From bf0f94ab3044dc492774179bbc320edfac8a9497 Mon Sep 17 00:00:00 2001
From: Christian Nennemann <christian@nennemann.de>
Date: Wed, 25 Feb 2026 12:38:14 +0100
Subject: [PATCH] Simplify spec: remove sub, move compensation and policy to
 ext

- Remove sub claim (always equals iss, added no information)
- Move compensation_required and compensation_reason to ext keys
- Move pol, pol_decision, pol_enforcer to ext keys
- IANA JWT Claims table reduced from 11 to 6 registered claims
- Trim witness attestation section to concise guidance
- Fix remaining ledger-mandatory language in verification
  step 15 and minimal implementation guidance

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---
 ...-nennemann-wimse-execution-context-00.html |  521 +++---
 draft-nennemann-wimse-execution-context-00.md |  342 ++--
 ...t-nennemann-wimse-execution-context-00.txt | 1166 +++++++-------
 ...t-nennemann-wimse-execution-context-00.xml | 1423 ++++++++---------
 4 files changed, 1679 insertions(+), 1773 deletions(-)

diff --git a/draft-nennemann-wimse-execution-context-00.html b/draft-nennemann-wimse-execution-context-00.html
index 2f1d326..dc05a10 100644
--- a/draft-nennemann-wimse-execution-context-00.html
+++ b/draft-nennemann-wimse-execution-context-00.html
@@ -1242,7 +1242,7 @@ li > p:last-of-type:only-child {
 </tr></thead>
 <tfoot><tr>
 <td class="left">Nennemann</td>
-<td class="center">Expires 28 August 2026</td>
+<td class="center">Expires 29 August 2026</td>
 <td class="right">[Page]</td>
 </tr></tfoot>
 </table>
@@ -1255,12 +1255,12 @@ li > p:last-of-type:only-child {
 <dd class="internet-draft">draft-nennemann-wimse-execution-context-00</dd>
 <dt class="label-published">Published:</dt>
 <dd class="published">
-<time datetime="2026-02-24" class="published">24 February 2026</time>
+<time datetime="2026-02-25" class="published">25 February 2026</time>
     </dd>
 <dt class="label-intended-status">Intended Status:</dt>
 <dd class="intended-status">Standards Track</dd>
 <dt class="label-expires">Expires:</dt>
-<dd class="expires"><time datetime="2026-08-28">28 August 2026</time></dd>
+<dd class="expires"><time datetime="2026-08-29">29 August 2026</time></dd>
 <dt class="label-authors">Author:</dt>
 <dd class="authors">
 <div class="author">
@@ -1312,7 +1312,7 @@ regulatory frameworks.<a href="#section-abstract-1" class="pilcrow">¶</a></p>
         time. It is inappropriate to use Internet-Drafts as reference
         material or to cite them other than as "work in progress."<a href="#section-boilerplate.1-3" class="pilcrow">¶</a></p>
 <p id="section-boilerplate.1-4">
-        This Internet-Draft will expire on 28 August 2026.<a href="#section-boilerplate.1-4" class="pilcrow">¶</a></p>
+        This Internet-Draft will expire on 29 August 2026.<a href="#section-boilerplate.1-4" class="pilcrow">¶</a></p>
 </section>
 </div>
 <div id="copyright">
@@ -1391,7 +1391,7 @@ regulatory frameworks.<a href="#section-abstract-1" class="pilcrow">¶</a></p>
                     <p id="section-toc.1-1.4.2.2.2.2.1"><a href="#section-4.2.2" class="auto internal xref">4.2.2</a>.  <a href="#name-execution-context" class="internal xref">Execution Context</a></p>
 </li>
                   <li class="compact toc ulBare ulEmpty" id="section-toc.1-1.4.2.2.2.3">
-                    <p id="section-toc.1-1.4.2.2.2.3.1"><a href="#section-4.2.3" class="auto internal xref">4.2.3</a>.  <a href="#name-policy-evaluation" class="internal xref">Policy Evaluation</a></p>
+                    <p id="section-toc.1-1.4.2.2.2.3.1"><a href="#section-4.2.3" class="auto internal xref">4.2.3</a>.  <a href="#name-policy-evaluation-extension" class="internal xref">Policy Evaluation Extension Keys</a></p>
 </li>
                   <li class="compact toc ulBare ulEmpty" id="section-toc.1-1.4.2.2.2.4">
                     <p id="section-toc.1-1.4.2.2.2.4.1"><a href="#section-4.2.4" class="auto internal xref">4.2.4</a>.  <a href="#name-data-integrity" class="internal xref">Data Integrity</a></p>
@@ -1475,11 +1475,6 @@ regulatory frameworks.<a href="#section-abstract-1" class="pilcrow">¶</a></p>
 </li>
               <li class="compact toc ulBare ulEmpty" id="section-toc.1-1.10.2.2">
                 <p id="section-toc.1-1.10.2.2.1"><a href="#section-10.2" class="auto internal xref">10.2</a>.  <a href="#name-self-assertion-limitation" class="internal xref">Self-Assertion Limitation</a></p>
-<ul class="compact toc ulBare ulEmpty">
-<li class="compact toc ulBare ulEmpty" id="section-toc.1-1.10.2.2.2.1">
-                    <p id="section-toc.1-1.10.2.2.2.1.1"><a href="#section-10.2.1" class="auto internal xref">10.2.1</a>.  <a href="#name-witness-attestation-model" class="internal xref">Witness Attestation Model</a></p>
-</li>
-                </ul>
 </li>
               <li class="compact toc ulBare ulEmpty" id="section-toc.1-1.10.2.3">
                 <p id="section-toc.1-1.10.2.3.1"><a href="#section-10.3" class="auto internal xref">10.3</a>.  <a href="#name-organizational-prerequisite" class="internal xref">Organizational Prerequisites</a></p>
@@ -1705,7 +1700,7 @@ regulatory audit scenarios.<a href="#section-1.2-3" class="pilcrow">¶</a></p>
             <p id="section-1.3-2.2.1">DAG structure for task dependency ordering (<a href="#dag-validation" class="auto internal xref">Section 6</a>)<a href="#section-1.3-2.2.1" class="pilcrow">¶</a></p>
 </li>
           <li class="normal" id="section-1.3-2.3">
-            <p id="section-1.3-2.3.1">Policy checkpoint recording (<a href="#policy-claims" class="auto internal xref">Section 4.2.3</a>)<a href="#section-1.3-2.3.1" class="pilcrow">¶</a></p>
+            <p id="section-1.3-2.3.1">Policy checkpoint recording via extension keys (<a href="#policy-claims" class="auto internal xref">Section 4.2.3</a>)<a href="#section-1.3-2.3.1" class="pilcrow">¶</a></p>
 </li>
           <li class="normal" id="section-1.3-2.4">
             <p id="section-1.3-2.4.1">Integration with the WIMSE identity framework
@@ -2068,63 +2063,55 @@ deployments <span class="bcp14">MAY</span> use other URI schemes (e.g., HTTPS UR
 URN:UUID identifiers).<a href="#section-4.2.1-2.2.1" class="pilcrow">¶</a></p>
 </dd>
             <dd class="break"></dd>
-<dt id="section-4.2.1-2.3">sub:</dt>
+<dt id="section-4.2.1-2.3">aud:</dt>
             <dd style="margin-left: 1.5em" id="section-4.2.1-2.4">
-              <p id="section-4.2.1-2.4.1"><span class="bcp14">OPTIONAL</span>.  StringOrURI.  The subject of the ECT.  When present,
-<span class="bcp14">MUST</span> equal the "iss" claim.  This claim is included for
-compatibility with JWT libraries and frameworks that expect a
-"sub" claim to be present.<a href="#section-4.2.1-2.4.1" class="pilcrow">¶</a></p>
-</dd>
-            <dd class="break"></dd>
-<dt id="section-4.2.1-2.5">aud:</dt>
-            <dd style="margin-left: 1.5em" id="section-4.2.1-2.6">
-              <p id="section-4.2.1-2.6.1"><span class="bcp14">REQUIRED</span>.  StringOrURI or array of StringOrURI.  The intended
+              <p id="section-4.2.1-2.4.1"><span class="bcp14">REQUIRED</span>.  StringOrURI or array of StringOrURI.  The intended
 recipient(s) of the ECT.  Because ECTs serve as both inter-agent
 messages and audit records, the "aud" claim <span class="bcp14">SHOULD</span> contain the
 identifiers of all entities that will verify the ECT.  In
-practice this means:<a href="#section-4.2.1-2.6.1" class="pilcrow">¶</a></p>
+practice this means:<a href="#section-4.2.1-2.4.1" class="pilcrow">¶</a></p>
 <ul class="normal">
-<li class="normal" id="section-4.2.1-2.6.2.1">
-                  <p id="section-4.2.1-2.6.2.1.1"><strong>Point-to-point delivery</strong>: when an ECT is sent from one
+<li class="normal" id="section-4.2.1-2.4.2.1">
+                  <p id="section-4.2.1-2.4.2.1.1"><strong>Point-to-point delivery</strong>: when an ECT is sent from one
 agent to a single next agent, "aud" contains that agent's
 workload identity.  The receiving agent verifies the ECT and
-forwards it to the ledger on behalf of the issuer.<a href="#section-4.2.1-2.6.2.1.1" class="pilcrow">¶</a></p>
+forwards it to the ledger on behalf of the issuer.<a href="#section-4.2.1-2.4.2.1.1" class="pilcrow">¶</a></p>
 </li>
-                <li class="normal" id="section-4.2.1-2.6.2.2">
-                  <p id="section-4.2.1-2.6.2.2.1"><strong>Direct-to-ledger submission</strong>: when an ECT is submitted
+                <li class="normal" id="section-4.2.1-2.4.2.2">
+                  <p id="section-4.2.1-2.4.2.2.1"><strong>Direct-to-ledger submission</strong>: when an ECT is submitted
 directly to the audit ledger (e.g., after a join or at
-workflow completion), "aud" contains the ledger's identity.<a href="#section-4.2.1-2.6.2.2.1" class="pilcrow">¶</a></p>
+workflow completion), "aud" contains the ledger's identity.<a href="#section-4.2.1-2.4.2.2.1" class="pilcrow">¶</a></p>
 </li>
-                <li class="normal" id="section-4.2.1-2.6.2.3">
-                  <p id="section-4.2.1-2.6.2.3.1"><strong>Multi-audience</strong>: when an ECT must be verified by both the
+                <li class="normal" id="section-4.2.1-2.4.2.3">
+                  <p id="section-4.2.1-2.4.2.3.1"><strong>Multi-audience</strong>: when an ECT must be verified by both the
 next agent and the ledger independently, "aud" <span class="bcp14">MUST</span> be an
 array containing both identifiers (e.g.,
 ["spiffe://example.com/agent/next",
 "spiffe://example.com/system/ledger"]).  Each verifier checks
-that its own identity appears in the array.<a href="#section-4.2.1-2.6.2.3.1" class="pilcrow">¶</a></p>
+that its own identity appears in the array.<a href="#section-4.2.1-2.4.2.3.1" class="pilcrow">¶</a></p>
 </li>
               </ul>
-<p id="section-4.2.1-2.6.3">In multi-parent (join) scenarios where a task depends on ECTs
+<p id="section-4.2.1-2.4.3">In multi-parent (join) scenarios where a task depends on ECTs
 from multiple parent agents, the joining agent creates a new ECT
 with the parent task IDs in "par".  The "aud" of this new ECT
 is set according to the rules above based on where the ECT will
 be delivered — it is independent of the "aud" values in the
-parent ECTs.<a href="#section-4.2.1-2.6.3" class="pilcrow">¶</a></p>
+parent ECTs.<a href="#section-4.2.1-2.4.3" class="pilcrow">¶</a></p>
 </dd>
             <dd class="break"></dd>
-<dt id="section-4.2.1-2.7">iat:</dt>
-            <dd style="margin-left: 1.5em" id="section-4.2.1-2.8">
-              <p id="section-4.2.1-2.8.1"><span class="bcp14">REQUIRED</span>.  NumericDate.  The time at which the ECT was issued.
+<dt id="section-4.2.1-2.5">iat:</dt>
+            <dd style="margin-left: 1.5em" id="section-4.2.1-2.6">
+              <p id="section-4.2.1-2.6.1"><span class="bcp14">REQUIRED</span>.  NumericDate.  The time at which the ECT was issued.
 The ECT records a completed action, so the "iat" value reflects
-when the record was created, not when task execution began.<a href="#section-4.2.1-2.8.1" class="pilcrow">¶</a></p>
+when the record was created, not when task execution began.<a href="#section-4.2.1-2.6.1" class="pilcrow">¶</a></p>
 </dd>
             <dd class="break"></dd>
-<dt id="section-4.2.1-2.9">exp:</dt>
-            <dd style="margin-left: 1.5em" id="section-4.2.1-2.10">
-              <p id="section-4.2.1-2.10.1"><span class="bcp14">REQUIRED</span>.  NumericDate.  The expiration time of the ECT.
+<dt id="section-4.2.1-2.7">exp:</dt>
+            <dd style="margin-left: 1.5em" id="section-4.2.1-2.8">
+              <p id="section-4.2.1-2.8.1"><span class="bcp14">REQUIRED</span>.  NumericDate.  The expiration time of the ECT.
 Implementations <span class="bcp14">SHOULD</span> set this to 5 to 15 minutes after "iat"
 to limit the replay window while allowing for reasonable clock
-skew and processing time.<a href="#section-4.2.1-2.10.1" class="pilcrow">¶</a></p>
+skew and processing time.<a href="#section-4.2.1-2.8.1" class="pilcrow">¶</a></p>
 </dd>
           <dd class="break"></dd>
 </dl>
@@ -2186,70 +2173,73 @@ multiple root tasks.<a href="#section-4.2.2-2.6.1" class="pilcrow">¶</a></p>
 </div>
 <div id="policy-claims">
 <section id="section-4.2.3">
-          <h4 id="name-policy-evaluation">
-<a href="#section-4.2.3" class="section-number selfRef">4.2.3. </a><a href="#name-policy-evaluation" class="section-name selfRef">Policy Evaluation</a>
+          <h4 id="name-policy-evaluation-extension">
+<a href="#section-4.2.3" class="section-number selfRef">4.2.3. </a><a href="#name-policy-evaluation-extension" class="section-name selfRef">Policy Evaluation Extension Keys</a>
           </h4>
-<p id="section-4.2.3-1">The following claims record policy evaluation outcomes:<a href="#section-4.2.3-1" class="pilcrow">¶</a></p>
-<span class="break"></span><dl class="dlParallel" id="section-4.2.3-2">
-            <dt id="section-4.2.3-2.1">pol:</dt>
-            <dd style="margin-left: 1.5em" id="section-4.2.3-2.2">
-              <p id="section-4.2.3-2.2.1"><span class="bcp14">OPTIONAL</span>.  String.  The identifier of the policy rule that was
-evaluated for this task (e.g.,
-"clinical_data_access_policy_v1").  <span class="bcp14">MUST</span> be present when
-"pol_decision" is present.<a href="#section-4.2.3-2.2.1" class="pilcrow">¶</a></p>
+<p id="section-4.2.3-1">Policy evaluation outcomes are recorded as extension keys within
+the "ext" object (<a href="#extension-claims" class="auto internal xref">Section 4.2.6</a>).  This keeps the core
+registered claims focused on DAG structure and execution context,
+while allowing deployments to add policy recording as needed.<a href="#section-4.2.3-1" class="pilcrow">¶</a></p>
+<p id="section-4.2.3-2">The following extension keys are defined for policy evaluation:<a href="#section-4.2.3-2" class="pilcrow">¶</a></p>
+<span class="break"></span><dl class="dlParallel" id="section-4.2.3-3">
+            <dt id="section-4.2.3-3.1">"pol":</dt>
+            <dd style="margin-left: 1.5em" id="section-4.2.3-3.2">
+              <p id="section-4.2.3-3.2.1">String.  The identifier of the policy rule that was evaluated
+for this task (e.g., "clinical_data_access_policy_v1").  <span class="bcp14">MUST</span>
+be present when "pol_decision" is present.<a href="#section-4.2.3-3.2.1" class="pilcrow">¶</a></p>
 </dd>
             <dd class="break"></dd>
-<dt id="section-4.2.3-2.3">pol_decision:</dt>
-            <dd style="margin-left: 1.5em" id="section-4.2.3-2.4">
-              <p id="section-4.2.3-2.4.1"><span class="bcp14">OPTIONAL</span>.  String.  The result of the policy evaluation.  When
-present, <span class="bcp14">MUST</span> be one of the values registered in the ECT Policy
-Decision Values registry (<a href="#pol-decision-registry" class="auto internal xref">Section 12.4</a>).  <span class="bcp14">MUST</span> be
-present when "pol" is present.  Initial values are:<a href="#section-4.2.3-2.4.1" class="pilcrow">¶</a></p>
+<dt id="section-4.2.3-3.3">"pol_decision":</dt>
+            <dd style="margin-left: 1.5em" id="section-4.2.3-3.4">
+              <p id="section-4.2.3-3.4.1">String.  The result of the policy evaluation.  When present,
+<span class="bcp14">MUST</span> be one of the values registered in the ECT Policy Decision
+Values registry (<a href="#pol-decision-registry" class="auto internal xref">Section 12.4</a>).  <span class="bcp14">MUST</span> be present
+when "pol" is present.  Initial values are:<a href="#section-4.2.3-3.4.1" class="pilcrow">¶</a></p>
 <ul class="normal">
-<li class="normal" id="section-4.2.3-2.4.2.1">
-                  <p id="section-4.2.3-2.4.2.1.1">"approved": The policy evaluation succeeded and the task
-was authorized to proceed.<a href="#section-4.2.3-2.4.2.1.1" class="pilcrow">¶</a></p>
+<li class="normal" id="section-4.2.3-3.4.2.1">
+                  <p id="section-4.2.3-3.4.2.1.1">"approved": The policy evaluation succeeded and the task
+was authorized to proceed.<a href="#section-4.2.3-3.4.2.1.1" class="pilcrow">¶</a></p>
 </li>
-                <li class="normal" id="section-4.2.3-2.4.2.2">
-                  <p id="section-4.2.3-2.4.2.2.1">"rejected": The policy evaluation failed.  A "rejected" ECT
+                <li class="normal" id="section-4.2.3-3.4.2.2">
+                  <p id="section-4.2.3-3.4.2.2.1">"rejected": The policy evaluation failed.  A "rejected" ECT
 <span class="bcp14">MUST</span> still be recorded for accountability.  An ECT with
 "pol_decision" of "rejected" <span class="bcp14">MAY</span> appear as a parent in the
 "par" array of a subsequent ECT, but only for compensation,
 rollback, or remediation tasks.  Agents <span class="bcp14">MUST NOT</span> proceed
 with normal workflow execution based on a parent ECT whose
-"pol_decision" is "rejected".<a href="#section-4.2.3-2.4.2.2.1" class="pilcrow">¶</a></p>
+"pol_decision" is "rejected".<a href="#section-4.2.3-3.4.2.2.1" class="pilcrow">¶</a></p>
 </li>
-                <li class="normal" id="section-4.2.3-2.4.2.3">
-                  <p id="section-4.2.3-2.4.2.3.1">"pending_human_review": The policy evaluation requires human
+                <li class="normal" id="section-4.2.3-3.4.2.3">
+                  <p id="section-4.2.3-3.4.2.3.1">"pending_human_review": The policy evaluation requires human
 judgment before proceeding.  Agents <span class="bcp14">MUST NOT</span> proceed with
 dependent tasks until a subsequent ECT from a human reviewer
 records an "approved" decision referencing this task as a
-parent.<a href="#section-4.2.3-2.4.2.3.1" class="pilcrow">¶</a></p>
+parent.<a href="#section-4.2.3-3.4.2.3.1" class="pilcrow">¶</a></p>
 </li>
               </ul>
-<p id="section-4.2.3-2.4.3">When "pol" and "pol_decision" are absent, the ECT records task
-execution without a policy checkpoint.  Regulated deployments
-<span class="bcp14">SHOULD</span> include policy claims on all ECTs to maintain complete
-audit trails.<a href="#section-4.2.3-2.4.3" class="pilcrow">¶</a></p>
+<p id="section-4.2.3-3.4.3">When "pol" and "pol_decision" are absent from "ext", the ECT
+records task execution without a policy checkpoint.  Regulated
+deployments <span class="bcp14">SHOULD</span> include policy keys on all ECTs to maintain
+complete audit trails.<a href="#section-4.2.3-3.4.3" class="pilcrow">¶</a></p>
 </dd>
             <dd class="break"></dd>
-<dt id="section-4.2.3-2.5">pol_enforcer:</dt>
-            <dd style="margin-left: 1.5em" id="section-4.2.3-2.6">
-              <p id="section-4.2.3-2.6.1"><span class="bcp14">OPTIONAL</span>.  StringOrURI.  The identity of the entity (system or
-person) that evaluated the policy decision.  When present,
-<span class="bcp14">SHOULD</span> use SPIFFE ID format.<a href="#section-4.2.3-2.6.1" class="pilcrow">¶</a></p>
+<dt id="section-4.2.3-3.5">"pol_enforcer":</dt>
+            <dd style="margin-left: 1.5em" id="section-4.2.3-3.6">
+              <p id="section-4.2.3-3.6.1">StringOrURI.  The identity of the entity (system or person)
+that evaluated the policy decision.  When present, <span class="bcp14">SHOULD</span> use
+SPIFFE ID format.<a href="#section-4.2.3-3.6.1" class="pilcrow">¶</a></p>
 </dd>
           <dd class="break"></dd>
 </dl>
-<p id="section-4.2.3-3">This specification intentionally defines only the recording of
+<p id="section-4.2.3-4">This specification intentionally defines only the recording of
 policy evaluation outcomes.  The mechanisms by which policies are
 defined, distributed to agents, and evaluated are out of scope.
-The "pol" claim is an opaque identifier referencing an external
+The "pol" key is an opaque identifier referencing an external
 policy; the semantics and enforcement of that policy are
 determined by the deployment environment.  Implementations may
 use any policy engine or framework (e.g., OPA/Rego, Cedar, XACML,
 or custom solutions) provided that the evaluation outcome is
-faithfully recorded in the ECT claims defined above.<a href="#section-4.2.3-3" class="pilcrow">¶</a></p>
+faithfully recorded in the "ext" keys defined above.<a href="#section-4.2.3-4" class="pilcrow">¶</a></p>
 </section>
 </div>
 <div id="data-integrity-claims">
@@ -2288,31 +2278,12 @@ using the same format and algorithm requirements as "inp_hash".<a href="#section
           <h4 id="name-compensation-and-rollback">
 <a href="#section-4.2.5" class="section-number selfRef">4.2.5. </a><a href="#name-compensation-and-rollback" class="section-name selfRef">Compensation and Rollback</a>
           </h4>
-<span class="break"></span><dl class="dlParallel" id="section-4.2.5-1">
-            <dt id="section-4.2.5-1.1">compensation_required:</dt>
-            <dd style="margin-left: 1.5em" id="section-4.2.5-1.2">
-              <p id="section-4.2.5-1.2.1"><span class="bcp14">OPTIONAL</span>.  Boolean.  Indicates whether this task is a
-compensation or rollback action for a previous task.<a href="#section-4.2.5-1.2.1" class="pilcrow">¶</a></p>
-</dd>
-            <dd class="break"></dd>
-<dt id="section-4.2.5-1.3">compensation_reason:</dt>
-            <dd style="margin-left: 1.5em" id="section-4.2.5-1.4">
-              <p id="section-4.2.5-1.4.1"><span class="bcp14">OPTIONAL</span>.  String.  A human-readable reason for the compensation
-action.  <span class="bcp14">MUST</span> be present if "compensation_required" is true.
-Values <span class="bcp14">SHOULD</span> use structured identifiers (e.g.,
-"policy_violation_in_parent_trade") rather than free-form text
-to minimize the risk of embedding sensitive information.  See
-<a href="#data-minimization" class="auto internal xref">Section 11.2</a> for privacy guidance.
-If "compensation_reason" is present, "compensation_required"
-<span class="bcp14">MUST</span> be true.<a href="#section-4.2.5-1.4.1" class="pilcrow">¶</a></p>
-</dd>
-          <dd class="break"></dd>
-</dl>
-<p id="section-4.2.5-2">Note: compensation ECTs reference historical parent tasks via the
-"par" claim.  The referenced parent ECTs may have passed their own
-"exp" time; ECT expiration applies to the verification window of
-the ECT itself, not to its validity as a parent reference in the
-ledger.<a href="#section-4.2.5-2" class="pilcrow">¶</a></p>
+<p id="section-4.2.5-1">Compensation and rollback actions are recorded using the "par"
+claim to reference the original task and the "exec_act" claim to
+describe the remediation action.  The referenced parent ECTs may
+have passed their own "exp" time; ECT expiration applies to the
+verification window of the ECT itself, not to its validity as a
+parent reference in the ECT store.<a href="#section-4.2.5-1" class="pilcrow">¶</a></p>
 </section>
 </div>
 <div id="extension-claims">
@@ -2340,31 +2311,57 @@ levels.  Implementations <span class="bcp14">SHOULD</span> reject ECTs whose "ex
 exceeds these limits.<a href="#section-4.2.6-2" class="pilcrow">¶</a></p>
 <p id="section-4.2.6-3">The following extension keys are defined by this specification
 for common use cases.  Because these keys are documented here,
-they use short names without reverse domain prefixes:<a href="#section-4.2.6-3" class="pilcrow">¶</a></p>
+they use short names without reverse domain prefixes.<a href="#section-4.2.6-3" class="pilcrow">¶</a></p>
+<p id="section-4.2.6-4">Policy evaluation keys (see <a href="#policy-claims" class="auto internal xref">Section 4.2.3</a> for full
+definitions and decision value semantics):<a href="#section-4.2.6-4" class="pilcrow">¶</a></p>
 <ul class="normal">
-<li class="normal" id="section-4.2.6-4.1">
-              <p id="section-4.2.6-4.1.1">"exec_time_ms": Integer.  Execution duration in milliseconds.<a href="#section-4.2.6-4.1.1" class="pilcrow">¶</a></p>
+<li class="normal" id="section-4.2.6-5.1">
+              <p id="section-4.2.6-5.1.1">"pol": String.  Policy rule identifier.<a href="#section-4.2.6-5.1.1" class="pilcrow">¶</a></p>
 </li>
-            <li class="normal" id="section-4.2.6-4.2">
-              <p id="section-4.2.6-4.2.1">"regulated_domain": String.  Regulatory domain (e.g.,
-"medtech", "finance", "military").<a href="#section-4.2.6-4.2.1" class="pilcrow">¶</a></p>
+            <li class="normal" id="section-4.2.6-5.2">
+              <p id="section-4.2.6-5.2.1">"pol_decision": String.  Policy evaluation outcome
+("approved", "rejected", or "pending_human_review").<a href="#section-4.2.6-5.2.1" class="pilcrow">¶</a></p>
 </li>
-            <li class="normal" id="section-4.2.6-4.3">
-              <p id="section-4.2.6-4.3.1">"model_version": String.  AI/ML model version.<a href="#section-4.2.6-4.3.1" class="pilcrow">¶</a></p>
+            <li class="normal" id="section-4.2.6-5.3">
+              <p id="section-4.2.6-5.3.1">"pol_enforcer": StringOrURI.  Identity of the policy
+evaluator.<a href="#section-4.2.6-5.3.1" class="pilcrow">¶</a></p>
 </li>
-            <li class="normal" id="section-4.2.6-4.4">
-              <p id="section-4.2.6-4.4.1">"witnessed_by": Array of StringOrURI.  Identifiers of
+            <li class="normal" id="section-4.2.6-5.4">
+              <p id="section-4.2.6-5.4.1">"pol_timestamp": NumericDate.  Time at which the policy
+decision was made, if distinct from "iat".<a href="#section-4.2.6-5.4.1" class="pilcrow">¶</a></p>
+</li>
+          </ul>
+<p id="section-4.2.6-6">Operational metadata keys:<a href="#section-4.2.6-6" class="pilcrow">¶</a></p>
+<ul class="normal">
+<li class="normal" id="section-4.2.6-7.1">
+              <p id="section-4.2.6-7.1.1">"exec_time_ms": Integer.  Execution duration in milliseconds.<a href="#section-4.2.6-7.1.1" class="pilcrow">¶</a></p>
+</li>
+            <li class="normal" id="section-4.2.6-7.2">
+              <p id="section-4.2.6-7.2.1">"regulated_domain": String.  Regulatory domain (e.g.,
+"medtech", "finance", "military").<a href="#section-4.2.6-7.2.1" class="pilcrow">¶</a></p>
+</li>
+            <li class="normal" id="section-4.2.6-7.3">
+              <p id="section-4.2.6-7.3.1">"model_version": String.  AI/ML model version.<a href="#section-4.2.6-7.3.1" class="pilcrow">¶</a></p>
+</li>
+            <li class="normal" id="section-4.2.6-7.4">
+              <p id="section-4.2.6-7.4.1">"witnessed_by": Array of StringOrURI.  Identifiers of
 third-party entities that the issuer claims observed the
 task.  Note: this is self-asserted; for verifiable witness
-attestation, witnesses should submit independent signed ECTs.<a href="#section-4.2.6-4.4.1" class="pilcrow">¶</a></p>
+attestation, witnesses should submit independent signed ECTs.<a href="#section-4.2.6-7.4.1" class="pilcrow">¶</a></p>
 </li>
-            <li class="normal" id="section-4.2.6-4.5">
-              <p id="section-4.2.6-4.5.1">"inp_classification": String.  Data sensitivity classification
-(e.g., "public", "confidential", "restricted").<a href="#section-4.2.6-4.5.1" class="pilcrow">¶</a></p>
+            <li class="normal" id="section-4.2.6-7.5">
+              <p id="section-4.2.6-7.5.1">"inp_classification": String.  Data sensitivity classification
+(e.g., "public", "confidential", "restricted").<a href="#section-4.2.6-7.5.1" class="pilcrow">¶</a></p>
 </li>
-            <li class="normal" id="section-4.2.6-4.6">
-              <p id="section-4.2.6-4.6.1">"pol_timestamp": NumericDate.  Time at which the policy
-decision was made, if distinct from "iat".<a href="#section-4.2.6-4.6.1" class="pilcrow">¶</a></p>
+            <li class="normal" id="section-4.2.6-7.6">
+              <p id="section-4.2.6-7.6.1">"compensation_required": Boolean.  Indicates whether this task
+is a compensation or rollback action.<a href="#section-4.2.6-7.6.1" class="pilcrow">¶</a></p>
+</li>
+            <li class="normal" id="section-4.2.6-7.7">
+              <p id="section-4.2.6-7.7.1">"compensation_reason": String.  Structured reason code for the
+compensation action (e.g., "policy_violation_in_parent_trade").
+<span class="bcp14">SHOULD</span> use structured identifiers rather than free-form text
+to minimize information leakage (see <a href="#data-minimization" class="auto internal xref">Section 11.2</a>).<a href="#section-4.2.6-7.7.1" class="pilcrow">¶</a></p>
 </li>
           </ul>
 </section>
@@ -2383,7 +2380,6 @@ decision was made, if distinct from "iat".<a href="#section-4.2.6-4.6.1" class="
 <pre>
 {
   "iss": "spiffe://example.com/agent/clinical",
-  "sub": "spiffe://example.com/agent/clinical",
   "aud": "spiffe://example.com/agent/safety",
   "iat": 1772064150,
   "exp": 1772064750,
@@ -2393,14 +2389,13 @@ decision was made, if distinct from "iat".<a href="#section-4.2.6-4.6.1" class="
   "exec_act": "recommend_treatment",
   "par": [],
 
-  "pol": "clinical_reasoning_policy_v2",
-  "pol_decision": "approved",
-  "pol_enforcer": "spiffe://example.com/policy/clinical-engine",
-
   "inp_hash": "sha-256:n4bQgYhMfWWaL-qgxVrQFaO_TxsrC4Is0V1sFbDwCgg",
   "out_hash": "sha-256:LCa0a2j_xo_5m0U8HTBBNBNCLXBkg7-g-YpeiGJm564",
 
   "ext": {
+    "pol": "clinical_reasoning_policy_v2",
+    "pol_decision": "approved",
+    "pol_enforcer": "spiffe://example.com/policy/clinical-engine",
     "pol_timestamp": 1772064145,
     "exec_time_ms": 245,
     "regulated_domain": "medtech",
@@ -2521,15 +2516,14 @@ lead back to the current ECT's "jti".  If a cycle is detected,
 the ECT <span class="bcp14">MUST</span> be rejected.<a href="#section-6.2-2.4.1" class="pilcrow">¶</a></p>
 </li>
           <li id="section-6.2-2.5">
-            <p id="section-6.2-2.5.1">Parent Policy Decision: If any parent ECT contains a
-"pol_decision" of "rejected" or "pending_human_review", the
-current ECT's "exec_act" <span class="bcp14">MUST</span> indicate a compensation,
-rollback, remediation, or human review action.
-Implementations <span class="bcp14">MUST NOT</span> accept an ECT representing normal
-workflow continuation when a parent's "pol_decision" is not
-"approved", unless the current ECT has "compensation_required"
-set to true.  This rule only applies when the parent ECT
-contains policy claims.<a href="#section-6.2-2.5.1" class="pilcrow">¶</a></p>
+            <p id="section-6.2-2.5.1">Parent Policy Decision: If any parent ECT's "ext" object
+contains a "pol_decision" of "rejected" or
+"pending_human_review", the current ECT's "exec_act" <span class="bcp14">MUST</span>
+indicate a compensation, rollback, remediation, or human
+review action.  Implementations <span class="bcp14">MUST NOT</span> accept an ECT
+representing normal workflow continuation when a parent's
+"pol_decision" is not "approved".  This rule only applies
+when the parent ECT's "ext" contains policy keys.<a href="#section-6.2-2.5.1" class="pilcrow">¶</a></p>
 </li>
           <li id="section-6.2-2.6">
             <p id="section-6.2-2.6.1">Trust Domain Consistency: Parent tasks <span class="bcp14">SHOULD</span> belong to the
@@ -2678,22 +2672,22 @@ verifier's current time, to account for clock skew).<a href="#section-7.1-2.11.1
 present and well-formed.<a href="#section-7.1-2.12.1" class="pilcrow">¶</a></p>
 </li>
           <li id="section-7.1-2.13">
-            <p id="section-7.1-2.13.1">If "pol" or "pol_decision" is present, verify that both are
-present and that "pol_decision" is one of "approved",
-"rejected", or "pending_human_review".<a href="#section-7.1-2.13.1" class="pilcrow">¶</a></p>
+            <p id="section-7.1-2.13.1">If "ext" is present and contains "pol" or "pol_decision",
+verify that both are present and that "pol_decision" is one
+of "approved", "rejected", or "pending_human_review".<a href="#section-7.1-2.13.1" class="pilcrow">¶</a></p>
 </li>
           <li id="section-7.1-2.14">
             <p id="section-7.1-2.14.1">Perform DAG validation per <a href="#dag-validation" class="auto internal xref">Section 6</a>.<a href="#section-7.1-2.14.1" class="pilcrow">¶</a></p>
 </li>
           <li id="section-7.1-2.15">
-            <p id="section-7.1-2.15.1">If all checks pass, the ECT <span class="bcp14">MUST</span> be appended to the audit
-ledger.<a href="#section-7.1-2.15.1" class="pilcrow">¶</a></p>
+            <p id="section-7.1-2.15.1">If all checks pass and an audit ledger is deployed, the ECT
+<span class="bcp14">SHOULD</span> be appended to the ledger.<a href="#section-7.1-2.15.1" class="pilcrow">¶</a></p>
 </li>
         </ol>
 <p id="section-7.1-3">If any verification step fails, the ECT <span class="bcp14">MUST</span> be rejected and the
 failure <span class="bcp14">MUST</span> be logged for audit purposes.  Error messages
 <span class="bcp14">SHOULD NOT</span> reveal whether specific parent task IDs exist in the
-ledger, to prevent information disclosure.<a href="#section-7.1-3" class="pilcrow">¶</a></p>
+ECT store, to prevent information disclosure.<a href="#section-7.1-3" class="pilcrow">¶</a></p>
 <p id="section-7.1-4">When ECT verification fails during HTTP request processing, the
 receiving agent <span class="bcp14">SHOULD</span> respond with HTTP 403 (Forbidden) if the
 WIT is valid but the ECT is invalid, and HTTP 401
@@ -2767,11 +2761,12 @@ function verify_ect(ect_jws, verifier_id,
     if claim not in payload:
       return reject("Missing required claim: " + claim)
 
-  // Validate policy claims (optional, but must be paired)
-  if "pol" in payload or "pol_decision" in payload:
-    if "pol" not in payload or "pol_decision" not in payload:
+  // Validate policy extension keys (optional, but must be paired)
+  ext = payload.ext or {}
+  if "pol" in ext or "pol_decision" in ext:
+    if "pol" not in ext or "pol_decision" not in ext:
       return reject("pol and pol_decision must both be present")
-    if payload.pol_decision not in
+    if ext.pol_decision not in
        ["approved", "rejected", "pending_human_review"]:
       return reject("Invalid pol_decision value")
 
@@ -2862,29 +2857,34 @@ software used in medical devices.<a href="#section-9.1-1" class="pilcrow">¶</a>
 Agent A (Spec Reviewer):
   jti: task-001    par: []
   exec_act: review_requirements_spec
-  pol: spec_review_policy_v2     pol_decision: approved
+  ext.pol: spec_review_policy_v2
+  ext.pol_decision: approved
 
 Agent B (Code Generator):
   jti: task-002    par: [task-001]
   exec_act: implement_module
-  pol: coding_standards_v3       pol_decision: approved
+  ext.pol: coding_standards_v3
+  ext.pol_decision: approved
 
 Agent C (Test Agent):
   jti: task-003    par: [task-002]
   exec_act: execute_test_suite
-  pol: test_coverage_policy_v1   pol_decision: approved
+  ext.pol: test_coverage_policy_v1
+  ext.pol_decision: approved
 
 Agent D (Build Agent):
   jti: task-004    par: [task-003]
   exec_act: build_release_artifact
-  pol: build_validation_v2       pol_decision: approved
+  ext.pol: build_validation_v2
+  ext.pol_decision: approved
 
 Human Release Manager:
   jti: task-005    par: [task-004]
   exec_act: approve_release
-  pol: release_approval_policy   pol_decision: approved
-  pol_enforcer: spiffe://meddev.example/human/release-mgr-42
-  ext: {witnessed_by: [...]}  (extension metadata)
+  ext.pol: release_approval_policy
+  ext.pol_decision: approved
+  ext.pol_enforcer: spiffe://meddev.example/human/release-mgr-42
+  ext.witnessed_by: [...]
 </pre>
 </div>
 <figcaption><a href="#figure-8" class="selfRef">Figure 8</a>:
@@ -2987,17 +2987,20 @@ execution.<a href="#section-9.2-1" class="pilcrow">¶</a></p>
 Agent A (Risk Assessment):
   jti: task-001    par: []
   exec_act: calculate_risk_exposure
-  pol: risk_limits_policy_v2  pol_decision: approved
+  ext.pol: risk_limits_policy_v2
+  ext.pol_decision: approved
 
 Agent B (Compliance):
   jti: task-002    par: [task-001]
   exec_act: verify_compliance
-  pol: compliance_check_v1    pol_decision: approved
+  ext.pol: compliance_check_v1
+  ext.pol_decision: approved
 
 Agent C (Execution):
   jti: task-003    par: [task-002]
   exec_act: execute_trade
-  pol: execution_policy_v3    pol_decision: approved
+  ext.pol: execution_policy_v3
+  ext.pol_decision: approved
 </pre>
 </div>
 <figcaption><a href="#figure-10" class="selfRef">Figure 10</a>:
@@ -3034,7 +3037,6 @@ a cryptographic link to the original task:<a href="#section-9.3-1" class="pilcro
 <pre>
 {
   "iss": "spiffe://bank.example/agent/operations",
-  "sub": "spiffe://bank.example/agent/operations",
   "aud": "spiffe://bank.example/system/ledger",
   "iat": 1772150550,
   "exp": 1772151150,
@@ -3042,11 +3044,13 @@ a cryptographic link to the original task:<a href="#section-9.3-1" class="pilcro
   "wid": "d3e4f5a6-b7c8-9012-def0-123456789012",
   "exec_act": "initiate_trade_rollback",
   "par": ["550e8400-e29b-41d4-a716-446655440003"],
-  "pol": "compensation_policy_v1",
-  "pol_decision": "approved",
-  "pol_enforcer": "spiffe://bank.example/human/compliance-officer",
-  "compensation_required": true,
-  "compensation_reason": "policy_violation_in_parent_trade"
+  "ext": {
+    "pol": "compensation_policy_v1",
+    "pol_decision": "approved",
+    "pol_enforcer": "spiffe://bank.example/human/compliance-officer",
+    "compensation_required": true,
+    "compensation_reason": "policy_violation_in_parent_trade"
+  }
 }
 </pre>
 </div>
@@ -3074,27 +3078,32 @@ required checks were completed:<a href="#section-9.4-1" class="pilcrow">¶</a></
 Agent A (Route Planning):
   jti: task-001    par: []
   exec_act: plan_route
-  pol: route_policy_v1        pol_decision: approved
+  ext.pol: route_policy_v1
+  ext.pol_decision: approved
 
 Agent B (Customs):
   jti: task-002    par: [task-001]
   exec_act: validate_customs
-  pol: customs_policy_v2      pol_decision: approved
+  ext.pol: customs_policy_v2
+  ext.pol_decision: approved
 
 Agent C (Safety):
   jti: task-003    par: [task-001]
   exec_act: verify_cargo_safety
-  pol: safety_policy_v1       pol_decision: approved
+  ext.pol: safety_policy_v1
+  ext.pol_decision: approved
 
 Agent D (Payment):
   jti: task-004    par: [task-002, task-003]
   exec_act: authorize_payment
-  pol: payment_policy_v3      pol_decision: approved
+  ext.pol: payment_policy_v3
+  ext.pol_decision: approved
 
