<?xml version='1.0' encoding='utf-8'?>
<!DOCTYPE rfc [
  <!ENTITY nbsp    "&#160;">
  <!ENTITY zwsp   "&#8203;">
  <!ENTITY nbhy   "&#8209;">
  <!ENTITY wj     "&#8288;">
]>
<?xml-stylesheet type="text/xsl" href="rfc2629.xslt" ?>
<!-- generated by https://github.com/cabo/kramdown-rfc version 1.7.39 (Ruby 3.3.8) -->
<rfc xmlns:xi="http://www.w3.org/2001/XInclude" ipr="trust200902" docName="draft-ietf-ace-coap-pubsub-profile-05" category="std" consensus="true" submissionType="IETF" tocInclude="true" sortRefs="true" symRefs="true" version="3">
  <!-- xml2rfc v2v3 conversion 3.34.0 -->
  <front>
    <title abbrev="ACE CoAP Pub-Sub Profile">CoAP Publish-Subscribe Profile for Authentication and Authorization for Constrained Environments (ACE)</title>
    <seriesInfo name="Internet-Draft" value="draft-ietf-ace-coap-pubsub-profile-05"/>
    <author initials="F." surname="Palombini" fullname="Francesca Palombini">
      <organization>Ericsson</organization>
      <address>
        <email>francesca.palombini@ericsson.com</email>
      </address>
    </author>
    <author initials="C." surname="Sengul" fullname="Cigdem Sengul">
      <organization>Brunel University</organization>
      <address>
        <email>csengul@acm.org</email>
      </address>
    </author>
    <author initials="M." surname="Tiloca" fullname="Marco Tiloca">
      <organization>RISE AB</organization>
      <address>
        <email>marco.tiloca@ri.se</email>
      </address>
    </author>
    <date year="2026" month="July" day="06"/>
    <area>Security</area>
    <workgroup>ACE Working Group</workgroup>
    <keyword>Internet-Draft</keyword>
    <abstract>
      <?line 121?>

<t>This document defines an application profile of the Authentication and Authorization for Constrained Environments (ACE) framework, to enable secure group communication in the Publish-Subscribe (Pub-Sub) architecture for the Constrained Application Protocol (CoAP) [draft-ietf-core-coap-pubsub], where Publishers and Subscribers communicate through a Broker. This profile relies on protocol-specific transport profiles of ACE to achieve communication security, server authentication, and proof of possession of a key owned by the Client and bound to an OAuth 2.0 access token. This document specifies the provisioning and enforcement of authorization information for Clients to act as Publishers and/or Subscribers, as well as the provisioning of keying material and security parameters that Clients use for protecting their communications end-to-end through the Broker.</t>
      <t>Note to RFC Editor: Please replace "[draft-ietf-core-coap-pubsub]" with the RFC number of that document and delete this paragraph.</t>
    </abstract>
    <note removeInRFC="true">
      <name>Discussion Venues</name>
      <t>Discussion of this document takes place on the
    Authentication and Authorization for Constrained Environments Working Group mailing list (ace@ietf.org),
    which is archived at <eref target="https://mailarchive.ietf.org/arch/browse/ace/"/>.</t>
      <t>Source for this draft and an issue tracker can be found at
    <eref target="https://github.com/ace-wg/pubsub-profile"/>.</t>
    </note>
  </front>
  <middle>
    <?line 126?>

<section anchor="introduction">
      <name>Introduction</name>
      <t>In a publish-subscribe (Pub-Sub) scenario, devices acting as Publishers and/or Subscribers <!--with limited reachability--> communicate via a Broker that enforces store-and-forward messaging between those. This effectively enables a form of group communication, where all the Publishers and Subscribers participating in the same Pub-Sub topic are considered members of the same application group associated with that topic.</t>
      <t>The specification at <xref target="I-D.ietf-core-coap-pubsub"/> defines a Pub-Sub architecture for the Constrained Application Protocol (CoAP) <xref target="RFC7252"/>.</t>
      <t>Building on the Authentication and Authorization for Constrained Environments (ACE) framework <xref target="RFC9200"/>, the document <xref target="RFC9594"/> defines how to request, distribute, and renew keying material and configuration parameters to protect message exchanges in a group communication environment. That is, candidate group members that act as ACE Clients and are authorized to join a group can interact with a Key Distribution Center (KDC) that acts as ACE Resource Server and is responsible for the group. The KDC provides the necessary keying material and parameters to communicate with other group members.</t>
      <t>While <xref target="RFC9594"/> defines the operations and interface available at the KDC, as well as general message formats for the interactions between Clients and the KDC, it delegates details on the communication and security approaches used in a group to separate application profiles. These are specialized instances of <xref target="RFC9594"/> that target a particular group communication approach and define how communications in the group are protected, as well as the specific keying material and configuration parameters provided to group members.</t>
      <t>This document specifies an application profile of <xref target="RFC9594"/>. Message exchanges among the participants as well as message formats and processing follow what is specified in <xref target="RFC9594"/>, and they enable secure Pub-Sub communication where a group of Publishers and Subscribers securely communicate through a Broker using CoAP as per <xref target="I-D.ietf-core-coap-pubsub"/>.</t>
      <t>In particular, this document specifies the provisioning and enforcement of authorization information for Clients to act as Publishers and/or Subscribers at the Broker, as well as the provisioning of keying material and security parameters that Clients use for protecting end-to-end their communications via the Broker.</t>
      <t>In order to protect the Pub-Sub operations at the Broker as well as the provisioning of keying material and security parameters, this profile leverages protocol-specific transport profiles of ACE (e.g., <xref target="RFC9202"/><xref target="RFC9203"/>), in order to achieve communication security, server authentication, and proof of possession of a key owned by the Client and bound to an OAuth 2.0 access token.</t>
      <t>The content of published messages that are circulated by the Broker is protected end-to-end between the corresponding Publisher and the intended Subscribers. To this end, this profile relies on COSE <xref target="RFC9052"/><xref target="RFC9053"/> and on keying material provided to the Publishers and Subscribers participating in the same Pub-Sub topic. In particular, source authentication of published topic data is achieved by means of the corresponding Publisher signing such content with its own private key.</t>
      <t><xref target="fig-document-relationships"/> overviews the relationships between this document and other related documents mentioned above.</t>
      <figure anchor="fig-document-relationships">
        <name>Overview of Document Relationships</name>
        <artset>
          <artwork type="svg" align="center"><svg xmlns="http://www.w3.org/2000/svg" version="1.1" height="720" width="576" viewBox="0 0 576 720" class="diagram" text-anchor="middle" font-family="monospace" font-size="13px" stroke-linecap="round">
              <path d="M 8,32 L 8,80" fill="none" stroke="black"/>
              <path d="M 8,128 L 8,176" fill="none" stroke="black"/>
              <path d="M 8,304 L 8,368" fill="none" stroke="black"/>
              <path d="M 8,464 L 8,576" fill="none" stroke="black"/>
              <path d="M 24,184 L 24,296" fill="none" stroke="black"/>
              <path d="M 24,376 L 24,456" fill="none" stroke="black"/>
              <path d="M 176,304 L 176,368" fill="none" stroke="black"/>
              <path d="M 192,32 L 192,80" fill="none" stroke="black"/>
              <path d="M 192,128 L 192,176" fill="none" stroke="black"/>
              <path d="M 264,240 L 264,368" fill="none" stroke="black"/>
              <path d="M 280,464 L 280,576" fill="none" stroke="black"/>
              <path d="M 304,64 L 304,224" fill="none" stroke="black"/>
              <path d="M 304,384 L 304,544" fill="none" stroke="black"/>
              <path d="M 352,528 L 352,576" fill="none" stroke="black"/>
              <path d="M 424,528 L 424,576" fill="none" stroke="black"/>
              <path d="M 464,240 L 464,368" fill="none" stroke="black"/>
              <path d="M 568,304 L 568,560" fill="none" stroke="black"/>
              <path d="M 8,32 L 192,32" fill="none" stroke="black"/>
              <path d="M 200,64 L 304,64" fill="none" stroke="black"/>
              <path d="M 8,80 L 192,80" fill="none" stroke="black"/>
              <path d="M 8,128 L 192,128" fill="none" stroke="black"/>
              <path d="M 8,176 L 192,176" fill="none" stroke="black"/>
              <path d="M 272,238 L 456,238" fill="none" stroke="black"/>
              <path d="M 272,242 L 456,242" fill="none" stroke="black"/>
              <path d="M 8,304 L 176,304" fill="none" stroke="black"/>
              <path d="M 472,304 L 568,304" fill="none" stroke="black"/>
              <path d="M 8,368 L 176,368" fill="none" stroke="black"/>
              <path d="M 272,366 L 456,366" fill="none" stroke="black"/>
              <path d="M 272,370 L 456,370" fill="none" stroke="black"/>
              <path d="M 8,464 L 280,464" fill="none" stroke="black"/>
              <path d="M 352,528 L 424,528" fill="none" stroke="black"/>
              <path d="M 288,544 L 304,544" fill="none" stroke="black"/>
              <path d="M 432,560 L 568,560" fill="none" stroke="black"/>
              <path d="M 8,576 L 280,576" fill="none" stroke="black"/>
              <path d="M 352,576 L 424,576" fill="none" stroke="black"/>
              <polygon class="arrowhead" points="480,304 468,298.4 468,309.6" fill="black" transform="rotate(180,472,304)"/>
              <polygon class="arrowhead" points="312,384 300,378.4 300,389.6" fill="black" transform="rotate(270,304,384)"/>
              <polygon class="arrowhead" points="312,224 300,218.4 300,229.6" fill="black" transform="rotate(90,304,224)"/>
              <polygon class="arrowhead" points="32,456 20,450.4 20,461.6" fill="black" transform="rotate(90,24,456)"/>
              <polygon class="arrowhead" points="32,184 20,178.4 20,189.6" fill="black" transform="rotate(270,24,184)"/>
              <circle cx="264" cy="240" r="6" class="opendot" fill="white" stroke="black"/>
              <circle cx="264" cy="368" r="6" class="opendot" fill="white" stroke="black"/>
              <circle cx="464" cy="240" r="6" class="opendot" fill="white" stroke="black"/>
              <circle cx="464" cy="368" r="6" class="opendot" fill="white" stroke="black"/>
              <g class="text">
                <text x="48" y="52">Pub-Sub</text>
                <text x="132" y="52">architecture</text>
                <text x="32" y="68">for</text>
                <text x="68" y="68">CoAP</text>
                <text x="104" y="68">(a)</text>
                <text x="372" y="100">Authorization,</text>
                <text x="484" y="100">provisioning</text>
                <text x="548" y="100">of</text>
                <text x="340" y="116">keying</text>
                <text x="404" y="116">material</text>
                <text x="456" y="116">and</text>
                <text x="508" y="116">security</text>
                <text x="360" y="132">parameters,</text>
                <text x="424" y="132">and</text>
                <text x="484" y="132">end-to-end</text>
                <text x="56" y="148">Transport</text>
                <text x="132" y="148">profiles</text>
                <text x="356" y="148">protection</text>
                <text x="412" y="148">of</text>
                <text x="464" y="148">published</text>
                <text x="528" y="148">topic</text>
                <text x="28" y="164">of</text>
                <text x="60" y="164">ACE,</text>
                <text x="104" y="164">e.g.,</text>
                <text x="156" y="164">(c)(d)</text>
                <text x="332" y="164">data</text>
                <text x="368" y="164">can</text>
                <text x="396" y="164">be</text>
                <text x="432" y="164">based</text>
                <text x="468" y="164">on</text>
                <text x="496" y="164">...</text>
                <text x="64" y="228">Details</text>
                <text x="120" y="228">about</text>
                <text x="180" y="228">security</text>
                <text x="48" y="244">and</text>
                <text x="92" y="244">secure</text>
                <text x="176" y="244">communication</text>
                <text x="56" y="260">among</text>
                <text x="96" y="260">ACE</text>
                <text x="164" y="260">participants</text>
                <text x="48" y="276">are</text>
                <text x="104" y="276">specified</text>
                <text x="156" y="276">in</text>
                <text x="184" y="276">...</text>
                <text x="288" y="276">&gt;&gt;&gt;</text>
                <text x="324" y="276">This</text>
                <text x="380" y="276">document</text>
                <text x="432" y="276">&lt;&lt;&lt;</text>
                <text x="32" y="324">ACE</text>
                <text x="88" y="324">framework</text>
                <text x="144" y="324">for</text>
                <text x="292" y="324">CoAP</text>
                <text x="384" y="324">publish-subscribe</text>
                <text x="76" y="340">authentication</text>
                <text x="152" y="340">and</text>
                <text x="304" y="340">profile</text>
                <text x="352" y="340">for</text>
                <text x="384" y="340">ACE</text>
                <text x="72" y="356">authorization</text>
                <text x="144" y="356">(b)</text>
                <text x="52" y="404">Used</text>
                <text x="84" y="404">to</text>
                <text x="120" y="404">build</text>
                <text x="160" y="404">...</text>
                <text x="352" y="404">Instanced</text>
                <text x="404" y="404">by</text>
                <text x="432" y="404">the</text>
                <text x="360" y="420">application</text>
                <text x="440" y="420">profile</text>
                <text x="344" y="436">defined</text>
                <text x="388" y="436">in</text>
                <text x="416" y="436">...</text>
                <text x="32" y="484">Key</text>
                <text x="100" y="484">provisioning</text>
                <text x="168" y="484">for</text>
                <text x="208" y="484">group</text>
                <text x="452" y="484">Used</text>
                <text x="484" y="484">to</text>
                <text x="528" y="484">protect</text>
                <text x="72" y="500">communication</text>
                <text x="152" y="500">using</text>
                <text x="192" y="500">ACE</text>
                <text x="224" y="500">(e)</text>
                <text x="472" y="500">published</text>
                <text x="536" y="500">topic</text>
                <text x="452" y="516">data</text>
                <text x="516" y="516">end-to-end</text>
                <text x="24" y="532">-</text>
                <text x="64" y="532">General</text>
                <text x="128" y="532">message</text>
                <text x="192" y="532">formats</text>
                <text x="444" y="532">in</text>
                <text x="472" y="532">...</text>
                <text x="24" y="548">-</text>
                <text x="76" y="548">Operations</text>
                <text x="136" y="548">and</text>
                <text x="192" y="548">interface</text>
                <text x="244" y="548">at</text>
                <text x="264" y="548">a</text>
                <text x="380" y="548">COSE</text>
                <text x="48" y="564">Key</text>
                <text x="116" y="564">Distribution</text>
                <text x="196" y="564">Center</text>
                <text x="248" y="564">(KDC)</text>
                <text x="388" y="564">(f)(g)</text>
                <text x="16" y="612">(a)</text>
                <text x="40" y="612">:</text>
                <text x="160" y="612">[I-D.ietf-core-coap-pubsub]</text>
                <text x="16" y="628">(b)</text>
                <text x="40" y="628">:</text>
                <text x="88" y="628">[RFC9200]</text>
                <text x="16" y="644">(c)</text>
                <text x="40" y="644">:</text>
                <text x="88" y="644">[RFC9202]</text>
                <text x="16" y="660">(d)</text>
                <text x="40" y="660">:</text>
                <text x="88" y="660">[RFC9203]</text>
                <text x="16" y="676">(e)</text>
                <text x="40" y="676">:</text>
                <text x="88" y="676">[RFC9594]</text>
                <text x="16" y="692">(f)</text>
                <text x="40" y="692">:</text>
                <text x="88" y="692">[RFC9052]</text>
                <text x="16" y="708">(g)</text>
                <text x="40" y="708">:</text>
                <text x="88" y="708">[RFC9053]</text>
              </g>
            </svg>
          </artwork>
          <artwork type="ascii-art" align="center"><![CDATA[
+----------------------+
| Pub-Sub architecture |
| for CoAP (a)         |-------------+
+----------------------+             |
                                     | Authorization, provisioning of
                                     | keying material and security
+----------------------+             | parameters, and end-to-end
| Transport profiles   |             | protection of published topic
| of ACE, e.g., (c)(d) |             | data can be based on ...
+----------------------+             |
  ^                                  |
  |                                  |
  | Details about security           v
  | and secure communication    o========================o
  | among ACE participants      |                        |
  | are specified in ...        | >>> This document <<<  |
  |                             |                        |
+--------------------+          |                        |<-----------+
| ACE framework for  |          | CoAP publish-subscribe |            |
| authentication and |          | profile for ACE        |            |
| authorization (b)  |          |                        |            |
+--------------------+          o========================o            |
  |                                  ^                                |
  | Used to build ...                | Instanced by the               |
  |                                  | application profile            |
  |                                  | defined in ...                 |
  v                                  |                                |
+---------------------------------+  |                                |
| Key provisioning for group      |  |                Used to protect |
| communication using ACE (e)     |  |                published topic |
|                                 |  |                data end-to-end |
| - General message formats       |  |     +--------+ in ...          |
| - Operations and interface at a |--+     | COSE   |                 |
|   Key Distribution Center (KDC) |        | (f)(g) |-----------------+
+---------------------------------+        +--------+

(a) : [I-D.ietf-core-coap-pubsub]
(b) : [RFC9200]
(c) : [RFC9202]
(d) : [RFC9203]
(e) : [RFC9594]
(f) : [RFC9052]
(g) : [RFC9053]
]]></artwork>
        </artset>
      </figure>
      <t>Note to RFC Editor: At the bottom of <xref target="fig-document-relationships"/>, "[I-D.ietf-core-coap-pubsub]" is the reference label that the present document is currently using for that referred document. Before publishing as an RFC, please replace that reference label with the one eventually used for the (RFC resulting from) the referred document. Then, please delete this note.</t>
      <!--While this profile focuses on the Pub-Sub architecture for CoAP, {{mqtt-pubsub}} of this document describes how this profile can be applicable to MQTT {{MQTT-OASIS-Standard-v5}}. Similar adaptations can also extend to further transport protocols and Pub-Sub architectures.-->

<section anchor="terminology">
        <name>Terminology</name>
        <t>The key words "<bcp14>MUST</bcp14>", "<bcp14>MUST NOT</bcp14>", "<bcp14>REQUIRED</bcp14>", "<bcp14>SHALL</bcp14>", "<bcp14>SHALL
NOT</bcp14>", "<bcp14>SHOULD</bcp14>", "<bcp14>SHOULD NOT</bcp14>", "<bcp14>RECOMMENDED</bcp14>", "<bcp14>NOT RECOMMENDED</bcp14>",
"<bcp14>MAY</bcp14>", and "<bcp14>OPTIONAL</bcp14>" in this document are to be interpreted as
described in BCP 14 <xref target="RFC2119"/> <xref target="RFC8174"/> when, and only when, they
appear in all capitals, as shown here.</t>
        <?line -18?>

