Internet-Draft | Mesh Protocol Reference | April 2022 |
Hallam-Baker | Expires 22 October 2022 | [Page] |
The Mathematical Mesh 'The Mesh' is an end-to-end secure infrastructure that facilitates the exchange of configuration and credential data between multiple user devices. The core protocols of the Mesh are described with examples of common use cases and reference data.¶
[Note to Readers]¶
Discussion of this draft takes place on the MATHMESH mailing list (mathmesh@ietf.org), which is archived at https://mailarchive.ietf.org/arch/search/?email_list=mathmesh.¶
This document is also available online at http://mathmesh.com/Documents/draft-hallambaker-mesh-protocol.html.¶
This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.¶
Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at https://datatracker.ietf.org/drafts/current/.¶
Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."¶
This Internet-Draft will expire on 22 October 2022.¶
Copyright (c) 2022 IETF Trust and the persons identified as the document authors. All rights reserved.¶
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document.¶
This document describes the Mesh Service protocol supported by Mesh Services, an account-based protocol that facilitates exchange of data between devices connected to a Mesh profile and between Mesh accounts.¶
Mesh Service Accounts support the following services:¶
A Mesh Profile MAY be bound to multiple Mesh Service Accounts at the same time but only one Mesh Service Account is considered to be authoritative at a time. Users may add or remove Mesh Service Accounts and change the account designated as authoritative at any time.¶
The Mesh Services are build from a very small set of primitives which provide a surprisingly extensive set of capabilities. These primitives are:¶
Hello
Describes the features and options provided by the service and provides a 'null' transaction which MAY be used to establish an authentication ticket without performing any action,¶
Manage the creation and deletion of accounts at the service.¶
Upload
Support synchronization of Mesh containers between the service (Master) and the connected devices (Replicas).¶
Initiate the process of connecting a device to a Mesh profile from the device itself.¶
Request that a Mesh Message be transferred to one or more Mesh Accounts.¶
Although these functions could in principle be used to replace many if not most existing Internet application protocols, the principal value of any communication protocol lies in the size of the audience it allows them to communicate with. Thus, while the Mesh Messaging service is designed to support efficient and reliable transfer of messages ranging in size from a few bytes to multiple terabytes, the near-term applications of these services will be to applications that are not adequately supported by existing protocols if at all.¶
This section presents the related specifications and standard, the terms that are used as terms of art within the documents and the terms used as requirements language.¶
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2119].¶
The terms of art used in this document are described in the Mesh Architecture Guide [draft-hallambaker-mesh-architecture].¶
The implementation status of the reference code base is described in the companion document [draft-hallambaker-mesh-developer].¶
The Mesh specifies two separate types of protocol interactions:¶
A synchronous protocol supporting interactions between devices and a Mesh Service Host and between Mesh Service hosts.¶
An asynchronous protocol that supports interactions between devices connected to the same account and between accounts.¶
The Mesh Messaging Protocol uses the Mesh Service Protocol as transport. The Mesh Service Protocol in turn makes use of Reliable UDP Datagram (RUD) [draft-hallambaker-mesh-rud] for framing and authentication of individual requests and responses. These RUS packets are in turn exchanged over either HTTPS (i.e. a Web Service) or directly over UDP.¶
Mesh Services MUST support the HTTPS binding and MAY support the UDP binding.¶
A Mesh Service is a minimally trusted service. In particular a user does not need to trust a Mesh service to protect the confidentiality or integrity of most data stored in the account catalogs and spools.¶
Unless the use of the Mesh Service is highly restricted, a user does need to trust the Mesh Service in certain respects:¶
A service could refuse to respond to requests to download data.¶
The use of Merkle Trees limits but does not eliminate the ability of a Mesh Service to respond to requests with stale data.¶
A service could reject requests to post messages to or accept messages from other mesh users.¶
This risk is a necessary consequence of the fact that the Mesh Service Provider is accountable to other Mesh Service Providers for abuse originating from their service.¶
A Mesh Service has knowledge of the number of Mesh Messages being sent and received by its users and the addresses to which they are being sent to or received from.¶
The need to trust the Mesh Service in these respects is mitigated by accountability and the user's ability to change Mesh Service providers at any time they choose with minimal inconvenience.¶
It is possible that some of these risks will be reduced in future versions of the Mesh Service Protocol but it is highly unlikely that these can be eliminated entirely without compromising practicality or efficiency.¶
The design of the Mesh Service model followed a quasi-formal approach in which the system was reduced to schemas which could in principle be rendered in a formal development method but without construction of proofs.¶
Like the contents of Mesh Accounts, a Mesh Service may be represented by a collection of catalogs and spools, for example:¶
Backup of the service MAY be implemented using the same container synchronization mechanism used to synchronize account catalogs and spools.¶
Mesh Services supporting a large number of accounts or large activity volume MAY partition the account catalog between one or more hosts using the usual tiered service model in which a front-end server receives traffic for any account hosted at the server and routes the request to the back-end service that provides the persistence store for that account.¶
In addition, the Mesh Service Protocol supports a 'direct connection' partitioning model in which devices are given a DNS name which MAY allow for direct connection to the persistence host or to a front-end service offering service that is in some way specific to that account.¶
The protocol binding maps the abstract protocol definition specified in this document to the network protocol format.¶
Currently only one protocol binding is specified: JSON-BCD Application Binding [draft-hallambaker-jsonbcd] over Reliable User Datagram (RUD) [draft-hallambaker-mesh-rud].¶
JSON-BCD Application Binding specifies the means by which data types such as 'integer' and 'datetime' etc. given in this document are serialized using JSON/JSON-B encoding.¶
Reliable User Datagram offers a presentation layer over a choice of HTTP or UDP transport.¶
The Mesh Service operations are divided into the following functional groups:¶
Describes the service.¶
Operations used to create, reclaim, and delete accounts.¶
Operations used to synchronize persistence store data across connected devices. [May be replaced in a future revision]¶
Operations used by devices requesting connection to the account.¶
Operations allowing a watched document to be posted to the service and claims made on the document returned to a device.¶
Cryptographic operations, including threshold operations performed by the service.¶
Exchange of messages between Mesh Services.¶
The Hello transaction is used to determine the features supported by the service and obtain the service profile.¶
The request payload only specifies that is is a request for the service description:¶
{ "HelloRequest":{}}¶
The response payload describes the service and the host providing that service:¶
{ "MeshHelloResponse":{ "Status":201, "Version":{ "Major":3, "Minor":0, "Encodings":[{ "ID":["application/json" ]} ]}, "EnvelopedProfileService":[{ "EnvelopeId":"MDSK-EUHS-QXGD-LKOF-AVC7-V2RH-LV6Z", "dig":"S512", "ContentMetaData":"ewogICJVbmlxdWVJZCI6ICJNRFNLLUVVSFMtUV hHRC1MS09GLUFWQzctVjJSSC1MVjZaIiwKICAiTWVzc2FnZVR5cGUiOiAiUHJvZml sZVNlcnZpY2UiLAogICJjdHkiOiAiYXBwbGljYXRpb24vbW1tL29iamVjdCIsCiAg IkNyZWF0ZWQiOiAiMjAyMi0wNC0yMFQxNjoxNzoxNVoifQ"}, "ewogICJQcm9maWxlU2VydmljZSI6IHsKICAgICJQcm9maWxlU2lnbmF0dX JlIjogewogICAgICAiVWRmIjogIk1EU0stRVVIUy1RWEdELUxLT0YtQVZDNy1WMlJ ILUxWNloiLAogICAgICAiUHVibGljUGFyYW1ldGVycyI6IHsKICAgICAgICAiUHVi bGljS2V5RUNESCI6IHsKICAgICAgICAgICJjcnYiOiAiRWQ0NDgiLAogICAgICAgI CAgIlB1YmxpYyI6ICJVdVdEOHF4ZGVxazZweVdrb3o2M3FCcEpQQ2NaT2ItaHlTWV FiX0x4NWZHZllPb1U0Z0I3CiAgVjZWYXVBZkctdUlCREJNcWcxUW1jR1FBIn19fSw KICAgICJTZXJ2aWNlQXV0aGVudGljYXRpb24iOiB7CiAgICAgICJVZGYiOiAiTURB TC1aSTVOLTRVS1otSDZWTC1GMjVLLVBITkYtWlVWQSIsCiAgICAgICJQdWJsaWNQY XJhbWV0ZXJzIjogewogICAgICAgICJQdWJsaWNLZXlFQ0RIIjogewogICAgICAgIC AgImNydiI6ICJYNDQ4IiwKICAgICAgICAgICJQdWJsaWMiOiAiZDNibl8tcUVWd0J NNjlaOTNLYWJuM01xU25jOUdRRGxGVDJfUmN4NXRWUm1lYl9iank3MQogIHZTUlNr M1pQMDREajJjVUJNNEFnci1vQSJ9fX0sCiAgICAiU2VydmljZUVuY3J5cHRpb24iO iB7CiAgICAgICJVZGYiOiAiTUE0Sy1FVkNLLTM2T1otVUhTUS1TSExLLTM2TjMtWV c3TCIsCiAgICAgICJQdWJsaWNQYXJhbWV0ZXJzIjogewogICAgICAgICJQdWJsaWN LZXlFQ0RIIjogewogICAgICAgICAgImNydiI6ICJYNDQ4IiwKICAgICAgICAgICJQ dWJsaWMiOiAiUF9vd1dHdDd3ZHR1dmNzR0NQZlFvOHVGNUNGWEcyUlB3Y1RCbEtac XgwVklmOWhwTWRleQogIHVBalJNRmVFNV8zblJtMHl3TDZ0a1VRQSJ9fX0sCiAgIC AiU2VydmljZVNpZ25hdHVyZSI6IHsKICAgICAgIlVkZiI6ICJNQUMzLVlKU1UtNDJ GMy1CQjRMLVQ0N0gtVkY2TS00SVhNIiwKICAgICAgIlB1YmxpY1BhcmFtZXRlcnMi OiB7CiAgICAgICAgIlB1YmxpY0tleUVDREgiOiB7CiAgICAgICAgICAiY3J2IjogI kVkNDQ4IiwKICAgICAgICAgICJQdWJsaWMiOiAiX3BUMGNtdzY2dWFRYmQwUWhFMT V5VXRtMVVEc2RvWjF6THRHcnFObkRmVGJoUThxVXFEbAogIHBQRzRmc3pJRmE5dml LWUU5MENCQTJFQSJ9fX19fQ", { "signatures":[{ "alg":"S512", "kid":"MDSK-EUHS-QXGD-LKOF-AVC7-V2RH-LV6Z", "signature":"aDhxhPphK2d1smZFTyaCfa-7l0LOty4A0ngIfur5 gbKwsEozM5iTCZHV0HDZIqqnZ0THTzMpcd6AEwBm6SfRfClq1GjA6Eg_nzJkOWKVI v2m0ZWE5RnaIUclvg4lfn7t8NTbof2eryIv9qhR0_uyOgoA"} ], "PayloadDigest":"LJuCRu0W-vSJP0S2lHpEiW_aKliIb3wsYCpXOB5H x8nKOmFzeanUHVWNflPTxwFeoECpDf_-uQ5kI8-61oE_Xw"} ]}}¶
The current revision of the specification is designed for small scale deployments in which the service is provided by a single host. The approach will require revision in future versions to fully support a service being provided by multiple hosts with accounts being transferred between the hosts to allow balancing of load.¶
There are three account management operations:¶
Create an account bound to a service address.¶
Delete an account bound to a service address¶
[TBS] Reclaim an account using a recovered primary secret.¶
The BindAccount operation is used to create User and Group accounts. Currently, these account types are distinct. This may change in future releases.¶
A User Account is bound to a Mesh Service by completing a BindAccount
operation with the service.¶
The BindAccount
transaction is unique in that it can fail to complete for reasons that are outside the scope of the Mesh specifications. Creation of an account might require payment to be made or authentication of the user's credentials. It is thus quite normal for the result of a CreateRequest to be the account being created in an 'on hold' state which can only be changed out of band.¶
If the request is at least partially successful, a BindResponse message is returned. In the case of partial success, a description of the request status and link to a Web page providing further details MAY be returned.¶
The request payload contains all the information needed to create the account:¶
Since there is no Access Catalog until the account is created, the Bind Account request and subsequent requests used to initialize the access catalog for the account MUST be authenticated by the Account Authentication key.¶
Alice requests creation of the account alice@example.com. The request payload is:¶
{ "BindRequest":{ "AccountAddress":"alice@example.com", "EnvelopedProfileAccount":[{ "EnvelopeId":"MAMQ-ETEA-JBL3-6UKE-LRNT-DGC3-OIDF", "dig":"S512", "ContentMetaData":"ewogICJVbmlxdWVJZCI6ICJNQU1RLUVURUEtSk JMMy02VUtFLUxSTlQtREdDMy1PSURGIiwKICAiTWVzc2FnZVR5cGUiOiAiUHJvZml sZVVzZXIiLAogICJjdHkiOiAiYXBwbGljYXRpb24vbW1tL29iamVjdCIsCiAgIkNy ZWF0ZWQiOiAiMjAyMi0wNC0yMFQxNjoxNzoxN1oifQ"}, "ewogICJQcm9maWxlVXNlciI6IHsKICAgICJQcm9maWxlU2lnbmF0dXJlIj ogewogICAgICAiVWRmIjogIk1BTVEtRVRFQS1KQkwzLTZVS0UtTFJOVC1ER0MzLU9 JREYiLAogICAgICAiUHVibGljUGFyYW1ldGVycyI6IHsKICAgICAgICAiUHVibGlj S2V5RUNESCI6IHsKICAgICAgICAgICJjcnYiOiAiRWQ0NDgiLAogICAgICAgICAgI lB1YmxpYyI6ICJuaTg1UWphTTh3VTV2Um9LbXdueEQwRjljNFNLMzAzTWswR2FkNV dsSjhoZ0JpWVd3OW9OCiAgem1pMzJzdzhYQW1lcjZVTTBTb1RjMjRBIn19fSwKICA gICJBY2NvdW50QWRkcmVzcyI6ICJhbGljZUBleGFtcGxlLmNvbSIsCiAgICAiU2Vy dmljZVVkZiI6ICJNRFNLLUVVSFMtUVhHRC1MS09GLUFWQzctVjJSSC1MVjZaIiwKI CAgICJFc2Nyb3dFbmNyeXB0aW9uIjogewogICAgICAiVWRmIjogIk1CWlAtV1pBWi 1CNktRLU1ZWVAtSDdLRC1WVkJBLTdUNlUiLAogICAgICAiUHVibGljUGFyYW1ldGV ycyI6IHsKICAgICAgICAiUHVibGljS2V5RUNESCI6IHsKICAgICAgICAgICJjcnYi OiAiWDQ0OCIsCiAgICAgICAgICAiUHVibGljIjogInRSODVSQ3FXdjgtWDVCazBOV TRFVmxqUUZKNTg1Rk5FM1p3eVd6WFNWdEpIaXgwRlo3aloKICBRN3hnOXV1cnc4S0 9LbDVNMFVXN0xMT0EifX19LAogICAgIkFkbWluaXN0cmF0b3JTaWduYXR1cmUiOiB 7CiAgICAgICJVZGYiOiAiTUJEVi1YWE5ILTJSVUItUkJNWi01Tkc3LUwzQ0QtM1RI ViIsCiAgICAgICJQdWJsaWNQYXJhbWV0ZXJzIjogewogICAgICAgICJQdWJsaWNLZ XlFQ0RIIjogewogICAgICAgICAgImNydiI6ICJFZDQ0OCIsCiAgICAgICAgICAiUH VibGljIjogIkhVd040UlZoR2N6RmxPbTJiRGNldnZWWXlkNmdqZHEzM1FxVjhVcTM 5ZEdhc1J6UW45X1AKICBWZ0NCUklfOE1qaXZlclRLZGFhRUkzMkEifX19LAogICAg IkNvbW1vbkVuY3J5cHRpb24iOiB7CiAgICAgICJVZGYiOiAiTURQUi1GSlZXLUdLN VotMkxKQS1MTVlWLVhTQ0gtSEUyQyIsCiAgICAgICJQdWJsaWNQYXJhbWV0ZXJzIj ogewogICAgICAgICJQdWJsaWNLZXlFQ0RIIjogewogICAgICAgICAgImNydiI6ICJ YNDQ4IiwKICAgICAgICAgICJQdWJsaWMiOiAiNTVqVWttcW4zZ3dHMGIySHpEVnUz SGxmNXNPNkdnVmxqX3ZhWUZ3QUVrc0RjTXkzd3l2VQogIHd0OW9qa2VVS1Q2MzA0R HdmcmgtVXc4QSJ9fX0sCiAgICAiQ29tbW9uQXV0aGVudGljYXRpb24iOiB7CiAgIC AgICJVZGYiOiAiTUJWSS1FV0xPLUVJN0otT1ZBSy1HR1pILTZZSFctWkpTVSIsCiA gICAgICJQdWJsaWNQYXJhbWV0ZXJzIjogewogICAgICAgICJQdWJsaWNLZXlFQ0RI IjogewogICAgICAgICAgImNydiI6ICJYNDQ4IiwKICAgICAgICAgICJQdWJsaWMiO iAiZlRVM1RlQjEtN0s4U1pwbzR0UXhaUHBKQWItX2QzTklkSmhsa3hXYWlab2dKUk VLOWFkUAogIGY5S25zNW1xcjExVVRUb0lNaHpmZEphQSJ9fX0sCiAgICAiQ29tbW9 uU2lnbmF0dXJlIjogewogICAgICAiVWRmIjogIk1BTVAtQlg0Ry1BS0syLVlIUEEt SVhKVi1aMktWLVVYQlciLAogICAgICAiUHVibGljUGFyYW1ldGVycyI6IHsKICAgI CAgICAiUHVibGljS2V5RUNESCI6IHsKICAgICAgICAgICJjcnYiOiAiRWQ0NDgiLA ogICAgICAgICAgIlB1YmxpYyI6ICJZNi1EMkRiYktsYVZYdkc1WlF3ZUxkNV9rUDF FQ0FDUjQwYkRtcGctWTRLczkyRk5lLXV5CiAgc1dVck1fTG1RS09JUGpqcjVMOE5P QkVBIn19fX19", { "signatures":[{ "alg":"S512", "kid":"MAMQ-ETEA-JBL3-6UKE-LRNT-DGC3-OIDF", "signature":"FOqGS7sd-l-iXeW0NnWOIUbmJxw0SLBHk_F4VYya 8AIu23JVKebgbH-MtSAK_-0FVuXyWcRUdT8AsHeGljsGe7Y9tN4q_NT8tIASs9ZsZ a4HXUyAB3vOzMuSO6wi5bHehc-zWhkEPZhvdiBMcizkODYA"} ], "PayloadDigest":"pbnx3FGeWuZWOrANRD5vo3UYnkZRpHGmpLwSWVJn sNZ4SFe4qVn-hfNrZ557hnJhp4aD7EN2p6B7IVNMmuK_9w"} ]}}¶
The response payload currently reports the success or failure of the bind operation:¶
{ "BindResponse":{ "Status":201, "StatusDescription":"Operation completed successfully", "EnvelopedAccountHostAssignment":[{ "ContentMetaData":"ewogICJNZXNzYWdlVHlwZSI6ICJBY2NvdW50SG 9zdEFzc2lnbm1lbnQiLAogICJjdHkiOiAiYXBwbGljYXRpb24vbW1tL29iamVjdCI sCiAgIkNyZWF0ZWQiOiAiMjAyMi0wNC0yMFQxNjoxNzoxN1oifQ"}, "ewogICJBY2NvdW50SG9zdEFzc2lnbm1lbnQiOiB7CiAgICAiQWNjb3VudE FkZGVzcyI6ICJhbGljZUBleGFtcGxlLmNvbSIsCiAgICAiQWNjZXNzRW5jcnlwdCI 6IHsKICAgICAgIlVkZiI6ICJNQUpZLTY1S1AtQzY3RS1MRlhQLVEzWEktWkhaRi1H TkhWIiwKICAgICAgIlB1YmxpY1BhcmFtZXRlcnMiOiB7CiAgICAgICAgIlB1YmxpY 0tleUVDREgiOiB7CiAgICAgICAgICAiY3J2IjogIlg0NDgiLAogICAgICAgICAgIl B1YmxpYyI6ICJIVWVvTEJvWUpqOWVZeDlQd1VMem5NRThvVHQ3R1JyeThBNWhmUTk 1OUw1UjdQeUlaMEZYCiAgaFNRVk12cVF4aUJtRzlpeGdiNkpMSDRBIn19fX19" ]}}¶
It is likely that a future revisions of the specification will specify the host(s) to which future account service operations are to be directed. This would allow the account management operations to be separated from the account maintenance operations without requiring the traditional tiered architecture in which every interaction with a service is first routed to a host that cannot perform the required action so that it can be directed to the host that can.¶
Mesh Group Accounts are created in the same manner as user accounts except that the ProfileGroup is specified.¶
Should all the administration devices be lost, an account MAY be recovered by the process of recovering the profile master secret and using it to access the account through the account authentication key.¶
An account registration is deleted using the UnbindAccount
transaction.¶
>>>> Unfinished ProtocolAccountDelete¶
The request payload:¶
{ "UnbindRequest":{ "Account":"alice@example.com"}}¶
The response payload:¶
{ "UnbindResponse":{ "Status":201, "StatusDescription":"Operation completed successfully"}}¶
Should a user wish to transfer their account to a new service provider, they first use the Bind Account operation to bind the account to the new service provider, then populate the account entry at the new account using the account authentication key.¶
Only after the new account binding has been completed and is ready for use, is the unbind operation used to delete the account entry at the old service provider.¶
Future versions of the protocol will elaborate on this mechanism so that the change of address can be signaled to connected devices and parties sending messages to the account.¶
Account recovery is necessary in the case that user has lost control of every administration device connected to the account and must re-create the account profile and bind a new set of administrative devices. Account transfer is the process of unbinding an account from one service and rebinding it to a new one.¶
These capabilities are both critical to the long term success of the Mesh but have been deleted from the current revision of the specification as their implementation is interdependent on the architecture of the callsign registry.¶
>>>> Unfinished ProtocolAccountRecover¶
[TBS]¶
All the state associated with a Mesh profile is stored as a sequence of DARE Messages in a Dare Container. The Mesh Service holding the master copy of the persistence stores and the devices connected to the profile containing complete copies (replicas) or partial copies (redactions).¶
Thus, the only primitive needed to achieve synchronization of the profile state are those required for synchronization of a DARE Container. These steps are:¶
To ensure a satisfactory user experience, Mesh Messages are intentionally limited in size to 32 KB or less, thus ensuring that an application can retrieve the most recent 100 messages almost instantaneously on a high bandwidth connection and without undue delay on a slower one.¶
The status transaction returns the status of the containers the device is authorized to access for the specified account together with the updated Device Connection Entry if this has been modified since the entry presented to authenticate the request was issued.¶
Alice adds an entry to her bookmark catalog. Before the bookmark can be added, the device synchronizes to the service. The synchronization process begins with a request for the status of all the stores associated with the account that it has access rights for:¶
{ "StatusRequest":{ "CatalogedDeviceDigest":"MBD2-CX3T-MAHB-323R-ZKPE-V23R-4O"}}¶
If the account has a very large number of stores, the device might only ask for the status of specific stores of interest.¶
The response specifies the status of each store specifying the index and Merkle tree apex digest values for each:¶