 System (Commitment):
   jti: task-005    par: [task-004]
   exec_act: commit_shipment
-  pol: commitment_policy_v1   pol_decision: approved
+  ext.pol: commitment_policy_v1
+  ext.pol_decision: approved
 </pre>
 </div>
 <figcaption><a href="#figure-12" class="selfRef">Figure 12</a>:
@@ -3149,8 +3158,8 @@ to alter perceived execution ordering.<a href="#section-10.1-2.4.1" class="pilcr
 <p id="section-10.2-1">ECTs are self-asserted by the executing agent.  The agent claims
 what it did, and this claim is signed with its private key.  A
 compromised or malicious agent could create ECTs with false claims
-(e.g., setting "pol_decision" to "approved" without actually
-evaluating the policy).<a href="#section-10.2-1" class="pilcrow">¶</a></p>
+(e.g., setting "pol_decision" in "ext" to "approved" without
+actually evaluating the policy).<a href="#section-10.2-1" class="pilcrow">¶</a></p>
 <p id="section-10.2-2">ECTs do not independently verify that:<a href="#section-10.2-2" class="pilcrow">¶</a></p>
 <ul class="normal">
 <li class="normal" id="section-10.2-3.1">
@@ -3176,44 +3185,11 @@ witnesses do not co-sign the ECT and there is no cryptographic
 evidence within a single ECT that the witnesses actually
 observed the task.  An issuing agent could list witnesses that
 did not participate.<a href="#section-10.2-4" class="pilcrow">¶</a></p>
-<div id="witness-attestation-model">
-<section id="section-10.2.1">
-          <h4 id="name-witness-attestation-model">
-<a href="#section-10.2.1" class="section-number selfRef">10.2.1. </a><a href="#name-witness-attestation-model" class="section-name selfRef">Witness Attestation Model</a>
-          </h4>
-<p id="section-10.2.1-1">To address the self-assertion limitation of the
-"witnessed_by" extension, witnesses <span class="bcp14">SHOULD</span> submit their
-own independent signed ECTs to the audit ledger attesting to the
-observed task.  A witness attestation ECT:<a href="#section-10.2.1-1" class="pilcrow">¶</a></p>
-<ul class="normal">
-<li class="normal" id="section-10.2.1-2.1">
-              <p id="section-10.2.1-2.1.1"><span class="bcp14">MUST</span> set "iss" to the witness's own workload identity.<a href="#section-10.2.1-2.1.1" class="pilcrow">¶</a></p>
-</li>
-            <li class="normal" id="section-10.2.1-2.2">
-              <p id="section-10.2.1-2.2.1"><span class="bcp14">MUST</span> set "exec_act" to "witness_attestation" (or a domain-
-specific equivalent).<a href="#section-10.2.1-2.2.1" class="pilcrow">¶</a></p>
-</li>
-            <li class="normal" id="section-10.2.1-2.3">
-              <p id="section-10.2.1-2.3.1"><span class="bcp14">MUST</span> include the observed task's "jti" in the "par" array,
-linking the attestation to the original task.<a href="#section-10.2.1-2.3.1" class="pilcrow">¶</a></p>
-</li>
-            <li class="normal" id="section-10.2.1-2.4">
-              <p id="section-10.2.1-2.4.1"><span class="bcp14">MUST</span> set "pol_decision" to "approved" to indicate the witness
-confirms the observation.<a href="#section-10.2.1-2.4.1" class="pilcrow">¶</a></p>
-</li>
-          </ul>
-<p id="section-10.2.1-3">When a task's "witnessed_by" extension lists one or more
-witnesses, auditors <span class="bcp14">SHOULD</span> verify that corresponding witness
-attestation ECTs exist in the ledger for each listed witness.  A
-mismatch between the extension value and the set of independent
-witness ECTs in the ledger <span class="bcp14">SHOULD</span> be flagged during audit review.<a href="#section-10.2.1-3" class="pilcrow">¶</a></p>
-<p id="section-10.2.1-4">This model converts witness attestation from a self-asserted claim
-to a cryptographically verifiable property of the ledger: the
-witness independently signs their own ECT using their own key,
-and the ledger records both the original task ECT and the witness
-attestation ECTs.<a href="#section-10.2.1-4" class="pilcrow">¶</a></p>
-</section>
-</div>
+<p id="section-10.2-5">To strengthen witness attestation beyond self-assertion, witnesses
+<span class="bcp14">SHOULD</span> submit their own independent signed ECTs referencing the
+observed task's "jti" in the "par" array.  Auditors can then
+cross-check the "witnessed_by" extension against independent
+witness ECTs in the ECT store.<a href="#section-10.2-5" class="pilcrow">¶</a></p>
 </section>
 </div>
 <div id="organizational-prerequisites">
@@ -3439,8 +3415,8 @@ serialized as JSON and <span class="bcp14">SHOULD NOT</span> exceed a nesting de
             <p id="section-11.1-2.2.1">Action descriptions ("exec_act") for audit trail completeness<a href="#section-11.1-2.2.1" class="pilcrow">¶</a></p>
 </li>
           <li class="normal" id="section-11.1-2.3">
-            <p id="section-11.1-2.3.1">Policy evaluation outcomes ("pol", "pol_decision") for
-compliance verification<a href="#section-11.1-2.3.1" class="pilcrow">¶</a></p>
+            <p id="section-11.1-2.3.1">Policy evaluation outcomes (via "ext" keys "pol",
+"pol_decision") when present, for compliance verification<a href="#section-11.1-2.3.1" class="pilcrow">¶</a></p>
 </li>
           <li class="normal" id="section-11.1-2.4">
             <p id="section-11.1-2.4.1">Timestamps ("iat", "exp") for temporal ordering<a href="#section-11.1-2.4.1" class="pilcrow">¶</a></p>
@@ -3472,17 +3448,13 @@ hashes via "inp_hash" and "out_hash")<a href="#section-11.1-4.1.1" class="pilcro
 <p id="section-11.2-1">Implementations <span class="bcp14">SHOULD</span> minimize the information included in ECTs.
 The "exec_act" claim <span class="bcp14">SHOULD</span> use structured identifiers (e.g.,
 "process_payment") rather than natural language descriptions.
-The "pol" claim <span class="bcp14">SHOULD</span> reference policy identifiers rather than
-embedding policy content.<a href="#section-11.2-1" class="pilcrow">¶</a></p>
-<p id="section-11.2-2">The "compensation_reason" claim (<a href="#compensation-claims" class="auto internal xref">Section 4.2.5</a>)
-deserves particular attention: because it is human-readable and
-may describe the circumstances of a failure or policy violation,
-it risks exposing sensitive operational details.  Implementations
-<span class="bcp14">SHOULD</span> use short, structured reason codes (e.g.,
-"policy_violation_in_parent_trade") rather than free-form
-natural language explanations.  Implementers <span class="bcp14">SHOULD</span> review
-"compensation_reason" values for potential information leakage
-before deploying to production.<a href="#section-11.2-2" class="pilcrow">¶</a></p>
+The "pol" extension key <span class="bcp14">SHOULD</span> reference policy identifiers
+rather than embedding policy content.<a href="#section-11.2-1" class="pilcrow">¶</a></p>
+<p id="section-11.2-2">The "compensation_reason" extension key in "ext"
+(<a href="#compensation-claims" class="auto internal xref">Section 4.2.5</a>) deserves particular attention: because
+it is human-readable, it risks exposing sensitive operational
+details.  See <a href="#extension-claims" class="auto internal xref">Section 4.2.6</a> for guidance on using
+structured identifiers.<a href="#section-11.2-2" class="pilcrow">¶</a></p>
 </section>
 </div>
 <div id="storage-and-access-control">
@@ -3680,30 +3652,6 @@ the "JSON Web Token Claims" registry maintained by IANA:<a href="#section-12.3-1
               <td class="text-center" rowspan="1" colspan="1">IETF</td>
               <td class="text-center" rowspan="1" colspan="1">
                 <a href="#exec-claims" class="auto internal xref">Section 4.2.2</a>
-</td>
-            </tr>
-            <tr>
-              <td class="text-center" rowspan="1" colspan="1">pol</td>
-              <td class="text-left" rowspan="1" colspan="1">Policy Rule Identifier</td>
-              <td class="text-center" rowspan="1" colspan="1">IETF</td>
-              <td class="text-center" rowspan="1" colspan="1">
-                <a href="#policy-claims" class="auto internal xref">Section 4.2.3</a>
-</td>
-            </tr>
-            <tr>
-              <td class="text-center" rowspan="1" colspan="1">pol_decision</td>
-              <td class="text-left" rowspan="1" colspan="1">Policy Decision Result</td>
-              <td class="text-center" rowspan="1" colspan="1">IETF</td>
-              <td class="text-center" rowspan="1" colspan="1">
-                <a href="#policy-claims" class="auto internal xref">Section 4.2.3</a>
-</td>
-            </tr>
-            <tr>
-              <td class="text-center" rowspan="1" colspan="1">pol_enforcer</td>
-              <td class="text-left" rowspan="1" colspan="1">Policy Enforcer Identity</td>
-              <td class="text-center" rowspan="1" colspan="1">IETF</td>
-              <td class="text-center" rowspan="1" colspan="1">
-                <a href="#policy-claims" class="auto internal xref">Section 4.2.3</a>
 </td>
             </tr>
             <tr>
@@ -3720,22 +3668,6 @@ the "JSON Web Token Claims" registry maintained by IANA:<a href="#section-12.3-1
               <td class="text-center" rowspan="1" colspan="1">IETF</td>
               <td class="text-center" rowspan="1" colspan="1">
                 <a href="#data-integrity-claims" class="auto internal xref">Section 4.2.4</a>
-</td>
-            </tr>
-            <tr>
-              <td class="text-center" rowspan="1" colspan="1">compensation_required</td>
-              <td class="text-left" rowspan="1" colspan="1">Compensation Flag</td>
-              <td class="text-center" rowspan="1" colspan="1">IETF</td>
-              <td class="text-center" rowspan="1" colspan="1">
-                <a href="#compensation-claims" class="auto internal xref">Section 4.2.5</a>
-</td>
-            </tr>
-            <tr>
-              <td class="text-center" rowspan="1" colspan="1">compensation_reason</td>
-              <td class="text-left" rowspan="1" colspan="1">Compensation Reason</td>
-              <td class="text-center" rowspan="1" colspan="1">IETF</td>
-              <td class="text-center" rowspan="1" colspan="1">
-                <a href="#compensation-claims" class="auto internal xref">Section 4.2.5</a>
 </td>
             </tr>
             <tr>
@@ -3749,6 +3681,10 @@ the "JSON Web Token Claims" registry maintained by IANA:<a href="#section-12.3-1
           </tbody>
         </table>
 </div>
+<p id="section-12.3-3">Note: Policy evaluation keys ("pol", "pol_decision",
+"pol_enforcer") are carried within the "ext" object as
+spec-defined extension keys (<a href="#policy-claims" class="auto internal xref">Section 4.2.3</a>) and do not
+require separate JWT Claims registration.<a href="#section-12.3-3" class="pilcrow">¶</a></p>
 </section>
 </div>
 <div id="pol-decision-registry">
@@ -4101,8 +4037,9 @@ use cases are distinct.<a href="#appendix-A.7-1" class="pilcrow">¶</a></p>
 <ol start="1" type="1" class="normal type-1" id="appendix-B.1-2">
 <li id="appendix-B.1-2.1">
             <p id="appendix-B.1-2.1.1">Create JWTs with all required claims ("iss", "aud", "iat",
-"exp", "jti", "exec_act", "par") and policy claims ("pol",
-"pol_decision") when policy evaluation was performed.<a href="#appendix-B.1-2.1.1" class="pilcrow">¶</a></p>
+"exp", "jti", "exec_act", "par") and policy extension keys
+("ext.pol", "ext.pol_decision") when policy evaluation was
+performed.<a href="#appendix-B.1-2.1.1" class="pilcrow">¶</a></p>
 </li>
           <li id="appendix-B.1-2.2">
             <p id="appendix-B.1-2.2.1">Sign ECTs with the agent's private key using an algorithm
@@ -4116,7 +4053,7 @@ matching the WIT (ES256 recommended).<a href="#appendix-B.1-2.2.1" class="pilcro
 cycle detection).<a href="#appendix-B.1-2.4.1" class="pilcrow">¶</a></p>
 </li>
           <li id="appendix-B.1-2.5">
-            <p id="appendix-B.1-2.5.1">Append verified ECTs to the audit ledger.<a href="#appendix-B.1-2.5.1" class="pilcrow">¶</a></p>
+            <p id="appendix-B.1-2.5.1">If an audit ledger is deployed, append verified ECTs to it.<a href="#appendix-B.1-2.5.1" class="pilcrow">¶</a></p>
 </li>
         </ol>
 </section>
@@ -4269,7 +4206,6 @@ Agent B:<a href="#appendix-D.1-1" class="pilcrow">¶</a></p>
 <pre>
 {
   "iss": "spiffe://example.com/agent/data-retrieval",
-  "sub": "spiffe://example.com/agent/data-retrieval",
   "aud": "spiffe://example.com/agent/validator",
   "iat": 1772064150,
   "exp": 1772064750,
@@ -4277,10 +4213,12 @@ Agent B:<a href="#appendix-D.1-1" class="pilcrow">¶</a></p>
   "wid": "b1c2d3e4-f5a6-7890-bcde-f01234567890",
   "exec_act": "fetch_patient_data",
   "par": [],
-  "pol": "clinical_data_access_policy_v1",
-  "pol_decision": "approved",
   "inp_hash": "sha-256:n4bQgYhMfWWaL-qgxVrQFaO_TxsrC4Is0V1sFbDwCgg",
-  "out_hash": "sha-256:LCa0a2j_xo_5m0U8HTBBNBNCLXBkg7-g-YpeiGJm564"
+  "out_hash": "sha-256:LCa0a2j_xo_5m0U8HTBBNBNCLXBkg7-g-YpeiGJm564",
+  "ext": {
+    "pol": "clinical_data_access_policy_v1",
+    "pol_decision": "approved"
+  }
 }
 </pre><a href="#appendix-D.1-5" class="pilcrow">¶</a>
 </div>
@@ -4290,7 +4228,6 @@ task, and creates its own ECT:<a href="#appendix-D.1-6" class="pilcrow">¶</a></
 <pre>
 {
   "iss": "spiffe://example.com/agent/validator",
-  "sub": "spiffe://example.com/agent/validator",
   "aud": "spiffe://example.com/system/ledger",
   "iat": 1772064160,
   "exp": 1772064760,
@@ -4298,8 +4235,10 @@ task, and creates its own ECT:<a href="#appendix-D.1-6" class="pilcrow">¶</a></
   "wid": "b1c2d3e4-f5a6-7890-bcde-f01234567890",
   "exec_act": "validate_safety",
   "par": ["550e8400-e29b-41d4-a716-446655440001"],
-  "pol": "safety_validation_policy_v2",
-  "pol_decision": "approved"
+  "ext": {
+    "pol": "safety_validation_policy_v2",
+    "pol_decision": "approved"
+  }
 }
 </pre><a href="#appendix-D.1-7" class="pilcrow">¶</a>
 </div>
@@ -4326,7 +4265,6 @@ autonomous agents and human release approval:<a href="#appendix-D.2-1" class="pi
 <pre>
 {
   "iss": "spiffe://meddev.example/agent/spec-reviewer",
-  "sub": "spiffe://meddev.example/agent/spec-reviewer",
   "aud": "spiffe://meddev.example/agent/code-gen",
   "iat": 1772064150,
   "exp": 1772064750,
@@ -4334,10 +4272,12 @@ autonomous agents and human release approval:<a href="#appendix-D.2-1" class="pi
   "wid": "c2d3e4f5-a6b7-8901-cdef-012345678901",
   "exec_act": "review_requirements_spec",
   "par": [],
-  "pol": "spec_review_policy_v2",
-  "pol_decision": "approved",
   "inp_hash": "sha-256:n4bQgYhMfWWaL-qgxVrQFaO_TxsrC4Is0V1sFbDwCgg",
-  "out_hash": "sha-256:LCa0a2j_xo_5m0U8HTBBNBNCLXBkg7-g-YpeiGJm564"
+  "out_hash": "sha-256:LCa0a2j_xo_5m0U8HTBBNBNCLXBkg7-g-YpeiGJm564",
+  "ext": {
+    "pol": "spec_review_policy_v2",
+    "pol_decision": "approved"
+  }
 }
 </pre><a href="#appendix-D.2-3" class="pilcrow">¶</a>
 </div>
@@ -4346,7 +4286,6 @@ autonomous agents and human release approval:<a href="#appendix-D.2-1" class="pi
 <pre>
 {
   "iss": "spiffe://meddev.example/agent/code-gen",
-  "sub": "spiffe://meddev.example/agent/code-gen",
   "aud": "spiffe://meddev.example/agent/test-runner",
   "iat": 1772064200,
   "exp": 1772064800,
@@ -4354,8 +4293,10 @@ autonomous agents and human release approval:<a href="#appendix-D.2-1" class="pi
   "wid": "c2d3e4f5-a6b7-8901-cdef-012345678901",
   "exec_act": "implement_module",
   "par": ["a1b2c3d4-0001-0000-0000-000000000001"],
-  "pol": "coding_standards_v3",
-  "pol_decision": "approved"
+  "ext": {
+    "pol": "coding_standards_v3",
+    "pol_decision": "approved"
+  }
 }
 </pre><a href="#appendix-D.2-5" class="pilcrow">¶</a>
 </div>
@@ -4364,7 +4305,6 @@ autonomous agents and human release approval:<a href="#appendix-D.2-1" class="pi
 <pre>
 {
   "iss": "spiffe://meddev.example/agent/test-runner",
-  "sub": "spiffe://meddev.example/agent/test-runner",
   "aud": "spiffe://meddev.example/agent/build",
   "iat": 1772064260,
   "exp": 1772064860,
@@ -4372,8 +4312,10 @@ autonomous agents and human release approval:<a href="#appendix-D.2-1" class="pi
   "wid": "c2d3e4f5-a6b7-8901-cdef-012345678901",
   "exec_act": "execute_test_suite",
   "par": ["a1b2c3d4-0001-0000-0000-000000000002"],
-  "pol": "test_coverage_policy_v1",
-  "pol_decision": "approved"
+  "ext": {
+    "pol": "test_coverage_policy_v1",
+    "pol_decision": "approved"
+  }
 }
 </pre><a href="#appendix-D.2-7" class="pilcrow">¶</a>
 </div>
@@ -4382,7 +4324,6 @@ autonomous agents and human release approval:<a href="#appendix-D.2-1" class="pi
 <pre>
 {
   "iss": "spiffe://meddev.example/agent/build",
-  "sub": "spiffe://meddev.example/agent/build",
   "aud": "spiffe://meddev.example/human/release-mgr-42",
   "iat": 1772064310,
   "exp": 1772064910,
@@ -4390,9 +4331,11 @@ autonomous agents and human release approval:<a href="#appendix-D.2-1" class="pi
   "wid": "c2d3e4f5-a6b7-8901-cdef-012345678901",
   "exec_act": "build_release_artifact",
   "par": ["a1b2c3d4-0001-0000-0000-000000000003"],
-  "pol": "build_validation_v2",
-  "pol_decision": "approved",
-  "out_hash": "sha-256:Ry1YfOoW2XpC5Mq8HkGzNx3dL9vBa4sUjE7iKt0wPZc"
+  "out_hash": "sha-256:Ry1YfOoW2XpC5Mq8HkGzNx3dL9vBa4sUjE7iKt0wPZc",
+  "ext": {
+    "pol": "build_validation_v2",
+    "pol_decision": "approved"
+  }
 }
 </pre><a href="#appendix-D.2-9" class="pilcrow">¶</a>
 </div>
@@ -4401,7 +4344,6 @@ autonomous agents and human release approval:<a href="#appendix-D.2-1" class="pi
 <pre>
 {
   "iss": "spiffe://meddev.example/human/release-mgr-42",
-  "sub": "spiffe://meddev.example/human/release-mgr-42",
   "aud": "spiffe://meddev.example/system/ledger",
   "iat": 1772064510,
   "exp": 1772065110,
@@ -4409,10 +4351,10 @@ autonomous agents and human release approval:<a href="#appendix-D.2-1" class="pi
   "wid": "c2d3e4f5-a6b7-8901-cdef-012345678901",
   "exec_act": "approve_release",
   "par": ["a1b2c3d4-0001-0000-0000-000000000004"],
-  "pol": "release_approval_policy",
-  "pol_decision": "approved",
-  "pol_enforcer": "spiffe://meddev.example/human/release-mgr-42",
   "ext": {
+    "pol": "release_approval_policy",
+    "pol_decision": "approved",
+    "pol_enforcer": "spiffe://meddev.example/human/release-mgr-42",
     "witnessed_by": [
       "spiffe://meddev.example/audit/qa-observer-1"
     ]
@@ -4474,7 +4416,6 @@ task-...-0004 (execute_trade)
 <pre>
 {
   "iss": "spiffe://bank.example/agent/execution",
-  "sub": "spiffe://bank.example/agent/execution",
   "aud": "spiffe://bank.example/system/ledger",
   "iat": 1772064250,
   "exp": 1772064850,
@@ -4485,8 +4426,10 @@ task-...-0004 (execute_trade)
     "f1e2d3c4-0002-0000-0000-000000000002",
     "f1e2d3c4-0003-0000-0000-000000000003"
   ],
-  "pol": "trade_execution_policy_v3",
-  "pol_decision": "approved"
+  "ext": {
+    "pol": "trade_execution_policy_v3",
+    "pol_decision": "approved"
+  }
 }
 </pre><a href="#appendix-D.3-4" class="pilcrow">¶</a>
 </div>
diff --git a/draft-nennemann-wimse-execution-context-00.md b/draft-nennemann-wimse-execution-context-00.md
index afecb3b..92f290d 100644
--- a/draft-nennemann-wimse-execution-context-00.md
+++ b/draft-nennemann-wimse-execution-context-00.md
@@ -167,7 +167,7 @@ This document defines:
 
 - The Execution Context Token (ECT) format ({{ect-format}})
 - DAG structure for task dependency ordering ({{dag-validation}})
-- Policy checkpoint recording ({{policy-claims}})
+- Policy checkpoint recording via extension keys ({{policy-claims}})
 - Integration with the WIMSE identity framework
   ({{wimse-integration}})
 - An HTTP header for ECT transport ({{http-header}})
@@ -403,12 +403,6 @@ iss:
   deployments MAY use other URI schemes (e.g., HTTPS URLs or
   URN:UUID identifiers).
 
-sub:
-: OPTIONAL.  StringOrURI.  The subject of the ECT.  When present,
-  MUST equal the "iss" claim.  This claim is included for
-  compatibility with JWT libraries and frameworks that expect a
-  "sub" claim to be present.
-
 aud:
 : REQUIRED.  StringOrURI or array of StringOrURI.  The intended
   recipient(s) of the ECT.  Because ECTs serve as both inter-agent
@@ -489,21 +483,25 @@ par:
   a root task with no dependencies.  A workflow MAY contain
   multiple root tasks.
 
-### Policy Evaluation {#policy-claims}
+### Policy Evaluation Extension Keys {#policy-claims}
 
-The following claims record policy evaluation outcomes:
+Policy evaluation outcomes are recorded as extension keys within
+the "ext" object ({{extension-claims}}).  This keeps the core
+registered claims focused on DAG structure and execution context,
+while allowing deployments to add policy recording as needed.
 
-pol:
-: OPTIONAL.  String.  The identifier of the policy rule that was
-  evaluated for this task (e.g.,
-  "clinical_data_access_policy_v1").  MUST be present when
-  "pol_decision" is present.
+The following extension keys are defined for policy evaluation:
 
-pol_decision:
-: OPTIONAL.  String.  The result of the policy evaluation.  When
-  present, MUST be one of the values registered in the ECT Policy
-  Decision Values registry ({{pol-decision-registry}}).  MUST be
-  present when "pol" is present.  Initial values are:
+"pol":
+: String.  The identifier of the policy rule that was evaluated
+  for this task (e.g., "clinical_data_access_policy_v1").  MUST
+  be present when "pol_decision" is present.
+
+"pol_decision":
+: String.  The result of the policy evaluation.  When present,
+  MUST be one of the values registered in the ECT Policy Decision
+  Values registry ({{pol-decision-registry}}).  MUST be present
+  when "pol" is present.  Initial values are:
 
   *  "approved": The policy evaluation succeeded and the task
      was authorized to proceed.
@@ -522,25 +520,25 @@ pol_decision:
      records an "approved" decision referencing this task as a
      parent.
 
-  When "pol" and "pol_decision" are absent, the ECT records task
-  execution without a policy checkpoint.  Regulated deployments
-  SHOULD include policy claims on all ECTs to maintain complete
-  audit trails.
+  When "pol" and "pol_decision" are absent from "ext", the ECT
+  records task execution without a policy checkpoint.  Regulated
+  deployments SHOULD include policy keys on all ECTs to maintain
+  complete audit trails.
 
-pol_enforcer:
-: OPTIONAL.  StringOrURI.  The identity of the entity (system or
-  person) that evaluated the policy decision.  When present,
-  SHOULD use SPIFFE ID format.
+"pol_enforcer":
+: StringOrURI.  The identity of the entity (system or person)
+  that evaluated the policy decision.  When present, SHOULD use
+  SPIFFE ID format.
 
 This specification intentionally defines only the recording of
 policy evaluation outcomes.  The mechanisms by which policies are
 defined, distributed to agents, and evaluated are out of scope.
-The "pol" claim is an opaque identifier referencing an external
+The "pol" key is an opaque identifier referencing an external
 policy; the semantics and enforcement of that policy are
 determined by the deployment environment.  Implementations may
 use any policy engine or framework (e.g., OPA/Rego, Cedar, XACML,
 or custom solutions) provided that the evaluation outcome is
-faithfully recorded in the ECT claims defined above.
+faithfully recorded in the "ext" keys defined above.
 
 ### Data Integrity {#data-integrity-claims}
 
@@ -565,25 +563,12 @@ out_hash:
 
 ### Compensation and Rollback {#compensation-claims}
 
-compensation_required:
-: OPTIONAL.  Boolean.  Indicates whether this task is a
-  compensation or rollback action for a previous task.
-
-compensation_reason:
-: OPTIONAL.  String.  A human-readable reason for the compensation
-  action.  MUST be present if "compensation_required" is true.
-  Values SHOULD use structured identifiers (e.g.,
-  "policy_violation_in_parent_trade") rather than free-form text
-  to minimize the risk of embedding sensitive information.  See
-  {{data-minimization}} for privacy guidance.
-  If "compensation_reason" is present, "compensation_required"
-  MUST be true.
-
-Note: compensation ECTs reference historical parent tasks via the
-"par" claim.  The referenced parent ECTs may have passed their own
-"exp" time; ECT expiration applies to the verification window of
-the ECT itself, not to its validity as a parent reference in the
-ledger.
+Compensation and rollback actions are recorded using the "par"
+claim to reference the original task and the "exec_act" claim to
+describe the remediation action.  The referenced parent ECTs may
+have passed their own "exp" time; ECT expiration applies to the
+verification window of the ECT itself, not to its validity as a
+parent reference in the ECT store.
 
 ### Extensions {#extension-claims}
 
@@ -604,7 +589,20 @@ exceeds these limits.
 
 The following extension keys are defined by this specification
 for common use cases.  Because these keys are documented here,
-they use short names without reverse domain prefixes:
+they use short names without reverse domain prefixes.
+
+Policy evaluation keys (see {{policy-claims}} for full
+definitions and decision value semantics):
+
+- "pol": String.  Policy rule identifier.
+- "pol\_decision": String.  Policy evaluation outcome
+  ("approved", "rejected", or "pending\_human\_review").
+- "pol\_enforcer": StringOrURI.  Identity of the policy
+  evaluator.
+- "pol\_timestamp": NumericDate.  Time at which the policy
+  decision was made, if distinct from "iat".
+
+Operational metadata keys:
 
 - "exec\_time\_ms": Integer.  Execution duration in milliseconds.
 - "regulated\_domain": String.  Regulatory domain (e.g.,
@@ -616,8 +614,12 @@ they use short names without reverse domain prefixes:
   attestation, witnesses should submit independent signed ECTs.
 - "inp\_classification": String.  Data sensitivity classification
   (e.g., "public", "confidential", "restricted").
-- "pol\_timestamp": NumericDate.  Time at which the policy
-  decision was made, if distinct from "iat".
+- "compensation\_required": Boolean.  Indicates whether this task
+  is a compensation or rollback action.
+- "compensation\_reason": String.  Structured reason code for the
+  compensation action (e.g., "policy\_violation\_in\_parent\_trade").
+  SHOULD use structured identifiers rather than free-form text
+  to minimize information leakage (see {{data-minimization}}).
 
 ## Complete ECT Example
 
@@ -626,7 +628,6 @@ The following is a complete ECT payload example:
 ~~~json
 {
   "iss": "spiffe://example.com/agent/clinical",
-  "sub": "spiffe://example.com/agent/clinical",
   "aud": "spiffe://example.com/agent/safety",
   "iat": 1772064150,
   "exp": 1772064750,
@@ -636,14 +637,13 @@ The following is a complete ECT payload example:
   "exec_act": "recommend_treatment",
   "par": [],
 
-  "pol": "clinical_reasoning_policy_v2",
-  "pol_decision": "approved",
-  "pol_enforcer": "spiffe://example.com/policy/clinical-engine",
-
   "inp_hash": "sha-256:n4bQgYhMfWWaL-qgxVrQFaO_TxsrC4Is0V1sFbDwCgg",
   "out_hash": "sha-256:LCa0a2j_xo_5m0U8HTBBNBNCLXBkg7-g-YpeiGJm564",
 
   "ext": {
+    "pol": "clinical_reasoning_policy_v2",
+    "pol_decision": "approved",
+    "pol_enforcer": "spiffe://example.com/policy/clinical-engine",
     "pol_timestamp": 1772064145,
     "exec_time_ms": 245,
     "regulated_domain": "medtech",
@@ -733,15 +733,14 @@ the following DAG validation steps:
     lead back to the current ECT's "jti".  If a cycle is detected,
     the ECT MUST be rejected.
 
-5.  Parent Policy Decision: If any parent ECT contains a
-    "pol_decision" of "rejected" or "pending_human_review", the
-    current ECT's "exec_act" MUST indicate a compensation,
-    rollback, remediation, or human review action.
-    Implementations MUST NOT accept an ECT representing normal
-    workflow continuation when a parent's "pol_decision" is not
-    "approved", unless the current ECT has "compensation_required"
-    set to true.  This rule only applies when the parent ECT
-    contains policy claims.
+5.  Parent Policy Decision: If any parent ECT's "ext" object
+    contains a "pol_decision" of "rejected" or
+    "pending_human_review", the current ECT's "exec_act" MUST
+    indicate a compensation, rollback, remediation, or human
+    review action.  Implementations MUST NOT accept an ECT
+    representing normal workflow continuation when a parent's
+    "pol_decision" is not "approved".  This rule only applies
+    when the parent ECT's "ext" contains policy keys.
 
 6.  Trust Domain Consistency: Parent tasks SHOULD belong to the
     same trust domain or to a trust domain with which a federation
@@ -856,19 +855,19 @@ verification steps in order:
 12. Verify all required claims ("jti", "exec_act", "par") are
     present and well-formed.
 
-13. If "pol" or "pol_decision" is present, verify that both are
-    present and that "pol_decision" is one of "approved",
-    "rejected", or "pending_human_review".
+13. If "ext" is present and contains "pol" or "pol_decision",
+    verify that both are present and that "pol_decision" is one
+    of "approved", "rejected", or "pending_human_review".
 
 14. Perform DAG validation per {{dag-validation}}.
 
-15. If all checks pass, the ECT MUST be appended to the audit
-    ledger.
+15. If all checks pass and an audit ledger is deployed, the ECT
+    SHOULD be appended to the ledger.
 
 If any verification step fails, the ECT MUST be rejected and the
 failure MUST be logged for audit purposes.  Error messages
 SHOULD NOT reveal whether specific parent task IDs exist in the
-ledger, to prevent information disclosure.
+ECT store, to prevent information disclosure.
 
 When ECT verification fails during HTTP request processing, the
 receiving agent SHOULD respond with HTTP 403 (Forbidden) if the
@@ -936,11 +935,12 @@ function verify_ect(ect_jws, verifier_id,
     if claim not in payload:
       return reject("Missing required claim: " + claim)
 
-  // Validate policy claims (optional, but must be paired)
-  if "pol" in payload or "pol_decision" in payload:
-    if "pol" not in payload or "pol_decision" not in payload:
+  // Validate policy extension keys (optional, but must be paired)
+  ext = payload.ext or {}
+  if "pol" in ext or "pol_decision" in ext:
+    if "pol" not in ext or "pol_decision" not in ext:
       return reject("pol and pol_decision must both be present")
-    if payload.pol_decision not in
+    if ext.pol_decision not in
        ["approved", "rejected", "pending_human_review"]:
       return reject("Invalid pol_decision value")
 
@@ -1010,29 +1010,34 @@ software used in medical devices.
 Agent A (Spec Reviewer):
   jti: task-001    par: []
   exec_act: review_requirements_spec
-  pol: spec_review_policy_v2     pol_decision: approved
+  ext.pol: spec_review_policy_v2
+  ext.pol_decision: approved
 
 Agent B (Code Generator):
   jti: task-002    par: [task-001]
   exec_act: implement_module
-  pol: coding_standards_v3       pol_decision: approved
+  ext.pol: coding_standards_v3
+  ext.pol_decision: approved
 
 Agent C (Test Agent):
   jti: task-003    par: [task-002]
   exec_act: execute_test_suite
-  pol: test_coverage_policy_v1   pol_decision: approved
+  ext.pol: test_coverage_policy_v1
+  ext.pol_decision: approved
 
 Agent D (Build Agent):
   jti: task-004    par: [task-003]
   exec_act: build_release_artifact
-  pol: build_validation_v2       pol_decision: approved
+  ext.pol: build_validation_v2
+  ext.pol_decision: approved
 
 Human Release Manager:
   jti: task-005    par: [task-004]
   exec_act: approve_release
-  pol: release_approval_policy   pol_decision: approved
-  pol_enforcer: spiffe://meddev.example/human/release-mgr-42
-  ext: {witnessed_by: [...]}  (extension metadata)
+  ext.pol: release_approval_policy
+  ext.pol_decision: approved
+  ext.pol_enforcer: spiffe://meddev.example/human/release-mgr-42
+  ext.witnessed_by: [...]
 ~~~
 {: #fig-medtech-sdlc title="Medical Device SDLC Workflow"}
 
@@ -1098,17 +1103,20 @@ execution.
 Agent A (Risk Assessment):
   jti: task-001    par: []
   exec_act: calculate_risk_exposure
-  pol: risk_limits_policy_v2  pol_decision: approved
+  ext.pol: risk_limits_policy_v2
+  ext.pol_decision: approved
 
 Agent B (Compliance):
   jti: task-002    par: [task-001]
   exec_act: verify_compliance
-  pol: compliance_check_v1    pol_decision: approved
+  ext.pol: compliance_check_v1
+  ext.pol_decision: approved
 
 Agent C (Execution):
   jti: task-003    par: [task-002]
   exec_act: execute_trade
-  pol: execution_policy_v3    pol_decision: approved
+  ext.pol: execution_policy_v3
+  ext.pol_decision: approved
 ~~~
 {: #fig-finance title="Financial Trading Workflow"}
 
@@ -1129,7 +1137,6 @@ a cryptographic link to the original task:
 ~~~json
 {
   "iss": "spiffe://bank.example/agent/operations",
-  "sub": "spiffe://bank.example/agent/operations",
   "aud": "spiffe://bank.example/system/ledger",
   "iat": 1772150550,
   "exp": 1772151150,
@@ -1137,11 +1144,13 @@ a cryptographic link to the original task:
   "wid": "d3e4f5a6-b7c8-9012-def0-123456789012",
   "exec_act": "initiate_trade_rollback",
   "par": ["550e8400-e29b-41d4-a716-446655440003"],
-  "pol": "compensation_policy_v1",
-  "pol_decision": "approved",
-  "pol_enforcer": "spiffe://bank.example/human/compliance-officer",
-  "compensation_required": true,
-  "compensation_reason": "policy_violation_in_parent_trade"
+  "ext": {
+    "pol": "compensation_policy_v1",
+    "pol_decision": "approved",
+    "pol_enforcer": "spiffe://bank.example/human/compliance-officer",
+    "compensation_required": true,
+    "compensation_reason": "policy_violation_in_parent_trade"
+  }
 }
 ~~~
 {: #fig-compensation title="Compensation ECT Example"}
@@ -1160,27 +1169,32 @@ required checks were completed:
 Agent A (Route Planning):
   jti: task-001    par: []
   exec_act: plan_route
-  pol: route_policy_v1        pol_decision: approved
+  ext.pol: route_policy_v1
+  ext.pol_decision: approved
 
 Agent B (Customs):
   jti: task-002    par: [task-001]
   exec_act: validate_customs
-  pol: customs_policy_v2      pol_decision: approved
+  ext.pol: customs_policy_v2
+  ext.pol_decision: approved
 
 Agent C (Safety):
   jti: task-003    par: [task-001]
   exec_act: verify_cargo_safety
-  pol: safety_policy_v1       pol_decision: approved
+  ext.pol: safety_policy_v1
+  ext.pol_decision: approved
 
 Agent D (Payment):
   jti: task-004    par: [task-002, task-003]
   exec_act: authorize_payment
-  pol: payment_policy_v3      pol_decision: approved
+  ext.pol: payment_policy_v3
+  ext.pol_decision: approved
 
 System (Commitment):
   jti: task-005    par: [task-004]
   exec_act: commit_shipment
-  pol: commitment_policy_v1   pol_decision: approved
+  ext.pol: commitment_policy_v1
+  ext.pol_decision: approved
 ~~~
 {: #fig-logistics title="Logistics Workflow with Parallel Tasks"}
 
@@ -1211,8 +1225,8 @@ The following threat actors are considered:
 ECTs are self-asserted by the executing agent.  The agent claims
 what it did, and this claim is signed with its private key.  A
 compromised or malicious agent could create ECTs with false claims
-(e.g., setting "pol_decision" to "approved" without actually
-evaluating the policy).
+(e.g., setting "pol_decision" in "ext" to "approved" without
+actually evaluating the policy).
 
 ECTs do not independently verify that:
 
@@ -1232,32 +1246,11 @@ evidence within a single ECT that the witnesses actually
 observed the task.  An issuing agent could list witnesses that
 did not participate.
 
-### Witness Attestation Model {#witness-attestation-model}
-
-To address the self-assertion limitation of the
-"witnessed_by" extension, witnesses SHOULD submit their
-own independent signed ECTs to the audit ledger attesting to the
-observed task.  A witness attestation ECT:
-
-- MUST set "iss" to the witness's own workload identity.
-- MUST set "exec_act" to "witness_attestation" (or a domain-
-  specific equivalent).
-- MUST include the observed task's "jti" in the "par" array,
-  linking the attestation to the original task.
-- MUST set "pol_decision" to "approved" to indicate the witness
-  confirms the observation.
-
-When a task's "witnessed_by" extension lists one or more
-witnesses, auditors SHOULD verify that corresponding witness
-attestation ECTs exist in the ledger for each listed witness.  A
-mismatch between the extension value and the set of independent
-witness ECTs in the ledger SHOULD be flagged during audit review.
-
-This model converts witness attestation from a self-asserted claim
-to a cryptographically verifiable property of the ledger: the
-witness independently signs their own ECT using their own key,
-and the ledger records both the original task ECT and the witness
-attestation ECTs.
+To strengthen witness attestation beyond self-assertion, witnesses
+SHOULD submit their own independent signed ECTs referencing the
+observed task's "jti" in the "par" array.  Auditors can then
+cross-check the "witnessed_by" extension against independent
+witness ECTs in the ECT store.
 
 ## Organizational Prerequisites
 
@@ -1409,8 +1402,8 @@ ECTs necessarily reveal:
 
 - Agent identities ("iss", "aud") for accountability purposes
 - Action descriptions ("exec_act") for audit trail completeness
-- Policy evaluation outcomes ("pol", "pol_decision") for
-  compliance verification
+- Policy evaluation outcomes (via "ext" keys "pol",
+  "pol_decision") when present, for compliance verification
 - Timestamps ("iat", "exp") for temporal ordering
 
 ECTs are designed to NOT reveal:
@@ -1426,18 +1419,14 @@ ECTs are designed to NOT reveal:
 Implementations SHOULD minimize the information included in ECTs.
 The "exec_act" claim SHOULD use structured identifiers (e.g.,
 "process_payment") rather than natural language descriptions.
-The "pol" claim SHOULD reference policy identifiers rather than
-embedding policy content.
+The "pol" extension key SHOULD reference policy identifiers
+rather than embedding policy content.
 
-The "compensation_reason" claim ({{compensation-claims}})
-deserves particular attention: because it is human-readable and
-may describe the circumstances of a failure or policy violation,
-it risks exposing sensitive operational details.  Implementations
-SHOULD use short, structured reason codes (e.g.,
-"policy_violation_in_parent_trade") rather than free-form
-natural language explanations.  Implementers SHOULD review
-"compensation_reason" values for potential information leakage
-before deploying to production.
+The "compensation_reason" extension key in "ext"
+({{compensation-claims}}) deserves particular attention: because
+it is human-readable, it risks exposing sensitive operational
+details.  See {{extension-claims}} for guidance on using
+structured identifiers.
 
 ## Storage and Access Control
 
@@ -1540,16 +1529,16 @@ the "JSON Web Token Claims" registry maintained by IANA:
 | wid | Workflow Identifier | IETF | {{exec-claims}} |
 | exec_act | Action/Task Type | IETF | {{exec-claims}} |
 | par | Parent Task Identifiers | IETF | {{exec-claims}} |
-| pol | Policy Rule Identifier | IETF | {{policy-claims}} |
-| pol_decision | Policy Decision Result | IETF | {{policy-claims}} |
-| pol_enforcer | Policy Enforcer Identity | IETF | {{policy-claims}} |
 | inp_hash | Input Data Hash | IETF | {{data-integrity-claims}} |
 | out_hash | Output Data Hash | IETF | {{data-integrity-claims}} |
-| compensation_required | Compensation Flag | IETF | {{compensation-claims}} |
-| compensation_reason | Compensation Reason | IETF | {{compensation-claims}} |
 | ext | Extension Object | IETF | {{extension-claims}} |
 {: #table-claims title="JWT Claims Registrations"}
 
+Note: Policy evaluation keys ("pol", "pol_decision",
+"pol_enforcer") are carried within the "ext" object as
+spec-defined extension keys ({{policy-claims}}) and do not
+require separate JWT Claims registration.
+
 ## ECT Policy Decision Values Registry {#pol-decision-registry}
 
 This document establishes the "ECT Policy Decision Values"
@@ -1704,14 +1693,15 @@ use cases are distinct.
 A minimal conforming implementation needs to:
 
 1.  Create JWTs with all required claims ("iss", "aud", "iat",
-    "exp", "jti", "exec_act", "par") and policy claims ("pol",
-    "pol_decision") when policy evaluation was performed.
+    "exp", "jti", "exec_act", "par") and policy extension keys
+    ("ext.pol", "ext.pol_decision") when policy evaluation was
+    performed.
 2.  Sign ECTs with the agent's private key using an algorithm
     matching the WIT (ES256 recommended).
 3.  Verify ECT signatures against WIT public keys.
 4.  Perform DAG validation (parent existence, temporal ordering,
     cycle detection).
-5.  Append verified ECTs to the audit ledger.
+5.  If an audit ledger is deployed, append verified ECTs to it.
 