<t>Readers are expected to be familiar with:</t>
        <ul spacing="normal">
          <li>
            <t>The terms and concepts described in the ACE framework for Authentication and Authorization <xref target="RFC9200"/>. The terminology for entities in the considered architecture is defined in OAuth 2.0 <xref target="RFC6749"/>. In particular, this includes Client, Resource Server (RS), and Authorization Server (AS).</t>
          </li>
          <li>
            <t>The Authorization Information Format (AIF) <xref target="RFC9237"/> used to express authorization information.</t>
          </li>
          <li>
            <t>The terms and concept related to the message formats and processing specified in <xref target="RFC9594"/>, for provisioning and renewing keying material in group communication scenarios. These include the abbreviations REQx and OPTx denoting the numbered mandatory-to-address and optional-to-address requirements, respectively.</t>
          </li>
          <li>
            <t>The terms and concepts described in CDDL <xref target="RFC8610"/>, CBOR <xref target="RFC8949"/>, and COSE <xref target="RFC9052"/><xref target="RFC9053"/><xref target="RFC9338"/>.</t>
          </li>
          <li>
            <t>The terms and concepts described in CoAP <xref target="RFC7252"/>. Note that the term "endpoint" is used here following its OAuth definition <xref target="RFC6749"/>, aimed at denoting resources such as <tt>/token</tt> and <tt>/introspect</tt> at the AS, and <tt>/authz-info</tt> at the RS. The CoAP definition, which is "[a]n entity participating in the CoAP protocol" <xref target="RFC7252"/>, is not used in this document.</t>
          </li>
          <li>
            <t>The terms and concepts of Pub-Sub group communication with CoAP, as described in <xref target="I-D.ietf-core-coap-pubsub"/>.</t>
          </li>
        </ul>
        <t>A party interested in participating in group communication as well as already participating as a group member is interchangeably denoted as "Client", "Pub-Sub client", or "node".</t>
        <ul spacing="normal">
          <li>
            <t>Group: a set of nodes that share common keying material and security parameters to protect their communications with one another. That is, the term refers to a "security group".  </t>
            <t>
This is not to be confused with an "application group", which has relevance at the application level and whose members are in this case the Clients acting as Publishers and/or Subscribers for a topic.</t>
          </li>
        </ul>
        <t>Examples throughout this document are expressed in CBOR diagnostic notation as defined in <xref section="8" sectionFormat="of" target="RFC8949"/> and <xref section="G" sectionFormat="of" target="RFC8610"/>. Diagnostic notation comments are often used to provide a textual representation of the parameters' keys and values.</t>
      </section>
    </section>
    <section anchor="overview">
      <name>Application Profile Overview</name>
      <t>This document describes how to use <xref target="RFC9200"/> and <xref target="RFC9594"/> to perform authentication, authorization, and key distribution operations as overviewed in <xref section="2" sectionFormat="of" target="RFC9594"/>, where the considered group is the security group composed of the Pub-Sub clients that exchange end-to-end protected content through the Broker.</t>
      <t>Pub-Sub clients communicate within their application groups, each of which is mapped to a topic. Depending on the application, a topic may consist of one or more sub-topics, which in turn may have their own sub-topics and so on, thus forming a hierarchy. A security group <bcp14>SHOULD</bcp14> be associated with a single application group. However, the same application group <bcp14>MAY</bcp14> be associated with multiple security groups. Further details and considerations on the mapping between the two types of groups are out of the scope of this document.</t>
      <t>This profile considers the architecture shown in <xref target="archi"/>. A Client can act as a Publisher, or a Subscriber, or both, e.g., by publishing to some topics and subscribing to others. However, for the simplicity of presentation, this profile describes Publisher and Subscriber Clients separately.</t>
      <t>Both Publishers and Subscribers act as ACE Clients. The Broker acts as an ACE RS and corresponds to the Dispatcher in <xref target="RFC9594"/>. The Key Distribution Center (KDC) also acts as an ACE RS and builds on what is defined for the KDC in <xref target="RFC9594"/>. From a high-level point of view, the Clients interact with the KDC in order to join security groups, thereby obtaining the group keying material to protect end-to-end and verify the content published in the associated topics.</t>
      <figure anchor="archi">
        <name>Architecture for Pub-Sub with Authorization Server and Key Distribution Center</name>
        <artset>
          <artwork type="svg" align="center"><svg xmlns="http://www.w3.org/2000/svg" version="1.1" height="336" width="400" viewBox="0 0 400 336" class="diagram" text-anchor="middle" font-family="monospace" font-size="13px" stroke-linecap="round">
              <path d="M 8,240 L 8,320" fill="none" stroke="black"/>
              <path d="M 48,160 L 48,232" fill="none" stroke="black"/>
              <path d="M 80,192 L 80,232" fill="none" stroke="black"/>
              <path d="M 112,32 L 112,112" fill="none" stroke="black"/>
              <path d="M 112,240 L 112,320" fill="none" stroke="black"/>
              <path d="M 192,120 L 192,160" fill="none" stroke="black"/>
              <path d="M 240,32 L 240,112" fill="none" stroke="black"/>
              <path d="M 272,32 L 272,112" fill="none" stroke="black"/>
              <path d="M 288,240 L 288,320" fill="none" stroke="black"/>
              <path d="M 336,120 L 336,192" fill="none" stroke="black"/>
              <path d="M 392,32 L 392,112" fill="none" stroke="black"/>
              <path d="M 392,240 L 392,320" fill="none" stroke="black"/>
              <path d="M 112,32 L 240,32" fill="none" stroke="black"/>
              <path d="M 272,32 L 392,32" fill="none" stroke="black"/>
              <path d="M 112,112 L 240,112" fill="none" stroke="black"/>
              <path d="M 272,112 L 392,112" fill="none" stroke="black"/>
              <path d="M 48,160 L 96,160" fill="none" stroke="black"/>
              <path d="M 144,160 L 192,160" fill="none" stroke="black"/>
              <path d="M 80,192 L 224,192" fill="none" stroke="black"/>
              <path d="M 272,192 L 336,192" fill="none" stroke="black"/>
              <path d="M 8,240 L 112,240" fill="none" stroke="black"/>
              <path d="M 288,240 L 392,240" fill="none" stroke="black"/>
              <path d="M 120,256 L 176,256" fill="none" stroke="black"/>
              <path d="M 224,256 L 280,256" fill="none" stroke="black"/>
              <path d="M 120,288 L 176,288" fill="none" stroke="black"/>
              <path d="M 224,288 L 280,288" fill="none" stroke="black"/>
              <path d="M 8,320 L 112,320" fill="none" stroke="black"/>
              <path d="M 288,320 L 392,320" fill="none" stroke="black"/>
              <polygon class="arrowhead" points="344,120 332,114.4 332,125.6" fill="black" transform="rotate(270,336,120)"/>
              <polygon class="arrowhead" points="288,288 276,282.4 276,293.6" fill="black" transform="rotate(0,280,288)"/>
              <polygon class="arrowhead" points="288,256 276,250.4 276,261.6" fill="black" transform="rotate(0,280,256)"/>
              <polygon class="arrowhead" points="200,120 188,114.4 188,125.6" fill="black" transform="rotate(270,192,120)"/>
              <polygon class="arrowhead" points="128,288 116,282.4 116,293.6" fill="black" transform="rotate(180,120,288)"/>
              <polygon class="arrowhead" points="128,256 116,250.4 116,261.6" fill="black" transform="rotate(180,120,256)"/>
              <polygon class="arrowhead" points="88,232 76,226.4 76,237.6" fill="black" transform="rotate(90,80,232)"/>
              <polygon class="arrowhead" points="56,232 44,226.4 44,237.6" fill="black" transform="rotate(90,48,232)"/>
              <g class="text">
                <text x="176" y="52">Authorization</text>
                <text x="328" y="52">Key</text>
                <text x="172" y="68">Server</text>
                <text x="332" y="68">Distribution</text>
                <text x="172" y="84">(AS)</text>
                <text x="332" y="84">Center</text>
                <text x="328" y="100">(KDC)</text>
                <text x="120" y="164">(A)</text>
                <text x="248" y="196">(B)</text>
                <text x="200" y="260">(O)</text>
                <text x="56" y="276">Pub-Sub</text>
                <text x="340" y="276">Broker</text>
                <text x="52" y="292">Client</text>
                <text x="200" y="292">(C)</text>
              </g>
            </svg>
          </artwork>
          <artwork type="ascii-art" align="center"><![CDATA[
             +---------------+   +--------------+
             | Authorization |   |     Key      |
             |    Server     |   | Distribution |
             |     (AS)      |   |    Center    |
             |               |   |    (KDC)     |
             +---------------+   +--------------+
                       ^                 ^
                       |                 |
     +------ (A) ------+                 |
     |                                   |
     |   +------------------ (B) --------+
     |   |
     v   v
+------------+                     +------------+
|            |<------- (O) ------->|            |
|  Pub-Sub   |                     |   Broker   |
|  Client    |<------- (C) ------->|            |
|            |                     |            |
+------------+                     +------------+
]]></artwork>
        </artset>
      </figure>
      <t>Both Publishers and Subscribers <bcp14>MUST</bcp14> use the same protocol for interacting with the Broker and participating in Pub-Sub communications. When using the profile defined in this document, such a protocol <bcp14>MUST</bcp14> be CoAP <xref target="RFC7252"/>, which is used as described in <xref target="I-D.ietf-core-coap-pubsub"/> (REQ22). In particular, when using this application profile, the topic-data resource corresponding to a given topic is hosted precisely at the Broker associated with that topic. Setups where a topic-data resource is possibly hosted at different servers than the Broker are out of the scope of this application profile.<!--What is specified in this document can apply to other protocols for Pub-Sub communications such as MQTT {{MQTT-OASIS-Standard-v5}}, or to further transport protocols.-->
      </t>
      <t>All Publishers and Subscribers <bcp14>MUST</bcp14> use CoAP when communicating with the KDC.</t>
      <t>Furthermore, both Publishers and Subscribers <bcp14>MUST</bcp14> use the same transport profile of ACE (e.g., <xref target="RFC9202"/> for DTLS, or <xref target="RFC9203"/> for OSCORE) in their interaction with the Broker. In order to reduce the number of libraries that Clients have to support, it is <bcp14>RECOMMENDED</bcp14> that the same transport profile of ACE is used also for the interaction between the Clients and the KDC (REQ24).</t>
      <t>Except for the end-to-end protection of published topic data (see <xref target="oscon"/>), all communications between the involved entities (Clients, Broker, KDC, Authorization Server) <bcp14>MUST</bcp14> occur and be secured in accordance with the protocol-specific transport profile of ACE used.</t>
      <t>For each Client, the Client and the Broker <bcp14>MUST</bcp14> have a secure communication association, which they establish with the help of the AS and using a transport profile of ACE. This is shown by the interactions A and C in <xref target="archi"/>. During this process, the Client obtains an access token from the AS and uploads it at the Broker, thus providing an evidence of the topics that it is authorised to participate in, and with which permissions.</t>
      <t>For each Client, the Client and the KDC <bcp14>MUST</bcp14> have a secure communication association, which they also establish with the help of the AS and using a transport profile of ACE (REQ24). This is shown by the interactions A and B in <xref target="archi"/>. During this process, the Client obtains an access token from the AS and uploads it at the KDC, thus providing an evidence of the security groups that it can join, as associated with the topics of interest at the Broker. Based on the permissions specified in the access token, the Client can request the KDC to join a security group, after which the Client obtains from the KDC the keying material to use for communicating with the other group members. This builds on the process for joining security groups with ACE, as defined in <xref target="RFC9594"/> and further specified in this document.</t>
      <t>In addition, this profile allows an anonymous Client to perform some of the discovery operations defined in <xref section="2.3" sectionFormat="of" target="I-D.ietf-core-coap-pubsub"/> through the Broker, as shown by the interaction O in <xref target="archi"/>. That is, an anonymous Client can discover:</t>
      <ul spacing="normal">
        <li>
          <t>The Broker itself, by relying on the resource type "core.ps" (see <xref section="2.3.1" sectionFormat="of" target="I-D.ietf-core-coap-pubsub"/>); and</t>
        </li>
        <li>
          <t>Topics of interest at the Broker (i.e., the corresponding topic resources hosted at the Broker), by relying on the resource type "core.ps.conf" (see <xref section="2.3.3" sectionFormat="of" target="I-D.ietf-core-coap-pubsub"/>).</t>
        </li>
      </ul>
      <t>However, an anonymous Client is not allowed to access topic resources at the Broker and obtain from those any additional information or metadata about the corresponding topic (e.g., the topic status, the URI of the topic-data resource where to publish or subscribe for that topic, or the URI to the KDC).</t>
      <t>As highlighted in <xref target="associations"/>, each Client maintains two different security associations pertaining to the Pub-Sub group communication.</t>
      <t>On the one hand, the Client has a pairwise security association with the Broker, which, as an ACE RS, verifies that the Client is authorised to perform data operations (i.e., publish, subscribe, read, delete) on a certain set of topics (Security Association 1). As discussed above, this security association is set up with the help of the AS and using a transport profile of ACE, when the Client obtains the access token to upload at the Broker.</t>
      <t>On the other hand, separately for each topic, all the Publishers and Subscribers for that topic have a common, group security association, through which the published topic data sent through the Broker is protected end-to-end (Security Association 2). As discussed above, this security association is set up and maintained as the different Clients request the KDC to join the security group, upon which they obtain from the KDC the corresponding group keying material to use for protecting end-to-end and verifying the content of their Pub-Sub group communication.</t>
      <figure anchor="associations">
        <name>Security Associations between Publisher, Broker, and Subscriber</name>
        <artset>
          <artwork type="svg" align="center"><svg xmlns="http://www.w3.org/2000/svg" version="1.1" height="240" width="544" viewBox="0 0 544 240" class="diagram" text-anchor="middle" font-family="monospace" font-size="13px" stroke-linecap="round">
              <path d="M 8,32 L 8,112" fill="none" stroke="black"/>
              <path d="M 40,120 L 40,208" fill="none" stroke="black"/>
              <path d="M 72,120 L 72,160" fill="none" stroke="black"/>
              <path d="M 104,32 L 104,112" fill="none" stroke="black"/>
              <path d="M 216,32 L 216,112" fill="none" stroke="black"/>
              <path d="M 248,120 L 248,160" fill="none" stroke="black"/>
              <path d="M 288,120 L 288,160" fill="none" stroke="black"/>
              <path d="M 320,32 L 320,112" fill="none" stroke="black"/>
              <path d="M 432,32 L 432,112" fill="none" stroke="black"/>
              <path d="M 464,120 L 464,160" fill="none" stroke="black"/>
              <path d="M 504,120 L 504,208" fill="none" stroke="black"/>
              <path d="M 536,32 L 536,112" fill="none" stroke="black"/>
              <path d="M 8,32 L 104,32" fill="none" stroke="black"/>
              <path d="M 216,32 L 320,32" fill="none" stroke="black"/>
              <path d="M 432,32 L 536,32" fill="none" stroke="black"/>
              <path d="M 8,112 L 104,112" fill="none" stroke="black"/>
              <path d="M 216,112 L 320,112" fill="none" stroke="black"/>
              <path d="M 432,112 L 536,112" fill="none" stroke="black"/>
              <path d="M 72,160 L 112,160" fill="none" stroke="black"/>
              <path d="M 200,160 L 248,160" fill="none" stroke="black"/>
              <path d="M 288,160 L 336,160" fill="none" stroke="black"/>
              <path d="M 424,160 L 464,160" fill="none" stroke="black"/>
              <path d="M 40,208 L 224,208" fill="none" stroke="black"/>
              <path d="M 312,208 L 504,208" fill="none" stroke="black"/>
              <g class="text">
                <text x="56" y="68">Publisher</text>
                <text x="268" y="68">Broker</text>
                <text x="484" y="68">Subscriber</text>
                <text x="156" y="164">Security</text>
                <text x="380" y="164">Security</text>
                <text x="152" y="180">Association</text>
                <text x="208" y="180">1</text>
                <text x="376" y="180">Association</text>
                <text x="432" y="180">1</text>
                <text x="268" y="212">Security</text>
                <text x="264" y="228">Association</text>
                <text x="320" y="228">2</text>
              </g>
            </svg>
          </artwork>
          <artwork type="ascii-art" align="center"><![CDATA[
+-----------+             +------------+             +------------+
|           |             |            |             |            |
| Publisher |             |   Broker   |             | Subscriber |
|           |             |            |             |            |
|           |             |            |             |            |
+-----------+             +------------+             +------------+
    |   |                     |    |                     |    |
    |   |                     |    |                     |    |
    |   '----- Security ------'    '------ Security -----'    |
    |        Association 1               Association 1        |
    |                                                         |
    '----------------------- Security ------------------------'
                           Association 2
]]></artwork>
        </artset>
      </figure>
      <t>In summary, this profile specifies the following functionalities.</t>
      <ol spacing="normal" type="1"><li>
          <t>A Client obtains the authorization to participate in a Pub-Sub topic at the Broker with certain permissions. This pertains to operations defined in <xref target="I-D.ietf-core-coap-pubsub"/> for taking part in Pub-Sub communication with CoAP.</t>
        </li>
        <li>
          <t>A Client obtains the authorization to join a security group with certain permissions. This allows the Client to obtain from the KDC the group keying material for securely communicating with other group members, i.e., to protect end-to-end and verify the content published at the Broker on topics associated with the security group.</t>
        </li>
        <li>
          <t>A Client obtains from the KDC the authentication credentials of other group members, and provides or updates the KDC with its own authentication credential.</t>
        </li>
        <li>
          <t>A Client leaves the group or is removed from the group by the KDC.</t>
        </li>
        <li>
          <t>The KDC renews and redistributes the group keying material (rekeying), e.g., due to a membership change in the group.</t>
        </li>
      </ol>
      <t><xref target="groupcomm_requirements"/> compiles the list of requirements for this application profile of ACE and how they are fulfilled, consistent with the list of requirements defined in <xref section="A" sectionFormat="of" target="RFC9594"/>.</t>
    </section>
    <section anchor="authorisation">
      <name>Getting Authorisation to Join a Pub-Sub Security Group</name>
      <t><xref target="message-flow"/> provides a high level overview of the message flow for a Client getting authorisation to join a group. Square brackets denote optional steps. The message flow is expanded in the subsequent sections.</t>
      <figure anchor="message-flow">
        <name>Authorisation Flow</name>
        <artset>
          <artwork type="svg" align="center"><svg xmlns="http://www.w3.org/2000/svg" version="1.1" height="576" width="576" viewBox="0 0 576 576" class="diagram" text-anchor="middle" font-family="monospace" font-size="13px" stroke-linecap="round">
              <path d="M 16,48 L 16,560" fill="none" stroke="black"/>
              <path d="M 456,48 L 456,152" fill="none" stroke="black"/>
              <path d="M 456,184 L 456,328" fill="none" stroke="black"/>
              <path d="M 456,360 L 456,392" fill="none" stroke="black"/>
              <path d="M 456,424 L 456,448" fill="none" stroke="black"/>
              <path d="M 456,488 L 456,560" fill="none" stroke="black"/>
              <path d="M 520,48 L 520,392" fill="none" stroke="black"/>
              <path d="M 520,424 L 520,456" fill="none" stroke="black"/>
              <path d="M 520,488 L 520,560" fill="none" stroke="black"/>
              <path d="M 560,48 L 560,560" fill="none" stroke="black"/>
              <path d="M 32,64 L 112,64" fill="none" stroke="black"/>
              <path d="M 352,64 L 440,64" fill="none" stroke="black"/>
              <path d="M 32,96 L 160,96" fill="none" stroke="black"/>
              <path d="M 312,96 L 440,96" fill="none" stroke="black"/>
              <path d="M 32,112 L 168,112" fill="none" stroke="black"/>
              <path d="M 304,112 L 440,112" fill="none" stroke="black"/>
              <path d="M 16,160 L 72,160" fill="none" stroke="black"/>
              <path d="M 416,160 L 512,160" fill="none" stroke="black"/>
              <path d="M 24,176 L 72,176" fill="none" stroke="black"/>
              <path d="M 424,176 L 520,176" fill="none" stroke="black"/>
              <path d="M 16,224 L 80,224" fill="none" stroke="black"/>
              <path d="M 384,224 L 448,224" fill="none" stroke="black"/>
              <path d="M 24,240 L 80,240" fill="none" stroke="black"/>
              <path d="M 384,240 L 448,240" fill="none" stroke="black"/>
              <path d="M 32,288 L 48,288" fill="none" stroke="black"/>
              <path d="M 416,288 L 440,288" fill="none" stroke="black"/>
              <path d="M 16,336 L 88,336" fill="none" stroke="black"/>
              <path d="M 408,336 L 512,336" fill="none" stroke="black"/>
              <path d="M 24,352 L 88,352" fill="none" stroke="black"/>
              <path d="M 416,352 L 520,352" fill="none" stroke="black"/>
              <path d="M 16,400 L 104,400" fill="none" stroke="black"/>
              <path d="M 408,400 L 552,400" fill="none" stroke="black"/>
              <path d="M 24,416 L 104,416" fill="none" stroke="black"/>
              <path d="M 408,416 L 552,416" fill="none" stroke="black"/>
              <path d="M 16,464 L 72,464" fill="none" stroke="black"/>
              <path d="M 480,464 L 552,464" fill="none" stroke="black"/>
              <path d="M 24,480 L 104,480" fill="none" stroke="black"/>
              <path d="M 432,480 L 560,480" fill="none" stroke="black"/>
              <path d="M 16,528 L 152,528" fill="none" stroke="black"/>
              <path d="M 304,528 L 448,528" fill="none" stroke="black"/>
              <polygon class="arrowhead" points="560,464 548,458.4 548,469.6" fill="black" transform="rotate(0,552,464)"/>
              <polygon class="arrowhead" points="560,416 548,410.4 548,421.6" fill="black" transform="rotate(0,552,416)"/>
              <polygon class="arrowhead" points="560,400 548,394.4 548,405.6" fill="black" transform="rotate(0,552,400)"/>
              <polygon class="arrowhead" points="520,336 508,330.4 508,341.6" fill="black" transform="rotate(0,512,336)"/>
              <polygon class="arrowhead" points="520,160 508,154.4 508,165.6" fill="black" transform="rotate(0,512,160)"/>
              <polygon class="arrowhead" points="456,528 444,522.4 444,533.6" fill="black" transform="rotate(0,448,528)"/>
              <polygon class="arrowhead" points="456,240 444,234.4 444,245.6" fill="black" transform="rotate(0,448,240)"/>
              <polygon class="arrowhead" points="456,224 444,218.4 444,229.6" fill="black" transform="rotate(0,448,224)"/>
              <polygon class="arrowhead" points="448,288 436,282.4 436,293.6" fill="black" transform="rotate(0,440,288)"/>
              <polygon class="arrowhead" points="448,96 436,90.4 436,101.6" fill="black" transform="rotate(0,440,96)"/>
              <polygon class="arrowhead" points="448,64 436,58.4 436,69.6" fill="black" transform="rotate(0,440,64)"/>
              <polygon class="arrowhead" points="40,288 28,282.4 28,293.6" fill="black" transform="rotate(180,32,288)"/>
              <polygon class="arrowhead" points="40,112 28,106.4 28,117.6" fill="black" transform="rotate(180,32,112)"/>
              <polygon class="arrowhead" points="40,64 28,58.4 28,69.6" fill="black" transform="rotate(180,32,64)"/>
              <polygon class="arrowhead" points="32,480 20,474.4 20,485.6" fill="black" transform="rotate(180,24,480)"/>
              <polygon class="arrowhead" points="32,416 20,410.4 20,421.6" fill="black" transform="rotate(180,24,416)"/>
              <polygon class="arrowhead" points="32,352 20,346.4 20,357.6" fill="black" transform="rotate(180,24,352)"/>
              <polygon class="arrowhead" points="32,240 20,234.4 20,245.6" fill="black" transform="rotate(180,24,240)"/>
              <polygon class="arrowhead" points="32,176 20,170.4 20,181.6" fill="black" transform="rotate(180,24,176)"/>
              <g class="text">
                <text x="28" y="36">Client</text>
                <text x="460" y="36">Broker</text>
                <text x="524" y="36">AS</text>
                <text x="560" y="36">KDC</text>
                <text x="24" y="68">[</text>
                <text x="160" y="68">Discovery</text>
                <text x="212" y="68">of</text>
                <text x="248" y="68">Topic</text>
                <text x="308" y="68">Resource</text>
                <text x="448" y="68">]</text>
                <text x="24" y="100">[</text>
                <text x="204" y="100">Resource</text>
                <text x="272" y="100">Request</text>
                <text x="448" y="100">]</text>
                <text x="24" y="116">[</text>
                <text x="188" y="116">AS</text>
                <text x="248" y="116">Information</text>
                <text x="448" y="116">]</text>
                <text x="136" y="164">Authorisation</text>
                <text x="224" y="164">Request</text>
                <text x="300" y="164">(Audience:</text>
                <text x="376" y="164">Broker)</text>
                <text x="136" y="180">Authorisation</text>
                <text x="228" y="180">Response</text>
                <text x="308" y="180">(Audience:</text>
                <text x="384" y="180">Broker)</text>
                <text x="116" y="228">Upload</text>
                <text x="156" y="228">of</text>
                <text x="224" y="228">authorisation</text>
                <text x="328" y="228">information</text>
                <text x="144" y="244">Establishment</text>
                <text x="212" y="244">of</text>
                <text x="252" y="244">secure</text>
                <text x="328" y="244">association</text>
                <text x="24" y="292">[</text>
                <text x="96" y="292">Discovery</text>
                <text x="148" y="292">of</text>
                <text x="176" y="292">KDC</text>
                <text x="208" y="292">and</text>
                <text x="244" y="292">name</text>
                <text x="276" y="292">of</text>
                <text x="324" y="292">security</text>
                <text x="384" y="292">group</text>
                <text x="448" y="292">]</text>
                <text x="152" y="340">Authorisation</text>
                <text x="240" y="340">Request</text>
                <text x="316" y="340">(Audience:</text>
                <text x="380" y="340">KDC)</text>
                <text x="152" y="356">Authorisation</text>
                <text x="244" y="356">Response</text>
                <text x="324" y="356">(Audience:</text>
                <text x="388" y="356">KDC)</text>
                <text x="140" y="404">Upload</text>
                <text x="180" y="404">of</text>
                <text x="248" y="404">authorisation</text>
                <text x="352" y="404">information</text>
                <text x="168" y="420">Establishment</text>
                <text x="236" y="420">of</text>
                <text x="276" y="420">secure</text>
                <text x="352" y="420">association</text>
                <text x="112" y="468">Request</text>
                <text x="156" y="468">to</text>
                <text x="188" y="468">join</text>
                <text x="224" y="468">the</text>
                <text x="276" y="468">security</text>
                <text x="336" y="468">group</text>
                <text x="376" y="468">for</text>
                <text x="408" y="468">the</text>
                <text x="448" y="468">topic</text>
                <text x="140" y="484">Keying</text>
                <text x="204" y="484">material</text>
                <text x="256" y="484">for</text>
                <text x="288" y="484">the</text>
                <text x="340" y="484">security</text>
                <text x="400" y="484">group</text>
                <text x="196" y="532">Resource</text>
                <text x="264" y="532">Request</text>
                <text x="176" y="548">(Publication/Subscription</text>
                <text x="292" y="548">to</text>
                <text x="320" y="548">the</text>
                <text x="364" y="548">topic)</text>
              </g>
            </svg>
          </artwork>
          <artwork type="ascii-art" align="center"><![CDATA[
Client                                                Broker    AS  KDC
 |                                                      |       |    |
 |[<---------- Discovery of Topic Resource ----------->]|       |    |
 |                                                      |       |    |
 |[----------------- Resource Request ---------------->]|       |    |
 |[<----------------- AS Information ------------------]|       |    |
 |                                                      |       |    |
 |                                                      |       |    |
 +------- Authorisation Request (Audience: Broker) ------------>|    |
 |<------ Authorisation Response (Audience: Broker) ------------+    |
 |                                                      |       |    |
 |                                                      |       |    |
 +-------- Upload of authorisation information -------->|       |    |
 |<------- Establishment of secure association -------->|       |    |
 |                                                      |       |    |
 |                                                      |       |    |
 |[<-- Discovery of KDC and name of security group --->]|       |    |
 |                                                      |       |    |
 |                                                      |       |    |
 +--------- Authorisation Request (Audience: KDC) ------------->|    |
 |<-------- Authorisation Response (Audience: KDC) -------------+    |
 |                                                      |       |    |
 |                                                      |       |    |
 +----------- Upload of authorisation information ------------------>|
 |<---------- Establishment of secure association ------------------>|
 |                                                      |       |    |
 |                                                      |       |    |
 +------- Request to join the security group for the topic --------->|
 |<---------- Keying material for the security group ----------------+
 |                                                      |       |    |
 |                                                      |       |    |
 +----------------- Resource Request ------------------>|       |    |
 |       (Publication/Subscription to the topic)        |       |    |
 |                                                      |       |    |
]]></artwork>
        </artset>
      </figure>
      <t>As shown in <xref target="message-flow"/>, after a Client obtains authorisation information for participating in a Pub-Sub topic with name TOPICNAME (see <xref target="auth-request"/> and <xref target="as-response"/>), the Client uploads that information at the Broker as per the specific transport profile of ACE used, e.g., <xref target="RFC9202"/> or <xref target="RFC9203"/>.</t>
      <t>Following that, the Client can perform the optional discovery of the KDC and security group name at the Broker, by accessing the topic resource corresponding to the topic in question (see <xref target="kdc-discovery"/>).</t>
      <t>In order to ensure that the Client can seamlessly access the right topic resource at the Broker, it is <bcp14>RECOMMENDED</bcp14> that a Broker implementing this application profile uses the path /ps/TOPICNAME to host the topic resource for the topic with name TOPICNAME. Alternatively, the Client might not know the right topic resource to target and thus would attempt to access different ones (e.g., based on the result of an early discovery of topic resources, see <xref target="topic-discovery"/>), until it finds the right one specifying TOPICNAME as value of the 'topic-name' parameter in the resource representation.</t>
      <t>Separately, after the Client obtains authorisation information for joining the security group at the KDC (see <xref target="auth-request"/> and <xref target="as-response"/>), the Client uploads that information at the KDC (see <xref target="token-post"/>). Following that, the Client can join the security group at the KDC and thus obtain the corresponding keying material (see <xref target="join"/>).</t>
      <t>Once the steps above have been completed, the Client can take part in the secure group communication for the topic TOPICNAME, e.g., by publishing data to the topic through a request targeting the topic-data resource at the Broker.</t>
      <t>Note that the overview in <xref target="message-flow"/> shows the specific sequence of steps where the Client: first associates with the Broker for participating in a topic; then discovers the KDC and the name of the security group through the Broker; and finally associates with the KDC, through which it joins the security group. However, if the Client is early aware about how to reach the KDC and about the name of the security group, the Client can instead: first associate with the KDC and join the security group, and then associate with the Broker for participating in the topic.</t>
      <t>Since <xref target="RFC9200"/> recommends the use of CoAP and CBOR, this document describes the exchanges assuming that CoAP and CBOR are used. However, using HTTP instead of CoAP is possible, by leveraging the corresponding parameters and methods. Analogously, JSON <xref target="RFC8259"/> can be used instead of CBOR, by relying on the conversion method specified in Sections <xref target="RFC8949" section="6.1" sectionFormat="bare"/> and <xref target="RFC8949" section="6.2" sectionFormat="bare"/> of <xref target="RFC8949"/>. If JSON is used, the Content-Format of the message has to be specified accordingly. Exact definitions of these exchanges are out of scope for this document.</t>
      <section anchor="topic-discovery">
        <name>Topic Discovery at the Broker (Optional)</name>
        <t>The discovery of a topic at the Broker can be performed by discovering the corresponding topic resource hosted at the Broker. For example, the Client can send a lookup request to /.well-known/core at the Broker, specifying as lookup criterion the resource type "core.ps.conf" (see <xref section="2.3.3" sectionFormat="of" target="I-D.ietf-core-coap-pubsub"/>).</t>
        <t>Although the links to the topic resources are also specified in the representation of the collection resource at the Broker (see <xref section="2.4" sectionFormat="of" target="I-D.ietf-core-coap-pubsub"/>), the Client is not supposed to access such a resource, as intended for administrative operations that are out of the scope of this document.</t>
      </section>
      <section anchor="AS-discovery">
        <name>AS Discovery at the Broker (Optional)</name>
        <t>Complementary to what is defined in <xref section="5.1" sectionFormat="of" target="RFC9200"/> for AS discovery, the Broker <bcp14>MAY</bcp14> send the address of the AS to the Client in the 'AS' parameter of the AS Request Creation Hints, as a response to an Unauthorised Resource Request (see <xref section="5.2" sectionFormat="of" target="RFC9200"/>). An example using the CBOR diagnostic notation and CoAP is given below.</t>
        <figure anchor="AS-info-ex">
          <name>AS Request Creation Hints Example</name>
          <artwork align="left"><![CDATA[
    4.01 Unauthorized
    Content-Format: 19 (application/ace+cbor)
    Payload:
    {
     / AS / 1 : "coaps://as.example.com/token"
    }
]]></artwork>
        </figure>
      </section>
      <section anchor="kdc-discovery">
        <name>KDC Discovery at the Broker (Optional)</name>
        <t>Once a Client has obtained an access token from the AS and accordingly established a secure association with the Broker, the Client has the permission to access the topic resources at the Broker that pertain to the topics on which the Client is authorised to operate.</t>
        <t>In particular the Client is authorised to retrieve the representation of a topic resource, from which the Client can retrieve information related to the topic in question, as specified in Sections <xref target="I-D.ietf-core-coap-pubsub" section="2.5.1" sectionFormat="bare"/> and <xref target="I-D.ietf-core-coap-pubsub" section="2.5.2" sectionFormat="bare"/> of <xref target="I-D.ietf-core-coap-pubsub"/>.</t>
        <t>This profile extends the set of CoAP Pub-Sub Topic Properties that is possible to specify within the representation of a topic resource, as originally defined in <xref section="2.2.1" sectionFormat="of" target="I-D.ietf-core-coap-pubsub"/>. In particular, this profile defines the following two topic properties that the Broker can specify in a response to a GET or FETCH request that targets a topic resource (see Sections <xref target="I-D.ietf-core-coap-pubsub" section="2.5.1" sectionFormat="bare"/> and <xref target="I-D.ietf-core-coap-pubsub" section="2.5.2" sectionFormat="bare"/> of <xref target="I-D.ietf-core-coap-pubsub"/>), with the FETCH request using the Content-Format "application/cbor". Note that, when these topic properties are transported in their respective fields of the response payload, the Content-Format "application/core-pubsub+cbor" defined in <xref target="I-D.ietf-core-coap-pubsub"/> is used.</t>
        <ul spacing="normal">
          <li>
            <t>'kdc-uri', with value the URI of the group-membership resource at the KDC, where Clients can send a request to join the security group associated with the topic in question. The URI is encoded as a CBOR text string. Clients will have to obtain an access token from the AS to upload at the KDC, before starting the process to join the security group at the KDC. The CBOR abbreviation for this topic property is registered in <xref target="iana-pubsub-topic-properties"/>.</t>
          </li>
          <li>
            <t>'sec-gp', specifying the name of the security group associated with the topic in question, as a stable and invariant identifier. The name of the security group is encoded as a CBOR text string. The CBOR abbreviation for this topic property is registered in <xref target="iana-pubsub-topic-properties"/>.</t>
          </li>
        </ul>
        <t>Furthermore, the Resource Type (rt=) Link Target Attribute value "core.ps.gm" is registered in <xref target="core_rt"/> (REQ10) and can be used to describe group-membership resources at the KDC, e.g., by using a CoRE link-format document <xref target="RFC6690"/>. As an alternative to the discovery approach defined above and provided by the Broker, applications can use this common resource type to discover links to group-membership resources at the KDC for joining security groups associated with Pub-Sub topics.</t>
      </section>
      <section anchor="auth-request">
        <name>Authorisation Request/Response for the KDC and the Broker</name>
        <t>A Client sends two Authorisation Requests to the AS, targeting two different audiences, i.e., the Broker and the KDC.</t>
        <t>As to the former, the AS handles Authorisation Requests related to a topic for which the Client is allowed to perform topic data operations at the Broker, as corresponding to an application group.</t>
        <t>As to the latter, the AS handles Authorization Requests for security groups that the Client is allowed to join, in order to obtain the group keying material for protecting end-to-end and verifying the content of exchanged messages on the associated Pub-Sub topics.</t>
        <t>This section builds on <xref section="3" sectionFormat="of" target="RFC9594"/> and defines only additions or modifications to that specification.</t>
        <t>Both Authorisation Requests include the following fields (see <xref section="3.1" sectionFormat="of" target="RFC9594"/>):</t>
        <ul spacing="normal">
          <li>
            <t>'scope': Optional. If present, it specifies the following information, depending on the specifically targeted audience.  </t>
            <t>
If the audience is the Broker, the scope specifies the names of the topics that the Client wishes to access, together with the corresponding requested permissions.  </t>
            <t>
If the audience is the KDC, the scope specifies the names of the security groups that the Client wishes to join, together with the corresponding requested permissions.  </t>
            <t>
This parameter is encoded as a CBOR byte string, whose value is the binary encoding of a CBOR array. The format of the encoded scope <bcp14>MUST</bcp14> follow the data model AIF-PUBSUB-GROUPCOMM defined in <xref target="scope"/>.  </t>
            <t>
The textual format specified in <xref section="3.1" sectionFormat="of" target="RFC9594"/> is not used in this application profile (OPT1).</t>
          </li>
          <li>
            <t>'audience': Required identifier corresponding to either the Broker or the KDC.</t>
          </li>
        </ul>
        <t>Other additional parameters can be included if necessary, as defined in <xref target="RFC9200"/>.</t>
        <t>When using this profile, it is expected that a one-to-one mapping is enforced between the application group and the security group (see <xref target="overview"/>). If this is not the case, the correct access policies for both sets of scopes have to be available to the AS.</t>
        <section anchor="scope">
          <name>Format of Scope</name>
          <t>Building on <xref section="3.1" sectionFormat="of" target="RFC9594"/>, this section defines the exact format and encoding of scope used in this profile.</t>
          <t>To this end, this profile uses the Authorization Information Format (AIF) <xref target="RFC9237"/> (REQ1). With reference to the generic AIF model</t>
          <sourcecode type="cddl"><![CDATA[
      AIF-Generic<Toid, Tperm> = [* [Toid, Tperm]]
]]></sourcecode>
          <t>the value of the CBOR byte string used as scope encodes the CBOR array [* [Toid, Tperm]], where each [Toid, Tperm] element corresponds to one scope entry.</t>
          <t>Furthermore, this document defines the new AIF data model AIF-PUBSUB-GROUPCOMM that this profile <bcp14>MUST</bcp14> use to format and encode scope entries.</t>
          <t>In particular, the following holds for each scope entry.</t>
          <t>The object identifier ("Toid") is specialized as a CBOR data item specifying the name of the group pertaining to the scope entry.</t>
          <t>The permission set ("Tperm") is specialized as a CBOR unsigned integer with value R, specifying the permissions that the Client wishes to have in the group indicated by "Toid".</t>
          <t>More specifically, the following applies when, as defined in this document, a scope entry includes a set of permissions for user-related operations performed by a Pub-Sub Client.</t>
          <ul spacing="normal">
            <li>
              <t>The object identifier ("Toid") is a CBOR text string, specifying the name of one application group (topic) or of the corresponding security group to which the scope entry pertains.</t>
            </li>
            <li>
              <t>The permission set ("Tperm") is a CBOR unsigned integer, whose value R specifies the operations that the Client wishes to or has been authorised to perform on the resources at the Broker associated with the application group (topic) indicated by "Toid", or on the resources at the KDC associated with the security group indicated by "Toid" (REQ1). The value R is computed as follows.  </t>
              <ul spacing="normal">
                <li>
                  <t>Each operation (i.e., permission detail) in the permission set is converted into the corresponding numeric identifier X taken from the following set.      </t>
                  <ul spacing="normal">
                    <li>
                      <t>Admin (0): This operation is reserved for scope entries that express permissions for Administrators of Pub-Sub groups, which are not specified in this document.</t>
                    </li>
                    <li>
                      <t>AppGroup (1): This operation is indicated as wished/authorised when "Toid" specifies the name of an application group (topic), while it is indicated as not wished/authorised when Toid specifies the name of a security group.</t>
                    </li>
                    <li>
                      <t>Publish (2): This operation concerns the publication of data to the topic in question, performed by means of a PUT request sent by a Publisher Client to the corresponding topic-data resource at the Broker.</t>
                    </li>
                    <li>
                      <t>Read (3): This operation concerns both: i) the subscription at the topic-data resource for the topic in question at the Broker, performed by means of a GET request with the CoAP Observe Option set to 0 and sent by a Subscriber Client; and ii) the simple reading of the latest data published to the topic in question, performed by means of a simple GET request sent to the same topic-data resource.</t>
                    </li>
                    <li>
                      <t>Delete (4): This operation concerns the deletion of the topic-data resource for the topic in question at the Broker, performed by means of a DELETE request sent to that resource.          </t>
                      <t>
If a Client wishes to have authorised only the Delete operation on an application group, then the Client does not need to join the corresponding security group, hence it does not need to request an access token for interacting with the KDC.          </t>
                      <t>
If a Client wishes to have authorised the Delete operation on a security group, then the AS and the KDC ignore the wish for that operation when processing the scope entry in question.</t>
                    </li>
                  </ul>
                </li>
                <li>
                  <t>The set of N numeric identifiers is converted into the single value R, by taking two to the power of each numeric identifier X_1, X_2, ..., X_N, and then computing the inclusive OR of the binary representations of all the power values.</t>
                </li>
              </ul>
              <t>
Since this application profile considers user-related operations, the "Admin" operation is indicated as not wished/authorised. That is, the scope entries <bcp14>MUST</bcp14> have the least significant bit of "Tperm" set to 0.</t>
            </li>
          </ul>
          <t>If the "Toid" of a scope entry in an access token specifies the name of an application group (i.e., the "AppGroup" operation is indicated as authorised), the Client has also the permission to retrieve the configuration of the application group (topic) whose name is indicated by "Toid", by sending a GET or FETCH request to the corresponding topic resource at the Broker.</t>
          <t>The specific interactions between the Client and the Broker are defined in <xref target="I-D.ietf-core-coap-pubsub"/>.</t>
          <t>The following CDDL <xref target="RFC8610"/> notation defines a scope entry that uses the AIF-PUBSUB-GROUPCOMM data model and expresses a set of permissions.</t>
          <figure anchor="scope-aif">
            <name>Pub-Sub scope using the AIF format</name>
            <sourcecode type="cddl"><![CDATA[
   ;# include rfc9237

   AIF-PUBSUB-GROUPCOMM = AIF-Generic<pubsub-group, pubsub-perm>

   pubsub-group = tstr ; name of Pub-Sub topic or of
                       ; the associated security group

   pubsub-perm = uint .bits pubsub-perm-details

   pubsub-perm-details = &(
    Admin: 0,
    AppGroup: 1,
    Publish: 2,
    Read: 3,
    Delete: 4
   )

