+
+<p>The WebID protocol requires just one direct network connection to establish
+identity via the client. The server requires one connection to the client and
+one connection to retrieve the WebID Profile if it does not have the credential
+information cached. Compare this to the much more complex OpenID sequence, which
+requires six connections by the client to establish a login. In a world of
+distributed data where each site can point to data on any other site, multiple
+connections become costly to manage.</p>
+
+<p>WebID builds on a number of well established Internet and Web standards;
+<a href="http://en.wikipedia.org/wiki/REST">REST</a>,
+RDF [[RDF-PRIMER]], RDFa [[!RDFA-CORE]], RDF/XML [[!RDF-SYNTAX-GRAMMAR]],
+TLS [[!HTTP-TLS]], and X.509 [[!X509V3]]. By building on proven technologies
+which have been integrated into Web browsers for many years,
+it makes both explaining and implementing WebID easier on developers.
+As a matter of fact, there were already three interoperable implementations
+of WebID before this specification was written.</p>
+
+<p>Since WebID is RESTful, you can perform basic HTTP operations to
+<code>GET</code> your WebID, and if you needed update it, you can use
+HTTP <code>PUT</code> semantics. You can also create a WebID via
+<code>POST</code>. This is improved from the OpenID specification, which
+requires a new set of operations described in the OpenID Attribute Exchange
+specification.</p>
+
+<p>WebID is built on RDF and thus enables all of the advanced semantic web
+concepts that RDF enables. For example, a developer may perform machine
+reasoning with a WebID. One can construct machine-executable statements like
+"If this WebID claims to be a friend of one of our partner WebIDs that is
+trusted and the relationship is bi-directional, trust the WebID."
+While OpenID attempts to support this use case by mapping OpenID to RDF, it's
+far easier to do with WebID because WebID is natively built on RDF. This also
+allows to include WebID profiles into HTML documents with RDFa.</p>
+
+<p>It is easy to extend a WebID with new attributes via RDF. The power of
+RDF allows developers to add extensions to WebID by defining new
+vocabularies that they publish. There is no authorization process necessary
+and thus WebID allows for distributed innovation. Every WebID property is
+a URI, which when clicked, can give you yet more information about what the
+property means. A developer can create new usage classes by extending their
+vocabulary at will. A developer can add relationships to a WebID by simply
+adding more HTML to the developer's page. OpenID does not provide any type of
+distributed innovation akin to RDF.</p>
+
+<p>WebID is truly decentralized - with WebID you get a web of trust.
+OpenID only supports the Web of Trust model if you indirectly trust the
+OpenID provider. In other words - OpenID is not truly decentralized. In OpenID
+you must trust OpenID providers. With WebID you only have to trust the people
+and the organizations with which you are communicating. In other words, you
+don't have to ask anyone whether or not you can trust your friends. You can
+query people that you trust directly to see if someone is trustworthy or not.
+There is no need for a central WebID authority.
+</p>
+
+<p>WebID is fully distributed. Anyone can setup a WebID by placing a single
+file on a web server of their choosing, for example on their own domain name.
+There is no need for a special OpenID-like provider service.
+You can also use a WebID hosting provider, but it's not necessary for
+WebID to work. While it is possible to run an OpenID server, other
+OpenID applications may not trust you and thus you won't be able to fully
+utilize your private OpenID credentials. The reason that there are a few
+large OpenID providers and very few small OpenID providers is because of this
+trust design issue related to OpenID.</p>
+
+<p>WebID does not require HTTP redirects. Redirects are problematic on many
+cell phones because telecommunication companies rely heavily on proxy servers which may selectively block
+redirects.</p>
+
+<p>A WebID provider is 100% compatible with an OpenID provider and thus can
+inter-operate with OpenID-powered networks.</p>
+
+<p class='issue'>This last claim needs to be backed up by some bug reports or
+documentation on the actual problems.</p>
+
+</section>
+
+<section class='informative'>
+<h1>Relation to OAuth</h1>
+
+<p>
+OAuth and WebID are mutually beneficial when used together. WebID can be
+used to provide RSA parameters to the RSA-SHA1 signature method required by
+OAuth 1.0. WebID can also be used to establish the consumer_key and HTTPS
+connection that will be used to transmit OAuth Tokens in OAuth 2.0.
