<?xml version="1.0" encoding="UTF-8"?>
  <?xml-stylesheet type="text/xsl" href="rfc2629.xslt" ?>
  <!-- generated by https://github.com/cabo/kramdown-rfc version 1.7.39 (Ruby 3.0.2) -->


<!DOCTYPE rfc  [
  <!ENTITY nbsp    "&#160;">
  <!ENTITY zwsp   "&#8203;">
  <!ENTITY nbhy   "&#8209;">
  <!ENTITY wj     "&#8288;">

]>


<rfc ipr="trust200902" docName="draft-mih-scitt-agent-action-capsule-02" category="std" consensus="true" submissionType="IETF" tocInclude="true" sortRefs="true" symRefs="true">
  <front>
    <title abbrev="Agent Action Capsules">An Agent Action Capsule Profile for SCITT</title>

    <author initials="S." surname="Mih" fullname="Steven Mih">
      <organization>Action State Group, Inc.</organization>
      <address>
        <email>spec@actionstate.ai</email>
      </address>
    </author>

    <date year="2026" month="July" day="06"/>

    <area>Security</area>
    <workgroup>SCITT</workgroup>
    <keyword>SCITT</keyword> <keyword>AI agent</keyword> <keyword>transparency</keyword> <keyword>audit</keyword> <keyword>verdict</keyword>

    <abstract>


<?line 83?>

<t>This document defines a SCITT statement profile for recording what an AI
agent did: the Agent Action Capsule. A Capsule is a digest-committed record
of one agent action carrying its verdict-level disposition (executed,
blocked, denied, errored, timed out), the deterministic constraints that
were evaluated, the effect that was committed together with a
confirmed-effect binding that distinguishes a dispatched attempt from an
observed result, and an honest human-in-the-loop flag. Capsules are
expressed as SCITT Signed Statements (COSE_Sign1) and made transparent by
registration in a SCITT Transparency Service. A Capsule is recorded on
every verdict, including refusals: a blocked or denied Capsule is the
auditor-grade evidence that a gate worked.</t>



    </abstract>



    <note title="Note to Readers">


<?line 97?>

<t>This document is an individual submission. The intended venue for
discussion is the SCITT Working Group (scitt@ietf.org). The source of
truth for the profile's prose is the specification repository from which
this document is derived; see the repository's <spanx style="verb">docs/ietf-draft/README.md</spanx>
for the section mapping.</t>


    </note>


  </front>

  <middle>


<?line 105?>

<section anchor="introduction"><name>Introduction</name>

<t>AI agents increasingly take actions with external consequences: writing
records, sending payments, filing documents. Two distinct evidentiary
questions follow. The question "was this action permitted?" is answered by
authorization records produced before execution. The question this profile
answers is different: "what did the agent actually do?" — including the
cases where the answer is "it was stopped."</t>

<t>This document profiles SCITT <xref target="RFC9943"/> Signed
Statements to carry an Agent Action Capsule: a digest-committed record of
one agent action and its verdict-level disposition. The profile's central
design commitments are:</t>

<t><list style="numbers" type="1">
  <t>The may/did distinction. A Capsule records what occurred, with an
effect-state binding (<xref target="effect"/>) that structurally distinguishes "the
effect was dispatched" from "the effect's result was observed and
bound." A producer cannot present an attempt as a completion.</t>
  <t>A Capsule on every verdict (<xref target="everyverdict"/>). Capsules are recorded
for refusals, blocks, errors, and timeouts — not only for executed
effects. An evidence trail that records only successes is
survivorship-biased and cannot prove its gates ever fired.</t>
  <t>Independent verifiability. The substrate guarantees (envelope
signature, registration, receipt) are SCITT's and are verified by
reference; the agent-domain checks defined here (<xref target="verification"/>,
<xref target="class2"/>) are deterministic and reproducible by any verifier from
the record's own bytes, in two conformance classes (<xref target="conformance"/>).</t>
</list></t>

<t>The terms "statement profile" and "profile" in this document always mean a
SCITT statement profile in the sense of <xref target="RFC9943"/>: a
constraint on the protected header and payload of a Signed Statement. The
word is never used in any other sense in this document.</t>

</section>
<section anchor="conventions"><name>Conventions and Definitions</name>

<t>The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
"OPTIONAL" in this document are to be interpreted as described in BCP 14
<xref target="RFC2119"/> <xref target="RFC8174"/> when, and only when, they appear in all capitals,
as shown here.</t>

<dl>
  <dt>Capsule:</dt>
  <dd>
    <t>The Agent Action Capsule — the JSON payload of a profiled Signed
Statement, recording one agent action.</t>
  </dd>
  <dt>Verdict:</dt>
  <dd>
    <t>The terminal outcome of one agent action — what the decision gate
concluded and what is consequently known about the effect.</t>
  </dd>
  <dt>Disposition:</dt>
  <dd>
    <t>The digest-committed block within a Capsule recording how the decision
was disposed: the gate outcome, who disposed it, an honest
human-in-the-loop flag, and optionally a verdict reason-class.</t>
  </dd>
  <dt>Producer:</dt>
  <dd>
    <t>The party that constructs, signs, and (for the transparent tier)
registers Capsules.</t>
  </dd>
  <dt>Verifier:</dt>
  <dd>
    <t>Any party that validates a Capsule from its bytes, without trusting the
Producer. Verifier conformance is split into two classes
(<xref target="conformance"/>).</t>
  </dd>
  <dt>JSON-DIGEST:</dt>
  <dd>
    <t>HEX(SHA-256(JCS(normalize(v)))) — the lowercase-hex SHA-256 of the
<xref target="RFC8785"/> JSON Canonicalization Scheme serialization of a value after
absent-field normalization (members whose value is null, an empty array,
or an empty object are removed, bottom-up). All JSON digests in this
profile use this single construction.</t>
  </dd>
</dl>

</section>
<section anchor="projection"><name>The SCITT Signed Statement envelope</name>

<section anchor="envelope"><name>Protected header and payload media type</name>

<t>A Capsule is carried as the payload of a SCITT Signed Statement — a
COSE_Sign1 <xref target="RFC9052"/> (a CBOR structure, <xref target="RFC8949"/>). The protected
header MUST carry the CWT Claims parameter (label 15) <xref target="RFC8392"/> with:</t>

<texttable>
      <ttcol align='left'>Claim</ttcol>
      <ttcol align='left'>Req</ttcol>
      <ttcol align='left'>Meaning</ttcol>
      <c>iss (CWT 1)</c>
      <c>REQUIRED</c>
      <c>The signing agent identity (the Capsule's developer).</c>
      <c>sub (CWT 2)</c>
      <c>REQUIRED</c>
      <c>urn:agent-action-capsule:OPERATOR:ACTION_ID — the tenant-scoped action subject (provisional URN namespace; see below).</c>
      <c>capsule_statement_type</c>
      <c>REQUIRED</c>
      <c>"agent_action" or "outcome". Additional values are reserved (<xref target="future"/>).</c>
      <c>capsule_action_type</c>
      <c>RECOMMENDED</c>
      <c>"fyi" or "decide" — lets a registration policy gate by action class without parsing the payload.</c>
      <c>capsule_decision_id</c>
      <c>RECOMMENDED</c>
      <c>Correlates the statements of one decision (and its outcomes) at the SCITT layer.</c>
</texttable>

<t>plus <spanx style="verb">alg</spanx>, <spanx style="verb">kid</spanx>, and <spanx style="verb">content_type</spanx> per COSE. The <spanx style="verb">content_type</spanx> MUST
be <spanx style="verb">application/agent-action-capsule+json</spanx> (or the outcome media type,
<xref target="outcomes"/>). The <spanx style="verb">capsule_*</spanx> protected-header claim set is CLOSED:
extensions are payload-only (<xref target="extensibility"/>). The <spanx style="verb">capsule_*</spanx> claim
labels are provisional string-keyed names pending registration in the
existing IANA "CWT Claims" registry; a future revision pins integer
labels. The <spanx style="verb">urn:agent-action-capsule:</spanx> namespace of the <spanx style="verb">sub</spanx> claim is
likewise provisional and used here by example; a future revision either
registers a formal URN namespace (<xref target="RFC8141"/>) or replaces it with a
profile-defined subject scheme. A plain structured-string subject (no URN
form) is under consideration for that revision, since the CWT <spanx style="verb">sub</spanx> claim
does not require URN syntax; the choice is deferred to avoid churning the
protected-header subject format in this revision.</t>

<t>A field is a protected-header claim only if a SCITT-generic party (a
Transparency Service registration policy, or a profile-unaware verifier)
must act on it without understanding this profile; everything
semantically rich stays in the payload.</t>

</section>
<section anchor="registration"><name>Registration and Receipts</name>

<t>A producer makes a Capsule transparent by registering its Signed
Statement with a SCITT Transparency Service per
<xref target="RFC9943"/> and attaching the returned Receipt
(COSE Receipts, <xref target="I-D.ietf-cose-merkle-tree-proofs"/>) to the unprotected
header, forming a Transparent Statement. This profile does not define
receipt formats or proof verification; both are the substrate's, by
reference. A verifier MUST NOT report <spanx style="verb">attestation_mode: "anchored"</spanx>
without having verified a Receipt from a Transparency Service whose key
it trusts. A conforming anchor is any SCITT Transparency Service; this
profile requires no specific operator. The transport of registration
requests is likewise out of scope: <xref target="I-D.ietf-scitt-scrapi"/> defines a
reference registration API, and a Transparency Service may employ a
receipt profile such as <xref target="I-D.ietf-scitt-receipts-ccf-profile"/>; this
profile is indifferent to both choices.</t>

<t>This profile is VDS-agnostic at the statement layer. Receipt format and
proof verification are governed by the Verifiable Data Structure (VDS)
of the chosen Transparency Service; this profile imposes no VDS
requirement. RFC9162_SHA256 (<xref target="I-D.ietf-cose-merkle-tree-proofs"/>) is
the default neutral VDS used by reference implementations; the CCF
receipt profile (<xref target="I-D.ietf-scitt-receipts-ccf-profile"/>) is a
conforming optional alternative. A Capsule submitted to any conforming
SCITT Transparency Service produces a valid Transparent Statement
regardless of which VDS that service employs.</t>

</section>
<section anchor="outcomes"><name>Outcomes</name>

<t>An asynchronously observed consequence — a reversal, dispute, correction,
or confirmation — is recorded as its own Signed Statement
(<spanx style="verb">capsule_statement_type: "outcome"</spanx>, content type
<spanx style="verb">application/agent-action-capsule-outcome+json</spanx>) whose <spanx style="verb">sub</spanx> equals the
original action's <spanx style="verb">sub</spanx>. Correlation is by subject and decision id, never
by mutating the original statement: the log is append-only and the
original is immutable.</t>

</section>
</section>
<section anchor="registries"><name>Registries of this profile (summary)</name>

<t>Six vocabularies of this profile are registry-governed under a
Specification Required policy (<xref target="RFC8126"/>, Section 4.6):
<spanx style="verb">verdict_class</spanx>, <spanx style="verb">disposition.decision</spanx>, <spanx style="verb">effect.type</spanx>,
<spanx style="verb">irreversibility_class</spanx>, <spanx style="verb">effect_attestation</spanx>, and <spanx style="verb">chain.relation</spanx>. The
registries and their initial contents are defined in <xref target="iana"/>, kept at
the back of this document per convention.</t>

<t>The binding invariant, stated once here and again in <xref target="iana"/>: verifiers
MUST treat unregistered values as informational and MUST NOT reject a
Capsule for carrying one. Registration governs shared meaning, never
acceptance. Every registry check in this profile is performable from the
Capsule's own bytes and the registry contents alone.</t>

</section>
<section anchor="capsule"><name>The Agent Action Capsule</name>

<t>A Capsule is a JSON object: the envelope that is disclosed and
digest-committed. Sensitive content (model reasoning, evaluated evidence,
raw tool payloads) is not carried in the envelope; it is committed to by
digest only. A Capsule also carries Constraint Records — the public
verdicts of the deterministic checks that ran against the action; their
detail is specified in <xref target="constraints"/>.</t>

<section anchor="identity"><name>Identity and parties</name>

<texttable>
      <ttcol align='left'>Field</ttcol>
      <ttcol align='left'>Type</ttcol>
      <ttcol align='left'>Req</ttcol>
      <ttcol align='left'>Meaning</ttcol>
      <c>spec_version</c>
      <c>string</c>
      <c>REQUIRED</c>
      <c>The profile prose version the Capsule conforms to. The value defined by this profile version is "draft-mih-scitt-agent-action-capsule-02"; it tracks the document name and advances with each revision.</c>
      <c>format_version</c>
      <c>string</c>
      <c>REQUIRED</c>
      <c>The serialization-suite version of the envelope. The value defined by this profile version is "2"; the value reflects the pre-IETF reference-implementation serialization lineage this profile inherits, which is why a -00 document begins at "2" rather than "1".</c>
      <c>capsule_id</c>
      <c>string (64 hex)</c>
      <c>REQUIRED</c>
      <c>JSON-DIGEST of the canonical capsule form: the envelope minus capsule_id and chain-linkage fields, after absent-field normalization. Content-addresses the envelope.</c>
      <c>action_id</c>
      <c>string</c>
      <c>REQUIRED</c>
      <c>Stable identifier of the action; unique within one producer ledger.</c>
      <c>action_type</c>
      <c>string</c>
      <c>REQUIRED</c>
      <c>"fyi" (informational) or "decide" (a disposition was required).</c>
      <c>operator</c>
      <c>string</c>
      <c>REQUIRED</c>
      <c>The accountable tenant the action was performed for.</c>
      <c>developer</c>
      <c>string</c>
      <c>REQUIRED</c>
      <c>The agent identity and version that performed the action.</c>
      <c>timestamp</c>
      <c>string</c>
      <c>REQUIRED</c>
      <c><xref target="RFC3339"/> UTC with "Z" suffix.</c>
      <c>epoch_id</c>
      <c>string</c>
      <c>OPTIONAL</c>
      <c>An operator-assigned epoch identifier, stable within one operational configuration of the agent system. Producers SHOULD populate this field and rotate its value — together with an epoch-boundary Capsule (<xref target="epochs"/>) — when a configuration change that materially alters agent behavior occurs (for example, a model-version swap, a policy-manifest revision, or a significant constraint-schema change). A verifier or ledger consumer scopes a history window to a specific operational configuration by filtering on operator and epoch_id. Absent epoch_id implies a single, unnamed epoch; a producer MUST NOT back-fill epoch_id on Capsules already sealed.</c>
</texttable>

<t>Monetary and quantity values anywhere in a Capsule MUST be exact decimal
strings, never JSON floating-point numbers; digests are not reproducible
across implementations otherwise.</t>

</section>
<section anchor="epochs"><name>Configuration epochs</name>

<t>A configuration epoch is the contiguous sequence of Capsules produced by
one agent configuration — one model version, one policy-manifest version,
one runtime variant — before any of those configuration dimensions changes.
Epochs exist because a model swap or policy revision is a behavioral
discontinuity; without a recorded epoch boundary, pre- and post-change
history blend silently and a verifier cannot scope a query to "the current
configuration."</t>

<section anchor="the-epochid-field"><name>The epoch_id field</name>

<t>The <spanx style="verb">epoch_id</spanx> payload field (<xref target="identity"/>) carries the current epoch
identifier. It is committed to <spanx style="verb">capsule_id</spanx> and is therefore tamper-evident.
Producers that operate across multiple epochs SHOULD populate <spanx style="verb">epoch_id</spanx> and
rotate its value on every configuration change. Producers that do not
anticipate epoch changes MAY omit it; absent <spanx style="verb">epoch_id</spanx> implies a single,
unnamed epoch.</t>

<t>A producer MUST NOT assign the same <spanx style="verb">epoch_id</spanx> value across a configuration
boundary. The invariant "all Capsules sharing an operator and epoch_id were
produced under the same configuration" is what makes epoch-scoped history
queries meaningful; violating it makes pre- and post-change records
indistinguishable by <spanx style="verb">epoch_id</spanx> alone.</t>

</section>
<section anchor="epochboundary"><name>Epoch-boundary Capsules</name>

<t>When an epoch opens, a producer SHOULD emit a single epoch-boundary Capsule
before resuming normal action recording. An epoch-boundary Capsule is a
regular Capsule (no new statement type) with:</t>

<t><list style="symbols">
  <t><spanx style="verb">action_type: "fyi"</spanx> (it is an administrative record, not a decided
action);</t>
  <t>the <strong>new</strong> <spanx style="verb">epoch_id</spanx> value — the epoch it opens;</t>
  <t><spanx style="verb">chain.relation: "epoch_opens"</spanx> linking to the last Capsule produced
under the prior epoch (registry-governed, <xref target="iana"/>); and</t>
  <t>a RECOMMENDED <spanx style="verb">model_attestation</spanx> block (<xref target="identity"/>) recording the
new model and provider, so the transition is commit-addressed and verifiable
from the Capsule's own bytes.</t>
</list></t>

<t>An epoch-boundary Capsule MAY additionally carry <spanx style="verb">disposition.verdict_class:
"epoch_boundary"</spanx> (registry-governed, <xref target="iana"/>) and a <spanx style="verb">reason_digest</spanx>
committing to a machine-readable record of what changed — at minimum the
prior <spanx style="verb">epoch_id</spanx>, the new model identity, and the new policy-manifest
version — so that a verifier can distinguish a configuration-change record
from an ordinary <spanx style="verb">fyi</spanx> action.</t>

</section>
<section anchor="epochverify"><name>Epoch-scoped verification</name>

<t>A verifier scoping a query to a specific epoch filters by <spanx style="verb">operator</spanx> and
<spanx style="verb">epoch_id</spanx>. An epoch-boundary Capsule carrying <spanx style="verb">chain.relation: "epoch_opens"</spanx>
marks the temporal left edge of that epoch; the next epoch-boundary Capsule
whose chain parent lies within this epoch marks its right edge. A verifier
SHOULD report, as an informational finding, any action Capsule whose
<spanx style="verb">epoch_id</spanx> differs from the prevailing epoch established by the most recent
epoch-boundary Capsule for that operator; such a discrepancy is not a
verification failure (an epoch change mid-stream is not structurally
non-conforming), but it is evidence that a configuration boundary occurred
without a corresponding epoch-boundary Capsule.</t>

<t>Chain-linkage fields are intentionally excluded from <spanx style="verb">capsule_id</spanx> so that
a Capsule's content-address remains stable regardless of what later chains
to it — including the chain block itself, which references a parent's
<spanx style="verb">capsule_id</spanx> and so could not be inside the address it helps compute. This
exclusion does not weaken integrity: the entire Capsule payload, the chain
block included, is signed within the COSE_Sign1 envelope (<xref target="envelope"/>),
so the chain linkage is tamper-evident even though it is not part of the
content-address.</t>

</section>
</section>
<section anchor="effect"><name>Effect Record and the confirmed-effect binding</name>

<t>The Effect Record describes the side effect the action committed. Its
<spanx style="verb">status</spanx> member takes one of five values:</t>

<texttable>
      <ttcol align='left'>status</ttcol>
      <ttcol align='left'>Meaning</ttcol>
      <ttcol align='left'>Binding requirement</ttcol>
      <c>planned</c>
      <c>Intended, not dispatched.</c>
      <c>request_digest and response_digest MUST be absent.</c>
      <c>dispatched</c>
      <c>Sent; result not observed.</c>
      <c>request_digest SHOULD be present; response_digest MUST be absent.</c>
      <c>confirmed</c>
      <c>Result observed and bound.</c>
      <c>response_digest MUST be present and MUST be the JSON-DIGEST of the actual response.</c>
      <c>failed</c>
      <c>Attempted; runtime reported failure (state known).</c>
      <c>response_digest, when present, digests the failure response.</c>
      <c>reverted</c>
      <c>A committed effect was undone.</c>
      <c>Correlated via external_ref / decision_id.</c>
</texttable>

<t>The confirmed-effect invariant: a producer MUST NOT emit
<spanx style="verb">status: "confirmed"</spanx> without a <spanx style="verb">response_digest</spanx> over the actually
observed response. A verifier MUST treat <spanx style="verb">confirmed</spanx> with a missing
response_digest as a verification failure. This is the byte-level
mechanism behind the may/did distinction: "confirmed" is an observed
result, never a promise.</t>

