From 56f2ce669c506c893acccbcff09d0263e68fcadc Mon Sep 17 00:00:00 2001 From: Christian Nennemann Date: Sun, 12 Apr 2026 14:01:57 +0200 Subject: [PATCH] feat: unified drafts/ structure with PDF outputs for ACT and ECT MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Both drafts now live in workspace/drafts/ as siblings: drafts/ ├── act/ (ACT -01, native to parent repo) │ ├── draft-nennemann-act-01.md kramdown-rfc source │ ├── draft-nennemann-act-01.{xml,txt,html,pdf} │ ├── .refcache/ bibxml cache │ └── build.sh ├── ietf-wimse-ect/ (ECT -02, submodule, PDF added) │ └── ... └── README-pdf.md PDF toolchain docs ACT kramdown-rfc conversion: - full YAML frontmatter (title, author, refs) - section structure matches kramdown-rfc conventions - {{REF}} citation syntax, auto-numbered sections - references auto-built from normative/informative blocks - removed manual TOC (kramdown-rfc generates) - builds cleanly: 133K XML, 89K TXT, 208K HTML, 167K PDF PDF toolchain: - xml2rfc --pdf via weasyprint<60 + pydyf<0.10 injected into xml2rfc pipx venv - both build.sh scripts now produce PDF as Step 4 - README-pdf.md documents the setup for new machines Submodule: bump ietf-wimse-ect pointer for build.sh PDF step --- workspace/drafts/README-pdf.md | 67 + .../reference.I-D.ietf-scitt-architecture.xml | 35 + .../act/.refcache/reference.RFC.2119.xml | 13 + .../act/.refcache/reference.RFC.7009.xml | 14 + .../act/.refcache/reference.RFC.7515.xml | 14 + .../act/.refcache/reference.RFC.7517.xml | 12 + .../act/.refcache/reference.RFC.7518.xml | 12 + .../act/.refcache/reference.RFC.7519.xml | 14 + .../act/.refcache/reference.RFC.8037.xml | 12 + .../act/.refcache/reference.RFC.8174.xml | 13 + .../act/.refcache/reference.RFC.8693.xml | 16 + .../act/.refcache/reference.RFC.9110.xml | 16 + .../act/.refcache/reference.RFC.9562.xml | 24 + workspace/drafts/act/build.sh | 69 + .../drafts/act/draft-nennemann-act-01.html | 3979 +++++++++++++++++ .../act/draft-nennemann-act-01.md | 882 ++-- .../drafts/act/draft-nennemann-act-01.pdf | Bin 0 -> 167277 bytes .../drafts/act/draft-nennemann-act-01.txt | 2296 ++++++++++ .../drafts/act/draft-nennemann-act-01.xml | 2741 ++++++++++++ workspace/drafts/ietf-wimse-ect | 2 +- 20 files changed, 9749 insertions(+), 482 deletions(-) create mode 100644 workspace/drafts/README-pdf.md create mode 100644 workspace/drafts/act/.refcache/reference.I-D.ietf-scitt-architecture.xml create mode 100644 workspace/drafts/act/.refcache/reference.RFC.2119.xml create mode 100644 workspace/drafts/act/.refcache/reference.RFC.7009.xml create mode 100644 workspace/drafts/act/.refcache/reference.RFC.7515.xml create mode 100644 workspace/drafts/act/.refcache/reference.RFC.7517.xml create mode 100644 workspace/drafts/act/.refcache/reference.RFC.7518.xml create mode 100644 workspace/drafts/act/.refcache/reference.RFC.7519.xml create mode 100644 workspace/drafts/act/.refcache/reference.RFC.8037.xml create mode 100644 workspace/drafts/act/.refcache/reference.RFC.8174.xml create mode 100644 workspace/drafts/act/.refcache/reference.RFC.8693.xml create mode 100644 workspace/drafts/act/.refcache/reference.RFC.9110.xml create mode 100644 workspace/drafts/act/.refcache/reference.RFC.9562.xml create mode 100755 workspace/drafts/act/build.sh create mode 100644 workspace/drafts/act/draft-nennemann-act-01.html rename workspace/{packages => drafts}/act/draft-nennemann-act-01.md (76%) create mode 100644 workspace/drafts/act/draft-nennemann-act-01.pdf create mode 100644 workspace/drafts/act/draft-nennemann-act-01.txt create mode 100644 workspace/drafts/act/draft-nennemann-act-01.xml diff --git a/workspace/drafts/README-pdf.md b/workspace/drafts/README-pdf.md new file mode 100644 index 0000000..bf711fd --- /dev/null +++ b/workspace/drafts/README-pdf.md @@ -0,0 +1,67 @@ +# PDF Generation for IETF Drafts + +## Status + +`xml2rfc --pdf` is wired up on this machine. PDFs are generated automatically +as part of `build.sh` in each draft directory. + +## How it works + +`xml2rfc` is installed via `pipx` in its own venv +(`/home/c/.local/share/pipx/venvs/xml2rfc/`). The `--pdf` switch requires +several extra dependencies that had to be injected into that venv: + +```bash +pipx inject xml2rfc "weasyprint<60" pycairo pangocffi +/home/c/.local/share/pipx/venvs/xml2rfc/bin/python -m pip install "pydyf<0.10" +``` + +Version pins matter: +- `weasyprint 59.x` — xml2rfc's `--pdf` code path calls weasyprint's + `write_pdf(target, stylesheets=[...], presentational_hints=True)`. + Newer weasyprint (60+) changes the signature. +- `pydyf <0.10` — weasyprint 59 calls `pydyf.PDF(version, identifier)` with + two positional args. pydyf 0.10+ removed those. + +System libs used via ctypes: `pango`, `pangocairo`, `cairo`, `harfbuzz` +(all already present via Fedora packages). + +Fonts: xml2rfc uses Noto + Roboto Mono embedded in the weasyprint output. +Not installed system-wide but weasyprint fonttools handles them. + +## Build step (pattern for build.sh) + +After the HTML step, add: + +```bash +# Step 4: XML -> PDF +echo "Generating PDF output..." +if "$XML2RFC" "$DIR/$DRAFT.xml" --pdf --quiet 2>/dev/null; then + PDF_OK=1 +else + echo " xml2rfc --pdf failed; falling back to weasyprint on HTML" + if command -v weasyprint >/dev/null 2>&1; then + weasyprint "$DIR/$DRAFT.html" "$DIR/$DRAFT.pdf" >/dev/null 2>&1 \ + && PDF_OK=1 || PDF_OK=0 + else + PDF_OK=0 + fi +fi +``` + +## Verification + +`ietf-wimse-ect/draft-nennemann-wimse-ect-02.pdf` — 178 KB, generated via +`xml2rfc --pdf` (IETF-idiomatic layout with Noto fonts, title page, +bookmarks, and proper TOC). The fallback `weasyprint html->pdf` produces a +172 KB PDF that works but renders the html2rfc template instead of the +official IETF print layout; use it only if xml2rfc --pdf is unavailable. + +## Reinstallation checklist (on a new machine) + +1. `pipx install xml2rfc` +2. `pipx inject xml2rfc "weasyprint<60" pycairo pangocffi` +3. `/home/c/.local/share/pipx/venvs/xml2rfc/bin/python -m pip install "pydyf<0.10"` +4. Install system libs: `dnf install pango cairo harfbuzz` (Fedora) or + `apt install libpango-1.0-0 libpangoft2-1.0-0 libharfbuzz0b` (Debian) +5. Test: `xml2rfc some-draft.xml --pdf` diff --git a/workspace/drafts/act/.refcache/reference.I-D.ietf-scitt-architecture.xml b/workspace/drafts/act/.refcache/reference.I-D.ietf-scitt-architecture.xml new file mode 100644 index 0000000..05820e1 --- /dev/null +++ b/workspace/drafts/act/.refcache/reference.I-D.ietf-scitt-architecture.xml @@ -0,0 +1,35 @@ + + + + An Architecture for Trustworthy and Transparent Digital Supply Chains + + Fraunhofer SIT + + + Microsoft Research + + + Microsoft Research + + + ARM + + + + + + Traceability in supply chains is a growing security concern. While + verifiable data structures have addressed specific issues, such as + equivocation over digital certificates, they lack a universal + architecture for all supply chains. This document defines such an + architecture for single-issuer signed statement transparency. It + ensures extensibility, interoperability between different + transparency services, and compliance with various auditing + procedures and regulatory requirements. + + + + + + + diff --git a/workspace/drafts/act/.refcache/reference.RFC.2119.xml b/workspace/drafts/act/.refcache/reference.RFC.2119.xml new file mode 100644 index 0000000..770cfb3 --- /dev/null +++ b/workspace/drafts/act/.refcache/reference.RFC.2119.xml @@ -0,0 +1,13 @@ + + + Key words for use in RFCs to Indicate Requirement Levels + + + + In many standards track documents several words are used to signify the requirements in the specification. These words are often capitalized. This document defines these words as they should be interpreted in IETF documents. This document specifies an Internet Best Current Practices for the Internet Community, and requests discussion and suggestions for improvements. + + + + + + diff --git a/workspace/drafts/act/.refcache/reference.RFC.7009.xml b/workspace/drafts/act/.refcache/reference.RFC.7009.xml new file mode 100644 index 0000000..1371c4e --- /dev/null +++ b/workspace/drafts/act/.refcache/reference.RFC.7009.xml @@ -0,0 +1,14 @@ + + + OAuth 2.0 Token Revocation + + + + + + This document proposes an additional endpoint for OAuth authorization servers, which allows clients to notify the authorization server that a previously obtained refresh or access token is no longer needed. This allows the authorization server to clean up security credentials. A revocation request will invalidate the actual token and, if applicable, other tokens based on the same authorization grant. + + + + + diff --git a/workspace/drafts/act/.refcache/reference.RFC.7515.xml b/workspace/drafts/act/.refcache/reference.RFC.7515.xml new file mode 100644 index 0000000..935705e --- /dev/null +++ b/workspace/drafts/act/.refcache/reference.RFC.7515.xml @@ -0,0 +1,14 @@ + + + JSON Web Signature (JWS) + + + + + + JSON Web Signature (JWS) represents content secured with digital signatures or Message Authentication Codes (MACs) using JSON-based data structures. Cryptographic algorithms and identifiers for use with this specification are described in the separate JSON Web Algorithms (JWA) specification and an IANA registry defined by that specification. Related encryption capabilities are described in the separate JSON Web Encryption (JWE) specification. + + + + + diff --git a/workspace/drafts/act/.refcache/reference.RFC.7517.xml b/workspace/drafts/act/.refcache/reference.RFC.7517.xml new file mode 100644 index 0000000..f895d9c --- /dev/null +++ b/workspace/drafts/act/.refcache/reference.RFC.7517.xml @@ -0,0 +1,12 @@ + + + JSON Web Key (JWK) + + + + A JSON Web Key (JWK) is a JavaScript Object Notation (JSON) data structure that represents a cryptographic key. This specification also defines a JWK Set JSON data structure that represents a set of JWKs. Cryptographic algorithms and identifiers for use with this specification are described in the separate JSON Web Algorithms (JWA) specification and IANA registries established by that specification. + + + + + diff --git a/workspace/drafts/act/.refcache/reference.RFC.7518.xml b/workspace/drafts/act/.refcache/reference.RFC.7518.xml new file mode 100644 index 0000000..58b91d3 --- /dev/null +++ b/workspace/drafts/act/.refcache/reference.RFC.7518.xml @@ -0,0 +1,12 @@ + + + JSON Web Algorithms (JWA) + + + + This specification registers cryptographic algorithms and identifiers to be used with the JSON Web Signature (JWS), JSON Web Encryption (JWE), and JSON Web Key (JWK) specifications. It defines several IANA registries for these identifiers. + + + + + diff --git a/workspace/drafts/act/.refcache/reference.RFC.7519.xml b/workspace/drafts/act/.refcache/reference.RFC.7519.xml new file mode 100644 index 0000000..c0776c4 --- /dev/null +++ b/workspace/drafts/act/.refcache/reference.RFC.7519.xml @@ -0,0 +1,14 @@ + + + JSON Web Token (JWT) + + + + + + JSON Web Token (JWT) is a compact, URL-safe means of representing claims to be transferred between two parties. The claims in a JWT are encoded as a JSON object that is used as the payload of a JSON Web Signature (JWS) structure or as the plaintext of a JSON Web Encryption (JWE) structure, enabling the claims to be digitally signed or integrity protected with a Message Authentication Code (MAC) and/or encrypted. + + + + + diff --git a/workspace/drafts/act/.refcache/reference.RFC.8037.xml b/workspace/drafts/act/.refcache/reference.RFC.8037.xml new file mode 100644 index 0000000..34b469a --- /dev/null +++ b/workspace/drafts/act/.refcache/reference.RFC.8037.xml @@ -0,0 +1,12 @@ + + + CFRG Elliptic Curve Diffie-Hellman (ECDH) and Signatures in JSON Object Signing and Encryption (JOSE) + + + + This document defines how to use the Diffie-Hellman algorithms "X25519" and "X448" as well as the signature algorithms "Ed25519" and "Ed448" from the IRTF CFRG elliptic curves work in JSON Object Signing and Encryption (JOSE). + + + + + diff --git a/workspace/drafts/act/.refcache/reference.RFC.8174.xml b/workspace/drafts/act/.refcache/reference.RFC.8174.xml new file mode 100644 index 0000000..6ac1bee --- /dev/null +++ b/workspace/drafts/act/.refcache/reference.RFC.8174.xml @@ -0,0 +1,13 @@ + + + Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words + + + + RFC 2119 specifies common key words that may be used in protocol specifications. This document aims to reduce the ambiguity by clarifying that only UPPERCASE usage of the key words have the defined special meanings. + + + + + + diff --git a/workspace/drafts/act/.refcache/reference.RFC.8693.xml b/workspace/drafts/act/.refcache/reference.RFC.8693.xml new file mode 100644 index 0000000..40d9241 --- /dev/null +++ b/workspace/drafts/act/.refcache/reference.RFC.8693.xml @@ -0,0 +1,16 @@ + + + OAuth 2.0 Token Exchange + + + + + + + + This specification defines a protocol for an HTTP- and JSON-based Security Token Service (STS) by defining how to request and obtain security tokens from OAuth 2.0 authorization servers, including security tokens employing impersonation and delegation. + + + + + diff --git a/workspace/drafts/act/.refcache/reference.RFC.9110.xml b/workspace/drafts/act/.refcache/reference.RFC.9110.xml new file mode 100644 index 0000000..831f695 --- /dev/null +++ b/workspace/drafts/act/.refcache/reference.RFC.9110.xml @@ -0,0 +1,16 @@ + + + HTTP Semantics + + + + + + The Hypertext Transfer Protocol (HTTP) is a stateless application-level protocol for distributed, collaborative, hypertext information systems. This document describes the overall architecture of HTTP, establishes common terminology, and defines aspects of the protocol that are shared by all versions. In this definition are core protocol elements, extensibility mechanisms, and the "http" and "https" Uniform Resource Identifier (URI) schemes. + This document updates RFC 3864 and obsoletes RFCs 2818, 7231, 7232, 7233, 7235, 7538, 7615, 7694, and portions of 7230. + + + + + + diff --git a/workspace/drafts/act/.refcache/reference.RFC.9562.xml b/workspace/drafts/act/.refcache/reference.RFC.9562.xml new file mode 100644 index 0000000..0a47afe --- /dev/null +++ b/workspace/drafts/act/.refcache/reference.RFC.9562.xml @@ -0,0 +1,24 @@ + + + Universally Unique IDentifiers (UUIDs) + + + + + + This specification defines UUIDs (Universally Unique IDentifiers) -- +also known as GUIDs (Globally Unique IDentifiers) -- and a Uniform +Resource Name namespace for UUIDs. A UUID is 128 bits long and is +intended to guarantee uniqueness across space and time. UUIDs were +originally used in the Apollo Network Computing System (NCS), later +in the Open Software Foundation's (OSF's) Distributed Computing +Environment (DCE), and then in Microsoft Windows platforms. + This specification is derived from the OSF DCE specification with the +kind permission of the OSF (now known as "The Open Group"). Information from earlier versions of the OSF DCE specification have +been incorporated into this document. This document obsoletes RFC +4122. + + + + + diff --git a/workspace/drafts/act/build.sh b/workspace/drafts/act/build.sh new file mode 100755 index 0000000..6dbfe06 --- /dev/null +++ b/workspace/drafts/act/build.sh @@ -0,0 +1,69 @@ +#!/bin/bash +set -e + +DIR="$(cd "$(dirname "$0")" && pwd)" +SRC="$DIR/draft-nennemann-act-01.md" + +# Extract docname from YAML front matter +DRAFT=$(grep '^docname:' "$SRC" | head -1 | awk '{print $2}') +if [ -z "$DRAFT" ]; then + echo "Error: could not extract docname from $SRC" + exit 1 +fi + +# Tool paths +KRAMDOWN="$(which kramdown-rfc2629 2>/dev/null)" +XML2RFC="$(which xml2rfc 2>/dev/null)" + +if [ -z "$KRAMDOWN" ]; then + echo "Error: kramdown-rfc2629 not found. Install with: gem install kramdown-rfc2629" + exit 1 +fi +if [ -z "$XML2RFC" ]; then + echo "Error: xml2rfc not found. Install with: pip install xml2rfc" + exit 1 +fi + +export PYTHONWARNINGS="ignore::UserWarning" + +echo "Building: $DRAFT" +echo "Using kramdown-rfc2629: $KRAMDOWN" +echo "Using xml2rfc: $XML2RFC" +echo "" + +# Step 1: Markdown -> XML +echo "Converting markdown to XML..." +"$KRAMDOWN" "$SRC" > "$DIR/$DRAFT.xml" + +# Step 2: XML -> TXT +echo "Generating text output..." +"$XML2RFC" "$DIR/$DRAFT.xml" --text --quiet 2>/dev/null + +# Step 3: XML -> HTML +echo "Generating HTML output..." +"$XML2RFC" "$DIR/$DRAFT.xml" --html --quiet 2>/dev/null + +# Step 4: XML -> PDF (requires weasyprint + pangocffi + pycairo injected into xml2rfc venv +# and pydyf<0.10 pinned; see /home/c/projects/research.ietf/workspace/drafts/README-pdf.md) +echo "Generating PDF output..." +if "$XML2RFC" "$DIR/$DRAFT.xml" --pdf --quiet 2>/dev/null; then + PDF_OK=1 +else + echo " xml2rfc --pdf failed; falling back to weasyprint on HTML" + if command -v weasyprint >/dev/null 2>&1; then + weasyprint "$DIR/$DRAFT.html" "$DIR/$DRAFT.pdf" >/dev/null 2>&1 && PDF_OK=1 || PDF_OK=0 + else + PDF_OK=0 + fi +fi + +echo "" +echo "Build complete:" +echo " $DRAFT.xml (submit this to datatracker)" +echo " $DRAFT.txt" +echo " $DRAFT.html" +if [ "${PDF_OK:-0}" = "1" ]; then + echo " $DRAFT.pdf" +else + echo " (PDF generation skipped — missing deps)" +fi diff --git a/workspace/drafts/act/draft-nennemann-act-01.html b/workspace/drafts/act/draft-nennemann-act-01.html new file mode 100644 index 0000000..c002b37 --- /dev/null +++ b/workspace/drafts/act/draft-nennemann-act-01.html @@ -0,0 +1,3979 @@ + + + + + + +Agent Context Token (ACT) + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Internet-DraftACTApril 2026
NennemannExpires 14 October 2026[Page]
+
+
+
+
Workgroup:
+
Network Working Group
+
Internet-Draft:
+
draft-nennemann-act-01
+
Published:
+
+ +
+
Intended Status:
+
Standards Track
+
Expires:
+
+
Author:
+
+
+
C. Nennemann
+
Independent Researcher
+
+
+
+
+

Agent Context Token (ACT)

+
+

Abstract

+

This document defines the Agent Context Token (ACT), a self-contained +JWT-based format that captures the full invocation context of an +autonomous AI agent — its capabilities, constraints, delegation +provenance, oversight requirements, task metadata, and DAG position — +and unifies authorization and execution accountability in a single +token lifecycle. An ACT begins as a signed authorization mandate and +transitions into a tamper-evident execution record once the agent +completes its task, appending cryptographic hashes of inputs and +outputs and linking to predecessor tasks via a directed acyclic graph +(DAG). ACT requires no Authorization Server, no workload identity +infrastructure, and no transparency service for basic operation. Trust +is bootstrapped via pre-shared keys and is upgradeable to PKI or +Decentralized Identifiers (DIDs). ACT is designed for +cross-organizational agent federation in regulated and unregulated +environments alike. ACT is the general-purpose agent context +primitive; the WIMSE Execution Context Token (ECT) +[I-D.nennemann-wimse-ect] is a sibling profile specialized for +workload-identity-bound execution recording in WIMSE deployments.

+
+
+
+

+Status of This Memo +

+

+ This Internet-Draft is submitted in full conformance with the + provisions of BCP 78 and BCP 79.

+

+ Internet-Drafts are working documents of the Internet Engineering Task + Force (IETF). Note that other groups may also distribute working + documents as Internet-Drafts. The list of current Internet-Drafts is + at https://datatracker.ietf.org/drafts/current/.

+

+ Internet-Drafts are draft documents valid for a maximum of six months + and may be updated, replaced, or obsoleted by other documents at any + time. It is inappropriate to use Internet-Drafts as reference + material or to cite them other than as "work in progress."

+

+ This Internet-Draft will expire on 14 October 2026.

+
+
+ +
+
+

+Table of Contents +

+ +
+
+
+
+

+1. Introduction +

+

Autonomous AI agents increasingly operate across organizational +boundaries, executing multi-step workflows where individual tasks are +delegated from one agent to another. These workflows create two +distinct, inseparable compliance requirements:

+
    +
  1. +

    Authorization: was the agent permitted to perform the action, +under what constraints, and by whose authority?

    +
    2. +
  2. +

    Accountability: what did the agent actually do, with what +inputs, producing what outputs, in what causal relationship to +prior tasks?

    +
    3. +
+

Existing specifications address these requirements in isolation. +The Agent Authorization Profile (AAP) [I-D.aap-oauth-profile] +provides structured authorization via OAuth 2.0 but requires a +central Authorization Server. The WIMSE Execution Context Token +[I-D.nennemann-wimse-ect] provides execution accountability but +requires WIMSE workload identity infrastructure (SPIFFE/SPIRE).

+

This document defines the Agent Context Token (ACT), which addresses +both requirements in a single, self-contained token that requires no +shared infrastructure beyond the ability to verify asymmetric +signatures. The word "Context" in the name reflects what the token +carries: the complete invocation context of an agent — DAG references, +task metadata, capabilities, delegation chain, and oversight claims +— bound together in one cryptographically verifiable envelope. ACT +is positioned as the general agent context primitive, with the +WIMSE Execution Context Token (ECT) [I-D.nennemann-wimse-ect] as a +sibling profile specialized for workload-identity-bound execution +contexts in WIMSE deployments.

+
+
+

+1.1. Problem Statement +

+

Cross-organizational agent federation today faces a bootstrapping +problem: deploying shared OAuth infrastructure or a common SPIFFE +trust domain requires organizational agreement before the first +message is exchanged. In practice this means either:

+

(a) agents operate without cryptographic authorization or audit + trails, relying on application-layer access control only; or

+

(b) organizations adopt one party's identity infrastructure, creating + a hub-and-spoke dependency that contradicts the decentralized + nature of agent networks.

+

ACT solves this by making pre-shared keys the mandatory-to-implement +trust baseline — two agents can begin a secure, auditable interaction +with nothing more than an out-of-band key exchange — while providing +a clean upgrade path to PKI or DID-based trust without changing the +token format.

+
+
+
+
+

+1.2. Design Goals +

+
    +
  • +

    G1 — Zero infrastructure baseline: ACT MUST be deployable with +no shared servers, no common identity provider, and no transparency +service.

    +
    • +
  • +

    G2 — Single token lifecycle: Authorization and accountability +MUST be expressed in the same token format to prevent +authorization-accountability gaps.

    +
    • +
  • +

    G3 — Peer-to-peer delegation: Delegation chains MUST be +verifiable without contacting an Authorization Server, using +cryptographic chaining of agent signatures.

    +
    • +
  • +

    G4 — DAG-native causal ordering: Workflows with parallel +branches and fan-in dependencies MUST be expressible natively, +without flattening to a linear chain.

    +
    • +
  • +

    G5 — Cross-organizational interoperability: ACTs issued by +agents in different trust domains MUST be verifiable by any +participant holding the issuing agent's public key.

    +
    • +
  • +

    G6 — Regulatory applicability: ACT MUST provide sufficient +evidence for audit requirements in DORA [DORA], EU AI Act +Article 12 [EUAIA], and IEC 62304 [IEC62304] without requiring +additional log formats.

    +
    • +
  • +

    G7 — Upgrade path: The trust model MUST support migration from +pre-shared keys to PKI or DID without breaking existing ACT chains.

    +
    • +
+
+
+
+
+

+1.3. Non-Goals +

+

The following are explicitly out of scope:

+
    +
  • +

    Defining internal AI model behavior or decision logic.

    +
    • +
  • +

    Replacing organizational security policies or procedures.

    +
    • +
  • +

    Defining storage formats for audit ledgers.

    +
    • +
  • +

    Specifying token revocation infrastructure (deployments MAY use +existing mechanisms such as [RFC7009] for this purpose).

    +
    • +
  • +

    Providing non-equivocation guarantees in standalone mode (see +Section 11.5 for the equivocation discussion and optional +transparency anchoring).

    +
    • +
+
+
+ +
+
+

+1.5. Applicability +

+

ACT is designed as a general-purpose primitive for AI agent +authorization and execution accountability. While a sibling +specification [I-D.nennemann-wimse-ect] profiles execution context +tokens specifically for the WIMSE working group's workload identity +infrastructure, ACT operates without any shared identity plane. This +section identifies deployment contexts where ACT applies independently +of WIMSE, and clarifies how ACT complements — rather than competes +with — ecosystem-specific agent protocols.

+
+
+

+1.5.1. Model Context Protocol (MCP) Tool-Use Flows +

+

The Model Context Protocol [MCP-SPEC] defines a client-server +interface by which LLM hosts invoke external tools via structured +JSON-RPC calls. MCP 2025-11-25 mandates OAuth 2.1 for transport-layer +authentication, but provides no mechanism for carrying per-invocation +authorization constraints or for producing a tamper-evident record +of what arguments were passed and what result was returned.

+

ACT addresses this gap as follows: when an MCP host is about to +dispatch a tool call on behalf of an agent, it SHOULD issue a Phase 1 +ACT Mandate encoding the permitted tool name (e.g., as a capability +constraint), the declaring scope, and any parameter-level constraints +applicable to that invocation. The MCP server, upon receiving the +request, MAY validate the ACT Mandate and, upon completing the tool +execution, SHOULD transition the token to Phase 2 by appending +SHA-256 hashes of the serialized input arguments and the JSON +response, then re-sign. The resulting Phase 2 ACT constitutes an +unforgeable record that a specific tool was called with specific +arguments and returned a specific result, independently of MCP's +OAuth layer.

+

This integration requires no modification to MCP transport; the ACT +SHOULD be carried in the ACT-Mandate and ACT-Record HTTP headers +defined in Section 9.1 of this document.

+
+
+
+
+

+1.5.2. OpenAI Agents SDK and Function Calling +

+

The OpenAI Agents SDK [OPENAI-AGENTS-SDK] enables composition of +agents via handoffs — structured transfers of control from one agent +to another, each potentially invoking registered function tools. The +SDK provides no built-in mechanism for a receiving agent to verify +that the handoff was authorized by a named principal, nor for the +invoking agent to produce a verifiable record of what functions it +called.

+

ACT is applicable at the handoff boundary: the orchestrating agent +SHOULD issue a Phase 1 ACT Mandate to the receiving agent at the +moment of handoff, encoding the permitted function set as +capability constraints and the maximum privilege the receiving agent +MAY exercise. The receiving agent SHOULD attach its Phase 2 ACT +Record to any callback or downstream response, providing the +orchestrator with cryptographic evidence of the actions taken. In +multi-turn chains involving multiple handoffs, the DAG linkage +(Section 7) allows each handoff to be expressed as a +parent-child edge, preserving the full causal ordering of the agent +invocation sequence.

+

Implementations that use the OpenAI function calling API directly, +without the Agents SDK, MAY apply ACT at the application layer: the +calling process issues a Phase 1 ACT before the function call +parameter block is finalized, and the receiving function handler +returns a Phase 2 ACT alongside its JSON result.

+
+
+
+
+

+1.5.3. LangGraph and LangChain Agent Graphs +

+

LangGraph [LANGGRAPH] models agent workflows as typed StateGraphs in +which nodes represent agent invocations or tool calls and edges +represent conditional transitions. The DAG structure of ACT +(Section 7) is a natural fit for this model: each LangGraph +node that performs an observable action corresponds to exactly one +ACT task identifier (tid), and directed edges in the LangGraph +correspond to pred (predecessor) references in successor ACTs.

+

ACT is applicable at the node boundary: when a LangGraph node +dispatches a sub-agent or invokes a tool with side effects, it SHOULD +issue a Phase 1 ACT Mandate encoding the node's permitted actions +before any external call is made. Upon transition out of the node, +a Phase 2 ACT Record SHOULD be produced and attached to the +LangGraph state object alongside the node's output. Downstream nodes +that fan-in from multiple predecessors MAY retrieve the set of parent +ACT identifiers from the shared state to populate their pred array, +thereby expressing LangGraph's fan-in semantics within the ACT DAG +without any additional infrastructure.

+

In contrast to LangGraph's built-in state audit trail, which is +mutable in-process memory, Phase 2 ACTs are cryptographically signed +and portable: they can be exported from a LangGraph run and +submitted to an external audit ledger, satisfying compliance +requirements that cannot be met by in-process logging alone.

+
+
+
+
+

+1.5.4. Google Agent2Agent (A2A) Protocol +

+

The Agent2Agent protocol [A2A-SPEC] defines a task-oriented JSON-RPC +interface for inter-agent communication, with authentication +delegated to OAuth 2.0 or API key schemes declared in each agent's +Agent Card. A2A provides no mechanism for a receiving agent to +verify the authorization provenance of a task request beyond the +transport-layer credential, and produces no token that represents +the execution of the task in a verifiable, portable form.

+

ACT is applicable as a session-layer accountability complement to +A2A: a client agent SHOULD include a Phase 1 ACT Mandate in the +metadata field of the A2A Task object, encoding the task type as +a capability constraint and the delegating agent's identity as the +ACT issuer. The receiving agent SHOULD validate the Mandate before +beginning task execution and SHOULD return a Phase 2 ACT Record +as an artifact in the A2A TaskResult, enabling the client agent to +retain cryptographic proof of what was executed on its behalf.

+

This integration does not require modification to A2A's transport or +authentication scheme; ACT and A2A's OAuth credentials operate at +independent layers and are not redundant. A2A's credential answers +"is this client permitted to contact this server?"; the ACT Mandate +answers "is this agent permitted to request this specific task +under these constraints?".

+
+
+
+
+

+1.5.5. Enterprise Orchestration Without WIMSE (CrewAI, AutoGen) +

+

Enterprise orchestration frameworks such as CrewAI [CREWAI] and +AutoGen [AUTOGEN] deploy multi-agent systems within a single +organizational boundary, typically without SPIFFE/SPIRE workload +identity infrastructure. In these environments, OAuth Authorization +Servers are often unavailable or impractical to deploy for +intra-process agent communication.

+

ACT is applicable in this context via its Tier 1 (pre-shared key) +trust model (Section 5.2): each agent role in a CrewAI Crew or +AutoGen ConversableAgent graph is assigned an Ed25519 keypair at +instantiation time. The orchestrating agent issues Phase 1 Mandates +to worker agents before delegating tasks, constraining each worker +to only the tools and actions relevant to its role. Worker agents +produce Phase 2 Records on task completion. The resulting ACT chain +is exportable as a structured audit trail that satisfies the +per-action logging requirements of DORA [DORA] and EU AI Act +Article 12 [EUAIA] without requiring shared infrastructure beyond +the ability to exchange public keys at deployment time.

+

Implementations SHOULD NOT use ACT's self-assertion mode (where an +agent issues and records its own mandate without external sign-off) +in regulated workflows; at minimum, the orchestrating agent MUST +sign the initial Mandate so that accountability is anchored to a +principal outside the executing agent.

+
+
+
+
+

+1.5.6. Relationship to WIMSE ECT +

+

Where WIMSE infrastructure is deployed, ACT and the WIMSE Execution +Context Token [I-D.nennemann-wimse-ect] serve complementary and +non-overlapping functions. The ECT records workload-level execution +in WIMSE terms — which SPIFFE workload executed, in which trust +domain, against which service. ACT records the authorization +provenance — which agent was permitted to request which action, +under what capability constraints, by whose authority — and +transitions that authorization record into an execution record upon +task completion.

+

In mixed environments, both tokens SHOULD be carried simultaneously: +the Workload-Identity header carries the WIMSE ECT; the +ACT-Record header carries the ACT. Verifiers MAY correlate the +two by matching the ACT tid claim against application-layer +identifiers present in the ECT's task context. Neither token is a +profile or extension of the other; they operate at different +abstraction layers and their co-presence is additive.

+
+
+
+
+
+
+
+
+

+2. Conventions and Definitions +

+

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", +"MAY", and "OPTIONAL" in this document are to be interpreted as +described in BCP 14 [RFC2119] [RFC8174] when, and only when, they +appear in all capitals, as shown here.

+

Agent: An autonomous software entity that executes tasks, issues +ACTs as mandates for sub-agents, and produces ACTs as execution +records of its own actions.

+

Authorization Mandate: An ACT in Phase 1, encoding what an agent +is permitted to do, under what constraints, and by whose authority.

+

Execution Record: An ACT in Phase 2, encoding what an agent +actually did, including cryptographic hashes of inputs and outputs +and causal links to predecessor tasks.

+

Directed Acyclic Graph (DAG): A graph structure representing task +dependency ordering where edges are directed and no cycles exist. Used +by ACT to model causal relationships between tasks in a workflow.

+

Delegation Chain: A cryptographically verifiable sequence of ACT +issuances from a root authority through one or more agents, each +signing a new ACT that reduces privileges relative to the one it +received.

+

Trust Tier: A level of key management infrastructure used to +establish the public key of an ACT issuer. Tiers range from +pre-shared keys (Tier 1, mandatory) to PKI (Tier 2) and DIDs +(Tier 3).

+

Workflow: A set of related tasks, identified by a shared wid +claim, forming a single logical unit of work.

+
+
+
+
+

+3. ACT Lifecycle +

+

An ACT has a two-phase lifecycle. The same token format is used in +both phases; the presence or absence of execution claims determines +which phase a token represents.

+

A token is a Phase 2 Execution Record if and only if the claim +exec_act is present. A token that does not contain exec_act is +a Phase 1 Authorization Mandate. Verifiers MUST determine the +phase before applying verification rules, and MUST reject a token +that is presented in the wrong phase for the operation being +performed.

+
+
+

+3.1. Phase 1: Authorization Mandate +

+

In Phase 1, an ACT is created by a delegating agent (or a human +operator) to authorize a target agent to perform a specific task. The +token carries:

+
    +
  • +

    The identity of the issuing agent and the target agent.

    +
    • +
  • +

    The capabilities granted, with associated constraints.

    +
    • +
  • +

    Human oversight requirements for high-impact actions.

    +
    • +
  • +

    The delegation provenance (who authorized the issuer to delegate).

    +
    • +
  • +

    A task identifier and declared purpose.

    +
    • +
+

The Phase 1 ACT is signed by the issuing agent using its private key. +The target agent receives the ACT and uses it as a bearer mandate — +evidence that it is authorized to proceed.

+

Phase 1 ACTs are short-lived. Implementations SHOULD set expiration +(exp) to no more than 15 minutes after issuance (iat) for +automated agent-to-agent workflows. Longer lifetimes MAY be used for +human-initiated mandates where the agent may not act immediately.

+
+
+
+
+

+3.2. Phase 2: Execution Record +

+

Upon completing the authorized task, the executing agent MUST +transition the ACT to Phase 2 by:

+
    +
  1. +

    Adding the exec_act claim describing the action performed.

    +
    2. +
  2. +

    Optionally adding inp_hash and/or out_hash SHA-256 hashes +of task inputs and outputs (RECOMMENDED for regulated environments).

    +
    3. +
  3. +

    Adding the pred array referencing predecessor task identifiers (DAG +dependencies).

    +
    4. +
  4. +

    Adding exec_ts and status claims.

    +
    5. +
  5. +

    Re-signing the complete token with its own private key.

    +
    6. +
+

The re-signing is critical: it produces a new signature over the +combined authorization + execution claims, binding the executing +agent's cryptographic identity to both the mandate it received and +the execution it performed. This creates a single, non-repudiable +record that answers both "was this agent authorized?" and "what +did it do?"

+

Note on issuer signature preservation: re-signing replaces the +Phase 1 signature produced by the issuing agent (iss). The +integrity of the original mandate is preserved through the +del.chain mechanism: the chain entry's sig field is the iss +agent's signature over the Phase 1 ACT, and this signature remains +intact and verifiable in the Phase 2 token. For root mandates where +del.chain is empty, the issuer's signature is not independently +preserved in Phase 2. Deployments requiring independent +verifiability of the original mandate SHOULD retain the Phase 1 +ACT separately alongside the Phase 2 record.

+

The resulting Phase 2 ACT SHOULD be submitted to an audit ledger +(Section 10) and MAY be sent to the next agent in the workflow +as evidence of completed prerequisites.

+
+
+
+
+

+3.3. Lifecycle State Machine +

+
+
+  [Issuer creates Phase 1 ACT]
+           |
+           | sign(issuer_key)
+           v
+    +------------------+
+    |  MANDATE         |  Phase 1: Authorization Mandate
+    |  (unsigned by    |  Carried as bearer token by target agent
+    |   target agent)  |
+    +------------------+
+           |
+           | Target agent executes task
+           | adds exec_act, inp_hash, out_hash, pred
+           | re-signs with target_agent_key
+           v
+    +------------------+
+    |  RECORD          |  Phase 2: Execution Record
+    |  (signed by      |  Submitted to ledger, passed to next agent
+    |   target agent)  |
+    +------------------+
+           |
+           | (optional) anchor to SCITT Transparency Service
+           v
+    +------------------+
+    |  ANCHORED        |  Phase 2 + external non-equivocation
+    +------------------+
+
+
+
+
+
+
+
+
+

+4. ACT Token Format +

+

An ACT is a JSON Web Token [RFC7519] signed as a JSON Web Signature +[RFC7515] using JWS Compact Serialization. All ACTs MUST use JWS +Compact Serialization to ensure they can be carried in a single HTTP +header value.

+
+
+

+4.1. JOSE Header +

+

The ACT JOSE header MUST contain:

+
+
+{
+  "alg": "ES256",
+  "typ": "act+jwt",
+  "kid": "agent-a-key-2026-03"
+}
+
+
+

alg (REQUIRED): The digital signature algorithm. Implementations +MUST support ES256 [RFC7518]. EdDSA (Ed25519) [RFC8037] is +RECOMMENDED for new deployments due to smaller signatures and +resistance to side-channel attacks. Symmetric algorithms (HS256, +HS384, HS512) MUST NOT be used. The "alg" value MUST NOT be "none".

+

typ (REQUIRED): MUST be "act+jwt" to distinguish ACTs from other +JWT types.

+

kid (REQUIRED): An identifier for the signing key. In Tier 1 +deployments (pre-shared keys), this is an opaque string agreed +out-of-band. In Tier 2 deployments (PKI), this is the X.509 +certificate thumbprint. In Tier 3 deployments (DID), this is the +DID key fragment (e.g., did:key:z6Mk...#key-1).

+

x5c (OPTIONAL): In Tier 2 deployments, the X.509 certificate +chain MAY be included to enable verification without out-of-band +key distribution.

+

did (OPTIONAL): In Tier 3 deployments, the full DID of the +issuing agent MAY be included for resolution.

+
+
+
+
+

+4.2. JWT Claims: Authorization Phase +

+
+
+

+4.2.1. Standard JWT Claims +

+

iss (REQUIRED): The identifier of the agent issuing the mandate. +Format depends on trust tier: an opaque string (Tier 1), an X.509 +Subject DN (Tier 2), or a DID (Tier 3).

+

sub (REQUIRED): The identifier of the agent authorized to act. +MUST use the same format convention as iss.

+

aud (REQUIRED): The intended recipient(s). MUST include the +identifier of the target agent (sub). When an audit ledger is +deployed, MUST also include the ledger's identifier. When multiple +recipients are present, MUST be an array. Verifiers that are audit +ledgers MUST verify that their own identifier appears in aud.

+

iat (REQUIRED): Issuance time as a NumericDate [RFC7519].

+

exp (REQUIRED): Expiration time. Implementations SHOULD set to +no more than 15 minutes after iat for automated workflows.

+

jti (REQUIRED): A UUID [RFC9562] uniquely identifying this ACT +and, in Phase 2, the task it records. Used as the task identifier +for DAG predecessor references in pred.

+
+
+
+
+

+4.2.2. ACT Authorization Claims +

+

wid (OPTIONAL): A UUID identifying the workflow to which this +task belongs. When present, groups related ACTs and scopes jti +uniqueness to the workflow.

+

task (REQUIRED): An object describing the authorized task:

+
+
+{
+  "task": {
+    "purpose": "validate_patient_dosage",
+    "data_sensitivity": "restricted",
+    "created_by": "operator:clinical-admin-01",
+    "expires_at": 1772064750
+  }
+}
+
+
+
    +
  • +

    purpose (REQUIRED): A string describing the intended task. +Implementations SHOULD use a controlled vocabulary or reverse- +domain notation (e.g., "com.example.validate_dosage") to enable +semantic consistency checking by the receiving agent.

    +
    • +
  • +

    data_sensitivity (OPTIONAL): One of "public", "internal", +"confidential", "restricted". Receiving agents MUST NOT perform +actions that would expose data above this classification.

    +
    • +
  • +

    created_by (OPTIONAL): An identifier for the human or system +that initiated the workflow. SHOULD be pseudonymous (see +Section 12).

    +
    • +
  • +

    expires_at (OPTIONAL): A NumericDate after which the task +mandate is no longer valid, independent of exp.

    +
    • +
+

cap (REQUIRED): An array of capability objects, each specifying +an action the agent is authorized to perform and the constraints +under which it may do so:

+
+
+{
+  "cap": [
+    {
+      "action": "read.patient_record",
+      "constraints": {
+        "patient_id_scope": "current_task_only",
+        "max_records": 1,
+        "data_classification_max": "restricted"
+      }
+    },
+    {
+      "action": "write.dosage_recommendation",
+      "constraints": {
+        "status": "draft_only"
+      }
+    }
+  ]
+}
+
+
+

Action names MUST conform to the ABNF grammar:

+
+
+action-name = component *( "." component )
+component   = ALPHA *( ALPHA / DIGIT / "-" / "_" )
+
+
+

Receiving agents MUST perform exact string matching on action names. +Wildcard matching is NOT part of this specification.

+

When multiple capabilities match the same action, OR semantics +apply: if ANY capability grants the action, the request is +authorized subject to that capability's constraints. When multiple +constraints exist within a single capability, AND semantics apply: +ALL constraints MUST be satisfied. When the same constraint key +appears in both a capability-level and a policy-level context, the +more restrictive value applies: lower numeric limits, narrower +allow-lists (intersection), broader block-lists (union), and +narrower time windows.

+

oversight (OPTIONAL): Human oversight requirements:

+
+
+{
+  "oversight": {
+    "requires_approval_for": ["write.publish", "execute.payment"],
+    "approval_ref": "https://approval.example.com/workflow/w-123"
+  }
+}
+
+
+

When requires_approval_for lists an action, the receiving agent +MUST NOT execute that action autonomously. The approval mechanism +is out of scope for this specification.

+

del (OPTIONAL): Delegation provenance, establishing the chain +of authority from the root mandate to this ACT. If del is absent, +the ACT MUST be treated as a root mandate with depth = 0 and +further delegation is not permitted (i.e., the receiving agent MUST NOT issue sub-mandates based on this ACT).

+
+
+{
+  "del": {
+    "depth": 1,
+    "max_depth": 3,
+    "chain": [
+      {
+        "delegator": "did:key:z6MkhaXgBZDvotDkL5257faiztiGiC2QtKLGpbnnEGta2doK",
+        "jti": "550e8400-e29b-41d4-a716-446655440000",
+        "sig": "base64url-encoded-signature-of-parent-act-hash"
+      }
+    ]
+  }
+}
+
+
+
    +
  • +

    depth: The current delegation depth. 0 means this is a root +mandate issued by a human or root authority.

    +
    • +
  • +

    max_depth: The maximum permitted delegation depth. Receiving +agents MUST NOT issue sub-mandates that would exceed this depth.

    +
    • +
  • +

    chain: An array of delegation provenance records ordered from +root to immediate parent (chain[0] is the root authority, +chain[depth-1] is the direct parent of this ACT). Each entry +contains:

    +
      +
    • +

      delegator: The identifier of the agent that authorized this +delegation step (i.e., the iss of the parent ACT at that +depth).

      +
      • +
    • +

      jti: The jti of the parent ACT that authorized this +delegation step.

      +
      • +
    • +

      sig: The delegating agent's signature over the SHA-256 hash +of that parent ACT, providing cryptographic linkage without +requiring the full parent ACT to be transmitted.

      +
      • +
    +
    • +
+

The sig field in each chain entry is the critical departure from +AAP's delegation model: rather than requiring a central AS to +validate the chain, any verifier holding the delegating agent's +public key can independently verify each step by recomputing the +hash and checking the signature.

+
+
+
+
+
+
+

+4.3. JWT Claims: Execution Phase +

+

The following claims are added by the executing agent when +transitioning to Phase 2. Their presence distinguishes an Execution +Record from an Authorization Mandate.

+

exec_act (REQUIRED in Phase 2): A string identifying the action +actually performed. MUST conform to the same ABNF grammar as +capability action names. MUST match one of the action values in +the cap array of the Phase 1 claims.

+

pred (REQUIRED in Phase 2): An array of jti values of predecessor +tasks in the DAG. An empty array indicates a root task. Each value +MUST be the jti of a previously verified ACT (Phase 2) within +the same workflow (same wid) or the global ACT store if wid is +absent.

+

inp_hash (OPTIONAL): The base64url encoding (without padding) of +the SHA-256 hash of the task's input data, computed over the raw +octets of the serialized input. Provides cryptographic evidence of +what data the agent processed.

+

out_hash (OPTIONAL): The base64url encoding (without padding) of +the SHA-256 hash of the task's output data, using the same format +as inp_hash. Provides cryptographic evidence of what data the +agent produced.

+

exec_ts (REQUIRED in Phase 2): A NumericDate recording the +actual time of task execution. MAY differ from iat when the agent +queued the mandate before execution. MUST be greater than or equal +to iat. SHOULD be less than or equal to exp; execution after +mandate expiry is possible when tasks are long-running and MUST NOT +cause automatic rejection, but implementors SHOULD log a warning.

+

status (REQUIRED in Phase 2): One of "completed", "failed", +"partial". Allows audit systems to distinguish successful execution +from partial or failed attempts, which is essential for regulated +environments where failed attempts must be recorded.

+

err (OPTIONAL, present when status is "failed" or "partial"): +An object providing error context:

+
+
+{
+  "err": {
+    "code": "constraint_violation",
+    "detail": "data_classification_max exceeded"
+  }
+}
+
+
+

Error detail SHOULD NOT reveal internal system state beyond what is +necessary for audit purposes.

+
+
+
+
+

+4.4. Complete Examples +

+
+
+

+4.4.1. Example: Phase 1 — Authorization Mandate +

+
+
+{
+  "alg": "ES256",
+  "typ": "act+jwt",
+  "kid": "agent-clinical-key-2026-03"
+}
+.
+{
+  "iss": "did:key:z6MkhaXgBZDvotDkL5257faiztiGiC2QtKLGpbnnEGta2doK",
+  "sub": "did:key:z6MknGc3omCyas4b1GmEn4xySHgLuSHxrKrUBnrhJekxZHFz",
+  "aud": [
+    "did:key:z6MknGc3omCyas4b1GmEn4xySHgLuSHxrKrUBnrhJekxZHFz",
+    "https://ledger.hospital.example.com"
+  ],
+  "iat": 1772064000,
+  "exp": 1772064900,
+  "jti": "550e8400-e29b-41d4-a716-446655440001",
+
+  "wid": "a0b1c2d3-e4f5-6789-abcd-ef0123456789",
+
+  "task": {
+    "purpose": "validate_treatment_recommendation",
+    "data_sensitivity": "restricted",
+    "created_by": "operator:clinical-admin-01"
+  },
+
+  "cap": [
+    {
+      "action": "read.patient_record",
+      "constraints": {
+        "patient_id_scope": "current_task_only",
+        "max_records": 1
+      }
+    },
+    {
+      "action": "write.safety_assessment",
+      "constraints": {
+        "status": "draft_only"
+      }
+    }
+  ],
+
+  "oversight": {
+    "requires_approval_for": ["write.publish_assessment"]
+  },
+
+  "del": {
+    "depth": 0,
+    "max_depth": 2,
+    "chain": []
+  }
+}
+
+
+
+
+
+
+

+4.4.2. Example: Phase 2 — Execution Record (same token, re-signed by target agent) +

+
+
+{
+  "alg": "EdDSA",
+  "typ": "act+jwt",
+  "kid": "agent-safety-key-2026-03"
+}
+.
+{
+  "iss": "did:key:z6MkhaXgBZDvotDkL5257faiztiGiC2QtKLGpbnnEGta2doK",
+  "sub": "did:key:z6MknGc3omCyas4b1GmEn4xySHgLuSHxrKrUBnrhJekxZHFz",
+  "aud": [
+    "did:key:z6MknGc3omCyas4b1GmEn4xySHgLuSHxrKrUBnrhJekxZHFz",
+    "https://ledger.hospital.example.com"
+  ],
+  "iat": 1772064000,
+  "exp": 1772064900,
+  "jti": "550e8400-e29b-41d4-a716-446655440001",
+
+  "wid": "a0b1c2d3-e4f5-6789-abcd-ef0123456789",
+
+  "task": {
+    "purpose": "validate_treatment_recommendation",
+    "data_sensitivity": "restricted",
+    "created_by": "operator:clinical-admin-01"
+  },
+
+  "cap": [
+    {
+      "action": "read.patient_record",
+      "constraints": {
+        "patient_id_scope": "current_task_only",
+        "max_records": 1
+      }
+    },
+    {
+      "action": "write.safety_assessment",
+      "constraints": {
+        "status": "draft_only"
+      }
+    }
+  ],
+
+  "oversight": {
+    "requires_approval_for": ["write.publish_assessment"]
+  },
+
+  "del": {
+    "depth": 0,
+    "max_depth": 2,
+    "chain": []
+  },
+
+  "exec_act": "write.safety_assessment",
+  "pred": ["550e8400-e29b-41d4-a716-446655440000"],
+  "inp_hash": "n4bQgYhMfWWaL-qgxVrQFaO_TxsrC4Is0V1sFbDwCgg",
+  "out_hash": "LCa0a2j_xo_5m0U8HTBBNBNCLXBkg7-g-YpeiGJm564",
+  "exec_ts": 1772064300,
+  "status": "completed"
+}
+
+
+
+
+
+
+
+
+
+
+

+5. Trust Model +

+

ACT defines four trust tiers. Tier 1 is mandatory-to-implement; all +others are optional upgrades. An ACT verifier MUST be able to process +ACTs from any tier it has configured. The trust tier in use is +determined by the kid format and the presence of x5c or did +header parameters.

+
+
+

+5.1. Tier 0: Bootstrap (TOFU — Trust On First Use) +

+

Tier 0 is NOT part of the normative trust model and MUST NOT be used +in regulated environments. It is defined here for documentation +purposes only, to describe the common bootstrapping scenario.

+

In Tier 0, the first ACT received from an agent establishes its +public key. This is equivalent to SSH TOFU behavior: an attacker +who intercepts the first message can substitute their own key. Tier 0 +deployments MUST transition to Tier 1 or higher before exchanging +ACTs that carry sensitive capabilities.

+
+
+
+
+

+5.2. Tier 1: Pre-Shared Keys (Mandatory-to-Implement) +

+

In Tier 1, both parties exchange public keys out-of-band prior to +the first ACT exchange. The kid is an opaque string agreed during +the key exchange. Implementations MUST support Tier 1.

+

Key exchange MAY occur via any out-of-band mechanism: manual +configuration, a configuration management system, or a prior +authenticated channel. This specification does not mandate a +specific key exchange protocol.

+

Tier 1 public keys MUST be Ed25519 [RFC8037] or P-256 (ES256) +[RFC7518] keys. RSA keys SHOULD NOT be used in Tier 1 deployments due to +key size. Key rotation MUST be performed out-of-band using the same +mechanism as the initial exchange.

+
+
+
+
+

+5.3. Tier 2: PKI / X.509 +

+

In Tier 2, agent identity is bound to an X.509 certificate issued +by a mutually trusted Certificate Authority (CA). The kid is the +certificate thumbprint (SHA-256 of the DER-encoded certificate).

+

Cross-organizational ACT exchange in Tier 2 requires either:

+

(a) a mutually trusted root CA, or +(b) cross-certification between the organizations' CAs, or +(c) explicit trust anchoring (one organization's CA is added to + the other's trust store).

+

The x5c JOSE header parameter [RFC7515] MAY carry the full +certificate chain to enable verification without out-of-band trust +store configuration.

+
+
+
+
+

+5.4. Tier 3: Decentralized Identifiers (DID) +

+

In Tier 3, agent identity is expressed as a DID [W3C-DID]. The +kid is a DID key fragment. The did JOSE header parameter carries +the full DID for resolution.

+

Implementations SHOULD support at minimum did:key [DID-KEY] for +self-contained key distribution without external resolution, and +did:web [DID-WEB] for organizations that prefer DNS-anchored +identity.

+

DID resolution latency introduces a dependency on external +infrastructure. To preserve the zero-infrastructure baseline, +implementations using Tier 3 MAY cache DID Documents and MUST +specify a maximum cache TTL in their configuration.

+
+
+
+
+

+5.5. Cross-Tier Interoperability +

+

A delegation chain MAY include agents operating at different trust +tiers. Each step in the chain is verified using the trust tier of +the signing agent at that step. Verifiers MUST NOT reject a chain +solely because it mixes trust tiers, but MAY apply stricter +policy for chains that include Tier 0 or Tier 1 steps when +exchanging sensitive capabilities.

+
+
+
+
+
+
+

+6. Delegation Chain +

+

ACT delegation is peer-to-peer: no Authorization Server is involved. +Delegation is expressed as a cryptographically verifiable chain of +ACT issuances, where each step reduces privileges relative to the +previous step.

+
+
+

+6.1. Peer-to-Peer Delegation +

+

When Agent A authorizes Agent B to perform a sub-task, Agent A:

+
    +
  1. +

    Creates a new ACT with sub set to Agent B's identifier.

    +
    2. +
  2. +

    Sets cap to a subset of A's own authorized capabilities, +with constraints at least as restrictive as those in A's mandate.

    +
    3. +
  3. +

    Sets del.depth to A's own del.depth + 1.

    +
    4. +
  4. +

    Sets del.max_depth to no more than the del.max_depth value +in A's own mandate.

    +
    5. +
  5. +

    Adds a chain entry containing A's identifier as delegator, +the jti of A's own mandate, and a sig value computed as:

    +
    +
    +sig = Sign(A.private_key, SHA-256(canonical_ACT_phase1_bytes))
+
    +
    +

    +where canonical_ACT_phase1_bytes is the UTF-8 encoded bytes +of the JWS Compact Serialization of A's Phase 1 ACT.

    +
    6. +
  6. +

    Signs the new ACT with A's private key.

    +
    7. +
+
+
+
+
+

+6.2. Privilege Reduction Requirements +

+

When issuing a delegated ACT, the issuing agent MUST reduce +privileges by one or more of:

+
    +
  • +

    Removing capabilities (sub-set of parent capabilities only).

    +
    • +
  • +

    Adding stricter constraints (lower rate limits, narrower domains, +shorter time windows, lower data classification ceiling).

    +
    • +
  • +

    Reducing token lifetime (exp closer to iat).

    +
    • +
  • +

    Reducing del.max_depth.

    +
    • +
+

The issuing agent MUST NOT grant capabilities not present in its +own mandate. Capability escalation via delegation is prohibited and +MUST be detected and rejected by verifiers.

+

For well-known numeric constraints (e.g., max_records, +max_requests_per_hour), "more restrictive" means a numerically +lower or equal value. For well-known enumerated constraints +(e.g., data_sensitivity), "more restrictive" means a value that +is equal or higher in the defined ordering +("public" < "internal" < "confidential" < "restricted"). +For unknown or domain-specific constraint keys, verifiers MUST +treat the constraint as non-comparable and MUST reject the +delegation unless the delegated constraint value is byte-for-byte +identical to the parent constraint value.

+
+
+
+
+

+6.3. Delegation Verification +

+

A verifier receiving a delegated ACT MUST:

+
    +
  1. +

    Verify the ACT's own signature (Section 8.1).

    +
    2. +
  2. +

    For each entry in del.chain, in order from index 0 to +del.depth - 1: +a. Retrieve the public key for entry.delegator. +b. Verify that entry.sig is a valid signature over the SHA-256 + hash of the referenced parent ACT (identified by entry.jti). +c. Verify that the capabilities in the current ACT are a subset + of the capabilities in the parent ACT, per the constraint + comparison rules in Section 6.2.

    +
    3. +
  3. +

    Verify that del.depth does not exceed del.max_depth.

    +
    4. +
  4. +

    Verify that del.chain length equals del.depth.

    +
    5. +
+

If any step fails, the ACT MUST be rejected.

+
+
+
+
+
+
+

+7. DAG Structure and Causal Ordering +

+

ACTs in Phase 2 form a DAG over the pred (predecessor) claim. The DAG +encodes causal dependencies: a task MAY NOT begin before all its +parent tasks are completed.

+
+
+

+7.1. DAG Validation +

+

When processing a Phase 2 ACT, implementations MUST:

+
    +
  1. +

    Uniqueness: Verify the jti is unique within the workflow +(wid) or globally if wid is absent.

    +
    2. +
  2. +

    Predecessor Existence: Verify every jti in pred corresponds to +a Phase 2 ACT available in the ACT store or audit ledger.

    +
    3. +
  3. +

    Temporal Ordering: Verify that for each parent: +parent.exec_ts < child.exec_ts + clock_skew_tolerance +(RECOMMENDED tolerance: 30 seconds). Causal ordering is +primarily enforced by DAG structure, not timestamps.

    +
    4. +
  4. +

    Acyclicity: Following parent references MUST NOT lead back +to the current ACT's jti. Implementations MUST enforce a +maximum ancestor traversal limit (RECOMMENDED: 10,000 nodes).

    +
    5. +
  5. +

    Capability Consistency: Verify that exec_act matches one +of the action values in the cap array from Phase 1.

    +
    6. +
+
+
+
+
+

+7.2. Root Tasks and Fan-in +

+

A root task has pred = []. A workflow MAY have multiple root tasks +representing parallel branches with no shared predecessor.

+

Fan-in — a task with multiple parents — is expressed naturally:

+
+
+{
+  "pred": [
+    "550e8400-e29b-41d4-a716-446655440001",
+    "550e8400-e29b-41d4-a716-446655440002"
+  ]
+}
+
+
+

This indicates the current task depends on the completion of both +referenced parent tasks, which MAY have been executed in parallel +by different agents.

+
+
+
+
+

+7.3. DAG vs Linear Delegation Chains +

+

Several concurrent proposals for agent authorization model delegation +as an ordered, linear chain of tokens or principals. Examples include +the actchain claim of +[I-D.oauth-transaction-tokens-for-agents], the Agentic JWT +construction of [AgenticJWT], the AIP / Interaction-Bound Context Token +(IBCT) model of [AIP-IBCT], and the delegation record defined in +[I-D.helixar-hdp-agentic-delegation]. In each of these +designs, the trail from the originator to the final executor is +represented as an ordered array recording one predecessor per hop.

+
+
+

+7.3.1. What Linear Chains Express Well +

+

Linear chains are a natural fit for simple sequential delegation: +agent A delegates to agent B, which delegates to agent C. The chain +records the history of that single hand-off in order, and verifiers +can walk from the current holder back to the originator without +branching. For interactive user-to-agent-to-service flows, where each +step has exactly one predecessor, a linear chain is both sufficient +and compact.

+
+
+
+
+

+7.3.2. Limitations of Linear Chains +

+

Agentic workflows in practice are rarely purely linear. Planner +agents dispatch parallel sub-tasks; synthesizer agents consume +results from multiple independent branches; tool calls execute +concurrently and their outputs are merged. A linear chain cannot +faithfully represent the following common topologies:

+
    +
  • +

    Fork: A single task spawns multiple independent sub-tasks. A +linear chain cannot express that two concurrent sub-executions +share a common parent authorization but are otherwise +independent; each sub-task would either omit its siblings or +fabricate a false ordering between them.

    +
    • +
  • +

    Join (fan-in): A task whose output depends on results from +several predecessors has no single prior hop. Linear chains +cannot express multiple-parent relationships without either +collapsing parallel branches into an arbitrary order or +duplicating records.

    +
    • +
  • +

    Diamond dependencies: A planner dispatches parallel work and +later synthesizes the results. The synthesis step depends on +every branch, and all branches depend on the same planner. +This diamond shape requires a DAG; a linear chain forces the +verifier to pick one branch and discard the others.

    +
    • +
  • +

    Cross-chain references: When two independently authorized +chains produce outputs that are later combined (e.g., a shared +cache lookup and a fresh retrieval), linear chains force a +single history and cannot record that the combined result has +two distinct provenances.

    +
    • +
+
+
+
+
+

+7.3.3. ACT's DAG Approach +

+

As specified in Section 4.3, the pred claim is +an array of parent jti values rather than a single scalar. This +allows an ACT to record:

+
    +
  • +

    Zero parents (a root task, pred = []);

    +
    • +
  • +

    Exactly one parent (a linear chain, equivalent to the +single-predecessor designs referenced above);

    +
    • +
  • +

    Multiple parents (fan-in from parallel branches); and

    +
    • +
  • +

    Any acyclic shape that matches the actual execution structure.

    +
    • +
+

The following example illustrates a diamond workflow. A research +agent (A) dispatches a web-search agent (B) and a code-analysis +agent (C) in parallel; both complete, and their outputs are +combined by a writer agent (D):

+
+
+        +-----+
+        |  A  |   pred = []
+        +-----+
+         /   \
+        v     v
+     +---+   +---+
+     | B |   | C |   pred = [A.jti]
+     +---+   +---+
+        \   /
+         v v
+        +-----+
+        |  D  |   pred = [B.jti, C.jti]
+        +-----+
+
+
+

A linear actchain representation cannot express that D depends on +both B and C. At best, it can record one of the two parents and lose +the other, or serialize B and C into a false sequential order.

+
+
+
+
+

+7.3.4. Verifiability Implications +

+

With a DAG representation, an auditor holding the set of Phase 2 +ACTs for a workflow can reconstruct the full execution graph, not +just one chain per final record. This matters for:

+
    +
  • +

    Debugging: identifying which branch contributed an erroneous +input to a downstream synthesis.

    +
    • +
  • +

    Compliance: demonstrating that every input to a regulated +decision was itself authorized, not only the most recent hop.

    +
    • +
  • +

    Tamper-evidence: detecting that a branch has been omitted, +since the surviving siblings' pred arrays name the missing +predecessor by jti.

    +
    • +
+
+
+
+
+

+7.3.5. Interoperability with Linear-Chain Designs +

+

ACT's DAG reduces to a linear chain in the degenerate case where +every pred array has length zero or one. An implementation that +requires linear-chain semantics MAY treat such ACTs as equivalent +to actchain-style records and ignore the fork/join capability. +The reverse reduction is not available: a linear-chain-only design +cannot represent ACT DAG topologies without loss of information.

+

ACT therefore takes the linear chain as a strict subset of its +model rather than as a competing approach. The DAG generalization +is deliberate and is motivated by the concurrent, branching nature +of real agentic executions rather than by any deficiency in the +linear-chain designs for the sequential cases they target.

+
+
+
+
+
+
+
+
+

+8. Verification Procedure +

+
+
+

+8.1. Authorization Phase Verification +

+

A receiving agent MUST verify a Phase 1 ACT as follows:

+
    +
  1. +

    Parse JWS Compact Serialization per [RFC7515].

    +
    2. +
  2. +

    Verify typ is "act+jwt".

    +
    3. +
  3. +

    Verify alg is in the verifier's algorithm allowlist. The +allowlist MUST NOT include "none" or any symmetric algorithm.

    +
    4. +
  4. +

    Retrieve the public key for kid per the applicable trust tier +(Section 5).

    +
    5. +
  5. +

    Verify the JWS signature.

    +
    6. +
  6. +

    Verify exp has not passed (with clock skew tolerance: +RECOMMENDED maximum 5 minutes).

    +
    7. +
  7. +

    Verify iat is not unreasonably in the future (RECOMMENDED: +no more than 30 seconds ahead).

    +
    8. +
  8. +

    Verify aud contains the verifier's own identifier.

    +
    9. +
  9. +

    Verify iss is a trusted agent identity per local policy.

    +
    10. +
  10. +

    Verify sub matches the verifier's own identifier (the agent +is the intended recipient of this mandate).

    +
    11. +
  11. +

    Verify all required claims are present and well-formed.

    +
    12. +
  12. +

    Verify delegation chain (Section 6.3) if +del.chain is non-empty.

    +
    13. +
  13. +

    Verify capabilities are within policy limits.

    +
    14. +
+
+
+
+
+

+8.2. Execution Phase Verification +

+

In addition to all Phase 1 verification steps, a verifier processing +a Phase 2 ACT MUST:

+
    +
  1. +

    Verify exec_act is present and matches an action in cap.

    +
    2. +
  2. +

    Verify pred is present and perform DAG validation +(Section 7.1).

    +
    3. +
  3. +

    Verify exec_ts is present and is greater than or equal to +iat. If exec_ts is after exp, implementations SHOULD log +a warning but MUST NOT reject the record solely on this basis.

    +
    4. +
  4. +

    Verify status is present and has a valid value.

    +
    5. +
  5. +

    Verify the re-signature was produced by the sub agent (the +executing agent), not the iss agent (the mandating agent). +This is verified by checking that the kid in the Phase 2 JOSE +header corresponds to the sub agent's public key.

    +
    6. +
  6. +

    If inp_hash or out_hash are present, verify them against +locally available input/output data when possible.

    +
    7. +
+
+
+
+
+
+
+

+9. Transport +

+
+
+

+9.1. HTTP Header Transport +

+

This specification defines two HTTP header fields for ACT transport:

+

ACT-Mandate: Carries a Phase 1 ACT issued by an upstream agent +or operator. Value is the JWS Compact Serialization of the ACT.

+
+
+GET /api/safety-check HTTP/1.1
+Host: safety-agent.example.com
+ACT-Mandate: eyJhbGci...Phase1ACT...
+
+
+

ACT-Record: Carries a Phase 2 ACT from a predecessor agent, +serving as evidence of completed prerequisites.

+
+
+POST /api/downstream HTTP/1.1
+Host: downstream-agent.example.com
+ACT-Mandate: eyJhbGci...Phase1ACT...
+ACT-Record: eyJhbGci...Phase2ACT...
+
+
+

Multiple ACT-Record header lines MAY be included when a task has +multiple completed predecessors (DAG fan-in). If any single ACT-Record +fails verification, the receiver MUST reject the entire request.

+
+
+
+
+

+9.2. Non-HTTP Transports +

+

For non-HTTP transports (MCP stdio, A2A message queues, AMQP, etc.), +ACTs SHOULD be carried as a dedicated field in the transport's +metadata envelope. The field name SHOULD be act_mandate for Phase 1 +ACTs and act_record for Phase 2 ACTs. Implementations MUST use the +JWS Compact Serialization form in all transports.

+
+
+
+
+
+
+

+10. Audit Ledger Interface +

+

Phase 2 ACTs SHOULD be submitted to an immutable audit ledger. +A ledger is RECOMMENDED for regulated environments but is not +required for basic ACT operation. This specification does not +mandate a specific storage technology.

+

When an audit ledger is deployed, the implementation MUST provide:

+
    +
  1. +

    Append-only semantics: Once an ACT is recorded, it MUST NOT +be modified or deleted.

    +
    2. +
  2. +

    Ordering: A monotonically increasing sequence number per +recorded ACT.

    +
    3. +
  3. +

    Lookup: Efficient retrieval by jti value.

    +
    4. +
  4. +

    Integrity: A cryptographic commitment scheme over recorded +ACTs (e.g., hash-chaining, Merkle tree anchoring, or SCITT +registration per [I-D.ietf-scitt-architecture]).

    +
    5. +
+
+
+
+
+

+11. Security Considerations +

+
+
+

+11.1. Threat Model +

+

ACT assumes an adversarial environment where:

+
    +
  • +

    Individual agents may be compromised.

    +
    • +
  • +

    Network paths may be intercepted (mitigated by transport security).

    +
    • +
  • +

    Attackers may attempt to replay valid ACTs from prior interactions.

    +
    • +
  • +

    Colluding agents may attempt to fabricate execution records.

    +
    • +
  • +

    Agents may attempt privilege escalation via manipulated delegation +chains.

    +
    • +
+

ACT does NOT assume:

+
    +
  • +

    A trusted central authority (by design).

    +
    • +
  • +

    Synchronized clocks beyond the stated skew tolerance.

    +
    • +
  • +

    Availability of external network services during verification.

    +
    • +
+
+
+
+
+

+11.2. Self-Assertion Limitation +

+

Phase 2 ACTs are self-asserted: an executing agent signs its own +execution record. A compromised agent with an intact private key can +produce Phase 2 ACTs claiming arbitrary inputs, outputs, and action +types, as long as the claimed exec_act matches an authorized +capability.

+

This is a fundamental limitation of self-sovereign attestation. It +is the same limitation affecting WIMSE ECT +[I-D.nennemann-wimse-ect].

+

Mitigations:

+
    +
  • +

    Cross-agent corroboration: A receiving agent that processes +an ACT-Record as a prerequisite independently verifies that the +claimed out_hash matches the data it actually received.

    +
    • +
  • +

    Ledger sequencing: An append-only ledger with monotonic +sequence numbers prevents retroactive insertion of fabricated +records.

    +
    • +
  • +

    SCITT anchoring: For high-assurance deployments, Phase 2 ACTs +SHOULD be anchored to a SCITT Transparency Service, providing +external witness that the record was submitted at a claimed time.

    +
    • +
+
+
+
+
+

+11.3. Key Compromise +

+

If an agent's private key is compromised, an attacker can issue +arbitrary Phase 1 mandates (impersonating the agent as an issuer) +and fabricate Phase 2 records (impersonating the agent as an +executor).

+

Key compromise response:

+
    +
  1. +

    The compromised agent's identifier MUST be added to all +verifiers' deny lists.

    +
    2. +
  2. +

    In Tier 2 (PKI) deployments, the certificate MUST be revoked +via CRL or OCSP.

    +
    3. +
  3. +

    In Tier 3 (DID) deployments, the DID Document MUST be updated +to revoke the compromised key.

    +
    4. +
  4. +

    In Tier 1 (pre-shared key) deployments, both parties MUST +perform an out-of-band key rotation.

    +
    5. +
+

ACT chains that include records signed by a compromised key MUST +be treated as potentially tainted from the point of compromise. +Audit systems MUST flag all ACTs signed after the estimated +compromise time.

+
+
+
+
+

+11.4. Replay Attack Prevention +

+

jti uniqueness within the applicable scope (workflow or global) +provides replay detection. Verifiers MUST reject ACTs whose jti +has already been seen and processed.

+

exp provides a time-bounded replay window. Verifiers MUST reject +expired ACTs. The combination of jti and exp means that replay +detection state only needs to be maintained for the duration of token +lifetimes.

+
+
+
+
+

+11.5. Equivocation +

+

In standalone deployment (no audit ledger, no SCITT anchoring), ACT +does NOT provide non-equivocation guarantees. A compromised agent +can maintain two valid ACT chains — presenting Phase 2 records with +different out_hash values to different verifiers — and both will +pass independent verification.

+

Deployments claiming DORA [DORA] Article 10/11 compliance or EU AI +Act [EUAIA] Article 12 compliance MUST use one of:

+

(a) A shared append-only audit ledger visible to all relevant parties, + with cryptographic integrity (hash chaining or Merkle trees).

+

(b) SCITT anchoring [I-D.ietf-scitt-architecture] providing external + Transparency Service receipts.

+

Standalone ACT provides tamper detection (a verifier can detect +modification of a record it has seen) but not split-view prevention +(a verifier cannot detect a different record shown to another +verifier).

+
+
+
+
+

+11.6. Privilege Escalation +

+

Verifiers MUST check that each step in del.chain reduces or +maintains (never increases) the capabilities relative to the +preceding step. Implementations MUST reject ACTs where:

+
    +
  • +

    del.depth exceeds del.max_depth.

