Internet-Draft Mesh Protocol Reference April 2022
Hallam-Baker Expires 22 October 2022 [Page]
Workgroup:
Network Working Group
Internet-Draft:
draft-hallambaker-mesh-protocol
Published:
Intended Status:
Informational
Expires:
Author:
P. M. Hallam-Baker
ThresholdSecrets.com

Mathematical Mesh 3.0 Part V: Protocol Reference

Abstract

The Mathematical Mesh 'The Mesh' is an end-to-end secure infrastructure that facilitates the exchange of configuration and credential data between multiple user devices. The core protocols of the Mesh are described with examples of common use cases and reference data.

[Note to Readers]

Discussion of this draft takes place on the MATHMESH mailing list (mathmesh@ietf.org), which is archived at https://mailarchive.ietf.org/arch/search/?email_list=mathmesh.

This document is also available online at http://mathmesh.com/Documents/draft-hallambaker-mesh-protocol.html.

Status of This Memo

This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.

Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at https://datatracker.ietf.org/drafts/current/.

Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."

This Internet-Draft will expire on 22 October 2022.

Table of Contents

1. Introduction

This document describes the Mesh Service protocol supported by Mesh Services, an account-based protocol that facilitates exchange of data between devices connected to a Mesh profile and between Mesh accounts.

Mesh Service Accounts support the following services:

A Mesh Profile MAY be bound to multiple Mesh Service Accounts at the same time but only one Mesh Service Account is considered to be authoritative at a time. Users may add or remove Mesh Service Accounts and change the account designated as authoritative at any time.

The Mesh Services are build from a very small set of primitives which provide a surprisingly extensive set of capabilities. These primitives are:

Hello

Describes the features and options provided by the service and provides a 'null' transaction which MAY be used to establish an authentication ticket without performing any action,

CreateAccount, DeleteAccount

Manage the creation and deletion of accounts at the service.

Status, Download, Upload

Support synchronization of Mesh containers between the service (Master) and the connected devices (Replicas).

Connect

Initiate the process of connecting a device to a Mesh profile from the device itself.

Post

Request that a Mesh Message be transferred to one or more Mesh Accounts.

Although these functions could in principle be used to replace many if not most existing Internet application protocols, the principal value of any communication protocol lies in the size of the audience it allows them to communicate with. Thus, while the Mesh Messaging service is designed to support efficient and reliable transfer of messages ranging in size from a few bytes to multiple terabytes, the near-term applications of these services will be to applications that are not adequately supported by existing protocols if at all.

2. Definitions

This section presents the related specifications and standard, the terms that are used as terms of art within the documents and the terms used as requirements language.

2.1. Requirements Language

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2119].

2.2. Defined Terms

The terms of art used in this document are described in the Mesh Architecture Guide [draft-hallambaker-mesh-architecture].

2.4. Implementation Status

The implementation status of the reference code base is described in the companion document [draft-hallambaker-mesh-developer].

3. Mesh Protocols

The Mesh specifies two separate types of protocol interactions:

Mesh Service Protocol

A synchronous protocol supporting interactions between devices and a Mesh Service Host and between Mesh Service hosts.

Mesh Messaging Protocol

An asynchronous protocol that supports interactions between devices connected to the same account and between accounts.

The Mesh Messaging Protocol uses the Mesh Service Protocol as transport. The Mesh Service Protocol in turn makes use of Reliable UDP Datagram (RUD) [draft-hallambaker-mesh-rud] for framing and authentication of individual requests and responses. These RUS packets are in turn exchanged over either HTTPS (i.e. a Web Service) or directly over UDP.

t c t P g l S v C o e S r D e T T U P o a l T n t c h M b a g o l r h r e U e a m L M M o e P P e s i a D i P D T s s s o l S R a H e r c o i P g
Figure 1: Protocol Layering

Mesh Services MUST support the HTTPS binding and MAY support the UDP binding.

4. Mesh Service

A Mesh Service is a minimally trusted service. In particular a user does not need to trust a Mesh service to protect the confidentiality or integrity of most data stored in the account catalogs and spools.

Unless the use of the Mesh Service is highly restricted, a user does need to trust the Mesh Service in certain respects:

Data Loss

A service could refuse to respond to requests to download data.

Integrity (Stale Data)

The use of Merkle Trees limits but does not eliminate the ability of a Mesh Service to respond to requests with stale data.

Messaging

A service could reject requests to post messages to or accept messages from other mesh users.

This risk is a necessary consequence of the fact that the Mesh Service Provider is accountable to other Mesh Service Providers for abuse originating from their service.

Traffic analysis

A Mesh Service has knowledge of the number of Mesh Messages being sent and received by its users and the addresses to which they are being sent to or received from.

The need to trust the Mesh Service in these respects is mitigated by accountability and the user's ability to change Mesh Service providers at any time they choose with minimal inconvenience.

It is possible that some of these risks will be reduced in future versions of the Mesh Service Protocol but it is highly unlikely that these can be eliminated entirely without compromising practicality or efficiency.

4.1. Data Model

The design of the Mesh Service model followed a quasi-formal approach in which the system was reduced to schemas which could in principle be rendered in a formal development method but without construction of proofs.

Like the contents of Mesh Accounts, a Mesh Service may be represented by a collection of catalogs and spools, for example:

Account Catalog

Contains the account entries.

Incident Spool

Reports of potential abuse

Backup of the service MAY be implemented using the same container synchronization mechanism used to synchronize account catalogs and spools.

4.2. Partitioning

Mesh Services supporting a large number of accounts or large activity volume MAY partition the account catalog between one or more hosts using the usual tiered service model in which a front-end server receives traffic for any account hosted at the server and routes the request to the back-end service that provides the persistence store for that account.

In addition, the Mesh Service Protocol supports a 'direct connection' partitioning model in which devices are given a DNS name which MAY allow for direct connection to the persistence host or to a front-end service offering service that is in some way specific to that account.

5. Protocol Bindings

The protocol binding maps the abstract protocol definition specified in this document to the network protocol format.

Currently only one protocol binding is specified: JSON-BCD Application Binding [draft-hallambaker-jsonbcd] over Reliable User Datagram (RUD) [draft-hallambaker-mesh-rud].

JSON-BCD Application Binding specifies the means by which data types such as 'integer' and 'datetime' etc. given in this document are serialized using JSON/JSON-B encoding.

Reliable User Datagram offers a presentation layer over a choice of HTTP or UDP transport.

6. Mesh Service Operations

The Mesh Service operations are divided into the following functional groups:

Service Description

Describes the service.

Account Management

Operations used to create, reclaim, and delete accounts.

Persistence Store Management

Operations used to synchronize persistence store data across connected devices. [May be replaced in a future revision]

Device Connection

Operations used by devices requesting connection to the account.

Publication

Operations allowing a watched document to be posted to the service and claims made on the document returned to a device.

Cryptographic

Cryptographic operations, including threshold operations performed by the service.

Messaging

Exchange of messages between Mesh Services.

6.1. Service Description

The Hello transaction is used to determine the features supported by the service and obtain the service profile.

The request payload only specifies that is is a request for the service description:

{
  "HelloRequest":{}}

The response payload describes the service and the host providing that service:

{
  "MeshHelloResponse":{
    "Status":201,
    "Version":{
      "Major":3,
      "Minor":0,
      "Encodings":[{
          "ID":["application/json"
            ]}
        ]},
    "EnvelopedProfileService":[{
        "EnvelopeId":"MDSK-EUHS-QXGD-LKOF-AVC7-V2RH-LV6Z",
        "dig":"S512",
        "ContentMetaData":"ewogICJVbmlxdWVJZCI6ICJNRFNLLUVVSFMtUV
  hHRC1MS09GLUFWQzctVjJSSC1MVjZaIiwKICAiTWVzc2FnZVR5cGUiOiAiUHJvZml
  sZVNlcnZpY2UiLAogICJjdHkiOiAiYXBwbGljYXRpb24vbW1tL29iamVjdCIsCiAg
  IkNyZWF0ZWQiOiAiMjAyMi0wNC0yMFQxNjoxNzoxNVoifQ"},
      "ewogICJQcm9maWxlU2VydmljZSI6IHsKICAgICJQcm9maWxlU2lnbmF0dX
  JlIjogewogICAgICAiVWRmIjogIk1EU0stRVVIUy1RWEdELUxLT0YtQVZDNy1WMlJ
  ILUxWNloiLAogICAgICAiUHVibGljUGFyYW1ldGVycyI6IHsKICAgICAgICAiUHVi
  bGljS2V5RUNESCI6IHsKICAgICAgICAgICJjcnYiOiAiRWQ0NDgiLAogICAgICAgI
  CAgIlB1YmxpYyI6ICJVdVdEOHF4ZGVxazZweVdrb3o2M3FCcEpQQ2NaT2ItaHlTWV
  FiX0x4NWZHZllPb1U0Z0I3CiAgVjZWYXVBZkctdUlCREJNcWcxUW1jR1FBIn19fSw
  KICAgICJTZXJ2aWNlQXV0aGVudGljYXRpb24iOiB7CiAgICAgICJVZGYiOiAiTURB
  TC1aSTVOLTRVS1otSDZWTC1GMjVLLVBITkYtWlVWQSIsCiAgICAgICJQdWJsaWNQY
  XJhbWV0ZXJzIjogewogICAgICAgICJQdWJsaWNLZXlFQ0RIIjogewogICAgICAgIC
  AgImNydiI6ICJYNDQ4IiwKICAgICAgICAgICJQdWJsaWMiOiAiZDNibl8tcUVWd0J
  NNjlaOTNLYWJuM01xU25jOUdRRGxGVDJfUmN4NXRWUm1lYl9iank3MQogIHZTUlNr
  M1pQMDREajJjVUJNNEFnci1vQSJ9fX0sCiAgICAiU2VydmljZUVuY3J5cHRpb24iO
  iB7CiAgICAgICJVZGYiOiAiTUE0Sy1FVkNLLTM2T1otVUhTUS1TSExLLTM2TjMtWV
  c3TCIsCiAgICAgICJQdWJsaWNQYXJhbWV0ZXJzIjogewogICAgICAgICJQdWJsaWN
  LZXlFQ0RIIjogewogICAgICAgICAgImNydiI6ICJYNDQ4IiwKICAgICAgICAgICJQ
  dWJsaWMiOiAiUF9vd1dHdDd3ZHR1dmNzR0NQZlFvOHVGNUNGWEcyUlB3Y1RCbEtac
  XgwVklmOWhwTWRleQogIHVBalJNRmVFNV8zblJtMHl3TDZ0a1VRQSJ9fX0sCiAgIC
  AiU2VydmljZVNpZ25hdHVyZSI6IHsKICAgICAgIlVkZiI6ICJNQUMzLVlKU1UtNDJ
  GMy1CQjRMLVQ0N0gtVkY2TS00SVhNIiwKICAgICAgIlB1YmxpY1BhcmFtZXRlcnMi
  OiB7CiAgICAgICAgIlB1YmxpY0tleUVDREgiOiB7CiAgICAgICAgICAiY3J2IjogI
  kVkNDQ4IiwKICAgICAgICAgICJQdWJsaWMiOiAiX3BUMGNtdzY2dWFRYmQwUWhFMT
  V5VXRtMVVEc2RvWjF6THRHcnFObkRmVGJoUThxVXFEbAogIHBQRzRmc3pJRmE5dml
  LWUU5MENCQTJFQSJ9fX19fQ",
      {
        "signatures":[{
            "alg":"S512",
            "kid":"MDSK-EUHS-QXGD-LKOF-AVC7-V2RH-LV6Z",
            "signature":"aDhxhPphK2d1smZFTyaCfa-7l0LOty4A0ngIfur5
  gbKwsEozM5iTCZHV0HDZIqqnZ0THTzMpcd6AEwBm6SfRfClq1GjA6Eg_nzJkOWKVI
  v2m0ZWE5RnaIUclvg4lfn7t8NTbof2eryIv9qhR0_uyOgoA"}
          ],
        "PayloadDigest":"LJuCRu0W-vSJP0S2lHpEiW_aKliIb3wsYCpXOB5H
  x8nKOmFzeanUHVWNflPTxwFeoECpDf_-uQ5kI8-61oE_Xw"}
      ]}}

The current revision of the specification is designed for small scale deployments in which the service is provided by a single host. The approach will require revision in future versions to fully support a service being provided by multiple hosts with accounts being transferred between the hosts to allow balancing of load.

6.2. Account Management

There are three account management operations:

BindAccount

Create an account bound to a service address.

UnbindAccount

Delete an account bound to a service address

RecoverAccount

[TBS] Reclaim an account using a recovered primary secret.

The BindAccount operation is used to create User and Group accounts. Currently, these account types are distinct. This may change in future releases.

6.2.1. Bind Account

A User Account is bound to a Mesh Service by completing a BindAccount operation with the service.

The BindAccount transaction is unique in that it can fail to complete for reasons that are outside the scope of the Mesh specifications. Creation of an account might require payment to be made or authentication of the user's credentials. It is thus quite normal for the result of a CreateRequest to be the account being created in an 'on hold' state which can only be changed out of band.

If the request is at least partially successful, a BindResponse message is returned. In the case of partial success, a description of the request status and link to a Web page providing further details MAY be returned.

The request payload contains all the information needed to create the account:

  • The account address
  • The account profile

Since there is no Access Catalog until the account is created, the Bind Account request and subsequent requests used to initialize the access catalog for the account MUST be authenticated by the Account Authentication key.

Alice requests creation of the account alice@example.com. The request payload is:

{
  "BindRequest":{
    "AccountAddress":"alice@example.com",
    "EnvelopedProfileAccount":[{
        "EnvelopeId":"MAMQ-ETEA-JBL3-6UKE-LRNT-DGC3-OIDF",
        "dig":"S512",
        "ContentMetaData":"ewogICJVbmlxdWVJZCI6ICJNQU1RLUVURUEtSk
  JMMy02VUtFLUxSTlQtREdDMy1PSURGIiwKICAiTWVzc2FnZVR5cGUiOiAiUHJvZml
  sZVVzZXIiLAogICJjdHkiOiAiYXBwbGljYXRpb24vbW1tL29iamVjdCIsCiAgIkNy
  ZWF0ZWQiOiAiMjAyMi0wNC0yMFQxNjoxNzoxN1oifQ"},
      "ewogICJQcm9maWxlVXNlciI6IHsKICAgICJQcm9maWxlU2lnbmF0dXJlIj
  ogewogICAgICAiVWRmIjogIk1BTVEtRVRFQS1KQkwzLTZVS0UtTFJOVC1ER0MzLU9
  JREYiLAogICAgICAiUHVibGljUGFyYW1ldGVycyI6IHsKICAgICAgICAiUHVibGlj
  S2V5RUNESCI6IHsKICAgICAgICAgICJjcnYiOiAiRWQ0NDgiLAogICAgICAgICAgI
  lB1YmxpYyI6ICJuaTg1UWphTTh3VTV2Um9LbXdueEQwRjljNFNLMzAzTWswR2FkNV
  dsSjhoZ0JpWVd3OW9OCiAgem1pMzJzdzhYQW1lcjZVTTBTb1RjMjRBIn19fSwKICA
  gICJBY2NvdW50QWRkcmVzcyI6ICJhbGljZUBleGFtcGxlLmNvbSIsCiAgICAiU2Vy
  dmljZVVkZiI6ICJNRFNLLUVVSFMtUVhHRC1MS09GLUFWQzctVjJSSC1MVjZaIiwKI
  CAgICJFc2Nyb3dFbmNyeXB0aW9uIjogewogICAgICAiVWRmIjogIk1CWlAtV1pBWi
  1CNktRLU1ZWVAtSDdLRC1WVkJBLTdUNlUiLAogICAgICAiUHVibGljUGFyYW1ldGV
  ycyI6IHsKICAgICAgICAiUHVibGljS2V5RUNESCI6IHsKICAgICAgICAgICJjcnYi
  OiAiWDQ0OCIsCiAgICAgICAgICAiUHVibGljIjogInRSODVSQ3FXdjgtWDVCazBOV
  TRFVmxqUUZKNTg1Rk5FM1p3eVd6WFNWdEpIaXgwRlo3aloKICBRN3hnOXV1cnc4S0
  9LbDVNMFVXN0xMT0EifX19LAogICAgIkFkbWluaXN0cmF0b3JTaWduYXR1cmUiOiB
  7CiAgICAgICJVZGYiOiAiTUJEVi1YWE5ILTJSVUItUkJNWi01Tkc3LUwzQ0QtM1RI
  ViIsCiAgICAgICJQdWJsaWNQYXJhbWV0ZXJzIjogewogICAgICAgICJQdWJsaWNLZ
  XlFQ0RIIjogewogICAgICAgICAgImNydiI6ICJFZDQ0OCIsCiAgICAgICAgICAiUH
  VibGljIjogIkhVd040UlZoR2N6RmxPbTJiRGNldnZWWXlkNmdqZHEzM1FxVjhVcTM
  5ZEdhc1J6UW45X1AKICBWZ0NCUklfOE1qaXZlclRLZGFhRUkzMkEifX19LAogICAg
  IkNvbW1vbkVuY3J5cHRpb24iOiB7CiAgICAgICJVZGYiOiAiTURQUi1GSlZXLUdLN
  VotMkxKQS1MTVlWLVhTQ0gtSEUyQyIsCiAgICAgICJQdWJsaWNQYXJhbWV0ZXJzIj
  ogewogICAgICAgICJQdWJsaWNLZXlFQ0RIIjogewogICAgICAgICAgImNydiI6ICJ
  YNDQ4IiwKICAgICAgICAgICJQdWJsaWMiOiAiNTVqVWttcW4zZ3dHMGIySHpEVnUz
  SGxmNXNPNkdnVmxqX3ZhWUZ3QUVrc0RjTXkzd3l2VQogIHd0OW9qa2VVS1Q2MzA0R
  HdmcmgtVXc4QSJ9fX0sCiAgICAiQ29tbW9uQXV0aGVudGljYXRpb24iOiB7CiAgIC
  AgICJVZGYiOiAiTUJWSS1FV0xPLUVJN0otT1ZBSy1HR1pILTZZSFctWkpTVSIsCiA
  gICAgICJQdWJsaWNQYXJhbWV0ZXJzIjogewogICAgICAgICJQdWJsaWNLZXlFQ0RI
  IjogewogICAgICAgICAgImNydiI6ICJYNDQ4IiwKICAgICAgICAgICJQdWJsaWMiO
  iAiZlRVM1RlQjEtN0s4U1pwbzR0UXhaUHBKQWItX2QzTklkSmhsa3hXYWlab2dKUk
  VLOWFkUAogIGY5S25zNW1xcjExVVRUb0lNaHpmZEphQSJ9fX0sCiAgICAiQ29tbW9
  uU2lnbmF0dXJlIjogewogICAgICAiVWRmIjogIk1BTVAtQlg0Ry1BS0syLVlIUEEt
  SVhKVi1aMktWLVVYQlciLAogICAgICAiUHVibGljUGFyYW1ldGVycyI6IHsKICAgI
  CAgICAiUHVibGljS2V5RUNESCI6IHsKICAgICAgICAgICJjcnYiOiAiRWQ0NDgiLA
  ogICAgICAgICAgIlB1YmxpYyI6ICJZNi1EMkRiYktsYVZYdkc1WlF3ZUxkNV9rUDF
  FQ0FDUjQwYkRtcGctWTRLczkyRk5lLXV5CiAgc1dVck1fTG1RS09JUGpqcjVMOE5P
  QkVBIn19fX19",
      {
        "signatures":[{
            "alg":"S512",
            "kid":"MAMQ-ETEA-JBL3-6UKE-LRNT-DGC3-OIDF",
            "signature":"FOqGS7sd-l-iXeW0NnWOIUbmJxw0SLBHk_F4VYya
  8AIu23JVKebgbH-MtSAK_-0FVuXyWcRUdT8AsHeGljsGe7Y9tN4q_NT8tIASs9ZsZ
  a4HXUyAB3vOzMuSO6wi5bHehc-zWhkEPZhvdiBMcizkODYA"}
          ],
        "PayloadDigest":"pbnx3FGeWuZWOrANRD5vo3UYnkZRpHGmpLwSWVJn
  sNZ4SFe4qVn-hfNrZ557hnJhp4aD7EN2p6B7IVNMmuK_9w"}
      ]}}

The response payload currently reports the success or failure of the bind operation:

{
  "BindResponse":{
    "Status":201,
    "StatusDescription":"Operation completed successfully",
    "EnvelopedAccountHostAssignment":[{
        "ContentMetaData":"ewogICJNZXNzYWdlVHlwZSI6ICJBY2NvdW50SG
  9zdEFzc2lnbm1lbnQiLAogICJjdHkiOiAiYXBwbGljYXRpb24vbW1tL29iamVjdCI
  sCiAgIkNyZWF0ZWQiOiAiMjAyMi0wNC0yMFQxNjoxNzoxN1oifQ"},
      "ewogICJBY2NvdW50SG9zdEFzc2lnbm1lbnQiOiB7CiAgICAiQWNjb3VudE
  FkZGVzcyI6ICJhbGljZUBleGFtcGxlLmNvbSIsCiAgICAiQWNjZXNzRW5jcnlwdCI
  6IHsKICAgICAgIlVkZiI6ICJNQUpZLTY1S1AtQzY3RS1MRlhQLVEzWEktWkhaRi1H
  TkhWIiwKICAgICAgIlB1YmxpY1BhcmFtZXRlcnMiOiB7CiAgICAgICAgIlB1YmxpY
  0tleUVDREgiOiB7CiAgICAgICAgICAiY3J2IjogIlg0NDgiLAogICAgICAgICAgIl
  B1YmxpYyI6ICJIVWVvTEJvWUpqOWVZeDlQd1VMem5NRThvVHQ3R1JyeThBNWhmUTk
  1OUw1UjdQeUlaMEZYCiAgaFNRVk12cVF4aUJtRzlpeGdiNkpMSDRBIn19fX19"
      ]}}

It is likely that a future revisions of the specification will specify the host(s) to which future account service operations are to be directed. This would allow the account management operations to be separated from the account maintenance operations without requiring the traditional tiered architecture in which every interaction with a service is first routed to a host that cannot perform the required action so that it can be directed to the host that can.

6.2.1.1. Bind Group Account

Mesh Group Accounts are created in the same manner as user accounts except that the ProfileGroup is specified.

6.2.1.2. Account Recovery

Should all the administration devices be lost, an account MAY be recovered by the process of recovering the profile master secret and using it to access the account through the account authentication key.

6.2.2. Unbind Account

An account registration is deleted using the UnbindAccount transaction.

>>>> Unfinished ProtocolAccountDelete

The request payload:

{
  "UnbindRequest":{
    "Account":"alice@example.com"}}

The response payload:

{
  "UnbindResponse":{
    "Status":201,
    "StatusDescription":"Operation completed successfully"}}
6.2.2.1. Account Transfer

Should a user wish to transfer their account to a new service provider, they first use the Bind Account operation to bind the account to the new service provider, then populate the account entry at the new account using the account authentication key.

Only after the new account binding has been completed and is ready for use, is the unbind operation used to delete the account entry at the old service provider.

Future versions of the protocol will elaborate on this mechanism so that the change of address can be signaled to connected devices and parties sending messages to the account.

6.2.3. Account Recovery and Transfer.

Account recovery is necessary in the case that user has lost control of every administration device connected to the account and must re-create the account profile and bind a new set of administrative devices. Account transfer is the process of unbinding an account from one service and rebinding it to a new one.

These capabilities are both critical to the long term success of the Mesh but have been deleted from the current revision of the specification as their implementation is interdependent on the architecture of the callsign registry.

>>>> Unfinished ProtocolAccountRecover

[TBS]

6.3. Persistence Store Management

All the state associated with a Mesh profile is stored as a sequence of DARE Messages in a Dare Container. The Mesh Service holding the master copy of the persistence stores and the devices connected to the profile containing complete copies (replicas) or partial copies (redactions).

Thus, the only primitive needed to achieve synchronization of the profile state are those required for synchronization of a DARE Container. These steps are:

  • Obtain the status of the catalogs and spools associated with the account.
  • Download catalog and spool updates
  • Upload catalog updates.

To ensure a satisfactory user experience, Mesh Messages are intentionally limited in size to 32 KB or less, thus ensuring that an application can retrieve the most recent 100 messages almost instantaneously on a high bandwidth connection and without undue delay on a slower one.

6.3.1. Status

The status transaction returns the status of the containers the device is authorized to access for the specified account together with the updated Device Connection Entry if this has been modified since the entry presented to authenticate the request was issued.

Alice adds an entry to her bookmark catalog. Before the bookmark can be added, the device synchronizes to the service. The synchronization process begins with a request for the status of all the stores associated with the account that it has access rights for:

{
  "StatusRequest":{
    "CatalogedDeviceDigest":"MBD2-CX3T-MAHB-323R-ZKPE-V23R-4O"}}

If the account has a very large number of stores, the device might only ask for the status of specific stores of interest.

The response specifies the status of each store specifying the index and Merkle tree apex digest values for each:

{
  "StatusResponse":{
    "Status":201,
    "StatusDescription":"Operation completed successfully",
    "ContainerStatus":[{
        "Container":"MMM_Inbound",
        "Index":3},
      {
        "Container":"MMM_Outbound",
        "Index":1,
        "Digest":"FEHy24Y6cLModDXWH31kVc2a3TdhjXPooKHpLAb2JbsO1YQ
  nJolmowXAYHhkOGY0kg3jrKNTjds0myf4Dw1sdg"},
      {
        "Container":"MMM_Local",
        "Index":2},
      {
        "Container":"MMM_Access",
        "Index":3,
        "Digest":"af-ZCV48K2pp8D8_a7t2Zovpj0Rg083JVQ9FSptSqzHwAwS
  DEv6Q7qd3UJAj5xcHgN8-uixxRM62NP7MDZwZIA"},
      {
        "Container":"MMM_Credential",
        "Index":4,
        "Digest":"xIiGmicJxjUJWEjWM6nqwKIG0Hmotr9pjFxTEFXeCCW1klZ
  VWj4rJv1X4byJvxplJwtGVWYph9YEi0ZMFrNkRw"},
      {
        "Container":"MMM_Device",
        "Index":3,
        "Digest":"AfExhtW64TJvmpW9Lrh5uf8jURFrFTc62FYgffU3IPowOdl
  3HV5gHYxGB-Pucpaco7vowCEqRjqeP5dTMOQzFw"},
      {
        "Container":"MMM_Contact",
        "Index":2,
        "Digest":"VSDUsxoQIIMuSLTVgeEO2QTpGweYanJ86nDrdUMPm0CDX4m
  PVP_8UWAtWdm6HMmpvQ7Pm11pgDUYSNOF72Cofg"},
      {
        "Container":"MMM_Application",
        "Index":1,
        "Digest":"BWJ7_IbH7vcOI-CR-oGpqIXdQz50rPbmGsZvOiL1dqKe9lW
  QJSh5tKElz9TAQRT0EG7G0kOZ2mCqiP_yGZAN3A"},
      {
        "Container":"MMM_Publication",
        "Index":1,
        "Digest":"xDBR1MLSGbMcgX1mjMyT-XEKgTXG8j8v4pNhOfHkZTp_xfm
  3oEWvudSi0dO-varqqX_iwrHFJD9wxWWjfNThAA"},
      {
        "Container":"MMM_Bookmark",
        "Index":1,
        "Digest":"vKaVPfFoa-c_h0XyyLmN5Fb1C0mgFogLo80vb-qu4r0xFUx
  wCJ5qGqObbaxLxK8a7_sSZ88SV8McU1NWl7BS3w"},
      {
        "Container":"MMM_Task",
        "Index":1,
        "Digest":"Od-7rQgE-8X-Dr1oIAgkhuKm5NMc85RIOnFLlJmqskwy3yO
  YoWzorX-aUve1rKPmnBCmbAhDUhHEGo_wUP-kJQ"}
      ]}}

Bug: The current version of the reference code is only returning the digest values for the outbound store.

6.3.2. Download

The download transaction returns a collection of entries from one or more containers associated with the profile.

The service MAY limit the number of entries returned in an individual response for performance reasons.

The previous status operation has reported that a new envelope has been added to the credential store. The device requests this data from the service:

{
  "DownloadRequest":{
    "Select":[{
        "Container":"MMM_Credential",
        "IndexMin":3,
        "IndexMax":4}
      ]}}

The response contains the requested envelope:

{
  "DownloadResponse":{
    "Status":201,
    "StatusDescription":"Operation completed successfully",
    "Updates":[{
        "Container":"MMM_Credential",
        "Envelopes":[[{
              "PayloadDigest":"YPLzDhhS7EN_kZDTvNG5M0SM-FHOzqbbb5
  tpe2QiPcqvMbeL5wG5DixDsKpHyp2Be1-JIzC2svJLMmxThxoKQA",
              "TreeDigest":"xIiGmicJxjUJWEjWM6nqwKIG0Hmotr9pjFxTE
  FXeCCW1klZVWj4rJv1X4byJvxplJwtGVWYph9YEi0ZMFrNkRw",
              "enc":"A256CBC",
              "dig":"S512",
              "Salt":"lUbGQVUnbrUB9k4ZwNQGMA",
              "recipients":[{
                  "kid":"MDG5-EPRO-L3LG-GGFU-WKSG-EXU3-GGAB",
                  "epk":{
                    "PublicKeyECDH":{
                      "crv":"X448",
                      "Public":"NHRQRC52QsQUM8p7-p0Tc9QGm-VcojGal
  1n8tpbVd-H127mYjgGDV5vB7VqMBClC6aVISJTzWE4A"}},
                  "wmk":"cyTvjux3YTmm8XgzUXXI3VBxRFXh3ueSteXaHHFu
  g5EdKpF82OFP8Q"}
                ],
              "ContentMetaData":"ewogICJVbmlxdWVJZCI6ICI6ZnRwLmV4
  YW1wbGUuY29tIiwKICAiRXZlbnQiOiAiVXBkYXRlIiwKICAiRmlyc3QiOiAxLAogI
  CJQcmV2aW91cyI6IDF9",
              "SequenceInfo":{
                "Index":3,
                "TreePosition":825},
              "Received":"2022-04-20T16:17:23Z"},
            "3-njoLi2gG1Bc3eb2vGW5WJ2cHs8D7s-wrvy7L2jEAVHWlBgp4gY
  y4Pi89A70PJy3zsrJohsEw6zuqwGH9ETUmjuNWWq5cgBn2KZfz3dRdmQ8U0zw5E5y
  4qY15v5dyzaN2qh7CTUyQtxupsFhgImGYiOhnqEoCi5udTs1YpC5mg",
            {}
            ]
          ]}
      ]}}

Future: The current implementation of the download operation is limited by the capabilities of the HTTP binding of the RUD transport. A future binding allowing operations that consist of a single request followed by a sequence of responses will allow much greater flexibility.

Future versions of the protocol may support optional filtering criteria so that the service only returns objects matching specific criteria and/or only return certain parts of the selected messages.

6.3.3. Transact

The transact transaction appends envelopes to one or more stores. The operation is atomic, that is either all the changes specified will be made to the stores or none will. This ensures that simultaneous attempts to update a store do not result in race conditions allows Mesh stores to provide ACID (Atomicity, Consistency, Isolation, Durability) properties to the applications they serve.

Clients SHOULD check to determine if updates to a container conflict with pending updates on the device waiting to be uploaded. For example, if a contact that the user modified on the device attempting to synchronize was subsequently deleted. The means of resolving such conflicts is not in the scope of this specification.

Each update to a catalog or container specifies the expected container index and apex digest. This provides a strong guarantee of consistency. The service MUST verify each update to check that the Merkle Tree values specified are consistent with the store entries and that the signature on the apex value (if specified) is valid and correct.

Services MAY impose limits on the size and number of additions performed in response to a TransactRequest message to ensure that processing time does not degrade performance for other users.

The request payload specifies the data to be appended to the stores.

{
  "TransactRequest":{
    "Updates":[{
        "Container":"MMM_Bookmark",
        "Envelopes":[[{
              "PayloadDigest":"nLPqGhIpOzHAKROd7NqK6i2E-_cbliqw9u
  U5RS7LRV7-u2LtLvXjjl3zA0U4SkoiK7lQJxcywO3gS5189D3wnQ",
              "TreeDigest":"-SDCQM4HDOThmLenmg1392iskvEeEDdhactIU
  1D7cc9m25-4LH1eY-qyLo1nijRPL5AtULixbyUOlnpPM9FEZg",
              "dig":"S512",
              "ContentMetaData":"ewogICJVbmlxdWVJZCI6ICJOQVZVLVJI
  RFEtTjdFTC1HUU5CLTdVNzUtQzRUSi0zREtPIiwKICAiRXZlbnQiOiAiTmV3In0",
              "SequenceInfo":{
                "Index":1,
                "TreePosition":0}},
            "ewogICJDYXRhbG9nZWRCb29rbWFyayI6IHsKICAgICJVaWQiOiAi
  TkFWVS1SSERRLU43RUwtR1FOQi03VTc1LUM0VEotM0RLTyIsCiAgICAiVXJpIjogI
  lNpdGVzLjIiLAogICAgIlRpdGxlIjogImh0dHA6Ly93d3cuZXhhbXBsZS5uZXQifX
  0"
            ]
          ]}
      ]}}

The response reports successful completion:

{
  "TransactResponse":{
    "Status":201,
    "StatusDescription":"Operation completed successfully"}}

6.4. Device Connection

In order to support the wide range of affordances supported by devices, four device connection interactions are currently specified. The use of these mechanisms is described in [draft-hallambaker-mesh-architecture] and the interactions themselves are described in section ??? following.

Device connection operations are always issued by a device requesting connection to a Mesh account and must therefore be authenticated under the device profile rather than the account profile. Two device connection operations are currently defined:

Connect

Requests connection to the account.

Complete

Polls for completion of a connection request.

Since the second operation is merely polling for completion of the transaction requested by the first, it is likely that these will be combined in a future revision of the specification.

6.4.1. Connect

If the connection request is initiated by the device being connected, the device constructs a RequestConnection message which is posted to the Mesh Service using the Connect operation.

If the Connect operation is accepted (i.e. the service determines it is not abuse), the service constructs an AcknowledgeConnection message which is forwarded to the inbound spool of the account to which connection is requested. The requesting device receives a copy of the AcknowledgeConnection message and the profile of the account it is requesting connection to.

As described in the following section, the AcknowledgeConnection message contains the request details presented by the device and a nonce value generated by the service. This nonce value is used to compute the witness value that will be used for mutual authentication of the device and account.

