<?xml version='1.0' encoding='utf-8'?>
<!DOCTYPE rfc [
  <!ENTITY nbsp    "&#160;">
  <!ENTITY zwsp   "&#8203;">
  <!ENTITY nbhy   "&#8209;">
  <!ENTITY wj     "&#8288;">
]>
<?xml-stylesheet type="text/xsl" href="rfc2629.xslt" ?>
<!-- generated by https://github.com/cabo/kramdown-rfc version 1.7.39 (Ruby 3.3.8) -->
<rfc xmlns:xi="http://www.w3.org/2001/XInclude" ipr="trust200902" docName="draft-ietf-ace-edhoc-oscore-profile-11" category="std" consensus="true" submissionType="IETF" tocInclude="true" sortRefs="true" symRefs="true" version="3">
  <!-- xml2rfc v2v3 conversion 3.34.0 -->
  <front>
    <title abbrev="EDHOC and OSCORE profile of ACE">Ephemeral Diffie-Hellman Over COSE (EDHOC) and Object Security for Constrained Environments (OSCORE) Profile for Authentication and Authorization for Constrained Environments (ACE)</title>
    <seriesInfo name="Internet-Draft" value="draft-ietf-ace-edhoc-oscore-profile-11"/>
    <author initials="G." surname="Selander" fullname="Göran Selander">
      <organization>Ericsson</organization>
      <address>
        <email>goran.selander@ericsson.com</email>
      </address>
    </author>
    <author initials="J" surname="Preuß Mattsson" fullname="John Preuß Mattsson">
      <organization>Ericsson</organization>
      <address>
        <email>john.mattsson@ericsson.com</email>
      </address>
    </author>
    <author initials="M." surname="Tiloca" fullname="Marco Tiloca">
      <organization>RISE</organization>
      <address>
        <email>marco.tiloca@ri.se</email>
      </address>
    </author>
    <author initials="R." surname="Höglund" fullname="Rikard Höglund">
      <organization>RISE</organization>
      <address>
        <email>rikard.hoglund@ri.se</email>
      </address>
    </author>
    <date year="2026" month="July" day="06"/>
    <area>Security</area>
    <workgroup>ACE Working Group</workgroup>
    <keyword>Internet-Draft</keyword>
    <abstract>
      <?line 167?>

<t>This document specifies a profile for the Authentication and Authorization for Constrained Environments (ACE) framework.
It utilizes Ephemeral Diffie-Hellman Over COSE (EDHOC) for achieving mutual authentication between an ACE-OAuth client and resource server, and it binds an authentication credential of the client to an ACE-OAuth access token.
EDHOC also establishes an Object Security for Constrained RESTful Environments (OSCORE) Security Context, which is used to secure communications between the client and resource server when accessing protected resources according to the authorization information indicated in the access token.
This profile can be used to delegate management of authorization information from a resource-constrained server to a trusted host with less severe limitations regarding processing power and memory.</t>
    </abstract>
    <note removeInRFC="true">
      <name>About This Document</name>
      <t>
        Status information for this document may be found at <eref target="https://datatracker.ietf.org/doc/draft-ietf-ace-edhoc-oscore-profile/"/>.
      </t>
      <t>
        Discussion of this document takes place on the
        Authentication and Authorization for Constrained Environments (ace) Working Group mailing list (<eref target="mailto:ace@ietf.org"/>),
        which is archived at <eref target="https://mailarchive.ietf.org/arch/browse/ace/"/>.
        Subscribe at <eref target="https://www.ietf.org/mailman/listinfo/ace/"/>.
      </t>
      <t>Source for this draft and an issue tracker can be found at
        <eref target="https://github.com/ace-wg/ace-edhoc-oscore-profile"/>.</t>
    </note>
  </front>
  <middle>
    <?line 174?>

<section anchor="introduction">
      <name>Introduction</name>
      <t>This document defines the "coap_edhoc_oscore" profile of the ACE-OAuth framework <xref target="RFC9200"/>. This profile addresses a "zero-touch" constrained setting where authenticated and authorized operations can be performed with low overhead without endpoint specific configurations.</t>
      <t>Like in the "coap_oscore" profile <xref target="RFC9203"/>, also in this profile a client (C) and a resource server (RS) use the Constrained Application Protocol (CoAP) <xref target="RFC7252"/> to communicate and Object Security for Constrained RESTful Environments (OSCORE) <xref target="RFC8613"/> to protect their communications. However, this profile uses the authenticated key exchange protocol Ephemeral Diffie-Hellman Over COSE (EDHOC) <xref target="RFC9528"/> to establish the OSCORE Security Context. The processing of requests for specific protected resources is identical to what is defined in the "coap_oscore" profile.</t>
      <t>When using this profile, C accesses protected resources hosted at RS according to the authorization information specified in an access token, which is issued by a trusted authorization server (AS) and is bound to an authentication credential of C. This differs from the "coap_oscore" profile, where the access token is bound to a secret that is generated by AS and is used to derive the OSCORE Security Context.</t>
      <t>Whereas <xref target="RFC9200"/> recommends the use of CBOR Web Tokens (CWTs) <xref target="RFC8392"/> as access tokens, this profile requires it (see <xref target="access-token"/>). Furthermore, this profile requires that, for messages exchanged between C and AS to request and provide an access token, the payload is encoded in CBOR <xref target="RFC8949"/> (see <xref target="c-as"/> and <xref target="as-c"/>), which ACE requires if CoAP is used (see <xref section="5" sectionFormat="of" target="RFC9200"/>) and recommends otherwise (see <xref section="3" sectionFormat="of" target="RFC9200"/>).</t>
      <t>An authentication credential can be a CWT; a raw public key, e.g., encoded as a CWT Claims Set (CCS) <xref target="RFC8392"/>; or a public key certificate, e.g., an X.509 certificate <xref target="RFC5280"/> or a CBOR-encoded C509 certificate <xref target="I-D.ietf-cose-cbor-encoded-cert"/>; or a different type of data structure containing the public key of the peer in question.</t>
      <t>The ACE framework establishes what those authentication credentials are, and it may transport the actual authentication credentials by value or uniquely refer to them. If an authentication credential is pre-provisioned or can be obtained over less constrained links, then it suffices that ACE provides a unique reference such as a certificate hash (e.g., by using the COSE header parameter "x5t" <xref target="RFC9360"/>). This is in the same spirit as EDHOC, where the authentication credentials specified in the ID_CRED_x message fields can be transported by value or referred to (see <xref section="3.5.3" sectionFormat="of" target="RFC9528"/>).</t>
      <t>In general, AS and RS are likely to have trusted access to each other's authentication credentials, since AS acts on behalf of RS as per the trust model of ACE. Also, AS needs to have some information about C, including the relevant authentication credential, in order to identify C when C requests an access token and to determine what access rights can be granted. However, the authentication credential of C may potentially be conveyed (or uniquely referred to) within the request for an access token that C makes to AS.</t>
      <t>The establishment of an association between RS and AS in an ACE ecosystem is out of scope, but one solution is to build on the same primitives as used in this document, i.e., EDHOC for authentication and OSCORE for communication security, using for example <xref target="I-D.ietf-lake-authz"/> for onboarding RS with AS and <xref target="I-D.ietf-ace-coap-est-oscore"/> for establishing a trust anchor in RS. A similar procedure can also be applied between C and AS for registering a client and for the establishment of a trust anchor.</t>
      <section anchor="terminology">
        <name>Terminology</name>
        <t>The key words "<bcp14>MUST</bcp14>", "<bcp14>MUST NOT</bcp14>", "<bcp14>REQUIRED</bcp14>", "<bcp14>SHALL</bcp14>", "<bcp14>SHALL
NOT</bcp14>", "<bcp14>SHOULD</bcp14>", "<bcp14>SHOULD NOT</bcp14>", "<bcp14>RECOMMENDED</bcp14>", "<bcp14>NOT RECOMMENDED</bcp14>",
"<bcp14>MAY</bcp14>", and "<bcp14>OPTIONAL</bcp14>" in this document are to be interpreted as
described in BCP 14 <xref target="RFC2119"/> <xref target="RFC8174"/> when, and only when, they
appear in all capitals, as shown here.</t>
        <?line -18?>

<t>Certain security-related terms such as "authentication", "authorization", "confidentiality", "(data) integrity", "Message Authentication Code (MAC)", "Hash-based Message Authentication Code (HMAC)", and "verify" are taken from <xref target="RFC4949"/>.</t>
        <t>RESTful terminology follows HTTP <xref target="RFC9110"/>.</t>
        <t>Readers are expected to be familiar with the terms and concepts defined in CoAP <xref target="RFC7252"/>, OSCORE <xref target="RFC8613"/>, and EDHOC <xref target="RFC9528"/>.</t>
        <t>Readers are also expected to be familiar with the terms and concepts of the ACE framework described in <xref target="RFC9200"/> and in <xref target="RFC9201"/>.</t>
        <t>Terminology for entities in the architecture is defined in OAuth 2.0 <xref target="RFC6749"/>, such as the client (C), the resource server (RS), and the authorization server (AS).  It is assumed in this document that a given resource on a specific RS is associated with a unique AS.</t>
        <t>Note that the term "endpoint" is used here, as in <xref target="RFC9200"/>, following its OAuth definition, which is to denote resources such as /token and /introspect at AS, and /authz-info at RS. The CoAP definition, which is "[a]n entity participating in the CoAP protocol" <xref target="RFC7252"/>, is not used in this document.</t>
        <t>The authorization information (authz-info) resource refers to the authorization information endpoint as specified in <xref target="RFC9200"/>. The term "claim" is used in this document with the same semantics as in <xref target="RFC9200"/>, i.e., it denotes information carried in the access token or returned from introspection.</t>
        <t>Concise Binary Object Representation (CBOR) <xref target="RFC8949"/><xref target="RFC8742"/> and Concise Data Definition Language (CDDL) <xref target="RFC8610"/> are used in this document. CDDL predefined type names, especially bstr for CBOR byte strings and tstr for CBOR text strings, are used extensively in this document.</t>
        <t>Examples throughout this document are expressed in CBOR diagnostic notation as defined in <xref section="8" sectionFormat="of" target="RFC8949"/> and <xref section="G" sectionFormat="of" target="RFC8610"/>. Diagnostic notation comments are often used to provide a textual representation of the numeric parameter names and values.</t>
        <t>In the CBOR diagnostic notation used in this document, constructs of the form e'SOME_NAME' are replaced by the value assigned to SOME_NAME in the CDDL model shown in <xref target="fig-cddl-model"/> of <xref target="sec-cddl-model"/>. For example, {e'session_id' : h'01', e'cipher_suites' : 3} stands for {0 : h'01', 2 : 3}.</t>
        <t>Note to RFC Editor: Please delete the paragraph immediately preceding this note. Also, in the CBOR diagnostic notation used in this document, please replace the constructs of the form e'SOME_NAME' with the value assigned to SOME_NAME in the CDDL model shown in <xref target="fig-cddl-model"/> of <xref target="sec-cddl-model"/>. Finally, please delete this note.</t>
      </section>
    </section>
    <section anchor="overview">
      <name>Protocol Overview</name>
      <t>This section gives an overview of how to use the ACE framework <xref target="RFC9200"/> together with the lightweight authenticated key exchange protocol EDHOC <xref target="RFC9528"/>. By doing so, the client (C) and the resource server (RS) generate an OSCORE Security Context <xref target="RFC8613"/> associated with authorization information, and they use that Security Context to protect their communications. The parameters needed by C to negotiate the use of this profile with the authorization server (AS), as well as the OSCORE setup process, are described in detail in the following sections.</t>
      <t>RS maintains a collection of clients' authentication credentials. These are associated with OSCORE Security Contexts and with authorization information for all clients that RS is communicating with. The authorization information is used to enforce policies for processing requests from those clients.</t>
      <t>The ACE framework describes how integrity protected authorization information propagates from AS to RS. This profile describes how C requests from AS an access token specifying authorization information for the resources that C wants to access at RS, by sending an access token request to the /token endpoint at AS (see <xref section="5.8" sectionFormat="of" target="RFC9200"/>).</t>
      <t>If the request is granted, then AS replies to C with a successful response that specifies the authentication credential of RS. Also, AS can provide the access token to C by including it in the response, or instead upload the access token directly to RS as per the alternative workflow defined in <xref target="I-D.ietf-ace-workflow-and-params"/>. The latter option is not detailed further in this document.</t>
      <t>In order to establish an OSCORE Security Context, C and RS run the EDHOC protocol. If C has obtained an access token from AS, then C specifies the access token within an External Authorization Data (EAD) field of an EDHOC message sent during the EDHOC session (see <xref section="3.8" sectionFormat="of" target="RFC9528"/>). The authentication credential of C that is used during the EDHOC session is the same one that is bound to and specified in the access token. How C and RS run EDHOC is detailed in <xref target="edhoc-exec"/>.</t>
      <t>If C and RS successfully complete the EDHOC execution and the validation of each other's authentication credential, they are mutually authenticated and derive the OSCORE Security Context as per <xref section="A.1" sectionFormat="of" target="RFC9528"/>.</t>
      <t>From then on and as long as there is a valid access token, C effectively gains authorized and secure access to protected resources at RS using the established OSCORE Security Context. When RS receives a request from C protected with an OSCORE Security Context derived from an EDHOC session implementing this profile, then that OSCORE Security Context is used to retrieve the uniquely associated access token indicating the access rights of C.</t>
      <t>The OSCORE Security Context is discarded when an access token (whether the same or a different one) specifying the same authentication credential of C is used to successfully derive a new OSCORE Security Context for C.</t>
      <t><xref target="protocol-overview"/> outlines an example of the message flow. A more detailed message flow is shown in <xref target="example-without-optimization"/>.</t>
      <figure anchor="protocol-overview">
        <name>Protocol Outline using the EDHOC Forward Message Flow.</name>
        <artset>
          <artwork type="svg"><svg xmlns="http://www.w3.org/2000/svg" version="1.1" height="592" width="576" viewBox="0 0 576 592" class="diagram" text-anchor="middle" font-family="monospace" font-size="13px" stroke-linecap="round">
              <path d="M 32,48 L 32,256" fill="none" stroke="black"/>
              <path d="M 32,336 L 32,576" fill="none" stroke="black"/>
              <path d="M 360,160 L 360,400" fill="none" stroke="black"/>
              <path d="M 360,512 L 360,576" fill="none" stroke="black"/>
              <path d="M 568,48 L 568,576" fill="none" stroke="black"/>
              <path d="M 48,62 L 112,62" fill="none" stroke="black"/>
              <path d="M 48,66 L 112,66" fill="none" stroke="black"/>
              <path d="M 488,62 L 552,62" fill="none" stroke="black"/>
              <path d="M 488,66 L 552,66" fill="none" stroke="black"/>
              <path d="M 32,96 L 88,96" fill="none" stroke="black"/>
              <path d="M 200,96 L 560,96" fill="none" stroke="black"/>
              <path d="M 40,128 L 400,128" fill="none" stroke="black"/>
              <path d="M 520,128 L 568,128" fill="none" stroke="black"/>
              <path d="M 32,176 L 88,176" fill="none" stroke="black"/>
              <path d="M 296,176 L 352,176" fill="none" stroke="black"/>
              <path d="M 40,224 L 128,224" fill="none" stroke="black"/>
              <path d="M 248,224 L 360,224" fill="none" stroke="black"/>
              <path d="M 32,352 L 88,352" fill="none" stroke="black"/>
              <path d="M 296,352 L 352,352" fill="none" stroke="black"/>
              <path d="M 32,528 L 120,528" fill="none" stroke="black"/>
              <path d="M 256,528 L 352,528" fill="none" stroke="black"/>
              <path d="M 40,560 L 120,560" fill="none" stroke="black"/>
              <path d="M 264,560 L 352,560" fill="none" stroke="black"/>
              <polygon class="arrowhead" points="568,96 556,90.4 556,101.6" fill="black" transform="rotate(0,560,96)"/>
              <polygon class="arrowhead" points="560,64 548,58.4 548,69.6" fill="black" transform="rotate(0,552,64)"/>
              <polygon class="arrowhead" points="360,528 348,522.4 348,533.6" fill="black" transform="rotate(0,352,528)"/>
              <polygon class="arrowhead" points="360,352 348,346.4 348,357.6" fill="black" transform="rotate(0,352,352)"/>
              <polygon class="arrowhead" points="360,176 348,170.4 348,181.6" fill="black" transform="rotate(0,352,176)"/>
              <polygon class="arrowhead" points="56,64 44,58.4 44,69.6" fill="black" transform="rotate(180,48,64)"/>
              <polygon class="arrowhead" points="48,560 36,554.4 36,565.6" fill="black" transform="rotate(180,40,560)"/>
              <polygon class="arrowhead" points="48,224 36,218.4 36,229.6" fill="black" transform="rotate(180,40,224)"/>
              <polygon class="arrowhead" points="48,128 36,122.4 36,133.6" fill="black" transform="rotate(180,40,128)"/>
              <g class="text">
                <text x="32" y="36">C</text>
                <text x="364" y="36">RS</text>
                <text x="564" y="36">AS</text>
                <text x="360" y="52">|</text>
                <text x="148" y="68">Mutual</text>
                <text x="236" y="68">authentication</text>
                <text x="312" y="68">and</text>
                <text x="356" y="68">secure</text>
                <text x="432" y="68">association</text>
                <text x="360" y="84">|</text>
                <text x="116" y="100">POST</text>
                <text x="164" y="100">/token</text>
                <text x="360" y="116">|</text>
                <text x="436" y="132">Access</text>
                <text x="488" y="132">Token</text>
                <text x="384" y="148">+</text>
                <text x="420" y="148">Access</text>
                <text x="496" y="148">Information</text>
                <text x="116" y="180">POST</text>
                <text x="212" y="180">/.well-known/edhoc</text>
                <text x="148" y="196">(EDHOC</text>
                <text x="220" y="196">message_1)</text>
                <text x="156" y="228">2.04</text>
                <text x="208" y="228">Changed</text>
                <text x="148" y="244">(EDHOC</text>
                <text x="220" y="244">message_2)</text>
                <text x="8" y="276">/</text>
                <text x="76" y="276">Authentication</text>
                <text x="148" y="276">of</text>
                <text x="172" y="276">RS</text>
                <text x="192" y="276">/</text>
                <text x="32" y="292">|</text>
                <text x="8" y="308">/</text>
                <text x="60" y="308">Derivation</text>
                <text x="116" y="308">of</text>
                <text x="156" y="308">OSCORE</text>
                <text x="52" y="324">Security</text>
                <text x="120" y="324">Context</text>
                <text x="160" y="324">/</text>
                <text x="116" y="356">POST</text>
                <text x="212" y="356">/.well-known/edhoc</text>
                <text x="132" y="372">(EDHOC</text>
                <text x="200" y="372">message_3</text>
                <text x="260" y="372">with</text>
                <text x="156" y="388">access_token</text>
                <text x="220" y="388">in</text>
                <text x="260" y="388">EAD_3)</text>
                <text x="264" y="420">/</text>
                <text x="332" y="420">Authentication</text>
                <text x="404" y="420">of</text>
                <text x="424" y="420">C</text>
                <text x="440" y="420">/</text>
                <text x="360" y="436">|</text>
                <text x="264" y="452">/</text>
                <text x="296" y="452">Proof</text>
                <text x="332" y="452">of</text>
                <text x="388" y="452">possession</text>
                <text x="440" y="452">/</text>
                <text x="360" y="468">|</text>
                <text x="264" y="484">/</text>
                <text x="316" y="484">Derivation</text>
                <text x="372" y="484">of</text>
                <text x="412" y="484">OSCORE</text>
                <text x="308" y="500">Security</text>
                <text x="376" y="500">Context</text>
                <text x="416" y="500">/</text>
                <text x="156" y="532">OSCORE</text>
                <text x="216" y="532">Request</text>
                <text x="156" y="564">OSCORE</text>
                <text x="220" y="564">Response</text>
              </g>
            </svg>
          </artwork>
          <artwork type="ascii-art"><![CDATA[
   C                                        RS                       AS
   |                                        |                         |
   | <======== Mutual authentication and secure association ========> |
   |                                        |                         |
   +------- POST /token --------------------------------------------->|
   |                                        |                         |
   |<--------------------------------------------- Access Token ------+
   |                                           + Access Information   |
   |                                        |                         |
   +------- POST /.well-known/edhoc ------->|                         |
   |           (EDHOC message_1)            |                         |
   |                                        |                         |
   |<----------- 2.04 Changed --------------+                         |
   |           (EDHOC message_2)            |                         |
   |                                        |                         |
/ Authentication of RS /                    |                         |
   |                                        |                         |
/ Derivation of OSCORE                      |                         |
  Security Context /                        |                         |
   |                                        |                         |
   +------- POST /.well-known/edhoc ------->|                         |
   |         (EDHOC message_3 with          |                         |
   |         access_token in EAD_3)         |                         |
   |                                        |                         |
   |                            / Authentication of C /               |
   |                                        |                         |
   |                            / Proof of possession /               |
   |                                        |                         |
   |                            / Derivation of OSCORE                |
   |                              Security Context /                  |
   |                                        |                         |
   +----------- OSCORE Request ------------>|                         |
   |                                        |                         |
   |<---------- OSCORE Response ------------|                         |
   |                                        |                         |
]]></artwork>
        </artset>
      </figure>
      <t>As long as the OSCORE Security Context and the access token are valid, C can contact AS to request an update of its access rights, by sending a similar request as described above to the /token endpoint. This request also includes a "session identifier" (see <xref target="edhoc-parameters-object"/>) provided by AS in the response to the initial access token request, which allows AS to retrieve the data that it previously shared with C. The session identifier is assigned by AS and used to identify a series of access tokens, called a "token series" (see <xref target="token-series"/>).</t>
      <t>If C has obtained from AS an access token belonging to the same token series for updating its access rights, then C transfers the access token to RS using the /authz-info endpoint as specified in <xref section="5.10" sectionFormat="of" target="RFC9200"/>, where the exchanged CoAP messages are protected by the previously established OSCORE Security Context (see <xref target="update-access-rights-c-rs"/>). If the access token is valid, RS replies to the request with a 2.01 (Created) response.</t>
      <t>Upon successful update of access rights, the new issued access token effectively becomes the latest in its token series also for RS, but the session identifier remains the same. When the latest access token of a token series becomes invalid (e.g., when it expires or gets revoked), that token series ends.</t>
      <t><xref target="update-overview"/> outlines the message flow for updating access rights.</t>
      <figure anchor="update-overview">
        <name>Protocol Outline for Updating Access Rights.</name>
        <artset>
          <artwork type="svg"><svg xmlns="http://www.w3.org/2000/svg" version="1.1" height="400" width="456" viewBox="0 0 456 400" class="diagram" text-anchor="middle" font-family="monospace" font-size="13px" stroke-linecap="round">
              <path d="M 8,48 L 8,368" fill="none" stroke="black"/>
              <path d="M 240,160 L 240,224" fill="none" stroke="black"/>
              <path d="M 240,256 L 240,368" fill="none" stroke="black"/>
              <path d="M 448,48 L 448,368" fill="none" stroke="black"/>
              <path d="M 24,62 L 112,62" fill="none" stroke="black"/>
              <path d="M 24,66 L 112,66" fill="none" stroke="black"/>
              <path d="M 352,62 L 432,62" fill="none" stroke="black"/>
              <path d="M 352,66 L 432,66" fill="none" stroke="black"/>
              <path d="M 8,96 L 72,96" fill="none" stroke="black"/>
              <path d="M 184,96 L 440,96" fill="none" stroke="black"/>
              <path d="M 16,128 L 280,128" fill="none" stroke="black"/>
              <path d="M 400,128 L 448,128" fill="none" stroke="black"/>
              <path d="M 8,176 L 32,176" fill="none" stroke="black"/>
              <path d="M 184,176 L 232,176" fill="none" stroke="black"/>
              <path d="M 16,272 L 64,272" fill="none" stroke="black"/>
              <path d="M 184,272 L 240,272" fill="none" stroke="black"/>
              <path d="M 8,320 L 48,320" fill="none" stroke="black"/>
              <path d="M 184,320 L 232,320" fill="none" stroke="black"/>
              <path d="M 16,352 L 48,352" fill="none" stroke="black"/>
              <path d="M 192,352 L 232,352" fill="none" stroke="black"/>
              <polygon class="arrowhead" points="448,96 436,90.4 436,101.6" fill="black" transform="rotate(0,440,96)"/>
              <polygon class="arrowhead" points="440,64 428,58.4 428,69.6" fill="black" transform="rotate(0,432,64)"/>
              <polygon class="arrowhead" points="240,320 228,314.4 228,325.6" fill="black" transform="rotate(0,232,320)"/>
              <polygon class="arrowhead" points="240,176 228,170.4 228,181.6" fill="black" transform="rotate(0,232,176)"/>
              <polygon class="arrowhead" points="32,64 20,58.4 20,69.6" fill="black" transform="rotate(180,24,64)"/>
              <polygon class="arrowhead" points="24,352 12,346.4 12,357.6" fill="black" transform="rotate(180,16,352)"/>
              <polygon class="arrowhead" points="24,272 12,266.4 12,277.6" fill="black" transform="rotate(180,16,272)"/>
              <polygon class="arrowhead" points="24,128 12,122.4 12,133.6" fill="black" transform="rotate(180,16,128)"/>
              <g class="text">
                <text x="8" y="36">C</text>
                <text x="244" y="36">RS</text>
                <text x="444" y="36">AS</text>
                <text x="240" y="52">|</text>
                <text x="156" y="68">Existing</text>
                <text x="220" y="68">secure</text>
                <text x="296" y="68">association</text>
                <text x="240" y="84">|</text>
                <text x="100" y="100">POST</text>
                <text x="148" y="100">/token</text>
                <text x="240" y="116">|</text>
                <text x="316" y="132">Access</text>
                <text x="368" y="132">Token</text>
                <text x="264" y="148">+</text>
                <text x="300" y="148">Access</text>
                <text x="376" y="148">Information</text>
                <text x="60" y="180">POST</text>
                <text x="128" y="180">/authz-info</text>
                <text x="56" y="196">(OSCORE</text>
                <text x="128" y="196">protected</text>
                <text x="188" y="196">with</text>
                <text x="84" y="212">access_token</text>
                <text x="148" y="212">in</text>
                <text x="196" y="212">payload)</text>
                <text x="136" y="244">/</text>
                <text x="176" y="244">Updated</text>
                <text x="236" y="244">access</text>
                <text x="292" y="244">rights</text>
                <text x="328" y="244">/</text>
                <text x="92" y="276">2.01</text>
                <text x="144" y="276">Created</text>
                <text x="84" y="324">OSCORE</text>
                <text x="144" y="324">Request</text>
                <text x="84" y="356">OSCORE</text>
                <text x="148" y="356">Response</text>
              </g>
            </svg>
          </artwork>
          <artwork type="ascii-art"><![CDATA[
   C                            RS                       AS
   |                            |                         |
   | <=========== Existing secure association ==========> |
   |                            |                         |
   +-------- POST /token -------------------------------->|
   |                            |                         |
   |<--------------------------------- Access Token ------+
   |                               + Access Information   |
   |                            |                         |
   +--- POST /authz-info ------>|                         |
   |  (OSCORE protected with    |                         |
   |   access_token in payload) |                         |
   |                            |                         |
   |               / Updated access rights /              |
   |                            |                         |
   |<------ 2.01 Created -------+                         |
   |                            |                         |
   |                            |                         |
   +----- OSCORE Request ------>|                         |
   |                            |                         |
   |<---- OSCORE Response ------|                         |
   |                            |                         |
]]></artwork>
        </artset>
      </figure>
    </section>
    <section anchor="c-as-comm">
      <name>Client-AS Communication</name>
      <t>The following subsections describe the details of the POST request and response to the /token endpoint between C and AS.</t>
      <t>In this exchange, C provides AS with its own authentication credential AUTH_CRED_C. Then, AS issues the access token as securely bound to AUTH_CRED_C, by including it or uniquely referring to it in the access token. Together with the access token, AS provides C with a set of parameters that enable C to run EDHOC with RS. In particular, these parameters include information about the authentication credential AUTH_CRED_RS of RS, which is transported by value or uniquely referred to.</t>
      <t>The request to the /token endpoint and the corresponding response can include EDHOC_Information, which is a CBOR map object containing information related to an EDHOC implementation (see <xref target="edhoc-parameters-object"/>). This object is transported in the "edhoc_info" parameter registered in <xref target="iana-oauth-params"/> and <xref target="iana-oauth-cbor-mappings"/>.</t>
      <section anchor="c-as">
        <name>C-to-AS: POST to /token endpoint</name>
        <t>The client-to-AS request is specified in <xref section="5.8.1" sectionFormat="of" target="RFC9200"/>.</t>
        <t>The client <bcp14>MUST</bcp14> send this POST request to the /token endpoint over a secure channel that guarantees authentication, message integrity, and confidentiality (see <xref target="secure-comm-as"/>).</t>
        <t>When using this profile, the payload of the POST request <bcp14>MUST</bcp14> be encoded in CBOR <xref target="RFC8949"/>, i.e., the request has media-type "application/ace+cbor". In order to reduce the number of libraries that C has to support, it is <bcp14>RECOMMENDED</bcp14> that C and AS use CoAP as message transfer protocol, OSCORE as security protocol, and EDHOC to establish an OSCORE Security Context.</t>
        <t>AUTH_CRED_C is specified in the "req_cnf" parameter <xref target="RFC9201"/> of the POST request, either transported by value or uniquely referred to. AS could explicitly ask C to provide its authentication credential AUTH_CRED_C by value in the access token request, e.g., by relying on the method defined in <xref target="I-D.ietf-ace-workflow-and-params"/>.</t>
        <t>For AUTH_CRED_C, its authentication credential type <bcp14>MUST</bcp14> be one of those supported by EDHOC, e.g., CBOR Web Tokens (CWTs) and CWT Claims Sets (CCSs) <xref target="RFC8392"/>, X.509 certificates <xref target="RFC5280"/>, and C509 certificates <xref target="I-D.ietf-cose-cbor-encoded-cert"/>. Consequently, the "req_cnf" parameter <bcp14>MUST</bcp14> specify a confirmation method suitable for the type of AUTH_CRED_C, e.g., "x5chain" or "x5t" when AUTH_CRED_C is an X.509 certificate transported by value or referred to, respectively.</t>
        <t>Note that EDHOC does not admit the use of "naked" COSE_Keys as authentication credentials. The closest admitted authentication credential type is a CCS containing a COSE_Key in a "cnf" claim and possibly other claims, which can be transported by value using the confirmation method "kccs". Therefore, the "req_cnf" parameter <bcp14>MUST NOT</bcp14> specify the confirmation method "COSE_Key" (CBOR abbreviation: 1).</t>
        <t>When receiving an access token request including the "req_cnf" parameter, AS checks whether it is already storing the authentication credential of C, namely AUTH_CRED_C, specified in "req_cnf" by value or reference.</t>
        <t>If this is not the case, AS retrieves AUTH_CRED_C, either using the "req_cnf" parameter or some other trusted source. After that, AS validates the actual AUTH_CRED_C.</t>
        <t>In either case, AS also needs to verify that C is in possession of the private key corresponding to the public key associated with AUTH_CRED_C. This may already have been accomplished, for example, through C authenticating to AS using AUTH_CRED_C as authentication credential, or through some other trusted party vouching for C to AS. Alternatively, it is possible to use an approach for achieving proof of possession similar to that in <xref section="3.2" sectionFormat="of" target="I-D.ietf-ace-group-oscore-profile"/>.</t>
        <t>If the validations are successful, AS stores AUTH_CRED_C as a valid authentication credential. Otherwise, the Client-to-AS request <bcp14>MUST</bcp14> be declined.</t>
        <t>An example of client-to-AS request is shown in <xref target="token-request"/>. In this example, C specifies its own authentication credential by reference, as the hash of an X.509 certificate carried in the "x5t" field of the "req_cnf" parameter.</t>
        <figure anchor="token-request">
          <name>Example C-to-AS POST /token Request for an Access Token.</name>
          <artwork><![CDATA[
   Header: POST (Code=0.02)
   Uri-Host: "as.example.com"
   Uri-Path: "token"
   Content-Format: 19 (application/ace+cbor)
   Payload:
   {
     / audience / 5 : "tempSensor4711",
     / scope /    9 : "read",
     / req_cnf /  4 : {
       e'x5t' : [-15, h'79F2A41B510C1F9B']
     }
   }
]]></artwork>
        </figure>
        <t>If C wants to update its access rights without changing an existing OSCORE Security Context, it <bcp14>MUST</bcp14> specify an EDHOC_Information object in the "edhoc_info" parameter of its POST request to the /token endpoint. The EDHOC_Information object <bcp14>MUST</bcp14> include the "session_id" field. This POST request <bcp14>MUST NOT</bcp14> include the "req_cnf" parameter. An example of such a request is shown in <xref target="token-request-update"/>.</t>
        <t>The identifier "session_id" is assigned by AS as discussed in <xref target="token-series"/> and identifies an ongoing token series associated with the pair (AUTH_CRED_C, AUTH_CRED_RS). That is, previous access tokens in that series were issued by AS to C, as bound to AUTH_CRED_C and intended for RS as identified by AUTH_CRED_RS.</t>
        <t>Note that the same "session_id" value might identify multiple ongoing token series, e.g., if those are associated with the same client but different resource servers. In this case, AS can use the "session_id" value together with other information such as the targeted audience (see <xref section="5.8.1" sectionFormat="of" target="RFC9200"/>) and the authenticated identity of C, in order to determine the exact token series to which the new requested access token has to be added.</t>
        <!--
Editor's note: When retrieving the access token it is required to consider the pair (session id, AUTH_CRED_C). Here it is stated that the session id identifies the pair (AUTH_CRED_C, AUTH_CRED_RS). Why then isn't the session id sufficient for retrieving the access token, considering it identifies AUTH_CRED_C?

MT: Retrieving an access token based on the pair (session id, AUTH_CRED_C) happens at RS, when using the session id specified in the EDHOC EAD item.

Here on the AS, a series might be ongoing for (C, RS1) and another series might also be ongoing for (C, RS2). If C uses an authentication credential with RS1 and a different one with RS2, then both series can be legitimately identified by the same series id value, which thus might not sufficient to identify precisely one of C's authentication credentials. In practice, this is not an issue, since AS can rely on additional information such as audience.

The text above has been revisited, also based on the revised safer criterion for assigning new sender IDs at AS in the next subsection.
-->

<t>The "audience" parameter <bcp14>MUST</bcp14> be included in the POST request, if it was included in the POST request that C previously sent to AS for requesting the first access token in the token series to which the new requested access token has to be added. If the "audience" parameter is included in the present POST request, its value <bcp14>MUST</bcp14> be the same value of the "audience" parameter in that previous POST request.</t>
        <t>AS <bcp14>MUST</bcp14> verify that the received "session_id" identifies a token series to which a still valid access token belongs, such that the access token is issued to C and is intended for the audience specified by the "audience" parameter of the POST request, if present therein, or for the default audience associated with C otherwise. If that is not the case, the Client-to-AS request <bcp14>MUST</bcp14> be declined with the error code "invalid_request" as defined in <xref section="5.8.3" sectionFormat="of" target="RFC9200"/>.</t>
        <figure anchor="token-request-update">
          <name>Example C-to-AS POST /token Request for Updating Access Rights to an Access Token.</name>
          <artwork><![CDATA[
   Header: POST (Code=0.02)
   Uri-Host: "as.example.com"
   Uri-Path: "token"
   Content-Format: 19 (application/ace+cbor)
   Payload:
   {
     / audience /      5 : "tempSensor4711",
     / scope /         9 : "write",
     e'edhoc_info_param' : {
        e'session_id' : h'01'
     }
   }
]]></artwork>
        </figure>
      </section>
      <section anchor="token-series">
        <name>Token Series</name>
        <t>This document refers to "token series" as a series of access tokens that are sorted in chronological order of release and are characterized by the following properties:</t>
        <ul spacing="normal">
          <li>
            <t>Issued by the same AS.</t>
          </li>
          <li>
            <t>Issued to the same C and associated with the same authentication credential of C.</t>
          </li>
          <li>
            <t>Issued for the same RS as identified by the same authentication credential.</t>
          </li>
        </ul>
        <t>Upon a successful update of access rights (see <xref target="update-access-rights-c-as"/>), the new issued access token becomes the latest in its token series. When the latest access token of a token series becomes invalid (e.g., due to its expiration or revocation), the token series it belongs to ends.</t>
        <t>In this profile, a token series comprises access tokens that are used between a given pair (C, RS), are bound to the same authentication credential AUTH_CRED_C of C, and specify the same value in the "session_id" field of the EDHOC_Information object (see <xref target="edhoc-parameters-object"/>) in their "edhoc_info" claim (see <xref target="access-token"/>).</t>
        <t>AS assigns the value of "session_id" when issuing the first access token of a new series. That "session_id" value remains fixed throughout the series lifetime.</t>
        <t>When assigning the "session_id" value, AS <bcp14>MUST</bcp14> ensure that, irrespective of the profile of ACE used, such value was not used in a previous series whose access tokens share both the following properties with the access tokens of the new series:</t>
        <ul spacing="normal">
          <li>
            <t>Issued to the same client C, irrespective of the specific AUTH_CRED_C bound to the access token; and</t>
          </li>
          <li>
            <t>Issued for the same RS as identified by the targeted audience, irrespective of the specific AUTH_CRED_RS indicated to C.</t>
          </li>
        </ul>
        <t>If the access token is issued for a group-audience (see <xref section="6.9" sectionFormat="of" target="RFC9200"/>), the token series is associated with all the resource servers in the group-audience. In such case, what is defined above applies, with the difference that the resource servers as identified by the targeted group-audience are collectively considered, irrespective of their specific authentication credentials indicated to C.</t>
      </section>
      <section anchor="as-c">
        <name>AS-to-C: Response</name>
        <t>After verifying the POST request to the /token endpoint and that C is authorized to access protected resources at RS, AS responds as defined in <xref section="5.8.2" sectionFormat="of" target="RFC9200"/>, with potential modifications as detailed below.</t>
        <t>When using this profile, consistent with what is specified in <xref target="c-as"/>, the payload of the response from AS <bcp14>MUST</bcp14> be encoded in CBOR <xref target="RFC8949"/>, i.e., the response has media-type "application/ace+cbor".</t>
        <t>If the request from C was invalid or not authorized, AS returns an error response as described in <xref section="5.8.3" sectionFormat="of" target="RFC9200"/>.</t>
        <t>AS can signal that the use of EDHOC and OSCORE as per this profile is <bcp14>REQUIRED</bcp14> for a specific access token, by including the "ace_profile" parameter with the value "coap_edhoc_oscore" in the access token response. This means that C <bcp14>MUST</bcp14> use EDHOC with RS and derive an OSCORE Security Context, as specified in <xref target="edhoc-exec"/>. After that, C <bcp14>MUST</bcp14> use the established OSCORE Security Context to protect communications with RS, when accessing protected resources at RS according to the authorization information indicated in the access token. Usually, it is assumed that constrained devices will be pre-configured with the necessary profile, so that this kind of profile signaling can be omitted.</t>
        <t>According to this document, AS provides the access token to C, by specifying it in the "access_token" parameter of the access token response. An alternative workflow where the access token is uploaded by AS directly to RS is described in <xref target="I-D.ietf-ace-workflow-and-params"/>.</t>
        <t>When issuing the first access token of a token series, AS <bcp14>MUST</bcp14> include the following data in the response to C.</t>
        <ul spacing="normal">
          <li>
            <t>The "edhoc_info" parameter conveying an EDHOC_Information object (see <xref target="edhoc-parameters-object"/>). The EDHOC_Information object <bcp14>MUST</bcp14> include the "session_id" field specifying the identifier of the token series which the issued access token belongs to.  </t>
            <t>
The EDHOC_Information object <bcp14>MAY</bcp14> include additional fields (see <xref target="edhoc-parameters-object"/>) to convey information about RS. This information is based on knowledge that AS has about RS, e.g., from a previous onboarding process, with particular reference to what RS supports as EDHOC peer.  </t>
            <t>
If the access token is issued for a group-audience (see <xref section="6.9" sectionFormat="of" target="RFC9200"/>), the information specified in the EDHOC_Information object refers to the group-audience as a whole. Therefore, it is appropriate for AS to define group-audiences comprising RSs that are all aligned in terms of supported EDHOC features and configurations.</t>
          </li>
          <li>
            <t>A unique identification of the authentication credential of RS, AUTH_CRED_RS. This is specified in the "rs_cnf" parameter defined in <xref target="RFC9201"/>. AUTH_CRED_RS can be transported by value or referred to by means of an appropriate identifier. C could explicitly ask AS to provide AUTH_CRED_RS by value in the access token response, e.g., by relying on the method defined in <xref target="I-D.ietf-ace-workflow-and-params"/>.  </t>
            <t>
When issuing the first access token ever to a pair (C, RS) using a pair of corresponding authentication credentials (AUTH_CRED_C, AUTH_CRED_RS), it is expected that the response to C includes AUTH_CRED_RS by value.  </t>
            <t>
When later issuing further access tokens to the same pair (C, RS) using the same AUTH_CRED_RS, it is expected that the response to C includes AUTH_CRED_RS by reference.  </t>
            <t>
For AUTH_CRED_RS, its authentication credential type <bcp14>MUST</bcp14> be one of those supported by EDHOC. Consequently, the "rs_cnf" parameter <bcp14>MUST</bcp14> specify a confirmation method suitable for the type of AUTH_CRED_RS. That is, the same considerations about AUTH_CRED_C and the "req_cnf" parameter made in <xref target="c-as"/> hold for AUTH_CRED_RS and the "rs_cnf" parameter.</t>
          </li>
        </ul>
        <t>When issuing any access token of a token series, the response from AS <bcp14>MUST NOT</bcp14> include the "cnf" parameter.</t>
        <t>When issuing an access token for dynamically updating access rights (i.e., the access token is not the first in its token series), the response from AS <bcp14>MUST NOT</bcp14> include the "edhoc_info" and "rs_cnf" parameters (see <xref target="update-access-rights-c-as"/>).</t>
        <t><xref target="fig-token-response"/> shows an example of an AS response. The "rs_cnf" parameter specifies the authentication credential of RS, as an X.509 certificate transported by value in the "x5chain" field. The access token and the authentication credential of RS have been truncated for readability.</t>
        <figure anchor="fig-token-response">
          <name>Example of AS-to-C Access Token Response with EDHOC and OSCORE Profile.</name>
          <artwork><![CDATA[
   Header: Created (Code=2.01)
      Content-Format: 19 (application/ace+cbor)
      Payload:
      {
        / access_token / 1 : h'8343a1010aa2044c53...0f6a'
          / remainder of access token (CWT) omitted for brevity /,
        / ace_profile / 38 : e'coap_edhoc_oscore',
        / expires_in /   2 : 3600,
        / rs_cnf /      41 : {
          e'x5chain' : h'3081ee3081a1a00302...77bc'
            / remainder of the credential omitted for brevity /
        }
        e'edhoc_info_param' : {
          e'session_id'    : h'01',
          e'methods'       : [0, 1, 2, 3],
          e'cipher_suites' : 0
        }
      }
]]></artwork>
        </figure>
        <section anchor="access-token">
          <name>Access Token</name>
          <t>To avoid the complexity of different encodings, an access token of this profile <bcp14>SHALL</bcp14> be a CBOR Web Token (CWT) <xref target="RFC8392"/>.</t>
          <t>When issuing any access token of a token series, AS <bcp14>MUST</bcp14> include the following claims in the access token:</t>
          <ul spacing="normal">
            <li>
              <t>The "edhoc_info" claim registered in <xref target="iana-token-cwt-claims"/> and conveying an EDHOC_Information object (see <xref target="edhoc-parameters-object"/>).  </t>
              <t>
The EDHOC_Information object <bcp14>MUST</bcp14> include the "session_id" field specifying the identifier of the token series that the issued access token belongs to. The "session_id" value is the same one included in the EDHOC_Information object of the response to C from the /token endpoint (see <xref target="as-c"/>), when providing C with the first access token in the series.</t>
            </li>
            <li>
              <t>The "cnf" claim, specifying the authentication credential AUTH_CRED_C that C specified in its POST request to the /token endpoint, when requesting the first access token in the series that the issued access token belongs to (see <xref target="c-as"/>).  </t>
              <t>
In the access token, AUTH_CRED_C can be transported by value or uniquely referred to by means of an appropriate identifier. Yet, consistent with the considerations about AUTH_CRED_C and the "req_cnf" parameter made in <xref target="c-as"/>, the "cnf" claim of the access token <bcp14>MUST</bcp14> specify a confirmation method suitable for the type of AUTH_CRED_C.  </t>
              <t>
When issuing the first access token of a token series, the confirmation method used in the "cnf" claim <bcp14>MUST</bcp14> be the same one used in the "req_cnf" parameter of the corresponding POST request from C to the /token endpoint.  </t>
              <t>
When issuing the first access token ever to a pair (C, RS) using a pair of corresponding authentication credentials (AUTH_CRED_C, AUTH_CRED_RS), it is expected that AUTH_CRED_C is included by value in the "cnf" claim of the access token.  </t>
              <t>
When later issuing further access tokens to the same pair (C, RS) using the same AUTH_CRED_C, it is expected that AUTH_CRED_C is identified by reference in the "cnf" claim of the access token.  </t>
              <t>
Either transported by value or identified by reference, the authentication credential specified in the "cnf" claim <bcp14>MUST</bcp14> be exactly the one that was specified in the "req_cnf" parameter of the POST request to the /token endpoint, when C requested the first access token in the series that the issued access token belongs to. That is, AS <bcp14>MUST NOT</bcp14> bind to the access token an authentication credential other than the one specified by C.</t>
            </li>
          </ul>
          <t>When issuing the first access token of a token series, AS <bcp14>MAY</bcp14> include additional fields in the EDHOC_Information object (see <xref target="edhoc-parameters-object"/>) specified in the "edhoc_info" claim of the access token.</t>
          <t>The access token needs to be protected for various reasons. To prevent manipulation of the content, it needs to be integrity protected. Also, RS has to be able to verify that the access token is issued by a trusted AS, by achieving source authentication. Depending on the use case and deployment, the access token may need to be confidentiality protected, for example due to privacy reasons.</t>
          <t>AS protects the access token using a COSE method <xref target="RFC9052"/> as specified in <xref target="RFC8392"/>. Depending on the audience, there can be different ways to most appropriately ensure the confidentiality of an access token. For an audience comprising a single RS, the CWT Claims Set may be wrapped in COSE_Encrypt / COSE_Encrypt0. Instead, if the access token needs to be read by multiple RSs, then the CWT Claims Set may be wrapped in COSE_Sign / COSE_Sign1 and confidentiality protection is applied during transport, e.g., by including the access token in the EAD_3 field of EDHOC message_3 sent by C to RS, when using the EDHOC forward message flow (see <xref target="edhoc-exec"/>).</t>
          <t><xref target="fig-token"/> shows an example of CWT Claims Set, including the relevant EDHOC parameters in the "edhoc_info" claim. The "cnf" claim specifies the authentication credential of C, as an X.509 certificate transported by value in the "x5chain" field. The authentication credential of C has been truncated for readability.</t>
          <figure anchor="fig-token">
            <name>Example of CWT Claims Set with EDHOC Parameters.</name>
            <artwork><![CDATA[
   {
    / aud /   3 : "tempSensorInLivingRoom",
    / iat /   6 : 1563451500,
    / exp /   4 : 1563453000,
    / scope / 9 :  "temperature_g firmware_p",
    / cnf /   8 : {
      e'x5chain' : h'3081ee3081a1a00302...77bc'
        / remainder of the credential omitted for brevity /
    }
    e'edhoc_info_claim' : {
      e'session_id'    : h'01',
      e'methods'       : [0, 1, 2, 3],
      e'cipher_suites' : 0
    }
  }
]]></artwork>
          </figure>
        </section>
        <section anchor="processing-at-c">
          <name>Processing at C</name>
          <t>When receiving an access token response including the "rs_cnf" parameter, C checks whether it is already storing the authentication credential of RS, namely AUTH_CRED_RS, specified in "rs_cnf" by value or reference.</t>
          <t>If this is not the case, C retrieves AUTH_CRED_RS, either using the "rs_cnf" parameter or some other trusted source. After that, C validates the actual AUTH_CRED_RS. If the validation is successful, C stores AUTH_CRED_RS as a valid authentication credential. Otherwise, C <bcp14>MUST</bcp14> delete the access token.</t>
        </section>
        <section anchor="update-access-rights-c-as">
          <name>Update of Access Rights</name>
          <t>If C has a valid OSCORE Security Context shared with RS and associated with a valid access token, then C can send a request to AS for updating its access rights while preserving the same OSCORE Security Context.</t>
          <t>If the request is granted, then AS generates a new access token, where the EDHOC_Information object specified in the "edhoc_info" claim <bcp14>MUST</bcp14> include only the "session_id" field. The access token is provisioned to RS either via C as specified in this document, or directly as described in <xref target="I-D.ietf-ace-workflow-and-params"/>. In either case, the access token response from AS to C <bcp14>MUST NOT</bcp14> include the "edhoc_info" and "rs_cnf" parameters.</t>
          <t>As defined in <xref target="access-token"/>, the "session_id" field is included in the EDHOC_Information object specified in the "edhoc_info" claim of the new access token. This allows RS to identify the old access token to supersede, as well as the OSCORE Security Context already shared between C and RS and to be associated with the new access token.</t>
        </section>
      </section>
      <section anchor="edhoc-parameters-object">
        <name>EDHOC_Information</name>
        <t>EDHOC_Information is an object including information that guides two peers towards executing the EDHOC protocol. In particular, the EDHOC_Information is defined to be serialized and transported between nodes as specified by this document, but it can also be used by other specifications.</t>
        <t>In the "coap_edhoc_oscore" profile of the ACE-OAuth framework, which is specified in this document, the EDHOC_Information object <bcp14>MUST</bcp14> be encoded as CBOR. However, for easy applicability to other contexts, the JSON encoding is also defined.</t>
        <t>The EDHOC_Information can be encoded either as a JSON object or as a CBOR map. The set of common fields that can appear in an EDHOC_Information can be found in the IANA "EDHOC Information" registry defined in <xref target="iana-edhoc-parameters"/> for extensibility.</t>
        <t>All EDHOC_Information parameters are optional. The initial set of parameters defined in this document is summarized in <xref target="_table-cbor-key-edhoc-params"/> and is specified below.</t>
        <t>EDHOC_Information parameters are also categorized, i.e., each has one of two possible types, namely prescriptive or non-prescriptive:</t>
        <ul spacing="normal">
          <li>
            <t>A prescriptive parameter is used to provide an authoritative statement about how an execution of EDHOC has to be performed. An example is the "message_4" parameter indicating whether the use of EDHOC message_4 in an EDHOC session is mandatory or not.  </t>
            <t>
If a prescriptive parameter applies to an EDHOC session, a peer participating in the session complies with what is indicated by the parameter, and it aborts the session if it determines that the other peer has violated such indication.</t>
          </li>
          <li>
            <t>A non-prescriptive parameter is used to provide convenient information to consider when executing EDHOC, e.g., in terms of features supported by peers. Such information is not necessarily exhaustive. An example is the "methods" parameter indicating a set of supported EDHOC methods.</t>
          </li>
        </ul>
        <t>This categorization helps coordinate the use of EDHOC application profiles (see <xref section="3.9" sectionFormat="of" target="RFC9528"/>) in a robust way, e.g., by using the means defined in <xref target="I-D.ietf-lake-app-profiles"/>.</t>
        <table align="center" anchor="_table-cbor-key-edhoc-params">
          <name>EDHOC_Information Parameters. Types: P (Prescriptive), NP (Non-Prescriptive)</name>
          <thead>
            <tr>
              <th align="left">Name</th>
              <th align="left">CBOR label</th>
              <th align="left">CBOR type</th>
              <th align="left">Registry</th>
              <th align="left">Description</th>
              <th align="left">Type</th>
            </tr>
          </thead>
          <tbody>
            <tr>
              <td align="left">session_id</td>
              <td align="left">0</td>
              <td align="left">bstr</td>
              <td align="left"> </td>
              <td align="left">Identifier of a session</td>
              <td align="left">P</td>
            </tr>
            <tr>
              <td align="left">methods</td>
              <td align="left">1</td>
              <td align="left">int or array</td>
              <td align="left">EDHOC Method Type registry</td>
              <td align="left">Set of supported EDHOC methods</td>
              <td align="left">NP</td>
            </tr>
            <tr>
              <td align="left">cipher_suites</td>
              <td align="left">2</td>
              <td align="left">int or array</td>
              <td align="left">EDHOC Cipher Suites registry</td>
              <td align="left">Set of supported EDHOC cipher suites</td>
              <td align="left">NP</td>
            </tr>
            <tr>
              <td align="left">message_4</td>
              <td align="left">3</td>
              <td align="left">True or False</td>
              <td align="left"> </td>
              <td align="left">Mandatory use of EDHOC message_4</td>
              <td align="left">P</td>
            </tr>
            <tr>
              <td align="left">comb_req</td>
              <td align="left">4</td>
              <td align="left">True or False</td>
              <td align="left"> </td>
              <td align="left">Support for the EDHOC + OSCORE combined request</td>
              <td align="left">NP</td>
            </tr>
            <tr>
              <td align="left">uri_path</td>
              <td align="left">5</td>
              <td align="left">tstr</td>
              <td align="left"> </td>
              <td align="left">URI-path of the EDHOC resource</td>
              <td align="left">P</td>
            </tr>
            <tr>
              <td align="left">cred_types</td>
              <td align="left">6</td>
              <td align="left">int or array</td>
              <td align="left">EDHOC Authentication Credential Types registry</td>
              <td align="left">Set of supported types of authentication credentials for EDHOC</td>
              <td align="left">NP</td>
            </tr>
            <tr>
              <td align="left">id_cred_types</td>
              <td align="left">7</td>
              <td align="left">int or tstr or array</td>
              <td align="left">COSE Header Parameters registry</td>
              <td align="left">Set of supported types of authentication credential identifiers for EDHOC</td>
              <td align="left">NP</td>
            </tr>
            <tr>
              <td align="left">eads</td>
              <td align="left">8</td>
              <td align="left">uint or array</td>
              <td align="left">EDHOC External Authorization Data registry</td>
              <td align="left">Set of supported EDHOC External Authorization Data (EAD) items</td>
              <td align="left">NP</td>
            </tr>
            <tr>
              <td align="left">initiator</td>
              <td align="left">9</td>
              <td align="left">True or False</td>
              <td align="left"> </td>
              <td align="left">Support for the EDHOC Initiator role</td>
              <td align="left">NP</td>
            </tr>
            <tr>
              <td align="left">responder</td>
              <td align="left">10</td>
              <td align="left">True or False</td>
              <td align="left"> </td>
              <td align="left">Support for the EDHOC Responder role</td>
              <td align="left">NP</td>
            </tr>
            <tr>
              <td align="left">trust_anchors</td>
              <td align="left">11</td>
              <td align="left">map</td>
              <td align="left">EDHOC Trust Anchor Purposes registry and EDHOC Trust Anchor Types registry</td>
              <td align="left">Set of supported trust anchors</td>
              <td align="left">NP</td>
            </tr>
          </tbody>
        </table>
        <ul spacing="normal">
          <li>
            <t>session_id: This parameter identifies a 'session' that the EDHOC information is associated with, but it does not necessarily identify a specific EDHOC session. In this document, "session_id" identifies a token series. In JSON, the "session_id" value is a Base64 encoded byte string. In CBOR, the "session_id" type is a byte string, and it has label 0.</t>
          </li>
          <li>
            <t>methods: This parameter specifies a set of supported EDHOC methods (see <xref section="3.2" sectionFormat="of" target="RFC9528"/>). If the set is composed of a single EDHOC method, this is encoded as an integer. Otherwise, the set is encoded as an array of integers, where each array element encodes one EDHOC method. In JSON, the "methods" value is an integer or an array of integers. In CBOR, the "methods" is an integer or an array of integers, and it has label 1.</t>
          </li>
          <li>
            <t>cipher_suites: This parameter specifies a set of supported EDHOC cipher suites (see <xref section="3.6" sectionFormat="of" target="RFC9528"/>). If the set is composed of a single EDHOC cipher suite, this is encoded as an integer. Otherwise, the set is encoded as an array of integers, where each array element encodes one EDHOC cipher suite. In JSON, the "cipher_suites" value is an integer or an array of integers. In CBOR, the "cipher_suites" is an integer or an array of integers, and it has label 2.</t>
          </li>
          <li>
            <t>message_4: This parameter indicates whether the EDHOC message_4 (see <xref section="5.5" sectionFormat="of" target="RFC9528"/>) is supported. In JSON, the "message_4" value is a boolean. In CBOR, "message_4" is the simple value <tt>true</tt> (0xf5) or <tt>false</tt> (0xf4), and it has label 3.</t>
          </li>
          <li>
            <t>comb_req: This parameter indicates whether the combined EDHOC + OSCORE request defined in <xref target="RFC9668"/>) is supported. In JSON, the "comb_req" value is a boolean. In CBOR, "comb_req" is the simple value <tt>true</tt> (0xf5) or <tt>false</tt> (0xf4), and it has label 4.</t>
          </li>
          <li>
            <t>uri_path: This parameter specifies the path component of the URI of the EDHOC resource where EDHOC messages have to be sent as requests. In JSON, the "uri_path" value is a string. In CBOR, "uri_path" is a text string, and it has label 5.</t>
          </li>
          <li>
            <t>cred_types: This parameter specifies a set of supported types of authentication credentials for EDHOC (see <xref section="3.5.2" sectionFormat="of" target="RFC9528"/>). If the set is composed of a single type of authentication credential, this is encoded as an integer. Otherwise, the set is encoded as an array of integers, where each array element encodes one type of authentication credential. In JSON, the "cred_types" value is an integer or an array of integers. In CBOR, "cred_types" is an integer or an array of integers, and it has label 6. The integer values are taken from the 'Value' column of the "EDHOC Authentication Credential Types" registry <xref target="EDHOC.Authentication.Credential.Types"/>.</t>
          </li>
          <li>
            <t>id_cred_types: This parameter specifies a set of supported types of authentication credential identifiers for EDHOC (see <xref section="3.5.3" sectionFormat="of" target="RFC9528"/>). If the set is composed of a single type of authentication credential identifier, this is encoded as an integer or a text string. Otherwise, the set is encoded as an array, where each array element encodes one type of authentication credential identifier, as an integer or a text string. In JSON, the "id_cred_types" value is an integer, or a text string, or an array of integers and text strings. In CBOR, "id_cred_types" is an integer or a text string, or an array of integers and text strings, and it has label 7. The integer or text string values are taken from the 'Label' column of the "COSE Header Parameters" registry <xref target="COSE.Header.Parameters"/>.</t>
          </li>
          <li>
            <t>eads: This parameter specifies a set of supported EDHOC External Authorization Data (EAD) items, identified by their ead_label (see <xref section="3.8" sectionFormat="of" target="RFC9528"/>). If the set is composed of a single ead_label, this is encoded as an unsigned integer. Otherwise, the set is encoded as an array of unsigned integers, where each array element encodes one ead_label. In JSON, the "eads" value is an unsigned integer or an array of unsigned integers. In CBOR, "eads" is an unsigned integer or an array of unsigned integers, and it has label 8. The unsigned integer values are taken from the 'Label' column of the "EDHOC External Authorization Data" registry <xref target="EDHOC.External.Authorization.Data"/>.</t>
          </li>
          <li>
            <t>initiator: This parameter specifies whether the EDHOC Initiator role is supported. In JSON, the "initiator" value is a boolean. In CBOR, "initiator" is the simple value <tt>true</tt> (0xf5) or <tt>false</tt> (0xf4), and it has label 9.</t>
          </li>
          <li>
            <t>responder: This parameter specifies whether the EDHOC Responder role is supported. In JSON, the "responder" value is a boolean. In CBOR, "responder" is the simple value <tt>true</tt> (0xf5) or <tt>false</tt> (0xf4), and it has label 10.</t>
          </li>
          <li>
            <t>trust_anchors: This parameter specifies a collection of supported trust anchors for performing authentication. According to what is specified within the collection, these trust anchors are used for different purposes, e.g., for verifying authentication credentials of other EDHOC peers in EDHOC sessions.  </t>
            <t>
More in detail, the collection of trust anchors is composed of one or more sets. Each set includes one or more trust anchors to use for one specific purpose associated with that set.  </t>
            <t>
In particular, each set is composed of pairs, each of which specifies a trust anchor type and an identifier of a trust anchor of that type. If the set is composed of a single pair, this pair is specified as a single item. If the set is composed of multiple pairs, these pairs are specified as elements of an array.  </t>
            <t>
Trust anchor purposes are selected from the "EDHOC Trust Anchor Purposes" registry defined in <xref target="iana-edhoc-ta-purposes"/> of this document. Trust anchor types are selected from the "EDHOC Trust Anchor Types" registry defined in <xref target="iana-edhoc-ta-types"/> of this document.  </t>
            <t>
In JSON, the "trust_anchors" value is an object with one or more outer entries, each of which is associated with a trust anchor purpose. The following applies for each outer entry:  </t>
            <ul spacing="normal">
              <li>
                <t>The outer entry's key specifies the associated trust anchor purpose taken from the 'Name' column of the "EDHOC Trust Anchor Purposes" registry.</t>
              </li>
              <li>
                <t>The outer entry's value is an object or an array of at least two objects. Each object includes one inner entry, specifying the pair for a trust anchor TA of type TYPE. The inner entry is formatted as follows:      </t>
                <ul spacing="normal">
                  <li>
                    <t>The inner entry's key specifies the TA's type TYPE taken from the 'Name' column of the "EDHOC Trust Anchor Types" registry.</t>
                  </li>
                  <li>
                    <t>The inner entry's value is the identifier of TA, whose encoding depends on TYPE. Such an encoding is what results from applying the conversion in <xref section="6.1" sectionFormat="of" target="RFC8949"/> to the CBOR encoding of the identifier of TA when "trust_anchors" is encoded in CBOR (see below).</t>
                  </li>
                </ul>
              </li>
            </ul>
            <t>
In CBOR, the "trust_anchors" value is a map and has label 11. The map includes one or more outer entries, each of which is associated with a trust anchor purpose. The following applies for each outer entry:  </t>
            <ul spacing="normal">
              <li>
                <t>The outer entry's key specifies the associated trust anchor purpose encoded as a CBOR integer, with integer value taken from the 'CBOR label' column of the "EDHOC Trust Anchor Purposes" registry.</t>
              </li>
              <li>
                <t>The outer entry's value is a map or an array of at least two maps. Each map includes one inner entry, specifying the pair for a trust anchor TA of type TYPE. The inner entry is formatted as follows:      </t>
                <ul spacing="normal">
                  <li>
                    <t>The inner entry's key specifies the TA's type TYPE encoded as a CBOR integer, with integer value taken from the 'CBOR label' column of the "EDHOC Trust Anchor Types" registry.</t>
                  </li>
                  <li>
                    <t>The inner entry's value specifies the identifier of TA, whose encoding depends on TYPE and is specified by the 'Value type' column of the "EDHOC Trust Anchor Types" registry, for the registry entry that has TYPE as value of the 'Name' column.</t>
                  </li>
                </ul>
              </li>
            </ul>
          </li>
        </ul>
        <t>An example of JSON EDHOC_Information is given in <xref target="fig-edhoc-info-json"/>.</t>
        <figure anchor="fig-edhoc-info-json">
          <name>Example of JSON EDHOC_Information</name>
          <artwork><![CDATA[
   "edhoc_info" : {
       "session_id"    : b64'AQ==',
       "methods"       : 1,
       "cipher_suites" : 0,
       "trust_anchors" : {
         "edhoc_cred" : [
           { "c5u" : "coap://certs.c509.example" },
           { "x5u" : "coap://certs.x509.example" }
         ]
       }
   }
]]></artwork>
        </figure>
        <t>An example of CBOR EDHOC_Information is given in <xref target="fig-edhoc-info-cbor"/>.</t>
        <figure anchor="fig-edhoc-info-cbor">
          <name>Example of CBOR EDHOC_Information</name>
          <artwork><![CDATA[
   e'edhoc_info_param'  : {
     e'session_id'    : h'01',
     e'methods'       : 1,
     e'cipher_suites' : 0,
     e'trust_anchors' : {
       e'edhoc_cred' : [
         { e'c5t_ta_type' : [-15, h'81DC2F32CB87E163'] },
         { e'c5u_ta_type' : "coap://certs.c509.example" },
         { e'x5t_ta_type' : [-15, h'79F2A41B510C1F9B'] },
         { e'x5u_ta_type' : "coap://certs.x509.example" }
       ]
     }
   }
]]></artwork>
        </figure>
        <t>The CDDL grammar describing the CBOR EDHOC_Information is:</t>
        <artwork><![CDATA[
EDHOC_Information = {
  ?  0 => bstr,                               ; id
  ?  1 => int / [2* int],                     ; methods
  ?  2 => int / [2* int],                     ; cipher_suites
  ?  3 => true / false,                       ; message_4
  ?  4 => true / false,                       ; comb_req
  ?  5 => tstr,                               ; uri_path
  ?  6 => int / [2* int],                     ; cred_types
  ?  7 => int / tstr / [2* (int / tstr)],     ; id_cred_types
  ?  8 => uint / [2* uint],                   ; eads
  ?  9 => true / false,                       ; initiator
  ? 10 => true / false,                       ; responder
  ? 11 => trust_anchors_value,                ; trust_anchors
  * (int / tstr) => any
}