   scope_entry = [pubsub-group, pubsub-perm]
]]></sourcecode>
          </figure>
          <t>As per the guidelines in <xref target="RFC9237"/>, <xref target="aif"/> and <xref target="content_formats"/> register the specific instance of "Toid" and "Tperm" as media type parameters and a corresponding Content-Format (REQ2).</t>
        </section>
      </section>
      <section anchor="as-response">
        <name>Authorization Response</name>
        <t>The AS replies with an Authorization Response as defined in <xref section="5.8.2" sectionFormat="of" target="RFC9200"/> and <xref section="3.2" sectionFormat="of" target="RFC9594"/>, with the following additions:</t>
        <ul spacing="normal">
          <li>
            <t>In the Authorization Response, the AS <bcp14>MUST</bcp14> include the 'expires_in' parameter.</t>
          </li>
          <li>
            <t>In the Authorization Response, the AS <bcp14>MUST</bcp14> include the 'scope' parameter, when the value included in the access token differs from the one specified by the Client in the Authorization Request.  In such a case, the second element of each scope entry specifies the set of operations that the Client is authorised for that scope entry, encoded as specified in <xref target="auth-request"/>.</t>
          </li>
        </ul>
        <t>Furthermore, the AS <bcp14>MAY</bcp14> use the extended format of scope defined in <xref section="7" sectionFormat="of" target="RFC9594"/> for the 'scope' claim of the access token. In such a case, the AS <bcp14>MUST</bcp14> use the CBOR tag with tag number TAG_NUMBER, associated with the CoAP Content-Format CF_ID for the media type "application/aif+cbor" registered in <xref target="content_formats"/> of this document (REQ28).</t>
        <t>Note to RFC Editor: In the previous paragraph, please replace "TAG_NUMBER" with the CBOR tag number computed as TN(ct) in <xref section="4.3" sectionFormat="of" target="RFC9277"/>, where ct is the ID assigned to the CoAP Content-Format registered in <xref target="content_formats"/> of this document.  Then, please replace "CF_ID" with the ID assigned to that CoAP Content-Format.  Finally, please delete this paragraph.</t>
        <t>This indicates that the binary encoded scope follows the scope semantics defined for this application profile in <xref target="scope"/> of this document.</t>
      </section>
      <section anchor="token-post">
        <name>Token Transfer to the KDC</name>
        <t>The Client transfers its access token to the KDC using one of the methods defined in <xref section="3.3" sectionFormat="of" target="RFC9594"/>. This typically includes sending a POST request to the /authz-info endpoint. However, if the DTLS transport profile of ACE <xref target="RFC9202"/> is used and the Client uses a symmetric proof-of-possession (PoP) key in the DTLS handshake, the Client <bcp14>MAY</bcp14> provide the access token to the KDC in the "psk_identity" field of the DTLS ClientKeyExchange message when using DTLS 1.2 <xref target="RFC6347"/>, or in the "identity" field of a PskIdentity within the PreSharedKeyExtension of the ClientHello message when using DTLS 1.3 <xref target="RFC9147"/>. In addition to that, the following applies.</t>
        <t>In the Token Transfer Response to the Publishers, i.e., the Clients whose scope of the access token includes the "Publish" permission for at least one scope entry, the KDC <bcp14>MUST</bcp14> include the parameter 'kdcchallenge' in the CBOR map. 'kdcchallenge' is a challenge N_S generated by the KDC. As to the N_S value, it is <bcp14>RECOMMENDED</bcp14> to be at least 8 bytes long and it is <bcp14>RECOMMENDED</bcp14> to be a random value. Later when joining the group, the Publisher can use the 'kdcchallenge' challenge as part of proving possession of its private key (see <xref target="RFC9594"/>). If a Publisher provides the access token to the KDC through an /authz-info endpoint, the Client <bcp14>MUST</bcp14> support the parameter 'kdcchallenge' (REQ30).</t>
        <t>If 'sign_info' is included in the Token Transfer Request, the KDC <bcp14>SHOULD</bcp14> include the 'sign_info' parameter in the Token Transfer Response. Note that the joining node may have obtained such information by alternative means, e.g., information conveyed in the 'sign_info' parameter may have been pre-configured (OPT3).</t>
        <t>The following applies for each element 'sign_info_entry'.</t>
        <ul spacing="normal">
          <li>
            <t>'sign_alg' <bcp14>MUST</bcp14> take its value from the "Value" column of one of the recommended algorithms in the "COSE Algorithms" registry <xref target="IANA.COSE.Algorithms"/> (REQ3).</t>
          </li>
          <li>
            <t>'sign_parameters' is a CBOR array.  Its format and value are the same of the COSE capabilities array for the algorithm indicated in 'sign_alg' under the "Capabilities" column of the "COSE Algorithms" registry <xref target="IANA.COSE.Algorithms"/> (REQ4).</t>
          </li>
          <li>
            <t>'sign_key_parameters' is a CBOR array.  Its format and value are the same of the COSE capabilities array for the COSE key type of the keys used with the algorithm indicated in 'sign_alg', as specified for that key type in the "Capabilities" column of the "COSE Key Types" registry <xref target="IANA.COSE.Key.Types"/> (REQ5).</t>
          </li>
          <li>
            <t>'cred_fmt' takes value from the "Label" column of the "COSE Header Parameters" registry <xref target="IANA.COSE.Header.Parameters"/> (REQ6). Acceptable values denote a format of authentication credential that <bcp14>MUST</bcp14> explicitly provide the public key as well as the comprehensive set of information related to the public key algorithm, including, e.g., the used elliptic curve (when applicable).  </t>
            <t>
Acceptable formats of authentication credentials include CBOR Web Tokens (CWTs) and CWT Claims Sets (CCSs) <xref target="RFC8392"/>, X.509 certificates <xref target="RFC7925"/>, and C509 certificates <xref target="I-D.ietf-cose-cbor-encoded-cert"/>. Future formats would be acceptable to use as long as they comply with the criteria defined above.</t>
          </li>
        </ul>
        <t>This application profile does not define additional parameters to be used in the exchange of Token Transfer Request and Response (OPT2).</t>
      </section>
    </section>
    <section anchor="kdc-interface">
      <name>Client Group Communication Interface at the KDC</name>
      <t>In order to enable secure group communication for the Pub-Sub Clients, the KDC provides the resources listed in <xref target="tab-kdc-resources"/>.</t>
      <t>The entry of each resource specifies the CoAP methods by means of which it is permitted to access that resource, for nodes with different roles in the group or as non-members. Except for accessing the /ace-group resource with the FETCH method (to retrieve security group names through their group identifiers) and the /ace-group/GROUPNAME resource with the POST method (to join the security group with name GROUPNAME), all other operations are permitted only to current members of the security group with name GROUPNAME (REQ11).</t>
      <t>The GROUPNAME segment of the URI path <bcp14>MUST</bcp14> match with the group name specified in the scope entry of the scope in the access token (i.e., 'gname' in <xref section="3.1" sectionFormat="of" target="RFC9594"/>) (REQ7). Therefore, a group name has to be consistent with the semantics of URI path segments (see <xref section="3.3" sectionFormat="of" target="RFC3986"/>).</t>
      <t>Each resource is marked as <bcp14>REQUIRED</bcp14> or <bcp14>OPTIONAL</bcp14> to be hosted at the KDC (REQ9).</t>
      <table align="center" anchor="tab-kdc-resources">
        <name>Resources at the KDC</name>
        <thead>
          <tr>
            <th align="left">KDC resource</th>
            <th align="left">Description</th>
            <th align="left">Operations</th>
          </tr>
        </thead>
        <tbody>
          <tr>
            <td align="left">/ace-group</td>
            <td align="left">
              <bcp14>REQUIRED</bcp14>. Contains a set of group names, each corresponding to one of the specified group identifiers.</td>
            <td align="left">FETCH (All Clients)</td>
          </tr>
          <tr>
            <td align="left">/ace-group/GROUPNAME</td>
            <td align="left">
              <bcp14>REQUIRED</bcp14>. Contains symmetric group keying material associated with GROUPNAME.</td>
            <td align="left">GET, POST (All Clients)</td>
          </tr>
          <tr>
            <td align="left">/ace-group/GROUPNAME/creds</td>
            <td align="left">
              <bcp14>REQUIRED</bcp14>. Contains the authentication credentials of all the Publishers of the group with name GROUPNAME.</td>
            <td align="left">GET, FETCH (All Clients)</td>
          </tr>
          <tr>
            <td align="left">/ace-group/GROUPNAME/num</td>
            <td align="left">
              <bcp14>REQUIRED</bcp14>. Contains the current version number for the symmetric group keying material of the group with name GROUPNAME.</td>
            <td align="left">GET (All Clients)</td>
          </tr>
          <tr>
            <td align="left">/ace-group/GROUPNAME/nodes/NODENAME</td>
            <td align="left">
              <bcp14>REQUIRED</bcp14>. Contains the group keying material for that group member NODENAME in GROUPNAME.</td>
            <td align="left">GET, DELETE (All Clients). POST (Publishers).</td>
          </tr>
          <tr>
            <td align="left">/ace-group/GROUPNAME/nodes/NODENAME/cred</td>
            <td align="left">
              <bcp14>REQUIRED</bcp14>. Contains the authentication credential for NODENAME in the group GROUPNAME.</td>
            <td align="left">POST (Publishers)</td>
          </tr>
          <tr>
            <td align="left">/ace-group/GROUPNAME/kdc-cred</td>
            <td align="left">
              <bcp14>REQUIRED</bcp14> if the group rekeying scheme used requires the use of a KDC authentication credential. Contains the authentication credential of the KDC for the group with name GROUPNAME.</td>
            <td align="left">GET (All Clients)</td>
          </tr>
          <tr>
            <td align="left">/ace-group/GROUPNAME/policies</td>
            <td align="left">
              <bcp14>OPTIONAL</bcp14>. Contains the group policies of the group with name GROUPNAME.</td>
            <td align="left">GET (All Clients)</td>
          </tr>
        </tbody>
      </table>
      <t>The use of these resources follows what is defined in <xref target="RFC9594"/>, and only additions or modifications to that specification are defined in this document. With respect to <xref target="RFC9594"/>, this document does not define new operations for Clients interacting with the KDC (REQ12).</t>
      <t>Consistent with what is defined in <xref section="4.1.2" sectionFormat="of" target="RFC9594"/>, some error responses from the KDC can convey error-specific information according to the problem-details format specified in <xref target="RFC9290"/>. This application profile does not define additional identifiers of error types as values of the 'error-id' field within the Custom Problem Detail entry 'ace-groupcomm-error' (OPT5).</t>
      <section anchor="join">
        <name>Joining a Security Group</name>
        <t>This section describes the interactions between a Client and the KDC to join a security group. Source authentication of a message sent within the group is ensured by means of a digital signature embedded in the message. Subscribers have to be able to retrieve Publishers' authentication credentials from a trusted repository, to verify source authentication of received messages. Hence, on joining a security group, a Publisher is expected to provide its own authentication credential to the KDC.</t>
        <t>On a successful join, the Clients receive from the KDC the symmetric COSE Key <xref target="RFC9052"/> that is used as the shared group key to protect the payload of published topic data.</t>
        <t>The message exchange between the joining node and the KDC follows what is defined in <xref section="4.3.1.1" sectionFormat="of" target="RFC9594"/>, and only additions or modifications to that specification are defined in this document.</t>
        <figure anchor="join-flow">
          <name>Join Flow</name>
          <artset>
            <artwork type="svg" align="center"><svg xmlns="http://www.w3.org/2000/svg" version="1.1" height="144" width="320" viewBox="0 0 320 144" class="diagram" text-anchor="middle" font-family="monospace" font-size="13px" stroke-linecap="round">
                <path d="M 32,48 L 32,112" fill="none" stroke="black"/>
                <path d="M 304,48 L 304,112" fill="none" stroke="black"/>
                <path d="M 32,64 L 72,64" fill="none" stroke="black"/>
                <path d="M 248,64 L 296,64" fill="none" stroke="black"/>
                <path d="M 40,96 L 72,96" fill="none" stroke="black"/>
                <path d="M 256,96 L 304,96" fill="none" stroke="black"/>
                <polygon class="arrowhead" points="304,64 292,58.4 292,69.6" fill="black" transform="rotate(0,296,64)"/>
                <polygon class="arrowhead" points="48,96 36,90.4 36,101.6" fill="black" transform="rotate(180,40,96)"/>
                <g class="text">
                  <text x="28" y="36">Client</text>
                  <text x="304" y="36">KDC</text>
                  <text x="100" y="68">Join</text>
                  <text x="152" y="68">Request</text>
                  <text x="212" y="68">(CoAP)</text>
                  <text x="100" y="100">Join</text>
                  <text x="156" y="100">Response</text>
                  <text x="220" y="100">(CoAP)</text>
                </g>
              </svg>
            </artwork>
            <artwork type="ascii-art" align="center"><![CDATA[
   Client                              KDC
      |                                 |
      +----- Join Request (CoAP) ------>|
      |                                 |
      |<---- Join Response (CoAP) ------+
      |                                 |
]]></artwork>
          </artset>
        </figure>
        <section anchor="join-request">
          <name>Join Request</name>
          <t>After establishing a secure communication association with the KDC, the Client sends a Join Request to the KDC as described in <xref section="4.3" sectionFormat="of" target="RFC9594"/>. More specifically, the Client sends a POST request to the /ace-group/GROUPNAME endpoint, with Content-Format "application/ace-groupcomm+cbor". The payload contains the following information formatted as a CBOR map, which <bcp14>MUST</bcp14> be encoded as defined in <xref section="4.3.1" sectionFormat="of" target="RFC9594"/>:</t>
          <ul spacing="normal">
            <li>
              <t>'scope': It <bcp14>MUST</bcp14> be present and its value <bcp14>MUST</bcp14> indicate the group that the Client is attempting to join, i.e., the group name, and the permissions that the Client wishes to have in the group. This value corresponds to one scope entry, as defined in <xref target="scope"/>.</t>
            </li>
            <li>
              <t>'get_creds': It <bcp14>MAY</bcp14> be present if the Client wishes to join as a Subscriber and wants to retrieve the public keys of all the Publishers upon joining. Otherwise, this parameter <bcp14>MUST NOT</bcp14> be present. If the parameter is present, the parameter <bcp14>MUST</bcp14> encode the CBOR simple value <tt>null</tt> (0xf6). Note that the parameter 'role_filter' is not necessary, as the KDC returns the authentication credentials of Publishers by default.</t>
            </li>
            <li>
              <t>'client_cred': The use of this parameter is detailed in <xref target="client_cred"/>.</t>
            </li>
            <li>
              <t>'cnonce': It specifies a challenge N_C generated by the Client. As to the N_C value, it is <bcp14>RECOMMENDED</bcp14> to be at least 8 bytes long and it is <bcp14>RECOMMENDED</bcp14> to be a random value. Join Requests include a new 'cnonce' at each join attempt.</t>
            </li>
            <li>
              <t>'client_cred_verify': The use of this parameter is detailed in <xref target="pop"/>.</t>
            </li>
          </ul>
          <t>As a Publisher Client has its own authentication credential to use in a group, it <bcp14>MUST</bcp14> support the 'client_cred' and 'client_cred_verify' parameters (REQ30).</t>
          <t>For this application profile, the 'creds_repo' parameter is not relevant, since the KDC always acts as repository of the Publishers' authentication credentials. Consequently, no encoding is defined for this parameter (OPT6).</t>
          <t>This application profile does not define the functionalities that are implemented at the resource possibly hosted by the Client at the URI indicated in the 'control_uri' parameter (OPT7), if included in the Join Request.</t>
          <section anchor="client_cred">
            <name>Client Credential in 'client_cred'</name>
            <t>One of the following cases can occur when a new Client attempts to join a security group.</t>
            <ul spacing="normal">
              <li>
                <t>The joining node is not a Publisher, i.e., it is not going to send data to the application group.  In this case, the joining node is not required to provide its own authentication credential to the KDC. If the joining node still provides an authentication credential in the 'client_cred' parameter of the Join Request (see <xref target="join-request"/>), the KDC silently ignores that parameter, as well as the related parameter 'client_cred_verify' if present.</t>
              </li>
              <li>
                <t>The joining node wishes to join as a Publisher and the KDC has not previously acquired an authentication credential of the joining node. Then, the joining node <bcp14>MUST</bcp14> provide a compatible authentication credential in the 'client_cred' parameter of the Join Request (see <xref target="join-request"/>).</t>
              </li>
              <li>
                <t>The joining node wishes to join as a Publisher and the KDC already acquired the authentication credential of the joining node, either during a past group joining process or when establishing a secure communication association using asymmetric proof-of-possession keys.  </t>
                <t>
If the joining node's authentication credential as well as the included public key are compatible with the signature algorithm used in the security group and with possible associated parameters, then the authentication credential can be used in the group. In this case, the joining node <bcp14>MAY</bcp14> choose not to provide again its authentication credential to the KDC, in order to limit the size of the Join Request.  </t>
                <t>
If the joining node chooses to do so, then the following applies when composing the Join Request: the value of the 'client_cred' parameter specifies an empty authentication credential, i.e., its value is set to the empty CBOR byte string (0x40); the 'client_cred_verify' parameter is omitted. If the 'client_cred' parameter specifies the empty CBOR byte string (0x40), the KDC silently ignores the 'client_cred_verify' parameter if present.</t>
              </li>
            </ul>
            <t>The joining node <bcp14>MUST</bcp14> provide the KDC with its own authentication credential again, if it has previously provided the KDC with multiple authentication credentials intended for different security groups.</t>
            <t>If the joining node provides its authentication credential, the KDC performs the consistency checks above and, in the case of success, considers it as the authentication credential associated with the joining node in the group.</t>
          </section>
          <section anchor="pop">
            <name>Proof of Possession through 'client_cred_verify'</name>
            <t>The 'client_cred_verify' parameter contains the proof-of-possession (PoP) evidence and is computed by the joining node to prove the possession of its own private key. The PoP evidence is computed as defined below (REQ14).</t>
            <t>The joining node signs the scope, concatenated with N_S and further concatenated with N_C, by using the private key corresponding to the public key included in the authentication credential that is specified in the 'client_cred' parameter.</t>
            <t>The N_S may be either of the following:</t>
            <ul spacing="normal">
              <li>
                <t>The challenge received from the KDC in the 'kdcchallenge' parameter of the 2.01 (Created) response to the Token Transfer Request (see <xref target="token-post"/>).</t>
              </li>
              <li>
                <t>If the provisioning of the access token to the KDC has relied on the DTLS profile of ACE <xref target="RFC9202"/> and the access token was specified in the "psk_identity" field of the ClientKeyExchange message when using DTLS 1.2 <xref target="RFC6347"/>, then N_S is an exporter value computed as defined in <xref section="4" sectionFormat="of" target="RFC5705"/> (REQ15).  </t>
                <t>
Specifically, N_S is exported from the DTLS session between the joining node and the KDC, using an empty context value (i.e., a context value of zero-length), 32 as length value in bytes, and the exporter label "EXPORTER-ACE-Sign-Challenge-coap-pubsub-app" defined in <xref target="tls_exporter"/> of this document.  </t>
                <t>
The same as above holds if TLS 1.2 <xref target="RFC5246"/> was used instead of DTLS 1.2, as per <xref target="RFC9430"/>.</t>
              </li>
              <li>
                <t>If the provisioning of the access token to the KDC has relied on the DTLS profile of ACE <xref target="RFC9202"/> and the access token was specified in the "identity" field of a PskIdentity within the PreSharedKeyExtension of the ClientHello message when using DTLS 1.3 <xref target="RFC9147"/>, then N_S is an exporter value computed as defined in <xref section="7.5" sectionFormat="of" target="RFC8446"/> (REQ15).  </t>
                <t>
Specifically, N_S is exported from the DTLS session between the joining node and the KDC, using an empty 'context_value' (i.e., a 'context_value' of zero length), 32 as 'key_length' in bytes, and the exporter label "EXPORTER-ACE-Sign-Challenge-coap-pubsub-app" defined in <xref target="tls_exporter"/> of this document.  </t>
                <t>
The same as above holds if TLS 1.3 <xref target="RFC8446"/> was used instead of DTLS 1.3, as per <xref target="RFC9430"/>.</t>
              </li>
              <li>
                <t>If the Join Request is a retry following an error response from the KDC, which included a new 'kdcchallenge' parameter, then N_S <bcp14>MUST</bcp14> be the new value from this parameter.</t>
              </li>
            </ul>
            <t>It is up to applications or future specifications to define how N_S is computed in further alternative settings.</t>
          </section>
        </section>
        <section anchor="join-response">
          <name>Join Response</name>
          <t>Upon receiving the Join Request, the KDC processes it as defined in <xref section="4.3.1" sectionFormat="of" target="RFC9594"/> and returns a success or error response.</t>
          <t>If the joining node is not requesting to join the group exclusively as a Subscriber and the 'client_cred' parameter does not specify the empty CBOR byte string (0x40), the KDC verifies the signature in the 'client_cred_verify' parameter. As PoP input, the KDC uses the value of the 'scope' parameter from the Join Request as a CBOR byte string, concatenated with N_S encoded as a CBOR byte string, concatenated with N_C encoded as a CBOR byte string.</t>
          <t>As public key of the joining node, the KDC uses the one included in the authentication credential retrieved from the 'client_cred' parameter of the Join Request. The KDC verifies the signature used as PoP evidence by means of the public key of the joining node, according to the signature algorithm used in the group and possible corresponding parameters.</t>
          <t>Instead, if the joining node is not requesting to join the group exclusively as a Subscriber and the 'client_cred' parameter specifies the empty CBOR byte string (0x40), the KDC verifies that it is storing exactly one eligible authentication credential for the joining node (e.g., of the format accepted in the group).</t>
          <t>In the case that an error occurs when processing the Join Request, the KDC and the joining node follow what is defined in <xref section="4.3.1" sectionFormat="of" target="RFC9594"/>, complemented by what is defined in <xref target="join-error"/> of the present document.</t>
          <t>In the case of success, the KDC replies with a Join Response, whose payload is formatted as a CBOR map and <bcp14>MUST</bcp14> contain the following fields as per <xref section="4.3.1" sectionFormat="of" target="RFC9594"/>:</t>
          <ul spacing="normal">
            <li>
              <t>'gkty': this field specifies the key type "Group_PubSub_Keying_Material" (REQ18) registered in <xref target="iana-ace-groupcomm-key"/> for the 'key' parameter.</t>
            </li>
            <li>
              <t>'key': this field specifies the keying material to use for secure communication in the group (REQ17). This field has as value a CBOR map that includes the following parameters.  </t>
              <ul spacing="normal">
                <li>
                  <t>'group_key': this parameter is identified by the CBOR unsigned integer 0 used as map key. Its value is a COSE_Key object as defined in <xref target="RFC9052"/> and conveying the group key to use in the security group.      </t>
                  <t>
The COSE_Key object <bcp14>MUST</bcp14> contain the following parameters:      </t>
                  <ul spacing="normal">
                    <li>
                      <t>'kty', with value 4 (Symmetric).</t>
                    </li>
                    <li>
                      <t>'alg', with value the identifier of the AEAD algorithm used in the security group. The value is taken from the "Value" column of the "COSE Algorithms" registry <xref target="IANA.COSE.Algorithms"/>.</t>
                    </li>
                    <li>
                      <t>'Base IV', with value the Base Initialization Vector (Base IV) to use in the security group with this group key.</t>
                    </li>
                    <li>
                      <t>'k', with value the symmetric encryption key to use as group key.</t>
                    </li>
                    <li>
                      <t>'kid', with value the identifier of the COSE_Key object, hence of the group key.          </t>
                      <t>
This value is used as Group Identifier (Gid) of the security group, as long as the present key is used as group key in the security group. Consistent with the CBOR type of the 'kid' parameter, the Gid of the security group is encoded as a CBOR byte string (REQ13).</t>
                    </li>
                  </ul>
                </li>
                <li>
                  <t>'group_SenderId': this parameter is identified by the CBOR unsigned integer 1 used as map key. Its value is the Client's Sender ID encoded as a CBOR byte string. This parameter <bcp14>MUST</bcp14> be included if the Client is joining the security group as a Publisher and <bcp14>MUST NOT</bcp14> be included otherwise. A Publisher Client <bcp14>MUST</bcp14> support the 'group_SenderId' parameter (REQ29).      </t>
                  <t>
The Sender ID <bcp14>MUST</bcp14> be unique within the security group. The KDC <bcp14>MUST</bcp14> only assign an available Sender ID that has not been used in the security group since the last time when the current Gid value was assigned to the group (i.e., since the latest group rekeying, see <xref target="rekeying"/>). The KDC <bcp14>MUST NOT</bcp14> assign a Sender ID to the joining node if the node is not joining the group as a Publisher.      </t>
                  <t>
The Sender ID can be short in length. Its maximum length in bytes is the length in bytes of the AEAD nonce for the AEAD algorithm, minus 6. This means that, when using AES-CCM-16-64-128 as AEAD algorithm in the security group, the maximum length of Sender IDs is 7 bytes.</t>
                </li>
                <li>
                  <t>'cred_fmt': this parameter is identified by the CBOR unsigned integer 2 used as map key. Its value specifies the format of authentication credentials used in the group and is taken from the "Label" column of the "COSE Header Parameters" registry <xref target="IANA.COSE.Header.Parameters"/>.      </t>
                  <t>
At the time of writing this specification, acceptable formats of authentication credentials are CBOR Web Tokens (CWTs) and CWT Claims Sets (CCSs) <xref target="RFC8392"/>, X.509 certificates <xref target="RFC7925"/>, and C509 certificates <xref target="I-D.ietf-cose-cbor-encoded-cert"/>. Further formats may be available in the future and would be acceptable to use as long as they comply with the criteria defined above (REQ6).</t>
                </li>
                <li>
                  <t>'sign_alg': this parameter is identified by the CBOR unsigned integer 3 used as map key. Its value specifies the signature algorithm used to sign messages in the group and is taken from the "Value" column of the "COSE Algorithms" registry <xref target="IANA.COSE.Algorithms"/>.</t>
                </li>
                <li>
                  <t>'sign_params': this parameter is identified by the CBOR unsigned integer 4 used as map key. Its value specifies the parameters of the signature algorithm and is encoded as a CBOR array including the following two elements:      </t>
                  <ul spacing="normal">
                    <li>
                      <t>'sign_alg_capab' is a CBOR array, with the same format and value of the COSE capabilities array for the signature algorithm indicated in 'sign_alg', as specified for that algorithm in the "Capabilities" column of the "COSE Algorithms" registry <xref target="IANA.COSE.Algorithms"/>.</t>
                    </li>
                    <li>
                      <t>'sign_key_type_capab' is a CBOR array, with the same format and value of the COSE capabilities array for the COSE key type of the keys used with the signature algorithm indicated in 'sign_alg', as specified for that key type in the "Capabilities" column of the "COSE Key Types" registry <xref target="IANA.COSE.Key.Types"/>.</t>
                    </li>
                  </ul>
                </li>
              </ul>
            </li>
            <li>
              <t>'num', specifying the version number of the keying material specified in the 'key' field. The initial value of the version number <bcp14>MUST</bcp14> be set to 0 upon creating the group (REQ16).</t>
            </li>
            <li>
              <t>'exi', which <bcp14>MUST</bcp14> be present.</t>
            </li>
            <li>
              <t>'ace_groupcomm_profile', which <bcp14>MUST</bcp14> be present and has value "coap_group_pubsub_app" (PROFILE_TBD), which is registered in <xref target="iana-profile"/> (REQ19).</t>
            </li>
            <li>
              <t>'creds', which <bcp14>MUST</bcp14> be present if the 'get_creds' parameter was present in the Join Request and <bcp14>MUST NOT</bcp14> be present otherwise. It specifies the authentication credentials of all the Publishers in the security group.</t>
            </li>
            <li>
              <t>'peer_roles', which <bcp14>MAY</bcp14> be omitted even if 'creds' is present, since: i) each authentication credential conveyed in the 'creds' parameter is associated with a Client authorised to be Publisher in the group; and ii) it is irrelevant whether such a Client is also authorised to be Subscriber in the group. If 'creds' is not present, 'peer_roles' <bcp14>MUST NOT</bcp14> be present.</t>
            </li>
            <li>
              <t>'peer_identifiers', which <bcp14>MUST</bcp14> be present if 'creds' is also present and <bcp14>MUST NOT</bcp14> be present otherwise. The identifiers are the Publisher Sender IDs, whose corresponding authentication credentials are specified in the 'creds' parameter (REQ25).</t>
            </li>
            <li>
              <t>'kdc_cred', which <bcp14>MUST</bcp14> be present if the group rekeying scheme used requires the use of a KDC authentication credential. It is encoded as a CBOR byte string, with value the original binary representation of the KDC's authentication credential (REQ8).</t>
            </li>
            <li>
              <t>'kdc_nonce', which <bcp14>MUST</bcp14> be present if 'kdc_cred' is present. It is encoded as a CBOR byte string, with value a nonce N_KDC generated by the KDC. As to the N_KDC value, it is <bcp14>RECOMMENDED</bcp14> to be at least 8 bytes long and it is <bcp14>RECOMMENDED</bcp14> to be a random value.</t>
            </li>
            <li>
              <t>'kdc_cred_verify', which <bcp14>MUST</bcp14> be present if 'kdc_cred' is present. It is encoded as a CBOR byte string, with value the PoP evidence that the KDC computes to prove the possession of its own private key. The KDC <bcp14>MUST</bcp14> compute the specified PoP evidence as a signature by using the signature algorithm used in the group, as well as its own private key associated with the authentication credential specified in the 'kdc_cred' parameter (REQ21).</t>
            </li>
            <li>
              <t>'group_rekeying', which <bcp14>MAY</bcp14> be omitted if the KDC uses the "Point-to-Point" group rekeying scheme registered in <xref section="11.13" sectionFormat="of" target="RFC9594"/> as the default rekeying scheme in the group (OPT9). In any other case, the 'group_rekeying' parameter <bcp14>MUST</bcp14> be included.</t>
            </li>
          </ul>
          <t>The 'group_policies' parameter is not expected to be included in the Join Response (REQ20). This application profile does not define the functionalities that are possibly implemented at the resource hosted by the Client at the URI indicated in the 'control_group_uri' parameter (OPT10), if included in the Join Response.</t>
          <t>After sending a successful Join Response, the KDC adds the Client to the list of current members of the security group, if that Client is not already a group member. Also, the Client is assigned a name NODENAME and a sub-resource /ace-group/GROUPNAME/nodes/NODENAME at the KDC. Furthermore, the KDC associates NODENAME with the Client's access token and with the secure communication association that the KDC has with the Client.</t>
          <t>If the Client is a Publisher, its authentication credential used in the group is either: the one retrieved from the 'client_cred' parameter of the Join Request, if the parameter did not specify the empty CBOR byte string (0x40); or, otherwise, the one that the KDC acquired from previous interactions with the joining node and is currently storing. The KDC associates the Client's authentication credential with the tuple containing NODENAME, GROUPNAME, the current Gid, the newly assigned Publisher's Sender ID, and the Client's access token. The KDC <bcp14>MUST</bcp14> keep this association updated over time.</t>
          <t>Note that, as long as the secure communication association between the Client and the KDC persists, the same Client re-joining the group is recognized by the KDC by virtue of such a secure communication association. As a consequence, the re-joining Client keeps the same NODENAME and the associated subresource /ace-group/GROUPNAME/nodes/NODENAME. Also, if the Client is a Publisher, it receives a new Sender ID according to the same criteria defined above.</t>
          <t>If the application requires backward security, the KDC <bcp14>MUST</bcp14> generate updated security parameters and group keying material, and provide those to the current group members upon the new node's joining (see <xref target="rekeying"/>). In such a case, the joining node is not able to access secure communication in the Pub-Sub group that occurred prior to its joining.</t>
          <t>Upon receiving the Join Response, the joining node retrieves the KDC's authentication credential from the 'kdc_cred' parameter (if present). The joining node <bcp14>MUST</bcp14> verify the signature used as PoP evidence, which is specified by the 'kdc_cred_verify' parameter of the Join Response (REQ21).</t>
        </section>
        <section anchor="join-error">
          <name>Join Error Handling</name>
          <t>The KDC <bcp14>MUST</bcp14> reply with a 4.00 (Bad Request) error response (OPT4) to the Join Request in the following cases:</t>
          <ul spacing="normal">
            <li>
              <t>The joining node is not requesting to join the group exclusively as a Subscriber and the 'client_cred' parameter is not present in the Join Request.</t>
            </li>
            <li>
              <t>The joining node is not requesting to join the group exclusively as a Subscriber, the 'client_cred' parameter does not specify the empty CBOR byte string (0x40), and any of the following conditions holds:  </t>
              <ul spacing="normal">
                <li>
                  <t>The value of the 'client_cred' parameter is not an eligible authentication credential (e.g., it is not of the format accepted in the group) (OPT8).</t>
                </li>
                <li>
                  <t>The 'client_cred_verify' parameter is not present in the Join Request.</t>
                </li>
              </ul>
            </li>
            <li>
              <t>The joining node is not requesting to join the group exclusively as a Subscriber, the 'client_cred' parameter specifies the empty CBOR byte string (0x40), and any of the following conditions holds:  </t>
              <ul spacing="normal">
                <li>
                  <t>The KDC does not store an eligible authentication credential for the joining node (e.g., of the format accepted in the group).</t>
                </li>
                <li>
                  <t>The KDC stores multiple eligible authentication credentials for the joining node (e.g., of the format accepted in the group).</t>
                </li>
              </ul>
            </li>
            <li>
              <t>The 'scope' parameter is not present in the Join Request, or it is present and specifies any set of permissions not included in the list defined in <xref target="scope"/>.</t>
            </li>
          </ul>
          <t>A 4.00 (Bad Request) error response from the KDC to the joining node <bcp14>MAY</bcp14> have content format "application/ace-groupcomm+cbor" and contain a CBOR map as payload.</t>
          <t>The CBOR map <bcp14>MAY</bcp14> include the 'kdcchallenge' parameter. If present, this parameter is a CBOR byte string, with value a newly generated 'kdcchallenge' value that the Client can use when preparing a new Join Request. In such a case, the KDC <bcp14>MUST</bcp14> store the newly generated value as the 'kdcchallenge' value associated with the joining node, which replaces the currently stored value (if any).</t>
          <t>Upon receiving the Join Response, if 'kdc_cred' is present but the Client cannot verify the PoP evidence, the Client <bcp14>MUST</bcp14> stop processing the Join Response and <bcp14>MAY</bcp14> send a new Join Request to the KDC.</t>
          <t>The KDC <bcp14>MUST</bcp14> return a 5.03 (Service Unavailable) error response to a Client that sends a Join Request to join the security group as Publisher, if there are currently no Sender IDs available to assign. The response <bcp14>MUST</bcp14> have Content-Format set to "application/concise-problem-details+cbor" and is formatted as defined in <xref section="4.1.2" sectionFormat="of" target="RFC9594"/>. Within the Custom Problem Detail entry 'ace-groupcomm-error', the value of the 'error-id' field <bcp14>MUST</bcp14> be set to 4 ("No available individual keying material").</t>
        </section>
      </section>
      <section anchor="other-group-operations-through-the-kdc">
        <name>Other Group Operations through the KDC</name>
        <section anchor="query">
          <name>Obtaining Latest Information on the Group, Group Keying Material, and Sender ID</name>
          <t>A Client can access the following resources at the KDC, in order to retrieve latest information about the group or the group keying material.</t>
          <ul spacing="normal">
            <li>
              <t>'/ace-group': All Clients can send a FETCH request to retrieve a set of group names associated with the group identifiers specified in the request payload. Each element of the CBOR array 'gid' is a CBOR byte string (REQ13), which encodes the Gid of the group (see <xref target="join-response"/>) for which the group name and the URI to the group-membership resource are provided in the returned response.</t>
            </li>
            <li>
              <t>'/ace-group/GROUPNAME':  All group member Clients can send a GET request to retrieve the symmetric group keying material of the group with the name GROUPNAME.  </t>
              <t>
The KDC processes the Key Distribution Request according to <xref section="4.3.2" sectionFormat="of" target="RFC9594"/>. The Key Distribution Response is formatted as defined in <xref section="4.3.2" sectionFormat="of" target="RFC9594"/>, with the following additions.  </t>
              <ul spacing="normal">
                <li>
                  <t>The 'key' field is formatted as defined in <xref target="join-response"/> of this document, with the difference that it does not include the 'group_SenderId' parameter.</t>
                </li>
                <li>
                  <t>The 'exi' field <bcp14>MUST</bcp14> be present.</t>
                </li>
                <li>
                  <t>The 'ace_groupcomm_profile' field <bcp14>MUST</bcp14> be present and has value "coap_group_pubsub_app" (PROFILE_TBD).</t>
                </li>
              </ul>
              <t>
Upon receiving the Key Distribution Response, the requesting group member retrieves the updated security parameters and group keying material. If they differ from the currently stored ones, then the group member uses the received ones thereafter for the security processing of published topic data, i.e., for encryption operations when acting as Publisher and for decryption operations when acting as Subscriber.  </t>
              <t>
This application profile does not specify policies that instruct group members to retain messages and for how long, if those messages are unsuccessfully decrypted (OPT11).</t>
            </li>
            <li>
              <t>'/ace-group/GROUPNAME/creds': The KDC acts as a repository of authentication credentials for the Publishers that are members of the security group with name GROUPNAME. The members of the group that are Subscribers can send GET/FETCH requests to this resource in order to retrieve the authentication credentials of all or a subset of the group members that are Publishers. The KDC silently ignores the Sender IDs included in the 'get_creds' parameter of the request that are not associated with any current Publisher group member (REQ26).  </t>
              <t>
The response from the KDC <bcp14>MAY</bcp14> omit the parameter 'peer_roles', since: i) each authentication credential conveyed in the 'creds' parameter is associated with a Client authorised to be Publisher in the group; and ii) it is irrelevant whether such a Client is also authorised to be Subscriber in the group. If 'creds' is not present, 'peer_roles' <bcp14>MUST NOT</bcp14> be present.</t>
            </li>
            <li>
              <t>'/ace-group/GROUPNAME/num': All group member Clients can send a GET request to this resource in order to retrieve the current version number for the symmetric group keying material of the group with name GROUPNAME.</t>
            </li>
            <li>
              <t>'/ace-group/GROUPNAME/kdc-cred': All group member Clients can send a GET request to this resource in order to retrieve the current authentication credential of the KDC.</t>
            </li>
            <li>
              <t>'/ace-group/GROUPNAME/nodes/NODENAME': A group member can send a Key Distribution Request to the KDC by sending a GET request to this resource to retrieve the latest group keying material as well as its Sender ID that it has in the group (if Publisher).  </t>
              <t>
The KDC processes the Key Distribution Request according to <xref section="4.8.1" sectionFormat="of" target="RFC9594"/>. The Key Distribution Response is formatted as defined in <xref section="4.8.1" sectionFormat="of" target="RFC9594"/>, with the following additions.  </t>
              <ul spacing="normal">
                <li>
                  <t>The 'key' field is formatted as defined in <xref target="join-response"/> of this document. If the requesting group member is not a Publisher Client, then the 'key' field does not include the 'group_SenderId' parameter.</t>
                </li>
                <li>
                  <t>The 'exi' field <bcp14>MUST</bcp14> be present.</t>
                </li>
              </ul>
              <t>
Upon receiving the Key Distribution Response, the group member retrieves the updated security parameters, group keying material, and Sender ID (if the 'key' field includes the 'group_SenderId' parameter). If they differ from the currently stored ones, then the group member uses the received ones thereafter for the security processing of published topic data, i.e., for encryption operations when acting as Publisher and for decryption operations when acting as Subscriber.  </t>
              <t>
This application profile does not specify policies that instruct group members to retain messages and for how long, if those messages are unsuccessfully decrypted (OPT11).</t>
            </li>
          </ul>
        </section>
        <section anchor="sec-key-renewal-request">
          <name>Requesting a New Sender ID</name>
          <t>A Publisher group member with node name NODENAME can at some point exhaust its Sender Sequence Numbers used for protecting its published topic data (see <xref target="oscon"/>).</t>
          <t>When this happens, the Publisher <bcp14>MUST</bcp14> send a Key Renewal Request message to the KDC, as per <xref section="4.8.2.1" sectionFormat="of" target="RFC9594"/>. That is, it sends a CoAP POST request to the endpoint /ace-group/GROUPNAME/nodes/NODENAME at the KDC.</t>
          <t>Upon receiving the Key Renewal Request, the KDC processes it as defined in <xref section="4.8.2" sectionFormat="of" target="RFC9594"/>, with the addition that the KDC takes one of the following actions.</t>
          <ul spacing="normal">
            <li>
              <t>The KDC rekeys the group. That is, the KDC generates new group keying material for that group (see <xref target="rekeying"/>) and replies to the Publisher with a group rekeying message as defined in <xref target="rekeying"/>, providing the new group keying material. Then, the KDC rekeys the rest of the group, as discussed in <xref target="rekeying"/>.  </t>
              <t>
The KDC <bcp14>SHOULD</bcp14> perform a group rekeying if one is already scheduled to occur within a time frame that is acceptably short, as per application-specific policies at the KDC. For instance, a group rekeying could be already upcoming in accordance with an application-specific rekeying period or scheduling, or as a reaction to a recent change in the group membership. If a group rekeying is not already scheduled to occur within an acceptably short time frame, the KDC <bcp14>SHOULD NOT</bcp14> rekey the group when receiving a Key Renewal Request (OPT12).</t>
            </li>
            <li>
              <t>The KDC determines and assigns a new Sender ID for the Publisher (REQ27), and it replies with a Key Renewal Response formatted as defined in <xref section="4.8.2" sectionFormat="of" target="RFC9594"/>. The CBOR map in the response payload includes only the parameter 'group_SenderId' registered in <xref section="17.3" sectionFormat="of" target="I-D.ietf-ace-key-groupcomm-oscore"/>, which specifies the new Sender ID of the Publisher encoded as a CBOR byte string (REQ27).  </t>
              <t>
The KDC <bcp14>MUST</bcp14> assign a new Sender ID that has not been used in the group since the latest time when the current Gid value was assigned to the group (i.e., since the latest group rekeying, see <xref target="rekeying"/>).  </t>
              <t>
The KDC <bcp14>MUST</bcp14> return a 5.03 (Service Unavailable) error response if there are currently no Sender IDs available to assign in the group. The response <bcp14>MUST</bcp14> have Content-Format set to "application/concise-problem-details+cbor" and is formatted as defined in <xref section="4.1.2" sectionFormat="of" target="RFC9594"/>. Within the Custom Problem Detail entry 'ace-groupcomm-error', the value of the 'error-id' field <bcp14>MUST</bcp14> be set to 4 ("No available individual keying material").</t>
            </li>
          </ul>
        </section>
        <section anchor="updating-authentication-credentials">
          <name>Updating Authentication Credentials</name>
          <t>A Publisher group member with node name NODENAME can contact the KDC to upload a new authentication credential to use in the security group with name GROUPNAME, and replace the currently stored one.</t>
          <t>To this end, the Publisher sends a CoAP POST request to its associated sub-resource /ace-group/GROUPNAME/nodes/NODENAME/cred at the KDC (see <xref section="4.9.1" sectionFormat="of" target="RFC9594"/>).</t>
          <t>Following a successful processing of the request, the KDC replaces the stored authentication credential of this Client for the group GROUPNAME with the one specified in the request.</t>
          <t>This application profile does not specify a method for the group member to provide other group members with the identifier of its new authentication credential (OPT13).</t>
        </section>
        <section anchor="sec-group-leaving">
          <name>Leaving a Group</name>
          <t>A group member with node name NODENAME can actively request to leave the security group with name GROUPNAME.</t>
          <t>To this end, the Client sends a CoAP DELETE request to the associated sub-resource /ace-group/GROUPNAME/nodes/NODENAME at the KDC (see <xref section="4.8.3" sectionFormat="of" target="RFC9594"/>).</t>
          <t>The KDC can also remove a group member due to any of the reasons described in <xref section="5" sectionFormat="of" target="RFC9594"/>.</t>
        </section>
      </section>
    </section>
    <section anchor="rekeying">
      <name>Group Rekeying Process</name>
      <t>Rekeying a group consists in the KDC generating and distributing a new symmetric key, which is used as group key from then on to protect the publication of topic data with COSE (see <xref target="oscon"/>).</t>
      <t>The KDC <bcp14>MUST</bcp14> perform a group rekeying as described in <xref section="6" sectionFormat="of" target="RFC9594"/>. Reasons that can trigger a group rekeying include a change in the group membership, or the current group keying material approaching its expiration time. In addition, the KDC <bcp14>MAY</bcp14> rekey the group for other reasons, e.g., according to an application-specific rekeying period or scheduling.</t>
      <t>Upon generating the new group key and before starting its distribution:</t>
      <ul spacing="normal">
        <li>
          <t>The KDC <bcp14>MUST</bcp14> increment the version number of the group keying material.</t>
        </li>
        <li>
          <t>The KDC <bcp14>MUST</bcp14> generate a new Group Identifier (Gid) for the group. This is used as the identifier of the new group key, when providing it to the current group members through the group rekeying and to Clients (re-)joining the security group thereafter (see <xref target="join-response"/>).  </t>
          <t>
That is, the value of the new Gid is specified by the 'kid' parameter of the COSE_Key Object that is used to encode the new group key.</t>
        </li>
      </ul>
      <t>When rekeying the group, the KDC <bcp14>MUST</bcp14> preserve the current value of the Sender ID of each member in that group.</t>
      <t>The default rekeying scheme is "Point-to-Point" (see <xref section="6.1" sectionFormat="of" target="RFC9594"/>), according to which the KDC individually targets each node to rekey, using the pairwise secure communication association with that node.</t>
      <t>In particular, a group rekeying message <bcp14>MUST</bcp14> have Content-Format set to "application/ace-groupcomm+cbor" and have the same format used for the Join Response message defined in <xref target="join-response"/>, with the following differences:</t>
      <ul spacing="normal">
        <li>
          <t>Within the 'key' field, only the parameter 'group_key' is present.</t>
        </li>
        <li>
          <t>The fields 'kdc_cred' ,'kdc_nonce', 'kdc_cred_verify', and 'group_rekeying' are not present.</t>
        </li>
        <li>
          <t>The fields 'creds' and 'peer_identifiers' <bcp14>SHOULD</bcp14> be present, if the group rekeying is performed due to one or multiple Clients joining the group as Publishers. Following the same semantics used in the Join Response message, the two parameters specify the authentication credentials and Sender IDs of such Clients. Like in the Join Response message, the 'peer_roles' parameter <bcp14>MAY</bcp14> be omitted.</t>
        </li>
      </ul>
      <t>This application profile does not define additional information to include in rekeying messages for the "Point-to-Point" group rekeying scheme (OPT14).</t>
    </section>
    <section anchor="protected_communication">
      <name>Pub-Sub Protected Communication</name>
      <t>In the diagram shown in <xref target="pubsub-3"/>, (D) corresponds to the publication on a topic at the Broker, by using a CoAP PUT request. The Publisher protects the published topic data end-to-end for the Subscribers by using COSE (<xref target="RFC9052"/><xref target="RFC9053"/><xref target="RFC9338"/>), as detailed in <xref target="oscon"/>.</t>
      <t>In the same diagram, (E) corresponds to the subscription of a Subscriber to the same topic, by means of a CoAP GET request with the Observe option set to 0 (register) <xref target="RFC7641"/>, as per <xref target="I-D.ietf-core-coap-pubsub"/>. Finally, (F) corresponds to the Observe notification response from the Broker to the Subscriber, where the published topic data is conveyed as originally protected end-to-end with COSE by the Publisher.</t>
      <figure anchor="pubsub-3">
        <name>Secure Pub-Sub Communication between Publisher and Subscriber</name>
        <artset>
          <artwork type="svg" align="center"><svg xmlns="http://www.w3.org/2000/svg" version="1.1" height="176" width="520" viewBox="0 0 520 176" class="diagram" text-anchor="middle" font-family="monospace" font-size="13px" stroke-linecap="round">
              <path d="M 8,32 L 8,160" fill="none" stroke="black"/>
              <path d="M 104,32 L 104,160" fill="none" stroke="black"/>
              <path d="M 216,32 L 216,160" fill="none" stroke="black"/>
              <path d="M 288,32 L 288,160" fill="none" stroke="black"/>
              <path d="M 408,32 L 408,160" fill="none" stroke="black"/>
              <path d="M 512,32 L 512,160" fill="none" stroke="black"/>
              <path d="M 8,32 L 104,32" fill="none" stroke="black"/>
              <path d="M 216,32 L 288,32" fill="none" stroke="black"/>
              <path d="M 408,32 L 512,32" fill="none" stroke="black"/>
              <path d="M 120,64 L 136,64" fill="none" stroke="black"/>
              <path d="M 184,64 L 200,64" fill="none" stroke="black"/>
              <path d="M 304,96 L 328,96" fill="none" stroke="black"/>
              <path d="M 376,96 L 392,96" fill="none" stroke="black"/>
              <path d="M 304,128 L 328,128" fill="none" stroke="black"/>
              <path d="M 376,128 L 392,128" fill="none" stroke="black"/>
              <path d="M 8,160 L 104,160" fill="none" stroke="black"/>
              <path d="M 216,160 L 288,160" fill="none" stroke="black"/>
              <path d="M 408,160 L 512,160" fill="none" stroke="black"/>
              <polygon class="arrowhead" points="400,128 388,122.4 388,133.6" fill="black" transform="rotate(0,392,128)"/>
              <polygon class="arrowhead" points="312,96 300,90.4 300,101.6" fill="black" transform="rotate(180,304,96)"/>
              <polygon class="arrowhead" points="208,64 196,58.4 196,69.6" fill="black" transform="rotate(0,200,64)"/>
              <g class="text">
                <text x="160" y="68">(D)</text>
                <text x="56" y="100">Publisher</text>
                <text x="252" y="100">Broker</text>
                <text x="352" y="100">(E)</text>
                <text x="460" y="100">Subscriber</text>
                <text x="352" y="132">(F)</text>
              </g>
            </svg>
          </artwork>
          <artwork type="ascii-art" align="center"><![CDATA[
+-----------+             +--------+              +------------+
|           |             |        |              |            |
|           | --- (D) --> |        |              |            |
|           |             |        |              |            |
| Publisher |             | Broker | <--- (E) --- | Subscriber |
|           |             |        |              |            |
|           |             |        | ---- (F) --> |            |
|           |             |        |              |            |
+-----------+             +--------+              +------------+
]]></artwork>
        </artset>
      </figure>
      <t><xref target="flow"/> provides a more detailed example of such a secure Pub-Sub communication. All the messages exchanged between a Client and the Broker are protected with the secure communication association between that Client and the Broker. In addition, COSE is used to protect end-to-end the published topic data, which is conveyed in a PUT request from the Publisher to the topic-data resource at the Broker and in a successful response (typically 2.05 (Content)) from that resource to a Subscriber.</t>
      <t>The example also shows a delete operation, where the Publisher deletes the topic-data resource by sending a CoAP DELETE request to the URI of that resource. In the case of success, the Broker replies with a 2.02 (Deleted) response. Consequently, the Broker also unsubscribes all the Clients subscribed to that topic-data resource, by removing them from the list of observers and sending them a final 4.04 (Not Found) error response as per <xref section="3.2" sectionFormat="of" target="RFC7641"/>.</t>
      <figure anchor="flow">
        <name>Example of Secure Pub-Sub Communication using CoAP</name>
        <artset>
          <artwork type="svg" align="center"><svg xmlns="http://www.w3.org/2000/svg" version="1.1" height="320" width="568" viewBox="0 0 568 320" class="diagram" text-anchor="middle" font-family="monospace" font-size="13px" stroke-linecap="round">
              <path d="M 8,48 L 8,304" fill="none" stroke="black"/>
              <path d="M 296,48 L 296,304" fill="none" stroke="black"/>
              <path d="M 560,48 L 560,304" fill="none" stroke="black"/>
              <path d="M 8,64 L 40,64" fill="none" stroke="black"/>
              <path d="M 256,64 L 288,64" fill="none" stroke="black"/>
              <path d="M 16,96 L 64,96" fill="none" stroke="black"/>
              <path d="M 184,96 L 296,96" fill="none" stroke="black"/>
              <path d="M 304,128 L 320,128" fill="none" stroke="black"/>
              <path d="M 544,128 L 560,128" fill="none" stroke="black"/>
              <path d="M 296,176 L 344,176" fill="none" stroke="black"/>
              <path d="M 464,176 L 552,176" fill="none" stroke="black"/>
              <path d="M 8,224 L 24,224" fill="none" stroke="black"/>
              <path d="M 272,224 L 288,224" fill="none" stroke="black"/>
              <path d="M 16,256 L 48,256" fill="none" stroke="black"/>
              <path d="M 168,256 L 296,256" fill="none" stroke="black"/>
              <path d="M 296,288 L 344,288" fill="none" stroke="black"/>
              <path d="M 480,288 L 552,288" fill="none" stroke="black"/>
              <polygon class="arrowhead" points="560,288 548,282.4 548,293.6" fill="black" transform="rotate(0,552,288)"/>
              <polygon class="arrowhead" points="560,176 548,170.4 548,181.6" fill="black" transform="rotate(0,552,176)"/>
              <polygon class="arrowhead" points="312,128 300,122.4 300,133.6" fill="black" transform="rotate(180,304,128)"/>
              <polygon class="arrowhead" points="296,224 284,218.4 284,229.6" fill="black" transform="rotate(0,288,224)"/>
              <polygon class="arrowhead" points="296,64 284,58.4 284,69.6" fill="black" transform="rotate(0,288,64)"/>
              <polygon class="arrowhead" points="24,256 12,250.4 12,261.6" fill="black" transform="rotate(180,16,256)"/>
              <polygon class="arrowhead" points="24,96 12,90.4 12,101.6" fill="black" transform="rotate(180,16,96)"/>
              <g class="text">
                <text x="40" y="36">Publisher</text>
                <text x="300" y="36">Broker</text>
                <text x="524" y="36">Subscriber</text>
                <text x="68" y="68">0.03</text>
                <text x="104" y="68">PUT</text>
                <text x="184" y="68">ps/data/1bd0d6d</text>
                <text x="92" y="100">2.01</text>
                <text x="144" y="100">Created</text>
                <text x="348" y="132">0.01</text>
                <text x="384" y="132">GET</text>
                <text x="468" y="132">/ps/data/1bd0d6d</text>
                <text x="368" y="148">Observe:0</text>
                <text x="372" y="180">2.05</text>
                <text x="424" y="180">Content</text>
                <text x="388" y="196">Observe:</text>
                <text x="448" y="196">10001</text>
                <text x="52" y="228">0.04</text>
                <text x="100" y="228">DELETE</text>
                <text x="196" y="228">/ps/data/1bd0d6d</text>
                <text x="76" y="260">2.02</text>
                <text x="128" y="260">Deleted</text>
                <text x="372" y="292">4.04</text>
                <text x="408" y="292">Not</text>
                <text x="448" y="292">Found</text>
              </g>
            </svg>
          </artwork>
          <artwork type="ascii-art" align="center"><![CDATA[
Publisher                         Broker                    Subscriber
|                                   |                                |
+---- 0.03 PUT ps/data/1bd0d6d ---->|                                |
|                                   |                                |
|<------ 2.01 Created --------------+                                |
|                                   |                                |
|                                   |<-- 0.01 GET /ps/data/1bd0d6d --+
|                                   |    Observe:0                   |
|                                   |                                |
|                                   +------ 2.05 Content ----------->|
|                                   |       Observe: 10001           |
|                                   |                                |
+-- 0.04 DELETE /ps/data/1bd0d6d -->|                                |
|                                   |                                |
|<---- 2.02 Deleted ----------------+                                |
|                                   |                                |
|                                   +------ 4.04 Not Found --------->|
|                                   |                                |
]]></artwork>
        </artset>
      </figure>
      <section anchor="oscon">
        <name>Using COSE to Protect the Published Topic Data</name>
        <t>The Publisher uses the symmetric COSE Key received from the KDC to protect the payload of the Publish operation (see <xref section="3.2.1" sectionFormat="of" target="I-D.ietf-core-coap-pubsub"/>). Specifically, the Publisher creates a COSE_Encrypt0 object <xref target="RFC9052"/><xref target="RFC9053"/> by means of the COSE Key currently used as group key (REQ23). The encryption algorithm and Base IV to use are specified by the 'alg' and 'Base IV' parameters of the COSE Key, together with its key identifier in the 'kid' parameter.</t>
        <t>Also, the Publisher uses its private key corresponding to the public key provided to the KDC, in order to countersign the COSE_Encrypt0 object as specified in <xref target="RFC9338"/> (REQ23). The countersignature is specified in the 'Countersignature version 2' parameter, within the 'unprotected' field of the COSE_Encrypt0 object.</t>
        <t>Finally, the Publisher sends the COSE_Encrypt0 object conveying the countersignature to the Broker, as payload of the PUT request sent to the topic-data of the topic targeted by the Publish operation.</t>
        <t>Upon receiving a response from the topic-data resource at the Broker, the Subscriber uses the 'kid' parameter from the 'Countersignature version 2' parameter within the 'unprotected' field of the COSE_Encrypt0 object, in order to retrieve the Publisher's public key from the KDC (see <xref target="query"/>) or from its local storage. Then, the Subscriber uses that public key to verify the countersignature.</t>
        <t>In the case of successful verification, the Subscriber uses the 'kid' parameter from the 'unprotected' field of the COSE_Encrypt0 object, in order to retrieve the COSE Key used as current group key from its local storage. Then, the Subscriber uses that group key to verify and decrypt the COSE_Encrypt0 object. In the case of successful verification, the Subscriber delivers the received topic data to the application.</t>
        <t>The COSE_Encrypt0 object is constructed as follows.</t>
        <t>The 'protected' field <bcp14>MUST</bcp14> include:</t>
        <ul spacing="normal">
          <li>
            <t>The 'alg' parameter, with value the identifier of the AEAD algorithm specified in the 'alg' parameter of the COSE Key used as current group key.</t>
          </li>
        </ul>
        <t>The 'unprotected' field <bcp14>MUST</bcp14> include:</t>
        <ul spacing="normal">
          <li>
            <t>The 'kid' parameter, with the same value specified in the 'kid' parameter of the COSE Key used as current group key. This value represents the current Group ID (Gid) of the security group associated with the application group (topic).</t>
          </li>
          <li>
            <t>The 'Partial IV' parameter, with value set to the current Sender Sequence Number of the Publisher. All leading bytes of value zero <bcp14>SHALL</bcp14> be removed when encoding the Partial IV, except in the case of Partial IV with value 0, which is encoded to the byte string 0x00.  </t>
            <t>
The Publisher <bcp14>MUST</bcp14> initialize the Sender Sequence Number to 0 upon joining the security group and <bcp14>MUST</bcp14> reset it to 0 upon receiving a new group key as the result of a group rekeying (see <xref target="rekeying"/>). The Publisher <bcp14>MUST</bcp14> increment its Sender Sequence Number value by 1, after having completed an encryption operation by means of the current group key.  </t>
            <t>
When the Publisher exhausts its Sender Sequence Numbers, the Publisher <bcp14>MUST NOT</bcp14> protect further topic data by using the current group key while still retaining its current Sender ID, and it <bcp14>MUST</bcp14> send a Key Renewal Request message to the KDC (see <xref target="sec-key-renewal-request"/>). This will result in the KDC rekeying the group and distributing a new group key, or in the KDC providing the Publisher with a new Sender ID. The Publisher <bcp14>MUST</bcp14> reset its Sender Sequence Number to 0 upon receiving a new Sender ID from the KDC.</t>
          </li>
          <li>
            <t>The 'Countersignature version 2' parameter, specifying the countersignature of the COSE_Encrypt0 object. In particular:  </t>
            <ul spacing="normal">
              <li>
                <t>The 'protected' field includes the 'alg' parameter, with value the identifier of the signature algorithm used in the security group.</t>
              </li>
              <li>
                <t>The 'unprotected' field includes the 'kid' parameter, with value the Publisher's Sender ID that the Publisher obtained from the KDC when joining the security group, as the value of the 'group_SenderId' parameter of the Join Response (see <xref target="join-response"/>).</t>
              </li>
              <li>
                <t>The 'signature' field, with value the countersignature.</t>
              </li>
            </ul>
            <t>
The countersignature is computed as defined in <xref target="RFC9338"/>, by using the private key of the Publisher as signing key and by means of the signature algorithm used in the group. The fields of the Countersign_structure are populated as follows:  </t>
            <ul spacing="normal">
              <li>
                <t>'context' takes "CounterSignature".</t>
              </li>
              <li>
                <t>'body_protected' takes the serialized parameters from the 'protected' field of the COSE_Encrypt0 object, i.e., the 'alg' parameter.</t>
              </li>
              <li>
                <t>'sign_protected' takes the serialized parameters from the 'protected' field of the 'Countersignature version 2' parameter, i.e., the 'alg' parameter.</t>
              </li>
              <li>
                <t>'external_aad is not supplied.</t>
              </li>
              <li>
                <t>'payload' is the ciphertext of the COSE_Encrypt0 object (see below).</t>
              </li>
            </ul>
          </li>
        </ul>
        <t>The 'ciphertext' field specifies the ciphertext computed over the topic data to publish. The ciphertext is computed as defined in <xref target="RFC9052"/><xref target="RFC9053"/>, by using the current group key as encryption key, the AEAD nonce computed as defined in <xref target="ssec-aead-nonce"/>, the topic data to publish as plaintext, and the Enc_structure populated as follows:</t>
        <ul spacing="normal">
          <li>
            <t>'context' takes "Encrypt0".</t>
          </li>
          <li>
            <t>'protected' takes the serialization of the protected parameter 'alg' from the 'protected' field of the COSE_Encrypt0 object.</t>
          </li>
          <li>
            <t>'external_aad is not supplied.</t>
          </li>
        </ul>
      </section>
      <section anchor="ssec-aead-nonce">
        <name>AEAD Nonce</name>
        <t>This section defines how to generate the AEAD nonce used for encrypting and decrypting the COSE_Encrypt0 object protecting the published topic data. This construction is analogous to that used to generate the AEAD nonce in the OSCORE security protocol (see <xref section="5.2" sectionFormat="of" target="RFC8613"/>).</t>
        <t>The AEAD nonce for producing or consuming the COSE_Encrypt0 object is constructed as defined below and also shown in <xref target="fig-aead-nonce"/>.</t>
        <ol spacing="normal" type="1"><li>
            <t>Left-pad the Partial IV (PIV) with zeroes to exactly 5 bytes.</t>
          </li>
          <li>
            <t>Left-pad the Sender ID of the Publisher that generated the Partial IV (ID_PIV) with zeroes to exactly the nonce length of the AEAD algorithm minus 6 bytes.</t>
          </li>
          <li>
            <t>Concatenate the size of the ID_PIV (a single byte S) with the padded ID_PIV and the padded PIV.</t>
          </li>
          <li>
            <t>XOR the result from the previous step with the Base IV.</t>
          </li>
        </ol>
        <figure anchor="fig-aead-nonce">
          <name>AEAD Nonce Construction</name>
          <artwork align="center"><![CDATA[
     <- nonce length minus 6 B -> <-- 5 bytes -->
+---+-------------------+--------+---------+-----+
| S |      padding      | ID_PIV | padding | PIV |-----+
+---+-------------------+--------+---------+-----+     |
                                                       |
 <---------------- nonce length ---------------->      |
+------------------------------------------------+     |
|                    Base IV                     |-->(XOR)
+------------------------------------------------+     |
                                                       |
 <---------------- nonce length ---------------->      |
+------------------------------------------------+     |
|                     Nonce                      |<----+
+------------------------------------------------+
]]></artwork>
        </figure>
        <t>The construction above only supports AEAD algorithms that use nonces with length equal to or greater than 7 bytes. At the same time, it makes it easy to verify that the nonces will be unique when used with the same group key, even though this is shared and used by all the Publishers in the security group. In fact:</t>
        <ul spacing="normal">
          <li>
            <t>Since Publisher's Sender IDs are unique within the security group and they are not reassigned until a group rekeying occurs (see <xref target="join-response"/> and <xref target="rekeying"/>), two Publisher Clients cannot share the same tuple (S, padded ID_PIV) by construction.</t>
          </li>
          <li>
            <t>Since a Publisher increments by 1 its Sender Sequence Number after each use that it makes of the current group key, the Publisher  never reuses the same tuple (S, padded ID_PIV, padded PIV) together with the same group key.</t>
          </li>
          <li>
            <t>Therefore, neither the same Publisher reuses the same AEAD nonce with the same group key, nor any two Publishers use the same AEAD nonce with the same group key.</t>
          </li>
        </ul>
      </section>
      <section anchor="ssec-replay-checks">
        <name>Replay Checks</name>
        <t>In order to protect from replay of published topic data, every Subscriber maintains a Replay Window for each different Publisher in the same group. It is <bcp14>RECOMMENDED</bcp14> that the Replay Window has a default size of 32.</t>
        <t>Upon receiving a topic data published by a given Publisher P, the Subscriber retrieves the Sender ID of P conveyed as 'kid' in the 'Countersignature version 2' parameter of the COSE_Encrypt0 object (see <xref target="oscon"/>) and determines the Replay Window W_P associated with P.</t>
        <t>The Subscriber <bcp14>MUST</bcp14> verify that, according to W_P, the Sender Sequence Number SN_P specified by the 'Partial IV' parameter of the COSE_Encrypt0 object has not been received before from P.</t>
        <t>If the verification above fails, the Subscriber <bcp14>MUST</bcp14> stop processing the COSE_Encrypt0 object conveying the topic data. If the value of SN_P is strictly smaller than the currently smallest value in W_P, then the Subscriber <bcp14>MUST</bcp14> stop processing the COSE_Encrypt0 object.</t>
        <t>If the verification above succeeds, the Subscriber proceeds with processing the COSE_Encrypt0 object, by verifying the countersignature from P using P's public key as well as by decrypting and verifying the COSE_Encrypt0 object using the group key. If both operations succeed, the Subscriber updates W_P as follows:</t>
        <ul spacing="normal">
          <li>
            <t>If SN_P is strictly greater than the currently largest value in W_P, then W_P is updated in order to set SN_P as its largest value.</t>
          </li>
          <li>
            <t>SN_P is marked to denote that it has been received.</t>
          </li>
        </ul>
        <t>The operation of validating the 'Partial IV' and updating the Replay Window <bcp14>MUST</bcp14> be atomic.</t>
        <t>Upon installing a new group key (e.g., due to a group rekeying performed by the KDC, see <xref target="rekeying"/>) or upon receiving published topic data from a given Publisher for the first time, the Subscriber initializes the Replay Window corresponding to that Publisher, i.e., the smallest value of the Replay Window is set to 0.</t>
        <!--# Applicability to the MQTT Pub-Sub Profile {#mqtt-pubsub}

