Mathematical Mesh 3.0 Part V: Protocol ReferenceThresholdSecrets.comphill@hallambaker.comThe Mathematical Mesh 'The Mesh' is an end-to-end secure infrastructure that facilitates the exchange of configuration and credential data between multiple user devices. The core protocols of the Mesh are described with examples of common use cases and reference data.[Note to Readers]Discussion of this draft takes place on the MATHMESH mailing list (mathmesh@ietf.org), which is archived at https://mailarchive.ietf.org/arch/search/?email_list=mathmesh.This document is also available online at .This document describes the Mesh Service protocol supported by Mesh Services, an account-based protocol that facilitates exchange of data between devices connected to a Mesh profile and between Mesh accounts.Mesh Service Accounts support the following services:
Provides the master persistence store for the Catalogs and Spools associated with the account.
Enables synchronization of Catalogs and Spools with connected devices.
Enforces access control on inbound Mesh Messages from other users and other Mesh Services.
Authenticates outbound Mesh Messages, certifying that they comply with abuse mitigation policies.
A Mesh Profile MAY be bound to multiple Mesh Service Accounts at the same time but only one Mesh Service Account is considered to be authoritative at a time. Users may add or remove Mesh Service Accounts and change the account designated as authoritative at any time.The Mesh Services are build from a very small set of primitives which provide a surprisingly extensive set of capabilities. These primitives are:
Hello
Describes the features and options provided by the service and provides a 'null' transaction which MAY be used to establish an authentication ticket without performing any action,
CreateAccount, DeleteAccount
Manage the creation and deletion of accounts at the service.
Status, Download, Upload
Support synchronization of Mesh containers between the service (Master) and the connected devices (Replicas).
Connect
Initiate the process of connecting a device to a Mesh profile from the device itself.
Post
Request that a Mesh Message be transferred to one or more Mesh Accounts.
Although these functions could in principle be used to replace many if not most existing Internet application protocols, the principal value of any communication protocol lies in the size of the audience it allows them to communicate with. Thus, while the Mesh Messaging service is designed to support efficient and reliable transfer of messages ranging in size from a few bytes to multiple terabytes, the near-term applications of these services will be to applications that are not adequately supported by existing protocols if at all.This section presents the related specifications and standard, the terms that are used as terms of art within the documents and the terms used as requirements language.The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in .The terms of art used in this document are described in the Mesh Architecture Guide.The architecture of the Mathematical Mesh is described in the Mesh Architecture Guide. The Mesh documentation set and related specifications are described in this document.The implementation status of the reference code base is described in the companion document .The Mesh specifies two separate types of protocol interactions:
Mesh Service Protocol
A synchronous protocol supporting interactions between devices and a Mesh Service Host and between Mesh Service hosts.
Mesh Messaging Protocol
An asynchronous protocol that supports interactions between devices connected to the same account and between accounts.
The Mesh Messaging Protocol uses the Mesh Service Protocol as transport. The Mesh Service Protocol in turn makes use of Reliable UDP Datagram (RUD) for framing and authentication of individual requests and responses. These RUS packets are in turn exchanged over either HTTPS (i.e. a Web Service) or directly over UDP.Mesh Services MUST support the HTTPS binding and MAY support the UDP binding.A Mesh Service is a minimally trusted service. In particular a user does not need to trust a Mesh service to protect the confidentiality or integrity of most data stored in the account catalogs and spools.Unless the use of the Mesh Service is highly restricted, a user does need to trust the Mesh Service in certain respects:
Data Loss
A service could refuse to respond to requests to download data.
Integrity (Stale Data)
The use of Merkle Trees limits but does not eliminate the ability of a Mesh Service to respond to requests with stale data.
Messaging
A service could reject requests to post messages to or accept messages from other mesh users. This risk is a necessary consequence of the fact that the Mesh Service Provider is accountable to other Mesh Service Providers for abuse originating from their service.
Traffic analysis
A Mesh Service has knowledge of the number of Mesh Messages being sent and received by its users and the addresses to which they are being sent to or received from.
The need to trust the Mesh Service in these respects is mitigated by accountability and the user's ability to change Mesh Service providers at any time they choose with minimal inconvenience.It is possible that some of these risks will be reduced in future versions of the Mesh Service Protocol but it is highly unlikely that these can be eliminated entirely without compromising practicality or efficiency.The design of the Mesh Service model followed a quasi-formal approach in which the system was reduced to schemas which could in principle be rendered in a formal development method but without construction of proofs.Like the contents of Mesh Accounts, a Mesh Service may be represented by a collection of catalogs and spools, for example:
Account Catalog
Contains the account entries.
Incident Spool
Reports of potential abuse
Backup of the service MAY be implemented using the same container synchronization mechanism used to synchronize account catalogs and spools.Mesh Services supporting a large number of accounts or large activity volume MAY partition the account catalog between one or more hosts using the usual tiered service model in which a front-end server receives traffic for any account hosted at the server and routes the request to the back-end service that provides the persistence store for that account.In addition, the Mesh Service Protocol supports a 'direct connection' partitioning model in which devices are given a DNS name which MAY allow for direct connection to the persistence host or to a front-end service offering service that is in some way specific to that account.The protocol binding maps the abstract protocol definition specified in this document to the network protocol format.
Discovery of network services.
Construction of the payload data by serializing request and response messages.
Authentication of the payload data.
Confidentiality controls to protect against traffic analysis
Currently only one protocol binding is specified: JSON-BCD Application Binding over Reliable User Datagram (RUD) .JSON-BCD Application Binding specifies the means by which data types such as 'integer' and 'datetime' etc. given in this document are serialized using JSON/JSON-B encoding.Reliable User Datagram offers a presentation layer over a choice of HTTP or UDP transport. The Mesh Service operations are divided into the following functional groups:
Service Description
Describes the service.
Account Management
Operations used to create, reclaim, and delete accounts.
Persistence Store Management
Operations used to synchronize persistence store data across connected devices. [May be replaced in a future revision]
Device Connection
Operations used by devices requesting connection to the account.
Publication
Operations allowing a watched document to be posted to the service and claims made on the document returned to a device.
Cryptographic
Cryptographic operations, including threshold operations performed by the service.
Messaging
Exchange of messages between Mesh Services.
The Hello transaction is used to determine the features supported by the service and obtain the service profile.The request payload only specifies that is is a request for the service description: {
"HelloRequest":{}}The response payload describes the service and the host providing that service: {
"MeshHelloResponse":{
"Status":201,
"Version":{
"Major":3,
"Minor":0,
"Encodings":[{
"ID":["application/json"
]}
]},
"EnvelopedProfileService":[{
"EnvelopeId":"MDSK-EUHS-QXGD-LKOF-AVC7-V2RH-LV6Z",
"dig":"S512",
"ContentMetaData":"ewogICJVbmlxdWVJZCI6ICJNRFNLLUVVSFMtUV
hHRC1MS09GLUFWQzctVjJSSC1MVjZaIiwKICAiTWVzc2FnZVR5cGUiOiAiUHJvZml
sZVNlcnZpY2UiLAogICJjdHkiOiAiYXBwbGljYXRpb24vbW1tL29iamVjdCIsCiAg
IkNyZWF0ZWQiOiAiMjAyMi0wNC0yMFQxNjoxNzoxNVoifQ"},
"ewogICJQcm9maWxlU2VydmljZSI6IHsKICAgICJQcm9maWxlU2lnbmF0dX
JlIjogewogICAgICAiVWRmIjogIk1EU0stRVVIUy1RWEdELUxLT0YtQVZDNy1WMlJ
ILUxWNloiLAogICAgICAiUHVibGljUGFyYW1ldGVycyI6IHsKICAgICAgICAiUHVi
bGljS2V5RUNESCI6IHsKICAgICAgICAgICJjcnYiOiAiRWQ0NDgiLAogICAgICAgI
CAgIlB1YmxpYyI6ICJVdVdEOHF4ZGVxazZweVdrb3o2M3FCcEpQQ2NaT2ItaHlTWV
FiX0x4NWZHZllPb1U0Z0I3CiAgVjZWYXVBZkctdUlCREJNcWcxUW1jR1FBIn19fSw
KICAgICJTZXJ2aWNlQXV0aGVudGljYXRpb24iOiB7CiAgICAgICJVZGYiOiAiTURB
TC1aSTVOLTRVS1otSDZWTC1GMjVLLVBITkYtWlVWQSIsCiAgICAgICJQdWJsaWNQY
XJhbWV0ZXJzIjogewogICAgICAgICJQdWJsaWNLZXlFQ0RIIjogewogICAgICAgIC
AgImNydiI6ICJYNDQ4IiwKICAgICAgICAgICJQdWJsaWMiOiAiZDNibl8tcUVWd0J
NNjlaOTNLYWJuM01xU25jOUdRRGxGVDJfUmN4NXRWUm1lYl9iank3MQogIHZTUlNr
M1pQMDREajJjVUJNNEFnci1vQSJ9fX0sCiAgICAiU2VydmljZUVuY3J5cHRpb24iO
iB7CiAgICAgICJVZGYiOiAiTUE0Sy1FVkNLLTM2T1otVUhTUS1TSExLLTM2TjMtWV
c3TCIsCiAgICAgICJQdWJsaWNQYXJhbWV0ZXJzIjogewogICAgICAgICJQdWJsaWN
LZXlFQ0RIIjogewogICAgICAgICAgImNydiI6ICJYNDQ4IiwKICAgICAgICAgICJQ
dWJsaWMiOiAiUF9vd1dHdDd3ZHR1dmNzR0NQZlFvOHVGNUNGWEcyUlB3Y1RCbEtac
XgwVklmOWhwTWRleQogIHVBalJNRmVFNV8zblJtMHl3TDZ0a1VRQSJ9fX0sCiAgIC
AiU2VydmljZVNpZ25hdHVyZSI6IHsKICAgICAgIlVkZiI6ICJNQUMzLVlKU1UtNDJ
GMy1CQjRMLVQ0N0gtVkY2TS00SVhNIiwKICAgICAgIlB1YmxpY1BhcmFtZXRlcnMi
OiB7CiAgICAgICAgIlB1YmxpY0tleUVDREgiOiB7CiAgICAgICAgICAiY3J2IjogI
kVkNDQ4IiwKICAgICAgICAgICJQdWJsaWMiOiAiX3BUMGNtdzY2dWFRYmQwUWhFMT
V5VXRtMVVEc2RvWjF6THRHcnFObkRmVGJoUThxVXFEbAogIHBQRzRmc3pJRmE5dml
LWUU5MENCQTJFQSJ9fX19fQ",
{
"signatures":[{
"alg":"S512",
"kid":"MDSK-EUHS-QXGD-LKOF-AVC7-V2RH-LV6Z",
"signature":"aDhxhPphK2d1smZFTyaCfa-7l0LOty4A0ngIfur5
gbKwsEozM5iTCZHV0HDZIqqnZ0THTzMpcd6AEwBm6SfRfClq1GjA6Eg_nzJkOWKVI
v2m0ZWE5RnaIUclvg4lfn7t8NTbof2eryIv9qhR0_uyOgoA"}
],
"PayloadDigest":"LJuCRu0W-vSJP0S2lHpEiW_aKliIb3wsYCpXOB5H
x8nKOmFzeanUHVWNflPTxwFeoECpDf_-uQ5kI8-61oE_Xw"}
]}}The current revision of the specification is designed for small scale deployments in which the service is provided by a single host. The approach will require revision in future versions to fully support a service being provided by multiple hosts with accounts being transferred between the hosts to allow balancing of load.There are three account management operations:
BindAccount
Create an account bound to a service address.
UnbindAccount
Delete an account bound to a service address
RecoverAccount
[TBS] Reclaim an account using a recovered primary secret.
The BindAccount operation is used to create User and Group accounts. Currently, these account types are distinct. This may change in future releases.A User Account is bound to a Mesh Service by completing a BindAccount operation with the service.The BindAccount transaction is unique in that it can fail to complete for reasons that are outside the scope of the Mesh specifications. Creation of an account might require payment to be made or authentication of the user's credentials. It is thus quite normal for the result of a CreateRequest to be the account being created in an 'on hold' state which can only be changed out of band.If the request is at least partially successful, a BindResponse message is returned. In the case of partial success, a description of the request status and link to a Web page providing further details MAY be returned.The request payload contains all the information needed to create the account:
The account address
The account profile
Since there is no Access Catalog until the account is created, the Bind Account request and subsequent requests used to initialize the access catalog for the account MUST be authenticated by the Account Authentication key. Alice requests creation of the account alice@example.com. The request payload is: {
"BindRequest":{
"AccountAddress":"alice@example.com",
"EnvelopedProfileAccount":[{
"EnvelopeId":"MAMQ-ETEA-JBL3-6UKE-LRNT-DGC3-OIDF",
"dig":"S512",
"ContentMetaData":"ewogICJVbmlxdWVJZCI6ICJNQU1RLUVURUEtSk
JMMy02VUtFLUxSTlQtREdDMy1PSURGIiwKICAiTWVzc2FnZVR5cGUiOiAiUHJvZml
sZVVzZXIiLAogICJjdHkiOiAiYXBwbGljYXRpb24vbW1tL29iamVjdCIsCiAgIkNy
ZWF0ZWQiOiAiMjAyMi0wNC0yMFQxNjoxNzoxN1oifQ"},
"ewogICJQcm9maWxlVXNlciI6IHsKICAgICJQcm9maWxlU2lnbmF0dXJlIj
ogewogICAgICAiVWRmIjogIk1BTVEtRVRFQS1KQkwzLTZVS0UtTFJOVC1ER0MzLU9
JREYiLAogICAgICAiUHVibGljUGFyYW1ldGVycyI6IHsKICAgICAgICAiUHVibGlj
S2V5RUNESCI6IHsKICAgICAgICAgICJjcnYiOiAiRWQ0NDgiLAogICAgICAgICAgI
lB1YmxpYyI6ICJuaTg1UWphTTh3VTV2Um9LbXdueEQwRjljNFNLMzAzTWswR2FkNV
dsSjhoZ0JpWVd3OW9OCiAgem1pMzJzdzhYQW1lcjZVTTBTb1RjMjRBIn19fSwKICA
gICJBY2NvdW50QWRkcmVzcyI6ICJhbGljZUBleGFtcGxlLmNvbSIsCiAgICAiU2Vy
dmljZVVkZiI6ICJNRFNLLUVVSFMtUVhHRC1MS09GLUFWQzctVjJSSC1MVjZaIiwKI
CAgICJFc2Nyb3dFbmNyeXB0aW9uIjogewogICAgICAiVWRmIjogIk1CWlAtV1pBWi
1CNktRLU1ZWVAtSDdLRC1WVkJBLTdUNlUiLAogICAgICAiUHVibGljUGFyYW1ldGV
ycyI6IHsKICAgICAgICAiUHVibGljS2V5RUNESCI6IHsKICAgICAgICAgICJjcnYi
OiAiWDQ0OCIsCiAgICAgICAgICAiUHVibGljIjogInRSODVSQ3FXdjgtWDVCazBOV
TRFVmxqUUZKNTg1Rk5FM1p3eVd6WFNWdEpIaXgwRlo3aloKICBRN3hnOXV1cnc4S0
9LbDVNMFVXN0xMT0EifX19LAogICAgIkFkbWluaXN0cmF0b3JTaWduYXR1cmUiOiB
7CiAgICAgICJVZGYiOiAiTUJEVi1YWE5ILTJSVUItUkJNWi01Tkc3LUwzQ0QtM1RI
ViIsCiAgICAgICJQdWJsaWNQYXJhbWV0ZXJzIjogewogICAgICAgICJQdWJsaWNLZ
XlFQ0RIIjogewogICAgICAgICAgImNydiI6ICJFZDQ0OCIsCiAgICAgICAgICAiUH
VibGljIjogIkhVd040UlZoR2N6RmxPbTJiRGNldnZWWXlkNmdqZHEzM1FxVjhVcTM
5ZEdhc1J6UW45X1AKICBWZ0NCUklfOE1qaXZlclRLZGFhRUkzMkEifX19LAogICAg
IkNvbW1vbkVuY3J5cHRpb24iOiB7CiAgICAgICJVZGYiOiAiTURQUi1GSlZXLUdLN
VotMkxKQS1MTVlWLVhTQ0gtSEUyQyIsCiAgICAgICJQdWJsaWNQYXJhbWV0ZXJzIj
ogewogICAgICAgICJQdWJsaWNLZXlFQ0RIIjogewogICAgICAgICAgImNydiI6ICJ
YNDQ4IiwKICAgICAgICAgICJQdWJsaWMiOiAiNTVqVWttcW4zZ3dHMGIySHpEVnUz
SGxmNXNPNkdnVmxqX3ZhWUZ3QUVrc0RjTXkzd3l2VQogIHd0OW9qa2VVS1Q2MzA0R
HdmcmgtVXc4QSJ9fX0sCiAgICAiQ29tbW9uQXV0aGVudGljYXRpb24iOiB7CiAgIC
AgICJVZGYiOiAiTUJWSS1FV0xPLUVJN0otT1ZBSy1HR1pILTZZSFctWkpTVSIsCiA
gICAgICJQdWJsaWNQYXJhbWV0ZXJzIjogewogICAgICAgICJQdWJsaWNLZXlFQ0RI
IjogewogICAgICAgICAgImNydiI6ICJYNDQ4IiwKICAgICAgICAgICJQdWJsaWMiO
iAiZlRVM1RlQjEtN0s4U1pwbzR0UXhaUHBKQWItX2QzTklkSmhsa3hXYWlab2dKUk
VLOWFkUAogIGY5S25zNW1xcjExVVRUb0lNaHpmZEphQSJ9fX0sCiAgICAiQ29tbW9
uU2lnbmF0dXJlIjogewogICAgICAiVWRmIjogIk1BTVAtQlg0Ry1BS0syLVlIUEEt
SVhKVi1aMktWLVVYQlciLAogICAgICAiUHVibGljUGFyYW1ldGVycyI6IHsKICAgI
CAgICAiUHVibGljS2V5RUNESCI6IHsKICAgICAgICAgICJjcnYiOiAiRWQ0NDgiLA
ogICAgICAgICAgIlB1YmxpYyI6ICJZNi1EMkRiYktsYVZYdkc1WlF3ZUxkNV9rUDF
FQ0FDUjQwYkRtcGctWTRLczkyRk5lLXV5CiAgc1dVck1fTG1RS09JUGpqcjVMOE5P
QkVBIn19fX19",
{
"signatures":[{
"alg":"S512",
"kid":"MAMQ-ETEA-JBL3-6UKE-LRNT-DGC3-OIDF",
"signature":"FOqGS7sd-l-iXeW0NnWOIUbmJxw0SLBHk_F4VYya
8AIu23JVKebgbH-MtSAK_-0FVuXyWcRUdT8AsHeGljsGe7Y9tN4q_NT8tIASs9ZsZ
a4HXUyAB3vOzMuSO6wi5bHehc-zWhkEPZhvdiBMcizkODYA"}
],
"PayloadDigest":"pbnx3FGeWuZWOrANRD5vo3UYnkZRpHGmpLwSWVJn
sNZ4SFe4qVn-hfNrZ557hnJhp4aD7EN2p6B7IVNMmuK_9w"}
]}}The response payload currently reports the success or failure of the bind operation: {
"BindResponse":{
"Status":201,
"StatusDescription":"Operation completed successfully",
"EnvelopedAccountHostAssignment":[{
"ContentMetaData":"ewogICJNZXNzYWdlVHlwZSI6ICJBY2NvdW50SG
9zdEFzc2lnbm1lbnQiLAogICJjdHkiOiAiYXBwbGljYXRpb24vbW1tL29iamVjdCI
sCiAgIkNyZWF0ZWQiOiAiMjAyMi0wNC0yMFQxNjoxNzoxN1oifQ"},
"ewogICJBY2NvdW50SG9zdEFzc2lnbm1lbnQiOiB7CiAgICAiQWNjb3VudE
FkZGVzcyI6ICJhbGljZUBleGFtcGxlLmNvbSIsCiAgICAiQWNjZXNzRW5jcnlwdCI
6IHsKICAgICAgIlVkZiI6ICJNQUpZLTY1S1AtQzY3RS1MRlhQLVEzWEktWkhaRi1H
TkhWIiwKICAgICAgIlB1YmxpY1BhcmFtZXRlcnMiOiB7CiAgICAgICAgIlB1YmxpY
0tleUVDREgiOiB7CiAgICAgICAgICAiY3J2IjogIlg0NDgiLAogICAgICAgICAgIl
B1YmxpYyI6ICJIVWVvTEJvWUpqOWVZeDlQd1VMem5NRThvVHQ3R1JyeThBNWhmUTk
1OUw1UjdQeUlaMEZYCiAgaFNRVk12cVF4aUJtRzlpeGdiNkpMSDRBIn19fX19"
]}}It is likely that a future revisions of the specification will specify the host(s) to which future account service operations are to be directed. This would allow the account management operations to be separated from the account maintenance operations without requiring the traditional tiered architecture in which every interaction with a service is first routed to a host that cannot perform the required action so that it can be directed to the host that can. Mesh Group Accounts are created in the same manner as user accounts except that the ProfileGroup is specified.Should all the administration devices be lost, an account MAY be recovered by the process of recovering the profile master secret and using it to access the account through the account authentication key.An account registration is deleted using the UnbindAccount transaction.>>>> Unfinished ProtocolAccountDelete The request payload: {
"UnbindRequest":{
"Account":"alice@example.com"}}The response payload: {
"UnbindResponse":{
"Status":201,
"StatusDescription":"Operation completed successfully"}}Should a user wish to transfer their account to a new service provider, they first use the Bind Account operation to bind the account to the new service provider, then populate the account entry at the new account using the account authentication key.Only after the new account binding has been completed and is ready for use, is the unbind operation used to delete the account entry at the old service provider.Future versions of the protocol will elaborate on this mechanism so that the change of address can be signaled to connected devices and parties sending messages to the account. Account recovery is necessary in the case that user has lost control of every administration device connected to the account and must re-create the account profile and bind a new set of administrative devices. Account transfer is the process of unbinding an account from one service and rebinding it to a new one.These capabilities are both critical to the long term success of the Mesh but have been deleted from the current revision of the specification as their implementation is interdependent on the architecture of the callsign registry.>>>> Unfinished ProtocolAccountRecover [TBS] All the state associated with a Mesh profile is stored as a sequence of DARE Messages in a Dare Container. The Mesh Service holding the master copy of the persistence stores and the devices connected to the profile containing complete copies (replicas) or partial copies (redactions).Thus, the only primitive needed to achieve synchronization of the profile state are those required for synchronization of a DARE Container. These steps are:
Obtain the status of the catalogs and spools associated with the account.
Download catalog and spool updates
Upload catalog updates.
To ensure a satisfactory user experience, Mesh Messages are intentionally limited in size to 32 KB or less, thus ensuring that an application can retrieve the most recent 100 messages almost instantaneously on a high bandwidth connection and without undue delay on a slower one.The status transaction returns the status of the containers the device is authorized to access for the specified account together with the updated Device Connection Entry if this has been modified since the entry presented to authenticate the request was issued.Alice adds an entry to her bookmark catalog. Before the bookmark can be added, the device synchronizes to the service. The synchronization process begins with a request for the status of all the stores associated with the account that it has access rights for: {
"StatusRequest":{
"CatalogedDeviceDigest":"MBD2-CX3T-MAHB-323R-ZKPE-V23R-4O"}}If the account has a very large number of stores, the device might only ask for the status of specific stores of interest. The response specifies the status of each store specifying the index and Merkle tree apex digest values for each: {
"StatusResponse":{
"Status":201,
"StatusDescription":"Operation completed successfully",
"ContainerStatus":[{
"Container":"MMM_Inbound",
"Index":3},
{
"Container":"MMM_Outbound",
"Index":1,
"Digest":"FEHy24Y6cLModDXWH31kVc2a3TdhjXPooKHpLAb2JbsO1YQ
nJolmowXAYHhkOGY0kg3jrKNTjds0myf4Dw1sdg"},
{
"Container":"MMM_Local",
"Index":2},
{
"Container":"MMM_Access",
"Index":3,
"Digest":"af-ZCV48K2pp8D8_a7t2Zovpj0Rg083JVQ9FSptSqzHwAwS
DEv6Q7qd3UJAj5xcHgN8-uixxRM62NP7MDZwZIA"},
{
"Container":"MMM_Credential",
"Index":4,
"Digest":"xIiGmicJxjUJWEjWM6nqwKIG0Hmotr9pjFxTEFXeCCW1klZ
VWj4rJv1X4byJvxplJwtGVWYph9YEi0ZMFrNkRw"},
{
"Container":"MMM_Device",
"Index":3,
"Digest":"AfExhtW64TJvmpW9Lrh5uf8jURFrFTc62FYgffU3IPowOdl
3HV5gHYxGB-Pucpaco7vowCEqRjqeP5dTMOQzFw"},
{
"Container":"MMM_Contact",
"Index":2,
"Digest":"VSDUsxoQIIMuSLTVgeEO2QTpGweYanJ86nDrdUMPm0CDX4m
PVP_8UWAtWdm6HMmpvQ7Pm11pgDUYSNOF72Cofg"},
{
"Container":"MMM_Application",
"Index":1,
"Digest":"BWJ7_IbH7vcOI-CR-oGpqIXdQz50rPbmGsZvOiL1dqKe9lW
QJSh5tKElz9TAQRT0EG7G0kOZ2mCqiP_yGZAN3A"},
{
"Container":"MMM_Publication",
"Index":1,
"Digest":"xDBR1MLSGbMcgX1mjMyT-XEKgTXG8j8v4pNhOfHkZTp_xfm
3oEWvudSi0dO-varqqX_iwrHFJD9wxWWjfNThAA"},
{
"Container":"MMM_Bookmark",
"Index":1,
"Digest":"vKaVPfFoa-c_h0XyyLmN5Fb1C0mgFogLo80vb-qu4r0xFUx
wCJ5qGqObbaxLxK8a7_sSZ88SV8McU1NWl7BS3w"},
{
"Container":"MMM_Task",
"Index":1,
"Digest":"Od-7rQgE-8X-Dr1oIAgkhuKm5NMc85RIOnFLlJmqskwy3yO
YoWzorX-aUve1rKPmnBCmbAhDUhHEGo_wUP-kJQ"}
]}}Bug: The current version of the reference code is only returning the digest values for the outbound store. The download transaction returns a collection of entries from one or more containers associated with the profile.The service MAY limit the number of entries returned in an individual response for performance reasons.The previous status operation has reported that a new envelope has been added to the credential store. The device requests this data from the service: {
"DownloadRequest":{
"Select":[{
"Container":"MMM_Credential",
"IndexMin":3,
"IndexMax":4}
]}}The response contains the requested envelope: {
"DownloadResponse":{
"Status":201,
"StatusDescription":"Operation completed successfully",
"Updates":[{
"Container":"MMM_Credential",
"Envelopes":[[{
"PayloadDigest":"YPLzDhhS7EN_kZDTvNG5M0SM-FHOzqbbb5
tpe2QiPcqvMbeL5wG5DixDsKpHyp2Be1-JIzC2svJLMmxThxoKQA",
"TreeDigest":"xIiGmicJxjUJWEjWM6nqwKIG0Hmotr9pjFxTE
FXeCCW1klZVWj4rJv1X4byJvxplJwtGVWYph9YEi0ZMFrNkRw",
"enc":"A256CBC",
"dig":"S512",
"Salt":"lUbGQVUnbrUB9k4ZwNQGMA",
"recipients":[{
"kid":"MDG5-EPRO-L3LG-GGFU-WKSG-EXU3-GGAB",
"epk":{
"PublicKeyECDH":{
"crv":"X448",
"Public":"NHRQRC52QsQUM8p7-p0Tc9QGm-VcojGal
1n8tpbVd-H127mYjgGDV5vB7VqMBClC6aVISJTzWE4A"}},
"wmk":"cyTvjux3YTmm8XgzUXXI3VBxRFXh3ueSteXaHHFu
g5EdKpF82OFP8Q"}
],
"ContentMetaData":"ewogICJVbmlxdWVJZCI6ICI6ZnRwLmV4
YW1wbGUuY29tIiwKICAiRXZlbnQiOiAiVXBkYXRlIiwKICAiRmlyc3QiOiAxLAogI
CJQcmV2aW91cyI6IDF9",
"SequenceInfo":{
"Index":3,
"TreePosition":825},
"Received":"2022-04-20T16:17:23Z"},
"3-njoLi2gG1Bc3eb2vGW5WJ2cHs8D7s-wrvy7L2jEAVHWlBgp4gY
y4Pi89A70PJy3zsrJohsEw6zuqwGH9ETUmjuNWWq5cgBn2KZfz3dRdmQ8U0zw5E5y
4qY15v5dyzaN2qh7CTUyQtxupsFhgImGYiOhnqEoCi5udTs1YpC5mg",
{}
]
]}
]}}Future: The current implementation of the download operation is limited by the capabilities of the HTTP binding of the RUD transport. A future binding allowing operations that consist of a single request followed by a sequence of responses will allow much greater flexibility. Future versions of the protocol may support optional filtering criteria so that the service only returns objects matching specific criteria and/or only return certain parts of the selected messages.The transact transaction appends envelopes to one or more stores. The operation is atomic, that is either all the changes specified will be made to the stores or none will. This ensures that simultaneous attempts to update a store do not result in race conditions allows Mesh stores to provide ACID (Atomicity, Consistency, Isolation, Durability) properties to the applications they serve.Clients SHOULD check to determine if updates to a container conflict with pending updates on the device waiting to be uploaded. For example, if a contact that the user modified on the device attempting to synchronize was subsequently deleted. The means of resolving such conflicts is not in the scope of this specification.Each update to a catalog or container specifies the expected container index and apex digest. This provides a strong guarantee of consistency. The service MUST verify each update to check that the Merkle Tree values specified are consistent with the store entries and that the signature on the apex value (if specified) is valid and correct.Services MAY impose limits on the size and number of additions performed in response to a TransactRequest message to ensure that processing time does not degrade performance for other users.The request payload specifies the data to be appended to the stores. {
"TransactRequest":{
"Updates":[{
"Container":"MMM_Bookmark",
"Envelopes":[[{
"PayloadDigest":"nLPqGhIpOzHAKROd7NqK6i2E-_cbliqw9u
U5RS7LRV7-u2LtLvXjjl3zA0U4SkoiK7lQJxcywO3gS5189D3wnQ",
"TreeDigest":"-SDCQM4HDOThmLenmg1392iskvEeEDdhactIU
1D7cc9m25-4LH1eY-qyLo1nijRPL5AtULixbyUOlnpPM9FEZg",
"dig":"S512",
"ContentMetaData":"ewogICJVbmlxdWVJZCI6ICJOQVZVLVJI
RFEtTjdFTC1HUU5CLTdVNzUtQzRUSi0zREtPIiwKICAiRXZlbnQiOiAiTmV3In0",
"SequenceInfo":{
"Index":1,
"TreePosition":0}},
"ewogICJDYXRhbG9nZWRCb29rbWFyayI6IHsKICAgICJVaWQiOiAi
TkFWVS1SSERRLU43RUwtR1FOQi03VTc1LUM0VEotM0RLTyIsCiAgICAiVXJpIjogI
lNpdGVzLjIiLAogICAgIlRpdGxlIjogImh0dHA6Ly93d3cuZXhhbXBsZS5uZXQifX
0"
]
]}
]}}The response reports successful completion: {
"TransactResponse":{
"Status":201,
"StatusDescription":"Operation completed successfully"}}In order to support the wide range of affordances supported by devices, four device connection interactions are currently specified. The use of these mechanisms is described in and the interactions themselves are described in section ??? following.Device connection operations are always issued by a device requesting connection to a Mesh account and must therefore be authenticated under the device profile rather than the account profile. Two device connection operations are currently defined:
Connect
Requests connection to the account.
Complete
Polls for completion of a connection request.