trust_anchors_value = {
  1* int => trust_anchors_outer_entry_value
}

trust_anchors_outer_entry_value =
  trust_anchors_container / [2* trust_anchors_container]

trust_anchors_container = {
  int => trust_anchors_inner_entry_value
}

trust_anchors_inner_entry_value = any
]]></artwork>
      </section>
    </section>
    <section anchor="c-rs-comm">
      <name>Client-RS Communication</name>
      <t>This section describes the exchange between C and RS, including the execution of the EDHOC protocol and the uploading of the access token from C to RS. An alternative workflow, where AS uploads the access token directly to RS, is defined in <xref target="I-D.ietf-ace-workflow-and-params"/>.</t>
      <t>C and RS run the EDHOC protocol (see <xref target="edhoc-exec"/>) and C uploads the access token through the EAD field of an EDHOC message (see <xref target="AT-in-EAD"/>). Once the EDHOC session is successfully completed, C and RS derive an OSCORE Security Context (see <xref target="oscore-security-context"/>). After that, OSCORE is used for protecting communications when C accesses resources at RS, as per the authorization information indicated in the access token (see <xref target="access-rights-verif"/>).</t>
      <t>Detailed examples are shown in <xref target="examples"/>.</t>
      <section anchor="AT-in-EAD">
        <name>EAD Item for Transporting Access Token</name>
        <t>This section defines an EAD item (see <xref section="3.8" sectionFormat="of" target="RFC9528"/>) for specifying an access token by value in the EAD field of an EDHOC message.</t>
        <t>The name of the EAD item is ACE-OAuth Access Token, for which the CDDL grammar is shown in <xref target="fig-ead-ace-oauth-access-token"/>.</t>
        <figure anchor="fig-ead-ace-oauth-access-token">
          <name>EAD Item ACE-OAuth Access Token.</name>
          <sourcecode type="cddl"><![CDATA[
ead_ace_oauth_access_token = (
  ead_label : e'ead_ace_oauth_access_token_label',
  ead_value : access_token
)
access_token = bstr
]]></sourcecode>
        </figure>
        <t>In particular:</t>
        <ul spacing="normal">
          <li>
            <t>ead_label is the integer value TBD registered in <xref target="iana-edhoc-ead"/>.</t>
          </li>
          <li>
            <t>ead_value is a CBOR byte string equal to the value of the "access_token" field of the access token response from AS (see <xref target="as-c"/>).</t>
          </li>
        </ul>
        <t>Note to RFC Editor: Please replace TBD with the value registered for ACE-OAuth Access Token in <xref target="iana-edhoc-ead"/>, then delete this note.</t>
        <t>This EAD item is critical, i.e., it is used only with the negative value of its ead_label, indicating that the receiving RS must progress the protocol using the received access token, or else abort the EDHOC session (see <xref section="3.8" sectionFormat="of" target="RFC9528"/>). A client or resource server supporting the profile of ACE defined in this document <bcp14>MUST</bcp14> support this EAD item.</t>
        <t>This EAD item is used only when uploading the first access token of a token series, but not for the dynamic update of access rights (see <xref target="update-access-rights-c-rs"/>).</t>
        <t>Example: assuming that ead_label is 24 and that the value of the "access_token" field of the access token response from AS is equal to h'8343a1010aa2044c53...0f6a' (elided for brevity), the critical EAD item is as follows:</t>
        <sourcecode type="cbor-diag"><![CDATA[
-24, h'8343a1010aa2044c53...0f6a'
]]></sourcecode>
        <t>Note to RFC Editor: Please replace the value of the ead_label with the value registered for ACE-OAuth Access Token in <xref target="iana-edhoc-ead"/>, then delete this note.</t>
      </section>
      <section anchor="edhoc-exec">
        <name>EDHOC Session</name>
        <t>In order to mutually authenticate and establish secure communication for authorized access according to the profile described in this document, C and RS run the EDHOC protocol augmented with an access token. During the EDHOC session, C specifies the access token to RS, in the EAD field of an EDHOC message. According to this document, C uses the EAD item ACE-OAuth Access Token defined in <xref target="AT-in-EAD"/> and specifying the access token by value. Future documents can define alternative EAD items for specifying the access token by reference.</t>
        <t>As per <xref section="A.2" sectionFormat="of" target="RFC9528"/>, EDHOC can be transferred over CoAP using either the forward or the reverse message flow, thus manifesting the two possible mappings between the ACE roles (client and resource server) and the EDHOC roles (Initiator and Responder), whereas the CoAP roles (client and server) remain the same. The choice of message flow and corresponding mapping depends on the deployment setting and in particular on which identity to protect the most, since EDHOC protects the identity of the Initiator against active attackers and the identity of the Responder against passive attackers.</t>
        <t>If the EDHOC forward message flow is used (see <xref target="forward"/>), C acts as EDHOC Initiator and the access token <bcp14>MUST</bcp14> be specified in the EAD_3 field of EDHOC message_3. If the EDHOC reverse message flow is used (see <xref target="reverse"/>), C acts as EDHOC Responder and the access token <bcp14>MUST</bcp14> be specified in the EAD_4 field of EDHOC message_4. By doing so, the access token specified in the EAD field is always protected by EDHOC, using authenticated encryption and achieving confidentiality against active attackers (see Sections <xref target="RFC9528" section="9.1" sectionFormat="bare"/> and <xref target="RFC9528" section="9.2" sectionFormat="bare"/> of <xref target="RFC9528"/>).</t>
        <t>The authentication credential AUTH_CRED_C that C specifies in the ID_CRED_X field during the EDHOC session <bcp14>MUST</bcp14> be the same one that C specifies in the access token request to AS (see <xref target="c-as"/>) and that is bound to the access token specified to RS during the EDHOC session.</t>
        <t>When RS processes the EAD item ACE-OAuth Access Token, RS <bcp14>MUST</bcp14> verify that the authentication credential AUTH_CRED_C that C specifies in the ID_CRED_X field during the EDHOC session is the same one that is bound to the access token specified by the EAD item. If such a verification fails, RS <bcp14>MUST</bcp14> abort the EDHOC session. Note that:</t>
        <ul spacing="normal">
          <li>
            <t>The ID_CRED_X field in question is the ID_CRED_I or ID_CRED_R field, when using the EDHOC forward message flow or reverse message flow, respectively.</t>
          </li>
          <li>
            <t>The authentication credential bound to the access token is specified by the "cnf" claim of the access token specified by the EAD item.</t>
          </li>
        </ul>
        <t>RS <bcp14>MUST</bcp14> have successfully validated the access token before successfully completing the EDHOC session. If completed successfully, the EDHOC session is associated with both the access token and the pair (SESSION_ID, AUTH_CRED_C). In particular, SESSION_ID is specified by the "session_id" field, within the EDHOC_Information object specified by the "edhoc_info" claim of the access token.</t>
        <t>Any previous EDHOC session associated with the same access token and with the same pair (SESSION_ID, AUTH_CRED_C) <bcp14>MUST</bcp14> be deleted. The OSCORE Security Context derived from that EDHOC session <bcp14>MUST</bcp14> also be deleted.</t>
        <t>Depending on the message flow used, the EDHOC messages will be carried either in CoAP POST requests or in CoAP 2.04 (Changed) responses, as detailed in <xref section="A.2" sectionFormat="of" target="RFC9528"/>.</t>
        <t>C <bcp14>MUST</bcp14> target the EDHOC resource at RS with the URI path specified in the "uri_path" field (if present) of the EDHOC_Information object within the access token response received from AS, which AS sent to C when issuing the first access token of the token series (see <xref target="c-as"/>). If the "uri_path" field is not present in that EDHOC_Information object, C assumes the target resource at RS to be the well-known EDHOC resource at the path /.well-known/edhoc.</t>
        <t>In this profile of ACE, RS <bcp14>MUST</bcp14> implement the CoAP Uri-Path-Abbrev Option specified in <xref target="I-D.ietf-core-uri-path-abbrev"/> and <bcp14>MUST</bcp14> understand the corresponding Uri-Path-Abbrev value 2 that abbreviates the path /.well-known/edhoc. While there is no equivalent requirement for C, the above ensures that the CoAP Uri-Path-Abbrev Option and its value are going to be understood by RS, if C includes the Option in a CoAP request that carries an EDHOC message and targets the well-known EDHOC resource at the path /.well-known/edhoc.</t>
        <t>RS has to ensure that no requests can be performed on an EDHOC resource other than for running the EDHOC protocol. Specifically, it <bcp14>SHOULD NOT</bcp14> be possible to perform any other operation than POST on an EDHOC resource.</t>
      </section>
      <section anchor="forward">
        <name>Forward Message Flow</name>
        <t>This section details the case where the EDHOC forward message flow is used (see <xref section="A.2.1" sectionFormat="of" target="RFC9528"/>), i.e., where C acts as the Initiator I and RS acts as the Responder R.</t>
        <t>Consistent with the EDHOC forward message flow, C sends EDHOC message_1 and EDHOC message_3 to an EDHOC resource at RS, as CoAP POST requests. RS sends EDHOC message_2 and (optionally) EDHOC message_4 as CoAP 2.04 (Changed) responses.</t>
        <section anchor="edhoc-message1">
          <name>EDHOC message_1</name>
          <t>The processing of EDHOC message_1 is as specified in <xref section="5.2" sectionFormat="of" target="RFC9528"/>, with the following additions:</t>
          <ul spacing="normal">
            <li>
              <t>The EDHOC method <bcp14>MUST</bcp14> be one of the EDHOC methods specified in the "methods" field (if present) of the EDHOC_Information object within the access token response received from AS, which AS sent to C when issuing the first access token of the token series (see <xref target="c-as"/>).</t>
            </li>
            <li>
              <t>The selected cipher suite <bcp14>MUST</bcp14> be an EDHOC cipher suite specified in the "cipher_suites" field (if present) of the EDHOC_Information object within the access token response received from AS, which AS sent to C when issuing the first access token of the token series (see <xref target="c-as"/>).</t>
            </li>
          </ul>
        </section>
        <section anchor="edhoc-message2">
          <name>EDHOC message_2</name>
          <t>The processing of EDHOC message_2 is as specified in <xref section="5.3" sectionFormat="of" target="RFC9528"/>, with the following additions:</t>
          <ul spacing="normal">
            <li>
              <t>The authentication credential CRED_R specified by the message field ID_CRED_R is AUTH_CRED_RS.</t>
            </li>
          </ul>
        </section>
        <section anchor="edhoc-message3">
          <name>EDHOC message_3</name>
          <t>The processing of EDHOC message_3 is as specified in <xref section="5.4" sectionFormat="of" target="RFC9528"/>, with the following additions:</t>
          <ul spacing="normal">
            <li>
              <t>The authentication credential CRED_I specified by the message field ID_CRED_I is AUTH_CRED_C.</t>
            </li>
            <li>
              <t>The EAD_3 field <bcp14>MUST</bcp14> include an EAD item that specifies the access token issued to C and bound to AUTH_CRED_C. According to this document, such EAD item is ACE-OAuth Access Token (see <xref target="AT-in-EAD"/>), which specifies the access token by value.  </t>
              <t>
The EAD_3 field <bcp14>MUST NOT</bcp14> include multiple EAD items specifying the access token. If zero or more than one EAD items specifying the access token are included in the EAD_3 field, then RS <bcp14>MUST</bcp14> abort the EDHOC session.  </t>
              <t>
RS <bcp14>MUST</bcp14> verify that the access token specified in the EAD item is valid. The validation follows the procedure specified in <xref target="rs-c"/>. If such validation fails, RS <bcp14>MUST</bcp14> reply to C with an EDHOC error message with ERR_CODE = 1 (see <xref section="6" sectionFormat="of" target="RFC9528"/>) and it <bcp14>MUST</bcp14> abort the EDHOC session.  </t>
              <t>
Editor's note: Instead of ERR_CODE = 1, consider using ERR_CODE = 3 "Access Denied" defined in draft-ietf-lake-authz</t>
            </li>
          </ul>
        </section>
      </section>
      <section anchor="reverse">
        <name>Reverse Message Flow</name>
        <t>This section details the case where the EDHOC reverse message flow is used (see <xref section="A.2.2" sectionFormat="of" target="RFC9528"/>), i.e., where C acts as the Responder R and RS acts as the Initiator I.</t>
        <t>Consistent with the EDHOC reverse message flow, C sends a trigger message, EDHOC message_2, and EDHOC message_4 to RS as CoAP POST requests. RS sends EDHOC message_1 and EDHOC message_3 as CoAP 2.04 (Changed) responses.</t>
        <t>In this profile of ACE, if C/RS implements the EDHOC reverse message flow, then C/RS <bcp14>MUST</bcp14> implement EDHOC message_4. In particular, when using the EDHOC reverse message flow, C <bcp14>MUST</bcp14> send EDHOC message_4 after successfully completing the processing of the incoming EDHOC message_3.</t>
        <section anchor="trigger-message">
          <name>Trigger Message</name>
          <t>As specified in <xref section="A.2.2" sectionFormat="of" target="RFC9528"/>, the trigger message is a POST request with no payload that C sends to the EDHOC resource at RS, intended to trigger a response conveying EDHOC message_1.</t>
          <t>If the access token is issued for a group-audience (see <xref section="6.9" sectionFormat="of" target="RFC9200"/>), then C can perform an EDHOC "roll call", by sending the trigger message as a group request, e.g., over IP multicast <xref target="I-D.ietf-core-groupcomm-bis"/>. For the sake of efficiency, it is expected that the group-audience is appropriately associated with a CoAP group and/or application group (see <xref section="2" sectionFormat="of" target="I-D.ietf-core-groupcomm-bis"/>), so that only the resource servers belonging to the group-audience receive the trigger message. After that, C can receive a different EDHOC message_1 from each of the targeted RSs and separately progresses the corresponding EDHOC sessions, by sending a different EDHOC message_2 to each RS that has replied with an EDHOC message_1.</t>
        </section>
        <section anchor="edhoc-message1-1">
          <name>EDHOC message_1</name>
          <t>The processing of EDHOC message_1 is as specified in <xref section="5.2" sectionFormat="of" target="RFC9528"/>.</t>
        </section>
        <section anchor="edhoc-message2-1">
          <name>EDHOC message_2</name>
          <t>The processing of EDHOC message_2 is as specified in <xref section="5.3" sectionFormat="of" target="RFC9528"/>, with the following additions:</t>
          <ul spacing="normal">
            <li>
              <t>The authentication credential CRED_R specified by the message field ID_CRED_R is AUTH_CRED_C.</t>
            </li>
          </ul>
        </section>
        <section anchor="edhoc-message3-1">
          <name>EDHOC message_3</name>
          <t>The processing of EDHOC message_3 is as specified in <xref section="5.4" sectionFormat="of" target="RFC9528"/>, with the following additions:</t>
          <ul spacing="normal">
            <li>
              <t>The authentication credential CRED_I specified by the message field ID_CRED_I is AUTH_CRED_RS.</t>
            </li>
          </ul>
        </section>
        <section anchor="edhoc-message4">
          <name>EDHOC message_4</name>
          <t>The processing of EDHOC message_4 is as specified in <xref section="5.5" sectionFormat="of" target="RFC9528"/>, with the following additions:</t>
          <ul spacing="normal">
            <li>
              <t>The EAD_4 field <bcp14>MUST</bcp14> include an EAD item that specifies the access token issued to C and bound to AUTH_CRED_C. According to this document, such EAD item is ACE-OAuth Access Token (see <xref target="AT-in-EAD"/>), which specifies the access token by value.  </t>
              <t>
The EAD_4 field <bcp14>MUST NOT</bcp14> include multiple EAD items specifying the access token. If zero or more than one EAD items specifying the access token are included in the EAD_4 field, then RS <bcp14>MUST</bcp14> abort the EDHOC session.  </t>
              <t>
RS <bcp14>MUST</bcp14> verify that the access token specified in the EAD item is valid. The validation follows the procedure specified in <xref target="rs-c"/>. If such validation fails, RS <bcp14>MUST</bcp14> reply to C with an EDHOC error message with ERR_CODE = 1 (see <xref section="6" sectionFormat="of" target="RFC9528"/>) and it <bcp14>MUST</bcp14> abort the EDHOC session.  </t>
              <t>
Editor's note: Instead of ERR_CODE = 1, consider using ERR_CODE = 3 "Access Denied"  defined in draft-ietf-lake-authz</t>
            </li>
          </ul>
        </section>
        <section anchor="timing-of-access-token-request">
          <name>Timing of Access Token Request</name>
          <t>When C sends to AS an access token request for requesting the first access token of a token series (see <xref target="c-as"/>), the "req_cnf" parameter of the access token request specifies C's authentication credential AUTH_CRED_C to be bound to the access token and to be used as CRED_R in the EDHOC session with RS. In particular, AUTH_CRED_C has to be consistent with the EDHOC session run with RS, i.e., compatible with the EDHOC authentication method and selected cipher suite used in that session.</t>
          <t>However, when using the EDHOC reverse message flow, such information is effectively indicated by RS when sending EDHOC message_1 to C. Therefore, C is generally not able to specify an appropriate AUTH_CRED_C to AS when requesting an access token as early as before sending the trigger message to RS.</t>
          <t>In the general case, the following applies.</t>
          <ul spacing="normal">
            <li>
              <t>If C knows the right AS associated with RS before sending the trigger message, then C can send the access token request to AS as soon as it receives and successfully processes EDHOC message_1 from RS. In particular, the "req_cnf" parameter of the access token request specifies the authentication credential AUTH_CRED_C that C uses in the ongoing EDHOC session, as specified through ID_CRED_R of EDHOC message_2 from C.  </t>
              <t>
The exchange of access token request/response between C and AS can occur in parallel with the exchange of EDHOC message_2 and message_3 between C and RS. However, receiving an access token response from AS is required by C to complete the processing of EDHOC message_3 from RS (unless C already stores RS' authentication credential AUTH_CRED_RS) and to compose EDHOC message_4 to send to RS.</t>
            </li>
            <li>
              <t>If C does not know the right AS associated with RS before sending the trigger message, C can gain knowledge of such AS during the EDHOC session, by including the EAD item Request Creation Hints in EDHOC message_2 and retrieving the information specified by RS from the EAD item Request Creation Hints in EDHOC message_3 (see <xref target="as-creation-hints"/>). Consequently, C can send the access token request to AS as soon as it receives EDHOC message_3 from RS. In particular, the "req_cnf" parameter of the access token request specifies the authentication credential AUTH_CRED_C that C uses in the ongoing EDHOC session and that was specified through ID_CRED_R of EDHOC message_2 from C.  </t>
              <t>
Like in the previous case, receiving an access token response from AS is required by C to complete the processing of EDHOC message_3 from RS (unless C already stores RS' authentication credential AUTH_CRED_RS) and to compose EDHOC message_4 to send to RS.</t>
            </li>
          </ul>
          <t>If C knows the right AS associated with RS before sending the trigger message, there are however particular circumstances under which C is able to send the access token request to AS even before sending the trigger message to RS. For example:</t>
          <ul spacing="normal">
            <li>
              <t>C owns only one authentication credential AUTH_CRED_C; or</t>
            </li>
            <li>
              <t>C knows in advance the EDHOC authentication method and selected cipher suite that RS is going to indicate in EDHOC message_1. Therefore, C can determine in advance an appropriate AUTH_CRED_C to bind to an access token and to specify in the access token request to AS.</t>
            </li>
          </ul>
        </section>
      </section>
      <section anchor="oscore-security-context">
        <name>OSCORE Security Context</name>
        <t>Once the EDHOC session is successfully completed, C and RS derive an OSCORE Security Context as defined in <xref section="A.1" sectionFormat="of" target="RFC9528"/>.</t>
        <t>In addition, RS associates the latest EDHOC session and the derived OSCORE Security Context with the stored access token, which is bound to the authentication credential AUTH_CRED_C used in the EDHOC session. The access token is also associated with the pair (SESSION_ID, AUTH_CRED_C), where SESSION_ID is the identifier of the token series to which the access token belongs.</t>
        <t>If supported by C, C <bcp14>MAY</bcp14> use the EDHOC + OSCORE combined request defined in <xref target="RFC9668"/>, unless the EDHOC_Information object specified by the "edhoc_info" parameter of the access token response included the "comb_req" field encoding the CBOR simple value <tt>false</tt> (0xf4).</t>
        <t>In the combined request, both EDHOC message_3 and the first OSCORE-protected application request are combined together in a single OSCORE-protected CoAP request, thus saving one round trip. This requires C to derive the OSCORE Security Context with RS already after having successfully processed the received EDHOC message_2 and before sending EDHOC message_3. An example is provided in <xref target="example-with-optimization"/>.</t>
      </section>
      <section anchor="update-access-rights-c-rs">
        <name>Update of Access Rights</name>
        <t>If C has a valid OSCORE Security Context associated with a valid access token at RS, then C can request from AS an update of the access rights as described in <xref target="c-as"/>.</t>
        <t>If the request is granted, then AS generates a new access token containing updated access rights for C (see <xref target="update-access-rights-c-as"/>), in the same token series of the current access token (see <xref target="token-series"/>).</t>
        <t>According to this document, AS provides the new access token to C (see <xref target="as-c"/>) for further uploading to RS (see <xref target="c-rs"/>). Alternatively, the new access token can be uploaded by AS directly to RS, as described in <xref target="I-D.ietf-ace-workflow-and-params"/>.</t>
        <t>If all validations are successful, C can access protected resources at RS according to the updated access rights, using the previously established OSCORE Security Context.</t>
        <t>The rest of this section describes the message exchange for the uploading of the new access token from C to RS.</t>
        <section anchor="c-rs">
          <name>C-to-RS: POST to /authz-info endpoint</name>
          <t>C can update its access rights by uploading the updated access token to RS using CoAP <xref target="RFC7252"/> and the Authorization Information endpoint as described in <xref section="5.10.1" sectionFormat="of" target="RFC9200"/>.</t>
          <t>That is, C sends a POST request to the /authz-info endpoint at RS, with the request payload containing the access token without any CBOR wrapping. As per <xref section="5.10.1" sectionFormat="of" target="RFC9200"/>, the Content-Format of the POST request <bcp14>MUST</bcp14> be "application/cwt" to reflect the format of the transported access token.</t>
          <t>C <bcp14>MUST</bcp14> protect the POST request using the current OSCORE Security Context shared with RS.</t>
          <t>Upon receiving an access token from C, RS <bcp14>MUST</bcp14> follow the procedures defined in <xref section="5.10.1" sectionFormat="of" target="RFC9200"/>. That is, RS <bcp14>MUST</bcp14> verify the validity of the access token. RS <bcp14>MAY</bcp14> make an introspection request (see <xref section="5.9.1" sectionFormat="of" target="RFC9200"/>) to validate the access token at AS.</t>
          <t>RS <bcp14>MUST</bcp14> check the following conditions:</t>
          <ul spacing="normal">
            <li>
              <t>RS checks whether it stores an access token T_OLD, such that:  </t>
              <ul spacing="normal">
                <li>
                  <t>The "session_id" field of the EDHOC_Information object specified by the "edhoc_info" claim matches the "session_id" field of the EDHOC_Information object specified by the "edhoc_info" claim of the new access token T_NEW.</t>
                </li>
                <li>
                  <t>The authentication credential specified by the "cnf" claim matches the authentication credential specified by the "cnf" claim of the new access token T_NEW. Note that, in T_OLD and T_NEW, the same authentication credential can be transported by value or uniquely referred to by means of an appropriate identifier.</t>
                </li>
              </ul>
            </li>
            <li>
              <t>RS checks whether the OSCORE Security Context CTX used to protect the request matches the OSCORE Security Context associated with the stored access token T_OLD.</t>
            </li>
          </ul>
          <t>If both the conditions above hold, RS <bcp14>MUST</bcp14> supersede the old access token T_OLD by replacing the corresponding authorization information with the one specified in the new access token T_NEW, and it <bcp14>MUST</bcp14> associate T_NEW with the OSCORE Security Context CTX.</t>
          <t>Note that C and RS do not execute the EDHOC protocol, they do not establish a new OSCORE Security Context, and AUTH_CRED_C remains the same.</t>
        </section>
        <section anchor="rs-c">
          <name>RS-to-C: 2.01 (Created)</name>
          <t>If all validations are successful, RS stores the new access token in such a way that it is possible to retrieve it based on the pair (SESSION_ID, AUTH_CRED_C), where SESSION_ID is the identifier of the token series to which the access token belongs. Note that SESSION_ID is specified in the "session_id" field of the EDHOC_Information object, within the "edhoc_info" claim of the access token.</t>
          <t>Then, RS <bcp14>MUST</bcp14> reply to the POST request by sending a 2.01 (Created) response with no payload. The response is protected with the same OSCORE Security Context used to protect the corresponding request. After that, C can access protected resources at RS according to the updated access rights, using the previously established OSCORE Security Context.</t>
          <t>Instead, if any validation fails, RS <bcp14>MUST</bcp14> respond with a 4.01 (Unauthorized) error response. RS <bcp14>MAY</bcp14> provide additional information in the payload of the error response, in order to clarify what went wrong.</t>
          <t>As specified in <xref section="5.10.1" sectionFormat="of" target="RFC9200"/>, when receiving a valid access token with updated authorization information from C (see <xref target="c-rs"/>), it is recommended that RS overwrites the previous access token. That is, only the latest authorization information in the access token received by RS is valid. This simplifies the process needed by RS to keep track of authorization information for a given client.</t>
        </section>
      </section>
      <section anchor="discard-context">
        <name>Discarding the OSCORE Security Context</name>
        <t>There are a number of cases where C or RS have to discard the OSCORE Security Context that they share, after which they can establish a new one (see <xref target="establish-new-context"/>).</t>
        <t>C <bcp14>MUST</bcp14> discard the current OSCORE Security Context shared with RS when any of the following occurs:</t>
        <ul spacing="normal">
          <li>
            <t>The OSCORE Sender Sequence Number space of C is exhausted.</t>
          </li>
          <li>
            <t>The access token associated with the OSCORE Security Context becomes invalid, for example, due to expiration or revocation.</t>
          </li>
          <li>
            <t>C receives a number of unprotected 4.01 (Unauthorized) responses to OSCORE-protected requests, which are sent to RS and protected using the same OSCORE Security Context. The exact number of such received responses needs to be specified by the application. This can happen, for example, due to lack of storage at RS, which then sends the "AS Request Creation Hints" message (see <xref section="5.3" sectionFormat="of" target="RFC9200"/>).</t>
          </li>
          <li>
            <t>The authentication credential of C (of RS) becomes invalid, e.g., due to expiration or revocation, and it was used as AUTH_CRED_C (AUTH_CRED_RS) in the EDHOC session to establish the OSCORE Security Context.</t>
          </li>
        </ul>
        <t>RS <bcp14>MUST</bcp14> discard the current OSCORE Security Context shared with C when any of the following occurs:</t>
        <ul spacing="normal">
          <li>
            <t>The OSCORE Sender Sequence Number space of RS is exhausted.</t>
          </li>
          <li>
            <t>The access token associated with the OSCORE Security Context becomes invalid, for example, due to expiration or revocation.</t>
          </li>
          <li>
            <t>The authentication credential of C (of RS) becomes invalid (e.g., due to expiration or revocation), and it was used as AUTH_CRED_C (AUTH_CRED_RS) in the EDHOC session to establish the OSCORE Security Context.</t>
          </li>
        </ul>
        <t>After a new access token is successfully uploaded to RS and a new OSCORE Security Context is established between C and RS, messages still in transit that were protected with the previous OSCORE Security Context might not be successfully verified by the recipient, since the old OSCORE Security Context might have been discarded. This means that messages sent shortly before C has uploaded the new access token to RS might not be successfully accepted by the recipient.</t>
        <t>Furthermore, implementations may want to cancel CoAP observations at RS, if registered before the new OSCORE Security Context has been established. Alternatively, applications need to implement a mechanism to ensure that, from then on, messages exchanged within those observations are going to be protected with the newly derived OSCORE Security Context.</t>
      </section>
      <section anchor="establish-new-context">
        <name>Establishing a New OSCORE Security Context</name>
        <t>The procedure for provisioning a new access token to RS specified in this section applies to various cases where an OSCORE Security Context shared between C and RS has been deleted, for example as described in <xref target="discard-context"/>.</t>
        <t>Another exceptional case is that where there is still a valid OSCORE Security Context but it needs to be updated, e.g., due to a policy limiting its use in terms of time or amount of processed data, or to the imminent exhaustion of the OSCORE Sender Sequence Number space. In this case, C and RS <bcp14>MAY</bcp14> alternatively attempt to run a key update protocol that they both support. One lightweight example is KUDOS <xref target="I-D.ietf-core-oscore-key-update"/>, which is independent of ACE and EDHOC and does not require the uploading of an access token. If C and RS do not support a common key update protocol to use for updating their still valid OSCORE Security Context, then C and RS fall back to EDHOC as outlined above.</t>
        <t>In either case, C and RS establish a new OSCORE Security Context that replaces the old one and will be used for protecting their communications from then on. In particular, RS <bcp14>MUST</bcp14> associate the new OSCORE Security Context with the current (potentially re-uploaded) access token. Furthermore, the SESSION_ID identifying the token series to which the access token belongs remains unchanged, even if C and RS have established a new EDHOC session. Unless C and RS re-run the EDHOC protocol, they preserve their OSCORE identifiers, i.e., their OSCORE Sender/Recipient IDs.</t>
      </section>
      <section anchor="access-rights-verif">
        <name>Access Rights Verification</name>
        <t>RS <bcp14>MUST</bcp14> follow the procedures defined in <xref section="5.10.2" sectionFormat="of" target="RFC9200"/>. That is, if RS receives an OSCORE-protected request targeting a protected resource from C, then RS processes the request according to <xref target="RFC8613"/>.</t>
        <t>If OSCORE verification succeeds and the target resource requires authorization, RS retrieves the authorization information using the access token associated with the OSCORE Security Context. Then, RS <bcp14>MUST</bcp14> verify that the authorization information covers the target resource and the action intended by C on it.</t>
      </section>
      <section anchor="access-token-invalidity">
        <name>Access Token Invalidity</name>
        <t>When an access token becomes invalid (e.g., due to its expiration or revocation), the following applies:</t>
        <ul spacing="normal">
          <li>
            <t>RS <bcp14>MUST</bcp14> delete the access token and the associated OSCORE Security Context.</t>
          </li>
          <li>
            <t>RS <bcp14>MUST</bcp14> abort and purge the EDHOC session from which the deleted OSCORE Security Context was derived.</t>
          </li>
          <li>
            <t>RS notifies C with a 4.01 (Unauthorized) error response for any long-running request, as specified in <xref section="5.8.3" sectionFormat="of" target="RFC9200"/>.</t>
          </li>
        </ul>
      </section>
      <section anchor="auth-cred-validity">
        <name>Authentication Credential Invalidity</name>
        <t>If an authentication credential AUTH_CRED_C of C is invalidated (e.g., it expires), then the following applies:</t>
        <ul spacing="normal">
          <li>
            <t>RS <bcp14>MUST</bcp14> delete all the stored access tokens that specify AUTH_CRED_C in the "cnf" claim.</t>
          </li>
          <li>
            <t>C <bcp14>MUST</bcp14> delete every stored access token such that, when C requested the first access token of the same series, the access token request to AS specified AUTH_CRED_C (see <xref target="c-as"/>).</t>
          </li>
          <li>
            <t>RS and C <bcp14>MUST</bcp14> abort and purge all the EDHOC sessions that used AUTH_CRED_C and successfully completed. Also, RS and C <bcp14>MUST</bcp14> delete the OSCORE Security Contexts derived from those sessions (see <xref target="discard-context"/>).</t>
          </li>
        </ul>
        <t>If an authentication credential AUTH_CRED_RS of RS is invalidated (e.g., it expires), then the following applies:</t>
        <ul spacing="normal">
          <li>
            <t>C <bcp14>MUST</bcp14> delete every stored access token such that, when C requested the first access token of the same series, the access token response from AS specified AUTH_CRED_RS (see <xref target="as-c"/>).</t>
          </li>
          <li>
            <t>C <bcp14>MUST</bcp14> delete every stored access token that C specified during an EDHOC session that used AUTH_CRED_RS and successfully completed.</t>
          </li>
          <li>
            <t>RS and C <bcp14>MUST</bcp14> abort and purge all the EDHOC sessions that used AUTH_CRED_RS and successfully completed. Also, RS and C <bcp14>MUST</bcp14> delete the OSCORE Security Contexts derived from those sessions (see <xref target="discard-context"/>).</t>
          </li>
        </ul>
      </section>
      <section anchor="session-validity">
        <name>EDHOC Session Invalidity</name>
        <t>If an EDHOC session is aborted and purged for other reasons than those listed in <xref target="auth-cred-validity"/>, then RS and C that established the session <bcp14>MUST</bcp14> delete the OSCORE Security Context derived from that session (see <xref target="discard-context"/>).</t>
      </section>
      <section anchor="as-creation-hints">
        <name>Using AS Request Creation Hints</name>
        <t>When replying to an unauthorized resource request message from a client, RS can send an unprotected AS Request Creation Hints message as a 4.01 (Unauthorized) error response (see <xref section="5.3" sectionFormat="of" target="RFC9200"/>).</t>
        <t>The message payload can specify a number of parameters that help the sender client acquire a valid access token from AS. These parameters include "audience" and "scope".</t>
        <t>If RS supports the EDHOC reverse message flow and sends an unprotected AS Request Creation Hints message, the following applies:</t>
        <ul spacing="normal">
          <li>
            <t>The message payload <bcp14>MUST NOT</bcp14> include the "audience" parameter.</t>
          </li>
          <li>
            <t>The message payload <bcp14>SHOULD NOT</bcp14> include the "scope" parameter, unless its value cannot contribute to expose the identity of RS.</t>
          </li>
        </ul>
        <t>This ensures that, if EDHOC is run per its reverse message flow (see <xref target="reverse"/>), the protection of RS' identity against active attackers is not defeated by exposing information about RS such as audience and scope.</t>
        <t>AS Request Creation Hints can also be requested and retrieved by means of the EAD item Request Creation Hints defined in this section.</t>
        <t>The CDDL grammar for the EAD item is shown in <xref target="fig-ead-rch"/> and its ead_label is registered in <xref target="iana-edhoc-ead"/>. An example of its usage is provided in <xref target="example-non-sequential-workflow"/>.</t>
        <figure anchor="fig-ead-rch">
          <name>EAD item Request Creation Hints.</name>
          <sourcecode type="cddl"><![CDATA[
ead_request_creation_hints = (
  ead_label : e'ead_request_creation_hints_label',
  ? ead_value : bstr .cbor AS_request_creation_hints
)
AS_request_creation_hints = { * $$AS_request_creation_hints_item }
                            .within { * int => any }
]]></sourcecode>
        </figure>
        <t>This EAD item is intended to be used in EAD fields of EDHOC messages exchanged between C and RS as follows:</t>
        <ul spacing="normal">
          <li>
            <t>In EAD_1 and EAD_2, when using the forward message flow.</t>
          </li>
          <li>
            <t>In EAD_2 and EAD_3, when using the reverse message flow.</t>
          </li>
        </ul>
        <t>In the first EDHOC message from C to RS, the EAD item has no ead_value and asks RS to include the same EAD item in the next EDHOC message.</t>
        <t>In the first EDHOC message from RS to C, the EAD item has ead_value. In particular, ead_value is a CBOR byte string whose value encodes the CBOR map that is used as payload in an unprotected AS Request Creation Hints message (see <xref section="5.3" sectionFormat="of" target="RFC9200"/>). The keys of the CBOR map are defined in the IANA registry "ACE Authorization Server Request Creation Hints" <xref target="ACE.Request.Creation.Hints"/>.</t>
        <t>This EAD item is non-critical, i.e., it can be ignored by the recipient peer. The EAD item is <bcp14>OPTIONAL</bcp14> to implement.</t>
        <t>Example: assuming ead_label 1 and the AS Request Creation Hints CBOR map containing one element with key 1 and with value the CBOR text string encoding "coap://www.example.com/token" (i.e., the absolute URI of the /token endpoint at AS), the non-critical EAD item in the first EDHOC message from RS to C is as follows:</t>
        <sourcecode type="cbor-diag"><![CDATA[
1, h'a101781c636f61703a2f2f7777772e6578616d706c652e636f6d2f746f6b656e'
]]></sourcecode>
        <t>Note to RFC Editor: Please replace the value of the ead_label with the value registered for Request Creation Hints in <xref target="iana-edhoc-ead"/>, then delete this note.</t>
        <t>Since C has not made an actual request targeting a specific application resource, RS may not know what resource C is interested in accessing. Moreover, such information needs to be matched against the privacy policy of the application. Since EDHOC message_2 is only protected against passive attackers, the AS Request Creation Hints CBOR map <bcp14>MUST NOT</bcp14> include "audience" and <bcp14>SHOULD NOT</bcp14> include "scope" when present in the EAD item conveyed in the EAD_2 field.</t>
      </section>
      <section anchor="auth-cred-by-value">
        <name>Requesting Authentication Credential By Value</name>
        <t>EDHOC peers need access to each other's authentication credentials to complete the protocol. To reduce unnecessary overhead, EDHOC allows identifying credentials by reference alternatively to transporting them by value. The ACE protocol includes the initial transport of authentication credentials of C and RS by value, and thus it matches the identification of credentials by reference in EDHOC.</t>
        <t>However, if one of the peers has deleted the other peer's authentication credential from its local storage, then there should be a way to restore it without requesting a new access token.</t>
        <t>Consider first the EDHOC forward message flow. If the ACE client / EDHOC Initiator identifies its credential AUTH_CRED_C by reference in ID_CRED_I of message_3, then the ACE resource server / EDHOC Responder can return an EDHOC error message with error code (ERR_CODE) 3 "Unknown credential referenced". This enables the Initiator to restart the protocol using some other ID_CRED_I (typically, the authentication credential AUTH_CRED_C specified by value), thereby resolving the issue.</t>
        <t>Instead, if the ACE resource server / EDHOC Responder identifies its credential AUTH_CRED_RS by reference in ID_CRED_R of message_2, then an EDHOC error message with error code (ERR_CODE) 3 "Unknown credential referenced" returned by the ACE client / EDHOC Initiator does not automatically solve the problem: since the Responder has aborted the EDHOC session without authenticating the Initiator, the Responder has no reliable way to act differently in a following EDHOC session with that other peer.</t>
        <t>In order to remediate this situation, this section specifies the EAD item Credential By Value for requesting the peer's authentication credential by value.</t>
        <t>The CDDL grammar for the EAD item is shown in <xref target="fig-ead-req-authcred"/> and its ead_label is registered in <xref target="iana-edhoc-ead"/>. An example of its usage is provided in <xref target="example-non-sequential-workflow"/>.</t>
        <figure anchor="fig-ead-req-authcred">
          <name>EAD item Credential By Value.</name>
          <sourcecode type="cddl"><![CDATA[
ead_credential_by_value = (
  ead_label : e'ead_credential_by_value_label'
)
]]></sourcecode>
        </figure>
        <t>This EAD item has no ead_value, and it can be used in the EAD_1 field of EDHOC message_1 and in the EAD_2 field of EDHOC message_2. When present in EAD_1, the EAD item requests the Responder to specify its authentication credential by value in ID_CRED_R of EDHOC message_2. When present in EAD_2, the EAD item requests the Initiator to specify its authentication credential by value in ID_CRED_I of EDHOC message_3.</t>
        <t>This EAD item is non-critical, i.e., it can be ignored by the recipient peer. The EAD item is <bcp14>OPTIONAL</bcp14> to implement.</t>
        <t>Example: assuming ead_label 15, the non-critical EAD item is as follows:</t>
        <sourcecode type="cbor-diag"><![CDATA[
15
]]></sourcecode>
        <t>Note to RFC Editor: Please replace the value of the ead_label with the value registered for Credential By Value in <xref target="iana-edhoc-ead"/>, then delete this note.</t>
        <t>In the EDHOC reverse message flow, this EAD item can be employed for better control of the transport of authentication credentials by value. Note that, in the reverse message flow, both C and RS are able to recover from an EDHOC error message with error code (ERR_CODE) 3 "Unknown credential referenced", but at the cost of more round trips that can be avoided by using this EAD item. That is:</t>
        <ul spacing="normal">
          <li>
            <t>The first case consists in the ACE client / EDHOC Responder that specifies its authentication credential AUTH_CRED_C by reference in ID_CRED_R of message_2 and receives an EDHOC error message with error code (ERR_CODE) 3 "Unknown credential referenced" as a reply from the ACE resource server / EDHOC Initiator. After that, the ACE client / EDHOC Responder can trigger a new EDHOC session and specify its authentication credential by value in ID_CRED_R of message_2.</t>
          </li>
          <li>
            <t>The second case consists in the ACE resource server / EDHOC Initiator that specifies its authentication credential AUTH_CRED_RS by reference in ID_CRED_I of message_3 and receives an EDHOC error message with error code (ERR_CODE) 3 "Unknown credential referenced" as a reply from the ACE client / EDHOC Responder. After that, since the ACE resource server / EDHOC Initiator authenticated C, it can store C's authentication credential AUTH_CRED_C and specify its own authentication credential AUTH_CRED_RS by value in ID_CRED_I of message_3, during the next EDHOC session with C.</t>
          </li>
        </ul>
      </section>
    </section>
    <section anchor="secure-comm-as">
      <name>Secure Communication with AS</name>
      <t>As specified in the ACE framework (see Sections <xref target="RFC9200" section="5.8" sectionFormat="bare"/> and <xref target="RFC9200" section="5.9" sectionFormat="bare"/> of <xref target="RFC9200"/>), the requesting entity (RS and/or C) and AS communicate via the /token or /introspect endpoint. When using this profile, the use of CoAP <xref target="RFC7252"/> and OSCORE <xref target="RFC8613"/> for this communication is <bcp14>RECOMMENDED</bcp14>, in order to reduce the number of libraries that C and RS have to support. Other protocols fulfilling the security requirements defined in Sections <xref target="RFC9200" section="5" sectionFormat="bare"/> and <xref target="RFC9200" section="6" sectionFormat="bare"/> of <xref target="RFC9200"/> (such as HTTP and DTLS <xref target="RFC9147"/> or TLS <xref target="RFC8446"/>) <bcp14>MAY</bcp14> be used instead.</t>
      <t>If OSCORE is used, the requesting entity and AS need to have an OSCORE Security Context in place. While this can be pre-installed, the requesting entity and AS can establish such an OSCORE Security Context, for example, by running the EDHOC protocol, as shown between C and AS by the examples in <xref target="examples"/>. This also applies to the communication between RS and AS, for example to protect the upload of access tokens from AS directly to RS as described in <xref target="I-D.ietf-ace-workflow-and-params"/>.</t>
    </section>
    <section anchor="use-with-key-groupcomm-profiles">
      <name>Use with Application Profiles of ACE for Group Key Provisioning</name>
      <t>The EDHOC and OSCORE profile specified in the present document can be used in combination with application profiles of ACE for key provisioning for group communication <xref target="RFC9594"/>, such as <xref target="I-D.ietf-ace-key-groupcomm-oscore"/> and <xref target="I-D.ietf-ace-coap-pubsub-profile"/>.</t>
      <t>When doing so, the EDHOC and OSCORE profile is used by a client that wants to join a security group and by an RS that acts as the Key Distribution Center (KDC) responsible for that group. According to what is defined in the present document, the client does not upload the first access token of a token series  to the /authz-info endpoint at RS over an unprotected channel. Consequently, the client does not obtain the N_S challenge from RS acting as KDC (see <xref section="3.3" sectionFormat="of" target="RFC9594"/>).</t>
      <t>Therefore, when using the EDHOC and OSCORE profile in combination with one of the application profiles of <xref target="RFC9594"/> mentioned above, the following holds for computing the N_S challenge used in such application profiles.</t>
      <ul spacing="normal">
        <li>
          <t>In the ACE application profile specified in <xref target="I-D.ietf-ace-key-groupcomm-oscore"/>, when the provisioning of the access token to the Group Manager (i.e., the KDC) has relied on the EDHOC and OSCORE profile of ACE specified in the present document and the access token was specified in the EAD item ACE-OAuth Access Token (see <xref target="AT-in-EAD"/>), then N_S is derived using the EDHOC_Exporter interface defined in <xref section="4.2.1" sectionFormat="of" target="RFC9528"/>.  </t>
          <t>
Specifically, N_S is exported from the EDHOC session associated with the access token and established between the client and the Group Manager. The following is provided as input to the EDHOC_Exporter interface:  </t>
          <ul spacing="normal">
            <li>
              <t>The 'exporter_label' parameter is the unsigned integer EXPORTER_LABEL_TBD_26, which is registered in <xref target="iana-edhoc-exporter-labels"/> of the present document.</t>
            </li>
            <li>
              <t>The 'context' parameter is h'' (0x40), i.e., the empty CBOR byte string.</t>
            </li>
            <li>
              <t>The 'length' parameter is 32, i.e., the intended length of N_S in bytes.</t>
            </li>
          </ul>
        </li>
        <li>
          <t>In the ACE application profile specified in <xref target="I-D.ietf-ace-coap-pubsub-profile"/>, when the provisioning of the access token to the KDC has relied on the EDHOC and OSCORE profile of ACE specified in the present document and the access token was specified in the EAD item ACE-OAuth Access Token (see <xref target="AT-in-EAD"/>), then N_S is derived using the EDHOC_Exporter interface defined in <xref section="4.2.1" sectionFormat="of" target="RFC9528"/>.  </t>
          <t>
Specifically, N_S is exported from the EDHOC session associated with the access token and established between the client and the KDC. The following is provided as input to the EDHOC_Exporter interface:  </t>
          <ul spacing="normal">
            <li>
              <t>The 'exporter_label' parameter is the unsigned integer EXPORTER_LABEL_TBD_27, which is registered in <xref target="iana-edhoc-exporter-labels"/> of the present document.</t>
            </li>
            <li>
              <t>The 'context' parameter is h'' (0x40), i.e., the empty CBOR byte string.</t>
            </li>
            <li>
              <t>The 'length' parameter is 32, i.e., the intended length of N_S in bytes.</t>
            </li>
          </ul>
        </li>
      </ul>
    </section>
    <section anchor="ssec-cwt-conf">
      <name>CWT Confirmation Methods</name>
      <t>This document defines a number of new CWT confirmation methods, which are registered in <xref target="iana-cwt-confirmation-methods"/>. The semantics of each confirmation method is defined below.</t>
      <section anchor="ssec-cwt-conf-x5chain">
        <name>Ordered Chain of X.509 Certificates</name>
        <t>The confirmation method "x5chain" specifies an ordered array of X.509 certificates <xref target="RFC5280"/>. The semantics of "x5chain" is like that of the "x5chain" COSE Header Parameter specified in <xref target="RFC9360"/>.</t>
      </section>
      <section anchor="ssec-cwt-conf-x5bag">
        <name>Unordered Bag of X.509 Certificates</name>
        <t>The confirmation method "x5bag" specifies a bag of X.509 certificates <xref target="RFC5280"/>. The semantics of "x5bag" is like that of the "x5bag" COSE Header Parameter specified in <xref target="RFC9360"/>.</t>
      </section>
      <section anchor="ssec-cwt-conf-x5t">
        <name>Hash of an X.509 Certificate</name>
        <t>The confirmation method "x5t" specifies the hash value of the end-entity X.509 certificate <xref target="RFC5280"/>. The semantics of "x5t" is like that of the "x5t" COSE Header Parameter specified in <xref target="RFC9360"/>.</t>
      </section>
      <section anchor="ssec-cwt-conf-x5u">
        <name>URI Pointing to an X.509 Certificate</name>
        <t>The confirmation method "x5u" specifies a URI <xref target="RFC3986"/> that identifies an X.509 certificate <xref target="RFC5280"/>. The semantics of "x5u" is like that of the "x5u" COSE Header Parameter specified in <xref target="RFC9360"/>.</t>
      </section>
      <section anchor="ssec-cwt-conf-c5c">
        <name>Ordered Chain of C509 Certificates</name>
        <t>The confirmation method "c5c" specifies an ordered array of C509 certificates <xref target="I-D.ietf-cose-cbor-encoded-cert"/>. The semantics of "c5c" is like that of the "c5c" COSE Header Parameter specified in <xref target="I-D.ietf-cose-cbor-encoded-cert"/>.</t>
      </section>
      <section anchor="ssec-cwt-conf-c5b">
        <name>Unordered Bag of C509 Certificates</name>
        <t>The confirmation method "c5b" specifies a bag of C509 certificates <xref target="I-D.ietf-cose-cbor-encoded-cert"/>. The semantics of "c5b" is like that of the "c5b" COSE Header Parameter specified in <xref target="I-D.ietf-cose-cbor-encoded-cert"/>.</t>
      </section>
      <section anchor="ssec-cwt-conf-c5t">
        <name>Hash of a C509 Certificate</name>
        <t>The confirmation method "c5t" specifies the hash value of the end-entity C509 certificate <xref target="I-D.ietf-cose-cbor-encoded-cert"/>. The semantics of "c5t" is like that of the "c5t" COSE Header Parameter specified in <xref target="I-D.ietf-cose-cbor-encoded-cert"/>.</t>
      </section>
      <section anchor="ssec-cwt-conf-c5u">
        <name>URI Pointing to a C509 Certificate</name>
        <t>The confirmation method "c5u" specifies a URI <xref target="RFC3986"/> that identifies a C509 certificate <xref target="I-D.ietf-cose-cbor-encoded-cert"/>. The semantics of "c5u" is like that of the "c5u" COSE Header Parameter specified in <xref target="I-D.ietf-cose-cbor-encoded-cert"/>.</t>
      </section>
      <section anchor="ssec-cwt-conf-kcwt">
        <name>CWT Containing a COSE_Key</name>
        <t>The confirmation method "kcwt" specifies a CBOR Web Token (CWT) <xref target="RFC8392"/> containing a COSE_Key <xref target="RFC9053"/> in a "cnf" claim and possibly other claims. The semantics of "kcwt" is like that of the "kcwt" COSE Header Parameter specified in <xref target="RFC9528"/>.</t>
      </section>
      <section anchor="ssec-cwt-conf-kccs">
        <name>CCS Containing a COSE_Key</name>
        <t>The confirmation method "kccs" specifies a CWT Claims Set (CCS) <xref target="RFC8392"/> containing a COSE_Key <xref target="RFC9053"/> in a "cnf" claim and possibly other claims. The semantics of "kccs" is like that of the "kccs" COSE Header Parameter specified in <xref target="RFC9528"/>.</t>
      </section>
    </section>
    <section anchor="ssec-jwt-conf">
      <name>JWT Confirmation Methods</name>
      <t>This document defines a number of new JWT confirmation methods, which are registered in <xref target="iana-jwt-confirmation-methods"/>. The semantics of each confirmation method is defined below.</t>
      <section anchor="ssec-jwt-conf-x5c">
        <name>Ordered Chain of X.509 Certificates</name>
        <t>The confirmation method "x5c" specifies an ordered array of X.509 certificates <xref target="RFC5280"/>. The semantics of "x5c" is like that of the "x5c" JSON Web Signature and Encryption Header Parameter specified in <xref target="RFC7515"/>, with the following difference. The public key contained in the first certificate is the proof-of-possession key and does not have to correspond to a key used to digitally sign the JWS.</t>
      </section>
      <section anchor="ssec-jwt-conf-x5b">
        <name>Unordered Bag of X.509 Certificates</name>
        <t>The confirmation method "x5b" specifies a bag of X.509 certificates <xref target="RFC5280"/>. The semantics of "x5b" is like that of the "x5c" JWT confirmation method defined in <xref target="ssec-jwt-conf-x5c"/>, with the following differences. First, the set of certificates is unordered and may contain self-signed certificates. Second, the composition and processing of "x5b" are like for the "x5bag" COSE Header Parameter defined in <xref target="RFC9360"/>.</t>
      </section>
      <section anchor="ssec-jwt-conf-x5t">
        <name>Hash of an X.509 Certificate</name>
        <t>The confirmation method "x5t" specifies the hash value of the end-entity X.509 certificate <xref target="RFC5280"/>. The semantics of "x5t" is like that of the "x5t" JSON Web Signature and Encryption Header Parameter specified in <xref target="RFC7515"/>.</t>
      </section>
      <section anchor="ssec-jwt-conf-x5u">
        <name>URI Pointing to an X.509 Certificate</name>
        <t>The confirmation method "x5u" specifies a URI <xref target="RFC3986"/> that identifies an X.509 certificate <xref target="RFC5280"/>. It specifies a JSON string, with value the URI. The semantics of "x5u" is like that of the "x5u" COSE Header Parameter specified in <xref target="RFC9360"/>, with the following difference. The public key contained in the X.509 certificate is the proof-of-possession key and does not have to correspond to a key used to digitally sign the JWS.</t>
      </section>
      <section anchor="ssec-jwt-conf-c5c">
        <name>Ordered Chain of C509 Certificates</name>
        <t>The confirmation method "c5c" specifies an ordered array of C509 certificates <xref target="I-D.ietf-cose-cbor-encoded-cert"/>. The semantics of "c5c" is like that of the "x5c" JWT confirmation method defined in <xref target="ssec-jwt-conf-x5c"/>, with the following difference. Each string in the JSON array is a base64-encoded (<xref section="4" sectionFormat="of" target="RFC4648"/> - not base64url-encoded) C509 certificate.</t>
      </section>
      <section anchor="ssec-jwt-conf-c5b">
        <name>Unordered Bag of C509 Certificates</name>
        <t>The confirmation method "c5b" specifies a bag of C509 certificates <xref target="I-D.ietf-cose-cbor-encoded-cert"/>. The semantics of "c5b" is like that of the "c5c" JWT confirmation method defined in <xref target="ssec-jwt-conf-c5c"/>, with the following differences. First, the set of certificates is unordered and may contain self-signed certificates. Second, the composition and processing of "c5b" is like for the "c5b" COSE Header Parameter defined in <xref target="I-D.ietf-cose-cbor-encoded-cert"/>.</t>
      </section>
      <section anchor="ssec-jwt-conf-c5t">
        <name>Hash of a C509 Certificate</name>
        <t>The confirmation method "c5t" specifies the hash value of the end-entity C509 certificate <xref target="I-D.ietf-cose-cbor-encoded-cert"/>. The semantics of "c5t" is like that of the "x5t" JWT confirmation method defined in <xref target="ssec-jwt-conf-x5t"/>, with the following differences. First, the base64url-encoded SHA-1 thumbprint is computed over the C509 certificate. Second, the public key contained in the C509 certificate does not have to correspond to a key used to digitally sign the JWS.</t>
      </section>
      <section anchor="ssec-jwt-conf-c5u">
        <name>URI Pointing to a C509 Certificate</name>
        <t>The confirmation method "c5u" specifies a URI <xref target="RFC3986"/> that identifies a C509 certificate <xref target="I-D.ietf-cose-cbor-encoded-cert"/>. It specifies a JSON string, with value the URI. The semantics of "c5u" is like that of the "x5u" JWT confirmation method defined in <xref target="ssec-jwt-conf-x5u"/>, with the following differences. First, the URI refers to a resource for the C509 certificate. Second, the public key contained in the C509 certificate and acting as proof-of-possession key does not have to correspond to a key used to digitally sign the JWS.</t>
      </section>
      <section anchor="ssec-jwt-conf-kcwt">
        <name>CWT Containing a COSE_Key</name>
        <t>The confirmation method "kcwt" specifies a CBOR Web Token (CWT) <xref target="RFC8392"/> containing a COSE_Key <xref target="RFC9053"/> in a "cnf" claim and possibly other claims. It specifies a JSON string, with value the base64url-encoded serialization of the CWT.</t>
      </section>
      <section anchor="ssec-jwt-conf-kccs">
        <name>CCS Containing a COSE_Key</name>
        <t>The confirmation method "kccs" specifies a CWT Claims Set (CCS) <xref target="RFC8392"/> containing a COSE_Key <xref target="RFC9053"/> in a "cnf" claim and possibly other claims. It specifies a JSON string, with value the base64url-encoded serialization of the CCS.</t>
      </section>
    </section>
    <section anchor="sec-edhoc-ta-purposes">
      <name>EDHOC Trust Anchor Purposes</name>
      <t>This document defines the following EDHOC trust anchor purpose.</t>
      <t>Note to RFC Editor: Please replace all occurrences of "[RFC-XXXX]" with the RFC number of this specification and delete this paragraph.</t>
      <table align="center" anchor="_table-edhoc-ta-purposes">
        <name>EDHOC Trust Anchor Purposes</name>
        <thead>
          <tr>
            <th align="left">Name</th>
            <th align="left">CBOR label</th>
            <th align="left">Description</th>
            <th align="left">Reference</th>
          </tr>
        </thead>
        <tbody>
          <tr>
            <td align="left">edhoc_cred</td>
            <td align="left">0</td>
            <td align="left">Verifying authentication credentials of other EDHOC peers in EDHOC sessions</td>
            <td align="left">[RFC-XXXX]<xref target="RFC9528"/></td>
          </tr>
        </tbody>
      </table>
      <t>Trust anchors with purpose "edhoc_cred" are used for verifying authentication credentials of other EDHOC peers in an EDHOC session, and they typically are authentication credentials of Certificate Authorities (CAs).</t>
    </section>
    <section anchor="sec-edhoc-ta-types">
      <name>EDHOC Trust Anchor Types</name>
      <t>This document defines the following EDHOC trust anchor types.</t>
      <t>Note to RFC Editor: Please replace all occurrences of "[RFC-XXXX]" with the RFC number of this specification and delete this paragraph.</t>
      <table align="center" anchor="_table-edhoc-ta-types">
        <name>EDHOC Trust Anchor Types</name>
        <thead>
          <tr>
            <th align="left">Name</th>
            <th align="left">CBOR label</th>
            <th align="left">Value type</th>
            <th align="left">Description</th>
            <th align="left">Reference</th>
          </tr>
        </thead>
        <tbody>
          <tr>
            <td align="left">uuid</td>
            <td align="left">0</td>
            <td align="left">#6.37(bstr)</td>
            <td align="left">Binary CBOR-encoded UUID</td>
            <td align="left">[RFC-XXXX]<xref target="RFC9562"/></td>
          </tr>
          <tr>
            <td align="left">kid</td>
            <td align="left">4</td>
            <td align="left">bstr</td>
            <td align="left">Key identifier</td>
            <td align="left">[RFC-XXXX]<xref target="RFC9052"/></td>
          </tr>
          <tr>
            <td align="left">c5t</td>
            <td align="left">22</td>
            <td align="left">COSE_CertHash</td>
            <td align="left">Hash of a C509 certificate</td>
            <td align="left">[RFC-XXXX][draft-ietf-cose-cbor-encoded-cert]</td>
          </tr>
          <tr>
            <td align="left">c5u</td>
            <td align="left">23</td>
            <td align="left">uri</td>
            <td align="left">URI pointing to a C509 certificate</td>
            <td align="left">[RFC-XXXX][draft-ietf-cose-cbor-encoded-cert]</td>
          </tr>
          <tr>
            <td align="left">x5t</td>
            <td align="left">34</td>
            <td align="left">COSE_CertHash</td>
            <td align="left">Hash of an X.509 certificate</td>
            <td align="left">[RFC-XXXX]<xref target="RFC9360"/></td>
          </tr>
          <tr>
            <td align="left">x5u</td>
            <td align="left">35</td>
            <td align="left">uri</td>
            <td align="left">URI pointing to an X.509 certificate</td>
            <td align="left">[RFC-XXXX]<xref target="RFC9360"/></td>
          </tr>
        </tbody>
      </table>
    </section>
    <section anchor="operational-considerations">
      <name>Operational Considerations</name>
      <t>In addition to the considerations already discussed in this document, this section compiles additional operational considerations that hold for this document.</t>
      <section anchor="rs-belonging-to-multiple-audiences-with-different-authentication-credentials">
        <name>RS Belonging to Multiple Audiences with Different Authentication Credentials</name>
        <t>It is possible that RS supports multiple EDHOC cipher suites and methods. In such case, it could happen that RS has different authentication credentials, each consistent with one or more supported combinations of cipher suite and method.</t>
        <t>For example, if RS supports EDHOC cipher suites 0 and 2 as well as methods 0 and 3, RS needs to have the following authentication credentials:</t>
        <ul spacing="normal">
          <li>
            <t>One credential using EdDSA with curve Ed25519 for method 0.</t>
          </li>
          <li>
            <t>One credential using ECDSA with curve P-256 for method 0.</t>
          </li>
          <li>
            <t>One credential using ECDSA with curve P-256 for method 3.</t>
          </li>
          <li>
            <t>One credential using X25519 for method 3.</t>
          </li>
        </ul>
        <t>To allow AS to select the appropriate authentication credential of RS when composing the access token response to C (see <xref target="as-c"/>), RS should belong to a different audience for each of its authentication credentials.</t>
        <t>When C requests an access token from AS (see <xref target="c-as"/>), it specifies an audience corresponding to an authentication credential of RS that is compatible with the authentication credential of C specified in the access token request. This means that, prior to requesting an access token, C has to determine which EDHOC cipher suites and methods RS supports and the corresponding audience values. The discovery of RS' capabilities can rely on pre-configuration or on mechanisms defined in <xref target="I-D.ietf-lake-app-profiles"/>. The knowledge of audience values can be pre-configured.</t>
      </section>
      <section anchor="keeping-information-about-c-and-rs-up-to-date-at-as">
        <name>Keeping Information About C and RS Up-to-Date at AS</name>
        <t>In this profile, the EDHOC_Information object is built by AS to guide C and RS towards executing the EDHOC protocol. Note that, when AS builds an EDHOC_Information object intended for C (included in an access token response) or RS (included in an access token), the object must specify information that is aligned with the capabilities of C and RS, to the best of AS' knowledge. In practice, this means that it is important that the information that AS has about C and RS is kept up-to-date, to reflect what C and RS support as EDHOC peers. The means that AS uses to achieve this are out of scope for this document.</t>
      </section>
    </section>
    <section anchor="security-considerations">
      <name>Security Considerations</name>
      <t>This document specifies a profile for the Authentication and Authorization for Constrained Environments (ACE) framework <xref target="RFC9200"/>. Thus, the general security considerations from the ACE framework also apply to this profile.</t>
      <t>Furthermore, the security considerations from OSCORE <xref target="RFC8613"/> and from EDHOC <xref target="RFC9528"/> also apply to this specific use of the OSCORE and EDHOC protocols.</t>
      <t>Proof of possession is achieved by RS during the EDHOC session, as soon as both the following conditions hold. The EDHOC message flow used by C and RS determines when the two conditions are met during the EDHOC session at the earliest.</t>
      <ul spacing="normal">
        <li>
          <t>RS has received from C the EDHOC message that specifies the access token, which in turn is bound to and specifies C's authentication credential AUTH_CRED_C; and</t>
        </li>
        <li>
          <t>RS has authenticated C as per AUTH_CRED_C, thereby proving that C owns the private key corresponding to the public key associated with AUTH_CRED_C.</t>