<t>The Effect Record also carries the logical <spanx style="verb">type</spanx> (registry-governed,
<xref target="iana"/>), an optional <spanx style="verb">external_ref</spanx> join key for later outcomes, and an
<spanx style="verb">irreversibility_class</spanx> — an ordered consequence enumeration (<spanx style="verb">two_way</spanx>,
<spanx style="verb">one_way_recoverable</spanx>, <spanx style="verb">one_way_consequential</spanx>, <spanx style="verb">one_way_terminal</spanx>;
registry-governed, <xref target="iana"/>).</t>

<t>The Effect Record additionally carries <spanx style="verb">effect_attestation</spanx>: WHO vouches
for the effect's execution — the evidence grade of the effect claim. The
vocabulary is registry-governed (<xref target="iana"/>; Specification Required), seeded
with two values:</t>

<texttable>
      <ttcol align='left'>effect_attestation</ttcol>
      <ttcol align='left'>Meaning</ttcol>
      <c>gate_executed</c>
      <c>The commit transited the gate; the engine observed the effect boundary directly.</c>
      <c>runtime_claimed</c>
      <c>The gate issued a verdict only; the executing runtime asserted completion; the capsule records that claim, not an observation.</c>
</texttable>

<t>Validity is checked against the assurance <spanx style="verb">effect_mode</spanx> (<xref target="assurance"/>):</t>

<texttable>
      <ttcol align='left'>effect_mode</ttcol>
      <ttcol align='left'>effect_attestation</ttcol>
      <c>confirmed</c>
      <c>REQUIRED (states WHO confirmed)</c>
      <c>dispatched_unconfirmed</c>
      <c>REQUIRED</c>
      <c>not_applicable</c>
      <c>MUST be absent — nothing executed, there is no claim to grade</c>
</texttable>

<t>The planned carve: <spanx style="verb">effect.status: "planned"</spanx> asserts no execution, so
<spanx style="verb">effect_attestation</spanx> MUST be absent — there is nothing to grade, and a
phantom grade would poison grade-based queries. It becomes REQUIRED the
moment dispatch occurs.</t>

<t>The matrix is total over the <spanx style="verb">effect.status</spanx> values of <xref target="effect"/>. An
<spanx style="verb">effect.status</spanx> of <spanx style="verb">failed</spanx> (the effect was dispatched and the runtime
reported a failure; state known) derives <spanx style="verb">effect_mode:
"dispatched_unconfirmed"</spanx> — the effect was dispatched and its result, though
a failure, was not gate-confirmed; therefore <spanx style="verb">effect_attestation</spanx> is REQUIRED.
<spanx style="verb">reverted</spanx> (a previously-committed effect was undone) likewise derives
<spanx style="verb">effect_mode: "dispatched_unconfirmed"</spanx> and REQUIRES <spanx style="verb">effect_attestation</spanx>; the
underlying committed effect it reverses is correlated separately via
<spanx style="verb">external_ref</spanx> / <spanx style="verb">decision_id</spanx> (the Effect Record fields, <xref target="effect"/>), not
by a distinct <spanx style="verb">effect_mode</spanx>. So
every <spanx style="verb">effect.status</spanx> other than <spanx style="verb">planned</spanx> (carved above) and the
no-effect case (<spanx style="verb">not_applicable</spanx>) requires <spanx style="verb">effect_attestation</spanx>.</t>

<t>Consumers MUST treat an unregistered or unrecognized <spanx style="verb">effect_attestation</spanx>
value as no stronger than <spanx style="verb">runtime_claimed</spanx>; unknown values are
informational, never a verification failure, and unknown never grades up.
The grade is digest-committed in the Capsule payload and is available to
any payload-bearing verifier, which can thereby distinguish gate-observed
execution from runtime-claimed execution; promotion of the grade to a
protected-header (CWT claim) position is an explicit candidate for a -02
revision, to be decided once real transparency-log consumers exist. This
version deliberately claims no header-level visibility for the grade.</t>

</section>
<section anchor="assurance"><name>Assurance</name>

<t>Every Capsule carries an <spanx style="verb">assurance</spanx> object stating, as
independently-rederivable claims: <spanx style="verb">attestation_mode</spanx> ("self_attested" or
"anchored"), <spanx style="verb">effect_mode</spanx> ("not_applicable", "dispatched_unconfirmed", or
"confirmed"), and <spanx style="verb">ledger_mode</spanx> ("standalone", "chained", or "anchored").
<spanx style="verb">ledger_mode</spanx> records the custody tier of the record: "standalone" is a
lone Capsule (no chain linkage); "chained" is a Capsule whose hash-chain
linkage to a predecessor is present and intact; "anchored" is a chained
Capsule whose chain root has additionally been committed to an independent
transparency log. A verifier rederives <spanx style="verb">ledger_mode</spanx> from the bytes it can
check — "standalone" versus "chained" from the presence and integrity of
the hash-chain linkage, and "anchored" only after it verifies an inclusion
proof against a trusted log key — and the three tiers are ordered
standalone &lt; chained &lt; anchored for overclaim detection. A producer MUST
NOT record an assurance mode it did not achieve; a verifier rederives each
mode from the evidence present and reports any overclaim.</t>

</section>
<section anchor="disposition"><name>Disposition and the verdict reason-class</name>

<t>A Capsule's <spanx style="verb">disposition</spanx> block records how the decision was disposed:</t>

<t><list style="symbols">
  <t><spanx style="verb">decision</spanx> (REQUIRED): "accept", "reject", "needs_input", or "deferred"
(registry-governed, <xref target="iana"/>).</t>
  <t><spanx style="verb">approver</spanx> (REQUIRED): a closed enum, exactly "human" or "policy".
The value domain is fixed by this specification (not registry-governed);
an unknown approver value is not a conforming Capsule.</t>
  <t><spanx style="verb">human_disposed</spanx> (REQUIRED, boolean): the honest in-the-loop flag —
true ONLY when a human actually acted. A policy auto-approval is false.
<spanx style="verb">human_disposed: true</spanx> REQUIRES <spanx style="verb">approver: "human"</spanx>; a producer MUST
NOT claim a human disposed what a policy did.</t>
  <t><spanx style="verb">authority</spanx> (OPTIONAL): an opaque reference to the authority under
which a non-human disposition acted. A conforming Capsule carries at
most the reference, never the authority's internal structure.</t>
  <t><spanx style="verb">verdict_class</spanx> (OPTIONAL): the terminal-verdict reason-class
(<xref target="verdictclass"/>). It is RECOMMENDED for any non-executed verdict,
where it carries the terminal reason; it is legitimately absent for a
clean <spanx style="verb">executed</spanx> verdict (which has no reason-class, mirroring an absent
<spanx style="verb">reason_digest</spanx>).</t>
  <t><spanx style="verb">reason_digest</spanx> (OPTIONAL): JSON-DIGEST of a structured, private reason
object — machine-readable members such as the constraint identifier,
the threshold, and the observed value; never free prose — so two
engines attesting the same refusal produce the same digest. The member
is absent (not a digest of an empty object) when a verdict has no
reason, such as a clean "executed".</t>
  <t><spanx style="verb">expiry_policy</spanx> (OPTIONAL; deferral dispositions only): a digested
<spanx style="verb">{ttl_seconds, on_expiry}</spanx> object — <spanx style="verb">ttl_seconds</spanx> is an integer count
of seconds, never a duration string, and <spanx style="verb">on_expiry</spanx> is "expired" or
"escalated". <spanx style="verb">ttl_seconds</spanx> is evaluated against the deferral Capsule's
registration time — the <spanx style="verb">timestamp</spanx> field inside the digest commitment
— not the Transparency Service receipt time, and not a consumer's
local wall clock; a named clock basis is what makes the expiry
computation deterministically reproducible, so any verifier derives the
same elapsed-time result from the record's own bytes. The deferral's
frozen summary is a
digest-committed, content-side layer written once at deferral time; it
MUST NOT be regenerated.</t>
</list></t>

<section anchor="verdictclass"><name>The verdict_class vocabulary</name>

<t><spanx style="verb">verdict_class</spanx> records WHY the action terminated as it did. The seeded
vocabulary (registry-governed, <xref target="iana"/>; unregistered values are
informational to a verifier, never a rejection):</t>

<texttable>
      <ttcol align='left'>verdict_class</ttcol>
      <ttcol align='left'>Meaning</ttcol>
      <c>executed</c>
      <c>The action ran.</c>
      <c>blocked</c>
      <c>A blocking constraint stopped it before dispatch.</c>
      <c>hitl_dispatched</c>
      <c>Routed to a human operator; awaiting resolution.</c>
      <c>denied</c>
      <c>An operator or policy refused it before dispatch.</c>
      <c>timeout</c>
      <c>The decision timed out (see the orthogonality rule).</c>
      <c>errored</c>
      <c>The action ran and threw; final state unknown.</c>
      <c>engine_failure</c>
      <c>The engine could not evaluate the action.</c>
      <c>deferred</c>
      <c>A human elected to postpone the decision; open item.</c>
      <c>needs_decision</c>
      <c>Evaluation complete; decision required, not yet routed to a decider; open item.</c>
      <c>expired</c>
      <c>TTL policy on the deferral elapsed; terminal unless superseded by escalation.</c>
      <c>escalated</c>
      <c>Expiry or policy routed the item to a higher authority; open item at the new authority.</c>
      <c>resolved</c>
      <c>A terminal decision Capsule closed the chain without executing — the non-executing closure only (see the pairing rule, <xref target="orthogonality"/>).</c>
</texttable>

<t><spanx style="verb">hitl_dispatched</spanx> and <spanx style="verb">deferred</spanx> are sequential states, not synonyms:
<spanx style="verb">hitl_dispatched</spanx> means sent to a decider and awaiting response;
<spanx style="verb">deferred</spanx> means a decider responded "later".</t>

</section>
<section anchor="orthogonality"><name>Orthogonality with effect_mode</name>

<t><spanx style="verb">verdict_class</spanx> (why the verdict) and <spanx style="verb">assurance.effect_mode</spanx> (what is
known about the effect) are independent axes and MUST NOT be folded into
one another:</t>

<t><list style="symbols">
  <t>The pre/post-dispatch distinction lives in <spanx style="verb">effect_mode</spanx>, not in the
class. A timeout before dispatch is <spanx style="verb">verdict_class: "timeout"</spanx> with
<spanx style="verb">effect_mode: "not_applicable"</spanx>; a timeout after dispatch is
<spanx style="verb">verdict_class: "timeout"</spanx> with <spanx style="verb">effect_mode: "dispatched_unconfirmed"</spanx>.
One <spanx style="verb">timeout</spanx> value covers both.</t>
  <t><spanx style="verb">errored</spanx> pairs with <spanx style="verb">effect_mode: "dispatched_unconfirmed"</spanx> — the
effect was dispatched and may have left a partial side effect.
<spanx style="verb">not_applicable</spanx> would falsely assert nothing happened, which is the
inverse of attesting an execution that did not occur and equally
non-conforming.</t>
  <t>A class that by its kind never dispatches (<spanx style="verb">blocked</spanx>,
<spanx style="verb">hitl_dispatched</spanx>, <spanx style="verb">denied</spanx>, <spanx style="verb">engine_failure</spanx>, <spanx style="verb">deferred</spanx>,
<spanx style="verb">needs_decision</spanx>, <spanx style="verb">expired</spanx>, <spanx style="verb">escalated</spanx>, <spanx style="verb">resolved</spanx>) REQUIRES the
derived <spanx style="verb">effect_mode</spanx> to be <spanx style="verb">"not_applicable"</spanx>. A verifier reports any
other derived mode as an error: an effect attempt contradicts a
verdict that claims it never executed.</t>
  <t>The pairing rule: <spanx style="verb">resolved</spanx> is exclusively the NON-executing closure
(decline, waive, recorded-elsewhere) — it pairs with <spanx style="verb">effect_mode:
"not_applicable"</spanx> and an absent <spanx style="verb">effect_attestation</spanx>. An EXECUTING
closure is encoded as <spanx style="verb">verdict_class: "executed"</spanx> chained
<spanx style="verb">supersedes</spanx> to the deferral (<xref target="hitl"/>) — one valid encoding of
"closed with effect", never two.</t>
  <t>The effect status <spanx style="verb">"failed"</spanx> (ran and returned a clean failure, state
known) is distinct from <spanx style="verb">verdict_class: "errored"</spanx> (ran and threw,
state unknown). "failed" is an effect status, never a reason-class.</t>
</list></t>

</section>
<section anchor="everyverdict"><name>A Capsule on every verdict</name>

<t>A conforming producer MUST record a Capsule for every verdict, whatever
its disposition. This requirement is universal over the <spanx style="verb">verdict_class</spanx>
vocabulary — the IANA registry of this document (<xref target="iana"/>) — and
applies to every value later admitted by registration; it is
deliberately not stated as an enumerated list, which would go stale the
moment Specification Required admits a new value. A refusal or block with
no Capsule is invisible to an auditor; a blocked or denied Capsule is
auditor-grade evidence that the gate worked: the affirmative,
digest-committed record that the constraint or policy fired and the
action did not proceed. Recording only successes makes the evidence trail
survivorship-biased and the refusal path unverifiable.</t>

</section>
<section anchor="hitl"><name>Chained Capsules and human-in-the-loop resolution</name>

<t>Every Capsule that references a prior Capsule carries a digested <spanx style="verb">chain</spanx>
block: <spanx style="verb">{parent_capsule_id, relation}</spanx>. The <spanx style="verb">relation</spanx> vocabulary is
registry-governed (<xref target="iana"/>; Specification Required), seeded with one
value:</t>

<texttable>
      <ttcol align='left'>relation</ttcol>
      <ttcol align='left'>Meaning</ttcol>
      <c>supersedes</c>
      <c>Terminal transition over the parent — resolution, expiry, escalation close or replace the parent's open state.</c>
      <c>epoch_opens</c>
      <c>Non-terminal: this Capsule opens a new operational epoch. The chain parent is the last Capsule produced under the prior epoch. The opening Capsule carries the new epoch_id (<xref target="epochboundary"/>); the prior epoch's last Capsule is the parent.</c>
</texttable>

<t>Single-parent is intentional: a Capsule chains to exactly one parent.</t>

<t>Human-in-the-loop resolution is the <spanx style="verb">supersedes</spanx> relation: a
<spanx style="verb">hitl_dispatched</spanx> Capsule is sealed at dispatch time and is never
mutated. When the decision is later resolved, that resolution is a
second, linked Capsule carrying its own disposition and chaining to the
dispatch Capsule with <spanx style="verb">relation: "supersedes"</spanx>. The dispatch Capsule
stays <spanx style="verb">hitl_dispatched</spanx> forever; resolution state lives only on the
resolution Capsule, preserving the append-only model.</t>

<t>Concurrent-supersedes rule: the ledger is append-only and totally
ordered; the earliest capsule in ledger order with <spanx style="verb">relation=supersedes</spanx>
over a given parent is authoritative; any later supersedes over the same
parent is structurally valid but MUST surface as a verification finding.</t>

<t>Open-items predicate: an item is open when its Capsule's
<spanx style="verb">verdict_class</spanx> is one of <spanx style="verb">deferred</spanx>, <spanx style="verb">needs_decision</spanx>,
<spanx style="verb">hitl_dispatched</spanx>, <spanx style="verb">escalated</spanx>, or <spanx style="verb">blocked</spanx>, and no Capsule in the
store carries <spanx style="verb">chain.parent_capsule_id</spanx> equal to its <spanx style="verb">capsule_id</spanx> with
<spanx style="verb">relation: "supersedes"</spanx>.</t>

</section>
</section>
</section>
<section anchor="verification"><name>Class 1 verification</name>

<t>Verification has two tiers. Substrate verification — the issuer's
COSE_Sign1 signature, and for the transparent tier the Receipt's
inclusion proof and Transparency Service signature — is performed by
reference to <xref target="RFC9052"/>, <xref target="RFC9943"/>, and
<xref target="I-D.ietf-cose-merkle-tree-proofs"/>; this profile does not respecify it.</t>

<t>The agent-profile checks below are normative here and constitute Class 1
verification (<xref target="conformance"/>): every check is performable from the
Signed Statement, the Capsule payload, the registry contents
(<xref target="registries"/>), and — for the chain checks — the producer's store of
Capsules; no other input is needed. A verifier MUST return a structured
result, never throw; a single <spanx style="verb">ok</spanx> boolean gates trust in every other
reported field; findings are reported in a fixed order.</t>

<t><list style="numbers" type="1">
  <t>Structural: REQUIRED fields present and typed; no floating-point
values in digest-bearing fields.</t>
  <t>Identity: recompute <spanx style="verb">capsule_id</spanx> over the canonical capsule form and
compare.</t>
  <t>Confirmed-effect binding: <spanx style="verb">effect.status: "confirmed"</spanx> without a
well-formed <spanx style="verb">response_digest</spanx> is a failure (<xref target="effect"/>).</t>
  <t>Verdict/effect orthogonality: a never-dispatching <spanx style="verb">verdict_class</spanx>
with a derived <spanx style="verb">effect_mode</spanx> other than <spanx style="verb">"not_applicable"</spanx> is a
failure (<xref target="orthogonality"/>); <spanx style="verb">resolved</spanx> is in the never-dispatch set
per the pairing rule.</t>
  <t>Effect-attestation matrix: <spanx style="verb">effect_attestation</spanx> missing where the
matrix REQUIRES it, or present where it MUST be absent — including
the planned carve — is a failure (<xref target="effect"/>).</t>
  <t>Chain semantics (store-level): a missing chain parent is a failure;
concurrent supersedes surface as findings per <xref target="hitl"/>.</t>
  <t>Assurance reconciliation: rederive the assurance modes from evidence
actually verified; report overclaims.</t>
  <t>Unknown registry values (<spanx style="verb">verdict_class</spanx>, <spanx style="verb">decision</spanx>,
<spanx style="verb">effect.type</spanx>, <spanx style="verb">irreversibility_class</spanx>, <spanx style="verb">effect_attestation</spanx>,
<spanx style="verb">chain.relation</spanx>): report as informational findings; MUST NOT reject
(<xref target="iana"/>). An unknown <spanx style="verb">effect_attestation</spanx> is additionally graded no
stronger than <spanx style="verb">runtime_claimed</spanx> (<xref target="effect"/>).</t>
</list></t>

<t>Disposition honesty is structurally guaranteed, not a live check above.
The honesty invariant — <spanx style="verb">human_disposed: true</spanx> REQUIRES <spanx style="verb">approver:
"human"</spanx> (<xref target="disposition"/>) — is enforced when the disposition is
constructed: the typed disposition carrier rejects <spanx style="verb">human_disposed:
true</spanx> paired with any non-<spanx style="verb">human</spanx> approver, so a violating Capsule
cannot be formed or signed at all. A Class 1 verifier
therefore does not re-assert it in the enumeration above; like
parse- and type-level malformations that a typed record cannot
represent, a dishonest disposition is an unrepresentable state rather
than a runtime failure mode. A verifier consuming arbitrary bytes not
produced by a conforming constructor SHOULD nonetheless assert the
invariant defensively against hand-crafted input. The
closed <spanx style="verb">approver</spanx> enum (<xref target="disposition"/>) is likewise structural: an
approver value outside <spanx style="verb">{human, policy}</spanx> is non-conforming by
construction and so is absent from the unknown-registry-value reporting
of check 8.</t>

<t>NOTE (Class 1 test vector, effect-attestation matrix, check 5): a Capsule
carrying <spanx style="verb">effect.status: "failed"</spanx> derives <spanx style="verb">effect_mode:
"dispatched_unconfirmed"</spanx> (<xref target="effect"/>); the matrix therefore REQUIRES
<spanx style="verb">effect_attestation</spanx>. A conforming verifier MUST report a check-5 failure
for such a Capsule when <spanx style="verb">effect_attestation</spanx> is absent, and MUST NOT treat
the <spanx style="verb">failed</spanx> status as exempt (only <spanx style="verb">planned</spanx> is carved, and only
<spanx style="verb">not_applicable</spanx> is the no-effect case). The same expectation holds for
<spanx style="verb">effect.status: "reverted"</spanx>, which likewise derives
<spanx style="verb">dispatched_unconfirmed</spanx>. This vector exists to demonstrate the matrix is
total over <spanx style="verb">effect.status</spanx>: the runtime reporting a failure is still a
dispatch, and a dispatch that escapes attestation is the precise condition
check 5 exists to catch.</t>