 ## Storage Recommendations
 {:numbered="false"}
@@ -1787,7 +1777,6 @@ ECT Payload:
 ~~~json
 {
   "iss": "spiffe://example.com/agent/data-retrieval",
-  "sub": "spiffe://example.com/agent/data-retrieval",
   "aud": "spiffe://example.com/agent/validator",
   "iat": 1772064150,
   "exp": 1772064750,
@@ -1795,10 +1784,12 @@ ECT Payload:
   "wid": "b1c2d3e4-f5a6-7890-bcde-f01234567890",
   "exec_act": "fetch_patient_data",
   "par": [],
-  "pol": "clinical_data_access_policy_v1",
-  "pol_decision": "approved",
   "inp_hash": "sha-256:n4bQgYhMfWWaL-qgxVrQFaO_TxsrC4Is0V1sFbDwCgg",
-  "out_hash": "sha-256:LCa0a2j_xo_5m0U8HTBBNBNCLXBkg7-g-YpeiGJm564"
+  "out_hash": "sha-256:LCa0a2j_xo_5m0U8HTBBNBNCLXBkg7-g-YpeiGJm564",
+  "ext": {
+    "pol": "clinical_data_access_policy_v1",
+    "pol_decision": "approved"
+  }
 }
 ~~~
 
@@ -1808,7 +1799,6 @@ task, and creates its own ECT:
 ~~~json
 {
   "iss": "spiffe://example.com/agent/validator",
-  "sub": "spiffe://example.com/agent/validator",
   "aud": "spiffe://example.com/system/ledger",
   "iat": 1772064160,
   "exp": 1772064760,
@@ -1816,8 +1806,10 @@ task, and creates its own ECT:
   "wid": "b1c2d3e4-f5a6-7890-bcde-f01234567890",
   "exec_act": "validate_safety",
   "par": ["550e8400-e29b-41d4-a716-446655440001"],
-  "pol": "safety_validation_policy_v2",
-  "pol_decision": "approved"
+  "ext": {
+    "pol": "safety_validation_policy_v2",
+    "pol_decision": "approved"
+  }
 }
 ~~~
 
@@ -1841,7 +1833,6 @@ Task 1 (Spec Review Agent):
 ~~~json
 {
   "iss": "spiffe://meddev.example/agent/spec-reviewer",
-  "sub": "spiffe://meddev.example/agent/spec-reviewer",
   "aud": "spiffe://meddev.example/agent/code-gen",
   "iat": 1772064150,
   "exp": 1772064750,
@@ -1849,10 +1840,12 @@ Task 1 (Spec Review Agent):
   "wid": "c2d3e4f5-a6b7-8901-cdef-012345678901",
   "exec_act": "review_requirements_spec",
   "par": [],
-  "pol": "spec_review_policy_v2",
-  "pol_decision": "approved",
   "inp_hash": "sha-256:n4bQgYhMfWWaL-qgxVrQFaO_TxsrC4Is0V1sFbDwCgg",
-  "out_hash": "sha-256:LCa0a2j_xo_5m0U8HTBBNBNCLXBkg7-g-YpeiGJm564"
+  "out_hash": "sha-256:LCa0a2j_xo_5m0U8HTBBNBNCLXBkg7-g-YpeiGJm564",
+  "ext": {
+    "pol": "spec_review_policy_v2",
+    "pol_decision": "approved"
+  }
 }
 ~~~
 
@@ -1861,7 +1854,6 @@ Task 2 (Code Generation Agent):
 ~~~json
 {
   "iss": "spiffe://meddev.example/agent/code-gen",
-  "sub": "spiffe://meddev.example/agent/code-gen",
   "aud": "spiffe://meddev.example/agent/test-runner",
   "iat": 1772064200,
   "exp": 1772064800,
@@ -1869,8 +1861,10 @@ Task 2 (Code Generation Agent):
   "wid": "c2d3e4f5-a6b7-8901-cdef-012345678901",
   "exec_act": "implement_module",
   "par": ["a1b2c3d4-0001-0000-0000-000000000001"],
-  "pol": "coding_standards_v3",
-  "pol_decision": "approved"
+  "ext": {
+    "pol": "coding_standards_v3",
+    "pol_decision": "approved"
+  }
 }
 ~~~
 
@@ -1879,7 +1873,6 @@ Task 3 (Autonomous Test Agent):
 ~~~json
 {
   "iss": "spiffe://meddev.example/agent/test-runner",
-  "sub": "spiffe://meddev.example/agent/test-runner",
   "aud": "spiffe://meddev.example/agent/build",
   "iat": 1772064260,
   "exp": 1772064860,
@@ -1887,8 +1880,10 @@ Task 3 (Autonomous Test Agent):
   "wid": "c2d3e4f5-a6b7-8901-cdef-012345678901",
   "exec_act": "execute_test_suite",
   "par": ["a1b2c3d4-0001-0000-0000-000000000002"],
-  "pol": "test_coverage_policy_v1",
-  "pol_decision": "approved"
+  "ext": {
+    "pol": "test_coverage_policy_v1",
+    "pol_decision": "approved"
+  }
 }
 ~~~
 
@@ -1897,7 +1892,6 @@ Task 4 (Build Agent):
 ~~~json
 {
   "iss": "spiffe://meddev.example/agent/build",
-  "sub": "spiffe://meddev.example/agent/build",
   "aud": "spiffe://meddev.example/human/release-mgr-42",
   "iat": 1772064310,
   "exp": 1772064910,
@@ -1905,9 +1899,11 @@ Task 4 (Build Agent):
   "wid": "c2d3e4f5-a6b7-8901-cdef-012345678901",
   "exec_act": "build_release_artifact",
   "par": ["a1b2c3d4-0001-0000-0000-000000000003"],
-  "pol": "build_validation_v2",
-  "pol_decision": "approved",
-  "out_hash": "sha-256:Ry1YfOoW2XpC5Mq8HkGzNx3dL9vBa4sUjE7iKt0wPZc"
+  "out_hash": "sha-256:Ry1YfOoW2XpC5Mq8HkGzNx3dL9vBa4sUjE7iKt0wPZc",
+  "ext": {
+    "pol": "build_validation_v2",
+    "pol_decision": "approved"
+  }
 }
 ~~~
 
