<?xml version='1.0' encoding='utf-8'?>
<!DOCTYPE rfc [
  <!ENTITY nbsp    "&#160;">
  <!ENTITY zwsp   "&#8203;">
  <!ENTITY nbhy   "&#8209;">
  <!ENTITY wj     "&#8288;">
]>
<?xml-stylesheet type="text/xsl" href="rfc2629.xslt" ?>
<!-- generated by https://github.com/cabo/kramdown-rfc version 1.7.39 (Ruby 3.4.9) -->
<rfc xmlns:xi="http://www.w3.org/2001/XInclude" ipr="trust200902" docName="draft-mcguinness-oauth-actor-proofs-00" category="std" consensus="true" submissionType="IETF" version="3">
  <!-- xml2rfc v2v3 conversion 3.34.0 -->
  <front>
    <title abbrev="OAuth Actor Proofs">OAuth Actor-Signed Hop Proofs</title>
    <seriesInfo name="Internet-Draft" value="draft-mcguinness-oauth-actor-proofs-00"/>
    <author fullname="Karl McGuinness">
      <organization>Independent</organization>
      <address>
        <email>public@karlmcguinness.com</email>
      </address>
    </author>
    <date year="2026" month="July" day="04"/>
    <area>Security</area>
    <workgroup>Web Authorization Protocol</workgroup>
    <keyword>oauth</keyword>
    <keyword>delegation</keyword>
    <keyword>actor</keyword>
    <keyword>non-repudiation</keyword>
    <keyword>proof</keyword>
    <abstract>
      <?line 63?>

<t>This document defines OAuth Actor-Signed Hop Proofs, an optional companion profile for delegated OAuth tokens that conform to the OAuth Actor Profile for Delegation.  It introduces the <tt>actor_proofs</tt> claim, a signed per-hop proof chain in which the actor added at each visible hop signs its own participation and the target binding it authorized for that hop.  Proofs are linked into a hash chain, are validated against actor verification keys resolved through pre-established trust, and optionally cross-reference sibling actor receipts.  This document also defines a token request parameter for conveying proofs at issuance, and metadata and introspection parameters for advertising and consuming actor-proof support.</t>
    </abstract>
    <note removeInRFC="true">
      <name>About This Document</name>
      <t>
        The latest revision of this draft can be found at <eref target="https://mcguinness.github.io/draft-mcguinness-oauth-actor-profile/draft-mcguinness-oauth-actor-proofs.html"/>.
        Status information for this document may be found at <eref target="https://datatracker.ietf.org/doc/draft-mcguinness-oauth-actor-proofs/"/>.
      </t>
      <t>
        Discussion of this document takes place on the
        Web Authorization Protocol Working Group mailing list (<eref target="mailto:oauth@ietf.org"/>),
        which is archived at <eref target="https://mailarchive.ietf.org/arch/browse/oauth/"/>.
        Subscribe at <eref target="https://www.ietf.org/mailman/listinfo/oauth/"/>.
      </t>
      <t>Source for this draft and an issue tracker can be found at
        <eref target="https://github.com/mcguinness/draft-mcguinness-oauth-actor-profile"/>.</t>
    </note>
  </front>
  <middle>
    <?line 67?>

<section anchor="introduction">
      <name>Introduction</name>
      <t>The OAuth Actor Profile for Delegation <xref target="I-D.mcguinness-oauth-actor-profile"/> makes actor identity visible in delegated tokens through a common <tt>act</tt> claim.  The OAuth Actor Receipts companion <xref target="I-D.mcguinness-oauth-actor-receipts"/> adds authorization-server-signed per-hop provenance.  Both are issuer assertions: an authorization server attests that an actor was added at a hop.  Nothing in either profile requires the actor's own cryptographic participation, so a compromised or dishonest issuer can fabricate the participation of an actor that never authorized the delegation.</t>
      <t>This document defines OAuth Actor-Signed Hop Proofs, an optional companion profile that adds actor-side evidence.  At each covered hop, the actor being added signs a proof attesting its own participation and the target binding it authorizes; proofs travel with the token, are linked into a hash chain, and are validated against actor verification keys.  The design center is:</t>
      <ul spacing="normal">
        <li>
          <t>keep the visible actor chain in <tt>act</tt>;</t>
        </li>
        <li>
          <t>keep authorization-server-signed provenance in <tt>actor_receipts</tt>, when the receipts companion is in use;</t>
        </li>
        <li>
          <t>carry actor-signed participation and hop-time target consent in separately signed hop proofs.</t>
        </li>
      </ul>
      <t>Proofs add a top-level JWT claim, one token request parameter, and a small set of metadata signals on top of the existing OAuth (<xref target="RFC6749"/>, <xref target="RFC8693"/>) and core-actor-profile trust model; deployments opt in per resource server or per trust domain.  Scope is detailed in <xref target="design-goals-and-non-goals">Design Goals and Non-Goals</xref>.</t>
    </section>
    <section anchor="conventions-and-definitions">
      <name>Conventions and Definitions</name>
      <t>The key words "<bcp14>MUST</bcp14>", "<bcp14>MUST NOT</bcp14>", "<bcp14>REQUIRED</bcp14>", "<bcp14>SHALL</bcp14>", "<bcp14>SHALL
NOT</bcp14>", "<bcp14>SHOULD</bcp14>", "<bcp14>SHOULD NOT</bcp14>", "<bcp14>RECOMMENDED</bcp14>", "<bcp14>NOT RECOMMENDED</bcp14>",
"<bcp14>MAY</bcp14>", and "<bcp14>OPTIONAL</bcp14>" in this document are to be interpreted as
described in BCP 14 <xref target="RFC2119"/> <xref target="RFC8174"/> when, and only when, they
appear in all capitals, as shown here.</t>
      <?line -18?>

<t>Unless otherwise specified, OAuth terms such as client, authorization server, resource server, access token, refresh token, grant, <tt>subject_token</tt>, and <tt>actor_token</tt> are used as defined in <xref target="RFC6749"/> and <xref target="RFC8693"/>.  Transaction Token and Transaction Token Service (TTS) are used as defined in <xref target="I-D.ietf-oauth-transaction-tokens"/>.  Actor Receipt, Receipt Chain, and Outer Token are used as defined in <xref target="I-D.mcguinness-oauth-actor-receipts"/>; in this document, Outer Token refers to the token with which a proof chain is associated, whether or not that token also carries receipts.</t>
      <t>The following terms are used in this document:</t>
      <dl>
        <dt>Actor Proof:</dt>
        <dd>
          <t>A signed JWT created and signed by the actor added at one visible actor hop, attesting that actor's participation and the target binding it authorized for that hop.</t>
        </dd>
        <dt>Proof Chain:</dt>
        <dd>
          <t>The ordered <tt>actor_proofs</tt> array carried in a token or introspection response.</t>
        </dd>
        <dt>Actor Signing Key:</dt>
        <dd>
          <t>An asymmetric key controlled by an actor and used to sign actor proofs.  This document does not standardize how actor signing keys are established; see <xref target="actor-key-resolution">Actor Key Resolution and Trust</xref>.</t>
        </dd>
        <dt>Actor-Key Source:</dt>
        <dd>
          <t>A mechanism, trusted by a recipient under explicit local policy, that resolves an actor identifier pair (<tt>act.iss</tt>, <tt>act.sub</tt>) to one or more actor verification keys.</t>
        </dd>
        <dt>Target Binding:</dt>
        <dd>
          <t>The audience and optional resource constraints that the actor authorized for the token issued at its hop, carried in the proof's <tt>target</tt> claim.  A target binding records hop-time consent; it is not an audience restriction on the proof artifact itself.</t>
        </dd>
        <dt>Sibling Receipt:</dt>
        <dd>
          <t>The actor receipt, if any, created for the same visible actor hop as a proof, under <xref target="I-D.mcguinness-oauth-actor-receipts"/>.</t>
        </dd>
        <dt>Complete Proof Coverage:</dt>
        <dd>
          <t>A condition in which the number of proofs in <tt>actor_proofs</tt> equals the number of visible actor hops in the token's <tt>act</tt> chain, and every proof aligns with the corresponding visible hop.</t>
        </dd>
      </dl>
      <t>Examples in this document are illustrative and omit unrelated claims, signatures, and validation steps that a complete deployment would need.</t>
    </section>
    <section anchor="relationship-to-the-core-actor-profile">
      <name>Relationship to the Core Actor Profile</name>
      <t>This document is an extension of <xref target="I-D.mcguinness-oauth-actor-profile"/>.  A token that uses the <tt>actor_proofs</tt> claim defined here:</t>
      <ul spacing="normal">
        <li>
          <t><bcp14>MUST</bcp14> conform to the actor-chain representation rules of the core actor profile;</t>
        </li>
        <li>
          <t><bcp14>MUST</bcp14> use the top-level <tt>cnf</tt> claim, when present, only for the current token presenter;</t>
        </li>
        <li>
          <t><bcp14>MUST NOT</bcp14> treat any proof as satisfying a proof-of-possession requirement for the current request.</t>
        </li>
      </ul>
      <t>Actor proofs do not replace the visible <tt>act</tt> chain.  The <tt>act</tt> chain remains the interoperable representation of current delegated identity.  Proofs are an additional evidence layer that can be validated by issuers and recipients that support this profile.</t>
      <t>This document does not redefine the request semantics of <xref target="RFC8693"/> or any Transaction Token request semantics.  It defines only:</t>
      <ul spacing="normal">
        <li>
          <t>the <tt>actor_proofs</tt> claim;</t>
        </li>
        <li>
          <t>the signed JWT format of each proof;</t>
        </li>
        <li>
          <t>the <tt>actor_proof</tt> token request parameter for conveying a proof at issuance;</t>
        </li>
        <li>
          <t>issuer and consumer processing for proofs;</t>
        </li>
        <li>
          <t>associated metadata and introspection parameters.</t>
        </li>
      </ul>
      <section anchor="relationship-to-receipts">
        <name>Relationship to the Actor Receipts Companion</name>
        <t>Proofs and receipts attest the same hops from different signers with different trust anchors: a receipt is signed by the authorization server that added the hop, while a proof is signed by the actor that was added.  The two companions are carried independently.  A token <bcp14>MAY</bcp14> carry either, both, or neither, and recipients select a validation posture by policy:</t>
        <ul spacing="normal">
          <li>
            <t><strong>Receipts-only</strong>: proofs absent or ignored; trust per <xref target="I-D.mcguinness-oauth-actor-receipts"/>.</t>
          </li>
          <li>
            <t><strong>Proofs-only</strong>: receipts absent or ignored; trust rests on actor-key resolution and actor signatures.</t>
          </li>
          <li>
            <t><strong>Belt-and-suspenders</strong>: both validated; the token carries independent issuer-side and actor-side evidence for covered hops, and sibling references bind the two chains together (<xref target="sibling-receipt-issuance"/>).</t>
          </li>
        </ul>
        <t>The choice of posture is per-recipient deployment policy; this document does not standardize it.</t>
        <t>The two companions remain separate artifacts rather than a single multi-signature artifact because their signers, adoption prerequisites, and threat models differ: receipts require only issuer-side implementation, while proofs additionally require actor signing keys and recipient-side actor-key resolution.  A JWS structure carrying both signatures over one payload (JWS JSON Serialization, <xref target="RFC7515"/> Section 7.2) would express the sibling relationship more directly but is poorly supported in common OAuth token processing libraries; two parallel arrays of compact-serialized JWTs compose with existing tooling.</t>
        <t>The receipts companion's discussion of receipt-based provenance versus token introspection applies equally to proofs; see <xref target="I-D.mcguinness-oauth-actor-receipts"/>.</t>
      </section>
      <section anchor="related-work">
        <name>Relationship to Other Actor-Evidence Work</name>
        <t>Several contemporaneous efforts add actor-side or issuer-side delegation evidence to OAuth deployments; they differ from this profile chiefly in where evidence lives, who signs it, and who can verify it.  This section is informative.</t>
        <t><xref target="I-D.mw-oauth-actor-chain"/> also defines actor-signed step proofs, but they are submitted at token exchange and retained by the authorization server; only an issuer-signed cumulative commitment travels in the token, so recipients verify commitment continuity while actor signatures remain an exchange-time and audit-time property gated on issuer retention.  Under this profile, proofs are carried in the token and validated by recipients directly, at the cost of per-hop token growth.  <xref target="I-D.liu-oauth-chain-delegation"/> carries authorization-server-signed per-hop delegation records inline, optionally countersigned by the delegator; the countersigned fields carry no target binding, and records are re-signed at trust-domain boundaries.  <xref target="I-D.jiang-oauth-intent-admission"/> defines a single-hop intent artifact whose signature belongs to the admission authority rather than the acting party.</t>
        <t>The distinguishing property of this profile relative to each is a recipient-verifiable artifact signed by the actor itself, before issuance, over an explicit target binding.  These designs address overlapping needs; convergence is a working-group discussion this document aims to inform rather than preempt.</t>
      </section>
    </section>
    <section anchor="design-goals-and-non-goals">
      <name>Design Goals and Non-Goals</name>
      <t>The goals of this document are:</t>
      <ul spacing="normal">
        <li>
          <t>carry actor-signed participation evidence for visible actor hops, independently verifiable against actor keys rather than issuer keys;</t>
        </li>
        <li>
          <t>record the target binding the actor authorized at each covered hop, and prevent the issuing authorization server from issuing beyond that binding at the covered hop;</t>
        </li>
        <li>
          <t>allow downstream recipients to validate actor participation through actor-key sources established independently of the outer token issuer;</t>
        </li>
        <li>
          <t>compose with the actor receipts companion without requiring it;</t>
        </li>
        <li>
          <t>add evidence through additive top-level claims, one additive token request parameter, and metadata signals, with no changes required of deployments that do not use proofs;</t>
        </li>
        <li>
          <t>support progressive deployment, including tokens with partial proof coverage.</t>
        </li>
      </ul>
      <t>The non-goals of this document are:</t>
      <ul spacing="normal">
        <li>
          <t>establishing, distributing, or rotating actor signing keys; this document profiles how recipients resolve keys through pre-established trust, not how that trust is created;</t>
        </li>
        <li>
          <t>action-level or scope-level consent semantics; the target binding operates at audience and resource granularity;</t>
        </li>
        <li>
          <t>proof revocation or online freshness signals;</t>
        </li>
        <li>
          <t>replay detection beyond the outer token's own replay characteristics;</t>
        </li>
        <li>
          <t>multi-actor co-signed hops;</t>
        </li>
        <li>
          <t>actor-side events between hops, such as re-consent to a broader target without a new actor hop (see <xref target="extensibility"/>);</t>
        </li>
        <li>
          <t>reconciling subject identifiers that differ across proofs (see <xref target="subject-re-expression-across-hops"/>);</t>
        </li>
        <li>
          <t>transparency logging of proofs.</t>
        </li>
      </ul>
      <section anchor="deployment-fit">
        <name>Deployment Fit</name>
        <t>This profile's value is concentrated in deployments where actors hold signing keys: AI agents, workloads, and services with their own credentials.  Where actors cannot sign, actor receipts <xref target="I-D.mcguinness-oauth-actor-receipts"/> remain the available provenance layer, and this profile adds nothing.  The two companions serve complementary deployment populations and are strongest together.</t>
        <t>Proofs shift trust configuration from per-issuer enumeration to per-actor key resolution.  This is a different burden, not a smaller one: the population of actors is typically larger than the population of issuers, and a recipient must establish a trusted actor-key source for every actor whose proofs it relies on (<xref target="actor-key-resolution"/>).</t>
        <t>The anti-fabrication property of this profile is conditional on recipients requiring proofs.  An issuer that fabricates actor participation simply omits proofs; recipients that accept proof-less delegated tokens receive no protection from this profile (<xref target="downgrade-by-omission"/>).</t>
      </section>
    </section>
    <section anchor="actor-proofs-overview">
      <name>Actor Proofs Overview</name>
      <t>An actor proof records one actor hop from the actor's side.  The actor being added at a hop signs a proof naming itself, the subject on whose behalf it acts, and the target binding it authorizes for the token issued at that hop.  The issuing authorization server validates the proof against the actor's verification key and against the token it is about to issue, then embeds the proof in the issued token.</t>
      <t>The token then carries an <tt>actor_proofs</tt> array:</t>
      <ul spacing="normal">
        <li>
          <t>one array entry per covered actor hop;</t>
        </li>
        <li>
          <t>newest proof first;</t>
        </li>
        <li>
          <t>older proofs preserved unchanged.</t>
        </li>
      </ul>
      <t>This ordering aligns directly with the visible <tt>act</tt> chain in the outer token.  <tt>actor_proofs[0]</tt> corresponds to the outermost <tt>act</tt> object, <tt>actor_proofs[1]</tt> corresponds to <tt>act.act</tt>, and so on.  It also aligns index-for-index with the <tt>actor_receipts</tt> array when the receipts companion is in use, because both arrays are contiguous outermost prefixes of the same visible chain.</t>
      <t>Proofs can cover either:</t>
      <ul spacing="normal">
        <li>
          <t>the full visible chain; or</t>
        </li>
        <li>
          <t>a contiguous outermost prefix of the visible chain.</t>
        </li>
      </ul>
      <t>When a deployment requires full actor-side evidence, local policy or resource requirements enforce complete proof coverage.</t>
      <t>Proofs are participation and consent evidence, not authority transfer.  A valid proof chain documents that each covered actor signed its participation and its hop-time target binding, but does not by itself convey authority, authorization, entitlement, or delegation rights.  Validation of a proof does not imply that the represented delegation remains active, authorized, or acceptable under current policy; current authorization decisions <bcp14>MUST</bcp14> evaluate the current outer token, current policy, and current state, not the proof chain alone.</t>
    </section>
    <section anchor="actor-proofs-claim">
      <name>The <tt>actor_proofs</tt> Claim</name>
      <t><tt>actor_proofs</tt> is a new top-level JWT claim for tokens that conform to the core actor profile and this companion profile.</t>
      <dl>
        <dt><tt>actor_proofs</tt>:</dt>
        <dd>
          <t><bcp14>OPTIONAL</bcp14>.  An array of strings.  Each string <bcp14>MUST</bcp14> be the compact serialization of a signed JWT proof as defined in <xref target="actor-proof-jwt-format"/>.  When present, the array:
</t>
          <ul spacing="normal">
            <li>
              <t><bcp14>MUST NOT</bcp14> be empty; issuers <bcp14>MUST</bcp14> omit the claim rather than including an empty array;</t>
            </li>
            <li>
              <t><bcp14>MUST</bcp14> be ordered from newest covered hop to oldest covered hop;</t>
            </li>
            <li>
              <t><bcp14>MUST NOT</bcp14> contain more entries than the visible actor-chain depth of the token's <tt>act</tt> claim;</t>
            </li>
            <li>
              <t><bcp14>MUST</bcp14> represent a contiguous outermost prefix of the visible <tt>act</tt> chain.</t>
            </li>
          </ul>
        </dd>
      </dl>
      <t>If a token carries <tt>actor_proofs</tt>, it <bcp14>MUST</bcp14> also carry an <tt>act</tt> claim conforming to the core actor profile.</t>
      <dl>
        <dt><tt>actor_proofs_complete</tt>:</dt>
        <dd>
          <t><bcp14>OPTIONAL</bcp14>.  A boolean JWT claim in the outer token.  When <tt>true</tt>, the issuer attests that <tt>actor_proofs</tt> covers every visible hop in the token's <tt>act</tt> chain.