Since the second operation is merely polling for completion of the transaction requested by the first, it is likely that these will be combined in a future revision of the specification.If the connection request is initiated by the device being connected, the device constructs a RequestConnection message which is posted to the Mesh Service using the Connect operation.If the Connect operation is accepted (i.e. the service determines it is not abuse), the service constructs an AcknowledgeConnection message which is forwarded to the inbound spool of the account to which connection is requested. The requesting device receives a copy of the AcknowledgeConnection message and the profile of the account it is requesting connection to.As described in the following section, the AcknowledgeConnection message contains the request details presented by the device and a nonce value generated by the service. This nonce value is used to compute the witness value that will be used for mutual authentication of the device and account.The connect request is made to the service, not the account. The payload contains the enveloped connection request: {
"ConnectRequest":{
"EnvelopedRequestConnection":[{
"EnvelopeId":"MBHZ-QYVP-T5DQ-FQAP-AWD4-FLMO-ZZJT",
"ContentMetaData":"ewogICJVbmlxdWVJZCI6ICJOQ0FBLTdVWUEtVE
cyQy02WFVDLVVHM0ItNFhHVC1PQklFIiwKICAiTWVzc2FnZVR5cGUiOiAiUmVxdWV
zdENvbm5lY3Rpb24iLAogICJjdHkiOiAiYXBwbGljYXRpb24vbW1tL29iamVjdCIs
CiAgIkNyZWF0ZWQiOiAiMjAyMi0wNC0yMFQxNjoxNzo1MVoifQ"},
"ewogICJSZXF1ZXN0Q29ubmVjdGlvbiI6IHsKICAgICJNZXNzYWdlSWQiOi
AiTkNBQS03VVlBLVRHMkMtNlhVQy1VRzNCLTRYR1QtT0JJRSIsCiAgICAiQXV0aGV
udGljYXRlZERhdGEiOiBbewogICAgICAgICJFbnZlbG9wZUlkIjogIk1BQTMtQlFQ
Wi1XV080LTdRNUItUDdBSC1GWTVDLUFUTUQiLAogICAgICAgICJkaWciOiAiUzUxM
iIsCiAgICAgICAgIkNvbnRlbnRNZXRhRGF0YSI6ICJld29nSUNKVmJtbHhkV1ZKWk
NJNklDSk5RVUV6TFVKUlVGb3RWMWRQTkMwCiAgM1VUVkNMVkEzUVVndFJsazFReTF
CVkUxRUlpd0tJQ0FpVFdWemMyRm5aVlI1Y0dVaU9pQWlVSEp2Wm1sc1oKICBVUmxk
bWxqWlNJc0NpQWdJbU4wZVNJNklDSmhjSEJzYVdOaGRHbHZiaTl0YlcwdmIySnFaV
04wSWl3S0lDQQogIGlRM0psWVhSbFpDSTZJQ0l5TURJeUxUQTBMVEl3VkRFMk9qRT
NPalV4V2lKOSJ9LAogICAgICAiZXdvZ0lDSlFjbTltYVd4bFJHVjJhV05sSWpvZ2V
3b2dJQ0FnSWxCeWIyWgogIHBiR1ZUYVdkdVlYUjFjbVVpT2lCN0NpQWdJQ0FnSUNK
VlpHWWlPaUFpVFVGQk15MUNVVkJhTFZkWFR6UXROCiAgMUUxUWkxUU4wRklMVVpaT
lVNdFFWUk5SQ0lzQ2lBZ0lDQWdJQ0pRZFdKc2FXTlFZWEpoYldWMFpYSnpJam8KIC
BnZXdvZ0lDQWdJQ0FnSUNKUWRXSnNhV05MWlhsRlEwUklJam9nZXdvZ0lDQWdJQ0F
nSUNBZ0ltTnlkaUk2SQogIENKRlpEUTBPQ0lzQ2lBZ0lDQWdJQ0FnSUNBaVVIVmli
R2xqSWpvZ0lrVTFaVXMwY1VrelRWbENlRFY0Y0hSCiAgNlkyNTRjRWhhYm5aTlFXc
FRibkpJUmpoQmJtSjVjRTR0V1RacFpsVkhibE5mVGxRS0lDQmZhWEZhY21kdGUKIC
BVUkxSRVJEYVVGWFNrVTBSM0E0VlVFaWZYMTlMQW9nSUNBZ0lrVnVZM0o1Y0hScGI
yNGlPaUI3Q2lBZ0lDQQogIGdJQ0pWWkdZaU9pQWlUVUZNVnkxUldGZzBMVWxCUkVV
dFFUUmFXUzFIVWtaV0xUZEdVbFl0Tms1TldpSXNDCiAgaUFnSUNBZ0lDSlFkV0pzY
VdOUVlYSmhiV1YwWlhKeklqb2dld29nSUNBZ0lDQWdJQ0pRZFdKc2FXTkxaWGwKIC
BGUTBSSUlqb2dld29nSUNBZ0lDQWdJQ0FnSW1OeWRpSTZJQ0pZTkRRNElpd0tJQ0F
nSUNBZ0lDQWdJQ0pRZAogIFdKc2FXTWlPaUFpV1VaM1dtSjZSa053Y214RVRrNXFT
a1ZzT0U1aVVEbEJjVlpsTmpRelFtMU9Ua0YxYjJ0CiAgSVJYVkhlakZXWHpZd1ZIR
nlVQW9nSUVVM1dWa3RRbFpCVFU4MVVrMVBjVVIzUjNVM1dGOXhRU0o5Zlgwc0MKIC
BpQWdJQ0FpVTJsbmJtRjBkWEpsSWpvZ2V3b2dJQ0FnSUNBaVZXUm1Jam9nSWsxQ1N
6VXRTVkkwVXkweVIwdAogIFdMVVpJVWxjdFFrWkpOUzFTVUZKRkxVVkdUMFVpTEFv
Z0lDQWdJQ0FpVUhWaWJHbGpVR0Z5WVcxbGRHVnljCiAgeUk2SUhzS0lDQWdJQ0FnS
UNBaVVIVmliR2xqUzJWNVJVTkVTQ0k2SUhzS0lDQWdJQ0FnSUNBZ0lDSmpjblkKIC
BpT2lBaVJXUTBORGdpTEFvZ0lDQWdJQ0FnSUNBZ0lsQjFZbXhwWXlJNklDSXdOVzV
EV0V4d1NqbDFOamgzUQogIDJ0MWRUUktXalZ4VHpSMGQwbzNjVFZqYVdkUE9FSnha
ek56WDJaMmNYWkxjbDlTZVZrMkNpQWdNVzUzWjJwCiAgSVMyRnpaMDl3V1dGeFkwU
lhjelk0ZVdkQkluMTlmU3dLSUNBZ0lDSkJkWFJvWlc1MGFXTmhkR2x2YmlJNkkKIC
BIc0tJQ0FnSUNBZ0lsVmtaaUk2SUNKTlJGZE1MVk5NTkVJdFMxZERWeTFYTTFoVkx
UWkpTMW90VVVaUFZTMQogIEJSVmRhSWl3S0lDQWdJQ0FnSWxCMVlteHBZMUJoY21G
dFpYUmxjbk1pT2lCN0NpQWdJQ0FnSUNBZ0lsQjFZCiAgbXhwWTB0bGVVVkRSRWdpT
2lCN0NpQWdJQ0FnSUNBZ0lDQWlZM0oySWpvZ0lsZzBORGdpTEFvZ0lDQWdJQ0EKIC
BnSUNBZ0lsQjFZbXhwWXlJNklDSjBkVGMwUVZaTFlVcDFaR1JtTTFKRWNtWjBhV0k
wYTJWdE9WTjRNR0UzYwogIHpBdFFYVktVek5SYkVoSWMxZDZWbGxXVG1aS0NpQWdS
MGMzV0Y5Tk4xZEtSbHBFYUZReFRqVTBZVVU0WkZkCiAgQkluMTlmWDE5IiwKICAgI
CAgewogICAgICAgICJzaWduYXR1cmVzIjogW3sKICAgICAgICAgICAgImFsZyI6IC
JTNTEyIiwKICAgICAgICAgICAgImtpZCI6ICJNQUEzLUJRUFotV1dPNC03UTVCLVA
3QUgtRlk1Qy1BVE1EIiwKICAgICAgICAgICAgInNpZ25hdHVyZSI6ICJ2T3VmZENC
XzlIVDZJOGFhclh2bW1PeU5TbC13LXh5SjlsRGpBRUU3NzY3OTN2bDFMCiAga0VGW
XNCNWJoNnlkVzZpdGZ4N3d0eUk1aDJBWWFoNEJvc0tCUGVHNXFmSVZYMGJEX0JIek
gzd21fcFlUaHQKICBwWlJHVWRfQ0xsR0l5cVppLWRqNnByYS1SYXRvQ0RiQmRLSWd
QQ1RJQSJ9XSwKICAgICAgICAiUGF5bG9hZERpZ2VzdCI6ICJscmNWZ0FseGl3TTdp
YWNsbUI0bFFPLWQxcUlZV29pbEdhMkFueEFxVkpPU04KICBIdGM4TkRabkd3VXlnN
mI2bFpsem9WZ1FSTmdPZEdRYVZxVzZzTmYxUSJ9XSwKICAgICJDbGllbnROb25jZS
I6ICJnWkZIMUxaTm9BQ20wLXgwdGcyOHlBIiwKICAgICJQaW5JZCI6ICJBQ0tKLUJ
LQjMtSjc3Qi1HN0haLURGS1MtRTI2TC1OSFhXIiwKICAgICJQaW5XaXRuZXNzIjog
Imh2Nnh2TlhPc3BBOU1ONFlWa05iNThQNUJ3cjFXQ3k1T0E2Z3RQeHkwTHFQLV9sd
gogIFJlSFNwMUQ1TXViUHRNWW5yU3JFY0dlYlFyZXZCR0I5Nm5na1pnIiwKICAgIC
JBY2NvdW50QWRkcmVzcyI6ICJhbGljZUBleGFtcGxlLmNvbSJ9fQ"
],
"Rights":[
]}}The response payload contains the information the device requires to compute the witness value and to poll for completion. This is a copy of the request acknowledgement and a copy of the profile of the account the device has requested connection to: {
"ConnectResponse":{
"Status":201,
"StatusDescription":"Operation completed successfully",
"EnvelopedAcknowledgeConnection":[{
"EnvelopeId":"MBW3-XXJI-WXLF-QWFQ-TTJ4-EW2D-TXZH",
"ContentMetaData":"ewogICJVbmlxdWVJZCI6ICJIUzIyLVZPNU0tSk
FHNC1SUVQ0LVJPSFgtUEVSSy1ZWUNXIiwKICAiTWVzc2FnZVR5cGUiOiAiQWNrbm9
3bGVkZ2VDb25uZWN0aW9uIiwKICAiY3R5IjogImFwcGxpY2F0aW9uL21tbS9vYmpl
Y3QiLAogICJDcmVhdGVkIjogIjIwMjItMDQtMjBUMTY6MTc6NTFaIn0"},
"ewogICJBY2tub3dsZWRnZUNvbm5lY3Rpb24iOiB7CiAgICAiTWVzc2FnZU
lkIjogIkhTMjItVk81TS1KQUc0LVJRVDQtUk9IWC1QRVJLLVlZQ1ciLAogICAgIkV
udmVsb3BlZFJlcXVlc3RDb25uZWN0aW9uIjogW3sKICAgICAgICAiRW52ZWxvcGVJ
ZCI6ICJNQkhaLVFZVlAtVDVEUS1GUUFQLUFXRDQtRkxNTy1aWkpUIiwKICAgICAgI
CAiQ29udGVudE1ldGFEYXRhIjogImV3b2dJQ0pWYm1seGRXVkpaQ0k2SUNKT1EwRk
JMVGRWV1VFdFZFY3lReTAKICAyV0ZWRExWVkhNMEl0TkZoSFZDMVBRa2xGSWl3S0l
DQWlUV1Z6YzJGblpWUjVjR1VpT2lBaVVtVnhkV1Z6ZAogIEVOdmJtNWxZM1JwYjI0
aUxBb2dJQ0pqZEhraU9pQWlZWEJ3YkdsallYUnBiMjR2YlcxdEwyOWlhbVZqZENJC
iAgc0NpQWdJa055WldGMFpXUWlPaUFpTWpBeU1pMHdOQzB5TUZReE5qb3hOem8xTV
ZvaWZRIn0sCiAgICAgICJld29nSUNKU1pYRjFaWE4wUTI5dWJtVmpkR2x2YmlJNkl
Ic0tJQ0FnSUNKCiAgTlpYTnpZV2RsU1dRaU9pQWlUa05CUVMwM1ZWbEJMVlJITWtN
dE5saFZReTFWUnpOQ0xUUllSMVF0VDBKSlIKICBTSXNDaUFnSUNBaVFYVjBhR1Z1Z
EdsallYUmxaRVJoZEdFaU9pQmJld29nSUNBZ0lDQWdJQ0pGYm5abGJHOQogIHdaVW
xrSWpvZ0lrMUJRVE10UWxGUVdpMVhWMDgwTFRkUk5VSXRVRGRCU0MxR1dUVkRMVUZ
VVFVRaUxBb2dJCiAgQ0FnSUNBZ0lDSmthV2NpT2lBaVV6VXhNaUlzQ2lBZ0lDQWdJ
Q0FnSWtOdmJuUmxiblJOWlhSaFJHRjBZU0kKICA2SUNKbGQyOW5TVU5LVm1KdGJIa
GtWMVpLV2tOSk5rbERTazVSVlVWNlRGVktVbFZHYjNSV01XUlFUa013QwogIGlBZ0
0xVlVWa05NVmtFelVWVm5kRkpzYXpGUmVURkNWa1V4UlVscGQwdEpRMEZwVkZkV2V
tTXlSbTVhVmxJCiAgMVkwZFZhVTlwUVdsVlNFcDJXbTFzYzFvS0lDQlZVbXhrYld4
cVdsTkpjME5wUVdkSmJVNHdaVk5KTmtsRFMKICBtaGpTRUp6WVZkT2FHUkhiSFppY
VRsMFlsY3dkbUl5U25GYVYwNHdTV2wzUzBsRFFRb2dJR2xSTTBwc1dWaAogIFNiRn
BEU1RaSlEwbDVUVVJKZVV4VVFUQk1WRWwzVmtSRk1rOXFSVE5QYWxWNFYybEtPU0o
5TEFvZ0lDQWdJCiAgQ0FpWlhkdlowbERTbEZqYlRsdFlWZDRiRkpIVmpKaFYwNXNT
V3B2WjJWM2IyZEpRMEZuU1d4Q2VXSXlXZ28KICBnSUhCaVIxWlVZVmRrZFZsWVVqR
mpiVlZwVDJsQ04wTnBRV2RKUTBGblNVTktWbHBIV1dsUGFVRnBWRlZHUQogIGsxNU
1VTlZWa0poVEZaa1dGUjZVWFJPQ2lBZ01VVXhVV2t4VVU0d1JrbE1WVnBhVGxWTmR
GRldVazVTUTBsCiAgelEybEJaMGxEUVdkSlEwcFJaRmRLYzJGWFRsRlpXRXBvWWxk
V01GcFlTbnBKYW04S0lDQm5aWGR2WjBsRFEKICBXZEpRMEZuU1VOS1VXUlhTbk5oV
jA1TVdsaHNSbEV3VWtsSmFtOW5aWGR2WjBsRFFXZEpRMEZuU1VOQlowbAogIHRUbm
xrYVVrMlNRb2dJRU5LUmxwRVVUQlBRMGx6UTJsQlowbERRV2RKUTBGblNVTkJhVlZ
JVm1saVIyeHFTCiAgV3B2WjBsclZURmFWWE13WTFWcmVsUldiRU5sUkZZMFkwaFND
aUFnTmxreU5UUmpSV2hoWW01YVRsRlhjRlIKICBpYmtwSlVtcG9RbUp0U2pWalJUU
jBWMVJhY0Zwc1ZraGliRTVtVkd4UlMwbERRbVpoV0VaaFkyMWtkR1VLSQogIENCVl
VreFNSVkpFWVZWR1dGTnJWVEJTTTBFMFZsVkZhV1pZTVRsTVFXOW5TVU5CWjBsclZ
uVlpNMG8xWTBoCiAgU2NHSXlOR2xQYVVJM1EybEJaMGxEUVFvZ0lHZEpRMHBXV2tk
WmFVOXBRV2xVVlVaTlZua3hVbGRHWnpCTVYKICBXeENVa1ZWZEZGVVVtRlhVekZJV
ld0YVYweFVaRWRWYkZsMFRtczFUbGRwU1hORENpQWdhVUZuU1VOQlowbAogIERTbE
ZrVjBwellWZE9VVmxZU21oaVYxWXdXbGhLZWtscWIyZGxkMjluU1VOQlowbERRV2R
KUTBwUlpGZEtjCiAgMkZYVGt4YVdHd0tJQ0JHVVRCU1NVbHFiMmRsZDI5blNVTkJa
MGxEUVdkSlEwRm5TVzFPZVdScFNUWkpRMHAKICBaVGtSUk5FbHBkMHRKUTBGblNVT
kJaMGxEUVdkSlEwcFJaQW9nSUZkS2MyRlhUV2xQYVVGcFYxVmFNMWR0UwogIGpaU2
EwNTNZMjE0UlZSck5YRlRhMVp6VDBVMWFWVkViRUpqVmxwc1RtcFJlbEZ0TVU5VWE
wWXhZakowQ2lBCiAgZ1NWSllWa2hsYWtaWFdIcFpkMVpJUm5sVlFXOW5TVVZWTTFk
V2EzUlJiRnBDVkZVNE1WVnJNVkJqVlZJelUKICBqTlZNMWRHT1hoUlUwbzVabGd3Y
zBNS0lDQnBRV2RKUTBGcFZUSnNibUp0UmpCa1dFcHNTV3B2WjJWM2IyZAogIEpRME
ZuU1VOQmFWWlhVbTFKYW05blNXc3hRMU42VlhSVFZra3dWWGt3ZVZJd2RBb2dJRmR
NVlZwSlZXeGpkCiAgRkZyV2twT1V6RlRWVVpLUmt4VlZrZFVNRlZwVEVGdlowbERR
V2RKUTBGcFZVaFdhV0pIYkdwVlIwWjVXVmMKICB4YkdSSFZubGpDaUFnZVVrMlNVa
HpTMGxEUVdkSlEwRm5TVU5CYVZWSVZtbGlSMnhxVXpKV05WSlZUa1ZUUQogIDBrMl
NVaHpTMGxEUVdkSlEwRm5TVU5CWjBsRFNtcGpibGtLSUNCcFQybEJhVkpYVVRCT1J
HZHBURUZ2WjBsCiAgRFFXZEpRMEZuU1VOQlowbHNRakZaYlhod1dYbEpOa2xEU1hk
T1Z6VkVWMFY0ZDFOcWJERk9hbWd6VVFvZ0kKICBESjBNV1JVVWt0WGFsWjRWSHBTT
UdRd2J6TmpWRlpxWVZka1VFOUZTbmhhZWs1NldESmFNbU5ZV2t4amJEbAogIFRaVl
pyTWtOcFFXZE5WelV6V2pKd0NpQWdTVk15Um5wYU1EbDNWMWRHZUZrd1VsaGplbGs
wWlZka1FrbHVNCiAgVGxtVTNkTFNVTkJaMGxEU2tKa1dGSnZXbGMxTUdGWFRtaGtS
MngyWW1sSk5ra0tJQ0JJYzB0SlEwRm5TVU4KICBCWjBsc1ZtdGFhVWsyU1VOS1RsS
kdaRTFNVms1TlRrVkpkRk14WkVSV2VURllUVEZvVmt4VVdrcFRNVzkwVgogIFZWYV
VGWlRNUW9nSUVKU1ZtUmhTV2wzUzBsRFFXZEpRMEZuU1d4Q01WbHRlSEJaTVVKb1k
yMUdkRnBZVW14CiAgamJrMXBUMmxDTjBOcFFXZEpRMEZuU1VOQlowbHNRakZaQ2lB
Z2JYaHdXVEIwYkdWVlZrUlNSV2RwVDJsQ04KICAwTnBRV2RKUTBGblNVTkJaMGxEU
VdsWk0wb3lTV3B2WjBsc1p6Qk9SR2RwVEVGdlowbERRV2RKUTBFS0lDQgogIG5TVU
5CWjBsc1FqRlpiWGh3V1hsSk5rbERTakJrVkdNd1VWWmFURmxWY0RGYVIxSnRUVEZ
LUldOdFdqQmhWCiAgMGt3WVRKV2RFOVdUalJOUjBVell3b2dJSHBCZEZGWVZrdFZl
azVTWWtWb1NXTXhaRFpXYkd4WFZHMWFTME4KICBwUVdkU01HTXpWMFk1VGs0eFpFd
FNiSEJGWVVaUmVGUnFWVEJaVlZVMFdrWmtDaUFnUWtsdU1UbG1XREU1SQogIGl3S0
lDQWdJQ0FnZXdvZ0lDQWdJQ0FnSUNKemFXZHVZWFIxY21Weklqb2dXM3NLSUNBZ0l
DQWdJQ0FnSUNBCiAgZ0ltRnNaeUk2SUNKVE5URXlJaXdLSUNBZ0lDQWdJQ0FnSUNB
Z0ltdHBaQ0k2SUNKTlFVRXpMVUpSVUZvdFYKICAxZFBOQzAzVVRWQ0xWQTNRVWd0U
mxrMVF5MUJWRTFFSWl3S0lDQWdJQ0FnSUNBZ0lDQWdJbk5wWjI1aGRIVgogIHlaU0
k2SUNKMlQzVm1aRU5DWHpsSVZEWkpPR0ZoY2xoMmJXMVBlVTVUYkMxM0xYaDVTamx
zUkdwQlJVVTNOCiAgelkzT1ROMmJERk1DaUFnYTBWR1dYTkNOV0pvTm5sa1Z6WnBk
R1o0TjNkMGVVazFhREpCV1dGb05FSnZjMHQKICBDVUdWSE5YRm1TVlpZTUdKRVgwS
klla2d6ZDIxZmNGbFVhSFFLSUNCd1dsSkhWV1JmUTB4c1IwbDVjVnBwTAogIFdScU
5uQnlZUzFTWVhSdlEwUmlRbVJMU1dkUVExUkpRU0o5WFN3S0lDQWdJQ0FnSUNBaVV
HRjViRzloWkVSCiAgcFoyVnpkQ0k2SUNKc2NtTldaMEZzZUdsM1RUZHBZV05zYlVJ
MGJGRlBMV1F4Y1VsWlYyOXBiRWRoTWtGdWUKICBFRnhWa3BQVTA0S0lDQklkR000V
GtSYWJrZDNWWGxuTm1JMmJGcHNlbTlXWjFGU1RtZFBaRWRSWVZaeFZ6WgogIHpUbV
l4VVNKOVhTd0tJQ0FnSUNKRGJHbGxiblJPYjI1alpTSTZJQ0puV2taSU1VeGFUbTl
CUTIwd0xYZ3dkCiAgR2N5T0hsQklpd0tJQ0FnSUNKUWFXNUpaQ0k2SUNKQlEwdEtM
VUpMUWpNdFNqYzNRaTFITjBoYUxVUkdTMU0KICB0UlRJMlRDMU9TRmhYSWl3S0lDQ
WdJQ0pRYVc1WGFYUnVaWE56SWpvZ0ltaDJObmgyVGxoUGMzQkJPVTFPTgogIEZsV2
EwNWlOVGhRTlVKM2NqRlhRM2sxVDBFMlozUlFlSGt3VEhGUUxWOXNkZ29nSUZKbFN
GTndNVVExVFhWCiAgaVVIUk5XVzV5VTNKRlkwZGxZbEZ5WlhaQ1IwSTVObTVuYTFw
bklpd0tJQ0FnSUNKQlkyTnZkVzUwUVdSa2MKICBtVnpjeUk2SUNKaGJHbGpaVUJsZ
UdGdGNHeGxMbU52YlNKOWZRIl0sCiAgICAiU2VydmVyTm9uY2UiOiAiVHhOY3Eyck
5JSzhCZ0did215Q2NCdyIsCiAgICAiV2l0bmVzcyI6ICJIUzIyLVZPNU0tSkFHNC1
SUVQ0LVJPSFgtUEVSSy1ZWUNXIn19"
],
"EnvelopedProfileAccount":[{
"EnvelopeId":"MAMQ-ETEA-JBL3-6UKE-LRNT-DGC3-OIDF",
"dig":"S512",
"ContentMetaData":"ewogICJVbmlxdWVJZCI6ICJNQU1RLUVURUEtSk
JMMy02VUtFLUxSTlQtREdDMy1PSURGIiwKICAiTWVzc2FnZVR5cGUiOiAiUHJvZml
sZVVzZXIiLAogICJjdHkiOiAiYXBwbGljYXRpb24vbW1tL29iamVjdCIsCiAgIkNy
ZWF0ZWQiOiAiMjAyMi0wNC0yMFQxNjoxNzoxN1oifQ"},
"ewogICJQcm9maWxlVXNlciI6IHsKICAgICJQcm9maWxlU2lnbmF0dXJlIj
ogewogICAgICAiVWRmIjogIk1BTVEtRVRFQS1KQkwzLTZVS0UtTFJOVC1ER0MzLU9
JREYiLAogICAgICAiUHVibGljUGFyYW1ldGVycyI6IHsKICAgICAgICAiUHVibGlj
S2V5RUNESCI6IHsKICAgICAgICAgICJjcnYiOiAiRWQ0NDgiLAogICAgICAgICAgI
lB1YmxpYyI6ICJuaTg1UWphTTh3VTV2Um9LbXdueEQwRjljNFNLMzAzTWswR2FkNV
dsSjhoZ0JpWVd3OW9OCiAgem1pMzJzdzhYQW1lcjZVTTBTb1RjMjRBIn19fSwKICA
gICJBY2NvdW50QWRkcmVzcyI6ICJhbGljZUBleGFtcGxlLmNvbSIsCiAgICAiU2Vy
dmljZVVkZiI6ICJNRFNLLUVVSFMtUVhHRC1MS09GLUFWQzctVjJSSC1MVjZaIiwKI
CAgICJFc2Nyb3dFbmNyeXB0aW9uIjogewogICAgICAiVWRmIjogIk1CWlAtV1pBWi
1CNktRLU1ZWVAtSDdLRC1WVkJBLTdUNlUiLAogICAgICAiUHVibGljUGFyYW1ldGV
ycyI6IHsKICAgICAgICAiUHVibGljS2V5RUNESCI6IHsKICAgICAgICAgICJjcnYi
OiAiWDQ0OCIsCiAgICAgICAgICAiUHVibGljIjogInRSODVSQ3FXdjgtWDVCazBOV
TRFVmxqUUZKNTg1Rk5FM1p3eVd6WFNWdEpIaXgwRlo3aloKICBRN3hnOXV1cnc4S0
9LbDVNMFVXN0xMT0EifX19LAogICAgIkFkbWluaXN0cmF0b3JTaWduYXR1cmUiOiB
7CiAgICAgICJVZGYiOiAiTUJEVi1YWE5ILTJSVUItUkJNWi01Tkc3LUwzQ0QtM1RI
ViIsCiAgICAgICJQdWJsaWNQYXJhbWV0ZXJzIjogewogICAgICAgICJQdWJsaWNLZ
XlFQ0RIIjogewogICAgICAgICAgImNydiI6ICJFZDQ0OCIsCiAgICAgICAgICAiUH
VibGljIjogIkhVd040UlZoR2N6RmxPbTJiRGNldnZWWXlkNmdqZHEzM1FxVjhVcTM
5ZEdhc1J6UW45X1AKICBWZ0NCUklfOE1qaXZlclRLZGFhRUkzMkEifX19LAogICAg
IkNvbW1vbkVuY3J5cHRpb24iOiB7CiAgICAgICJVZGYiOiAiTURQUi1GSlZXLUdLN
VotMkxKQS1MTVlWLVhTQ0gtSEUyQyIsCiAgICAgICJQdWJsaWNQYXJhbWV0ZXJzIj
ogewogICAgICAgICJQdWJsaWNLZXlFQ0RIIjogewogICAgICAgICAgImNydiI6ICJ
YNDQ4IiwKICAgICAgICAgICJQdWJsaWMiOiAiNTVqVWttcW4zZ3dHMGIySHpEVnUz
SGxmNXNPNkdnVmxqX3ZhWUZ3QUVrc0RjTXkzd3l2VQogIHd0OW9qa2VVS1Q2MzA0R
HdmcmgtVXc4QSJ9fX0sCiAgICAiQ29tbW9uQXV0aGVudGljYXRpb24iOiB7CiAgIC
AgICJVZGYiOiAiTUJWSS1FV0xPLUVJN0otT1ZBSy1HR1pILTZZSFctWkpTVSIsCiA
gICAgICJQdWJsaWNQYXJhbWV0ZXJzIjogewogICAgICAgICJQdWJsaWNLZXlFQ0RI
IjogewogICAgICAgICAgImNydiI6ICJYNDQ4IiwKICAgICAgICAgICJQdWJsaWMiO
iAiZlRVM1RlQjEtN0s4U1pwbzR0UXhaUHBKQWItX2QzTklkSmhsa3hXYWlab2dKUk
VLOWFkUAogIGY5S25zNW1xcjExVVRUb0lNaHpmZEphQSJ9fX0sCiAgICAiQ29tbW9
uU2lnbmF0dXJlIjogewogICAgICAiVWRmIjogIk1BTVAtQlg0Ry1BS0syLVlIUEEt
SVhKVi1aMktWLVVYQlciLAogICAgICAiUHVibGljUGFyYW1ldGVycyI6IHsKICAgI
CAgICAiUHVibGljS2V5RUNESCI6IHsKICAgICAgICAgICJjcnYiOiAiRWQ0NDgiLA
ogICAgICAgICAgIlB1YmxpYyI6ICJZNi1EMkRiYktsYVZYdkc1WlF3ZUxkNV9rUDF
FQ0FDUjQwYkRtcGctWTRLczkyRk5lLXV5CiAgc1dVck1fTG1RS09JUGpqcjVMOE5P
QkVBIn19fX19",
{
"signatures":[{
"alg":"S512",
"kid":"MAMQ-ETEA-JBL3-6UKE-LRNT-DGC3-OIDF",
"signature":"FOqGS7sd-l-iXeW0NnWOIUbmJxw0SLBHk_F4VYya
8AIu23JVKebgbH-MtSAK_-0FVuXyWcRUdT8AsHeGljsGe7Y9tN4q_NT8tIASs9ZsZ
a4HXUyAB3vOzMuSO6wi5bHehc-zWhkEPZhvdiBMcizkODYA"}
],
"PayloadDigest":"pbnx3FGeWuZWOrANRD5vo3UYnkZRpHGmpLwSWVJn
sNZ4SFe4qVn-hfNrZ557hnJhp4aD7EN2p6B7IVNMmuK_9w"}
]}}The complete operation is used to complete the binding of a device to the account regardless of whether the operation is initiated by the administration device or the connecting device.The complete request is made to the service, not the account. The payload specifies the account the device is requesting completion for and the identifier of the completion message. {
"CompleteRequest":{
"AccountAddress":"alice@example.com",
"ResponseID":"MCXK-BPYI-YM5Y-N4LL-SFZV-FXIC-AHX2"}}The response payload: {
"CompleteResponse":{
"Status":201,
"StatusDescription":"Operation completed successfully",
"EnvelopedRespondConnection":[{
"EnvelopeId":"MDAB-RJHV-L6YJ-MMJQ-7NMX-KEC3-OV7F",
"enc":"A256CBC",
"Salt":"O8Uj4gwarhvGVXtHSZILuw",
"recipients":[{
"kid":"MALW-QXX4-IADE-A4ZY-GRFV-7FRV-6NMZ",
"epk":{
"PublicKeyECDH":{
"crv":"X448",
"Public":"esrl5mubQKc6CuEwUCfddN8mPL6y-Zgbqto_mWt
RVOCd5aUdaH4GYAs11vS10ghxl0Tx46VA4CqA"}},
"wmk":"lnwh_VDch144FOT3VBuOr4GqxSKP_ibMl5GzjpsdYnV-DH
g_RgFEjg"}
],
"ContentMetaData":"ewogICJVbmlxdWVJZCI6ICJNQ1hLLUJQWUktWU
01WS1ONExMLVNGWlYtRlhJQy1BSFgyIiwKICAiTWVzc2FnZVR5cGUiOiAiUmVzcG9
uZENvbm5lY3Rpb24iLAogICJjdHkiOiAiYXBwbGljYXRpb24vbW1tL29iamVjdCIs
CiAgIkNyZWF0ZWQiOiAiMjAyMi0wNC0yMFQxNjoxNzo1MloifQ",
"SequenceInfo":{
"Index":3,
"TreePosition":426},
"Received":"2022-04-20T16:17:52Z"},
"i2vnt33aAT5G2z1GpX34VU2Za7xBLIuh89Pb2igJgnMreLANZgTCLxeiH7
7hfPk2Y6IJuLjOMx7asQhAVbQxlTtTSGZLetwH2yI8L4SJc0xZvNGJph4Yp1o9lvv
gtrHUbMWZotTFPPkCK7OQUKggxG6EhcmLqh3NHklcVf0wJSw8GnrICThwRA14kE_P
OCB-YaknBUbPDcjUF6h3kqmzQpUKdECkRYfP4fvH__UhPHApDU9x8vkdT2DAi9lM0
m2tVygkCdr8FWF69fXY7jCuehm73alPKex1AGvUxW_whD_xX26Jtn9sRlwYNdpudP
vVOUAqNmixjFuGRa_toPlkkKQYpsLR9IhQo0uNySh69xF7qnqsDEdjHialrZR_7w2
M_KSsFXwscfwzNswqBAWv_MEalKzhCa7c7OQGfJc1gaTpCGIkIlQbZMsUM6GQSc48
w4rcfncYmCe8JnxdGX9dc87RisB0WjBJN7zQB_HCZRKPcpcLYtF-XwwjLuhY2bLGt
kw8LrpX_TPiNSJpJ1Tkna2C6NyoQuDc_wouv9SYDKkbi3vf2jRQ7rWdAgM1O5m-yO
ab3N7gxGEkoGznPxdyufZ0GlBBRPCFk5HTh7bawMiXXdTHVSogY1CGoZwASeeMLNM
0EP2jgPc6slb-LR6ppeH719OrtwU3mV2ViYG_-jesL9A5SgEsjHomGDQihnWWD1LW
9B5lebjGnKPDn8yA_TGlpvKpazJiTuxa88BpEumOJ8RJHjnuM0gU6PzQDFc120F6s
2P6c2ImpnUD4178SoFgXTZaKm6Ak06M_DR-J8yV03gbiBKvHa9QAAgx-e_mq69Jan
qfI5OZeU_Ysm8k4HM6AHW2ed8Nzh7xPqsT1s5Gm7RRkELl4VaWY7gSBHsHxc5k7ON
CF3ahlokXgInUOv4nJ_VPVGwBk-x2Pr4cJecCSNb6I39p3bHkyX_Cd3J3OZvnoPyH
HsAeOyBgWfya8VbBbQr0_YbfuyeTzxcXVfJog78o5w3LXTT7qnkhsA0wnMNiC4Miz