    +
    • +
  • +

    cap contains actions not present in any referenced parent ACT.

    +
    • +
  • +

    Constraints in cap are less restrictive than those in the parent.

    +
    • +
+
+
+
+
+

+11.7. Denial of Service +

+

ACT verification is more computationally expensive than standard JWT +validation due to delegation chain verification and DAG traversal.

+

Mitigations:

+
    +
  • +

    Reject ACTs larger than 64KB before parsing.

    +
    • +
  • +

    Enforce maximum del.chain length (RECOMMENDED: 10 entries).

    +
    • +
  • +

    Enforce maximum DAG ancestor traversal depth (RECOMMENDED: 10,000 +nodes, Section 7.1).

    +
    • +
  • +

    Cache verification results for recently seen jti values within +the token lifetime window.

    +
    • +
+
+
+
+
+
+
+

+12. Privacy Considerations +

+

ACT tokens and audit ledger records may contain information that +identifies agents, organizations, or individuals. Implementations +SHOULD apply data minimization principles:

+
    +
  • +

    task.created_by SHOULD use a pseudonymous identifier rather +than a personal email address or real name.

    +
    • +
  • +

    task.purpose SHOULD use a controlled vocabulary code rather +than free-text descriptions that may contain personal data.

    +
    • +
  • +

    del.chain entries reveal organizational structure. Cross- +organizational delegation chains SHOULD use Tier 3 (DID) +identifiers that do not reveal organizational affiliation.

    +
    • +
  • +

    inp_hash and out_hash are hashes of data, not the data +itself, and do not constitute personal data under GDPR +Article 4(1) provided the underlying data is not trivially +reversible (e.g., hashes of very short strings).

    +
    • +
+

For GDPR Article 17 (right to erasure) compliance, audit ledgers +SHOULD store only ACT tokens (which contain hashes, not raw data) +and SHOULD implement crypto-shredding for any associated encrypted +payloads.

+
+
+
+
+

+13. IANA Considerations +

+
+
+

+13.1. Media Type Registration +

+

This document requests registration of the following media type:

+
    +
  • +

    Type name: application

    +
    • +
  • +

    Subtype name: act+jwt

    +
    • +
  • +

    Required parameters: none

    +
    • +
  • +

    Encoding considerations: binary (base64url-encoded JWT)

    +
    • +
  • +

    Security considerations: See Section 11.

    +
    • +
  • +

    Interoperability considerations: See Section 8.1.

    +
    • +
  • +

    Specification: This document.

    +
    • +
+
+
+
+
+

+13.2. HTTP Header Field Registration +

+

This document requests registration of the following HTTP header +fields in the "Hypertext Transfer Protocol (HTTP) Field Name +Registry":

+
    +
  • +

    Header field name: ACT-Mandate

    +
    • +
  • +

    Applicable protocol: HTTP

    +
    • +
  • +

    Status: permanent

    +
    • +
  • +

    Specification: This document, Section 9.1.

    +
    • +
  • +

    Header field name: ACT-Record

    +
    • +
  • +

    Applicable protocol: HTTP

    +
    • +
  • +

    Status: permanent

    +
    • +
  • +

    Specification: This document, Section 9.1.

    +
    • +
+
+
+
+
+

+13.3. JWT Claims Registration +

+

This document requests registration of the following claims in the +IANA "JSON Web Token Claims" registry:

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Table 1
Claim NameDescriptionReference
widWorkflow identifierThis document
taskTask authorization contextThis document
capCapabilities with constraintsThis document
oversightHuman oversight requirementsThis document
delDelegation provenance chainThis document
exec_actExecuted action identifierThis document
predPredecessor task identifiers (DAG)This document
inp_hashSHA-256 hash of task inputThis document
out_hashSHA-256 hash of task outputThis document
exec_tsActual execution timestampThis document
statusExecution statusThis document
errExecution error contextThis document
+
+
+
+
+
+
+

+14. References +

+
+
+

+14.1. Normative References +

+
+
[RFC2119]
+
+Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, , <https://www.rfc-editor.org/rfc/rfc2119>.
+
+
[RFC7515]
+
+Jones, M., Bradley, J., and N. Sakimura, "JSON Web Signature (JWS)", RFC 7515, DOI 10.17487/RFC7515, , <https://www.rfc-editor.org/rfc/rfc7515>.
+
+
[RFC7517]
+
+Jones, M., "JSON Web Key (JWK)", RFC 7517, DOI 10.17487/RFC7517, , <https://www.rfc-editor.org/rfc/rfc7517>.
+
+
[RFC7518]
+
+Jones, M., "JSON Web Algorithms (JWA)", RFC 7518, DOI 10.17487/RFC7518, , <https://www.rfc-editor.org/rfc/rfc7518>.
+
+
[RFC7519]
+
+Jones, M., Bradley, J., and N. Sakimura, "JSON Web Token (JWT)", RFC 7519, DOI 10.17487/RFC7519, , <https://www.rfc-editor.org/rfc/rfc7519>.
+
+
[RFC8037]
+
+Liusvaara, I., "CFRG Elliptic Curve Diffie-Hellman (ECDH) and Signatures in JSON Object Signing and Encryption (JOSE)", RFC 8037, DOI 10.17487/RFC8037, , <https://www.rfc-editor.org/rfc/rfc8037>.
+
+
[RFC8174]
+
+Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, , <https://www.rfc-editor.org/rfc/rfc8174>.
+
+
[RFC9110]
+
+Fielding, R., Ed., Nottingham, M., Ed., and J. Reschke, Ed., "HTTP Semantics", STD 97, RFC 9110, DOI 10.17487/RFC9110, , <https://www.rfc-editor.org/rfc/rfc9110>.
+
+
[RFC9562]
+
+Davis, K., Peabody, B., and P. Leach, "Universally Unique IDentifiers (UUIDs)", RFC 9562, DOI 10.17487/RFC9562, , <https://www.rfc-editor.org/rfc/rfc9562>.
+
+
+
+
+
+
+

+14.2. Informative References +

+
+
[A2A-SPEC]
+
+Google, "Agent2Agent (A2A) Protocol", <https://github.com/a2aproject/A2A>.
+
+
[AgenticJWT]
+
+"Agentic JWT: A JSON Web Token Profile for Delegated Agent Authorization", , <https://arxiv.org/abs/2509.13597>.
+
+
[AIP-IBCT]
+
+S., P., "AIP: Agent Interaction Protocol with Interaction-Bound Context Tokens", , <https://arxiv.org/abs/2603.24775>.
+
+
[AUTOGEN]
+
+Microsoft, "AutoGen Documentation", <https://microsoft.github.io/autogen/>.
+
+
[CREWAI]
+
+CrewAI, "CrewAI Documentation", <https://docs.crewai.com/>.
+
+
[DID-KEY]
+
+D., L., "The did:key Method v0.7", , <https://w3c-ccg.github.io/did-method-key/>.
+
+
[DID-WEB]
+
+O., S., "did:web Method Specification", , <https://w3c-ccg.github.io/did-method-web/>.
+
+
[DORA]
+
+European Parliament, "Digital Operational Resilience Act (DORA), Regulation (EU) 2022/2554", , <https://eur-lex.europa.eu/eli/reg/2022/2554/oj>.
+
+
[EUAIA]
+
+European Parliament, "EU Artificial Intelligence Act, Regulation (EU) 2024/1689", , <https://eur-lex.europa.eu/eli/reg/2024/1689/oj>.
+
+
[I-D.aap-oauth-profile]
+
+A., C., "Agent Authorization Profile (AAP) for OAuth 2.0", Work in Progress, Internet-Draft, draft-aap-oauth-profile-01, , <https://datatracker.ietf.org/doc/draft-aap-oauth-profile/>.
+
+
[I-D.emirdag-scitt-ai-agent-execution]
+
+Emirdag, "A SCITT Profile for AI Agent Execution Records", Work in Progress, Internet-Draft, draft-emirdag-scitt-ai-agent-execution-00, , <https://datatracker.ietf.org/doc/draft-emirdag-scitt-ai-agent-execution/>.
+
+
[I-D.helixar-hdp-agentic-delegation]
+
+Helixar, "Helixar Delegation Protocol (HDP) for Agentic Delegation", Work in Progress, Internet-Draft, draft-helixar-hdp-agentic-delegation-00, , <https://datatracker.ietf.org/doc/draft-helixar-hdp-agentic-delegation/>.
+
+
[I-D.ietf-scitt-architecture]
+
+Birkholz, H., Delignat-Lavaud, A., Fournet, C., Deshpande, Y., and S. Lasker, "An Architecture for Trustworthy and Transparent Digital Supply Chains", Work in Progress, Internet-Draft, draft-ietf-scitt-architecture-22, , <https://datatracker.ietf.org/doc/html/draft-ietf-scitt-architecture-22>.
+
+
[I-D.nennemann-wimse-ect]
+
+Nennemann, C., "Execution Context Tokens for Distributed Agentic Workflows", Work in Progress, Internet-Draft, draft-nennemann-wimse-ect-02, , <https://datatracker.ietf.org/doc/draft-nennemann-wimse-ect/>.
+
+
[I-D.oauth-transaction-tokens-for-agents]
+
+G., F., "Transaction Tokens for Agentic AI Systems", Work in Progress, Internet-Draft, draft-oauth-transaction-tokens-for-agents-06, , <https://datatracker.ietf.org/doc/draft-oauth-transaction-tokens-for-agents/>.
+
+
[IEC62304]
+
+IEC, "Medical device software — Software life cycle processes, IEC 62304:2006+AMD1:2015", , <https://www.iec.ch/>.
+
+
[LANGGRAPH]
+
+LangChain, "LangGraph Documentation", <https://langchain-ai.github.io/langgraph/>.
+
+
[MCP-SPEC]
+
+"Model Context Protocol Specification", , <https://modelcontextprotocol.io/specification/2025-11-25>.
+
+
[OPENAI-AGENTS-SDK]
+
+OpenAI, "OpenAI Agents SDK", <https://openai.github.io/openai-agents-python/>.
+
+
[RFC7009]
+
+Lodderstedt, T., Ed., Dronia, S., and M. Scurtescu, "OAuth 2.0 Token Revocation", RFC 7009, DOI 10.17487/RFC7009, , <https://www.rfc-editor.org/rfc/rfc7009>.
+
+
[RFC8693]
+
+Jones, M., Nadalin, A., Campbell, B., Ed., Bradley, J., and C. Mortimore, "OAuth 2.0 Token Exchange", RFC 8693, DOI 10.17487/RFC8693, , <https://www.rfc-editor.org/rfc/rfc8693>.
+
+
[SentinelAgent]
+
+Patil, "SentinelAgent: A Formal Delegation Chain Calculus for Verifiable Agent Authorization", , <https://arxiv.org/abs/2604.02767>.
+
+
[W3C-DID]
+
+M., S., "Decentralized Identifiers (DIDs) v1.0", , <https://www.w3.org/TR/did-core/>.
+
+
+
+
+
+
+
+
+

+Appendix A: Complete JSON Schema +

+

The normative JSON Schema for ACT Phase 1 and Phase 2 tokens is +available at [TODO: reference implementation repository].

+
+
+
+
+

+Appendix B: Test Vectors +

+
+
+

+B.1. Valid Phase 1 ACT — Root Mandate (Tier 1, Pre-Shared Key) +

+
+
+[TODO: include encoded test vector with signing key, payload,
+and expected JWS Compact Serialization]
+
+
+
+
+
+
+

+B.2. Valid Phase 2 ACT — Completed Execution +

+
+
+[TODO: include encoded test vector demonstrating Phase 1 -> Phase 2
+transition with re-signature by target agent]
+
+
+
+
+
+
+

+B.3. Valid Phase 2 ACT — Fan-in (Multiple Parents) +

+
+
+[TODO: demonstrate pred with two predecessor jti values from parallel
+workflow branches]
+
+
+
+
+
+
+

+B.4. Invalid ACT — Delegation Depth Exceeded +

+
+
+[TODO: demonstrate del.depth > del.max_depth rejection]
+
+
+
+
+
+
+

+B.5. Invalid ACT — Capability Escalation +

+
+
+[TODO: demonstrate rejection when delegated cap contains action
+not present in parent ACT]
+
+
+
+
+
+
+

+B.6. Invalid ACT — exec_act Mismatch +

+
+
+[TODO: demonstrate rejection when exec_act does not match any
+cap.action in the Phase 1 claims]
+
+
+
+
+
+
+
+
+

+Appendix C: Deployment Scenarios +

+
+
+

+C.1. Minimal Deployment (Zero Infrastructure) +

+

Two organizations exchange pre-shared public keys via secure email. +Each agent signs Phase 1 mandates and Phase 2 records with its +Ed25519 key. No ledger, no external services. Suitable for +development and low-risk workflows.

+

Limitation: No non-equivocation (Section 11.5).

+
+
+
+
+

+C.2. Regulated Deployment with Hash-Chained Ledger +

+

Phase 2 ACTs are submitted to a shared append-only ledger with +hash-chaining. Each recorded ACT extends a cryptographic chain, +providing tamper evidence for each ACT and the chain as a whole. +The ledger is shared between all regulated parties participating +in the workflow. Suitable for DORA compliance.

+
+
+
+
+

+C.3. High-Assurance Cross-Organizational Deployment +

+

Phase 2 ACTs are anchored to a SCITT Transparency Service. SCITT +receipts are attached to the audit record as non-equivocation proofs. +DID-based agent identities (Tier 3) enable self-sovereign key +management without shared CA infrastructure.

+
+
+
+
+

+C.4. WIMSE Environment Integration +

+

In environments where WIMSE is already deployed, ACT-Mandate and +ACT-Record headers are carried alongside the WIMSE Workload-Identity +header. The ECT and ACT serve different purposes: the ECT records +workload-level execution in WIMSE terms; the ACT records the +authorization provenance and capability constraints that governed +the action.

+
+
+
+
+
+
+

+Acknowledgments +

+

The author thanks the IETF WIMSE, OAuth, and SCITT working groups +for foundational work on workload identity, delegated authorization, +and transparent supply chain records that informs this specification.