</t>
          <t>The attestation is relative to the visible chain at issuance time; it does not attest that the visible chain is itself unfiltered (see <tt>chain_complete</tt> in the core actor profile <xref target="I-D.mcguinness-oauth-actor-profile"/>).  Consumer enforcement, including the count-equality check, is defined in step 4 of <xref target="consumer-processing"/>.</t>
          <t>Issuers <bcp14>SHOULD</bcp14> set <tt>actor_proofs_complete: true</tt> when they emit complete coverage, to enable consumers to detect chain truncation.  Issuers <bcp14>SHOULD</bcp14> set <tt>actor_proofs_complete: false</tt> when they emit partial coverage.  Omitting the claim is observationally equivalent to <tt>false</tt> for consumers that test only for the literal value <tt>true</tt>, but does not provide a positive attestation that coverage is partial.</t>
        </dd>
      </dl>
      <t>This document does not require every delegated token to carry <tt>actor_proofs</tt>.  A deployment that requires actor-signed evidence uses local policy or the metadata defined in <xref target="discovery-capability-signaling"/> to express that requirement.</t>
    </section>
    <section anchor="actor-proof-jwt-format">
      <name>Actor Proof JWT Format</name>
      <t>Each element of <tt>actor_proofs</tt> is a signed JWT represented using JWS compact serialization <xref target="RFC7515"/>.</t>
      <section anchor="jose-header">
        <name>JOSE Header</name>
        <t>The JOSE header of an actor proof:</t>
        <ul spacing="normal">
          <li>
            <t><bcp14>MUST</bcp14> include an asymmetric digital-signature <tt>alg</tt> value;</t>
          </li>
          <li>
            <t><bcp14>MUST NOT</bcp14> use <tt>alg: none</tt> or a MAC-based symmetric algorithm;</t>
          </li>
          <li>
            <t><bcp14>MUST</bcp14> include <tt>typ</tt> with the value <tt>actor-proof+jwt</tt>;</t>
          </li>
          <li>
            <t><bcp14>SHOULD</bcp14> include <tt>kid</tt> when the actor's key source publishes multiple verification keys;</t>
          </li>
          <li>
            <t><bcp14>MAY</bcp14> include <tt>crit</tt> per <xref target="RFC7515"/>; consumers <bcp14>MUST</bcp14> reject a proof whose <tt>crit</tt> header lists an extension header the consumer does not understand.</t>
          </li>
        </ul>
        <t>Actors, issuers, and consumers <bcp14>MUST</bcp14> apply the JWT best practices in <xref target="RFC8725"/>.</t>
      </section>
      <section anchor="proof-claims">
        <name>Proof Claims</name>
        <t>The JWT payload of an actor proof uses the claims defined below, grouped by purpose.</t>
        <section anchor="identity-claims">
          <name>Identity Claims</name>
          <dl>
            <dt><tt>iss</tt>:</dt>
            <dd>
              <t><bcp14>REQUIRED</bcp14>.  The identifier of the actor that signed the proof.  It <bcp14>MUST</bcp14> equal the proof's <tt>act.sub</tt> value.
</t>
              <t>In contrast to actor receipts, where <tt>iss</tt> identifies the attesting authorization server, the proof <tt>iss</tt> is the actor itself.  The value is interpreted under the namespace authority named by the proof's <tt>act.iss</tt>, exactly as <tt>act.sub</tt> is interpreted under <tt>act.iss</tt> in the core actor profile.  A bare proof <tt>iss</tt> value <bcp14>MUST NOT</bcp14> be used as a key-resolution or trust index on its own; recipients resolve keys and evaluate trust using the (<tt>act.iss</tt>, <tt>act.sub</tt>) pair (<xref target="actor-key-resolution"/>).</t>
            </dd>
            <dt><tt>sub</tt>:</dt>
            <dd>
              <t><bcp14>REQUIRED</bcp14>.  The subject identifier on whose behalf the actor authorized the delegation, as known to the actor at signing time.  <tt>actor_proofs[0].sub</tt> <bcp14>MUST</bcp14> equal the outer token's top-level <tt>sub</tt>.  Older proofs <bcp14>MAY</bcp14> carry differing <tt>sub</tt> values when the subject has been re-expressed across issuer namespaces (see <xref target="subject-re-expression-across-hops"/>).</t>
            </dd>
            <dt><tt>sub_iss</tt>:</dt>
            <dd>
              <t><bcp14>OPTIONAL</bcp14>.  The namespace authority under which the proof <tt>sub</tt> value is interpreted, with the semantics defined for the <tt>sub_iss</tt> claim in <xref target="I-D.mcguinness-oauth-actor-receipts"/>.  When absent, the subject namespace authority is not independently expressed by this profile and <bcp14>MUST</bcp14> be determined, if needed, from trusted local context for the represented hop.</t>
            </dd>
            <dt><tt>act</tt>:</dt>
            <dd>
              <t><bcp14>REQUIRED</bcp14>.  A single-hop actor object identifying the signing actor.  This object:
</t>
              <ul spacing="normal">
                <li>
                  <t><bcp14>MUST</bcp14> conform to the core actor profile's actor-object rules;</t>
                </li>
                <li>
                  <t><bcp14>MUST</bcp14> include <tt>act.sub</tt> and <tt>act.iss</tt>;</t>
                </li>
                <li>
                  <t><bcp14>MAY</bcp14> include <tt>act.sub_profile</tt>;</t>
                </li>
                <li>
                  <t><bcp14>MUST NOT</bcp14> contain <tt>cnf</tt>;</t>
                </li>
                <li>
                  <t><bcp14>MUST NOT</bcp14> contain a nested <tt>act</tt>.</t>
                </li>
              </ul>
              <t>The <tt>act</tt> object is deliberately redundant with the proof <tt>iss</tt>: it carries the <tt>act.iss</tt> namespace context that a bare <tt>iss</tt> string lacks, and it aligns the proof with the corresponding visible <tt>act</tt> chain entry using the same structural rules as receipt <tt>act</tt> objects.  A proof whose <tt>iss</tt> does not equal its <tt>act.sub</tt> is invalid under this profile.</t>
            </dd>
          </dl>
          <t>This profile deliberately defines no proof counterpart to the receipt <tt>sub_profile</tt> claim of <xref target="I-D.mcguinness-oauth-actor-receipts"/>: subject classification is asserted by issuers rather than by acting parties, so an actor-signed copy would add no actor-attested information.  Actor classification travels in the proof's <tt>act.sub_profile</tt> when present.</t>
        </section>
        <section anchor="target-binding">
          <name>Target Binding</name>
          <dl>
            <dt><tt>target</tt>:</dt>
            <dd>
              <t><bcp14>REQUIRED</bcp14>.  A JSON object recording the target binding the actor authorized for the token issued at this hop.  Members:
</t>
              <dl>
                <dt><tt>target.aud</tt>:</dt>
                <dd>
                  <t><bcp14>REQUIRED</bcp14>.  A string or array of strings.  The audiences the actor authorizes for the token issued at this hop.</t>
                </dd>
                <dt><tt>target.resource</tt>:</dt>
                <dd>
                  <t><bcp14>OPTIONAL</bcp14>.  An array of URIs with the semantics of the <tt>resource</tt> request parameter of <xref target="RFC8707"/>.  When present, it narrows the target binding beyond <tt>target.aud</tt>.</t>
                </dd>
              </dl>
              <t>A target binding records hop-time consent for the hop the proof covers.  Issuer-side enforcement at the covered hop is defined in <xref target="accepting-a-proof"/>; consumer evaluation, including the distinction between the newest proof and older proofs, is defined in step 9 of <xref target="consumer-processing"/>.</t>
              <t>Extension members <bcp14>MAY</bcp14> be defined by other specifications.  An extension member <bcp14>MUST</bcp14> be defined with constraining semantics only: its presence narrows what the actor authorized and its absence leaves the binding as expressed by the defined members.  Consumers <bcp14>MUST</bcp14> ignore unrecognized <tt>target</tt> members unless another specification or local agreement defines their meaning; actors <bcp14>MUST NOT</bcp14> rely on unrecognized extension members being enforced.</t>
            </dd>
          </dl>
          <t>This document deliberately defines the target binding as a first-class <tt>target</tt> claim rather than reusing the JWT <tt>aud</tt> claim.  The binding describes the audiences of the token issued at the hop, not the recipients of the proof artifact itself, and reusing <tt>aud</tt> would cause generic JWT audience validation (<xref target="RFC7519"/> Section 4.1.3) to misfire on older proofs whose hop-time audiences legitimately differ from the current recipient.</t>
        </section>
        <section anchor="chain-linkage">
          <name>Chain Linkage</name>
          <dl>
            <dt><tt>prh</tt>:</dt>
            <dd>
              <t><bcp14>OPTIONAL</bcp14>.  Previous proof hash.  When present, <tt>prh</tt> <bcp14>MUST</bcp14> be the base64url encoding without padding (<xref target="RFC7515"/>) of the hash of the ASCII octets of the complete compact serialization of the next older proof in the chain, computed using the algorithm identified by <tt>prh_alg</tt> (defaulting to SHA-256 when <tt>prh_alg</tt> is absent).  The oldest proof in the chain, including a single-element chain in which the sole proof is both newest and oldest, <bcp14>MUST</bcp14> omit <tt>prh</tt>.
</t>
              <t>The <tt>prh</tt> and <tt>prh_alg</tt> claims are reused from <xref target="I-D.mcguinness-oauth-actor-receipts"/> with the same construction, applied to proof JWTs.  The proof chain is linked independently of any receipt chain carried in the same token: each companion's <tt>prh</tt> values hash that companion's own artifacts.</t>
            </dd>
            <dt><tt>prh_alg</tt>:</dt>
            <dd>
              <t><bcp14>OPTIONAL</bcp14>.  Hash algorithm identifier naming the algorithm used to compute <tt>prh</tt>.
</t>
              <ul spacing="normal">
                <li>
                  <t>Values <bcp14>MUST</bcp14> be drawn from the IANA "Named Information Hash Algorithm Registry" <xref target="RFC6920"/>, which uses lowercase forms such as <tt>sha-256</tt>, <tt>sha-384</tt>, and <tt>sha-512</tt>.</t>
                </li>
                <li>
                  <t>When absent, the default is <tt>sha-256</tt>.</t>
                </li>
                <li>
                  <t>When present, the value <bcp14>MUST</bcp14> identify a hash algorithm whose collision and preimage resistance is at least equivalent to <tt>sha-256</tt>.</t>
                </li>
                <li>
                  <t>All proofs in a single <tt>actor_proofs</tt> array <bcp14>MUST</bcp14> use the same <tt>prh_alg</tt> value, so that recipients can validate the chain without per-proof algorithm negotiation.  This uniformity rule is deliberately syntactic: a chain in which some proofs omit <tt>prh_alg</tt> and others carry an explicit <tt>sha-256</tt> is rejected even though the algorithm is the same, so that consumers never reconcile explicit values against defaults.  A chain that omits <tt>prh_alg</tt> from every proof uses the SHA-256 default for every <tt>prh</tt> value.  A single-element chain <bcp14>MAY</bcp14> carry <tt>prh_alg</tt>, but the value has no effect unless a later proof links to it.</t>
                </li>
                <li>
                  <t>An issuer extending an inbound chain <bcp14>MUST</bcp14> either preserve the inbound <tt>prh_alg</tt> or reject the chain.</t>
                </li>
                <li>
                  <t>The proof chain's <tt>prh_alg</tt> is independent of the receipt chain's <tt>prh_alg</tt> in the same token; the two chains <bcp14>MAY</bcp14> use different algorithms.</t>
                </li>
              </ul>
            </dd>
          </dl>
        </section>
        <section anchor="sibling-receipt-reference">
          <name>Sibling Receipt Reference</name>
          <dl>
            <dt><tt>receipt_jti</tt>:</dt>
            <dd>
              <t><bcp14>OPTIONAL</bcp14>.  The <tt>jti</tt> of the sibling receipt created for the same hop under <xref target="I-D.mcguinness-oauth-actor-receipts"/>.
</t>
              <t>Because the actor signs the proof before the issuer signs the sibling receipt, this claim can be populated only when the issuance flow provides the prospective receipt identifier to the actor before signing (for example, in a challenge step).  Most deployments will omit it and rely instead on the issuer-populated <tt>proof_jti</tt> receipt claim defined in <xref target="sibling-receipt-issuance"/>, which binds in the feasible direction.  Consumer verification of sibling references is defined in step 10 of <xref target="consumer-processing"/>.</t>
            </dd>
          </dl>
        </section>
        <section anchor="time-and-uniqueness">
          <name>Time and Uniqueness</name>
          <dl>
            <dt><tt>iat</tt>:</dt>
            <dd>
              <t><bcp14>REQUIRED</bcp14>.  The time at which the proof was signed, as defined in <xref target="RFC7519"/>.</t>
            </dd>
            <dt><tt>exp</tt>:</dt>
            <dd>
              <t><bcp14>REQUIRED</bcp14>.  Expiration time for the proof, as defined in <xref target="RFC7519"/>.
</t>
              <ul spacing="normal">
                <li>
                  <t><tt>exp</tt> <bcp14>MUST</bcp14> be set to a value that covers the expected maximum token lifetime of any token that will carry or inherit this proof, so that consumer validation of older proofs in a valid chain is not prematurely rejected.</t>
                </li>
                <li>
                  <t>Actors <bcp14>SHOULD</bcp14> set <tt>exp</tt> to the maximum delegated-token lifetime permitted under local policy for tokens that may inherit this proof.</t>
                </li>
              </ul>
              <t>Downstream issuers reject inbound proofs whose <tt>exp</tt> precedes the issued outer token's <tt>exp</tt> (<xref target="extending-an-existing-proof-chain"/>), so an under-set <tt>exp</tt> causes propagation failure rather than mid-token-lifetime consumer rejection.  Short <tt>exp</tt> values bound two exposure windows: the window during which a compromised actor signing key can be exploited, and the window during which a party holding a previously valid proof can re-embed it in another token (<xref target="proof-to-token-binding-limits"/>).  Deployments typically derive <tt>exp</tt> from a bounded delegated-session lifetime coordinated across the trust set.</t>
              <t>The two duties of <tt>exp</tt> resolve by binding mode: when the proof chain has outer-token instance binding (receipts composition in strict mode, or a provisioned <tt>origin_jti</tt>, per <xref target="proof-to-token-binding-limits"/>), re-embedding is detectable and <tt>exp</tt> <bcp14>MAY</bcp14> be sized to the full delegated-session lifetime; without instance binding, <tt>exp</tt> <bcp14>SHOULD</bcp14> be short, because it is the only bound on the re-embedding window.</t>
            </dd>
            <dt><tt>jti</tt>:</dt>
            <dd>
              <t><bcp14>REQUIRED</bcp14>.  A unique identifier for the proof, as defined in <xref target="RFC7519"/>.  Recipients and auditors can use <tt>jti</tt> uniqueness across observed tokens to detect proof re-embedding (<xref target="proof-to-token-binding-limits"/>).</t>
            </dd>
          </dl>
        </section>
        <section anchor="outer-token-binding">
          <name>Outer-Token Binding</name>
          <dl>
            <dt><tt>origin_jti</tt>:</dt>
            <dd>
              <t><bcp14>OPTIONAL</bcp14>.  The <tt>jti</tt> of the outer token issued at the hop this proof covers, following the pattern of the <tt>origin_jti</tt> claim defined in <xref target="I-D.mcguinness-oauth-actor-receipts"/>.