<t>A verifier MUST NOT consult a model, a clock-dependent heuristic, or
network state to decide <spanx style="verb">ok</spanx> for the checks above. Manifest-dependent
verification is Class 2 (<xref target="class2"/>).</t>

</section>
<section anchor="conformance"><name>Conformance: two verifier classes</name>

<t>This profile defines two verifier conformance classes. Producer
conformance is a single class and is unchanged by this split: a
conforming producer emits the same Capsules regardless of which verifier
class consumes them.</t>

<dl>
  <dt>Class 1 verifier:</dt>
  <dd>
    <t>Verifies the Signed Statement envelope and the Capsule payload WITHOUT
any constraint manifest: substrate verification by reference, the
structural and identity checks, the registry vocabularies, the digest
recomputations, and the validity matrices (confirmed-effect binding,
verdict/effect orthogonality, effect-attestation, chain semantics).
The complete Class 1 check set is <xref target="verification"/>.</t>
  </dd>
  <dt>Class 2 verifier:</dt>
  <dd>
    <t>A Class 1 verifier that additionally performs manifest-aware
verification (<xref target="class2"/>): constraint evidence-schema checks and
manifest-sourced thresholds. Class 2 conformance presupposes access to
the producer's constraint manifest and the private evidence its
Constraint Records bind; absent those inputs, a Class 2 verifier
reports Class 1 results unchanged.</t>
  </dd>
</dl>

</section>
<section anchor="manifestdep"><name>Manifest-dependent material</name>

<t>The producer's constraint manifest — the private definition of each
constraint's predicate, evidence schema, and thresholds — is not carried
in the Capsule. The material in this section depends on it: the detail
of Constraint Records and the Class 2 checks. Manifest discovery and
authentication are out of scope for this profile; they are expected to be
handled via out-of-band tenant configuration or a future discovery
mechanism.</t>

<section anchor="constraints"><name>Constraint Records</name>

<t>A Constraint Record is the public verdict of one deterministic check that
ran against the action. It carries only sanitized categories — an <spanx style="verb">id</spanx>,
optional <spanx style="verb">check_type</spanx> and <spanx style="verb">method</spanx> labels, a <spanx style="verb">result</spanx> of "pass" / "fail" /
"n/a", <spanx style="verb">severity</spanx>, a <spanx style="verb">blocking</spanx> flag recording whether the check actually
gated this decision, and an optional <spanx style="verb">evidence_digest</spanx> (JSON-DIGEST)
binding the verdict to the private evidence the check evaluated. The
content a check evaluated MUST NOT appear in the public record; it is
bound by digest only. The check's predicate, evidence schema, and
thresholds live in the producer's manifest.</t>

<t>Every recorded <spanx style="verb">result</spanx> MUST be the output of a deterministic predicate
over disclosed or digest-committed evidence. The live decision path MUST
NOT re-prompt a model to make a check pass, and a verifier MUST NOT
re-prompt a model to "re-check" one: re-running a non-deterministic check
is not verification.</t>

<t>Constraint <spanx style="verb">id</spanx>, <spanx style="verb">check_type</spanx>, and <spanx style="verb">method</spanx> values are lowercase
snake_case categories. New values follow the namespacing convention of
<xref target="namespacing"/>.</t>

</section>
<section anchor="class2"><name>Class 2 verification</name>

<t>The checks below are manifest-aware: they require the producer's
constraint manifest and the private evidence a Constraint Record binds
by digest. A Class 2 verifier performs them in addition to the complete
Class 1 set (<xref target="verification"/>); their results never weaken a Class 1
result — they extend it.</t>

<t><list style="numbers" type="1">
  <t>Constraint evidence-schema check: for each Constraint Record
(<xref target="constraints"/>) carrying an <spanx style="verb">evidence_digest</spanx>, confirm the bound
evidence conforms to the manifest's evidence schema for that
constraint <spanx style="verb">id</spanx> and that the recomputed digest matches; a mismatch is
a failure.</t>
  <t>Threshold checks: confirm that manifest-sourced thresholds were
applied as the manifest states.</t>
</list></t>

</section>
</section>
<section anchor="extensibility"><name>Extensibility</name>

<t>All extension points are payload-only. The protected-header <spanx style="verb">capsule_*</spanx>
claim set is closed by this profile version: a strict Transparency
Service registration policy may reject statements bearing header claims
it does not recognize, while payload bytes are opaque to it — so a
payload-only extension can never make a Capsule unregistrable. A verifier
encountering an unrecognized <spanx style="verb">capsule_*</spanx> header claim MUST still verify
and report it as informational; rejection of unknown header claims is a
registration-policy prerogative, not a verifier behavior.</t>

<section anchor="namespacing"><name>Namespacing convention</name>

<t>Three vocabularies are deliberately not registry-governed — constraint
<spanx style="verb">id</spanx>/<spanx style="verb">check_type</spanx>, <spanx style="verb">compliance.framework_tags</spanx>, and
<spanx style="verb">assurance.sources[].kind</spanx> — because their value space is producer-local
by nature. Bare names (no namespace separator) are reserved for the
values seeded in this document; any party introducing a new value MUST
namespace it with a URI or reverse-DNS prefix (for example,
<spanx style="verb">com.example.margin_floor</spanx>). A bare, unseeded name is non-conforming for
a producer; a verifier still treats it as informational.</t>

</section>
<section anchor="selectivedisclosure"><name>Selective Disclosure</name>

<t>The base confidentiality posture of this profile is whole-envelope: a
producer discloses a Capsule by sharing its full payload, or withholds it
entirely. Sensitive content not carried in the envelope leaves no on-wire
indicator of its existence. This whole-envelope posture is sufficient for
the common case where the unit of disclosure is the Capsule as a whole.</t>

<t>For cases in which a producer must reveal a subset of payload fields to a
verifier while concealing both the values and the existence of
unrevealed fields, a per-field selective-disclosure mechanism is needed.
This profile reserves an extension point in the Capsule payload for such
a mechanism. The intended field-level technique follows the SD-JWT
selective-disclosure model <xref target="RFC9901"/> — salted-hash commitments over
JCS-canonicalized arrays — because the Capsule payload is JSON; it is
written to stay aligned with SPICE's SD-CWT <xref target="I-D.ietf-spice-sd-cwt"/>
(the CBOR sibling) for SCITT-ecosystem consistency.</t>

<t>The complete normative profile of this extension — including the
commitment encoding, disclosure syntax, and verifier checks — is defined
in the companion Internet-Draft <xref target="I-D.mih-scitt-agent-action-capsule-selective-disclosure"/>.
That document profiles the <spanx style="verb">_sd_alg</spanx> / <spanx style="verb">_sd</spanx> payload vocabulary, the
salted-hash commitment construction over JCS-serialized disclosure arrays,
the decoy-digest mechanism, the set of eligible fields, and the ordered
verifier check set (SD-1 through SD-6 plus integration with the base
Class 1 and Class 2 checks).</t>

<t>Implementations of this profile version MUST NOT generate or interpret
selective-disclosure payload structures unless they additionally implement
<xref target="I-D.mih-scitt-agent-action-capsule-selective-disclosure"/>: the extension point is
defined only in that companion, and no conformance claim or verification
behavior is defined for it in this document.</t>

</section>
</section>
<section anchor="related"><name>Related Work</name>

<t>Several active individual drafts address adjacent evidence problems for
AI agent actions; this profile is complementary to each.
<xref target="I-D.munoz-scitt-permit-profile"/> defines pre-execution authorization
records (Permits) that bind an allow/deny/challenge decision to the
request bytes subsequently dispatched.
<xref target="I-D.nivalto-agentroa-route-authorization"/> defines Agent Route Origin
Authorization (AgentROA), a cryptographic policy-enforcement framework
that authorizes agent capability invocations before dispatch through
signed policy envelopes and per-hop attestations; like Permits it governs
whether an action may proceed (may), complementary to this profile's
record of what occurred (did).
<xref target="I-D.emirdag-scitt-ai-agent-execution"/> defines AgentInteractionRecords
signed by an agent operator and registered with an independent evidence
custodian, with redaction receipts and regulatory mappings.
<xref target="I-D.kamimura-scitt-refusal-events"/> defines a serialization-independent
claim set for AI content-refusal audit trails carried in SCITT Signed
Statements; the same author's <xref target="I-D.kamimura-scitt-vcp"/> (VeritasChain
Protocol) is a SCITT profile for verifiable audit trails in algorithmic
trading — a vertical-specific application of the same transparency
substrate. <xref target="I-D.kamimura-vap-framework"/>, by the same author, is a
conformance-tiered Verifiable AI Provenance framework (hash-chaining,
signatures, SCITT anchoring, and a completeness invariant) under which the
trading profile sits; it shares this profile's SCITT-anchored,
third-party-verifiable substrate, framed as a provenance architecture
rather than a per-action verdict record. <xref target="I-D.dawkins-scitt-ai-article50"/>
profiles SCITT receipts
for the transparency obligations of EU AI Act Article 50.
<xref target="I-D.sato-soos-gar"/> defines session-level Governance Audit Records
produced by a governing enforcement component; this profile differs in
recording per-action verdicts with effect-state binding rather than
session-close summaries.</t>

<t>The distinction this profile contributes is verdict-level disposition
with effect-state binding: authorization records prove permission was
granted (may); Capsules prove what occurred (did) — executed, blocked,
denied, errored, or timed out — with a structural binding that prevents
an attempt from being presented as a completion, and with refusals
recorded as affirmative evidence.</t>

<t><xref target="NotarizedAgents"/> defines receiver-attested confidential agent-action
receipts registered on a witness-cosigned Merkle log. This profile
differs in providing self-and-counterparty bilateral attestation — each
party holds proof of the other's commitment — over a SCITT-neutral
anchor, with an explicit disposition vocabulary (executed, blocked,
denied, timeout, errored, deferred, expired, escalated) that
distinguishes outcome categories rather than receiver attestation alone.
The companion Internet-Draft <xref target="I-D.mih-agent-bilateral-attestation"/>
profiles the two-party extension.</t>

<t><xref target="ERC8004"/> defines on-chain identity, reputation, and validation
registries for AI agents on a public blockchain. This profile differs in
that payload content is content-private — only digests and timestamps are
anchored, never payloads or PII — and the transparency log is off-chain-anchorable
to any conforming SCITT service, separating conduct evidence from the
on-chain content-public constraint of registry entries.</t>

<t>Mastercard Verifiable Intent (<xref target="VerifiableIntent"/>) records a signed
intent-to-act over a checkout-authorization chain. This profile
complements it by recording general-purpose conduct, obligation, and
refusal verdicts in an agent-to-agent lane, anchored to a neutral
transparency log, without being coupled to a specific payment or
checkout context.</t>

</section>
<section anchor="future"><name>Future Work</name>

<t>The companion Internet-Draft <xref target="I-D.mih-agent-bilateral-attestation"/>
defines a bilateral attestation extension in which two parties
independently seal Capsules over a shared action digest, each holding
proof of the other's commitment. The extension reuses this profile's
disposition vocabulary (executed, blocked, denied, timeout, errored,
deferred, expired, escalated) and anchors both seals to a conforming
SCITT Transparency Service, so a third party trusting neither signatory
can verify the record end-to-end. Statement-type and verdict-class
values reserved in this document for that extension are governed by
the registries in <xref target="iana"/>.</t>

<t>The companion Internet-Draft <xref target="I-D.mih-scitt-agent-action-capsule-selective-disclosure"/>
normatively profiles the selective-disclosure extension point reserved in
<xref target="selectivedisclosure"/>, specifying the per-field commitment structure,
disclosure syntax, eligible fields, and verifier checks, aligned with
<xref target="I-D.ietf-spice-sd-cwt"/>.</t>

</section>
<section anchor="iana"><name>IANA Considerations</name>

<section anchor="new-registries"><name>New registries</name>

<t>Every registry requested below governs a vocabulary that lives entirely
in the Capsule <em>payload</em> — values a SCITT-generic Transparency Service
never parses, since registration, inclusion, and Receipt issuance operate
on the COSE_Sign1 envelope and its protected header, not on payload
content. The registrations this profile requests against <em>existing</em> IANA
registries are the <spanx style="verb">capsule_*</spanx> CWT claims (<xref target="no-new-registry"/>) and the
two media types of <xref target="media-types"/>; both are addressed separately from the
payload-vocabulary registries here. This profile requests no new COSE
header parameter registry and no new CWT claim registry; the new
registries here are payload-vocabulary registries only.</t>

<t>IANA is requested to create a new registry group, "Agent Action Capsule
Parameters", containing the six registries below. The registration
policy for each is Specification Required (<xref target="RFC8126"/>, Section 4.6).</t>

<t>Specification Required is chosen deliberately. The threat it answers is a
vocabulary value whose meaning is defined only inside a closed product —
two verifiers would then disagree on what the value means, and the
interoperable, falsifiable-from-the-record property this profile depends
on would erode. The mitigation is the policy's publicly-available-spec
requirement: a value enters the shared vocabulary only once its semantics
are pinned in a specification any implementer can read. Accordingly, for
each registry the designated expert approves a registration when (1) the
citing specification defines the value's semantics precisely enough that
two independent implementations would apply it identically — for
verdict_class, including its dispatch consequence and its effect_mode
pairing under <xref target="orthogonality"/>; (2) the value's meaning is not already
expressible by an existing registered value; and (3) the citing
specification is publicly available.</t>

<t>Binding invariant for all six registries: verifiers MUST treat
unregistered values as informational and MUST NOT reject a Capsule for
carrying one. Registration governs shared meaning, never acceptance.</t>

<t>Initial contents are the seeded values of this document, verbatim:</t>

<t><list style="numbers" type="1">
  <t>"verdict_class" registry (<xref target="verdictclass"/>): executed, blocked,
hitl_dispatched, denied, timeout, errored, engine_failure, deferred,
needs_decision, expired, escalated, resolved, epoch_boundary.
The <spanx style="verb">deferred</spanx> token's semantics are OWNED by this registry; the
entry of the same spelling in the "disposition.decision" registry is
a cross-reference to it. The <spanx style="verb">epoch_boundary</spanx> token denotes an
administrative Capsule (<spanx style="verb">action_type: "fyi"</spanx>) that marks a
configuration-epoch transition (<xref target="epochboundary"/>); it REQUIRES
<spanx style="verb">effect_mode: "not_applicable"</spanx> (no effect is dispatched by an
administrative epoch record).</t>
  <t>"disposition.decision" registry (<xref target="disposition"/>): accept, reject,
needs_input, deferred. The <spanx style="verb">deferred</spanx> entry is a cross-reference to
the "verdict_class" registry, which owns the token's semantics.</t>
  <t>"effect.type" registry (<xref target="effect"/>): write_order, send_payment.</t>
  <t>"irreversibility_class" registry (<xref target="effect"/>; ordered by ascending
consequence — a registration states its position): two_way,
one_way_recoverable, one_way_consequential, one_way_terminal.</t>
  <t>"effect_attestation" registry (<xref target="effect"/>): gate_executed,
runtime_claimed. The registry definition carries the grade-floor
invariant of <xref target="effect"/> — an unregistered or unrecognized value is
graded no stronger than runtime_claimed; unknown never grades up —
and the planned carve of <xref target="effect"/>: with <spanx style="verb">effect.status: "planned"</spanx>
the member MUST be absent, and it becomes REQUIRED the moment
dispatch occurs. Designated-expert guidance: plausible future
registrations exist and are deliberately not seeded — for example,
independent sensor confirmation of a claimed effect, or hardware- or
TEE-anchored execution; a registration states where its grade sits
relative to the seeded values.</t>
  <t>"chain.relation" registry (<xref target="hitl"/>): supersedes, epoch_opens.
Designated-expert guidance: <spanx style="verb">supersedes</spanx> is the single terminal
relation; <spanx style="verb">epoch_opens</spanx> is a non-terminal relation for configuration-
epoch boundaries (<xref target="epochboundary"/>). Additional non-terminal
relations (for example, deposit-toward-open and effort-toward-open
relations, or amends / contradicts) are expected future registrations,
each admitted once its semantics and any verifier consequence are
pinned in a publicly available specification.</t>
</list></t>

<t>Interim registry of record: until this document is published as an RFC,
the registry of record is the <spanx style="verb">REGISTRY.md</spanx> file of the source
specification repository, seeded with the same initial contents and the
same policy; on publication the IANA registries become the registry of
record. Change controller: Action State Group, Inc. (interim); the IETF
on publication.</t>

</section>
<section anchor="no-new-registry"><name>No new registry</name>

<t><list style="symbols">
  <t>Attestation/signature algorithms: this profile defines no algorithm
registry; algorithm identifiers are those of the existing IANA "COSE
Algorithms" registry (<xref target="RFC9053"/>).</t>
  <t>Constraint <spanx style="verb">id</spanx>/<spanx style="verb">check_type</spanx>, <spanx style="verb">compliance.framework_tags</spanx>, and
<spanx style="verb">assurance.sources[].kind</spanx>: no registry; governed by the namespacing
convention of <xref target="namespacing"/>.</t>
  <t>The <spanx style="verb">capsule_*</spanx> CWT claim labels: registration is requested in the
existing IANA "CWT Claims" registry (<xref target="RFC8392"/>), not in a new
registry; the claim set is closed by this profile version.</t>
</list></t>

</section>
<section anchor="media-types"><name>Media Type Registrations</name>

<t>This profile mandates two media types (<xref target="envelope"/>, <xref target="outcomes"/>); IANA is
requested to register both in the "Media Types" registry per the templates
below (<xref target="RFC6838"/>, with the <spanx style="verb">+json</spanx> structured-syntax suffix of
<xref target="RFC8259"/>).</t>

<t>Agent Action Capsule media type:</t>

<t><list style="symbols">
  <t>Type name: application</t>
  <t>Subtype name: agent-action-capsule+json</t>
  <t>Required parameters: N/A</t>
  <t>Optional parameters: N/A</t>
  <t>Encoding considerations: binary; the payload is JSON (<xref target="RFC8259"/>) as
defined in this document, carried as the payload of a COSE_Sign1
(<xref target="RFC9052"/>) Signed Statement.</t>
  <t>Security considerations: see <xref target="security"/> of this document.</t>
  <t>Interoperability considerations: see this document.</t>
  <t>Published specification: this document (and its successors).</t>
  <t>Applications that use this media type: SCITT
(<xref target="RFC9943"/>) producers and verifiers recording and
verifying AI agent actions.</t>
  <t>Fragment identifier considerations: as for application/json
(<xref target="RFC8259"/>) per the <spanx style="verb">+json</spanx> suffix (<xref target="RFC6839"/>).</t>
  <t>Additional information: Deprecated alias names: N/A. Magic number(s):
N/A. File extension(s): N/A. Macintosh file type code(s): N/A.</t>
  <t>Person &amp; email address to contact for further information: the author of
this document.</t>
  <t>Intended usage: COMMON</t>
  <t>Restrictions on usage: N/A</t>
  <t>Author: see the Authors' Addresses section of this document.</t>
  <t>Change controller: Action State Group, Inc. (interim); the IETF on
publication.</t>
  <t>Provisional registration: yes (pending publication of this document).</t>
</list></t>

<t>Agent Action Capsule outcome media type:</t>

<t><list style="symbols">
  <t>Type name: application</t>
  <t>Subtype name: agent-action-capsule-outcome+json</t>
  <t>Required parameters: N/A</t>
  <t>Optional parameters: N/A</t>
  <t>Encoding considerations: binary; the payload is JSON (<xref target="RFC8259"/>) as
defined in <xref target="outcomes"/> of this document, carried as the payload of a
COSE_Sign1 (<xref target="RFC9052"/>) Signed Statement.</t>
  <t>Security considerations: see <xref target="security"/> of this document.</t>
  <t>Interoperability considerations: see this document.</t>
  <t>Published specification: this document (and its successors).</t>
  <t>Applications that use this media type: SCITT
(<xref target="RFC9943"/>) producers and verifiers recording
asynchronous outcomes correlated to an agent action.</t>
  <t>Fragment identifier considerations: as for application/json
(<xref target="RFC8259"/>) per the <spanx style="verb">+json</spanx> suffix (<xref target="RFC6839"/>).</t>
  <t>Additional information: Deprecated alias names: N/A. Magic number(s):
N/A. File extension(s): N/A. Macintosh file type code(s): N/A.</t>
  <t>Person &amp; email address to contact for further information: the author of
this document.</t>
  <t>Intended usage: COMMON</t>
  <t>Restrictions on usage: N/A</t>
  <t>Author: see the Authors' Addresses section of this document.</t>
  <t>Change controller: Action State Group, Inc. (interim); the IETF on
publication.</t>
  <t>Provisional registration: yes (pending publication of this document).</t>
</list></t>