+
+
+
+
+

+Author's Address +

+
+
Christian Nennemann
+
Independent Researcher
+ +
+
+
+ + + diff --git a/workspace/packages/act/draft-nennemann-act-01.md b/workspace/drafts/act/draft-nennemann-act-01.md similarity index 76% rename from workspace/packages/act/draft-nennemann-act-01.md rename to workspace/drafts/act/draft-nennemann-act-01.md index 92b364f..4468c71 100644 --- a/workspace/packages/act/draft-nennemann-act-01.md +++ b/workspace/drafts/act/draft-nennemann-act-01.md @@ -1,16 +1,170 @@ -# Agent Context Token (ACT) +--- +title: "Agent Context Token (ACT)" +abbrev: "ACT" +category: std +docname: draft-nennemann-act-01 +submissiontype: IETF +number: +date: +v: 3 +area: "SEC" +keyword: + - agent authorization + - execution accountability + - JWT + - DAG + - delegation -``` -Independent Submission C. Nennemann -Internet-Draft Independent -Intended status: Standards Track April 2026 -Expires: October 2026 +author: + - + fullname: Christian Nennemann + organization: Independent Researcher + email: ietf@nennemann.de - Agent Context Token (ACT) - draft-nennemann-act-01 -``` +normative: + RFC7515: + RFC7517: + RFC7518: + RFC7519: + RFC8037: + RFC9110: + RFC9562: -## Abstract +informative: + RFC7009: + RFC8693: + I-D.nennemann-wimse-ect: + title: "Execution Context Tokens for Distributed Agentic Workflows" + target: https://datatracker.ietf.org/doc/draft-nennemann-wimse-ect/ + seriesinfo: + Internet-Draft: draft-nennemann-wimse-ect-02 + date: 2026 + author: + - fullname: Christian Nennemann + # draft-ietf-scitt-architecture is currently in AUTH48 (RFC Editor + # queue) at version -22. To become RFC upon publication. Readers + # should use the RFC number once assigned. + I-D.ietf-scitt-architecture: + I-D.oauth-transaction-tokens-for-agents: + title: "Transaction Tokens for Agentic AI Systems" + target: https://datatracker.ietf.org/doc/draft-oauth-transaction-tokens-for-agents/ + seriesinfo: + Internet-Draft: draft-oauth-transaction-tokens-for-agents-06 + date: 2026 + author: + - fullname: Fletcher, G. + I-D.aap-oauth-profile: + title: "Agent Authorization Profile (AAP) for OAuth 2.0" + target: https://datatracker.ietf.org/doc/draft-aap-oauth-profile/ + seriesinfo: + Internet-Draft: draft-aap-oauth-profile-01 + date: 2026-02 + author: + - fullname: Cruz, A. + I-D.helixar-hdp-agentic-delegation: + title: "Helixar Delegation Protocol (HDP) for Agentic Delegation" + target: https://datatracker.ietf.org/doc/draft-helixar-hdp-agentic-delegation/ + seriesinfo: + Internet-Draft: draft-helixar-hdp-agentic-delegation-00 + date: 2026 + author: + - org: Helixar + I-D.emirdag-scitt-ai-agent-execution: + title: "A SCITT Profile for AI Agent Execution Records" + target: https://datatracker.ietf.org/doc/draft-emirdag-scitt-ai-agent-execution/ + seriesinfo: + Internet-Draft: draft-emirdag-scitt-ai-agent-execution-00 + date: 2026-04 + author: + - fullname: Emirdag + AgenticJWT: + title: "Agentic JWT: A JSON Web Token Profile for Delegated Agent Authorization" + target: https://arxiv.org/abs/2509.13597 + date: 2025 + AIP-IBCT: + title: "AIP: Agent Interaction Protocol with Interaction-Bound Context Tokens" + target: https://arxiv.org/abs/2603.24775 + date: 2026-03 + author: + - fullname: Prakash, S. + SentinelAgent: + title: "SentinelAgent: A Formal Delegation Chain Calculus for Verifiable Agent Authorization" + target: https://arxiv.org/abs/2604.02767 + date: 2026-04 + author: + - fullname: Patil + MCP-SPEC: + title: "Model Context Protocol Specification" + target: https://modelcontextprotocol.io/specification/2025-11-25 + date: 2025-11-25 + OPENAI-AGENTS-SDK: + title: "OpenAI Agents SDK" + target: https://openai.github.io/openai-agents-python/ + date: false + author: + - org: OpenAI + LANGGRAPH: + title: "LangGraph Documentation" + target: https://langchain-ai.github.io/langgraph/ + date: false + author: + - org: LangChain + A2A-SPEC: + title: "Agent2Agent (A2A) Protocol" + target: https://github.com/a2aproject/A2A + date: false + author: + - org: Google + CREWAI: + title: "CrewAI Documentation" + target: https://docs.crewai.com/ + date: false + author: + - org: CrewAI + AUTOGEN: + title: "AutoGen Documentation" + target: https://microsoft.github.io/autogen/ + date: false + author: + - org: Microsoft + W3C-DID: + title: "Decentralized Identifiers (DIDs) v1.0" + target: https://www.w3.org/TR/did-core/ + date: 2022-07 + author: + - fullname: Sporny, M. + DID-KEY: + title: "The did:key Method v0.7" + target: https://w3c-ccg.github.io/did-method-key/ + date: 2021 + author: + - fullname: Longley, D. + DID-WEB: + title: "did:web Method Specification" + target: https://w3c-ccg.github.io/did-method-web/ + date: 2022 + author: + - fullname: Steele, O. + DORA: + title: "Digital Operational Resilience Act (DORA), Regulation (EU) 2022/2554" + target: https://eur-lex.europa.eu/eli/reg/2022/2554/oj + date: 2022 + author: + - org: European Parliament + EUAIA: + title: "EU Artificial Intelligence Act, Regulation (EU) 2024/1689" + target: https://eur-lex.europa.eu/eli/reg/2024/1689/oj + date: 2024 + author: + - org: European Parliament + IEC62304: + title: "Medical device software — Software life cycle processes, IEC 62304:2006+AMD1:2015" + target: https://www.iec.ch/ + date: 2015 + author: + - org: IEC + +--- abstract This document defines the Agent Context Token (ACT), a self-contained JWT-based format that captures the full invocation context of an @@ -24,108 +178,16 @@ outputs and linking to predecessor tasks via a directed acyclic graph (DAG). ACT requires no Authorization Server, no workload identity infrastructure, and no transparency service for basic operation. Trust is bootstrapped via pre-shared keys and is upgradeable to PKI or -Decentralized Identifiers (DIDs). ACT is designed for cross- -organizational agent federation in regulated and unregulated +Decentralized Identifiers (DIDs). ACT is designed for +cross-organizational agent federation in regulated and unregulated environments alike. ACT is the general-purpose agent context primitive; the WIMSE Execution Context Token (ECT) -[I-D.nennemann-wimse-ect] is a sibling profile specialized for +{{I-D.nennemann-wimse-ect}} is a sibling profile specialized for workload-identity-bound execution recording in WIMSE deployments. ---- +--- middle -## Status of This Memo - -This Internet-Draft is submitted in full conformance with the -provisions of BCP 78 and BCP 79. - -Internet-Drafts are working documents of the Internet Engineering Task -Force (IETF). Note that other groups may also distribute working -documents as Internet-Drafts. The list of current Internet-Drafts is -at https://datatracker.ietf.org/drafts/current/. - -This Internet-Draft will expire on 11 October 2026. - ---- - -## Copyright Notice - -Copyright (c) 2026 IETF Trust and the persons identified as the -document authors. All rights reserved. - -This document is subject to BCP 78 and the IETF Trust's Legal -Provisions Relating to IETF Documents -(https://trustee.ietf.org/license-info). - ---- - -## Table of Contents - -1. Introduction - - 1.1. Problem Statement - - 1.2. Design Goals - - 1.3. Non-Goals - - 1.4. Relationship to Related Work - - 1.4.1. Concurrent Agent Authorization Proposals - - 1.5. Applicability - - 1.5.1. Model Context Protocol (MCP) Tool-Use Flows - - 1.5.2. OpenAI Agents SDK and Function Calling - - 1.5.3. LangGraph and LangChain Agent Graphs - - 1.5.4. Google Agent2Agent (A2A) Protocol - - 1.5.5. Enterprise Orchestration Without WIMSE (CrewAI, AutoGen) - - 1.5.6. Relationship to WIMSE ECT -2. Conventions and Definitions -3. ACT Lifecycle - - 3.1. Phase 1: Authorization Mandate - - 3.2. Phase 2: Execution Record - - 3.3. Lifecycle State Machine -4. ACT Token Format - - 4.1. JOSE Header - - 4.2. JWT Claims: Authorization Phase - - 4.3. JWT Claims: Execution Phase - - 4.4. Complete Examples -5. Trust Model - - 5.1. Tier 0: Bootstrap (TOFU) - - 5.2. Tier 1: Pre-Shared Keys (Mandatory-to-Implement) - - 5.3. Tier 2: PKI / X.509 - - 5.4. Tier 3: Decentralized Identifiers (DID) - - 5.5. Cross-Tier Interoperability -6. Delegation Chain - - 6.1. Peer-to-Peer Delegation - - 6.2. Privilege Reduction Requirements - - 6.3. Delegation Verification -7. DAG Structure and Causal Ordering - - 7.1. DAG Validation - - 7.2. Root Tasks and Fan-in -8. Verification Procedure - - 8.1. Authorization Phase Verification - - 8.2. Execution Phase Verification -9. Transport - - 9.1. HTTP Header Transport - - 9.2. Non-HTTP Transports -10. Audit Ledger Interface -11. Security Considerations - - 11.1. Threat Model - - 11.2. Self-Assertion Limitation - - 11.3. Key Compromise - - 11.4. Replay Attack Prevention - - 11.5. Equivocation - - 11.6. Privilege Escalation - - 11.7. Denial of Service -12. Privacy Considerations -13. IANA Considerations - - 13.1. Media Type Registration - - 13.2. HTTP Header Field Registration - - 13.3. JWT Claims Registration -14. References - - 14.1. Normative References - - 14.2. Informative References -- Appendix A: Complete JSON Schema -- Appendix B: Test Vectors -- Appendix C: Deployment Scenarios - ---- - -## 1. Introduction +# Introduction Autonomous AI agents increasingly operate across organizational boundaries, executing multi-step workflows where individual tasks are @@ -140,10 +202,10 @@ distinct, inseparable compliance requirements: prior tasks? Existing specifications address these requirements in isolation. -The Agent Authorization Profile (AAP) [I-D.aap-oauth-profile] +The Agent Authorization Profile (AAP) {{I-D.aap-oauth-profile}} provides structured authorization via OAuth 2.0 but requires a central Authorization Server. The WIMSE Execution Context Token -[I-D.nennemann-wimse-ect] provides execution accountability but +{{I-D.nennemann-wimse-ect}} provides execution accountability but requires WIMSE workload identity infrastructure (SPIFFE/SPIRE). This document defines the Agent Context Token (ACT), which addresses @@ -154,11 +216,11 @@ carries: the complete invocation context of an agent — DAG references, task metadata, capabilities, delegation chain, and oversight claims — bound together in one cryptographically verifiable envelope. ACT is positioned as the general agent context primitive, with the -WIMSE Execution Context Token (ECT) [I-D.nennemann-wimse-ect] as a +WIMSE Execution Context Token (ECT) {{I-D.nennemann-wimse-ect}} as a sibling profile specialized for workload-identity-bound execution contexts in WIMSE deployments. -### 1.1. Problem Statement +## Problem Statement Cross-organizational agent federation today faces a bootstrapping problem: deploying shared OAuth infrastructure or a common SPIFFE @@ -178,7 +240,7 @@ with nothing more than an out-of-band key exchange — while providing a clean upgrade path to PKI or DID-based trust without changing the token format. -### 1.2. Design Goals +## Design Goals - **G1 — Zero infrastructure baseline**: ACT MUST be deployable with no shared servers, no common identity provider, and no transparency @@ -201,14 +263,14 @@ token format. participant holding the issuing agent's public key. - **G6 — Regulatory applicability**: ACT MUST provide sufficient - evidence for audit requirements in DORA [DORA], EU AI Act - Article 12 [EUAIA], and IEC 62304 [IEC62304] without requiring + evidence for audit requirements in DORA {{DORA}}, EU AI Act + Article 12 {{EUAIA}}, and IEC 62304 {{IEC62304}} without requiring additional log formats. - **G7 — Upgrade path**: The trust model MUST support migration from pre-shared keys to PKI or DID without breaking existing ACT chains. -### 1.3. Non-Goals +## Non-Goals The following are explicitly out of scope: @@ -216,21 +278,21 @@ The following are explicitly out of scope: - Replacing organizational security policies or procedures. - Defining storage formats for audit ledgers. - Specifying token revocation infrastructure (deployments MAY use - existing mechanisms such as [RFC7009] for this purpose). + existing mechanisms such as {{RFC7009}} for this purpose). - Providing non-equivocation guarantees in standalone mode (see - Section 11.5 for the equivocation discussion and optional + {{equivocation}} for the equivocation discussion and optional transparency anchoring). -### 1.4. Relationship to Related Work +## Relationship to Related Work -**AAP [I-D.aap-oauth-profile]**: ACT addresses the same authorization +**AAP {{I-D.aap-oauth-profile}}**: ACT addresses the same authorization problem as AAP but does not require an Authorization Server. ACT delegation is peer-to-peer via cryptographic signature chaining; -AAP delegation requires OAuth Token Exchange [RFC8693] against a -central AS. ACT is not a profile of AAP; it is an infrastructure- -independent alternative for the same problem class. +AAP delegation requires OAuth Token Exchange {{RFC8693}} against a +central AS. ACT is not a profile of AAP; it is an +infrastructure-independent alternative for the same problem class. -**WIMSE ECT [I-D.nennemann-wimse-ect]**: ACT addresses the same +**WIMSE ECT {{I-D.nennemann-wimse-ect}}**: ACT addresses the same execution accountability problem as the WIMSE Execution Context Token but does not require WIMSE workload identity infrastructure. ACT is not a profile of WIMSE; it is deployable in environments without @@ -238,24 +300,24 @@ SPIFFE/SPIRE. In environments where WIMSE is deployed, ACT MAY be carried alongside WIMSE tokens to augment accountability with authorization provenance. -**SCITT [I-D.ietf-scitt-architecture]**: For deployments requiring -non-equivocation guarantees (see Section 11.5), ACT execution records -MAY be anchored to a SCITT Transparency Service as a Layer 2 +**SCITT {{I-D.ietf-scitt-architecture}}**: For deployments requiring +non-equivocation guarantees (see {{equivocation}}), ACT execution +records MAY be anchored to a SCITT Transparency Service as a Layer 2 mechanism. This is OPTIONAL and not required for basic ACT operation. Note: The SCITT architecture draft is currently in AUTH48 (RFC Editor queue) at version -22 and is about to become an RFC; readers should use the RFC number once assigned. -#### 1.4.1. Concurrent Agent Authorization Proposals +### Concurrent Agent Authorization Proposals Several concurrent proposals in the IETF and academic communities address overlapping portions of the agent authorization problem space. This subsection situates ACT relative to those proposals. Protocol-layer comparison of linear versus DAG delegation -structure is deferred to Section 7.3; the summaries below focus on -scope and deployability. +structure is deferred to {{dag-vs-linear}}; the summaries below focus +on scope and deployability. -**AIP / IBCTs [AIP-IBCT]**: The Agent Interaction Protocol proposes +**AIP / IBCTs {{AIP-IBCT}}**: The Agent Interaction Protocol proposes Interaction-Bound Capability Tokens in two modes: compact signed JWTs for single-hop invocation and Biscuit/Datalog tokens for multi-hop delegation, motivated by a survey of approximately 2,000 @@ -268,7 +330,7 @@ supports DAG delegation structure. IBCTs are modeled as append-only chains at the protocol layer; ACT operates at the authorization graph layer with revocable lifecycle states. -**SentinelAgent [SentinelAgent]**: SentinelAgent defines a formal +**SentinelAgent {{SentinelAgent}}**: SentinelAgent defines a formal Delegation Chain Calculus with seven verifiable properties, a TLA+ mechanization, and reports 100% true-positive and 0% false-positive rates against the DelegationBench v4 benchmark. It addresses the @@ -280,7 +342,7 @@ invariants in IETF-standard JWT infrastructure (RFC 7519, RFC 7515, RFC 8032) already deployable in existing OAuth- and JOSE-aware stacks. -**Agentic JWT [AgenticJWT]**: Agentic JWT derives a per-agent +**Agentic JWT {{AgenticJWT}}**: Agentic JWT derives a per-agent identity as a one-way hash of the agent's prompt, registered tools, and configuration, and chains delegation assertions across invocations. It is the closest prior-art JWT-based construction @@ -291,7 +353,7 @@ via the array-valued `pred` claim rather than a strictly linear chain. **OAuth Transaction Tokens for Agents -[I-D.draft-oauth-transaction-tokens-for-agents-06]**: This draft +{{I-D.oauth-transaction-tokens-for-agents}}**: This draft extends OAuth Transaction Tokens with an `actchain` claim (an ordered delegation array), an `agentic_ctx` claim conveying intent and constraints, and flow-type markers distinguishing interactive @@ -301,10 +363,10 @@ infrastructure dependency: Transaction Tokens for Agents presume an OAuth Authorization Server and use a linear `actchain`, whereas ACT operates peer-to-peer without any AS and uses a DAG-valued `pred`. A detailed differencing document is referenced in -Section 11. +{{security-considerations}}. **Helixar Delegation Protocol (HDP) -[I-D.draft-helixar-hdp-agentic-delegation-00]**: HDP specifies +{{I-D.helixar-hdp-agentic-delegation}}**: HDP specifies Ed25519 signatures over RFC 8785-canonicalized JSON, an append-only linear delegation chain with session binding, and offline verification. ACT addresses the same problem but is @@ -313,31 +375,32 @@ ecosystem) rather than raw canonical JSON, and its `pred` claim admits DAG topologies rather than strictly linear chains. **SCITT Profile for AI Agent Execution Records -[I-D.draft-emirdag-scitt-ai-agent-execution-00]**: This draft +{{I-D.emirdag-scitt-ai-agent-execution}}**: This draft defines a SCITT profile in which AgentInteractionRecord (AIR) payloads are carried as COSE_Sign1 statements anchored to a SCITT Transparency Service. It is highly complementary to ACT: where ACT defines the two-phase lifecycle token issued and consumed by agents at runtime, the SCITT AI Agent Execution draft defines the payload format suitable for long-term anchoring. -Implementations that anchor Phase 2 ACTs to SCITT (Section 11) -SHOULD consider the AIR payload structure defined in that draft -as the canonical encoding for anchored records. +Implementations that anchor Phase 2 ACTs to SCITT +({{security-considerations}}) SHOULD consider the AIR payload +structure defined in that draft as the canonical encoding for +anchored records. -### 1.5. Applicability +## Applicability ACT is designed as a general-purpose primitive for AI agent authorization and execution accountability. While a sibling -specification [I-D.nennemann-wimse-ect] profiles execution context +specification {{I-D.nennemann-wimse-ect}} profiles execution context tokens specifically for the WIMSE working group's workload identity infrastructure, ACT operates without any shared identity plane. This section identifies deployment contexts where ACT applies independently of WIMSE, and clarifies how ACT complements — rather than competes with — ecosystem-specific agent protocols. -#### 1.5.1. Model Context Protocol (MCP) Tool-Use Flows +### Model Context Protocol (MCP) Tool-Use Flows -The Model Context Protocol [MCP-SPEC] defines a client-server +The Model Context Protocol {{MCP-SPEC}} defines a client-server interface by which LLM hosts invoke external tools via structured JSON-RPC calls. MCP 2025-11-25 mandates OAuth 2.1 for transport-layer authentication, but provides no mechanism for carrying per-invocation @@ -359,11 +422,11 @@ OAuth layer. This integration requires no modification to MCP transport; the ACT SHOULD be carried in the `ACT-Mandate` and `ACT-Record` HTTP headers -defined in Section 9.1 of this document. +defined in {{http-header-transport}} of this document. -#### 1.5.2. OpenAI Agents SDK and Function Calling +### OpenAI Agents SDK and Function Calling -The OpenAI Agents SDK [OPENAI-AGENTS-SDK] enables composition of +The OpenAI Agents SDK {{OPENAI-AGENTS-SDK}} enables composition of agents via handoffs — structured transfers of control from one agent to another, each potentially invoking registered function tools. The SDK provides no built-in mechanism for a receiving agent to verify @@ -379,9 +442,9 @@ MAY exercise. The receiving agent SHOULD attach its Phase 2 ACT Record to any callback or downstream response, providing the orchestrator with cryptographic evidence of the actions taken. In multi-turn chains involving multiple handoffs, the DAG linkage -(Section 7) allows each handoff to be expressed as a parent-child -edge, preserving the full causal ordering of the agent invocation -sequence. +({{dag-structure}}) allows each handoff to be expressed as a +parent-child edge, preserving the full causal ordering of the agent +invocation sequence. Implementations that use the OpenAI function calling API directly, without the Agents SDK, MAY apply ACT at the application layer: the @@ -389,15 +452,15 @@ calling process issues a Phase 1 ACT before the function call parameter block is finalized, and the receiving function handler returns a Phase 2 ACT alongside its JSON result. -#### 1.5.3. LangGraph and LangChain Agent Graphs +### LangGraph and LangChain Agent Graphs -LangGraph [LANGGRAPH] models agent workflows as typed StateGraphs in +LangGraph {{LANGGRAPH}} models agent workflows as typed StateGraphs in which nodes represent agent invocations or tool calls and edges -represent conditional transitions. The DAG structure of ACT (Section -7) is a natural fit for this model: each LangGraph node that performs -an observable action corresponds to exactly one ACT task identifier -(`tid`), and directed edges in the LangGraph correspond to `pred` -(predecessor) references in successor ACTs. +represent conditional transitions. The DAG structure of ACT +({{dag-structure}}) is a natural fit for this model: each LangGraph +node that performs an observable action corresponds to exactly one +ACT task identifier (`tid`), and directed edges in the LangGraph +correspond to `pred` (predecessor) references in successor ACTs. ACT is applicable at the node boundary: when a LangGraph node dispatches a sub-agent or invokes a tool with side effects, it SHOULD @@ -416,9 +479,9 @@ and portable: they can be exported from a LangGraph run and submitted to an external audit ledger, satisfying compliance requirements that cannot be met by in-process logging alone. -#### 1.5.4. Google Agent2Agent (A2A) Protocol +### Google Agent2Agent (A2A) Protocol -The Agent2Agent protocol [A2A-SPEC] defines a task-oriented JSON-RPC +The Agent2Agent protocol {{A2A-SPEC}} defines a task-oriented JSON-RPC interface for inter-agent communication, with authentication delegated to OAuth 2.0 or API key schemes declared in each agent's Agent Card. A2A provides no mechanism for a receiving agent to @@ -442,25 +505,25 @@ independent layers and are not redundant. A2A's credential answers answers "is this agent permitted to request this specific task under these constraints?". -#### 1.5.5. Enterprise Orchestration Without WIMSE (CrewAI, AutoGen) +### Enterprise Orchestration Without WIMSE (CrewAI, AutoGen) -Enterprise orchestration frameworks such as CrewAI [CREWAI] and -AutoGen [AUTOGEN] deploy multi-agent systems within a single +Enterprise orchestration frameworks such as CrewAI {{CREWAI}} and +AutoGen {{AUTOGEN}} deploy multi-agent systems within a single organizational boundary, typically without SPIFFE/SPIRE workload identity infrastructure. In these environments, OAuth Authorization -Servers are often unavailable or impractical to deploy for intra- -process agent communication. +Servers are often unavailable or impractical to deploy for +intra-process agent communication. ACT is applicable in this context via its Tier 1 (pre-shared key) -trust model (Section 5.2): each agent role in a CrewAI Crew or +trust model ({{tier1}}): each agent role in a CrewAI Crew or AutoGen ConversableAgent graph is assigned an Ed25519 keypair at instantiation time. The orchestrating agent issues Phase 1 Mandates to worker agents before delegating tasks, constraining each worker to only the tools and actions relevant to its role. Worker agents produce Phase 2 Records on task completion. The resulting ACT chain is exportable as a structured audit trail that satisfies the -per-action logging requirements of DORA [DORA] and EU AI Act -Article 12 [EUAIA] without requiring shared infrastructure beyond +per-action logging requirements of DORA {{DORA}} and EU AI Act +Article 12 {{EUAIA}} without requiring shared infrastructure beyond the ability to exchange public keys at deployment time. Implementations SHOULD NOT use ACT's self-assertion mode (where an @@ -469,10 +532,10 @@ in regulated workflows; at minimum, the orchestrating agent MUST sign the initial Mandate so that accountability is anchored to a principal outside the executing agent. -#### 1.5.6. Relationship to WIMSE ECT +### Relationship to WIMSE ECT Where WIMSE infrastructure is deployed, ACT and the WIMSE Execution -Context Token [I-D.nennemann-wimse-ect] serve complementary and +Context Token {{I-D.nennemann-wimse-ect}} serve complementary and non-overlapping functions. The ECT records workload-level execution in WIMSE terms — which SPIFFE workload executed, in which trust domain, against which service. ACT records the authorization @@ -489,15 +552,9 @@ identifiers present in the ECT's task context. Neither token is a profile or extension of the other; they operate at different abstraction layers and their co-presence is additive. ---- +# Conventions and Definitions -## 2. Conventions and Definitions - -The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", -"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and -"OPTIONAL" in this document are to be interpreted as described in -BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all -capitals, as shown here. +{::boilerplate bcp14-tagged} **Agent**: An autonomous software entity that executes tasks, issues ACTs as mandates for sub-agents, and produces ACTs as execution @@ -527,9 +584,7 @@ pre-shared keys (Tier 1, mandatory) to PKI (Tier 2) and DIDs **Workflow**: A set of related tasks, identified by a shared `wid` claim, forming a single logical unit of work. ---- - -## 3. ACT Lifecycle +# ACT Lifecycle An ACT has a two-phase lifecycle. The same token format is used in both phases; the presence or absence of execution claims determines @@ -542,7 +597,7 @@ phase before applying verification rules, and MUST reject a token that is presented in the wrong phase for the operation being performed. -### 3.1. Phase 1: Authorization Mandate +## Phase 1: Authorization Mandate In Phase 1, an ACT is created by a delegating agent (or a human operator) to authorize a target agent to perform a specific task. The @@ -563,7 +618,7 @@ Phase 1 ACTs are short-lived. Implementations SHOULD set expiration automated agent-to-agent workflows. Longer lifetimes MAY be used for human-initiated mandates where the agent may not act immediately. -### 3.2. Phase 2: Execution Record +## Phase 2: Execution Record Upon completing the authorized task, the executing agent MUST transition the ACT to Phase 2 by: @@ -595,12 +650,12 @@ verifiability of the original mandate SHOULD retain the Phase 1 ACT separately alongside the Phase 2 record. The resulting Phase 2 ACT SHOULD be submitted to an audit ledger -(Section 10) and MAY be sent to the next agent in the workflow as -evidence of completed prerequisites. +({{audit-ledger}}) and MAY be sent to the next agent in the workflow +as evidence of completed prerequisites. -### 3.3. Lifecycle State Machine +## Lifecycle State Machine -``` +~~~ [Issuer creates Phase 1 ACT] | | sign(issuer_key) @@ -626,31 +681,29 @@ evidence of completed prerequisites. +------------------+ | ANCHORED | Phase 2 + external non-equivocation +------------------+ -``` +~~~ ---- +# ACT Token Format -## 4. ACT Token Format - -An ACT is a JSON Web Token [RFC7519] signed as a JSON Web Signature -[RFC7515] using JWS Compact Serialization. All ACTs MUST use JWS +An ACT is a JSON Web Token {{RFC7519}} signed as a JSON Web Signature +{{RFC7515}} using JWS Compact Serialization. All ACTs MUST use JWS Compact Serialization to ensure they can be carried in a single HTTP header value. -### 4.1. JOSE Header +## JOSE Header The ACT JOSE header MUST contain: -```json +~~~ json { "alg": "ES256", "typ": "act+jwt", "kid": "agent-a-key-2026-03" } -``` +~~~ **alg** (REQUIRED): The digital signature algorithm. Implementations -MUST support ES256 [RFC7518]. EdDSA (Ed25519) [RFC8037] is +MUST support ES256 {{RFC7518}}. EdDSA (Ed25519) {{RFC8037}} is RECOMMENDED for new deployments due to smaller signatures and resistance to side-channel attacks. Symmetric algorithms (HS256, HS384, HS512) MUST NOT be used. The "alg" value MUST NOT be "none". @@ -671,9 +724,9 @@ key distribution. **did** (OPTIONAL): In Tier 3 deployments, the full DID of the issuing agent MAY be included for resolution. -### 4.2. JWT Claims: Authorization Phase +## JWT Claims: Authorization Phase -#### 4.2.1. Standard JWT Claims +### Standard JWT Claims **iss** (REQUIRED): The identifier of the agent issuing the mandate. Format depends on trust tier: an opaque string (Tier 1), an X.509 @@ -688,16 +741,16 @@ deployed, MUST also include the ledger's identifier. When multiple recipients are present, MUST be an array. Verifiers that are audit ledgers MUST verify that their own identifier appears in `aud`. -**iat** (REQUIRED): Issuance time as a NumericDate [RFC7519]. +**iat** (REQUIRED): Issuance time as a NumericDate {{RFC7519}}. **exp** (REQUIRED): Expiration time. Implementations SHOULD set to no more than 15 minutes after `iat` for automated workflows. -**jti** (REQUIRED): A UUID [RFC9562] uniquely identifying this ACT +**jti** (REQUIRED): A UUID {{RFC9562}} uniquely identifying this ACT and, in Phase 2, the task it records. Used as the task identifier for DAG predecessor references in `pred`. -#### 4.2.2. ACT Authorization Claims +### ACT Authorization Claims **wid** (OPTIONAL): A UUID identifying the workflow to which this task belongs. When present, groups related ACTs and scopes `jti` @@ -705,7 +758,7 @@ uniqueness to the workflow. **task** (REQUIRED): An object describing the authorized task: -```json +~~~ json { "task": { "purpose": "validate_patient_dosage", @@ -714,7 +767,7 @@ uniqueness to the workflow. "expires_at": 1772064750 } } -``` +~~~ - `purpose` (REQUIRED): A string describing the intended task. Implementations SHOULD use a controlled vocabulary or reverse- @@ -725,7 +778,7 @@ uniqueness to the workflow. actions that would expose data above this classification. - `created_by` (OPTIONAL): An identifier for the human or system that initiated the workflow. SHOULD be pseudonymous (see - Section 12). + {{privacy-considerations}}). - `expires_at` (OPTIONAL): A NumericDate after which the task mandate is no longer valid, independent of `exp`. @@ -733,7 +786,7 @@ uniqueness to the workflow. an action the agent is authorized to perform and the constraints under which it may do so: -```json +~~~ json { "cap": [ { @@ -752,14 +805,14 @@ under which it may do so: } ] } -``` +~~~ Action names MUST conform to the ABNF grammar: -``` +~~~ action-name = component *( "." component ) component = ALPHA *( ALPHA / DIGIT / "-" / "_" ) -``` +~~~ Receiving agents MUST perform exact string matching on action names. Wildcard matching is NOT part of this specification. @@ -776,14 +829,14 @@ narrower time windows. **oversight** (OPTIONAL): Human oversight requirements: -```json +~~~ json { "oversight": { "requires_approval_for": ["write.publish", "execute.payment"], "approval_ref": "https://approval.example.com/workflow/w-123" } } -``` +~~~ When `requires_approval_for` lists an action, the receiving agent MUST NOT execute that action autonomously. The approval mechanism @@ -795,7 +848,7 @@ the ACT MUST be treated as a root mandate with `depth` = 0 and further delegation is not permitted (i.e., the receiving agent MUST NOT issue sub-mandates based on this ACT). -```json +~~~ json { "del": { "depth": 1, @@ -809,15 +862,15 @@ NOT issue sub-mandates based on this ACT). ] } } -``` +~~~ - `depth`: The current delegation depth. 0 means this is a root mandate issued by a human or root authority. - `max_depth`: The maximum permitted delegation depth. Receiving agents MUST NOT issue sub-mandates that would exceed this depth. - `chain`: An array of delegation provenance records ordered from - root to immediate parent (chain[0] is the root authority, - chain[depth-1] is the direct parent of this ACT). Each entry + root to immediate parent (`chain[0]` is the root authority, + `chain[depth-1]` is the direct parent of this ACT). Each entry contains: - `delegator`: The identifier of the agent that authorized this delegation step (i.e., the `iss` of the parent ACT at that @@ -834,7 +887,7 @@ validate the chain, any verifier holding the delegating agent's public key can independently verify each step by recomputing the hash and checking the signature. -### 4.3. JWT Claims: Execution Phase +## JWT Claims: Execution Phase The following claims are added by the executing agent when transitioning to Phase 2. Their presence distinguishes an Execution @@ -876,23 +929,23 @@ environments where failed attempts must be recorded. **err** (OPTIONAL, present when `status` is "failed" or "partial"): An object providing error context: -```json +~~~ json { "err": { "code": "constraint_violation", "detail": "data_classification_max exceeded" } } -``` +~~~ Error detail SHOULD NOT reveal internal system state beyond what is necessary for audit purposes. -### 4.4. Complete Examples +## Complete Examples -#### Phase 1 — Authorization Mandate +### Example: Phase 1 — Authorization Mandate -```json +~~~ { "alg": "ES256", "typ": "act+jwt", @@ -944,11 +997,11 @@ necessary for audit purposes. "chain": [] } } -``` +~~~ -#### Phase 2 — Execution Record (same token, re-signed by target agent) +### Example: Phase 2 — Execution Record (same token, re-signed by target agent) -```json +~~~ { "alg": "EdDSA", "typ": "act+jwt", @@ -1007,11 +1060,9 @@ necessary for audit purposes. "exec_ts": 1772064300, "status": "completed" } -``` +~~~ ---- - -## 5. Trust Model +# Trust Model ACT defines four trust tiers. Tier 1 is mandatory-to-implement; all others are optional upgrades. An ACT verifier MUST be able to process @@ -1019,7 +1070,7 @@ ACTs from any tier it has configured. The trust tier in use is determined by the `kid` format and the presence of `x5c` or `did` header parameters. -### 5.1. Tier 0: Bootstrap (TOFU — Trust On First Use) +## Tier 0: Bootstrap (TOFU — Trust On First Use) Tier 0 is NOT part of the normative trust model and MUST NOT be used in regulated environments. It is defined here for documentation @@ -1031,7 +1082,7 @@ who intercepts the first message can substitute their own key. Tier 0 deployments MUST transition to Tier 1 or higher before exchanging ACTs that carry sensitive capabilities. -### 5.2. Tier 1: Pre-Shared Keys (Mandatory-to-Implement) +## Tier 1: Pre-Shared Keys (Mandatory-to-Implement) {#tier1} In Tier 1, both parties exchange public keys out-of-band prior to the first ACT exchange. The `kid` is an opaque string agreed during @@ -1042,12 +1093,12 @@ configuration, a configuration management system, or a prior authenticated channel. This specification does not mandate a specific key exchange protocol. -Tier 1 public keys MUST be Ed25519 [RFC8037] or P-256 (ES256) -[RFC7518] keys. RSA keys SHOULD NOT be used in Tier 1 deployments due to +Tier 1 public keys MUST be Ed25519 {{RFC8037}} or P-256 (ES256) +{{RFC7518}} keys. RSA keys SHOULD NOT be used in Tier 1 deployments due to key size. Key rotation MUST be performed out-of-band using the same mechanism as the initial exchange. -### 5.3. Tier 2: PKI / X.509 +## Tier 2: PKI / X.509 In Tier 2, agent identity is bound to an X.509 certificate issued by a mutually trusted Certificate Authority (CA). The `kid` is the @@ -1060,19 +1111,19 @@ Cross-organizational ACT exchange in Tier 2 requires either: (c) explicit trust anchoring (one organization's CA is added to the other's trust store). -The `x5c` JOSE header parameter [RFC7515] MAY carry the full +The `x5c` JOSE header parameter {{RFC7515}} MAY carry the full certificate chain to enable verification without out-of-band trust store configuration. -### 5.4. Tier 3: Decentralized Identifiers (DID) +## Tier 3: Decentralized Identifiers (DID) -In Tier 3, agent identity is expressed as a DID [W3C-DID]. The +In Tier 3, agent identity is expressed as a DID {{W3C-DID}}. The `kid` is a DID key fragment. The `did` JOSE header parameter carries the full DID for resolution. -Implementations SHOULD support at minimum `did:key` [DID-KEY] for +Implementations SHOULD support at minimum `did:key` {{DID-KEY}} for self-contained key distribution without external resolution, and -`did:web` [DID-WEB] for organizations that prefer DNS-anchored +`did:web` {{DID-WEB}} for organizations that prefer DNS-anchored identity. DID resolution latency introduces a dependency on external @@ -1080,7 +1131,7 @@ infrastructure. To preserve the zero-infrastructure baseline, implementations using Tier 3 MAY cache DID Documents and MUST specify a maximum cache TTL in their configuration. -### 5.5. Cross-Tier Interoperability +## Cross-Tier Interoperability A delegation chain MAY include agents operating at different trust tiers. Each step in the chain is verified using the trust tier of @@ -1089,16 +1140,14 @@ solely because it mixes trust tiers, but MAY apply stricter policy for chains that include Tier 0 or Tier 1 steps when exchanging sensitive capabilities. ---- - -## 6. Delegation Chain +# Delegation Chain ACT delegation is peer-to-peer: no Authorization Server is involved. Delegation is expressed as a cryptographically verifiable chain of ACT issuances, where each step reduces privileges relative to the previous step. -### 6.1. Peer-to-Peer Delegation +## Peer-to-Peer Delegation When Agent A authorizes Agent B to perform a sub-task, Agent A: @@ -1111,16 +1160,16 @@ When Agent A authorizes Agent B to perform a sub-task, Agent A: 5. Adds a chain entry containing A's identifier as `delegator`, the `jti` of A's own mandate, and a `sig` value computed as: - ``` + ~~~ sig = Sign(A.private_key, SHA-256(canonical_ACT_phase1_bytes)) - ``` + ~~~ where `canonical_ACT_phase1_bytes` is the UTF-8 encoded bytes of the JWS Compact Serialization of A's Phase 1 ACT. 6. Signs the new ACT with A's private key. -### 6.2. Privilege Reduction Requirements +## Privilege Reduction Requirements When issuing a delegated ACT, the issuing agent MUST reduce privileges by one or more of: @@ -1146,11 +1195,11 @@ treat the constraint as non-comparable and MUST reject the delegation unless the delegated constraint value is byte-for-byte identical to the parent constraint value. -### 6.3. Delegation Verification +## Delegation Verification A verifier receiving a delegated ACT MUST: -1. Verify the ACT's own signature (Section 8.1). +1. Verify the ACT's own signature ({{auth-verification}}). 2. For each entry in `del.chain`, in order from index 0 to `del.depth - 1`: a. Retrieve the public key for `entry.delegator`. @@ -1158,21 +1207,19 @@ A verifier receiving a delegated ACT MUST: hash of the referenced parent ACT (identified by `entry.jti`). c. Verify that the capabilities in the current ACT are a subset of the capabilities in the parent ACT, per the constraint - comparison rules in Section 6.2. + comparison rules in {{privilege-reduction-requirements}}. 3. Verify that `del.depth` does not exceed `del.max_depth`. 4. Verify that `del.chain` length equals `del.depth`. If any step fails, the ACT MUST be rejected. ---- - -## 7. DAG Structure and Causal Ordering +# DAG Structure and Causal Ordering {#dag-structure} ACTs in Phase 2 form a DAG over the `pred` (predecessor) claim. The DAG encodes causal dependencies: a task MAY NOT begin before all its parent tasks are completed. -### 7.1. DAG Validation +## DAG Validation {#dag-validation} When processing a Phase 2 ACT, implementations MUST: @@ -1194,39 +1241,39 @@ When processing a Phase 2 ACT, implementations MUST: 5. **Capability Consistency**: Verify that `exec_act` matches one of the `action` values in the `cap` array from Phase 1. -### 7.2. Root Tasks and Fan-in +## Root Tasks and Fan-in A root task has `pred = []`. A workflow MAY have multiple root tasks representing parallel branches with no shared predecessor. Fan-in — a task with multiple parents — is expressed naturally: -```json +~~~ json { "pred": [ "550e8400-e29b-41d4-a716-446655440001", "550e8400-e29b-41d4-a716-446655440002" ] } -``` +~~~ This indicates the current task depends on the completion of both referenced parent tasks, which MAY have been executed in parallel by different agents. -### 7.3. DAG vs Linear Delegation Chains +## DAG vs Linear Delegation Chains {#dag-vs-linear} Several concurrent proposals for agent authorization model delegation as an ordered, linear chain of tokens or principals. Examples include the `actchain` claim of -[I-D.draft-oauth-transaction-tokens-for-agents-06], the Agentic JWT -construction of [AgenticJWT], the AIP / Interaction-Bound Context Token -(IBCT) model of [AIP-IBCT], and the delegation record defined in -[I-D.draft-helixar-hdp-agentic-delegation-00]. In each of these +{{I-D.oauth-transaction-tokens-for-agents}}, the Agentic JWT +construction of {{AgenticJWT}}, the AIP / Interaction-Bound Context Token +(IBCT) model of {{AIP-IBCT}}, and the delegation record defined in +{{I-D.helixar-hdp-agentic-delegation}}. In each of these designs, the trail from the originator to the final executor is represented as an ordered array recording one predecessor per hop. -#### 7.3.1. What Linear Chains Express Well +### What Linear Chains Express Well Linear chains are a natural fit for simple sequential delegation: agent A delegates to agent B, which delegates to agent C. The chain @@ -1236,7 +1283,7 @@ branching. For interactive user-to-agent-to-service flows, where each step has exactly one predecessor, a linear chain is both sufficient and compact. -#### 7.3.2. Limitations of Linear Chains +### Limitations of Linear Chains Agentic workflows in practice are rarely purely linear. Planner agents dispatch parallel sub-tasks; synthesizer agents consume @@ -1268,11 +1315,11 @@ faithfully represent the following common topologies: single history and cannot record that the combined result has two distinct provenances. -#### 7.3.3. ACT's DAG Approach +### ACT's DAG Approach -As specified in Section 4.3, the `pred` claim is an array of parent -`jti` values rather than a single scalar. This allows an ACT to -record: +As specified in {{jwt-claims-execution-phase}}, the `pred` claim is +an array of parent `jti` values rather than a single scalar. This +allows an ACT to record: - Zero parents (a root task, `pred = []`); - Exactly one parent (a linear chain, equivalent to the @@ -1305,7 +1352,7 @@ A linear `actchain` representation cannot express that D depends on both B and C. At best, it can record one of the two parents and lose the other, or serialize B and C into a false sequential order. -#### 7.3.4. Verifiability Implications +### Verifiability Implications With a DAG representation, an auditor holding the set of Phase 2 ACTs for a workflow can reconstruct the full execution graph, not @@ -1319,7 +1366,7 @@ just one chain per final record. This matters for: since the surviving siblings' `pred` arrays name the missing predecessor by `jti`. -#### 7.3.5. Interoperability with Linear-Chain Designs +### Interoperability with Linear-Chain Designs ACT's DAG reduces to a linear chain in the degenerate case where every `pred` array has length zero or one. An implementation that @@ -1334,20 +1381,18 @@ is deliberate and is motivated by the concurrent, branching nature of real agentic executions rather than by any deficiency in the linear-chain designs for the sequential cases they target. ---- +# Verification Procedure -## 8. Verification Procedure - -### 8.1. Authorization Phase Verification +## Authorization Phase Verification {#auth-verification} A receiving agent MUST verify a Phase 1 ACT as follows: -1. Parse JWS Compact Serialization per [RFC7515]. +1. Parse JWS Compact Serialization per {{RFC7515}}. 2. Verify `typ` is "act+jwt". 3. Verify `alg` is in the verifier's algorithm allowlist. The allowlist MUST NOT include "none" or any symmetric algorithm. 4. Retrieve the public key for `kid` per the applicable trust tier - (Section 5). + ({{trust-model}}). 5. Verify the JWS signature. 6. Verify `exp` has not passed (with clock skew tolerance: RECOMMENDED maximum 5 minutes). @@ -1358,17 +1403,18 @@ A receiving agent MUST verify a Phase 1 ACT as follows: 10. Verify `sub` matches the verifier's own identifier (the agent is the intended recipient of this mandate). 11. Verify all required claims are present and well-formed. -12. Verify delegation chain (Section 6.3) if `del.chain` is - non-empty. +12. Verify delegation chain ({{delegation-verification}}) if + `del.chain` is non-empty. 13. Verify capabilities are within policy limits. -### 8.2. Execution Phase Verification +## Execution Phase Verification In addition to all Phase 1 verification steps, a verifier processing a Phase 2 ACT MUST: 1. Verify `exec_act` is present and matches an `action` in `cap`. -2. Verify `pred` is present and perform DAG validation (Section 7.1). +2. Verify `pred` is present and perform DAG validation + ({{dag-validation}}). 3. Verify `exec_ts` is present and is greater than or equal to `iat`. If `exec_ts` is after `exp`, implementations SHOULD log a warning but MUST NOT reject the record solely on this basis. @@ -1380,38 +1426,36 @@ a Phase 2 ACT MUST: 6. If `inp_hash` or `out_hash` are present, verify them against locally available input/output data when possible. ---- +# Transport -## 9. Transport - -### 9.1. HTTP Header Transport +## HTTP Header Transport {#http-header-transport} This specification defines two HTTP header fields for ACT transport: **ACT-Mandate**: Carries a Phase 1 ACT issued by an upstream agent or operator. Value is the JWS Compact Serialization of the ACT. -``` +~~~ GET /api/safety-check HTTP/1.1 Host: safety-agent.example.com ACT-Mandate: eyJhbGci...Phase1ACT... -``` +~~~ **ACT-Record**: Carries a Phase 2 ACT from a predecessor agent, serving as evidence of completed prerequisites. -``` +~~~ POST /api/downstream HTTP/1.1 Host: downstream-agent.example.com ACT-Mandate: eyJhbGci...Phase1ACT... ACT-Record: eyJhbGci...Phase2ACT... -``` +~~~ Multiple `ACT-Record` header lines MAY be included when a task has multiple completed predecessors (DAG fan-in). If any single ACT-Record fails verification, the receiver MUST reject the entire request. -### 9.2. Non-HTTP Transports +## Non-HTTP Transports For non-HTTP transports (MCP stdio, A2A message queues, AMQP, etc.), ACTs SHOULD be carried as a dedicated field in the transport's @@ -1419,9 +1463,7 @@ metadata envelope. The field name SHOULD be `act_mandate` for Phase 1 ACTs and `act_record` for Phase 2 ACTs. Implementations MUST use the JWS Compact Serialization form in all transports. ---- - -## 10. Audit Ledger Interface +# Audit Ledger Interface {#audit-ledger} Phase 2 ACTs SHOULD be submitted to an immutable audit ledger. A ledger is RECOMMENDED for regulated environments but is not @@ -1440,13 +1482,11 @@ When an audit ledger is deployed, the implementation MUST provide: 4. **Integrity**: A cryptographic commitment scheme over recorded ACTs (e.g., hash-chaining, Merkle tree anchoring, or SCITT - registration per [I-D.ietf-scitt-architecture]). + registration per {{I-D.ietf-scitt-architecture}}). ---- +# Security Considerations {#security-considerations} -## 11. Security Considerations - -### 11.1. Threat Model +## Threat Model ACT assumes an adversarial environment where: @@ -1463,7 +1503,7 @@ ACT does NOT assume: - Synchronized clocks beyond the stated skew tolerance. - Availability of external network services during verification. -### 11.2. Self-Assertion Limitation +## Self-Assertion Limitation Phase 2 ACTs are self-asserted: an executing agent signs its own execution record. A compromised agent with an intact private key can @@ -1473,7 +1513,7 @@ capability. This is a fundamental limitation of self-sovereign attestation. It is the same limitation affecting WIMSE ECT -[I-D.nennemann-wimse-ect] Section 8.2. +{{I-D.nennemann-wimse-ect}}. Mitigations: @@ -1487,7 +1527,7 @@ Mitigations: SHOULD be anchored to a SCITT Transparency Service, providing external witness that the record was submitted at a claimed time. -### 11.3. Key Compromise +## Key Compromise If an agent's private key is compromised, an attacker can issue arbitrary Phase 1 mandates (impersonating the agent as an issuer) @@ -1510,7 +1550,7 @@ be treated as potentially tainted from the point of compromise. Audit systems MUST flag all ACTs signed after the estimated compromise time. -### 11.4. Replay Attack Prevention +## Replay Attack Prevention `jti` uniqueness within the applicable scope (workflow or global) provides replay detection. Verifiers MUST reject ACTs whose `jti` @@ -1521,7 +1561,7 @@ expired ACTs. The combination of `jti` and `exp` means that replay detection state only needs to be maintained for the duration of token lifetimes. -### 11.5. Equivocation +## Equivocation {#equivocation} In standalone deployment (no audit ledger, no SCITT anchoring), ACT does NOT provide non-equivocation guarantees. A compromised agent @@ -1529,13 +1569,13 @@ can maintain two valid ACT chains — presenting Phase 2 records with different `out_hash` values to different verifiers — and both will pass independent verification. -**Deployments claiming DORA [DORA] Article 10/11 compliance or EU AI -Act [EUAIA] Article 12 compliance MUST use one of:** +**Deployments claiming DORA {{DORA}} Article 10/11 compliance or EU AI +Act {{EUAIA}} Article 12 compliance MUST use one of:** (a) A shared append-only audit ledger visible to all relevant parties, with cryptographic integrity (hash chaining or Merkle trees). -(b) SCITT anchoring [I-D.ietf-scitt-architecture] providing external +(b) SCITT anchoring {{I-D.ietf-scitt-architecture}} providing external Transparency Service receipts. Standalone ACT provides tamper detection (a verifier can detect @@ -1543,7 +1583,7 @@ modification of a record it has seen) but not split-view prevention (a verifier cannot detect a different record shown to another verifier). -### 11.6. Privilege Escalation +## Privilege Escalation Verifiers MUST check that each step in `del.chain` reduces or maintains (never increases) the capabilities relative to the @@ -1553,7 +1593,7 @@ preceding step. Implementations MUST reject ACTs where: - `cap` contains actions not present in any referenced parent ACT. - Constraints in `cap` are less restrictive than those in the parent. -### 11.7. Denial of Service +## Denial of Service ACT verification is more computationally expensive than standard JWT validation due to delegation chain verification and DAG traversal. @@ -1563,13 +1603,11 @@ Mitigations: - Reject ACTs larger than 64KB before parsing. - Enforce maximum `del.chain` length (RECOMMENDED: 10 entries). - Enforce maximum DAG ancestor traversal depth (RECOMMENDED: 10,000 - nodes, Section 7.1). + nodes, {{dag-validation}}). - Cache verification results for recently seen `jti` values within the token lifetime window. ---- - -## 12. Privacy Considerations +# Privacy Considerations {#privacy-considerations} ACT tokens and audit ledger records may contain information that identifies agents, organizations, or individuals. Implementations @@ -1592,11 +1630,9 @@ SHOULD store only ACT tokens (which contain hashes, not raw data) and SHOULD implement crypto-shredding for any associated encrypted payloads. ---- +# IANA Considerations -## 13. IANA Considerations - -### 13.1. Media Type Registration +## Media Type Registration This document requests registration of the following media type: @@ -1604,11 +1640,11 @@ This document requests registration of the following media type: - Subtype name: act+jwt - Required parameters: none - Encoding considerations: binary (base64url-encoded JWT) -- Security considerations: See Section 11. -- Interoperability considerations: See Section 8. +- Security considerations: See {{security-considerations}}. +- Interoperability considerations: See {{auth-verification}}. - Specification: This document. -### 13.2. HTTP Header Field Registration +## HTTP Header Field Registration This document requests registration of the following HTTP header fields in the "Hypertext Transfer Protocol (HTTP) Field Name @@ -1617,14 +1653,14 @@ Registry": - Header field name: ACT-Mandate - Applicable protocol: HTTP - Status: permanent -- Specification: This document, Section 9.1. +- Specification: This document, {{http-header-transport}}. - Header field name: ACT-Record - Applicable protocol: HTTP - Status: permanent -- Specification: This document, Section 9.1. +- Specification: This document, {{http-header-transport}}. -### 13.3. JWT Claims Registration +## JWT Claims Registration This document requests registration of the following claims in the IANA "JSON Web Token Claims" registry: @@ -1644,196 +1680,79 @@ IANA "JSON Web Token Claims" registry: | status | Execution status | This document | | err | Execution error context | This document | ---- +--- back -## 14. References - -### 14.1. Normative References - -[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate - Requirement Levels", BCP 14, RFC 2119, March 1997. - -[RFC7515] Jones, M., Bradley, J., and N. Sakimura, "JSON Web - Signature (JWS)", RFC 7515, May 2015. - -[RFC7517] Jones, M., "JSON Web Key (JWK)", RFC 7517, May 2015. - -[RFC7518] Jones, M., "JSON Web Algorithms (JWA)", RFC 7518, - May 2015. - -[RFC7519] Jones, M., Bradley, J., and N. Sakimura, "JSON Web - Token (JWT)", RFC 7519, May 2015. - -[RFC8037] Liusvaara, I., "CFRG Elliptic Curves for JOSE", - RFC 8037, January 2017. - -[RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC - 2119 Key Words", BCP 14, RFC 8174, May 2017. - -[RFC9110] Fielding, R., et al., "HTTP Semantics", RFC 9110, - June 2022. - -[RFC9562] Davis, K., et al., "Universally Unique IDentifiers - (UUIDs)", RFC 9562, May 2024. - -### 14.2. Informative References - -[DORA] European Parliament, "Digital Operational Resilience - Act (DORA)", Regulation (EU) 2022/2554, 2022. - -[EUAIA] European Parliament, "EU Artificial Intelligence Act", - Regulation (EU) 2024/1689, 2024. - -[IEC62304] IEC, "Medical device software — Software life cycle - processes", IEC 62304:2006+AMD1:2015. - -[I-D.aap-oauth-profile] - Cruz, A., "Agent Authorization Profile (AAP) for - OAuth 2.0", draft-aap-oauth-profile-01, February 2026. - -[I-D.nennemann-wimse-ect] - Nennemann, C., "Execution Context Tokens for - Distributed Agentic Workflows", - draft-nennemann-wimse-ect-00, February 2026. - -[I-D.ietf-scitt-architecture] - Birkholz, H., et al., "An Architecture for Trustworthy - and Transparent Digital Supply Chains", - draft-ietf-scitt-architecture-22, October 2025. - Note: This draft is currently in AUTH48 (RFC Editor - queue). To become RFC upon publication. Readers should - use the RFC number once assigned. - -[RFC8693] Jones, M., et al., "OAuth 2.0 Token Exchange", - RFC 8693, January 2020. - -[MCP-SPEC] Model Context Protocol Specification, 2025-11-25, - - -[OPENAI-AGENTS-SDK] - OpenAI, "Agents SDK", - - -[LANGGRAPH] - LangChain, "LangGraph Documentation", - - -[A2A-SPEC] Google, "Agent2Agent (A2A) Protocol", - - -[CREWAI] CrewAI, "CrewAI Documentation", - - -[AUTOGEN] Microsoft, "AutoGen Documentation", - - -[W3C-DID] Sporny, M., et al., "Decentralized Identifiers (DIDs) - v1.0", W3C Recommendation, July 2022. - -[DID-KEY] Longley, D., et al., "The did:key Method v0.7", 2021. - -[I-D.draft-oauth-transaction-tokens-for-agents-06] - Fletcher, G., et al., "OAuth 2.0 Transaction Tokens for - Agents", draft-oauth-transaction-tokens-for-agents-06, - Work in Progress. - -[I-D.draft-helixar-hdp-agentic-delegation-00] - Helixar, "Helixar Delegation Protocol (HDP) for Agentic - Delegation", draft-helixar-hdp-agentic-delegation-00, - Work in Progress. - -[AgenticJWT] - "Agentic JWT: A JSON Web Token Profile for Delegated - Agent Authorization", arXiv:2509.13597, 2025, - . - -[AIP-IBCT] - Prakash, S., "AIP: Agent Interaction Protocol with - Interaction-Bound Context Tokens", arXiv:2603.24775, - March 2026, - . - -[SentinelAgent] - Patil, et al., "SentinelAgent: A Formal Delegation - Chain Calculus for Verifiable Agent Authorization", - arXiv:2604.02767, April 2026, - . - -[I-D.draft-emirdag-scitt-ai-agent-execution-00] - Emirdag, et al. (VERIDIC), "A SCITT Profile for AI - Agent Execution Records", - draft-emirdag-scitt-ai-agent-execution-00, April 2026, - Work in Progress. - -[DID-WEB] Steele, O., et al., "did:web Method Specification", - 2022. - ---- - -## Appendix A: Complete JSON Schema +# Appendix A: Complete JSON Schema +{:numbered="false"} The normative JSON Schema for ACT Phase 1 and Phase 2 tokens is -available at [TODO: reference implementation repository]. +available at \[TODO: reference implementation repository\]. ---- +# Appendix B: Test Vectors +{:numbered="false"} -## Appendix B: Test Vectors +## B.1. Valid Phase 1 ACT — Root Mandate (Tier 1, Pre-Shared Key) +{:numbered="false"} -### B.1. Valid Phase 1 ACT — Root Mandate (Tier 1, Pre-Shared Key) - -``` +~~~ [TODO: include encoded test vector with signing key, payload, and expected JWS Compact Serialization] -``` +~~~ -### B.2. Valid Phase 2 ACT — Completed Execution +## B.2. Valid Phase 2 ACT — Completed Execution +{:numbered="false"} -``` -[TODO: include encoded test vector demonstrating Phase 1 → Phase 2 +~~~ +[TODO: include encoded test vector demonstrating Phase 1 -> Phase 2 transition with re-signature by target agent] -``` +~~~ -### B.3. Valid Phase 2 ACT — Fan-in (Multiple Parents) +## B.3. Valid Phase 2 ACT — Fan-in (Multiple Parents) +{:numbered="false"} -``` +~~~ [TODO: demonstrate pred with two predecessor jti values from parallel workflow branches] -``` +~~~ -### B.4. Invalid ACT — Delegation Depth Exceeded +## B.4. Invalid ACT — Delegation Depth Exceeded +{:numbered="false"} -``` +~~~ [TODO: demonstrate del.depth > del.max_depth rejection] -``` +~~~ -### B.5. Invalid ACT — Capability Escalation +## B.5. Invalid ACT — Capability Escalation +{:numbered="false"} -``` +~~~ [TODO: demonstrate rejection when delegated cap contains action not present in parent ACT] -``` +~~~ -### B.6. Invalid ACT — exec_act Mismatch +## B.6. Invalid ACT — exec_act Mismatch +{:numbered="false"} -``` +~~~ [TODO: demonstrate rejection when exec_act does not match any cap.action in the Phase 1 claims] -``` +~~~ ---- +# Appendix C: Deployment Scenarios +{:numbered="false"} -## Appendix C: Deployment Scenarios - -### C.1. Minimal Deployment (Zero Infrastructure) +## C.1. Minimal Deployment (Zero Infrastructure) +{:numbered="false"} Two organizations exchange pre-shared public keys via secure email. Each agent signs Phase 1 mandates and Phase 2 records with its Ed25519 key. No ledger, no external services. Suitable for development and low-risk workflows. -Limitation: No non-equivocation (Section 11.5). +Limitation: No non-equivocation ({{equivocation}}). -### C.2. Regulated Deployment with Hash-Chained Ledger +## C.2. Regulated Deployment with Hash-Chained Ledger +{:numbered="false"} Phase 2 ACTs are submitted to a shared append-only ledger with hash-chaining. Each recorded ACT extends a cryptographic chain, @@ -1841,14 +1760,16 @@ providing tamper evidence for each ACT and the chain as a whole. The ledger is shared between all regulated parties participating in the workflow. Suitable for DORA compliance. -### C.3. High-Assurance Cross-Organizational Deployment +## C.3. High-Assurance Cross-Organizational Deployment +{:numbered="false"} Phase 2 ACTs are anchored to a SCITT Transparency Service. SCITT receipts are attached to the audit record as non-equivocation proofs. DID-based agent identities (Tier 3) enable self-sovereign key management without shared CA infrastructure. -### C.4. WIMSE Environment Integration +## C.4. WIMSE Environment Integration +{:numbered="false"} In environments where WIMSE is already deployed, ACT-Mandate and ACT-Record headers are carried alongside the WIMSE Workload-Identity @@ -1857,10 +1778,9 @@ workload-level execution in WIMSE terms; the ACT records the authorization provenance and capability constraints that governed the action. ---- +# Acknowledgments +{:numbered="false"} -## Author's Address - -Christian Nennemann -Independent -Email: [TODO] +The author thanks the IETF WIMSE, OAuth, and SCITT working groups +for foundational work on workload identity, delegated authorization, +and transparent supply chain records that informs this specification. diff --git a/workspace/drafts/act/draft-nennemann-act-01.pdf b/workspace/drafts/act/draft-nennemann-act-01.pdf new file mode 100644 index 0000000000000000000000000000000000000000..51fd3558779a22f44ca7c5441a12737867302fe7 GIT binary patch literal 167277 zcma%>Q;aA;x24;*ZJxGm+qP}nwr!oZZQHhOyL-+|W|BK|=iyK4p;DDpRZ=@y-`;zX z$_tCqFwn9=k>2H{7DKTR&=c4hT0(Ji(}`MGJDWHX(1}_bIGYHY7}*({&`F!vnmL;j zFtRYP@$y1BIXjvd*g&~&G;599;;;Q#o#16wt&%e+0pG^{jNZl)$am6nWI1-ufQ9No@d?q+|<>=Li)1cwDxOaK!YWznhiaq)R4ksPmUnb+;uSyoOn5 z21AY01OzthUuA7v=z`0@u!5B37jL=j}{> z9@J#)YTf$g+5TN9Qio!rnhTdtHoP%Y2oHf}w$@iAYU(-UwZ^I$wK^Pb&MBFftv+!7 zeGGer@0Hb_X+RPqPyk%F)Nq5erpQu<;R1PCQ&qM^jY~TB?8@6&Z7Y>B^vM`w@oE{{ zKc$>6N0Kr1k?VIk#)Ph|bhS%4iholOKNNd&(Or$bJ%3*BBAXa0dv;FD_~UJy@zgaTlu=<^WPmAQx8yF_Ef3-OtCaih|DUFj-$j zAyqwH3I-MgC#8ImMGr&Fpu$)~-2GX5AZTpQL&aMa21`^?cniIjMOPX$Xa#@OM|$d)L&irGLTMU&f+BFauxxdQKGBzvV{*n|R313qcVq6WthV^LpX zmM9SKjk}-_gr}f#9if%$PLw3`&;#X^GqoyRbD8ZPbiuiHG)xLxpqRFvhu~wPxs;W? zF1O+%Rs&P@TH|b0OqBJg=wN- zh&je6k4E6%qh=hQ3G)6mS?%tHzPZZA0E>Y*bNOO)BGz~=)o4eiur3)3tR%*oNka(^ z)pTB4JN;0>aFPMRVZ^A}w`w)$m8FN-7$6e~OOypiLNC3{H;F^cKdOo9reLAOV@zt? zdEGg+U#(x&U(u)rQ`Df3Ry`Of1?8k`hKOU?WGnMZ{Ad80#T7IhQ~{bvuQn+{De;pjKdjA0b?`+4xBXk}A~G{yIGvfm@x5NI+#Mzj{#bllYq^nJt# zd_^HJsHFMHCxu+HP*-F$GAq#T4YE>Usutq8dG;yIhMZ=FIk?yZ12-sLB_mDas=H;7 zStO<%_sc%iwhVR6WygrX=wKTJ zF*m^D1lw8@&u_?Y{{>kyo(7>1eMzxM8GE~+^F05gCVGT_Z5NX1Y|x#K&kPtLpD8%K zP61`gw;9{oPd??k-c=Y+(=8|k0vdQ5?K=Nl!ubu2t>0Tk9+lEr%pCnQo%&Y&G#r|s zMK1tCU9bw61IMx_Kpj(L6&P7wK)I2Av)G*l{pGLDLKKWx$nh@w=Q|ygaRXcL_oUx( zDJBF@(vW;;&R)^H+&&s5_d+GuiysBN-(JR(heX!E5$VS1>)MW*IUUX-98*o}54lDa z&2Tyy4X*T~9o-bLA(fzc9%TT%DC>I02EfR+Y8@@ifU@SUI!7;EQ!|Dl@qwDkw>_CAlW1g`tdr2YebS1qhyw|0E>%{u!mi$Md~l z_fGLf=(aX2t@xd15o|23)vw`BtEkWzOxjudLU1k;RCmwP1y=FD+ z|JywPb-D^J=0ocO8Hu>L;GEB`AK<1Dj~6R!K9bX!3Oa0CP>|@4O<1rtH!wL*;)BAz z@nUC(N2`H&CYv4l#o1m8;Utv{d1$eCj zB{oXy8Muzq%%0Enisa5Ss#Hw1x_~O%UFWt5SbyghIe!s`A!Ln6eW}~O7gC$`k(f4f zVJh70Cp^H&s|B89nC5j}h$eiq<6=2RJ!C#yGFBo(k)5fGjIba#3K!xE3(TfSk6YTa zgkYi9Wf{-2>}@lmAId!Xq~at9?S8qh9qh#RT-X9{%Qa1A0xJ&~#$X&4i96c5PoH;` zd%x=J-5j>H%Gqs~SzHv`Y-zfOj&!&9fsG&l(v$2~`LkzY2D0%;4CR@=x-Ki`>D@Jg z#b*Uy_TFIFfH<*`tNH}6vgqm?zyiwY%vClcC@oQ3$`p^6&pjGYnd;TpL%MCSajg46 z$O8+<_Qsm zw{?c&n-4d)=ztpXh88~v)UB(}5=;2eParJzps?#nA%u>kMp`v}eY84;$)H#1*dtKp zpZh0*W0?*8UggrA?)6n{IRlIB2)g02`#Ic@ea2^V1&e>>nD%lRm;-uD04{xS{jPssS_;LEMe|y!AUq8)!`*2y%mj_(lvp6Shr>%WU zxorRb+)a#|cAqcY_tk-|FPq4OJy~)SQ8DPi6BGCL!t@4wm41)CABt)JsKamlUY6=n zT+GUmi@WMO+coLubLy9hMWnjP>B-gZe*gSzhqdC~<-!By+Lrb1(vNJ54>fYtL`w{B zLB4M1B%SeY+gWVw%R>J`-ptj*TF@DB?PEp832n}?wWKKI{>Ik8c35S@_wFCWo>C~m zU<5uv8!^?_4hl0xV_w_O_@yz%G8yPjtlgoFI$<6~XV|9bOTio!)QL_t-!+@z;B!m2uEyBKWKXjQRcKX8jNUe5-g1 zL1E3Jj4)9mZt!gyC1g{axv~lwL4pmjMC*S1YNLs+1REpx63j~q1!0VcNc*a|XGflJ z6K2h+SJ#Ng9XHmY`_6bEAVU4(Dizga5*Ftuc9#FW%PFDWUR5HXdl~Wu z;-$=~H@-xbpK8L7Hj!*@e@_IQND5{G1dL>=$cxk{-ba0c6EPD9#wrb#GR9y7Bh2G` z01_ExP+S$ShFb^ZZFxIZw&F{%g=E$NVdL_7W^p~sZliWVnQdg{2Ehm|NMWGa_WYR7 zbPWnuHNqjLvgucYVAb`uOOOVkBbavov3NcD*^j{K{|Zk#e7>jJ|}30TR~N7#UcQYcyewUp=}=YD}LI8dR#J$HI$x0 zdTsz9#N*-f=fC9P^19Y`1vI87qx~dj!rXiw{z{;!ZIkncjUV>w~HUZ*D6qJKQj-X9wQF#NU$l z3N}ZTe~Xo@ZNpc2L;f6fr;EiVEqstMZ^zW%jHyB)az;1Xh3M_*w$9LxT6Xstw$&^v z9rhN%_VIAV*8&_H(o{G)15OPj5)a}?WGH4&m@eU`=rtwr9AR?|M=AJelc*}Z@rfeK ztY*RL+J{pu97rdN7L?+}PY0@sm};OJEgs!%r5QQax`Xh|@2u>%lIHzH z$0d#X)Z^_`TqU4j)QoG7cL`MWtI5Q9q*6T;E$}CN6~6BmR&^dYiZkWc$lvS3&CAvi zGT}d0@ajepKO1}Ose!4hDS625I#5gsTqU>FWv2+Z0g~!OcP^ri|(VwO6{7a-s%Ptmxb~d^a_LQoyKj(^N-%>b1+NZmpLVSE-u0!}W9}B44!Iqa5vrO17N`yGIS*+~LMJ^Jl z4P-RXV75wIB^S7<4go%_Xq`%6&#T?Fu={OTBPq{S;#=+^mpzEKPPt9_Ouv{1DBbE(YTihOV=}0%ntS`Gt)gvz9vYj`t=3b* zmyrgQj_iHR`Q*wa?DJddt9<#X`PFTMq@4Wf+UH$ENIw-;8vxnXPYK)e8j@Tzua$PI zNbz$&Sq2<*5AZK;gV4X)gz#o8CuvzyOmNM!t41yJI?QR_?Qxk0XfF7XaEH1WHXAke zvUtf7otqScRty_{%6%-$oBxHMZBXYecIxHFQZA?tzJbfF`sKK18Jow!zc=Q#A==I$ zFG7V>Cc`0i6KbULK#NwCGkQd!MzL5o)SdfqJO8^Q$|iU)PUuNTL}T`N{qGmQzxIB# zoGMFqoLDs}{;USJ_TH5s5s(VeHocLChrWKCq|vMnXwgWbPV4c??E3a@Jm+fKb*G^k?)?8Y*12&sd z-s_0Xmj4!RtHa?{2b1k3*_>=!4J7Ai_%t?Fk7EDph%NORe!#XSJugUSee$0QaToHd z5uiiDwU+IbqnWj8k#eCrkg$;8%nSU$=}jA%+nDMN8yh$4MO!N`qt;R+ zL!>g}F9H|Hi4u5P2V_xu9V^sRyuO*NYWW=j2zb}nUDbvX6wz{ZTqw30`M0X=BBx^;o$79u-VRRd68 z^OXk37q!@ra@xC^3nyDVJxM6|3}tmewuTZNZ!mvCPxbTD^(qU63~>x7gguTiyfZ&)C#6-wF8aBKR>oxV#4IOzm8 zuWqxua(Q{aznABedAP?sdE(r9vVMFBg1BK6&zqxu9jAPK_Sw(cTI5#LI7-3d;N;ulhuZru1UzHqd(vx7V zB3A~QtC*&wX(Pxz8fi1vYe`}9+ru#5m8R1WGO%b%iMqscGt9fQVO&@{O!r?)7fVe{YeWWX9hC#Y$)38y zryy~*<+oAR28}SDl#{G+O9>84W8rT*j1j3-pn?gC zw287ct!Rhncu8LoNuH;>!4K&)5&eiU)@4HoJ-FoQn?_jCv32%t(SC3C9AZ$04P@Wepx0;Q>Apu zn52SiNHJFZ`7zL0-mcSJ4m0xhlxT0SAl_FsNnFA*4ib5V+wasF?TU>XWSHqJ-pWm5 zXV-0pD}DG)NCKa$_8P~0Na5WSV~8tJlI~6k64w|V-N%^KMzEbVK-tJ__)yPCpP=oV zlc{;XA0N{sYU3FtfYoxsxk#4?MJn)^#DW|JpVOL$z@&a?w$_lE>y#Ltfd!frg&O!O71 zr|CXcpOWqQxBDI&w7DA=31fKPK&OQsWW``So5cnWUXsT zaG<-Igr-b7@KwRY%K&QllH)I$TEUCA^z^?k&J7{jcdZUp&*%T(2hBcjtk|YZM>vkN&HxCgao$WyL)rh4GVH z@&_&^hdeaIPMfxGhNGjuM_HGwE~tH#s&vE%X7{g~%{CI zD5r+WHp0o#@Eo+7$i6@Pz{op>hWV(#oH%fD2ssY~c3DLO#c5o?2ra%d~QZ>pcETXM)pSgSiC`2+duED|^cc{&Qn}l7EAGq!R+` zpw-6y8d9}Im=JbXDJ-~=Q5i(0{^7@=OnyR)kp}Y~+<+*noR+@PW`Imx$amXr^?Ze^ zvu>E)^PNZ3_DTkw6VS?JU3Oqf zAW9XUG!5#9YDeeKwiMbuk;t5$} z1>17z@~fKZ-4kEF=pFul7iI=Fw*O3-*_i$xWtRD$%G`bVzm)k44++ANLO$PIjuPld z{z;$fUe^`c`13a)5rr?bfn+f?y=pbVTH|qSbbsn@zLcjvPVet`5h!jGYre4G$9%V& zF~E6kDe~`&mzdY<+k5q=XFl+G@AvBZWxglr8^FKPh;9&0FoEdU&#Bhy!nfBo@#)Pt z?+#Z!r*GfR{opRy=k5N>?Xb)1$8l7%4A}PQDeN?s4SE_N+xcXZh-icRb}LNx4{uND z8A}g*_ioSddx60m0fb67Vs|0^8d{KY_lY+nw^Na(pW8P1Ax2Vw<7=%LxhZ%5T`#X2 zv!@wY{!lKIVdpO2?^zG;_s{C$WFF5kFg^`;US}^pM8N;T?&jN-;)5|5@`{EIkyJ#6dg6t7KXF;*=! z#%a9`6dJWZZ3}uWS;k#~OJ7yJ? zs-VN@6hmDllUA(G=PnZ(Ch95b3JNxf0@NF|jU%y5$n!|ovH|HU_hwoBS}HY}C|mNM zj=hpgk5-;KDK;HKEo|l>+A&q^aoQ?2vQD_DZXU)51o501pVJcV_-TZ4UxZW% zV^&AHS*NuT1A{J_5EpswDZ9~RHw^~S(IHd&-m^&Bi^x_4aQ9gFg<#@pH#M>$P3t-A z@_*-@bihS%1P-OQa0`%uD7tKNoAIxnw6BY68+0=`xTudW0$K3p4b57mz zpPkLKAy`dKZ1Gtip<>%fTcM%^ahvfJ1u%>jyGbFRaL8&Ue793%LMzXhG9_%OMy0B1 ztrVt+qx)hK9o@K47^=>ckT)l&YviT2+-rgk$r>H(J9D@EId9LE;kV4o>}lF@9Z)lD zpV%Ii9%I^>y{mJ5P~i_Rsb{>qXIYZzK~g92$}kr&Lr&c=LzUOGlX50S(j!pyNXhgr;YRIO)$WW{2reQ-r~|o zv1ZNd=QU_)+DToNq*kMFca#B@&?FuZdecTY%9u()dN?)x% zII(ulRt~6CNO;V9_0hI1%Z;>EflX;Iz`-*?QbkGpnJQw27xxDh{)#mF!w4IN7jv?# zV!%VYElYv?Fz1ut!u-k`^IU*YLLlZ4{yxRKQ1_|Ypg8o@LWEq11BS%tJ~hFhWs<>7x)r2d+koSlL8I&6LbVf!MW(1r~pK;rlWGBoZXNy7G$U~ z2u`J;PUK=%99xtH0Kkp78dM1t#jwG613R_E`IAUyWD98Gzy5CM+z}DU-wc?5Qp*iW zfrjO3nir*S)N!pU90fh~Jr#aU%-}l&y&^+Hn+q#nhUaBzbFs?=j9`0TNnaNuyJNs> zD%|-BX0UmqwOTiQUmSqdDSM6kv!D-Kx53&xGl(Cone!{d>RY$%?;rcxeMWFPi% zY`7CiD8NORT{ELYpIa6skD4?btdTFaq|<;V8GCSxuH#iS+#$E7Tld%CCRbwVpeD<^687AW-SwBQ7g_vjH?Eb2 zklo0x$0v5sR}(TyD%1{cfi+vg)`2?h@T(x5wzUP(u;uHmXLd2H;i zGy%IIS!-XI*RVC0y*6&vz<4V+n>lm;^aRx-w^YsKhIJRX_`GakcP97pVq^`PDdK%iZ&jds@;Y%IQn(k=(VkDNT`ws5sD=ZUueaLX}0$;wIH?VKSc zetQHQtC;s+V~Xl8#*jz6+!sk6>^vR}8-uS~NidCjH&bd)1_YT(>)0p~GVVYWRXGrJ z0Fn5Wvs%_DxR%|U+k&|9VbvD|tpkR7sLLi4^55gBd*7;RV#4U7H1{sG0pXh1(*fqh zuhl;IBE)=;88&WMt*|kJONn zjh*$s=Bd+KQgKHuh&`{hXN>`4-Y9zh3}FDWf$V84XzC!MaN8RedakflkG}!Q6ugn7 ziq*O2pa=KXd?X3Oo~vps57c+3bV$GV1mw3tjrO^{xji{UN77xIJ43a-IY%Dv?~kvG zap)WokGH=(`z~g)XirDM_B%PYi>G6+yLks6hucTE z5Eiq5GpZesl&&MWF0a#HQZ>U#Fq~AyWkS5k>0t9^NuDCL)@U_i18D`^pS5*hrGsBYmO*ElN|d& zKI4^FRTeA7YjY*tO6)!2Sc&!$i?b+YUj;ZtirFpt9Dg0VwY74)_dlC-x1`FRr=no^ zO3b!Cbk-MDXR0(sa@j0&#J#A!e8?`Ro}(SAwKP}b8z+jp<5#jO!J@o>AKo)(Od?d` z8$~jO6St~$(+sIu_)p8`0oSYGMpVJ5ry`+}=pSijoYpKaj4&PVp>VE3!eWlpF_Yr+SvExv?=d37E8+ zyVyu!+2(S(kvQmT+RoXl#;mOg63YM9TYS1rT-&8K?k}DS^hK&gS8$apTf?vRE5<_d zGJjH=+*1FU?@4`xO-?iPs*c?^E}>9*U_6$wLT%G#ZUg#q1GPOSQaon@-;STm?s*R) zI;zUh87H7aQ3s2zIUPg$;?B|$Z5eDgd;Gd(CAx(5>qZi=8=R7IX_m8{%4`=go;>QG z+ob*&j2-APnff_~fbKvey6UJ;WmH`cbfaT+c|alP2W@nL2&)Mf10Ct99B$opdW%X_ zvfCWgbkccYXmL>;T$ijv?8LSJu02V&HHDYZA-v{~3B0JZ%Y`bUq)g+{T=nk4yr*Jjf(?WLRH zAz+%&$4r?1)6>zdMX+5-XX+AB_Iy+O_%j@LJm>;DwIswOjmRD_UX^a`7w+Ti#O$zz zHdC}AD74m9$*xpKje;Y-J>kN&>kIBd0GVf1-2T<3DIQ5J4@Cd`r$x@S>^ z`3!MZ&>A9@c?oh=S`oeU%4!AHuFIs|l7;o^nq4|8n$w7y=MkXq?4~)OKoyCQPUI^Csi^L3jb#*? zS|JL+H(4{i2&21NAS8_xa6+aKochx8 z2PCuC-O$|UBNlp~<~kS#aE(Tzrv+Iq@Q(EJ6o9&k}kaPtm$T7sMTz8 zq|4g1h)^#lyNa^_h=jQ=`DQ4?Vh4CW5h5q?#`C{UbfHv>6+eP} zd5j(?lsl3L49iM0+Vh35X+S%9CA*|Jumm&iw($%3_I+yDV8SqK>-DAiym_t7vT4dp z7OqwmYgLfQaH=45T4WT#qpUzxP!^6%V7X1C=`^N_TB!G&PYyB;at~FW0vbH5k2Z9l zcPcTgLyvRmV0k%XFPSVZi8GI@pE4zvp@zGPJ-3!IRD^L*a1fPwV95xjOPpNXFx0YXo zaKcTh43&+QhInEmm06z-rg(oFyh5O12j9wHyF)S5QdKcA*Mezrp?{dkXLt}<)4V+0 z>Tx<7+5k^oS}H^-;03%W6gNGDi*a@2Qf))b51!z@riQSQ>~I_b8B}vET*8?cWuIvK ztwzh>y6j-amZq-3;!j+ZXm)EZ_sVD?gtbUwxZUIRzT<3^+q4Iv`qz03q1d_oLkgpv zG=b_JR+zMXXo_WWIo9*vygefTjmyk&7$65s#xb?IXDO|1-_?_i>g6lb;8+Xs`{UK7 zTnP!x0JM_7^q}BstO2p`D#r|64yS!|A{G4t2SjzclO~lkL(Jj3mRrDKOE~=+uAT=x zTP8~>XMo$=5o{72_%MwHcfxT3XT%OVl+gZLg9PXK;((&pYY}##Q;thMxMf@%CcD>W z3THNW(En^4R8uO;_@mtmZi?{_0YF(bv6jkSpdtxKJVK0b_8C@*L5#)$Ph^?C{v`$ z`3Y|9n#WksBUCu}ihG*Qe&jNiByw8Ett+)|VFIGO%ZX_4JkBpEX|dRc48a9A?OfPS zm#ZJ>z|2MRw8z`A3=6IuJGfLFi3~RG>hAO?P>wK@+7_2nJ3=}NtoKcnLOxfu5fd#Rw4qNFT8K*h((;8?J&i6m3Mq_vDk+F9 z<1}OxNF!Nm(L_ z)Xrt&diC26b6?ZDkBmV-+52%0yBN+{J-J<3>xO?$Wc-6;J91yRTE1WQZ^wOPuHXA! z*Q=|qm}i>Mo-0mR^(Yf-n@UL-1(Z4wkYQA!=-U^2YolR`j*b?ClTjYeiOFK z_YGpyIG%Iw1FA8(wrnFM@lpPNyvVO~legJlvU$X-ySWDshRA9AyB^;GGaqTA$YLD! zu8yhpr6MUpCkS(lL*O&4AF7NS>Z&F@+ zO#-^0scIAo9$MYsG1>x{&&*wK&j|j)VmBfy;6e8G#kKEA6C;{1Cf%v zy^1jbOBCj4;0#FD0qvbbAwO+>pqXDHU+~@jJKz%@8Z|)DX3=dQGo-idbddetL#GG7 z2K3@Fy+$KM+4JDfU75!4sNdJi{bKE<%H3=P--SS3-Jf)k4Y)(ptHh&3DvdZCuyJFe z@is(81}*Bz6{ih=oYaJ#S~?4f{q{2F7<9Ce5{S~=D z=o#)B3R|!#IA9t(1!2law3>MG3gl;l5C>6>U;;&vJU~K(09E3v8Z3((W^c#6ECT zV&1B1mnk0KC%*TuSUwYmR7f|bVnZodC2UAmKd}t4U?s4_BQeKBSB7S%eJrIEvKY%z zp*7k11Y(0xr<#s#EXNAYkt~L&i@HP_J0EaIf^PK#D?_t$gO!Nkia5_>Ibym_Tjax* zOfl(=Nynv8w|CZ@uF0mGA2Kdh)sfa+G-8zINaD-ISASM@C&@7j*86>FtT@t(km-kdb*U1g?8d0ZATbhBlFRZ+>0UzaciZCH3 zApdlek&%C%7Hc}-ZK~ljYi;LTzTKrX7MikfEO)V9U|4WxP4$;voFmNHdlU=rWnsvt z^+_7#mqa%6@8+&kOX1~ccq)ewOl5YR%2uWxsjUK&pt!UlqCqh{&rz6ZQPP7U_5qN~ z9OC?qZj=3(k|NtY!DaRvV{9(5C|EMtr^Wmb})HV8SAsCufq~4@fjv=kwgKJFl^GuSi2;v@@ykBCI;d2NHxZda3R!sRzQKWKr-c zAxLE3E>meDA;0xMFC{f%gR!}~*kCHTq{PdIJk!kN$qH_n_y~=*22E@hWlDXQHXSbq zfz|eUFC|9{sjh@%2wbN?T~W<-2SfTBf}+C>F0s4jR!+X(rpSR^{6eno|CjtlKeqz1 z`#Y-x5_4VJD&uS*p_x%O1~4wL~uf08}|*c~bU_Lc>N z+%)-PzSDzq&LnLPErm-!9ZO?(!5`wiXP;hApFVm&GZUsOjI0$cE(QFaBzJL@z#PNb zU(Mj>DAspk46ePifo;gyjVqMo2hT{`Pm6J2B@s|Rm*!uf&HOnfzts7=(@SN>LZYr3 z0Jp|=T=jx?6~O#eCppJ#n=`Q8X8`<-c+J0>W@7d|JP+F1x*XR_Oi+tO4Ctpi` zd7l2CalvG&1wi1#AhRWHvF+=TT_Ko=x`{cup(}u5SkS80Y>uXo?HF1U;e!0UWGqX` zKyJZ8r?tC+wvkfeW-4nu(wQ ze}P7SDItBBQUEWae6u-%%K`}sL6SxvWpq!{fmj|Jp_LDpU9@4~cO}95s&vKY$L;$> zI9cgQb`3@81z#ofjnvy%w<&(9zQAi*c{UbxME0j~$W39ssRnQ}1!H{pvWxzd+z{PWBzz5&N2alJ?LT5iOG#pUI zO$Id)GPU540clMrfTxvc94{?P4lbOCc_2}kn^X$KuAWDjfzBclo5*#r%;{hP7(vuD zkyA3nx*<#~MMAdEGkzFER-NUTwHdTEh5cB0*pt`FhZTbv7ls$D1m$5oJ}?OtfIFjj zVccb}B^^SxrYS6TJ9)WnnHYjqHU^r^TgAzwct;2d;I)mcZ8r2UUmRn<6;B7}RC(G5 zO4QzB6z;B5Y#8dJ2mZ8EF>=3JlCSjU-lF^z=|z47;{37wDP1`0SEoHs`pkKG6mXW; zcH9hp`bt-$TaSeXZ6mNSj%HLqQ8jBOkI5!^M;+yf;x{Ib? zO_yS>u}3ZW{mP}7{LDH(?ZVwumU1R3uIBXGw&??~I~V|Uuqz*1cq8r(a7+8bQ~Z(gratM$X(BooR{=)w@KZq^4YxK$fom*vK%RkweQ;(6+quax9t+nY zhaFY+@Tz=`!xB7793*v1OvshBCW_x?G&jKmgJA-lyIQV9dM;Zm*L_DCEBaP zy|DJBwTBx`d7-T|%;e|^Qvo((#;rfiF`sE^C1aQ_6V!sy1KcAdmVKP!&;X6DnYTAR z^57OGj`m|$A41YbrqB?;)eJ=F*R}Uy*8?ptM`H)VUPR!N4=?G2n=hj>=coCVxYZJR z6+u`fZ`Bt}u7^SShcb|JJmo@K2t3nPQzJFoS4=0GNoz(+H5OeDIQF0wVx=Dq78>qg z{98PKb@H`{qL<6u)Wb0B(Dq>WD7?k7B|@;lBi6CEgT1Kt%6UcVNK3*pVkn0v=NEU- zemVfClP2N7Rl^)$1b!|TBo(UDkVx;w5;A%6qk?$*MaB2D`$`5fo~50=u*8VL@?f_v zV#Fl8%35y{y5@=+Q~>8(pnTZKu6!TlI}u*YX+5+eK)jI<;OYvBFfX$|CePRKM;R?8 zf$sJcCrzZ;S5~e=7oeE$_l0TlDYg|FZi8n4jX~Y-{f8@!?zxJbqCxa~9^_j&IbmtE zc}Q_2)+n8T-3)vHsF)t^u3imj!<@$9__YLa;iT*m-Th_7fmukroHKLBj26WgXQQ3r z6dS3q2~-7DX3VWl(d@ClVu1Pw@IyE{fNEp#cnFmNdRkRuH z3jwPb+j4kJ$5}XwGiZ8#;LFm|;Ql|U566GjGG}6A|G!%1|LV-O*sX}ZtF?1Z{xu%G z03(2!`8IP;!vV-e5FZ59aSw**_8-3iaP1^+>{2(^V=)EdVjIUMH;>cy?u#=uHWCi=x^JZl?sk^(Hds8GZzAs zCn-HY_nz<0@3SkUag*S0uh)j{ljwc8dWSY2AEetqB_BLr-{;^MS+F;mdf=%nF*@JY z_ldswR1ca*yN45VyLzR)93R-bVLiV;RJp(P0h4#TF7JS|A8B#uxyOC${Tjni#Rk&Bs}OnDPlgZ2yQ^`(>EJ2Zu+k2< zD45TKaeRJnPm7MqKOE6OMIY$Hdv-K?C1tlLQ~5YwxV(G=c63`|R{Eg(iEr3p=-Oq| z&T?&RzO{Rxx0ceoF^kO?sWpcdwC<->4sm(DYVr8!|XpssiW3{4Ex1dti<{E|bItV980Q}^QJ(u4W+62XlaN(L1#)nxtQuUyPx+FE%Wu_0%W!fo_nnM5tjWC}nC z0&i3dMo{luF<+Rhg0_a@^Du0mNnLl62N1wSN;;Z(HP5`r^(Oj}D_aXJ5eeDoarcD7 z#N-DEw1ij5x@X-EW0#P#<0Y8EsFIU8jUY6z*2u0%&biik6E|aWyG$c)Ekhq?cNg8?|aeoU>k_*zERKaoAWQNj&3Q|N&!9FRozTdyJ91sg%qUJ^ZHpxXO zpD4n;=UhUX}r3d1qUAIp#(nDUh~0B?DES0wdO#5gv{ zrWV)xxS7X8jO>2;NLKKvx+s7oO! zNYu|BJ~{$GhKH2EaS|2?76gQdxMC)&$yred_pSsCq=r%0Q_hRvw20S@%5(@$A04&2 zG!3+qJPSb&THIm$X$k&G^^W35nzG_iza&ZXN>eISFZ>P(7#}hKESJV!h;NJ0%IT#f zf`G1OcIjDR9;c#Elm$HKz!RSwMduUo(Sc1CgjIy@U-rZ)SNtMG4gzr`M^98~i%#|0-)^KFyU03ZWnjA6IKIvE)B|Y6NL{Xr45)JrW-)~j+?MW~dLwc}#PruhD9wzO`m#8!@YTp zJ4@-LE8=A2)iXhCdT}DBC_WzpkH-MJSbI@*sxji7>m&5N{xQ z+9TB;>V)B{V)h~mN%y>Cd!6}DmqeVNU7+EXu^wjlX+Zh7&*?ME&FS z#MN~6JwO_@AZKd}&0WUY*aJ~52U~4DVlmUka-8$|vj}!z@M9?`A%yJwB{dv}cNPOc ztOWpQQn+MS);WnEezK5l8H|7btcjFzTkiNoj13P!8op(=8#J^4X_b~i!NN&RD7k2WVW=)vfSMB56AxKYE@6(KU3}hYiO-umdAkvL~BaOKVmAw zWn8JS@%1~SADM9xlIAjAj#`*pvZk5=*$*YI!Kinz+h*)vAx7Fm538Q1IpRbs7V^-^ zFp*l-mNtAcbZieecD>nWk>*V7L?%Kvu{}N(i`o3q=)0DEVy8jY3jYVRF>`>ZYx@Sr7X(-+rGyvC6*9Y?~*rCB!f(S%PMM zJpt76KNx$b=uDt)OFOphys>TDwr$%+#kP}*ZQHhuik(#Ku0B2fG5*tiF237+yT{mj z%{8Ajm#kJAw{4lviCx_=%;Kh^Y;yi201LEIo1W49QM-%n3%~Ft7$=*1i&E&22~SAI zay3ajn(Jxc$*w6$_2s~HU^wS}A6^#01Eg9y&O4jvHtH^^S;QA0H^95}$ zL^+0yj#AlX_Nmrr6g^C5`8F`4%e<4;mDT!K7aYbkKcU#^FNyh-X)x6U4~!W$E$Y^c;;tDYPi{g` zm+ntMw`2O9y$W)}P|07fLlP;nh}`nWjfI_K9=tZTRoelLakIf=MLhg2&rH^S83+f7 zTYNkvn{NQWYc0R?=67Wda^#p3R@R4G*0Wpn0U#E4ebhZn_etd#>0X_}A%>Xqr6tQd zKXMase)Xti6s2)}9DajNON5SFPSv(VoCqJoZ>`SnBndJ0po)1rhFRhHD@{(SZ^YTI zn!ef*kXebdz3ts35~=uzXI+;<0rz;x!)ZCd*3zW&gpT)D_5NnvgCD$@?1^pjTlr+c zEj_Che*a%PRcp=Ed`*EiLe9r|rPKV@?1-9qFXDSO0|JUG1cIfGa;ft;QeW5^3toQ} zF(2r0mTO3;|3%9)O&>JCr~kHfqe&OOp2JM7>FYSw(&^R`nEY&z^g4D(A%o&d!&}gq z3s9hrRnBy1VSsiXN(2?&(!-kM+l6)Z8X6qubYra*xR&xfAHhvY4uUl>VmKJUP6!U` zm%0m6^ZBo=%TkDo^Ei4x&)JCVmFJZrGr#5k`a2ch_l+%={0DvdLF~ByY@V#@_gf0W z8Xu9!q_0X(TODkJP6{sHC5YM$4{)>{d@fzo62`v_|mPW85EPl`Y=_DxA z8jx{fanC|?r~9yZOTb94WZTN7kgqxemVN6DmSt)fs85hDJW+MOflRp(5OdCw-lQnk(uGE^->XwlFkAuw-kP8J{(L@nCpAkK`vj>D7F zyTEXJPP@Q6T6D}Vh;rirVc^IZN=p)zFdy+>M+HJzO#!wN^?kM_aN%DDV-_uyt*On1 zYJsR0!r0@5_=;)R;Ng~tuu}{7ak>H8swYx`DWKsaQTR!V(4DD*07N=OC)kn|z)6n0 zo49r5Cvb}(-8+J%1K^tUREGyT;;S_H@3yu$^eE|K34+_DnJsc_b9->S)(xm7c-Uirq82Z z=h$+5w8{32N&opF@(YS{mm8=icZpS~qVt6{h#C=tx|0sS)xKkdPXXOhOhLRC7-Dxz z;+ILzEwcPH(Z3>1J1E3#8tvpUK^!J4wR*ND=kGRB!|F>HqP`n9W%h`jGk3G9UFQPN z-@HkYe_9kWZ)iY-5-<=P7T7kd9S+IsI%EYIWl>T5hpPc&K44$50jNJ4Ztp3pOj_Mf zsm(DiMCg%e>v!&sTnTx&;9pw}80O>Et^`ZMQ_?~=4cD{l1aqCx7a*dpAUHF*vwGFP z7qXO6{r8677=XhwPl;LqhOGzERJ5ESCe{#=;4Cd5hH=Lo+q5~nTHerHHuDAB_CMgM z8<><{`!P-lC;J3}7p%xOYhGt8rgsf>*2wnf>-4tHpQJ|HVv16a1sKiZ*^yr31oqVh!5`y*jsQ_`9-epNU3TLl!)DLS!*aF zMIDOMzKGuql|w@s)rHZj^!>FS^iH@aIPD5@fPY8tA|9g3W7>})`^13XLdhWz#WlEf z6EXg>0f0RjZOMM|`^JGgxKS+*80iAZ{o2q~CgI)Vle4{mnxo#zDGoz-*3tC^Qucp= zq(D^Q2;BuY;%&ONB9j;#LN-qZPa`C&st{GDNd+8hoj~zJNUj+KTynP-FLw5tdZsB`5-fK$$Vag^mJ2+y+#qyOO z4*3p*4nG@R$6h{&0(nZC#-+T?#obC@T12XTm z28k-X0fg#d`~i{q*zYmC_+E12rXSa9@Y{m+z;3iW350pe*b7P3M^9{b}5ZWnpD; zW#Xj?jfuoggRXUDaWZQtso>qt?W0S4aO{Hw=PPq!OAw}b0xEpdnYEY*{?fSYk(75@ z{d^#K$o>Vxk-X|&4Ac#S>*TXKC&8zxn+}=LB^?RF~9xy2cymurVDbn(bHKX};5k%EaEP_oNP z??Y8WqB9tRJtjAF#@{kL9vxxLwO%Jdti}>k@s=&DF5+4jLBVP4EYzs%(!#!X41~O@ z1%?qq5B&m6*AZ#cL$E@T#k!KvX-SqpbEX;lerYVaQXU3&NS=kT<=W*ox-KCFGY@mr( zuTCw$;pir3v%Z={Uy!p-ur*Lcbs3bZh6}(;p1FpFB!HUAG|vts$HK%<-J$VrZG_4Z zmH8448zQqd6CpZ$m@t;O;H`8TUtPjQeF}#Al?z0&f{mKWSqZrhDf)}?oK(-w3-LQ* zy4(zP*KwYJEHk0{tk0?hFh9h4!#hvw(&!17NuD>aYq#JlwD?#KJC_vHW2WHKyZoZ0 zys-I{1Sz-*w=wL72 z#Q5a9m}`jv0vo~4ADeTaT~2|+)X!od+pUc>y7wBSdpKZO2VJLqbt~@#tTF7yNa9)L%fj4rm>XK@#^KUY2y&t7yAc-H@LZ zjp{`+fvfuX~cM4sa||`Z$suPRF^5 zQjda!-M;cQ5)JrgLKC#q)WWc()6E*Xg-sblBAg+Qw!VrkM}4!xo*`B zshz_e$Z9Wm-7wQR5dTd_8}3hgV@dc#Uk!xoHV@UJB6V0Tkcvz+J7Sx zb>s{J4O*D=p}kqG>ghJNNKJxIWz)KHzy|ocBu@4lQ5@l7Gf*Un+8AI#0rTOa|J$<* zAxK`d->eA5kZ9J)u$it4CFz3MB0g6;Ef3iYyhm^p;0Gf$@r2OU$R_8vPb@W%$zz3G zMLHrlw>*%#fglYF*d&tBu%MYmuMXa%#TBQHjCf$5Q*W69qs-Ox8&LH6eBCa`8Q!88$+l@?`} z6stOKTyozXq<_2X{n$kWHd9H~Z_VeN@`|Zul#qwc1V5}xrsGdvmoRZ1Ye?g}{K1t0 zn9oPmOk<0QZZ9Bo*OQct!U`R1$CnYJ{x9ls(M%)VuG_D>SV%$EYGGU| zJ^?mz7OD^#7(n^=8uPOprYTJW6lBnBqc2eV^pF^sJ0dbM4%yr6HV;-MwQ*PG=iu7f ztbLGE=J47=f@-FI_E0(l+OdiV7@sM1<{)fU3pvknw@Xj;@|)b}$d#zw*G&BfTA7IG zL^R8JEMty?ztna22dAsOHKVY(;{RSHwYAFVZ_ajkNVOWZKjLvnvc)aA-7&J{uUz#B z>jQJhr3mBXlInFeI<0FEf<$#{h(m(ZoJI~JqvHLdmpSHRi*jKA-}5`Jo3m!PywGoY zYMnsvqe^jgG12WyowzZwXHxQGlPUo?7A@BjgfsSp71L(W*@)?s zT5bVb9Iq{aWV;U@xuNwEremr8s)5Pw+y3BACxz#Syg`<~1t%$c$8+kuR0_#dvz}7( z+2+2NqRXqnHT1#Vv$|7Co_ibj*gF(oY^od;6pyEK#SvO;-6+oIIVF3nw^uHSpcl9 zLflu$nq{gqQS#rr=br3Z;mX(2m$K^QLg4T5lG#Ty+QJ^Tz1~%L@Gjrc#cD} zffw`492RAO;MOoP2aL7vxgAuB6-3qe6*N;O_LWg@L`_vLju^)UqejR?EFck20&~H{ zjb87AmgukjFknH@hCh509e(&97^2fe<0U#|#c~_liHH42sw^-*hZIK`L(I-pW9pOR z240m04ng9>LUNB}VPxdWXDMN>pS?#kSu0{LqeeId>Ewn7GH)!3$3r5~LIh;?vPiF$}@a5f= zK5xhZS=M2kde@z>_rCTDeYcz&w3X)!(x^D+zfbNuh(RawH}x>DpozNncaH_ZLs>ab zx{O+i6wnD)O=f^b9?2wiqKf4Z&(eB(^%_5ce9VvC7msm5Ci-5Bmz(C0^+TK}B>CF0 z{F>^dS7AIgQS8zjmG9;}G;@5epHc1W#+f_t6S^Jv-EY3KG(p(oDI!6N zglpfWXGV)i z72@vig7djm;gfSP4`CIJ3&+vOgQtoH~MU3>tG37FjBQ7Z_l$lQvDb0)G;M?O_s7xCyKYUa8?jE+$%r{_~gBU#a0~!T^P8g1O zAU4SrLpm~It-7DG4|Mw$NFdIZXvn%cC!lJqUzOaE!?^ssu#990uM>cJ&0h=lBFtGi zy=?pE)LG0HS3QZmKfNS#j@9i2@c6Yujn4Iby@0Ld^6AuM9BzAgJkK)Lc+H=DeoUP| zoD00zcjV^nUw%wL8`uX@^p=cGzuEYI+IaANf4)I#X0rs){~#o^RPX4yXA~1siVciA z^C^Y-e|LV;&dv{QeVg`UKg1`41KqT>!n!@W_Jo!9d}+M!?M#@Z<4& zJ^n{_p3Vhu!Hz694wh}58wfbl?_&_{=g;lU{LQV3|KSgK*U{0UoJeWewQO|N6_c8c z{i8cX4Uw1TsHT5Neg7bVyied~wFb}Fzkb{qe2e0r#xOP4pWqtr{`LkWaC+LTm$y>i znmBd4$mi}QzxTJ#ruRo!KIj#6Fu04(o2`ei5htb8+6_@lY`|*>%aQj$ydA?daCI@&-K=Yfk<`a|=QLB?%UE z>1o~{GgBi^0rJrWLM_X*uJv52m@Uy9JMyHBe4@EP&t4jq>JhM6?AUwOGEu4i$RkaG ze*%8#tKY~D6XtG&x|82YHD?Hx{p5r>8_CMVY0+DK;nDo!MY*5cBWg^55x zj#krg(zCzYu4W|KnSUChUD)}H2+t}=_nBewD#P;O#ij_J#V0-ttGFWaWFAbLP5fn! z{xb_k%6TdWh~N zM#~WW3Y||x!~`P=$)zyXY*NNZjHolT70V)3B->DK5|8e_%|513t!GV+wCi_IXFJ4R zZJEzZVd|eL&zVWn=$uA;Ftj#}XsE*&@C3}_JJ3-h@sa@l8hsc-yo&sJzFN%;f%L4U zY0KZPJG%FI*-t6{hOj9%b*{cT%JNuZ?D-2D6bL&kcJ0WrrrGdyg@7F$qW1pm3bfv{ z+|snw$?o%6+fxvjq!JZXV06?9`Gsanb?7bx$7w;oDizmZTCw=w<$y)Lxi_yo#2H9= zUcja=>iZVW++;Uc)2JlRA49bei=#rjCa!CVR}*StGC&E-fD@DRS{;8>D4w1-L44yb zv`(y(O^hb`;I0#{`4RhH7M%eLaC52QvY=rAj)Av9_6>vLop5Ta(SD^R#GBa)jW_q2 z9X&HPmT6rt_&Rn>_bE2Qa3n&mu439#Obpu?S%@d@%grh^^YndVCCjhALJ4ww#R4W( zhmep;9R@DFnM+KTL@@rc1UH+@5gAS?nit~;z1)RuTqvqSGe8HaPKVSWaS&xbOj0rKTw_}V2(#5}+_kmPTZ;cg_O#A5{G z#CBU{qA*pft9Uy;LLj%dmGy8Dh8eh3O}F#Vloc z>njQv|6zTek_3#6WBBXTmzuwQiGt_I)QqTKCC@ln{A-1wVjI|hyK?iL{kS)-o#q5$ zkZ@ZBWE}6I-p(Mb8sax4=~e5er}ky(942gNbXFQMg2G6Ixx>X>EcPJ9TnggaAm7ie z1{%Qj$OPBerf|YCoTx8+;qcHSECnm1=DWiTzU}r#%s-)HHWSMzfa*Lv8 zrtL{Y@R(oIs=2(5+AS6ywf?0c0`zJfd>oi%78zss^U9wH;MZ8qr8{aoU4B!Igg)<& zTImPrNxOJJ`QN4Wqd{mCIz(tORHX=@3t0=jvs2>ixSs%gfS(DfNR3LpQAG^NgBZHN z?GVh4aBw7|cp@Iwv#h75!)esKuO)xMX4Zc;W;nU(NW(F*42q1rfS`Cz!k0keNGZ!e z|M*L|bQDAhWSu4U8A0^9E6LseyACB;@B*!Tv}p9`To}2`Y}k0eYzy9C_ccfbgQ36#F$WLJWc38_Ufv zdgfR7r+ifb??mQaGU)t^sZjsly#4f-eIRE_{SX+<+vA43+Md0o>vZ}0tFWANvwwf` z4foZ?q6K8ffw}{yUiMX6q6!Xz+y@dbM|Nq)k7={N2^=gh6vc#kiN6YU_DFg<#=5!0 zpWuW6Sg=*b@d{T&4;ek+Q=v(e@~bw_b(8Pf14ptRsfB#2=%2+#L*Kisw7D>76e`R< za;kw`1C!C7ab(#XHEF9tjkP@=0@a$D_5As5GPkCiXE)zfEd@8d;S5+AT=Gy%bwaDL zr7P!9FT%=*2qewzapb|>He!^JYIuF>o^&{W{I;Ra6H7DV%C$YDICl@6e9P;^Xez0N z@<-?4SQV9g^R@EGU@Q4%Hw?Ble%Ss|u9EEMiS5Ipr(`KaCmOaoFu9A#P2>P-DH@?A zG(TP}=Ed)e5UD@KYfbnv6xd{xa+}raP`1y^l(l3S?lqQjw&OOFHd; zxK#zB&9%*as;96|#)6qjwQYj*=6eFMK6g=xi;!A;n2&fn=C%rsT4T`uj7 zArYf|WpB8rnL|mdIvCL?yW>-XtZ3ld-YJnmQ+Tbd5T;c9tqu(dBXw-;5F+Kfge8NZ zjTx2$-`nytC+4=X!@VqXLMsQ&ScDq68Oyzd;D28VUuQ~mEUoNRvLJT7m2`zk_pwr8 zrzTRN$*tjIH{bbzacAwT=Dr+u6m$ukoSAmbjYFO))qiL2?b|$T z5o7=xJ^%^9sRjYE{ykco8`9JR5kaVbHxG&k>eMV#2OSUWgsKCw%T09VtRvVRJalm& zU6kqir|X528QL60Qo@A##X!WFxwjQkg!4r6`$eh5Lz=#)a*kKNMF}j(nm)F3AMG_Z zd85N>*1Y^CmK6?JS_p$@vMhBW=+0U~%!Onoh#XO6R{Ok53!TZQ$+Cy(2^|sEW3G!H z)j$m*l95Crp}Kl!<~JM;NR@T5M0-f7^IB=bi#X#2D~Nv$ySaobr#wqvKeitg%D%|5%DWU zz9jiEI}oK}_}8ytwbg-%DLA%Sxe{=4@GnowE^h6APsxp2|5@;^QZedNTkpv?dlTIt z$Y=s@Z$xL4$>+RdbVMdWb4w`yVupNj2(dzgZW>;bJSxAy@*)ac91ilDJoB!(EBKii zMlsaPe(&f*UI^}dk4XbzjpXiE?I8;zo1xHYJF(W73p6#5A*1FQyAFN z(few;jq}9NLfirATGn6QzcjN4mVSW3;V5@jrSM zsCqT7VbRWAn=50WXvKokc*wrHPe&E_2nhJ}_jWme<@x#EL)GVauTIs4Ga1clVymYd z$q9ZSWGF){`?>Nv_Vy0{>CJ&_JBRfgJ9Wg(5g6GLP+R-DCH$AyuwguR?gpvV)>1VU zmh>nhlL(qv3pqJ{n{VIe@|UM4-uL^OivDMPu;k~q+fT&f>)``c!P{`gIM!GOlPTC11h8|7}a)`|ZJCPM7{~>)^-bxq$=r;Vb&=z1g9H%g4mgQs3O|kG}eeGOe-= zY^By_9Wi}OP z)R*P^)0W>^cc3M7f}Ggv_cvt*yMC`;QwWi;m8Vgj1Ea$pb#EVr(x%}(C|;FH6dBc2 zPoi(&snFS)*c>pp7oKt>ax>RGKe|1DL|T-<(DD}Y#XgNh&3oj4eLj>vnzw6yXb$=4 z<}vL(+*Q}Mug?LLp-&5|xdlJ}FGqus_J$)k9W>0Gj^Tu1sXhr$veN2AEOZXt!yg$qqG4%6v8$=B^I$*=a*TwO+rYQFMXo7%%;=giL5? zIjAZ9ihJmqiVjLf6++Hx+|2xpMC{_Izpu9+mwIyYAHW@ZqaV6P83Hoz{%dSVVo)zy z#=qmB8l1#xl9Z>y;`zYwVWb&*up%kOgEtwOv{a1|nC|z7wzr=Y#f3EJNMxNjx9X%%PNWgSq@=depWk6fE6}~7u!BB> z^LjP1y=)_Fm8n)gE%WGL-6*m04T>1tO>>0p1Q+6OWAC(F^wnEz@Ah`IP(>Jux|OsM zR}_cjg0hJy2O+xbh=2UsD@`EL%S~G*76rGht!h@674+m=o0q@rerr8m3 zP4Z+t#kA^lg>G=jHO#ZkQ}O*A(#IzxC^^g@z2#z{i@Z|Lt*9}gtVQv|FW7(1>=q`E zwzneqUqVb!9gU&G(&Ydf4C5UN6YVOy2aukTjjYDXfZbSIyMl~^O%lcM{%)A0L`$88 zx=|sUlP)1t*Pv7M?|x{S*7I$CcU);?)S{7K5ueQ9ExAqGt3o=I8*Z8-Kt)8~b$d-3 zVV6BUelpnfObhG+G{53A`#2#OVv9W+-oiBPegcC?oZvk(QjsYvUF(1mEvKuC=59SU zzf%SnQXwGIrPSf~idB%IWD-Wm1}yKGZU!kMVxgM*4yG6l&&}mGrN==IokoriU4sTwHzHGo?qvh z-v9+GK7(WQ3J`cSdb26DY3UVJ{=-8>#;B?hBWqf*OJ(;ZpAE|cGap5W7BS&DX$tyg zC@O1xXZ++rL-0S->@km)4UbuF*xiK)7QH}{gE1lf{-q<;h=0lN~HVo)X-?R7NPFI|OC zi$dAgtuLuItv1(irqb-L*R<^I6(KIBON*0aqAIl??ujuNWVGk?NfFTLI)4so7@E^- z-5@z?&et%9xtiRruKkcDndl7dUpyRPdV^Jnh)VaQz-wT&UP_=ri#3)@gH&!>I{$b9 zm#>eq+fMN9!dF)l9fsXzFXPnDmL|H`H-mx)5vWFiJ%*uxg@qu^YNcUH8G*o8j$NPLUj{0Z0W+E>`}taaIh5t{wuy#LcjegMH0y*%1s_hUu438z>u@sy%wtRy)qxAq zC$j�$KiivG&db)E?0#C07u76GA>Eq*jsy&~9~864sm7#|wTZf7N-q7Z83`H^ZP} z%c%ggpBluB)*nF237dt7ZG4L=)5bYF=G|0E*(TwJ_Jhy_NkmcOd<47_@aAf^QTW*3 zLFDPgd0@?V@d574iZ#UqE|v@Ww=>Y!LE-IT0Qn5gu2nGeBJQFnyR~h}0N(8}+!eA^ zH)H|C2SxVY?m6sf{$qYEC~^@aD_dLcm`-I4@Sak`w1cS4)dca>`J)so((T8Bn~^$5 z^Qg`lM!)KK{;D_C6&h{Q!h9$f&tn>;< z`@>0@UO2=7INKIl2vGh*Jyq?iw zp;bBQtlA>RhTv45&g>*)TF$`87;cjts0TMjMh4Jz9X?t&NoEj9hYfz>)m-gt!+1bC?MTTGIaWW}KNiFvtWeifRIT$#VJx84PCmd>T=Y*M?Tpgx@B7{uF^BwV#o*^y2GwRKPtj=}8MdYIVrU?q81_sJbp zJ}U*iR=T=vI}7;M<`#6-*m=6MWzKc+>pF*muPHGmO+N8!J5B`NkMey!b#1Vn1Ue3&4;t`P zb@(Cka%T3+s2V0pTH#+}$JJK(Cgou`kk=T)p%iV%Qnm5t?=9=v3=Q!0h!M=@#tD8+-| z&Fimi=k)DHgW-c3<|^6x(42+dPY_VX5Xm=j#8C0KpilPwH;+~~Ws29asvjO_uUzyD zxgHsR@pdFrKBUu&z~huh^zU_)@rSX%Gy|8{#Xqt97rYx5tu-Z*lZt|lzCgURm)R6! zbT4)ADjlL3FHb*QKP59H-8;z|vS0rS1xBZRhBR8ZHeV+t$Yd0K$VQ3F=)rG#^E^g% zQ8Hv?$!C+`aa0;}#p}j{719omDJLOVldm@#{&pJ1HVzQ~@ONwNvd=%eCJV#X)T1CP z%PkW!@8!d+{7^*+If=q_7InB6)QZy!*pZ;uPZVVRS2=s@|GlDV47X{liCS%>PQ;3XTAG0Iv>g*TN-vd zxB#E4B`WfXKLY+7J_6-(0fpuD$qpw)09;5fMTLFqB5VcB*`hdu-zj8$q$18KuTvT} zg7U6l@^n-Eegq#Sq$5;ciY+N|IVJmpOSdcSr;wOVgoodCPExRRL=1f* z+d_N0(Q`k!+hl&XvL#ko{>|*nS3by~z;p-~4$GI_aqaBRl=|l-!>HBG^6qMIvuovQ zC^@*lin%n4CsHvlLR~*uY`~^uK|Z5#x{jP4X)+Z@>)lO2l)6sg|Df7f|HJt?rvJ_h zj{LXzxrqaOM!06dt%CDtPzrJ6MFhs)DfGV#CUT0< zhnuV1%w`Os?1$UBviP!}?XF{Y@Ay6gdHHu=(70D#M3z$ptJks<@6XSBo*W(7?;Hcj zaqSa(dLHRTkDNk7fI&VLNxlGGKG~b>SmJFT|HzYutnx_y!#lj*69b_<^JS1nvWK>$ zPuie@A)x#re6Eb+w(sZuYm9JKSyaolb)*Hjd|zcQuj;3DlUw}iT~qf?-cRp z36JbI6W%{v+W`r-ue_T`ANZ6sYLXvUokIZYZ+sd?tN1@@c{;z^K^X9U z{*nJ9t1d;Pq!-cHM;<5qS9W}+++FD>N+U%y)8dv{{iuKf2#TOJ#Cg@U=edW(4;y^E zJzKISitwI5a&N4U>uz$5r?W6Yl#bTYv=B0-19>2ygh%OCma~>7oPw8i-$?IwRdXQ@ z6|Cjp=y*%**b%~DIN8OJeryKWk7$jhN}UH$@0?X8%&n}a&goc3_g_+)^EX~te;9JG zqV+VGr%)oY>TOBS2azh^Bks*Q(R4v$hMiekcTAK^&qBbsa4We;6KKzs5i$#uBTO63 zf&}k25M~zLGXw$8VFFnwaU4jS~4EQ z%Q6`kIvw^{Di-t{uc*Gs#L09jw#MFuM@-==`o^oLTtOYJP9ctjZezRcDty7PDJx75 zTcpwjnavkcQ}JuBrq3ji^yd4Z^Ow+x3cCr-kd{#k+lP7mnZ2(a1ICrQk`ei^WomlTOHwdn0)DxIaA1h z9QC&1GQA*qkPiehMs7J!iPz`FJm6&Cu*h)v3EKvBMTo-6?oOHA#zZriQ9{YMzzCvz?i5>Y;MmZdi%E+C1bMCv5NQ70S&^9V!nv=HvuCl zTs%jhv8duQu#P_hUFoV%RigAdG{@21a}fzsg9?HJqJ)I?Blakm$;v{ac!!kMvWACi zF}nR=u@IGyYjFzB3l*_#32_z`@KJAK0Z@r?F+Z$Et^C ztRud638I-3e=9 zXg?kuEfqZ+t_V9k`7zV$?&x^PgVdUn7AH}sc=f5T1tk3Z*;=_P>PHgn@O6-;M3GHv@V14Ce~i$JSqMqN25|ikV^URw^0Ad^iYwN#(mmb7I_r%rs}_3<~e9 z(0_{viAu2O0%xxA@$8+SOKdk2Y3A-w6_*nMxn!26rU`!;S`t^)9<}0MP0GXUk|%^;t_$$W*rtA(MC9oMR$<%xm_-A3iHEg#f@5QcG0+(T#0)*!bU$*S}oDce%?T6oL zrEh+hHeJvfy%u9%WRQ~;#pG`bv5dzp@FT~e*`qKTZcRC^Iv6ZGM!r+tjL0jq5*aQ_ z-nzfkqudxJ)c#Us8{%$(Bs}neR?GzbF%xISNS1UN`2ZJC10f}By3`C|`un1}H~k9F zT)9={CDe!-jd;i9!6WhCki#oYWXe5?67tAJ7Eu1DQbXoi`V zc@O3q&Rf=>_hac zREoER^Y5ni*kDu{)POO#a;Te~-zyBMx7a#$*>bwajXWS0QfvJ-jF-TQ7YPBdb4RewWc`y;jaL20GzC9Yd^J=Q|&3R1{b8Jvgr-b{8*_)yI3 zUr4lDh|X&K4S2Rf@H#yNdSuMwvJ#i`V=stYY$l$j37mm>TjnVivUdKCsT1FH&T78u z$M9>QGZWVz?q_na-1TKNhfuRvosQMl1-?rabnt^WRgbw8iXmr{awr63dqMs+|33Qn z5V&AL9||1s0`>)V7<1^D99+4wlMo&hVYqPpjhm^+@u@5V{ge2+^2G||4lg|!CJeK? zPFD=OTC~?_e_f+SA1iN+5OmhyUz5IF0%vz$K(-tep{%dIEB77Q<)Uk z+`}t-TsWSEoqpmrZxnH>->Y=}-RhK!$HAC~c_u#GrDMrL3*!RI$IhOEBA^5}&i_6w zV*>XMT?jq;%~4eZHO=dl45RcZJ9tRU&}z(gJD=DS>ylshjk8}kVAqpuZnpOA3xVOq z`pTrS&vN`_T!Nz{YM|m${!!a}8S(FRSAT3*RB%8A({Dl#!IlYd!RJV&4-VL!#fwIF z$tG#*^A{`3{%H64$X|wv;~}k#T^EqGI85s$H@F=>r##i<8i&*^AtK$ikcL|AlCsKQ zdZ0d`XK5?S)t3S7EdL}zIje8xWO`V7cA}BC;uc^ItLJsu;4TJ2PNa!3<7YOemSw`7 z1vClpnO-C94`yPdU6zRJwH8+0lK)K$vJ&bl4=%lfL$c z%iFv((5^_xU+soiryc>5JtMsRBZ<=|QjQMMQNzSgu{^7wkIthCceGc~R~ai`@Rw2Y z@18x=^;zNgajJE&4pl@jVh6yjQP{bOx;=X6wMuN4MI=Ktn^0Xo_IOW2kBhjU2W0hU zfDu+jt>Dy7n04OeFU3!w|b!4$jFJpkQV@)1jpRrxgUuP#`S2^b!rTGck}~F)hN~|nV3{=kNe#8<(=5R z-0O>$gZ=&a4}nW%)VhpGJH0$zN=MC(f!Qm?JUC>a;QYuJ@E7=U4T{VS_}PQ*`{yf_ zWc(jr$vP>Ct7105m$ygY%i}U>>zwY}mkYc89;ExwrClypV5TjAy7%RF?FL>_L+^sy)aevkX z&V*oo&_*Q9&G6gK>5_s&!1vSjhruj>+=+01=lb!MBgSb03pIvHH}Ox*L_9;z!Rg{3 zpY{NXx>xPFx}hhAAFjR+pFFhY9JF1-N~wUaf40=qltFqjjKKV*AEQ8h{xl-O#dr3{ zgu!jT%;#?WH6|9u;KN`j@!IR$myZgaJQNET8PK$R(lDJ&dfSyniaGg8H;C6iC+hgg zsHDzI!{6;&TR?stc#8CMipR96xt;c8WdCaVh#`Selv3w)Ym?