This section describes how this profile can be applicable to the MQTT protocol {{MQTT-OASIS-Standard-v5}}.

The MQTT clients would go through steps similar to those performed by the CoAP clients, and the payload of the MQTT PUBLISH messages is protected using COSE. The MQTT clients need to use CoAP for communicating with the KDC, in order to join security groups and be part of the pairwise rekeying initiated by the KDC.

The discovery of the AS is defined in {{Section 2.4.1 of RFC9431}} for MQTT v5 clients, and it is not supported for MQTT v3 clients. $SYS/ has been widely adopted as a prefix to topics that contain server-specific information or control APIs, and may be used for discovering topics and the KDC.

In the Join Response from the KDC to a Client (see {{join-response}}), the 'ace_groupcomm_profile' parameter has value "mqtt_pubsub_app", which is registered in {{iana-profile}}.

Both Publishers and Subscribers MUST authorise to the Broker with their respective tokens, as described in {{RFC9431}}. A Publisher sends PUBLISH messages for a given topic and protects the payload with the corresponding key for the associated security group. A Subscriber may send SUBSCRIBE messages with one or multiple topic filters. A topic filter may correspond to multiple topics. The Broker forwards all PUBLISH messages to all authorised Subscribers, including the retained messages.
-->

</section>
    </section>
    <section anchor="operational-considerations">
      <name>Operational Considerations</name>
      <t>This section compiles the operational considerations that hold for this document.</t>
      <section anchor="logging">
        <name>Logging</name>
        <t>When performing its normal operations, the KDC is expected to produce and store timestamped logs about the following:</t>
        <ul spacing="normal">
          <li>
            <t>Any event that has resulted in the KDC sending an error response, as a reply to a request received at any of the resources exported by the interface specified in this document.  </t>
            <t>
The logged information contains a description of the error occurred in the context of the present application profile, together with a description of the event related to the error and relevant metadata about the Client that has sent the request. For instance, possible metadata include: addressing information of the Client; when applicable, the Sender ID that is assigned to the Client in the group; when applicable, (an identifier of) the authentication credential of the Client (i.e., that the Client uses in the group or has used to authenticate itself to the KDC when establishing their secure communication association).  </t>
            <t>
Note that, if the error response uses the format problem-details defined in <xref target="RFC9290"/>, then the optional "detail" entry in the response payload is meant to convey the diagnostic description of the error, which is meant to be part of the log entry for this event. This is consistent with <xref section="4.1.2" sectionFormat="of" target="RFC9594"/>, which states that the diagnostic description of the error should be logged.</t>
          </li>
          <li>
            <t>Any event consisting in a successfully performed operation that is triggered by a request received at any of the resources exported by the interface specified in this document.  </t>
            <t>
Such events include:  </t>
            <ul spacing="normal">
              <li>
                <t>A Client joining or re-joining a group.</t>
              </li>
              <li>
                <t>The upload of a new authentication credential for use within the group.</t>
              </li>
              <li>
                <t>The acquisition of a new Sender ID for use within the group.</t>
              </li>
              <li>
                <t>A Client leaving a group.</t>
              </li>
            </ul>
            <t>
The logged information contains a description of the operation performed in the context of the present application profile, together with relevant metadata about the Client that has sent the request. For instance, possible metadata include: addressing information of the Client; when applicable, the Sender ID that is assigned to the Client in the group; when applicable, (an identifier of) the authentication credential of the Client (i.e., that the Client uses in the group or has used to authenticate itself to the KDC when establishing their secure communication association).</t>
          </li>
          <li>
            <t>The execution and successful/unsuccessful completion of a group rekeying instance.  </t>
            <t>
The logged information includes:  </t>
            <ul spacing="normal">
              <li>
                <t>The reason for the group rekeying (e.g., scheduled/periodic occurrence, group joining of a new member, group leaving of a current member).</t>
              </li>
              <li>
                <t>A description of the group rekeying operations performed (e.g., a list of steps performed throughout the rekeying process).</t>
              </li>
              <li>
                <t>The outcome of the group rekeying instance.</t>
              </li>
              <li>
                <t>In the case of success, the version number of the newly established group keying material and the newly established Group Identifier (Gid).</t>
              </li>
            </ul>
          </li>
          <li>
            <t>The addition of a group member to the group or the eviction of a group member from the group.  </t>
            <t>
The logged information also contains relevant metadata about the Client that has been added to or removed from the group. For instance, possible metadata include: addressing information of the Client; when applicable, the Sender ID that is currently (was latest) assigned to the Client added to (removed from) the group; when applicable, (an identifier of) the authentication credential of the Client added to or removed from the group (i.e., that the Client uses in the group or has used to authenticate itself to the KDC when establishing their secure communication association).</t>
          </li>
          <li>
            <t>The creation, (re-)configuration, or termination of a group.</t>
          </li>
        </ul>
        <t>In addition to what is compiled above, the KDC could log additional information. Further details about what the KDC logs, with what granularity, and based on what triggering events and conditions are application-specific and left to operators to define.</t>
        <t>The KDC <bcp14>MUST NOT</bcp14> log any secret or confidential information pertaining to a group, such as:</t>
        <ul spacing="normal">
          <li>
            <t>The group key used in the group as symmetric encryption key.</t>
          </li>
          <li>
            <t>The Base Initialization Vector (Base IV) to use in the security group with the group key.</t>
          </li>
          <li>
            <t>The private key associated with the KDC’s authentication credential used in the group, if any.</t>
          </li>
          <li>
            <t>Rekeying messages that are exchanged in the group.</t>
          </li>
          <li>
            <t>If applicable, administrative keying material used to protect the group rekeying process.</t>
          </li>
        </ul>
        <t>It is up to the application to specify for how long a log entry is retained from the time of its creation and until its deletion. Different retention policies could be enforced for different groups. For a given group, the oldest log entries are expected to be those deleted first, and different retention policies could be enforced depending on whether the group currently exists or has been deleted.</t>
        <t>It is out of the scope of this document what specific semantics and data model are used by the KDC for producing and processing the logs. Specific semantics and data models can be defined by applications and future specifications.</t>
        <t>The KDC is expected to make the logs that it produces available for secure access by authorized external management applications and operators.</t>
        <t>In particular, logged information could be retrieved in the following ways.</t>
        <ul spacing="normal">
          <li>
            <t>By accessing logs at the KDC through polling. This can occur in an occasional, regular, or event-driven way.</t>
          </li>
          <li>
            <t>Through notifications sent by the KDC according to an operator-defined frequency.</t>
          </li>
          <li>
            <t>Through notifications asynchronously sent by the KDC, throttling them in order to prevent congestion and duplication and to not create attack vectors.</t>
          </li>
        </ul>
        <t>Some of the logged information can be privacy-sensitive. This especially holds for the metadata about a Client, i.e., addressing information of the Client and, when applicable, (an identifier of) the authentication credential of the Client (i.e., that the Client uses in the group or has used to authenticate itself to the KDC when establishing their secure communication association). If external management applications and operators obtain such metadata, they become able to track a given Client, as to its interactions with one or multiple KDCs and its membership in groups under such KDC(s).</t>
        <t>Therefore, the logged information that is effectively provided to external management applications and operators <bcp14>SHOULD</bcp14> be redacted by the KDC, by omitting any privacy-sensitive information element that could enable or facilitate the impairment of Clients' privacy, e.g., by tracking Clients across different groups and different KDCs. Exceptions could apply, e.g., if the KDC can verify that the management application or operator in question is specifically authorized to obtain such privacy-sensitive information and appropriately entitled to obtain it according to enforced privacy policies.</t>
        <t>It is out of the scope of this document to provide operational considerations about the production, storage, processing, and sharing of logs at the Broker.</t>
      </section>
      <section anchor="administration-of-groups">
        <name>Administration of Groups</name>
        <t>It is out of the scope of this document how groups are created, (re-)configured, and terminated at the KDC. Specific methods, tools, and data models to perform such operations and administer groups at the KDC can be defined by applications and future specifications.</t>
        <t>It is out of the scope of this document to provide operational considerations about how application groups (topics) are created, (re-)configured, and terminated at the Broker, as well as about the store-and-forward of published topic data via the Broker.</t>
      </section>
      <section anchor="access-control">
        <name>Access Control</name>
        <t>Building on the ACE framework <xref target="RFC9200"/> and the foundation provided in <xref target="RFC9594"/>, this application profile enforces access control for Clients that interact with the interface at the KDC specified in this document and with the interface at the Broker specified in <xref target="I-D.ietf-core-coap-pubsub"/>.</t>
        <t>In particular, the granularity of such access control takes into account the resource specifically targeted at the KDC or at the Broker, the operation requested by sending a request to that resource, and the specific role(s) that the requesting Client is authorized to have according to its corresponding access token uploaded at the KDC or at the Broker.</t>
        <t>Furthermore, the interactions that a Client has with the KDC and with the Broker are secured as per the specific transport profile of ACE used (e.g., <xref target="RFC9202"/> and <xref target="RFC9203"/>).</t>
      </section>
    </section>
    <section anchor="security-considerations">
      <name>Security Considerations</name>
      <t>Security considerations for this profile are inherited from <xref target="RFC9594"/>, the ACE framework for Authentication and Authorization <xref target="RFC9200"/>, and the specific transport profile of ACE used, such as <xref target="RFC9202"/> and <xref target="RFC9203"/>.</t>
      <t>The following security considerations also apply for this profile.</t>
      <t>Consistent with the intended group-confidentiality model, each Client in a security group is able to decrypt the data published in the topic(s) associated with that group, by using the symmetric group key that is shared with all the other group members.</t>
      <t>At the same time, source authentication of the published topic data is achieved by means of a digital signature, which the Publisher of the data in question computes with its private key and embeds in the published topic data. This ensures integrity of the published topic data as well as its origin, thus preventing a group member from impersonating another one.</t>
      <t>To this end, both Publishers and Subscribers rely on asymmetric cryptography, while Subscribers have to be able to access the public keys of the Publishers to a specific topic in order to verify the signature over the published topic data. This might make the message exchange quite heavy for small constrained devices.</t>
      <t>The Broker is only trusted with verifying that a Publisher is authorised to publish on a certain topic and with distributing that data only to the Subscribers authorised to obtain it. However, the Broker is not trusted with the published topic data in itself, which the Broker cannot read or modify as it does not have access to the group key required for decrypting the data.</t>
      <t>With respect to the reuse of challenges for proof-of-possession input, the same considerations apply as in <xref target="I-D.ietf-ace-key-groupcomm-oscore"/>, with the difference that the KDC of the present document is considered instead of the Group Manager defined therein.</t>
      <t>Access tokens might have to be revoked before their expiration time. <xref target="RFC9770"/> provides a list of possible circumstances where this can happen, and it specifies a method that an Authorization Server can use in order to notify the KDC, the Broker, and the Clients about pertaining access tokens that have been revoked but are not expired yet.</t>
      <t>Aligned with <xref target="rekeying"/>, the KDC performs a group rekeying when one or more members leave the group, thus preserving forward security. In particular, Clients can be excluded from future communications related to a topic, by appropriately rekeying the group associated with the topic in question. According to the specific application requirements, the KDC can also rekey the group upon a new node's joining, in the case that backward security has also to be preserved (see <xref target="join-response"/>). The KDC can also rekey the group for further reasons, e.g., according to an application-specific rekeying period or scheduling.</t>
    </section>
    <section anchor="iana-considerations">
      <name>IANA Considerations</name>
      <t>Note to RFC Editor: Please replace "[RFC-XXXX]" with the RFC number of this document and delete this paragraph.</t>
      <t>This document has the following actions for IANA.</t>
      <section anchor="iana-ace-groupcomm-key">
        <name>ACE Groupcomm Key Types</name>
        <t>IANA is asked to register the following entry in the "ACE Groupcomm Key Types" registry <xref target="IANA.ACE.Groupcomm.Key.Types"/> within the "Authentication and Authorization for Constrained Environments (ACE)" registry group.</t>
        <ul spacing="normal">
          <li>
            <t>Name: Group_PubSub_Keying_Material</t>
          </li>
          <li>
            <t>Key Type Value: GROUPCOMM_KEY_TBD (suggested value: 2)</t>
          </li>
          <li>
            <t>Profile: coap_group_pubsub_app (<xref target="iana-profile"/> of [RFC-XXXX]).</t>
          </li>
          <li>
            <t>Description: Encoded as described in <xref target="join-response"/> of [RFC-XXXX].</t>
          </li>
          <li>
            <t>References: <xref target="RFC9052"/>, <xref target="RFC9053"/>, [RFC-XXXX]</t>
          </li>
        </ul>
      </section>
      <section anchor="iana-profile">
        <name>ACE Groupcomm Profiles</name>
        <t>IANA is asked to register the following entries in the "ACE Groupcomm Profiles" registry <xref target="IANA.ACE.Groupcomm.Profiles"/>, within the "Authentication and Authorization for Constrained Environments (ACE)" registry group.</t>
        <ul spacing="normal">
          <li>
            <t>Name: coap_group_pubsub_app</t>
          </li>
          <li>
            <t>Description: Application profile to provision keying material for participating in group communication based on the Pub-Sub architecture <xref target="I-D.ietf-core-coap-pubsub"/> for CoAP <xref target="RFC7252"/> and protected with COSE <xref target="RFC9052"/><xref target="RFC9053"/><xref target="RFC9338"/>.</t>
          </li>
          <li>
            <t>CBOR Value: TBD (suggested value: 2)</t>
          </li>
          <li>
            <t>Reference: [RFC-XXXX]</t>
          </li>
        </ul>
      </section>
      <section anchor="core_rt">
        <name>CoRE Resource Type</name>
        <t>IANA is asked to register the following entry in the "Resource Type (rt=) Link Target Attribute Values" registry <xref target="IANA.Resource.Type.Values"/> within the "Constrained Restful Environments (CoRE) Parameters" registry group.</t>
        <ul spacing="normal">
          <li>
            <t>Value: "core.ps.gm"</t>
          </li>
          <li>
            <t>Description: Group-membership resource for Pub-Sub communication.</t>
          </li>
          <li>
            <t>Reference: [RFC-XXXX]</t>
          </li>
        </ul>
        <t>Clients can use this resource type to discover a group-membership resource at the KDC.</t>
      </section>
      <section anchor="iana-pubsub-topic-properties">
        <name>CoAP Pubsub Topic Properties</name>
        <t>IANA is asked to add the following entries to the "CoAP Pubsub Topic Properties" registry within the "Constrained RESTful Environments (CoRE) Parameters" registry group, which is defined by <xref target="I-D.ietf-core-coap-pubsub"/>.</t>
        <ul spacing="normal">
          <li>
            <t>Name: kdc-uri</t>
          </li>
          <li>
            <t>CBOR Key: TBD (range 0-255)</t>
          </li>
          <li>
            <t>CBOR Type: tstr</t>
          </li>
          <li>
            <t>Reference: [RFC-XXXX]</t>
          </li>
        </ul>
        <t><br/></t>
        <ul spacing="normal">
          <li>
            <t>Name: sec-gp</t>
          </li>
          <li>
            <t>CBOR Key: TBD (range 0-255)</t>
          </li>
          <li>
            <t>CBOR Type: tstr</t>
          </li>
          <li>
            <t>Reference: [RFC-XXXX]</t>
          </li>
        </ul>
      </section>
      <section anchor="aif">
        <name>AIF Media-Type Sub-Parameters</name>
        <t>For the media-types "application/aif+cbor" and "application/aif+json" defined in <xref section="5.1" sectionFormat="of" target="RFC9237"/>, IANA is requested to register the following entries for the two media-type parameters Toid and Tperm, in the respective sub-registry defined in <xref section="5.2" sectionFormat="of" target="RFC9237"/> within the "MIME Media Type Sub-Parameter" registry group.</t>
        <ul spacing="normal">
          <li>
            <t>Parameter: Toid</t>
          </li>
          <li>
            <t>Name: pubsub-topic</t>
          </li>
          <li>
            <t>Description/Specification: Name of one application group (topic) or of a corresponding security group.</t>
          </li>
          <li>
            <t>Reference: [RFC-XXXX]</t>
          </li>
        </ul>
        <t><br/></t>
        <ul spacing="normal">
          <li>
            <t>Parameter: Tperm</t>
          </li>
          <li>
            <t>Name: pubsub-perm</t>
          </li>
          <li>
            <t>Description/Specification: Permissions pertaining to application groups (topics) or to corresponding security groups.</t>
          </li>
          <li>
            <t>Reference: [RFC-XXXX]</t>
          </li>
        </ul>
      </section>
      <section anchor="content_formats">
        <name>CoAP Content-Formats</name>
        <t>IANA is asked to register the following entries to the "CoAP Content-Formats" registry <xref target="IANA.CoAP.Content.Formats"/> within the "Constrained RESTful Environments (CoRE) Parameters" registry group.</t>
        <ul spacing="normal">
          <li>
            <t>Content Type: application/aif+cbor;toid=pubsub-topic;tperm=pubsub-perm</t>
          </li>
          <li>
            <t>Content Coding: -</t>
          </li>
          <li>
            <t>ID: 299 (suggested)</t>
          </li>
          <li>
            <t>Reference: [RFC-XXXX]</t>
          </li>
        </ul>
        <t><br/></t>
        <ul spacing="normal">
          <li>
            <t>Content Type: application/aif+json;toid=pubsub-topic;tperm=pubsub-perm</t>
          </li>
          <li>
            <t>Content Coding: -</t>
          </li>
          <li>
            <t>ID: 300 (suggested)</t>
          </li>
          <li>
            <t>Reference: [RFC-XXXX]</t>
          </li>
        </ul>
      </section>
      <section anchor="tls_exporter">
        <name>TLS Exporter Labels</name>
        <t>IANA is asked to register the following entry in the "TLS Exporter Labels" registry <xref target="IANA.TLS.Exporter.Labels"/> within the "Transport Layer Security (TLS) Parameters" registry group, which is defined in <xref section="6" sectionFormat="of" target="RFC5705"/> and updated in <xref section="12" sectionFormat="of" target="RFC8447"/>.</t>
        <ul spacing="normal">
          <li>
            <t>Value: EXPORTER-ACE-Sign-Challenge-coap-pubsub-app</t>
          </li>
          <li>
            <t>DTLS-OK: Y</t>
          </li>
          <li>
            <t>Recommended: N</t>
          </li>
          <li>
            <t>Reference: <xref target="pop"/> of [RFC-XXXX]</t>
          </li>
        </ul>
      </section>
    </section>
  </middle>
  <back>
    <references anchor="sec-combined-references">
      <name>References</name>
      <references anchor="sec-normative-references">
        <name>Normative References</name>
        <reference anchor="IANA.COSE.Algorithms" target="https://www.iana.org/assignments/cose/cose.xhtml#algorithms">
          <front>
            <title>COSE Algorithms</title>
            <author>
              <organization>IANA</organization>
            </author>
            <date/>
          </front>
        </reference>
        <reference anchor="IANA.COSE.Key.Types" target="https://www.iana.org/assignments/cose/cose.xhtml#key-type">
          <front>
            <title>COSE Key Types</title>
            <author>
              <organization>IANA</organization>
            </author>
            <date/>
          </front>
        </reference>
        <reference anchor="IANA.COSE.Header.Parameters" target="https://www.iana.org/assignments/cose/cose.xhtml#header-parameters">
          <front>
            <title>COSE Header Parameters</title>
            <author>
              <organization>IANA</organization>
            </author>
            <date/>
          </front>
        </reference>
        <reference anchor="IANA.ACE.Groupcomm.Key.Types" target="https://www.iana.org/assignments/ace/ace.xhtml#ace-groupcomm-key-types">
          <front>
            <title>ACE Groupcomm Key Types</title>
            <author>
              <organization>IANA</organization>
            </author>
            <date/>
          </front>
        </reference>
        <reference anchor="IANA.ACE.Groupcomm.Profiles" target="https://www.iana.org/assignments/ace/ace.xhtml#ace-groupcomm-profiles">
          <front>
            <title>ACE Groupcomm Profiles</title>
            <author>
              <organization>IANA</organization>
            </author>
            <date/>
          </front>
        </reference>
        <reference anchor="IANA.Resource.Type.Values" target="https://www.iana.org/assignments/core-parameters/core-parameters.xhtml#rt-link-target-att-value">
          <front>
            <title>Resource Type (rt=) Link Target Attribute Values</title>
            <author>
              <organization>IANA</organization>
            </author>
            <date/>
          </front>
        </reference>
        <reference anchor="IANA.CoAP.Content.Formats" target="https://www.iana.org/assignments/core-parameters/core-parameters.xhtml#content-formats">
          <front>
            <title>CoAP Content-Formats</title>
            <author>
              <organization>IANA</organization>
            </author>
            <date/>
          </front>
        </reference>
        <reference anchor="IANA.TLS.Exporter.Labels" target="https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#exporter-labels">
          <front>
            <title>TLS Exporter Labels</title>
            <author>
              <organization>IANA</organization>
            </author>
            <date/>
          </front>
        </reference>
        <reference anchor="I-D.ietf-core-coap-pubsub">
          <front>
            <title>A publish-subscribe architecture for the Constrained Application Protocol (CoAP)</title>
            <author fullname="Jaime Jimenez" initials="J." surname="Jimenez">
              <organization>Ericsson</organization>
            </author>
            <author fullname="Michael Koster" initials="M." surname="Koster">
              <organization>Dogtiger Labs</organization>
            </author>
            <author fullname="Ari Keränen" initials="A." surname="Keränen">
              <organization>Ericsson</organization>
            </author>
            <date day="2" month="July" year="2026"/>
            <abstract>
              <t>   This document describes a publish-subscribe architecture for the
   Constrained Application Protocol (CoAP), extending the capabilities
   of CoAP communications for supporting endpoints with long breaks in
   connectivity and/or up-time.  CoAP clients publish on and subscribe
   to a topic via a corresponding topic resource at a CoAP server acting
   as broker.