{ "StatusResponse":{ "Status":201, "StatusDescription":"Operation completed successfully", "ContainerStatus":[{ "Container":"MMM_Inbound", "Index":3}, { "Container":"MMM_Outbound", "Index":1, "Digest":"FEHy24Y6cLModDXWH31kVc2a3TdhjXPooKHpLAb2JbsO1YQ nJolmowXAYHhkOGY0kg3jrKNTjds0myf4Dw1sdg"}, { "Container":"MMM_Local", "Index":2}, { "Container":"MMM_Access", "Index":3, "Digest":"af-ZCV48K2pp8D8_a7t2Zovpj0Rg083JVQ9FSptSqzHwAwS DEv6Q7qd3UJAj5xcHgN8-uixxRM62NP7MDZwZIA"}, { "Container":"MMM_Credential", "Index":4, "Digest":"xIiGmicJxjUJWEjWM6nqwKIG0Hmotr9pjFxTEFXeCCW1klZ VWj4rJv1X4byJvxplJwtGVWYph9YEi0ZMFrNkRw"}, { "Container":"MMM_Device", "Index":3, "Digest":"AfExhtW64TJvmpW9Lrh5uf8jURFrFTc62FYgffU3IPowOdl 3HV5gHYxGB-Pucpaco7vowCEqRjqeP5dTMOQzFw"}, { "Container":"MMM_Contact", "Index":2, "Digest":"VSDUsxoQIIMuSLTVgeEO2QTpGweYanJ86nDrdUMPm0CDX4m PVP_8UWAtWdm6HMmpvQ7Pm11pgDUYSNOF72Cofg"}, { "Container":"MMM_Application", "Index":1, "Digest":"BWJ7_IbH7vcOI-CR-oGpqIXdQz50rPbmGsZvOiL1dqKe9lW QJSh5tKElz9TAQRT0EG7G0kOZ2mCqiP_yGZAN3A"}, { "Container":"MMM_Publication", "Index":1, "Digest":"xDBR1MLSGbMcgX1mjMyT-XEKgTXG8j8v4pNhOfHkZTp_xfm 3oEWvudSi0dO-varqqX_iwrHFJD9wxWWjfNThAA"}, { "Container":"MMM_Bookmark", "Index":1, "Digest":"vKaVPfFoa-c_h0XyyLmN5Fb1C0mgFogLo80vb-qu4r0xFUx wCJ5qGqObbaxLxK8a7_sSZ88SV8McU1NWl7BS3w"}, { "Container":"MMM_Task", "Index":1, "Digest":"Od-7rQgE-8X-Dr1oIAgkhuKm5NMc85RIOnFLlJmqskwy3yO YoWzorX-aUve1rKPmnBCmbAhDUhHEGo_wUP-kJQ"} ]}}¶
Bug: The current version of the reference code is only returning the digest values for the outbound store.¶
The download transaction returns a collection of entries from one or more containers associated with the profile.¶
The service MAY limit the number of entries returned in an individual response for performance reasons.¶
The previous status operation has reported that a new envelope has been added to the credential store. The device requests this data from the service:¶
{ "DownloadRequest":{ "Select":[{ "Container":"MMM_Credential", "IndexMin":3, "IndexMax":4} ]}}¶
The response contains the requested envelope:¶
{ "DownloadResponse":{ "Status":201, "StatusDescription":"Operation completed successfully", "Updates":[{ "Container":"MMM_Credential", "Envelopes":[[{ "PayloadDigest":"YPLzDhhS7EN_kZDTvNG5M0SM-FHOzqbbb5 tpe2QiPcqvMbeL5wG5DixDsKpHyp2Be1-JIzC2svJLMmxThxoKQA", "TreeDigest":"xIiGmicJxjUJWEjWM6nqwKIG0Hmotr9pjFxTE FXeCCW1klZVWj4rJv1X4byJvxplJwtGVWYph9YEi0ZMFrNkRw", "enc":"A256CBC", "dig":"S512", "Salt":"lUbGQVUnbrUB9k4ZwNQGMA", "recipients":[{ "kid":"MDG5-EPRO-L3LG-GGFU-WKSG-EXU3-GGAB", "epk":{ "PublicKeyECDH":{ "crv":"X448", "Public":"NHRQRC52QsQUM8p7-p0Tc9QGm-VcojGal 1n8tpbVd-H127mYjgGDV5vB7VqMBClC6aVISJTzWE4A"}}, "wmk":"cyTvjux3YTmm8XgzUXXI3VBxRFXh3ueSteXaHHFu g5EdKpF82OFP8Q"} ], "ContentMetaData":"ewogICJVbmlxdWVJZCI6ICI6ZnRwLmV4 YW1wbGUuY29tIiwKICAiRXZlbnQiOiAiVXBkYXRlIiwKICAiRmlyc3QiOiAxLAogI CJQcmV2aW91cyI6IDF9", "SequenceInfo":{ "Index":3, "TreePosition":825}, "Received":"2022-04-20T16:17:23Z"}, "3-njoLi2gG1Bc3eb2vGW5WJ2cHs8D7s-wrvy7L2jEAVHWlBgp4gY y4Pi89A70PJy3zsrJohsEw6zuqwGH9ETUmjuNWWq5cgBn2KZfz3dRdmQ8U0zw5E5y 4qY15v5dyzaN2qh7CTUyQtxupsFhgImGYiOhnqEoCi5udTs1YpC5mg", {} ] ]} ]}}¶
Future: The current implementation of the download operation is limited by the capabilities of the HTTP binding of the RUD transport. A future binding allowing operations that consist of a single request followed by a sequence of responses will allow much greater flexibility.¶
Future versions of the protocol may support optional filtering criteria so that the service only returns objects matching specific criteria and/or only return certain parts of the selected messages.¶
The transact transaction appends envelopes to one or more stores. The operation is atomic, that is either all the changes specified will be made to the stores or none will. This ensures that simultaneous attempts to update a store do not result in race conditions allows Mesh stores to provide ACID (Atomicity, Consistency, Isolation, Durability) properties to the applications they serve.¶
Clients SHOULD check to determine if updates to a container conflict with pending updates on the device waiting to be uploaded. For example, if a contact that the user modified on the device attempting to synchronize was subsequently deleted. The means of resolving such conflicts is not in the scope of this specification.¶
Each update to a catalog or container specifies the expected container index and apex digest. This provides a strong guarantee of consistency. The service MUST verify each update to check that the Merkle Tree values specified are consistent with the store entries and that the signature on the apex value (if specified) is valid and correct.¶
Services MAY impose limits on the size and number of additions performed in response to a TransactRequest
message to ensure that processing time does not degrade performance for other users.¶
The request payload specifies the data to be appended to the stores.¶
{ "TransactRequest":{ "Updates":[{ "Container":"MMM_Bookmark", "Envelopes":[[{ "PayloadDigest":"nLPqGhIpOzHAKROd7NqK6i2E-_cbliqw9u U5RS7LRV7-u2LtLvXjjl3zA0U4SkoiK7lQJxcywO3gS5189D3wnQ", "TreeDigest":"-SDCQM4HDOThmLenmg1392iskvEeEDdhactIU 1D7cc9m25-4LH1eY-qyLo1nijRPL5AtULixbyUOlnpPM9FEZg", "dig":"S512", "ContentMetaData":"ewogICJVbmlxdWVJZCI6ICJOQVZVLVJI RFEtTjdFTC1HUU5CLTdVNzUtQzRUSi0zREtPIiwKICAiRXZlbnQiOiAiTmV3In0", "SequenceInfo":{ "Index":1, "TreePosition":0}}, "ewogICJDYXRhbG9nZWRCb29rbWFyayI6IHsKICAgICJVaWQiOiAi TkFWVS1SSERRLU43RUwtR1FOQi03VTc1LUM0VEotM0RLTyIsCiAgICAiVXJpIjogI lNpdGVzLjIiLAogICAgIlRpdGxlIjogImh0dHA6Ly93d3cuZXhhbXBsZS5uZXQifX 0" ] ]} ]}}¶
The response reports successful completion:¶
{ "TransactResponse":{ "Status":201, "StatusDescription":"Operation completed successfully"}}¶
In order to support the wide range of affordances supported by devices, four device connection interactions are currently specified. The use of these mechanisms is described in [draft-hallambaker-mesh-architecture] and the interactions themselves are described in section ??? following.¶
Device connection operations are always issued by a device requesting connection to a Mesh account and must therefore be authenticated under the device profile rather than the account profile. Two device connection operations are currently defined:¶
Requests connection to the account.¶
Polls for completion of a connection request.¶
Since the second operation is merely polling for completion of the transaction requested by the first, it is likely that these will be combined in a future revision of the specification.¶
If the connection request is initiated by the device being connected, the device constructs a RequestConnection
message which is posted to the Mesh Service using the Connect operation.¶
If the Connect operation is accepted (i.e. the service determines it is not abuse), the service constructs an AcknowledgeConnection
message which is forwarded to the inbound spool of the account to which connection is requested. The requesting device receives a copy of the AcknowledgeConnection
message and the profile of the account it is requesting connection to.¶
As described in the following section, the AcknowledgeConnection message contains the request details presented by the device and a nonce value generated by the service. This nonce value is used to compute the witness value that will be used for mutual authentication of the device and account.¶
The connect request is made to the service, not the account. The payload contains the enveloped connection request:¶
{ "ConnectRequest":{ "EnvelopedRequestConnection":[{ "EnvelopeId":"MBHZ-QYVP-T5DQ-FQAP-AWD4-FLMO-ZZJT", "ContentMetaData":"ewogICJVbmlxdWVJZCI6ICJOQ0FBLTdVWUEtVE cyQy02WFVDLVVHM0ItNFhHVC1PQklFIiwKICAiTWVzc2FnZVR5cGUiOiAiUmVxdWV zdENvbm5lY3Rpb24iLAogICJjdHkiOiAiYXBwbGljYXRpb24vbW1tL29iamVjdCIs CiAgIkNyZWF0ZWQiOiAiMjAyMi0wNC0yMFQxNjoxNzo1MVoifQ"}, "ewogICJSZXF1ZXN0Q29ubmVjdGlvbiI6IHsKICAgICJNZXNzYWdlSWQiOi AiTkNBQS03VVlBLVRHMkMtNlhVQy1VRzNCLTRYR1QtT0JJRSIsCiAgICAiQXV0aGV udGljYXRlZERhdGEiOiBbewogICAgICAgICJFbnZlbG9wZUlkIjogIk1BQTMtQlFQ Wi1XV080LTdRNUItUDdBSC1GWTVDLUFUTUQiLAogICAgICAgICJkaWciOiAiUzUxM iIsCiAgICAgICAgIkNvbnRlbnRNZXRhRGF0YSI6ICJld29nSUNKVmJtbHhkV1ZKWk NJNklDSk5RVUV6TFVKUlVGb3RWMWRQTkMwCiAgM1VUVkNMVkEzUVVndFJsazFReTF CVkUxRUlpd0tJQ0FpVFdWemMyRm5aVlI1Y0dVaU9pQWlVSEp2Wm1sc1oKICBVUmxk bWxqWlNJc0NpQWdJbU4wZVNJNklDSmhjSEJzYVdOaGRHbHZiaTl0YlcwdmIySnFaV 04wSWl3S0lDQQogIGlRM0psWVhSbFpDSTZJQ0l5TURJeUxUQTBMVEl3VkRFMk9qRT NPalV4V2lKOSJ9LAogICAgICAiZXdvZ0lDSlFjbTltYVd4bFJHVjJhV05sSWpvZ2V 3b2dJQ0FnSWxCeWIyWgogIHBiR1ZUYVdkdVlYUjFjbVVpT2lCN0NpQWdJQ0FnSUNK VlpHWWlPaUFpVFVGQk15MUNVVkJhTFZkWFR6UXROCiAgMUUxUWkxUU4wRklMVVpaT lVNdFFWUk5SQ0lzQ2lBZ0lDQWdJQ0pRZFdKc2FXTlFZWEpoYldWMFpYSnpJam8KIC BnZXdvZ0lDQWdJQ0FnSUNKUWRXSnNhV05MWlhsRlEwUklJam9nZXdvZ0lDQWdJQ0F nSUNBZ0ltTnlkaUk2SQogIENKRlpEUTBPQ0lzQ2lBZ0lDQWdJQ0FnSUNBaVVIVmli R2xqSWpvZ0lrVTFaVXMwY1VrelRWbENlRFY0Y0hSCiAgNlkyNTRjRWhhYm5aTlFXc FRibkpJUmpoQmJtSjVjRTR0V1RacFpsVkhibE5mVGxRS0lDQmZhWEZhY21kdGUKIC BVUkxSRVJEYVVGWFNrVTBSM0E0VlVFaWZYMTlMQW9nSUNBZ0lrVnVZM0o1Y0hScGI yNGlPaUI3Q2lBZ0lDQQogIGdJQ0pWWkdZaU9pQWlUVUZNVnkxUldGZzBMVWxCUkVV dFFUUmFXUzFIVWtaV0xUZEdVbFl0Tms1TldpSXNDCiAgaUFnSUNBZ0lDSlFkV0pzY VdOUVlYSmhiV1YwWlhKeklqb2dld29nSUNBZ0lDQWdJQ0pRZFdKc2FXTkxaWGwKIC BGUTBSSUlqb2dld29nSUNBZ0lDQWdJQ0FnSW1OeWRpSTZJQ0pZTkRRNElpd0tJQ0F nSUNBZ0lDQWdJQ0pRZAogIFdKc2FXTWlPaUFpV1VaM1dtSjZSa053Y214RVRrNXFT a1ZzT0U1aVVEbEJjVlpsTmpRelFtMU9Ua0YxYjJ0CiAgSVJYVkhlakZXWHpZd1ZIR nlVQW9nSUVVM1dWa3RRbFpCVFU4MVVrMVBjVVIzUjNVM1dGOXhRU0o5Zlgwc0MKIC BpQWdJQ0FpVTJsbmJtRjBkWEpsSWpvZ2V3b2dJQ0FnSUNBaVZXUm1Jam9nSWsxQ1N 6VXRTVkkwVXkweVIwdAogIFdMVVpJVWxjdFFrWkpOUzFTVUZKRkxVVkdUMFVpTEFv Z0lDQWdJQ0FpVUhWaWJHbGpVR0Z5WVcxbGRHVnljCiAgeUk2SUhzS0lDQWdJQ0FnS UNBaVVIVmliR2xqUzJWNVJVTkVTQ0k2SUhzS0lDQWdJQ0FnSUNBZ0lDSmpjblkKIC BpT2lBaVJXUTBORGdpTEFvZ0lDQWdJQ0FnSUNBZ0lsQjFZbXhwWXlJNklDSXdOVzV EV0V4d1NqbDFOamgzUQogIDJ0MWRUUktXalZ4VHpSMGQwbzNjVFZqYVdkUE9FSnha ek56WDJaMmNYWkxjbDlTZVZrMkNpQWdNVzUzWjJwCiAgSVMyRnpaMDl3V1dGeFkwU lhjelk0ZVdkQkluMTlmU3dLSUNBZ0lDSkJkWFJvWlc1MGFXTmhkR2x2YmlJNkkKIC BIc0tJQ0FnSUNBZ0lsVmtaaUk2SUNKTlJGZE1MVk5NTkVJdFMxZERWeTFYTTFoVkx UWkpTMW90VVVaUFZTMQogIEJSVmRhSWl3S0lDQWdJQ0FnSWxCMVlteHBZMUJoY21G dFpYUmxjbk1pT2lCN0NpQWdJQ0FnSUNBZ0lsQjFZCiAgbXhwWTB0bGVVVkRSRWdpT 2lCN0NpQWdJQ0FnSUNBZ0lDQWlZM0oySWpvZ0lsZzBORGdpTEFvZ0lDQWdJQ0EKIC BnSUNBZ0lsQjFZbXhwWXlJNklDSjBkVGMwUVZaTFlVcDFaR1JtTTFKRWNtWjBhV0k wYTJWdE9WTjRNR0UzYwogIHpBdFFYVktVek5SYkVoSWMxZDZWbGxXVG1aS0NpQWdS MGMzV0Y5Tk4xZEtSbHBFYUZReFRqVTBZVVU0WkZkCiAgQkluMTlmWDE5IiwKICAgI CAgewogICAgICAgICJzaWduYXR1cmVzIjogW3sKICAgICAgICAgICAgImFsZyI6IC JTNTEyIiwKICAgICAgICAgICAgImtpZCI6ICJNQUEzLUJRUFotV1dPNC03UTVCLVA 3QUgtRlk1Qy1BVE1EIiwKICAgICAgICAgICAgInNpZ25hdHVyZSI6ICJ2T3VmZENC XzlIVDZJOGFhclh2bW1PeU5TbC13LXh5SjlsRGpBRUU3NzY3OTN2bDFMCiAga0VGW XNCNWJoNnlkVzZpdGZ4N3d0eUk1aDJBWWFoNEJvc0tCUGVHNXFmSVZYMGJEX0JIek gzd21fcFlUaHQKICBwWlJHVWRfQ0xsR0l5cVppLWRqNnByYS1SYXRvQ0RiQmRLSWd QQ1RJQSJ9XSwKICAgICAgICAiUGF5bG9hZERpZ2VzdCI6ICJscmNWZ0FseGl3TTdp YWNsbUI0bFFPLWQxcUlZV29pbEdhMkFueEFxVkpPU04KICBIdGM4TkRabkd3VXlnN mI2bFpsem9WZ1FSTmdPZEdRYVZxVzZzTmYxUSJ9XSwKICAgICJDbGllbnROb25jZS I6ICJnWkZIMUxaTm9BQ20wLXgwdGcyOHlBIiwKICAgICJQaW5JZCI6ICJBQ0tKLUJ LQjMtSjc3Qi1HN0haLURGS1MtRTI2TC1OSFhXIiwKICAgICJQaW5XaXRuZXNzIjog Imh2Nnh2TlhPc3BBOU1ONFlWa05iNThQNUJ3cjFXQ3k1T0E2Z3RQeHkwTHFQLV9sd gogIFJlSFNwMUQ1TXViUHRNWW5yU3JFY0dlYlFyZXZCR0I5Nm5na1pnIiwKICAgIC JBY2NvdW50QWRkcmVzcyI6ICJhbGljZUBleGFtcGxlLmNvbSJ9fQ" ], "Rights":[ ]}}¶
The response payload contains the information the device requires to compute the witness value and to poll for completion. This is a copy of the request acknowledgement and a copy of the profile of the account the device has requested connection to:¶
{ "ConnectResponse":{ "Status":201, "StatusDescription":"Operation completed successfully", "EnvelopedAcknowledgeConnection":[{ "EnvelopeId":"MBW3-XXJI-WXLF-QWFQ-TTJ4-EW2D-TXZH", "ContentMetaData":"ewogICJVbmlxdWVJZCI6ICJIUzIyLVZPNU0tSk FHNC1SUVQ0LVJPSFgtUEVSSy1ZWUNXIiwKICAiTWVzc2FnZVR5cGUiOiAiQWNrbm9 3bGVkZ2VDb25uZWN0aW9uIiwKICAiY3R5IjogImFwcGxpY2F0aW9uL21tbS9vYmpl Y3QiLAogICJDcmVhdGVkIjogIjIwMjItMDQtMjBUMTY6MTc6NTFaIn0"}, "ewogICJBY2tub3dsZWRnZUNvbm5lY3Rpb24iOiB7CiAgICAiTWVzc2FnZU lkIjogIkhTMjItVk81TS1KQUc0LVJRVDQtUk9IWC1QRVJLLVlZQ1ciLAogICAgIkV udmVsb3BlZFJlcXVlc3RDb25uZWN0aW9uIjogW3sKICAgICAgICAiRW52ZWxvcGVJ ZCI6ICJNQkhaLVFZVlAtVDVEUS1GUUFQLUFXRDQtRkxNTy1aWkpUIiwKICAgICAgI CAiQ29udGVudE1ldGFEYXRhIjogImV3b2dJQ0pWYm1seGRXVkpaQ0k2SUNKT1EwRk JMVGRWV1VFdFZFY3lReTAKICAyV0ZWRExWVkhNMEl0TkZoSFZDMVBRa2xGSWl3S0l DQWlUV1Z6YzJGblpWUjVjR1VpT2lBaVVtVnhkV1Z6ZAogIEVOdmJtNWxZM1JwYjI0 aUxBb2dJQ0pqZEhraU9pQWlZWEJ3YkdsallYUnBiMjR2YlcxdEwyOWlhbVZqZENJC iAgc0NpQWdJa055WldGMFpXUWlPaUFpTWpBeU1pMHdOQzB5TUZReE5qb3hOem8xTV ZvaWZRIn0sCiAgICAgICJld29nSUNKU1pYRjFaWE4wUTI5dWJtVmpkR2x2YmlJNkl Ic0tJQ0FnSUNKCiAgTlpYTnpZV2RsU1dRaU9pQWlUa05CUVMwM1ZWbEJMVlJITWtN dE5saFZReTFWUnpOQ0xUUllSMVF0VDBKSlIKICBTSXNDaUFnSUNBaVFYVjBhR1Z1Z EdsallYUmxaRVJoZEdFaU9pQmJld29nSUNBZ0lDQWdJQ0pGYm5abGJHOQogIHdaVW xrSWpvZ0lrMUJRVE10UWxGUVdpMVhWMDgwTFRkUk5VSXRVRGRCU0MxR1dUVkRMVUZ VVFVRaUxBb2dJCiAgQ0FnSUNBZ0lDSmthV2NpT2lBaVV6VXhNaUlzQ2lBZ0lDQWdJ Q0FnSWtOdmJuUmxiblJOWlhSaFJHRjBZU0kKICA2SUNKbGQyOW5TVU5LVm1KdGJIa GtWMVpLV2tOSk5rbERTazVSVlVWNlRGVktVbFZHYjNSV01XUlFUa013QwogIGlBZ0 0xVlVWa05NVmtFelVWVm5kRkpzYXpGUmVURkNWa1V4UlVscGQwdEpRMEZwVkZkV2V tTXlSbTVhVmxJCiAgMVkwZFZhVTlwUVdsVlNFcDJXbTFzYzFvS0lDQlZVbXhrYld4 cVdsTkpjME5wUVdkSmJVNHdaVk5KTmtsRFMKICBtaGpTRUp6WVZkT2FHUkhiSFppY VRsMFlsY3dkbUl5U25GYVYwNHdTV2wzUzBsRFFRb2dJR2xSTTBwc1dWaAogIFNiRn BEU1RaSlEwbDVUVVJKZVV4VVFUQk1WRWwzVmtSRk1rOXFSVE5QYWxWNFYybEtPU0o 5TEFvZ0lDQWdJCiAgQ0FpWlhkdlowbERTbEZqYlRsdFlWZDRiRkpIVmpKaFYwNXNT V3B2WjJWM2IyZEpRMEZuU1d4Q2VXSXlXZ28KICBnSUhCaVIxWlVZVmRrZFZsWVVqR mpiVlZwVDJsQ04wTnBRV2RKUTBGblNVTktWbHBIV1dsUGFVRnBWRlZHUQogIGsxNU 1VTlZWa0poVEZaa1dGUjZVWFJPQ2lBZ01VVXhVV2t4VVU0d1JrbE1WVnBhVGxWTmR GRldVazVTUTBsCiAgelEybEJaMGxEUVdkSlEwcFJaRmRLYzJGWFRsRlpXRXBvWWxk V01GcFlTbnBKYW04S0lDQm5aWGR2WjBsRFEKICBXZEpRMEZuU1VOS1VXUlhTbk5oV jA1TVdsaHNSbEV3VWtsSmFtOW5aWGR2WjBsRFFXZEpRMEZuU1VOQlowbAogIHRUbm xrYVVrMlNRb2dJRU5LUmxwRVVUQlBRMGx6UTJsQlowbERRV2RKUTBGblNVTkJhVlZ JVm1saVIyeHFTCiAgV3B2WjBsclZURmFWWE13WTFWcmVsUldiRU5sUkZZMFkwaFND aUFnTmxreU5UUmpSV2hoWW01YVRsRlhjRlIKICBpYmtwSlVtcG9RbUp0U2pWalJUU jBWMVJhY0Zwc1ZraGliRTVtVkd4UlMwbERRbVpoV0VaaFkyMWtkR1VLSQogIENCVl VreFNSVkpFWVZWR1dGTnJWVEJTTTBFMFZsVkZhV1pZTVRsTVFXOW5TVU5CWjBsclZ uVlpNMG8xWTBoCiAgU2NHSXlOR2xQYVVJM1EybEJaMGxEUVFvZ0lHZEpRMHBXV2tk WmFVOXBRV2xVVlVaTlZua3hVbGRHWnpCTVYKICBXeENVa1ZWZEZGVVVtRlhVekZJV ld0YVYweFVaRWRWYkZsMFRtczFUbGRwU1hORENpQWdhVUZuU1VOQlowbAogIERTbE ZrVjBwellWZE9VVmxZU21oaVYxWXdXbGhLZWtscWIyZGxkMjluU1VOQlowbERRV2R KUTBwUlpGZEtjCiAgMkZYVGt4YVdHd0tJQ0JHVVRCU1NVbHFiMmRsZDI5blNVTkJa MGxEUVdkSlEwRm5TVzFPZVdScFNUWkpRMHAKICBaVGtSUk5FbHBkMHRKUTBGblNVT kJaMGxEUVdkSlEwcFJaQW9nSUZkS2MyRlhUV2xQYVVGcFYxVmFNMWR0UwogIGpaU2 EwNTNZMjE0UlZSck5YRlRhMVp6VDBVMWFWVkViRUpqVmxwc1RtcFJlbEZ0TVU5VWE wWXhZakowQ2lBCiAgZ1NWSllWa2hsYWtaWFdIcFpkMVpJUm5sVlFXOW5TVVZWTTFk V2EzUlJiRnBDVkZVNE1WVnJNVkJqVlZJelUKICBqTlZNMWRHT1hoUlUwbzVabGd3Y zBNS0lDQnBRV2RKUTBGcFZUSnNibUp0UmpCa1dFcHNTV3B2WjJWM2IyZAogIEpRME ZuU1VOQmFWWlhVbTFKYW05blNXc3hRMU42VlhSVFZra3dWWGt3ZVZJd2RBb2dJRmR NVlZwSlZXeGpkCiAgRkZyV2twT1V6RlRWVVpLUmt4VlZrZFVNRlZwVEVGdlowbERR V2RKUTBGcFZVaFdhV0pIYkdwVlIwWjVXVmMKICB4YkdSSFZubGpDaUFnZVVrMlNVa HpTMGxEUVdkSlEwRm5TVU5CYVZWSVZtbGlSMnhxVXpKV05WSlZUa1ZUUQogIDBrMl NVaHpTMGxEUVdkSlEwRm5TVU5CWjBsRFNtcGpibGtLSUNCcFQybEJhVkpYVVRCT1J HZHBURUZ2WjBsCiAgRFFXZEpRMEZuU1VOQlowbHNRakZaYlhod1dYbEpOa2xEU1hk T1Z6VkVWMFY0ZDFOcWJERk9hbWd6VVFvZ0kKICBESjBNV1JVVWt0WGFsWjRWSHBTT UdRd2J6TmpWRlpxWVZka1VFOUZTbmhhZWs1NldESmFNbU5ZV2t4amJEbAogIFRaVl pyTWtOcFFXZE5WelV6V2pKd0NpQWdTVk15Um5wYU1EbDNWMWRHZUZrd1VsaGplbGs wWlZka1FrbHVNCiAgVGxtVTNkTFNVTkJaMGxEU2tKa1dGSnZXbGMxTUdGWFRtaGtS MngyWW1sSk5ra0tJQ0JJYzB0SlEwRm5TVU4KICBCWjBsc1ZtdGFhVWsyU1VOS1RsS kdaRTFNVms1TlRrVkpkRk14WkVSV2VURllUVEZvVmt4VVdrcFRNVzkwVgogIFZWYV VGWlRNUW9nSUVKU1ZtUmhTV2wzUzBsRFFXZEpRMEZuU1d4Q01WbHRlSEJaTVVKb1k yMUdkRnBZVW14CiAgamJrMXBUMmxDTjBOcFFXZEpRMEZuU1VOQlowbHNRakZaQ2lB Z2JYaHdXVEIwYkdWVlZrUlNSV2RwVDJsQ04KICAwTnBRV2RKUTBGblNVTkJaMGxEU VdsWk0wb3lTV3B2WjBsc1p6Qk9SR2RwVEVGdlowbERRV2RKUTBFS0lDQgogIG5TVU 5CWjBsc1FqRlpiWGh3V1hsSk5rbERTakJrVkdNd1VWWmFURmxWY0RGYVIxSnRUVEZ LUldOdFdqQmhWCiAgMGt3WVRKV2RFOVdUalJOUjBVell3b2dJSHBCZEZGWVZrdFZl azVTWWtWb1NXTXhaRFpXYkd4WFZHMWFTME4KICBwUVdkU01HTXpWMFk1VGs0eFpFd FNiSEJGWVVaUmVGUnFWVEJaVlZVMFdrWmtDaUFnUWtsdU1UbG1XREU1SQogIGl3S0 lDQWdJQ0FnZXdvZ0lDQWdJQ0FnSUNKemFXZHVZWFIxY21Weklqb2dXM3NLSUNBZ0l DQWdJQ0FnSUNBCiAgZ0ltRnNaeUk2SUNKVE5URXlJaXdLSUNBZ0lDQWdJQ0FnSUNB Z0ltdHBaQ0k2SUNKTlFVRXpMVUpSVUZvdFYKICAxZFBOQzAzVVRWQ0xWQTNRVWd0U mxrMVF5MUJWRTFFSWl3S0lDQWdJQ0FnSUNBZ0lDQWdJbk5wWjI1aGRIVgogIHlaU0 k2SUNKMlQzVm1aRU5DWHpsSVZEWkpPR0ZoY2xoMmJXMVBlVTVUYkMxM0xYaDVTamx zUkdwQlJVVTNOCiAgelkzT1ROMmJERk1DaUFnYTBWR1dYTkNOV0pvTm5sa1Z6WnBk R1o0TjNkMGVVazFhREpCV1dGb05FSnZjMHQKICBDVUdWSE5YRm1TVlpZTUdKRVgwS klla2d6ZDIxZmNGbFVhSFFLSUNCd1dsSkhWV1JmUTB4c1IwbDVjVnBwTAogIFdScU 5uQnlZUzFTWVhSdlEwUmlRbVJMU1dkUVExUkpRU0o5WFN3S0lDQWdJQ0FnSUNBaVV HRjViRzloWkVSCiAgcFoyVnpkQ0k2SUNKc2NtTldaMEZzZUdsM1RUZHBZV05zYlVJ MGJGRlBMV1F4Y1VsWlYyOXBiRWRoTWtGdWUKICBFRnhWa3BQVTA0S0lDQklkR000V GtSYWJrZDNWWGxuTm1JMmJGcHNlbTlXWjFGU1RtZFBaRWRSWVZaeFZ6WgogIHpUbV l4VVNKOVhTd0tJQ0FnSUNKRGJHbGxiblJPYjI1alpTSTZJQ0puV2taSU1VeGFUbTl CUTIwd0xYZ3dkCiAgR2N5T0hsQklpd0tJQ0FnSUNKUWFXNUpaQ0k2SUNKQlEwdEtM VUpMUWpNdFNqYzNRaTFITjBoYUxVUkdTMU0KICB0UlRJMlRDMU9TRmhYSWl3S0lDQ WdJQ0pRYVc1WGFYUnVaWE56SWpvZ0ltaDJObmgyVGxoUGMzQkJPVTFPTgogIEZsV2 EwNWlOVGhRTlVKM2NqRlhRM2sxVDBFMlozUlFlSGt3VEhGUUxWOXNkZ29nSUZKbFN GTndNVVExVFhWCiAgaVVIUk5XVzV5VTNKRlkwZGxZbEZ5WlhaQ1IwSTVObTVuYTFw bklpd0tJQ0FnSUNKQlkyTnZkVzUwUVdSa2MKICBtVnpjeUk2SUNKaGJHbGpaVUJsZ UdGdGNHeGxMbU52YlNKOWZRIl0sCiAgICAiU2VydmVyTm9uY2UiOiAiVHhOY3Eyck 5JSzhCZ0did215Q2NCdyIsCiAgICAiV2l0bmVzcyI6ICJIUzIyLVZPNU0tSkFHNC1 SUVQ0LVJPSFgtUEVSSy1ZWUNXIn19" ], "EnvelopedProfileAccount":[{ "EnvelopeId":"MAMQ-ETEA-JBL3-6UKE-LRNT-DGC3-OIDF", "dig":"S512", "ContentMetaData":"ewogICJVbmlxdWVJZCI6ICJNQU1RLUVURUEtSk JMMy02VUtFLUxSTlQtREdDMy1PSURGIiwKICAiTWVzc2FnZVR5cGUiOiAiUHJvZml sZVVzZXIiLAogICJjdHkiOiAiYXBwbGljYXRpb24vbW1tL29iamVjdCIsCiAgIkNy ZWF0ZWQiOiAiMjAyMi0wNC0yMFQxNjoxNzoxN1oifQ"}, "ewogICJQcm9maWxlVXNlciI6IHsKICAgICJQcm9maWxlU2lnbmF0dXJlIj ogewogICAgICAiVWRmIjogIk1BTVEtRVRFQS1KQkwzLTZVS0UtTFJOVC1ER0MzLU9 JREYiLAogICAgICAiUHVibGljUGFyYW1ldGVycyI6IHsKICAgICAgICAiUHVibGlj S2V5RUNESCI6IHsKICAgICAgICAgICJjcnYiOiAiRWQ0NDgiLAogICAgICAgICAgI lB1YmxpYyI6ICJuaTg1UWphTTh3VTV2Um9LbXdueEQwRjljNFNLMzAzTWswR2FkNV dsSjhoZ0JpWVd3OW9OCiAgem1pMzJzdzhYQW1lcjZVTTBTb1RjMjRBIn19fSwKICA gICJBY2NvdW50QWRkcmVzcyI6ICJhbGljZUBleGFtcGxlLmNvbSIsCiAgICAiU2Vy dmljZVVkZiI6ICJNRFNLLUVVSFMtUVhHRC1MS09GLUFWQzctVjJSSC1MVjZaIiwKI CAgICJFc2Nyb3dFbmNyeXB0aW9uIjogewogICAgICAiVWRmIjogIk1CWlAtV1pBWi 1CNktRLU1ZWVAtSDdLRC1WVkJBLTdUNlUiLAogICAgICAiUHVibGljUGFyYW1ldGV ycyI6IHsKICAgICAgICAiUHVibGljS2V5RUNESCI6IHsKICAgICAgICAgICJjcnYi OiAiWDQ0OCIsCiAgICAgICAgICAiUHVibGljIjogInRSODVSQ3FXdjgtWDVCazBOV TRFVmxqUUZKNTg1Rk5FM1p3eVd6WFNWdEpIaXgwRlo3aloKICBRN3hnOXV1cnc4S0 9LbDVNMFVXN0xMT0EifX19LAogICAgIkFkbWluaXN0cmF0b3JTaWduYXR1cmUiOiB 7CiAgICAgICJVZGYiOiAiTUJEVi1YWE5ILTJSVUItUkJNWi01Tkc3LUwzQ0QtM1RI ViIsCiAgICAgICJQdWJsaWNQYXJhbWV0ZXJzIjogewogICAgICAgICJQdWJsaWNLZ XlFQ0RIIjogewogICAgICAgICAgImNydiI6ICJFZDQ0OCIsCiAgICAgICAgICAiUH VibGljIjogIkhVd040UlZoR2N6RmxPbTJiRGNldnZWWXlkNmdqZHEzM1FxVjhVcTM 5ZEdhc1J6UW45X1AKICBWZ0NCUklfOE1qaXZlclRLZGFhRUkzMkEifX19LAogICAg IkNvbW1vbkVuY3J5cHRpb24iOiB7CiAgICAgICJVZGYiOiAiTURQUi1GSlZXLUdLN VotMkxKQS1MTVlWLVhTQ0gtSEUyQyIsCiAgICAgICJQdWJsaWNQYXJhbWV0ZXJzIj ogewogICAgICAgICJQdWJsaWNLZXlFQ0RIIjogewogICAgICAgICAgImNydiI6ICJ YNDQ4IiwKICAgICAgICAgICJQdWJsaWMiOiAiNTVqVWttcW4zZ3dHMGIySHpEVnUz SGxmNXNPNkdnVmxqX3ZhWUZ3QUVrc0RjTXkzd3l2VQogIHd0OW9qa2VVS1Q2MzA0R HdmcmgtVXc4QSJ9fX0sCiAgICAiQ29tbW9uQXV0aGVudGljYXRpb24iOiB7CiAgIC AgICJVZGYiOiAiTUJWSS1FV0xPLUVJN0otT1ZBSy1HR1pILTZZSFctWkpTVSIsCiA gICAgICJQdWJsaWNQYXJhbWV0ZXJzIjogewogICAgICAgICJQdWJsaWNLZXlFQ0RI IjogewogICAgICAgICAgImNydiI6ICJYNDQ4IiwKICAgICAgICAgICJQdWJsaWMiO iAiZlRVM1RlQjEtN0s4U1pwbzR0UXhaUHBKQWItX2QzTklkSmhsa3hXYWlab2dKUk VLOWFkUAogIGY5S25zNW1xcjExVVRUb0lNaHpmZEphQSJ9fX0sCiAgICAiQ29tbW9 uU2lnbmF0dXJlIjogewogICAgICAiVWRmIjogIk1BTVAtQlg0Ry1BS0syLVlIUEEt SVhKVi1aMktWLVVYQlciLAogICAgICAiUHVibGljUGFyYW1ldGVycyI6IHsKICAgI CAgICAiUHVibGljS2V5RUNESCI6IHsKICAgICAgICAgICJjcnYiOiAiRWQ0NDgiLA ogICAgICAgICAgIlB1YmxpYyI6ICJZNi1EMkRiYktsYVZYdkc1WlF3ZUxkNV9rUDF FQ0FDUjQwYkRtcGctWTRLczkyRk5lLXV5CiAgc1dVck1fTG1RS09JUGpqcjVMOE5P QkVBIn19fX19", { "signatures":[{ "alg":"S512", "kid":"MAMQ-ETEA-JBL3-6UKE-LRNT-DGC3-OIDF", "signature":"FOqGS7sd-l-iXeW0NnWOIUbmJxw0SLBHk_F4VYya 8AIu23JVKebgbH-MtSAK_-0FVuXyWcRUdT8AsHeGljsGe7Y9tN4q_NT8tIASs9ZsZ a4HXUyAB3vOzMuSO6wi5bHehc-zWhkEPZhvdiBMcizkODYA"} ], "PayloadDigest":"pbnx3FGeWuZWOrANRD5vo3UYnkZRpHGmpLwSWVJn sNZ4SFe4qVn-hfNrZ557hnJhp4aD7EN2p6B7IVNMmuK_9w"} ]}}¶