        </li>
      </ul>
      <t>As previously stated, once completed the EDHOC session, C and RS are mutually authenticated through their respective authentication credentials, whose retrieval has been facilitated by AS. Also, once completed the EDHOC session, C and RS have established a long-term secret key PRK_out enjoying forward secrecy. This is in turn used by C and RS to establish an OSCORE Security Context.</t>
      <t>When using the EDHOC forward message flow (see <xref target="forward"/>), RS achieves confirmation that C has PRK_out when receiving and successfully processing EDHOC message_3 from C. Instead, C achieves confirmation that RS has PRK_out when receiving and successfully processing the optional EDHOC message_4 from RS, or when receiving and successfully verifying a response from RS protected with the established OSCORE Security Context.</t>
      <t>When using the EDHOC reverse message flow (see <xref target="reverse"/>), RS achieves confirmation that C has PRK_out when receiving and successfully processing EDHOC message_4 from C. Instead, C achieves confirmation that RS has PRK_out when receiving and successfully processing EDHOC message_3 from RS.</t>
      <t>OSCORE is designed to secure point-to-point communication, providing a secure binding between a request and the corresponding response(s). Thus, the basic OSCORE protocol is not intended for use in point-to-multipoint communication (e.g., enforced via multicast or a publish-subscribe model). Implementers of this profile should make sure that their use case of OSCORE corresponds to the expected one, in order to prevent weakening the security assurances provided by OSCORE.</t>
      <t>When using this profile, it is <bcp14>RECOMMENDED</bcp14> that RS stores only one access token per client. The use of multiple access tokens for a single client increases the strain on RS, since it must consider every access token associated with the client and calculate the actual permissions that the client has. Also, access tokens indicating different or disjoint permissions from each other may lead RS to enforce wrong permissions.  If one of the access tokens expires earlier than others, the resulting permissions may offer insufficient protection. Developers <bcp14>SHOULD</bcp14> avoid using multiple access tokens for the same client. Furthermore, with reference to access tokens issued in accordance with this profile, RS <bcp14>MUST NOT</bcp14> store more than one access token per client per PoP-key (i.e., per client's authentication credential).</t>
      <t>This profile defines the confirmation methods "kcwt" and "kccs" corresponding to the use of CBOR Web Tokens (CWTs) and CWT Claims Set (CCSs), respectively. Security considerations for CWTs and CCSs and for the COSE header parameters "kcwt" and "kccs" are given in <xref section="9.8" sectionFormat="of" target="RFC9528"/>, and they also apply to the corresponding confirmation methods defined in <xref target="ssec-cwt-conf"/> and <xref target="ssec-jwt-conf"/> of this document. In particular, the contents of the CWT or CCS must be processed as untrusted input. The application needs to define a trust-establishment mechanism and identify the relevant trust anchors.</t>
    </section>
    <section anchor="privacy-considerations">
      <name>Privacy Considerations</name>
      <t>This document specifies a profile for the Authentication and Authorization for Constrained Environments (ACE) framework <xref target="RFC9200"/>. Thus, the general privacy considerations from the ACE framework also apply to this profile.</t>
      <t>Furthermore, the privacy considerations from OSCORE <xref target="RFC8613"/> and from EDHOC <xref target="RFC9528"/> also apply to this specific use of the OSCORE and EDHOC protocols.</t>
      <t>An unprotected response to an unauthorized request may disclose information about RS and/or its existing relationship with C. It is advisable to include as little information as possible in an unencrypted response from RS (see also <xref target="as-creation-hints"/>). When an OSCORE Security Context already exists between C and RS, more detailed information may be included in a protected response from RS.</t>
      <t>The (encrypted) access token is never sent in an unprotected POST request to the /authz-info endpoint at RS. Thus, even if C uses the same single access token from multiple locations, the access token's value does not contribute to the risk of C being tracked.</t>
      <t>The identifiers used in OSCORE, i.e., the OSCORE Sender/Recipient IDs, are negotiated by C and RS during the EDHOC session. When using the EDHOC forward (reverse) message flow:</t>
      <ul spacing="normal">
        <li>
          <t>The EDHOC Connection Identifier C_I (C_R) of C is going to be the OSCORE Recipient ID of C, i.e., the OSCORE Sender ID of RS.</t>
        </li>
        <li>
          <t>The EDHOC Connection Identifier C_R (C_I) of RS is going to be the OSCORE Recipient ID of RS, i.e., the OSCORE Sender ID of C.</t>
        </li>
      </ul>
      <t>These OSCORE identifiers are privacy sensitive (see <xref section="12.8" sectionFormat="of" target="RFC8613"/>). In particular, they could reveal information about C or may be used for correlating different requests from C, e.g., across different networks that C has joined and left over time. This can be mitigated if C and RS dynamically update their OSCORE identifiers, e.g., by using the method defined in <xref target="I-D.ietf-core-oscore-id-update"/>.</t>
    </section>
    <section anchor="iana-considerations">
      <name>IANA Considerations</name>
      <t>This document has the following actions for IANA.</t>
      <t>Note to RFC Editor: Please replace all occurrences of "[RFC-XXXX]" with the RFC number of this specification and delete this paragraph.</t>
      <section anchor="iana-ace-oauth-profile">
        <name>ACE Profiles Registry</name>
        <t>IANA is asked to add the following entry to the "ACE Profiles" registry <xref target="ACE.Profiles"/> within the "Authentication and Authorization for Constrained Environments (ACE)" registry group, following the procedure specified in <xref target="RFC9200"/>.</t>
        <ul spacing="normal">
          <li>
            <t>Name: coap_edhoc_oscore</t>
          </li>
          <li>
            <t>Description: Profile for delegating client authentication and authorization in a constrained environment by establishing an OSCORE Security Context <xref target="RFC8613"/> between resource-constrained nodes, through the execution of the lightweight authenticated key exchange protocol EDHOC <xref target="RFC9528"/>.</t>
          </li>
          <li>
            <t>CBOR Value:  TBD (value between 1 and 23)</t>
          </li>
          <li>
            <t>Reference:  [RFC-XXXX]</t>
          </li>
        </ul>
      </section>
      <section anchor="iana-oauth-params">
        <name>OAuth Parameters Registry</name>
        <t>IANA is asked to add the following entry to the "OAuth Parameters" registry <xref target="OAuth.Parameters"/> within the "OAuth Parameters" registry group.</t>
        <ul spacing="normal">
          <li>
            <t>Name: edhoc_info</t>
          </li>
          <li>
            <t>Parameter Usage Location: token request and token response</t>
          </li>
          <li>
            <t>Change Controller: IETF</t>
          </li>
          <li>
            <t>Reference: [RFC-XXXX]</t>
          </li>
        </ul>
      </section>
      <section anchor="iana-oauth-cbor-mappings">
        <name>OAuth Parameters CBOR Mappings Registry</name>
        <t>IANA is asked to add the following entry to the "OAuth Parameters CBOR Mappings" registry <xref target="OAuth.Parameters.CBOR.Mappings"/> within the "Authentication and Authorization for Constrained Environments (ACE)" registry group, following the procedure specified in <xref target="RFC9200"/>.</t>
        <ul spacing="normal">
          <li>
            <t>Name: edhoc_info</t>
          </li>
          <li>
            <t>CBOR Key: TBD (value between 1 and 255)</t>
          </li>
          <li>
            <t>Value Type: map</t>
          </li>
          <li>
            <t>Reference: [RFC-XXXX]</t>
          </li>
          <li>
            <t>Original Specification: [RFC-XXXX]</t>
          </li>
        </ul>
      </section>
      <section anchor="iana-token-json-claims">
        <name>JSON Web Token Claims Registry</name>
        <t>IANA is asked to add the following entry to the "JSON Web Token Claims" registry <xref target="JSON.Web.Token.Claims"/> within the "JSON Web Token (JWT)" registry group, following the procedure specified in <xref target="RFC7519"/>.</t>
        <ul spacing="normal">
          <li>
            <t>Claim Name: edhoc_info</t>
          </li>
          <li>
            <t>Claim Description: Information for EDHOC session</t>
          </li>
          <li>
            <t>Change Controller: IETF</t>
          </li>
          <li>
            <t>Reference: [RFC-XXXX]</t>
          </li>
        </ul>
      </section>
      <section anchor="iana-token-cwt-claims">
        <name>CBOR Web Token (CWT) Claims Registry</name>
        <t>IANA is asked to add the following entry to the "CBOR Web Token (CWT) Claims" registry <xref target="CWT.Claims"/> within the "CBOR Web Token (CWT) Claims" registry group, following the procedure specified in <xref target="RFC8392"/>.</t>
        <ul spacing="normal">
          <li>
            <t>Claim Name: edhoc_info</t>
          </li>
          <li>
            <t>Claim Description: Information for EDHOC session</t>
          </li>
          <li>
            <t>JWT Claim Name: edhoc_info</t>
          </li>
          <li>
            <t>Claim Key: TBD (value between 1 and 255)</t>
          </li>
          <li>
            <t>Claim Value Type: map</t>
          </li>
          <li>
            <t>Change Controller: IETF</t>
          </li>
          <li>
            <t>Reference: [RFC-XXXX]</t>
          </li>
        </ul>
      </section>
      <section anchor="iana-jwt-confirmation-methods">
        <name>JWT Confirmation Methods Registry</name>
        <t>IANA is asked to add the following entries to the "JWT Confirmation Methods" registry <xref target="JWT.Confirmation.Methods"/> within the "JSON Web Token (JWT)" registry group, following the procedure specified in <xref target="RFC7800"/>.</t>
        <ul spacing="normal">
          <li>
            <t>Confirmation Method Value: x5c</t>
          </li>
          <li>
            <t>Confirmation Method Description: An ordered chain of X.509 certificates</t>
          </li>
          <li>
            <t>Change Controller: IETF</t>
          </li>
          <li>
            <t>Reference: <xref target="ssec-jwt-conf-x5c"/> of [RFC-XXXX]</t>
          </li>
        </ul>
        <t><br/></t>
        <ul spacing="normal">
          <li>
            <t>Confirmation Method Value: x5b</t>
          </li>
          <li>
            <t>Confirmation Method Description: An unordered bag of X.509 certificates</t>
          </li>
          <li>
            <t>Change Controller: IETF</t>
          </li>
          <li>
            <t>Reference: <xref target="ssec-jwt-conf-x5b"/> of [RFC-XXXX]</t>
          </li>
        </ul>
        <t><br/></t>
        <ul spacing="normal">
          <li>
            <t>Confirmation Method Value: x5t</t>
          </li>
          <li>
            <t>Confirmation Method Description: Hash of an X.509 certificate</t>
          </li>
          <li>
            <t>Change Controller: IETF</t>
          </li>
          <li>
            <t>Reference: <xref target="ssec-jwt-conf-x5t"/> of [RFC-XXXX]</t>
          </li>
        </ul>
        <t><br/></t>
        <ul spacing="normal">
          <li>
            <t>Confirmation Method Value: x5u</t>
          </li>
          <li>
            <t>Confirmation Method Description: URI pointing to an X.509 certificate</t>
          </li>
          <li>
            <t>Change Controller: IETF</t>
          </li>
          <li>
            <t>Reference: <xref target="ssec-jwt-conf-x5u"/> of [RFC-XXXX]</t>
          </li>
        </ul>
        <t><br/></t>
        <ul spacing="normal">
          <li>
            <t>Confirmation Method Value: c5c</t>
          </li>
          <li>
            <t>Confirmation Method Description: An ordered chain of C509 certificates</t>
          </li>
          <li>
            <t>Change Controller: IETF</t>
          </li>
          <li>
            <t>Reference: <xref target="ssec-jwt-conf-c5c"/> of [RFC-XXXX]</t>
          </li>
        </ul>
        <t><br/></t>
        <ul spacing="normal">
          <li>
            <t>Confirmation Method Value: c5b</t>
          </li>
          <li>
            <t>Confirmation Method Description: An unordered bag of C509 certificates</t>
          </li>
          <li>
            <t>Change Controller: IETF</t>
          </li>
          <li>
            <t>Reference: <xref target="ssec-jwt-conf-c5b"/> of [RFC-XXXX]</t>
          </li>
        </ul>
        <t><br/></t>
        <ul spacing="normal">
          <li>
            <t>Confirmation Method Value: c5t</t>
          </li>
          <li>
            <t>Confirmation Method Description: Hash of a C509 certificate</t>
          </li>
          <li>
            <t>Change Controller: IETF</t>
          </li>
          <li>
            <t>Reference: <xref target="ssec-jwt-conf-c5t"/> of [RFC-XXXX]</t>
          </li>
        </ul>
        <t><br/></t>
        <ul spacing="normal">
          <li>
            <t>Confirmation Method Value: c5u</t>
          </li>
          <li>
            <t>Confirmation Method Description: URI pointing to a C509 certificate</t>
          </li>
          <li>
            <t>Change Controller: IETF</t>
          </li>
          <li>
            <t>Reference: <xref target="ssec-jwt-conf-c5u"/> of [RFC-XXXX]</t>
          </li>
        </ul>
        <t><br/></t>
        <ul spacing="normal">
          <li>
            <t>Confirmation Method Value: kcwt</t>
          </li>
          <li>
            <t>Confirmation Method Description: A CBOR Web Token (CWT) containing a COSE_Key in a "cnf" claim and possibly other claims</t>
          </li>
          <li>
            <t>Change Controller: IETF</t>
          </li>
          <li>
            <t>Reference: <xref target="ssec-jwt-conf-kcwt"/> of [RFC-XXXX]</t>
          </li>
        </ul>
        <t><br/></t>
        <ul spacing="normal">
          <li>
            <t>Confirmation Method Value: kccs</t>
          </li>
          <li>
            <t>Confirmation Method Description: A CWT Claims Set (CCS) containing a COSE_Key in a "cnf" claim and possibly other claims</t>
          </li>
          <li>
            <t>Change Controller: IETF</t>
          </li>
          <li>
            <t>Reference: <xref target="ssec-jwt-conf-kccs"/> of [RFC-XXXX]</t>
          </li>
        </ul>
      </section>
      <section anchor="iana-cwt-confirmation-methods">
        <name>CWT Confirmation Methods Registry</name>
        <t>IANA is asked to add the following entries to the "CWT Confirmation Methods" registry <xref target="CWT.Confirmation.Methods"/> within the "CBOR Web Token (CWT) Claims" registry group, following the procedure specified in <xref target="RFC8747"/>.</t>
        <ul spacing="normal">
          <li>
            <t>Confirmation Method Name: x5chain</t>
          </li>
          <li>
            <t>Confirmation Method Description: An ordered chain of X.509 certificates</t>
          </li>
          <li>
            <t>JWT Confirmation Method Name: x5c</t>
          </li>
          <li>
            <t>Confirmation Key: TBD (value between 24 and 255)</t>
          </li>
          <li>
            <t>Confirmation Value Type: COSE_X509</t>
          </li>
          <li>
            <t>Change Controller: IETF</t>
          </li>
          <li>
            <t>Reference: <xref target="ssec-cwt-conf-x5chain"/> of [RFC-XXXX]</t>
          </li>
        </ul>
        <t><br/></t>
        <ul spacing="normal">
          <li>
            <t>Confirmation Method Name: x5bag</t>
          </li>
          <li>
            <t>Confirmation Method Description: An unordered bag of X.509 certificates</t>
          </li>
          <li>
            <t>JWT Confirmation Method Name: x5b</t>
          </li>
          <li>
            <t>Confirmation Key: TBD (value between 24 and 255)</t>
          </li>
          <li>
            <t>Confirmation Value Type: COSE_X509</t>
          </li>
          <li>
            <t>Change Controller: IETF</t>
          </li>
          <li>
            <t>Reference: <xref target="ssec-cwt-conf-x5bag"/> of [RFC-XXXX]</t>
          </li>
        </ul>
        <t><br/></t>
        <ul spacing="normal">
          <li>
            <t>Confirmation Method Name: x5t</t>
          </li>
          <li>
            <t>Confirmation Method Description: Hash of an X.509 certificate</t>
          </li>
          <li>
            <t>JWT Confirmation Method Name: x5t</t>
          </li>
          <li>
            <t>Confirmation Key: TBD (value between 1 and 23)</t>
          </li>
          <li>
            <t>Confirmation Value Type: COSE_CertHash</t>
          </li>
          <li>
            <t>Change Controller: IETF</t>
          </li>
          <li>
            <t>Reference: <xref target="ssec-cwt-conf-x5t"/> of [RFC-XXXX]</t>
          </li>
        </ul>
        <t><br/></t>
        <ul spacing="normal">
          <li>
            <t>Confirmation Method Name: x5u</t>
          </li>
          <li>
            <t>Confirmation Method Description: URI pointing to an X.509 certificate</t>
          </li>
          <li>
            <t>JWT Confirmation Method Name: x5u</t>
          </li>
          <li>
            <t>Confirmation Key: TBD (value between 24 and 255)</t>
          </li>
          <li>
            <t>Confirmation Value Type: uri</t>
          </li>
          <li>
            <t>Change Controller: IETF</t>
          </li>
          <li>
            <t>Reference: <xref target="ssec-cwt-conf-x5u"/> of [RFC-XXXX]</t>
          </li>
        </ul>
        <t><br/></t>
        <ul spacing="normal">
          <li>
            <t>Confirmation Method Name: c5c</t>
          </li>
          <li>
            <t>Confirmation Method Description: An ordered chain of C509 certificates</t>
          </li>
          <li>
            <t>JWT Confirmation Method Name: c5c</t>
          </li>
          <li>
            <t>Confirmation Key: TBD (value between 24 and 255)</t>
          </li>
          <li>
            <t>Confirmation Value Type: COSE_C509</t>
          </li>
          <li>
            <t>Change Controller: IETF</t>
          </li>
          <li>
            <t>Reference: <xref target="ssec-cwt-conf-c5c"/> of [RFC-XXXX]</t>
          </li>
        </ul>
        <t><br/></t>
        <ul spacing="normal">
          <li>
            <t>Confirmation Method Name: c5b</t>
          </li>
          <li>
            <t>Confirmation Method Description: An unordered bag of C509 certificates</t>
          </li>
          <li>
            <t>JWT Confirmation Method Name: c5b</t>
          </li>
          <li>
            <t>Confirmation Key: TBD (value between 24 and 255)</t>
          </li>
          <li>
            <t>Confirmation Value Type: COSE_C509</t>
          </li>
          <li>
            <t>Change Controller: IETF</t>
          </li>
          <li>
            <t>Reference: <xref target="ssec-cwt-conf-c5b"/> of [RFC-XXXX]</t>
          </li>
        </ul>
        <t><br/></t>
        <ul spacing="normal">
          <li>
            <t>Confirmation Method Name: c5t</t>
          </li>
          <li>
            <t>Confirmation Method Description: Hash of a C509 certificate</t>
          </li>
          <li>
            <t>JWT Confirmation Method Name: c5t</t>
          </li>
          <li>
            <t>Confirmation Key: TBD (value between 1 and 23)</t>
          </li>
          <li>
            <t>Confirmation Value Type: COSE_CertHash</t>
          </li>
          <li>
            <t>Change Controller: IETF</t>
          </li>
          <li>
            <t>Reference: <xref target="ssec-cwt-conf-c5t"/> of [RFC-XXXX]</t>
          </li>
        </ul>
        <t><br/></t>
        <ul spacing="normal">
          <li>
            <t>Confirmation Method Name: c5u</t>
          </li>
          <li>
            <t>Confirmation Method Description: URI pointing to a C509 certificate</t>
          </li>
          <li>
            <t>JWT Confirmation Method Name: c5u</t>
          </li>
          <li>
            <t>Confirmation Key: TBD (value between 24 and 255)</t>
          </li>
          <li>
            <t>Confirmation Value Type: uri</t>
          </li>
          <li>
            <t>Change Controller: IETF</t>
          </li>
          <li>
            <t>Reference: <xref target="ssec-cwt-conf-c5u"/> of [RFC-XXXX]</t>
          </li>
        </ul>
        <t><br/></t>
        <ul spacing="normal">
          <li>
            <t>Confirmation Method Name: kcwt</t>
          </li>
          <li>
            <t>Confirmation Method Description: A CBOR Web Token (CWT) containing a COSE_Key in a "cnf" claim and possibly other claims</t>
          </li>
          <li>
            <t>JWT Confirmation Method Name: kcwt</t>
          </li>
          <li>
            <t>Confirmation Key: TBD (value between 1 and 23)</t>
          </li>
          <li>
            <t>Confirmation Value Type: COSE_Messages</t>
          </li>
          <li>
            <t>Change Controller: IETF</t>
          </li>
          <li>
            <t>Reference: <xref target="ssec-cwt-conf-kcwt"/> of [RFC-XXXX]</t>
          </li>
        </ul>
        <t><br/></t>
        <ul spacing="normal">
          <li>
            <t>Confirmation Method Name: kccs</t>
          </li>
          <li>
            <t>Confirmation Method Description: A CWT Claims Set (CCS) containing a COSE_Key in a "cnf" claim and possibly other claims</t>
          </li>
          <li>
            <t>JWT Confirmation Method Name: kccs</t>
          </li>
          <li>
            <t>Confirmation Key: TBD (value between 1 and 23)</t>
          </li>
          <li>
            <t>Confirmation Value Type: map / #6(map)</t>
          </li>
          <li>
            <t>Change Controller: IETF</t>
          </li>
          <li>
            <t>Reference: <xref target="ssec-cwt-conf-kccs"/> of [RFC-XXXX]</t>
          </li>
        </ul>
      </section>
      <section anchor="iana-edhoc-ead">
        <name>EDHOC External Authorization Data Registry</name>
        <t>IANA is asked to add the following entries to the "EDHOC External Authorization Data" registry <xref target="EDHOC.External.Authorization.Data"/> within the "Ephemeral Diffie-Hellman Over COSE (EDHOC)" registry group.</t>
        <ul spacing="normal">
          <li>
            <t>Name: ACE-OAuth Access Token</t>
          </li>
          <li>
            <t>Label: TBD (value between 24 and 255)</t>
          </li>
          <li>
            <t>Description: An Access Token as used in the ACE-OAuth framework <xref target="RFC9200"/></t>
          </li>
          <li>
            <t>Reference: [RFC-XXXX], <xref target="AT-in-EAD"/></t>
          </li>
        </ul>
        <t><br/></t>
        <ul spacing="normal">
          <li>
            <t>Name: Credential By Value</t>
          </li>
          <li>
            <t>Label: TBD (value between 1 and 23)</t>
          </li>
          <li>
            <t>Description: The sender peer wishes to receive the other peer's credential transported by value (and not identified by reference)</t>
          </li>
          <li>
            <t>Reference: [RFC-XXXX], <xref target="auth-cred-by-value"/></t>
          </li>
        </ul>
        <t><br/></t>
        <ul spacing="normal">
          <li>
            <t>Name: Request Creation Hints</t>
          </li>
          <li>
            <t>Label: TBD (value between 1 and 23)</t>
          </li>
          <li>
            <t>Description: Request or convey AS Request Creation Hints</t>
          </li>
          <li>
            <t>Reference: [RFC-XXXX], <xref target="as-creation-hints"/></t>
          </li>
        </ul>
      </section>
      <section anchor="iana-edhoc-exporter-labels">
        <name>EDHOC Exporter Labels</name>
        <t>IANA is asked to register the following entries in the "EDHOC Exporter Labels" registry <xref target="EDHOC.Exporter.Labels"/> within the "Ephemeral Diffie-Hellman Over COSE (EDHOC)" registry group.</t>
        <ul spacing="normal">
          <li>
            <t>Label: 26 (suggested value)</t>
          </li>
          <li>
            <t>Description: Derived N_S challenge for key provisioning for Group OSCORE using the ACE framework <xref target="I-D.ietf-ace-key-groupcomm-oscore"/>.</t>
          </li>
          <li>
            <t>Change Controller: IETF</t>
          </li>
          <li>
            <t>Reference: [RFC-XXXX, <xref target="use-with-key-groupcomm-profiles"/>]</t>
          </li>
        </ul>
        <t><br/></t>
        <ul spacing="normal">
          <li>
            <t>Label: 27 (suggested value)</t>
          </li>
          <li>
            <t>Description: Derived N_S challenge for key provisioning for CoAP Pub-Sub using the ACE framework <xref target="I-D.ietf-ace-coap-pubsub-profile"/>.</t>
          </li>
          <li>
            <t>Change Controller: IETF</t>
          </li>
          <li>
            <t>Reference: [RFC-XXXX, <xref target="use-with-key-groupcomm-profiles"/>]</t>
          </li>
        </ul>
      </section>
      <section anchor="iana-edhoc-parameters">
        <name>EDHOC Information Registry</name>
        <t>IANA is requested to create a new "EDHOC Information" registry within the "Ephemeral Diffie-Hellman Over COSE (EDHOC)" registry group defined in <xref target="RFC9528"/>.</t>
        <t>The registration policy is either "Private Use", "Standards Action with Expert Review", "Specification Required" per <xref section="4.6" sectionFormat="of" target="RFC8126"/>, or "Expert Review" per <xref section="4.5" sectionFormat="of" target="RFC8126"/>. "Expert Review" guidelines are provided in <xref target="iana-expert-review"/>.</t>
        <t>All assignments according to "Standards Action with Expert Review" are made on a "Standards Action" basis per <xref section="4.9" sectionFormat="of" target="RFC8126"/>, with Expert Review additionally required per <xref section="4.5" sectionFormat="of" target="RFC8126"/>. The procedure for early IANA allocation of Standards Track code points defined in <xref target="RFC7120"/> also applies. When such a procedure is used, IANA will ask the designated expert(s) to approve the early allocation before registration. In addition, WG chairs are encouraged to consult the expert(s) early during the process outlined in <xref section="3.1" sectionFormat="of" target="RFC7120"/>.</t>
        <t>The columns of the registry are:</t>
        <ul spacing="normal">
          <li>
            <t>Name: A descriptive name that enables easier reference to this item. These names <bcp14>MUST</bcp14> be unique.  </t>
            <t>
Because a core goal of this document is for the resulting representations to be compact, it is <bcp14>RECOMMENDED</bcp14> that the name be short.  </t>
            <t>
This name is case sensitive. Names may not match other registered names in a case-insensitive manner unless the Designated Experts determine that there is a compelling reason to allow an exception. The name is not used in the CBOR encoding.</t>
          </li>
          <li>
            <t>CBOR label: The value to be used as CBOR abbreviation of the item.  </t>
            <t>
The value <bcp14>MUST</bcp14> be unique. The value can be a positive integer, a negative integer, or a text string. Integer values between -256 and 255 and strings of length 1 are designated as "Standards Action with Expert Review". Integer values from -65536 to -257 and from 256 to 65535 and strings of maximum length 2 are designated as "Specification Required". Integer values greater than 65535 and strings of length greater than 2 are designated as "Expert Review". Integer values less than -65536 are marked as "Private Use".</t>
          </li>
          <li>
            <t>CBOR type: The CBOR type of the item, or a pointer to the registry that defines its type, when that depends on another item.</t>
          </li>
          <li>
            <t>Registry: The registry that values of the item may come from, if one exists.</t>
          </li>
          <li>
            <t>Description: A brief description of the item.</t>
          </li>
          <li>
            <t>Type: The category of the item, i.e., P if prescriptive or NP if non-prescriptive (see <xref target="edhoc-parameters-object"/>).</t>
          </li>
          <li>
            <t>Specification: A pointer to the public specification for the item, if one exists.</t>
          </li>
        </ul>
        <t>This registry has been initially populated with the entries in <xref target="_table-cbor-key-edhoc-params"/>. In the "Specification" column, the value for all those entries includes [RFC-XXXX] and <xref target="RFC9528"/>.</t>
      </section>
      <section anchor="iana-edhoc-ta-purposes">
        <name>EDHOC Trust Anchor Purposes Registry</name>
        <t>IANA is requested to create a new "EDHOC Trust Anchor Purposes" registry within the "Ephemeral Diffie-Hellman Over COSE (EDHOC)" registry group defined in <xref target="RFC9528"/>.</t>
        <t>The registration policy is either "Private Use", "Standards Action with Expert Review", or "Specification Required" per <xref section="4.6" sectionFormat="of" target="RFC8126"/>. "Expert Review" guidelines are provided in <xref target="iana-expert-review"/>.</t>
        <t>All assignments according to "Standards Action with Expert Review" are made on a "Standards Action" basis per <xref section="4.9" sectionFormat="of" target="RFC8126"/>, with Expert Review additionally required per <xref section="4.5" sectionFormat="of" target="RFC8126"/>. The procedure for early IANA allocation of Standards Track code points defined in <xref target="RFC7120"/> also applies. When such a procedure is used, IANA will ask the designated expert(s) to approve the early allocation before registration. In addition, WG chairs are encouraged to consult the expert(s) early during the process outlined in <xref section="3.1" sectionFormat="of" target="RFC7120"/>.</t>
        <t>The columns of this registry are:</t>
        <ul spacing="normal">
          <li>
            <t>Name: This field contains the descriptive name of the trust anchor purpose, to enable easier reference to the item. These names <bcp14>MUST</bcp14> be unique.</t>
          </li>
          <li>
            <t>CBOR label: This field contains the value used to identify the trust anchor purpose. These values <bcp14>MUST</bcp14> be unique. The value can be an unsigned integer or a negative integer. Different ranges of values use different registration policies:  </t>
            <ul spacing="normal">
              <li>
                <t>Integer values from -24 to 23 are designated as "Standards Action with Expert Review".</t>
              </li>
              <li>
                <t>Integer values from -65536 to -25 and from 24 to 65535 are designated as "Specification Required".</t>
              </li>
              <li>
                <t>Integer values smaller than -65536 and greater than 65535 are marked as "Private Use".</t>
              </li>
            </ul>
          </li>
          <li>
            <t>Description: This field contains a short description of the trust anchor purpose.</t>
          </li>
          <li>
            <t>Reference: This field contains a pointer to the public specification for the trust anchor purpose.</t>
          </li>
        </ul>
        <t>This registry has been initially populated with the entries in <xref target="_table-edhoc-ta-purposes"/>.</t>
      </section>
      <section anchor="iana-edhoc-ta-types">
        <name>EDHOC Trust Anchor Types Registry</name>
        <t>IANA is requested to create a new "EDHOC Trust Anchor Types" registry within the "Ephemeral Diffie-Hellman Over COSE (EDHOC)" registry group defined in <xref target="RFC9528"/>.</t>
        <t>The registration policy is either "Private Use", "Standards Action with Expert Review", or "Specification Required" per <xref section="4.6" sectionFormat="of" target="RFC8126"/>. "Expert Review" guidelines are provided in <xref target="iana-expert-review"/>.</t>
        <t>All assignments according to "Standards Action with Expert Review" are made on a "Standards Action" basis per <xref section="4.9" sectionFormat="of" target="RFC8126"/>, with Expert Review additionally required per <xref section="4.5" sectionFormat="of" target="RFC8126"/>. The procedure for early IANA allocation of Standards Track code points defined in <xref target="RFC7120"/> also applies. When such a procedure is used, IANA will ask the designated expert(s) to approve the early allocation before registration. In addition, WG chairs are encouraged to consult the expert(s) early during the process outlined in <xref section="3.1" sectionFormat="of" target="RFC7120"/>.</t>
        <t>The columns of this registry are:</t>
        <ul spacing="normal">
          <li>
            <t>Name: This field contains the descriptive name of the type of trust anchor, to enable easier reference to the item. These names <bcp14>MUST</bcp14> be unique.</t>
          </li>
          <li>
            <t>CBOR label: This field contains the value used to identify the type of trust anchor. These values <bcp14>MUST</bcp14> be unique. The value can be an unsigned integer or a negative integer. Different ranges of values use different registration policies:  </t>
            <ul spacing="normal">
              <li>
                <t>Integer values from -24 to 23 are designated as "Standards Action with Expert Review".</t>
              </li>
              <li>
                <t>Integer values from -65536 to -25 and from 24 to 65535 are designated as "Specification Required".</t>
              </li>
              <li>
                <t>Integer values smaller than -65536 and greater than 65535 are marked as "Private Use".</t>
              </li>
            </ul>
          </li>
          <li>
            <t>Value type: This field contains the CBOR type for the value portion of the label.</t>
          </li>
          <li>
            <t>Description: This field contains a short description of the type of trust anchor.</t>
          </li>
          <li>
            <t>Reference: This field contains a pointer to the public specification for the type of trust anchor.</t>
          </li>
        </ul>
        <t>This registry has been initially populated with the entries in <xref target="_table-edhoc-ta-types"/>.</t>
      </section>
      <section anchor="iana-expert-review">
        <name>Expert Review Instructions</name>
        <t>"Standards Action with Expert Review", "Specification Required", and "Expert Review" are three of the registration policies defined for the IANA registries established in this document. This section gives some general guidelines for what the experts should be looking for, but they are being designated as experts for a reason so they should be given substantial latitude.</t>
        <t>Expert reviewers should take into consideration the following points:</t>
        <ul spacing="normal">
          <li>
            <t>Clarity and correctness of registrations. Experts are expected to check the clarity of purpose and use of the requested entries. Experts need to make sure that the object of registration is clearly defined in the corresponding specification. Entries that do not meet these objectives of clarity and completeness must not be registered.</t>
          </li>
          <li>
            <t>Point squatting should be discouraged. Reviewers are encouraged to get sufficient information for registration requests to ensure that the usage is not going to duplicate one that is already registered and that the point is likely to be used in deployments. The zones tagged as "Private Use" are intended for testing purposes and closed environments. Code points in other ranges should not be assigned for testing.</t>
          </li>
          <li>
            <t>Specifications are required for the "Standards Action with Expert Review" range of point assignment. Specifications should exist for "Specification Required" ranges, but early assignment before a specification is available is considered to be permissible. When specifications are not provided, the description provided needs to have sufficient information to identify what the point is being used for.</t>
          </li>
          <li>
            <t>Experts should take into account the expected usage of fields when approving point assignment. Documents published via Standards Action can also register points outside the Standards Action range. The length of the encoded value should be weighed against how many code points of that length are left, the size of device it will be used on, and the number of code points left that encode to that size.</t>
          </li>
        </ul>
      </section>
    </section>
  </middle>
  <back>
    <references anchor="sec-combined-references">
      <name>References</name>
      <references anchor="sec-normative-references">
        <name>Normative References</name>
        <reference anchor="RFC3986">
          <front>
            <title>Uniform Resource Identifier (URI): Generic Syntax</title>
            <author fullname="T. Berners-Lee" initials="T." surname="Berners-Lee"/>
            <author fullname="R. Fielding" initials="R." surname="Fielding"/>
            <author fullname="L. Masinter" initials="L." surname="Masinter"/>
            <date month="January" year="2005"/>
            <abstract>
              <t>A Uniform Resource Identifier (URI) is a compact sequence of characters that identifies an abstract or physical resource. This specification defines the generic URI syntax and a process for resolving URI references that might be in relative form, along with guidelines and security considerations for the use of URIs on the Internet. The URI syntax defines a grammar that is a superset of all valid URIs, allowing an implementation to parse the common components of a URI reference without knowing the scheme-specific requirements of every possible identifier. This specification does not define a generative grammar for URIs; that task is performed by the individual specifications of each URI scheme. [STANDARDS-TRACK]</t>
            </abstract>
          </front>
          <seriesInfo name="STD" value="66"/>
          <seriesInfo name="RFC" value="3986"/>
          <seriesInfo name="DOI" value="10.17487/RFC3986"/>
        </reference>
        <reference anchor="RFC4648">
          <front>
            <title>The Base16, Base32, and Base64 Data Encodings</title>
            <author fullname="S. Josefsson" initials="S." surname="Josefsson"/>
            <date month="October" year="2006"/>
            <abstract>
              <t>This document describes the commonly used base 64, base 32, and base 16 encoding schemes. It also discusses the use of line-feeds in encoded data, use of padding in encoded data, use of non-alphabet characters in encoded data, use of different encoding alphabets, and canonical encodings. [STANDARDS-TRACK]</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="4648"/>
          <seriesInfo name="DOI" value="10.17487/RFC4648"/>
        </reference>
        <reference anchor="RFC5280">
          <front>
            <title>Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile</title>
            <author fullname="D. Cooper" initials="D." surname="Cooper"/>
            <author fullname="S. Santesson" initials="S." surname="Santesson"/>
            <author fullname="S. Farrell" initials="S." surname="Farrell"/>
            <author fullname="S. Boeyen" initials="S." surname="Boeyen"/>
            <author fullname="R. Housley" initials="R." surname="Housley"/>
            <author fullname="W. Polk" initials="W." surname="Polk"/>
            <date month="May" year="2008"/>
            <abstract>
              <t>This memo profiles the X.509 v3 certificate and X.509 v2 certificate revocation list (CRL) for use in the Internet. An overview of this approach and model is provided as an introduction. The X.509 v3 certificate format is described in detail, with additional information regarding the format and semantics of Internet name forms. Standard certificate extensions are described and two Internet-specific extensions are defined. A set of required certificate extensions is specified. The X.509 v2 CRL format is described in detail along with standard and Internet-specific extensions. An algorithm for X.509 certification path validation is described. An ASN.1 module and examples are provided in the appendices. [STANDARDS-TRACK]</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="5280"/>
          <seriesInfo name="DOI" value="10.17487/RFC5280"/>
        </reference>
        <reference anchor="RFC6749">
          <front>
            <title>The OAuth 2.0 Authorization Framework</title>
            <author fullname="D. Hardt" initials="D." role="editor" surname="Hardt"/>
            <date month="October" year="2012"/>
            <abstract>
              <t>The OAuth 2.0 authorization framework enables a third-party application to obtain limited access to an HTTP service, either on behalf of a resource owner by orchestrating an approval interaction between the resource owner and the HTTP service, or by allowing the third-party application to obtain access on its own behalf. This specification replaces and obsoletes the OAuth 1.0 protocol described in RFC 5849. [STANDARDS-TRACK]</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="6749"/>
          <seriesInfo name="DOI" value="10.17487/RFC6749"/>
        </reference>
        <reference anchor="RFC7120">
          <front>
            <title>Early IANA Allocation of Standards Track Code Points</title>
            <author fullname="M. Cotton" initials="M." surname="Cotton"/>
            <date month="January" year="2014"/>
            <abstract>
              <t>This memo describes the process for early allocation of code points by IANA from registries for which "Specification Required", "RFC Required", "IETF Review", or "Standards Action" policies apply. This process can be used to alleviate the problem where code point allocation is needed to facilitate desired or required implementation and deployment experience prior to publication of an RFC, which would normally trigger code point allocation. The procedures in this document are intended to apply only to IETF Stream documents.</t>
            </abstract>
          </front>
          <seriesInfo name="BCP" value="100"/>
          <seriesInfo name="RFC" value="7120"/>
          <seriesInfo name="DOI" value="10.17487/RFC7120"/>
        </reference>
        <reference anchor="RFC7252">
          <front>
            <title>The Constrained Application Protocol (CoAP)</title>
            <author fullname="Z. Shelby" initials="Z." surname="Shelby"/>
            <author fullname="K. Hartke" initials="K." surname="Hartke"/>
            <author fullname="C. Bormann" initials="C." surname="Bormann"/>
            <date month="June" year="2014"/>
            <abstract>
              <t>The Constrained Application Protocol (CoAP) is a specialized web transfer protocol for use with constrained nodes and constrained (e.g., low-power, lossy) networks. The nodes often have 8-bit microcontrollers with small amounts of ROM and RAM, while constrained networks such as IPv6 over Low-Power Wireless Personal Area Networks (6LoWPANs) often have high packet error rates and a typical throughput of 10s of kbit/s. The protocol is designed for machine- to-machine (M2M) applications such as smart energy and building automation.</t>
              <t>CoAP provides a request/response interaction model between application endpoints, supports built-in discovery of services and resources, and includes key concepts of the Web such as URIs and Internet media types. CoAP is designed to easily interface with HTTP for integration with the Web while meeting specialized requirements such as multicast support, very low overhead, and simplicity for constrained environments.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="7252"/>
          <seriesInfo name="DOI" value="10.17487/RFC7252"/>
        </reference>
        <reference anchor="RFC7515">
          <front>
            <title>JSON Web Signature (JWS)</title>
            <author fullname="M. Jones" initials="M." surname="Jones"/>
            <author fullname="J. Bradley" initials="J." surname="Bradley"/>
            <author fullname="N. Sakimura" initials="N." surname="Sakimura"/>
            <date month="May" year="2015"/>
            <abstract>
              <t>JSON Web Signature (JWS) represents content secured with digital signatures or Message Authentication Codes (MACs) using JSON-based data structures. Cryptographic algorithms and identifiers for use with this specification are described in the separate JSON Web Algorithms (JWA) specification and an IANA registry defined by that specification. Related encryption capabilities are described in the separate JSON Web Encryption (JWE) specification.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="7515"/>
          <seriesInfo name="DOI" value="10.17487/RFC7515"/>
        </reference>
        <reference anchor="RFC7519">
          <front>
            <title>JSON Web Token (JWT)</title>
            <author fullname="M. Jones" initials="M." surname="Jones"/>
            <author fullname="J. Bradley" initials="J." surname="Bradley"/>
            <author fullname="N. Sakimura" initials="N." surname="Sakimura"/>
            <date month="May" year="2015"/>
            <abstract>
              <t>JSON Web Token (JWT) is a compact, URL-safe means of representing claims to be transferred between two parties. The claims in a JWT are encoded as a JSON object that is used as the payload of a JSON Web Signature (JWS) structure or as the plaintext of a JSON Web Encryption (JWE) structure, enabling the claims to be digitally signed or integrity protected with a Message Authentication Code (MAC) and/or encrypted.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="7519"/>
          <seriesInfo name="DOI" value="10.17487/RFC7519"/>
        </reference>
        <reference anchor="RFC7800">
          <front>
            <title>Proof-of-Possession Key Semantics for JSON Web Tokens (JWTs)</title>
            <author fullname="M. Jones" initials="M." surname="Jones"/>
            <author fullname="J. Bradley" initials="J." surname="Bradley"/>
            <author fullname="H. Tschofenig" initials="H." surname="Tschofenig"/>
            <date month="April" year="2016"/>
            <abstract>
              <t>This specification describes how to declare in a JSON Web Token (JWT) that the presenter of the JWT possesses a particular proof-of- possession key and how the recipient can cryptographically confirm proof of possession of the key by the presenter. Being able to prove possession of a key is also sometimes described as the presenter being a holder-of-key.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="7800"/>
          <seriesInfo name="DOI" value="10.17487/RFC7800"/>
        </reference>
        <reference anchor="RFC8126">
          <front>
            <title>Guidelines for Writing an IANA Considerations Section in RFCs</title>
            <author fullname="M. Cotton" initials="M." surname="Cotton"/>
            <author fullname="B. Leiba" initials="B." surname="Leiba"/>
            <author fullname="T. Narten" initials="T." surname="Narten"/>
            <date month="June" year="2017"/>
            <abstract>
              <t>Many protocols make use of points of extensibility that use constants to identify various protocol parameters. To ensure that the values in these fields do not have conflicting uses and to promote interoperability, their allocations are often coordinated by a central record keeper. For IETF protocols, that role is filled by the Internet Assigned Numbers Authority (IANA).</t>
              <t>To make assignments in a given registry prudently, guidance describing the conditions under which new values should be assigned, as well as when and how modifications to existing values can be made, is needed. This document defines a framework for the documentation of these guidelines by specification authors, in order to assure that the provided guidance for the IANA Considerations is clear and addresses the various issues that are likely in the operation of a registry.</t>
              <t>This is the third edition of this document; it obsoletes RFC 5226.</t>
            </abstract>
          </front>
          <seriesInfo name="BCP" value="26"/>
          <seriesInfo name="RFC" value="8126"/>
          <seriesInfo name="DOI" value="10.17487/RFC8126"/>
        </reference>
        <reference anchor="RFC8392">
          <front>
            <title>CBOR Web Token (CWT)</title>
            <author fullname="M. Jones" initials="M." surname="Jones"/>
            <author fullname="E. Wahlstroem" initials="E." surname="Wahlstroem"/>
            <author fullname="S. Erdtman" initials="S." surname="Erdtman"/>
            <author fullname="H. Tschofenig" initials="H." surname="Tschofenig"/>
            <date month="May" year="2018"/>
            <abstract>
              <t>CBOR Web Token (CWT) is a compact means of representing claims to be transferred between two parties. The claims in a CWT are encoded in the Concise Binary Object Representation (CBOR), and CBOR Object Signing and Encryption (COSE) is used for added application-layer security protection. A claim is a piece of information asserted about a subject and is represented as a name/value pair consisting of a claim name and a claim value. CWT is derived from JSON Web Token (JWT) but uses CBOR rather than JSON.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="8392"/>
          <seriesInfo name="DOI" value="10.17487/RFC8392"/>
        </reference>
        <reference anchor="RFC8610">
          <front>
            <title>Concise Data Definition Language (CDDL): A Notational Convention to Express Concise Binary Object Representation (CBOR) and JSON Data Structures</title>
            <author fullname="H. Birkholz" initials="H." surname="Birkholz"/>
            <author fullname="C. Vigano" initials="C." surname="Vigano"/>
            <author fullname="C. Bormann" initials="C." surname="Bormann"/>
            <date month="June" year="2019"/>
            <abstract>
              <t>This document proposes a notational convention to express Concise Binary Object Representation (CBOR) data structures (RFC 7049). Its main goal is to provide an easy and unambiguous way to express structures for protocol messages and data formats that use CBOR or JSON.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="8610"/>
          <seriesInfo name="DOI" value="10.17487/RFC8610"/>
        </reference>
        <reference anchor="RFC8613">
          <front>
            <title>Object Security for Constrained RESTful Environments (OSCORE)</title>
            <author fullname="G. Selander" initials="G." surname="Selander"/>
            <author fullname="J. Mattsson" initials="J." surname="Mattsson"/>
            <author fullname="F. Palombini" initials="F." surname="Palombini"/>
            <author fullname="L. Seitz" initials="L." surname="Seitz"/>
            <date month="July" year="2019"/>
            <abstract>
              <t>This document defines Object Security for Constrained RESTful Environments (OSCORE), a method for application-layer protection of the Constrained Application Protocol (CoAP), using CBOR Object Signing and Encryption (COSE). OSCORE provides end-to-end protection between endpoints communicating using CoAP or CoAP-mappable HTTP. OSCORE is designed for constrained nodes and networks supporting a range of proxy operations, including translation between different transport protocols.</t>
              <t>Although an optional functionality of CoAP, OSCORE alters CoAP options processing and IANA registration. Therefore, this document updates RFC 7252.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="8613"/>
          <seriesInfo name="DOI" value="10.17487/RFC8613"/>
        </reference>
        <reference anchor="RFC8742">
          <front>
            <title>Concise Binary Object Representation (CBOR) Sequences</title>
            <author fullname="C. Bormann" initials="C." surname="Bormann"/>
            <date month="February" year="2020"/>
            <abstract>
              <t>This document describes the Concise Binary Object Representation (CBOR) Sequence format and associated media type "application/cbor-seq". A CBOR Sequence consists of any number of encoded CBOR data items, simply concatenated in sequence.</t>
              <t>Structured syntax suffixes for media types allow other media types to build on them and make it explicit that they are built on an existing media type as their foundation. This specification defines and registers "+cbor-seq" as a structured syntax suffix for CBOR Sequences.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="8742"/>
          <seriesInfo name="DOI" value="10.17487/RFC8742"/>
        </reference>
        <reference anchor="RFC8747">
          <front>
            <title>Proof-of-Possession Key Semantics for CBOR Web Tokens (CWTs)</title>
            <author fullname="M. Jones" initials="M." surname="Jones"/>
            <author fullname="L. Seitz" initials="L." surname="Seitz"/>
            <author fullname="G. Selander" initials="G." surname="Selander"/>
            <author fullname="S. Erdtman" initials="S." surname="Erdtman"/>
            <author fullname="H. Tschofenig" initials="H." surname="Tschofenig"/>
            <date month="March" year="2020"/>
            <abstract>
              <t>This specification describes how to declare in a CBOR Web Token (CWT) (which is defined by RFC 8392) that the presenter of the CWT possesses a particular proof-of-possession key. Being able to prove possession of a key is also sometimes described as being the holder-of-key. This specification provides equivalent functionality to "Proof-of-Possession Key Semantics for JSON Web Tokens (JWTs)" (RFC 7800) but using Concise Binary Object Representation (CBOR) and CWTs rather than JavaScript Object Notation (JSON) and JSON Web Tokens (JWTs).</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="8747"/>
          <seriesInfo name="DOI" value="10.17487/RFC8747"/>
        </reference>
        <reference anchor="RFC8949">
          <front>
            <title>Concise Binary Object Representation (CBOR)</title>
            <author fullname="C. Bormann" initials="C." surname="Bormann"/>
            <author fullname="P. Hoffman" initials="P." surname="Hoffman"/>
            <date month="December" year="2020"/>
            <abstract>
              <t>The Concise Binary Object Representation (CBOR) is a data format whose design goals include the possibility of extremely small code size, fairly small message size, and extensibility without the need for version negotiation. These design goals make it different from earlier binary serializations such as ASN.1 and MessagePack.</t>
              <t>This document obsoletes RFC 7049, providing editorial improvements, new details, and errata fixes while keeping full compatibility with the interchange format of RFC 7049. It does not create a new version of the format.</t>
            </abstract>
          </front>
          <seriesInfo name="STD" value="94"/>
          <seriesInfo name="RFC" value="8949"/>
          <seriesInfo name="DOI" value="10.17487/RFC8949"/>
        </reference>
        <reference anchor="RFC9052">
          <front>
            <title>CBOR Object Signing and Encryption (COSE): Structures and Process</title>
            <author fullname="J. Schaad" initials="J." surname="Schaad"/>
            <date month="August" year="2022"/>
            <abstract>
              <t>Concise Binary Object Representation (CBOR) is a data format designed for small code size and small message size. There is a need to be able to define basic security services for this data format. This document defines the CBOR Object Signing and Encryption (COSE) protocol. This specification describes how to create and process signatures, message authentication codes, and encryption using CBOR for serialization. This specification additionally describes how to represent cryptographic keys using CBOR.</t>
              <t>This document, along with RFC 9053, obsoletes RFC 8152.</t>
            </abstract>
          </front>
          <seriesInfo name="STD" value="96"/>
          <seriesInfo name="RFC" value="9052"/>
          <seriesInfo name="DOI" value="10.17487/RFC9052"/>
        </reference>
        <reference anchor="RFC9053">
          <front>
            <title>CBOR Object Signing and Encryption (COSE): Initial Algorithms</title>
            <author fullname="J. Schaad" initials="J." surname="Schaad"/>
            <date month="August" year="2022"/>
            <abstract>
              <t>Concise Binary Object Representation (CBOR) is a data format designed for small code size and small message size. There is a need to be able to define basic security services for this data format. This document defines a set of algorithms that can be used with the CBOR Object Signing and Encryption (COSE) protocol (RFC 9052).</t>
              <t>This document, along with RFC 9052, obsoletes RFC 8152.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="9053"/>
          <seriesInfo name="DOI" value="10.17487/RFC9053"/>
        </reference>
        <reference anchor="RFC9200">
          <front>
            <title>Authentication and Authorization for Constrained Environments Using the OAuth 2.0 Framework (ACE-OAuth)</title>
            <author fullname="L. Seitz" initials="L." surname="Seitz"/>
            <author fullname="G. Selander" initials="G." surname="Selander"/>
            <author fullname="E. Wahlstroem" initials="E." surname="Wahlstroem"/>
            <author fullname="S. Erdtman" initials="S." surname="Erdtman"/>
            <author fullname="H. Tschofenig" initials="H." surname="Tschofenig"/>
            <date month="August" year="2022"/>
            <abstract>
              <t>This specification defines a framework for authentication and authorization in Internet of Things (IoT) environments called ACE-OAuth. The framework is based on a set of building blocks including OAuth 2.0 and the Constrained Application Protocol (CoAP), thus transforming a well-known and widely used authorization solution into a form suitable for IoT devices. Existing specifications are used where possible, but extensions are added and profiles are defined to better serve the IoT use cases.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="9200"/>
          <seriesInfo name="DOI" value="10.17487/RFC9200"/>
        </reference>
        <reference anchor="RFC9201">
          <front>
            <title>Additional OAuth Parameters for Authentication and Authorization for Constrained Environments (ACE)</title>
            <author fullname="L. Seitz" initials="L." surname="Seitz"/>
            <date month="August" year="2022"/>
            <abstract>
              <t>This specification defines new parameters and encodings for the OAuth 2.0 token and introspection endpoints when used with the framework for Authentication and Authorization for Constrained Environments (ACE). These are used to express the proof-of-possession (PoP) key the client wishes to use, the PoP key that the authorization server has selected, and the PoP key the resource server uses to authenticate to the client.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="9201"/>
          <seriesInfo name="DOI" value="10.17487/RFC9201"/>
        </reference>
        <reference anchor="RFC9203">
          <front>
            <title>The Object Security for Constrained RESTful Environments (OSCORE) Profile of the Authentication and Authorization for Constrained Environments (ACE) Framework</title>
            <author fullname="F. Palombini" initials="F." surname="Palombini"/>
            <author fullname="L. Seitz" initials="L." surname="Seitz"/>
            <author fullname="G. Selander" initials="G." surname="Selander"/>
            <author fullname="M. Gunnarsson" initials="M." surname="Gunnarsson"/>
            <date month="August" year="2022"/>
            <abstract>
              <t>This document specifies a profile for the Authentication and Authorization for Constrained Environments (ACE) framework. It utilizes Object Security for Constrained RESTful Environments (OSCORE) to provide communication security and proof-of-possession for a key owned by the client and bound to an OAuth 2.0 access token.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="9203"/>
          <seriesInfo name="DOI" value="10.17487/RFC9203"/>
        </reference>
        <reference anchor="RFC9360">
          <front>
            <title>CBOR Object Signing and Encryption (COSE): Header Parameters for Carrying and Referencing X.509 Certificates</title>
            <author fullname="J. Schaad" initials="J." surname="Schaad"/>
            <date month="February" year="2023"/>
            <abstract>
              <t>The CBOR Object Signing and Encryption (COSE) message structure uses references to keys in general. For some algorithms, additional properties are defined that carry parameters relating to keys as needed. The COSE Key structure is used for transporting keys outside of COSE messages. This document extends the way that keys can be identified and transported by providing attributes that refer to or contain X.509 certificates.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="9360"/>
          <seriesInfo name="DOI" value="10.17487/RFC9360"/>
        </reference>
        <reference anchor="RFC9528">
          <front>
            <title>Ephemeral Diffie-Hellman Over COSE (EDHOC)</title>
            <author fullname="G. Selander" initials="G." surname="Selander"/>
            <author fullname="J. Preuß Mattsson" initials="J." surname="Preuß Mattsson"/>
            <author fullname="F. Palombini" initials="F." surname="Palombini"/>
            <date month="March" year="2024"/>
            <abstract>
              <t>This document specifies Ephemeral Diffie-Hellman Over COSE (EDHOC), a very compact and lightweight authenticated Diffie-Hellman key exchange with ephemeral keys. EDHOC provides mutual authentication, forward secrecy, and identity protection. EDHOC is intended for usage in constrained scenarios, and a main use case is to establish an Object Security for Constrained RESTful Environments (OSCORE) security context. By reusing CBOR Object Signing and Encryption (COSE) for cryptography, Concise Binary Object Representation (CBOR) for encoding, and Constrained Application Protocol (CoAP) for transport, the additional code size can be kept very low.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="9528"/>
          <seriesInfo name="DOI" value="10.17487/RFC9528"/>
        </reference>
        <reference anchor="RFC9562">
          <front>
            <title>Universally Unique IDentifiers (UUIDs)</title>
            <author fullname="K. Davis" initials="K." surname="Davis"/>
            <author fullname="B. Peabody" initials="B." surname="Peabody"/>
            <author fullname="P. Leach" initials="P." surname="Leach"/>
            <date month="May" year="2024"/>
            <abstract>
              <t>This specification defines UUIDs (Universally Unique IDentifiers) --
also known as GUIDs (Globally Unique IDentifiers) -- and a Uniform
Resource Name namespace for UUIDs. A UUID is 128 bits long and is
intended to guarantee uniqueness across space and time. UUIDs were
originally used in the Apollo Network Computing System (NCS), later
in the Open Software Foundation's (OSF's) Distributed Computing
Environment (DCE), and then in Microsoft Windows platforms.</t>
              <t>This specification is derived from the OSF DCE specification with the
kind permission of the OSF (now known as "The Open Group"). Information from earlier versions of the OSF DCE specification have
been incorporated into this document. This document obsoletes RFC
4122.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="9562"/>
          <seriesInfo name="DOI" value="10.17487/RFC9562"/>
        </reference>
        <reference anchor="RFC9594">
          <front>
            <title>Key Provisioning for Group Communication Using Authentication and Authorization for Constrained Environments (ACE)</title>
            <author fullname="F. Palombini" initials="F." surname="Palombini"/>
            <author fullname="M. Tiloca" initials="M." surname="Tiloca"/>
            <date month="September" year="2024"/>
            <abstract>
              <t>This document defines how to use the Authentication and Authorization for Constrained Environments (ACE) framework to distribute keying material and configuration parameters for secure group communication. Candidate group members that act as Clients and are authorized to join a group can do so by interacting with a Key Distribution Center (KDC) acting as the Resource Server, from which they obtain the keying material to communicate with other group members. While defining general message formats as well as the interface and operations available at the KDC, this document supports different approaches and protocols for secure group communication. Therefore, details are delegated to separate application profiles of this document as specialized instances that target a particular group communication approach and define how communications in the group are protected. Compliance requirements for such application profiles are also specified.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="9594"/>
          <seriesInfo name="DOI" value="10.17487/RFC9594"/>
        </reference>
        <reference anchor="RFC9668">
          <front>
            <title>Using Ephemeral Diffie-Hellman Over COSE (EDHOC) with the Constrained Application Protocol (CoAP) and Object Security for Constrained RESTful Environments (OSCORE)</title>
            <author fullname="F. Palombini" initials="F." surname="Palombini"/>
            <author fullname="M. Tiloca" initials="M." surname="Tiloca"/>
            <author fullname="R. Höglund" initials="R." surname="Höglund"/>
            <author fullname="S. Hristozov" initials="S." surname="Hristozov"/>
            <author fullname="G. Selander" initials="G." surname="Selander"/>
            <date month="November" year="2024"/>
            <abstract>
              <t>The lightweight authenticated key exchange protocol Ephemeral Diffie-Hellman Over COSE (EDHOC) can be run over the Constrained Application Protocol (CoAP) and used by two peers to establish a Security Context for the security protocol Object Security for Constrained RESTful Environments (OSCORE). This document details this use of the EDHOC protocol by specifying a number of additional and optional mechanisms, including an optimization approach for combining the execution of EDHOC with the first OSCORE transaction. This combination reduces the number of round trips required to set up an OSCORE Security Context and to complete an OSCORE transaction using that Security Context.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="9668"/>
          <seriesInfo name="DOI" value="10.17487/RFC9668"/>
        </reference>
        <reference anchor="I-D.ietf-cose-cbor-encoded-cert">
          <front>
            <title>CBOR Encoded X.509 Certificates (C509 Certificates)</title>
            <author fullname="John Preuß Mattsson" initials="J. P." surname="Mattsson">
              <organization>Ericsson AB</organization>
            </author>
            <author fullname="Göran Selander" initials="G." surname="Selander">
              <organization>Ericsson AB</organization>
            </author>
            <author fullname="Shahid Raza" initials="S." surname="Raza">
              <organization>University of Glasgow</organization>
            </author>
            <author fullname="Joel Höglund" initials="J." surname="Höglund">
              <organization>RISE AB</organization>
            </author>
            <author fullname="Martin Furuhed" initials="M." surname="Furuhed">
              <organization>IN Groupe</organization>
            </author>
            <author fullname="Lijun Liao" initials="L." surname="Liao">
              <organization>NIO</organization>
            </author>
            <date day="30" month="June" year="2026"/>
            <abstract>
              <t>   This document specifies a CBOR encoding of X.509 certificates.  The
   resulting certificates are called C509 certificates.  The CBOR
   encoding supports a large subset of RFC 5280 and common certificate
   profiles, and it is extensible.