@@ -1916,7 +1912,6 @@ Task 5 (Human Release Manager Approval):
 ~~~json
 {
   "iss": "spiffe://meddev.example/human/release-mgr-42",
-  "sub": "spiffe://meddev.example/human/release-mgr-42",
   "aud": "spiffe://meddev.example/system/ledger",
   "iat": 1772064510,
   "exp": 1772065110,
@@ -1924,10 +1919,10 @@ Task 5 (Human Release Manager Approval):
   "wid": "c2d3e4f5-a6b7-8901-cdef-012345678901",
   "exec_act": "approve_release",
   "par": ["a1b2c3d4-0001-0000-0000-000000000004"],
-  "pol": "release_approval_policy",
-  "pol_decision": "approved",
-  "pol_enforcer": "spiffe://meddev.example/human/release-mgr-42",
   "ext": {
+    "pol": "release_approval_policy",
+    "pol_decision": "approved",
+    "pol_enforcer": "spiffe://meddev.example/human/release-mgr-42",
     "witnessed_by": [
       "spiffe://meddev.example/audit/qa-observer-1"
     ]
@@ -1986,7 +1981,6 @@ Task 004 ECT payload:
 ~~~json
 {
   "iss": "spiffe://bank.example/agent/execution",
-  "sub": "spiffe://bank.example/agent/execution",
   "aud": "spiffe://bank.example/system/ledger",
   "iat": 1772064250,
   "exp": 1772064850,
@@ -1997,8 +1991,10 @@ Task 004 ECT payload:
     "f1e2d3c4-0002-0000-0000-000000000002",
     "f1e2d3c4-0003-0000-0000-000000000003"
   ],
-  "pol": "trade_execution_policy_v3",
-  "pol_decision": "approved"
+  "ext": {
+    "pol": "trade_execution_policy_v3",
+    "pol_decision": "approved"
+  }
 }
 ~~~
 
diff --git a/draft-nennemann-wimse-execution-context-00.txt b/draft-nennemann-wimse-execution-context-00.txt
index 6416811..04dd1d5 100644
--- a/draft-nennemann-wimse-execution-context-00.txt
+++ b/draft-nennemann-wimse-execution-context-00.txt
@@ -4,8 +4,8 @@
 
 WIMSE                                                       C. Nennemann
 Internet-Draft                                    Independent Researcher
-Intended status: Standards Track                        24 February 2026
-Expires: 28 August 2026
+Intended status: Standards Track                        25 February 2026
+Expires: 29 August 2026
 
 
        Execution Context Tokens for Distributed Agentic Workflows
@@ -46,14 +46,14 @@ Status of This Memo
    time.  It is inappropriate to use Internet-Drafts as reference
    material or to cite them other than as "work in progress."
 
-   This Internet-Draft will expire on 28 August 2026.
+   This Internet-Draft will expire on 29 August 2026.
 
 
 
 
 
 
-Nennemann                Expires 28 August 2026                 [Page 1]
+Nennemann                Expires 29 August 2026                 [Page 1]
 
 Internet-Draft           WIMSE Execution Context           February 2026
 
@@ -89,11 +89,11 @@ Table of Contents
      4.2.  JWT Claims  . . . . . . . . . . . . . . . . . . . . . . .  10
        4.2.1.  Standard JWT Claims . . . . . . . . . . . . . . . . .  10
        4.2.2.  Execution Context . . . . . . . . . . . . . . . . . .  11
-       4.2.3.  Policy Evaluation . . . . . . . . . . . . . . . . . .  12
+       4.2.3.  Policy Evaluation Extension Keys  . . . . . . . . . .  12
        4.2.4.  Data Integrity  . . . . . . . . . . . . . . . . . . .  13
        4.2.5.  Compensation and Rollback . . . . . . . . . . . . . .  13
        4.2.6.  Extensions  . . . . . . . . . . . . . . . . . . . . .  13
-     4.3.  Complete ECT Example  . . . . . . . . . . . . . . . . . .  14
+     4.3.  Complete ECT Example  . . . . . . . . . . . . . . . . . .  15
    5.  HTTP Header Transport . . . . . . . . . . . . . . . . . . . .  15
      5.1.  Execution-Context Header Field  . . . . . . . . . . . . .  15
    6.  DAG Validation  . . . . . . . . . . . . . . . . . . . . . . .  16
@@ -109,69 +109,68 @@ Table of Contents
 
 
 
-Nennemann                Expires 28 August 2026                 [Page 2]
+Nennemann                Expires 29 August 2026                 [Page 2]
 
 Internet-Draft           WIMSE Execution Context           February 2026
 
 
        9.1.1.  FDA Audit with DAG Reconstruction . . . . . . . . . .  24
      9.2.  Financial Trading Workflow  . . . . . . . . . . . . . . .  25
-     9.3.  Compensation and Rollback . . . . . . . . . . . . . . . .  25
+     9.3.  Compensation and Rollback . . . . . . . . . . . . . . . .  26
      9.4.  Autonomous Logistics Coordination . . . . . . . . . . . .  26
    10. Security Considerations . . . . . . . . . . . . . . . . . . .  27
      10.1.  Threat Model . . . . . . . . . . . . . . . . . . . . . .  27
      10.2.  Self-Assertion Limitation  . . . . . . . . . . . . . . .  28
-       10.2.1.  Witness Attestation Model  . . . . . . . . . . . . .  28
-     10.3.  Organizational Prerequisites . . . . . . . . . . . . . .  29
+     10.3.  Organizational Prerequisites . . . . . . . . . . . . . .  28
      10.4.  Signature Verification . . . . . . . . . . . . . . . . .  29
-     10.5.  Replay Attack Prevention . . . . . . . . . . . . . . . .  30
+     10.5.  Replay Attack Prevention . . . . . . . . . . . . . . . .  29
      10.6.  Man-in-the-Middle Protection . . . . . . . . . . . . . .  30
      10.7.  Key Compromise . . . . . . . . . . . . . . . . . . . . .  30
-     10.8.  Collusion and False Claims . . . . . . . . . . . . . . .  31
+     10.8.  Collusion and False Claims . . . . . . . . . . . . . . .  30
      10.9.  Denial of Service  . . . . . . . . . . . . . . . . . . .  31
-     10.10. Timestamp Accuracy . . . . . . . . . . . . . . . . . . .  32
+     10.10. Timestamp Accuracy . . . . . . . . . . . . . . . . . . .  31
      10.11. ECT Size Constraints . . . . . . . . . . . . . . . . . .  32
    11. Privacy Considerations  . . . . . . . . . . . . . . . . . . .  32
      11.1.  Data Exposure in ECTs  . . . . . . . . . . . . . . . . .  32
-     11.2.  Data Minimization  . . . . . . . . . . . . . . . . . . .  33
+     11.2.  Data Minimization  . . . . . . . . . . . . . . . . . . .  32
      11.3.  Storage and Access Control . . . . . . . . . . . . . . .  33
      11.4.  Regulatory Access  . . . . . . . . . . . . . . . . . . .  33
    12. IANA Considerations . . . . . . . . . . . . . . . . . . . . .  33
      12.1.  Media Type Registration  . . . . . . . . . . . . . . . .  33
      12.2.  HTTP Header Field Registration . . . . . . . . . . . . .  34
-     12.3.  JWT Claims Registration  . . . . . . . . . . . . . . . .  35
-     12.4.  ECT Policy Decision Values Registry  . . . . . . . . . .  36
+     12.3.  JWT Claims Registration  . . . . . . . . . . . . . . . .  34
+     12.4.  ECT Policy Decision Values Registry  . . . . . . . . . .  35
    13. References  . . . . . . . . . . . . . . . . . . . . . . . . .  36
      13.1.  Normative References . . . . . . . . . . . . . . . . . .  36
      13.2.  Informative References . . . . . . . . . . . . . . . . .  37
    Related Work  . . . . . . . . . . . . . . . . . . . . . . . . . .  39
      WIMSE Workload Identity . . . . . . . . . . . . . . . . . . . .  39
-     OAuth 2.0 Token Exchange and the "act" Claim  . . . . . . . . .  40
+     OAuth 2.0 Token Exchange and the "act" Claim  . . . . . . . . .  39
      Transaction Tokens  . . . . . . . . . . . . . . . . . . . . . .  40
-     Distributed Tracing (OpenTelemetry) . . . . . . . . . . . . . .  41
+     Distributed Tracing (OpenTelemetry) . . . . . . . . . . . . . .  40
      Blockchain and Distributed Ledgers  . . . . . . . . . . . . . .  41
      SCITT (Supply Chain Integrity, Transparency, and Trust) . . . .  41
-     W3C Verifiable Credentials  . . . . . . . . . . . . . . . . . .  42
-   Implementation Guidance . . . . . . . . . . . . . . . . . . . . .  42
-     Minimal Implementation  . . . . . . . . . . . . . . . . . . . .  42
+     W3C Verifiable Credentials  . . . . . . . . . . . . . . . . . .  41
+   Implementation Guidance . . . . . . . . . . . . . . . . . . . . .  41
+     Minimal Implementation  . . . . . . . . . . . . . . . . . . . .  41
      Storage Recommendations . . . . . . . . . . . . . . . . . . . .  42
      Performance Considerations  . . . . . . . . . . . . . . . . . .  42
-     Interoperability  . . . . . . . . . . . . . . . . . . . . . . .  43
+     Interoperability  . . . . . . . . . . . . . . . . . . . . . . .  42
    Regulatory Compliance Mapping . . . . . . . . . . . . . . . . . .  43
-   Examples  . . . . . . . . . . . . . . . . . . . . . . . . . . . .  44
-     Example 1: Simple Two-Agent Workflow  . . . . . . . . . . . . .  44
+   Examples  . . . . . . . . . . . . . . . . . . . . . . . . . . . .  43
+     Example 1: Simple Two-Agent Workflow  . . . . . . . . . . . . .  43
      Example 2: Medical Device SDLC with Release Approval  . . . . .  45
      Example 3: Parallel Execution with Join . . . . . . . . . . . .  48
+   Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . .  48
 
 
 
-Nennemann                Expires 28 August 2026                 [Page 3]
+Nennemann                Expires 29 August 2026                 [Page 3]
 
 Internet-Draft           WIMSE Execution Context           February 2026
 
 
-   Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . .  49
-   Author's Address  . . . . . . . . . . . . . . . . . . . . . . . .  49
+   Author's Address  . . . . . . . . . . . . . . . . . . . . . . . .  48
 
 1.  Introduction
 
@@ -221,7 +220,8 @@ Internet-Draft           WIMSE Execution Context           February 2026
 
 
 
-Nennemann                Expires 28 August 2026                 [Page 4]
+
+Nennemann                Expires 29 August 2026                 [Page 4]
 
 Internet-Draft           WIMSE Execution Context           February 2026
 
@@ -240,7 +240,7 @@ Internet-Draft           WIMSE Execution Context           February 2026
 
    *  DAG structure for task dependency ordering (Section 6)
 
-   *  Policy checkpoint recording (Section 4.2.3)
+   *  Policy checkpoint recording via extension keys (Section 4.2.3)
 
    *  Integration with the WIMSE identity framework (Section 3)
 
@@ -277,7 +277,7 @@ Internet-Draft           WIMSE Execution Context           February 2026
 
 
 
-Nennemann                Expires 28 August 2026                 [Page 5]
+Nennemann                Expires 29 August 2026                 [Page 5]
 
 Internet-Draft           WIMSE Execution Context           February 2026
 
@@ -333,7 +333,7 @@ Internet-Draft           WIMSE Execution Context           February 2026
 
 
 
-Nennemann                Expires 28 August 2026                 [Page 6]
+Nennemann                Expires 29 August 2026                 [Page 6]
 
 Internet-Draft           WIMSE Execution Context           February 2026
 
@@ -389,7 +389,7 @@ Internet-Draft           WIMSE Execution Context           February 2026
 
 
 
-Nennemann                Expires 28 August 2026                 [Page 7]
+Nennemann                Expires 29 August 2026                 [Page 7]
 
 Internet-Draft           WIMSE Execution Context           February 2026
 
@@ -445,7 +445,7 @@ Internet-Draft           WIMSE Execution Context           February 2026
 
 
 
-Nennemann                Expires 28 August 2026                 [Page 8]
+Nennemann                Expires 29 August 2026                 [Page 8]
 
 Internet-Draft           WIMSE Execution Context           February 2026
 
@@ -501,7 +501,7 @@ Internet-Draft           WIMSE Execution Context           February 2026
 
 
 
-Nennemann                Expires 28 August 2026                 [Page 9]
+Nennemann                Expires 29 August 2026                 [Page 9]
 
 Internet-Draft           WIMSE Execution Context           February 2026
 
@@ -526,11 +526,6 @@ Internet-Draft           WIMSE Execution Context           February 2026
       "sub" claim of the agent's WIT.  Non-WIMSE deployments MAY use
       other URI schemes (e.g., HTTPS URLs or URN:UUID identifiers).
 
-   sub:  OPTIONAL.  StringOrURI.  The subject of the ECT.  When present,
-      MUST equal the "iss" claim.  This claim is included for
-      compatibility with JWT libraries and frameworks that expect a
-      "sub" claim to be present.
-
    aud:  REQUIRED.  StringOrURI or array of StringOrURI.  The intended
       recipient(s) of the ECT.  Because ECTs serve as both inter-agent
       messages and audit records, the "aud" claim SHOULD contain the
@@ -553,15 +548,6 @@ Internet-Draft           WIMSE Execution Context           February 2026
          "spiffe://example.com/system/ledger"]).  Each verifier checks
          that its own identity appears in the array.
 
-
-
-
-
-Nennemann                Expires 28 August 2026                [Page 10]
-
-Internet-Draft           WIMSE Execution Context           February 2026
-
-
       In multi-parent (join) scenarios where a task depends on ECTs from
       multiple parent agents, the joining agent creates a new ECT with
       the parent task IDs in "par".  The "aud" of this new ECT is set
@@ -569,6 +555,13 @@ Internet-Draft           WIMSE Execution Context           February 2026
       delivered — it is independent of the "aud" values in the parent
       ECTs.
 
+
+
+Nennemann                Expires 29 August 2026                [Page 10]
+
+Internet-Draft           WIMSE Execution Context           February 2026
+
+
    iat:  REQUIRED.  NumericDate.  The time at which the ECT was issued.
       The ECT records a completed action, so the "iat" value reflects
       when the record was created, not when task execution began.
@@ -607,34 +600,41 @@ Internet-Draft           WIMSE Execution Context           February 2026
       collision with the "act" (Actor) claim registered by [RFC8693].
 
    par:  REQUIRED.  Array of strings.  Parent task identifiers
-
-
-
-
-
-
-Nennemann                Expires 28 August 2026                [Page 11]
-
-Internet-Draft           WIMSE Execution Context           February 2026
-
-
       representing DAG dependencies.  Each element MUST be the "jti"
       value of a previously verified ECT.  An empty array indicates a
       root task with no dependencies.  A workflow MAY contain multiple
       root tasks.
 
-4.2.3.  Policy Evaluation
 
-   The following claims record policy evaluation outcomes:
 
-   pol:  OPTIONAL.  String.  The identifier of the policy rule that was
-      evaluated for this task (e.g., "clinical_data_access_policy_v1").
-      MUST be present when "pol_decision" is present.
 
-   pol_decision:  OPTIONAL.  String.  The result of the policy
-      evaluation.  When present, MUST be one of the values registered in
-      the ECT Policy Decision Values registry (Section 12.4).  MUST be
-      present when "pol" is present.  Initial values are:
+
+
+
+
+
+Nennemann                Expires 29 August 2026                [Page 11]
+
+Internet-Draft           WIMSE Execution Context           February 2026
+
+
+4.2.3.  Policy Evaluation Extension Keys
+
+   Policy evaluation outcomes are recorded as extension keys within the
+   "ext" object (Section 4.2.6).  This keeps the core registered claims
+   focused on DAG structure and execution context, while allowing
+   deployments to add policy recording as needed.
+
+   The following extension keys are defined for policy evaluation:
+
+   "pol":  String.  The identifier of the policy rule that was evaluated
+      for this task (e.g., "clinical_data_access_policy_v1").  MUST be
+      present when "pol_decision" is present.
+
+   "pol_decision":  String.  The result of the policy evaluation.  When
+      present, MUST be one of the values registered in the ECT Policy
+      Decision Values registry (Section 12.4).  MUST be present when
+      "pol" is present.  Initial values are:
 
       *  "approved": The policy evaluation succeeded and the task was
          authorized to proceed.
@@ -653,32 +653,32 @@ Internet-Draft           WIMSE Execution Context           February 2026
          records an "approved" decision referencing this task as a
          parent.
 
-      When "pol" and "pol_decision" are absent, the ECT records task
-      execution without a policy checkpoint.  Regulated deployments
-      SHOULD include policy claims on all ECTs to maintain complete
-      audit trails.
+      When "pol" and "pol_decision" are absent from "ext", the ECT
+      records task execution without a policy checkpoint.  Regulated
+      deployments SHOULD include policy keys on all ECTs to maintain
+      complete audit trails.
 
-   pol_enforcer:  OPTIONAL.  StringOrURI.  The identity of the entity
-      (system or person) that evaluated the policy decision.  When
-      present, SHOULD use SPIFFE ID format.
+   "pol_enforcer":  StringOrURI.  The identity of the entity (system or
+      person) that evaluated the policy decision.  When present, SHOULD
+      use SPIFFE ID format.
 
    This specification intentionally defines only the recording of policy
    evaluation outcomes.  The mechanisms by which policies are defined,
-   distributed to agents, and evaluated are out of scope.  The "pol"
-   claim is an opaque identifier referencing an external policy; the
+   distributed to agents, and evaluated are out of scope.  The "pol" key
+   is an opaque identifier referencing an external policy; the semantics
 
 
 
-Nennemann                Expires 28 August 2026                [Page 12]
+Nennemann                Expires 29 August 2026                [Page 12]
 
 Internet-Draft           WIMSE Execution Context           February 2026
 
 
-   semantics and enforcement of that policy are determined by the
-   deployment environment.  Implementations may use any policy engine or
-   framework (e.g., OPA/Rego, Cedar, XACML, or custom solutions)
-   provided that the evaluation outcome is faithfully recorded in the
-   ECT claims defined above.
+   and enforcement of that policy are determined by the deployment
+   environment.  Implementations may use any policy engine or framework
+   (e.g., OPA/Rego, Cedar, XACML, or custom solutions) provided that the
+   evaluation outcome is faithfully recorded in the "ext" keys defined
+   above.
 
 4.2.4.  Data Integrity
 
@@ -702,37 +702,34 @@ Internet-Draft           WIMSE Execution Context           February 2026
 
 4.2.5.  Compensation and Rollback
 
-   compensation_required:  OPTIONAL.  Boolean.  Indicates whether this
-      task is a compensation or rollback action for a previous task.
-
-   compensation_reason:  OPTIONAL.  String.  A human-readable reason for
-      the compensation action.  MUST be present if
-      "compensation_required" is true.  Values SHOULD use structured
-      identifiers (e.g., "policy_violation_in_parent_trade") rather than
-      free-form text to minimize the risk of embedding sensitive
-      information.  See Section 11.2 for privacy guidance.  If
-      "compensation_reason" is present, "compensation_required" MUST be
-      true.
-
-   Note: compensation ECTs reference historical parent tasks via the
-   "par" claim.  The referenced parent ECTs may have passed their own
-   "exp" time; ECT expiration applies to the verification window of the
-   ECT itself, not to its validity as a parent reference in the ledger.
+   Compensation and rollback actions are recorded using the "par" claim
+   to reference the original task and the "exec_act" claim to describe
+   the remediation action.  The referenced parent ECTs may have passed
+   their own "exp" time; ECT expiration applies to the verification
+   window of the ECT itself, not to its validity as a parent reference
+   in the ECT store.
 
 4.2.6.  Extensions
 
    ext:  OPTIONAL.  Object.  An extension object for domain-specific
+      claims not defined by this specification.  Implementations that do
+      not understand extension claims MUST ignore them.
 
 
 
-Nennemann                Expires 28 August 2026                [Page 13]
+
+
+
+
+
+
+
+
+Nennemann                Expires 29 August 2026                [Page 13]
 
 Internet-Draft           WIMSE Execution Context           February 2026
 
 
-      claims not defined by this specification.  Implementations that do
-      not understand extension claims MUST ignore them.
-
    To avoid key collisions between different domains, extension key
    names SHOULD use reverse domain notation (e.g.,
    "com.example.custom_field") to avoid collisions between independently
@@ -744,7 +741,22 @@ Internet-Draft           WIMSE Execution Context           February 2026
 
    The following extension keys are defined by this specification for
    common use cases.  Because these keys are documented here, they use
-   short names without reverse domain prefixes:
+   short names without reverse domain prefixes.
+
+   Policy evaluation keys (see Section 4.2.3 for full definitions and
+   decision value semantics):
+
+   *  "pol": String.  Policy rule identifier.
+
+   *  "pol_decision": String.  Policy evaluation outcome ("approved",
+      "rejected", or "pending_human_review").
+
+   *  "pol_enforcer": StringOrURI.  Identity of the policy evaluator.
+
+   *  "pol_timestamp": NumericDate.  Time at which the policy decision
+      was made, if distinct from "iat".
+
+   Operational metadata keys:
 
    *  "exec_time_ms": Integer.  Execution duration in milliseconds.
 
@@ -761,34 +773,30 @@ Internet-Draft           WIMSE Execution Context           February 2026
    *  "inp_classification": String.  Data sensitivity classification
       (e.g., "public", "confidential", "restricted").
 
-   *  "pol_timestamp": NumericDate.  Time at which the policy decision
-      was made, if distinct from "iat".
+   *  "compensation_required": Boolean.  Indicates whether this task is
+      a compensation or rollback action.
+
+
+
+
+
+
+Nennemann                Expires 29 August 2026                [Page 14]
+
+Internet-Draft           WIMSE Execution Context           February 2026
+
+
+   *  "compensation_reason": String.  Structured reason code for the
+      compensation action (e.g., "policy_violation_in_parent_trade").
+      SHOULD use structured identifiers rather than free-form text to
+      minimize information leakage (see Section 11.2).
 
 4.3.  Complete ECT Example
 
    The following is a complete ECT payload example:
 
-
-
-
-
-
-
-
-
-
-
-
-
-
-Nennemann                Expires 28 August 2026                [Page 14]
-
-Internet-Draft           WIMSE Execution Context           February 2026
-
-
    {
      "iss": "spiffe://example.com/agent/clinical",
-     "sub": "spiffe://example.com/agent/clinical",
      "aud": "spiffe://example.com/agent/safety",
      "iat": 1772064150,
      "exp": 1772064750,
@@ -798,14 +806,13 @@ Internet-Draft           WIMSE Execution Context           February 2026
      "exec_act": "recommend_treatment",
      "par": [],
 
-     "pol": "clinical_reasoning_policy_v2",
-     "pol_decision": "approved",
-     "pol_enforcer": "spiffe://example.com/policy/clinical-engine",
-
      "inp_hash": "sha-256:n4bQgYhMfWWaL-qgxVrQFaO_TxsrC4Is0V1sFbDwCgg",
      "out_hash": "sha-256:LCa0a2j_xo_5m0U8HTBBNBNCLXBkg7-g-YpeiGJm564",
 
      "ext": {
+       "pol": "clinical_reasoning_policy_v2",
+       "pol_decision": "approved",
+       "pol_enforcer": "spiffe://example.com/policy/clinical-engine",
        "pol_timestamp": 1772064145,
        "exec_time_ms": 245,
        "regulated_domain": "medtech",
@@ -826,6 +833,15 @@ Internet-Draft           WIMSE Execution Context           February 2026
    [RFC7515].  The value consists of three Base64url-encoded parts
    separated by period (".") characters.
 
+
+
+
+
+Nennemann                Expires 29 August 2026                [Page 15]
+
+Internet-Draft           WIMSE Execution Context           February 2026
+
+
    An agent sending a request to another agent includes the Execution-
    Context header alongside the WIMSE Workload-Identity header:
 
@@ -834,14 +850,6 @@ Internet-Draft           WIMSE Execution Context           February 2026
    Workload-Identity: eyJhbGci...WIT...
    Execution-Context: eyJhbGci...ECT...
 
-
-
-
-Nennemann                Expires 28 August 2026                [Page 15]
-
-Internet-Draft           WIMSE Execution Context           February 2026
-
-
                    Figure 5: HTTP Request with ECT Header
 
    When multiple parent tasks contribute context to a single request,
@@ -878,6 +886,18 @@ Internet-Draft           WIMSE Execution Context           February 2026
        ECT store if "wid" is absent).  If an ECT with the same "jti"
        already exists, the ECT MUST be rejected.
 
+
+
+
+
+
+
+
+Nennemann                Expires 29 August 2026                [Page 16]
+
+Internet-Draft           WIMSE Execution Context           February 2026
+
+
    2.  Parent Existence: Every task identifier listed in the "par" array
        MUST correspond to a task that is available in the ECT store
        (either previously recorded in the ledger or received inline as a
@@ -890,14 +910,6 @@ Internet-Draft           WIMSE Execution Context           February 2026
        That is, for each parent: parent.iat < child.iat +
        clock_skew_tolerance.  The tolerance accounts for clock skew
        between agents; it does not guarantee strict causal ordering from
-
-
-
-Nennemann                Expires 28 August 2026                [Page 16]
-
-Internet-Draft           WIMSE Execution Context           February 2026
-
-
        timestamps alone.  Causal ordering is primarily enforced by the
        DAG structure (parent existence in the ECT store), not by
        timestamps.  If any parent task violates this constraint, the ECT
@@ -907,14 +919,13 @@ Internet-Draft           WIMSE Execution Context           February 2026
        lead back to the current ECT's "jti".  If a cycle is detected,
        the ECT MUST be rejected.
 
-   5.  Parent Policy Decision: If any parent ECT contains a
-       "pol_decision" of "rejected" or "pending_human_review", the
+   5.  Parent Policy Decision: If any parent ECT's "ext" object contains
+       a "pol_decision" of "rejected" or "pending_human_review", the
        current ECT's "exec_act" MUST indicate a compensation, rollback,
        remediation, or human review action.  Implementations MUST NOT
        accept an ECT representing normal workflow continuation when a
-       parent's "pol_decision" is not "approved", unless the current ECT
-       has "compensation_required" set to true.  This rule only applies
-       when the parent ECT contains policy claims.
+       parent's "pol_decision" is not "approved".  This rule only
+       applies when the parent ECT's "ext" contains policy keys.
 
    6.  Trust Domain Consistency: Parent tasks SHOULD belong to the same
        trust domain or to a trust domain with which a federation
@@ -938,18 +949,7 @@ Internet-Draft           WIMSE Execution Context           February 2026
 
 
 
-
-
-
-
-
-
-
-
-
-
-
-Nennemann                Expires 28 August 2026                [Page 17]
+Nennemann                Expires 29 August 2026                [Page 17]
 
 Internet-Draft           WIMSE Execution Context           February 2026
 
@@ -1005,7 +1005,7 @@ Internet-Draft           WIMSE Execution Context           February 2026
 
 
 
-Nennemann                Expires 28 August 2026                [Page 18]
+Nennemann                Expires 29 August 2026                [Page 18]
 
 Internet-Draft           WIMSE Execution Context           February 2026
 
@@ -1061,7 +1061,7 @@ Internet-Draft           WIMSE Execution Context           February 2026
 
 
 
-Nennemann                Expires 28 August 2026                [Page 19]
+Nennemann                Expires 29 August 2026                [Page 19]
 
 Internet-Draft           WIMSE Execution Context           February 2026
 
@@ -1075,18 +1075,18 @@ Internet-Draft           WIMSE Execution Context           February 2026
    12.  Verify all required claims ("jti", "exec_act", "par") are
         present and well-formed.
 
-   13.  If "pol" or "pol_decision" is present, verify that both are
-        present and that "pol_decision" is one of "approved",
-        "rejected", or "pending_human_review".
+   13.  If "ext" is present and contains "pol" or "pol_decision", verify
+        that both are present and that "pol_decision" is one of
+        "approved", "rejected", or "pending_human_review".
 
    14.  Perform DAG validation per Section 6.
 
-   15.  If all checks pass, the ECT MUST be appended to the audit
-        ledger.
+   15.  If all checks pass and an audit ledger is deployed, the ECT
+        SHOULD be appended to the ledger.
 
    If any verification step fails, the ECT MUST be rejected and the
    failure MUST be logged for audit purposes.  Error messages SHOULD NOT
-   reveal whether specific parent task IDs exist in the ledger, to
+   reveal whether specific parent task IDs exist in the ECT store, to
    prevent information disclosure.
 
    When ECT verification fails during HTTP request processing, the
@@ -1117,7 +1117,7 @@ Internet-Draft           WIMSE Execution Context           February 2026
 
 
 
-Nennemann                Expires 28 August 2026                [Page 20]
+Nennemann                Expires 29 August 2026                [Page 20]
 
 Internet-Draft           WIMSE Execution Context           February 2026
 
@@ -1161,23 +1161,24 @@ Internet-Draft           WIMSE Execution Context           February 2026
        if claim not in payload:
          return reject("Missing required claim: " + claim)
 
-     // Validate policy claims (optional, but must be paired)
-     if "pol" in payload or "pol_decision" in payload:
-       if "pol" not in payload or "pol_decision" not in payload:
+     // Validate policy extension keys (optional, but must be paired)
+     ext = payload.ext or {}
+     if "pol" in ext or "pol_decision" in ext:
+       if "pol" not in ext or "pol_decision" not in ext:
          return reject("pol and pol_decision must both be present")
-       if payload.pol_decision not in
+       if ext.pol_decision not in
           ["approved", "rejected", "pending_human_review"]:
          return reject("Invalid pol_decision value")
 
-     // Validate DAG (against ECT store or inline parent ECTs)
 
 
 
-Nennemann                Expires 28 August 2026                [Page 21]
+Nennemann                Expires 29 August 2026                [Page 21]
 
 Internet-Draft           WIMSE Execution Context           February 2026
 
 
+     // Validate DAG (against ECT store or inline parent ECTs)
      result = validate_dag(payload, ect_store,
                             clock_skew_tolerance)
      if result is error:
@@ -1228,8 +1229,7 @@ Internet-Draft           WIMSE Execution Context           February 2026
 
 
 
-
-Nennemann                Expires 28 August 2026                [Page 22]
+Nennemann                Expires 29 August 2026                [Page 22]
 
 Internet-Draft           WIMSE Execution Context           February 2026
 
@@ -1249,47 +1249,53 @@ Internet-Draft           WIMSE Execution Context           February 2026
    Agent A (Spec Reviewer):
      jti: task-001    par: []
      exec_act: review_requirements_spec
-     pol: spec_review_policy_v2     pol_decision: approved
+     ext.pol: spec_review_policy_v2
+     ext.pol_decision: approved
 
    Agent B (Code Generator):
      jti: task-002    par: [task-001]
      exec_act: implement_module
-     pol: coding_standards_v3       pol_decision: approved
+     ext.pol: coding_standards_v3
+     ext.pol_decision: approved
 
    Agent C (Test Agent):
      jti: task-003    par: [task-002]
      exec_act: execute_test_suite
-     pol: test_coverage_policy_v1   pol_decision: approved
+     ext.pol: test_coverage_policy_v1
+     ext.pol_decision: approved
 
    Agent D (Build Agent):
      jti: task-004    par: [task-003]
      exec_act: build_release_artifact
-     pol: build_validation_v2       pol_decision: approved
+     ext.pol: build_validation_v2
+     ext.pol_decision: approved
 
    Human Release Manager:
      jti: task-005    par: [task-004]
      exec_act: approve_release
-     pol: release_approval_policy   pol_decision: approved
-     pol_enforcer: spiffe://meddev.example/human/release-mgr-42
-     ext: {witnessed_by: [...]}  (extension metadata)
+     ext.pol: release_approval_policy
+     ext.pol_decision: approved
+     ext.pol_enforcer: spiffe://meddev.example/human/release-mgr-42
+     ext.witnessed_by: [...]
 
                    Figure 8: Medical Device SDLC Workflow
 
+
+
+
+
+
+Nennemann                Expires 29 August 2026                [Page 23]
+
+Internet-Draft           WIMSE Execution Context           February 2026
+
+
    ECTs record that requirements were reviewed before implementation
    began, that tests were executed against the implemented code, that
    the build artifact was validated, and that a human release manager
    explicitly approved the release.  The DAG structure ensures no phase
    was skipped or reordered.
 
-
-
-
-
-Nennemann                Expires 28 August 2026                [Page 23]
-
-Internet-Draft           WIMSE Execution Context           February 2026
-
-
 9.1.1.  FDA Audit with DAG Reconstruction
 
    During a regulatory audit, an FDA reviewer requests evidence of the
@@ -1331,21 +1337,21 @@ Internet-Draft           WIMSE Execution Context           February 2026
    *  [FDA-21CFR11] Section 11.10(e): Computer-generated audit trails
       that record the date, time, and identity of the operator.
 
+
+
+
+
+Nennemann                Expires 29 August 2026                [Page 24]
+
+Internet-Draft           WIMSE Execution Context           February 2026
+
+
    *  [EU-MDR] Annex II: Technical documentation traceability for the
       software development lifecycle.
 
    *  [EU-AI-ACT] Article 12: Automatic logging capabilities for high-
       risk AI systems involved in the development process.
 
-
-