The connect request is made to the service, not the account. The payload contains the enveloped connection request:

{
  "ConnectRequest":{
    "EnvelopedRequestConnection":[{
        "EnvelopeId":"MBHZ-QYVP-T5DQ-FQAP-AWD4-FLMO-ZZJT",
        "ContentMetaData":"ewogICJVbmlxdWVJZCI6ICJOQ0FBLTdVWUEtVE
  cyQy02WFVDLVVHM0ItNFhHVC1PQklFIiwKICAiTWVzc2FnZVR5cGUiOiAiUmVxdWV
  zdENvbm5lY3Rpb24iLAogICJjdHkiOiAiYXBwbGljYXRpb24vbW1tL29iamVjdCIs
  CiAgIkNyZWF0ZWQiOiAiMjAyMi0wNC0yMFQxNjoxNzo1MVoifQ"},
      "ewogICJSZXF1ZXN0Q29ubmVjdGlvbiI6IHsKICAgICJNZXNzYWdlSWQiOi
  AiTkNBQS03VVlBLVRHMkMtNlhVQy1VRzNCLTRYR1QtT0JJRSIsCiAgICAiQXV0aGV
  udGljYXRlZERhdGEiOiBbewogICAgICAgICJFbnZlbG9wZUlkIjogIk1BQTMtQlFQ
  Wi1XV080LTdRNUItUDdBSC1GWTVDLUFUTUQiLAogICAgICAgICJkaWciOiAiUzUxM
  iIsCiAgICAgICAgIkNvbnRlbnRNZXRhRGF0YSI6ICJld29nSUNKVmJtbHhkV1ZKWk
  NJNklDSk5RVUV6TFVKUlVGb3RWMWRQTkMwCiAgM1VUVkNMVkEzUVVndFJsazFReTF
  CVkUxRUlpd0tJQ0FpVFdWemMyRm5aVlI1Y0dVaU9pQWlVSEp2Wm1sc1oKICBVUmxk
  bWxqWlNJc0NpQWdJbU4wZVNJNklDSmhjSEJzYVdOaGRHbHZiaTl0YlcwdmIySnFaV
  04wSWl3S0lDQQogIGlRM0psWVhSbFpDSTZJQ0l5TURJeUxUQTBMVEl3VkRFMk9qRT
  NPalV4V2lKOSJ9LAogICAgICAiZXdvZ0lDSlFjbTltYVd4bFJHVjJhV05sSWpvZ2V
  3b2dJQ0FnSWxCeWIyWgogIHBiR1ZUYVdkdVlYUjFjbVVpT2lCN0NpQWdJQ0FnSUNK
  VlpHWWlPaUFpVFVGQk15MUNVVkJhTFZkWFR6UXROCiAgMUUxUWkxUU4wRklMVVpaT
  lVNdFFWUk5SQ0lzQ2lBZ0lDQWdJQ0pRZFdKc2FXTlFZWEpoYldWMFpYSnpJam8KIC
  BnZXdvZ0lDQWdJQ0FnSUNKUWRXSnNhV05MWlhsRlEwUklJam9nZXdvZ0lDQWdJQ0F
  nSUNBZ0ltTnlkaUk2SQogIENKRlpEUTBPQ0lzQ2lBZ0lDQWdJQ0FnSUNBaVVIVmli
  R2xqSWpvZ0lrVTFaVXMwY1VrelRWbENlRFY0Y0hSCiAgNlkyNTRjRWhhYm5aTlFXc
  FRibkpJUmpoQmJtSjVjRTR0V1RacFpsVkhibE5mVGxRS0lDQmZhWEZhY21kdGUKIC
  BVUkxSRVJEYVVGWFNrVTBSM0E0VlVFaWZYMTlMQW9nSUNBZ0lrVnVZM0o1Y0hScGI
  yNGlPaUI3Q2lBZ0lDQQogIGdJQ0pWWkdZaU9pQWlUVUZNVnkxUldGZzBMVWxCUkVV
  dFFUUmFXUzFIVWtaV0xUZEdVbFl0Tms1TldpSXNDCiAgaUFnSUNBZ0lDSlFkV0pzY
  VdOUVlYSmhiV1YwWlhKeklqb2dld29nSUNBZ0lDQWdJQ0pRZFdKc2FXTkxaWGwKIC
  BGUTBSSUlqb2dld29nSUNBZ0lDQWdJQ0FnSW1OeWRpSTZJQ0pZTkRRNElpd0tJQ0F
  nSUNBZ0lDQWdJQ0pRZAogIFdKc2FXTWlPaUFpV1VaM1dtSjZSa053Y214RVRrNXFT
  a1ZzT0U1aVVEbEJjVlpsTmpRelFtMU9Ua0YxYjJ0CiAgSVJYVkhlakZXWHpZd1ZIR
  nlVQW9nSUVVM1dWa3RRbFpCVFU4MVVrMVBjVVIzUjNVM1dGOXhRU0o5Zlgwc0MKIC
  BpQWdJQ0FpVTJsbmJtRjBkWEpsSWpvZ2V3b2dJQ0FnSUNBaVZXUm1Jam9nSWsxQ1N
  6VXRTVkkwVXkweVIwdAogIFdMVVpJVWxjdFFrWkpOUzFTVUZKRkxVVkdUMFVpTEFv
  Z0lDQWdJQ0FpVUhWaWJHbGpVR0Z5WVcxbGRHVnljCiAgeUk2SUhzS0lDQWdJQ0FnS
  UNBaVVIVmliR2xqUzJWNVJVTkVTQ0k2SUhzS0lDQWdJQ0FnSUNBZ0lDSmpjblkKIC
  BpT2lBaVJXUTBORGdpTEFvZ0lDQWdJQ0FnSUNBZ0lsQjFZbXhwWXlJNklDSXdOVzV
  EV0V4d1NqbDFOamgzUQogIDJ0MWRUUktXalZ4VHpSMGQwbzNjVFZqYVdkUE9FSnha
  ek56WDJaMmNYWkxjbDlTZVZrMkNpQWdNVzUzWjJwCiAgSVMyRnpaMDl3V1dGeFkwU
  lhjelk0ZVdkQkluMTlmU3dLSUNBZ0lDSkJkWFJvWlc1MGFXTmhkR2x2YmlJNkkKIC
  BIc0tJQ0FnSUNBZ0lsVmtaaUk2SUNKTlJGZE1MVk5NTkVJdFMxZERWeTFYTTFoVkx
  UWkpTMW90VVVaUFZTMQogIEJSVmRhSWl3S0lDQWdJQ0FnSWxCMVlteHBZMUJoY21G
  dFpYUmxjbk1pT2lCN0NpQWdJQ0FnSUNBZ0lsQjFZCiAgbXhwWTB0bGVVVkRSRWdpT
  2lCN0NpQWdJQ0FnSUNBZ0lDQWlZM0oySWpvZ0lsZzBORGdpTEFvZ0lDQWdJQ0EKIC
  BnSUNBZ0lsQjFZbXhwWXlJNklDSjBkVGMwUVZaTFlVcDFaR1JtTTFKRWNtWjBhV0k
  wYTJWdE9WTjRNR0UzYwogIHpBdFFYVktVek5SYkVoSWMxZDZWbGxXVG1aS0NpQWdS
  MGMzV0Y5Tk4xZEtSbHBFYUZReFRqVTBZVVU0WkZkCiAgQkluMTlmWDE5IiwKICAgI
  CAgewogICAgICAgICJzaWduYXR1cmVzIjogW3sKICAgICAgICAgICAgImFsZyI6IC
  JTNTEyIiwKICAgICAgICAgICAgImtpZCI6ICJNQUEzLUJRUFotV1dPNC03UTVCLVA
  3QUgtRlk1Qy1BVE1EIiwKICAgICAgICAgICAgInNpZ25hdHVyZSI6ICJ2T3VmZENC
  XzlIVDZJOGFhclh2bW1PeU5TbC13LXh5SjlsRGpBRUU3NzY3OTN2bDFMCiAga0VGW
  XNCNWJoNnlkVzZpdGZ4N3d0eUk1aDJBWWFoNEJvc0tCUGVHNXFmSVZYMGJEX0JIek
  gzd21fcFlUaHQKICBwWlJHVWRfQ0xsR0l5cVppLWRqNnByYS1SYXRvQ0RiQmRLSWd
  QQ1RJQSJ9XSwKICAgICAgICAiUGF5bG9hZERpZ2VzdCI6ICJscmNWZ0FseGl3TTdp
  YWNsbUI0bFFPLWQxcUlZV29pbEdhMkFueEFxVkpPU04KICBIdGM4TkRabkd3VXlnN
  mI2bFpsem9WZ1FSTmdPZEdRYVZxVzZzTmYxUSJ9XSwKICAgICJDbGllbnROb25jZS
  I6ICJnWkZIMUxaTm9BQ20wLXgwdGcyOHlBIiwKICAgICJQaW5JZCI6ICJBQ0tKLUJ
  LQjMtSjc3Qi1HN0haLURGS1MtRTI2TC1OSFhXIiwKICAgICJQaW5XaXRuZXNzIjog
  Imh2Nnh2TlhPc3BBOU1ONFlWa05iNThQNUJ3cjFXQ3k1T0E2Z3RQeHkwTHFQLV9sd
  gogIFJlSFNwMUQ1TXViUHRNWW5yU3JFY0dlYlFyZXZCR0I5Nm5na1pnIiwKICAgIC
  JBY2NvdW50QWRkcmVzcyI6ICJhbGljZUBleGFtcGxlLmNvbSJ9fQ"
      ],
    "Rights":[
      ]}}

The response payload contains the information the device requires to compute the witness value and to poll for completion. This is a copy of the request acknowledgement and a copy of the profile of the account the device has requested connection to:

{
  "ConnectResponse":{
    "Status":201,
    "StatusDescription":"Operation completed successfully",
    "EnvelopedAcknowledgeConnection":[{
        "EnvelopeId":"MBW3-XXJI-WXLF-QWFQ-TTJ4-EW2D-TXZH",
        "ContentMetaData":"ewogICJVbmlxdWVJZCI6ICJIUzIyLVZPNU0tSk
  FHNC1SUVQ0LVJPSFgtUEVSSy1ZWUNXIiwKICAiTWVzc2FnZVR5cGUiOiAiQWNrbm9
  3bGVkZ2VDb25uZWN0aW9uIiwKICAiY3R5IjogImFwcGxpY2F0aW9uL21tbS9vYmpl
  Y3QiLAogICJDcmVhdGVkIjogIjIwMjItMDQtMjBUMTY6MTc6NTFaIn0"},
      "ewogICJBY2tub3dsZWRnZUNvbm5lY3Rpb24iOiB7CiAgICAiTWVzc2FnZU
  lkIjogIkhTMjItVk81TS1KQUc0LVJRVDQtUk9IWC1QRVJLLVlZQ1ciLAogICAgIkV
  udmVsb3BlZFJlcXVlc3RDb25uZWN0aW9uIjogW3sKICAgICAgICAiRW52ZWxvcGVJ
  ZCI6ICJNQkhaLVFZVlAtVDVEUS1GUUFQLUFXRDQtRkxNTy1aWkpUIiwKICAgICAgI
  CAiQ29udGVudE1ldGFEYXRhIjogImV3b2dJQ0pWYm1seGRXVkpaQ0k2SUNKT1EwRk
  JMVGRWV1VFdFZFY3lReTAKICAyV0ZWRExWVkhNMEl0TkZoSFZDMVBRa2xGSWl3S0l
  DQWlUV1Z6YzJGblpWUjVjR1VpT2lBaVVtVnhkV1Z6ZAogIEVOdmJtNWxZM1JwYjI0
  aUxBb2dJQ0pqZEhraU9pQWlZWEJ3YkdsallYUnBiMjR2YlcxdEwyOWlhbVZqZENJC
  iAgc0NpQWdJa055WldGMFpXUWlPaUFpTWpBeU1pMHdOQzB5TUZReE5qb3hOem8xTV
  ZvaWZRIn0sCiAgICAgICJld29nSUNKU1pYRjFaWE4wUTI5dWJtVmpkR2x2YmlJNkl
  Ic0tJQ0FnSUNKCiAgTlpYTnpZV2RsU1dRaU9pQWlUa05CUVMwM1ZWbEJMVlJITWtN
  dE5saFZReTFWUnpOQ0xUUllSMVF0VDBKSlIKICBTSXNDaUFnSUNBaVFYVjBhR1Z1Z
  EdsallYUmxaRVJoZEdFaU9pQmJld29nSUNBZ0lDQWdJQ0pGYm5abGJHOQogIHdaVW
  xrSWpvZ0lrMUJRVE10UWxGUVdpMVhWMDgwTFRkUk5VSXRVRGRCU0MxR1dUVkRMVUZ
  VVFVRaUxBb2dJCiAgQ0FnSUNBZ0lDSmthV2NpT2lBaVV6VXhNaUlzQ2lBZ0lDQWdJ
  Q0FnSWtOdmJuUmxiblJOWlhSaFJHRjBZU0kKICA2SUNKbGQyOW5TVU5LVm1KdGJIa
  GtWMVpLV2tOSk5rbERTazVSVlVWNlRGVktVbFZHYjNSV01XUlFUa013QwogIGlBZ0
  0xVlVWa05NVmtFelVWVm5kRkpzYXpGUmVURkNWa1V4UlVscGQwdEpRMEZwVkZkV2V
  tTXlSbTVhVmxJCiAgMVkwZFZhVTlwUVdsVlNFcDJXbTFzYzFvS0lDQlZVbXhrYld4
  cVdsTkpjME5wUVdkSmJVNHdaVk5KTmtsRFMKICBtaGpTRUp6WVZkT2FHUkhiSFppY
  VRsMFlsY3dkbUl5U25GYVYwNHdTV2wzUzBsRFFRb2dJR2xSTTBwc1dWaAogIFNiRn
  BEU1RaSlEwbDVUVVJKZVV4VVFUQk1WRWwzVmtSRk1rOXFSVE5QYWxWNFYybEtPU0o
  5TEFvZ0lDQWdJCiAgQ0FpWlhkdlowbERTbEZqYlRsdFlWZDRiRkpIVmpKaFYwNXNT
  V3B2WjJWM2IyZEpRMEZuU1d4Q2VXSXlXZ28KICBnSUhCaVIxWlVZVmRrZFZsWVVqR
  mpiVlZwVDJsQ04wTnBRV2RKUTBGblNVTktWbHBIV1dsUGFVRnBWRlZHUQogIGsxNU
  1VTlZWa0poVEZaa1dGUjZVWFJPQ2lBZ01VVXhVV2t4VVU0d1JrbE1WVnBhVGxWTmR
  GRldVazVTUTBsCiAgelEybEJaMGxEUVdkSlEwcFJaRmRLYzJGWFRsRlpXRXBvWWxk
  V01GcFlTbnBKYW04S0lDQm5aWGR2WjBsRFEKICBXZEpRMEZuU1VOS1VXUlhTbk5oV
  jA1TVdsaHNSbEV3VWtsSmFtOW5aWGR2WjBsRFFXZEpRMEZuU1VOQlowbAogIHRUbm
  xrYVVrMlNRb2dJRU5LUmxwRVVUQlBRMGx6UTJsQlowbERRV2RKUTBGblNVTkJhVlZ
  JVm1saVIyeHFTCiAgV3B2WjBsclZURmFWWE13WTFWcmVsUldiRU5sUkZZMFkwaFND
  aUFnTmxreU5UUmpSV2hoWW01YVRsRlhjRlIKICBpYmtwSlVtcG9RbUp0U2pWalJUU
  jBWMVJhY0Zwc1ZraGliRTVtVkd4UlMwbERRbVpoV0VaaFkyMWtkR1VLSQogIENCVl
  VreFNSVkpFWVZWR1dGTnJWVEJTTTBFMFZsVkZhV1pZTVRsTVFXOW5TVU5CWjBsclZ
  uVlpNMG8xWTBoCiAgU2NHSXlOR2xQYVVJM1EybEJaMGxEUVFvZ0lHZEpRMHBXV2tk
  WmFVOXBRV2xVVlVaTlZua3hVbGRHWnpCTVYKICBXeENVa1ZWZEZGVVVtRlhVekZJV
  ld0YVYweFVaRWRWYkZsMFRtczFUbGRwU1hORENpQWdhVUZuU1VOQlowbAogIERTbE
  ZrVjBwellWZE9VVmxZU21oaVYxWXdXbGhLZWtscWIyZGxkMjluU1VOQlowbERRV2R
  KUTBwUlpGZEtjCiAgMkZYVGt4YVdHd0tJQ0JHVVRCU1NVbHFiMmRsZDI5blNVTkJa
  MGxEUVdkSlEwRm5TVzFPZVdScFNUWkpRMHAKICBaVGtSUk5FbHBkMHRKUTBGblNVT
  kJaMGxEUVdkSlEwcFJaQW9nSUZkS2MyRlhUV2xQYVVGcFYxVmFNMWR0UwogIGpaU2
  EwNTNZMjE0UlZSck5YRlRhMVp6VDBVMWFWVkViRUpqVmxwc1RtcFJlbEZ0TVU5VWE
  wWXhZakowQ2lBCiAgZ1NWSllWa2hsYWtaWFdIcFpkMVpJUm5sVlFXOW5TVVZWTTFk
  V2EzUlJiRnBDVkZVNE1WVnJNVkJqVlZJelUKICBqTlZNMWRHT1hoUlUwbzVabGd3Y
  zBNS0lDQnBRV2RKUTBGcFZUSnNibUp0UmpCa1dFcHNTV3B2WjJWM2IyZAogIEpRME
  ZuU1VOQmFWWlhVbTFKYW05blNXc3hRMU42VlhSVFZra3dWWGt3ZVZJd2RBb2dJRmR
  NVlZwSlZXeGpkCiAgRkZyV2twT1V6RlRWVVpLUmt4VlZrZFVNRlZwVEVGdlowbERR
  V2RKUTBGcFZVaFdhV0pIYkdwVlIwWjVXVmMKICB4YkdSSFZubGpDaUFnZVVrMlNVa
  HpTMGxEUVdkSlEwRm5TVU5CYVZWSVZtbGlSMnhxVXpKV05WSlZUa1ZUUQogIDBrMl
  NVaHpTMGxEUVdkSlEwRm5TVU5CWjBsRFNtcGpibGtLSUNCcFQybEJhVkpYVVRCT1J
  HZHBURUZ2WjBsCiAgRFFXZEpRMEZuU1VOQlowbHNRakZaYlhod1dYbEpOa2xEU1hk
  T1Z6VkVWMFY0ZDFOcWJERk9hbWd6VVFvZ0kKICBESjBNV1JVVWt0WGFsWjRWSHBTT
  UdRd2J6TmpWRlpxWVZka1VFOUZTbmhhZWs1NldESmFNbU5ZV2t4amJEbAogIFRaVl
  pyTWtOcFFXZE5WelV6V2pKd0NpQWdTVk15Um5wYU1EbDNWMWRHZUZrd1VsaGplbGs
  wWlZka1FrbHVNCiAgVGxtVTNkTFNVTkJaMGxEU2tKa1dGSnZXbGMxTUdGWFRtaGtS
  MngyWW1sSk5ra0tJQ0JJYzB0SlEwRm5TVU4KICBCWjBsc1ZtdGFhVWsyU1VOS1RsS
  kdaRTFNVms1TlRrVkpkRk14WkVSV2VURllUVEZvVmt4VVdrcFRNVzkwVgogIFZWYV
  VGWlRNUW9nSUVKU1ZtUmhTV2wzUzBsRFFXZEpRMEZuU1d4Q01WbHRlSEJaTVVKb1k
  yMUdkRnBZVW14CiAgamJrMXBUMmxDTjBOcFFXZEpRMEZuU1VOQlowbHNRakZaQ2lB
  Z2JYaHdXVEIwYkdWVlZrUlNSV2RwVDJsQ04KICAwTnBRV2RKUTBGblNVTkJaMGxEU
  VdsWk0wb3lTV3B2WjBsc1p6Qk9SR2RwVEVGdlowbERRV2RKUTBFS0lDQgogIG5TVU
  5CWjBsc1FqRlpiWGh3V1hsSk5rbERTakJrVkdNd1VWWmFURmxWY0RGYVIxSnRUVEZ
  LUldOdFdqQmhWCiAgMGt3WVRKV2RFOVdUalJOUjBVell3b2dJSHBCZEZGWVZrdFZl
  azVTWWtWb1NXTXhaRFpXYkd4WFZHMWFTME4KICBwUVdkU01HTXpWMFk1VGs0eFpFd
  FNiSEJGWVVaUmVGUnFWVEJaVlZVMFdrWmtDaUFnUWtsdU1UbG1XREU1SQogIGl3S0
  lDQWdJQ0FnZXdvZ0lDQWdJQ0FnSUNKemFXZHVZWFIxY21Weklqb2dXM3NLSUNBZ0l
  DQWdJQ0FnSUNBCiAgZ0ltRnNaeUk2SUNKVE5URXlJaXdLSUNBZ0lDQWdJQ0FnSUNB
  Z0ltdHBaQ0k2SUNKTlFVRXpMVUpSVUZvdFYKICAxZFBOQzAzVVRWQ0xWQTNRVWd0U
  mxrMVF5MUJWRTFFSWl3S0lDQWdJQ0FnSUNBZ0lDQWdJbk5wWjI1aGRIVgogIHlaU0
  k2SUNKMlQzVm1aRU5DWHpsSVZEWkpPR0ZoY2xoMmJXMVBlVTVUYkMxM0xYaDVTamx
  zUkdwQlJVVTNOCiAgelkzT1ROMmJERk1DaUFnYTBWR1dYTkNOV0pvTm5sa1Z6WnBk
  R1o0TjNkMGVVazFhREpCV1dGb05FSnZjMHQKICBDVUdWSE5YRm1TVlpZTUdKRVgwS
  klla2d6ZDIxZmNGbFVhSFFLSUNCd1dsSkhWV1JmUTB4c1IwbDVjVnBwTAogIFdScU
  5uQnlZUzFTWVhSdlEwUmlRbVJMU1dkUVExUkpRU0o5WFN3S0lDQWdJQ0FnSUNBaVV
  HRjViRzloWkVSCiAgcFoyVnpkQ0k2SUNKc2NtTldaMEZzZUdsM1RUZHBZV05zYlVJ
  MGJGRlBMV1F4Y1VsWlYyOXBiRWRoTWtGdWUKICBFRnhWa3BQVTA0S0lDQklkR000V
  GtSYWJrZDNWWGxuTm1JMmJGcHNlbTlXWjFGU1RtZFBaRWRSWVZaeFZ6WgogIHpUbV
  l4VVNKOVhTd0tJQ0FnSUNKRGJHbGxiblJPYjI1alpTSTZJQ0puV2taSU1VeGFUbTl
  CUTIwd0xYZ3dkCiAgR2N5T0hsQklpd0tJQ0FnSUNKUWFXNUpaQ0k2SUNKQlEwdEtM
  VUpMUWpNdFNqYzNRaTFITjBoYUxVUkdTMU0KICB0UlRJMlRDMU9TRmhYSWl3S0lDQ
  WdJQ0pRYVc1WGFYUnVaWE56SWpvZ0ltaDJObmgyVGxoUGMzQkJPVTFPTgogIEZsV2
  EwNWlOVGhRTlVKM2NqRlhRM2sxVDBFMlozUlFlSGt3VEhGUUxWOXNkZ29nSUZKbFN
  GTndNVVExVFhWCiAgaVVIUk5XVzV5VTNKRlkwZGxZbEZ5WlhaQ1IwSTVObTVuYTFw
  bklpd0tJQ0FnSUNKQlkyTnZkVzUwUVdSa2MKICBtVnpjeUk2SUNKaGJHbGpaVUJsZ
  UdGdGNHeGxMbU52YlNKOWZRIl0sCiAgICAiU2VydmVyTm9uY2UiOiAiVHhOY3Eyck
  5JSzhCZ0did215Q2NCdyIsCiAgICAiV2l0bmVzcyI6ICJIUzIyLVZPNU0tSkFHNC1
  SUVQ0LVJPSFgtUEVSSy1ZWUNXIn19"
      ],
    "EnvelopedProfileAccount":[{
        "EnvelopeId":"MAMQ-ETEA-JBL3-6UKE-LRNT-DGC3-OIDF",
        "dig":"S512",
        "ContentMetaData":"ewogICJVbmlxdWVJZCI6ICJNQU1RLUVURUEtSk
  JMMy02VUtFLUxSTlQtREdDMy1PSURGIiwKICAiTWVzc2FnZVR5cGUiOiAiUHJvZml
  sZVVzZXIiLAogICJjdHkiOiAiYXBwbGljYXRpb24vbW1tL29iamVjdCIsCiAgIkNy
  ZWF0ZWQiOiAiMjAyMi0wNC0yMFQxNjoxNzoxN1oifQ"},
      "ewogICJQcm9maWxlVXNlciI6IHsKICAgICJQcm9maWxlU2lnbmF0dXJlIj
  ogewogICAgICAiVWRmIjogIk1BTVEtRVRFQS1KQkwzLTZVS0UtTFJOVC1ER0MzLU9
  JREYiLAogICAgICAiUHVibGljUGFyYW1ldGVycyI6IHsKICAgICAgICAiUHVibGlj
  S2V5RUNESCI6IHsKICAgICAgICAgICJjcnYiOiAiRWQ0NDgiLAogICAgICAgICAgI
  lB1YmxpYyI6ICJuaTg1UWphTTh3VTV2Um9LbXdueEQwRjljNFNLMzAzTWswR2FkNV
  dsSjhoZ0JpWVd3OW9OCiAgem1pMzJzdzhYQW1lcjZVTTBTb1RjMjRBIn19fSwKICA
  gICJBY2NvdW50QWRkcmVzcyI6ICJhbGljZUBleGFtcGxlLmNvbSIsCiAgICAiU2Vy
  dmljZVVkZiI6ICJNRFNLLUVVSFMtUVhHRC1MS09GLUFWQzctVjJSSC1MVjZaIiwKI
  CAgICJFc2Nyb3dFbmNyeXB0aW9uIjogewogICAgICAiVWRmIjogIk1CWlAtV1pBWi
  1CNktRLU1ZWVAtSDdLRC1WVkJBLTdUNlUiLAogICAgICAiUHVibGljUGFyYW1ldGV
  ycyI6IHsKICAgICAgICAiUHVibGljS2V5RUNESCI6IHsKICAgICAgICAgICJjcnYi
  OiAiWDQ0OCIsCiAgICAgICAgICAiUHVibGljIjogInRSODVSQ3FXdjgtWDVCazBOV
  TRFVmxqUUZKNTg1Rk5FM1p3eVd6WFNWdEpIaXgwRlo3aloKICBRN3hnOXV1cnc4S0
  9LbDVNMFVXN0xMT0EifX19LAogICAgIkFkbWluaXN0cmF0b3JTaWduYXR1cmUiOiB
  7CiAgICAgICJVZGYiOiAiTUJEVi1YWE5ILTJSVUItUkJNWi01Tkc3LUwzQ0QtM1RI
  ViIsCiAgICAgICJQdWJsaWNQYXJhbWV0ZXJzIjogewogICAgICAgICJQdWJsaWNLZ
  XlFQ0RIIjogewogICAgICAgICAgImNydiI6ICJFZDQ0OCIsCiAgICAgICAgICAiUH
  VibGljIjogIkhVd040UlZoR2N6RmxPbTJiRGNldnZWWXlkNmdqZHEzM1FxVjhVcTM
  5ZEdhc1J6UW45X1AKICBWZ0NCUklfOE1qaXZlclRLZGFhRUkzMkEifX19LAogICAg
  IkNvbW1vbkVuY3J5cHRpb24iOiB7CiAgICAgICJVZGYiOiAiTURQUi1GSlZXLUdLN
  VotMkxKQS1MTVlWLVhTQ0gtSEUyQyIsCiAgICAgICJQdWJsaWNQYXJhbWV0ZXJzIj
  ogewogICAgICAgICJQdWJsaWNLZXlFQ0RIIjogewogICAgICAgICAgImNydiI6ICJ
  YNDQ4IiwKICAgICAgICAgICJQdWJsaWMiOiAiNTVqVWttcW4zZ3dHMGIySHpEVnUz
  SGxmNXNPNkdnVmxqX3ZhWUZ3QUVrc0RjTXkzd3l2VQogIHd0OW9qa2VVS1Q2MzA0R
  HdmcmgtVXc4QSJ9fX0sCiAgICAiQ29tbW9uQXV0aGVudGljYXRpb24iOiB7CiAgIC
  AgICJVZGYiOiAiTUJWSS1FV0xPLUVJN0otT1ZBSy1HR1pILTZZSFctWkpTVSIsCiA
  gICAgICJQdWJsaWNQYXJhbWV0ZXJzIjogewogICAgICAgICJQdWJsaWNLZXlFQ0RI
  IjogewogICAgICAgICAgImNydiI6ICJYNDQ4IiwKICAgICAgICAgICJQdWJsaWMiO
  iAiZlRVM1RlQjEtN0s4U1pwbzR0UXhaUHBKQWItX2QzTklkSmhsa3hXYWlab2dKUk
  VLOWFkUAogIGY5S25zNW1xcjExVVRUb0lNaHpmZEphQSJ9fX0sCiAgICAiQ29tbW9
  uU2lnbmF0dXJlIjogewogICAgICAiVWRmIjogIk1BTVAtQlg0Ry1BS0syLVlIUEEt
  SVhKVi1aMktWLVVYQlciLAogICAgICAiUHVibGljUGFyYW1ldGVycyI6IHsKICAgI
  CAgICAiUHVibGljS2V5RUNESCI6IHsKICAgICAgICAgICJjcnYiOiAiRWQ0NDgiLA
  ogICAgICAgICAgIlB1YmxpYyI6ICJZNi1EMkRiYktsYVZYdkc1WlF3ZUxkNV9rUDF
  FQ0FDUjQwYkRtcGctWTRLczkyRk5lLXV5CiAgc1dVck1fTG1RS09JUGpqcjVMOE5P
  QkVBIn19fX19",
      {
        "signatures":[{
            "alg":"S512",
            "kid":"MAMQ-ETEA-JBL3-6UKE-LRNT-DGC3-OIDF",
            "signature":"FOqGS7sd-l-iXeW0NnWOIUbmJxw0SLBHk_F4VYya
  8AIu23JVKebgbH-MtSAK_-0FVuXyWcRUdT8AsHeGljsGe7Y9tN4q_NT8tIASs9ZsZ
  a4HXUyAB3vOzMuSO6wi5bHehc-zWhkEPZhvdiBMcizkODYA"}
          ],
        "PayloadDigest":"pbnx3FGeWuZWOrANRD5vo3UYnkZRpHGmpLwSWVJn
  sNZ4SFe4qVn-hfNrZ557hnJhp4aD7EN2p6B7IVNMmuK_9w"}
      ]}}

6.4.2. Complete

The complete operation is used to complete the binding of a device to the account regardless of whether the operation is initiated by the administration device or the connecting device.

The complete request is made to the service, not the account. The payload specifies the account the device is requesting completion for and the identifier of the completion message.

{
  "CompleteRequest":{
    "AccountAddress":"alice@example.com",
    "ResponseID":"MCXK-BPYI-YM5Y-N4LL-SFZV-FXIC-AHX2"}}

The response payload:

{
  "CompleteResponse":{
    "Status":201,
    "StatusDescription":"Operation completed successfully",
    "EnvelopedRespondConnection":[{
        "EnvelopeId":"MDAB-RJHV-L6YJ-MMJQ-7NMX-KEC3-OV7F",
        "enc":"A256CBC",
        "Salt":"O8Uj4gwarhvGVXtHSZILuw",
        "recipients":[{
            "kid":"MALW-QXX4-IADE-A4ZY-GRFV-7FRV-6NMZ",
            "epk":{
              "PublicKeyECDH":{
                "crv":"X448",
                "Public":"esrl5mubQKc6CuEwUCfddN8mPL6y-Zgbqto_mWt
  RVOCd5aUdaH4GYAs11vS10ghxl0Tx46VA4CqA"}},
            "wmk":"lnwh_VDch144FOT3VBuOr4GqxSKP_ibMl5GzjpsdYnV-DH
  g_RgFEjg"}
          ],
        "ContentMetaData":"ewogICJVbmlxdWVJZCI6ICJNQ1hLLUJQWUktWU
  01WS1ONExMLVNGWlYtRlhJQy1BSFgyIiwKICAiTWVzc2FnZVR5cGUiOiAiUmVzcG9
  uZENvbm5lY3Rpb24iLAogICJjdHkiOiAiYXBwbGljYXRpb24vbW1tL29iamVjdCIs
  CiAgIkNyZWF0ZWQiOiAiMjAyMi0wNC0yMFQxNjoxNzo1MloifQ",
        "SequenceInfo":{
          "Index":3,
          "TreePosition":426},
        "Received":"2022-04-20T16:17:52Z"},
      "i2vnt33aAT5G2z1GpX34VU2Za7xBLIuh89Pb2igJgnMreLANZgTCLxeiH7
  7hfPk2Y6IJuLjOMx7asQhAVbQxlTtTSGZLetwH2yI8L4SJc0xZvNGJph4Yp1o9lvv
  gtrHUbMWZotTFPPkCK7OQUKggxG6EhcmLqh3NHklcVf0wJSw8GnrICThwRA14kE_P
  OCB-YaknBUbPDcjUF6h3kqmzQpUKdECkRYfP4fvH__UhPHApDU9x8vkdT2DAi9lM0
  m2tVygkCdr8FWF69fXY7jCuehm73alPKex1AGvUxW_whD_xX26Jtn9sRlwYNdpudP
  vVOUAqNmixjFuGRa_toPlkkKQYpsLR9IhQo0uNySh69xF7qnqsDEdjHialrZR_7w2
  M_KSsFXwscfwzNswqBAWv_MEalKzhCa7c7OQGfJc1gaTpCGIkIlQbZMsUM6GQSc48
  w4rcfncYmCe8JnxdGX9dc87RisB0WjBJN7zQB_HCZRKPcpcLYtF-XwwjLuhY2bLGt
  kw8LrpX_TPiNSJpJ1Tkna2C6NyoQuDc_wouv9SYDKkbi3vf2jRQ7rWdAgM1O5m-yO
  ab3N7gxGEkoGznPxdyufZ0GlBBRPCFk5HTh7bawMiXXdTHVSogY1CGoZwASeeMLNM
  0EP2jgPc6slb-LR6ppeH719OrtwU3mV2ViYG_-jesL9A5SgEsjHomGDQihnWWD1LW
  9B5lebjGnKPDn8yA_TGlpvKpazJiTuxa88BpEumOJ8RJHjnuM0gU6PzQDFc120F6s
  2P6c2ImpnUD4178SoFgXTZaKm6Ak06M_DR-J8yV03gbiBKvHa9QAAgx-e_mq69Jan
  qfI5OZeU_Ysm8k4HM6AHW2ed8Nzh7xPqsT1s5Gm7RRkELl4VaWY7gSBHsHxc5k7ON
  CF3ahlokXgInUOv4nJ_VPVGwBk-x2Pr4cJecCSNb6I39p3bHkyX_Cd3J3OZvnoPyH
  HsAeOyBgWfya8VbBbQr0_YbfuyeTzxcXVfJog78o5w3LXTT7qnkhsA0wnMNiC4Miz
  F6jDhVezcoHmgvSLw7zlXbY9KJl9eCaEKQsdnYLEPg8QzvngcbOVat1TkCtJ73Gr5
  RY9n3ScQwvZD7h0FECForUOR8YAG0eOrtbDRzqJkCqmQtPfD48IxDk58GFh71BYPq
  pXg3_TlYChPdZLr5vCt9YRZGyC1RCSSD3VGW6stYkkSxhWC7EtmxeMjLBFOEVP1eD
  260FW1YY1p-7vTrHEUa_2P-fTNWdljIZvWr-WZg5HdzA_MHAxT6doyFY3khy3skgb
  kHK0Nek9y3QaT2MbMP66Fnq6iDCy1mlP2i25wt1cwzFu0lMv8WDrg-q-2-90_G7dH
  r6MunCniPMwwM8pMAOlR0O9D31sM7Blyjs2wB4HtgwAvyr2PYr9O4eovAzAldj4I-
  zRAhxxczC2WyiolUQp0w1PAL00rLmZ6AU0JtK_EKd3NxDt4a2VRxFDsaqpMz5U-3e
  Yk2Xp_Lx-ddSJt648-D-OSLJANnbDg83yMhDOW1TqVNLB9McAuflVQ2j9gT_QS65M
  Fxi_wM3oxua4jDjWE2kq3GHZHFPrp5BJvC6Wcqz5dgO0vQzvc1vhnvOekrwNJMh6Y
  5JRqRG7J0QHw0zKmwhkVdtGGc_OU5xfvPOMqzEaG9TqD8SvJTWK7uBZ6vLAISzhQV
  vnsisIAc70C_6JcILwsHA0fvi7OToKlLPLruRLZXKsGkUvpfWDA9R09Gud_l-EHYS
  RapKxfJr-7YCTpLmdNjTIbvPP5m5dPvWFi_FgP5MNwamuB55nRM3j_dn8-i1MdEI-
  2RXMnKCtFX5U6FeS5f1HTRjRXBS0rX-rSISmZ9q81igy27X7Ym_OU-YwVfdiDbHB1
  PWNb6dcxIyt72MYmBcgij0bZLVDifNmMWt3rhj4F6nK_9wi7v8hEYoDJRel8ZgMzR
  BbFUEl9lfCKI7uJMQ6PlX9KEGFaRsWIrI8tmObWOeK7DRBPcVS1lHSE-cjwH8oZng
  AZWEh3Mw5OQhGOwg15W5wQHbZQ1qMl8HHebqStq6x_k-P8vQQXN0ZfCGCJIzAycI1
  2t80pwAzmFiK01_IxqlUpJaAZwqVAw2QPJvMzoIzmAY4Q7TjlQWpRALilN1gAgh4K
  ON6QQUGFAhANkffw2PYA3xrR6EHt7ODQLUpArEey6Ua25HJOJa4pX_Q9DSAFkRdER
  UVtJd6pScTtrs9sKgpoMWlTtvF4yDB7uDyPO4PYM0n6HsXBtvBjH9N-KjJV07UIuR
  0tvG_ghZOZtvEnhcwSHNAAJLU8qdiRF7yxApz0Cg5cqEac18Kwf43DQAMn6XeDp5e
  GrO7rpd80BBQw04XNa_CCg9A4PvUNNWH9rnX9Uq70Rw5gCkqYUAHzQsoSRuNAh-Tp
  jE7GpeGQQF_tc3438qbq1LU7M1PV4LcLtX45H2tYpVCUUYoem6YlYgxa1bdbS-dtC
  JYGlp997n2VuBau-Sfsa2EHMPc43KH12FgvqKh8CnKvOXYf7ynBlnccWhSknNvHqr
  IUMGel3TuuGQyvEU3F_4LrFPDP9oZ0ObZaks39125vkSr9zsDBcbgfWAykaOZ-H7L
  Et1UNbQ_oxaF0mbj8wOynCKqSJBTCNE7X98WmAKzIrPr2mdLIdmWG_-65Q6KfwO3F
  Qc-pPOnTqfG5keyz15C2Vu8IqfJ1yHp_0e5Y1R1WHh98MXyFPWPe5FE1h5FYOqC36
  K1XcjqxMXpVv-oDs_Bi1JVkQ_WsrIYxoV2ZnaNxv3Tsn8FHZDsgBTuZZALbRuKb1B
  KuzBpfzDl81UeKefZmL1jGnfT8pV8CH_xr_jZmWvNOKWIEQH7P-J5W29Uf1wTsaC_
  -QCoOuPRcbDyHgNRy7RQkI2ptsHFg39NZTxLTBcWMCGFPMHoQh5OTCFjAHjt9Ugwj
  a4Nq31rOEA-2E5PXdXbBXbasLFsvaKQ8PxZWryel50ujaT-eVO2QB7zYVXaROoAov
  UAF6Lj_UEeLrsrFVFwqMJPR3ZvRnSdYXyL6cLbmg45GyPRWO92I_lK59AnW-U8gGg
  3CgjwXlBhO5YdDbla2NwnVp4DRYhiClmr55KaIpOB9SC-UNVlKUQ8S8d68M0KJv0y
  cfIjLM_ptiHFK3RmxhR9L_U2iYs36DJvfe_GYCGDX1wFAXA2uHCK0gVYGhp_R3l6U
  xRXBmL4ayZR7dcmeiuS_yWGHzKBsmfVHa9-wADzYxNoo0v3OQX7DMIYjriH7-jTUN
  hkmZuZJo6o-7wQF_kbhuu-ukDi0AC4-2U3FEqNvNA5JwZWvaEC0EY1VVJSg_fAPjO
  w_m4OPLRk2cTh5PpfbBCM_VzdFSAng_JhpMEOE05NP8Iha3KUeClhpZTIttPbuKod
  oO9whAq3GZRnesDr9BoccsL_cAFfjjf9Zf5AfPriLxC49q-kDkpaLIWE1NCwUL_48
  McF_9cUgq4nWyzOTbNcVvtmIimQiEvK8x-Mh__ge-ttkRGvGo8Cpp7dy9A4ctAcOM
  f12HYRn8jk4ndu8wipkwpkJ5KmvJAm35amQ4oxPOniTUGqTaFXg8InNBcbPQC3a5x
  VKafF4T27trV8nndvjJl1fOImKtWtVQPSSn_xZ3xMphYbnQutFlyHRBgZ_Ta9OqfY
  uUgRjCiPYCDf_UO0cXZFgj38eSBQvRuyg9iMZb74bXlMPD1V0OTYC4D2K0V4RlKsg
  v-pUL-3QXMqgLv6F2YIXcrNID-THOUhrW88983V8PLz1pweVvCGfAk0Mx-rHJgWW8
  R0Fwh4fqVEGEOqELsrbePfzfGYrDQ9L4MUgNYj-QRacWSTSOzgMNX3aODT_GkJArM
  xZX9ap9-f0Pecf0d_pzffvflxX-edhBhyGAXFddxlsCXjR-evGXZJa62UN9cxpMCc
  WjdwEOji0a1SkB_syjPbPV8qwUK9b_bT00NgYnOJxTDMO-IOAZuq2NIPnxCNoei23
  nmvBgR9JRco6RUaYq8XA0GdPFuuS7FkGed30g_syYkKupqEce0avEYB4Zo5qQJ1xG
  Mzcd3zRJq5q6AX5qUqi9m0cN-y-dwRM9u1K-BrKMRfgTP-ljSFbpjopniMw4NhW6z
  wO0jO6j1Ca5Zx94_8AsWcjs_Slhl916mNO3oZpdQ8q8knLIhMlxegTArY8ygIWkdt
  1nlfbnfE2irEoW_Cs4m8XDntpQhFiLnTWyc2tqBRnswIZ12A-seHYNYgcYkdjQxah
  RDNqegKMx9UhziHuf0herXC7APrRWwcOtWxfDpNQ02OTjdVgIu6DFZm8UfobBhP-v
  yO2SXRXNxbchb_X4-VYThF0w5WZ-zXczJvrEgB5hLhEyPd3DJI_z6keUS_aOccXd0
  EsL4YjjXzHdM3rTWb9sx1RGF0McSP9Oesctb6rd-9hru_w7lZGCmNWBUjIpb5frlk
  ep97XgWc9g-QHqWEFVCLqRLC5oN-bfm_YlKgOve221FVl3fgCY_Lt9EHz6ezdhxLF
  48CMdSR4McZqdvHdvl2BGJ91waDQGCxVo5viml695Vjc2UFfTTS-m_UKE2XTD_gRQ
  ry8Cm2sjwwIkgPfajTFmWvrnuwJKD6XZ2nJay_WaRDFIvnSwUC6lc9sklISUN-KUD
  m0N9h13_yf1oeBfBuYWkWpGsHA7gh84Fron2q_HRIvFonusa2iUdYC_Jpc-33KMgv
  QVuBmUtDmwnVP5oUyl6Rc5jIogJI1hOdM7pA9KaUqJIzhlRGNTkXhJdvssIQwGJD9
  jTt9eiEJ77J5t6WrrqSsEt-X6xVS7yclQbOObz6vTWtAtu-pMXPL2v5cGRZT-1EuM
  gv_ONcfVkM1ayEMn7SWSh0bWhAWIYlF0FdC9tj1OqPxqAIYdQ8HvUGIY7bfvhiS-G
  Yis0warjM5DCs57yEGWnQoYoa86VZwkXBwjJNAifZZSrxWDFWP8LymB3scuRTiqy8
  IYaeeXxq_kUYEyKub_9Qxo-XH6QTLDKiEZEnMY-nLzhrEUSiPrrdafIopvgddXoF_
  FhLtKAVg0c81s-oDZxJMf571r3T3JPveK6xWj_jYbQEbdKba1_WYgG_5BrcJwX613
  FjzznV1H1r1lhXC_tnoJoydmLjNRnE_s6sjlMNgg_VwMpDc1Yy9zazfe5rsplwCfv
  rEcJQx3otshuhGOKDHPY_-CWIjX51vPMN6KKkZTp5tSikzumezx-dqa5F9d6FYszs
  FT6Hg5ke8Plx-1xHnTDaM1LsJ0KsKUofizJ3hBMynRbA5mfxx4HdgjDbNJIKjCKI3
  cccN1gmXXMk_-68YER7IA0lcsIvK8JeUQ1oN3yTBch4zIb4jlG4p56y7tam7mndOj
  InYhatoArpVK-FDXIKS2E_OrpwgHaF50wlC-kPtkf8xXBy1Hho8BrsVbSoENHbPUd
  G7mTpjVQzVRRwvRx6-Gj5uE1YbWUovofYFmAV-H0BlMi64T8_d3fLIImktI5wHF9d
  5c6EKdF-0zChz8I8hvZVtEzxU1URFGePmwbrDIH9iyIeijfdGLvVUd8wIVVPxF8iD
  2uUD6afQBma0A304GI7UR7RDg7NNpsG_JzQeeptd0kQBilT8OoIFrfThEFiPfKD4p
  7biPLhR5GWIatO-RbGPA4x5ZhPe7egDdYneicIN_lnV6dNt6CTHc1o-ZQYG_PicNB
  nYPjL6DCtK4rvJ-7xAWxzttr2h-ESBu-_yTLYSxTAuXI2AsTT_1NvRuqUnkM32uAU
  NM1gQPp-fVvbZjJGbyNwcD6LQP_LjndXOllkEbfc8gwVgnsZAm85LGdDvXLSXBXFu
  t8zzGduwKLJqqMdLJRzZrOB4vwJOxOOTzbp94pvHRZvgGTHuxRjO3y1Hi16end8Sr
  u6oOMT-dZS7G2Ky340ElxzWFGOvogoBIu9r6mz5UWd8q9B75yOMSvoSyk_vi97f22
  2AwaRlF4GIor1J6zNgPqoOxynF1748e0XF8kKD_84ydUuk_MP4UrB_xPCMDmUICcC
  5fGjPYu-BUyVWYSZMBq7XmUHZH5tUBVOuOV1mbEcR3PwtsyF1us88BznRBqaMZ3X8
  kKY-2nRjqxVwAldpJyoeL5YCbZzV74FflGfhNgFoSorOAn033fhaajIFb501W0ftm
  WcEFC7fLPse8FU1HLBrNSdmytdTWLzD-0iGPychvfWWhddz0ON3rXonjmawU7fznP
  JUMDH90IIteh4Pu5rLNZNaYB_phMXXoBWz3eq7U7_d4FD3SdXezFPpqX8IPlpORgo
  pCH59YAcOQXKzT1hn1oIGkDreN7ODAlw58YhiUWbwdADhkBKd6lzxzjRCmuvqGUG2
  HRCJwQxvsHnv51hgnSw9K-z4ejEjO_jDP1__jS7_kjT1pGxpfZ41i170EsxXitkWg
  fEeBifO8nc12PXxtx0tCl0XFVQPrNw8Q86gGT5m4LOviy7rV8FstOnHbRNKREvvOJ
  woyimYrW-gAgrA30bp1QulnfNYs4GciCXn3-nncFCrxfSsE5Zfv187vHin23rLd3a
  ujseWbHxoUgLNjtRlvSpmqJIN7Dd5Jt8Mx9EACQjqRS9w4V-6HTrlqyMeEqXqIpH7
  nzowBfClRWKKNMJuSFWwuQV1bS6V-bNRMBmBF-0Gn_mxcR03pwQMpq4SdMlOIKoNG
  GRaA3zrUPfP_ErEDaDMJMfiFrG1RRcWpRVx-PVNcw7dDd-6-pXD4ziG-AFx9vrZSM
  dJvqoOI5LVgAh0JjZjU2pKwuBCofh502CVTEBYDq1lI4NneOY_mZRLCqqW9mTFFEE
  3O4HZsITZwvqg1yL3FeBt-LAL7OQDkdU0Jluioapy1L-ffeTsps_Mou7F0Y5hJ7vx
  fNdFC-gKBEJUC7OWt0pzFsrttB8iw8PjAoeLt0ZLOyXaMt3OEvjTQb4PdEmWIvbIW
  fW0UiqwMBIR4cBSjBeRhuPIS8bM4GySVopEqwhbqlAOK6ajTI7Px7prU6JquC7FEh
  NE8A-uW9MHY-3TRYUeQxFAdJ4aL7diQiFn3LE8R0iWSubExh3cJnQpRBchVIR4V9I
  O3Lf_523o0ga6UAQiSExNE3yDU_o1hbBvf7bNLwfRzJWRxPgvb5N-4mVpA1Xww4fp
  Vahf8ZRF79Jv2mL5FcmXcg8AGZwbeJ0iCB5704w6meUKE_aBSxMrmmwvz2_Baij6S
  oT5ofq4e-_HLS4SoT67JRAUp8BtDvusRDyoFS0EVzsU_9QglII3EofzH-KGWawGe5
  oZko-vFcX-Cp7YGldHfgZ9-Thg_QMaMcheydqqD22z4x-z4xCXVtDG9os56qybKwU
  IJua0q_XzYyIsG8cnq0V6DIf3-hPewASwXafqhan8ERlBxO2zTQhmFy5IQK1mAmp6
  F_yoK4Ccp8p13fn0iJ5biX0KOxFMP4qhBssny6IChp9ggqEuGMM0u19C3MKzG5prb
  ceHAur6x2TsBU8ev1RTkPxKtBk206Iwm3NQpOyCsqQKFSjbQdGooUWqwSJB7wlhmN
  orT07dzxX5fjVI7e2aSsGH5L3TzvFNUxyhLpbvOsjwmdhH_OR4xEXGNvBfw7RyJe-
  MBP8UM33tYOkVv0hdVj7ncCqGEPPJfpcVlqSjoD7SM0T8boFXF408g2Hb-epJLtV6
  _BSCfxwvuaLMHNquMGZgqMM8D6wqxpBVWzyKA6ZruZ1L_9KYHWyL7s8i4j7iW2QCh
  un6RAmLSxs2EECwc4stgnhsWBL0MEQ2TUmUBpwX9IlgqHD82UoX-JqnbCKtVNGe4c
  6tjDOZ4IJW1MrM6v3oYo7_xZnQ8r-VK9Q_GZNXOJbFwQjkucYLTdstAmyHLooJY2s
  Z8_4jmQdDAc_amP7wmbZ-fet7aHX54J1Uy5AzRYNoYvEn-GV1rc5_uaXSa5u02hmM
  d2pC9PXHyCKftDki0f3P_bn64GYYuicreI4WPRfG-8JWa5ERz5TcvNd9sx2WPFi_1
  UX6D7dPIDn6xWIe0_19EWUZjBs_GoYu3oPBUKUyTB9_V1VAAic4UBYIZlB7tkddi6
  W8coweyobQjcug5t3rG6pTqpVIZMPtcRk5URUcdptg9Xgq3f-Vj1UmVvSLlhvlhyg
  5LOGQxc5HjyLOvI_VG3CuORoVf0BwvEDnBvm_FeofYjXJraIZeWmH3ERzGWJF7IR0
  nV7vzgc2BD8XC6hDfjoMPgR4lJU_yrv4Eoec1oh_wl5vw2j8IUG08iRv-FRVNjCZE
  _BwIbuqQ_MKQxxnaQfklqbif3FV7ydoXeZKgHKQXjmmqsA0FxtxXUsZhvsKAYlvFU
  sdbmKEtT_fYVJN7Djp_s4vndQumLuHNduJFGQ3s8RZKjhJhzkAnmUFrjeCiab-oRc
  2N4q137CJgek6fo5s47nqyeREadh_-3BA_P_V8Bpgu6KI2pb5dmxedk3hvUO5v1eX
  zKV-mEk7gZ6Cu2wgvFxAgnOgyKmNFTUGRvDfz1WEonZXu7zH3qSpiX5KzOyPi8pG-
  4FIRY4mpclyCm5IPxR1u0TPuhqyTJ7jgBzBOOELXDZF6FL2AbSkkpx2LLVlBqkk0z
  VVkRQdPYUtdU0uC3CQHlzAIS38cl7gklH_xR65qedyYLHAnorX756RvkvJecIl7Z0
  NbhajUlyC0Qg3dIAZfgfQsDeGFwN-HCCYjfWtnN8TncQrpU1QaN3_8iG7u_BCCQd1
  poH2XCJX9n1tNtE8P1TR914bolGPBnIcjDNL3VCo8ZKjHSm-PwXpGOGdXe6gScdbD
  croaAbRjKK1aWhyyQeH4wvfHL-xk7rfOYKzQY0LLzBMh9n-g7oLh-YFyyNfcKesSw
  jy2p9Hp9jmcr4rni9owUZOkK0KJLBtG2Rp95K0ZieZxD_FQansw3zG6sqd7PDpeHZ
  dQHKmK3qHNZCt2mIBmp5sFylieCEVgb1NE19MwGm4mZc_ZfLdwhgJSDfcoUdAqj7b
  GWzCpCocg0xZBzKlEZDl5clmtJedlHNepgCn_7tC-2Kw4maKidEHAcEnCVuYS5nZh
  D8ER3tBQt3R2CxYA0HvpUUQcvhwK8GyYrzSx4XNt5U4TmKnJF5DcDfjYXZlrze4h-
  xBICXEqqfEEE4xUK4ga4vHXs1eVzydh7S6C4W0ClkOp-eZhwznzTjq4-eSH1phTn1
  k9nTHFjO5DTq4aVG8Rs-6qcNALfthRcQoN_WTILn6jcvo5RIOl7NYrxtWmUOEu4Zb
  Rbdn8CIXSDP_c60ZHeEdzLccl6L_kVbTXPP75_MU-B6NgoquJQfi8FAZ0XrttYN9M
  rZ3vQ_4QlqFhZk4u51OhuK_zKbvDsGc5cOepfpDBkcVYn3Accmlo9FH71OdkfWViK
  LPRxVcn9upYZqJvGp43yU8XMWi6he3gXf3yl7EGNDrqzRZFFZRjy5Sosy_xGr6iVn
  EYJKUeJgipNUEDXYYJaacB7o8xF6yzOXMuYYgRPCFCLowOkcZ9QyWocR4MHe2LSE4
  8no-n12GOrK3i95cVxf1qyvMx6KcR91mAAXozhhiO2n9WJBEd8gMkyO-eg87DDc4_
  tSOnTBFhWROd-3nB_tONupH07JkTC84E4DMrMYbYl_dstRyEfsDs_LsIEco9m-MzM
  xzU6TU6kJw6MsHmpEdqLjZ-drBRcne2XzKpRCcb-_lqarDmIH26zpkqxgCoPnGyWg
  m8XFXJCe-Jb5EOSLtt8q-KfZHmWH3M8NfBLh8W9jRvQmSv__UiKAGkDhply5QvtfA
  vacjaQs063r9wUinMGFMgaD8Xdp2kCriJygSvybWT1xE6WKCicCUEavLyde4b0-S3
  S3Wdx6cuTYMQ_sqbOWWi_wHhJAB8JPInJeTjWyGuEZNAP7cphGcx-hz5CWGq45WIL
  CWfZX-z6t8mz1FaAPosq6ArEfm1G8kPpOFqDTuPPsLxTXlxR9-4PtbZKePR3cU0ou
  TnXRe0Bq72N-kp5ynGCc3FUTSeZ-rmvhS1SYOtO1gZN5WFIbWccvtenLhfdOc5TQg
  WP9mlK_YPKGiQ0ICHTOCl3WTDMnI-cBBLpTiZN17fE0eaTcrOXISXjOkzsOrZMeB0
  rOVl55UmG8NFTrwb2fe3jTjKi9ea89PK9datETOD2fWODhqY6LIFiw0YnwFDvPtW6
  X9CmfXcVBqYY0jyyyi2CktAcJcWyCS4mWaNS53aQC_hdSo7nBKvJK5EdfiS5CMHif
  GOWOMahOfhHgnD52WPZUz6XLmIddVbyWndYEhk1ulgQ26yBWchvGc1mATuTgD0yyv
  L_PzFeIyVhDJgGHKG6Ei__ShyEerfi6ZErBwfAv_NT8NSN1Ta-Kxw4F3zZoqdAb-1
  _1g7Jb52pgegYt27eKkAmaOdPZLBUyCZW_2LKJrusKg04KtprAa8j-Lv7Guzug49k
  8h6MI-HLR3-T-Stn1DHHCcMDOfw1Z3io-s55PmrbIbFpoX94qdOOn0F0an1ru-PGV
  j4WkmKXVd0omJICajkLwocEFA4Clw62deFmDH4a3KdURsjbC9K8RDzDKFzS4NMLbL
  MRxMOw5fc4fOha5URmYoibl3bdQrCjWriko8g_7WDgFf2dH25phMwaLtma8KYyi71
  hT4tUc64LPKIeA5DYUDuydXcVLyUlAaUS_gtRoPo7xVOGPCSnoaUQsUzcI2G6rTpi
  6ibZNZ-Ib57JhaDM6L7jzlX02Xzg1nPmhg3vZ7hh1cuZCpl0EI3fO16kAp5KT5pCS
  Gs_HHNrU1gmjAYoePDxISVtEe271Hl3w9YZO3j-y-2Y73YLX_gNzRG4llse1DjkU_
  LlSY1EUu5FNl2JPAxJN0Fib5O_R6XcBd75SPKYdd0N5MWos2KH5RfWHTfP4TIoLTu
  aIE1qk3zp6FGwroSujjEG9aEvuQvganG_ZXcGXEiGIzqfAUpVwpqQFztVep3vvzpe
  zXdkmTgwfFPVt5xvXIvhVEH0-Yh8pVEsi8cYIIEZdmIbhBM3KanUKFHf9eD1hY71i
  JWJnUdkFYUpTqNMNiZOj7_OtKMIVmwlucsQY336Drp_A6Rjt85oafkjCHc-sohKQh
  7uF9JMia4SrgF3JZcXjWOWOLx5RIK7MAH37Lri713n7sJWP9fGjMOlm_pmtBHSW56
  FgGQuR6gyJnH0bbcC1dx2bQxpCbrEEZx8_TeNEBsRPvzaOa9onGXc0oxHdCinW5I4
  xhh8WzBhVxJ7rZgle-uilxEb9G4RW6Kb2XdGAriMesdx0jiBd938Yx3vQv6PxuNQX
  qUb4Po-AJc4kZAV6zK88I-zROlEuZgkz99kZTnjdaJJ7Xt7EEJOcTEvIltYMPS8pE
  CQugoZn_JHkG5WDSwMWP2NAbgY92U9zRxpbQTTTNWpZ2HNO7mkyel9fA4w2hPTeXV
  5nhtI0379e0V8hdzyJAMdATiEWMFkWeGxHUS15Vi9OcWOS-Pvcjpc3vQ5Oe6bjd5R
  UG4rrKX01I7Cql6Y54PlusWblt4ZHIEjpJi8HDuFhVokdBxefbDeBrcLCGr3A35XW
  zyIv89M6sP-gdwO3vVCZ0Zi1YDfJYn5mOSsSlFmfc6QegoA3tjAFfOo78KXHHJnoK
  _tlAObwHnQqY10IuJvHO1ekeeZeRSnzhN33Y3AANIar7oT3Y3XfWN4THkqWFPTf48
  _EF2GTFxYaH6ocTxqhOXB2vX9cqr2l-8BqsW_SuMQ67zRT2ywBoqQL8-T348IEhgP
  Ij9X7PlfN4LVRGZYWtKI5wTvs_LzPrrmftBjMBTy4klhaoEIsZZxjDFz6k47ve5n5
  sNkr-XcVxI9ORXx8nwQ6OKNfNGvQsGFWeAhbGI0CgGAmVCrf87_ZpuDLDIGZ4lF7i
  F_MZR2cQsSimOnCH2CF9miFjFSpk2cce39HoGB9dlIBage8WD1Welv4QFmVpLlRui
  io2-dWBF5fojFOkA9w3Z2RrY-MzFFMcE2RxC5b7UiHghgKym0IR8HNSTHfPKPN2sG
  M6aYl0pT-goxS5VoHQ3TS9YuD0xhDBo5LKJlVl5yaAvSrZ845Xd5YffXxKD7bEFgh
  fAG5xAYze6tkCR6nzQ5sILql-_ZOgN17zyjLFcCmp35Qh4KZN29q_q3D2Yxc4ZaWt
  ANHdCj0RTQ0moZv_16-jFPLtiDos1ofTd8redPGjCZkCEZG_skql68_qQIK_pFjhI
  KGKMJQbr6FK88R0NPEFr_sK4F8t1TXg_vZHjngP4nFxYOX1Zwn5-HTg0Np2jSonvS
  0-Au_uiIkPYOtvIItpYyIwsWUN4mhom5OLcsGRz5rJCE05PJS6dECB9TdHYEPh-L5
  BJ2HNXSbU6Eq1aexgWtL7US6QR4c7mwMWOiDwr5_x5WSPpcqh8cuZzGJneAyJlKC_
  SqGhiTWNysf-3yB40MzMQIuMHk81ArXZli2_L44CzY7ymqcy423FMNL0V0zIGDZjj
  fRJ7Yk745oeRV4fDJBZQ-eq7QWxQa5Vwzr2JMayixrz5ElO9vMd1cR1AQOKJH38MQ
  Pm_M4CMGSZ1KAl_nSzk1tIlWHnOmPGlMAqq81BloEyKeNgUiRuB6-rt1iYeBLn8nl
  ltvFQjZ0v5p5EzA-e2x_XQS0fvXHEHTfyyxiETkAaadoGmNstahe8Q4PghAbo2Lj5
  aJUIkKBZi9iwbYdhxcl3_IUcFmMMnYWil6sAnNlBZkmY9WIgA5Lf2mIu2OBQbATcS
  WDmpagY9cDW96iykyUEOY5ACgUGoN3X3H50Lwz27CxN4X6rHdnTZo5_NTwxccnmfO
  ByZ5epUemvQomo-aYjQE58Fqu6Ef26CsdwLOh9nIk7pIo51JY0bHKakKoCrbMAy74
  jpErwbbqH5cEMlR16_8FmBhfe3nXwSVbeFKqeN3K9_UtNsl-giI2YZ9FsjPNSnx5V
  7qQQmLcQaxBenvygOBJLlLlvufb8Ktq5DQ5wuGB0h_l-7EFFKmalbNKjz7F48brU6
  XgxjDLen5R5POJkVJM2PnJyGQrbrfoSb7KVs1xXuPLU_FYJX4zXYTCeWPSN5AeBTw
  jjA3ODo2eSCzfzhdwwWLRqV6BSzGoscKA_qWgMnV7kWtypm9WPZZ39Zy-Pp9fVY0_
  wCiCJ4u3f0GALNOple359RR0H5ZaG6-EdofvTRbxhRqHLfY3gtA-pIMDPytYRXFpt
  NGnDbXTbZEIOP70KArEb3NSBDh_SMGD35vXIxU9Kd5sikeZJzJtQzTgZJ6EZPReIU
  Dh7sLS7i4rhIcbwJsXyctdezXIS6tBYRogz2IDGAaMj22GYnYH_Y-kHn3UbB86mR0
  Alc59mfI_7N3GTxgdQT5WEf1FiFsO9LvK8rUcHE3sI-CXMhxqex9sw8OlV9Hy-KUL
  PeZMvAOYKGUdh-rF0PjvNJk8msIkUNv2o88HX2LkBYREKyVoUjop_vTVP_52dp9KC
  3EOP5XHI3XgVvDwWrtHhCGNk4KhvYbwgeZWFvwbqZLwEwgLOXFLmg9MLL55tr_HR8
  uEq7zdDUBxgYnEzdmf-WT9Mx23xHaVPykFYYUUOBeU-rAQwcrP2KwhYv0P9Foi8Vg
  Zimru4oC7ehGRoqjU9vREHsdhATPEJYegqvhXKhhKUiwM1BlJ_lb1DT1j6-SF08Qu
  zOggWD9juekit9ca6zW1rH480Lo53xRye9DqbbXT5wEBTF-icxEcKF-GoJzJSgNls
  N7nXMxL1Cn5a0zdEuWKCjw2P_cv4TlElww5PGgA3G3eeDjf6HIWqEv42_h0ACYJmJ
  qNm9Da1SPwSvJSToyJavp3dtkbpSxG5OoO7J2jyK9mpbygixQF3fnvtkIlQRGUI8-
  Ik8nkFzlfvvW2ZvkW2wuMV9S-HP0qXkKZz2MK7FPNPwB4zmLVMHb0lEyjL5GNI5fu
  HfZLtoM-1x81CWo0Dm7grPhqUwYAXQ6yQQC_n4KO4LdGR8Y3bJ1k8eyIS-oz6LaZo
  FY2mQP4U3_WtkO5lVHL2toZGiQZnGy1EzE9Vfneo4LGcJZawxfmB4p2KFlTBCpxTa
  xC3zuiavwru8wHMKgarEhs7e_Lvgs1vrQ34MXDbx9a1MgNC1OF6hUcyCdz8DC7dAG
  E09LbVnW-U4wdves7EMBCWYpIO0dEZ4Vlbjv-4CfoRGwIVbcMClbyLBfcGdBpiS3u
  B8nshvBqrgVojd-Ja_zZV_i2IXCs_8OEBxEB8PlkaYMlAGouc93dDN3t4c3ymC-MZ
  _wg37C-wcUBvanDjMDBauBC_SDIJ0DphtVBsXhQTW39Ur_oBd-wfg31FQ2i7z6HSu
  YDZAszEsFEOVrl9N2ZQj8VYW_c8Az2QmGqwNoM1d1AwXm0osDV3VrdSdPv69QWNqY
  rOGLi-zulFs-mcI1_zoqvtaPFsPEd802D7YTwrjaAX5XffbjhJJKNape9SFbSjSam
  YRwrtr20v8BPGAI0LCXBow_XXcJ3kU88pvkyVwvi0zE2aMkEA5nJdhPkOSCLhp8_-
  8tKdFE_RVcFsLpU74-zPPt4oqPgu_sy9mGaIupn0zCPmkhXHs_8V7phKXYFvVPihO
  C75j3qM3qBqY9z9EVwSXVNKzTNpNnTFIuPIYCs84anQUbGHhOmUxMa1YZq6Zo6Y-9
  bJW7psoOAcb8JkFSGnyO-MeMPtm9qxgSS3vJnNu9SpQDMpg5Z1b76tphW8gTWdmsU
  vnk71TU7f5WUVSPARQP3uwLtBPF0rgDCYgVlSKJ9zlu4QCdxZNr95KCFHEAYpBGyg
  cFrhAx2lN7efQuyylTF2hXqsXwO8TjGty8BQ4IpaYtMhQFj0uGDh4_qPanlSdxsqU
  1D3uvc1R70H-QASF_EvBmpsF-3pdu1KfCbqq1Vx4uIug_zG2F3yGHG-MnULbWR3bL
  J6dlzL9NnvxLdKvzi6uCdgPuuN7zMcu1ANt8IA6kXYy0Ahnb467QZ_foEdo9r-daG
  5CMQrkLw-M4LoGSS9z2bGs5YTT6WahdviOHz1n8-t9lcdccEe-4gqawwsIInTlPPv
  f9oIrg_CNy3R0dZnlgQUhemeOH-O5Lmrl5I6n8DJ-pe0BQWYKVutK4SMOvUa5PTct
  ISCojhfT6RiTYytXEgVX4oBw2pac7TZXNTxXoaHTbU1QiSa6vijswxlt4A3610bwa
  iayM8GP3LPKR4n5ME0FSLkrkbvWsbRr9ceLr5BLgIV-ivPFpeerAA_E5hCufDb3kk
  o3xHGJpA3H4GoMXsDmHBtgnrXe_wDLQE6O_i4q9MOeXTxLB-tAUhjI9MqHN7KRk1o
  UicnpOgAiFBbJxcFC9SGBSdjpadYcqehiwXxL0AhCtw7u3Jk8zeYxLUMnlAcp9Ia1
  BzNOE5qfwwyJX5anOXiVYm5zS0vyi75rBUSWSce9lAHaSU8f4gwJZbYjkijQPsqjs
  0iCjhnHMp9k-enjS-F7xxoc8CytRDdgGzARq3Pf0iu0cwiAjXVr5uqiCNt7DZfj13
  k0MxMt4Xv4bPwtBwc0vh6Gk1mgaBNmHA1fj-MRQ53WMtK_EN6lSZuOpeduN7PAY9a
  nRtjhsw-T11D-Aw93XfPGrhcQ9sZXazFW-Jp1QlbIWR5XJT6oLD7c7yOZR_7Enwem
  _3XQ3fHjYRk_FQvocoS040mcW7iHYUQWAbxKJnwRq3mVujZPyPJF5DN7sLySjKGUd
  cR7Er1ss8T1dxDwGjJrHTanhk4iPpJFYZJLIGFxY4rzQRaYukoQnKSEnDVTXiEcMD
  HsT27_IMytenBGymqmE9Jo-Uybo3FinnSxsE2clG0GJW0dWMQyH4PUjeN_d-TuJin
  dB14s5s-U4BzYtxn_iG0Oj__nvcBwIYdrdetB_oAiiGRbe2L3fGQSxLXCbFu5ZuDR
  pA7DYb-7xj7_dNwHIfiHjDaWBHKcW62tyocAfCbG4ava_fPx5dILE2EDkgFQ0S7dw
  yWgHgVX0oazk8vgASPv6qWeK1r8qmieE3_aq0xCGt9Ju0qqPQESaS4-ZNg0wIMzTH
  -M66b3zeO8ShRI_0n5pps50HksL6huoTmUd17DGIGh-xnpkSChFjSgnoFeN3LLUOQ
  CHncBAgR7fD9_-OgRJYTJLtuEMwyMaHoQgZON2sySjsi7WBEI1RfF2IYB3mYRtoiq
  MDlea7QgivYjxJhP9vRrc8oVsk-G57dzikd8_wdz2gYtu4ryy9MemEZfpCY2Mza9U
  l27uaQTXXtJFfGQakoC7aFoL-mTGTJoPDJWr5lmpIkYtWMY3iuFcO8XaC7iXqYfhS
  SrNBvcuTkjTfHKYyIfofmOO3DJZonH-4dccbwptmFpqED6Fi11DfqCQG5qO1-E8_Y
  G86go-VfsnMHKqB_NQ_wftE78mx1HuSV_bjNadxzEpYmn2_lI6LxfJC7Y9ep4qU1S
  y9Dvp9n2-K4N7Nn0szFFu2426w5RoZGjvf1ldkKN1-Ce5Ja0X-ecnMVxZ9qWVIPbq
  wXOqvINd256ivSX0Y7i-TKCm4cG4ocYhfYYk_Wo7Mu_9QLdWQGFCZGnYaNLQIAWYB
  nv-BRh6TQ2ApGmCKfsvc_2kBXJnTllTBbJ_3eg1wUzAzSkS_ZxDGxgeSxmKFvXjOc
  a24JW76N_1J8gLNwYbLnXeK96ESvHn9uZ7yBaia3_1loT_0vJ6A-HVrIE42RoXULg
  qTdZWPvzyJCVsj4LvwbR3wGn4QGquQ7KjAika-1kkgntroEkpnEtigPg3WGreuFZ3
  gsMrHnuIy1v4xOb3RrmJxgMDow0SI7W8-shTye_HFUrLdhiFX10v6NiO_5TiMyOc3
  ZH46ZXwBnbdc-txTH3THRIgeiZqY7M9tRSOEMZfZHcrWTjlukzzBEk9zJbOkzxwl-
  OeS1a4N7yNmkupAHOIN0PTEcFOI7KEKM3hM5CWY3xeH7XS4Z-qB14u3L58uMdJToJ
  rsQJaJwRiYpJAFH7C2t_v61S3_BziyoRe-YBJ7_AFDvjWniVc0H0BizbJFw7xjOG5
  wq5dtBSkMjNdepM_6BGhxr171pewhlcCIZFZt_TNDJ1pDKrF-416PBfqfHYCgLdup
  RNqUylEYIQZYyNpoKQ1nLsPza-JhHTd-VBiL1Yuq1bNDhU1s8j9OwvxIrNpoedjYM
  W952Um_oSXQ3ToQ8Bb-6gtFqYV5toS7WlNOTmPsqBf0sXcdIN9HwJ5e3y981BclEh
  yVHn_oA3NrzepzCaMNp4fiMMYc3pYXxwSARu2B5UlmO2cS3UNMKn7chUq1Zor_2Nj
  W9mt0wH0rq4-x6OxKdgOpjY6xYeJ-WoUK2663WWRFtN8g_fzXmdcSSISEdpHJQcNb
  4WtZ_gbCpx49KvP9owtoknOOBOPUzBsdksJxd8GuT3I3msYoKy_Ib0zG2c5l3bPiP
  1Ceg11rFdEkQbNQJ6BMu8gpa5DbbaXkKgSuxbx2NQjln3bCFzkpS6oUsh8gfadgaq
  vnhrxFFmnrbV28Aw1K90WMx9HTqbpnDDGmvQzCSQZMhfFxSQ3TdY5GLUbPkO26Qog
  iImDNPlSQAZf0AC0SGJhs0-LZFToYaeQYw_YTF16NGnf-6nXfgaVKU9eu6yYBTrAb
  nkDgj2OkW13GiQ-7EqU5xeJZDEv7XfQejayU2htFg3bhTaCITbKI4u0SKYQpNGRMj
  qsDYeiz5wGbMwDcU1TvVIGTrDqOWkN5tmOb48y8e8oMh_mLakXaCo3Ix43aDRodYJ
  B4N9qsR7KhhNainmMnjOqA0DMwYyUkgVy8RIsoJvdCferEz1nFY8O-kL0w8JkkZaV
  Bso5HGLtNbV6H_yc464k2ftkNPJW7xC1cJDdvlSADNHeUCS9XteCwYkLhmxucWY2Z
  pLhYCxSCp73sZ58zgVOfPNDQYcXntZQ9zFYV_Do0DSE0hSSHWSg_J6n0nkTLy8532
  _AFJ_Ne3zU3ilGA84zc6NA8Wghq0DoyPvgYfsbunaxUpUtO6xXPLt7IcD_4AomKAw
  hcgQ3-XscKY7MqiG-asFs0ovC3i_HP5B-B1DLWREolxrHcxy7CDO61ByIOGL9IVTR
  BPjaViAxkxhBxB7Mp27lzy_fjuJrBXQ2JtK6Prbjm2JeA3M2had0gbMApmvXjMfZ5
  c2c9FrUS6JriYUO3DbQl74PUvvxDJI_HfS8liTupExhUwB_RIJmw0bjVjMLfm8DEC
  j8tFSKRZuwOVYhOPTkXY8fKtZQDIZJBmzaTS1xueGCH4dEzULpaSCAs490N6CsXku
  O1CIjFV9V7locHjKufJ9GDCS-Zici0OpcsTc6MmPobJc6oXte-WTawvOXBKIpqkVW
  HPDP7qaA3N72z9lsNp5bEKu0Yye52V2VTGX_PXIz-zDpZv2oX9vLqjQp9fiTGyWbs
  2FVvMcZ8GcnzDZvS6oiAbfXaLgPDPR8TUJyByB9Q3AqXnkYzWH1gsJ7truEH_Y2bD
  sJfWYKWayFbLfmrJuwNZcGlkLaKx0X3ro0WDEJNS0xU72cjxB1pP1WLOpIHIGjSd0
  9XOX0v-SZb8Ms9fWHx96e0TpPUJVWfPDcnpCE_RJzwSQrAQv7mEZeJmjsaHNLhkon
  vinc_C9wNQ9D6IL1KQGncUG0Cyxj8GDEHKZGODUvJjMIJXskEfLIOZBJKtCmI-1vU
  nxKgzuiQxG6HY7D9yN-lqxczI2szFGksFEXwt4j-Ua8gBYg1YYKwzO_4q4clGbWfV
  KNWsZLY-p8Fwpb6DcBTfV_IFlYfaaamZfTkMamHUvbJ9iGNqxrM3GJH_oArEqOs4w
  zi6KyPg579KMGkW4COTc_MlxvA0rIWRc6VXsHHY865wGNA3NRKgZMcR7YcORueJLi
  3DNdA3MaSpWmGkJklZG3s9su7ytkipCAcwd5zT2VMMMq9jXhyShQkk0ln-XPEhZH3
  HSrEeLFVtGJTwZ1AZp-xPAl-CCEG6E75YE-pVjZHSKoapMJulbj1FILiQzOXakYhd
  _lGcXLaS_S3j2PveXJgVIqmMBPZkD44AN3aOZLrcZ9vGuv48SNGFX7DmCRgZlX1th
  CC6RTv-RSk9jZvgxfm3D-sEAakouimKYtAAfwq2lbkvilm_tUscnkwea9NiRLmB1p
  ExPZngM-oOaszDoaYiZpbak_gvbW9zgHbk19MP29i5CM6qwzzbPhQUYwC140KS_49
  noT4aVbXENubUI8Zfjou_yvsBRtrLbVVhf0pzbXMb6ZbkpN8LKR6hVvsqrTpRDhQC
  PGjpgZCi-VG3uD4nlHH1xJryvxRPtBFF8xptomKV5eC_AiYclhsmbp5y8wjtRV-Tg
  q9KsUjHl0BHIk_V4dgNeF2xb9iI0P66qo-d46oSY9jjliWTLXgxH8VnwlPTTs_hQ2
  03QFKX9spTP3cTjQzqdubgwRL2urK5KipUj2ETNvw4mnlNyZHqXkVWKezGUqAk0O9
  SWZW5RQn_sC9_Ywu1hGyzPuFP8ho0ZCcfamDPS1wozWPYffQQl55qR5y2vG09aQdJ
  DXmMZTXGtwh9e8OKqzB7uG525PjF9-4LoAYAwsjwqJ4ENMz07KXppshkMA8Fpv1Mi
  hLm0wVKxVtjrV0yJ-LVEVWrc7T8YfmA3riMZhCyrl18DFmV2X7Bo8AUXyZpmC7zMH
  t4rlGWlfoLLk01-w58-7tLG2L-Ta4ATBdRHsyiAeJXVtfqF9gP-ARkk_ukmdPzZ4I
  1mQfuhM9PpiXDLA5wZIMH9EXSQ6NQdMeHOIBXgq4pqnqm-odllMG-5e15cCgDQqi9
  Tm1F6bxW2_mmtIz7cg6XhSXK7edGYbr3u8YhnK0vaX1hYAaUr3KzEJhU1ugX9ZljT
  0iK56zr3wQJ1nWM2ZmD-syHKA3wwbkX4QuX0PM-MmgGaKpYYv76u9qmzU_cwi8pHi
  dJxsGwLKT4Mtj6G2b-uRU_B2T4_eKM1Kxp7kCLhJRvLMQOUsB0FrUBL9uxMZxIE3p
  M4XJtLQBShfzbhoTDLy_EXLRaQedgmtyP2YlxWwPhiv_SFd5ijdJpJUCs-nrba-6C
  whMgHg0_rXj2md3tj0DBT58AS1sE8WVDR8J5xZUcZJ_UJLAQlot6HmoLowROXKHff
  zwBCR_ruFG5rGSwlH_I-6_phf51twF8XCggZ_qrwpWLHmdD-qFUQJ2_ZjKgh4Zcxb
  oo85m2iCvb99ozL8OeFfnNskLgAI0vivqtsWu1HnZkdsLL0gvHMyMl7df6OuM1ZA6
  TpPPh_Y_hjy_80Iw9z78jzRjn9QGSVvEJfnLbE1q4wSRUAMelfiyQvLaz_3MEeb-2
  BhImWBXuZj_5MC-lrQrcCBgLe9lT1N-d5YOy-imMV1lBz4ynU0tT-d4LrUg_Ij6Dd
  fsZczRP1D1PBSBw2MYkhWEf6L2vYJ2OcQmHAj06tCEO2y28gKVfFfdH8C1OUVTlqH
  q_BxBQqevTD1kMKpAYsk5sXb-2MB16F54IRcrAKrNF0AzQKS_Nw7JMyslPlgkx5YN
  MjFHX71kwq_Rbzjom6ZOyBJbkO3QIe8bbPkIDw206sIQaOxWAH-QNrPUKHk71Tc-1
  jX7dDGg8r4UQyoI4uEAj3RRMdtbNIcDFTIo32ApEJrQU1xODN23ZNfQCHLelgp_Cu
  38GgWYnrRAFBn9t4Mbpjh0koNYKznU4iE_hGnCYSsmlsPa39VYb0G0dmTHGhEl368
  kAMHil5UCZc7Pp5ycAE5AJQ2Ul1fEdP-Kv0S63Bf-GYZJCgsMBWJ1trTEDrR60aT7
  QDLf8O8kVYO9I3lkaiftpA7N7zjBbDxTgBv4aTUMAz3BEsn7UZsgi2xdQw8bo73iR
  m2GOuoFm0wACROp8u-EA3RTCzwccaumtgCFpC8C0D23nws7mX6vXYc3YvPm_W-P1N
  OWUfRkrCV1UIjo0FTGQ1gjmfM8G0Gl92owjAp-jcespGk1wnfhA9HdQHEJcpaxNix
  25ih9x9B2NYMqMLAwgKxSLoSXBfyK4N3T0agAb6AFzyc5FAQLSZFEiK4Xaua_58W0
  G6Ad9kpj8ZUSFvrEpmgB1uaaCXf9Q-9NBIVMPLHw8LZ7TYvuyz5RWVUjPnJtOWJmu
  Gyhr0Diawh7vlsOsW28tl4eshcwLNb5QeD0rwaG47oOi19XQJISZATFe5KICkbw5f
  kHveq0eqBPwMboBfIZfw1csY8xwip0vUyeSoKXuk_ntX6H3aZI_dUNg_MMv65ZxlP
  9ANst4QBEL5Lj7F8sBioUKSr3wqfaq8C4TDlgZ27DH0G9LcSM9q59SRAc9n74Zrgh
  mOBjFdOR9Wmo2a1xp5brOvRxaQgtWW4S8cOQGR3yNdahV9jZqrVm1V4eItTDEn9C4
  JUc9n4VnXKYrzEx8zHJ-6b4QXKubn9oPqhQQm5wmwAW7fHT60ODuuocypbe257NVi
  Awdk2m2sZw3S72SgHFRBwibWl0yinunGjLYz_doCRQWSLKeXGBQmDPMZMuSkkqDFq
  4Oak7s2-2bQ_BWFqDKqfHidE2oCCcCgnDOGY5C5FiiZtyUNVK5YYWrxw2bwSCK0gX
  T0pVHZka_hxfBjFXt131-AfaS5Tf1PO0BafxUIoAUOJ7N01LqlsZNS6EN4S__5Aar
  lkmzjE4RG9oHApHJGB19tYJgC02OCooYpTVQfFAEPCrXQ7d2oyMCDoZLy5rWhkbWl
  og6MvJBPEYbG5bU9ZkYv2VDZzaUQObNNwNDgmGgxYFKIyKslc8foFuaHKuMy8Sbcr
  K8WsusUo6TY5V4wEdQRyt2ckpl2bMgUnC8vnLyDNdpg2AoVT0oob2dzaAAa6EZ8yz
  0R6jUppI4NR5Eb8P5X9j9dh0gvjOGxV7ylWsQQK0ZXHGSIW2MjfKq_7f2ldNSpBjM
  HTfYhr3rhDFop8FUEiTIZgfZkMh15I1nenr3YZwa1ba4GOmpQMbAtzUWThE2VPs7k
  bK48Yw3exB9D1qRgezZy_i6qWXBNnTm_bJcnXMHQwieRc4poZXer4Uf7M2H8Tlhmc
  ZcVzTP3ErZ2niBzRiJZiBB8BAHHNja1xUTl_55e5e4K4cy2Q1ZEd2yYPlMEz_uzN_
  okok8ZtV65QQQTO4YgOGnAECGMqGuZo7WEoj7DM96U9CW-MyKQXlk7mpxgmL57aEE
  lA8I_EzseaeKg0m3mplqjWjui_NbnEKChk58ol7mOr7EbbatgqwSxwwNb9z5htxFy
  S6ydwgzE98-99asilr8hGYlZNrfIbubDVIanCeW0TAWGY54uvoWNUb2XoABx-_lw9
  axqWqRUvihW-EDPj12vobD5eYHizb4fRoJaMpw3PjYgLmRUJ_HRT-qWzkq5ATNbXE
  eppxBQbbTCC8s7aL7eQOe7_dBV5gmVeX3Sb7cWcivts9vLcam1cVs3NTbDXw2zeKS
  TplTXJd8_lToAi3S0zXwKkBSCWh1HN8P946XVfhTL3XsvQGDWUkbdwje9Jfq23RTz
  ZhfZeSEAmLcZUJL2Rqm2cHPL9jiQgPgBSUpdNuaKOIk_UYcOt3lT_rD-6Sfg2RQ2X
  NMcCjsKS4eZafMtf4QAoL4p9N1WQv17x8lpLhnLCV5tSbyyvnfA0EwApuzXU43IVG
  VteIcmGfN2HmzRxzTKK4p5JmqRgj8QdiYqwY-AWpLY_OfgyFanWd-Mu5VCnu9cb_8
  a8Q6phNKHz1Q8VBnIg9CRnskCjROmhEiQavIukozX4hNkTHlP-ZOXnl7FccUW4AUV
  cZZ9hE9VQRhluAUVcNTd5LQcVwks7eEbdL891ATlwD19uwis81EePGiQmt41L_bxZ
  8o7fDJyVuDh0EeIKGzrJBp6kEuh0qTnStfI8ID-qKsPUteHBZHVdpAJ8phiozf1JW
  Bmz4UZka_ZT0avk4BX_1UXT4yJ3caczMUSmO35K5GQVH77DTRcJWPIQKwy_FZ1FGS
  bD6dxMWKQOITQd5BAhwfdfRxcFLFZN9iDJhZOrCNFG9GglyUxDdef_fpgIjsq9jB3
  _FX40-dG4mPR_Or15EJB4Ho-n0Hzuu2Jo30hTQcGOAmqe38-kglXURcioRSTFAmyb
  TN3Ap7rNTAZbl0oP62yhIsDrlEGSXnKpz5NurcrG_CuZ9tNdSQq4CCDF_1I6dyj-N
  bLexqzaEJdqFTXM8RN5r9H5AYhJbF0qzo-wbc94UvasgxKKDcNCKh5vA9a71GisTm
  R7o99ZPHX8QWmic33JJ-rNA43l71nfuCuZ3LwR_lA1270ExD2PzDPGKNA80U9fzBo
  2mQ8OLkncpzh6p5ZO38SQw-uTQUVLRo6ZZXweixLaYYqq_PooEbSFtlwGYhfdDBHT
  MVdiOzMNk9J7d0Bp2AM_cS0iYwZlfyWxQi5o_y35AfstoiPzCVfih9Fuu-YyVfUyC
  01aQybAlhSJGfz-XIMHL3-j7y1G1-qhToYG0ThyvzZpcBMyC-C5jUeRRiaY8hC-3J
  IykhSwROIqOzTUaSHpcDDWxM6Nhjqt_D3FVbejjxMqslwt9cC2n8B1V33blv6UBjT
  nF5OK4LUSryyBmuxlcoWp7SNYSU4AedKwZd7pfcCLpi7JIcf9NYISO7vTvQ2qfzji
  dyiNvBuFJ4sSIbmGcZTkEoUP31NUE7EE_DcCxPtIAaFXlLZja9CgHy_wfYN_jd4FJ
  5cNZyQogGCBAjx__PyGnJN5BdSRrNOiXPLylhoJPbaKtc_Xe1Xzv_AteJxCj60xrw
  dvm7EXuqcmxMG6IngEsW_whkNlfpQv2UfLiMnGtqweEhLPwpko88ek8HVzTuixiDQ
  2AeTAP58HsTNQNmX_hvITvFyWFVdQm3yLPKWc3dJrqL1XoBcfvCTAFfzZFpVQcJUY
  GIR6i1Qiiaza7MJSZZLHvkzhAxdcNn6ncZPRbcsAZEq89zi5SU6eil097CRjyet_k
  wdaNgm0wIZ9Go_tkgw7JAizg9r92_lhhf1aOPDmdWrtXzfNjX4VmlsweJgh-XEC7Y
  xk8w7PPRJhOYYc6-w6rgyND9GhpPl6OgWkUXvppKVAD_nXQsfofgowmIebwy2t3CI
  jHZ9Q5KpZk9m6R7Dl6e7gceCSv_MrxGB1Jo8hnUq62650lfycjdJ-du_VeF-geQdu
  b5HFeYRKe65dpZG9o6gwtivnpj6Fr0SLrETA4XpRRu3NXKBfX-97KYmnov53NGUmg
  vNTFQ7C5jDi-V9faz63gOfjIli0d8vrbQtJYVe1ijwz9CNXb1SKwS-BWCSdb9MgET
  lS9j-ZVI1KEgj9B2wx2njWBuRGUEgPDI37VqvDY0bDRX2mISUq5uiHAet8WuSTIbT
  9vQETQ0afjjARbXs1okJEFado5b60Kxvan_6oPRNFosXL-2l8H8Qp8oKM7KNcctGW
  H-RmS_WjDF0inFhcplgE1nOvpjV1ZhhLAbVCbgW-XcSXIIiVuWoWtmrI5xCXm33-T
  bthMmNNwo-XuJ7QsgTv-YS3FqpVBS106dwEz4o4cEnvABFcjbFu5IFjdhOqF5Gy2i
  ZOcHuDiCWypyhJgoxJ9IwLCl1S65hld9kIlq4YsJsxolPQyNzFnD9LEvyAxo_00DC
  5gD-DSaKlzMjhm9-HOceYj_7eEU9fyngUlJWME_iHxD-sj_iQeEnXidG2N8Uq6VVz
  H2buqA_5IoF74ffunXqbXkd99mq_8ZANkgiDc7RlyIPyO0VIb553cllPNWmLxrRXU
  dfJaOJ6ECnIdNBLUXkGMO7Yh5eQGbsn_jVa8qOwShD9xsdgtRBs_IAOo2jrjjiRVe
  xv3uMY6x3c7dKXy1556ZYtYOMoTTJp2gcckNjCLwTaSDqdxrUjWSPRdOALo8xFuwb
  f5z9z-dz3pma0jkXEQUZsRo53353mvaSlcWoVWqz5FKyGdmfS_wmcFhCcgNKt-rqj
  CpFS0hYURZB_VofzS3V1abEpdb7uRE4_ieGm2M7eSA5G0uaKdrwIo5bes2x86poED
  qjAZeP7BC094Ef78TTRLmMaQsuuyvWddEmtdfLpTuO0L3LRr4T2zoVp81CBf0_K0p
  CXSpuNAP4m8kEzYPCGREmqFKkY-5Bxlmhq8rwc30z_c9QzRElG7J2VImJtmGv36JE
  -H6tSSCW6aJnV4EJosb2tm8dCXiTuwoR8zYaJ3w1HYwAcbnTxk9gN9SY6oqVvf9OG
  dT4UD7rud5S4HYtqINZ8XcIDI_QYt7Ravv1YUbSIEuI-MfaQ_vdKHTuZRhNyHpZsw
  oTKzbenpIhnMF5KtEQSWa40Q8H3lZ-QyTpyA5SX_5yLlKXWlOIoPyKCiNXoo4lmMZ
  w76lzDSha4wgp1CfRz9ZH5TW8YSEm9-dh2sc9HYoXrqYR8_Zv7tCUn5GFXsQMsfiZ
  BDwf2k1twiEPmC2LeNu_WtCJ_z2NR7TNbiwKWLLjpqcmXKvcOVVkSZlCdv271YCYh
  1tK7bunw8tXCdfjl-tbYvlqsRLj84bBAFIRNj6wxB-vfSWtAhujcLNz7UTSFSQNyH
  msMqeZtTEaxTnOp510cxMVSE_FzZWbjcvzgGgUJPuv40AjwLW8hlsKyJjV-0Puee2
  H-yoSFB2BHxLAa_GoP9x0yo6V10qy-YzDV2TmU_DYeyHy0bZYLVOr_jyIApLcrsI8
  chEa1NK7REuin-yhZBH4xj9tLWXsVKZM4pIqneCM1XXpwoHa--qFG7PvBE-lkwqXm
  DLlzl-72cQAl15xUfsnsHzFE3inlRUOA8yH_YM9uRiHDQ_3gLLQUcavqH-6UhzLI6
  ZWc0eGMKp3G7t2A2Xos2vK0jucHqiZfxcQ6T1VyXjEe9t66Pa897LdjYaH1copgC5
  YNiIeg0dZ3eCzG0-7ymkulmeIcTWm42ff4jlUeT6748HGWUDDguT3MsE-sx8296iV
  YvUbzbeFCStlzmwe-EHzdhWrPPy1cYBI_72h6kSE-mayDXqpysZ24dOUVaKEtVGEg
  GZGDtLHTh8NY5gn693VY4D3qO_ndDgNiI1xp8Kl4Af_FvCcS2xg19NcR4ddUhecws
  kJNv4KixQStHMtjMDVsyn0ICHh7LMyFyhxBrtsoeNgvNgugBrn3FcM6tYLY8XB_2l
  QBT8qf9pbTYodsyVmdF_bp3AkjLXBBFmK4PMoB9PHQdqQ9yxMN4srmA5kKkB-rBi1
  C9jiXqa0ad09Cs0uSN_0bI5MHMTP2Z-a2GjWqMok5E1B9L6txBxRdB-4xRyJdrjNc
  IfYRfJdNzYI3xJtahAhnIVhfpapHVh9XAbK_0iGtdXDjAIz5t2d9t2xxUxQzc4rK8
  HiPyrIfYEn4AeyxvT31cqCr1piXMSBx-ke0KTC37BCf1ToPRwqU9JpHDRisx7zLhe
  5JH4e-zArfmDW3j2Hp_AyxYf8867cus_qjLi9TypI_KlLEIvd9fcp7pjKDXfPhhRr
  28urWeiPonCoecO1qNTovWQaemUYliVwHL7ItH-jthCbPfm5Te4xI4lQXQANIGoeI
  0nfzX0x_1d7eDbl0zN3VhMradYYjhEDZRktrirVsrFxmhQPbPC0cfZfspIukYRW_r
  I5vxZW_SkPWOXhQd-X1PrOX1bWxadl3xp-F-Qcu5VCmZ92xI4yi9y5g0bxyqALRLQ
  tyA1r4strgjs2LS1CX11xtxiH8roYV8CRSvfsSCKVSieSvCbSfkxvXF57kDsGcGAp
  btbObgjS6f8i8WoFhWyAGOXztDk4nsRT4OCNkO-ccE_9YEv2RpxyNgjIsNxvCBrZ9
  GW5L1YTH-xvQPODcnEWz1u0Ysj8tAschSv6k4jtakdM_nPVYFWOcuNP0rOKejyuQC
  MM-OHtmSUJcvAT7mhsyd1FRchtjVvze6LZxJxlaLw9co41Om5F7BfIn18hrMllQi5
  X6Y_127um9aOKkbqtUffW_06VSfAGW9MkDb1SrQ2aKtabgWzSALH7BFA6NtjMFtoF
  z9ssuo8bEhmIB1Fg2qayzVycWjT3nRz6UV-ZYhfk0wIWnA4AE9bRJjxfOyCm4SNwi
  o3clb1nNgY0nNdqjwXn9sPk-opiNusz4tHdRGHW6yAhYL7LQG3Ny2HsBWGhPcMWMC
  SUFye25oRaeJhcE31bTmr0VIkaDQTkP9NUb2jjzURm-v0FMDgjoqeHxdjLXIwFHB5
  xLzYrJvKicqtM4HmYa9PgZbXXCHhDidCzphxlHCU4sUSJVwpWQnH3gsV1zG737gmx
  ZP0QEh3sMitgyxMUjWJ9SvcKMtXJ_9NChOZQ7BNHXA-Rx8usX5hhN9N7H87GTsJSJ
  fg3N2DVvo41mzLucsynkzyHXdQcTBH0w6vdYTBi2BJiXa20g5qmQF8bWpu_ZEQvfd
  xl-YkouoJxiVAHhuNORQuNhuaWH-Pcd3uNBbvRkEuMPTLVL5aaFah1CSCFxWYpva5
  5MG-jaNYs7daaszrZQptktosDu_liQyb2fqMW-bVMzzK9RXkYGOKldslJR9x-WCc7
  kX2A1cdpbdt6KFaO8SJ6umMigjoy9zOzvRCpWVQ20J6h-TbZJyHRwDNm0y__49FaJ
  aVXfNHKDKYv7VCsdgC5-lHUnmswEKOzgDLTw1HIVk9bCt78ePs7flW3EvTzzFjVGd
  bYonsokFCseYPe2f-ZSMw1S1zI9Cv4zS6yRZ35fM42paRk-QpySxDEjQQt5j6SuWf
  -4xEPlMB5GBgYwQEdVaPnDo4Ydiun3bVVF02BPvsOgtYwyepLGnutjtf-hDjZF6f2
  Sah-pev_Qt4yyVqmDsipudI8Uu5SpLtV_G5XcnIjmLMqgMUgbuPn2Vr5CnofvN3Xq
  POFlYaz2mfos9Z9SQ6Scol357CbrtzS4FopaLWi429_UwTcrJWQuiKqwJNEDtwqgH
  QUZnW015IdffhZLCqYowDKYo0mTPsuA2lACb2azUsFYtnKSZ0OZJ11-YqmOWdpsGA
  1ojVNAW8Y-pYs0u4jwbs6DWUK354P4t1u51Surulnbr-NY0osObe5QOqX91N0iM6J
  VlJxvAmlLe6hjCqLonCZvyaQDcBOqB2aXhCo_pntApvTjf5DU4XI4uz-qMiSXe0KV
  EjluzljmgkVW5vRCVSCUgZSBJEdYUIYsnKVGnvAJ9_J6cnfysQTMz3jcN4bpHTcTk
  0DbJM_5vJ3ZRLE1lvupAJqgU_h5c9YuKtAkq-szCfhBfrUdGanKcdb9R-L-xCvCZg
  BM2Cd1bU9pxwLEDJqgjl1mQT2lUnlb3Er1iC_WH3R13jwBVL-l7wVueklAhig4476
  xXggCjcw-15rZJZ_eIMiAFsrY7Hu84Z2SS8Pi2_mdXyN9gZKZJ5x-K9L1Cc349DlN
  rtIjLdLmgg_Zfydk7Gu2qxS8tUTdLHDVmPiZxpj1xflJDjStEzhdpzYLXjBwCXk0X
  UkikXtb43rXpFTNoNin2VxBiggtQ2N98llX56H4jxsGKgWM38Qk8oP57WEQ3cPgKR
  QYUZv4WCLfK1WCygYBSVcVOPNIRfVYOpNYm-ruOktzN2SxCQovXUgwHdtwv46nSx-
  5KPyqCLi5CK2K3GLHfBomi6iqHJjUs7hCLS-aSLf4DT1rAuCLHhjj8zPxbSgaFea6
  U90MIiVGSVbr-0GkizCOAtFJDplGqgdnpeuNdbP7GN9Ov1o8H8r3a41sLg52tnWrL
  cCEBTnhwpwtrjaYmU2S5S20rvXTbo1Q0cegBsJWuF2HJMqVuEQ3P2TiUnfW4Js34X
  xDBmAUZGFN_ezrB6kKPBpexeHTLvtOtIcVVt_tZiVd6DvbCZZA73R4Zbzo8tCUb4E
  UeqeUEVj7rcF9SgUL-kgJgHt_px3DzFOFwA8BzazrGqR3v9IR3NNeR4Cz2oXaR56j
  QM8lF0F_FWMJbjmGxIw-p3tctN-xlsv2eC_KbMSzNWWfTxOo_r4dYWdWxCHmkn3CI
  cyxlSZ5di5IbwKoebvwW9JxOaHmo75e7aBcB-IfUrOokJh_Gh9FOlbF1Y-5LgsSDt
  4CU9I9jUY6vk3wb_XL4exBHbyM3E0pwJjby1x1kMAulJQPUb8MPIDKySj64B8R_fC
  bh96QVcL1X821_R8Zf9jykZBdrOwOjzWNNzZmKCgwdJRKq8BrfNFp29UOUiOhUH7B
  J-ME0jpmGhd9fQDJII6e9MCtwgjB0sFLOk06mkjob5Nl3ylxfIpCxWnMbva-miOsV
  Y3gPaSdidiNbt_t3RM1e8AAPEHw9qqZ2BB4LsnW8-CG5HYPdOwqGFE4oK9eNOTGeC
  n7K2P_RWuRBeGIAtJH63XpZZItvzw8uCfZBePcZONlg_50pYcfNhWj4xg-v01qH3H
  L_m8n1oyVhPwVhFFDiFE8zEAyylL1t3-poZvfyXuZhhvB7fx5PxtYpcP2PO47-f_s
  ij80ggaGR5qEVSJbJjhMardZypP3ekSZCFPPzjVbaxe1Ix8Hg90_VmQdwHIQ3DE6P
  sTOpEL8SajfTYpCNt3_mVXvU27T9-gLXy7n3Kik3IAo1B7uGN87P2aiRHqMQFfFWX
  exTtJq3FGQdqYwHitUQ0y2idSOi15wX_qPJI5U6jjUJ-VcPeG9D19TV01Gu1XFw7S
  iXc32iydtscDszzuY8GsWUuCJPEJfb86A1o1DDaj0XlEbvkQdKQSZ7X0ezjeXaVyO
  Q75l2Iij-tPAWZFNPtxVULK4vQDTBQsccEWeXfO5q0kyOZUIalsGc2bVRqDhCnf1W
  da1Vf9IkBxUpfH7sklDXcewW1naxrI3n1bpwjNju8ksLyfJ2kSq_RSNcF_i86fIqI
  dzWSvh_EMnEFte0_1vAfvDcz7wUum5tKQnBLUKq1HbmQJpDFdnxgkV2Nt62G38XjM
  Kza67T03CmShEwua1wiptHIo-eMy0DgKbKjOKq3mdU-sEfy_Ox90KVgcfemzkOMo4
  JZydvAMDKekcQb1xs9D8Cy6K9LCkfZGwv6oa-PGJm1pSmmOf0Ye9TPcfyx2_NiJBd
  a5GEIm-OZoFtWVCok-puGKkoazfZS6EEUR-6zs8oxVkPxEolDxub6pCOHtldrYB85
  VC9TqbeHuZvO5bnDp_ZPfKSK9LUeeFwvhiWGTi2qqBO1Zaxc-WYXoW6g4cknwlQ6c
  XGkDI3f1mD04gmXZnXshAxi3ztzxXBxhZ-L9cLZtPdz8Y07rb57THIWDu59Z30D4L
  Mfsn-2i2ETa_l9rz2C0WMLlvOkopwV46lF80_3m1pt01iNB4pd1wDx4RH3ofzdW-r
  reYaB46fsx3nEsTgqYlCYXWKfs-ySDvywgTvKuiXvB-cUrPCua_1e6-Eu9bgSQqgi
  ooMhH4u7V9NUZ6sfchrqpjZ3sX_TL2-hCiXMs1x8E9kH2cEFuc-sR6tW6dMS95Rog
  fpOhAFp9VapbQIyjvA0TMosXLP0uZ9UzU8Fd5VStSri50hx1vRAhgNWrytsDhH3Gr
  KXjeAaQSrPIMBRhe3Iomb0RRUuvcetbkfcLDdUvH3mx7c1Qk9PA1gTIJmKIQ1JyBh
  P7Hp55BlVRiztM7UIiNgGrKLqqjp3gICkW--uEEceCnYHknXgDG28O3PEHJzamNZC
  P9LfSzc202NaedebZrcgdwrrD-Pv9c7lvY410gbUi7YPnOp5fXDAdmWW-0LBRK5Ce
  i_LcsTi3xUcIJ_VlVQP8Ks_3bNErI92D3NZZ3_juCyUpABfHd1cXgcOB7WxyKpyiH
  A-TCKYImfNR7qOnblRDwyEa9ahANA9xWOdh-HmJ1DPOpOze1uuvnjgkVRjNqpI7bY
  JyAvIOcaypD7xFN_h7e3rld_yncoriIwE9RoF52jVYnXJmEqakG1XKF5exTVtN9X9
  evnXn1O4cKXASTSWeIdUMPEIFS3TgNVXNlRwMP1E1gCRUzq43Rap-HffkjX-GmEKn
  qstE3toJouHQ312n628rEBbZyta7sjv7DCEdUpU9gtIh87SVUc1UcPzK-CBvzyzo-
  6_KOpRdaDgArT7gDCETG1xPgXGwaw5BYMnpu4NMqZp77L82jUgcpn7IXp8M7qbR13
  3HlbCDsXWpi3Q_XEE8rq9L5oR2ZeI1_H_eiduYqDY7tP5OiHE-XbyNTzpsGiu3stA
  7btbF0CAp2ppHTc4WTdyPJfFGp3tVnR8W2mrBdheZkmRwKMQ0b1lyRcx4DwCczKR1
  nUy13_yt4CZYpIYH00XuJtcK-6rByCJZFFUEpSLBw7UgZDe0hUTDJuBCVSKZDHxHQ
  DR4lLEnJ_i5lGSgvZIpjBcRR8kxGGhAzN51Hwc4YeZhJstnEK9bmQ-8Csw8yOVIyq
  2rJmzEf0U76m0FDVUJBL4uRZw9_5ckBK9Pd2Fsv2j7q7d1_TLm08jEq8U6e1B5V1h
  BfRHAsB4rWPK_IRo-4MN6fS6cf3ECv8mlPv4eYGmPj8qpvtPlf79N1UwwLJLz2XX1
  AJcbN32Aso18TeBv7HFxI_K3W5CDxKdgZzOlYkBZWz-Deo04iZI8ZTq2hNVP0FyKB
  0VAzIw2wFJ-pCwwHIlclGK9IFT-3JJR1kjBZMH0XdWJIzsNq8EngXfI9dSlem-9gT
  KUxZrsla62N7hMCSd0r07UWBboUZBnNWqf0-_W3lIBoy2nae2aCPrf6vJlSVvFtd8
  fcbecfCJ_3NFgTjndJXjZgN6FDJIuJ5wygGhltQfKxRWGABc7wGgto-cfJrR8MCtN
  LbvzdN4fe17q9yKhdAhZ0yRkYaEJt92c4VWfX0x-cDskpnD3OrLwsWA2e3JWFGSe4
  qiG1C57TiKab0rlMbhoneqR1cOrW9Di9uckxva8FEzHWQ9Q90gS3Qsu568frJ0nn5
  eBolpvyLQoOIF8OKVJgZuWJ5EwK3fP_qPZb3egdZ1j3kgBU647iRySSARi4x_mZVB
  SbUQrXSnxXqbieLnRBGq8sj3812BjD2hRDm82PdXyXESaK363ZTqpPVFe2iCtwhcV
  hNKzPprNTKscTSzYB4Vlt5T8FfQ-tO2cNVoR8nGyGETOUp8BMzCxTneccDdwq_I0b
  nTMyK6YVOaAs6y48muDJ9uUTmF2awSZX-GTTPyDLB9kDSiocDe0PzX0OUoLpHhuMg
  3OGh4mtZCll_6VBKvZS5IVk9fWeqUkH5fz_63hDyPMfClHgVU3AAiPPOIplHqqIuF
  f26yZRV2NiOUrOi8Vw6pLKxlC9KonBIwnKZxqGj2mOt-lyfK3vagUVB38Wd70rQvg
  8PCmu59uSRUwR0mKmvhxNA_7X-IPCCaKaqO0ZIKuYSUZylM2wJRKtc5kSeb-IBmmt
  612lMgzPKATDvyyWHqpYSzKhaw4T8i4xc8CJqT26LoFerzc8h49AxoKXxKQjXbsjL
  6o2pOeHZOYrQIXezZYRzmoSzdb-7sIDiSfWz9RstVJHi_GxRx3IklAMyyOX1X9vLu
  _QQCe8bRGqpvFP0y6IL_1xWA9VZTurgJorLhz10nXr-ZHjo2S9tHg7Aood7UaEjuk
  dVJ8uC49ilNMq_14ARC12cgya0ub-7jUpQXIlGUQHU-V2krYy0dQs7YUQZDJhWXoK
  40gim03-wdc861KOA1gnc-yVbaa8sSSa3UQeLqXf0xCheFMcMGGID2xDtDWOBuhkD
  UAJP7g0cxZGq1GdF7SdwbPkZpq2uU9-EjPtXVydLe10XUkp2DFl1-we2TLDKZZ9fk
  dS1eK5VVrl91NsJhOgdLfLlINIXl4xErS7pxL--obyOh7S8cs_sGwFrqyjMsgekLN
  g7GJDYw_JT3tplazUYB0qIlk0Gu-_bu_OK_WN3z21WG7ZOlm8UdLSRyIu4d1bocAv
  WOFyCa6HXpV6AOBMpvPOoNS4AMMTAksNkteR4JKotsIrjHF08uc5YbeAYcbj-Kb3j
  I5X7CfSK6Oe1XSAtrMdfPrUOYrMLsah_ZsfF4DeTXPLXHjbr-PgLDVkPN5dEEKCXj
  HySYEDpt_9A0vrVhaZ_97xhLEhDJMriGRlrTuYkafivO5sr3vbfPsHDkfdZzomQwJ
  HnqqFjdM4SKjWy6H4kGCzhsbVjxS3qVBVCcyLaotEiMEdr7sNKMO3f-GoUpEG5wYQ
  Vrn3nK8Y4jJFI8nz7VlzfeRsLKW9HkYzLF3VumKQaH03Giu3JZTYuUQaADhlx8E1E
  9838MjENzX1Ay55AgGHUS4n1QjgXU3FWszPdoz3LWpRTTS5PcT_0BPfHlBEfEU_F5
  kq7_O7eQN1BT7TEHQNZVgVXEftEdD0VHakuqUJDYz5mRGKM1uUGbpsFME-Xo2miyg
  4rpGF4ACnZtjNezGV26qYTodnx0rc8BBkpTV8OtMGFqRxtvoJAtJdDT5cp6HT4mNM
  Qips7igZ5EIwHf8YdA2pvSF59I6_TTt1CKioFBArym8buf6TDjb8hb7Cg2p8t8ypS
  p5fl3p6TCD7iFfuEYYMBDs_EfRT5NuIO-Fn6F-9SeH3Oj_DxChBZ6lc9YSHsvc-mg
  Y38fag32odIcID_IGfreMWgsjS-mO5TNaUat8yL2tlg3JyZe-OM9YmvvwtM_XV1qf
  f3R4mQdTy_V5abKyh0FDPFj2kEnqtS-yqgr-sI2Ogyf8gQi5M9Vqv9f2ZU8osqSI-
  5YAXHV-9qrI_Pk7An7gB55eLrBQm3ovLABjyOZ5PYm1CWck5gBZAWeATEi0sJ6rfP
  1zMBeaHUVau_uiyTTa2gVXLZKLjKtRiOW779_-pVIFM-RZwi3dll9mTJFdU7rnMEQ
  X7sSGroLkYS5CE4D0uu5hHgsEU17u7f8x6jSeVxwUMG5JFPWBaSFFF699vw-Gbawp
  p_nnhNR-C7yY0kx1Rqmz6DkXcfLrq6lMLWkaClz-8629VKLg",
      {}
      ]}}