   Two types of C509 certificates are defined.  One type is an
   invertible CBOR re-encoding of DER-encoded X.509 certificates with
   the signature field copied from the DER encoding.  The other type is
   identical except that the signature is computed over the CBOR
   encoding instead of the DER encoding, thereby avoiding the use of
   ASN.1.  Both types of certificates have the same semantics as X.509
   while providing comparable size reduction.

   This document also specifies CBOR-encoded data structures for
   certification requests and certification request templates, new COSE
   headers, as well as a TLS certificate type and a file format for
   C509.  This document updates RFC 6698 by extending the TLSA selectors
   registry to include C509 certificates.

              </t>
            </abstract>
          </front>
          <seriesInfo name="Internet-Draft" value="draft-ietf-cose-cbor-encoded-cert-20"/>
        </reference>
        <reference anchor="I-D.ietf-core-uri-path-abbrev">
          <front>
            <title>URI-Path abbreviation in CoAP</title>
            <author fullname="Christian Amsüss" initials="C." surname="Amsüss">
         </author>
            <author fullname="Michael Richardson" initials="M." surname="Richardson">
              <organization>Sandelman Software Works</organization>
            </author>
            <date day="19" month="March" year="2026"/>
            <abstract>
              <t>   Applications built on CoAP face a conflict between the technical need
   for short message sizes and the interoperability requirement of
   following BCP190 and thus using (relatively verbose) well-known URI
   paths.  This document introduces a CoAP option that allows expressing
   well-known URI paths in as little as two bytes.

   Negotiating the use of this option between client and server revealed
   a subtle flaw in RFC7252.  This document updates RFC7252 to rectify
   it, thus making the extension point of critical options more useful.

              </t>
            </abstract>
          </front>
          <seriesInfo name="Internet-Draft" value="draft-ietf-core-uri-path-abbrev-04"/>
        </reference>
        <reference anchor="I-D.ietf-ace-key-groupcomm-oscore">
          <front>
            <title>Key Management for Group Object Security for Constrained RESTful Environments (Group OSCORE) Using Authentication and Authorization for Constrained Environments (ACE)</title>
            <author fullname="Marco Tiloca" initials="M." surname="Tiloca">
              <organization>RISE AB</organization>
            </author>
            <author fullname="Francesca Palombini" initials="F." surname="Palombini">
              <organization>Ericsson AB</organization>
            </author>
            <date day="14" month="March" year="2026"/>
            <abstract>
              <t>   This document defines an application profile of the Authentication
   and Authorization for Constrained Environments (ACE) framework, to
   request and provision keying material in group communication
   scenarios that are based on the Constrained Application Protocol
   (CoAP) and are secured with Group Object Security for Constrained
   RESTful Environments (Group OSCORE).  This application profile
   delegates the authentication and authorization of Clients, which join
   an OSCORE group through a Resource Server acting as Group Manager for
   that group.  This application profile leverages protocol-specific
   transport profiles of ACE to achieve communication security, server
   authentication, and proof of possession of a key owned by the Client
   and bound to an OAuth 2.0 access token.

              </t>
            </abstract>
          </front>
          <seriesInfo name="Internet-Draft" value="draft-ietf-ace-key-groupcomm-oscore-21"/>
        </reference>
        <reference anchor="I-D.ietf-ace-coap-pubsub-profile">
          <front>
            <title>CoAP Publish-Subscribe Profile for Authentication and Authorization for Constrained Environments (ACE)</title>
            <author fullname="Francesca Palombini" initials="F." surname="Palombini">
              <organization>Ericsson</organization>
            </author>
            <author fullname="Cigdem Sengul" initials="C." surname="Sengul">
              <organization>Brunel University</organization>
            </author>
            <author fullname="Marco Tiloca" initials="M." surname="Tiloca">
              <organization>RISE AB</organization>
            </author>
            <date day="19" month="March" year="2026"/>
            <abstract>
              <t>   This document defines an application profile of the Authentication
   and Authorization for Constrained Environments (ACE) framework, to
   enable secure group communication in the Publish-Subscribe (Pub-Sub)
   architecture for the Constrained Application Protocol (CoAP) [draft-
   ietf-core-coap-pubsub], where Publishers and Subscribers communicate
   through a Broker.  This profile relies on protocol-specific transport
   profiles of ACE to achieve communication security, server
   authentication, and proof of possession of a key owned by the Client
   and bound to an OAuth 2.0 access token.  This document specifies the
   provisioning and enforcement of authorization information for Clients
   to act as Publishers and/or Subscribers, as well as the provisioning
   of keying material and security parameters that Clients use for
   protecting their communications end-to-end through the Broker.

   Note to RFC Editor: Please replace "[draft-ietf-core-coap-pubsub]"
   with the RFC number of that document and delete this paragraph.

              </t>
            </abstract>
          </front>
          <seriesInfo name="Internet-Draft" value="draft-ietf-ace-coap-pubsub-profile-04"/>
        </reference>
        <reference anchor="COSE.Header.Parameters" target="https://www.iana.org/assignments/cose/cose.xhtml#header-parameters">
          <front>
            <title>COSE Header Parameters</title>
            <author>
              <organization>IANA</organization>
            </author>
            <date/>
          </front>
        </reference>
        <reference anchor="ACE.Request.Creation.Hints" target="https://www.iana.org/assignments/ace/ace.xhtml#ace-authorization-server-request-creation-hints">
          <front>
            <title>ACE Authorization Server Request Creation Hints</title>
            <author>
              <organization>IANA</organization>
            </author>
            <date/>
          </front>
        </reference>
        <reference anchor="ACE.Profiles" target="https://www.iana.org/assignments/ace/ace.xhtml#ace-profiles">
          <front>
            <title>ACE Profiles</title>
            <author>
              <organization>IANA</organization>
            </author>
            <date/>
          </front>
        </reference>
        <reference anchor="OAuth.Parameters" target="https://www.iana.org/assignments/oauth-parameters/oauth-parameters.xhtml#parameters">
          <front>
            <title>OAuth Parameters</title>
            <author>
              <organization>IANA</organization>
            </author>
            <date/>
          </front>
        </reference>
        <reference anchor="OAuth.Parameters.CBOR.Mappings" target="https://www.iana.org/assignments/ace/ace.xhtml#oauth-parameters-cbor-mappings">
          <front>
            <title>OAuth Parameters CBOR Mappings</title>
            <author>
              <organization>IANA</organization>
            </author>
            <date/>
          </front>
        </reference>
        <reference anchor="JSON.Web.Token.Claims" target="https://www.iana.org/assignments/jwt/jwt.xhtml#claims">
          <front>
            <title>JSON Web Token Claims</title>
            <author>
              <organization>IANA</organization>
            </author>
            <date/>
          </front>
        </reference>
        <reference anchor="CWT.Claims" target="https://www.iana.org/assignments/cwt/cwt.xhtml#claims-registry">
          <front>
            <title>CBOR Web Token (CWT) Claims</title>
            <author>
              <organization>IANA</organization>
            </author>
            <date/>
          </front>
        </reference>
        <reference anchor="JWT.Confirmation.Methods" target="https://www.iana.org/assignments/jwt/jwt.xhtml#confirmation-methods">
          <front>
            <title>JWT Confirmation Methods</title>
            <author>
              <organization>IANA</organization>
            </author>
            <date/>
          </front>
        </reference>
        <reference anchor="CWT.Confirmation.Methods" target="https://www.iana.org/assignments/cwt/cwt.xhtml#confirmation-methods">
          <front>
            <title>CWT Confirmation Methods</title>
            <author>
              <organization>IANA</organization>
            </author>
            <date/>
          </front>
        </reference>
        <reference anchor="EDHOC.External.Authorization.Data" target="https://www.iana.org/assignments/edhoc/edhoc.xhtml#edhoc-ead">
          <front>
            <title>EDHOC External Authorization Data</title>
            <author>
              <organization>IANA</organization>
            </author>
            <date/>
          </front>
        </reference>
        <reference anchor="EDHOC.Exporter.Labels" target="https://www.iana.org/assignments/edhoc/edhoc.xhtml#edhoc-exporter-labels">
          <front>
            <title>EDHOC Exporter Labels</title>
            <author>
              <organization>IANA</organization>
            </author>
            <date/>
          </front>
        </reference>
        <reference anchor="EDHOC.Authentication.Credential.Types" target="https://www.iana.org/assignments/edhoc/edhoc.xhtml#edhoc-authentication-credential-types">
          <front>
            <title>EDHOC Authentication Credential Types</title>
            <author>
              <organization>IANA</organization>
            </author>
            <date/>
          </front>
        </reference>
        <reference anchor="RFC2119">
          <front>
            <title>Key words for use in RFCs to Indicate Requirement Levels</title>
            <author fullname="S. Bradner" initials="S." surname="Bradner"/>
            <date month="March" year="1997"/>
            <abstract>
              <t>In many standards track documents several words are used to signify the requirements in the specification. These words are often capitalized. This document defines these words as they should be interpreted in IETF documents. This document specifies an Internet Best Current Practices for the Internet Community, and requests discussion and suggestions for improvements.</t>
            </abstract>
          </front>
          <seriesInfo name="BCP" value="14"/>
          <seriesInfo name="RFC" value="2119"/>
          <seriesInfo name="DOI" value="10.17487/RFC2119"/>
        </reference>
        <reference anchor="RFC8174">
          <front>
            <title>Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words</title>
            <author fullname="B. Leiba" initials="B." surname="Leiba"/>
            <date month="May" year="2017"/>
            <abstract>
              <t>RFC 2119 specifies common key words that may be used in protocol specifications. This document aims to reduce the ambiguity by clarifying that only UPPERCASE usage of the key words have the defined special meanings.</t>
            </abstract>
          </front>
          <seriesInfo name="BCP" value="14"/>
          <seriesInfo name="RFC" value="8174"/>
          <seriesInfo name="DOI" value="10.17487/RFC8174"/>
        </reference>
      </references>
      <references anchor="sec-informative-references">
        <name>Informative References</name>
        <reference anchor="RFC4949">
          <front>
            <title>Internet Security Glossary, Version 2</title>
            <author fullname="R. Shirey" initials="R." surname="Shirey"/>
            <date month="August" year="2007"/>
            <abstract>
              <t>This Glossary provides definitions, abbreviations, and explanations of terminology for information system security. The 334 pages of entries offer recommendations to improve the comprehensibility of written material that is generated in the Internet Standards Process (RFC 2026). The recommendations follow the principles that such writing should (a) use the same term or definition whenever the same concept is mentioned; (b) use terms in their plainest, dictionary sense; (c) use terms that are already well-established in open publications; and (d) avoid terms that either favor a particular vendor or favor a particular technology or mechanism over other, competing techniques that already exist or could be developed. This memo provides information for the Internet community.</t>
            </abstract>
          </front>
          <seriesInfo name="FYI" value="36"/>
          <seriesInfo name="RFC" value="4949"/>
          <seriesInfo name="DOI" value="10.17487/RFC4949"/>
        </reference>
        <reference anchor="RFC8446">
          <front>
            <title>The Transport Layer Security (TLS) Protocol Version 1.3</title>
            <author fullname="E. Rescorla" initials="E." surname="Rescorla"/>
            <date month="August" year="2018"/>
            <abstract>
              <t>This document specifies version 1.3 of the Transport Layer Security (TLS) protocol. TLS allows client/server applications to communicate over the Internet in a way that is designed to prevent eavesdropping, tampering, and message forgery.</t>
              <t>This document updates RFCs 5705 and 6066, and obsoletes RFCs 5077, 5246, and 6961. This document also specifies new requirements for TLS 1.2 implementations.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="8446"/>
          <seriesInfo name="DOI" value="10.17487/RFC8446"/>
        </reference>
        <reference anchor="RFC9110">
          <front>
            <title>HTTP Semantics</title>
            <author fullname="R. Fielding" initials="R." role="editor" surname="Fielding"/>
            <author fullname="M. Nottingham" initials="M." role="editor" surname="Nottingham"/>
            <author fullname="J. Reschke" initials="J." role="editor" surname="Reschke"/>
            <date month="June" year="2022"/>
            <abstract>
              <t>The Hypertext Transfer Protocol (HTTP) is a stateless application-level protocol for distributed, collaborative, hypertext information systems. This document describes the overall architecture of HTTP, establishes common terminology, and defines aspects of the protocol that are shared by all versions. In this definition are core protocol elements, extensibility mechanisms, and the "http" and "https" Uniform Resource Identifier (URI) schemes.</t>
              <t>This document updates RFC 3864 and obsoletes RFCs 2818, 7231, 7232, 7233, 7235, 7538, 7615, 7694, and portions of 7230.</t>
            </abstract>
          </front>
          <seriesInfo name="STD" value="97"/>
          <seriesInfo name="RFC" value="9110"/>
          <seriesInfo name="DOI" value="10.17487/RFC9110"/>
        </reference>
        <reference anchor="RFC9147">
          <front>
            <title>The Datagram Transport Layer Security (DTLS) Protocol Version 1.3</title>
            <author fullname="E. Rescorla" initials="E." surname="Rescorla"/>
            <author fullname="H. Tschofenig" initials="H." surname="Tschofenig"/>
            <author fullname="N. Modadugu" initials="N." surname="Modadugu"/>
            <date month="April" year="2022"/>
            <abstract>
              <t>This document specifies version 1.3 of the Datagram Transport Layer Security (DTLS) protocol. DTLS 1.3 allows client/server applications to communicate over the Internet in a way that is designed to prevent eavesdropping, tampering, and message forgery.</t>
              <t>The DTLS 1.3 protocol is based on the Transport Layer Security (TLS) 1.3 protocol and provides equivalent security guarantees with the exception of order protection / non-replayability. Datagram semantics of the underlying transport are preserved by the DTLS protocol.</t>
              <t>This document obsoletes RFC 6347.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="9147"/>
          <seriesInfo name="DOI" value="10.17487/RFC9147"/>
        </reference>
        <reference anchor="I-D.ietf-core-groupcomm-bis">
          <front>
            <title>Group Communication for the Constrained Application Protocol (CoAP)</title>
            <author fullname="Esko Dijk" initials="E." surname="Dijk">
              <organization>IoTconsultancy.nl</organization>
            </author>
            <author fullname="Marco Tiloca" initials="M." surname="Tiloca">
              <organization>RISE AB</organization>
            </author>
            <date day="10" month="February" year="2026"/>
            <abstract>
              <t>   The Constrained Application Protocol (CoAP) is a web transfer
   protocol for constrained devices and constrained networks.  In a
   number of use cases, constrained devices often naturally operate in
   groups (e.g., in a building automation scenario, all lights in a
   given room may need to be switched on/off as a group).  This document
   specifies the use of CoAP for group communication, including the use
   of UDP/IP multicast as the default underlying data transport.  Both
   unsecured and secured CoAP group communication are specified.
   Security is achieved by use of the Group Object Security for
   Constrained RESTful Environments (Group OSCORE) protocol.  The target
   application area of this specification is any group communication use
   cases that involve resource-constrained devices or networks that
   support CoAP.  This document replaces and obsoletes RFC 7390, while
   it updates RFC 7252 and RFC 7641.

              </t>
            </abstract>
          </front>
          <seriesInfo name="Internet-Draft" value="draft-ietf-core-groupcomm-bis-18"/>
        </reference>
        <reference anchor="I-D.ietf-ace-workflow-and-params">
          <front>
            <title>Short Distribution Chain (SDC) Workflow and New OAuth Parameters for the Authentication and Authorization for Constrained Environments (ACE) Framework</title>
            <author fullname="Marco Tiloca" initials="M." surname="Tiloca">
              <organization>RISE AB</organization>
            </author>
            <author fullname="Göran Selander" initials="G." surname="Selander">
              <organization>Ericsson AB</organization>
            </author>
            <date day="2" month="March" year="2026"/>
            <abstract>
              <t>   This document updates the Authentication and Authorization for
   Constrained Environments framework (ACE, RFC 9200) as follows. (1) It
   defines the Short Distribution Chain (SDC) workflow that the
   authorization server (AS) can use for uploading an access token to a
   resource server on behalf of the client. (2) For the OAuth 2.0 token
   endpoint, it defines new parameters and encodings and it extends the
   semantics of the "ace_profile" parameter. (3) For the OAuth 2.0
   authz-info endpoint, it defines a new parameter and its encoding. (4)
   It defines how the client and the AS can coordinate on the exchange
   of the client's and resource server's public authentication
   credentials, when those can be transported by value or identified by
   reference; this extends the semantics of the "rs_cnf" parameter for
   the OAuth 2.0 token endpoint, thus updating RFC 9201. (5) It extends
   the error handling at the AS, for which it defines a new error code.
   (6) It deprecates the original payload format of error responses
   conveying an error code, when CBOR is used to encode message
   payloads.  For those responses, it defines a new payload format
   aligned with RFC 9290, thus updating in this respect also the
   profiles defined in RFC 9202, RFC 9203, and RFC 9431. (7) It amends
   two of the requirements on profiles of the framework.

              </t>
            </abstract>
          </front>
          <seriesInfo name="Internet-Draft" value="draft-ietf-ace-workflow-and-params-07"/>
        </reference>
        <reference anchor="I-D.ietf-core-oscore-key-update">
          <front>
            <title>Key Update for OSCORE (KUDOS)</title>
            <author fullname="Rikard Höglund" initials="R." surname="Höglund">
              <organization>RISE AB</organization>
            </author>
            <author fullname="Marco Tiloca" initials="M." surname="Tiloca">
              <organization>RISE AB</organization>
            </author>
            <date day="2" month="March" year="2026"/>
            <abstract>
              <t>   Communications with the Constrained Application Protocol (CoAP) can
   be protected end-to-end at the application-layer by using the
   security protocol Object Security for Constrained RESTful
   Environments (OSCORE).  Under some circumstances, two CoAP endpoints
   need to update their OSCORE keying material before communications can
   securely continue, e.g., due to approaching key usage limits.  This
   document defines Key Update for OSCORE (KUDOS), a lightweight key
   update procedure that two CoAP endpoints can use to update their
   OSCORE keying material by establishing a new OSCORE Security Context.
   Accordingly, this document updates the use of the OSCORE flag bits in
   the CoAP OSCORE Option as well as the protection of CoAP response
   messages with OSCORE.  Also, it deprecates the key update procedure
   specified in Appendix B.2 of RFC 8613.  Therefore, this document
   updates RFC 8613.

              </t>
            </abstract>
          </front>
          <seriesInfo name="Internet-Draft" value="draft-ietf-core-oscore-key-update-13"/>
        </reference>
        <reference anchor="I-D.ietf-core-oscore-id-update">
          <front>
            <title>Identifier Update for OSCORE</title>
            <author fullname="Rikard Höglund" initials="R." surname="Höglund">
              <organization>RISE AB</organization>
            </author>
            <author fullname="Marco Tiloca" initials="M." surname="Tiloca">
              <organization>RISE AB</organization>
            </author>
            <date day="2" month="March" year="2026"/>
            <abstract>
              <t>   Two peers that communicate with the CoAP protocol can use the Object
   Security for Constrained RESTful Environments (OSCORE) protocol to
   protect their message exchanges end-to-end.  To this end, the two
   peers share an OSCORE Security Context and a number of related
   identifiers.  In particular, each of the two peers stores a Sender ID
   that identifies its own Sender Context within the Security Context,
   and a Recipient ID that identifies the Recipient Context associated
   with the other peer within the same Security Context.  These
   identifiers are sent in plaintext within OSCORE-protected messages.
   Hence, they can be used to correlate messages exchanged between peers
   and track those peers, with consequent privacy implications.  This
   document defines an OSCORE ID update procedure that two peers can use
   to update their OSCORE identifiers.  This procedure can be run stand-
   alone or seamlessly integrated in an execution of the Key Update for
   OSCORE (KUDOS) procedure.

              </t>
            </abstract>
          </front>
          <seriesInfo name="Internet-Draft" value="draft-ietf-core-oscore-id-update-06"/>
        </reference>
        <reference anchor="I-D.ietf-lake-authz">
          <front>
            <title>Lightweight Authorization using Ephemeral Diffie-Hellman Over COSE (ELA)</title>
            <author fullname="Göran Selander" initials="G." surname="Selander">
              <organization>Ericsson AB</organization>
            </author>
            <author fullname="John Preuß Mattsson" initials="J. P." surname="Mattsson">
              <organization>Ericsson AB</organization>
            </author>
            <author fullname="Mališa Vučinić" initials="M." surname="Vučinić">
              <organization>INRIA</organization>
            </author>
            <author fullname="Geovane Fedrecheski" initials="G." surname="Fedrecheski">
              <organization>INRIA</organization>
            </author>
            <author fullname="Michael Richardson" initials="M." surname="Richardson">
              <organization>Sandelman Software Works</organization>
            </author>
            <date day="2" month="March" year="2026"/>
            <abstract>
              <t>   Ephemeral Diffie-Hellman Over COSE (EDHOC) is a lightweight
   authenticated key exchange protocol intended for use in constrained
   scenarios.  This document specifies Lightweight Authorization using
   EDHOC (ELA).  The procedure allows authorizing enrollment of new
   devices using the extension point defined in EDHOC.  ELA is
   applicable to zero-touch onboarding of new devices to a constrained
   network leveraging trust anchors installed at manufacture time.

              </t>
            </abstract>
          </front>
          <seriesInfo name="Internet-Draft" value="draft-ietf-lake-authz-07"/>
        </reference>
        <reference anchor="I-D.ietf-ace-coap-est-oscore">
          <front>
            <title>Protecting EST Payloads with OSCORE</title>
            <author fullname="Göran Selander" initials="G." surname="Selander">
              <organization>Ericsson AB</organization>
            </author>
            <author fullname="Shahid Raza" initials="S." surname="Raza">
              <organization>RISE</organization>
            </author>
            <author fullname="Martin Furuhed" initials="M." surname="Furuhed">
              <organization>Nexus</organization>
            </author>
            <author fullname="Mališa Vučinić" initials="M." surname="Vučinić">
              <organization>Inria</organization>
            </author>
            <date day="2" month="July" year="2026"/>
            <abstract>
              <t>   Enrollment over Secure Transport (EST) is a certificate provisioning
   protocol over HTTPS [RFC7030] or CoAPs [RFC9148].  This document
   specifies how to carry EST over the Constrained Application Protocol
   (CoAP) protected with Object Security for Constrained RESTful
   Environments (OSCORE).  The specification builds on the EST-coaps
   [RFC9148] specification, but uses OSCORE and Ephemeral Diffie-Hellman
   over COSE (EDHOC) instead of DTLS.  The specification also leverages
   the certificate structures defined in
   [I-D.ietf-cose-cbor-encoded-cert], which can be optionally used
   alongside X.509 certificates.

              </t>
            </abstract>
          </front>
          <seriesInfo name="Internet-Draft" value="draft-ietf-ace-coap-est-oscore-11"/>
        </reference>
        <reference anchor="I-D.serafin-lake-ta-hint">
          <front>
            <title>Trust Anchor Hints in Ephemeral Diffie-Hellman Over COSE (EDHOC)</title>
            <author fullname="Marek Serafin" initials="M." surname="Serafin">
              <organization>ASSA ABLOY</organization>
            </author>
            <author fullname="Göran Selander" initials="G." surname="Selander">
              <organization>Ericsson</organization>
            </author>
            <date day="21" month="October" year="2024"/>
            <abstract>
              <t>   This document defines a format for transport of hints about Trust
   Anchors of trusted third parties when using the lightweight
   authenticated key exchange protocol Ephemeral Diffie-Hellman Over
   COSE (EDHOC).