              </t>
            </abstract>
          </front>
          <seriesInfo name="Internet-Draft" value="draft-ietf-core-coap-pubsub-21"/>
        </reference>
        <reference anchor="RFC3986">
          <front>
            <title>Uniform Resource Identifier (URI): Generic Syntax</title>
            <author fullname="T. Berners-Lee" initials="T." surname="Berners-Lee"/>
            <author fullname="R. Fielding" initials="R." surname="Fielding"/>
            <author fullname="L. Masinter" initials="L." surname="Masinter"/>
            <date month="January" year="2005"/>
            <abstract>
              <t>A Uniform Resource Identifier (URI) is a compact sequence of characters that identifies an abstract or physical resource. This specification defines the generic URI syntax and a process for resolving URI references that might be in relative form, along with guidelines and security considerations for the use of URIs on the Internet. The URI syntax defines a grammar that is a superset of all valid URIs, allowing an implementation to parse the common components of a URI reference without knowing the scheme-specific requirements of every possible identifier. This specification does not define a generative grammar for URIs; that task is performed by the individual specifications of each URI scheme. [STANDARDS-TRACK]</t>
            </abstract>
          </front>
          <seriesInfo name="STD" value="66"/>
          <seriesInfo name="RFC" value="3986"/>
          <seriesInfo name="DOI" value="10.17487/RFC3986"/>
        </reference>
        <reference anchor="RFC5246">
          <front>
            <title>The Transport Layer Security (TLS) Protocol Version 1.2</title>
            <author fullname="T. Dierks" initials="T." surname="Dierks"/>
            <author fullname="E. Rescorla" initials="E." surname="Rescorla"/>
            <date month="August" year="2008"/>
            <abstract>
              <t>This document specifies Version 1.2 of the Transport Layer Security (TLS) protocol. The TLS protocol provides communications security over the Internet. The protocol allows client/server applications to communicate in a way that is designed to prevent eavesdropping, tampering, or message forgery. [STANDARDS-TRACK]</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="5246"/>
          <seriesInfo name="DOI" value="10.17487/RFC5246"/>
        </reference>
        <reference anchor="RFC5705">
          <front>
            <title>Keying Material Exporters for Transport Layer Security (TLS)</title>
            <author fullname="E. Rescorla" initials="E." surname="Rescorla"/>
            <date month="March" year="2010"/>
            <abstract>
              <t>A number of protocols wish to leverage Transport Layer Security (TLS) to perform key establishment but then use some of the keying material for their own purposes. This document describes a general mechanism for allowing that. [STANDARDS-TRACK]</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="5705"/>
          <seriesInfo name="DOI" value="10.17487/RFC5705"/>
        </reference>
        <reference anchor="RFC6347">
          <front>
            <title>Datagram Transport Layer Security Version 1.2</title>
            <author fullname="E. Rescorla" initials="E." surname="Rescorla"/>
            <author fullname="N. Modadugu" initials="N." surname="Modadugu"/>
            <date month="January" year="2012"/>
            <abstract>
              <t>This document specifies version 1.2 of the Datagram Transport Layer Security (DTLS) protocol. The DTLS protocol provides communications privacy for datagram protocols. The protocol allows client/server applications to communicate in a way that is designed to prevent eavesdropping, tampering, or message forgery. The DTLS protocol is based on the Transport Layer Security (TLS) protocol and provides equivalent security guarantees. Datagram semantics of the underlying transport are preserved by the DTLS protocol. This document updates DTLS 1.0 to work with TLS version 1.2. [STANDARDS-TRACK]</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="6347"/>
          <seriesInfo name="DOI" value="10.17487/RFC6347"/>
        </reference>
        <reference anchor="RFC6690">
          <front>
            <title>Constrained RESTful Environments (CoRE) Link Format</title>
            <author fullname="Z. Shelby" initials="Z." surname="Shelby"/>
            <date month="August" year="2012"/>
            <abstract>
              <t>This specification defines Web Linking using a link format for use by constrained web servers to describe hosted resources, their attributes, and other relationships between links. Based on the HTTP Link Header field defined in RFC 5988, the Constrained RESTful Environments (CoRE) Link Format is carried as a payload and is assigned an Internet media type. "RESTful" refers to the Representational State Transfer (REST) architecture. A well-known URI is defined as a default entry point for requesting the links hosted by a server. [STANDARDS-TRACK]</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="6690"/>
          <seriesInfo name="DOI" value="10.17487/RFC6690"/>
        </reference>
        <reference anchor="RFC6749">
          <front>
            <title>The OAuth 2.0 Authorization Framework</title>
            <author fullname="D. Hardt" initials="D." role="editor" surname="Hardt"/>
            <date month="October" year="2012"/>
            <abstract>
              <t>The OAuth 2.0 authorization framework enables a third-party application to obtain limited access to an HTTP service, either on behalf of a resource owner by orchestrating an approval interaction between the resource owner and the HTTP service, or by allowing the third-party application to obtain access on its own behalf. This specification replaces and obsoletes the OAuth 1.0 protocol described in RFC 5849. [STANDARDS-TRACK]</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="6749"/>
          <seriesInfo name="DOI" value="10.17487/RFC6749"/>
        </reference>
        <reference anchor="RFC7252">
          <front>
            <title>The Constrained Application Protocol (CoAP)</title>
            <author fullname="Z. Shelby" initials="Z." surname="Shelby"/>
            <author fullname="K. Hartke" initials="K." surname="Hartke"/>
            <author fullname="C. Bormann" initials="C." surname="Bormann"/>
            <date month="June" year="2014"/>
            <abstract>
              <t>The Constrained Application Protocol (CoAP) is a specialized web transfer protocol for use with constrained nodes and constrained (e.g., low-power, lossy) networks. The nodes often have 8-bit microcontrollers with small amounts of ROM and RAM, while constrained networks such as IPv6 over Low-Power Wireless Personal Area Networks (6LoWPANs) often have high packet error rates and a typical throughput of 10s of kbit/s. The protocol is designed for machine- to-machine (M2M) applications such as smart energy and building automation.</t>
              <t>CoAP provides a request/response interaction model between application endpoints, supports built-in discovery of services and resources, and includes key concepts of the Web such as URIs and Internet media types. CoAP is designed to easily interface with HTTP for integration with the Web while meeting specialized requirements such as multicast support, very low overhead, and simplicity for constrained environments.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="7252"/>
          <seriesInfo name="DOI" value="10.17487/RFC7252"/>
        </reference>
        <reference anchor="RFC7641">
          <front>
            <title>Observing Resources in the Constrained Application Protocol (CoAP)</title>
            <author fullname="K. Hartke" initials="K." surname="Hartke"/>
            <date month="September" year="2015"/>
            <abstract>
              <t>The Constrained Application Protocol (CoAP) is a RESTful application protocol for constrained nodes and networks. The state of a resource on a CoAP server can change over time. This document specifies a simple protocol extension for CoAP that enables CoAP clients to "observe" resources, i.e., to retrieve a representation of a resource and keep this representation updated by the server over a period of time. The protocol follows a best-effort approach for sending new representations to clients and provides eventual consistency between the state observed by each client and the actual resource state at the server.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="7641"/>
          <seriesInfo name="DOI" value="10.17487/RFC7641"/>
        </reference>
        <reference anchor="RFC7925">
          <front>
            <title>Transport Layer Security (TLS) / Datagram Transport Layer Security (DTLS) Profiles for the Internet of Things</title>
            <author fullname="H. Tschofenig" initials="H." role="editor" surname="Tschofenig"/>
            <author fullname="T. Fossati" initials="T." surname="Fossati"/>
            <date month="July" year="2016"/>
            <abstract>
              <t>A common design pattern in Internet of Things (IoT) deployments is the use of a constrained device that collects data via sensors or controls actuators for use in home automation, industrial control systems, smart cities, and other IoT deployments.</t>
              <t>This document defines a Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS) 1.2 profile that offers communications security for this data exchange thereby preventing eavesdropping, tampering, and message forgery. The lack of communication security is a common vulnerability in IoT products that can easily be solved by using these well-researched and widely deployed Internet security protocols.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="7925"/>
          <seriesInfo name="DOI" value="10.17487/RFC7925"/>
        </reference>
        <reference anchor="RFC8392">
          <front>
            <title>CBOR Web Token (CWT)</title>
            <author fullname="M. Jones" initials="M." surname="Jones"/>
            <author fullname="E. Wahlstroem" initials="E." surname="Wahlstroem"/>
            <author fullname="S. Erdtman" initials="S." surname="Erdtman"/>
            <author fullname="H. Tschofenig" initials="H." surname="Tschofenig"/>
            <date month="May" year="2018"/>
            <abstract>
              <t>CBOR Web Token (CWT) is a compact means of representing claims to be transferred between two parties. The claims in a CWT are encoded in the Concise Binary Object Representation (CBOR), and CBOR Object Signing and Encryption (COSE) is used for added application-layer security protection. A claim is a piece of information asserted about a subject and is represented as a name/value pair consisting of a claim name and a claim value. CWT is derived from JSON Web Token (JWT) but uses CBOR rather than JSON.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="8392"/>
          <seriesInfo name="DOI" value="10.17487/RFC8392"/>
        </reference>
        <reference anchor="RFC8446">
          <front>
            <title>The Transport Layer Security (TLS) Protocol Version 1.3</title>
            <author fullname="E. Rescorla" initials="E." surname="Rescorla"/>
            <date month="August" year="2018"/>
            <abstract>
              <t>This document specifies version 1.3 of the Transport Layer Security (TLS) protocol. TLS allows client/server applications to communicate over the Internet in a way that is designed to prevent eavesdropping, tampering, and message forgery.</t>
              <t>This document updates RFCs 5705 and 6066, and obsoletes RFCs 5077, 5246, and 6961. This document also specifies new requirements for TLS 1.2 implementations.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="8446"/>
          <seriesInfo name="DOI" value="10.17487/RFC8446"/>
        </reference>
        <reference anchor="RFC8447">
          <front>
            <title>IANA Registry Updates for TLS and DTLS</title>
            <author fullname="J. Salowey" initials="J." surname="Salowey"/>
            <author fullname="S. Turner" initials="S." surname="Turner"/>
            <date month="August" year="2018"/>
            <abstract>
              <t>This document describes a number of changes to TLS and DTLS IANA registries that range from adding notes to the registry all the way to changing the registration policy. These changes were mostly motivated by WG review of the TLS- and DTLS-related registries undertaken as part of the TLS 1.3 development process.</t>
              <t>This document updates the following RFCs: 3749, 5077, 4680, 5246, 5705, 5878, 6520, and 7301.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="8447"/>
          <seriesInfo name="DOI" value="10.17487/RFC8447"/>
        </reference>
        <reference anchor="RFC8610">
          <front>
            <title>Concise Data Definition Language (CDDL): A Notational Convention to Express Concise Binary Object Representation (CBOR) and JSON Data Structures</title>
            <author fullname="H. Birkholz" initials="H." surname="Birkholz"/>
            <author fullname="C. Vigano" initials="C." surname="Vigano"/>
            <author fullname="C. Bormann" initials="C." surname="Bormann"/>
            <date month="June" year="2019"/>
            <abstract>
              <t>This document proposes a notational convention to express Concise Binary Object Representation (CBOR) data structures (RFC 7049). Its main goal is to provide an easy and unambiguous way to express structures for protocol messages and data formats that use CBOR or JSON.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="8610"/>
          <seriesInfo name="DOI" value="10.17487/RFC8610"/>
        </reference>
        <reference anchor="RFC8949">
          <front>
            <title>Concise Binary Object Representation (CBOR)</title>
            <author fullname="C. Bormann" initials="C." surname="Bormann"/>
            <author fullname="P. Hoffman" initials="P." surname="Hoffman"/>
            <date month="December" year="2020"/>
            <abstract>
              <t>The Concise Binary Object Representation (CBOR) is a data format whose design goals include the possibility of extremely small code size, fairly small message size, and extensibility without the need for version negotiation. These design goals make it different from earlier binary serializations such as ASN.1 and MessagePack.</t>
              <t>This document obsoletes RFC 7049, providing editorial improvements, new details, and errata fixes while keeping full compatibility with the interchange format of RFC 7049. It does not create a new version of the format.</t>
            </abstract>
          </front>
          <seriesInfo name="STD" value="94"/>
          <seriesInfo name="RFC" value="8949"/>
          <seriesInfo name="DOI" value="10.17487/RFC8949"/>
        </reference>
        <reference anchor="RFC9052">
          <front>
            <title>CBOR Object Signing and Encryption (COSE): Structures and Process</title>
            <author fullname="J. Schaad" initials="J." surname="Schaad"/>
            <date month="August" year="2022"/>
            <abstract>
              <t>Concise Binary Object Representation (CBOR) is a data format designed for small code size and small message size. There is a need to be able to define basic security services for this data format. This document defines the CBOR Object Signing and Encryption (COSE) protocol. This specification describes how to create and process signatures, message authentication codes, and encryption using CBOR for serialization. This specification additionally describes how to represent cryptographic keys using CBOR.</t>
              <t>This document, along with RFC 9053, obsoletes RFC 8152.</t>
            </abstract>
          </front>
          <seriesInfo name="STD" value="96"/>
          <seriesInfo name="RFC" value="9052"/>
          <seriesInfo name="DOI" value="10.17487/RFC9052"/>
        </reference>
        <reference anchor="RFC9053">
          <front>
            <title>CBOR Object Signing and Encryption (COSE): Initial Algorithms</title>
            <author fullname="J. Schaad" initials="J." surname="Schaad"/>
            <date month="August" year="2022"/>
            <abstract>
              <t>Concise Binary Object Representation (CBOR) is a data format designed for small code size and small message size. There is a need to be able to define basic security services for this data format. This document defines a set of algorithms that can be used with the CBOR Object Signing and Encryption (COSE) protocol (RFC 9052).</t>
              <t>This document, along with RFC 9052, obsoletes RFC 8152.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="9053"/>
          <seriesInfo name="DOI" value="10.17487/RFC9053"/>
        </reference>
        <reference anchor="RFC9147">
          <front>
            <title>The Datagram Transport Layer Security (DTLS) Protocol Version 1.3</title>
            <author fullname="E. Rescorla" initials="E." surname="Rescorla"/>
            <author fullname="H. Tschofenig" initials="H." surname="Tschofenig"/>
            <author fullname="N. Modadugu" initials="N." surname="Modadugu"/>
            <date month="April" year="2022"/>
            <abstract>
              <t>This document specifies version 1.3 of the Datagram Transport Layer Security (DTLS) protocol. DTLS 1.3 allows client/server applications to communicate over the Internet in a way that is designed to prevent eavesdropping, tampering, and message forgery.</t>
              <t>The DTLS 1.3 protocol is based on the Transport Layer Security (TLS) 1.3 protocol and provides equivalent security guarantees with the exception of order protection / non-replayability. Datagram semantics of the underlying transport are preserved by the DTLS protocol.</t>
              <t>This document obsoletes RFC 6347.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="9147"/>
          <seriesInfo name="DOI" value="10.17487/RFC9147"/>
        </reference>
        <reference anchor="RFC9200">
          <front>
            <title>Authentication and Authorization for Constrained Environments Using the OAuth 2.0 Framework (ACE-OAuth)</title>
            <author fullname="L. Seitz" initials="L." surname="Seitz"/>
            <author fullname="G. Selander" initials="G." surname="Selander"/>
            <author fullname="E. Wahlstroem" initials="E." surname="Wahlstroem"/>
            <author fullname="S. Erdtman" initials="S." surname="Erdtman"/>
            <author fullname="H. Tschofenig" initials="H." surname="Tschofenig"/>
            <date month="August" year="2022"/>
            <abstract>
              <t>This specification defines a framework for authentication and authorization in Internet of Things (IoT) environments called ACE-OAuth. The framework is based on a set of building blocks including OAuth 2.0 and the Constrained Application Protocol (CoAP), thus transforming a well-known and widely used authorization solution into a form suitable for IoT devices. Existing specifications are used where possible, but extensions are added and profiles are defined to better serve the IoT use cases.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="9200"/>
          <seriesInfo name="DOI" value="10.17487/RFC9200"/>
        </reference>
        <reference anchor="RFC9237">
          <front>
            <title>An Authorization Information Format (AIF) for Authentication and Authorization for Constrained Environments (ACE)</title>
            <author fullname="C. Bormann" initials="C." surname="Bormann"/>
            <date month="August" year="2022"/>
            <abstract>
              <t>Information about which entities are authorized to perform what operations on which constituents of other entities is a crucial component of producing an overall system that is secure. Conveying precise authorization information is especially critical in highly automated systems with large numbers of entities, such as the Internet of Things.</t>
              <t>This specification provides a generic information model and format for representing such authorization information, as well as two variants of a specific instantiation of that format for use with Representational State Transfer (REST) resources identified by URI path.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="9237"/>
          <seriesInfo name="DOI" value="10.17487/RFC9237"/>
        </reference>
        <reference anchor="RFC9277">
          <front>
            <title>On Stable Storage for Items in Concise Binary Object Representation (CBOR)</title>
            <author fullname="M. Richardson" initials="M." surname="Richardson"/>
            <author fullname="C. Bormann" initials="C." surname="Bormann"/>
            <date month="August" year="2022"/>
            <abstract>
              <t>This document defines a stored ("file") format for Concise Binary Object Representation (CBOR) data items that is friendly to common systems that recognize file types, such as the Unix file(1) command.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="9277"/>
          <seriesInfo name="DOI" value="10.17487/RFC9277"/>
        </reference>
        <reference anchor="RFC9290">
          <front>
            <title>Concise Problem Details for Constrained Application Protocol (CoAP) APIs</title>
            <author fullname="T. Fossati" initials="T." surname="Fossati"/>
            <author fullname="C. Bormann" initials="C." surname="Bormann"/>
            <date month="October" year="2022"/>
            <abstract>
              <t>This document defines a concise "problem detail" as a way to carry machine-readable details of errors in a Representational State Transfer (REST) response to avoid the need to define new error response formats for REST APIs for constrained environments. The format is inspired by, but intended to be more concise than, the problem details for HTTP APIs defined in RFC 7807.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="9290"/>
          <seriesInfo name="DOI" value="10.17487/RFC9290"/>
        </reference>
        <reference anchor="RFC9338">
          <front>
            <title>CBOR Object Signing and Encryption (COSE): Countersignatures</title>
            <author fullname="J. Schaad" initials="J." surname="Schaad"/>
            <date month="December" year="2022"/>
            <abstract>
              <t>Concise Binary Object Representation (CBOR) is a data format designed for small code size and small message size. CBOR Object Signing and Encryption (COSE) defines a set of security services for CBOR. This document defines a countersignature algorithm along with the needed header parameters and CBOR tags for COSE. This document updates RFC 9052.</t>
            </abstract>
          </front>
          <seriesInfo name="STD" value="96"/>
          <seriesInfo name="RFC" value="9338"/>
          <seriesInfo name="DOI" value="10.17487/RFC9338"/>
        </reference>
        <reference anchor="RFC9430">
          <front>
            <title>Extension of the Datagram Transport Layer Security (DTLS) Profile for Authentication and Authorization for Constrained Environments (ACE) to Transport Layer Security (TLS)</title>
            <author fullname="O. Bergmann" initials="O." surname="Bergmann"/>
            <author fullname="J. Preuß Mattsson" initials="J." surname="Preuß Mattsson"/>
            <author fullname="G. Selander" initials="G." surname="Selander"/>
            <date month="July" year="2023"/>
            <abstract>
              <t>This document updates "Datagram Transport Layer Security (DTLS) Profile for Authentication and Authorization for Constrained Environments (ACE)" (RFC 9202) by specifying that the profile applies to TLS as well as DTLS.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="9430"/>
          <seriesInfo name="DOI" value="10.17487/RFC9430"/>
        </reference>
        <reference anchor="RFC9594">
          <front>
            <title>Key Provisioning for Group Communication Using Authentication and Authorization for Constrained Environments (ACE)</title>
            <author fullname="F. Palombini" initials="F." surname="Palombini"/>
            <author fullname="M. Tiloca" initials="M." surname="Tiloca"/>
            <date month="September" year="2024"/>
            <abstract>
              <t>This document defines how to use the Authentication and Authorization for Constrained Environments (ACE) framework to distribute keying material and configuration parameters for secure group communication. Candidate group members that act as Clients and are authorized to join a group can do so by interacting with a Key Distribution Center (KDC) acting as the Resource Server, from which they obtain the keying material to communicate with other group members. While defining general message formats as well as the interface and operations available at the KDC, this document supports different approaches and protocols for secure group communication. Therefore, details are delegated to separate application profiles of this document as specialized instances that target a particular group communication approach and define how communications in the group are protected. Compliance requirements for such application profiles are also specified.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="9594"/>
          <seriesInfo name="DOI" value="10.17487/RFC9594"/>
        </reference>
        <reference anchor="RFC2119">
          <front>
            <title>Key words for use in RFCs to Indicate Requirement Levels</title>
            <author fullname="S. Bradner" initials="S." surname="Bradner"/>
            <date month="March" year="1997"/>
            <abstract>
              <t>In many standards track documents several words are used to signify the requirements in the specification. These words are often capitalized. This document defines these words as they should be interpreted in IETF documents. This document specifies an Internet Best Current Practices for the Internet Community, and requests discussion and suggestions for improvements.</t>
            </abstract>
          </front>
          <seriesInfo name="BCP" value="14"/>
          <seriesInfo name="RFC" value="2119"/>
          <seriesInfo name="DOI" value="10.17487/RFC2119"/>
        </reference>
        <reference anchor="RFC8174">
          <front>
            <title>Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words</title>
            <author fullname="B. Leiba" initials="B." surname="Leiba"/>
            <date month="May" year="2017"/>
            <abstract>
              <t>RFC 2119 specifies common key words that may be used in protocol specifications. This document aims to reduce the ambiguity by clarifying that only UPPERCASE usage of the key words have the defined special meanings.</t>
            </abstract>
          </front>
          <seriesInfo name="BCP" value="14"/>
          <seriesInfo name="RFC" value="8174"/>
          <seriesInfo name="DOI" value="10.17487/RFC8174"/>
        </reference>
      </references>
      <references anchor="sec-informative-references">
        <name>Informative References</name>
        <reference anchor="RFC8613">
          <front>
            <title>Object Security for Constrained RESTful Environments (OSCORE)</title>
            <author fullname="G. Selander" initials="G." surname="Selander"/>
            <author fullname="J. Mattsson" initials="J." surname="Mattsson"/>
            <author fullname="F. Palombini" initials="F." surname="Palombini"/>
            <author fullname="L. Seitz" initials="L." surname="Seitz"/>
            <date month="July" year="2019"/>
            <abstract>
              <t>This document defines Object Security for Constrained RESTful Environments (OSCORE), a method for application-layer protection of the Constrained Application Protocol (CoAP), using CBOR Object Signing and Encryption (COSE). OSCORE provides end-to-end protection between endpoints communicating using CoAP or CoAP-mappable HTTP. OSCORE is designed for constrained nodes and networks supporting a range of proxy operations, including translation between different transport protocols.</t>
              <t>Although an optional functionality of CoAP, OSCORE alters CoAP options processing and IANA registration. Therefore, this document updates RFC 7252.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="8613"/>
          <seriesInfo name="DOI" value="10.17487/RFC8613"/>
        </reference>
        <reference anchor="RFC8259">
          <front>
            <title>The JavaScript Object Notation (JSON) Data Interchange Format</title>
            <author fullname="T. Bray" initials="T." role="editor" surname="Bray"/>
            <date month="December" year="2017"/>
            <abstract>
              <t>JavaScript Object Notation (JSON) is a lightweight, text-based, language-independent data interchange format. It was derived from the ECMAScript Programming Language Standard. JSON defines a small set of formatting rules for the portable representation of structured data.</t>
              <t>This document removes inconsistencies with other specifications of JSON, repairs specification errors, and offers experience-based interoperability guidance.</t>
            </abstract>
          </front>
          <seriesInfo name="STD" value="90"/>
          <seriesInfo name="RFC" value="8259"/>
          <seriesInfo name="DOI" value="10.17487/RFC8259"/>
        </reference>
        <reference anchor="RFC9202">
          <front>
            <title>Datagram Transport Layer Security (DTLS) Profile for Authentication and Authorization for Constrained Environments (ACE)</title>
            <author fullname="S. Gerdes" initials="S." surname="Gerdes"/>
            <author fullname="O. Bergmann" initials="O." surname="Bergmann"/>
            <author fullname="C. Bormann" initials="C." surname="Bormann"/>
            <author fullname="G. Selander" initials="G." surname="Selander"/>
            <author fullname="L. Seitz" initials="L." surname="Seitz"/>
            <date month="August" year="2022"/>
            <abstract>
              <t>This specification defines a profile of the Authentication and Authorization for Constrained Environments (ACE) framework that allows constrained servers to delegate client authentication and authorization. The protocol relies on DTLS version 1.2 or later for communication security between entities in a constrained network using either raw public keys or pre-shared keys. A resource-constrained server can use this protocol to delegate management of authorization information to a trusted host with less-severe limitations regarding processing power and memory.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="9202"/>
          <seriesInfo name="DOI" value="10.17487/RFC9202"/>
        </reference>
        <reference anchor="RFC9203">
          <front>
            <title>The Object Security for Constrained RESTful Environments (OSCORE) Profile of the Authentication and Authorization for Constrained Environments (ACE) Framework</title>
            <author fullname="F. Palombini" initials="F." surname="Palombini"/>
            <author fullname="L. Seitz" initials="L." surname="Seitz"/>
            <author fullname="G. Selander" initials="G." surname="Selander"/>
            <author fullname="M. Gunnarsson" initials="M." surname="Gunnarsson"/>
            <date month="August" year="2022"/>
            <abstract>
              <t>This document specifies a profile for the Authentication and Authorization for Constrained Environments (ACE) framework. It utilizes Object Security for Constrained RESTful Environments (OSCORE) to provide communication security and proof-of-possession for a key owned by the client and bound to an OAuth 2.0 access token.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="9203"/>
          <seriesInfo name="DOI" value="10.17487/RFC9203"/>
        </reference>
        <reference anchor="RFC9770">
          <front>
            <title>Notification of Revoked Access Tokens in the Authentication and Authorization for Constrained Environments (ACE) Framework</title>
            <author fullname="M. Tiloca" initials="M." surname="Tiloca"/>
            <author fullname="F. Palombini" initials="F." surname="Palombini"/>
            <author fullname="S. Echeverria" initials="S." surname="Echeverria"/>
            <author fullname="G. Lewis" initials="G." surname="Lewis"/>
            <date month="June" year="2025"/>
            <abstract>
              <t>This document specifies a method of the Authentication and Authorization for Constrained Environments (ACE) framework, which allows an authorization server to notify clients and resource servers (i.e., registered devices) about revoked access tokens. As specified in this document, the method allows clients and resource servers (RSs) to access a Token Revocation List (TRL) on the authorization server by using the Constrained Application Protocol (CoAP), with the possible additional use of resource observation. Resulting (unsolicited) notifications of revoked access tokens complement alternative approaches such as token introspection, while not requiring additional endpoints on clients and RSs.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="9770"/>
          <seriesInfo name="DOI" value="10.17487/RFC9770"/>
        </reference>
        <reference anchor="I-D.ietf-cose-cbor-encoded-cert">
          <front>
            <title>CBOR Encoded X.509 Certificates (C509 Certificates)</title>
            <author fullname="John Preuß Mattsson" initials="J. P." surname="Mattsson">
              <organization>Ericsson AB</organization>
            </author>
            <author fullname="Göran Selander" initials="G." surname="Selander">
              <organization>Ericsson AB</organization>
            </author>
            <author fullname="Shahid Raza" initials="S." surname="Raza">
              <organization>University of Glasgow</organization>
            </author>
            <author fullname="Joel Höglund" initials="J." surname="Höglund">
              <organization>RISE AB</organization>
            </author>
            <author fullname="Martin Furuhed" initials="M." surname="Furuhed">
              <organization>IN Groupe</organization>
            </author>
            <author fullname="Lijun Liao" initials="L." surname="Liao">
              <organization>NIO</organization>
            </author>
            <date day="30" month="June" year="2026"/>
            <abstract>
              <t>   This document specifies a CBOR encoding of X.509 certificates.  The
   resulting certificates are called C509 certificates.  The CBOR
   encoding supports a large subset of RFC 5280 and common certificate
   profiles, and it is extensible.

   Two types of C509 certificates are defined.  One type is an
   invertible CBOR re-encoding of DER-encoded X.509 certificates with
   the signature field copied from the DER encoding.  The other type is
   identical except that the signature is computed over the CBOR
   encoding instead of the DER encoding, thereby avoiding the use of
   ASN.1.  Both types of certificates have the same semantics as X.509
   while providing comparable size reduction.

   This document also specifies CBOR-encoded data structures for
   certification requests and certification request templates, new COSE
   headers, as well as a TLS certificate type and a file format for
   C509.  This document updates RFC 6698 by extending the TLSA selectors
   registry to include C509 certificates.

              </t>
            </abstract>
          </front>
          <seriesInfo name="Internet-Draft" value="draft-ietf-cose-cbor-encoded-cert-20"/>
        </reference>
        <reference anchor="I-D.ietf-ace-key-groupcomm-oscore">
          <front>
            <title>Key Management for Group Object Security for Constrained RESTful Environments (Group OSCORE) Using Authentication and Authorization for Constrained Environments (ACE)</title>
            <author fullname="Marco Tiloca" initials="M." surname="Tiloca">
              <organization>RISE AB</organization>
            </author>
            <author fullname="Francesca Palombini" initials="F." surname="Palombini">
              <organization>Ericsson AB</organization>
            </author>
            <date day="14" month="March" year="2026"/>
            <abstract>
              <t>   This document defines an application profile of the Authentication
   and Authorization for Constrained Environments (ACE) framework, to
   request and provision keying material in group communication
   scenarios that are based on the Constrained Application Protocol
   (CoAP) and are secured with Group Object Security for Constrained
   RESTful Environments (Group OSCORE).  This application profile
   delegates the authentication and authorization of Clients, which join
   an OSCORE group through a Resource Server acting as Group Manager for
   that group.  This application profile leverages protocol-specific
   transport profiles of ACE to achieve communication security, server
   authentication, and proof of possession of a key owned by the Client
   and bound to an OAuth 2.0 access token.