+</p>
+
+</section>
+
+
+<section id="appendix">
+
+<section class='informative' id="history">
+<h1>Change History</h1>
+<p><a href="">2010-07-31</a> Initial version split from the core WebID specification.</p>
+</section>
+
+<section class='informative' id="acknowledgements">
+<h1>Acknowledgments</h1>
+
+<p>The following people have been instrumental in providing thoughts, feedback,
+reviews, criticism and input in the creation of this specification:</p>
+
+<ul>
+<li>Melvin Carvalho</li>
+<li>Bruno Harbulot</li>
+<li>Toby Inkster</li>
+<li>Ian Jacobi</li>
+<li>Jeff Sayre</li>
+<li>Henry Story</li>
+<li>Kingsley Idehen, OpenLink Software</li>
+<li>Seth Russell</li>
+<li>Sarven Capadisli</li>
+<li>Nathan Rixham</li>
+</ul>
+
+</section>
+</section>
+ </body>
+</html>
+
--- a/webid-related.respec.html Tue Jan 25 09:51:23 2011 -0500
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,510 +0,0 @@
-<?xml version='1.0' encoding='UTF-8'?>
-<!DOCTYPE html>
-<html>
- <head>
- <title>WebID in relation to other technologies</title>
- <meta http-equiv='Content-Type' content='text/html;charset=utf-8'/>
- <!--
- === NOTA BENE ===
- For the three scripts below, if your spec resides on dev.w3 you can check them
- out in the same tree and use relative links so that they'll work offline,
- -->
-<style type='text/css'>
-code { font-family: monospace; }
-
-span.hilite { color: red; /* font-weight: bold */ }
-
-li p { margin-top: 0.3em;
- margin-bottom: 0.3em; }
-
-div.explanation { background-color: #ADD8E6;
- width: 80%;
- margin: 12px; padding: 8px; }
-div.explanation li { margin-top: 8px; }
-div.explanation dd { margin: 4px; }
-
-.adef {
- font-family: monospace;
- font-weight: bold;
- color: #ff4500 !important;
-}
-
-.aref {
- font-family: monospace;
- font-weight: bold;
- color: #ff4500 !important;
-}
-
-span.entity { color: red; }
-
-span.element { color: green; }
-</style>
-
- <script src='http://dev.w3.org/2009/dap/ReSpec.js/js/respec.js' class='remove'></script>
-<!-- <script src='/ReSpec.js/js/respec.js' class='remove'></script> -->
- <script class='remove'>
- var preProc = {
- apply: function(c) {
- // process the document before anything else is done
- var refs = document.querySelectorAll('adef') ;
- for (var i = 0; i < refs.length; i++) {
- var item = refs[i];
- var p = item.parentNode ;
- var con = item.innerHTML ;
- var sp = document.createElement( 'dfn' ) ;
- var tit = item.getAttribute('title') ;
- if (!tit) {
- tit = con;
- }
- sp.className = 'adef' ;
- sp.title=tit ;
- sp.innerHTML = con ;
- p.replaceChild(sp, item) ;
- }
- refs = document.querySelectorAll('aref') ;
- for (var i = 0; i < refs.length; i++) {
- var item = refs[i];
- var p = item.parentNode ;
- var con = item.innerHTML ;
- var sp = document.createElement( 'a' ) ;
- sp.className = 'aref' ;
- sp.setAttribute('title', con);
- sp.innerHTML = '@'+con ;
- p.replaceChild(sp, item) ;
- }
- // local datatype references
- refs = document.querySelectorAll('ldtref') ;
- for (var i = 0; i < refs.length; i++) {
- var item = refs[i];
- if (!item) continue ;
- var p = item.parentNode ;
- var con = item.innerHTML ;
- var ref = item.getAttribute('title') ;
- if (!ref) {
- ref = item.textContent ;
- }
- if (ref) {
- ref = ref.replace(/\n/g, '_') ;
- ref = ref.replace(/\s+/g, '_') ;
- }
- var sp = document.createElement( 'a' ) ;
- sp.className = 'datatype';