</t>
              <t>Because the actor signs the proof before the outer token exists, this claim can be populated only when the issuance flow provides the prospective outer-token <tt>jti</tt> to the actor before signing (for example, in a challenge step).  When <tt>actor_proofs[0].origin_jti</tt> is present and equals the outer token's <tt>jti</tt>, it binds the proof chain to the current outer-token instance.  When absent, the proof chain carries no instance binding of its own; deployments that require instance binding obtain it through composition with receipts (<xref target="proof-to-token-binding-limits"/>).  Consumer evaluation is defined in step 9 of <xref target="consumer-processing"/>.</t>
            </dd>
          </dl>
        </section>
        <section anchor="excluded-standard-claims">
          <name>Excluded Standard Claims</name>
          <dl>
            <dt><tt>aud</tt>:</dt>
            <dd>
              <t><bcp14>NOT RECOMMENDED</bcp14>.  Actors <bcp14>SHOULD</bcp14> omit <tt>aud</tt> from proofs.
</t>
              <t>Proofs are validated as part of outer-token processing, not as independent JWTs against an audience; the outer token carries the audience scoping for the request, and the actor's consented audiences live in <tt>target.aud</tt>.  This profile diverges from the audience-validation guidance in <xref target="RFC8725"/> Section 3.9 on those grounds.  Including <tt>aud</tt> in a proof would create ambiguity between an audience restriction on the proof artifact and the target binding, which are different statements.</t>
            </dd>
          </dl>
        </section>
        <section anchor="extension-claims">
          <name>Extension Claims</name>
          <t>A proof <bcp14>MAY</bcp14> contain additional claims defined by another specification or by deployment policy.  Consumers <bcp14>MUST</bcp14> ignore unrecognized claims unless another specification or local agreement defines their meaning.</t>
        </section>
      </section>
      <section anchor="proof-chain-linkage">
        <name>Proof-Chain Linkage</name>
        <t>When an actor signs a new proof that extends an inherited proof chain:</t>
        <ul spacing="normal">
          <li>
            <t>if there is an older proof immediately following it in the array, the new proof <bcp14>MUST</bcp14> include <tt>prh</tt>, and that value <bcp14>MUST</bcp14> be the base64url encoding without padding of the hash of the ASCII octets of the exact compact JWT string of that next proof;</t>
          </li>
          <li>
            <t>if the new proof is the only proof in the array, it <bcp14>MUST</bcp14> omit <tt>prh</tt>.</t>
          </li>
        </ul>
        <t>No JSON <xref target="RFC8259"/> canonicalization is applied.  <tt>prh</tt> hashes the ASCII octets of the exact compact-serialized JWS string of the next older proof as carried in the array, and the hash output is base64url-encoded without padding.  Systems that carry, store, or forward <tt>actor_proofs</tt> arrays <bcp14>MUST</bcp14> preserve each compact JWT string byte-for-byte; any modification, including semantically equivalent re-encoding, invalidates <tt>prh</tt> for any proof that references it.</t>
      </section>
    </section>
    <section anchor="actor-proof-parameter">
      <name>Conveying Proofs at Issuance</name>
      <t>This document defines one token request parameter:</t>
      <dl>
        <dt><tt>actor_proof</tt>:</dt>
        <dd>
          <t><bcp14>OPTIONAL</bcp14>.  The compact serialization of a single actor proof JWT for the new outermost actor hop of the requested token.  A token request <bcp14>MUST NOT</bcp14> include more than one <tt>actor_proof</tt> parameter.</t>
        </dd>
      </dl>
      <t>The parameter is defined for token endpoint requests that produce delegated tokens under the core actor profile, including OAuth 2.0 Token Exchange <xref target="RFC8693"/> requests and JWT assertion grants.  Transaction Token Service deployments convey the proof equivalently in the Transaction Token request, subject to <xref target="I-D.ietf-oauth-transaction-tokens"/>.</t>
      <t>The proof is consent and participation evidence, not an authentication credential.  It is not an <tt>actor_token</tt>, and its presence does not alter how the authorization server authenticates the requester or derives actor identity under the core actor profile.  The authorization server authenticates the actor through the mechanisms the core actor profile already defines and separately validates the proof as described in <xref target="accepting-a-proof"/>.</t>
      <t>This document does not define a challenge mechanism by which an authorization server provides prospective values (such as the outer token's <tt>jti</tt>, a receipt's <tt>jti</tt>, or the newest inbound proof for opaque inbound tokens) to the actor before signing.  Deployments and companion profiles <bcp14>MAY</bcp14> define such mechanisms; the <tt>origin_jti</tt> and <tt>receipt_jti</tt> claims are the designed insertion points.</t>
    </section>
    <section anchor="issuer-processing">
      <name>Issuer Processing</name>
      <t>This section defines how an authorization server or Transaction Token Service accepts, validates, embeds, preserves, and extends <tt>actor_proofs</tt>.</t>
      <section anchor="accepting-a-proof">
        <name>Accepting a Proof for a New Actor Hop</name>
        <t>When an issuer adds a new outermost actor hop and the token request carries <tt>actor_proof</tt>, the issuer:</t>
        <ol spacing="normal" type="1"><li>
            <t><bcp14>MUST</bcp14> validate the proof's structure per <xref target="actor-proof-jwt-format"/>: <tt>typ</tt> value, asymmetric <tt>alg</tt>, presence and JSON types of the <bcp14>REQUIRED</bcp14> claims <tt>iss</tt>, <tt>sub</tt>, <tt>act</tt>, <tt>target</tt> (including <tt>target.aud</tt>), <tt>iat</tt>, <tt>exp</tt>, and <tt>jti</tt>, and the single-hop <tt>act</tt> rules.</t>
          </li>
          <li>
            <t><bcp14>MUST</bcp14> verify that the proof's (<tt>act.iss</tt>, <tt>act.sub</tt>) pair equals the actor identifier pair the issuer will emit as the new outermost visible <tt>act</tt> object, and that the proof <tt>iss</tt> equals the proof <tt>act.sub</tt>.</t>
          </li>
          <li>
            <t><bcp14>MUST</bcp14> verify that the proof <tt>sub</tt> equals the top-level <tt>sub</tt> of the token being issued.  An issuer that re-expresses the subject at this hop <bcp14>MUST NOT</bcp14> embed the proof; re-expression breaks the alignment between <tt>actor_proofs[0].sub</tt> and the outer token's top-level <tt>sub</tt> that consumers verify under <xref target="consumer-processing"/>.</t>
          </li>
          <li>
            <t><bcp14>MUST</bcp14> resolve the actor's verification key through an actor-key source trusted under the issuer's local policy and validate the proof's signature (<xref target="actor-key-resolution"/>).</t>
          </li>
          <li>
            <t><bcp14>MUST</bcp14> verify that the proof's <tt>exp</tt> is no earlier than the issued outer token's <tt>exp</tt>, and that <tt>iat</tt> is plausible under the issuer's clock-skew policy.</t>
          </li>
          <li>
            <t><bcp14>MUST NOT</bcp14> issue an outer token whose <tt>aud</tt>, or whose effective resource indicators when the request expresses them, exceed the proof's target binding.  Every audience of the issued token <bcp14>MUST</bcp14> be present in <tt>target.aud</tt>, and every effective resource indicator <bcp14>MUST</bcp14> be within <tt>target.resource</tt> when that member is present.  For Token Exchange requests, an issuer that cannot satisfy the requested target within the proof's target binding <bcp14>SHOULD</bcp14> reject with <tt>invalid_target</tt> per <xref target="RFC8693"/> Section 2.2.2.</t>
          </li>
          <li>
            <t><bcp14>MUST</bcp14> include the validated proof as <tt>actor_proofs[0]</tt> of the issued token, subject to the chain rules below.</t>
          </li>
        </ol>
        <t>When no inbound <tt>actor_proofs</tt> are being preserved, the proof starts a new chain and <bcp14>MUST</bcp14> omit <tt>prh</tt>.  When the one-element array covers every visible hop (a visible <tt>act</tt> chain of depth 1), the issuer <bcp14>SHOULD</bcp14> set <tt>actor_proofs_complete: true</tt>; when inner visible hops remain uncovered, it <bcp14>SHOULD</bcp14> set <tt>actor_proofs_complete: false</tt>, per <xref target="actor-proofs-claim"/>.</t>
        <t>If proof validation fails, the issuer <bcp14>MUST NOT</bcp14> embed the proof.  When local policy or the deployment's resource requirements require actor-signed evidence for the issuance, the issuer <bcp14>MUST</bcp14> fail the request under the error model of <xref target="error-handling"/>; otherwise it <bcp14>MAY</bcp14> issue the token without <tt>actor_proofs</tt>.</t>
      </section>
      <section anchor="extending-an-existing-proof-chain">
        <name>Extending an Existing Proof Chain</name>
        <t>When an issuer adds a new outermost actor hop and also preserves an inbound <tt>actor_proofs</tt> array, it:</t>
        <ol spacing="normal" type="1"><li>
            <t><bcp14>MUST</bcp14> validate the inbound proof chain by applying the consumer processing rules in <xref target="consumer-processing"/> before relying on it or carrying it forward.</t>
          </li>
          <li>
            <t><bcp14>MUST</bcp14> verify that each inbound proof's <tt>exp</tt> is no earlier than the issued outer token's <tt>exp</tt>.  An inbound proof that fails this check is treated as failing validation under step 1.  Issuers <bcp14>MAY</bcp14> apply a small clock-skew margin to this comparison, consistent with the consumer-side skew tolerance in <xref target="consumer-processing"/>, but <bcp14>MUST NOT</bcp14> broadly accept inbound proofs whose <tt>exp</tt> precedes the issued outer token's <tt>exp</tt> by more than a deployment-defined skew bound.</t>
          </li>
          <li>
            <t><bcp14>MUST</bcp14> preserve each inbound proof byte-for-byte unchanged.</t>
          </li>
          <li>
            <t><bcp14>MUST</bcp14> accept exactly one new proof, conveyed per <xref target="actor-proof-parameter"/> and validated per <xref target="accepting-a-proof"/>, for the new outermost actor hop.</t>
          </li>
          <li>
            <t><bcp14>MUST</bcp14> verify that the new proof's <tt>prh</tt> equals the hash of the exact compact serialization of the inbound array's newest proof, computed using the algorithm named by the inherited <tt>prh_alg</tt> (defaulting to SHA-256 when absent), and <bcp14>MUST</bcp14> verify that the new proof's <tt>prh_alg</tt> matches the inherited chain's value or is omitted when the chain omits it.  An issuer that does not support the inbound <tt>prh_alg</tt> <bcp14>MUST</bcp14> reject the chain rather than rehash; rehashing would invalidate prior actors' signatures.</t>
          </li>
          <li>
            <t><bcp14>MUST</bcp14> prepend the new proof to the inherited array.</t>
          </li>
          <li>
            <t><bcp14>MUST</bcp14> set the issued outer token's <tt>actor_proofs_complete</tt> to <tt>true</tt> when the validated inbound chain carried <tt>actor_proofs_complete: true</tt> and the new proof covers the new outermost actor hop; downgrading to absent or <tt>false</tt> in that case would falsely signal a coverage reduction to recipients that test for the literal value <tt>true</tt>.  When the issuer cannot attest complete coverage for the issued chain (for example, the inbound chain was partial or carried no completeness attestation), it <bcp14>MUST NOT</bcp14> set <tt>actor_proofs_complete: true</tt> and <bcp14>SHOULD</bcp14> set <tt>actor_proofs_complete: false</tt>, per <xref target="actor-proofs-claim"/>.</t>
          </li>
        </ol>
        <t>An issuer <bcp14>MUST NOT</bcp14> reserialize, resign, normalize, trim, or otherwise alter a prior proof.</t>
        <t>Chain linkage requires the signing actor to know the exact compact serialization of the newest inbound proof, because the actor computes and signs <tt>prh</tt>.  When the inbound subject token is a JWT, the actor reads <tt>actor_proofs[0]</tt> from the token it presents.  When the inbound subject token is opaque, the deployment <bcp14>MUST</bcp14> convey the newest inbound proof, or its hash and the chain's <tt>prh_alg</tt>, to the actor before signing; when it cannot, the issuer <bcp14>MUST NOT</bcp14> accept a <tt>prh</tt>-less proof as an extension of the inbound chain, and <bcp14>MAY</bcp14> instead start a new chain under <xref target="accepting-a-proof"/> where local policy permits partial coverage (<xref target="partial-coverage-and-full-coverage"/>).</t>
        <t>If inbound proofs fail validation, the issuer <bcp14>MUST NOT</bcp14> propagate them.  It <bcp14>MAY</bcp14> continue without <tt>actor_proofs</tt> only when local policy permits partial or absent coverage; otherwise it <bcp14>MUST</bcp14> fail the request under the error model of the underlying protocol.</t>
      </section>
      <section anchor="reissuance-without-a-new-actor-hop">
        <name>Reissuance Without a New Actor Hop</name>
        <t>An issuer that reissues, translates, or introspects and re-emits a token without adding a new outermost actor hop:</t>
        <ul spacing="normal">
          <li>
            <t><bcp14>MAY</bcp14> carry an inbound <tt>actor_proofs</tt> array forward unchanged;</t>
          </li>
          <li>
            <t><bcp14>MUST NOT</bcp14> accept or embed a new proof;</t>
          </li>
          <li>
            <t><bcp14>MUST</bcp14> carry the inbound <tt>actor_proofs_complete</tt> value forward unchanged when the inbound array is carried forward unchanged; an issuer that cannot continue to attest the inbound coverage value <bcp14>MUST</bcp14> drop the inbound array entirely rather than keep the array and silently downgrade <tt>actor_proofs_complete</tt>.  Proof disclosure is all-or-nothing for a given token: a strict subset of an inherited array cannot validate under <xref target="consumer-processing"/>;</t>
          </li>
          <li>
            <t><bcp14>MUST NOT</bcp14> continue to carry an inherited <tt>actor_proofs</tt> array if it cannot preserve the visible hop alignment required by <xref target="consumer-processing"/>;</t>
          </li>
          <li>
            <t><bcp14>MUST NOT</bcp14> change the outer token's top-level <tt>sub</tt> while carrying inherited proofs forward; a <tt>sub</tt> change re-expresses subject identity and breaks the alignment between <tt>actor_proofs[0].sub</tt> and the outer token's top-level <tt>sub</tt> that consumers verify under <xref target="consumer-processing"/>.</t>
          </li>
        </ul>
        <t>If such an issuer changes the visible outermost actor, it has added a new hop and <bcp14>MUST</bcp14> follow <xref target="extending-an-existing-proof-chain"/>.</t>
        <t>Reissuance interacts with the target binding.  A reissued token whose <tt>aud</tt> or effective resource indicators exceed <tt>actor_proofs[0]</tt>'s target binding is rejected by default-posture recipients under step 9 of <xref target="consumer-processing"/>.  An issuer that retargets the audience beyond the newest proof's target binding <bcp14>MUST</bcp14> drop the inherited <tt>actor_proofs</tt> array unless the deployment's recipients are configured to accept reissuance divergence under <xref target="target-binding-strict-mode"/>; a retargeted token carrying proofs is interoperable only inside such a deployment.  Reissuance that narrows or preserves the audience within <tt>actor_proofs[0].target</tt> does not disturb the proof chain.</t>
        <t>When an issuer drops an inherited <tt>actor_proofs</tt> array while carrying an <tt>actor_receipts</tt> array forward, any <tt>proof_jti</tt> values in the retained receipts (<xref target="sibling-receipt-issuance"/>) name proofs that no longer travel with the token.  Those references become informational only; recipients that require bound siblings enforce proof presence through <tt>actor_proofs_required</tt> or local policy, not through receipt-side references alone.</t>
        <t>An AS that supports refresh tokens for delegated access tokens carrying proofs:</t>
        <ul spacing="normal">
          <li>
            <t><bcp14>MUST</bcp14> retain the <tt>actor_proofs</tt> array in issuer-controlled state across refresh, either in durable storage (for example, a token-state database or refresh-token state) or embedded in a self-contained refresh token, so each refreshed access token can carry the proofs forward unchanged.</t>
          </li>
          <li>
            <t><bcp14>MUST</bcp14> rely on proof <tt>exp</tt> values set per <xref target="proof-claims"/> to accommodate the bounded maximum delegated-session lifetime.  Otherwise downstream issuers reject inbound chains under <xref target="extending-an-existing-proof-chain"/> as proofs approach expiry, and refresh loses actor-signed evidence.</t>
          </li>
          <li>
            <t>When that bounded lifetime would be exceeded, <bcp14>MUST</bcp14> either obtain fresh delegation state with fresh proofs or stop emitting <tt>actor_proofs</tt>, unless local policy permits partial or absent coverage.</t>
          </li>
        </ul>
      </section>
      <section anchor="partial-coverage-and-full-coverage">
        <name>Partial Coverage and Full Coverage</name>
        <t>This document permits partial proof coverage for progressive deployment.  An issuer <bcp14>MAY</bcp14> begin a new proof chain even when older inner actor hops remain visible but uncovered.</t>
        <t>However:</t>
        <ul spacing="normal">
          <li>
            <t>a partial chain <bcp14>MUST</bcp14> still cover a contiguous outermost prefix of the visible actor chain;</t>
          </li>
          <li>
            <t>an issuer <bcp14>MUST NOT</bcp14> skip an outer visible hop and carry a proof only for an inner visible hop;</t>
          </li>
          <li>
            <t>when local policy or resource requirements require full actor-signed evidence, the issuer <bcp14>MUST</bcp14> either emit complete proof coverage or fail the request under the error model of the underlying protocol.</t>
          </li>
        </ul>