F6jDhVezcoHmgvSLw7zlXbY9KJl9eCaEKQsdnYLEPg8QzvngcbOVat1TkCtJ73Gr5
RY9n3ScQwvZD7h0FECForUOR8YAG0eOrtbDRzqJkCqmQtPfD48IxDk58GFh71BYPq
pXg3_TlYChPdZLr5vCt9YRZGyC1RCSSD3VGW6stYkkSxhWC7EtmxeMjLBFOEVP1eD
260FW1YY1p-7vTrHEUa_2P-fTNWdljIZvWr-WZg5HdzA_MHAxT6doyFY3khy3skgb
kHK0Nek9y3QaT2MbMP66Fnq6iDCy1mlP2i25wt1cwzFu0lMv8WDrg-q-2-90_G7dH
r6MunCniPMwwM8pMAOlR0O9D31sM7Blyjs2wB4HtgwAvyr2PYr9O4eovAzAldj4I-
zRAhxxczC2WyiolUQp0w1PAL00rLmZ6AU0JtK_EKd3NxDt4a2VRxFDsaqpMz5U-3e
Yk2Xp_Lx-ddSJt648-D-OSLJANnbDg83yMhDOW1TqVNLB9McAuflVQ2j9gT_QS65M
Fxi_wM3oxua4jDjWE2kq3GHZHFPrp5BJvC6Wcqz5dgO0vQzvc1vhnvOekrwNJMh6Y
5JRqRG7J0QHw0zKmwhkVdtGGc_OU5xfvPOMqzEaG9TqD8SvJTWK7uBZ6vLAISzhQV
vnsisIAc70C_6JcILwsHA0fvi7OToKlLPLruRLZXKsGkUvpfWDA9R09Gud_l-EHYS
RapKxfJr-7YCTpLmdNjTIbvPP5m5dPvWFi_FgP5MNwamuB55nRM3j_dn8-i1MdEI-
2RXMnKCtFX5U6FeS5f1HTRjRXBS0rX-rSISmZ9q81igy27X7Ym_OU-YwVfdiDbHB1
PWNb6dcxIyt72MYmBcgij0bZLVDifNmMWt3rhj4F6nK_9wi7v8hEYoDJRel8ZgMzR
BbFUEl9lfCKI7uJMQ6PlX9KEGFaRsWIrI8tmObWOeK7DRBPcVS1lHSE-cjwH8oZng
AZWEh3Mw5OQhGOwg15W5wQHbZQ1qMl8HHebqStq6x_k-P8vQQXN0ZfCGCJIzAycI1
2t80pwAzmFiK01_IxqlUpJaAZwqVAw2QPJvMzoIzmAY4Q7TjlQWpRALilN1gAgh4K
ON6QQUGFAhANkffw2PYA3xrR6EHt7ODQLUpArEey6Ua25HJOJa4pX_Q9DSAFkRdER
UVtJd6pScTtrs9sKgpoMWlTtvF4yDB7uDyPO4PYM0n6HsXBtvBjH9N-KjJV07UIuR
0tvG_ghZOZtvEnhcwSHNAAJLU8qdiRF7yxApz0Cg5cqEac18Kwf43DQAMn6XeDp5e
GrO7rpd80BBQw04XNa_CCg9A4PvUNNWH9rnX9Uq70Rw5gCkqYUAHzQsoSRuNAh-Tp
jE7GpeGQQF_tc3438qbq1LU7M1PV4LcLtX45H2tYpVCUUYoem6YlYgxa1bdbS-dtC
JYGlp997n2VuBau-Sfsa2EHMPc43KH12FgvqKh8CnKvOXYf7ynBlnccWhSknNvHqr
IUMGel3TuuGQyvEU3F_4LrFPDP9oZ0ObZaks39125vkSr9zsDBcbgfWAykaOZ-H7L
Et1UNbQ_oxaF0mbj8wOynCKqSJBTCNE7X98WmAKzIrPr2mdLIdmWG_-65Q6KfwO3F
Qc-pPOnTqfG5keyz15C2Vu8IqfJ1yHp_0e5Y1R1WHh98MXyFPWPe5FE1h5FYOqC36
K1XcjqxMXpVv-oDs_Bi1JVkQ_WsrIYxoV2ZnaNxv3Tsn8FHZDsgBTuZZALbRuKb1B
KuzBpfzDl81UeKefZmL1jGnfT8pV8CH_xr_jZmWvNOKWIEQH7P-J5W29Uf1wTsaC_
-QCoOuPRcbDyHgNRy7RQkI2ptsHFg39NZTxLTBcWMCGFPMHoQh5OTCFjAHjt9Ugwj
a4Nq31rOEA-2E5PXdXbBXbasLFsvaKQ8PxZWryel50ujaT-eVO2QB7zYVXaROoAov
UAF6Lj_UEeLrsrFVFwqMJPR3ZvRnSdYXyL6cLbmg45GyPRWO92I_lK59AnW-U8gGg
3CgjwXlBhO5YdDbla2NwnVp4DRYhiClmr55KaIpOB9SC-UNVlKUQ8S8d68M0KJv0y
cfIjLM_ptiHFK3RmxhR9L_U2iYs36DJvfe_GYCGDX1wFAXA2uHCK0gVYGhp_R3l6U
xRXBmL4ayZR7dcmeiuS_yWGHzKBsmfVHa9-wADzYxNoo0v3OQX7DMIYjriH7-jTUN
hkmZuZJo6o-7wQF_kbhuu-ukDi0AC4-2U3FEqNvNA5JwZWvaEC0EY1VVJSg_fAPjO
w_m4OPLRk2cTh5PpfbBCM_VzdFSAng_JhpMEOE05NP8Iha3KUeClhpZTIttPbuKod
oO9whAq3GZRnesDr9BoccsL_cAFfjjf9Zf5AfPriLxC49q-kDkpaLIWE1NCwUL_48
McF_9cUgq4nWyzOTbNcVvtmIimQiEvK8x-Mh__ge-ttkRGvGo8Cpp7dy9A4ctAcOM
f12HYRn8jk4ndu8wipkwpkJ5KmvJAm35amQ4oxPOniTUGqTaFXg8InNBcbPQC3a5x
VKafF4T27trV8nndvjJl1fOImKtWtVQPSSn_xZ3xMphYbnQutFlyHRBgZ_Ta9OqfY
uUgRjCiPYCDf_UO0cXZFgj38eSBQvRuyg9iMZb74bXlMPD1V0OTYC4D2K0V4RlKsg
v-pUL-3QXMqgLv6F2YIXcrNID-THOUhrW88983V8PLz1pweVvCGfAk0Mx-rHJgWW8
R0Fwh4fqVEGEOqELsrbePfzfGYrDQ9L4MUgNYj-QRacWSTSOzgMNX3aODT_GkJArM
xZX9ap9-f0Pecf0d_pzffvflxX-edhBhyGAXFddxlsCXjR-evGXZJa62UN9cxpMCc
WjdwEOji0a1SkB_syjPbPV8qwUK9b_bT00NgYnOJxTDMO-IOAZuq2NIPnxCNoei23
nmvBgR9JRco6RUaYq8XA0GdPFuuS7FkGed30g_syYkKupqEce0avEYB4Zo5qQJ1xG
Mzcd3zRJq5q6AX5qUqi9m0cN-y-dwRM9u1K-BrKMRfgTP-ljSFbpjopniMw4NhW6z
wO0jO6j1Ca5Zx94_8AsWcjs_Slhl916mNO3oZpdQ8q8knLIhMlxegTArY8ygIWkdt
1nlfbnfE2irEoW_Cs4m8XDntpQhFiLnTWyc2tqBRnswIZ12A-seHYNYgcYkdjQxah
RDNqegKMx9UhziHuf0herXC7APrRWwcOtWxfDpNQ02OTjdVgIu6DFZm8UfobBhP-v
yO2SXRXNxbchb_X4-VYThF0w5WZ-zXczJvrEgB5hLhEyPd3DJI_z6keUS_aOccXd0
EsL4YjjXzHdM3rTWb9sx1RGF0McSP9Oesctb6rd-9hru_w7lZGCmNWBUjIpb5frlk
ep97XgWc9g-QHqWEFVCLqRLC5oN-bfm_YlKgOve221FVl3fgCY_Lt9EHz6ezdhxLF
48CMdSR4McZqdvHdvl2BGJ91waDQGCxVo5viml695Vjc2UFfTTS-m_UKE2XTD_gRQ
ry8Cm2sjwwIkgPfajTFmWvrnuwJKD6XZ2nJay_WaRDFIvnSwUC6lc9sklISUN-KUD
m0N9h13_yf1oeBfBuYWkWpGsHA7gh84Fron2q_HRIvFonusa2iUdYC_Jpc-33KMgv
QVuBmUtDmwnVP5oUyl6Rc5jIogJI1hOdM7pA9KaUqJIzhlRGNTkXhJdvssIQwGJD9
jTt9eiEJ77J5t6WrrqSsEt-X6xVS7yclQbOObz6vTWtAtu-pMXPL2v5cGRZT-1EuM
gv_ONcfVkM1ayEMn7SWSh0bWhAWIYlF0FdC9tj1OqPxqAIYdQ8HvUGIY7bfvhiS-G
Yis0warjM5DCs57yEGWnQoYoa86VZwkXBwjJNAifZZSrxWDFWP8LymB3scuRTiqy8
IYaeeXxq_kUYEyKub_9Qxo-XH6QTLDKiEZEnMY-nLzhrEUSiPrrdafIopvgddXoF_
FhLtKAVg0c81s-oDZxJMf571r3T3JPveK6xWj_jYbQEbdKba1_WYgG_5BrcJwX613
FjzznV1H1r1lhXC_tnoJoydmLjNRnE_s6sjlMNgg_VwMpDc1Yy9zazfe5rsplwCfv
rEcJQx3otshuhGOKDHPY_-CWIjX51vPMN6KKkZTp5tSikzumezx-dqa5F9d6FYszs
FT6Hg5ke8Plx-1xHnTDaM1LsJ0KsKUofizJ3hBMynRbA5mfxx4HdgjDbNJIKjCKI3
cccN1gmXXMk_-68YER7IA0lcsIvK8JeUQ1oN3yTBch4zIb4jlG4p56y7tam7mndOj
InYhatoArpVK-FDXIKS2E_OrpwgHaF50wlC-kPtkf8xXBy1Hho8BrsVbSoENHbPUd
G7mTpjVQzVRRwvRx6-Gj5uE1YbWUovofYFmAV-H0BlMi64T8_d3fLIImktI5wHF9d
5c6EKdF-0zChz8I8hvZVtEzxU1URFGePmwbrDIH9iyIeijfdGLvVUd8wIVVPxF8iD
2uUD6afQBma0A304GI7UR7RDg7NNpsG_JzQeeptd0kQBilT8OoIFrfThEFiPfKD4p
7biPLhR5GWIatO-RbGPA4x5ZhPe7egDdYneicIN_lnV6dNt6CTHc1o-ZQYG_PicNB
nYPjL6DCtK4rvJ-7xAWxzttr2h-ESBu-_yTLYSxTAuXI2AsTT_1NvRuqUnkM32uAU
NM1gQPp-fVvbZjJGbyNwcD6LQP_LjndXOllkEbfc8gwVgnsZAm85LGdDvXLSXBXFu
t8zzGduwKLJqqMdLJRzZrOB4vwJOxOOTzbp94pvHRZvgGTHuxRjO3y1Hi16end8Sr
u6oOMT-dZS7G2Ky340ElxzWFGOvogoBIu9r6mz5UWd8q9B75yOMSvoSyk_vi97f22
2AwaRlF4GIor1J6zNgPqoOxynF1748e0XF8kKD_84ydUuk_MP4UrB_xPCMDmUICcC
5fGjPYu-BUyVWYSZMBq7XmUHZH5tUBVOuOV1mbEcR3PwtsyF1us88BznRBqaMZ3X8
kKY-2nRjqxVwAldpJyoeL5YCbZzV74FflGfhNgFoSorOAn033fhaajIFb501W0ftm
WcEFC7fLPse8FU1HLBrNSdmytdTWLzD-0iGPychvfWWhddz0ON3rXonjmawU7fznP
JUMDH90IIteh4Pu5rLNZNaYB_phMXXoBWz3eq7U7_d4FD3SdXezFPpqX8IPlpORgo
pCH59YAcOQXKzT1hn1oIGkDreN7ODAlw58YhiUWbwdADhkBKd6lzxzjRCmuvqGUG2
HRCJwQxvsHnv51hgnSw9K-z4ejEjO_jDP1__jS7_kjT1pGxpfZ41i170EsxXitkWg
fEeBifO8nc12PXxtx0tCl0XFVQPrNw8Q86gGT5m4LOviy7rV8FstOnHbRNKREvvOJ
woyimYrW-gAgrA30bp1QulnfNYs4GciCXn3-nncFCrxfSsE5Zfv187vHin23rLd3a
ujseWbHxoUgLNjtRlvSpmqJIN7Dd5Jt8Mx9EACQjqRS9w4V-6HTrlqyMeEqXqIpH7
nzowBfClRWKKNMJuSFWwuQV1bS6V-bNRMBmBF-0Gn_mxcR03pwQMpq4SdMlOIKoNG
GRaA3zrUPfP_ErEDaDMJMfiFrG1RRcWpRVx-PVNcw7dDd-6-pXD4ziG-AFx9vrZSM
dJvqoOI5LVgAh0JjZjU2pKwuBCofh502CVTEBYDq1lI4NneOY_mZRLCqqW9mTFFEE
3O4HZsITZwvqg1yL3FeBt-LAL7OQDkdU0Jluioapy1L-ffeTsps_Mou7F0Y5hJ7vx
fNdFC-gKBEJUC7OWt0pzFsrttB8iw8PjAoeLt0ZLOyXaMt3OEvjTQb4PdEmWIvbIW
fW0UiqwMBIR4cBSjBeRhuPIS8bM4GySVopEqwhbqlAOK6ajTI7Px7prU6JquC7FEh
NE8A-uW9MHY-3TRYUeQxFAdJ4aL7diQiFn3LE8R0iWSubExh3cJnQpRBchVIR4V9I
O3Lf_523o0ga6UAQiSExNE3yDU_o1hbBvf7bNLwfRzJWRxPgvb5N-4mVpA1Xww4fp
Vahf8ZRF79Jv2mL5FcmXcg8AGZwbeJ0iCB5704w6meUKE_aBSxMrmmwvz2_Baij6S
oT5ofq4e-_HLS4SoT67JRAUp8BtDvusRDyoFS0EVzsU_9QglII3EofzH-KGWawGe5
oZko-vFcX-Cp7YGldHfgZ9-Thg_QMaMcheydqqD22z4x-z4xCXVtDG9os56qybKwU
IJua0q_XzYyIsG8cnq0V6DIf3-hPewASwXafqhan8ERlBxO2zTQhmFy5IQK1mAmp6
F_yoK4Ccp8p13fn0iJ5biX0KOxFMP4qhBssny6IChp9ggqEuGMM0u19C3MKzG5prb
ceHAur6x2TsBU8ev1RTkPxKtBk206Iwm3NQpOyCsqQKFSjbQdGooUWqwSJB7wlhmN
orT07dzxX5fjVI7e2aSsGH5L3TzvFNUxyhLpbvOsjwmdhH_OR4xEXGNvBfw7RyJe-
MBP8UM33tYOkVv0hdVj7ncCqGEPPJfpcVlqSjoD7SM0T8boFXF408g2Hb-epJLtV6
_BSCfxwvuaLMHNquMGZgqMM8D6wqxpBVWzyKA6ZruZ1L_9KYHWyL7s8i4j7iW2QCh
un6RAmLSxs2EECwc4stgnhsWBL0MEQ2TUmUBpwX9IlgqHD82UoX-JqnbCKtVNGe4c
6tjDOZ4IJW1MrM6v3oYo7_xZnQ8r-VK9Q_GZNXOJbFwQjkucYLTdstAmyHLooJY2s
Z8_4jmQdDAc_amP7wmbZ-fet7aHX54J1Uy5AzRYNoYvEn-GV1rc5_uaXSa5u02hmM
d2pC9PXHyCKftDki0f3P_bn64GYYuicreI4WPRfG-8JWa5ERz5TcvNd9sx2WPFi_1
UX6D7dPIDn6xWIe0_19EWUZjBs_GoYu3oPBUKUyTB9_V1VAAic4UBYIZlB7tkddi6
W8coweyobQjcug5t3rG6pTqpVIZMPtcRk5URUcdptg9Xgq3f-Vj1UmVvSLlhvlhyg
5LOGQxc5HjyLOvI_VG3CuORoVf0BwvEDnBvm_FeofYjXJraIZeWmH3ERzGWJF7IR0
nV7vzgc2BD8XC6hDfjoMPgR4lJU_yrv4Eoec1oh_wl5vw2j8IUG08iRv-FRVNjCZE
_BwIbuqQ_MKQxxnaQfklqbif3FV7ydoXeZKgHKQXjmmqsA0FxtxXUsZhvsKAYlvFU
sdbmKEtT_fYVJN7Djp_s4vndQumLuHNduJFGQ3s8RZKjhJhzkAnmUFrjeCiab-oRc
2N4q137CJgek6fo5s47nqyeREadh_-3BA_P_V8Bpgu6KI2pb5dmxedk3hvUO5v1eX
zKV-mEk7gZ6Cu2wgvFxAgnOgyKmNFTUGRvDfz1WEonZXu7zH3qSpiX5KzOyPi8pG-
4FIRY4mpclyCm5IPxR1u0TPuhqyTJ7jgBzBOOELXDZF6FL2AbSkkpx2LLVlBqkk0z
VVkRQdPYUtdU0uC3CQHlzAIS38cl7gklH_xR65qedyYLHAnorX756RvkvJecIl7Z0
NbhajUlyC0Qg3dIAZfgfQsDeGFwN-HCCYjfWtnN8TncQrpU1QaN3_8iG7u_BCCQd1
poH2XCJX9n1tNtE8P1TR914bolGPBnIcjDNL3VCo8ZKjHSm-PwXpGOGdXe6gScdbD
croaAbRjKK1aWhyyQeH4wvfHL-xk7rfOYKzQY0LLzBMh9n-g7oLh-YFyyNfcKesSw
jy2p9Hp9jmcr4rni9owUZOkK0KJLBtG2Rp95K0ZieZxD_FQansw3zG6sqd7PDpeHZ
dQHKmK3qHNZCt2mIBmp5sFylieCEVgb1NE19MwGm4mZc_ZfLdwhgJSDfcoUdAqj7b
GWzCpCocg0xZBzKlEZDl5clmtJedlHNepgCn_7tC-2Kw4maKidEHAcEnCVuYS5nZh
D8ER3tBQt3R2CxYA0HvpUUQcvhwK8GyYrzSx4XNt5U4TmKnJF5DcDfjYXZlrze4h-
xBICXEqqfEEE4xUK4ga4vHXs1eVzydh7S6C4W0ClkOp-eZhwznzTjq4-eSH1phTn1
k9nTHFjO5DTq4aVG8Rs-6qcNALfthRcQoN_WTILn6jcvo5RIOl7NYrxtWmUOEu4Zb
Rbdn8CIXSDP_c60ZHeEdzLccl6L_kVbTXPP75_MU-B6NgoquJQfi8FAZ0XrttYN9M
rZ3vQ_4QlqFhZk4u51OhuK_zKbvDsGc5cOepfpDBkcVYn3Accmlo9FH71OdkfWViK
LPRxVcn9upYZqJvGp43yU8XMWi6he3gXf3yl7EGNDrqzRZFFZRjy5Sosy_xGr6iVn
EYJKUeJgipNUEDXYYJaacB7o8xF6yzOXMuYYgRPCFCLowOkcZ9QyWocR4MHe2LSE4
8no-n12GOrK3i95cVxf1qyvMx6KcR91mAAXozhhiO2n9WJBEd8gMkyO-eg87DDc4_
tSOnTBFhWROd-3nB_tONupH07JkTC84E4DMrMYbYl_dstRyEfsDs_LsIEco9m-MzM
xzU6TU6kJw6MsHmpEdqLjZ-drBRcne2XzKpRCcb-_lqarDmIH26zpkqxgCoPnGyWg
m8XFXJCe-Jb5EOSLtt8q-KfZHmWH3M8NfBLh8W9jRvQmSv__UiKAGkDhply5QvtfA
vacjaQs063r9wUinMGFMgaD8Xdp2kCriJygSvybWT1xE6WKCicCUEavLyde4b0-S3
S3Wdx6cuTYMQ_sqbOWWi_wHhJAB8JPInJeTjWyGuEZNAP7cphGcx-hz5CWGq45WIL
CWfZX-z6t8mz1FaAPosq6ArEfm1G8kPpOFqDTuPPsLxTXlxR9-4PtbZKePR3cU0ou
TnXRe0Bq72N-kp5ynGCc3FUTSeZ-rmvhS1SYOtO1gZN5WFIbWccvtenLhfdOc5TQg
WP9mlK_YPKGiQ0ICHTOCl3WTDMnI-cBBLpTiZN17fE0eaTcrOXISXjOkzsOrZMeB0
rOVl55UmG8NFTrwb2fe3jTjKi9ea89PK9datETOD2fWODhqY6LIFiw0YnwFDvPtW6
X9CmfXcVBqYY0jyyyi2CktAcJcWyCS4mWaNS53aQC_hdSo7nBKvJK5EdfiS5CMHif
GOWOMahOfhHgnD52WPZUz6XLmIddVbyWndYEhk1ulgQ26yBWchvGc1mATuTgD0yyv
L_PzFeIyVhDJgGHKG6Ei__ShyEerfi6ZErBwfAv_NT8NSN1Ta-Kxw4F3zZoqdAb-1
_1g7Jb52pgegYt27eKkAmaOdPZLBUyCZW_2LKJrusKg04KtprAa8j-Lv7Guzug49k
8h6MI-HLR3-T-Stn1DHHCcMDOfw1Z3io-s55PmrbIbFpoX94qdOOn0F0an1ru-PGV
j4WkmKXVd0omJICajkLwocEFA4Clw62deFmDH4a3KdURsjbC9K8RDzDKFzS4NMLbL
MRxMOw5fc4fOha5URmYoibl3bdQrCjWriko8g_7WDgFf2dH25phMwaLtma8KYyi71
hT4tUc64LPKIeA5DYUDuydXcVLyUlAaUS_gtRoPo7xVOGPCSnoaUQsUzcI2G6rTpi
6ibZNZ-Ib57JhaDM6L7jzlX02Xzg1nPmhg3vZ7hh1cuZCpl0EI3fO16kAp5KT5pCS
Gs_HHNrU1gmjAYoePDxISVtEe271Hl3w9YZO3j-y-2Y73YLX_gNzRG4llse1DjkU_
LlSY1EUu5FNl2JPAxJN0Fib5O_R6XcBd75SPKYdd0N5MWos2KH5RfWHTfP4TIoLTu
aIE1qk3zp6FGwroSujjEG9aEvuQvganG_ZXcGXEiGIzqfAUpVwpqQFztVep3vvzpe
zXdkmTgwfFPVt5xvXIvhVEH0-Yh8pVEsi8cYIIEZdmIbhBM3KanUKFHf9eD1hY71i
JWJnUdkFYUpTqNMNiZOj7_OtKMIVmwlucsQY336Drp_A6Rjt85oafkjCHc-sohKQh
7uF9JMia4SrgF3JZcXjWOWOLx5RIK7MAH37Lri713n7sJWP9fGjMOlm_pmtBHSW56
FgGQuR6gyJnH0bbcC1dx2bQxpCbrEEZx8_TeNEBsRPvzaOa9onGXc0oxHdCinW5I4
xhh8WzBhVxJ7rZgle-uilxEb9G4RW6Kb2XdGAriMesdx0jiBd938Yx3vQv6PxuNQX
qUb4Po-AJc4kZAV6zK88I-zROlEuZgkz99kZTnjdaJJ7Xt7EEJOcTEvIltYMPS8pE
CQugoZn_JHkG5WDSwMWP2NAbgY92U9zRxpbQTTTNWpZ2HNO7mkyel9fA4w2hPTeXV
5nhtI0379e0V8hdzyJAMdATiEWMFkWeGxHUS15Vi9OcWOS-Pvcjpc3vQ5Oe6bjd5R
UG4rrKX01I7Cql6Y54PlusWblt4ZHIEjpJi8HDuFhVokdBxefbDeBrcLCGr3A35XW
zyIv89M6sP-gdwO3vVCZ0Zi1YDfJYn5mOSsSlFmfc6QegoA3tjAFfOo78KXHHJnoK
_tlAObwHnQqY10IuJvHO1ekeeZeRSnzhN33Y3AANIar7oT3Y3XfWN4THkqWFPTf48
_EF2GTFxYaH6ocTxqhOXB2vX9cqr2l-8BqsW_SuMQ67zRT2ywBoqQL8-T348IEhgP
Ij9X7PlfN4LVRGZYWtKI5wTvs_LzPrrmftBjMBTy4klhaoEIsZZxjDFz6k47ve5n5
sNkr-XcVxI9ORXx8nwQ6OKNfNGvQsGFWeAhbGI0CgGAmVCrf87_ZpuDLDIGZ4lF7i
F_MZR2cQsSimOnCH2CF9miFjFSpk2cce39HoGB9dlIBage8WD1Welv4QFmVpLlRui
io2-dWBF5fojFOkA9w3Z2RrY-MzFFMcE2RxC5b7UiHghgKym0IR8HNSTHfPKPN2sG
M6aYl0pT-goxS5VoHQ3TS9YuD0xhDBo5LKJlVl5yaAvSrZ845Xd5YffXxKD7bEFgh
fAG5xAYze6tkCR6nzQ5sILql-_ZOgN17zyjLFcCmp35Qh4KZN29q_q3D2Yxc4ZaWt
ANHdCj0RTQ0moZv_16-jFPLtiDos1ofTd8redPGjCZkCEZG_skql68_qQIK_pFjhI
KGKMJQbr6FK88R0NPEFr_sK4F8t1TXg_vZHjngP4nFxYOX1Zwn5-HTg0Np2jSonvS
0-Au_uiIkPYOtvIItpYyIwsWUN4mhom5OLcsGRz5rJCE05PJS6dECB9TdHYEPh-L5
BJ2HNXSbU6Eq1aexgWtL7US6QR4c7mwMWOiDwr5_x5WSPpcqh8cuZzGJneAyJlKC_
SqGhiTWNysf-3yB40MzMQIuMHk81ArXZli2_L44CzY7ymqcy423FMNL0V0zIGDZjj
fRJ7Yk745oeRV4fDJBZQ-eq7QWxQa5Vwzr2JMayixrz5ElO9vMd1cR1AQOKJH38MQ
Pm_M4CMGSZ1KAl_nSzk1tIlWHnOmPGlMAqq81BloEyKeNgUiRuB6-rt1iYeBLn8nl
ltvFQjZ0v5p5EzA-e2x_XQS0fvXHEHTfyyxiETkAaadoGmNstahe8Q4PghAbo2Lj5
aJUIkKBZi9iwbYdhxcl3_IUcFmMMnYWil6sAnNlBZkmY9WIgA5Lf2mIu2OBQbATcS
WDmpagY9cDW96iykyUEOY5ACgUGoN3X3H50Lwz27CxN4X6rHdnTZo5_NTwxccnmfO
ByZ5epUemvQomo-aYjQE58Fqu6Ef26CsdwLOh9nIk7pIo51JY0bHKakKoCrbMAy74
jpErwbbqH5cEMlR16_8FmBhfe3nXwSVbeFKqeN3K9_UtNsl-giI2YZ9FsjPNSnx5V
7qQQmLcQaxBenvygOBJLlLlvufb8Ktq5DQ5wuGB0h_l-7EFFKmalbNKjz7F48brU6
XgxjDLen5R5POJkVJM2PnJyGQrbrfoSb7KVs1xXuPLU_FYJX4zXYTCeWPSN5AeBTw
jjA3ODo2eSCzfzhdwwWLRqV6BSzGoscKA_qWgMnV7kWtypm9WPZZ39Zy-Pp9fVY0_
wCiCJ4u3f0GALNOple359RR0H5ZaG6-EdofvTRbxhRqHLfY3gtA-pIMDPytYRXFpt
NGnDbXTbZEIOP70KArEb3NSBDh_SMGD35vXIxU9Kd5sikeZJzJtQzTgZJ6EZPReIU
Dh7sLS7i4rhIcbwJsXyctdezXIS6tBYRogz2IDGAaMj22GYnYH_Y-kHn3UbB86mR0
Alc59mfI_7N3GTxgdQT5WEf1FiFsO9LvK8rUcHE3sI-CXMhxqex9sw8OlV9Hy-KUL
PeZMvAOYKGUdh-rF0PjvNJk8msIkUNv2o88HX2LkBYREKyVoUjop_vTVP_52dp9KC
3EOP5XHI3XgVvDwWrtHhCGNk4KhvYbwgeZWFvwbqZLwEwgLOXFLmg9MLL55tr_HR8
uEq7zdDUBxgYnEzdmf-WT9Mx23xHaVPykFYYUUOBeU-rAQwcrP2KwhYv0P9Foi8Vg
Zimru4oC7ehGRoqjU9vREHsdhATPEJYegqvhXKhhKUiwM1BlJ_lb1DT1j6-SF08Qu
zOggWD9juekit9ca6zW1rH480Lo53xRye9DqbbXT5wEBTF-icxEcKF-GoJzJSgNls
N7nXMxL1Cn5a0zdEuWKCjw2P_cv4TlElww5PGgA3G3eeDjf6HIWqEv42_h0ACYJmJ
qNm9Da1SPwSvJSToyJavp3dtkbpSxG5OoO7J2jyK9mpbygixQF3fnvtkIlQRGUI8-
Ik8nkFzlfvvW2ZvkW2wuMV9S-HP0qXkKZz2MK7FPNPwB4zmLVMHb0lEyjL5GNI5fu
HfZLtoM-1x81CWo0Dm7grPhqUwYAXQ6yQQC_n4KO4LdGR8Y3bJ1k8eyIS-oz6LaZo
FY2mQP4U3_WtkO5lVHL2toZGiQZnGy1EzE9Vfneo4LGcJZawxfmB4p2KFlTBCpxTa
xC3zuiavwru8wHMKgarEhs7e_Lvgs1vrQ34MXDbx9a1MgNC1OF6hUcyCdz8DC7dAG
E09LbVnW-U4wdves7EMBCWYpIO0dEZ4Vlbjv-4CfoRGwIVbcMClbyLBfcGdBpiS3u
B8nshvBqrgVojd-Ja_zZV_i2IXCs_8OEBxEB8PlkaYMlAGouc93dDN3t4c3ymC-MZ
_wg37C-wcUBvanDjMDBauBC_SDIJ0DphtVBsXhQTW39Ur_oBd-wfg31FQ2i7z6HSu
YDZAszEsFEOVrl9N2ZQj8VYW_c8Az2QmGqwNoM1d1AwXm0osDV3VrdSdPv69QWNqY
rOGLi-zulFs-mcI1_zoqvtaPFsPEd802D7YTwrjaAX5XffbjhJJKNape9SFbSjSam
YRwrtr20v8BPGAI0LCXBow_XXcJ3kU88pvkyVwvi0zE2aMkEA5nJdhPkOSCLhp8_-
8tKdFE_RVcFsLpU74-zPPt4oqPgu_sy9mGaIupn0zCPmkhXHs_8V7phKXYFvVPihO
C75j3qM3qBqY9z9EVwSXVNKzTNpNnTFIuPIYCs84anQUbGHhOmUxMa1YZq6Zo6Y-9
bJW7psoOAcb8JkFSGnyO-MeMPtm9qxgSS3vJnNu9SpQDMpg5Z1b76tphW8gTWdmsU
vnk71TU7f5WUVSPARQP3uwLtBPF0rgDCYgVlSKJ9zlu4QCdxZNr95KCFHEAYpBGyg
cFrhAx2lN7efQuyylTF2hXqsXwO8TjGty8BQ4IpaYtMhQFj0uGDh4_qPanlSdxsqU
1D3uvc1R70H-QASF_EvBmpsF-3pdu1KfCbqq1Vx4uIug_zG2F3yGHG-MnULbWR3bL
J6dlzL9NnvxLdKvzi6uCdgPuuN7zMcu1ANt8IA6kXYy0Ahnb467QZ_foEdo9r-daG
5CMQrkLw-M4LoGSS9z2bGs5YTT6WahdviOHz1n8-t9lcdccEe-4gqawwsIInTlPPv
f9oIrg_CNy3R0dZnlgQUhemeOH-O5Lmrl5I6n8DJ-pe0BQWYKVutK4SMOvUa5PTct
ISCojhfT6RiTYytXEgVX4oBw2pac7TZXNTxXoaHTbU1QiSa6vijswxlt4A3610bwa
iayM8GP3LPKR4n5ME0FSLkrkbvWsbRr9ceLr5BLgIV-ivPFpeerAA_E5hCufDb3kk
o3xHGJpA3H4GoMXsDmHBtgnrXe_wDLQE6O_i4q9MOeXTxLB-tAUhjI9MqHN7KRk1o
UicnpOgAiFBbJxcFC9SGBSdjpadYcqehiwXxL0AhCtw7u3Jk8zeYxLUMnlAcp9Ia1
BzNOE5qfwwyJX5anOXiVYm5zS0vyi75rBUSWSce9lAHaSU8f4gwJZbYjkijQPsqjs
0iCjhnHMp9k-enjS-F7xxoc8CytRDdgGzARq3Pf0iu0cwiAjXVr5uqiCNt7DZfj13
k0MxMt4Xv4bPwtBwc0vh6Gk1mgaBNmHA1fj-MRQ53WMtK_EN6lSZuOpeduN7PAY9a
nRtjhsw-T11D-Aw93XfPGrhcQ9sZXazFW-Jp1QlbIWR5XJT6oLD7c7yOZR_7Enwem
_3XQ3fHjYRk_FQvocoS040mcW7iHYUQWAbxKJnwRq3mVujZPyPJF5DN7sLySjKGUd
cR7Er1ss8T1dxDwGjJrHTanhk4iPpJFYZJLIGFxY4rzQRaYukoQnKSEnDVTXiEcMD
HsT27_IMytenBGymqmE9Jo-Uybo3FinnSxsE2clG0GJW0dWMQyH4PUjeN_d-TuJin
dB14s5s-U4BzYtxn_iG0Oj__nvcBwIYdrdetB_oAiiGRbe2L3fGQSxLXCbFu5ZuDR
pA7DYb-7xj7_dNwHIfiHjDaWBHKcW62tyocAfCbG4ava_fPx5dILE2EDkgFQ0S7dw
yWgHgVX0oazk8vgASPv6qWeK1r8qmieE3_aq0xCGt9Ju0qqPQESaS4-ZNg0wIMzTH
-M66b3zeO8ShRI_0n5pps50HksL6huoTmUd17DGIGh-xnpkSChFjSgnoFeN3LLUOQ
CHncBAgR7fD9_-OgRJYTJLtuEMwyMaHoQgZON2sySjsi7WBEI1RfF2IYB3mYRtoiq
MDlea7QgivYjxJhP9vRrc8oVsk-G57dzikd8_wdz2gYtu4ryy9MemEZfpCY2Mza9U
l27uaQTXXtJFfGQakoC7aFoL-mTGTJoPDJWr5lmpIkYtWMY3iuFcO8XaC7iXqYfhS
SrNBvcuTkjTfHKYyIfofmOO3DJZonH-4dccbwptmFpqED6Fi11DfqCQG5qO1-E8_Y
G86go-VfsnMHKqB_NQ_wftE78mx1HuSV_bjNadxzEpYmn2_lI6LxfJC7Y9ep4qU1S
y9Dvp9n2-K4N7Nn0szFFu2426w5RoZGjvf1ldkKN1-Ce5Ja0X-ecnMVxZ9qWVIPbq
wXOqvINd256ivSX0Y7i-TKCm4cG4ocYhfYYk_Wo7Mu_9QLdWQGFCZGnYaNLQIAWYB
nv-BRh6TQ2ApGmCKfsvc_2kBXJnTllTBbJ_3eg1wUzAzSkS_ZxDGxgeSxmKFvXjOc
a24JW76N_1J8gLNwYbLnXeK96ESvHn9uZ7yBaia3_1loT_0vJ6A-HVrIE42RoXULg
qTdZWPvzyJCVsj4LvwbR3wGn4QGquQ7KjAika-1kkgntroEkpnEtigPg3WGreuFZ3
gsMrHnuIy1v4xOb3RrmJxgMDow0SI7W8-shTye_HFUrLdhiFX10v6NiO_5TiMyOc3
ZH46ZXwBnbdc-txTH3THRIgeiZqY7M9tRSOEMZfZHcrWTjlukzzBEk9zJbOkzxwl-
OeS1a4N7yNmkupAHOIN0PTEcFOI7KEKM3hM5CWY3xeH7XS4Z-qB14u3L58uMdJToJ
rsQJaJwRiYpJAFH7C2t_v61S3_BziyoRe-YBJ7_AFDvjWniVc0H0BizbJFw7xjOG5
wq5dtBSkMjNdepM_6BGhxr171pewhlcCIZFZt_TNDJ1pDKrF-416PBfqfHYCgLdup
RNqUylEYIQZYyNpoKQ1nLsPza-JhHTd-VBiL1Yuq1bNDhU1s8j9OwvxIrNpoedjYM
W952Um_oSXQ3ToQ8Bb-6gtFqYV5toS7WlNOTmPsqBf0sXcdIN9HwJ5e3y981BclEh
yVHn_oA3NrzepzCaMNp4fiMMYc3pYXxwSARu2B5UlmO2cS3UNMKn7chUq1Zor_2Nj
W9mt0wH0rq4-x6OxKdgOpjY6xYeJ-WoUK2663WWRFtN8g_fzXmdcSSISEdpHJQcNb
4WtZ_gbCpx49KvP9owtoknOOBOPUzBsdksJxd8GuT3I3msYoKy_Ib0zG2c5l3bPiP
1Ceg11rFdEkQbNQJ6BMu8gpa5DbbaXkKgSuxbx2NQjln3bCFzkpS6oUsh8gfadgaq
vnhrxFFmnrbV28Aw1K90WMx9HTqbpnDDGmvQzCSQZMhfFxSQ3TdY5GLUbPkO26Qog
iImDNPlSQAZf0AC0SGJhs0-LZFToYaeQYw_YTF16NGnf-6nXfgaVKU9eu6yYBTrAb
nkDgj2OkW13GiQ-7EqU5xeJZDEv7XfQejayU2htFg3bhTaCITbKI4u0SKYQpNGRMj
qsDYeiz5wGbMwDcU1TvVIGTrDqOWkN5tmOb48y8e8oMh_mLakXaCo3Ix43aDRodYJ