6.5. Publication

[Future: Consider eliminating this mechanism entirely and instead using messaging flows. The means of achieving this should become better apparent when the problem of publishing large messages via a pull mechanism is considered.]

The Publication mechanism allows content to be published through a Mesh Account and retrieved by means of the EARL mechanism described in Uniform Data Fingerprint [draft-hallambaker-mesh-udf]. This mechanism is used in certain flows supported by the Mesh Device Connection and Contact Exchange functions. There are two operations:

Claim

Post a claim to a published document

PollClaim

Check to see if a claim has been posted.

Content is published by appending an entry to an account's Publication catalog by means of a Transact operation. The content may then be retrieved by issuing a claim to the account specifying the publication identifier that is authenticated under the value specified in the EARL.

Use of the Publication catalog to post content necessarily requires that the content be smaller than the maximum message size imposed by the Mesh Service so that it can be uploaded to the service by means of a Transact transaction.

Publication of large data items will require modification of the protocol to support use of a detached message body. Transfer of a detached message body is outside the scope of this document.

6.5.1. Claim Transaction

The claim transaction is used to post a claim to a document published by means of an EARL. The claim interaction is used in the Static QR Code connection interaction but MAY be used for other purposes as required by Mesh applications.

A claim is made by sending a ClaimRequest message to the service to which the publication is posted. The service responds with a ClaimRespose message specifying the success or failure of the claim.

A device is preconfigured during manufacture and a Device Description published to the EARL:

The client claiming the publication creates a claim message specifying the resource being claimed and the address of the Mesh account making the claim.