        <t>Because coverage is a contiguous outermost prefix, partial coverage always omits the innermost (oldest) hops first.  In many delegation chains the innermost hop is the original subject-to-actor delegation, the hop with the greatest audit and accountability value.  Deployments that value actor-signed evidence for that originating hop <bcp14>SHOULD</bcp14> deploy proof support at the origin issuer and its actors first: once the originating actor's proof starts the chain, every downstream issuer that supports this profile extends it, and coverage is complete by construction.  Resource servers that require evidence for the originating hop enforce it through <tt>actor_proofs_complete_required</tt> (<xref target="discovery-capability-signaling"/>) or equivalent local policy.</t>
        <t>When the issuer also filters the visible <tt>act</tt> chain (see the <tt>chain_complete</tt> introspection member defined in the core actor profile <xref target="I-D.mcguinness-oauth-actor-profile"/>), <tt>actor_proofs</tt> covers only the visible filtered chain.  In that case <tt>actor_proofs_complete</tt> describes coverage relative to the visible filtered chain, not the unfiltered delegation chain; recipients that need true-chain completeness <bcp14>MUST</bcp14> evaluate <tt>chain_complete</tt> separately.</t>
      </section>
      <section anchor="transaction-token-service-rebinding">
        <name>Transaction Token Service Rebinding</name>
        <t>A Transaction Token Service that establishes a new presenter and makes that presenter the new outermost actor follows the same proof rules as any other issuer that adds a new outermost actor hop, as defined in <xref target="extending-an-existing-proof-chain"/> (or <xref target="accepting-a-proof"/> when no inbound <tt>actor_proofs</tt> exist).  The new presenter is the signing actor for the new proof; inherited proofs are carried forward unchanged.  This profile does not define additional proof claims specific to Transaction Tokens.</t>
      </section>
      <section anchor="sibling-receipt-issuance">
        <name>Sibling Receipt Issuance</name>
        <t>When a deployment uses both this profile and <xref target="I-D.mcguinness-oauth-actor-receipts"/>, the issuer that adds a hop creates the receipt and embeds the proof for that hop in the same issuance operation.  The two artifacts are siblings: independent attestations of the same hop by different signers.</t>
        <t>This document defines the following extension claim for Actor Receipt JWTs, under the extension-claims rule of <xref target="I-D.mcguinness-oauth-actor-receipts"/>:</t>
        <dl>
          <dt><tt>proof_jti</tt>:</dt>
          <dd>
            <t><bcp14>OPTIONAL</bcp14>.  The <tt>jti</tt> of the proof the receipt issuer validated for the same hop.  When the issuer embeds a proof and creates a sibling receipt for one hop, the receipt <bcp14>SHOULD</bcp14> include <tt>proof_jti</tt> equal to that proof's <tt>jti</tt>.</t>
          </dd>
        </dl>
        <t><tt>proof_jti</tt> binds in the feasible direction: the issuer signs the receipt after the proof exists, so it can always name the proof, whereas the actor can name the receipt in <tt>receipt_jti</tt> only when the receipt identifier was provisioned before signing (<xref target="proof-claims"/>).  Because receipts are preserved byte-for-byte, <tt>proof_jti</tt> is fixed at receipt creation and travels with the receipt chain; a later substitution of the proof array for a different harvested proof chain is detectable through the mismatch (<xref target="threat-model"/>).</t>
        <t>Consumer verification of sibling references is defined in step 10 of <xref target="consumer-processing"/>.</t>
      </section>
    </section>
    <section anchor="consumer-processing">
      <name>Consumer Processing</name>
      <t>An issuer, resource server, or other recipient that relies on <tt>actor_proofs</tt> <bcp14>MUST</bcp14> perform the following steps.</t>
      <ol spacing="normal" type="1"><li>
          <t>Validate the outer token according to its token type and the core actor profile.</t>
        </li>
        <li>
          <t>If <tt>actor_proofs</tt> is absent, treat the token as lacking actor-signed evidence.  Whether that is acceptable is determined by local policy or by Protected Resource Metadata signals such as <tt>actor_proofs_required</tt> and <tt>actor_proofs_complete_required</tt> defined in <xref target="discovery-capability-signaling"/>.  If <tt>actor_proofs_complete</tt> is present with the value <tt>true</tt> while <tt>actor_proofs</tt> is absent, the combination is malformed; the recipient <bcp14>MUST</bcp14> treat this as a failed required check and apply the rejection rule following step 11.</t>
        </li>
        <li>
          <t>Verify that <tt>actor_proofs</tt>, if present, is a non-empty JSON array of strings.  Verify that <tt>actor_proofs_complete</tt>, if present, is a JSON boolean.</t>
        </li>
        <li>
          <t>Verify that the number of proofs does not exceed the visible actor-chain depth of the outer token.  If the outer token carries <tt>actor_proofs_complete: true</tt>, verify that the proof count exactly equals the visible actor-chain depth; if it does not, reject the token.</t>
        </li>
        <li>
          <t>For each proof, in array order:
          </t>
          <ul spacing="normal">
            <li>
              <t>parse the string as a compact JWT;</t>
            </li>
            <li>
              <t>verify that the proof's (<tt>act.iss</tt>, <tt>act.sub</tt>) pair is within the scope of an actor-key source the recipient trusts, before performing any network retrieval keyed by the proof's content;</t>
            </li>
            <li>
              <t>resolve the actor's verification key from that source (<xref target="actor-key-resolution"/>);</t>
            </li>
            <li>
              <t>validate the JWT signature;</t>
            </li>
            <li>
              <t>verify that the JOSE header uses an asymmetric digital-signature <tt>alg</tt> value accepted for that actor, and reject proofs that use <tt>alg: none</tt> or a MAC-based symmetric algorithm;</t>
            </li>
            <li>
              <t>verify that <tt>typ</tt> equals <tt>actor-proof+jwt</tt>;</t>
            </li>
            <li>
              <t>reject a proof whose <tt>crit</tt> header lists an extension header the consumer does not understand;</t>
            </li>
            <li>
              <t>verify that all <bcp14>REQUIRED</bcp14> proof claims are present and have the expected JSON types, including <tt>iss</tt>, <tt>sub</tt>, <tt>act</tt>, <tt>target</tt> with <tt>target.aud</tt>, <tt>iat</tt>, <tt>exp</tt>, and <tt>jti</tt>;</t>
            </li>
            <li>
              <t>verify that <bcp14>OPTIONAL</bcp14> claims used by this profile have the expected JSON types when present, including <tt>sub_iss</tt>, <tt>target.resource</tt>, <tt>prh</tt>, <tt>prh_alg</tt>, <tt>receipt_jti</tt>, and <tt>origin_jti</tt>;</t>
            </li>
            <li>
              <t>verify that the proof <tt>act</tt> object is single-hop, contains no nested <tt>act</tt>, and contains no <tt>cnf</tt>, and that the proof <tt>iss</tt> equals the proof <tt>act.sub</tt>;</t>
            </li>
            <li>
              <t>enforce <tt>exp</tt>, <tt>iat</tt>, and other JWT validity rules.  Because <tt>exp</tt> is <bcp14>REQUIRED</bcp14> on proofs and <bcp14>MUST</bcp14> cover the expected outer token lifetime, an expired proof <bcp14>SHOULD</bcp14> be treated as invalid even for older hops.  Local policy <bcp14>MAY</bcp14> permit continued use of a proof that is expired by a small clock-skew margin, but <bcp14>MUST NOT</bcp14> relax <tt>exp</tt> enforcement broadly as a workaround for actors that failed to set adequate <tt>exp</tt> values.</t>
            </li>
          </ul>
        </li>
        <li>
          <t>Verify proof-chain linkage:
          </t>
          <ul spacing="normal">
            <li>
              <t>each proof other than the oldest <bcp14>MUST</bcp14> include <tt>prh</tt>;</t>
            </li>
            <li>
              <t>each non-oldest proof's <tt>prh</tt> <bcp14>MUST</bcp14> hash the next older proof using the algorithm named by <tt>prh_alg</tt>, defaulting to <tt>sha-256</tt> when <tt>prh_alg</tt> is absent;</t>
            </li>
            <li>
              <t>all proofs in the chain <bcp14>MUST</bcp14> carry the same <tt>prh_alg</tt> value (or all omit it); a mixed-algorithm chain <bcp14>MUST</bcp14> be rejected;</t>
            </li>
            <li>
              <t>the named algorithm <bcp14>MUST</bcp14> be one the recipient supports; a chain naming an unsupported algorithm <bcp14>MUST</bcp14> be rejected;</t>
            </li>
            <li>
              <t>the oldest proof <bcp14>MUST</bcp14> omit <tt>prh</tt>.</t>
            </li>
          </ul>
        </li>
        <li>
          <t>Verify visible-hop alignment:
          </t>
          <ul spacing="normal">
            <li>
              <t><tt>actor_proofs[0].act.sub</tt> <bcp14>MUST</bcp14> equal the outer token's <tt>act.sub</tt>, and <tt>actor_proofs[0].act.iss</tt> <bcp14>MUST</bcp14> equal the outer token's <tt>act.iss</tt>;</t>
            </li>
            <li>
              <t><tt>actor_proofs[1].act.sub</tt> <bcp14>MUST</bcp14> equal the outer token's <tt>act.act.sub</tt>, and <tt>actor_proofs[1].act.iss</tt> <bcp14>MUST</bcp14> equal the outer token's <tt>act.act.iss</tt>;</t>
            </li>
            <li>
              <t>and so on for the number of proofs present;</t>
            </li>
            <li>
              <t>when <tt>act.sub_profile</tt> is present in the proof <tt>act</tt> object, the corresponding visible <tt>act</tt> object <bcp14>MUST</bcp14> contain <tt>act.sub_profile</tt> with the same value;</t>
            </li>
            <li>
              <t>when <tt>act.sub_profile</tt> is present only in the visible <tt>act</tt> object, the proof remains aligned for this profile.  The visible value is not attested by the actor, and recipients that require actor-signed evidence for actor classification <bcp14>MUST</bcp14> reject the proof chain or apply explicit local mapping rules.</t>
            </li>
          </ul>
        </li>
        <li>
          <t>Verify subject alignment:
          </t>
          <ul spacing="normal">
            <li>
              <t><tt>actor_proofs[0].sub</tt> <bcp14>MUST</bcp14> equal the outer token's top-level <tt>sub</tt>;</t>
            </li>
            <li>
              <t>when <tt>actor_proofs[0].sub_iss</tt> is present and the recipient has a top-level subject namespace authority for the outer token's <tt>sub</tt> from local configuration, an inbound subject token's claims, or another deployment-defined source, the two <bcp14>MUST</bcp14> identify the same namespace authority, evaluated by case-sensitive string comparison; treating lexically distinct identifiers as the same authority requires explicit trusted local mapping rules;</t>
            </li>
            <li>
              <t>older proofs <bcp14>MAY</bcp14> carry differing <tt>sub</tt> or <tt>sub_iss</tt> values; see <xref target="subject-re-expression-across-hops"/>.</t>
            </li>
          </ul>
        </li>
        <li>
          <t>Evaluate outer-token binding and target binding:
          </t>
          <ul spacing="normal">
            <li>
              <t>when <tt>actor_proofs[0].origin_jti</tt> is present and equals the outer token's <tt>jti</tt>, the proof chain is bound to the current outer-token instance; when it is present and differs, the recipient <bcp14>MUST</bcp14> reject the chain unless local policy designates the outer token issuer as a trusted reissuing issuer per <xref target="target-binding-strict-mode"/>, in which case the value is historical provenance;</t>
            </li>
            <li>
              <t>when <tt>actor_proofs[0].origin_jti</tt> is absent, the proof chain carries no instance binding of its own; this is not by itself a validation failure;</t>
            </li>
            <li>
              <t>verify that every audience of the outer token is present in <tt>actor_proofs[0].target.aud</tt>, and, when the outer token's effective resource indicators are determinable from token claims, the introspection response, or trusted local context, that each is within <tt>actor_proofs[0].target.resource</tt> when that member is present.  A recipient <bcp14>MAY</bcp14> accept a token whose audience or resources exceed the newest proof's target binding only under <xref target="target-binding-strict-mode"/>, and <bcp14>MUST</bcp14> then treat the chain as participation evidence only, not as actor consent to the current target;</t>
            </li>
            <li>
              <t>target bindings of proofs other than <tt>actor_proofs[0]</tt> are historical consent for their own hops.  The recipient <bcp14>MUST NOT</bcp14> evaluate them against the current outer token's audience or resources.</t>
            </li>
          </ul>
        </li>
        <li>
          <t>Verify sibling references, when the token also carries <tt>actor_receipts</tt> validated under <xref target="I-D.mcguinness-oauth-actor-receipts"/>:
          </t>
          <ul spacing="normal">
            <li>
              <t>for each index i covered by both arrays, when <tt>actor_receipts[i]</tt> carries <tt>proof_jti</tt>, it <bcp14>MUST</bcp14> equal <tt>actor_proofs[i].jti</tt>, and when <tt>actor_proofs[i]</tt> carries <tt>receipt_jti</tt>, it <bcp14>MUST</bcp14> equal <tt>actor_receipts[i].jti</tt>;</t>
            </li>
            <li>
              <t>a mismatched sibling reference <bcp14>MUST</bcp14> cause the recipient to reject both receipt-based and proof-based provenance for the token;</t>
            </li>
            <li>
              <t>a sibling reference that names an artifact at an index not covered by the other array is unverifiable; recipients whose policy requires bound siblings <bcp14>MUST</bcp14> reject the token's proof-based provenance, and other recipients <bcp14>MUST</bcp14> treat the reference as informational only;</t>
            </li>
            <li>
              <t>when receipts are absent or not validated, <tt>receipt_jti</tt> values are informational only.</t>
            </li>
          </ul>
        </li>
        <li>
          <t>Apply any additional consumer-processing rules defined by companion profiles whose claims appear in the proof or outer token (see <xref target="extensibility"/>).  Companion-profile rules <bcp14>MUST NOT</bcp14> relax any requirement in steps 1 through 10; they <bcp14>MAY</bcp14> add additional rejection conditions.</t>
        </li>
      </ol>
      <t>If any required check fails, the recipient <bcp14>MUST</bcp14> reject the proof chain for the purposes of this profile and <bcp14>MUST</bcp14> apply the underlying protocol's error handling for the stage at which the failure occurred.</t>
      <t>A recipient that has rejected a proof chain under this profile <bcp14>MAY</bcp14>, under explicit local policy, extract structural information from the chain for use by companion profiles.  The recipient <bcp14>MUST NOT</bcp14> treat such partial validation as conformance with this profile, and <bcp14>MUST NOT</bcp14> relax the rejection requirements defined above.</t>
      <section anchor="subject-re-expression-across-hops">
        <name>Subject Re-Expression Across Hops</name>
        <t>Older proofs can carry a different <tt>sub</tt> value from the current outer token when the subject has been re-expressed across issuer namespaces between hops.  This document does not define a universal subject-mapping algorithm.</t>
        <t>Accordingly:</t>
        <ul spacing="normal">
          <li>
            <t>only <tt>actor_proofs[0].sub</tt> is required to equal the current outer token <tt>sub</tt>;</t>
          </li>
          <li>
            <t>older proof <tt>sub</tt> values <bcp14>MAY</bcp14> differ;</t>
          </li>
          <li>
            <t>a recipient that applies stronger continuity requirements across older <tt>sub</tt> values <bcp14>MUST</bcp14> do so under explicit trusted local mapping rules.</t>
          </li>
        </ul>
        <t>Recipients <bcp14>MUST</bcp14> be aware that permitting differing <tt>sub</tt> values across proofs creates a cross-subject insertion risk: a proof signed by a legitimate actor for an unrelated subject's delegation could satisfy the structural hop-alignment check when the actor identity at that hop matches.  An attacker who compromises any single actor signing key can deliberately sign proofs naming any subject and any target, and graft them onto a downstream chain whose re-expressed <tt>sub</tt> points at a victim subject.</t>
        <t>This profile provides no in-band mechanism for cross-namespace subject reconciliation.</t>
        <t>Deployments where subject continuity is a security requirement <bcp14>SHOULD</bcp14> adopt one of the following:</t>
        <ul spacing="normal">
          <li>
            <t>require consistent <tt>sub</tt> values across all proofs in the chain, rejecting re-expressed chains; or</t>
          </li>
          <li>
            <t>enforce explicit trusted subject-mapping rules that can positively confirm each distinct <tt>sub</tt> value refers to the same underlying entity.</t>
          </li>
        </ul>
        <t>When neither condition is met, the recipient <bcp14>MUST</bcp14> treat the differing <tt>sub</tt> values as unverified subject continuity and <bcp14>MUST NOT</bcp14> rely on those older proofs for authorization decisions.</t>
      </section>
      <section anchor="complete-proof-coverage">
        <name>Complete Proof Coverage</name>
        <t>A recipient can infer structural complete proof coverage by comparing proof count with visible actor depth.  If the number of proofs equals the visible actor depth and all validation rules above succeed, the token has structurally complete proof coverage for the visible chain.</t>
        <t>When local policy only needs structural completeness, that inferred count match is sufficient.  When Protected Resource Metadata declares <tt>actor_proofs_complete_required: true</tt>, the token or introspection response <bcp14>MUST</bcp14> also carry <tt>actor_proofs_complete: true</tt>; a count match without that explicit issuer attestation does not satisfy the metadata-declared requirement.</t>
        <t>If local policy or resource requirements require full actor-signed evidence, the recipient <bcp14>MUST</bcp14> reject tokens that do not satisfy the applicable complete-coverage requirement.</t>
      </section>
      <section anchor="use-by-resource-servers">
        <name>Use by Resource Servers</name>
        <t>Resource servers can use validated actor proofs as evidence input for authorization, diagnostics, and audit.  However, a valid proof chain:</t>