B4N9qsR7KhhNainmMnjOqA0DMwYyUkgVy8RIsoJvdCferEz1nFY8O-kL0w8JkkZaV
Bso5HGLtNbV6H_yc464k2ftkNPJW7xC1cJDdvlSADNHeUCS9XteCwYkLhmxucWY2Z
pLhYCxSCp73sZ58zgVOfPNDQYcXntZQ9zFYV_Do0DSE0hSSHWSg_J6n0nkTLy8532
_AFJ_Ne3zU3ilGA84zc6NA8Wghq0DoyPvgYfsbunaxUpUtO6xXPLt7IcD_4AomKAw
hcgQ3-XscKY7MqiG-asFs0ovC3i_HP5B-B1DLWREolxrHcxy7CDO61ByIOGL9IVTR
BPjaViAxkxhBxB7Mp27lzy_fjuJrBXQ2JtK6Prbjm2JeA3M2had0gbMApmvXjMfZ5
c2c9FrUS6JriYUO3DbQl74PUvvxDJI_HfS8liTupExhUwB_RIJmw0bjVjMLfm8DEC
j8tFSKRZuwOVYhOPTkXY8fKtZQDIZJBmzaTS1xueGCH4dEzULpaSCAs490N6CsXku
O1CIjFV9V7locHjKufJ9GDCS-Zici0OpcsTc6MmPobJc6oXte-WTawvOXBKIpqkVW
HPDP7qaA3N72z9lsNp5bEKu0Yye52V2VTGX_PXIz-zDpZv2oX9vLqjQp9fiTGyWbs
2FVvMcZ8GcnzDZvS6oiAbfXaLgPDPR8TUJyByB9Q3AqXnkYzWH1gsJ7truEH_Y2bD
sJfWYKWayFbLfmrJuwNZcGlkLaKx0X3ro0WDEJNS0xU72cjxB1pP1WLOpIHIGjSd0
9XOX0v-SZb8Ms9fWHx96e0TpPUJVWfPDcnpCE_RJzwSQrAQv7mEZeJmjsaHNLhkon
vinc_C9wNQ9D6IL1KQGncUG0Cyxj8GDEHKZGODUvJjMIJXskEfLIOZBJKtCmI-1vU
nxKgzuiQxG6HY7D9yN-lqxczI2szFGksFEXwt4j-Ua8gBYg1YYKwzO_4q4clGbWfV
KNWsZLY-p8Fwpb6DcBTfV_IFlYfaaamZfTkMamHUvbJ9iGNqxrM3GJH_oArEqOs4w
zi6KyPg579KMGkW4COTc_MlxvA0rIWRc6VXsHHY865wGNA3NRKgZMcR7YcORueJLi
3DNdA3MaSpWmGkJklZG3s9su7ytkipCAcwd5zT2VMMMq9jXhyShQkk0ln-XPEhZH3
HSrEeLFVtGJTwZ1AZp-xPAl-CCEG6E75YE-pVjZHSKoapMJulbj1FILiQzOXakYhd
_lGcXLaS_S3j2PveXJgVIqmMBPZkD44AN3aOZLrcZ9vGuv48SNGFX7DmCRgZlX1th
CC6RTv-RSk9jZvgxfm3D-sEAakouimKYtAAfwq2lbkvilm_tUscnkwea9NiRLmB1p
ExPZngM-oOaszDoaYiZpbak_gvbW9zgHbk19MP29i5CM6qwzzbPhQUYwC140KS_49
noT4aVbXENubUI8Zfjou_yvsBRtrLbVVhf0pzbXMb6ZbkpN8LKR6hVvsqrTpRDhQC
PGjpgZCi-VG3uD4nlHH1xJryvxRPtBFF8xptomKV5eC_AiYclhsmbp5y8wjtRV-Tg
q9KsUjHl0BHIk_V4dgNeF2xb9iI0P66qo-d46oSY9jjliWTLXgxH8VnwlPTTs_hQ2
03QFKX9spTP3cTjQzqdubgwRL2urK5KipUj2ETNvw4mnlNyZHqXkVWKezGUqAk0O9
SWZW5RQn_sC9_Ywu1hGyzPuFP8ho0ZCcfamDPS1wozWPYffQQl55qR5y2vG09aQdJ
DXmMZTXGtwh9e8OKqzB7uG525PjF9-4LoAYAwsjwqJ4ENMz07KXppshkMA8Fpv1Mi
hLm0wVKxVtjrV0yJ-LVEVWrc7T8YfmA3riMZhCyrl18DFmV2X7Bo8AUXyZpmC7zMH
t4rlGWlfoLLk01-w58-7tLG2L-Ta4ATBdRHsyiAeJXVtfqF9gP-ARkk_ukmdPzZ4I
1mQfuhM9PpiXDLA5wZIMH9EXSQ6NQdMeHOIBXgq4pqnqm-odllMG-5e15cCgDQqi9
Tm1F6bxW2_mmtIz7cg6XhSXK7edGYbr3u8YhnK0vaX1hYAaUr3KzEJhU1ugX9ZljT
0iK56zr3wQJ1nWM2ZmD-syHKA3wwbkX4QuX0PM-MmgGaKpYYv76u9qmzU_cwi8pHi
dJxsGwLKT4Mtj6G2b-uRU_B2T4_eKM1Kxp7kCLhJRvLMQOUsB0FrUBL9uxMZxIE3p
M4XJtLQBShfzbhoTDLy_EXLRaQedgmtyP2YlxWwPhiv_SFd5ijdJpJUCs-nrba-6C
whMgHg0_rXj2md3tj0DBT58AS1sE8WVDR8J5xZUcZJ_UJLAQlot6HmoLowROXKHff
zwBCR_ruFG5rGSwlH_I-6_phf51twF8XCggZ_qrwpWLHmdD-qFUQJ2_ZjKgh4Zcxb
oo85m2iCvb99ozL8OeFfnNskLgAI0vivqtsWu1HnZkdsLL0gvHMyMl7df6OuM1ZA6
TpPPh_Y_hjy_80Iw9z78jzRjn9QGSVvEJfnLbE1q4wSRUAMelfiyQvLaz_3MEeb-2
BhImWBXuZj_5MC-lrQrcCBgLe9lT1N-d5YOy-imMV1lBz4ynU0tT-d4LrUg_Ij6Dd
fsZczRP1D1PBSBw2MYkhWEf6L2vYJ2OcQmHAj06tCEO2y28gKVfFfdH8C1OUVTlqH
q_BxBQqevTD1kMKpAYsk5sXb-2MB16F54IRcrAKrNF0AzQKS_Nw7JMyslPlgkx5YN
MjFHX71kwq_Rbzjom6ZOyBJbkO3QIe8bbPkIDw206sIQaOxWAH-QNrPUKHk71Tc-1
jX7dDGg8r4UQyoI4uEAj3RRMdtbNIcDFTIo32ApEJrQU1xODN23ZNfQCHLelgp_Cu
38GgWYnrRAFBn9t4Mbpjh0koNYKznU4iE_hGnCYSsmlsPa39VYb0G0dmTHGhEl368
kAMHil5UCZc7Pp5ycAE5AJQ2Ul1fEdP-Kv0S63Bf-GYZJCgsMBWJ1trTEDrR60aT7
QDLf8O8kVYO9I3lkaiftpA7N7zjBbDxTgBv4aTUMAz3BEsn7UZsgi2xdQw8bo73iR
m2GOuoFm0wACROp8u-EA3RTCzwccaumtgCFpC8C0D23nws7mX6vXYc3YvPm_W-P1N
OWUfRkrCV1UIjo0FTGQ1gjmfM8G0Gl92owjAp-jcespGk1wnfhA9HdQHEJcpaxNix
25ih9x9B2NYMqMLAwgKxSLoSXBfyK4N3T0agAb6AFzyc5FAQLSZFEiK4Xaua_58W0
G6Ad9kpj8ZUSFvrEpmgB1uaaCXf9Q-9NBIVMPLHw8LZ7TYvuyz5RWVUjPnJtOWJmu
Gyhr0Diawh7vlsOsW28tl4eshcwLNb5QeD0rwaG47oOi19XQJISZATFe5KICkbw5f
kHveq0eqBPwMboBfIZfw1csY8xwip0vUyeSoKXuk_ntX6H3aZI_dUNg_MMv65ZxlP
9ANst4QBEL5Lj7F8sBioUKSr3wqfaq8C4TDlgZ27DH0G9LcSM9q59SRAc9n74Zrgh
mOBjFdOR9Wmo2a1xp5brOvRxaQgtWW4S8cOQGR3yNdahV9jZqrVm1V4eItTDEn9C4
JUc9n4VnXKYrzEx8zHJ-6b4QXKubn9oPqhQQm5wmwAW7fHT60ODuuocypbe257NVi
Awdk2m2sZw3S72SgHFRBwibWl0yinunGjLYz_doCRQWSLKeXGBQmDPMZMuSkkqDFq
4Oak7s2-2bQ_BWFqDKqfHidE2oCCcCgnDOGY5C5FiiZtyUNVK5YYWrxw2bwSCK0gX
T0pVHZka_hxfBjFXt131-AfaS5Tf1PO0BafxUIoAUOJ7N01LqlsZNS6EN4S__5Aar
lkmzjE4RG9oHApHJGB19tYJgC02OCooYpTVQfFAEPCrXQ7d2oyMCDoZLy5rWhkbWl
og6MvJBPEYbG5bU9ZkYv2VDZzaUQObNNwNDgmGgxYFKIyKslc8foFuaHKuMy8Sbcr
K8WsusUo6TY5V4wEdQRyt2ckpl2bMgUnC8vnLyDNdpg2AoVT0oob2dzaAAa6EZ8yz
0R6jUppI4NR5Eb8P5X9j9dh0gvjOGxV7ylWsQQK0ZXHGSIW2MjfKq_7f2ldNSpBjM
HTfYhr3rhDFop8FUEiTIZgfZkMh15I1nenr3YZwa1ba4GOmpQMbAtzUWThE2VPs7k
bK48Yw3exB9D1qRgezZy_i6qWXBNnTm_bJcnXMHQwieRc4poZXer4Uf7M2H8Tlhmc
ZcVzTP3ErZ2niBzRiJZiBB8BAHHNja1xUTl_55e5e4K4cy2Q1ZEd2yYPlMEz_uzN_
okok8ZtV65QQQTO4YgOGnAECGMqGuZo7WEoj7DM96U9CW-MyKQXlk7mpxgmL57aEE
lA8I_EzseaeKg0m3mplqjWjui_NbnEKChk58ol7mOr7EbbatgqwSxwwNb9z5htxFy
S6ydwgzE98-99asilr8hGYlZNrfIbubDVIanCeW0TAWGY54uvoWNUb2XoABx-_lw9
axqWqRUvihW-EDPj12vobD5eYHizb4fRoJaMpw3PjYgLmRUJ_HRT-qWzkq5ATNbXE
eppxBQbbTCC8s7aL7eQOe7_dBV5gmVeX3Sb7cWcivts9vLcam1cVs3NTbDXw2zeKS
TplTXJd8_lToAi3S0zXwKkBSCWh1HN8P946XVfhTL3XsvQGDWUkbdwje9Jfq23RTz
ZhfZeSEAmLcZUJL2Rqm2cHPL9jiQgPgBSUpdNuaKOIk_UYcOt3lT_rD-6Sfg2RQ2X
NMcCjsKS4eZafMtf4QAoL4p9N1WQv17x8lpLhnLCV5tSbyyvnfA0EwApuzXU43IVG
VteIcmGfN2HmzRxzTKK4p5JmqRgj8QdiYqwY-AWpLY_OfgyFanWd-Mu5VCnu9cb_8
a8Q6phNKHz1Q8VBnIg9CRnskCjROmhEiQavIukozX4hNkTHlP-ZOXnl7FccUW4AUV
cZZ9hE9VQRhluAUVcNTd5LQcVwks7eEbdL891ATlwD19uwis81EePGiQmt41L_bxZ
8o7fDJyVuDh0EeIKGzrJBp6kEuh0qTnStfI8ID-qKsPUteHBZHVdpAJ8phiozf1JW
Bmz4UZka_ZT0avk4BX_1UXT4yJ3caczMUSmO35K5GQVH77DTRcJWPIQKwy_FZ1FGS
bD6dxMWKQOITQd5BAhwfdfRxcFLFZN9iDJhZOrCNFG9GglyUxDdef_fpgIjsq9jB3
_FX40-dG4mPR_Or15EJB4Ho-n0Hzuu2Jo30hTQcGOAmqe38-kglXURcioRSTFAmyb
TN3Ap7rNTAZbl0oP62yhIsDrlEGSXnKpz5NurcrG_CuZ9tNdSQq4CCDF_1I6dyj-N
bLexqzaEJdqFTXM8RN5r9H5AYhJbF0qzo-wbc94UvasgxKKDcNCKh5vA9a71GisTm
R7o99ZPHX8QWmic33JJ-rNA43l71nfuCuZ3LwR_lA1270ExD2PzDPGKNA80U9fzBo
2mQ8OLkncpzh6p5ZO38SQw-uTQUVLRo6ZZXweixLaYYqq_PooEbSFtlwGYhfdDBHT
MVdiOzMNk9J7d0Bp2AM_cS0iYwZlfyWxQi5o_y35AfstoiPzCVfih9Fuu-YyVfUyC
01aQybAlhSJGfz-XIMHL3-j7y1G1-qhToYG0ThyvzZpcBMyC-C5jUeRRiaY8hC-3J
IykhSwROIqOzTUaSHpcDDWxM6Nhjqt_D3FVbejjxMqslwt9cC2n8B1V33blv6UBjT
nF5OK4LUSryyBmuxlcoWp7SNYSU4AedKwZd7pfcCLpi7JIcf9NYISO7vTvQ2qfzji
dyiNvBuFJ4sSIbmGcZTkEoUP31NUE7EE_DcCxPtIAaFXlLZja9CgHy_wfYN_jd4FJ
5cNZyQogGCBAjx__PyGnJN5BdSRrNOiXPLylhoJPbaKtc_Xe1Xzv_AteJxCj60xrw
dvm7EXuqcmxMG6IngEsW_whkNlfpQv2UfLiMnGtqweEhLPwpko88ek8HVzTuixiDQ
2AeTAP58HsTNQNmX_hvITvFyWFVdQm3yLPKWc3dJrqL1XoBcfvCTAFfzZFpVQcJUY
GIR6i1Qiiaza7MJSZZLHvkzhAxdcNn6ncZPRbcsAZEq89zi5SU6eil097CRjyet_k
wdaNgm0wIZ9Go_tkgw7JAizg9r92_lhhf1aOPDmdWrtXzfNjX4VmlsweJgh-XEC7Y
xk8w7PPRJhOYYc6-w6rgyND9GhpPl6OgWkUXvppKVAD_nXQsfofgowmIebwy2t3CI
jHZ9Q5KpZk9m6R7Dl6e7gceCSv_MrxGB1Jo8hnUq62650lfycjdJ-du_VeF-geQdu
b5HFeYRKe65dpZG9o6gwtivnpj6Fr0SLrETA4XpRRu3NXKBfX-97KYmnov53NGUmg
vNTFQ7C5jDi-V9faz63gOfjIli0d8vrbQtJYVe1ijwz9CNXb1SKwS-BWCSdb9MgET
lS9j-ZVI1KEgj9B2wx2njWBuRGUEgPDI37VqvDY0bDRX2mISUq5uiHAet8WuSTIbT
9vQETQ0afjjARbXs1okJEFado5b60Kxvan_6oPRNFosXL-2l8H8Qp8oKM7KNcctGW
H-RmS_WjDF0inFhcplgE1nOvpjV1ZhhLAbVCbgW-XcSXIIiVuWoWtmrI5xCXm33-T
bthMmNNwo-XuJ7QsgTv-YS3FqpVBS106dwEz4o4cEnvABFcjbFu5IFjdhOqF5Gy2i
ZOcHuDiCWypyhJgoxJ9IwLCl1S65hld9kIlq4YsJsxolPQyNzFnD9LEvyAxo_00DC
5gD-DSaKlzMjhm9-HOceYj_7eEU9fyngUlJWME_iHxD-sj_iQeEnXidG2N8Uq6VVz
H2buqA_5IoF74ffunXqbXkd99mq_8ZANkgiDc7RlyIPyO0VIb553cllPNWmLxrRXU
dfJaOJ6ECnIdNBLUXkGMO7Yh5eQGbsn_jVa8qOwShD9xsdgtRBs_IAOo2jrjjiRVe
xv3uMY6x3c7dKXy1556ZYtYOMoTTJp2gcckNjCLwTaSDqdxrUjWSPRdOALo8xFuwb
f5z9z-dz3pma0jkXEQUZsRo53353mvaSlcWoVWqz5FKyGdmfS_wmcFhCcgNKt-rqj
CpFS0hYURZB_VofzS3V1abEpdb7uRE4_ieGm2M7eSA5G0uaKdrwIo5bes2x86poED
qjAZeP7BC094Ef78TTRLmMaQsuuyvWddEmtdfLpTuO0L3LRr4T2zoVp81CBf0_K0p
CXSpuNAP4m8kEzYPCGREmqFKkY-5Bxlmhq8rwc30z_c9QzRElG7J2VImJtmGv36JE
-H6tSSCW6aJnV4EJosb2tm8dCXiTuwoR8zYaJ3w1HYwAcbnTxk9gN9SY6oqVvf9OG
dT4UD7rud5S4HYtqINZ8XcIDI_QYt7Ravv1YUbSIEuI-MfaQ_vdKHTuZRhNyHpZsw
oTKzbenpIhnMF5KtEQSWa40Q8H3lZ-QyTpyA5SX_5yLlKXWlOIoPyKCiNXoo4lmMZ
w76lzDSha4wgp1CfRz9ZH5TW8YSEm9-dh2sc9HYoXrqYR8_Zv7tCUn5GFXsQMsfiZ
BDwf2k1twiEPmC2LeNu_WtCJ_z2NR7TNbiwKWLLjpqcmXKvcOVVkSZlCdv271YCYh
1tK7bunw8tXCdfjl-tbYvlqsRLj84bBAFIRNj6wxB-vfSWtAhujcLNz7UTSFSQNyH
msMqeZtTEaxTnOp510cxMVSE_FzZWbjcvzgGgUJPuv40AjwLW8hlsKyJjV-0Puee2
H-yoSFB2BHxLAa_GoP9x0yo6V10qy-YzDV2TmU_DYeyHy0bZYLVOr_jyIApLcrsI8
chEa1NK7REuin-yhZBH4xj9tLWXsVKZM4pIqneCM1XXpwoHa--qFG7PvBE-lkwqXm
DLlzl-72cQAl15xUfsnsHzFE3inlRUOA8yH_YM9uRiHDQ_3gLLQUcavqH-6UhzLI6
ZWc0eGMKp3G7t2A2Xos2vK0jucHqiZfxcQ6T1VyXjEe9t66Pa897LdjYaH1copgC5
YNiIeg0dZ3eCzG0-7ymkulmeIcTWm42ff4jlUeT6748HGWUDDguT3MsE-sx8296iV
YvUbzbeFCStlzmwe-EHzdhWrPPy1cYBI_72h6kSE-mayDXqpysZ24dOUVaKEtVGEg
GZGDtLHTh8NY5gn693VY4D3qO_ndDgNiI1xp8Kl4Af_FvCcS2xg19NcR4ddUhecws
kJNv4KixQStHMtjMDVsyn0ICHh7LMyFyhxBrtsoeNgvNgugBrn3FcM6tYLY8XB_2l
QBT8qf9pbTYodsyVmdF_bp3AkjLXBBFmK4PMoB9PHQdqQ9yxMN4srmA5kKkB-rBi1
C9jiXqa0ad09Cs0uSN_0bI5MHMTP2Z-a2GjWqMok5E1B9L6txBxRdB-4xRyJdrjNc
IfYRfJdNzYI3xJtahAhnIVhfpapHVh9XAbK_0iGtdXDjAIz5t2d9t2xxUxQzc4rK8
HiPyrIfYEn4AeyxvT31cqCr1piXMSBx-ke0KTC37BCf1ToPRwqU9JpHDRisx7zLhe
5JH4e-zArfmDW3j2Hp_AyxYf8867cus_qjLi9TypI_KlLEIvd9fcp7pjKDXfPhhRr
28urWeiPonCoecO1qNTovWQaemUYliVwHL7ItH-jthCbPfm5Te4xI4lQXQANIGoeI
0nfzX0x_1d7eDbl0zN3VhMradYYjhEDZRktrirVsrFxmhQPbPC0cfZfspIukYRW_r
I5vxZW_SkPWOXhQd-X1PrOX1bWxadl3xp-F-Qcu5VCmZ92xI4yi9y5g0bxyqALRLQ
tyA1r4strgjs2LS1CX11xtxiH8roYV8CRSvfsSCKVSieSvCbSfkxvXF57kDsGcGAp
btbObgjS6f8i8WoFhWyAGOXztDk4nsRT4OCNkO-ccE_9YEv2RpxyNgjIsNxvCBrZ9
GW5L1YTH-xvQPODcnEWz1u0Ysj8tAschSv6k4jtakdM_nPVYFWOcuNP0rOKejyuQC
MM-OHtmSUJcvAT7mhsyd1FRchtjVvze6LZxJxlaLw9co41Om5F7BfIn18hrMllQi5
X6Y_127um9aOKkbqtUffW_06VSfAGW9MkDb1SrQ2aKtabgWzSALH7BFA6NtjMFtoF
z9ssuo8bEhmIB1Fg2qayzVycWjT3nRz6UV-ZYhfk0wIWnA4AE9bRJjxfOyCm4SNwi
o3clb1nNgY0nNdqjwXn9sPk-opiNusz4tHdRGHW6yAhYL7LQG3Ny2HsBWGhPcMWMC
SUFye25oRaeJhcE31bTmr0VIkaDQTkP9NUb2jjzURm-v0FMDgjoqeHxdjLXIwFHB5
xLzYrJvKicqtM4HmYa9PgZbXXCHhDidCzphxlHCU4sUSJVwpWQnH3gsV1zG737gmx
ZP0QEh3sMitgyxMUjWJ9SvcKMtXJ_9NChOZQ7BNHXA-Rx8usX5hhN9N7H87GTsJSJ
fg3N2DVvo41mzLucsynkzyHXdQcTBH0w6vdYTBi2BJiXa20g5qmQF8bWpu_ZEQvfd
xl-YkouoJxiVAHhuNORQuNhuaWH-Pcd3uNBbvRkEuMPTLVL5aaFah1CSCFxWYpva5
5MG-jaNYs7daaszrZQptktosDu_liQyb2fqMW-bVMzzK9RXkYGOKldslJR9x-WCc7
kX2A1cdpbdt6KFaO8SJ6umMigjoy9zOzvRCpWVQ20J6h-TbZJyHRwDNm0y__49FaJ
aVXfNHKDKYv7VCsdgC5-lHUnmswEKOzgDLTw1HIVk9bCt78ePs7flW3EvTzzFjVGd
bYonsokFCseYPe2f-ZSMw1S1zI9Cv4zS6yRZ35fM42paRk-QpySxDEjQQt5j6SuWf
-4xEPlMB5GBgYwQEdVaPnDo4Ydiun3bVVF02BPvsOgtYwyepLGnutjtf-hDjZF6f2
Sah-pev_Qt4yyVqmDsipudI8Uu5SpLtV_G5XcnIjmLMqgMUgbuPn2Vr5CnofvN3Xq
POFlYaz2mfos9Z9SQ6Scol357CbrtzS4FopaLWi429_UwTcrJWQuiKqwJNEDtwqgH
QUZnW015IdffhZLCqYowDKYo0mTPsuA2lACb2azUsFYtnKSZ0OZJ11-YqmOWdpsGA
1ojVNAW8Y-pYs0u4jwbs6DWUK354P4t1u51Surulnbr-NY0osObe5QOqX91N0iM6J
VlJxvAmlLe6hjCqLonCZvyaQDcBOqB2aXhCo_pntApvTjf5DU4XI4uz-qMiSXe0KV
EjluzljmgkVW5vRCVSCUgZSBJEdYUIYsnKVGnvAJ9_J6cnfysQTMz3jcN4bpHTcTk
0DbJM_5vJ3ZRLE1lvupAJqgU_h5c9YuKtAkq-szCfhBfrUdGanKcdb9R-L-xCvCZg
BM2Cd1bU9pxwLEDJqgjl1mQT2lUnlb3Er1iC_WH3R13jwBVL-l7wVueklAhig4476
xXggCjcw-15rZJZ_eIMiAFsrY7Hu84Z2SS8Pi2_mdXyN9gZKZJ5x-K9L1Cc349DlN
rtIjLdLmgg_Zfydk7Gu2qxS8tUTdLHDVmPiZxpj1xflJDjStEzhdpzYLXjBwCXk0X
UkikXtb43rXpFTNoNin2VxBiggtQ2N98llX56H4jxsGKgWM38Qk8oP57WEQ3cPgKR
QYUZv4WCLfK1WCygYBSVcVOPNIRfVYOpNYm-ruOktzN2SxCQovXUgwHdtwv46nSx-
5KPyqCLi5CK2K3GLHfBomi6iqHJjUs7hCLS-aSLf4DT1rAuCLHhjj8zPxbSgaFea6
U90MIiVGSVbr-0GkizCOAtFJDplGqgdnpeuNdbP7GN9Ov1o8H8r3a41sLg52tnWrL
cCEBTnhwpwtrjaYmU2S5S20rvXTbo1Q0cegBsJWuF2HJMqVuEQ3P2TiUnfW4Js34X
xDBmAUZGFN_ezrB6kKPBpexeHTLvtOtIcVVt_tZiVd6DvbCZZA73R4Zbzo8tCUb4E
UeqeUEVj7rcF9SgUL-kgJgHt_px3DzFOFwA8BzazrGqR3v9IR3NNeR4Cz2oXaR56j
QM8lF0F_FWMJbjmGxIw-p3tctN-xlsv2eC_KbMSzNWWfTxOo_r4dYWdWxCHmkn3CI
cyxlSZ5di5IbwKoebvwW9JxOaHmo75e7aBcB-IfUrOokJh_Gh9FOlbF1Y-5LgsSDt
4CU9I9jUY6vk3wb_XL4exBHbyM3E0pwJjby1x1kMAulJQPUb8MPIDKySj64B8R_fC
bh96QVcL1X821_R8Zf9jykZBdrOwOjzWNNzZmKCgwdJRKq8BrfNFp29UOUiOhUH7B
J-ME0jpmGhd9fQDJII6e9MCtwgjB0sFLOk06mkjob5Nl3ylxfIpCxWnMbva-miOsV
Y3gPaSdidiNbt_t3RM1e8AAPEHw9qqZ2BB4LsnW8-CG5HYPdOwqGFE4oK9eNOTGeC
n7K2P_RWuRBeGIAtJH63XpZZItvzw8uCfZBePcZONlg_50pYcfNhWj4xg-v01qH3H
L_m8n1oyVhPwVhFFDiFE8zEAyylL1t3-poZvfyXuZhhvB7fx5PxtYpcP2PO47-f_s
ij80ggaGR5qEVSJbJjhMardZypP3ekSZCFPPzjVbaxe1Ix8Hg90_VmQdwHIQ3DE6P
sTOpEL8SajfTYpCNt3_mVXvU27T9-gLXy7n3Kik3IAo1B7uGN87P2aiRHqMQFfFWX
exTtJq3FGQdqYwHitUQ0y2idSOi15wX_qPJI5U6jjUJ-VcPeG9D19TV01Gu1XFw7S
iXc32iydtscDszzuY8GsWUuCJPEJfb86A1o1DDaj0XlEbvkQdKQSZ7X0ezjeXaVyO
Q75l2Iij-tPAWZFNPtxVULK4vQDTBQsccEWeXfO5q0kyOZUIalsGc2bVRqDhCnf1W
da1Vf9IkBxUpfH7sklDXcewW1naxrI3n1bpwjNju8ksLyfJ2kSq_RSNcF_i86fIqI
dzWSvh_EMnEFte0_1vAfvDcz7wUum5tKQnBLUKq1HbmQJpDFdnxgkV2Nt62G38XjM
Kza67T03CmShEwua1wiptHIo-eMy0DgKbKjOKq3mdU-sEfy_Ox90KVgcfemzkOMo4
JZydvAMDKekcQb1xs9D8Cy6K9LCkfZGwv6oa-PGJm1pSmmOf0Ye9TPcfyx2_NiJBd
a5GEIm-OZoFtWVCok-puGKkoazfZS6EEUR-6zs8oxVkPxEolDxub6pCOHtldrYB85
VC9TqbeHuZvO5bnDp_ZPfKSK9LUeeFwvhiWGTi2qqBO1Zaxc-WYXoW6g4cknwlQ6c
XGkDI3f1mD04gmXZnXshAxi3ztzxXBxhZ-L9cLZtPdz8Y07rb57THIWDu59Z30D4L
Mfsn-2i2ETa_l9rz2C0WMLlvOkopwV46lF80_3m1pt01iNB4pd1wDx4RH3ofzdW-r
reYaB46fsx3nEsTgqYlCYXWKfs-ySDvywgTvKuiXvB-cUrPCua_1e6-Eu9bgSQqgi
ooMhH4u7V9NUZ6sfchrqpjZ3sX_TL2-hCiXMs1x8E9kH2cEFuc-sR6tW6dMS95Rog
fpOhAFp9VapbQIyjvA0TMosXLP0uZ9UzU8Fd5VStSri50hx1vRAhgNWrytsDhH3Gr
KXjeAaQSrPIMBRhe3Iomb0RRUuvcetbkfcLDdUvH3mx7c1Qk9PA1gTIJmKIQ1JyBh
P7Hp55BlVRiztM7UIiNgGrKLqqjp3gICkW--uEEceCnYHknXgDG28O3PEHJzamNZC
P9LfSzc202NaedebZrcgdwrrD-Pv9c7lvY410gbUi7YPnOp5fXDAdmWW-0LBRK5Ce
i_LcsTi3xUcIJ_VlVQP8Ks_3bNErI92D3NZZ3_juCyUpABfHd1cXgcOB7WxyKpyiH
A-TCKYImfNR7qOnblRDwyEa9ahANA9xWOdh-HmJ1DPOpOze1uuvnjgkVRjNqpI7bY
JyAvIOcaypD7xFN_h7e3rld_yncoriIwE9RoF52jVYnXJmEqakG1XKF5exTVtN9X9
evnXn1O4cKXASTSWeIdUMPEIFS3TgNVXNlRwMP1E1gCRUzq43Rap-HffkjX-GmEKn
qstE3toJouHQ312n628rEBbZyta7sjv7DCEdUpU9gtIh87SVUc1UcPzK-CBvzyzo-
6_KOpRdaDgArT7gDCETG1xPgXGwaw5BYMnpu4NMqZp77L82jUgcpn7IXp8M7qbR13
3HlbCDsXWpi3Q_XEE8rq9L5oR2ZeI1_H_eiduYqDY7tP5OiHE-XbyNTzpsGiu3stA
7btbF0CAp2ppHTc4WTdyPJfFGp3tVnR8W2mrBdheZkmRwKMQ0b1lyRcx4DwCczKR1
nUy13_yt4CZYpIYH00XuJtcK-6rByCJZFFUEpSLBw7UgZDe0hUTDJuBCVSKZDHxHQ
DR4lLEnJ_i5lGSgvZIpjBcRR8kxGGhAzN51Hwc4YeZhJstnEK9bmQ-8Csw8yOVIyq
2rJmzEf0U76m0FDVUJBL4uRZw9_5ckBK9Pd2Fsv2j7q7d1_TLm08jEq8U6e1B5V1h
BfRHAsB4rWPK_IRo-4MN6fS6cf3ECv8mlPv4eYGmPj8qpvtPlf79N1UwwLJLz2XX1
AJcbN32Aso18TeBv7HFxI_K3W5CDxKdgZzOlYkBZWz-Deo04iZI8ZTq2hNVP0FyKB
0VAzIw2wFJ-pCwwHIlclGK9IFT-3JJR1kjBZMH0XdWJIzsNq8EngXfI9dSlem-9gT
KUxZrsla62N7hMCSd0r07UWBboUZBnNWqf0-_W3lIBoy2nae2aCPrf6vJlSVvFtd8
fcbecfCJ_3NFgTjndJXjZgN6FDJIuJ5wygGhltQfKxRWGABc7wGgto-cfJrR8MCtN
LbvzdN4fe17q9yKhdAhZ0yRkYaEJt92c4VWfX0x-cDskpnD3OrLwsWA2e3JWFGSe4
qiG1C57TiKab0rlMbhoneqR1cOrW9Di9uckxva8FEzHWQ9Q90gS3Qsu568frJ0nn5
eBolpvyLQoOIF8OKVJgZuWJ5EwK3fP_qPZb3egdZ1j3kgBU647iRySSARi4x_mZVB
SbUQrXSnxXqbieLnRBGq8sj3812BjD2hRDm82PdXyXESaK363ZTqpPVFe2iCtwhcV
hNKzPprNTKscTSzYB4Vlt5T8FfQ-tO2cNVoR8nGyGETOUp8BMzCxTneccDdwq_I0b
nTMyK6YVOaAs6y48muDJ9uUTmF2awSZX-GTTPyDLB9kDSiocDe0PzX0OUoLpHhuMg
3OGh4mtZCll_6VBKvZS5IVk9fWeqUkH5fz_63hDyPMfClHgVU3AAiPPOIplHqqIuF
f26yZRV2NiOUrOi8Vw6pLKxlC9KonBIwnKZxqGj2mOt-lyfK3vagUVB38Wd70rQvg
8PCmu59uSRUwR0mKmvhxNA_7X-IPCCaKaqO0ZIKuYSUZylM2wJRKtc5kSeb-IBmmt
612lMgzPKATDvyyWHqpYSzKhaw4T8i4xc8CJqT26LoFerzc8h49AxoKXxKQjXbsjL
6o2pOeHZOYrQIXezZYRzmoSzdb-7sIDiSfWz9RstVJHi_GxRx3IklAMyyOX1X9vLu
_QQCe8bRGqpvFP0y6IL_1xWA9VZTurgJorLhz10nXr-ZHjo2S9tHg7Aood7UaEjuk
dVJ8uC49ilNMq_14ARC12cgya0ub-7jUpQXIlGUQHU-V2krYy0dQs7YUQZDJhWXoK
40gim03-wdc861KOA1gnc-yVbaa8sSSa3UQeLqXf0xCheFMcMGGID2xDtDWOBuhkD
UAJP7g0cxZGq1GdF7SdwbPkZpq2uU9-EjPtXVydLe10XUkp2DFl1-we2TLDKZZ9fk
dS1eK5VVrl91NsJhOgdLfLlINIXl4xErS7pxL--obyOh7S8cs_sGwFrqyjMsgekLN
g7GJDYw_JT3tplazUYB0qIlk0Gu-_bu_OK_WN3z21WG7ZOlm8UdLSRyIu4d1bocAv
WOFyCa6HXpV6AOBMpvPOoNS4AMMTAksNkteR4JKotsIrjHF08uc5YbeAYcbj-Kb3j
I5X7CfSK6Oe1XSAtrMdfPrUOYrMLsah_ZsfF4DeTXPLXHjbr-PgLDVkPN5dEEKCXj
HySYEDpt_9A0vrVhaZ_97xhLEhDJMriGRlrTuYkafivO5sr3vbfPsHDkfdZzomQwJ
HnqqFjdM4SKjWy6H4kGCzhsbVjxS3qVBVCcyLaotEiMEdr7sNKMO3f-GoUpEG5wYQ
Vrn3nK8Y4jJFI8nz7VlzfeRsLKW9HkYzLF3VumKQaH03Giu3JZTYuUQaADhlx8E1E
9838MjENzX1Ay55AgGHUS4n1QjgXU3FWszPdoz3LWpRTTS5PcT_0BPfHlBEfEU_F5
kq7_O7eQN1BT7TEHQNZVgVXEftEdD0VHakuqUJDYz5mRGKM1uUGbpsFME-Xo2miyg
4rpGF4ACnZtjNezGV26qYTodnx0rc8BBkpTV8OtMGFqRxtvoJAtJdDT5cp6HT4mNM
Qips7igZ5EIwHf8YdA2pvSF59I6_TTt1CKioFBArym8buf6TDjb8hb7Cg2p8t8ypS
p5fl3p6TCD7iFfuEYYMBDs_EfRT5NuIO-Fn6F-9SeH3Oj_DxChBZ6lc9YSHsvc-mg
Y38fag32odIcID_IGfreMWgsjS-mO5TNaUat8yL2tlg3JyZe-OM9YmvvwtM_XV1qf
f3R4mQdTy_V5abKyh0FDPFj2kEnqtS-yqgr-sI2Ogyf8gQi5M9Vqv9f2ZU8osqSI-
5YAXHV-9qrI_Pk7An7gB55eLrBQm3ovLABjyOZ5PYm1CWck5gBZAWeATEi0sJ6rfP
1zMBeaHUVau_uiyTTa2gVXLZKLjKtRiOW779_-pVIFM-RZwi3dll9mTJFdU7rnMEQ
X7sSGroLkYS5CE4D0uu5hHgsEU17u7f8x6jSeVxwUMG5JFPWBaSFFF699vw-Gbawp
p_nnhNR-C7yY0kx1Rqmz6DkXcfLrq6lMLWkaClz-8629VKLg",
{}
]}}[Future: Consider eliminating this mechanism entirely and instead using messaging flows. The means of achieving this should become better apparent when the problem of publishing large messages via a pull mechanism is considered.]The Publication mechanism allows content to be published through a Mesh Account and retrieved by means of the EARL mechanism described in Uniform Data Fingerprint . This mechanism is used in certain flows supported by the Mesh Device Connection and Contact Exchange functions. There are two operations:
Claim
Post a claim to a published document
PollClaim
Check to see if a claim has been posted.