              </t>
            </abstract>
          </front>
          <seriesInfo name="Internet-Draft" value="draft-serafin-lake-ta-hint-00"/>
        </reference>
        <reference anchor="I-D.ietf-lake-app-profiles">
          <front>
            <title>Coordinating the Use of Application Profiles for Ephemeral Diffie-Hellman Over COSE (EDHOC)</title>
            <author fullname="Marco Tiloca" initials="M." surname="Tiloca">
              <organization>RISE AB</organization>
            </author>
            <author fullname="Rikard Höglund" initials="R." surname="Höglund">
              <organization>RISE AB</organization>
            </author>
            <date day="2" month="March" year="2026"/>
            <abstract>
              <t>   The lightweight authenticated key exchange protocol Ephemeral Diffie-
   Hellman Over COSE (EDHOC) requires certain parameters to be agreed
   out-of-band, in order to ensure its successful completion.  To this
   end, application profiles specify the intended use of EDHOC to allow
   for the relevant processing and verifications to be made.  In order
   to ensure the applicability of such parameters and information beyond
   transport- or setup-specific scenarios, this document defines a
   canonical, CBOR-based representation that can be used to describe,
   distribute, and store EDHOC application profiles.  Furthermore, in
   order to facilitate interoperability between EDHOC implementations
   and support EDHOC extensibility for additional integrations, this
   document defines a number of means to coordinate the use of EDHOC
   application profiles.  Finally, this document defines a set of well-
   known EDHOC application profiles.

              </t>
            </abstract>
          </front>
          <seriesInfo name="Internet-Draft" value="draft-ietf-lake-app-profiles-04"/>
        </reference>
        <reference anchor="I-D.ietf-ace-group-oscore-profile">
          <front>
            <title>The Group Object Security for Constrained RESTful Environments (Group OSCORE) Profile of the Authentication and Authorization for Constrained Environments (ACE) Framework</title>
            <author fullname="Marco Tiloca" initials="M." surname="Tiloca">
              <organization>RISE AB</organization>
            </author>
            <author fullname="Rikard Höglund" initials="R." surname="Höglund">
              <organization>RISE AB</organization>
            </author>
            <author fullname="Francesca Palombini" initials="F." surname="Palombini">
              <organization>Ericsson AB</organization>
            </author>
            <date day="2" month="March" year="2026"/>
            <abstract>
              <t>   This document specifies a profile for the Authentication and
   Authorization for Constrained Environments (ACE) framework.  The
   profile uses Group Object Security for Constrained RESTful
   Environments (Group OSCORE) to provide communication security between
   a client and one or multiple resource servers that are members of an
   OSCORE group.  The profile securely binds an OAuth 2.0 access token
   to the public key of the client associated with the private key used
   by that client in the OSCORE group.  The profile uses Group OSCORE to
   achieve server authentication and proof of possession of the client's
   private key.  Also, it provides proof of the client's membership to
   the OSCORE group by binding the access token to information from the
   Group OSCORE Security Context, thus allowing the resource server(s)
   to verify the client's membership upon receiving a message protected
   with Group OSCORE from the client.  Effectively, the profile enables
   fine-grained access control paired with secure group communication,
   in accordance with the Zero Trust principles.

              </t>
            </abstract>
          </front>
          <seriesInfo name="Internet-Draft" value="draft-ietf-ace-group-oscore-profile-06"/>
        </reference>
      </references>
    </references>
    <?line 1688?>

<section anchor="examples">
      <name>Examples</name>
      <t>This appendix provides examples where this profile of ACE is used. In particular:</t>
      <ul spacing="normal">
        <li>
          <t><xref target="example-without-optimization"/> does not make use of any optimization.</t>
        </li>
        <li>
          <t><xref target="example-with-optimization"/> makes use of the optimizations defined in <xref target="RFC9668"/>, hence reducing the round trips of the interactions between C and AS as well as between C and RS.</t>
        </li>
        <li>
          <t><xref target="example-non-sequential-workflow"/> makes use of the EAD items Request Creation Hints (see <xref target="as-creation-hints"/>) and Credential By Value (see <xref target="auth-cred-by-value"/>), with the former allowing C to receive AS Request Creation Hints during an EDHOC session. This is useful if C is not able to determine in advance the appropriate AS to contact.</t>
        </li>
      </ul>
      <t>All these examples build on the following assumptions, as relying on expected early procedures performed at AS. These include the registration of resource servers by the respective resource owners, as well as the registrations of clients authorized to request access tokens for accessing protected resources at those resource servers.</t>
      <ul spacing="normal">
        <li>
          <t>AS knows the authentication credential AUTH_CRED_C of C.</t>
        </li>
        <li>
          <t>C knows the authentication credential AUTH_CRED_AS of AS.</t>
        </li>
        <li>
          <t>AS knows the authentication credential AUTH_CRED_RS of RS.</t>
        </li>
        <li>
          <t>RS knows the authentication credential AUTH_CRED_AS of AS.  </t>
          <t>
This is relevant in the case that AS and RS actually require a secure association (e.g., for RS to perform token introspection at AS, or for AS to upload an access token to RS on behalf of C as defined in <xref target="I-D.ietf-ace-workflow-and-params"/>).</t>
        </li>
      </ul>
      <t>As a result of the assumptions above, it is possible to limit the transport of AUTH_CRED_C and AUTH_CRED_RS by value only to the following two cases, and only when C requests an access token for RS for the first time when considering the pair (AUTH_CRED_C, AUTH_CRED_RS).</t>
      <ul spacing="normal">
        <li>
          <t>In the access token response from AS to C, where AUTH_CRED_RS is specified by the "rs_cnf" parameter.</t>
        </li>
        <li>
          <t>In the access token, where AUTH_CRED_C is specified by the "cnf" claim.</t>
        </li>
      </ul>
      <t>Note that, even under the circumstances mentioned above, AUTH_CRED_C might rather be identified by reference. This is possible if RS can effectively use such a reference from the access token to retrieve AUTH_CRED_C (e.g., from a trusted repository of authentication credentials reachable through a non-constrained link) and if AS is in turn aware of that.</t>
      <t>In any other case, it is otherwise possible to identify both AUTH_CRED_C and AUTH_CRED_RS by reference, when performing the ACE access control workflow as well as later on when C and RS run EDHOC.</t>
      <section anchor="example-without-optimization">
        <name>Workflow without Optimizations</name>
        <t>The example below shows a simple interaction between C and RS: C and RS run EDHOC wherein C uploads the access token to RS, after which C accesses a protected resource at RS.</t>
        <artset>
          <artwork type="svg"><svg xmlns="http://www.w3.org/2000/svg" version="1.1" height="2960" width="576" viewBox="0 0 576 2960" class="diagram" text-anchor="middle" font-family="monospace" font-size="13px" stroke-linecap="round">
              <path d="M 40,48 L 40,800" fill="none" stroke="black"/>
              <path d="M 40,896 L 40,1248" fill="none" stroke="black"/>
              <path d="M 40,1344 L 40,1504" fill="none" stroke="black"/>
              <path d="M 40,1648 L 40,1664" fill="none" stroke="black"/>
              <path d="M 40,1728 L 40,1744" fill="none" stroke="black"/>
              <path d="M 40,1888 L 40,2944" fill="none" stroke="black"/>
              <path d="M 376,48 L 376,800" fill="none" stroke="black"/>
              <path d="M 376,896 L 376,952" fill="none" stroke="black"/>
              <path d="M 376,968 L 376,1016" fill="none" stroke="black"/>
              <path d="M 376,1032 L 376,1128" fill="none" stroke="black"/>
              <path d="M 376,1144 L 376,1248" fill="none" stroke="black"/>
              <path d="M 376,1344 L 376,1416" fill="none" stroke="black"/>
              <path d="M 376,1432 L 376,1480" fill="none" stroke="black"/>
              <path d="M 376,1648 L 376,1664" fill="none" stroke="black"/>
              <path d="M 376,1728 L 376,1744" fill="none" stroke="black"/>
              <path d="M 376,1888 L 376,2472" fill="none" stroke="black"/>
              <path d="M 376,2488 L 376,2536" fill="none" stroke="black"/>
              <path d="M 376,2552 L 376,2648" fill="none" stroke="black"/>
              <path d="M 376,2664 L 376,2840" fill="none" stroke="black"/>
              <path d="M 376,2856 L 376,2920" fill="none" stroke="black"/>
              <path d="M 568,48 L 568,800" fill="none" stroke="black"/>
              <path d="M 568,896 L 568,1248" fill="none" stroke="black"/>
              <path d="M 568,1344 L 568,1504" fill="none" stroke="black"/>
              <path d="M 568,1648 L 568,1664" fill="none" stroke="black"/>
              <path d="M 568,1728 L 568,1744" fill="none" stroke="black"/>
              <path d="M 568,1888 L 568,2944" fill="none" stroke="black"/>
              <path d="M 40,80 L 368,80" fill="none" stroke="black"/>
              <path d="M 48,144 L 376,144" fill="none" stroke="black"/>
              <path d="M 40,240 L 368,240" fill="none" stroke="black"/>
              <path d="M 40,352 L 368,352" fill="none" stroke="black"/>
              <path d="M 48,464 L 376,464" fill="none" stroke="black"/>
              <path d="M 40,960 L 560,960" fill="none" stroke="black"/>
              <path d="M 48,1024 L 568,1024" fill="none" stroke="black"/>
              <path d="M 40,1136 L 560,1136" fill="none" stroke="black"/>
              <path d="M 40,1424 L 560,1424" fill="none" stroke="black"/>
              <path d="M 48,1488 L 568,1488" fill="none" stroke="black"/>
              <path d="M 40,1952 L 368,1952" fill="none" stroke="black"/>
              <path d="M 48,2064 L 376,2064" fill="none" stroke="black"/>
              <path d="M 40,2480 L 560,2480" fill="none" stroke="black"/>
              <path d="M 48,2544 L 568,2544" fill="none" stroke="black"/>
              <path d="M 40,2656 L 560,2656" fill="none" stroke="black"/>
              <path d="M 40,2848 L 560,2848" fill="none" stroke="black"/>
              <path d="M 48,2928 L 568,2928" fill="none" stroke="black"/>
              <polygon class="arrowhead" points="568,2848 556,2842.4 556,2853.6" fill="black" transform="rotate(0,560,2848)"/>
              <polygon class="arrowhead" points="568,2656 556,2650.4 556,2661.6" fill="black" transform="rotate(0,560,2656)"/>
              <polygon class="arrowhead" points="568,2480 556,2474.4 556,2485.6" fill="black" transform="rotate(0,560,2480)"/>
              <polygon class="arrowhead" points="568,1424 556,1418.4 556,1429.6" fill="black" transform="rotate(0,560,1424)"/>
              <polygon class="arrowhead" points="568,1136 556,1130.4 556,1141.6" fill="black" transform="rotate(0,560,1136)"/>
              <polygon class="arrowhead" points="568,960 556,954.4 556,965.6" fill="black" transform="rotate(0,560,960)"/>
              <polygon class="arrowhead" points="376,1952 364,1946.4 364,1957.6" fill="black" transform="rotate(0,368,1952)"/>
              <polygon class="arrowhead" points="376,352 364,346.4 364,357.6" fill="black" transform="rotate(0,368,352)"/>
              <polygon class="arrowhead" points="376,240 364,234.4 364,245.6" fill="black" transform="rotate(0,368,240)"/>
              <polygon class="arrowhead" points="376,80 364,74.4 364,85.6" fill="black" transform="rotate(0,368,80)"/>
              <polygon class="arrowhead" points="56,2928 44,2922.4 44,2933.6" fill="black" transform="rotate(180,48,2928)"/>
              <polygon class="arrowhead" points="56,2544 44,2538.4 44,2549.6" fill="black" transform="rotate(180,48,2544)"/>
              <polygon class="arrowhead" points="56,2064 44,2058.4 44,2069.6" fill="black" transform="rotate(180,48,2064)"/>
              <polygon class="arrowhead" points="56,1488 44,1482.4 44,1493.6" fill="black" transform="rotate(180,48,1488)"/>
              <polygon class="arrowhead" points="56,1024 44,1018.4 44,1029.6" fill="black" transform="rotate(180,48,1024)"/>
              <polygon class="arrowhead" points="56,464 44,458.4 44,469.6" fill="black" transform="rotate(180,48,464)"/>
              <polygon class="arrowhead" points="56,144 44,138.4 44,149.6" fill="black" transform="rotate(180,48,144)"/>
              <g class="text">
                <text x="40" y="36">C</text>
                <text x="372" y="36">AS</text>
                <text x="564" y="36">RS</text>
                <text x="80" y="68">EDHOC</text>
                <text x="144" y="68">message_1</text>
                <text x="196" y="68">to</text>
                <text x="284" y="68">/.well-known/edhoc</text>
                <text x="16" y="84">M01</text>
                <text x="80" y="132">EDHOC</text>
                <text x="144" y="132">message_2</text>
                <text x="16" y="148">M02</text>
                <text x="96" y="164">ID_CRED_R</text>
                <text x="180" y="164">identifies</text>
                <text x="108" y="180">CRED_R</text>
                <text x="144" y="180">=</text>
                <text x="204" y="180">AUTH_CRED_AS</text>
                <text x="268" y="180">by</text>
                <text x="320" y="180">reference</text>
                <text x="80" y="228">EDHOC</text>
                <text x="144" y="228">message_3</text>
                <text x="196" y="228">to</text>
                <text x="284" y="228">/.well-known/edhoc</text>
                <text x="16" y="244">M03</text>
                <text x="96" y="260">ID_CRED_I</text>
                <text x="180" y="260">identifies</text>
                <text x="108" y="276">CRED_I</text>
                <text x="144" y="276">=</text>
                <text x="200" y="276">AUTH_CRED_C</text>
                <text x="260" y="276">by</text>
                <text x="312" y="276">reference</text>
                <text x="84" y="324">Access</text>
                <text x="136" y="324">token</text>
                <text x="192" y="324">request</text>
                <text x="236" y="324">to</text>
                <text x="276" y="324">/token</text>
                <text x="128" y="340">(OSCORE-protected</text>
                <text x="236" y="340">message)</text>
                <text x="16" y="356">M04</text>
                <text x="96" y="372">"req_cnf"</text>
                <text x="180" y="372">identifies</text>
                <text x="128" y="388">AUTH_CRED_C</text>
                <text x="188" y="388">by</text>
                <text x="240" y="388">reference</text>
                <text x="84" y="436">Access</text>
                <text x="136" y="436">token</text>
                <text x="196" y="436">response</text>
                <text x="128" y="452">(OSCORE-protected</text>
                <text x="236" y="452">message)</text>
                <text x="16" y="468">M05</text>
                <text x="92" y="484">"rs_cnf"</text>
                <text x="168" y="484">specifies</text>
                <text x="132" y="500">AUTH_CRED_RS</text>
                <text x="196" y="500">by</text>
                <text x="232" y="500">value</text>
                <text x="112" y="532">"ace_profile"</text>
                <text x="208" y="532">specifies</text>
                <text x="264" y="532">the</text>
                <text x="72" y="548">ACE</text>
                <text x="120" y="548">profile</text>
                <text x="232" y="548">"coap_edhoc_oscore"</text>
                <text x="108" y="580">"edhoc_info"</text>
                <text x="204" y="580">specifies:</text>
                <text x="88" y="596">{</text>
                <text x="152" y="612">e'session_id'</text>
                <text x="216" y="612">:</text>
                <text x="252" y="612">h'01',</text>
                <text x="164" y="628">e'cipher_suites'</text>
                <text x="240" y="628">:</text>
                <text x="260" y="628">2,</text>
                <text x="140" y="644">e'methods'</text>
                <text x="192" y="644">:</text>
                <text x="212" y="644">3,</text>
                <text x="144" y="660">e'uri_path'</text>
                <text x="200" y="660">:</text>
                <text x="244" y="660">"/edhoc"</text>
                <text x="88" y="676">}</text>
                <text x="68" y="708">In</text>
                <text x="96" y="708">the</text>
                <text x="140" y="708">access</text>
                <text x="196" y="708">token:</text>
                <text x="64" y="724">-</text>
                <text x="88" y="724">the</text>
                <text x="128" y="724">"cnf"</text>
                <text x="176" y="724">claim</text>
                <text x="240" y="724">specifies</text>
                <text x="120" y="740">AUTH_CRED_C</text>
                <text x="180" y="740">by</text>
                <text x="216" y="740">value</text>
                <text x="64" y="756">-</text>
                <text x="88" y="756">the</text>
                <text x="156" y="756">"edhoc_info"</text>
                <text x="232" y="756">claim</text>
                <text x="112" y="772">specifies</text>
                <text x="168" y="772">the</text>
                <text x="204" y="772">same</text>
                <text x="236" y="772">as</text>
                <text x="124" y="788">"edhoc_info"</text>
                <text x="200" y="788">above</text>
                <text x="76" y="836">Possibly</text>
                <text x="136" y="836">after</text>
                <text x="184" y="836">chain</text>
                <text x="264" y="836">verification,</text>
                <text x="328" y="836">C</text>
                <text x="356" y="836">adds</text>
                <text x="428" y="836">AUTH_CRED_RS</text>
                <text x="52" y="852">to</text>
                <text x="80" y="852">the</text>
                <text x="112" y="852">set</text>
                <text x="140" y="852">of</text>
                <text x="168" y="852">its</text>
                <text x="216" y="852">trusted</text>
                <text x="268" y="852">peer</text>
                <text x="348" y="852">authentication</text>
                <text x="460" y="852">credentials,</text>
                <text x="72" y="868">relying</text>
                <text x="116" y="868">on</text>
                <text x="140" y="868">AS</text>
                <text x="164" y="868">as</text>
                <text x="208" y="868">trusted</text>
                <text x="280" y="868">provider.</text>
                <text x="80" y="932">EDHOC</text>
                <text x="144" y="932">message_1</text>
                <text x="196" y="932">to</text>
                <text x="236" y="932">/edhoc</text>
                <text x="72" y="948">(no</text>
                <text x="116" y="948">access</text>
                <text x="176" y="948">control</text>
                <text x="220" y="948">is</text>
                <text x="272" y="948">enforced)</text>
                <text x="16" y="964">M06</text>
                <text x="80" y="1012">EDHOC</text>
                <text x="144" y="1012">message_2</text>
                <text x="16" y="1028">M07</text>
                <text x="96" y="1044">ID_CRED_R</text>
                <text x="180" y="1044">identifies</text>
                <text x="108" y="1060">CRED_R</text>
                <text x="144" y="1060">=</text>
                <text x="204" y="1060">AUTH_CRED_RS</text>
                <text x="268" y="1060">by</text>
                <text x="320" y="1060">reference</text>
                <text x="80" y="1108">EDHOC</text>
                <text x="144" y="1108">message_3</text>
                <text x="196" y="1108">to</text>
                <text x="236" y="1108">/edhoc</text>
                <text x="72" y="1124">(no</text>
                <text x="116" y="1124">access</text>
                <text x="176" y="1124">control</text>
                <text x="220" y="1124">is</text>
                <text x="272" y="1124">enforced)</text>
                <text x="16" y="1140">M08</text>
                <text x="80" y="1156">EAD_3</text>
                <text x="144" y="1156">contains:</text>
                <text x="64" y="1172">-</text>
                <text x="88" y="1172">EAD</text>
                <text x="124" y="1172">item</text>
                <text x="184" y="1172">ACE-OAuth</text>
                <text x="252" y="1172">Access</text>
                <text x="304" y="1172">Token</text>
                <text x="120" y="1188">(access</text>
                <text x="180" y="1188">token)</text>
                <text x="96" y="1220">ID_CRED_I</text>
                <text x="180" y="1220">identifies</text>
                <text x="108" y="1236">CRED_I</text>
                <text x="144" y="1236">=</text>
                <text x="200" y="1236">AUTH_CRED_C</text>
                <text x="260" y="1236">by</text>
                <text x="312" y="1236">reference</text>
                <text x="76" y="1284">Possibly</text>
                <text x="136" y="1284">after</text>
                <text x="184" y="1284">chain</text>
                <text x="264" y="1284">verification,</text>
                <text x="332" y="1284">RS</text>
                <text x="364" y="1284">adds</text>
                <text x="432" y="1284">AUTH_CRED_C</text>
                <text x="52" y="1300">to</text>
                <text x="80" y="1300">the</text>
                <text x="112" y="1300">set</text>
                <text x="140" y="1300">of</text>
                <text x="168" y="1300">its</text>
                <text x="216" y="1300">trusted</text>
                <text x="268" y="1300">peer</text>
                <text x="348" y="1300">authentication</text>
                <text x="460" y="1300">credentials,</text>
                <text x="72" y="1316">relying</text>
                <text x="116" y="1316">on</text>
                <text x="140" y="1316">AS</text>
                <text x="164" y="1316">as</text>
                <text x="208" y="1316">trusted</text>
                <text x="280" y="1316">provider.</text>
                <text x="84" y="1380">Access</text>
                <text x="124" y="1380">to</text>
                <text x="176" y="1380">protected</text>
                <text x="252" y="1380">resource</text>
                <text x="128" y="1396">(OSCORE-protected</text>
                <text x="236" y="1396">message)</text>
                <text x="88" y="1412">(access</text>
                <text x="152" y="1412">control</text>
                <text x="196" y="1412">is</text>
                <text x="248" y="1412">enforced)</text>
                <text x="16" y="1428">M09</text>
                <text x="92" y="1460">Response</text>
                <text x="128" y="1476">(OSCORE-protected</text>
                <text x="236" y="1476">message)</text>
                <text x="16" y="1492">M10</text>
                <text x="376" y="1508">|</text>
                <text x="64" y="1540">Later</text>
                <text x="104" y="1540">on,</text>
                <text x="136" y="1540">the</text>
                <text x="180" y="1540">access</text>
                <text x="232" y="1540">token</text>
                <text x="288" y="1540">expires</text>
                <text x="336" y="1540">...</text>
                <text x="56" y="1572">-</text>
                <text x="72" y="1572">C</text>
                <text x="96" y="1572">and</text>
                <text x="124" y="1572">RS</text>
                <text x="164" y="1572">delete</text>
                <text x="216" y="1572">their</text>
                <text x="268" y="1572">OSCORE</text>
                <text x="332" y="1572">Security</text>
                <text x="400" y="1572">Context</text>
                <text x="448" y="1572">and</text>
                <text x="488" y="1572">purge</text>
                <text x="528" y="1572">the</text>
                <text x="88" y="1588">EDHOC</text>
                <text x="144" y="1588">session</text>
                <text x="196" y="1588">used</text>
                <text x="228" y="1588">to</text>
                <text x="268" y="1588">derive</text>
                <text x="312" y="1588">it.</text>
                <text x="56" y="1604">-</text>
                <text x="76" y="1604">RS</text>
                <text x="120" y="1604">retains</text>
                <text x="200" y="1604">AUTH_CRED_C</text>
                <text x="260" y="1604">as</text>
                <text x="296" y="1604">still</text>
                <text x="348" y="1604">valid,</text>
                <text x="392" y="1604">and</text>
                <text x="420" y="1604">AS</text>
                <text x="456" y="1604">knows</text>
                <text x="504" y="1604">about</text>
                <text x="544" y="1604">it.</text>
                <text x="56" y="1620">-</text>
                <text x="72" y="1620">C</text>
                <text x="112" y="1620">retains</text>
                <text x="196" y="1620">AUTH_CRED_RS</text>
                <text x="260" y="1620">as</text>
                <text x="296" y="1620">still</text>
                <text x="348" y="1620">valid,</text>
                <text x="392" y="1620">and</text>
                <text x="420" y="1620">AS</text>
                <text x="456" y="1620">knows</text>
                <text x="504" y="1620">about</text>
                <text x="544" y="1620">it.</text>
                <text x="60" y="1700">Time</text>
                <text x="108" y="1700">passes</text>
                <text x="152" y="1700">...</text>
                <text x="48" y="1780">C</text>
                <text x="76" y="1780">asks</text>
                <text x="112" y="1780">for</text>
                <text x="136" y="1780">a</text>
                <text x="160" y="1780">new</text>
                <text x="204" y="1780">access</text>
                <text x="260" y="1780">token;</text>
                <text x="304" y="1780">now</text>
                <text x="336" y="1780">all</text>
                <text x="368" y="1780">the</text>
                <text x="444" y="1780">authentication</text>
                <text x="88" y="1796">credentials</text>
                <text x="152" y="1796">can</text>
                <text x="180" y="1796">be</text>
                <text x="236" y="1796">identified</text>
                <text x="292" y="1796">by</text>
                <text x="348" y="1796">reference.</text>
                <text x="56" y="1828">The</text>
                <text x="92" y="1828">cost</text>
                <text x="136" y="1828">falls</text>
                <text x="172" y="1828">on</text>
                <text x="200" y="1828">AS,</text>
                <text x="240" y="1828">which</text>
                <text x="284" y="1828">must</text>
                <text x="340" y="1828">remember</text>
                <text x="396" y="1828">that</text>
                <text x="428" y="1828">at</text>
                <text x="464" y="1828">least</text>
                <text x="56" y="1844">one</text>
                <text x="100" y="1844">access</text>
                <text x="152" y="1844">token</text>
                <text x="192" y="1844">has</text>
                <text x="228" y="1844">been</text>
                <text x="276" y="1844">issued</text>
                <text x="320" y="1844">for</text>
                <text x="352" y="1844">the</text>
                <text x="388" y="1844">pair</text>
                <text x="424" y="1844">(C,</text>
                <text x="456" y="1844">RS)</text>
                <text x="56" y="1860">and</text>
                <text x="120" y="1860">considering</text>
                <text x="184" y="1860">the</text>
                <text x="220" y="1860">pair</text>
                <text x="296" y="1860">(AUTH_CRED_C,</text>
                <text x="412" y="1860">AUTH_CRED_RS).</text>
                <text x="84" y="1924">Access</text>
                <text x="136" y="1924">token</text>
                <text x="192" y="1924">request</text>
                <text x="236" y="1924">to</text>
                <text x="276" y="1924">/token</text>
                <text x="128" y="1940">(OSCORE-protected</text>
                <text x="236" y="1940">message)</text>
                <text x="16" y="1956">M11</text>
                <text x="96" y="1972">"req_cnf"</text>
                <text x="180" y="1972">identifies</text>
                <text x="108" y="1988">CRED_I</text>
                <text x="144" y="1988">=</text>
                <text x="200" y="1988">AUTH_CRED_C</text>
                <text x="260" y="1988">by</text>
                <text x="312" y="1988">reference</text>
                <text x="84" y="2036">Access</text>
                <text x="136" y="2036">token</text>
                <text x="196" y="2036">response</text>
                <text x="128" y="2052">(OSCORE-protected</text>
                <text x="236" y="2052">message)</text>
                <text x="16" y="2068">M12</text>
                <text x="92" y="2084">"rs_cnf"</text>
                <text x="172" y="2084">identifies</text>
                <text x="132" y="2100">AUTH_CRED_RS</text>
                <text x="196" y="2100">by</text>
                <text x="248" y="2100">reference</text>
                <text x="112" y="2132">"ace_profile"</text>
                <text x="208" y="2132">specifies</text>
                <text x="264" y="2132">the</text>
                <text x="72" y="2148">ACE</text>
                <text x="120" y="2148">profile</text>
                <text x="232" y="2148">"coap_edhoc_oscore"</text>
                <text x="108" y="2180">"edhoc_info"</text>
                <text x="204" y="2180">specifies:</text>
                <text x="88" y="2196">{</text>
                <text x="152" y="2212">e'session_id'</text>
                <text x="216" y="2212">:</text>
                <text x="252" y="2212">h'05',</text>
                <text x="164" y="2228">e'cipher_suites'</text>
                <text x="240" y="2228">:</text>
                <text x="260" y="2228">2,</text>
                <text x="140" y="2244">e'methods'</text>
                <text x="192" y="2244">:</text>
                <text x="212" y="2244">3,</text>
                <text x="144" y="2260">e'uri_path'</text>
                <text x="200" y="2260">:</text>
                <text x="244" y="2260">"/edhoc"</text>
                <text x="88" y="2276">}</text>
                <text x="68" y="2308">In</text>
                <text x="96" y="2308">the</text>
                <text x="140" y="2308">access</text>
                <text x="196" y="2308">token:</text>
                <text x="64" y="2324">-</text>
                <text x="88" y="2324">the</text>
                <text x="128" y="2324">"cnf"</text>
                <text x="176" y="2324">claim</text>
                <text x="244" y="2324">identifies</text>
                <text x="120" y="2340">AUTH_CRED_C</text>
                <text x="180" y="2340">by</text>
                <text x="232" y="2340">reference</text>
                <text x="64" y="2356">-</text>
                <text x="88" y="2356">the</text>
                <text x="156" y="2356">"edhoc_info"</text>
                <text x="232" y="2356">claim</text>
                <text x="112" y="2372">specifies</text>
                <text x="168" y="2372">the</text>
                <text x="204" y="2372">same</text>
                <text x="236" y="2372">as</text>
                <text x="124" y="2388">"edhoc_info"</text>
                <text x="200" y="2388">above</text>
                <text x="80" y="2452">EDHOC</text>
                <text x="144" y="2452">message_1</text>
                <text x="196" y="2452">to</text>
                <text x="236" y="2452">/edhoc</text>
                <text x="72" y="2468">(no</text>
                <text x="116" y="2468">access</text>
                <text x="176" y="2468">control</text>
                <text x="220" y="2468">is</text>
                <text x="272" y="2468">enforced)</text>
                <text x="16" y="2484">M13</text>
                <text x="80" y="2532">EDHOC</text>
                <text x="144" y="2532">message_2</text>
                <text x="16" y="2548">M14</text>
                <text x="96" y="2564">ID_CRED_R</text>
                <text x="180" y="2564">identifies</text>
                <text x="108" y="2580">CRED_R</text>
                <text x="144" y="2580">=</text>
                <text x="204" y="2580">AUTH_CRED_RS</text>
                <text x="268" y="2580">by</text>
                <text x="320" y="2580">reference</text>
                <text x="80" y="2628">EDHOC</text>
                <text x="144" y="2628">message_3</text>
                <text x="196" y="2628">to</text>
                <text x="236" y="2628">/edhoc</text>
                <text x="72" y="2644">(no</text>
                <text x="116" y="2644">access</text>
                <text x="176" y="2644">control</text>
                <text x="220" y="2644">is</text>
                <text x="272" y="2644">enforced)</text>
                <text x="16" y="2660">M15</text>
                <text x="80" y="2676">EAD_3</text>
                <text x="144" y="2676">contains:</text>
                <text x="64" y="2692">-</text>
                <text x="88" y="2692">EAD</text>
                <text x="124" y="2692">item</text>
                <text x="184" y="2692">ACE-OAuth</text>
                <text x="252" y="2692">Access</text>
                <text x="304" y="2692">Token</text>
                <text x="120" y="2708">(access</text>
                <text x="180" y="2708">token)</text>
                <text x="96" y="2740">ID_CRED_I</text>
                <text x="180" y="2740">identifies</text>
                <text x="108" y="2756">CRED_I</text>
                <text x="144" y="2756">=</text>
                <text x="200" y="2756">AUTH_CRED_C</text>
                <text x="260" y="2756">by</text>
                <text x="312" y="2756">reference</text>
                <text x="84" y="2804">Access</text>
                <text x="124" y="2804">to</text>
                <text x="176" y="2804">protected</text>
                <text x="252" y="2804">resource</text>
                <text x="300" y="2804">/r</text>
                <text x="128" y="2820">(OSCORE-protected</text>
                <text x="236" y="2820">message)</text>
                <text x="88" y="2836">(access</text>
                <text x="152" y="2836">control</text>
                <text x="196" y="2836">is</text>
                <text x="248" y="2836">enforced)</text>
                <text x="16" y="2852">M16</text>
                <text x="92" y="2900">Response</text>
                <text x="128" y="2916">(OSCORE-protected</text>
                <text x="236" y="2916">message)</text>
                <text x="16" y="2932">M17</text>
                <text x="376" y="2948">|</text>
              </g>
            </svg>
          </artwork>
          <artwork type="ascii-art"><![CDATA[
    C                                        AS                      RS
    |                                         |                       |
    |  EDHOC message_1 to /.well-known/edhoc  |                       |
M01 +---------------------------------------->|                       |
    |                                         |                       |
    |                                         |                       |
    |  EDHOC message_2                        |                       |
M02 |<----------------------------------------+                       |
    |  ID_CRED_R identifies                   |                       |
    |     CRED_R = AUTH_CRED_AS by reference  |                       |
    |                                         |                       |
    |                                         |                       |
    |  EDHOC message_3 to /.well-known/edhoc  |                       |
M03 +---------------------------------------->|                       |
    |  ID_CRED_I identifies                   |                       |
    |     CRED_I = AUTH_CRED_C by reference   |                       |
    |                                         |                       |
    |                                         |                       |
    |  Access token request to /token         |                       |
    |  (OSCORE-protected message)             |                       |
M04 +---------------------------------------->|                       |
    |  "req_cnf" identifies                   |                       |
    |     AUTH_CRED_C by reference            |                       |
    |                                         |                       |
    |                                         |                       |
    |  Access token response                  |                       |
    |  (OSCORE-protected message)             |                       |
M05 |<----------------------------------------+                       |
    |  "rs_cnf" specifies                     |                       |
    |     AUTH_CRED_RS by value               |                       |
    |                                         |                       |
    |  "ace_profile" specifies the            |                       |
    |  ACE profile "coap_edhoc_oscore"        |                       |
    |                                         |                       |
    |  "edhoc_info" specifies:                |                       |
    |     {                                   |                       |
    |       e'session_id' : h'01',            |                       |
    |       e'cipher_suites' : 2,             |                       |
    |       e'methods' : 3,                   |                       |
    |       e'uri_path' : "/edhoc"            |                       |
    |     }                                   |                       |
    |                                         |                       |
    |  In the access token:                   |                       |
    |  - the "cnf" claim specifies            |                       |
    |    AUTH_CRED_C by value                 |                       |
    |  - the "edhoc_info" claim               |                       |
    |    specifies the same as                |                       |
    |    "edhoc_info" above                   |                       |
    |                                         |                       |

     Possibly after chain verification, C adds AUTH_CRED_RS
     to the set of its trusted peer authentication credentials,
     relying on AS as trusted provider.

    |                                         |                       |
    |                                         |                       |
    |  EDHOC message_1 to /edhoc              |                       |
    |  (no access control is enforced)        |                       |
M06 +---------------------------------------------------------------->|
    |                                         |                       |
    |                                         |                       |
    |  EDHOC message_2                        |                       |
M07 |<----------------------------------------------------------------+
    |  ID_CRED_R identifies                   |                       |
    |     CRED_R = AUTH_CRED_RS by reference  |                       |
    |                                         |                       |
    |                                         |                       |
    |  EDHOC message_3 to /edhoc              |                       |
    |  (no access control is enforced)        |                       |
M08 +---------------------------------------------------------------->|
    |  EAD_3 contains:                        |                       |
    |  - EAD item ACE-OAuth Access Token      |                       |
    |      (access token)                     |                       |
    |                                         |                       |
    |  ID_CRED_I identifies                   |                       |
    |     CRED_I = AUTH_CRED_C by reference   |                       |
    |                                         |                       |

     Possibly after chain verification, RS adds AUTH_CRED_C
     to the set of its trusted peer authentication credentials,
     relying on AS as trusted provider.

    |                                         |                       |
    |                                         |                       |
    |  Access to protected resource           |                       |
    |  (OSCORE-protected message)             |                       |
    |  (access control is enforced)           |                       |
M09 +---------------------------------------------------------------->|
    |                                         |                       |
    |  Response                               |                       |
    |  (OSCORE-protected message)             |                       |
M10 |<----------------------------------------------------------------+
    |                                         |                       |

     Later on, the access token expires ...

      - C and RS delete their OSCORE Security Context and purge the
        EDHOC session used to derive it.
      - RS retains AUTH_CRED_C as still valid, and AS knows about it.
      - C retains AUTH_CRED_RS as still valid, and AS knows about it.

    |                                         |                       |
    |                                         |                       |

     Time passes ...

    |                                         |                       |
    |                                         |                       |

     C asks for a new access token; now all the authentication
     credentials can be identified by reference.

     The cost falls on AS, which must remember that at least
     one access token has been issued for the pair (C, RS)
     and considering the pair (AUTH_CRED_C, AUTH_CRED_RS).

    |                                         |                       |
    |                                         |                       |
    |  Access token request to /token         |                       |
    |  (OSCORE-protected message)             |                       |
M11 +---------------------------------------->|                       |
    |  "req_cnf" identifies                   |                       |
    |     CRED_I = AUTH_CRED_C by reference   |                       |
    |                                         |                       |
    |                                         |                       |
    |  Access token response                  |                       |
    |  (OSCORE-protected message)             |                       |
M12 |<----------------------------------------+                       |
    |  "rs_cnf" identifies                    |                       |
    |     AUTH_CRED_RS by reference           |                       |
    |                                         |                       |
    |  "ace_profile" specifies the            |                       |
    |  ACE profile "coap_edhoc_oscore"        |                       |
    |                                         |                       |
    |  "edhoc_info" specifies:                |                       |
    |     {                                   |                       |
    |       e'session_id' : h'05',            |                       |
    |       e'cipher_suites' : 2,             |                       |
    |       e'methods' : 3,                   |                       |
    |       e'uri_path' : "/edhoc"            |                       |
    |     }                                   |                       |
    |                                         |                       |
    |  In the access token:                   |                       |
    |  - the "cnf" claim identifies           |                       |
    |    AUTH_CRED_C by reference             |                       |
    |  - the "edhoc_info" claim               |                       |
    |    specifies the same as                |                       |
    |    "edhoc_info" above                   |                       |
    |                                         |                       |
    |                                         |                       |
    |                                         |                       |
    |  EDHOC message_1 to /edhoc              |                       |
    |  (no access control is enforced)        |                       |
M13 +---------------------------------------------------------------->|
    |                                         |                       |
    |                                         |                       |
    |  EDHOC message_2                        |                       |
M14 |<----------------------------------------------------------------+
    |  ID_CRED_R identifies                   |                       |
    |     CRED_R = AUTH_CRED_RS by reference  |                       |
    |                                         |                       |
    |                                         |                       |
    |  EDHOC message_3 to /edhoc              |                       |
    |  (no access control is enforced)        |                       |
M15 +---------------------------------------------------------------->|
    |  EAD_3 contains:                        |                       |
    |  - EAD item ACE-OAuth Access Token      |                       |
    |      (access token)                     |                       |
    |                                         |                       |
    |  ID_CRED_I identifies                   |                       |
    |     CRED_I = AUTH_CRED_C by reference   |                       |
    |                                         |                       |
    |                                         |                       |
    |  Access to protected resource /r        |                       |
    |  (OSCORE-protected message)             |                       |
    |  (access control is enforced)           |                       |
M16 +---------------------------------------------------------------->|
    |                                         |                       |
    |                                         |                       |
    |  Response                               |                       |
    |  (OSCORE-protected message)             |                       |
M17 |<----------------------------------------------------------------+
    |                                         |                       |
]]></artwork>
        </artset>
      </section>
      <section anchor="example-with-optimization">
        <name>Workflow with Optimizations</name>
        <t>The example below builds on the example in <xref target="example-without-optimization"/>, additionally using the EDHOC + OSCORE request defined in <xref target="RFC9668"/> when running EDHOC both with AS and with RS.</t>
        <t>Consequently, the interaction between C and RS consists of only two round trips to run EDHOC, upload the access token, and access the protected resource at RS.</t>
        <artset>
          <artwork type="svg"><svg xmlns="http://www.w3.org/2000/svg" version="1.1" height="1568" width="576" viewBox="0 0 576 1568" class="diagram" text-anchor="middle" font-family="monospace" font-size="13px" stroke-linecap="round">
              <path d="M 40,48 L 40,800" fill="none" stroke="black"/>
              <path d="M 40,896 L 40,1312" fill="none" stroke="black"/>
              <path d="M 40,1472 L 40,1552" fill="none" stroke="black"/>
              <path d="M 392,48 L 392,800" fill="none" stroke="black"/>
              <path d="M 392,896 L 392,936" fill="none" stroke="black"/>
              <path d="M 392,952 L 392,1016" fill="none" stroke="black"/>
              <path d="M 392,1032 L 392,1128" fill="none" stroke="black"/>
              <path d="M 392,1144 L 392,1312" fill="none" stroke="black"/>
              <path d="M 392,1472 L 392,1528" fill="none" stroke="black"/>
              <path d="M 568,48 L 568,800" fill="none" stroke="black"/>
              <path d="M 568,896 L 568,1312" fill="none" stroke="black"/>
              <path d="M 568,1472 L 568,1552" fill="none" stroke="black"/>
              <path d="M 40,80 L 384,80" fill="none" stroke="black"/>
              <path d="M 48,144 L 392,144" fill="none" stroke="black"/>
              <path d="M 40,256 L 384,256" fill="none" stroke="black"/>
              <path d="M 64,320 L 80,320" fill="none" stroke="black"/>
              <path d="M 96,320 L 112,320" fill="none" stroke="black"/>
              <path d="M 128,320 L 144,320" fill="none" stroke="black"/>
              <path d="M 48,464 L 392,464" fill="none" stroke="black"/>
              <path d="M 40,944 L 560,944" fill="none" stroke="black"/>
              <path d="M 48,1024 L 568,1024" fill="none" stroke="black"/>
              <path d="M 40,1136 L 560,1136" fill="none" stroke="black"/>
              <path d="M 64,1264 L 80,1264" fill="none" stroke="black"/>
              <path d="M 96,1264 L 112,1264" fill="none" stroke="black"/>
              <path d="M 128,1264 L 144,1264" fill="none" stroke="black"/>
              <path d="M 48,1536 L 568,1536" fill="none" stroke="black"/>
              <polygon class="arrowhead" points="568,1136 556,1130.4 556,1141.6" fill="black" transform="rotate(0,560,1136)"/>
              <polygon class="arrowhead" points="568,944 556,938.4 556,949.6" fill="black" transform="rotate(0,560,944)"/>
              <polygon class="arrowhead" points="392,256 380,250.4 380,261.6" fill="black" transform="rotate(0,384,256)"/>
              <polygon class="arrowhead" points="392,80 380,74.4 380,85.6" fill="black" transform="rotate(0,384,80)"/>
              <polygon class="arrowhead" points="56,1536 44,1530.4 44,1541.6" fill="black" transform="rotate(180,48,1536)"/>
              <polygon class="arrowhead" points="56,1024 44,1018.4 44,1029.6" fill="black" transform="rotate(180,48,1024)"/>
              <polygon class="arrowhead" points="56,464 44,458.4 44,469.6" fill="black" transform="rotate(180,48,464)"/>
              <polygon class="arrowhead" points="56,144 44,138.4 44,149.6" fill="black" transform="rotate(180,48,144)"/>
              <g class="text">
                <text x="40" y="36">C</text>
                <text x="388" y="36">AS</text>
                <text x="564" y="36">RS</text>
                <text x="80" y="68">EDHOC</text>
                <text x="144" y="68">message_1</text>
                <text x="196" y="68">to</text>
                <text x="284" y="68">/.well-known/edhoc</text>
                <text x="16" y="84">M01</text>
                <text x="80" y="132">EDHOC</text>
                <text x="144" y="132">message_2</text>
                <text x="16" y="148">M02</text>
                <text x="96" y="164">ID_CRED_R</text>
                <text x="180" y="164">identifies</text>
                <text x="108" y="180">CRED_R</text>
                <text x="144" y="180">=</text>
                <text x="204" y="180">AUTH_CRED_AS</text>
                <text x="268" y="180">by</text>
                <text x="320" y="180">reference</text>
                <text x="80" y="228">EDHOC</text>
                <text x="112" y="228">+</text>
                <text x="148" y="228">OSCORE</text>
                <text x="208" y="228">request</text>
                <text x="252" y="228">to</text>
                <text x="292" y="228">/token</text>
                <text x="128" y="244">(OSCORE-protected</text>
                <text x="236" y="244">message)</text>
                <text x="16" y="260">M03</text>
                <text x="64" y="276">-</text>
                <text x="96" y="276">EDHOC</text>
                <text x="160" y="276">message_3</text>
                <text x="128" y="292">ID_CRED_I</text>
                <text x="212" y="292">identifies</text>
                <text x="140" y="308">CRED_I</text>
                <text x="176" y="308">=</text>
                <text x="232" y="308">AUTH_CRED_C</text>
                <text x="292" y="308">by</text>
                <text x="344" y="308">reference</text>
                <text x="64" y="340">-</text>
                <text x="140" y="340">OSCORE-protected</text>
                <text x="228" y="340">part</text>
                <text x="116" y="356">Access</text>
                <text x="168" y="356">token</text>
                <text x="224" y="356">request</text>
                <text x="152" y="372">"req_cnf"</text>
                <text x="236" y="372">identifies</text>
                <text x="184" y="388">AUTH_CRED_C</text>
                <text x="244" y="388">by</text>
                <text x="296" y="388">reference</text>
                <text x="84" y="436">Access</text>
                <text x="136" y="436">token</text>
                <text x="196" y="436">response</text>
                <text x="128" y="452">(OSCORE-protected</text>
                <text x="236" y="452">message)</text>
                <text x="16" y="468">M04</text>
                <text x="92" y="484">"rs_cnf"</text>
                <text x="168" y="484">specifies</text>
                <text x="132" y="500">AUTH_CRED_RS</text>
                <text x="196" y="500">by</text>
                <text x="232" y="500">value</text>
                <text x="112" y="532">"ace_profile"</text>
                <text x="208" y="532">specifies</text>
                <text x="264" y="532">the</text>
                <text x="72" y="548">ACE</text>
                <text x="120" y="548">profile</text>
                <text x="232" y="548">"coap_edhoc_oscore"</text>
                <text x="108" y="580">"edhoc_info"</text>
                <text x="204" y="580">specifies:</text>
                <text x="88" y="596">{</text>
                <text x="152" y="612">e'session_id'</text>
                <text x="216" y="612">:</text>
                <text x="252" y="612">h'01',</text>
                <text x="164" y="628">e'cipher_suites'</text>
                <text x="240" y="628">:</text>
                <text x="260" y="628">2,</text>
                <text x="140" y="644">e'methods'</text>
                <text x="192" y="644">:</text>
                <text x="212" y="644">3,</text>
                <text x="144" y="660">e'uri_path'</text>
                <text x="200" y="660">:</text>
                <text x="244" y="660">"/edhoc"</text>
                <text x="88" y="676">}</text>
                <text x="68" y="708">In</text>
                <text x="96" y="708">the</text>
                <text x="140" y="708">access</text>
                <text x="196" y="708">token:</text>
                <text x="64" y="724">-</text>
                <text x="88" y="724">the</text>
                <text x="128" y="724">"cnf"</text>
                <text x="176" y="724">claim</text>
                <text x="240" y="724">specifies</text>
                <text x="120" y="740">AUTH_CRED_C</text>
                <text x="180" y="740">by</text>
                <text x="216" y="740">value</text>
                <text x="64" y="756">-</text>
                <text x="88" y="756">the</text>
                <text x="156" y="756">"edhoc_info"</text>
                <text x="232" y="756">claim</text>
                <text x="112" y="772">specifies</text>
                <text x="168" y="772">the</text>
                <text x="204" y="772">same</text>
                <text x="236" y="772">as</text>
                <text x="124" y="788">"edhoc_info"</text>
                <text x="200" y="788">above</text>
                <text x="76" y="836">Possibly</text>
                <text x="136" y="836">after</text>
                <text x="184" y="836">chain</text>
                <text x="264" y="836">verification,</text>
                <text x="328" y="836">C</text>
                <text x="356" y="836">adds</text>
                <text x="428" y="836">AUTH_CRED_RS</text>
                <text x="52" y="852">to</text>
                <text x="80" y="852">the</text>
                <text x="112" y="852">set</text>
                <text x="140" y="852">of</text>
                <text x="168" y="852">its</text>
                <text x="216" y="852">trusted</text>
                <text x="268" y="852">peer</text>
                <text x="348" y="852">authentication</text>
                <text x="460" y="852">credentials,</text>
                <text x="72" y="868">relying</text>
                <text x="116" y="868">on</text>
                <text x="140" y="868">AS</text>
                <text x="164" y="868">as</text>
                <text x="208" y="868">trusted</text>
                <text x="280" y="868">provider.</text>
                <text x="80" y="916">EDHOC</text>
                <text x="144" y="916">message_1</text>
                <text x="196" y="916">to</text>
                <text x="236" y="916">/edhoc</text>
                <text x="72" y="932">(no</text>
                <text x="116" y="932">access</text>
                <text x="176" y="932">control</text>
                <text x="220" y="932">is</text>
                <text x="272" y="932">enforced)</text>
                <text x="16" y="948">M05</text>
                <text x="80" y="1012">EDHOC</text>
                <text x="144" y="1012">message_2</text>
                <text x="16" y="1028">M06</text>
                <text x="96" y="1044">ID_CRED_R</text>
                <text x="180" y="1044">identifies</text>
                <text x="108" y="1060">CRED_R</text>
                <text x="144" y="1060">=</text>
                <text x="204" y="1060">AUTH_CRED_RS</text>
                <text x="268" y="1060">by</text>
                <text x="320" y="1060">reference</text>
                <text x="80" y="1108">EDHOC</text>
                <text x="112" y="1108">+</text>
                <text x="148" y="1108">OSCORE</text>
                <text x="208" y="1108">request</text>
                <text x="252" y="1108">to</text>
                <text x="276" y="1108">/r</text>
                <text x="128" y="1124">(OSCORE-protected</text>
                <text x="236" y="1124">message)</text>
                <text x="16" y="1140">M07</text>
                <text x="64" y="1156">-</text>
                <text x="96" y="1156">EDHOC</text>
                <text x="160" y="1156">message_3</text>
                <text x="112" y="1172">EAD_3</text>
                <text x="176" y="1172">contains:</text>
                <text x="96" y="1188">-</text>
                <text x="120" y="1188">EAD</text>
                <text x="156" y="1188">item</text>
                <text x="216" y="1188">ACE-OAuth</text>
                <text x="284" y="1188">Access</text>
                <text x="336" y="1188">Token</text>
                <text x="152" y="1204">(access</text>
                <text x="212" y="1204">token)</text>
                <text x="128" y="1236">ID_CRED_I</text>
                <text x="212" y="1236">identifies</text>
                <text x="140" y="1252">CRED_I</text>
                <text x="176" y="1252">=</text>
                <text x="232" y="1252">AUTH_CRED_C</text>
                <text x="292" y="1252">by</text>
                <text x="344" y="1252">reference</text>
                <text x="64" y="1284">-</text>
                <text x="140" y="1284">OSCORE-protected</text>
                <text x="228" y="1284">part</text>
                <text x="136" y="1300">Application</text>
                <text x="216" y="1300">request</text>
                <text x="260" y="1300">to</text>
                <text x="284" y="1300">/r</text>
                <text x="76" y="1348">Possibly</text>
                <text x="136" y="1348">after</text>
                <text x="184" y="1348">chain</text>
                <text x="264" y="1348">verification,</text>
                <text x="332" y="1348">RS</text>
                <text x="364" y="1348">adds</text>
                <text x="432" y="1348">AUTH_CRED_C</text>
                <text x="52" y="1364">to</text>
                <text x="80" y="1364">the</text>
                <text x="112" y="1364">set</text>
                <text x="140" y="1364">of</text>
                <text x="168" y="1364">its</text>
                <text x="216" y="1364">trusted</text>
                <text x="268" y="1364">peer</text>
                <text x="348" y="1364">authentication</text>
                <text x="460" y="1364">credentials,</text>
                <text x="72" y="1380">relying</text>
                <text x="116" y="1380">on</text>
                <text x="140" y="1380">AS</text>
                <text x="164" y="1380">as</text>
                <text x="208" y="1380">trusted</text>
                <text x="276" y="1380">provider</text>
                <text x="64" y="1412">After</text>
                <text x="104" y="1412">the</text>
                <text x="144" y="1412">EDHOC</text>
                <text x="212" y="1412">processing</text>
                <text x="268" y="1412">is</text>
                <text x="324" y="1412">completed,</text>
                <text x="396" y="1412">access</text>
                <text x="456" y="1412">control</text>
                <text x="52" y="1428">is</text>
                <text x="100" y="1428">enforced</text>
                <text x="148" y="1428">on</text>
                <text x="176" y="1428">the</text>
                <text x="224" y="1428">rebuilt</text>
                <text x="324" y="1428">OSCORE-protected</text>
                <text x="428" y="1428">request,</text>
                <text x="60" y="1444">like</text>
                <text x="92" y="1444">if</text>
                <text x="120" y="1444">the</text>
                <text x="168" y="1444">request</text>
                <text x="216" y="1444">had</text>
                <text x="252" y="1444">been</text>
                <text x="292" y="1444">sent</text>
                <text x="360" y="1444">stand-alone</text>
                <text x="92" y="1508">Response</text>
                <text x="128" y="1524">(OSCORE-protected</text>
                <text x="236" y="1524">message)</text>
                <text x="16" y="1540">M08</text>
                <text x="392" y="1556">|</text>
              </g>
            </svg>
          </artwork>
          <artwork type="ascii-art"><![CDATA[
    C                                          AS                    RS
    |                                           |                     |
    |  EDHOC message_1 to /.well-known/edhoc    |                     |
M01 +------------------------------------------>|                     |
    |                                           |                     |
    |                                           |                     |
    |  EDHOC message_2                          |                     |
M02 |<------------------------------------------+                     |
    |  ID_CRED_R identifies                     |                     |
    |     CRED_R = AUTH_CRED_AS by reference    |                     |
    |                                           |                     |
    |                                           |                     |
    |  EDHOC + OSCORE request to /token         |                     |
    |  (OSCORE-protected message)               |                     |
M03 +------------------------------------------>|                     |
    |  - EDHOC message_3                        |                     |
    |      ID_CRED_I identifies                 |                     |
    |         CRED_I = AUTH_CRED_C by reference |                     |
    |  --- --- ---                              |                     |
    |  - OSCORE-protected part                  |                     |
    |      Access token request                 |                     |
    |         "req_cnf" identifies              |                     |
    |            AUTH_CRED_C by reference       |                     |
    |                                           |                     |
    |                                           |                     |
    |  Access token response                    |                     |
    |  (OSCORE-protected message)               |                     |
M04 |<------------------------------------------+                     |
    |  "rs_cnf" specifies                       |                     |
    |     AUTH_CRED_RS by value                 |                     |
    |                                           |                     |
    |  "ace_profile" specifies the              |                     |
    |  ACE profile "coap_edhoc_oscore"          |                     |
    |                                           |                     |
    |  "edhoc_info" specifies:                  |                     |
    |     {                                     |                     |
    |       e'session_id' : h'01',              |                     |
    |       e'cipher_suites' : 2,               |                     |
    |       e'methods' : 3,                     |                     |
    |       e'uri_path' : "/edhoc"              |                     |
    |     }                                     |                     |
    |                                           |                     |
    |  In the access token:                     |                     |
    |  - the "cnf" claim specifies              |                     |
    |    AUTH_CRED_C by value                   |                     |
    |  - the "edhoc_info" claim                 |                     |
    |    specifies the same as                  |                     |
    |    "edhoc_info" above                     |                     |
    |                                           |                     |