        <ul spacing="normal">
          <li>
            <t>proves only that the covered actors signed their participation and hop-time target bindings;</t>
          </li>
          <li>
            <t>does not prove that the represented delegation remains active, authorized, or acceptable under current policy;</t>
          </li>
          <li>
            <t>does not prove that any authorization server validated the hop; that attestation is the receipts companion's role;</t>
          </li>
          <li>
            <t>does not replace the need to authorize the current token itself;</t>
          </li>
          <li>
            <t>does not convey authority, authorization, entitlement, or delegation rights;</t>
          </li>
          <li>
            <t>is not actor consent to the current request; it is actor consent to the hop-time issuance within the recorded target binding.</t>
          </li>
        </ul>
        <t>A resource server that bases an authorization decision on proof content alone, without re-evaluating the current outer token and current policy, mis-uses this profile.</t>
      </section>
      <section anchor="consumer-introspection">
        <name>Introspection</name>
        <t>When an authorization server returns actor-proof information in an OAuth Token Introspection response <xref target="RFC7662"/>, it:</t>
        <ul spacing="normal">
          <li>
            <t><bcp14>MAY</bcp14> return <tt>actor_proofs</tt> using the same array format defined in <xref target="actor-proofs-claim"/>;</t>
          </li>
          <li>
            <t><bcp14>MAY</bcp14> return <tt>actor_proofs_complete</tt> to indicate whether the returned array provides complete coverage for the visible chain as known to the introspection server.</t>
          </li>
        </ul>
        <t>The registered introspection response members are defined in <xref target="introspection-response-members"/>; introspection-server failure handling is addressed in <xref target="introspection-errors"/>.</t>
        <t>Introspection is the primary delivery mechanism for proofs associated with opaque (non-JWT) outer tokens.  Such tokens cannot carry an inline <tt>actor_proofs</tt> claim; the issuer instead retains the proofs in its token store and surfaces them to authorized resource servers via introspection.  The proof format and consumer processing rules above apply unchanged in this case, with the introspection response substituting for the outer token's claim set.</t>
        <t>An introspection response that includes <tt>actor_proofs</tt> <bcp14>MUST</bcp14> include the members needed to perform the consumer processing in <xref target="consumer-processing"/>: the token's top-level <tt>sub</tt>, the visible <tt>act</tt> chain, the token's <tt>aud</tt>, and the token's <tt>iss</tt>.  When the introspection server maintains a <tt>jti</tt> for the token, the response <bcp14>SHOULD</bcp14> include it so that recipients can evaluate <tt>origin_jti</tt> binding; when <tt>jti</tt> is absent from the response, recipients treat the chain as carrying no instance binding per step 9.  If <tt>actor_proofs_complete</tt> is present, it <bcp14>MUST</bcp14> be a JSON boolean.  A resource server that receives both inline proofs in a JWT token and proofs in an introspection response <bcp14>MUST</bcp14> apply local policy to choose the authoritative source; if both sources are consumed together, mismatched <tt>actor_proofs</tt> or <tt>actor_proofs_complete</tt> values <bcp14>MUST</bcp14> cause the resource server to reject proof-based provenance for the token.</t>
        <t>Proof disclosure through introspection is all-or-nothing for a given token: a strict subset of the stored array cannot validate under <xref target="consumer-processing"/>, because removing an older proof leaves the next newer proof's <tt>prh</tt> without a target and removing the newest proof breaks visible-hop alignment.  An introspection server that cannot disclose the full stored array for privacy or policy reasons <bcp14>MUST</bcp14> omit <tt>actor_proofs</tt> from the response entirely.  A stored array that itself has partial coverage is returned in full, with <tt>actor_proofs_complete: false</tt>.</t>
        <t>When the introspected token is revoked or otherwise inactive, the introspection response follows the core actor profile's suppression rule for delegation claims: an introspection server <bcp14>MUST NOT</bcp14> return <tt>actor_proofs</tt> or <tt>actor_proofs_complete</tt> for a token it reports as inactive.</t>
        <t>The core actor profile's <tt>chain_complete</tt> introspection member and <tt>actor_proofs_complete</tt> are distinct signals, exactly as described for receipts in <xref target="I-D.mcguinness-oauth-actor-receipts"/>: when <tt>chain_complete: false</tt>, proof coverage is complete only for the visible filtered chain, not the full delegation chain.</t>
      </section>
    </section>
    <section anchor="discovery-capability-signaling">
      <name>Discovery and Capability Signaling</name>
      <t>This section defines metadata for advertising support for actor proofs.  It follows the claim-pair and discovery conventions defined in <xref target="I-D.mcguinness-oauth-actor-receipts"/>.</t>
      <section anchor="authorization-server-metadata">
        <name>Authorization Server Metadata</name>
        <t>The following parameter is defined for use in Authorization Server Metadata <xref target="RFC8414"/>:</t>
        <dl>
          <dt><tt>actor_proofs_supported</tt>:</dt>
          <dd>
            <t><bcp14>OPTIONAL</bcp14>.  A boolean.  When <tt>true</tt>, the authorization server advertises that it accepts the <tt>actor_proof</tt> token request parameter, validates proofs against actor keys, and embeds, preserves, or extends proof chains according to this document.  This value does not guarantee complete coverage for every visible hop in every resulting token.  When <tt>false</tt> or absent, clients and relying parties <bcp14>MUST NOT</bcp14> assume such support.</t>
          </dd>
        </dl>
        <t>This parameter applies equally to an authorization server that issues delegated JWT outputs and to a Transaction Token Service publishing metadata through the same framework.</t>
      </section>
      <section anchor="protected-resource-metadata">
        <name>Protected Resource Metadata</name>
        <t>The following parameters are defined for use in Protected Resource Metadata <xref target="RFC9728"/>:</t>
        <dl>
          <dt><tt>actor_proofs_required</tt>:</dt>
          <dd>
            <t><bcp14>OPTIONAL</bcp14>.  A boolean.  When <tt>true</tt>, the resource server indicates that delegated requests are expected to carry valid actor proofs covering at minimum the outermost visible actor hop.  When <tt>false</tt> or absent, the resource server makes no metadata declaration about actor-signed evidence requirements.
</t>
            <t>Unlike receipt issuance, proof creation involves the actor directly: an actor that can sign proofs <bcp14>MAY</bcp14> use this declaration, together with <tt>actor_proofs_supported</tt> in Authorization Server Metadata, to decide to include <tt>actor_proof</tt> in its token requests.  The declaration also serves deployment coordination and expresses the enforcement posture under which this profile's anti-fabrication property holds (<xref target="downgrade-by-omission"/>).</t>
          </dd>
          <dt><tt>actor_proofs_complete_required</tt>:</dt>
          <dd>
            <t><bcp14>OPTIONAL</bcp14>.  A boolean.  When <tt>true</tt>, the resource server indicates that it requires complete proof coverage: the proof count must equal the visible actor-chain depth and <tt>actor_proofs_complete</tt> must be <tt>true</tt> in the outer token or the introspection response.  This parameter refines <tt>actor_proofs_required</tt>; a resource server <bcp14>SHOULD NOT</bcp14> set <tt>actor_proofs_complete_required: true</tt> without also setting <tt>actor_proofs_required: true</tt>.  When <tt>false</tt> or absent, partial proof coverage is acceptable to the resource server, subject to any further local policy.</t>
          </dd>
        </dl>
      </section>
      <section anchor="introspection-response-members">
        <name>Introspection Response Members</name>
        <t>The following members are defined for use in OAuth Token Introspection responses <xref target="RFC7662"/>:</t>
        <dl>
          <dt><tt>actor_proofs</tt>:</dt>
          <dd>
            <t><bcp14>OPTIONAL</bcp14>.  An array of strings using the same syntax as the JWT claim of the same name.</t>
          </dd>
          <dt><tt>actor_proofs_complete</tt>:</dt>
          <dd>
            <t><bcp14>OPTIONAL</bcp14>.  A boolean.  When <tt>true</tt>, the introspection response indicates that the returned <tt>actor_proofs</tt> cover every visible hop in the token chain as known to the introspection server.  When <tt>false</tt>, the response indicates that the returned proofs provide only partial coverage of the visible chain.</t>
          </dd>
        </dl>
        <t>Consumer use of these members is described in <xref target="consumer-introspection"/>; introspection-server failure handling is addressed in <xref target="introspection-errors"/>.</t>
      </section>
      <section anchor="out-of-scope-discovery-signals">
        <name>Out-of-Scope Discovery Signals</name>
        <t>This document does not define metadata for actor-key source discovery; recipients establish actor-key sources through explicit trust frameworks (<xref target="actor-key-resolution"/>), not through metadata defined here.  It also does not define a metadata signal for requiring bound siblings (<tt>proof_jti</tt> on receipts); deployments that need bound siblings coordinate that requirement through deployment policy.</t>
      </section>
    </section>
    <section anchor="error-handling">
      <name>Error Handling</name>
      <t>This section defines how proof-related processing failures map to OAuth error responses.  Proof validation extends the underlying OAuth or Transaction Token validation rather than replacing it; failures should be reported through the error-response mechanism applicable to the stage at which validation occurred.</t>
      <section anchor="authorization-server-and-transaction-token-service-errors">
        <name>Authorization Server and Transaction Token Service Errors</name>
        <t>When an authorization server or Transaction Token Service rejects a token request because an inbound <tt>actor_proofs</tt> chain or a newly submitted proof cannot be validated (signature failure, key-resolution failure for an actor outside the trusted key sources, expired proof, unsupported <tt>prh_alg</tt>, broken <tt>prh</tt> chain, hop or subject misalignment), it <bcp14>SHOULD</bcp14> return <tt>invalid_grant</tt>, constructed per <xref target="RFC8693"/> Section 2.2.2 and <xref target="RFC6749"/> Section 5.2, consistent with the core actor profile's error mapping for actor information that fails validation.</t>
        <t>When the requested token's audience or resources cannot be satisfied within the submitted proof's target binding in a Token Exchange request, the issuer <bcp14>SHOULD</bcp14> return <tt>invalid_target</tt> per <xref target="RFC8693"/> Section 2.2.2.</t>
        <t>When the failure reflects an actor-authorization decision rather than a structural validation failure, an issuer <bcp14>MAY</bcp14> use <tt>actor_unauthorized</tt> as defined in the core actor profile <xref target="I-D.mcguinness-oauth-actor-profile"/> where applicable.</t>
      </section>
      <section anchor="resource-server-errors">
        <name>Resource Server Errors</name>
        <t>When a resource server rejects a request because <tt>actor_proofs</tt> validation fails under <xref target="consumer-processing"/>, it <bcp14>SHOULD</bcp14> return <tt>invalid_token</tt> per the bearer-token error model in <xref target="RFC6750"/> Section 3.1.</t>
        <t>When the failure is specifically that required proofs are absent or coverage is incomplete (per <tt>actor_proofs_required</tt> or <tt>actor_proofs_complete_required</tt>), the resource server <bcp14>SHOULD</bcp14> include an <tt>error_description</tt> value identifying proof-coverage failure so that clients and operators can distinguish it from generic token-validation failures.</t>
      </section>
      <section anchor="introspection-errors">
        <name>Introspection Server Behavior</name>
        <t>When an introspection server cannot return proofs that the requesting resource server requires, it returns the introspection response per <xref target="RFC7662"/> with <tt>actor_proofs</tt> absent or with <tt>actor_proofs_complete: false</tt>; the resource server then applies its local policy to decide whether to accept the token.</t>
        <t>The introspection server itself does not return an OAuth error for missing proofs; proof presence is a property of the introspection response, not a precondition for it.</t>
      </section>
      <section anchor="no-new-error-codes">
        <name>No New Error Codes</name>
        <t>This document does not define new OAuth error codes.  The mapping above reuses existing codes from <xref target="RFC6749"/>, <xref target="RFC6750"/>, <xref target="RFC8693"/>, and the core actor profile.</t>
      </section>
    </section>
    <section anchor="extensibility">
      <name>Extensibility</name>
      <t>This profile composes with the extensibility framework defined in <xref target="I-D.mcguinness-oauth-actor-receipts"/> and adds proof-specific extension surfaces:</t>
      <ul spacing="normal">
        <li>
          <t><strong>New claims inside a proof JWT</strong> for additional per-hop actor-attested attributes.  Consumers ignore unrecognized claims under <xref target="proof-claims"/> unless another specification or local agreement defines their meaning.</t>
        </li>
        <li>
          <t><strong>New <tt>target</tt> extension members</strong> with constraining semantics, per the extension rule in <xref target="proof-claims"/>.  Specifications needing actor consent at scope or action granularity extend <tt>target</tt> rather than redefining it.</t>
        </li>
        <li>
          <t><strong>Challenge and provisioning mechanisms</strong> that supply prospective identifiers (the outer token's <tt>jti</tt>, a receipt's <tt>jti</tt>, or the newest inbound proof for opaque inbound tokens) to the actor before signing.  The <tt>origin_jti</tt> and <tt>receipt_jti</tt> claims are the designed insertion points; such mechanisms strengthen instance binding without changing proof processing.</t>
        </li>
        <li>
          <t><strong>Actor-side non-hop event artifacts</strong>, such as an actor re-consenting to a different target binding without a new actor hop.  Companion profiles defining such artifacts <bcp14>SHOULD</bcp14> follow the non-hop event artifact pattern of <xref target="I-D.mcguinness-oauth-actor-receipts"/>: a signed JWT with a <tt>typ</tt> value distinct from <tt>actor-proof+jwt</tt>, carried in a parallel outer-token claim, anchored to a specific proof by the proof's <tt>jti</tt> in a claim the companion defines, or to the delegation flow by a correlation identifier the companion profile specifies.  Companion profiles <bcp14>MUST NOT</bcp14> add event-shaped entries to <tt>actor_proofs</tt>; that array is reserved for per-hop actor-signed proofs defined by this document, and its byte-preservation invariant cannot accommodate entries added after the chain was formed.</t>
        </li>
        <li>
          <t><strong>Multi-actor co-signed hops</strong> are out of scope for this document and would require a successor or companion profile with its own artifact structure.</t>
        </li>
      </ul>
      <t>Companion profile authoring rules:</t>
      <ul spacing="normal">
        <li>
          <t>Companion profiles <bcp14>MAY</bcp14> extend consumer processing under <xref target="consumer-processing"/> by adding rejection conditions; they <bcp14>MUST NOT</bcp14> relax any rejection condition defined here.</t>
        </li>
        <li>
          <t>Companion-profile claims and discovery metadata <bcp14>MUST</bcp14> be registered with IANA in the registries used by this document.</t>
        </li>
        <li>
          <t>Companion profiles that define per-hop signed artifacts <bcp14>SHOULD</bcp14> follow the claim-pair and discovery conventions of <xref target="I-D.mcguinness-oauth-actor-receipts"/>, and <bcp14>MAY</bcp14> reuse the <tt>prh</tt> and <tt>prh_alg</tt> chain-linkage construction.</t>
        </li>
      </ul>
      <t>Conflict resolution: when a recipient implements multiple companion profiles whose rules conflict, local policy determines precedence.  Companion profiles <bcp14>SHOULD</bcp14> be designed to add, not contradict, other profiles' rejection conditions.</t>
    </section>
    <section anchor="security-considerations">
      <name>Security Considerations</name>
      <t>Actor proofs strengthen delegation evidence with actor-side signatures, but they do not replace ordinary token validation.  The general OAuth 2.0 Security Best Current Practice <xref target="RFC9700"/> and the JWT best practices in <xref target="RFC8725"/> apply to systems implementing this profile.</t>
      <section anchor="threat-model">
        <name>Threat Model</name>
        <t>This section indexes the adversary classes addressed (and not addressed) by this profile.  Detailed mitigations live in <xref target="actor-key-resolution"/>, <xref target="proof-to-token-binding-limits"/>, <xref target="downgrade-by-omission"/>, and <xref target="subject-re-expression-across-hops"/>.</t>
        <section anchor="adversaries-mitigated-by-this-profile">
          <name>Adversaries Mitigated by This Profile</name>
          <ul spacing="normal">
            <li>
              <t><strong>Current outer-token issuer fabricating actor participation.</strong>  Cannot forge the actor's proof signature at proof-covered hops.  Primary value proposition.  Conditional on two recipient-side requirements: the recipient requires proofs for the tokens it accepts (<xref target="downgrade-by-omission"/>), and the recipient resolves the actor's key through a source independent of the issuer being defended against (<xref target="actor-key-resolution"/>).</t>
            </li>
            <li>