{
  "MessageClaim":{
    "MessageId":"NAFD-ZIB6-VLZD-QO4O-6C5N-YII5-VLJJ",
    "Sender":"alice@example.com",
    "Recipient":"maker@example.com",
    "PublicationId":"EBQL-I4TF-ITF3-X4I3-QCHK-WK32-347R",
    "ServiceAuthenticate":"ADKJ-W4NY-ZRLB-PUSC-3OSI-UADE-SCJW",
    "DeviceAuthenticate":"ADSB-J6YC-B5R6-VJIA-GULG-LZIP-AEUO"}}

The message is signed by the claimant to make a RequestClaim to the service:

{
  "ClaimRequest":{
    "EnvelopedMessageClaim":[{
        "EnvelopeId":"MAPR-DUUH-WNG3-DQCP-6RRB-NCVC-2RM4",
        "dig":"S512",
        "ContentMetaData":"ewogICJVbmlxdWVJZCI6ICJOQUZELVpJQjYtVk
  xaRC1RTzRPLTZDNU4tWUlJNS1WTEpKIiwKICAiTWVzc2FnZVR5cGUiOiAiTWVzc2F
  nZUNsYWltIiwKICAiY3R5IjogImFwcGxpY2F0aW9uL21tbS9vYmplY3QiLAogICJD
  cmVhdGVkIjogIjIwMjItMDQtMjBUMTY6MTc6NTdaIn0"},
      "ewogICJNZXNzYWdlQ2xhaW0iOiB7CiAgICAiTWVzc2FnZUlkIjogIk5BRk
  QtWklCNi1WTFpELVFPNE8tNkM1Ti1ZSUk1LVZMSkoiLAogICAgIlNlbmRlciI6ICJ
  hbGljZUBleGFtcGxlLmNvbSIsCiAgICAiUmVjaXBpZW50IjogIm1ha2VyQGV4YW1w
  bGUuY29tIiwKICAgICJQdWJsaWNhdGlvbklkIjogIkVCUUwtSTRURi1JVEYzLVg0S
  TMtUUNISy1XSzMyLTM0N1IiLAogICAgIlNlcnZpY2VBdXRoZW50aWNhdGUiOiAiQU
  RLSi1XNE5ZLVpSTEItUFVTQy0zT1NJLVVBREUtU0NKVyIsCiAgICAiRGV2aWNlQXV
  0aGVudGljYXRlIjogIkFEU0ItSjZZQy1CNVI2LVZKSUEtR1VMRy1MWklQLUFFVU8i
  fX0",
      {
        "signatures":[{
            "alg":"S512",
            "kid":"MAMP-BX4G-AKK2-YHPA-IXJV-Z2KV-UXBW",
            "signature":"Fk2oDmBaKXmkf7vnvLHDNH8M6LRYHC1lD6VaypH6
  rgc0_uftuhH12Uitq0fgWMFNbvAyTaSdchKAPizuQisjvI_K5G6VOr8HnTft65UIW
  sFZjsj6vQjVb8j3oa5gCJPFQzbyn9khoO6irBTXGbfIJgAA"}
          ],
        "PayloadDigest":"B8c5TfDXr1GK6CgI8aFEXBWT35NCMN70f3HHreRr
  C5o5dGw04VA8YmUrW4tnSpYdVOBap0tSSQwGV8HnYVkd2w"}
      ]}}

The publication is found and the claim is accepted, the publication is returned in the response.

{
  "ClaimResponse":{
    "Status":201,
    "StatusDescription":"Operation completed successfully",
    "CatalogedPublication":{
      "Id":"EBQL-I4TF-ITF3-X4I3-QCHK-WK32-347R",
      "Authenticator":"ECXL-6FG3-37XK-J6GM-VR2W-4KUI-5BW7-JQRO-CYMW
-PIHF-6FSA-FQ6T-YXKG-K",
      "EnvelopedData":[{
          "enc":"A256CBC",
          "kid":"EBQO-52CW-B4C4-7MLL-5LZT-PJ7Y-Z3O6",
          "Salt":"YwqtqOhssmpR3cH8fZkGYw",
          "recipients":[{
              "kid":"EBQL-I4TF-ITF3-X4I3-QCHK-WK32-347R",
              "wmk":"i0Wx4i67v2s9XeUvtlmgAojKsuBzi_-B4MbLLHhJbVmM
  2FfwzN1YEA"}
            ]},
        "zpvCTGxohUkssrMsznDdzinzW-ioixuVZfdG_XqtFac38vFixkhZbhJH
  xGJIxFGRBOwEzF-rNu9bPHDacsXru3SnkYIQL9jw1Nx2ipOOduys0MijUJ99sUhhm
  JhW8mqzUroU_uh7yum8twTBK71eZIMX3FZxFnse5QeeD1KOadqcDV0hXNi2QAmEvp
  CZNTKiRroE1jxFv9PiVbdvvWXC8eIVTYqHrn3T9edfLxil819vubbDWJXz_DxI6JL
  QCX9MJTnZ7_6_AWBFyi9D3lzKdYOWbsOu8zJGotEpi9YXDGnPOojqmCPdyzEdIsUZ
  JIld_KuOv6fYa4wZ3AlTilSgbmAQG4KMYiV2a8Od0o2Uoqvi8yujAEv5qxl1A1Zk5
  i-K1ZxFHiAw5te9M5eCyEx34AONGIExXegDu1EAg_A14FCKhyKyn6bpvJOjR2RHZh
  84CgwiHZvVEtxTL0nY7r8mghvH3cxTzfW8nF9cS8-MwhhYNSdIXCcGkRl1FhyM5P6
  GRh_RODqm1QmlgBuJjLdaaEHYlaxRBqaT6jI8c2SlvAZAFfn3JxIErLU8r_gTW3G6
  KPn_JUqcRFVlRrQJcV-8uuTn6y7Sdv6RsXnJDQNlE0rAsb6jilU1Z-_CUeX6cTyAl
  UPb-TXlZsjWplTIlSrX65jCYasfcVnrC9ibIiU6zQBxYLOvTdVi6dTiuQ_OHJ8FbB
  mxtHFJwfjxoNqiuemwZ1yC-jGtaaFgDcAjp1i4AHsZSVUHl2f9hbRPWCTB2WlaXy1
  gohp-x_Ft7mUD4JibMjDUPb1Sxjtk5ZAq6bXWnEz7cEDNR8JgujeU_0RukN3CEvWR
  SyQ-6LWX4svntzUcdffqFmD6MjXnNLxkUgG6bBxmc-caUDRGBEHl-UUxzWY30yVXs
  UcEQCg-9bscVIwYgQFzTKAP4zNXH7lUXGM3p7wf9yRs__GYncfVcDGWsemYHFDGp2
  3ApBI9LEUbhR_h-hIBjSEu61cFCzpC5dQsGLIUv8i-J-nWEt7_OWg3he2FgYn5_2-
  IQ4tF9qGnt2v5wfcfIL60B03hSaDIDnrvDFtXqmz8At6fgZOAFYy9IE9TSXLyhZSq
  88c0nq5293Z5kiz_XgneRLAPhWsHMd609AEarSKq9UJQzj4fF32iIj377XZCwOp87
  RFomBwhCXYwloTAeegJwTDfo3hdUdbWl1DPhj4zpO5Vpzsn3zu1qHjBDRCbzeuYg5
  XVoAKX4Oe6uo9H8UlbmEHNG0vEi47ko8HgZ_M41Xz2TGyrsJxKVkhJK7J8_-RQlrx
  BgXr0Lhkhc3fJY7IVPtJCMw5gUpxbfa5cUqRChYx-RLOusz2IUTgc9c0yXWwZiiAG
  pG_oeTBHnp6_U0FxPzIeP3QjhmQpGgDdd2HLnHcGWkEhhpvqbwaSr8USdYRo0t7CH
  C1Fvjjdn0oICdRQyTpT4n6XuDMcs6DLggrW4BnKFUfuYmv6dIg6Q1o3AM9p3W1-zl
  M3AkPguPkRvW-tnrmMy7liUXzCKdd3Vv2-9i7IaiTBQMZYcnrWuRMFdBA6WkJbgnj
  -Od2EgwZ-Dux4aPB1ra53r49wERYxTTrRSQhW9aSQxHM2YRjIK0NolmAn9zLOLtdK
  lepTqmKmXSMLuHosFxMdlHgDUb3rqL_CmIJ8naiprf8juxLWTw6w0OUlNZYTUWf1v
  TRr_VeeXLHU1lL5Ob-nQyQb66UZw2Lh-iP-VdsdJo7juL4-S_uO5g2bYGBklclF7i
  XMOpxxBiZw7wQ4VVz_B_4RV7twqeAbVPkfe8yCgCYCwogy-x-cf6wMbKdq5w9qFWm
  A9dwHFEt7e8eKAqh0PoQKJhSm2e94UL_wEgvdNrTb_fQuGHxKxpM27T8qBQVRzsrz
  -IGwi1MeUS9vM5N3DXnQYj4cO5j5aZSQR37sJfjrtkNC7vNguVDu5PRCcWWCr8J3z
  aJlMW5XaS4QXMEeZzzKYmOr6ZBJ6CAVVwBudsM7M5Y-mc1qAIe6pkUEngLOOP-OBm
  Rt1Oj0ZH0-HlpeRfaB0TBJe67M397xOi9d39uP5CjDUqvTbsQzf7_Kh8BDGxtXjSZ
  UZqGr4UU80x9UuNgmdkLppxz7EjIWQ6qsp9xE9sX9cMxE3uRNlB-xFgRdiEHbbAfj
  cyOr2UUbR4YMrXNDHs5szAMyAXuwJbzDGvlXmDuMyDW4sVstmcuVoRs-uM8Y157o4
  wsg_XbSL5u6H3Z6QXP7vPN6oyHc3lqMkFRU5sHR9zRpgCCSi2YmWU609HGUBPYj1H
  hSi-bkg5T7zA_pnsRWRNIDPSrEHDadXBxs7YDyMxkPQ2ML3j-7zGi8rz46eyV4sAb
  T8xOAiCfzLfjrJtGaXO04PYLXRdxD-bWeTPORtAUIXukkbCoCfMxfDd3JKDR-QvTO
  OUhOTnO-9yWnlJucrFpE5syujJz6awo95ZULiayBGPY0QxnnNOH3CER_cTb7DjSwF
  i_gcTE3q1dtyQAexMj7tj-h30qjEjt3j-72_2pw-gTY_akNJeyc6iTfcJsa4ldI0V
  A_m-ErjTpWA6AkiJ61hfLg4KZai3RiWPQWOHvNGQGX4TC3lCwNto_sJO7vjjKFfEl
  Eb2GuVgiuFcBCcOWBWE9LTBs5EAYNcwCPeG0dXv73GBuTupnJvZWHLhw4lRCV4ju4
  OqhsrkOR7fGnXsPDJrvlrlvYQsJUblfiBjGUN9UJy_Vgd5eAvNWLMonk2oyxpJCXw
  NOO5nNVtzplH3PE1ZzhR_YjbEg1gXUWkPRpETpKMXDfjVe1Y6Wh2x4boRtzRMls_V
  J-Y1yrHSuYex-xOkN0GcEou_0t_gGtHIkjEu1-kIu74osRiEV4cvBQEJH2V1r-B5Q
  VjUmdAVWsODhtp_yH87KYCksKqwYITOIqaUWHUThg-R0tD94urJ0wHFlxNFRcxZvC
  ZKr9EuxtmWQq9lVr9UGQzZqL09-ddnuNru6LFDPgjOT4bfCTy32mtIj7vhwZ47BWm
  4BrOKA0GNghJziGNFXwsZz1ZPjv3Cy_knTA23osoygx6i0khg"
        ]}}}

The device waiting to be connected uses the PollClaim transaction to receive notification of a claim having been posted.

6.5.2. PollClaim Transaction

The PollClaim transaction is used to discover if a claim has been posted to a published document.

When an authenticated, authorized request is made, the service responds with the latest claim posted to the publication.

The device in the example above periodically polls the service to which the device description is published to find if a claim has been registered.

The PollClaimRequest contains the account to which the document is published and the publication ID:

{
  "PollClaimRequest":{
    "PublicationId":"EBQL-I4TF-ITF3-X4I3-QCHK-WK32-347R",
    "TargetAccountAddress":"maker@example.com"}}

The response returns the latest claim made as signed message:

{
  "PollClaimResponse":{
    "Status":201,
    "StatusDescription":"Operation completed successfully",
    "EnvelopedMessage":[{
        "PayloadDigest":"B8c5TfDXr1GK6CgI8aFEXBWT35NCMN70f3HHreRr
  C5o5dGw04VA8YmUrW4tnSpYdVOBap0tSSQwGV8HnYVkd2w",
        "EnvelopeId":"MDLZ-5ED3-2Z6P-XJXW-THGA-Q37Z-F6VL",
        "dig":"S512",
        "signatures":[{
            "alg":"S512",
            "kid":"MAMP-BX4G-AKK2-YHPA-IXJV-Z2KV-UXBW",
            "signature":"Fk2oDmBaKXmkf7vnvLHDNH8M6LRYHC1lD6VaypH6
  rgc0_uftuhH12Uitq0fgWMFNbvAyTaSdchKAPizuQisjvI_K5G6VOr8HnTft65UIW
  sFZjsj6vQjVb8j3oa5gCJPFQzbyn9khoO6irBTXGbfIJgAA"}
          ],
        "ContentMetaData":"ewogICJVbmlxdWVJZCI6ICJOQUZELVpJQjYtVk
  xaRC1RTzRPLTZDNU4tWUlJNS1WTEpKIiwKICAiTWVzc2FnZVR5cGUiOiAiTWVzc2F
  nZUNsYWltIiwKICAiY3R5IjogImFwcGxpY2F0aW9uL21tbS9vYmplY3QiLAogICJD
  cmVhdGVkIjogIjIwMjItMDQtMjBUMTY6MTc6NTdaIn0",
        "SequenceInfo":{
          "Index":1,
          "TreePosition":0},
        "Received":"2022-04-20T16:17:57Z"},
      "ewogICJNZXNzYWdlQ2xhaW0iOiB7CiAgICAiTWVzc2FnZUlkIjogIk5BRk
  QtWklCNi1WTFpELVFPNE8tNkM1Ti1ZSUk1LVZMSkoiLAogICAgIlNlbmRlciI6ICJ
  hbGljZUBleGFtcGxlLmNvbSIsCiAgICAiUmVjaXBpZW50IjogIm1ha2VyQGV4YW1w
  bGUuY29tIiwKICAgICJQdWJsaWNhdGlvbklkIjogIkVCUUwtSTRURi1JVEYzLVg0S
  TMtUUNISy1XSzMyLTM0N1IiLAogICAgIlNlcnZpY2VBdXRoZW50aWNhdGUiOiAiQU
  RLSi1XNE5ZLVpSTEItUFVTQy0zT1NJLVVBREUtU0NKVyIsCiAgICAiRGV2aWNlQXV
  0aGVudGljYXRlIjogIkFEU0ItSjZZQy1CNVI2LVZKSUEtR1VMRy1MWklQLUFFVU8i
  fX0",
      {}
      ]}}

6.6. Cryptographic

The Operate transaction is used to perform one or more cryptographic operations using private key material recorded in the Threshold Catalog. Such operations typically represent one part of a threshold key operation divided between the service and a device connected to an account.

As with all operations involving the Access catalog, the request MUST meet the authentication criteria specified by the catalog entry. These typically include the request being authenticated by a specific key.Key Agreement

CryptographicOperationKeyAgreement is used to request a threshold key agreement operation on a specified public key.

Alice added Bob to groupw@example.com as a member. This resulted in Bob receiving the invitation described in section ??? and the following access entry being added to the Access catalog of the group account:

{
  "CatalogedAccess":{
    "Capability":{
      "CapabilityDecryptServiced":{
        "Id":"MAPK-LBYY-2G6S-7Y2F-7KWO-KZQC-2IEW",
        "Active":true,
        "GranteeUdf":"bob@example.com",
        "EnvelopedKeyShare":[{
            "enc":"A256CBC",
            "kid":"EBQA-LO4N-N2FL-U23L-SKWO-POAW-VDLW",
            "Salt":"FXW3PsFesjcC6fDC3dHHMg",
            "recipients":[{
                "kid":"MAJY-65KP-C67E-LFXP-Q3XI-ZHZF-GNHV",
                "epk":{
                  "PublicKeyECDH":{
                    "crv":"X448",
                    "Public":"CcZftsANqPybF3CXKG4neCPC5mLKeBaFIwv
  tkGBThR8QlqtAp0Gr-XevcrOlbqxhKP2kfxQQyxuA"}},
                "wmk":"VAR6_ezf8hgETm61CJ4CUOw66l_f8YKwG65_GYE96W
  5b_VeZNoOiHQ"}
              ],
            "ContentMetaData":"ewogICJNZXNzYWdlVHlwZSI6ICJLZXlEYX
  RhIiwKICAiY3R5IjogImFwcGxpY2F0aW9uL21tbS9vYmplY3QiLAogICJDcmVhdGV
  kIjogIjIwMjItMDQtMjBUMTY6MTc6NDlaIn0"},
          "5HYVc-1SfcKj29O6UyNv_CptjRl-gy3hjp42VUdTi032r7Yamt4xmE
  hByPQgpVetmoFayOWc9V8GILPMbrQ8LO8OwHD35Fio_OfX1PLe8or5AuBylbF9y9f
  3S25QD9WupYJJN0L2m8hbia3LLbU-BcVSrmI0OjB7tkeEgp6vmboTGv9QQxSSrMTQ
  5v8Le6dtJhuUqwyj7JJA76oBWk8ZzibJ6hQLT1v5owABTPMxq1fGNRv2RgDtz4tpy
  deUBq5Gp9B0WKSKBCfOGFzNcunXbA5AbXWkORK4s07fZ42EsWiwkrncFRQqKTvomX
  37CHtJo4kJkoyhbQWAwcLHaeo5DQrWBHJq6p2evWH4Z0gW_ZB9f3UiuW3jEOj-wvG
  mYI5Mfo0Y5YEqy8iuOmo2KI3qDTAfWE_PID-4V2IWKhGibz7mqOy8pFMBUZXySwmY
  w-M8Wti61wlST10kPaivW-0hS86MWGYlfzrVP3GqWkqNfHBuI-1iHwe3nNz2npsI0
  Z3QnYr5VB-Q-ifkQZrYiTkPLKNAf_rR0-2le4lVBMasJJpk3cISt2V27RqxglrzX4
  nSh0abD-7jBuAr-h7dH4abak2zkcQWqqe1bVjSfQ8OS6on4auWb4ZmJHY_cBCz3Br
  wTer6j-0r1UWTtQg0V4SuEDLaR0VCqrQhiLgEdLENBzESJqa1x0vQHQeciteoBDa_
  CdQCdzPUYycikRI778ElNg"
          ]}}}}

The private key (in this case a key share) is encrypted under the service key.

To make use of the access entry, a request is made that specifies the key share to be operated on and the public key parameters to perform the agreement with.

The request payload:

{
  "OperateRequest":{
    "AccountAddress":"groupw@example.com",
    "Operations":[{
        "CryptographicOperationKeyAgreement":{
          "KeyId":"MAPK-LBYY-2G6S-7Y2F-7KWO-KZQC-2IEW",
          "PublicKey":{
            "PublicKeyECDH":{
              "crv":"X448",
              "Public":"7BkA7YrtcC7GrNRvyX0es1xOgNeUmSPFgLPsK8Xy-
  y8kaCqguTYD4BzWGBZi5a6KafeQQV6DwKcA"}}}}
      ]}}

The service checks to see if the request is authorized and if so, performs the operation and returns the result:

{
  "OperateResponse":{
    "Status":201,
    "StatusDescription":"Operation completed successfully",
    "Results":[{
        "CryptographicResultKeyAgreement":{
          "KeyAgreement":{
            "KeyAgreementECDH":{
              "Curve":"X448",
              "Result":"RK_nkdnG2HF8Xm79VfrFpufigvIldNPo16ZIFf4-E
  GJaqRaHIBNVbDs-bTfS30FuJkadIzvfzQwA"}}}}
      ]}}

Future: Currently, the access catalog is encrypted under the service encryption key. It would be better to encrypt the catalog under an encryption key specified by the service during the process of account binding. This would allow a service to assign a unique encryption key to each account and limit access to that key to the hosts servicing that specific account.

6.6.1. Generate Key Shares

Generation of threshold key shares is planned but not currently supported.

6.6.2. Threshold Sign

Threshold signature is planned but not currently supported.

6.7. Messaging

Mesh Messaging is an asynchronous messaging service that allows exchange of information between devices connected to a Mesh account and between Mesh users.

To enable effective abuse mitigation, Mesh Messaging enforces a four-corner communication model in which all outbound and inbound messages pass through a Mesh Service which accredits and authorizes the messages on the user's behalf.

B M P M P A e l i c e ' s b ' l B o c o A s S S i b
Figure 2: The Mesh Four Corner Messaging Model

The Post transaction is only used to exchange messages between services. The client sends and receives messages through interactions with the outbound and inbound spools of the account.

6.7.1. Sender.

To send a message, the client creates the Mesh Message structure, encapsulates it in a DARE Message and appends the message to the Outbound spool of the account using the Transact operation..

The DARE Message MUST be signed under the account signature key.

The Mesh Service receiving the message from the user's device MAY attempt immediate retransmission or queue it to be sent at a future time. Mesh Services SHOULD forward messages without undue delay.

6.7.2. Outbound Service

The Post transaction forwarding the message to the destination service carries the same payload as the original request but is authenticated by the service forwarding it. This authentication MAY be my means of either profile or ticket authentication.

>>>> Unfinished ProtocolPostServiceService

[Not Yet Implemented]

After the message has been sent, the service updates the message status on the outbound spool.

Services SHOULD implement Denial of Service mitigation strategies including limiting the maximum time taken to complete a transaction and refusing connections from clients that engage in patterns of behavior consistent with abuse.

The limitation in message size allows Mesh Services to aggressively time out connections that take too long to complete a transaction. A Mesh Service that hosted on a 10Mb/s link should be able to transfer 20 messages a second. If the service is taking more than 5 seconds to complete a transaction, either the source or the destination service is overloaded or the message itself is an attack.

Imposing hard constraints on Mesh Service performance requires deployments to scale and apply resources appropriately. If a service is attempting to transfer 100 messages simultaneously and 40% are taking 4 seconds or more, this indicates that the number of simultaneous transfers being attempted should be reduced. Contrawise, if 90% are completed in less than a second, the number of threads allocated to sending outbound messages might be increased.

6.7.3. Inbound Service

The inbound service MUST subject inbound messages to Access Control according to the credentials presented in the DARE Message payload.

After verifying the signature and checking that the key is properly accredited in accordance with site policy, the service applies authorization controls taking account of:

  • The accreditation of the sender
  • The accreditation of the transmitting Service
  • The type of Mesh Message being sent
  • User policy as specified in their Contact Catalog
  • Site policy.

6.7.4. Recipient

Messages are received by synchronizing the outbound spool.

7. Access Control

[This section to be expanded in future drafts]

Access control is effected through the usual division of authentication and authorization.

Authentication of operation requests is performed by the RUD layer [draft-hallambaker-mesh-rud] .

7.1. Direct authorization

Any request authenticated under the profile authentication key is authorized to perform any account operation without restriction.

7.2. Access Catalog authentication

If the authentication key presented has a matching Access Catalog entry, the device is authorized to perform operations as specified in that entry.

8. Message Interactions

Message interactions are asynchronous interactions that occur between devices connected to the same account or between accounts.

All messages are signed by the sender and encrypted under the encryption key of the recipient if this is known to the sender.

8.1. Message PIN Interaction

The Message PIN Interaction is used to register and validate PIN codes used to authenticate certain transactions. This interaction allows a PIN code issued by one device to be consumed by another allowing for greater convenience in managing devices or contact exchange.

For example, Alice might delegate the PIN code issue privilege to her mobile device without delegating the administration privilege to that device. This would allow Alice to use her mobile device to initiate the connection of a large number of devices to her Mesh as her house is being built and approve them later using her administrative device.

Use of the Message PIN interaction is optional. An application that issues a PIN code to authenticate a message MAY store the PIN value within the application without persisting it to external storage.

Derivation of the SaltedPin, MessageId and Witness values from their respective inputs is described in the Schema Reference [draft-hallambaker-mesh-schema].

8.1.1. Registration

To register a PIN code to an Account, a device:

  • Generates the PIN code value
  • Calculates the SaltedPin value for the specified Action
  • Calculates the PinId binding the specified SaltedPin to the Account.
  • Creates and signs MessagePin containing the SaltedPin , Action and Account values with the MessageId value PinId.
  • Appends the MessagePin value to the Administration Spool of the Account.

Note that this construction provides limited protection against forgery attacks by a party with access to the MessagePin. A party with such access can use it to construct the witness value required to authenticate a request.

PIN Code values consist of an opaque sequence of octets represented as a UDF nonce value. Codes are presented in canonical UDF form, i.e. Base32 encoding separated into groups of 4 characters. The PIN value is converted to binary form for calculation of the SaltedPin, thus ensuring that the canonical form of the PIN value is used.

8.1.2. Authentication

The PIN Code value is passed out of band to a user who will enter it into a device to authenticate a request made to the issuer.

A request that MAY be validated by means of a PIN is a subclass of MessagePinValidated and contains the following fields:

AuthenticatedData

A DARE Envelope containing the data that is authenticated.

ClientNonce

A nonce value used to prevent certain replay attacks.

PinId

Digest value binding the SaltedPin to the Account.

PinWitness

Witness value calculated as KDF (Device.UDF + AccountAddress, ClientNonce)

The device uses the PIN code and Action identifier corresponding to the desired request to calculate the SaltedPin value in the same manner as during registration. This value is then used to calculate the PinId and PinWitness values.

8.1.3. Validation

The PIN code is validated by performing the steps of:

  • Calculating the SaltedPin value from the PIN code and Action
  • Calculating PinId from SaltedPin and Account
  • Retrieving a MessagePin from the Administration spool with the MessageId PinId.
  • Calculating the PinWitness value from SaltedPin, ClientNonce and AuthenticatedData and checking this matches the value specified in the message.
  • Performing the requested action.
  • Posting a Complete message to the Administration Spool of the Account marking the PIN code as used.

This process can fail at multiple points resulting in different error results:

PinInvalid

No PIN code is specified, the Pin code indicates an unsupported algorithm or the calculated PinWitness does not match the one specified by the request.

PinUsed

The PIN code has been used previously.

PinExpired

The PIN code is no longer valid.

Note that in the case that an attempt is made to reuse a PIN, it is not automatically the case that the first use of the PIN was the one that was valid and only the second attempt was invalid. Implementations SHOULD alert the user to the attempted re-use so that this possibility can be considered and appropriate action taken.

8.1.4. Example

Alice connects a device using a QR code presented by her administrative device.

The administration device creates a PIN code and records it to the Local spool. The message specifies the salted pin value used to verify attempts to use the PIN, the action for which it is authorized. Since this PIN has been issued to authorize a device connection, the roles for which the device are authorized as well. This allows the connection request to be accepted without asking for further input from the user.

{
  "MessagePin":{
    "MessageId":"ACKJ-BKB3-J77B-G7HZ-DFKS-E26L-NHXW",
    "Account":"alice@example.com",
    "Expires":"2022-04-21T16:17:50Z",
    "Automatic":true,
    "SaltedPin":"AAV6-EBKF-JIUO-B2UV-UQX7-OKHB-OAAX",
    "Action":"Device",
    "Roles":["threshold"
      ]}}

8.2. Completion Interaction

Completion messages are dummy messages that are added to a Mesh Spool to mark a change the status of messages previously posted. Any message that is in the inbound spool and has not been erased or redacted MAY be marked as read, unread or deleted. Any message in the outbound spool MAY be marked as sent, received or deleted.

Services MAY erase or redact messages in accordance with local site policy. Since messages are not removed from the spool on being marked deleted, they may be undeleted by marking them as read or unread. Marking a message deleted MAY make it more likely that the message will be removed if the sequence is subsequently purged.

After using the PIN code to authenticate connection of a device in the previous example, the corresponding MessagePin is marked as having been used by appending a completion message to the Local spool.

{
  "MessageComplete":{
    "MessageId":"NDM2-SXYM-M65H-CDTB-ROIB-KTKW-IN4R",
    "References":[{
        "MessageId":"ACKJ-BKB3-J77B-G7HZ-DFKS-E26L-NHXW",
        "ResponseId":"MCXK-BPYI-YM5Y-N4LL-SFZV-FXIC-AHX2",
        "Relationship":"Closed"}
      ]}}

The completion message is added to the spool in the same upload transaction that adds the device to the device catalog. This ensures that both operations occur or neither occurs.

8.3. Contact Exchange Interaction

The contact exchange interaction is used to support unilateral or mutual exchange of contact information. Contact exchange has three functions in the Mesh:

  • To exchange public key information to allow encryption of messages sent to and verification of signatures on messages sent from the contact subject.
  • To exchange contact information allowing use of other communication protocols (e.g. telephone, SMS, xmpp, SMTP, OpenPGP, S/MIME, etc).
  • To request that the recipient grant privileges to accept certain types of messages from the contact subject.

Registration of the subject's contact information in a registry service eliminates the need for the first of these functions but not the other two. To prevent abuse, every Mesh Message is subject to access control and a Mesh service will only accept a message from a sender if there is an entry in the Threshold Catalog of the account that expressly permits delivery of messages of the specified type that are authenticated by an authorized signature key.

The communication of unsolicited information afforded by the contact exchange interaction is deliberately limited so that a majority of users can accept contact exchange requests without prior authorization. It is however likely that some users will receive a considerable volume of requests forcing them to require contact requests be authorized through some form of third party accreditation.

8.3.1. Remote

The Remote Contact Exchange transaction consists of a sequence of MessageContact messages sent from the initiator to the responder, responder to the initiator, etc. While there is in principle no limit on the number of messages exchanged, most exchanges will be completed in three exchanges or less:

Initiator to Responder

Contains Initiator contact data without authentication context from the exchange.

Responder to Initiator (optional)

Contains Responder contact data authenticated under a PIN challenge presented in the previous message.

Initiator to Responder (optional)

Contains Initiator contact data authenticated under a PIN challenge presented in the previous message.

Each message provides the recipient with additional information which MAY motivate the recipient to provide additional contact information to the sender.

{
  "MessageContact":{
    "MessageId":"NBBX-LUP5-63JW-AJ6G-5UFG-TYWA-Y6IY",
    "Sender":"bob@example.com",
    "Recipient":"alice@example.com",
    "AuthenticatedData":[{
        "dig":"S512",
        "ContentMetaData":"ewogICJNZXNzYWdlVHlwZSI6ICJDb250YWN0UG
  Vyc29uIiwKICAiY3R5IjogImFwcGxpY2F0aW9uL21tbS9vYmplY3QiLAogICJDcmV
  hdGVkIjogIjIwMjItMDQtMjBUMTY6MTc6MzFaIn0"},
      "ewogICJDb250YWN0UGVyc29uIjogewogICAgIkFuY2hvcnMiOiBbewogIC
  AgICAgICJVZGYiOiAiTURSUy1JS01QLVM2U1otTVI1TS1HT0lKLVNJSFMtVzVTSiI
  sCiAgICAgICAgIlZhbGlkYXRpb24iOiAiU2VsZiJ9XSwKICAgICJOZXR3b3JrQWRk
  cmVzc2VzIjogW3sKICAgICAgICAiQWRkcmVzcyI6ICJib2JAZXhhbXBsZS5jb20iL
  AogICAgICAgICJFbnZlbG9wZWRQcm9maWxlQWNjb3VudCI6IFt7CiAgICAgICAgIC
  AgICJFbnZlbG9wZUlkIjogIk1EUlMtSUtNUC1TNlNaLU1SNU0tR09JSi1TSUhTLVc
  1U0oiLAogICAgICAgICAgICAiZGlnIjogIlM1MTIiLAogICAgICAgICAgICAiQ29u
  dGVudE1ldGFEYXRhIjogImV3b2dJQ0pWYm1seGRXVkpaQ0k2SUNKTlJGSlRMVWxMV
  FZBdFV6WlRXaTEKICBOVWpWTkxVZFBTVW90VTBsSVV5MVhOVk5LSWl3S0lDQWlUV1
  Z6YzJGblpWUjVjR1VpT2lBaVVISnZabWxzWgogIFZWelpYSWlMQW9nSUNKamRIa2l
  PaUFpWVhCd2JHbGpZWFJwYjI0dmJXMXRMMjlpYW1WamRDSXNDaUFnSWtOCiAgeVpX
  RjBaV1FpT2lBaU1qQXlNaTB3TkMweU1GUXhOam94Tnpvek1Wb2lmUSJ9LAogICAgI
  CAgICAgImV3b2dJQ0pRY205bWFXeGxWWE5sY2lJNklIc0tJQ0FnSUNKUWNtOW1hV3
  gKICBsVTJsbmJtRjBkWEpsSWpvZ2V3b2dJQ0FnSUNBaVZXUm1Jam9nSWsxRVVsTXR
  TVXROVUMxVE5sTmFMVTFTTgogIFUwdFIwOUpTaTFUU1VoVExWYzFVMG9pTEFvZ0lD
  QWdJQ0FpVUhWaWJHbGpVR0Z5WVcxbGRHVnljeUk2SUhzCiAgS0lDQWdJQ0FnSUNBa
  VVIVmliR2xqUzJWNVJVTkVTQ0k2SUhzS0lDQWdJQ0FnSUNBZ0lDSmpjbllpT2lBaV
  IKICBXUTBORGdpTEFvZ0lDQWdJQ0FnSUNBZ0lsQjFZbXhwWXlJNklDSnNWa3RGU20
  4elpYaDVSMEZPWHpsS1pXRgogIEdhbkZJTW1KbWFqaHlNMDAyYXpjMVlrMHlWMUpY
  YUMxVlRqSmFUbXg2VFhWaUNpQWdObmxXTW01UFNIcGpOCiAgVjlPVGpCZlh6ZG5Wb
  mQ1YWtWQkluMTlmU3dLSUNBZ0lDSkJZMk52ZFc1MFFXUmtjbVZ6Y3lJNklDSmliMk
  oKICBBWlhoaGJYQnNaUzVqYjIwaUxBb2dJQ0FnSWxObGNuWnBZMlZWWkdZaU9pQWl
  UVVJUU3kxRlZVaFRMVkZZUgogIDBRdFRFdFBSaTFCVmtNM0xWWXlVa2d0VEZZMldp
  SXNDaUFnSUNBaVJYTmpjbTkzUlc1amNubHdkR2x2YmlJCiAgNklIc0tJQ0FnSUNBZ
  0lsVmtaaUk2SUNKTlJFSlFMVlJSUjFJdFRFWkZTeTFFTlUxS0xVTXpObGt0U0V0Sl
  EKICB5MUNTVUpISWl3S0lDQWdJQ0FnSWxCMVlteHBZMUJoY21GdFpYUmxjbk1pT2l
  CN0NpQWdJQ0FnSUNBZ0lsQgogIDFZbXhwWTB0bGVVVkRSRWdpT2lCN0NpQWdJQ0Fn
  SUNBZ0lDQWlZM0oySWpvZ0lsZzBORGdpTEFvZ0lDQWdJCiAgQ0FnSUNBZ0lsQjFZb
  XhwWXlJNklDSTRhMWhaVUcxbU4wMXhSVlV3ZDFaTFJUQldTbkpHVVhaTU9XZFlRbW
  gKICBFV0dKaFEybFhkMDlrZUVwUFN6WlJjWEZqT1hsYUNpQWdRMDkxT0RGb2ExY3l
  TRGRKZFhoc1dXUlBZMDVOWQogIGtWQkluMTlmU3dLSUNBZ0lDSkJaRzFwYm1semRI
  SmhkRzl5VTJsbmJtRjBkWEpsSWpvZ2V3b2dJQ0FnSUNBCiAgaVZXUm1Jam9nSWsxQ
  1F6WXRVa3BSUVMxUFJFcFBMVVJXV2tndFVGbENOaTFJV1U5U0xWUXlNbGNpTEFvZ0
  kKICBDQWdJQ0FpVUhWaWJHbGpVR0Z5WVcxbGRHVnljeUk2SUhzS0lDQWdJQ0FnSUN
  BaVVIVmliR2xqUzJWNVJVTgogIEVTQ0k2SUhzS0lDQWdJQ0FnSUNBZ0lDSmpjbllp
  T2lBaVJXUTBORGdpTEFvZ0lDQWdJQ0FnSUNBZ0lsQjFZCiAgbXhwWXlJNklDSmtNM
  kZPY0VGdmJEaEJWbkJPVlUxelVrdDZUbWc0TFhkQlF6SXlWWEoxTkZSTVVtNUZWa1
  IKICBtUkROWWJrRXhYemhKVjNCTENpQWdNMjlyVEdFd1h6QnZNQzFvWWpGWGJpMXN
  OR2czVkMxQkluMTlmU3dLSQogIENBZ0lDSkRiMjF0YjI1RmJtTnllWEIwYVc5dUlq
  b2dld29nSUNBZ0lDQWlWV1JtSWpvZ0lrMUVTMDh0VkVkCiAgSlNTMVlVVU15TFZJM
  VRFY3RWRnBHU3kxQlNWWklMVE0zVkZRaUxBb2dJQ0FnSUNBaVVIVmliR2xqVUdGeV
  kKICBXMWxkR1Z5Y3lJNklIc0tJQ0FnSUNBZ0lDQWlVSFZpYkdsalMyVjVSVU5FU0N
  JNklIc0tJQ0FnSUNBZ0lDQQogIGdJQ0pqY25ZaU9pQWlXRFEwT0NJc0NpQWdJQ0Fn
  SUNBZ0lDQWlVSFZpYkdsaklqb2dJbWh5WVVGaGVqaHRVCiAgSHBpTVRaWFp6Wm9hR
  1ZRV0VzdGNteFBhRXBCTlhadWMwVTJZMGxSY1RGTVFqUXdkRkpTWlhwNWN5MEtJQ0
  EKICB3UVhCRGNYVkVVMHRGU2poeVNqQmZSVXBmYmpOcU1rRWlmWDE5TEFvZ0lDQWd
  Ja052YlcxdmJrRjFkR2hsYgogIG5ScFkyRjBhVzl1SWpvZ2V3b2dJQ0FnSUNBaVZX
  Um1Jam9nSWsxQ1NqVXRXRnBNTXkxVldVRllMVUpYVVVZCiAgdFUxTk9UaTFSVGpkY
  UxUZFpWa2tpTEFvZ0lDQWdJQ0FpVUhWaWJHbGpVR0Z5WVcxbGRHVnljeUk2SUhzS0
  kKICBDQWdJQ0FnSUNBaVVIVmliR2xqUzJWNVJVTkVTQ0k2SUhzS0lDQWdJQ0FnSUN
  BZ0lDSmpjbllpT2lBaVdEUQogIDBPQ0lzQ2lBZ0lDQWdJQ0FnSUNBaVVIVmliR2xq
  SWpvZ0lsZFNNREl3WTNkb2RVWkhOVFV5YUVsRlRraGlaCiAgbnB5U0dadk1UUklOV
  zR5WW1oTGVtdEpTRmRCY1dreFNWUkVSM1ZCZWxJS0lDQmZaRU16YTFOUlN6WnhXa3
  QKICBUZDFZM2IxUkxlVEZRVFVFaWZYMTlMQW9nSUNBZ0lrTnZiVzF2YmxOcFoyNWh
  kSFZ5WlNJNklIc0tJQ0FnSQogIENBZ0lsVmtaaUk2SUNKTlFVbFpMVVJETmtjdFEw
  ZExTQzFJTTBkT0xVSk1NazR0UjBoV1RpMDFTRlJISWl3CiAgS0lDQWdJQ0FnSWxCM
  VlteHBZMUJoY21GdFpYUmxjbk1pT2lCN0NpQWdJQ0FnSUNBZ0lsQjFZbXhwWTB0bG
  UKICBVVkRSRWdpT2lCN0NpQWdJQ0FnSUNBZ0lDQWlZM0oySWpvZ0lrVmtORFE0SWl
  3S0lDQWdJQ0FnSUNBZ0lDSgogIFFkV0pzYVdNaU9pQWlOV1JOTUhWS1ptWmZkMnBQ
  VGpCS1RqSmxTbWswWm01bFUzSXlZVk5FTURrdFEyVXpTCiAgbWhDZWpkaVIzVkdkV
  VpLV0c1ck53b2dJSFpCTFU5ZlRqZFBTM0pKTm01SmRXTlVPVWxRY0Rjd1FTSjlmWD
  EKICA5ZlEiLAogICAgICAgICAgewogICAgICAgICAgICAic2lnbmF0dXJlcyI6IFt
  7CiAgICAgICAgICAgICAgICAiYWxnIjogIlM1MTIiLAogICAgICAgICAgICAgICAg
  ImtpZCI6ICJNRFJTLUlLTVAtUzZTWi1NUjVNLUdPSUotU0lIUy1XNVNKIiwKICAgI
  CAgICAgICAgICAgICJzaWduYXR1cmUiOiAiYXFKYlpWeEtSUmpOd0d1Z1haVlU1R1
  JxWXZBeHlmcERNRFV3MFJYbEhYYmR0QmNaTwogIEY3d3lrWFlaU3BvRUM0aGN1ekF
  UUkVnVHl5QUZsOG90N2E4WENpN0RnODB2OWM1UEpZMkt3ZVBSU3ZpMEtyCiAga0JZ
  cmFlZFFYQk85c2FOM2VQckx5Y0MydnJBblRyaG1NX29QcVhUNEEifV0sCiAgICAgI
  CAgICAgICJQYXlsb2FkRGlnZXN0IjogImVtMzNVaThibHpRY2c4UkQwUGVhRWVnU0
  E2a3VyWHZWMVlKMTFabWVOZ2NPRwogIGU0WXByX0xIR3E2MV9GTVFMMW95Wllpb3c
  yN0VWczFxUzBUOWU3OFBnIn1dLAogICAgICAgICJQcm90b2NvbHMiOiBbewogICAg
  ICAgICAgICAiUHJvdG9jb2wiOiAibW1tIn1dfV19fQ",
      {
        "signatures":[{
            "alg":"S512",
            "kid":"MAIY-DC6G-CGKH-H3GN-BL2N-GHVN-5HTG",
            "signature":"yWGvlnNlKnAHGDTgYMZtYe_mGvnmnzupiMneOegh
  KkOW6hZf-vkTR6AkBhmwM7PZH5xlVpdUe00AHIi0ie7deWnL6K5bEhhLiBBGY_ScB
  aVAVqWAkbrfSYehAWvfvCIPyZKzFQYIZ9no0WjGcA-9dSAA"}
          ],
        "PayloadDigest":"eq6Tg7DxnJr8SUf0nchazBLn3FBsYWLvZlAbxW2x
  a_FsQ2kkhx5C8NymLau-Hg9_UaP1NM0eS9Nw2CRRcObbpw"}
      ],
    "Reply":true,
    "Subject":"alice@example.com",
    "PIN":"ADFZ-RDXJ-IICY-KX57-X6LH-ABQY-IBKQ"}}

The Mesh Contact Exchange transaction does not provide for validation of the contact information beyond the binding to the Mesh Account Address used to perform the exchange.