              </t>
            </abstract>
          </front>
          <seriesInfo name="Internet-Draft" value="draft-ietf-ace-key-groupcomm-oscore-21"/>
        </reference>
      </references>
    </references>
    <?line 1285?>

<section anchor="groupcomm_requirements">
      <name>Requirements on Application Profiles</name>
      <t>This section lists how this application profile of ACE addresses the requirements defined in <xref section="A" sectionFormat="of" target="RFC9594"/>.</t>
      <section anchor="mandatory-to-address-requirements">
        <name>Mandatory-to-Address Requirements</name>
        <ul spacing="normal">
          <li>
            <t>REQ1: Specify the format and encoding of scope. This includes defining the set of possible roles and their identifiers, as well as the corresponding encoding to use in the scope entries according to the used scope format: see <xref target="scope"/>.</t>
          </li>
          <li>
            <t>REQ2: If scope uses AIF, register its specific instance of "Toid" and "Tperm" as media type parameters and a corresponding Content-Format, as per the guidelines in <xref target="RFC9237"/>: see <xref target="aif"/> and <xref target="content_formats"/>.</t>
          </li>
          <li>
            <t>REQ3: If used, specify the acceptable values for the 'sign_alg' parameter: values from the "Value" column of the "COSE Algorithms" registry <xref target="IANA.COSE.Algorithms"/>.</t>
          </li>
          <li>
            <t>REQ4: If used, specify the acceptable values and structure for the 'sign_parameters' parameter: values and structure from the COSE algorithm capabilities as specified in the "COSE Algorithms" registry <xref target="IANA.COSE.Algorithms"/>.</t>
          </li>
          <li>
            <t>REQ5: If used, specify the acceptable values and structure for the 'sign_key_parameters' parameter: values and structure from the COSE key type capabilities as specified in the "COSE Key Types" registry <xref target="IANA.COSE.Key.Types"/>.</t>
          </li>
          <li>
            <t>REQ6: Specify the acceptable formats for authentication credentials and, if applicable, the acceptable values for the 'cred_fmt' parameter: acceptable formats explicitly provide the public key as well as the comprehensive set of information related to the public key algorithm (see <xref target="token-post"/> and <xref target="join-response"/>). Consistent acceptable values for 'cred_fmt' are taken from the "Label" column of the "COSE Header Parameters" registry <xref target="IANA.COSE.Header.Parameters"/>.</t>
          </li>
          <li>
            <t>REQ7: If the value of the GROUPNAME URI path and the group name in the access token scope ('gname') are not required to coincide, specify the mechanism to map the GROUPNAME value in the URI to the group name: not applicable, since a perfect matching is required.</t>
          </li>
          <li>
            <t>REQ8: Define whether the KDC has an authentication credential as required for the correct group operation and if this has to be provided through the 'kdc_cred' parameter: optional, see <xref target="join-response"/>.</t>
          </li>
          <li>
            <t>REQ9: Specify if any part of the KDC interface as defined in <xref target="RFC9594"/> is not supported by the KDC: part of the KDC interface is optional to support, see <xref target="kdc-interface"/>.</t>
          </li>
          <li>
            <t>REQ10: Register a Resource Type for the group-membership resources, which is used to discover the correct URL for sending a Join Request to the KDC: the Resource Type (rt=) Link Target Attribute value "core.ps.gm" is registered in <xref target="core_rt"/>.</t>
          </li>
          <li>
            <t>REQ11: Define what specific actions (e.g., CoAP methods) are allowed on each resource accessible through the KDC interface, depending on: whether the Client is a current group member; the roles that a Client is authorised to take as per the obtained access token; and the roles that the Client has as a current group member: see <xref target="kdc-interface"/>.</t>
          </li>
          <li>
            <t>REQ12: Categorize possible newly defined operations for Clients into primary operations expected to be minimally supported and secondary operations, and provide accompanying considerations: no new operations are defined.</t>
          </li>
          <li>
            <t>REQ13: Specify the encoding of group identifiers: CBOR byte string, with value used also to identify the current group key used in the security group (see <xref target="join-response"/> and <xref target="query"/>).</t>
          </li>
          <li>
            <t>REQ14: Specify the approaches used to compute and verify the PoP evidence to include in the 'client_cred_verify' parameter and which of those approaches is used in which case: see <xref target="pop"/>.</t>
          </li>
          <li>
            <t>REQ15: Specify how N_S is generated, if the access token is not provided to the KDC through the Token Transfer Request sent to the /authz-info endpoint (e.g., the access token is instead transferred during the establishment of a secure communication association): see <xref target="pop"/>.</t>
          </li>
          <li>
            <t>REQ16: Define the initial value of the version number for the group keying material: the initial value <bcp14>MUST</bcp14> be set to 0 (see <xref target="join-response"/>).</t>
          </li>
          <li>
            <t>REQ17: Specify the format of the group keying material that is conveyed in the 'key' parameter: see <xref target="join-response"/>.</t>
          </li>
          <li>
            <t>REQ18: Specify the acceptable values of the 'gkty' parameter. For each of them, register a corresponding entry in the "ACE Groupcomm Key Types" IANA registry if such an entry does not exist already: Group_PubSub_Keying_Material, see <xref target="join-response"/> and <xref target="iana-ace-groupcomm-key"/>.</t>
          </li>
          <li>
            <t>REQ19: Specify and register the application profile identifier: coap_group_pubsub_app (see <xref target="join-response"/> and <xref target="iana-profile"/>).</t>
          </li>
          <li>
            <t>REQ20: If used, specify the format and default values of the entries of the CBOR map to include in the 'group_policies' parameter: not applicable.</t>
          </li>
          <li>
            <t>REQ21: Specify the approaches used to compute and verify the PoP evidence to include in the 'kdc_cred_verify' parameter and which of those approaches is used in which case. If external signature verifiers are supported, specify how those provide a nonce to the KDC to be used for computing the PoP evidence: see <xref target="join-response"/>.</t>
          </li>
          <li>
            <t>REQ22: Specify the communication protocol that members of the group use to communicate with each other (e.g., CoAP for group communication): CoAP <xref target="RFC7252"/>, used for Pub-Sub communications as defined in <xref target="I-D.ietf-core-coap-pubsub"/>.</t>
          </li>
          <li>
            <t>REQ23: Specify the security protocol that members of the group use to protect the group communication (e.g., Group OSCORE). This must provide encryption, integrity, and replay protection: Publishers in a group use a symmetric group key to protect published topic data as a COSE_Encrypt0 object, per the AEAD algorithm specified by the KDC. A Publisher also produces a COSE countersignature of the COSE_Encrypt0 object by using its private key, per the signature algorithm specified by the KDC.</t>
          </li>
          <li>
            <t>REQ24: Specify how the communication is secured between the Client and the KDC. Optionally, specify a transport profile of ACE <xref target="RFC9200"/> to use between the Client and the KDC: ACE transport profile such as for DTLS <xref target="RFC9202"/> or OSCORE <xref target="RFC9203"/>.</t>
          </li>
          <li>
            <t>REQ25: Specify the format of the node identifiers of group members: the Sender ID defined in <xref target="join-response"/>.</t>
          </li>
          <li>
            <t>REQ26: Specify policies at the KDC to handle node identifiers that are included in the 'get_creds' parameter but are not associated with any current group member: see <xref target="query"/>.</t>
          </li>
          <li>
            <t>REQ27: Specify the format of (newly generated) individual keying material for group members or of the information to derive such keying material, as well as the corresponding CBOR map key that has to be registered in the "ACE Groupcomm Parameters" registry: see <xref target="sec-key-renewal-request"/>.</t>
          </li>
          <li>
            <t>REQ28: Specify which CBOR tag is used for identifying the semantics of binary scopes, or register a new CBOR tag if a suitable one does not exist already: see <xref target="as-response"/> and <xref target="content_formats"/>.</t>
          </li>
          <li>
            <t>REQ29: Categorize newly defined parameters according to the same criteria of <xref section="8" sectionFormat="of" target="RFC9594"/>: a Publisher Client <bcp14>MUST</bcp14> support 'group_SenderId' in 'key'; see <xref target="join-response"/>.</t>
          </li>
          <li>
            <t>REQ30: Define whether Clients must, should, or may support the conditional parameters defined in <xref section="8" sectionFormat="of" target="RFC9594"/> and under which circumstances: a Publisher Client <bcp14>MUST</bcp14> support the client_cred' and 'client_cred_verify' parameters (see <xref target="join-request"/>). A Publisher Client that provides the access token to the KDC through the /authz-info endpoint <bcp14>MUST</bcp14> support the parameter 'kdcchallenge' (see <xref target="token-post"/>).</t>
          </li>
        </ul>
      </section>
      <section anchor="optional-to-address-requirements">
        <name>Optional-to-Address Requirements</name>
        <ul spacing="normal">
          <li>
            <t>OPT1: Optionally, if the textual format of scope is used, specify CBOR values to use for abbreviating the role identifiers in the group: not applicable.</t>
          </li>
          <li>
            <t>OPT2: Optionally, specify the additional parameters used in the exchange of Token Transfer Request and Response: none are defined.</t>
          </li>
          <li>
            <t>OPT3: Optionally, specify the negotiation of parameter values for signature algorithm and signature keys, if the 'sign_info' parameter is not used: see <xref target="token-post"/>.</t>
          </li>
          <li>
            <t>OPT4: Optionally, specify possible or required payload formats for specific error cases: see <xref target="join-error"/>.</t>
          </li>
          <li>
            <t>OPT5: Optionally, specify additional identifiers of error types as values of the 'error-id' field within the Custom Problem Detail entry 'ace-groupcomm-error': none are defined.</t>
          </li>
          <li>
            <t>OPT6: Optionally, specify the encoding of the 'creds_repo' parameter if the default one is not used: no encoding is defined.</t>
          </li>
          <li>
            <t>OPT7: Optionally, specify the functionalities implemented at the resource hosted by the Client at the URI indicated in the 'control_uri' parameter, including the encoding of exchanged messages and other details: no functionalities are defined.</t>
          </li>
          <li>
            <t>OPT8: Optionally, specify the behavior of the POST handler of group-membership resources, for the case when it fails to retrieve an authentication credential for the specific Client: The KDC <bcp14>MUST</bcp14> reply with a 4.00 (Bad Request) error response to the Join Request (see <xref target="join-error"/>).</t>
          </li>
          <li>
            <t>OPT9: Optionally, define a default group rekeying scheme to refer to in case the 'rekeying_scheme' parameter is not included in the Join Response: the "Point-to-Point" rekeying scheme registered in <xref section="11.13" sectionFormat="of" target="RFC9594"/>.</t>
          </li>
          <li>
            <t>OPT10: Optionally, specify the functionalities implemented at the resource hosted by the Client at the URI indicated in the 'control_group_uri' parameter, including the encoding of exchanged messages and other details: no functionalities are defined.</t>
          </li>
          <li>
            <t>OPT11: Optionally, specify policies that instruct Clients to retain messages and for how long, if those are unsuccessfully decrypted: no such policies are specified.</t>
          </li>
          <li>
            <t>OPT12: Optionally, specify for the KDC to perform a group rekeying when receiving a Key Renewal Request, together with or instead of renewing individual keying material: the KDC <bcp14>SHOULD</bcp14> perform a group rekeying if one is already scheduled to occur within an acceptably short time frame, otherwise it <bcp14>SHOULD NOT</bcp14> (see <xref target="sec-key-renewal-request"/>).</t>
          </li>
          <li>
            <t>OPT13: Optionally, specify how the identifier of a group member's authentication credential is included in requests sent to other group members: no such method is defined.</t>
          </li>
          <li>
            <t>OPT14: Optionally, specify additional information to include in rekeying messages for the "Point-to-Point" group rekeying scheme (see <xref section="6" sectionFormat="of" target="RFC9594"/>): no additional information is defined.</t>
          </li>
        </ul>
      </section>
    </section>
    <section anchor="sec-document-updates" removeInRFC="true">
      <name>Document Updates</name>
      <section anchor="sec-04-05">
        <name>Version -04 to -05</name>
        <ul spacing="normal">
          <li>
            <t>Alignment with draft-ietf-core-coap-pubsub-21:  </t>
            <ul spacing="normal">
              <li>
                <t>Generalized response code in successful responses from the Broker.</t>
              </li>
              <li>
                <t>Content-Format of certain messages to/from the Broker.</t>
              </li>
              <li>
                <t>Referred section numbers.</t>
              </li>
            </ul>
          </li>
          <li>
            <t>IANA registration request for the CoAP Pubsub Topic Properties 'kdc-uri' and 'sec-gp'.</t>
          </li>
          <li>
            <t>Editorial fixes.</t>
          </li>
        </ul>
      </section>
      <section anchor="sec-03-04">
        <name>Version -03 to -04</name>
        <ul spacing="normal">
          <li>
            <t>Minor fixes in the CDDL grammar of the scope entry.</t>
          </li>
          <li>
            <t>Explicitly mentioned that topic-data resources are hosted at the Broker.</t>
          </li>
          <li>
            <t>More consistent use of the terms "nonce" and "challenge".</t>
          </li>
          <li>
            <t>Moved up the statement of compliance with REQ7.</t>
          </li>
          <li>
            <t>Clarified that group names are consistent with the semantics of URI path segments.</t>
          </li>
          <li>
            <t>Added references to IANA registries.</t>
          </li>
          <li>
            <t>Editorial fixes.</t>
          </li>
        </ul>
      </section>
      <section anchor="sec-02-03">
        <name>Version -02 to -03</name>
        <ul spacing="normal">
          <li>
            <t>Updated introduction: clarified relationships between this document and related documents.</t>
          </li>
          <li>
            <t>Ensured consistency with RFC 9594 when using an optimized Join Request for re-joining a group (presence of the 'client_cred' parameter).</t>
          </li>
          <li>
            <t>Added the "Operational Considerations" section.</t>
          </li>
          <li>
            <t>Clarifications:  </t>
            <ul spacing="normal">
              <li>
                <t>Secure communications required as per the transport profile of ACE used.</t>
              </li>
              <li>
                <t>Explicitly mentioned the rationale for computing a proof-of-possession (PoP) evidence.</t>
              </li>
              <li>
                <t>Reasons for and flexibility of group rekeying.</t>
              </li>
            </ul>
          </li>
          <li>
            <t>Editorial fixes and improvements.</t>
          </li>
        </ul>
      </section>
      <section anchor="sec-01-02">
        <name>Version -01 to -02</name>
        <ul spacing="normal">
          <li>
            <t>Clarified high-level description of the authorisation flow.</t>
          </li>
          <li>
            <t>Clarified relation between a group rekeying and a Key Renewal Request.</t>
          </li>
          <li>
            <t>Editorial fixes and improvements.</t>
          </li>
        </ul>
      </section>
      <section anchor="sec-00-01">
        <name>Version -00 to -01</name>
        <ul spacing="normal">
          <li>
            <t>Clarified recommendations about randomness and size of nonces.</t>
          </li>
          <li>
            <t>Clarified generation of N_S if TLS is used with the KDC instead of DTLS.</t>
          </li>
          <li>
            <t>Added missing references to REQ and OPT requirements.</t>
          </li>
          <li>
            <t>Updated IANA considerations:  </t>
            <ul spacing="normal">
              <li>
                <t>Suggested values for IANA registrations.</t>
              </li>
              <li>
                <t>Renamed TLS Exporter Label.</t>
              </li>
              <li>
                <t>Fixed content types in the CoAP Content-Formats registrations.</t>
              </li>
            </ul>
          </li>
          <li>
            <t>Updated references.</t>
          </li>
          <li>
            <t>Editorial fixes and improvements.</t>
          </li>
        </ul>
      </section>
      <section anchor="sec-00">
        <name>Version -00</name>
        <ul spacing="normal">
          <li>
            <t>Imported content from draft-ietf-ace-pubsub-profile-11.</t>
          </li>
          <li>
            <t>Removed content about MQTT.</t>
          </li>
          <li>
            <t>New document title.</t>
          </li>
        </ul>
      </section>
    </section>
    <section numbered="false" anchor="acknowledgments">
      <name>Acknowledgments</name>
      <t>The authors wish to thank <contact fullname="Rikard Höglund"/>, <contact fullname="Ari Keränen"/>, <contact fullname="John Preuß Mattsson"/>, <contact fullname="Jim Schaad"/>, <contact fullname="Ludwig Seitz"/>, and <contact fullname="Göran Selander"/> for the useful discussion and reviews that helped shape this document.</t>
      <t>This work was supported by the Sweden's Innovation Agency VINNOVA within the EUREKA CELTIC-NEXT projects CRITISEC and CYPRESS; and by the H2020 project SIFIS-Home (Grant agreement 952652).</t>
    </section>
  </back>
  <!-- ##markdown-source:
H4sIAAAAAAAAA+y92XIbSZYo+J5m+Q/R1NglUQIgbkpJzOU2RTEz2aUUWSKz
qssq67KCQJCMFoBARwRIsSS1zW/M08zDfMN8wNw/mS8ZP5v7cQ+PACgpq6qv
NS0XEojw5fjxsy+DweDLL272kp0vv/jyizqvJ9leclDsnyQni4tJXl0PThcX
1ajML7LkpCwu80mWXBZlsr+or7NZnY/SOi9mSTob40dFmf+VPoGHDopZVZdp
PsvGyeHsJi+L2dS8VCUb+weHvS+/SC8uyszMbf6yc8J8MtOXX4yL0SydmiWN
y/SyHuRZfTlIR9lgVKTzwdyszLwwp4cHk7TOqhq2kc/LvaQuF1W9vbn5bHPb
zFRm6V5ymo0WZV7fffnF7RXN+oeifJPPrpIfymIx//KLN7d7ydGszspZVg9e
wJRffmF2uJdU9fjLL8xk07yqzO7qu7lZ09Hh2fcw3agYmzH2koVZ3FP4IEVI
7H35hQFtYn7yWbWXfD9MTtJJMb3IZzl9TDv7vkxno6wapeHXRWnGPCzzUVUV
M/oom6b5ZC+5lFeGc3nlnzN+cDgqpv7EB0Oz8dnVYqJnPcivxtnU+wLne14u
Ztkk+XmW32RlhbBSE48qfP6f09F0aB735/lpmJzlk2KU6nl+SstR4X2O07w+
Oj1M9p97g0/h0WGNj/5zmQ+rDGA5K8qpwaibbA8ePtp/tT88OD49HO5Prgyy
1dfTao9GsUBPEjsNPE4fjA1yGMClExgVPhBUP4aF2LH4u7S8ysypX9f1vNp7
9Oj29naYp7MU9vwoNRhwRXj8aFRUGf5n+Pa6nk4epN5AbrG/ze6GZwZnPsNa
zVAJDvWJS32T3Q0Ajf2F/pil46wcnqSlOT1zDz7DgmnIxA35iQu/xvEGc288
3IG50EO8yOYKTD8TzIFI2DE/GviGZMG/giWGgF3JmAM5iLZ9MC38nNuQIT/j