              <t><strong>Current issuer exceeding the actor-authorized target at the covered hop.</strong>  Issuer-side enforcement in <xref target="accepting-a-proof"/> and consumer step 9 detect an outer token whose audience or resources exceed the newest proof's signed target binding, subject to <xref target="target-binding-strict-mode"/>.</t>
            </li>
            <li>
              <t><strong>Compromised downstream issuer fabricating prior-hop participation.</strong>  Cannot forge prior actors' proof signatures; the <tt>prh</tt> chain prevents dropping or reordering inner proofs.</t>
            </li>
            <li>
              <t><strong>Token mutation in transit.</strong>  Each proof is independently signed; modification invalidates the proof's signature and any newer proof's <tt>prh</tt>.</t>
            </li>
            <li>
              <t><strong>Partial-coverage misclaim.</strong>  An issuer cannot drop an inner proof without breaking the <tt>prh</tt> chain; <tt>actor_proofs_complete: true</tt> cannot be claimed without a count matching visible chain depth.  An issuer can withhold coverage only from the innermost end of the chain, and only by beginning a new chain rather than trimming an inherited one, exactly as for receipts.</t>
            </li>
            <li>
              <t><strong>Proof-chain substitution, when receipts with <tt>proof_jti</tt> are present.</strong>  Replacing the proof array with a different harvested proof chain for the same visible hops mismatches the byte-preserved <tt>proof_jti</tt> values in the receipt chain and is rejected under step 10 of <xref target="consumer-processing"/>.</t>
            </li>
          </ul>
        </section>
        <section anchor="adversaries-not-mitigated">
          <name>Adversaries NOT Mitigated</name>
          <ul spacing="normal">
            <li>
              <t><strong>Compromised actor signing key.</strong>  Forged proofs are indistinguishable from legitimate ones and cannot be revoked individually.  Remediation: remove the key or actor from the trusted actor-key sources; short proof <tt>exp</tt> bounds the exposure window.</t>
            </li>
            <li>
              <t><strong>Issuer omission of proofs.</strong>  An issuer that fabricates participation simply omits <tt>actor_proofs</tt>.  Omission is a downgrade, not merely denial of service; the anti-fabrication property exists only for recipients that require proofs (<xref target="downgrade-by-omission"/>).</t>
            </li>
            <li>
              <t><strong>Proof re-embedding within the validity window.</strong>  A party that received a valid proof, including the issuer it was submitted to, can embed it in a different token with a matching subject, actor chain position, and target within the proof's <tt>exp</tt> window.  See <xref target="proof-to-token-binding-limits"/> for the binding limits and mitigations.</t>
            </li>
            <li>
              <t><strong>Malicious or coerced actor.</strong>  Proofs attest that the actor's key signed the participation; they do not attest intent, and they do not protect against an actor that colludes with a compromised issuer.  When issuer and actor are the same adversary, neither companion detects it.</t>
            </li>
            <li>
              <t><strong>Cross-subject graft with a compromised actor key.</strong>  Analogous to the receipts-side graft: see <xref target="subject-re-expression-across-hops"/>.</t>
            </li>
            <li>
              <t><strong>Replay of an entire token plus its proofs.</strong>  This profile does not define replay detection; proofs inherit the outer token's replay characteristics.</t>
            </li>
          </ul>
        </section>
        <section anchor="trust-model-summary">
          <name>Trust Model Summary</name>
          <t>Trust is per-actor-key and per-deployment, and not transitive across the chain.  A proof chain breaks at the first proof whose signing key cannot be resolved through an actor-key source the recipient trusts, even when the outer token's issuer and other proofs are trusted.  Proofs and receipts have independent trust anchors; validating both yields evidence that survives compromise of either the issuer side or the actor side, but not simultaneous compromise of both.</t>
        </section>
      </section>
      <section anchor="current-presenter-validation">
        <name>Current Presenter Validation</name>
        <t>The current request is always validated against the outer token's top-level <tt>cnf</tt> (<xref target="RFC7800"/>), when present, using the proof mechanism appropriate to the token type and deployment, such as DPoP <xref target="RFC9449"/> or mutual-TLS <xref target="RFC8705"/>.</t>
        <t>An actor proof is never a substitute for that validation:</t>
        <ul spacing="normal">
          <li>
            <t>A recipient <bcp14>MUST NOT</bcp14> treat a proof signature as satisfying a proof-of-possession requirement for the current request, regardless of whether the proof signing key is the same key as a presenter key.</t>
          </li>
          <li>
            <t>Recipients <bcp14>MUST</bcp14> distinguish proof JWTs (identified by the <tt>typ</tt> value <tt>actor-proof+jwt</tt>) from artifacts that carry current-request proof-of-possession semantics under <xref target="RFC7800"/>, <xref target="RFC9449"/>, or <xref target="RFC8705"/>.</t>
          </li>
        </ul>
      </section>
      <section anchor="actor-key-resolution">
        <name>Actor Key Resolution and Trust</name>
        <t>Proof validation is meaningful only if the recipient resolves actor verification keys through sources it trusts.</t>
        <t>Trust establishment requirements:</t>
        <ul spacing="normal">
          <li>
            <t>A recipient <bcp14>MUST</bcp14> establish its trusted actor-key sources before relying on <tt>actor_proofs</tt>.  Trust <bcp14>MUST</bcp14> be established through explicit pre-configuration, bilateral agreement, federation policy, or another explicit trust framework.</t>
          </li>
          <li>
            <t>A recipient <bcp14>MUST NOT</bcp14> treat the presence of a syntactically valid signed proof as sufficient grounds to trust the key that signed it.</t>
          </li>
          <li>
            <t>A recipient <bcp14>MUST</bcp14> determine that a proof's (<tt>act.iss</tt>, <tt>act.sub</tt>) pair is within the scope of a trusted actor-key source before performing any network retrieval keyed by the proof's content, and <bcp14>MUST NOT</bcp14> dereference key references supplied by the proof itself (such as <tt>jku</tt> or <tt>x5u</tt> header parameters) outside a pre-established trust framework, per <xref target="RFC8725"/>.</t>
          </li>
          <li>
            <t>Key resolution and trust evaluation use the (<tt>act.iss</tt>, <tt>act.sub</tt>) pair.  The bare proof <tt>iss</tt> string <bcp14>MUST NOT</bcp14> be the sole resolution index; actor identifiers are namespaced by <tt>act.iss</tt>, and identical <tt>act.sub</tt> strings under different namespace authorities are different actors.</t>
          </li>
        </ul>
        <t>This document profiles the following resolution patterns; a deployment may support any subset:</t>
        <ul spacing="normal">
          <li>
            <t><strong>Pre-established keys.</strong>  The actor's verification keys are registered with the recipient or its trust framework in advance, for example as the JWKS of a registered OAuth client at the authorization server, or as locally configured keys at a resource server.  This pattern is self-contained and provides the strongest independence properties.  Attestation-based client authentication <xref target="I-D.ietf-oauth-attestation-based-client-auth"/> provides an interoperable way to establish such keys, with an attester vouching for the actor's key binding.</t>
          </li>
          <li>
            <t><strong>Receipt-attested presenter keys.</strong>  When the sibling receipt for a hop carries the historical presenter binding <tt>cnf</tt> defined in <xref target="I-D.mcguinness-oauth-actor-receipts"/>, and the deployment binds proof signing keys to presenter keys, the recipient <bcp14>MAY</bcp14> verify the proof signature against the key identified by the aligned receipt's <tt>cnf</tt>.  This pattern requires no separate key registry, but the key attestation derives from the receipt issuer: proofs verified this way provide no independence from that issuer.  In particular, at the newest hop, whose receipt is signed by the current outer token issuer in the originating-issuance case, receipt-attested key resolution provides no anti-fabrication protection against that issuer.</t>
          </li>
          <li>
            <t><strong>Federation and workload identity systems.</strong>  Deployment-defined resolution through workload identity or federation infrastructure.  The trust and freshness properties are those of the underlying system; this document does not profile them.  OAuth SPIFFE client authentication <xref target="I-D.ietf-oauth-spiffe-client-auth"/> is an example of workload-identity key establishment that deployments can apply to actor signing keys.</t>
          </li>
        </ul>
        <t>The independence requirement follows from the threat model: for the anti-fabrication property against a given issuer to hold at a hop, the recipient <bcp14>MUST</bcp14> resolve the actor's key for that hop through a source independent of that issuer.</t>
        <t>Actor keys, like receipt-issuer trust, are not transitive: each proof is validated against the recipient's own actor-key sources, independent of the outer token's issuer and of neighboring proofs.  If any proof in the presented <tt>actor_proofs</tt> array is signed by a key the recipient cannot resolve through a trusted source, the recipient <bcp14>MUST</bcp14> reject the proof chain for the purposes of this profile.</t>
      </section>
      <section anchor="proof-to-token-binding-limits">
        <name>Proof-to-Token Binding Limits</name>
        <t>A proof is signed before the token that carries it exists.  It therefore names the delegation context (subject, actor, target binding, time window, unique <tt>jti</tt>), not a token instance.  Within a proof's validity window, a party holding the proof, including the issuer it was legitimately submitted to, can embed it in a different outer token with the same subject, the same actor chain position, and a target within the proof's binding, and no signature check detects the reuse.  The actor's non-repudiation statement is scoped accordingly: the actor authorized this delegation relationship toward this target within this window, not this specific token issuance.</t>
        <t>Available bindings, strongest first:</t>
        <ul spacing="normal">
          <li>
            <t><strong>Receipts composition.</strong>  When the token also carries receipts, the receipt chain's <tt>origin_jti</tt> anchoring and strict-mode rules in <xref target="I-D.mcguinness-oauth-actor-receipts"/> bind the token instance, and <tt>proof_jti</tt> (<xref target="sibling-receipt-issuance"/>) binds the proof chain to that anchored receipt chain.  A re-embedded proof would require a matching fabricated receipt, which the receipt trust model prevents for issuers that cannot sign trusted receipts.  This is the <bcp14>RECOMMENDED</bcp14> posture for deployments that require instance binding.</t>
          </li>
          <li>
            <t><strong>Provisioned <tt>origin_jti</tt>.</strong>  When the issuance flow provides the prospective outer-token <tt>jti</tt> to the actor before signing, <tt>actor_proofs[0].origin_jti</tt> binds the proof to that token instance directly, per step 9 of <xref target="consumer-processing"/>.</t>
          </li>
          <li>
            <t><strong><tt>jti</tt> uniqueness monitoring.</strong>  Recipients and audit pipelines <bcp14>MAY</bcp14> track proof <tt>jti</tt> values and flag the same proof appearing in more than one outer-token instance.  This is stateful and deployment-specific; this document does not define the mechanism.</t>
          </li>
          <li>
            <t><strong>Short <tt>exp</tt>.</strong>  Bounds the re-embedding window unconditionally, at the cost of shorter delegated-session lifetimes (<xref target="proof-claims"/>).</t>
          </li>
        </ul>
        <t>Inner proofs have no independent binding to the current token; they are bound to their newer neighbor through <tt>prh</tt> and inherit whatever binding <tt>actor_proofs[0]</tt> has.</t>
        <section anchor="target-binding-strict-mode">
          <name>Target-Binding Strict Mode</name>
          <t>Recipients that have not explicitly configured a set of trusted reissuing issuers operate in strict mode by default: per step 9 of <xref target="consumer-processing"/>, an outer token whose audience or effective resources exceed <tt>actor_proofs[0]</tt>'s target binding, or whose <tt>jti</tt> differs from a present <tt>actor_proofs[0].origin_jti</tt>, causes the recipient to reject the proof chain.</t>
          <t>Strict mode is the conservative default and the recommended posture absent specific deployment requirements.  Deployments that reissue tokens with retargeted audiences while carrying proofs forward <bcp14>MUST</bcp14> configure permissive validation with an explicit set of trusted reissuing issuers, established through local policy or an out-of-band trust framework.  A recipient operating permissively <bcp14>MUST</bcp14> treat the proof chain as participation evidence only and <bcp14>MUST NOT</bcp14> treat the current audience or resources as actor-authorized.  When receipts are also present, the recipient <bcp14>SHOULD</bcp14> apply a single reissuance-trust decision across both companions rather than accepting divergence for one chain and rejecting it for the other.</t>
        </section>
      </section>
      <section anchor="hash-algorithm-agility">
        <name>Hash Algorithm Agility</name>
        <t>The <tt>prh</tt> and <tt>prh_alg</tt> agility rules of <xref target="I-D.mcguinness-oauth-actor-receipts"/> apply to proof chains unchanged: one algorithm per chain, whole-chain migration only, no rehashing of inherited artifacts, and rejection of mixed or unsupported algorithms.  The proof chain's algorithm is independent of the receipt chain's algorithm in the same token.</t>
      </section>
      <section anchor="downgrade-by-omission">
        <name>Downgrade by Omission</name>
        <t>This profile's anti-fabrication property is conditional on enforcement.  A compromised issuer that wants to fabricate actor participation does not submit a forged proof, which would fail signature validation; it omits <tt>actor_proofs</tt> entirely.  A recipient that accepts delegated tokens without proofs has no protection from this profile against that issuer.</t>
        <t>Accordingly:</t>
        <ul spacing="normal">
          <li>
            <t>Resource servers that rely on actor-signed evidence <bcp14>MUST</bcp14> require proofs, through <tt>actor_proofs_required</tt> (and <tt>actor_proofs_complete_required</tt> where inner hops matter) or equivalent local policy, for the delegated tokens they accept.</t>
          </li>
          <li>
            <t>Recipients <bcp14>SHOULD</bcp14> treat the absence of proofs from an issuer that advertises <tt>actor_proofs_supported: true</tt>, for a resource that requires them, as a signal warranting scrutiny rather than silent acceptance.</t>
          </li>
        </ul>
        <t>Issuers cannot protect recipients that do not ask; the enforcement locus of this profile is the recipient.</t>
      </section>
      <section anchor="actor-key-compromise">
        <name>Actor Key Compromise</name>
        <t>If an actor's signing key is compromised, previously signed proofs and newly forged proofs under that key are indistinguishable.  The primary remediation is to remove the compromised key or actor from the recipient's trusted actor-key sources; once removed, consumers will reject all proofs attributed to that actor's key regardless of content.</t>
        <t>Deployments <bcp14>SHOULD</bcp14> set short <tt>exp</tt> values on proofs, consistent with the <bcp14>REQUIRED</bcp14> <tt>exp</tt> defined in <xref target="proof-claims"/>, to limit the window during which proofs signed with a compromised key remain valid.  When a key compromise is detected, deployments <bcp14>SHOULD</bcp14> treat tokens carrying proofs from the affected actor as lacking trusted actor-signed evidence for those hops and <bcp14>SHOULD</bcp14> require fresh delegation with fresh proofs.</t>
      </section>
      <section anchor="proof-chain-size">
        <name>Proof Chain Size</name>
        <t>Each proof is a full signed JWT, and the chain grows linearly with delegation depth.  A typical signed proof is 400 to 800 bytes after JWS compact serialization and base64url encoding, comparable to a receipt.  A token carrying both companions in belt-and-suspenders mode carries roughly twice the per-hop artifact bytes of either companion alone.  Deployments <bcp14>SHOULD</bcp14> verify that the outer token plus its companion arrays fits within the header-size budget of every component on the request path; the receipts companion's size guidance applies, and introspection delivery avoids header pressure for bearer-token clients.</t>
      </section>
      <section anchor="proof-freshness">
        <name>Proof Freshness and Replay</name>
        <t>Proofs are historical attestations of hop-time consent.  They <bcp14>MAY</bcp14> outlive the validity period of the outer token they were originally embedded in, and <bcp14>MAY</bcp14> be carried forward across reissuance and refresh as long as their <tt>exp</tt> permits.</t>
        <ul spacing="normal">
          <li>
            <t>Proofs attest participation and target consent at signing time; they do not assert that the represented delegation is still active or that the actor would consent today.</t>
          </li>
          <li>
            <t>Runtime policy evaluation, including current authorization and current revocation state, is separate from proof validation.</t>
          </li>
          <li>
            <t>Replay of an entire token plus its proofs is governed by the outer token's replay characteristics.  Re-embedding of an individual proof into a different token is a distinct threat, bounded as described in <xref target="proof-to-token-binding-limits"/>.</t>
          </li>
        </ul>
        <t>Deployments needing freshness signals beyond proof <tt>exp</tt> <bcp14>MUST</bcp14> obtain those signals from the authorization server via introspection (<xref target="RFC7662"/>), fresh token issuance, or another mechanism outside the scope of this profile.</t>