-
-
-Nennemann                Expires 28 August 2026                [Page 24]
-
-Internet-Draft           WIMSE Execution Context           February 2026
-
-
    *  [EU-AI-ACT] Article 14: ECTs can record evidence that human
       oversight events occurred during the release process.
 
@@ -1358,17 +1364,20 @@ Internet-Draft           WIMSE Execution Context           February 2026
    Agent A (Risk Assessment):
      jti: task-001    par: []
      exec_act: calculate_risk_exposure
-     pol: risk_limits_policy_v2  pol_decision: approved
+     ext.pol: risk_limits_policy_v2
+     ext.pol_decision: approved
 
    Agent B (Compliance):
      jti: task-002    par: [task-001]
      exec_act: verify_compliance
-     pol: compliance_check_v1    pol_decision: approved
+     ext.pol: compliance_check_v1
+     ext.pol_decision: approved
 
    Agent C (Execution):
      jti: task-003    par: [task-002]
      exec_act: execute_trade
-     pol: execution_policy_v3    pol_decision: approved
+     ext.pol: execution_policy_v3
+     ext.pol_decision: approved
 
                    Figure 10: Financial Trading Workflow
 
@@ -1382,29 +1391,25 @@ Internet-Draft           WIMSE Execution Context           February 2026
    *  [EU-AI-ACT] Article 12: Logging of decisions made by AI-driven
       systems.
 
+
+
+
+
+
+
+Nennemann                Expires 29 August 2026                [Page 25]
+
+Internet-Draft           WIMSE Execution Context           February 2026
+
+
 9.3.  Compensation and Rollback
 
    When a compliance violation is discovered after execution, ECTs
    provide a mechanism to record authorized compensation actions with a
    cryptographic link to the original task:
 
-
-
-
-
-
-
-
-
-
-Nennemann                Expires 28 August 2026                [Page 25]
-
-Internet-Draft           WIMSE Execution Context           February 2026
-
-
    {
      "iss": "spiffe://bank.example/agent/operations",
-     "sub": "spiffe://bank.example/agent/operations",
      "aud": "spiffe://bank.example/system/ledger",
      "iat": 1772150550,
      "exp": 1772151150,
@@ -1412,11 +1417,13 @@ Internet-Draft           WIMSE Execution Context           February 2026
      "wid": "d3e4f5a6-b7c8-9012-def0-123456789012",
      "exec_act": "initiate_trade_rollback",
      "par": ["550e8400-e29b-41d4-a716-446655440003"],
-     "pol": "compensation_policy_v1",
-     "pol_decision": "approved",
-     "pol_enforcer": "spiffe://bank.example/human/compliance-officer",
-     "compensation_required": true,
-     "compensation_reason": "policy_violation_in_parent_trade"
+     "ext": {
+       "pol": "compensation_policy_v1",
+       "pol_decision": "approved",
+       "pol_enforcer": "spiffe://bank.example/human/compliance-officer",
+       "compensation_required": true,
+       "compensation_reason": "policy_violation_in_parent_trade"
+     }
    }
 
                     Figure 11: Compensation ECT Example
@@ -1446,14 +1453,7 @@ Internet-Draft           WIMSE Execution Context           February 2026
 
 
 
-
-
-
-
-
-
-
-Nennemann                Expires 28 August 2026                [Page 26]
+Nennemann                Expires 29 August 2026                [Page 26]
 
 Internet-Draft           WIMSE Execution Context           February 2026
 
@@ -1461,27 +1461,32 @@ Internet-Draft           WIMSE Execution Context           February 2026
    Agent A (Route Planning):
      jti: task-001    par: []
      exec_act: plan_route
-     pol: route_policy_v1        pol_decision: approved
+     ext.pol: route_policy_v1
+     ext.pol_decision: approved
 
    Agent B (Customs):
      jti: task-002    par: [task-001]
      exec_act: validate_customs
-     pol: customs_policy_v2      pol_decision: approved
+     ext.pol: customs_policy_v2
+     ext.pol_decision: approved
 
    Agent C (Safety):
      jti: task-003    par: [task-001]
      exec_act: verify_cargo_safety
-     pol: safety_policy_v1       pol_decision: approved
+     ext.pol: safety_policy_v1
+     ext.pol_decision: approved
 
    Agent D (Payment):
      jti: task-004    par: [task-002, task-003]
      exec_act: authorize_payment
-     pol: payment_policy_v3      pol_decision: approved
+     ext.pol: payment_policy_v3
+     ext.pol_decision: approved
 
    System (Commitment):
      jti: task-005    par: [task-004]
      exec_act: commit_shipment
-     pol: commitment_policy_v1   pol_decision: approved
+     ext.pol: commitment_policy_v1
+     ext.pol_decision: approved
 
              Figure 12: Logistics Workflow with Parallel Tasks
 
@@ -1501,19 +1506,20 @@ Internet-Draft           WIMSE Execution Context           February 2026
    *  Malicious agent (insider threat): An agent within the trust domain
       that intentionally creates false ECT claims.
 
+
+
+
+Nennemann                Expires 29 August 2026                [Page 27]
+
+Internet-Draft           WIMSE Execution Context           February 2026
+
+
    *  Compromised agent (external attacker): An agent whose private key
       has been obtained by an external attacker.
 
    *  Ledger tamperer: An entity attempting to modify or delete ledger
       entries after they have been recorded.
 
-
-
-Nennemann                Expires 28 August 2026                [Page 27]
-
-Internet-Draft           WIMSE Execution Context           February 2026
-
-
    *  Time manipulator: An entity attempting to manipulate timestamps to
       alter perceived execution ordering.
 
@@ -1522,7 +1528,8 @@ Internet-Draft           WIMSE Execution Context           February 2026
    ECTs are self-asserted by the executing agent.  The agent claims what
    it did, and this claim is signed with its private key.  A compromised
    or malicious agent could create ECTs with false claims (e.g., setting
-   "pol_decision" to "approved" without actually evaluating the policy).
+   "pol_decision" in "ext" to "approved" without actually evaluating the
+   policy).
 
    ECTs do not independently verify that:
 
@@ -1544,42 +1551,11 @@ Internet-Draft           WIMSE Execution Context           February 2026
    actually observed the task.  An issuing agent could list witnesses
    that did not participate.
 
-10.2.1.  Witness Attestation Model
-
-   To address the self-assertion limitation of the "witnessed_by"
-   extension, witnesses SHOULD submit their own independent signed ECTs
-   to the audit ledger attesting to the observed task.  A witness
-   attestation ECT:
-
-   *  MUST set "iss" to the witness's own workload identity.
-
-   *  MUST set "exec_act" to "witness_attestation" (or a domain-
-      specific equivalent).
-
-   *  MUST include the observed task's "jti" in the "par" array, linking
-      the attestation to the original task.
-
-   *  MUST set "pol_decision" to "approved" to indicate the witness
-      confirms the observation.
-
-
-
-
-Nennemann                Expires 28 August 2026                [Page 28]
-
-Internet-Draft           WIMSE Execution Context           February 2026
-
-
-   When a task's "witnessed_by" extension lists one or more witnesses,
-   auditors SHOULD verify that corresponding witness attestation ECTs
-   exist in the ledger for each listed witness.  A mismatch between the
-   extension value and the set of independent witness ECTs in the ledger
-   SHOULD be flagged during audit review.
-
-   This model converts witness attestation from a self-asserted claim to
-   a cryptographically verifiable property of the ledger: the witness
-   independently signs their own ECT using their own key, and the ledger
-   records both the original task ECT and the witness attestation ECTs.
+   To strengthen witness attestation beyond self-assertion, witnesses
+   SHOULD submit their own independent signed ECTs referencing the
+   observed task's "jti" in the "par" array.  Auditors can then cross-
+   check the "witnessed_by" extension against independent witness ECTs
+   in the ECT store.
 
 10.3.  Organizational Prerequisites
 
@@ -1587,6 +1563,13 @@ Internet-Draft           WIMSE Execution Context           February 2026
    provided by ECTs are only meaningful when the following
    organizational controls are in place:
 
+
+
+Nennemann                Expires 29 August 2026                [Page 28]
+
+Internet-Draft           WIMSE Execution Context           February 2026
+
+
    *  Key management governance: Controls over who provisions agent keys
       and how keys are protected.
 
@@ -1615,17 +1598,6 @@ Internet-Draft           WIMSE Execution Context           February 2026
    Implementations MUST use established JWS libraries and MUST NOT
    implement custom signature verification.
 
-
-
-
-
-
-
-Nennemann                Expires 28 August 2026                [Page 29]
-
-Internet-Draft           WIMSE Execution Context           February 2026
-
-
 10.5.  Replay Attack Prevention
 
    ECTs include short expiration times (RECOMMENDED: 5-15 minutes) to
@@ -1642,6 +1614,18 @@ Internet-Draft           WIMSE Execution Context           February 2026
    to detect replayed ECTs within the expiration window.  An ECT with a
    duplicate "jti" value MUST be rejected.
 
+
+
+
+
+
+
+
+Nennemann                Expires 29 August 2026                [Page 29]
+
+Internet-Draft           WIMSE Execution Context           February 2026
+
+
 10.6.  Man-in-the-Middle Protection
 
    ECTs do not replace transport-layer security.  ECTs MUST be
@@ -1673,15 +1657,6 @@ Internet-Draft           WIMSE Execution Context           February 2026
 
    *  Trust domains MUST support rapid key revocation.
 
-
-
-
-
-Nennemann                Expires 28 August 2026                [Page 30]
-
-Internet-Draft           WIMSE Execution Context           February 2026
-
-
    *  Upon suspected compromise, the trust domain MUST revoke the
       compromised key and issue a new WIT with a fresh key pair.
 
@@ -1699,6 +1674,14 @@ Internet-Draft           WIMSE Execution Context           February 2026
 
    Mitigations include:
 
+
+
+
+Nennemann                Expires 29 August 2026                [Page 30]
+
+Internet-Draft           WIMSE Execution Context           February 2026
+
+
    *  Independent ledger maintenance: The ledger SHOULD be maintained by
       an entity independent of the workflow agents.
 
@@ -1724,20 +1707,6 @@ Internet-Draft           WIMSE Execution Context           February 2026
    performed after signature verification to avoid wasting resources on
    unsigned or incorrectly signed tokens.
 
-
-
-
-
-
-
-
-
-
-Nennemann                Expires 28 August 2026                [Page 31]
-
-Internet-Draft           WIMSE Execution Context           February 2026
-
-
 10.10.  Timestamp Accuracy
 
    ECTs rely on timestamps ("iat", "exp") for temporal ordering.  Clock
@@ -1755,6 +1724,20 @@ Internet-Draft           WIMSE Execution Context           February 2026
    The temporal ordering check in DAG validation incorporates the clock
    skew tolerance to account for minor clock differences between agents.
 
+
+
+
+
+
+
+
+
+
+Nennemann                Expires 29 August 2026                [Page 31]
+
+Internet-Draft           WIMSE Execution Context           February 2026
+
+
 10.11.  ECT Size Constraints
 
    ECTs with many parent tasks or large extension objects can increase
@@ -1774,8 +1757,8 @@ Internet-Draft           WIMSE Execution Context           February 2026
 
    *  Action descriptions ("exec_act") for audit trail completeness
 
-   *  Policy evaluation outcomes ("pol", "pol_decision") for compliance
-      verification
+   *  Policy evaluation outcomes (via "ext" keys "pol", "pol_decision")
+      when present, for compliance verification
 
    *  Timestamps ("iat", "exp") for temporal ordering
 
@@ -1786,14 +1769,6 @@ Internet-Draft           WIMSE Execution Context           February 2026
 
    *  Internal computation details or intermediate steps
 
-
-
-
-Nennemann                Expires 28 August 2026                [Page 32]
-
-Internet-Draft           WIMSE Execution Context           February 2026
-
-
    *  Proprietary algorithms or intellectual property
 
    *  Personally identifiable information (PII)
@@ -1803,17 +1778,21 @@ Internet-Draft           WIMSE Execution Context           February 2026
    Implementations SHOULD minimize the information included in ECTs.
    The "exec_act" claim SHOULD use structured identifiers (e.g.,
    "process_payment") rather than natural language descriptions.  The
-   "pol" claim SHOULD reference policy identifiers rather than embedding
-   policy content.
+   "pol" extension key SHOULD reference policy identifiers rather than
+   embedding policy content.
+
+   The "compensation_reason" extension key in "ext" (Section 4.2.5)
+   deserves particular attention: because it is human-readable, it risks
+   exposing sensitive operational details.  See Section 4.2.6 for
+   guidance on using structured identifiers.
+
+
+
+
+Nennemann                Expires 29 August 2026                [Page 32]
+
+Internet-Draft           WIMSE Execution Context           February 2026
 
-   The "compensation_reason" claim (Section 4.2.5) deserves particular
-   attention: because it is human-readable and may describe the
-   circumstances of a failure or policy violation, it risks exposing
-   sensitive operational details.  Implementations SHOULD use short,
-   structured reason codes (e.g., "policy_violation_in_parent_trade")
-   rather than free-form natural language explanations.  Implementers
-   SHOULD review "compensation_reason" values for potential information
-   leakage before deploying to production.
 
 11.3.  Storage and Access Control
 
@@ -1842,14 +1821,6 @@ Internet-Draft           WIMSE Execution Context           February 2026
 
    Type name:  application
 
-
-
-
-Nennemann                Expires 28 August 2026                [Page 33]
-
-Internet-Draft           WIMSE Execution Context           February 2026
-
-
    Subtype name:  wimse-exec+jwt
 
    Required parameters:  none
@@ -1871,6 +1842,14 @@ Internet-Draft           WIMSE Execution Context           February 2026
       regulated agentic workflows requiring execution context tracing
       and audit trails.
 
+
+
+
+Nennemann                Expires 29 August 2026                [Page 33]
+
+Internet-Draft           WIMSE Execution Context           February 2026
+
+
    Additional information:  Magic number(s): none File extension(s):
       none Macintosh file type code(s): none
 
@@ -1897,59 +1876,11 @@ Internet-Draft           WIMSE Execution Context           February 2026
 
    Specification document:  This document, Section 5
 
-
-
-
-
-Nennemann                Expires 28 August 2026                [Page 34]
-
-Internet-Draft           WIMSE Execution Context           February 2026
-
-
 12.3.  JWT Claims Registration
 
    This document requests registration of the following claims in the
    "JSON Web Token Claims" registry maintained by IANA:
 
-   +=======================+=================+============+===========+
-   |       Claim Name      | Claim           |   Change   | Reference |
-   |                       | Description     | Controller |           |
-   +=======================+=================+============+===========+
-   |          wid          | Workflow        |    IETF    |  Section  |
-   |                       | Identifier      |            |   4.2.2   |
-   +-----------------------+-----------------+------------+-----------+
-   |        exec_act       | Action/Task     |    IETF    |  Section  |
-   |                       | Type            |            |   4.2.2   |
-   +-----------------------+-----------------+------------+-----------+
-   |          par          | Parent Task     |    IETF    |  Section  |
-   |                       | Identifiers     |            |   4.2.2   |
-   +-----------------------+-----------------+------------+-----------+
-   |          pol          | Policy Rule     |    IETF    |  Section  |
-   |                       | Identifier      |            |   4.2.3   |
-   +-----------------------+-----------------+------------+-----------+
-   |      pol_decision     | Policy Decision |    IETF    |  Section  |
-   |                       | Result          |            |   4.2.3   |
-   +-----------------------+-----------------+------------+-----------+
-   |      pol_enforcer     | Policy Enforcer |    IETF    |  Section  |
-   |                       | Identity        |            |   4.2.3   |
-   +-----------------------+-----------------+------------+-----------+
-   |        inp_hash       | Input Data Hash |    IETF    |  Section  |
-   |                       |                 |            |   4.2.4   |
-   +-----------------------+-----------------+------------+-----------+
-   |        out_hash       | Output Data     |    IETF    |  Section  |
-   |                       | Hash            |            |   4.2.4   |
-   +-----------------------+-----------------+------------+-----------+
-   | compensation_required | Compensation    |    IETF    |  Section  |
-   |                       | Flag            |            |   4.2.5   |
-   +-----------------------+-----------------+------------+-----------+
-   |  compensation_reason  | Compensation    |    IETF    |  Section  |
-   |                       | Reason          |            |   4.2.5   |
-   +-----------------------+-----------------+------------+-----------+
-   |          ext          | Extension       |    IETF    |  Section  |
-   |                       | Object          |            |   4.2.6   |
-   +-----------------------+-----------------+------------+-----------+
-
-                    Table 1: JWT Claims Registrations
 
 
 
@@ -1957,11 +1888,52 @@ Internet-Draft           WIMSE Execution Context           February 2026
 
 
 
-Nennemann                Expires 28 August 2026                [Page 35]
+
+
+
+
+
+
+
+
+
+
+
+
+
+Nennemann                Expires 29 August 2026                [Page 34]
 
 Internet-Draft           WIMSE Execution Context           February 2026
 
 
+   +============+=====================+===================+===========+
+   | Claim Name | Claim Description   | Change Controller | Reference |
+   +============+=====================+===================+===========+
+   |    wid     | Workflow Identifier |        IETF       |  Section  |
+   |            |                     |                   |   4.2.2   |
+   +------------+---------------------+-------------------+-----------+
+   |  exec_act  | Action/Task Type    |        IETF       |  Section  |
+   |            |                     |                   |   4.2.2   |
+   +------------+---------------------+-------------------+-----------+
+   |    par     | Parent Task         |        IETF       |  Section  |
+   |            | Identifiers         |                   |   4.2.2   |
+   +------------+---------------------+-------------------+-----------+
+   |  inp_hash  | Input Data Hash     |        IETF       |  Section  |
+   |            |                     |                   |   4.2.4   |
+   +------------+---------------------+-------------------+-----------+
+   |  out_hash  | Output Data Hash    |        IETF       |  Section  |
+   |            |                     |                   |   4.2.4   |
+   +------------+---------------------+-------------------+-----------+
+   |    ext     | Extension Object    |        IETF       |  Section  |
+   |            |                     |                   |   4.2.6   |
+   +------------+---------------------+-------------------+-----------+
+
+                    Table 1: JWT Claims Registrations
+
+   Note: Policy evaluation keys ("pol", "pol_decision", "pol_enforcer")
+   are carried within the "ext" object as spec-defined extension keys
+   (Section 4.2.3) and do not require separate JWT Claims registration.
+
 12.4.  ECT Policy Decision Values Registry
 
    This document establishes the "ECT Policy Decision Values" registry
@@ -1970,6 +1942,26 @@ Internet-Draft           WIMSE Execution Context           February 2026
 
    The initial contents of the registry are:
 
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Nennemann                Expires 29 August 2026                [Page 35]
+
+Internet-Draft           WIMSE Execution Context           February 2026
+
+
    +======================+===================+============+===========+
    |        Value         | Description       |   Change   | Reference |
    |                      |                   | Controller |           |
@@ -2009,15 +2001,6 @@ Internet-Draft           WIMSE Execution Context           February 2026
               <https://datatracker.ietf.org/doc/html/draft-ietf-wimse-
               s2s-protocol-07>.
 
-
-
-
-
-Nennemann                Expires 28 August 2026                [Page 36]
-
-Internet-Draft           WIMSE Execution Context           February 2026
-
-
    [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
               Requirement Levels", BCP 14, RFC 2119,
               DOI 10.17487/RFC2119, March 1997,
@@ -2027,6 +2010,14 @@ Internet-Draft           WIMSE Execution Context           February 2026
               Signature (JWS)", RFC 7515, DOI 10.17487/RFC7515, May
               2015, <https://www.rfc-editor.org/rfc/rfc7515>.
 
+
+
+
+Nennemann                Expires 29 August 2026                [Page 36]
+
+Internet-Draft           WIMSE Execution Context           February 2026
+
+
    [RFC7517]  Jones, M., "JSON Web Key (JWK)", RFC 7517,
               DOI 10.17487/RFC7517, May 2015,
               <https://www.rfc-editor.org/rfc/rfc7517>.
@@ -2064,16 +2055,6 @@ Internet-Draft           WIMSE Execution Context           February 2026
               resilience for the financial sector (DORA)", 14 December
               2022, <https://eur-lex.europa.eu/eli/reg/2022/2554>.
 
-
-
-
-
-
-Nennemann                Expires 28 August 2026                [Page 37]
-
-Internet-Draft           WIMSE Execution Context           February 2026
-
-
    [EU-AI-ACT]
               European Parliament and Council of the European Union,
               "Regulation (EU) 2024/1689 of the European Parliament and
@@ -2085,6 +2066,14 @@ Internet-Draft           WIMSE Execution Context           February 2026
               "Regulation (EU) 2017/745 on medical devices (MDR)", 5
               April 2017, <https://eur-lex.europa.eu/eli/reg/2017/745>.
 
+
+
+
+Nennemann                Expires 29 August 2026                [Page 37]
+
+Internet-Draft           WIMSE Execution Context           February 2026
+
+
    [FDA-21CFR11]
               U.S. Food and Drug Administration, "Title 21, Code of
               Federal Regulations, Part 11: Electronic Records;
@@ -2120,16 +2109,6 @@ Internet-Draft           WIMSE Execution Context           February 2026
               <https://datatracker.ietf.org/doc/html/draft-oauth-
               transaction-tokens-for-agents-04>.
 
-
-
-
-
-
-Nennemann                Expires 28 August 2026                [Page 38]
-
-Internet-Draft           WIMSE Execution Context           February 2026
-
-
    [MIFID-II] European Parliament and Council of the European Union,
               "Directive 2014/65/EU of the European Parliament and of
               the Council on markets in financial instruments (MiFID
@@ -2141,6 +2120,16 @@ Internet-Draft           WIMSE Execution Context           February 2026
               Specification",
               <https://opentelemetry.io/docs/specs/otel/>.
 
+
+
+
+
+
+Nennemann                Expires 29 August 2026                [Page 38]
+
+Internet-Draft           WIMSE Execution Context           February 2026
+
+
    [RFC3552]  Rescorla, E. and B. Korver, "Guidelines for Writing RFC
               Text on Security Considerations", BCP 72, RFC 3552,
               DOI 10.17487/RFC3552, July 2003,
@@ -2171,21 +2160,6 @@ WIMSE Workload Identity
    they form an identity-plus-accountability framework for regulated
    agentic systems.
 
-
-
-
-
-
-
-
-
-
-
-Nennemann                Expires 28 August 2026                [Page 39]
-
-Internet-Draft           WIMSE Execution Context           February 2026
-
-
 OAuth 2.0 Token Exchange and the "act" Claim
 
    [RFC8693] defines the OAuth 2.0 Token Exchange protocol and registers
@@ -2204,6 +2178,14 @@ OAuth 2.0 Token Exchange and the "act" Claim
    concepts are orthogonal: "act" records "who authorized whom," ECTs
    record "what was done, in what order, with what policy outcomes."
 
+
+
+
+Nennemann                Expires 29 August 2026                [Page 39]
+
+Internet-Draft           WIMSE Execution Context           February 2026
+
+
 Transaction Tokens
 
    OAuth Transaction Tokens [I-D.ietf-oauth-transaction-tokens]
@@ -2234,14 +2216,6 @@ Transaction Tokens
    ECTs and Transaction Tokens are complementary: a Txn-Token propagates
    authorization context ("this request is authorized for scope X on
    behalf of user Y"), while an ECT records execution accountability
-
-
-
-Nennemann                Expires 28 August 2026                [Page 40]
-
-Internet-Draft           WIMSE Execution Context           February 2026
-
-
    ("task T was performed, depending on tasks P1 and P2, with policy Z
    evaluated and approved").  An agent request could carry both a Txn-
    Token for authorization and an ECT for execution recording.  The WPT
@@ -2260,6 +2234,14 @@ Distributed Tracing (OpenTelemetry)
    OpenTelemetry data is typically controlled by the platform operator
    and can be modified or deleted without detection.  ECTs and
    distributed traces are complementary: traces provide observability
+
+
+
+Nennemann                Expires 29 August 2026                [Page 40]
+
+Internet-Draft           WIMSE Execution Context           February 2026
+
+
    while ECTs provide signed execution records.  ECTs may reference
    OpenTelemetry trace identifiers in the "ext" claim for correlation.
 
@@ -2290,14 +2272,6 @@ SCITT (Supply Chain Integrity, Transparency, and Trust)
    "wid" as the shared correlation point.  The "ext" claim in ECTs
    (Section 4.2.2) can carry SCITT-specific metadata such as
    Transparency Service identifiers or Receipt references for tighter
-
-
-
-Nennemann                Expires 28 August 2026                [Page 41]
-
-Internet-Draft           WIMSE Execution Context           February 2026
-
-
    integration.
 
 W3C Verifiable Credentials
@@ -2314,9 +2288,19 @@ Minimal Implementation
 
    A minimal conforming implementation needs to:
 
+
+
+
+
+
+Nennemann                Expires 29 August 2026                [Page 41]
+
+Internet-Draft           WIMSE Execution Context           February 2026
+
+
    1.  Create JWTs with all required claims ("iss", "aud", "iat", "exp",
-       "jti", "exec_act", "par") and policy claims ("pol",
-       "pol_decision") when policy evaluation was performed.
+       "jti", "exec_act", "par") and policy extension keys ("ext.pol",
+       "ext.pol_decision") when policy evaluation was performed.
 
    2.  Sign ECTs with the agent's private key using an algorithm
        matching the WIT (ES256 recommended).
@@ -2326,7 +2310,7 @@ Minimal Implementation
    4.  Perform DAG validation (parent existence, temporal ordering,
        cycle detection).
 
-   5.  Append verified ECTs to the audit ledger.
+   5.  If an audit ledger is deployed, append verified ECTs to it.
 
 Storage Recommendations
 
@@ -2346,14 +2330,6 @@ Performance Considerations
    *  ES256 signature verification: approximately 1ms per ECT on modern
       hardware.
 
-
-
-
-Nennemann                Expires 28 August 2026                [Page 42]
-
-Internet-Draft           WIMSE Execution Context           February 2026
-
-
    *  DAG validation: O(V) where V is the number of reachable ancestor
       nodes (typically small for shallow workflows).
 
@@ -2370,6 +2346,14 @@ Interoperability
    expected to be tested against multiple JWT libraries to ensure
    interoperability.
 
+
+
+
+Nennemann                Expires 29 August 2026                [Page 42]
+
+Internet-Draft           WIMSE Execution Context           February 2026
+
+
 Regulatory Compliance Mapping
 
    The following table summarizes how ECTs can contribute to compliance
@@ -2377,39 +2361,6 @@ Regulatory Compliance Mapping
    block; achieving compliance requires additional organizational
    measures beyond this specification.
 
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-Nennemann                Expires 28 August 2026                [Page 43]
-
-Internet-Draft           WIMSE Execution Context           February 2026
-
-
     +============+========================+==========================+
     | Regulation | Requirement            | ECT Contribution         |
     +============+========================+==========================+
@@ -2450,6 +2401,15 @@ Example 1: Simple Two-Agent Workflow
 
    ECT JOSE Header:
 
+
+
+
+
+Nennemann                Expires 29 August 2026                [Page 43]
+
+Internet-Draft           WIMSE Execution Context           February 2026
+
+
    {
      "alg": "ES256",
      "typ": "wimse-exec+jwt",
@@ -2458,17 +2418,8 @@ Example 1: Simple Two-Agent Workflow
 
    ECT Payload:
 
-
-
-
-Nennemann                Expires 28 August 2026                [Page 44]
-
-Internet-Draft           WIMSE Execution Context           February 2026
-
-
    {
      "iss": "spiffe://example.com/agent/data-retrieval",
-     "sub": "spiffe://example.com/agent/data-retrieval",
      "aud": "spiffe://example.com/agent/validator",
      "iat": 1772064150,
      "exp": 1772064750,
@@ -2476,10 +2427,12 @@ Internet-Draft           WIMSE Execution Context           February 2026
      "wid": "b1c2d3e4-f5a6-7890-bcde-f01234567890",
      "exec_act": "fetch_patient_data",
      "par": [],
-     "pol": "clinical_data_access_policy_v1",
-     "pol_decision": "approved",
      "inp_hash": "sha-256:n4bQgYhMfWWaL-qgxVrQFaO_TxsrC4Is0V1sFbDwCgg",
-     "out_hash": "sha-256:LCa0a2j_xo_5m0U8HTBBNBNCLXBkg7-g-YpeiGJm564"
+     "out_hash": "sha-256:LCa0a2j_xo_5m0U8HTBBNBNCLXBkg7-g-YpeiGJm564",
+     "ext": {
+       "pol": "clinical_data_access_policy_v1",
+       "pol_decision": "approved"
+     }
    }
 
    Agent B receives the ECT, verifies it, executes a validation task,
@@ -2487,7 +2440,6 @@ Internet-Draft           WIMSE Execution Context           February 2026
 
    {
      "iss": "spiffe://example.com/agent/validator",
-     "sub": "spiffe://example.com/agent/validator",
      "aud": "spiffe://example.com/system/ledger",
      "iat": 1772064160,
      "exp": 1772064760,
@@ -2495,12 +2447,25 @@ Internet-Draft           WIMSE Execution Context           February 2026
      "wid": "b1c2d3e4-f5a6-7890-bcde-f01234567890",
      "exec_act": "validate_safety",
      "par": ["550e8400-e29b-41d4-a716-446655440001"],
-     "pol": "safety_validation_policy_v2",
-     "pol_decision": "approved"
+     "ext": {
+       "pol": "safety_validation_policy_v2",
+       "pol_decision": "approved"
+     }
    }
 
    The resulting DAG:
 
+
+
+
+
+
+
+Nennemann                Expires 29 August 2026                [Page 44]
+
+Internet-Draft           WIMSE Execution Context           February 2026
+
+
    task-...-0001 (fetch_patient_data)
      |
      v
@@ -2513,18 +2478,8 @@ Example 2: Medical Device SDLC with Release Approval
 
    Task 1 (Spec Review Agent):
 
-
-
-
-
-Nennemann                Expires 28 August 2026                [Page 45]
-
-Internet-Draft           WIMSE Execution Context           February 2026
-
-
    {
      "iss": "spiffe://meddev.example/agent/spec-reviewer",
-     "sub": "spiffe://meddev.example/agent/spec-reviewer",
      "aud": "spiffe://meddev.example/agent/code-gen",
      "iat": 1772064150,
      "exp": 1772064750,
@@ -2532,17 +2487,18 @@ Internet-Draft           WIMSE Execution Context           February 2026
      "wid": "c2d3e4f5-a6b7-8901-cdef-012345678901",
      "exec_act": "review_requirements_spec",
      "par": [],
-     "pol": "spec_review_policy_v2",
-     "pol_decision": "approved",
      "inp_hash": "sha-256:n4bQgYhMfWWaL-qgxVrQFaO_TxsrC4Is0V1sFbDwCgg",
-     "out_hash": "sha-256:LCa0a2j_xo_5m0U8HTBBNBNCLXBkg7-g-YpeiGJm564"
+     "out_hash": "sha-256:LCa0a2j_xo_5m0U8HTBBNBNCLXBkg7-g-YpeiGJm564",
+     "ext": {
+       "pol": "spec_review_policy_v2",
+       "pol_decision": "approved"
+     }
    }
 
    Task 2 (Code Generation Agent):
 
    {
      "iss": "spiffe://meddev.example/agent/code-gen",
-     "sub": "spiffe://meddev.example/agent/code-gen",
      "aud": "spiffe://meddev.example/agent/test-runner",
      "iat": 1772064200,
      "exp": 1772064800,
@@ -2550,15 +2506,24 @@ Internet-Draft           WIMSE Execution Context           February 2026
      "wid": "c2d3e4f5-a6b7-8901-cdef-012345678901",
      "exec_act": "implement_module",
      "par": ["a1b2c3d4-0001-0000-0000-000000000001"],
-     "pol": "coding_standards_v3",
-     "pol_decision": "approved"
+     "ext": {
+       "pol": "coding_standards_v3",
+       "pol_decision": "approved"
+     }
    }
 
    Task 3 (Autonomous Test Agent):
 
+
+
+
+Nennemann                Expires 29 August 2026                [Page 45]
+
+Internet-Draft           WIMSE Execution Context           February 2026
+
+
    {
      "iss": "spiffe://meddev.example/agent/test-runner",
-     "sub": "spiffe://meddev.example/agent/test-runner",
      "aud": "spiffe://meddev.example/agent/build",
      "iat": 1772064260,
      "exp": 1772064860,
@@ -2566,23 +2531,16 @@ Internet-Draft           WIMSE Execution Context           February 2026
      "wid": "c2d3e4f5-a6b7-8901-cdef-012345678901",