Content is published by appending an entry to an account's Publication catalog by means of a Transact operation. The content may then be retrieved by issuing a claim to the account specifying the publication identifier that is authenticated under the value specified in the EARL.Use of the Publication catalog to post content necessarily requires that the content be smaller than the maximum message size imposed by the Mesh Service so that it can be uploaded to the service by means of a Transact transaction.Publication of large data items will require modification of the protocol to support use of a detached message body. Transfer of a detached message body is outside the scope of this document.The claim transaction is used to post a claim to a document published by means of an EARL. The claim interaction is used in the Static QR Code connection interaction but MAY be used for other purposes as required by Mesh applications.A claim is made by sending a ClaimRequest message to the service to which the publication is posted. The service responds with a ClaimRespose message specifying the success or failure of the claim.A device is preconfigured during manufacture and a Device Description published to the EARL: The client claiming the publication creates a claim message specifying the resource being claimed and the address of the Mesh account making the claim. {
"MessageClaim":{
"MessageId":"NAFD-ZIB6-VLZD-QO4O-6C5N-YII5-VLJJ",
"Sender":"alice@example.com",
"Recipient":"maker@example.com",
"PublicationId":"EBQL-I4TF-ITF3-X4I3-QCHK-WK32-347R",
"ServiceAuthenticate":"ADKJ-W4NY-ZRLB-PUSC-3OSI-UADE-SCJW",
"DeviceAuthenticate":"ADSB-J6YC-B5R6-VJIA-GULG-LZIP-AEUO"}}The message is signed by the claimant to make a RequestClaim to the service: {
"ClaimRequest":{
"EnvelopedMessageClaim":[{
"EnvelopeId":"MAPR-DUUH-WNG3-DQCP-6RRB-NCVC-2RM4",
"dig":"S512",
"ContentMetaData":"ewogICJVbmlxdWVJZCI6ICJOQUZELVpJQjYtVk
xaRC1RTzRPLTZDNU4tWUlJNS1WTEpKIiwKICAiTWVzc2FnZVR5cGUiOiAiTWVzc2F
nZUNsYWltIiwKICAiY3R5IjogImFwcGxpY2F0aW9uL21tbS9vYmplY3QiLAogICJD
cmVhdGVkIjogIjIwMjItMDQtMjBUMTY6MTc6NTdaIn0"},
"ewogICJNZXNzYWdlQ2xhaW0iOiB7CiAgICAiTWVzc2FnZUlkIjogIk5BRk
QtWklCNi1WTFpELVFPNE8tNkM1Ti1ZSUk1LVZMSkoiLAogICAgIlNlbmRlciI6ICJ
hbGljZUBleGFtcGxlLmNvbSIsCiAgICAiUmVjaXBpZW50IjogIm1ha2VyQGV4YW1w
bGUuY29tIiwKICAgICJQdWJsaWNhdGlvbklkIjogIkVCUUwtSTRURi1JVEYzLVg0S
TMtUUNISy1XSzMyLTM0N1IiLAogICAgIlNlcnZpY2VBdXRoZW50aWNhdGUiOiAiQU
RLSi1XNE5ZLVpSTEItUFVTQy0zT1NJLVVBREUtU0NKVyIsCiAgICAiRGV2aWNlQXV
0aGVudGljYXRlIjogIkFEU0ItSjZZQy1CNVI2LVZKSUEtR1VMRy1MWklQLUFFVU8i
fX0",
{
"signatures":[{
"alg":"S512",
"kid":"MAMP-BX4G-AKK2-YHPA-IXJV-Z2KV-UXBW",
"signature":"Fk2oDmBaKXmkf7vnvLHDNH8M6LRYHC1lD6VaypH6
rgc0_uftuhH12Uitq0fgWMFNbvAyTaSdchKAPizuQisjvI_K5G6VOr8HnTft65UIW
sFZjsj6vQjVb8j3oa5gCJPFQzbyn9khoO6irBTXGbfIJgAA"}
],
"PayloadDigest":"B8c5TfDXr1GK6CgI8aFEXBWT35NCMN70f3HHreRr
C5o5dGw04VA8YmUrW4tnSpYdVOBap0tSSQwGV8HnYVkd2w"}
]}}The publication is found and the claim is accepted, the publication is returned in the response. {
"ClaimResponse":{
"Status":201,
"StatusDescription":"Operation completed successfully",
"CatalogedPublication":{
"Id":"EBQL-I4TF-ITF3-X4I3-QCHK-WK32-347R",
"Authenticator":"ECXL-6FG3-37XK-J6GM-VR2W-4KUI-5BW7-JQRO-CYMW
-PIHF-6FSA-FQ6T-YXKG-K",
"EnvelopedData":[{
"enc":"A256CBC",
"kid":"EBQO-52CW-B4C4-7MLL-5LZT-PJ7Y-Z3O6",
"Salt":"YwqtqOhssmpR3cH8fZkGYw",
"recipients":[{
"kid":"EBQL-I4TF-ITF3-X4I3-QCHK-WK32-347R",
"wmk":"i0Wx4i67v2s9XeUvtlmgAojKsuBzi_-B4MbLLHhJbVmM
2FfwzN1YEA"}
]},
"zpvCTGxohUkssrMsznDdzinzW-ioixuVZfdG_XqtFac38vFixkhZbhJH
xGJIxFGRBOwEzF-rNu9bPHDacsXru3SnkYIQL9jw1Nx2ipOOduys0MijUJ99sUhhm
JhW8mqzUroU_uh7yum8twTBK71eZIMX3FZxFnse5QeeD1KOadqcDV0hXNi2QAmEvp
CZNTKiRroE1jxFv9PiVbdvvWXC8eIVTYqHrn3T9edfLxil819vubbDWJXz_DxI6JL
QCX9MJTnZ7_6_AWBFyi9D3lzKdYOWbsOu8zJGotEpi9YXDGnPOojqmCPdyzEdIsUZ
JIld_KuOv6fYa4wZ3AlTilSgbmAQG4KMYiV2a8Od0o2Uoqvi8yujAEv5qxl1A1Zk5
i-K1ZxFHiAw5te9M5eCyEx34AONGIExXegDu1EAg_A14FCKhyKyn6bpvJOjR2RHZh
84CgwiHZvVEtxTL0nY7r8mghvH3cxTzfW8nF9cS8-MwhhYNSdIXCcGkRl1FhyM5P6
GRh_RODqm1QmlgBuJjLdaaEHYlaxRBqaT6jI8c2SlvAZAFfn3JxIErLU8r_gTW3G6
KPn_JUqcRFVlRrQJcV-8uuTn6y7Sdv6RsXnJDQNlE0rAsb6jilU1Z-_CUeX6cTyAl
UPb-TXlZsjWplTIlSrX65jCYasfcVnrC9ibIiU6zQBxYLOvTdVi6dTiuQ_OHJ8FbB
mxtHFJwfjxoNqiuemwZ1yC-jGtaaFgDcAjp1i4AHsZSVUHl2f9hbRPWCTB2WlaXy1
gohp-x_Ft7mUD4JibMjDUPb1Sxjtk5ZAq6bXWnEz7cEDNR8JgujeU_0RukN3CEvWR
SyQ-6LWX4svntzUcdffqFmD6MjXnNLxkUgG6bBxmc-caUDRGBEHl-UUxzWY30yVXs
UcEQCg-9bscVIwYgQFzTKAP4zNXH7lUXGM3p7wf9yRs__GYncfVcDGWsemYHFDGp2
3ApBI9LEUbhR_h-hIBjSEu61cFCzpC5dQsGLIUv8i-J-nWEt7_OWg3he2FgYn5_2-
IQ4tF9qGnt2v5wfcfIL60B03hSaDIDnrvDFtXqmz8At6fgZOAFYy9IE9TSXLyhZSq
88c0nq5293Z5kiz_XgneRLAPhWsHMd609AEarSKq9UJQzj4fF32iIj377XZCwOp87
RFomBwhCXYwloTAeegJwTDfo3hdUdbWl1DPhj4zpO5Vpzsn3zu1qHjBDRCbzeuYg5
XVoAKX4Oe6uo9H8UlbmEHNG0vEi47ko8HgZ_M41Xz2TGyrsJxKVkhJK7J8_-RQlrx
BgXr0Lhkhc3fJY7IVPtJCMw5gUpxbfa5cUqRChYx-RLOusz2IUTgc9c0yXWwZiiAG
pG_oeTBHnp6_U0FxPzIeP3QjhmQpGgDdd2HLnHcGWkEhhpvqbwaSr8USdYRo0t7CH
C1Fvjjdn0oICdRQyTpT4n6XuDMcs6DLggrW4BnKFUfuYmv6dIg6Q1o3AM9p3W1-zl
M3AkPguPkRvW-tnrmMy7liUXzCKdd3Vv2-9i7IaiTBQMZYcnrWuRMFdBA6WkJbgnj
-Od2EgwZ-Dux4aPB1ra53r49wERYxTTrRSQhW9aSQxHM2YRjIK0NolmAn9zLOLtdK
lepTqmKmXSMLuHosFxMdlHgDUb3rqL_CmIJ8naiprf8juxLWTw6w0OUlNZYTUWf1v
TRr_VeeXLHU1lL5Ob-nQyQb66UZw2Lh-iP-VdsdJo7juL4-S_uO5g2bYGBklclF7i
XMOpxxBiZw7wQ4VVz_B_4RV7twqeAbVPkfe8yCgCYCwogy-x-cf6wMbKdq5w9qFWm
A9dwHFEt7e8eKAqh0PoQKJhSm2e94UL_wEgvdNrTb_fQuGHxKxpM27T8qBQVRzsrz
-IGwi1MeUS9vM5N3DXnQYj4cO5j5aZSQR37sJfjrtkNC7vNguVDu5PRCcWWCr8J3z
aJlMW5XaS4QXMEeZzzKYmOr6ZBJ6CAVVwBudsM7M5Y-mc1qAIe6pkUEngLOOP-OBm
Rt1Oj0ZH0-HlpeRfaB0TBJe67M397xOi9d39uP5CjDUqvTbsQzf7_Kh8BDGxtXjSZ
UZqGr4UU80x9UuNgmdkLppxz7EjIWQ6qsp9xE9sX9cMxE3uRNlB-xFgRdiEHbbAfj
cyOr2UUbR4YMrXNDHs5szAMyAXuwJbzDGvlXmDuMyDW4sVstmcuVoRs-uM8Y157o4
wsg_XbSL5u6H3Z6QXP7vPN6oyHc3lqMkFRU5sHR9zRpgCCSi2YmWU609HGUBPYj1H
hSi-bkg5T7zA_pnsRWRNIDPSrEHDadXBxs7YDyMxkPQ2ML3j-7zGi8rz46eyV4sAb
T8xOAiCfzLfjrJtGaXO04PYLXRdxD-bWeTPORtAUIXukkbCoCfMxfDd3JKDR-QvTO
OUhOTnO-9yWnlJucrFpE5syujJz6awo95ZULiayBGPY0QxnnNOH3CER_cTb7DjSwF
i_gcTE3q1dtyQAexMj7tj-h30qjEjt3j-72_2pw-gTY_akNJeyc6iTfcJsa4ldI0V
A_m-ErjTpWA6AkiJ61hfLg4KZai3RiWPQWOHvNGQGX4TC3lCwNto_sJO7vjjKFfEl
Eb2GuVgiuFcBCcOWBWE9LTBs5EAYNcwCPeG0dXv73GBuTupnJvZWHLhw4lRCV4ju4
OqhsrkOR7fGnXsPDJrvlrlvYQsJUblfiBjGUN9UJy_Vgd5eAvNWLMonk2oyxpJCXw
NOO5nNVtzplH3PE1ZzhR_YjbEg1gXUWkPRpETpKMXDfjVe1Y6Wh2x4boRtzRMls_V
J-Y1yrHSuYex-xOkN0GcEou_0t_gGtHIkjEu1-kIu74osRiEV4cvBQEJH2V1r-B5Q
VjUmdAVWsODhtp_yH87KYCksKqwYITOIqaUWHUThg-R0tD94urJ0wHFlxNFRcxZvC
ZKr9EuxtmWQq9lVr9UGQzZqL09-ddnuNru6LFDPgjOT4bfCTy32mtIj7vhwZ47BWm
4BrOKA0GNghJziGNFXwsZz1ZPjv3Cy_knTA23osoygx6i0khg"
]}}}The device waiting to be connected uses the PollClaim transaction to receive notification of a claim having been posted. The PollClaim transaction is used to discover if a claim has been posted to a published document.When an authenticated, authorized request is made, the service responds with the latest claim posted to the publication.The device in the example above periodically polls the service to which the device description is published to find if a claim has been registered. The PollClaimRequest contains the account to which the document is published and the publication ID: {
"PollClaimRequest":{
"PublicationId":"EBQL-I4TF-ITF3-X4I3-QCHK-WK32-347R",
"TargetAccountAddress":"maker@example.com"}}The response returns the latest claim made as signed message: {
"PollClaimResponse":{
"Status":201,
"StatusDescription":"Operation completed successfully",
"EnvelopedMessage":[{
"PayloadDigest":"B8c5TfDXr1GK6CgI8aFEXBWT35NCMN70f3HHreRr
C5o5dGw04VA8YmUrW4tnSpYdVOBap0tSSQwGV8HnYVkd2w",
"EnvelopeId":"MDLZ-5ED3-2Z6P-XJXW-THGA-Q37Z-F6VL",
"dig":"S512",
"signatures":[{
"alg":"S512",
"kid":"MAMP-BX4G-AKK2-YHPA-IXJV-Z2KV-UXBW",
"signature":"Fk2oDmBaKXmkf7vnvLHDNH8M6LRYHC1lD6VaypH6
rgc0_uftuhH12Uitq0fgWMFNbvAyTaSdchKAPizuQisjvI_K5G6VOr8HnTft65UIW
sFZjsj6vQjVb8j3oa5gCJPFQzbyn9khoO6irBTXGbfIJgAA"}
],
"ContentMetaData":"ewogICJVbmlxdWVJZCI6ICJOQUZELVpJQjYtVk
xaRC1RTzRPLTZDNU4tWUlJNS1WTEpKIiwKICAiTWVzc2FnZVR5cGUiOiAiTWVzc2F
nZUNsYWltIiwKICAiY3R5IjogImFwcGxpY2F0aW9uL21tbS9vYmplY3QiLAogICJD
cmVhdGVkIjogIjIwMjItMDQtMjBUMTY6MTc6NTdaIn0",
"SequenceInfo":{
"Index":1,
"TreePosition":0},
"Received":"2022-04-20T16:17:57Z"},
"ewogICJNZXNzYWdlQ2xhaW0iOiB7CiAgICAiTWVzc2FnZUlkIjogIk5BRk
QtWklCNi1WTFpELVFPNE8tNkM1Ti1ZSUk1LVZMSkoiLAogICAgIlNlbmRlciI6ICJ
hbGljZUBleGFtcGxlLmNvbSIsCiAgICAiUmVjaXBpZW50IjogIm1ha2VyQGV4YW1w
bGUuY29tIiwKICAgICJQdWJsaWNhdGlvbklkIjogIkVCUUwtSTRURi1JVEYzLVg0S
TMtUUNISy1XSzMyLTM0N1IiLAogICAgIlNlcnZpY2VBdXRoZW50aWNhdGUiOiAiQU
RLSi1XNE5ZLVpSTEItUFVTQy0zT1NJLVVBREUtU0NKVyIsCiAgICAiRGV2aWNlQXV
0aGVudGljYXRlIjogIkFEU0ItSjZZQy1CNVI2LVZKSUEtR1VMRy1MWklQLUFFVU8i
fX0",
{}
]}}The Operate transaction is used to perform one or more cryptographic operations using private key material recorded in the Threshold Catalog. Such operations typically represent one part of a threshold key operation divided between the service and a device connected to an account.As with all operations involving the Access catalog, the request MUST meet the authentication criteria specified by the catalog entry. These typically include the request being authenticated by a specific key.Key AgreementCryptographicOperationKeyAgreement is used to request a threshold key agreement operation on a specified public key.Alice added Bob to groupw@example.com as a member. This resulted in Bob receiving the invitation described in section ??? and the following access entry being added to the Access catalog of the group account: {
"CatalogedAccess":{
"Capability":{
"CapabilityDecryptServiced":{
"Id":"MAPK-LBYY-2G6S-7Y2F-7KWO-KZQC-2IEW",
"Active":true,
"GranteeUdf":"bob@example.com",
"EnvelopedKeyShare":[{
"enc":"A256CBC",
"kid":"EBQA-LO4N-N2FL-U23L-SKWO-POAW-VDLW",
"Salt":"FXW3PsFesjcC6fDC3dHHMg",
"recipients":[{
"kid":"MAJY-65KP-C67E-LFXP-Q3XI-ZHZF-GNHV",
"epk":{
"PublicKeyECDH":{
"crv":"X448",
"Public":"CcZftsANqPybF3CXKG4neCPC5mLKeBaFIwv
tkGBThR8QlqtAp0Gr-XevcrOlbqxhKP2kfxQQyxuA"}},
"wmk":"VAR6_ezf8hgETm61CJ4CUOw66l_f8YKwG65_GYE96W
5b_VeZNoOiHQ"}
],
"ContentMetaData":"ewogICJNZXNzYWdlVHlwZSI6ICJLZXlEYX
RhIiwKICAiY3R5IjogImFwcGxpY2F0aW9uL21tbS9vYmplY3QiLAogICJDcmVhdGV
kIjogIjIwMjItMDQtMjBUMTY6MTc6NDlaIn0"},
"5HYVc-1SfcKj29O6UyNv_CptjRl-gy3hjp42VUdTi032r7Yamt4xmE
hByPQgpVetmoFayOWc9V8GILPMbrQ8LO8OwHD35Fio_OfX1PLe8or5AuBylbF9y9f
3S25QD9WupYJJN0L2m8hbia3LLbU-BcVSrmI0OjB7tkeEgp6vmboTGv9QQxSSrMTQ
5v8Le6dtJhuUqwyj7JJA76oBWk8ZzibJ6hQLT1v5owABTPMxq1fGNRv2RgDtz4tpy
deUBq5Gp9B0WKSKBCfOGFzNcunXbA5AbXWkORK4s07fZ42EsWiwkrncFRQqKTvomX
37CHtJo4kJkoyhbQWAwcLHaeo5DQrWBHJq6p2evWH4Z0gW_ZB9f3UiuW3jEOj-wvG
mYI5Mfo0Y5YEqy8iuOmo2KI3qDTAfWE_PID-4V2IWKhGibz7mqOy8pFMBUZXySwmY
w-M8Wti61wlST10kPaivW-0hS86MWGYlfzrVP3GqWkqNfHBuI-1iHwe3nNz2npsI0
Z3QnYr5VB-Q-ifkQZrYiTkPLKNAf_rR0-2le4lVBMasJJpk3cISt2V27RqxglrzX4
nSh0abD-7jBuAr-h7dH4abak2zkcQWqqe1bVjSfQ8OS6on4auWb4ZmJHY_cBCz3Br
wTer6j-0r1UWTtQg0V4SuEDLaR0VCqrQhiLgEdLENBzESJqa1x0vQHQeciteoBDa_
CdQCdzPUYycikRI778ElNg"
]}}}}The private key (in this case a key share) is encrypted under the service key. To make use of the access entry, a request is made that specifies the key share to be operated on and the public key parameters to perform the agreement with. The request payload: {
"OperateRequest":{
"AccountAddress":"groupw@example.com",
"Operations":[{
"CryptographicOperationKeyAgreement":{
"KeyId":"MAPK-LBYY-2G6S-7Y2F-7KWO-KZQC-2IEW",
"PublicKey":{
"PublicKeyECDH":{
"crv":"X448",
"Public":"7BkA7YrtcC7GrNRvyX0es1xOgNeUmSPFgLPsK8Xy-
y8kaCqguTYD4BzWGBZi5a6KafeQQV6DwKcA"}}}}
]}}The service checks to see if the request is authorized and if so, performs the operation and returns the result: {
"OperateResponse":{
"Status":201,
"StatusDescription":"Operation completed successfully",
"Results":[{
"CryptographicResultKeyAgreement":{
"KeyAgreement":{
"KeyAgreementECDH":{
"Curve":"X448",
"Result":"RK_nkdnG2HF8Xm79VfrFpufigvIldNPo16ZIFf4-E
GJaqRaHIBNVbDs-bTfS30FuJkadIzvfzQwA"}}}}
]}}Future: Currently, the access catalog is encrypted under the service encryption key. It would be better to encrypt the catalog under an encryption key specified by the service during the process of account binding. This would allow a service to assign a unique encryption key to each account and limit access to that key to the hosts servicing that specific account.Generation of threshold key shares is planned but not currently supported.Threshold signature is planned but not currently supported.Mesh Messaging is an asynchronous messaging service that allows exchange of information between devices connected to a Mesh account and between Mesh users.To enable effective abuse mitigation, Mesh Messaging enforces a four-corner communication model in which all outbound and inbound messages pass through a Mesh Service which accredits and authorizes the messages on the user's behalf.The Post transaction is only used to exchange messages between services. The client sends and receives messages through interactions with the outbound and inbound spools of the account.To send a message, the client creates the Mesh Message structure, encapsulates it in a DARE Message and appends the message to the Outbound spool of the account using the Transact operation..The DARE Message MUST be signed under the account signature key.The Mesh Service receiving the message from the user's device MAY attempt immediate retransmission or queue it to be sent at a future time. Mesh Services SHOULD forward messages without undue delay.The Post transaction forwarding the message to the destination service carries the same payload as the original request but is authenticated by the service forwarding it. This authentication MAY be my means of either profile or ticket authentication. >>>> Unfinished ProtocolPostServiceService [Not Yet Implemented] After the message has been sent, the service updates the message status on the outbound spool.Services SHOULD implement Denial of Service mitigation strategies including limiting the maximum time taken to complete a transaction and refusing connections from clients that engage in patterns of behavior consistent with abuse. The limitation in message size allows Mesh Services to aggressively time out connections that take too long to complete a transaction. A Mesh Service that hosted on a 10Mb/s link should be able to transfer 20 messages a second. If the service is taking more than 5 seconds to complete a transaction, either the source or the destination service is overloaded or the message itself is an attack.Imposing hard constraints on Mesh Service performance requires deployments to scale and apply resources appropriately. If a service is attempting to transfer 100 messages simultaneously and 40% are taking 4 seconds or more, this indicates that the number of simultaneous transfers being attempted should be reduced. Contrawise, if 90% are completed in less than a second, the number of threads allocated to sending outbound messages might be increased.The inbound service MUST subject inbound messages to Access Control according to the credentials presented in the DARE Message payload.After verifying the signature and checking that the key is properly accredited in accordance with site policy, the service applies authorization controls taking account of:
The accreditation of the sender
The accreditation of the transmitting Service
The type of Mesh Message being sent
User policy as specified in their Contact Catalog
Site policy.
Messages are received by synchronizing the outbound spool.[This section to be expanded in future drafts]Access control is effected through the usual division of authentication and authorization.Authentication of operation requests is performed by the RUD layer . Any request authenticated under the profile authentication key is authorized to perform any account operation without restriction.If the authentication key presented has a matching Access Catalog entry, the device is authorized to perform operations as specified in that entry.Message interactions are asynchronous interactions that occur between devices connected to the same account or between accounts. All messages are signed by the sender and encrypted under the encryption key of the recipient if this is known to the sender.The Message PIN Interaction is used to register and validate PIN codes used to authenticate certain transactions. This interaction allows a PIN code issued by one device to be consumed by another allowing for greater convenience in managing devices or contact exchange.For example, Alice might delegate the PIN code issue privilege to her mobile device without delegating the administration privilege to that device. This would allow Alice to use her mobile device to initiate the connection of a large number of devices to her Mesh as her house is being built and approve them later using her administrative device.Use of the Message PIN interaction is optional. An application that issues a PIN code to authenticate a message MAY store the PIN value within the application without persisting it to external storage.Derivation of the SaltedPin, MessageId and Witness values from their respective inputs is described in the Schema Reference .To register a PIN code to an Account, a device:
Generates the PIN code value
Calculates the SaltedPin value for the specified Action
Calculates the PinId binding the specified SaltedPin to the Account.
Creates and signs MessagePin containing the SaltedPin , Action and Account values with the MessageId value PinId.
Appends the MessagePin value to the Administration Spool of the Account.
Note that this construction provides limited protection against forgery attacks by a party with access to the MessagePin. A party with such access can use it to construct the witness value required to authenticate a request. PIN Code values consist of an opaque sequence of octets represented as a UDF nonce value. Codes are presented in canonical UDF form, i.e. Base32 encoding separated into groups of 4 characters. The PIN value is converted to binary form for calculation of the SaltedPin, thus ensuring that the canonical form of the PIN value is used.The PIN Code value is passed out of band to a user who will enter it into a device to authenticate a request made to the issuer. A request that MAY be validated by means of a PIN is a subclass of MessagePinValidated and contains the following fields:
AuthenticatedData
A DARE Envelope containing the data that is authenticated.
ClientNonce
A nonce value used to prevent certain replay attacks.
PinId
Digest value binding the SaltedPin to the Account.
PinWitness
Witness value calculated as KDF (Device.UDF + AccountAddress, ClientNonce)
The device uses the PIN code and Action identifier corresponding to the desired request to calculate the SaltedPin value in the same manner as during registration. This value is then used to calculate the PinId and PinWitness values.The PIN code is validated by performing the steps of:
Calculating the SaltedPin value from the PIN code and Action
Calculating PinId from SaltedPin and Account
Retrieving a MessagePin from the Administration spool with the MessageIdPinId.
Calculating the PinWitness value from SaltedPin, ClientNonce and AuthenticatedData and checking this matches the value specified in the message.
Performing the requested action.
Posting a Complete message to the Administration Spool of the Account marking the PIN code as used.
This process can fail at multiple points resulting in different error results:
PinInvalid
No PIN code is specified, the Pin code indicates an unsupported algorithm or the calculated PinWitness does not match the one specified by the request.
PinUsed
The PIN code has been used previously.
PinExpired
The PIN code is no longer valid.
Note that in the case that an attempt is made to reuse a PIN, it is not automatically the case that the first use of the PIN was the one that was valid and only the second attempt was invalid. Implementations SHOULD alert the user to the attempted re-use so that this possibility can be considered and appropriate action taken.Alice connects a device using a QR code presented by her administrative device. The administration device creates a PIN code and records it to the Local spool. The message specifies the salted pin value used to verify attempts to use the PIN, the action for which it is authorized. Since this PIN has been issued to authorize a device connection, the roles for which the device are authorized as well. This allows the connection request to be accepted without asking for further input from the user. {
"MessagePin":{
"MessageId":"ACKJ-BKB3-J77B-G7HZ-DFKS-E26L-NHXW",
"Account":"alice@example.com",
"Expires":"2022-04-21T16:17:50Z",
"Automatic":true,
"SaltedPin":"AAV6-EBKF-JIUO-B2UV-UQX7-OKHB-OAAX",
"Action":"Device",
"Roles":["threshold"
]}}Completion messages are dummy messages that are added to a Mesh Spool to mark a change the status of messages previously posted. Any message that is in the inbound spool and has not been erased or redacted MAY be marked as read, unread or deleted. Any message in the outbound spool MAY be marked as sent, received or deleted.Services MAY erase or redact messages in accordance with local site policy. Since messages are not removed from the spool on being marked deleted, they may be undeleted by marking them as read or unread. Marking a message deleted MAY make it more likely that the message will be removed if the sequence is subsequently purged.After using the PIN code to authenticate connection of a device in the previous example, the corresponding MessagePin is marked as having been used by appending a completion message to the Local spool. {
"MessageComplete":{
"MessageId":"NDM2-SXYM-M65H-CDTB-ROIB-KTKW-IN4R",
"References":[{
"MessageId":"ACKJ-BKB3-J77B-G7HZ-DFKS-E26L-NHXW",
"ResponseId":"MCXK-BPYI-YM5Y-N4LL-SFZV-FXIC-AHX2",
"Relationship":"Closed"}
]}}The completion message is added to the spool in the same upload transaction that adds the device to the device catalog. This ensures that both operations occur or neither occurs.The contact exchange interaction is used to support unilateral or mutual exchange of contact information. Contact exchange has three functions in the Mesh:
To exchange public key information to allow encryption of messages sent to and verification of signatures on messages sent from the contact subject.
To exchange contact information allowing use of other communication protocols (e.g. telephone, SMS, xmpp, SMTP, OpenPGP, S/MIME, etc).
To request that the recipient grant privileges to accept certain types of messages from the contact subject.
Registration of the subject's contact information in a registry service eliminates the need for the first of these functions but not the other two. To prevent abuse, every Mesh Message is subject to access control and a Mesh service will only accept a message from a sender if there is an entry in the Threshold Catalog of the account that expressly permits delivery of messages of the specified type that are authenticated by an authorized signature key.The communication of unsolicited information afforded by the contact exchange interaction is deliberately limited so that a majority of users can accept contact exchange requests without prior authorization. It is however likely that some users will receive a considerable volume of requests forcing them to require contact requests be authorized through some form of third party accreditation.The Remote Contact Exchange transaction consists of a sequence of MessageContact messages sent from the initiator to the responder, responder to the initiator, etc. While there is in principle no limit on the number of messages exchanged, most exchanges will be completed in three exchanges or less:
Initiator to Responder
Contains Initiator contact data without authentication context from the exchange.
Responder to Initiator (optional)
Contains Responder contact data authenticated under a PIN challenge presented in the previous message.
Initiator to Responder (optional)
Contains Initiator contact data authenticated under a PIN challenge presented in the previous message.