The complete operation is used to complete the binding of a device to the account regardless of whether the operation is initiated by the administration device or the connecting device.¶
The complete request is made to the service, not the account. The payload specifies the account the device is requesting completion for and the identifier of the completion message.¶
{ "CompleteRequest":{ "AccountAddress":"alice@example.com", "ResponseID":"MCXK-BPYI-YM5Y-N4LL-SFZV-FXIC-AHX2"}}¶
The response payload:¶
{ "CompleteResponse":{ "Status":201, "StatusDescription":"Operation completed successfully", "EnvelopedRespondConnection":[{ "EnvelopeId":"MDAB-RJHV-L6YJ-MMJQ-7NMX-KEC3-OV7F", "enc":"A256CBC", "Salt":"O8Uj4gwarhvGVXtHSZILuw", "recipients":[{ "kid":"MALW-QXX4-IADE-A4ZY-GRFV-7FRV-6NMZ", "epk":{ "PublicKeyECDH":{ "crv":"X448", "Public":"esrl5mubQKc6CuEwUCfddN8mPL6y-Zgbqto_mWt RVOCd5aUdaH4GYAs11vS10ghxl0Tx46VA4CqA"}}, "wmk":"lnwh_VDch144FOT3VBuOr4GqxSKP_ibMl5GzjpsdYnV-DH g_RgFEjg"} ], "ContentMetaData":"ewogICJVbmlxdWVJZCI6ICJNQ1hLLUJQWUktWU 01WS1ONExMLVNGWlYtRlhJQy1BSFgyIiwKICAiTWVzc2FnZVR5cGUiOiAiUmVzcG9 uZENvbm5lY3Rpb24iLAogICJjdHkiOiAiYXBwbGljYXRpb24vbW1tL29iamVjdCIs CiAgIkNyZWF0ZWQiOiAiMjAyMi0wNC0yMFQxNjoxNzo1MloifQ", "SequenceInfo":{ "Index":3, "TreePosition":426}, "Received":"2022-04-20T16:17:52Z"}, "i2vnt33aAT5G2z1GpX34VU2Za7xBLIuh89Pb2igJgnMreLANZgTCLxeiH7 7hfPk2Y6IJuLjOMx7asQhAVbQxlTtTSGZLetwH2yI8L4SJc0xZvNGJph4Yp1o9lvv gtrHUbMWZotTFPPkCK7OQUKggxG6EhcmLqh3NHklcVf0wJSw8GnrICThwRA14kE_P OCB-YaknBUbPDcjUF6h3kqmzQpUKdECkRYfP4fvH__UhPHApDU9x8vkdT2DAi9lM0 m2tVygkCdr8FWF69fXY7jCuehm73alPKex1AGvUxW_whD_xX26Jtn9sRlwYNdpudP vVOUAqNmixjFuGRa_toPlkkKQYpsLR9IhQo0uNySh69xF7qnqsDEdjHialrZR_7w2 M_KSsFXwscfwzNswqBAWv_MEalKzhCa7c7OQGfJc1gaTpCGIkIlQbZMsUM6GQSc48 w4rcfncYmCe8JnxdGX9dc87RisB0WjBJN7zQB_HCZRKPcpcLYtF-XwwjLuhY2bLGt kw8LrpX_TPiNSJpJ1Tkna2C6NyoQuDc_wouv9SYDKkbi3vf2jRQ7rWdAgM1O5m-yO ab3N7gxGEkoGznPxdyufZ0GlBBRPCFk5HTh7bawMiXXdTHVSogY1CGoZwASeeMLNM 0EP2jgPc6slb-LR6ppeH719OrtwU3mV2ViYG_-jesL9A5SgEsjHomGDQihnWWD1LW 9B5lebjGnKPDn8yA_TGlpvKpazJiTuxa88BpEumOJ8RJHjnuM0gU6PzQDFc120F6s 2P6c2ImpnUD4178SoFgXTZaKm6Ak06M_DR-J8yV03gbiBKvHa9QAAgx-e_mq69Jan qfI5OZeU_Ysm8k4HM6AHW2ed8Nzh7xPqsT1s5Gm7RRkELl4VaWY7gSBHsHxc5k7ON CF3ahlokXgInUOv4nJ_VPVGwBk-x2Pr4cJecCSNb6I39p3bHkyX_Cd3J3OZvnoPyH HsAeOyBgWfya8VbBbQr0_YbfuyeTzxcXVfJog78o5w3LXTT7qnkhsA0wnMNiC4Miz F6jDhVezcoHmgvSLw7zlXbY9KJl9eCaEKQsdnYLEPg8QzvngcbOVat1TkCtJ73Gr5 RY9n3ScQwvZD7h0FECForUOR8YAG0eOrtbDRzqJkCqmQtPfD48IxDk58GFh71BYPq pXg3_TlYChPdZLr5vCt9YRZGyC1RCSSD3VGW6stYkkSxhWC7EtmxeMjLBFOEVP1eD 260FW1YY1p-7vTrHEUa_2P-fTNWdljIZvWr-WZg5HdzA_MHAxT6doyFY3khy3skgb kHK0Nek9y3QaT2MbMP66Fnq6iDCy1mlP2i25wt1cwzFu0lMv8WDrg-q-2-90_G7dH r6MunCniPMwwM8pMAOlR0O9D31sM7Blyjs2wB4HtgwAvyr2PYr9O4eovAzAldj4I- zRAhxxczC2WyiolUQp0w1PAL00rLmZ6AU0JtK_EKd3NxDt4a2VRxFDsaqpMz5U-3e Yk2Xp_Lx-ddSJt648-D-OSLJANnbDg83yMhDOW1TqVNLB9McAuflVQ2j9gT_QS65M Fxi_wM3oxua4jDjWE2kq3GHZHFPrp5BJvC6Wcqz5dgO0vQzvc1vhnvOekrwNJMh6Y 5JRqRG7J0QHw0zKmwhkVdtGGc_OU5xfvPOMqzEaG9TqD8SvJTWK7uBZ6vLAISzhQV vnsisIAc70C_6JcILwsHA0fvi7OToKlLPLruRLZXKsGkUvpfWDA9R09Gud_l-EHYS RapKxfJr-7YCTpLmdNjTIbvPP5m5dPvWFi_FgP5MNwamuB55nRM3j_dn8-i1MdEI- 2RXMnKCtFX5U6FeS5f1HTRjRXBS0rX-rSISmZ9q81igy27X7Ym_OU-YwVfdiDbHB1 PWNb6dcxIyt72MYmBcgij0bZLVDifNmMWt3rhj4F6nK_9wi7v8hEYoDJRel8ZgMzR BbFUEl9lfCKI7uJMQ6PlX9KEGFaRsWIrI8tmObWOeK7DRBPcVS1lHSE-cjwH8oZng AZWEh3Mw5OQhGOwg15W5wQHbZQ1qMl8HHebqStq6x_k-P8vQQXN0ZfCGCJIzAycI1 2t80pwAzmFiK01_IxqlUpJaAZwqVAw2QPJvMzoIzmAY4Q7TjlQWpRALilN1gAgh4K ON6QQUGFAhANkffw2PYA3xrR6EHt7ODQLUpArEey6Ua25HJOJa4pX_Q9DSAFkRdER UVtJd6pScTtrs9sKgpoMWlTtvF4yDB7uDyPO4PYM0n6HsXBtvBjH9N-KjJV07UIuR 0tvG_ghZOZtvEnhcwSHNAAJLU8qdiRF7yxApz0Cg5cqEac18Kwf43DQAMn6XeDp5e GrO7rpd80BBQw04XNa_CCg9A4PvUNNWH9rnX9Uq70Rw5gCkqYUAHzQsoSRuNAh-Tp jE7GpeGQQF_tc3438qbq1LU7M1PV4LcLtX45H2tYpVCUUYoem6YlYgxa1bdbS-dtC JYGlp997n2VuBau-Sfsa2EHMPc43KH12FgvqKh8CnKvOXYf7ynBlnccWhSknNvHqr IUMGel3TuuGQyvEU3F_4LrFPDP9oZ0ObZaks39125vkSr9zsDBcbgfWAykaOZ-H7L Et1UNbQ_oxaF0mbj8wOynCKqSJBTCNE7X98WmAKzIrPr2mdLIdmWG_-65Q6KfwO3F Qc-pPOnTqfG5keyz15C2Vu8IqfJ1yHp_0e5Y1R1WHh98MXyFPWPe5FE1h5FYOqC36 K1XcjqxMXpVv-oDs_Bi1JVkQ_WsrIYxoV2ZnaNxv3Tsn8FHZDsgBTuZZALbRuKb1B KuzBpfzDl81UeKefZmL1jGnfT8pV8CH_xr_jZmWvNOKWIEQH7P-J5W29Uf1wTsaC_ -QCoOuPRcbDyHgNRy7RQkI2ptsHFg39NZTxLTBcWMCGFPMHoQh5OTCFjAHjt9Ugwj a4Nq31rOEA-2E5PXdXbBXbasLFsvaKQ8PxZWryel50ujaT-eVO2QB7zYVXaROoAov UAF6Lj_UEeLrsrFVFwqMJPR3ZvRnSdYXyL6cLbmg45GyPRWO92I_lK59AnW-U8gGg 3CgjwXlBhO5YdDbla2NwnVp4DRYhiClmr55KaIpOB9SC-UNVlKUQ8S8d68M0KJv0y cfIjLM_ptiHFK3RmxhR9L_U2iYs36DJvfe_GYCGDX1wFAXA2uHCK0gVYGhp_R3l6U xRXBmL4ayZR7dcmeiuS_yWGHzKBsmfVHa9-wADzYxNoo0v3OQX7DMIYjriH7-jTUN hkmZuZJo6o-7wQF_kbhuu-ukDi0AC4-2U3FEqNvNA5JwZWvaEC0EY1VVJSg_fAPjO w_m4OPLRk2cTh5PpfbBCM_VzdFSAng_JhpMEOE05NP8Iha3KUeClhpZTIttPbuKod oO9whAq3GZRnesDr9BoccsL_cAFfjjf9Zf5AfPriLxC49q-kDkpaLIWE1NCwUL_48 McF_9cUgq4nWyzOTbNcVvtmIimQiEvK8x-Mh__ge-ttkRGvGo8Cpp7dy9A4ctAcOM f12HYRn8jk4ndu8wipkwpkJ5KmvJAm35amQ4oxPOniTUGqTaFXg8InNBcbPQC3a5x VKafF4T27trV8nndvjJl1fOImKtWtVQPSSn_xZ3xMphYbnQutFlyHRBgZ_Ta9OqfY uUgRjCiPYCDf_UO0cXZFgj38eSBQvRuyg9iMZb74bXlMPD1V0OTYC4D2K0V4RlKsg v-pUL-3QXMqgLv6F2YIXcrNID-THOUhrW88983V8PLz1pweVvCGfAk0Mx-rHJgWW8 R0Fwh4fqVEGEOqELsrbePfzfGYrDQ9L4MUgNYj-QRacWSTSOzgMNX3aODT_GkJArM xZX9ap9-f0Pecf0d_pzffvflxX-edhBhyGAXFddxlsCXjR-evGXZJa62UN9cxpMCc WjdwEOji0a1SkB_syjPbPV8qwUK9b_bT00NgYnOJxTDMO-IOAZuq2NIPnxCNoei23 nmvBgR9JRco6RUaYq8XA0GdPFuuS7FkGed30g_syYkKupqEce0avEYB4Zo5qQJ1xG Mzcd3zRJq5q6AX5qUqi9m0cN-y-dwRM9u1K-BrKMRfgTP-ljSFbpjopniMw4NhW6z wO0jO6j1Ca5Zx94_8AsWcjs_Slhl916mNO3oZpdQ8q8knLIhMlxegTArY8ygIWkdt 1nlfbnfE2irEoW_Cs4m8XDntpQhFiLnTWyc2tqBRnswIZ12A-seHYNYgcYkdjQxah RDNqegKMx9UhziHuf0herXC7APrRWwcOtWxfDpNQ02OTjdVgIu6DFZm8UfobBhP-v yO2SXRXNxbchb_X4-VYThF0w5WZ-zXczJvrEgB5hLhEyPd3DJI_z6keUS_aOccXd0 EsL4YjjXzHdM3rTWb9sx1RGF0McSP9Oesctb6rd-9hru_w7lZGCmNWBUjIpb5frlk ep97XgWc9g-QHqWEFVCLqRLC5oN-bfm_YlKgOve221FVl3fgCY_Lt9EHz6ezdhxLF 48CMdSR4McZqdvHdvl2BGJ91waDQGCxVo5viml695Vjc2UFfTTS-m_UKE2XTD_gRQ ry8Cm2sjwwIkgPfajTFmWvrnuwJKD6XZ2nJay_WaRDFIvnSwUC6lc9sklISUN-KUD m0N9h13_yf1oeBfBuYWkWpGsHA7gh84Fron2q_HRIvFonusa2iUdYC_Jpc-33KMgv QVuBmUtDmwnVP5oUyl6Rc5jIogJI1hOdM7pA9KaUqJIzhlRGNTkXhJdvssIQwGJD9 jTt9eiEJ77J5t6WrrqSsEt-X6xVS7yclQbOObz6vTWtAtu-pMXPL2v5cGRZT-1EuM gv_ONcfVkM1ayEMn7SWSh0bWhAWIYlF0FdC9tj1OqPxqAIYdQ8HvUGIY7bfvhiS-G Yis0warjM5DCs57yEGWnQoYoa86VZwkXBwjJNAifZZSrxWDFWP8LymB3scuRTiqy8 IYaeeXxq_kUYEyKub_9Qxo-XH6QTLDKiEZEnMY-nLzhrEUSiPrrdafIopvgddXoF_ FhLtKAVg0c81s-oDZxJMf571r3T3JPveK6xWj_jYbQEbdKba1_WYgG_5BrcJwX613 FjzznV1H1r1lhXC_tnoJoydmLjNRnE_s6sjlMNgg_VwMpDc1Yy9zazfe5rsplwCfv rEcJQx3otshuhGOKDHPY_-CWIjX51vPMN6KKkZTp5tSikzumezx-dqa5F9d6FYszs FT6Hg5ke8Plx-1xHnTDaM1LsJ0KsKUofizJ3hBMynRbA5mfxx4HdgjDbNJIKjCKI3 cccN1gmXXMk_-68YER7IA0lcsIvK8JeUQ1oN3yTBch4zIb4jlG4p56y7tam7mndOj InYhatoArpVK-FDXIKS2E_OrpwgHaF50wlC-kPtkf8xXBy1Hho8BrsVbSoENHbPUd G7mTpjVQzVRRwvRx6-Gj5uE1YbWUovofYFmAV-H0BlMi64T8_d3fLIImktI5wHF9d 5c6EKdF-0zChz8I8hvZVtEzxU1URFGePmwbrDIH9iyIeijfdGLvVUd8wIVVPxF8iD 2uUD6afQBma0A304GI7UR7RDg7NNpsG_JzQeeptd0kQBilT8OoIFrfThEFiPfKD4p 7biPLhR5GWIatO-RbGPA4x5ZhPe7egDdYneicIN_lnV6dNt6CTHc1o-ZQYG_PicNB nYPjL6DCtK4rvJ-7xAWxzttr2h-ESBu-_yTLYSxTAuXI2AsTT_1NvRuqUnkM32uAU NM1gQPp-fVvbZjJGbyNwcD6LQP_LjndXOllkEbfc8gwVgnsZAm85LGdDvXLSXBXFu t8zzGduwKLJqqMdLJRzZrOB4vwJOxOOTzbp94pvHRZvgGTHuxRjO3y1Hi16end8Sr u6oOMT-dZS7G2Ky340ElxzWFGOvogoBIu9r6mz5UWd8q9B75yOMSvoSyk_vi97f22 2AwaRlF4GIor1J6zNgPqoOxynF1748e0XF8kKD_84ydUuk_MP4UrB_xPCMDmUICcC 5fGjPYu-BUyVWYSZMBq7XmUHZH5tUBVOuOV1mbEcR3PwtsyF1us88BznRBqaMZ3X8 kKY-2nRjqxVwAldpJyoeL5YCbZzV74FflGfhNgFoSorOAn033fhaajIFb501W0ftm WcEFC7fLPse8FU1HLBrNSdmytdTWLzD-0iGPychvfWWhddz0ON3rXonjmawU7fznP JUMDH90IIteh4Pu5rLNZNaYB_phMXXoBWz3eq7U7_d4FD3SdXezFPpqX8IPlpORgo pCH59YAcOQXKzT1hn1oIGkDreN7ODAlw58YhiUWbwdADhkBKd6lzxzjRCmuvqGUG2 HRCJwQxvsHnv51hgnSw9K-z4ejEjO_jDP1__jS7_kjT1pGxpfZ41i170EsxXitkWg fEeBifO8nc12PXxtx0tCl0XFVQPrNw8Q86gGT5m4LOviy7rV8FstOnHbRNKREvvOJ woyimYrW-gAgrA30bp1QulnfNYs4GciCXn3-nncFCrxfSsE5Zfv187vHin23rLd3a ujseWbHxoUgLNjtRlvSpmqJIN7Dd5Jt8Mx9EACQjqRS9w4V-6HTrlqyMeEqXqIpH7 nzowBfClRWKKNMJuSFWwuQV1bS6V-bNRMBmBF-0Gn_mxcR03pwQMpq4SdMlOIKoNG GRaA3zrUPfP_ErEDaDMJMfiFrG1RRcWpRVx-PVNcw7dDd-6-pXD4ziG-AFx9vrZSM dJvqoOI5LVgAh0JjZjU2pKwuBCofh502CVTEBYDq1lI4NneOY_mZRLCqqW9mTFFEE 3O4HZsITZwvqg1yL3FeBt-LAL7OQDkdU0Jluioapy1L-ffeTsps_Mou7F0Y5hJ7vx fNdFC-gKBEJUC7OWt0pzFsrttB8iw8PjAoeLt0ZLOyXaMt3OEvjTQb4PdEmWIvbIW fW0UiqwMBIR4cBSjBeRhuPIS8bM4GySVopEqwhbqlAOK6ajTI7Px7prU6JquC7FEh NE8A-uW9MHY-3TRYUeQxFAdJ4aL7diQiFn3LE8R0iWSubExh3cJnQpRBchVIR4V9I O3Lf_523o0ga6UAQiSExNE3yDU_o1hbBvf7bNLwfRzJWRxPgvb5N-4mVpA1Xww4fp Vahf8ZRF79Jv2mL5FcmXcg8AGZwbeJ0iCB5704w6meUKE_aBSxMrmmwvz2_Baij6S oT5ofq4e-_HLS4SoT67JRAUp8BtDvusRDyoFS0EVzsU_9QglII3EofzH-KGWawGe5 oZko-vFcX-Cp7YGldHfgZ9-Thg_QMaMcheydqqD22z4x-z4xCXVtDG9os56qybKwU IJua0q_XzYyIsG8cnq0V6DIf3-hPewASwXafqhan8ERlBxO2zTQhmFy5IQK1mAmp6 F_yoK4Ccp8p13fn0iJ5biX0KOxFMP4qhBssny6IChp9ggqEuGMM0u19C3MKzG5prb ceHAur6x2TsBU8ev1RTkPxKtBk206Iwm3NQpOyCsqQKFSjbQdGooUWqwSJB7wlhmN orT07dzxX5fjVI7e2aSsGH5L3TzvFNUxyhLpbvOsjwmdhH_OR4xEXGNvBfw7RyJe- MBP8UM33tYOkVv0hdVj7ncCqGEPPJfpcVlqSjoD7SM0T8boFXF408g2Hb-epJLtV6 _BSCfxwvuaLMHNquMGZgqMM8D6wqxpBVWzyKA6ZruZ1L_9KYHWyL7s8i4j7iW2QCh un6RAmLSxs2EECwc4stgnhsWBL0MEQ2TUmUBpwX9IlgqHD82UoX-JqnbCKtVNGe4c 6tjDOZ4IJW1MrM6v3oYo7_xZnQ8r-VK9Q_GZNXOJbFwQjkucYLTdstAmyHLooJY2s Z8_4jmQdDAc_amP7wmbZ-fet7aHX54J1Uy5AzRYNoYvEn-GV1rc5_uaXSa5u02hmM d2pC9PXHyCKftDki0f3P_bn64GYYuicreI4WPRfG-8JWa5ERz5TcvNd9sx2WPFi_1 UX6D7dPIDn6xWIe0_19EWUZjBs_GoYu3oPBUKUyTB9_V1VAAic4UBYIZlB7tkddi6 W8coweyobQjcug5t3rG6pTqpVIZMPtcRk5URUcdptg9Xgq3f-Vj1UmVvSLlhvlhyg 5LOGQxc5HjyLOvI_VG3CuORoVf0BwvEDnBvm_FeofYjXJraIZeWmH3ERzGWJF7IR0 nV7vzgc2BD8XC6hDfjoMPgR4lJU_yrv4Eoec1oh_wl5vw2j8IUG08iRv-FRVNjCZE _BwIbuqQ_MKQxxnaQfklqbif3FV7ydoXeZKgHKQXjmmqsA0FxtxXUsZhvsKAYlvFU sdbmKEtT_fYVJN7Djp_s4vndQumLuHNduJFGQ3s8RZKjhJhzkAnmUFrjeCiab-oRc 2N4q137CJgek6fo5s47nqyeREadh_-3BA_P_V8Bpgu6KI2pb5dmxedk3hvUO5v1eX zKV-mEk7gZ6Cu2wgvFxAgnOgyKmNFTUGRvDfz1WEonZXu7zH3qSpiX5KzOyPi8pG- 4FIRY4mpclyCm5IPxR1u0TPuhqyTJ7jgBzBOOELXDZF6FL2AbSkkpx2LLVlBqkk0z VVkRQdPYUtdU0uC3CQHlzAIS38cl7gklH_xR65qedyYLHAnorX756RvkvJecIl7Z0 NbhajUlyC0Qg3dIAZfgfQsDeGFwN-HCCYjfWtnN8TncQrpU1QaN3_8iG7u_BCCQd1 poH2XCJX9n1tNtE8P1TR914bolGPBnIcjDNL3VCo8ZKjHSm-PwXpGOGdXe6gScdbD croaAbRjKK1aWhyyQeH4wvfHL-xk7rfOYKzQY0LLzBMh9n-g7oLh-YFyyNfcKesSw jy2p9Hp9jmcr4rni9owUZOkK0KJLBtG2Rp95K0ZieZxD_FQansw3zG6sqd7PDpeHZ dQHKmK3qHNZCt2mIBmp5sFylieCEVgb1NE19MwGm4mZc_ZfLdwhgJSDfcoUdAqj7b GWzCpCocg0xZBzKlEZDl5clmtJedlHNepgCn_7tC-2Kw4maKidEHAcEnCVuYS5nZh D8ER3tBQt3R2CxYA0HvpUUQcvhwK8GyYrzSx4XNt5U4TmKnJF5DcDfjYXZlrze4h- xBICXEqqfEEE4xUK4ga4vHXs1eVzydh7S6C4W0ClkOp-eZhwznzTjq4-eSH1phTn1 k9nTHFjO5DTq4aVG8Rs-6qcNALfthRcQoN_WTILn6jcvo5RIOl7NYrxtWmUOEu4Zb Rbdn8CIXSDP_c60ZHeEdzLccl6L_kVbTXPP75_MU-B6NgoquJQfi8FAZ0XrttYN9M rZ3vQ_4QlqFhZk4u51OhuK_zKbvDsGc5cOepfpDBkcVYn3Accmlo9FH71OdkfWViK LPRxVcn9upYZqJvGp43yU8XMWi6he3gXf3yl7EGNDrqzRZFFZRjy5Sosy_xGr6iVn EYJKUeJgipNUEDXYYJaacB7o8xF6yzOXMuYYgRPCFCLowOkcZ9QyWocR4MHe2LSE4 8no-n12GOrK3i95cVxf1qyvMx6KcR91mAAXozhhiO2n9WJBEd8gMkyO-eg87DDc4_ tSOnTBFhWROd-3nB_tONupH07JkTC84E4DMrMYbYl_dstRyEfsDs_LsIEco9m-MzM xzU6TU6kJw6MsHmpEdqLjZ-drBRcne2XzKpRCcb-_lqarDmIH26zpkqxgCoPnGyWg m8XFXJCe-Jb5EOSLtt8q-KfZHmWH3M8NfBLh8W9jRvQmSv__UiKAGkDhply5QvtfA vacjaQs063r9wUinMGFMgaD8Xdp2kCriJygSvybWT1xE6WKCicCUEavLyde4b0-S3 S3Wdx6cuTYMQ_sqbOWWi_wHhJAB8JPInJeTjWyGuEZNAP7cphGcx-hz5CWGq45WIL CWfZX-z6t8mz1FaAPosq6ArEfm1G8kPpOFqDTuPPsLxTXlxR9-4PtbZKePR3cU0ou TnXRe0Bq72N-kp5ynGCc3FUTSeZ-rmvhS1SYOtO1gZN5WFIbWccvtenLhfdOc5TQg WP9mlK_YPKGiQ0ICHTOCl3WTDMnI-cBBLpTiZN17fE0eaTcrOXISXjOkzsOrZMeB0 rOVl55UmG8NFTrwb2fe3jTjKi9ea89PK9datETOD2fWODhqY6LIFiw0YnwFDvPtW6 X9CmfXcVBqYY0jyyyi2CktAcJcWyCS4mWaNS53aQC_hdSo7nBKvJK5EdfiS5CMHif GOWOMahOfhHgnD52WPZUz6XLmIddVbyWndYEhk1ulgQ26yBWchvGc1mATuTgD0yyv L_PzFeIyVhDJgGHKG6Ei__ShyEerfi6ZErBwfAv_NT8NSN1Ta-Kxw4F3zZoqdAb-1 _1g7Jb52pgegYt27eKkAmaOdPZLBUyCZW_2LKJrusKg04KtprAa8j-Lv7Guzug49k 8h6MI-HLR3-T-Stn1DHHCcMDOfw1Z3io-s55PmrbIbFpoX94qdOOn0F0an1ru-PGV j4WkmKXVd0omJICajkLwocEFA4Clw62deFmDH4a3KdURsjbC9K8RDzDKFzS4NMLbL MRxMOw5fc4fOha5URmYoibl3bdQrCjWriko8g_7WDgFf2dH25phMwaLtma8KYyi71 hT4tUc64LPKIeA5DYUDuydXcVLyUlAaUS_gtRoPo7xVOGPCSnoaUQsUzcI2G6rTpi 6ibZNZ-Ib57JhaDM6L7jzlX02Xzg1nPmhg3vZ7hh1cuZCpl0EI3fO16kAp5KT5pCS Gs_HHNrU1gmjAYoePDxISVtEe271Hl3w9YZO3j-y-2Y73YLX_gNzRG4llse1DjkU_ LlSY1EUu5FNl2JPAxJN0Fib5O_R6XcBd75SPKYdd0N5MWos2KH5RfWHTfP4TIoLTu aIE1qk3zp6FGwroSujjEG9aEvuQvganG_ZXcGXEiGIzqfAUpVwpqQFztVep3vvzpe zXdkmTgwfFPVt5xvXIvhVEH0-Yh8pVEsi8cYIIEZdmIbhBM3KanUKFHf9eD1hY71i JWJnUdkFYUpTqNMNiZOj7_OtKMIVmwlucsQY336Drp_A6Rjt85oafkjCHc-sohKQh 7uF9JMia4SrgF3JZcXjWOWOLx5RIK7MAH37Lri713n7sJWP9fGjMOlm_pmtBHSW56 FgGQuR6gyJnH0bbcC1dx2bQxpCbrEEZx8_TeNEBsRPvzaOa9onGXc0oxHdCinW5I4 xhh8WzBhVxJ7rZgle-uilxEb9G4RW6Kb2XdGAriMesdx0jiBd938Yx3vQv6PxuNQX qUb4Po-AJc4kZAV6zK88I-zROlEuZgkz99kZTnjdaJJ7Xt7EEJOcTEvIltYMPS8pE CQugoZn_JHkG5WDSwMWP2NAbgY92U9zRxpbQTTTNWpZ2HNO7mkyel9fA4w2hPTeXV 5nhtI0379e0V8hdzyJAMdATiEWMFkWeGxHUS15Vi9OcWOS-Pvcjpc3vQ5Oe6bjd5R UG4rrKX01I7Cql6Y54PlusWblt4ZHIEjpJi8HDuFhVokdBxefbDeBrcLCGr3A35XW zyIv89M6sP-gdwO3vVCZ0Zi1YDfJYn5mOSsSlFmfc6QegoA3tjAFfOo78KXHHJnoK _tlAObwHnQqY10IuJvHO1ekeeZeRSnzhN33Y3AANIar7oT3Y3XfWN4THkqWFPTf48 _EF2GTFxYaH6ocTxqhOXB2vX9cqr2l-8BqsW_SuMQ67zRT2ywBoqQL8-T348IEhgP Ij9X7PlfN4LVRGZYWtKI5wTvs_LzPrrmftBjMBTy4klhaoEIsZZxjDFz6k47ve5n5 sNkr-XcVxI9ORXx8nwQ6OKNfNGvQsGFWeAhbGI0CgGAmVCrf87_ZpuDLDIGZ4lF7i F_MZR2cQsSimOnCH2CF9miFjFSpk2cce39HoGB9dlIBage8WD1Welv4QFmVpLlRui io2-dWBF5fojFOkA9w3Z2RrY-MzFFMcE2RxC5b7UiHghgKym0IR8HNSTHfPKPN2sG M6aYl0pT-goxS5VoHQ3TS9YuD0xhDBo5LKJlVl5yaAvSrZ845Xd5YffXxKD7bEFgh fAG5xAYze6tkCR6nzQ5sILql-_ZOgN17zyjLFcCmp35Qh4KZN29q_q3D2Yxc4ZaWt ANHdCj0RTQ0moZv_16-jFPLtiDos1ofTd8redPGjCZkCEZG_skql68_qQIK_pFjhI KGKMJQbr6FK88R0NPEFr_sK4F8t1TXg_vZHjngP4nFxYOX1Zwn5-HTg0Np2jSonvS 0-Au_uiIkPYOtvIItpYyIwsWUN4mhom5OLcsGRz5rJCE05PJS6dECB9TdHYEPh-L5 BJ2HNXSbU6Eq1aexgWtL7US6QR4c7mwMWOiDwr5_x5WSPpcqh8cuZzGJneAyJlKC_ SqGhiTWNysf-3yB40MzMQIuMHk81ArXZli2_L44CzY7ymqcy423FMNL0V0zIGDZjj fRJ7Yk745oeRV4fDJBZQ-eq7QWxQa5Vwzr2JMayixrz5ElO9vMd1cR1AQOKJH38MQ Pm_M4CMGSZ1KAl_nSzk1tIlWHnOmPGlMAqq81BloEyKeNgUiRuB6-rt1iYeBLn8nl ltvFQjZ0v5p5EzA-e2x_XQS0fvXHEHTfyyxiETkAaadoGmNstahe8Q4PghAbo2Lj5 aJUIkKBZi9iwbYdhxcl3_IUcFmMMnYWil6sAnNlBZkmY9WIgA5Lf2mIu2OBQbATcS WDmpagY9cDW96iykyUEOY5ACgUGoN3X3H50Lwz27CxN4X6rHdnTZo5_NTwxccnmfO ByZ5epUemvQomo-aYjQE58Fqu6Ef26CsdwLOh9nIk7pIo51JY0bHKakKoCrbMAy74 jpErwbbqH5cEMlR16_8FmBhfe3nXwSVbeFKqeN3K9_UtNsl-giI2YZ9FsjPNSnx5V 7qQQmLcQaxBenvygOBJLlLlvufb8Ktq5DQ5wuGB0h_l-7EFFKmalbNKjz7F48brU6 XgxjDLen5R5POJkVJM2PnJyGQrbrfoSb7KVs1xXuPLU_FYJX4zXYTCeWPSN5AeBTw jjA3ODo2eSCzfzhdwwWLRqV6BSzGoscKA_qWgMnV7kWtypm9WPZZ39Zy-Pp9fVY0_ wCiCJ4u3f0GALNOple359RR0H5ZaG6-EdofvTRbxhRqHLfY3gtA-pIMDPytYRXFpt NGnDbXTbZEIOP70KArEb3NSBDh_SMGD35vXIxU9Kd5sikeZJzJtQzTgZJ6EZPReIU Dh7sLS7i4rhIcbwJsXyctdezXIS6tBYRogz2IDGAaMj22GYnYH_Y-kHn3UbB86mR0 Alc59mfI_7N3GTxgdQT5WEf1FiFsO9LvK8rUcHE3sI-CXMhxqex9sw8OlV9Hy-KUL PeZMvAOYKGUdh-rF0PjvNJk8msIkUNv2o88HX2LkBYREKyVoUjop_vTVP_52dp9KC 3EOP5XHI3XgVvDwWrtHhCGNk4KhvYbwgeZWFvwbqZLwEwgLOXFLmg9MLL55tr_HR8 uEq7zdDUBxgYnEzdmf-WT9Mx23xHaVPykFYYUUOBeU-rAQwcrP2KwhYv0P9Foi8Vg Zimru4oC7ehGRoqjU9vREHsdhATPEJYegqvhXKhhKUiwM1BlJ_lb1DT1j6-SF08Qu zOggWD9juekit9ca6zW1rH480Lo53xRye9DqbbXT5wEBTF-icxEcKF-GoJzJSgNls N7nXMxL1Cn5a0zdEuWKCjw2P_cv4TlElww5PGgA3G3eeDjf6HIWqEv42_h0ACYJmJ qNm9Da1SPwSvJSToyJavp3dtkbpSxG5OoO7J2jyK9mpbygixQF3fnvtkIlQRGUI8- Ik8nkFzlfvvW2ZvkW2wuMV9S-HP0qXkKZz2MK7FPNPwB4zmLVMHb0lEyjL5GNI5fu HfZLtoM-1x81CWo0Dm7grPhqUwYAXQ6yQQC_n4KO4LdGR8Y3bJ1k8eyIS-oz6LaZo FY2mQP4U3_WtkO5lVHL2toZGiQZnGy1EzE9Vfneo4LGcJZawxfmB4p2KFlTBCpxTa xC3zuiavwru8wHMKgarEhs7e_Lvgs1vrQ34MXDbx9a1MgNC1OF6hUcyCdz8DC7dAG E09LbVnW-U4wdves7EMBCWYpIO0dEZ4Vlbjv-4CfoRGwIVbcMClbyLBfcGdBpiS3u B8nshvBqrgVojd-Ja_zZV_i2IXCs_8OEBxEB8PlkaYMlAGouc93dDN3t4c3ymC-MZ _wg37C-wcUBvanDjMDBauBC_SDIJ0DphtVBsXhQTW39Ur_oBd-wfg31FQ2i7z6HSu YDZAszEsFEOVrl9N2ZQj8VYW_c8Az2QmGqwNoM1d1AwXm0osDV3VrdSdPv69QWNqY rOGLi-zulFs-mcI1_zoqvtaPFsPEd802D7YTwrjaAX5XffbjhJJKNape9SFbSjSam YRwrtr20v8BPGAI0LCXBow_XXcJ3kU88pvkyVwvi0zE2aMkEA5nJdhPkOSCLhp8_- 8tKdFE_RVcFsLpU74-zPPt4oqPgu_sy9mGaIupn0zCPmkhXHs_8V7phKXYFvVPihO C75j3qM3qBqY9z9EVwSXVNKzTNpNnTFIuPIYCs84anQUbGHhOmUxMa1YZq6Zo6Y-9 bJW7psoOAcb8JkFSGnyO-MeMPtm9qxgSS3vJnNu9SpQDMpg5Z1b76tphW8gTWdmsU vnk71TU7f5WUVSPARQP3uwLtBPF0rgDCYgVlSKJ9zlu4QCdxZNr95KCFHEAYpBGyg cFrhAx2lN7efQuyylTF2hXqsXwO8TjGty8BQ4IpaYtMhQFj0uGDh4_qPanlSdxsqU 1D3uvc1R70H-QASF_EvBmpsF-3pdu1KfCbqq1Vx4uIug_zG2F3yGHG-MnULbWR3bL J6dlzL9NnvxLdKvzi6uCdgPuuN7zMcu1ANt8IA6kXYy0Ahnb467QZ_foEdo9r-daG 5CMQrkLw-M4LoGSS9z2bGs5YTT6WahdviOHz1n8-t9lcdccEe-4gqawwsIInTlPPv f9oIrg_CNy3R0dZnlgQUhemeOH-O5Lmrl5I6n8DJ-pe0BQWYKVutK4SMOvUa5PTct ISCojhfT6RiTYytXEgVX4oBw2pac7TZXNTxXoaHTbU1QiSa6vijswxlt4A3610bwa iayM8GP3LPKR4n5ME0FSLkrkbvWsbRr9ceLr5BLgIV-ivPFpeerAA_E5hCufDb3kk o3xHGJpA3H4GoMXsDmHBtgnrXe_wDLQE6O_i4q9MOeXTxLB-tAUhjI9MqHN7KRk1o UicnpOgAiFBbJxcFC9SGBSdjpadYcqehiwXxL0AhCtw7u3Jk8zeYxLUMnlAcp9Ia1 BzNOE5qfwwyJX5anOXiVYm5zS0vyi75rBUSWSce9lAHaSU8f4gwJZbYjkijQPsqjs 0iCjhnHMp9k-enjS-F7xxoc8CytRDdgGzARq3Pf0iu0cwiAjXVr5uqiCNt7DZfj13 k0MxMt4Xv4bPwtBwc0vh6Gk1mgaBNmHA1fj-MRQ53WMtK_EN6lSZuOpeduN7PAY9a nRtjhsw-T11D-Aw93XfPGrhcQ9sZXazFW-Jp1QlbIWR5XJT6oLD7c7yOZR_7Enwem _3XQ3fHjYRk_FQvocoS040mcW7iHYUQWAbxKJnwRq3mVujZPyPJF5DN7sLySjKGUd cR7Er1ss8T1dxDwGjJrHTanhk4iPpJFYZJLIGFxY4rzQRaYukoQnKSEnDVTXiEcMD HsT27_IMytenBGymqmE9Jo-Uybo3FinnSxsE2clG0GJW0dWMQyH4PUjeN_d-TuJin dB14s5s-U4BzYtxn_iG0Oj__nvcBwIYdrdetB_oAiiGRbe2L3fGQSxLXCbFu5ZuDR pA7DYb-7xj7_dNwHIfiHjDaWBHKcW62tyocAfCbG4ava_fPx5dILE2EDkgFQ0S7dw yWgHgVX0oazk8vgASPv6qWeK1r8qmieE3_aq0xCGt9Ju0qqPQESaS4-ZNg0wIMzTH -M66b3zeO8ShRI_0n5pps50HksL6huoTmUd17DGIGh-xnpkSChFjSgnoFeN3LLUOQ CHncBAgR7fD9_-OgRJYTJLtuEMwyMaHoQgZON2sySjsi7WBEI1RfF2IYB3mYRtoiq MDlea7QgivYjxJhP9vRrc8oVsk-G57dzikd8_wdz2gYtu4ryy9MemEZfpCY2Mza9U l27uaQTXXtJFfGQakoC7aFoL-mTGTJoPDJWr5lmpIkYtWMY3iuFcO8XaC7iXqYfhS SrNBvcuTkjTfHKYyIfofmOO3DJZonH-4dccbwptmFpqED6Fi11DfqCQG5qO1-E8_Y G86go-VfsnMHKqB_NQ_wftE78mx1HuSV_bjNadxzEpYmn2_lI6LxfJC7Y9ep4qU1S y9Dvp9n2-K4N7Nn0szFFu2426w5RoZGjvf1ldkKN1-Ce5Ja0X-ecnMVxZ9qWVIPbq wXOqvINd256ivSX0Y7i-TKCm4cG4ocYhfYYk_Wo7Mu_9QLdWQGFCZGnYaNLQIAWYB nv-BRh6TQ2ApGmCKfsvc_2kBXJnTllTBbJ_3eg1wUzAzSkS_ZxDGxgeSxmKFvXjOc a24JW76N_1J8gLNwYbLnXeK96ESvHn9uZ7yBaia3_1loT_0vJ6A-HVrIE42RoXULg qTdZWPvzyJCVsj4LvwbR3wGn4QGquQ7KjAika-1kkgntroEkpnEtigPg3WGreuFZ3 gsMrHnuIy1v4xOb3RrmJxgMDow0SI7W8-shTye_HFUrLdhiFX10v6NiO_5TiMyOc3 ZH46ZXwBnbdc-txTH3THRIgeiZqY7M9tRSOEMZfZHcrWTjlukzzBEk9zJbOkzxwl- OeS1a4N7yNmkupAHOIN0PTEcFOI7KEKM3hM5CWY3xeH7XS4Z-qB14u3L58uMdJToJ rsQJaJwRiYpJAFH7C2t_v61S3_BziyoRe-YBJ7_AFDvjWniVc0H0BizbJFw7xjOG5 wq5dtBSkMjNdepM_6BGhxr171pewhlcCIZFZt_TNDJ1pDKrF-416PBfqfHYCgLdup RNqUylEYIQZYyNpoKQ1nLsPza-JhHTd-VBiL1Yuq1bNDhU1s8j9OwvxIrNpoedjYM W952Um_oSXQ3ToQ8Bb-6gtFqYV5toS7WlNOTmPsqBf0sXcdIN9HwJ5e3y981BclEh yVHn_oA3NrzepzCaMNp4fiMMYc3pYXxwSARu2B5UlmO2cS3UNMKn7chUq1Zor_2Nj W9mt0wH0rq4-x6OxKdgOpjY6xYeJ-WoUK2663WWRFtN8g_fzXmdcSSISEdpHJQcNb 4WtZ_gbCpx49KvP9owtoknOOBOPUzBsdksJxd8GuT3I3msYoKy_Ib0zG2c5l3bPiP 1Ceg11rFdEkQbNQJ6BMu8gpa5DbbaXkKgSuxbx2NQjln3bCFzkpS6oUsh8gfadgaq vnhrxFFmnrbV28Aw1K90WMx9HTqbpnDDGmvQzCSQZMhfFxSQ3TdY5GLUbPkO26Qog iImDNPlSQAZf0AC0SGJhs0-LZFToYaeQYw_YTF16NGnf-6nXfgaVKU9eu6yYBTrAb nkDgj2OkW13GiQ-7EqU5xeJZDEv7XfQejayU2htFg3bhTaCITbKI4u0SKYQpNGRMj qsDYeiz5wGbMwDcU1TvVIGTrDqOWkN5tmOb48y8e8oMh_mLakXaCo3Ix43aDRodYJ B4N9qsR7KhhNainmMnjOqA0DMwYyUkgVy8RIsoJvdCferEz1nFY8O-kL0w8JkkZaV Bso5HGLtNbV6H_yc464k2ftkNPJW7xC1cJDdvlSADNHeUCS9XteCwYkLhmxucWY2Z pLhYCxSCp73sZ58zgVOfPNDQYcXntZQ9zFYV_Do0DSE0hSSHWSg_J6n0nkTLy8532 _AFJ_Ne3zU3ilGA84zc6NA8Wghq0DoyPvgYfsbunaxUpUtO6xXPLt7IcD_4AomKAw hcgQ3-XscKY7MqiG-asFs0ovC3i_HP5B-B1DLWREolxrHcxy7CDO61ByIOGL9IVTR BPjaViAxkxhBxB7Mp27lzy_fjuJrBXQ2JtK6Prbjm2JeA3M2had0gbMApmvXjMfZ5 c2c9FrUS6JriYUO3DbQl74PUvvxDJI_HfS8liTupExhUwB_RIJmw0bjVjMLfm8DEC j8tFSKRZuwOVYhOPTkXY8fKtZQDIZJBmzaTS1xueGCH4dEzULpaSCAs490N6CsXku O1CIjFV9V7locHjKufJ9GDCS-Zici0OpcsTc6MmPobJc6oXte-WTawvOXBKIpqkVW HPDP7qaA3N72z9lsNp5bEKu0Yye52V2VTGX_PXIz-zDpZv2oX9vLqjQp9fiTGyWbs 2FVvMcZ8GcnzDZvS6oiAbfXaLgPDPR8TUJyByB9Q3AqXnkYzWH1gsJ7truEH_Y2bD sJfWYKWayFbLfmrJuwNZcGlkLaKx0X3ro0WDEJNS0xU72cjxB1pP1WLOpIHIGjSd0 9XOX0v-SZb8Ms9fWHx96e0TpPUJVWfPDcnpCE_RJzwSQrAQv7mEZeJmjsaHNLhkon