LuZqSNzE66wqFqV5GuA1/H06WXziFmRAPIBko6y/7SUv89mb5AzXn+zXteFS
izpLaLJ7o1mZKaQK/+ZNl/VgYuYc0LCDtK4HNzCbu0WGjZn/GB4yq4ffI+36
xDsEfJEHHPCAv8rWRjzHpZsDd3T28nR4+HZelObZ4cv0Ipt82obMeImMl9B4
99xPPan0dvw/eTcZz2CkApnhaPBiiAIE7l9JELiD198f7Dx7+pX8/nh71/3+
ZPOx/P7Vzu4T+/tXzzbt7092n8nvT7Yfb9vfv9rdsr8/27bjPN15Zp95uuvm
Mr/b8Z9+tWXHf/rMjf9s041vft+xv2+5d58Zycf9vqM+f6J+d+t/trPz1P6+
u+M+f/xsdw9lqtmlx4lpfXbup9uPn6m5t9Xvbn1PntC46iQqcxIXRTnIZkaK
ysaDUVbW/jNAZ4BGOlpTVHCCuCoQQes7fOH08OX3e8nan8xEg381P39egwcG
g0GSXoAUOkLR8Ow6rxIjVS4AlZJxdmmE08qIr0k6n09EmmVilhSXiZFyP4es
CyLbNLs10mY/qYskm6UXZvwK5NEswZ0lsLXFTCbJZzh1UwjfYBm5lxhx6Tqv
s1ENY8AS4AW9jH21JUPy62JUTJINICi95Jc/KYk6vBC//Lmf3F5npZ3f3Cvc
tl2G+dutNzMzmy1cXSepkR+LN4ZOJAhngWOZTXIDZYIsLmNQzbNRfpmPjJie
ziq4q/J0BWAHfmXglJodZjdZAJuKxfi++a00YioSIndAfVyqGc2MY/6ZF1WV
odQOf6WJwaWkuAX4XNwRyMziDC7ASxfFwvwXJp4lx3DGyfZw06zCCNuV+fhN
NuOdWQzifZhVw1Bm0pscpgKdAgbM4NaMMnwUZvfQxl4pQSFcSEUbNwuqAvA/
Ms+oE+jDE7fZZAL/b8xuZjM7hd/MDEY5SCe4IIFd4iimeTet7eSLipAJTsrg
Fgxgxs5L/wwqs7PxoC7MvR3b04c18PnDVXtVAGYUcPOTw3FeG1aRnEyytAKE
mE/MvU7WlqDhWnJrpGkcGEaZLaZm43QtzZLtIcDGxtkkQ0wEvDN7uyrT+fWQ
CMA0H48nqE08APWuLMaLEewCPjkyFzqZ8zWrItesGpnbWuZF30xxk4+AWhBY
lp1P8s0/DQa4/kk+NRd1bLZtEDq9yCfmAAaD77wrdJOn9vrQ9hh3KqN8AmDM
BMCbb9NynEwNPqZXsIiLrL7NMiAWICETcmaXl3ByN9nkjimNWR4c6hRAF6E2
cttTg0uK6sRuvQGtuWf5PEUQMJWqDCZZ3b0u5uZaG4XbzDGrciOrZ7DgKb7O
FBVf0BSXFmWYfDHKUwAVn7sBA443JNqdyX0TUlwn79618vUPHxyBt8v7JKr5
7h2z9w8fcEXPF/lkjLdt9vk5Bc0GjPzDhz4ObxGevjGsWW3xuriF21Zm/26E
39pga16xQEwEscxm2W2UJphzusyvFiUzP0UYCiEDjHFZkr01GDy7MvPlcHFi
rCtzewKENGeUG1o1MjPlIBPyO4IReMZM7tAOxHQIFgZIJCQzQ7r8b4WeNgUa
alYKryPCpKihvZCdw2oOMngi2fjti4OenayS2axSccqcxMxqblCZGZZkkPdi
4nAE54QNZYkZi4jtmOn+LAMOkZZ3Ufj6ENWXHhddmBFKHyqIXH+4Bt4ZO2qY
sphnJZNiXDTs8hJoanqT5hMUL+Dy0Go9VnFlEKE0S5MjZYHfblRAimMLfdHH
YgfNayS7V2B4M7/VZuJKroKPEx7rMRe/LAwlzJDbjDUmGfhUGcCrzmISWYXw
NwwEMANJQTpB1MjNlUKbGFAYDTIiIaQhpky9FpO0jGKuLIwZCgAbr1XA+pjq
Mc0qM7kk2bjBkq2Yc697x7iFGN/EizYBpF2IVQAZJj81bnI6LYjLO+o+oysi
WwlRhQUsQHrY1WUxmRgw3dJdt0vCk1Vz9wV77gIBWGizfxrMkxgCZhsdbIkG
MvyuSyo12AarRY3abMpcoG7uMWT5wGFNn+SLfwTpT243be1vJgt6Yl9ELAQx
JpADDQSLEkyAip2wlIGnrimZ3tNn2hKfmVyHidEnjHSYVffSRTay4dWwbzmy
4f/y686HD70+ILrd4z+g0iLSE9t4cAZGLhEmM2HFILjlJaB77abjEyE4Eq3T
qOCkUJijJPaJgpHFYcs5gL3MgLgpZDZkvaBjMl8FB+aURzQnE9w3H9sj2Hxs
jgBHN4+EOKEp6eeRbIdJQBFYgPCP04cwicRG+EkBgowfCNtpZjBOpOI2yIHl
Cz6pFoY1yRGi6JCbS2rQwmwzvwGKZ7aPZ/3unWEsAyFTAwNCumDX+bwywCoM
/t3k2S3dK+9bdZSa0CF4UU7Bp83i5StgDjN43XyWXpiRcQH/4X6SNK1urr78
4uEg+vPwyy/ex4Xz9/ANCcyGYG+kvUR+3ocjtI2d6J/3Yqhc8vPel9n7IeFZ
eZguArXqmj1CRjxFbh2A56xJseClYAgm31G0hFGIyPUTInIbo97GuNcYBdEX
RG6jHV+kILeZ8YbD4X2g/z9WABs8937l516w1GlQb1E78u9+bug5C/uQLpuf
4tuWn4LfRfkI2IAnHzFcutdnBVWRhwzEHEy/++67wJ70zTffrASDrnmj5/Fw
lXe/CS8mbNoppHAZ9dvv6Wo2rSfeDHiP06Zm7A0017EFZtLYUu1ATojauOgF
K1oFXivAqB0ngoFWQtaleM8D/VwRq7oAu4JGFbeNI9Z0LGuODrT0531UV/io
gUhRCpHbH+hmlYGWPdBKafwjXGWg92go8Ag7YB6pGrKcxkByPCLF4kA+OSEV
g0TGXutAoWiAA60AoMZDSJSVIIYDDZIfWlT8YKCHDmrh4fFAx61WBlCn38uV
eU+yWQz2vLVuu4x97X2ycdnbuOoFLJ7p0UrHnwRbA3EEhIe95E+tut6fzSMX
+Ahb3OCDkfpgGz4Yqw924IPMfmD0W/jg0n5gBFT44Ep9AK8ouchIaXvJg3Y5
jfyl364ds7AGXPqFsInX+sk1w2VqINCDdGJExW/XRgjbtQ9tVvh9UrMuirou
pmQg6JIX+2Cnb4UdWOlzkSQvjcpuiFOCXlc2vqDqllXob5P1mxcMLzbP1kZn
X1Ry//AFHKVUIuYweZ6ZbzO5Nmx8N6KI2ZQRz3yfghtDrcS6EYycmhjhe1Yv
0glObeYRw9cGwMisdDFBFeCyLKY9ty9/RUabmtmpte9hZuCNIjBY/8mE56kz
l2aIKrNmslazNHBWUDin/17Xzp6NmoLvwSSWy/ZfPRPLakznwdxi0OCn352d
mVHhf4Pj/dOj08GpYSfjtBwPbh6Deeg0n+ZgH0vH6bzmqw8jpZOqSLK3dUa6
5uWiRHXAU5lRnSZKEdtXNRwMvkMvzIPkLCun+ayYFFd3opyCjmuweFwlaz/9
fHq21qf/J6+O8ffXh7/7+ej14Qv4/fTH/Zcv7S9f8BOnPx7//PKF+829eXD8
00+Hr17Qy+bTxPvoi7Wf9v+4RuL12vHJ2dHxq/2Xa6QCekpQiSC8YBOpQWpQ
hNLqCzkE5IHPD07+3/9ra9cA+Z8MPm1vbT0z50Z/PN16AjbJW8Qd0lgNDtKf
YBb7wpxVZmAPBtHJxIB9ntcG7mjcqa5B0QOT2PCLL37zJ4DMn/eSby5G863d
7/gD2LD3ocDM+xBh1vyk8TIBMfJRZBoLTe/zANL+evf/6P0tcFcffvPfJ2CB
HWw9/e/ffQFY8hpDvyo8iOztnMwQdCKXqUHb3MAObjqGBvwGTfXmnKaVWFtH
2byuEu+00GvTEHKX+nGUa2Zo52F8xhEwMCHPrLFY+cK8qw745eQnZ77BCSCo
BCaI2SDz2WiyAP8DWYL6DVfGxuvTXj+ydPl6/7Q3dHDynzlStkmKOTLPH33f
k33vPDFovGBpyJxECaamVvPmsOM4rD2BDTRLLM3tpmW2U/oGWPR5wR+hKp7P
og4A8fVaPwNDGZdG0co500Rztd7iHAZx35ozNHSffeXspgbLGlBWw3HvQDxL
x2MCE9z7OQySTvTn4LjLSzQWmxsPhiBx4nbBL0DngxcvXhJcIHgI4HLw/Pg1
f/IMsIlQosOURr/u7DxlA/iKE4MiqN2jCQkeIgHA+8maYR7zwhBPlBgQf9DG
T/4DNLuZcekS4K3I3WWju2BWn0/hDtUO5CUjfkUGMkMr//IIzZ5/wfX+5VEO
Ln8E51/Ewrx/2ucvAWv/OgBstV++PqU7jXty6wAveW4mMEs38lD6y59ndMvv
4qZDUo2ZKa5p2PQTkhOs98tjM91AJzcIstYYAqOcQ6JDGpzQclfHPm7kjrhb
VtX0XmNzUc+ZM9Wnk9KQ6RAo8IXny0qQhpmJyAtl5JM7OlJkqckakTXg19Y7
JJ+Ym742K8bZGoMKA1v3zPhVhqZt+I6t2dV1yhafiHG41Qfi+SmaPg7y2hrO
lM7QJqq83BbVUWQkZ06yZidBANCyEzL8MCYQEwOHIOIEObNnyVojRmJNsPA6
BZIxyW7AGCCYqx8HRwft8RZiQ6zDHQAiODcC6dW5E1YPbQFqm6rQjMO36XQ+
Qaijzw2McU3hiTkFUwwgTOM8vZoVlUEUAIPFJcUS3707ZdvlUzhbS8dwZ+7L
H+RLJHtDo2s2B4ZjpF2W4BY1oqzlYewngD0ZGdfoBqBOkNJi7fnsIGUsWQd0
osuJEcDkm30Qho+gJG5VuHcPxPT+IRaM6InyBbrflKDBO1a+7QJ8mBjX03Am
+RZseBPE67HWwLXfrbI+gRDq2wxY4bPklQ1EGrrYrAX62A5QnxdoLr70NJ6R
+Dsx1omd0dqW4TxN4vNoCTQLRwwjLIggm3vcuE3mxkJIFizN0vYpCOHkTxOP
z4tsns10nI8aqC+PmRfvCCYVUiEgEOaWTEFxhTQlfKiyTMQMtChn+NJ1epPx
CkHGdw8ThSqSAvWDBV67Kd7P5Do3h2do590w2Q8hzlI66H5BQJUhkeb1SST2
apj8WNyCa7TfFaBlhPbYsFPQmOeT8OiNFPU9q4kSHMK8DPGGcY9BCmD3A9oM
TG6NUAipETZuje/uoraRZCODxg212MVJWGWYJyUU9URw0qwQ6fFzIB/74mBF
1Zfc8amjiciDUkUR8YMLww3EiXJxp60VENZSTLNEHyu/y18jI6nUKYhRosqn
cAoAVHDeKJoU+Ekd+fB9rm6RlspLiA2Lls/N5F2e0WZ0FslH4qbneCoDKQyp
OuVTFmdmJbL9i7wy0sAIFuZL7xxV1WkiRPtDfCq0liMiSQSK8A8BIgRshVN+
XxZTvEhX1wPilSiaApSBDvY9vuiHmakhrdcfI9MC/McxyszgQnFh8H8mCgJd
plAcUWKHooLIYMwDl3dCdJEUOgsyi5vqThKWhX5Y64j1zLOhSfVh87OHwSuB
fxSNt2TAhRMUo29ouk5E8ZS/3/uHHX0FtdREvWJ+GCvaZgn+xs8Ig2KvfMT2
3U/Tq/M/Wp+NGsb1EsxWe0lgxG48u4I/xns2YjBPNp7LPG5v79V74Kq5CWzt
zRUl4egPAxeG9SUmG8d2wu+a/jwrD7TtDj5lSiOvMG32ZznonMUfLz6LfuUj
tq/vGlv3kZ+IIX8/NPHKzpGmRI00cPlbyCJY980UHZb/ZWQdLYYLVgCQ4Yu2
iquzYaCGRlmqJySfolp9vTAaxWdYxR+uM/GLcRgX8ysr43u8u89qvFsNLvQi
a9gYlEKOcvy9NN5k4/Xh77a3ew3r2q1eLoTrNP2krOcBmR2gB05MEEEID8qQ
V/kNiDMoIuYg26NibRj5KK8gYjGMeWsNgTdIUYMEJHGRsflBHigqCFy+k5nA
VJJfojuk5tgzFLpn3rRdUlUEAkPybkTiPX2tb8RBqXdWxlF+An0HAhVbLDlL
3BUodnV7I8TnsD+ZrHQZEMkQB9SS9BUwvARZK4u2IN/3UfS7311rxBq2hxoi
oF6cvTzF7arAQ/zi+PTg+PVhL7FajorfDi8uIrsVWYzmthhlymQJS5jkF0ax
yLMgFJR0FCPGLuawaIz9zitt3Xe2vu792dsKAl0k5tzTACJh53Rxd3tsd0Aj
sgzT1B67YvE2qgwUbEgnnGEUJzpdfETUi8lnN8XkBiMf2bi/wevr2zBcjIuP
0fIe4UAxMhIiSa0S/kwB8CNDOsZoy7FntkKAqgAVIEpYCb4HUGnFLRAEi6o7
j+vBc03joVFCi5Ttk4K3qzpFcLqlXmeTuU2XJKmcSGjauuahNYCRAsbhLF72
wT4ZqwPl7IWRsYU6s2/A2ycJ2xQQr6Jg0aHrrXA+KVKjOBhUDoKpUdkmmxC5
EpIMzENwOrxJ1uQQ5+kqsMlFDEqWO8KWyAKD0CI4zsFdhPG91crHBrj/0WdG
7tvPcnD2Aq58gM//ZgeI12/56QV6mj1GYFegyKH1vMmK7bGbYcRI7qPOMHku
oZF4g90xh1wy87bmbR9WwWlc9uBd7pO/drPSS1CH7FGHMLQww1HIzR6qnRLn
38LxYglKdPZO82Z6hTuCoWCx6LALIE2yLgSbhmZeZ9eEoxWO3i5bSG5BOh7n
EXNICi4lQqFZMbubFgtxlWq7KVplGCnGuWEEhlLfacto1BK9PdyBl7qky6ap
UnnxmzclOQ6uiPUoxDYACCKrVb5uCdKvjVx5iSYoSIlRZksrJoJRLVmDZQ8h
fIgZodrecGvJBntfwzHx3EsuRbKRD7NhP2nGuBMzdg48J7K6t3ur72QIDpTo
dpadF0kT1vgWAzp7ahCv2D4sF9jfRCDQg7sX76JcRXDGpLM7i7jojnb+drAZ
Z3WKEgpFNbfBjSVFS5cSQ97rBZPSn18febwqUBTYjF+IZATTuvhdG4uFr5KU
zWOyLQ8sKuQ0rNCEZtTP61ruiWJCGD6mOJuhOwZJkDKBdVdrJpIdqF6Ge2oN
ZzaDo837ies5JgQB67vRccYeYb1GK+48zctbw6ejU4YSMzPRvmd17JNFzgrJ
aoqmIMCUBsGvCAvfCQZ/3wEffP/puM9BZT3A+DQZERzEw8lsaEMKmiX7agdb
hjObUwECsUBnG6ZlMHmM7hk/rw07/SS5gFXnCA8KuR3yHOTdAffUB4jkn47Q
2asptgbQiTFzhZR1H5lFeiKfcJ/xKAaWviXijrlG9Ygq7ptqzZaKH9v2Jxwb
bFkuFhlCiKHJ5RI1qk2qaMpEfTMsGtStBOkTMSdP+JSp1bTdnUvorNxiJlKp
aqTWLrv4S1KOHnbY7jrNetoyGObErPgVpzixU6b5pDNvBl8p3837z7aSzzDI
ZwGsDNxhkO366jMOsE4mZHstaYnrif0q/G49GAB/PBoczBj9Lhzg3j88wPog
/hNuqPmz3pnL5lGnuH1b82o2c8eIm7OjKBeqFYs9er3crn0ELvLpNC3vApHf
z8Z2QWWXi9mIBC202iC12FI+Xo9NeaabhiKvColwnRNP2EP2Kbxa6/hcD4m+
QYdom47RpVQgJ0uxYCksq9Xo7sLAcK/bq+41qmEu2xQrWortw+5amEWcPcC+
Ihn8VgmNKKD9hHWKj3Oa+sdWzKxnPqLz++BAiO5EINrYa5DyNiqzMfyZTlBV
iu6Jo12psIgBymI+xtoaMqyX9Ns6Pi5xVy1xkhmZp1IHUJRU5WRagDnTrpy+
ZO1U7NyPXc0TDKetOLLW1ZepOo52o8zoo55ERowXGTlGeNfXueHmFPyjC2tw
HrOt+nau42PNXYCwonzCc0845kY/w3Jf3H8hpizYCiVOgI0M/HKLifl+AqU8
OJbHJlu3ThS1Eex7cVO4GwgP+yGrEa/ZRFzZu/cvhUddLBXF4Mbk3YNUv/CB
gMPB0oNLcwMNSCzmUFQDRwAWKn8ItmAjrKFkB8XxMZpc8drScG266s4wOf33
BUDqokxHbzLcPkRt2phmo4Vmc44Q8eaC7P638xRz/0XmNJQNRFLS/2prDo3I
cs7ne58fK1mBEgM4bBjeR/Lb9/r/wHnf/0mly4KLVqxHl2QRcRH5iuN+9+fm
OJ9tPU0JwC7hNUv+4ROx9eh9yUAGfDopoClK/Ir7+kzjPLR78fBbILOxvxjn
YCTeE8OTt8vv3Hq+aRkHa0ZlywZ6+I8On0HyM+nmrmRN1SxZ48PFW4+NyTgU
f4NUwGGXhVZiO8b5TPv6rPfdv+fAFIGFQK1zuz8nOf3K9/0zjeP0suU3AwOp
fALSPPdVbkZzoH/8e3Hfq6GB5MHnnlcjHOcfFD4WX9qtStZRT8pTB3x+G1ER
IuOFAHr4DwwftbulbLmLHm6gDk3y7CNWnOciqlng9lrX85n21TAGaGnUxrx5
l+R7801nsvp+paOxffFWPJ1pw0vcehHR3hiGqYUaPMr2SMDPjk+ODl7t/3Qo
HiQYecA2U5t/kVYDLg+ZYdCIUnzFH03uZLWQRl2zecbovFJkh6hOOibIjwTi
IAKxeMACGi5l8USgdV2E9bFmZ6JmeolRdNEQQEGUhFEUyaovNlvfE9YMhnPP
mHNAqGINFwL2m/FoYFcjHjkdrpTNqkWpUgrV1qosnRpdsJrcWT8DOAnBJxUu
KthDSxiTLRkI0feo5nXFAyaY0Y/+gdQg06N59cjhklk5uDVjAPKpYQQRjQ4/
gW40KSWCekc6xd2BS/LNjDTY+IYB7lz/EgNJFlVyWywmYAOps+m8Vp5M5zAo
oMwo+xcvdEQDlUdA/jdLsrSc3AUo5DtDwXcDh8suSHW8/WRhgDqBAzDa81if
GPju6GIgD3CgNBcHc60EV9dpWIDZukvNEuXSQsBP5UK8OrUeJSErsfCTTsIi
EQ4RruSCUX4tSqKGRo/aYF7AwL1hsoQItDFmNa5FEzbiNZ08DSMPrQTGlot7
POPIQrQGkC+LXG8XGcVWzsG9OW4ssE7fZNa6aRcaL5Lv3x+LJ/EcHHTVeUTI
1Qe1fjG8KB45C/zmTX+ln+dsrS0RDoa8LagLS+YPikwiULkEO4LKnrkfJYRU
iGmyaoRjt/A5XP/X8KALF6mCY86s7hJBiqZP82sKzslnWD0ltiSOwNKOU3PF
ATVi2YEq4Sm/DPzoRF3SW6wCjYEQtsR1Orr29uHiJNp308A0qBmcpeMGfP0c
Hxi+1UfKMJzFXu46G4tdRIxyQACd6VlmlKvKZBF8p2ZPVLgWAiKfH78OS9G6
9C94QxX3rarFVMiBPwQaPDFy1J0COfl/PDs7EfjYmV1seYZ3iyupOoetJhEq
nRqd05khpePK8DODOcVVsaiA8v7L6fErrk2w/RhyerlkDefFu+lxv80ooFEx
wy5l5k+aIKwPwcbYKvlquIXr+Goo+ayURTxMji5pGRyWzFji9dsJLacQRkIJ
2246it+F5Mq7YXL4FlLFXOUAqfBZeQfjQu4p3N7aq70IN6iVg9TKGR6C4Kpj
luV6ybsHIZ+V2joej5aEVX8chj1LiVRfTl6Ln3EgaMSCt4AflWbTmB3euIEV
+mqSSVG8MdSmdOrjoyFUExiAYDPDdkWh2KbEA3MYPIDBf2BIv2qImJHHri1N
hFZQlc9TVBgYNlSoimbgZzy1fGQYNy8nzm2ai95dtuR+QFJBWsQI/sqLYOOE
G5kWg51smV50EYwNCQF/Dwqi2ndpawavlpNrsHn/dDVU3j8N8PigEFkcCu2b
1YfZnp7/5TGFMDqainV9Tt1N6OuZIbG54qLWiVRkceFPfMQCSDrG9f1TLXW6
p0WpPzCMCtfyY445Ahh9JhIfF2z+eabCxRpmgeDEH1vqRXuCiKGZ3C6VYtVe
WgEoP9Nyyku6yIxoEvpcKCpgd7i55db312xMH/u0cS/ZepZsKJ0IOsQ9hJZO
PXr8JL0DUZa7hL3jgINHAKdHyVayBzczxX5faTXkrUAPSyrhskbPf4iYGwx+
gGA8yN5aY0Mb6BMuT9GwPUyyy5osDwYxgduvhJm+pmql3VSHGZLsDORwSQy7
YhwuPh/ei1kEG8GJCiuvpUy69dDrGNUYgfJ2iBeZAxQ8ksaJ1UF4eSPOkWhC
1qyZ3/lWmdUlFkuP08U0WHSfwNdYDUXM81BaXQqqSzWMDxSU3SI0bA8fs9gA
v20vIbbNmgNULU/E3toKUmJ/Ir5+UgLoahtMqsQsTLgiTqcKWawEJ0BBo02z
oN4Sxb69NMw7XnvMT+EMw22wagMuZx5sLZA2ZGuorHh0Mfnh8AwsXN8fnh38
qKIWbS+PqrHlgFbe9/QMq7SXy59VkVVfKtTFeR4BxVtTRa9cMGyVNaGBlQTF
4mcFg7xUZb+MVpJhbsWlSDMEnjnR06ic6q8Iuzzi9pAer60eZ8SyMJdXWgd6
Z9SedQYRmWBgehVjjgrRQIV0hDIM6oWk20o0qhIBy+Wug9Z0HH2fKewA1oW9
BLCnIPFd5IlQ3CeBsJXZ1dAu4zafTGx+I9s8uqh2I3gZt3ZBJUoNBS+tAUES
Yrp2ZYfgmmOol6lKc04t8LDojgJ4riBApZQzhW6Z0hWbNAGHc7aa27pZweBq
vu4J0UsMASvBngUc5GEZlwu+SUuzKEPUMDTJoHRJ2+yYa/nB/S3g5GX3wipX
bz9L98MqHFfTtdga4OvzsuZE9K3NHlVNUQqwwRpR6tuvV+UhobV7Saz+QfH6
ENUUbusatBCDDqZY7oYSpZytWRim0xttbyShImTSUxFrQbOQvraU02WnBOi8
koJsvooG++XpnGa10sY7M85C3PW8P5XVSmKe70fWc60LyQRptBSaZY27VEiP
5ZKK+L9hiNHxre4I5QiV7dFLjEnZZ+5CHq+95CIhH+w/4xFRh2cB0dAsyKOA
YLmWZSgxSfgq7Dgq9bn8J+tQcqkQbb18kDY0iyPMIoWo/H1MwEvRuo+/Bvuw
gaRhbmfrHijbUxfyUVbv9mjVj8hiEMuPargj1cQchkaQ84zzPyg33iZcOjlu
x4s0TFzvsorqC0ueWUXlyMa2fSIDOa39roquJlQLtuiiqCrKmuSVQGXdcWo4
Lq+3J1wIjATre4koVmiJY7kW3XJt0dxKvIckqaAym90JiL10pYBW8R3iyosw
FQKeP5bKdVqrIiOGvwjgWlYi0xngCr1uQX2rnOoFIcpmEdcSHd40ozHlgKIg
QVZ4+0rZyr7CMpddB7deugqftNoz6b7KjrgYK7+4qzNm5X0uTUkck7d2YXSW
8o5e5E5fqZiry/SO2P+lZ5iVSQgYmCPPLemQhwFhMnifTZL9o+8HJz8/P/35
+eCH18c/n4DX1xeLcQiWAXBDma0IyXPGtcUGokdrvMZ8xxvHJ2dbUop5XQ56
fQ/vW47yghWemiQ0y/GwFE9wnIoccfi9yjVVlnmWNvg+j8EFYztZxhO0qeI1
daf0y+TY0jjkUXflucmdXswyoJLg2pVKf4gd2CDPbyAW6QvLbC6QFKV+h5TU
BHvYEVsdpa4q4G9aZSr5GIrZkWg/L6CwXkZsAyu4VBmV2EUscEVPLnRXTcuy
WXR4kDgvwSki4LsHhEVhh9h2ZHFZfvi11qsz9CUw7lEDKHcxCOE9FJMCPcg6
Wpuq2YCFj6j7jfKqAfUfgEC4RgsMF+wuasQB8xpdujCeezQeTyTtCO7jD/TC
N2dFblZ5BlTlu+Tb5E+/Sf6kPvpz2Dzjyy9gNi8cICQvtioUgYmoROUeRXqS
/GJm+kVP9cufXf9z9DQG3yYZWaHDEocYtsAz1eVdTI2I9Z5Hip3dIsCWkSom
3uogXWGhooEkejmS99Qw52jWel0AB7cptuFmgBgWF/8GN0iRpI01gM5az1aC
4pasjuJT47s6m3ZpnHSlm/nesUUoEyfY1cwK4JOuJSxm0EQvow42V8LdCHte
NzRhXbajnV8idfAkxdyQ5ZG0TSSw4Jp/KkpfMgkBjyQvq6QzRNVRHC3VEHFd
AGzxa712OEmDG+VA5Hslnnt+PhcTR7tUNci7D7ypnreaFbBgdoO0b3CwYmEd
KD6LCyMSCqWUaEBIap1aeReWtKCFL5C8DuSq0O0VxYqiREs8RrnEKwEE/slm
19OmraUdbhGUw3INbZOgArs0yS02rKX7Z9cOQKTLzxdctZ0w2oqDv0kOsbqy
wM0WPXAnQ4WBpXpZeGY4PPj4yUjKJMHHkJm5GMBwFIb+K0YRKaudu2lmVFmd
+Rkk++DZTDY2e3skvLq1UhtwqN1FPlCPliZctZo6X4R3bt+5S4uyWbPfFoEG
MzC6ZLuL3Ni1zueUDbaxFV2uOzQox49upEcKBdEgzWfZVBg4pK8V03DNhuGQ
eOdNBVtomQ5ma5ssllgpW+U04WRju7lT7IVQcjjR3MVCw6DNIC/PQOkRPdt7
1VC/n8+sCRqrOQhN5JR9l9jaxL/VosRkY9DCJtnY6dgVCKJ7SU6dpyod3i2t
NCIT+pFwOro2MMO0QQAcLgIBSxTQW3V8gZeAFXW8lgYOmxwkLLBqVJmmSLFc
9oFxtFjZhEVXNu7AfLgVXVnjvsfHo+s9VOq8qB5hE2rewbygHl4bu0sQDsuy
qLCNX+U0Xhy+PDw7jGwGW5s1Vo9mgrRFQlFXEs1BMD9v1m2xmEUvP8opXkmX
cZHRhZ9lzoC2lG/3k2uyXkQGkE02XC5tNWhFs73f3lu3HQsTnIm9UdfeM5JC
wZGZMI2rK+PGQ5qn2hWFUor2VFkeeXZt3cOvItysauGCXMnfyrBgfKfaAOSA
JfJY3FJoCgr0MVZ5vtU3/9nuQ/tH+O2Vimok1i4bQVmzAueAkZwY+9lY43uk
CYm5MA+tQLXIMHumgMdWi4ir1d8ivJL4vIZsdq2DB0YZU9CtxWfrrr4i0qcs
hdsH7bdBcAdal+M5sShpiSGpVgQS5rBEmPyzD1H8PlzY2f7XRA7o2rrbb68R
JYJRaYG0FcZiQJhcfrUoU03r2sVQEptxB95KlFBqfq3YVtvm329lr12c9UxZ
ff3ik81CsqHvBgSwVb3idjInTIbdtlyglSj3PgogtXCml6gx0lkAUI/njjlx
Ba+RK29tK18/sFb68nIEhhu+etFJv/UMMewYZWrIf6FZhsfQD5h3ayPoJl9b
9PWzq1Cva60y83US+D98WuzPB0sw0y2gScPwAqpgqC8G3GGk+Yp8Y179bxu0
EiQce8lmn//k+7SXbPEnLPntJdv8wWsMFN/hv4iP7CW7+GeP58STPqeT/jb5
UysYY21g8d1BCjHwFMsmUBQLnxBhsBKRncdmzEku2dXCEM0Jop2z14LFDhLH
zNA274SdUufcYw/jzck5ndT+ZaJW00TxkKphi0wmfoaSGMklT8l7GwR8p8E1
DiJVsIRsL3C+Wm8eO13fPdAZMnL9DFeGVq+5JB1AVb74+22NpB4PnwaBlEEz
qZ1ho+uRCB/KZiNuNfZoHc0iBlVZi3VgIoPRDrR1c8Vzs8nzfKaiSYefNiY5
19xwqjQf+1qsyb9Zi5Z9z6qijUvIyp2X3w+GjTpkh0mCxZowutiZ4c0lL4C2
sRlVpBNNKX3OyJSvw/7iBxZayUwN2deuqMCH42dnxeM/AM77f7Q13Cm2j+Zi
4z9NFsW4J75rSPQDOafRJM2nlsmqoxhG4SdHLmshE1wqInJ6JeXcz/Z/OH/1
80/PD1/3o0Yf1O+Cm3nw/fnRC7tCdcG94DJDTjiorBnXEhKXMBCcLv/Tnsqe
8ttTH0k54ewmhwKsgMZXZTq/bvR6XnM7XFPbEngwGLSF6uzVxqju+aezO7Qu
9O0nT1yTs1EtPkkDEQM/MhVKLHgEdveHxTDxO0nbjeExqD01ViDJPP4SzHjf
U8xntDm1haSLLBBZTd0p7YG1XlU27SmZucqmKZSfCtsttUj12r3amhxwhgTo
DEIjLykcQ7QvyG2xiY7CC8Quw89XWBsrrDQqIxATxbZsks+DSUnxK7sz9OMq
uNqZuQocXGBN706qPTk+PQulWdVgNJH2p82sN+ju0J4DrvO+bfsElmQlYZRl
xLvpFMR4jH8rLgfmHwgmzkjI3zgpTnrYCJCpNk4LMTXVdfrGz88BYiddERsc
QkGVR1qbV2/OSa+s79YoGETgjLPQsL/N7g6l1Z+kU6mGK/jkluG+FJ22s/uE
e3zILJEZDNirN0f8uQ6TPimzU2j/OcZJzSWplCpDy/kxM0jdsZAdBv0WLASJ
sXB9uYQtnhzxtcGXAU6/VoHOuExbuVYHeNngVFSsVEZNcBIWCxE8PNaa1uww
f6dmXTbwUfbtMTZkCBfFAfG/5sgmk8yc2rocBRLZaTofNr4HPLR/J6/OT8kn
LPqgmHASF+QFz6BcEs3HJ/+77OApengh54t7PLe+kRiIj40EgyMPk5cp1cnP
Zl7qtsoNdfZeF6yYhdtzO0srylMGnQwuCmQ9ursG1dBBRSnzG0gLhUvH8Qou
FmpItis3r63g1nXjbNryLEpc/FsMx8o9W7qPFZjyzmZPLBnrwGvOYeB10uh9
ebGB00jzHDpxC0pfKHUjNnL1W+5I2EVaDg46/LrWmTbXBiUlnf4BpmkV1IoW
VomS1c+hee3ObS++VjshOvfmaCAgK4l5E8J4dnoRI4H4dq1bXeReNwkpjes2
QBs+TydX63R8mBEPuESiu5XK134Pf69B4uBiOhMXq80X4AxiYBWTKyMY19dT
241+Dft/79vPRYwzXP/du6P9V/tDeGDoHuCwj52et0bdDdc5VTlMKzmigEwJ
SaDVp6XqgSS0GBYzSufpRU4VWjkyQ4RQu35lWDIbUXBazMasvK4dqHE0bD5l
27v+ts1d/lttHb8H2oEiOL+EjYddn+iVQBQkOlkNyY5tMWMp/KAhHQTBt4HP
fD/E7xl6jy30oETp+eW0XkecbiL0y/Qim8Qn/TFL4YhPLNhbJqfnhu45XsRX
kCs5gmZRGMRF9mgpXZkqLa61qirBC2+kUdmxJauRArWIRL5IBKnqh04mzakh
F9cggtxYdbYjT02PJCfbZ2qKMRau8wPigZkKfISjZLQAV90GcjkWws12e2x4
VwBglaRzxy7SF5H7D9kF0Wnoe/WHs4oyFsxvhtkY/bWC/nTw1cFpxQFjT3ee
YZu+fx0+3nyGJYQpyNhAntr4PdvGJm44TuQRZY2tDLE1+uaAlZIBPIldXBfS
ThG3Q5VtLoh58la5+HwqMgMeyR2VILlTYa6UPZ76CQ5OUYrpNNaZRe+0hFmS
POKi9FwVAKoVGmOlCBNXOM8wFzGXCWunUIADryDKEZi/L1Mv64oTVnP5Smpo
q7pKCKYV6qz4QUKVY/ee3OJiTqBaruhV5iwGsA77rbKok81H7EDW1u8bgVDb
FZVNu0ttkZGcIzFqSWWQ3FflNaXGyjMMBMSjd4kWZTHJLIe0dZLRjTQb2L5H
quOcX/wKEp/ZJu66rPgphVykYkM7WyJ1tqpEFV7JpUi08gj2rPbnJn2E5nws
k9ScHhVTNXtbNporQWVH47Z4VK5ap3eUmYI2eZYLoD8ISwZXS4pXZBqKLtpy
ApT7psquxE4IY0FyH5bZQlI8hYbSbqOqWFmj7IK2L3qVCmI2UPa3rV9RcanO
UO8eLv4JhUaVmAfYl3LJtBZXMSRWVNoZUsyodnu87UhGhRgmdp49/UrqUhx6
Nwfb2JdvyORl1vbz0WujF0GzyJOzo+NX+y95NX7JDmmu+IyGfM81v3nM98mL
zMWivE+OHS5QXwmvwqH3p//XAJ9W18V8LWscoj2Lqm8Jn1QXg1sJNaLgleDr
jr1xbYZmIrqIG9ANlKlYLwnWo25SdGHOxhLPDwotrXY4mP+Hw7M+XccV1/AI
+HEVXwlibWeV+Uh7HC/eNnIT7SrvBapHs8W0fZFCFqRaDxtmbVHPJRBdccmr
rxXI/6NXxy8O20/ZTRjL/0Keoov3J3Y0QyqasOSAHm+BQ8YDdzbmo1UXjWjx
EViBq9drdfv0Vt1cW8fSgK8H6xHDpjBEBmI1ujbKL8lCXEPfK3GVUoBqa2eD
VXepilkKkn027LFpI+8tOY3ijX3uo9EXPMMNuUk8xK8job1rSaSo6pkDb43l
CNxQYtSPVtJR7k9sYvcxuYRhhEXg/OAUEqx5AAN4kwbpEoGoDSkTShyBUxab
aVvUGMkYLEcfBIy4s5jQ7nCr4RLG1pFZWRalLc4QNAEBKyJZlui5gfKsq4qO
UgDGKn9lYeRxF7cQzztDjwBlb3+MeqLjy0Dwxn2AIaCyVTYt4q7T6vPxOlvd
lZH9YFHVZssntGYjIsCaWchat7cH1IkBjrKOusxj6/r/F7bopc2OF1hOspEB
69e5i8b7pGG0T1cD1WFyypFFPjFBYiSegUrQxE/3qLgmbRi+Oc6v8ho6YZi7
mKJ+CjxirOynPPDQa1Sn081YcbVqgiPE610sH/EPWvQtULArs3lRgVP1Djvl
cEucqm3DZTbK8huVoTxMfoS4zT4ESv6bPalGFURlwfZS/wprHlnas0YZuKUL
YAr2XBDJLxcTSU5VnhFebLPvjpMmrLmKrsvm423szEoXXZLD8BX0Ezl+n6i2
QmQ1v5Oy77EOgFZpEXyx+r0OQfOM1xo1O6mwclIbIhSmDf5KhLmlBwtU/1qh
DQu1WcGf5bXG38ujVCad+uDY+meg9EufgO/ef8SoVFReRhVzih724b1GbURu
wal6Jc9xqqWVzh8w7bNbJXrnl5HAwsS2KJi6fB1dvxuVWK0viIpRpP60yq+E
4VJEjJq4F/jCWzLagpni/vCInuV8V9y5rL2skcdTHnLZpTN1R0daEouWDWCO
KpGy1pUpaTloWLjIdMBQ+5X0ABMWNziq7WAcIM0uS7F9s9uVTPaKtcTim6hc
NwsKXLfC+oudkmzjtz82jZEFClpgd45rM0lc588bQFxl9TkqsAyM/T9qWPgl
f/1KBHQ0Kq0EdnWbzqhoiher7KzlbTov9jJl+jtMMCUeOgBLUrT18OFxvDrW
BzaUEgxeWQNbqML/hrwDlHtbi5Ocs1MInn+ZLSaTvyQbm28vwSXhuzeVcxaM
kedGiDN/rEsyu5+bL9fWgGJRrmQMUAC5wJpw6WJSW98MHsIveFrre4mnNIRF
HUgytVFO+Ca+6A5+NCuoisGRruThBQb8cn7QjAzg/FMvOODg1w8O0DTRuT1S
1DJkLzANmp8IPek6xsD3yzkJWvcD47yYM/j2q1jyGdgQVxKjYD7Xrw2h1ggD
WFeHto6Q0p/I+rUTQ8cHfN8R59Xn8eHSn4P8ue5vGhC5zCbZTQrXp8qlTjxy
oMltegcBXDVqIU56FU1kNSkYtXHuKwecaVa4ogl5JFrNrQ90k6969/P5IJvx
O4wmtiqubR/hrKzWoMpVHu/ECuvH1fLTWMpOu3QJuobHGQpxDlX5guU/6WFQ
WRiwoRFcCldYV9KBwx9wGnu48e6Bvt8kmltjq2OvEJ1KBUWKkRFQKM6G7o/d
EF6Yql0Tc6nbnqjMSJPq3rHE+HJb1PiqYL6I9QR1FmizwFRCAaaQVWVDamMT
llJ/5WP1GOEc3uBVDeUGXavGrrHscesDaVQc9iVm14rBRTT3nKeuMigMt4Kz
2RhVVaB44LkWx7RiTTFCkdvaTW2nGOPujsZpdeiaM7ck/hebuvBRdIKraIJ7
yOG1jWNAiiinit3goTo/Fi789Y/j02GUTiCVVgFmJXOonqwvpYPGi5I0izlw
UJIj5UEpYFnwhb6vLsJlCLujUkFu4wCFyIVZrzr2FSCrJXo6foIWKKfrnG7W
NuNiZ7SLPqyAOWNvjq3Nq9w8jk2q7NH2VftdDrTgvYQwgfg8ui4w1a6oNV1K
r6BmHUY/r0CZ/IJ3k3ya1wyTv2YxNG4/HV4O4uzYUN9CASBe3gQPo7Becz3N
Hn7id/hpuWtKpDRYadjKXfvGHbeoXKUxztyEOej1RvEgI6Lvbva+biyjKRzB
eAU5wi3NX77wpVN3Eu3la/IpcoPWeARQJlqtvzRhG4kZJJcqUm2LgXpjTo2m
kc+7qGvQccCFZQQF7HSqrbchy1I7b4GKWaHcewnQYm/A6M6gdDZ6U7n6pn25
pHArMdFnwZX9XKJyXgsN6iJWzQwcX+4I21+jjHYCJBPVN0cyJT4kigPvHoAq
IYce10wUonj2kvasgQyAi2XuQa1SZV9YbPV2wpSJ1fNGUDRglwqMJvuNmcVN
EtSVEZEduxWQG2e3F8droOsqSwUPCYTnmQO80Twps/+SkrzijxyoQroEGhfJ
He1sp5hOI72uO6gwr5rRKi0ExG4aNwERyWCoIk4eCuV7Tsxware18Xt2c5nU
jwlvyDbb0BJiA5srZOOeV7Mdvm4JZYs2KuMEx0tBu5scMEQVB2kLf79GzXCS
Z7YnHSZrdKTMiODkjXgbpgHCE11ZLJ+QwIIsEQ8sJ4b1Fuu+l9bG1sR039DI
RsbHTzYfSwG+xxLUeepZYWUWnkIdMy5NLuIqfglpBmU5LKazva151RwhlQYf
m5X+NSuLAaBQfW2Y2M42hl7inzb7lOw0zlRpITKBEOBk7fBfT45fnx2+Hpiz
HJyaKz04ELTUWfkDI1kEde3rSXUuo7UlmlFdT4zDTm1vOqx9Z1iad4KPt3e/
MqMAsoRNqeSo+9LPk1Bud2fTWsH+0bD775k99em34MnwMd+Dp7t4Kn+ve7DO
GH+OC193NyH8gu9CEtyFdUggoM/W/zPcBT5HhnrHXdhZfhc87TinhkgQK6CU
hVkQVeFxKvHRWA7LNtoWxiVYd35qHTEwELziJR9oKyBJmOQjxoqDXh17s7BL
ijn3/KmkAZFFENoUviL0s0htdi3Shs5IMmoIeHSkDP2DwFFpnYKqBsLPc8wX
AC4eU6K8oOwR1Q4h6XRFHxbioTgVrA8e9u0fS6sgrsxnUOrI+aucdAsOcqol
hF0km46eLhXKGmClf8w9NCkUf21ZAWsCiMhcTUkZnRIgpeYzc6ZuTFvQxddc
wxoMDo29O9BSGDsikhqMWlJNO/bSQfdL4nBQwmvUWNTYLHgCVxdzxV+n6LDv
ceq2o5GG0HGAEszhKRE6KCcQ0KN7bERiLbMROdOQtQq1dcHkhGCkmDbr+296
bT7K8qDADXoKqSp1gc9iZWqzEMAEI7FcLbGeShymt2luMW01F0qZw9ydAMy2
H7jVxMnJItwC3Q5VtAJbnDwKvLz1cNn45ZE4QRzOqFCOHoN30QGQluNqhRk7
V7jHk49a7A2ydL/+jc8zpISthEPkVVu4A0IAuSKbAAKrHTd0sBx9SdjDIFm/
elOD0xPZKUmYPtLZZMM1jPE7P1lcGAQ+/y3GBp//xAHWXGn2aS/et8cPKjRD
6oIq5s9QWR7Qp93L8gK82Ydqm4mEFm7vSuJaKffDDo9F1sTYqADO3bxVxr6D
dkAqEqgMuI5TnKvlezZHG8PpfIfRWtebljzCItDgcqRtoSkGyv0C5yDlnmO1
/yl8DrsUYVCrl0EvUXPsfK4bFnRXshFIeWPCDjx0kNmzY8ChGlzzOpLtJhun
4mjoDfWjlAAbNC9TRRD5Lu4f7r9YyRugayBDTRC/2HAzLxs/vX/usbeH50AM
jn7f3Ad9AY2Goeo5YejvDUgN9m7wS73OkxFrpNmJPUpv6jfNSZ1Hx3Da8o5y
ghQKpK1j5eNVjiLEDykg6oXSe2MnOmpJhXdSNPGRKl/+Qz7uxRPT+kGSqKXO
aNNzYzqMb0GPMLjc3k2dxo2wCFSVxCyuJWluWTMVokQ7vQb5OAWrenk0/iQa
srWEhjirwDokAmM+/tGLJbJn2C9GVDTdkMQNDNPoyh2NHnUNb6kO57JjYiYj
RH8Zeb4ZZdOMlMHRf3FQ1PEWUMjqmaI1SBfc7mU/hnUY4UNbV2L0xJZhoYBe
rPaEDm/besSNjJxEHOVYjqLDd+mCbCbg4q3zaebqwUlqFiAeneYtci+/2pVX
hFSPhwWc/SQf8wDae+VvLHTibRCORPanN1VEpGLCAC0hN6q3BEffehzsd62u
4WwNqMgEQ4g8Td/m08VU7JRilRHUDj/WHAOjw6wI4jORfjLNZwvoP0+4TvqI
ahBKpqX9w9PBwcFPg62vBl/tDra2n8KWAnYUPVsiGsHizeLspnEHT2jVijLY
SgyfQhO2u2hC2L5raX2FqkW1ijDYX6dOhMObfS60nlOhjlsDb9vnyLP69HWd