8.3.2. PIN

Contact exchange requests MAY be authenticated by a PIN code. Initial contact exchange requests SHOULD include a PIN code value that can be used to authenticate a response (if given). PIN codes MAY also be exchanged out of band.

A MessageContact authenticated by means of a PIN code is authenticated as described in the PIN Interaction section above.

8.3.3. EARL

A MessageContact message MAY be published as an EARL. This allows contact data to be presented to the recipient on a printed document such as a business card in machine readable format such as a QR code.

8.4. Group Invitation

The GroupInvitation interaction is used to invite a recipient to join a Mesh Group. The interaction is essentially a form of contact exchange except that a sender SHOULD NOT send group invitations unless there is an existing relationship. Thus the 'first trust' issues intrinsic to the contact exchange interaction do not apply.

The message specifies the group name and the contact entry for the group. The contact entry includes the CapabilityDecryptServiced used to decrypt messages sent to the group when combined with information provided by the threshold service for the group.

Receipt of a GroupInvitation message does not require a response.

>>>> Unfinished ProtocolGroupInvite

Missing example 12

8.5. Confirmation Interaction

The confirmation interaction consists of a RequestConfirmation message from the initiator followed by a ResponseConfirmation from the responder.

The RequestConfirmation message specifies the action that is requested.

The ResponseConfirmation message contains the enveloped RequestConfirmation message signed by the initiator and the disposition of the responder, Accept = true if the request is accepted and Accept = false otherwise.

The service sends out the following request:

{
  "RequestConfirmation":{
    "MessageId":"NDBB-CHFG-OWNI-2WWK-RJI2-KMF7-6AW7",
    "Sender":"console@example.com",
    "Recipient":"alice@example.com",
    "Text":"start"}}

Alice accepts the request and returns the following response:

{
  "ResponseConfirmation":{
    "MessageId":"MBO5-GGWR-XOSQ-M6AO-WRP7-CJWT-V6LN",
    "Sender":"alice@example.com",
    "Recipient":"console@example.com",
    "Request":[{
        "EnvelopeId":"MAWU-5FMM-ZN6O-FXE5-TVC4-LO6I-RJ4D",
        "ContentMetaData":"ewogICJVbmlxdWVJZCI6ICJOREJCLUNIRkctT1
  dOSS0yV1dLLVJKSTItS01GNy02QVc3IiwKICAiTWVzc2FnZVR5cGUiOiAiUmVxdWV
  zdENvbmZpcm1hdGlvbiIsCiAgImN0eSI6ICJhcHBsaWNhdGlvbi9tbW0vb2JqZWN0
  IiwKICAiQ3JlYXRlZCI6ICIyMDIyLTA0LTIwVDE2OjE3OjM5WiJ9",
        "SequenceInfo":{
          "Index":7,
          "TreePosition":6201},
        "Received":"2022-04-20T16:17:39Z"},
      "ewogICJSZXF1ZXN0Q29uZmlybWF0aW9uIjogewogICAgIk1lc3NhZ2VJZC
  I6ICJOREJCLUNIRkctT1dOSS0yV1dLLVJKSTItS01GNy02QVc3IiwKICAgICJTZW5
  kZXIiOiAiY29uc29sZUBleGFtcGxlLmNvbSIsCiAgICAiUmVjaXBpZW50IjogImFs
  aWNlQGV4YW1wbGUuY29tIiwKICAgICJUZXh0IjogInN0YXJ0In19",
      {}
      ],
    "Accept":true}}

9. Device Connection Interactions

Connection of a device to a Mesh Account combines synchronous and asynchronous elements and therefore uses a combination of Mesh Service Protocol and Mesh Messaging interactions.

Four connection interactions are currently defined support connection of devices with different affordances:

Witness Authenticated

For connecting devices that provide data entry and display affordances and are connected to a network. The account the device is to be connected to is entered into the device which displays a witness code. This code is then compared with a code displayed on the administration device to authenticate the request, after which both devices can complete the interaction.

PIN Authenticated

A variation of the Witness Authenticated interaction in which the connection process is initiated by creating a PIN value which is communicated to the device by some out of band means and used to authenticate the connection request.

Dynamic QR Code (PIN) Authenticated

For connecting devices that provide a camera affordance. The user sets the administration device into 'add device' mode, causing a QR code to be displayed. The QR code is scanned by the device being connected after which both devices can complete the interaction. Implementation of this mechanism is identical to the PIN authenticated scheme except that the PIN code is presented to the connecting device by means of a QR code.

Preconfigured (Static QR Code Authenticated)

For connecting devices that have been preconfigured with a device profile identified by means of a QR Code containing an EARL. The QR code is scanned by the administration device after which both devices can complete the interaction.

Each of these interactions provide strong mutual authentication with minimal user effort.

The witness authenticated connection interaction is intended for use in cases in which the device is already connected to a network. The QR code interactions are intended to provide support for acquisition of networking capabilities as part of the connection process. These functions are not currently specified. The Static QR Code Authenticated interaction is intended to support Internet of Things (IoT) devices which provide minimal interaction affordances.

In each case, the objectives of the device connection interaction are the same:

The connection of the device to the Mesh Account is achieved through the creation of the ActivationDevice, ConnectionDevice and CataloguedDevice records described in [draft-hallambaker-mesh-schema]. These are created by the administration device in the third phase of each of the connection interactions described below and acquired by the onboarding device in the fourth phase.

9.1. Witness/PIN Authenticated

The witness authenticated, PIN authenticated, and Dynamic QR code interactions all follow a common interaction pattern.

The Dynamic QR Code (PIN) Authenticated interaction comprises four phases as follows:

Phase 1: Issue of PIN credential (PIN and Dynamic QR code only)

A PIN code is created and registered with the PIN Registration interaction described earlier and transmitted to the user by an out of band communication. In the case of the Dynamic QR code interaction, this is a QR code that is scanned by the connecting device.

Phase 2: Onboarding Device Request to Service

The onboarding device creates a RequestConnect message. In the PIN authenticated and Dynamic QR Code interactions, the RequestConnect is authenticated by the Device Authentication key and the PIN issued earlier. In the Witness Authenticated interaction, it is authenticated by the Device Authentication key alone.

The onboarding device presents the RequestConnect message to the service by means of a Connect operation to the service servicing the account. This results in the exchange of the account and device profiles and the computation of a witness value from the two profile fingerprints and two nonce values specified by the onboarding device and the service. An AcknowledgeConnection message is posted to the Inbound spool of the account and returned to the connecting device.

Phase 3: Administration Device Acceptance

The account holder authenticates RequestConnect message and uses an administrative device to accept or reject the connection request.

If the RequestConnect message has been authenticated by a PIN code, the connection request can be accepted automatically without additional user interaction.

Phase 4: Onboarding Device Completion

The onboarding device periodically polls the service for acceptance of the request by the administration device using the Complete transaction.

The use of the PIN code to authenticate the request message is shown in $$$$.

The PIN code MAY be presented to the onboarding device in any format accepted by the device. Administration MAY support presentation of the account address PIN code as a URI code. Administration devices SHOULD support presentation of the account address PIN code as a QR code containing the corresponding URI.

9.1.1. Phase 1:

Alice> meshman account pin /threshold
PIN=ADFR-TEQU-3HJD-IRND-P4TS-CRBD-NI
 (Expires=2022-04-21T16:17:50Z)

The registration of this PIN value was shown earlier in section $$$

The URI containing the account address and PIN is:

mcu://alice@example.com/ADFR-TEQU-3HJD-IRND-P4TS-CRBD-NI

9.1.2. Phase 2:

The onboarding device scans the QR code to obtain the account address and PIN code. The PIN code is used to authenticate a connection request:

Alice3> meshman device request alice@example.com /pin ^
    ADFR-TEQU-3HJD-IRND-P4TS-CRBD-NI
   Device UDF = MAA3-BQPZ-WWO4-7Q5B-P7AH-FY5C-ATMD
   Witness value = HS22-VO5M-JAG4-RQT4-ROHX-PERK-YYCW

The device generates a RequestConnect message as follows:

{
  "RequestConnection":{
    "MessageId":"NCAA-7UYA-TG2C-6XUC-UG3B-4XGT-OBIE",
    "AuthenticatedData":[{
        "EnvelopeId":"MAA3-BQPZ-WWO4-7Q5B-P7AH-FY5C-ATMD",
        "dig":"S512",
        "ContentMetaData":"ewogICJVbmlxdWVJZCI6ICJNQUEzLUJRUFotV1
  dPNC03UTVCLVA3QUgtRlk1Qy1BVE1EIiwKICAiTWVzc2FnZVR5cGUiOiAiUHJvZml
  sZURldmljZSIsCiAgImN0eSI6ICJhcHBsaWNhdGlvbi9tbW0vb2JqZWN0IiwKICAi
  Q3JlYXRlZCI6ICIyMDIyLTA0LTIwVDE2OjE3OjUxWiJ9"},
      "ewogICJQcm9maWxlRGV2aWNlIjogewogICAgIlByb2ZpbGVTaWduYXR1cm
  UiOiB7CiAgICAgICJVZGYiOiAiTUFBMy1CUVBaLVdXTzQtN1E1Qi1QN0FILUZZNUM
  tQVRNRCIsCiAgICAgICJQdWJsaWNQYXJhbWV0ZXJzIjogewogICAgICAgICJQdWJs
  aWNLZXlFQ0RIIjogewogICAgICAgICAgImNydiI6ICJFZDQ0OCIsCiAgICAgICAgI
  CAiUHVibGljIjogIkU1ZUs0cUkzTVlCeDV4cHR6Y254cEhabnZNQWpTbnJIRjhBbm
  J5cE4tWTZpZlVHblNfTlQKICBfaXFacmdteURLRERDaUFXSkU0R3A4VUEifX19LAo
  gICAgIkVuY3J5cHRpb24iOiB7CiAgICAgICJVZGYiOiAiTUFMVy1RWFg0LUlBREUt
  QTRaWS1HUkZWLTdGUlYtNk5NWiIsCiAgICAgICJQdWJsaWNQYXJhbWV0ZXJzIjoge
  wogICAgICAgICJQdWJsaWNLZXlFQ0RIIjogewogICAgICAgICAgImNydiI6ICJYND
  Q4IiwKICAgICAgICAgICJQdWJsaWMiOiAiWUZ3WmJ6RkNwcmxETk5qSkVsOE5iUDl
  BcVZlNjQzQm1OTkF1b2tIRXVHejFWXzYwVHFyUAogIEU3WVktQlZBTU81Uk1PcUR3
  R3U3WF9xQSJ9fX0sCiAgICAiU2lnbmF0dXJlIjogewogICAgICAiVWRmIjogIk1CS
  zUtSVI0Uy0yR0tWLUZIUlctQkZJNS1SUFJFLUVGT0UiLAogICAgICAiUHVibGljUG
  FyYW1ldGVycyI6IHsKICAgICAgICAiUHVibGljS2V5RUNESCI6IHsKICAgICAgICA
  gICJjcnYiOiAiRWQ0NDgiLAogICAgICAgICAgIlB1YmxpYyI6ICIwNW5DWExwSjl1
  Njh3Q2t1dTRKWjVxTzR0d0o3cTVjaWdPOEJxZzNzX2Z2cXZLcl9SeVk2CiAgMW53Z
  2pIS2FzZ09wWWFxY0RXczY4eWdBIn19fSwKICAgICJBdXRoZW50aWNhdGlvbiI6IH
  sKICAgICAgIlVkZiI6ICJNRFdMLVNMNEItS1dDVy1XM1hVLTZJS1otUUZPVS1BRVd
  aIiwKICAgICAgIlB1YmxpY1BhcmFtZXRlcnMiOiB7CiAgICAgICAgIlB1YmxpY0tl
  eUVDREgiOiB7CiAgICAgICAgICAiY3J2IjogIlg0NDgiLAogICAgICAgICAgIlB1Y
  mxpYyI6ICJ0dTc0QVZLYUp1ZGRmM1JEcmZ0aWI0a2VtOVN4MGE3czAtQXVKUzNRbE
  hIc1d6VllWTmZKCiAgR0c3WF9NN1dKRlpEaFQxTjU0YUU4ZFdBIn19fX19",
      {
        "signatures":[{
            "alg":"S512",
            "kid":"MAA3-BQPZ-WWO4-7Q5B-P7AH-FY5C-ATMD",
            "signature":"vOufdCB_9HT6I8aarXvmmOyNSl-w-xyJ9lDjAEE7
  76793vl1LkEFYsB5bh6ydW6itfx7wtyI5h2AYah4BosKBPeG5qfIVX0bD_BHzH3wm
  _pYThtpZRGUd_CLlGIyqZi-dj6pra-RatoCDbBdKIgPCTIA"}
          ],
        "PayloadDigest":"lrcVgAlxiwM7iaclmB4lQO-d1qIYWoilGa2AnxAq
  VJOSNHtc8NDZnGwUyg6b6lZlzoVgQRNgOdGQaVqW6sNf1Q"}
      ],
    "ClientNonce":"gZFH1LZNoACm0-x0tg28yA",
    "PinId":"ACKJ-BKB3-J77B-G7HZ-DFKS-E26L-NHXW",
    "PinWitness":"hv6xvNXOspA9MN4YVkNb58P5Bwr1WCy5OA6gtPxy0LqP-_l
  vReHSp1D5MubPtMYnrSrEcGebQrevBGB96ngkZg",
    "AccountAddress":"alice@example.com"}}

The service receives the conenct request and authenticates the message under the device key. The service cannot authenticate the message under the PIN code because that is not know to the service as the service cannot decrypt the local spool.

Having authenticated the connect request, the service generates a random nonce value. The random nonce together with the device and account profiles are used to calculate the witness value.

The AcknowledgeConnection message is created by the service:

{
  "AcknowledgeConnection":{
    "MessageId":"HS22-VO5M-JAG4-RQT4-ROHX-PERK-YYCW",
    "EnvelopedRequestConnection":[{
        "EnvelopeId":"MBHZ-QYVP-T5DQ-FQAP-AWD4-FLMO-ZZJT",
        "ContentMetaData":"ewogICJVbmlxdWVJZCI6ICJOQ0FBLTdVWUEtVE
  cyQy02WFVDLVVHM0ItNFhHVC1PQklFIiwKICAiTWVzc2FnZVR5cGUiOiAiUmVxdWV
  zdENvbm5lY3Rpb24iLAogICJjdHkiOiAiYXBwbGljYXRpb24vbW1tL29iamVjdCIs
  CiAgIkNyZWF0ZWQiOiAiMjAyMi0wNC0yMFQxNjoxNzo1MVoifQ"},
      "ewogICJSZXF1ZXN0Q29ubmVjdGlvbiI6IHsKICAgICJNZXNzYWdlSWQiOi
  AiTkNBQS03VVlBLVRHMkMtNlhVQy1VRzNCLTRYR1QtT0JJRSIsCiAgICAiQXV0aGV
  udGljYXRlZERhdGEiOiBbewogICAgICAgICJFbnZlbG9wZUlkIjogIk1BQTMtQlFQ
  Wi1XV080LTdRNUItUDdBSC1GWTVDLUFUTUQiLAogICAgICAgICJkaWciOiAiUzUxM
  iIsCiAgICAgICAgIkNvbnRlbnRNZXRhRGF0YSI6ICJld29nSUNKVmJtbHhkV1ZKWk
  NJNklDSk5RVUV6TFVKUlVGb3RWMWRQTkMwCiAgM1VUVkNMVkEzUVVndFJsazFReTF
  CVkUxRUlpd0tJQ0FpVFdWemMyRm5aVlI1Y0dVaU9pQWlVSEp2Wm1sc1oKICBVUmxk
  bWxqWlNJc0NpQWdJbU4wZVNJNklDSmhjSEJzYVdOaGRHbHZiaTl0YlcwdmIySnFaV
  04wSWl3S0lDQQogIGlRM0psWVhSbFpDSTZJQ0l5TURJeUxUQTBMVEl3VkRFMk9qRT
  NPalV4V2lKOSJ9LAogICAgICAiZXdvZ0lDSlFjbTltYVd4bFJHVjJhV05sSWpvZ2V
  3b2dJQ0FnSWxCeWIyWgogIHBiR1ZUYVdkdVlYUjFjbVVpT2lCN0NpQWdJQ0FnSUNK
  VlpHWWlPaUFpVFVGQk15MUNVVkJhTFZkWFR6UXROCiAgMUUxUWkxUU4wRklMVVpaT
  lVNdFFWUk5SQ0lzQ2lBZ0lDQWdJQ0pRZFdKc2FXTlFZWEpoYldWMFpYSnpJam8KIC
  BnZXdvZ0lDQWdJQ0FnSUNKUWRXSnNhV05MWlhsRlEwUklJam9nZXdvZ0lDQWdJQ0F
  nSUNBZ0ltTnlkaUk2SQogIENKRlpEUTBPQ0lzQ2lBZ0lDQWdJQ0FnSUNBaVVIVmli
  R2xqSWpvZ0lrVTFaVXMwY1VrelRWbENlRFY0Y0hSCiAgNlkyNTRjRWhhYm5aTlFXc
  FRibkpJUmpoQmJtSjVjRTR0V1RacFpsVkhibE5mVGxRS0lDQmZhWEZhY21kdGUKIC
  BVUkxSRVJEYVVGWFNrVTBSM0E0VlVFaWZYMTlMQW9nSUNBZ0lrVnVZM0o1Y0hScGI
  yNGlPaUI3Q2lBZ0lDQQogIGdJQ0pWWkdZaU9pQWlUVUZNVnkxUldGZzBMVWxCUkVV
  dFFUUmFXUzFIVWtaV0xUZEdVbFl0Tms1TldpSXNDCiAgaUFnSUNBZ0lDSlFkV0pzY
  VdOUVlYSmhiV1YwWlhKeklqb2dld29nSUNBZ0lDQWdJQ0pRZFdKc2FXTkxaWGwKIC
  BGUTBSSUlqb2dld29nSUNBZ0lDQWdJQ0FnSW1OeWRpSTZJQ0pZTkRRNElpd0tJQ0F
  nSUNBZ0lDQWdJQ0pRZAogIFdKc2FXTWlPaUFpV1VaM1dtSjZSa053Y214RVRrNXFT
  a1ZzT0U1aVVEbEJjVlpsTmpRelFtMU9Ua0YxYjJ0CiAgSVJYVkhlakZXWHpZd1ZIR
  nlVQW9nSUVVM1dWa3RRbFpCVFU4MVVrMVBjVVIzUjNVM1dGOXhRU0o5Zlgwc0MKIC
  BpQWdJQ0FpVTJsbmJtRjBkWEpsSWpvZ2V3b2dJQ0FnSUNBaVZXUm1Jam9nSWsxQ1N
  6VXRTVkkwVXkweVIwdAogIFdMVVpJVWxjdFFrWkpOUzFTVUZKRkxVVkdUMFVpTEFv
  Z0lDQWdJQ0FpVUhWaWJHbGpVR0Z5WVcxbGRHVnljCiAgeUk2SUhzS0lDQWdJQ0FnS
  UNBaVVIVmliR2xqUzJWNVJVTkVTQ0k2SUhzS0lDQWdJQ0FnSUNBZ0lDSmpjblkKIC
  BpT2lBaVJXUTBORGdpTEFvZ0lDQWdJQ0FnSUNBZ0lsQjFZbXhwWXlJNklDSXdOVzV
  EV0V4d1NqbDFOamgzUQogIDJ0MWRUUktXalZ4VHpSMGQwbzNjVFZqYVdkUE9FSnha
  ek56WDJaMmNYWkxjbDlTZVZrMkNpQWdNVzUzWjJwCiAgSVMyRnpaMDl3V1dGeFkwU
  lhjelk0ZVdkQkluMTlmU3dLSUNBZ0lDSkJkWFJvWlc1MGFXTmhkR2x2YmlJNkkKIC
  BIc0tJQ0FnSUNBZ0lsVmtaaUk2SUNKTlJGZE1MVk5NTkVJdFMxZERWeTFYTTFoVkx
  UWkpTMW90VVVaUFZTMQogIEJSVmRhSWl3S0lDQWdJQ0FnSWxCMVlteHBZMUJoY21G
  dFpYUmxjbk1pT2lCN0NpQWdJQ0FnSUNBZ0lsQjFZCiAgbXhwWTB0bGVVVkRSRWdpT
  2lCN0NpQWdJQ0FnSUNBZ0lDQWlZM0oySWpvZ0lsZzBORGdpTEFvZ0lDQWdJQ0EKIC
  BnSUNBZ0lsQjFZbXhwWXlJNklDSjBkVGMwUVZaTFlVcDFaR1JtTTFKRWNtWjBhV0k
  wYTJWdE9WTjRNR0UzYwogIHpBdFFYVktVek5SYkVoSWMxZDZWbGxXVG1aS0NpQWdS
  MGMzV0Y5Tk4xZEtSbHBFYUZReFRqVTBZVVU0WkZkCiAgQkluMTlmWDE5IiwKICAgI
  CAgewogICAgICAgICJzaWduYXR1cmVzIjogW3sKICAgICAgICAgICAgImFsZyI6IC
  JTNTEyIiwKICAgICAgICAgICAgImtpZCI6ICJNQUEzLUJRUFotV1dPNC03UTVCLVA
  3QUgtRlk1Qy1BVE1EIiwKICAgICAgICAgICAgInNpZ25hdHVyZSI6ICJ2T3VmZENC
  XzlIVDZJOGFhclh2bW1PeU5TbC13LXh5SjlsRGpBRUU3NzY3OTN2bDFMCiAga0VGW
  XNCNWJoNnlkVzZpdGZ4N3d0eUk1aDJBWWFoNEJvc0tCUGVHNXFmSVZYMGJEX0JIek
  gzd21fcFlUaHQKICBwWlJHVWRfQ0xsR0l5cVppLWRqNnByYS1SYXRvQ0RiQmRLSWd
  QQ1RJQSJ9XSwKICAgICAgICAiUGF5bG9hZERpZ2VzdCI6ICJscmNWZ0FseGl3TTdp
  YWNsbUI0bFFPLWQxcUlZV29pbEdhMkFueEFxVkpPU04KICBIdGM4TkRabkd3VXlnN
  mI2bFpsem9WZ1FSTmdPZEdRYVZxVzZzTmYxUSJ9XSwKICAgICJDbGllbnROb25jZS
  I6ICJnWkZIMUxaTm9BQ20wLXgwdGcyOHlBIiwKICAgICJQaW5JZCI6ICJBQ0tKLUJ
  LQjMtSjc3Qi1HN0haLURGS1MtRTI2TC1OSFhXIiwKICAgICJQaW5XaXRuZXNzIjog
  Imh2Nnh2TlhPc3BBOU1ONFlWa05iNThQNUJ3cjFXQ3k1T0E2Z3RQeHkwTHFQLV9sd
  gogIFJlSFNwMUQ1TXViUHRNWW5yU3JFY0dlYlFyZXZCR0I5Nm5na1pnIiwKICAgIC
  JBY2NvdW50QWRkcmVzcyI6ICJhbGljZUBleGFtcGxlLmNvbSJ9fQ"
      ],
    "ServerNonce":"TxNcq2rNIK8BgGbwmyCcBw",
    "Witness":"HS22-VO5M-JAG4-RQT4-ROHX-PERK-YYCW"}}

The AcknowledgeConnection message is appended to the Inbound spool of the account to which connection was requested so that the user can approve the request. The ConnectResponse message is returned to the device containing the AcknowledgeConnection message and the profile of the account.

The device generates the witness value, verifies it against the value provided by the server and presents it to the user as seen in the console example above.

9.1.3. Phase 3:

The user synchronizes their pending messages:

Alice> meshman message pending
MessageID: HS22-VO5M-JAG4-RQT4-ROHX-PERK-YYCW
        Connection Request::
        MessageID: HS22-VO5M-JAG4-RQT4-ROHX-PERK-YYCW
        To:  From:
        Device:  MAA3-BQPZ-WWO4-7Q5B-P7AH-FY5C-ATMD
        Witness: HS22-VO5M-JAG4-RQT4-ROHX-PERK-YYCW
MessageID: NDBB-CHFG-OWNI-2WWK-RJI2-KMF7-6AW7
        Confirmation Request::
        MessageID: NDBB-CHFG-OWNI-2WWK-RJI2-KMF7-6AW7
        To: alice@example.com From: console@example.com
        Text: start
Alice> meshman account sync /auto

The administration device determines that the device connection request is authenticated by a PIN code. The PIN code is retrieved and the message authenticated. This is shown in the PIN registration interation example in section $$$ above.

Bug: This command is currently showing superflous pending messages due to the failure to clear messages processed in earlier examples.

The Cataloged device record is created from the public key values corresponding to the combination of the public keys in the device profile and those defined by the activation.

This is returned to the onboarding device by wrapping it in a RespondConnection message posted to the local spool of the account.