</section>
</section>
<section anchor="security"><name>Security Considerations</name>

<t>Tamper-evidence is for record bytes, not recorder honesty. This profile
attests what was recorded; it cannot prove the recording runtime was
honest at the moment of recording. A dishonest runtime with no external
witness can produce an internally valid record of a fiction. Registration
in a Transparency Service bounds the timing of such a record and makes
its omission or later substitution detectable; it does not make its
content true.</t>

<t>Confirmed means observed-and-bound, not world-state. A <spanx style="verb">confirmed</spanx>
effect proves the producer bound the bytes of an observed response, not
that the external world reached the claimed state. The same boundary
extends one hop upstream: binding an observed response proves the producer
observed those bytes, not that the responding system was authentic or that
the channel was on-path-intact. An attacker who substitutes or forges the
response — a false success delivered on-path — induces an honest
<spanx style="verb">confirmed</spanx> Capsule for an effect that did not land; this profile does not
mitigate upstream spoofing of the response itself, which is bounded by the
same trust assumption as runtime honesty above. Later, independently
sourced outcome statements (<xref target="outcomes"/>) are the mechanism by which such
a spoofed confirmation is contradicted over time.</t>

<t>Self-attested versus anchored tiers differ in evidentiary weight. A
self-attested Capsule is verifiable against its own bytes and signer; an
anchored (registered) Capsule additionally resists omission and
back-dating through the Transparency Service's append-only log and
receipts. A verifier reports the tier it actually verified and never
upgrades a claim it could not check.</t>

<t>The honest human-in-the-loop flag (<xref target="disposition"/>) is itself
security-relevant: it prevents a policy auto-approval from being
presented as human oversight. The invariant — <spanx style="verb">human_disposed: true</spanx>
requires <spanx style="verb">approver: "human"</spanx> — is structurally guaranteed: a conforming
producer cannot construct or sign a Capsule that violates it, so the
combination simply does not arise in well-formed records, and the claim
is falsifiable from the record alone. A verifier consuming
non-constructor-produced bytes SHOULD assert the invariant defensively
against hand-crafted input (<xref target="verification"/>).</t>

<t>Digests can leak the values they commit. A digest is hiding only to the
extent its committed value space is large and unguessable; when the
committed value is low-entropy — a small enumeration, a short identifier,
a bounded amount — an adversary can recover it by digesting candidate
values and matching (a dictionary attack), so a <spanx style="verb">reason_digest</spanx>,
<spanx style="verb">evidence_digest</spanx>, or any other digest over a low-entropy value is not
confidential merely by being a digest. Producers SHOULD commit such values
under a per-tenant salt or via a tenant-private manifest rather than
digesting the bare value, so that recovering the input requires the secret
and not merely a guess of the value space.</t>

<t>Input integrity is a composable upstream concern. This profile records
what the producer observed and bound at seal time; it does not
authenticate the provenance of inputs delivered to the agent before
sealing. A response spoofed on-path induces an honest <spanx style="verb">confirmed</spanx>
Capsule for an effect that did not land. Input integrity — binding the
authenticity of request bytes and upstream grounding sources to the
authorization before the seal — is a separate guarantee that composes
with this profile at the digest layer: a producer that holds
input-integrity evidence (a signed tool response, an attested transport
record, a C2PA-style content credential, or an action-body HMAC with
memory provenance attestation) MAY reference it by digest in the Capsule
payload, preserving the verifier's disinterest — the verifier checks the
binding without trusting the producer's claim about upstream systems it
cannot observe. This profile partially addresses the grounding dimension
via the <spanx style="verb">value_grounded</spanx> constraint (<xref target="constraints"/>), which checks that
a quoted value matches its cited source, and via <spanx style="verb">model_attestation</spanx>
(<xref target="identity"/>), which constrains the emitter identity. The remaining
input-integrity surface is out of scope for this profile and is addressed
by composing a dedicated input-integrity mechanism upstream.</t>

<t>Payload-level identity is stable across signing-key rotation. The
<spanx style="verb">operator</spanx> and <spanx style="verb">developer</spanx> fields in the Capsule payload (<xref target="identity"/>)
are plain strings committed to the <spanx style="verb">capsule_id</spanx> digest. They are
independent of the signing key: a producer that rotates its COSE signing
key (and therefore changes the <spanx style="verb">iss</spanx> claim in the protected header) without
changing <spanx style="verb">operator</spanx> or <spanx style="verb">developer</spanx> preserves payload-level identity
continuity across the rotation. A verifier accumulating long-horizon history
SHOULD correlate Capsules by payload <spanx style="verb">operator</spanx> — and, when present,
<spanx style="verb">epoch_id</spanx> (<xref target="epochs"/>) — rather than by the SCITT-layer <spanx style="verb">iss</spanx> claim, which
may change on key rotation. Absent a recorded linkage, pre- and post-rotation
Capsules are distinguishable by payload <spanx style="verb">operator</spanx> alone but not correlatable
at the SCITT-header layer; a producer SHOULD treat a key rotation that
coincides with a configuration change as an epoch boundary (<xref target="epochboundary"/>)
to make the transition explicit in the record.</t>

</section>


  </middle>

  <back>


<references title='References' anchor="sec-combined-references">

    <references title='Normative References' anchor="sec-normative-references">



<reference anchor="RFC2119">
  <front>
    <title>Key words for use in RFCs to Indicate Requirement Levels</title>
    <author fullname="S. Bradner" initials="S." surname="Bradner"/>
    <date month="March" year="1997"/>
    <abstract>
      <t>In many standards track documents several words are used to signify the requirements in the specification. These words are often capitalized. This document defines these words as they should be interpreted in IETF documents. This document specifies an Internet Best Current Practices for the Internet Community, and requests discussion and suggestions for improvements.</t>
    </abstract>
  </front>
  <seriesInfo name="BCP" value="14"/>
  <seriesInfo name="RFC" value="2119"/>
  <seriesInfo name="DOI" value="10.17487/RFC2119"/>
</reference>

<reference anchor="RFC8174">
  <front>
    <title>Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words</title>
    <author fullname="B. Leiba" initials="B." surname="Leiba"/>
    <date month="May" year="2017"/>
    <abstract>
      <t>RFC 2119 specifies common key words that may be used in protocol specifications. This document aims to reduce the ambiguity by clarifying that only UPPERCASE usage of the key words have the defined special meanings.</t>
    </abstract>
  </front>
  <seriesInfo name="BCP" value="14"/>
  <seriesInfo name="RFC" value="8174"/>
  <seriesInfo name="DOI" value="10.17487/RFC8174"/>
</reference>

<reference anchor="RFC9052">
  <front>
    <title>CBOR Object Signing and Encryption (COSE): Structures and Process</title>
    <author fullname="J. Schaad" initials="J." surname="Schaad"/>
    <date month="August" year="2022"/>
    <abstract>
      <t>Concise Binary Object Representation (CBOR) is a data format designed for small code size and small message size. There is a need to be able to define basic security services for this data format. This document defines the CBOR Object Signing and Encryption (COSE) protocol. This specification describes how to create and process signatures, message authentication codes, and encryption using CBOR for serialization. This specification additionally describes how to represent cryptographic keys using CBOR.</t>
      <t>This document, along with RFC 9053, obsoletes RFC 8152.</t>
    </abstract>
  </front>
  <seriesInfo name="STD" value="96"/>
  <seriesInfo name="RFC" value="9052"/>
  <seriesInfo name="DOI" value="10.17487/RFC9052"/>
</reference>

<reference anchor="RFC8392">
  <front>
    <title>CBOR Web Token (CWT)</title>
    <author fullname="M. Jones" initials="M." surname="Jones"/>
    <author fullname="E. Wahlstroem" initials="E." surname="Wahlstroem"/>
    <author fullname="S. Erdtman" initials="S." surname="Erdtman"/>
    <author fullname="H. Tschofenig" initials="H." surname="Tschofenig"/>
    <date month="May" year="2018"/>
    <abstract>
      <t>CBOR Web Token (CWT) is a compact means of representing claims to be transferred between two parties. The claims in a CWT are encoded in the Concise Binary Object Representation (CBOR), and CBOR Object Signing and Encryption (COSE) is used for added application-layer security protection. A claim is a piece of information asserted about a subject and is represented as a name/value pair consisting of a claim name and a claim value. CWT is derived from JSON Web Token (JWT) but uses CBOR rather than JSON.</t>
    </abstract>
  </front>
  <seriesInfo name="RFC" value="8392"/>
  <seriesInfo name="DOI" value="10.17487/RFC8392"/>
</reference>

<reference anchor="RFC8785">
  <front>
    <title>JSON Canonicalization Scheme (JCS)</title>
    <author fullname="A. Rundgren" initials="A." surname="Rundgren"/>
    <author fullname="B. Jordan" initials="B." surname="Jordan"/>
    <author fullname="S. Erdtman" initials="S." surname="Erdtman"/>
    <date month="June" year="2020"/>
    <abstract>
      <t>Cryptographic operations like hashing and signing need the data to be expressed in an invariant format so that the operations are reliably repeatable. One way to address this is to create a canonical representation of the data. Canonicalization also permits data to be exchanged in its original form on the "wire" while cryptographic operations performed on the canonicalized counterpart of the data in the producer and consumer endpoints generate consistent results.</t>
      <t>This document describes the JSON Canonicalization Scheme (JCS). This specification defines how to create a canonical representation of JSON data by building on the strict serialization methods for JSON primitives defined by ECMAScript, constraining JSON data to the Internet JSON (I-JSON) subset, and by using deterministic property sorting.</t>
    </abstract>
  </front>
  <seriesInfo name="RFC" value="8785"/>
  <seriesInfo name="DOI" value="10.17487/RFC8785"/>
</reference>

<reference anchor="RFC3339">
  <front>
    <title>Date and Time on the Internet: Timestamps</title>
    <author fullname="G. Klyne" initials="G." surname="Klyne"/>
    <author fullname="C. Newman" initials="C." surname="Newman"/>
    <date month="July" year="2002"/>
    <abstract>
      <t>This document defines a date and time format for use in Internet protocols that is a profile of the ISO 8601 standard for representation of dates and times using the Gregorian calendar.</t>
    </abstract>
  </front>
  <seriesInfo name="RFC" value="3339"/>
  <seriesInfo name="DOI" value="10.17487/RFC3339"/>
</reference>

<reference anchor="RFC8126">
  <front>
    <title>Guidelines for Writing an IANA Considerations Section in RFCs</title>
    <author fullname="M. Cotton" initials="M." surname="Cotton"/>
    <author fullname="B. Leiba" initials="B." surname="Leiba"/>
    <author fullname="T. Narten" initials="T." surname="Narten"/>
    <date month="June" year="2017"/>
    <abstract>
      <t>Many protocols make use of points of extensibility that use constants to identify various protocol parameters. To ensure that the values in these fields do not have conflicting uses and to promote interoperability, their allocations are often coordinated by a central record keeper. For IETF protocols, that role is filled by the Internet Assigned Numbers Authority (IANA).</t>
      <t>To make assignments in a given registry prudently, guidance describing the conditions under which new values should be assigned, as well as when and how modifications to existing values can be made, is needed. This document defines a framework for the documentation of these guidelines by specification authors, in order to assure that the provided guidance for the IANA Considerations is clear and addresses the various issues that are likely in the operation of a registry.</t>
      <t>This is the third edition of this document; it obsoletes RFC 5226.</t>
    </abstract>
  </front>
  <seriesInfo name="BCP" value="26"/>
  <seriesInfo name="RFC" value="8126"/>
  <seriesInfo name="DOI" value="10.17487/RFC8126"/>
</reference>

<reference anchor="RFC6838">
  <front>
    <title>Media Type Specifications and Registration Procedures</title>
    <author fullname="N. Freed" initials="N." surname="Freed"/>
    <author fullname="J. Klensin" initials="J." surname="Klensin"/>
    <author fullname="T. Hansen" initials="T." surname="Hansen"/>
    <date month="January" year="2013"/>
    <abstract>
      <t>This document defines procedures for the specification and registration of media types for use in HTTP, MIME, and other Internet protocols. This memo documents an Internet Best Current Practice.</t>
    </abstract>
  </front>
  <seriesInfo name="BCP" value="13"/>
  <seriesInfo name="RFC" value="6838"/>
  <seriesInfo name="DOI" value="10.17487/RFC6838"/>
</reference>

<reference anchor="RFC8259">
  <front>
    <title>The JavaScript Object Notation (JSON) Data Interchange Format</title>
    <author fullname="T. Bray" initials="T." role="editor" surname="Bray"/>
    <date month="December" year="2017"/>
    <abstract>
      <t>JavaScript Object Notation (JSON) is a lightweight, text-based, language-independent data interchange format. It was derived from the ECMAScript Programming Language Standard. JSON defines a small set of formatting rules for the portable representation of structured data.</t>
      <t>This document removes inconsistencies with other specifications of JSON, repairs specification errors, and offers experience-based interoperability guidance.</t>
    </abstract>
  </front>
  <seriesInfo name="STD" value="90"/>
  <seriesInfo name="RFC" value="8259"/>
  <seriesInfo name="DOI" value="10.17487/RFC8259"/>
</reference>

<reference anchor="RFC9943">
  <front>
    <title>An Architecture for Trustworthy and Transparent Digital Supply Chains</title>
    <author fullname="H. Birkholz" initials="H." surname="Birkholz"/>
    <author fullname="A. Delignat-Lavaud" initials="A." surname="Delignat-Lavaud"/>
    <author fullname="C. Fournet" initials="C." surname="Fournet"/>
    <author fullname="Y. Deshpande" initials="Y." surname="Deshpande"/>
    <author fullname="S. Lasker" initials="S." surname="Lasker"/>
    <date month="June" year="2026"/>
    <abstract>
      <t>Traceability in supply chains is a growing security concern. While Verifiable Data Structures (VDSs) have addressed specific issues, such as equivocation over digital certificates, they lack a universal architecture for all supply chains. This document defines such an architecture for single-issuer signed statement transparency. It ensures extensibility and interoperability between different transparency services as well as compliance with various auditing procedures and regulatory requirements.</t>
    </abstract>
  </front>
  <seriesInfo name="RFC" value="9943"/>
  <seriesInfo name="DOI" value="10.17487/RFC9943"/>
</reference>




    </references>

    <references title='Informative References' anchor="sec-informative-references">




<reference anchor="I-D.ietf-cose-merkle-tree-proofs">
   <front>
      <title>COSE (CBOR Object Signing and Encryption) Receipts</title>
      <author fullname="Orie Steele" initials="O." surname="Steele">
         <organization>Tradeverifyd</organization>
      </author>
      <author fullname="Henk Birkholz" initials="H." surname="Birkholz">
         <organization>Fraunhofer SIT</organization>
      </author>
      <author fullname="Antoine Delignat-Lavaud" initials="A." surname="Delignat-Lavaud">
         <organization>Microsoft</organization>
      </author>
      <author fullname="Cedric Fournet" initials="C." surname="Fournet">
         <organization>Microsoft</organization>
      </author>
      <date day="2" month="December" year="2025"/>
      <abstract>
	 <t>   COSE (CBOR Object Signing and Encryption) Receipts prove properties
   of a verifiable data structure to a verifier.  Verifiable data
   structures and associated proof types enable security properties,
   such as minimal disclosure, transparency and non-equivocation.
   Transparency helps maintain trust over time, and has been applied to
   certificates, end to end encrypted messaging systems, and supply
   chain security.  This specification enables concise transparency
   oriented systems, by building on CBOR (Concise Binary Object
   Representation) and COSE.  The extensibility of the approach is
   demonstrated by providing CBOR encodings for Merkle inclusion and
   consistency proofs.

	 </t>
      </abstract>
   </front>
   <seriesInfo name="Internet-Draft" value="draft-ietf-cose-merkle-tree-proofs-18"/>
   
</reference>


<reference anchor="I-D.ietf-scitt-scrapi">
   <front>
      <title>Supply Chain Integrity, Transparency, and Trust (SCITT) Reference APIs</title>
      <author fullname="Henk Birkholz" initials="H." surname="Birkholz">
         <organization>Fraunhofer SIT</organization>
      </author>
      <author fullname="Jon Geater" initials="J." surname="Geater">
         <organization>Bowball Technologies Ltd</organization>
      </author>
      <author fullname="Antoine Delignat-Lavaud" initials="A." surname="Delignat-Lavaud">
         <organization>Microsoft Research</organization>
      </author>
      <date day="26" month="June" year="2026"/>
      <abstract>
	 <t>   This document specifies a REST API with the HTTP resources, request
   and response messages, and error handling needed for an interoperable
   implementation of a SCITT Transparency Service, as defined by the
   Supply Chain Integrity, Transparency, and Trust (SCITT) Architecture.

	 </t>
      </abstract>
   </front>
   <seriesInfo name="Internet-Draft" value="draft-ietf-scitt-scrapi-11"/>
   
</reference>


<reference anchor="I-D.ietf-scitt-receipts-ccf-profile">
   <front>
      <title>CCF Profile for COSE Receipts</title>
      <author fullname="Henk Birkholz" initials="H." surname="Birkholz">
         <organization>Fraunhofer SIT</organization>
      </author>
      <author fullname="Antoine Delignat-Lavaud" initials="A." surname="Delignat-Lavaud">
         <organization>Microsoft Research</organization>
      </author>
      <author fullname="Cedric Fournet" initials="C." surname="Fournet">
         <organization>Microsoft Research</organization>
      </author>
      <author fullname="Amaury Chamayou" initials="A." surname="Chamayou">
         <organization>Microsoft Research</organization>
      </author>
      <date day="24" month="June" year="2026"/>
      <abstract>
	 <t>   This document defines a new verifiable data structure (VDS) type for
   COSE Receipts and inclusion proofs specifically designed for append-
   only logs produced by the Confidential Consortium Framework (CCF) to
   provide stronger tamper-evidence guarantees.

	 </t>
      </abstract>
   </front>
   <seriesInfo name="Internet-Draft" value="draft-ietf-scitt-receipts-ccf-profile-04"/>
   
</reference>


<reference anchor="I-D.ietf-spice-sd-cwt">
   <front>
      <title>Selective Disclosure CBOR Web Tokens (SD-CWT)</title>
      <author fullname="Michael Prorock" initials="M." surname="Prorock">
         <organization>mesur.io</organization>
      </author>
      <author fullname="Orie Steele" initials="O." surname="Steele">
         <organization>Tradeverifyd</organization>
      </author>
      <author fullname="Henk Birkholz" initials="H." surname="Birkholz">
         <organization>Fraunhofer SIT</organization>
      </author>
      <author fullname="Rohan Mahy" initials="R." surname="Mahy">
         </author>
      <date day="1" month="June" year="2026"/>
      <abstract>
	 <t>   This specification describes a data minimization technique for use
   with CBOR Web Tokens (CWTs).  The approach is inspired by the
   Selective Disclosure JSON Web Token (SD-JWT), with changes to align
   with CBOR Object Signing and Encryption (COSE) and CWTs.