- sp.title = ref ;
- sp.innerHTML = con ;
- p.replaceChild(sp, item) ;
- }
- // external datatype references
- refs = document.querySelectorAll('dtref') ;
- for (var i = 0; i < refs.length; i++) {
- var item = refs[i];
- if (!item) continue ;
- var p = item.parentNode ;
- var con = item.innerHTML ;
- var ref = item.getAttribute('title') ;
- if (!ref) {
- ref = item.textContent ;
- }
- if (ref) {
- ref = ref.replace(/\n/g, '_') ;
- ref = ref.replace(/\s+/g, '_') ;
- }
- var sp = document.createElement( 'a' ) ;
- sp.className = 'externalDFN';
- sp.title = ref ;
- sp.innerHTML = con ;
- p.replaceChild(sp, item) ;
- }
- // now do terms
- refs = document.querySelectorAll('tdef') ;
- for (var i = 0; i < refs.length; i++) {
- var item = refs[i];
- if (!item) continue ;
- var p = item.parentNode ;
- var con = item.innerHTML ;
- var ref = item.getAttribute('title') ;
- if (!ref) {
- ref = item.textContent ;
- }
- if (ref) {
- ref = ref.replace(/\n/g, '_') ;
- ref = ref.replace(/\s+/g, '_') ;
- }
- var sp = document.createElement( 'dfn' ) ;
- sp.title = ref ;
- sp.innerHTML = con ;
- p.replaceChild(sp, item) ;
- }
- // now term references
- refs = document.querySelectorAll('tref') ;
- for (var i = 0; i < refs.length; i++) {
- var item = refs[i];
- if (!item) continue ;
- var p = item.parentNode ;
- var con = item.innerHTML ;
- var ref = item.getAttribute('title') ;
- if (!ref) {
- ref = item.textContent ;
- }
- if (ref) {
- ref = ref.replace(/\n/g, '_') ;
- ref = ref.replace(/\s+/g, '_') ;
- }
-
- var sp = document.createElement( 'a' ) ;
- var id = item.textContent ;
- sp.className = 'tref' ;
- sp.title = ref ;
- sp.innerHTML = con ;
- p.replaceChild(sp, item) ;
- }
- }
- } ;
-
-
- var respecConfig = {
- // specification status (e.g. WD, LCWD, NOTE, etc.). If in doubt use ED.
- // embed RDFa data in the output
- doRDFa: true,
- specStatus: "unofficial",
- //publishDate: "2010-07-05",
- diffTool: "http://www3.aptest.com/standards/htmldiff/htmldiff.pl",
-
- // the specifications short name, as in http://www.w3.org/TR/short-name/
- shortName: "webid-related",
- subtitle: "How WebID relates and compares to other technologies",
-
- // if you wish the publication date to be other than today, set this
- // publishDate: "2009-08-06",
- copyrightStart: "2010",
-
- // if there is a previously published draft, uncomment this and set its YYYY-MM-DD date
- // and its maturity status
- previousPublishDate: "2010-07-11",
- previousMaturity: "ED",
- previousURI: "http://payswarm.com/webid/drafts/ED-webid-20100711/",
-
-
- // if there a publicly available Editors Draft, this is the link
- edDraftURI: "http://payswarm.com/webid/",
-
- // if this is a LCWD, uncomment and set the end of its review period
- // lcEnd: "2009-08-05",
-
- // if you want to have extra CSS, append them to this list
- // it is recommended that the respec.css stylesheet be kept
- extraCSS: ['http://dev.w3.org/2009/dap/ReSpec.js/css/respec.css'],
-
- // editors, add as many as you like
- // only "name" is required
- editors: [
- { name: "Manu Sporny", mailto:"msporny@digitalbazaar.com",
- company: "Digital Bazaar, Inc.", companyURL: "http://blog.digitalbazaar.com/" }
- ],
-
- // authors, add as many as you like.
- // This is optional, uncomment if you have authors as well as editors.
- // only "name" is required. Same format as editors.