{
  "RespondConnection":{
    "MessageId":"MCXK-BPYI-YM5Y-N4LL-SFZV-FXIC-AHX2",
    "Result":"Accept",
    "CatalogedDevice":{
      "DeviceUdf":"MAA3-BQPZ-WWO4-7Q5B-P7AH-FY5C-ATMD",
      "EnvelopedProfileUser":[{
          "EnvelopeId":"MAMQ-ETEA-JBL3-6UKE-LRNT-DGC3-OIDF",
          "dig":"S512",
          "ContentMetaData":"ewogICJVbmlxdWVJZCI6ICJNQU1RLUVURUEt
  SkJMMy02VUtFLUxSTlQtREdDMy1PSURGIiwKICAiTWVzc2FnZVR5cGUiOiAiUHJvZ
  mlsZVVzZXIiLAogICJjdHkiOiAiYXBwbGljYXRpb24vbW1tL29iamVjdCIsCiAgIk
  NyZWF0ZWQiOiAiMjAyMi0wNC0yMFQxNjoxNzoxN1oifQ"},
        "ewogICJQcm9maWxlVXNlciI6IHsKICAgICJQcm9maWxlU2lnbmF0dXJl
  IjogewogICAgICAiVWRmIjogIk1BTVEtRVRFQS1KQkwzLTZVS0UtTFJOVC1ER0MzL
  U9JREYiLAogICAgICAiUHVibGljUGFyYW1ldGVycyI6IHsKICAgICAgICAiUHVibG
  ljS2V5RUNESCI6IHsKICAgICAgICAgICJjcnYiOiAiRWQ0NDgiLAogICAgICAgICA
  gIlB1YmxpYyI6ICJuaTg1UWphTTh3VTV2Um9LbXdueEQwRjljNFNLMzAzTWswR2Fk
  NVdsSjhoZ0JpWVd3OW9OCiAgem1pMzJzdzhYQW1lcjZVTTBTb1RjMjRBIn19fSwKI
  CAgICJBY2NvdW50QWRkcmVzcyI6ICJhbGljZUBleGFtcGxlLmNvbSIsCiAgICAiU2
  VydmljZVVkZiI6ICJNRFNLLUVVSFMtUVhHRC1MS09GLUFWQzctVjJSSC1MVjZaIiw
  KICAgICJFc2Nyb3dFbmNyeXB0aW9uIjogewogICAgICAiVWRmIjogIk1CWlAtV1pB
  Wi1CNktRLU1ZWVAtSDdLRC1WVkJBLTdUNlUiLAogICAgICAiUHVibGljUGFyYW1ld
  GVycyI6IHsKICAgICAgICAiUHVibGljS2V5RUNESCI6IHsKICAgICAgICAgICJjcn
  YiOiAiWDQ0OCIsCiAgICAgICAgICAiUHVibGljIjogInRSODVSQ3FXdjgtWDVCazB
  OVTRFVmxqUUZKNTg1Rk5FM1p3eVd6WFNWdEpIaXgwRlo3aloKICBRN3hnOXV1cnc4
  S09LbDVNMFVXN0xMT0EifX19LAogICAgIkFkbWluaXN0cmF0b3JTaWduYXR1cmUiO
  iB7CiAgICAgICJVZGYiOiAiTUJEVi1YWE5ILTJSVUItUkJNWi01Tkc3LUwzQ0QtM1
  RIViIsCiAgICAgICJQdWJsaWNQYXJhbWV0ZXJzIjogewogICAgICAgICJQdWJsaWN
  LZXlFQ0RIIjogewogICAgICAgICAgImNydiI6ICJFZDQ0OCIsCiAgICAgICAgICAi
  UHVibGljIjogIkhVd040UlZoR2N6RmxPbTJiRGNldnZWWXlkNmdqZHEzM1FxVjhVc
  TM5ZEdhc1J6UW45X1AKICBWZ0NCUklfOE1qaXZlclRLZGFhRUkzMkEifX19LAogIC
  AgIkNvbW1vbkVuY3J5cHRpb24iOiB7CiAgICAgICJVZGYiOiAiTURQUi1GSlZXLUd
  LNVotMkxKQS1MTVlWLVhTQ0gtSEUyQyIsCiAgICAgICJQdWJsaWNQYXJhbWV0ZXJz
  IjogewogICAgICAgICJQdWJsaWNLZXlFQ0RIIjogewogICAgICAgICAgImNydiI6I
  CJYNDQ4IiwKICAgICAgICAgICJQdWJsaWMiOiAiNTVqVWttcW4zZ3dHMGIySHpEVn
  UzSGxmNXNPNkdnVmxqX3ZhWUZ3QUVrc0RjTXkzd3l2VQogIHd0OW9qa2VVS1Q2MzA
  0RHdmcmgtVXc4QSJ9fX0sCiAgICAiQ29tbW9uQXV0aGVudGljYXRpb24iOiB7CiAg
  ICAgICJVZGYiOiAiTUJWSS1FV0xPLUVJN0otT1ZBSy1HR1pILTZZSFctWkpTVSIsC
  iAgICAgICJQdWJsaWNQYXJhbWV0ZXJzIjogewogICAgICAgICJQdWJsaWNLZXlFQ0
  RIIjogewogICAgICAgICAgImNydiI6ICJYNDQ4IiwKICAgICAgICAgICJQdWJsaWM
  iOiAiZlRVM1RlQjEtN0s4U1pwbzR0UXhaUHBKQWItX2QzTklkSmhsa3hXYWlab2dK
  UkVLOWFkUAogIGY5S25zNW1xcjExVVRUb0lNaHpmZEphQSJ9fX0sCiAgICAiQ29tb
  W9uU2lnbmF0dXJlIjogewogICAgICAiVWRmIjogIk1BTVAtQlg0Ry1BS0syLVlIUE
  EtSVhKVi1aMktWLVVYQlciLAogICAgICAiUHVibGljUGFyYW1ldGVycyI6IHsKICA
  gICAgICAiUHVibGljS2V5RUNESCI6IHsKICAgICAgICAgICJjcnYiOiAiRWQ0NDgi
  LAogICAgICAgICAgIlB1YmxpYyI6ICJZNi1EMkRiYktsYVZYdkc1WlF3ZUxkNV9rU
  DFFQ0FDUjQwYkRtcGctWTRLczkyRk5lLXV5CiAgc1dVck1fTG1RS09JUGpqcjVMOE
  5PQkVBIn19fX19",
        {
          "signatures":[{
              "alg":"S512",
              "kid":"MAMQ-ETEA-JBL3-6UKE-LRNT-DGC3-OIDF",
              "signature":"FOqGS7sd-l-iXeW0NnWOIUbmJxw0SLBHk_F4VY
  ya8AIu23JVKebgbH-MtSAK_-0FVuXyWcRUdT8AsHeGljsGe7Y9tN4q_NT8tIASs9Z
  sZa4HXUyAB3vOzMuSO6wi5bHehc-zWhkEPZhvdiBMcizkODYA"}
            ],
          "PayloadDigest":"pbnx3FGeWuZWOrANRD5vo3UYnkZRpHGmpLwSWV
  JnsNZ4SFe4qVn-hfNrZ557hnJhp4aD7EN2p6B7IVNMmuK_9w"}
        ],
      "EnvelopedProfileDevice":[{
          "EnvelopeId":"MAA3-BQPZ-WWO4-7Q5B-P7AH-FY5C-ATMD",
          "dig":"S512",
          "ContentMetaData":"ewogICJVbmlxdWVJZCI6ICJNQUEzLUJRUFot
  V1dPNC03UTVCLVA3QUgtRlk1Qy1BVE1EIiwKICAiTWVzc2FnZVR5cGUiOiAiUHJvZ
  mlsZURldmljZSIsCiAgImN0eSI6ICJhcHBsaWNhdGlvbi9tbW0vb2JqZWN0IiwKIC
  AiQ3JlYXRlZCI6ICIyMDIyLTA0LTIwVDE2OjE3OjUxWiJ9"},
        "ewogICJQcm9maWxlRGV2aWNlIjogewogICAgIlByb2ZpbGVTaWduYXR1
  cmUiOiB7CiAgICAgICJVZGYiOiAiTUFBMy1CUVBaLVdXTzQtN1E1Qi1QN0FILUZZN
  UMtQVRNRCIsCiAgICAgICJQdWJsaWNQYXJhbWV0ZXJzIjogewogICAgICAgICJQdW
  JsaWNLZXlFQ0RIIjogewogICAgICAgICAgImNydiI6ICJFZDQ0OCIsCiAgICAgICA
  gICAiUHVibGljIjogIkU1ZUs0cUkzTVlCeDV4cHR6Y254cEhabnZNQWpTbnJIRjhB
  bmJ5cE4tWTZpZlVHblNfTlQKICBfaXFacmdteURLRERDaUFXSkU0R3A4VUEifX19L
  AogICAgIkVuY3J5cHRpb24iOiB7CiAgICAgICJVZGYiOiAiTUFMVy1RWFg0LUlBRE
  UtQTRaWS1HUkZWLTdGUlYtNk5NWiIsCiAgICAgICJQdWJsaWNQYXJhbWV0ZXJzIjo
  gewogICAgICAgICJQdWJsaWNLZXlFQ0RIIjogewogICAgICAgICAgImNydiI6ICJY
  NDQ4IiwKICAgICAgICAgICJQdWJsaWMiOiAiWUZ3WmJ6RkNwcmxETk5qSkVsOE5iU
  DlBcVZlNjQzQm1OTkF1b2tIRXVHejFWXzYwVHFyUAogIEU3WVktQlZBTU81Uk1PcU
  R3R3U3WF9xQSJ9fX0sCiAgICAiU2lnbmF0dXJlIjogewogICAgICAiVWRmIjogIk1
  CSzUtSVI0Uy0yR0tWLUZIUlctQkZJNS1SUFJFLUVGT0UiLAogICAgICAiUHVibGlj
  UGFyYW1ldGVycyI6IHsKICAgICAgICAiUHVibGljS2V5RUNESCI6IHsKICAgICAgI
  CAgICJjcnYiOiAiRWQ0NDgiLAogICAgICAgICAgIlB1YmxpYyI6ICIwNW5DWExwSj
  l1Njh3Q2t1dTRKWjVxTzR0d0o3cTVjaWdPOEJxZzNzX2Z2cXZLcl9SeVk2CiAgMW5
  3Z2pIS2FzZ09wWWFxY0RXczY4eWdBIn19fSwKICAgICJBdXRoZW50aWNhdGlvbiI6
  IHsKICAgICAgIlVkZiI6ICJNRFdMLVNMNEItS1dDVy1XM1hVLTZJS1otUUZPVS1BR
  VdaIiwKICAgICAgIlB1YmxpY1BhcmFtZXRlcnMiOiB7CiAgICAgICAgIlB1YmxpY0
  tleUVDREgiOiB7CiAgICAgICAgICAiY3J2IjogIlg0NDgiLAogICAgICAgICAgIlB
  1YmxpYyI6ICJ0dTc0QVZLYUp1ZGRmM1JEcmZ0aWI0a2VtOVN4MGE3czAtQXVKUzNR
  bEhIc1d6VllWTmZKCiAgR0c3WF9NN1dKRlpEaFQxTjU0YUU4ZFdBIn19fX19",
        {
          "signatures":[{
              "alg":"S512",
              "kid":"MAA3-BQPZ-WWO4-7Q5B-P7AH-FY5C-ATMD",
              "signature":"vOufdCB_9HT6I8aarXvmmOyNSl-w-xyJ9lDjAE
  E776793vl1LkEFYsB5bh6ydW6itfx7wtyI5h2AYah4BosKBPeG5qfIVX0bD_BHzH3
  wm_pYThtpZRGUd_CLlGIyqZi-dj6pra-RatoCDbBdKIgPCTIA"}
            ],
          "PayloadDigest":"lrcVgAlxiwM7iaclmB4lQO-d1qIYWoilGa2Anx
  AqVJOSNHtc8NDZnGwUyg6b6lZlzoVgQRNgOdGQaVqW6sNf1Q"}
        ],
      "EnvelopedConnectionAddress":[{
          "dig":"S512"},
        "e7QRQ29ubmVjdGlvbkFkZHJlc3N7tA5BdXRoZW50aWNhdGlvbnu0EFB1
  YmxpY1BhcmFtZXRlcnN7tA1QdWJsaWNLZXlFQ0RIe7QDY3J2gARYNDQ4tAZQdWJsa
  WOIOSNDtOvoZdilp0s3BTEoNwiSeNFDS6fgsm1L562PMYIp9BvcFfw3bmZ5u3e56H
  OMu23pigwo4Xw5AH19fbQHQWNjb3VudIARYWxpY2VAZXhhbXBsZS5jb219fQ",
        {
          "signatures":[{
              "alg":"S512",
              "kid":"MBDV-XXNH-2RUB-RBMZ-5NG7-L3CD-3THV",
              "signature":"lOsc7e_m2hYgaUEGWInfYztPwhpICudfCGR1H2
  UpRV0KH0SwVpYTnIWX-IuYXMo995PmWEDtYUiAjNmxO-rcC2BhHIW_BGU4YAtVZI8
  cNAgvHOFmDe_wHzEoHce8OruvdQ-lbcZd_fuVjkdHundi1h4A"}
            ]}
        ],
      "EnvelopedConnectionService":[{
          "dig":"S512",
          "ContentMetaData":"ewogICJNZXNzYWdlVHlwZSI6ICJDb25uZWN0
  aW9uU2VydmljZSIsCiAgImN0eSI6ICJhcHBsaWNhdGlvbi9tbW0vb2JqZWN0IiwKI
  CAiQ3JlYXRlZCI6ICIyMDIyLTA0LTIwVDE2OjE3OjUyWiJ9"},
        "e7QRQ29ubmVjdGlvblNlcnZpY2V7tA5BdXRoZW50aWNhdGlvbnu0A1Vk
  ZoAiTUQ0TS1FTEozLUVNN0ItVlZGRC1KRFBCLTdHT1AtT1FJS7QQUHVibGljUGFyY
  W1ldGVyc3u0DVB1YmxpY0tleUVDREh7tANjcnaABFg0NDi0BlB1YmxpY4g5I0O06-
  hl2KWnSzcFMSg3CJJ40UNLp-CybUvnrY8xgin0G9wV_DduZnm7d7noc4y7bemKDCj
  hfDkAfX19fX0",
        {
          "signatures":[{
              "alg":"S512",
              "kid":"MBDV-XXNH-2RUB-RBMZ-5NG7-L3CD-3THV",
              "signature":"wzlcBCqylNLld9M66FWuY2qaUmUarO7Yam6ERb
  iZ0A-Ugo4CALcEVTKLkM8TCy1wApS4mtYJaYAALgDjm-swIPwu2XW1yBWJG-RnLEQ
  ydgSh6d0q6Rt3owHgYKDtzrSiJ_byiDUC7BtdDgz9RSqkbQ8A"}
            ],
          "PayloadDigest":"vYf454z3M4ZljOqIwzvMaVDSbyD-kQ3FZJRD6C
  T_oYFy7fryxi-JQTp9rWU2h8UcsjgA1VS8jeF7ZY3cjYl2Uw"}
        ],
      "EnvelopedConnectionDevice":[{
          "dig":"S512",
          "ContentMetaData":"ewogICJNZXNzYWdlVHlwZSI6ICJDb25uZWN0
  aW9uRGV2aWNlIiwKICAiY3R5IjogImFwcGxpY2F0aW9uL21tbS9vYmplY3QiLAogI
  CJDcmVhdGVkIjogIjIwMjItMDQtMjBUMTY6MTc6NTJaIn0"},
        "e7QQQ29ubmVjdGlvbkRldmljZXu0DkF1dGhlbnRpY2F0aW9ue7QDVWRm
  gCJNRDRNLUVMSjMtRU03Qi1WVkZELUpEUEItN0dPUC1PUUlLtBBQdWJsaWNQYXJhb
  WV0ZXJze7QNUHVibGljS2V5RUNESHu0A2NydoAEWDQ0OLQGUHVibGljiDkjQ7Tr6G
  XYpadLNwUxKDcIknjRQ0un4LJtS-etjzGCKfQb3BX8N25mebt3uehzjLtt6YoMKOF
  8OQB9fX20BVJvbGVzW4AJdGhyZXNob2xkXbQJU2lnbmF0dXJle7QDVWRmgCJNQkFD
  LTVSVU4tNVpZSC1CWVJILVJGTE0tT01NSi1ZTUZStBBQdWJsaWNQYXJhbWV0ZXJze
  7QNUHVibGljS2V5RUNESHu0A2NydoAFRWQ0NDi0BlB1YmxpY4g5qTxrxXDgAwIc2r
  ULk3yjVLsqjDv6cd3CoPyhfB2g2yS9mG2BYN3cHptX-5wjgPksRW2lrLGSt2UAfX1
  9tApFbmNyeXB0aW9ue7QDVWRmgCJNQllQLTJRTkctSUkzNC1NVkJKLUUzREQtSk1V
  Uy1LUlUztBBQdWJsaWNQYXJhbWV0ZXJze7QNUHVibGljS2V5RUNESHu0A2NydoAEW
  DQ0OLQGUHVibGljiDn4tysVgdXulShZAzpKeVaEPT6YI9YrlRwCMN0xnx8czTX8Zx
  73E6j5muo-DFWjZRmvT5f_Ma-m_YB9fX19fQ",
        {
          "signatures":[{
              "alg":"S512",
              "kid":"MBDV-XXNH-2RUB-RBMZ-5NG7-L3CD-3THV",
              "signature":"xm5EIDcUvKJkP3cpdiV85mPygKSW4C_4P440Fw
  oOgzA-Y1IPxh1n_uYmx1Rr6FH7SrTDAZgkgcQAIl17pmwnTt6z-14iolJjKanphGO
  W9ukYzFqJhISIH9IqS0YZFYAxAR04zgZRnVzgX-wPPDFmVzcA"}
            ],
          "PayloadDigest":"k8kjkIqoYDGcg-kLa6UkLuIEP1bL15gkmUUCf7
  bMYXYbC-LcymtnjLMqiUOpWjXPlPCwZkeG6iUmvd3OZoktuw"}
        ],
      "EnvelopedActivationAccount":[{
          "enc":"A256CBC",
          "dig":"S512",
          "kid":"EBQP-6TAN-BTZW-ASDU-VEC6-MFRR-IJWG",
          "Salt":"tXA2e3ZNixmurZ-it2J6KA",
          "recipients":[{
              "kid":"MALW-QXX4-IADE-A4ZY-GRFV-7FRV-6NMZ",
              "epk":{
                "PublicKeyECDH":{
                  "crv":"X448",
                  "Public":"-QKmVKReKKmKkvdonFRJAnEGvT1Qgp8e0_qZq
  -UE0GkEi8zglCyuJ0ai8nKlRedPLagxu_HodpWA"}},
              "wmk":"XzQkcZcOZtfC3N1gWPL3pHVc7Qt_hUHjxRD8xioD0qk_
  O5XaBG_xNg"}
            ],
          "ContentMetaData":"ewogICJNZXNzYWdlVHlwZSI6ICJBY3RpdmF0
  aW9uQWNjb3VudCIsCiAgImN0eSI6ICJhcHBsaWNhdGlvbi9tbW0vb2JqZWN0IiwKI
  CAiQ3JlYXRlZCI6ICIyMDIyLTA0LTIwVDE2OjE3OjUyWiJ9"},
        "E0DRm1t6ESGAXqKtSTn93qShYVVWCBcH1mlGJNasyCsIU8UQukuGP-ih
  V3MeXe9bgq-0_E4yH-53437MTWM_uF33wjPTBexXgvr7w0pM4rZ7YVKOmyJ2vo5-x
  PgAAePJwfRCbsyvGIsyN8YW-c8PifFkWntFh4Es_cWnKw-tXjeMcdWjtu1KJxekNQ
  Cl1wxiMk7HIthQtCQwk2A-JWXQWaXCgOmKtjcl-1V4hR52jpUSiYuLNsRXbXJAkrN
  rZFaG",
        {
          "signatures":[{
              "alg":"S512",
              "kid":"MBDV-XXNH-2RUB-RBMZ-5NG7-L3CD-3THV",
              "signature":"nay6TKbcxU0VmQ7rJVoN_m89pMMlpnKl1lC_-N
  OzKT2mZDPgr7Q5MNwXWigJOngiHcpb_YH2hsuAsVpmwHem5gcuJ378S9UOwKXmgxg
  WKLwkDsAEr3IRqd0LTF0yWqwJ7RpVo-BokZR9xDg0JJxbhyUA",
              "witness":"8cKBTOqU3sGJf_4c7OrpCwar8KKIu6nnw2cvXf3a
  Uzw"}
            ],
          "PayloadDigest":"pDEQGRMpuD0EDYGR_-oxzvovyaQG_uZA9nqexr
  5e8pC1Ha0yu_4pxuQQhAJep2SEfVR2Zs4vqcgsnFY8O5D_3A"}
        ],
      "EnvelopedActivationCommon":[{
          "enc":"A256CBC",
          "dig":"S512",
          "kid":"EBQA-ZOOA-J2XX-OHXS-NQHE-ILCE-25HL",
          "Salt":"He9EoaV4uTzQ25Nsg_ln8Q",
          "recipients":[{
              "kid":"MBYP-2QNG-II34-MVBJ-E3DD-JMUS-KRU3",
              "epk":{
                "PublicKeyECDH":{
                  "crv":"X448",
                  "Public":"GxSFbVOVBE0DIipxDZtGHwxcX8GSewnZPexv0
  ceJMTZEgU1etKaS34ZQ5xzgNvnMLo5sw0xl__uA"}},
              "wmk":"gkANisn2V3yx3tvibNs7qix0IqlQKuRUaHDp-VNBxbr_
  u9u_4ZdnAw"}
            ],
          "ContentMetaData":"ewogICJNZXNzYWdlVHlwZSI6ICJBY3RpdmF0
  aW9uQ29tbW9uIiwKICAiY3R5IjogImFwcGxpY2F0aW9uL21tbS9vYmplY3QiLAogI
  CJDcmVhdGVkIjogIjIwMjItMDQtMjBUMTY6MTc6NTJaIn0"},
        "9oiSbsWFv4Si3bH3IBrWJGWRf7lVk9eiGoPh2exMS7FRERkTdonOFcp_
  7DtkVJ8VfArm-zOMFKQL-0MnNFOmUupHH-1v-8nKegFPOKCApz8ApB6vOlOWdaExm
  TKGmKuXoikgBhzJGPD18eeTxEGrPRtCNnQJ4eRMbY45f4p5bFZ0x02WFa53-tSJK3
  zFnNcswsAMOvlc8bvUcQ7qUNhrju9QlV7-x5AzPyUaXOIXrHLE1G6sbUueaqKSTgn
  8hTmcYpJ3MiCkz7rSPwMghsf9qyRdWOIEQ879LAE-yZuSF7hkNeMdNICvn6bA_T9b
  2WRzZeVgES9fZVJJOPb1DlQxcmXRuwmj4WcuHp-wrW0xgjF1a3GjyEqFemHFUMOJw
  h1QLyLUOrdHfuCN6Er2KjBvbH1p5fNBz7Nym-NcDlSZbUy-TmjDfLW4HCCn2pBXyl
  uXxNTtDRryyUE9Z1q7HV9PhOO3HURvDflLRPXQLSrrzuZwSPotfbRA-WymJtLuBtF
  IOBLJEx09LvqK-XyIPJdk9ari86PyKF_wCoh1ps1fLDN4oc5ko3Qb_7iBJRYiNMnJ
  dJ9lCPDFNMPUMkOK50xa-jRHlX2bUxM4Rycc9T3vsOQqq5k30h18czw6wBgb9TzV_
  33wYqh01lqcEgrG0uXVU057gvEe9-2_-GuaJgiqpYaceo3i9E0IBMsrmUXWhMpfl4
  rESUjHN3pSgRPDjrfPyHKW4MXuETj8MN6RBuPRdwQW0oBk9f9NpnOKFxQqWkRXVNW
  c3Z2Yi-iu77A_5QrOQvIocXhcuC8J4It4wgt6HE18EBhrEGo0htYiXMllDQ8oAAhk
  SceNWzrulxjmz1D0lSA4C5J-km9MsW8IjzJgaGwENj0al9m8E5mULlZmccLBlHQYp
  BdAfxEZybuuELs9v3sB9CE6TtusJrTgYFkR-WITknMIALGF7dcqWcv-i3k-NqOkIp
  XIVIvjyJWyfbdnJ8ocrGA-xZLNCkoxEJC4TBW0Fqh1cWmM2ENOjSfQ1o1yQm_5MMW
  _P5OLpvAjD71WqPJeVsjOkVHQqPtZG8oQIeJQ7-QtTPFEVfrvroNlXdvvyLYWq4ma
  EzG0e4ZX_wNe37lWq_pdzpCNKNCTLaUbc_z_SoVqU7RNNuwAbBqXG2wVU2LU2VSrU
  qcRKV1sitN4TL9YuVOeH6EUZ42koHTSRhrbHgkbsemh6lc0G_XLJGIcETxmBLi9k4
  nriSSeBOb4L_GOoy8uo9GRDzdOFan-GomVDUa8cIQXx0BJ52V_xuqjx3jBHQcsbTX
  8GtIOl4072HbcNryM6z9k6nVxKgcbRlj_feDcDf1-KXT6FC1ojPnGAr1gL8C8mZYv
  657H5rmGbf-dsGuixfW1zyP4IxOTzwMTYv6E4o6YvTPydm1sEHleshXIn-T3UUNGX
  bhIdvcsKNaFLukS8-rYpf-1ms8_U7qyn1na8sff7K3P3d7biLZrsIdoILBqveRdCI
  2irOBE1oobNpezWMHMO4j5jN1ihhvky-um112AwKIcUvgwtlg-7wCkgcEO54FNbDh
  NP2yf7-BZI-NPlB_chFXiyxMObXyyUbTzZ8vV0AjBsZ3bzshR9m4fN2agluqfFg1r
  9fsZr_WIr-bvHk2MF11v-hp_4NF6Ga9kppgfHYZr0Cdnff2-ocP8e5kzD4ybYmqvZ
  dGm22AbUZP3UKmK4G-zM80AHJJQoCxfVYyETaEcSRyhyiEs9sJHIKvSUO2VE9nmkb
  h0ZAH1TUdWJnBzmW4cmGA5g2CpD-4oiF_4XFf7i7oIoz_rrgVTWQE_p0E9fJmo_Mv
  lbSb7WmOzTnaFBgMCDRyZDTcsjXpkHX9n0FLDVNbnVcMvsV4DaP6R773CE3V2YowL
  JYLiu3BkTUf8yKLrPEk1vVH1nyBk-TVPodAlqOzEOVyfSDG3KxxE5l1k553ENPlys
  C-O4rmrkraKhh9tz51i6Uk86oAkzUztwrHVrvrg4vWIIqNKW6a0pH6ITGCAGu72qW
  8RfCE8xqQrG0Xq2gWKopAIqb-jtVrY41sEge3Tn0N9DxgKu_7FJovyA2UO5Sq_-BI
  ZzY28tpgnYnVsz5zR2JReacy1rBthkI18_iOSUHPqN87ltfWLWWtiehHWG_AellNs
  Ou6_o1jsx5iRkI1ppPXio7EKpNd7gISZaT2iCaWylcrxCQPHu_TDmGDhCE93WF6pa
  mfRYU4gKN1aAVIcJLSJSJlp7k72AxJcKFfyxLvBdJZeXZ_JbpWLyprX1nayuuMYv9
  rAQDiAN3MuoyzwzyTyOecM0dwK4RLADs9QsriTVvTVLUGlw-qV2wGua66JqsMIF5B
  PEalc1G3_K-hV_VrPKWxCOCtBB8-Y0qJcUMjRFXlGElwZ8VrANX7b9_ynEUjg9H1l
  _1leuw1yay2iyqEw369HNC_jcGbi6MoqyIR4uVuyI59nWY5VXI7vn8sYqNBr8zuZR
  MJY1yqcWvoUoeiuHZpU5yxOrSdMA-iGyy5NqtBrMdmP42co8xLCj1SjXi9XcpjP8N
  d3Z695iumU8YEOOY6fm6_EfDA390e8X4AJZ25FkvUPBI6YQT8NR0lqZrgwIF1FaPj
  Wlk9M3IrGMlrnH2FJDH-X8rEFCJJShxSD6sipr-eCTATgMIdPteXWgHo2WAVGrBwd
  pHJ3lQsAIju3fy7TEto45RveVo2mTIrxdqvlddiGehLNMmm-0i_TlIYe8TcIorP8m
  c6lOhL8InRrCLruR_PAH-gbwWnfZ1qBviaRnoSzoAyyVm9Q443kF5KxC-If_Hj5Jj
  TEqRJm7PADg2h44rFrz3TOHNCqDnVOxaj_tHB_L9l5sxbufkoMBxfT9DVbr8ao8WO
  yq-g1l0vk38aG5s3Bq7T5XVvoawcxE2030yQ2vPKUSj6XFBijpxwXWTN4_LByHt3_
  oRWRngOIjV2yvjSodZjPn4lwlPhpkvAwVWHeGdoS1w86itxSs5KgDKzHL7jWbMRxi
  1-1pD689M5pHPsX5ok61ik0q1N3eBA3InJKFfQWeycimqv7OxsxC5HtDP7y9ny176
  Z5nEIDr1M6OzQY19bKGaPTLCgjLznBuA744LgMMZSJEQeG2G0u_Li0hyWFJ8b7HrZ
  N-KcuXjsmeuNIJEObEzICz6JeXQeIWWRwk_W6TTOfAT8SO6K-ir11NsxPAt7DKFCp
  mqGAeENrk6TL8Lvb47l1tCLAprBX2BXa9zITPPhOrxkChxBJdwNH0K8Y8ZE0tCYpW
  8E5PvRKdZt7R7CnFK4jzqM0MHwEdRU9QHXhSZC2LsYxMoAWlI4ukmwtJJaXFdnfJR
  jBB7S_7G9iaEcIOU5nBMk1hDfEH9cQtHvW6ata5ky6DBx6fEyFxilROAC2GMPv3ye
  FyjJcX6sf7ryCrqp2CY5cgXAIk95L8_QXwDX1TmHkj2v-0nojlya6ZIHyHF89wUhp
  FEY8DalGkuetrXut7CzJeX969Gb0Qm0Ij9KCp5gFiwXgoPpbY7GUNSseflN8JjNOf
  X6k_8PXtXB0FyCSsjQuU-C-OOPXJTdSsAzDGV-QB2juuw0fnIXpvfQNqbUBKy13jm
  zeU9V1BkjzelPtximZsR5Ml9m13KvrV7MV9VHtU2l0VHIsUmZYW7bojOoPhyItTtB
  _ED7wgR9Z5NB0rpAwHE56w45SemmYTg7nZM9AoZuqyQSmulaYJHfPAmkCDhVloH-F
  DcoYYwK6LI3ibxLM6zhRgJzb9-VubSdYmrhi1sYoKFsBTkn5D1dV6oympGUx45uBL
  -DG-lYAGS199dq3K91kyOFEZ1tgG1BBKPlDO5ZB7rzLQWdUe-DRq84yq3qJf2Qej-
  nU1K4MsqFvbEsgtWVjZ5XT4Nmu9QJxMwFUzY8PMVK34NkOqGepyUo9zXf-2PAGGAy
  45TQmwNEvitjOc96uMTDJkf4nZINvH0B0BsTftPyO1_QYuikC2qRv3waCZl3W6-R9
  bQpKiTp2AwmmDZs9RBGes7EVx3Av9Fxf06qbAOtXH_uLDl9gbHnwSKV7Sr3Z7vCYH
  -iXjhzOchYf0xCysXPV_pJBueYEJiu6rgRxfjZ-IkXuIbpU4w0kX3f-wnkyZc26L-
  4zuf-liB3x1oxTe0ww1Sid5sceH1cB5JBoEAofo5ciRX84Lropx43mnOM8wQuEIUh
  8ST6MsLxdfVIM_X7gxhyQ2hgOoluiFOQX28VtlQY3HmgjHTKWqma3rBOpkmDtkzDh
  9JY11fQ0vYYzYWGg8X0iU24X8dawj6xf5dE7_E1ejEVsTrD2FZT0WropndhyEjg5G
  fMCYsnnh9V0jU1nHNNtNRFTvpLj-wOgLRGKeU_hZ65gHsT3N4PoIPWSuaD_uNkrYm
  FreVJngAVn-7KsRVXphZ38M-tDvoUct5-63FOEcuzKT-EYrNtAO5o3Akctl3SpaOV
  6YLkyvrwycxw0nGew-XWvnfGcCi7srh27T4h01zc7A3oF6hbJTUFBULFokjVzP7Nj
  3iGW0gOUHMONLrdItB8HSOHXIN8H-c7YI7mZQqNpS6plMgACbhKy9IAYBs9JruoOb
  sCsogur8rKvTAmZQM9m-sfn6hEv2ML1NktzZOCJiJ5xugc_zOyOQgCxpWMs7Qxui5
  GaDh4c7je6WytdnPpv1HhW_CUYkc_EJKnL4GKf0-D0Y3KHdhvVCMefkOQ0ZNplR25
  QtCJs_Mj5ODN1p-2XQWsP-88AwZLT-7v70CNMmjpvYYkYkNf1LPVYFcsfkOyLZIzz
  pebJHbRl07i5FnmKrMBHRSZZR0UChs66t-fMi_fn6CQJNMw-XiMJqcWeqLPfy48On
  ECAjiZ18_MPiHfJkyNZzOzeX4eDNjDBFf0lkhdeS-DiQGhAHW9CxJvP5S2vjdBPVx
  GaDaJNpI3x_EOjee8JS-SHvg4Ib0Kwzg1h288_VWFrXbex3WLGjgA6vAMCy8dZbgJ
  _vcO3G-ItqtStRSeZToL4cr28xFBR8CGi4YX5eb-l6ddU5CE5SLQLgwpbNjhe4vTd
  JW0jYShp9sja26AUXH9sNah7vCbdAULCUmMvU_j5sbur04gecWuiwzh5QRGQ4XF4p
  j9Sy4CI1qF28BYrNBtEAymGEukDG8Acx6KUNYNCqoFKTF3ySOSCobyuWe8JtSkUDi
  yRnkLUTEPo-5PeRAHxbc1e2fBPSYbrshKA3av_2BZggq1uREg0NMrff9Cr2-MUwgI
  MUVwpabycISEPomWhMDsx5CG9AW8EWd5rzAM4ddpqSuI1tyk5C8_7SdtgXg2IvVmR
  fcH2BTIYFxhkxoxv-Bmnt2OylrRkn2P_IuUSiR_eeFFhi5GoLK0iLDgWFRtOSpbU2
  iKWYgbgcTzQrairEGstsN1G2HiLRWeEsSXH1FDT9aA3mNNmYArz2DY6BObLUonAls
  xqSvYbCk0rjy249i42AnT6qYcS2puYxmjvjONSTCaH4q9bVzYei155Y3Qb3siB9HE
  XHVimsdP4Lr4AutyZExQxiImmebV4T23ZDLx5MFu7W040YpD36MszhUcD_4QuB60H
  YeU9SFF9g2KK7CbWGFBaJf25QdYaIAMdKk69gFpPhA3V-I3_fsfJvbHyWDKLeX__6
  Q0hHXaZ9oCt3EG4563n6GE32YIb8_15zYrQBDRJD3vyjzCo2w3bia_mHMRP4cxZ_E
  CmiLqIWIPkFnuA5mezhxpWIiH7-WQf7RzUTWyiX6Ph4730RMPvZFGYV50qAyLDeII
  jxudCLUfSaZH0UoZoLzijJT2pMQIPwZPnUJS62pfRQBmJtaTq-v5xOLwBwaSwJA5n
  PlXLyd4d2zjOaR0wm2rE0ol36amQ86Usl_vA8zKBQm1p12icYK3mI8zHIYMHNqGRw
  _uu0_1WERWT0kbBn2a04vAeYKSeHOlOSGzd31hn2dpQBYODMXUKYsroF4p_40oTfK
  yZNJVRNCNFSsz8eprIRp1kDN--3d5c5ybU9UUQYJArn0-16_NQcieBdC3SYQpXO_M
  wk1WEFWUkFUFJJV3KFKd8iKw_igENGbjHKKcsPQtl5XV2NLNI2Y5oSctspJoQWJJW
  DtMBN1FibbuFpDCB2ojmsPcWWc-zivUAFQbkJxFHrYoBIGCA_Wunjk6RxMFpl-BaB
  YtXVNKncTdsa06l3CujNDSFpe7-gN1SE6Znf6yASnPJjWFsdnXl_59RcRRI7vTpSe
  AAgAwDAEguwoHVM51D66grC66EpcJ9S-XAvAIs0b_87GjEMlV7DQlFF5TXzu5XCc-
  gfMKRhKJ4-xf9sKrZ4csiXughoHU3VnCp4xh4csDJY2gX5fcLdGuNFE_OGW7Jrq9W
  bfsGh9KwFkvzxBPI1QvkxMw1J6_EiattoZdKLL156wdhl9mRiOYqjSBKyUCaZqPSd
  oTRg4kkhHSRdlhI_GGomNK1VZ_8G2aoQNO3eKB4twAdHQwXFfbyhBaLIXJ3pJ_hPz
  PvJbKDO_lqmXd8S4yS1RVkQoCUe1pPXQNMB9JyvKER7lXxmqGZOCeuMdkU1rwkm2X
  3voSiqkrODcYPZin--xC0Lb2rxN_DZ-oP2Lh6qaucOSTRpW1k15V_E8nVa-FRZgYF
  4jr_E4dsZZ2XvVoG4Uv7MFRwF4y87S1rrqs3jamWOKaJdWfRquQkCLktv_9tm8vrj
  HDPBNU2UVvT60URQ2Tii5NHu8y4DSWBq95I00_6uu-BFjpjFiRDOAz1zy-CEuGHaa
  EqqUfuV6pShGCvc8xDnibW3Jh6MIvbN2IduOvjRGDKsCvSehBRENdN9m7Db6AdHVj
  1hbmV1cUv5LJTMYZHKUu2LUE_aLaSdui-Cbw0R6U4wLtC5GxLsTn0nv-9egZ_oYeZ
  0sne-QkZcALn_ETKdLtyDIuPvEEcvYR9awfUS8JJv5BqBUdTbRmPMqgn6u6vtSa3v
  Q7Eu1anOb6eZsJIAgI9guF316r-_KSlQLxyZG7sTmud025TtLpZQRuo_h-EyEfi9a
  njACuIV5C_cmPT4DpKooVdy2RwIyY7r1OvsPeYAM5rVWkbDUJ4QVWtrHphvUvK6i0
  4S9fDOlqgo_VxMopln_du0Jmf9MQKJC0oTrlN8Ng0a6fhqPmJc1zvFSl42aYr1KSv
  p_LF_dFwgoheTxykI_h4CNG6MXP-jvP1OkVamEYhmR8W0SWqSDGpwgNalFjZpRYFi
  cLrAz9CCFSsOVg1DP2gFWovm2hDXcXjp0rCJ9GrNrJLx0LcJzyE1UUardcG0nOgTs
  j25vcNBg5QnO7uvjH9USW5KcYLIlEWg-3KWFvKZHiP7aJ8pqOgtQdPMDMhKk0U3vu
  qW-nBm9o0baM_CvXi_MGvr3asA2bAT2gi7z8V3JAnt_p-mROZfCS1jNW9S3Lz8Tes
  Cf1zMNZfEeX0ggMIHbTexR0edviwhBc9qR1b6oSID2dOnLDhZop2Ncp8uYx0qYTVS
  ZwnmId-5xOlEr8njw0HgyJNqkRJqP5z2fCZRIRpY_zWMxxgD1JK4q1IeB7YE-BsFh
  LT6IV4wdk8NQRiMJCVps593Spu3W835Zhto0GwI8lYnfjRoB6_e4QlQvyVWqeUVSW
  qmZ0QWQjTPpp1UZSyD4qRVO_mI3TFHe83EMj56nNj_UgFWjXAOGXj16I0C1eiqa0i
  9R5EwcPI_lHKUuI8VNTh5eWqBO49CRwO-uf_r3Q-irCnqXLhSxXjWvcCfWnXGIup0
  gWzQixjVkta08piEh0l9PS4TyRB0Yk-IVe6jdrtWNhCCrYmkoyBZFgPvjvDoPYibO
  fm0P6ITI7y4fa8N-Z5c6QDghkh0qOHzfGBJYs-pvXrRttHuS3yIn7nrO2jAZoDLQb
  S1iior4jv_SRZb0KSf8NjkM0lyVfgGVG3y2llan46tg3RYV47ppcPXGlVOsMaxI8I
  yyAw3FgmNFOZpcOnfjDD8edKtZs7QA2NngEn82D2Pxw8a2cX1YFun7UpQhveb8NKL
  5Om3C4hMKDT-zqBKn09iyQDLulRMlhKBpjowJfPVNMnDfweKX6v2LXBvl0Gn0AKUi
  Z2MXuffhj8XcdfH0aCO6YjeDSND-hX1PRLTzOkEzXRQNgJuTbPmAxxZkVQDEmsKVB
  NXf4SXqvz2yOs5K_hcxpmAjD-zRYCqHmKUEQdpBgEbAY_AOM1H8p-AzSfgLnw4LT5
  c-VijUAKHjDg6dP8xB1pdczR1Z_qLJI68AsGaTnjjQ6fVYbmijJwHCY-EIC9lFZrQ
  ysuutS-pOjc17U1X49yNsw_ZpGOZdtnqs3wMEFtEgSWFB8os1rFmxj5tIJfHSabkO
  O04Px03v8BVSjzBYwNpukGsnNM3_tMxNajqlE0ygrMqQjZzWGbt1CHiWAfOY8dyNS
  SOLKsidSQ12CmR1q52r-_MS90eo2ROCyzbwLsRvY45HKBrd4Pdl0VHsp5KY0oFFy9
  yAsg7ZBbq6yyngqZOx9Gatxv1U4XGGsFe--wxhwUzXe-2vYg-QMKUFcOQWXTGs0bb
  1bAlLpY4I3eimsrUxaZniw-2MWk5wQxJM8oePxQRLLnZoRAvoG0yuI4thicJ8Ptcr
  85B5WXNQH-YW8fqdnzRfhXPR0rmcuDyloMspFKmdaXFuJzm3FcXv2MrexjEpNuNYA
  F1U63-GJQDgWkTD0Jqowzt5mOTw",
        {
          "signatures":[{
              "alg":"S512",
              "kid":"MBDV-XXNH-2RUB-RBMZ-5NG7-L3CD-3THV",
              "signature":"X7i49SUdqSGL6_Iu5bVAoDVUS1lAiyn333jJJc
  0P1FNomX2omaYKrpepbsJcYQNXSDkakyPEg_CApF7k07eQvfwKEAhPVtES_NZo4aD
  jK_gtVXa8FY3aqbFrgatOK1PbMcUWOt4qTe--xyJIKhXN2TgA",
              "witness":"p1ZkuXKyRwrlhoSERIoqHGiZ512xE-bOHHVqRqGd
  A5w"}
            ],
          "PayloadDigest":"oWCi5hMAs9B_Jdl23UlB94HG4nmT0F0W-qbvhk
  uV2jULzRUDGFbY3Zz2y2er9QTYCPBCXSV4857a_dgxHMI8ew"}
        ],
      "ApplicationEntries":[{
          "ApplicationEntrySsh":{
            "Identifier":"MCXP-WQVY-RTKQ-ZU6P-VOM4-7U6K-FHXH",
            "EnvelopedActivation":[{
                "enc":"A256CBC",
                "kid":"EBQK-TT6L-J6RL-A3QS-7JY7-HN2D-WI5W",
                "Salt":"muuRM8Csu8YVGXKPgdBskA",
                "recipients":[{
                    "kid":"MBYP-2QNG-II34-MVBJ-E3DD-JMUS-KRU3",
                    "epk":{
                      "PublicKeyECDH":{
                        "crv":"X448",
                        "Public":"pY-ltrx_QDrhpB2nYek4X9G5CLO3u15
  mcqPAbABxFYRZ83lPtMDLGXmo-FFgqe_gN8per0enFOeA"}},
                    "wmk":"mM9Xh0EF5h1q1GwGnK-GK7gblurWYGJ3k4tE2X
  pc8WmMK7ELsOPW_g"}
                  ],
                "ContentMetaData":"ewogICJNZXNzYWdlVHlwZSI6ICJBY3
  RpdmF0aW9uQXBwbGljYXRpb25Tc2giLAogICJjdHkiOiAiYXBwbGljYXRpb24vbW1
  tL29iamVjdCIsCiAgIkNyZWF0ZWQiOiAiMjAyMi0wNC0yMFQxNjoxNzo1MloifQ"},
              "9ie5X_tfEyaX1ndBhH8gPr5TZQlt14MSGgYJR0AUcrBCXYzBYR
  Q_RiekTzkhluV00luMJ60-fjdzkpOyx_0yXr_ClQkn0M6_FAOt8m2zNZPeURJlFsh
  jGDKyne_c243dcLEskczb1TVkxYhBgrYaykksDENRGAy_gH6vXTFV2DFg1N02UVhP
  j-xQ4pcMrqEpWYYPwAT-N8jWezoOnz2-crO5HW-L3qXB2bzdUcomcq82aO7PQdeBI
  oxHmeeMwdWLV9_tXTm6jsUuGyvvQcXbiQZ9uybTboSyb4Tp2fXyHHjfKL8yPtedXP
  _CAqKdwmZ1ogj0p_O6IzPgUBVQBfxhFi73MgDbkcftON5JS0MNn-YNWkF3Sb-UtJS
  2sttpYOX0M6fZfC1-OFCffuSdEs9KxggxOG3xqmhVcHI4OKVF4hzO21AeocmnmW_0
  FyGrYjNozvXKrSYCvdKshHj1ZqqiWVT3xtQsaVr9FF5_IaMaXfFvwHSQei0p6_B3m
  71r_kciGKO2YyoAoyle0rJuIt4enovfPNpm0f29yhe1-lBY0Hhe6Wf7hSK9NffQc2
  TaBXYWPnDRVlqy_HuEW2MS8jt2NGbFULFsqPpcv22eIuB6K6HefzXlvA_IuYla0So
  JBE2Lyd-Nvpp_6YNOpeWvESFnwbE7rBUcmKrtDSZUp5Hi_XPZ1Sj2h2MYmEvwcDfT
  W8bmS7KJR_EvLglnSp8AnnTTfzqO2XnR5aHVNIgyN5mBqiexLE2W4mGD5FfYvypsp
  ARqjCPjZxUMoZXuqFjx10HSdkBALXoDz1hynK0LkdPL9tjlhnm6sSkJYj8xnfamm3
  qO9BNmponRL_3DQXoPGDkkvwRhWHNCnuC8yQJ8JLN0E9o0Vw6sQX9lQpStMaLbom_
  4zvj9rd4Tl-4EyakDiQgb0x6_c8MaNCs7J_GWX_SVbZcdexx-Hm4aCgwZ3jGbSJZs
  2KKAZmHma3E8N5N8n4wXlHoC6cfA0-y2_3hm39LcKYKJ6YfIqBDJIwdL0vzTLq9qZ
  JT7p6ypBxEnHPTIfFbuHmBGKvzMvHTlLQ_IUr0g6Eyxw1LxKBSSI8FPb2h556_O-1
  hNK-ck6lfEe3JWfsniQuqZTXPrfpduwERLOXanZ-_ysE7Cqd7rh5aAp59GBqWAqpF
  meE4iRYJl6AkEy0wacBsAUJwqoAX4lZK3TU3ChJ0Zh3RemmO6ymxJhHdweb70lvSj
  U60goICoXxuRHuGrrcFfY9SbU3Wae6ykbfsRKY7xJGNkchSkSt7JgsInvhdqn8cSr
  KpMgZqrBAb2tKffghOToS9k4txQsLLeYtmmvWK92bRVbvIy_xvEBC5t0c9q8amGd3
  yMkPa71b8fHOd3rRiA8oXLQhrRCpt1t-aPV0xadtYsRl2MbgW8uQst6zhmlWy3XFF
  UfP7l_mWwWr5-RMMp7oEk-Bnts0v6sELpPiOMVHAUvukCPZMdiOiItcZxGshGk27N
  BsJBNwfPUCpSdvvSzjscnWJgZj2L0iOh1Lb5V0ONMrfdhO9IGa4SXs1dNjsgLqW_0
  zi5fYNYNuAm6cr7658dgt43HWXVC_1o9Hz5jdfmpUD6rMyyCc77c-VIVibFLi5yRs
  MWHFVtUu6mW58VJtXz9LRTfaUVKa2dnb4kRU5Bj8O38dTYhXrSrIuPIV4RWyUPMnw
  jCgd9A2TPSqo3NrH11bHgDOHM1peyx1W4lIDyncV4AbSr20YoW6l3ib84YE5uDAPB
  KTb_v3Dy6-dD-7wcjUmI4Q-uXt289kdHqQdw_AbK8Y1uP8fYZSk87kPo9fpE5vR8y
  DHRrRSprsCGBA2s82-7X3nxZ8AqaN3JvAttT2LzMmTW15ITmW70tBjttzlCvuwGE3
  Y1iNHTZFmhRCvLmbzDuMQbhzTXvxmrT4ivY71XVVshjAsHjcv0ss8mSz3CIZWcq_7
  ujoV9fKfu12CwP2FQDiLHb-uvqu25j5rB3mmLQdtBvLc34Nw3qCMUCmmLBvbG2TCd
  i-tOPZARgSRyMWH29zFIC8VCt6hOpj_e_CTZ5qVlDRUNvRtHeDJ8aSOIDrT30lWQa
  7QsdrUTzTo7m4SZ0pftrmavB0s_ImyLP1yGYSL0_PDntuz9aZVQt7LYlwBYm7FP0F
  QDI3FyF7eX6j4HFj2aIT9ZKc-rXGdYJg2GcKwvftIAis_fIuREm5U5JdZp58sB3gg
  NdOpZkN7vBKu6lgMznuldJYUdLZHkMf3-mfNue5dzyAI8TjhOmVxavGxk3sphqHqU
  5zEpL8rhvgGgL7Mveww78tlVni8OhsoYWywwZ9Q9Nwg8BWMHVssMmWxqCOZda-7zw
  o_2uWlhXw4sSp5Bodz2PXBBQDahQPboLQJLWZad7_Ds7Uq-YERfrTp5oL5O5PIF4O
  TXW9eal1qKPYnoohFSUmZYmKtpQ78ul3v0-PYXQywmKeet6EzcgM2txIQh6ceSuP0
  hTMbVXjt0yB3RV5pX3rjtTeqg8hFmEEyKO_0i30nNxh62sdRBzE-mmfc3N3KQqIha
  sRFB31q9V2iifcD26C5mnQTIDnQ2nV_w4DHAudXhko-nJHouAeGhCMNa05I2dhu3x
  4kM2nUDgX6_RHM4dokC0q2SKZZubE27GrC1eDf8RDpKHi1uby_Rkw9q0oCdsLIsW4
  fLCJSvEpMzzS4YqP77ePINAiBNTSOAR_L9dpqkGuGcCL4DykWiA0rGmmnTaw7UG3t
  iVNS7bBdoKdcqORjUlEfVv3AvEZ08k8KZQYB_oA5IoXj0D1G2JHSqYocFIHcvSbqO
  07Mehz6FqBUF4YcbVKIp_QkG8nCuinD_AwPhtNb_EFN0MM3jaEuDVE0XhIfAHnKrk
  BXC6n3_Qprj-nuBxo_Cf-egFPia_gSjbb1PvoFpxATbPlkY_J6Ihv7b6N19MX8gUx
  HwwdCYLtTwHm8vWlKF0N2qGh_VObwrf0YZaJUkd-yaIOknlOrRw0MjytMsi_SEw_-
  9D4Jn6jkdJzbyQD06CX-tPeNGnelVZfJR7X7SGCDC4_ues5Ait9OH1uZT1J_Z58bZ
  HPHqT3S_GawAVwDN6h7A-VZnELXY279obT2uQ4mSjfLnKvM19qREiJxM7vJELYHfb
  DLi2WxX8oR5dYmhgZfAaCRFlO8dcXoZc1aMwthDm_tvq96ZMqTG-KeBr7Br8VHFgK
  Ji_GDWm6y41EDfw0WxQ_m-7sOCKclct-i5om1X3A3A49u5Cf0U08NxLqPDDM2H9_b
  7WQfPmY7EfBNesye6AX_0DKqaIbG0Dlhddnx_s5dOizf5TD2kxAlgPz9BD8EUhj3h
  3p9L559Yj9RnHSPvqY2x_xsbxyPx"
              ]}}
        ]}}}