	 </t>
      </abstract>
   </front>
   <seriesInfo name="Internet-Draft" value="draft-ietf-spice-sd-cwt-08"/>
   
</reference>

<reference anchor="RFC8949">
  <front>
    <title>Concise Binary Object Representation (CBOR)</title>
    <author fullname="C. Bormann" initials="C." surname="Bormann"/>
    <author fullname="P. Hoffman" initials="P." surname="Hoffman"/>
    <date month="December" year="2020"/>
    <abstract>
      <t>The Concise Binary Object Representation (CBOR) is a data format whose design goals include the possibility of extremely small code size, fairly small message size, and extensibility without the need for version negotiation. These design goals make it different from earlier binary serializations such as ASN.1 and MessagePack.</t>
      <t>This document obsoletes RFC 7049, providing editorial improvements, new details, and errata fixes while keeping full compatibility with the interchange format of RFC 7049. It does not create a new version of the format.</t>
    </abstract>
  </front>
  <seriesInfo name="STD" value="94"/>
  <seriesInfo name="RFC" value="8949"/>
  <seriesInfo name="DOI" value="10.17487/RFC8949"/>
</reference>

<reference anchor="RFC9053">
  <front>
    <title>CBOR Object Signing and Encryption (COSE): Initial Algorithms</title>
    <author fullname="J. Schaad" initials="J." surname="Schaad"/>
    <date month="August" year="2022"/>
    <abstract>
      <t>Concise Binary Object Representation (CBOR) is a data format designed for small code size and small message size. There is a need to be able to define basic security services for this data format. This document defines a set of algorithms that can be used with the CBOR Object Signing and Encryption (COSE) protocol (RFC 9052).</t>
      <t>This document, along with RFC 9052, obsoletes RFC 8152.</t>
    </abstract>
  </front>
  <seriesInfo name="RFC" value="9053"/>
  <seriesInfo name="DOI" value="10.17487/RFC9053"/>
</reference>

<reference anchor="RFC9901">
  <front>
    <title>Selective Disclosure for JSON Web Tokens</title>
    <author fullname="D. Fett" initials="D." surname="Fett"/>
    <author fullname="K. Yasuda" initials="K." surname="Yasuda"/>
    <author fullname="B. Campbell" initials="B." surname="Campbell"/>
    <date month="November" year="2025"/>
    <abstract>
      <t>This specification defines a mechanism for the selective disclosure
of individual elements of a JSON data structure used as the payload
of a JSON Web Signature (JWS). The primary use case is the selective
disclosure of JSON Web Token (JWT) claims.</t>
    </abstract>
  </front>
  <seriesInfo name="RFC" value="9901"/>
  <seriesInfo name="DOI" value="10.17487/RFC9901"/>
</reference>


<reference anchor="I-D.munoz-scitt-permit-profile">
   <front>
      <title>A SCITT Profile for Pre-Execution AI Action Authorization Records</title>
      <author fullname="Christian Munoz" initials="C." surname="Munoz">
         <organization>Keel API, Inc.</organization>
      </author>
      <date day="15" month="May" year="2026"/>
      <abstract>
	 <t>   This document specifies a SCITT (Supply Chain Integrity,
   Transparency, and Trust) profile for pre-execution authorization
   records of AI agent actions.  The profile defines a Signed Statement
   type, the &quot;Pre-Execution Authorization Record&quot; (also called a
   Permit), that records a policy-evaluated decision to allow, deny, or
   challenge an AI agent action before that action is dispatched to a
   model provider, tool, or service.  The profile cryptographically
   binds the authorization decision to the canonical bytes of the
   request that is subsequently dispatched, enabling independently
   verifiable &quot;authorized request equals dispatched request&quot; assertions.
   The profile composes with adjacent profiles for human-authority
   binding, post-execution material-action evidence, and content-refusal
   events, referenced rather than replicated.

	 </t>
      </abstract>
   </front>
   <seriesInfo name="Internet-Draft" value="draft-munoz-scitt-permit-profile-00"/>
   
</reference>


<reference anchor="I-D.emirdag-scitt-ai-agent-execution">
   <front>
      <title>AI Agent Execution Profile of SCITT</title>
      <author fullname="Pinar Emirdag" initials="P." surname="Emirdag">
         <organization>VERIDIC Inc.</organization>
      </author>
      <date day="11" month="April" year="2026"/>
      <abstract>
	 <t>   This document defines a SCITT (Supply Chain Integrity, Transparency,
   and Trust) profile for creating independently verifiable, tamper-
   evident records of autonomous AI agent actions.  The profile defines
   the AgentInteractionRecord (AIR) as the COSE_Sign1 signed statement
   payload for material agent actions; maps SCITT roles to the agent
   execution context, with the Agent Operator as Issuer and an
   independent Evidence Custodian as Transparency Service; specifies
   Registration Policy requirements including hash chain integrity,
   temporal ordering, and sequence completeness; defines a redaction
   receipt mechanism for privacy-preserving evidence custody; and
   provides compliance mappings to EU AI Act Articles 12 and 19, DORA,
   NIST AI RMF, MAS AI Risk Management Guidelines, PCI DSS v4.0, and
   MiFID II.

	 </t>
      </abstract>
   </front>
   <seriesInfo name="Internet-Draft" value="draft-emirdag-scitt-ai-agent-execution-00"/>
   
</reference>


<reference anchor="I-D.kamimura-scitt-refusal-events">
   <front>
      <title>Verifiable AI Refusal Events using SCITT</title>
      <author fullname="TOKACHI KAMIMURA" initials="K." surname="Tokachi">
         <organization>VeritasChain Standards Organization</organization>
      </author>
      <date day="29" month="January" year="2026"/>
      <abstract>
	 <t>   This document defines a claim set for recording AI content refusal
   events.  The claim set specifies the semantic content and correlation
   rules for refusal audit trails, independent of any particular
   serialization format.  The claims are designed to be carried within
   SCITT Signed Statements and verified using SCITT Receipts.

   This specification addresses claim semantics and verification
   requirements; it does not mandate a specific encoding.  A CDDL
   definition is provided for CBOR-based implementations, and equivalent
   JSON representations are shown in an appendix for illustration.

   This specification provides auditability of logged refusal decisions.
   It does not define content moderation policies, classification
   criteria, or what AI systems should refuse.

	 </t>
      </abstract>
   </front>
   <seriesInfo name="Internet-Draft" value="draft-kamimura-scitt-refusal-events-02"/>
   
</reference>


<reference anchor="I-D.kamimura-scitt-vcp">
   <front>
      <title>A SCITT Profile for Verifiable Audit Trails in Algorithmic Trading: The VeritasChain Protocol (VCP)</title>
      <author fullname="TOKACHI KAMIMURA" initials="K." surname="Tokachi">
         <organization>VeritasChain Standards Organization</organization>
      </author>
      <date day="4" month="January" year="2026"/>
      <abstract>
	 <t>   This document defines a profile of the SCITT (Supply Chain Integrity,
   Transparency, and Trust) architecture for creating tamper-evident
   audit trails of AI-driven algorithmic trading decisions and
   executions.  The VeritasChain Protocol (VCP) applies the SCITT
   framework to address the specific requirements of financial markets,
   including high-precision timestamps, regulatory compliance
   considerations (EU AI Act, MiFID II), and privacy-preserving
   mechanisms (crypto-shredding) compatible with GDPR.  This profile
   specifies how VCP events are encoded as SCITT Signed Statements,
   registered with Transparency Services, and verified using COSE
   Receipts.

	 </t>
      </abstract>
   </front>
   <seriesInfo name="Internet-Draft" value="draft-kamimura-scitt-vcp-02"/>
   
</reference>


<reference anchor="I-D.kamimura-vap-framework">
   <front>
      <title>Verifiable AI Provenance Framework (VAP): An Architectural Framework for Evidentiary-Grade AI Decision Trails</title>
      <author fullname="TOKACHI KAMIMURA" initials="K." surname="Tokachi">
         <organization>VeritasChain Standards Organization</organization>
      </author>
      <date day="8" month="January" year="2026"/>
      <abstract>
	 <t>   Automated decision-making systems, including AI and algorithmic
   systems in critical infrastructure, currently lack standardized
   mechanisms for producing evidentiary-grade provenance records that
   can withstand independent verification.  Traditional logging
   approaches fail to provide the cryptographic guarantees required for
   regulatory compliance, forensic investigation, and cross-
   organizational accountability.

   This document describes the Verifiable AI Provenance Framework (VAP),
   an architectural framework that defines requirements for producing
   verifiable decision trails using existing IETF security technologies.
   VAP does not define new protocols or cryptographic primitives;
   rather, it provides an architectural coordination layer that enables
   domain-specific profiles to leverage Supply Chain Integrity,
   Transparency and Trust (SCITT), Remote Attestation Procedures (RATS),
   CBOR Object Signing and Encryption (COSE), and related IETF work in a
   consistent manner.

   This document is intended to frame the problem space and facilitate
   discussion about whether architectural coordination work is needed in
   this area.

	 </t>
      </abstract>
   </front>
   <seriesInfo name="Internet-Draft" value="draft-kamimura-vap-framework-00"/>
   
</reference>


<reference anchor="I-D.dawkins-scitt-ai-article50">
   <front>
      <title>A SCITT Profile for EU AI Act Article 50 Transparency Receipts</title>
      <author fullname="Veronica S. Dawkins" initials="V. S." surname="Dawkins">
         <organization>LedgerProof Foundation</organization>
      </author>
      <date day="25" month="May" year="2026"/>
      <abstract>
	 <t>   This document defines a Supply Chain Integrity, Transparency, and
   Trust (SCITT) profile for machine-readable cryptographic
   transparency receipts addressing all four sub-obligations of
   Article 50 of Regulation (EU) 2024/1689 (the &quot;EU AI Act&quot;):
   interactive AI system disclosure (50(1)), machine-readable marking
   of synthetic media (50(2)), emotion recognition notification
   (50(3), referenced for completeness), and AI-generated text
   disclosure with human editorial review exemption (50(4)).

   The profile defines three SCITT statement content types
   (&quot;ai/article-50/v1&quot;, &quot;ai/human-review/v1&quot;, and
   &quot;ai/chatbot-session/v1&quot;) and specifies validation, verification,
   and chain-of-custody semantics suitable for presentation to
   European Union supervisory authorities, national competent
   authorities, and judicial proceedings.

   The profile is substrate-agnostic but presumes a SCITT Transparency
   Service backed by a publicly verifiable append-only log. A reference
   implementation using the Bitcoin blockchain as the SCITT log
   substrate, via RFC 6962 Merkle aggregation anchored in OP_RETURN
   transactions, is described in companion document
   draft-dawkins-scitt-lpr-00.


	 </t>
      </abstract>
   </front>
   <seriesInfo name="Internet-Draft" value="draft-dawkins-scitt-ai-article50-00"/>
   
</reference>


<reference anchor="I-D.sato-soos-gar">
   <front>
      <title>The Governance Audit Record (GAR) for Agentic AI Systems</title>
      <author fullname="Tom Sato" initials="" surname="Sato">
         <organization>MyAuberge K.K.</organization>
      </author>
      <date day="30" month="June" year="2026"/>
      <abstract>
	 <t>   This document specifies the Governance Audit Record (GAR), the audit
   architecture for agentic AI systems.  GAR defines five audit types,
   the Session Audit Record (SAR), the Audit Alert system, auditor
   principal categories, and the Audit Package for external regulatory
   inspection.  GAR provides verifiable evidence that AI agent sessions
   were governed in accordance with the Intent Declaration Primitive
   [I-D.sato-soos-idp] and the Human Escalation Mechanism
   [I-D.sato-soos-hem].  GAR answers the governance question: can any
   of this be proven to a regulator?  GAR is a domain-specific
   application of the SCITT (Supply Chain Integrity, Transparency and
   Trust) architecture [I-D.ietf-scitt-architecture] extended with
   causal ordering semantics for agentic governance events.  GAR defines
   the Authority Lifecycle Event (ALE) category: a normative set of
   causally-ordered event types covering the complete agent session
   revocation and recovery lifecycle, including single-agent revocation,
   authority suspension, partial state recording, recovery initiation,
   credential restoration, and multi-agent delegation tree events.

   Version -03 adds the SOOS Governance Semantic Convention: the
   normative soos.governance.* OpenTelemetry attribute namespace for
   governance observability (Section 13), the SOOS GAR Processor
   specification for OTel-to-SAR pipeline construction with Session
   Block Merkle integrity (Section 14), four new Authority Lifecycle
   Events (ALE-NEW-01 through ALE-NEW-04), three mandatory provenance
   fields on Cedar evaluation records, and the XPID mirror field on
   ACD session ALEs.

	 </t>
      </abstract>
   </front>
   <seriesInfo name="Internet-Draft" value="draft-sato-soos-gar-03"/>
   
</reference>


<reference anchor="I-D.nivalto-agentroa-route-authorization">
   <front>
      <title>Agent Route Origin Authorization (AgentROA): A Cryptographic Policy Enforcement Framework for AI Agent Actions</title>
      <author fullname="Joseph Michalak" initials="J." surname="Michalak">
         <organization>Nivalto, Inc.</organization>
      </author>
      <date day="15" month="April" year="2026"/>
      <abstract>
	 <t>   This document specifies the Agent Route Origin Authorization
   (AgentROA) framework, a cryptographic policy enforcement model for
   governing the actions of autonomous AI agents.  AgentROA introduces
   three core protocol objects: the Agent Route Origin Authorization
   (ROA) envelope, the Agent Route Attestation (ARA) per-hop receipt,
   and the Agent Execution Receipt (AER).  Together these objects
   enable: (1) cryptographic binding of an agent&#x27;s authorized action
   scope to a signed policy envelope at session initialization,
   (2) per-hop attestation across multi-agent delegation chains with
   monotonic scope-narrowing semantics (no policy envelope may be
   expanded by a downstream delegation), and (3) cryptographic receipts
   produced intrinsically by the enforcement decision at each capability
   invocation boundary.  The framework is modeled on the BGP Route
   Origin Authorization (ROA) concept from RPKI (RFC 6480) applied to
   the AI agent execution domain.

   The Border Gateway enforcement model positions a cryptographic
   enforcement process at a capability invocation boundary — external
   to the agent&#x27;s execution context — reducing the risk that governance
   decisions are influenced by the governed agent by placing
   enforcement in a separate process boundary.  The Border Gateway
   model is topology-independent: it may be deployed as a protocol-
   specific proxy in front of Model Context Protocol (MCP) servers,
   as a service mesh enforcement component covering all inter-service
   calls, as a network egress gateway covering all outbound capability
   invocations regardless of protocol, or as a domain-specific
   execution boundary.  The protocol objects defined herein function
   identically across all deployment topologies.  This document
   establishes the architectural model, protocol object schemas, and
   enforcement semantics for the AgentROA framework.

	 </t>
      </abstract>
   </front>
   <seriesInfo name="Internet-Draft" value="draft-nivalto-agentroa-route-authorization-01"/>
   
</reference>

<reference anchor="RFC8141">
  <front>
    <title>Uniform Resource Names (URNs)</title>
    <author fullname="P. Saint-Andre" initials="P." surname="Saint-Andre"/>
    <author fullname="J. Klensin" initials="J." surname="Klensin"/>
    <date month="April" year="2017"/>
    <abstract>
      <t>A Uniform Resource Name (URN) is a Uniform Resource Identifier (URI) that is assigned under the "urn" URI scheme and a particular URN namespace, with the intent that the URN will be a persistent, location-independent resource identifier. With regard to URN syntax, this document defines the canonical syntax for URNs (in a way that is consistent with URI syntax), specifies methods for determining URN-equivalence, and discusses URI conformance. With regard to URN namespaces, this document specifies a method for defining a URN namespace and associating it with a namespace identifier, and it describes procedures for registering namespace identifiers with the Internet Assigned Numbers Authority (IANA). This document obsoletes both RFCs 2141 and 3406.</t>
    </abstract>
  </front>
  <seriesInfo name="RFC" value="8141"/>
  <seriesInfo name="DOI" value="10.17487/RFC8141"/>
</reference>

<reference anchor="RFC6839">
  <front>
    <title>Additional Media Type Structured Syntax Suffixes</title>
    <author fullname="T. Hansen" initials="T." surname="Hansen"/>
    <author fullname="A. Melnikov" initials="A." surname="Melnikov"/>
    <date month="January" year="2013"/>
    <abstract>
      <t>A content media type name sometimes includes partitioned meta- information distinguished by a structured syntax to permit noting an attribute of the media as a suffix to the name. This document defines several structured syntax suffixes for use with media type registrations. In particular, it defines and registers the "+json", "+ber", "+der", "+fastinfoset", "+wbxml" and "+zip" structured syntax suffixes, and provides a media type structured syntax suffix registration form for the "+xml" structured syntax suffix. This document is not an Internet Standards Track specification; it is published for informational purposes.</t>
    </abstract>
  </front>
  <seriesInfo name="RFC" value="6839"/>
  <seriesInfo name="DOI" value="10.17487/RFC6839"/>
</reference>


<reference anchor="I-D.mih-scitt-agent-action-capsule-selective-disclosure" >
  <front>
    <title>Selective Disclosure Profile for Agent Action Capsules</title>
    <author initials="S." surname="Mih" fullname="Steven Mih">
      <organization>Action State Group, Inc.</organization>
    </author>
    <date year="n.d."/>
  </front>
  <seriesInfo name="Internet-Draft" value="draft-mih-scitt-agent-action-capsule-selective-disclosure-00"/>
</reference>
<reference anchor="I-D.mih-agent-bilateral-attestation" >
  <front>
    <title>Bilateral Agent Action Attestation</title>
    <author initials="S." surname="Mih" fullname="Steven Mih">
      <organization>Action State Group, Inc.</organization>
    </author>
    <date year="n.d."/>
  </front>
  <seriesInfo name="Internet-Draft" value="draft-mih-agent-bilateral-attestation-00"/>
</reference>
<reference anchor="NotarizedAgents" target="https://arxiv.org/abs/2606.04193">
  <front>
    <title>Notarized Agents: Decentralized, Verifiable AI Agent Receipts</title>
    <author >
      <organization></organization>
    </author>
    <date year="2026"/>
  </front>
</reference>
<reference anchor="ERC8004" target="https://eips.ethereum.org/EIPS/eip-8004">
  <front>
    <title>ERC-8004: Agent Identity Registry</title>
    <author >
      <organization></organization>
    </author>
    <date year="n.d."/>
  </front>
</reference>
<reference anchor="VerifiableIntent" >
  <front>
    <title>Verifiable Intent</title>
    <author >
      <organization>Mastercard</organization>
    </author>
    <date year="n.d."/>
  </front>
</reference>


    </references>

</references>


<?line 1125?>

<section numbered="false" anchor="acknowledgments"><name>Acknowledgments</name>

<t>The author thanks the reviewers and contributors who shaped the design
recorded here, and the SCITT and COSE working groups whose substrate this
profile builds on.</t>