O+A1q7W0#qCM%R z+czkfiFLyULnqchPNU!+^-dJJycW z^0mc~nlqh~%^0zZuO&U18l{eOcIK1X@6RzXTertsP7)iSwIi2NPU&S-N}((#g~<^& zw!wRZDw(T;gce19v`IC%2nVZB0q z?KRaQ4yGx#q$>Qswh(8K0F_bz06411G$-}qGt{w z8t-%NqWCZYwLQWP34NNC{P%6Qzobk5sXe*)_emo_m;3?zK8FJ_0q%K=>xRb=I5jMi zCuj577Ft1kxDK8I^SzhKD6av?=n+h}AWkFrxdtP_ERZGc0oTlvsV^^yZ_y+BXog&n zCgIpzIY)-9a-cPa(N{8z({fUSZP;`SZ;0S??(Y*I|7^XIrUDLj2YD^e2p+L4k}eVc zOPximw!|)Sl?R8tjvL%8f*TytkIGIGux3*+X?3-h30l29m1SM#R9kW_^Qd`PuD3bk z7*Bk80~w;51x*VHPla`5n?Y|qGl~|y@V2>c6|qKzaoP7Fnd5GUxyCG-%Yg@t3NPSW zo(eZFD_N>!+0l^9j`BlJR+U^v(Q*}XR&{ST@6}wHN9bH@}6iXKUVIpp` zR|v8j49tvyCz}q#ErDtDD0!$;3Q^+KeyR-Zb?xi0F;U8-KXF5{;+d4)8oX3&ia>nU zo%rX#rAG)FAz6L)AKc|Dm#T*?9EPrMj?QM5QABzW@EMcJE1gnB9NG`f%wC@}P7$Yi zpyI0#`+0KHzzBBcUr-0HBc3cC7YwFAf6FSx&h$Nypx@}UW%KC0*)Y$oGpb`1*YdUA z#iUcZPg ze5>iSsKjKVy68Bu*pN4S=pK1mQ=U_fa?B-5an@JOJ9+=Jp6zzaY8)SpCYemRt45Y_ zeWX;#>s&_GP8$kex{UDaM68n(iEThkSLBdZtwN2%8*a~plPBKjR8DOT}xt(6Hx(wpypar zo4ix&A>rRj#W8Sq=rmk8n&Lvf^d{A#N%6r+eW_GMBQssleK=*$WEf7oQZ&s%&>{ph zXo)f0j&H}v1X*Q8*Cyd|3~;JyeQBii_KNTebx_<6(du*Y+?r^~UpK%Lj2dtW7|F>P zfJm7C#n?MGXBKU1!|AAF+ji2iZKrbw9ox3kv2EM7ZQI5j+s4~_Kkt`Qbv~RQu;!|o zwZ>TEn)3pE0JR1QsXt*po|1d_`aXvt1c|T~=LLgnnjlXY`YyGrG<->DVi>+$(wYSMJJFPYAu531b#ciz3KS_eUrClYW;`#20tnORl4 zQL3jjdF_W^sfAg*;z9NK@yi$!zm{DullQZ{^>r!fa%vr7@MO4!@N7urNat%B;B(21 z(=FK~yN&{tMD54oWRz|%#TQYIQqMnE zv;tA_%-0|8zOy0ip6X6)z5m@tjJ-V96_U_?@h2-6mhX(jhilncNsZ9#V4Ppluo70d z>8ZaiKT8MiKEt$fq+0tWQ;h;4y(Ynsl^%yc%ikyDFZO(THBRfmOlr&3UTXa0= zAT&c@NfkYt`iqZF7iI-ICYPyDUbdBsF5%CwF=3tx6%20Ge~Bz%YMi$^4{H_7n&|YL zK$31wLiEu}B?8bFN(Ij5Logo8Et;yx(jn(HiAXfI)GCB%fp(-?zEum)yW|}1V)~d= z?4Ue$SP(Rky0bX?2KPu822Q3w9CjU-F$Lz~&dU zMv3}{z8@hrZbUpX4T;LyQ`7!JC=GM~kvolvf&nXlSV$wR_}pE(6Q z0XLwGh0TwS?sjhBz zMaW-X^r>UM${>$+8O?HYFV*D|NQrn=j)fWqV86t8EE;J=-e)09&IMh6S>#>28hoKI zXYNnRp#MU0*JYJ9tMQf@_U?+|DZJpvE@6(s&H`-G)(o>i;W_dIC2P15u`&J?ESC6B zMYPH${HqA~p#-^xuyFsNe|-MZknQu1iBOn4?rE4}^rD|8-#GWQmBBQ50l;zjfMNhHiEi!C~$*t4Qq3IDrPEW#Bjk zq0mn{v)s4S2AcnrsaX=L;%f|+Dq6-)3I!qKt(PfZ9$M z)GGlJZXpsST;N8-=X+aFN}SYzub6@H(&@}O$on@($V{W^Siy#{%2(__esEPX|Pz1cp13Hc5uAm}%jEI>tu8fwqlTzx$LeAbV;VCw)+HI8d&lwxwv z7#rABIH)A2Eo~QNfou(r-d;d6@w#bc2_>c>0$MOW%$BWM+|zj1aST;c^C#lp8ecmqO%r4r=7kC~Te(cMM;b#!fR1{$b{?T8(jARKsT=kCS zj6?>KaQtT!3lWQ!uU9&Nss%OJ+fDM{e{cRFWQlPOe%>022X=zOk{p$?njD&11)0jh)csZgxByQVBo;4mvv%uF_sh9f3ZBZLmUQC1QBdBE1zRAg9$5V~r zT1ejqB_L%(Yr!a^vkJ3Sxt8=kWSY_ujiTO$PP>~K zghAr@3<`nvyong@QHv@3=(!q{T0-Q1S)W*k9xWBhi>ZTUo2N(zI-H%!!Oe22Y-`? zg&uf58eH%lf9pZ2|ua zL}dTJkq?;}+5ZRma7shn7MBC*pAF>dF^I9-clXg zt-HXPw}nf2be7Kz461*lkLK-jTj8#Zfs6lLrpN|13^aL`MBNaeugu21f5-)9u4)Ehs2@utg%TCgiyS72 zN;RJud5ib812w-iUOHArqlSk*0EAiXIKF7}^L8Xez=!M-7WaD-OI&Vw6V+UR=Qg!l z%|j|VHY?k*3p^{}6N4u!qPIp#C`crclb)9+(s6RCW{eb?|M zM7F1?AxQ3_vpsH;itawVBo_d>b=IV|+3#q1h73@00w93lHc0_qe)LYxj4BtZO*Gz& zMSKV(dj>d{Q(SA$wJ%=O;;#XZ{HSNvHL|4>5 z`QhdvKV-5~jLyesAL{IkiqjdnyB)n?_FFo8u5&3qgh_yi))gUHFr)|_*49)Lk~eO7 zjAaFIrv{!U%q)H^4(?8>z>GGY$i<`4m@KI&Q80tpvqmki;#;P2r{?lv9FL8TJJm`~ z7y-HjE8=ai2)`p`K9wpvk-ld&6O2Cjg0eGATujW)i{I8UHXgrUXyreeQLFx3-@-BBhI*z&g&843Yfvu-#zv z3ts#UW68d(Sd)g>=YMmV|5&vdvY(w;Q)dYh&PUV9m^2FbonEv<266G{hK`3`^jI}9 z7JP6|P{(k@KVAOvxzyh!MXC9rzj#{4DgI@PI_eXqQoEBW(4 zAAB8$MuS8=KLe!A1U|^vwV)q^{G{-hAVe?Ls)g+F-I7iVEV@Ei{ZEqFipmrZW#S>d z|C9c(M_rl;AOzEnt0bce7u&bX3R`q@(&BoG*oH5lT|I=_-kH#puab+5P8=0f?Z*n& z(=-Qa!)Ru5Jbnj+43!EPz{91-1boF!g^Xt<<)6d9B^WK70@>~{Z4K2x5oQzBFct~( z(s83Z0I-R*g(ks)U^(tb1kV0qzh?)>eOmI#W3xIW%Ndvr5S`wj_&M4C(E4}~D^u!E zLj??Kr)6kPippEw7@jrAo<3o-IKx+x|I^ClUvz;D=?Ng?KV&gk$(hq*4c6fh1VPj+ z`NjA+Q5fOd*q~Hr{FOdW&Vp=Yil9rUZJoeCllPlt4I2^3YSU6ABPKkZlnW~oy-mH(s={j3fyex5i1UfLthg3T*`;5n z%2R3Y$mur4Ng{j@_MjS;Q^)FZXdU%#e67)6>d_gxWp*}VzRuR(raWDTyFKnCiO);3 zP(Zn8qLUkZJL|&JlhYP=Cj~ZrVa5HBbho+&m#oMi6~*G28O>dC60nrF1{@s5h>;cK zlt8;MzznElZX>LQC8D_RW?1(D9XGgv8}MEeMC}BS)LTBTTa|U6hNPSGZxjZHr=A-A zr5?0SP0~?U{5{yH22}D^F>+qU<}SQLAjentWVu}2e*q;3_L_mSC6%+#CSq;Ah+8@oM44Rdu)kn~l$_$F|PW_7< z&Q=#88ioNGz{ZrsdAqgPlQS)I86Hd5Zb|7xt$zZ$On#awYyzHobIfkLdjTD}`Ro5> zw%}m?zoqN2G5*ilLhJwKP|p0n97+M-A&~z_upQM6FU9l@W*2yX5%|5+-~VVaBxNLG z(pA~nYi_gKSINqB=;yC0Wv^j-*9v&wj^PT^?v{(EcN+uOi2w3+26X{MTo)0pFs8N}~3p2NdE(yzZhwVQ{ic0;ze z%-(No+FzE=yk1`)@Mix4cJ9tWG+8dsYK!Q+7aR_nMn_0Z5AJL3P38F)&PShZXKwFC zC>REON*;0B&vg0uZYqCH%TLn`Pld5?K+|{fdcR%nZ4iEa&G>kKx1gpZWI}s+xWBxD z8LDNKVRlac6JUG4jR;d|O&9K~vL^EXeI6K@*{Pvs3R_W<8M>8nJ5MYx8-!(uy!~|_ zgaWFl;MVrq0F(2}uj*CT8dG(^-Z~kWJ~PtKg|lKQcapd<@Jxa~@lZ>^&pdtXIAr`) zY1}?Ml>_YY+7qJOCgJ11?>BM;YLrQ-SCC(Cy0!a_R?5~4Y7r5n^)ZDxa&`mVX1q<2 z5g<(D-RTvyQl;$s(q<|WHyj!`gW%B!AqJT8?*7t`Oi1qq0Y8{+=PXpH9}BZ?C!JKI zgnQru^BV)@)u#tfqd4gD`bNiE`A zv^g?S8~TSWCW2@qbqgYbu#={xHe_Q=>(KdNkJFfd_ETiBwJW!qC5P*DomMPCHC8fv zAIE8`s>zi^>bYX2E_L|E)h$(CJBoAJ+%#Ekv?Kkn*KL=06X9h)!?7oYpsynN>`5tT z`z)$-23bz%9xJ~(ufzJSXL*d(**@<+^L47q)Y!0#9??I*+wE5d>mB!arbo(8mdFBc zvaQ6HWqCQGPp3x$AqRQ>I0q)EuzN_BR=qL5 z2fe7*$dQG_8URwrRvp)Co#?Dwlv$Fz3ZSKLN(GQA9>=&M+{u&i+2@ij>cLmzkJV#f zWKs_5wVIpvvSIQlC)m8+Tvq>1Kkck3O%yG3lRLX9eByOmFkA0pjI9~<=<>4u0=UjE zk!ZNT4j-r@Bwc8Aez|X#N#5U`tc6g7Dk*g@S~@y=l0nPMqLxgpSUOdlQ#q?8GdAwUKV)RNR?R)&Ec|U0bN2xJX-%_yejUwfYJ zFcV;rFO_mgQG=1|o&_SpfVB+u-7W5mo)ta(YufRsf=XjR^N3bM1u#h!kwWh9@rX)8 zLSw{{XR{w#g%cMDJ9hIgD)htDaSg|U$`+z?#rzYJZBfxfVmili|Id=$=oIA@`C08r zzrgnk&{g0wtunsAPdn4rZjy<+kRB@MF@!GWD8A0TLHj#W^Y& z0fN4pWs_D>(Up3m!PDs~1K~yHbv6QF)BW0th{Bz8*td#B#i4S0!}|p%>$L3?&NazZ z+_XM6m5In)@S}`HT$c-zifHCxt;biA(XkNdn}n@PJX}bZ&H>zJV9aSQVh6PlsqY$s zkvKMG}(jL$#3z`10NIa#BU*Vh>(Oj zfhpEvBAFklc7wPEh{q=TTF`vGh+?V~WvG%6LXaJBxCuR|PXv`Gzq4sBd3O$jrg%ZR zLdPkt>-ni0X=^Rabnn{eHZ-SG4o_$Z`ZlF0t98gmS7(fA1W=U^%pL8wwKGYpVN1B; z^Jr84ToB}=V=NmraeT=cN3^orSJ0OiX%@aG`r9Txz|V`NG5Pjd2V$0ovC(`{`yT?%-M1SL((kwMzq88 zw%6;Yvh7(nGnv7;PXvEn^s|@KcVt@$XH%iJe6}7}nF*G~AehEzTyx))-_T_LP=^@B z8!K;+pM_31lfq`=P-kP``9ueSdF>euyqy`4OFQ7|-qwMKQ4?Hg9S?KW!j8ytION{% zW&m6GC&pf%QY%_qU4%|+OL&5$D7~m(#_hm=s@NpjQaV49+Z#Itpx*&gZJykIX_GH} zL`)C$KDA$ht~Tk^?w?=~KMX!uMS=g^d0DOwy1LG9vx9lXX!~c>jBfas(OOjzsQQw% zhd&E!vWBj6tz84cZV-AY+H!>L({fGVDaS;G&1<8sOI7aQ#=M z{VR?svRw0AGR}<$Jm+VS*c6{QMQ@KUvB_%?;7y^V?BZ4}UEvz12t+4^q7&uh&PZ@` zT-cRkUMd*?9tJP)p15H171R8yj7&y6RKu(eYmb8g@hlDBtmd{BwKF%M@rlqoNS#rS z`KVcxZdfDpFl4M>>J*6c!|C0atDbyNrDzn46mvxfRL)yl3ct z_85$r;rK$~JFz%vGs*O%I849DTssm>StOh5jfvv@AvQ~hooAEbucXXLahX?E9TYiH z6li!BA~aRnI(*Enp3Ti)T`mzpL3ojmRk-o4^ukGJ@0)Za7dB5iWxuW5sh&h9XRxw7 zSu`X>b%jK9_5X%I6SVJ|+!s_VT5vP>=sz&`xqUyi=RdunRW_0{lgHiTFv>U&8Lhf z$(LG3ms*FwSVD$9MX&ya>FzK}7A61KZ>=pKT5I+$@DV38W-gV3`#^{(4Qsh$`+EKF z#$V)|(j*OzoX$~^BI}3e3;{ZbokctX)4hfB>02ZS^I;wU$G!w^j8U(^^m(BhkZN|p zt-Tw&zlmmne;v_Wa*vx{o?9pskB6oUEFm%QM6 zN9qZWfpkt}a!Txl2q{VC>Gc#1D6aa2ZgI>UOZaYPqTduT%tRw;NZD+5+X&C`gQ@b! z=@RKOc4%^y^^db2!@Qgjp$@`Vk^uRTS-w{t*OH;g5C~kb$qTmZE2=Ki;~jmCNoFu> zG4x-q6}{b-LbQ{Um-E4k$;~YbooLmgU<-?lGSFg#xNhQh_hd*mh*AZ*{LqjRdd*XB zGRrqfi11t`aoa702;7SBv(ztz>C(31+}wgKtVN=>+oH?})(LqCC%-3sWwS#mP7Gu@ zer1e_jOhi((v2ORtG`Sa(EhUapF77wBD*y%S(OzD4LZVNtX~H?Sy4ULDc3?9XP;?e zRq$+NI@1`o!M2syVdB0eS-j_#`}N{aJiuR!oiKAezqq(`>&9{~@{uO$CU|6&G@PiA zD(5>*+=R^RlpfPQQ1B3)>C?bN7NMNZTs>Z4ZFUaMiW&vL*%}Pq)H!-y-=<-#T|;H% z%dc6ydxC;&z5gNq9X(m<>+#k~+A-NV#R{rAgden4^ke=tdfr!9cq0wTB`1v|E?D$2 zGdBRI+x-`0U?S=nlUrh{~?k)AyU>mZ4H4Y#lF|mH&lN7OZIPv`NHP zCy(Nr&{U6s4^8i-+w3wy`aO>b-9Pi)`5?~ky}d9x+`on@NDv*L!`E%(N~C_!kAm%+ zl*}}&8DL*iHNv--DI;6_y=dl5CxadcY$Ncme;o99=Rpl#9Eo2JZ)DkxQ@F=c)rMjR zshX_dZuxKjc$x-LFItafGGZ5wCqo3AgY#-GY`(Ao2PWq5Ff}b>Sof?02Q1enLo2#e;8Uwh~ zQ-6C5Dy<%!I`-s7D6?l&>TxhCUIa3B&@C~%t}>g|?S}MiqDL(D5X9!hL`unjtq^MQ zetcp7je=8PXWYAvMv>^0B??Hvmtkc&?D68(!-`Crm zodoslniAa}pcbtckJtHw_Wp()!qw-$VALMe@nL3IJ$$FcoWCEhrvnNJzh$R7$;a`^ zZd0PeMSlS|{n+V~ICuNoUN{jG8GRsC8?)BHI%^>QW*>X%fn|hgE9Ln0HTXexPR@+f zopw*NiWXt=Phd$t2oT$n++qyhscYHE0o{v~hSykQWLM;{cAy8%CL*23+x-OVZQ%6r zJi3sgc%~bZ{NH7X!^Kpa^OKDY-q-0@N<2+W1VWi63338hpW?HV?yq08ON!nf%4kP~ z4AfQZ;S?GZUVv_KS5=|b%>|;r%2>%N>$p<}gheflAwR^}= zeJwDEps&>#jtk-WGOXCq={Z<|$nZ(A)fN=E+VM_DbhzG3G(_UgX@9WEEi?wgQCPBs zGRo^pm&n8ynq*X03wf#$ zNz(>Lgm;4)Hk)BIhpcH~8b)FbSspZ;TmYj(CRl)F#KBm=llcKpM8*}eW-DWo2zCUX z3x2$uW2$M#hMo7sKl!c$kQNg@C&`o2Z-6fG+TsYO)YZtGEAWaBUU1C99H>)Dd%n-i zoP0eZf#;aih~S`{#K!)kNB8^sr<_UdSRiRxWT_v2v3Na2I@i`X&_rXXLj347!W~ed z+|TSc4$rw{*KWZuu3U;|><1b|^FTpsFd2@j)`2BD)m16Vqcwm6u4mr0f2OEbAF-SF z1F;X~IxSgkbiD$#hGe!GOcR$JYKK7!6 zOXqOW;{>P;k6nX&;Ww8_26?m}TCz{xAu@*MM8Ewe9IU%?k0yA`I!&cisPdbxMwy-# z7};rUBGD0tBxaebrUZZ91Y|uhUfyQ z^6AIJlDlhwWBO%r$N1D2IE_*Vfze?k_Q_j_ z7_)RALk9f)_2F7Kg)Cq`K)iyS! zT9H%tv4;P1Qz?;%>z4kgZr{)Zn|m(x5gJo**IOROWfhkcDFs@FFTsu4ZtMc&Sami%Avd1`;-6NMwr)>C{mC>yj%2h(9Y_@y%7m|VoD{Xl+@x2Vet1en!>`=M{q8T z^v*5wduJ?)+N8G>Di@l$)`rntx#h{;U5D%d9wjdqiG{9Jm+BJpEuRW%pDi``t2)V~ zq0Z*?l_tHPwEVN$n+F6He6b?%N>{FIu8>;e2$^}o6j|Byd|dPQRJh_R?gNy6TcDv9 z9QWEK$v>u446Myw=p#1%xHMNp!UsBfoDU+O$*(%mTfvt(Puo=_>jx65#q8l0*wJqC zlsA1i2`#y&rgrzWZ_C(v@!Q;t((fjb>D(#Ep{Lk?WtZ7^Y)jb{=Wzcasc-c7{nn}- zmWAcj;jX}@oA89(iA4~NAX#l&k0Sk@;(kt2?|@%>BM!6PLU}I;F9k9v!0NCt)0HR_ z8~{!?7hl?2FA$E0MoU{ zZOTI(va2fit`m6`t+~7;q0zxK%#Q^siY7FIt7;@xPzD##I!P=QsKy%c28t#zMTmx# z*6AiK>jXkxAuJTqp6pY_ujTNkBrBfdygaua6@}RX`l69$Qqq-H{NvAmvF~ZG`G(E& z^c(6q=9?QRHZoxUj@C`Qoy#7DxpXDY0(6dU|5krL2zF~fV%HoduQn}{X4F5WQ+G^g zoJc$J92sjabWIu-)%U??qZnvh&woUXI~-<;TmWa^%3C~RFVC)OxH(j*Z)@o<>Z+?? zMt2E9{%HQQQQS#nCkaB*oZr4f9+W74VIbu4XEB|RY&`JYm$o%9^X}y1fw2rBvV95e z^9BFQ5#Rj-0o&?nUuZet>-V(Uflh$tboytp-3fFx9ivf}NW{oTrh65=p-6^(m-Pg0 z!5r!VBj~_#shxj!SbYRSf7YYNs^_4$+nkNoMOhDfg9zLi+ypme2Ct+gZ|nE?(~bOi z2;^oO4mTYo%war^g%}l~A#i#S2{8s3N0fKrV$cd{iLBku7t?w_*s(<`uhC)9W<4e_ z{WGL~A{5gE6EnK)U1mAO z#&!(ot_sM5M{kuE->;XZp^~9^CHPF>V82LVCp$ht^e{j8GWT98D}BubtHb4s z&H6Y(e%z-^UCnV|DJQ$SBEvzTe#HfajCskQbYc%{1;f}@c;PNCDP}PTGU9Rpj*Nj4 z0Z#Xq8WpI;c{iJp1saP-gPWY6gNk+1foQhEu^miJn`Q$k$sJW80~0^s)MIFlL_lid z# zc!T(Z{FJ;9{Q*jS4kff3LhgEsN$s2Y{S&aYAR(tPW0zi72_ZKx|8^bqh9etBLdPyD-x@a9q5yMu4tx730h`DOl^vi4~A@e1F6G>Lz2>RSo@bWvYK z)@4q8M|A%viOu!Jj1TJ|yApT5le7OelJb1Z zV0}}t;Qq19xP^Jmwc?CiU1kTw$ym;rch@uz9l>U&e0gXro+U-?N;z%sH-s?iB7FhR z8&URP{(M~nsfkE&qTf6(*+IEhf)dGk7T`JXjOzip4)WnBftY;PjZyG9hmprA4no`f zIR-)81lK+s2_ZtvBud#wkr()WH!z*LPZJ5n!$;I9YuQv48GY0L=oQr)g-C;&&f3?J z5;qgbuav_f0A_5b^(QqFR8E?&`s5sRKHU#}9{ooY3OXSfl0*6AFIi6t45xC-2D|X! zl6#>6aeCD0Yd)Vp=oFT%jWG?mAWAyLGxYwza%A5=5K}lEdwgh7xLSI4(lixGi6&YR zym>On60N0Mxve!|BP0RW_V=3(WSuDQF+zkkHzWyYIYI2r+L>0v_(f9_2u%g*OW?h* z8S>Is1a~>KZ7_O{C;D=`FCHRxHVznnBT!<=MH6r zxj5sbFn~Rz1{J-*-Q#IV&-eR)Zt~clz$4t~>;#z@i)}rm)G!>Irdj&%rVkqfH862$ zJ%Agn7Z^o#F8_z9lPc=5Ytl{9AW(Mt_UyMz?O%1{G8h4J1BO6`uDiyU8HK#jxNP&7 z?*m2kfIeXy<2aveY`+<}RO28$gUBg#dC8Wpq})&YSFnXk`%pvLVwAJs#GL#zrqj#g ze?aI}R{(`o{knM&MU?uux>^m+KH`=jN87qWZ<>X;@S&O9Tt;C9F56wYzN)lSl_mqv&l)it)N$*Qy7zs}-y+rOoEK8Q&$&2^uq#%UHW)oQ?=h2} z`%Yve;TCx09`VX$2jPR9=IZhAW{L$UkGWhl=$|H4QW0hfC&%Z(1T_=#n`8!%dg9P* zO=9^h2lq~SjC0m#b)r9uvg2LM{rRRYWs(^{q2&PPCbOEb_KRvGR3YB5aD(w&40Nrx zqpWatW_?rkVFqdT-fRq2I4R&0zvT&JS|Arqc+J;w(#fiZMrsD5+LU?f1Y!FaySb`( zxK%0?^F;(mxwM1l2S&_g^?3GwO ziX<5n&S%6G9I3HBG&z5L)lR}Dm=L?4gfX;<=TtY6ZPklmhi=v9MwP31_H{mCl$YkF zUsh7m@bKj?*~J;O=O#t;ZYLiNOW|Sc?)F(69^jjB!`L2tZCGOXlQkX|CJt|!7K4^> z<)SC6(vPySOqC^`6*3H+i9&NZa$JL>@y*Zm`R zG`D=4!3$BMz4maJbk6KbtW+bnomEReezfE6xs@nU+R0}0sppRH*Kq5_g zezPcDtGsm8iih9sYq$lWXUtkFin=Mwc@7Z4pZPDyFKus|7hj}?`}Z@U!%Q*NM6NuA zTH^6{IkuR+6ZPgnxSn_pF#|_^yGg%wOL!&jllPWc{#i-x;of-4yj>#9ssWhLnMB8> z^>WZV`ULY%0t!aD`^ut3@HFika;ekb!MEViM%D6oU~=nr3M1iL2?{~heoSV@ zZ8?Bu**sju(`!361?h@kvHJLy8l6uMa~C7|s^PmYc!L^=CKqcJ2|MQr!;A1a|9Rtq z`S(%dlUDl=ISvKhB3w+X?laFmo}=5QHu76hoBxJOi7_>Rb_U9>sRJN!_?jFw<>DTp z=dbWJaZk6ZGkaqfm7>^#%veyA2{cf;+6tig|5GKGpQGW%HAl(o`g0+Jr-r%KHU6sP zmd;tJ323rX;AYG0xHj(7#wnd;f*xn<&?s`K7l!LUJz;y8xDDIbA8AJJcMk2dH_-my63Shpqt`Vm%rZF>-C1&qUMe_?64>j06Zm46pj&GA{tt7{h zv|3mh29?+Dr~J)WtdW=?}`%*zQ_YH(3t`YQ!16PXTF+*c5M z&HKYAp$OIf!7v)gvjKsdSon45)0slRW)2C7Ngy^iJ;+i-bfe@NE<_&{1-ivnvCMT* z0l1J|n5G|CKdlzCz^g@R7k89-Z91)5odHw+1l^le7oS=KNLO^Y8bV*hk1c%hsXB@`1y``eW?Ra#I^XxIu0*phj^C<)vnvvn_+ z?naco$oBa|cZ3~vbnx{tnxixQn4>xU!r!dl0zvO89@1&Mf# zbQC1no2CnOlrL5Rlrf7nOud6;6S;tSC$G3=Hcugvq-GnE&@x;pX~*#5v0j#RiatdO zdbDVn=b}Q*o5wp|M-~nt;BDBf`?~zCaLbRKv<*SleW}4$Jlj(lO}`Bz(mDt z-)E}mwdbw*%FAQ<$t+G4(sOL%`pMVLiq98tL1BVo=hRpTfUFzX9t=aPZKYx!vIIRz z&<-W}r1Lh8ZstH;?_D&vvPZL2C^1cl#^GOko`B zFZ=QoFeM>>k%brsta3 zHDBXyLf<+;P%@W&kUs8nI#AM(>}_-13y|{G{ZQfHcM3>gOX@_U8B zz2Dx>3f}iI8e!J`a_QdP#_4@nlGdQE$-JK9%5aR>-%;CgMMvSD41Nli-Ji zy2>yY`;B>WZpM!@7CIahH!fpHy-BVH0A)L0>e!U z4m+mwn;bbS7^`Phv%`?bpY8KH{d_YD{k`JjBJ@0(Kd;t-`QVKGc znU(f)2g$xLOS^VQf_f;+ecq5b_Z~*Ol4S)#P`e&HvU_rVxX1s*CQ8NcYMC4jfP>1Y zfuMSQb?k%sh$1Y7S@38tetnQ_rCj9c6BJ1e^BZzY%8AI)?#4Wdcwl(>G|#U%yWPu9 z8`*eGJO6mkJRLb6Y^>(oo?O{#beS$=L>3CkQrxzg>x>YB|FlS#lmWv`r@zJu}e!WT4zHenTQGYhxZZY<;ctVn=E#V&m)Mt{x%Vz#h`tc?xL1D$Hh4^(rsL}WagL8a z|754Cq?|99*Qd3Ylso!9*ZGJ3xNS4WB_uL4u$8u#5n|6LgH5nT{cq_qOnpBJQ&v420blMZVN|G9XoaSG6w0& zW`$?0LaT{MY#O-5)>r1C0C6_h)uoVQNVQ~V3o(gBOcxF@R_s5FWSLikEMi>;9_82s zWec0)yc7faaqjpvk%sAHsj*@)li8VV0@cqw8`EhvYF_eb&L1&=s={{Ub+9>BvM8Wu ziZ>r5Zes&vo~hus#Z#W)rkh6bz6Kfyz_>IrQ*pC;MX7Y1l9VV^tx-tiV1|hN`HOPP z`+d;QsHlv>kNT=CXGRX}hj8o$JF&}*Ci1Qv{`yz==j?6gIueSQupHgz6B`!c@te6` zVG41)P(w*@9`bioWBz|>LY-xYy!vo6vY&rnCIr5|fUcGz?{{T(wz@82#=UDzg&ju} zmGvO7;4RC;Wj-HQw%>1iGdI~ll*8c{5CN07ER5fsAsE8u>d3GK5Xp2iTn5l{GRlKS zeye1-W2_NGh@v2{dlX07%b;EKk!}tLkaiIp&Xx7(IbnD?Lu)heJWaRamEngN875)) zjkx7HHO97oY}O{x2D%TR2f5E!*#4f*z}D^)2WYA175Ua^+@xfZT!|P&n{d+-O4^r zh(4-kuQlE*p_NE@sI4ud{&*y6(Ew@BJXc}=X}9t0a8B9(bQZ=#&QdumjIIWyBC5PC znA|v-*uKpfYcBKVKR1&8z=?t<3xoGM@{yfR4y@ESgI0i_hdfWEM%gW_M4wXG zRRhzdKGJ{Hi0ri&^3RsM5zLZpaE~PUkw?;QEID6wgmoeO?~u)bwbic{smmJUeG!l5$oDqb^Tt-d|6W+bOZp7ML0}I1N}@5a2`?{_Mbw( z8lf1a8=AJMx15__ANAyeIYM9#73W!#lHQ< zQ_YShWyB=vvvkm|j`s93fWVYhH6nO)UcAQJ@W@965HB)IpZq{!k>=C`5-5i0c<{~a zR3ZIS@B3|`Qx zYwiH99jfD@IYvg5qBp^e;Uj_uD;We50{fva9ccw!0x@PCV6oEMM(|2Z9RO7+} z4_RsN(=2m&9#J~17nGPFe!=EHyP2%aEz=it$vwqY6w>6~yPnv<_{vr$r%0adT0w-H zmyWFw4q5E`iF?SOz|sb)+Roa^!w_jE2y^=A*t#kApQiK_I(bKw!qy6vbJZy@c~}le zzSGi1cX{ep#^h;@oP7tGvLZKNr?+7BftV#av7a9~)cCD|L5S)#S57SE=u!cxYgmyu9Cra!&qCgyVzuZjc-pS3_m%Wd&7YTQmD6qP z{Y0bQwq6P}8<_LMhy&f>O2907r0ziOYxcsd@{2Pt-hx~5(3QW-GpPurttf^_R(x=cmhk%#3Cc;4Mu7^R7G3aVUx+q#;^Z@ zRf|dab5rDsp3b8A<)ByA6;W{RzbzaIBCTk5*F|~>6^?359Fkx){mn!dh{@3@%5vRY zwxO~6Q5q$|-h*{*ioLD8#AV_H-w8!RVctP&n-HP>7*2ocAk{Xr%`D(Sil1%|OEXj2 z9%K>cQV1wu84#=BGcSl=SMn=RX+B(&Nn%+%6D40qxGM z$SzX}OHHPRlX!*v$q5=G(jHLCiKFHG7$fL1l%97C#JQ1I71#Dzuzl zBYs@%{rCHEy>FuJk{J$H%91fIZdFc4hMMOH{jem-V6$Q-2Y5DDiu%+1k%9~wx`SGy z;5-;_H;vAzmx&=)OL1wfH4EHax5+lH&R{?$nx*shWYQy3RBRWwkkj*UQGzf7>`eJ) zPg2pgIEXJsl#p1lBhovPuT9`06uhFdJ*YJ_dRg}qX-Hjgkg%E5(eZHDWc!pyM@VLJ zBK`ojFO#*Cww+jP zK)#6M8GemN+_nYBY(M;~gu8wLG11JgVk%~|!F}=2HU)u)3*DTiY(xH{qpgmn2Z09v3H2lZP~hZ)6SK)ZQHhO+qP}nxze_6n=5UvwEgGa zU*(>5PvI12;cYG6He*JN5xqx$1ZxzMqy#Dx<8dyhtf&*K{g_(@qA580NGW(E`F z!KBJum-8}@X*A8WwDP9{1o|bP@hHbqD5ni zr8ZT3$Waa%%(F!*Ga=qCL6x9Pza4L)!D4X9P4_M+=YX%D2DevLaFZlqVJvuJo8rNOr zaCh_jZ3Y{K01$6SrR?sLhz5!=*qE2+E!O_pF!625kYO`@TGHHql)Gqq zvIb8uVVaXWr39vZK-TGk+uMuoqLSW981QW~xac9rU+FNOBYY&zTCcOYy~hc99Ocnx zt-UnIA)ERjx3gpO@3(D4Fbx1{2poGEn$497%;}`qtwwA@^-wHYRaH>Ff9pUcKu1cT zCM;ENC0@`KMNV?pI`4gc1B8$AdHk1#lY{Ah@=&p`aQuG-t7hf#NGt~U?h7hs-0%`f zEeUvU2xEezs4y@j!Cx&AKhaIxuYTed7pfZ>&e(|18dBxkUKKTnlDkh(uXO6l1j2W! zS91H*{0WmQ4vDR^Kqi*6a{InfP=||f{jPTlT7?k)K;!(f8qo8cuOBkjL(j!T;PuC@ zsKLK+^y8FVo$l1P;+VWN?XJ+Vl;f*+@GJFarXGfyD<@8S1!fz1K-wXeHi z^aH4?nkUi3q`v3A6RfG~9o;w(E~VD`GZf@7k=}qL12D-`8-Z~tBZ9f8OJu@l=Q-rQ z_rzXeJGW5QtufjjY_3Wfw97xO-FdUUMss>M8!ewvh0^ilxq&jh4@LQtc$Ec6xjQ42 zT}_(L5-dX0gHB}ZXG2PZUV-4F*0l;%H}+1zKFD&&g*w^iV#i(c`S`kzc4(@iA1`4O z4|2j-&3!O9!>0B(^$w)Z%uBD9(J=K82c79Cv;HA2nw?J2?M+5wA@ImNVplUh^o~%P zdZ+(Xjf9lNfYN*yk#H?0i1|8SnPkrGhaA9*Uz)vs3p{wg!`wi(BbI~1;$vDD%hy}X zMAiH|0K-yzzg=yxTtw~}?Ha+!$Jgn2q0M3|`R47E>Q8g)Tt1NuSk6B}>Gq8;nTuzM zL!F=-txDtCnS+~6?c}BceUV3hoh16-X5If58ph1b@E@~INy>_d0jB3&?M1tcYOTRU zX#98GhRMccazI@&?)vXD5)JX^Zy^(}&5VbB=HwWMsxT6t1#eN<23dtK!ru`L4){EO zmvjRR^tx&V8Lm;zyK?iE)_5@I4$$w8L$3hdJM&D%`caLN{deRCCTecx+C6eIv+0 z!*qNsUWa%rN9h_I2pA(}00fDOkpg&CzUOduws(CwJt`T|ckGmHH~}ETgfBwc{#;Am zQKD?J?rJ{VGN{3}2KH}lAerF;SRacebm9@PX1#zbSOk9-qlrcR? z`YkS7w5j}jQKF>>Ik%F8L(C#e-&N}wl)BNBeMu#Kf`VE6m&?BqW>~}yTg+;ZkXTa# zo$NT428ozM=tD4pb9<8x)@AAyDgX4(jI;6W2Vrm?EAejJWCyEeb_~V{ov!t0tP1%k zg?>TtLX38Z^57p2f|WlUDyC*@kO~yaV8#oHd4Fy%DL_5;SP>g_vQx1j-T1l_fSlZ) zQ9IBQDp}$G+x!3Dj=31v82)3~xzvz~+hm35nXSFy;792uALob92VDn~p~JFnAdkfT zNhfbNhPHnD4oE~a8K+xY#BaSCs;8Mm6!HBKpRY)Ic^BC8>!(Bzyw14{Jz1QTfP%X{ zb4SS1ldUM+`Jof7nvobkzvdzFKG!&{K+qM#^+4kWH#fA-`S@`1WPfd6IPz@mT^}8) zjN#nGoV;K<>%BbEC7n2b-$0F~5<0)O2~;sZ9oE;1c(SCGf#>9jjaR(Wo$0DPKYFRW zKc}^Q6v>BvbsUNCT*y6>r8vNML2OGNaTeb$NM@IH`tf#u-TYj6@A@uQ5>00w_e&ytJWmiE^jk`O zZ+nPdw-DvF`WW`I*{Q%C1;Jb_bpyx){ACT!&3A{MdwrI%&q2&L=yg%)OHh4$;sr+e zNvWejh5h+DLqP|Rj*GnxbqOu8H4Z&Sd}x5%+|X7gST;0D2FP_;n$`+o0W)Gg0fSpNtTBj<)$%z#C>4oC#5 z-xOK&ei3l|4k6&gIZr`+HCQzWLU~CR;!>%zi`DcZ0Z!g8f5nt2xxo>+kn*lWDcrs^jpB4P(?!DlIH z&uP}i`P#fD^kEE%aS7G2VIB)O{i!)L#qt5nSXIrcBn0KsGeEW@B!z$hu?>ait-#1K z@AR0V9^q`rxSL@xLu#RSgaPJhJ~%#iZKBlcytX#FKU$ z!QA~=S0Aeyu^nsTo$fXXHJ5AHIGlwlWZH3$&}ax97xVZ)5~84yRR9DFl4@X_w0-kV{f%oHJRO zl2a8s7=rChcHVYdEA2Y?jJKRSxT;xtZvL^|V}IA#RN$6T+n9i$_6&RQqDIIF;NjD~ zu)Jnmq^N7d7v8dCbo~k5TO{!;ajpDfh{JE$Z?arg zkW_Qn?xVt!MD3cBe)3ea&?ncZul_+fyzyf_ZM~eNa^hxaJGnNI7MrG;dc{2%cnzt0 z5__4lhCl858jVXQ^QC!DUj zPB?bg6;fPb5Lqy9oIrE+fsFkPn~k=cX`WRmi}sD~U<(apn8h`tfc{+Xx_Vd!J7alf zbXfBD2ecU?)$ z*2qsTMd|mX@32uu_ca@n=Cp^XDdCL3{`TL7&Cw?6GXyEhza|1it4BF+^wY+o&RD#b z6i&EhYnfA`i+?%~R7#dqN3sVULe4~I8)%|HsfTMu+IeE35UmO}I;*qYbmFu~&8ytb zg-~MqF!$*|kbHO6NWcz46g%6$sXPA8bPVbP-r5}6UR_GUGB7P;v(Q+9g}Kbv*-npW z;a(IXxlVV#MoD~GBJz>j`uYsiYWW``RP|F;TMm8_^_n91fCwU08Dxk&K)x0++%>{OA2 z?dZGIZC~ivWSqGrF+L8UU44P#>Dqq(|F=J8`v0-${!fvoSy{^Jr|9mvP&>sgVN~)>lOtrNI6@bf z<7!sZFQD5VEJ%NbYK~q-b9oO3dziEv{z7-gHzVYiRwzA%MKHd5d(^02u9YIdV!8QK z8D0*46QRR#{MdrCgZpaI+hbr&FY$Z=rGfH3hLe_PD~n=c*V#+1^|#d}F6#4cbKvVK z@&php$NS;caQw|z`OgKuND?6+SWIdfh;-3tPKVFS!{f%MSj*lCpm0kIs}T%aM6zaP+U8Xy?JwR`to*yW4T+zV9;E>eZu-+{5lBZVh$ z>fDHfuD=>MGTctlqoF5g42EewRlM$&*fMe_h}aRuCn+JFmUQk}$9Cz4lqVTUxK`48 zmM@2D>91XRrkevtR@^MpB&n#Z)=%Z8&x7iiX69&m>yNc=lg$T>zlCGf97_jJ!VG+7 zSLf*#Wtl{N-#0qfk6UR-2qfthncU)xw^I+3*lA0zghnNnnXWssZZ$Ip^b-~N;g^%B zE$}TbToi}+%%~+!@&P@U!nQZhVN?$eS3j{dNs_l%El$LsIQ2=Vm3bv4i)I}Uq!iHD z$u<{D75-Tv?tb~y#`(@E?)$c9Rfv8vY?1ZchZJzTvtVAb7!6R0SbYi%vkJpMuV4o`b3 z(~6_?c~q8wMf~*n)4*V zM`VZGDWuhAvBZs|^RPBXlH zOY}Mx)zbblhhAQ4WPIe5JS2&wLGm&V%py3Bg^&gZ&>5fM@A+8zZJjMJAD@xb4%(l1 z5IiQ*j$POBwsWZw9DCT$beE}pc4!PM&(d4}j&dL)sa~_x2!kHndw0vh3_l&*TG-m* z3wb_^+V|AF?IEl9%c+65H7|QSnAZMaJvYWB6xb zxmRg9jO~o6&Z5^PGdd6NhEu|jlPR;;)R8~Y0H5daBq{QZ8j&~YuQFXa>X8pTrrVuk z7<5fr%^HJa)z+%5O@9=el%gKL+vLa%(x2schxo;-Lrq}K@ufL|pTf{vJ8<<`6R z+xymQ*JMAjtrpVb+vQFra7V35zM#%h;X>d=l(jU4`zu0%MByT8Ve`zUuze!G5}e1u zi%VZV(@C<|KbR>BTSMwjn4lOh(ASE%af_tOqjs9xC(>%VRqnb8l*Ac3s-CD{JEu2^ zrQ*3q>Y5#_Sxm@EBGZcb?vzent*n;=xIt(ngFm?sH)kM{b8XhzI4I*k<+vU>5J_lB zoP11;M?6ZKepMTMaI;NQF*bMAoHVOmIJ-rn0@Rg`4qqwq-ZyR9P!Z81E~>5FBaSoG z9hI_b@mxB@RK}>ZjQ>G{mP)rjY_$e1o}DmpO&v*LNJ%RjrCGuCh(0&6p!aKaSma$n z7*gh~UU%7FP~o*Z%!zaQzOSF;RUHiXQ`6Ki(2~yTSr?3@jLKj%T6lRG-5|GQ*tEyCiq(=etvxfdh)ix6LuUxKxWz)+dsk*lXyw%r!~~7~l}3cC|DY?-g)aM6U8$ zB)1>EgN)_9`fw`jK}5&Qgi*h`og^OsFA__#-fIh_(kw@V_LTRW*`8gUVC&s0npc{N zFp?1fdqgt48tH6*U9}Z9I+qKGb z3UW=W=u}o**W&XsseCi9;UCgROC|_Z;D5?@7k@dv)SoAvL(07IUlCr?R_)UyS7oR~4L+taF@N^awBx2XWG#x};?>D1cgV*k2 z>a^g$B~MEp_@}Qz0HiF9b}CfxpsDD(y&)Xh4na0VGUh z#9*60zI9xQ?mIumqV4S#JZu;@S9Cd8q^W20Y(Y`EcTG52ypF zN;+zgn~${<{o!E&>%T4wq0w}A1?7luP-(Tj!%a&7{Q7U3>i>35!9>seAL&BfT0iMR zZLmG7wKpFAkLMyh{sO=n_~V3Glhmee@E{z@DsI;%qhm*_J_vaZ- z&9o_3aUPB}jg?v&tjU?qL%U3F#TwsDg5#v@Gy4W&QbiVy;1$B4(PZ)&E8((c&&h5#fpKSt2}6#wXVJ{ zM&09kw%43d>9>3mNZ4#u6{Q+~dgR{kd%fNdn|)hUiyiFO!_DjRBP7_JfRtFa%9qlj zG$`cp7aXs0kp6I!69J&w>534R{=d}iz@@-ec)nkcgQa?;v}Wzrw0C4nN%~){x@De- z4lYzYF1RK&2P|kVhG@S&-RO5&PtP#(;ym??>*oqqKisrMFjoa<^`Kk_i1fxyg|(5c zAEipJKTdAEt(d64jwic6NEQ@tb63UXgnQ^%cFuIaTfcdCq@FOoj!k}I)?>W0KO28& z(s4h2d8!j58YmtrX9H2PMR)~t-`m`~K9rG!^86vf!_atm%hU-AQqJUo)Nxnf4SC^A z6}o*hjA4@0!mO6GAvLFWkZY{UK*#mQrq{dhRma(ahGyc)?xB-~4o)i*grRnI+dKRe z5#7vco4WHUU@}a&4LmEAa*VjnAZjbiyESGQ1_9M@<5jeWMFjb6VOLi@IYE0E71Z>c zU|}+UAU55zMw3l{l3$&Xu0Y9IwtV?!o87xL;EFdJmsu1kk`setMY;vNGG6RA9!B%p zS|PAG7DxC2>~umh9p-SFNlC-Z0%&0=vPzDexuV57B!@8BSTlGR<({6^r17Q1w z^>Cvis64ru8RQ(v*m1s{Cj1=)`WVds>yT|GTR+o5Uo;T#iwIbeZhF#jJ-f0x3zf6y zF6Eo2twC9sx(_?$6pRAFvLR&bwm*wTUx)Z_uE0`cS_0A1{HSCA?SZGkXT)nXTLf5L zB0oFO~h~6lFvQDYF1I8TgI%brZzG!iVl}edLoWyx@LUin8mujLnc+i zr6=~W?hzz9J9#qfrS`GdB#P*kpg8D~K+7@sh^*{%7sp1Aaqz!Fm0Bm6x%QRhFO#ohu$v0~QA zRf7?OGe24dET#F@92L2kLMXmy_HGUd#1Q--0Ri>zw7+2F4=hFg+lHU4x8^Y3aRN3D z2;ISz(7gOcLciw0JwG*zFuYF}$^d~d9c2s-rAODGGcTrCaGMv}IPhbC#V)X$;#WK2 zK(+VfOQb>-(Kzdn!*o)4@xT$aBOdW$7WL-t!(JW)RC^g8(8Bfy(SQ*T#~4{ftAv@z zQUuq&i}kC@h-Yrr%LW!jam~Jh5=Bse7FlkEP>I|HNEv;q1^$(GlEex*bR50#R77`A z6)rFLD;qtE(MJ7!1fx4}ris+*j5<0|$G&FJJ}@6s6pca}*OAlW1KG4fl(-uzZ5eDc zBW``N6QnoFFK_`uOse#2@}xwly?QNT={OjI!sbC|b!KA0(K$|bqkmwDohR^tH6G0s z6a}gif8ty-4j-Tbtr3N1Q&J3nEtsJ19<;d(2j~zTK6*~vTabO%h%4>MeBQ|=(ZFq6 zThO|8c)Rg38<&@jpvjGHxP1$F>wI({9tD#OECV(%u_$|?MIhqgoSlhR#Xq77DbXy@ z4LFfxUtNH-Tr>%N19PfDZUuPAiDWh%(cUS)Gs+h?!6+)7UZupzdPl4F z1omLHpk!X)boW#Kk2i?@KjVE}+krM)chBqH!WmRCtkjxdp)w_D(yd~%E@C(Ezx5f7 z1TvAdK;rZa!Dsz=YZI^K03-`+V6LZXNim^?9v zmI?N9CDOaG;b}RiHQr@AKY9j8dRiTyate_qzNAog@CX8MWxX34aLBLalfeVrFy2Q@ zxGw4E(_|riYpqMK(=N}4L)#F}8*DNwRxG?bD>l<#&=YCgE%2C zSi5RKfNo1>9WI#*{QZMWWhsU575CbEAoPO;KpA zlZ+?GVQd^jt#w~Ld$!?|Q7yG&U47t5W|{8%W_4XHx!5vmJd&m_N1 zCUrrzFkkwkzkR9JVxw&W#0^tSexiNb=*6~4u6uoA0F0tX+7xtkd1)~Oxu>>$LSQoi5DbANrA&*uGZhn`)eBVs87~ek1ze2u_=p zH! z3KpTV-}U<{N`R^cdB$b)w@RnbRsm1xlfK$111NKVg@$#54fBSO2-u#yi2s+UEh!Tv z;~ydvZ0cIa?h||7k}-Uio@1(da`(ndp5^{2esx#jNi}>2@f}LNs3I*Sn@p{4!oH|` zhAb4LBFsJsG!{3?=SY-FiZ2ux@5;AUY#!n(}zLv$wUkZ|#dBWcSF zj#%D8C%H|Bm(&*c<#sazVc)>>-6B%|rC(tDAJa$~+5SVBmPOG$IX! zbO(S2WcZ0Ay(j#MBZWUSU|x7JVe8}k#uHDFX^8q8^*3XAqCqs%G@&X=4+q=V^yLwF z^jl*X+$v}O-22n>&DAg{;KtS$;p^jaX!h%3mQR*X_oZ*f@8df78p~%z^4CA@!Wt%e zvY~AM>ul@d$)evgZhKDd?Zw8peHLyXg5DrKyI;g$FY@*K4xb;j!&ZG&g6nO| zZ>cx=+OYuf>#&rBo!;nPr#mhjv9GUBHEy5!0IBb5Za)FD&$Gn{GM+lqI#Gt2S?vk| zCgA;#vx~D)z3-nW($BkArq#jM#UB_}T(m>f4tDSKOVW7hcQ)Ur5#ewM20sL7L(vhq z6n0U~ON=nUhdyz^?YoON&D2Zo!YxKNK(ybJ1U+_Kmgza`g8%AERfJLPffeVkyv7CD z`vBZL6S@O!-{|l0nq^W5KIR7K;G_V&S-$VLk5{yxpcS!D(HeKbKCykPEaTQ&mp?R{y4jqoo}-_{B|V3*$+hlE`{oJ9QX_aC6=R{t3L3c)$` z8JtrEMR>peZG1we5LJY`Nf6Zjiq7x3!isN~Su=^KBUj`xXvUC09R{*EJUb`~*A^gf~XMfrM-p&ipy`u%qfY&O76yuQh)AsSHYlkB#Yw|n%W45%svTK1K)HpH zw@7ht2{{uV1s{(Vy>&VP16>#Q0^@)vVMqEbS^URKYp_Vrn7nCImxBNY;)lVlc1g#9 z*JS2jEn&wwr75sT;eoYt&nst9z@(7YpnMjg$-d$Oit1X2c`K$`*)*E38LEy)ttF;@ zY7z*zO*!b5T4oRkI5aUBxNKZqy&_H^nQvhE$l@74!fxEQYdVLG-7Dwg1?dXQUejZo zDi}F^4vnx!k&g3h*jHMm$Z|&e7*h)zuRL_yW!uibzfpcqh`E1)(QK|$oq~}LKO^gl z0V%p z8^y)Llax7?jSO-c?M)c)R+i?lK)ch1Aqs0oSk zfvur_cZ}y5;oGhYiPLMZ`+p@liEDN4aZ$WLtQ2H{8&A7UV)hhABn~g%s(Xga$6`B# zT0BPyk#UV@)b*$N@8bPYz%WPD$4xGnm#%_>cf8@*D>}Py;~D9B^kdZo?h$c`Oi4%# zajZnBmN-WABWPtbX!2b$GyAuTypw5m!y!4CARaUqnq|Mqj}37#2;xV}hU**jg>)m9 zl4_7oW5=73$L*S=uVB^A%lhFMbRDAsO*3em^q&-0T=`6N5TQE?$h?ylDg(v_Zs{Oo zi`vMI_%lak>vyUFdMd+MaFMjl%comR)lQiJbFs;&f9vrKgDgg9mr50#BnV`vNl`E+ zLOzI9<*3%DKFz>a9?pMglhs9u(o!D180@>{sFunz3QR_`)tK1e8yFc#eIzalfGpbW zrMc9Uy!h$Nq$eSu@|zq75@ivA#vn^n?=51e+ZhWZhJ*V?IU~|{#n&|=&Kdd$sW`0| zm=Et_m$i}EhIrQ2z^4yWfwr8z~j9y$&HvPz6THQ z5M@nHbH>9in7ldx7=2iijn$qUke~%D{AYMq{{a*<1teGNcZj*$Z+{9EYEkkYC3GdC z;Jf5v4ggp2J?2u*0)}_7z9Qw7f%keD0(3*^tm2=eC&FnrTVms&bDE;H2DBp3?L$x; z36l;;P~$(2@o=M@kSin+0g%T>{q5Q3Qs{4(WD*foQX$WZDfg0&;;rXx8i7LN8(UAe zXd$do6V5rTa4nLi8+ZIP+*~p;tove_$a)hbW&y-sO4)5C>})#Q`bD}qd^t&cm}Dm&Be#J8?cz4r%bmhsC6 zEH0Ri5uxYCJ>rk%+nC8AM}Ns)r4i0z(i23TlP&W|F8sS_ll*Q(#@3|EJsB%DZ3*pX z2v97Ou%U!hh$I1LRw_V5RIe3Q)(BMUg#Wv=E6-$l4l@B|uF#fM!ABytRg`hvp$N@f zG-WeMX%%w;_0fvFTq^)&iKc24hsAn)l>R$Cz_EJ9^9GipuAxB!=Pfk_)6{!7=+>5K zc!*V$7=3;}7Hru2?Vgv&hVT!|E`q2gy?JLpi6QpPpQ|46< z#RAfw0yHFE(_(EW^|*doX4_xcecd3PVAy;Cr5d;-t$&cdQyVl~4B;C&H6=IY3bEN@ z5S)mx5rX5pSIp^C_Uk6XuzH0mwtjxXJ%kDUizTYrd>o$UI0DUY)4jMPyMCG50+pEA zKb#SQ*0DKCB(b0#{=ya?M_0%*I=}O0uW2i+x6eGv0jZA0Mh;E?bGk`n!B(u-=bF8M zqRQ!Q2~3($CG;F0)DChjBb|QQ?Fc(=JAd4L0hC$M=~IdPu^_857*dF+GjGM1&SEwr zo*dkdie1bO?f^G+O8WEvUsy00r3mIpeQKR3qK+`9bO>hPcb$2LD|~lcyAWDH3l|2` zirTz|sZS2dPy1VA4mfdiy+^o!!RXHRa{$q35h12R9wvLT40pm07RVNnqt|B#ZqD?x zRSbvH!(=iPNW_;znT_5zz4*z>&y$#H8(V;5Sd5}bMm#gBSMe?|Mab{ozq!ywfjX^rrcEOV8+l?WiFLMgG3Lznd*sHr7i)85YSC3Wm(3nxGg z=1D^tAG;mlf@-iIQ6JT0+)j*_@tR0WjU=8^oC;`@=ba3EjVk}B)JVl_9JC39tn&I0 zF-zq|*vDPlOxdn3S6ug0wRls8J?p3%MGExZSF8h-z6l}pyf>`Jt8TqWQr44T4s_8B z!lm^M@N8EM+G73%clt9JsN2r{tC{iRr|ebR6l?iBbH?qcAj@VAOA_f5UNLT1A!&f9 z7HhzPewmxciY3F+m1ah)4;*$bn->%$0*ac6O;APHR~{r&7mlkx`WV3Y5ak8lWt~Tg z0E;rU9bM<}@}Q&MRi*V$B8$wSxF7eRd`CsX);9 z?t=hYO2s2$Fe-Bs(4t^X3rgp@hoeeG582&XbT@UKB}(KlXgx?=TvE~*EpWdex60A} z{elDY4XP_lKe;F=%gCI)`6V?m?X?y;O*CTBHPg!0jBlfICW-}`vNt5B6CSATjI0!8 zf5p%pCbj28O?@meMB7^Nb;;eFu{Lo34QRe9wftY&BBuY%?#sl;_#ZOLKa61PR)l}O z34ltQX#DO!x0)IDwT;IR0`bE;xvWs!e; zj_vxXG8$GhY09?JrPZQI{vd*ne-Od7XsoZjJAR#A?Tmt@J6}!#*D<+G$V2j$RT)(Z z!jk7jnZDo7ulBFc+a%AETrcmQ3{xf0`a@~-(lU7mH?zynU!P%k`nHmPlW~D3Gf!%I zSluP~ntlMmr9Xh+x%b(7uh8uShtqqz-u*i+j}4zwv{CwD<1 z`O5wL9zkYoe3M+<)Z8`qOd(dmk$L^0DSj(A*8A+g;8gWWjk~T;PoDGUU#5=hCE1`w zyjJ=UhjSpje4iKTu6aLTqR0$QH8rth zyj`?;?;)Ezq|2qFo&1dAL#OSjnf?soa%gENIHaivU@JdgtK~RwhaM#)OC8Yy@Z6vI zbAP~asf)oS%BT?eUfVmDs;lIP=S$af`Tb7?RuafiElpnf!HuFsh8uo7Z7_yTm<(qm zVZHS4oXyDXy{$R5Ay+#HXJ5P;hQ~;xQXtsn$OG)pscx^s(`l>&PBZo{5FbZLvKe9# z=tzrHZH4*$MDIq>b;8mc4Q+|`uaNdu2QoHmpAaX5W#7%_T(~%yCZL=lNKJOcW2w-7 zD7V2vCbu~~+><`5!TZy-zQn8M_i5a4!tO4@?F>P$TsI-YK%`?BBuWY67%BnI2qMI@ zDIQ;39e}CC!6c$=KmmgbrXwkA(x4?;c>pTQZXnm#RwhV0bd z2N&J>ylo-<15tPjj%M5a1#pAoMbw#y;wkbQ{cQ8^*`kNRQNbUovaM#1zdAej-kd*2 zCkH|dLrUa@9q-56g`D3vFd>qWl761r)=IBaDI|Dzd`FHY&6L3>R7YW&>Moz$Z(?y# za#)R`_+9;6qKrMrFtF@Ym=Z^M##ZCl7~?*iL3hxa*E-`TYUBn{Q;wnA1Jp?4G5kv7 z0VqJtQcwp$M_`RA&|jF-Q*AI|WZ0PYnxW~E!}Ts01%Ibcx+uckqmsJ3YaLTpGzsPc zthYvYLJu>m&>U&kD)KYUiS~M_kL?mL9IGRoZ{pm@Lp5q-#(bH}4d(aKNxPfIAPs&9 z25@XLfzC8LW)bzI`RmS+8BSN-ER`D_>TSgN%Bm)$M+j(Hjj!5=RDwUkKzj&QA2Gwma?qqtpE3#@?~4&(EjVBST0;>NYrN4Q z;+GLn`v^F11F$#Jfu^~Y}KtOD_z^GH|ieYt8EVHSG(_~VS zvMk|LtrS_RX*kMB$*jtXQNCTzYMnqKFgVtrY1#^X=+=@M|3wV1lBr@94+Hf}nLTr! z4;#APt3M3Hjv-*aU^g41em*1s1`;&OY-SSOu+LChI3#jymLsQp@iQ6Y`Gg(+< zQ^c;Vb!e%%Dek&35)w|9Kw9->vm?KaL>AhzF<esPjdi=zn?bce%2VqDx{@3e)_DGviGe-s)9=U8&8Te_}q7g1P2K3U5Zl#EB1QG zBRY!(e;>glmc_SDx?c_XBRjz2)Mii6X_;S(jQTIOT2V+{ewX@1-F-J|eiLyl6ZG2W zw<+LoBPDwq(=VVpFIY0q-o2vSpB5eXR`rKtzU`V=WGmvrqDtN$&bT|=TFIe(RcfLF z6=>PI#Ty!?DdYKr1Wl_*IqX_fjGqw23k_U{UDnK04AXRUo%v<^Y2Ks0;R3wAdIX=s z1t=XD(UEePJJ3;8mr|)eX93z17-gz5{QK`kb(a%bprozIFiYG{TUc7 zpI(C)Gi5F=EhXu3YP7S$M40*!`f3YFeT)K|y5PwvUX4SUN9fAIU9-ZIv~?4ZIB35N z1^DCo)FpW2SkNM@wlD6ND6{N@rviO!bWF6|%x@6uz9s@mDuTF)TpwzKfac3Ybi#TF zBrOhgn!P-ixB?2YIgpDe*0ZqB<=DO{*MK;Y!p>9>)TBo`29Q;^H$aYxhgC~(7#dE`>a5>(L$(9zq8eRV* z=PCP1`Y;?w(ERHUlvuBWS{N7ELBbA|L<)Era6Frbast$LF`x|zl_^o$hdcOjs*?kx30U zm88!h<;l$_FBmrU-p6=~T_XU2U<#^Xm+ug|=szR(?h+QJOo)B&jEfkpW_Te?1Ve8n zsLMe^bHC{_yC~c$?3UXKhRX`H2e7jkcCzw9Gioh{d<%y%a;e1zvb5Q;w(?t_85P)? z<{}wtVd8{^Fp41ef5M4Ij?#p+QO)hRrEjVw47;}4WOq;pg$TB98y2lJbvc2nd^OEu z3RA%!4F=48)IsdyGGf5PV|Vx^$IiSP zklY~8K{meEVzSE>5P-YHPQFG14F)Ceou5x3*QyV_*0PIQ;Uw3vD}?k5);$z-72BJz zL7BRZpx&b2Em>O63cqmmGtdjhbn?+ASfM+Yu>arvvUOANs0zf5W?2XsfC_-sT|N-2 zdI4~1YdT3;ajEq2dS%yCL5T))y(*)f&y5FNNiKTHWWzVB~*X#JiN}z)A z%D+o2%Cq^o@o*z-L5Hu*Ny7R`tA^9i{5E)kb+_5FG*KHTWO?K3OfwveKMKphGGhD$ zN?sTQzR^^1wQvqE_8AvEuzXL9JDb4XDvzay1|*Q?*?ro*4KMqLPki6ci)2yM>S-nX zNClmP>D{%spU-%hM`rHZ1=tFI=mo3ezkm4(i>TkDF3zF2GCl)u#7u5@kj3g6U@NJJg>Rg-D+84u`L2n=k8a@*xke~C$R zV8teHm-ZD3VGWxBqIV%2=k>h5NAvdt>M+cszCF2}WKi(a&rPB^3zw+S!0{lf$u(lB zcQVnLidgAv4Hog4&k=-8#_6)`EC~gsoLq>nFX^g6ztB3Qg!X{h$uW+3md|JI<10?K z`GJE&(t&-{Nwv3JmgQOBY{At4`uYpn%_qhCzw|iF|6`BC^q(ET^*K=_1 zKhlrv|4BdT|4KittBa+Jepfh-Tt0oHt4VvTc>ZSIkfr^vPMn`k_nqG#|2V}+y=GP#E{Px+Df zNBOy(JnPK+dW!S=dRb*!U3@*be5ienzBTi9^sacBI9%+V#rxJx+aHj|4+dJRIg&#? zj^O&P$OXBto%IF$nB@uh#-)oa$KtJhVZLQbf58CZ^$?4`slILCXUBN?x*3$i^q5No~@NqRl>6}DMv6RH%l6cM*`|q+MgKkb!y&?8q>&b)9%AXYLHqoftKl+Ed2eng@X}qN} zqqM?{P#!A%(7dAag%>f{e(KY~W4ttG4pfU480^x495jDzX->LRnGu`5uys`I6Zk(K zs;{QI)Utdcw*3+#sitUg3v2d3!(`d3=p~P0Fc%TaDJVerI_QF2^TA56mD%;;z=3uQ ziyZS?4+J7peAnRfFS$(>2NAyBrA**pBJlRQwyAyx2~nz^_1 zCtzoTA|>?;#kfb6$JVepei#Um2y5Q{8iliX2rt5lwg$Cfue>O|jY(T@#_8SLFv8Q7mt?jMT7mY2zT}uTn)qz*{p7DeZrjb3 z>0EeooNo!7pN8*zY4M-#@zN!?*I@q|`m(0bPVZs8JQZZ>MJ5z(%kwHWop`l|A zyN#jFsF71O%1i()bGI|C0A!R4?8$EJ!0N^(5i*dKet$hDZ~RFNExYr;t#q8cg-X*A zBC1HbR0A~RB%y}S`s9bI5C6WCLoF!*Pc|URE>er*XVzl>g12HIup$^QB8degfBwxvGqcIt6UInkdln6w z>bTu$#@A>Lqh$h>uN58zX5qEnh|%Im(d1#! z-8d1%CrbWpFQ&wTEro$DT}9Tzl)Z8a4z%Kvq~oBYuyY9=Xcoauqkhp2i7PC`^rSpb{s`)!TDGzNvi*)bwbLf|9C8zX~KO@#DP5(SY?RS7ZY zUa-I!97@0Ig9-o@I&-T>OD~(C)WT`7sB4J}K+;nTl>#_~TjY(P8iRpVUj7|p$6^w_`KovAQzng-xT~#%C6VRg|6}Z(x-*NqcHJZu+ZEfkZQHhO zRaCKU+qP}n$rGCuYvp~{$zE-L2j3r|=CX_f6^-V{sv-4qB(;h7zua)|?cW@TAwMLihn3t{s? zY##6_cU>S{u=V2X%$)@4RM_xw)l$5@CD)syY)mCpZYh9^2En7N_+xu>?yBTh539Df zH`pzAV>62DBDD=}0exN7suIP4my3a&D55q?{w3mgg~o@Rlm1M}t{?fuMrL8A_yo)a zZSPsvgC=DnyPNJk?AD~cDLI}pkrL31HSA&S`{%6cCY>>~d|C_} z=}p@cDiu*9FL-HOnOkHmsZ7u??LOVHPmfHYLtJr;I&$|F^h`$rhML%eiT?&0991$E zEunE%Fy#}jU2f0`ZV<~bV8o7_=L+C(9%lROkw;+*M zv3tjLHn8V470P6$9w1djg5u1-rR-nI&y zrlQ|ZX@ze8#jyS};RV)r7}Q7&juHZEUCk9Ppj%gi-__LpyVfqYLS0~oq**FcuB!;7 zTbOZhorvc(D^>HWcjsP^9mYiZ^{* zLb@D!!E+h}@t}2P2rT%W1qHdTBeWMg2BJ9v368pgYcHrT{ z&VvAzvs_7__Y{Q9vfdep&L-u)EkeT%rlRD~v92rC> zMsu98Rxw97+cgvB$BR@-eoeUBI;bw8O{#S7Fial}vvS4g} z$Z*}T_Qnp!+(I{fv7nG@W^yJdwzEBNlqk%Q^Ps1|0Z&qO;0}(U|4u8MB5)Ei4!t#^+Bkt6ga%XoW%6$v!KGr(BR`g@0* zgtch>YdQWv=Is)acX3`aOzt+kHM;Vi&7iUE8&Mst>*EcLkc=C!jRmujdzAc-rpY+J z+>O=SMs%6$-mvx`*~XbKUj9qBmE3Oa@y2kAUD(|`<*2B7De#I2FO73(}>*n)EwZICUE*tu_$8(-7Pl>gSGgGEbj*Ko74bWbka>?*KW?TUPF!b_HqB14z*ph(aY*otFw07WIg`Tp$tunAtq!Rmd&wJ zbtL^g$2|@1=z6NE+uDSUnajUj~DasK3svlYhUjW;2&;JV3J z1Fb|As(iB+pZ1`cr3;}nGqD6*s-0DChfAwDD&+)o(3O^{Sv#4RGORPI!QYc$uI5p> zx7>b`?8a+Lyx^E@a5OuFS&N~=Uz}*JxT2NT_#nxm;<7JSEdxqB+o~F{P}Zv?$gcR_ zk^a{}^%7#OJ9eg#*Sn9mVwspwW9J5;R&yOzOm$*sBq$ZxSjl8(ARSrws44ioH8hyVf68)EOV22^(sm|-3T zdzOk8<;V;*9K>cP$db$eYu~7{;9;>?&{%Ia#i#m$r{^f_u3*HQ`Ze)jG7&?1cFAGj zyEg!@9qT{MS$1@Kj+nkO;0M}b7EDG>T=H3p${V#-Dj93Aq zOz-rn!=V+9^!Zs&5PURhBCioko2^}9S_yroG`gl2aRDdU?ndQ!K_4*N<7YC;{ELjB z;Wm%nxHy;-5V0 z==JIAA3!8r5n%C!==wS~nz*g##vl~8+wN@9GEv<-NDj~~0A`6+h~{O8vjYAU}}+U<9CD*kQFE>E_`!Y}JE)&!LdzMkO}A24#L_cM|nKYTWSX>ife#ZK@Jv3}wy3sdd` zOQca>ix~80;`@3&Je88dtUxAH2bDa0u%7)$>|Th7QOI|BnFJVcqQIVL7{U}5{hjT) zJX=NZo==AYkkN7-*Csz~0GKmZ?^pA9%UHrBzdn^tp)Vd@wVrfN5l-@0{|X$&JlX)H z+w6PlOM2VU`Z1+Q4x&1W45=*Fsv(aOQHm3<2fxX#%|{~y;zQmJB*SvZy6l_fxA(G1?+oQL=qiiHq4H!OE~T@A%A{4O61w3Ixhl+5dIwf?m5o(hC zC}Avszc9NM(nwjE&>i^aNzPf*$==1_#<+>?P*0G1Y8fhu(H0t|0&e=9kp=;o&ws?l8OcRaUed5bfh?Tt*J@V=vSPifBbUj@5hO) zx;{)DWmY%4Ctb0aR!K_>{^dpN8^4lra&F)&585hQhZ_>u{|Kw8p&Qe%Ma06%kj z;rRh*5lJ$VNniQdtg(eo^fgEke*88?-3yC7j$tLCxTGTg+M8E7tz2viE1^jmUeL<$ zo)7HJvr!u(qbu!1{t-t3phre+eaRHpruh9}J zY*5TIFbTH<_Nn{&4S)4r@h<@6@FfG0tDd5K{M(V#5en%oR6?WBE70AyCN!}5;i@xp zM6jVm_2mY?W8Bc`!qI`%ut+Af0H1+d*{f|QE9wkTBT~&r=J~Wp5zb`l+lZh#1H1-f zwy8-G9OGq3R|&*P@|0@GKb79yKt=GXBCXUBzwSWW8<4S8wOvD81JMCBl;N~A<}d%L zZk!3!+zp~@HMMysvoN)8iC>QS>Kq!&-{2bP`PsHi@WDLt8ow+n?2$W@ zm3Pp7=%d(<8U+=sy$E@gjzqrqju&B3Boh^CgAW0iR#4%_IRa$>vJXK ze$G`dT=`sL72?6tRj0;$aMAfY?apH5A%S?*bJ*#W&O5g};&m-8J@+l{8n)&R?eUyH zB3UUqH5Wyfi}NgKSIb2s%quk#YQmOVOi;m=r~r806alR8=5H+@wv@^Md&Z6&g}3KBwi7cFytm;6S#HjZB=Y@C!$oc{R00cgZak zNbyYAMyla5)9jjs5*0b|da>Z*tIrx0vsDFI#cOJ8n?j9##bI1->vmwYSLT|v~(H`36PhwoU%QMd<%dXi4`feE+Z#-6BmlJu9Vnl(Yn(fbRj{b>1~U> zMOma!rpwsCLnDNTFDP*XlVGPR^yM*2erxa9&={&Pw8l(h1*F4Awj~RdBkG8ZQoDnW!@$8S^b*OJ zLapkc7F#gCvVkViaVG22kSD&r_bGnZZY!I6eQLZuTNh&i58sgZP%{kZ* zh!?~(x(B5^?JeihM414Z!J=qpJv<88q=9$)T6lv5$I`L%y@=u4Y6IaCppw&9bGpBI0!Yi1Eq)K}(R>0I9I-t;?d7gFEYo!sOkVo`1(|y zd?W=osjev!$Et+Ej>En9~mkz-MsxR9%PLE-8H!{gE(5tH7KmoblPl7M)Uv>sSw z+c^Dm$)nRc_4S#J+<0QEg)%@8wS9${EeokQS+RYDYVJ}j*~FcOKvA+bEVjY~Mzt&A z9Z5MdkpUB4h0~${TPz%Cn)MQPJ~PNQuhb2PB9_kMH1Iti`AW&rmt0LuG;EK|KRKc0 z1!~)CkN08m`4L^Xvcq-6uP&w!ls_$_cBZ85C`NHmu@(4Y1~9M?WEI}l7R*q#C=Td z2Iw!_<~#@Uo$#HmrqgnR=tTNW<8s5fR~b*r^sGMZ5%~iqRUUBe^f^Zs-dofEEyd;y zV;dAtDY1Fj8;nVZ)u~snKy8~4#x8eb`RBo){$l|{4!VP6*>014bMwO(;<& zlM1Ij)F2oVPxaY_GMUV0>SSUcW+P|*ya(&b`$85Z+L3V6%Ur{U@r5@T+C-u4ta*fR zbRf`;JXk{TeE8#73Ru2^6vs4LO!lO@e{;$KCE)(`Vaer5lsLC}N=2OQ8zF%z^rM%c z{3%9UVgjwb?%aYpOeOj6D>kJ}H5QM0F?#G%-i)OWNhmu!5eIQ24SY=kQ56x0NZ%uw zq$-n}12$YFww1e$k~}tPEPf8EQyxyibA4ZrM)iAzjS8^3JBq-Q(~l@}51R89M1$KsIllMET8xL`jvvXk z05srvkJxNM$zhstL0>!{PudWoeB$ZJhNElQdhU^Mwb>M1TF|q{XC5o{*N6rpZxjbV zk}^Asg&EYSJ>YBzlh|O1>dnG(t%oo+_V>9U>A$xt;Ue$Qc6E zcMZy3Ri!Y>pR(x)#Tb4dMkNBSFoS*S_5u1S{{rEUZ3!MaEogm)quIjNW@3Te5f82U z)g#O5J&)YAbZVi0juh8vaucXtgBsq|vaa!JmP7oKuLQIYMs088ra<7l$i4E0Yxl)3 z${1u>_vXh9E3+G4eWKC?jMmcjLnO+yYMw(ih~`GT!|qvn>3cA+`T%uDp!k_Q*?d)DTG56~DyLXr2gbKd%w{n{+=!-f)0shWf%jB_X9}Rp~deGB`;4iL_k*WmQ z#U3;OUJ?W(_GOjJZ(%7bLk-v{Mv-eHI$nt~ zb^w_jUK$MN+ON_tj$Wj*T`Sns*+OMASpuKacT}J&INpP7$7}!DC4@%sL7_YuV1Pi$ z!anXO)N_!h0zMMFn`~=A1abOOiB6yd8ZZi07%-g8pdYC>9o?5 zQbSf&z@E%7?VT|z_i;hCNpRMM5q0A+-xJT@2IgQM2wKwRD7g)_X7V8C$f`IdHpPu8 zN~_HNbf)T!^|*Bct~!!FIRe?V8EGX8;G-x`&E?@#4D6;;*q_Gm>kx-fN z<9u87S{h3oPA>v8!m*ym>MDXOR=F22zE@e4?}pIb2sbrrWZEK0UxZ;+p3J+9lVxE56Al z9%1+_?GMB|04_g_T1^<=wv2_n0QvzbRx5R$7I54lPlE9j6CN|@0I1p`4GY;AaYL!f04f`B& zI~77kYhs<%*Qh&HTsb;V#}L{fZeATIL7Xi|s4lqK67D-rDK^jJ!1hi+G0sCwLLplY zA!l7mAd}-7v)a)00(xdoeGvCGyS~N7giquy{$GC|L*1_uI$R-KKkL*OTDDDHFJkLF ze<*bwM#GtUaJO96vP^h?Bx9vWg(ix3c*{rZdPpnc+LLTvm0ii5@p&buMD;q)R8OFL zoF^2T?aj5}@uvpR5`#{0o*i^^RP7&&&2^We^3{3%MFi@Ie3f={FEs!MqPrg;_W zpjhq4@Q)AKKP5ppG6Hd>jP8`=UzWuvrHU)7%`Y1{CY!*jE^T}51+Qf;NdvF768{vo zqcud}ofRtXng|;o+J3GCPM{nJIXA26iDxCGmjDp42bHNsT6rx@Y*6MWA8>Vg_|Z(mq2OV4TZ#+I2R5-iM9-|v!yaI z4zWgMoy@O2rav8u;eRL7i!QLCJzE;*k-S9S*&6y61!fxB`IFGJMM zGx97{SJRnx8fvAnX$LAx7I{zQR+KsEQPWOWup`5;?CA}ekQaS18INhB!72IFHwhlC zcupH_+D$i+t^WKK>^kIG!X%Xst0!ysK5e6sx*Sf+sf^uoRNW;NXDkiaVjn7qCU_R} zv5QVH?SRMDb)?6R33ZboF$2yN>gYP*G@y&ckm(08OQ!QaPmf~~eK7+g2oy!O?KApi z_~Gi($UyxM&)zNx+g;+qI#Mu&);W6LSn1_apvDb?FL^u2-J85^>=JwSWdqVuwE5ko z>Ap^upjF85sJJ}KnU2t~P~tA9DheCK6cBZf6>KgQbV3V(MHKiHLs)YoJ*rU#r!uv= zuhIbgXlnDkWvu7Zofs(VwbF!q!OF5-u{!rjLF&-7#G0W+w!RhnWNp>}t zepwD=Q^t`h#S#rr^=`9eQy5lr6m5kyQ?B0TG|BG)*D#Z3#CdHO=$i|$SOKj6JtBLkFq`*{{uoO5Kh6_hF&-#{ZcVPvdvaaH$qL@7T^WY zOLNA}6<=2l{QfC)8`ZjWjLPUK4zV?U*m~Xda_xmM_F+IAMJnaClFr(uc*5*CmF2@j564CT ziv#G;iDu$8pM_h6?>1GBZ=K2Fpj`5JsQ8w-#IDTXLeae^g7B3nA#!NIvH&ZM_O?u) zu+{4>hP%{^EJ%nS;Tt{HVPE~(wF8OtD-gkJy_B4e1Ron0M7o0>oNQPu13ww_G7TZ2kq?QWNK&&?XmG6=wYi3 z=|45<#sG^pdVfO#-~?Evc8|SqBv_}@)u+rz+`hzbgdzz?N~I)`iXZzY!0RIsT4Zya zsy>=%EvWC82!NmX)Ff(IO6NwOewWTQ)k^Ai4*OmYgsQ?f&ikWO8)U@0rfCyDK!;{ZFc`1$&ClwBZG z<`~NlVlBh+x4!k%LS_arwdTi;bI6Wg`mXXnyxmZ~?=PGad?v-~FWpr7+cLjbhx~bX z3baI25lpw@AsHE_$y)p#JztOSgV`JYFPCDUedb_<+Eo2rR;SOE0Fk#JOr(t3IFV3A+PT<9={h$C{a~#%L(;Hz@^{}C zMR)v#xib$@503<8Pi*hU{Xy?nlo-^0q8EBHY{5iQQ+AmFtjcC7V7B!CPe+bxS~lwwPCP^$%#M9f#;I_uHyrjT_==10yJV)PK6&qzZGF|WI)a*48pp6S$a|M*mCafa7kQ&@K|&)*-XRwYsJtFz;p)g9x4J z!I7(pPS8ndEY?h$IWlZyB6`^<5bx9Ee}6{bX&e+TEzBzmYTO( z_Rxl6dAJGi#>5pA|Az4<*&ybTO@3DReq(MR?+VGnJ)QSgGwN-*dr>7ehRyIf|v)Fi4B^6nYs$c;jmiVUT}t&(Oeo`sg^JdM`z zi%9=npvC^+tz*wN)kU(59YZIx6*N1LkTR8hWJ+(ROnJHnY1y4I?NmObt;VJ=LwT&q-$b@$=t*Y%ejEE9cqYO7RKQP72j>XErO5zr=a>FtJtJu z11)6p6TotTM-BcB!us*1KBxKoub3ARmkNU!MF(((UqpUY*lW(b(C^ z9H6&jmh2mv@Abi&-!+ntS0Hegyp2=Q)SbGvOgXQg4~ZUJyTq6Vkjh4A0U?~BTtlZ~0 z+i3HhPdLCL=rWk@m-duv)lf6?O*5uqJ#bmsBP!Zof2J<-S~QC`u!X!s-he;gs#M0i z)73@oT(JU);q5|a?#XJSu|`G(3Mk;H)hdHJ4VvjRQvZ% zrg(pm{<}}Xqco(fTk&#k=|eJMs7)Cv4F4qfd#@aJCN3$qSwN&rk#fUIVsHxzBdEhp zYV}cvdG@`JGKMP#3bW&glg?3OZ=lmEl!p*;^lb%V*oHLgSPMynWd}Z+aqpZhgPD!55lxW{edMh(kpi)+ZC3jcG3vuQ=-VciHv7+y zIHSQNZCS0Z=P+)dC>&xZM4QJZY3;OY8!ocki6!}r-H^kW+{C!6;6Q-bP_p_r+PFH< zA*(+y({Y(PLU)VXWI_eU60_(U1D0X9gSAmPI(|zo1*-zjN;_ey4H}7Az}`qiVF1s$ z2G5IlHFsYtxGbaqY5ly(a3~Nxh^2+>vwN$GVq&+#jl6rIKN2g#Db`ihe-P{`iGPn* zB{F=F-L67XHP$Bo@4p|0p(mg~kW1FIdJrxqNM?@CZVyqR)N<$-T$So>poO~;qNQNW z57`*A@WUL`z1$IydsF#9a^i*h+?JJkA=Edg5~5N18z!lM=hZ3mm?Z6tJ%*|VL0~G+ z6Ah^d$<(=YT-B76yF6VL%+lrt*L zSE~S{-KS7T`x4dy!=(dChszwuAO-ZxEUKe3QoiL)#}+P=<5j=QMCLQ8GFu%}ZQy8+ zd=q*8f(~v?ZkQ`8&tZ}zv)Uk_42`Wj&vVw}Wq)iS1C9c?8wS(>+%o|V_CLGJgCSo0tTEsb+`NgzpOc~NG3;t$ zBMi9eNy-hYZ@be@Bv{c=Vl7sAQRFsr4~3c#XBr*F)`o$66Cl@QpP}0j zsGpe4GcQn>bj;+lrq+SNrWOcr!`j*DFWjD3DV-zF*THojM9Aw$h8@GDhyiwVy)3n8 z5f>!f*(0q*z^1j1syrTo6?w^GKDq}l8+LvX;B#~Hj@z4qL&(~mDMVGm-<`^Hg;O$s z%En_Y2W(%eiBjm6-aThBqmdASbBTyr&DemT*L>Ll;U`{uGS6M~k+{_Isa)WYa<~lM zDd0vcNtk(~6cW;#CO7u}@Jt6Bq2~8XhwQP6EV)H{eNqlU+sL7Odr|-0k=GHPaeTHO zio^bP^4N2c;0qz<-KR*lu()a-wjm&uoHBPqNt^d;`chL^q2&>Ubs(hr?k=|lUJbw4 zb|}~;q!{;a7UDxOn8Krz!K`A2Bw4Cy_!hm!kq4^R+Jr%!+bufzRwQ8+>0M84xA7Jh zB|oxa`gR7YJnRaM%vCSeKTo>}KFZ;2r-pH4+Kx(wZm`r22ij8+H`?7+SH&hTT8-1$ zc!p#tfthzr_Ysy*cf%EUJ1Kh*j6B@reNOCL?BspyOoGx3oGKu33+HPH@U^UE#1j3F zWh~o@(USH5elE`%zVpr&V^i4{Wrw$(-C; z5WTvH2XojIhMWcdiUR4lDI`})YJF~3T@3q02*@m6x;=f7Ck#jV*hXLGl{<7>hsm0Z z=?xP}rUg|S3qBmNZ?Xd_sE??J2{MAq@4)b(qU z7>GXY;*D<~5Z64Cnbv7+m27S8%BGl@whbV&;TdggQ>^2cbt-fM#)A}=pYz|Jf{1EP zv!9lHu2FthdwbWM8~)6Fi-=)%2$Pfzx)E<;Mq2{n!_aqmEed#u-olMb)XIFw#C94x z;Rihf_k0J>(3;>e2$E1zPAEZyT8+Avs+k^GZ#}oc&)*PId`1@kLlVl#@W1NOFf%YQ z{Xa?QkAN|DJJNrwCTs{;^oJn~VB>%!(bsj%7_o^p4)e}1uZH3GroSPSOdb?X8aqj& zdFmjHEtj^dh$=Nc&MOl*oIYL?`@XZ#r#S7S`Q-EwcHy%$!_+4;U+!A}a)jja`||tn zK#j!qe&6`7R&!!iryXr^dAp#et!!CyeBF7y_`KZg(4GtufBA500Pf*lhE`uNaC(bI zds$WocXRpo*0S1-zq*C0Jui`x_#IL>E87{w`*9Nqy1DrN@cMil-F$yM&-!sg4=?fbExz7vlFtz5 ztQ8K)=Cv>ITw@0~>YA@f`xLyyj=EsH|tlFn$n-Au;EI=4 zSv?;qySORs4;gg_!rYVkeS0kVQ_ofCZDF#424&cTlHcnPg93^cPsKqgbgE<_(ZEJX zoC*A^-j*LIfg>Yu!QG}K-gPY&Tlkt?;EcAC3JxZ0cJLbaq*okifAi$}sp+)eZ~?t_ zP0?FU-yO$FL0uHyqer1vxXmH9)skIpz%~?iX^3ex{|E?#eKpyDV#NcX#N#rq2{#Gu zAsE2zEsY;EJUHl+(q{!sZ}J7AY1?iob~O;AeFmkz;%UKN6|Vk>X@wX_{XGYdJdgBh z3J!gb#%E4xqdzHRy9sL3M+^7`z-#p4psa%>PG>Me8I}CbI{?VvqqPYPaym_cudUPt zrkt{dM8y-ukwN(KUH(lqx1Sx03M9hH-*@$jNLWmY`8^z>{z$ODa2yHNlWsB>&L@F1 z`^!hGzd?*EgpQKLMVf!8fja#H+)ah>J5}h6$s!T!9P1D!C5uZ&HQ+v~6?u+U!?q&N zGoYD{g`L0IprfklTB!XRD53Uk=uU-K-A0&7G~h->sn-GsK@9k-FNYer(^ zloOlJFGevP!o{M6hsUX&uBxJ?ZK>ZO&Q_j@95b(PDBpY@s0(idpFCD5aPxuK4d&Q_;%q-g&A?S=SeHTswvtA`rIXQNw><<%G=mg-nh2^8tHKEcmYn*FkA{yPU%!(!$iuG2( zYY0(V+A+vQYP67P%|>3uKI0RUcPDOXDpJ0|KFJ>{g{ z;wQRI(KRGhY!|Fl&`FtNTcYn^VI^FdTw+FqE#n#kB=cI@+3y|sMP_WxRmK*vVUFlk?WVGaD zSwSbFoF<|83v9rwQ6Z7_)Q@G?qXC$OEKAJXGR3g8A0%WpCo81%1#s6cB^^1E$>zC8 zhiUP_zRZuYlm|v!mWN=LL{=W~Nz<9?Mx_vSd)0u_J3{583q*}WNVjd}jZ4L^r{50t z$tv0BgUqC~8uud^5{qddxaoCe4$&S9R?47bGMwZf6h8(Y=VY0{mpblRMbROYJht6u zp}SYeb5~QANpv;BWeHK9jnwlU#)HY3rp-NVxTb|~(A^T`khLk4Q<>*qI}g#M|1cmJ ztg`zgh(Lu4tei(p$;4)k7Rv5HrZEk`q5hP<8@gBT&ppeS_GIordbw@Xv<|9MPxr`1 zrm|#;YwQILXYf#sMGaKw`|CsU1%tT@Gx;5PtZw;vQ|SjcP4;Gt_a1VrnO}rWM)x6I z7N^jd>d2no*^NHe$xCUHCT%`-!_SU3VnPDtpw9zS`-MQk4$@>8 zP^&Vkgy74H0}Y?~?5&mvA$nn@u3hZn08^|F=Sn(WC*|#Vu74ozj1J_M=cew7{oV2$ zY)c^q5GOk{6_<)Ut+Jh2NX2f~Ycgb9%7cNpQb?K{k3;m12S=FQ$vuwg&SCuW-wXkK zwYlbiSxO<8@jPp85g)+QRVR%Ste=$KNc!%TUy#fw+)x8Emd(mhpdj?0%nFT5Z@7HY zMOd2FoyMw~ECc4TA>%z20tU~Qe8!x2FCNvjMO!KZBwA(0u~)(3a2NPkJgW#UqFp63 zDVK7N-fNbNAns#b!R36 znj3`|ODda>`WhkXV8$lx`gZwLW2(ndolT0{-KQ$mEy*H}_yJAI+}qg1c7lm3imPsN zQEla8$4E<1MeG49i8ZD&zdzgRX2ChL2%QF`ej{^~f&}vtZy~qIbqcO(Ek@;0JF}gS z<*Bl5yz6gl((m#8$WZA9!P8tlQ>I^r`){a&u(=*x)2(=@{9{O_zFfbKgPyx2soA#- z#tf|?eOY)y7zn5W53)1|Lz)G&3aTvPX-wd?7d&KS6zXhZ^Xjl{r^rTxLmVXvahnV@ zVMmg6t;0RP!GZ6RP}=S)kG9d;NR8Pr(<$566uZj!!{gF>GRhWrXVSg(Kg-o@NUPI0 zQBKcalQZXiJGW9kmMC_#BoN=!#E8!b8-K7B0daON^P0=qURhK7NXneq$c_rvke2m~ z99R67TwRtssx)@X_bRgDN@ zS5>5QiQ<^zc2l*At+^OVYY#mDA+#l!ila6A_qwc4$>TG>64FC3d!=F1uNO$eObZoZ zor=cYNn28?0kMrly9h|`MNoQx8bOC8 z4$WC;`Vr(>|Hi*1jx^zI7&|{d8yCQ8t+XcI?eQ^*3_sX?2Khb_U^wYwWtjetr%9G3 z?oA5)-Ti7}+Q2S;Z|+Vu*umnBU(Rh0Ya;M4&B@C8xaKra8wBs?ozI)c+itTsT`9uL z^P@@dB*GrH{=T)>TbACp&Njjce(zvCr?c|cmcR;=o9m`hLXS1&z1H!2Jd@LxC+F|O ztRC^2?{7-IZw?fykIWYR(<(ndo^Tt887A`p7-p#Jw55g0vmZ`~YmcgL9yAb9VWlS3{NnY5PkFyX$vK+j-d`N_D;@Q# z6@dbl`Nb|r1e~Ke2NYiw9B9gdYqo4j(wG%GPcUnSEK0=Rsen@E50gJu?4FBGH;~3q z>VAC08S^YapLJqwpdK^$;GlQB|Dqd)8xv)qq**I_ERpVd$RJeoLFq`o*z9nl96BhS z@aN^LYXaY;z>ds#P1VWp!+}4?{H$LsBEIt^xQAmWT|%GkVe~?zBN)P66j_d`@>a3; z{Hb3=@};Pha~deT&}ZkATxlQWBp{*J_jL6k;JH^>6HMzmf`dRX#r(=;~ZE*o$i zBH8=v$$ff5Ajtx!`qvS$zp|5;?mmyb)x7LWh}V70bj9vY?7bApMkrON!Rx$53*|Gz#D;;WOhM10YomrhC5 zf+IwBAsk7pMaZFSPd}f5jiNGDua;QpTyoX<@Fjd4_Vn(pX6+cDeo_HBUqv~l4EY_s zn%LCWrk;0YQWrSFn3Wl1LiW+vegHYYs$CAu+-TbGZ<2vZwAlufP|;9NIUOKbnXG(uTL_8MJQBW|uKHKC3=P8SRH+_bR@ZU3AXkl$ z0>0u2x)%a}OF0T9MyaoB6p(MyYZK{=5(K4wcZwoDu1>_*72~M-+mV9Vj(S-yaDnq{ z0eXQIH$-c6wFm}tS{u2)YeZwhy%s-@XLo{F&pm>ym`XDStpp84ORApgvI`NHt4^U~ zOhksG2F`*xPbgGr3!~}uD$M(7-yai*+BQAsKI3rrfOE{cHWaK15Y&KN(P6i!iJf4p z9G)PZq8Czp)??D~!6(b={fL<|1KWi#UtHpZit7}h(&12WVpG~~%%y^(nGkAA?w(j9 zo#}{bz|vXL(L6CQ(Hb+i7}pF=>q>4u<3AJuU`6ydY*t|@K} zDAcw9Vc6eJcb8cx}F)EH(klRrGg4 zJT!jWVw8<$^H;lW+hLv7a7$AOSp%Oe(WthG?^_`$Hq1*JQtM2AtB`$z*t=P!Y}1-t zvoM#}wh_J&Xh8GO)oMG^u7aULljH5!b;zgOTF2Syyzw zrhw_&1@Gox8tgjr8mNCekd@?0@zrw-7p7)G-ZCe6q_~)%+U5%`HvVWUW=eW;UDafG zW43N$c^c!2Z10&-Lcq{%`KvG~Jobi|!yu7|x~1XGs*%K0L21VR`P{BduoKum%Sz$v zvAxG6fMnZ^r!Zaq&f$mGX+r7_1LRj+7Er>DBD;IUHOxGZ;pR8tQ5vavOO70^s#}~o zf&W%1oeAy$3eyi%as^2R?TSYOk5kqks}kh>=((M!CJIH>rXk32n05lmQXTUsx~9PMVi1di%X?{N5IPnXn!x?iA>a&6ew zHVgH;<_-Wq-2Fr_WALmMi1xJxw&FDFWA{cfZ}ZiT7|S(ht7VFLBDQH{&mR~&esYA%x4YW!3h3{k-?dYB#Kk2<{1IR`%b~Te4xzY5eD~Q07S(Qt3uM&= z2U1@En;}V5z#V!A6ygP4(t#=7S^qY$yZ$h|OS~nyy7%GeX?dxvU-TU5KErEg&1$xS z^v{Nfgu6( zVM?|AK9Slvdh6DKh1_d%(m5K<|6%N%gDi`Z?cuVmF1xDBw$WwVwr#u1wz_QFw%ujh z?(*;U%)EGSzL+m!{yC9xPQ=-Fugra7@4T67algg8Ucx8bSU2D+1hX%rU{t4RWK)Hx zHO=VTE>~vwjDZM(udf$%GE|)Z- z`Sw=s*cWxgX-lSh`Q9>dXaW{ojGy{gcT(MOo{3Dz%ACgLoGE8Z{tF2?41X$&UwA%; zXnlOSw63t1L}t^ZECMaQ{sSwfMwKuoKEIz$^xU5JkxIg4y3+<5PV`R&wVQqdHqR6^ zx9F(%1G_A~uXZTXPnMkZ&&IPekl8B3WT>`Zcpj~6O_PxcZK}(Us>x~0muqFIHWc++ znf5J7aG&b3`CovV|7wW};Bv<>di{M^f=`eiOzl(uX=D4}wInbzF|z$zx*I^kL;}#? zSgDz90B#v0j)bhm?1cdAY;}h*y^z5?X3fQXSK(^`EKG_QM+(LSmXd3Nu7pxPx25+L z1+=k&pWUes1SN+%SuLUjGkOSmh=#Qsx>Nka3wnrmn4h2T`!@p;2z!4<{1BZtGYaM` zYlYO!VyE|hHQivx`gP;+;eR>-7RGM+XE%PO^C^Vq-ozhFeEyLUezlc>+mUN?YsOZi zS7#b4?2dNp7r@?D?ErcH(ZS^6&%HCvDx+Ua_SX|Nou6SG)jRjJ-;IW!C+8?B+e&o(h@%cy-(fH#Bn%t z0k6^#SWpTyA#Ni1x#tkRS7@;85hqM>s9$|^vIJ{|v!Q%;fPz5+>6y1bwEJBTJVG2f z8272)h{4xWpMp@u2k?MTQX5ZVP#^#)X40Af_bm`hzpO99y~mgpr>{b|XU3UX6R;Z5 zBcJ!n7C^IdybOv)DL+|6lXapY14h--l=wf?I&Q!19sVjV8jJ^#W4O}?C`rYj>J8g5 z`wV-@-F7p)S-sQlH#twsj08LjiUO*;3uwU7d)?`_aE1|AL_aGWbvtF9VvZe>NJ_kU z_=e2(n;fPWSZq1ir}IjTkWEkv-lJ#!w32H*QMP(xyrkrexpnjV#-3Lnuv4fEU=16d zL&gz?%)lJxGDtHZMC=R5wmI_9R+==S2Bl0>w=fWIiy~okPfCbmyDIL=L@vSZxb+4uVM)KkAvcBZ}ma&U@Q6_6(Wb7Aa|Yt4Ye z1fX^gjfBAA@n4|je8Q|2I%wspbZavFeHYjesmVIiSl@@WCZenKBo$wtPUUI)oX9`l zU6(Q6CdfhR1~-o&nxE=+Dt+zF`@CJrY@HAh@qxiC9_qBrv4YTK!ALzZTq05*Hn%xs`HzLZWCXFHCP7QOWOG5zO;lSg7MC^ob&g zL*HUBqO0gPW_--IV(DIU_S2bhs8@@EB^)+u&AFj~uImlbflYCySY-!WZS}|Z9@mZk zP>JOVw3rPV+ZxtKX~^Ulp?OB`S;4qvgWGBOC+^9KC!h%U+#rujXOdEX_=B5=1U;h! zTl!pZ)B4}8V!cYV2YG?myYT|mK*Evu8^y1A^h08GogSKd8Wd5L){!QLX12p0qx(pe z3ZQ0dTf<%q~*WHJnUCY&0s<HpW<4nuR7_J}@s`OZs`AHq2x>Og4Pk$=5csW@_X{6@>>~mY&yu6U8(Hd&o&1 z8sMKHVR7AXu}Fb-KA8s>uP|<48e`etI%pFPzsL$8I`M2Lt55-28})Y+(MIsb<@6!L z<3PbK*5yPD^?4{e&5IQDPYunp_O ztH&4|1|5>KX_VTrjnJ`d3*K-cnUEz7S+rGrW87=@q+Q>)AQbYe~7ytBmx1~0# zObtd=919kaJbsQJHq`9gPP$ItlM%qa=DU&E=3&X=4{sB;IiS0Uz!vc&>gUQ)6%K1j|vj6-7NPQX*S{ssBkGS)MMpLjAZNs zzlu|eDiMoEdzh@HXRKp0g{iY^>!?C~gEpLTuz1Q`5L%VRem8*exg}@M{|UqbzK{wt z9&iF@p#i>W;zZ#fK%durUbP7&t}z2YHzjMfSvATQG!7Xn#vX;sSmIQdAqDQDnyjbE zF_DEx9D1De%*MzMT3UPbi85bl8A@XLqyuXc^gd|bUHqX1Uw$CYG`v|M&16c5Dnxca zSx76CMUWgx{F4c6b++~!NqGy;^}ILVjGD~;06Ia`4@flHI0q-mHVzZ0&mu?@H@UJQ z5{d}jg-$dIAFT-DXd6NBsx7HGLLRWK2~Igg5kD{02Z;}0iZ{c$~$))S5S-sBzPp_Fvg z_8&9csB@wrqwo|V4YZzaPh*P<2l;uFS5YnHw8>SD>)?^_j*>j4Snl$Q?9*{CY~}&| z@Su4O@>Vb^(Ij>u`b+T9%w3?ay!KxEaG6D>7nVfxDZdrRi|i{diI9S43udnpvthtQ zHjk(1Yyf!N@Bh)_Z#gggoiTmYe=-$(xVP_beqt)Q>u*a zI3rHzj}spL&EnxwbxT4QE9D~9Bw3k@F`3`@Qu-rA4n@!A?vw>`6OVxL>~W<^l4cht zh*T4IdZab(#{-j4(`l(Z1D# zo}$TI4+$O<4Q~|XqqLCk!Hu)2&;3sAti+`&30(c#j-HRE@PPxg6kJVVvRc|UpW)HA zPU45-OspyB3UHq(s9;`f3VGpVUSTTP)hXRM-rt!`0YJ|;?cq?uSwzZchHhjP*0H%Z zg4e|2OA9&j8DP3R79GYZO;qr`Cl=lW>G`N1$f)G&>?!Z-xL(o|`5nk2nrBzL3=f+I zkvwuu8GcU0G8Fl6w6;$;9)TO+UeWlRS#6$M2HQ>)hTu;LK;4Y7T8VUVtun~Z&ZD@m1>a=|Do2l2S%jV-xVj~FT9>rq?u`* zSMG&6kdcy^)G*m^zn841diLOQMTKlpz=EawR0Kqi#;zD4%To7g!RwpD%EmAuuoa>> zXO6u7%)>o!oTc6y0uc-zkIkIuj6Zq=#8$)f()LG92BKJ&$C^k$Oa)E=a#+Qtu|9oh z5~ugJ=>gb4T8$-u{P7j($Z?RW1VU1P+D*;0=Id_+9x~7kbJ0r$M4Tx7|cmsyO}b0`>MCBU6j5*4kBR zlwaO*H}6x4&DK^SdCaP=XH_5Fg{$a{)P;poNH=AFdN$0Kn{w6!1~`3VmZvkzS;0oQj0tY`VXzAB5<8I8iRb@KK!m*SD{vD3cU-Tl_qDkWE}?gr1nqj$}pbYGU$v zn;skZA_|Gv6bLcs;HgTOl#x_j7}JsIG7gzFk+m$Vk%6bC2m8*#<(UJeiC(+LkCv4F zzOSR4&)!*P_d^R-t!$|iomm!dmUG&9_r>q`*SO(-IM@7_x`Iq>EdN%W%@i3U{fBP*{yD9~ljYkuRYdyu0nhuos@zslwOEsTB)5ePjdO94nneqeU z{B}uAL=z6zuLu24?m{5van;4%-t-XnrtWY8KhB>-?*M+;-Hrl%??0D*ke#+u z`i+JuPUjapGz?X3D-7?qw>O_RZ%ta$VP@|ij!~fGVEro<2a* zUihU&xRS-yX;m@4`;_dCaN>~yP{pJ4sukCB>U3~lLx1})0jT0JYxNd3`*@oWMB_&i zVxHaL;DowL13O*1xqG?Uyhr5c?fG&*iYR00pLn^M;GQnp#TD7%>dd*x-Or+)?kjl) z`orZ|qTLO74UWUVPk5U<`YhZ{a2;TO&AIvQ6Je!k=2_Uw4|k!+VXt+!jd44%Ciz^O z_k*kR{ro2On{td}4kab;b5IMMU2h%)W%_=9AkNIOgptB9`t(-R{ z_YHknCJC$Q=f5}A06-J9h1`MUo4{4*oyP99kXmLV=6Kg9CV2zEO6 z9saBekAkOE8UAK$*%YQ12!U+Wh#^Me3mP*g*pD3%N}r2p)DV}UPw)_;Bus{*bvjhWP@lut+Z+>Uwn2G5} zW*bQ+=?&Qlb-R2leCq7)bW@z`$x757o{R=r9!e)Y98XGyqAYl8$r)WoSxHUfqVIK9 ztu%_1TA%C{AfOV?S1q1oax%}WEiXl6^VClPOqR5##8#7WC*Twgy(n+;L@X2TlrX<; z&kz9}Z(w&yZeYtgHNxIukEg*5{P%|d0}(! z%LgWEVFJ#PbQ41nt0s9Iv^au@4w6pEDm*^Zs1J1p7JvAAnm?*UgX`TE3^i75O#-f^ zAUzf)?&wk$SK^`_5o%_Bo0Oi^Z6QYrHHgm|!f+m}f8&|TZKKWK!AWwIN3|dzznwQJ zjo}K`eD9B^Ho08tnV!B!Kc;Dw$S!0NX=4Arm*la!7$0+B!u6iypC6?W}UmAVmUB=*41%M)L0u(N$i6>bxx* zOtwj;0##-+P84yp$v8HN8xA6qn1FEmxZy&wa%=;i03{@=eiUP=2@ZK(@MP%H-Qr z4RT+hNYJ>?Zq2v)UX9F86k{y#KK48KNt^d()MmcrJ=9m(*o$?|wq} zuN4plGr4;f%apL69kRs@sNe)?54nXO(}tuuLIv|sw5pi8?5}EXyW5IIblOU1$%H?6 z#%>;URN)|=>=gde>SeIDUA_IdxI<5AfS}B{fQUNUCq0i<0!JQIlW1~c4`&Rsendm=!ks5O}HL|PWsWcYNf$Hjzc zJ5s98aye_#uh%(^2JbOl$Kfs`>}O5Uxi<1m+Ht7KdQXKagYXy^Iv_5eQVDW8fu~xv zk;|NdKvG19g$Wgzs+o%EJz)@yFRyx4#L`w||1>l+kwtiqQ!Eizd+ADB?aoKRf}$-e zJEW%cN``HGHLWB%D*(4`aX^=HA_SL~?~tp4A*=%L<8G#S*uc;AOZAb z_=VN;8?WzLWUR&XR@Ye_zSbd3a?NLg%1oBXL%qmZc&H(~r>euLzn{ExT9_)n3wLo& zon~X)z)A0i5Gjg`f=IHGdW_ws*qjZYB@HKD&`&WgPqHYrjT-9oWgVslCUtte>|r{n z1XLhw8m*~X)zQZ{_EpI#wvokSy?BPJ_>Nf_I+SX($`4mk?K+X<=DMK>mg&5poo_`y z26{#{dtJy#TzK0*vFj%qJOHc_?zMtnSl0A5mYe;(oUSchb?(0lb^0#hyuHCe)iBC% zUUTQQhCHZq)kMM;GZG2h2D;`QaEEbjBP^bIb%++@MZWpz2nn}4Z zJkt&7jo0aqSoJ6->YSGN>KyIGT(@3 zy{}O>tG8z7swxa(T&AMVn|Uo!(F&tb%m!6U)55AL*bp@Ix*v>$5Q{s8viVIFaw@!H z(_--m{nS&aQ`KEkeXgo;OjAjVRCoX6w}P3T{tr9T|5DnGg^`)%-!kqxGO-8E$X$QC zoPj6y*r74KpyD`c69;TD)G-ASn7g>U%|U;^dWeXt>jhRCh(3*BF{yFT;#y}Q2chQRNCw0v#uI2BxL zM)XA$)E(JIV;ACPD?jshZ}4q?dO44-U-G`c`!Y`sgZ>&>nU&crDSAutx!U%7MKF#H z>Ka*rZZKV49f8Pv*jy$qaewDg58aachr*k0>BqWOmhW%?^w)Lw7pT?8#0XBLLvI>x z5^mF>8{1j{_0{0V{>nNcU@x}&QKEMx4QH5gb9?!8O)wJQ6I0N5lW@ayzbzTPPa#Tu zakskuj@1|)F*Wik{BCw}zcGEt&FATXz13eg$zD;!-$=(XkX?yfF#V`cnMcD6O>K- zCohrKl!3Jhv(j&x$jzRx3x^HCXGWAW_8Cz=-?8D{bAf>?B}#K`4X^1 z1w2C+FH?K|9}~*``kyAUxMG^1I;HwEhh?I7IViG7nbI}kKTRPh=VPdUn*1=KlIH4$ zCs)9W6o5Aq2g}!NG5*txV7Qq!