vinc_C9wNQ9D6IL1KQGncUG0Cyxj8GDEHKZGODUvJjMIJXskEfLIOZBJKtCmI-1vU nxKgzuiQxG6HY7D9yN-lqxczI2szFGksFEXwt4j-Ua8gBYg1YYKwzO_4q4clGbWfV KNWsZLY-p8Fwpb6DcBTfV_IFlYfaaamZfTkMamHUvbJ9iGNqxrM3GJH_oArEqOs4w zi6KyPg579KMGkW4COTc_MlxvA0rIWRc6VXsHHY865wGNA3NRKgZMcR7YcORueJLi 3DNdA3MaSpWmGkJklZG3s9su7ytkipCAcwd5zT2VMMMq9jXhyShQkk0ln-XPEhZH3 HSrEeLFVtGJTwZ1AZp-xPAl-CCEG6E75YE-pVjZHSKoapMJulbj1FILiQzOXakYhd _lGcXLaS_S3j2PveXJgVIqmMBPZkD44AN3aOZLrcZ9vGuv48SNGFX7DmCRgZlX1th CC6RTv-RSk9jZvgxfm3D-sEAakouimKYtAAfwq2lbkvilm_tUscnkwea9NiRLmB1p ExPZngM-oOaszDoaYiZpbak_gvbW9zgHbk19MP29i5CM6qwzzbPhQUYwC140KS_49 noT4aVbXENubUI8Zfjou_yvsBRtrLbVVhf0pzbXMb6ZbkpN8LKR6hVvsqrTpRDhQC PGjpgZCi-VG3uD4nlHH1xJryvxRPtBFF8xptomKV5eC_AiYclhsmbp5y8wjtRV-Tg q9KsUjHl0BHIk_V4dgNeF2xb9iI0P66qo-d46oSY9jjliWTLXgxH8VnwlPTTs_hQ2 03QFKX9spTP3cTjQzqdubgwRL2urK5KipUj2ETNvw4mnlNyZHqXkVWKezGUqAk0O9 SWZW5RQn_sC9_Ywu1hGyzPuFP8ho0ZCcfamDPS1wozWPYffQQl55qR5y2vG09aQdJ DXmMZTXGtwh9e8OKqzB7uG525PjF9-4LoAYAwsjwqJ4ENMz07KXppshkMA8Fpv1Mi hLm0wVKxVtjrV0yJ-LVEVWrc7T8YfmA3riMZhCyrl18DFmV2X7Bo8AUXyZpmC7zMH t4rlGWlfoLLk01-w58-7tLG2L-Ta4ATBdRHsyiAeJXVtfqF9gP-ARkk_ukmdPzZ4I 1mQfuhM9PpiXDLA5wZIMH9EXSQ6NQdMeHOIBXgq4pqnqm-odllMG-5e15cCgDQqi9 Tm1F6bxW2_mmtIz7cg6XhSXK7edGYbr3u8YhnK0vaX1hYAaUr3KzEJhU1ugX9ZljT 0iK56zr3wQJ1nWM2ZmD-syHKA3wwbkX4QuX0PM-MmgGaKpYYv76u9qmzU_cwi8pHi dJxsGwLKT4Mtj6G2b-uRU_B2T4_eKM1Kxp7kCLhJRvLMQOUsB0FrUBL9uxMZxIE3p M4XJtLQBShfzbhoTDLy_EXLRaQedgmtyP2YlxWwPhiv_SFd5ijdJpJUCs-nrba-6C whMgHg0_rXj2md3tj0DBT58AS1sE8WVDR8J5xZUcZJ_UJLAQlot6HmoLowROXKHff zwBCR_ruFG5rGSwlH_I-6_phf51twF8XCggZ_qrwpWLHmdD-qFUQJ2_ZjKgh4Zcxb oo85m2iCvb99ozL8OeFfnNskLgAI0vivqtsWu1HnZkdsLL0gvHMyMl7df6OuM1ZA6 TpPPh_Y_hjy_80Iw9z78jzRjn9QGSVvEJfnLbE1q4wSRUAMelfiyQvLaz_3MEeb-2 BhImWBXuZj_5MC-lrQrcCBgLe9lT1N-d5YOy-imMV1lBz4ynU0tT-d4LrUg_Ij6Dd fsZczRP1D1PBSBw2MYkhWEf6L2vYJ2OcQmHAj06tCEO2y28gKVfFfdH8C1OUVTlqH q_BxBQqevTD1kMKpAYsk5sXb-2MB16F54IRcrAKrNF0AzQKS_Nw7JMyslPlgkx5YN MjFHX71kwq_Rbzjom6ZOyBJbkO3QIe8bbPkIDw206sIQaOxWAH-QNrPUKHk71Tc-1 jX7dDGg8r4UQyoI4uEAj3RRMdtbNIcDFTIo32ApEJrQU1xODN23ZNfQCHLelgp_Cu 38GgWYnrRAFBn9t4Mbpjh0koNYKznU4iE_hGnCYSsmlsPa39VYb0G0dmTHGhEl368 kAMHil5UCZc7Pp5ycAE5AJQ2Ul1fEdP-Kv0S63Bf-GYZJCgsMBWJ1trTEDrR60aT7 QDLf8O8kVYO9I3lkaiftpA7N7zjBbDxTgBv4aTUMAz3BEsn7UZsgi2xdQw8bo73iR m2GOuoFm0wACROp8u-EA3RTCzwccaumtgCFpC8C0D23nws7mX6vXYc3YvPm_W-P1N OWUfRkrCV1UIjo0FTGQ1gjmfM8G0Gl92owjAp-jcespGk1wnfhA9HdQHEJcpaxNix 25ih9x9B2NYMqMLAwgKxSLoSXBfyK4N3T0agAb6AFzyc5FAQLSZFEiK4Xaua_58W0 G6Ad9kpj8ZUSFvrEpmgB1uaaCXf9Q-9NBIVMPLHw8LZ7TYvuyz5RWVUjPnJtOWJmu Gyhr0Diawh7vlsOsW28tl4eshcwLNb5QeD0rwaG47oOi19XQJISZATFe5KICkbw5f kHveq0eqBPwMboBfIZfw1csY8xwip0vUyeSoKXuk_ntX6H3aZI_dUNg_MMv65ZxlP 9ANst4QBEL5Lj7F8sBioUKSr3wqfaq8C4TDlgZ27DH0G9LcSM9q59SRAc9n74Zrgh mOBjFdOR9Wmo2a1xp5brOvRxaQgtWW4S8cOQGR3yNdahV9jZqrVm1V4eItTDEn9C4 JUc9n4VnXKYrzEx8zHJ-6b4QXKubn9oPqhQQm5wmwAW7fHT60ODuuocypbe257NVi Awdk2m2sZw3S72SgHFRBwibWl0yinunGjLYz_doCRQWSLKeXGBQmDPMZMuSkkqDFq 4Oak7s2-2bQ_BWFqDKqfHidE2oCCcCgnDOGY5C5FiiZtyUNVK5YYWrxw2bwSCK0gX T0pVHZka_hxfBjFXt131-AfaS5Tf1PO0BafxUIoAUOJ7N01LqlsZNS6EN4S__5Aar lkmzjE4RG9oHApHJGB19tYJgC02OCooYpTVQfFAEPCrXQ7d2oyMCDoZLy5rWhkbWl og6MvJBPEYbG5bU9ZkYv2VDZzaUQObNNwNDgmGgxYFKIyKslc8foFuaHKuMy8Sbcr K8WsusUo6TY5V4wEdQRyt2ckpl2bMgUnC8vnLyDNdpg2AoVT0oob2dzaAAa6EZ8yz 0R6jUppI4NR5Eb8P5X9j9dh0gvjOGxV7ylWsQQK0ZXHGSIW2MjfKq_7f2ldNSpBjM HTfYhr3rhDFop8FUEiTIZgfZkMh15I1nenr3YZwa1ba4GOmpQMbAtzUWThE2VPs7k bK48Yw3exB9D1qRgezZy_i6qWXBNnTm_bJcnXMHQwieRc4poZXer4Uf7M2H8Tlhmc ZcVzTP3ErZ2niBzRiJZiBB8BAHHNja1xUTl_55e5e4K4cy2Q1ZEd2yYPlMEz_uzN_ okok8ZtV65QQQTO4YgOGnAECGMqGuZo7WEoj7DM96U9CW-MyKQXlk7mpxgmL57aEE lA8I_EzseaeKg0m3mplqjWjui_NbnEKChk58ol7mOr7EbbatgqwSxwwNb9z5htxFy S6ydwgzE98-99asilr8hGYlZNrfIbubDVIanCeW0TAWGY54uvoWNUb2XoABx-_lw9 axqWqRUvihW-EDPj12vobD5eYHizb4fRoJaMpw3PjYgLmRUJ_HRT-qWzkq5ATNbXE eppxBQbbTCC8s7aL7eQOe7_dBV5gmVeX3Sb7cWcivts9vLcam1cVs3NTbDXw2zeKS TplTXJd8_lToAi3S0zXwKkBSCWh1HN8P946XVfhTL3XsvQGDWUkbdwje9Jfq23RTz ZhfZeSEAmLcZUJL2Rqm2cHPL9jiQgPgBSUpdNuaKOIk_UYcOt3lT_rD-6Sfg2RQ2X NMcCjsKS4eZafMtf4QAoL4p9N1WQv17x8lpLhnLCV5tSbyyvnfA0EwApuzXU43IVG VteIcmGfN2HmzRxzTKK4p5JmqRgj8QdiYqwY-AWpLY_OfgyFanWd-Mu5VCnu9cb_8 a8Q6phNKHz1Q8VBnIg9CRnskCjROmhEiQavIukozX4hNkTHlP-ZOXnl7FccUW4AUV cZZ9hE9VQRhluAUVcNTd5LQcVwks7eEbdL891ATlwD19uwis81EePGiQmt41L_bxZ 8o7fDJyVuDh0EeIKGzrJBp6kEuh0qTnStfI8ID-qKsPUteHBZHVdpAJ8phiozf1JW Bmz4UZka_ZT0avk4BX_1UXT4yJ3caczMUSmO35K5GQVH77DTRcJWPIQKwy_FZ1FGS bD6dxMWKQOITQd5BAhwfdfRxcFLFZN9iDJhZOrCNFG9GglyUxDdef_fpgIjsq9jB3 _FX40-dG4mPR_Or15EJB4Ho-n0Hzuu2Jo30hTQcGOAmqe38-kglXURcioRSTFAmyb TN3Ap7rNTAZbl0oP62yhIsDrlEGSXnKpz5NurcrG_CuZ9tNdSQq4CCDF_1I6dyj-N bLexqzaEJdqFTXM8RN5r9H5AYhJbF0qzo-wbc94UvasgxKKDcNCKh5vA9a71GisTm R7o99ZPHX8QWmic33JJ-rNA43l71nfuCuZ3LwR_lA1270ExD2PzDPGKNA80U9fzBo 2mQ8OLkncpzh6p5ZO38SQw-uTQUVLRo6ZZXweixLaYYqq_PooEbSFtlwGYhfdDBHT MVdiOzMNk9J7d0Bp2AM_cS0iYwZlfyWxQi5o_y35AfstoiPzCVfih9Fuu-YyVfUyC 01aQybAlhSJGfz-XIMHL3-j7y1G1-qhToYG0ThyvzZpcBMyC-C5jUeRRiaY8hC-3J IykhSwROIqOzTUaSHpcDDWxM6Nhjqt_D3FVbejjxMqslwt9cC2n8B1V33blv6UBjT nF5OK4LUSryyBmuxlcoWp7SNYSU4AedKwZd7pfcCLpi7JIcf9NYISO7vTvQ2qfzji dyiNvBuFJ4sSIbmGcZTkEoUP31NUE7EE_DcCxPtIAaFXlLZja9CgHy_wfYN_jd4FJ 5cNZyQogGCBAjx__PyGnJN5BdSRrNOiXPLylhoJPbaKtc_Xe1Xzv_AteJxCj60xrw dvm7EXuqcmxMG6IngEsW_whkNlfpQv2UfLiMnGtqweEhLPwpko88ek8HVzTuixiDQ 2AeTAP58HsTNQNmX_hvITvFyWFVdQm3yLPKWc3dJrqL1XoBcfvCTAFfzZFpVQcJUY GIR6i1Qiiaza7MJSZZLHvkzhAxdcNn6ncZPRbcsAZEq89zi5SU6eil097CRjyet_k wdaNgm0wIZ9Go_tkgw7JAizg9r92_lhhf1aOPDmdWrtXzfNjX4VmlsweJgh-XEC7Y xk8w7PPRJhOYYc6-w6rgyND9GhpPl6OgWkUXvppKVAD_nXQsfofgowmIebwy2t3CI jHZ9Q5KpZk9m6R7Dl6e7gceCSv_MrxGB1Jo8hnUq62650lfycjdJ-du_VeF-geQdu b5HFeYRKe65dpZG9o6gwtivnpj6Fr0SLrETA4XpRRu3NXKBfX-97KYmnov53NGUmg vNTFQ7C5jDi-V9faz63gOfjIli0d8vrbQtJYVe1ijwz9CNXb1SKwS-BWCSdb9MgET lS9j-ZVI1KEgj9B2wx2njWBuRGUEgPDI37VqvDY0bDRX2mISUq5uiHAet8WuSTIbT 9vQETQ0afjjARbXs1okJEFado5b60Kxvan_6oPRNFosXL-2l8H8Qp8oKM7KNcctGW H-RmS_WjDF0inFhcplgE1nOvpjV1ZhhLAbVCbgW-XcSXIIiVuWoWtmrI5xCXm33-T bthMmNNwo-XuJ7QsgTv-YS3FqpVBS106dwEz4o4cEnvABFcjbFu5IFjdhOqF5Gy2i ZOcHuDiCWypyhJgoxJ9IwLCl1S65hld9kIlq4YsJsxolPQyNzFnD9LEvyAxo_00DC 5gD-DSaKlzMjhm9-HOceYj_7eEU9fyngUlJWME_iHxD-sj_iQeEnXidG2N8Uq6VVz H2buqA_5IoF74ffunXqbXkd99mq_8ZANkgiDc7RlyIPyO0VIb553cllPNWmLxrRXU dfJaOJ6ECnIdNBLUXkGMO7Yh5eQGbsn_jVa8qOwShD9xsdgtRBs_IAOo2jrjjiRVe xv3uMY6x3c7dKXy1556ZYtYOMoTTJp2gcckNjCLwTaSDqdxrUjWSPRdOALo8xFuwb f5z9z-dz3pma0jkXEQUZsRo53353mvaSlcWoVWqz5FKyGdmfS_wmcFhCcgNKt-rqj CpFS0hYURZB_VofzS3V1abEpdb7uRE4_ieGm2M7eSA5G0uaKdrwIo5bes2x86poED qjAZeP7BC094Ef78TTRLmMaQsuuyvWddEmtdfLpTuO0L3LRr4T2zoVp81CBf0_K0p CXSpuNAP4m8kEzYPCGREmqFKkY-5Bxlmhq8rwc30z_c9QzRElG7J2VImJtmGv36JE -H6tSSCW6aJnV4EJosb2tm8dCXiTuwoR8zYaJ3w1HYwAcbnTxk9gN9SY6oqVvf9OG dT4UD7rud5S4HYtqINZ8XcIDI_QYt7Ravv1YUbSIEuI-MfaQ_vdKHTuZRhNyHpZsw oTKzbenpIhnMF5KtEQSWa40Q8H3lZ-QyTpyA5SX_5yLlKXWlOIoPyKCiNXoo4lmMZ w76lzDSha4wgp1CfRz9ZH5TW8YSEm9-dh2sc9HYoXrqYR8_Zv7tCUn5GFXsQMsfiZ BDwf2k1twiEPmC2LeNu_WtCJ_z2NR7TNbiwKWLLjpqcmXKvcOVVkSZlCdv271YCYh 1tK7bunw8tXCdfjl-tbYvlqsRLj84bBAFIRNj6wxB-vfSWtAhujcLNz7UTSFSQNyH msMqeZtTEaxTnOp510cxMVSE_FzZWbjcvzgGgUJPuv40AjwLW8hlsKyJjV-0Puee2 H-yoSFB2BHxLAa_GoP9x0yo6V10qy-YzDV2TmU_DYeyHy0bZYLVOr_jyIApLcrsI8 chEa1NK7REuin-yhZBH4xj9tLWXsVKZM4pIqneCM1XXpwoHa--qFG7PvBE-lkwqXm DLlzl-72cQAl15xUfsnsHzFE3inlRUOA8yH_YM9uRiHDQ_3gLLQUcavqH-6UhzLI6 ZWc0eGMKp3G7t2A2Xos2vK0jucHqiZfxcQ6T1VyXjEe9t66Pa897LdjYaH1copgC5 YNiIeg0dZ3eCzG0-7ymkulmeIcTWm42ff4jlUeT6748HGWUDDguT3MsE-sx8296iV YvUbzbeFCStlzmwe-EHzdhWrPPy1cYBI_72h6kSE-mayDXqpysZ24dOUVaKEtVGEg GZGDtLHTh8NY5gn693VY4D3qO_ndDgNiI1xp8Kl4Af_FvCcS2xg19NcR4ddUhecws kJNv4KixQStHMtjMDVsyn0ICHh7LMyFyhxBrtsoeNgvNgugBrn3FcM6tYLY8XB_2l QBT8qf9pbTYodsyVmdF_bp3AkjLXBBFmK4PMoB9PHQdqQ9yxMN4srmA5kKkB-rBi1 C9jiXqa0ad09Cs0uSN_0bI5MHMTP2Z-a2GjWqMok5E1B9L6txBxRdB-4xRyJdrjNc IfYRfJdNzYI3xJtahAhnIVhfpapHVh9XAbK_0iGtdXDjAIz5t2d9t2xxUxQzc4rK8 HiPyrIfYEn4AeyxvT31cqCr1piXMSBx-ke0KTC37BCf1ToPRwqU9JpHDRisx7zLhe 5JH4e-zArfmDW3j2Hp_AyxYf8867cus_qjLi9TypI_KlLEIvd9fcp7pjKDXfPhhRr 28urWeiPonCoecO1qNTovWQaemUYliVwHL7ItH-jthCbPfm5Te4xI4lQXQANIGoeI 0nfzX0x_1d7eDbl0zN3VhMradYYjhEDZRktrirVsrFxmhQPbPC0cfZfspIukYRW_r I5vxZW_SkPWOXhQd-X1PrOX1bWxadl3xp-F-Qcu5VCmZ92xI4yi9y5g0bxyqALRLQ tyA1r4strgjs2LS1CX11xtxiH8roYV8CRSvfsSCKVSieSvCbSfkxvXF57kDsGcGAp btbObgjS6f8i8WoFhWyAGOXztDk4nsRT4OCNkO-ccE_9YEv2RpxyNgjIsNxvCBrZ9 GW5L1YTH-xvQPODcnEWz1u0Ysj8tAschSv6k4jtakdM_nPVYFWOcuNP0rOKejyuQC MM-OHtmSUJcvAT7mhsyd1FRchtjVvze6LZxJxlaLw9co41Om5F7BfIn18hrMllQi5 X6Y_127um9aOKkbqtUffW_06VSfAGW9MkDb1SrQ2aKtabgWzSALH7BFA6NtjMFtoF z9ssuo8bEhmIB1Fg2qayzVycWjT3nRz6UV-ZYhfk0wIWnA4AE9bRJjxfOyCm4SNwi o3clb1nNgY0nNdqjwXn9sPk-opiNusz4tHdRGHW6yAhYL7LQG3Ny2HsBWGhPcMWMC SUFye25oRaeJhcE31bTmr0VIkaDQTkP9NUb2jjzURm-v0FMDgjoqeHxdjLXIwFHB5 xLzYrJvKicqtM4HmYa9PgZbXXCHhDidCzphxlHCU4sUSJVwpWQnH3gsV1zG737gmx ZP0QEh3sMitgyxMUjWJ9SvcKMtXJ_9NChOZQ7BNHXA-Rx8usX5hhN9N7H87GTsJSJ fg3N2DVvo41mzLucsynkzyHXdQcTBH0w6vdYTBi2BJiXa20g5qmQF8bWpu_ZEQvfd xl-YkouoJxiVAHhuNORQuNhuaWH-Pcd3uNBbvRkEuMPTLVL5aaFah1CSCFxWYpva5 5MG-jaNYs7daaszrZQptktosDu_liQyb2fqMW-bVMzzK9RXkYGOKldslJR9x-WCc7 kX2A1cdpbdt6KFaO8SJ6umMigjoy9zOzvRCpWVQ20J6h-TbZJyHRwDNm0y__49FaJ aVXfNHKDKYv7VCsdgC5-lHUnmswEKOzgDLTw1HIVk9bCt78ePs7flW3EvTzzFjVGd bYonsokFCseYPe2f-ZSMw1S1zI9Cv4zS6yRZ35fM42paRk-QpySxDEjQQt5j6SuWf -4xEPlMB5GBgYwQEdVaPnDo4Ydiun3bVVF02BPvsOgtYwyepLGnutjtf-hDjZF6f2 Sah-pev_Qt4yyVqmDsipudI8Uu5SpLtV_G5XcnIjmLMqgMUgbuPn2Vr5CnofvN3Xq POFlYaz2mfos9Z9SQ6Scol357CbrtzS4FopaLWi429_UwTcrJWQuiKqwJNEDtwqgH QUZnW015IdffhZLCqYowDKYo0mTPsuA2lACb2azUsFYtnKSZ0OZJ11-YqmOWdpsGA 1ojVNAW8Y-pYs0u4jwbs6DWUK354P4t1u51Surulnbr-NY0osObe5QOqX91N0iM6J VlJxvAmlLe6hjCqLonCZvyaQDcBOqB2aXhCo_pntApvTjf5DU4XI4uz-qMiSXe0KV EjluzljmgkVW5vRCVSCUgZSBJEdYUIYsnKVGnvAJ9_J6cnfysQTMz3jcN4bpHTcTk 0DbJM_5vJ3ZRLE1lvupAJqgU_h5c9YuKtAkq-szCfhBfrUdGanKcdb9R-L-xCvCZg BM2Cd1bU9pxwLEDJqgjl1mQT2lUnlb3Er1iC_WH3R13jwBVL-l7wVueklAhig4476 xXggCjcw-15rZJZ_eIMiAFsrY7Hu84Z2SS8Pi2_mdXyN9gZKZJ5x-K9L1Cc349DlN rtIjLdLmgg_Zfydk7Gu2qxS8tUTdLHDVmPiZxpj1xflJDjStEzhdpzYLXjBwCXk0X UkikXtb43rXpFTNoNin2VxBiggtQ2N98llX56H4jxsGKgWM38Qk8oP57WEQ3cPgKR QYUZv4WCLfK1WCygYBSVcVOPNIRfVYOpNYm-ruOktzN2SxCQovXUgwHdtwv46nSx- 5KPyqCLi5CK2K3GLHfBomi6iqHJjUs7hCLS-aSLf4DT1rAuCLHhjj8zPxbSgaFea6 U90MIiVGSVbr-0GkizCOAtFJDplGqgdnpeuNdbP7GN9Ov1o8H8r3a41sLg52tnWrL cCEBTnhwpwtrjaYmU2S5S20rvXTbo1Q0cegBsJWuF2HJMqVuEQ3P2TiUnfW4Js34X xDBmAUZGFN_ezrB6kKPBpexeHTLvtOtIcVVt_tZiVd6DvbCZZA73R4Zbzo8tCUb4E UeqeUEVj7rcF9SgUL-kgJgHt_px3DzFOFwA8BzazrGqR3v9IR3NNeR4Cz2oXaR56j QM8lF0F_FWMJbjmGxIw-p3tctN-xlsv2eC_KbMSzNWWfTxOo_r4dYWdWxCHmkn3CI cyxlSZ5di5IbwKoebvwW9JxOaHmo75e7aBcB-IfUrOokJh_Gh9FOlbF1Y-5LgsSDt 4CU9I9jUY6vk3wb_XL4exBHbyM3E0pwJjby1x1kMAulJQPUb8MPIDKySj64B8R_fC bh96QVcL1X821_R8Zf9jykZBdrOwOjzWNNzZmKCgwdJRKq8BrfNFp29UOUiOhUH7B J-ME0jpmGhd9fQDJII6e9MCtwgjB0sFLOk06mkjob5Nl3ylxfIpCxWnMbva-miOsV Y3gPaSdidiNbt_t3RM1e8AAPEHw9qqZ2BB4LsnW8-CG5HYPdOwqGFE4oK9eNOTGeC n7K2P_RWuRBeGIAtJH63XpZZItvzw8uCfZBePcZONlg_50pYcfNhWj4xg-v01qH3H L_m8n1oyVhPwVhFFDiFE8zEAyylL1t3-poZvfyXuZhhvB7fx5PxtYpcP2PO47-f_s ij80ggaGR5qEVSJbJjhMardZypP3ekSZCFPPzjVbaxe1Ix8Hg90_VmQdwHIQ3DE6P sTOpEL8SajfTYpCNt3_mVXvU27T9-gLXy7n3Kik3IAo1B7uGN87P2aiRHqMQFfFWX exTtJq3FGQdqYwHitUQ0y2idSOi15wX_qPJI5U6jjUJ-VcPeG9D19TV01Gu1XFw7S iXc32iydtscDszzuY8GsWUuCJPEJfb86A1o1DDaj0XlEbvkQdKQSZ7X0ezjeXaVyO Q75l2Iij-tPAWZFNPtxVULK4vQDTBQsccEWeXfO5q0kyOZUIalsGc2bVRqDhCnf1W da1Vf9IkBxUpfH7sklDXcewW1naxrI3n1bpwjNju8ksLyfJ2kSq_RSNcF_i86fIqI dzWSvh_EMnEFte0_1vAfvDcz7wUum5tKQnBLUKq1HbmQJpDFdnxgkV2Nt62G38XjM Kza67T03CmShEwua1wiptHIo-eMy0DgKbKjOKq3mdU-sEfy_Ox90KVgcfemzkOMo4 JZydvAMDKekcQb1xs9D8Cy6K9LCkfZGwv6oa-PGJm1pSmmOf0Ye9TPcfyx2_NiJBd a5GEIm-OZoFtWVCok-puGKkoazfZS6EEUR-6zs8oxVkPxEolDxub6pCOHtldrYB85 VC9TqbeHuZvO5bnDp_ZPfKSK9LUeeFwvhiWGTi2qqBO1Zaxc-WYXoW6g4cknwlQ6c XGkDI3f1mD04gmXZnXshAxi3ztzxXBxhZ-L9cLZtPdz8Y07rb57THIWDu59Z30D4L Mfsn-2i2ETa_l9rz2C0WMLlvOkopwV46lF80_3m1pt01iNB4pd1wDx4RH3ofzdW-r reYaB46fsx3nEsTgqYlCYXWKfs-ySDvywgTvKuiXvB-cUrPCua_1e6-Eu9bgSQqgi ooMhH4u7V9NUZ6sfchrqpjZ3sX_TL2-hCiXMs1x8E9kH2cEFuc-sR6tW6dMS95Rog fpOhAFp9VapbQIyjvA0TMosXLP0uZ9UzU8Fd5VStSri50hx1vRAhgNWrytsDhH3Gr KXjeAaQSrPIMBRhe3Iomb0RRUuvcetbkfcLDdUvH3mx7c1Qk9PA1gTIJmKIQ1JyBh P7Hp55BlVRiztM7UIiNgGrKLqqjp3gICkW--uEEceCnYHknXgDG28O3PEHJzamNZC P9LfSzc202NaedebZrcgdwrrD-Pv9c7lvY410gbUi7YPnOp5fXDAdmWW-0LBRK5Ce i_LcsTi3xUcIJ_VlVQP8Ks_3bNErI92D3NZZ3_juCyUpABfHd1cXgcOB7WxyKpyiH A-TCKYImfNR7qOnblRDwyEa9ahANA9xWOdh-HmJ1DPOpOze1uuvnjgkVRjNqpI7bY JyAvIOcaypD7xFN_h7e3rld_yncoriIwE9RoF52jVYnXJmEqakG1XKF5exTVtN9X9 evnXn1O4cKXASTSWeIdUMPEIFS3TgNVXNlRwMP1E1gCRUzq43Rap-HffkjX-GmEKn qstE3toJouHQ312n628rEBbZyta7sjv7DCEdUpU9gtIh87SVUc1UcPzK-CBvzyzo- 6_KOpRdaDgArT7gDCETG1xPgXGwaw5BYMnpu4NMqZp77L82jUgcpn7IXp8M7qbR13 3HlbCDsXWpi3Q_XEE8rq9L5oR2ZeI1_H_eiduYqDY7tP5OiHE-XbyNTzpsGiu3stA 7btbF0CAp2ppHTc4WTdyPJfFGp3tVnR8W2mrBdheZkmRwKMQ0b1lyRcx4DwCczKR1 nUy13_yt4CZYpIYH00XuJtcK-6rByCJZFFUEpSLBw7UgZDe0hUTDJuBCVSKZDHxHQ DR4lLEnJ_i5lGSgvZIpjBcRR8kxGGhAzN51Hwc4YeZhJstnEK9bmQ-8Csw8yOVIyq 2rJmzEf0U76m0FDVUJBL4uRZw9_5ckBK9Pd2Fsv2j7q7d1_TLm08jEq8U6e1B5V1h BfRHAsB4rWPK_IRo-4MN6fS6cf3ECv8mlPv4eYGmPj8qpvtPlf79N1UwwLJLz2XX1 AJcbN32Aso18TeBv7HFxI_K3W5CDxKdgZzOlYkBZWz-Deo04iZI8ZTq2hNVP0FyKB 0VAzIw2wFJ-pCwwHIlclGK9IFT-3JJR1kjBZMH0XdWJIzsNq8EngXfI9dSlem-9gT KUxZrsla62N7hMCSd0r07UWBboUZBnNWqf0-_W3lIBoy2nae2aCPrf6vJlSVvFtd8 fcbecfCJ_3NFgTjndJXjZgN6FDJIuJ5wygGhltQfKxRWGABc7wGgto-cfJrR8MCtN LbvzdN4fe17q9yKhdAhZ0yRkYaEJt92c4VWfX0x-cDskpnD3OrLwsWA2e3JWFGSe4 qiG1C57TiKab0rlMbhoneqR1cOrW9Di9uckxva8FEzHWQ9Q90gS3Qsu568frJ0nn5 eBolpvyLQoOIF8OKVJgZuWJ5EwK3fP_qPZb3egdZ1j3kgBU647iRySSARi4x_mZVB SbUQrXSnxXqbieLnRBGq8sj3812BjD2hRDm82PdXyXESaK363ZTqpPVFe2iCtwhcV hNKzPprNTKscTSzYB4Vlt5T8FfQ-tO2cNVoR8nGyGETOUp8BMzCxTneccDdwq_I0b nTMyK6YVOaAs6y48muDJ9uUTmF2awSZX-GTTPyDLB9kDSiocDe0PzX0OUoLpHhuMg 3OGh4mtZCll_6VBKvZS5IVk9fWeqUkH5fz_63hDyPMfClHgVU3AAiPPOIplHqqIuF f26yZRV2NiOUrOi8Vw6pLKxlC9KonBIwnKZxqGj2mOt-lyfK3vagUVB38Wd70rQvg 8PCmu59uSRUwR0mKmvhxNA_7X-IPCCaKaqO0ZIKuYSUZylM2wJRKtc5kSeb-IBmmt 612lMgzPKATDvyyWHqpYSzKhaw4T8i4xc8CJqT26LoFerzc8h49AxoKXxKQjXbsjL 6o2pOeHZOYrQIXezZYRzmoSzdb-7sIDiSfWz9RstVJHi_GxRx3IklAMyyOX1X9vLu _QQCe8bRGqpvFP0y6IL_1xWA9VZTurgJorLhz10nXr-ZHjo2S9tHg7Aood7UaEjuk dVJ8uC49ilNMq_14ARC12cgya0ub-7jUpQXIlGUQHU-V2krYy0dQs7YUQZDJhWXoK 40gim03-wdc861KOA1gnc-yVbaa8sSSa3UQeLqXf0xCheFMcMGGID2xDtDWOBuhkD UAJP7g0cxZGq1GdF7SdwbPkZpq2uU9-EjPtXVydLe10XUkp2DFl1-we2TLDKZZ9fk dS1eK5VVrl91NsJhOgdLfLlINIXl4xErS7pxL--obyOh7S8cs_sGwFrqyjMsgekLN g7GJDYw_JT3tplazUYB0qIlk0Gu-_bu_OK_WN3z21WG7ZOlm8UdLSRyIu4d1bocAv WOFyCa6HXpV6AOBMpvPOoNS4AMMTAksNkteR4JKotsIrjHF08uc5YbeAYcbj-Kb3j I5X7CfSK6Oe1XSAtrMdfPrUOYrMLsah_ZsfF4DeTXPLXHjbr-PgLDVkPN5dEEKCXj HySYEDpt_9A0vrVhaZ_97xhLEhDJMriGRlrTuYkafivO5sr3vbfPsHDkfdZzomQwJ HnqqFjdM4SKjWy6H4kGCzhsbVjxS3qVBVCcyLaotEiMEdr7sNKMO3f-GoUpEG5wYQ Vrn3nK8Y4jJFI8nz7VlzfeRsLKW9HkYzLF3VumKQaH03Giu3JZTYuUQaADhlx8E1E 9838MjENzX1Ay55AgGHUS4n1QjgXU3FWszPdoz3LWpRTTS5PcT_0BPfHlBEfEU_F5 kq7_O7eQN1BT7TEHQNZVgVXEftEdD0VHakuqUJDYz5mRGKM1uUGbpsFME-Xo2miyg 4rpGF4ACnZtjNezGV26qYTodnx0rc8BBkpTV8OtMGFqRxtvoJAtJdDT5cp6HT4mNM Qips7igZ5EIwHf8YdA2pvSF59I6_TTt1CKioFBArym8buf6TDjb8hb7Cg2p8t8ypS p5fl3p6TCD7iFfuEYYMBDs_EfRT5NuIO-Fn6F-9SeH3Oj_DxChBZ6lc9YSHsvc-mg Y38fag32odIcID_IGfreMWgsjS-mO5TNaUat8yL2tlg3JyZe-OM9YmvvwtM_XV1qf f3R4mQdTy_V5abKyh0FDPFj2kEnqtS-yqgr-sI2Ogyf8gQi5M9Vqv9f2ZU8osqSI- 5YAXHV-9qrI_Pk7An7gB55eLrBQm3ovLABjyOZ5PYm1CWck5gBZAWeATEi0sJ6rfP 1zMBeaHUVau_uiyTTa2gVXLZKLjKtRiOW779_-pVIFM-RZwi3dll9mTJFdU7rnMEQ X7sSGroLkYS5CE4D0uu5hHgsEU17u7f8x6jSeVxwUMG5JFPWBaSFFF699vw-Gbawp p_nnhNR-C7yY0kx1Rqmz6DkXcfLrq6lMLWkaClz-8629VKLg", {} ]}}¶
[Future: Consider eliminating this mechanism entirely and instead using messaging flows. The means of achieving this should become better apparent when the problem of publishing large messages via a pull mechanism is considered.]¶
The Publication mechanism allows content to be published through a Mesh Account and retrieved by means of the EARL mechanism described in Uniform Data Fingerprint [draft-hallambaker-mesh-udf]. This mechanism is used in certain flows supported by the Mesh Device Connection and Contact Exchange functions. There are two operations:¶
Content is published by appending an entry to an account's Publication catalog by means of a Transact operation. The content may then be retrieved by issuing a claim to the account specifying the publication identifier that is authenticated under the value specified in the EARL.¶
Use of the Publication catalog to post content necessarily requires that the content be smaller than the maximum message size imposed by the Mesh Service so that it can be uploaded to the service by means of a Transact transaction.¶
Publication of large data items will require modification of the protocol to support use of a detached message body. Transfer of a detached message body is outside the scope of this document.¶
The claim transaction is used to post a claim to a document published by means of an EARL. The claim interaction is used in the Static QR Code connection interaction but MAY be used for other purposes as required by Mesh applications.¶
A claim is made by sending a ClaimRequest
message to the service to which the publication is posted. The service responds with a ClaimRespose
message specifying the success or failure of the claim.¶
A device is preconfigured during manufacture and a Device Description published to the EARL:¶
The client claiming the publication creates a claim message specifying the resource being claimed and the address of the Mesh account making the claim.¶
{ "MessageClaim":{ "MessageId":"NAFD-ZIB6-VLZD-QO4O-6C5N-YII5-VLJJ", "Sender":"alice@example.com", "Recipient":"maker@example.com", "PublicationId":"EBQL-I4TF-ITF3-X4I3-QCHK-WK32-347R", "ServiceAuthenticate":"ADKJ-W4NY-ZRLB-PUSC-3OSI-UADE-SCJW", "DeviceAuthenticate":"ADSB-J6YC-B5R6-VJIA-GULG-LZIP-AEUO"}}¶
The message is signed by the claimant to make a RequestClaim to the service:¶
{ "ClaimRequest":{ "EnvelopedMessageClaim":[{ "EnvelopeId":"MAPR-DUUH-WNG3-DQCP-6RRB-NCVC-2RM4", "dig":"S512", "ContentMetaData":"ewogICJVbmlxdWVJZCI6ICJOQUZELVpJQjYtVk xaRC1RTzRPLTZDNU4tWUlJNS1WTEpKIiwKICAiTWVzc2FnZVR5cGUiOiAiTWVzc2F nZUNsYWltIiwKICAiY3R5IjogImFwcGxpY2F0aW9uL21tbS9vYmplY3QiLAogICJD cmVhdGVkIjogIjIwMjItMDQtMjBUMTY6MTc6NTdaIn0"}, "ewogICJNZXNzYWdlQ2xhaW0iOiB7CiAgICAiTWVzc2FnZUlkIjogIk5BRk QtWklCNi1WTFpELVFPNE8tNkM1Ti1ZSUk1LVZMSkoiLAogICAgIlNlbmRlciI6ICJ hbGljZUBleGFtcGxlLmNvbSIsCiAgICAiUmVjaXBpZW50IjogIm1ha2VyQGV4YW1w bGUuY29tIiwKICAgICJQdWJsaWNhdGlvbklkIjogIkVCUUwtSTRURi1JVEYzLVg0S TMtUUNISy1XSzMyLTM0N1IiLAogICAgIlNlcnZpY2VBdXRoZW50aWNhdGUiOiAiQU RLSi1XNE5ZLVpSTEItUFVTQy0zT1NJLVVBREUtU0NKVyIsCiAgICAiRGV2aWNlQXV 0aGVudGljYXRlIjogIkFEU0ItSjZZQy1CNVI2LVZKSUEtR1VMRy1MWklQLUFFVU8i fX0", { "signatures":[{ "alg":"S512", "kid":"MAMP-BX4G-AKK2-YHPA-IXJV-Z2KV-UXBW", "signature":"Fk2oDmBaKXmkf7vnvLHDNH8M6LRYHC1lD6VaypH6 rgc0_uftuhH12Uitq0fgWMFNbvAyTaSdchKAPizuQisjvI_K5G6VOr8HnTft65UIW sFZjsj6vQjVb8j3oa5gCJPFQzbyn9khoO6irBTXGbfIJgAA"} ], "PayloadDigest":"B8c5TfDXr1GK6CgI8aFEXBWT35NCMN70f3HHreRr C5o5dGw04VA8YmUrW4tnSpYdVOBap0tSSQwGV8HnYVkd2w"} ]}}¶
The publication is found and the claim is accepted, the publication is returned in the response.¶