      "exec_act": "execute_test_suite",
      "par": ["a1b2c3d4-0001-0000-0000-000000000002"],
-     "pol": "test_coverage_policy_v1",
-     "pol_decision": "approved"
+     "ext": {
+       "pol": "test_coverage_policy_v1",
+       "pol_decision": "approved"
+     }
    }
 
-
-
-
-Nennemann                Expires 28 August 2026                [Page 46]
-
-Internet-Draft           WIMSE Execution Context           February 2026
-
-
    Task 4 (Build Agent):
 
    {
      "iss": "spiffe://meddev.example/agent/build",
-     "sub": "spiffe://meddev.example/agent/build",
      "aud": "spiffe://meddev.example/human/release-mgr-42",
      "iat": 1772064310,
      "exp": 1772064910,
@@ -2590,16 +2548,38 @@ Internet-Draft           WIMSE Execution Context           February 2026
      "wid": "c2d3e4f5-a6b7-8901-cdef-012345678901",
      "exec_act": "build_release_artifact",
      "par": ["a1b2c3d4-0001-0000-0000-000000000003"],
-     "pol": "build_validation_v2",
-     "pol_decision": "approved",
-     "out_hash": "sha-256:Ry1YfOoW2XpC5Mq8HkGzNx3dL9vBa4sUjE7iKt0wPZc"
+     "out_hash": "sha-256:Ry1YfOoW2XpC5Mq8HkGzNx3dL9vBa4sUjE7iKt0wPZc",
+     "ext": {
+       "pol": "build_validation_v2",
+       "pol_decision": "approved"
+     }
    }
 
    Task 5 (Human Release Manager Approval):
 
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Nennemann                Expires 29 August 2026                [Page 46]
+
+Internet-Draft           WIMSE Execution Context           February 2026
+
+
    {
      "iss": "spiffe://meddev.example/human/release-mgr-42",
-     "sub": "spiffe://meddev.example/human/release-mgr-42",
      "aud": "spiffe://meddev.example/system/ledger",
      "iat": 1772064510,
      "exp": 1772065110,
@@ -2607,10 +2587,10 @@ Internet-Draft           WIMSE Execution Context           February 2026
      "wid": "c2d3e4f5-a6b7-8901-cdef-012345678901",
      "exec_act": "approve_release",
      "par": ["a1b2c3d4-0001-0000-0000-000000000004"],
-     "pol": "release_approval_policy",
-     "pol_decision": "approved",
-     "pol_enforcer": "spiffe://meddev.example/human/release-mgr-42",
      "ext": {
+       "pol": "release_approval_policy",
+       "pol_decision": "approved",
+       "pol_enforcer": "spiffe://meddev.example/human/release-mgr-42",
        "witnessed_by": [
          "spiffe://meddev.example/audit/qa-observer-1"
        ]
@@ -2623,17 +2603,6 @@ Internet-Draft           WIMSE Execution Context           February 2026
    "ext" object in task 5 carries witness metadata via the
    "witnessed_by" extension key.
 
-
-
-
-
-
-
-Nennemann                Expires 28 August 2026                [Page 47]
-
-Internet-Draft           WIMSE Execution Context           February 2026
-
-
    task-...-0001 (review_requirements_spec)
      |
      v
@@ -2654,6 +2623,17 @@ Internet-Draft           WIMSE Execution Context           February 2026
    that the SDLC followed the prescribed process with human oversight at
    the release gate.
 
+
+
+
+
+
+
+Nennemann                Expires 29 August 2026                [Page 47]
+
+Internet-Draft           WIMSE Execution Context           February 2026
+
+
 Example 3: Parallel Execution with Join
 
    A workflow where two tasks execute in parallel and a third task
@@ -2671,28 +2651,8 @@ Example 3: Parallel Execution with Join
 
    Task 004 ECT payload:
 
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-Nennemann                Expires 28 August 2026                [Page 48]
-
-Internet-Draft           WIMSE Execution Context           February 2026
-
-
    {
      "iss": "spiffe://bank.example/agent/execution",
-     "sub": "spiffe://bank.example/agent/execution",
      "aud": "spiffe://bank.example/system/ledger",
      "iat": 1772064250,
      "exp": 1772064850,
@@ -2703,8 +2663,10 @@ Internet-Draft           WIMSE Execution Context           February 2026
        "f1e2d3c4-0002-0000-0000-000000000002",
        "f1e2d3c4-0003-0000-0000-000000000003"
      ],
-     "pol": "trade_execution_policy_v3",
-     "pol_decision": "approved"
+     "ext": {
+       "pol": "trade_execution_policy_v3",
+       "pol_decision": "approved"
+     }
    }
 
    The "par" array with two entries records that both compliance
@@ -2720,6 +2682,14 @@ Acknowledgments
 
 Author's Address
 
+
+
+
+Nennemann                Expires 29 August 2026                [Page 48]
+
+Internet-Draft           WIMSE Execution Context           February 2026
+
+
    Christian Nennemann
    Independent Researcher
    Email: ietf@nennemann.de
@@ -2741,4 +2711,34 @@ Author's Address
 
 
 
-Nennemann                Expires 28 August 2026                [Page 49]
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Nennemann                Expires 29 August 2026                [Page 49]
diff --git a/draft-nennemann-wimse-execution-context-00.xml b/draft-nennemann-wimse-execution-context-00.xml
index d03090c..e7f3bdd 100644
--- a/draft-nennemann-wimse-execution-context-00.xml
+++ b/draft-nennemann-wimse-execution-context-00.xml
@@ -23,7 +23,7 @@
       </address>
     </author>
 
-    <date year="2026" month="February" day="24"/>
+    <date year="2026" month="February" day="25"/>
 
     <area>Security</area>
     <workgroup>WIMSE</workgroup>
@@ -131,7 +131,7 @@ regulatory audit scenarios.</t>
 <t><list style="symbols">
   <t>The Execution Context Token (ECT) format (<xref target="ect-format"/>)</t>
   <t>DAG structure for task dependency ordering (<xref target="dag-validation"/>)</t>
-  <t>Policy checkpoint recording (<xref target="policy-claims"/>)</t>
+  <t>Policy checkpoint recording via extension keys (<xref target="policy-claims"/>)</t>
   <t>Integration with the WIMSE identity framework
 (<xref target="wimse-integration"/>)</t>
   <t>An HTTP header for ECT transport (<xref target="http-header"/>)</t>
@@ -405,13 +405,6 @@ SPIFFE ID in the format <spanx style="verb">spiffe://&lt;trust-domain&gt;/&lt;pa
 matching the "sub" claim of the agent's WIT.  Non-WIMSE
 deployments <bcp14>MAY</bcp14> use other URI schemes (e.g., HTTPS URLs or
 URN:UUID identifiers).</t>
-  </dd>
-  <dt>sub:</dt>
-  <dd>
-    <t><bcp14>OPTIONAL</bcp14>.  StringOrURI.  The subject of the ECT.  When present,
-<bcp14>MUST</bcp14> equal the "iss" claim.  This claim is included for
-compatibility with JWT libraries and frameworks that expect a
-"sub" claim to be present.</t>
   </dd>
   <dt>aud:</dt>
   <dd>
@@ -511,24 +504,28 @@ multiple root tasks.</t>
 </dl>
 
 </section>
-<section anchor="policy-claims"><name>Policy Evaluation</name>
+<section anchor="policy-claims"><name>Policy Evaluation Extension Keys</name>
 
-<t>The following claims record policy evaluation outcomes:</t>
+<t>Policy evaluation outcomes are recorded as extension keys within
+the "ext" object (<xref target="extension-claims"/>).  This keeps the core
+registered claims focused on DAG structure and execution context,
+while allowing deployments to add policy recording as needed.</t>
+
+<t>The following extension keys are defined for policy evaluation:</t>
 
 <dl>
-  <dt>pol:</dt>
+  <dt>"pol":</dt>
   <dd>
-    <t><bcp14>OPTIONAL</bcp14>.  String.  The identifier of the policy rule that was
-evaluated for this task (e.g.,
-"clinical_data_access_policy_v1").  <bcp14>MUST</bcp14> be present when
-"pol_decision" is present.</t>
+    <t>String.  The identifier of the policy rule that was evaluated
+for this task (e.g., "clinical_data_access_policy_v1").  <bcp14>MUST</bcp14>
+be present when "pol_decision" is present.</t>
   </dd>
-  <dt>pol_decision:</dt>
+  <dt>"pol_decision":</dt>
   <dd>
-    <t><bcp14>OPTIONAL</bcp14>.  String.  The result of the policy evaluation.  When
-present, <bcp14>MUST</bcp14> be one of the values registered in the ECT Policy
-Decision Values registry (<xref target="pol-decision-registry"/>).  <bcp14>MUST</bcp14> be
-present when "pol" is present.  Initial values are:
+    <t>String.  The result of the policy evaluation.  When present,
+<bcp14>MUST</bcp14> be one of the values registered in the ECT Policy Decision
+Values registry (<xref target="pol-decision-registry"/>).  <bcp14>MUST</bcp14> be present
+when "pol" is present.  Initial values are:
 </t>
 
     <t><list style="symbols">
@@ -548,28 +545,28 @@ records an "approved" decision referencing this task as a
 parent.</t>
     </list></t>
 
-    <t>When "pol" and "pol_decision" are absent, the ECT records task
-execution without a policy checkpoint.  Regulated deployments
-<bcp14>SHOULD</bcp14> include policy claims on all ECTs to maintain complete
-audit trails.</t>
+    <t>When "pol" and "pol_decision" are absent from "ext", the ECT
+records task execution without a policy checkpoint.  Regulated
+deployments <bcp14>SHOULD</bcp14> include policy keys on all ECTs to maintain
+complete audit trails.</t>
   </dd>
-  <dt>pol_enforcer:</dt>
+  <dt>"pol_enforcer":</dt>
   <dd>
-    <t><bcp14>OPTIONAL</bcp14>.  StringOrURI.  The identity of the entity (system or
-person) that evaluated the policy decision.  When present,
-<bcp14>SHOULD</bcp14> use SPIFFE ID format.</t>
+    <t>StringOrURI.  The identity of the entity (system or person)
+that evaluated the policy decision.  When present, <bcp14>SHOULD</bcp14> use
+SPIFFE ID format.</t>
   </dd>
 </dl>
 
 <t>This specification intentionally defines only the recording of
 policy evaluation outcomes.  The mechanisms by which policies are
 defined, distributed to agents, and evaluated are out of scope.
-The "pol" claim is an opaque identifier referencing an external
+The "pol" key is an opaque identifier referencing an external
 policy; the semantics and enforcement of that policy are
 determined by the deployment environment.  Implementations may
 use any policy engine or framework (e.g., OPA/Rego, Cedar, XACML,
 or custom solutions) provided that the evaluation outcome is
-faithfully recorded in the ECT claims defined above.</t>
+faithfully recorded in the "ext" keys defined above.</t>
 
 </section>
 <section anchor="data-integrity-claims"><name>Data Integrity</name>
@@ -601,30 +598,12 @@ using the same format and algorithm requirements as "inp_hash".</t>
 </section>
 <section anchor="compensation-claims"><name>Compensation and Rollback</name>
 
-<dl>
-  <dt>compensation_required:</dt>
-  <dd>
-    <t><bcp14>OPTIONAL</bcp14>.  Boolean.  Indicates whether this task is a
-compensation or rollback action for a previous task.</t>
-  </dd>
-  <dt>compensation_reason:</dt>
-  <dd>
-    <t><bcp14>OPTIONAL</bcp14>.  String.  A human-readable reason for the compensation
-action.  <bcp14>MUST</bcp14> be present if "compensation_required" is true.
-Values <bcp14>SHOULD</bcp14> use structured identifiers (e.g.,
-"policy_violation_in_parent_trade") rather than free-form text
-to minimize the risk of embedding sensitive information.  See
-<xref target="data-minimization"/> for privacy guidance.
-If "compensation_reason" is present, "compensation_required"
-<bcp14>MUST</bcp14> be true.</t>
-  </dd>
-</dl>
-
-<t>Note: compensation ECTs reference historical parent tasks via the
-"par" claim.  The referenced parent ECTs may have passed their own
-"exp" time; ECT expiration applies to the verification window of
-the ECT itself, not to its validity as a parent reference in the
-ledger.</t>
+<t>Compensation and rollback actions are recorded using the "par"
+claim to reference the original task and the "exec_act" claim to
+describe the remediation action.  The referenced parent ECTs may
+have passed their own "exp" time; ECT expiration applies to the
+verification window of the ECT itself, not to its validity as a
+parent reference in the ECT store.</t>
 
 </section>
 <section anchor="extension-claims"><name>Extensions</name>
@@ -650,7 +629,22 @@ exceeds these limits.</t>
 
 <t>The following extension keys are defined by this specification
 for common use cases.  Because these keys are documented here,
-they use short names without reverse domain prefixes:</t>
+they use short names without reverse domain prefixes.</t>
+
+<t>Policy evaluation keys (see <xref target="policy-claims"/> for full
+definitions and decision value semantics):</t>
+
+<t><list style="symbols">
+  <t>"pol": String.  Policy rule identifier.</t>
+  <t>"pol_decision": String.  Policy evaluation outcome
+("approved", "rejected", or "pending_human_review").</t>
+  <t>"pol_enforcer": StringOrURI.  Identity of the policy
+evaluator.</t>
+  <t>"pol_timestamp": NumericDate.  Time at which the policy
+decision was made, if distinct from "iat".</t>
+</list></t>
+
+<t>Operational metadata keys:</t>
 
 <t><list style="symbols">
   <t>"exec_time_ms": Integer.  Execution duration in milliseconds.</t>
@@ -663,8 +657,12 @@ task.  Note: this is self-asserted; for verifiable witness
 attestation, witnesses should submit independent signed ECTs.</t>
   <t>"inp_classification": String.  Data sensitivity classification
 (e.g., "public", "confidential", "restricted").</t>
-  <t>"pol_timestamp": NumericDate.  Time at which the policy
-decision was made, if distinct from "iat".</t>
+  <t>"compensation_required": Boolean.  Indicates whether this task
+is a compensation or rollback action.</t>
+  <t>"compensation_reason": String.  Structured reason code for the
+compensation action (e.g., "policy_violation_in_parent_trade").
+<bcp14>SHOULD</bcp14> use structured identifiers rather than free-form text
+to minimize information leakage (see <xref target="data-minimization"/>).</t>
 </list></t>
 
 </section>
@@ -676,7 +674,6 @@ decision was made, if distinct from "iat".</t>
 <figure title="Complete ECT Payload Example" anchor="fig-full-ect"><sourcecode type="json"><![CDATA[
 {
   "iss": "spiffe://example.com/agent/clinical",
-  "sub": "spiffe://example.com/agent/clinical",
   "aud": "spiffe://example.com/agent/safety",
   "iat": 1772064150,
   "exp": 1772064750,
@@ -686,14 +683,13 @@ decision was made, if distinct from "iat".</t>
   "exec_act": "recommend_treatment",
   "par": [],
 
-  "pol": "clinical_reasoning_policy_v2",
-  "pol_decision": "approved",
-  "pol_enforcer": "spiffe://example.com/policy/clinical-engine",
-
   "inp_hash": "sha-256:n4bQgYhMfWWaL-qgxVrQFaO_TxsrC4Is0V1sFbDwCgg",
   "out_hash": "sha-256:LCa0a2j_xo_5m0U8HTBBNBNCLXBkg7-g-YpeiGJm564",
 
   "ext": {
+    "pol": "clinical_reasoning_policy_v2",
+    "pol_decision": "approved",
+    "pol_enforcer": "spiffe://example.com/policy/clinical-engine",
     "pol_timestamp": 1772064145,
     "exec_time_ms": 245,
     "regulated_domain": "medtech",
@@ -783,15 +779,14 @@ ECT <bcp14>MUST</bcp14> be rejected.</t>
   <t>Acyclicity: Following the chain of parent references <bcp14>MUST NOT</bcp14>
 lead back to the current ECT's "jti".  If a cycle is detected,
 the ECT <bcp14>MUST</bcp14> be rejected.</t>
-  <t>Parent Policy Decision: If any parent ECT contains a
-"pol_decision" of "rejected" or "pending_human_review", the
-current ECT's "exec_act" <bcp14>MUST</bcp14> indicate a compensation,
-rollback, remediation, or human review action.
-Implementations <bcp14>MUST NOT</bcp14> accept an ECT representing normal
-workflow continuation when a parent's "pol_decision" is not
-"approved", unless the current ECT has "compensation_required"
-set to true.  This rule only applies when the parent ECT
-contains policy claims.</t>
+  <t>Parent Policy Decision: If any parent ECT's "ext" object
+contains a "pol_decision" of "rejected" or
+"pending_human_review", the current ECT's "exec_act" <bcp14>MUST</bcp14>
+indicate a compensation, rollback, remediation, or human
+review action.  Implementations <bcp14>MUST NOT</bcp14> accept an ECT
+representing normal workflow continuation when a parent's
+"pol_decision" is not "approved".  This rule only applies
+when the parent ECT's "ext" contains policy keys.</t>
   <t>Trust Domain Consistency: Parent tasks <bcp14>SHOULD</bcp14> belong to the
 same trust domain or to a trust domain with which a federation
 relationship has been established.</t>
@@ -897,18 +892,18 @@ identity <bcp14>MUST</bcp14> appear in "aud".</t>
 verifier's current time, to account for clock skew).</t>
   <t>Verify all required claims ("jti", "exec_act", "par") are
 present and well-formed.</t>
-  <t>If "pol" or "pol_decision" is present, verify that both are
-present and that "pol_decision" is one of "approved",
-"rejected", or "pending_human_review".</t>
+  <t>If "ext" is present and contains "pol" or "pol_decision",
+verify that both are present and that "pol_decision" is one
+of "approved", "rejected", or "pending_human_review".</t>
   <t>Perform DAG validation per <xref target="dag-validation"/>.</t>
-  <t>If all checks pass, the ECT <bcp14>MUST</bcp14> be appended to the audit
-ledger.</t>
+  <t>If all checks pass and an audit ledger is deployed, the ECT
+<bcp14>SHOULD</bcp14> be appended to the ledger.</t>
 </list></t>
 
 <t>If any verification step fails, the ECT <bcp14>MUST</bcp14> be rejected and the
 failure <bcp14>MUST</bcp14> be logged for audit purposes.  Error messages
 <bcp14>SHOULD NOT</bcp14> reveal whether specific parent task IDs exist in the
-ledger, to prevent information disclosure.</t>
+ECT store, to prevent information disclosure.</t>
 
 <t>When ECT verification fails during HTTP request processing, the
 receiving agent <bcp14>SHOULD</bcp14> respond with HTTP 403 (Forbidden) if the
@@ -977,11 +972,12 @@ function verify_ect(ect_jws, verifier_id,
     if claim not in payload:
       return reject("Missing required claim: " + claim)
 
-  // Validate policy claims (optional, but must be paired)
-  if "pol" in payload or "pol_decision" in payload:
-    if "pol" not in payload or "pol_decision" not in payload:
+  // Validate policy extension keys (optional, but must be paired)
+  ext = payload.ext or {}
+  if "pol" in ext or "pol_decision" in ext:
+    if "pol" not in ext or "pol_decision" not in ext:
       return reject("pol and pol_decision must both be present")
-    if payload.pol_decision not in
+    if ext.pol_decision not in
        ["approved", "rejected", "pending_human_review"]:
       return reject("Invalid pol_decision value")
 
@@ -1052,29 +1048,34 @@ software used in medical devices.</t>
 Agent A (Spec Reviewer):
   jti: task-001    par: []
   exec_act: review_requirements_spec
-  pol: spec_review_policy_v2     pol_decision: approved
+  ext.pol: spec_review_policy_v2
+  ext.pol_decision: approved
 
 Agent B (Code Generator):
   jti: task-002    par: [task-001]
   exec_act: implement_module
-  pol: coding_standards_v3       pol_decision: approved
+  ext.pol: coding_standards_v3
+  ext.pol_decision: approved
 
 Agent C (Test Agent):
   jti: task-003    par: [task-002]
   exec_act: execute_test_suite
-  pol: test_coverage_policy_v1   pol_decision: approved
+  ext.pol: test_coverage_policy_v1
+  ext.pol_decision: approved
 
 Agent D (Build Agent):
   jti: task-004    par: [task-003]
   exec_act: build_release_artifact
-  pol: build_validation_v2       pol_decision: approved
+  ext.pol: build_validation_v2
+  ext.pol_decision: approved
 
 Human Release Manager:
   jti: task-005    par: [task-004]
   exec_act: approve_release
-  pol: release_approval_policy   pol_decision: approved
-  pol_enforcer: spiffe://meddev.example/human/release-mgr-42
-  ext: {witnessed_by: [...]}  (extension metadata)
+  ext.pol: release_approval_policy
+  ext.pol_decision: approved
+  ext.pol_enforcer: spiffe://meddev.example/human/release-mgr-42
+  ext.witnessed_by: [...]
 ]]></artwork></figure>
 
 <t>ECTs record that requirements were reviewed before implementation
@@ -1144,17 +1145,20 @@ execution.</t>
 Agent A (Risk Assessment):
   jti: task-001    par: []
   exec_act: calculate_risk_exposure
-  pol: risk_limits_policy_v2  pol_decision: approved
+  ext.pol: risk_limits_policy_v2
+  ext.pol_decision: approved
 
 Agent B (Compliance):
   jti: task-002    par: [task-001]
   exec_act: verify_compliance
-  pol: compliance_check_v1    pol_decision: approved
+  ext.pol: compliance_check_v1
+  ext.pol_decision: approved
 
 Agent C (Execution):
   jti: task-003    par: [task-002]
   exec_act: execute_trade
-  pol: execution_policy_v3    pol_decision: approved
+  ext.pol: execution_policy_v3
+  ext.pol_decision: approved
 ]]></artwork></figure>
 
 <t>This can contribute to compliance with:</t>
@@ -1177,7 +1181,6 @@ a cryptographic link to the original task:</t>
 <figure title="Compensation ECT Example" anchor="fig-compensation"><sourcecode type="json"><![CDATA[
 {
   "iss": "spiffe://bank.example/agent/operations",
-  "sub": "spiffe://bank.example/agent/operations",
   "aud": "spiffe://bank.example/system/ledger",
   "iat": 1772150550,
   "exp": 1772151150,
@@ -1185,11 +1188,13 @@ a cryptographic link to the original task:</t>
   "wid": "d3e4f5a6-b7c8-9012-def0-123456789012",
   "exec_act": "initiate_trade_rollback",
   "par": ["550e8400-e29b-41d4-a716-446655440003"],
-  "pol": "compensation_policy_v1",
-  "pol_decision": "approved",
-  "pol_enforcer": "spiffe://bank.example/human/compliance-officer",
-  "compensation_required": true,
-  "compensation_reason": "policy_violation_in_parent_trade"
+  "ext": {
+    "pol": "compensation_policy_v1",
+    "pol_decision": "approved",
+    "pol_enforcer": "spiffe://bank.example/human/compliance-officer",
+    "compensation_required": true,
+    "compensation_reason": "policy_violation_in_parent_trade"
+  }
 }
 ]]></sourcecode></figure>
 
@@ -1208,27 +1213,32 @@ required checks were completed:</t>
 Agent A (Route Planning):
   jti: task-001    par: []
   exec_act: plan_route
-  pol: route_policy_v1        pol_decision: approved
+  ext.pol: route_policy_v1
+  ext.pol_decision: approved
 
 Agent B (Customs):
   jti: task-002    par: [task-001]
   exec_act: validate_customs
-  pol: customs_policy_v2      pol_decision: approved
+  ext.pol: customs_policy_v2
+  ext.pol_decision: approved
 
 Agent C (Safety):
   jti: task-003    par: [task-001]
   exec_act: verify_cargo_safety
-  pol: safety_policy_v1       pol_decision: approved
+  ext.pol: safety_policy_v1
+  ext.pol_decision: approved
 
 Agent D (Payment):
   jti: task-004    par: [task-002, task-003]
   exec_act: authorize_payment
-  pol: payment_policy_v3      pol_decision: approved
+  ext.pol: payment_policy_v3
+  ext.pol_decision: approved
 
 System (Commitment):
   jti: task-005    par: [task-004]
   exec_act: commit_shipment
-  pol: commitment_policy_v1   pol_decision: approved
+  ext.pol: commitment_policy_v1
+  ext.pol_decision: approved
 ]]></artwork></figure>
 
 <t>Note that tasks 002 and 003 both depend only on task-001 and can
@@ -1263,8 +1273,8 @@ to alter perceived execution ordering.</t>
 <t>ECTs are self-asserted by the executing agent.  The agent claims
 what it did, and this claim is signed with its private key.  A
 compromised or malicious agent could create ECTs with false claims
-(e.g., setting "pol_decision" to "approved" without actually
-evaluating the policy).</t>
+(e.g., setting "pol_decision" in "ext" to "approved" without
+actually evaluating the policy).</t>
 
 <t>ECTs do not independently verify that:</t>
 
@@ -1286,36 +1296,12 @@ evidence within a single ECT that the witnesses actually
 observed the task.  An issuing agent could list witnesses that
 did not participate.</t>
 
-<section anchor="witness-attestation-model"><name>Witness Attestation Model</name>
+<t>To strengthen witness attestation beyond self-assertion, witnesses
+<bcp14>SHOULD</bcp14> submit their own independent signed ECTs referencing the
+observed task's "jti" in the "par" array.  Auditors can then
+cross-check the "witnessed_by" extension against independent
+witness ECTs in the ECT store.</t>
 
-<t>To address the self-assertion limitation of the
-"witnessed_by" extension, witnesses <bcp14>SHOULD</bcp14> submit their
-own independent signed ECTs to the audit ledger attesting to the
-observed task.  A witness attestation ECT:</t>
-
-<t><list style="symbols">
-  <t><bcp14>MUST</bcp14> set "iss" to the witness's own workload identity.</t>
-  <t><bcp14>MUST</bcp14> set "exec_act" to "witness_attestation" (or a domain-
-specific equivalent).</t>
-  <t><bcp14>MUST</bcp14> include the observed task's "jti" in the "par" array,
-linking the attestation to the original task.</t>
-  <t><bcp14>MUST</bcp14> set "pol_decision" to "approved" to indicate the witness
-confirms the observation.</t>
-</list></t>
-
-<t>When a task's "witnessed_by" extension lists one or more
-witnesses, auditors <bcp14>SHOULD</bcp14> verify that corresponding witness
-attestation ECTs exist in the ledger for each listed witness.  A
-mismatch between the extension value and the set of independent
-witness ECTs in the ledger <bcp14>SHOULD</bcp14> be flagged during audit review.</t>
-
-<t>This model converts witness attestation from a self-asserted claim
-to a cryptographically verifiable property of the ledger: the
-witness independently signs their own ECT using their own key,
-and the ledger records both the original task ECT and the witness
-attestation ECTs.</t>
-
-</section>
 </section>
 <section anchor="organizational-prerequisites"><name>Organizational Prerequisites</name>
 
@@ -1486,8 +1472,8 @@ serialized as JSON and <bcp14>SHOULD NOT</bcp14> exceed a nesting depth of
 <t><list style="symbols">
   <t>Agent identities ("iss", "aud") for accountability purposes</t>
   <t>Action descriptions ("exec_act") for audit trail completeness</t>
-  <t>Policy evaluation outcomes ("pol", "pol_decision") for
-compliance verification</t>
+  <t>Policy evaluation outcomes (via "ext" keys "pol",
+"pol_decision") when present, for compliance verification</t>
   <t>Timestamps ("iat", "exp") for temporal ordering</t>
 </list></t>
 
@@ -1507,18 +1493,14 @@ hashes via "inp_hash" and "out_hash")</t>
 <t>Implementations <bcp14>SHOULD</bcp14> minimize the information included in ECTs.
 The "exec_act" claim <bcp14>SHOULD</bcp14> use structured identifiers (e.g.,
 "process_payment") rather than natural language descriptions.
-The "pol" claim <bcp14>SHOULD</bcp14> reference policy identifiers rather than
-embedding policy content.</t>
+The "pol" extension key <bcp14>SHOULD</bcp14> reference policy identifiers
+rather than embedding policy content.</t>
 
-<t>The "compensation_reason" claim (<xref target="compensation-claims"/>)
-deserves particular attention: because it is human-readable and
-may describe the circumstances of a failure or policy violation,
-it risks exposing sensitive operational details.  Implementations
-<bcp14>SHOULD</bcp14> use short, structured reason codes (e.g.,
-"policy_violation_in_parent_trade") rather than free-form
-natural language explanations.  Implementers <bcp14>SHOULD</bcp14> review
-"compensation_reason" values for potential information leakage
-before deploying to production.</t>
+<t>The "compensation_reason" extension key in "ext"
+(<xref target="compensation-claims"/>) deserves particular attention: because
+it is human-readable, it risks exposing sensitive operational
+details.  See <xref target="extension-claims"/> for guidance on using
+structured identifiers.</t>
 
 </section>
 <section anchor="storage-and-access-control"><name>Storage and Access Control</name>
@@ -1663,18 +1645,6 @@ the "JSON Web Token Claims" registry maintained by IANA:</t>
       <c>Parent Task Identifiers</c>
       <c>IETF</c>
       <c><xref target="exec-claims"/></c>
-      <c>pol</c>
-      <c>Policy Rule Identifier</c>
-      <c>IETF</c>
-      <c><xref target="policy-claims"/></c>
-      <c>pol_decision</c>
-      <c>Policy Decision Result</c>
-      <c>IETF</c>
-      <c><xref target="policy-claims"/></c>
-      <c>pol_enforcer</c>
-      <c>Policy Enforcer Identity</c>
-      <c>IETF</c>
-      <c><xref target="policy-claims"/></c>
       <c>inp_hash</c>
       <c>Input Data Hash</c>
       <c>IETF</c>
@@ -1683,20 +1653,17 @@ the "JSON Web Token Claims" registry maintained by IANA:</t>
       <c>Output Data Hash</c>
       <c>IETF</c>
       <c><xref target="data-integrity-claims"/></c>
-      <c>compensation_required</c>
-      <c>Compensation Flag</c>
-      <c>IETF</c>
-      <c><xref target="compensation-claims"/></c>
-      <c>compensation_reason</c>
-      <c>Compensation Reason</c>
-      <c>IETF</c>
-      <c><xref target="compensation-claims"/></c>
       <c>ext</c>
       <c>Extension Object</c>
       <c>IETF</c>
       <c><xref target="extension-claims"/></c>
 </texttable>
 
+<t>Note: Policy evaluation keys ("pol", "pol_decision",
+"pol_enforcer") are carried within the "ext" object as
+spec-defined extension keys (<xref target="policy-claims"/>) and do not
+require separate JWT Claims registration.</t>
+
 </section>
 <section anchor="pol-decision-registry"><name>ECT Policy Decision Values Registry</name>
 
@@ -2184,7 +2151,7 @@ been incorporated into this document. This document obsoletes RFC
 </references>
 
 
-<?line 1586?>
+<?line 1575?>
 
 <section numbered="false" anchor="related-work"><name>Related Work</name>
 
@@ -2324,14 +2291,15 @@ use cases are distinct.</t>
 
 <t><list style="numbers" type="1">
   <t>Create JWTs with all required claims ("iss", "aud", "iat",
-"exp", "jti", "exec_act", "par") and policy claims ("pol",
-"pol_decision") when policy evaluation was performed.</t>
+"exp", "jti", "exec_act", "par") and policy extension keys
+("ext.pol", "ext.pol_decision") when policy evaluation was
+performed.</t>
   <t>Sign ECTs with the agent's private key using an algorithm
 matching the WIT (ES256 recommended).</t>
   <t>Verify ECT signatures against WIT public keys.</t>
   <t>Perform DAG validation (parent existence, temporal ordering,
 cycle detection).</t>
-  <t>Append verified ECTs to the audit ledger.</t>
+  <t>If an audit ledger is deployed, append verified ECTs to it.</t>
 </list></t>
 
 </section>
@@ -2426,7 +2394,6 @@ Agent B:</t>
 <figure><sourcecode type="json"><![CDATA[
 {
   "iss": "spiffe://example.com/agent/data-retrieval",
-  "sub": "spiffe://example.com/agent/data-retrieval",
   "aud": "spiffe://example.com/agent/validator",
   "iat": 1772064150,
   "exp": 1772064750,
@@ -2434,10 +2401,12 @@ Agent B:</t>
   "wid": "b1c2d3e4-f5a6-7890-bcde-f01234567890",
   "exec_act": "fetch_patient_data",
   "par": [],
-  "pol": "clinical_data_access_policy_v1",
-  "pol_decision": "approved",
   "inp_hash": "sha-256:n4bQgYhMfWWaL-qgxVrQFaO_TxsrC4Is0V1sFbDwCgg",
-  "out_hash": "sha-256:LCa0a2j_xo_5m0U8HTBBNBNCLXBkg7-g-YpeiGJm564"
+  "out_hash": "sha-256:LCa0a2j_xo_5m0U8HTBBNBNCLXBkg7-g-YpeiGJm564",
+  "ext": {
+    "pol": "clinical_data_access_policy_v1",
+    "pol_decision": "approved"
+  }
 }
 ]]></sourcecode></figure>
 
@@ -2447,7 +2416,6 @@ task, and creates its own ECT:</t>
 <figure><sourcecode type="json"><![CDATA[
 {
   "iss": "spiffe://example.com/agent/validator",
-  "sub": "spiffe://example.com/agent/validator",
   "aud": "spiffe://example.com/system/ledger",
   "iat": 1772064160,
   "exp": 1772064760,
@@ -2455,8 +2423,10 @@ task, and creates its own ECT:</t>
   "wid": "b1c2d3e4-f5a6-7890-bcde-f01234567890",
   "exec_act": "validate_safety",
   "par": ["550e8400-e29b-41d4-a716-446655440001"],
-  "pol": "safety_validation_policy_v2",
-  "pol_decision": "approved"
+  "ext": {
+    "pol": "safety_validation_policy_v2",
+    "pol_decision": "approved"
+  }
 }
 ]]></sourcecode></figure>
 
@@ -2480,7 +2450,6 @@ autonomous agents and human release approval:</t>
 <figure><sourcecode type="json"><![CDATA[
 {
   "iss": "spiffe://meddev.example/agent/spec-reviewer",
-  "sub": "spiffe://meddev.example/agent/spec-reviewer",
   "aud": "spiffe://meddev.example/agent/code-gen",
   "iat": 1772064150,
   "exp": 1772064750,
@@ -2488,10 +2457,12 @@ autonomous agents and human release approval:</t>
   "wid": "c2d3e4f5-a6b7-8901-cdef-012345678901",
   "exec_act": "review_requirements_spec",
   "par": [],
-  "pol": "spec_review_policy_v2",
-  "pol_decision": "approved",
   "inp_hash": "sha-256:n4bQgYhMfWWaL-qgxVrQFaO_TxsrC4Is0V1sFbDwCgg",
-  "out_hash": "sha-256:LCa0a2j_xo_5m0U8HTBBNBNCLXBkg7-g-YpeiGJm564"
+  "out_hash": "sha-256:LCa0a2j_xo_5m0U8HTBBNBNCLXBkg7-g-YpeiGJm564",
+  "ext": {
+    "pol": "spec_review_policy_v2",
+    "pol_decision": "approved"
+  }
 }
 ]]></sourcecode></figure>
 
@@ -2500,7 +2471,6 @@ autonomous agents and human release approval:</t>
 <figure><sourcecode type="json"><![CDATA[
 {
   "iss": "spiffe://meddev.example/agent/code-gen",
-  "sub": "spiffe://meddev.example/agent/code-gen",
   "aud": "spiffe://meddev.example/agent/test-runner",
   "iat": 1772064200,
   "exp": 1772064800,
@@ -2508,8 +2478,10 @@ autonomous agents and human release approval:</t>
   "wid": "c2d3e4f5-a6b7-8901-cdef-012345678901",
   "exec_act": "implement_module",
   "par": ["a1b2c3d4-0001-0000-0000-000000000001"],
-  "pol": "coding_standards_v3",
-  "pol_decision": "approved"
+  "ext": {
+    "pol": "coding_standards_v3",
+    "pol_decision": "approved"
+  }
 }
 ]]></sourcecode></figure>
 
@@ -2518,7 +2490,6 @@ autonomous agents and human release approval:</t>
 <figure><sourcecode type="json"><![CDATA[
 {
   "iss": "spiffe://meddev.example/agent/test-runner",
-  "sub": "spiffe://meddev.example/agent/test-runner",
   "aud": "spiffe://meddev.example/agent/build",
   "iat": 1772064260,
   "exp": 1772064860,
@@ -2526,8 +2497,10 @@ autonomous agents and human release approval:</t>
   "wid": "c2d3e4f5-a6b7-8901-cdef-012345678901",
   "exec_act": "execute_test_suite",
   "par": ["a1b2c3d4-0001-0000-0000-000000000002"],
-  "pol": "test_coverage_policy_v1",
-  "pol_decision": "approved"
+  "ext": {
+    "pol": "test_coverage_policy_v1",
+    "pol_decision": "approved"
+  }
 }
 ]]></sourcecode></figure>
 
@@ -2536,7 +2509,6 @@ autonomous agents and human release approval:</t>
 <figure><sourcecode type="json"><![CDATA[
 {
   "iss": "spiffe://meddev.example/agent/build",