_=iaq$MPdLLFoQ7V3GVE!z#EJK(fKZnwq~br#{$B2XnlMtPob@Je9Ib{YEE`8%#GA(-x$Ks z))KSuSJjR%oaI4Vpu`HK{to6L`y`O+yxdA=VY!PD6+5gm9B`;TBz9iuAT__(Ps_o@ zJUtgeL*1wcxJTnO;o!U%bbB&apow3Ee`21^YAZOm+DprD;ks2?X-pt_spyrkK=MYl zk$_;igE3(4T;@aNZnSnK&L2&8`ma}F{sqsdLB|K0psHb*RzeB3W#?q@k^|<{dTPA} z0Gn#-Ap;k4#q7Ti<1tC=7%Ys-JiS9t8k%wug{xsOw1@uZ&uVN6btjbH96&M%q zABn`4Dq2HGg1&rWytL3yPJz#y5FgS=)u=ZpT0!G9=D=erTBJY%*}%br7Z(p>#gedB z7a&3?91?(oCPKEvpfx)sAsMD!5jW~74I1Wej-p|i3zIYIR14W$*dR&@fGAPlo8^iL zf##TsPtz<~HlY}UuP;9RHmbNG(zZJyW>Gyav0!v?WG}uztdU2Ew|0)pDk+foK27Nz z@0)A)etv=nMFs4oxNPiX#VmlWD@|>2RNT4rAI{m*yr{Apruv+y*#V%{)r40PXNb3cHoub)@RT$%&Bno*VEfIT4Zu^TH zt+FYlTwK*Z#&pO4}hI^!~pw00=ev zpxkV`n+jusqd1}e8*5b-|BAJ(u@{#1!hZ$UKTwOAvdQ_oc&s)OSepL2ILgVGXaeR^ z?G~`0HXJdt(^bqLP84Wk6%m~qr?Fdpo$wrC{7JYYENm8C`uAYNZXM#p)&V$YYt*qG z7BI};xPoo@r*piIuT{Jor(s$MW#BgwM9hXc+v7}}-%S2-4_EX%A7(5*Z~39ZSwPIP z#x4eKHv9%iOU(L<@15jR-XdKi2`6uTO+W4FFC*Kz!1xn+0A|CDAA7wGCvkvZMf&%p zyMIx$?pCq?x3%LDQxG@3%=1?L|GRhqz+odGPexa!_@oKLTuR8sUQj#1a+L;XH5Sel zJ(cZ5^L+RECG|fL4U6s5?T;R45B}SCz~JA$1E#8Za|L2eJd(V#f1wS`ZwS!Bt^Cy* z?1+c^`kHJVXnjfVlxC`hPLo$3V*_ZP6~BF%c{b;Igydjk^`ZDu6>g zY~y=>h}H9ZSp6Rg&ZBJ5SCo>ZQ*V$?!ax=@IeB%B2@Z zFzh4W!V08NU)>h1&zL7#6>J}`%Fz?OJiVkDQ=Q$`h}8YMB=66(3Q-uguP2*sCrlB& z%!HZTkU39}5)cG#wZyE7@7+qig@Ms}DGCjb@rtJUDa=#LagihBux2J8Y)R#mC<9h%o@jkjBH#llJL<5hz5#ccbl}!-gH7gCTAQ^PvLQbx z+XH9axss`?=d6*mVfC*?UNu{l!+Pnw3|CMUg(?rwJ?Wci7m=0hACp?XoYL`^9c$-| zbcd+}AiW}M%L`hvZVqvGE_{)@m(|hH#ca55n^39b-^4?#3g`_{z{%YO0g^qRL=^1v z+tN$uxi;_@r%Yo+iCCz%RZBS1q8gPCAkQYyv68QsMK4rc6}(KjT4$Ot_v@fdHb(;) zsLv@bkNF@dm;tKG*aPvh2UKw=W@bDsi4U|qVO3UlTU+HZTMM`xAkENl6%GWPi9|D(MT3amP=pE{|CteDceykEB}htnbvi>k>Ovx&U<*-nxawB~*+% zEyh!64B?2hY=&2z8r260Pd;jG&X;Yi+fK9jr?LRNT;v3`>55Um&+}u%T;F^)&3P*G zw-e}x%0Ts(k1`$Ff)QYQbD{>;ZXEaKDig_d4f)mW7;K*U_{HWOS%VCf`W|%&g7?uv zdTRZ?a%8%~*0b)AKTMgUo1MR4tm#ry`Mof`TCp<^Nv+dC-Oim{yJ#Asvi$5WJZ=9N zOrUks&=!^1SZ4gmirSZ%($@DMP}HoJs!SWE6M0HEmjKIu0ZOeXa>x{<$j?%X1Y5%#scFX~ww#oZ%e_414d*_Cthk!dqgp2oj4;pfSh~ENsnK zQ~})G7&9CBhBs9av9XmUDRU=Ai6bOnGg~!#%_+~&9!J9plG=cD`d8pZ{FbGI+oT%t z@;L5;|1p;Xr8mc=*JJ@Nz3DrG9j1kxjlx_f>PbM@tHhb} zd4s}QLT1I(Q?j6(NTBPLd=``pPr`9RHm<2VWh*_`oVZZV=55RuiOpP5iCW%0e2d04 zpyalrM>4=H#^v0OQ!iYN*3fguOnZo#6u{NUttoiq7>IJpqiqBIjmWc=J*%p}jY`|X z7BT3?o*}?}`XNSKI^xjE)SPAchxQC(J6LYuj*&gWre(r*?|o|VA5agmUs#_e>9=~R zJsy`VWsqPN21h&gV=1gc`gY%P2q0zy=35UyK|AN0%a1GF z%8!mWMY?hqJRQ31QNBmkts4V-t;j2ZjSsS~i%eQNNR;AVZ~P=@jm?YA7V7(;mmGjF ztH}QRkz2>o2BFpSYhoT_|3nB^et1r@b-!R~P$~6z?l9*uUt~jD!J-~6bL4gyo`5OV z7L`C731mq=q`?EKc|oSx`65g8rEI$;)2`hp&Kj2`%7;7D3KhYc8aVvtrp9Zo$M9-r ziO=@*r)D3Xnf-p>NyY$~S&d6t(BS;f{^&oSEKubYn8^})Zgqc*8jwqo=I9aQ57#TU z>1>X7e^z9Gm>Vcqajt}so6OYlmWc-0Gp|9Aod|7^*tFJA3w^C;D_`a6!_AFS{=rhvADv#J0k+H#ki&g`L9dUA&2&C_*I;|U=@sJo8K-QNr z-}&q&u^X!BrZ+E8yT+j1J^qrN<1+XU*#?&XuD*|jk%jsHW*ZK5Bz;~oJE7j+ zW%vC0Mu~z?vfH%%JYF9q;I@kGO4v{L^>PnFe0|?ePuIV3{+y8e^6Y=!(#e_&`qmHW z2fc+b{L}p6u%$+hpYP*-naoZu_vZdQF*Q#c=%*e^TGxA4pPy}aNsr$<#50C)Ytjmy zdGxbw_YC!fTtlz}hHFovu`z>Y*zhPX)XGi7sBK6njeIiXKVG({K z%hrAsR8T$D*~GD4PWQ*IoZrX#vtQ@z%03=n5AVkZH_?MyXC)HV-eGVYy*qg4=99^D$mUMXl+iXub#Y}0OFg?I_bz9r15hv`d&@jh3jIhO>Cx~Y6Mm zHy2)!__KK%bel}aF9^KAWe2OO{e27Cfh!d3_wV^DJ3YKm#1K#chf&)?ikX6#hmHHy z76k-oSukV6^PJ%1AiytgAYa0Ho|l4dz*JPH2aLgB1V7B8*Zf9d?l9wn>PLdM3Om)f^$zqEgmvi)Dc=&Qs@-8S#3tGo9aXaf5D@m52GljEDsPgt|_II0_yq@@ldcIASQ%ScUg+BPe$Z?#zF zx4j{yFQA@F8dgTe_mGJBM~HNTlLXXI36=>*KU!*c5MOQ7-hpEYbJ?6?nf)+N9tE~8 z;77NZ&M_Us%%(Qu?V0&c{Gk?^-F1KT46 zH*UCg$OdQ$V+@6ZfvZWd)>#Mh*nVyM9y$v{fOMN0Y3I87_XWm5Hn^-^M@3St#G(h2 zimEXeXt6Ux#EXpMn^VG`y_Ht&4vV_}kO9Sme`uVf=;G1hA`@Erearm#s1g3I!O44@ zv8#9D^)8dUj<3boFKh#L4dO)YGMkQBApzzh2rZjJ@Cb50`ysBP;?6sAG#KWBKy-+9 z(#17y@_4jPKEA#gJ{d4SOZ|NF@+)U#xOp2%Tcy@n4|*JJqaomjHWZDYCUFx2;5AWx08H) zc$ipGEH=vPI*>JfEn?cb;Id7XHdi%(TG?Z^z!@qsSEdtU@@EsQBvekmLVta_>-V&+$W^*^!8R%$c7bX( z!Zeas5PFVlvF4(o)m-SCBa0H09rcm{Hzt?8Mlfo>4mgvby3V7dbwMzS`~E!McjA=# z;!bXw`Q(inr0>v+S9a82DCmaTV9vzF!bnsB)4}k)Sq~GG_=jUxy18ItZ~~#k+NSCn zjq*rV5p~-pqg8j@s<_#u&4`i=_RLgDNTu}L#Se%~4S<4IGZ1x^Q3YS=x$jYXFe0kh zYm`{7eeWr-FDVMGHO6R))^oL7qsgMt@w%G<^C^UhVh^~}rOX7Q#WA1ew=t6BSCTXi zmpWXXXMOqWq&}%nd|3?yYDGo`5w>%0pozYGyMqbo1@YRB+vFzAT=s2EN)GK&E>YCh ziRTtooAcAFcE-$rz4x~eqc^sSqa#3}7e z0dKU=(1ZxKCNIa+&mzfX6+s22_!^txb4Cs=tJxwT-ji0268{I6$>yTeYLJ3ih-epv zwK=o}%pkQ4IkQVqE|l)^=ajl)D-%5zy$*2PWX_|iE~XI~D-S!T$$`_&qt-WkxCc3V zwm-dm3rOm$zN&=K^a##|qXBIHtNO2LcJQ6IlfnJ#?fU# z3FHJTqfdjwIuY+Q*e!}gX8o{tFzLrK5(8a>wVPr8euY5t{LOZ)_XLcsZvm4)QkOzE zPfikPh5e*8Pv*Co-@sK=y*Re9lR3V8Bo6t#{GFadbB+?Q+uM(4bvui1n?NtekHwpkG)#Kf!mQQShoZ!yfTkC_%pgY0w2hU$G8OTQ}m#i{)8NE$`q-*C{lo90bA! ztnxN)7g=-yo^GTU60^#5w3uG$uZ^d^(2#>MvgOM~Y1;{0*dyb^{W3yxG}w76*`;8{ z__aXttsjb|8lq@trkV)bmXW&4KMnHoDKl;z)sRC%J0<5Xh{pJbS3tWUP|zg@-bQ}} zJ{5ITFPL;w1JNj)jUX3&1PMcW=cR!&ywei@9+(OT3$<@)PWNa&4B7u@4Ydb)s z&3y0rU+;V#p{roKAS;^M?0W3@RsGik5u2acq8n?}JO{N&7uG76Y6~1$Qc&!56uFYD zU@am7&OM|*=-T3%eJ7h3w}Md)(a zu}H10UWyO=UJqrVhZrBiT!LSEhvZy~Q%d zK!#0Wh3fk9?s&xwZhB84Zn1rQ!_;j|%lPC82Yd}8zC2?wq{<&W$6sVd$beXx-CEXS zfF2IHUGVBLw4q_4wqvSC>z|Qw;f}&QZ#uWGNsZXIL4x%k#@2w+$G{u z=Oj}nc$m^THRyZXA2d9B9;})s$Ofw8DOD9ztR3=hQ5T8KgL0&4UD5rBl$^S1ua+e3 z;W=ORehddbCBi-JgOv6j2is(mB@nWdho6X5H@rH{S|s$6E+QG>8_zr{CeN(c>j+<5 zoz!kI>|q8K5I>o?MYhzo1+)~}$k_L!8#@PPxbC;u#*jYV7I?{X(D9W4Q&Lw^x>DB} z$KXvZE6clX0SR)-IoT_<{ zPjZL!N6~%a=VsC(Cz7^MPt+}znhQdESSHuO4Bk;}(&5#!u^7&BaRAO0)fd+46>X2q zi&;;YjaqJ_wzF*Yt-dbLowif_Dcw@!XX2&{pimA>B|OLil~}2Xo8Kre3T;!e3D)i@3vSBw>+cfGmu`oAA)Cdn+YHAQ9AZRLo3|5XkiXr>Wft@i5?MZy)i!IN z^h(+}M!yfK1kY|9wTK<2bwe$p(KgzD&7SBT-|d?Ss2kltli!H%@)dsCdx)*@ zcvX|kzgeHK)Uc3fV_c!RCZm>)jQx2xSyiM$>7HDYPm`0Zk`Wvkq~@GSJ5vecMEeOS zzolXJB=KqQ>gPD_!@&BeBmUN{4wiW)9 zMep*c;15s~C)g;c105R%Lm*)o)@2m^7SQ>-AE92|n5}CC0U3M~rdFJoB75eLVcpsO z2(enWSLbKpO^?3HH=&2=9Qwbc89v99I(Ynrxji|H>3Th1p0A%8E*~!|U)lDX9Sse| z_deG_{E%|lO+JmzpC6A86Q@05EuGoE{paUn74o(M;q+yg*?tp4ewjMQ*FD~0X3sht zsn76+@H06&Pfg<6v}6&56OW`Cj~^|&9p&9ChvnM@^tbOzZsRw8$LEMHQ+}V$ibEKI z*MTivj%G_?vWYQA@23-|Z@FJjGkza`RvMVHvG8wBFCVT6Ubi{{N6Uw6!q2Q> zL&J7YOh2uBZ1`0&b>pLKZ({61}2d_Uf3%#UEe@~|*HFIKqbD)Bu2 z@R3<}l-VG8DBMF-Vb)>`l+Mb z4B&Vof%jmUm{gsrzca(1L_Fa$)Ba|7ARP^lhi}ux z+o2B>Q>i$TH}DX&CjI0^?nifKUBzYRPmKHe=q``L8=kOeRxzg!Ni9b;wGvG*NIy0E zr&=$wEY(DLd4P%6UYf9CG2d}||&n)ub`4HFAu7oW0uX8s@L=v`XyHd%f^^3 zv?AuHc?0_%%380J(v3k;aEx5@A9*P(@=(fz`64+Ix|fnWcDl?eDAwM~ajk&(Ywh3x z9%|Sruc85Up|WHYpj|x6*kv01qh{MOu~bW|8LIM_QLHAtUXC5sFusL(6zqmDeNV*T z5~5r+<9)$!|4^LZ?=6Z#>(CY7f8UeKch}`9%I}aSOvpifV*>LW90;E;A^Y^&$*{Yj0Kd<U6V+tz zem}P4ig#kae`8EbYXBrpya>ntV@(K)aaIs7U?BVu;af_nbvEWSQ7z{81tuy6Yf~$- z6|crH_#gJ__*ZZYbYN9acoh(A;TiGohMvv)@@O4gApMR&4g#8M_{joj;6Fk8+vylB zd#j^NgDgacP5ayRr*tkTsd`jb$|3aAF*5||%>veqP(kN$0wtuR^!F0#QiKW5+v;oW z-Z3-&U@4y)p0&`T*&Bis8x#%hP(eOhFl_>H@H0}hw5sp$wf1arlO@B)cSk}Xf>}*F zX}TY~`pmtZr|Ne6sc8 z(sIX_03`r(Lh*YG1{y1er{t``fHX&(6&buiFNp9YD+wpRWL9m!SAy^REmf*K)UA-_ z_x`v0*E8t|dz^ERaBQEkMk7HWtig4T2bY?q6VD*!bp64-oK}W!fYm`Ct_qn>rJ8n91*coR4<y={Kl%1nxrPy$^z&@ab&;+*SL(8oMZRRlC~5mcwGPFc=F zO-IH{pkMeiL?j=zl%6WsRx>XwXk9@%} z4GlPDE~9c4z7&J?x^5mA{%z2G(o%KcRyeu)#E`-LJojoKWj;*9SIS%O3RS z@kBIfDlCdi*32gB>zf~yCok4kn=!k4x2a0h#tzEL%0NONqP_T4zlppj0c$Orc{GT$ znf*V;-YLkFxNQ<`+qP|6)7{gyZQIr~r)~4!wr$(CZ5wCKo`|#i#(uH;MLZXEQ58`a z6&0Dkd@|F3I&4)TW#t$)?g)E@7e{O(AH97-Uc@J9L(X6$$uebZ#*ow1(iXO1vDsFe z>b(gS%T~g_XtNV5{)i~)BnZefOf|FAvrVXcL>%-8@;Xy$G>KV0QvflG1udSoUBc1^ zRyH02Dk+cqKtW?_WT5zWp5HBSn1`wjXms5v-<(UTkypvqmM~*k0yr634LZ+nnE@P< zdv}ZvP)^+p140Au*I=MYT<9d7=|NuT)m{?wH-YxfRBAAsA5n0IYTHZgqZBFrA(ioN z=zsRyzpaj?S>|*%g@u=n`fXb)d$eiu(LCid}g^ria<-!GZ6 z2D+$;H(%8(y5=Q@=0$HIvkozV_eOZ?;Vh^i6E(mlVk|x3ZC)_5-XO(Yze7&lu`a}e zu3+>5xLaE5Hn693#hdX^WUK{cdlO^&)t#3EQTatS;bGkgY^XA2MieYrvzHAX1R`Cf z;7~ToM+KIGa#+Z)94*+9SFvDO<=II1c_p>fX2D$s)##UZNpgh7*Kz1-;&~MdXxZ~s z_4CET33D&!lJnBc1HQ|~xA{>(${|)M4*}@QV-5F>z(_!2_Q``2tU<#YUZO^Xo#hC> zUs8)Oc&Y`eA-lLAo2>Q1#~7o$r&P7PY}Bl-LJHUKEVi3%^oY&BXMf6pw77K59k>5A z;zr=`owK)Xn}vpgxkX0Flxc*oYDPSFLeZJ6)8$`~0azT%`p!fWt$S4rD`p*{;wpV# z;K58JHrAW>!(2KH_5qBv>C{v&jqDJ^k<$a3 zGWYmst4y(Pe=_SH@K&bKssrj+_;8thcmUR`qK^C*a%t3j#V>zpc4LH<^lEVZkYfZ z@&@Y>^8s-q&J=c~HLOl5_A%yuuk!xoS8r5 z3Vf=WKbID_=JY&5t)gHi`{AfSNUf zs?iU4`R|}qvY9UyifEZEamK1e23d1neCc?;f>&^RtZ|5>%-BTc2^Bh}gV>jgE;t@l zd0umcf}1%)z$Ize4?P_p0FA%tN=~;(iFui*oRGG}jf|CeNF5aqMMURn*pppSps|d< zw`uP4qLlLYXTr9ex<}o9k@UT>$m&75^+@)2^!+g(PA6*qvmxwramUXKXX%ZHFBHMd zTW$0#=2p2S1w@#16c=VZ=)`C^cqw$nVTmu~!g+ST#gy-f>rl+D5pDQ6vF>o9$QqGa zlK7FL`XKvO{YI_7f&6_pYkKF~)pNuYh`2L(VgS3*8h~8jw}9HB5?&C6tppiK%9@#ynL)DR(DS>C%x@5<5Z zsmf}|5c=n*tLyM&T&b6SM0BT|9P%Z~|Dl%@g3xkea;-+CsiT~w z>l@KAG~E5aAn@EA|1AQ~!o0d6;>Isl37g-o25|+iE=3fh#kaE!^ zr$KaUo{}(JUq3=&I@?;7)S3*lRMwV=2w~1X&JKqAk8i;La%FofUBxOaUu+*b_a+Tm zGyQ`nW^mI!Pd-woHt3lIeBaDPUZQgv6DA$(D$^@}6{ESsl-$H-eoXCH$MV_Qojr6i z8!Ujb?Q3I&F062UT08IL?(`6^XRT4=o7b{0*x6-f6mjy4Bm8bB5AU%$2oP!h*mQvY&O>h%4&d;T6E7SAdiJmRw^HljZW z1TDi4HiH49UrOW_=%+U8<37L;gZizM>atr&j7~Lseug*SazT|~mA*Lch;;;9vl5<)B%yeg{Rlw1NW^b3FWhKFFt)QztAj- zhuxW?j=q3Ej*q-#j`_a+na-4=COvR^Xp&K%Cim=N{@8PhJCtQJGtWX-@bt^nL(YqU z19p#;b*9;I2mWzZG*-QgnWMK1%P1q9sAMJ{S)`Eguq@S^Dda&PusRP^pTGHzoT1`j zGbEcS=3UreI3#_JV8pDkV*!oPFU^#x(2*0OS`>SE%5JM5yXz?{!)FD%gQOf{Gfz;! z>U+N>_J3a>6%KpcF(t$oh|mnC?U0E|=t~C#+kLS9yNYIf+(UQLmaYah^q0xv{_8*xg3pPfWFW{E}tkW?Zt>9lJ9(A zwk7&}U@cX*JXvNAMHDW+am#+a1kxt|Wno%iqcc(=-9-eZP+ppBk!U|68cwDdUjO1G_KO;(|jDVtnfO<1InT)g9MvO{Poz$0bXC150Y1ur?_xg(!^!?4o$Uu zGLI2;nB+aw!$-u#WMdZ|U-{cj;hD+%xayl?eO&L2x11FKZA!E&XXzNab`b%n6F zrfL_>)O|ja7;7>OfJVKVq#UR53)~<1F@3~Hr?fPDc!PujfzwBP&%aVh=Hj>nDIEm6D)*L4F zeM?+VkIG5L3?_=vn7EiSiaS0&*IVsy8DPuA2)pwTvd^nP`Lr`Yo|@M01GJAea>}Rp z*_!cIJR#eq$#dl!aGxHzj=ELAyh)>QUW4^$D5EHcj(BsE4mB(f4JmCufy#BstOWK5 zl_E)zKJLFd*If2pVK$OAv~g<-w*KJ|i(tHTw6UgdOp7FG9lcM6X!!2(_Tz0gy3#NV z{>rv7$0T8?g1AI7XWI5XsCAheB3hmPRhmu0U0WS;wKAJHgcJzpY2iAnhx7!Vo@q15 zI_>;13B17OPqkU;AIMX5?`BDC0A2Na6*1(2YA!pqWHY{Nl+R-MAs9#@gsj61yB!A0gp!0BcGGXZib2EdtlLqhZ zux+1pyB;H&q5wH{{m4Cy>h}|^K^c)9=T*U*4jZc9sXWEyE_gGg+EJw5%{6nsu?u~c z17LmUxu}v>@;{((G2ba%71D-(7CFUzD8xU*67Zh=ypTxBZGNdzWKOf%7yC-)*`*NP zJMl$mOKxzLUl$+RLO7?z8nhs5s{25;iN0jrkW-Fa&XSQz8Qfxd%vwvHVySk|H{!|` z>2_5FCq8oll6cO#D$ITs>3hx`63{K@+^4~9`K#&{h33;2EJ*BH@zYE`Wh?f^zIa0) zhjV9RGLJ0DRkT9gj4iv}sx`hMHRTo%PSzLm?e4C$KxIw&3V9S8t3X3^^}ooK=D(+y zDx#1p=FiVBnVRgj%OtuTJ{a%aj`II^(7?g;-&;0hVdnggFu^V@=~z5=r0$uTQ)e=~ z9>RGmvbcc14r>;MAxL5A+u1rOg~30Jh8+`bYqst)y+8vdAC?_@JL;+g9Ev}0p>O_` zCWBh$jakPtVT_PcQ4#JBzdApUdW&!0-tTUo2cfbBzFlwsU(A3us9^OEGboBmofl?w zcN63w`d{-qar3>;qy`ys@bB)t;^`|dPm|aT3!TYWD?KLoL;~FC{*WT*Db@1)`l-;Tg+zx<5cskDlve(dS_eEWPFd%d6Cexbf9y%ITg)(N>y z!QC~pO36!ks#;aa-Y?`eB7qKDo45ufyFH9@cGV6B<#MH0@t39;O^oJ8Ro;(+MEh*8 zY+t@2x#5dpD<)V?P#%BHdm%Ql@XS0g_H=$cZG=1KyW-*KNOUsT5p|Yvf0{DxB0%W$ z=h7h9fmi3Dv2^L?#I6KhbfRHKyqw(o`COyvfDfCkbm(cwV^IoJ7}7x)53pLN2D_8< z@iH>3tEL+dz6q((mC{*I#vpB@NeAqqHz|!_OIkz(Gh2XVO_&~?@g&|>hYBS#A%vWq z(&T-k=Q$t-=~x(=giyuY!ch}dp$rMINW!+m&Bpr#QxYOaf<+Lfdqa6aX!l}a3$RIK z4yWvLN@l)KqkN1eiLq3OW0eDonD)&^Iaa2T8lDNA{w*T~l&NP0)jeNuXOTcZ~6D3wvTlc&-}?CL+#c;vtqFu0!*OvToR)`FtGpMm#ygMhJy5W`W&7;&Gl4632{j)~MUJnX6?|Q>*4-A?OX#vvL^GOG(ay z2`Frp5gzfb_K;K3(u4B&jiE+jFRizqkT9$kXMCe#iKNAlh~tHmVfAIPLg zzLrokB(>&Mvk0TUtr?8RxawpStR5~6dyE5nLzge8AP?Ch5Wu+K#y-IUUX- zhTSdh3KJsSAB>81tz<0AfNNLSNs!_YC3`Yt$wd+<)8?@)AQ#1_BPCAt&v#=RyZURq zU4o}P48jFDlS+3LMqIH%$P_8XFa@VJ50A_Uj{IN_=>a3p4#;~1tKK}St@aH=I%d>V zb79qB9m$M)f&1hdtL zV84)tGULU`>|>cjat;)CJcKT8<~s>(VdZrEHh36XUExMbcj&#kJDbZLM+)cFBAwMF ztZk!ljJTV4ef7a1U>FCo^xptH7T7YYp8kvTrC$1UYBKA{qB_{XnxLN0(PCB-$>o~S z`wWIiyt3FhN$jP!A_hVn8D&{440Ui7y{GYZW?H;?eYfy~Ug$5I7{{*r*SezU9kTo! zvz8A-AG`HA_3B2e+$?Ls&3TAvUz9|XmbkdxX<6Ft1+ytTmov)0Ws3w&iC)kq?osrc zJS!K|2HhaLb;)?-Qm|G}MluBs9iuq)+ZDr5% zD^9eN>{}!JQD)3@?SkF9hb>?yW+%L}115H2pK#6|xZDZs# zR*D;ImMsoL8w|F0YaFC=$LhxiZAlQx9T(deh5!a`_uF|Q9vSDHWuNWlV6~wu1Lf;& z6^ke`HAT`#j|VuiP&eD@UAYSyk0}xn_uB4!R$&jE?X4Nhr}>BUn2KmvRKZL9&jZ#uyRQ3}1@x`i7ZERG3B4bqVs-FqWdw$|x)o<|tQ7Tx5IE|GJKjlDi#n=&KeHwL z%<2Nx2G=(b3ncC+>)FfzS9Y0xz;c2xgH)H zh#mZtH*S^Zl=au@i=%Du>hWlEtI%q@^TnUa+RV%-5on<@g=7F6FsKH~#Lx)EXce9# zXw83%+iyx8yd*p~F1bJ|{hpbw(D3;D*LrVZ@?YQ>=Kmg!VgJwNg{CBJYi(w@fSoVe zPn|T{wR+Qm(E$U@<*q`oekyN?h9br>qOG5>u~g@MHrshR-Kc}e%L4g&vPGgR{BeCU zHf9Qh!c^QQRfAQ`GcM{4?GT=p5lGiAA<*}|SQKtZ{84O(-BF%;PSLp0ixGXRYQJ2b zdL?B`?IEl%P$y&MYR@jal@;&%&K&)*mOfGbN7mZ&mY2azQeA#>scnRN;pM6o*XXVG zo|UT~|9xH1AcmjEy~34u!(xZOL8BBbz!1?U@Ee1@Ud@UtExA3uJ#U4~*cIlqt}g_= z^I(Zl0#cYH?WuE8FF>_%%%i7nCx5MHoFY`O2M)t>d{qg}=|LEZFv7TDI9mCw%yqu{ z0|;>J#56h3s+}FFJStBSaA}tHj%#@j?xOD!Sqb?G{MxUUV_ z%hKjN`C`EZZ`e7}(tCQ*+8#Ie*a)tteuq(n^fFsUS_sFz)Qexy&#;JUqI~GS;4uoo z1I2t}+49;cvmeRk+$R^WA#|j*pWlbPjz9=gex+L^mpFcYz`uraYQ zidovYm^u+LirE;tn2MSj+nbm&{(pB6ad2_`M}*xKpQg*^va3h0O%^^YmH`G(km+*> zYZfsV-t~ZO>u8dRR56AWg=s_rol=LpWPI{!{gGFE_OfL5pqzDw9cqhZ0#EZov7KCl z%9!La`%V`or~%Xf6RjHz zX>IrY?riOaWWr!=8S?3shG6;_J>KmP*g%{YpYzuKCE!(%F4i#Z5eScPgVp;H=`!2F zm+(^78^bRBXLyabC(7{c0E;4Lr^DNg;eI5Ma(DB^(0T(FzqtO(HJ~KuV0L@RnA86) z>I@H0FvRfR*)3#ErtXe9hjAL*Nj4|L^tR9FV$fB<19Ph$7gI+ouO*&9pkd}8g2#D4 zka#S;V8jtnPhQT5ik`zhC2K6h_r8|+N{=Df9mb%IDF&_k^5og2Ejx z6J7;It9)wpC;z8>|J%vlr}paaAr+MxW>j;FM;2-K@NRa7$?Ol(~c5&W1 zyz?+UomkvQFT9oP!0B#P&XkoJ#sW;HJ&{f^5u7c>kpSlSi}3d zLolx_mp37{$i~okv`C&&;GcBw(MK=0>VO}CQ-2H&7!FPy|N7=1hAiA(veuQT9#}TM zni!y7Kk%3zu;*9<=tnA!lDk_fjOFJY?QeyF9`Ms1TvA8KSs%{jD0f5bN2cT92BLFu zCX}h(X7tSgvrny@D~jxn68-cQ%+{YtcL?$X3#oQPv{=h1|VH5 zIU|NjMVzAlF-JfDT9eDG{iElp{;%`11N*&_hFiWIEc=xV4*nD0ykf|@z75UK^QtR? zchTECa3fqjWQSggcz0wf^A#`kdD);faCl}INN4X%=SO$ORzMS zXQy}3oeyGmrFLZ(A92)O2E}t<;hoj;k^Qjx6E%yLVJ84#Ad@Bz9ouR+dAYeca7507 ziokq!PsIJ@dE1w2fqKaU@r7_2=Bn<}V}ip@Pjtzvae2b^tMev0tyoQJQ6do`2i>+w6JL@-C~Oqy}VSa3j~s2h@b zDX0P|AjT&K0&AF!&~*VX8-XH&^E#tt7C3ca5AMExG5w}vyJq`pKu-)0N2#qt5}9A1 z(A#rI;FOWxKcEX(fgVUTqEg65V%&_pu4ss?B$K?1o8H>Kk1qEY$oD_vS_7~A=hm%s z3sRV1J7K-(-jV-E_Un!j0v!}e0tpQfdIHQi(o|CubyfUdI&3(Ch+;*94`GT1CjO?` zgpD3@yt)lifWxL;Yn<<0-DZ1nmL?s%y|2eXfYuOtf(@`4hRstHChTCBgOGc9PC_s@`Hkq5j|*% zOquNWwV7vKZ&`+vhtQFT=TfxmNXi;3_-8nqQ9(SEAVC$!awithX%5--j8IR8w5*aJa%FKiT55^Bik zNt6!+Ys%=>Ts3E%*-U=Xru{BQx`W#d?u_^V+vNBgBK+zSAA%qw1c;7~xmcRE?`wnE zN}oq@9e@8>9C`6fmF>idpO_RN`3I}*Ggvy@0=xM5f~i(IT<_bA$8f~qmLVl#c@BnV zX;R-g3<|ouf%kl9&W@v?_CwoPWK5zYZjDtl#}fO@5;uMZZ^8|_ z2!nf>weQxA21lm&i`)64SjUe_Wd2R5+>|AiU?ypp%YQ_{Y{N*rOqR|ByEuyxKHu1l zn-S94M_g@Od}-1VjEa4cTo?BaB(@@PEM~%*0y|z=vsCjhXNOp@P;Y;6;UB*)(u~wd z?S~NlqqzZcM+;&q)9leql(t|>YlP-nmqDV#)(%1!r|HR;ncT+kL;|*g&6slZ!~zngmrFyo_vP?P@Z6#${Zy>hs2^9Gk2MLm+-LN2B-;q2OE~wH_vX_QfQgU;?923KwHEC!5x&+Mb-S;@O z{u+5D?S9Cn=uoX`S^-Q13sJGH)E&Uu$`zghy&2**uI>(jXw{JYtVq9Mak>&?5eGd}# z4$pKRFTD)xxrCAzUdeNRdI<zvp*t+&9%N(ch8V)&SKU$8*vt(nn-I!dE$J6mJ z68}f%PX@P5-lo^mH@w@>Y;V{3rkDw%LdSpH*+0njLcODXJx!q#BsoOi@#Ip_W?%n^ zbK1UMGT+R)P_XiAsMrAGbe%nECRGUdn%up(JxAqsxgCqn%oBpD)5L%Vh;)OAOc{Ch zswLp4*DBQ3PuROdWTE8D!(TX-?EY+i+z6gvZh`SRDbNWZdSyOkCYiGe%su7mCUa7U zPxEOH)FaeFr4HmH`}dJF_#xi7yl1oIEFxY!DSp?z?6}|NU<_Rr&3#18RPtp;k0tB7 zeZyb1P(8)JVMoav`{SesDh-^^@$f@{dY!)>;BtO#S7jn#ynBO$44y7)7@Y+3%J2l~ z;VMO`^saj@gv2K}-`Qb{Sv|)X;@>F{Stz4*^zsuxsd$nta$52-?$w3Lc4B$k>SA78 zC}sP)qDiK}<%b6>n2Ym-?F{9G*Dl-y^f(+%=*{1h`k1_MgGR6m0o<{AG!^OejyrbD zga{&rW>hR<*X!#iXLi6K*sy_JPsQ>W9Kg>rd~e+Yfc^I>@t|lr?^GU5T)sDHzw49c<_F3AG&QZy)HGl@z*hlf_2i-t7E3<+tmzf{)kXBF1uuRL3F~JIAfRG5XeEz659zY5T`e^PRmFA zxG)NfA|VqYI+MgO*TCQ0xm;M_p{>J;R5aDa7dqKd?AX;Rgb*h!Tf)Ox&)Yj>PD zZ~x03`lujLF~OB4lf;%~jX$ZocX>bO(xm1yjWEMv6a7NkzP0?mM75eKnifO4T<1@Q z-r-njPEF`-J`@OJQHfZ_(}vw;<^5`RtsdrIbD!y>?2CYf9M=T4@0=c6>l)+Z7I)RR zt-CSJawa@S7oxYik3Sdp=~g<5M<3q3?jY7(^Y4ZxY|W}A;3-e&#Fcc^m5J^m8h!bH zwnifFlnz@3v6=qrs<(LC(Q$L9@-of$xv|k=nkjiXyBpFOe(AAPuNLg3_7sgB&8}K> zXI6D0yp#87I2%+Xm&>sIv8YZw*3=;*e(Nt~T?#uijUk+ipyfWzw-UZZ@YO#q{7Nf2Lru_puP5khA|^kR0rmRK^Xtt^oX6b)87imw!-`yY zlDTtMh1U8ca|KZ4C);6j!BSHv!APi`ACBxTW%nnPSCkqeb$+bGH^zIfz8%>MjKZrSqo;rwdX0vX3G8MI(o{@KKu?G%4k zh)Z6TG_gx$SPU5?tzR{lCk+B`Yi(&@V3J;*2>l2|AL2DgwQNZY<(b%ro@WE)(<&9q`myCfw%uh#hnSD1*=wLVEM4M>&pJJ&at1ukNZ>$k^?pL?A zo6L0|n^QagD;7Tbf_&I6JIl%mI_f%`f^$asB*zu(Q%(B_n}0_8^b9;`3Jb{3hZx^BbDY-_~6X^aCi&B~kU_G+Aw3gVLTtnoF(n}AKRap+9Riu6-Pwf%|8o&JbO zCmGPxUnToG;;H2%Xim{ZbO_IoW6u)9y-C4(bIFAJJFc=%>b-NCu{E&zuhH?U_bfs* z5~1mV%}br;@CrR1z%wyd5iN62J*Ok`U^3&HGN3+42)jtBnFg+sF$vmbp@rpFwx4M1 zLUM;5$Wh-@!8=|zKc@Z1FTXR%>b2Bw;NEm?fe^cp&nVD+`ulxyM}#>^sFgiN&xlq{ z=7;`yOLnmpCzKKe^Q-E}Dne{I;ad5ybh3Q;vN?V~rCs9c9@x(e#MIb4%+y>p=U=8s zNd#Z7-P3Zl#g=I!;CxX-YDZi!A*yZ3UTOstD%><1cYz!@s!e$_CF9{iVKvS7z=HM{ zSGGHA-S)Xl@)tQTY;$vXW8`TrmFe|wlYsdCCH1qv!d#fQ=0yfnS;fm&I%b}kENF3K ziU2Hp%3C4nztQcgyz(HX8v*id7;hpz6#AWR*2Mxn2`*(2(og75-P6qLqrL;DDV7fX z@HZqND+{DUYy9a~k!>b4E9ovJlk{`YarChl+{=|de*n@F^^DxhP0olFHWo^&xs{&`{rmIZrQL#YCPi6jz-C!&Znxu|=#ge8U)&Alm5LE9 zffR*P>)Ym;_f5}J@#m(C+A?#Ye*D~PdztLT(i_-7v>q|i>28Rs)R_8RWlFtx&b5xKaSvymG@sQV=VyhYm~Ua@*sAFJ{+rr8A<3xPle zr(1C$q$)_if2qFIHl+Mm-0G6~DJen6w6fhry6I4+TTFw0OJxPJE9_&NUs&&aV%TW35Zz2Oc!j_=SI!n_^^tq?8L+A)+%Q>zI3v zpXoqMj!blET{P2|~21kH9k^#1Cq0A$^$X2w5_8ha0&(p1*8E-_<8tp$xp)?qQ0|G4b&6lJtAO04 z7O;Nep<|rMi0NtApdx?ygf|&GsqTxoy0~j0I$JA)oXfn?61Wdxd;(g2ggaP7q0n<7C+oZp((~Tt&x<*t#o+H-q^zl*>=cf#i_r$RIB%?!|XHg<;-|Gx=MB zn*3}Pz&+Bgf<}6?l0@S@m_|APr~>y6lj$am;ZLuMErafczN9|G93d*IOB-0mD?s)J z{|dT^k`BVm*Kq(tfn>`Xpu)7Tv~;FQO)e(+#G{(6fWkGNj0&y(SDs8L`_(`-JHP0( z<=j@a38b=3jNQUR!}s06v%E$k`w#MFq0ogN*dn}p_0Hw4#a4xpR0L19uxgW{OtKw! zj?V94nDdMx8_-RR$&Pg;rHc9a0Jx@2pJ&vTf#*62)?|7&HuK4sP4AnvhL>$`dHad# zy^yaD%x6L%i{>LBKX`^;ljW7VXX+kh>tyMAd*fYR=y|r~5%HZHkEsm!{Oimu_B(c_ z0UWzrQM_A8(&Wx_W~sDap~ZU3M6H~tb1AGR(_6^MpSs-$$=YN$Ik_DItXqPu{JOfS zAg{JUsyY*9E1xV&e&b7Fyicm-aXq8CzuHt0ZG<5B#KSB_iGs{q|NST2Mie%%jPs^( z4d8>1#ueT`1R3LL-|J6c^!rU2Im%*l>QAnigg8b`o zM@#UimQ05>?V_JMM#FWIw(Z(1;g*{K2&E8q0dcWbEL+iowIluLLj726S73a0G5g3) z5*9>;_%x_XqK^!4PP zO_+n3BR6cuK9+9aNt_FC;mPDKT8PZQgU{T!Y2NIv^>9J{0$|L?3nb1sb#SIS@sKiO z?$Zc1)m7GvWx@(r95g}=(m*GFS?C^B5D|O42m8ZO;kP0!{QfCPi_yegSi-}OEgGYR zD2vT*bgmo-h2iNlu4^u#pAHaz5lhTGIO{^>{<4yJk^OsS({1FRm>3c_J?g2%~bYG^B0f-&>w2n(p3*qRl5c{hQ{<>^$6z2ESN z>@t`RQftI1|EYo^fx=Z{7F@Hddc=hFz^enGZocdBCC&4~fZPHv6p)!M5aWx!&ozg&h2`4waV@ zf)<>v+GEkUbZ%^fY^aa%imIwkzSss_@3hho$@tI>j*494cNGNI?-4O{l>!Zx_@E-y; zQ1+e`CYBlv%Q@8P)(wL~?^Q z*b2Mqdo~)`#g;=LslrnM-T>q8Fcbt<#}ASXc+rUI{q{QTlIv&=-U9mQnso=`g&ARn zA7&2lM7tD+I420G)N=%FhRw;-hg4?}zWIYQ=(&m@bV2n+x2_zZ-BK8~E%jooSi91B3DHNF6(091Q!`gK!-$SVK1 zM!OwTWhq;ttMzrGZByaRET4929k^m#m-*eGYkx=K*y|J%rEyNgjg9L+tsInOKG0jO?dLeryGydO21>_O+5WVh()6!eG&Y{8t*;|KcqF|1~l;CKjgu zlSanL%Ea}*uBl)7SbE^DxSn>g0s#jCNmK^;;#Ptpkud@N3fS#VM3Ia~X^KmbP(=By zg+i_ven=mGMb?a06MnE*h00sE#T8l5=@q`j=Ic0r_~zWeC9A_Lr_;msbZ<0Lr#um3 z4eN6<4JYBCm~i8JbHTV7**CeF&i#_*Jj1_12SpmZcnX)VsBN$A9{a>&i~!gQ%X9Vf zsATZeOufQ{+7npK&ERJ7rQ_Zr5+8NPz1-pE?ec(IW_S2Tt4wYPV-$Q%_I}Ys+Q0ct z^>_#XUHAxckJSYo@q>~cAhuATXcC0*U|D@3v>^o)@s*5sUyPi+!lja801cFGT>j4vTq z6c5Kpj8H}WdplLSE$M&Er#r^G>fHBN5%^4jXu9>062t#x?srs6{e|7$TWUWETkU@| zHLgY7_AFsqr+_1ozw2sK0M>@KL6oulM>gIjC5zW6DB!K%cPM@xSmF z3G-5CwKe`kw?YyQA?^z*{IZI9hj=2pDtuYsoIg1uoM)W3AKS058T(ewNn{)+jQhzK z)@0VWTS4Ec@Q{sH$5Y}f^w6|avs3hwdaD>$I9eW;R~IONDHAC6(t2`JWmiG40$sc) z&rwl6*L$*j;+CyCPCJIp$hG2Mce~nJKdEqhDn6f471TDaI4f^!Kkk&P$Xwvh|0nNE zH0k^ZF7D{$GbCHLrTpi7_o#ezey@Zo4xGUM{2_7%zH#dO`=TU278v&-^bb4z09kXF z>w1L|6!;-<$KxCZMnQJM*8laC`3O8y0nKI0j6z2Tn23n*pqu!jqf-=M>%Y%hzY2Np zU60)X09OUtpI_Kv+7~gaT}uMxMnTOb3>*d%$sdSW0={|9{>EfH8C%U^xMMN$=mcA( z$tIcsFfN3h_#o-obx1X<*BS16nEKw)c$z#x&WnWcz<_Hma3~HF8Lf2_7e%;fSpxZ@ z82Nj8hUD?3{#_-9=(X~qi#kXPaI6hD zzAvZiqKUHu!c7=W);P!r5YJLEyWK)Y2_R&Nq5@q!JJ#kX0x2?tXn6d6<%WT9v5KZT zf%pb3=kl>0U5!@%m1;-~41zQptWHa_dqD}WFwXQ_*u~gCD2-{y&@#He!C|=u z@=QJOfsQ>FR47rIATxE%!YWwj7R(SbP_xFbirMb6Ch{M_lrV4HJ5=%htibu(gG>{H zFp6-|09s*u>5CME%x8o0-=xnlI@(gIs#Y|GWo*Q?FGK^wn}fSQrK-e<4-UWN8)c$~ zgESFWu&bT4L_9fIMjNuXg6iytvfslba@&gBZ^2I+e(g5*+7+aynt^5>OCN{S{0%0O zX2{69w;NeTx;V8!aCchJ=Fib!OdSR0_$DK2aF4%;{RU(}eXE}<3-rxyx8M4h7AsDScv)&eQkWf$8;jAw}$F<_ zcR!eY)!?bzYMD5$Z0^>I@7Q6U=jzd*R@Td!>uULw%s7g6-@erqpEFzwU1|$KClG*q z3wX~j#Ne$kAcsck&@U)OBWnE<(`F{WAtP?wBZ#&b!Z*gyBZDdFO%Z#meDxjN#BCl4 z*`!iqb=w{Lq{q2&Sl+_Rx82zBux?4O>}yhf;^0hC%PlBS*kFCriQzF17NrT2(|f7S zhD1QM8nq(ofAI8jDF-78^E2aKN^7%xSTG%FOvZ{I<{1j?P1%W`qML4st>`XkLIw5( zT8bKu0PQ?oOSj$skB$=T4s6XCOyh2Jw7H7=hi7#TyAXYt*kcjW0f&ewhedE z*6fccKjA-7IF~0z#@^QfOvHO4EiYrPvSSgCeWE)Dc-B|zv2&S3=PNtrc9QQ)xDv!q zQW=COwDud=wy`mP7bm0`t;jI*NJ_*#4%p*tRECyIsc-Ug(5*N{+t`^WxOf{Kbwl!%%@b;hsZ!wOdfLX+-YWyDDcj$wal(NkA#KU^DoD^Q}FS|7PZ9}&k6LJ z!CJKCD#-1!f^y`E&LnG9ZjfcG>)e`0jMvoqYr-p)5>zVxBLbpJv`R&NZ=i6?LV|P2FhAkVqnq+HGN&VI^XEu3v@AL8jjGPp3x?_*H zGhWtZ|AD>bIb1Q84o+U|o98w)?OrWXST&EwrYb{zcWIlIC)9^nKO=|F=kRXC=;8B% z=D*~%)R;NjbEWE;DU){e7p5I%TJBj^c6y!uZhN6>(zAyx%RG+JYlOz%n%WCYJlB#% zgB>z|y+AAw z*mkZCEgVwHbO?e22hOAqh(@(BG#YA0!Dz6oG5I4CsAfps)L+jdGG}uZh*JxFyI}Ct zMEJz^ey|0I)uY{6J~*|=II}xUdP4Djrlz&E80!P8tIgzX-mkaJ?QB=F#oP^){YMFMuiXaCy6X4*&4wrkTY(IAy zr_r{Gw7UNjGJtsLc26KbyM=b%WBD`PkV!|}u&H1RdXvPdP1b%%w+Y?id%19$4YrQbiQ zjH2t?FDrq17*p#zL|fmy-uZ4GCGACc0d;$pHYlMz^DP=V($mumwM`^q(A6kMCJH3o z`F|LDr|8atZ)-G8C+WCj+s-exZQHhOcFc}#+qP}nwsUhH?zrdN??2A?p7%rTUA1cN zRkh}tvzI4nwV zMuMv3L|&jq#wp;+%fLh#@d!?eRKNMf6v&%XTo!*RU%hL&4%U|pE`fh>xUK%#Bq41~ z+-EoS4n4j8;UQygba`#_S-^KUW@WDf-JcY$&^HKl@2$!wTdw!F!me)awC$zZWs3Qw z;@7_~^qxvxn18J3FR(!*`T6P^%^`c=FQYMEm25`Au4eU`F}fCR%Ey3tDkq%}GRkho zFs;H(nN&I*L2d6_0jOX)5Yk-dl%2hhAovJp%Y(=C7ku?j+1L}B3~ibmwCurc4cuGE z(k20glQ@AWdRM%>EPwRLM>0d^UO}yl?$Y-6qgT-EAfSt$ohdo9XaigYP8_;F-ZfD8eaYyFrAeGlXVh1D+EfjwR=iS_=60g0x4l%>0 zlduWQ18qPxb~=y*Bx&ESHeGtczI9pW^Tgi=nQegfq^szIv)XsFE6^gSf)?eRH`&Z& z?m}TjXaM2}>6R3ELthX|phAXZ+9esLVdhtTlLu?1_32T{`LI~KvuJxc)p{eL&aCz2 z=~v1d+Ae)D6u9rFp+DWdpdjq!RNp+l_9MdK2i${G+RGM_AlR|y4V8+0m^Oy9h?G`G zI=YmGGj52(!5IfDJ7>CvNdIc;(uW%L87oPPR(d_vGBfHpT}fnb;`+&)@SEj&I;hu# z!MN?HQL_+t$NawYaR5!J9jQgF5u}1O=Q%LdeqDC$M6tnyBC`ykS;ynNt%1Sg2##h2d%R$bA08mE+u4#MF|0 zM>n3V>QvTX75uK7+i}6L@$Fc%QM82ijcwPmn4bvH%71V(m)URn#4U%FLK!|?pd5NC zU3apH!hK@48J2~a#-Prrat0`?TysBDVMr=V1I&JmOE{es4r~|%>rfr_XbH?{91BN% z;Nwp2l_4VFQm|{z7f?Vs%IoHeEfpy?WscV^Di^CfYsmMuhb}<^AflG!AE8{c7#ds9 zoNXFcC+sz{%WpRJ<56xwbq?BDMFP-tWbk+L+#mK8yAg^JeY))WA!)Ot11{;EBc*aj z2G@m~5%WJ|2QPvqbO0wXn-+pC--9J)=Xs_l^8xbgS{cs3EfS>KjcXyNAo8=cqPko} z2isTpO)r61VXXIGb5I`-bArSXE0Tn&9}_ePl?vogj%wnsaxKK1$)kxzhksw`p%{|E z!U8rWA_VlmA{>p5}~k{m<`RC=q5RORlx z1jT(cBlE#EITFrURZp&!|0c`4vK7@to{mpWEJ{bZ7}aMAvRmpT{rd5XtwT7xYoX07 z`OE6{(NtQVwuX8{o1V_O!JU-oV73j3TNx9@0vFBKzshNno(9+8Kty3UqI~%bUT@eq?#pRdNPANVau-+{<{_b*PIYv`dqa+v72C4LM7fo!xTxAnBB)|AS-v;? zwPs#<^ztuj!z2z*Lu|%bYBm}}FCFk>#qdW-|RvGum+5X?J-*J4n7{aH}rs& ze`m{73%$8~gxTiFh4MVd0%KTUq&Yv!Fp=+Apsai`(-gtI&K`?hm`Mt1%NOWYgq z7HYA?{pl2{&upPbM)nj{oODs_$#YrB%SyKmfkOVX@lVltG}H6ZCSj|L0U{-Osi>__ zT_0pNOua0(K?&k;meegzX{?*oNN5yZ;(%e$h?okA6w^98ab=%m;BWX?9vHgH@rEwD zQ`n?ORK+@4<$C?_c9AkWh{?bCvl(=NNYYe?qrjyK2Da3RTi3MbB-vZYM(F{M=$xU= z#bb!mTkJCOlIZrv2JABnB_$EA>O={iWb`!p&ql(ZJg73rNw;#+!;>!6irhj!i;Tt- zYhkk5(8ht|JimC!sASMsKd@t2Y&wK0-lc_TL@S_do%$xRlDQ#VjDIq6j^`48e>-di z+h!?`Hu2g=7Fm+=<(|bhui@wHWK8lYglE@6+`n2~hMK>fdg`+C-7_7~C9H#8<(mLS zEqaXel`oKF3W_`^nT1Erepf`TUhaGG3ea4V;-I=9%#>4Q_o~>OdczJQ-1ZWbg?SF$ zu*_%8a>KVW?~|*%xd-`zzvpz!PVRw`$M#W6LH+hT?)~NMhS4!F4D6S^4&+OdL>_)H zk{OwYr-3)x+iEC$FhQDThnQ(|bUt<>3P~BAs z7;;#S?^5C4Rvu9(BZ(qmWeU@A!RtC(5Lc5SzHdtI?L9(WjAGq(db*Hi-A>tqhr=c^ zM$9qi6I}#uh((aJl8PvaQM+eU4pD&7qlHd6%8+RAbQ~ZYBmZm1Dom|cHfk~1O%dsn zg3uhX(zVVT_ltcUR#CtTnOKFst2rix-+u_RMw};%c~l!=l!&M;0mT*yl}5>=kuETS zr1{kk5|J*4Z=$xfIy_|`Zd4%x1K)U;GdEGx&{_f+izJ6tCqYaF`2frkK-?lYji?wL z*z_PKIK5S1R!%=l_9EUByUqt9!Q7Tok-TzLC@eDTYaMH;HL6C6BVC4`Ph_UTUv6l8 zW2z-?8tWX2)0L*C+I{aBztF3#_Mtu|S?9PO;iB=&TP3e6DM$8BGdT8IHy#wRUQv5F zV=8S9s%xIJy|QZ)ORp6jZ``Gbb0btanPcfnp%~(|W^tc|Vb-dle0xm&a?8k&1}k!9 zvi7G0C3VyRTys*)BW*=dYo^E7%hEq{6F*5@gn8$0Yjd_$5VLqP@%P1f*`BAfTqHrk zIc7iCu2Ci%S|^nzWB=UPsX_pp9wYYjGckC@m~ghd1J3?pxt&0bm5cU7L68gEvcdnT z2#@srxn}}X`7+B}amG;hZ<8D0=OZuam$`nrVut!bdK$iowLuJV7SgAC?<`t>sdF?B zX94|+^mn0st5IE*gmYqflo{hAOAjz%D?j*yNOw7bzgDI|ev!FGz9O#0rf#l$ zIXPzCmUwE0UZH=Otn=i^s%8ku06u=L61SPT#JSTWEGjk~S8lu(KOcUfVl%^f1K(2aPll{rh5MST!dZ}0sAdV&4 zhfX7cRTHc-;cV3vsy4k7$yl7D#yWsh@OgZd=o}R57EiFhQpK<^1J6Gr-k0K)#QUPoH23Nya8n!2n+^@O5s;Pu_ zr2LregNdnS3C>6ey=5iRU!{rbi&$Hav_^6v7YpE-DD{hZiZiZyRs*JOgVcF8l|jZuNxy7{@9*geeYKLEHFjt*CI z+|u1-6uU0;dpq*7O~F;8?)M>;=z1$~q2idgBx+XjIH7yVwj+1^&>J^MTNj11IeEvd z51b-+cs@bAf?e;X=NkO?Wy!U@Ir)cm419^sXfrzMj3W&RT?`3_SkrD&Vg-EyAr77V z<+R=6w1};2qzdmwP>TE(cjhq8R|nKIC_FL(AU%{RK#3iMEquWZTlQrY+oh=cs|iel zv5LA==1L%cH5x6xliY==@3Z5-RJDImCuz1@oxLVVNIU=q@8hxUMZd`9wOuLvQDE(J zW2q`c7(u*N|60vW__cE^dhW58Y;=H>PegETv6`Tgt_@)d1d(eK>sW;cCO%bC-}AZv zk?}3rLQU{kjIJ(ZcDKUeGx)}STsI@=as%d`FAt$E@Q`v7O|(jiu{vB}4Q)QFIL89Z z^u=zj39-#jn?)zea`CT;YG-|jW{-tSxoC)J&IO|MhIl0i+>Q6v;lvrPE7$v1X3%?_ z_y`_xuE&gu89UH90oyq-H7+xVDQ%9sStjC?wJ2V|BY_#GKdL@2bq^a9Jz6j05`QN6 z$U!80uJ?`5?C%VBFpU@q1o%FOKTW8)m-HPG?nqNS&|5FmJ)A&~j4N4jH=Mtn;hqRd zULt$h4_5eRydZbV;GyJXfS&Ag2!Xrokk5qss@y?Ufqz$|@(&Q;9Z+r|^_bz?>Y@j)wCJXobs>{8OW@a~25!^L zRFR$7dEoFXxgrZ9T@(Is{nHA9X4)PQ z*O1I4=2@;{l7sYYr#Cv+#A>B1B(CW>O{ch~Shv}kI6=XHGd z*0yPJqfAbBMq1k%(pKjQd_AG?1o`ngIt2MqDg#zTn_ZD;F(=}rrT-h zt_gXr?s$fx`j%?DUg9lFKb3qy&cWBS@%mwpZhYgw`5>7uhTGBb&%3Ewn8L9+>_ZJ%># zJv7xZLLD<#aC2*(d3~568D4mOjPk!`{~5T|ez6v6g@DFH`uDIndvh;l`=*Ej#grGQXp386}Nm0+_(n!}^9R-1Y3O2P01Tqjt`O-(v^3tA!}5 z1v;*1lrN)vTQw`C(;S~azCn5xavL1acJ~n#9YW60NPT;$5hfh0AK;|r%Tk>lTf9a3 z4B-qscuQU1+W3fsD@GFCF@A#A0cj=$Xwj-xr1S?Mzzs@(HYiZo1?V-iLxVFE(Xbc7 z>5Et{-ru?P*f<}x8N|SHOSS}cS4f_H`qWWON@SvRE7mx*{C(~sQ)9kbB1S-!K7ee& z`T&xYrYba`#;yVzv=c)ZC_-sp8mXvIz=TJ4Caz%O*we93!eC&D{7^RA=Poi**hXx* zmXiiDo)uf36+vx#sv+dOU_nO7gfjtMMolQFX|bNCEdOM~N{e_6Vk&daeR8T{#7O=g(A1yT-=E!IC)Zz&Y55D0uA;_Ri$FmC=$|gI;akGWR1gC4z(` zYrpOue;MiwAX~8x^O1;RQK@9=$Wh$Kav7l9d&Lci4^T$xmqtSsLMB6nFypr;2}NgL@cbh``p%ap~~_Xr&oUAE@w>W}|O zpg@AbWE9LbjL0mPoibut1&s(56fD#$Z8mcsw=(n*L>&zs$!ka#Y=?D~uumr!F%o=^ znKKy8%=X9=#eG^Q(PhRZFZMdBaxm|!niYaSsTU=iTg;!QupP68Rl7$ny=@ir&n>M8 zWirPJK55z}jg0`|+;&-UGMG?GE4Vo2=XXni^aiIwDaleaYg6`|NytT>3T2-&q7QL) zPtfEWyZY2`7L2lg?tO*)994U#sYCUfr~;5T1Y@no*bkj$v_T2BNT)x*%3OS}d8Ncw zIrwyI<8j+HKAV;HpC|3}SSR##Z_<2)7==y_MWwm6OBFikopXPZEv%x`p6P z8lp7}VFPqw0*AcU$kCSjpbV1o6ywJ>&$DN4^_@1NX8Y#+K^Ysaws3pEnIp&0!W1;f zrOIl=0^ssDq)qxrrkAU3XF9-|no5mU43Zib!?`T@XAQ>IuMQkk&Ox1zwCG;hJ$ul4 zjLQ_a5AM_pBVO|yPzSqxLK}v;4l^{(ZwA;AWzC(v3S$4eX*}8DGlhmVGvmd4y;i_q^ph&)(CX_OC@Y z%}QVQFL4LcYmpQ{M#DW{8cLnv`a{ba9jK~}si{xB$-6fuopteZkKE@-nkVfM)wX;+ z1aZ$Fk-K?0K`KB?kSiH)8Kt=EZm!1B6|2GHTryv>?4kJvK02c>gJkLPHe#@#3io=~ z>7B(2YcoU^|AsYiwvAlsAt1+fP;IB>Pf&MWdFn64NLx5bD@%dKG!Sh&e=A@>Na7rX z9H-=d8|j5?>S`$T0oJ+L+8H`ScCnpXt52*vf1{wL&OK|`gM5-_k5pBe1D)BZGkP#= z2eMAUy&Z(gO|)A7y;KO72}Ys&0<|G~V5db2=ncw6E3m12d%*)v2#i`)-W8XXK6llG zd_Q}04x~ehik->QJ_uL%^FNY{*620Iv&dqGY(aAvXG=H9O8sj`x4fzyuM3u!KVy=V zT>vT5n&cIKQ@HnsbajiYS#QUUL=%6{jPLA^bedJn|d(;BJ&6;z7>>BkR37a3+y>zzI71PjyCYN(vCJ|%hhOl_1V}XNC@ytS!F`%kaY6;8MeRu z9;ge$4Zjr!57>jSg>`y@4(H3L^oel87bVAa`)iXuT=PmG4A=j8dg>Ssk5BQJnIY!} z7OKO&VzjJF1)>o#OSL z9cZyJuc!VP2p3`m#0W?Sf(`VBwnyJj#SfeBH$M0d>QE!}3{A#1%87As?J6vn63{+S zW?#EKFlNv@xS#m0hx`sA@>Yy38@zQ-=^sBtzm9I|5wCYZ+pru2ECKI}DA|X}j+t=% z%{j!)J%ax`>Ovr9k0{p8NSKezKV5UKt~*!=Ol9wU?s02X1R9;eB0Cc7bmdjwHqe>FFOl-a^V?VTaG}aMv)iXF zw+>f&)ELojw!5=9EZyy{d)CloolPhG6$m!!pHEXJK@`XCT`!`tk z4CQv1O~%qzNC{k8aWr0qH&@4&Z%5N~8^vd~?$^m8 z;KgBJ*1%{va3v%Z0_H>T&CUu;Czbs^vTP}@V@}bmDBth*TT}gw@p8!*^tRNAJ3(9gynZ=mv8q{SMC+9Q02MjT-X+6B#aY3E@x8GI1ObPzS*Hu1Y z$1}sfl1jqWf}D|Y?7fqIG!*ceQYtwz7p3m@^yzmkKe+OQC-(YVyiz>>Y3L9rX{z!T zSd`!e9+&qFL(vFC%7HqNBu<7jHl(Laj-|LI7#{Crw7a{wo$I(d>kS(cXzjN8=4}6Y zes7DiUmf{}_OGkK`lYwf+BLErjqBw&GviJ1IdXdevDJJz)3is{VTTO-qk_D5sArTe zPONvXB0#@G?>C@o=nrlAe@Uv+vwIy)+;qN_rbX8j)u>%vWNF+sju{mY^L-GF{c>0i zkkRoC0)gV^E2R-Q6ed$z6mhs3Z6 zsR5$a*SuR9o=t@Y>L_Z$u*q3(mulPrm@4!@Qf29`1X=TGaefIJqH#>9oMb;1rp(sk zY)rjMW61Rl!K(z?fzAY&IF@xzfQE-PjbtO}$ykwe3+o3}lSqQ{_F(y7=c%EFVs;%} zKFRY0t8*DVHE2pK<3b%i#u0q-V}J)kIX;}Rekbk?7R1XQh7E@1^TdQ5uLp|aA5`&j z<70)F=8UfE4bE@5O-v_>L|pJ&=^1fo71pm*86o6CdFw@wkq$ycy5s1Iliz_qz?YE_ZFf-&QQyB# zMLH!(P9eFQ#LLR2H+e^e1Je_Pb1n63fM%Z3HZ@N^edV+~hxl%2s%;btgeg4Q->8G# z{GY0ZdMb@K+q~=aZi`q(vKZ!DabS|m<(!s){*ZS?v0>jrstIf`&{+D^x)yb|n+c??h; zXbIaS{M@j@c^TqI!8SWr$25ahA-e!>YIuuFde#{Fd()dVJGXvt+uSA&00+KW(5yA; z!mjC2xwMr$)oT&OyL$)U9xq?Ls;#TOg-}DIAu!P2VMyuQa`-B1;-=DNNng=9;f zi=KecDzt!7S2PjVA+wa|Kv`KCT_qJG zMNKFoeN7BGa0)nN0w5_a8|>Tkkjby`sl?Jk|_PeVZnn;l4we1K0ga2G-?WIG`S z>m_24VzC=JT~$bGGwcyh*osD@ADxEp2r$0YSTJBXYQcHozrwS(Iu(Ate#d(Uxrxlp zmOp%PeNAKj#Y71awtJrenLYe$!YF&YY7bf|s1q?rrDAIT`xkf1!guiSo9}g(MlCI0 z6&>WYT%AOSO@W?CVFTV>?AhFlCg)Xg#NUBD!qgL=;;To>vp#6aT!W!f1@=i{>^JZl z5cZ*0sfNfua_tvXF}}9DLaZt4SKG*RSXUKMO|-O64Wgl> zrH2nf)I`XVlbbX+hE-oeJ*YF)gd2FjLN=-qshk5K)p|i6EVI&LXw7-r!pH=S-WL%D z@9W8kp1wfEr(Md$vzuznZKE7T#}b=X6Y4T`w^*It!OG=HP!5+4woXREujcA<=a2?8 z(dA`kL`A3vEc07MVpf)iWgiQ#Q)#&D2Y55Z6vk7hX>fh?a=srj_eBM$==>80NSSBI z3IE`?{~BhSIND#C=8jSHdl;XPFzH|EgEd4sC(_>##fYA<0-79uov5poI0PJ1Ay>1P zc0kYgSY8>KULYr2_zlXfUP>LLS+BqUo*dKkF&Q0g+URzAvCPL*mQAJf7@wMu7EgT{ z#<=oVh>}wsTP8L|5dnhmF;v%zn{@bBVti%1QM1?YyRK>!g~evjPT|Rcc<)1Am_0K+M4O zgrr9Uhlv2sT!>J=2z>hv=NDL}nW;S77QjY`;zo?i_V+7O>uI5$cjk1!I(ZjfAQ}M z!EYloXxsGTEo6Bk?}m=MM-963`CTkkuLS{VNl8gqR|K#4iOz&K)-a`g4Q2Idr$p;c z@?)mjdP_ou^G=&TG922(%d?ovWFndg5P||nlbbv>H%ScBRqGIt*CXysv+4D&UZ_5G ztfKzo8pLQ&cSqw&Ja+eS<>BD$ulb;(?(} zSGEkHm9ny5pZ-eZCMQ@ja^tW>+BDu(NLLtEM_)L23!&%x1XqHLfr5JO;6mE_LsJC0 zV9PKEL+A@fkNrvhoe<+0*->d0dza1_sEnDmeOi`lXEnjnjh9zFEdRQ!L#4D?)Ks+R z_vlw?0AoX2Vn&voDzl133oY1Eo$`vi5<+Q;Sr&xifwBJzgg7AxqvR{Pf?EIO#G0zu z>~}^@BXl(1Vg!IK6`}V#gDS$Vj@8g1EE%0Yk8r>l=Qx0Agrsk*cf3Gma5{%oJofr1 zVcCi|h}BEr6b2Us3$34}b6!(Z(;&_pxSQ`S)Y-H?FWsQsdPA)}%w0sN+5sZZsPYv7~IBQZdfo~<)zU18lIq@bV;8p$z>3o05! zs!hR_I+#;P1#9D~m0FXeS)V&?kj9H>t|x(JL7&m_Xs6t9rI1JysKrh1qCqmB7c?Su zqAkklIhb>lMSx+z&r}^zm5`&!<~KW9^qt&%ZoNhG1w4)Pzi@Dkbwa-GQ*D@A9s9Ha zmjk`Y3FAuo-&VWuJ}ido>cf7ay3%DGdbBpn^Q7;8|EX(b-FArUz&r8@u-*3w1GOJp z$J1?%B`~DxhrTrM5owNFLfyHmzV5h>c#tv}%;HN|rDcamrmgPnGe*B+Xv48Hy=%dN zj=#sC%K|pCc+H{6o)V;Cw;)3v(#MKuVC=STxaMJS+mG3h#Y+t>yK0aE2 z3l@dKD^@4cRp1pl(%gSWgxAz(&uR|$Dc(b+itSrho1Iu^m|dF&)O|VCOpDB>1*ztr zsVrG#?_5bPswIjWqOD6QE=muHK-!UYw#2o8WEqSO|EY-JcRWE~k$%=R~;-A5VMOTu36b@B)OGkh09pJTP?Eag~x=qhChHtR&qz ziDT3j;x$kJS(n8b8k&R%_4EN!(R!nG^jrD=P`X+}ovm_rCi~^91(;hflOQK?2%_AY zDN|vcM~q9=w!WOqvY_NADKC%ds#Az5sV$6d3YN{J*qU5ljh1)TKq>cJO&mFwua)G3 zWhQ!oQV(i|#5gzNT|`O0w&o{VmK6G|thNyGV+c%D^%APT&(6l}Ysa0>MXvxU=8lz& z+3PC)bC*oKZt+t`c=}Cs=RVxM>Ss|mqWZBrE2>S@`!)rgRMxnJtfe!AMtEoEsi3Qc zko0FsRErxsy;%iOZ5-^g-E&?d^1`eqAX@!Ay|Knp00|Yg^HZe1^n*RryGh>@L@_T7 z_j&_%`TDldVsH>@y2~YhInRIt%foOKe&KJV3TL7Ms$~P*XR&ST22hYtd?S%TU?MA+uwayMI^!TYjU7Iy144EODn{kdi3ZI9)a@k9@BUA5^Oizh!ly`qaf4^lIcp^>A}(A z3XEf9&z*N~6Rsj9R2$kBG1Ylk@w#5REu|1PzxP&}Z&Hj2WF2A=#;=sHFB)~YP$3~2=*t{ois{6X- zM3jl0TaR6`Us2;;*`%+Ib`lM=Aexci#WmUMcWjMTR0m>ltE8)SWikff#T1bLonl<`uM2r|YJ2R*Reb zxxG@O1!VxEwk=v!L}KRKI_{OLi)^7(M(l{64!o{BgqvyOCxSH9jO{u7x($4 znR)e8z&+(A;_8bG*PwT0XT3RbfHKuTBo4<_jbSy&#DiBJnf_ty)BUfPKpe=wl!px+ z8Z6!S>}3I-LkRWj`ySZptzd2iH6*~(b*0}#I2#^hBP(H&@zO)w{hHP@+49WVN*X7t zm$cLg{f%OTrC8{z%hdCKX2917(QaPgC2JOQe+@hTkc??DRn`Rgv1qkgAG9H<-ypEJ zH}R`yGR;2=IP1l+d>-f&i)CfG@AFIFr}iAE-M`$gx?5az-Gge~vQ>rx($>R9Jg>VW;FI3X7@nN;J>j-gJtm7ApHY zW1v}1-afhz{LMyA0{{5z!gp$wnrKe#?ypJZ4aj1W?7|N3Aw04F(nM+9!F_Ga+!j2cKdUa=392%Vp*3}`0>+f(184S$!n-9%reVIWtaUwx0`)jq|gD5xI* zcH>uLV2&`6*}eeoOFX8iIoqCHV@P*MXUMu8?33=kVT;KH{RSe|#N9P47TdRPE5WWN zoyI3u>9+4KJkjrM2ub-bthO6{BseDM{(74ikFamZM}I5S|8(8^-z=&A-_BnqdglMV z@%R7N_p72SrYMj7HPyLX9%m8@C!T+9B^g(`dAfv0!DJRUODsrCsBLL8bTq^w3`KZC zQ1kCZoxCm-*8|FHlG@`U7m{FR>vt_{@LwGZ?_-;UMz4~8xJKRW_4nT0_wU}v8J8bZ z5WqP|t~q(byfZdim2HdgVU7>cV21ue+vQ2bIozbzaH7ScDc1C`;kM)eW4k0Osq3R?_I^Ir05QanrX6CkQ0mB3?rZ_g;do;aA*6W@kXT{F zxfN6)qJ~mjw|Jwi))`__?gMZTR*@kkDi?Z6T|9(eS27*_YHrln*7|Cy6ye@!!+ryu)>B!MZFmx8*P> z{kQ*@3wDimPyO6WjCzN7+yLD3hBQ<;WAGh&X$P?ho3`J_o*>lODNH_t9~(-FD4Zb( zkw49~IvkEA;e?T!;0X;Q$%JWUdgO=wfYo3iYZ%}i)J3dtFqtfpmPUas%9%}{WIO;? zl^>;UKX8IGO%Yueg=AAWrN}*&LhO#Ey6vCO z28{RNC0L#p9l~mAy2X zv=b-G*69&~pM9WdY|+p(=fv9l5y+d8N(lV>Gg8?d znWbKRJ{+*$gp+uWYS{;coj+%$ZdtaDNy{8N9t3lvEZ$8<$v;__Jt)TjuMaIWw;tGS zwJX=kua2-=$*;LOJk9&;K9pnEj#$S&EhYc9uZvN#ujU_Eb@ppY%Gj`#u-Y4EmOb87 zbn__{*UoFT_doC4v>kcSyKxnjNcE#qOsswy9n#sB`$YpvEn%h@c3-;|HaPd{DOu87cZ%UN~I*&FE!W4yyKWj?Pw07R>oE) z?&DHKF7j6g$|$c`{| zv=_LtEYGZM1nEG-?dPPI;mvD3et;hfW+n>)INV+3P{#3Qhx;r!v$ z{RJ(9Ss`qhl~n|r@8hpWT+Et0UpfpXy|b1{)*RSzvLPdZ7 zhZtmJ_`ixl7G{S35ravSHa{^KbnO9+J1?jgFDb#GhfY2h0sqOr$>T>YAMK}sYIL~M zTs>f$-T;UNOE|omn4&$Myx*PIKQXO;WzkMIOp{)QzfAm5zAqI&N}T$XW3yfBN<}%` zo-D+Tn2h)8*gkS%|Gn9`ayfDIj?^(ZzscogRbBj$yW*9(#{Ag7%Jt#JL;Lc=5#2pU z0$X1@=wrLKKoiWfy#MbleuA`^8+VOlYx;SZneX7jEBWATKE%T zC3ZtnLMO#c?-`0J|4$FTh7%nOLey8l7j7DC8k;tJ%6}_(D;Nj%q9lhpk2;6CjL`z3 zQoLE9IoccXX>d37M5GT_uUY9<1Kg#WHONM?t&!esQ=5gVMqME3q!s-36SYS{p;^T? zC4rtSv_GKVBam=pUNi?DSXlT0QU4dc&?D?&t;mmPGQ0{3+4vV)yGARF$Z6<|netqqi2`%wwjnXJ-1c zxd!ghhjFa#!6VI8=);pYgU&F(^79o|G})o$KgIEXD=GgkSjt5IKe04^(qaJrPw+EO z@c5~L+&yP70{Of&>SwMw9{z0lk7)7<)@v~ zf+&ZYN>(!eXnIRQA(5oyubhYEaXl!QU7u|(>daJ?Ip#!fF#CI(;$pJK=o`M3bj6*9 z)YH@RHOMR5rLP{4Aw`+BWXhDjoPWJta4>So2FEhs+V7v(jK0y+n;?@&FkF#ZC{`}9 zI}l8u=5A^<)JwX zW=G}6<;KT_j6UK-qZX3)2y@qU!ezpjrD(^N1}AZ4|;@L zf1z;Lz)Kdy8C?qeO1vZq^_gkl?WsMi_^&@0_T9DRJ4Tb7AP5~(+Oy!(#a6U#v^Q(| zW{i1>tUHVKGOJ=2>~rbVQ3jp1E*pci>h#~H?>CL8K^t~2kBuWQ?x#z+i)WK(M~bbZ zQ~fL+)_!(hN|)_oQdwo?3iw_m;`c>=Ute8oK z>!aa&ha=tL>fw|qs~_yZP4mJk=a5zQ9Ua`Fo$kF@KV<*YYWr2*4Hlib{??hc^mOvi z#WI20iafwbaMxJS7>q;?2s{=v34i(zM}kXMX{VpX3{@svVySWtSUl`tvP=%uFUCCmss^JdP6-@<~KfWKl%B_T9_4F-91XPW&!I76lf~a+IHz zk66Ht?$}}`Kl|68-q^8qzBdQkSXJXZ?{hKy#v?s$v9Wa9guHCM^7v|K7}MX9rQz!f zEP$?I`yV2b>A$HA{VzDc$n-y~H?(7=Ee7a+{}&D<&kycIO149XFm4*n;-x(SMbi|A z46*#JAGxIR453ic>leI6mW@B&bq~w+^C~tHrQQ*A3bI@qA(UbZC6|HLsyQrMvqeh? zHgelo4j4!9M)HQg3rx4n#etKhm3AXLz+x{zFlF<~6kXa+zK5qphj9|Hv^#O1i5RUm z;g5yogo}R9y%06|!p`;-k(17*)wgnJF)@sj%8-A+`4_U~XzoAzd0q|!aDTThX(Jo9 zdGw2Et9`C$lW~sfY&%PAyP(P23}e%77mH8^4GwG0KTM=j-lqEwblCY%)AipBbClfe zjPdDY4J;I$tm$Na>`B;uh|3O+PWY@0%z*!m!_36M$OQQB8+@VDI)SJ;j^^X@3)-iF z2-gAH_OWhv#ce3RwtC4HS{&|D=ZAn6I(b#JDE&mTiaFZ-l?9qp#)lLPQf}(8)ZU~% zsZS`+M;MpNmWohsKx!%xk(!1<@E|oUmG8_zb!%<}D8ErJ^-$TbUs|l_HB}rc%%-W^w6 zE|Yet_aPCbJI$=I1i`&vroP{vDl*>2_`;yE1lSVDH&)z1nMs)Y)lf9c2!X{bGA@FK z?$luQJESkiIB+dRAb0&kJSu=E{0ubywDnwCSSNAF!^>s zy@r4 zVoZd2@^`&D3$&nW{-MY|D?lTpW(TWbW9QrS#d~!jB@>gzunoWcLeu{$PMd(iDRxfc z&k1``J`%_!>q)%a2U##A?48KIzaZpo3D}lT$Pm>Bs*=|*gu!Y~b6t;FzHJhUyuW<~ ze!dz6_*yb1AssX`97XU-ATR_f5fv>dpkU4|7;daa zg&Os+#6LAikn`GrjQ|0MHH%-NK%x_F{ntJHH@5y;d#ZoGp>aj{6~I(TJo*@NAQ(tI zC~9bHp_#iu;R7i`hk)Qq(Cqr>DkQo<-_`W3^HCb0#QS%kE2f|$!en=VPm7y?;lpUm zdjsc!$!`39=`q)oha|FXX)&_Hgi^7f&K8z`NW0!2o;*ut>UUJcWZ}7ffZ07 zC-9Ws_XNMq8f+c&7c-r5>sL9}I#Gd$g@s3y`_H)2@(xY(U()`n*|*v??RHY;%Y52_ zkVY_@{ne}W5R|Z$dd`BJjsvyHm|~nBKs>OhIN3d*ebd|ikU6r0VUAPM zAfQ7kJ)qToU3$)}b4{uakb7sjfLSq4Jhe@=h*(;62Te*gTeZ!oJh(iFVVRLtkZTB3 zY&X3vtP2<~5colF5d&#f`c6K7z@{E+PGwMXV~q;3#?paIdG0Ks+%wT+w(ah+ZQHhO+je!?wz^!^W!tuG^IPxU-#F)vJMOrDVg;T#V`fH9#L9@s&b63d zU5txsDAqVI2+ZKx@Z2_ruOX?@=PcLW@Kc;T1uym7voOoVEd?M>buwePqTpq1XU({f>|7dt5qO*00x?-L1zKF zEJmRbW`z)JxjA1FxC>>+ge-hkl990qaeF#?Y#_))Pa^^pL50W_L~N+dD{Z@A_nc%V z2RImTPBB|J7N!pwy9~zqQLO@%p*9ihEm#IItWO~HiC6?{$lmVf0dflv!I+Stc`vDE zFSda3^6fnMa&j|2j4ZNx*l!kHJkwF31u*4JwT5;YzD8YL$9W4n^wM6uU+biy1;E7? zZiY0k_nTX=)^yZ%jNpqrUc-GwzO2B>|AG~J;ER~0nYjQhN1D#ISd z*&Fx>$~I%8AOsNa0vi*&h~rKv;}yFL$)QSpymEVk^1?C><|eJ>)$8qPug4oPKgnjq>j*uZ|`cjogkHq}{c zMA8pz`f&Dwj7!^P3=@Ry%IR*QyrJSvfPaO?n-HJX&m#7b%F=js+F+2@w#zgS6r8i9 zQMXXL=_Z0d!*pe_K9ai|PNBoD4JcTfZiR%!I%f2r(!GK<0zUYVIf0hNi?2netg!)) zuhAF)cc1v12<8n5T6zVwHp8p{L3aon)HFRO1Y6;*u5~K*!SPm;KhQU&9zPu4=qHx$|WJqc}=K$F7 zBuh7C3KNY*54bG_&SOCnXlxB%w3;j~EVhH82*3QLF`7_rB`_EyB+Y#Jg)3^`gjR(Z zxpcZ1g4cpv-(kGKG6{gHabw_QS$UigR~{7&fY^PCVKrtE=5*#6eBiaq-=K6E54K~) zv3!|N$efh>i=J4|#O}XtC7$fsIxGc=Z~KH0#D(6?+rz;R=b5X0hSIh@qz7}!lHAr zlw|;*qcH{qr}}D8dWsCg#kC^CVDVuw>P8I%7i2DG9SQ~~&sd>s%uc7Bb;wHoHDJUja%u-MfIjpdDc7KF8Lie6fxGl`l=qfgW zA?j3&>$L2Y01778q%zxZC<1K5F{x&XOAs6;;OtxjtSEXFC0Q)noS&q>W2}h5Xegq} zQ1LN?SjNU6EOh{kDq4qe5!@H%3{n990cSjVY>2opjZh2StIg0Y%C5ys4rktBPYB5bx>%eG@f z{zh}Qbd#lXJ{8ZO3#Q@ z>%B#R<62LEXKjmK!?I%xo6yJhQ+9eA7&Pii%Hn3j8;+`gHc)45laK}4NnjMT0&!V^ z$Q~;^v=i1GAQf*Yrchv`P+4z7GE-nen?gc%yUd6cu8>++VAfP&`8jRgPmBU!0svct zsaSz0Da0ZG+}Iegq-25qM(Up2ht~`Ov8D05i$WBQ1qFs-t78&ywve*|8;!!*Dx>zQ z84;F4@2WGY$jIiO7BG2Ci4XIi{_H2Fw!n{3cbLYQJ|qT-Zh*zFCS%PU8&3t$vjXpX z#Y8BfDy-Z>vSEo4HWVuX`X=J}0|H0*K})K~@QDR%|El3EQI5vK3q0KQHmadvS!AI@ zALIRys1_S5Y-KkJ7xa+W84>FilotCd8Mg(`Puea?a4P9tP`bfI>l)0ReCbQO#m%%%+r;@H&OZ?<+)`;>P1O7*%i< zn$Xlr5De)5QZp$1@|Fe}FH3S&a5iMzOv=`%i^k&0fU7=Zq)HfF&B(&aS#(m47|TA3 zq9Y9@RSVo5dRwriOe(fwsNmq}z)FydC|U(o13w$GyiKd~@}x>3Qjvk3ByHgwEhX#T zaVi_4ym*#{*GeJno7TeRfTLao-ew51SVvbYcq|CEQTyOV_@c5!oUl?@0&KgI#`HA~ z8aD5+ZCKov5+D^9w0dV|JUMV93%tAhfH@rxc^;Zw(xO~+c;HumxH4r_EW2$UxLspq z#>bg!Du04raZ}-MHlj_2=V?~^HaJhDUU9KMG_{@)2;5_#akPI%5Ohvg#jhHGHdq&T zT@3CdVke;ojBSkpdrXUY$8tm%9+kf8c0P}%UV3@~IeBXCiyYVA} zKU`cMUpC90^R8dkA4&=v^2UGkK4#{BywA3S0p9=(;ki%#X#8;bvGd^`ZWaDDiFe&aT?LE7>x7MF;x_jrVZF~CrLEV1G_b0FC`zfn+X5<4uVrT1yJ^a9|J?G2w z-&QSQ+QwDgj?c^I-p$35<8#)=(-o}|k2FW^(5*kQG&tgJJ=R`%=Z%yfq}Hh%6~E8+ zZqKLAfj$0b*v_B0)Suy=4YtY_-GlFCmX)drx7}ziy>IRfv8|s@%a8klvS!~p-K^ph zdxKJRr=t%FAHtL}&33SRy#$$;yWjmmnW4+#y?jrgjG%^F;_i*zEZXUgl1bV9Yji?vRj=Au0{Ng!4n*S44gMv}FcG(! z`)IW{9~1?#8M{=b#gAv#yhQk@PMvjh%#zl`m3yrR$-thu!CFilHnJB%+aN+TuD=%oAE9S1}yE=t9~$mR~O|+ z*zy5uTss%7^3U|kYxpXE_iV6z_3g3wP=xfk_{$gOEyArY%3oT57uGm?h3fVBLV00! zwX(R@8Oo#->RcAg`S?{E^cE9q&Awd&7pc5vJ;Ig}?{?kK>e|pUz!)3T-aK~BjK7(E z9;^Ua{2XnExAN6?8hNog3cyC+ur|RFt#BgjHrh zUl-(vXj@X?dsQ5d%)7XbwUu4_@dj%h@If&$$rOMW=S)N$6{>#@VqW?l*r=o~o=-4aASxhabhw)@G~s^|?&= zyXU@IB|q465uv_ycwWuLG@X@aHAp+cdmW_7%^+W*?@#B`YMVS@m4K|?tF)QP4Xyl6 z)zVzel<7tX^s)+ijJwfRi!pMhf;_)ozM1GHH{>J)C z^xDAC*=B2FCbK%Gw>yL0-s&pjKj`P*o@S(3iH!2EI+Wd_2Rn@Q@mgC|e1jh{J&WUK zu?uS*PYujhIhb#o$BQQj2e78e_2Nfs+j==?#Ty2;VO~PuUb0W`HWpiXb${o4&&_=D z&Od*8)2R3pV?7N!!7uDBaywmh9&eOcL9K^cU9lnGSJ-c!FOCuei}MHx55L`5m0`(| zLYxF?FyFjedFTk;-046#{wg-G`+M^7*|fYS7s&eEjT}AOJy)?7%KPi_?RzWuH}m0L z1%Djd_jvuG{_519`Cb;A+W!3T|0E1q#)R+v#p9v=6a)zc1&{d?inO}2GuiWf z)p-*R?U2xzFc@Vee!Ft>bN}(;FZZdJ1}o$k^22LvleN_Im0%FK5D~g3+1N;S)9w2+ zuu+GKSFDG`8P&$^|Gl)LKlO9_&5zPUe+Y6iJow(+^RxG5AMPI?oDLp`={afb|C46F zL*Z9_2tw(@bGaYC^Ye7I5~&Y5(9ydGzvue-wDM4gF>$ou(<)N$_}#R#Wk;}F{G2$= zd|rtHn=N&h-(8}|Z}-eT(fMZB%t>%EG37IMms{trSC<=~wZ%4GT&E!Kb=t;&(-3AlA@&~cq`kZMi&yyGvjf#% zD(}S4_b=|!)>E)RDvUzR5B~12ha3N&s}1|_7Y1+ywzt)&qr7e31==lOkfq<_dUQYc zQy=_2UtZrBRd*jZ$2-1H;b5kH=nK$itv%k5EaC$@A4nge3Yf44hV_IkJ>eKOVH=Pk z2E<+s$2X24%$s}&P8b*#Rlz&z0~5zGw_7(CgEy+}yVT04-`$d*-BcLxg4Cs7yt{9a z-@Dn4fy{!1+3P!?x+$-`Xgab9DW`t%#;t=M<3@qP)Va{_JD~46aINve``~dop5Gha z1R7C;H{fxC0baH`A3Kf}_A7{L>dE7T^~L6UkWY39x|y$EXTN{*Fc+jAyXS0WgPg^615S>%KTJNNGEQ)^5cM$VlOpzYh1dG6o>t$j2 zMu|J>N^oF$J3^h!N*AYAO+$@mBk~Kwhq|xAw~}wu#q4ON-z>iB4&qH=lxH}{UT(rE>#$rSY?VU z7!6)lj=&Y8Fcr{YvB?((M0%}g&$kueB9*%GhcKCho>jlQ=M#%xfsP|peIy@q$@Xb9 z^{3T4N6NyV9C?2}fHzhRT@jsMy-a@${X()hexRQp?EKsGA{QV%yjH*ZZLxAR?9)D` zt{tYLyjH7I3E2>{4(K;AMUi*l4SHWFChy(Q>SYiA%5g9 zzK${A{!PpW$h*8N9X1= z`^MYB!+>LO>WTbm*-LyQTRS4oVXY?H3U_P@zRdXh$v-|n&PF~0O<2=xg{dclV$ z!)70iQvElZs&|E4mSM(&lY?U*<*7^^&y88B0JBa{9lj9heZq?`gsYwFw0iqIZGLw9 z6OFMqKi`*_mp&Z`Tfa?%SqA=>hovu+(l^;2wEM>|si_-w_m_vGy<0d$kLKLE=gtAc z?u{MV)@=qp&sdwQ?)e&kUR(a%v9eQZl29zGAD4`SbE4s zIUm3;d**{XE88-B>xIy^*$f>}r%Tw-b-(%&!L$h91;U^eJHlA7`5|xvx|D$!X!L$J zjYlSQu?H&DCF-oO{Jgnx(b($k6HZ(C(35OY=z!e<0xdkT1mzE$JOj4xR*bGhWJwsO z3zHK)&lYSo3FkCUn)qTs@4bu&XN;Xye9G*Vy1(t5yDxu-CnDlmIlXHI`|VorarJKY zZ%d%p9ZI<7h2K_g$~}*kxt}A1tlE#KeaI3E@KD?8`roo&Tx>nL)S%oLii7(NFd1V}1|it@Rpr>IDz)``~`G-u^Y#=T4(rPAOFSV*WD{ik3PM9y^1~iML2Hdr7U+} zc3hhPXi$$qVO^WeFa&v?+sDD}#I6c(UpE^S@GJFH-<2Wgy=hej1QuyLRA7o7o&d;J zSg!T~y#}}H+&@NDpPykhVn=Te9l|uE>QBd zX~wldc1y!9zjE!<2hn25kgwMd1g3*9FAgNoVqPPUE33DUk)n9i9D541-n~_1rkr|C zwMl+n>tmU)t7D8-ALOo!q7y;b6C;cjZ z`au4z4fq8A_BW@C;qT}zSW_KcbgQ|?xfeR0u&qdpThe_kq@cZafm+bZS30Wade2R~ zoD}82a1a-)xOieB+{?50i>xUpzrj1LV<*vPh|&UW)_Cqq0Uf8oFn1~A?>4WX)PVtJ zk;`Ypmpg{bd7=vt;LhuETWNSs*2=R;eT?->oOZ76HAOiXriHv=XooPw^`4AP)OgiH> z^RKV*$}AY<8Zv_S*jl$^aRDkM=f>3&Jp6n2T5X*z)gB-g?QSUu0nNVp(qnOHhPBc5 zh$OtkS>@VreL(#R+F*6L7`Hkiw!o2@JD&`bZ);!kv)!0|nyx9y-reKsFl1-n7~!?I zC@k{co+PthVPl#*YHot=Vc*zth5t8u@)Qfl)!pt_XM0jIU1x2w3fet=vUM%S4rymQ zmGMoIv4oXV$pOdBPPN@&FhqzyKZ5xl;0wf(droZM0$zP*3tPc6iO9~cMcnSYt%bA@ z;4sK?x{!%uf5In^^aoU%SG1W=SvOLE&f9qZ0$ifenc0&njC&IXjitkx=61EkU#r${ zYZOb7G#))6LjvM*@cEJO1eR$$DM^ zwwFyE`a^30P$Ycoapfsz4gSq}T%DU5gU54MkK}-OhXw;8R1Fi3!_(HPLA%JS4z3Ma zYLywa62cpH$nukst%Q>h8os714TLIEemdgJ;+FB%P(7qw8<)i$;y` zV{Z%bS#LALBuS7Fikwh(a)+*HkM#X69y#Gt{IkgJTujxG#``(OoizWbe1xZI1%$%+1TURj8<#H+S()MO+=9LG%yQ-C45_hhFz?jh^8TnO?9)^r3r7+ zMiv5iS`sP4K92`5#^12?>=9+y!BM>1T-(zSJ+eA4uRcq--&QScw%NY-@jpYeUZS6` z22;0kBM+}O7FsU{Yd?&iTR!gbUxu=-CZ08I8XmLwG<@d3K*JvCAIsJTqc2@p48SE! zK4$PmqafDoU{gH1ixW>+ToZbL3_4EPx&zFJOBH2{rJs;&RI%@dXW(M&oqzGUo35(L!#nu&3pg_c~SXN zmx5#EAVM(BNpwfdrPTUW04U_V@JABiSGMsbYN2P)B@2$96a}gY_~#Ly@JkBaom~WD zuR=^U=+^a(BUd^nLkX!G@Yy5-{`4X-aSo)Tlsdx5k+L&G9ZD}L9_GZTL#9o&l7R7v zZ2(NO!;DXIsugi#Jg!{1(x$?pak?DBLV*Zpih{`+7Ci;13(($g8JqPO)fvx*a8#NX zH&B=IJ4T7L-4QN?xiN?gDZFrOe6zf87n%>Gs}Pzer_A~z;*Pn89N!o}p(8yxU2bPNM#Ne8ne2s0VTGthgetob7Yf_}N1;DnoST9SGHD*1 z*PkRUh{<$!ZVJb+$Qv~=&6W>FER-r0t-@D#hFqL*e~m2YN3X9=qio2`<&8er1wyQD zdZmXWOoAi~uhi3|JL?bpgjDkI41oaK!7PIGeh<-$rek4% z$s-T^L-UtTJxn87gl64=o_ zN0#TvVIekY>#`t@o{&hUl)0Blq5y+ech4VPJd!(sPUcB2hBh4V<%ljF0nbG(^(d8; z4XOvBqc)21>?fN6tB}G&K(x7FOFyy7LA$F*@8whV_j8it$Wfty`U3?lb`m0)E2;E{ z2#um6<39pHr3_y!LX@c?2J8#=B~TM+yGI)pG8u|4Umk%l*y_Rtx+L-vh;d}mDY_}< z|B;Qgt<XcO zgMacPMn=W}3lZFl3fe4Xj?^9wJNJe)15k~<{=&4RLKjD#nb*vA2+!v%kZS@oGCBUk z8B9Wi+u7Di&mM68S(-}6$4l}CSIZ`8h{ircuV zd?V7@7$vcy6hVe!3FK%JbF8*{pj+D`wh9ttrbuRj)Mf(|^R?56svw>Pilq=6uz_~I z!jEXa47g*yWHB_fXn<$I#e}Zj{}d?%%XdLj(>l9g_63q9CcubW6u`jg-8}yr9kLpf z5Gc1>t%rxLZBzlasNN7pbV*f`E z)S!jH+(iaop8k7==eY!_0&}88q<9UJPKYYTr`zEpkB!n}B(kv_l=MLvUdUh_c}X_I zIh`F(QzgvO22QCqGj4(4cf>_3P<+zIcXYIL2?7}fK&#Q{4*BBoC2&iz@_~zij~7Cz zNo`|{A|S}$9ohSa$~g}ev%`k6>xXjf-RBG9AS{sbhnDtE5Gu1*B7;;#X#SkMYaFSy zokJ--KpX0z4UtF6m|PDwXDmE;uJHj+@d&Ci4N=OG)3=Al#YgqU3R`=?l*r5$$aJ!u zOv_uq$P=kRGa>V~LSOAtr+B4L_qrsdA&<<$7D(lge?(J{_tN}i`#?aYyvYGE&LcPZEa>ekSF z94m71bd9<_8J2Vi&=cj3Q*(HUrDQ=A-GWU92P!+dt(G)|7-ck=vI?VqD@jwKhLpld zY39sT7;>3$_BKZ^oPpujbybs0OrvBP3VC>p8bpt?Lg~sJhOmH1BBf^&`9e3yB!C3y z4yC1#%HHD>t3fMW3X1wja?O+NDDF$NW&y=p7-`HX->0z=%}D=c&GBK9s{noP z@p+ZPGseFrz^ao{YgG7TDl&;&s)A>eeM~|-n8-=YtX@T9-w~4XB>7oE6Hcu!@C!Ai zCFr^L*2VjdOp8?p`cq_4CK;H>0i{9?i6p#5(Q&C7bF4x#G1E|!sJq+-BE^eSMm!*q zjnUd_ugJ=g%hDs4TR@%i6zOT;tMmj}QhWt&0omVBB}DFMIRZ}Nm_!f_9#)gYnw90f zvgGu@(@_tCNCBHUz!zl=2)#?#)JS+Q=AT&`k(dp$vRpMpxkD-Tm@Szqr%Xu#0UGP? zC7uFa?0R}qj4Y@7ML06y{>GjVmZVBag@Qs1p_x^SnQ|95*{gtIa!9nHW|apt{3`B| zGZQ!XT~wNxE1aSglNF2$D!jCUPyOYc?qYz`gK+?sO+vjPi&Y*IN#rnN7>9-3E?GK8 zPldHm`dW~{w%k{N*25_usch4DwH3Qkc`x>-1UgigE{*J+DFgU=;sHgCu|RH z5ir&bT~OU^O&eWGuK;!>8sQZk#Wa5>Cf(7f=`8XbzhE;%M{8p+XNx%mkql17E9fYw z2bme;JRNZqo~eVCPbrj3y{v3pzBdzp5BT&!r_cyeifSC+{ZE`%f$9<(JDpb*&oqgi zEnpdTW-@j98G24VAk!zA5}8rlp`3QquQfgxBe6eu0SpKPUG2mODiODgJ?}pgIlt|6~nNu=0b?9dc zRiZov^6H-Krw#^fse)d*-ArTBTCIL8(*;$5&>{WMYgbrn%?4wkUJD@!W<)EI8ijso z7?pHh`}2`0!k)pjqzqCqK8jEf)rbx$cpbtL6NviW(3fqw?a< zPN`bx%jT;M4t@0bZ`X*&4*A!00k?C8mMT+rp})s z)%W5da)h}dYb}65*tT*ON-cO8DvresxR^Zu8~n-I(7AwSy!ZJFST4^ zATQxk5~?YZal|iJf|h!0ZR07tq)OHaw^V)RZKPD8CI)$TPp9Lg{9T1jeX*+89l%B` zDzlh~srVYlFvKF8nLw;&*zr4h1)0K=LJ}2)jJ0cVA~-mXX^cfQD}i{-dxI_>A1{ZX zn}@W3cI#{k2w%De(=r&U=!l$Gu57}vL(QQuW11l(04HvhBKID=$thjwftOy< z72h=K0;)zzLC9@<$}3mR;qucM1V zvKQrCJ&|z=4Ka1l3!;vh+wwngrcgUBQ%65_1q;^!v2Ky+$```9X)9k z!1FVTu92N0=|*`-0Sb;0N@hDzc(Z`er!rzV?t)E80aJKcluWwf`fK{X2S}NBXj)fy z*y&>SAX^|~R$faSS<>~?RxV%Wl+sLPULI>V=BZ?-D~q` zdf1N8xK&qV<5b6d357xO@_ZdY*8FTDiRBtY)i4RnBe45Tf?s)ujU}vdn)jOyuYdSN z9}bO>V6_l8&zDgobT7L2ot^K+=#)el4q`VfO@-;@ejtEMRdFq!!P`@?>9bdw|H{?v zZh@y)2o^1bE2}znlIeH&DzWcl_U!;dE68=82kMTHiC#QT3I6fq_;MQ)i7YK-1@OK| zb9194QWde$K9s`GBvo?$a`0kALI19pfOUdb{e}|AUfe;ynMd2vZ2~lf6B_BF)2+~Y z;8Rf5;1!QD8I$*z?CH+vF_}5e1)E_PIZT zrxj2-lcpI<0#3jr+o1zx0&LP&qe}I(X(y z=tC<&K@v~^Y}!JVfEe|RW?G7DV8fcOI@psUBZ9y3NS$wlxBMXI6|?5nSz57cN_BA* z+AC!tz@2n2w4$ni+|=pvzRW(hgX~$i*?~aBf%?F z3weS~*&*3Ks1lo0daQYFLZ%o$=?w99%OkBB>&nAAqj@+65#`kMV9aVx;vN0YTg6ftz2?i@V)J2v)w=lG%`N9>=?VXdnNMz z;D=cP;skr$1K?Vvx|v7Ak8oZ60K`c*$oEzbxt=)=Q4EZ#Ma31KVyYjD2CAeF*@ApL zGgKGs%Xf=BfcrG_AdygylX3F<-sEJVufH~Mu{2|C_;#8Xh4B(c!jkI=q5|Bup5J@=_t%`^=MC3`CRdS~Zit{NTBr5d;#B$X|aQBAb zEGV4S;%Ku_p3EG}za0`uWZ+k@ES;)Nm8@Bfjd|sAu`c>!TzNQ`F%M@xrtZ?-tXg?( z?3O>swYlMn{I+7zfm^=!+`4)2mc2Kk!>108EwZq>v+z`9Nj}^?qQ#TR~`(zJ9GGJ3EeYJcMk3c2Hx*sm;$Ll^y0pM&35!sxz}Fa`Ss`#oWyr# zJqa5bz@X|SIBizHJb*;3Y$c8!Q_9RZ#@`Cvoi7JgUG) z>zLhs`^V?=%Uy%<0{dITNcPsbIUD+WcdF;-Xke#6`WFBD)y$Kp_C@<;#QkL=YwCIW z>#lR_If6=9bhviy#@|zGM!>Ok_~(*Xow<{5`_t0*ujaSg%fqGpWy!w+n8;uao@TqR ziXX2BgsH$ohQH1EJ3gI!m$@%hPljey+ufd>TSi}#-)3u5n`eQz-29RK_wRM=J2&j{ z#$A3N^?ExopHx2N6Q5J=GlX%^GyHZf{Dr|-g*~B9=CFDV0@N5Bd?>x;7J)4Vr8c!7 zZGIz$--c=ix7}KVaewt)sZl&9L*Or@iqNV}$#krN30iPqug&TDVpnzr@{G2I+I)F` ztQvIfTQ5eA+_-}Ew40~6ZFA7_@~QPd-5-dZ`&S0 zPWhy}eYcrWf~(QI5vYs3c2^c!G+M-Ht!WLpY;tG%efaA7^|*5_tHv(VE$*)0^&>pk%Ybz`3>;BopBUm;u>GOEyYJH555+bNsIvc5aP!}^I ze(i7bIE4sY+=A81!CKaE*d%j#;t6=S*b%!YDMZyi(20) z?Vs^xrFJ!%l_-9V8l7K$^3}S(nypLRY8GqJ^}Txlze{Peg+Y>A<>X4tZgEF@OylG; z3?aR~w;l&CS(LO=#yCE){10i`Od&! zPHav6J<1wG7hO#p(vtZ796+ligSo1aPsfkCVS#}0Y;(B{f8|e%;=CSvN#btPAWJOU zC^&7=8wW1sa1;?RmUV2dk8(^Jayn;MdLa%q7Xp0k84mjS<{|!f>Rs_T2MhZiR{ix{ z@p`S#H%O;SYXaHtS=N3zd}_ z>bB92m$)IqL-x-H;8=t!_8$#7g&9Hm{yG0xJ(0h{pbhln)qU(M(Y`ZrQCey!E9-H$ ze{Z^c8tY#B7;4?3ZO?x#RuP zv`xou$4ht|o<(>9l{90Y*IEUgNq#EI@m@CG7jP)?EmmlPLV25zEdA0p}~RYrcef{(6R#@RXbF)BQ(^D*Pz~ z@HdJ66Z2iH*}&s>A`0hpMJ5s*+^Xaz!rX2lHf#U1=;d{qMia>`*jlhS2rUI%a};Ok zf1^U9z<=B5{A(W6-xrM0AUs$VjrLDlhJA?s?KBGI6VS58^T(4_YflElr7vcX;m@aT zM5zF{@ir&w8DkG$BUb%i^)+f0MFPW<%R@KTP9Rn=8&|}|!6#Az7b3j7nXO=pYxTPJ zk}*exr=?78gJGOQs4gg?*!fK^c(2W`Hi!tzR(~Bi204)BJpq5V<+!FvsFjqb zHvu^evXI&eMcq3)?i&3s7vw;msA1|OJkvA%teFFtG1a4v3{PO-`1OA=7jZW!=*3^# z-7giw%s=KAzCsdH8E@`Yy^yE$;68EjyiB2+vr$yxG^EI^dTA7UwTm@dH1c8VPo9eO z2D`>*#(6VKvE$rI?!kPe&=?J8K>=hdRpga27_MNwJiz)A|2W=9BHm#9he^)EBKvlg zW3La;a1atc0v#WZNJ87xc07Fqghxkl(cTS zD1ZRwhBdY}0hTey%!^k92I~p){`>7YRtCKx(aWu1k(cPsGQhvu3T$$7!p1tOTwNSM zK7L4#V*yrO!Xl0NWR)-S@G8^`Y(#r;D%rwmlW z%MHgh&kchWYU%d%3ld1D^n_ zJnn@Bav{=G?txJ%D%_s{eEEAaFXAI8es`DlFb-fBBmR%pT!ux{$+^!<-iTB^7%`n= zkE|mwP;!HjiQ5G8sGpeIhj!kqJO|1Z{6K!ba2WZY7tgtjv$8qp?V^)@}Wr2 zG}6nIhXaq7ND{bcTwnvTiv~bu6E+>pJ@Q)#I0IY1~Fm&fU>F=uz z3M+qEpvtQBlpZ0)Y7m@wlO6RqDlY)^a*4zx zP9)HXp_iG*ugNbs7#hS5KE6FT_yusRw86L*Sbq-6*;Y>AA18rKg=sak^XR9h@|s#r zxhaX(jcd=$cd=>jaQD}oH|NZv2+r0TI!Jma$4>zf7`*1yr17&pOFz?bgrC{>T;VWq zN9)*~Ko)gJkvZkw)!SwoOHXZng73k#D&^javE7OJ5y3wTyn%R-E)YoY!Udx-lT(tF zdoT(7Kfb_F@NLl7iq(8darFKem@a7Dg+;gI_@Q-YR6dI0dsSRf9kjb=$c^13ZMVHPdx>lP!hb_Y%wQ3x zF$i*Kd3dxvd|E8lqw;Mf74%UTNt;TY*ROI ze$9NEGFx!mBRm$R-63VC@}#)!u$8GmVMQ8)U-q9qV=xFYQCyO+S{* zLly8IdA%k4xHtJIzVVpXvS&OAO$q8*^T6za1b^s6FvK!RnsxqdCgsA#`zb;SnKX4j z>d5?Y=AvC(8o+lDt_D`eF38OQL~n5usT)VpBV4mYM zU~o!W0vlL_)sfSPOF6Z}kR4hrVM*lzB}NcR`MnW^BAPlj@ndNkO}v8$QEy4lMbWFt z5{})G_l9FF5!t`2J+=-={nxdQki?6_|cd!-aEml zF^}fgf)R;!bT6{H=AQBIR-yzB!l_g`xY^z*q?cX#j-6sW-mK*9{03e@k>8Ip!cZ=Q z=8LAOGv$=!R{?~Diw@&~A%Ma9nuEXiW9#R&hosKvfA`RccsGlzuXyoWUr}CR6_`Kd z)ln)uIEFEd;Ggq{W!T1G*D%0>30OX!?(R;IabUf6{qG|7E9o|5y71@=kAS2=(Q6O7 z4=#LveuHJiDs>T&o-WM2*oG}=+gno<%*}=$0CrCzzSd+w>g<5wFzzJ$4S5GdxRLAn zIb0n~sHYlI&~t^tdX<8ufH<6B*q&_-0__Phk;K47F zeEscc1FFi|A)6i}qn5Uzv3-mY#!LMT99t`ijndjuu?GJiBCjr#jz$EUY%Kc!=v5pESQ zk*U7g(#cG*%ywXZywU522ON_ZC4nT80xW&)QCmNnN8r|T+by3y+Xi)x-Zw{oBdT%V z8CQ;L>a;l330-R1J5y_y!e3sA99CNx_5bwsmO+t3*}683OLyb$*0_7)&_Ltv?(XjH z?rx2{ySq2;P`DQE6!tN5&YYQZ?-%z+#Z!B)6`56;5t)^1*SlUnJ!_6w&OA6B5aFnB zx~!noh}N>|iAY#}HR-8n8f|*6o(A+Q+JKJR0_p1pw*3~L?