Each message provides the recipient with additional information which MAY motivate the recipient to provide additional contact information to the sender.{
"MessageContact":{
"MessageId":"NBBX-LUP5-63JW-AJ6G-5UFG-TYWA-Y6IY",
"Sender":"bob@example.com",
"Recipient":"alice@example.com",
"AuthenticatedData":[{
"dig":"S512",
"ContentMetaData":"ewogICJNZXNzYWdlVHlwZSI6ICJDb250YWN0UG
Vyc29uIiwKICAiY3R5IjogImFwcGxpY2F0aW9uL21tbS9vYmplY3QiLAogICJDcmV
hdGVkIjogIjIwMjItMDQtMjBUMTY6MTc6MzFaIn0"},
"ewogICJDb250YWN0UGVyc29uIjogewogICAgIkFuY2hvcnMiOiBbewogIC
AgICAgICJVZGYiOiAiTURSUy1JS01QLVM2U1otTVI1TS1HT0lKLVNJSFMtVzVTSiI
sCiAgICAgICAgIlZhbGlkYXRpb24iOiAiU2VsZiJ9XSwKICAgICJOZXR3b3JrQWRk
cmVzc2VzIjogW3sKICAgICAgICAiQWRkcmVzcyI6ICJib2JAZXhhbXBsZS5jb20iL
AogICAgICAgICJFbnZlbG9wZWRQcm9maWxlQWNjb3VudCI6IFt7CiAgICAgICAgIC
AgICJFbnZlbG9wZUlkIjogIk1EUlMtSUtNUC1TNlNaLU1SNU0tR09JSi1TSUhTLVc
1U0oiLAogICAgICAgICAgICAiZGlnIjogIlM1MTIiLAogICAgICAgICAgICAiQ29u
dGVudE1ldGFEYXRhIjogImV3b2dJQ0pWYm1seGRXVkpaQ0k2SUNKTlJGSlRMVWxMV
FZBdFV6WlRXaTEKICBOVWpWTkxVZFBTVW90VTBsSVV5MVhOVk5LSWl3S0lDQWlUV1
Z6YzJGblpWUjVjR1VpT2lBaVVISnZabWxzWgogIFZWelpYSWlMQW9nSUNKamRIa2l
PaUFpWVhCd2JHbGpZWFJwYjI0dmJXMXRMMjlpYW1WamRDSXNDaUFnSWtOCiAgeVpX
RjBaV1FpT2lBaU1qQXlNaTB3TkMweU1GUXhOam94Tnpvek1Wb2lmUSJ9LAogICAgI
CAgICAgImV3b2dJQ0pRY205bWFXeGxWWE5sY2lJNklIc0tJQ0FnSUNKUWNtOW1hV3
gKICBsVTJsbmJtRjBkWEpsSWpvZ2V3b2dJQ0FnSUNBaVZXUm1Jam9nSWsxRVVsTXR
TVXROVUMxVE5sTmFMVTFTTgogIFUwdFIwOUpTaTFUU1VoVExWYzFVMG9pTEFvZ0lD
QWdJQ0FpVUhWaWJHbGpVR0Z5WVcxbGRHVnljeUk2SUhzCiAgS0lDQWdJQ0FnSUNBa
VVIVmliR2xqUzJWNVJVTkVTQ0k2SUhzS0lDQWdJQ0FnSUNBZ0lDSmpjbllpT2lBaV
IKICBXUTBORGdpTEFvZ0lDQWdJQ0FnSUNBZ0lsQjFZbXhwWXlJNklDSnNWa3RGU20
4elpYaDVSMEZPWHpsS1pXRgogIEdhbkZJTW1KbWFqaHlNMDAyYXpjMVlrMHlWMUpY
YUMxVlRqSmFUbXg2VFhWaUNpQWdObmxXTW01UFNIcGpOCiAgVjlPVGpCZlh6ZG5Wb
mQ1YWtWQkluMTlmU3dLSUNBZ0lDSkJZMk52ZFc1MFFXUmtjbVZ6Y3lJNklDSmliMk
oKICBBWlhoaGJYQnNaUzVqYjIwaUxBb2dJQ0FnSWxObGNuWnBZMlZWWkdZaU9pQWl
UVVJUU3kxRlZVaFRMVkZZUgogIDBRdFRFdFBSaTFCVmtNM0xWWXlVa2d0VEZZMldp
SXNDaUFnSUNBaVJYTmpjbTkzUlc1amNubHdkR2x2YmlJCiAgNklIc0tJQ0FnSUNBZ
0lsVmtaaUk2SUNKTlJFSlFMVlJSUjFJdFRFWkZTeTFFTlUxS0xVTXpObGt0U0V0Sl
EKICB5MUNTVUpISWl3S0lDQWdJQ0FnSWxCMVlteHBZMUJoY21GdFpYUmxjbk1pT2l
CN0NpQWdJQ0FnSUNBZ0lsQgogIDFZbXhwWTB0bGVVVkRSRWdpT2lCN0NpQWdJQ0Fn
SUNBZ0lDQWlZM0oySWpvZ0lsZzBORGdpTEFvZ0lDQWdJCiAgQ0FnSUNBZ0lsQjFZb
XhwWXlJNklDSTRhMWhaVUcxbU4wMXhSVlV3ZDFaTFJUQldTbkpHVVhaTU9XZFlRbW
gKICBFV0dKaFEybFhkMDlrZUVwUFN6WlJjWEZqT1hsYUNpQWdRMDkxT0RGb2ExY3l
TRGRKZFhoc1dXUlBZMDVOWQogIGtWQkluMTlmU3dLSUNBZ0lDSkJaRzFwYm1semRI
SmhkRzl5VTJsbmJtRjBkWEpsSWpvZ2V3b2dJQ0FnSUNBCiAgaVZXUm1Jam9nSWsxQ
1F6WXRVa3BSUVMxUFJFcFBMVVJXV2tndFVGbENOaTFJV1U5U0xWUXlNbGNpTEFvZ0
kKICBDQWdJQ0FpVUhWaWJHbGpVR0Z5WVcxbGRHVnljeUk2SUhzS0lDQWdJQ0FnSUN
BaVVIVmliR2xqUzJWNVJVTgogIEVTQ0k2SUhzS0lDQWdJQ0FnSUNBZ0lDSmpjbllp
T2lBaVJXUTBORGdpTEFvZ0lDQWdJQ0FnSUNBZ0lsQjFZCiAgbXhwWXlJNklDSmtNM
kZPY0VGdmJEaEJWbkJPVlUxelVrdDZUbWc0TFhkQlF6SXlWWEoxTkZSTVVtNUZWa1
IKICBtUkROWWJrRXhYemhKVjNCTENpQWdNMjlyVEdFd1h6QnZNQzFvWWpGWGJpMXN
OR2czVkMxQkluMTlmU3dLSQogIENBZ0lDSkRiMjF0YjI1RmJtTnllWEIwYVc5dUlq
b2dld29nSUNBZ0lDQWlWV1JtSWpvZ0lrMUVTMDh0VkVkCiAgSlNTMVlVVU15TFZJM
VRFY3RWRnBHU3kxQlNWWklMVE0zVkZRaUxBb2dJQ0FnSUNBaVVIVmliR2xqVUdGeV
kKICBXMWxkR1Z5Y3lJNklIc0tJQ0FnSUNBZ0lDQWlVSFZpYkdsalMyVjVSVU5FU0N
JNklIc0tJQ0FnSUNBZ0lDQQogIGdJQ0pqY25ZaU9pQWlXRFEwT0NJc0NpQWdJQ0Fn
SUNBZ0lDQWlVSFZpYkdsaklqb2dJbWh5WVVGaGVqaHRVCiAgSHBpTVRaWFp6Wm9hR
1ZRV0VzdGNteFBhRXBCTlhadWMwVTJZMGxSY1RGTVFqUXdkRkpTWlhwNWN5MEtJQ0
EKICB3UVhCRGNYVkVVMHRGU2poeVNqQmZSVXBmYmpOcU1rRWlmWDE5TEFvZ0lDQWd
Ja052YlcxdmJrRjFkR2hsYgogIG5ScFkyRjBhVzl1SWpvZ2V3b2dJQ0FnSUNBaVZX
Um1Jam9nSWsxQ1NqVXRXRnBNTXkxVldVRllMVUpYVVVZCiAgdFUxTk9UaTFSVGpkY
UxUZFpWa2tpTEFvZ0lDQWdJQ0FpVUhWaWJHbGpVR0Z5WVcxbGRHVnljeUk2SUhzS0
kKICBDQWdJQ0FnSUNBaVVIVmliR2xqUzJWNVJVTkVTQ0k2SUhzS0lDQWdJQ0FnSUN
BZ0lDSmpjbllpT2lBaVdEUQogIDBPQ0lzQ2lBZ0lDQWdJQ0FnSUNBaVVIVmliR2xq
SWpvZ0lsZFNNREl3WTNkb2RVWkhOVFV5YUVsRlRraGlaCiAgbnB5U0dadk1UUklOV
zR5WW1oTGVtdEpTRmRCY1dreFNWUkVSM1ZCZWxJS0lDQmZaRU16YTFOUlN6WnhXa3
QKICBUZDFZM2IxUkxlVEZRVFVFaWZYMTlMQW9nSUNBZ0lrTnZiVzF2YmxOcFoyNWh
kSFZ5WlNJNklIc0tJQ0FnSQogIENBZ0lsVmtaaUk2SUNKTlFVbFpMVVJETmtjdFEw
ZExTQzFJTTBkT0xVSk1NazR0UjBoV1RpMDFTRlJISWl3CiAgS0lDQWdJQ0FnSWxCM
VlteHBZMUJoY21GdFpYUmxjbk1pT2lCN0NpQWdJQ0FnSUNBZ0lsQjFZbXhwWTB0bG
UKICBVVkRSRWdpT2lCN0NpQWdJQ0FnSUNBZ0lDQWlZM0oySWpvZ0lrVmtORFE0SWl
3S0lDQWdJQ0FnSUNBZ0lDSgogIFFkV0pzYVdNaU9pQWlOV1JOTUhWS1ptWmZkMnBQ
VGpCS1RqSmxTbWswWm01bFUzSXlZVk5FTURrdFEyVXpTCiAgbWhDZWpkaVIzVkdkV
VpLV0c1ck53b2dJSFpCTFU5ZlRqZFBTM0pKTm01SmRXTlVPVWxRY0Rjd1FTSjlmWD
EKICA5ZlEiLAogICAgICAgICAgewogICAgICAgICAgICAic2lnbmF0dXJlcyI6IFt
7CiAgICAgICAgICAgICAgICAiYWxnIjogIlM1MTIiLAogICAgICAgICAgICAgICAg
ImtpZCI6ICJNRFJTLUlLTVAtUzZTWi1NUjVNLUdPSUotU0lIUy1XNVNKIiwKICAgI
CAgICAgICAgICAgICJzaWduYXR1cmUiOiAiYXFKYlpWeEtSUmpOd0d1Z1haVlU1R1
JxWXZBeHlmcERNRFV3MFJYbEhYYmR0QmNaTwogIEY3d3lrWFlaU3BvRUM0aGN1ekF
UUkVnVHl5QUZsOG90N2E4WENpN0RnODB2OWM1UEpZMkt3ZVBSU3ZpMEtyCiAga0JZ
cmFlZFFYQk85c2FOM2VQckx5Y0MydnJBblRyaG1NX29QcVhUNEEifV0sCiAgICAgI
CAgICAgICJQYXlsb2FkRGlnZXN0IjogImVtMzNVaThibHpRY2c4UkQwUGVhRWVnU0
E2a3VyWHZWMVlKMTFabWVOZ2NPRwogIGU0WXByX0xIR3E2MV9GTVFMMW95Wllpb3c
yN0VWczFxUzBUOWU3OFBnIn1dLAogICAgICAgICJQcm90b2NvbHMiOiBbewogICAg
ICAgICAgICAiUHJvdG9jb2wiOiAibW1tIn1dfV19fQ",
{
"signatures":[{
"alg":"S512",
"kid":"MAIY-DC6G-CGKH-H3GN-BL2N-GHVN-5HTG",
"signature":"yWGvlnNlKnAHGDTgYMZtYe_mGvnmnzupiMneOegh
KkOW6hZf-vkTR6AkBhmwM7PZH5xlVpdUe00AHIi0ie7deWnL6K5bEhhLiBBGY_ScB
aVAVqWAkbrfSYehAWvfvCIPyZKzFQYIZ9no0WjGcA-9dSAA"}
],
"PayloadDigest":"eq6Tg7DxnJr8SUf0nchazBLn3FBsYWLvZlAbxW2x
a_FsQ2kkhx5C8NymLau-Hg9_UaP1NM0eS9Nw2CRRcObbpw"}
],
"Reply":true,
"Subject":"alice@example.com",
"PIN":"ADFZ-RDXJ-IICY-KX57-X6LH-ABQY-IBKQ"}}The Mesh Contact Exchange transaction does not provide for validation of the contact information beyond the binding to the Mesh Account Address used to perform the exchange.Contact exchange requests MAY be authenticated by a PIN code. Initial contact exchange requests SHOULD include a PIN code value that can be used to authenticate a response (if given). PIN codes MAY also be exchanged out of band.A MessageContact authenticated by means of a PIN code is authenticated as described in the PIN Interaction section above.A MessageContact message MAY be published as an EARL. This allows contact data to be presented to the recipient on a printed document such as a business card in machine readable format such as a QR code.The GroupInvitation interaction is used to invite a recipient to join a Mesh Group. The interaction is essentially a form of contact exchange except that a sender SHOULD NOT send group invitations unless there is an existing relationship. Thus the 'first trust' issues intrinsic to the contact exchange interaction do not apply.The message specifies the group name and the contact entry for the group. The contact entry includes the CapabilityDecryptServiced used to decrypt messages sent to the group when combined with information provided by the threshold service for the group.Receipt of a GroupInvitation message does not require a response.>>>> Unfinished ProtocolGroupInvite Missing example 12The confirmation interaction consists of a RequestConfirmation message from the initiator followed by a ResponseConfirmation from the responder.The RequestConfirmation message specifies the action that is requested.The ResponseConfirmation message contains the enveloped RequestConfirmation message signed by the initiator and the disposition of the responder, Accept = true if the request is accepted and Accept = false otherwise.The service sends out the following request: {
"RequestConfirmation":{
"MessageId":"NDBB-CHFG-OWNI-2WWK-RJI2-KMF7-6AW7",
"Sender":"console@example.com",
"Recipient":"alice@example.com",
"Text":"start"}}Alice accepts the request and returns the following response: {
"ResponseConfirmation":{
"MessageId":"MBO5-GGWR-XOSQ-M6AO-WRP7-CJWT-V6LN",
"Sender":"alice@example.com",
"Recipient":"console@example.com",
"Request":[{
"EnvelopeId":"MAWU-5FMM-ZN6O-FXE5-TVC4-LO6I-RJ4D",
"ContentMetaData":"ewogICJVbmlxdWVJZCI6ICJOREJCLUNIRkctT1
dOSS0yV1dLLVJKSTItS01GNy02QVc3IiwKICAiTWVzc2FnZVR5cGUiOiAiUmVxdWV
zdENvbmZpcm1hdGlvbiIsCiAgImN0eSI6ICJhcHBsaWNhdGlvbi9tbW0vb2JqZWN0
IiwKICAiQ3JlYXRlZCI6ICIyMDIyLTA0LTIwVDE2OjE3OjM5WiJ9",
"SequenceInfo":{
"Index":7,
"TreePosition":6201},
"Received":"2022-04-20T16:17:39Z"},
"ewogICJSZXF1ZXN0Q29uZmlybWF0aW9uIjogewogICAgIk1lc3NhZ2VJZC
I6ICJOREJCLUNIRkctT1dOSS0yV1dLLVJKSTItS01GNy02QVc3IiwKICAgICJTZW5
kZXIiOiAiY29uc29sZUBleGFtcGxlLmNvbSIsCiAgICAiUmVjaXBpZW50IjogImFs
aWNlQGV4YW1wbGUuY29tIiwKICAgICJUZXh0IjogInN0YXJ0In19",
{}
],
"Accept":true}}Connection of a device to a Mesh Account combines synchronous and asynchronous elements and therefore uses a combination of Mesh Service Protocol and Mesh Messaging interactions.Four connection interactions are currently defined support connection of devices with different affordances:
Witness Authenticated
For connecting devices that provide data entry and display affordances and are connected to a network. The account the device is to be connected to is entered into the device which displays a witness code. This code is then compared with a code displayed on the administration device to authenticate the request, after which both devices can complete the interaction.
PIN Authenticated
A variation of the Witness Authenticated interaction in which the connection process is initiated by creating a PIN value which is communicated to the device by some out of band means and used to authenticate the connection request.
Dynamic QR Code (PIN) Authenticated
For connecting devices that provide a camera affordance. The user sets the administration device into 'add device' mode, causing a QR code to be displayed. The QR code is scanned by the device being connected after which both devices can complete the interaction. Implementation of this mechanism is identical to the PIN authenticated scheme except that the PIN code is presented to the connecting device by means of a QR code.
Preconfigured (Static QR Code Authenticated)
For connecting devices that have been preconfigured with a device profile identified by means of a QR Code containing an EARL. The QR code is scanned by the administration device after which both devices can complete the interaction.
Each of these interactions provide strong mutual authentication with minimal user effort.The witness authenticated connection interaction is intended for use in cases in which the device is already connected to a network. The QR code interactions are intended to provide support for acquisition of networking capabilities as part of the connection process. These functions are not currently specified. The Static QR Code Authenticated interaction is intended to support Internet of Things (IoT) devices which provide minimal interaction affordances.In each case, the objectives of the device connection interaction are the same:
Mutually authenticate the onboarding device and the Mesh such that the connection interaction only completes if both sides acquire the authentic profile of the other.
To provision the onboarding device with the Mesh ProfileAccount, and an ActivationDevice and ConnectionDevice record allowing the device to interact as a member of the Mesh with the set of rights specified by the user.
To create a CataloguedDevice record and append it to the Device catalog of the account to allow the device to be managed within that account.
(optional) to acquire networking capabilities to allow the above to be completed.
The connection of the device to the Mesh Account is achieved through the creation of the ActivationDevice, ConnectionDevice and CataloguedDevice records described in . These are created by the administration device in the third phase of each of the connection interactions described below and acquired by the onboarding device in the fourth phase.The witness authenticated, PIN authenticated, and Dynamic QR code interactions all follow a common interaction pattern. The Dynamic QR Code (PIN) Authenticated interaction comprises four phases as follows:
Phase 1: Issue of PIN credential (PIN and Dynamic QR code only)
A PIN code is created and registered with the PIN Registration interaction described earlier and transmitted to the user by an out of band communication. In the case of the Dynamic QR code interaction, this is a QR code that is scanned by the connecting device.
Phase 2: Onboarding Device Request to Service
The onboarding device creates a RequestConnect message. In the PIN authenticated and Dynamic QR Code interactions, the RequestConnect is authenticated by the Device Authentication key and the PIN issued earlier. In the Witness Authenticated interaction, it is authenticated by the Device Authentication key alone.The onboarding device presents the RequestConnect message to the service by means of a Connect operation to the service servicing the account. This results in the exchange of the account and device profiles and the computation of a witness value from the two profile fingerprints and two nonce values specified by the onboarding device and the service. An AcknowledgeConnection message is posted to the Inbound spool of the account and returned to the connecting device.
Phase 3: Administration Device Acceptance
The account holder authenticates RequestConnect message and uses an administrative device to accept or reject the connection request.If the RequestConnect message has been authenticated by a PIN code, the connection request can be accepted automatically without additional user interaction.
Phase 4: Onboarding Device Completion
The onboarding device periodically polls the service for acceptance of the request by the administration device using the Complete transaction.
The use of the PIN code to authenticate the request message is shown in $$$$. The PIN code MAY be presented to the onboarding device in any format accepted by the device. Administration MAY support presentation of the account address PIN code as a URI code. Administration devices SHOULD support presentation of the account address PIN code as a QR code containing the corresponding URI. Alice> meshman account pin /threshold
PIN=ADFR-TEQU-3HJD-IRND-P4TS-CRBD-NI
(Expires=2022-04-21T16:17:50Z)
The registration of this PIN value was shown earlier in section $$$ The URI containing the account address and PIN is: mcu://alice@example.com/ADFR-TEQU-3HJD-IRND-P4TS-CRBD-NIThe onboarding device scans the QR code to obtain the account address and PIN code. The PIN code is used to authenticate a connection request: Alice3> meshman device request alice@example.com /pin ^
ADFR-TEQU-3HJD-IRND-P4TS-CRBD-NI
Device UDF = MAA3-BQPZ-WWO4-7Q5B-P7AH-FY5C-ATMD
Witness value = HS22-VO5M-JAG4-RQT4-ROHX-PERK-YYCW
The device generates a RequestConnect message as follows: {
"RequestConnection":{
"MessageId":"NCAA-7UYA-TG2C-6XUC-UG3B-4XGT-OBIE",
"AuthenticatedData":[{
"EnvelopeId":"MAA3-BQPZ-WWO4-7Q5B-P7AH-FY5C-ATMD",
"dig":"S512",
"ContentMetaData":"ewogICJVbmlxdWVJZCI6ICJNQUEzLUJRUFotV1
dPNC03UTVCLVA3QUgtRlk1Qy1BVE1EIiwKICAiTWVzc2FnZVR5cGUiOiAiUHJvZml
sZURldmljZSIsCiAgImN0eSI6ICJhcHBsaWNhdGlvbi9tbW0vb2JqZWN0IiwKICAi
Q3JlYXRlZCI6ICIyMDIyLTA0LTIwVDE2OjE3OjUxWiJ9"},
"ewogICJQcm9maWxlRGV2aWNlIjogewogICAgIlByb2ZpbGVTaWduYXR1cm
UiOiB7CiAgICAgICJVZGYiOiAiTUFBMy1CUVBaLVdXTzQtN1E1Qi1QN0FILUZZNUM
tQVRNRCIsCiAgICAgICJQdWJsaWNQYXJhbWV0ZXJzIjogewogICAgICAgICJQdWJs
aWNLZXlFQ0RIIjogewogICAgICAgICAgImNydiI6ICJFZDQ0OCIsCiAgICAgICAgI
CAiUHVibGljIjogIkU1ZUs0cUkzTVlCeDV4cHR6Y254cEhabnZNQWpTbnJIRjhBbm
J5cE4tWTZpZlVHblNfTlQKICBfaXFacmdteURLRERDaUFXSkU0R3A4VUEifX19LAo
gICAgIkVuY3J5cHRpb24iOiB7CiAgICAgICJVZGYiOiAiTUFMVy1RWFg0LUlBREUt
QTRaWS1HUkZWLTdGUlYtNk5NWiIsCiAgICAgICJQdWJsaWNQYXJhbWV0ZXJzIjoge
wogICAgICAgICJQdWJsaWNLZXlFQ0RIIjogewogICAgICAgICAgImNydiI6ICJYND
Q4IiwKICAgICAgICAgICJQdWJsaWMiOiAiWUZ3WmJ6RkNwcmxETk5qSkVsOE5iUDl
BcVZlNjQzQm1OTkF1b2tIRXVHejFWXzYwVHFyUAogIEU3WVktQlZBTU81Uk1PcUR3
R3U3WF9xQSJ9fX0sCiAgICAiU2lnbmF0dXJlIjogewogICAgICAiVWRmIjogIk1CS
zUtSVI0Uy0yR0tWLUZIUlctQkZJNS1SUFJFLUVGT0UiLAogICAgICAiUHVibGljUG
FyYW1ldGVycyI6IHsKICAgICAgICAiUHVibGljS2V5RUNESCI6IHsKICAgICAgICA
gICJjcnYiOiAiRWQ0NDgiLAogICAgICAgICAgIlB1YmxpYyI6ICIwNW5DWExwSjl1
Njh3Q2t1dTRKWjVxTzR0d0o3cTVjaWdPOEJxZzNzX2Z2cXZLcl9SeVk2CiAgMW53Z
2pIS2FzZ09wWWFxY0RXczY4eWdBIn19fSwKICAgICJBdXRoZW50aWNhdGlvbiI6IH
sKICAgICAgIlVkZiI6ICJNRFdMLVNMNEItS1dDVy1XM1hVLTZJS1otUUZPVS1BRVd
aIiwKICAgICAgIlB1YmxpY1BhcmFtZXRlcnMiOiB7CiAgICAgICAgIlB1YmxpY0tl
eUVDREgiOiB7CiAgICAgICAgICAiY3J2IjogIlg0NDgiLAogICAgICAgICAgIlB1Y
mxpYyI6ICJ0dTc0QVZLYUp1ZGRmM1JEcmZ0aWI0a2VtOVN4MGE3czAtQXVKUzNRbE
hIc1d6VllWTmZKCiAgR0c3WF9NN1dKRlpEaFQxTjU0YUU4ZFdBIn19fX19",
{
"signatures":[{
"alg":"S512",
"kid":"MAA3-BQPZ-WWO4-7Q5B-P7AH-FY5C-ATMD",
"signature":"vOufdCB_9HT6I8aarXvmmOyNSl-w-xyJ9lDjAEE7
76793vl1LkEFYsB5bh6ydW6itfx7wtyI5h2AYah4BosKBPeG5qfIVX0bD_BHzH3wm
_pYThtpZRGUd_CLlGIyqZi-dj6pra-RatoCDbBdKIgPCTIA"}
],
"PayloadDigest":"lrcVgAlxiwM7iaclmB4lQO-d1qIYWoilGa2AnxAq
VJOSNHtc8NDZnGwUyg6b6lZlzoVgQRNgOdGQaVqW6sNf1Q"}
],
"ClientNonce":"gZFH1LZNoACm0-x0tg28yA",
"PinId":"ACKJ-BKB3-J77B-G7HZ-DFKS-E26L-NHXW",
"PinWitness":"hv6xvNXOspA9MN4YVkNb58P5Bwr1WCy5OA6gtPxy0LqP-_l
vReHSp1D5MubPtMYnrSrEcGebQrevBGB96ngkZg",
"AccountAddress":"alice@example.com"}}The service receives the conenct request and authenticates the message under the device key. The service cannot authenticate the message under the PIN code because that is not know to the service as the service cannot decrypt the local spool. Having authenticated the connect request, the service generates a random nonce value. The random nonce together with the device and account profiles are used to calculate the witness value. The AcknowledgeConnection message is created by the service: {
"AcknowledgeConnection":{
"MessageId":"HS22-VO5M-JAG4-RQT4-ROHX-PERK-YYCW",
"EnvelopedRequestConnection":[{
"EnvelopeId":"MBHZ-QYVP-T5DQ-FQAP-AWD4-FLMO-ZZJT",
"ContentMetaData":"ewogICJVbmlxdWVJZCI6ICJOQ0FBLTdVWUEtVE
cyQy02WFVDLVVHM0ItNFhHVC1PQklFIiwKICAiTWVzc2FnZVR5cGUiOiAiUmVxdWV
zdENvbm5lY3Rpb24iLAogICJjdHkiOiAiYXBwbGljYXRpb24vbW1tL29iamVjdCIs
CiAgIkNyZWF0ZWQiOiAiMjAyMi0wNC0yMFQxNjoxNzo1MVoifQ"},
"ewogICJSZXF1ZXN0Q29ubmVjdGlvbiI6IHsKICAgICJNZXNzYWdlSWQiOi
AiTkNBQS03VVlBLVRHMkMtNlhVQy1VRzNCLTRYR1QtT0JJRSIsCiAgICAiQXV0aGV
udGljYXRlZERhdGEiOiBbewogICAgICAgICJFbnZlbG9wZUlkIjogIk1BQTMtQlFQ
Wi1XV080LTdRNUItUDdBSC1GWTVDLUFUTUQiLAogICAgICAgICJkaWciOiAiUzUxM
iIsCiAgICAgICAgIkNvbnRlbnRNZXRhRGF0YSI6ICJld29nSUNKVmJtbHhkV1ZKWk
NJNklDSk5RVUV6TFVKUlVGb3RWMWRQTkMwCiAgM1VUVkNMVkEzUVVndFJsazFReTF
CVkUxRUlpd0tJQ0FpVFdWemMyRm5aVlI1Y0dVaU9pQWlVSEp2Wm1sc1oKICBVUmxk
bWxqWlNJc0NpQWdJbU4wZVNJNklDSmhjSEJzYVdOaGRHbHZiaTl0YlcwdmIySnFaV
04wSWl3S0lDQQogIGlRM0psWVhSbFpDSTZJQ0l5TURJeUxUQTBMVEl3VkRFMk9qRT
NPalV4V2lKOSJ9LAogICAgICAiZXdvZ0lDSlFjbTltYVd4bFJHVjJhV05sSWpvZ2V
3b2dJQ0FnSWxCeWIyWgogIHBiR1ZUYVdkdVlYUjFjbVVpT2lCN0NpQWdJQ0FnSUNK
VlpHWWlPaUFpVFVGQk15MUNVVkJhTFZkWFR6UXROCiAgMUUxUWkxUU4wRklMVVpaT
lVNdFFWUk5SQ0lzQ2lBZ0lDQWdJQ0pRZFdKc2FXTlFZWEpoYldWMFpYSnpJam8KIC
BnZXdvZ0lDQWdJQ0FnSUNKUWRXSnNhV05MWlhsRlEwUklJam9nZXdvZ0lDQWdJQ0F
nSUNBZ0ltTnlkaUk2SQogIENKRlpEUTBPQ0lzQ2lBZ0lDQWdJQ0FnSUNBaVVIVmli
R2xqSWpvZ0lrVTFaVXMwY1VrelRWbENlRFY0Y0hSCiAgNlkyNTRjRWhhYm5aTlFXc
FRibkpJUmpoQmJtSjVjRTR0V1RacFpsVkhibE5mVGxRS0lDQmZhWEZhY21kdGUKIC
BVUkxSRVJEYVVGWFNrVTBSM0E0VlVFaWZYMTlMQW9nSUNBZ0lrVnVZM0o1Y0hScGI
yNGlPaUI3Q2lBZ0lDQQogIGdJQ0pWWkdZaU9pQWlUVUZNVnkxUldGZzBMVWxCUkVV
dFFUUmFXUzFIVWtaV0xUZEdVbFl0Tms1TldpSXNDCiAgaUFnSUNBZ0lDSlFkV0pzY
VdOUVlYSmhiV1YwWlhKeklqb2dld29nSUNBZ0lDQWdJQ0pRZFdKc2FXTkxaWGwKIC
BGUTBSSUlqb2dld29nSUNBZ0lDQWdJQ0FnSW1OeWRpSTZJQ0pZTkRRNElpd0tJQ0F
nSUNBZ0lDQWdJQ0pRZAogIFdKc2FXTWlPaUFpV1VaM1dtSjZSa053Y214RVRrNXFT
a1ZzT0U1aVVEbEJjVlpsTmpRelFtMU9Ua0YxYjJ0CiAgSVJYVkhlakZXWHpZd1ZIR
nlVQW9nSUVVM1dWa3RRbFpCVFU4MVVrMVBjVVIzUjNVM1dGOXhRU0o5Zlgwc0MKIC
BpQWdJQ0FpVTJsbmJtRjBkWEpsSWpvZ2V3b2dJQ0FnSUNBaVZXUm1Jam9nSWsxQ1N
6VXRTVkkwVXkweVIwdAogIFdMVVpJVWxjdFFrWkpOUzFTVUZKRkxVVkdUMFVpTEFv
Z0lDQWdJQ0FpVUhWaWJHbGpVR0Z5WVcxbGRHVnljCiAgeUk2SUhzS0lDQWdJQ0FnS
UNBaVVIVmliR2xqUzJWNVJVTkVTQ0k2SUhzS0lDQWdJQ0FnSUNBZ0lDSmpjblkKIC
BpT2lBaVJXUTBORGdpTEFvZ0lDQWdJQ0FnSUNBZ0lsQjFZbXhwWXlJNklDSXdOVzV
EV0V4d1NqbDFOamgzUQogIDJ0MWRUUktXalZ4VHpSMGQwbzNjVFZqYVdkUE9FSnha
ek56WDJaMmNYWkxjbDlTZVZrMkNpQWdNVzUzWjJwCiAgSVMyRnpaMDl3V1dGeFkwU
lhjelk0ZVdkQkluMTlmU3dLSUNBZ0lDSkJkWFJvWlc1MGFXTmhkR2x2YmlJNkkKIC
BIc0tJQ0FnSUNBZ0lsVmtaaUk2SUNKTlJGZE1MVk5NTkVJdFMxZERWeTFYTTFoVkx
UWkpTMW90VVVaUFZTMQogIEJSVmRhSWl3S0lDQWdJQ0FnSWxCMVlteHBZMUJoY21G
dFpYUmxjbk1pT2lCN0NpQWdJQ0FnSUNBZ0lsQjFZCiAgbXhwWTB0bGVVVkRSRWdpT
2lCN0NpQWdJQ0FnSUNBZ0lDQWlZM0oySWpvZ0lsZzBORGdpTEFvZ0lDQWdJQ0EKIC
BnSUNBZ0lsQjFZbXhwWXlJNklDSjBkVGMwUVZaTFlVcDFaR1JtTTFKRWNtWjBhV0k
wYTJWdE9WTjRNR0UzYwogIHpBdFFYVktVek5SYkVoSWMxZDZWbGxXVG1aS0NpQWdS
MGMzV0Y5Tk4xZEtSbHBFYUZReFRqVTBZVVU0WkZkCiAgQkluMTlmWDE5IiwKICAgI
CAgewogICAgICAgICJzaWduYXR1cmVzIjogW3sKICAgICAgICAgICAgImFsZyI6IC
JTNTEyIiwKICAgICAgICAgICAgImtpZCI6ICJNQUEzLUJRUFotV1dPNC03UTVCLVA
3QUgtRlk1Qy1BVE1EIiwKICAgICAgICAgICAgInNpZ25hdHVyZSI6ICJ2T3VmZENC
XzlIVDZJOGFhclh2bW1PeU5TbC13LXh5SjlsRGpBRUU3NzY3OTN2bDFMCiAga0VGW
XNCNWJoNnlkVzZpdGZ4N3d0eUk1aDJBWWFoNEJvc0tCUGVHNXFmSVZYMGJEX0JIek
gzd21fcFlUaHQKICBwWlJHVWRfQ0xsR0l5cVppLWRqNnByYS1SYXRvQ0RiQmRLSWd
QQ1RJQSJ9XSwKICAgICAgICAiUGF5bG9hZERpZ2VzdCI6ICJscmNWZ0FseGl3TTdp
YWNsbUI0bFFPLWQxcUlZV29pbEdhMkFueEFxVkpPU04KICBIdGM4TkRabkd3VXlnN
mI2bFpsem9WZ1FSTmdPZEdRYVZxVzZzTmYxUSJ9XSwKICAgICJDbGllbnROb25jZS
I6ICJnWkZIMUxaTm9BQ20wLXgwdGcyOHlBIiwKICAgICJQaW5JZCI6ICJBQ0tKLUJ
LQjMtSjc3Qi1HN0haLURGS1MtRTI2TC1OSFhXIiwKICAgICJQaW5XaXRuZXNzIjog
Imh2Nnh2TlhPc3BBOU1ONFlWa05iNThQNUJ3cjFXQ3k1T0E2Z3RQeHkwTHFQLV9sd
gogIFJlSFNwMUQ1TXViUHRNWW5yU3JFY0dlYlFyZXZCR0I5Nm5na1pnIiwKICAgIC
JBY2NvdW50QWRkcmVzcyI6ICJhbGljZUBleGFtcGxlLmNvbSJ9fQ"
],
"ServerNonce":"TxNcq2rNIK8BgGbwmyCcBw",
"Witness":"HS22-VO5M-JAG4-RQT4-ROHX-PERK-YYCW"}}The AcknowledgeConnection message is appended to the Inbound spool of the account to which connection was requested so that the user can approve the request. The ConnectResponse message is returned to the device containing the AcknowledgeConnection message and the profile of the account. The device generates the witness value, verifies it against the value provided by the server and presents it to the user as seen in the console example above. The user synchronizes their pending messages: Alice> meshman message pending
MessageID: HS22-VO5M-JAG4-RQT4-ROHX-PERK-YYCW
Connection Request::
MessageID: HS22-VO5M-JAG4-RQT4-ROHX-PERK-YYCW
To: From:
Device: MAA3-BQPZ-WWO4-7Q5B-P7AH-FY5C-ATMD
Witness: HS22-VO5M-JAG4-RQT4-ROHX-PERK-YYCW
MessageID: NDBB-CHFG-OWNI-2WWK-RJI2-KMF7-6AW7
Confirmation Request::
MessageID: NDBB-CHFG-OWNI-2WWK-RJI2-KMF7-6AW7
To: alice@example.com From: console@example.com
Text: start
Alice> meshman account sync /auto