-  "sub": "spiffe://meddev.example/agent/build",
   "aud": "spiffe://meddev.example/human/release-mgr-42",
   "iat": 1772064310,
   "exp": 1772064910,
@@ -2544,9 +2516,11 @@ autonomous agents and human release approval:</t>
   "wid": "c2d3e4f5-a6b7-8901-cdef-012345678901",
   "exec_act": "build_release_artifact",
   "par": ["a1b2c3d4-0001-0000-0000-000000000003"],
-  "pol": "build_validation_v2",
-  "pol_decision": "approved",
-  "out_hash": "sha-256:Ry1YfOoW2XpC5Mq8HkGzNx3dL9vBa4sUjE7iKt0wPZc"
+  "out_hash": "sha-256:Ry1YfOoW2XpC5Mq8HkGzNx3dL9vBa4sUjE7iKt0wPZc",
+  "ext": {
+    "pol": "build_validation_v2",
+    "pol_decision": "approved"
+  }
 }
 ]]></sourcecode></figure>
 
@@ -2555,7 +2529,6 @@ autonomous agents and human release approval:</t>
 <figure><sourcecode type="json"><![CDATA[
 {
   "iss": "spiffe://meddev.example/human/release-mgr-42",
-  "sub": "spiffe://meddev.example/human/release-mgr-42",
   "aud": "spiffe://meddev.example/system/ledger",
   "iat": 1772064510,
   "exp": 1772065110,
@@ -2563,10 +2536,10 @@ autonomous agents and human release approval:</t>
   "wid": "c2d3e4f5-a6b7-8901-cdef-012345678901",
   "exec_act": "approve_release",
   "par": ["a1b2c3d4-0001-0000-0000-000000000004"],
-  "pol": "release_approval_policy",
-  "pol_decision": "approved",
-  "pol_enforcer": "spiffe://meddev.example/human/release-mgr-42",
   "ext": {
+    "pol": "release_approval_policy",
+    "pol_decision": "approved",
+    "pol_enforcer": "spiffe://meddev.example/human/release-mgr-42",
     "witnessed_by": [
       "spiffe://meddev.example/audit/qa-observer-1"
     ]
@@ -2625,7 +2598,6 @@ task-...-0004 (execute_trade)
 <figure><sourcecode type="json"><![CDATA[
 {
   "iss": "spiffe://bank.example/agent/execution",
-  "sub": "spiffe://bank.example/agent/execution",
   "aud": "spiffe://bank.example/system/ledger",
   "iat": 1772064250,
   "exp": 1772064850,
@@ -2636,8 +2608,10 @@ task-...-0004 (execute_trade)
     "f1e2d3c4-0002-0000-0000-000000000002",
     "f1e2d3c4-0003-0000-0000-000000000003"
   ],
-  "pol": "trade_execution_policy_v3",
-  "pol_decision": "approved"
+  "ext": {
+    "pol": "trade_execution_policy_v3",
+    "pol_decision": "approved"
+  }
 }
 ]]></sourcecode></figure>
 
@@ -2661,535 +2635,528 @@ tracing is built.</t>
   </back>
 
 <!-- ##markdown-source:
-H4sIAAAAAAAAA9W923rbVpYgfI+nQNMXIasJSpQl22GqqkeW5Fhpy1ZJclzp
-qnxqkIRIxCTAAkDJbMf9/Q/xP8A8yzzKPMms4z4AoCSncjHjL7ElEtiHtdde
-50MURUGVVotkFHZOPiWTdZXmWXiUZ1XyqQqv8o9JVoY3eREep2VVpON1lUzD
-w1mSVekk/JAXH28W+V3ZCeLxuEhuYZAPp2eXJ2FjqE4wiatklhebUVhW02Ca
-T7J4CbNOi/imirIky5JlnGXRXboskyjR96MJvx/t7gblerxMyxI+rTYrePX0
-5OpVkK2X46QYBVMYfhTACp4GcZHEsJJLGKJIq00nuIN1zop8vdL1dYKPyQY+
-nY6CMIxCM1sos9Gn+NYij6dhOsXtVhv6NJa93+ne+dP1NK3CqojTBf0+yZer
-RRpnk4R+LZLZehEj6MpNWSXLMgjidTXPC5of/g/Dm/ViwRA5mhcAa3g5fKtQ
-oSfyYhZn6X/FuFDYfDZNVkmGSwsvkjKJi8k8KehBeCVdjMI0qW7+hwHsYJoE
-QZYXS3j/NsF5L14dPT8YHtgfn9sfv7U/vpAfvz14tqc/Doe7+ONpdDzAWeTQ
-cAktH5d7ZbQq8iqf5ItREKTZTW0VTw8OdOQXz759qpPs7w11tCzVKdKIDiDS
-M8EnLs9PX706GdHeFZfp8JPwvMin6wkd7am8Eb4qAMx4fITXJ7dJscmzJOzy
-ML0OjxMXs6QahfOqWpWjnZ1yld7cJIM03wHMLXfwMMtKPo3icb6udnIY6TZN
-7nZoAMLH8CZelIgCJ++jw9Po8OjKX+UF4wUur3vyvhfu7e7t7wyfvfg2zG/C
-ap6EJ+siXyWACudxAfi0xNOOs6l+fZSvs0m6CBfxJs1m4TS/y8J5XCzzLC0B
-2Yr1IilDGDwuqvQmnaTxIkwBwReLFIA4gT0f2i9O3S8OJ9UWQCTrIloknwYJ
-riyGf3aSRboDCL5jFu/sHz+Ldp9Fw6f0oUV6/BMhSo+27lE3VwfF+wzgBUO8
-Oj6M9oZHry6GQx+qV/hvuDfswxDTBN9/lUyTAvZo4V32cboqhHfDk0UyqQqA
-2QQemABVKL9zP7tMZ1lcATaV7RC5u7sbJJObYjDLb3cA6wrYwA6tBZa3M5nH
-qyopotMdIF/6y+HOCiaPhsMWVNkCpfeDy0H4Ks+nBJvjYj0LD6fLNEOyTDuC
-x89OX50eR6enPjiO0wL2AtcNTmO4v/PsYOfk/VfiF6DQMi4+JlUJ+BPepBlQ
-NkYmmH2Nb5Vh9yyF2cPT069CnGla7MiyPLQZAtocRMOD3x9tjt9dHD54C/d2
-9g4O9nHf03SWVrBVGIThDD8DKqSLlC4KkhCcxsKkBGDDh12c57fcIZ7av0N7
-0RD+2//9gQF06ez44iFwDJ/vPN8/ICxIpukENjlNbtNJgod+fPEbNskD+gf+
-PNrFM//99/ju/OTt1cmbk7OTq4uf/K2+Aw56lSySZVIVm/BylUyQGtLe2zcF
-IyOZ5BcMNyjhxXInhy/aaP+W7Rwt8vU0fEuMEPawXIEEAjT8FexmqhfacNJy
-klYVMdi0AvwCYuQx2hxniIAQZGVM3C6qSHLTh7Z9HwH6MkOFR4MoAkFmjPRk
-UgXB1TwtgaNM6HrDgQOGw4FvlRG7J0dXZa8PJwLiVAWf4A6qnI7kg0pShgcD
-FTlbL6o0vCR5KDzJblOgtkJJSEbrBe526aJNHRm0IYfhmEbOChJnwAHgOSwu
-BCHkFuSGsASCnkz7IdIuGhw4JdN9wqG4/BhYiRA+Top+uMoX6WQTJrfxYs13
-A1g+SHlJ2ScktAIfDAsrCOJJkZdlwNJKlTOU8bHlOhMUg3W93DC0pnj0LDo3
-gBUIhO/Sat4UVcPJIgbRCHf/w+W7t+GHZMxHEnZ/+HDVC1jY6sM5wHGWLoaH
-SRaPUUBoSKchnBvIkFkF/wcOlBwpF56Zx1VYrlervKjc7YMUZKYYBAT4dZmE
-MZwe8iEcZrKZADTDWRGv5kAoD7/v2bPAuYtkBSQW4UWHoYLuJEVo81HdcyAh
-rCuJJ3PA2UlKaLjKYS98Tij+wLxVwuDcAnKD1B9OAYTrEk8HEbkEqkPogx8s
-QbhY8OEXm1WV03ZgW6siXaZ4qxHxDsMsuQteX12dh/MkBlQCTpEspv3AXKRI
-LlI/xPtG12zKbAWvK0IXJyM4xos8m5WAwoCfqCIYnOGhDaKDAgTwhpszz4ha
-j9fpgjBsvMgnH+nkAjk5ACjcJ7jnALcsr8Ix3M2qTBY3iF8wRQWXre8eL4It
-EIwBbS68UWm6HDAFWabT6QJ0jScoURrxG35/Ep7lABambUBefjNdMFOGnz+3
-qCBfvuhNB9TOx+uyMqocaV1ENxhlqjlohbP5AwhAZ6yPBKBSAJUw359f9QDs
-tBs6ihKVgEmCV15+DFX5CRrLdVUjWLYS2Xl+Z5Zchs6a4eARsXP4oAiZwoRw
-wIsQBEuQxUKLqbrcyOwINhGYT2kTEdMJBznxDF/nd8ktkryG/kv4l1hciadT
-uKalpUlA9CbAvqp4DOJRtQG4/HuW3+GS7uZ5CAIUEiMkAKCRsFJmxuJbHdwh
-UbmLkfFkgHf0q9x0/DReARoi6YbrcTdPCAyOql0k/1gDkWFsuUvgFgh5wDlr
-RCEkogD7vTDUz+UZgImTIokRnosNvLRa5Bs8iTzLl/m6ZPbDRDCY5LB0kP+A
-qMiZuKo63j/i6UVKFIHwewUKir1EFqPL8H//f/8/zr1Y04X9/Nlojl++9OFX
-R+nhD1Tmh98CxNPPn1HwBGTCgQQgDqfrMxFHwu8yPdzZkhinwidaxh9xBTim
-ZTrdMklgCno/shuA6ZBixfA28IwFwHIJRwWv9wbbBAlXTghVTqAb5LF9ArAg
-WlLSU7N4FY6T6i4B3G3BUXe9TYSUKZwrpWf5HbNIuygBD+MkPA9okAL8gETR
-JyIY4Hx1NDVYB7s/LGVtQPeR/QjN2m7RwGPlOy22KHinKexkSTIlPj0GjgsH
-hueJSyHGWdzC1MwLAhV6YpDdgUqAvrjE1/Tu0p6de8Ns0WNoQVyW6wIvGJIH
-IONAPGC6ZXiJgg6+hGdcAGIAvOh4EIrAn3C3og/jzS1yuH9JyQxe75zsLBDJ
-A6TQ4b2n5HMrkQXMCbG0DZgD8KPjIg4MNJw4ArzUIdMlfJaWIpWn/5VMOzQq
-DEjvm2cYjWCRVyCFhH/th3CLgeCc80H/1MdBgb3hLXm3rkB+D/9j0AmCPZj0
-bY5iIF76qQN3gooAoF2IYUPfNkGGaRaCFU4TyYhIlYoWcDxPefK2Ob1DJQAt
-0uwj0U/AeGaIyCRwCUW+WIxjkBV0ahoBoDVLkaAx9UZ0OFFBJB8j3slFg4dz
-EBHLNSweibkjt6N2Ac8DL/T0Msu0GZ15GBL6k/F6NlNShKYtoDg4AmMC4YG+
-6gtiDt4Ch+Z5UTeL8fTxtJsQUdUAB61iAEwRJbd0M/mm4+cgV9BTuDpXEmLp
-uJyAWF2kudyVywmojPTqIfKuiQBoC1VEJYxkiS1qFmlZvZBl+rD7+TNQyYh/
-+/KlB++CLO2I0iRFIu4aCXrDZAsBAW9P41kEqJeyvskjCHbDTZ18ZHRjXJVX
-GGMjVjr4jVMRqXG1RD0sKTdU2TA4wC4YhUlfal/kkQ49YYTNs0dXVhDGV1ET
-j/gBeYnADjxnBq/gkMVNPElCTxaA9/iByDyAL5MQegOozkIKis1w95AflubY
-8EO4SlNkaiAc077omIzMWJMpScvQfRNi4v1BhI3CfycmIpdBH17GGVxjoqNw
-+AXKq9Mc1a8wKZHRpuXc2Dq8Z4+An+M8cCEX6U2CWlXiPoH4d5GIvXOervAK
-X1h8PbKCU9CqNjgMAwnsBFh2i74HW4RDXJbBWLZLqOJKHNuumcOnhdeqAiPX
-GkYE0AKqLJB2W4Wkro8AaDatOglgwQ2IgfAcsd7KvXNwP49qwxCxdV4prCVM
-0Kku2gXIpIFYlmIhIA0VoABvo8G4H9rrxQRkhl6CjKZcgniJDwXjZJPDV6Rg
-Et6RJauurouW4WzTrLQM6pujs0Rch1s/JXWeVa+EZmEK5l2RfkAkL2dzAh94
-CtChb40CilyiBEGGBLEycQBEvMA1sjDZnNBmaEz3vC0VIpmFaEpguSBvdaNo
-kFpXF+AO2Rc2vELcjAzumGyMAJBPSPyYEg9KyglcO8RH82pjYpLeABPRUEFK
-hnmUGe1NDGiCnrqNo83A1wHZfKbCF+WkKrzKgIVwMBmKWgAIpGZir+EtkXcG
-B2h5mPBBbA08fSxYwoQT6Qs/FoxBtkKKyXoKIYCjzCAnQj5yi0eJrJw8CMhx
-Uvqd6eBHAPgd6QOds/eXV50+/xu+fUc/X5z85f3pxckx/nz5+vDNG/NDIE9c
-vn73/s2x/cm+efTu7Ozk7TG/DJ+G3kdB5+zwpw5fj86786vTd28P33Qa95VQ
-mgVeIuIg6RLIy8AcLb7z8uj8f/3P4T6I2f9y8epobzj8FkQL/uXF8Pk+/AKK
-o1zGPIOD5F9JegQhNYkLkq9Q/o5XaPlHAx9g/px8a3DfAJp/+BtC5udR+Mfx
-ZDXc/7N8gBv2PlSYeR8SzJqfNF5mILZ81DKNgab3eQ3S/noPf/J+V7g7H/7x
-30A+TMJo+OLf/hzUeSUcwJI5xrpsIa7AIUmKHgUj5OqO4qwaW58vJZu7lLGC
-dLDFpCO3VkTyksQaNomSNOxIwCis07TIaSeIJCC3p8TVrbQsHA2Qf42CdpqB
-9F6KAoUyfYJu/ZyEeqRsx2q6PBTT5ffWdMlzsS3Til7GhEnA2iaD3SFCwUwo
-mzA0rZGUpM2QmLroUyRu3yMX8kpqVuDPn8Wjb+xLU+arDXMwqdqhsQrQoi1R
-Zc2+dAh2m+0VFV6Sx96QuKXHv8KtR3jdQH9eLtdsf1jkMzoVuGvEOhqnCYCC
-BZUJHZ7RffuMcigdNqRv3xQPL/vW6ECk2yMj3TLMHL3KzE1nAx9s3SxoEQZc
-sB5dfYabgam22BTZpMjTspA8sWIcMU8k9+aafFNaYdLAh5gFzM1iojuXY5xk
-26Q70YqMfvDfKkdjilhe8FEHoP9Yg9QZLZLbBCNZfNkWbxfJp8c0sbeJHOC9
-qny8j7MtlrCNiG14uvMYObTZZApKG9pViAuD1M+uEbRYSJwHYDT/8OULvF45
-8jICIq2QffLKAFrFNEJPOxwfj07XnlXVhHE5rjCSo1QTlBVJQ8JNugZ9R7CN
-p9NUNlMzLiGXZWAcuhYsVz36/KSp+ZCYzu85vr/gqt0ets3i7SqQD1izCQZk
-D2nHM9i5j2mqjnQ7p2G85Oiv8K9E892vf+r03MmbdnJ3ZgcFRdRZFSSgwuwo
-iYDunk9SEqoYVciKgysQiZvewScRbWVJtACyr0bzfFVXzG7TmGWqeyz0LfzH
-t9HX+aArdbrYIAY6JOlEj0iORsSv8sDqx76a6djUmUhvscDTIV8YrZysX2Id
-s7av3OjiaeFZ0tDAY47aHecRHjWAKkJYXIO+nueAQi2nUfgmzciK7BmZkM6o
-fUksSZ51iXg7XYsTY4w9Q2ebqBjsMRUQApjwSjK12Xoai3iTFIFajUmGVpDS
-V0a0jtlKQ2PQNwDs//7v/wZ8nKQpXLYq+Nfoq//8a/Cr2jTf0GxdvZm9cOuf
-X/ElfO1qFPoXr8thZ6OdnWq6Qwe/86nXcd8553f4qt1/ZfCl37Slrcve8sXt
-b4Ycak0CNyv/HHoH3Av/RgY1DOH4WaAAr2EwmBVjUPdzfcmggYOW54Ob//hX
-gRxOwvOV3Xf0rf/LYfduxcxqFLpyGSCgkcKYAPTMEggMHbpooCSgusXiG9sR
-0HXnGNw6/wwU4F4Fn0fhk5t0FtFdKzkw508miFhvv8dQCRXKzhexoboOm7X6
-iIS8up76vtCNMvzhg2rh4to3pnr8RsYTwuGIz32xwDHxK0VjEcGndJx2Lldk
-IaNGyG9SdrU+eeJJB+cohZYgJDjiQUSiaQmbPSTB0gYwlA8bW41/G20ElmcZ
-u55jb4aRf3hnIgnCzscUUBxEJxgJVL2Q1Ftjb2J+vR7DJRF2bfcFs+dLazL5
-BuGE4jDaiWWh1kpR9jlkC2bvgODXEeuT6LkYNmK2h1JJE4rGFG6kw9NjR0Ds
-DdwN0ibGGv9jwUdRHSJ+1IQPkYVa96PDGhvNYgYsrJovw64HSvjcAWWPlgHj
-wrInMrB50erSSU0A5kk/ABenK0jEexl/ZEcqGc1FdOdLKhECM3Jc4Ok3wk10
-eSlGEBQFOidNeEkNoQIJDmiwQpr3Qualc1fXGSyCf3yJIWiNYIQRUo0/okRn
-WdHhnzEesb5MfhLBXPgCD6r30z97NMRxDRhKQkt8zVu9rEDigAGQdDAkW6VV
-EVbRQ3gLKi8RyRVIDw9Ihn2VwQR7mR6AoFEFFrCMzldEFFBNZObmKqnWucms
-KmADITt2xZ4aI4f/zlydtGwzkaa48ECFXvKB0o1FDB+wGAsgTdJba1/sypn1
-ZASyjLC1wjhmryQMh6Wj3ij8UR+VY2zRWBEB8Rw9ZY3EFG/r/TC9kX0C1q4k
-m+EBsA/Y4Ypw6PoOfFibhHMLxghukhe/5rLnvAnL7q1XH2E01VA0a4hBP6vy
-Ulg1k7RkCnMertiwi1AXME7ZjcUaJrFPmo9ZKOmN2+w6r5i8fX7iOPqYFWx5
-AbG2NRDQ5WSBUMDYe9jEueMLl/aFA1AvbWAR+kwwPvQSthYvRLMHYMArPJT3
-Rah2UaS7xsqAwgWzPyKUcj0/P/klh+MV3x5jaJ0v0XAozsZCJS1XMxRW6NQv
-JajRnwHQRIAxvely7+BZp4+fVJsVfmJzjf71l7uKv0LGB19xTEYcwWWJ0mk0
-3HvaCb741IZXJHTGLFQ2c/IpRq0PSQ1Mj/YINQaLd0DjyksD9RobAHQhL43c
-8gHG9+Pu2/jGdpYRhqdG+2RNiwZRPx7BxJz0C7hOvDqCGZrP4EYk3iF2MtBA
-O/DY5WaJUdDoZ9d1gJ6fDGaDfvgah0Vwvr58+mIffz8Y7vUayEA2YJI0NVAp
-LnVUNA2ZxAvCGpg4KpIVXB81RsEx1iBrWHxCjLB+wvjZlAMW1mk55wiZkFkX
-s0yUADG7rOyTdRieNUExVtKaGF8KxQCE9IYjLRHUEMMBmVqOviYwqVilN8yS
-aVoYDu9LH+a8ntN5vRdrgRCbgpTpRZ5/DNcrIb3i0vKGBoha3KuZSfFmAiCO
-2FUFF/OuUpe/vZereEOsU65jGY5zjaiNUN+HwZB1esK1iN1+UFktkvleKzUt
-7gmycjsoL7NumWmZ1zOGK6poqHGaBRj3uCG9MQhStiI6R3dZoc3+XfH+4pTC
-iuBfPcaNnh1bL9UtFwqP3yb5pkZYGLNoYK1xJq0NBVpD64gZ/KdR//9IDDVi
-hvrnnT8CyOd//s++Cpe6qE65HqtoLcY2V5bFgKEsUiHbWSLpfyiE89XA/ZaT
-eYIGIb3nIF1dwhdvSjbVv794O3r/Hlds9RyUwWEBCEx1MjWAiScHz/yCOKpp
-HAQ5EtNUJFAKCLQiZmOGozTQKCjM0jZT1cckTCcMFSNZraMLjYixSMcFRWYS
-y3fiMMXdtMIloZ3aBSJ7IWVZA8zlrF9zZ3to7gIBOyZnbXPb6qRnV0K6SmHI
-btnzwfAymcR4EOyER+M1Uk66b+QL5TgwPPekLOOZmrZJURdjHGtaHfispmU5
-3NRYBpmMiG+GZDn2+WNwbgofGR98YjAc3l1h4khK6mGKxpUYE1Dg8z/Af38g
-5RZtruxrAYU8xdv2hz+MyAMrfhM8OLqNTJIzlhtFPCUnAEXkJmGGBEP0G9mU
-kqHK2EO/YbmuaUc1sRS+/GukXpWsNRwOceguRkkyrVSOk4gjoF/jZB4vbvTE
-mAQMzMbZd4g7lzdsGnPb5vHLijVP+MPuwMXGEx51armE8Q3ynDj8JSdhPYwr
-u2vyZLEBGqlnrwVYuhNHbreLZ2M6zoq6R329SxTnx46YCySbkFIFfueYjIXV
-RGo5GosuS2lynMm5072RxVICA6G8g6MMA37673/rGNKYsPw1gL2LiRSX0pEn
-25/jGNQdsWz9/WcM7D9Bs7dyVo6KE6TiEBmgkhgYYA30FEJQKsmmDRA4gQdw
-yCaICaRr4XH1bLig8Tc6zmKKDnFllKXGjssgrHHy1cbxLCpj8DpFzWL+CY7h
-WjLkbZrp9JgW24HPOkb4w7PQICT7Pt3NikzrhXrlcDhOM47HaGwexyiNYCQN
-bUcvElINGGGc6MWHhyjSvappr3qLeA0sSIWGOsnCRX8AObBGdt+ul3BUk2PY
-ugbhpMsE3Rd381SkZloOUE+6p1OUkFWgUc93rDfGRPT0wzIXhhNXsiyU2zBJ
-GA+HLkU1T0xAMoYR0QlILCk/4HvUx8ksRnkGmMyD24BnUrES0o4c7tAi4gtl
-JyEYjxDO6QD/Gh6EyzSj+AkmGrQdFDBBYMSkJdnDCnR7OLJsSm7wFEPLVapi
-J3EMuhXZRSaYUISi+kfAEgmfmKBfD7EDFiqGBk8W62Tjm07YfQtgeZnAeEnP
-Mm2ElRrBCPHHLucT6NZPpzQeNIq2wwiDBJWEZLEJ1qAN0VFjPACs5pcqbWXV
-JNHNFvmYvGfrLP3HOqnZGV3SJsyB4EXH6jJaWDsJQSKvkdCJ1RNIWr9MOTCB
-/GmMdSJIoHEhJmKPWTbsd+7AejuhuqtLdwnsuXeW2OWzocObJmgtR4pfW6Z5
-HANxqa7H4fd6rWw8oaEISAIviEsisRUrMIppgURq3s1BZ5dlztGesADsmAIb
-QD9bSSkaxgbkYDFRI8QvlfFAU4P7npbW/sNnQMFwSHjQUzoVihNY5vYdXy3z
-ejxuvK1MJcHCExPirOagJV9H6UJZ5RTg9eRJm0nm8xO8vL4iZPUNUTEoiOc+
-DQZEojtWCxviMCGhYdvO0RKvoQomeAkWYpmmAwBhyhGLTBxUTXS2nJVQk/zc
-FisDCp68BuTbdjdwq5KypTHlpPM6a5QoPAx0Dk1GhnAjGywpMktH6MQ1KJFI
-uNj2IsGyyXUZ3yTVBqMFJ/FiQqki19McJVvCSCAdyYhBq5QD2RNK0uztgpPF
-WirTsKMb64SAeHMGJaALfYKAu83TKWkHiwWnWBgmyc90DzGbXylUkczQIlDQ
-2SoQsWYJAREuTA1+hyr3lwRIjG8+d3ivI8iQ+O+EzuC1dH2VKookTOjNedJK
-8fYZYw3Zh2Gk2zRfl8YYnKi9+TALk+UKJRVaG1xCzq/BYJ+wyHNZGoEhy+tr
-cNATlUORzFDxMFltOkQp90hCrk5sWMHnJ34WwZab9GCiL9ykFZaUab9JV3MP
-PTXKhEdDkUX0GTL+2jxBLuiQSvybES87k0VKUfHXmEACGMXYS6Nd3w4JLesW
-BaRM+Co8da15NC6NG9D6zVf3bQReAADXNuEFTH/gyRoXHnmJvCbSlIPEqTEv
-yjHBCMeabPSj+3ixkeyPyCQI6hfoZjObt0sQwgyveHtGSTilYDdZToy1DFjf
-6FCW2G2CFtirtn1iRtEkSaYSH6lsTfSd2M3pwttNRIay8Hh4Zl33DH9DyYuE
-5/ZhkX5D2WNZoQY8tqEAnPpYTzQUdy2lS7PO4aMBnIkzBV4miT4mo7xwZMd3
-wvzYWhJiVBVL9L2xQMx53BTRjOtxA25E6dGYGwpsx7B/MaTKbQ3ZQVJaK62A
-T6DLBAEkmoWlAY4wq3J/7AjpLB20bh8wwm7fHNCKKyFcz9fLOLtGGpbcbT0s
-k5JBT/Msv6ynM6KPY5IsdQvCW9v355yRVUPY2wMnmi4aoGZdLOZ5Q16lOKus
-DpE52GwT+Hxbr1IZPHJ+nWFH8Phgrw9Fxvvwo1wdkXWqmv4iV8IeDm4QE5tM
-MKvN7iL5TpMxHdsf2h99P6a+ysQ5z2zcrlMtwsjmFDtqq0UIqRMRrHjQGGj0
-aSFd8luXVXQ2NoJQUaKAy5Y6Q8AdAqngajEkOiEG1s7KArumLPvR0b50oVnM
-dN+s4keJkDfBPfHRvD0bgUFhfqSbav4QHm0gEmTfT53MjcJPBnSb215LXBsQ
-Q2XcMaoVBuOu4ppa4+KjZGQXmNbEO/hO4iUBzat0wmqWHOHS6OrWj8oLx8wA
-K/0m23JSmlrrMgZ1DSuFZBtz27MZpiDkhRPTIhLku/PDHcDcvB8eJaBa9sO/
-Hh6dvekHSPvWIMcvQWVfEPqXPU1Kmtp8nvZwbie/x1B3h0fWHBRk8RAp5xjT
-Sk9NXs7nJygmRCZR5wFRR5OmbGKPFxKgeZyBk6cgyQnmbgMZSkB8FpM/Z7lS
-IQ8qube6BuVsvl3p8BNn8VljzsQpaTy8NnxDOO8m7OBzkfH+jZAHPNtfF4sI
-MCoH2EX4QMcRosp5HO0dPBtl++O/zH6an918+BC/if4x+/Rj8ZdX8bu/X199
-Kouj/dNy98dh+Wp8fHc0m3Wkvga8T+tyvJ4Wj616A4BNigmsRMRhDUdCM8nh
-28PwLekFp1qEEKD7Gkc9NKNeGHlHVBVZdMfs4OmL/Y58fjDco/Xd62Q1IyBR
-hKNzaI/5CljNApXVGFWFPEMLqbNRVg+I3U23zYYcDcXSVVWDExmokvijKj+X
-rw9xSt3f2fFBnz4baiETet3KcxOqTYXc/TbhYmdFfBfmwLmrsoklcB8AHX8z
-ujFaG3yrld4RiwqZewx0vExfREtF947czaNahnt4odHHn5+4cpK9pO6n1wr4
-2nZe5vkiiTMSaEWHMjVJLGtPmbU/EP/MIqTR2ujVQWMZaHXbDlOSRiK0vkhx
-D3zc1KdzhwpCm6jY8IKCWNq6exLZqmKdoMFRVAMHkZ048FbzfEdVpTTnhNHr
-NLtmaecaRIQpKPaehn5TJAkFvIRSjxWFDNDAliDbMw6mAF1AmmQ5Tjj+u8Sw
-H6qmltrbjTBKElLViSLLGJJ0TuChyD9gNrN1OmUrIRxpEwwITt9CtQVQgYUq
-wytge4WHA2LP1IBKwBesaoBZ145xvtSchYCFf+voTNw0ZccqjkwU7hMmWMSU
-RVBR/H9+lwWd5NOqQ0bZ74iZOSZlLqtjcmA83iNmYJBqTLgZsRWpkZCTC4QM
-N+T+cJQXuztRY2y8kxvaX5JdTX6xVxBj/3xcf0f+YTFhmKDfnL3GVCmC/OCR
-ym147Zi9cjTdfVEFDZoaiINHUpCp8gdZsZ2pZXQ67HSW5ezvWKL8KJYlirQw
-tqXSlK2ZoveJgCRRwn2naB6+g9Yr734hey/KRHNtYE1SoZEvGKLiwPiySP65
-pkJjcK3UzNWykMCPG5xi1hfZWc1qSGLNiTKRw2nMEhqmW5Od/zYRQ3QJF7Ov
-+TUUAAbDUECYsWsJ9WNM6qA7Tk/PJraGOC68ub/77TM4q0rr6+ErOFoAUjcZ
-yGDdoJA6xuUHBjwIKKetbGGf8jCro55Zm4akYw54GE18J29JOWhmAyluwCE+
-whYciKq+zCkHL0S5pXT8/TyZHUuya2E49K71EZAbJr9zFDQYa1yJ0EEZOISb
-9JOkiJFd9O/XSA3+fr0sOyOWXeF2OjG44XRdqPIDxBeRB4TibAr7jlB7F7Xx
-79c8Awxi2JFTZkKTxwwnAPkLa0ygCMVVUxP8cYmGk7jYgDiFo1PI/t+vcQeo
-7zpDH57unL2R4nvyNb1xx6l/uJ7xBl44bI+5OPUCHOia17IETaiDE9CjWi9n
-Dk7VBYNs2jNHk4t0cRMh8S0ANt8RYbLxuKGsElkwJR5K4KsunhLN14upxAF4
-nlEJ2mTnZ0Rizt+vYWFwC03RUgdOpJEoT0Ta7D+K/h+1xVNUGFnb8+wmlWRU
-/B3uLcbioY2GjwW4OGNNidVxYLqaq7LhbV2pWdGYQNBMtwSGT9G+HIw3kXgP
-ckdy+NmR2BGI40gwZf22pa6r1gtJE0pYDwTFaKHRFuc/BwmolVeE/fX4q55H
-n/X9z6tjg1YDmx2Fw+fP93af7Q8PdulDZNLmw+fyIdr3YdyDg93kxf7ubpTs
-fTuO9ofT/Sh+PnwW7e8/e3ZwsA/f7A5haHzjTqJYd8fDyd70aZTs3xxEz56/
-+DaKx5NplNzsDvee7h/gJx2ZV/wkIzx1JEmAdSCZJXFl/TMohIzCv/3Mc6B5
-YeQYxllEQvOdynp7HRX9rOVq5NjFzLdqF9oKPR7RgDtiw4Bs1sj7owc1zFYF
-k5ahSos7yJujeDfe++X6U359sNx9/+L11cuXb1++PXrz15cfZ8+jWfTTKkm/
-/2F58GxfloIMYxR+DozF070retT7B2yRZaDjE0yC98wXhrZa0mrJJj9CBNCh
-j+YcInMO0e3+YA/F0S+10GW0cETI6yR42bts53KHnAjmJ6GbRnFlyjF9fuJW
-Y5KMzXqeibz1CqWRVsua2tJIvmy+Xi+dGrDncjjcFfm9WSdVxSy2lgmXdscQ
-20BqPb9YPvfDpUa3+0HsgevI54B4EcJ5GAkUFmUYC+G9rFtC0DdYIW/AIOGK
-xYEVzJFPw25nAELaZB5j9BznhR1qhk8plYHjrdk9ap4t78/yqWeguFVvTVaO
-5Pkw1Qy+P7kKd+JVKjQrIpsxHcfOcDAMXudlNQrlO1rKwLmwQUvKT7L5YT7+
-fpIOBgMMOx0Mmsv1HkJ/JTzUyPCRabwMH01CIi8Fnidjncn0qQdOsXZFebFk
-XDUxyK4zXWDeD8zbW+HLWLUgPJasSY0/7VOoR4BJVhs+S8WCBxHPGqQlXamQ
-UAwNs8Ec1ofWhgEpVcBKCmDTbTrlDHGJ4TRxKCsx7pjqVRgR/fmzqwwS3oNq
-jBZagRG5Q6gwiJ/Jg9hoVuvEjRhrfmHgq/G/XOZD3dVBPUhNQjXQ6yADT1WL
-NgE0aukgD4QMKON4ib82sUvtI7VQ0G/KwPf5UJYOOuV/NAW9yMjrFdAjCvhO
-2oBIsjrZMOLwvgoyEitHJ0FmXjcQB3bVZhEI6xYBJKtqg9GinyQfbSu+Ju51
-NKE0ynL1A6oNTuBAL05emKqVGc/igdo6BFFVY8QKSIRWowhqHyACAMqKKVvq
-8xoru/jrjLQbaAgBwtyCmOwvto7wDHXnyg/fobjCJGUSmQVexKwcto8ZGlrG
-KJVmeItZCHXO+gJjHOUeOrhitisOFHLEpm3mWVl1UHkibG13ZZWstAbqFSM+
-tjGQSCZ2hHKsFbt11M4k8Wq1dDupZUBJGFRooqs5Bn58EXEjEhml5hm/LrfU
-AhZtg36cVU/pgfF1G1stSym0Vo0J41Kk1l+pq1c/sKTySYQMVRbFSzDiHj31
-kBmgtmVl/TN0HwIbNCyZYpoQxYSdA5cocNclAtbFQwPwbruCQ04oTd0nZLFK
-0YfeZxRiW5iJvrHI1rNE1KVxUpOUo83X2fReOGH64VWyBKknXoTv5NYKfjgh
-qni5CXbuRJJ/HGom1owCVcXuWg9yFbO8lvGlAVaLtTqsSWGcrQsbDMqhoFW+
-SKj0ath1KpCNwqe7odgQegMa4IoPo0+EmCggL3UU/qf4wmEx4R9BPkoXU/qZ
-qyfQXNc417WZ6z815tdMLlEZnD9ml0cj+ELidxjBaVJvZ2tg0MBEya4N+m+I
-5hhsAiOQ5lMiz5LK91ydH5XgI/9ZNhmny7hIFxs3CDFUD6lftLUrZ5Uo/rse
-SELNXl+qY9IgdgXteMUW90RKPTMBj1PNC8cRtuDYPhpbmFuR/PbKFn9DjMCK
-8w4VdXiWuqMCTnIFXYJcHWJdVlSCWb8pmULIwrnYGbdBqGgVrOvccw8OLL2Q
-ODMNXxrVYEH+W816iK2Cti0iBxCmPRzFwq22ExtqaIStCdWEbwnGsbE4TiAO
-UV83qETdNPTKQ04/IcJeFCHH6wS1bBD8TutdslzJMMJNNKJ0TFVsq7Wrr7J2
-mhT/u90nEmpSJjlFRGShODwKolAfhAmlt+emlIbPzotDARR4RsWdbVUyDNfl
-vM0JIO25KzuZZDvUhmwsccjORa+YFfLBvF4Aixgc27bi8IZ6iokpLeSw3FQK
-7SIkKALaVPAlbH3SECGN27lu21qVyXqao+5oKpeWhlg4EoOR1qU4g30vuFln
-7Fw0YbUgrnapsin8dU2kpN9KSHtYtGFnJ7wEcSQcjhwRhCOHMNj2xg4y0LPB
-wQdwoWmCAYgKvZHABigbAKMo8qJLqdIg1/hSQacXOHPumYOzVJC8AMryHEJM
-Ljx2JKbEmXFuCsW1AVXhn5zVzpKqa17oMcc2ZAwxfr1YaK8mf+Vu7C5SYOLT
-o7AT/mu4bUBiWX+m6Zl7tQL8cdMl2PdKGbVcPB9uT0fhEdFQE/8fdlkqK2I0
-FVGl6GVa4SKxLjXKT3/Ce9ntUYQBBZn+CdH3mmixf6ArDLNxUEdGkPDCxp9l
-/Omaqq/D09dmWoCMzIO1GnCjLD/pR0gd2rDmKC0wELzw62iKG4iTV9hFg7bq
-IDCvU8RoCaK7uQ52d9zd65o2aA6wdPfYtjXdNm2Q5ic0h43JNwP0hXV7eOzm
-kbYtncWf0uUatEMBUv2U3A214Lld8cjHOfz+T38K7e5q6IUgbr6RZrp+fVw4
-BT+re4un0/rt+S13DNDZv2cN1GseTh0Bt+DdljOSpx+Pfw7E+GuLVNzazbVM
-+ZYAtU3VqP25Ic4diQSb1G6rYIDQeoMYXF0WQ+u5kw3yLVck/0aNBBpgyJr5
-Jy6oGb7r/qhGhh/F6Cl9cymSWGfJcmqZhFI420a0klPrVI6VAiZ9hei7WVEE
-g+1SQrSnnFP2GHIuzXpPyyC5wb6jHAnoOJjhYqfxAouUam1GNHgknyqUk8hF
-DWQuLzCFJpER6+q2cHmRtLFVRu2eBfV75usow134w8AQVY10PXoSFk7wsRaL
-+gmqTcTRc43YERjJdasTeoKDNwZl/CsDDldppnaweGMc/SBxYSHRrLIUhbIx
-nBIvyE25OsyPbrTH5yeevY+tIO4D5ypv1ItRiQZcWitI5Rk+Qs/wEXgxJmT2
-qJcaAu4n9b+220dhx4gasdijnEoxfaFMG6k1Ddu11S7wjEBXQ8UQrZ6uXZ9N
-ED/WasxTwRi19do6HxjEXqswIrp5YwAqAtY2AFJCrqnCnSM4u5hKgYZls8SK
-6GVm/ERKtTWGdvSxOPyY5XeZNCNgwPg1RqS8qhNNUaure0A+fVhKcutWf/NL
-mbAdiZZjDWN6gixnmyOowR3OlTH9YLAnMn0dhFpmbduUKHOTWpwkKpHfAoJP
-t+5qi0qlEi7rnTDbNyUNZXAVNuB2WnPHhEc/ShcipyOHaaMhDvdJwl2XUTl0
-RkZ7Vj98d3R5zsgLd11C03mK8Rq7kITrFcryVFbjeQ0T2pGMaoEoR6mVDBLV
-qllp7kVtaKc6nzteS2kReJ/NcLUKvhZXvTpk39b3YAtUeEUKNAf/G064Nx39
-iKfbsg6cNUGDcMw7WQP7kmherpXrGLxi4cYO3sjkj0vKoZLEu+/ER2KKsfFR
-sbVZyiRoZpMxJ3Ewjx/SHaeLdZGwav9BdV5TaEA8k67xuu+YHBkI3t4ZeW0H
-A4IBwHe4O/DgS1GAkhRg4laVU+kdothAUlmHQ/91Mg366dqZyQcHYsKTs/5e
-suWg6zNoE59HvtJyni+APjsM2LBrga1NWu8Jhbx32ps1eUBoYo+tZ9gEhTvK
-ZY4dMozxwtiKPR4yGMEnXWJwW64GxZo9Ee/icM8Ail1U4viQyKEuGbr6jpWo
-LxnWlDZBNFlCcKn2XLJYROzlwLGBpWBEKiV0kGFqS0Zh3+uOQsnibaPTt81B
-JFXQj89w0+b6261iuEpgTOfC7OtWCqL29XZT+M4B7YxbWGJtDYpbbZq+3RK0
-5mKIfVGCSsXc1xAs2D253Zqu4YWBXEnzwCKfzTS7j+7hal2scg7QOyHFQavt
-BE64IedhmEhwg+x1d6bpkGcjY/ucs8iCsBPDTI0sFnlJ9ILFrkbVSPbBgmCG
-JNyrB2orMrheWVspxEQ/sp+EaDUNsL/7NOyCXD9Op0Bjeqg54fsoKKQS8ks5
-hyaEAkU4+pjlLRlkGHTfZzYvU8cxpVObBch4M5L1wesC8jnOp5t6TlocwhYw
-/kw0OaFo2B2UgyADmxbDdjtzHu14QqL5lesP5g7OtaRBMX4KiE0hCjZe1s8m
-uJEMuIYsbW112213dJ+vAVPRFnP9C7a/UAIFqvUWHZgEBokdusbwUUdtVuMe
-y9csmXVFaLYCszmZHijlK3wU59Y1qNFJCB6/zTYQ/nkAAnP4L39qiMeeGYRv
-YLdzyliD+qMVW9iIYwcEyQWNGiIq41mX10Y+7tqHeq1TgNoyT8dk7zIikDGd
-vZFaeVYuCVRCRuABABrwJAOHTPqRLRxo37DveHbE2mLeZySP1+oAdmpANSfA
-YyPPE2SAA7g23zaO7h6rSOjJ4H1nve1Q04Mxr9TXSKHq1IeTRG1eKRwMfH4t
-nzlQ6jfh2D7vpSPqG1O6jFdfgpVoYakzyi0MKFsZjg3tR/DTNVBSnK15YA5u
-AbLCowMq1tmyJJsftgRJnkpwSgPxq/qKJGRYxWSkl1LbTrCED2oAz+msVB+v
-7QB4KCNI8sTOiA1oiAgq9khLKKSRmpmcSta1zIjEix+V3nGmHoKpTlef0xEY
-/Q3Ch+i5ZRmK4hy77eetoqeM0gBojPHBICqSB6LLeSd5SIKjbMtKfr0akNl7
-7K0hjNg2PUuujQi6dV1cJoomJK9RPMs7LXP8uT7HfYb+7dN4W6nDoSZTik1Y
-Zfnwb9tEzJ+NfZif9VGhZhzWRZ2lXMXJn5SdHfSjWZx4l2oJ4t1cOg9wYQIt
-FbeKcTABoBSHMEtpk21r6zRv+ZtoefNRu4RXtKOVeVXWisKzTYzrOEZsPnXv
-FZ5MSe/fXGepKz63y84/b1mckl9vJtItOw3go8Dd1XgoG7JDMhFFozjBTp6v
-x3MOGvb/GCN7q+ew1cPTivU1FYGlL7OxQ18jwEwKCVhLbzQcyQnhqXkkmy4G
-65pgVUK32rNGffaje1Z9T0h0Kj1vEeM4VtprtHFqGtJ+ftJoQSshghIw6kYX
-gYpq+6R5IWxa3EM6nHkrZEwuq2ieT+CXeLEpU67ao0UXS0/TdhoYY86Xzc7n
-NtupNtkWCkDWZ6+MZ5CvxAduYhD90G7LuLIpx0IYARxPA0hwQP1mc1C2Nm0W
-OalA63SQQ70M5FnM5sSE8zJodiynlKqUEhe0Yq1fSYHBUaI+G1AwK6+l3vHW
-hFGqsC+hjLhrTBNyOzJ4XYhLUxCe9U7fAiJ2cR5crN2HzgZNwYVR+I4936pf
-KYpY6zrHcBGKL/Mpm0TJLUoF8sSc7QeIySKlmLjU7YiBw1Vu1BJ3K+W7g1HS
-CYeextiBO6/yTIJJQRNDOwzn32KQAKyXXUtaJB+Ea5Ctx1RXGTTf5ho0Td54
-hPBCoqVZIlekb6quAg2+FFZIlFDs4aethRO8uUR11FILsT1sNvbmnu0ky82E
-lE5LIih3BFeDplN6lDLYKSIKCyGHZ0nxEQPUi4TttM1VjBMDerZhY/ENaYDX
-KIYZ2PBarmBDobjYpdLLhMb0zjWnwwEVeg+35gjvBxAeuEERpRZqz5xSrO02
-tMRN0rxNbDIiPLLkkDEKKJrnd7U2v/WmX0i92mkKa9ZlEkgAvzs2mwPkRCbl
-d9KGUxZpK1LfYXJcYNR/24uvlvvrFwWoN1gO2hssa6J2vTab6W6qYOPiO2Nk
-31ozLODEe63+dJo5O+iTfctBWs7mNASFykkHWJdP/VFuncEvbDk4S6bkXD1O
-yCt6efzmiDI4EC+C4DQjhOZHpvxImd9Ud5yCSmm9RA6tW6KLQ/T6weGpaR5X
-YtyUBtrblIk5IQL5iVywBsphQm0zVADViZlaA3rECz8R1BbXDmyvpM+fXx0f
-RnvDo1cXw6HjBxoOB8PdbsIm38+fT95HZ8cX8L0sIHCLC5m8WBObqHHp7s7V
-cIOHZUCjtUZ90CFhRzFAO4Z0sa0YbIULPZEOg1EVhCjR7u4QSQBGHIV/+zng
-uktUS1Gi+K5doF0jygXUYWxE6CdCoM2ZI9nKqwsXqjQpTXXDl2H3CCPDvkfj
-FwK3saQ9uyRdpL80w5GugW2sSYCiJYEYg/KpFmwtr2+firh3/5KOwu4VWhvp
-t8ZynjaWs+cvRxq0XWNK7HW5TiuzIPpkgqVHUF8zBfceXNBx2H25ThfTLSva
-b6zoqb+iMb58LRh9HaPHLiYNnlbF31rxVc9t+6peU1znhdyQM7g71B/XX9VB
-Y1X7/qpkPF2XLscsUy6ewGn7cvgLU44rNEmXcBHgDmgq1w7pKTsyfLScFdH+
-Hi0I1vLZZFxfjzew4sFg8PMXzCo2SfDLpIpRTut5QrUkMkbldDFRofo+6tZR
-OVkUADexRLgCp5LQ9TSBGb7MFVC1Ze39Th1f6S3tDOjlkphXUe3Npwm/Rqkb
-dPChogMlM6sGNe1b54otDsfnveTzxlrPFE7NAa90FiJc0nNifPYDwgGY1AMl
-ywMixTRp+TFdrVjWKxIS2iTC9EkIBFV0EBJTcLALm7iDsAiO2U8Qh/UGyrgF
-GkCr2qmNGzQ55Pfi86zmW2mrJ+IrmfW2x7Sbc4vIK1BtVOJLSltVDhsDe8V/
-VAoK3JrHlJDSc5rOuXI4HoeTs8SBT4Y5AGAk1dHQ8e42io1qInZnvA0Mge3W
-SWjjmad4F+p0rfHUfthtpzWNJw9Aw/fvfy/8G+GZLSAw/dnP9J3GkbBKvmgO
-JgD2IG7gmRmU0bi0ovGY0YV8TctgBaI9lZagMrUWUc0FYyHXidzgFhWVbUzL
-cgjWGTivlynU22pL3lWa2UIzUQ5wWkktCNyBFUyNXsKVB4zU3QUZnxw/+Pl4
-w2YGKnOgxZRAoITlRYscmwm71/WG+tTKIfT5njlyOxugyVrpVHmglTnpIl4P
-HC21oaKhU1qUsmJwoVqYcBJnbuoqiI/WIEBroXN4SLIaUUzVGruHzFiOSKZe
-zcYgVFIrZJfKyiExJG84+eJrZRrZHJAXA5rfCG2HWZZ8Ck9PQR9DZZ8lLZHZ
-Yo17nCTarPfGJKHdL8KaWQ5Po8OjK5wIrg7KtsM97Hda5eg/nZAjl4rtxSue
-IuWOUjDBPJ3NI1KgQAzm4pLkxcwXt9Ya20Lp7pl6f8T0axKrTuRfElOuNKfk
-/dmcMBlRPJ+QDXmqblyHMdh5URd4RWVTsIbuVRFz0I6vCdyYByp5QImn6VKo
-YXm0+ZiaceMG+4GDS35KLzE3LNVl0baNXwWmDClu1hlNzHm1iyzcmgYO7MA1
-AfyCjsis8vEiuK0fjhu9Bv5LfnQjOOGHXMzHlcAfIX7rtr5e9BYvnmPEM7K3
-fnJNsGIx92HB22R+/xNyN4Ff1mFOwYDk6T3r8NgN1/NRZrMdT0333sfSsrPT
-V6fH0enply9yvdQA4bMjxT0tG6s7QVqibIDxMs6M4YmYh3jwtWeS5f981Y/f
-XRzWCAzfcm/tp9gWYiL1doTs3E+l3ghtym9MhRwuj4P8Et6YFuktxTMKcbLV
-cVorGppKAe4t1pJ7ZJdMS1KmkNZTCxADoj433Gixj2nqdzF162t75ey0EQeV
-Uq4lnWNZBJP95zV5f6g+zzjOPhpVhAvoGINz2V6i5xGv1Kv0eK/4PYBqdXqG
-B7sHjTo9w4Ph8Gvr9HwrVXekTM/0KdbniZ9F4+eTF9G3u8O9aJrc7EamRg98
-0izTk1Iddb2815pS6JXqeUzNoKedn7UQD9WRcRP4bIH7f6aSjwdhViktfkY5
-2n0V2O3pgyNKy2h7gKoyjh5RXrJWAsfDXqcMjlug0S2Bc+WXXCCctvUmaveg
-juwBLaHPLYGkUgARGk6bpkxa0mCsPCgmtcBeXr25G76OJmuUKQJKO1m+xOKh
-QFKwqtakBDJBNalZAWbJYGG+tBKBsfQ1mbUppiFsGrMbSQ6yHpZWndWTAUCl
-C6wb2ZECTCOfUZ3d50hQzxdxhnEgj+f2qwV6VfFlw+DxF89s9Ej7GtVQLH8D
-d1d/KldhLA1z519rdr6HmfslVdh5BGffImXExSyXfirG7Ei/NYDyoD3tnHu1
-PMKWttcP261qhn9o4xddk/zqSxzb13TJdeBRDhM0bKzqQVsao/C1orQjhcmQ
-j7E2ujTF3i0hKPYmqtzDquJ5XMCdSBZU46NE8oKOB7FNUSoPIhrydTxoikRg
-3ZJTpaVlA10EfAhkGZGcE8kLpNG1hggekNNPDofr19w6qG3BBf4G63qwDkY0
-RmOGdcRaSwHtOciNBCi/CL4mew7lYGt+dFnzOsXTaSHFDvX5ife8kweNK9PC
-vLg5yhl5enCwp36RqzkS1fAMy6HVk6gr/i6eUAGbuEjMPERyovAsRmscEk1p
-gJ7y1/ImdvPW/KZ6Fgmgi2SFcz0Rrz2Adt+jPEGndDzKgshlgNanpRo82GKK
-ZffRWgAcnNqq24mpFCkVKSay5gXF5WPfhVgfCCeUSARxXhY0tOY4VJhRXUkv
-P3Igb6z7WMxogfUAs8hYzZON4xVVY4XaN9DYma7YrHjPZPpQ4lSwCMgPGy9w
-FlislORp1ifio7/ESpuHVGkTv3yDapymsTlVODHnYGG+U2MyYoNXqlOrcchs
-Gh+tza+4qyIHXt1x60fuJM82X7fzrBRYYqtQVerZUcJLGB6Shq0YgFHkNSSc
-UAFQRiGpRosjMS7JCiSTqEwqWmkt9Ak7X9vmI6b7B7BmxM5Aex9ov2micuin
-psmk4rFfGdhxjdPFoRxTXIp3PDqDtWTEpfExT+W1ZnMM6pbIHaoXG1veSZ6n
-0vI7UhceHe1JWavrQ3Zfmpr7HmhxNB2Bwer0drAVpMi4XMU2hJtJCN1wEJDw
-yqMVT0IQTP8HQ0yr5sOB6J6ar2awCAuYV+kMT5WLp0W6MHuw/W3xOE4paMrD
-cX0vncCrOxx2sdZcyvYrqkhJNaDVae7aKd3at1LbFgkltg9NK3GIStwZm2Fh
-H6/zO7S8YvFhTgPgQoqtd8lENhYjSaLFaPnAVrsVZJvkkdvrXlMyNJDL1ycD
-Y04Tmhy7xehMvqCdxCC+W75Xi/cecntIp3MqXT9cqTME+X+mEkaL8IIbu8Ka
-t+xy+SDW3kNr7WWOBJRIBokcS3BExTu/cJ1wZoaMMh7RCi3R0kAQ/9htuWm3
-gLA2/+QCwhXWfw+oRW17KeHWzsK8Vtvi1YGcQK3NwC2d0yMJ60kqSRuUGeSN
-WgKf03TYfdEW00FiJq9eO5N1wi45myTwAy0k6nZCVQPwEoVCM6hiP6ll7ma0
-BpFXR0yyBoOQ9DwllO5W28wZ/g7uI8l0HaU8kAOaQApqFcvSWahqeWLZ0UVv
-QQXCXMnlKijjzV63vq3mJ1jihjz5aaC6pNr5+olLblAiuSmkJpu8TNzOxMtr
-wS1msrpcJiBa4l0q87k0ShFNul2609pgqptFTMlaYjlXKx4689RrwhXDAb6w
-Z+6b08BfSYX2SRmXf6diQM1aik5lbwkLNL4QXuOIA7hkMp+p4i0s+YbSlUDy
-ZfKK5TOg5/2g1jpblWttButjodebdtspsgD1rpiBFMa59PD2OUiHeHewdEYp
-0gAbzxxSOy5yyi/mnGQT0yNikimcZgyJUwn9Y4mL9BfsDA+7BF5sqz3ZygC5
-vygysOYLfh2VjUWMYfRw1f4dWB371ckiMUPjCJmfR9SxlV6iljUgQbO5mK2r
-ROZZkGYv3Bz0MlNjHx6spLqYEZ1tWyZ3EieqLy0b4XwsNbcH9IW1gD7H5emk
-jZutjfTLWkyaNPxYATkJQuFyfRuO4Pa6pClYkXf6cbm7keZ47Gzj2FUCjt0X
-xlhTmFmcZdqTljREak7MKGsgJRK6ye9zI6Y17FnyLF1xuVJx7RtPbJZrgclq
-zSLMNonQ5gJJcGslVejNF4EwCevc09kw7b3R69gpYYDBsM5MTrQIpuM45RDc
-zoOcQhFnm0D0v+0ztFQ58CoaPFDNIOyWVK0wWYXP2gr39jhD9r6ES0oWuGld
-hbuCezJpE6oYirEtQn7clNrApNTiUtoqL6Bw6xRMo7ofi3RcxKx7wpimsqCJ
-vTDN3lo3xlh4wT2xD0knRip3y6q64KGKBtxDo9ZpvaxlkR9Ebj46XDzbN106
-5ThduFkL15o8bmkDbayA5WToUeAv68wkXZlcq3Jkor/dhCwxUwJf0VakcgLo
-NGLLoU7qJOxTTd/E1Lqlmr6B2/WErbXojdX0KgSVZh9uErcwQNPma4sO27Bc
-2Z0QVTad0X4Ct/OgV+BYTMZcHI6sDLGNh6AyoFwk2as2q4Z3dOs54gC3I8rJ
-NGNWsw39nFh4rsKT3xCokFdH1MqcGy1LCG+VS4EeGVbl6dZ+59rtPHDawqLw
-uqYKvVXiRge31bnEAGAbkHKWTrESyLmBqq+603omiS2MH+HyCmNtG0jrcG3x
-Rs8BFpseb1dvLkl4xH+B/2Y8SanlNSho1oCfiskHUq0JM0O0cBMeej7JQQf6
-fBodD9Kkuok4HbjcKyP99suXfmAWag2CqW0l79ZQDDmr/IwT7y1/KaUrwP4e
-hroYH2bGtqSMg9rRnZmBDDhOWcQ1Dk5B5ymgZAbLAyhzWTkWGRWv2fDx5nKH
-4NK1iybo9kZKWYBoJ2gP+BhRxyExvIknGJjFzofzq7DLNfhNAI0dI6coOK7t
-b2qRZNMgNBn9akQ3UUWIUV3XDOP2IjZDX4jYWOvNPqWSQEhdqckVf82iAyMe
-ylnWaCmFFlq5dMoOI7FtUSyhGiLpZgLpmiWBQ2q4WgncJJFgK1N0DL9tMZyg
-zSHAoA06jC01tExDpGhB9kMj6BXYNYubdGHyZMHl3YFfdef5mkucT2NMlqeU
-JZAh5yVpkOd2j04RUU5DI0HidVxMKU7JGMDPKCQQuMfryzNKuEMNyeiljOcM
-NMk9Iuupw9BrPSRB55B2YrZiEL7yfkVdsVGsqcQpz+DvN0UEKcOPXFziq1xL
-JI7N9VVKVMgAie9MUSgMKcJEWXoIUzjVWOjKbnFjOG6w7tV59wpeqKzkFEEq
-EloqJz46XfGMzrPWihWBQ+d9tRDL0LoLs5X8FxtTFQrW1wlaantIfIWk0hBE
-XpGB7ogtr8GhWpsadlugLlQUFJDcK/dhS3HBmrkWUC350bSy9jlh3lYlxDHB
-uZ7bhSRUSHgXW7EM61uABMoG5VjsjZZcMJQ3IvttVONyIApAOeMbSNdMBCa+
-go5yI+AnPpo0laS21KcgfCj5qU1X+tDU3Ufhe1ORa5tpRJwnahXdYhQNW42i
-5LnBvJjITzA70xNIm4BAPgwPliKVyH2LNZVyYusU4+jv1hWWPRxzWCzg5Ih6
-JLI7R8023DPGNT5srJeGepiQEifaCcgfTBYMDFcIsiITND+mYovUI415Nt3q
-bUqCUPd1FRs/FxzhJwx+ADIbcGzypxS0LlQBhktOZsIBMRUAWGmBtVeFUCIA
-Ti73Dp5hiUW4DYFzGx4sXhk2i1cGW4tXNuqTc082LVYp1SnR/Skl0jFr2RSn
-bMqKgsZYr3oTkm2EVAC6e8xXD89PmemifK31fGy/RAIxWmdLbbBYowa2XqTT
-6oI8b1tOxhR+vIvZagukBBgaEhxsLJgJMaRkcOtokU+pfaMghAlPDg/RgxNP
-Nib1QvzONn65S6pFn0OhegzTennmQXBkewL4BffpUlBxeL6GvCxb2PmX9XSm
-aYP38flNNpkXeUYhabi6UHcuLrK3V+c9t+sy1yKNH+5cENzTuSBgUlAzVXmJ
-ioSwstVyFTstiNh9rFy+HjvubYLyn4U5YE5JOpsnUngs8FeLWORML2ZEl/vb
-euXKQDUEW2w3ChGyebZ0crCWWnmfE1MoY8O6ROrzIjXClli5RCUuCV911eJu
-q+MNRwkhpa63f0FEwWelal3QutJaoTZQ1025Nu28ysy41iYM+5dhvVbsMXxk
-GiWoKZROallrr0BWkwWWKm70pCUUDyRBOvEamWGB6O14bU0K3NSEG5qQBdrW
-xguxhbf45VExMzV3GV1Iv0Hjf7M9g6mhVVGGKnedLzieDFEWjos5vfTgEUPC
-Y/u1kk03cJrAAgOkPrDOJXReREHT7eia3wQHIbdqZZsWSCs5pcTWWgSTSesJ
-y+aTZsQJsjd0Bp9IxLcaTOUwM2pGxD05uEYYiTOHrt6FVqcuubD6bLxhKldT
-r1RyxLfdrOoVn2nXurJ6Ti05SrEwAXBkozc2YMc1nq8reIbWgeGZ/ZpbqSdp
-DFti9v2Ek8cQbCc4AnahDMIpbMdQYmc7N33HAtq2absmOHfFCCEiuO/ADdWP
-jxUFbPtGwhDbiLFH4qVIQI7kgWYXY690UZfKCJO6loNWmmA3WWv5NY8vFgkv
-Xx02+AZIeCrSiI1dGgPZInzd89PTnsWrM6eROHUCqzcX3yo5eG3M3Rm0Y5yi
-6iCQi6euUDbjPbrrekds0BprV2uxTpIE1sCOs9karSku3srcVGrHm9Z29V41
-nRLO8IFtzK6FgVg8FZrf3l6dp+p+/ux+a298MFV3AzMcagiAIm3G0riqV1zt
-lZO4ODF/wV2rsT26BqRw9C62FVhiujOSRhQojdGaqp3Qyk0Qbj9At2KKZJ8y
-Sfy28ybQnGSBSooY1huL140UffcUGQ6UdOoc40Oxzf65gqaeUO3QoHHCmH4a
-czywt7SkcLpgU/O69uORy82FYNSq6qIwCHQfsaiLbecGIonEEdiCCOIckqIr
-eOsPqUmD+u3UuGDsK25wgmuBiem1SDRW+B4EJ47V4J4yNlvBaFCcEypZr5ql
-FZO7YjnYdmU1bBAYLlEysgxUZMUnYIgKpmVkpHCxjx1Oqi0SC4DBq/VCiSiu
-yqWiXd8ZL9EGQjWFPPSChilKO0suNlb/EWWUTTTWMs+gC9S9ihUfqdaMwglv
-SpYw+RdFk6ucsKBO+vd4XQWcO6jj6UpdVqC1mKiVhXpkDCwOpT1Hk+/cKH0H
-FUoo/3gT/gNINzvwOMNaFxz4B6s2bjUF6x1zTElu58PASJ5SDcznw9+xZQSX
-1yiOx66/wKvR+iQ8PXx72CaTYKJ7HF5tVgkCIeUIXA47S20hC5t1XTgPqUXE
-BrgS50NVNgk0fMVOUHb07U3NO42LA0ZOq8Ce8aNgpM0CeTGX63HlfulX8QyC
-C1MLSct1lvgY1uYMgndS+K31y5OMK0zUIn7xgRfjtPrOKXYUhz98kHgu+e3S
-KbsuDQFAlvBaAvSlziu9YVK+AHCNlryCnpQZ1uzK6/XjvWwPU8ZFXybMR7ZE
-PpuYZ604oyeMhgXEbeIZIkk2R2eYna/VI+rVq8EHPKwJgkN7iGJi54BBjE8w
-qILvNR+0HlUbgUiKUTpxGnoY5UIi6ddisJHmuQAyvUNuJjG2NLaUx+EXuJSz
-eAZTsEWnW/Zk02H4Kl04OpX7zRnOUuVAjG7wGcJUPFL7TMACHedYL1HSNmF2
-OVPnCRPum3VBjLO2pqN5gYH7gItvkyzDclyAWOjA+h+Z/j7Aqr2nSgjW6I6i
-N9+dnb17izeEHbwEYDTC6AO8vkPiTFumCoIj4OPCR4iv0ZOnJ1eviIa4zbip
-rbZHSrArN30XubTjy2+kMF7nbaUxrzcoOOOJUy9wEAjJF0nOvi6urifreouu
-WVncphO0UiF+UilNo4sx3D7quIBfwqwAH8L0y1qdOd5V40r0QXN0e5RzRxOk
-K2zOr0OOJc3fBXISLJxmVC2jQyrwh2QsXVd4+oco9K/8HMNRfzm2Yjp+xqhy
-ZFAFPrswMvqvwa+jKIpG9Lfz4wi+AKo+hYdNasqpLavxKyEb/FMrRYXjmQwa
-+JoV3h1KMyFucu+LQGXhG+lqxu1tHd3h/lcBs35V/Rh78W5ZLXPuxru2fOav
-9T6RACyqVfmIQTS30Q5yop9ol/OHhlFdF58jwY90ydfyib5JyqQJpfJHUPUY
-HnzHAuNXD9GaY4mo5GYyvlrEM3fAVoWsbThSYGqDXeinjxgOycqv5PpgY9o7
-Njl56FE3BcGLmIRF+ZTyoeZgbbnrlHUl9r46RvzIcqvSLSALcJSRopASh02D
-MNhABWmOsn3wTmAuPnvd22hEF9be64SzIl+vuJSalRdV+QYVxaOEVjKjQnL/
-cvHq6MVw7xllS3E2RUpKm/EVCd0yy4mpleSvvE4A9+9GbUwBlV9b7FzUpQ/1
-g4cukIl0ahuFa8g+eJVbavAiLbuL2YvDeoX6H+4fzWKdiyJuqdgt5w/IA4AJ
-OWcfFSKWuJAYw6AsDSXTP3XIWSu4yiEjHzRwXmlO+/NXGpoDJzqZpxgohEaN
-RiwOfgtboQZZNoYn+NogHqNooVHexK1Qg0w+m/WK+iOgbG5UPax7hBEeGhQD
-ssQdqNEdDNhNxRtHMui/iW2Q6smmleei1jSkj8kGHoMZFolXLqxDAS2Yu2HH
-gzurQzrhLug+C0xlEngA7uEsEcNKQnVplraGEVBVbIQd+ebgwERESyBgXZb2
-6ji8Qzkw3Bvsyo0/+TThC6YBlB2y+xH9aj9mCnt68ezbp3AE0+QGM5Doxa0j
-mwNFcxjfeooENJN1DzFdsmfriuNXDhVVSiEWQscwqVmPGffEIGqmrhCvLXEc
-YILhTLy9mP4+CvXQMZAP62Ggx3weL26QQMFXy0EHo8/wcMkBLD6Dco0u0nRC
-IQ5oj0mWFOIY87Cm7xPJ4otNgKWwQQrpUrICr11cGrY3NIb+lBVlUMhO6MEe
-5mbJJko/Bit0tuNa4ij6wxbYCDhZt6Bw1ixv1BntKx6aSiBUoNhLgLOh6GRE
-0shSOgSqIyBRKGapwRh9YnMEVvcmziIYpxdy9MFtUsyIbtMXadazeVdovQts
-QAtmRRwffj8wEbNusqvmpGGB5TSbVFplHmVWx3itVZ04UnOHNk+qm/FeYxAL
-E0nbMMyilxSPq+5Ig8NS3ZJSABpcPsO1jORxNfAQSjk2QESjfqeFOGAC4hTO
-u4/oTp+QOaivDZ8NhQjUHzPosL/cqRxD96xsv6V8G5tPu1Q1x5VGTi2aiD3z
-oLOgpyKm+Dcf7VTvloqtJqVqwv2UEJ35ll59yiKmAx2Q967vjFEfiNd6ueb+
-8OyejSNrDsFsHkxn1IHFVGDb3oiTh53ItFrH/iLu2TIppY2zF3NJmjisM2K0
-5fPg1F4T3mQXW8dEtfRzDBLdcb7ao5Zt4O3njKY5Xjt7Ich3toRbwDETtgIy
-VbaSfCsDVbgkJYrflL0sznzKAr9DT3ESL5WBYrcdpC+mJaaJUjYbMr70gNsM
-2jVxFyW4BmMucMabQ783uwpHnEPTfiQUKm2OhLKp8dCNLbiBgRr44zaOkzV+
-F4T1WQD+d7GUguOR1xmzlamxjbrZ4KdVndxJSOwM1oG+G6BjGGzZjNHB1Dv8
-fKtDlPOusUq3b4Uiy5pRHqQipbBeU9Q66PK923bl0HvCybnodELbkSQNuQG5
-4cRGCITdjkxyPak+dXoUpuguztqXYT1e2LzSVGrI2iQQsSmTQl6JYoMIbq6z
-pQx1jqSkoduR5i2MH2npEEQKf6SC2OFffYYLkCrCn4DlsTylRlkhrMHWUGOY
-jUwBRFFN8FJfMqaZr3NUQXjOtSvO94TKylH/h1vjEc2ImjPZo1zdQJvN8nYk
-VR5wbCPd7hxSx852ByjEf2UrlLFYq12O1IcZKgqjnaqaC5kMWLKacgGK++Vg
-dCihfh5hlDlIOjgUJw/mkdbTMGv8jnKXlym6MRtR6XQ8zG/9NAbuDmNtoxLM
-5/Q3uBJDbPcdwP2KWleCxNbbwpzcZ2B/785P3l6dvDk5O7m6+ElVA1mk20RB
-rL2Blk1UDUCyVp1ijtNkvOYyZ5RRlmfosWFoU0gGB+UgdEsk/GgjxriECjsY
-38WbcmRVhkYKZiDeIsC2iJDvvjyy78xAAUflR5xLjtE2XMIcnQwmyq6U57WV
-tB+MFFBi3Xe0p3bvVb26rucfd73FHkj88yBPGnJTjldcbKxVeBpImj1Q/Ip4
-o9bf1LIwFGzbbAthuuOZDtPqLsP36mectFIh/iZoP3SmGr4DjsHS6BcwCCSN
-ceOEFvggoKmaBfklJolT6ySitiiShZP59RJjvljAwJ25V4RTO7fIay+RlhiA
-jO0odVy3TVp0O9wHJfD7oPgCs+ppxMg1ma5SmrWMyR0ckK6a5Vg/SL2qjTYl
-emxy1MZhHtzTL6UlIMepeQSc19muJLKQHhK6jVJ4/7ZIKRudAtsaJfRIZqPz
-jRTvuTw6vboKu5drCqY9ojlNK48+80OSDSabvnDIdVltoWNIuHnAbRaPcpJW
-VeR+62jNcU11N8XaKrOKynq26MxLXjfByil7ypTEXbyKWQDIS74H6NTg+pK0
-sYDSQldV6V5E3UyioTp0+f1bKJmpVEkw7LbY8lWRp4KXGDvDSXHOVXHraZsr
-SAfHC2hZsVZFiG01bco6d0LbiOe5AHLgiEnJBK1B8Ir4MJXZ63N6sTWZLEFI
-xELYnNNv69WRcM0CGSW8cmCJaT2PsWfCzsOaejfesBLIRtfA0eyMqEP59MSE
-FjZsvtZvnICNiUhiPtFMw3Z4cehrGzoM2ICseZkm9sKGXJgUfxQO4MZh3JoV
-KingLexiFB3u22dPRpsPkRJUeYT1wzyMtbYEGoJXr4jYc3ztvOFYFJk5ZjAE
-DgJJATA3TtQYjwiZuzWXTi+gsq8kttGstm+LtgxAi/Acp2yDW+DyAkAgWbMb
-5ErWBiyubNL3Hbbw4emRJKTTNT6C/bBotYUdbH/eKZImbod4jCqitGc0MVyq
-OPQ1fkV87z2973acZked/CbQ+qpdQtk5kXdqA+XbKxoZfL2BWs0Ik9bU8fVq
-B6WcmCMknNgJ4T59iQc3baiIQNmOQCTmiK2HY1387lbfS7m2rXZsCp0ERPbf
-a3/8kMMl2WOB6yMd2Z8QI4vw0kgrrSNOdIJ9Cq9r78ftxPX2OU1a2l1jeGw/
-vKdft40QMoNRcC6/XgvQpQoX7TWvjII0oC5dSDecel/3l0Kg1FYtakDdv7DY
-gV5YzNvrUnoNIdFySVEKvQF15JJukl6mj80Z8qsZgHiG7bW2tPXuClck6w7e
-u34zopihwiUtjLgJKzkwTc+0Ten2ekR+vOCF7kjCqlrxJvI6qoEINAL4Utep
-inVK4CHfqfjGQut4I9I7mi6ORVzis3D6e40QGJSDtV2GkuLu4VhawGKkmUTq
-49CNRnQYBMNx/d6CbDEVDfNuyzohQOG4rzfjIp2Owtd5ZeQ04qgq+vXRwjpl
-6eiWvjPiK0ZBaR4qwloOnCLKa1FsW8DN2NaeoCT1MrfkhgVhPTuMoOSh2uiB
-NDCb92USwtCARFG0VnMql0gKyOrBWV82sonyfMlj4ZHEEVLyCHTfRcrZP7pu
-SteljnkrirRhewSeOkaa1Dd8EA13lyjpUYtJAbjvH7IxVrxJN84yJQqAl53s
-2DgLlqaKJXcQD6weTNZ+TPXw1pjMCJIkiCUoGhU4mFeYKhxB94d3lyeSPEAa
-C4vJEmvl1d4ASsy1Ofzg/7RlDXAh8myGqhEWOV4jHk5b8mNQb3eXizHc0n9d
-qJdJskKHla0dgpm0lKxEMo8LpwF7X42ebgv7w51crdC+sVXZcAqNijqwXMZo
-WSuppJDRzLwa8W5/BaItt/AKJhEXbZ3SjDqAeVbcKpOyFqljDM5Mytp3gFjz
-NLnluEozvGYVB07Yb414LJOYmwuZFnktXfF+VQBxDMCFLY6PgRpwh490g/RA
-YN3//BcMgA1m9obh0asLjP+pwuEQPe5uDzcrs7tNRtSg0TcV5rvav6SH4Qge
-BXa5GZsOLQPgIGi/Wr+rrnj9pHDFJ+/Ds+MLmONRLUu62uKkxyBp2D2coOPD
-04g77WG9Mg0L0FBVM/nhKUZXYa+AQTjcI2g91M/E72bya6NBgc+v6n0KWife
-h2G4c5ntVmKm3Zg57m11ck+jE5zyLH11egyQQ1A79m8FGFFr9PLepiUb0rhn
-FO65BupaZ6JmAyAdE6fFhg4OdNs6N7DYZiZqIlHZ6PngopQbHeJcbtOI6R6a
-w42Epfz8Fpb7xDwQDlW4Ca/u8ohz2ExHmHaxWiqtS9noUqSE0HReZec0R4Vk
-09IxU2mN9BEniyM/kGDUejsHEFCxND9JBlzdH1gxfuKHk/NXH7kVAkm8URyB
-7Bnt7e49i3b3tHQ/TXeu7bzv7xwhJoUBUEPpAkEBcWZ77c0jHvdWvX9E8y2R
-W/JGA4ndZ/vDRgMJ+PD51zaQ2B16DSTGw8keNpGIqIsENoyIxpNpEt3s2hYS
-zQYSNwmIp9eYs4upRLhVr3eE3xVikRIRpMeuOdnj67pDmDQ/hN08jgApRtn+
-+C+zn+ZnNx8+xG+if8w+/Vj85VX87vrqU1kc7Z+Wuz8Oy1fj47uj2YwHMcmB
-ziBvjuLdeO+X60/59cFy9/2L11cvX759+fbozV9ffpw9j2bRT6sk/f6H5cGz
-fYNKWuffc9ECfvVVGcEwo757PRy7P14NNkdqxAtWeZYKjl+PmTVseRgpay/c
-h4/3tjNBbHzWho3PvhYb934HbDSNE7g9wVe3MRn6bUykyYHTotN0XngAWxVH
-rsiyjcHByAtq3QIHg0G0Sy0Dm7eo1rhPHt0Lu7UtcltMl5DvjVr7/JKcqK1D