     Possibly after chain verification, C adds AUTH_CRED_RS
     to the set of its trusted peer authentication credentials,
     relying on AS as trusted provider.

    |                                           |                     |
    |  EDHOC message_1 to /edhoc                |                     |
    |  (no access control is enforced)          |                     |
M05 +---------------------------------------------------------------->|
    |                                           |                     |
    |                                           |                     |
    |                                           |                     |
    |  EDHOC message_2                          |                     |
M06 |<----------------------------------------------------------------+
    |  ID_CRED_R identifies                     |                     |
    |     CRED_R = AUTH_CRED_RS by reference    |                     |
    |                                           |                     |
    |                                           |                     |
    |  EDHOC + OSCORE request to /r             |                     |
    |  (OSCORE-protected message)               |                     |
M07 +---------------------------------------------------------------->|
    |  - EDHOC message_3                        |                     |
    |      EAD_3 contains:                      |                     |
    |      - EAD item ACE-OAuth Access Token    |                     |
    |          (access token)                   |                     |
    |                                           |                     |
    |      ID_CRED_I identifies                 |                     |
    |         CRED_I = AUTH_CRED_C by reference |                     |
    |  --- --- ---                              |                     |
    |  - OSCORE-protected part                  |                     |
    |      Application request to /r            |                     |
    |                                           |                     |

     Possibly after chain verification, RS adds AUTH_CRED_C
     to the set of its trusted peer authentication credentials,
     relying on AS as trusted provider

     After the EDHOC processing is completed, access control
     is enforced on the rebuilt OSCORE-protected request,
     like if the request had been sent stand-alone

    |                                           |                     |
    |                                           |                     |
    |  Response                                 |                     |
    |  (OSCORE-protected message)               |                     |
M08 |<----------------------------------------------------------------+
    |                                           |                     |
]]></artwork>
        </artset>
      </section>
      <section anchor="example-non-sequential-workflow">
        <name>Non-sequential Workflow</name>
        <t>When this profile is used, C might not be able to determine in advance the appropriate AS to contact. In such cases, C may initiate EDHOC with RS prior to obtaining an access token and rely on RS to provide this information.</t>
        <t>As detailed in this section, one approach is for RS to convey this information within an EAD item included in EDHOC message_2. The content of the EAD item is the information conveyed in an AS Request Creation Hints response, thereby helping C identify the correct AS, and possibly other relevant parameters needed to request an access token from AS.</t>
        <t>The following describes an example scenario where this functionality is used in the EDHOC forward message flow, in particular taking advantage of the EAD items Request Creation Hints (see <xref target="as-creation-hints"/>) and Credential By Value (see <xref target="auth-cred-by-value"/>).</t>
        <ol spacing="normal" type="1"><li>
            <t>Without having an access token, C sends EDHOC message_1 to RS, including in EAD_1:  </t>
            <ul spacing="normal">
              <li>
                <t>The EAD item Request Creation Hints, with no ead_value. By doing so, C asks RS to include the same EAD item in EAD_2, specifying as ead_value the information that would be included in an AS Request Creation Hints response.</t>
              </li>
              <li>
                <t>The EAD item Credential By Value. By doing so, C asks RS to specify its authentication credential AUTH_CRED_RS by value in ID_CRED_R of EDHOC message_2.</t>
              </li>
            </ul>
          </li>
          <li>
            <t>RS replies with EDHOC message_2, specifying its authentication credential AUTH_CRED_RS by value in ID_CRED_R.  </t>
            <t>
In the same EDHOC message_2, the EAD_2 field includes the EAD item Request Creation Hints, whose CBOR byte string specified as ead_value encodes the information that would have been included in an AS Request Creation Hints response to an unauthorized request sent to RS. In particular, this information includes the URI to the /token endpoint at AS.  </t>
            <t>
Note that C has not made an actual request with a specific request method and targeting a specific application resource. That is, RS does not know yet what resources C is actually interested in accessing later on.</t>
          </li>
          <li>
            <t>C requests an access token for the right audience and scope from the right AS, based on pre-configured parameters on C and on the information from the EAD item Request Creation Hints within EDHOC message_2, like if C had received an AS Request Creation Hints response from RS.  </t>
            <t>
C should already know the right audience and scope to specify in the access token request to AS, since that information is not provided by RS in the EAD item Request Creation Hints within EDHOC message_2 (see <xref target="as-creation-hints"/>). There may also be default audience and scope set at AS to use, if none is specified by C in its access token request.</t>
          </li>
          <li>
            <t>C sends EDHOC message_3 to RS, specifying the access token by means of the EAD item ACE-OAuth Access Token.</t>
          </li>
          <li>
            <t>If a protected request from C for accessing a resource at RS is not authorized per the issued access token, then RS replies with a protected error response. Within that error response, RS can provide C with information that would have been specified in an AS Request Creation Hints response. This time, that information also includes "audience" and "scope". After this, C can request from AS a new access token that dynamically updates access rights accordingly (see <xref target="c-as"/>).  </t>
            <t>
Note that this applies also if C uses the EDHOC + OSCORE combined request <xref target="RFC9668"/>, hence combining EDHOC message_3 with the first OSCORE-protected request to access a protected resource at RS (see <xref target="example-with-optimization"/>).</t>
          </li>
        </ol>
        <t>Instead, if the EDHOC reverse message flow is used, then the following differences apply compared to what is described above:</t>
        <ul spacing="normal">
          <li>
            <t>C includes the EAD items Request Creation Hints and Credential By Value in EDHOC message_2. By doing so, C asks RS to provide the AS Request Creation Hints information and to specify its authentication credential AUTH_CRED_RS by value in ID_CRED_I when sending EDHOC message_3.</t>
          </li>
          <li>
            <t>RS includes the EAD item Request Creation Hints in EDHOC message_3, specifying as ead_value the AS Request Creation Hints information.</t>
          </li>
          <li>
            <t>After receiving EDHOC message_3, C requests the access token from AS, based on the information from the EAD item Request Creation Hints within EDHOC message_3.</t>
          </li>
          <li>
            <t>Finally, C sends EDHOC message_4 to RS, specifying the access token by means of the EAD item ACE-OAuth Access Token.</t>
          </li>
        </ul>
        <t>The interactions between AS, RS, and C are shown in the following example, where the EDHOC forward message flow is used.</t>
        <artset>
          <artwork type="svg"><svg xmlns="http://www.w3.org/2000/svg" version="1.1" height="1648" width="576" viewBox="0 0 576 1648" class="diagram" text-anchor="middle" font-family="monospace" font-size="13px" stroke-linecap="round">
              <path d="M 40,48 L 40,1104" fill="none" stroke="black"/>
              <path d="M 40,1248 L 40,1568" fill="none" stroke="black"/>
              <path d="M 376,48 L 376,88" fill="none" stroke="black"/>
              <path d="M 376,104 L 376,232" fill="none" stroke="black"/>
              <path d="M 376,248 L 376,1104" fill="none" stroke="black"/>
              <path d="M 376,1248 L 376,1288" fill="none" stroke="black"/>
              <path d="M 376,1304 L 376,1480" fill="none" stroke="black"/>
              <path d="M 376,1496 L 376,1544" fill="none" stroke="black"/>
              <path d="M 568,48 L 568,1104" fill="none" stroke="black"/>
              <path d="M 568,1248 L 568,1568" fill="none" stroke="black"/>
              <path d="M 40,96 L 560,96" fill="none" stroke="black"/>
              <path d="M 48,240 L 568,240" fill="none" stroke="black"/>
              <path d="M 40,400 L 368,400" fill="none" stroke="black"/>
              <path d="M 48,464 L 376,464" fill="none" stroke="black"/>
              <path d="M 40,560 L 368,560" fill="none" stroke="black"/>
              <path d="M 40,672 L 368,672" fill="none" stroke="black"/>
              <path d="M 48,784 L 376,784" fill="none" stroke="black"/>
              <path d="M 40,1296 L 560,1296" fill="none" stroke="black"/>
              <path d="M 40,1488 L 560,1488" fill="none" stroke="black"/>
              <path d="M 48,1552 L 568,1552" fill="none" stroke="black"/>
              <polygon class="arrowhead" points="568,1488 556,1482.4 556,1493.6" fill="black" transform="rotate(0,560,1488)"/>
              <polygon class="arrowhead" points="568,1296 556,1290.4 556,1301.6" fill="black" transform="rotate(0,560,1296)"/>
              <polygon class="arrowhead" points="568,96 556,90.4 556,101.6" fill="black" transform="rotate(0,560,96)"/>
              <polygon class="arrowhead" points="376,672 364,666.4 364,677.6" fill="black" transform="rotate(0,368,672)"/>
              <polygon class="arrowhead" points="376,560 364,554.4 364,565.6" fill="black" transform="rotate(0,368,560)"/>
              <polygon class="arrowhead" points="376,400 364,394.4 364,405.6" fill="black" transform="rotate(0,368,400)"/>
              <polygon class="arrowhead" points="56,1552 44,1546.4 44,1557.6" fill="black" transform="rotate(180,48,1552)"/>
              <polygon class="arrowhead" points="56,784 44,778.4 44,789.6" fill="black" transform="rotate(180,48,784)"/>
              <polygon class="arrowhead" points="56,464 44,458.4 44,469.6" fill="black" transform="rotate(180,48,464)"/>
              <polygon class="arrowhead" points="56,240 44,234.4 44,245.6" fill="black" transform="rotate(180,48,240)"/>
              <g class="text">
                <text x="40" y="36">C</text>
                <text x="372" y="36">AS</text>
                <text x="564" y="36">RS</text>
                <text x="80" y="68">EDHOC</text>
                <text x="144" y="68">message_1</text>
                <text x="196" y="68">to</text>
                <text x="284" y="68">/.well-known/edhoc</text>
                <text x="72" y="84">(no</text>
                <text x="116" y="84">access</text>
                <text x="176" y="84">control</text>
                <text x="220" y="84">is</text>
                <text x="272" y="84">enforced)</text>
                <text x="16" y="100">M01</text>
                <text x="80" y="116">EAD_1</text>
                <text x="144" y="116">contains:</text>
                <text x="64" y="132">-</text>
                <text x="88" y="132">EAD</text>
                <text x="124" y="132">item</text>
                <text x="176" y="132">Request</text>
                <text x="244" y="132">Creation</text>
                <text x="304" y="132">Hints</text>
                <text x="104" y="148">(no</text>
                <text x="164" y="148">ead_value)</text>
                <text x="64" y="164">-</text>
                <text x="88" y="164">EAD</text>
                <text x="124" y="164">item</text>
                <text x="188" y="164">Credential</text>
                <text x="244" y="164">By</text>
                <text x="280" y="164">Value</text>
                <text x="104" y="180">(no</text>
                <text x="164" y="180">ead_value)</text>
                <text x="80" y="228">EDHOC</text>
                <text x="144" y="228">message_2</text>
                <text x="16" y="244">M02</text>
                <text x="80" y="260">EAD_2</text>
                <text x="144" y="260">contains:</text>
                <text x="64" y="276">-</text>
                <text x="88" y="276">EAD</text>
                <text x="124" y="276">item</text>
                <text x="176" y="276">Request</text>
                <text x="244" y="276">Creation</text>
                <text x="304" y="276">Hints</text>
                <text x="104" y="292">(AS</text>
                <text x="152" y="292">Request</text>
                <text x="220" y="292">Creation</text>
                <text x="284" y="292">Hints)</text>
                <text x="96" y="324">ID_CRED_R</text>
                <text x="180" y="324">identifies</text>
                <text x="108" y="340">CRED_R</text>
                <text x="144" y="340">=</text>
                <text x="204" y="340">AUTH_CRED_RS</text>
                <text x="268" y="340">by</text>
                <text x="304" y="340">value</text>
                <text x="80" y="388">EDHOC</text>
                <text x="144" y="388">message_1</text>
                <text x="196" y="388">to</text>
                <text x="284" y="388">/.well-known/edhoc</text>
                <text x="16" y="404">M03</text>
                <text x="80" y="452">EDHOC</text>
                <text x="144" y="452">message_2</text>
                <text x="16" y="468">M04</text>
                <text x="96" y="484">ID_CRED_R</text>
                <text x="180" y="484">identifies</text>
                <text x="108" y="500">CRED_R</text>
                <text x="144" y="500">=</text>
                <text x="204" y="500">AUTH_CRED_AS</text>
                <text x="268" y="500">by</text>
                <text x="320" y="500">reference</text>
                <text x="80" y="548">EDHOC</text>
                <text x="144" y="548">message_3</text>
                <text x="196" y="548">to</text>
                <text x="284" y="548">/.well-known/edhoc</text>
                <text x="16" y="564">M05</text>
                <text x="96" y="580">ID_CRED_I</text>
                <text x="180" y="580">identifies</text>
                <text x="108" y="596">CRED_I</text>
                <text x="144" y="596">=</text>
                <text x="200" y="596">AUTH_CRED_C</text>
                <text x="260" y="596">by</text>
                <text x="312" y="596">reference</text>
                <text x="84" y="644">Access</text>
                <text x="136" y="644">token</text>
                <text x="192" y="644">request</text>
                <text x="236" y="644">to</text>
                <text x="276" y="644">/token</text>
                <text x="128" y="660">(OSCORE-protected</text>
                <text x="236" y="660">message)</text>
                <text x="16" y="676">M06</text>
                <text x="96" y="692">"req_cnf"</text>
                <text x="180" y="692">identifies</text>
                <text x="128" y="708">AUTH_CRED_C</text>
                <text x="188" y="708">by</text>
                <text x="240" y="708">reference</text>
                <text x="84" y="756">Access</text>
                <text x="136" y="756">token</text>
                <text x="196" y="756">response</text>
                <text x="128" y="772">(OSCORE-protected</text>
                <text x="236" y="772">message)</text>
                <text x="16" y="788">M07</text>
                <text x="92" y="804">"rs_cnf"</text>
                <text x="168" y="804">specifies</text>
                <text x="132" y="820">AUTH_CRED_RS</text>
                <text x="196" y="820">by</text>
                <text x="232" y="820">value</text>
                <text x="112" y="852">"ace_profile"</text>
                <text x="208" y="852">specifies</text>
                <text x="264" y="852">the</text>
                <text x="72" y="868">ACE</text>
                <text x="120" y="868">profile</text>
                <text x="232" y="868">"coap_edhoc_oscore"</text>
                <text x="108" y="900">"edhoc_info"</text>
                <text x="204" y="900">specifies:</text>
                <text x="88" y="916">{</text>
                <text x="152" y="932">e'session_id'</text>
                <text x="216" y="932">:</text>
                <text x="252" y="932">h'01',</text>
                <text x="164" y="948">e'cipher_suites'</text>
                <text x="240" y="948">:</text>
                <text x="260" y="948">2,</text>
                <text x="140" y="964">e'methods'</text>
                <text x="192" y="964">:</text>
                <text x="212" y="964">3,</text>
                <text x="88" y="980">}</text>
                <text x="68" y="1012">In</text>
                <text x="96" y="1012">the</text>
                <text x="140" y="1012">access</text>
                <text x="196" y="1012">token:</text>
                <text x="64" y="1028">-</text>
                <text x="88" y="1028">the</text>
                <text x="128" y="1028">"cnf"</text>
                <text x="176" y="1028">claim</text>
                <text x="240" y="1028">specifies</text>
                <text x="120" y="1044">AUTH_CRED_C</text>
                <text x="180" y="1044">by</text>
                <text x="216" y="1044">value</text>
                <text x="64" y="1060">-</text>
                <text x="88" y="1060">the</text>
                <text x="156" y="1060">"edhoc_info"</text>
                <text x="232" y="1060">claim</text>
                <text x="112" y="1076">specifies</text>
                <text x="168" y="1076">the</text>
                <text x="204" y="1076">same</text>
                <text x="236" y="1076">as</text>
                <text x="124" y="1092">"edhoc_info"</text>
                <text x="200" y="1092">above</text>
                <text x="76" y="1140">Possibly</text>
                <text x="136" y="1140">after</text>
                <text x="184" y="1140">chain</text>
                <text x="264" y="1140">verification,</text>
                <text x="328" y="1140">C</text>
                <text x="356" y="1140">adds</text>
                <text x="428" y="1140">AUTH_CRED_RS</text>
                <text x="52" y="1156">to</text>
                <text x="80" y="1156">the</text>
                <text x="112" y="1156">set</text>
                <text x="140" y="1156">of</text>
                <text x="168" y="1156">its</text>
                <text x="216" y="1156">trusted</text>
                <text x="268" y="1156">peer</text>
                <text x="348" y="1156">authentication</text>
                <text x="460" y="1156">credentials,</text>
                <text x="72" y="1172">relying</text>
                <text x="116" y="1172">on</text>
                <text x="140" y="1172">AS</text>
                <text x="164" y="1172">as</text>
                <text x="208" y="1172">trusted</text>
                <text x="280" y="1172">provider.</text>
                <text x="88" y="1204">Regardless,</text>
                <text x="156" y="1204">when</text>
                <text x="220" y="1204">continuing</text>
                <text x="280" y="1204">the</text>
                <text x="320" y="1204">EDHOC</text>
                <text x="380" y="1204">session,</text>
                <text x="424" y="1204">C</text>
                <text x="452" y="1204">uses</text>
                <text x="484" y="1204">as</text>
                <text x="100" y="1220">authentication</text>
                <text x="204" y="1220">credential</text>
                <text x="260" y="1220">of</text>
                <text x="284" y="1220">RS</text>
                <text x="312" y="1220">the</text>
                <text x="344" y="1220">one</text>
                <text x="404" y="1220">identified</text>
                <text x="460" y="1220">by</text>
                <text x="516" y="1220">ID_CRED_R.</text>
                <text x="80" y="1268">EDHOC</text>
                <text x="144" y="1268">message_3</text>
                <text x="196" y="1268">to</text>
                <text x="284" y="1268">/.well-known/edhoc</text>
                <text x="72" y="1284">(no</text>
                <text x="116" y="1284">access</text>
                <text x="176" y="1284">control</text>
                <text x="220" y="1284">is</text>
                <text x="272" y="1284">enforced)</text>
                <text x="16" y="1300">M08</text>
                <text x="80" y="1316">EAD_3</text>
                <text x="144" y="1316">contains:</text>
                <text x="64" y="1332">-</text>
                <text x="88" y="1332">EAD</text>
                <text x="124" y="1332">item</text>
                <text x="184" y="1332">ACE-OAuth</text>
                <text x="252" y="1332">Access</text>
                <text x="304" y="1332">Token</text>
                <text x="120" y="1348">(access</text>
                <text x="180" y="1348">token)</text>
                <text x="96" y="1380">ID_CRED_I</text>
                <text x="180" y="1380">identifies</text>
                <text x="108" y="1396">CRED_I</text>
                <text x="144" y="1396">=</text>
                <text x="200" y="1396">AUTH_CRED_C</text>
                <text x="260" y="1396">by</text>
                <text x="312" y="1396">reference</text>
                <text x="84" y="1444">Access</text>
                <text x="124" y="1444">to</text>
                <text x="176" y="1444">protected</text>
                <text x="252" y="1444">resource</text>
                <text x="128" y="1460">(OSCORE-protected</text>
                <text x="236" y="1460">message)</text>
                <text x="88" y="1476">(access</text>
                <text x="152" y="1476">control</text>
                <text x="196" y="1476">is</text>
                <text x="248" y="1476">enforced)</text>
                <text x="16" y="1492">M09</text>
                <text x="92" y="1524">Response</text>
                <text x="128" y="1540">(OSCORE-protected</text>
                <text x="236" y="1540">message)</text>
                <text x="16" y="1556">M10</text>
                <text x="376" y="1572">|</text>
                <text x="52" y="1604">If</text>
                <text x="96" y="1604">instead</text>
                <text x="156" y="1604">access</text>
                <text x="196" y="1604">is</text>
                <text x="224" y="1604">not</text>
                <text x="288" y="1604">authorized,</text>
                <text x="348" y="1604">RS</text>
                <text x="392" y="1604">replies</text>
                <text x="436" y="1604">to</text>
                <text x="464" y="1604">M09</text>
                <text x="500" y="1604">with</text>
                <text x="528" y="1604">a</text>
                <text x="80" y="1620">protected</text>
                <text x="144" y="1620">error</text>
                <text x="204" y="1620">response</text>
                <text x="280" y="1620">including</text>
                <text x="352" y="1620">updated</text>
                <text x="416" y="1620">Request</text>
                <text x="484" y="1620">Creation</text>
                <text x="548" y="1620">Hints.</text>
                <text x="48" y="1636">C</text>
                <text x="72" y="1636">can</text>
                <text x="108" y="1636">then</text>
                <text x="160" y="1636">request</text>
                <text x="200" y="1636">a</text>
                <text x="224" y="1636">new</text>
                <text x="268" y="1636">access</text>
                <text x="320" y="1636">token</text>
                <text x="364" y="1636">from</text>
                <text x="400" y="1636">AS.</text>
              </g>
            </svg>
          </artwork>
          <artwork type="ascii-art"><![CDATA[
    C                                        AS                      RS
    |                                         |                       |
    |  EDHOC message_1 to /.well-known/edhoc  |                       |
    |  (no access control is enforced)        |                       |
M01 +---------------------------------------------------------------->|
    |  EAD_1 contains:                        |                       |
    |  - EAD item Request Creation Hints      |                       |
    |      (no ead_value)                     |                       |
    |  - EAD item Credential By Value         |                       |
    |      (no ead_value)                     |                       |
    |                                         |                       |
    |                                         |                       |
    |  EDHOC message_2                        |                       |
M02 |<----------------------------------------------------------------+
    |  EAD_2 contains:                        |                       |
    |  - EAD item Request Creation Hints      |                       |
    |      (AS Request Creation Hints)        |                       |
    |                                         |                       |
    |  ID_CRED_R identifies                   |                       |
    |     CRED_R = AUTH_CRED_RS by value      |                       |
    |                                         |                       |
    |                                         |                       |
    |  EDHOC message_1 to /.well-known/edhoc  |                       |
M03 +---------------------------------------->|                       |
    |                                         |                       |
    |                                         |                       |
    |  EDHOC message_2                        |                       |
M04 |<----------------------------------------+                       |
    |  ID_CRED_R identifies                   |                       |
    |     CRED_R = AUTH_CRED_AS by reference  |                       |
    |                                         |                       |
    |                                         |                       |
    |  EDHOC message_3 to /.well-known/edhoc  |                       |
M05 +---------------------------------------->|                       |
    |  ID_CRED_I identifies                   |                       |
    |     CRED_I = AUTH_CRED_C by reference   |                       |
    |                                         |                       |
    |                                         |                       |
    |  Access token request to /token         |                       |
    |  (OSCORE-protected message)             |                       |
M06 +---------------------------------------->|                       |
    |  "req_cnf" identifies                   |                       |
    |     AUTH_CRED_C by reference            |                       |
    |                                         |                       |
    |                                         |                       |
    |  Access token response                  |                       |
    |  (OSCORE-protected message)             |                       |
M07 |<----------------------------------------+                       |
    |  "rs_cnf" specifies                     |                       |
    |     AUTH_CRED_RS by value               |                       |
    |                                         |                       |
    |  "ace_profile" specifies the            |                       |
    |  ACE profile "coap_edhoc_oscore"        |                       |
    |                                         |                       |
    |  "edhoc_info" specifies:                |                       |
    |     {                                   |                       |
    |       e'session_id' : h'01',            |                       |
    |       e'cipher_suites' : 2,             |                       |
    |       e'methods' : 3,                   |                       |
    |     }                                   |                       |
    |                                         |                       |
    |  In the access token:                   |                       |
    |  - the "cnf" claim specifies            |                       |
    |    AUTH_CRED_C by value                 |                       |
    |  - the "edhoc_info" claim               |                       |
    |    specifies the same as                |                       |
    |    "edhoc_info" above                   |                       |
    |                                         |                       |

     Possibly after chain verification, C adds AUTH_CRED_RS
     to the set of its trusted peer authentication credentials,
     relying on AS as trusted provider.

     Regardless, when continuing the EDHOC session, C uses as
     authentication credential of RS the one identified by ID_CRED_R.

    |                                         |                       |
    |  EDHOC message_3 to /.well-known/edhoc  |                       |
    |  (no access control is enforced)        |                       |
M08 +---------------------------------------------------------------->|
    |  EAD_3 contains:                        |                       |
    |  - EAD item ACE-OAuth Access Token      |                       |
    |      (access token)                     |                       |
    |                                         |                       |
    |  ID_CRED_I identifies                   |                       |
    |     CRED_I = AUTH_CRED_C by reference   |                       |
    |                                         |                       |
    |                                         |                       |
    |  Access to protected resource           |                       |
    |  (OSCORE-protected message)             |                       |
    |  (access control is enforced)           |                       |
M09 +---------------------------------------------------------------->|
    |                                         |                       |
    |  Response                               |                       |
    |  (OSCORE-protected message)             |                       |
M10 |<----------------------------------------------------------------+
    |                                         |                       |

     If instead access is not authorized, RS replies to M09 with a
     protected error response including updated Request Creation Hints.
     C can then request a new access token from AS.
]]></artwork>
        </artset>
      </section>
    </section>
    <section anchor="sec-profile-requirements">
      <name>Profile Requirements</name>
      <t>This section lists the specifications of this profile based on the requirements of the framework, as requested in <xref section="C" sectionFormat="of" target="RFC9200"/>.</t>
      <ul spacing="normal">
        <li>
          <t>Optionally, define new methods for the client to discover the necessary permissions and AS for accessing a resource, different from the one proposed in <xref target="RFC9200"/>: AS discovery is supported by using the EAD item Request Creation Hints as described in <xref target="as-creation-hints"/>.</t>
        </li>
        <li>
          <t>Optionally, specify new grant types: Not specified.</t>
        </li>
        <li>
          <t>Optionally, define the use of client certificates as client credential type: C can use authentication credentials of any type admitted by the EDHOC protocol, including public key certificates such as X.509 certificates <xref target="RFC5280"/> and C509 certificates <xref target="I-D.ietf-cose-cbor-encoded-cert"/>.</t>
        </li>
        <li>
          <t>Specify the communication protocol the client and RS must use: CoAP.</t>
        </li>
        <li>
          <t>Specify the security protocol the client and RS must use to protect their communication: OSCORE.</t>
        </li>
        <li>
          <t>Specify how the client and RS mutually authenticate: Explicitly, by successfully executing the EDHOC protocol, after which a common OSCORE Security Context is exported from the EDHOC session. As per the EDHOC authentication method used during the EDHOC session, authentication is provided by digital signatures, or by Message Authentication Codes (MACs) computed from an ephemeral-static ECDH shared secret.</t>
        </li>
        <li>
          <t>Specify the proof-of-possession protocol(s) and how to select one, if several are available. Also specify which key types (e.g., symmetric/asymmetric) are supported by a specific proof-of-possession protocol: EDHOC authentication methods and EDHOC algorithms for RS to authenticate C during the EDHOC session, per C's public authentication credential used in the session and bound to the access token specified to RS in the session.</t>
        </li>
        <li>
          <t>Specify a unique ace_profile identifier: coap_edhoc_oscore.</t>
        </li>
        <li>
          <t>If introspection is supported, specify the communication and security protocol for introspection: HTTP/CoAP (+ TLS/DTLS/OSCORE).</t>
        </li>
        <li>
          <t>Specify the communication and security protocol for interactions between client and AS: HTTP/CoAP (+ TLS/DTLS/OSCORE).</t>
        </li>
        <li>
          <t>Specify if/how the authz-info endpoint is protected, including how error responses are protected: Not protected.</t>
        </li>
        <li>
          <t>Optionally, define methods of token transport other than the authz-info endpoint: C can upload the access token when executing EDHOC with RS, by specifying the access token through a dedicated EAD item such as the EAD item ACE-OAuth Access Token (see <xref target="AT-in-EAD"/>). The EDHOC message where the EAD item is included depends on the EDHOC message flow used.</t>
        </li>
      </ul>
    </section>
    <section anchor="sec-cddl-model" removeInRFC="true">
      <name>CDDL Model</name>
      <figure anchor="fig-cddl-model">
        <name>CDDL model</name>
        <sourcecode type="cddl"><![CDATA[
; ACE Profiles
coap_edhoc_oscore = 4

; OAuth Parameters CBOR Mappings
edhoc_info_param = 47

; CBOR Web Token (CWT) Claims
edhoc_info_claim = 41

; CWT Confirmation Methods
x5t = 6
x5u = 7
c5t = 8
c5u = 9
kcwt = 10
kccs = 11
x5chain = 24
x5bag = 25
c5c = 26
c5b = 27

; EDHOC External Authorization Data
ead_request_creation_hints_label = 1
ead_credential_by_value_label = 15
ead_ace_oauth_access_token_label = 24

; EDHOC Information
session_id = 0
methods = 1
cipher_suites = 2
message_4 = 3
comb_req = 4
uri_path = 5
cred_types = 6
id_cred_types = 7
eads = 8
initiator = 9
responder = 10
trust_anchors = 11