-
- authors: [
- { name: "Toby Inkster", url: "http://tobyinkster.co.uk/" },
- { name: "Henry Story", url: "http://bblfish.net/" },
- { name: "Bruno Harbulot", url: "http://blog.distributedmatter.net/" },
- { name: "Reto Bachmann-Gmür", url: "http://trialox.org/" }
- ],
-
-// errata: 'http://www.w3.org/MarkUp/2008/REC-rdfa-syntax-20081014-errata',
-
- // name of the WG
- wg: "Social Web XG",
-
- // URI of the public WG page
- wgURI: "http://esw.w3.org/Foaf%2Bssl",
-
- // name (with the @w3c.org) of the public mailing to which comments are due
- wgPublicList: "socialweb-xg",
-
- // alternate formats for this document
- alternateFormats: [
- { uri: 'diff-20100711.html',
- label: "Diff from previous Editors Draft" }],
-
- // URI of the patent status for this WG, for Rec-track documents
- // !!!! IMPORTANT !!!!
- // This is important for Rec-track documents, do not copy a patent URI from a random
- // document unless you know what you're doing. If in doubt ask your friendly neighbourhood
- // Team Contact.
- wgPatentURI: "http://www.w3.org/2004/01/pp-impl/44350/status",
- maxTocLevel: 4,
- preProcess: [ preProc ]
- };
-
-
- function updateExample(doc, content) {
- // perform transformations to make it render and prettier
- content = content.replace(/<!--/, '');
- content = content.replace(/-->/, '');
- content = doc._esc(content);
- content = content.replace(/\*\*\*\*([^*]*)\*\*\*\*/g, '<span class="hilite">$1</span>') ;
- return content ;
- }
-
- function updateDTD(doc, content) {
- // perform transformations to
- // make it render and prettier
- content = '<pre class="dtd">' + doc._esc(content) + '</pre>';
- content = content.replace(/!ENTITY % ([^ \t\r\n]*)/g, '!ENTITY <span class="entity">% $1</span>');
- content = content.replace(/!ELEMENT ([^ \t$]*)/mg, '!ELEMENT <span class="element">$1</span>');
- return content;
- }
-
- function updateSchema(doc, content) {
- // perform transformations to
- // make it render and prettier
- content = '<pre class="dtd">' + doc._esc(content) + '</pre>';
- content = content.replace(/<xs:element\s+name="([^&]*)"/g, '<xs:element name="<span class="element" id="schema_element_$1">$1</span>"') ;
- return content;
- }
-
- function updateTTL(doc, content) {
- // perform transformations to
- // make it render and prettier
- content = '<pre class="sh_sourceCode">' + doc._esc(content) + '</pre>';
- content = content.replace(/@prefix/g, '<span class="sh_keyword">@prefix</span>');
- return content;
- }
- </script>
- </head>
- <body>
- <section id='abstract'>
-
-<p>Social networking, identity and privacy have been at the center of how we
-interact with the Web in the last decade. The explosion of social networking
-sites has brought the world closer together as well as created new points of
-pain regarding ease of use and the Web. Remembering login details, passwords,
-and sharing private information across the many websites and social groups
-that we are a part of has become more difficult and complicated than necessary.
-The Social Web is designed to ensure that control of identity and privacy
-settings is always simple and under one's control. WebID is a key enabler of the
-Social Web. This specification outlines a simple universal identification
-mechanism that is distributed, openly extensible, improves privacy, security
-and control over how one can identify themselves and control access to their
-information on the Web.
-</p>
-
-<section>
-<h2>How to Read this Document</h2>
-
-<p>There are a number of concepts that are covered in this document that the
-reader may want to be aware of before continuing. General knowledge of
-<a href="http://en.wikipedia.org/wiki/Public_key_cryptography">public key cryptography</a>
-and RDF [[!RDF-PRIMER]] and RDFa [[!RDFA-CORE]] is necessary to understand how
-to implement this specification. WebID uses a number of specific technologies
-like HTTP over TLS [[!HTTP-TLS]], X.509 certificates [[!X509V3]],
-RDF/XML [[!RDF-SYNTAX-GRAMMAR]] and XHTML+RDFa [[!XHTML-RDFA]].</p>
-
-<p>A general <a href="#introduction">Introduction</a> is provided for all that
-would like to understand why this specification is necessary to simplify usage
-of the Web.</p>
-
-<p>The terms used throughout this specification are listed in the section
-titled <a href="#terminology">Terminology</a>.</p>
-
-<p>Developers that are interested in implementing this specification will be
-most interested in the sections titled
-<a href="#authentication-sequence">Authentication Sequence</a> and
-<a href="#authentication-sequence-details">Authentication Sequence Details</a>.