</section>


  </back>

<!-- ##markdown-source:
H4sIAAAAAAAAA+196W7cWJbm//sUhAyMpeygvOTS6dA0plW2s8qF8jKWsrJr
Gg0FFUFJLDPIKJIhOcppYB5innCeZM53lrswKGcmutGYH11AVckRwct7zz37
mue5G6qhLufZwWmTnV6XzZCdLoeqbbLnxabf1mX2rmuvKvr/q7bLzp6/Oj8/
cMXlZVfe4pmJB/oDt2qXTbGmRVddcTXk6+om75fVMOQFfp8X/Pt8Kb/PHz91
y2Ior9tuN8/6YeX67eW66nv6zbDb0CqvXp7/4KpNN8+GbtsPTx8/fkbPFF1Z
0BbOyuW2q4bdgbtruw/XXbvd4FPZ6IdyR5+u5i7LZe/44/RVxvvA30NXNP2G
lmqWO/y72K4q/uK27FbVcnD9UDSri6JuG9rIruzdpppn/zq0y1nWt93QlVc9
/bVb449/c67YDjdtx++rmn6enR1nr6sbl2WZAORsKG/Lxj5ru+uiqf5eABxz
A+PZQMDIfo+DzLJXzfIYvyzXRVUTdDbl8p8FfD1+dlxUzjVtt6Ylbkt6bfb+
h+dPnzx5pn9+/+Qfv9E/nz3+9ql9+vUz/+c/fv+t/vn111+Hx55+p39+9/3X
39unT7+1Hzx79s3Xc+eq5ip+96v8xXFVDlf5su3LfF12H+h2CURlvuna9qpP
fiMI0S+7giC6/0VXLstqM/T5cnmFx4GC6c821bLM+1W+vBtsg8++eRZO+7Xf
6+Mn9uR627R/1zdsym5dDeO1y3XVrYprw9dKUbb8SGjG16S/+1Csq/W2K/x2
r7Z9Uee43aG/50e3y83eN7fFJr/qCDeAvfbtqrj7QOgTbaIbqmVdfvvYftEX
Q5v3bdvn10VnHzbVbVHT57zlri1ywqGhzAUnDc3shr95Em74mYfPlym1L+ty
idvOV1W/rNt+2zHgssyYyJn9Invhf5FwkHs4Btboy64qe+CUrElbaoaya8oh
fwE+8ivZydQm88ePeUlPnvyfPRrl/0wRKv/nV1OrQVK2d1nV9JOOkKMYhhJk
q9cQoPY7+0kKntPw+98OoS+8/D8XGm/aoSDsK1d8tj49uf8y02+zF0T4hL1F
jU9n2Z/pyFdVcUnoQ3xbwPNeeYMAhRa4LunoN8Ow6eePHhXdx+r2mLb3qLjs
Hz397vF3x4+/efLsa/7xivY3z54+fvod/fPl++ffP378Tboj+jDnT/Vlr1b0
vyRf6K3XVT90u+m30ob643K4Kbtyu+a3v3z17gwf82r0TDgJLq0Z0tdG55Sv
DyavKIX666Kny10W3cq5PCfpdUkbJHJw7vym6jMSw9s1zrAqr6qm7LNChGDG
soO/2USkSSyXZGXVXGd3N8WQFYSArxyjUbaqViR8b8pJ8j3OTr2yUOElq+qa
UI2kwJoY7EB3Kyu79iojMSrCNxOqzWjz3Q7vrIbehG5eE7bVtEy/afuKf3Yo
DJgwwl3W7fIDUIMupsL/l13XdvhjqNb0MuJ5RzPe7KocwOMburZqmS0hM7ui
Iiyjb4vB3dFdZSWxzG0x8OP0SHl1RcyDv8/uij4LZxjaa77e7K4abrLC0XJX
VUcvzPWZy6ph4PGzK7yzud5W/U0pICEtY1je0EIgxPVmyK66dk1Adu0lkfUt
Q4lAOMzosxWAf0Ow6ofsZrsumrxqcnp5XrftJruqi+tjzzszUl5c+XFDT/dY
vdc7PquuG/r3mV11nx0+f3v28gKfPznil6yLVRlpQHSEnesEyxnBiCF4lDmP
FKXsjDZM0nd08XLLuIHG0QV2O7vPGS20rLcMHRWUROhFpjdJSK13Ga9Gx3Ws
jbVdft1hp+VtRT9blgLhIrsGr4HYLFfHgv9NO5QXb/A/Q3vxvqSHun5MC8BQ
nGxV0XJbYrlB2zzOzgkFKpAfjkEcb8uU4SBItvwT3ZkC5Sd6OQ7FDC87ZKH0
z9BOwACOZLm+3Xa05/bKkfJKmANKwwpKeQ97/NXbkVnDI0awlAvoSqYA0owF
Xe5uquWNG8YHonOSvFudkIAoeZXwHK2/oJ/2j1hpYvHw6P3L0xevXx6vVwtn
u+lLIcd1sdnQiRSe62q1qkvnHoAnde1qyz9yzjToHhdLajiJpOt6RzzxQ6l0
3QuZlB8hngjIIL7yb1tcH139HSns9IgTjIECXQrtbIod4+osI9jgAztlT8C8
a5WsiNgEF4aq6HaOlu3lnVdtXbd3Anf7NDsAHTPIlOWI4kc0/T8OBBt6cIIV
sD9RlRSh+YLo6PhFSfAiRDRlcPQmfoneq5Nle76eijgECIz4/J1whxVD3XNC
wkOC36qlHf3f//1/InIBFSyLnsj8DqJFnuKVsfBBJVyqH9rNhqjgYIzsuhnj
CZ8+qe7++bPyBxfxh6EVbsycf4LPz+9n7UDvPdYOFvNFri7gC4Sggt+tSMe5
bpT3yt4KKJruiTyxLnaPAELDBl4qsCK7NgZ1uyTzkKWD8O2GrSnm2DmLQc+3
Dz99ks8/fz4SFkN8kDCetHS+nISjH+Bi/Ep8CYHFHwixHgSB8rBX7s6/9Byf
IIRFLtttQ5dHR1BM6+giGmJmGbg6Q7TxYqOAOCHQbOqSD+7c0/jwBPeE9/Kx
8IH+mw6Xyg7PtrETUQOEQ8+EP/cqYHsRTJCxJGF7xlNssW0IOHjOJHQACxHt
aROxbRK+tUDWrogf7rfLJYQXaAUPk8J+W93SG29Iebqsil4gFWDSknkBxIIA
6Pm4xC46lgJfHxOrWpUbcHCC261qVcRMhp3y4y0rSXTx19uChNpQ0hqHZUO4
2W74ToF8BV17OctiaYh/sd55xGBjinrYi7Smf8urhI3QIgRFkPyyPAmUnq9a
MuMJsW9KgqtqZauMCZuuSVYQzv/58wyrfPq0rIu+fwqUxEtSjQavJk7POFNB
c7wE7e5sKx2jIZYRkQCQ04bbu4Z+SJCDWM4G4qpQZWDH45L4fYAIvTp8DKwB
b6FLpPcT+u9pkAe8mwP/r0rZoWdFRX1X7PpsXQKX3X16KD8GcUTigphKzLHm
onSpDpe1jYnRgVCNwQh5z9sgMVK3BbgS9JeRIsRoAGfRCiy0YfTZAseg7RD0
WtbyZAfjUxxDFj5vG1j5LHHwthe4x0r+/enBMnz7WUD2odxBTSF0P3j949n5
wUz+P3vzlv9+//J//vjq/csX+PvsD6d/+pP/Q37h6B9vf/yTfo+/wpPP375+
/fLNC3mYPs1GH70+/csB0607ePvu/NXbN6d/mroaCJaWpBvrPh0xnUE0SWLE
y666FNj87vm77Mk3jm8ELiaSIfw3fEz0N8mnRlgEE7X8k0BJKEmyqegYvDVp
AsWmGsBeHATXDbARBECQNTHj5kyok85IcB1c+x/P3r5Jr1kxaGWCLQs3PotM
m7GUovf+WTijvVcojHQWYnPEZxkN92Qb9sHyReyMZcXKIRgSvZhQAPJb2Rb/
rOqDCjQQeD40OHhBnH+I7A7azIsgHm1DezKX+TLLM1bQU7mHQxJUk43RnkxC
kaqpphyrz3pGko43rf+emOssWCD08LQNore9wV5ZRBZe6EAnhEsGzIQO9U7F
mp2I7AgyqFkSCEWTmIUWSDenYubQFNPYPBmIpx25TLkylCsTZHKLzPTwjlMi
4+gdZOJVK5YVAVgsoSFElBUCmnwZ8DCb5pVltvPjzNZPuCVda78h2QLCaYWX
Cv+kR6c4KNA2f/Hq9y/PzrHPP7z8l0Oi9Pzpt98d/vH52SF7cuH4OLw9ov94
bCelFmZ+X+Y35cdMnwBeyiaFDP/x+2+JDJkwnhdN25AkqU2TPSORsy7ZfxQ+
ZLKB+Uu4fUXgpJWKS6gbOZ2zXmW2G/n14bpcXwLmhCnEGeU5MNBtXTO2QDsh
HOi6YgfZ1Xbhw/byr9CSRNtYk/gmdeyyHYZ2nW83pI+cEl/gjQuq98aiaBkT
DMShhWuxrVEGvBEafsB4NW35ZibciTvTcn8VU4eY84MHuN/7xQcZ91WRIQZB
T9oi9Fxi9UJlroRdsjxKRM/0fnCthQvWuEq5x9+SnM8OCUd/9/a9Vz6JNuV+
n33zjJW381jqOd02CxTR3rGL5z+dZ8/roiJRTXRQrKE2ZId1cUkK+JNvj3TF
r5/hhcB80q1/lgeyn7P35d/of1+ToAYd/Ox+JlPQ/5d+R8Zydog3PDnCr1V8
0Z+sXtGB8Jhwy8qcZ4e8K4HaQwgWAWZH58GSpJTJkk9HS267Zj7l5Z2/fffy
/en52/fz0+eQaxevXnhqIfOd1Lq8X9ILVsaw6Q2Mg4dQH5kpEof/8f0bdnAS
g4GiBuuZINTe6a70XRdeTblgXEg2eMC7u5C3HADrD5SnHhBer1aVcEehF1O4
Vf0nDnG1xRXzvcZvlOXC67xQxxuvdpW8COx9VYrJSNYA2Fvivtm0dbXcCaOH
aqgeN3Aoz+8IPXpld4a76VZMhlyQwTXeyvOWTKuaOStrbcGWVJnpJeOhGYMK
nJ702SHypNTFDkz2Z+c29bbPFkV9vZhliw/VaiECYUEEP9gVLGDDZyAgIYfR
lyAGR9rMgjSPWhXqR1NY9A9/JSm1yA5V1pjAD3Q/I3XHduyJb2Gg+WoRCDFX
QlwyEfUli/znf6Itvpg7uEGaXhTGzsM5Z0UJ9pl8LVbK5Gt4Vcf0q0tEWEz3
TTeYk5pJOMXonG3UnzL25kFelB/Fks1enb45zQ4Cqziwn+9OCJMEM+kjeU+2
qZqe9cNrkhSyE93nvTS6CMSlwipbEB3qcWDt1dWH8q7q0/PgulkhZ8OIELf8
WMDcndpVWUFbd0EjKDKWuCPaBpQ16gVTiq3cTU1f0JEG8+iqqMnNLjOW0bPw
hJFNjxAQPWde5QL6wFyaFu+FV219BAQgu140hp4IVa9BNBs2guUQUHzErSmM
O4KRW7W0RVi9HamOZOPysfpdMxQfxbBc3rSVKCIrWJwde6qz4rYlcl3e0NWY
LrOHqbZpCeF6q8B2dQw5J4oAO/XvwXTG4coLu5zwgJSMpapfh4WbchxPsakZ
awwm7/NtU9xFZjXpfWtSzMDDYPnppYGBMYg5Si8nDS64E/GEQEu+dn1JatgA
nYj2Sxu8Abfa9WZwGutjpeB9vDtgowWcSA2Id86qgHfZrIsPiYaZOta90mqx
jrH/TbHwC+52MD0Xu/DY9TAMxfLGODhZbnTlpd+xY5+/3z9UiV8K0rP3q+XV
ts1Yz5gxtrB8j7Y4pMZ1uIHMo6/QlFMPiuJcjyvnt2ax7+MEuuGNWKWxw+Yh
XFKIUKhnBRTpXR1mUbPruxuI94d458W6XSHGRnr4DSJFBwtn2HNT3OI03nlT
GKw0PDN9EaICE8N1lVoMcHWZZcDg4VeJe3n3hTs9ET3X4KVUDpj5SEAGPakY
2k7YraAVjkhgi7HR4WHRnvvMM1Yckn7IytA8vv44/4JwyYcIA3xTKj1990pD
U9MwWRc7aPt1u+M1BIh2rn5LBEca8t77p9I8Pn8eQaXqOV6jTnR2VQBBhPX1
x+r0jn795xdneXHdtOIlG1LlxHSN9wkuspNkHxcZC6/JYmGquhTtOorVvigG
IlkTCNkhvfnIqaxbAkuaL1x72PIadjffOi3gFAuEnkDuT757ekFWH4y+w19H
wQQ9cQBcFfA6N+UWnnWsLqKVGZLdcwXpirfxkXsRLM+f/7B3jYe/8v5Y9kmI
VOnBvARZUXNECPkZsduag3AaZ2WSCc+6L3FEYb69GLIk8iaZEtSDolvVZc+K
KQfRGBTi5de1BHl7EQFvVekjju/1P+L2hA8kfJc3Xdu0277eBVd+FOAS+w6C
lARTQcYx/CrbgQy5JfRl1pFmrhVPQsX5U+pRioOoRS/68l2zZ0C6w8W0aTIP
xscCb2OlmBVZ94u6cK5Pik58pDxOdBE6WFFLSLbtqmv2jsnTCC/iJ8feFtAg
6eXOKxhgGt4QqMj0Z5+ro1+st0A5lV1+ZX+muTo/rhmdNlBqRWfmQES8GXCI
NVYjmmRvgIrwquxF84yI7bDfrtdFtzsK0rzi2z2rPma37bK43NbF5JNivImK
nHumIDpe4c6SyO17oeGVGWGmgD797vPnGeGv2GLfHH93NHcLdZtdsGkGuycO
khno8Lm6CdnMmblF1QmSqekQnpffXUQy0JtRN6TCHttNLcQZHsBgoK3gr6X3
S+h2sBicj1mQ2vTpU1U0BU7zoURcamCOc1ksP3jAhTikaMHqGNdQggXequaW
4F3AT8tXDw8yURFr/yxwrqF1R2+ce7HfO5b7xPwKaIKmYyF4r/Y2RIcmKXrj
ItIVBEGd9wqCKi0jhQzY41QXlDuH27rAO9biIjGELpZLAkTBmslLjsEZskjE
x6vYkaQiwPDuLs0lCbQOfhIfq7F7iZb014LcVO8Cm/Saf3qgRD52XhXidhP/
nJCbd5YN6rfWLDoNV46d0ceEyw0w9bb0DOcQ+latTmAGkM+y8dHAmeuKO2L2
bW26d89SA8qiudRUN7cdnUDtr9KcHCiEsiW2RGKRQhyr1aV6xGwscPReY4/m
LtpsL4lCndJgb5bqKHlIQnZityGCBZzsRbMQTngiZOPoOYQ52TPMDMGoJco/
+vxZpIzPLROvYzdULHHMa/YZXrkf2AT7OTtXX9CXnHPqoMOLL5gvEA78rP6B
fVedoaHkn9jvI0edCWGkBojyKV5fYwKsDkX4bEsgM+FXZn4f8KUiae2D+JA8
y4DtLuS/ugVNWUYJWTvBRmVPlZD3rzhw4v7O+201hD3rrRuu/dbj4iCDf4JU
K+Sgqke4K3NksAeFK08VrpFbvqaXEbRGrKIhdljBghPtpYIfHhGX/PHjALNL
Yg7wMQ3YEOEpRzIJZ5vs4MlB6tZjb54C6vC7b4jbfhy5XqNYhUFnaXEFW4Zh
P+IbRDPbPn4Px+4hdnI62gccjd0KiPQg7PCFoAO0CmYpebFadZIjkN4SjqTO
0vhEyUHOWC1QXzQbi3ocI9xtU5HmZgE1+C29UV+Xq2txTPr3qFN26k3imj1M
JM5R4qo9LJK0RkTlVNtfqQvYrL0v4DEJmnbbyKnE2R0dh9dUsUJIe9Xq7r3L
/UsLp057XFxgC8UQLRveJ6sjLYSE93pzz+qs/aDCgEzNH8+fCy0f/K8DUhKv
rqqPsghZ7sub0T1a2Jr+JO3bgJOTniNKMT8T3S3rEABMdJvylMh/1rmvt50P
gYU8rH5HusP62Mf8+kzD7Zt2s4WXW0hS8JRzL1pOIOIcJ6Z7FilpnmgjO8w5
x4e0Ts9b4ffFN2yuSTi5bDi1J94g0U1zrbJ4jUzuSiKttTg7r4Xq4cUgjOFc
p15ip+ozJRrLWBrndpH9XbHBp6KX5msSJFcQn8EbyX44juNAm22GKHM2Z19o
ods6SjwwrVEL/54YUideB2gZBDdOYrwjlQ+x6RZvSP0bU9dDHJe4nzrN2nD9
DH3DFtoEM5CAPmCvrMtqsHBGFA5xos+ciJtRCNzrglBciQfVdVgnqlAgiJM6
syKjpizqkkMk7jXh1lB0QidkIQnRmOLZ7CRjLwnR89sukUEIRyaYAjE7J8je
qx4pKtkVqUQwjfJNC6Wl2XLw9cRHSKGMi1845P+QBkqivB/b85LRAm+QaB3P
ExgLEiLAKdgIDXG5/wvLT4WOR1+R9Zt5e5eoyMMp5EruoozAdEFgO74TNVER
cyaMd4SV9iWv1RHTIz6TqbnA62hKJifugJihyqRvW9EjGnwRtCUT/6UcmkMh
tMSyQHhZKYUphD2TYrn5WAPry0ZsSFMkxRjQaEiR2J14h3QRbHiBnJH+jFUB
0fVa6NC8G2e0QRdI3/Qk7TlDRFxtnro0+Y0pij4nyCPU20qSIac4NoNLDo5s
0AcPxCrwKM3MS8yvhX248EFrYW3EmbwGSrzJVOjoRbKeC1z3OHu1r5ovgg6w
kGRQXqSTG4OwKLtcE3mPXeC6zOyE1CFkGKXX23qoCKsNXcecOToMrJQ9zuzT
IqfYa8zyJXu/BW05DhhUG6wkN6n4k70+/UvWrmGNDCeqvsQ72OM/LuE/x0nY
wDMgEWniq4TuGy2oSRoCipGIcIZelr1u1HGAbCtPlzBZxTE9zUUz5EA7T73i
1PB7Sd54INonSySEPETAabhdsRlJ2Yw1aiNfbeuTjOimFn9PZc9OUYRlhzr4
B3zSbaEJjvFNm+VLWP5yUsp6vmZfEHv7ieWssTXaNOcchQtR1Cpxv3aD9whx
p9wHub3s5hTt1TQxn5AlebDTekAlPvdrOJ2CctAQBpZ3kdMaWueR5Wrk2SJS
Rueidy5I8bTyhmIllmvHjlbdyIwFRpGJLooMOVnk6IQWxFV/9RW986uv9jHP
TGWVBINADY+N/Em0FXmWf0BbgsbPDj6JKNUF8Vs7pCEbbSSg26aDJiMvOtxz
ts28D+johAk9R8QmyklYMAtPHF+aLjfiaiFZTnKoAG1h/4yNCEdzvKtvQxpa
Zc5NYXPeKFmZpqxRAVrOfDnZhC/nmB3J96ADWEvh00ZIDkhST+IRTNyFc6cg
t6WACF8CnEqWhbhnLkShWDhl3XpZJAs5rFjmUHuY9nymv9C+0OpKnN0DrL5q
vV1rqBl3GLBISqsChO0eZt6rhe9Got+ZwooX8C1w0U8sEOOc/DFbTHmJ02Kr
jO8c8F4QySxCDmhgIcrHkiCQMhH+bMcakt8Gfi7xUC+SI9VW8Fh0WPaJL4z5
ipwKMPoSi/AeyV+gNrcuOnWjoFYASgqp5FckrkktF/WoGEwHFrB/HO5jbeL/
5xdmGlBhoaZ2FZtCcjx5K2RtV13fyNtiy8ApR5XI7IwrGJqRW/ZKfMEzVuSK
1HvJO4lApfU0fSAykiK3hRQMyZZKNgJRquGDduuWjRzUmLh74OwzM+ySTjRw
yT5Q2n6B2JM6KQuXoMgVvZ8jgF6yKAKuK04TKYu1PRmXlbgGqOpjXUez7HI7
qJ9zXO82so1s91bh4oICynEm4hfiX58+LRKuJ5wybFhwCZznQOVHzWZmeCda
ndKlKyI+t0xdNsj4hK/U7PJxLK5AQBZuIEa13hEBVcN+FZRiovBywrWyvjJf