; EDHOC Trust Anchor Purposes
edhoc_cred = 0

; EDHOC Trust Anchor Types
c5t_ta_type = 22
c5u_ta_type = 23
x5t_ta_type = 34
x5u_ta_type = 35
]]></sourcecode>
      </figure>
    </section>
    <section anchor="sec-document-updates" removeInRFC="true">
      <name>Document Updates</name>
      <section anchor="sec-10-11">
        <name>Version -10 to -11</name>
        <ul spacing="normal">
          <li>
            <t>Clarify instructions on when to include audience when C performs update of access rights.</t>
          </li>
          <li>
            <t>Clarified definition of "prescriptive" / "non-prescriptive" parameters.</t>
          </li>
          <li>
            <t>In the reverse message flow, C can upload the access token to RS only in message_4.</t>
          </li>
          <li>
            <t>Discussed timing of access token request when using the EDHOC reverse message flow.</t>
          </li>
          <li>
            <t>Fixed mix-up between proof of possession and key confirmation.</t>
          </li>
          <li>
            <t>New EAD items:  </t>
            <ul spacing="normal">
              <li>
                <t>Consistent and simpler naming.</t>
              </li>
              <li>
                <t>Revised format/style of their definition.</t>
              </li>
              <li>
                <t>Revised normative language for using AS Request Creation Hints.</t>
              </li>
              <li>
                <t>Fixed CDDL definition of ead_request_creation_hints.</t>
              </li>
            </ul>
          </li>
          <li>
            <t>Removed definition of the EAD item Session ID.</t>
          </li>
          <li>
            <t>Added the "Operational Considerations" section.  </t>
            <ul spacing="normal">
              <li>
                <t>RS belonging to multiple audiences with different credentials.</t>
              </li>
              <li>
                <t>Keeping knowledge about C and RS up-to-date at AS.</t>
              </li>
            </ul>
          </li>
          <li>
            <t>Added figure with message flow for Non-sequential Workflow.</t>
          </li>
          <li>
            <t>Improved notation and details in examples of message exchanges.</t>
          </li>
          <li>
            <t>Aligned the "c5u" confirmation method with draft-ietf-cose-cbor-encoded-cert-20.</t>
          </li>
          <li>
            <t>Fixes to the confirmation methods "x5u", "kcwt", and "kccs".</t>
          </li>
          <li>
            <t>Added references to IANA registries.</t>
          </li>
          <li>
            <t>Avoid normative language with inherited normative behavior.</t>
          </li>
          <li>
            <t>Updated compliance with profile requirements.</t>
          </li>
          <li>
            <t>Editorial improvements.</t>
          </li>
        </ul>
      </section>
      <section anchor="sec-09-10">
        <name>Version -09 to -10</name>
        <ul spacing="normal">
          <li>
            <t>Fixed CDDL definition of the EDHOC_Information object.</t>
          </li>
          <li>
            <t>Removed excessive EDHOC_Information parameters: "max_msgsize", "coap_ct", "ep_id_types", and "transports".</t>
          </li>
          <li>
            <t>Removed definition of some IANA registries: "EDHOC Endpoint Identity Types" and "EDHOC Transports".</t>
          </li>
          <li>
            <t>Defined derivation of N_S, when combining this profile with application profiles of RFC 9594.</t>
          </li>
          <li>
            <t>Editorial fixes and improvements.</t>
          </li>
        </ul>
      </section>
      <section anchor="sec-08-09">
        <name>Version -08 to -09</name>
        <ul spacing="normal">
          <li>
            <t>Parameter "cnf" explicitly forbidden in the access token response.</t>
          </li>
          <li>
            <t>Clarification about content of "cnf" claim in the access token.</t>
          </li>
          <li>
            <t>RS must support the CoAP Uri-Path-Abbrev Option and its value abbreviating /.well-known/edhoc.</t>
          </li>
          <li>
            <t>Example of Request Creation Hints provided in EAD item.</t>
          </li>
          <li>
            <t>Examples showing content of new EAD items.</t>
          </li>
        </ul>
      </section>
      <section anchor="sec-07-08">
        <name>Version -07 to -08</name>
        <ul spacing="normal">
          <li>
            <t>KUDOS is just an example of protocol to use for optional key update.</t>
          </li>
          <li>
            <t>message_4 is mandatory to support for an RS that supports the reverse message flow.</t>
          </li>
          <li>
            <t>Method in -workflow-and-params as example for coordinating the exchange of authentication credentials by value or reference.</t>
          </li>
          <li>
            <t>Revised initial set of EDHOC_Information parameters.</t>
          </li>
          <li>
            <t>Defined categorization of EDHOC_Information parameters.</t>
          </li>
          <li>
            <t>New EAD item for C to retrieve Request Creation Hints information from RS.</t>
          </li>
          <li>
            <t>New EAD item for requesting authentication credential by value.</t>
          </li>
          <li>
            <t>Means for AS to achieve proof of possession of C's private key.</t>
          </li>
          <li>
            <t>Editorial improvements.</t>
          </li>
        </ul>
      </section>
      <section anchor="sec-06-07">
        <name>Version -06 to -07</name>
        <ul spacing="normal">
          <li>
            <t>Renamed id_ep_types as ep_id_types.</t>
          </li>
          <li>
            <t>Revised rules for AS to assign session ID values.</t>
          </li>
          <li>
            <t>Added explicit validation of AUTH_CRED_C at AS.</t>
          </li>
          <li>
            <t>"edhoc_info" only in AS-to-C response for first token in a series.</t>
          </li>
          <li>
            <t>With a group-audience, "edhoc_info" refers to the whole audience.</t>
          </li>
          <li>
            <t>Defined parameters for the EDHOC_Information object:  </t>
            <ul spacing="normal">
              <li>
                <t>Parameters moved here from draft-ietf-lake-app-profiles.</t>
              </li>
              <li>
                <t>New parameter "trust_anchors".</t>
              </li>
            </ul>
          </li>
          <li>
            <t>Access token request/response messages must be encoded in CBOR.</t>
          </li>
          <li>
            <t>Explicit statement on admitted confirmation methods.</t>
          </li>
          <li>
            <t>First token in a series: the "cnf" claim uses the same confirmation method of the "req_cnf" request to /token.</t>
          </li>
          <li>
            <t>Revised examples in CBOR diagnostic notation.</t>
          </li>
          <li>
            <t>With a group-audience, the reverse message flow can use a roll call.</t>
          </li>
          <li>
            <t>Matching authentication credentials from ID_CRED_X and EAD item.</t>
          </li>
          <li>
            <t>Handling authentication credentials and EDHOC session that become invalid.</t>
          </li>
          <li>
            <t>Limited use of ACE Request Creation Hints when supporting the EDHOC reverse message flow.</t>
          </li>
          <li>
            <t>Changed CBOR abbreviations to not collide with existing codepoints.</t>
          </li>
          <li>
            <t>Updates and fixes in the IANA considerations.</t>
          </li>
          <li>
            <t>Updated references.</t>
          </li>
          <li>
            <t>Clarifications and editorial improvements.</t>
          </li>
        </ul>
      </section>
      <section anchor="sec-05-06">
        <name>Version -05 to -06</name>
        <ul spacing="normal">
          <li>
            <t>The access token can be uploaded through EDHOC in EAD_3, EAD_2, or EAD_4.</t>
          </li>
          <li>
            <t>Ruled out the upload of the access token to the /authz-info endpoint over an unprotected channel.</t>
          </li>
          <li>
            <t>Defined an EDHOC EAD item for transporting a Session ID.</t>
          </li>
          <li>
            <t>Provided more details and added example of dynamic update of access rights.</t>
          </li>
          <li>
            <t>Defined in detail the use of the EDHOC reverse message flow.</t>
          </li>
          <li>
            <t>Provided details on access token invalidity.</t>
          </li>
          <li>
            <t>Revised examples with message exchanges.</t>
          </li>
          <li>
            <t>Clarifications and editorial improvements.</t>
          </li>
        </ul>
      </section>
      <section anchor="sec-04-05">
        <name>Version -04 to -05</name>
        <ul spacing="normal">
          <li>
            <t>CBOR diagnostic notation uses placeholders from a CDDL model.</t>
          </li>
          <li>
            <t>Only CWTs are supported as access tokens in this profile.</t>
          </li>
          <li>
            <t>The alternative workflow of ACE is only mentioned as an example.</t>
          </li>
          <li>
            <t>Clarified that both the EDHOC forward and reverse message flows are possible.</t>
          </li>
          <li>
            <t>Consistent with the used EDHOC message flow, the access token can be in the EAD item of any EDHOC message.</t>
          </li>
          <li>
            <t>Explicit registration policies for the new IANA registry.</t>
          </li>
          <li>
            <t>Fixes in the IANA considerations.</t>
          </li>
          <li>
            <t>Editorial fixes and improvements.</t>
          </li>
        </ul>
      </section>
      <section anchor="sec-03-04">
        <name>Version -03 to -04</name>
        <ul spacing="normal">
          <li>
            <t>Fixed column name and prefilling of the "EDHOC Information" registry.</t>
          </li>
          <li>
            <t>Added EDHOC_Information Parameters originally in draft-tiloca-lake-app-profiles-00.</t>
          </li>
          <li>
            <t>Removed the case of transporting access token in EAD_1</t>
          </li>
          <li>
            <t>Removed redundant normative text</t>
          </li>
          <li>
            <t>Clarifications of association between access token, session_id, EDHOC session and OSCORE security context</t>
          </li>
          <li>
            <t>Updated references.</t>
          </li>
          <li>
            <t>Editorial fixes and improvements.</t>
          </li>
        </ul>
      </section>
      <section anchor="sec-02-03">
        <name>Version -02 to -03</name>
        <ul spacing="normal">
          <li>
            <t>Restructured presentation of content.</t>
          </li>
          <li>
            <t>Simplified description of the use of EDHOC_Information.</t>
          </li>
          <li>
            <t>Merged the concepts of EDHOC "session_id" and identifier of token series.</t>
          </li>
          <li>
            <t>Enabled the transport of the access token also in EDHOC EAD_3.</t>
          </li>
          <li>
            <t>Defined semantics of the newly defined CWT/JWT Confirmation Methods.</t>
          </li>
          <li>
            <t>Clarifications and editorial improvements.</t>
          </li>
        </ul>
      </section>
      <section anchor="sec-01-02">
        <name>Version -01 to -02</name>
        <ul spacing="normal">
          <li>
            <t>Removed use of EDHOC_KeyUpdate.</t>
          </li>
          <li>
            <t>The Security Context is updated either by KUDOS or a rerun of EDHOC.</t>
          </li>
          <li>
            <t>The alternative workflow (AS token posting) is specified in separate draft.</t>
          </li>
          <li>
            <t>Fixed and updated examples.</t>
          </li>
          <li>
            <t>Editorial improvements.</t>
          </li>
        </ul>
      </section>
      <section anchor="sec-00-01">
        <name>Version -00 to -01</name>
        <ul spacing="normal">
          <li>
            <t>Fixed semantics of the ead_value for transporting an Access Token in the EAD_1 field.</t>
          </li>
          <li>
            <t>Error handling aligned with EDHOC.</t>
          </li>
          <li>
            <t>Precise characterization of the EDHOC execution considered for EDHOC-KeyUpdate.</t>
          </li>
          <li>
            <t>Fixed message exchange examples.</t>
          </li>
          <li>
            <t>Added appendix with profile requirements.</t>
          </li>
          <li>
            <t>Updated references.</t>
          </li>
          <li>
            <t>Clarifications and editorial improvements.</t>
          </li>
        </ul>
      </section>
    </section>
    <section numbered="false" anchor="acknowldegment">
      <name>Acknowledgments</name>
      <t>The authors sincerely thank <contact fullname="Christian Amsüss"/> and <contact fullname="Carsten Bormann"/> for their comments and feedback.</t>
      <t>The parameter "trust_anchors" for specifying supported trust anchors builds on a proposal originally described in <xref target="I-D.serafin-lake-ta-hint"/>.</t>
      <t>This work was supported by the Sweden's Innovation Agency VINNOVA within the EUREKA CELTIC-NEXT project CYPRESS; and by the H2020 project SIFIS-Home (Grant agreement 952652).</t>
    </section>
  </back>
  <!-- ##markdown-source:
H4sIAAAAAAAAA+y9+Xrb2JUv+r+eAkc+37VUIWnNtpVU0ipKjpV4OpLclXyp
+tQgCUkokwAbAC0rLt9XufcpzgPcfrG7pj1iAxwsV7lOx193xSaAPa699hp/
q9vtrr0/jHbX1qq0GieH0cn0JpkkRTyOjtOrqzTpPk/G40mcRa/fJ0XUf31+
Em2cHD9/3d+M4mwUvR78lAyr6DwZzoq0uouucngpz8qqiNMsGUUn2fu0yLNJ
klVltPH6vP/67GQzelPkV+k4obePZtUNPE2HcZXmGTWKP+VF+k/+pb3Jo/7J
5lo8GBQJTIMGxuOinqKpdJRfRfDi2igfZvEEZjkq4quqmybVVTceJt1kdJMP
u3k5zIukK990x3GVlNUajCu5zou7w6isRmvlbDBJyxLGVd1NoaHTk4tna2vv
k2yWHK5F0XWRz6aHnzsnGNImNDaJ0/FhBP/4NxxoLy+usYe0upkN6Ofu7fWj
ptGvraXT4jCqillZ7WxtPd3aWYuLJD7UO7V2mxfv1HD7J9H38M80u47+jD+t
vUvu4PkI5pdVSZElVfcYV2xtbZiP4K3DaAYr92RtLaZZHa51YWRRlGblYfTn
HvQxhiknBf3IC/7n//rfBRCR8wQmBFtWpMOyzDP6JeEpw3LHWa+Ud/8tkVd6
w3wiPXGjf8lvMqClZPZf/0/0Mq4q3U6apVUaj2E0f6F/l7OCvwi93DiMn6D5
3kReDY2C5vuyF12k43wYWwN7GRfD3P6Z+jg7PT+x25/gW72K3vq3IoUJ2+2e
9aLn//W/r8ezbGS1fJa+i4uR+yTYeEEv9m5yek+aX8vyAiaUvidiPXvW3336
5ED+unew90T+ur/zZEv+evB476n89fH2jvr18c7+jvrr/va++at+98mWevfJ
9o7q4snuU/XZk4PtLfPXXfXXx3s75q+P1V+f6jE83dIdw1/VZ093dG/w123z
V/3C7oF+ASan/3qgG9t/uqf+enBAL5x2j3vEIIZ5mXSHg7zoJhmQfzLqDpOi
8l6BkwfHqjuNq5uucCP7BTymcKa6dOCAgCZyXGsvDfN42p3OBsBn1FHGd5Dv
9p4nMRyH3pu4AFKAY1ke0oarMxhFmhhOj14d0b9HwLwOoys4Cgn9W5g8sXFu
LjLN8RtxcZ1Uh9FNVU3Lw0ePbm9ve2mcxch+HsXA+a6ZSz3CZaH/9D7cVJPx
gxtqDlbAag4YS+8s+c8Z8NFeH9gP8r7e8xQ+X3noyKtcXnqeFHg1ST+R6iei
fpabE+wA/r/MCPcjtrvqltRVt+CuukPpqnsjXeF85W77vBmqRj53+FPTzmtc
tfsgHmpoZbLJsUeLSmo/yOgdOvLH3ut/9/qs9zKeTuEyur+ZRNhspJr9nLX3
J8X8Y2Ja/sv561e975NB7yJ/l2S9/jhOJ6tPBFuLoLWIWou4teXG/9Nthf8v
4x+qFvrfX3zu4GhRzeA2oMnNlYY4hCEOvSHCWbxOQYy6wzXFsebZVUp3HHCa
lwkMdvQZy/r9RWQ3GEmDn7WyVnvdiW6vf99j79/L2L0lD4+dpO7eyQeUFONx
z+HOveO4ileeBMvzqmWP72PLy82GBGX+r8yIRWe4uaxpTPMC+uu9iAfJePX1
V0Pn1iJu7Z6GK42ChiKN8tBdrQMv3BH+E7bkAnSVz52Kp9OY1iNq/X6mFjud
4AUrnXQr6mQtza48EXbPSIdP9vaUqPl0W8uXT7dZknSlNSOJDdKyJoahcnQ1
zm+7oIEwGy/rTYjGhXLdbEpr1/RKOgq9MY7fsYDxz7AYiCKGKyaC/BFfpRl/
WcUkdwSanE71xV9rmebtKYuHa2u4ytUdvn1+8uLZYbT+D1i57t/gz4/ra2vd
bjeKB6itDkEHvLhJywhU6RnuZVROk2F6lSZlFGt1G9Vb2Mj70O2jK7xDcT96
a6cV6J3pOP0ndLaEnQI7iYc3afIeFdzJrJrBVy6lRYOkuk0SHCLKX12WDIbj
FGeIwy6SMp8VwyRiEbBDP6ZVNEizUYlfee0ZykXbA66FNFblbh/xcJiUJfyM
YsCaGDDGZR7B7seDcVreJNT+PEPL2cn5xdVs3GBw0Z/BJ1XyoepEtzfp8CaC
jZyV8DWMqsRXYJhwJGaZTKPU62LNILAc0BquHU0F1xjooILRJubFEp/mBRoP
sDNszhGtI32w6e8jHAB8nnLP7iIR/SlSG8a4eXoWo2ScXMOnoFxn8XVCFAob
0NzXVZFPgHLVOOHkmTWVyeGWsSUFfrvJQce4TWHnxjikMoE3kmicTtJKlgwk
kpgnCmPUK5LfQku4dJNkkhd3PT5Uk3Q0QmPN2gO0tBT5aDbERvwzNkrg1MMa
4lqsI2+4JHZ5ycd43TZz0bHT1KUPT/TxoyjKnz71ImcF49EIZl/SAV7/Z1Lk
3SqfDW/WI3cpqgrnARtdJDaxwzOclVpg+Gc+hWPJSyGbAz/ggsMzXrj8Nsph
2VBjpF/yWRUl2Wiap4afDCOSNq5n0hYs2Iv0XaIoglfBn7+a5O6nTx0+RfS6
PVlFxRtiwIxrtLxxdr6J9ET92EfsaDodq/MNClqVD/MxtJMfvdnkntEs8ukT
0os5RclCZtL200uNo5mEG5fTheNLC+/A9qLnQGnEoZx5z0ohH3fr4O6Kkg/D
mzi7TqhdmtMSvJVXfH/nCQ9NMy3qS4ywPvNB+kvswwFkKyp1SSujSSDER2BS
6YhnMMYub2/iCn/kMzJqJRAgou+RU82oW3uBOlFfuExSBrvFc4+0XkVn58vw
MnU90sDizGFlFhdOy3IG7wzuLFbjNqqo8+icCRc+GuSzbCQ3Suv905cjP4Lt
RD2XmF7jKnXklPuc1+0SL4wiQSrk9b9OMjz3PImjczVGw5gLkNlayYI2p0ji
0mZWsAVI4Qles/gxHkyckaNUlqRVluqk7D7FYxiXzuhL70QgxaUFEhQwgzJB
5sGvd+n1T582e9GzWQF9FsCwk6avcfodotoJfAtXTqkP1EjfnuyTgEWBhRBK
p1+gtfdAzHW6wJlO47txHtMiiuERSYgmztMEwRemKWMH2bnESUOrMJGyO4QJ
KPpCi5KZLiwesCy9N/I97AYRzj6url79Tbnt9RbkuB63KWyC992u+x1s5lEb
UcrNEKOe+ntkwvFtNJ0B6xgiT+pESe+619Hzxq1kjZaUfiAdZOD9c2fDfx+h
nGe1EqGdFvkIUKVqEbr9W29/66n9jBtBozcsILWBi6ysvVG//voc27AeC583
EvtAfcEVAiUATg6c8GHF0lZWwQ3A3Cixxy5X+TSBMw/bTjSDWh2KBnTDW3e7
LSoSOwS+USbNqw+riQQtIuwkvgOWE2clapVy6EMisv09HPH38XiW4DTh8oHR
je+ATK5YWoLPJr3o9KqdL9FpIh3kfYoONRQdCkUY+aDimxEFBRa1bHFknGbv
6EAjVwKZYQbX1FBOIy2OnCykGx4fjw52Ce55kG6YpOxdvYnh1tpgKoHpqSsi
4fuOrduRtuhF6x/2q3VhVLsHRPLMY/H/+Aoq4VXg/ykwOeyObkyHtzavr3Nr
4Lunx5f9s5Pjyw+KzUTwdDzSIpbeQOa/enNo1gWzYP/E9vZ7+tTSDY6n9jQT
Tj7uKC6OFx7JuO9wl6Ghmxg5ubqlFOOKElCymEE8LFsm14lgaWEbsPUh3Pik
fd3E4ysayzku1TRh/ZH6iCZwsMbiwu1FRyDW0dCyJBmVejhlPkmcizceoFgJ
Cw6djWcjtZsFKAjvY1RjmgaIX8DSjZiWWda4gluKlZy+EVU8rk1rRTcd0McE
yJTPorxSpNc3ld6ua9guWDxHWmshCLrx6KBOQTKhn2AnBsQ/3id3yMVrB5E3
fZMEbCEidfWQQuwNnk4O9vEuoUU9OhdWo5mL1qXgy7LMh6mrOZ+dq0suVWp0
BPdGeQdUMsFTgdsBn4OsMQXmM8B/Zbhv4xkLTdTtYJaOR0gS+gBNC9StQHYo
kTLoylJCvdKPYMd6CRxb1p5pdnXDg0gd+NQRmVnxBTmkI2ce30g+xJPp2GH1
xloDtwS+k2eDXBQ9mDtpNnJgrK8Cxhz5XK8rNiBCH3w9BJEPJ3h2DqQOJ2WS
juOCheUR3Ri4/KjZ4O2JCklIzLiik4+GcZC6qHlLd1fGmfrGOoOA7X/wILog
Us7H+fVd9CD6+KAy//7E9IGXFcYKlNH6y7fnF+sd/t/o1Wv6+9nJ/3p7CpwL
/37+/OjFC/2XNXnj/Pnrty+Ozd/Ml/3XL1+evDrmj+HXyPlpbf3l0d/X+Rpb
f/3m4vT1q6MX6zXiIN5V0XqlGMwAdw6xrXINrodhkQ6YoL7rv/n//t/tPdi7
/wH8cGd7G2Ur/seT7cd78A88/txbnsEh43/CQt6twT4kMe0anEvYoWlaEZ8D
ei1v8tssQpYP6/nNP3BlfjyM/jAYTrf3/ig/4ISdH9WaOT/SmtV/qX3Mixj4
KdCNXk3nd2+l3fEe/d35t1p368c//GmMzK+7/eRPf1xbW+vDHQuXtj5mXeDA
pCYgKZX6Ml53jyzuuKP/4A9kERCWCC3hTxsoUG3Szl4X8ttLuSF9izVcI9HG
y6P+Jr70HK777iBGdtL6/nP5gKgMODVcBetMUjGyTdKkSArYI3Ecdlnp8tZR
gTM3Hue3ZfT84uKNCA3b21v8OkkWJJIB25my3sn0ehXD6U+Bsoi50IVIa4Zj
gbUYJtPK0XtJrrcsER3F9CwDAs+EOaWlvHsDYQvkCqMxFihLPnUOmq3bkQRq
ftqmcVw46waMEk3TaF9WxsBieJOifo7s0FX82ei109viJjF4BWesaMwyYm70
NztyJ9atP7xGdb3eUsF7UXRKai9chbNJ4E7iCzWOruHmykwveBkZ+wbcG9wE
3abKPqZFVrqDX8GNz42pJY/WlbFsXWtxyGGI4bgr3BHKw0sghe3hBaIVS3FK
lgWCJJcMOzNGD7Vwj4yA8yhFOyXOoEJjyNE5L9Yjuhm7KICxjYSNPESRwe7W
f/hH/MOPGe/uHQrWcPDSaUxWRtlp+lpZpdZdyoYmYLBheUAkl2ajzIYZ7abZ
GxKbyvkmHW2qjD1B3bOxqt0iT7XZqhql6PPECkMyiZEJlaHdZDknrWSrSmdc
w7goLJXBEe9IIIATgweFeJbZRtYq+3CCUa3/Ls3i4k4ZLM8SuC5LGKSsGyrG
m7b5gf/6eG9HTrNqBp2z0bHe+OhFnF3PkMlu9I+PXxiTJnGBImnYxwhfRi1R
nXFSozESDm7XhNaeJWFQDNmmitaRwR0QMfyCoRZ8kp3HaGtSjzumc/g1yUo4
rdBegKBOWCJEJlLks2uyWdflDGCZZEs3pppRGl9nOejuQ6RXEUcdpmU0siei
jYllh0XJIxAuslH6Ifqzekqr1ouOAy2znaZiJp5fVWTrZA6ubU20AKjfF+7m
CuvOYDYF2l61qkvrTaMhtbJkLZEOaNMMG8R0VuFnQ3NRIPVGycPz1y9PLl8d
vTx5SCOHkY1BciZVFt9idZYdyDwb/YHmFUgprCmyzEUre5Ved4ej0bhLT9C8
cwW/giji/NqLnhmZvxN9TB6WCcX4Xqajh9FhdPNwa/shENxDYFDAaC/LGdw/
JT7Z/QSUFKNhDMnr45Z5eYeeav6d485FJ6O0yovD6M04AcmDnFVVIsa+Igal
cAq8EXZwhLcB0CHsD6yCtlXjkVcKcLraDky5Z1lgvhEX2BTNor78TgD/gSOt
R6rXSM0ffWXa+4IOifdpcguaSS5//STOs1IO1TWrjlmkXsCeYVw4duXlccUV
W0Kp8usELRpmBcaoyN8m+N/FnCk1USv67g52BHcVN9IVSrTkEfRKKRs7OYTD
VnTHWVSTLJruNC3x3MmaxFW95bmupwshZImmQwMNn+E+fpsl13mFg7Ht+I5R
Xa9xo9hFIs5tAlqWiHOyCiXcbVPlUmKm7gidowR0kLGiUCMTCZEgSwNZbAJ6
CuoqZBqEd4SCYJi8QXDkm81aNH20uhZJbd0b9oqZavvOsDkD1UoeAu8NC47W
+qNrFtrhPWjxrBuHTII/A31N8zEIXglzMMspZzxy7CxCi7KMIWiEVutd0uHS
CpnlTGseFrwzjdFtL72xp4SFSIs+3C763hDJ+OJKPSyd3ZEJpHWB7RNXKlvY
bUzrnas2ad3JOFzijYyNev0pA5uIkCI2G3kR5eWaw6X3pOY6Ob1y7HXoXWOD
oZi8oRXk4Cmb6vpKbQBxHQeDyidMZgp0LUfZxOjMNTOS3UmZWNHYpOSGmkhJ
PQ/uLPsqyKXa0sjddyKyZpUVuvpnU/Jn1RoapXDNVWxadu2/8Zgi/9D6F6mQ
LFd0mhe1pSTxcVyhKJNP1TFA5YG5AkrE7OcLyX2nli3YeLeb+W9HrHAwkWLG
i8E3gLoQyDHSR3eDcXL4dCT0LLvd9/fPflXMu9BCS5hktHFydLzJLgMx4fKg
lDOhpCiTWaGs5PxUpKC64+CJ5zbQXKfFeq38xMR/GrtKS6MJoXlYfWW5ukd1
74gTH4Q2dXcTuAsyFciGE+2oaMpkSHYH2hb5ypwkIEtgs1MtqHFb+NFMm5ZF
MEpHWpBezBXC5kO6MTgqDTqrh9bM95yrI2O26Ki37WwRTO+Z+PyzSEYNH41z
ZGK05GxLiXkenjca5nt1hS2TcnTNN6QJ+KEt4egx4wwKhoDRxWU8a8ZvOWqO
FaGADdxIEIVZlDN+DJxS3+qK+WCzbMRLKRqwPgSa9nCb8djXg0No3YgWm5q2
blZQtEEPly3TThlLJnCDKjjYTa2J6y6i2A2+bVs6HqUl6P4oa3EcnsdNNuBX
Ym/mZLnOaThom/Zdqd+bc6Tt6EH7wAjFxiDy3TaOm/RxmNvHj4ozdrUI/wmd
RWMKeYPJKGeMaCfaAQqcHn0kGJ1hTrb9FAdoqSDSTldCzrp4GUyETdIR+b/N
nyiOy/fXaxjV3I8W/ANEGv5zdI7t/LxoO80v/szt/OFb+RO9DAaz2gfS8tSp
r/6o2rmf8fyuy3+iN6/PL5TM013mzx/vdTw//2GpzqMjPisX1rh/t9R4cA1U
K6eWYBl90XXuoRrUfZcBeXMgvVrzP86lH/NnwxEDLrc3lxjPF9kvNN7vRX2J
n3J36neLj8eb184vPq9HvjeJYxseLdvO/Y3nGJmyHotw5aXbieqMPDin+e18
xefCo55dliuWnxffwpfqno9ACL/cNaT4S52vtm9DdNqvbekvOZ43RZ5TKNA0
L5Vk9muOZ5Fzs8h4Fjk3X+Rc0NmQcaskaff2bW/nS/B5Mx4xU9gD+iXGY4l6
ax8Powc1GZST375dN6Zmlkgt9YW5xLO8uEVIBhVF8AzF0vVPa2tHjn7VrLtl
AZMIqoSkiaHyhVYYChQdVrUY4ojzypA00b/raA+uqUrHEumPS8tGGg/y90mD
3UqscPo7zqtAow/njGj9iUPl0qRYVyYDVrGtPOic/IoYWCx2JRUu7hmO1FAE
ySNoZlPe5JhjK9TSWMoXRduyCaFCZ8r7NJ+VoKCUN3Gh1MU+Wy/qkxDXPDs6
TEy70nh0YCBGwhdom0HDihtwPoSh4eJG62KPpBf16tCPXf5RG/4801CTaXOQ
IHFZKQiksNndkIZF5KG8/x51iHGJQkfZ8x0w8TkKu+3lb/GCG9Pm9pZj27Sj
X02UPLn5dfQ8kr7R6MUBaO3dAkYDtb58NroS1s/T7g67BS12JEZWP8NBjt2Z
Y2K1rbFibAVBdTvaILSJZLSpCRc28e0UnRbGFmuOaH0DSEWW5A9nJLbFZYDx
92L8Y1QiXOe0Kt39poOJm05W6hkHjAToukCImMwY2sTGYrXuhg5QZKDdkRpP
mrG1SKKmbyUaO/kwpUwDGMl1UiHjeA9fjyjgBsNY7KYwqYCMALJXIROAr/S7
hO2s6WpK/Oco7osr66ivn3xIy0ocT03q+WIK+qKX/1Ja+QKK+Ocr3ysr3Csr
2QuslSyTxd8WFo42DNaYbYac3y8+9lUESfrZ/CyhdclvH0Vv6fCNPOPjowW+
XapfoQ1mncI5FU0uodwv3e9nfPu7FvH5swTnhdaqQUz+Uv36QrHHkxtFYuTH
bxU/ljN6xvwYBeEHUZ/8xl0QY/pO6D1GlGPiWhc92RJPbjnnZwPln9eSKot1
ZOzV4Sp0dO20Ol+I9P2wfry8CmhKTe5eh/0KnEN0JOH9eOOiNbnZLH709uL5
D5SpA/8lwTIjRyrd8AEBKy7lJsBbXrm4nEY6NRdrPdNDpEDjfnX9YRe1GBbX
vQPj01M1vuSEcgKscA66vJMMhK+EAzqMa42+Qc/xaSaRnDPQNEjAKZ2QEFEb
Aok67Y5pe0ngtiZjmh272pD9FMqIEXfKPFe9aGXDvGBqGnFMhBAWqmRqLrQE
P1ye2tE0emScSxhN4mnEqo+d8mevgo6Kz41jSjukJPpynk4lipp05K2Lyoum
z3+4xL7XrSA/lS6iZHiEbelaMFYmudR64qBakQvlARz2bpXDUT/kcwnz8ddW
nXo58BxUwh/ZIQ+NSsUT49zkWFu7nYgyKlDr5QPtMIeGzaYcw1gjYAADyJIx
0/v1LKbIi8R343a0SKpDXToqFN5OUlC7xo0To6NM3c22XPTKSv8NMTmaIzDD
lrxgFStsay6oWFJwIaHpROuxATRA7LLf4Xau0yHWIQ9ADzOJE8xmkwGGUFxF
43RQxEVqImWwYXICTpHYKEAZpmPlkKgXJT8Jg79I66MB8TIqNVQHSujsBcUk
VTQRPzRpDAtGZmBKss1ZazRGxwPW6nKYXdlHw0pPCO1GJ0pSdq8uw4UovCaf
jTHwGHchrchH/I5Zqwq6Ia29lStyWmjfdBiK/jYjVemteOMQ9EIm6hWCeS0d
WrO2hoGz1jA6c0ZMdKeoF+M7aD0xtExoh5dOUmV5tA2p/hRt7qSEl5QT7qIA
dOrp3qWd78105Kd4l4vkePcIwQNXNqswYLWJfJghsXedAgstUDZZdwwopntV
xaKpdHFnaXk51j/sA4dKs3UkLc5CJsXbJoa0DCe6L5Al3KFLTpkenPwTPm2j
POHoqXg0SSs7lnM9i0HNX6eE6cu/JneUwTAnYBK4NixvKa2pKMEW4uE7tX9u
36Ox7pJy8KJ12gFKu2CYhbws0wGcL4rI4QeluqTbEqiN5Su0a+vvhsNynaYB
CygYES00gHl1ig4a21QzWedki4jBZNlEcBht62uDw2HaghDdvOfAqDjE7yYZ
vkPYABYRmXPHY1DORndRWeU6Tqs9FqRDWQKwxA7FOuzVjKBGepiWr8IeOYUe
CYzWKMYgQhIM2K5bemeCWa/ZqNDqI6QMpofnwqY5cZ2jkoARX1UUG4M4HtCR
BHJpaZ0CLKw+WVmQfvXwyPamM9I5T1BdeowIYLmzFLYDOZY4g9aVM0VOseAg
/Ihie0As9WF2uNo3yogfJIzJhdFrZC7t2KnNSKuUyIK3srW13PuRsvraXKXt
NFOgp2oxsNioFcCuI7CUyrHuS5p5dGSiPJGPMgnKmU1UmD5S+RSuRQyscwHd
pgGHofJ10ELGlStB7vZ28PW5sHgqKtAN72MLtTHv0vbjQXFJkwEmJJquadV6
0etK8FSYd/RDsrC6L0fJENXtEWOrWFFRjRK0iX1iV4M8w7vLKLxCDnaU6XxF
d3BnTm5HubgIQoPDS+t3j5edxjeXjkhVR/cH7+y6Bl37D1o6GMJaNI0NTNj9
dqu3tYPg+dHbIu0+z8vqEOTcsifTRPD2dfX0TVzdHIprhn4kQREW8hlpZcBt
n0YbIRmZ2n/D8jkhaX5kOM1HsGCjlDBGHkX7EbadTKbnILTkxd7j7e31jnqP
QBDYwPYU38Nja54KC8Pne/BUWo+i5CEsGqYd/aO7vd+Jbh4+fvps52hv+7v9
7a3+9rOn3z38kV/9tEb/aVo5tO04BKEsO5LkplQ4x3Z85oJH2EZcsvKQ60qH
zIvPo+Z10nhvZGaR6ytRVvHGmOq08sSoLKB2a8W3XdMVV+kCiiFLKM0d0ZCU
GYC6FP4DnY6EuIU719U3lAacb+sXF7BG55xzOu4iJ1zgRrVubHl/3DEGfJwc
TzpTWYy+m5KTtlV7nFmVXed8cdjeKO/GYp02xTwe177l2nbIiEEx3x3t9XPd
qry/mNXAHd1y7LLCT2M3cJ+YkmNS04yZks7hoKPmzO4ySrVVU+JW9Adn9SRs
crW668jyzISywrRneDIbVyntXWCBlDyfKg0olDikexPjBnr1TNyulyNWGq6u
5RKUblWWW2jEbn4b39kOfJ2VOs/oviSiC5erp7J4phmTz+bGtfMSVXciO9qA
OwY+h73EGPXgEBZh/qHkrtynQvO+B1WMEgNCuKRb8w//o9td4xzMh5xNeBiJ
ME3CpReDLU4ZOmgCnzZicMesTEcST80kbbysHZvWgJifE3XyYa3YwqfJSH9k
nyf3nGhB1ybITfTY3rH/Pi2zh7XmGA+LKIahYBqn19GzUQk8ZiRW/39aW3t5
cQh3gG6oFo9AUBpiTmhfFNgZzGnWCVW3thnMnYdvnhFU7aNjGGoygS2l5ZVe
CYtAUQkfxYE5e7gQG3107G8L8mfG5O58oKB16l/tbErmDkFptiKbiTl8WwBG
nUB79XBH4i8GMAg1BFFFx8l1WqUTTgF22ZLmB/JFKjnZHX0kZmomqEFZdGBH
rGBaMYicqBCzCabfCtjFZn3Efk6HCgdRVDQ0gyPntTC9cBIFt40Hj9L/Ee0t
wFQUH5FLisOhKBAJzy7pL3gDlCllvvHW2GRGD1GTi9FuOASRAVZFpUzSrYZb
iCwC7cHwyulxKUl4Qk8ZYQFoP1Nvrdv9Iw9mXQ2upsYTkBDd25osXXNgigIG
iEJl63tKO7TDkmSjNIITo/7JubhKCz80Q5q9F/ao4mGCE0/rcxHsAH/uVSk3
i1orTbKi8rf1Ihe7vvfttlHrOedWbfWa6YBSg0a+bGMJKQ1rhFiM6XgcyHqS
AKtS0GN0X364kAgelAwpkKeOcMF3n9yXhp/JWQ4uQ9DGDESlVhy5VpJmpHKr
LkbJVQzShunKlyT6BrpTtpoT61xDy8I6qBFPkqIgSDUQY9clIOiHS/lsvRHq
AkWFXd+L8xvV9OjPoupepHW+W+RX6p3kISN6I5u8JFJ4aGt+URCSYjVlT3SD
ZXW+sINf/JU1bRCh46iJcz5xHx84WoQPcG6gd7xISbKiNMRXMg2TNUa7OIc3
RU7YUQQPzUIlwUszmgRdyOzjw/ss4QRGOYwm8gDz0dF0gfUT1r6JTrVyoZkZ
Bg3oB3YEZl9yKxvk+DkwzaZNdbDpq5CGMr9JFYoYLxCMOCdkkjyW7QGLiwUp
3les4Yh0F2qewg1FLy8o2JBXQsbrtIYVG5ivMwTCqLRiP7T71RsCWlCLtEx8
PVSTH4UE6woSAvnFMjCJjpuMSKG10QWowfVUspZkUp/v/FtVmTzq9gd1mzRb
MeaHanPrMJ11w6SUf6UBOpsua5bBSmVA5dvfHSPHjAI5tUg5RBQsxTEJkYEg
pM2qyNar9AMpWhZSkxaZx+lVAtK1xoI3gmKDjkx6NN1/sOmzIhFXQVoYR5mx
6NvlRokuRH7g8aFMaKOWxUbUUcYMNgU4dEbR6qwoNLGpcGiPjpAyi2fzM5sS
xb7QD89LA9a5ZOkQtN3x75FW15ZkZjXzwhJjQTwUXTQEZTFjuW8Q2EhH4Hqt
3SZ7xkHvqWvNCHGUAH7feCxiqWueUafU7ZS0K6IRFsH8egasEDHUKzot1UYr
rXJoGaZqPbYvtDd7uhgF9obizpVpAKk4sBWpVamhBcu6tjEgGxydo7TRPzSR
jRgURLD1wDnIIcdCvjqXi4TxsKlJudwsgAID4dKISiA+RvLAla1S646f0YAb
omGZEfiKPR7sKrIwJ/DiuW2L+qHlLisNCagowQuE4ts4GCSk49NU1sjSgULy
/WKRQjWgGgFkYNWX72s4ZmQo0LuhvLmzIuPsftIfdM9OVtJ8lUEMDsjC47E5
CBKRUKsHrbFlLFQhilRiwF3hCoaqHUuZE4jJ2tswuZRmbAXOQ0sLVewJR+lI
Cok4dJNYCRl93kiclRNwaeODtEHS1FN0HOwTxwVu9UXq3QLpNhYwmFc+SsbZ
WahA1LKlVdrLREVvyxkjyaUOUCstqF1LYAQ38JCuUODbAzJsdFXtIVt+zxJs
HcEx9Yktc0Vy0MG7NKODqOiKaRJnomoacIQLUC3qS/YsHYg+Oxy3RiPs2sC8
PgPXYeJ+1/ndHzifIGBTaKA3LNURglpqrgPDWE7a4+JBOKW1Q7xQMNn3iwqD
rh9F8Tnbm2aEJMoBDGQX4k30DTn4mhyFDK4vxu7PkJ/vw43ow7NYDj3ZWkcq
MRbAsKqmVCCkxXmjO/q7Hpxlz5XyE/OVB3aYvKfYLD/oWyO8eRh12sqLafxw
d16LjAM7jTeT+li50KSGm5alLWR+DQnI17SOTbfKgagaUgT7REGIpS7XQfVX
aJG+mDTZWCyqXWtzwYp9SQ6tJqBKjBMnOk0YIYbRgEKLZgAcNztMWd7xGtK6
Lxc5sFRelHGBuV2riluEBE4uahXGKcUYkhhxujVKuFvR7ZvoSGFdK4I2MASe
1zAEVec7j00JlkBgb+nHlrgynoEg9zWLJUqswO98bUudDGupzYntYU53KPSX
d0LF/toev3nhvQpt797je6MoWoQrJ7pOom32EClXfsRAJSfKrUVnmBMjoEjZ
INRbGpDh8CZL3dtRtZrWBNEaVehpKkBAz+BjKcyBeRrjoNPbPQzWDpKEAbtB
19zDfUVdh6Oa62fnfqKa+chKuIcxRojeqZQoYvd+CEcVjpmJJjHlF5mSaMAG
mUE7B8o0UZubL4nE2d1cGaRZ+6rF+czrzIOChIGP7rJ4ggZt4BPhvOdowyhx
/hWlPDx8bAM22c2lhu8IS1QVo76CC5mTKe0bYaGVd4K7hx3DqCYf+S3OjIbO
KhLtnb/7SyGdkmK0eKC8iVyUAHwd4OVn9dVjXkLdW2G6VTHLWJVhx288igcp
pg8t5hVTubTsGMP02k3xHC3l6PJ8XcbdxR4vO1X5UbRNXqgnu3u78fbW9lYc
72zt7Q33d3u93tbVQfxQf8kRjWiYFWeMC07Y//5iU6lGNHuKdwft8lHH6Vxr
2vCv3SfQefKwplc/tD8RGAKgVPK8ESD7wdaW/QrTj3LM7W07LjeOt6StZo/b
7taT7STB/8bb8dbW7tYOzPXx48HQnmtttuRctXY+NFP9/SfL4dfuEPRdgvBH
Yc877zAvLh/KD4fRP7Y60XYn2ulEuz+6r9bQ7bdq42p3M9YPs+9kRObPpj8X
BUCbAUlMr5lt3kj5VvYsPnC//fjAcT6srV2AHPI+T1UCJ3b8QWLNTCgOWcSk
BERWY++OgYjrLHG1SicXSYjXSjda5epoV185WSUk9h2G9Vd2ywTTOXlvhrdV
l1uVYM5703MXUCbvX9XV0tQcTZeXKuA08iGH/UCX5tn4VlcS43RtXd88rTxl
pjZrotC1cap9Y2lqjvQRD5jeeZPo1PGXbVHfohgYHYVpwfhomcPCcUrL7Zhb
2ZapKzqtn4OON6E56looG3NRve3vSVU30zOXaZBYzbCWkVk7lqTI5zlkv/tc
EdwAFSys5zVIvqGuTQESdya1uLA8S9yXQxlcco86+qNDoeJ6aAjk/20psrU0
Zc2SarJoO4n8Avptf9EpOG5IY31bZiIn7XnWDV3Mq61aNxUFqJXi0MfsP9W4
9Le+X2UO+S7OUnVti2R0rzzV0rZtBW+Qhv34cwrL827cxJleFifAsf95Jv1W
u/Pcu3m+Ybq+cwE5KkyLNY1PZ34ObPA6ZLrv44Js0ljXnovk5GSoxutjEmfp
dDZ2LJ5DVtjoVNmtBgqqqEIdZ+d2MK/kTPoxsg2G68GdKvuajCiAHn/QqZUS
TeCSQC86TqaCKinmxVnJAaTij5yO8zv2ZdV6xixVnJaM1gfL0HNzclVVtBcl
zA7v9FqS+1c+CfjKFNOmAt5yK7Gdd2uf6tWFyveJHF+fo4lKqcgrJmKG0Shu
4zvahEmOBG4kCMQsVIFD9RmLwOF4Lp9JfWZlzreM8AjjmV2PE7JeYHsuBAKt
L4zqtsAUC/b3Y0L5STYs7qaIOWv/cwtjT6g2i6QhtVA12iRITFI5TWfnCkJy
8WGcp9eZGgP+fTuImCI7Kr4gVeRYlQxRzN8ydrte+RCXPDmCe2jXRMT5AM8U
V60KVQVyUnRlaYJ6dcAIHUbDDnXPtNVg0XKXrLFOufihbAylJm7V85WCZcxh
/fu0hrXXjdDZHSuavdgKQjHYZLvZdWOvT7MXhIxwlucTia9+FMFJpHcP4N3t
/YPdvf3tfWUMIlsRPd3TT3e3zFMVvo1h29wRSvpwoi+v8T6bAFEkl1PdlTIp
PbEMNsubklY1I7GpxjEfES08dEbTbjpa0GzUaDLCMSxoKgpYiDxeYpmE3uhT
oE1Bb0zFMtRjF0DHEGXdh8eoGbEJevle0DGQoVjwGLZryEPIUINYGiGj7wFk
2H0EMDJqdvPFITL6zQgZtiO2hptAXlkLNaFvgyZY7q6lcRMkYMkqpulJa0gm
b3XYu5u+8PFBs4vCgmNWI2qKgLIBpcW5VK/qHCqtVLG0TzFsCWULWvqB5IE1
YzhjnMdYUrGK946O1gyCtUBxOVVnspTAa3fMJiqoWfxeSLh2rIF5JupVQxJ9
XYQl2xm+yeIkrLtQ+vs0jvo18c4Ls0K/mopaqgcdLlJXzoeBqQkfNY8aGQg/
w63WI1R5x4vvBt53Go2qgQy+z9w9K7bcw5u8ISZJoOxnNGmdeUp64thTTxk5
DqYHx7upwGcdNl8xYT55LqSn8u+yRhTIxakNmqKSaUGc9cCo5CYVcm0tsICM
vKWBKDRsp/WK4ApyfN9tTiFGOAwULUtVWc6RO63SgTV8zdAuWtHjvASoVgPz
UcXaHHlOFi7LCc2/9HMUnTOD8ANwByK3UonSnPuioLVU5KyO8DlVJpV6CKyV
LIGvHPVPulyeXtcUtXA0205yOy37IdAwRfTiUJlAtPaJphmXd5E4RlkExaUT
vDCp1so9/eX89SvtPWJxoFThUyOxDQRGI+qiGoUwDrpaqEXlUpDfFGqoKk5Q
sdVxMsH0ZjaBcCArW6uTmLJnw/4b6fqKsjXkQJ8evTqK1pm8rHfXxXFU3Llc
htxH/kEAvYaVdCqcrgX3o/E4NApLg6Hi5FM26PAEVZmHOuqsNQy33DqJE5NJ
zCH+DFSCxg+G6nuX3Nnj1bglDn1LQH792HtjpR1GPeVahbBztAVVeaRqDRJT
g6dZ41bdTdGSJXIfXtFwv0w5fQJj4rOu/dshB8M5rznp17Uy7pmKjK44aJfQ
JbgQPXkfsEQuKZyqUqVWe42xCJguTppMSUY3FYfYulKP99wcbV2u0C4r6ATc
6w9tmrRLfE5gL2KQ/u4kPUBFWMZNCyDpL5GNjivtYboeslBhjOlUZCVlHuVO
GQVNJUqpzAoTQa7qTBjhn8iFFrMQ45KeAOX3a5wSy/jK/IJGg4v8Ps0Z1JfS
e9TKIcwAbbZPA+0bTl7ajLK0nNvEwiMho4W5QBwUTTtIUwdlOuFfdA/1onMe
q3OboK6hwt9TtGd9uIlBQ4AxNxAOKY8NZKOxpf1YUfmsJ8nB+sDxMG6S8RTj
USlu3qsiLgEDJq5FXS5lvXatDsLl2rWchlfkg1lJJjzLrGQUJvYNhqMnx/E7
0B6mU4Uax3GTP0evUArXf35mjj6Ogemof5AvLrLfOVPM9/P//BwdK8qiKglf
9Z+fowtci59h2Yxhgh9s2W8NYHECH9/rSE6dcINYn/qv8M/P0Rv6H1g2OTv6
wbb9FmFcAxMtivjO+plPzUs2jNMGFKvS389kqWk+0581zfv+A2cT1w2XzbFf
wYMd+63WZevTl8At6csVF65x2XhckYzr6/hjLZu54PnBrv3WRcF2q2cgNiXm
53sdyUstQDQIHl/PH+uQghAyQGgU9WDPfuuXWLZzJjMdDcKr9julZOP46IZT
tqFf8Y9FbaD4X4JUd6Me7NtvVb/AlfD27LRLA7CxFEyy9df0x6a2IhldkhbC
Dw7st1p5m1cStG+M2RfU3ELcLsDbeDB4qzYHzCBp8ih+yT8WtaWjS2vlfo4e
22/JshHR6eX7mT3MHIxt+ShWuhVWWjYrSO0XXUFr2WDypf3gif2PWYjcFLWd
fKDM0zGRnZH3jzFvc+EVbLxJ21rfODk63iQkwV/2jrWpjQwfcJPJg6f2W7/e
lXCqh1Xk46+Fw1nLJsF3iVq27S3rrV9v2c70sL7OZSO/3mWcDeEkIG/b3rbe
whpFgY95Zhf4Jej6+GX0ZlZMsWqDOZ6mGIvzonddhHgbva5G9DX90ctGAGrN
lkXtwK5ZES1vNa/EIVzOG28si89mBzvZeJVnXefndc6t/XZ9CGw9KdDX/U1k
OXUO2cdimVdsqEPl3H9oDFNST8pzVLiOEW3e1xU+bJOPXe5WwWM4djgDPmws
8wviMdKnaAUPua90kH4cfReXycGetqEP7io0e6IPnlpAo0qoBVM3xPpCG/jQ
UMdmmS2yy4nGWltiE0ozz4BVtzntuDYn7R3HdlJOss4p4/3KBHjZTRrQVcuL
QSXIquQaA9O9MgLSrvsyX76Ifs5flcqTS2ZsfppwvTH5kg3b9kD8ndKWPrNL
elSRRLH53fp7pdtY6OvAvm3TvrHK/IPo8qtsn6t01zbxYOVNtBv+CrbSHo6/
oe4qfta++k2tur07cixJtf/hcq/O/MSKXzoeCcciAJ/Vwcr3fUuwZRCvE7pq
x+FIgxzu+Tizpu68qVKLqJCffPcfcOUl/xFtbH242t/EZfiPK5RT+Je9zcAC
7DJ9g3JOwKoLzl8r856Sr3T7GvjBwcHcVdBjmLcI1ov3swZ7tAazIv2BTAEt
x5vdOKCs04HMCHabDyqo8Q0aPB8eh2JKzs5V/nOucy5rV7uw9LicdaldTfZ7
9AbHDjXdR/u876Dl/cDa6HJMbTltu8bu9le6tVR+UUuhoF+R/80dXY3gzeKv
ygvdNlZlggfKT84f0lDYOV3FBBOgsg4f/js+eohAfrOJzipYX8iwY3n/P35k
NAj3i575okdfkK/rmwghn78gnTaYNwIku/slSNbqfg710obap3oJcr4vEnZG
O290LrV72xik+E6tlU4TGXOskXnRORW1vuonY7VOAofnsXt4UGU3H7SdpRf4
ee0sha19zuHBV3r8Su+NFTBDpwVNZavIpwuasjp1yM8UA5xgqXk5aufmyQqn
xrTXdCZmWanwoVZh7f7ni/J4MzCfvHHdXZr2+/CJrDYGm4K5uRUbClDpE6bS
WlNL0+dcagnwefV2z3m7h28rHq9Mgi2kW5e/PUNim3CpO5gnXFov3o9w+ZQm
qG2KS03QM/m1TVB3MG+C1ov3M8FtNm045r9WDqRggDlsrMlch1exhJDV06B7
LshlHcwWbU4SpWW6UzXj3Y40yDqhIemMu6nYITUOYG7DBreIvTAnDtUyIH+U
V+UYtEqKSnuZF5TrxDC+HW+4dOacoXr8kiIDi2iCrQC/AwZyguyLWJ/C+7Lf
cRuT2pc4Lyu7dqgmHghtprJoEk/nxgonul93hJjoXcpj+CdH3Nq0YA+JxQ+u
nuQBc3gv5lJiBD9Y6ELBcchVQrnnDq1wGQh+kSo/tbSoMxRlZkxQ9A8uFmG3
KjeIBn5Ahs04JvZkFKHx98lY0nsVH15vsZEvEFFbxV3VgaowbllRe+5QWFpe
fBy+YN8yiIol+voIhJosVuZwEvdOlUBmridnUXY+QyYDzUnxO4feQijqLj3J
CvEdaeBxVGAox3Bjk7qbu0McNwOlWL8+LKmgrpcZaToP9Vq7eDG4r+HenUMF
vaZBBdbQEyLgNGEVk4rijPkVxU+chANhKWmWqeZr4DB0whi01JnvxRHNBg/5
xd/fnCi5WTeE42MfQsXnh3eipKWOoq7/fnCxL47gZ93HymvrUXaveQgOzo/L
tS6OOlJzQYf0jyjzG9dQ1oAiYjGU2gr6p+sM7mngNaXgzwIl6vWlYN2Co4Vt
DPMDXR+RwdcV6ALFg+r2ZdL+SDm+1z97lgSt0N1JwKfo9k11di27bOPZJQ8g
8nZLcNhmEsAnwfvqN32qbc2DV04ruTRYRwKv0akJ6P1inIDWvY0LwHPFAmpb
9Fs5/7/kLizLM9yBL8s6Aiknd5aRjtZghVF3dNSBvtV5c0jgwsPLnatJSMsO
Y63VEKckpHAuGdczIj6GadssL6AvuftTmWd+5TZcUadOkIVauG6iu9fx34fR