-
-</section>
-</section>
-
-<section id='sotd'>
-<!-- <p>This document has been reviewed by W3C Members, by software
-developers, and by other W3C groups and interested parties, and is
-endorsed by the Director as a W3C Recommendation. It is a stable
-document and may be used as reference material or cited from another
-document. W3C's role in making the Recommendation is to draw attention
-to the specification and to promote its widespread deployment. This
-enhances the functionality and interoperability of the Web.</p> -->
-
-The source code for this document is available via Github at the following
-URI: <a href="https://github.com/webid-community/webid-spec">https://github.com/webid-community/webid-spec</a>
-
-</section>
-
-<section class='informative'>
-<h1>Introduction</h1>
-
-<p>
-The WebID specification is designed to help alleviate the difficultly that
-remembering different logins, passwords and settings for websites has created.
-It is also designed to provide a universal and extensible mechanism to express
-public and private information about yourself. This section outlines the
-motivation behind the specification and the relationship to other similar
-specifications that are in active use today.
-</p>
-
-<section class='informative'>
-<h1>Motivation</h1>
-
-<p class='issue'>TODO</p>
-
-</section>
-
-</section>
-
-<section class='informative'>
-<h1>Relation to OpenID</h1>
-
-<p class='issue'>This section needs to be re-written. The flow and grammar
-leaves much to be desired. -- manu</p>
-
-<p>WebID is compatible with OpenID. Both protocols use a URI that dereferences
-to a Personal Profile Document. This Personal Profile Document is where further
-information about an identity can be discovered. This mechanism is compatible
-with both WebID and OpenID. Therefore, WebID does not intend to replace OpenID,
-but can work beside OpenID by sharing the content in the Personal Profile
-Document.</p>
-
-<p>That said, there are a number of benefits that WebID achieves over OpenID:
-</p>
-
-<p>WebID gives people and other agents a WebID URI for identification. OpenID
-also provides a URI to a Personal Profile Document. However, in the case of
-WebID, one does not need to remember the URI since the User Agent remembers
-the URI on behalf of the person browsing. To log in on a WebID web site there
-is no need to enter any identifier like one has to do for OpenID. Just one click
-tells the browser to send the WebID URI. The person that is browsing does
-not need to remember either their WebID URI or the website password, and because
-no password or other secret credential is exchanged with the website, WebID is
-immune from phishing attacks.
-</p>
-
-<p>
-While WebID works well in a browser environment, it is also very useful outside
-of the browser environment. WebID can also operate without requiring the use
-of any passwords. This is useful to developers that may
-want to use WebID to perform server-to-server or peer-to-peer verification of
-identity. WebID works for automated agents such as Search Agents, API Agents,
-and other automated mechanisms that are often found outside of the browser
-environment.
-</p>
-
-<p>The WebID protocol requires just one direct network connection to establish
-identity via the client. The server requires one connection to the client and
-one connection to retrieve the WebID Profile if it does not have the credential
-information cached. Compare this to the much more complex OpenID sequence, which
-requires six connections by the client to establish a login. In a world of
-distributed data where each site can point to data on any other site, multiple
-connections become costly to manage.</p>
-
-<p>WebID builds on a number of well established Internet and Web standards;
-<a href="http://en.wikipedia.org/wiki/REST">REST</a>,
-RDF [[RDF-PRIMER]], RDFa [[!RDFA-CORE]], RDF/XML [[!RDF-SYNTAX-GRAMMAR]],
-TLS [[!HTTP-TLS]], and X.509 [[!X509V3]]. By building on proven technologies
-which have been integrated into Web browsers for many years,
-it makes both explaining and implementing WebID easier on developers.