{ "ClaimResponse":{ "Status":201, "StatusDescription":"Operation completed successfully", "CatalogedPublication":{ "Id":"EBQL-I4TF-ITF3-X4I3-QCHK-WK32-347R", "Authenticator":"ECXL-6FG3-37XK-J6GM-VR2W-4KUI-5BW7-JQRO-CYMW -PIHF-6FSA-FQ6T-YXKG-K", "EnvelopedData":[{ "enc":"A256CBC", "kid":"EBQO-52CW-B4C4-7MLL-5LZT-PJ7Y-Z3O6", "Salt":"YwqtqOhssmpR3cH8fZkGYw", "recipients":[{ "kid":"EBQL-I4TF-ITF3-X4I3-QCHK-WK32-347R", "wmk":"i0Wx4i67v2s9XeUvtlmgAojKsuBzi_-B4MbLLHhJbVmM 2FfwzN1YEA"} ]}, "zpvCTGxohUkssrMsznDdzinzW-ioixuVZfdG_XqtFac38vFixkhZbhJH xGJIxFGRBOwEzF-rNu9bPHDacsXru3SnkYIQL9jw1Nx2ipOOduys0MijUJ99sUhhm JhW8mqzUroU_uh7yum8twTBK71eZIMX3FZxFnse5QeeD1KOadqcDV0hXNi2QAmEvp CZNTKiRroE1jxFv9PiVbdvvWXC8eIVTYqHrn3T9edfLxil819vubbDWJXz_DxI6JL QCX9MJTnZ7_6_AWBFyi9D3lzKdYOWbsOu8zJGotEpi9YXDGnPOojqmCPdyzEdIsUZ JIld_KuOv6fYa4wZ3AlTilSgbmAQG4KMYiV2a8Od0o2Uoqvi8yujAEv5qxl1A1Zk5 i-K1ZxFHiAw5te9M5eCyEx34AONGIExXegDu1EAg_A14FCKhyKyn6bpvJOjR2RHZh 84CgwiHZvVEtxTL0nY7r8mghvH3cxTzfW8nF9cS8-MwhhYNSdIXCcGkRl1FhyM5P6 GRh_RODqm1QmlgBuJjLdaaEHYlaxRBqaT6jI8c2SlvAZAFfn3JxIErLU8r_gTW3G6 KPn_JUqcRFVlRrQJcV-8uuTn6y7Sdv6RsXnJDQNlE0rAsb6jilU1Z-_CUeX6cTyAl UPb-TXlZsjWplTIlSrX65jCYasfcVnrC9ibIiU6zQBxYLOvTdVi6dTiuQ_OHJ8FbB mxtHFJwfjxoNqiuemwZ1yC-jGtaaFgDcAjp1i4AHsZSVUHl2f9hbRPWCTB2WlaXy1 gohp-x_Ft7mUD4JibMjDUPb1Sxjtk5ZAq6bXWnEz7cEDNR8JgujeU_0RukN3CEvWR SyQ-6LWX4svntzUcdffqFmD6MjXnNLxkUgG6bBxmc-caUDRGBEHl-UUxzWY30yVXs UcEQCg-9bscVIwYgQFzTKAP4zNXH7lUXGM3p7wf9yRs__GYncfVcDGWsemYHFDGp2 3ApBI9LEUbhR_h-hIBjSEu61cFCzpC5dQsGLIUv8i-J-nWEt7_OWg3he2FgYn5_2- IQ4tF9qGnt2v5wfcfIL60B03hSaDIDnrvDFtXqmz8At6fgZOAFYy9IE9TSXLyhZSq 88c0nq5293Z5kiz_XgneRLAPhWsHMd609AEarSKq9UJQzj4fF32iIj377XZCwOp87 RFomBwhCXYwloTAeegJwTDfo3hdUdbWl1DPhj4zpO5Vpzsn3zu1qHjBDRCbzeuYg5 XVoAKX4Oe6uo9H8UlbmEHNG0vEi47ko8HgZ_M41Xz2TGyrsJxKVkhJK7J8_-RQlrx BgXr0Lhkhc3fJY7IVPtJCMw5gUpxbfa5cUqRChYx-RLOusz2IUTgc9c0yXWwZiiAG pG_oeTBHnp6_U0FxPzIeP3QjhmQpGgDdd2HLnHcGWkEhhpvqbwaSr8USdYRo0t7CH C1Fvjjdn0oICdRQyTpT4n6XuDMcs6DLggrW4BnKFUfuYmv6dIg6Q1o3AM9p3W1-zl M3AkPguPkRvW-tnrmMy7liUXzCKdd3Vv2-9i7IaiTBQMZYcnrWuRMFdBA6WkJbgnj -Od2EgwZ-Dux4aPB1ra53r49wERYxTTrRSQhW9aSQxHM2YRjIK0NolmAn9zLOLtdK lepTqmKmXSMLuHosFxMdlHgDUb3rqL_CmIJ8naiprf8juxLWTw6w0OUlNZYTUWf1v TRr_VeeXLHU1lL5Ob-nQyQb66UZw2Lh-iP-VdsdJo7juL4-S_uO5g2bYGBklclF7i XMOpxxBiZw7wQ4VVz_B_4RV7twqeAbVPkfe8yCgCYCwogy-x-cf6wMbKdq5w9qFWm A9dwHFEt7e8eKAqh0PoQKJhSm2e94UL_wEgvdNrTb_fQuGHxKxpM27T8qBQVRzsrz -IGwi1MeUS9vM5N3DXnQYj4cO5j5aZSQR37sJfjrtkNC7vNguVDu5PRCcWWCr8J3z aJlMW5XaS4QXMEeZzzKYmOr6ZBJ6CAVVwBudsM7M5Y-mc1qAIe6pkUEngLOOP-OBm Rt1Oj0ZH0-HlpeRfaB0TBJe67M397xOi9d39uP5CjDUqvTbsQzf7_Kh8BDGxtXjSZ UZqGr4UU80x9UuNgmdkLppxz7EjIWQ6qsp9xE9sX9cMxE3uRNlB-xFgRdiEHbbAfj cyOr2UUbR4YMrXNDHs5szAMyAXuwJbzDGvlXmDuMyDW4sVstmcuVoRs-uM8Y157o4 wsg_XbSL5u6H3Z6QXP7vPN6oyHc3lqMkFRU5sHR9zRpgCCSi2YmWU609HGUBPYj1H hSi-bkg5T7zA_pnsRWRNIDPSrEHDadXBxs7YDyMxkPQ2ML3j-7zGi8rz46eyV4sAb T8xOAiCfzLfjrJtGaXO04PYLXRdxD-bWeTPORtAUIXukkbCoCfMxfDd3JKDR-QvTO OUhOTnO-9yWnlJucrFpE5syujJz6awo95ZULiayBGPY0QxnnNOH3CER_cTb7DjSwF i_gcTE3q1dtyQAexMj7tj-h30qjEjt3j-72_2pw-gTY_akNJeyc6iTfcJsa4ldI0V A_m-ErjTpWA6AkiJ61hfLg4KZai3RiWPQWOHvNGQGX4TC3lCwNto_sJO7vjjKFfEl Eb2GuVgiuFcBCcOWBWE9LTBs5EAYNcwCPeG0dXv73GBuTupnJvZWHLhw4lRCV4ju4 OqhsrkOR7fGnXsPDJrvlrlvYQsJUblfiBjGUN9UJy_Vgd5eAvNWLMonk2oyxpJCXw NOO5nNVtzplH3PE1ZzhR_YjbEg1gXUWkPRpETpKMXDfjVe1Y6Wh2x4boRtzRMls_V J-Y1yrHSuYex-xOkN0GcEou_0t_gGtHIkjEu1-kIu74osRiEV4cvBQEJH2V1r-B5Q VjUmdAVWsODhtp_yH87KYCksKqwYITOIqaUWHUThg-R0tD94urJ0wHFlxNFRcxZvC ZKr9EuxtmWQq9lVr9UGQzZqL09-ddnuNru6LFDPgjOT4bfCTy32mtIj7vhwZ47BWm 4BrOKA0GNghJziGNFXwsZz1ZPjv3Cy_knTA23osoygx6i0khg" ]}}}¶
The device waiting to be connected uses the PollClaim transaction to receive notification of a claim having been posted.¶
The PollClaim
transaction is used to discover if a claim has been posted to a published document.¶
When an authenticated, authorized request is made, the service responds with the latest claim posted to the publication.¶
The device in the example above periodically polls the service to which the device description is published to find if a claim has been registered.¶
The PollClaimRequest contains the account to which the document is published and the publication ID:¶
{ "PollClaimRequest":{ "PublicationId":"EBQL-I4TF-ITF3-X4I3-QCHK-WK32-347R", "TargetAccountAddress":"maker@example.com"}}¶
The response returns the latest claim made as signed message:¶
{ "PollClaimResponse":{ "Status":201, "StatusDescription":"Operation completed successfully", "EnvelopedMessage":[{ "PayloadDigest":"B8c5TfDXr1GK6CgI8aFEXBWT35NCMN70f3HHreRr C5o5dGw04VA8YmUrW4tnSpYdVOBap0tSSQwGV8HnYVkd2w", "EnvelopeId":"MDLZ-5ED3-2Z6P-XJXW-THGA-Q37Z-F6VL", "dig":"S512", "signatures":[{ "alg":"S512", "kid":"MAMP-BX4G-AKK2-YHPA-IXJV-Z2KV-UXBW", "signature":"Fk2oDmBaKXmkf7vnvLHDNH8M6LRYHC1lD6VaypH6 rgc0_uftuhH12Uitq0fgWMFNbvAyTaSdchKAPizuQisjvI_K5G6VOr8HnTft65UIW sFZjsj6vQjVb8j3oa5gCJPFQzbyn9khoO6irBTXGbfIJgAA"} ], "ContentMetaData":"ewogICJVbmlxdWVJZCI6ICJOQUZELVpJQjYtVk xaRC1RTzRPLTZDNU4tWUlJNS1WTEpKIiwKICAiTWVzc2FnZVR5cGUiOiAiTWVzc2F nZUNsYWltIiwKICAiY3R5IjogImFwcGxpY2F0aW9uL21tbS9vYmplY3QiLAogICJD cmVhdGVkIjogIjIwMjItMDQtMjBUMTY6MTc6NTdaIn0", "SequenceInfo":{ "Index":1, "TreePosition":0}, "Received":"2022-04-20T16:17:57Z"}, "ewogICJNZXNzYWdlQ2xhaW0iOiB7CiAgICAiTWVzc2FnZUlkIjogIk5BRk QtWklCNi1WTFpELVFPNE8tNkM1Ti1ZSUk1LVZMSkoiLAogICAgIlNlbmRlciI6ICJ hbGljZUBleGFtcGxlLmNvbSIsCiAgICAiUmVjaXBpZW50IjogIm1ha2VyQGV4YW1w bGUuY29tIiwKICAgICJQdWJsaWNhdGlvbklkIjogIkVCUUwtSTRURi1JVEYzLVg0S TMtUUNISy1XSzMyLTM0N1IiLAogICAgIlNlcnZpY2VBdXRoZW50aWNhdGUiOiAiQU RLSi1XNE5ZLVpSTEItUFVTQy0zT1NJLVVBREUtU0NKVyIsCiAgICAiRGV2aWNlQXV 0aGVudGljYXRlIjogIkFEU0ItSjZZQy1CNVI2LVZKSUEtR1VMRy1MWklQLUFFVU8i fX0", {} ]}}¶
The Operate transaction is used to perform one or more cryptographic operations using private key material recorded in the Threshold Catalog. Such operations typically represent one part of a threshold key operation divided between the service and a device connected to an account.¶
As with all operations involving the Access catalog, the request MUST meet the authentication criteria specified by the catalog entry. These typically include the request being authenticated by a specific key.Key Agreement¶
CryptographicOperationKeyAgreement
is used to request a threshold key agreement operation on a specified public key.¶
Alice added Bob to groupw@example.com as a member. This resulted in Bob receiving the invitation described in section ??? and the following access entry being added to the Access catalog of the group account:¶
{ "CatalogedAccess":{ "Capability":{ "CapabilityDecryptServiced":{ "Id":"MAPK-LBYY-2G6S-7Y2F-7KWO-KZQC-2IEW", "Active":true, "GranteeUdf":"bob@example.com", "EnvelopedKeyShare":[{ "enc":"A256CBC", "kid":"EBQA-LO4N-N2FL-U23L-SKWO-POAW-VDLW", "Salt":"FXW3PsFesjcC6fDC3dHHMg", "recipients":[{ "kid":"MAJY-65KP-C67E-LFXP-Q3XI-ZHZF-GNHV", "epk":{ "PublicKeyECDH":{ "crv":"X448", "Public":"CcZftsANqPybF3CXKG4neCPC5mLKeBaFIwv tkGBThR8QlqtAp0Gr-XevcrOlbqxhKP2kfxQQyxuA"}}, "wmk":"VAR6_ezf8hgETm61CJ4CUOw66l_f8YKwG65_GYE96W 5b_VeZNoOiHQ"} ], "ContentMetaData":"ewogICJNZXNzYWdlVHlwZSI6ICJLZXlEYX RhIiwKICAiY3R5IjogImFwcGxpY2F0aW9uL21tbS9vYmplY3QiLAogICJDcmVhdGV kIjogIjIwMjItMDQtMjBUMTY6MTc6NDlaIn0"}, "5HYVc-1SfcKj29O6UyNv_CptjRl-gy3hjp42VUdTi032r7Yamt4xmE hByPQgpVetmoFayOWc9V8GILPMbrQ8LO8OwHD35Fio_OfX1PLe8or5AuBylbF9y9f 3S25QD9WupYJJN0L2m8hbia3LLbU-BcVSrmI0OjB7tkeEgp6vmboTGv9QQxSSrMTQ 5v8Le6dtJhuUqwyj7JJA76oBWk8ZzibJ6hQLT1v5owABTPMxq1fGNRv2RgDtz4tpy deUBq5Gp9B0WKSKBCfOGFzNcunXbA5AbXWkORK4s07fZ42EsWiwkrncFRQqKTvomX 37CHtJo4kJkoyhbQWAwcLHaeo5DQrWBHJq6p2evWH4Z0gW_ZB9f3UiuW3jEOj-wvG mYI5Mfo0Y5YEqy8iuOmo2KI3qDTAfWE_PID-4V2IWKhGibz7mqOy8pFMBUZXySwmY w-M8Wti61wlST10kPaivW-0hS86MWGYlfzrVP3GqWkqNfHBuI-1iHwe3nNz2npsI0 Z3QnYr5VB-Q-ifkQZrYiTkPLKNAf_rR0-2le4lVBMasJJpk3cISt2V27RqxglrzX4 nSh0abD-7jBuAr-h7dH4abak2zkcQWqqe1bVjSfQ8OS6on4auWb4ZmJHY_cBCz3Br wTer6j-0r1UWTtQg0V4SuEDLaR0VCqrQhiLgEdLENBzESJqa1x0vQHQeciteoBDa_ CdQCdzPUYycikRI778ElNg" ]}}}}¶
The private key (in this case a key share) is encrypted under the service key.¶
To make use of the access entry, a request is made that specifies the key share to be operated on and the public key parameters to perform the agreement with.¶
The request payload:¶
{ "OperateRequest":{ "AccountAddress":"groupw@example.com", "Operations":[{ "CryptographicOperationKeyAgreement":{ "KeyId":"MAPK-LBYY-2G6S-7Y2F-7KWO-KZQC-2IEW", "PublicKey":{ "PublicKeyECDH":{ "crv":"X448", "Public":"7BkA7YrtcC7GrNRvyX0es1xOgNeUmSPFgLPsK8Xy- y8kaCqguTYD4BzWGBZi5a6KafeQQV6DwKcA"}}}} ]}}¶
The service checks to see if the request is authorized and if so, performs the operation and returns the result:¶
{ "OperateResponse":{ "Status":201, "StatusDescription":"Operation completed successfully", "Results":[{ "CryptographicResultKeyAgreement":{ "KeyAgreement":{ "KeyAgreementECDH":{ "Curve":"X448", "Result":"RK_nkdnG2HF8Xm79VfrFpufigvIldNPo16ZIFf4-E GJaqRaHIBNVbDs-bTfS30FuJkadIzvfzQwA"}}}} ]}}¶
Future: Currently, the access catalog is encrypted under the service encryption key. It would be better to encrypt the catalog under an encryption key specified by the service during the process of account binding. This would allow a service to assign a unique encryption key to each account and limit access to that key to the hosts servicing that specific account.¶
Threshold signature is planned but not currently supported.¶
Mesh Messaging is an asynchronous messaging service that allows exchange of information between devices connected to a Mesh account and between Mesh users.¶
To enable effective abuse mitigation, Mesh Messaging enforces a four-corner communication model in which all outbound and inbound messages pass through a Mesh Service which accredits and authorizes the messages on the user's behalf.¶
The Post transaction is only used to exchange messages between services. The client sends and receives messages through interactions with the outbound and inbound spools of the account.¶
To send a message, the client creates the Mesh Message structure, encapsulates it in a DARE Message and appends the message to the Outbound
spool of the account using the Transact operation..¶
The DARE Message MUST be signed under the account signature key.¶
The Mesh Service receiving the message from the user's device MAY attempt immediate retransmission or queue it to be sent at a future time. Mesh Services SHOULD forward messages without undue delay.¶
The Post transaction forwarding the message to the destination service carries the same payload as the original request but is authenticated by the service forwarding it. This authentication MAY be my means of either profile or ticket authentication.¶
>>>> Unfinished ProtocolPostServiceService¶
[Not Yet Implemented]¶
After the message has been sent, the service updates the message status on the outbound spool.¶
Services SHOULD implement Denial of Service mitigation strategies including limiting the maximum time taken to complete a transaction and refusing connections from clients that engage in patterns of behavior consistent with abuse.¶
The limitation in message size allows Mesh Services to aggressively time out connections that take too long to complete a transaction. A Mesh Service that hosted on a 10Mb/s link should be able to transfer 20 messages a second. If the service is taking more than 5 seconds to complete a transaction, either the source or the destination service is overloaded or the message itself is an attack.¶
Imposing hard constraints on Mesh Service performance requires deployments to scale and apply resources appropriately. If a service is attempting to transfer 100 messages simultaneously and 40% are taking 4 seconds or more, this indicates that the number of simultaneous transfers being attempted should be reduced. Contrawise, if 90% are completed in less than a second, the number of threads allocated to sending outbound messages might be increased.¶
The inbound service MUST subject inbound messages to Access Control according to the credentials presented in the DARE Message payload.¶
After verifying the signature and checking that the key is properly accredited in accordance with site policy, the service applies authorization controls taking account of:¶
[This section to be expanded in future drafts]¶
Access control is effected through the usual division of authentication and authorization.¶
Authentication of operation requests is performed by the RUD layer [draft-hallambaker-mesh-rud] .¶
If the authentication key presented has a matching Access Catalog entry, the device is authorized to perform operations as specified in that entry.¶
Message interactions are asynchronous interactions that occur between devices connected to the same account or between accounts.¶
All messages are signed by the sender and encrypted under the encryption key of the recipient if this is known to the sender.¶
The Message PIN Interaction is used to register and validate PIN codes used to authenticate certain transactions. This interaction allows a PIN code issued by one device to be consumed by another allowing for greater convenience in managing devices or contact exchange.¶
For example, Alice might delegate the PIN code issue privilege to her mobile device without delegating the administration privilege to that device. This would allow Alice to use her mobile device to initiate the connection of a large number of devices to her Mesh as her house is being built and approve them later using her administrative device.¶
Use of the Message PIN interaction is optional. An application that issues a PIN code to authenticate a message MAY store the PIN value within the application without persisting it to external storage.¶
Derivation of the SaltedPin, MessageId and Witness values from their respective inputs is described in the Schema Reference [draft-hallambaker-mesh-schema].¶
To register a PIN code to an Account
, a device:¶
PIN
code value¶
SaltedPin
value for the specified Action
¶
PinId
binding the specified SaltedPin
to the Account
.¶
MessagePin
containing the SaltedPin
, Action
and Account
values with the MessageId
value PinId
.¶
MessagePin
value to the Administration
Spool of the Account
.¶
Note that this construction provides limited protection against forgery attacks by a party with access to the MessagePin
. A party with such access can use it to construct the witness value required to authenticate a request.¶
PIN Code values consist of an opaque sequence of octets represented as a UDF nonce value. Codes are presented in canonical UDF form, i.e. Base32 encoding separated into groups of 4 characters. The PIN value is converted to binary form for calculation of the SaltedPin
, thus ensuring that the canonical form of the PIN value is used.¶
The PIN Code value is passed out of band to a user who will enter it into a device to authenticate a request made to the issuer.¶
A request that MAY be validated by means of a PIN is a subclass of MessagePinValidated and contains the following fields:¶
A DARE Envelope containing the data that is authenticated.¶
A nonce value used to prevent certain replay attacks.¶
Digest value binding the SaltedPin
to the Account
.¶
Witness value calculated as KDF (Device.UDF + AccountAddress, ClientNonce)¶
The device uses the PIN code and Action identifier corresponding to the desired request to calculate the SaltedPin
value in the same manner as during registration. This value is then used to calculate the PinId
and PinWitness
values.¶
The PIN code is validated by performing the steps of:¶
SaltedPin
value from the PIN code and Action
¶
PinId
from SaltedPin
and Account
¶
MessagePin
from the Administration spool with the MessageId
PinId
.¶
PinWitness
value from SaltedPin
, ClientNonce
and AuthenticatedData
and checking this matches the value specified in the message.¶
Complete
message to the Administration
Spool of the Account
marking the PIN code as used.¶
This process can fail at multiple points resulting in different error results:¶
PinInvalid
No PIN code is specified, the Pin code indicates an unsupported algorithm or the calculated PinWitness
does not match the one specified by the request.¶
PinUsed
The PIN code has been used previously.¶
PinExpired
The PIN code is no longer valid.¶
Note that in the case that an attempt is made to reuse a PIN, it is not automatically the case that the first use of the PIN was the one that was valid and only the second attempt was invalid. Implementations SHOULD alert the user to the attempted re-use so that this possibility can be considered and appropriate action taken.¶
Alice connects a device using a QR code presented by her administrative device.¶
The administration device creates a PIN code and records it to the Local spool. The message specifies the salted pin value used to verify attempts to use the PIN, the action for which it is authorized. Since this PIN has been issued to authorize a device connection, the roles for which the device are authorized as well. This allows the connection request to be accepted without asking for further input from the user.¶
{ "MessagePin":{ "MessageId":"ACKJ-BKB3-J77B-G7HZ-DFKS-E26L-NHXW", "Account":"alice@example.com", "Expires":"2022-04-21T16:17:50Z", "Automatic":true, "SaltedPin":"AAV6-EBKF-JIUO-B2UV-UQX7-OKHB-OAAX", "Action":"Device", "Roles":["threshold" ]}}¶
Completion messages are dummy messages that are added to a Mesh Spool to mark a change the status of messages previously posted. Any message that is in the inbound spool and has not been erased or redacted MAY be marked as read
, unread
or deleted
. Any message in the outbound spool MAY be marked as sent
, received
or deleted
.¶
Services MAY erase or redact messages in accordance with local site policy. Since messages are not removed from the spool on being marked deleted, they may be undeleted by marking them as read or unread. Marking a message deleted MAY make it more likely that the message will be removed if the sequence is subsequently purged.¶
After using the PIN code to authenticate connection of a device in the previous example, the corresponding MessagePin is marked as having been used by appending a completion message to the Local spool.¶
{ "MessageComplete":{ "MessageId":"NDM2-SXYM-M65H-CDTB-ROIB-KTKW-IN4R", "References":[{ "MessageId":"ACKJ-BKB3-J77B-G7HZ-DFKS-E26L-NHXW", "ResponseId":"MCXK-BPYI-YM5Y-N4LL-SFZV-FXIC-AHX2", "Relationship":"Closed"} ]}}¶
The completion message is added to the spool in the same upload transaction that adds the device to the device catalog. This ensures that both operations occur or neither occurs.¶
The contact exchange interaction is used to support unilateral or mutual exchange of contact information. Contact exchange has three functions in the Mesh:¶
Registration of the subject's contact information in a registry service eliminates the need for the first of these functions but not the other two. To prevent abuse, every Mesh Message is subject to access control and a Mesh service will only accept a message from a sender if there is an entry in the Threshold Catalog of the account that expressly permits delivery of messages of the specified type that are authenticated by an authorized signature key.¶
The communication of unsolicited information afforded by the contact exchange interaction is deliberately limited so that a majority of users can accept contact exchange requests without prior authorization. It is however likely that some users will receive a considerable volume of requests forcing them to require contact requests be authorized through some form of third party accreditation.¶
The Remote Contact Exchange transaction consists of a sequence of MessageContact
messages sent from the initiator to the responder, responder to the initiator, etc. While there is in principle no limit on the number of messages exchanged, most exchanges will be completed in three exchanges or less:¶
Contains Initiator contact data without authentication context from the exchange.¶
Contains Responder contact data authenticated under a PIN challenge presented in the previous message.¶
Contains Initiator contact data authenticated under a PIN challenge presented in the previous message.¶
Each message provides the recipient with additional information which MAY motivate the recipient to provide additional contact information to the sender.¶