$(B`=ESJbGDw5?8l&E9*Bib3j~Cn?hC5k)0MX4&ySCF z(B6*bA%DV?zx;VJzLKSJklR(8hg=jnd$!F#luY@wH1&%X-fsH9|NW_gwD);*^wuT4 z+eZ42N3lUQpI^8s7PD042V4;c_E;mojVmD>op0wZ`%_~3Hq+64aF%X_Now``4N-pyBR5t*B;%mL`^^--B=!5Z4}NfIJg;=fWfz5q_hp9dknxR3 z=qMwVHj~t~&;&dV4qBhutnxf(ZqA*$^M@Mt8s=; zeR(Xe`B7Bso5d>`3;$-VWvl5hu43GZIu%p@-+}w@nH_Z1f3*4bE#&tN=#sQ&ue#(p zCn%5Noxn&r{rr?psE6+=db~0{txDzAa49Hg&++a0$=$bgmRC;avjG24OSM%t9!{yF z>zxqOOaXmZUth=+p49Qc^B`CS8RMf**!n(xHxaOzYvtXt$e3$Y z%$;M8RCLa}kAI=ua7S<=Jv+o|fLj3yY|>;dM@qBHJx*fQZ55fy>Q-HNnlM_L7ZL~4 zPtkd-R=?o_K1R+g{IGWZrdqU$==rlk!tS(K4!0wvm`~7|0*9h_vSe(H#xb_>rLMcLl z0-m{&O6-?YBXys|;4`=}YNXnwB)+b#7sR);wYV;HWS(}^(=YchDW^N+!2J!g4E@5O zzAFCJ{RhPmtm87P0~VSK^uAK6$T}y3rN$M#;Kk`e^;DeX%>&T(Q1|2E(@|riwkKIm zwANG}3_J?qhwts5VR$ixQAd+#c_YkTmT>!*m{sNV`+@Zi$4H){M%LbMAsu*;^_=&k zlJG!L)lSaL!!19LMlbdX-xuP?H?=$UK!5fJt%^z@j`$JI{Sv|{Kt9{) z1DK||!HLldpwVMnxk9G0Uixc>3H%68<%i#I^hq|O`rFg~KSA{RYPEXLYC$N_DKlm$ zH zOdn@I?{V&u;!vZ2RnKJaD%vq6;cRVQbqS~Qlo>|Fp1k%CM)NqIgtihnaUx>~0vR-k zdE_!81VBwWmt{228^P8VLh7v={`y8YCh95(pIZ->1A3Nq$P;fKPaET#;|G=O$o;ff z24G~<;*rr;i+8F)+grzt20O41#nRK?fDl2;evIzh7ia-Dn0^aikH@Lk4qHIa#KU8L zm;Bc3%!a7Gct>*YTFKTx7EdJ|CFl=j!92GP+366xb}^~u__Bw5_fq6dlTK32{U5I? z%md3VN?o8x8H4v45*qPkVf8q*kW6@rs-#n|+^Udr$h~p-HS;!QYMV9soxV@&^Q$ii@iDi8Z|vG<&ML@%=Jzb-kCwTqd@ zRG;1aqdMxjesSJ;!=UMqj+$eAYv?2S>%uKvVD>@i%0(1Q;w-qV)0zM{M7Z_-{MhsH z@L3b)UOz4&KSTLL)cv=!#d+!Tp)DTD>~|VPAdZ8Zj&5b;LRkGxaA6VyS&OzHjdgE2R$U;vTXh!Q&QpyIFJKFgaUGm3jS%%8Fm{ z>25Nbwbn7jXqD1S4~o;E4tFuaNS2|jv<>#}?KXBJAjnb@`looCkcbIM(kz0w5E4zC zrk>^fBA{5MTW5YVRF^^@_uy&5A1q1|>ruLIP^gnIOfh=U+f@k{YV(@uOOC2oW3ozc zCKnHQrRH0&>-!+LS*#~zr|Zy5wkmI(zW*A$d`;fovqDXDeEMj1Tblgt67633GTNx&Lkx9OjP(Ye__Gf6UHZUtiah>5-ss|rgr6@nF3*e z?OB3TQd+?&6RGzkx>CX;C=nm~vEwVIVJ$G4j0%kCqXy(np)=8F8JXJBo~8E{3hAE@ zr{rQAsu*(Q$_?O_bob7%^(je+qDA-zR=NCGTx3~oAhAHjRZ@&(t$Fy46!c{K58WtY z?h1iR@b6H}LI$aFFMWjrgv9b2N$w*?XI7a%+wD&J9G?8mZ}eQ2%Z3r)Cd~lfFFjsS z*#l@z;(sWH-re7B9fbV8nM(n*&ubClD7a3m%7OkYUsyEjphB@sqO`AunJMdgbZcB* zGG%F+4#F^xCibXx2~?kNTE|mIl)HJVsk@X?b;@aa&N+L}EG1ib`&8K?r9(_%zW(?V zp|cs4g&*YHP{Y5K90a-|}1L(L{GvcWa!$Ov<6#5o4K{i?%vjY~?`y)s~JtJ7#Uh7~+f^ zdPf_tGtp2`Tu{R~23x?E(aj{ziys3t^zMZ0~(3S@ixs$Y1%wQ>yDO*K?ESb0GLO z9tcW?xu?H8<@P#)2n|Ce8hUeXFdqy@EdfOY2Pl$un)OBk3&Fk; zmY^1N%AK~i^HD=at9A&tzxN_}^x87Y^UhvY8q0*0bOWgk4lKM-p`_kBd;Gpx)6;y!@*ZG9&tEBkRa0omG&c1$O zDL!Wrn>x<&%C5fH03DI%^3^R_%w-68Dz(w?^PiVh=RjtDC#K=VuLu^6qC8Sso>rt4 zdJr#>!L%?sjmmAm$@MtZ31Xj<4%P4WIF%9d&UHI|cejG#4X{`uSghnNSNBwEcqlbF zm!DcI$Y>H{vyA;`;4RofBZ7gp+K$~$a@D-pZOBlJ?ML+?Na{KVyM7r9zBcusFzuQ9 zcP`@c<~jZFvQg;-S2kD2sK3GfI9}Sw`Za0s3w`W^Q6zRHZB67gN1*?unTZ?Q4q+h zFvd6ct5{a>Td7-00iD~gdN6-;H(@Gp69l}mZ+H$`nD_Fm3E^d&`on4F0}#m;S*z$f zm5dOmnnHWEEBaUsHp6))mu@mcy#6g{+P zS^NXrzpC!|D`fR__EC|Hig9&p(sxkQt`&ND@?7wp_680KD{6YiMV|{6*Nk6@8&+CxNg$8<{6{Fsb7qqLr@*`p zece6?SJij}h|>EBStkOac-9)q5{4k5Wt+#&LLYmw;{p_07*qK8z7;3q1Wu+=QE}q4 zsC^emDR_;<)<5DA*Yuf$kL~irS^>Q|!*T7Tj6*Ou$#o>!s!S)cSB`U-e8c2b}^F}t-pxTa21ujGpxwMj-ZC)~w_s0Z2K*+O0# zTzZ*=v;)g>5Y&;z3c43^G+4Q5u-!3iRW|U{16FT3N~Fy0xMVo3E&aQr0d0n3lNaBW zM4v34^DHU#q^@`M+v3rhuuD_unFZqNB0+rxuaW9Y#dK2-Nb4UE!?L)Q#XYY6K?EPz zuT-m~cV5S7D5Fn};iad2X0FU82mkko=(C~Kq#9QSw6^pYLZ?Z!2FNm0o=NEjMx+?V94teL35?7P_}*$Dh^vw(@ZI#!_*O}U0P-Iwjp|Z+C_}uWK&yPMG}{BY z=E;)tNP~EheFAifY<)jzG&dX3pN`&CNM|W-&Wa0y6V0zaQ&PmKJyYQk1H;v{l|qd4 zB=F6XTGP?X=Q{?hoC%~GeCkEvjAJFnW)nByuL_igwojtioU2|D0hkPc&B@!WJ?6%mAnaRo@8|{zjuAd4N1+~QnR0kkp}GOERBruaJ@Tq2{hSE-=qS*?yl%@5PLHxi=2{{OAjXik{sYZ}tw41z0!DvvHsQ zNgd~>w0in5q{rK(8jxm|%EVa7?*;AuK;F{C&{pL=W_>=}wpQTSBz9yG`*(2>vpL`! ziwk}jcduf7_cJAPj)TkR@B7}kWT{T##6z=#Nv@ppXr4?lO)gUnd!lb%_UH9e0Z_e@ z>lSBckqqA6e_VRwmi>2lAj;NA@z&>-DTu{&GrW3h8xOYjtlC+D}ONOHq&U-KD0{8Cw*@A>MRBiZ_;7b zObN_%;Wb|rR@PGcm%7oKABt+57=o+tWo{Q6n%v}K3%HA^Yuh8ZMZVMy$nXMt1mQFK z6qA5;a0#gaIK{i_b~QI(u4kijOk}MsIJ9^7^>X^P!nJb)>Uv4b?!ehzGhX7L85Toj z%`r7&uKvG)NitD>SIIS{9gDT1_=*fnWz}{?24^Vm$qUVQsaUjZ5B&ns2In3KK8Q|~ zPH;1C=9S)#-aZ;55=l~rC=OAnFw2AG;l?Kh0dx|XVl(EG3F0w^HSB_@u9alO?9fe! zr>rb5Hn}|(87|H*p~-)0_G-NGeb0eUmbxRl96Hz@S+zEu%y&?+($~SLjrN;F4pB19 zcVEY$lPm^>Evr>gcxgV@EoA%>C)+{iE`K_(bL3PM)X;bkj{Dt&J(A^zF-AjMnC0qQ zDl8TDyG@tvdZXD|ckEbja!roTBly@>R^wVGlwI2FsnWox(ss>(9_k{aBs>AmbZ{KI z_ET{ruSv?K>MLDT__bxY=+Np1Zt>#w_jWKFWC(Btoj>Ho#9ip4&rs3nhKdMj!}Kjn z>LC4PpM`WYq8_J~QuNoqh@r*AubA(Q6?3(3Zh!tsaQG}em0Civ(D5z0X4}RK%60F{ z=CG;C%LHXd+SW-aFXpbP78TWP= zype#D$}s4bD#m5-i%wG;%?rLwv$pSUaN>96zItbbLE-u6&|+LfX%2!68y?n8H?#KZ z8K=Gcli_~`G8w*0BmPx+p&IWrr2K$Ss68jLhD+b)ye>;q;`7Pq7||}6&^?^kLwIEllu9lXXg-xoXZpxWr_!kqA1O5FZ#Y z7&;|azv2NcwNw`#awS^wn6WMR#Cg-}_TVyW9!Ov%3#3`qR8b={QbW5@=%n4XirF-X zTME=E9*1105qu>UF22l(@P|=>Pg#_bR_`KQE;8R&scKTQ{R*Vj#ae@i%gIJq+?GML z8hlbbg_YKHaGv^RdXGr_d|{mMfR+pcMQ6M=E~5EK0Bp|wai8}3w=aBYNB8d~(#?H; zZ&F+R{X}kljnPVYS|Z*t7cPVPqrODsTY94SM`GHFlM1-+`QHpf97My6<02+;5K!9k z$N}8)Ig*b*3_ zxRi{1dHl;bEi+}-rRjXX4!vQOECh~m0L$$fQolj3`&tgBi#Du{gPGQsfN@E2tIZcN zQ9Wc|QS4Xb7)<1e^(oL!aqih!dWg6(vRsgMpvZUi;sjNkd|K1sHwZW=&h7vSs-8(+ zR1-)|Tb^csn^o8KipO5v{jec0dSnSVwu+;hwd1;IHToel=AFbpP!ETiwyGbW2I^K$ z{uSo!>Dqm?!%O<5pkh8vB=I)_Jfv>`48C2V2hA_}d>e<1J$LJPxYH>>Ftk`dR%V@< z*FxStow~pRcBbFVSJg+I-SO?SiW*_kMytz@ue)hQ!R=An;gvN2DhL~J0Q6r0x3CnG zqs{qswk4niFR_!kzCny>9>5M((YSNBaK?Cg_K*!r>x*iP-Q5uwZFTFjdH)M_rmRXW zUPIM`_S&~`or}$dPT_ux-KA9Sg?06aDz98m0)y$FBapcnKd({VBkD&}xNMil3fo{y|lfz{3 z-MRZy`Sq3Z-cH5vfNFGT4Gy9%TQ^emb+BDDLy#p;)RY@mW?A=decZm62;9=zt71h@ zUb!I=1{fMvAMp6nn^e^yAf;7ML@+fE5@dF>9|cBvX#r=P?9ABDj>H7l%RHW+;3hl- zSC3!j{tjID{bsrVj{?9v!Tn6H0WUObuTXVo37*(8#_9^N>4)PWq2L^7)XC7Y$b*Dexqr2Mv#aHER>KXFk5Z>R8cbs4F$S zaoI=^u$(vS>Om7wmQLhc9(Gsf2vX`~K;mgZFj=E~{A!2{B3v}DeKv)et{)B==^PBM zy;S_ZYTK2!-)t`X-H*2V?!Q$pWzj)Otz>oB@cyT7-WtXVPeaMaG%*Q(opd zbk&uekP~V9JyY)!bn6{x2#Y_w@j69yy4?c}H11e=LLz2xBrpq^8X|mlcOfAGt-Tqg;h7S4 zCMJ{|px+j4kh`^7G#JdD1*G0;13XifXYX$bX8Lk5pEh{uuCJk=Gi;HpJO?ICN+k-m z&ffV%VjGZx9v-ndI_nWJl+OQ5$6Jo`3EJM{24Q4O0J>MUYUY$hqh%kN`8Fq>oEY{P z3>n{Tl%dWBoSktsk5lYJ?= zufB6`Ig|P83&HxjvmS;5V#-$=-6gUQ!UvpROoGY{3Xqi|gsVio-`Cn{_3u*uTwe!I zUlE)%zL+P@-ea!Xbh3-d5A^xF3G(bG0|M$O0A0#VDDusGd^?bwW~S*nK~uWhdx+gb zZ`ap-J>y`7mh=aWzk^Q|O3cuS(9{{F7N16YKek))XrOpC7!@&&0_yKY;-_IPoAvY6 z+94IaXOY7r1md=&ZWP#nkL{?$puZOi#3bzH4yWNWzn57oO0@KgFn{6eAvzMP?R7E@ z<$V(XH2);uyh_CzwOXneI(?6zzXqW^Rkhc(L~|Xgh<2WbWqv`1NIMSWrEPI-{t1!f zp_g(CMI#_(w_q( z!^jT^&q|SGI-PJ<%CaUgt9xl+z@Yb(u$ULzjoEVC18ZaQq#y%?#UdJG2Zp6pe)88bbW&} z+`@PrNJM;w@+?!QL70Vz!LgM^9WANUDvVR*gScLqsrOq2g?ol?w`4G7iso(|`H zi;PJ5E|XF|4Vb_TMbu)xw0r8Mc*M!w&}`q=@q+)LdMmlfUGv5HPzOyjK$siGpUf?h zA#8Zz2-Tit3>L+plJ3Da2sa&yUD!X1TF!wvEqUC6Vmh`C0~g zwIaD2)aH+1)-s}y9Pn^?bMQWjt z41N=aWN?^(|3st(5b>ozv0-j3VkE4&gp8X_#)ZT)pU;k?$c}49wNa>s z88d{U!p!KCUjLSvag*pJ&trTF z5|2x@@g{pd_J3zB3q3vcdcDEmtD0HZw#HzyV~r;QA9GAMgycZJ9iY3 z!l&AJ*Y>BV^nGMMK!b;Ojs-5CV0!XZE+>j7(DP#ortn0kCV}X6<#^)&`ByX8{AINQ z?R@sJ5{j^fEMkYQ+7^xka>z~4S9vs+E0INYttz8!d_QU~l@@#QtGV?lQs&tJnO6wo z(ZkhrsL=)g%mK2-`ii7Ms}X2D7hPSOR)x8s!r9tw`&0zPH00YWy{YyvR~*&uguz69 z(g~#H5J-lY087;RV6a}BKC6t!BE#dVHx>uX;EXNXi;MJxkEpc2ix!y!yhqe_?iB^dKq{=523E7A0DEvBL@%Y>*zPUL&i+Zc?_l`3p1T(;x1`U zNfY@gtJg7eedSiNvtz?S-ZYg?5*7D!{fY!o)fkGMm>RHuWcaG{{-IsyY~OHkJ~ef% ze_p{b4QOMWJo5};GW~e2Xu0hEnAZJR>ssI1AhTPb%aCNO`+Q)ru&fCR5TGGv_>d>pVCl0QdmD(9dH43Y-`1%XJKUi{5g|52l zzUhY`P@D940yMmtJzKm4=l~tn6gQ`fg)+(~<}Kr9EwwrCVFkHcx5pzcp}t*v&vBRp zFASmaGRPDF&e1315~)9m*JA?)FK?ec2KlWC3xRO#cF!27%YTiQDV*N~lEe8HXZZwM zw;CSs$MFSB-U9|soHOZvzI-`C>Nwgv3$6LM+w{D<#n<~|+w=a>dgaoiYwKBHm{$R5 zo%TigAjB-MLb|cyps3n`*E9Boc#c;eRLPwZepeWCw;$BjI6jg}{8P;yWZ{kQF@12} zQt7O;mBi^`o|WrZR$Vbz>{b>*v`~9*;=8d?t=dybutb_g-iZrog-vLSO*5^QOKFNv zZJJ%H*%*Eoj>~4Kz;exCO8qR0MP)^<%^|%IW8W* zY&lNTZCCbX{UAaG>a`A5Pusi$*LuOWN?!&ndO8+*EKxBKRNqrekDmLxZKgZ_9M#gq zFD0ICx))%}>$WPg4ifl=IE$xgB4GMpCPHkaCjw_-ltg=he!d(iV7YXP+Mp6@QpLB~ zB>U4M!c2^bHtu_6)SL9oQQZYHvEx#go|h1U1c!X{+}PO3sL{2FUw_{r!_cjgt7wU6 zwv2SoFWHi!a9l-NNvpG}N6gNO!I_bz@M0WS3aaCw1lhL=4&w`xb%|iE+58_1`Jy82 z7!QXWEx>h6x5_Y%apxF9YS5cSa=Z+m0tEO)r@rD$U-l*RR(ch6S6KQHVv`IaRyxq(iZx zaL#4&ZGoixv)iK$edg;VHv&))&Y!jh4?QQ)GcEq}S|bCGB?rdq`nZHVbn6<=zPION zxU!Ny$%Iz(EzxqC@@#^h{qrgpuF5amv%VwjXOGhS@*oY%xvUGncs8iLYtNK3S3dEM z6sL{lZRg)jT*k(0O;$2X32@5_ES={`Lvd$m6Hvx$Tx>S4m9%JGon|LTrw%Z?*pPELrl+lJ@--_K9Ho>>MNmR*5fwcjm*zOZ5=xTTitQ8Gz&bDo13fS=0op1TB~< zFvAIXkC62gm~%1|ekUa+Uk39Xqum#VRB^F^T-www9g-dv;P1u@xjE({d%=T}5>g|^ zn$Rps6dp!{GuFA)f|TqLK=4h)V}fWG9oe-)=E}P0JH->VA(Il7meMaReoHf;_D@`44uW9icd{y-V3-Kkj!eZPUNI~r}q zR@5=DTp}+F)-q0;V8;pwx{k>4B6@SvSM`HN!txgdBg#kr5{c5oGb5$sw4tzrkUY7_yO6-Lt3C2UdEYHoib9$n;4FfC@zWX0!-q=#^LQht!HP9p(T=o=6v{9cHtk~ z98nuh&)b)rS)ji4`FBrjAgz&np%a?-CafxHTx|zfx|g3x&8^DVLhvexXy$$Q2LHJ? zHc##U-5`n4yYSHux$vvPnL%L}-pPzq#X2PT@7a`)++sjcY^=A>lAVjefRTYdhmx3= z`v?zlmaiHIU8DKav)$wIk#OkktnuLh*_9q&%=EOc{g2wsSz_jS7c+?|fA}&NxbkG@ zAMgja-LbJHCpS4Qn2d#nt095|@v)D~kVnKm$WfuSSG%SsC58vepp*TwW(9o_1)fl& z#V0dYI11`-meq~)=lA;Nn>?_^&yCb7*o`pyLN>?!5EiLiE>7C;gh)A(vT1a|?vNOY zzr?Z~wcWm-m7}#qKm=TnOKx?Mt!(q0H%qM-s?(aAC8ZLd>>4veE0p-@aR+KpEpaR_ zkjiGmI4u7(`rS1yXREL z`lS`mPsj~<8}XWnDLEHYtOZ38uQHR~!S#@4+c?e(1M082K;dgHs)x=yQl|%|fFp~K%sgYUf_sKbtjwHD0xF3!o ztkh8EeS3iw>CN0c!?()?eX2irI5XHqns=!_gk$Uyb&B#HkAGNSv0O`}BLx&8P%xx0 zcwElNR&dlrq6-o8>Dq>Mi2LX~UyY<4jVI#e$JwE@F$+C&TK7!& zv05sqkRtgNHzs2&YR$l6A*0v!^g<#w3UGYvMquws<1@@uQuk6t?-}YisA{9aGrf8g zKC3_WJGH)<_h*c)sAx$BPWA&$l+30l?7`0?jmPEB#{@kz3l8|4VT0nJIy>jZn5bbA z7M%M9vr>M391F`gGyYZ}unKCkHNF*2Q~<-+_tBzRef{oKWkktZ&(ZHf^={{5)Kci`)|;~d2M5|>86 zek_x6{k^%(0RH&-1Hq>RKL4e^#5>q*5Zcr0?Wv=wcURK#E!}Uvxu6+}-^|?Vr~fyK zN5kSkI`5xpj#1t2Pj23qm3gyRGJcjT0rcm1&Vel8)slV#*8q{y2Xg}hoEIz_Oj5Nt zlgs(}5H%-o$;o5Q6Mc6LbcE<)x|(;<#K{h<)6FIDZ%0FOMJn#&kBZC)23pGc@|>qH6gVSJq-b&H3cRTK7Hvaf6(ne{p(u5 z5vp60Lm(IekI6EhH5}=w4XE@DR3GNHnpIUK!N*dn1zlodLX%KgKPBGY&yFG1RQI60 zysQ3p^;9K&6iQZYrTL+sR4UcA4MEuWnx{WxU_wB;-jsNO+rcA;cMMNYJ^0V-V{OtPi ziy%}KjhU(fJOqOPjy;{*tbB+>c!Lq5s5>;lFlGG#EQ82bcxIqxxWkcUS+hW8q^LnQ z7KeBTw34dU^4eu>yA!OOej`;~-C^S$t|;~$N`X2ZQOM;=7IP6}xSwgsc$}e52p$!l$33=DGh*7KlLOs&6oJeA zmAzrGDucr2zG2YXO?OLlPGk7dSrtmHfn{8rfZ3@o_Szp2=V4hNzjRK5Fh>NW(J&A3 zCby656S7+xoWC9Kzb=}lsYukjQdw8=Oi-^BDPYD`a?34Dtc2Dn5pgrhf|bjAq{i*< zCARfvl5v19ZDy3Di_JC}+*~&Zd@P4gLZU_WX7ao4?~9af*U5!4F08z1oW4$9QlS-z zDSc!K9fZdkC2bp;wh*C}y6X^^iUn{goeW*}H;ae;79=3by{ zy|96BU2ZRLu;rC2J|@ho@Bj&>8a=94>EZRxaai!#%3lMqE^cm}Zf{SoI;Vx5b%1A6 zw=RVnvM&1T_^lxePrW^EZePqjkBe3AP|V5t%Y?gpvI}l};x}E=>#d$=9K@{6UH-<< zwwmAiu4EEzFPnG=-An=bu%cW$++lhdl0wfcj{DQae zE`}ksUq)K|LP>A@yT;E=cxczxIgsU%LS|xfhkGK6uXtznN^l z=4W2X-lrw=jNqx%r)kMm%MA_Cph-K>nQ5TzfEr;Ad?L1Hf~~F7=M*E6!e_3DEfMoS z-~K}8j zQ|XUi;scFltPcs~iR9So3hENb%&_@!#&bNNyXo7FTdv3M>9_35$4Adsz&xvT%jQzq zvTUMgg{4u3Nz5(VJ-vr&cE07wTKdwe!$w<7bp`MQX?AkOTH*ky`i)O&G|k#~em$vW^mNNH2vb*|)O-r3YUgzvK`V0zNvthyJ8h4+si>Rhd4k|ulxS-VyPt9RYFgr9Hw3%59eh?(DoHyOm>SNbjvZk_f77mksaKyh8~}E*D%+ zI_}-H^DbwDK|0>K-MX?fsP|;rg%m)TyFd^zuLyr7;jH34>sx6~HQ_vqQ=N|%f4=0M z6tCp;lH*;XM>YLa;|X9-^O}lRHua?Bo&}`-mgS?5RCBC)Z|M>5 zqn!#I0)2Zc_L1zVNO02|)V=%hR`D+VQOyCQ10lYZyi3|H z`T~9LdO-ZzMOtCgyjrlB^&u$4zhIG>N$1brE}wFO5Y#opkw}7IiG{-c3ns=Hj=O0C z!FI%-+5P_)8d#>ZIS=QFonY~WLTCO5qghhix$K9GBvG)W{bB#cXmk1lkKH7($ZuqY zAhiF+D*b#nZmg+0vQ7}@j)>d;38NONTYB8vGGvP&oP1FiRUM;gDKR|OixSb&e@v}X z%m;|<5x4~5>x-=*{|iPvQWTr4Kaj{E;RJ=^{*AFtDbo$kLpw4UQw@)O&h*@qfXHDs z#r`C`gp-7-k>~t$dR|AZTXL_lophBAcbRm#A7V!BUSpi5(rSqX%-Z%qPX3?sY#lL{ z7eU-RGOeip2@Der_aoU~xib`ZaNa`yfibFd8!mS#Lpdxo=wLzp|AM;Li*EeDa03~9 zxX_SXZ02vV`X;KS@0$O z{|oiZtH5%mM3sDHGjxsM|3GqPqW4j>`6PTpec%SR$|lMGhBZ@>vbnNGvPzLMhj`4UVJCXScqMbiB=vuxT)ViDx=NyAuKeGyNTn)i zSFSfJxc>3)$$zABQCMvpOJDUC17C$$(rIPibr==zp?J@nS(o zaW{#xX*r3_So)mplMDxv&kEiD3!c(r3iU~}gfM{pK^54cW`oZFgAf_VrOGxV}vIs7m*c( G|Nj7+!S4zH literal 0 HcmV?d00001 diff --git a/workspace/drafts/act/draft-nennemann-act-01.txt b/workspace/drafts/act/draft-nennemann-act-01.txt new file mode 100644 index 0000000..bb34229 --- /dev/null +++ b/workspace/drafts/act/draft-nennemann-act-01.txt @@ -0,0 +1,2296 @@ + + + + +Network Working Group C. Nennemann +Internet-Draft Independent Researcher +Intended status: Standards Track 12 April 2026 +Expires: 14 October 2026 + + + Agent Context Token (ACT) + draft-nennemann-act-01 + +Abstract + + This document defines the Agent Context Token (ACT), a self-contained + JWT-based format that captures the full invocation context of an + autonomous AI agent — its capabilities, constraints, delegation + provenance, oversight requirements, task metadata, and DAG position — + and unifies authorization and execution accountability in a single + token lifecycle. An ACT begins as a signed authorization mandate and + transitions into a tamper-evident execution record once the agent + completes its task, appending cryptographic hashes of inputs and + outputs and linking to predecessor tasks via a directed acyclic graph + (DAG). ACT requires no Authorization Server, no workload identity + infrastructure, and no transparency service for basic operation. + Trust is bootstrapped via pre-shared keys and is upgradeable to PKI + or Decentralized Identifiers (DIDs). ACT is designed for cross- + organizational agent federation in regulated and unregulated + environments alike. ACT is the general-purpose agent context + primitive; the WIMSE Execution Context Token (ECT) + [I-D.nennemann-wimse-ect] is a sibling profile specialized for + workload-identity-bound execution recording in WIMSE deployments. + +Status of This Memo + + This Internet-Draft is submitted in full conformance with the + provisions of BCP 78 and BCP 79. + + Internet-Drafts are working documents of the Internet Engineering + Task Force (IETF). Note that other groups may also distribute + working documents as Internet-Drafts. The list of current Internet- + Drafts is at https://datatracker.ietf.org/drafts/current/. + + Internet-Drafts are draft documents valid for a maximum of six months + and may be updated, replaced, or obsoleted by other documents at any + time. It is inappropriate to use Internet-Drafts as reference + material or to cite them other than as "work in progress." + + This Internet-Draft will expire on 14 October 2026. + + + + + +Nennemann Expires 14 October 2026 [Page 1] + +Internet-Draft ACT April 2026 + + +Copyright Notice + + Copyright (c) 2026 IETF Trust and the persons identified as the + document authors. All rights reserved. + + This document is subject to BCP 78 and the IETF Trust's Legal + Provisions Relating to IETF Documents (https://trustee.ietf.org/ + license-info) in effect on the date of publication of this document. + Please review these documents carefully, as they describe your rights + and restrictions with respect to this document. Code Components + extracted from this document must include Revised BSD License text as + described in Section 4.e of the Trust Legal Provisions and are + provided without warranty as described in the Revised BSD License. + +Table of Contents + + 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 4 + 1.1. Problem Statement . . . . . . . . . . . . . . . . . . . . 4 + 1.2. Design Goals . . . . . . . . . . . . . . . . . . . . . . 5 + 1.3. Non-Goals . . . . . . . . . . . . . . . . . . . . . . . . 5 + 1.4. Relationship to Related Work . . . . . . . . . . . . . . 6 + 1.4.1. Concurrent Agent Authorization Proposals . . . . . . 6 + 1.5. Applicability . . . . . . . . . . . . . . . . . . . . . . 8 + 1.5.1. Model Context Protocol (MCP) Tool-Use Flows . . . . . 8 + 1.5.2. OpenAI Agents SDK and Function Calling . . . . . . . 9 + 1.5.3. LangGraph and LangChain Agent Graphs . . . . . . . . 9 + 1.5.4. Google Agent2Agent (A2A) Protocol . . . . . . . . . . 10 + 1.5.5. Enterprise Orchestration Without WIMSE (CrewAI, + AutoGen) . . . . . . . . . . . . . . . . . . . . . . 11 + 1.5.6. Relationship to WIMSE ECT . . . . . . . . . . . . . . 11 + 2. Conventions and Definitions . . . . . . . . . . . . . . . . . 12 + 3. ACT Lifecycle . . . . . . . . . . . . . . . . . . . . . . . . 12 + 3.1. Phase 1: Authorization Mandate . . . . . . . . . . . . . 13 + 3.2. Phase 2: Execution Record . . . . . . . . . . . . . . . . 13 + 3.3. Lifecycle State Machine . . . . . . . . . . . . . . . . . 14 + 4. ACT Token Format . . . . . . . . . . . . . . . . . . . . . . 15 + 4.1. JOSE Header . . . . . . . . . . . . . . . . . . . . . . . 15 + 4.2. JWT Claims: Authorization Phase . . . . . . . . . . . . . 15 + 4.2.1. Standard JWT Claims . . . . . . . . . . . . . . . . . 15 + 4.2.2. ACT Authorization Claims . . . . . . . . . . . . . . 16 + 4.3. JWT Claims: Execution Phase . . . . . . . . . . . . . . . 19 + 4.4. Complete Examples . . . . . . . . . . . . . . . . . . . . 20 + 4.4.1. Example: Phase 1 — Authorization Mandate . . . . . . 20 + 4.4.2. Example: Phase 2 — Execution Record (same token, + re-signed by target agent) . . . . . . . . . . . . . 21 + 5. Trust Model . . . . . . . . . . . . . . . . . . . . . . . . . 22 + 5.1. Tier 0: Bootstrap (TOFU — Trust On First Use) . . . . . . 22 + 5.2. Tier 1: Pre-Shared Keys (Mandatory-to-Implement) . . . . 23 + + + +Nennemann Expires 14 October 2026 [Page 2] + +Internet-Draft ACT April 2026 + + + 5.3. Tier 2: PKI / X.509 . . . . . . . . . . . . . . . . . . . 23 + 5.4. Tier 3: Decentralized Identifiers (DID) . . . . . . . . . 23 + 5.5. Cross-Tier Interoperability . . . . . . . . . . . . . . . 24 + 6. Delegation Chain . . . . . . . . . . . . . . . . . . . . . . 24 + 6.1. Peer-to-Peer Delegation . . . . . . . . . . . . . . . . . 24 + 6.2. Privilege Reduction Requirements . . . . . . . . . . . . 25 + 6.3. Delegation Verification . . . . . . . . . . . . . . . . . 25 + 7. DAG Structure and Causal Ordering . . . . . . . . . . . . . . 26 + 7.1. DAG Validation . . . . . . . . . . . . . . . . . . . . . 26 + 7.2. Root Tasks and Fan-in . . . . . . . . . . . . . . . . . . 26 + 7.3. DAG vs Linear Delegation Chains . . . . . . . . . . . . . 27 + 7.3.1. What Linear Chains Express Well . . . . . . . . . . . 27 + 7.3.2. Limitations of Linear Chains . . . . . . . . . . . . 27 + 7.3.3. ACT's DAG Approach . . . . . . . . . . . . . . . . . 28 + 7.3.4. Verifiability Implications . . . . . . . . . . . . . 28 + 7.3.5. Interoperability with Linear-Chain Designs . . . . . 29 + 8. Verification Procedure . . . . . . . . . . . . . . . . . . . 29 + 8.1. Authorization Phase Verification . . . . . . . . . . . . 29 + 8.2. Execution Phase Verification . . . . . . . . . . . . . . 30 + 9. Transport . . . . . . . . . . . . . . . . . . . . . . . . . . 30 + 9.1. HTTP Header Transport . . . . . . . . . . . . . . . . . . 30 + 9.2. Non-HTTP Transports . . . . . . . . . . . . . . . . . . . 31 + 10. Audit Ledger Interface . . . . . . . . . . . . . . . . . . . 31 + 11. Security Considerations . . . . . . . . . . . . . . . . . . . 31 + 11.1. Threat Model . . . . . . . . . . . . . . . . . . . . . . 31 + 11.2. Self-Assertion Limitation . . . . . . . . . . . . . . . 32 + 11.3. Key Compromise . . . . . . . . . . . . . . . . . . . . . 33 + 11.4. Replay Attack Prevention . . . . . . . . . . . . . . . . 33 + 11.5. Equivocation . . . . . . . . . . . . . . . . . . . . . . 33 + 11.6. Privilege Escalation . . . . . . . . . . . . . . . . . . 34 + 11.7. Denial of Service . . . . . . . . . . . . . . . . . . . 34 + 12. Privacy Considerations . . . . . . . . . . . . . . . . . . . 34 + 13. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 35 + 13.1. Media Type Registration . . . . . . . . . . . . . . . . 35 + 13.2. HTTP Header Field Registration . . . . . . . . . . . . . 35 + 13.3. JWT Claims Registration . . . . . . . . . . . . . . . . 36 + 14. References . . . . . . . . . . . . . . . . . . . . . . . . . 37 + 14.1. Normative References . . . . . . . . . . . . . . . . . . 37 + 14.2. Informative References . . . . . . . . . . . . . . . . . 37 + Appendix A: Complete JSON Schema . . . . . . . . . . . . . . . . 40 + Appendix B: Test Vectors . . . . . . . . . . . . . . . . . . . . 40 + B.1. Valid Phase 1 ACT — Root Mandate (Tier 1, Pre-Shared + Key) . . . . . . . . . . . . . . . . . . . . . . . . . . 40 + B.2. Valid Phase 2 ACT — Completed Execution . . . . . . . . . 40 + B.3. Valid Phase 2 ACT — Fan-in (Multiple Parents) . . . . . . 40 + B.4. Invalid ACT — Delegation Depth Exceeded . . . . . . . . . 40 + B.5. Invalid ACT — Capability Escalation . . . . . . . . . . . 40 + B.6. Invalid ACT — exec_act Mismatch . . . . . . . . . . . . . 40 + + + +Nennemann Expires 14 October 2026 [Page 3] + +Internet-Draft ACT April 2026 + + + Appendix C: Deployment Scenarios . . . . . . . . . . . . . . . . 40 + C.1. Minimal Deployment (Zero Infrastructure) . . . . . . . . 41 + C.2. Regulated Deployment with Hash-Chained Ledger . . . . . . 41 + C.3. High-Assurance Cross-Organizational Deployment . . . . . 41 + C.4. WIMSE Environment Integration . . . . . . . . . . . . . . 41 + Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . . 41 + Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 41 + +1. Introduction + + Autonomous AI agents increasingly operate across organizational + boundaries, executing multi-step workflows where individual tasks are + delegated from one agent to another. These workflows create two + distinct, inseparable compliance requirements: + + 1. *Authorization*: was the agent permitted to perform the action, + under what constraints, and by whose authority? + + 2. *Accountability*: what did the agent actually do, with what + inputs, producing what outputs, in what causal relationship to + prior tasks? + + Existing specifications address these requirements in isolation. The + Agent Authorization Profile (AAP) [I-D.aap-oauth-profile] provides + structured authorization via OAuth 2.0 but requires a central + Authorization Server. The WIMSE Execution Context Token + [I-D.nennemann-wimse-ect] provides execution accountability but + requires WIMSE workload identity infrastructure (SPIFFE/SPIRE). + + This document defines the Agent Context Token (ACT), which addresses + both requirements in a single, self-contained token that requires no + shared infrastructure beyond the ability to verify asymmetric + signatures. The word "Context" in the name reflects what the token + carries: the complete invocation context of an agent — DAG + references, task metadata, capabilities, delegation chain, and + oversight claims — bound together in one cryptographically verifiable + envelope. ACT is positioned as the general agent context primitive, + with the WIMSE Execution Context Token (ECT) + [I-D.nennemann-wimse-ect] as a sibling profile specialized for + workload-identity-bound execution contexts in WIMSE deployments. + +1.1. Problem Statement + + Cross-organizational agent federation today faces a bootstrapping + problem: deploying shared OAuth infrastructure or a common SPIFFE + trust domain requires organizational agreement before the first + message is exchanged. In practice this means either: + + + + +Nennemann Expires 14 October 2026 [Page 4] + +Internet-Draft ACT April 2026 + + + (a) agents operate without cryptographic authorization or audit + trails, relying on application-layer access control only; or + + (b) organizations adopt one party's identity infrastructure, creating + a hub-and-spoke dependency that contradicts the decentralized nature + of agent networks. + + ACT solves this by making pre-shared keys the mandatory-to-implement + trust baseline — two agents can begin a secure, auditable interaction + with nothing more than an out-of-band key exchange — while providing + a clean upgrade path to PKI or DID-based trust without changing the + token format. + +1.2. Design Goals + + * *G1 — Zero infrastructure baseline*: ACT MUST be deployable with + no shared servers, no common identity provider, and no + transparency service. + + * *G2 — Single token lifecycle*: Authorization and accountability + MUST be expressed in the same token format to prevent + authorization-accountability gaps. + + * *G3 — Peer-to-peer delegation*: Delegation chains MUST be + verifiable without contacting an Authorization Server, using + cryptographic chaining of agent signatures. + + * *G4 — DAG-native causal ordering*: Workflows with parallel + branches and fan-in dependencies MUST be expressible natively, + without flattening to a linear chain. + + * *G5 — Cross-organizational interoperability*: ACTs issued by + agents in different trust domains MUST be verifiable by any + participant holding the issuing agent's public key. + + * *G6 — Regulatory applicability*: ACT MUST provide sufficient + evidence for audit requirements in DORA [DORA], EU AI Act Article + 12 [EUAIA], and IEC 62304 [IEC62304] without requiring additional + log formats. + + * *G7 — Upgrade path*: The trust model MUST support migration from + pre-shared keys to PKI or DID without breaking existing ACT + chains. + +1.3. Non-Goals + + The following are explicitly out of scope: + + + + +Nennemann Expires 14 October 2026 [Page 5] + +Internet-Draft ACT April 2026 + + + * Defining internal AI model behavior or decision logic. + + * Replacing organizational security policies or procedures. + + * Defining storage formats for audit ledgers. + + * Specifying token revocation infrastructure (deployments MAY use + existing mechanisms such as [RFC7009] for this purpose). + + * Providing non-equivocation guarantees in standalone mode (see + Section 11.5 for the equivocation discussion and optional + transparency anchoring). + +1.4. Relationship to Related Work + + *AAP [I-D.aap-oauth-profile]*: ACT addresses the same authorization + problem as AAP but does not require an Authorization Server. ACT + delegation is peer-to-peer via cryptographic signature chaining; AAP + delegation requires OAuth Token Exchange [RFC8693] against a central + AS. ACT is not a profile of AAP; it is an infrastructure-independent + alternative for the same problem class. + + *WIMSE ECT [I-D.nennemann-wimse-ect]*: ACT addresses the same + execution accountability problem as the WIMSE Execution Context Token + but does not require WIMSE workload identity infrastructure. ACT is + not a profile of WIMSE; it is deployable in environments without + SPIFFE/SPIRE. In environments where WIMSE is deployed, ACT MAY be + carried alongside WIMSE tokens to augment accountability with + authorization provenance. + + *SCITT [I-D.ietf-scitt-architecture]*: For deployments requiring non- + equivocation guarantees (see Section 11.5), ACT execution records MAY + be anchored to a SCITT Transparency Service as a Layer 2 mechanism. + This is OPTIONAL and not required for basic ACT operation. Note: The + SCITT architecture draft is currently in AUTH48 (RFC Editor queue) at + version -22 and is about to become an RFC; readers should use the RFC + number once assigned. + +1.4.1. Concurrent Agent Authorization Proposals + + Several concurrent proposals in the IETF and academic communities + address overlapping portions of the agent authorization problem + space. This subsection situates ACT relative to those proposals. + Protocol-layer comparison of linear versus DAG delegation structure + is deferred to Section 7.3; the summaries below focus on scope and + deployability. + + + + + +Nennemann Expires 14 October 2026 [Page 6] + +Internet-Draft ACT April 2026 + + + *AIP / IBCTs [AIP-IBCT]*: The Agent Interaction Protocol proposes + Interaction-Bound Capability Tokens in two modes: compact signed JWTs + for single-hop invocation and Biscuit/Datalog tokens for multi-hop + delegation, motivated by a survey of approximately 2,000 Model + Context Protocol servers that found no authorization enforcement. + ACT addresses the same problem class but relies exclusively on JWT/ + JOSE throughout (no Biscuit or Datalog dependency), defines an + explicit two-phase lifecycle separating authorization (Mandate) from + proof-of-execution (Record), and supports DAG delegation structure. + IBCTs are modeled as append-only chains at the protocol layer; ACT + operates at the authorization graph layer with revocable lifecycle + states. + + *SentinelAgent [SentinelAgent]*: SentinelAgent defines a formal + Delegation Chain Calculus with seven verifiable properties, a TLA+ + mechanization, and reports 100% true-positive and 0% false-positive + rates against the DelegationBench v4 benchmark. It addresses the + same accountability question as ACT — namely, which principal + authorized a given chain of actions. The differentiator is + deployment substrate: SentinelAgent expresses its guarantees in a + domain-specific formal calculus, whereas ACT encodes the same + invariants in IETF-standard JWT infrastructure (RFC 7519, RFC 7515, + RFC 8032) already deployable in existing OAuth- and JOSE-aware + stacks. + + *Agentic JWT [AgenticJWT]*: Agentic JWT derives a per-agent identity + as a one-way hash of the agent's prompt, registered tools, and + configuration, and chains delegation assertions across invocations. + It is the closest prior-art JWT-based construction for agentic + delegation. ACT differs in that it adds an explicit two-phase + lifecycle — separating the authorization mandate from the proof-of- + execution record — and expresses delegation as a DAG via the array- + valued pred claim rather than a strictly linear chain. + + *OAuth Transaction Tokens for Agents + [I-D.oauth-transaction-tokens-for-agents]*: This draft extends OAuth + Transaction Tokens with an actchain claim (an ordered delegation + array), an agentic_ctx claim conveying intent and constraints, and + flow-type markers distinguishing interactive from autonomous + invocations. It is complementary to ACT at the OAuth layer. The + primary differentiators are topology and infrastructure dependency: + Transaction Tokens for Agents presume an OAuth Authorization Server + and use a linear actchain, whereas ACT operates peer-to-peer without + any AS and uses a DAG-valued pred. A detailed differencing document + is referenced in Section 11. + + + + + + +Nennemann Expires 14 October 2026 [Page 7] + +Internet-Draft ACT April 2026 + + + *Helixar Delegation Protocol (HDP) + [I-D.helixar-hdp-agentic-delegation]*: HDP specifies Ed25519 + signatures over RFC 8785-canonicalized JSON, an append-only linear + delegation chain with session binding, and offline verification. ACT + addresses the same problem but is encoded in JWT/JOSE (aligning with + the broader IETF token ecosystem) rather than raw canonical JSON, and + its pred claim admits DAG topologies rather than strictly linear + chains. + + *SCITT Profile for AI Agent Execution Records + [I-D.emirdag-scitt-ai-agent-execution]*: This draft defines a SCITT + profile in which AgentInteractionRecord (AIR) payloads are carried as + COSE_Sign1 statements anchored to a SCITT Transparency Service. It + is highly complementary to ACT: where ACT defines the two-phase + lifecycle token issued and consumed by agents at runtime, the SCITT + AI Agent Execution draft defines the payload format suitable for + long-term anchoring. Implementations that anchor Phase 2 ACTs to + SCITT (Section 11) SHOULD consider the AIR payload structure defined + in that draft as the canonical encoding for anchored records. + +1.5. Applicability + + ACT is designed as a general-purpose primitive for AI agent + authorization and execution accountability. While a sibling + specification [I-D.nennemann-wimse-ect] profiles execution context + tokens specifically for the WIMSE working group's workload identity + infrastructure, ACT operates without any shared identity plane. This + section identifies deployment contexts where ACT applies + independently of WIMSE, and clarifies how ACT complements — rather + than competes with — ecosystem-specific agent protocols. + +1.5.1. Model Context Protocol (MCP) Tool-Use Flows + + The Model Context Protocol [MCP-SPEC] defines a client-server + interface by which LLM hosts invoke external tools via structured + JSON-RPC calls. MCP 2025-11-25 mandates OAuth 2.1 for transport- + layer authentication, but provides no mechanism for carrying per- + invocation authorization constraints or for producing a tamper- + evident record of what arguments were passed and what result was + returned. + + ACT addresses this gap as follows: when an MCP host is about to + dispatch a tool call on behalf of an agent, it SHOULD issue a Phase 1 + ACT Mandate encoding the permitted tool name (e.g., as a capability + constraint), the declaring scope, and any parameter-level constraints + applicable to that invocation. The MCP server, upon receiving the + request, MAY validate the ACT Mandate and, upon completing the tool + execution, SHOULD transition the token to Phase 2 by appending + + + +Nennemann Expires 14 October 2026 [Page 8] + +Internet-Draft ACT April 2026 + + + SHA-256 hashes of the serialized input arguments and the JSON + response, then re-sign. The resulting Phase 2 ACT constitutes an + unforgeable record that a specific tool was called with specific + arguments and returned a specific result, independently of MCP's + OAuth layer. + + This integration requires no modification to MCP transport; the ACT + SHOULD be carried in the ACT-Mandate and ACT-Record HTTP headers + defined in Section 9.1 of this document. + +1.5.2. OpenAI Agents SDK and Function Calling + + The OpenAI Agents SDK [OPENAI-AGENTS-SDK] enables composition of + agents via handoffs — structured transfers of control from one agent + to another, each potentially invoking registered function tools. The + SDK provides no built-in mechanism for a receiving agent to verify + that the handoff was authorized by a named principal, nor for the + invoking agent to produce a verifiable record of what functions it + called. + + ACT is applicable at the handoff boundary: the orchestrating agent + SHOULD issue a Phase 1 ACT Mandate to the receiving agent at the + moment of handoff, encoding the permitted function set as capability + constraints and the maximum privilege the receiving agent MAY + exercise. The receiving agent SHOULD attach its Phase 2 ACT Record + to any callback or downstream response, providing the orchestrator + with cryptographic evidence of the actions taken. In multi-turn + chains involving multiple handoffs, the DAG linkage (Section 7) + allows each handoff to be expressed as a parent-child edge, + preserving the full causal ordering of the agent invocation sequence. + + Implementations that use the OpenAI function calling API directly, + without the Agents SDK, MAY apply ACT at the application layer: the + calling process issues a Phase 1 ACT before the function call + parameter block is finalized, and the receiving function handler + returns a Phase 2 ACT alongside its JSON result. + +1.5.3. LangGraph and LangChain Agent Graphs + + LangGraph [LANGGRAPH] models agent workflows as typed StateGraphs in + which nodes represent agent invocations or tool calls and edges + represent conditional transitions. The DAG structure of ACT + (Section 7) is a natural fit for this model: each LangGraph node that + performs an observable action corresponds to exactly one ACT task + identifier (tid), and directed edges in the LangGraph correspond to + pred (predecessor) references in successor ACTs. + + + + + +Nennemann Expires 14 October 2026 [Page 9] + +Internet-Draft ACT April 2026 + + + ACT is applicable at the node boundary: when a LangGraph node + dispatches a sub-agent or invokes a tool with side effects, it SHOULD + issue a Phase 1 ACT Mandate encoding the node's permitted actions + before any external call is made. Upon transition out of the node, a + Phase 2 ACT Record SHOULD be produced and attached to the LangGraph + state object alongside the node's output. Downstream nodes that fan- + in from multiple predecessors MAY retrieve the set of parent ACT + identifiers from the shared state to populate their pred array, + thereby expressing LangGraph's fan-in semantics within the ACT DAG + without any additional infrastructure. + + In contrast to LangGraph's built-in state audit trail, which is + mutable in-process memory, Phase 2 ACTs are cryptographically signed + and portable: they can be exported from a LangGraph run and submitted + to an external audit ledger, satisfying compliance requirements that + cannot be met by in-process logging alone. + +1.5.4. Google Agent2Agent (A2A) Protocol + + The Agent2Agent protocol [A2A-SPEC] defines a task-oriented JSON-RPC + interface for inter-agent communication, with authentication + delegated to OAuth 2.0 or API key schemes declared in each agent's + Agent Card. A2A provides no mechanism for a receiving agent to + verify the authorization provenance of a task request beyond the + transport-layer credential, and produces no token that represents the + execution of the task in a verifiable, portable form. + + ACT is applicable as a session-layer accountability complement to + A2A: a client agent SHOULD include a Phase 1 ACT Mandate in the + metadata field of the A2A Task object, encoding the task type as a + capability constraint and the delegating agent's identity as the ACT + issuer. The receiving agent SHOULD validate the Mandate before + beginning task execution and SHOULD return a Phase 2 ACT Record as an + artifact in the A2A TaskResult, enabling the client agent to retain + cryptographic proof of what was executed on its behalf. + + This integration does not require modification to A2A's transport or + authentication scheme; ACT and A2A's OAuth credentials operate at + independent layers and are not redundant. A2A's credential answers + "is this client permitted to contact this server?"; the ACT Mandate + answers "is this agent permitted to request this specific task under + these constraints?". + + + + + + + + + +Nennemann Expires 14 October 2026 [Page 10] + +Internet-Draft ACT April 2026 + + +1.5.5. Enterprise Orchestration Without WIMSE (CrewAI, AutoGen) + + Enterprise orchestration frameworks such as CrewAI [CREWAI] and + AutoGen [AUTOGEN] deploy multi-agent systems within a single + organizational boundary, typically without SPIFFE/SPIRE workload + identity infrastructure. In these environments, OAuth Authorization + Servers are often unavailable or impractical to deploy for intra- + process agent communication. + + ACT is applicable in this context via its Tier 1 (pre-shared key) + trust model (Section 5.2): each agent role in a CrewAI Crew or + AutoGen ConversableAgent graph is assigned an Ed25519 keypair at + instantiation time. The orchestrating agent issues Phase 1 Mandates + to worker agents before delegating tasks, constraining each worker to + only the tools and actions relevant to its role. Worker agents + produce Phase 2 Records on task completion. The resulting ACT chain + is exportable as a structured audit trail that satisfies the per- + action logging requirements of DORA [DORA] and EU AI Act Article 12 + [EUAIA] without requiring shared infrastructure beyond the ability to + exchange public keys at deployment time. + + Implementations SHOULD NOT use ACT's self-assertion mode (where an + agent issues and records its own mandate without external sign-off) + in regulated workflows; at minimum, the orchestrating agent MUST sign + the initial Mandate so that accountability is anchored to a principal + outside the executing agent. + +1.5.6. Relationship to WIMSE ECT + + Where WIMSE infrastructure is deployed, ACT and the WIMSE Execution + Context Token [I-D.nennemann-wimse-ect] serve complementary and non- + overlapping functions. The ECT records workload-level execution in + WIMSE terms — which SPIFFE workload executed, in which trust domain, + against which service. ACT records the authorization provenance — + which agent was permitted to request which action, under what + capability constraints, by whose authority — and transitions that + authorization record into an execution record upon task completion. + + In mixed environments, both tokens SHOULD be carried simultaneously: + the Workload-Identity header carries the WIMSE ECT; the ACT-Record + header carries the ACT. Verifiers MAY correlate the two by matching + the ACT tid claim against application-layer identifiers present in + the ECT's task context. Neither token is a profile or extension of + the other; they operate at different abstraction layers and their co- + presence is additive. + + + + + + +Nennemann Expires 14 October 2026 [Page 11] + +Internet-Draft ACT April 2026 + + +2. Conventions and Definitions + + The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", + "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and + "OPTIONAL" in this document are to be interpreted as described in + BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all + capitals, as shown here. + + *Agent*: An autonomous software entity that executes tasks, issues + ACTs as mandates for sub-agents, and produces ACTs as execution + records of its own actions. + + *Authorization Mandate*: An ACT in Phase 1, encoding what an agent is + permitted to do, under what constraints, and by whose authority. + + *Execution Record*: An ACT in Phase 2, encoding what an agent + actually did, including cryptographic hashes of inputs and outputs + and causal links to predecessor tasks. + + *Directed Acyclic Graph (DAG)*: A graph structure representing task + dependency ordering where edges are directed and no cycles exist. + Used by ACT to model causal relationships between tasks in a + workflow. + + *Delegation Chain*: A cryptographically verifiable sequence of ACT + issuances from a root authority through one or more agents, each + signing a new ACT that reduces privileges relative to the one it + received. + + *Trust Tier*: A level of key management infrastructure used to + establish the public key of an ACT issuer. Tiers range from pre- + shared keys (Tier 1, mandatory) to PKI (Tier 2) and DIDs (Tier 3). + + *Workflow*: A set of related tasks, identified by a shared wid claim, + forming a single logical unit of work. + +3. ACT Lifecycle + + An ACT has a two-phase lifecycle. The same token format is used in + both phases; the presence or absence of execution claims determines + which phase a token represents. + + A token is a *Phase 2 Execution Record* if and only if the claim + exec_act is present. A token that does not contain exec_act is a + *Phase 1 Authorization Mandate*. Verifiers MUST determine the phase + before applying verification rules, and MUST reject a token that is + presented in the wrong phase for the operation being performed. + + + + +Nennemann Expires 14 October 2026 [Page 12] + +Internet-Draft ACT April 2026 + + +3.1. Phase 1: Authorization Mandate + + In Phase 1, an ACT is created by a delegating agent (or a human + operator) to authorize a target agent to perform a specific task. + The token carries: + + * The identity of the issuing agent and the target agent. + + * The capabilities granted, with associated constraints. + + * Human oversight requirements for high-impact actions. + + * The delegation provenance (who authorized the issuer to delegate). + + * A task identifier and declared purpose. + + The Phase 1 ACT is signed by the issuing agent using its private key. + The target agent receives the ACT and uses it as a bearer mandate — + evidence that it is authorized to proceed. + + Phase 1 ACTs are short-lived. Implementations SHOULD set expiration + (exp) to no more than 15 minutes after issuance (iat) for automated + agent-to-agent workflows. Longer lifetimes MAY be used for human- + initiated mandates where the agent may not act immediately. + +3.2. Phase 2: Execution Record + + Upon completing the authorized task, the executing agent MUST + transition the ACT to Phase 2 by: + + 1. Adding the exec_act claim describing the action performed. + + 2. Optionally adding inp_hash and/or out_hash SHA-256 hashes of task + inputs and outputs (RECOMMENDED for regulated environments). + + 3. Adding the pred array referencing predecessor task identifiers + (DAG dependencies). + + 4. Adding exec_ts and status claims. + + 5. Re-signing the complete token with its own private key. + + The re-signing is critical: it produces a new signature over the + combined authorization + execution claims, binding the executing + agent's cryptographic identity to both the mandate it received and + the execution it performed. This creates a single, non-repudiable + record that answers both "was this agent authorized?" and "what did + it do?" + + + +Nennemann Expires 14 October 2026 [Page 13] + +Internet-Draft ACT April 2026 + + + Note on issuer signature preservation: re-signing replaces the Phase + 1 signature produced by the issuing agent (iss). The integrity of + the original mandate is preserved through the del.chain mechanism: + the chain entry's sig field is the iss agent's signature over the + Phase 1 ACT, and this signature remains intact and verifiable in the + Phase 2 token. For root mandates where del.chain is empty, the + issuer's signature is not independently preserved in Phase 2. + Deployments requiring independent verifiability of the original + mandate SHOULD retain the Phase 1 ACT separately alongside the Phase + 2 record. + + The resulting Phase 2 ACT SHOULD be submitted to an audit ledger + (Section 10) and MAY be sent to the next agent in the workflow as + evidence of completed prerequisites. + +3.3. Lifecycle State Machine + + [Issuer creates Phase 1 ACT] + | + | sign(issuer_key) + v + +------------------+ + | MANDATE | Phase 1: Authorization Mandate + | (unsigned by | Carried as bearer token by target agent + | target agent) | + +------------------+ + | + | Target agent executes task + | adds exec_act, inp_hash, out_hash, pred + | re-signs with target_agent_key + v + +------------------+ + | RECORD | Phase 2: Execution Record + | (signed by | Submitted to ledger, passed to next agent + | target agent) | + +------------------+ + | + | (optional) anchor to SCITT Transparency Service + v + +------------------+ + | ANCHORED | Phase 2 + external non-equivocation + +------------------+ + + + + + + + + + +Nennemann Expires 14 October 2026 [Page 14] + +Internet-Draft ACT April 2026 + + +4. ACT Token Format + + An ACT is a JSON Web Token [RFC7519] signed as a JSON Web Signature + [RFC7515] using JWS Compact Serialization. All ACTs MUST use JWS + Compact Serialization to ensure they can be carried in a single HTTP + header value. + +4.1. JOSE Header + + The ACT JOSE header MUST contain: + + { + "alg": "ES256", + "typ": "act+jwt", + "kid": "agent-a-key-2026-03" + } + + *alg* (REQUIRED): The digital signature algorithm. Implementations + MUST support ES256 [RFC7518]. EdDSA (Ed25519) [RFC8037] is + RECOMMENDED for new deployments due to smaller signatures and + resistance to side-channel attacks. Symmetric algorithms (HS256, + HS384, HS512) MUST NOT be used. The "alg" value MUST NOT be "none". + + *typ* (REQUIRED): MUST be "act+jwt" to distinguish ACTs from other + JWT types. + + *kid* (REQUIRED): An identifier for the signing key. In Tier 1 + deployments (pre-shared keys), this is an opaque string agreed out- + of-band. In Tier 2 deployments (PKI), this is the X.509 certificate + thumbprint. In Tier 3 deployments (DID), this is the DID key + fragment (e.g., did:key:z6Mk...