The administration device determines that the device connection request is authenticated by a PIN code. The PIN code is retrieved and the message authenticated. This is shown in the PIN registration interation example in section $$$ above. Bug: This command is currently showing superflous pending messages due to the failure to clear messages processed in earlier examples. The Cataloged device record is created from the public key values corresponding to the combination of the public keys in the device profile and those defined by the activation. This is returned to the onboarding device by wrapping it in a RespondConnection message posted to the local spool of the account. {
"RespondConnection":{
"MessageId":"MCXK-BPYI-YM5Y-N4LL-SFZV-FXIC-AHX2",
"Result":"Accept",
"CatalogedDevice":{
"DeviceUdf":"MAA3-BQPZ-WWO4-7Q5B-P7AH-FY5C-ATMD",
"EnvelopedProfileUser":[{
"EnvelopeId":"MAMQ-ETEA-JBL3-6UKE-LRNT-DGC3-OIDF",
"dig":"S512",
"ContentMetaData":"ewogICJVbmlxdWVJZCI6ICJNQU1RLUVURUEt
SkJMMy02VUtFLUxSTlQtREdDMy1PSURGIiwKICAiTWVzc2FnZVR5cGUiOiAiUHJvZ
mlsZVVzZXIiLAogICJjdHkiOiAiYXBwbGljYXRpb24vbW1tL29iamVjdCIsCiAgIk
NyZWF0ZWQiOiAiMjAyMi0wNC0yMFQxNjoxNzoxN1oifQ"},
"ewogICJQcm9maWxlVXNlciI6IHsKICAgICJQcm9maWxlU2lnbmF0dXJl
IjogewogICAgICAiVWRmIjogIk1BTVEtRVRFQS1KQkwzLTZVS0UtTFJOVC1ER0MzL
U9JREYiLAogICAgICAiUHVibGljUGFyYW1ldGVycyI6IHsKICAgICAgICAiUHVibG
ljS2V5RUNESCI6IHsKICAgICAgICAgICJjcnYiOiAiRWQ0NDgiLAogICAgICAgICA
gIlB1YmxpYyI6ICJuaTg1UWphTTh3VTV2Um9LbXdueEQwRjljNFNLMzAzTWswR2Fk
NVdsSjhoZ0JpWVd3OW9OCiAgem1pMzJzdzhYQW1lcjZVTTBTb1RjMjRBIn19fSwKI
CAgICJBY2NvdW50QWRkcmVzcyI6ICJhbGljZUBleGFtcGxlLmNvbSIsCiAgICAiU2
VydmljZVVkZiI6ICJNRFNLLUVVSFMtUVhHRC1MS09GLUFWQzctVjJSSC1MVjZaIiw
KICAgICJFc2Nyb3dFbmNyeXB0aW9uIjogewogICAgICAiVWRmIjogIk1CWlAtV1pB
Wi1CNktRLU1ZWVAtSDdLRC1WVkJBLTdUNlUiLAogICAgICAiUHVibGljUGFyYW1ld
GVycyI6IHsKICAgICAgICAiUHVibGljS2V5RUNESCI6IHsKICAgICAgICAgICJjcn
YiOiAiWDQ0OCIsCiAgICAgICAgICAiUHVibGljIjogInRSODVSQ3FXdjgtWDVCazB
OVTRFVmxqUUZKNTg1Rk5FM1p3eVd6WFNWdEpIaXgwRlo3aloKICBRN3hnOXV1cnc4
S09LbDVNMFVXN0xMT0EifX19LAogICAgIkFkbWluaXN0cmF0b3JTaWduYXR1cmUiO
iB7CiAgICAgICJVZGYiOiAiTUJEVi1YWE5ILTJSVUItUkJNWi01Tkc3LUwzQ0QtM1
RIViIsCiAgICAgICJQdWJsaWNQYXJhbWV0ZXJzIjogewogICAgICAgICJQdWJsaWN
LZXlFQ0RIIjogewogICAgICAgICAgImNydiI6ICJFZDQ0OCIsCiAgICAgICAgICAi
UHVibGljIjogIkhVd040UlZoR2N6RmxPbTJiRGNldnZWWXlkNmdqZHEzM1FxVjhVc
TM5ZEdhc1J6UW45X1AKICBWZ0NCUklfOE1qaXZlclRLZGFhRUkzMkEifX19LAogIC
AgIkNvbW1vbkVuY3J5cHRpb24iOiB7CiAgICAgICJVZGYiOiAiTURQUi1GSlZXLUd
LNVotMkxKQS1MTVlWLVhTQ0gtSEUyQyIsCiAgICAgICJQdWJsaWNQYXJhbWV0ZXJz
IjogewogICAgICAgICJQdWJsaWNLZXlFQ0RIIjogewogICAgICAgICAgImNydiI6I
CJYNDQ4IiwKICAgICAgICAgICJQdWJsaWMiOiAiNTVqVWttcW4zZ3dHMGIySHpEVn
UzSGxmNXNPNkdnVmxqX3ZhWUZ3QUVrc0RjTXkzd3l2VQogIHd0OW9qa2VVS1Q2MzA
0RHdmcmgtVXc4QSJ9fX0sCiAgICAiQ29tbW9uQXV0aGVudGljYXRpb24iOiB7CiAg
ICAgICJVZGYiOiAiTUJWSS1FV0xPLUVJN0otT1ZBSy1HR1pILTZZSFctWkpTVSIsC
iAgICAgICJQdWJsaWNQYXJhbWV0ZXJzIjogewogICAgICAgICJQdWJsaWNLZXlFQ0
RIIjogewogICAgICAgICAgImNydiI6ICJYNDQ4IiwKICAgICAgICAgICJQdWJsaWM
iOiAiZlRVM1RlQjEtN0s4U1pwbzR0UXhaUHBKQWItX2QzTklkSmhsa3hXYWlab2dK
UkVLOWFkUAogIGY5S25zNW1xcjExVVRUb0lNaHpmZEphQSJ9fX0sCiAgICAiQ29tb
W9uU2lnbmF0dXJlIjogewogICAgICAiVWRmIjogIk1BTVAtQlg0Ry1BS0syLVlIUE
EtSVhKVi1aMktWLVVYQlciLAogICAgICAiUHVibGljUGFyYW1ldGVycyI6IHsKICA
gICAgICAiUHVibGljS2V5RUNESCI6IHsKICAgICAgICAgICJjcnYiOiAiRWQ0NDgi
LAogICAgICAgICAgIlB1YmxpYyI6ICJZNi1EMkRiYktsYVZYdkc1WlF3ZUxkNV9rU
DFFQ0FDUjQwYkRtcGctWTRLczkyRk5lLXV5CiAgc1dVck1fTG1RS09JUGpqcjVMOE
5PQkVBIn19fX19",
{
"signatures":[{
"alg":"S512",
"kid":"MAMQ-ETEA-JBL3-6UKE-LRNT-DGC3-OIDF",
"signature":"FOqGS7sd-l-iXeW0NnWOIUbmJxw0SLBHk_F4VY
ya8AIu23JVKebgbH-MtSAK_-0FVuXyWcRUdT8AsHeGljsGe7Y9tN4q_NT8tIASs9Z
sZa4HXUyAB3vOzMuSO6wi5bHehc-zWhkEPZhvdiBMcizkODYA"}
],
"PayloadDigest":"pbnx3FGeWuZWOrANRD5vo3UYnkZRpHGmpLwSWV
JnsNZ4SFe4qVn-hfNrZ557hnJhp4aD7EN2p6B7IVNMmuK_9w"}
],
"EnvelopedProfileDevice":[{
"EnvelopeId":"MAA3-BQPZ-WWO4-7Q5B-P7AH-FY5C-ATMD",
"dig":"S512",
"ContentMetaData":"ewogICJVbmlxdWVJZCI6ICJNQUEzLUJRUFot
V1dPNC03UTVCLVA3QUgtRlk1Qy1BVE1EIiwKICAiTWVzc2FnZVR5cGUiOiAiUHJvZ
mlsZURldmljZSIsCiAgImN0eSI6ICJhcHBsaWNhdGlvbi9tbW0vb2JqZWN0IiwKIC
AiQ3JlYXRlZCI6ICIyMDIyLTA0LTIwVDE2OjE3OjUxWiJ9"},
"ewogICJQcm9maWxlRGV2aWNlIjogewogICAgIlByb2ZpbGVTaWduYXR1
cmUiOiB7CiAgICAgICJVZGYiOiAiTUFBMy1CUVBaLVdXTzQtN1E1Qi1QN0FILUZZN
UMtQVRNRCIsCiAgICAgICJQdWJsaWNQYXJhbWV0ZXJzIjogewogICAgICAgICJQdW
JsaWNLZXlFQ0RIIjogewogICAgICAgICAgImNydiI6ICJFZDQ0OCIsCiAgICAgICA
gICAiUHVibGljIjogIkU1ZUs0cUkzTVlCeDV4cHR6Y254cEhabnZNQWpTbnJIRjhB
bmJ5cE4tWTZpZlVHblNfTlQKICBfaXFacmdteURLRERDaUFXSkU0R3A4VUEifX19L
AogICAgIkVuY3J5cHRpb24iOiB7CiAgICAgICJVZGYiOiAiTUFMVy1RWFg0LUlBRE
UtQTRaWS1HUkZWLTdGUlYtNk5NWiIsCiAgICAgICJQdWJsaWNQYXJhbWV0ZXJzIjo
gewogICAgICAgICJQdWJsaWNLZXlFQ0RIIjogewogICAgICAgICAgImNydiI6ICJY
NDQ4IiwKICAgICAgICAgICJQdWJsaWMiOiAiWUZ3WmJ6RkNwcmxETk5qSkVsOE5iU
DlBcVZlNjQzQm1OTkF1b2tIRXVHejFWXzYwVHFyUAogIEU3WVktQlZBTU81Uk1PcU
R3R3U3WF9xQSJ9fX0sCiAgICAiU2lnbmF0dXJlIjogewogICAgICAiVWRmIjogIk1
CSzUtSVI0Uy0yR0tWLUZIUlctQkZJNS1SUFJFLUVGT0UiLAogICAgICAiUHVibGlj
UGFyYW1ldGVycyI6IHsKICAgICAgICAiUHVibGljS2V5RUNESCI6IHsKICAgICAgI
CAgICJjcnYiOiAiRWQ0NDgiLAogICAgICAgICAgIlB1YmxpYyI6ICIwNW5DWExwSj
l1Njh3Q2t1dTRKWjVxTzR0d0o3cTVjaWdPOEJxZzNzX2Z2cXZLcl9SeVk2CiAgMW5
3Z2pIS2FzZ09wWWFxY0RXczY4eWdBIn19fSwKICAgICJBdXRoZW50aWNhdGlvbiI6
IHsKICAgICAgIlVkZiI6ICJNRFdMLVNMNEItS1dDVy1XM1hVLTZJS1otUUZPVS1BR
VdaIiwKICAgICAgIlB1YmxpY1BhcmFtZXRlcnMiOiB7CiAgICAgICAgIlB1YmxpY0
tleUVDREgiOiB7CiAgICAgICAgICAiY3J2IjogIlg0NDgiLAogICAgICAgICAgIlB
1YmxpYyI6ICJ0dTc0QVZLYUp1ZGRmM1JEcmZ0aWI0a2VtOVN4MGE3czAtQXVKUzNR
bEhIc1d6VllWTmZKCiAgR0c3WF9NN1dKRlpEaFQxTjU0YUU4ZFdBIn19fX19",
{
"signatures":[{
"alg":"S512",
"kid":"MAA3-BQPZ-WWO4-7Q5B-P7AH-FY5C-ATMD",
"signature":"vOufdCB_9HT6I8aarXvmmOyNSl-w-xyJ9lDjAE
E776793vl1LkEFYsB5bh6ydW6itfx7wtyI5h2AYah4BosKBPeG5qfIVX0bD_BHzH3
wm_pYThtpZRGUd_CLlGIyqZi-dj6pra-RatoCDbBdKIgPCTIA"}
],
"PayloadDigest":"lrcVgAlxiwM7iaclmB4lQO-d1qIYWoilGa2Anx
AqVJOSNHtc8NDZnGwUyg6b6lZlzoVgQRNgOdGQaVqW6sNf1Q"}
],
"EnvelopedConnectionAddress":[{
"dig":"S512"},
"e7QRQ29ubmVjdGlvbkFkZHJlc3N7tA5BdXRoZW50aWNhdGlvbnu0EFB1
YmxpY1BhcmFtZXRlcnN7tA1QdWJsaWNLZXlFQ0RIe7QDY3J2gARYNDQ4tAZQdWJsa
WOIOSNDtOvoZdilp0s3BTEoNwiSeNFDS6fgsm1L562PMYIp9BvcFfw3bmZ5u3e56H
OMu23pigwo4Xw5AH19fbQHQWNjb3VudIARYWxpY2VAZXhhbXBsZS5jb219fQ",
{
"signatures":[{
"alg":"S512",
"kid":"MBDV-XXNH-2RUB-RBMZ-5NG7-L3CD-3THV",
"signature":"lOsc7e_m2hYgaUEGWInfYztPwhpICudfCGR1H2
UpRV0KH0SwVpYTnIWX-IuYXMo995PmWEDtYUiAjNmxO-rcC2BhHIW_BGU4YAtVZI8
cNAgvHOFmDe_wHzEoHce8OruvdQ-lbcZd_fuVjkdHundi1h4A"}
]}
],
"EnvelopedConnectionService":[{
"dig":"S512",
"ContentMetaData":"ewogICJNZXNzYWdlVHlwZSI6ICJDb25uZWN0
aW9uU2VydmljZSIsCiAgImN0eSI6ICJhcHBsaWNhdGlvbi9tbW0vb2JqZWN0IiwKI
CAiQ3JlYXRlZCI6ICIyMDIyLTA0LTIwVDE2OjE3OjUyWiJ9"},
"e7QRQ29ubmVjdGlvblNlcnZpY2V7tA5BdXRoZW50aWNhdGlvbnu0A1Vk
ZoAiTUQ0TS1FTEozLUVNN0ItVlZGRC1KRFBCLTdHT1AtT1FJS7QQUHVibGljUGFyY
W1ldGVyc3u0DVB1YmxpY0tleUVDREh7tANjcnaABFg0NDi0BlB1YmxpY4g5I0O06-
hl2KWnSzcFMSg3CJJ40UNLp-CybUvnrY8xgin0G9wV_DduZnm7d7noc4y7bemKDCj
hfDkAfX19fX0",
{
"signatures":[{
"alg":"S512",
"kid":"MBDV-XXNH-2RUB-RBMZ-5NG7-L3CD-3THV",
"signature":"wzlcBCqylNLld9M66FWuY2qaUmUarO7Yam6ERb
iZ0A-Ugo4CALcEVTKLkM8TCy1wApS4mtYJaYAALgDjm-swIPwu2XW1yBWJG-RnLEQ
ydgSh6d0q6Rt3owHgYKDtzrSiJ_byiDUC7BtdDgz9RSqkbQ8A"}
],
"PayloadDigest":"vYf454z3M4ZljOqIwzvMaVDSbyD-kQ3FZJRD6C
T_oYFy7fryxi-JQTp9rWU2h8UcsjgA1VS8jeF7ZY3cjYl2Uw"}
],
"EnvelopedConnectionDevice":[{
"dig":"S512",
"ContentMetaData":"ewogICJNZXNzYWdlVHlwZSI6ICJDb25uZWN0
aW9uRGV2aWNlIiwKICAiY3R5IjogImFwcGxpY2F0aW9uL21tbS9vYmplY3QiLAogI
CJDcmVhdGVkIjogIjIwMjItMDQtMjBUMTY6MTc6NTJaIn0"},
"e7QQQ29ubmVjdGlvbkRldmljZXu0DkF1dGhlbnRpY2F0aW9ue7QDVWRm
gCJNRDRNLUVMSjMtRU03Qi1WVkZELUpEUEItN0dPUC1PUUlLtBBQdWJsaWNQYXJhb
WV0ZXJze7QNUHVibGljS2V5RUNESHu0A2NydoAEWDQ0OLQGUHVibGljiDkjQ7Tr6G
XYpadLNwUxKDcIknjRQ0un4LJtS-etjzGCKfQb3BX8N25mebt3uehzjLtt6YoMKOF
8OQB9fX20BVJvbGVzW4AJdGhyZXNob2xkXbQJU2lnbmF0dXJle7QDVWRmgCJNQkFD
LTVSVU4tNVpZSC1CWVJILVJGTE0tT01NSi1ZTUZStBBQdWJsaWNQYXJhbWV0ZXJze
7QNUHVibGljS2V5RUNESHu0A2NydoAFRWQ0NDi0BlB1YmxpY4g5qTxrxXDgAwIc2r
ULk3yjVLsqjDv6cd3CoPyhfB2g2yS9mG2BYN3cHptX-5wjgPksRW2lrLGSt2UAfX1
9tApFbmNyeXB0aW9ue7QDVWRmgCJNQllQLTJRTkctSUkzNC1NVkJKLUUzREQtSk1V
Uy1LUlUztBBQdWJsaWNQYXJhbWV0ZXJze7QNUHVibGljS2V5RUNESHu0A2NydoAEW
DQ0OLQGUHVibGljiDn4tysVgdXulShZAzpKeVaEPT6YI9YrlRwCMN0xnx8czTX8Zx
73E6j5muo-DFWjZRmvT5f_Ma-m_YB9fX19fQ",
{
"signatures":[{
"alg":"S512",
"kid":"MBDV-XXNH-2RUB-RBMZ-5NG7-L3CD-3THV",
"signature":"xm5EIDcUvKJkP3cpdiV85mPygKSW4C_4P440Fw
oOgzA-Y1IPxh1n_uYmx1Rr6FH7SrTDAZgkgcQAIl17pmwnTt6z-14iolJjKanphGO
W9ukYzFqJhISIH9IqS0YZFYAxAR04zgZRnVzgX-wPPDFmVzcA"}
],
"PayloadDigest":"k8kjkIqoYDGcg-kLa6UkLuIEP1bL15gkmUUCf7
bMYXYbC-LcymtnjLMqiUOpWjXPlPCwZkeG6iUmvd3OZoktuw"}
],
"EnvelopedActivationAccount":[{
"enc":"A256CBC",
"dig":"S512",
"kid":"EBQP-6TAN-BTZW-ASDU-VEC6-MFRR-IJWG",
"Salt":"tXA2e3ZNixmurZ-it2J6KA",
"recipients":[{
"kid":"MALW-QXX4-IADE-A4ZY-GRFV-7FRV-6NMZ",
"epk":{
"PublicKeyECDH":{
"crv":"X448",
"Public":"-QKmVKReKKmKkvdonFRJAnEGvT1Qgp8e0_qZq
-UE0GkEi8zglCyuJ0ai8nKlRedPLagxu_HodpWA"}},
"wmk":"XzQkcZcOZtfC3N1gWPL3pHVc7Qt_hUHjxRD8xioD0qk_
O5XaBG_xNg"}
],
"ContentMetaData":"ewogICJNZXNzYWdlVHlwZSI6ICJBY3RpdmF0
aW9uQWNjb3VudCIsCiAgImN0eSI6ICJhcHBsaWNhdGlvbi9tbW0vb2JqZWN0IiwKI
CAiQ3JlYXRlZCI6ICIyMDIyLTA0LTIwVDE2OjE3OjUyWiJ9"},
"E0DRm1t6ESGAXqKtSTn93qShYVVWCBcH1mlGJNasyCsIU8UQukuGP-ih
V3MeXe9bgq-0_E4yH-53437MTWM_uF33wjPTBexXgvr7w0pM4rZ7YVKOmyJ2vo5-x
PgAAePJwfRCbsyvGIsyN8YW-c8PifFkWntFh4Es_cWnKw-tXjeMcdWjtu1KJxekNQ
Cl1wxiMk7HIthQtCQwk2A-JWXQWaXCgOmKtjcl-1V4hR52jpUSiYuLNsRXbXJAkrN
rZFaG",
{
"signatures":[{
"alg":"S512",
"kid":"MBDV-XXNH-2RUB-RBMZ-5NG7-L3CD-3THV",
"signature":"nay6TKbcxU0VmQ7rJVoN_m89pMMlpnKl1lC_-N
OzKT2mZDPgr7Q5MNwXWigJOngiHcpb_YH2hsuAsVpmwHem5gcuJ378S9UOwKXmgxg
WKLwkDsAEr3IRqd0LTF0yWqwJ7RpVo-BokZR9xDg0JJxbhyUA",
"witness":"8cKBTOqU3sGJf_4c7OrpCwar8KKIu6nnw2cvXf3a
Uzw"}
],
"PayloadDigest":"pDEQGRMpuD0EDYGR_-oxzvovyaQG_uZA9nqexr
5e8pC1Ha0yu_4pxuQQhAJep2SEfVR2Zs4vqcgsnFY8O5D_3A"}
],
"EnvelopedActivationCommon":[{
"enc":"A256CBC",
"dig":"S512",
"kid":"EBQA-ZOOA-J2XX-OHXS-NQHE-ILCE-25HL",
"Salt":"He9EoaV4uTzQ25Nsg_ln8Q",
"recipients":[{
"kid":"MBYP-2QNG-II34-MVBJ-E3DD-JMUS-KRU3",
"epk":{
"PublicKeyECDH":{
"crv":"X448",
"Public":"GxSFbVOVBE0DIipxDZtGHwxcX8GSewnZPexv0
ceJMTZEgU1etKaS34ZQ5xzgNvnMLo5sw0xl__uA"}},
"wmk":"gkANisn2V3yx3tvibNs7qix0IqlQKuRUaHDp-VNBxbr_
u9u_4ZdnAw"}
],
"ContentMetaData":"ewogICJNZXNzYWdlVHlwZSI6ICJBY3RpdmF0
aW9uQ29tbW9uIiwKICAiY3R5IjogImFwcGxpY2F0aW9uL21tbS9vYmplY3QiLAogI
CJDcmVhdGVkIjogIjIwMjItMDQtMjBUMTY6MTc6NTJaIn0"},
"9oiSbsWFv4Si3bH3IBrWJGWRf7lVk9eiGoPh2exMS7FRERkTdonOFcp_
7DtkVJ8VfArm-zOMFKQL-0MnNFOmUupHH-1v-8nKegFPOKCApz8ApB6vOlOWdaExm
TKGmKuXoikgBhzJGPD18eeTxEGrPRtCNnQJ4eRMbY45f4p5bFZ0x02WFa53-tSJK3
zFnNcswsAMOvlc8bvUcQ7qUNhrju9QlV7-x5AzPyUaXOIXrHLE1G6sbUueaqKSTgn
8hTmcYpJ3MiCkz7rSPwMghsf9qyRdWOIEQ879LAE-yZuSF7hkNeMdNICvn6bA_T9b
2WRzZeVgES9fZVJJOPb1DlQxcmXRuwmj4WcuHp-wrW0xgjF1a3GjyEqFemHFUMOJw
h1QLyLUOrdHfuCN6Er2KjBvbH1p5fNBz7Nym-NcDlSZbUy-TmjDfLW4HCCn2pBXyl
uXxNTtDRryyUE9Z1q7HV9PhOO3HURvDflLRPXQLSrrzuZwSPotfbRA-WymJtLuBtF
IOBLJEx09LvqK-XyIPJdk9ari86PyKF_wCoh1ps1fLDN4oc5ko3Qb_7iBJRYiNMnJ
dJ9lCPDFNMPUMkOK50xa-jRHlX2bUxM4Rycc9T3vsOQqq5k30h18czw6wBgb9TzV_
33wYqh01lqcEgrG0uXVU057gvEe9-2_-GuaJgiqpYaceo3i9E0IBMsrmUXWhMpfl4
rESUjHN3pSgRPDjrfPyHKW4MXuETj8MN6RBuPRdwQW0oBk9f9NpnOKFxQqWkRXVNW
c3Z2Yi-iu77A_5QrOQvIocXhcuC8J4It4wgt6HE18EBhrEGo0htYiXMllDQ8oAAhk
SceNWzrulxjmz1D0lSA4C5J-km9MsW8IjzJgaGwENj0al9m8E5mULlZmccLBlHQYp
BdAfxEZybuuELs9v3sB9CE6TtusJrTgYFkR-WITknMIALGF7dcqWcv-i3k-NqOkIp
XIVIvjyJWyfbdnJ8ocrGA-xZLNCkoxEJC4TBW0Fqh1cWmM2ENOjSfQ1o1yQm_5MMW
_P5OLpvAjD71WqPJeVsjOkVHQqPtZG8oQIeJQ7-QtTPFEVfrvroNlXdvvyLYWq4ma
EzG0e4ZX_wNe37lWq_pdzpCNKNCTLaUbc_z_SoVqU7RNNuwAbBqXG2wVU2LU2VSrU
qcRKV1sitN4TL9YuVOeH6EUZ42koHTSRhrbHgkbsemh6lc0G_XLJGIcETxmBLi9k4
nriSSeBOb4L_GOoy8uo9GRDzdOFan-GomVDUa8cIQXx0BJ52V_xuqjx3jBHQcsbTX
8GtIOl4072HbcNryM6z9k6nVxKgcbRlj_feDcDf1-KXT6FC1ojPnGAr1gL8C8mZYv
657H5rmGbf-dsGuixfW1zyP4IxOTzwMTYv6E4o6YvTPydm1sEHleshXIn-T3UUNGX
bhIdvcsKNaFLukS8-rYpf-1ms8_U7qyn1na8sff7K3P3d7biLZrsIdoILBqveRdCI
2irOBE1oobNpezWMHMO4j5jN1ihhvky-um112AwKIcUvgwtlg-7wCkgcEO54FNbDh
NP2yf7-BZI-NPlB_chFXiyxMObXyyUbTzZ8vV0AjBsZ3bzshR9m4fN2agluqfFg1r
9fsZr_WIr-bvHk2MF11v-hp_4NF6Ga9kppgfHYZr0Cdnff2-ocP8e5kzD4ybYmqvZ
dGm22AbUZP3UKmK4G-zM80AHJJQoCxfVYyETaEcSRyhyiEs9sJHIKvSUO2VE9nmkb
h0ZAH1TUdWJnBzmW4cmGA5g2CpD-4oiF_4XFf7i7oIoz_rrgVTWQE_p0E9fJmo_Mv
lbSb7WmOzTnaFBgMCDRyZDTcsjXpkHX9n0FLDVNbnVcMvsV4DaP6R773CE3V2YowL
JYLiu3BkTUf8yKLrPEk1vVH1nyBk-TVPodAlqOzEOVyfSDG3KxxE5l1k553ENPlys
C-O4rmrkraKhh9tz51i6Uk86oAkzUztwrHVrvrg4vWIIqNKW6a0pH6ITGCAGu72qW
8RfCE8xqQrG0Xq2gWKopAIqb-jtVrY41sEge3Tn0N9DxgKu_7FJovyA2UO5Sq_-BI
ZzY28tpgnYnVsz5zR2JReacy1rBthkI18_iOSUHPqN87ltfWLWWtiehHWG_AellNs
Ou6_o1jsx5iRkI1ppPXio7EKpNd7gISZaT2iCaWylcrxCQPHu_TDmGDhCE93WF6pa
mfRYU4gKN1aAVIcJLSJSJlp7k72AxJcKFfyxLvBdJZeXZ_JbpWLyprX1nayuuMYv9
rAQDiAN3MuoyzwzyTyOecM0dwK4RLADs9QsriTVvTVLUGlw-qV2wGua66JqsMIF5B
PEalc1G3_K-hV_VrPKWxCOCtBB8-Y0qJcUMjRFXlGElwZ8VrANX7b9_ynEUjg9H1l
_1leuw1yay2iyqEw369HNC_jcGbi6MoqyIR4uVuyI59nWY5VXI7vn8sYqNBr8zuZR
MJY1yqcWvoUoeiuHZpU5yxOrSdMA-iGyy5NqtBrMdmP42co8xLCj1SjXi9XcpjP8N
d3Z695iumU8YEOOY6fm6_EfDA390e8X4AJZ25FkvUPBI6YQT8NR0lqZrgwIF1FaPj
Wlk9M3IrGMlrnH2FJDH-X8rEFCJJShxSD6sipr-eCTATgMIdPteXWgHo2WAVGrBwd
pHJ3lQsAIju3fy7TEto45RveVo2mTIrxdqvlddiGehLNMmm-0i_TlIYe8TcIorP8m
c6lOhL8InRrCLruR_PAH-gbwWnfZ1qBviaRnoSzoAyyVm9Q443kF5KxC-If_Hj5Jj
TEqRJm7PADg2h44rFrz3TOHNCqDnVOxaj_tHB_L9l5sxbufkoMBxfT9DVbr8ao8WO
yq-g1l0vk38aG5s3Bq7T5XVvoawcxE2030yQ2vPKUSj6XFBijpxwXWTN4_LByHt3_
oRWRngOIjV2yvjSodZjPn4lwlPhpkvAwVWHeGdoS1w86itxSs5KgDKzHL7jWbMRxi
1-1pD689M5pHPsX5ok61ik0q1N3eBA3InJKFfQWeycimqv7OxsxC5HtDP7y9ny176
Z5nEIDr1M6OzQY19bKGaPTLCgjLznBuA744LgMMZSJEQeG2G0u_Li0hyWFJ8b7HrZ
N-KcuXjsmeuNIJEObEzICz6JeXQeIWWRwk_W6TTOfAT8SO6K-ir11NsxPAt7DKFCp
mqGAeENrk6TL8Lvb47l1tCLAprBX2BXa9zITPPhOrxkChxBJdwNH0K8Y8ZE0tCYpW
8E5PvRKdZt7R7CnFK4jzqM0MHwEdRU9QHXhSZC2LsYxMoAWlI4ukmwtJJaXFdnfJR
jBB7S_7G9iaEcIOU5nBMk1hDfEH9cQtHvW6ata5ky6DBx6fEyFxilROAC2GMPv3ye
FyjJcX6sf7ryCrqp2CY5cgXAIk95L8_QXwDX1TmHkj2v-0nojlya6ZIHyHF89wUhp
FEY8DalGkuetrXut7CzJeX969Gb0Qm0Ij9KCp5gFiwXgoPpbY7GUNSseflN8JjNOf
X6k_8PXtXB0FyCSsjQuU-C-OOPXJTdSsAzDGV-QB2juuw0fnIXpvfQNqbUBKy13jm
zeU9V1BkjzelPtximZsR5Ml9m13KvrV7MV9VHtU2l0VHIsUmZYW7bojOoPhyItTtB
_ED7wgR9Z5NB0rpAwHE56w45SemmYTg7nZM9AoZuqyQSmulaYJHfPAmkCDhVloH-F
DcoYYwK6LI3ibxLM6zhRgJzb9-VubSdYmrhi1sYoKFsBTkn5D1dV6oympGUx45uBL
-DG-lYAGS199dq3K91kyOFEZ1tgG1BBKPlDO5ZB7rzLQWdUe-DRq84yq3qJf2Qej-
nU1K4MsqFvbEsgtWVjZ5XT4Nmu9QJxMwFUzY8PMVK34NkOqGepyUo9zXf-2PAGGAy
45TQmwNEvitjOc96uMTDJkf4nZINvH0B0BsTftPyO1_QYuikC2qRv3waCZl3W6-R9
bQpKiTp2AwmmDZs9RBGes7EVx3Av9Fxf06qbAOtXH_uLDl9gbHnwSKV7Sr3Z7vCYH
-iXjhzOchYf0xCysXPV_pJBueYEJiu6rgRxfjZ-IkXuIbpU4w0kX3f-wnkyZc26L-
4zuf-liB3x1oxTe0ww1Sid5sceH1cB5JBoEAofo5ciRX84Lropx43mnOM8wQuEIUh
8ST6MsLxdfVIM_X7gxhyQ2hgOoluiFOQX28VtlQY3HmgjHTKWqma3rBOpkmDtkzDh
9JY11fQ0vYYzYWGg8X0iU24X8dawj6xf5dE7_E1ejEVsTrD2FZT0WropndhyEjg5G
fMCYsnnh9V0jU1nHNNtNRFTvpLj-wOgLRGKeU_hZ65gHsT3N4PoIPWSuaD_uNkrYm
FreVJngAVn-7KsRVXphZ38M-tDvoUct5-63FOEcuzKT-EYrNtAO5o3Akctl3SpaOV
6YLkyvrwycxw0nGew-XWvnfGcCi7srh27T4h01zc7A3oF6hbJTUFBULFokjVzP7Nj
3iGW0gOUHMONLrdItB8HSOHXIN8H-c7YI7mZQqNpS6plMgACbhKy9IAYBs9JruoOb
sCsogur8rKvTAmZQM9m-sfn6hEv2ML1NktzZOCJiJ5xugc_zOyOQgCxpWMs7Qxui5
GaDh4c7je6WytdnPpv1HhW_CUYkc_EJKnL4GKf0-D0Y3KHdhvVCMefkOQ0ZNplR25
QtCJs_Mj5ODN1p-2XQWsP-88AwZLT-7v70CNMmjpvYYkYkNf1LPVYFcsfkOyLZIzz
pebJHbRl07i5FnmKrMBHRSZZR0UChs66t-fMi_fn6CQJNMw-XiMJqcWeqLPfy48On
ECAjiZ18_MPiHfJkyNZzOzeX4eDNjDBFf0lkhdeS-DiQGhAHW9CxJvP5S2vjdBPVx
GaDaJNpI3x_EOjee8JS-SHvg4Ib0Kwzg1h288_VWFrXbex3WLGjgA6vAMCy8dZbgJ
_vcO3G-ItqtStRSeZToL4cr28xFBR8CGi4YX5eb-l6ddU5CE5SLQLgwpbNjhe4vTd
JW0jYShp9sja26AUXH9sNah7vCbdAULCUmMvU_j5sbur04gecWuiwzh5QRGQ4XF4p
j9Sy4CI1qF28BYrNBtEAymGEukDG8Acx6KUNYNCqoFKTF3ySOSCobyuWe8JtSkUDi
yRnkLUTEPo-5PeRAHxbc1e2fBPSYbrshKA3av_2BZggq1uREg0NMrff9Cr2-MUwgI
MUVwpabycISEPomWhMDsx5CG9AW8EWd5rzAM4ddpqSuI1tyk5C8_7SdtgXg2IvVmR
fcH2BTIYFxhkxoxv-Bmnt2OylrRkn2P_IuUSiR_eeFFhi5GoLK0iLDgWFRtOSpbU2
iKWYgbgcTzQrairEGstsN1G2HiLRWeEsSXH1FDT9aA3mNNmYArz2DY6BObLUonAls
xqSvYbCk0rjy249i42AnT6qYcS2puYxmjvjONSTCaH4q9bVzYei155Y3Qb3siB9HE
XHVimsdP4Lr4AutyZExQxiImmebV4T23ZDLx5MFu7W040YpD36MszhUcD_4QuB60H
YeU9SFF9g2KK7CbWGFBaJf25QdYaIAMdKk69gFpPhA3V-I3_fsfJvbHyWDKLeX__6
Q0hHXaZ9oCt3EG4563n6GE32YIb8_15zYrQBDRJD3vyjzCo2w3bia_mHMRP4cxZ_E
CmiLqIWIPkFnuA5mezhxpWIiH7-WQf7RzUTWyiX6Ph4730RMPvZFGYV50qAyLDeII
jxudCLUfSaZH0UoZoLzijJT2pMQIPwZPnUJS62pfRQBmJtaTq-v5xOLwBwaSwJA5n
PlXLyd4d2zjOaR0wm2rE0ol36amQ86Usl_vA8zKBQm1p12icYK3mI8zHIYMHNqGRw
_uu0_1WERWT0kbBn2a04vAeYKSeHOlOSGzd31hn2dpQBYODMXUKYsroF4p_40oTfK
yZNJVRNCNFSsz8eprIRp1kDN--3d5c5ybU9UUQYJArn0-16_NQcieBdC3SYQpXO_M
wk1WEFWUkFUFJJV3KFKd8iKw_igENGbjHKKcsPQtl5XV2NLNI2Y5oSctspJoQWJJW
DtMBN1FibbuFpDCB2ojmsPcWWc-zivUAFQbkJxFHrYoBIGCA_Wunjk6RxMFpl-BaB
YtXVNKncTdsa06l3CujNDSFpe7-gN1SE6Znf6yASnPJjWFsdnXl_59RcRRI7vTpSe
AAgAwDAEguwoHVM51D66grC66EpcJ9S-XAvAIs0b_87GjEMlV7DQlFF5TXzu5XCc-
gfMKRhKJ4-xf9sKrZ4csiXughoHU3VnCp4xh4csDJY2gX5fcLdGuNFE_OGW7Jrq9W
bfsGh9KwFkvzxBPI1QvkxMw1J6_EiattoZdKLL156wdhl9mRiOYqjSBKyUCaZqPSd
oTRg4kkhHSRdlhI_GGomNK1VZ_8G2aoQNO3eKB4twAdHQwXFfbyhBaLIXJ3pJ_hPz
PvJbKDO_lqmXd8S4yS1RVkQoCUe1pPXQNMB9JyvKER7lXxmqGZOCeuMdkU1rwkm2X
3voSiqkrODcYPZin--xC0Lb2rxN_DZ-oP2Lh6qaucOSTRpW1k15V_E8nVa-FRZgYF
4jr_E4dsZZ2XvVoG4Uv7MFRwF4y87S1rrqs3jamWOKaJdWfRquQkCLktv_9tm8vrj
HDPBNU2UVvT60URQ2Tii5NHu8y4DSWBq95I00_6uu-BFjpjFiRDOAz1zy-CEuGHaa
EqqUfuV6pShGCvc8xDnibW3Jh6MIvbN2IduOvjRGDKsCvSehBRENdN9m7Db6AdHVj
1hbmV1cUv5LJTMYZHKUu2LUE_aLaSdui-Cbw0R6U4wLtC5GxLsTn0nv-9egZ_oYeZ
0sne-QkZcALn_ETKdLtyDIuPvEEcvYR9awfUS8JJv5BqBUdTbRmPMqgn6u6vtSa3v
Q7Eu1anOb6eZsJIAgI9guF316r-_KSlQLxyZG7sTmud025TtLpZQRuo_h-EyEfi9a
njACuIV5C_cmPT4DpKooVdy2RwIyY7r1OvsPeYAM5rVWkbDUJ4QVWtrHphvUvK6i0
4S9fDOlqgo_VxMopln_du0Jmf9MQKJC0oTrlN8Ng0a6fhqPmJc1zvFSl42aYr1KSv
p_LF_dFwgoheTxykI_h4CNG6MXP-jvP1OkVamEYhmR8W0SWqSDGpwgNalFjZpRYFi
cLrAz9CCFSsOVg1DP2gFWovm2hDXcXjp0rCJ9GrNrJLx0LcJzyE1UUardcG0nOgTs
j25vcNBg5QnO7uvjH9USW5KcYLIlEWg-3KWFvKZHiP7aJ8pqOgtQdPMDMhKk0U3vu
qW-nBm9o0baM_CvXi_MGvr3asA2bAT2gi7z8V3JAnt_p-mROZfCS1jNW9S3Lz8Tes
Cf1zMNZfEeX0ggMIHbTexR0edviwhBc9qR1b6oSID2dOnLDhZop2Ncp8uYx0qYTVS
ZwnmId-5xOlEr8njw0HgyJNqkRJqP5z2fCZRIRpY_zWMxxgD1JK4q1IeB7YE-BsFh
LT6IV4wdk8NQRiMJCVps593Spu3W835Zhto0GwI8lYnfjRoB6_e4QlQvyVWqeUVSW
qmZ0QWQjTPpp1UZSyD4qRVO_mI3TFHe83EMj56nNj_UgFWjXAOGXj16I0C1eiqa0i
9R5EwcPI_lHKUuI8VNTh5eWqBO49CRwO-uf_r3Q-irCnqXLhSxXjWvcCfWnXGIup0
gWzQixjVkta08piEh0l9PS4TyRB0Yk-IVe6jdrtWNhCCrYmkoyBZFgPvjvDoPYibO
fm0P6ITI7y4fa8N-Z5c6QDghkh0qOHzfGBJYs-pvXrRttHuS3yIn7nrO2jAZoDLQb
S1iior4jv_SRZb0KSf8NjkM0lyVfgGVG3y2llan46tg3RYV47ppcPXGlVOsMaxI8I
yyAw3FgmNFOZpcOnfjDD8edKtZs7QA2NngEn82D2Pxw8a2cX1YFun7UpQhveb8NKL
5Om3C4hMKDT-zqBKn09iyQDLulRMlhKBpjowJfPVNMnDfweKX6v2LXBvl0Gn0AKUi
Z2MXuffhj8XcdfH0aCO6YjeDSND-hX1PRLTzOkEzXRQNgJuTbPmAxxZkVQDEmsKVB
NXf4SXqvz2yOs5K_hcxpmAjD-zRYCqHmKUEQdpBgEbAY_AOM1H8p-AzSfgLnw4LT5
c-VijUAKHjDg6dP8xB1pdczR1Z_qLJI68AsGaTnjjQ6fVYbmijJwHCY-EIC9lFZrQ
ysuutS-pOjc17U1X49yNsw_ZpGOZdtnqs3wMEFtEgSWFB8os1rFmxj5tIJfHSabkO
O04Px03v8BVSjzBYwNpukGsnNM3_tMxNajqlE0ygrMqQjZzWGbt1CHiWAfOY8dyNS
SOLKsidSQ12CmR1q52r-_MS90eo2ROCyzbwLsRvY45HKBrd4Pdl0VHsp5KY0oFFy9
yAsg7ZBbq6yyngqZOx9Gatxv1U4XGGsFe--wxhwUzXe-2vYg-QMKUFcOQWXTGs0bb
1bAlLpY4I3eimsrUxaZniw-2MWk5wQxJM8oePxQRLLnZoRAvoG0yuI4thicJ8Ptcr
85B5WXNQH-YW8fqdnzRfhXPR0rmcuDyloMspFKmdaXFuJzm3FcXv2MrexjEpNuNYA
F1U63-GJQDgWkTD0Jqowzt5mOTw",
{
"signatures":[{
"alg":"S512",
"kid":"MBDV-XXNH-2RUB-RBMZ-5NG7-L3CD-3THV",
"signature":"X7i49SUdqSGL6_Iu5bVAoDVUS1lAiyn333jJJc
0P1FNomX2omaYKrpepbsJcYQNXSDkakyPEg_CApF7k07eQvfwKEAhPVtES_NZo4aD
jK_gtVXa8FY3aqbFrgatOK1PbMcUWOt4qTe--xyJIKhXN2TgA",
"witness":"p1ZkuXKyRwrlhoSERIoqHGiZ512xE-bOHHVqRqGd
A5w"}
],
"PayloadDigest":"oWCi5hMAs9B_Jdl23UlB94HG4nmT0F0W-qbvhk
uV2jULzRUDGFbY3Zz2y2er9QTYCPBCXSV4857a_dgxHMI8ew"}
],
"ApplicationEntries":[{
"ApplicationEntrySsh":{
"Identifier":"MCXP-WQVY-RTKQ-ZU6P-VOM4-7U6K-FHXH",
"EnvelopedActivation":[{
"enc":"A256CBC",
"kid":"EBQK-TT6L-J6RL-A3QS-7JY7-HN2D-WI5W",
"Salt":"muuRM8Csu8YVGXKPgdBskA",
"recipients":[{
"kid":"MBYP-2QNG-II34-MVBJ-E3DD-JMUS-KRU3",
"epk":{
"PublicKeyECDH":{
"crv":"X448",
"Public":"pY-ltrx_QDrhpB2nYek4X9G5CLO3u15
mcqPAbABxFYRZ83lPtMDLGXmo-FFgqe_gN8per0enFOeA"}},
"wmk":"mM9Xh0EF5h1q1GwGnK-GK7gblurWYGJ3k4tE2X
pc8WmMK7ELsOPW_g"}
],
"ContentMetaData":"ewogICJNZXNzYWdlVHlwZSI6ICJBY3
RpdmF0aW9uQXBwbGljYXRpb25Tc2giLAogICJjdHkiOiAiYXBwbGljYXRpb24vbW1
tL29iamVjdCIsCiAgIkNyZWF0ZWQiOiAiMjAyMi0wNC0yMFQxNjoxNzo1MloifQ"},
"9ie5X_tfEyaX1ndBhH8gPr5TZQlt14MSGgYJR0AUcrBCXYzBYR
Q_RiekTzkhluV00luMJ60-fjdzkpOyx_0yXr_ClQkn0M6_FAOt8m2zNZPeURJlFsh
jGDKyne_c243dcLEskczb1TVkxYhBgrYaykksDENRGAy_gH6vXTFV2DFg1N02UVhP
j-xQ4pcMrqEpWYYPwAT-N8jWezoOnz2-crO5HW-L3qXB2bzdUcomcq82aO7PQdeBI
oxHmeeMwdWLV9_tXTm6jsUuGyvvQcXbiQZ9uybTboSyb4Tp2fXyHHjfKL8yPtedXP
_CAqKdwmZ1ogj0p_O6IzPgUBVQBfxhFi73MgDbkcftON5JS0MNn-YNWkF3Sb-UtJS
2sttpYOX0M6fZfC1-OFCffuSdEs9KxggxOG3xqmhVcHI4OKVF4hzO21AeocmnmW_0
FyGrYjNozvXKrSYCvdKshHj1ZqqiWVT3xtQsaVr9FF5_IaMaXfFvwHSQei0p6_B3m
71r_kciGKO2YyoAoyle0rJuIt4enovfPNpm0f29yhe1-lBY0Hhe6Wf7hSK9NffQc2
TaBXYWPnDRVlqy_HuEW2MS8jt2NGbFULFsqPpcv22eIuB6K6HefzXlvA_IuYla0So
JBE2Lyd-Nvpp_6YNOpeWvESFnwbE7rBUcmKrtDSZUp5Hi_XPZ1Sj2h2MYmEvwcDfT
W8bmS7KJR_EvLglnSp8AnnTTfzqO2XnR5aHVNIgyN5mBqiexLE2W4mGD5FfYvypsp
ARqjCPjZxUMoZXuqFjx10HSdkBALXoDz1hynK0LkdPL9tjlhnm6sSkJYj8xnfamm3
qO9BNmponRL_3DQXoPGDkkvwRhWHNCnuC8yQJ8JLN0E9o0Vw6sQX9lQpStMaLbom_
4zvj9rd4Tl-4EyakDiQgb0x6_c8MaNCs7J_GWX_SVbZcdexx-Hm4aCgwZ3jGbSJZs
2KKAZmHma3E8N5N8n4wXlHoC6cfA0-y2_3hm39LcKYKJ6YfIqBDJIwdL0vzTLq9qZ
JT7p6ypBxEnHPTIfFbuHmBGKvzMvHTlLQ_IUr0g6Eyxw1LxKBSSI8FPb2h556_O-1
hNK-ck6lfEe3JWfsniQuqZTXPrfpduwERLOXanZ-_ysE7Cqd7rh5aAp59GBqWAqpF
meE4iRYJl6AkEy0wacBsAUJwqoAX4lZK3TU3ChJ0Zh3RemmO6ymxJhHdweb70lvSj
U60goICoXxuRHuGrrcFfY9SbU3Wae6ykbfsRKY7xJGNkchSkSt7JgsInvhdqn8cSr
KpMgZqrBAb2tKffghOToS9k4txQsLLeYtmmvWK92bRVbvIy_xvEBC5t0c9q8amGd3
yMkPa71b8fHOd3rRiA8oXLQhrRCpt1t-aPV0xadtYsRl2MbgW8uQst6zhmlWy3XFF
UfP7l_mWwWr5-RMMp7oEk-Bnts0v6sELpPiOMVHAUvukCPZMdiOiItcZxGshGk27N
BsJBNwfPUCpSdvvSzjscnWJgZj2L0iOh1Lb5V0ONMrfdhO9IGa4SXs1dNjsgLqW_0
zi5fYNYNuAm6cr7658dgt43HWXVC_1o9Hz5jdfmpUD6rMyyCc77c-VIVibFLi5yRs
MWHFVtUu6mW58VJtXz9LRTfaUVKa2dnb4kRU5Bj8O38dTYhXrSrIuPIV4RWyUPMnw
jCgd9A2TPSqo3NrH11bHgDOHM1peyx1W4lIDyncV4AbSr20YoW6l3ib84YE5uDAPB
KTb_v3Dy6-dD-7wcjUmI4Q-uXt289kdHqQdw_AbK8Y1uP8fYZSk87kPo9fpE5vR8y
DHRrRSprsCGBA2s82-7X3nxZ8AqaN3JvAttT2LzMmTW15ITmW70tBjttzlCvuwGE3
Y1iNHTZFmhRCvLmbzDuMQbhzTXvxmrT4ivY71XVVshjAsHjcv0ss8mSz3CIZWcq_7
ujoV9fKfu12CwP2FQDiLHb-uvqu25j5rB3mmLQdtBvLc34Nw3qCMUCmmLBvbG2TCd
i-tOPZARgSRyMWH29zFIC8VCt6hOpj_e_CTZ5qVlDRUNvRtHeDJ8aSOIDrT30lWQa
7QsdrUTzTo7m4SZ0pftrmavB0s_ImyLP1yGYSL0_PDntuz9aZVQt7LYlwBYm7FP0F
QDI3FyF7eX6j4HFj2aIT9ZKc-rXGdYJg2GcKwvftIAis_fIuREm5U5JdZp58sB3gg
NdOpZkN7vBKu6lgMznuldJYUdLZHkMf3-mfNue5dzyAI8TjhOmVxavGxk3sphqHqU
5zEpL8rhvgGgL7Mveww78tlVni8OhsoYWywwZ9Q9Nwg8BWMHVssMmWxqCOZda-7zw
o_2uWlhXw4sSp5Bodz2PXBBQDahQPboLQJLWZad7_Ds7Uq-YERfrTp5oL5O5PIF4O
TXW9eal1qKPYnoohFSUmZYmKtpQ78ul3v0-PYXQywmKeet6EzcgM2txIQh6ceSuP0