{ "MessageContact":{ "MessageId":"NBBX-LUP5-63JW-AJ6G-5UFG-TYWA-Y6IY", "Sender":"bob@example.com", "Recipient":"alice@example.com", "AuthenticatedData":[{ "dig":"S512", "ContentMetaData":"ewogICJNZXNzYWdlVHlwZSI6ICJDb250YWN0UG Vyc29uIiwKICAiY3R5IjogImFwcGxpY2F0aW9uL21tbS9vYmplY3QiLAogICJDcmV hdGVkIjogIjIwMjItMDQtMjBUMTY6MTc6MzFaIn0"}, "ewogICJDb250YWN0UGVyc29uIjogewogICAgIkFuY2hvcnMiOiBbewogIC AgICAgICJVZGYiOiAiTURSUy1JS01QLVM2U1otTVI1TS1HT0lKLVNJSFMtVzVTSiI sCiAgICAgICAgIlZhbGlkYXRpb24iOiAiU2VsZiJ9XSwKICAgICJOZXR3b3JrQWRk cmVzc2VzIjogW3sKICAgICAgICAiQWRkcmVzcyI6ICJib2JAZXhhbXBsZS5jb20iL AogICAgICAgICJFbnZlbG9wZWRQcm9maWxlQWNjb3VudCI6IFt7CiAgICAgICAgIC AgICJFbnZlbG9wZUlkIjogIk1EUlMtSUtNUC1TNlNaLU1SNU0tR09JSi1TSUhTLVc 1U0oiLAogICAgICAgICAgICAiZGlnIjogIlM1MTIiLAogICAgICAgICAgICAiQ29u dGVudE1ldGFEYXRhIjogImV3b2dJQ0pWYm1seGRXVkpaQ0k2SUNKTlJGSlRMVWxMV FZBdFV6WlRXaTEKICBOVWpWTkxVZFBTVW90VTBsSVV5MVhOVk5LSWl3S0lDQWlUV1 Z6YzJGblpWUjVjR1VpT2lBaVVISnZabWxzWgogIFZWelpYSWlMQW9nSUNKamRIa2l PaUFpWVhCd2JHbGpZWFJwYjI0dmJXMXRMMjlpYW1WamRDSXNDaUFnSWtOCiAgeVpX RjBaV1FpT2lBaU1qQXlNaTB3TkMweU1GUXhOam94Tnpvek1Wb2lmUSJ9LAogICAgI CAgICAgImV3b2dJQ0pRY205bWFXeGxWWE5sY2lJNklIc0tJQ0FnSUNKUWNtOW1hV3 gKICBsVTJsbmJtRjBkWEpsSWpvZ2V3b2dJQ0FnSUNBaVZXUm1Jam9nSWsxRVVsTXR TVXROVUMxVE5sTmFMVTFTTgogIFUwdFIwOUpTaTFUU1VoVExWYzFVMG9pTEFvZ0lD QWdJQ0FpVUhWaWJHbGpVR0Z5WVcxbGRHVnljeUk2SUhzCiAgS0lDQWdJQ0FnSUNBa VVIVmliR2xqUzJWNVJVTkVTQ0k2SUhzS0lDQWdJQ0FnSUNBZ0lDSmpjbllpT2lBaV IKICBXUTBORGdpTEFvZ0lDQWdJQ0FnSUNBZ0lsQjFZbXhwWXlJNklDSnNWa3RGU20 4elpYaDVSMEZPWHpsS1pXRgogIEdhbkZJTW1KbWFqaHlNMDAyYXpjMVlrMHlWMUpY YUMxVlRqSmFUbXg2VFhWaUNpQWdObmxXTW01UFNIcGpOCiAgVjlPVGpCZlh6ZG5Wb mQ1YWtWQkluMTlmU3dLSUNBZ0lDSkJZMk52ZFc1MFFXUmtjbVZ6Y3lJNklDSmliMk oKICBBWlhoaGJYQnNaUzVqYjIwaUxBb2dJQ0FnSWxObGNuWnBZMlZWWkdZaU9pQWl UVVJUU3kxRlZVaFRMVkZZUgogIDBRdFRFdFBSaTFCVmtNM0xWWXlVa2d0VEZZMldp SXNDaUFnSUNBaVJYTmpjbTkzUlc1amNubHdkR2x2YmlJCiAgNklIc0tJQ0FnSUNBZ 0lsVmtaaUk2SUNKTlJFSlFMVlJSUjFJdFRFWkZTeTFFTlUxS0xVTXpObGt0U0V0Sl EKICB5MUNTVUpISWl3S0lDQWdJQ0FnSWxCMVlteHBZMUJoY21GdFpYUmxjbk1pT2l CN0NpQWdJQ0FnSUNBZ0lsQgogIDFZbXhwWTB0bGVVVkRSRWdpT2lCN0NpQWdJQ0Fn SUNBZ0lDQWlZM0oySWpvZ0lsZzBORGdpTEFvZ0lDQWdJCiAgQ0FnSUNBZ0lsQjFZb XhwWXlJNklDSTRhMWhaVUcxbU4wMXhSVlV3ZDFaTFJUQldTbkpHVVhaTU9XZFlRbW gKICBFV0dKaFEybFhkMDlrZUVwUFN6WlJjWEZqT1hsYUNpQWdRMDkxT0RGb2ExY3l TRGRKZFhoc1dXUlBZMDVOWQogIGtWQkluMTlmU3dLSUNBZ0lDSkJaRzFwYm1semRI SmhkRzl5VTJsbmJtRjBkWEpsSWpvZ2V3b2dJQ0FnSUNBCiAgaVZXUm1Jam9nSWsxQ 1F6WXRVa3BSUVMxUFJFcFBMVVJXV2tndFVGbENOaTFJV1U5U0xWUXlNbGNpTEFvZ0 kKICBDQWdJQ0FpVUhWaWJHbGpVR0Z5WVcxbGRHVnljeUk2SUhzS0lDQWdJQ0FnSUN BaVVIVmliR2xqUzJWNVJVTgogIEVTQ0k2SUhzS0lDQWdJQ0FnSUNBZ0lDSmpjbllp T2lBaVJXUTBORGdpTEFvZ0lDQWdJQ0FnSUNBZ0lsQjFZCiAgbXhwWXlJNklDSmtNM kZPY0VGdmJEaEJWbkJPVlUxelVrdDZUbWc0TFhkQlF6SXlWWEoxTkZSTVVtNUZWa1 IKICBtUkROWWJrRXhYemhKVjNCTENpQWdNMjlyVEdFd1h6QnZNQzFvWWpGWGJpMXN OR2czVkMxQkluMTlmU3dLSQogIENBZ0lDSkRiMjF0YjI1RmJtTnllWEIwYVc5dUlq b2dld29nSUNBZ0lDQWlWV1JtSWpvZ0lrMUVTMDh0VkVkCiAgSlNTMVlVVU15TFZJM VRFY3RWRnBHU3kxQlNWWklMVE0zVkZRaUxBb2dJQ0FnSUNBaVVIVmliR2xqVUdGeV kKICBXMWxkR1Z5Y3lJNklIc0tJQ0FnSUNBZ0lDQWlVSFZpYkdsalMyVjVSVU5FU0N JNklIc0tJQ0FnSUNBZ0lDQQogIGdJQ0pqY25ZaU9pQWlXRFEwT0NJc0NpQWdJQ0Fn SUNBZ0lDQWlVSFZpYkdsaklqb2dJbWh5WVVGaGVqaHRVCiAgSHBpTVRaWFp6Wm9hR 1ZRV0VzdGNteFBhRXBCTlhadWMwVTJZMGxSY1RGTVFqUXdkRkpTWlhwNWN5MEtJQ0 EKICB3UVhCRGNYVkVVMHRGU2poeVNqQmZSVXBmYmpOcU1rRWlmWDE5TEFvZ0lDQWd Ja052YlcxdmJrRjFkR2hsYgogIG5ScFkyRjBhVzl1SWpvZ2V3b2dJQ0FnSUNBaVZX Um1Jam9nSWsxQ1NqVXRXRnBNTXkxVldVRllMVUpYVVVZCiAgdFUxTk9UaTFSVGpkY UxUZFpWa2tpTEFvZ0lDQWdJQ0FpVUhWaWJHbGpVR0Z5WVcxbGRHVnljeUk2SUhzS0 kKICBDQWdJQ0FnSUNBaVVIVmliR2xqUzJWNVJVTkVTQ0k2SUhzS0lDQWdJQ0FnSUN BZ0lDSmpjbllpT2lBaVdEUQogIDBPQ0lzQ2lBZ0lDQWdJQ0FnSUNBaVVIVmliR2xq SWpvZ0lsZFNNREl3WTNkb2RVWkhOVFV5YUVsRlRraGlaCiAgbnB5U0dadk1UUklOV zR5WW1oTGVtdEpTRmRCY1dreFNWUkVSM1ZCZWxJS0lDQmZaRU16YTFOUlN6WnhXa3 QKICBUZDFZM2IxUkxlVEZRVFVFaWZYMTlMQW9nSUNBZ0lrTnZiVzF2YmxOcFoyNWh kSFZ5WlNJNklIc0tJQ0FnSQogIENBZ0lsVmtaaUk2SUNKTlFVbFpMVVJETmtjdFEw ZExTQzFJTTBkT0xVSk1NazR0UjBoV1RpMDFTRlJISWl3CiAgS0lDQWdJQ0FnSWxCM VlteHBZMUJoY21GdFpYUmxjbk1pT2lCN0NpQWdJQ0FnSUNBZ0lsQjFZbXhwWTB0bG UKICBVVkRSRWdpT2lCN0NpQWdJQ0FnSUNBZ0lDQWlZM0oySWpvZ0lrVmtORFE0SWl 3S0lDQWdJQ0FnSUNBZ0lDSgogIFFkV0pzYVdNaU9pQWlOV1JOTUhWS1ptWmZkMnBQ VGpCS1RqSmxTbWswWm01bFUzSXlZVk5FTURrdFEyVXpTCiAgbWhDZWpkaVIzVkdkV VpLV0c1ck53b2dJSFpCTFU5ZlRqZFBTM0pKTm01SmRXTlVPVWxRY0Rjd1FTSjlmWD EKICA5ZlEiLAogICAgICAgICAgewogICAgICAgICAgICAic2lnbmF0dXJlcyI6IFt 7CiAgICAgICAgICAgICAgICAiYWxnIjogIlM1MTIiLAogICAgICAgICAgICAgICAg ImtpZCI6ICJNRFJTLUlLTVAtUzZTWi1NUjVNLUdPSUotU0lIUy1XNVNKIiwKICAgI CAgICAgICAgICAgICJzaWduYXR1cmUiOiAiYXFKYlpWeEtSUmpOd0d1Z1haVlU1R1 JxWXZBeHlmcERNRFV3MFJYbEhYYmR0QmNaTwogIEY3d3lrWFlaU3BvRUM0aGN1ekF UUkVnVHl5QUZsOG90N2E4WENpN0RnODB2OWM1UEpZMkt3ZVBSU3ZpMEtyCiAga0JZ cmFlZFFYQk85c2FOM2VQckx5Y0MydnJBblRyaG1NX29QcVhUNEEifV0sCiAgICAgI CAgICAgICJQYXlsb2FkRGlnZXN0IjogImVtMzNVaThibHpRY2c4UkQwUGVhRWVnU0 E2a3VyWHZWMVlKMTFabWVOZ2NPRwogIGU0WXByX0xIR3E2MV9GTVFMMW95Wllpb3c yN0VWczFxUzBUOWU3OFBnIn1dLAogICAgICAgICJQcm90b2NvbHMiOiBbewogICAg ICAgICAgICAiUHJvdG9jb2wiOiAibW1tIn1dfV19fQ", { "signatures":[{ "alg":"S512", "kid":"MAIY-DC6G-CGKH-H3GN-BL2N-GHVN-5HTG", "signature":"yWGvlnNlKnAHGDTgYMZtYe_mGvnmnzupiMneOegh KkOW6hZf-vkTR6AkBhmwM7PZH5xlVpdUe00AHIi0ie7deWnL6K5bEhhLiBBGY_ScB aVAVqWAkbrfSYehAWvfvCIPyZKzFQYIZ9no0WjGcA-9dSAA"} ], "PayloadDigest":"eq6Tg7DxnJr8SUf0nchazBLn3FBsYWLvZlAbxW2x a_FsQ2kkhx5C8NymLau-Hg9_UaP1NM0eS9Nw2CRRcObbpw"} ], "Reply":true, "Subject":"alice@example.com", "PIN":"ADFZ-RDXJ-IICY-KX57-X6LH-ABQY-IBKQ"}}¶
The Mesh Contact Exchange transaction does not provide for validation of the contact information beyond the binding to the Mesh Account Address used to perform the exchange.¶
Contact exchange requests MAY be authenticated by a PIN code. Initial contact exchange requests SHOULD include a PIN code value that can be used to authenticate a response (if given). PIN codes MAY also be exchanged out of band.¶
A MessageContact
authenticated by means of a PIN code is authenticated as described in the PIN Interaction section above.¶
The GroupInvitation
interaction is used to invite a recipient to join a Mesh Group. The interaction is essentially a form of contact exchange except that a sender SHOULD NOT send group invitations unless there is an existing relationship. Thus the 'first trust' issues intrinsic to the contact exchange interaction do not apply.¶
The message specifies the group name and the contact entry for the group. The contact entry includes the CapabilityDecryptServiced
used to decrypt messages sent to the group when combined with information provided by the threshold service for the group.¶
Receipt of a GroupInvitation
message does not require a response.¶
>>>> Unfinished ProtocolGroupInvite¶
Missing example 12¶
The confirmation interaction consists of a RequestConfirmation
message from the initiator followed by a ResponseConfirmation
from the responder.¶
The RequestConfirmation
message specifies the action that is requested.¶
The ResponseConfirmation
message contains the enveloped RequestConfirmation message signed by the initiator and the disposition of the responder, Accept = true
if the request is accepted and Accept = false
otherwise.¶
The service sends out the following request:¶
{ "RequestConfirmation":{ "MessageId":"NDBB-CHFG-OWNI-2WWK-RJI2-KMF7-6AW7", "Sender":"console@example.com", "Recipient":"alice@example.com", "Text":"start"}}¶
Alice accepts the request and returns the following response:¶
{ "ResponseConfirmation":{ "MessageId":"MBO5-GGWR-XOSQ-M6AO-WRP7-CJWT-V6LN", "Sender":"alice@example.com", "Recipient":"console@example.com", "Request":[{ "EnvelopeId":"MAWU-5FMM-ZN6O-FXE5-TVC4-LO6I-RJ4D", "ContentMetaData":"ewogICJVbmlxdWVJZCI6ICJOREJCLUNIRkctT1 dOSS0yV1dLLVJKSTItS01GNy02QVc3IiwKICAiTWVzc2FnZVR5cGUiOiAiUmVxdWV zdENvbmZpcm1hdGlvbiIsCiAgImN0eSI6ICJhcHBsaWNhdGlvbi9tbW0vb2JqZWN0 IiwKICAiQ3JlYXRlZCI6ICIyMDIyLTA0LTIwVDE2OjE3OjM5WiJ9", "SequenceInfo":{ "Index":7, "TreePosition":6201}, "Received":"2022-04-20T16:17:39Z"}, "ewogICJSZXF1ZXN0Q29uZmlybWF0aW9uIjogewogICAgIk1lc3NhZ2VJZC I6ICJOREJCLUNIRkctT1dOSS0yV1dLLVJKSTItS01GNy02QVc3IiwKICAgICJTZW5 kZXIiOiAiY29uc29sZUBleGFtcGxlLmNvbSIsCiAgICAiUmVjaXBpZW50IjogImFs aWNlQGV4YW1wbGUuY29tIiwKICAgICJUZXh0IjogInN0YXJ0In19", {} ], "Accept":true}}¶
Connection of a device to a Mesh Account combines synchronous and asynchronous elements and therefore uses a combination of Mesh Service Protocol and Mesh Messaging interactions.¶
Four connection interactions are currently defined support connection of devices with different affordances:¶
For connecting devices that provide data entry and display affordances and are connected to a network. The account the device is to be connected to is entered into the device which displays a witness code. This code is then compared with a code displayed on the administration device to authenticate the request, after which both devices can complete the interaction.¶
A variation of the Witness Authenticated interaction in which the connection process is initiated by creating a PIN value which is communicated to the device by some out of band means and used to authenticate the connection request.¶
For connecting devices that provide a camera affordance. The user sets the administration device into 'add device' mode, causing a QR code to be displayed. The QR code is scanned by the device being connected after which both devices can complete the interaction. Implementation of this mechanism is identical to the PIN authenticated scheme except that the PIN code is presented to the connecting device by means of a QR code.¶
For connecting devices that have been preconfigured with a device profile identified by means of a QR Code containing an EARL. The QR code is scanned by the administration device after which both devices can complete the interaction.¶
Each of these interactions provide strong mutual authentication with minimal user effort.¶
The witness authenticated connection interaction is intended for use in cases in which the device is already connected to a network. The QR code interactions are intended to provide support for acquisition of networking capabilities as part of the connection process. These functions are not currently specified. The Static QR Code Authenticated interaction is intended to support Internet of Things (IoT) devices which provide minimal interaction affordances.¶
In each case, the objectives of the device connection interaction are the same:¶
The connection of the device to the Mesh Account is achieved through the creation of the ActivationDevice, ConnectionDevice and CataloguedDevice records described in [draft-hallambaker-mesh-schema]. These are created by the administration device in the third phase of each of the connection interactions described below and acquired by the onboarding device in the fourth phase.¶
The witness authenticated, PIN authenticated, and Dynamic QR code interactions all follow a common interaction pattern.¶
The Dynamic QR Code (PIN) Authenticated interaction comprises four phases as follows:¶
A PIN code is created and registered with the PIN Registration interaction described earlier and transmitted to the user by an out of band communication. In the case of the Dynamic QR code interaction, this is a QR code that is scanned by the connecting device.¶
The onboarding device creates a RequestConnect message. In the PIN authenticated and Dynamic QR Code interactions, the RequestConnect is authenticated by the Device Authentication key and the PIN issued earlier. In the Witness Authenticated interaction, it is authenticated by the Device Authentication key alone.¶
The onboarding device presents the RequestConnect message to the service by means of a Connect operation to the service servicing the account. This results in the exchange of the account and device profiles and the computation of a witness value from the two profile fingerprints and two nonce values specified by the onboarding device and the service. An AcknowledgeConnection message is posted to the Inbound spool of the account and returned to the connecting device.¶
The account holder authenticates RequestConnect message and uses an administrative device to accept or reject the connection request.¶
If the RequestConnect message has been authenticated by a PIN code, the connection request can be accepted automatically without additional user interaction.¶
The onboarding device periodically polls the service for acceptance of the request by the administration device using the Complete transaction.¶
The use of the PIN code to authenticate the request message is shown in $$$$.¶
The PIN code MAY be presented to the onboarding device in any format accepted by the device. Administration MAY support presentation of the account address PIN code as a URI code. Administration devices SHOULD support presentation of the account address PIN code as a QR code containing the corresponding URI.¶
Alice> meshman account pin /threshold PIN=ADFR-TEQU-3HJD-IRND-P4TS-CRBD-NI (Expires=2022-04-21T16:17:50Z)¶
The registration of this PIN value was shown earlier in section $$$¶
The URI containing the account address and PIN is:¶
mcu://alice@example.com/ADFR-TEQU-3HJD-IRND-P4TS-CRBD-NI¶
The onboarding device scans the QR code to obtain the account address and PIN code. The PIN code is used to authenticate a connection request:¶
Alice3> meshman device request alice@example.com /pin ^ ADFR-TEQU-3HJD-IRND-P4TS-CRBD-NI Device UDF = MAA3-BQPZ-WWO4-7Q5B-P7AH-FY5C-ATMD Witness value = HS22-VO5M-JAG4-RQT4-ROHX-PERK-YYCW¶
The device generates a RequestConnect message as follows:¶
{ "RequestConnection":{ "MessageId":"NCAA-7UYA-TG2C-6XUC-UG3B-4XGT-OBIE", "AuthenticatedData":[{ "EnvelopeId":"MAA3-BQPZ-WWO4-7Q5B-P7AH-FY5C-ATMD", "dig":"S512", "ContentMetaData":"ewogICJVbmlxdWVJZCI6ICJNQUEzLUJRUFotV1 dPNC03UTVCLVA3QUgtRlk1Qy1BVE1EIiwKICAiTWVzc2FnZVR5cGUiOiAiUHJvZml sZURldmljZSIsCiAgImN0eSI6ICJhcHBsaWNhdGlvbi9tbW0vb2JqZWN0IiwKICAi Q3JlYXRlZCI6ICIyMDIyLTA0LTIwVDE2OjE3OjUxWiJ9"}, "ewogICJQcm9maWxlRGV2aWNlIjogewogICAgIlByb2ZpbGVTaWduYXR1cm UiOiB7CiAgICAgICJVZGYiOiAiTUFBMy1CUVBaLVdXTzQtN1E1Qi1QN0FILUZZNUM tQVRNRCIsCiAgICAgICJQdWJsaWNQYXJhbWV0ZXJzIjogewogICAgICAgICJQdWJs aWNLZXlFQ0RIIjogewogICAgICAgICAgImNydiI6ICJFZDQ0OCIsCiAgICAgICAgI CAiUHVibGljIjogIkU1ZUs0cUkzTVlCeDV4cHR6Y254cEhabnZNQWpTbnJIRjhBbm J5cE4tWTZpZlVHblNfTlQKICBfaXFacmdteURLRERDaUFXSkU0R3A4VUEifX19LAo gICAgIkVuY3J5cHRpb24iOiB7CiAgICAgICJVZGYiOiAiTUFMVy1RWFg0LUlBREUt QTRaWS1HUkZWLTdGUlYtNk5NWiIsCiAgICAgICJQdWJsaWNQYXJhbWV0ZXJzIjoge wogICAgICAgICJQdWJsaWNLZXlFQ0RIIjogewogICAgICAgICAgImNydiI6ICJYND Q4IiwKICAgICAgICAgICJQdWJsaWMiOiAiWUZ3WmJ6RkNwcmxETk5qSkVsOE5iUDl BcVZlNjQzQm1OTkF1b2tIRXVHejFWXzYwVHFyUAogIEU3WVktQlZBTU81Uk1PcUR3 R3U3WF9xQSJ9fX0sCiAgICAiU2lnbmF0dXJlIjogewogICAgICAiVWRmIjogIk1CS zUtSVI0Uy0yR0tWLUZIUlctQkZJNS1SUFJFLUVGT0UiLAogICAgICAiUHVibGljUG FyYW1ldGVycyI6IHsKICAgICAgICAiUHVibGljS2V5RUNESCI6IHsKICAgICAgICA gICJjcnYiOiAiRWQ0NDgiLAogICAgICAgICAgIlB1YmxpYyI6ICIwNW5DWExwSjl1 Njh3Q2t1dTRKWjVxTzR0d0o3cTVjaWdPOEJxZzNzX2Z2cXZLcl9SeVk2CiAgMW53Z 2pIS2FzZ09wWWFxY0RXczY4eWdBIn19fSwKICAgICJBdXRoZW50aWNhdGlvbiI6IH sKICAgICAgIlVkZiI6ICJNRFdMLVNMNEItS1dDVy1XM1hVLTZJS1otUUZPVS1BRVd aIiwKICAgICAgIlB1YmxpY1BhcmFtZXRlcnMiOiB7CiAgICAgICAgIlB1YmxpY0tl eUVDREgiOiB7CiAgICAgICAgICAiY3J2IjogIlg0NDgiLAogICAgICAgICAgIlB1Y mxpYyI6ICJ0dTc0QVZLYUp1ZGRmM1JEcmZ0aWI0a2VtOVN4MGE3czAtQXVKUzNRbE hIc1d6VllWTmZKCiAgR0c3WF9NN1dKRlpEaFQxTjU0YUU4ZFdBIn19fX19", { "signatures":[{ "alg":"S512", "kid":"MAA3-BQPZ-WWO4-7Q5B-P7AH-FY5C-ATMD", "signature":"vOufdCB_9HT6I8aarXvmmOyNSl-w-xyJ9lDjAEE7 76793vl1LkEFYsB5bh6ydW6itfx7wtyI5h2AYah4BosKBPeG5qfIVX0bD_BHzH3wm _pYThtpZRGUd_CLlGIyqZi-dj6pra-RatoCDbBdKIgPCTIA"} ], "PayloadDigest":"lrcVgAlxiwM7iaclmB4lQO-d1qIYWoilGa2AnxAq VJOSNHtc8NDZnGwUyg6b6lZlzoVgQRNgOdGQaVqW6sNf1Q"} ], "ClientNonce":"gZFH1LZNoACm0-x0tg28yA", "PinId":"ACKJ-BKB3-J77B-G7HZ-DFKS-E26L-NHXW", "PinWitness":"hv6xvNXOspA9MN4YVkNb58P5Bwr1WCy5OA6gtPxy0LqP-_l vReHSp1D5MubPtMYnrSrEcGebQrevBGB96ngkZg", "AccountAddress":"alice@example.com"}}¶
The service receives the conenct request and authenticates the message under the device key. The service cannot authenticate the message under the PIN code because that is not know to the service as the service cannot decrypt the local spool.¶
Having authenticated the connect request, the service generates a random nonce value. The random nonce together with the device and account profiles are used to calculate the witness value.¶
The AcknowledgeConnection message is created by the service:¶
{ "AcknowledgeConnection":{ "MessageId":"HS22-VO5M-JAG4-RQT4-ROHX-PERK-YYCW", "EnvelopedRequestConnection":[{ "EnvelopeId":"MBHZ-QYVP-T5DQ-FQAP-AWD4-FLMO-ZZJT", "ContentMetaData":"ewogICJVbmlxdWVJZCI6ICJOQ0FBLTdVWUEtVE cyQy02WFVDLVVHM0ItNFhHVC1PQklFIiwKICAiTWVzc2FnZVR5cGUiOiAiUmVxdWV zdENvbm5lY3Rpb24iLAogICJjdHkiOiAiYXBwbGljYXRpb24vbW1tL29iamVjdCIs CiAgIkNyZWF0ZWQiOiAiMjAyMi0wNC0yMFQxNjoxNzo1MVoifQ"}, "ewogICJSZXF1ZXN0Q29ubmVjdGlvbiI6IHsKICAgICJNZXNzYWdlSWQiOi AiTkNBQS03VVlBLVRHMkMtNlhVQy1VRzNCLTRYR1QtT0JJRSIsCiAgICAiQXV0aGV udGljYXRlZERhdGEiOiBbewogICAgICAgICJFbnZlbG9wZUlkIjogIk1BQTMtQlFQ Wi1XV080LTdRNUItUDdBSC1GWTVDLUFUTUQiLAogICAgICAgICJkaWciOiAiUzUxM iIsCiAgICAgICAgIkNvbnRlbnRNZXRhRGF0YSI6ICJld29nSUNKVmJtbHhkV1ZKWk NJNklDSk5RVUV6TFVKUlVGb3RWMWRQTkMwCiAgM1VUVkNMVkEzUVVndFJsazFReTF CVkUxRUlpd0tJQ0FpVFdWemMyRm5aVlI1Y0dVaU9pQWlVSEp2Wm1sc1oKICBVUmxk bWxqWlNJc0NpQWdJbU4wZVNJNklDSmhjSEJzYVdOaGRHbHZiaTl0YlcwdmIySnFaV 04wSWl3S0lDQQogIGlRM0psWVhSbFpDSTZJQ0l5TURJeUxUQTBMVEl3VkRFMk9qRT NPalV4V2lKOSJ9LAogICAgICAiZXdvZ0lDSlFjbTltYVd4bFJHVjJhV05sSWpvZ2V 3b2dJQ0FnSWxCeWIyWgogIHBiR1ZUYVdkdVlYUjFjbVVpT2lCN0NpQWdJQ0FnSUNK VlpHWWlPaUFpVFVGQk15MUNVVkJhTFZkWFR6UXROCiAgMUUxUWkxUU4wRklMVVpaT lVNdFFWUk5SQ0lzQ2lBZ0lDQWdJQ0pRZFdKc2FXTlFZWEpoYldWMFpYSnpJam8KIC BnZXdvZ0lDQWdJQ0FnSUNKUWRXSnNhV05MWlhsRlEwUklJam9nZXdvZ0lDQWdJQ0F nSUNBZ0ltTnlkaUk2SQogIENKRlpEUTBPQ0lzQ2lBZ0lDQWdJQ0FnSUNBaVVIVmli R2xqSWpvZ0lrVTFaVXMwY1VrelRWbENlRFY0Y0hSCiAgNlkyNTRjRWhhYm5aTlFXc FRibkpJUmpoQmJtSjVjRTR0V1RacFpsVkhibE5mVGxRS0lDQmZhWEZhY21kdGUKIC BVUkxSRVJEYVVGWFNrVTBSM0E0VlVFaWZYMTlMQW9nSUNBZ0lrVnVZM0o1Y0hScGI yNGlPaUI3Q2lBZ0lDQQogIGdJQ0pWWkdZaU9pQWlUVUZNVnkxUldGZzBMVWxCUkVV dFFUUmFXUzFIVWtaV0xUZEdVbFl0Tms1TldpSXNDCiAgaUFnSUNBZ0lDSlFkV0pzY VdOUVlYSmhiV1YwWlhKeklqb2dld29nSUNBZ0lDQWdJQ0pRZFdKc2FXTkxaWGwKIC BGUTBSSUlqb2dld29nSUNBZ0lDQWdJQ0FnSW1OeWRpSTZJQ0pZTkRRNElpd0tJQ0F nSUNBZ0lDQWdJQ0pRZAogIFdKc2FXTWlPaUFpV1VaM1dtSjZSa053Y214RVRrNXFT a1ZzT0U1aVVEbEJjVlpsTmpRelFtMU9Ua0YxYjJ0CiAgSVJYVkhlakZXWHpZd1ZIR nlVQW9nSUVVM1dWa3RRbFpCVFU4MVVrMVBjVVIzUjNVM1dGOXhRU0o5Zlgwc0MKIC BpQWdJQ0FpVTJsbmJtRjBkWEpsSWpvZ2V3b2dJQ0FnSUNBaVZXUm1Jam9nSWsxQ1N 6VXRTVkkwVXkweVIwdAogIFdMVVpJVWxjdFFrWkpOUzFTVUZKRkxVVkdUMFVpTEFv Z0lDQWdJQ0FpVUhWaWJHbGpVR0Z5WVcxbGRHVnljCiAgeUk2SUhzS0lDQWdJQ0FnS UNBaVVIVmliR2xqUzJWNVJVTkVTQ0k2SUhzS0lDQWdJQ0FnSUNBZ0lDSmpjblkKIC BpT2lBaVJXUTBORGdpTEFvZ0lDQWdJQ0FnSUNBZ0lsQjFZbXhwWXlJNklDSXdOVzV EV0V4d1NqbDFOamgzUQogIDJ0MWRUUktXalZ4VHpSMGQwbzNjVFZqYVdkUE9FSnha ek56WDJaMmNYWkxjbDlTZVZrMkNpQWdNVzUzWjJwCiAgSVMyRnpaMDl3V1dGeFkwU lhjelk0ZVdkQkluMTlmU3dLSUNBZ0lDSkJkWFJvWlc1MGFXTmhkR2x2YmlJNkkKIC BIc0tJQ0FnSUNBZ0lsVmtaaUk2SUNKTlJGZE1MVk5NTkVJdFMxZERWeTFYTTFoVkx UWkpTMW90VVVaUFZTMQogIEJSVmRhSWl3S0lDQWdJQ0FnSWxCMVlteHBZMUJoY21G dFpYUmxjbk1pT2lCN0NpQWdJQ0FnSUNBZ0lsQjFZCiAgbXhwWTB0bGVVVkRSRWdpT 2lCN0NpQWdJQ0FnSUNBZ0lDQWlZM0oySWpvZ0lsZzBORGdpTEFvZ0lDQWdJQ0EKIC BnSUNBZ0lsQjFZbXhwWXlJNklDSjBkVGMwUVZaTFlVcDFaR1JtTTFKRWNtWjBhV0k wYTJWdE9WTjRNR0UzYwogIHpBdFFYVktVek5SYkVoSWMxZDZWbGxXVG1aS0NpQWdS MGMzV0Y5Tk4xZEtSbHBFYUZReFRqVTBZVVU0WkZkCiAgQkluMTlmWDE5IiwKICAgI CAgewogICAgICAgICJzaWduYXR1cmVzIjogW3sKICAgICAgICAgICAgImFsZyI6IC JTNTEyIiwKICAgICAgICAgICAgImtpZCI6ICJNQUEzLUJRUFotV1dPNC03UTVCLVA 3QUgtRlk1Qy1BVE1EIiwKICAgICAgICAgICAgInNpZ25hdHVyZSI6ICJ2T3VmZENC XzlIVDZJOGFhclh2bW1PeU5TbC13LXh5SjlsRGpBRUU3NzY3OTN2bDFMCiAga0VGW XNCNWJoNnlkVzZpdGZ4N3d0eUk1aDJBWWFoNEJvc0tCUGVHNXFmSVZYMGJEX0JIek gzd21fcFlUaHQKICBwWlJHVWRfQ0xsR0l5cVppLWRqNnByYS1SYXRvQ0RiQmRLSWd QQ1RJQSJ9XSwKICAgICAgICAiUGF5bG9hZERpZ2VzdCI6ICJscmNWZ0FseGl3TTdp YWNsbUI0bFFPLWQxcUlZV29pbEdhMkFueEFxVkpPU04KICBIdGM4TkRabkd3VXlnN mI2bFpsem9WZ1FSTmdPZEdRYVZxVzZzTmYxUSJ9XSwKICAgICJDbGllbnROb25jZS I6ICJnWkZIMUxaTm9BQ20wLXgwdGcyOHlBIiwKICAgICJQaW5JZCI6ICJBQ0tKLUJ LQjMtSjc3Qi1HN0haLURGS1MtRTI2TC1OSFhXIiwKICAgICJQaW5XaXRuZXNzIjog Imh2Nnh2TlhPc3BBOU1ONFlWa05iNThQNUJ3cjFXQ3k1T0E2Z3RQeHkwTHFQLV9sd gogIFJlSFNwMUQ1TXViUHRNWW5yU3JFY0dlYlFyZXZCR0I5Nm5na1pnIiwKICAgIC JBY2NvdW50QWRkcmVzcyI6ICJhbGljZUBleGFtcGxlLmNvbSJ9fQ" ], "ServerNonce":"TxNcq2rNIK8BgGbwmyCcBw", "Witness":"HS22-VO5M-JAG4-RQT4-ROHX-PERK-YYCW"}}¶
The AcknowledgeConnection message is appended to the Inbound spool of the account to which connection was requested so that the user can approve the request. The ConnectResponse message is returned to the device containing the AcknowledgeConnection message and the profile of the account.¶
The device generates the witness value, verifies it against the value provided by the server and presents it to the user as seen in the console example above.¶
The user synchronizes their pending messages:¶
Alice> meshman message pending MessageID: HS22-VO5M-JAG4-RQT4-ROHX-PERK-YYCW Connection Request:: MessageID: HS22-VO5M-JAG4-RQT4-ROHX-PERK-YYCW To: From: Device: MAA3-BQPZ-WWO4-7Q5B-P7AH-FY5C-ATMD Witness: HS22-VO5M-JAG4-RQT4-ROHX-PERK-YYCW MessageID: NDBB-CHFG-OWNI-2WWK-RJI2-KMF7-6AW7 Confirmation Request:: MessageID: NDBB-CHFG-OWNI-2WWK-RJI2-KMF7-6AW7 To: alice@example.com From: console@example.com Text: start Alice> meshman account sync /auto¶