#key-1). + + *x5c* (OPTIONAL): In Tier 2 deployments, the X.509 certificate chain + MAY be included to enable verification without out-of-band key + distribution. + + *did* (OPTIONAL): In Tier 3 deployments, the full DID of the issuing + agent MAY be included for resolution. + +4.2. JWT Claims: Authorization Phase + +4.2.1. Standard JWT Claims + + *iss* (REQUIRED): The identifier of the agent issuing the mandate. + Format depends on trust tier: an opaque string (Tier 1), an X.509 + Subject DN (Tier 2), or a DID (Tier 3). + + + + + +Nennemann Expires 14 October 2026 [Page 15] + +Internet-Draft ACT April 2026 + + + *sub* (REQUIRED): The identifier of the agent authorized to act. + MUST use the same format convention as iss. + + *aud* (REQUIRED): The intended recipient(s). MUST include the + identifier of the target agent (sub). When an audit ledger is + deployed, MUST also include the ledger's identifier. When multiple + recipients are present, MUST be an array. Verifiers that are audit + ledgers MUST verify that their own identifier appears in aud. + + *iat* (REQUIRED): Issuance time as a NumericDate [RFC7519]. + + *exp* (REQUIRED): Expiration time. Implementations SHOULD set to no + more than 15 minutes after iat for automated workflows. + + *jti* (REQUIRED): A UUID [RFC9562] uniquely identifying this ACT and, + in Phase 2, the task it records. Used as the task identifier for DAG + predecessor references in pred. + +4.2.2. ACT Authorization Claims + + *wid* (OPTIONAL): A UUID identifying the workflow to which this task + belongs. When present, groups related ACTs and scopes jti uniqueness + to the workflow. + + *task* (REQUIRED): An object describing the authorized task: + + { + "task": { + "purpose": "validate_patient_dosage", + "data_sensitivity": "restricted", + "created_by": "operator:clinical-admin-01", + "expires_at": 1772064750 + } + } + + * purpose (REQUIRED): A string describing the intended task. + Implementations SHOULD use a controlled vocabulary or reverse- + domain notation (e.g., "com.example.validate_dosage") to enable + semantic consistency checking by the receiving agent. + + * data_sensitivity (OPTIONAL): One of "public", "internal", + "confidential", "restricted". Receiving agents MUST NOT perform + actions that would expose data above this classification. + + * created_by (OPTIONAL): An identifier for the human or system that + initiated the workflow. SHOULD be pseudonymous (see Section 12). + + + + + +Nennemann Expires 14 October 2026 [Page 16] + +Internet-Draft ACT April 2026 + + + * expires_at (OPTIONAL): A NumericDate after which the task mandate + is no longer valid, independent of exp. + + *cap* (REQUIRED): An array of capability objects, each specifying an + action the agent is authorized to perform and the constraints under + which it may do so: + + { + "cap": [ + { + "action": "read.patient_record", + "constraints": { + "patient_id_scope": "current_task_only", + "max_records": 1, + "data_classification_max": "restricted" + } + }, + { + "action": "write.dosage_recommendation", + "constraints": { + "status": "draft_only" + } + } + ] + } + + Action names MUST conform to the ABNF grammar: + + action-name = component *( "." component ) + component = ALPHA *( ALPHA / DIGIT / "-" / "_" ) + + Receiving agents MUST perform exact string matching on action names. + Wildcard matching is NOT part of this specification. + + When multiple capabilities match the same action, OR semantics apply: + if ANY capability grants the action, the request is authorized + subject to that capability's constraints. When multiple constraints + exist within a single capability, AND semantics apply: ALL + constraints MUST be satisfied. When the same constraint key appears + in both a capability-level and a policy-level context, the more + restrictive value applies: lower numeric limits, narrower allow-lists + (intersection), broader block-lists (union), and narrower time + windows. + + *oversight* (OPTIONAL): Human oversight requirements: + + + + + + +Nennemann Expires 14 October 2026 [Page 17] + +Internet-Draft ACT April 2026 + + + { + "oversight": { + "requires_approval_for": ["write.publish", "execute.payment"], + "approval_ref": "https://approval.example.com/workflow/w-123" + } + } + + When requires_approval_for lists an action, the receiving agent MUST + NOT execute that action autonomously. The approval mechanism is out + of scope for this specification. + + *del* (OPTIONAL): Delegation provenance, establishing the chain of + authority from the root mandate to this ACT. If del is absent, the + ACT MUST be treated as a root mandate with depth = 0 and further + delegation is not permitted (i.e., the receiving agent MUST NOT issue + sub-mandates based on this ACT). + + { + "del": { + "depth": 1, + "max_depth": 3, + "chain": [ + { + "delegator": "did:key:z6MkhaXgBZDvotDkL5257faiztiGiC2QtKLGpbnnEGta2doK", + "jti": "550e8400-e29b-41d4-a716-446655440000", + "sig": "base64url-encoded-signature-of-parent-act-hash" + } + ] + } + } + + * depth: The current delegation depth. 0 means this is a root + mandate issued by a human or root authority. + + * max_depth: The maximum permitted delegation depth. Receiving + agents MUST NOT issue sub-mandates that would exceed this depth. + + * chain: An array of delegation provenance records ordered from root + to immediate parent (chain[0] is the root authority, chain[depth- + 1] is the direct parent of this ACT). Each entry contains: + + - delegator: The identifier of the agent that authorized this + delegation step (i.e., the iss of the parent ACT at that + depth). + + - jti: The jti of the parent ACT that authorized this delegation + step. + + + + +Nennemann Expires 14 October 2026 [Page 18] + +Internet-Draft ACT April 2026 + + + - sig: The delegating agent's signature over the SHA-256 hash of + that parent ACT, providing cryptographic linkage without + requiring the full parent ACT to be transmitted. + + The sig field in each chain entry is the critical departure from + AAP's delegation model: rather than requiring a central AS to + validate the chain, any verifier holding the delegating agent's + public key can independently verify each step by recomputing the hash + and checking the signature. + +4.3. JWT Claims: Execution Phase + + The following claims are added by the executing agent when + transitioning to Phase 2. Their presence distinguishes an Execution + Record from an Authorization Mandate. + + *exec_act* (REQUIRED in Phase 2): A string identifying the action + actually performed. MUST conform to the same ABNF grammar as + capability action names. MUST match one of the action values in the + cap array of the Phase 1 claims. + + *pred* (REQUIRED in Phase 2): An array of jti values of predecessor + tasks in the DAG. An empty array indicates a root task. Each value + MUST be the jti of a previously verified ACT (Phase 2) within the + same workflow (same wid) or the global ACT store if wid is absent. + + *inp_hash* (OPTIONAL): The base64url encoding (without padding) of + the SHA-256 hash of the task's input data, computed over the raw + octets of the serialized input. Provides cryptographic evidence of + what data the agent processed. + + *out_hash* (OPTIONAL): The base64url encoding (without padding) of + the SHA-256 hash of the task's output data, using the same format as + inp_hash. Provides cryptographic evidence of what data the agent + produced. + + *exec_ts* (REQUIRED in Phase 2): A NumericDate recording the actual + time of task execution. MAY differ from iat when the agent queued + the mandate before execution. MUST be greater than or equal to iat. + SHOULD be less than or equal to exp; execution after mandate expiry + is possible when tasks are long-running and MUST NOT cause automatic + rejection, but implementors SHOULD log a warning. + + *status* (REQUIRED in Phase 2): One of "completed", "failed", + "partial". Allows audit systems to distinguish successful execution + from partial or failed attempts, which is essential for regulated + environments where failed attempts must be recorded. + + + + +Nennemann Expires 14 October 2026 [Page 19] + +Internet-Draft ACT April 2026 + + + *err* (OPTIONAL, present when status is "failed" or "partial"): An + object providing error context: + + { + "err": { + "code": "constraint_violation", + "detail": "data_classification_max exceeded" + } + } + + Error detail SHOULD NOT reveal internal system state beyond what is + necessary for audit purposes. + +4.4. Complete Examples + +4.4.1. Example: Phase 1 — Authorization Mandate + + { + "alg": "ES256", + "typ": "act+jwt", + "kid": "agent-clinical-key-2026-03" + } + . + { + "iss": "did:key:z6MkhaXgBZDvotDkL5257faiztiGiC2QtKLGpbnnEGta2doK", + "sub": "did:key:z6MknGc3omCyas4b1GmEn4xySHgLuSHxrKrUBnrhJekxZHFz", + "aud": [ + "did:key:z6MknGc3omCyas4b1GmEn4xySHgLuSHxrKrUBnrhJekxZHFz", + "https://ledger.hospital.example.com" + ], + "iat": 1772064000, + "exp": 1772064900, + "jti": "550e8400-e29b-41d4-a716-446655440001", + + "wid": "a0b1c2d3-e4f5-6789-abcd-ef0123456789", + + "task": { + "purpose": "validate_treatment_recommendation", + "data_sensitivity": "restricted", + "created_by": "operator:clinical-admin-01" + }, + + "cap": [ + { + "action": "read.patient_record", + "constraints": { + "patient_id_scope": "current_task_only", + "max_records": 1 + + + +Nennemann Expires 14 October 2026 [Page 20] + +Internet-Draft ACT April 2026 + + + } + }, + { + "action": "write.safety_assessment", + "constraints": { + "status": "draft_only" + } + } + ], + + "oversight": { + "requires_approval_for": ["write.publish_assessment"] + }, + + "del": { + "depth": 0, + "max_depth": 2, + "chain": [] + } + } + +4.4.2. Example: Phase 2 — Execution Record (same token, re-signed by + target agent) + + { + "alg": "EdDSA", + "typ": "act+jwt", + "kid": "agent-safety-key-2026-03" + } + . + { + "iss": "did:key:z6MkhaXgBZDvotDkL5257faiztiGiC2QtKLGpbnnEGta2doK", + "sub": "did:key:z6MknGc3omCyas4b1GmEn4xySHgLuSHxrKrUBnrhJekxZHFz", + "aud": [ + "did:key:z6MknGc3omCyas4b1GmEn4xySHgLuSHxrKrUBnrhJekxZHFz", + "https://ledger.hospital.example.com" + ], + "iat": 1772064000, + "exp": 1772064900, + "jti": "550e8400-e29b-41d4-a716-446655440001", + + "wid": "a0b1c2d3-e4f5-6789-abcd-ef0123456789", + + "task": { + "purpose": "validate_treatment_recommendation", + "data_sensitivity": "restricted", + "created_by": "operator:clinical-admin-01" + }, + + + +Nennemann Expires 14 October 2026 [Page 21] + +Internet-Draft ACT April 2026 + + + "cap": [ + { + "action": "read.patient_record", + "constraints": { + "patient_id_scope": "current_task_only", + "max_records": 1 + } + }, + { + "action": "write.safety_assessment", + "constraints": { + "status": "draft_only" + } + } + ], + + "oversight": { + "requires_approval_for": ["write.publish_assessment"] + }, + + "del": { + "depth": 0, + "max_depth": 2, + "chain": [] + }, + + "exec_act": "write.safety_assessment", + "pred": ["550e8400-e29b-41d4-a716-446655440000"], + "inp_hash": "n4bQgYhMfWWaL-qgxVrQFaO_TxsrC4Is0V1sFbDwCgg", + "out_hash": "LCa0a2j_xo_5m0U8HTBBNBNCLXBkg7-g-YpeiGJm564", + "exec_ts": 1772064300, + "status": "completed" + } + +5. Trust Model + + ACT defines four trust tiers. Tier 1 is mandatory-to-implement; all + others are optional upgrades. An ACT verifier MUST be able to + process ACTs from any tier it has configured. The trust tier in use + is determined by the kid format and the presence of x5c or did header + parameters. + +5.1. Tier 0: Bootstrap (TOFU — Trust On First Use) + + Tier 0 is NOT part of the normative trust model and MUST NOT be used + in regulated environments. It is defined here for documentation + purposes only, to describe the common bootstrapping scenario. + + + + +Nennemann Expires 14 October 2026 [Page 22] + +Internet-Draft ACT April 2026 + + + In Tier 0, the first ACT received from an agent establishes its + public key. This is equivalent to SSH TOFU behavior: an attacker who + intercepts the first message can substitute their own key. Tier 0 + deployments MUST transition to Tier 1 or higher before exchanging + ACTs that carry sensitive capabilities. + +5.2. Tier 1: Pre-Shared Keys (Mandatory-to-Implement) + + In Tier 1, both parties exchange public keys out-of-band prior to the + first ACT exchange. The kid is an opaque string agreed during the + key exchange. Implementations MUST support Tier 1. + + Key exchange MAY occur via any out-of-band mechanism: manual + configuration, a configuration management system, or a prior + authenticated channel. This specification does not mandate a + specific key exchange protocol. + + Tier 1 public keys MUST be Ed25519 [RFC8037] or P-256 (ES256) + [RFC7518] keys. RSA keys SHOULD NOT be used in Tier 1 deployments + due to key size. Key rotation MUST be performed out-of-band using + the same mechanism as the initial exchange. + +5.3. Tier 2: PKI / X.509 + + In Tier 2, agent identity is bound to an X.509 certificate issued by + a mutually trusted Certificate Authority (CA). The kid is the + certificate thumbprint (SHA-256 of the DER-encoded certificate). + + Cross-organizational ACT exchange in Tier 2 requires either: + + (a) a mutually trusted root CA, or (b) cross-certification between + the organizations' CAs, or (c) explicit trust anchoring (one + organization's CA is added to the other's trust store). + + The x5c JOSE header parameter [RFC7515] MAY carry the full + certificate chain to enable verification without out-of-band trust + store configuration. + +5.4. Tier 3: Decentralized Identifiers (DID) + + In Tier 3, agent identity is expressed as a DID [W3C-DID]. The kid + is a DID key fragment. The did JOSE header parameter carries the + full DID for resolution. + + Implementations SHOULD support at minimum did:key [DID-KEY] for self- + contained key distribution without external resolution, and did:web + [DID-WEB] for organizations that prefer DNS-anchored identity. + + + + +Nennemann Expires 14 October 2026 [Page 23] + +Internet-Draft ACT April 2026 + + + DID resolution latency introduces a dependency on external + infrastructure. To preserve the zero-infrastructure baseline, + implementations using Tier 3 MAY cache DID Documents and MUST specify + a maximum cache TTL in their configuration. + +5.5. Cross-Tier Interoperability + + A delegation chain MAY include agents operating at different trust + tiers. Each step in the chain is verified using the trust tier of + the signing agent at that step. Verifiers MUST NOT reject a chain + solely because it mixes trust tiers, but MAY apply stricter policy + for chains that include Tier 0 or Tier 1 steps when exchanging + sensitive capabilities. + +6. Delegation Chain + + ACT delegation is peer-to-peer: no Authorization Server is involved. + Delegation is expressed as a cryptographically verifiable chain of + ACT issuances, where each step reduces privileges relative to the + previous step. + +6.1. Peer-to-Peer Delegation + + When Agent A authorizes Agent B to perform a sub-task, Agent A: + + 1. Creates a new ACT with sub set to Agent B's identifier. + + 2. Sets cap to a subset of A's own authorized capabilities, with + constraints at least as restrictive as those in A's mandate. + + 3. Sets del.depth to A's own del.depth + 1. + + 4. Sets del.max_depth to no more than the del.max_depth value in A's + own mandate. + + 5. Adds a chain entry containing A's identifier as delegator, the + jti of A's own mandate, and a sig value computed as: + + sig = Sign(A.private_key, SHA-256(canonical_ACT_phase1_bytes)) + + where canonical_ACT_phase1_bytes is the UTF-8 encoded bytes of + the JWS Compact Serialization of A's Phase 1 ACT. + + 6. Signs the new ACT with A's private key. + + + + + + + +Nennemann Expires 14 October 2026 [Page 24] + +Internet-Draft ACT April 2026 + + +6.2. Privilege Reduction Requirements + + When issuing a delegated ACT, the issuing agent MUST reduce + privileges by one or more of: + + * Removing capabilities (sub-set of parent capabilities only). + + * Adding stricter constraints (lower rate limits, narrower domains, + shorter time windows, lower data classification ceiling). + + * Reducing token lifetime (exp closer to iat). + + * Reducing del.max_depth. + + The issuing agent MUST NOT grant capabilities not present in its own + mandate. Capability escalation via delegation is prohibited and MUST + be detected and rejected by verifiers. + + For well-known numeric constraints (e.g., max_records, + max_requests_per_hour), "more restrictive" means a numerically lower + or equal value. For well-known enumerated constraints (e.g., + data_sensitivity), "more restrictive" means a value that is equal or + higher in the defined ordering ("public" < "internal" < + "confidential" < "restricted"). For unknown or domain-specific + constraint keys, verifiers MUST treat the constraint as non- + comparable and MUST reject the delegation unless the delegated + constraint value is byte-for-byte identical to the parent constraint + value. + +6.3. Delegation Verification + + A verifier receiving a delegated ACT MUST: + + 1. Verify the ACT's own signature (Section 8.1). + + 2. For each entry in del.chain, in order from index 0 to del.depth - + 1: a. Retrieve the public key for entry.delegator. b. Verify + that entry.sig is a valid signature over the SHA-256 hash of the + referenced parent ACT (identified by entry.jti). c. Verify that + the capabilities in the current ACT are a subset of the + capabilities in the parent ACT, per the constraint comparison + rules in Section 6.2. + + 3. Verify that del.depth does not exceed del.max_depth. + + 4. Verify that del.chain length equals del.depth. + + If any step fails, the ACT MUST be rejected. + + + +Nennemann Expires 14 October 2026 [Page 25] + +Internet-Draft ACT April 2026 + + +7. DAG Structure and Causal Ordering + + ACTs in Phase 2 form a DAG over the pred (predecessor) claim. The + DAG encodes causal dependencies: a task MAY NOT begin before all its + parent tasks are completed. + +7.1. DAG Validation + + When processing a Phase 2 ACT, implementations MUST: + + 1. *Uniqueness*: Verify the jti is unique within the workflow (wid) + or globally if wid is absent. + + 2. *Predecessor Existence*: Verify every jti in pred corresponds to + a Phase 2 ACT available in the ACT store or audit ledger. + + 3. *Temporal Ordering*: Verify that for each parent: parent.exec_ts + < child.exec_ts + clock_skew_tolerance (RECOMMENDED tolerance: 30 + seconds). Causal ordering is primarily enforced by DAG + structure, not timestamps. + + 4. *Acyclicity*: Following parent references MUST NOT lead back to + the current ACT's jti. Implementations MUST enforce a maximum + ancestor traversal limit (RECOMMENDED: 10,000 nodes). + + 5. *Capability Consistency*: Verify that exec_act matches one of the + action values in the cap array from Phase 1. + +7.2. Root Tasks and Fan-in + + A root task has pred = []. A workflow MAY have multiple root tasks + representing parallel branches with no shared predecessor. + + Fan-in — a task with multiple parents — is expressed naturally: + + { + "pred": [ + "550e8400-e29b-41d4-a716-446655440001", + "550e8400-e29b-41d4-a716-446655440002" + ] + } + + This indicates the current task depends on the completion of both + referenced parent tasks, which MAY have been executed in parallel by + different agents. + + + + + + +Nennemann Expires 14 October 2026 [Page 26] + +Internet-Draft ACT April 2026 + + +7.3. DAG vs Linear Delegation Chains + + Several concurrent proposals for agent authorization model delegation + as an ordered, linear chain of tokens or principals. Examples + include the actchain claim of + [I-D.oauth-transaction-tokens-for-agents], the Agentic JWT + construction of [AgenticJWT], the AIP / Interaction-Bound Context + Token (IBCT) model of [AIP-IBCT], and the delegation record defined + in [I-D.helixar-hdp-agentic-delegation]. In each of these designs, + the trail from the originator to the final executor is represented as + an ordered array recording one predecessor per hop. + +7.3.1. What Linear Chains Express Well + + Linear chains are a natural fit for simple sequential delegation: + agent A delegates to agent B, which delegates to agent C. The chain + records the history of that single hand-off in order, and verifiers + can walk from the current holder back to the originator without + branching. For interactive user-to-agent-to-service flows, where + each step has exactly one predecessor, a linear chain is both + sufficient and compact. + +7.3.2. Limitations of Linear Chains + + Agentic workflows in practice are rarely purely linear. Planner + agents dispatch parallel sub-tasks; synthesizer agents consume + results from multiple independent branches; tool calls execute + concurrently and their outputs are merged. A linear chain cannot + faithfully represent the following common topologies: + + * *Fork*: A single task spawns multiple independent sub-tasks. A + linear chain cannot express that two concurrent sub-executions + share a common parent authorization but are otherwise independent; + each sub-task would either omit its siblings or fabricate a false + ordering between them. + + * *Join (fan-in)*: A task whose output depends on results from + several predecessors has no single prior hop. Linear chains + cannot express multiple-parent relationships without either + collapsing parallel branches into an arbitrary order or + duplicating records. + + * *Diamond dependencies*: A planner dispatches parallel work and + later synthesizes the results. The synthesis step depends on + every branch, and all branches depend on the same planner. This + diamond shape requires a DAG; a linear chain forces the verifier + to pick one branch and discard the others. + + + + +Nennemann Expires 14 October 2026 [Page 27] + +Internet-Draft ACT April 2026 + + + * *Cross-chain references*: When two independently authorized chains + produce outputs that are later combined (e.g., a shared cache + lookup and a fresh retrieval), linear chains force a single + history and cannot record that the combined result has two + distinct provenances. + +7.3.3. ACT's DAG Approach + + As specified in Section 4.3, the pred claim is an array of parent jti + values rather than a single scalar. This allows an ACT to record: + + * Zero parents (a root task, pred = []); + + * Exactly one parent (a linear chain, equivalent to the single- + predecessor designs referenced above); + + * Multiple parents (fan-in from parallel branches); and + + * Any acyclic shape that matches the actual execution structure. + + The following example illustrates a diamond workflow. A research + agent (A) dispatches a web-search agent (B) and a code-analysis agent + (C) in parallel; both complete, and their outputs are combined by a + writer agent (D): + + +-----+ + | A | pred = [] + +-----+ + / \ + v v + +---+ +---+ + | B | | C | pred = [A.jti] + +---+ +---+ + \ / + v v + +-----+ + | D | pred = [B.jti, C.jti] + +-----+ + + A linear actchain representation cannot express that D depends on + both B and C. At best, it can record one of the two parents and lose + the other, or serialize B and C into a false sequential order. + +7.3.4. Verifiability Implications + + With a DAG representation, an auditor holding the set of Phase 2 ACTs + for a workflow can reconstruct the full execution graph, not just one + chain per final record. This matters for: + + + +Nennemann Expires 14 October 2026 [Page 28] + +Internet-Draft ACT April 2026 + + + * *Debugging*: identifying which branch contributed an erroneous + input to a downstream synthesis. + + * *Compliance*: demonstrating that every input to a regulated + decision was itself authorized, not only the most recent hop. + + * *Tamper-evidence*: detecting that a branch has been omitted, since + the surviving siblings' pred arrays name the missing predecessor + by jti. + +7.3.5. Interoperability with Linear-Chain Designs + + ACT's DAG reduces to a linear chain in the degenerate case where + every pred array has length zero or one. An implementation that + requires linear-chain semantics MAY treat such ACTs as equivalent to + actchain-style records and ignore the fork/join capability. The + reverse reduction is not available: a linear-chain-only design cannot + represent ACT DAG topologies without loss of information. + + ACT therefore takes the linear chain as a strict subset of its model + rather than as a competing approach. The DAG generalization is + deliberate and is motivated by the concurrent, branching nature of + real agentic executions rather than by any deficiency in the linear- + chain designs for the sequential cases they target. + +8. Verification Procedure + +8.1. Authorization Phase Verification + + A receiving agent MUST verify a Phase 1 ACT as follows: + + 1. Parse JWS Compact Serialization per [RFC7515]. + + 2. Verify typ is "act+jwt". + + 3. Verify alg is in the verifier's algorithm allowlist. The + allowlist MUST NOT include "none" or any symmetric algorithm. + + 4. Retrieve the public key for kid per the applicable trust tier + (Section 5). + + 5. Verify the JWS signature. + + 6. Verify exp has not passed (with clock skew tolerance: + RECOMMENDED maximum 5 minutes). + + 7. Verify iat is not unreasonably in the future (RECOMMENDED: no + more than 30 seconds ahead). + + + +Nennemann Expires 14 October 2026 [Page 29] + +Internet-Draft ACT April 2026 + + + 8. Verify aud contains the verifier's own identifier. + + 9. Verify iss is a trusted agent identity per local policy. + + 10. Verify sub matches the verifier's own identifier (the agent is + the intended recipient of this mandate). + + 11. Verify all required claims are present and well-formed. + + 12. Verify delegation chain (Section 6.3) if del.chain is non-empty. + + 13. Verify capabilities are within policy limits. + +8.2. Execution Phase Verification + + In addition to all Phase 1 verification steps, a verifier processing + a Phase 2 ACT MUST: + + 1. Verify exec_act is present and matches an action in cap. + + 2. Verify pred is present and perform DAG validation (Section 7.1). + + 3. Verify exec_ts is present and is greater than or equal to iat. + If exec_ts is after exp, implementations SHOULD log a warning but + MUST NOT reject the record solely on this basis. + + 4. Verify status is present and has a valid value. + + 5. Verify the re-signature was produced by the sub agent (the + executing agent), not the iss agent (the mandating agent). This + is verified by checking that the kid in the Phase 2 JOSE header + corresponds to the sub agent's public key. + + 6. If inp_hash or out_hash are present, verify them against locally + available input/output data when possible. + +9. Transport + +9.1. HTTP Header Transport + + This specification defines two HTTP header fields for ACT transport: + + *ACT-Mandate*: Carries a Phase 1 ACT issued by an upstream agent or + operator. Value is the JWS Compact Serialization of the ACT. + + GET /api/safety-check HTTP/1.1 + Host: safety-agent.example.com + ACT-Mandate: eyJhbGci...Phase1ACT... + + + +Nennemann Expires 14 October 2026 [Page 30] + +Internet-Draft ACT April 2026 + + + *ACT-Record*: Carries a Phase 2 ACT from a predecessor agent, serving + as evidence of completed prerequisites. + + POST /api/downstream HTTP/1.1 + Host: downstream-agent.example.com + ACT-Mandate: eyJhbGci...Phase1ACT... + ACT-Record: eyJhbGci...Phase2ACT... + + Multiple ACT-Record header lines MAY be included when a task has + multiple completed predecessors (DAG fan-in). If any single ACT- + Record fails verification, the receiver MUST reject the entire + request. + +9.2. Non-HTTP Transports + + For non-HTTP transports (MCP stdio, A2A message queues, AMQP, etc.), + ACTs SHOULD be carried as a dedicated field in the transport's + metadata envelope. The field name SHOULD be act_mandate for Phase 1 + ACTs and act_record for Phase 2 ACTs. Implementations MUST use the + JWS Compact Serialization form in all transports. + +10. Audit Ledger Interface + + Phase 2 ACTs SHOULD be submitted to an immutable audit ledger. A + ledger is RECOMMENDED for regulated environments but is not required + for basic ACT operation. This specification does not mandate a + specific storage technology. + + When an audit ledger is deployed, the implementation MUST provide: + + 1. *Append-only semantics*: Once an ACT is recorded, it MUST NOT be + modified or deleted. + + 2. *Ordering*: A monotonically increasing sequence number per + recorded ACT. + + 3. *Lookup*: Efficient retrieval by jti value. + + 4. *Integrity*: A cryptographic commitment scheme over recorded ACTs + (e.g., hash-chaining, Merkle tree anchoring, or SCITT + registration per [I-D.ietf-scitt-architecture]). + +11. Security Considerations + +11.1. Threat Model + + ACT assumes an adversarial environment where: + + + + +Nennemann Expires 14 October 2026 [Page 31] + +Internet-Draft ACT April 2026 + + + * Individual agents may be compromised. + + * Network paths may be intercepted (mitigated by transport + security). + + * Attackers may attempt to replay valid ACTs from prior + interactions. + + * Colluding agents may attempt to fabricate execution records. + + * Agents may attempt privilege escalation via manipulated delegation + chains. + + ACT does NOT assume: + + * A trusted central authority (by design). + + * Synchronized clocks beyond the stated skew tolerance. + + * Availability of external network services during verification. + +11.2. Self-Assertion Limitation + + Phase 2 ACTs are self-asserted: an executing agent signs its own + execution record. A compromised agent with an intact private key can + produce Phase 2 ACTs claiming arbitrary inputs, outputs, and action + types, as long as the claimed exec_act matches an authorized + capability. + + This is a fundamental limitation of self-sovereign attestation. It + is the same limitation affecting WIMSE ECT [I-D.nennemann-wimse-ect]. + + Mitigations: + + * *Cross-agent corroboration*: A receiving agent that processes an + ACT-Record as a prerequisite independently verifies that the + claimed out_hash matches the data it actually received. + + * *Ledger sequencing*: An append-only ledger with monotonic sequence + numbers prevents retroactive insertion of fabricated records. + + * *SCITT anchoring*: For high-assurance deployments, Phase 2 ACTs + SHOULD be anchored to a SCITT Transparency Service, providing + external witness that the record was submitted at a claimed time. + + + + + + + +Nennemann Expires 14 October 2026 [Page 32] + +Internet-Draft ACT April 2026 + + +11.3. Key Compromise + + If an agent's private key is compromised, an attacker can issue + arbitrary Phase 1 mandates (impersonating the agent as an issuer) and + fabricate Phase 2 records (impersonating the agent as an executor). + + Key compromise response: + + 1. The compromised agent's identifier MUST be added to all + verifiers' deny lists. + + 2. In Tier 2 (PKI) deployments, the certificate MUST be revoked via + CRL or OCSP. + + 3. In Tier 3 (DID) deployments, the DID Document MUST be updated to + revoke the compromised key. + + 4. In Tier 1 (pre-shared key) deployments, both parties MUST perform + an out-of-band key rotation. + + ACT chains that include records signed by a compromised key MUST be + treated as potentially tainted from the point of compromise. Audit + systems MUST flag all ACTs signed after the estimated compromise + time. + +11.4. Replay Attack Prevention + + jti uniqueness within the applicable scope (workflow or global) + provides replay detection. Verifiers MUST reject ACTs whose jti has + already been seen and processed. + + exp provides a time-bounded replay window. Verifiers MUST reject + expired ACTs. The combination of jti and exp means that replay + detection state only needs to be maintained for the duration of token + lifetimes. + +11.5. Equivocation + + In standalone deployment (no audit ledger, no SCITT anchoring), ACT + does NOT provide non-equivocation guarantees. A compromised agent + can maintain two valid ACT chains — presenting Phase 2 records with + different out_hash values to different verifiers — and both will pass + independent verification. + + *Deployments claiming DORA [DORA] Article 10/11 compliance or EU AI + Act [EUAIA] Article 12 compliance MUST use one of:* + + + + + +Nennemann Expires 14 October 2026 [Page 33] + +Internet-Draft ACT April 2026 + + + (a) A shared append-only audit ledger visible to all relevant + parties, with cryptographic integrity (hash chaining or Merkle + trees). + + (b) SCITT anchoring [I-D.ietf-scitt-architecture] providing external + Transparency Service receipts. + + Standalone ACT provides tamper detection (a verifier can detect + modification of a record it has seen) but not split-view prevention + (a verifier cannot detect a different record shown to another + verifier). + +11.6. Privilege Escalation + + Verifiers MUST check that each step in del.chain reduces or maintains + (never increases) the capabilities relative to the preceding step. + Implementations MUST reject ACTs where: + + * del.depth exceeds del.max_depth. + + * cap contains actions not present in any referenced parent ACT. + + * Constraints in cap are less restrictive than those in the parent. + +11.7. Denial of Service + + ACT verification is more computationally expensive than standard JWT + validation due to delegation chain verification and DAG traversal. + + Mitigations: + + * Reject ACTs larger than 64KB before parsing. + + * Enforce maximum del.chain length (RECOMMENDED: 10 entries). + + * Enforce maximum DAG ancestor traversal depth (RECOMMENDED: 10,000 + nodes, Section 7.1). + + * Cache verification results for recently seen jti values within the + token lifetime window. + +12. Privacy Considerations + + ACT tokens and audit ledger records may contain information that + identifies agents, organizations, or individuals. Implementations + SHOULD apply data minimization principles: + + + + + +Nennemann Expires 14 October 2026 [Page 34] + +Internet-Draft ACT April 2026 + + + * task.created_by SHOULD use a pseudonymous identifier rather than a + personal email address or real name. + + * task.purpose SHOULD use a controlled vocabulary code rather than + free-text descriptions that may contain personal data. + + * del.chain entries reveal organizational structure. Cross- + organizational delegation chains SHOULD use Tier 3 (DID) + identifiers that do not reveal organizational affiliation. + + * inp_hash and out_hash are hashes of data, not the data itself, and + do not constitute personal data under GDPR Article 4(1) provided + the underlying data is not trivially reversible (e.g., hashes of + very short strings). + + For GDPR Article 17 (right to erasure) compliance, audit ledgers + SHOULD store only ACT tokens (which contain hashes, not raw data) and + SHOULD implement crypto-shredding for any associated encrypted + payloads. + +13. IANA Considerations + +13.1. Media Type Registration + + This document requests registration of the following media type: + + * Type name: application + + * Subtype name: act+jwt + + * Required parameters: none + + * Encoding considerations: binary (base64url-encoded JWT) + + * Security considerations: See Section 11. + + * Interoperability considerations: See Section 8.1. + + * Specification: This document. + +13.2. HTTP Header Field Registration + + This document requests registration of the following HTTP header + fields in the "Hypertext Transfer Protocol (HTTP) Field Name + Registry": + + * Header field name: ACT-Mandate + + + + +Nennemann Expires 14 October 2026 [Page 35] + +Internet-Draft ACT April 2026 + + + * Applicable protocol: HTTP + + * Status: permanent + + * Specification: This document, Section 9.1. + + * Header field name: ACT-Record + + * Applicable protocol: HTTP + + * Status: permanent + + * Specification: This document, Section 9.1. + +13.3. JWT Claims Registration + + This document requests registration of the following claims in the + IANA "JSON Web Token Claims" registry: + + +============+====================================+===============+ + | Claim Name | Description | Reference | + +============+====================================+===============+ + | wid | Workflow identifier | This document | + +------------+------------------------------------+---------------+ + | task | Task authorization context | This document | + +------------+------------------------------------+---------------+ + | cap | Capabilities with constraints | This document | + +------------+------------------------------------+---------------+ + | oversight | Human oversight requirements | This document | + +------------+------------------------------------+---------------+ + | del | Delegation provenance chain | This document | + +------------+------------------------------------+---------------+ + | exec_act | Executed action identifier | This document | + +------------+------------------------------------+---------------+ + | pred | Predecessor task identifiers (DAG) | This document | + +------------+------------------------------------+---------------+ + | inp_hash | SHA-256 hash of task input | This document | + +------------+------------------------------------+---------------+ + | out_hash | SHA-256 hash of task output | This document | + +------------+------------------------------------+---------------+ + | exec_ts | Actual execution timestamp | This document | + +------------+------------------------------------+---------------+ + | status | Execution status | This document | + +------------+------------------------------------+---------------+ + | err | Execution error context | This document | + +------------+------------------------------------+---------------+ + + Table 1 + + + +Nennemann Expires 14 October 2026 [Page 36] + +Internet-Draft ACT April 2026 + + +14. References + +14.1. Normative References + + [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate + Requirement Levels", BCP 14, RFC 2119, + DOI 10.17487/RFC2119, March 1997, + . + + [RFC7515] Jones, M., Bradley, J., and N. Sakimura, "JSON Web + Signature (JWS)", RFC 7515, DOI 10.17487/RFC7515, May + 2015, . + + [RFC7517] Jones, M., "JSON Web Key (JWK)", RFC 7517, + DOI 10.17487/RFC7517, May 2015, + . + + [RFC7518] Jones, M., "JSON Web Algorithms (JWA)", RFC 7518, + DOI 10.17487/RFC7518, May 2015, + . + + [RFC7519] Jones, M., Bradley, J., and N. Sakimura, "JSON Web Token + (JWT)", RFC 7519, DOI 10.17487/RFC7519, May 2015, + . + + [RFC8037] Liusvaara, I., "CFRG Elliptic Curve Diffie-Hellman (ECDH) + and Signatures in JSON Object Signing and Encryption + (JOSE)", RFC 8037, DOI 10.17487/RFC8037, January 2017, + . + + [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC + 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, + May 2017, . + + [RFC9110] Fielding, R., Ed., Nottingham, M., Ed., and J. Reschke, + Ed., "HTTP Semantics", STD 97, RFC 9110, + DOI 10.17487/RFC9110, June 2022, + . + + [RFC9562] Davis, K., Peabody, B., and P. Leach, "Universally Unique + IDentifiers (UUIDs)", RFC 9562, DOI 10.17487/RFC9562, May + 2024, . + +14.2. Informative References + + [A2A-SPEC] Google, "Agent2Agent (A2A) Protocol", + . + + + + +Nennemann Expires 14 October 2026 [Page 37] + +Internet-Draft ACT April 2026 + + + [AgenticJWT] + "Agentic JWT: A JSON Web Token Profile for Delegated Agent + Authorization", 2025, . + + [AIP-IBCT] S., P., "AIP: Agent Interaction Protocol with Interaction- + Bound Context Tokens", March 2026, + . + + [AUTOGEN] Microsoft, "AutoGen Documentation", + . + + [CREWAI] CrewAI, "CrewAI Documentation", + . + + [DID-KEY] D., L., "The did:key Method v0.7", 2021, + . + + [DID-WEB] O., S., "did:web Method Specification", 2022, + . + + [DORA] European Parliament, "Digital Operational Resilience Act + (DORA), Regulation (EU) 2022/2554", 2022, + . + + [EUAIA] European Parliament, "EU Artificial Intelligence Act, + Regulation (EU) 2024/1689", 2024, + . + + [I-D.aap-oauth-profile] + A., C., "Agent Authorization Profile (AAP) for OAuth 2.0", + Work in Progress, Internet-Draft, draft-aap-oauth-profile- + 01, February 2026, . + + [I-D.emirdag-scitt-ai-agent-execution] + Emirdag, "A SCITT Profile for AI Agent Execution Records", + Work in Progress, Internet-Draft, draft-emirdag-scitt-ai- + agent-execution-00, April 2026, + . + + [I-D.helixar-hdp-agentic-delegation] + Helixar, "Helixar Delegation Protocol (HDP) for Agentic + Delegation", Work in Progress, Internet-Draft, draft- + helixar-hdp-agentic-delegation-00, 2026, + . + + + + +Nennemann Expires 14 October 2026 [Page 38] + +Internet-Draft ACT April 2026 + + + [I-D.ietf-scitt-architecture] + Birkholz, H., Delignat-Lavaud, A., Fournet, C., Deshpande, + Y., and S. Lasker, "An Architecture for Trustworthy and + Transparent Digital Supply Chains", Work in Progress, + Internet-Draft, draft-ietf-scitt-architecture-22, 10 + October 2025, . + + [I-D.nennemann-wimse-ect] + Nennemann, C., "Execution Context Tokens for Distributed + Agentic Workflows", Work in Progress, Internet-Draft, + draft-nennemann-wimse-ect-02, 2026, + . + + [I-D.oauth-transaction-tokens-for-agents] + G., F., "Transaction Tokens for Agentic AI Systems", Work + in Progress, Internet-Draft, draft-oauth-transaction- + tokens-for-agents-06, 2026, + . + + [IEC62304] IEC, "Medical device software — Software life cycle + processes, IEC 62304:2006+AMD1:2015", 2015, + . + + [LANGGRAPH] + LangChain, "LangGraph Documentation", + . + + [MCP-SPEC] "Model Context Protocol Specification", 25 November 2025, + . + + [OPENAI-AGENTS-SDK] + OpenAI, "OpenAI Agents SDK", + . + + [RFC7009] Lodderstedt, T., Ed., Dronia, S., and M. Scurtescu, "OAuth + 2.0 Token Revocation", RFC 7009, DOI 10.17487/RFC7009, + August 2013, . + + [RFC8693] Jones, M., Nadalin, A., Campbell, B., Ed., Bradley, J., + and C. Mortimore, "OAuth 2.0 Token Exchange", RFC 8693, + DOI 10.17487/RFC8693, January 2020, + . + + + + + +Nennemann Expires 14 October 2026 [Page 39] + +Internet-Draft ACT April 2026 + + + [SentinelAgent] + Patil, "SentinelAgent: A Formal Delegation Chain Calculus + for Verifiable Agent Authorization", April 2026, + . + + [W3C-DID] M., S., "Decentralized Identifiers (DIDs) v1.0", July + 2022, . + +Appendix A: Complete JSON Schema + + The normative JSON Schema for ACT Phase 1 and Phase 2 tokens is + available at [TODO: reference implementation repository]. + +Appendix B: Test Vectors + +B.1. Valid Phase 1 ACT — Root Mandate (Tier 1, Pre-Shared Key) + + [TODO: include encoded test vector with signing key, payload, + and expected JWS Compact Serialization] + +B.2. Valid Phase 2 ACT — Completed Execution + + [TODO: include encoded test vector demonstrating Phase 1 -> Phase 2 + transition with re-signature by target agent] + +B.3. Valid Phase 2 ACT — Fan-in (Multiple Parents) + + [TODO: demonstrate pred with two predecessor jti values from parallel + workflow branches] + +B.4. Invalid ACT — Delegation Depth Exceeded + + [TODO: demonstrate del.depth > del.max_depth rejection] + +B.5. Invalid ACT — Capability Escalation + + [TODO: demonstrate rejection when delegated cap contains action + not present in parent ACT] + +B.6. Invalid ACT — exec_act Mismatch + + [TODO: demonstrate rejection when exec_act does not match any + cap.action in the Phase 1 claims] + +Appendix C: Deployment Scenarios + + + + + + +Nennemann Expires 14 October 2026 [Page 40] + +Internet-Draft ACT April 2026 + + +C.1. Minimal Deployment (Zero Infrastructure) + + Two organizations exchange pre-shared public keys via secure email. + Each agent signs Phase 1 mandates and Phase 2 records with its + Ed25519 key. No ledger, no external services. Suitable for + development and low-risk workflows. + + Limitation: No non-equivocation (Section 11.5). + +C.2. Regulated Deployment with Hash-Chained Ledger + + Phase 2 ACTs are submitted to a shared append-only ledger with hash- + chaining. Each recorded ACT extends a cryptographic chain, providing + tamper evidence for each ACT and the chain as a whole. The ledger is + shared between all regulated parties participating in the workflow. + Suitable for DORA compliance. + +C.3. High-Assurance Cross-Organizational Deployment + + Phase 2 ACTs are anchored to a SCITT Transparency Service. SCITT + receipts are attached to the audit record as non-equivocation proofs. + DID-based agent identities (Tier 3) enable self-sovereign key + management without shared CA infrastructure. + +C.4. WIMSE Environment Integration + + In environments where WIMSE is already deployed, ACT-Mandate and ACT- + Record headers are carried alongside the WIMSE Workload-Identity + header. The ECT and ACT serve different purposes: the ECT records + workload-level execution in WIMSE terms; the ACT records the + authorization provenance and capability constraints that governed the + action. + +Acknowledgments + + The author thanks the IETF WIMSE, OAuth, and SCITT working groups for + foundational work on workload identity, delegated authorization, and + transparent supply chain records that informs this specification. + +Author's Address + + Christian Nennemann + Independent Researcher + Email: ietf@nennemann.de + + + + + + + +Nennemann Expires 14 October 2026 [Page 41] diff --git a/workspace/drafts/act/draft-nennemann-act-01.xml b/workspace/drafts/act/draft-nennemann-act-01.xml new file mode 100644 index 0000000..7593966 --- /dev/null +++ b/workspace/drafts/act/draft-nennemann-act-01.xml @@ -0,0 +1,2741 @@ + + + + + + + + + + +]> + + + + + Agent Context Token (ACT) + + + Independent Researcher +