      </section>
      <section anchor="sibling-revocation-independence">
        <name>Sibling Revocation Independence</name>
        <t>A proof does not inherit revocation or trust state from its sibling receipt.  When a deployment removes a receipt issuer from its trusted-issuer set under <xref target="I-D.mcguinness-oauth-actor-receipts"/>, proofs for the same hops remain valid under their own actor keys, and vice versa.  Recipients that require issuer-side revocation semantics for a hop <bcp14>MUST</bcp14> require receipt validation alongside proof validation rather than relying on the proof alone; the sibling references of <xref target="sibling-receipt-issuance"/> identify the receipt whose trust state applies to a hop.</t>
      </section>
    </section>
    <section anchor="privacy-considerations">
      <name>Privacy Considerations</name>
      <t>Actor proofs increase delegation transparency in a specific way that receipts do not: they make actor participation provable to third parties, not merely visible.  A signature is transferable evidence; any holder of a proof-bearing token can demonstrate to anyone with access to the actor's public key that the actor participated in the delegation and consented to the recorded target.  Non-repudiation is the purpose of this profile and simultaneously its principal privacy cost.</t>
      <section anchor="what-proofs-disclose">
        <name>What Proofs Disclose</name>
        <t>Proofs can expose, to any party that receives the token or introspection response:</t>
        <ul spacing="normal">
          <li>
            <t>cryptographically transferable evidence of each covered actor's participation, retained and provable beyond token lifetime;</t>
          </li>
          <li>
            <t>actor key identifiers (<tt>kid</tt> values and resolved public keys), which are stable correlation handles across proofs, flows, and services;</t>
          </li>
          <li>
            <t>target bindings (<tt>target.aud</tt>, <tt>target.resource</tt>), which may reveal internal audience and resource identifiers a deployment would not otherwise expose to all recipients;</t>
          </li>
          <li>
            <t>the delegation graph of a workflow, tied together by <tt>prh</tt> chain hashes;</t>
          </li>
          <li>
            <t>subject re-expression patterns across namespaces, as with receipts.</t>
          </li>
        </ul>
      </section>
      <section anchor="minimization">
        <name>Minimization</name>
        <t>Deployments <bcp14>SHOULD</bcp14> minimize proof disclosure when actor-signed evidence is not required:</t>
        <ul spacing="normal">
          <li>
            <t>Issuers and introspection servers <bcp14>MAY</bcp14> withhold <tt>actor_proofs</tt> entirely when policy does not permit disclosure; a strict subset of an existing array cannot validate (<xref target="consumer-introspection"/>), so disclosure of an existing chain is all-or-nothing.</t>
          </li>
          <li>
            <t>Actors <bcp14>SHOULD</bcp14> omit <tt>target.resource</tt> when audience-level consent is sufficient, since resource URIs are often the most deployment-revealing values in a proof.</t>
          </li>
          <li>
            <t>Resource servers <bcp14>SHOULD</bcp14> require actor proofs only when they materially improve authorization, audit, or risk controls.</t>
          </li>
          <li>
            <t>Deployments <bcp14>SHOULD</bcp14> prefer per-resource-server policy on proof requirements over blanket inclusion in every token.</t>
          </li>
          <li>
            <t>Deployments <bcp14>SHOULD</bcp14> evaluate actor key lifetimes with correlation in mind: long-lived actor keys make every proof signed under them linkable.</t>
          </li>
        </ul>
      </section>
      <section anchor="selective-disclosure">
        <name>Selective Disclosure</name>
        <t>This profile does not define a per-claim selective-disclosure mechanism for proofs: chain integrity requires byte-for-byte preservation of each proof JWT, so selective omission of individual claims within a proof would break the chain.  Selective disclosure is coarse-grained, exactly as for receipts: issuance-time partial coverage of outermost hops, or whole-array omission.</t>
      </section>
      <section anchor="audience-restriction">
        <name>Audience Restriction</name>
        <t>A proof travels with the outer token to whichever audiences the outer token serves; proofs have no independent audience scoping (<xref target="proof-claims"/>).  Deployments needing audience-specific disclosure constraints <bcp14>SHOULD</bcp14> partition proof issuance by audience at issuance time rather than relying on proof-level audience restriction, which this profile does not provide.</t>
      </section>
      <section anchor="detached-provability">
        <name>Detached Provability</name>
        <t>Proofs support detached verification by any party that can resolve the actor's public key, including parties the actor and issuer did not anticipate.  Unlike receipts, whose evidentiary weight depends on the verifier trusting the receipt issuer, a proof's signature is self-contained evidence of the actor's participation.  Deployments <bcp14>SHOULD</bcp14> treat proof-bearing tokens as carrying durable, transferable participation evidence to anywhere the token reaches, and <bcp14>SHOULD</bcp14> scope token distribution and retention accordingly.</t>
      </section>
    </section>
    <section anchor="iana-considerations">
      <name>IANA Considerations</name>
      <section anchor="media-type-registration">
        <name>Media Type Registration</name>
        <t>This document requests registration of the following media type in the "Media Types" registry <xref target="RFC6838"/>:</t>
        <ul spacing="normal">
          <li>
            <t>Type name: <tt>application</tt></t>
          </li>
          <li>
            <t>Subtype name: <tt>actor-proof+jwt</tt></t>
          </li>
          <li>
            <t>Required parameters: N/A</t>
          </li>
          <li>
            <t>Optional parameters: N/A</t>
          </li>
          <li>
            <t>Encoding considerations: 8bit; an actor proof is a JWS compact-serialized JWT <xref target="RFC7515"/> <xref target="RFC7519"/> consisting of base64url-encoded segments separated by period (<tt>.</tt>) characters.</t>
          </li>
          <li>
            <t>Security considerations: See <xref target="security-considerations"/> of this document and <xref target="RFC8725"/>.</t>
          </li>
          <li>
            <t>Interoperability considerations: N/A</t>
          </li>
          <li>
            <t>Published specification: This document</t>
          </li>
          <li>
            <t>Applications that use this media type: Applications that create, exchange, or validate OAuth Actor-Signed Hop Proofs.</t>
          </li>
          <li>
            <t>Fragment identifier considerations: N/A</t>
          </li>
          <li>
            <t>Additional information:
            </t>
            <ul spacing="normal">
              <li>
                <t>Deprecated alias names for this type: N/A</t>
              </li>
              <li>
                <t>Magic number(s): N/A</t>
              </li>
              <li>
                <t>File extension(s): N/A</t>
              </li>
              <li>
                <t>Macintosh file type code(s): N/A</t>
              </li>
            </ul>
          </li>
          <li>
            <t>Person &amp; email address to contact for further information: Karl McGuinness, public@karlmcguinness.com</t>
          </li>
          <li>
            <t>Intended usage: COMMON</t>
          </li>
          <li>
            <t>Restrictions on usage: None</t>
          </li>
          <li>
            <t>Author: Karl McGuinness, public@karlmcguinness.com</t>
          </li>
          <li>
            <t>Change controller: IETF</t>
          </li>
        </ul>
        <t>The JOSE <tt>typ</tt> value <tt>actor-proof+jwt</tt> used by this document is the media type subtype name without the <tt>application/</tt> prefix, following common JWT typing practice.</t>
      </section>
      <section anchor="json-web-token-claims-registration">
        <name>JSON Web Token Claims Registration</name>
        <t>This document requests registration of the following JWT Claims in the "JSON Web Token Claims" registry <xref target="RFC7519"/>:</t>
        <ul spacing="normal">
          <li>
            <t>Claim Name: <tt>actor_proofs</tt></t>
          </li>
          <li>
            <t>Claim Description: Array of actor-signed hop proofs providing delegation participation evidence</t>
          </li>
          <li>
            <t>Change Controller: IESG</t>
          </li>
          <li>
            <t>Specification Document(s): This document</t>
          </li>
          <li>
            <t>Claim Name: <tt>actor_proofs_complete</tt></t>
          </li>
          <li>
            <t>Claim Description: Boolean indicating whether actor_proofs covers every visible hop in the token's act chain</t>
          </li>
          <li>
            <t>Change Controller: IESG</t>
          </li>
          <li>
            <t>Specification Document(s): This document</t>
          </li>
          <li>
            <t>Claim Name: <tt>target</tt></t>
          </li>
          <li>
            <t>Claim Description: Target binding (audience and resource constraints) authorized by the signer of an Actor Proof JWT</t>
          </li>
          <li>
            <t>Change Controller: IESG</t>
          </li>
          <li>
            <t>Specification Document(s): This document</t>
          </li>
          <li>
            <t>Claim Name: <tt>receipt_jti</tt></t>
          </li>
          <li>
            <t>Claim Description: jti of the sibling Actor Receipt JWT created for the same delegation hop as an Actor Proof JWT</t>
          </li>
          <li>
            <t>Change Controller: IESG</t>
          </li>
          <li>
            <t>Specification Document(s): This document</t>
          </li>
          <li>
            <t>Claim Name: <tt>proof_jti</tt></t>
          </li>
          <li>
            <t>Claim Description: jti of the sibling Actor Proof JWT validated for the same delegation hop as an Actor Receipt JWT</t>
          </li>
          <li>
            <t>Change Controller: IESG</t>
          </li>
          <li>
            <t>Specification Document(s): This document</t>
          </li>
        </ul>
        <t>This document reuses the <tt>prh</tt>, <tt>prh_alg</tt>, <tt>origin_jti</tt>, and <tt>sub_iss</tt> claims registered by <xref target="I-D.mcguinness-oauth-actor-receipts"/>, with the semantics defined there, applied to Actor Proof JWTs as profiled in this document.  This document requests that IANA add this document to the Specification Document(s) entries for those four registrations, and requests that their Claim Description entries be updated to cover both artifact types:</t>
        <ul spacing="normal">
          <li>
            <t><tt>prh</tt>: Base64url-encoded hash of the immediately preceding (older) entry in a chained array of delegation-evidence JWTs (Actor Receipts, Actor Proofs, or companion event artifacts)</t>
          </li>
          <li>
            <t><tt>prh_alg</tt>: Hash algorithm identifier (from the IANA Named Information Hash Algorithm Registry) naming the algorithm used to compute prh in a delegation-evidence JWT</t>
          </li>
          <li>
            <t><tt>origin_jti</tt>: The jti of the outer token associated with the hop at which an Actor Receipt or Actor Proof JWT was created</t>
          </li>
          <li>
            <t><tt>sub_iss</tt>: Issuer or namespace authority for the subject in an Actor Receipt or Actor Proof JWT</t>
          </li>
        </ul>
      </section>
      <section anchor="oauth-parameters-registration">
        <name>OAuth Parameters Registration</name>
        <t>This document requests registration of the following parameter in the "OAuth Parameters" registry established by <xref target="RFC6749"/>:</t>
        <ul spacing="normal">
          <li>
            <t>Parameter name: <tt>actor_proof</tt></t>
          </li>
          <li>
            <t>Parameter usage location: token request</t>
          </li>
          <li>
            <t>Change Controller: IESG</t>
          </li>
          <li>
            <t>Specification Document(s): This document</t>
          </li>
        </ul>
      </section>
      <section anchor="oauth-authorization-server-metadata-registration">
        <name>OAuth Authorization Server Metadata Registration</name>
        <t>This document requests registration of the following metadata name in the "OAuth Authorization Server Metadata" registry <xref target="RFC8414"/>:</t>
        <ul spacing="normal">
          <li>
            <t>Metadata Name: <tt>actor_proofs_supported</tt></t>
          </li>
          <li>
            <t>Metadata Description: Indicates support for accepting, validating, embedding, preserving, and extending actor-signed hop proofs</t>
          </li>
          <li>
            <t>Change Controller: IESG</t>
          </li>
          <li>
            <t>Specification Document(s): This document</t>
          </li>
        </ul>
      </section>
      <section anchor="oauth-protected-resource-metadata-registration">
        <name>OAuth Protected Resource Metadata Registration</name>
        <t>This document requests registration of the following metadata names in the "OAuth Protected Resource Metadata" registry <xref target="RFC9728"/>:</t>
        <ul spacing="normal">
          <li>
            <t>Metadata Name: <tt>actor_proofs_required</tt></t>
          </li>
          <li>
            <t>Metadata Description: Indicates that the resource expects delegated requests to carry valid actor proofs covering at minimum the outermost visible actor hop</t>
          </li>
          <li>
            <t>Change Controller: IESG</t>
          </li>
          <li>
            <t>Specification Document(s): This document</t>
          </li>
          <li>
            <t>Metadata Name: <tt>actor_proofs_complete_required</tt></t>
          </li>
          <li>
            <t>Metadata Description: Indicates that the resource requires complete proof coverage for all visible actor hops</t>
          </li>
          <li>
            <t>Change Controller: IESG</t>
          </li>
          <li>
            <t>Specification Document(s): This document</t>
          </li>
        </ul>
      </section>
      <section anchor="oauth-token-introspection-response-registration">
        <name>OAuth Token Introspection Response Registration</name>
        <t>This document requests registration of the following names in the "OAuth Token Introspection Response" registry <xref target="RFC7662"/>:</t>
        <ul spacing="normal">
          <li>
            <t>Name: <tt>actor_proofs</tt></t>
          </li>
          <li>
            <t>Description: Array of actor-signed hop proofs returned by introspection</t>
          </li>
          <li>
            <t>Change Controller: IESG</t>
          </li>
          <li>
            <t>Specification Document(s): This document</t>
          </li>
          <li>
            <t>Name: <tt>actor_proofs_complete</tt></t>
          </li>
          <li>
            <t>Description: Indicates whether the returned actor proofs provide complete visible-hop coverage</t>
          </li>
          <li>
            <t>Change Controller: IESG</t>
          </li>
          <li>
            <t>Specification Document(s): This document</t>
          </li>
        </ul>
      </section>
    </section>
    <section anchor="acknowledgments">
      <name>Acknowledgments</name>
      <t>This document builds on the OAuth Actor Profile for Delegation <xref target="I-D.mcguinness-oauth-actor-profile"/>, on the OAuth Actor Receipts companion <xref target="I-D.mcguinness-oauth-actor-receipts"/>, on the OAuth 2.0 Token Exchange specification <xref target="RFC8693"/>, on the OAuth 2.0 Transaction Tokens work <xref target="I-D.ietf-oauth-transaction-tokens"/>, and on prior OAuth Working Group discussion of delegation transparency, sender-constrained tokens, and proof-of-possession mechanisms (<xref target="RFC7800"/>, <xref target="RFC8705"/>, <xref target="RFC9449"/>).  Related actor-evidence efforts and their relationship to this document are discussed in <xref target="related-work"/>.</t>
      <t>Individual contributors and reviewers will be acknowledged in subsequent revisions of this document as feedback accumulates.</t>
    </section>
  </middle>
  <back>
    <references anchor="sec-combined-references">
      <name>References</name>
      <references anchor="sec-normative-references">
        <name>Normative References</name>
        <reference anchor="RFC6749" target="https://www.rfc-editor.org/info/rfc6749" xml:base="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.6749.xml">
          <front>
            <title>The OAuth 2.0 Authorization Framework</title>
            <author fullname="D. Hardt" initials="D." role="editor" surname="Hardt"/>
            <date month="October" year="2012"/>
            <abstract>
              <t>The OAuth 2.0 authorization framework enables a third-party application to obtain limited access to an HTTP service, either on behalf of a resource owner by orchestrating an approval interaction between the resource owner and the HTTP service, or by allowing the third-party application to obtain access on its own behalf. This specification replaces and obsoletes the OAuth 1.0 protocol described in RFC 5849. [STANDARDS-TRACK]</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="6749"/>
          <seriesInfo name="DOI" value="10.17487/RFC6749"/>
        </reference>
        <reference anchor="RFC6750" target="https://www.rfc-editor.org/info/rfc6750" xml:base="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.6750.xml">
          <front>
            <title>The OAuth 2.0 Authorization Framework: Bearer Token Usage</title>
            <author fullname="M. Jones" initials="M." surname="Jones"/>
            <author fullname="D. Hardt" initials="D." surname="Hardt"/>
            <date month="October" year="2012"/>
            <abstract>