-As a matter of fact, there were already three interoperable implementations
-of WebID before this specification was written.</p>
-
-<p>Since WebID is RESTful, you can perform basic HTTP operations to
-<code>GET</code> your WebID, and if you needed update it, you can use
-HTTP <code>PUT</code> semantics. You can also create a WebID via
-<code>POST</code>. This is improved from the OpenID specification, which
-requires a new set of operations described in the OpenID Attribute Exchange
-specification.</p>
-
-<p>WebID is built on RDF and thus enables all of the advanced semantic web
-concepts that RDF enables. For example, a developer may perform machine
-reasoning with a WebID. One can construct machine-executable statements like
-"If this WebID claims to be a friend of one of our partner WebIDs that is
-trusted and the relationship is bi-directional, trust the WebID."
-While OpenID attempts to support this use case by mapping OpenID to RDF, it's
-far easier to do with WebID because WebID is natively built on RDF. This also
-allows to include WebID profiles into HTML documents with RDFa.</p>
-
-<p>It is easy to extend a WebID with new attributes via RDF. The power of
-RDF allows developers to add extensions to WebID by defining new
-vocabularies that they publish. There is no authorization process necessary
-and thus WebID allows for distributed innovation. Every WebID property is
-a URI, which when clicked, can give you yet more information about what the
-property means. A developer can create new usage classes by extending their
-vocabulary at will. A developer can add relationships to a WebID by simply
-adding more HTML to the developer's page. OpenID does not provide any type of
-distributed innovation akin to RDF.</p>
-
-<p>WebID is truly decentralized - with WebID you get a web of trust.
-OpenID only supports the Web of Trust model if you indirectly trust the
-OpenID provider. In other words - OpenID is not truly decentralized. In OpenID
-you must trust OpenID providers. With WebID you only have to trust the people
-and the organizations with which you are communicating. In other words, you
-don't have to ask anyone whether or not you can trust your friends. You can
-query people that you trust directly to see if someone is trustworthy or not.
-There is no need for a central WebID authority.
-</p>
-
-<p>WebID is fully distributed. Anyone can setup a WebID by placing a single
-file on a web server of their choosing, for example on their own domain name.
-There is no need for a special OpenID-like provider service.
-You can also use a WebID hosting provider, but it's not necessary for
-WebID to work. While it is possible to run an OpenID server, other
-OpenID applications may not trust you and thus you won't be able to fully
-utilize your private OpenID credentials. The reason that there are a few
-large OpenID providers and very few small OpenID providers is because of this
-trust design issue related to OpenID.</p>
-
-<p>WebID does not require HTTP redirects. Redirects are problematic on many
-cell phones because telecommunication companies rely heavily on proxy servers which may selectively block
-redirects.</p>
-
-<p>A WebID provider is 100% compatible with an OpenID provider and thus can
-inter-operate with OpenID-powered networks.</p>
-
-<p class='issue'>This last claim needs to be backed up by some bug reports or
-documentation on the actual problems.</p>
-
-</section>
-
-<section class='informative'>
-<h1>Relation to OAuth</h1>
-
-<p>
-OAuth and WebID are mutually beneficial when used together. WebID can be
-used to provide RSA parameters to the RSA-SHA1 signature method required by
-OAuth 1.0. WebID can also be used to establish the consumer_key and HTTPS
-connection that will be used to transmit OAuth Tokens in OAuth 2.0.
-</p>
-
-</section>
-
-
-<section id="appendix">
-
-<section class='informative' id="history">
-<h1>Change History</h1>
-<p><a href="">2010-07-31</a> Initial version split from the core WebID specification.</p>
-</section>
-
-<section class='informative' id="acknowledgements">
-<h1>Acknowledgments</h1>
-
-<p>The following people have been instrumental in providing thoughts, feedback,
-reviews, criticism and input in the creation of this specification:</p>
-
-<ul>
-<li>Melvin Carvalho</li>
-<li>Bruno Harbulot</li>
-<li>Toby Inkster</li>
-<li>Ian Jacobi</li>
-<li>Jeff Sayre</li>
-<li>Henry Story</li>
-<li>Kingsley Idehen, OpenLink Software</li>
-<li>Seth Russell</li>
-<li>Sarven Capadisli</li>
-<li>Nathan Rixham</li>
-</ul>
-
-</section>
-</section>
- </body>
-</html>
-