+ ietf@nennemann.de +
+ + + + + SEC + + agent authorization execution accountability JWT DAG delegation + + + + + + +This document defines the Agent Context Token (ACT), a self-contained +JWT-based format that captures the full invocation context of an +autonomous AI agent — its capabilities, constraints, delegation +provenance, oversight requirements, task metadata, and DAG position — +and unifies authorization and execution accountability in a single +token lifecycle. An ACT begins as a signed authorization mandate and +transitions into a tamper-evident execution record once the agent +completes its task, appending cryptographic hashes of inputs and +outputs and linking to predecessor tasks via a directed acyclic graph +(DAG). ACT requires no Authorization Server, no workload identity +infrastructure, and no transparency service for basic operation. Trust +is bootstrapped via pre-shared keys and is upgradeable to PKI or +Decentralized Identifiers (DIDs). ACT is designed for +cross-organizational agent federation in regulated and unregulated +environments alike. ACT is the general-purpose agent context +primitive; the WIMSE Execution Context Token (ECT) + is a sibling profile specialized for +workload-identity-bound execution recording in WIMSE deployments. + + + + + + + + + + + + + + +
Introduction + +Autonomous AI agents increasingly operate across organizational +boundaries, executing multi-step workflows where individual tasks are +delegated from one agent to another. These workflows create two +distinct, inseparable compliance requirements: + + + Authorization: was the agent permitted to perform the action, +under what constraints, and by whose authority? + Accountability: what did the agent actually do, with what +inputs, producing what outputs, in what causal relationship to +prior tasks? + + +Existing specifications address these requirements in isolation. +The Agent Authorization Profile (AAP) +provides structured authorization via OAuth 2.0 but requires a +central Authorization Server. The WIMSE Execution Context Token + provides execution accountability but +requires WIMSE workload identity infrastructure (SPIFFE/SPIRE). + +This document defines the Agent Context Token (ACT), which addresses +both requirements in a single, self-contained token that requires no +shared infrastructure beyond the ability to verify asymmetric +signatures. The word "Context" in the name reflects what the token +carries: the complete invocation context of an agent — DAG references, +task metadata, capabilities, delegation chain, and oversight claims +— bound together in one cryptographically verifiable envelope. ACT +is positioned as the general agent context primitive, with the +WIMSE Execution Context Token (ECT) as a +sibling profile specialized for workload-identity-bound execution +contexts in WIMSE deployments. + +
Problem Statement + +Cross-organizational agent federation today faces a bootstrapping +problem: deploying shared OAuth infrastructure or a common SPIFFE +trust domain requires organizational agreement before the first +message is exchanged. In practice this means either: + +(a) agents operate without cryptographic authorization or audit + trails, relying on application-layer access control only; or + +(b) organizations adopt one party's identity infrastructure, creating + a hub-and-spoke dependency that contradicts the decentralized + nature of agent networks. + +ACT solves this by making pre-shared keys the mandatory-to-implement +trust baseline — two agents can begin a secure, auditable interaction +with nothing more than an out-of-band key exchange — while providing +a clean upgrade path to PKI or DID-based trust without changing the +token format. + +
+
Design Goals + + + G1 — Zero infrastructure baseline: ACT MUST be deployable with +no shared servers, no common identity provider, and no transparency +service. + G2 — Single token lifecycle: Authorization and accountability +MUST be expressed in the same token format to prevent +authorization-accountability gaps. + G3 — Peer-to-peer delegation: Delegation chains MUST be +verifiable without contacting an Authorization Server, using +cryptographic chaining of agent signatures. + G4 — DAG-native causal ordering: Workflows with parallel +branches and fan-in dependencies MUST be expressible natively, +without flattening to a linear chain. + G5 — Cross-organizational interoperability: ACTs issued by +agents in different trust domains MUST be verifiable by any +participant holding the issuing agent's public key. + G6 — Regulatory applicability: ACT MUST provide sufficient +evidence for audit requirements in DORA , EU AI Act +Article 12 , and IEC 62304 without requiring +additional log formats. + G7 — Upgrade path: The trust model MUST support migration from +pre-shared keys to PKI or DID without breaking existing ACT chains. + + +
+
Non-Goals + +The following are explicitly out of scope: + + + Defining internal AI model behavior or decision logic. + Replacing organizational security policies or procedures. + Defining storage formats for audit ledgers. + Specifying token revocation infrastructure (deployments MAY use +existing mechanisms such as for this purpose). + Providing non-equivocation guarantees in standalone mode (see + for the equivocation discussion and optional +transparency anchoring). + + +
+
Relationship to Related Work + +AAP : ACT addresses the same authorization +problem as AAP but does not require an Authorization Server. ACT +delegation is peer-to-peer via cryptographic signature chaining; +AAP delegation requires OAuth Token Exchange against a +central AS. ACT is not a profile of AAP; it is an +infrastructure-independent alternative for the same problem class. + +WIMSE ECT : ACT addresses the same +execution accountability problem as the WIMSE Execution Context Token +but does not require WIMSE workload identity infrastructure. ACT is +not a profile of WIMSE; it is deployable in environments without +SPIFFE/SPIRE. In environments where WIMSE is deployed, ACT MAY be +carried alongside WIMSE tokens to augment accountability with +authorization provenance. + +SCITT : For deployments requiring +non-equivocation guarantees (see ), ACT execution +records MAY be anchored to a SCITT Transparency Service as a Layer 2 +mechanism. This is OPTIONAL and not required for basic ACT operation. +Note: The SCITT architecture draft is currently in AUTH48 (RFC +Editor queue) at version -22 and is about to become an RFC; readers +should use the RFC number once assigned. + +
Concurrent Agent Authorization Proposals + +Several concurrent proposals in the IETF and academic communities +address overlapping portions of the agent authorization problem +space. This subsection situates ACT relative to those proposals. +Protocol-layer comparison of linear versus DAG delegation +structure is deferred to ; the summaries below focus +on scope and deployability. + +AIP / IBCTs : The Agent Interaction Protocol proposes +Interaction-Bound Capability Tokens in two modes: compact signed +JWTs for single-hop invocation and Biscuit/Datalog tokens for +multi-hop delegation, motivated by a survey of approximately 2,000 +Model Context Protocol servers that found no authorization +enforcement. ACT addresses the same problem class but relies +exclusively on JWT/JOSE throughout (no Biscuit or Datalog +dependency), defines an explicit two-phase lifecycle separating +authorization (Mandate) from proof-of-execution (Record), and +supports DAG delegation structure. IBCTs are modeled as append-only +chains at the protocol layer; ACT operates at the authorization +graph layer with revocable lifecycle states. + +SentinelAgent : SentinelAgent defines a formal +Delegation Chain Calculus with seven verifiable properties, a TLA+ +mechanization, and reports 100% true-positive and 0% false-positive +rates against the DelegationBench v4 benchmark. It addresses the +same accountability question as ACT — namely, which principal +authorized a given chain of actions. The differentiator is +deployment substrate: SentinelAgent expresses its guarantees in a +domain-specific formal calculus, whereas ACT encodes the same +invariants in IETF-standard JWT infrastructure (RFC 7519, RFC 7515, +RFC 8032) already deployable in existing OAuth- and JOSE-aware +stacks. + +Agentic JWT : Agentic JWT derives a per-agent +identity as a one-way hash of the agent's prompt, registered tools, +and configuration, and chains delegation assertions across +invocations. It is the closest prior-art JWT-based construction +for agentic delegation. ACT differs in that it adds an explicit +two-phase lifecycle — separating the authorization mandate from +the proof-of-execution record — and expresses delegation as a DAG +via the array-valued pred claim rather than a strictly linear +chain. + +OAuth Transaction Tokens for Agents +: This draft +extends OAuth Transaction Tokens with an actchain claim (an +ordered delegation array), an agentic_ctx claim conveying intent +and constraints, and flow-type markers distinguishing interactive +from autonomous invocations. It is complementary to ACT at the +OAuth layer. The primary differentiators are topology and +infrastructure dependency: Transaction Tokens for Agents presume +an OAuth Authorization Server and use a linear actchain, whereas +ACT operates peer-to-peer without any AS and uses a DAG-valued +pred. A detailed differencing document is referenced in +. + +Helixar Delegation Protocol (HDP) +: HDP specifies +Ed25519 signatures over RFC 8785-canonicalized JSON, an +append-only linear delegation chain with session binding, and +offline verification. ACT addresses the same problem but is +encoded in JWT/JOSE (aligning with the broader IETF token +ecosystem) rather than raw canonical JSON, and its pred claim +admits DAG topologies rather than strictly linear chains. + +SCITT Profile for AI Agent Execution Records +: This draft +defines a SCITT profile in which AgentInteractionRecord (AIR) +payloads are carried as COSE_Sign1 statements anchored to a +SCITT Transparency Service. It is highly complementary to ACT: +where ACT defines the two-phase lifecycle token issued and +consumed by agents at runtime, the SCITT AI Agent Execution +draft defines the payload format suitable for long-term anchoring. +Implementations that anchor Phase 2 ACTs to SCITT +() SHOULD consider the AIR payload +structure defined in that draft as the canonical encoding for +anchored records. + +
+
+
Applicability + +ACT is designed as a general-purpose primitive for AI agent +authorization and execution accountability. While a sibling +specification profiles execution context +tokens specifically for the WIMSE working group's workload identity +infrastructure, ACT operates without any shared identity plane. This +section identifies deployment contexts where ACT applies independently +of WIMSE, and clarifies how ACT complements — rather than competes +with — ecosystem-specific agent protocols. + +
Model Context Protocol (MCP) Tool-Use Flows + +The Model Context Protocol defines a client-server +interface by which LLM hosts invoke external tools via structured +JSON-RPC calls. MCP 2025-11-25 mandates OAuth 2.1 for transport-layer +authentication, but provides no mechanism for carrying per-invocation +authorization constraints or for producing a tamper-evident record +of what arguments were passed and what result was returned. + +ACT addresses this gap as follows: when an MCP host is about to +dispatch a tool call on behalf of an agent, it SHOULD issue a Phase 1 +ACT Mandate encoding the permitted tool name (e.g., as a capability +constraint), the declaring scope, and any parameter-level constraints +applicable to that invocation. The MCP server, upon receiving the +request, MAY validate the ACT Mandate and, upon completing the tool +execution, SHOULD transition the token to Phase 2 by appending +SHA-256 hashes of the serialized input arguments and the JSON +response, then re-sign. The resulting Phase 2 ACT constitutes an +unforgeable record that a specific tool was called with specific +arguments and returned a specific result, independently of MCP's +OAuth layer. + +This integration requires no modification to MCP transport; the ACT +SHOULD be carried in the ACT-Mandate and ACT-Record HTTP headers +defined in of this document. + +
+
OpenAI Agents SDK and Function Calling + +The OpenAI Agents SDK enables composition of +agents via handoffs — structured transfers of control from one agent +to another, each potentially invoking registered function tools. The +SDK provides no built-in mechanism for a receiving agent to verify +that the handoff was authorized by a named principal, nor for the +invoking agent to produce a verifiable record of what functions it +called. + +ACT is applicable at the handoff boundary: the orchestrating agent +SHOULD issue a Phase 1 ACT Mandate to the receiving agent at the +moment of handoff, encoding the permitted function set as +capability constraints and the maximum privilege the receiving agent +MAY exercise. The receiving agent SHOULD attach its Phase 2 ACT +Record to any callback or downstream response, providing the +orchestrator with cryptographic evidence of the actions taken. In +multi-turn chains involving multiple handoffs, the DAG linkage +() allows each handoff to be expressed as a +parent-child edge, preserving the full causal ordering of the agent +invocation sequence. + +Implementations that use the OpenAI function calling API directly, +without the Agents SDK, MAY apply ACT at the application layer: the +calling process issues a Phase 1 ACT before the function call +parameter block is finalized, and the receiving function handler +returns a Phase 2 ACT alongside its JSON result. + +
+
LangGraph and LangChain Agent Graphs + +LangGraph models agent workflows as typed StateGraphs in +which nodes represent agent invocations or tool calls and edges +represent conditional transitions. The DAG structure of ACT +() is a natural fit for this model: each LangGraph +node that performs an observable action corresponds to exactly one +ACT task identifier (tid), and directed edges in the LangGraph +correspond to pred (predecessor) references in successor ACTs. + +ACT is applicable at the node boundary: when a LangGraph node +dispatches a sub-agent or invokes a tool with side effects, it SHOULD +issue a Phase 1 ACT Mandate encoding the node's permitted actions +before any external call is made. Upon transition out of the node, +a Phase 2 ACT Record SHOULD be produced and attached to the +LangGraph state object alongside the node's output. Downstream nodes +that fan-in from multiple predecessors MAY retrieve the set of parent +ACT identifiers from the shared state to populate their pred array, +thereby expressing LangGraph's fan-in semantics within the ACT DAG +without any additional infrastructure. + +In contrast to LangGraph's built-in state audit trail, which is +mutable in-process memory, Phase 2 ACTs are cryptographically signed +and portable: they can be exported from a LangGraph run and +submitted to an external audit ledger, satisfying compliance +requirements that cannot be met by in-process logging alone. + +
+
Google Agent2Agent (A2A) Protocol + +The Agent2Agent protocol defines a task-oriented JSON-RPC +interface for inter-agent communication, with authentication +delegated to OAuth 2.0 or API key schemes declared in each agent's +Agent Card. A2A provides no mechanism for a receiving agent to +verify the authorization provenance of a task request beyond the +transport-layer credential, and produces no token that represents +the execution of the task in a verifiable, portable form. + +ACT is applicable as a session-layer accountability complement to +A2A: a client agent SHOULD include a Phase 1 ACT Mandate in the +metadata field of the A2A Task object, encoding the task type as +a capability constraint and the delegating agent's identity as the +ACT issuer. The receiving agent SHOULD validate the Mandate before +beginning task execution and SHOULD return a Phase 2 ACT Record +as an artifact in the A2A TaskResult, enabling the client agent to +retain cryptographic proof of what was executed on its behalf. + +This integration does not require modification to A2A's transport or +authentication scheme; ACT and A2A's OAuth credentials operate at +independent layers and are not redundant. A2A's credential answers +"is this client permitted to contact this server?"; the ACT Mandate +answers "is this agent permitted to request this specific task +under these constraints?". + +
+
Enterprise Orchestration Without WIMSE (CrewAI, AutoGen) + +Enterprise orchestration frameworks such as CrewAI and +AutoGen deploy multi-agent systems within a single +organizational boundary, typically without SPIFFE/SPIRE workload +identity infrastructure. In these environments, OAuth Authorization +Servers are often unavailable or impractical to deploy for +intra-process agent communication. + +ACT is applicable in this context via its Tier 1 (pre-shared key) +trust model (): each agent role in a CrewAI Crew or +AutoGen ConversableAgent graph is assigned an Ed25519 keypair at +instantiation time. The orchestrating agent issues Phase 1 Mandates +to worker agents before delegating tasks, constraining each worker +to only the tools and actions relevant to its role. Worker agents +produce Phase 2 Records on task completion. The resulting ACT chain +is exportable as a structured audit trail that satisfies the +per-action logging requirements of DORA and EU AI Act +Article 12 without requiring shared infrastructure beyond +the ability to exchange public keys at deployment time. + +Implementations SHOULD NOT use ACT's self-assertion mode (where an +agent issues and records its own mandate without external sign-off) +in regulated workflows; at minimum, the orchestrating agent MUST +sign the initial Mandate so that accountability is anchored to a +principal outside the executing agent. + +
+
Relationship to WIMSE ECT + +Where WIMSE infrastructure is deployed, ACT and the WIMSE Execution +Context Token serve complementary and +non-overlapping functions. The ECT records workload-level execution +in WIMSE terms — which SPIFFE workload executed, in which trust +domain, against which service. ACT records the authorization +provenance — which agent was permitted to request which action, +under what capability constraints, by whose authority — and +transitions that authorization record into an execution record upon +task completion. + +In mixed environments, both tokens SHOULD be carried simultaneously: +the Workload-Identity header carries the WIMSE ECT; the +ACT-Record header carries the ACT. Verifiers MAY correlate the +two by matching the ACT tid claim against application-layer +identifiers present in the ECT's task context. Neither token is a +profile or extension of the other; they operate at different +abstraction layers and their co-presence is additive. + +
+
+
+
Conventions and Definitions + +The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL +NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", +"MAY", and "OPTIONAL" in this document are to be interpreted as +described in BCP 14 when, and only when, they +appear in all capitals, as shown here. + + + +Agent: An autonomous software entity that executes tasks, issues +ACTs as mandates for sub-agents, and produces ACTs as execution +records of its own actions. + +Authorization Mandate: An ACT in Phase 1, encoding what an agent +is permitted to do, under what constraints, and by whose authority. + +Execution Record: An ACT in Phase 2, encoding what an agent +actually did, including cryptographic hashes of inputs and outputs +and causal links to predecessor tasks. + +Directed Acyclic Graph (DAG): A graph structure representing task +dependency ordering where edges are directed and no cycles exist. Used +by ACT to model causal relationships between tasks in a workflow. + +Delegation Chain: A cryptographically verifiable sequence of ACT +issuances from a root authority through one or more agents, each +signing a new ACT that reduces privileges relative to the one it +received. + +Trust Tier: A level of key management infrastructure used to +establish the public key of an ACT issuer. Tiers range from +pre-shared keys (Tier 1, mandatory) to PKI (Tier 2) and DIDs +(Tier 3). + +Workflow: A set of related tasks, identified by a shared wid +claim, forming a single logical unit of work. + +
+
ACT Lifecycle + +An ACT has a two-phase lifecycle. The same token format is used in +both phases; the presence or absence of execution claims determines +which phase a token represents. + +A token is a Phase 2 Execution Record if and only if the claim +exec_act is present. A token that does not contain exec_act is +a Phase 1 Authorization Mandate. Verifiers MUST determine the +phase before applying verification rules, and MUST reject a token +that is presented in the wrong phase for the operation being +performed. + +
Phase 1: Authorization Mandate + +In Phase 1, an ACT is created by a delegating agent (or a human +operator) to authorize a target agent to perform a specific task. The +token carries: + + + The identity of the issuing agent and the target agent. + The capabilities granted, with associated constraints. + Human oversight requirements for high-impact actions. + The delegation provenance (who authorized the issuer to delegate). + A task identifier and declared purpose. + + +The Phase 1 ACT is signed by the issuing agent using its private key. +The target agent receives the ACT and uses it as a bearer mandate — +evidence that it is authorized to proceed. + +Phase 1 ACTs are short-lived. Implementations SHOULD set expiration +(exp) to no more than 15 minutes after issuance (iat) for +automated agent-to-agent workflows. Longer lifetimes MAY be used for +human-initiated mandates where the agent may not act immediately. + +
+
Phase 2: Execution Record + +Upon completing the authorized task, the executing agent MUST +transition the ACT to Phase 2 by: + + + Adding the exec_act claim describing the action performed. + Optionally adding inp_hash and/or out_hash SHA-256 hashes +of task inputs and outputs (RECOMMENDED for regulated environments). + Adding the pred array referencing predecessor task identifiers (DAG +dependencies). + Adding exec_ts and status claims. + Re-signing the complete token with its own private key. + + +The re-signing is critical: it produces a new signature over the +combined authorization + execution claims, binding the executing +agent's cryptographic identity to both the mandate it received and +the execution it performed. This creates a single, non-repudiable +record that answers both "was this agent authorized?" and "what +did it do?" + +Note on issuer signature preservation: re-signing replaces the +Phase 1 signature produced by the issuing agent (iss). The +integrity of the original mandate is preserved through the +del.chain mechanism: the chain entry's sig field is the iss +agent's signature over the Phase 1 ACT, and this signature remains +intact and verifiable in the Phase 2 token. For root mandates where +del.chain is empty, the issuer's signature is not independently +preserved in Phase 2. Deployments requiring independent +verifiability of the original mandate SHOULD retain the Phase 1 +ACT separately alongside the Phase 2 record. + +The resulting Phase 2 ACT SHOULD be submitted to an audit ledger +() and MAY be sent to the next agent in the workflow +as evidence of completed prerequisites. + +
+
Lifecycle State Machine + +
+ +
+
+
ACT Token Format + +An ACT is a JSON Web Token signed as a JSON Web Signature + using JWS Compact Serialization. All ACTs MUST use JWS +Compact Serialization to ensure they can be carried in a single HTTP +header value. + +
JOSE Header + +The ACT JOSE header MUST contain: + +
+ +alg (REQUIRED): The digital signature algorithm. Implementations +MUST support ES256 . EdDSA (Ed25519) is +RECOMMENDED for new deployments due to smaller signatures and +resistance to side-channel attacks. Symmetric algorithms (HS256, +HS384, HS512) MUST NOT be used. The "alg" value MUST NOT be "none". + +typ (REQUIRED): MUST be "act+jwt" to distinguish ACTs from other +JWT types. + +kid (REQUIRED): An identifier for the signing key. In Tier 1 +deployments (pre-shared keys), this is an opaque string agreed +out-of-band. In Tier 2 deployments (PKI), this is the X.509 +certificate thumbprint. In Tier 3 deployments (DID), this is the +DID key fragment (e.g., did:key:z6Mk...#key-1). + +x5c (OPTIONAL): In Tier 2 deployments, the X.509 certificate +chain MAY be included to enable verification without out-of-band +key distribution. + +did (OPTIONAL): In Tier 3 deployments, the full DID of the +issuing agent MAY be included for resolution. + +
+
JWT Claims: Authorization Phase + +
Standard JWT Claims + +iss (REQUIRED): The identifier of the agent issuing the mandate. +Format depends on trust tier: an opaque string (Tier 1), an X.509 +Subject DN (Tier 2), or a DID (Tier 3). + +sub (REQUIRED): The identifier of the agent authorized to act. +MUST use the same format convention as iss. + +aud (REQUIRED): The intended recipient(s). MUST include the +identifier of the target agent (sub). When an audit ledger is +deployed, MUST also include the ledger's identifier. When multiple +recipients are present, MUST be an array. Verifiers that are audit +ledgers MUST verify that their own identifier appears in aud. + +iat (REQUIRED): Issuance time as a NumericDate . + +exp (REQUIRED): Expiration time. Implementations SHOULD set to +no more than 15 minutes after iat for automated workflows. + +jti (REQUIRED): A UUID uniquely identifying this ACT +and, in Phase 2, the task it records. Used as the task identifier +for DAG predecessor references in pred. + +
+
ACT Authorization Claims + +wid (OPTIONAL): A UUID identifying the workflow to which this +task belongs. When present, groups related ACTs and scopes jti +uniqueness to the workflow. + +task (REQUIRED): An object describing the authorized task: + +
+ + + purpose (REQUIRED): A string describing the intended task. +Implementations SHOULD use a controlled vocabulary or reverse- +domain notation (e.g., "com.example.validate_dosage") to enable +semantic consistency checking by the receiving agent. + data_sensitivity (OPTIONAL): One of "public", "internal", +"confidential", "restricted". Receiving agents MUST NOT perform +actions that would expose data above this classification. + created_by (OPTIONAL): An identifier for the human or system +that initiated the workflow. SHOULD be pseudonymous (see +). + expires_at (OPTIONAL): A NumericDate after which the task +mandate is no longer valid, independent of exp. + + +cap (REQUIRED): An array of capability objects, each specifying +an action the agent is authorized to perform and the constraints +under which it may do so: + +
+ +Action names MUST conform to the ABNF grammar: + +
+ +Receiving agents MUST perform exact string matching on action names. +Wildcard matching is NOT part of this specification. + +When multiple capabilities match the same action, OR semantics +apply: if ANY capability grants the action, the request is +authorized subject to that capability's constraints. When multiple +constraints exist within a single capability, AND semantics apply: +ALL constraints MUST be satisfied. When the same constraint key +appears in both a capability-level and a policy-level context, the +more restrictive value applies: lower numeric limits, narrower +allow-lists (intersection), broader block-lists (union), and +narrower time windows. + +oversight (OPTIONAL): Human oversight requirements: + +
+ +When requires_approval_for lists an action, the receiving agent +MUST NOT execute that action autonomously. The approval mechanism +is out of scope for this specification. + +del (OPTIONAL): Delegation provenance, establishing the chain +of authority from the root mandate to this ACT. If del is absent, +the ACT MUST be treated as a root mandate with depth = 0 and +further delegation is not permitted (i.e., the receiving agent MUST +NOT issue sub-mandates based on this ACT). + +
+ + + depth: The current delegation depth. 0 means this is a root +mandate issued by a human or root authority. + max_depth: The maximum permitted delegation depth. Receiving +agents MUST NOT issue sub-mandates that would exceed this depth. + chain: An array of delegation provenance records ordered from +root to immediate parent (chain[0] is the root authority, +chain[depth-1] is the direct parent of this ACT). Each entry +contains: + + delegator: The identifier of the agent that authorized this +delegation step (i.e., the iss of the parent ACT at that +depth). + jti: The jti of the parent ACT that authorized this +delegation step. + sig: The delegating agent's signature over the SHA-256 hash +of that parent ACT, providing cryptographic linkage without +requiring the full parent ACT to be transmitted. + + + +The sig field in each chain entry is the critical departure from +AAP's delegation model: rather than requiring a central AS to +validate the chain, any verifier holding the delegating agent's +public key can independently verify each step by recomputing the +hash and checking the signature. + +
+
+
JWT Claims: Execution Phase + +The following claims are added by the executing agent when +transitioning to Phase 2. Their presence distinguishes an Execution +Record from an Authorization Mandate. + +exec_act (REQUIRED in Phase 2): A string identifying the action +actually performed. MUST conform to the same ABNF grammar as +capability action names. MUST match one of the action values in +the cap array of the Phase 1 claims. + +pred (REQUIRED in Phase 2): An array of jti values of predecessor +tasks in the DAG. An empty array indicates a root task. Each value +MUST be the jti of a previously verified ACT (Phase 2) within +the same workflow (same wid) or the global ACT store if wid is +absent. + +inp_hash (OPTIONAL): The base64url encoding (without padding) of +the SHA-256 hash of the task's input data, computed over the raw +octets of the serialized input. Provides cryptographic evidence of +what data the agent processed. + +out_hash (OPTIONAL): The base64url encoding (without padding) of +the SHA-256 hash of the task's output data, using the same format +as inp_hash. Provides cryptographic evidence of what data the +agent produced. + +exec_ts (REQUIRED in Phase 2): A NumericDate recording the +actual time of task execution. MAY differ from iat when the agent +queued the mandate before execution. MUST be greater than or equal +to iat. SHOULD be less than or equal to exp; execution after +mandate expiry is possible when tasks are long-running and MUST NOT +cause automatic rejection, but implementors SHOULD log a warning. + +status (REQUIRED in Phase 2): One of "completed", "failed", +"partial". Allows audit systems to distinguish successful execution +from partial or failed attempts, which is essential for regulated +environments where failed attempts must be recorded. + +err (OPTIONAL, present when status is "failed" or "partial"): +An object providing error context: + +
+ +Error detail SHOULD NOT reveal internal system state beyond what is +necessary for audit purposes. + +
+
Complete Examples + +
Example: Phase 1 — Authorization Mandate + +
+ +
+
Example: Phase 2 — Execution Record (same token, re-signed by target agent) + +
+ +
+
+
+
Trust Model + +ACT defines four trust tiers. Tier 1 is mandatory-to-implement; all +others are optional upgrades. An ACT verifier MUST be able to process +ACTs from any tier it has configured. The trust tier in use is +determined by the kid format and the presence of x5c or did +header parameters. + +
Tier 0: Bootstrap (TOFU — Trust On First Use) + +Tier 0 is NOT part of the normative trust model and MUST NOT be used +in regulated environments. It is defined here for documentation +purposes only, to describe the common bootstrapping scenario. + +In Tier 0, the first ACT received from an agent establishes its +public key. This is equivalent to SSH TOFU behavior: an attacker +who intercepts the first message can substitute their own key. Tier 0 +deployments MUST transition to Tier 1 or higher before exchanging +ACTs that carry sensitive capabilities. + +
+
Tier 1: Pre-Shared Keys (Mandatory-to-Implement) + +In Tier 1, both parties exchange public keys out-of-band prior to +the first ACT exchange. The kid is an opaque string agreed during +the key exchange. Implementations MUST support Tier 1. + +Key exchange MAY occur via any out-of-band mechanism: manual +configuration, a configuration management system, or a prior +authenticated channel. This specification does not mandate a +specific key exchange protocol. + +Tier 1 public keys MUST be Ed25519 or P-256 (ES256) + keys. RSA keys SHOULD NOT be used in Tier 1 deployments due to +key size. Key rotation MUST be performed out-of-band using the same +mechanism as the initial exchange. + +
+
Tier 2: PKI / X.509 + +In Tier 2, agent identity is bound to an X.509 certificate issued +by a mutually trusted Certificate Authority (CA). The kid is the +certificate thumbprint (SHA-256 of the DER-encoded certificate). + +Cross-organizational ACT exchange in Tier 2 requires either: + +(a) a mutually trusted root CA, or +(b) cross-certification between the organizations' CAs, or +(c) explicit trust anchoring (one organization's CA is added to + the other's trust store). + +The x5c JOSE header parameter MAY carry the full +certificate chain to enable verification without out-of-band trust +store configuration. + +
+
Tier 3: Decentralized Identifiers (DID) + +In Tier 3, agent identity is expressed as a DID . The +kid is a DID key fragment. The did JOSE header parameter carries +the full DID for resolution. + +Implementations SHOULD support at minimum did:key for +self-contained key distribution without external resolution, and +did:web for organizations that prefer DNS-anchored +identity. + +DID resolution latency introduces a dependency on external +infrastructure. To preserve the zero-infrastructure baseline, +implementations using Tier 3 MAY cache DID Documents and MUST +specify a maximum cache TTL in their configuration. + +
+
Cross-Tier Interoperability + +A delegation chain MAY include agents operating at different trust +tiers. Each step in the chain is verified using the trust tier of +the signing agent at that step. Verifiers MUST NOT reject a chain +solely because it mixes trust tiers, but MAY apply stricter +policy for chains that include Tier 0 or Tier 1 steps when +exchanging sensitive capabilities. + +
+
+
Delegation Chain + +ACT delegation is peer-to-peer: no Authorization Server is involved. +Delegation is expressed as a cryptographically verifiable chain of +ACT issuances, where each step reduces privileges relative to the +previous step. + +
Peer-to-Peer Delegation + +When Agent A authorizes Agent B to perform a sub-task, Agent A: + + + Creates a new ACT with sub set to Agent B's identifier. + Sets cap to a subset of A's own authorized capabilities, +with constraints at least as restrictive as those in A's mandate. + Sets del.depth to A's own del.depth + 1. + Sets del.max_depth to no more than the del.max_depth value +in A's own mandate. + Adds a chain entry containing A's identifier as delegator, +the jti of A's own mandate, and a sig value computed as: +
+ +where canonical_ACT_phase1_bytes is the UTF-8 encoded bytes +of the JWS Compact Serialization of A's Phase 1 ACT. + Signs the new ACT with A's private key. + + +
+
Privilege Reduction Requirements + +When issuing a delegated ACT, the issuing agent MUST reduce +privileges by one or more of: + + + Removing capabilities (sub-set of parent capabilities only). + Adding stricter constraints (lower rate limits, narrower domains, +shorter time windows, lower data classification ceiling). + Reducing token lifetime (exp closer to iat). + Reducing del.max_depth. + + +The issuing agent MUST NOT grant capabilities not present in its +own mandate. Capability escalation via delegation is prohibited and +MUST be detected and rejected by verifiers. + +For well-known numeric constraints (e.g., max_records, +max_requests_per_hour), "more restrictive" means a numerically +lower or equal value. For well-known enumerated constraints +(e.g., data_sensitivity), "more restrictive" means a value that +is equal or higher in the defined ordering +("public" < "internal" < "confidential" < "restricted"). +For unknown or domain-specific constraint keys, verifiers MUST +treat the constraint as non-comparable and MUST reject the +delegation unless the delegated constraint value is byte-for-byte +identical to the parent constraint value. + +
+
Delegation Verification + +A verifier receiving a delegated ACT MUST: + + + Verify the ACT's own signature (). + For each entry in del.chain, in order from index 0 to +del.depth - 1: +a. Retrieve the public key for entry.delegator. +b. Verify that entry.sig is a valid signature over the SHA-256 + hash of the referenced parent ACT (identified by entry.jti). +c. Verify that the capabilities in the current ACT are a subset + of the capabilities in the parent ACT, per the constraint + comparison rules in . + Verify that del.depth does not exceed del.max_depth. + Verify that del.chain length equals del.depth. + + +If any step fails, the ACT MUST be rejected. + +
+
+
DAG Structure and Causal Ordering + +ACTs in Phase 2 form a DAG over the pred (predecessor) claim. The DAG +encodes causal dependencies: a task MAY NOT begin before all its +parent tasks are completed. + +
DAG Validation + +When processing a Phase 2 ACT, implementations MUST: + + + Uniqueness: Verify the jti is unique within the workflow +(wid) or globally if wid is absent. + Predecessor Existence: Verify every jti in pred corresponds to +a Phase 2 ACT available in the ACT store or audit ledger. + Temporal Ordering: Verify that for each parent: +parent.exec_ts < child.exec_ts + clock_skew_tolerance +(RECOMMENDED tolerance: 30 seconds). Causal ordering is +primarily enforced by DAG structure, not timestamps. + Acyclicity: Following parent references MUST NOT lead back +to the current ACT's jti. Implementations MUST enforce a +maximum ancestor traversal limit (RECOMMENDED: 10,000 nodes). + Capability Consistency: Verify that exec_act matches one +of the action values in the cap array from Phase 1. + + +
+
Root Tasks and Fan-in + +A root task has pred = []. A workflow MAY have multiple root tasks +representing parallel branches with no shared predecessor. + +Fan-in — a task with multiple parents — is expressed naturally: + +
+ +This indicates the current task depends on the completion of both +referenced parent tasks, which MAY have been executed in parallel +by different agents. + +
+
DAG vs Linear Delegation Chains + +Several concurrent proposals for agent authorization model delegation +as an ordered, linear chain of tokens or principals. Examples include +the actchain claim of +, the Agentic JWT +construction of , the AIP / Interaction-Bound Context Token +(IBCT) model of , and the delegation record defined in +. In each of these +designs, the trail from the originator to the final executor is +represented as an ordered array recording one predecessor per hop. + +
What Linear Chains Express Well + +Linear chains are a natural fit for simple sequential delegation: +agent A delegates to agent B, which delegates to agent C. The chain +records the history of that single hand-off in order, and verifiers +can walk from the current holder back to the originator without +branching. For interactive user-to-agent-to-service flows, where each +step has exactly one predecessor, a linear chain is both sufficient +and compact. + +
+
Limitations of Linear Chains + +Agentic workflows in practice are rarely purely linear. Planner +agents dispatch parallel sub-tasks; synthesizer agents consume +results from multiple independent branches; tool calls execute +concurrently and their outputs are merged. A linear chain cannot +faithfully represent the following common topologies: + + + Fork: A single task spawns multiple independent sub-tasks. A +linear chain cannot express that two concurrent sub-executions +share a common parent authorization but are otherwise +independent; each sub-task would either omit its siblings or +fabricate a false ordering between them. + Join (fan-in): A task whose output depends on results from +several predecessors has no single prior hop. Linear chains +cannot express multiple-parent relationships without either +collapsing parallel branches into an arbitrary order or +duplicating records. + Diamond dependencies: A planner dispatches parallel work and +later synthesizes the results. The synthesis step depends on +every branch, and all branches depend on the same planner. +This diamond shape requires a DAG; a linear chain forces the +verifier to pick one branch and discard the others. + Cross-chain references: When two independently authorized +chains produce outputs that are later combined (e.g., a shared +cache lookup and a fresh retrieval), linear chains force a +single history and cannot record that the combined result has +two distinct provenances. + + +
+
ACT's DAG Approach + +As specified in , the pred claim is +an array of parent jti values rather than a single scalar. This +allows an ACT to record: + + + Zero parents (a root task, pred = []); + Exactly one parent (a linear chain, equivalent to the +single-predecessor designs referenced above); + Multiple parents (fan-in from parallel branches); and + Any acyclic shape that matches the actual execution structure. + + +The following example illustrates a diamond workflow. A research +agent (A) dispatches a web-search agent (B) and a code-analysis +agent (C) in parallel; both complete, and their outputs are +combined by a writer agent (D): + +
+ +A linear actchain representation cannot express that D depends on +both B and C. At best, it can record one of the two parents and lose +the other, or serialize B and C into a false sequential order. + +
+
Verifiability Implications + +With a DAG representation, an auditor holding the set of Phase 2 +ACTs for a workflow can reconstruct the full execution graph, not +just one chain per final record. This matters for: + + + Debugging: identifying which branch contributed an erroneous +input to a downstream synthesis. + Compliance: demonstrating that every input to a regulated +decision was itself authorized, not only the most recent hop. + Tamper-evidence: detecting that a branch has been omitted, +since the surviving siblings' pred arrays name the missing +predecessor by jti. + + +
+
Interoperability with Linear-Chain Designs + +ACT's DAG reduces to a linear chain in the degenerate case where +every pred array has length zero or one. An implementation that +requires linear-chain semantics MAY treat such ACTs as equivalent +to actchain-style records and ignore the fork/join capability. +The reverse reduction is not available: a linear-chain-only design +cannot represent ACT DAG topologies without loss of information. + +ACT therefore takes the linear chain as a strict subset of its +model rather than as a competing approach. The DAG generalization +is deliberate and is motivated by the concurrent, branching nature +of real agentic executions rather than by any deficiency in the +linear-chain designs for the sequential cases they target. + +
+
+
+
Verification Procedure + +
Authorization Phase Verification + +A receiving agent MUST verify a Phase 1 ACT as follows: + + + Parse JWS Compact Serialization per . + Verify typ is "act+jwt". + Verify alg is in the verifier's algorithm allowlist. The +allowlist MUST NOT include "none" or any symmetric algorithm. + Retrieve the public key for kid per the applicable trust tier +(). + Verify the JWS signature. + Verify exp has not passed (with clock skew tolerance: +RECOMMENDED maximum 5 minutes). + Verify iat is not unreasonably in the future (RECOMMENDED: +no more than 30 seconds ahead). + Verify aud contains the verifier's own identifier. + Verify iss is a trusted agent identity per local policy. + Verify sub matches the verifier's own identifier (the agent +is the intended recipient of this mandate). + Verify all required claims are present and well-formed. + Verify delegation chain () if +del.chain is non-empty. + Verify capabilities are within policy limits. + + +
+
Execution Phase Verification + +In addition to all Phase 1 verification steps, a verifier processing +a Phase 2 ACT MUST: + + + Verify exec_act is present and matches an action in cap. + Verify pred is present and perform DAG validation +(). + Verify exec_ts is present and is greater than or equal to +iat. If exec_ts is after exp, implementations SHOULD log +a warning but MUST NOT reject the record solely on this basis. + Verify status is present and has a valid value. + Verify the re-signature was produced by the sub agent (the +executing agent), not the iss agent (the mandating agent). +This is verified by checking that the kid in the Phase 2 JOSE +header corresponds to the sub agent's public key. + If inp_hash or out_hash are present, verify them against +locally available input/output data when possible. + + +
+
+
Transport + +
HTTP Header Transport + +This specification defines two HTTP header fields for ACT transport: + +ACT-Mandate: Carries a Phase 1 ACT issued by an upstream agent +or operator. Value is the JWS Compact Serialization of the ACT. + +
+ +ACT-Record: Carries a Phase 2 ACT from a predecessor agent, +serving as evidence of completed prerequisites. + +
+ +Multiple ACT-Record header lines MAY be included when a task has +multiple completed predecessors (DAG fan-in). If any single ACT-Record +fails verification, the receiver MUST reject the entire request. + +
+
Non-HTTP Transports + +For non-HTTP transports (MCP stdio, A2A message queues, AMQP, etc.), +ACTs SHOULD be carried as a dedicated field in the transport's +metadata envelope. The field name SHOULD be act_mandate for Phase 1 +ACTs and act_record for Phase 2 ACTs. Implementations MUST use the +JWS Compact Serialization form in all transports. + +
+
+
Audit Ledger Interface + +Phase 2 ACTs SHOULD be submitted to an immutable audit ledger. +A ledger is RECOMMENDED for regulated environments but is not +required for basic ACT operation. This specification does not +mandate a specific storage technology. + +When an audit ledger is deployed, the implementation MUST provide: + + + Append-only semantics: Once an ACT is recorded, it MUST NOT +be modified or deleted. + Ordering: A monotonically increasing sequence number per +recorded ACT. + Lookup: Efficient retrieval by jti value. + Integrity: A cryptographic commitment scheme over recorded +ACTs (e.g., hash-chaining, Merkle tree anchoring, or SCITT +registration per ). + + +
+
Security Considerations + +
Threat Model + +ACT assumes an adversarial environment where: + + + Individual agents may be compromised. + Network paths may be intercepted (mitigated by transport security). + Attackers may attempt to replay valid ACTs from prior interactions. + Colluding agents may attempt to fabricate execution records. + Agents may attempt privilege escalation via manipulated delegation +chains. + + +ACT does NOT assume: + + + A trusted central authority (by design). + Synchronized clocks beyond the stated skew tolerance. + Availability of external network services during verification. + + +
+
Self-Assertion Limitation + +Phase 2 ACTs are self-asserted: an executing agent signs its own +execution record. A compromised agent with an intact private key can +produce Phase 2 ACTs claiming arbitrary inputs, outputs, and action +types, as long as the claimed exec_act matches an authorized +capability. + +This is a fundamental limitation of self-sovereign attestation. It +is the same limitation affecting WIMSE ECT +. + +Mitigations: + + + Cross-agent corroboration: A receiving agent that processes +an ACT-Record as a prerequisite independently verifies that the +claimed out_hash matches the data it actually received. + Ledger sequencing: An append-only ledger with monotonic +sequence numbers prevents retroactive insertion of fabricated +records. + SCITT anchoring: For high-assurance deployments, Phase 2 ACTs +SHOULD be anchored to a SCITT Transparency Service, providing +external witness that the record was submitted at a claimed time. + + +
+
Key Compromise + +If an agent's private key is compromised, an attacker can issue +arbitrary Phase 1 mandates (impersonating the agent as an issuer) +and fabricate Phase 2 records (impersonating the agent as an +executor). + +Key compromise response: + + + The compromised agent's identifier MUST be added to all +verifiers' deny lists. + In Tier 2 (PKI) deployments, the certificate MUST be revoked +via CRL or OCSP. + In Tier 3 (DID) deployments, the DID Document MUST be updated +to revoke the compromised key. + In Tier 1 (pre-shared key) deployments, both parties MUST +perform an out-of-band key rotation. + + +ACT chains that include records signed by a compromised key MUST +be treated as potentially tainted from the point of compromise. +Audit systems MUST flag all ACTs signed after the estimated +compromise time. + +
+
Replay Attack Prevention + +jti uniqueness within the applicable scope (workflow or global) +provides replay detection. Verifiers MUST reject ACTs whose jti +has already been seen and processed. + +exp provides a time-bounded replay window. Verifiers MUST reject +expired ACTs. The combination of jti and exp means that replay +detection state only needs to be maintained for the duration of token +lifetimes. + +
+
Equivocation + +In standalone deployment (no audit ledger, no SCITT anchoring), ACT +does NOT provide non-equivocation guarantees. A compromised agent +can maintain two valid ACT chains — presenting Phase 2 records with +different out_hash values to different verifiers — and both will +pass independent verification. + +Deployments claiming DORA Article 10/11 compliance or EU AI +Act Article 12 compliance MUST use one of: + +(a) A shared append-only audit ledger visible to all relevant parties, + with cryptographic integrity (hash chaining or Merkle trees). + +(b) SCITT anchoring providing external + Transparency Service receipts. + +Standalone ACT provides tamper detection (a verifier can detect +modification of a record it has seen) but not split-view prevention +(a verifier cannot detect a different record shown to another +verifier). + +
+
Privilege Escalation + +Verifiers MUST check that each step in del.chain reduces or +maintains (never increases) the capabilities relative to the +preceding step. Implementations MUST reject ACTs where: + + + del.depth exceeds del.max_depth. + cap contains actions not present in any referenced parent ACT. + Constraints in cap are less restrictive than those in the parent. + + +
+
Denial of Service + +ACT verification is more computationally expensive than standard JWT +validation due to delegation chain verification and DAG traversal. + +Mitigations: + + + Reject ACTs larger than 64KB before parsing. + Enforce maximum del.chain length (RECOMMENDED: 10 entries). + Enforce maximum DAG ancestor traversal depth (RECOMMENDED: 10,000 +nodes, ). + Cache verification results for recently seen jti values within +the token lifetime window. + + +
+
+
Privacy Considerations + +ACT tokens and audit ledger records may contain information that +identifies agents, organizations, or individuals. Implementations +SHOULD apply data minimization principles: + + + task.created_by SHOULD use a pseudonymous identifier rather +than a personal email address or real name. + task.purpose SHOULD use a controlled vocabulary code rather +than free-text descriptions that may contain personal data. + del.chain entries reveal organizational structure. Cross- +organizational delegation chains SHOULD use Tier 3 (DID) +identifiers that do not reveal organizational affiliation. + inp_hash and out_hash are hashes of data, not the data +itself, and do not constitute personal data under GDPR +Article 4(1) provided the underlying data is not trivially +reversible (e.g., hashes of very short strings). + + +For GDPR Article 17 (right to erasure) compliance, audit ledgers +SHOULD store only ACT tokens (which contain hashes, not raw data) +and SHOULD implement crypto-shredding for any associated encrypted +payloads. + +
+
IANA Considerations + +
Media Type Registration + +This document requests registration of the following media type: + + + Type name: application + Subtype name: act+jwt + Required parameters: none + Encoding considerations: binary (base64url-encoded JWT) + Security considerations: See . + Interoperability considerations: See . + Specification: This document. + + +
+
HTTP Header Field Registration + +This document requests registration of the following HTTP header +fields in the "Hypertext Transfer Protocol (HTTP) Field Name +Registry": + + + Header field name: ACT-Mandate + Applicable protocol: HTTP + Status: permanent + Specification: This document, . + Header field name: ACT-Record + Applicable protocol: HTTP + Status: permanent + Specification: This document, . + + +
+
JWT Claims Registration + +This document requests registration of the following claims in the +IANA "JSON Web Token Claims" registry: + + + Claim Name + Description + Reference + wid + Workflow identifier + This document + task + Task authorization context + This document + cap + Capabilities with constraints + This document + oversight + Human oversight requirements + This document + del + Delegation provenance chain + This document + exec_act + Executed action identifier + This document + pred + Predecessor task identifiers (DAG) + This document + inp_hash + SHA-256 hash of task input + This document + out_hash + SHA-256 hash of task output + This document + exec_ts + Actual execution timestamp + This document + status + Execution status + This document + err + Execution error context + This document + + +
+
+ + + + + + + + + + + + + + + + JSON Web Signature (JWS) + + + + + + JSON Web Signature (JWS) represents content secured with digital signatures or Message Authentication Codes (MACs) using JSON-based data structures. Cryptographic algorithms and identifiers for use with this specification are described in the separate JSON Web Algorithms (JWA) specification and an IANA registry defined by that specification. Related encryption capabilities are described in the separate JSON Web Encryption (JWE) specification. + + + + + + + + JSON Web Key (JWK) + + + + A JSON Web Key (JWK) is a JavaScript Object Notation (JSON) data structure that represents a cryptographic key. This specification also defines a JWK Set JSON data structure that represents a set of JWKs. Cryptographic algorithms and identifiers for use with this specification are described in the separate JSON Web Algorithms (JWA) specification and IANA registries established by that specification. + + + + + + + + JSON Web Algorithms (JWA) + + + + This specification registers cryptographic algorithms and identifiers to be used with the JSON Web Signature (JWS), JSON Web Encryption (JWE), and JSON Web Key (JWK) specifications. It defines several IANA registries for these identifiers. + + + + + + + + JSON Web Token (JWT) + + + + + + JSON Web Token (JWT) is a compact, URL-safe means of representing claims to be transferred between two parties. The claims in a JWT are encoded as a JSON object that is used as the payload of a JSON Web Signature (JWS) structure or as the plaintext of a JSON Web Encryption (JWE) structure, enabling the claims to be digitally signed or integrity protected with a Message Authentication Code (MAC) and/or encrypted. + + + + + + + + CFRG Elliptic Curve Diffie-Hellman (ECDH) and Signatures in JSON Object Signing and Encryption (JOSE) + + + + This document defines how to use the Diffie-Hellman algorithms "X25519" and "X448" as well as the signature algorithms "Ed25519" and "Ed448" from the IRTF CFRG elliptic curves work in JSON Object Signing and Encryption (JOSE). + + + + + + + + HTTP Semantics + + + + + + The Hypertext Transfer Protocol (HTTP) is a stateless application-level protocol for distributed, collaborative, hypertext information systems. This document describes the overall architecture of HTTP, establishes common terminology, and defines aspects of the protocol that are shared by all versions. In this definition are core protocol elements, extensibility mechanisms, and the "http" and "https" Uniform Resource Identifier (URI) schemes. + This document updates RFC 3864 and obsoletes RFCs 2818, 7231, 7232, 7233, 7235, 7538, 7615, 7694, and portions of 7230. + + + + + + + + + Universally Unique IDentifiers (UUIDs) + + + + + + This specification defines UUIDs (Universally Unique IDentifiers) -- +also known as GUIDs (Globally Unique IDentifiers) -- and a Uniform +Resource Name namespace for UUIDs. A UUID is 128 bits long and is +intended to guarantee uniqueness across space and time. UUIDs were +originally used in the Apollo Network Computing System (NCS), later +in the Open Software Foundation's (OSF's) Distributed Computing +Environment (DCE), and then in Microsoft Windows platforms. + This specification is derived from the OSF DCE specification with the +kind permission of the OSF (now known as "The Open Group"). Information from earlier versions of the OSF DCE specification have +been incorporated into this document. This document obsoletes RFC +4122. + + + + + + + + Key words for use in RFCs to Indicate Requirement Levels + + + + In many standards track documents several words are used to signify the requirements in the specification. These words are often capitalized. This document defines these words as they should be interpreted in IETF documents. This document specifies an Internet Best Current Practices for the Internet Community, and requests discussion and suggestions for improvements. + + + + + + + + + Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words + + + + RFC 2119 specifies common key words that may be used in protocol specifications. This document aims to reduce the ambiguity by clarifying that only UPPERCASE usage of the key words have the defined special meanings. + + + + + + + + + + + + + + + + + + OAuth 2.0 Token Revocation + + + + + + This document proposes an additional endpoint for OAuth authorization servers, which allows clients to notify the authorization server that a previously obtained refresh or access token is no longer needed. This allows the authorization server to clean up security credentials. A revocation request will invalidate the actual token and, if applicable, other tokens based on the same authorization grant. + + + + + + + + OAuth 2.0 Token Exchange + + + + + + + + This specification defines a protocol for an HTTP- and JSON-based Security Token Service (STS) by defining how to request and obtain security tokens from OAuth 2.0 authorization servers, including security tokens employing impersonation and delegation. + + + + + + + + + Execution Context Tokens for Distributed Agentic Workflows + + + + + + + + + + + + + An Architecture for Trustworthy and Transparent Digital Supply Chains + + Fraunhofer SIT + + + Microsoft Research + + + Microsoft Research + + + ARM + + + + + + Traceability in supply chains is a growing security concern. While + verifiable data structures have addressed specific issues, such as + equivocation over digital certificates, they lack a universal + architecture for all supply chains. This document defines such an + architecture for single-issuer signed statement transparency. It + ensures extensibility, interoperability between different + transparency services, and compliance with various auditing + procedures and regulatory requirements. + + + + + + + + + + + Transaction Tokens for Agentic AI Systems + + + + + + + + + + Agent Authorization Profile (AAP) for OAuth 2.0 + + + + + + + + + + Helixar Delegation Protocol (HDP) for Agentic Delegation + + Helixar + + + + + + + + A SCITT Profile for AI Agent Execution Records + + + + + + + + + + Agentic JWT: A JSON Web Token Profile for Delegated Agent Authorization + + + + + + + + + AIP: Agent Interaction Protocol with Interaction-Bound Context Tokens + + + + + + + + + SentinelAgent: A Formal Delegation Chain Calculus for Verifiable Agent Authorization + + + + + + + + + Model Context Protocol Specification + + + + + + + + + OpenAI Agents SDK + + OpenAI + + + + + + + LangGraph Documentation + + LangChain + + + + + + + Agent2Agent (A2A) Protocol + + Google + + + + + + + CrewAI Documentation + + CrewAI + + + + + + + AutoGen Documentation + + Microsoft + + + + + + + Decentralized Identifiers (DIDs) v1.0 + + + + + + + + + The did:key Method v0.7 + + + + + + + + + did:web Method Specification + + + + + + + + + Digital Operational Resilience Act (DORA), Regulation (EU) 2022/2554 + + European Parliament + + + + + + + EU Artificial Intelligence Act, Regulation (EU) 2024/1689 + + European Parliament + + + + + + + Medical device software — Software life cycle processes, IEC 62304:2006+AMD1:2015 + + IEC + + + + + + + + + + + + + +
Appendix A: Complete JSON Schema + +The normative JSON Schema for ACT Phase 1 and Phase 2 tokens is +available at [TODO: reference implementation repository]. + +
+
Appendix B: Test Vectors + +
B.1. Valid Phase 1 ACT — Root Mandate (Tier 1, Pre-Shared Key) + +
+ +
+
B.2. Valid Phase 2 ACT — Completed Execution + +
Phase 2 +transition with re-signature by target agent] +]]>
+ +
+
B.3. Valid Phase 2 ACT — Fan-in (Multiple Parents) + +
+ +
+
B.4. Invalid ACT — Delegation Depth Exceeded + +
del.max_depth rejection] +]]>
+ +
+
B.5. Invalid ACT — Capability Escalation + +
+ +
+
B.6. Invalid ACT — exec_act Mismatch + +
+ +
+
+
Appendix C: Deployment Scenarios + +
C.1. Minimal Deployment (Zero Infrastructure) + +Two organizations exchange pre-shared public keys via secure email. +Each agent signs Phase 1 mandates and Phase 2 records with its +Ed25519 key. No ledger, no external services. Suitable for +development and low-risk workflows. + +Limitation: No non-equivocation (). + +
+
C.2. Regulated Deployment with Hash-Chained Ledger + +Phase 2 ACTs are submitted to a shared append-only ledger with +hash-chaining. Each recorded ACT extends a cryptographic chain, +providing tamper evidence for each ACT and the chain as a whole. +The ledger is shared between all regulated parties participating +in the workflow. Suitable for DORA compliance. + +
+
C.3. High-Assurance Cross-Organizational Deployment + +Phase 2 ACTs are anchored to a SCITT Transparency Service. SCITT +receipts are attached to the audit record as non-equivocation proofs. +DID-based agent identities (Tier 3) enable self-sovereign key +management without shared CA infrastructure. + +
+
C.4. WIMSE Environment Integration + +In environments where WIMSE is already deployed, ACT-Mandate and +ACT-Record headers are carried alongside the WIMSE Workload-Identity +header. The ECT and ACT serve different purposes: the ECT records +workload-level execution in WIMSE terms; the ACT records the +authorization provenance and capability constraints that governed +the action. + +
+
+
Acknowledgments + +The author thanks the IETF WIMSE, OAuth, and SCITT working groups +for foundational work on workload identity, delegated authorization, +and transparent supply chain records that informs this specification. + +
+ + + + + + + + diff --git a/workspace/drafts/ietf-wimse-ect b/workspace/drafts/ietf-wimse-ect index d47f041..3d01cb3 160000 --- a/workspace/drafts/ietf-wimse-ect +++ b/workspace/drafts/ietf-wimse-ect @@ -1 +1 @@ -Subproject commit d47f041265e1bc3a142fb14fdfe4431f5340c8b5 +Subproject commit 3d01cb32b64712db78ba0199b5920caa6527d9fd