The administration device determines that the device connection request is authenticated by a PIN code. The PIN code is retrieved and the message authenticated. This is shown in the PIN registration interation example in section $$$ above.¶
Bug: This command is currently showing superflous pending messages due to the failure to clear messages processed in earlier examples.¶
The Cataloged device record is created from the public key values corresponding to the combination of the public keys in the device profile and those defined by the activation.¶
This is returned to the onboarding device by wrapping it in a RespondConnection message posted to the local spool of the account.¶
{ "RespondConnection":{ "MessageId":"MCXK-BPYI-YM5Y-N4LL-SFZV-FXIC-AHX2", "Result":"Accept", "CatalogedDevice":{ "DeviceUdf":"MAA3-BQPZ-WWO4-7Q5B-P7AH-FY5C-ATMD", "EnvelopedProfileUser":[{ "EnvelopeId":"MAMQ-ETEA-JBL3-6UKE-LRNT-DGC3-OIDF", "dig":"S512", "ContentMetaData":"ewogICJVbmlxdWVJZCI6ICJNQU1RLUVURUEt SkJMMy02VUtFLUxSTlQtREdDMy1PSURGIiwKICAiTWVzc2FnZVR5cGUiOiAiUHJvZ mlsZVVzZXIiLAogICJjdHkiOiAiYXBwbGljYXRpb24vbW1tL29iamVjdCIsCiAgIk NyZWF0ZWQiOiAiMjAyMi0wNC0yMFQxNjoxNzoxN1oifQ"}, "ewogICJQcm9maWxlVXNlciI6IHsKICAgICJQcm9maWxlU2lnbmF0dXJl IjogewogICAgICAiVWRmIjogIk1BTVEtRVRFQS1KQkwzLTZVS0UtTFJOVC1ER0MzL U9JREYiLAogICAgICAiUHVibGljUGFyYW1ldGVycyI6IHsKICAgICAgICAiUHVibG ljS2V5RUNESCI6IHsKICAgICAgICAgICJjcnYiOiAiRWQ0NDgiLAogICAgICAgICA gIlB1YmxpYyI6ICJuaTg1UWphTTh3VTV2Um9LbXdueEQwRjljNFNLMzAzTWswR2Fk NVdsSjhoZ0JpWVd3OW9OCiAgem1pMzJzdzhYQW1lcjZVTTBTb1RjMjRBIn19fSwKI CAgICJBY2NvdW50QWRkcmVzcyI6ICJhbGljZUBleGFtcGxlLmNvbSIsCiAgICAiU2 VydmljZVVkZiI6ICJNRFNLLUVVSFMtUVhHRC1MS09GLUFWQzctVjJSSC1MVjZaIiw KICAgICJFc2Nyb3dFbmNyeXB0aW9uIjogewogICAgICAiVWRmIjogIk1CWlAtV1pB Wi1CNktRLU1ZWVAtSDdLRC1WVkJBLTdUNlUiLAogICAgICAiUHVibGljUGFyYW1ld GVycyI6IHsKICAgICAgICAiUHVibGljS2V5RUNESCI6IHsKICAgICAgICAgICJjcn YiOiAiWDQ0OCIsCiAgICAgICAgICAiUHVibGljIjogInRSODVSQ3FXdjgtWDVCazB OVTRFVmxqUUZKNTg1Rk5FM1p3eVd6WFNWdEpIaXgwRlo3aloKICBRN3hnOXV1cnc4 S09LbDVNMFVXN0xMT0EifX19LAogICAgIkFkbWluaXN0cmF0b3JTaWduYXR1cmUiO iB7CiAgICAgICJVZGYiOiAiTUJEVi1YWE5ILTJSVUItUkJNWi01Tkc3LUwzQ0QtM1 RIViIsCiAgICAgICJQdWJsaWNQYXJhbWV0ZXJzIjogewogICAgICAgICJQdWJsaWN LZXlFQ0RIIjogewogICAgICAgICAgImNydiI6ICJFZDQ0OCIsCiAgICAgICAgICAi UHVibGljIjogIkhVd040UlZoR2N6RmxPbTJiRGNldnZWWXlkNmdqZHEzM1FxVjhVc TM5ZEdhc1J6UW45X1AKICBWZ0NCUklfOE1qaXZlclRLZGFhRUkzMkEifX19LAogIC AgIkNvbW1vbkVuY3J5cHRpb24iOiB7CiAgICAgICJVZGYiOiAiTURQUi1GSlZXLUd LNVotMkxKQS1MTVlWLVhTQ0gtSEUyQyIsCiAgICAgICJQdWJsaWNQYXJhbWV0ZXJz IjogewogICAgICAgICJQdWJsaWNLZXlFQ0RIIjogewogICAgICAgICAgImNydiI6I CJYNDQ4IiwKICAgICAgICAgICJQdWJsaWMiOiAiNTVqVWttcW4zZ3dHMGIySHpEVn UzSGxmNXNPNkdnVmxqX3ZhWUZ3QUVrc0RjTXkzd3l2VQogIHd0OW9qa2VVS1Q2MzA 0RHdmcmgtVXc4QSJ9fX0sCiAgICAiQ29tbW9uQXV0aGVudGljYXRpb24iOiB7CiAg ICAgICJVZGYiOiAiTUJWSS1FV0xPLUVJN0otT1ZBSy1HR1pILTZZSFctWkpTVSIsC iAgICAgICJQdWJsaWNQYXJhbWV0ZXJzIjogewogICAgICAgICJQdWJsaWNLZXlFQ0 RIIjogewogICAgICAgICAgImNydiI6ICJYNDQ4IiwKICAgICAgICAgICJQdWJsaWM iOiAiZlRVM1RlQjEtN0s4U1pwbzR0UXhaUHBKQWItX2QzTklkSmhsa3hXYWlab2dK UkVLOWFkUAogIGY5S25zNW1xcjExVVRUb0lNaHpmZEphQSJ9fX0sCiAgICAiQ29tb W9uU2lnbmF0dXJlIjogewogICAgICAiVWRmIjogIk1BTVAtQlg0Ry1BS0syLVlIUE EtSVhKVi1aMktWLVVYQlciLAogICAgICAiUHVibGljUGFyYW1ldGVycyI6IHsKICA gICAgICAiUHVibGljS2V5RUNESCI6IHsKICAgICAgICAgICJjcnYiOiAiRWQ0NDgi LAogICAgICAgICAgIlB1YmxpYyI6ICJZNi1EMkRiYktsYVZYdkc1WlF3ZUxkNV9rU DFFQ0FDUjQwYkRtcGctWTRLczkyRk5lLXV5CiAgc1dVck1fTG1RS09JUGpqcjVMOE 5PQkVBIn19fX19", { "signatures":[{ "alg":"S512", "kid":"MAMQ-ETEA-JBL3-6UKE-LRNT-DGC3-OIDF", "signature":"FOqGS7sd-l-iXeW0NnWOIUbmJxw0SLBHk_F4VY ya8AIu23JVKebgbH-MtSAK_-0FVuXyWcRUdT8AsHeGljsGe7Y9tN4q_NT8tIASs9Z sZa4HXUyAB3vOzMuSO6wi5bHehc-zWhkEPZhvdiBMcizkODYA"} ], "PayloadDigest":"pbnx3FGeWuZWOrANRD5vo3UYnkZRpHGmpLwSWV JnsNZ4SFe4qVn-hfNrZ557hnJhp4aD7EN2p6B7IVNMmuK_9w"} ], "EnvelopedProfileDevice":[{ "EnvelopeId":"MAA3-BQPZ-WWO4-7Q5B-P7AH-FY5C-ATMD", "dig":"S512", "ContentMetaData":"ewogICJVbmlxdWVJZCI6ICJNQUEzLUJRUFot V1dPNC03UTVCLVA3QUgtRlk1Qy1BVE1EIiwKICAiTWVzc2FnZVR5cGUiOiAiUHJvZ mlsZURldmljZSIsCiAgImN0eSI6ICJhcHBsaWNhdGlvbi9tbW0vb2JqZWN0IiwKIC AiQ3JlYXRlZCI6ICIyMDIyLTA0LTIwVDE2OjE3OjUxWiJ9"}, "ewogICJQcm9maWxlRGV2aWNlIjogewogICAgIlByb2ZpbGVTaWduYXR1 cmUiOiB7CiAgICAgICJVZGYiOiAiTUFBMy1CUVBaLVdXTzQtN1E1Qi1QN0FILUZZN UMtQVRNRCIsCiAgICAgICJQdWJsaWNQYXJhbWV0ZXJzIjogewogICAgICAgICJQdW JsaWNLZXlFQ0RIIjogewogICAgICAgICAgImNydiI6ICJFZDQ0OCIsCiAgICAgICA gICAiUHVibGljIjogIkU1ZUs0cUkzTVlCeDV4cHR6Y254cEhabnZNQWpTbnJIRjhB bmJ5cE4tWTZpZlVHblNfTlQKICBfaXFacmdteURLRERDaUFXSkU0R3A4VUEifX19L AogICAgIkVuY3J5cHRpb24iOiB7CiAgICAgICJVZGYiOiAiTUFMVy1RWFg0LUlBRE UtQTRaWS1HUkZWLTdGUlYtNk5NWiIsCiAgICAgICJQdWJsaWNQYXJhbWV0ZXJzIjo gewogICAgICAgICJQdWJsaWNLZXlFQ0RIIjogewogICAgICAgICAgImNydiI6ICJY NDQ4IiwKICAgICAgICAgICJQdWJsaWMiOiAiWUZ3WmJ6RkNwcmxETk5qSkVsOE5iU DlBcVZlNjQzQm1OTkF1b2tIRXVHejFWXzYwVHFyUAogIEU3WVktQlZBTU81Uk1PcU R3R3U3WF9xQSJ9fX0sCiAgICAiU2lnbmF0dXJlIjogewogICAgICAiVWRmIjogIk1 CSzUtSVI0Uy0yR0tWLUZIUlctQkZJNS1SUFJFLUVGT0UiLAogICAgICAiUHVibGlj UGFyYW1ldGVycyI6IHsKICAgICAgICAiUHVibGljS2V5RUNESCI6IHsKICAgICAgI CAgICJjcnYiOiAiRWQ0NDgiLAogICAgICAgICAgIlB1YmxpYyI6ICIwNW5DWExwSj l1Njh3Q2t1dTRKWjVxTzR0d0o3cTVjaWdPOEJxZzNzX2Z2cXZLcl9SeVk2CiAgMW5 3Z2pIS2FzZ09wWWFxY0RXczY4eWdBIn19fSwKICAgICJBdXRoZW50aWNhdGlvbiI6 IHsKICAgICAgIlVkZiI6ICJNRFdMLVNMNEItS1dDVy1XM1hVLTZJS1otUUZPVS1BR VdaIiwKICAgICAgIlB1YmxpY1BhcmFtZXRlcnMiOiB7CiAgICAgICAgIlB1YmxpY0 tleUVDREgiOiB7CiAgICAgICAgICAiY3J2IjogIlg0NDgiLAogICAgICAgICAgIlB 1YmxpYyI6ICJ0dTc0QVZLYUp1ZGRmM1JEcmZ0aWI0a2VtOVN4MGE3czAtQXVKUzNR bEhIc1d6VllWTmZKCiAgR0c3WF9NN1dKRlpEaFQxTjU0YUU4ZFdBIn19fX19", { "signatures":[{ "alg":"S512", "kid":"MAA3-BQPZ-WWO4-7Q5B-P7AH-FY5C-ATMD", "signature":"vOufdCB_9HT6I8aarXvmmOyNSl-w-xyJ9lDjAE E776793vl1LkEFYsB5bh6ydW6itfx7wtyI5h2AYah4BosKBPeG5qfIVX0bD_BHzH3 wm_pYThtpZRGUd_CLlGIyqZi-dj6pra-RatoCDbBdKIgPCTIA"} ], "PayloadDigest":"lrcVgAlxiwM7iaclmB4lQO-d1qIYWoilGa2Anx AqVJOSNHtc8NDZnGwUyg6b6lZlzoVgQRNgOdGQaVqW6sNf1Q"} ], "EnvelopedConnectionAddress":[{ "dig":"S512"}, "e7QRQ29ubmVjdGlvbkFkZHJlc3N7tA5BdXRoZW50aWNhdGlvbnu0EFB1 YmxpY1BhcmFtZXRlcnN7tA1QdWJsaWNLZXlFQ0RIe7QDY3J2gARYNDQ4tAZQdWJsa WOIOSNDtOvoZdilp0s3BTEoNwiSeNFDS6fgsm1L562PMYIp9BvcFfw3bmZ5u3e56H OMu23pigwo4Xw5AH19fbQHQWNjb3VudIARYWxpY2VAZXhhbXBsZS5jb219fQ", { "signatures":[{ "alg":"S512", "kid":"MBDV-XXNH-2RUB-RBMZ-5NG7-L3CD-3THV", "signature":"lOsc7e_m2hYgaUEGWInfYztPwhpICudfCGR1H2 UpRV0KH0SwVpYTnIWX-IuYXMo995PmWEDtYUiAjNmxO-rcC2BhHIW_BGU4YAtVZI8 cNAgvHOFmDe_wHzEoHce8OruvdQ-lbcZd_fuVjkdHundi1h4A"} ]} ], "EnvelopedConnectionService":[{ "dig":"S512", "ContentMetaData":"ewogICJNZXNzYWdlVHlwZSI6ICJDb25uZWN0 aW9uU2VydmljZSIsCiAgImN0eSI6ICJhcHBsaWNhdGlvbi9tbW0vb2JqZWN0IiwKI CAiQ3JlYXRlZCI6ICIyMDIyLTA0LTIwVDE2OjE3OjUyWiJ9"}, "e7QRQ29ubmVjdGlvblNlcnZpY2V7tA5BdXRoZW50aWNhdGlvbnu0A1Vk ZoAiTUQ0TS1FTEozLUVNN0ItVlZGRC1KRFBCLTdHT1AtT1FJS7QQUHVibGljUGFyY W1ldGVyc3u0DVB1YmxpY0tleUVDREh7tANjcnaABFg0NDi0BlB1YmxpY4g5I0O06- hl2KWnSzcFMSg3CJJ40UNLp-CybUvnrY8xgin0G9wV_DduZnm7d7noc4y7bemKDCj hfDkAfX19fX0", { "signatures":[{ "alg":"S512", "kid":"MBDV-XXNH-2RUB-RBMZ-5NG7-L3CD-3THV", "signature":"wzlcBCqylNLld9M66FWuY2qaUmUarO7Yam6ERb iZ0A-Ugo4CALcEVTKLkM8TCy1wApS4mtYJaYAALgDjm-swIPwu2XW1yBWJG-RnLEQ ydgSh6d0q6Rt3owHgYKDtzrSiJ_byiDUC7BtdDgz9RSqkbQ8A"} ], "PayloadDigest":"vYf454z3M4ZljOqIwzvMaVDSbyD-kQ3FZJRD6C T_oYFy7fryxi-JQTp9rWU2h8UcsjgA1VS8jeF7ZY3cjYl2Uw"} ], "EnvelopedConnectionDevice":[{ "dig":"S512", "ContentMetaData":"ewogICJNZXNzYWdlVHlwZSI6ICJDb25uZWN0 aW9uRGV2aWNlIiwKICAiY3R5IjogImFwcGxpY2F0aW9uL21tbS9vYmplY3QiLAogI CJDcmVhdGVkIjogIjIwMjItMDQtMjBUMTY6MTc6NTJaIn0"}, "e7QQQ29ubmVjdGlvbkRldmljZXu0DkF1dGhlbnRpY2F0aW9ue7QDVWRm gCJNRDRNLUVMSjMtRU03Qi1WVkZELUpEUEItN0dPUC1PUUlLtBBQdWJsaWNQYXJhb WV0ZXJze7QNUHVibGljS2V5RUNESHu0A2NydoAEWDQ0OLQGUHVibGljiDkjQ7Tr6G XYpadLNwUxKDcIknjRQ0un4LJtS-etjzGCKfQb3BX8N25mebt3uehzjLtt6YoMKOF 8OQB9fX20BVJvbGVzW4AJdGhyZXNob2xkXbQJU2lnbmF0dXJle7QDVWRmgCJNQkFD LTVSVU4tNVpZSC1CWVJILVJGTE0tT01NSi1ZTUZStBBQdWJsaWNQYXJhbWV0ZXJze 7QNUHVibGljS2V5RUNESHu0A2NydoAFRWQ0NDi0BlB1YmxpY4g5qTxrxXDgAwIc2r ULk3yjVLsqjDv6cd3CoPyhfB2g2yS9mG2BYN3cHptX-5wjgPksRW2lrLGSt2UAfX1 9tApFbmNyeXB0aW9ue7QDVWRmgCJNQllQLTJRTkctSUkzNC1NVkJKLUUzREQtSk1V Uy1LUlUztBBQdWJsaWNQYXJhbWV0ZXJze7QNUHVibGljS2V5RUNESHu0A2NydoAEW DQ0OLQGUHVibGljiDn4tysVgdXulShZAzpKeVaEPT6YI9YrlRwCMN0xnx8czTX8Zx 73E6j5muo-DFWjZRmvT5f_Ma-m_YB9fX19fQ", { "signatures":[{ "alg":"S512", "kid":"MBDV-XXNH-2RUB-RBMZ-5NG7-L3CD-3THV", "signature":"xm5EIDcUvKJkP3cpdiV85mPygKSW4C_4P440Fw oOgzA-Y1IPxh1n_uYmx1Rr6FH7SrTDAZgkgcQAIl17pmwnTt6z-14iolJjKanphGO W9ukYzFqJhISIH9IqS0YZFYAxAR04zgZRnVzgX-wPPDFmVzcA"} ], "PayloadDigest":"k8kjkIqoYDGcg-kLa6UkLuIEP1bL15gkmUUCf7 bMYXYbC-LcymtnjLMqiUOpWjXPlPCwZkeG6iUmvd3OZoktuw"} ], "EnvelopedActivationAccount":[{ "enc":"A256CBC", "dig":"S512", "kid":"EBQP-6TAN-BTZW-ASDU-VEC6-MFRR-IJWG", "Salt":"tXA2e3ZNixmurZ-it2J6KA", "recipients":[{ "kid":"MALW-QXX4-IADE-A4ZY-GRFV-7FRV-6NMZ", "epk":{ "PublicKeyECDH":{ "crv":"X448", "Public":"-QKmVKReKKmKkvdonFRJAnEGvT1Qgp8e0_qZq -UE0GkEi8zglCyuJ0ai8nKlRedPLagxu_HodpWA"}}, "wmk":"XzQkcZcOZtfC3N1gWPL3pHVc7Qt_hUHjxRD8xioD0qk_ O5XaBG_xNg"} ], "ContentMetaData":"ewogICJNZXNzYWdlVHlwZSI6ICJBY3RpdmF0 aW9uQWNjb3VudCIsCiAgImN0eSI6ICJhcHBsaWNhdGlvbi9tbW0vb2JqZWN0IiwKI CAiQ3JlYXRlZCI6ICIyMDIyLTA0LTIwVDE2OjE3OjUyWiJ9"}, "E0DRm1t6ESGAXqKtSTn93qShYVVWCBcH1mlGJNasyCsIU8UQukuGP-ih V3MeXe9bgq-0_E4yH-53437MTWM_uF33wjPTBexXgvr7w0pM4rZ7YVKOmyJ2vo5-x PgAAePJwfRCbsyvGIsyN8YW-c8PifFkWntFh4Es_cWnKw-tXjeMcdWjtu1KJxekNQ Cl1wxiMk7HIthQtCQwk2A-JWXQWaXCgOmKtjcl-1V4hR52jpUSiYuLNsRXbXJAkrN rZFaG", { "signatures":[{ "alg":"S512", "kid":"MBDV-XXNH-2RUB-RBMZ-5NG7-L3CD-3THV", "signature":"nay6TKbcxU0VmQ7rJVoN_m89pMMlpnKl1lC_-N OzKT2mZDPgr7Q5MNwXWigJOngiHcpb_YH2hsuAsVpmwHem5gcuJ378S9UOwKXmgxg WKLwkDsAEr3IRqd0LTF0yWqwJ7RpVo-BokZR9xDg0JJxbhyUA", "witness":"8cKBTOqU3sGJf_4c7OrpCwar8KKIu6nnw2cvXf3a Uzw"} ], "PayloadDigest":"pDEQGRMpuD0EDYGR_-oxzvovyaQG_uZA9nqexr 5e8pC1Ha0yu_4pxuQQhAJep2SEfVR2Zs4vqcgsnFY8O5D_3A"} ], "EnvelopedActivationCommon":[{ "enc":"A256CBC", "dig":"S512", "kid":"EBQA-ZOOA-J2XX-OHXS-NQHE-ILCE-25HL", "Salt":"He9EoaV4uTzQ25Nsg_ln8Q", "recipients":[{ "kid":"MBYP-2QNG-II34-MVBJ-E3DD-JMUS-KRU3", "epk":{ "PublicKeyECDH":{ "crv":"X448", "Public":"GxSFbVOVBE0DIipxDZtGHwxcX8GSewnZPexv0 ceJMTZEgU1etKaS34ZQ5xzgNvnMLo5sw0xl__uA"}}, "wmk":"gkANisn2V3yx3tvibNs7qix0IqlQKuRUaHDp-VNBxbr_ u9u_4ZdnAw"} ], "ContentMetaData":"ewogICJNZXNzYWdlVHlwZSI6ICJBY3RpdmF0 aW9uQ29tbW9uIiwKICAiY3R5IjogImFwcGxpY2F0aW9uL21tbS9vYmplY3QiLAogI CJDcmVhdGVkIjogIjIwMjItMDQtMjBUMTY6MTc6NTJaIn0"}, "9oiSbsWFv4Si3bH3IBrWJGWRf7lVk9eiGoPh2exMS7FRERkTdonOFcp_ 7DtkVJ8VfArm-zOMFKQL-0MnNFOmUupHH-1v-8nKegFPOKCApz8ApB6vOlOWdaExm TKGmKuXoikgBhzJGPD18eeTxEGrPRtCNnQJ4eRMbY45f4p5bFZ0x02WFa53-tSJK3 zFnNcswsAMOvlc8bvUcQ7qUNhrju9QlV7-x5AzPyUaXOIXrHLE1G6sbUueaqKSTgn 8hTmcYpJ3MiCkz7rSPwMghsf9qyRdWOIEQ879LAE-yZuSF7hkNeMdNICvn6bA_T9b 2WRzZeVgES9fZVJJOPb1DlQxcmXRuwmj4WcuHp-wrW0xgjF1a3GjyEqFemHFUMOJw h1QLyLUOrdHfuCN6Er2KjBvbH1p5fNBz7Nym-NcDlSZbUy-TmjDfLW4HCCn2pBXyl uXxNTtDRryyUE9Z1q7HV9PhOO3HURvDflLRPXQLSrrzuZwSPotfbRA-WymJtLuBtF IOBLJEx09LvqK-XyIPJdk9ari86PyKF_wCoh1ps1fLDN4oc5ko3Qb_7iBJRYiNMnJ dJ9lCPDFNMPUMkOK50xa-jRHlX2bUxM4Rycc9T3vsOQqq5k30h18czw6wBgb9TzV_ 33wYqh01lqcEgrG0uXVU057gvEe9-2_-GuaJgiqpYaceo3i9E0IBMsrmUXWhMpfl4 rESUjHN3pSgRPDjrfPyHKW4MXuETj8MN6RBuPRdwQW0oBk9f9NpnOKFxQqWkRXVNW c3Z2Yi-iu77A_5QrOQvIocXhcuC8J4It4wgt6HE18EBhrEGo0htYiXMllDQ8oAAhk SceNWzrulxjmz1D0lSA4C5J-km9MsW8IjzJgaGwENj0al9m8E5mULlZmccLBlHQYp BdAfxEZybuuELs9v3sB9CE6TtusJrTgYFkR-WITknMIALGF7dcqWcv-i3k-NqOkIp XIVIvjyJWyfbdnJ8ocrGA-xZLNCkoxEJC4TBW0Fqh1cWmM2ENOjSfQ1o1yQm_5MMW _P5OLpvAjD71WqPJeVsjOkVHQqPtZG8oQIeJQ7-QtTPFEVfrvroNlXdvvyLYWq4ma EzG0e4ZX_wNe37lWq_pdzpCNKNCTLaUbc_z_SoVqU7RNNuwAbBqXG2wVU2LU2VSrU qcRKV1sitN4TL9YuVOeH6EUZ42koHTSRhrbHgkbsemh6lc0G_XLJGIcETxmBLi9k4 nriSSeBOb4L_GOoy8uo9GRDzdOFan-GomVDUa8cIQXx0BJ52V_xuqjx3jBHQcsbTX 8GtIOl4072HbcNryM6z9k6nVxKgcbRlj_feDcDf1-KXT6FC1ojPnGAr1gL8C8mZYv 657H5rmGbf-dsGuixfW1zyP4IxOTzwMTYv6E4o6YvTPydm1sEHleshXIn-T3UUNGX bhIdvcsKNaFLukS8-rYpf-1ms8_U7qyn1na8sff7K3P3d7biLZrsIdoILBqveRdCI 2irOBE1oobNpezWMHMO4j5jN1ihhvky-um112AwKIcUvgwtlg-7wCkgcEO54FNbDh NP2yf7-BZI-NPlB_chFXiyxMObXyyUbTzZ8vV0AjBsZ3bzshR9m4fN2agluqfFg1r 9fsZr_WIr-bvHk2MF11v-hp_4NF6Ga9kppgfHYZr0Cdnff2-ocP8e5kzD4ybYmqvZ dGm22AbUZP3UKmK4G-zM80AHJJQoCxfVYyETaEcSRyhyiEs9sJHIKvSUO2VE9nmkb h0ZAH1TUdWJnBzmW4cmGA5g2CpD-4oiF_4XFf7i7oIoz_rrgVTWQE_p0E9fJmo_Mv lbSb7WmOzTnaFBgMCDRyZDTcsjXpkHX9n0FLDVNbnVcMvsV4DaP6R773CE3V2YowL JYLiu3BkTUf8yKLrPEk1vVH1nyBk-TVPodAlqOzEOVyfSDG3KxxE5l1k553ENPlys C-O4rmrkraKhh9tz51i6Uk86oAkzUztwrHVrvrg4vWIIqNKW6a0pH6ITGCAGu72qW 8RfCE8xqQrG0Xq2gWKopAIqb-jtVrY41sEge3Tn0N9DxgKu_7FJovyA2UO5Sq_-BI ZzY28tpgnYnVsz5zR2JReacy1rBthkI18_iOSUHPqN87ltfWLWWtiehHWG_AellNs Ou6_o1jsx5iRkI1ppPXio7EKpNd7gISZaT2iCaWylcrxCQPHu_TDmGDhCE93WF6pa mfRYU4gKN1aAVIcJLSJSJlp7k72AxJcKFfyxLvBdJZeXZ_JbpWLyprX1nayuuMYv9 rAQDiAN3MuoyzwzyTyOecM0dwK4RLADs9QsriTVvTVLUGlw-qV2wGua66JqsMIF5B PEalc1G3_K-hV_VrPKWxCOCtBB8-Y0qJcUMjRFXlGElwZ8VrANX7b9_ynEUjg9H1l _1leuw1yay2iyqEw369HNC_jcGbi6MoqyIR4uVuyI59nWY5VXI7vn8sYqNBr8zuZR MJY1yqcWvoUoeiuHZpU5yxOrSdMA-iGyy5NqtBrMdmP42co8xLCj1SjXi9XcpjP8N d3Z695iumU8YEOOY6fm6_EfDA390e8X4AJZ25FkvUPBI6YQT8NR0lqZrgwIF1FaPj Wlk9M3IrGMlrnH2FJDH-X8rEFCJJShxSD6sipr-eCTATgMIdPteXWgHo2WAVGrBwd pHJ3lQsAIju3fy7TEto45RveVo2mTIrxdqvlddiGehLNMmm-0i_TlIYe8TcIorP8m c6lOhL8InRrCLruR_PAH-gbwWnfZ1qBviaRnoSzoAyyVm9Q443kF5KxC-If_Hj5Jj TEqRJm7PADg2h44rFrz3TOHNCqDnVOxaj_tHB_L9l5sxbufkoMBxfT9DVbr8ao8WO yq-g1l0vk38aG5s3Bq7T5XVvoawcxE2030yQ2vPKUSj6XFBijpxwXWTN4_LByHt3_ oRWRngOIjV2yvjSodZjPn4lwlPhpkvAwVWHeGdoS1w86itxSs5KgDKzHL7jWbMRxi 1-1pD689M5pHPsX5ok61ik0q1N3eBA3InJKFfQWeycimqv7OxsxC5HtDP7y9ny176 Z5nEIDr1M6OzQY19bKGaPTLCgjLznBuA744LgMMZSJEQeG2G0u_Li0hyWFJ8b7HrZ N-KcuXjsmeuNIJEObEzICz6JeXQeIWWRwk_W6TTOfAT8SO6K-ir11NsxPAt7DKFCp mqGAeENrk6TL8Lvb47l1tCLAprBX2BXa9zITPPhOrxkChxBJdwNH0K8Y8ZE0tCYpW 8E5PvRKdZt7R7CnFK4jzqM0MHwEdRU9QHXhSZC2LsYxMoAWlI4ukmwtJJaXFdnfJR jBB7S_7G9iaEcIOU5nBMk1hDfEH9cQtHvW6ata5ky6DBx6fEyFxilROAC2GMPv3ye FyjJcX6sf7ryCrqp2CY5cgXAIk95L8_QXwDX1TmHkj2v-0nojlya6ZIHyHF89wUhp FEY8DalGkuetrXut7CzJeX969Gb0Qm0Ij9KCp5gFiwXgoPpbY7GUNSseflN8JjNOf X6k_8PXtXB0FyCSsjQuU-C-OOPXJTdSsAzDGV-QB2juuw0fnIXpvfQNqbUBKy13jm zeU9V1BkjzelPtximZsR5Ml9m13KvrV7MV9VHtU2l0VHIsUmZYW7bojOoPhyItTtB _ED7wgR9Z5NB0rpAwHE56w45SemmYTg7nZM9AoZuqyQSmulaYJHfPAmkCDhVloH-F DcoYYwK6LI3ibxLM6zhRgJzb9-VubSdYmrhi1sYoKFsBTkn5D1dV6oympGUx45uBL -DG-lYAGS199dq3K91kyOFEZ1tgG1BBKPlDO5ZB7rzLQWdUe-DRq84yq3qJf2Qej- nU1K4MsqFvbEsgtWVjZ5XT4Nmu9QJxMwFUzY8PMVK34NkOqGepyUo9zXf-2PAGGAy 45TQmwNEvitjOc96uMTDJkf4nZINvH0B0BsTftPyO1_QYuikC2qRv3waCZl3W6-R9 bQpKiTp2AwmmDZs9RBGes7EVx3Av9Fxf06qbAOtXH_uLDl9gbHnwSKV7Sr3Z7vCYH -iXjhzOchYf0xCysXPV_pJBueYEJiu6rgRxfjZ-IkXuIbpU4w0kX3f-wnkyZc26L- 4zuf-liB3x1oxTe0ww1Sid5sceH1cB5JBoEAofo5ciRX84Lropx43mnOM8wQuEIUh 8ST6MsLxdfVIM_X7gxhyQ2hgOoluiFOQX28VtlQY3HmgjHTKWqma3rBOpkmDtkzDh 9JY11fQ0vYYzYWGg8X0iU24X8dawj6xf5dE7_E1ejEVsTrD2FZT0WropndhyEjg5G fMCYsnnh9V0jU1nHNNtNRFTvpLj-wOgLRGKeU_hZ65gHsT3N4PoIPWSuaD_uNkrYm FreVJngAVn-7KsRVXphZ38M-tDvoUct5-63FOEcuzKT-EYrNtAO5o3Akctl3SpaOV 6YLkyvrwycxw0nGew-XWvnfGcCi7srh27T4h01zc7A3oF6hbJTUFBULFokjVzP7Nj 3iGW0gOUHMONLrdItB8HSOHXIN8H-c7YI7mZQqNpS6plMgACbhKy9IAYBs9JruoOb sCsogur8rKvTAmZQM9m-sfn6hEv2ML1NktzZOCJiJ5xugc_zOyOQgCxpWMs7Qxui5 GaDh4c7je6WytdnPpv1HhW_CUYkc_EJKnL4GKf0-D0Y3KHdhvVCMefkOQ0ZNplR25 QtCJs_Mj5ODN1p-2XQWsP-88AwZLT-7v70CNMmjpvYYkYkNf1LPVYFcsfkOyLZIzz pebJHbRl07i5FnmKrMBHRSZZR0UChs66t-fMi_fn6CQJNMw-XiMJqcWeqLPfy48On ECAjiZ18_MPiHfJkyNZzOzeX4eDNjDBFf0lkhdeS-DiQGhAHW9CxJvP5S2vjdBPVx GaDaJNpI3x_EOjee8JS-SHvg4Ib0Kwzg1h288_VWFrXbex3WLGjgA6vAMCy8dZbgJ _vcO3G-ItqtStRSeZToL4cr28xFBR8CGi4YX5eb-l6ddU5CE5SLQLgwpbNjhe4vTd JW0jYShp9sja26AUXH9sNah7vCbdAULCUmMvU_j5sbur04gecWuiwzh5QRGQ4XF4p j9Sy4CI1qF28BYrNBtEAymGEukDG8Acx6KUNYNCqoFKTF3ySOSCobyuWe8JtSkUDi yRnkLUTEPo-5PeRAHxbc1e2fBPSYbrshKA3av_2BZggq1uREg0NMrff9Cr2-MUwgI MUVwpabycISEPomWhMDsx5CG9AW8EWd5rzAM4ddpqSuI1tyk5C8_7SdtgXg2IvVmR fcH2BTIYFxhkxoxv-Bmnt2OylrRkn2P_IuUSiR_eeFFhi5GoLK0iLDgWFRtOSpbU2 iKWYgbgcTzQrairEGstsN1G2HiLRWeEsSXH1FDT9aA3mNNmYArz2DY6BObLUonAls xqSvYbCk0rjy249i42AnT6qYcS2puYxmjvjONSTCaH4q9bVzYei155Y3Qb3siB9HE XHVimsdP4Lr4AutyZExQxiImmebV4T23ZDLx5MFu7W040YpD36MszhUcD_4QuB60H YeU9SFF9g2KK7CbWGFBaJf25QdYaIAMdKk69gFpPhA3V-I3_fsfJvbHyWDKLeX__6 Q0hHXaZ9oCt3EG4563n6GE32YIb8_15zYrQBDRJD3vyjzCo2w3bia_mHMRP4cxZ_E CmiLqIWIPkFnuA5mezhxpWIiH7-WQf7RzUTWyiX6Ph4730RMPvZFGYV50qAyLDeII jxudCLUfSaZH0UoZoLzijJT2pMQIPwZPnUJS62pfRQBmJtaTq-v5xOLwBwaSwJA5n PlXLyd4d2zjOaR0wm2rE0ol36amQ86Usl_vA8zKBQm1p12icYK3mI8zHIYMHNqGRw _uu0_1WERWT0kbBn2a04vAeYKSeHOlOSGzd31hn2dpQBYODMXUKYsroF4p_40oTfK yZNJVRNCNFSsz8eprIRp1kDN--3d5c5ybU9UUQYJArn0-16_NQcieBdC3SYQpXO_M wk1WEFWUkFUFJJV3KFKd8iKw_igENGbjHKKcsPQtl5XV2NLNI2Y5oSctspJoQWJJW DtMBN1FibbuFpDCB2ojmsPcWWc-zivUAFQbkJxFHrYoBIGCA_Wunjk6RxMFpl-BaB YtXVNKncTdsa06l3CujNDSFpe7-gN1SE6Znf6yASnPJjWFsdnXl_59RcRRI7vTpSe AAgAwDAEguwoHVM51D66grC66EpcJ9S-XAvAIs0b_87GjEMlV7DQlFF5TXzu5XCc- gfMKRhKJ4-xf9sKrZ4csiXughoHU3VnCp4xh4csDJY2gX5fcLdGuNFE_OGW7Jrq9W bfsGh9KwFkvzxBPI1QvkxMw1J6_EiattoZdKLL156wdhl9mRiOYqjSBKyUCaZqPSd oTRg4kkhHSRdlhI_GGomNK1VZ_8G2aoQNO3eKB4twAdHQwXFfbyhBaLIXJ3pJ_hPz PvJbKDO_lqmXd8S4yS1RVkQoCUe1pPXQNMB9JyvKER7lXxmqGZOCeuMdkU1rwkm2X 3voSiqkrODcYPZin--xC0Lb2rxN_DZ-oP2Lh6qaucOSTRpW1k15V_E8nVa-FRZgYF 4jr_E4dsZZ2XvVoG4Uv7MFRwF4y87S1rrqs3jamWOKaJdWfRquQkCLktv_9tm8vrj HDPBNU2UVvT60URQ2Tii5NHu8y4DSWBq95I00_6uu-BFjpjFiRDOAz1zy-CEuGHaa EqqUfuV6pShGCvc8xDnibW3Jh6MIvbN2IduOvjRGDKsCvSehBRENdN9m7Db6AdHVj 1hbmV1cUv5LJTMYZHKUu2LUE_aLaSdui-Cbw0R6U4wLtC5GxLsTn0nv-9egZ_oYeZ 0sne-QkZcALn_ETKdLtyDIuPvEEcvYR9awfUS8JJv5BqBUdTbRmPMqgn6u6vtSa3v Q7Eu1anOb6eZsJIAgI9guF316r-_KSlQLxyZG7sTmud025TtLpZQRuo_h-EyEfi9a njACuIV5C_cmPT4DpKooVdy2RwIyY7r1OvsPeYAM5rVWkbDUJ4QVWtrHphvUvK6i0 4S9fDOlqgo_VxMopln_du0Jmf9MQKJC0oTrlN8Ng0a6fhqPmJc1zvFSl42aYr1KSv p_LF_dFwgoheTxykI_h4CNG6MXP-jvP1OkVamEYhmR8W0SWqSDGpwgNalFjZpRYFi cLrAz9CCFSsOVg1DP2gFWovm2hDXcXjp0rCJ9GrNrJLx0LcJzyE1UUardcG0nOgTs j25vcNBg5QnO7uvjH9USW5KcYLIlEWg-3KWFvKZHiP7aJ8pqOgtQdPMDMhKk0U3vu qW-nBm9o0baM_CvXi_MGvr3asA2bAT2gi7z8V3JAnt_p-mROZfCS1jNW9S3Lz8Tes Cf1zMNZfEeX0ggMIHbTexR0edviwhBc9qR1b6oSID2dOnLDhZop2Ncp8uYx0qYTVS ZwnmId-5xOlEr8njw0HgyJNqkRJqP5z2fCZRIRpY_zWMxxgD1JK4q1IeB7YE-BsFh LT6IV4wdk8NQRiMJCVps593Spu3W835Zhto0GwI8lYnfjRoB6_e4QlQvyVWqeUVSW qmZ0QWQjTPpp1UZSyD4qRVO_mI3TFHe83EMj56nNj_UgFWjXAOGXj16I0C1eiqa0i 9R5EwcPI_lHKUuI8VNTh5eWqBO49CRwO-uf_r3Q-irCnqXLhSxXjWvcCfWnXGIup0 gWzQixjVkta08piEh0l9PS4TyRB0Yk-IVe6jdrtWNhCCrYmkoyBZFgPvjvDoPYibO fm0P6ITI7y4fa8N-Z5c6QDghkh0qOHzfGBJYs-pvXrRttHuS3yIn7nrO2jAZoDLQb S1iior4jv_SRZb0KSf8NjkM0lyVfgGVG3y2llan46tg3RYV47ppcPXGlVOsMaxI8I yyAw3FgmNFOZpcOnfjDD8edKtZs7QA2NngEn82D2Pxw8a2cX1YFun7UpQhveb8NKL 5Om3C4hMKDT-zqBKn09iyQDLulRMlhKBpjowJfPVNMnDfweKX6v2LXBvl0Gn0AKUi Z2MXuffhj8XcdfH0aCO6YjeDSND-hX1PRLTzOkEzXRQNgJuTbPmAxxZkVQDEmsKVB NXf4SXqvz2yOs5K_hcxpmAjD-zRYCqHmKUEQdpBgEbAY_AOM1H8p-AzSfgLnw4LT5 c-VijUAKHjDg6dP8xB1pdczR1Z_qLJI68AsGaTnjjQ6fVYbmijJwHCY-EIC9lFZrQ ysuutS-pOjc17U1X49yNsw_ZpGOZdtnqs3wMEFtEgSWFB8os1rFmxj5tIJfHSabkO O04Px03v8BVSjzBYwNpukGsnNM3_tMxNajqlE0ygrMqQjZzWGbt1CHiWAfOY8dyNS SOLKsidSQ12CmR1q52r-_MS90eo2ROCyzbwLsRvY45HKBrd4Pdl0VHsp5KY0oFFy9 yAsg7ZBbq6yyngqZOx9Gatxv1U4XGGsFe--wxhwUzXe-2vYg-QMKUFcOQWXTGs0bb 1bAlLpY4I3eimsrUxaZniw-2MWk5wQxJM8oePxQRLLnZoRAvoG0yuI4thicJ8Ptcr 85B5WXNQH-YW8fqdnzRfhXPR0rmcuDyloMspFKmdaXFuJzm3FcXv2MrexjEpNuNYA F1U63-GJQDgWkTD0Jqowzt5mOTw", { "signatures":[{ "alg":"S512", "kid":"MBDV-XXNH-2RUB-RBMZ-5NG7-L3CD-3THV", "signature":"X7i49SUdqSGL6_Iu5bVAoDVUS1lAiyn333jJJc 0P1FNomX2omaYKrpepbsJcYQNXSDkakyPEg_CApF7k07eQvfwKEAhPVtES_NZo4aD jK_gtVXa8FY3aqbFrgatOK1PbMcUWOt4qTe--xyJIKhXN2TgA", "witness":"p1ZkuXKyRwrlhoSERIoqHGiZ512xE-bOHHVqRqGd A5w"} ], "PayloadDigest":"oWCi5hMAs9B_Jdl23UlB94HG4nmT0F0W-qbvhk uV2jULzRUDGFbY3Zz2y2er9QTYCPBCXSV4857a_dgxHMI8ew"} ], "ApplicationEntries":[{ "ApplicationEntrySsh":{ "Identifier":"MCXP-WQVY-RTKQ-ZU6P-VOM4-7U6K-FHXH", "EnvelopedActivation":[{ "enc":"A256CBC", "kid":"EBQK-TT6L-J6RL-A3QS-7JY7-HN2D-WI5W", "Salt":"muuRM8Csu8YVGXKPgdBskA", "recipients":[{ "kid":"MBYP-2QNG-II34-MVBJ-E3DD-JMUS-KRU3", "epk":{ "PublicKeyECDH":{ "crv":"X448", "Public":"pY-ltrx_QDrhpB2nYek4X9G5CLO3u15 mcqPAbABxFYRZ83lPtMDLGXmo-FFgqe_gN8per0enFOeA"}}, "wmk":"mM9Xh0EF5h1q1GwGnK-GK7gblurWYGJ3k4tE2X pc8WmMK7ELsOPW_g"} ], "ContentMetaData":"ewogICJNZXNzYWdlVHlwZSI6ICJBY3 