9.1.4. Phase 4

The device periodically polls for completion of the connection request using the Complete transaction.

To provide a final check on the process, the command line tool presents the UDF of the account profile to which the device has connected if successful:

Alice3> meshman device complete
   Device UDF = MAA3-BQPZ-WWO4-7Q5B-P7AH-FY5C-ATMD
   Account = alice@example.com
   Account UDF = MAMQ-ETEA-JBL3-6UKE-LRNT-DGC3-OIDF
Alice3> meshman account sync

The completion request specifies the witness value for the transaction whose completion is being queried:

{
  "CompleteRequest":{
    "AccountAddress":"alice@example.com",
    "ResponseID":"MCXK-BPYI-YM5Y-N4LL-SFZV-FXIC-AHX2"}}

The Service responds to the complete request by checking to see if an entry has been added to the local spool. If so, this contains the RespondConnection message created by the administration device.

9.2. Preconfigured (Static QR Code)

The preconfigured device connection interaction is used to connect devices that lack affordances such as a display or a keyboard. It is also known as the static QR code interaction because a static QR code printed on the device itself is used to connect it to a user's account.

Future: Note that this interaction is likely to be changed substantially in future revisions of the specification and the Claim/PollClaim mechanism removed and replaced with a messaging based approach.

The interaction has five phases:

Phase 1: Preconfiguration

The device to be onboarded is preconfigured with a ProfileDevice and private key information and a DeviceDescription posted to a publication service. This process is typically performed during manufacture. An EARL providing the ability to locate and decrypt the description is printed on the device itself as a QR code.

Phase 2: Device description acquisition

The administration device acquiring the onboarding device scans the QR code on the device and uses this information to obtain the device description by means of a Claim operation described above as described in the Device Description.

Phase 3: Administration Device Acceptance

This phase is performed in the same manner as the Dynamic QR Code (PIN) Authenticated interaction except that the administration device MAY advise the device that a connection request is being made by additional means described in the device description (e.g. WiFi, Bluetooth).

Phase 4: Poll Claim Notification

When connected to a network, the preconfigured device periodically attempts to poll the connection sources specified to find out if there is a pending request. If a connection request is posted, the device decrypts it to allow it to complete the connection process.

Phase 5: Onboarding Device Completion

This phase is performed in the same manner as the Dynamic QR Code (PIN) Authenticated interaction except that the administration device requires notice that of the pending connection request.

The main differences between this connection interaction and the witness/PIN connection interactions are that the device is preconfigured with the device profile at the time of manufacture and the onboarding device MAY be acquiring network configuration information during the connection process.

9.2.1. Phase 1

The manufacturer preconfigures the device

Maker> meshman device preconfig
Device UDF: MBOB-5GVY-Q43B-KODG-UJ3E-LY7V-36UV
File: EBKG-ED3O-HBHK-ZQGS-EX4H-X22S-X4.medk

This results in the creation of a primary secret which is used to compute a ProfileDevice and corresponding connection records signed by the manufacturer's administrator key.

The data is combined to create a DevicePreconfiguration record that is provisioned to the firmware of the device being preconfigured.

{
  "DevicePreconfigurationPrivate":{
    "EnvelopedProfileDevice":[{
        "EnvelopeId":"MBOB-5GVY-Q43B-KODG-UJ3E-LY7V-36UV",
        "dig":"S512",
        "ContentMetaData":"ewogICJVbmlxdWVJZCI6ICJNQk9CLTVHVlktUT
  QzQi1LT0RHLVVKM0UtTFk3Vi0zNlVWIiwKICAiTWVzc2FnZVR5cGUiOiAiUHJvZml
  sZURldmljZSIsCiAgImN0eSI6ICJhcHBsaWNhdGlvbi9tbW0vb2JqZWN0IiwKICAi
  Q3JlYXRlZCI6ICIyMDIyLTA0LTIwVDE2OjE3OjU3WiJ9"},
      "ewogICJQcm9maWxlRGV2aWNlIjogewogICAgIlByb2ZpbGVTaWduYXR1cm
  UiOiB7CiAgICAgICJVZGYiOiAiTUJPQi01R1ZZLVE0M0ItS09ERy1VSjNFLUxZN1Y
  tMzZVViIsCiAgICAgICJQdWJsaWNQYXJhbWV0ZXJzIjogewogICAgICAgICJQdWJs
  aWNLZXlFQ0RIIjogewogICAgICAgICAgImNydiI6ICJFZDQ0OCIsCiAgICAgICAgI
  CAiUHVibGljIjogIkZXaWlfWUV0VERYNUt6ZUQtLW44QW5LcWlFUFQzODN6YWZPOW
  VFREt0QjNjc2pMa2VaV2UKICBXMjNhQlEtd01pZFVNLVZGX1VsYTFtSUEifX19LAo
  gICAgIkVuY3J5cHRpb24iOiB7CiAgICAgICJVZGYiOiAiTUNLMi1PRlNZLUNBUEot
  RVpVNS1LTzM3LUlJTkMtNkhYTCIsCiAgICAgICJQdWJsaWNQYXJhbWV0ZXJzIjoge
  wogICAgICAgICJQdWJsaWNLZXlFQ0RIIjogewogICAgICAgICAgImNydiI6ICJYND
  Q4IiwKICAgICAgICAgICJQdWJsaWMiOiAiNkNwVFVfWlp1QWE3bENOYkE4ZUs4c2h
  EeUdsQy05YldXckwteFQybTFZNjcwZVpFVzI1NwogIHR2SnREVDFLSTN3aXotaXB0
  bjFBVHBhQSJ9fX0sCiAgICAiU2lnbmF0dXJlIjogewogICAgICAiVWRmIjogIk1CS
  DYtUEQyNy02Tjc2LVIyNTctQlUzTS1CUUpYLVFEQlMiLAogICAgICAiUHVibGljUG
  FyYW1ldGVycyI6IHsKICAgICAgICAiUHVibGljS2V5RUNESCI6IHsKICAgICAgICA
  gICJjcnYiOiAiRWQ0NDgiLAogICAgICAgICAgIlB1YmxpYyI6ICJXV0xIN0hjb0Vl
  SzdhRzMtYWdMdHI2UlltWTJnYWtiekNyWm00aWppWERGbXhWVFJIamJlCiAgaUItV
  1dLOS1JVDQydW5OaHRXRmxPdXdBIn19fSwKICAgICJBdXRoZW50aWNhdGlvbiI6IH
  sKICAgICAgIlVkZiI6ICJNQlRKLU9CNEYtQVlIRC1YQzRJLUpaTkctTUJaVS1ISTN
  HIiwKICAgICAgIlB1YmxpY1BhcmFtZXRlcnMiOiB7CiAgICAgICAgIlB1YmxpY0tl
  eUVDREgiOiB7CiAgICAgICAgICAiY3J2IjogIlg0NDgiLAogICAgICAgICAgIlB1Y
  mxpYyI6ICJWd0hYcHQxdmZKV21zNUNjazluc2dlam92WkxOa1ctcEFxalpHdkdWNW
  5lb0UtcnVyZWJDCiAgaTdYLTR3bnhxbXV4RkxIVHF5cFdJRjhBIn19fX19",
      {
        "signatures":[{
            "alg":"S512",
            "kid":"MBOB-5GVY-Q43B-KODG-UJ3E-LY7V-36UV",
            "signature":"m10FQkPJzhAR2Cg2VfPzvSUt3XyQh0yjgqggXSep
  nwz3NpDWrH6TZLNeO0Gq-moqahTzGn_ZW8aA6vuiuiqtDMy_avBf0g31nDpFyRDk6
  9D5qXBh8Br-4utT_Zxyzz3S2i63FGczDekAZTwZTQoQwTUA"}
          ],
        "PayloadDigest":"-irGyEMwNtkfLTM8Ygprqww7Lr41K_2Recre2O2H
  DP5CyC4VklJfYiDMR8822Sp5oALA-2aqQjDzJKKEt50nhA"}
      ],
    "EnvelopedConnectionDevice":[{
        "dig":"S512",
        "ContentMetaData":"ewogICJNZXNzYWdlVHlwZSI6ICJDb25uZWN0aW
  9uRGV2aWNlIiwKICAiY3R5IjogImFwcGxpY2F0aW9uL21tbS9vYmplY3QiLAogICJ
  DcmVhdGVkIjogIjIwMjItMDQtMjBUMTY6MTc6NTdaIn0"},
      "ewogICJDb25uZWN0aW9uRGV2aWNlIjogewogICAgIkF1dGhlbnRpY2F0aW
  9uIjogewogICAgICAiVWRmIjogIk1DSzItT0ZTWS1DQVBKLUVaVTUtS08zNy1JSU5
  DLTZIWEwiLAogICAgICAiUHVibGljUGFyYW1ldGVycyI6IHsKICAgICAgICAiUHVi
  bGljS2V5RUNESCI6IHsKICAgICAgICAgICJjcnYiOiAiWDQ0OCIsCiAgICAgICAgI
  CAiUHVibGljIjogIjZDcFRVX1padUFhN2xDTmJBOGVLOHNoRHlHbEMtOWJXV3JMLX
  hUMm0xWTY3MGVaRVcyNTcKICB0dkp0RFQxS0kzd2l6LWlwdG4xQVRwYUEifX19LAo
  gICAgIlNpZ25hdHVyZSI6IHsKICAgICAgIlVkZiI6ICJNQkg2LVBEMjctNk43Ni1S
  MjU3LUJVM00tQlFKWC1RREJTIiwKICAgICAgIlB1YmxpY1BhcmFtZXRlcnMiOiB7C
  iAgICAgICAgIlB1YmxpY0tleUVDREgiOiB7CiAgICAgICAgICAiY3J2IjogIkVkND
  Q4IiwKICAgICAgICAgICJQdWJsaWMiOiAiV1dMSDdIY29FZUs3YUczLWFnTHRyNlJ
  ZbVkyZ2FrYnpDclptNGlqaVhERm14VlRSSGpiZQogIGlCLVdXSzktSVQ0MnVuTmh0
  V0ZsT3V3QSJ9fX0sCiAgICAiRW5jcnlwdGlvbiI6IHsKICAgICAgIlVkZiI6ICJNQ
  0syLU9GU1ktQ0FQSi1FWlU1LUtPMzctSUlOQy02SFhMIiwKICAgICAgIlB1YmxpY1
  BhcmFtZXRlcnMiOiB7CiAgICAgICAgIlB1YmxpY0tleUVDREgiOiB7CiAgICAgICA
  gICAiY3J2IjogIlg0NDgiLAogICAgICAgICAgIlB1YmxpYyI6ICI2Q3BUVV9aWnVB
  YTdsQ05iQThlSzhzaER5R2xDLTliV1dyTC14VDJtMVk2NzBlWkVXMjU3CiAgdHZKd
  ERUMUtJM3dpei1pcHRuMUFUcGFBIn19fX19",
      {
        "signatures":[{
            "alg":"S512",
            "kid":"MBGZ-R2AS-DPME-4KOZ-KKF5-WLDO-IBZO",
            "signature":"pe4KEfz7NgyGS4nz7VxBPZNcX04Fnf5EVQXCg4AO
  Z_XDKD3egMEeg5cStZALTB-yOkk44XLobyWAbxbhyeVFif7qZAdZ0hdk-h_o-di3h
  aX-SVPdFpGHXeCeOMaEAfsCOXTb9oSvHqDNLUaRIfq0wiIA"}
          ],
        "PayloadDigest":"oa0Yms70Z_buemEpSstfNdKSVlxUy7NoHKkZv_bA
  9OX9ZJGkB3E4nNBfLG85arEixWQhkxFCwkHLvmInqkjYIQ"}
      ],
    "EnvelopedConnectionService":[{
        "dig":"S512",
        "ContentMetaData":"ewogICJNZXNzYWdlVHlwZSI6ICJDb25uZWN0aW
  9uU2VydmljZSIsCiAgImN0eSI6ICJhcHBsaWNhdGlvbi9tbW0vb2JqZWN0IiwKICA
  iQ3JlYXRlZCI6ICIyMDIyLTA0LTIwVDE2OjE3OjU3WiJ9"},
      "ewogICJDb25uZWN0aW9uU2VydmljZSI6IHsKICAgICJBdXRoZW50aWNhdG
  lvbiI6IHsKICAgICAgIlVkZiI6ICJNQ0syLU9GU1ktQ0FQSi1FWlU1LUtPMzctSUl
  OQy02SFhMIiwKICAgICAgIlB1YmxpY1BhcmFtZXRlcnMiOiB7CiAgICAgICAgIlB1
  YmxpY0tleUVDREgiOiB7CiAgICAgICAgICAiY3J2IjogIlg0NDgiLAogICAgICAgI
  CAgIlB1YmxpYyI6ICI2Q3BUVV9aWnVBYTdsQ05iQThlSzhzaER5R2xDLTliV1dyTC
  14VDJtMVk2NzBlWkVXMjU3CiAgdHZKdERUMUtJM3dpei1pcHRuMUFUcGFBIn19fX1
  9",
      {
        "signatures":[{
            "alg":"S512",
            "kid":"MBGZ-R2AS-DPME-4KOZ-KKF5-WLDO-IBZO",
            "signature":"mGzTozZ5fDt4p9-VSDGwx6b9AUo_YDR9pLwXAj1m
  oN5de75NXuZRdz_ENeTLu1AtEzyYENDaQskAho664biW8I7DuRbNbLJ_AJLXQD99b
  5kiiz1Ljavg1RAdrdfH05TDGHw7eMP5aCEir_o4oS7zjTEA"}
          ],
        "PayloadDigest":"97C6-ryQFiyRF-8NAP9pX7YvJEtcz-hexhvkHgsJ
  2GUEl7yW_-uhclWSu0F7eRrdENFRq8g-qJDXPJTmo8TyEA"}
      ],
    "PrivateKey":{
      "PrivateKeyUDF":{
        "PrivateValue":"ZAAQ-A5KD-OPXN-5E7X-ZXRU-CRYP-B2N2-G6FY-MCO
H-GAIH-72GR-EZXO-LQIM-Z5GA",
        "KeyType":"MeshProfileDevice"}},
    "ConnectUri":"mcu://maker@example.com/EBKG-ED3O-HBHK-ZQGS-EX4H-
X22S-X4"}}

An EARL is created specifying the means by which an administration device can acquire the information required to complete a connection to the device:

QR = {Connect.ConnectEARL}

The preconfigured ProfileDevice is encrypted under the encryption key and published to the location key derived from the EARL.

9.2.2. Phase 2 & 3

The administration device scans the QR code and obtains the Device Description using the Claim operation as shown in section $$$$. The administration device creates the ActivationDevice and CatalogedDevice records and populates the service as before.

Alice> meshman account connect ^
    mcu://maker@example.com/EBKG-ED3O-HBHK-ZQGS-EX4H-X22S-X4 /web

9.2.3. Phase 4

The device polls the publication service until a claim message is returned.

Alice4> meshman device complete
   Device UDF = MBOB-5GVY-Q43B-KODG-UJ3E-LY7V-36UV
   Account = alice@example.com
   Account UDF = MAMQ-ETEA-JBL3-6UKE-LRNT-DGC3-OIDF

9.2.4. Phase 5

Having been advised that an account has published a claim to bind to it, the device posts a connection Complete request to the specified account and completes the connection process as before.

10. Protocol Schema

HTTP Well Known Service Prefix: /.well-known/mmm

Every Mesh Portal Service transaction consists of exactly one request followed by exactly one response. Mesh Service transactions MAY cause modification of the data stored in the Mesh Service or the Mesh itself but do not cause changes to the connection state. The protocol itself is thus idempotent. There is no set sequence in which operations are required to be performed. It is not necessary to perform a Hello transaction prior to any other transaction.

10.1. Request Messages

A Mesh Portal Service request consists of a payload object that inherits from the MeshRequest class. When using the HTTP binding, the request MUST specify the portal DNS address in the HTTP Host field.

10.1.1. Message: MeshRequest

Base class for all request messages.

[No fields]

10.1.2. Message: MeshRequestUser

Base class for all request messages made by a user.

Inherits: MeshRequest
Account: String (Optional)

The fully qualified account name (including DNS address) to which the request is directed.

EnvelopedProfileDevice: Enveloped (Optional)

Device profile of the device making the request.

10.2. Response Messages

A Mesh Portal Service response consists of a payload object that inherits from the MeshResponse class. When using the HTTP binding, the response SHOULD report the Status response code in the HTTP response message. However the response code returned in the payload object MUST always be considered authoritative.

10.2.1. Message: MeshResponse

Base class for all response messages. Contains only the status code and status description fields.

[No fields]

10.3. Imported Objects

The Mesh Service protocol makes use of JSON objects defined in the JOSE Signatgure and Encryption specifications and in the DARE Data At Rest Encryption extensions to JOSE.

10.4. Common Structures

The following common structures are used in the protocol messages:

10.4.1. Structure: KeyValue

Describes a Key/Value structure used to make queries for records matching one or more selection criteria.

Key: String (Optional)

The data retrieval key.

Value: String (Optional)

The data value to match.

10.4.2. Structure: ConstraintsSelect

Specifies constraints to be applied to a search result. These allow a client to limit the number of records returned, the quantity of data returned, the earliest and latest data returned, etc.

Container: String (Optional)

The container to be searched.

IndexMin: Integer (Optional)

Only return objects with an index value that is equal to or higher than the value specified.

IndexMax: Integer (Optional)

Only return objects with an index value that is equal to or lower than the value specified.

NotBefore: DateTime (Optional)

Only data published on or after the specified time instant is requested.

Before: DateTime (Optional)

Only data published before the specified time instant is requested. This excludes data published at the specified time instant.

PageKey: String (Optional)

Specifies a page key returned in a previous search operation in which the number of responses exceeded the specified bounds.

When a page key is specified, all the other search parameters except for MaxEntries and MaxBytes are ignored and the service returns the next set of data responding to the earlier query.

10.4.3. Structure: ConstraintsData

Specifies constraints on the data to be sent.

MaxEntries: Integer (Optional)

Maximum number of entries to send.

BytesOffset: Integer (Optional)

Specifies an offset to be applied to the payload data before it is sent. This allows large payloads to be transferred incrementally.

BytesMax: Integer (Optional)

Maximum number of payload bytes to send.

Header: Boolean (Optional)

Return the entry header

Payload: Boolean (Optional)

Return the entry payload

Trailer: Boolean (Optional)

Return the entry trailer

10.4.4. Structure: PolicyAccount

Describes the account creation policy including constraints on account names, whether there is an open account creation policy, etc.

Minimum: Integer (Optional)

Specifies the minimum length of an account name.

Maximum: Integer (Optional)

Specifies the maximum length of an account name.

InvalidCharacters: String (Optional)

A list of characters that the service does not accept in account names. The list of characters MAY not be exhaustive but SHOULD include any illegal characters in the proposed account name.

10.4.5. Structure: ContainerStatus

Container: String (Optional)
Index: Integer (Optional)
Digest: Binary (Optional)

10.4.6. Structure: ContainerUpdate

Inherits: ContainerStatus
Envelopes: DareEnvelope [0..Many]

The entries to be uploaded.

10.5. Transaction: Hello

Request: HelloRequest
Response: MeshHelloResponse

Report service and version information.

The Hello transaction provides a means of determining which protocol versions, message encodings and transport protocols are supported by the service.

The PostConstraints field MAY be used to advise senders of a maximum size of payload that MAY be sent in an initial Post request.

10.5.1. Message: MeshHelloResponse

ConstraintsUpdate: ConstraintsData (Optional)

Specifies the default data constraints for updates.

ConstraintsPost: ConstraintsData (Optional)

Specifies the default data constraints for message senders.

PolicyAccount: PolicyAccount (Optional)

Specifies the account creation policy

EnvelopedProfileService: Enveloped (Optional)

The enveloped master profile of the service.

EnvelopedProfileHost: Enveloped (Optional)

The enveloped profile of the host.

10.6. Transaction: BindAccount

Request: BindRequest
Response: BindResponse

Request creation of a new service account or group.

Attempt

10.6.1. Message: BindRequest

Request binding of an account to a service address.

Inherits: MeshRequest
AccountAddress: String (Optional)

The service account to bind to.

EnvelopedProfileAccount: Enveloped (Optional)

The signed assertion describing the account.

10.6.2. Message: BindResponse

Inherits: MeshResponse

Reports the success or failure of a Create transaction.

Reason: String (Optional)

Text explaining the status of the creation request.

URL: String (Optional)

A URL to which the user is directed to complete the account creation request.

10.7. Transaction: UnbindAccount

Request: UnbindRequest
Response: UnbindResponse

Request deletion of a service account.

10.7.1. Message: UnbindRequest

Request creation of a new portal account. The request specifies the requested account identifier and the Mesh profile to be associated with the account.

Inherits: MeshRequestUser

[No fields]

10.7.2. Message: UnbindResponse

Inherits: MeshResponse

Reports the success or failure of a Delete transaction.

[No fields]

10.8. Transaction: Connect

Request: ConnectRequest
Response: ConnectResponse

Request information necessary to begin making a connection request.

10.8.1. Message: ConnectRequest

Inherits: MeshRequest
EnvelopedRequestConnection: Enveloped (Optional)

The connection request generated by the client

Rights: String [0..Many]

List of named access rights.

10.8.2. Message: ConnectResponse

Inherits: MeshResponse
EnvelopedAcknowledgeConnection: Enveloped (Optional)

The connection request generated by the client

EnvelopedProfileAccount: Enveloped (Optional)

The user profile that provides the root of trust for this Mesh

10.9. Transaction: Complete

Request: CompleteRequest
Response: CompleteResponse

10.9.1. Message: CompleteRequest

Inherits: StatusRequest
AccountAddress: String (Optional)
ResponseID: String (Optional)

10.9.2. Message: CompleteResponse

Inherits: MeshResponse
EnvelopedRespondConnection: Enveloped (Optional)

The signed assertion describing the result of the connect request

10.10. Transaction: Status

Request: StatusRequest
Response: StatusResponse

10.10.1. Message: StatusRequest

Inherits: MeshRequestUser
DeviceUDF: String (Optional)
ProfileMasterDigest: Binary (Optional)
Catalogs: String [0..Many]
Spools: String [0..Many]

10.10.2. Message: StatusResponse

Inherits: MeshResponse
EnvelopedProfileAccount: Enveloped (Optional)

The account profile providing the root of trust for this account.

EnvelopedCatalogedDevice: Enveloped (Optional)

The catalog device entry

ContainerStatus: ContainerStatus [0..Many]

10.11. Transaction: Download

Request: DownloadRequest
Response: DownloadResponse

Request objects from the specified container with the specified search criteria.

10.11.1. Message: DownloadRequest

Inherits: MeshRequestUser

Request objects from the specified container(s).

A client MAY request only objects matching specified search criteria be returned and MAY request that only specific fields or parts of the payload be returned.

Select: ConstraintsSelect [0..Many]

Specifies constraints to be applied to a search result. These allow a client to limit the number of records returned, the quantity of data returned, the earliest and latest data returned, etc.

ConstraintsPost: ConstraintsData (Optional)

Specifies the data constraints to be applied to the responses.

10.11.2. Message: DownloadResponse

Inherits: MeshResponse

Return the set of objects requested.

Services SHOULD NOT return a response that is disproportionately large relative to the speed of the network connection without a clear indication from the client that it is relevant. A service MAY limit the number of objects returned. A service MAY limit the scope of each response.

Updates: ContainerUpdate [0..Many]

The updated data

10.12. Transaction: Transact

Request: TransactRequest
Response: TransactResponse

Attempt an atomic transaction on the containers and spools associated with an account.

10.12.1. Message: TransactRequest

Inherits: MeshRequestUser

Upload entries to a container. This request is only valid if it is issued by the owner of the account

Updates: ContainerUpdate [0..Many]

The data to be updated

Accounts: String [0..Many]

The account(s) to which the request is directed.

Outbound: Enveloped [0..Many]

The messages to be sent to other accounts

Inbound: Enveloped [0..Many]

Messages to be appended to the user's inbound spool. this is typically used to post notifications to the user to mark messages as having been read or responded to.

Local: Enveloped [0..Many]

Messages to be appended to the user's local spool. This is used to allow connecting devices to collect activation messages before they have connected to the mesh.

10.12.2. Message: TransactResponse

Inherits: MeshResponse

Response to an upload request.

Entries: EntryResponse [0..Many]

The responses to the entries.

ConstraintsData: ConstraintsData (Optional)

If the upload request contains redacted entries, specifies constraints that apply to the redacted entries as a group. Thus the total payloads of all the messages must not exceed the specified value.

10.12.3. Structure: EntryResponse

IndexRequest: Integer (Optional)

The index value of the entry in the request.

IndexContainer: Integer (Optional)

The index value assigned to the entry in the container.

Result: String (Optional)

Specifies the result of attempting to add the entry to a catalog or spool. Valid values for a message are 'Accept', 'Reject'. Valid values for an entry are 'Accept', 'Reject' and 'Conflict'.

ConstraintsData: ConstraintsData (Optional)

If the entry was redacted, specifies constraints that apply to the redacted entries as a group. Thus the total payloads of all the messages must not exceed the specified value.

10.13. Transaction: Post

Request: PostRequest
Response: PostResponse

Request to post to a spool from an external party. The request and response messages are extensions of the corresponding messages for the Upload transaction. It is expected that additional fields will be added as the need arises.

10.13.1. Message: PostRequest

Inherits: MeshRequest
Accounts: String [0..Many]

The account(s) to which the request is directed.

Messages: Enveloped [0..Many]

The messages to be sent to the addresses specified in Accounts.

10.13.2. Message: PostResponse

Inherits: TransactResponse

[No fields]

10.14. Transaction: Claim

Request: ClaimRequest
Response: ClaimResponse

Claim a publication

10.14.1. Message: ClaimRequest

Inherits: MeshRequest
EnvelopedMessageClaim: Enveloped (Optional)

The claim message

10.14.2. Message: ClaimResponse

Inherits: MeshResponse
CatalogedPublication: CatalogedPublication (Optional)

The encrypted device profile

10.15. Transaction: PollClaim

Request: PollClaimRequest
Response: PollClaimResponse

Check party making claim

10.15.1. Message: PollClaimRequest

Inherits: MeshRequest
PublicationId: String (Optional)

The envelope identifier formed from the PublicationId.

TargetAccountAddress: String (Optional)

Account to which the claim is directed

10.15.2. Message: PollClaimResponse

Inherits: MeshResponse
EnvelopedMessage: Enveloped (Optional)

The claim message

10.15.3. Structure: CryptographicOperation

KeyId: String (Optional)

The key identifier

KeyCoefficient: Binary (Optional)

Lagrange coefficient multiplier to be applied to the private key

10.15.4. Structure: CryptographicOperationSign

Inherits: CryptographicOperation
Data: Binary (Optional)

The data to sign

PartialR: Binary (Optional)

Contribution to the R offset.

10.15.5. Structure: CryptographicOperationKeyAgreement

Inherits: CryptographicOperation

[No fields]

10.15.6. Structure: CryptographicOperationGenerate

Inherits: CryptographicOperation

[No fields]

10.15.7. Structure: CryptographicOperationShare

Inherits: CryptographicOperation
Threshold: Integer (Optional)
Shares: Integer (Optional)

10.15.8. Structure: CryptographicResult

Error: String (Optional)

10.15.9. Structure: CryptographicResultKeyAgreement

Inherits: CryptographicResult

[No fields]

10.15.10. Structure: CryptographicResultShare

Inherits: CryptographicResult

[No fields]

10.16. Transaction: Operate

Request: OperateRequest
Response: OperateResponse

Perform a set of cryptographic operations

10.16.1. Message: OperateRequest

Inherits: MeshRequest
AccountAddress: String (Optional)

The service account the capability is bound to

10.16.2. Message: OperateResponse

Inherits: MeshResponse

[No fields]

11. Security Considerations

The security considerations for use and implementation of Mesh services and applications are described in the Mesh Security Considerations guide [draft-hallambaker-mesh-security].

12. IANA Considerations

All the IANA considerations for the Mesh documents are specified in this document

13. Acknowledgements

A list of people who have contributed to the design of the Mesh is presented in [draft-hallambaker-mesh-architecture].

14. Normative References

[draft-hallambaker-jsonbcd]
Hallam-Baker, P., "Binary Encodings for JavaScript Object Notation: JSON-B, JSON-C, JSON-D", Work in Progress, Internet-Draft, draft-hallambaker-jsonbcd-21, , <https://datatracker.ietf.org/doc/html/draft-hallambaker-jsonbcd-21>.
[draft-hallambaker-mesh-architecture]
Hallam-Baker, P., "Mathematical Mesh 3.0 Part I: Architecture Guide", Work in Progress, Internet-Draft, draft-hallambaker-mesh-architecture-19, , <https://datatracker.ietf.org/doc/html/draft-hallambaker-mesh-architecture-19>.
[draft-hallambaker-mesh-rud]
Hallam-Baker, P., "Mathematical Mesh 3.0 Part VI: Reliable User Datagram", Work in Progress, Internet-Draft, draft-hallambaker-mesh-rud-00, , <https://datatracker.ietf.org/doc/html/draft-hallambaker-mesh-rud-00>.
[draft-hallambaker-mesh-schema]
Hallam-Baker, P., "Mathematical Mesh 3.0 Part IV: Schema Reference", Work in Progress, Internet-Draft, draft-hallambaker-mesh-schema-09, , <https://datatracker.ietf.org/doc/html/draft-hallambaker-mesh-schema-09>.
[draft-hallambaker-mesh-security]
Hallam-Baker, P., "Mathematical Mesh 3.0 Part IX Security Considerations", Work in Progress, Internet-Draft, draft-hallambaker-mesh-security-08, , <https://datatracker.ietf.org/doc/html/draft-hallambaker-mesh-security-08>.
[draft-hallambaker-mesh-udf]
Hallam-Baker, P., "Mathematical Mesh 3.0 Part II: Uniform Data Fingerprint.", Work in Progress, Internet-Draft, draft-hallambaker-mesh-udf-15, , <https://datatracker.ietf.org/doc/html/draft-hallambaker-mesh-udf-15>.
[RFC2119]
Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, , <https://www.rfc-editor.org/rfc/rfc2119>.

15. Informative References

[draft-hallambaker-mesh-developer]
Hallam-Baker, P., "Mathematical Mesh: Reference Implementation", Work in Progress, Internet-Draft, draft-hallambaker-mesh-developer-10, , <https://datatracker.ietf.org/doc/html/draft-hallambaker-mesh-developer-10>.