hTMbVXjt0yB3RV5pX3rjtTeqg8hFmEEyKO_0i30nNxh62sdRBzE-mmfc3N3KQqIha
sRFB31q9V2iifcD26C5mnQTIDnQ2nV_w4DHAudXhko-nJHouAeGhCMNa05I2dhu3x
4kM2nUDgX6_RHM4dokC0q2SKZZubE27GrC1eDf8RDpKHi1uby_Rkw9q0oCdsLIsW4
fLCJSvEpMzzS4YqP77ePINAiBNTSOAR_L9dpqkGuGcCL4DykWiA0rGmmnTaw7UG3t
iVNS7bBdoKdcqORjUlEfVv3AvEZ08k8KZQYB_oA5IoXj0D1G2JHSqYocFIHcvSbqO
07Mehz6FqBUF4YcbVKIp_QkG8nCuinD_AwPhtNb_EFN0MM3jaEuDVE0XhIfAHnKrk
BXC6n3_Qprj-nuBxo_Cf-egFPia_gSjbb1PvoFpxATbPlkY_J6Ihv7b6N19MX8gUx
HwwdCYLtTwHm8vWlKF0N2qGh_VObwrf0YZaJUkd-yaIOknlOrRw0MjytMsi_SEw_-
9D4Jn6jkdJzbyQD06CX-tPeNGnelVZfJR7X7SGCDC4_ues5Ait9OH1uZT1J_Z58bZ
HPHqT3S_GawAVwDN6h7A-VZnELXY279obT2uQ4mSjfLnKvM19qREiJxM7vJELYHfb
DLi2WxX8oR5dYmhgZfAaCRFlO8dcXoZc1aMwthDm_tvq96ZMqTG-KeBr7Br8VHFgK
Ji_GDWm6y41EDfw0WxQ_m-7sOCKclct-i5om1X3A3A49u5Cf0U08NxLqPDDM2H9_b
7WQfPmY7EfBNesye6AX_0DKqaIbG0Dlhddnx_s5dOizf5TD2kxAlgPz9BD8EUhj3h
3p9L559Yj9RnHSPvqY2x_xsbxyPx"
]}}
]}}}The device periodically polls for completion of the connection request using the Complete transaction. To provide a final check on the process, the command line tool presents the UDF of the account profile to which the device has connected if successful: Alice3> meshman device complete
Device UDF = MAA3-BQPZ-WWO4-7Q5B-P7AH-FY5C-ATMD
Account = alice@example.com
Account UDF = MAMQ-ETEA-JBL3-6UKE-LRNT-DGC3-OIDF
Alice3> meshman account sync
The completion request specifies the witness value for the transaction whose completion is being queried: {
"CompleteRequest":{
"AccountAddress":"alice@example.com",
"ResponseID":"MCXK-BPYI-YM5Y-N4LL-SFZV-FXIC-AHX2"}}The Service responds to the complete request by checking to see if an entry has been added to the local spool. If so, this contains the RespondConnection message created by the administration device. The preconfigured device connection interaction is used to connect devices that lack affordances such as a display or a keyboard. It is also known as the static QR code interaction because a static QR code printed on the device itself is used to connect it to a user's account.Future: Note that this interaction is likely to be changed substantially in future revisions of the specification and the Claim/PollClaim mechanism removed and replaced with a messaging based approach. The interaction has five phases:
Phase 1: Preconfiguration
The device to be onboarded is preconfigured with a ProfileDevice and private key information and a DeviceDescription posted to a publication service. This process is typically performed during manufacture. An EARL providing the ability to locate and decrypt the description is printed on the device itself as a QR code.
Phase 2: Device description acquisition
The administration device acquiring the onboarding device scans the QR code on the device and uses this information to obtain the device description by means of a Claim operation described above as described in the Device Description.
Phase 3: Administration Device Acceptance
This phase is performed in the same manner as the Dynamic QR Code (PIN) Authenticated interaction except that the administration device MAY advise the device that a connection request is being made by additional means described in the device description (e.g. WiFi, Bluetooth).
Phase 4: Poll Claim Notification
When connected to a network, the preconfigured device periodically attempts to poll the connection sources specified to find out if there is a pending request. If a connection request is posted, the device decrypts it to allow it to complete the connection process.
Phase 5: Onboarding Device Completion
This phase is performed in the same manner as the Dynamic QR Code (PIN) Authenticated interaction except that the administration device requires notice that of the pending connection request.
The main differences between this connection interaction and the witness/PIN connection interactions are that the device is preconfigured with the device profile at the time of manufacture and the onboarding device MAY be acquiring network configuration information during the connection process.The manufacturer preconfigures the device Maker> meshman device preconfig
Device UDF: MBOB-5GVY-Q43B-KODG-UJ3E-LY7V-36UV
File: EBKG-ED3O-HBHK-ZQGS-EX4H-X22S-X4.medk
This results in the creation of a primary secret which is used to compute a ProfileDevice and corresponding connection records signed by the manufacturer's administrator key. The data is combined to create a DevicePreconfiguration record that is provisioned to the firmware of the device being preconfigured. {
"DevicePreconfigurationPrivate":{
"EnvelopedProfileDevice":[{
"EnvelopeId":"MBOB-5GVY-Q43B-KODG-UJ3E-LY7V-36UV",
"dig":"S512",
"ContentMetaData":"ewogICJVbmlxdWVJZCI6ICJNQk9CLTVHVlktUT
QzQi1LT0RHLVVKM0UtTFk3Vi0zNlVWIiwKICAiTWVzc2FnZVR5cGUiOiAiUHJvZml
sZURldmljZSIsCiAgImN0eSI6ICJhcHBsaWNhdGlvbi9tbW0vb2JqZWN0IiwKICAi
Q3JlYXRlZCI6ICIyMDIyLTA0LTIwVDE2OjE3OjU3WiJ9"},
"ewogICJQcm9maWxlRGV2aWNlIjogewogICAgIlByb2ZpbGVTaWduYXR1cm
UiOiB7CiAgICAgICJVZGYiOiAiTUJPQi01R1ZZLVE0M0ItS09ERy1VSjNFLUxZN1Y
tMzZVViIsCiAgICAgICJQdWJsaWNQYXJhbWV0ZXJzIjogewogICAgICAgICJQdWJs
aWNLZXlFQ0RIIjogewogICAgICAgICAgImNydiI6ICJFZDQ0OCIsCiAgICAgICAgI
CAiUHVibGljIjogIkZXaWlfWUV0VERYNUt6ZUQtLW44QW5LcWlFUFQzODN6YWZPOW
VFREt0QjNjc2pMa2VaV2UKICBXMjNhQlEtd01pZFVNLVZGX1VsYTFtSUEifX19LAo
gICAgIkVuY3J5cHRpb24iOiB7CiAgICAgICJVZGYiOiAiTUNLMi1PRlNZLUNBUEot
RVpVNS1LTzM3LUlJTkMtNkhYTCIsCiAgICAgICJQdWJsaWNQYXJhbWV0ZXJzIjoge
wogICAgICAgICJQdWJsaWNLZXlFQ0RIIjogewogICAgICAgICAgImNydiI6ICJYND
Q4IiwKICAgICAgICAgICJQdWJsaWMiOiAiNkNwVFVfWlp1QWE3bENOYkE4ZUs4c2h
EeUdsQy05YldXckwteFQybTFZNjcwZVpFVzI1NwogIHR2SnREVDFLSTN3aXotaXB0
bjFBVHBhQSJ9fX0sCiAgICAiU2lnbmF0dXJlIjogewogICAgICAiVWRmIjogIk1CS
DYtUEQyNy02Tjc2LVIyNTctQlUzTS1CUUpYLVFEQlMiLAogICAgICAiUHVibGljUG
FyYW1ldGVycyI6IHsKICAgICAgICAiUHVibGljS2V5RUNESCI6IHsKICAgICAgICA
gICJjcnYiOiAiRWQ0NDgiLAogICAgICAgICAgIlB1YmxpYyI6ICJXV0xIN0hjb0Vl
SzdhRzMtYWdMdHI2UlltWTJnYWtiekNyWm00aWppWERGbXhWVFJIamJlCiAgaUItV
1dLOS1JVDQydW5OaHRXRmxPdXdBIn19fSwKICAgICJBdXRoZW50aWNhdGlvbiI6IH
sKICAgICAgIlVkZiI6ICJNQlRKLU9CNEYtQVlIRC1YQzRJLUpaTkctTUJaVS1ISTN
HIiwKICAgICAgIlB1YmxpY1BhcmFtZXRlcnMiOiB7CiAgICAgICAgIlB1YmxpY0tl
eUVDREgiOiB7CiAgICAgICAgICAiY3J2IjogIlg0NDgiLAogICAgICAgICAgIlB1Y
mxpYyI6ICJWd0hYcHQxdmZKV21zNUNjazluc2dlam92WkxOa1ctcEFxalpHdkdWNW
5lb0UtcnVyZWJDCiAgaTdYLTR3bnhxbXV4RkxIVHF5cFdJRjhBIn19fX19",
{
"signatures":[{
"alg":"S512",
"kid":"MBOB-5GVY-Q43B-KODG-UJ3E-LY7V-36UV",
"signature":"m10FQkPJzhAR2Cg2VfPzvSUt3XyQh0yjgqggXSep
nwz3NpDWrH6TZLNeO0Gq-moqahTzGn_ZW8aA6vuiuiqtDMy_avBf0g31nDpFyRDk6
9D5qXBh8Br-4utT_Zxyzz3S2i63FGczDekAZTwZTQoQwTUA"}
],
"PayloadDigest":"-irGyEMwNtkfLTM8Ygprqww7Lr41K_2Recre2O2H
DP5CyC4VklJfYiDMR8822Sp5oALA-2aqQjDzJKKEt50nhA"}
],
"EnvelopedConnectionDevice":[{
"dig":"S512",
"ContentMetaData":"ewogICJNZXNzYWdlVHlwZSI6ICJDb25uZWN0aW
9uRGV2aWNlIiwKICAiY3R5IjogImFwcGxpY2F0aW9uL21tbS9vYmplY3QiLAogICJ
DcmVhdGVkIjogIjIwMjItMDQtMjBUMTY6MTc6NTdaIn0"},
"ewogICJDb25uZWN0aW9uRGV2aWNlIjogewogICAgIkF1dGhlbnRpY2F0aW
9uIjogewogICAgICAiVWRmIjogIk1DSzItT0ZTWS1DQVBKLUVaVTUtS08zNy1JSU5
DLTZIWEwiLAogICAgICAiUHVibGljUGFyYW1ldGVycyI6IHsKICAgICAgICAiUHVi
bGljS2V5RUNESCI6IHsKICAgICAgICAgICJjcnYiOiAiWDQ0OCIsCiAgICAgICAgI
CAiUHVibGljIjogIjZDcFRVX1padUFhN2xDTmJBOGVLOHNoRHlHbEMtOWJXV3JMLX
hUMm0xWTY3MGVaRVcyNTcKICB0dkp0RFQxS0kzd2l6LWlwdG4xQVRwYUEifX19LAo
gICAgIlNpZ25hdHVyZSI6IHsKICAgICAgIlVkZiI6ICJNQkg2LVBEMjctNk43Ni1S
MjU3LUJVM00tQlFKWC1RREJTIiwKICAgICAgIlB1YmxpY1BhcmFtZXRlcnMiOiB7C
iAgICAgICAgIlB1YmxpY0tleUVDREgiOiB7CiAgICAgICAgICAiY3J2IjogIkVkND
Q4IiwKICAgICAgICAgICJQdWJsaWMiOiAiV1dMSDdIY29FZUs3YUczLWFnTHRyNlJ
ZbVkyZ2FrYnpDclptNGlqaVhERm14VlRSSGpiZQogIGlCLVdXSzktSVQ0MnVuTmh0
V0ZsT3V3QSJ9fX0sCiAgICAiRW5jcnlwdGlvbiI6IHsKICAgICAgIlVkZiI6ICJNQ
0syLU9GU1ktQ0FQSi1FWlU1LUtPMzctSUlOQy02SFhMIiwKICAgICAgIlB1YmxpY1
BhcmFtZXRlcnMiOiB7CiAgICAgICAgIlB1YmxpY0tleUVDREgiOiB7CiAgICAgICA
gICAiY3J2IjogIlg0NDgiLAogICAgICAgICAgIlB1YmxpYyI6ICI2Q3BUVV9aWnVB
YTdsQ05iQThlSzhzaER5R2xDLTliV1dyTC14VDJtMVk2NzBlWkVXMjU3CiAgdHZKd
ERUMUtJM3dpei1pcHRuMUFUcGFBIn19fX19",
{
"signatures":[{
"alg":"S512",
"kid":"MBGZ-R2AS-DPME-4KOZ-KKF5-WLDO-IBZO",
"signature":"pe4KEfz7NgyGS4nz7VxBPZNcX04Fnf5EVQXCg4AO
Z_XDKD3egMEeg5cStZALTB-yOkk44XLobyWAbxbhyeVFif7qZAdZ0hdk-h_o-di3h
aX-SVPdFpGHXeCeOMaEAfsCOXTb9oSvHqDNLUaRIfq0wiIA"}
],
"PayloadDigest":"oa0Yms70Z_buemEpSstfNdKSVlxUy7NoHKkZv_bA
9OX9ZJGkB3E4nNBfLG85arEixWQhkxFCwkHLvmInqkjYIQ"}
],
"EnvelopedConnectionService":[{
"dig":"S512",
"ContentMetaData":"ewogICJNZXNzYWdlVHlwZSI6ICJDb25uZWN0aW
9uU2VydmljZSIsCiAgImN0eSI6ICJhcHBsaWNhdGlvbi9tbW0vb2JqZWN0IiwKICA
iQ3JlYXRlZCI6ICIyMDIyLTA0LTIwVDE2OjE3OjU3WiJ9"},
"ewogICJDb25uZWN0aW9uU2VydmljZSI6IHsKICAgICJBdXRoZW50aWNhdG
lvbiI6IHsKICAgICAgIlVkZiI6ICJNQ0syLU9GU1ktQ0FQSi1FWlU1LUtPMzctSUl
OQy02SFhMIiwKICAgICAgIlB1YmxpY1BhcmFtZXRlcnMiOiB7CiAgICAgICAgIlB1
YmxpY0tleUVDREgiOiB7CiAgICAgICAgICAiY3J2IjogIlg0NDgiLAogICAgICAgI
CAgIlB1YmxpYyI6ICI2Q3BUVV9aWnVBYTdsQ05iQThlSzhzaER5R2xDLTliV1dyTC
14VDJtMVk2NzBlWkVXMjU3CiAgdHZKdERUMUtJM3dpei1pcHRuMUFUcGFBIn19fX1
9",
{
"signatures":[{
"alg":"S512",
"kid":"MBGZ-R2AS-DPME-4KOZ-KKF5-WLDO-IBZO",
"signature":"mGzTozZ5fDt4p9-VSDGwx6b9AUo_YDR9pLwXAj1m
oN5de75NXuZRdz_ENeTLu1AtEzyYENDaQskAho664biW8I7DuRbNbLJ_AJLXQD99b
5kiiz1Ljavg1RAdrdfH05TDGHw7eMP5aCEir_o4oS7zjTEA"}
],
"PayloadDigest":"97C6-ryQFiyRF-8NAP9pX7YvJEtcz-hexhvkHgsJ
2GUEl7yW_-uhclWSu0F7eRrdENFRq8g-qJDXPJTmo8TyEA"}
],
"PrivateKey":{
"PrivateKeyUDF":{
"PrivateValue":"ZAAQ-A5KD-OPXN-5E7X-ZXRU-CRYP-B2N2-G6FY-MCO
H-GAIH-72GR-EZXO-LQIM-Z5GA",
"KeyType":"MeshProfileDevice"}},
"ConnectUri":"mcu://maker@example.com/EBKG-ED3O-HBHK-ZQGS-EX4H-
X22S-X4"}}An EARL is created specifying the means by which an administration device can acquire the information required to complete a connection to the device: QR = {Connect.ConnectEARL}The preconfigured ProfileDevice is encrypted under the encryption key and published to the location key derived from the EARL. The administration device scans the QR code and obtains the Device Description using the Claim operation as shown in section $$$$. The administration device creates the ActivationDevice and CatalogedDevice records and populates the service as before. Alice> meshman account connect ^
mcu://maker@example.com/EBKG-ED3O-HBHK-ZQGS-EX4H-X22S-X4 /web
The device polls the publication service until a claim message is returned. Alice4> meshman device complete
Device UDF = MBOB-5GVY-Q43B-KODG-UJ3E-LY7V-36UV
Account = alice@example.com
Account UDF = MAMQ-ETEA-JBL3-6UKE-LRNT-DGC3-OIDF
Having been advised that an account has published a claim to bind to it, the device posts a connection Complete request to the specified account and completes the connection process as before.
HTTP Well Known Service Prefix: /.well-known/mmm
Every Mesh Portal Service transaction consists of exactly one request followed by exactly one response. Mesh Service transactions MAY cause modification of the data stored in the Mesh Service or the Mesh itself but do not cause changes to the connection state. The protocol itself is thus idempotent. There is no set sequence in which operations are required to be performed. It is not necessary to perform a Hello transaction prior to any other transaction. A Mesh Portal Service request consists of a payload object that inherits from the MeshRequest class. When using the HTTP binding, the request MUST specify the portal DNS address in the HTTP Host field. Base class for all request messages. [No fields] Base class for all request messages made by a user.
Inherits: MeshRequest
Account: String (Optional)
The fully qualified account name (including DNS address) to which the request is directed.
EnvelopedProfileDevice: Enveloped (Optional)
Device profile of the device making the request.
A Mesh Portal Service response consists of a payload object that inherits from the MeshResponse class. When using the HTTP binding, the response SHOULD report the Status response code in the HTTP response message. However the response code returned in the payload object MUST always be considered authoritative. Base class for all response messages. Contains only the status code and status description fields. [No fields] The Mesh Service protocol makes use of JSON objects defined in the JOSE Signatgure and Encryption specifications and in the DARE Data At Rest Encryption extensions to JOSE. The following common structures are used in the protocol messages: Describes a Key/Value structure used to make queries for records matching one or more selection criteria.
Key: String (Optional)
The data retrieval key.
Value: String (Optional)
The data value to match.
Specifies constraints to be applied to a search result. These allow a client to limit the number of records returned, the quantity of data returned, the earliest and latest data returned, etc.
Container: String (Optional)
The container to be searched.
IndexMin: Integer (Optional)
Only return objects with an index value that is equal to or higher than the value specified.
IndexMax: Integer (Optional)
Only return objects with an index value that is equal to or lower than the value specified.
NotBefore: DateTime (Optional)
Only data published on or after the specified time instant is requested.
Before: DateTime (Optional)
Only data published before the specified time instant is requested. This excludes data published at the specified time instant.
PageKey: String (Optional)
Specifies a page key returned in a previous search operation in which the number of responses exceeded the specified bounds. When a page key is specified, all the other search parameters except for MaxEntries and MaxBytes are ignored and the service returns the next set of data responding to the earlier query.
Specifies constraints on the data to be sent.
MaxEntries: Integer (Optional)
Maximum number of entries to send.
BytesOffset: Integer (Optional)
Specifies an offset to be applied to the payload data before it is sent. This allows large payloads to be transferred incrementally.
BytesMax: Integer (Optional)
Maximum number of payload bytes to send.
Header: Boolean (Optional)
Return the entry header
Payload: Boolean (Optional)
Return the entry payload
Trailer: Boolean (Optional)
Return the entry trailer
Describes the account creation policy including constraints on account names, whether there is an open account creation policy, etc.
Minimum: Integer (Optional)
Specifies the minimum length of an account name.
Maximum: Integer (Optional)
Specifies the maximum length of an account name.
InvalidCharacters: String (Optional)
A list of characters that the service does not accept in account names. The list of characters MAY not be exhaustive but SHOULD include any illegal characters in the proposed account name.
Container: String (Optional)
Index: Integer (Optional)
Digest: Binary (Optional)
Inherits: ContainerStatus
Envelopes: DareEnvelope [0..Many]
The entries to be uploaded.
Request: HelloRequest
Response: MeshHelloResponse
Report service and version information. The Hello transaction provides a means of determining which protocol versions, message encodings and transport protocols are supported by the service. The PostConstraints field MAY be used to advise senders of a maximum size of payload that MAY be sent in an initial Post request.
ConstraintsUpdate: ConstraintsData (Optional)
Specifies the default data constraints for updates.
ConstraintsPost: ConstraintsData (Optional)
Specifies the default data constraints for message senders.
PolicyAccount: PolicyAccount (Optional)
Specifies the account creation policy
EnvelopedProfileService: Enveloped (Optional)
The enveloped master profile of the service.
EnvelopedProfileHost: Enveloped (Optional)
The enveloped profile of the host.
Request: BindRequest
Response: BindResponse
Request creation of a new service account or group. Attempt Request binding of an account to a service address.
Inherits: MeshRequest
AccountAddress: String (Optional)
The service account to bind to.
EnvelopedProfileAccount: Enveloped (Optional)
The signed assertion describing the account.
Inherits: MeshResponse
Reports the success or failure of a Create transaction.
Reason: String (Optional)
Text explaining the status of the creation request.
URL: String (Optional)
A URL to which the user is directed to complete the account creation request.
Request: UnbindRequest
Response: UnbindResponse
Request deletion of a service account. Request creation of a new portal account. The request specifies the requested account identifier and the Mesh profile to be associated with the account.
Inherits: MeshRequestUser
[No fields]
Inherits: MeshResponse
Reports the success or failure of a Delete transaction. [No fields]
Request: ConnectRequest
Response: ConnectResponse
Request information necessary to begin making a connection request.
The user profile that provides the root of trust for this Mesh
Request: CompleteRequest
Response: CompleteResponse
Inherits: StatusRequest
AccountAddress: String (Optional)
ResponseID: String (Optional)
Inherits: MeshResponse
EnvelopedRespondConnection: Enveloped (Optional)
The signed assertion describing the result of the connect request
Request: StatusRequest
Response: StatusResponse
Inherits: MeshRequestUser
DeviceUDF: String (Optional)
ProfileMasterDigest: Binary (Optional)
Catalogs: String [0..Many]
Spools: String [0..Many]
Inherits: MeshResponse
EnvelopedProfileAccount: Enveloped (Optional)
The account profile providing the root of trust for this account.
EnvelopedCatalogedDevice: Enveloped (Optional)
The catalog device entry
ContainerStatus: ContainerStatus [0..Many]
Request: DownloadRequest
Response: DownloadResponse
Request objects from the specified container with the specified search criteria.
Inherits: MeshRequestUser
Request objects from the specified container(s). A client MAY request only objects matching specified search criteria be returned and MAY request that only specific fields or parts of the payload be returned.
Select: ConstraintsSelect [0..Many]
Specifies constraints to be applied to a search result. These allow a client to limit the number of records returned, the quantity of data returned, the earliest and latest data returned, etc.
ConstraintsPost: ConstraintsData (Optional)
Specifies the data constraints to be applied to the responses.
Inherits: MeshResponse
Return the set of objects requested. Services SHOULD NOT return a response that is disproportionately large relative to the speed of the network connection without a clear indication from the client that it is relevant. A service MAY limit the number of objects returned. A service MAY limit the scope of each response.
Updates: ContainerUpdate [0..Many]
The updated data
Request: TransactRequest
Response: TransactResponse
Attempt an atomic transaction on the containers and spools associated with an account.
Inherits: MeshRequestUser
Upload entries to a container. This request is only valid if it is issued by the owner of the account
Updates: ContainerUpdate [0..Many]
The data to be updated
Accounts: String [0..Many]
The account(s) to which the request is directed.
Outbound: Enveloped [0..Many]
The messages to be sent to other accounts
Inbound: Enveloped [0..Many]
Messages to be appended to the user's inbound spool. this is typically used to post notifications to the user to mark messages as having been read or responded to.
Local: Enveloped [0..Many]
Messages to be appended to the user's local spool. This is used to allow connecting devices to collect activation messages before they have connected to the mesh.
Inherits: MeshResponse
Response to an upload request.
Entries: EntryResponse [0..Many]
The responses to the entries.
ConstraintsData: ConstraintsData (Optional)
If the upload request contains redacted entries, specifies constraints that apply to the redacted entries as a group. Thus the total payloads of all the messages must not exceed the specified value.
IndexRequest: Integer (Optional)
The index value of the entry in the request.
IndexContainer: Integer (Optional)
The index value assigned to the entry in the container.
Result: String (Optional)
Specifies the result of attempting to add the entry to a catalog or spool. Valid values for a message are 'Accept', 'Reject'. Valid values for an entry are 'Accept', 'Reject' and 'Conflict'.
ConstraintsData: ConstraintsData (Optional)
If the entry was redacted, specifies constraints that apply to the redacted entries as a group. Thus the total payloads of all the messages must not exceed the specified value.
Request: PostRequest
Response: PostResponse
Request to post to a spool from an external party. The request and response messages are extensions of the corresponding messages for the Upload transaction. It is expected that additional fields will be added as the need arises.
Inherits: MeshRequest
Accounts: String [0..Many]
The account(s) to which the request is directed.
Messages: Enveloped [0..Many]
The messages to be sent to the addresses specified in Accounts.
The envelope identifier formed from the PublicationId.
TargetAccountAddress: String (Optional)
Account to which the claim is directed
Inherits: MeshResponse
EnvelopedMessage: Enveloped (Optional)
The claim message
KeyId: String (Optional)
The key identifier
KeyCoefficient: Binary (Optional)
Lagrange coefficient multiplier to be applied to the private key
Inherits: CryptographicOperation
Data: Binary (Optional)
The data to sign
PartialR: Binary (Optional)
Contribution to the R offset.
Inherits: CryptographicOperation
[No fields]
Inherits: CryptographicOperation
[No fields]
Inherits: CryptographicOperation
Threshold: Integer (Optional)
Shares: Integer (Optional)
Error: String (Optional)
Inherits: CryptographicResult
[No fields]
Inherits: CryptographicResult
[No fields]
Request: OperateRequest
Response: OperateResponse
Perform a set of cryptographic operations
Inherits: MeshRequest
AccountAddress: String (Optional)
The service account the capability is bound to
Inherits: MeshResponse
[No fields] The security considerations for use and implementation of Mesh services and applications are described in the Mesh Security Considerations guide .All the IANA considerations for the Mesh documents are specified in this documentA list of people who have contributed to the design of the Mesh is presented in .Key words for use in RFCs to Indicate Requirement LevelsMathematical Mesh 3.0 Part I: Architecture GuideThresholdSecrets.comMathematical Mesh 3.0 Part VI: Reliable User DatagramThresholdSecrets.comBinary Encodings for JavaScript Object Notation: JSON-B, JSON-C, JSON-DMathematical Mesh 3.0 Part II: Uniform Data Fingerprint.ThresholdSecrets.comMathematical Mesh 3.0 Part IV: Schema ReferenceThresholdSecrets.comMathematical Mesh 3.0 Part IX Security ConsiderationsThresholdSecrets.comMathematical Mesh: Reference Implementation