mPercZoKo+rD3u1pn/AGt1t2MQ2S646kHLH/dav04puy3jCDR8ROshkcA4B5
kc9nuCtJfWkkHwrdJ8wHNiBHxws4UatnYf9O96/54TN2E4sjw9NVmUWZod6r
BneBZaB+Ppo5lUsCFbtCKNiJWp1x2TbQ4vpGsYpLaApJH+DqsvS6xER8KWVN
4ir3XPreklfij1I5JZZF+rQVEWiOIGDuq2y90yqKJ7wa6PIgvLf9IpOkY64s
7MWXc0WIequO1p7zVuW3sVc8+11l+W8+kj6RyLqpyagq4W56pTWfoiKFSi6y
8zNNq1BBqUU3IK6+tM/MrBdTQP1toeL3Z8RIyFLQEjCumtK48cQLlFtellb9
dfKr3ucvh4ME/KK4zkyLzPh104uFWrOV/8xKLUZ+YKlY9CupG77g8oufuW3B
ejOgHtUsdmH9YCHGJqX2jssgjiZ2NRN3mO5p5t0eeLutkb6eI6GDbCCyQ6MC
PTo/h/SivFWS81Xhq1QviJNkj7Io45X9POdTqO/trPmkNwnWg2ExiWn/OCln
gU0vRodeZNDWIgiTfIirw/W046wniX4u/DsWlkrGZc1cZpveOJcQTkkvzd5S
Vw+UVSnadOsS0qzq1/B/VMoOJsowk6OqLWIncFbfLl4uhtpanFL7TCMJ3mkW
AAceFpLiO6HhOq/hzsTKVdViEV/vIvtrSwwTJVmQ9iJ5LMPDSu/vC6yLrstK
JMeY45yPsoHHU0slFsNde3FX7BCjJ5TDnxdQRGlJyEBE6O3jUBVUFXX8hZUh
LU7cl7T5aeiNDQhAcSopYJ799Ie32W1LWk7Z+2JwX7PqC52DBWg6iZTkW9RM
3s4ZoZJR4PModpLUMk6aOLQDnGTTeRNHKAovV6rWcGlNxPL3jzIdFKWfIvv9
wmpTNc4h7MGMOg1n4IcnKsavK4gaI73oiF6LWlXI5EHEmZmP8LkLhoB/DSfe
Ew1uy1VUG4U4tb5HwAs5pXwStUPMxEKBr6b5jmqbpXYKb1Or3uissJiM+zMS
ouCRhsGK8HW5SsPWtLGOq5gMM2CdLXA1/itCsBje+EE2Df0E5okssiCQsPye
Mc7/4GgkKy+2zeTD+BWd80KzmKBI/jwSg1aRzMmwvl2IeBxF8dGUZdIwBXuV
t5saQIRyW859ko1n3vo9sW65Hl7KkwZcBG6Ktqa2F21G9ml7UdbjNsRmB9Ky
ZYN3rK9u2qpH8gk+yi+5HFq9a+x2vSwlU83DClrdupXGLwpYDQ0psyCrq6s+
MptvBxQ6mtRJj76wWAbX4VptPAxVN/4h/WIh8n8hpT6TdfEhiUXQ3Xm1oDAJ
dJLFioE2tugTDJ27g2l8OVgENnXv69lMVUEkerHzL5/xAyAnUG7uFz6J3NaT
N10F6B+7hWkiC0R7YZpWnCuYf0EpOQoJu3pklxw5u//InJ8uLz+b3B3v3rGH
rWYvwt4+qkGTFbkEX6xH0Y76EuVjQ0lihBQlNxKlj7JFpCvpzaeSyCL9UW8F
ZljI/itCO4+EAx1nZ602kNnDs5DRsFCypNcy4a5QTXtbHvnkwKY1XQ2VkySU
U/6xOArZ1lNgg32sccw+1rPo1UmiGclM/HvZXjfcx2pqLacOfMnrHrq2ufbH
GImOBdIRpDo4lIy5xFkSNKgpHU44ia0hv2TWQbi2OWb6F+bCqV2jyuIqzf+x
uJAGbwo4WSTroHUF19hKIdNlKcEF00vNMoePjknnMumfIeTl9cKgZbCDQQGS
myz1X5+wxtjGgXs5CXxu+/UtXE/IixxlPuFCVNLyI7CgAmaQnYjSYNYGkU3z
1IVAuNTEq7tckhIJBeqkaWSO9NSlRxSOKKrbwByYq7Im81fJaClVmYQHsk3t
ioJXiq7pGwTx2cQcP/Wi+tODIJudkyzD2E0oKZzZwv9qYcW3vaTawv2GwIq1
yCC+RFgMnsMXK9ub75dPEJkdwOmieA31vu1cKKk4mo3ViIOU3tCO4B4mNuOl
wr+PNFdV0gnC61HkwzEfrMWeD304Ku0ghTh9LmhMCF/2Q7vacSG5oZB8P8/i
5SUogz+TiEzibDk6CXuQ0HDir8xuiv4mF6ePuWfYN7wBuNHvRMpDYqu7agay
+06i08jC+hqXvkB207Utqlj6VOe/LMsmDcZKzyu7dRejMGyrxKpUhABjTEDp
/a2Skir04yS3FZI3ASGwf9tHMIq9tT3bEHpm8aBxh6ybGG4GacGGCCiSA865
Y5X1eCnVqayeOi3lMH23kCodAgXIFdafmHKijgw3HfpmVZxS05Vm37lwnOy/
2yXQX7YRplToTqJWImHU9yJKPAJOco3VlxYp3qxPV9IPirX45U1F7OAkjnOE
y0Dqo+NHPCi9ORajkWhVUnnktyeMJOou4U8/1bOB+EwUcIqzhrmfWPjKomtG
ZePOE2nfCY5c+nz27NCUpiMUZ3H2NChbsrLxV0MWYH9RNZvtoHRuRY7ojvjF
KNcxB0k33CyoS19FBCX5zLDZZ5KLQwh1wF0upLJaYlEHaF8Z5YFK9x5OAfsY
5YOmLdsOJStntLOjE4RbGy+XbWdRH4XWfPxaMuP99HQQ3tqFwTE6DvootDUZ
vkfigdamgeNWHUB32gARQZm9ffOnv1iyGa8bGpAVS/bAnlrqS7FFN1neqhRZ
XBU1HDbZeEfcmZk4RFBE7YBzg+tiL+0KvUHfqoj2e/E9SKQHpe2EKERuVBq0
DTuCgaUG4krh7yn+Jqm3WtWkIWf/hASZ0QqFdZMiQ+glfqmShcFg/yqChEVT
FA4oiQTRV5pilrz2oVRNd1qpLYVifJa06iM5j4TwxAGUTxGo9BfRb/gTrhuX
LJw4IM56DTECHNZ7QawvIwODLdIhcbb5FjjySku8rwmrSTUTRUatWl4fPW+A
hPC1ySsWof+YgPtGlN/4DLNsXaGzmKalyILArTQyLaScfpYAa+SgLqICbaRc
kWYzlPpi9CURdQj8fy/EbS1OrFxRgx5WORBlmbrMS47+pq1XIZTtvUZM2SeK
EleQMJJob/Hsu5YWEVdTn4lWZbEuzrnRPmxGM+ELgYG2wuMd00JQFORGDjXL
Q6sirsZtWI6M+O2G5Gq4rw5gNPPHL/RWD+xWD/gqSHuuut2FUGZ0FSdagl4k
Tf6kydtRaB7ICR+LT8NQX/QkNRqYh3SzsurnRXxBi+hHC9+5k1sQZJwCjfu8
yvwyZhetLEgqmZWqTvqX8FIH/LfqsRn9s18WbPQeHO+/N9SvxB40f1wvG31z
In0/O/XMKbHwSdILK6wPIUi9rtDzkJayFnv4/p4yeqnPxMJySC9F2B7hDZF8
pi3ece8tyGrwYclG439ml0UvPv8opUu8k4AVt7NCMFSTKeOqGKmljxJQOV0m
6UBnuosk2TD6ljVBi8w0DQxxpMorNPtd6gTPDdR8Ivr130u0dOE6PlHWsz1j
1hdA5gxkrvrlzqP0mRhzxRCuELsBn6OFQkowR6vR0ABXTxqUz6dMWHcWObs/
PUh4shvX9nlF6ac//CWOfyrHHazwkwWeFq2wFzx6x5f0npPpKrixC0FMkWCu
G+GI6oWcMHb7pse8z8M+cq5b8luhpQHW5RdxOf5bfFCeq2rzUhxa0+nMTJTn
byoixiSa+r7dmlWjWkNI2Cjuikpc6mXf1ttQoaAdhpMygiTL90qaAN6zC+17
qWf06q1vOZ0dWu9d0r1v2mtAGUpHR3xBKzu0T/UemFR0dOXdCfJgrALWdEV9
mAXFhcU+ZQ0NVIS0BuNTe/UZvjkIbkFgxm3yBYxIvtzAzIlV9xPO8iOAoCaC
/e+sjfuj/5y9lLdp/B7xivIkgMbqWiRAsStJgYnuTbwq3d5LlCvjgOd/ssvR
sjRPrMpCToKism04o6TfbuDGXIl2rizdA8GzeOyduVuMALo55NDSbhS7qms4
HL0yF23X+gogdc1/b6FoQr1bBbbfogeM1ybFCglpHBYZDnEhEx1Be2Pi0bkK
0j/I8G5TVJ3EkmruGZbgoXaYcosRNYn/eGHosWD7NwQkBRN7ucJ+R9vYrfv5
xCpI80VFgLRn8NcrUY2IJDkOfeKiF8qT4QlNXCLAHHB09kCz894mZCW1gFFU
6tOD9Lz7nPcQBXORwSue4uApO07dV9q20U13ajzSPKnQarb4qFW6sfi4ItWQ
3apDK9UQDXuw2RA+F1fII8589oGaKJie1Sw6qyb1rMllaDOnTNp5wV4xDjVi
XxCPKSjIJNPfajYC9LE02jBy3bHtZuuL4yVaHo9/+QXj5e8LZsCyfNuopkSP
W/4xR8577vohGqhw0gXjfP+bXmEk5e7p3ayN8XfoDFNK9mQhpbmghpC8xEbw
KKKg8To2kmEhcbTQh/puuIMBd6K2Ek7ZR9Vw7IVVdW8GsJfa/OKDNQ3n1CGE
8iR3/2+SI5JlaRYhYHSqfd74UeKFiHt9QOaGiHp/4D47XKiEXszYsB+RNroR
sOjkvgKJFJLvlJD54VRE8BPCz/lPY7/4h/HIxVFwGgg4tJn9yJ0svvjFHmaO
HJfe8wXLgINFthxzCUk9ZfRhp4GigPXWhsLYFVIGDpXSLKQQbWfdTEBoas+x
0XLEf+fRAdl+kAzCW6AFmMgbslj3+DlsegId6n8RiaRfW+NapB0RTrGtLsWC
1XAv7sOYGUNJE1tCrcpEvAuK0ct/efn8x/NXb37PjEWkDLZPFKQ9SfYo3duG
C++nztATRAVxvzBHjJfeh58+Acms7hF8UZq38Gu41O8Kh1D5GLH6A+9huWsN
7HqFmgS4OJAwNCfBq2rlm2KZPesjZSzd6FUabZZmBxKRlFzXvcMK44lXZ8UN
yJ8obSRtbScWc4r3GWvcSadcSLovNHP/9CDp5W61euqmStPQzOGcpDeP5nJA
yHHvCrCHUWf+ypcm25iJbVNJS5soYyAVsrGZYroLtxn0bSv2WoMchsIE9ck7
xtySBxLoflkKSLIWSlukC/IusbXVSeWSaJukW5tZhVvQNC1EAipJMwQvFsZ9
jeBsUZdxBsU9XV14F1BboP7x9sCIzGVDgA49ml3TxsU+xO0R66tLjcrojJOT
X5iH8sVZKJa+pNNQxH9YXGlzIeIje207DDv843Fnda8TX8lZNaCuFovJIcK2
ZQlX6fuouXbSzj/yJSQzANx9Hf7Vmypur4LIftuEqhqljucahwmVufTgfoPq
YP4R0TC7GYdLtQdjnDvOdSt7zl7vt9L6i4VkcROP/yTZ5hch1RwcW0yOzwtt
j+l77WRJUtx+Vt9vSIoTpkicUzIL2Fj33Zfus9MDT4Z1ZWZJVNnkqVrrPUCP
AY4z9QjNIrtKbJion2b0OJw4MJZkUGFU4M/VKrSFN8T3zDqaC1fwjI9/ItQV
l4dL/aTk8MWVKZqxOlleNl1cJovgPVMOfjPsfHWkVev7OkIUoI2WpAMnG6j6
CBpsfZ1xMWEeNh0VWswjTi2lEMz/NDjFtdGykHN/+BK261sTCRwKhooJ2y3a
r1S3Z0WUOSZ5iU0YluC4axcInyspk2gfggTMpU37mRmZxfsrnPhWZxzhjdhc
MgwMZtdqFK9kwIR6Qud36UPjrA5FBVIBDAdKkONnnDQC3YcLzKhbuCii3YuQ
F8OMuZ24Jlz0E112JjHZ7tac+nEDM66DkwwjLanOI+oUDZIRWhoqTLU/Q+Ye
8sMlVq0JpUUHwTn4dFEE0WUJ/t0IPP8U4YhrRR+5rlAxEjDUXBssR07YuSs3
HO3X8w34d114NpmfIyoeqptYOyERcAV+MZGLLrUbBJ23dOQcvhZOk1jhByWr
7ex/qZS/cDQDCBO88GPTv/K1I5G9sm+t7NPGyGpBVaM3ltTfHshHMAHlz4GR
aMXenpzQnnoZVzv1aVEVKw334jBPIGHT7sm4SDH+52ebiKDfIsiDJGrOcjjO
zvwUnGQN09k4aRnhg6gUKRqLg5PfN6CBP9Temg+RamS1U5qR0aymYxl+eeuE
GJrNxE1fAbGoXf4snhAjk05+TYPMUf/NqMuyBPNhL2uyrDSusl9qHzDuEq89
OFTHCv3qWJWqBjKK7KLSUsG9wRBz600gXeLu6Qo37gI5m0rVm6kONWoS5+id
Ua/Dz5phBUjbPYo81fP53mhqUTzkGWMdj7EzxesEyC82NmdoiICAdrJfoiIm
WBKaHZWDkBnV3p2EgvtF+2FhuQ066IlTeEBmAi1+dUgh5ojaiXEP67SvX3IT
FsnaYEZ4zLPEzjx/mofsaS2DjBNqUHKy4uOmXVkwWkkjLFVj8SfLhZR1jjGd
y9q8zVnr5srClOI9A51usJXpnDA8WyB54OtjaeIyUYs3kb8+WXyE9e7Kus6V
xvZrkTj1zNdrRQm8x+4bHocCDvtI3544X+esudGZvFuTi5dHpiI2IHVK0x6f
ONd336GhQb94g2OH98nICaPJrenO0Kof62y86hu8OMfu22PNZ47H52r+/Hw6
F1yLrsK8PqyuGffe04UBO9z7WpDMJ2FMlAz4Klgb5JWUKxizvO+mvjsWgymz
/uc96jCIkiXvlMPytuOxRh2S8gX5TFWJRX8kxj3lAZTm4jl2/3gcpa8C/5tl
VVcq2iy5bVSQAgTQ8m6zHLEFn6ekzAUFhtLt26e5EcF9f5z9qFlWng8qlR5O
dFoN0j/zbnBtsJr9tgarvMCov+rR3La414nU4HUy7keKdYJXhP1yljZ2X/VB
kvzJHoKVpHT8Urb5CF3i8VOaS7bb0+T83DzfUaTm7p8svTgJX9LM/fNN3LDp
12eOOcscwybjdER1FbFjkiC65GwxM0WiA5CR7ccEmVeEeXnyK1HVOgV+v7dB
JxsEYzDD2xKq5KcLn80n+Q9RnxszMbR706Xwc3HxaN03stzqmhuXJlodybZQ
dRIpKLmGFSqLASWlhwz+E64mgSLea3cdnFozzddF7bFQwwOFQkV9QrJZSFar
vuVKDU0tTAFs5RD6U9ZYxEaS7pOO0a7wBW7GpUDhiZogKSsc+eguK1Iq0RGL
04yxl6irWJok6e+39Y17GrRluyk5HqywAhcOWAgToFFnvKXz0C5X+RI9S1lb
IBEtdYzqg44ySQHtCYSMe+73kV5RNG6U64npmYgjLT4x9szU2fZ5IVmgcSAH
mm886Mr6GIRkL584oxwi914l60QK5gPpQbq3UOj3RObEbF5mh4Zwg3RaAxBn
Nht1X97N9PlvjyJXhQu9ScZqh3fE/9YirpgliV2r4jPQg3GLycK7UfLmWBMV
biyHyb81jOTiV+32EfLsyy+w3EuljTjkyyVCnMbuy+E0MFFwNS2CTIdsw4fy
JZkhxr4Sm57o9iKL6tVJa5pswjRnVX0kw0XvCwmJPQ+u3rsUq01Df3hxfe8X
nk1fzEJjAoInUujCLqpVuRbfsaad+OpCF1UXjgq55nEZYEDSSI1hoYNujIV3
8tj4ieCa4nY2ZJ9vfAal7z+vhQbLSvoBinjUWoVvo90vOcUnaenjb5N5Uj1Y
Y8CZZI4T1oSo/0257TgXjmtYiPHAA68ckGGzZFKHMRMMLTaxRFBmr7XdUVgz
NRbhFGUyfcp2o02DtUGkZkXOpULac1Od4srjSL2lORqUYSM/0if3Z8GG9ngu
/rYKDe401qxeQkIa7Q0VMuRJe5qnEyF8sKrkSIrPbvV+/amhDV40ygs1z5Gf
RoXDWIJixuKfrTwEb7h/NKCFH8albz+9Oiexcs7Z+7s4SmJ9qubRROHk5uIR
GzNLgPSSQYBlnXYFJ0bGezyLYBYliXKSaZSU2Yfk41ur+WYiRFTj8L6mLbMQ
35404qYkwUxtBG9MHFmFhOV/eSVGKE3noI1nG/ureppc1b4KpPpJrN2qb6T3
F5DzoCg5TepkMWKZx/dmBkVoZSvkyCa2X7Nvt6xX+gRvogLbckwE0Hu2G5ne
UnDcC7WR2dh5MoE3/s4sQ93HyIgcaIWJjvW4Od9vUlqdsqrC/QvHAGUskXQI
g6p4XCICZS6yz4F8p2HiH7Zd+lK7+/zCsYLrSI618tORQcZcwxQeexh5dmcB
AnI1htZ2A6b0RyMCXFqwauPhdffWpqzXaRtywF4GiM01coFu/VCOJuDteYJd
PKNK4NncFqxlZxSHrbf0Y54xJrpal05fUgFQRfPJBh6P3Jn0ltzIy9JBG621
OQ0tkbdX+SVvRpp9j3pYd2Eunt9Q6Njie/6OT8eywU8k4BKv8Y+8IOURCaGD
hQ133JuQwPTqpgckcHWK+cUlUlwAMf7OvoyhvG75G+2xskDfQBeauPDyOt+R
8/bWpOS3pD7JKMKZttMh/OZuBAcburKD7JGoofSHO2geFQdkuffQgFBAxI9Y
QvJCyqRCV0jS/dT/5C1ba8lzXUiiKLIY1HtgnWPirjOKzKFkJapTOXLWOitK
SLREmT2GEPbg6xDUOtGBG8X466irrB++HV2kHNMyJjimmXGJdjRI49xe+ss0
6iIaZVdA1YwZoLGHY4vC+x7J/tbinlOE9BshnWKEZn4rErAKw0mQNDFOcrDN
yml4az5UyfkFUXUmXPxQz60LNF0G8hc8bDdcsTTqymxgdpPPk7ad88MoWS3h
CcpJ5ZXxuGzpTVCQUwYXCzNtRaCkyZSREMQspYho1KwfHO36hg5zwZ0QArEd
Z28sfQX2Ql1r9abNzVQLW8f2wPn/6VP0nY0xSUWPD0ep/NUGWuPASSq+58IL
bcplij3uN4nPYoKPgdp651E8eFuCvAyKBZRJjhio2mF0aTqOVzOh3RyOdZsj
HQTjpa3EN7RhYOFDQlr5ouJyx03IuD+JxCae/4LGMpd0LkxD2TuuOhCTgTNH
IbjOdXoj7jSzljx8UuYIWMUDNZoEo0aeXMPDfswRfBdNdRrHaKuXVljdpAZD
VsZ51pKSeiJO6XXILw6GIQdUzo3fKFrNo90Xw5e0OGlzjQU5x8yP7fZoJQnv
rBi9jMfyIvUuGdNLAhOzAmyyb8YRof35vqN53dacIhru65KRwcrN7pk1M5cQ
GoRFHER1X5irysnMOugqGtBsYap4mGuPcZaRq1F7mrCnIDKJdCAV1BupuQ0t