-D6XH51Z7CS44IsPotobAtsjknduXIIhtExFtCZxNa50stcUo5g8hixh63XFN
-t9X7L0GtyyijNYqdkfadbL8Lj32vfiVa38OUEWx99xuJdDwc702eAiIiGuBf
-u/Yv+eMTab4UNwdR/Gz8PMKmPhHcipvIuRXD5rXY1pFyO6lu7Sr8/xyFJuTa
-8xsdozD3TyCYf+CPwi3/lUehFWqkUbHGGqktmLW324JZL3a/FrP2fgfMqvcv
-9Snuo9C71jiq0Tr6sZQWz/opKFGW/njNpH/DWTdO4VHH3XjrUSdOynjbWbcx
-1xfPvvasn/4OZ93sQ/vVp73nn/aWvtxfc+L79Rbdv+GcHdg/6oSd5x8427bW
-1y2H/HTYcsjfDr/2kPd/h0NubyP81Qdd6wfX0ur8McykjQ9cbIY/3bzLP+z9
-dXV0cPaPF68/fv9fbz89nb759vZlvF++/+Xkefrv1e7d+X9MfEw5CLut/dON
-MPS1yLP9cB/Aou0vPoBOD0niBy14dDD8ajw6+B3wqNZk+qsRaN9HoC3N6f+p
-joKPPhX0Ro/Cz+ya8+oCwmYCbjK2nWSgNWfnH3GkZQCjYYfewUZiX7bqCU73
-O9vjjiT5EdlWpcYGFk+fYM5TzSTer/s39blQmnL09Qc7Al1S1km3tJ6/p4G1
-qTNjsyFSSV44MAG82sLAOOhv0zi4r9oitTtq1Zge2WTd6k0PdFqXBx/Tbl0e
-fWzPdXl8e+P1n8WckJGFWwI46j3n05JD1rF4RVJsTDsRx8PJlUgXC8f/i9m5
-j7vA5J/ngBEcm/uFqy3cac/4QAv3wBShJ6WTvRuCLxicwF2ctLC9OEZ9A28g
-AyjuzbRFjtFwn45s9zuT681j/ZCnW4MArJ5KzjFMAuEw4pa+d3ILqIwnlwqv
-db9r1+O5Bza1iSYsCJ0/f0eUcD9o4GjoYWLQ5QJ2+qfLp+P4fnr48SKFGwBI
-sGlMuFObsIG+XuPmnsMq8Vs0lK4eZyht6ZdrDOeP7rBbe+O3N9hFoblN9X7h
-q943wwTuxYR40P5j5Knf1mDXg7HHBZmduMvYu09Pqz37dJvcBY/6MjY19m1p
-x/0VFiynn5HEldzlpp+f16aVIoScruSEwhq0bVDVrzzqt3Hd3sz9SXg4+Zjl
-d3jsHCKx1avKDh6KkZYOu5zGiiQAV0Pp0JpNlhZOjmm8CCh6M2/pLoUEQixj
-3DrU7a4mqWUmrSy/aWbZmoSMbGq/PC9yeFYyv5wM2PCBDNhG6ZRAS6ekpWTF
-Bv8HsdE69JohAQA=
+H4sIAAAAAAAAA9W923bbVpYo+o6vQNMPIasJSZQl26Er1VuW5Fgpy1ZJclzp
+SoYaJEESMQmwAFAyW3GP8xHnA/a37E85X3LmdV0AULZTeTgnoyqxQWBd5ppr
+3i9RFAVVWi2SYdg5/ZiM11WaZ+FxnlXJxyq8zj8kWRlO8yI8ScuqSEfrKpmE
+R7Mkq9Jx+D4vPkwX+V3ZCeLRqEhuYZD3Z+dXp2FjqE4wjqtklhebYVhWk2CS
+j7N4CbNOinhaRVmSZckyzrLoLl2WSZTo99GYv4/29oJyPVqmZQlPq80KPj07
+vX4ZZOvlKCmGwQSGHwawgsdBXCQxrOQKhijSatMJ7mCdsyJfr3R9neBDsoGn
+k2EQhlFoZgtlNnqKXy3yeBKmE9xutaGnsez9TvfOT9eTtAqrIk4X9Pdxvlwt
+0jgbJ/TXIpmtFzGCrtyUVbIsgyBeV/O8oPnh/2E4XS8WDJHjeQGwho/DNwoV
+eiMvZnGW/neMC4XNZ5NklWS4tPAyKZO4GM+Tgl6ET9LFMEyTavq/DGB3JkkQ
+ZHmxhO9vE5z38uXx08PBof3jU/vHb+0fn8kfvz18sq9/HAz28I9n0ckOziKH
+hktoeVzul9GqyKt8nC+GQZBm09oqHh8e6sjPnnz7WCc52B/oaFmqU6QRHUCk
+Z4JvXF2cvXx5OqS9Ky7T4SfhRZFP1mM62jP5InxZAJjx+AivT2+TYpNnSdjl
+YXodHicuZkk1DOdVtSqHu7vlKp1Ok5003wXMLXfxMMtKnkbxKF9XuzmMdJsm
+d7s0AOFjOI0XJaLA6bvo6Cw6Or72V3nJeIHL656+64X7e/sHu4Mnz74N82lY
+zZPwdF3kqwRQ4SIuAJ+WeNpxNtGfj/N1Nk4X4SLepNksnOR3WTiPi2WepSUg
+W7FeJGUIg8dFlU7TcRovwhQQfLFIAYhj2POR/eHM/eFoXG0BRLIuokXycSfB
+lcXwn91kke4Cgu+axTv7x2fR3pNo8JgeWqTHfyJE6eHWPerm6qB4lwG8YIiX
+J0fR/uD45eVg4EP1Gv8b7g/6MMQkwe9fJpOkgD1aeJd9nK4K4dvwdJGMqwJg
+NoYXxkAVyufus6t0lsUVYFPZDpG7u7udZDwtdmb57S5gXQEb2KW1wPJ2x/N4
+VSVFdLYL5Ev/crS7gsmjwaAFVbZA6d3O1U74Ms8nBJuTYj0LjybLNEOyTDuC
+18/PXp6dRGdnPjhO0gL2AtcNTmNwsPvkcPf03VfiF6DQMi4+JFUJ+BNO0wwo
+GyMTzL7Gr8qwe57C7OHZ2VchziQtdmVZHtoMAG0Oo8HhH482J28vjz57C/d3
+9w8PD3Dfk3SWVrBVGIThDH8GVEgXKV0UJCE4jYVJCcCGh12c5/fcIZ7av0P7
+0QD+d/DHAwPo0vnJ5efAMXi6+/TgkLAgmaRj2OQkuU3HCR76yeXv2CQP6B/4
+02gPz/yP3+Pbi9M316evT89Pry9/8rf6FjjodbJIlklVbMKrVTJGakh7b98U
+jIxkkj8w3KCED8vdHH5oo/1btnO8yNeT8A0xQtjDcgUSCNDwl7CbiV5ow0nL
+cVpVxGDTCvALiJHHaHOcIQJCkJUxcbuoIslNX9r2ewToywwVXg2iCASZEdKT
+cRUE1/O0BI4ypusNBw4YDge+VUbsnh5fl70+nAiIUxU8wR1UOR3Je5WkDA8G
+KnK+XlRpeEXyUHia3aZAbYWSkIzWC9zt0kWbODJoQw7DMY2cFSTOgDuA57C4
+EISQW5AbwhIIejLph0i7aHDglEz3CYfi8kNgJUJ4nBT9cJUv0vEmTG7jxZrv
+BrB8kPKSsk9IaAU+GBZWEMTjIi/LgKWVKmco42vLdSYoBut6sWFoTfDoWXRu
+ACsQCN+l1bwpqobjRQyiEe7+h6u3b8L3yYiPJOz+8P66F7Cw1YdzgOMsXQwP
+kyweoYDQkE5DODeQIbMK/h84UHKkXHhnHldhuV6t8qJytw9SkJliJyDAr8sk
+jOH0kA/hMOPNGKAZzop4NQdCefR9z54Fzl0kKyCxCC86DBV0xylCm4/qgQMJ
+YV1JPJ4Dzo5TQsNVDnvhc0LxB+atEgbnFpAbpH5/BiBcl3g6iMglUB1CH3yw
+BOFiwYdfbFZVTtuBba2KdJnirUbEOwqz5C54dX19Ec6TGFAJOEWymPQDc5Ei
+uUj9EO8bXbMJsxW8rghdnIzgGC/ybFYCCgN+oopgcIaHNogOChDAG27OPCNq
+PVqnC8Kw0SIff6CTC+TkAKBwn+CeA9yyvApHcDerMllMEb9gigouW989XgRb
+IBgD2lw4VWm63GEKskwnkwXoGo9QojTiN/z9UXieA1iYtgF5+d10wUwZ3t+3
+qCCfPulNB9TOR+uyMqocaV1ENxhlqjlohbP5ZxCAzlhfCUClACphfr+47gHY
+aTd0FCUqAeMEr7z8MVTlJ2gs11WNYNlKZOf5nVlyGTprhoNHxM7hQREyhQnh
+gBchCJYgi4UWU3W5kdkRbCIwT2kTEdMJBznxDF/ld8ktkryG/kv4l1hciScT
+uKalpUlA9MbAvqp4BOJRtQG4/DXL73BJd/M8BAEKiRESANBIWCkzY/GtDu6Q
+qNzFyHgywDv6q9x0fBqvAA2RdMP1uJsnBAZH1S6Sf66ByDC23CVwC4Q84Jw1
+ohASUYD9Xhrq5/IMwMRxkcQIz8UGPlot8g2eRJ7ly3xdMvthIhiMc1g6yH9A
+VORMXFUd7x/x9CIlikD4vQIFxV4ii9Fl+P/8X/83zr1Y04W9vzea46dPffir
+o/TwA5X54W8B4un9PQqegEw4kADE4XR9JuJI+F2mhztbEuNU+ETL+AOuAMe0
+TKdbJglMQd9HdgMwHVKsGL4GnrEAWC7hqODz3s42QcKVE0KVE+gGeWyfACyI
+lpT01ixehaOkuksAd1tw1F1vEyFlCudK6Vk+ZxZpFyXgYZyE9wENUoAfkCh6
+IoIBzldHU4N1sPujUtYGdB/Zj9Cs7RYNPFa+02KLgm+awk6WJBPi0yPguHBg
+eJ64FGKcxS1MzbwgUKEnBtkdqAToi0v8TO8u7dm5N8wWPYYWxGW5LvCCIXkA
+Mg7EA6Zbhlco6OBHeMYFIAbAi44HoQj8CXcr+jDe3CKH+5eUzOD1zsnOApE8
+QAodPHhKPrcSWcCcEEvbgDkAPzou4sBAw4kjwEcdMl3Cs7QUqTz972TSoVFh
+QPrevMNoBIu8Bikk/Hs/hFsMBOeCD/qnPg4K7A1vydt1BfJ7+J87nSDYh0nf
+5CgG4qWfOHAnqAgA2oUYNvRtE2SYZiFY4TSRjIhUqWgBx/OYJ2+b0ztUAtAi
+zT4Q/QSMZ4aITAKXUOSLxSgGWUGnphEAWrMUCRpTb0SHUxVE8hHinVw0eDkH
+EbFcw+KRmDtyO2oX8D7wQk8vs0yb0ZmHIaE/Ga1nMyVFaNoCioMjMCYQHuin
+viDm4C1waJ4XdbMYTx9PuwkRVQ1w0CoGwBRRcks3k286Pge5gt7C1bmSEEvH
+5RjE6iLN5a5cjUFlpE+PkHeNBUBbqCIqYSRLbFGzSMvqhSzTh937e6CSEf/t
+06cefAuytCNKkxSJuGsk6A2TLQQEfD2JZxGgXsr6Jo8g2A03dfyB0Y1xFT+5
+TWOHPn5INiWOwkgcsR7Cg5yJlI2vEUGx1N0QasPzAOFgFKaGqf2QRzry5BO2
+2B5fW9kYP0XlPOIX5CM6CWBDM/gEhyym8TgJPfEAvuMXIvMCfkxy6RSwn+UW
+lKThOiKLLM1J4kO4XRPkcyAv077o5IwYWRMzSfHQfROuIgARh6Pwr8RX5H7o
+y8s4g5tNpBXwoUARdpKjRhYmJfLetJwb84f37jGweJwH7uginSaoaCXuG4iS
+l4mYQOfpCm/1pUXhYytLBa2ahMNDkOaOgYu3qICwRTjEZRmMZLuEPa4Qsu3m
+Oaxb2K/qNHLTYUQALaDKAsm51VHqKgqAZtOqpgAWTEEyhPeIG1fuNYQre1wb
+huiv80lhjWOCTnVpL0C+DfSzFKMBKa0ABfgabcj90N44pikzdBxkNOUSJE58
+KRglmxx+Ip2T8I6MW3UNXhQPZ5tmpWVQ3xydJeI6EIIJafisjSU0CxM174r0
+A6KCOVsY+MBTgA79anRSZBwlyDYkm5WJAyBiD67dhSnpmDZDY7rnbQkTiTFE
+UwLLGHmrG0WD1Hq/AHfI5LDhFeJmZHDHimNkgnxMEsmE2FJSjuHaIT6aTxsT
+k0AHmIi2C9I7zKvMe6cxoAk67zaOggM/B2QGmgirlJOq8CoDFsLBZCh9ASCQ
+mokJh7dEDhscoOVlwgcxP/D0sWAJE06kL/xaMAJxCykmqy6EAI5+g8wJWcst
+HiVyd3IqIBNK6e9MB4HCo2wBS+qcv7u67vT5v+Gbt/Tny9O/vTu7PD3BP1+9
+Onr92vwhkDeuXr199/rE/sl+efz2/Pz0zQl/DE9D71HQOT/6qcPXo/P24vrs
+7Zuj153GfSWUZhmYiDgIvwTyMjBHi9+8OL74P/97cACS979dvjzeHwy+BWmD
+//Js8PQA/gK6pFzGPIOD5L+SQAlyaxIXJHKhSB6v0BmANj/A/Dm52+C+ATT/
+9A+EzC/D8M+j8Wpw8Bd5gBv2HirMvIcEs+aTxscMxJZHLdMYaHrPa5D213v0
+k/d3hbvz8M//ASJjEkaDZ//xl6DOK+EAlswx1mULcQUOSYL1MBgiV3d0aVXi
++nwp2QKmjBWkgy1WHrm1IqWXJOmwlZQEZEcoRvmdpkVOO0YkAVE+Ja5uBWjh
+aID8a5S90wwE+lJ0KhTzE/T05yTnI2U7UWvmkVgzv7fWTJ6LzZtWGjNWTQLW
+NrHsDhEKZkLZhKFp7aYkgIbE1EXFIgn8AVGRV1IzDN/fi5PfmJwmzFcbFmLS
+vkNjKKBFW6LKyn7pEOw2cyzqwCSPvSZxS49/hVuP8LqBSr1crtkkschndCpw
+14h1NE4TAAULKhM6PKMO9xnlUDpsCOS+dR4+9g3UgQi8x0bgZZg5qpaZm84G
+HmzdLCgWBlywHl19hpuBqbaYGdnKyNOykDy2YhwxTyT35pp8U1ph0sCHmAXM
+zWKiO5djr2RzpTvRiuyA8L9VjvYVMcbgqw5A/7kGqTNaJLcJBrf4si3eLpJP
+T2hibxM5wHtV+XgfZ1uMYxsR2/B05zFyaLPJFPQ4NLUQFwapn70laMSQ0A/A
+aP7Dp0/weeXIywiItEL2ySsDaBWTCJ3vcHw8Ol171l4TxuW4wuCOUq1SViQN
+CTfpGvQdwTaeTFLZTM3ehFyWgXHkGrVc9ej+UVPzITGdv3PcgcF1u4lsmxHc
+1Sk/Y+AmGJCJpB3PYOc+pqk60u2chfGSA8LCvxPNd3/+qdNzJ2+azt2ZHRQU
+UWdVkIAKs6MkAup8Pk5JqGJUIcMOrkAkbvoG30S0lSXRAsjkGs3zVV0xQ4WW
+ZKoHjPYt/Mc329f5oCt1utggNjsk6USPSI5GxK/ywOrHvprpmNmZSG8xytMh
+XxpFnQxiYjCz5rDc6OJp4RnX0OZjjtod5wucbABVhLB4C309zwGFGlOj8HWa
+kWHZszshnVGTkxiXPIMT8Xa6FqfG/nCO/jdRMdiJKiAEMOGVZGqz9TQW8SYp
+AjUkkwytIKWfjGgds+GGxqBfANj/8z//A/g4TlO4bFXw79FX//PvwW9q5nxN
+s3X1ZvbCrf/8hh/hZ9fD0L94XY5EG+7uVpNdOvjdj72O+80Ff8NX7eErgx/9
+ri1tXfaWH25/N+RQaxK4WfnnyDvgXvgPsrFhVMcvAgX4DOPDrBiDup/rXgYN
+HLQ8H9z8j38VyAclPF/ZfUe/+v847N6umFkNQ1cuAwQ0UhgTgJ5ZAoGhQxcN
+lARUt1h8YzsCevMcg1vnX4EC3Kvgfhg+mqaziO5aybE635m4Yr39HkMlVCg7
+n8Ss6vpw1uo2EvLqOu/7QjfK8If3qoWLt99Y7/EXGU8IhyM+98UCx8SvFI1F
+BJ/S8eO5XJGFjBohn6bsfX30yJMOLlAKLUFIcMSDiETTEjZ7RIKljWkoP29s
+NS5vtBFYnmXseo4JGkb+4a0JLgg7H1JAcRCdYCRQ9UJSb429ifn1egSXRNi1
+3RfMni+tyeQbhBOKw2gnloVaK0XZ5ygumL0Dgl9HrE+i52IkidkeSiVNKBrr
+uJEOz04cAbG3426QNjHSkCALPgr0EPGjJnyILNS6Hx3W2GgWM2Bh1XwZdj1Q
+wnMHlD1aBowLyx7LwOZDq0snNQGYJ30PXJyuIBHvZfyBfatkNBfRnS+pBA3M
+yJeBp9+IQNHlpRhUUBTorzQRJzWECiReoMEKad5LmZfOXb1psAj+4wuMSmvE
+JwyRavwZJTrLio7+giGK9WXymwjmwhd4UL2f/MWjIY5rwFASWuIr3upVBRIH
+DICkgyHZKq2KsIpOw1tQeYlIrkB6+Ixk2FcZTLCX6QEIGlVgAcvofE1EAdVE
+Zm6ukmr9ncyqAjYQsq9X7Kkxcvjn5uqkZZuJNMWFByr0kluUbixi+A6LsQDS
+JL219sWunFlPRiDLCFsrjK/2WiJzWDrqDcMf9VU5xhaNFREQz9FT1khM8bbe
+D9Op7BOwdiUJDp8B+w77YBEOXd+nD2uTCG/BGMFNcuzXvPicSmHZvXX0I4wm
+Gp1mDTHoelVeCqtmkpZMYM6jFRt2EeoCxgm7sVjDJPZJ8zELJb1xm13nJZO3
++0eO749ZwZYPEGtbYwNdThYIBYy9l03oO35wZT84BPXSxhqhzwRDRq9ga/FC
+NHsABnzCQ3k/hGoXRbprrAwoXDD7I0Ip1/P+0a85HK/49hhD63yJhkNxNhYq
+abmaobBCp34tQY2+B0ATAcaMp6v9wyedPj6pNit8YtOP/v3Xu4p/QsYHP3GY
+RhzBZYnSSTTYf9wJPvnUhlckdMYsVDZz+jFGrQ9JDUyP9gg1Bot3QEPNSwP1
+GhsAdCEvjdzyHQz5x9238Y3tLCMMz4z2yZoWDaJ+PIKJOelncJ14dQQzNJ/B
+jUi8Q+xkoIF24LWrzRIDo9H1rusAPT/Zme30w1c4LILz1dXjZwf498PBfq+B
+DGQDJklTY5fiUkdF05DJxSCsgYmjIlnB9VFjFBxjDbKGxSfECOsnjM8mHMOw
+Tss5B82EzLqYZaIEiAlnZZ+sw/CuiZOxktbY+FIoLCCkLxxpiaCGGA7I1HL0
+NYFJxSq9YZZM08JweF/6MOf1lM7rnVgLhNgUpEwv8vxDuF4J6RWXljc0QNTi
+Xs1MijcTAHHMriq4mHeVuvztvVzFG2Kdch3LcJRrkG2E+j4MhqzTE65F7Pbj
+zGrBzQ9aqWlxj5CV20F5mXXLTMu8njFcUUWjj9MswFDIDemNQZCyFdE5uqsK
+bfZvi3eXZxRpBP/VY9zo2bH1Ut1yofD4bZJvaoSFEYsG1hpnMt1QoDW0jpjB
+fxn1/8/EUCNmqH/Z/TOAfP6X/+qrcKmL6pTrkYrWYmxzZVmMIcoiFbKdJZL+
+h0I4Xw3cbzmeJ2gQ0nsO0tUV/PC6ZFP9u8s3w3fvcMVWz0EZHHjedmCiPQgk
+0Ji8mT6Qr+fWi8229nSVwsjdsmcyQAjCL5JxjCtlLzVad5G0EEKSs5BjpxAw
+SVnGM7X9kiYr1ipWRTrwrKaGOOzGmM74nonzgoQddopjQGsKj4yTOjEoAN+u
+MNkiJf0pRetDjEkb8PxP8L8/kfaHRkl2RoDGmiI6/ulPQ3JRimMBGTyhK9Os
+jAUrkd/ISk5RrEmY4Y0SBUA2pfe0MgbDb1jwaRoaTbCBLyAasVBFTw0hQ9y8
+i1HUSisVdCQkBy74KJnHi6meGN+RHbNxdq7hzuULm/rbtnn8sWLVDP5hf9li
+40lXOrVgaTxFohyHv+YkzYZxZXdNrh620CJ56bUAS3fiCLZ28WxtxllROK+v
+d4ny7siRA4GmEVKqROwckzFBmlAmR6TXZSnRijM5d7o3slgK+ieUd3CUYcBv
+//yPjqEdCQsoO7B3sSHiUjryZvt7HLe5K6afn3/BYPhTtAsr6+FIMkEqjiEB
+MoKec2vBJh97qTSNNkDgBCLJYY7AR0kZwePq2RA745BzvKkUPuEy8aXGW8sg
+rJLx1cbxLCpjwDdFmmLOBo7hqvryNc10dkKL7cCzjpGO8Cw0Ssd+T3ezIttz
+oW4rHI5Tc+MRWmNHMbJrDDWh7ehFQqoBI4wSvfjwEkWHVzX1Tm8Rr4EljdBQ
+J1m4CNggKNXI7pv1Eo5qfAJb1yiVdJmgff9unopYScsB6kn3dIIipHJ8dQ3H
+emNMyEs/LHmrHZhTloWCDSbW4uHQpajmiQnixTgbOgGJv+QXfJfzKJnFyPCT
+j3Uxr7kNeCcVMxrtyOEOLTKwUHaSEvEI4ZwO8V+Dw3CZZhRgwESDtoMSGEhU
+mOgje1iB8gtHlk3IT5xiOLaKHexFjUH5IMPBGJNwUJb9AFgi8QVjdHwhdsBC
+RRP3hJVONpp2wu4bAMuLBMZLesKQOJLVWIkI8Ucu5xPo1k+nNC4mCkdDF3yC
+UnSy2ARrUBfoqNFhDqv5tUpbWTWJPLNFPiL30jpL/7lOaoY4l7QJcyB40bG6
+jBbWTlKCCDQklWHFARJnr1L23JPDibFORDTUvmMi9piZwo7ZDqy3E6o/t3SX
+wK5tZ4ldPhs6vEmC5mSk+LVlmtcxUpVqYRx9r9fKBtwZioAk8JK4JBJbMZP+
+CkMHEsp4NwelVpY5R4V7AdgxATaAjqiS0hqMkcTBYqJGiF9oJ8G7AaoM3Pe0
+tAYSPgOKFkPCg67EiVCcwDK353y1zOfxqPG1MpUEizWMibOag5YcF6ULZZVT
+BNSjR202i/tHeHl9TcEK5CKDU5TLQyI+iER3rDdpUJKPhIZtO0dLvIaqfuAl
+WIjplg4AhClHLDKBQgJWA03DWQk1yRFssTKg6MIbQL5tdwO3KmlOGodNSqGz
+RglTw0jg0GQxCDey0YQis3SETtyAloWEi40TEk2a3JTxNKk2GE43jhdjSq+4
+meQo2RJGAulIhgxapRzInlCSZncQnCzWH5mEHd1YJwTEmzMoAV3oCQLuNk8n
+pEEuFpyWYJgkv9M9wgx4pVBFMkOVuaCzVSBinQ8CIlyYGvyOVO4vCZAYAHzh
+8F5HkCHx34ktwWvpOvNUFEmY0JvzpJXi7TPWDDKgwki3ab4ujbU0UYPsURYm
+yxVKKrQ2uISck4LRMGGR57I0AkOW19fgoCdqTyKZoeJhMsF0iFLukcQknVq/
+u3V8/RXD7u8f+VH3Joyp1VVfWCclEsRaCD8TGwpB6KC8F+YjpFaUXqBv2uh+
+QmxAog9JsirVxISpd+aU5VJP8/Fa5Bo/K6FV0+8HNabpKp2cr6S2WWv1jzkP
+ivKs6jEY3hZdAoMEvBHXAASmAw87iIveBXYuqwalyCpAgBPtzs34CkIpCZFK
+uJxe3vEipRD6G0xAgdvFN5nGurkd0BUVL5BjgGA6DW/daB6OS+93eNH2t8bq
+4T3AsdrKvaBqj+IF1lqG7FQ+E4HSOeHUmCAVU0801ToMf3RfLzaSIRKZvEL9
+gXGpZnJRuZAOw90qKgMpBcTJcmIsgcAqV4eSy24TtNJet+0TE5HGhCgeZxeV
+L3ZTwRDXiM4SUvHwzL0fGH5KOY901e3LogCEsseyQiPAyLmJlDFZz08Uly5l
+WbPa5Z8+nIkzBdITiVAmw70IJY5/hUUSa0yJUVsu0T/HOgGnf1PUM67HDcoR
+vU/jcij4HVMDxNgqBCtkJ0ppLbkCPoEu00QQ6haWDDryvKo+saOnsIDUun3A
+CLt9c0ArLqBwM18v4+wGyXhyt/WwTNoGvc2z/LqezIhFjEi41i2IeNG+P+eM
+rCbGHiE40XTRADWrozHPG/IqxaFl1ajMwWab9+fbg5W04JHz5ww7gsd7e30o
+et6HH+XzjKy1iAi+8bhvD/XFvWIelIl9tflhJO1q2Q3fWFhze8qnRJHzzAb5
+utUmQqOpeNUmlNSJPFo4pM4zDKpJQUiX/K3LVgpEYJCqQA/rBWKLsPnhDoFU
+cDUEQhuE4NliWWfRTGc/gtoXsDT5me6b1X0pf3IaPBBDzduzURoUCkjqueYY
+4dEGwuP6fsZlbmwexHptSnwtuW2HmCjjDjkkCB/zVVzT61xslDTuAhOfeP3P
+JaISkLxKx6xnyrEtjbHCelp52Zg7YMX/ZFvWSlNtX8agr2J5kWxj7no2wySF
+vHCiXoQLv7042gVkzfvhcQK6dT/8+9Hx+et+gJRvDYrMMizzBWF82dO0pYnN
++GkP+HYygAxtFw7J8hQhvIofZPIRMe8Ec1HPTObO/SOUDSKTyvMZrUnTqmzq
+jxc0oMmfgZPJIOkL5joDEUpAfxCnAKfGUvUPqtO3ugHtdL5d6/KzbfFdY8/F
+KWm8PgtES4ypJuGzg+9Fxj84RA7w5GBdLCLAqBxgF+ELHWuk7JTzONo/fDLM
+DkZ/m/00P5++fx+/jv45+/hj8beX8dufb64/lsXxwVm59+OgfDk6uTuezTpS
+lAO+p3U5flGLx1a/A8AmxRhWIvqABiyhnejozVH4hhSjM61cCNB9haMemVEv
+jbQj4p4sumN28PjZQUeeHw72aX0PumHNCKhkwNE5AVDmJ2A0C9TWY5Su8wxN
+xM5GWT8iZjfZNhvyM5RFV1UNTmShS+IPqv1dvTrCKXV/5yeHfXo20Oon9LlA
+VKg4UR9MbmRSF9+FOfDtqmxiCdwHQMffjW6M1gbfavV6xKRE9i4DHS8XGNFS
+0b0jd/O4lhYfXmp88v0jV0qyl7TxRSOi2VPE7CpJRAskyzKvxdR5IdBGfHV0
+dP3O5LwJY7GCmpeC6OSyOpZhoqPzGKPwYwo1ryhIHM30MNWqQ4bJ5yTFOGZV
+LseiiRKBR37EFGqNrkJZJLc+JzcAGS/IBYCiTN2k5uoZvpVJlLuSzEs1FRUN
+M1UNi96SRiuavFENRc+lIgPkL42UdyMCM5HlqKuHvM+Nm6WyhaSqUtEIMuY6
+U8vodF/SWZaz2X+JMoQYWIgDGxNLaSqeTNAJQ3CSaNK+U28Nv0EjTumSCyTy
+RZloTgasSYr7MYXtADbvGJcOccEbqlHV6RlrT8tCAj++bILZQWRuNKshqSUn
+swr5XUbMpzEtl8zdt4nYY0tQvPqah0GBQjAMBQ4Z844w3WnTSmETIEMcF748
+2Pv2CZxVpaXZ8BMcLQDJqxLTAigljo31MwMeBpT7VLYQUXmZVRLPuktD0jEH
+PIwmSJPToPwai0Ur3gWiri1zytUKkXuVjtubJ7NjSRYmDIdOpj4CckMflnNk
+N4w1rlzgoAwcwjT9SOErTTMTl4HgukC1UhB0tVAyYsE0tY4Ho9kwvzXSYo/C
+j9kUY2n/hWNysfx7R9782TGANL5pimxoxLc6Vt/RJ0nDVWXyZ9Ymf1Z1smen
+s0pITQU5q6kfkkxuwghzZ81IUEssMQKj1HxXDfebGceADY0Wy3iSUHwkhy+N
+VaVD/xSc1FunYOkyqWKS7vCwGMTIQHgVP98sy86Q5VCAqhNxG07Whaox4TJF
+EgDcK5uUtA1TxAcOgPDEBb9TVEJTxYxAB5wJK0og7LlsaoJ/XKIJJC42AmkK
+0P/5BvGwdrJHZ7vnr6X6nvxMX9xxoh+uZ7SBD47aA0jOvGgNIta1nEATt+GE
+7wjBljzBifqTgCf7tnXy9y6mEXLRAmDznO6Ajb4NZZUo1VGaoYS56uIprXy9
+mEhQg+fmlRBN9uRGJLL8fAMLA1pqqpY6cCLtokSiUqW3iJX+q3gP1LFAMWDk
+OsizaSqpp3w3UI+k28HH4oo+eDdYvIRpX+T5IomJHap53JRoMyYLdojHn8v9
+ap0J/afu9q7c6p34Y4jqgxbkFRHUymNjh+fRFYQbBeiV5guZIYX/swQC16KA
+u4U7Dl1G6iS2ueEUrpNkWiQJBeWGUkYebRtA+ZbA08LU0R8AVh9AK1fCSYqf
+vKjVbzjo7ljNISgFSQhpnXekrv/dC8QTvl4Pf8XEiuGWiA6O/FBzNSswGFjw
+8PvqfaLRgQANw8HTp/t7Tw4Gh3v0EKVI8/CpPEQnDIx7eLiXPDvY24uS/W9H
+0cFgchDFTwdPooODJ08ODw/gl70BDI1f3Eks7t5oMN6fPI6Sg+lh9OTps2+j
+eDSeRMl0b7D/+OAQn3RkXhGUh4jNyDDhNsEBJ3FlnWgogA/Df/zCcxhVYPhZ
+5bNV96QhVZ9xB3l9HO/F+7/efMxvDpd77569un7x4s2LN8ev//7iw+xpNIt+
+WiXp9z8sD58cyHZRihiG94GaQnE040lgtEfDp/oR9iVYp+YWcGyKzu8OG2s/
+WR7VoELEhhV3CJeJ6XkfHMoLBHl8g/nLvvnBMA7LNyxP4FeIujvE32w6MpuO
+bg929lE7/lSLwkaBI0JxTOKwvRt0IRfDCcZ+FLoZIdemstT9I7ewlCSf1lNm
+5KuXKDC3GgDV5EeKTPPzemHYgH3Mg8GeiE/NKrCqCbBRTwRJdwwRqlLro8fi
+wO+vNFDfj8cP3JALju0XVZGHkZhn0dqxzN+LuskGNbcKGR/GO1cssYL0keYT
+ELV2QI8Yz2OMc+QUtyNNViql7nG8NVFJTcflwwlL9WQat6avSTCSlCUmhcH3
+p9fhbrxKhXBFZM+m49gd7AyCV3lZDUP5jZay49yMoCV7Kdn8MB99P053dnYw
+gnZnp7lc7yX0LMNLjWQlmcZLVtJ8KnKm4Hky1pmkpXqIG3shKMWXbMAmnNoN
+exCY9wPz9Vb4MlYtCI8lAVQOZtKnoJwA88U2fJaKBZ9FPGs3l8yrQoJmNCAK
+03E/tzYMHaoC1qMBm27TCSe7S7StiRhaiRXKFOLC4O77e9dkQXh/NiVTssCI
+vDZU48RPSkJsNKt1InyM06Ew8JW7JBVLNLAgqIcTSlAN+kRk4InGb5lQJ3a2
+MzELZEAZx8thtjlq2p2gFrT7TRn4rilKOEIv/Y+mNhlZo73ygEQB30qTE8m7
+J1EnDh8qhiNRjXQSJAO6IVOwKw9nNTeNvZYkdGvAgZG+tKQpCT3b6shJ2BtA
+qFlhrB9Q5XMCB/qY8sLU5Mx4Fg/U1m+JmisjVkD6gYq/qCADtwWUFZu7VB82
+tj5xKxpRPtBgD4S5BTE5vG2V5BmadyrfBEYRoEnKJDILvNhmOWwfMzQIkFEq
+zfAWs2TpnPUlRqPKPXRwxWxXPD3kL07b7Miy6qDy5NLa7soqWWmF12tGfGzS
+IDFn7K/lqDi2aap9XiILa5mDUpaB8kmoZka3mictkWDEjUhulPJt/LncUgtY
+UKRrEXE9pQfGJW+Myiyl0Fo1eo8LrdrsZV29mhckK1FimahuKl6CIXcgqgc3
+AbUtK8eRRCZiG94tSW+a28WEnUPMKMTaJQLWikoD8G67gkNO0FPdeWWxStGH
+vmcU4ngDEydlka1niahL46TiKucFrLPJg3DCTMrrZAlST7wI38qtFfxwgonx
+chPs3IkkiCbUpLIZhRSLelYPRxY7jRYppgFWi7X61Ukbnq0LG7bLQbsVqLpU
+WDbsOsXUhuHjvVAMJKQ6IuGiw+gTISYKyEsdhv8lLntYTPhnkI/SxYT+zIUg
+aK4bnOvGzPVfGp1tJpfgEU6Fs8ujEXwh8TnG2pos4tkaGDQwUdJoQbkP0WKI
+LW4E0nxK5AJT+Z57D6B16th/l2N00mVcpIuNGy4aqivXD/7qylkliv8NI3+v
+L4U+aRC7gna8YgU+kULWTMDjVFPccYQtOHaAliTmViS/vbR17BAjsJ6+Q0Ud
+nqV+s4DzdUGXIMuFxPUrKsGs35RMIWThXLeNmzxUtArWdR64B4eWXtTirIY1
+WMh0jh1bEZhTVuKH44jyQnS6tkCaftvGrP/JXDgNi6zZd/pOBJHjlSJibENw
+eC7rqvqct5KJsnzqxIDWQ40QAmmmpTxZzmSYSaJTM8AIsc8qzCp+kPGZ4jbE
+60VfmySGlnMwwHfiXuBQn1AxalsyDUOlOal0DGh44UpDJhMQ9Rsbxx2yX9Or
+tIWcLa9X5yKWxWbkOJxSDzSx/IUcEp1KFWCMQqfoc1NemPDvUUMoNB7vuglq
+VSbrSU4WOPVDlub6OzKAkb+lcoT9LpiuMzbSmZBmEEC7VHYV/nVDxKHfShp7
+WFFidze8AgEjHAwdoYLjlNDsOLWD7OjJ4OA7cEVpgh1g/r2hwAZoFQCjKPKi
+S3ncIKn4fL7TC5w5983BWbpGridlYg5ppfhTevkmJV6Lc1MYtI3kCr9zVjtL
+qq75oMdXzRAmxNf1YqG9pfyVu3HTiNXEeYdhJ/z3cNuAxIT+QtMzP2oF+JdN
+l2CfLmW9Qj98uD0ehsdEFU3uRdhlOauI0fhDZayXaYWLxKLZKBF9hwJut0fB
+DRTd+h2i7w1RV/9AVxjh46COjCBxjY1/lvHHG6oWD2/fmGkBMjIPFpLAjbJE
+pI/gwiVtWHOcFhiEX/hFPsX3yIlD7BdE03oQmM8pVLUEYdxcB7s77kZ2Qxs0
+B1i6e2zbmm6bNkjzE5rDxuSXHXTAdnt47OaVti2dxx/T5Rr0PQFS/ZTcDbXg
+uV3x0Mc5/P2770K7uxp6IYibX6SZrl9fF1rP7+re4smkfnt+zx0DdPbvWQP1
+modTR8AteLfljOTtL8c/B2L8s0UqbkXn2pp83V6tTTVqf2GIc0eC0Ma12yoY
+ILTeIAaXvsW0Bu68g3zLFbK/UbVfIxtZ1/7I1T7Dt90f1Wzwo5gxpc8vhTDr
+LFlOLZ5QrmZrh5aZap3KsTvApC8RfTcrKmpvu6oQ7SnnlISAnEtT8tMySKbY
+J5WDEJ2oBrjYabzACqpaOFKaJKCoQ3ERQOZAvLpD6ySPWFeghcuL7IytPWr3
+LKjfM1/rGOzBPwwMUb5Ie6M3YeEEH2uDqJ+gWjkczdWIHYGRRbdGPoxx8Mag
+jH8lxSi0pdWweGOiSwqQCLJJnFWWolAmjFN/Brkpl6750Y0yun/kWfDYruG+
+cKHyRr1Slui0pbVrVJ4pI/RMGX5sExky6nWQgPtJcbLtFk/YMaJGLBYmp4xN
+XyjTRgphw3ZtKQ48I9C+UNVDO6ZrqWejwo+1AvhUzUatt7YICUbP18qfiLbd
+GIAqlLUNQNIxFXzhthYsB1Od0rBs1n8RTcuMn0gducbQjoYVhx+y/C6TTgkM
+GL8AitR+dUJ4akV/DykEAZaS3Lql6fw6K2wZouVYU5eeIMvZ5ghqcIdzZUw/
+3NkXmb4OQq0Bt21KlLlJ0cVgKqbdt4Dgk6272qIUqYTLmiTM9k1JQxlchQ24
+neHcMb/BPC5WtJ12IabHh3jLxwl3iUbdzhkZLVT98O3x1QUjL9x1iYnnKUZr
+bJESrlcoy1PNj6c1TGhHMipUohylVs9ItNpmGbxntaGd0oHueC11T+B7NqzV
+ygtbXPWKpH1b34MtDuIViND6B99wsQPTgZB4ui2pwekaNAiH25N9ry9J/uVa
+uY7BKxZu7OCNKgpxSclbkvT4XLweplIcHxXbj6VEhaZUGQMRR5D50eRxulhj
+BCZ+/l61XlPkQXyNrjm67xgRGQje3hl5bXsFggHAd7C348GXok8lY9UEliin
+0jtEMamksg4G/udk7PNT5TOTiw/EhCdnDb5ko0nXZ9AmKJS8n+U8XwB9dhiw
+YdcCW1swoCcU8sFpp2vyadDEHlvPsEMLd8DLHMtiGOOFseWEPGQwgk+6xIjK
+XE2ENQsh3sXBvgEUO53ElSGBTl0yXfUdQ09fstspY4NosiQpUmG8ZLGI2G+B
+YwNLATGEzSA2iU9K8csl4TwTirhzLTB9uychppS/HxeJNwz90rTdaPUbNG99
+PsbPt3PhwoFXXQj/rxsuiAHUO2bhN4e0We7CiaVOKISaw839yrhs++OqgG7O
+VeiUfHIL69r7A9OIva8hh7B/crs5XUNgA7nB5oVFPptpFiItcrUuVjkHkZ6S
+nqGFkQInJJYzRkxkl7kbdX+maQBIjnu17fY5vZJFZzccCvtyLPKSKAwLao0i
+mOyHBVEOib5X3tTWz3A9s7auiwnSZV8JUXca4GDvcdgFTWCUToAq9VDXwu9R
+tEglOJ3SI00YBQp99JglNBlkEHTfZTaFVMcxlWCb9dR4M5KiwusCgjvKJ5t6
+zlwcwhYwOFR0P6GB2P+UY3UDm8PDlj5zJO2oQsL8tesT5h7VtfxGKfAgIDZl
+Q9jgWT+bYCo5eg3p21r3tlv76KrfALKi9ebmV+zmoSQNlPEtWjOJGBI/dIOW
+VUfRVnMgS+Qsy3VFzLYitjmZHqjxK3wV59Y1qJlKSCR/zVYT/vMOiNjhv33X
+EKg9wwlfwm7njLEGNU4r6LDZxw4Isg6aQUS4xrMub4xE3bUv9VqnAEVnno7I
+QmaEJmNsey2l/6wkE6hMjcADADTgSSYRmfQD20TQImK/8SyPtcW8y0iCr5U1
+7NSAak6Ax0YuKcgAB3Bjfm0c3QN2lNCT2vvOetuhpgdjPqmvkTIqqNMoCee8
+UjgYeH4jzxwo9ZtwbJ/3ylEOjPFdxqsvwcrAsNQZJUIGlFgNx4YWJ/jTDVBS
+nK15YA5uAbLCqztUe7RlSTaZbQmyP1UUlRbp1/UVSUy0CtZIL0GuFq8T2c3o
+oHbgPZ0Vfm8/AB7KiJ48sTNiAxoitIoF0xIK6QtnJqcCgy0zIvHiV6UVnqnX
+YGoJ1ud0REx/g/AQvbcsdVGsY7f9vFVYlVEaAI0xeB+ES/JZdDlDKg9J1JRt
+WVmxVwMye5C9NYQRW7NnyY0RWreui4t60YTkZ4pneadljr/U53jINbB9Gm8r
+dTjUpFCxIqv0H/5jm1D6i7Eo87s+KtTMybqo85RrbvmTsnuE/mgWJ/4ok2Bc
+a4GaS0MFrqWgBf5WMQ6KgMRote8cnMHe0eH9JwaxVLqgvLSmNCw/mO3x27K9
+9i/sj1v2Da9ryy7zmawaJW1bjKNjDOEw2I73Ok+ihPgf22TtdkH7ly0LU2Ls
+zUS6aadxFCiddzVCygbxkIRE8SlO+JPnK/Kci0YY+BIjfavnsdVD1HoHavoE
+y2JmY0e++oCJIxLClk41QMkJ6ql5NJsuCuvaYI1Ct9qzTgH2pHteAU9kdMpY
+bxHqOHra6yJyZrrt3j9q9NeVoEEJIXXjjUBTsk3gPJ1Jq5JI+zZvhYzFZRXN
+8zH8JV5sypQrLlmFy9XUnYbNmKhoCwtwW/FUm4oLPeBKQW4J1iDXpCoTlegH
+e1s2lk04FMKI43gaQJADaqabg/a1abPoSXldpz0eKmog3WKGCObKl0GzQzvl
+AaaUz6DleP0SEAyOEpXfgMJbeS31dr4msFJFfwluxF1jVpTbbuJBvda3oIhd
+nQcXa/mRs0GT/TcM37LnXLUtRRFrneeoLkLxZT5hkyq5Vam4oZjD/ZAxWaRU
+Suc6IxgpkVduHBO3YuW7g3HTCQejxthxPK/yTMJLQS9DOw5Vk6b4WVgvu6a0
+AwCI2iBpj6hoNKjCzTVohr/xKOGFREt1vFDbBeVZyyrQYEyBhkQJxZ5+1lrz
+wZtLFEmtEhHbw2Zjce4ZWbLcTEhp4CSQcgd0NYg6ZWMp+Z5ipLDKc3ieFB8w
+ZL1I2M7bXMUoMaBnGzjWDZHufo1CpoENuOXSOxSciy04GTHT8gO1EM4XizVn
+/wEVege35hjvBxAeuEER5cNqQ6BSrPU2NMXNLL5NbAYtvLLkIDIKJ5rnd7Ue
+xvWOZki92mkK69llEkhIvzs2GwfkRMblc+kxKou0FXTuMBcwMMYA22iwlrDu
+1zOod48O2rtHB4EkLtbq6pnWrQo2rho0QvZNu2Q6Gk9s2aqzzNlBn4xhDtJq
+5QMhKNSxN8CaiurPcmtEfmI7wnkyIefsSUJe1auT18eU04F4EQRnGSE0vzLh
+V8p8Wt1x3jTlohM5tG6NLg7R6wdHZ6YzXolxVxp6b5Mo5oQI5GdywRoohwm1
+h1IBVCdmag3oES/8vFdTfaYMbCOo+/uXJ0fR/uD45eVg4PiRBoOdwV43YZPx
+/f3pu+j85BJ+lwUEbjEkk8xtohU1Ut3duZpx8LAMaLROrA86JOwoBmg7lC72
+TIOtcIUq0mgwKoMQJdrbGyAJwIil8B+/kHgrdTAliO/GBdoNohzLwChBDgkF
+RRC0aWv2BSP4DUOVKaVvcPgi7B5jfNn3aBBDEDcWtm8Xpkv1F2j40g0wjzWJ
+UWZhINCgpKpld8ub28dftKzjsHuNVkj6W2NJjxtL2veXJH3objAX+KZcp5W3
+KHo6xhoqqMuZcoFftLCTsPtinS4mW1Z20FjZY39lI/z4RnD8JkYfYEwavlkd
+v2GF2s+f5CuqfXYp9+YcbhS1BPZXdthY2YG/MhlP1+YuySxXruSNzcHfviz7
+o+ZEIp5KRiRcFbglmv61S5rMrkwTLWdFdKCbNgnoN6MNrH1nZ+cXT7qWHMeo
+nCzGKl0/ROY6KjCLJuDmnAh74CwTuqcmwsMXvgIqma0d7qmvLX2l/Q+9NBPz
+KWrD+SThzyirg846VCygAgSqSk361iVjy9vxES/5iLFgN0Vac/wsgV2kTHpP
+bNJ+rDgo2dTpJcsDosk0afkhXa1Y6CsSkt4kVPVRCJRVlBGSV3CwS5vTg7AI
+Tth9EIf1NtG4BRpA6/Kp6RtreyJvZOdpNd9KZD1ZX+mttz0m4px2RM6CaqOi
+X1LacnjY/tgrYKTiUOAWrqZclZ7TWs8VyKn6kN06R1AZLgGAkSxIQ9C720g3
+6ovYg/I2MDS2W6eijXceg6zYIGuNtw7CbjuJabx5CKq+f+V74T8Iz2zhhIl/
+16aTOBKeyRfNwQTAHsQNPDODMhrgVjReM0qRr3IZrEC0p5IaVGvYIqq5YCzt
+OiEg3Geksu13WSDBqgcX9eqKeltt0b5Kk15oJkoPTrVoAu7ASqhGQeFqIUb8
+7oKwT/4gfD7asL2Byjsc8e0FlT2C5UWLHFsmu9d1SqWo5BD6fM8cAZ7t0mTE
+dKpb0MqcTBKv/q+WGKlVxzIJM7hQLa04jjM3qxXkSGsZoLXQOXxOxBpScNYa
+W8DMWJRIJl6xySBUUitkl0rjITEktzo59WuVXtguwPVdHOntKMuSj+HZGShm
+qPWzyCXCW6wBlONEWxLb2hUPy7JmlqOz6Oj4GieCq4NC7mAfu7pWObpVx+Ti
+pYKB8YqnSLlvFkwwT2fziDQpkIe5PCY5N/PFrTXStlC6B6Y+GDL9GseqHPmX
+xGR75JTXP5sTJiOK52MyLU/Uu+swBjsvKgUvqVwMVgG+LmKO/vFVgql5oZIX
+lHiaXowa30ebj6nlOG6wHzi45Gf7EnPDiiAWbdv4VWBqp+JmndHErle7yMKt
+aeDADlyTxC/piMwqv1wWt0XgcaM3wH/Jve7JSvgDl6P6PaK47u/rxXDx8jlm
+PU8O16c3BLgvFXePnVbQ/4IYTsfhLMecjAHRZ9QCjwtxeSPlQdvR17Qu/lIS
+d3728uwkOjv79ElunRoofC6lKKn1cHUzSGKUOzC6xpkxTBFPEX+/9sOyYgFT
+gJO3l0c1usOX31v7Gbb8GEv5IaFGDxOv10Ky8qkpdsWVrpCNwheTIr2leEmh
+WbZITmuxRlNbwL3cWvOH7JZpSeoVsgBq72JA1OdmKi32M00WLyZu4fCWckMc
+UB7U0tSxkILJF/TKO36uTM8ozj4YRYTr7hiDdNleqcf7xG/WVKvVMzjcO2zU
+6hkcDgZfW6vnW6m8I6V6Jo+xRk/8JBo9HT+Lvt0b7EeTZLoXmTo98KRZqoeq
+xcV6IW80hdAr1/MldYMed36RsVsK6Tgn5pTi/1dL6HggZ3XRYl+Uo9VXoB/W
+1uCU08K0jvZXpA5WRxes2HyTZlK/SspXBc3SOB6OOuVxzDOnyJRKxE4pBsJc
+W4eiXlyrhtIBLaPPTZ2kggCRE06npgxbUl+sMCiGtcBeUb2fG750Jn2U7z2K
+Olm+zNclEg4sgzcugRhQSW3WflksWJgfrThg7H1NTm2KbAiPxhxJEoKsn6VV
+YfUEANDnAutadkQA04ppWOf1OZLNi0WcYWzIl7P61QJ9q/ixx93xwVeajJCv
+UwXQ8ncwdXWscg3R0uPp/OgrpQzg6FdUgecL2PkWCSMuZrl0xvGMkPTk6+1p
+F9x55wtsafv9sN2qZjiGtvFx1yWPvlTUCK64rj0KY4KXjaV91pjGOH2jOF4T
+xWTYLwWVS2zspRNKY6+oij2sQF7EBVyWZEFFQUqkO+iXEIsVZQoh+iFbx5On
+IAXWODkfW1pR0A2hCGNQMkSck7RDGl2LjuBpOa0Ccbh+zeuDOhjc7G+wEAhr
+ZkR8NP5YR6z1R9B2ktwVgdKX4Gey8lCKt6ZflzWnVDyZFFL6Ud8fe+87ada4
+stka7plUTqCUlMeHh/vqNrmeI7UNz7F+Wj1Hu+Lf4jFVvImLxMxDtCgKz2O0
+0SE1lebvKf8sX2Inc02fqiepAFpI0jkXIPHaHmhjRUpDJB7Dvh4UBZH9ABNI
+SzWDoO2IGwqgDQF4PrWUtxNTed0ViIEx0Tsvgi4f+R7G+kA4oQQqiG+zoKE1
+haLChO1K2jSSf3ljvctiXAusg5glxmpOS1CnqZow1OqBJtB0xcbGBybTlxKn
+5EVAbtp4gbPAYqWGT7OgER/9FdYdPaK6o/jja1TsNEvOqUmKKQ0L85uamBEb
+vMKlWr5DZtNgau1rxg0zOUrrjrt6Aq82lmCny5hWZGJbUVXq2VE+TRgekd6t
+GIBR5zUkHFM5VEYhqbCMIzEuyQokUalMKlppM4aKUxGw/bftrqIB1HAfuGaY
+1grWpttE8tCfTbNKOW+/7LXjQqcbRLmsuCbvnMwMxtARl8YXPZHPmt0/qCMm
+t+lebGxhKHmfqufvSul7dMgnZa0iEJmFaWpu7aBl1XQEhq/TvsLWniLbcxXb
+wG+mJXTVQYTCu49GPglVMF26DVWtmi8HooNqXpxBJ6yQWqUzPF4uuxbpwuwJ
+97fF7TjlWSnfx/XBdAIvUi/sYpW6lM1bhBBU4Fyd664Z0y0JLCV/kWJii9i0
+EsepxKexlRb28Sq/Q8MsVtbm5AEuwdh6qUw8ZDGUZF2MsQ9sEWBBtnEeIbjM
+N5LLoQFfvl4ZGGubEOfYLWNn8hLtJIqWgVvVWGsaH3ELUKc7Lt1DXKkzBLmH
+JhJ8i/CCq7vCMtZUyB4YapLN0NDdZhbWMAWfNjmlkDXvREohV6YlwZaiyKHf
+Jilx9sWJ4ByS4JbUkmbDITsBkC2OuUxUFlBUgNSFbKKWEwSqDjQXgXS70m7S
+poOYNgbh22IGNP+/tUT3BfAi1BawDkApJIeVe+c8R0VOyZKcYGkCDIQom7pO
+xmoxkTgkpu8kLWGLcYAPXHhbvMamOef+osiaky/4cxRtFjFG+AL9+CvcJ/bt
+kWI0Qx2NbF1Dav1JH1HrD+DXbJtiU442XefC9HD6c5ACTZV6eLGS4keGUdv2
+Nu4kTohRWjZii5hHt0cXhbXoIsft4uTAmq0N9cdagIx0zVhh541QrlLfukTd
+NoE0BesQTl8jdzfSYowN/hxIR8Cx+8KAT4p5AeVQm5uSPEpdbvlqGEiJPGBS
+j9zwTY3BlCwwlzlXyhO+8Zi05A5jHk2zRqzNb7JpChJpV0n1evNDIP5R62DQ
+2TCHt9E018nHxsg8ZybHY42ZAk5ut9u/jaO742wTiLS5fYaWlG0vPfszqdlc
+xZtcak/a6or2OH/voVwwilyetq7CXcEDeX4JFTRE/7qEfrkJf4FJ+MOltKWR
+Iwd1qj9REYNFOipilnRhTFP4zPh/TdOs1o0xFl5yc+UjksCRyt2yYiB4qNyX
+u1DUWnaXtZTYw8hNroWLZxtwS7sZp50zy/xaYMTN09ai9lgbg14FKWCdmXwQ
+kwZSDk0oqpsrIqaS4M40dJQTQAs1Gy50Uif7mEqOJqYUJ5UcDdy+IWw0Qo+Q
+Zn4gqDQxapO4Wc5N05OtiWpjBGV3QlRZUeeyaS6j9OqviuWKK12RThNbnyxV
+KeQarl4xTLX/IesEeEwXMWWWckfKnBRBs5pt6OcE5nJJkXxKoEIpO6Ke2Nyx
+V+IJq1yqjciwKgG0Ns7WttmB01wT5pmsqYBolbihim1l+DAa0TrFz9MJljW4
+MFD19QNazzixdbsjXF5hdPsd6UGtrbLoPcBi0yvr+vUVqUH4X+C/GU9Saq0A
+iuAz4Kda14GUnsEwda1Cg4eej/NFeH9/Fp3spEk1jThTsdwvI/3106d+YBZq
+zQ+p7UnuFoQLOeH1nNOCLX8ppWj5wT66243DJGPNNeMIW/SdZAlcmJTLNhhv
+iqDzBFAyg+UBlLlGFjf4ULxm7er11S7BpWsXTdDtDZWyYEdgVDo+RNSzR9R8
+cTsBs9h9f3EddrlEuHHi2zFyisTh0uOmsEI2CUKTbKz2OxPZgBjVdXU9t6Or
+GfpSTMO1Jt8Tqm+C1JXaRPHPLDow4qGcZU0kkgbeyqVTtluLJk3xTGr2oJsJ
+pGuWBA6p4dILcJPEYF+ZCkr4a4t2hopNgE5jOowtBYFMS6FoQdYKI+gV2HeK
+21xhXlfB1aeBX3VBC+cKzJMY83gpfwJkyHlJMSkXdo9ORUSWpEmQeBUXE4qV
+MOa2cwpLAu7x6uqcsn8wmARka7jhpDLgeww0SYQgW43D0Gu9+EC/koZctvwJ
+fvJuRb2FUaypxAPI4O83RQSpEo5cXGI8XLsHjs3FIkApBNqUJXemwg2GNWAO
+H72EWWVqkXBlt7gxHPem9spQSzq+yM0iKzkVXYqElspZWHDYABxSdtWvgUky
+fAKBQ+f9csHYS89dmC00vtiYEjewvk7QUnlAnLkS108QeUlWgGO28wRHqtI2
+rERAXajCISC5V4zA1hWCNXNhk1omlmkI7HPC3K9hIIUYrJ7vOpAWEt0tISas
+KhvWBxq2mK9iMWpYcsFQ3ojst1GNy6/9cM43kK6ZCEx8BR3lRsBPfDRpKklt
+eRhB+LlMjDZd6X1Tkx+G72wzwy1qsphqXVtci+UlbLW8kJ2Y1HE/2+VcTyBt
+AgL5MLxYilQi9y3WvK6xLbqKo79dV1jDbcSheYCTQ+oyyMZjNQ1wSwtJBBLd
+wdiEqcUCKXGinYD8wWTBwHCFICsyQfMTqhxH/amYZwfBAwUjhLqvq9hY1eEI
+P6IPFshswPGRH1PQulAFGCw5swIHxOROYKUFFpIUQokAOL3aP3yC9eLgNgTO
+bfhsJb6wWYkv2FqJr1E+mfthaeU9KbWHzhap4IwplKbSXlNWFDTGErybkGwj
+pALQ3WO+enRxxkwX5WstNWI7DhKI0Z5UaovCGjWwxe+cSvxk599yMqaK3V3M
+7QWBlABDQ4KDrfkyIYaUmWqtufKUGiAKQpgQyfAIzcTxeGPCv8XLZWMou6Ra
+9DlUo8cwrdea3QmObclyvx44XQqqXc3XkJdlq9RqP/QHWh4Sn99k43mRZxT/
+gqsLdedikH9zfdFzu9dyYcX484XVgwcKqwdMCmqmKi9rihBWtlquYqdDCjur
+lMvX41e9TVAypjAHjGtPZ/NEqigF/moRi5zppdaay/1t8WVloBoGKrYbhQil
+obcUmmflxIIy4OB4ihq3dtf6vEiNsGNPLiFQS8JXXbXY9Ot4w8EKSKnr3SkQ
+UfBdKcEVtK60VnUK1HVTe0p7lzIzrnUxwvZKWHwSO6Udmzruagqlk1rWqr+T
+1WSBdVcbXV0JxQPJ1ky8PktY7XY7XluTAvdc4H4LVFvbFvoKsRWyeAFRMTMF
+RBldSL/JsVNJo3q8Ke9TUbocd+8uOKwFURaOizm9tAgRQ8KXdjwlm27gtFEF
+BkidVJ1L6HyIgqbbEzWfBochNztlmxZIKznl59Wa7HJ3OpbNx03/tvY2P5Wo
+UzWYymFm1CuFWwZw+SISZ45cvQutTl2KgOuz8YapXE29UskRv3ZTPFd8pl0b
+U9ZzKl1RmLeJwyHnVLS9YSgMg5nATi93CiDjSDTX0dhji7qECfRrqet+xSQv
+Iv5LqLnjp4UtKvdwanIxCNndx521sVSw7YytqZhdsVCIfO67kEL1JNKOTSM8
+Qh/b0q5HsqeIR45YgjYZY8x08ZoKppIul4PKmmCbT6fVuL6+WCS8fMk43+AX
+IP6pvCMGeGlqYouHdS/OznoW6c6dNorUxajeWnGrWGE6NVIulDODdrtSPN4J
+5Fb6Tbg/3ytSey6LgVpjgODQ3S6SJGZgtd84m63R1OIitcxNhUB8/6apc6b9
+s1cNz0XgTpOAHDchvUVeFBlWGENr4GFtShXng+79fVtX9E89XDs7KZhNUU10
+FIQzluFFKQu44CWnn3Bu8SKhtH80OFDhnFyy7rmhqeZcEPcPBPGwLSj102wS
+LLpVJnSGmibjrWo/J3GgSJUERP4jqsquvi1VwI0Nws2+cq0UMX0WiVYHv4Nw
+wU5TbiVhw4eNlsG5W5KdptkUMZn0lzvbMFcDeYAp0YUm7bkiSzdtXNQUrfsg
+RRh9eDopcXhnAAYv1wulJbgql5h0/SKsEm0gxENuSS9omGu0OdxiY3UEUdjY
+jGGt1wy6QF2QWLCNikMonJbAlrOEqaAoY1yWgIVZ0lFH6yrgHB8dT1fqUkQt
+nkK169VrYWBxJPX4m+R3qmQOKL66tDfhP4GCsZOLMyF1wYF/sGoHVnOpIqJj
+bnGblwVGOpPSPT6ves7WA1xeo7YVu8cCr8Tio/Ds6M1RG9/GhNQ4vN6sEgRC
+yjFxHP+R2sxzmx1ZOC+p1cCGnBEDQHUPLri43e0EZUe/3tQ8uLg44Ge0CuxM
+PgyG2u+LF3O1HlXuj34RviC4NMVLtNpeia9haT3sjC0o1vbjacaJ4LUYPHzh
+2SitnjvVSeLwh/cSWCF/u3LqLEsF8CD0a4D3pUwjfWFyMABwja6agp6UqtFs
+rOm11LxqDxzERSM9xOVsiUU0UYhaIkJPGJVvxG2isiJtNUdnmF2s1WvoFZjA
+FzysCYIje4hihubIHfThG1TB75ovWq+jDQUi5SEdOxX8jQAuMa5rMWpI/0sA
+md4hN+MPu5JayuNwflzKeTyDKdjq0S17sukwfJkuHL3D/eUcZ6lyIEZTfIcw
+FY/UvhOwXMO5kEuURiUKlDN+4CqMmXBP1wUx7NqajucFhtICLr5Jsgzr5wBi
+oZPnf2X69x0sunmmhGCNLhv6ErTqt2/whrATlABM7FBe4PUdEWfaMhWo4CA/
+CB8hvkZvnp1evyQa4vbTpc64HinBxrr0W+TSjk+/k8J4zXOVxrzaoPyIJ07t
+fEEeIn8dOcS6uLqerOsNui9lcZtO0EqF+E2lNI1GpHD7qMQ6/gizAnwI069q
+haF4V40r0QdhxW0zzC0MkK6wybsOORZn/hDISdRemlFWe4fUxPfJSNos8PSf
+o9C/8XsMR/3LiZVW8RmjyrFBFXh2aUTU34LfhlEUDenfzh+H8ANQ9Qm8bILF
+z2z6+2+EbPCfWu0YHM/EtsPPrBTuUuA3cZMHPwQqC79IGyPuUOnI7g9+qqoS
+vkUCE6kir+SJfke6iAnT8UdQ7QpefMuC1lcPgQj/GxmuWUJ/ywYDb+ENufg3
+CtinpBx5qPH6W7DQROgPW3RmrojICnKjsrefM9XjEHSJyXQ89561Iy4pbCji
+PtqTRvHF+3sWhhyNA4kqe+M1Acc2JXb25N4Oa3+qNdrDioMoIyqNgCsI80W6
+Kb2Im8YltI5z6TywffBOYC4Ze4Hb7mMXVt7rhLMiX6+4zpCVzVTPA3XAozpW
+CqIqS/92+fL42WD/CeUKcAhxSqEZxnchNMIsJ6Y+bb/xOgGB/rCbbYoK/NaC
+Q9QCC2VxF3Nrp0z4biJv2kbhAoufG6KtQCXSjbuYvQosw6s9/OHR7D1yUcSt
+o7jl/AF5ADAhJ6yi8sHSDRI+GJQlj2TyXYechx1mEX6X89B0OW99/1pDReBE
+x/MUA1fQKteIDcFfYSvUfcbGlARfG1RilBo0Eps4Cuo+x2ezXlEp8ZSbc7Na
+hbVAMOJAgzSAb9+BytrBANJUvEMk7/2HmKOo2GJaeS5Tjb0H2gCvwQyLxCuh
+06EACwxYtuPBndUhnfALdOcEJlsfXoB7OEvEeJJspPN1ZsJEIuwbG/nmycBE
+6EpgWl1u9ZKY36LMFe7v7MmNP/045gumAX0dMjUR9Wo/ZgrDefbk28dwBEwv
+mfZsHdkcKMa48K2nyDQzWfcIk4V6tgQv/tSkoRsxSjm2MM35ybh8PFEzNc17
+HTvjANNrZuJ9xKzQYaiHjoFlmAyOHtx5vJgigYKfljsdjIbCwyWHpNiwyzW6
+7NIxudzR9pEsKeQu5mFNUxWSexebAOvEAsfvUp0RXrswHds3FUNRyoo6qshO
+6MUeJiSYxuxeTFDobMe1tlE0gs0uDzhVraDwyixvFOHrKx6aNHiq3ullfdjQ
+aDLYaKQjHQKl10pUhFlqMEIfzRyB1Z3GWQTj9EL2ht8mxYzoNv2QZj2bbIBh
+IoENsKCG70ff75gITjfVSxMxsPpomo0rLciM8qFjL9VKJxw5uMudq1E+M95U
+DKpgImm78Vj0koJK1R1pS1jHVkLcQVvKZ7iWobyuxhRCKcfehmjU77QQB8y6
+mcB59xHd6QmZXvraTdVQiED9Azsd9t86ZRPonpXtt5RvY/Ntl6rmuNLIKcQQ
+sacY9AM0jscUj+Wjneq4Us5QGw5hIZCF1OrkW3r9MYuYDnRAPLq5W+iVBeK1
+Xq65nTK7C+PImh4w8wNzeHRgUctthwjxK7BTk1br2DrEXVgmpfRI9WIASeuF
+dUaMtnwenNhmwm3sYuuYqDZkjomhO85Xe9iyDbz9WBYGDxOunb0QVBZnCbeA
+ffi2PChVe5EyEgaqcElKFNkpd0+cy5QDeYeeyyReKgPFxhRIX0y/ORM1azZk
+fLsB9/Cya+KGI3ANRlz0hzeHflh2XQ05p6P9SCh01xwJ5RLioRu7awMDNRDF
+7coka3yOlZ38WQD+d7GUR+KR1xmzlYmxQ7q5kGdVndxJiOYM1oFeAaBjGPzX
+jBlBTxs+3+qg46xDLGHrW3zIimXUIanSJqzXVHxF1wXeu21XDtsacUYaKxcT
+Yd+BGyDqdB5H9UcmuRlXH0HNwbA5d3HWlgvr8cK4laZSt8MmgYhN9QDyABQb
+RHBznS1lqHMkJQ3djvQ5YPxIS4cgUjgeVYsN/+4zXIBUEf4ELI/lKTWACmEN
+toa+wmykdhNFNcE0fUkTZL7OXu7wgjO3L/aFyspR/6db9wxNdpq72aMEtUA7
+OfJ2JFEUcGwjPaMcUsfOXwcogTRowq1QsbFaYV+kPsxQURjtVNVcyGSgmiil
+Xz8sB6PzBnX6CKOeQdLBoSiUYJxHmk1u1vicEvaWKTrIGlHSdDzMb/2wem6k
+YNViCS5zin9fi9Gz+xbgfk194UBi621hTu47sL+3F6dvrk9fn56fXl/+pKqB
+LNKtMC6W1UBLiakGwDF8boGzSTJac40fynDKM/SOMLQpRICDRBC6JRJ+tMei
+K7zC9qB38aYcWpXB811TnKV4ZgDbIkK+h/KanpuBAo4SjziBstIyJGTQN1Ff
+pbyvfVr94JiAEr2e057aPUX1ipOucBg4vkwfJP55kNcKuSnHzy021gI7CSS3
+FCh+RbxRa9JpUQQK/mzWTDd50KZ9q7qmyI5SO+OklQrxL0H7oTPV8J1dDJZG
+Me2dQNLqNo4X2wcBTdWsVi1WI071ksiLQnvc8514gTFILGDgztwrwqmGW+S1
+F0hLDEBGdpQ6rtsOBrodbhIQ+E0CfIFZ9TRi5JrcVSnNWsbkeg1IV81yrJ6h
+HsxGDX89Njlq45wOHmgm0BID4lT9AM7rbFcSK0gPCd0uArx/W7iPjU6B7RsQ
+eiSz0RZCSldcHZ9dX4fdqzUFdx7TnKbOfZ/5IckG401fOOS6rLbQMSTcPOA2
+i0c5Tqsqcn91tOa4prqbGkaVWUVlvUh05iWvm2DllAJkSuIuXsUsAOQV3wN0
+IHBxNdpYQGmKq6p0L6JuJtHoELr8/i2UTEmqvBV2W+zmqshTtTeMyuAkLeeq
+uDVmzRWkg+MFtKwYi0KxIm8qzFKuuhNqRTzPBZADR0ySJWjtBC+JD1P1qT6n
+u1qTyRKERCwOyxUibRknEq5ZIKMETC5Db/o6Y7iTsPOwpt6NNqwEstE1cDQ7
+I+ogRKn49sJ2Ca838yVgU59tNp9o5ls7vDgUsw0ddtiArHmCJs7BhjeQUMOh
+SZMUbhyGSlmhkptSU6ga7ttnT0abD5ESVHmE1XM8jLW2BBqCV6+I2HP82rzh
+WBSZOUbUBw4CSfkbN27RGI8Imbs190kvoJqHJLbRrLapAVD8mFheucZDLlvh
+Fri8ABBI1uwGXZK1AQuOmnRyhy28f3wsCdJ0jY9hPyxabWEH2993SgSJIyUe
+oYooncxM9JcqDn2NFRE/d0/vux2n2W4inwZaXLBLKDsn8k49Unx7RSOjrLej
+VjPCpDU1R7zeRSkn5mgEt1c5c5++xCebHi1EoGy7DBJzxNbDcSV+65fvJeJq
+qx2bovUAkf3v2l8/4gg99ljg+khH9ifEKB68NNJn5pgTb2Cfwuvam906caZ9
+TtuV4nsYkdkPH2iG60TjeJ4p+hzjT6lWFn/sl80y8aJthV/oc6M07VBbG6Ql
+TgWch9P1Kf1SE++pXQ4m5OslxtyyLqWAEGItlxQl0Ntxm8F72Sg2r8XPuAeR
+DfvRbGma2xVOSRYfvIv9ZmArA5rLLhgRFFaCLdwl23FrryGWbLQLoEjemNJQ
++RF8l7pHCXRqxa7Ia0oEgtIQIE6NWyrWPIHTPFchj0Xb0UZkfDRwnIhQxafj
+tMgZIngoc2i7pCVlkcOR9FTE2C+JL8ehG72cMCyFo9G9BdkSIFLnedyWK0EA
+xXFfbUZFOhmGr/LKSHPEd1VA7KMddsIy1C39ZoRcjEvS7EmEtaAAhVfW4sq2
+gJvxrz2tRmrKbcloCsJ6ThNByUO+4WeSl2y2kkljQjMTJjJ1rX5VLpFgkG2E
+c5VsrBFlp5JfwyOcQ6T3EWjIi5RzVnTdlGRKTadWFPvCVgs8dYz9qG/4MBrs
+LVEepC5tAnDfi2SjnniTbuQjdd1O8fqTtRtnge/xu0xTi+vhXe3HVA84jcnY
+IKltWDihUTeCOYqpHRF0f3h7dSpR7aTXsDAt0U9exQig11xRwo9KT1vWABci
+z2aoQGGF0DXi4aQlqwO1e3e5o4SaYCS274VJDUK3lq14gfmflGJDkpELpx32
+0Rpt3lbChju5WqEVZKtK4hTjE6VhuYzR/lZSIRyjv3lllN3K5ERbbuETTH0t
+2poNGaUBs4O42xzl2lGvBZyZVLrngFjzNLnlSEczvObCBk4gbo14LJOY23KY
+LlMtjaV+UwBxpMClrR+NASpwh491g/RCYIME+F8wALZm2B+Exy8vMSKnCgcD
+9Mu7bZCsZO+W51ezR98UYe5q5f8eBi14FNjlb2xgtAyA+Y1f0NpVarxOLLji
+03fh+cklzPFFxf672hygxyBpWEecMOCjs4ibVWGNfA0e0OBRM/nRGcY7YTnt
+nXCwT9D6XCcAvw/Ab40a3j6/qpfybp34AIbhNj+2zr+ZdmPmeLBJwAMtAnDK
+8/Tl2QlADkHtWMkVYESt0Rd8m5ZsbuNuK7jnGqhrPT2arTN0TJwWa5470G0r
+bs7CnJmoiURloyy6i1JuDIlzuU0LkwdoDvfilNrNW1juI/NCOFDhJry+yyPO
+vDK9FNqFbylTLKVVS5ESQtO8kF3YHDuSTUrHmKXVhYec4oz8QMJD6xXPQWTF
+2tYkGXCGFbBifFLrsk4/feAC4yQDR3EE0mi0v7f/JNrb70jda5ruQrsAP1xc
+XQwPO0ANpbY6hdqZ7bXXV29+JRJI3iiwvvfkYNAosA4Pn35tgfW9gVdgfTQY
+72OR9YiqrGNB9Wg0niTRdM+WWG8WWJ8mIGjeYM4oLPoGt+rVVueq6SYBDLc8
+jyM4lWF2MPrb7Kf5+fT9+/h19M/Zxx+Lv72M395cfyyL44Ozcu/HQflydHJ3
+PJvxiCZtzBnk9XG8F+//evMxvzlc7r179ur6xYs3L94cv/77iw+zp9Es+mmV
+pN//sDx8ctDZXr99kRKVpdXfcH7HV9Rxd+qjm/LXnpcWkKevugVGGvVd3HdM
+/4j3bJHUoBcsc4qFCmGEr0e7GgI9hHEPFvRHfHvShm9Pvhbf9v8AfDPlwbn2
+9lcX8h88UMhfynk7jehMofGvwoJrMl9jK2ck5bU2WTs7O9Ee9cpqXp1axyp5
+dT/s1nbd43kcOrw/bO10SWKetsk7kl52W40iuOCIrJ/bWmLayoZ3buntILYF
+9LUpZjaptXDTVnqYkIMUfuD1hzTdBR9G81oXPcZ0CuzVhmvt2N76HeZSYO+m
+30lh48Fof/wYcAyPE/+1Z/8l//gUlvF9ehjFT0ZPI+xYEQHCTyMH4QdNjN/W
+Uu3/d3S2tWXn110sxJt9v38niln/Au74OPBFaIOKX1SssYBmC+bs77VgzrO9
+r8Wc/T8Ac+oN9nxi+UXo+1DXk0af068/y8egvljS4fU//R1n2TiYLzpOUmjb
+DrKN6T178rUH+fgPOMhmF8SvPsr9B45yS3fYrz/Og3qr2N9xiM5xfOb42lqo
+tpzj40HLOX47+NpzPPgDzrG9T+VXn6U2I2qj1JebwU/Tt/n7/b+vjg/P//ns
+1Yfv//vNx8eT19/evogPyne/nj5N/1rt3V3853g7pW5pyPv1yHAYdlvb9Bo5
+5GvxY/t5fwZRPifeHrZgyOHgqzHk8A/AkFp/0q9GjYMHrvmWnsb/cqOqLz2m
+sFbUDbZET8MHSAIaNXb/GUdawy0adOibXx6Ut50OSk5Xc5SIuXG4dOfFEitj
+TBCqWYb7dWegvkc2X/Q16R/sCHRlWHvb0rv4gQ6opg6ITR1IJdL/0ES7ai14
+482+TePgwYry2BmjVfP4wi69Vv/4TKteefFL+vXKq1/atFde39659xdRvLnr
+skQ71JsWpyXHd2NVhaTYqPfSdQhyGUntncwx+unkC68xObM5ugLH5oazahJ2
+Wnx9pgdwYCqIk/LGRn7BF/Tkc58P0yya/YO+nTOQART3ZtxEwdEUHw9toyST
+hMxj/ZCnWz3mVt8jHxFmTHDMbUuLJLkFVIOR6zzXGiW168PcRJX6jBIWhM4/
+PyNKuA8aOBp6mBh0ufqY/tPl03FcID18vEjhBgASbBoT7tYmbKCv1+mz5/A9
+/BXthasvsxe2NGM09uN/tRcjSrFtiuwzX5GdDhLA8jHxlYMvkX5+Xy9GD2Ie
+Z2Pm4C5j/yGtqPbu421SErz6gNBLDSFb2rJ+tanH6QAiERV3uent5PXyo3gZ
+p10t4aiGMBtc9OtC+r3+trf7fRQejT9k+R1iAocCbPUesiODIoalDSMndeId
+x9VQcrDmVqWFk3EZLwKKZcR1aQqLyV9IMzUhcTs5t8GOJFqZJKt82sw5NekJ
+2cT+eFHk8K7kQTn5oOFn8kEbRTsCLdqRlpIjGvy/4hN/sbUcAQA=
 
 -->