gdVKKkA8wj9yOQWyUcle2MHkSJBIZ2QCw6iIz11yQep1OGy1VUw+BVt3VsfW
Vr0fAsyAatkOfqtg6+cWB73qO9UnwWR3dZioUFCRTyJQYhA02T6VtbEVTAIR
HyqWc1kkJeSDvChHf45Fchq1dlRlVjRhN4rurFhnJ7aXe1bSaVDqz12KaNgE
DDgSQKT8laGzahWizwDFX7cekRgEZotps/9xkJzutukZB5qOerQ5oOJPYk5O
upgP4mBwkQxtNw3MUBiBY90XbVCoZ2I4gGLB2IbbS1PRYT4DTLo8t/aRc3Yc
tr2EuHBtbRVr4E+it8/Jq3SOXqWNk9fH3x+9PDw/e/6iZ10wbY2VaUpx0D2z
i6dEkLaVsKQHKSO/cM6IImq3aeWebIY0N8R9eVZJ+0dhT9F7l05oN2yY3c2z
rPzlHIvIuD1SvgsHhyXZDVRsvBRIeIkkKFRj3xfMMeiIHgxr1TVglTebHruU
WK8l1YUueqh5mevewv1+SonZB7EVRQQuS6y76lZFc3xloQ5iHT04cMAvwcKD
ZTQpx4O5ymXuwi41Gy5VX4ElqHPmGSkqW8rNAc8J3GKA9T0BSyTCSPhPeKqo
bD62l+nNeMSukyUX6nNXYCDP6LK+rr6Bx2DEFZQljvcLUdUaOqN9AQJPfQBQ
Zk7XoTs4qet2/12krOa9+uUc4LO8oil6T37ltCUHCc9l+TcAByK/9rXZHDYs
fEBe7+qj4gCtlYBHIZJr74c3Ky7USR1evN5Kzjsv3yGypHg3vlYMjQgHDt7B
Vd6ymEz8Vm5oG/PIXUkT64RdO4GsWWisi7+stVz2kE2LJ2dra7gVdg+XLleY
HNgYyXd9HJ+cPetRWeTZHZcIc6Hr4b46DH02qpHfkdIpkdwxXV3goumCDhK9
AdCbvXuUyCDltiWby2ZsdaV1fXw2F+09ktO1tdmZ1KXiMShl3FUkVxUUAi+h
4FI6HmvrrRAwKN0HmLFSQTd2aENJeisNYMqWZKl4pZIMnZxwooCWHsTimFJ1
HFujiLqJQICTBfEqRZ0cObJWDdfMweuCWbm5nLFeTNleVJ1NArEg6Ep+8Uji
dVqFo+sAGgUHL82tM6GjaS8DGo6xwJRKAZ759siLVQIvbKiCCr/Jx/eLvvna
sP++k6b6dmkegGwmEy7T9n7wCrzEw+YlIJ0w1dxODlBw7EQdtX+4raC1M9WL
OXUkk7bEgit9V7+pHxrS6YNZdmvt+MC45Fi1g8RF/UUxLuCIb7JsTtYeL8lq
Pqb+aDeQz5NPM9VYAw3NgVNrKeJ29M3ixAlwbkn/NLis/FSZDZrGeVQTR8XV
DFsyO3EJfr3Jy3ohMQ7XK2SUoYyFIceU3ztidFIz81oAVpVboUdOkImrplOL
i/uQFqFfDedUcHUl1L7iGEXniGgGGsESOwrQHjX7r1nZ/SIdvblNS9c7Kyjq
L6KqxRNLu4OWTdFqd4SgLk+ocNH+gvCatnOpBUZ/SeCTo9mIOIaOIg1uoum/
bFfm69EVmOE12yUqg9FBQF2MbFdg1huQVqkI0R1WqTmmtzIhrbYWQydJceRX
5HWPzbt8LfaWNbO1uHyTL9zGIt+UhabRtqmhLbQyAC1DbUnBLo5QPcSYqx8N
bkxgjRynSrFNIstZDIRwpTuxQ+wONzchMGEsLKYXhvuCxLPbEyzzA4bD2BBM
O1d5Ln/TiDrfbNGaaf/5V9bvXNbHxMeikDWzcZEKwGC/IO6LUeFsnR+oCJgl
qZpyf2erBAlyPKBL7F8lMhAx5qk4jGhpyzM2/xGP7l4xmvc/MytNOBSpC3Tj
/c0COL1l4OyVSw5dvojq86yCzrUZor0cLagbUa2MJ9QIW+Uj30U6deKwofqG
OlZr9aT9FUilX/suEj4BNgQs8MStyAQ2y0pqSZgfhuPpkNFKAkutym6/g7m8
hi8tORlo+lUFlELn5XJLHArWzgQXTCQWKr/glbT04QDhzExJKjLIKX6seUwk
scyMboyT790yeHlVbPPyXXcGsPBt7gLn1U5mvcbOAwKDwbXeisIL2/4apr/k
YhGCCVBViRq+YKEeFXDMW+KtpQsnmNcNamBllia4w8KPgeQAaSjmrcfDzZ1k
4zQrb3IjpP88swEJjSsBIqK1ZWDZw5ayd2018EGWUmI8kpSSure4o5gVOsTG
hUfA7KjwkQxnV+X6Sge17dgB6N1HSOMwivIgKASrbmYY1L1i0VoquJt/ZOVW
Onyf54eVYQO/5m6ysfaq8MJHxgZFxwvDTgJFY82WhMXybBy3eaxbftqeCFRh
ksTR4wvRzF9SMNqRKvTHqsgPZKSiISnaPPnJU3CcbvbugcGQ8o4KMGriYbtJ
aFZbRoow+9U1bKU6jpXzSv9eFHz7bLsJ90cAHyk05qj1+l6iCkbjGvmONdpq
20XEiupHyVKjeH7Tti3jC0NIDnV3KwktcMEf61f5eD1O4CV2VQggOSII2Coi
ls3OXk0dzoz70EPJgF53z6IpUeR4sL7qeEZp6nGdq5YdaOeVGhZ2p0CG0GGm
bK3eYThrgTkWPBevOnzkkKDid+yIkCTduyA+MiS/qrjL7vSzARFNs7vkBYRK
5Ib+54Xyo2vThJ/zEdKSs/g4TPFWJFH3a7XMe2LxzQVedM8WYEojD1bNKWVH
xKOVq8LjnmwThFYHOSd2iRCvEZBG7cK2z8WDNuJvfkzMBs8WkRNaT7CvLzk8
7SG0b/v4KNOS1Mq5Y6g7abYh8hSzTJdW8lZinWG2sgU8TVw7RXeIDfKyq3Py
SktFZ6kZhE37XIaDKjhPBe6oyLwWGaiwCFSwyVZ4zSmG9rouc1SJVm/bC3BW
kTnCxSi0xhFhASHehizK+iBLGczCLOOAYc89A4almXMeTe5kOxl1OpROPS00
8JHUfBXqIyUd06Co4wqKnoq/sY64e7cXImoVvKbsgzCoLsVu6bSh0o88dsou
frRqS7edGLtHe+3SACPoIgX2Z+bKIXKrLTswOKdAtC6UDv0OFE5Vjrdp9bO8
SGZEq00YR2S0W7H7OpT37iPaC234ricFe+oq6ASFVB5T5QX9OKr/Cou6b1hU
25WEmMe9j5FMVkT2X7vHT9fepAHN32SDq3Sd6T4Jz50Ea/ZXrFbaKqepkjEX
d8rh37m1cEde+k6zjZUXGBPkHnHhNz8eJFc1pnufWf58GuQcfyb5Mxz27yF/
2qKBbcJWswIuY7WSifRqfl2R9f5C5MdJjv0uj6RDxw0JHNbHoXOs2zfe+y8R
9D+/CApGoNfu4qTJK8/Xbr5998CAHSoFmEs4y27Tid9lo02QISYEVnQ/IAmN
QTX1f8KuFUn29jpdgG3H0clTDk9IXi3YL15xmgP3lYG1YoP4yNGLiaOojFQj
xfL+QKiXQ5+g+TybVWHTerLHOr7xmjZrSasU6tJ1YCPFHZ4OtyOkFstZoGNO
7KnYjzXW4UOaedw3TKvFkB3Zyr1rHD1ttzIIbU+8aCTqT13EKp1zMJLyI1FJ
DsyHUYKchZmMKZ6CCm3gcaYb9BZsBkxwdSaq/8EAdyjAQm0QBSoHH8LHDdtn
k5fAvHWBup52sO0yq3wdhpqD5NVoUVXNKQPx4PTH459fvpCirM095NTdHuVp
CiqEiNTxYkISNRedJ+t2Spmbl0DlEymwabMT7ygB2OK+onSuQZulbF4YIbj+
DJFL0RPSWOLIJkLyCtGag4uXLm/wpihS8YntaGZpeTEGBZE3in4wakgMWjSh
Ibk74MKAlZrKUuZNDgUmTuR1Tbj6kZodQJ01QKjA7DCCDxIUE5xES/VAwdzl
jlMpJO3bveB6jYFdG1gy8yAfSzOwqmEzIG30CXvLMSbLK53jr0DU1JXkxpg5
1PpCreGYh7TVeEQwoYbJvuYbyimtYdtPqB+TzecFOgvszXlsgHOUGRI6tIj7
gQU+0MLeGiuUmTAQDe4vMh+b0+9P0F2soFmjAJWSv0eVgsiWPsID+bEuw8AQ
4FlO/st/uLL/8IFRUMaURrnva+quzUn10YIfxkSMlKBQGDKPV5uwfpXOPKuZ
LPuW1acjzwDh6STkM2dFP5uNQ6GwU1rD8HIvDvZeMfbUg1g3D/c7le8On4Wd
0rl9kJWldIKCrxIpfdgvfGYDIxgIS8wxBixsi/MbAbvmc1YUxOZmLV7OFXsC
iWYErUONQjMOJmUEU40bKGnG15jsgvy6SHBa3SiGvHPHXYSXWcqcllzfVhci
9+eEvmYtaHXdZ1RTaJvCJBgqW9UWH0XZoHUg4it3zQ70i0/A2E5kfRp0OXQF
5qWZL5pyy2yKjQF8gI0XRMldPJ4RqCpQt1t6Kj72KSseGR/TaxHOTrj9yrsH
lkvBc/Z7WQN3L7DmOKVt5JxROLbWGRv05CyyZjgVMtysciVWEQqoCFqjYlFN
l8fplFhq5QgZ+jF11uOyrWJ/e0/KrwLO9JrBjcIGHJbZ2RXUuGiKvLa7W7fA
3Jd4DD/QvWEnnRtwpKNrUeizt/O85AwgSMbA9DhWMlUs2f4fG/Ix0AqiB4w7
/YTiGj2j6EdpDk65VnjR0PQQUy6yS2zuWaelNVKMlW1vz5fMuYOloUJTCrlq
K6TQFdXiDWYTFghN6U40Crh5hJUT/HK/q2+zrJy3274tFsqab25JTDy1QUcg
hXg6QyFUfA0bZTboddQqU5bBlmgWK4sqI4InOiFo8nFLjH8eS+xyRfWOqeii
1wq5LnTnSg9Szv5kN6y0/Nq7yWAqLkOXkF64p3igU0+s3DNl+rA0ojUTtWpm
vwYk/atQ+ghukgsWohYYIlqCZpaWV1B+CdcnLU1wCX2VYjxPc0xpW7kpr9kd
diXjIq9zuGKjxSQtI+YEsdrcS/RvC+W9tuxZ1YGxJkn4wg/alMm7/BhRV4kL
oJG0DKUyKBN9v0MDxqdUdrqjEVySVkWy9vF3KQMQSYXH3pZhJrK4t9tnYBcs
vg1uV6/IhBg5nGuk31JtIa+EtxkgsoyAVsXSRb0L0YjWtdNufyc325OssmkK
oqBfPC16lnRRodKSCs7RKSJdJSq0x6Wy+Xq88mHyMn+TrTA5QZL91yob3Et0
v1/3TeGs2J7PRVaCcsNsPp817pQLLlkxgR4Fa+449MDml52QGGTgfuBd/HcP
5vLNuUcSPqjizuM8vTIAAEva7YzuF/dx2IGrtfGiF/ZebkhbaOlEeYvF2udl
8QaClm0dBNH7frZqH/dasvohr7Ryo4e+CHPsAJ9s5miFjpSxc5Gkp0oFy687
8uvOzlMiwmHrWxYMde1rxG6GkYHGYRQaFa1jLsKnl72lUytxO32vIDyDRvvL
LTk7viAeVtDItkjThljkuCDfk692t7DgnnhRVIW90mvOgbX1oAIK9CbZ+D66
G5nVYLctMBiJnaFDlpd0ZtEtWp1aDxLbUXCQTFrZmizUs40RWR22E99ZqvAL
bP6H+knStLq5+vKLhwP38zDRPw/jHyf6jcHDL794r7577z35Pv6x/+f7cAQz
Kl6lweC7jxzh49bgLlg4Ah/f++QbXNthD9f4XmPuZ1rDCiMMcA3fB/C5zwid
a/h0fNBY9h9ffvFuL3kgVNJoV/Uk+3btlGQvIco+KZZUdt837mBtpKPSsMTy
zSCd5Fezb9fAkWI+Rkr97t2l4bcfPqhuvQnUkHDUK3ubYm/3RgK7rMYj/0MM
ToKrZPlQxr3ExnalaZhyzwjDcel8T1evQuGS+V15Dn/oQEPFK6+UAlH2FWlo
IzHKiKDD8VLNgBwhc2fCtAwHGiCtcuH4tQeEGQ+ozIYub7i+m1P7J+hT9zjZ
YHm515M509qLhUrD2AdgjXKkaOsB5gynPs4mRlJxQRSa1rpt0FNV6168QK0O
AxfkKRSX/nq5N2xLUwgGT+DcMlDYNtQPV6W69YXt0TV8YdMQdcFgqWwVPBFS
7VfsdIHzaW4VWS0aylhanbpjl8oyBbE7jhAXwOCzqRHDQaLbHW7uJhuvjLT3
fbGYjRuelkb0gssmINYcciphVO7M2n4YIJEfhzM+iWz7WfqMEMpkE1xMcFXm
1SMA56Oti/Hm+KsxkunvVhnnc63n/TdEganhI/d7TAbez8NVxvlc61llnG8I
hFso0z1qwvDhPdbDstje5iesZ+kDq43z0B3FYzEB6KP47p7rka0lW5ubBlj3
Xs+K+AxHsSsELnIafwd8JoLI9DDA5n88fJZzRyJoaWDy0efetZ6GkAWCjwhY
h07I6ZS1WA00fK1TqgIHrVMYDRM5Ud6EEytVnKFU8QK4yrsHpCAKi3bU2wZe
Ol+GLQkcb3Qbei84LsOPgXCMPjQp7khwXIem1xsGvSh9KQGL/Gau684hxXZu
SiecuAbdaGZm9+m8wk3HDcZq7HBBGRVE6hfs5i4xtmq7V49UTMpQtJnMYdKJ
JlISXBZl9lxcUT6EbSmO7VKcRd6aBPNGKLIrDxecNMZL3qMNs+tFrkIedXz/
yFwpWD9EXzgLeXgiYS9VZc3wIayG476CscbOB+FT4i/Z9rrBqG4h64uZFf3X
g67EsRWTl13MDbGAgPbN+r2dGjtiSIqlydWDsFdIifqVKiiopER+kvQGsrQ7
RGtcwVhcaBqxiyzVHvqBwcRRj9Bf4ko1rXRWn3JULcni3pmte+0ZPXLG5IlS
1j/0sDspfA83ZVKMoCRpXZRG1dSBm00QGDipGcxCVP2HEAU6OtSBOkYdA6U9
xv0h/vngZymk0MWGH/djYeUGcKBCJzsFqHdczBYtbingjGqZ35APUmUZKOOe
xEY4k7kr0BK956SjU8Q+gYecOJWrxdo4CPH1gl1duYGJNwSk6z6d1po00h+x
wfNaT9QtPoJHbcsP+3D5TRP8ZhjjFsZ1jyXqRmW2ELZX60V83i+6mpXFSxMr
lwlHQyKSeGWPTsDtaNDd4+HeqbHFWy8pntfQCB4lG9ckS5El22ZJNCw2wz79
cf/lS/D3UCDNmLzw6HoWruMW2AcLWTa3pZjk3rgn9LI3lQFKglh5GzqCdfPt
5qY00/DlScYQ7qWXaX91uHHXtaGrJ5mUlodDrjnAgF/T3CyIwrAB9eD4LiJR
27FCitGdSFhGe2YKg85w3y3DzjEk4ZqixqinKRKHWTQDqSGTxq+jgfIfJI5X
BRlTzkzVlTQTzXCByHIR4aWltiKEXg3wJsU3+DEBRMgnE05LkhiXANGlNmte
f0RijRxQW97RBylJfUvrwINWwVvNMIu2IC4VzVKUegg/oaORIuJFaEeRR1C2
FXHaUVkF5CthRZOgFWXgoENLQxrtFIITL8JC2gpxecAGc/BTBu/N0ZZVm483
Q+XFRHiVv5woh1KV+GOlhROb0OQOtsBiSaFOjAS4nYr1hSD5odutWZUtZUQ7
45wEEhaMNkwk2GpUGmU6HlO/uIlAM8rdqnB9n2Ro/bKRGQGaoBkdnrXhcgEN
XKntwFDHmggSu9Wfk1i24ByCeTFfTFJfSnPojOXjs7f1OietrfFAp7KQtaE8
eVGM784VqtELdOIlsbyx1uqdVH5fmRwzMCI3yS6FOph9zqWsSlOWr80AMyuN
8nyeUv9sDOxegGSF0Sn0EKu969IhcpTPDYbAQXTChu7BRWbO0MXBrruX16Md
qtXgFqGp3LfVo0ULYL8cGyTce8vuQmhw6i/jpGkV9P7tO9GeeqW0zlcBX0yN
jDjAB2Gy1o2giWGS5ojjrly6Aau6Jfe8IXIm7mZ0YqLXpMb5YFXcGiLSR96W
VdEOLacI3VcIXYzlDwBpQ6cqtlcS2CvMtDYwtaG1wUnZSEA5UYkaz+yf7Rit
Epqt/S1wDLO0YxVOLNYNjr90UlxBmX/xJYrTuW2hTESPTw+OXx962fR1MSom
obn2sfUHPv1qa0eHngedW80A48UIU09KXOZi2r3ppvosGI53m7IUxYXM8V2X
+ZWH9biYrWHyMrusB/N0HOg+ycYJtO5GBgiaEyX8Zm/TERh7H6uertvBGB25
fWS/sDVLwxmPXpx3TQqPE9Bcq9mIPs89b9UKd9DpDG1PZnKqFShY/D5Nm2xA
M5/Z1YTVtdOeU2zN1kCb4weFCvCn5iOcZXeY/Cs02XbKk72TtqFEVWeqZB7b
skM/MfdZ/Gbg71b29TwZfAfxO3II4M4iJ+7D0KukP3sYfIQOyVNx0MBeAOfY
acM7fW8/f5/g3/Lm/WcTZ88KPqMWN1HyTTibD5/w2+/sm7GVdv7Y1UbdV+Kx
iK7TzLth0KD3KbP+LwAjZhPxdeIiH37MnDFnoUfXxG2oWNWBovudvkGS4hWT
oIbAGCrOTdnDvtiVZRwEZ45+YWgblZVSLwtIsgPHG5LAmW2JLb2eKUw0n1K7
tinKAOaXLK18ezirVHYqo76rBu/XktvsmxCVko4tIOtrziOhnJXqOsVERkPU
8GUjeK3cfBKU3EtDnNmeeYpJz1F9UEqqdLeiF9J6Z2PkIReJ06yNfJ1PmtYo
rBNQtWh4OKBnqupjEHpYyqiS0tMIDXUm2IBn47Tvs4AeQEmjylADQFdKskYw
jFXe6rJokPkLcz4An6TQFWFDm40rNFIls+wGY7Gcc7pjH33Fw3qB17SJP86E
UmKWVt9MlpMFTJ51CwlXoESeVvScQYGJ2Z1/QhVDY+VxRFp9Dem6d8nBdTZ6
UzmBFbN47wYj/Fhi4q0Px9r2gHXTo+0lkgDUd9pRMgVNwfwL/nWe/g/5bGwk
MhRv4WglRaX2kCTYhrRE9Howyu33B75OKUSQ8pRErNnZjjsulZLjtnSBPdLy
Gy9S9aThBfJLZ3lS3okX200Go3s5nLWOEldaXQIn6wa2JEcTJn84P2n4J06s
8K225De2wW5VOkXLjNPvssKfvjITNYMVoh6Ozh165Smsg41zIREVT3QnJu2s
YyZ1CTUWGkfWWiQ/ugrf+a71J5lXTHC4ceAdEPSCJQGm0GyAuZsiVParSvLw
DFoIWGeftNwlAEHfZjZuwgSHNl8QWqwwEdoiCElaTcF0RmyxOPFd5qqU4cWd
VmqxE7o3bvRYnBlEefHMxi+K+lpXVuMdNz3HWOSu4lvhGSh+A+M0DtMTVfzD
nEC8RPws/0CjSEk97RgHUz7OwtUcvVGEdfIqpmn5hrTwcTaTLnJS8NG7H/ZC
O5cQ+fryscsw9i4jyjhz9a1PNqT8R1oX03zkCChWXZpMYs4ybv0i+fehbOKy
71znuUjpF5APA1dGNIcGsaxJqiUx6jIvuXRNAwecVzFGLyORTKniT9pqGdxm
Jmr+cGgBImcjAvGbfxoMHiT75By+yCcg7rG36qffnZ3pjDbMsnv3YPrvdS0R
bRGrkoSHo10JO7jwm5B5f2H90Fzfxs5j7TTv3sHfg+P906PTwWlt0CItx4Ob
x2wUOZMXRiwb3mJtrSsYinKwQY0HY/w0N6hMc0D5wMZxY5g9j9JXdgMvZolg
8PPzl0enP7rcDNoVG/tcjhtZVr3VzTK6LyAm4YSXaEWywZHmTSspNWLQsA+J
L4RXnIiP7itreJRkY1XIAFAqaEJt86Zzw6xROhIbzSnsKFrpZ3u461Kld3e2
jNQOO8A93jz2wedac7FCxpZDenhHHh4m/9vpH08fOZpxm4+xHda4mNdSW2pu
pNj8LZ4eXDEp3sBthyg9wBU40PmdZKWDrrnJ/skRL21qLsCFMmYKCOhK4QSq
j6WOY/JdVWHAqE3JafFhiTchXsPfyR+qZj9cL12tXwUuhFW/8nSWDng0vh7P
ge8o8dzPaaq4GJeUnPZj9iwm5pRIkWE1lwTbjVb9SMENixNGV27EETYuzSVW
NCf6yLmp1D9SZZny5bNXwid+GJfF9FSXegn03n1f6qfUmuT05+enB6+Pnh+6
FeE0Yc41Lc2AtMbM6n3vAxzOLQrg57/IJdgZoGax0H+TcmUaAAH8AdHDFQBX
J9VnP69wQ4pIMM/I6+a40bYIace2F47hpWBRMReKBY8GgQbPi0EXgneh3ht5
79F9gx5xDHFdlJh1uJfF1ZVZnq0AwRRWoiZmcCUnSghy9SDyymvWTSZ26sbC
TbQMnzR8fTo3D0yKq0r1w7EFBVhI2jc6KZhOuGYF3CSy8DrHKhbEl/SqWZAq
1LfNByZ3UjORgjesrA9V73X1HmnsY/ZAVI6JLHYkvoSaXEFMWAg8ckqbjV3h
E454MYEjrdFLYIbxaeG2YakEPpELy3mhuBVIM0U+jL2OT4KwLDNymknhVpyZ
qo5xVXtDuFIUfNzR6N5acA6VlH2xGeZ+nUxump65sSQED5IOSxb9PeKuG+t+
zfWKrUDh6YO2HHmzGKBU4PfK9zfG2jCo4kVz9IjwLKvxLhxB5DK/2RxFq+uy
QgWRf/FvqfEzuEfZ5FKHD1FIXAW1Ng21ZeqQl0uzPSWcQjV/zjVW2ahpaxni
UiBBqcCme3j72Sa7aWdMVJiirNEra1z5r7XwZYVhEjVF3YOWi89Bhv+sqGqQ
r1uugmKNdoRANDJ3jKe3ZAwR3JUF4gpZcDZ4KbqqHNqamTV3DOezXWGt4O3j
IrB074ch+eKFSFXYxCtw7aRXp1AJenM5KzEW/S3I1ymkNOOybSsR20rUtkaT
uCHELtuEO7VxThLaw1USMZqxu4odnCF2anQ26nAwbBZf5a7uQ7MMbMcIdu0T
Wx9PR2V9FNV2B+YO8ZNJ93+R4f/MZJhCHbO35mF6AAQfe90f6eL2Emtr8blR
so6OsRtDJWbQ69FMpeSCOpQukJisJ7bs8yMqHmdIHAsgiDv0kr3pcuGobpd8
LZcJvxYvCT3SsxcvcnNCZ5Izp7mbxMtMbfI4qf/uATYLyOVw5h8yLvYU7TDP
jKB0f3x6BWl4oSvpPl7mjrrCWqTJWpqfWU20+Xy84J1CKVuyXqGKqyzqITvJ
evmo5XGr6a5A/zCaxRLB+5Am1P/Jy0WeWIn8D6b/O1EsZ1vdgKLSVC2610bI
7D429C56vyZ1Ww66f2QCiPmumNOEVRENBl3mVwupowE4im6kNEBRMc+4/gxQ
sC+1gYxYfwUdDU7jpAr8IA3Gy4IZDOOEAZFzCWlvdesH0EQ57PiWkr3SGQSQ
5/UdmZkuUgAeFPXD10guA9iwqMSts6UFO3izowU74blJdokCLVG9gtqlkPDd
rJIKmQ+4OWwxbuBasx3sMhfE0bfBDCn5Dc4y3udCNZVKgHLG9GZddpAsbG61
H++pzpjiccTCTdP/3gjYZnkbHKvTW6EAdn0d9XV7MdmxrCcDof/vf/8/qo4L
1dgYKkYGkDzL60aFONsGz5XoCURJdt7oi56ODSZDkkaKRrWQ5ocldSL8hxkW
YT8V55xHkvvQp8O1+3QnHWCRVhlCY2IY8I919bmatFxNcstgcAdWe81IFBkm
L6yr3AwEoAS0ktYYtt9FBkg3skZXeYVM2UTVxSSoSoYWkzEoMLLcnHv+aJPR
RcZm/THXbED/Sp9zYe61tHE2Z9sQXlwSsh38HQ/I3mIlZaaTyLp4dnUmQDQk
3n9k7m6jpRfRBnvVXZlGXDrwsmlhhqWQnMqz4AfxqGw+1S5SoFCuxkDr4JU4
Y2xk6p1GIW7DtEDvqaw0db1thPQEZjwIhrGrSMQ1yMY93dcAtsF8gltnw/xk
BoXgfgl3NiPOzI2bBjoRLc/SxVjJ1KiSxgcvoRL21roSpbfpnXTveX7Ha4PP
yQSpSvuzq8lgFZZQ5hhmA1NqjEJNUczvaYWcpg+me1oZhJoAMxiMS0R7M6Ul
ZzSoLvLHyptCgbDgs4BhIEd5WVIgRPewaXU3G5lvZsWimtyFs/Rxh3U9sXWX
ci8MxxoswFMsVGK8cDSIix6DL4iKWhjo1enojZGMR/bMTpWsHTswQlGk8KO7
gVkiqPU3GUMbHRQ51vQCM7Ur3BmInaltiEeC0CoCIqy//7++Kgo86n53jdPE
SFIQQCPRBv8aKk/Ws1vCeQt1lzNIUYzJ0WxkJuaOWXFPjNlcxY7FShVfB1ix
L3SBAjsuxjy8UdkgfomBa0Etke8zwyikZYGuCHJPoLiav+bo05HvdsUIFSxg
SzT7ronR3toMR5laHYmIVjZDoEIFh3QELnoJlM+n4PrFxw2qcbTkukwgNeJh
LXAY6KZmv3Q6Ko0O1WDJAf+EExgmh5hnjfum9QAo7Oi57WyKNzYMh41DEPYi
8IPzpB59lPpRqQo5miuALKywrxuKmGQB5ffNYwZawL1nGH2sx8mDpqJWJOCx
rdRwL/6uW3i0+9ecTkwMknQeLjPRV3ydZBoIfWUTimZGXKZRUoCUjEkkDQ0G
1X1WD+Ki4ELJKhrELXkaGnyAJJ71s2zsdUOz8gd1OgGjSFFM2BWvpRAAFfd3
wDNVFh48QN5PVtol1R6yfbQE82ucJUCuUWSh4ioLVe+jwKmK6UiYmkMcdJUO
zIsD9jO3BcMmN3kaQxeSvQ4oWgKjBxb5RCRheH7/4JCauEFUvrh7Njc5dJtk
J0ODraWaCKj1DLHPpG6r2M33rRIpUOI2gJMLoeL+ocQrVP8b66tQKNHutsD1
tr/M7vqglFNXyeaIzEn821oEXOVXf3OURGiWUCDxWVjbPBcm8sifLYGkdgk6
U7N4kfMysJWf7oSrKupVElXlQ13ok+sXUkwyw0wdEVfdh1X3co80YxsBj5qi
GunFbzAkMKCEvT7dW6NqVWSYmVqG7kkOpIzLskBs0rq/f+6qXi4JR2OpE+pt
39DPWQWuMYuo5ijhKqBAxgZnuQzbNo+B/raphA+oJB5gQjMkw34VUBLrpJSZ
Ya35zGw/r0VVD+5WeEthiKC7Gaxvn0+L69C7qxw5/04AWDNRFwismuh0q6pl
y2g8RomisXsc5SDwzwoGzMZiQB9oOxfMgNylTyH9zsmUhoYlwGEWVnV5piAA
nyVzpKZwKZpWJin7FORFR9raW8GT83ooCoMTeiL9vqjmXSMNSUqY+acsTsSW
Au/Qhwi1Xr/U/Ti/MvLkxBUn6KvmJ6o8xKWDjZbXOJG7csX8PIucwQrYydgq
OB0pwEaOM9OTYnAlFLR1R0EPeipZD/dhUYmCqvy3nlfDSM0GtsVMWmAR4KMd
8y6WhNOVIFmiWmUPGxGpMIxgfk2tsyZ+VwTqt4IWLNvkkenitS5RaNOK1PRo
rHXXFKGhNXNVm01VQpFqAB2wn+ZX17Uz4EjZGjFwmvM29Ce5ztIbuqUYacxJ
VmRFHIMvKXP2Iaa1ufQzLReVvTI6rj71m9c7viIGUSn6Bxd4RHZrFT6I43nF
b3BIKiY4m9hYZn0C/gRWFxgmPxa3kDXk1b3miFZv/e3XbMb6ub5EPBDnsEEz
XdRyizHWhsNcQtu6RLgosUnf6o1cOC8zv4E7Exs8S4zEo+gAjN6UITDdC9DJ
nOYE0h85GtOQ2eJyYP4BfxpoG+gpNve57yhOSK2RUKdVICF1tpkVkLkGQE6y
QK7vRz9YmU2Cc8Yc8WoOwAVmkyv0J9QuS6sFwE3Ocsr421fShmC4unyGRhRv
XCIP2UwaHdqIpz15sunX+hdns3VEjvLSrJr8k5UtAc9GQerKboOkXQEP2wuS
7sEs4NKnGOaMQ7B7xN50tOZ59jqlLDA/t7o+agzK55N6kGFn7E0mGRwMl0Vt
Ez0RLOazu6zmMqzk/+SAKd0tXA6V9bqqGbFwS90CydYDoJcmaq5TpPUFLCpp
GwZvipojfDyo49TX+aJo4n+LTmGWm1gb9OxhlQ505Ay8PuuSynYQK7oVcTZZ
gizscQg6lpOIPSFLK0R8s6cUS681XO4r6XcDxHQUCrSAnmHrtkFU3yuGhwd7
kY7eeECjpEQYlqPluC3buLUOk+3B17ogICZScO3XaVD4IDnaf7UfkaQpnrGA
GL3kcJwblXgvOTGYhNkQ1CB37d27/3Z6+PL7Dx/W3FnB8zo8I1QWua8DiaNp
mSJDdw2onL0klWhJ27l25GR5WLRVt40A/YPQR6wWd3Y3z6CFJ8bx+32RDTwo
/RV2jbFTnHglOQDBpF6I5VrLVGv8tnnS0G5YmnlwaB8cmgeH+KAhdipAbm2p
OoEKuxIGDmc3eVnMKLV6w0zSU1NrJ+krw2L2aKnnRggwXBqaEJoNnf/EnlF6
TraQ/B6SJPaoYyyk357/9vCP52fPXxjkXVxdkdp7Q89s9+hdzlzaS0CDpzQM
lV8Bfan8PArAB4sxEq7wwkUn7UGFIemCHmREhBnueijrT7Zd8HR9pX7iVViy
b0WRh7dkcUfWfl+MyZ3nYS0+wzKUkeeE0f+tUCZ6lpGj2o+YncSoV3G0gueI
R7kIWUo+TyUYlz3Bfv8gifVgGR2z5NLSaFngwAdO02lBYgDsn3C/sO3HokYH
rXywbOzS3mkMnIPnx6/ljnTfCouGez6uIbYdFK8PIemJ9Ey8eO8ewB7Oy/oT
yJI/4kZZf9tLXuazN8kZmrmS/ZrEeL7mEeSTEZBMDempgFhppDKP1xBD6SMX
7K4HtY24glwLogkc12Djw3k1vJqu8TceiuFlGCj/lDXlwRHH2z3xOG2HoOUY
KrCAARvSnwigB0YLTmITESu6BmWXt4cLff8QDbmVgrnEIB3miqBQJy0qnD63
X8fPPh2PW2gLyzxrXVMq6Lce4+Hp2f2PUWUHKCfBcrOukJg349HASEz2Whke
xJeqRJ14c7D9+HHPfg0YuZfUZv6u6/XNRfmdngRbrs8/7xzALo6+T37Kxnk6
wKtmEHDgAGUOOc0v8dHvrc8cnq1RHvG7xuaXqlds46t/q6BsTzRz9LHLG93e
eQL8QRDHGaiXcydx6kPVEbdIXf7xrMipQM6ZQaiplYBVAiO1gmfUaFnrtrdW
DxN/OvrpkICZNIHZQjvs93u4Pn3i+mo1GNajU+2r2sNXsCPWrKOANzpTMbTa
s7ZH6squgpd66QDRyNrdxx1LPwFnFtoUqjDesMNJVnDzjfaNVEt2IhTOb4lc
IQPDT87JS9xCzJbgo0fRgima7AqeGvJTQ36qi119FJ0T1s/9n4hGxO7w17VB
xW81/n1dw1F+2zhWGesAC6/vJQMOaXxh5Idnz5RUsUSYcFjVvTogI59ldTub
m6uvzmDK2cvT5JDSoMrkZXoBTul3D+pJdc7JUeUniDuRwZsoYh4aykNDeijA
kDPrjXmZ3mGhG74OG+bdezJAj+p9xTTv8ZPNxyx7qgIh7rktWylzd/eJZZIs
HR3+68nx67PD1wMjsg+gsPDgQIyMmrcOnHhuVj04/u1e8kc5HRCN0J1j6F3k
xObFPNCk4CGonge2DTIOvFYGFJDJtdivlCWXg68tLs0qFhMM9LQVLGK+a/aI
cTRZJnX51TKiMN/38glFJPsJqlzURXkHbTT3aUhvTwyWw99t7XF0xR2jHuZo
op9F2iSA3xmiGSTFUcqF43pcHW/ffomdt8VymJcqzK3yog/QuORRZ9eewQ/i
xoAKG74bmsHQlUrP0B72uPIKfuaU5cPfbe9BmBo9iqFyRrbpuwsIzh9VB4Is
sLC1NWC8LLYgI1uD9aMMkYQyBAabBPvyiXtfe4qvFlCxAutbuSxYkBtkEyBe
iU805Dpqazu4NXaq6nbrIwi4Qu8Qam1ODKLi2H5x6j37kARyr+HdXDMbmiym
1jG4hprkvq2OGGFXUMPEPaCXurvyUimJX8ov+wt3II+tP3hTdoPLdhVkR+mc
6tQgXkW6aH3SPh9/ln2+ye4+Ya9oWwUMXXGrHfY93Kky67mNfuUTErU/RlSq
19EW2lpRiGx+2cii6kBeeP38clp7AInMbHgvxN3VLioz8I02KdJ0XmbXEAl4
Y2mbDgcMyhnokSxisfkbvSLgEavtFW5axFVQQny/aq9YszKFkBd3QZHRxy/o
j1kKPp4oW9enSs8N3XP6dJ/sNcrCodMMzKav9o0+A42E5ylEH7CziDSKGegb
jFxetA7R3431K3hivadKgLJPEqV2w2vMYfk3Z5qBDzmvppQiMA8WYouVwcew
Ks/tOUO1AybSaFZxJU/wMYGb0xzyCAOfWbmEBTlYPN0zagqwYi+5A/wZ6AmZ
dcRvp248i8XIJUZS5dOFXaFzjz0J1xTmjN4ViSrmMHy8CG/Go3OYxrsIUjdB
apAFWOc29MxdXcpU8ioeYGKGC3CLFGxA0aNZqsmFLO91DAgOfSnwAJlG9Lqs
GWwm9lm95q3NPSPQMM9OA9uil4Ecs2JVSpSVqHhr/dKH8vPrl5xdImFvXL/J
66KNW0Qn0MoGSS7OpEyBsYJMYiLVG99S6KcTf8RNxPFkqFByvCxdrxS0CjIx
YySTM+lRXgoGjyis8s6p76U17Xmor0L4gpq1BPqvSZYtJlkYXteIzgC6piUj
20VGE4+vLZFRY6qF4DVsW8zeUswyAuKBIe5XGIvoJFrKnhbkV5HFOroUwzDn
ZT5NoRqaeyZINYMw5CkGZLrrQq3JIZvTf7cvRnzkWyD4TufmjubYNkt7L4Gu
oQ9XRz2XNqJZ7XDH59Va0udINiet75GlUDU18xrlUO859v7ya9zMsdHGo71J
UXdBZ2k5qXawG0gb4F03OJ2568yBZKruJjlWihPIUh9T1Egh2owtYEs15ZCY
ntNruqwaRggh4UBaBvmCamohJvmMHwKvueAbap1qB4/dDkAvfHWONfNsuwSb
B+FxTaaxkWaz3s09w4dRzzd6r6VWukfqI7h3fx2ATAORaXMD+FpIR2xaiZap
eVAgUeNFKeqfTReS3JF0ebpQG2S+sgQORuZilr7cEdRD8CtOBB64vcgwUvxT
Kld2toyiVT2JKspeZYfQ9Wez/qVcsu3nmN15nHoJf9562ipbs4RoG2W9qfXI
lBCLxJ6emCpFN9RPV/T4o+nKCpC5xKTP+H0beYbJrYYyQHzaXbdLvkVA4dvf
Esyg4aMEGCoppoxpMVuLI2+tTvylK7LufYUk25st2p4yq0jxbv/kxK4hCX5A
clG2bVIoXitnEnl45Mu1al1bvxa5FMHz89BKP4HQKyJOzIhC7YVlOhiTZQ2r
sgqf5LLxmkIWXslO2rEQML3RpRdye9uHp0/jbOVZvP8SjOZRigWVynTvcX17
uqooWGkx7rIoYyEDhoKGDv++21/UUVw1BPjl3ktsO+5vuNkNaelem4UIfKjx
fikMk5ouSefK6aKyPE8Vhui7yO4+33ssTCxNotBp5DW1SNWS0ng8vVtoW5R4
2taJTmTW1o7DqnSuV98UxSeX1k5Gm3s1oHSJAkHEvFtVrFlgdGnu0Hd9EaWJ
6WThxryXi6y+zbhgn8t5dvs9Zh0P8jzl1qbtiSE6NYztwN0z7OFrzfEktwRu
BHgKvCQT8xm39wpTTQgAj7t4PkRKakHZSc98DUjwcEWAvGvXTluUIc0WmdCl
AiA1ajaeRBZg64gwlXYCh9E9kUxrduEF5IbRp2AE6NKeWCRXy26VjzZIcbKS
bc+sapybuwztcmLRUh4Q2RdNIpxKuIYUm5Kc8eaAg2GWeBgsd7UZNM6+4mvg
EVEoZkezvoa2HrwKTkqWI8aHq6nTK8sSAQaiSTn3ihTeMMC4yGegIqIJrepT
qSYr1IEC6IZEQXyRk7AITv82+Yz9DFVT2unwN2w/81RlX0PW7pBG0DJmAkAO
mjkucsWJQ+up59Da85I5+NpT5wiSAlge+kV1hzXnhhL218vY+M5mw5Inejyw
nD6X2EQIY9lnnpIwambLPqmdRn10/pa4Ag4QBZZ8dKj/8g3j7E5LpUYH3Xpr
2DDJdYbeb06GF8KmJjR0wRaVM6pPNtat+lgaydFmj6zHbOU9cWYK6+j2ZR6f
nBkpV7MZVqChIOaCSAtTJLI983Vz7AhvDYvlzHPQZXFxAQ39XB8JMDp5dFfX
2mgRws3qtveiTBABPI7hkjaX2MQps/wW7R7QQOrKwypmWcT6Y9ax076OmbnJ
dW6z/9xpKUdETI5A05X9HHLNLPTJfwVooVkP2zFgh0J69NG7xe7GF2uNckj7
2KAu9X+1v8laR6lmLigZlSfe4+d6xsfxGXWVN5/n08gU6iZV951Gjt8Octue
VQViHBgaU2BkNNRDNpQI6sSxGr3uK7w4ynrXqX7VfqravGfdZtW5kZb9M+GM
TNZPYSbvmGaFG8lFgLgVPGlfweViNqJvyPWYQwVSuLsuW9sao40Wp5wHIujV
1p0DwsNIYkpoO5QIf240Er/7slfvXkPB1VmzNdiwAEut6vXhhsOFR0H/tH3j
F9l1epM7Eebk2BBEEt9KKy+2OCisfwhSTzDHKa+p8xMFDFHRqW5/k4xhrwHB
c89m4CCFplL1XMF9dwghT8/TsRCWXljQmzmA5wjZaF6pnoPQMx9CBEHVyCxI
6IJUnWlGu7yk9LR8JilI5sDlwXN6MEJYQgHYa7pBcvnaCbAo4Cn4y1pj+tAX
Y6OXtoZbO82oG+JAm3/vS0DWob/XVdjaaqPXrMhw9Q2KVHA1OQquHugvQlcb
ZIaCViTsLelVM+fkVSZTVM7H6k6uYou31BZ+LFeGdS0pJxPPOtTd9sBG+poE
f7kWYZFtrjnLWaeoJVBCSJs+tGeXwiWhWpeTXwrFZpHeFVrGpGQsI8fMB0iG
mJDvQMgtqZEUFX3o0+Fj/x9DcXhiKAi6sUTLUTd+q0XKEDuCV/UsSKpf76qu
6QLQEPd57sr6NiJFDxxOcHJsjHtttUga8equgSm0bJT0FCxqUJk4qQt6iX/l
kZcebqBlIcFeHiQvJJHwZ+4Eh70wzZFJhuGAW8R9gI66VOM3n5WXIwlh/T37
Vgabu7DNwebj5IGMsblr/vxAQMOc3aktozEu08t6ELUkDra3uE74b5If0Aww
wSovlqOMCoKjqlIu36koNFXCBUby4+kwG52z+VVDnEdtb2NEKNB2CdEkV5IE
g2svh1cFx55sZ9bLOud6sHJGSRnrPDZllSJ7zt9yhQMP7jsE910F9x3zJ8P9
pxw6p+KrQv0PXrx4CaWCptPUihouXlIKNx66KCg4NjNXxonilJaDBk7XzQHo
JvOhZg0ds4yizHSvC64IQBoX5GmvoQGeAyatqrdmX4cM4QVF72D7C/EcYn36
PLU9XyH6SELSoRIS2itdkRQM6eHaYpHKLp7hxAYpVdkVqo7SMwOrXpc2kRLg
rzFAKratcHbbdHY76uy2zZ98dj/bcOjaFmnbM9q8bAvDysBMb2TBSlk8w2Ri
CT+TD+3ysOTJ2EFixHIdZCcDNZG+0dy5CCJvpngXPWnuMtphI9mgigqjzGkS
2g5h5Y2eB1Ykg+0NpdbkBvpnzO4K21/gNOJNVsFUKmSks9jQUMZruQxGBuNl
ZoGTKI1Wt9g4KU561nFkR39NOetkPwBJZpK9zbkZojUTCxOIoxbFf03BEJO5
I/ZwbYtwbVvh2pb580N4Wa7zq+vBxCgLk1hTBAnA4TTaSXHbuG2ClhYjG+IH
BTxHRKCP3twmbW5LbW7T/NnYXCnh/l7tPIMD42I6A1MRGSeoUzL1Um/sj23T
DBQMxbjEVA4xyXolwJQIBx4FD9kxQ8nAw6clhoThMoyc4YX0D32qgCQniOmx
+O/n3bpqAB6XqhQGAl0cRxJS7CPfm5MYJ2zeZQOGMJRYwlNzIrd0t99POHB1
0nzMR1MOjpJVIjtXogaYSSSfh277wOhnkvRB/QvkXcIMaB4paZnZrarMCMU8
WYbaH72ZFbdGdL5iA+O7PRIPsvG3a5fppMrWOMdDrg/Uq6quuRbeDEobvnud
v4EyGT/+z//narKYjT9QFv67/TI396T8n//3LJvJZ/9SXENaSbb4n/9n8lNa
11VVuO/yaXJq2GdqR3i5GN/mV4Yi5vVfP0i9NfP5/z/3w9uAyR4onpMIGl2u
he4JB8UnMBGDGlWgJY6lkIILUouUZaaWww5sSc0BXY5XnJFYkIpa4yAOqQCf
Bwe6uAJjkWdwOaiFDmy5e+bl5ZdBspJjOrj+CfP08/MPc0Qe+XINDXL1dlRw
dvUJ8XTW9XONAF/XmgW+ttE5yDPEM9gVctKec2RAkGtwMGTBH9QqDyMDIwOY
eoVgTzfPYF0P0EHBGu5FoFtCEtOLUiGNCUtTIzNTI0htBNrek5ZTmpbGywUA
0UQrYIfqAQA=

-->

</rfc>