O3vuxBGPNw4AQjMQoQXlq2ZqWcUS90ZLGsciIXTb6PwH9TSGRivRfORkJK3k
F7DzgFfauVAVj42OPfEnoewJEsd87QlkfJtuD95cwUsCqWuvJc1O3eGepdiw
AGGTb6a56qcHMUsFt0StaDKITiavjfIa9/PHcAOB4hwo7lEqJxbMwyoud7jC
XHi4Ky6G4roXIeKicgghnv5f/+0YeeMLnbYgoxKEw4mLUQYsV370Q5dzxSG4
rQT0j7PfcaScJ1NzZ3M/lln7C7XdUToZXX0lTkWTJr2ZPm+5o5KOIpOG6cBS
hijC1cSaSPjwQj/tOfvx/SvJW+Pk+/zFmzNc5VX1MZ2f4gCyY/3X8brorqvm
4qpu227B408ui47ni+gWeWrVvh8XvrhQ/Z70dxBEZcdhP4WdgjtnXK0FBeaF
aDzQ9j896O3jlf9U5e1lYYMwVlLKAx6GUhMuHBoNNuTiz7Yuc3OHzKWhjjho
TMeKe5xgvKNOFID35mpb1yEFoZVEI2G41eCkLS544f6suC/Me8vqsriVqagE
zbuKixhZ+Wu5ewtezI48U/H2juEPDCMQg4aWldasOxXoa2ZMfRnCtchyZs0z
gNTMID9ZDpDgN9Hl/MAjA3vJAbDWAmEo9FZG66BtUMGeopIXTyZu9NLByKOE
sFtESukxDgNg3K36d7bRMEB/eqhmYI63kr/n52tBqdHBWh5V8uhgoa9nSN5I
nYRKkto2KRF293WLMk86YXywQnU4hbTZlQ1qQIoE440M4BINVD11L/I//nTu
pnfNCrYm/jx+8vmzyB4MRSIBW/Q3URm1ZKe5Pz4/y31yBYsPwjmk/Y242t5h
CBSw28xWsvrhgVPFMYgpdG/Ozt69ev6SNCLaO3pPxcNyNxX0t1W+vBs+f3bc
KO35796+z5AJjr7fDDSZoE4STiZRydx4vuDdsbWhVTdbSDuyizKaDpe010Pb
BbD4WotZjOcyWH4WjTPgvtw+JYgtXh6GZ44XTklp8LZX3OSiHPIXiKLp4X9h
/t/U7cKoOJchLDY8VE6oea0X/eqiqK+5+xz9HYbXhOxq8bZO40OIGPqMZ+CG
jeCT2LDBQ3BkpqOUl+0uN0XV8Fr8skrUJKGvObPf05/1hNCGQilMxX4gZHnC
2U9o0U3/+C7b1Nte+yKJIicdUJWpe+sDi6eeKUQFXo1nP11NKpLBQWD17eDa
3KiEpOAwTXcGaZ/E1VvdrTiyYjetn0Hl/h2YoF3Vx2wHRR4ykpFVzEoL5Dwu
+tTMUTCDdEM6ZGyuOT87LaA2k6JF1yNtQ+cKSwHxTwjzYH4w/xPDg6FH6OgX
9oCsKrKLkOLJkzB732O+WP21WJaRWYerIaRZS8Tu9JWOzBIA9eNJ4b3yAL5i
mTcBI/DYwLxt2r8roDfwLQxhKrcP+GDoTigu1Azfv9sQefEOHr7jp/sjgS0M
aK5WAYd+RPvePSIKqOsSIw5CNXyrydDc0FwNBRZ6XFBc7+LW6rrjhsz3Gm2G
cOquLXIuxM6TXUV7l/m23AEge8vjn91p/NPskH/x/u3pEcfrut1maImQNjdw
HsmIEc0aWUsAXbVgJ6EGXau04XqEoIVagFUDFiNkNS6yVQJ2mtShtoHpISKx
IYtv2k0cqewlVSNTYAPtdMawMwek9GeSMPzOim6yQ/rH0WwfF2Jkedi70cwW
GxWRHa6q1ZHdQLmuulVxbeRZKYV6DBlDnzm97El9yXZsZGc0CrhkylTUksLG
Isa10z7JSxr0VciK4N/RA2GWEg+at+Uw9gtT09ZkyCOLyg7zoVhXa7Jg/Hx6
ribKMQcBbhB/kmI0DTZujhcMcrACokhrJGK1SVyLJbVMfay9yqR6CTI6H2Ts
T0J0U/DrYZ9N7vZ2uaEtHiJkORQ9J+5hLtrQLtv6SAKu8gpjB1een3HmTbIv
eLBq+PmGm3W1dFzYqi0F2PzgBi65H1UTzYe31oi847hToPOhzuPxAW6LTe5p
CanYOnYlOvVMjOiIKedIGCfQ/TkcgaD9DtkyDTNtv2J2GPoCcvDSp4uTmBWY
SFs+3+6n8MpSw6M9LP3nSOuBRFUHuzLIGFDJQulZ3+Mx3/2IplRLsyaAUA6I
fHK2QvPoLjyoZnIKqUDkyVJ6uKJb3lRwCyH9JB7WK2q7In7o/gVSM7ivijuy
yvuIZnGfdfntY1IvvcIkgDHS8f3dk+aPJHuq66AsvPwRV3BKLzyVFbNvHxtt
9URyed+2fX5ddBEtkfED9q/6/O+ZgfEJTxkfjUmkSVzC57hXd8SOcWdtw7Z9
mqGvI38qk1B8YXtQ6uNq4VzSMCzSEkHY2Y6lfE0aCVWl9ceOezAku+D68Opy
O0ijZH2pnjtKCHP37mKeilvfDojRImOJ3VvfRHfNaZbK7E+SGZu35RRHZ+IO
rc+1VGXmpJp0Zh1o2EIPnWt4+Kw4RaL8hBCgwuDfThioA3ZqsTynnl2WQjmc
/Wc4HprXCykqK2feaTJJfxtqVEOwxhG6vWlJokEdZ4kTM27GZmRwWyPaxMuR
xdql80Ij7tcM+qIdgSugQEQk12suEpFOqLH96wLi6VA4nBeNcHPOGBT3pLig
SE1A5BmbiHKR+EoQ9ZYfiVNEamGUzXKi+8M+NlK4Ll4KsoTdNOV2wMxRYTuz
MFzYOhnHaZlxr6gvYIM22YjQwoqjZtaGZxZ65ogi6KI2zgjjyuSMOH4bMzK7
qwQgOrXx/NdZj3KfHrRxNkrM6Zit3bXChoPFwLj08v3z7x8//ibCIRkPh16e
fhJdV1o6jZq/yKQxldgKZ0wf4E31gkoaUmXoSvJ3dn4P5xJSUiPKHGBVmJhl
oSzpilBbtEr9PdY8Ttp5efmjPnVdtgdpv3v1Ku1vO2r2y/VwV1cCA5VkPLdw
aC3LyRyXIkF6CS/MzF+rHmzi5pEZ4wuVPHT9uQREcYn5VUhzgtovvPd1ARol
fSrRCF4JnA4/fQofymdhjqOkol2LY4LfCYtiORgRsX2MTIqU+07clwsqNavj
lxaqxpnFVq7pQN1GBw0DBrNIiIob3RRFL5aqxmvGuRk7WV00XEyn7YS5cZIR
+vjOZr50R1gucZ5NbQ95JY6wgPkHGZJ2ZLmFj2K+/iBpImq9StLIZ/cfQ4tB
s55mhMGM945SZB5yb51y1JOcC5GDwNNbZH1slfk+BDIoimOgYKvIcv4Fxipu
yLCTrtz2exqe+/W8NLuXl7ov81JJF8HFS1sjPrD4gSPyc0J+U/WSWmrAyqeG
QLg+jqfQlhXzYNGRMY0XsTeJhfnIa4d+KysgY4m5YN5ayREqMg8gqzfScFZd
zz5EM3aPhOmJAbyI6fjo1OXORemNlTjMrczl+Fcj4W92IjnvK613qS9x0sk1
9jZFByZZMhVwIWNHq0YtoSd43SOZ7r1mMzfhcp30HY58sLPE3ezu9S8zqXPb
FaQGoKua6vefHjC0JRpZ3kV3EdJylCurDwf3xikb6paA6Rgogq9biuEtxjPK
yMu+UsH0FUski1+oVsP8lNjWFII7k2sYSzJDovEovj0L3d4FWlp0zMXLbH7o
DHHX3j9W0UbC+AC9hn0llMtpQrx9S7USBhJvI+UeBrfeJ8B9xUEawoyv+Epi
baLQiFMcyfZDK3pIvKYlze/OF3XY9F62Wol3kgZfSfGODunhD5iCuciZOQve
EiYVRxNdvMC2gH10s9EuERgb6TT+kDqmGpB1Gi/H8utSekAoLqk3ln9px/Pf
2iTaOzd6Z5JKMb01TrBwjlFd2xUJziKxHxHVUmPBfivXHcnNWXYgbsTTZNCs
e2db7w+keaw1mwCvqD7Gb2ai2EcGZ41zLDeHdnVPB6FDjl99/+Tpd2AgZ5p/
8M3xd/Di3/MMT/IixSOdKSLbQI5LIfkNTX/HGie8LRHgJCAuwyN0LHvs9lZf
Otcm+Rb5YrOzQeLiOoFeWyYh4xW2R3GNpAXYrZbdI2/j7o4+EMLKWcdkyd2C
0SlPNboc2MgNTVQ4bfh3wygPRlN4QdKyAVpuZXm/JLGv0wIQvg0kMLIGWu9y
P8KGHV8uanCF1BrZMyzZTiWEaBwRELXph6Rph0R4x8hacWEuF5unQwGgVfuI
iA6vRtfxY0JBVS5rMkIQAGC08fgqkScR5Eho/AiYWL1hz/3DoowfLlg6fHIk
wT5pupluxNd82A09jA5hBTNI22k4HsUmH+499tZWoxCTXAT8hzuOm6wkCRpR
IG0w4JKy21kUlbS+Y+xEj+cpGmOOasac1WaLA2+v4PskO3x6lJwswnLOzKkB
850jKIIbsrgVl7Xx6NhRoP3bsZHDr2VdAalLQVoF9AoTkoiGbQZtKDzkXvl1
PeIl84iowpwpN9nHeVxDnBSfaZJX0vAt1Ofx6NP3MbaYSFckV2D51nQ8j6MQ
h8wrJGqjK4H2k/CiS9NewqC4RCec4WiX9Lb1nJMaDxI8OAhovj/LYD7lx8qy
cTfoL2jgo5bJkXcD66S9X6aU9FnUxEj6QFnzJxS9SG+v0MZ2aD+UTUJMANHb
n968fOGT+RKRx+mVjW+Jp55yQq26FqzhDw/ipny22whwlh257Nq+z5MuKZUq
K4t087pVwK3lPL6GV1hJGnInvjg/9WghKjbnj6Gmc1cdLI4syxJj3wtN8wwF
CbmMP4/6ik02z4Jj2Ko4s19sQMt5YzauLunXygQ8cQTZhQiTI84a/SVY7hX1
zpUIZkpaEeJw3U1AqeMxOsjNyvSmvauxTg73kYOVZrZ3jXq2xsjFLUAOomYF
6TF8+eycG96XF5yAAPdNs7pQHwF38TiYbHAwvdiJn3sLkPfLsrGuFDHflvBS
IpV07ier2QrcI65XxJxbhunEjNxZNjkhN3xsneO4ScfBfpHuvRBJBsLy60dN
ERK1bhcXMMXt4WQcJ2cCYo3A5ZNpmVbO8sWRgTYDCOv45g2jzg2jPZ7cN+FP
J/2E9PikW0iyt3nSPHZi3qnhqQ5hT5uTzFRET84fzaR7JhYYjyDNXnh1Jld1
5npbraSIlV69Fbksvim+ncTYYkkt7pOppFiVR9bYyGdx8g0FFYYOgPlrmjXu
g55F5ocOMkw4UELScYUShVwGhWTnL1/66F88nHAa6621S6+zCnup7tOWfLd+
TFEiSLlvy0HaSiTFZ22gO496sczi9oosor4E6aQ/oKrLWsxrlBW2ieMtotW1
OVATNXAM7SevDLBeILCoY3asEgA0NCEUSBv2KUTJ4vFO+jQ/FxYBmEo+tHRJ
q5xbwnFz7Cv6WfJxsgpfLUlc1AM+ihs/H6UFeVpYlyAhoxPr6b4Z7b5FoC6+
aBZKot4KbscWw74SmerurIYhFz7YzuJHl/mF4A/1yCVnqml/4xvgks05i/1w
0Rq+deT7l79/dXb+/i/Ha3RB9MmFtB9OCR/pv51cQAu5FXcn9TpNtac8qjXI
34qNdsK+FoaATs65STsHi9HNwabR7p1Fxp9zUavcZVvXmD2mBj47N7Pfi+3/
qlkeZ4eVgFIbTLx6ef6DS3egOftt6j/49GDskkEr/9Mgdh6FPnY++6Kfj41Y
McKIyfvfhMlBBAv/aTRyynTutg9j181qYUAdsBcmy079a1OWIT3zvtbZeKOC
st9aJ5Bl91cKzGXQlx0mcgCPi8t4uFBUXpbtlZdJj+9JB5lWfs5Ttpu4gfyQ
hDGkaI3n7GTbA9H3Xz97akOKhS7hmoovhw3BX1+yI3j0mj1153Ctv0/k2acH
sc9u1KFhjfmTg7ZoiJ19YJ7qwpQeiBqI7Vm1Vn+YS/xhpn+IU9DMi7CvGBTW
DA2BfthCvRMnsIDou++//h5v9VS++Ie/9uiKEpr75eLWlqT7j1I4COA+/faZ
NK+Y8r9FJ5QBGYAW8GEeJyfRF2fbyyH6biIUwBuiX3rPmfdKEr68eXRKX721
St39r15aH/pl4j6fIyeiMBQYJYgb+sgJMWQ38561cahk5nPGij5Zi1WQ4KaW
IX++1+XRXvsK0McZKSA83nC8WcyFQcBCviZVdGyd4+lXwSEnSY5Tq+w99c4L
lUQUzEfi59CcONoSvO165j2n4Ta1A5Vk31d9jAISIwgw4BafR760ok8iJH0U
pRX+JOEu/HucUost/NAV1yIiPYPdO3oh8f4I9x79VWYIpndt1OLJQJDeE8sz
ZbmRchN5ceakpsHvJk3qief2wiEZGdFr4LpaZs0WGvhhf4TpDvz5D+APPlaF
b+z3S0yb6W9EcDOdYHiD/wWuj+BFZPffMtJVSGewzOShFaf3UjxVV9tukOae
0V5xTomhy5CGSYTiEo9tT0CfZ5hE+fYNk6IULkqiWWPfC8VJCq9hW6n/7h8C
Zp00k+9Dhd7eS/+dkj/jS01kf85ZiOwhYN02sOx5tgMD3oj5m+gs463dy+gs
beY/juHluuT/d4wvFk0T/sEvMEL0QAkRu/9ihL+ZEaJnEcnh5U3XNu3WJ2sh
H6LTwgWbQRGxx//ijv/FHf/TuOODQLV7qQqeYEkpJlu/7PLQIUlwT81WLjOZ
+Zp1bnSvvUdHuV3iHtRJp5j7ZbmoJzrMXuea3JqRaSqFdapDVq72wdQwp46J
8UY0Otdnp1G/TP8otGU4sT/KMGinOagcC7QZvzrftmuilvmhhgMtrLWVTmxE
ODZTJpuqs3NFfcjVWkYrWZdDP5B+JYNaeAZQa/nHBF7r838p3cwlfIgsCfgm
GGK+VwBX9MOzZVmN6JkqbUuk+ZiO+bPhyJw8y5uTeyPzsl7lOinkFOandR10
6vTXgOcQNQaR00lhHFcayaxjP4DZOlrzK5xvO2EXIC9FGJbjCN6sAzOXjZyb
B8N8VE6adMg0AZTybDc9onXruU+XntrA1Oad/5WY9BESRw0yeBQiR3GlIhQ4
69tMZdZog7d+A6dtzb9Ac4JiuMkrZlfcQJgwv1h+4LKHNlxpyemiRErXOqLX
71jc+DzJzoQWO1tvNYeaX6AVpjgP+5YE4110e8nsqTAEK5lnVxfN6p5+/E5D
+qUHNMnZln4jiBxg1DP2lfVVNFyPL827HZwWs6AeG56L9UYC870nUGtXrI0Z
/wTsn2VJWqKzhiKmwEUNNQ4TI9wHSEOFNe1D9qa10XwSS183J7RmA4svEi/i
zvC0PSSFcNa5Zb3DvYC+oj57lIW/ZBtLk3zNiSd7/q6srm+ACK5P1ogmv8RV
RJq5ZENYtN8HWs9C7UL7gsbnH9s0YuDFUaiQj0tB6Yq426bnLTDQLgv00Sx0
5Hmn2QbTc64fpuNPkMEsSbaS3T85AlBYXsmVnHt9wyUjiYfZbDcaOlHfPwsC
P0+XnWKam6j8fH/UFHcOm+wILDjpTJLlpHWVtwVyTapQUwHXr2QNEWW3ueR2
oD+4r69wSX2FTjxm9xLf6jlX1v9yj23LdumjHtuZ77Gt9d33dPqep3mpngWr
zPRF1dbYOspCYGKXltgcBeTMVa1Gh10h0RIkleyCQKHDcHfDZEaB5nqHumq+
MXTMihKJxrPEtd5gste00zYd1kI6j0qUsFntKB26SGeTXaTd/V2kJ/pDcZd1
yeuH6K/L4kNIWtFSakkbFUWCC87pjDdVmLGmhbYsjoRQQ9OzUVeWuiDuzhDb
Ntf0gl6ktzVMd+MH8Uh7l3Mx7mangqBfI28lajQ+43RsbqjjTYQZMTVjusUa
lTEW/SxWwFZwIkl84iivZtfLAdnopE2i5sK3fRHVRMdHHKLxL2s/WEfk2ZFm
QS9kiqJvZuUm+luxANrZUFDtdCd55fF5PRAgfpLKIjo6ooy0ZcnAL3wzsXfe
ElOEEZiKoiVncZKzJJV92sYRDQq4IJ0MvUJ7O/oaEN+QKi5bC7BipQcyhpdX
kioGg639RHDQ070EGpco8JeczMFOVWSMGyZVIxzisBOPd+GOBNVgaQ2o1GNk
CsKZW5Z04woYJVvnUwM99/A6EHYj2lwxSO4/ZF6iY8btNX2DOCulRDcY7oQa
KSkaWBXbVuq1XS8NVWRWoyoOJodNqdlTaBJ19FcqNMfZGGjcaCQ0fQzHwZds
PsRF80yvBlYkraoaKJEWo/+0mkVr0uWSCYR+NIjl/AZ+nvmGCejr49STH92Z
3pTSSV3sICuivjb8PNeyOQZ8Hg7qrbRDq8mh7bZ1pI5rEaFEJljeEyPRMB63
sn367pSMgV0d2gQtMSnEMkCiongyIla77A+vT59LTvy6XKMqPK6yDbG5o+z1
6V+ykIkTM6BRMxvnmxmNpriZEHnISUhsrMVdb8ddU3BLdutWwOPrNGJaQJkK
6x8yaTzou6z4cxsllbVKNCMi0xHV9c7neluaiuHOiiiK3SEODIddMkzmF/IT
aOtRhdZe/0DTrP3ByPAosr9t2yA6tH2fyKMKnwu+ajEDvXXBrXuSXvoYTWVl
ePFr7OU6QJRlVOcL9ixHZy0p2ntIaHNpqv7LPXitZ7lPkEfbMqEL5fHablTl
efSKoNnbZRGrfKf56lIS7Pt7s2IlyjWngzFhYI7UBzS9bAUU0tN1YY0TtM/t
qpQ4X7ewZlH3tF1K4SgJyTV36x46nssTJL2yxmQGlQmzc+1JHBdk+fi/7Dqj
Xe9zAz6G3j4ct/ZrhzMeqsqm8xuk/7SmG1QY0afKt28cm1RjHBntOH6Qx00E
MGEqXwSljW9ZtZm8DPZRVM0W96K3wdqiv4VIUyyWy+16q8NcSI+8zpnfYsZC
1XNllZf46lINRWuXO3810Wa1LnMmCphNWHELmzS68Ikxvc25iStqNYYu5TPM
lmP4KfE4dAoREMOXmOLYqbQPL7zvi4dwkpRkVifjYtA2LbdH/MA3ybgK9b+F
5k9PnJJ1bh72KNaBAIdrTFWyyAm0ZoQPchJjlIKVU6Hp8/gIwnqWbdVgtkJv
petpU2w9vQ59jnOPdlOZR866/Q5WLltpzaKWVytiaqqJc3meZzBh4cI8XSIT
D3M22RPgPs3FIV2u/umAPSgHWmKprmFc5AdFOhKW5Z358H17AVQFsqPmptio
a0qKAELxPEgpGELWAWMllIdsDa5XhWe315KPMKYADNBKp+mSqpo9Wsfu/wFK
vEtEDuoAAA==

-->

</rfc>