RpdmF0aW9uQXBwbGljYXRpb25Tc2giLAogICJjdHkiOiAiYXBwbGljYXRpb24vbW1 tL29iamVjdCIsCiAgIkNyZWF0ZWQiOiAiMjAyMi0wNC0yMFQxNjoxNzo1MloifQ"}, "9ie5X_tfEyaX1ndBhH8gPr5TZQlt14MSGgYJR0AUcrBCXYzBYR Q_RiekTzkhluV00luMJ60-fjdzkpOyx_0yXr_ClQkn0M6_FAOt8m2zNZPeURJlFsh jGDKyne_c243dcLEskczb1TVkxYhBgrYaykksDENRGAy_gH6vXTFV2DFg1N02UVhP j-xQ4pcMrqEpWYYPwAT-N8jWezoOnz2-crO5HW-L3qXB2bzdUcomcq82aO7PQdeBI oxHmeeMwdWLV9_tXTm6jsUuGyvvQcXbiQZ9uybTboSyb4Tp2fXyHHjfKL8yPtedXP _CAqKdwmZ1ogj0p_O6IzPgUBVQBfxhFi73MgDbkcftON5JS0MNn-YNWkF3Sb-UtJS 2sttpYOX0M6fZfC1-OFCffuSdEs9KxggxOG3xqmhVcHI4OKVF4hzO21AeocmnmW_0 FyGrYjNozvXKrSYCvdKshHj1ZqqiWVT3xtQsaVr9FF5_IaMaXfFvwHSQei0p6_B3m 71r_kciGKO2YyoAoyle0rJuIt4enovfPNpm0f29yhe1-lBY0Hhe6Wf7hSK9NffQc2 TaBXYWPnDRVlqy_HuEW2MS8jt2NGbFULFsqPpcv22eIuB6K6HefzXlvA_IuYla0So JBE2Lyd-Nvpp_6YNOpeWvESFnwbE7rBUcmKrtDSZUp5Hi_XPZ1Sj2h2MYmEvwcDfT W8bmS7KJR_EvLglnSp8AnnTTfzqO2XnR5aHVNIgyN5mBqiexLE2W4mGD5FfYvypsp ARqjCPjZxUMoZXuqFjx10HSdkBALXoDz1hynK0LkdPL9tjlhnm6sSkJYj8xnfamm3 qO9BNmponRL_3DQXoPGDkkvwRhWHNCnuC8yQJ8JLN0E9o0Vw6sQX9lQpStMaLbom_ 4zvj9rd4Tl-4EyakDiQgb0x6_c8MaNCs7J_GWX_SVbZcdexx-Hm4aCgwZ3jGbSJZs 2KKAZmHma3E8N5N8n4wXlHoC6cfA0-y2_3hm39LcKYKJ6YfIqBDJIwdL0vzTLq9qZ JT7p6ypBxEnHPTIfFbuHmBGKvzMvHTlLQ_IUr0g6Eyxw1LxKBSSI8FPb2h556_O-1 hNK-ck6lfEe3JWfsniQuqZTXPrfpduwERLOXanZ-_ysE7Cqd7rh5aAp59GBqWAqpF meE4iRYJl6AkEy0wacBsAUJwqoAX4lZK3TU3ChJ0Zh3RemmO6ymxJhHdweb70lvSj U60goICoXxuRHuGrrcFfY9SbU3Wae6ykbfsRKY7xJGNkchSkSt7JgsInvhdqn8cSr KpMgZqrBAb2tKffghOToS9k4txQsLLeYtmmvWK92bRVbvIy_xvEBC5t0c9q8amGd3 yMkPa71b8fHOd3rRiA8oXLQhrRCpt1t-aPV0xadtYsRl2MbgW8uQst6zhmlWy3XFF UfP7l_mWwWr5-RMMp7oEk-Bnts0v6sELpPiOMVHAUvukCPZMdiOiItcZxGshGk27N BsJBNwfPUCpSdvvSzjscnWJgZj2L0iOh1Lb5V0ONMrfdhO9IGa4SXs1dNjsgLqW_0 zi5fYNYNuAm6cr7658dgt43HWXVC_1o9Hz5jdfmpUD6rMyyCc77c-VIVibFLi5yRs MWHFVtUu6mW58VJtXz9LRTfaUVKa2dnb4kRU5Bj8O38dTYhXrSrIuPIV4RWyUPMnw jCgd9A2TPSqo3NrH11bHgDOHM1peyx1W4lIDyncV4AbSr20YoW6l3ib84YE5uDAPB KTb_v3Dy6-dD-7wcjUmI4Q-uXt289kdHqQdw_AbK8Y1uP8fYZSk87kPo9fpE5vR8y DHRrRSprsCGBA2s82-7X3nxZ8AqaN3JvAttT2LzMmTW15ITmW70tBjttzlCvuwGE3 Y1iNHTZFmhRCvLmbzDuMQbhzTXvxmrT4ivY71XVVshjAsHjcv0ss8mSz3CIZWcq_7 ujoV9fKfu12CwP2FQDiLHb-uvqu25j5rB3mmLQdtBvLc34Nw3qCMUCmmLBvbG2TCd i-tOPZARgSRyMWH29zFIC8VCt6hOpj_e_CTZ5qVlDRUNvRtHeDJ8aSOIDrT30lWQa 7QsdrUTzTo7m4SZ0pftrmavB0s_ImyLP1yGYSL0_PDntuz9aZVQt7LYlwBYm7FP0F QDI3FyF7eX6j4HFj2aIT9ZKc-rXGdYJg2GcKwvftIAis_fIuREm5U5JdZp58sB3gg NdOpZkN7vBKu6lgMznuldJYUdLZHkMf3-mfNue5dzyAI8TjhOmVxavGxk3sphqHqU 5zEpL8rhvgGgL7Mveww78tlVni8OhsoYWywwZ9Q9Nwg8BWMHVssMmWxqCOZda-7zw o_2uWlhXw4sSp5Bodz2PXBBQDahQPboLQJLWZad7_Ds7Uq-YERfrTp5oL5O5PIF4O TXW9eal1qKPYnoohFSUmZYmKtpQ78ul3v0-PYXQywmKeet6EzcgM2txIQh6ceSuP0 hTMbVXjt0yB3RV5pX3rjtTeqg8hFmEEyKO_0i30nNxh62sdRBzE-mmfc3N3KQqIha sRFB31q9V2iifcD26C5mnQTIDnQ2nV_w4DHAudXhko-nJHouAeGhCMNa05I2dhu3x 4kM2nUDgX6_RHM4dokC0q2SKZZubE27GrC1eDf8RDpKHi1uby_Rkw9q0oCdsLIsW4 fLCJSvEpMzzS4YqP77ePINAiBNTSOAR_L9dpqkGuGcCL4DykWiA0rGmmnTaw7UG3t iVNS7bBdoKdcqORjUlEfVv3AvEZ08k8KZQYB_oA5IoXj0D1G2JHSqYocFIHcvSbqO 07Mehz6FqBUF4YcbVKIp_QkG8nCuinD_AwPhtNb_EFN0MM3jaEuDVE0XhIfAHnKrk BXC6n3_Qprj-nuBxo_Cf-egFPia_gSjbb1PvoFpxATbPlkY_J6Ihv7b6N19MX8gUx HwwdCYLtTwHm8vWlKF0N2qGh_VObwrf0YZaJUkd-yaIOknlOrRw0MjytMsi_SEw_- 9D4Jn6jkdJzbyQD06CX-tPeNGnelVZfJR7X7SGCDC4_ues5Ait9OH1uZT1J_Z58bZ HPHqT3S_GawAVwDN6h7A-VZnELXY279obT2uQ4mSjfLnKvM19qREiJxM7vJELYHfb DLi2WxX8oR5dYmhgZfAaCRFlO8dcXoZc1aMwthDm_tvq96ZMqTG-KeBr7Br8VHFgK Ji_GDWm6y41EDfw0WxQ_m-7sOCKclct-i5om1X3A3A49u5Cf0U08NxLqPDDM2H9_b 7WQfPmY7EfBNesye6AX_0DKqaIbG0Dlhddnx_s5dOizf5TD2kxAlgPz9BD8EUhj3h 3p9L559Yj9RnHSPvqY2x_xsbxyPx" ]}} ]}}}¶
The device periodically polls for completion of the connection request using the Complete transaction.¶
To provide a final check on the process, the command line tool presents the UDF of the account profile to which the device has connected if successful:¶
Alice3> meshman device complete Device UDF = MAA3-BQPZ-WWO4-7Q5B-P7AH-FY5C-ATMD Account = alice@example.com Account UDF = MAMQ-ETEA-JBL3-6UKE-LRNT-DGC3-OIDF Alice3> meshman account sync¶
The completion request specifies the witness value for the transaction whose completion is being queried:¶
{ "CompleteRequest":{ "AccountAddress":"alice@example.com", "ResponseID":"MCXK-BPYI-YM5Y-N4LL-SFZV-FXIC-AHX2"}}¶
The Service responds to the complete request by checking to see if an entry has been added to the local spool. If so, this contains the RespondConnection message created by the administration device.¶
The preconfigured device connection interaction is used to connect devices that lack affordances such as a display or a keyboard. It is also known as the static QR code interaction because a static QR code printed on the device itself is used to connect it to a user's account.¶
Future: Note that this interaction is likely to be changed substantially in future revisions of the specification and the Claim/PollClaim mechanism removed and replaced with a messaging based approach.¶
The interaction has five phases:¶
The device to be onboarded is preconfigured with a ProfileDevice and private key information and a DeviceDescription posted to a publication service. This process is typically performed during manufacture. An EARL providing the ability to locate and decrypt the description is printed on the device itself as a QR code.¶
The administration device acquiring the onboarding device scans the QR code on the device and uses this information to obtain the device description by means of a Claim operation described above as described in the Device Description.¶
This phase is performed in the same manner as the Dynamic QR Code (PIN) Authenticated interaction except that the administration device MAY advise the device that a connection request is being made by additional means described in the device description (e.g. WiFi, Bluetooth).¶
When connected to a network, the preconfigured device periodically attempts to poll the connection sources specified to find out if there is a pending request. If a connection request is posted, the device decrypts it to allow it to complete the connection process.¶
This phase is performed in the same manner as the Dynamic QR Code (PIN) Authenticated interaction except that the administration device requires notice that of the pending connection request.¶
The main differences between this connection interaction and the witness/PIN connection interactions are that the device is preconfigured with the device profile at the time of manufacture and the onboarding device MAY be acquiring network configuration information during the connection process.¶
The manufacturer preconfigures the device¶
Maker> meshman device preconfig Device UDF: MBOB-5GVY-Q43B-KODG-UJ3E-LY7V-36UV File: EBKG-ED3O-HBHK-ZQGS-EX4H-X22S-X4.medk¶
This results in the creation of a primary secret which is used to compute a ProfileDevice and corresponding connection records signed by the manufacturer's administrator key.¶
The data is combined to create a DevicePreconfiguration record that is provisioned to the firmware of the device being preconfigured.¶
{ "DevicePreconfigurationPrivate":{ "EnvelopedProfileDevice":[{ "EnvelopeId":"MBOB-5GVY-Q43B-KODG-UJ3E-LY7V-36UV", "dig":"S512", "ContentMetaData":"ewogICJVbmlxdWVJZCI6ICJNQk9CLTVHVlktUT QzQi1LT0RHLVVKM0UtTFk3Vi0zNlVWIiwKICAiTWVzc2FnZVR5cGUiOiAiUHJvZml sZURldmljZSIsCiAgImN0eSI6ICJhcHBsaWNhdGlvbi9tbW0vb2JqZWN0IiwKICAi Q3JlYXRlZCI6ICIyMDIyLTA0LTIwVDE2OjE3OjU3WiJ9"}, "ewogICJQcm9maWxlRGV2aWNlIjogewogICAgIlByb2ZpbGVTaWduYXR1cm UiOiB7CiAgICAgICJVZGYiOiAiTUJPQi01R1ZZLVE0M0ItS09ERy1VSjNFLUxZN1Y tMzZVViIsCiAgICAgICJQdWJsaWNQYXJhbWV0ZXJzIjogewogICAgICAgICJQdWJs aWNLZXlFQ0RIIjogewogICAgICAgICAgImNydiI6ICJFZDQ0OCIsCiAgICAgICAgI CAiUHVibGljIjogIkZXaWlfWUV0VERYNUt6ZUQtLW44QW5LcWlFUFQzODN6YWZPOW VFREt0QjNjc2pMa2VaV2UKICBXMjNhQlEtd01pZFVNLVZGX1VsYTFtSUEifX19LAo gICAgIkVuY3J5cHRpb24iOiB7CiAgICAgICJVZGYiOiAiTUNLMi1PRlNZLUNBUEot RVpVNS1LTzM3LUlJTkMtNkhYTCIsCiAgICAgICJQdWJsaWNQYXJhbWV0ZXJzIjoge wogICAgICAgICJQdWJsaWNLZXlFQ0RIIjogewogICAgICAgICAgImNydiI6ICJYND Q4IiwKICAgICAgICAgICJQdWJsaWMiOiAiNkNwVFVfWlp1QWE3bENOYkE4ZUs4c2h EeUdsQy05YldXckwteFQybTFZNjcwZVpFVzI1NwogIHR2SnREVDFLSTN3aXotaXB0 bjFBVHBhQSJ9fX0sCiAgICAiU2lnbmF0dXJlIjogewogICAgICAiVWRmIjogIk1CS DYtUEQyNy02Tjc2LVIyNTctQlUzTS1CUUpYLVFEQlMiLAogICAgICAiUHVibGljUG FyYW1ldGVycyI6IHsKICAgICAgICAiUHVibGljS2V5RUNESCI6IHsKICAgICAgICA gICJjcnYiOiAiRWQ0NDgiLAogICAgICAgICAgIlB1YmxpYyI6ICJXV0xIN0hjb0Vl SzdhRzMtYWdMdHI2UlltWTJnYWtiekNyWm00aWppWERGbXhWVFJIamJlCiAgaUItV 1dLOS1JVDQydW5OaHRXRmxPdXdBIn19fSwKICAgICJBdXRoZW50aWNhdGlvbiI6IH sKICAgICAgIlVkZiI6ICJNQlRKLU9CNEYtQVlIRC1YQzRJLUpaTkctTUJaVS1ISTN HIiwKICAgICAgIlB1YmxpY1BhcmFtZXRlcnMiOiB7CiAgICAgICAgIlB1YmxpY0tl eUVDREgiOiB7CiAgICAgICAgICAiY3J2IjogIlg0NDgiLAogICAgICAgICAgIlB1Y mxpYyI6ICJWd0hYcHQxdmZKV21zNUNjazluc2dlam92WkxOa1ctcEFxalpHdkdWNW 5lb0UtcnVyZWJDCiAgaTdYLTR3bnhxbXV4RkxIVHF5cFdJRjhBIn19fX19", { "signatures":[{ "alg":"S512", "kid":"MBOB-5GVY-Q43B-KODG-UJ3E-LY7V-36UV", "signature":"m10FQkPJzhAR2Cg2VfPzvSUt3XyQh0yjgqggXSep nwz3NpDWrH6TZLNeO0Gq-moqahTzGn_ZW8aA6vuiuiqtDMy_avBf0g31nDpFyRDk6 9D5qXBh8Br-4utT_Zxyzz3S2i63FGczDekAZTwZTQoQwTUA"} ], "PayloadDigest":"-irGyEMwNtkfLTM8Ygprqww7Lr41K_2Recre2O2H DP5CyC4VklJfYiDMR8822Sp5oALA-2aqQjDzJKKEt50nhA"} ], "EnvelopedConnectionDevice":[{ "dig":"S512", "ContentMetaData":"ewogICJNZXNzYWdlVHlwZSI6ICJDb25uZWN0aW 9uRGV2aWNlIiwKICAiY3R5IjogImFwcGxpY2F0aW9uL21tbS9vYmplY3QiLAogICJ DcmVhdGVkIjogIjIwMjItMDQtMjBUMTY6MTc6NTdaIn0"}, "ewogICJDb25uZWN0aW9uRGV2aWNlIjogewogICAgIkF1dGhlbnRpY2F0aW 9uIjogewogICAgICAiVWRmIjogIk1DSzItT0ZTWS1DQVBKLUVaVTUtS08zNy1JSU5 DLTZIWEwiLAogICAgICAiUHVibGljUGFyYW1ldGVycyI6IHsKICAgICAgICAiUHVi bGljS2V5RUNESCI6IHsKICAgICAgICAgICJjcnYiOiAiWDQ0OCIsCiAgICAgICAgI CAiUHVibGljIjogIjZDcFRVX1padUFhN2xDTmJBOGVLOHNoRHlHbEMtOWJXV3JMLX hUMm0xWTY3MGVaRVcyNTcKICB0dkp0RFQxS0kzd2l6LWlwdG4xQVRwYUEifX19LAo gICAgIlNpZ25hdHVyZSI6IHsKICAgICAgIlVkZiI6ICJNQkg2LVBEMjctNk43Ni1S MjU3LUJVM00tQlFKWC1RREJTIiwKICAgICAgIlB1YmxpY1BhcmFtZXRlcnMiOiB7C iAgICAgICAgIlB1YmxpY0tleUVDREgiOiB7CiAgICAgICAgICAiY3J2IjogIkVkND Q4IiwKICAgICAgICAgICJQdWJsaWMiOiAiV1dMSDdIY29FZUs3YUczLWFnTHRyNlJ ZbVkyZ2FrYnpDclptNGlqaVhERm14VlRSSGpiZQogIGlCLVdXSzktSVQ0MnVuTmh0 V0ZsT3V3QSJ9fX0sCiAgICAiRW5jcnlwdGlvbiI6IHsKICAgICAgIlVkZiI6ICJNQ 0syLU9GU1ktQ0FQSi1FWlU1LUtPMzctSUlOQy02SFhMIiwKICAgICAgIlB1YmxpY1 BhcmFtZXRlcnMiOiB7CiAgICAgICAgIlB1YmxpY0tleUVDREgiOiB7CiAgICAgICA gICAiY3J2IjogIlg0NDgiLAogICAgICAgICAgIlB1YmxpYyI6ICI2Q3BUVV9aWnVB YTdsQ05iQThlSzhzaER5R2xDLTliV1dyTC14VDJtMVk2NzBlWkVXMjU3CiAgdHZKd ERUMUtJM3dpei1pcHRuMUFUcGFBIn19fX19", { "signatures":[{ "alg":"S512", "kid":"MBGZ-R2AS-DPME-4KOZ-KKF5-WLDO-IBZO", "signature":"pe4KEfz7NgyGS4nz7VxBPZNcX04Fnf5EVQXCg4AO Z_XDKD3egMEeg5cStZALTB-yOkk44XLobyWAbxbhyeVFif7qZAdZ0hdk-h_o-di3h aX-SVPdFpGHXeCeOMaEAfsCOXTb9oSvHqDNLUaRIfq0wiIA"} ], "PayloadDigest":"oa0Yms70Z_buemEpSstfNdKSVlxUy7NoHKkZv_bA 9OX9ZJGkB3E4nNBfLG85arEixWQhkxFCwkHLvmInqkjYIQ"} ], "EnvelopedConnectionService":[{ "dig":"S512", "ContentMetaData":"ewogICJNZXNzYWdlVHlwZSI6ICJDb25uZWN0aW 9uU2VydmljZSIsCiAgImN0eSI6ICJhcHBsaWNhdGlvbi9tbW0vb2JqZWN0IiwKICA iQ3JlYXRlZCI6ICIyMDIyLTA0LTIwVDE2OjE3OjU3WiJ9"}, "ewogICJDb25uZWN0aW9uU2VydmljZSI6IHsKICAgICJBdXRoZW50aWNhdG lvbiI6IHsKICAgICAgIlVkZiI6ICJNQ0syLU9GU1ktQ0FQSi1FWlU1LUtPMzctSUl OQy02SFhMIiwKICAgICAgIlB1YmxpY1BhcmFtZXRlcnMiOiB7CiAgICAgICAgIlB1 YmxpY0tleUVDREgiOiB7CiAgICAgICAgICAiY3J2IjogIlg0NDgiLAogICAgICAgI CAgIlB1YmxpYyI6ICI2Q3BUVV9aWnVBYTdsQ05iQThlSzhzaER5R2xDLTliV1dyTC 14VDJtMVk2NzBlWkVXMjU3CiAgdHZKdERUMUtJM3dpei1pcHRuMUFUcGFBIn19fX1 9", { "signatures":[{ "alg":"S512", "kid":"MBGZ-R2AS-DPME-4KOZ-KKF5-WLDO-IBZO", "signature":"mGzTozZ5fDt4p9-VSDGwx6b9AUo_YDR9pLwXAj1m oN5de75NXuZRdz_ENeTLu1AtEzyYENDaQskAho664biW8I7DuRbNbLJ_AJLXQD99b 5kiiz1Ljavg1RAdrdfH05TDGHw7eMP5aCEir_o4oS7zjTEA"} ], "PayloadDigest":"97C6-ryQFiyRF-8NAP9pX7YvJEtcz-hexhvkHgsJ 2GUEl7yW_-uhclWSu0F7eRrdENFRq8g-qJDXPJTmo8TyEA"} ], "PrivateKey":{ "PrivateKeyUDF":{ "PrivateValue":"ZAAQ-A5KD-OPXN-5E7X-ZXRU-CRYP-B2N2-G6FY-MCO H-GAIH-72GR-EZXO-LQIM-Z5GA", "KeyType":"MeshProfileDevice"}}, "ConnectUri":"mcu://maker@example.com/EBKG-ED3O-HBHK-ZQGS-EX4H- X22S-X4"}}¶
An EARL is created specifying the means by which an administration device can acquire the information required to complete a connection to the device:¶
QR = {Connect.ConnectEARL}¶
The preconfigured ProfileDevice is encrypted under the encryption key and published to the location key derived from the EARL.¶
The administration device scans the QR code and obtains the Device Description using the Claim operation as shown in section $$$$. The administration device creates the ActivationDevice and CatalogedDevice records and populates the service as before.¶
Alice> meshman account connect ^ mcu://maker@example.com/EBKG-ED3O-HBHK-ZQGS-EX4H-X22S-X4 /web¶
Every Mesh Portal Service transaction consists of exactly one request followed by exactly one response. Mesh Service transactions MAY cause modification of the data stored in the Mesh Service or the Mesh itself but do not cause changes to the connection state. The protocol itself is thus idempotent. There is no set sequence in which operations are required to be performed. It is not necessary to perform a Hello transaction prior to any other transaction.¶
A Mesh Portal Service request consists of a payload object that inherits from the MeshRequest class. When using the HTTP binding, the request MUST specify the portal DNS address in the HTTP Host field.¶
Base class for all request messages.¶
[No fields]¶
Base class for all request messages made by a user.¶
A Mesh Portal Service response consists of a payload object that inherits from the MeshResponse class. When using the HTTP binding, the response SHOULD report the Status response code in the HTTP response message. However the response code returned in the payload object MUST always be considered authoritative.¶
Base class for all response messages. Contains only the status code and status description fields.¶
[No fields]¶
The Mesh Service protocol makes use of JSON objects defined in the JOSE Signatgure and Encryption specifications and in the DARE Data At Rest Encryption extensions to JOSE.¶
The following common structures are used in the protocol messages:¶
Describes a Key/Value structure used to make queries for records matching one or more selection criteria.¶
Specifies constraints to be applied to a search result. These allow a client to limit the number of records returned, the quantity of data returned, the earliest and latest data returned, etc.¶
The container to be searched.¶
Only return objects with an index value that is equal to or higher than the value specified.¶
Only return objects with an index value that is equal to or lower than the value specified.¶
Only data published on or after the specified time instant is requested.¶
Only data published before the specified time instant is requested. This excludes data published at the specified time instant.¶
Specifies a page key returned in a previous search operation in which the number of responses exceeded the specified bounds.¶
When a page key is specified, all the other search parameters except for MaxEntries and MaxBytes are ignored and the service returns the next set of data responding to the earlier query.¶
Specifies constraints on the data to be sent.¶
Maximum number of entries to send.¶
Specifies an offset to be applied to the payload data before it is sent. This allows large payloads to be transferred incrementally.¶
Maximum number of payload bytes to send.¶
Return the entry header¶
Return the entry payload¶
Return the entry trailer¶
Describes the account creation policy including constraints on account names, whether there is an open account creation policy, etc.¶
Specifies the minimum length of an account name.¶
Specifies the maximum length of an account name.¶
A list of characters that the service does not accept in account names. The list of characters MAY not be exhaustive but SHOULD include any illegal characters in the proposed account name.¶
The entries to be uploaded.¶
Report service and version information.¶
The Hello transaction provides a means of determining which protocol versions, message encodings and transport protocols are supported by the service.¶
The PostConstraints field MAY be used to advise senders of a maximum size of payload that MAY be sent in an initial Post request.¶
Specifies the default data constraints for updates.¶
Specifies the default data constraints for message senders.¶
Specifies the account creation policy¶
The enveloped master profile of the service.¶
The enveloped profile of the host.¶
Request creation of a new service account or group.¶
Attempt¶
Request binding of an account to a service address.¶
Reports the success or failure of a Create transaction.¶
Request deletion of a service account.¶
Request creation of a new portal account. The request specifies the requested account identifier and the Mesh profile to be associated with the account.¶
[No fields]¶
Reports the success or failure of a Delete transaction.¶
[No fields]¶
Request information necessary to begin making a connection request.¶
The signed assertion describing the result of the connect request¶
Request objects from the specified container with the specified search criteria.¶
Request objects from the specified container(s).¶
A client MAY request only objects matching specified search criteria be returned and MAY request that only specific fields or parts of the payload be returned.¶
Specifies constraints to be applied to a search result. These allow a client to limit the number of records returned, the quantity of data returned, the earliest and latest data returned, etc.¶
Specifies the data constraints to be applied to the responses.¶
Return the set of objects requested.¶
Services SHOULD NOT return a response that is disproportionately large relative to the speed of the network connection without a clear indication from the client that it is relevant. A service MAY limit the number of objects returned. A service MAY limit the scope of each response.¶
The updated data¶
Attempt an atomic transaction on the containers and spools associated with an account.¶
Upload entries to a container. This request is only valid if it is issued by the owner of the account¶
The data to be updated¶
The account(s) to which the request is directed.¶
The messages to be sent to other accounts¶
Messages to be appended to the user's inbound spool. this is typically used to post notifications to the user to mark messages as having been read or responded to.¶
Messages to be appended to the user's local spool. This is used to allow connecting devices to collect activation messages before they have connected to the mesh.¶
Response to an upload request.¶
The responses to the entries.¶
If the upload request contains redacted entries, specifies constraints that apply to the redacted entries as a group. Thus the total payloads of all the messages must not exceed the specified value.¶
The index value of the entry in the request.¶
The index value assigned to the entry in the container.¶
Specifies the result of attempting to add the entry to a catalog or spool. Valid values for a message are 'Accept', 'Reject'. Valid values for an entry are 'Accept', 'Reject' and 'Conflict'.¶
If the entry was redacted, specifies constraints that apply to the redacted entries as a group. Thus the total payloads of all the messages must not exceed the specified value.¶
Request to post to a spool from an external party. The request and response messages are extensions of the corresponding messages for the Upload transaction. It is expected that additional fields will be added as the need arises.¶
[No fields]¶
Claim a publication¶
The claim message¶
The encrypted device profile¶
Check party making claim¶
The claim message¶
[No fields]¶
[No fields]¶
[No fields]¶
Perform a set of cryptographic operations¶
The service account the capability is bound to¶
[No fields]¶
The security considerations for use and implementation of Mesh services and applications are described in the Mesh Security Considerations guide [draft-hallambaker-mesh-security].¶
All the IANA considerations for the Mesh documents are specified in this document¶
A list of people who have contributed to the design of the Mesh is presented in [draft-hallambaker-mesh-architecture].¶