4GDv4dH/+vZbg1po/IH85zDaNs+ceF1s2sA5+nzNAUuUAaEOgE/+YQM2foRm
92f4M2WpHT56hNgHZW+4v/VUVZNbjz51vG8+hL754H5jPvlR/bVerU3nw3sL
G8iMN5tk7xGGB7ibSYdi2c3E6IbQZoaQKM3qzoESCCAJbOtHdfQA/cjZTAf5
Ug0H9/Khu5cfsc396rKKL/lomUrpT7aP+zvPdnf63z15fLJ9sPvwR2dH+cuZ
/eWixPCRy7KHOq2XZw982dJpAzU1FnkPURLuaghjQVOIT0nICvvHxy8wKxzT
61RmtLo6wl8CaR26lFN/5VvaxD9F0Vb07R8pl6MTtf/5PbBc/mQbP8EowkfR
P3bQGFX9GP749yoKg7/bWfw7hxr56138Gq0t8DnZWJoG/HsTes5f7i3+pYoK
5w/36cOF1kbFRfOHB0vMVMe38qePzacU2cotbJhfNqWp37vRsfz1E/x6Znqe
NXX9e7J880dPF18fbe6jL7e3Fv9S29H4y2350jCWSynwVvvSeYvENHs1sJ04
u1uD0xJoTuh8m/ag3iXJepd0YfP79WZqr0TfQoPuO5iUjPVr1G41PP3Rb9t8
x8MMjpFEofYx1l6B9nBNbBawtvZAVZM9O4/6dmkgyqwfdouyi0nNqh6olGHW
YAwsdiUfhjdxdp3Ukvx9zCQn19WYaFX6vIbg5OI1lqblIq5rJEnEMWkojaOc
EUfn0loAf8wtitOx0/IXL8CgAQ2KWRaaUwh+ij7pNw9MCiNyc0fHBhZL59Yq
hCtp/egCLpMuvEreoddccy5xzaUuvgtVj8PLhnBF9CTm1qpSPTJIQLeUx13J
waf+bTQaaUbly5JFWuDDEDzZq0bFYCu8FhSY6tWA0+XBVi475dXDFDgZMkoz
LtixKgcn97rY8m7yW5HK1O+0+whKARt0WiUTmtuFQm6wCvEqFGyzSbXTdEVp
yri70BjaT+f6AKk3S2n0YZR8GLBWMhJUhIzQXq/0+zQQGKdBfrBnxFqOKWTk
yCQ4O7NkJPLEIzpHOW5c10VFcWXaaDgajdfg/UsElaf3Lx1s+2+jDWCM+AIb
QRBqvvl1fonkXXyJV+XQQctf21zzOkDhJyy5NU5DC3GKHsLLRsBYjun/UHzO
yv2r7GCOWn3x3XEYM1wYSzzCZZR2LAMFSYNWWG2U/CeiQYlZyyv57hYnc8rT
tuPmuNDZsJ2v8opis4Bgo5NRSl7JN1ziuUimY1hBmpFXiM+aINUDCS5geO6C
jaRBpjgpPlG56jY5w82FTqexQolg0LAZV7QCvmiB0FzzpaKXicoZW451K2ve
K3bPBZmiCVoJgOFdF7R6N4m5GEz2On+R+NBTaFvDBAlCOAjw8/lhAkeqbCwX
cLRLjyqfoTY4uZVxG1E9GNNakisqe2lDS20tKuE16nsdu1wMaRZj3jHWXZlU
pNbKinWyC0EqF03rkKsO6v1zT+HOnilZep+nBS3C6hS2VeiINpJxOnJBBKUW
jKJhZ7Udc5/DUDEvYpTG12vdnb1Oe1UQRz5c4BjXFsZaw1/ieCtYKJBU+Fgo
QCiStYjVcpV5RH6dVVRy0nY9s7dUV9GMSKJJXMmELbGmXq1sb60UpjpEDlaZ
l3IxT16MZ9f4orbH+9izxzONaejBrPR967qH4cXy+ALSQGv1yz4e6tKVERp2
0hGmLRE1sgqlB0Fhdfmv6NkMgVB09yVhJUkpPFvsV0Mpfbko1LYN2HjEEqVh
o0deWG1HBeVbVQukLkGOfLSfH70RXi6YUcTbBIlW24HR25Q4wLRI0jOC2kmv
rOoMDkbRJJ5OMWZOa1b4BvJnjGUBXifsHdfT4++bWpmSUGr+wIT7EBUq/XtT
1CXBdKM51btQLTPuKbv3QWRkJwRonemQmICDvsv4wTYYv8zJtsUTX9eo1Bgz
wEA0DIdlFYWEd8VzRZZ+BgFTpW2xFcR27mAgwtA+WBp+Wn8mvMpajmssTI/X
EdFTXFXx8J0OXwx8auKK1KdTrFRvf2uwHFvgidUtKfeWvEMFSFATsmtduptX
o2wFpFYvUtkGrgxPdLCGirqvE6s/THknOExrZZYf5l7jMPd60Xd3wAkY9zyA
5hhq0IArxmPC/zbg76qgXkfhkFt3wghdRojAjRyBomk05LoPht1IOK54VkZP
e4ym/bQWty949avVg9F406fHXDvvbzLnUcNFES7w0dSqJ8nY0Kdu+RcjKsFi
DwjKLlSwwGwSI4I2jVKVJjg7VyViF7t0CG2fZlgD2P/s9VXvzF1hFRToLO6C
yyIeSC1V49kkeLKYZ6RFkjgdl2a2DUpCL2IRDgagy1HVJwIz5ApBZuzmpVO8
xMw/z/ibZRDYSfsIXYB4KyR0bsZ3umZS8z41L1/IhzuvOk/zkq+tqVWlFCPH
aKawlQOMbUBVfIM2tjCJ49ZqI5zzXSdMVH6wxiAX+TpY3ZArxJyfnJ+fvn51
eXrcsUt0btawSs2L4eW0XcOKBEyE6CJYtaol2/ncVsXjKLszNaPdxQhhxtJx
q62E+7h9TTRrZD1DYI2bLKFsK9XhfXEV4rMKhlW1iAZGr3CFc1bwkrV3X2e7
3abjMVXkiIsiNQClGFKE0ppduqakYjvyYKe3tRdt9MlAP9rUymjZYVBlMXY6
QVC+CExWbppNFRfXic1mtNTJ9bn1YmMqHyX51ZGKlVdMqcwb6RUDZGfVpuMX
CFKTRXJhJVsbU0TbVhi1cGFRliBBPN8uVvWG5HG7lp1X8UzJTbU5CSSjTIun
rugjNC0SotASIZecrLO3upzriM8RgLmLtdezwD7w2Ye1f9Qz7z2iQ6cAf9PS
M/iYi4QC2UkM15rA2yLtvoEGu0cDtEJEr6f1YuiWt4QcA7AiBMnUjekbUfqo
hxnKhqBvZ6oApK0d+H2x5WCH14/bSjW0fdMso+8Jdr0iDxDtBRpcUmgL54Wn
JC14jqgt9kWWHIA+J5VgLMjQthXgOH4VxoN+gutctGZEXuZ55jlxPtK+r+wy
0ti6NEQYl6x1KRGLwYMLIrua24fWjmik/Fx6MMWJdBGcGC1uhpmI5quxaKPc
Ao3VHVnFpqhWyCzLmkCyzxUINd10aRWdP3/99sUxV7pKLITeXHWKnkvpIZ9K
FT/ui/heaEBsGnom8shLWbhnyGM/PlBaVs0Rg+yQl5TKJXlI+gtpcBYX1cGk
IukrizM3a/QmVxU91RDp1mOjVJ0hOw6UOGweIZmGSNf2VKptCxfGqIMOiK/L
gujSqN83PRxtsIcd6mFDgUmP7zbref+qyaabSipE+GNnrWlqyovUVcZtsYp6
nMogDPimHlPh04S6SmmzUsvPNt5GvWq7+zxUf07Hz/3m7z+1IjrTwUau0Euj
acl5Gqjq5+FR/B+wPAG63VmAbnfm0e3uKnTbrFgpza4mqmsuQlthK4GpXxcm
PNvdBWa7O2+2e19itqeLz/bUn21fU75jWnPKpdjOfE77ajbOS60/oj3kl1rR
dTtttcuTjWC+1z4UMdKpJZU1W+R1CenaxO2KKTrFy9jlW2zyJEf/Mylyk2WH
VzsB4izyPUleqV88xRqgeI/m2Upwbo3Wo7mWRrXuZCFgzdEqriSOORbG8DSM
ZkXik3xB/nNj8rG/d8096H27E2YlbiKeS1IUuIhCyVya6+wMqOf18Un0bbTt
SykeaJJKTZ27TuwNfMhuuENVppBOt91dx4Dfs6nIfrobrQtpHiNw/mjd9hiN
iviq6loI7kDJ/ySZ7kxsSZ5Mp0zSy8p0i5i7bZluZ3GZzhLaQjKdJfK1ynRh
45mS6TBDJL3GSBF53qldJ52QnLcnFtglJboGmXEBIa5J80St6BF0pzXPcu7c
6TjTR57O6sFM14xcQaNl0/pyrEPiTxdFVopwa7P0uTceOZAyeEWXfTC1LeXi
vJBNFKomz2TDjVinQtZgPTrgACCnpjERFuh20/gOIzG0rZs2WgyrYbkfo5Gy
EV9Sqp/YiFWUT3dXmx2Qi3GCNVS45Syn6yKfTbu6oqrPpUxViJ2tLTp1lSnM
ZpRE6X29AG4boX65ToUiSjG4hRaJspqod7VKKlud3Lunb/gyG2JGl2/koM8w
UqA7SKni2DPx95bAsXDAyRWouTiju3AVbnzXm3laerVp6xl6dNB4yHAWH+WF
U1mDH3gLSOTSOnhY0jLnUelKb55PuZRC1VbEgzd4ka5DC+0XKcSNU6/HFmaA
ezq2WU5XaYvGNpYgNy3FLY3huBVX8eFIKxFhXNOSCx7gEEbzAHbIMoLdowFO
5W/h9ZsmI+/u1YP+xTTW/04qRv+/k4bRpE/tLTDbvXmz3V/J6nF0rJ3zX0bR
ES/M16bmuLP++rQcNb5/KTm/ESVnIS0HBMJ0IufbIewzFlIkPMKS3Y7Oa0kA
Suzj4t3s4l8i+NazZ2mUpP+sFScORr1y3+a09WEh24MwhAOI/6TZ3W9qh5KS
hroHfngW2c5o7YeVor81XcDu0ZTcGzaqYao9DNyUNpXyh8I/zAidFt5H3oTF
asxiS8hoShNS/kJDi7oW5hIKTBkoFAcCqQq4iJzieui8vUkyLRH5YhieQjrv
BUU5oASHycpUhxjVH3R3xuK0ESYWcelLJcr6O3wkPVqE6dMv4v/EBdf/VdEV
LaI8Z4TpmqYyOKv4bw3Agux4VEQanWLMuChWnE6TJ3jDEs0fRL1idOPJkDML
TD+niAZkSSIRi2Br65cmCiooIQfo+/NOa9Uq4Th7yUokhQXLAQQlIa+J3B1X
KFFJbipu7awmyoCQyrl++jrWmYYm7N8Z/yOtkLqpiLDOuB/5cDgrJKQUqNaO
ULdb9geBLWh1vZbkaBWqXaCqvZUDIH5oOn59rhPJsUABA4JnM1B7Hm3MsjH2
0neK3idY1/nhQtt3dr6p2KlgdNWMHXiik2ykj5ecGF2FAI/OvZwcPjQYT0lt
jpMR7wcxsqPmWEFS5dxMUy2ryHWJULq8Cs9TNDClvs62I0HUiJOjC7XbzNOR
5WFCGuFk6a527XQpebd7g+9STAnaAbGlrELv+GczkgbK+eq5hYknvf0stvEi
faeTIHUwGV8J/z2O6/1fbwXHutww27Pj84dpAYoaxvZg0i4FwIjSReKCFhAW
IOfkvRVSOffSJ8ubZOaSytqP8tusZFMWqlgLEefvQTXjj3m9MCxn9D5206mX
leiIhs+IhHR0kBK96sxh2xOyON9FKhnbA2oXrgYpU0BNouKflYQ2N8ibo2ia
IiA/PmhKA19b+6JJ6LGXqW8s49u+few008aMDrs7hOz5OGD959KP3FShaSrC
s2kYJrYUT7Gfv6kx1lxFZsEwdKMI1MKGLwLGdIozDUXFOhGvP+iQV92RSv2J
rFfCUHyVH+5AqLEq/dsLhUY7sSTAOEWs++RYOfo74aaauTWXuAyXwehEwkl1
EyvEHs+75OQO0DYXasCqnMFmIQ0uho8p3doFA3awf4124k+0w9Hcdcea0CIr
7LxKXZPFYlv+1ZLFhdV8lV8zJDLFGApEa60ZO/ZQEtPK+D0HKcOdwQRcpNMe
gxLLXVjyRSjnFUfZelLw9Mm1xw60G+4iqOeMxAMh4TrBuDLveqjnNbm1z6VS
+8jBceji0LoYoDYRMAkF7PBWZxiLAeaMM4w/PmhOLpbr9oa8SmTZauFhvl+H
33f5NXvfLJ1S23REMkFwcz1Qi4glHZo4pZWNqqw5xi2nGsT7qYizKlGWRGic
VeiKYIaz5NYdmyDV4MrzCEZe3xRcOychWyxLVjqhy2NkUrB25JwJQXnQP7r8
PoddtRmQj84VHTDzqE2L7I0uoAHN5GpW0DmyktjJf66NZJxbHh2ZtFSVyFFf
Og6p5aaYO6F+4+HR1PduIUQa2FdQbi27qkCY6FOm5AoZkuECHt5KPcE5uM8d
yx6lJGyYhE6pbr5AJfOtQPJToMZhiCEl7Wk1XcEB1KCCamvtwAWxabXfrfLu
2fkhO8fhySOyuxIgG/Dz0TRH1CWFgPQJ0x+G5pxhxLdL6LB9LrSBt05WCras
FfFbus8e7+zvSHQ8fukWA7CvND2uOlkY1872lpGAyFNOS0zZZ3bEiBMUIHsb
XAPhP1qaUN+oAAKLB9QuUPwon1UUu0334m3Bqb9wRvys68DI+egQpWRV9xmt
g9pkZ/wqznTdugsfDW+rdZwZSNJjlRx85bRRKageb59MtoudWOz0aOhd8aUm
Jl/exIVRsKDpt9M8a1E8mViNC4Qtlq5DpUH2DW1+pPe+5vIRx42V0ew6q/AD
ENMmGMnAdV+KnLP1LEmjVrLtqTeCTdwDlTMXMORXrGOo0Q1vkuE7z1Q7RPe9
8UXCq/SWqfWQVkqL9lfz4vL1i2MxhEsKpEL0dStQOuAdn5fKBl/A+JhrfbFO
mnjdxeWrk+8t3OJmZaM1XdKew4pNtI/QZKXS1U/7RCyQHneMLNDcu43HYNQL
QSKBWzpLgUTHAvZQsNMZXpgkcaaLCVj6s1F1emEqa5Nu+xd/Y33NQyNQx8Re
z0XFwQa1kteKb3md/mmOiGQx3eToD1anChQwdA+N+ADCo0CLjIuBkC4GIt0O
nmmGW9OjtSpgGNU1TAC6BAq7YNXU+aFpsWW9NcYUmxOV5SAnizTjDNr6pUo+
ItK60+9p1BcWbxv649HaFhZGwDBZ3iJXwBBQsugfYhjkdrRBlmAMg/z4gLze
C8lmGHjJ7Cy4frCukg5+G4vrniPL7LQpsWOjrBINYgZh+vWtAebU+83Xk0FW
4JxOPjIzzR8WyDIGPpkFYg5ql74TLubtr7YVeAGWbKsxlgRb2HYTk5tIPcRW
3JMp4wvF130NAr4ETVCYL0qCbeEeNCelDe/REr/NDO7SpgR+qPXUQooodNrQ
h0X2HEBIoX2WWRVOldMW3UMaKArohcQkqiJxS7EABZBwry0qNyjCiodbi3sh
HZ/mqxe+kc+KHuOqmyqsFLrIJxOJ0BWDM8av3hapTpZVzg9XztMSoo76FJNo
G8BmyFomhhr2jtkhQni+0SJmlX9lGw8wt2SkP4Flf5ckU7zRQQbMr9qWgkOG
CSmd8YnYYnOclsO40FpY05lCxW7Er1oG6wvt2IDLYDYZMJtDT1Gpg/uhX8qX
5cKz0kZrXyq26o5VgY5YvjSnvKOD6l9EeJUq4Fj1qAsPbJhVrabYw1hOH2Hy
pNzaK0/qJle5if7T7ZFL55z8k8MkesXrVE5jhn7qc4jzTTwrGezgm7qxOiTo
NA13gGRNjkKiJoYcFcNdJxrNaBuSD9NUUoIZaSSXAmfsyjEhFda2zjLDFEOM
RuctYAc1a6nKklA2fq72xNmDyFWBiZmXDe9sY/Q9iW+IgcebYdJNr4+WGRQe
HBWwVBPDLTVYjh+S2A38rEBb/RUcy4lDuYNi4kXrV0SaqSgzvFiPzhs83es+
KnEgmJiVwgWwXoiYNvCr8806GXCA/pz910ImOpBVoJjrZNlwY243wwFk2Ic+
oC3kaimyq57J/r0fSWbGX9WZXH3no42Fdn7z19h6Fr8CdnLf5amtvoZbtKof
tH+WrFVHWdcgMWWFKDE4E1SLU7l+bvHyCgieWiJo6nhCsQKoKQ18GCSCojI8
B3hUOk05QjtVnl/UNNubppt0kBAWOx2YREkMrKfT8M3sCBwQeDTayMX3w74W
s6QNFn1Y5+bJ4MvTKjAZ2NVnbPWfkDte55mJ6jYBDew2Zr4/RK/8mA27+QAT
ZpR+VynsDwv/VEavhtu0SjcU+Jhk9v7XPAwWv+ebgSIMdEpcDAuIRvO0nEQu
ykdHBzFhGLpFRsrKbtUAxUgTd1oe2kmAvmBm47t5TvTeGmO4qgmymPyqZVE+
PgjLRFZqBMWdC9b8+xRPMjfbQBqe+ml5IVShM7JiFjp2SEmELSEKwtX9w2q2
VBChHP4ZsO37guonAsZiLBTYp0SQNTi3NZUjo3NcGf+G2cI8hyQiLQPLsGUL
0Uq8CzeOpjlQ3F00TicpBe6iS2RWcpwVHBZ226UTssTFk3yWkdXduHah1ZgA
rkXtTCcY3oKFovmeSk2JiAWuOYplq1jQKRMrkAR1w9g+LAjPmEymdGAxjDum
6mfi19EQvEZmJwubxC9gXQVQjpCL3CbESyzX8l/fHr8+r+UHSnQM9NHlPlgl
lLCQNGMI1IRXB2FdTWot/k1HWIq7ve7wqqEDk/fZNYYpsO6YMI1hYYNTNoVs
6ZGIrGkhtNNKOdo/LR1foYlrgDIlNCvTKbGG3pi8FmSi5EAIATHztm1Bsxzv
k+BQl/rGoWgvMiMwYFqo7gRPzas+YTPDWnikTqvRtsp5vFuzQSX/bUzzimUc
Mkt31aW16e2hc+VgA46xjI1wOkNoOROcNlzOMuHwHQ60S69sDoU4WJbAwbvg
BSG91ZGMAmeddMOI1mJyJQyXgsNEYO1VXRBtUyxVLoXznI/9ozN1I0enx4wH
5MVk/LsNjYn6vRtnwPU9jHi+rFttp8mtll7x3HXUfqOyKHmrfA/VLXLa81cF
UU91aI9tsCP/8ZOD7V3l9pdFc3BCSdJBjq48zD62nI7lcewtHZ4Xm5GNJyhs
jzEq7qpaBam/c8Bbw30Pc8pMDs3MwA/LV5LCTgG8+EPlkBLnV51myi8qKVa1
yiqtKglViGhWS1yNTqQL5ddkzTHRMcVBVE9rUZslKtMcp7eRRWJWXIciMonw
DNsQsaSZrZGIQiKd6ghuGcnwWtx2yzY8UHORL3UVWpyOQGtLX33imRNkE12F
sm8USrOjzBmwcAvqm131s/hlsoVjM5WlS0iANkPIIK14+5NSYRQsvOV4azZ4
/USsU2G77mg0fpb2vorly24cI7Xvgg5F7R3vqPpLsguJHXgYwr4ie5aq0xGw
CNvh3GY3PTW8jigmOnE/TMBqldxsfl4fuurd9mt5VDrgGPUoxBF3u7OOX8MJ
KH3gV1SN9DhkPjWpfbO3HJGh/V4Zbz6TzH59QvCSKcK0cBYoI7T44D3Ubg3O
rXOGtUUnSChCBA2Ucs9U2d7ZL06WtQoqHsOURursso5PPZBwKrUuLHizsorV
JWRNlEFhnJaV4u8BtvzJSEO8FFyjx5JMifgSC255/joFYJu9gkpNi/SWpJxG
8zdfLrWULpEiyK8schuGElpXoyuKUbyI2NG5br24uIgkdDIYtWHEyOZROTg3
C9zLC9ju0cyimtWBgHFm8n4tD4aOsZfDcJOMp7JtpNCr8iJD1nCDDlLhGyQj
londpEJiWFcINOtEKeugd0+TdWa5aN9hFXgerpQk8VCI5JLL2ybZhZarhiVB
N7iZhZ5jr6kFCzPXaYOnbhrQmRIGqBj2Cg0DSN9FOphVypaeS0qGXeqEghbJ
ImsjI5PiwwuJzucZYTBRD8F1DRQNEdWrEjKjnh6anhuragiyNqhqiUpdp5GT
FcpSC4AVzSree3TQoXYjGEW0ybhIaEhr3FcKnxDsdnMNWjmi3LcOJyPKmpMJ
6hdVEyNjL1DTWYU325gbgYKKxfBGYoelMp0pXja3WKCdHCGl7WYKNiycKZHl
GGZPqakgruj48+b6jbJwl4olXhJLbKzfGH7dqt/4J6eCI9ZojHpUP/vovOHj
tc21xmdYYDf6Jvqf/7PxjUtaeqtKfOBPT0zk2JTU6kW1pqHuN++ZXSqyhWB6
658CNfVsJLaBAYzQxW7KWgKqbdCv2aOdonHfoNkLMWUE5Q/+tlPDnAhBTPes
b3f0t7u1b0PsweREsYTpQp3b4fsd90ygKR2h3TVNkCutfFdKOInNF0lENcuo
ghM/eN0tMBZuux8Yix5IzXpohhguynlL4hC/QflkYnKhFyfxNFIVZJQvU90C
aba8JDD3hqf75l1ypxmbHgY6fRwulkSnR6+OhNmAaL6OVmw3h+Gc6002xQx8
/Aif9ORpTz3tPed8+FBRSWRDgRqeEhCcXmd5EfDlwQ0Ft6kCddKNvX5zcfr6
1dELx2cWLBBp1TXcNukajaut18xKkUDTdCJuObKUoCl+25QpYQLQK85+JCnb
qrIM14d5PD189Oj29rYnjLkHysMjKUO5oY2ocAWW+RhvdyzGITvJrzn5HUfn
ch3b61o7KvOOw4L1J7ex+iRWnnz8ZHt4sHtwdbD9eGs33rnauXpMf3aSg/3H
Tw62D0aPtw6GB/vwb3xrBM/34H8HB/sHyS9ZpLIZ1GGZIpXn5BPvC8fCgHAG
TgPxBuuAhkzEoskOvQxP1hRIF0Dvs8bfuGVfiCgSfXVRFInSsFiipuybl3BA
cgIsqUEE2c4/jlofaVmMRbb0fTy8Uw5AFVFrRxzxXH1EhlRy8a3M1aayeZ1F
T1ZNiPbUgICIrMRjupac8iwWW2AwUyv9mi41ulx7gkCsIYuazY7f3UX/ThTl
2BwHd12iM7jZxU2SoFhLbnut9AjeJarNbZhZ9KqPQiE1Ni4wCHw0G2IZkizB
dmNgz7jrNxSNK245xmuznUp283atTM+RSjCwVq1z6H1i1e1ENotXgXYwpnbV
k5SAj8emBRXu2TDN3PJOqT46woNnBHdiZ1gon5I0hEGcTXNS8As2whZoNlYx
B96eGzJ6s2Gc/Ixk0cBnrZhmxCBRsB7nyFMlvM4Y7Liw/Gw8ojIJHNCfUzok
BoeklU6hszGyakEMCjsa1Wlm00bNDcpqqmwRbpDo34/kfQNJrT1zrDk2oLn4
q6lQWU6tQqAoBmoTJRUv9UpRq84NXDYnOlezwirsEgD9459QXIo2Ts7OCHJv
ExH33mZcDMcatR7maF1CjJIM8Uh8KG7ZgLionBMlMmyZT9Tum6luVHdTVc1G
OavmA+E4cZtE0puCrkKLCne3wSFC2Ewvln7xxVxkJ/lgBbfyzN7KHdnKL7Ar
suFGdGslTx0bAYud4+VF6x/hqmlWCLs7ObTi0cySUH6+GCvrHjGduGrto+yE
HkAn0CIVTRqnhHIjZxnDeTW0MGHuwQE2ZqIAUCEjMGv+0nMrWGPZqpGEH1Bc
PcgP7K51wpZcYCZ9sYVupwA25Fy+ZsGkrmy5SP6TwC6x1a/ZhGFmfTm4Ex2u
yX4ReFeMF2ubzeYAayFqdoHAhgWMAr4erKNfFcxA6coy2w01dkXrr0s9AYgt
rLHmilDUsqcV6xpi7mGxEYiqRQitxo8WGs1O22gcjr/6aE4DcF9fqdK636rm
Laa+7f+CqleIWy2pd53aAUlNpSTsnZL9SCZYjFzGMUgqjOwmc3k+rsEHzJFd
jUzs5jw3WcMEB8jY59ArotM6KdpF/EL3fwV3KAY0VlmGjMpBUNUGAUj8OLJQ
8fs8lZAaZeSzllMHSmk/CMunFKsqQLsaBTBw3VscwwUWbz+niwiorlQjhn0T
xXXvwg253zi5VCNHtolvmj25eZ1zFwr3xdTnqMXtsffj83iv4bqm/htmoDdv
69xJrrq/LWKrq4H8ehvctFPuvhohdbH1covV9/Vdwprj4kjbPjngBBdf+PBt
aKl9FmKrZWt35F0q68BeekR7sSJy+fnRuQQh4AtdqlcSo1fdT8RVa3eFfk+U
6zw7d4mRYzTf/WAxGVsIFifkBgceYIGV/qbGEdZDhGsrjW2rKrz3yOCkaCOr
CCcWf5QKSNwvxl2jgSOECCQxDFagp8jXGOvurBX8cHbSf/3y5cmr45NjN5tZ
DEG0C9oxP04HRcxRww6EgkpuNVHvrIuIHgwywmwMgx/rpEYVX2GV1Q2H0sIO
UCcHzurDNomH9vnFxRt64fjixbmA/W3vPYZXYMr6pyd7eweIK4Ox/Ua2Jb3Y
CYIVZ0nT3spuqnQZmnVLNgdiRo8p1UCVFk5NYVygSxwBIkrP689N9uWZN/bq
pdYhp2usqsshk6Rn1aCvRaqUhkpHIyo5nFkjSJp8F5YBbBpTDUs8DhbPtHNX
PJQCDm/3kbpLHQXmop2tCnaGYTnCuY8sQ/kbPmGlSqzAcf6ZCiP9NbnDpyYr
CLkLUArjAGKqhimMJOe0lNQik5khG6YqmdUYkVJEFOycr4kxOqPF5Wwj/zQw
9ncUQW+NGn/kSk/uHvGx2X+6h2KxOlneWrqT5CQVYTjem+hr6k5ng3I2UItB
q04MbZSzRcwuVx9YHOW1HNzpUKZIcJ2p1Fse/ZQzNqUif13air7JdOUlu3Ye
buMx+hwxgIUs7wm6O6KNvx73dfo2waFcKfGCmvWqy9yKX9Vzavr7x1OUwWvT
k1C4cY/NKacxH2mNa455Hl103WfJ2EcGD40oH6CrkR69ukQII+RJmeWqizn/
BRYR1sn3BO9aRZ+QgCTWS4ERB0tPhDY8QN+WRb2J1C3KjXDN4blKFvKjqxDe
iOEl0fsx04Yrd87qsPEpCPSqghaU6BB4p7HIffM5koUSG6Q5sSGMWSEI5kwv
Qa1Fsd1y4RIxc8ExqjeWZ+1LLxxjPj8yqRE2EIkfde9YT5YptET6OO5GasJS
Pcq5PPlAsF0F+ymv0FYQTMDZq9VRJ4Azt4i89JV8ECgwg87vaj+BjJRalkUo
19o6bGrpnE1jG42hUNsAiYD8GVCp2u2m6VvodA9lIoXYDy2oYgFjmgF3u+a1
qhKkmpO/vXl9dnFydvni6LuTF5cX3x1f7hxY2YZtxlTprEudlShwXQXJxkKW
eyjRsd7Qbh4+RKTjva1NK50LzSnVXS3qxW4NT2x14zW2u2M3ouOe+F0cI+16
Rm1+9mEOXnUrnGXkq/86sV/liYWt+TrP6eP/Xuf0QdT//gKlGZCaJO7kJVVR
4Bj6EgTB7vC2wgD8K+Xs0OeAKc5F80EzFzY5tJvkwgwORk9wbVVP6sOufMiK
ESq4kxitISSkUGBGoBtbhsRc21spnIAqOBpoblAsg+//1tvfegqyaiEBCklg
yt0P+0N8X7SOUG/r8sq6ZTOLReNHSi6K+M50N7S7IzELDuVWcH6mYZjQGEun
sD+S6cw87b8+P4meg84NG/BG04LHX/H47x7oDL23mRrfd/H1EosxiK/blwJe
cBYiGtjtLzd7aqth7vRslZk/j8sbSdevzTk45ap9wtW65+G9wQ5cLwuoyWJ6
qC3D/FWoGtegWnHvz06jN6jnmBSYxVZi1r4SM3fjsRvqe/fpkwPgjxw2a+If
dLdLrcascTVmq61GjS30FzgIw/1h21rA43ncoB84DhZgRQlCEHr6OAB51MU3
w0tCfQWXhJ4stCTzOw4zjcWWatC+VIMgv7jH9Rk0rs/gftdHs5bawgTXpZWx
DJdkLP56rb5cTfxmuDC/WZScfD602LK1cqHh0lzoHleuiTcNF+ZNC66ciGwq
lD2mxi/RDFdfsHfwt7YVe0fo/PaSkcz5fTJQKgr0tin2/t2n6A0ZBrtmzrq1
j44RsiHaEOSUhcqgyHcSUUUPytBK8pCCS8mPFubzpjB71O+fL7Fmw7J9zYal
t2a4IzSh6DypYM3657/0muGQGtYMHy2/ZtFf5moGPy2rGfxlVc3gp69FM/jJ
0gzmaAVfRCNo1gbWo7+cv35FJ/cc9Ny4mhWchnWSDYu7KUftzyeAx/vb+w2V
6FX05FCiyqcz0PSH5BAR+jaWD4kusfhqqgGH86su/B/StlgWsAUHZUt5Pg28
Nt8QhJclMNyj9DqtONIUpktt/+X78xX0G2tLW2WVDw2yykq6Tes+hk+Ja+Gp
U+O8TQPG8Qx3RWo6JNSrM2z0D+mVo1K7sd5aLKl41RULiv1VD52lsEMd5abE
FOBKBbi4xTh55njKaeoqQLVdoauVnVtanfvpN6LO3eMBXkXX++nX0/VOK6dB
Wgg2eXX8fDzo7Ivrhp/N/urT/SXZ3zJK7U+/KaX2S/LHXnSCgoNkecpGEiXy
DFPm+WVysKfmEG1YpnYxs+8d7IEEFXUZ35ZenxVj9cVmbZWWV65/+i0o16vt
0/A3co85M9fXWItJwZnzPRoUfvrNGhT4xlvlKFdLkkjtEEbnz4+62/AMlJNp
gSEfHMQ3naFziwI/8LvaSXUopI3911bv/iTbJawmP31tVpPPv+WbrSx0y69E
TrMlyQlXh8KNS94Agxua3zvdEIyGDhRqEh7ujboWsCz99JuxLC1BbXUOgXFi
8VgBZyjwje8vFrYm/fSbsSZ9gXXqEz1J/MBFMSur6Cgb3sD5eDMrENyqVJHk
4k+v4u5UnjQak9zTyW1X1HbMbUsLvYWSoRAmkMp48Akn7vLDP+CD7t/gzw8/
rhuWgK0YOxZnd6oACi0g2ClP6JK/LuLpDQzl5+gV4t3wn5/5DHDK1c/RMUXZ
smb3uX9+js507oX9MwyAi1ZSVuPP0Zb9CWE136migs0p/0wwNkpC6mEOltDa
x4//1/nJi2efPlmWRBgAplhiUEhS32udZdlMKOuwU8Cnvl0fUlQppVxam17y
NkmDqkAnDp/tDBpy/P3nTNVHWFSIB3DqdMI5p4e1IydYnF2QeSo8dBv9o3Kz
6cRc3E1Dx6XCn1c/K/T5V3lSvDPCyYY4XCbZhc5Mw2Fo+QB6n83S2gF5cNDb
fbyB8Gab9O/v0gzBO3CEmgW+fXt67PXun4QD5Nrtvb+DzuHLPbsZglWz/o1c
3ir92DR3r/et/fm9g5iOX+7sWM3QxYIkS3rIz746Yospwd5/+MeoiK+qbotQ
+MOP0vuMet+1mpkVqdMsSl3TuuDrjmKl3j/w3Hf3rN4a5x6yZDWuPNmS5qz8
B5777v4ycw+NYoXeA5yZ+EILWyZuFODJD6LX04SR1uNxpEBQuJwDJf+qgpAm
n8V+BRosQGW+o+JDs1JnyVu8zcNVQHWN4tWtSpO5NQSvfUY8xaIUOmvLCtFD
IKHz6DuqzCBr/HI2rlLMpTkSICO5aY4VhEQz3hBO2KsDK3UgNfrpRLXOSzxM
p3jrlDMqEUkWC/ZvEXwdRc1zYQ7MLSSUGq4hpxsmVBw9suZbqKOdY5gZqsHP
KCeg4PxiGSNaR0zqAHF9e5TWILE0k50clbpAr6EZbtHnO6jT3CZYD6dUE5ZH
uwSrpSGwWK9x7rTmOR6urXWpQIyVLsnxsyej4/MjnjFcZ9DkyWhnf3/7KdGE
yONbvcav+97Xb7o7+wf39e1u47d/q42RYA1yhozC/C3MEYRLVbK97FrarbXd
VNVJsXWF6kZoLGIClnNBwbk+sgJNwqPDfNmmQwF6pdw0AtK6ak8oLlVGk0Y8
r5eSV1lrLl49nQ3HPq17d4v0Mv+ctzAK5RHXBl4hHBkd9NxeMK8WBR7C4q/V
VusgoJsCPTIQU+7cOwJch2o8mhWxVJO4zucwEudIqihsv664rBfpexJmgPw4
J6j3nHGBh/E0HqRjFlwZHAo1SkL8YBf99cxU3CA9V0qelQ1G0HH8LukC0Zoc
P7EkYpL3OBldJ4zr4IzOzvhUvSaCCffXJJnihOy61EcEQqxTa99OsTr4MR0R
xF0UfAo/IZjjzuv1rZEyBrN0TKWo+QBez7Dsse6gyhHsq5T65+FEUQeHgk4i
ZohCsyOTFx/sXIV1EzRHtCGAbgqCNHiAN6VgbtvLkn0tvUzw1tcJ6dYo1NEg
GcBOBnBIwwKK66g7f5AwjsUR0JHeXEZoLdDKNUzkkrdKDnJR5XSClBtnpopv
fUhH5wpMyt5p+PhdMsUMQdxxrNzQ4TN2RQzz1sm41gW6SlsD7Anqtx4T9DST
grTA1Ki6Ow0bNUDsHKZI4IZhWcNJLnbEJFeXs40yKkdFmRg92YNygB2oVyIN
aLQq2MB4kr1PizzjlPCNo/7JppWez/KiLqg0E9zH6ySDsY1NNqgnUzngCqY1
nb0sxdvNofKLOLL/pqXxQNI9TpWe8QbZpoZAxxq6U1L7sUdp1BR40wn1ML43
aGLFNy0TK+4sb7MqkG2BKfh2Aegzp2QZBo9xhRa0Aqc8P5RFBU7IRXLFO11l
6ZoCcorblyYNqrrN7QaR+IDZN45NgckkcYF55bo2EWdISV1jBfFcG5aHCuJf
azprBoaGUIHIHxmnJreALagw0aKAGL/HD60xejgbZA+Hq876wmD2USIRLQKd
7vw2U9739D3yfDa+e1KBZ5z3052sjrj4vKrZipb0imsz5ixuSP2QEH04YEKT
GWLOounImVt1U+Sza6KdlMtBJIK93yLXM261IOLDSurillfxEHmygujH4g1c
1mSJwQbq0FGxKCRKPMHQLa3Zm7O//nCJHDDJfsrvJDmeUC/ppeGdiD1pqSml
RupOnd9mRAYlKPpZ0CGYTSUqyjMlu8qhLl27vNAMrp+ezi3XDcFDwlKZVzLG
8g57AGRyovCSE8DIflu/QuurdExXtypB6o5iTyWdU6HPeW1allKvYBDXwvNr
y9p0seRmLVqi4pfZrL1fbrOCVEIFPgxmyiiRKAVS7wiUh4xAKMcwUIGDN9GR
9EnBrOYPQH+nH1QqZmzKFwZ1ALXfG+WmLQkM4hK4osmXFSBhdjo64qiUntUD
ZUNHfbSqelaCUtwQPkYAH3p5GKOQiJBZxIzLm245GzAaSTTJR8kYRnaqkPbQ
Pq8szTq1mFXSCagVkS6wLMwUh0fYWLlGpzELoLFWkg9TpvE8S1z8HuT5ZDVJ
oHWN/6JlGAT7K2IyFulcVuBt3JN/CGxlg6VcCzbImIwQRkoQu6meqi3dT3XZ
HhYlRMrR1iUP7oVWFXsf64RcUAewGpRc6SwuotaGvIKRsFJRBZR8JpW/5paX
tDJ+h/EYqy/oWoqEtD5FgcYuzmV9BMdK3VLuFJCcBQPWmBkQgzYtfyIis1ul
Q2XwuykKaAzHWt0yTHrRbYGmC+vDXoSwzDZOhjMGqfYmghQhmmTcQ6kgh0rc
ALdR6j3HISNG0uwKhFKGldSVd3rRMSztGI2YpQJMJ1A/oZiWXaW9Q+eJIgZH
zKYtMchspLU4i4qYxgqZHkgdCVjto02kqkgiorgzutmEK6fj/JtJk/76Jn+D
IB0KUcM8bRMHNxV8pzratnsrlEegog6o8hQ71oNingL6cgISSopIKBleLOCD
x/p+Rhgb3/XMNefrLqh8QVPcEnzJWosKD8EAsRsOELMKaNWHTnXdU6oJbOf0
P+09cTL6LWekrwH57D24ZvXgGJ3xrZCI3GyPT5rlarXWr7IiG1SRummiJ/Co
YuwEMZRBYpUhjzFkjzyUNJLpTDiajR2hzcE8YsT0wQ+6WgAhtVnbmxhBV/D0
5WCOQTZGI4LtQSad/I1UU/iNqOSq+MOX0Mjb2v7lFfIjF4HJNkjXi/dJzb6Y
/UjjvHTNRLoSmUAJcoXglE2tQBw805t0qvAQI/bjxKP3aamQX1X9ihij0Kpq
7HVheX1URaCE4/ft0StxmmRdWiY2q7sFC7EAkCp83ASHpxxnNI+yVlSqwzx6
lFQxbPfIGSuuEyIe2xbBKLDURjjFE7mhp+NWSydxEGWDSAE/e+BZb17D3WGV
osWtb8bfUlRvaqLPtJRCNU5ZjKl7BvQ1OZZaz4FCqA9V/T0dOedW4CNmkZbv
2Io5SOjqKLAmykhWwaqWrtGteItsAI6W0ukdYu9Zcp1XqdLNjbmnwYbj4Vf6
Ou+G6EybjkKlEX/5ZSCcTG6SUxNL0P8BqyfAf882edKwm9e5XJkDp4ynPQ16
t3HG8gKRzkJDOKMhnG6KE2bxMSChtw+izxtX6qf2DuJWKLYH1Itx3+9r1bm2
d/TFy6xvM3Tt3YmDFrciHgfYT588rXz0dHQSXdNjX7DVLjBVkZ51pnhYAIux
3svg0AOf1/ihqJWiOCzR7+PkqpKo5nSSiAlG/CcTmOo10V9qVXYZ3WXxRMKa
ZtORSO6gP9XXTg3Kgp1OgmG3VnxwkQhEWzcddbl9yTmlEmbtd/BN7Ic3xUMj
dmEDq4c16QiK+4ppwmrocBVrDMwzVZ3tAQZ0UWorIl7lVJVIYV2trdEyEA78
O9b/49HImzQsRaGlvHW7k3VTA44rur3RfrVIKiTyN58vsFhdEfpexxogixIg
341QBw9kWqmK8d9Q3NdhhLBflxy/x9QBT6xor0M1QRoXLvg1nxelaNanEzvT
oettaM0nMfOh4qVKjBTHa9ONaws/6rpVMeBdu/0Miwd2bHOucgeaUNlxen0D
TeB/PSswakuqWKSxudSErB5W5kY9hgLlDqPo4rvjaINvNzU6Liaxs7uJ1nSl
B8Krmtw5a4zwyd4YjSRArEKoDPq6Ap36fTi0Sg975qFHry3fMp6oISWmIuS9
8JNJwnlLd+ILkQsOXY88a1GO0xSXlte/zxUHxgnwkdOTi2fuQs5ZR9qelyAH
w3q0rCrFp03ktftYXLfj1qXu4as99epXziic3aU5/jW5O2wh/P19pHyOJMUA
tkOsWde0hd9Er4v0OkUr+rnN5/1t1sm6nM0gxoLA7hJNdX8qsdgHvbTK3gZ7
c7YU3+jBGz16o8dveDvptbLxl+8vPmtrHu9vP5Wtof6CG0QPHEZuxzQg7Tgy
7mqHLphbMm9PyM6x8pa0dOlsDGaNBHdjsQaW3hROErn3TfmLsog1t7fQMeRX
64dxhU1vRCgJ7HgjgsjCO2+Bsa839eyeSNx466XeSwVa8mUP5RPNLwNDVHLC
h/1hwwsOVRyZPO+hi49i584uvn2BtGxGnNb7+odB8ce5Yx8sOHaTBtwI1rH6
2Aerjb1aZOxtAeerj7habcSzRUa8SJD66iOfrTLy4eo0XsuRX3Xow9VIfLg6
id/j0Fei8OGSFF4b8OrjXYm+hyvS9z2OeyXqRn/RQjQSFo7CSaSLJ46uOlvK
G15pusNywemG8md/vekOy9p0H7TgLgdkl0Zc5JVkl6ae60LrfNnlS4mwj7HY
UKMIwwKoICDfqxTTINeZHv3emkTenT1H5rU/sUVfIsS/wUCWJK8aQPUyB0pN
Bu6LexWj5i1e7Ub79RcPAa1XWbr7kOHmLVetjznq1e78xVIZjasv2HKsW03l
PgXIectW6+szqWxWpKsv13IXu9jB71dqbV+vQGf3cSr7n3Eql5WY1UTuVWCe
t2pfhJd93qotJ6yriXy+rD5vqb5CPraspqCmcn+KwrxF+4q42LLqCU/h19dO
2pc4NL7PJ8yXHHexrLYwXFk5UpP5tXWjeYtdH99nLfYknkaPogcHG/CXzdUX
O6yaseX75EOVFOgFcn1dx3EVWzqaUtFMDfSVdLK5XTrKGb3dU2/3nLd7+Lan
pZ1Mb5IJxQ0iekGadJ8n4/EEXdwYFELxqBvUZs3ubHndwiWs4PELRGpZgDf5
97BTCSs2YVQSvyidBUMiG5wCncippWVODs8gUMW+dfg2JTqDv6CYfwouwgRR
WOvyhjdTEuk4GYdOCL7wsLRz3HS5eg764j43sCvKplChNSOnnvZmy5TZewwd
dAd3XWquPvczcXL3JcIweo4RhqtNX7VFcUvZ+4RSoBs7aBx1PdzROX1S64vG
V9YOmld/K3DoFI58w8nTZyPUXfC08Ru9F6ri1z2eMNmEnQMswXwN9wfSBu3G
5pq/+sdSEs6rKtpUmZZrI0osi4nQcgOEF6qmyeaYBkbrbrSBh8KdnlfS99MP
PxpyVUvx+P6Xgup6v5kNuuezwaJL0VR29wuuhD4Dtke26cYxCQTWGZCIFj4H
dMgwWB4LMKzXWrbo8X4Iuo7XrkpKXNyo6g4CEDHNx+mQgJWTlJjl+htJ0H1b
JuudaP28AhZEOApHHINJUXlwFEGWhiV5nya39JoTj3fG1c9H65RlYtdCVOXO
n2zvHCATAppYdxurfbLvfNKrvU+wD2MudlEkJuvLKhhIH3QL+oDW4YgQbzC5
jyNkYrsM8kJz5uzheJRgqlZc/2adMvbK2myeegtQb9qCUxrrQvKjucty4Rh0
Ge6lgAaIIhGnRvYGvjJjvcCI6gjxuFhfKmuk83h7Z8vOI0gRloRCoLmSsNWn
LjJPXd6mtMbviJg5kZKC6ngzNspNEssQKEcuax6uNdIBlVp26JXCfdX6dKLv
/0yGFwkfRmCxWQGyPx+6PMMcMJ1NyH1yJ1Zwt+S/IGjEuF68c1eX7uR16CkU
0fFskum0Gn36YBSHlrgmNdynFMqcYcg8RQcnGSYyYPZaiUHXTloYha9ivVLa
0JI/KznpC6OVsxT4CtWg/C4ZxpjBgQGVmKWUM/iNkxSEW6KSY0xKXJFIiUxJ
K+HQboLZGVaNiZDYBs1hQPmdBdfVpMBg+pkCmsvEBG/3aBk46w7FKmB2Og/Q
qjDDE+TIUPgeREcT/j3BWt8FzHpMeQMwgmNDSHxoSguGR42TaTGmKQHP5DnH
ZU7IZwzZBGw0+TBMpkxUF2pukk9ry8GkGxNmHVf//MYCR2Q5VMBZcx1OHkvc
XzwYIM/R5w6bo73llVNfeptrPZEI8ThiIPT3iSqc2qHLBKNv7d8ouZQCZKVW
KZwWrrMqiD1KriTkK9ELOEma3ieClkKl23SkrHMLk1qIMdY6pcj57sH+/u4B
LhL0/dhkLOFA4Ed8WhvJJP6QTmYTNaKd4IjC905tENd0BUumaLA36cV5Mdjl
nOkKqcLXMme+KIp38rl9vxpyqkinvlD0RmCbFsXI3hKP5jRoh+8Q4avMTEyp
wu91uWZ6Nk0wu5piR/kICiF+o+Ua7t5tU+ZkjUSA/Ceck0RQc5h4yrlPvZp8
eBQNQNa/MpywdhK+EXsC8VVYmOucka7M1Dmr5A12hYxLc1RYklf0awb6i/NE
0kZ8+azLuEqYNoL9erGlR/7yChKJm2qg2KkMzZs9sUO9hBoAJM1S1DsRgCCf
Uhq2Dd5g1KGPHxkLkuKQUUC1ZkCYXFLS2yX7dbmPOPOGOQclmsMFXBEmiemC
8sxKowZKdqlXqq0NNVqLwZZ3PIQgvbAk3IA5/JuXiVG0XU0s/peM+y8Z9+uS
cW2u5gq5xPHgJI5HyoZdqtVwRV9h6SG4+A5jQVB6b1goThaRiX3JLDww5o+q
FIOTnB6Espc+5SacL6tl9Sr3dHf74lrPwrEt0I5BSy3doGBvJyH63Ako9JAL
0QeFrZ09nNvO7soyXEvbtiBnyXF7lhi3uJgW7KecoB2pcIUo6Cgkw82RrTyb
cZ0iYtZlQvJJQ2EDx7YUbnIZOaKhl3sSJOoXc/MNzyj3rde7Qrxf7W4X4Op/
Xez/utj/dbH/n3exK5XVYmhfzcUeGNu/Lvbf8sVuapI0E4SxpKjLljcUvYjW
PU9k9fnSQojE7l9aCPdy39IC3/NKVHD4O+IyFjOBezASgnNJra19ptuI8bT8
uzImpLMi0SwneHz0JaDWjBi6vIrPbbBMv8KFIHOoChcI/YVowhMD+2Rd2FeE
5BnbXLo0aPzROM/fid+zEw1mFUOT4CQYzcY9Sep7RggUc3WZ80emUQYjQzhG
hOLGWAaELKlmI+STsl68C5h9Lt9ViMMIRJa7gFKeW57v0ENJWmUwRUQORFyU
YZXRPXPlrDlcpsoIT1eYwmzEjm6SId+eQ2kLAZ2lRBQ2a4FPGSlSaNI0i3hj
2FwdSVJhpHtDIjfEWC5KIw3QQBwcNud8QYcqGoispTk7LJKEuipVZ0QNWIXD
WR5G76X1IVA1KjqbWC4OYgNUMTIq/3MWV+SEMVtK+P589feE1pOgUHANw7Fg
C1MvW9hZBo1bQxewu3IzwmAQV4dG9xnNGOYtIYumQZhnbCvLYcNQd9IWw0VJ
OUgGGVNeEFj2UTId53ckpfKN+s+csAPj6+sAY6cpO1CmldRg0MXKaMURVMyB
DoHG+5YUmGbKy8S3ryy17AtLzm4HdXMwr7+WX3V92YWka+qXEcwJTEvL6j2/
Exka2Y+pk0bFgufCjESETd2sEjZj79bA/Xsfp2OSv6iSBp9+JicE/xNwTHiu
5OL6IuC6Kb2k44qAyHaVxuJWimmgU1swu63REPNFhchEm3LislXDyVDpmWWG
9xLjYcqGhadLVoDaWUzXHM7ZjmPh+6VCuhUY3No2oxBIaoSOaRJiA9Eb15TG
UfuKNo0pX9xLuswvFy5jgcTwAoKhwaNxjcIBlku6RSfonaPlUBuwdtIk7hHi
SwmYf/pPWoER0CJDx5Iuow6lVTjPglSyWyeoKvFT0+8klyD0PLQMe9LtdkE7
HL6jWnlccIgFAak+pCviUXmkUfpBkUip6hPRvhQKqkkQhbAmRf9EqWEerBdd
Sh8/yvcUvwPr3kWs7YkEXYKap5Hk6LaQCwYX7/9v78qa27ay9Dt/BYp5sNUh
JVKLF2UyVRpKPdYkdlySHGeqUsWCSJBCmwRUAKml05pfNm/zx+Zsd8NCXsqM
LMdCdcciCVzc9eznO/Z9m+Wmiu3g47nNoOzfy0rm6xcvCAL0grQaOFzzgdLP
Mgbgh7NifGgo6ym4LBcq8ODUrsZUhBEsdBx9XjkSeZIC2hg4hUhzVd0/Ojgk
LSuviRC0iwoV0Q8ZP7UctamfqQh83HBq+WbTKGOnO85Kzw7RrI1ZVDpuseij
wa6H4Y3mE0ZME06m0CFNPAAGFQyvCEsX+2JXZeKKMSSFD2ZiU2FWrzcplYEJ
SmISAkxPifblVGsCi+/g92li6BATaG1cIEMKzcSQa90o3VMBWZaEWZJqpKZx
HmUIKYixqBLHoYoR6FvS64Rw4KztU2xSBJeYLUYGsdMUO6qCqh4otHQHk5Je
mnM1Cy554HaVtirMMBaYkUIVPuUmFEYgyJ8rPgrvopo293vxyakFkXiy6tPW
uwO9PTXMrZI9MTJGFa5R5ScGUnpCpAwDGa+wvPGdAtI+4tpBiH/OW0khfmLo
I2+INOHNRQZKvJ/3OIh1aTgsVSVCZL7TgAxVF+FkJMWC6gpEYRymIjFt6L92
SW9wIY5Qwos0XLc5JIi5eKXx1U09vhRExmk8EyO4xGPTVFo7gsiivVA6WpvQ
2EVltrKasSALYqkzl6ObrpcVM+OpVSLeCMuME0yjKs3GQpO2uYVxFjx3ap7Y
PeTQguPKsmM2mCsvTq8lvNAZpME35BB0kjyzvE+JIDqcoe5F5SZ71S2avBIN
10h1sAjvdU6x9bR34wyEJNQ38dCjtATLipSM19V+zZRA9IDgoPR9HtVF0hsy
boB6CW0UpaxoNFLw3sTExFJr7IYaYbm4n6XyijtydX7wIUGrJiJGEVUSarKg
ZHCG4PXMWQRDMKRwk4GFtTaJk0/MKGMkBHZplfCaClKxwLbJVTgTnbmj6knC
A/TNdZxHzgnRsjIVMlp2MPQUSeSPUAo7yFqmbMAR04E60jbjmJApDjWbC0v6
CLK58GI2Cn1UT4osFvziyEiWPFgtrbEpWm6h2oXXKAZfk40tpi8tSakkDO1X
dIy3fYw3Mc0r10hiqge0YYRj5HpJPblDIYoX2JxAITca/2OuIAzzq3EDK7j2
FlR3dS7YF5XXyWmDK8z6XnV3/ku14xY26eKYtzZxddvI2JItsvItaudtpxt8
3/a8/n1pf9Y1rnW1487Pds3tC+dnO/jXv/lO0PfL+nN8KIfYkMv8PuOCS9r5
0RVPbNLwgPO8rnaKhXrusZ931rmf1Xodr2m9jp316hWW6+tbr4OKWqu0aPyN
dzvPOWOqbWiy7IENz/687eyuc92bMBYWwT573Rcs90rt+Fxfat1F2F29nTWs
+9466bOWvE3pkcr7l7UTBDWqzOrt+FzL9zModX0xvzULhSVXaQflSmXFa5YQ
xJsPPy4Di2oNa3/lduD6Yx39oSt6Jiasfjx8FuwHF8863Wet+7TD9aX7XF8a
m9puufd7tiMAZtjCTqvqfs925lncvwSNDxtqMjNuOvd7tHNXc8/q/VlDOxUq
dWnz+LTTLmrZ1QTEY1wFdlFFNfz7Y58O7taK7QQFWkG1YMISUfRox+kLmROq
7l/ejtdV3w41FLxXsBqsHDKgExXi1NUdexi9lTtUnJ8VO1QekQGLEnDE0EDg
BAuKxvLzlg2ZnQD6cXadZJuNx8r1q7RNkchXaud5khatExinKbUpN5a387bz
wl/aq5cCv455vpfW+nIFqahWWnoYrfXkL6m1fqFz8Wqd5+Lo4BBGo8LXqhij
37ja2i1ZA2vj2Q5ez21evVF9v087Hte3Zx3w5o7o0nLZY++b545aJ66yLK/Q
zmfrxKodD1KysJ23ndePkcue1JobVmvn820P3c46uazntez0/iw+nXIZRl1K
eXNTThGSZlOFThVVsyrPletfIijdPBvTfQ31bidwQ4flDwkvCIjApn4Z+nAi
DoZ2PFx5kM8wdAnUnXjYUhEy7JznOn52K72KRk5OfVt5dPSDx3WGXujLkJxT
eoEeXzdxsT6p0GXM/rJ32A9Bgg5Gjq8pEHt+3Pa3SrJFneNYzQuF82LIJLSb
M2NoiT+PYnCzaBpRcBvFXFCsXJjP+OFSnWwTL89VuFUkAHv6e8jZNvhRDvhd
OR5gXbO95nYej6G+u1aH4xoN9Y9DBFtzO4/HUN9dqyNVG+oXLvu9DPVVHpqH
M2g/GeqX9edPNdTvPRnq1a/fiKG+koB4jMvHr/tkqF9yfXXtPB4TeHeFQJd6
+errmOf7mMC7u08m8G/RBN7dezKBP5nAl1yPwyi8lXm383iMwt2/tOv1ERmX
1+rC9bzq+2OFxJeTApZkBCxPB6D8u1wl4KnfKC9pcSJoywUhMjDzzJC+V4Zs
ZfKqTujk/IdsnhB4PT9KaRg0OEnjor8pPaCHO4TSMSe3rWKmZyl/ga2IOSfz
cirTdeqki2I+i8psaKkkrnKqDzanvmFAoD8pf6Eug2Hl/IW6e1fNX6hvZ6X8
hVqD4qpkZOm41tWOpxi8aH5WMbvVGd5WzV/wmR+f/IUHm+d1tVNDdXwN7auy
j0XrvpJ6uOxctEsC/v3mBy8vkdFvvZaLjMvG1W7r/y+8ls5PacEQ0WDldvCq
dNXco53AxzvifS6WmLu+snPq6RZ5iHO6mpliCX32zF/wmWef/IUHWy9Pt8jy
dfdzizzcuPzcIj798XGL+I1ref6CbzvL3CK+7Sxzi/i2s8wt4tOOj1vkwfaP
p1vEg3955S94jMsrf8G3P8vcIh798XKLeLTj5Rb589edY1P+WvkLK2pBtU6X
5dzaz7i8iFuv1bi8rvl5bO2sQWt98QWcNz7z4+O8+UrXq1JrzVZpZw3S8Mt1
nq91aq1ejiCPdrwcQZ7rvtQR9ID78EmrXzyug0uGXLUAW8sH7NFID18uv0P6
eDBStYT5CAv6PT5K4KYMxItB3g4/54ctpq5cClmELoZZeUFlLaR7iGyLyE4W
VHFwEQ45ZBjLKAaIjTVsh5M0idYu56yrHU8n1kPQ81dfwIlV35+iE+udA6xp
fFq2A6sOfLPR+Mgl9yxgU11YQsGjKRzi+8NVoopHsGgCddejonyM9j5Tp0Nc
U9CPOCVw+fQc2ZTAajoB8OhEwkOIB0NABvnk8UgsAF9G+xtipsXEgk8XvPQW
x9Zjv0PonRQfPVF9xzLlxQZVERhE+lQ8UFAxqXmHWf/e396U2H9EiZ4VAU7x
jex5M+3ze7mxMFkAOaosfuS8A9JwG1xEk0vGLHWKSQggOqUcUOqLIp2qtKlA
P5q6g4SNXMDaLIIQMiaglOgwgIYMtXxO0NfaB5oPoiSEZbVxdEfzZMAuT0zN
kU2n4Cd5FmFSrsNMH9gAt2wLbzFAuwiwTDsE9+FMwJS/CIYszER3Mwg+Crzc
RXhVsXNx6+dU2LKwT7oK6Y33ErEI2mHw0z7T6L/RTtJbp3pYgmQLOmIUDn/v
U+c2cQBDgk3P05ZKfuFdbgO6kl3B2tT8+u2WmB9uGUwWG+5LBdnC1qXclWsF
DW2fCq+NvFk5zop1WDQg6Stx9cVoqL+TTPC7YxmGrh4f6h9wLxXUQOgjHGnK
AKPqPAKnXjj0zpStoyc8NWIo43Vy+9VSmx7eLhU7dO3Mmde2IWBcqkByfgs0
mQvNWiCcvPKypQRqu0y9rC1AsOpS1mPFnUDFihDS08L9VYSIBBg6LAXM7VaZ
VjtT8OHkWEl+4seEgygI6zOFhwuXBhaFjYWZVgzQPYz4LCMEru4LLb4Bsdff
s6mXccvDbBxRTQDrvtCRoznuARkFlTAgwVVDg2MIQXALkiqhzxssY4JI1Yi8
FLrBJSnixEJBVtiYMLadzWWYsiQvEscPgQKRjkIlhwfppQViyncgLzkPGaAd
i9wivugoHs8zVi8UH0lVBIlIsE4JCNXikr2pOG75kClBt0firYB0Dz23GL3+
RFa9pyDtVfkImvaFE2LTmkrwXK0e4VzBagxUkQp7g+ZOtQI8/ginm3zOvCzi
bCSNUKWiW64OgOU8olGISMgVY0QNiSGgEZeZwF+peHFUwuftYadjru1WmgSY
493NOs63ozifRTJLswlvmEahKWC/xPwAL9wD6jAqAKTyLNLC9wpw4WEh/khj
tBsCdCm6nCRdumwdyXuJLdhvj7KMSp4IqyM5IRZ66f7WUsDCSqYV0XgpmTUL
4s1xGdcYsaNb5c1JG0ST0KbaH02udUQ7pLmpldyY5HrstzPRqCCXUmylas1t
Ek6BDFLM2+UQSJXePnTqrEKBcIfs6kE7FBRvh1TPpIADTT53HOnCPFf8z7UO
gu59TiF0qq8VhRH4HhNLZ+1YUy2AsLfr9PFgpk319Ui9uvZ3fYGHDQJiBuoe
DltKsec+ZRHC10eOhGwUuBnrdo54LqXcCA4fpotKowPBZmH/WoroKCFeMLO5
xFK1QFErX9fJ0JU6Ur08ZxS7ReUXnG2bDNcsCB5zaCWSr6rtoGD4VxG4KqZh
p0LQ/t2StL1GzwUF6EgyP6zqcMuWBEq0Vo6txd/XzLl5wv4eU7RrrUa0++fw
hbO6kiY44hPRkHtUowbhvRPFjM0RkoPa0srsInVV14f5lvC4pZ01IEGtFBe7
zJOC3o/uetNgava9Xzt4PWdNnY/5PdNg2guVZf921tUfz+vB2nlg/PSlFmDc
h9uPbR/WchePc7ro13uM6yHSFK2Qnq98P9+rXsJa8eXXNa51tbOG875KPOtT
vYTPbGcN9RJWiGh6qpfwue08HhimVRB0n+olfG47jweGaSVk4Kd6CU8wTHX9
eaqXsLidbwQ+6anOgdvOI4FP+nryBEB3HofZcAIbs6WrcM7iZO5m8guJaCnP
RJjz0/X2aarzSi2Q181BGdV6xfoROz9bJJd2nsDgF7eD1xMSzsJ2fK6HF4Gf
4NErz5fntXRcjwjB5jHCox8DL2N/sKKupXCFlh2NAPsVF5qDEriJusgEKwCR
ffLDGruwIJmzy588zTpUtOzv19GibvBy8F7UihOuKD6lYu8YuJxHg7boHO3M
+pGAd0wAbzCJlQ9TBVeZ4vFOVLPjzLRbVK7DEQYtYWA0VaWXsSiQnVN5HZV8
x0iB7U7n7o78mL9cKuCelgDz0PBF+taBVVzJnuKnY9CbriSYJIlwlsLsFsNL
pjGJB7kCfa8LUWlpN/7M+GJRPsD46zS3kYGon/vYmHotxdrm80usXs5yhIU3
tMSfENqhAfSOiiCj0qwoTzxOyzjDSOPZ7SUqbO9gx+qglbrJxH5hWW2YeJnD
QZTNeKVJhNJfG6kJ29+XrYnPLqiXjdW0k1t6AoTIaTybmYLjOmtjlg7SiR2b
ezk/n8SD4FN06/aGa3/nwW+be3DenJ9oPfa2X8F6sI+54g5dvn4Aq9genKdZ
mwMth228U+b2VOaTY7un03miBqa6au84wW8ilHmYC5iW9OB9qZ1c1UjwaMJi
f1JowenFvsTDOO+4kHC6YosSv2gtEPTw6AbDI2MCpoKlgEnFMzCa453RDfR0
5orVZoXsOtkhdQtmpa4MBDLLGzkGJqTBFtQ3g4Ncx33xL4WtJJGeFLs+nGc1
4n7hISZLOuJvGI/jGezaPB4n4WyeYYYEnHz45a1EEhy4z/co9Pb524NevkHx
O3M9BAy6v7wAypaFk3Y+g/sHwVHv8E2QX1CQD6xzFs1Kyw/dSUdt+B/mBkgF
DDWrz3MOiKclTKGFCS48kBuKRcoxAgk6jwET4VUYTzBNBOYNQ7DUwef1wMNC
B1+VuM9vpzB9WTzYCvWfGxx5YZMnK252UTf3Fy0Qk1S5YTIGFjm7mNrZHvYG
BMJRv5S4G3rPckUB6jU3O51B9RU7cc6YaWk5mMXE71HkS+FhZ83CAI4bkOjA
MvEZkT3bD0pmOnqc5AYQFPFNaifquTaEukxYKCS0RCJw+pz29oM3Z2fvt5DC
BM+/D85+Pt06xP/wCdxYQr0WvqQcsGORkoPTVd4cj7YUOcLl+2cb7RwmGJxP
JwtHNs3HZ1xZKafNqm9mhqY/1jE0tSNR7uBgSOCJOa6BJOTMLsKkrneaq1Xj
67HtwdBIJ7OKiemCaKrZRZbOx0g5gTLRURgakUCxNo8wKxXSeHAGnW/DzSry
2LUr2AFUVkKUzhYYRpcUGJbaOUFOcJVEVn0X9A4Pfw7eAlmcaOlxMBxO2lP8
6q7xxz4IeyD8xEk2Gtw5oVgmJgsfaPxA1m4RS/NG6RiBPrvbgLt40O9NpDtl
TrwNLzEBK28Y+1mfouHxsZf4HN32MTpXE9X7eLYR9NDa5zzE9j94qEsPfTxD
pjWKVQDeW95CjZu9Gdz0Av6dw78vGwP6/Ar+xc+vG58G1/hFtwN/DXL8qwv3
sgXtx2B7Fz6ch2P8cw+eGeAfL+CPc/yDustzfnQDQ0wwWlLUC+7FYTgLGxgs
JMJyX0mCfZIE+8AKYD3gpXSTIY3981uOLzJ37NEtSMxS3PR93pZ92pb6ru1d
06VjE47YMIZ3uKnTUOcLX+zY0rGJhrJp7cKnnQbG+GL3aVkVsA58gOmA7vaZ
XeEMxzwA/c1L7HBOky1pjEAXcMqZNgyjjOed7IX9MBnAvMkC6DGc4W/BAf0W
vJ9nKLqrXYAvo9FU332G3cDl7s9C6hOObRvX3f5iBzeI9cUOLrh9x85e5VGA
8xJ8N4rH1hkKZiCORT826aDRN807PHiH6WCOalTwQQK41fEbyg9tiewuH8Lv
vgt+hZODO6kNWjbwvHa3G3ynGuh24OMdRR5PwozTLHKYTuECqdA6K4dNJzDQ
Dz1k1bhJclFkSdS3w8s3TeMxkZsRLSW0DHc2LzPSdIB+X0XNYCtoYg6t+6VJ
dGHuqpTLckx2awnZZoZPuKpxou2uu9TsIShu85zKkcVTMkaPqlNNaNhF8Niq
3kj87Q2aQ+IbWCHNU0nAwhdYAhYyWFJ0LApELbwDfU6HgVOS4t+QTCFMrGLM
eYyhslmAgf7JeJPvOYmu4pzLVkFrW/nsdqLSNkGXMMtQuD3hA38VBZMwGc9p
MHAUeMC14WvSCI+Wdq+7zvX0i8O6acsWN4fDsk5lno4POfh6SJmz6NH5BXZg
yPyfJ2Yon/OmMmCoMZ4ShnAypsVLQTGazGLMnFV7WjJKjN5v6bDSxk9RRNm/
aKGfRMNxJOXiNITv/LI9S9t0FFTCm+oup27xOxwOizNck2DOe36KmgytzsxI
cZxvTUHuEi1N4o5qOboBFpSMI57igwnoPWrKgII1nZ2mNCwefgYKXnuBhtze
7ujNnSshu6K5PGgCJWy2giayyCZHfTeRSTatWdGmamrq+ODdAXw1jjE1UvX9
Ko0rd6Zk7ADziWfO3j2PMDM4zejxD2JhIyiImBLp6UEl0dt2KnrgaBgDo8FV
iHni1U82Me28ZmLaMcS08xo+3pljX3EQNMnoW7w1SM//ARvVOQqwerjjr6pu
NxRxP2hOw5v+NB/n8T8jnGmSpQY42c3oEpg181I191oIlhWoPnh5Oo2KCwFv
EjFFSfDHdDJAiSA2KflKiou6rzkUKG0q8xiq17zrn2o3nkoCcqyJbEm1sjjl
h1zsg8Hrvde7hRUb0Z7Evixau1e0drCEZu1ewUdaOy1uivM60nYSPKfnMWxa
na8QVgXr2BxPKV1EIyx8AqesULktlexCxiDRHekmUr0+ZHH7PYhQ7YPzc+A8
ov7woGe5OMhD+g1EJpzWsluRp02QA3A6q22R2oISGyQG+9Gc8jfwFdbgEptl
Faf+JU/9K2vqX8JHmvqfPhz+QkmB/5gzGEJkOmhMZpQkSTQzFb2POCfLH9Q5
I35CW1OYFxQcb8muInNJRl+GtcBsLPk6rxUtqFlWCHAqNLZHGyFe6DySkVT1
F5sfpJRVF2ozmiLIJFrU20p1iAPpwKbEpeHRLAtPlMN9EYFwjh/qmmOjWfg8
aksfNKoew1UgTbiKfBLFTAZwRWsiE5DhvdbGoyZE1gATkfBZzpcNBxfUkyqZ
Cj6REYmIToSbZAXy/oL36Utrn76Aj3e8ECBq4UIM+0BkWVvB1TcE11mvbI4H
xepzjkZIba86PuTx5RZTVESHC9Tq9XIq4WrpwgkkUeLtwSnKIT0rFRvez5mU
TK4wfRX6oLnsR06mHWcpiDBKImq5jdN+1Cz/+iK1hCdnq1nZ6co3U8f2RKa1
tHzmSWS2oN1jCSST8FPUBpag3FZKLMOddWkIt6MQirBRIcxv6cmRs54zxT1X
0At02NGaIDRPFgVNvrRrUEHS/owqCUjkpMpZ3y9FSOlEWgoqqhLQRIQwQbSl
yGBn52m5UIYBom04TtIcDdZKlly0+HXk0Ph8giydTAJML+bjGc7gQC46zjmv
qYqB+I1txjZreQPfTJa0YQzN6hQRHT+PBii7xAkdG2rtZ1DncHXEu4WGp7o8
Sko/ZU7gqd71iKAPeW4Nx0XVGRYEfcXAsSaYWUuyTHQTM7HDvUVSVG5JqDwq
FmBEJiAhbOAoNY5Ia2TnstDBzUVexG6Pid0Li9jtwUcidmdFOUeKMbOWTSoF
GzR5rlhQwPRXysAiJwv+xYLayRwBolAYIo8jK+qyqYu6OmGIVNmOya9LyCXG
v46sNYkmDhEKVVKsw3O0DMzu3oJi+V4JPFO0QyoVi+qpCGHWEolk1i80fBya
IjLclu1p9dhgujuqJ2kBUkS2Osjh1QffUTZdlfDeu2WXd8uetVt24SObkWqo
DNO2y0k4iIBrDIkxkCstMMYutuUj/+p9PMsLPqrQRb3INcqYcIJNvVcnZEcl
PVCJaerkxznzRxwWdEqa1XJmwVbFJCUVFAI3/ZjB0cqrJt4KjqaUBo21RkMa
kN+qbGtvlQ+CKn1eQCsRj7rThMukRHcTsS7FLyPDjVFGt1W8W0ujX0J8VlW2
dni77FrbZQc+WooyEMn5NEH7FeOiXAJdiycTMcMRwysZpJtuz1lsKssYllgB
fR5zOjwdRxIqZvEkHYRlsaLd6TgKMlk4Qjm2DgFxDyOnP9tPAtOagwKSzCzz
BDrGK04grmmepwNmIdpc6GKgGDt8q8ABcebEC68dfAP2wi/gGauu5jav5o61
mtvwUeRith0zQBEIV9CAll1FQWQnIVoslUFYbL3GQCLksbSYogBkY7UgKYzi
koOLeCqaZnbYIGG8tcYTaMm8Rwk60rk1y0FYwY8EpsUwFAFYUAQ+j0DPBIKn
I53ggMFGU0XEgKBt/VeNg+nziHGX12PbWo8ufLyz96AzoT9Ftx+MqowUsypm
Q4WlRTF5S0EHY+Uc9WbYQliETLW4mPI+J50Hp/AyJeFnw4U1inFBUHQHFkpn
0rKb4yzojghHW0GFY3dHx3J3dDrw0SI8pVUzsHtlUSFx3a+GIve7DAbHXSPn
9YWWYcXuahDshK/D+GFVgB+jyz2ylXLDbMTFzHiVRIbZoM8/t92VFFdDgdW7
88ZUEggdgqzcLDGDrkPIhClTlnITdhjyd8OIvkOfVTKfnuPgfmyO4KBFTan8
x4GWOeN6ERQpeu0/BX/88UfvIkNZGhdlmv/f/+b5nUR84W9hhuw2+A8kHEmC
vwjbkyiqSEHnjKJoeA7dEciSWg2Snrec+kYsofsC5Xo0xQlDCRPE7ALDdwpx
fRiJBtQoBBrBLGgWUnwfhaBRBCYeo+A6LMQS4g45vUZt6FkOPDFJxah6MIZl
ug1+PX737pdfDxQwDO2nDydHPx0EvaOfz4577XdHv51h/1D9Dnr//f7k6PT0
B46b4cbfbHe2O/qO0+O/H5+236Bm9fw/KbQwHGcRK8Cv97Zf7G1vbDb+H53T
M+mFwQIA

-->

</rfc>