              <t>This specification describes how to use bearer tokens in HTTP requests to access OAuth 2.0 protected resources. Any party in possession of a bearer token (a "bearer") can use it to get access to the associated resources (without demonstrating possession of a cryptographic key). To prevent misuse, bearer tokens need to be protected from disclosure in storage and in transport. [STANDARDS-TRACK]</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="6750"/>
          <seriesInfo name="DOI" value="10.17487/RFC6750"/>
        </reference>
        <reference anchor="RFC6838" target="https://www.rfc-editor.org/info/rfc6838" xml:base="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.6838.xml">
          <front>
            <title>Media Type Specifications and Registration Procedures</title>
            <author fullname="N. Freed" initials="N." surname="Freed"/>
            <author fullname="J. Klensin" initials="J." surname="Klensin"/>
            <author fullname="T. Hansen" initials="T." surname="Hansen"/>
            <date month="January" year="2013"/>
            <abstract>
              <t>This document defines procedures for the specification and registration of media types for use in HTTP, MIME, and other Internet protocols. This memo documents an Internet Best Current Practice.</t>
            </abstract>
          </front>
          <seriesInfo name="BCP" value="13"/>
          <seriesInfo name="RFC" value="6838"/>
          <seriesInfo name="DOI" value="10.17487/RFC6838"/>
        </reference>
        <reference anchor="RFC6920" target="https://www.rfc-editor.org/info/rfc6920" xml:base="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.6920.xml">
          <front>
            <title>Naming Things with Hashes</title>
            <author fullname="S. Farrell" initials="S." surname="Farrell"/>
            <author fullname="D. Kutscher" initials="D." surname="Kutscher"/>
            <author fullname="C. Dannewitz" initials="C." surname="Dannewitz"/>
            <author fullname="B. Ohlman" initials="B." surname="Ohlman"/>
            <author fullname="A. Keranen" initials="A." surname="Keranen"/>
            <author fullname="P. Hallam-Baker" initials="P." surname="Hallam-Baker"/>
            <date month="April" year="2013"/>
            <abstract>
              <t>This document defines a set of ways to identify a thing (a digital object in this case) using the output from a hash function. It specifies a new URI scheme for this purpose, a way to map these to HTTP URLs, and binary and human-speakable formats for these names. The various formats are designed to support, but not require, a strong link to the referenced object, such that the referenced object may be authenticated to the same degree as the reference to it. The reason for this work is to standardise current uses of hash outputs in URLs and to support new information-centric applications and other uses of hash outputs in protocols.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="6920"/>
          <seriesInfo name="DOI" value="10.17487/RFC6920"/>
        </reference>
        <reference anchor="RFC7515" target="https://www.rfc-editor.org/info/rfc7515" xml:base="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.7515.xml">
          <front>
            <title>JSON Web Signature (JWS)</title>
            <author fullname="M. Jones" initials="M." surname="Jones"/>
            <author fullname="J. Bradley" initials="J." surname="Bradley"/>
            <author fullname="N. Sakimura" initials="N." surname="Sakimura"/>
            <date month="May" year="2015"/>
            <abstract>
              <t>JSON Web Signature (JWS) represents content secured with digital signatures or Message Authentication Codes (MACs) using JSON-based data structures. Cryptographic algorithms and identifiers for use with this specification are described in the separate JSON Web Algorithms (JWA) specification and an IANA registry defined by that specification. Related encryption capabilities are described in the separate JSON Web Encryption (JWE) specification.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="7515"/>
          <seriesInfo name="DOI" value="10.17487/RFC7515"/>
        </reference>
        <reference anchor="RFC7519" target="https://www.rfc-editor.org/info/rfc7519" xml:base="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.7519.xml">
          <front>
            <title>JSON Web Token (JWT)</title>
            <author fullname="M. Jones" initials="M." surname="Jones"/>
            <author fullname="J. Bradley" initials="J." surname="Bradley"/>
            <author fullname="N. Sakimura" initials="N." surname="Sakimura"/>
            <date month="May" year="2015"/>
            <abstract>
              <t>JSON Web Token (JWT) is a compact, URL-safe means of representing claims to be transferred between two parties. The claims in a JWT are encoded as a JSON object that is used as the payload of a JSON Web Signature (JWS) structure or as the plaintext of a JSON Web Encryption (JWE) structure, enabling the claims to be digitally signed or integrity protected with a Message Authentication Code (MAC) and/or encrypted.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="7519"/>
          <seriesInfo name="DOI" value="10.17487/RFC7519"/>
        </reference>
        <reference anchor="RFC7662" target="https://www.rfc-editor.org/info/rfc7662" xml:base="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.7662.xml">
          <front>
            <title>OAuth 2.0 Token Introspection</title>
            <author fullname="J. Richer" initials="J." role="editor" surname="Richer"/>
            <date month="October" year="2015"/>
            <abstract>
              <t>This specification defines a method for a protected resource to query an OAuth 2.0 authorization server to determine the active state of an OAuth 2.0 token and to determine meta-information about this token. OAuth 2.0 deployments can use this method to convey information about the authorization context of the token from the authorization server to the protected resource.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="7662"/>
          <seriesInfo name="DOI" value="10.17487/RFC7662"/>
        </reference>
        <reference anchor="RFC7800" target="https://www.rfc-editor.org/info/rfc7800" xml:base="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.7800.xml">
          <front>
            <title>Proof-of-Possession Key Semantics for JSON Web Tokens (JWTs)</title>
            <author fullname="M. Jones" initials="M." surname="Jones"/>
            <author fullname="J. Bradley" initials="J." surname="Bradley"/>
            <author fullname="H. Tschofenig" initials="H." surname="Tschofenig"/>
            <date month="April" year="2016"/>
            <abstract>
              <t>This specification describes how to declare in a JSON Web Token (JWT) that the presenter of the JWT possesses a particular proof-of- possession key and how the recipient can cryptographically confirm proof of possession of the key by the presenter. Being able to prove possession of a key is also sometimes described as the presenter being a holder-of-key.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="7800"/>
          <seriesInfo name="DOI" value="10.17487/RFC7800"/>
        </reference>
        <reference anchor="RFC8259" target="https://www.rfc-editor.org/info/rfc8259" xml:base="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.8259.xml">
          <front>
            <title>The JavaScript Object Notation (JSON) Data Interchange Format</title>
            <author fullname="T. Bray" initials="T." role="editor" surname="Bray"/>
            <date month="December" year="2017"/>
            <abstract>
              <t>JavaScript Object Notation (JSON) is a lightweight, text-based, language-independent data interchange format. It was derived from the ECMAScript Programming Language Standard. JSON defines a small set of formatting rules for the portable representation of structured data.</t>
              <t>This document removes inconsistencies with other specifications of JSON, repairs specification errors, and offers experience-based interoperability guidance.</t>
            </abstract>
          </front>
          <seriesInfo name="STD" value="90"/>
          <seriesInfo name="RFC" value="8259"/>
          <seriesInfo name="DOI" value="10.17487/RFC8259"/>
        </reference>
        <reference anchor="RFC8414" target="https://www.rfc-editor.org/info/rfc8414" xml:base="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.8414.xml">
          <front>
            <title>OAuth 2.0 Authorization Server Metadata</title>
            <author fullname="M. Jones" initials="M." surname="Jones"/>
            <author fullname="N. Sakimura" initials="N." surname="Sakimura"/>
            <author fullname="J. Bradley" initials="J." surname="Bradley"/>
            <date month="June" year="2018"/>
            <abstract>
              <t>This specification defines a metadata format that an OAuth 2.0 client can use to obtain the information needed to interact with an OAuth 2.0 authorization server, including its endpoint locations and authorization server capabilities.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="8414"/>
          <seriesInfo name="DOI" value="10.17487/RFC8414"/>
        </reference>
        <reference anchor="RFC8693" target="https://www.rfc-editor.org/info/rfc8693" xml:base="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.8693.xml">
          <front>
            <title>OAuth 2.0 Token Exchange</title>
            <author fullname="M. Jones" initials="M." surname="Jones"/>
            <author fullname="A. Nadalin" initials="A." surname="Nadalin"/>
            <author fullname="B. Campbell" initials="B." role="editor" surname="Campbell"/>
            <author fullname="J. Bradley" initials="J." surname="Bradley"/>
            <author fullname="C. Mortimore" initials="C." surname="Mortimore"/>
            <date month="January" year="2020"/>
            <abstract>
              <t>This specification defines a protocol for an HTTP- and JSON-based Security Token Service (STS) by defining how to request and obtain security tokens from OAuth 2.0 authorization servers, including security tokens employing impersonation and delegation.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="8693"/>
          <seriesInfo name="DOI" value="10.17487/RFC8693"/>
        </reference>
        <reference anchor="RFC8705" target="https://www.rfc-editor.org/info/rfc8705" xml:base="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.8705.xml">
          <front>
            <title>OAuth 2.0 Mutual-TLS Client Authentication and Certificate-Bound Access Tokens</title>
            <author fullname="B. Campbell" initials="B." surname="Campbell"/>
            <author fullname="J. Bradley" initials="J." surname="Bradley"/>
            <author fullname="N. Sakimura" initials="N." surname="Sakimura"/>
            <author fullname="T. Lodderstedt" initials="T." surname="Lodderstedt"/>
            <date month="February" year="2020"/>
            <abstract>
              <t>This document describes OAuth client authentication and certificate-bound access and refresh tokens using mutual Transport Layer Security (TLS) authentication with X.509 certificates. OAuth clients are provided a mechanism for authentication to the authorization server using mutual TLS, based on either self-signed certificates or public key infrastructure (PKI). OAuth authorization servers are provided a mechanism for binding access tokens to a client's mutual-TLS certificate, and OAuth protected resources are provided a method for ensuring that such an access token presented to it was issued to the client presenting the token.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="8705"/>
          <seriesInfo name="DOI" value="10.17487/RFC8705"/>
        </reference>
        <reference anchor="RFC8707" target="https://www.rfc-editor.org/info/rfc8707" xml:base="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.8707.xml">
          <front>
            <title>Resource Indicators for OAuth 2.0</title>
            <author fullname="B. Campbell" initials="B." surname="Campbell"/>
            <author fullname="J. Bradley" initials="J." surname="Bradley"/>
            <author fullname="H. Tschofenig" initials="H." surname="Tschofenig"/>
            <date month="February" year="2020"/>
            <abstract>
              <t>This document specifies an extension to the OAuth 2.0 Authorization Framework defining request parameters that enable a client to explicitly signal to an authorization server about the identity of the protected resource(s) to which it is requesting access.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="8707"/>
          <seriesInfo name="DOI" value="10.17487/RFC8707"/>
        </reference>
        <reference anchor="RFC8725" target="https://www.rfc-editor.org/info/rfc8725" xml:base="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.8725.xml">
          <front>
            <title>JSON Web Token Best Current Practices</title>
            <author fullname="Y. Sheffer" initials="Y." surname="Sheffer"/>
            <author fullname="D. Hardt" initials="D." surname="Hardt"/>
            <author fullname="M. Jones" initials="M." surname="Jones"/>
            <date month="February" year="2020"/>
            <abstract>
              <t>JSON Web Tokens, also known as JWTs, are URL-safe JSON-based security tokens that contain a set of claims that can be signed and/or encrypted. JWTs are being widely used and deployed as a simple security token format in numerous protocols and applications, both in the area of digital identity and in other application areas. This Best Current Practices document updates RFC 7519 to provide actionable guidance leading to secure implementation and deployment of JWTs.</t>
            </abstract>
          </front>
          <seriesInfo name="BCP" value="225"/>
          <seriesInfo name="RFC" value="8725"/>
          <seriesInfo name="DOI" value="10.17487/RFC8725"/>
        </reference>
        <reference anchor="RFC9449" target="https://www.rfc-editor.org/info/rfc9449" xml:base="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.9449.xml">
          <front>
            <title>OAuth 2.0 Demonstrating Proof of Possession (DPoP)</title>
            <author fullname="D. Fett" initials="D." surname="Fett"/>
            <author fullname="B. Campbell" initials="B." surname="Campbell"/>
            <author fullname="J. Bradley" initials="J." surname="Bradley"/>
            <author fullname="T. Lodderstedt" initials="T." surname="Lodderstedt"/>
            <author fullname="M. Jones" initials="M." surname="Jones"/>
            <author fullname="D. Waite" initials="D." surname="Waite"/>
            <date month="September" year="2023"/>
            <abstract>
              <t>This document describes a mechanism for sender-constraining OAuth 2.0 tokens via a proof-of-possession mechanism on the application level. This mechanism allows for the detection of replay attacks with access and refresh tokens.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="9449"/>
          <seriesInfo name="DOI" value="10.17487/RFC9449"/>
        </reference>
        <reference anchor="RFC9728" target="https://www.rfc-editor.org/info/rfc9728" xml:base="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.9728.xml">
          <front>
            <title>OAuth 2.0 Protected Resource Metadata</title>
            <author fullname="M.B. Jones" initials="M.B." surname="Jones"/>
            <author fullname="P. Hunt" initials="P." surname="Hunt"/>
            <author fullname="A. Parecki" initials="A." surname="Parecki"/>
            <date month="April" year="2025"/>
            <abstract>
              <t>This specification defines a metadata format that an OAuth 2.0 client or authorization server can use to obtain the information needed to interact with an OAuth 2.0 protected resource.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="9728"/>
          <seriesInfo name="DOI" value="10.17487/RFC9728"/>
        </reference>
        <reference anchor="I-D.ietf-oauth-transaction-tokens" target="https://datatracker.ietf.org/doc/html/draft-ietf-oauth-transaction-tokens-08" xml:base="https://bib.ietf.org/public/rfc/bibxml3/reference.I-D.ietf-oauth-transaction-tokens.xml">
          <front>
            <title>Transaction Tokens</title>
            <author fullname="Atul Tulshibagwale" initials="A." surname="Tulshibagwale">
              <organization>CrowdStrike</organization>
            </author>
            <author fullname="George Fletcher" initials="G." surname="Fletcher">
              <organization>Practical Identity LLC</organization>
            </author>
            <author fullname="Pieter Kasselman" initials="P." surname="Kasselman">
              <organization>Defakto Security</organization>
            </author>
            <date day="2" month="March" year="2026"/>
            <abstract>
              <t>Transaction Tokens (Txn-Tokens) are designed to maintain and propagate user identity, workload identity and authorization context throughout the Call Chain within a trusted domain during the processing of external requests (e.g. such as API calls) or requests initiated internally within the trust domain. Txn-Tokens ensure that this context is preserved throughout the Call Chain thereby enhancing security and consistency in complex, multi-service architectures.</t>
            </abstract>
          </front>
          <seriesInfo name="Internet-Draft" value="draft-ietf-oauth-transaction-tokens-08"/>
        </reference>
        <reference anchor="I-D.mcguinness-oauth-actor-profile" target="https://datatracker.ietf.org/doc/html/draft-mcguinness-oauth-actor-profile-00" xml:base="https://bib.ietf.org/public/rfc/bibxml3/reference.I-D.mcguinness-oauth-actor-profile.xml">
          <front>
            <title>OAuth Actor Profile for Delegation</title>
            <author fullname="Karl McGuinness" initials="K." surname="McGuinness">
              <organization>Independent</organization>
            </author>
            <date day="30" month="April" year="2026"/>
            <abstract>
              <t>OAuth deployments increasingly involve agents and workloads acting on behalf of human users across organizational boundaries. Existing specifications provide relevant building blocks (notably the act claim from RFC 8693 Token Exchange) but do not define a consistent profile for representing delegated actor relationships across JWT assertion grants (RFC 7523), JWT access tokens (RFC 9068), and Transaction Tokens, nor for classifying actor entity types or signaling support between authorization servers and resource servers. The result is inconsistent actor representation and actor- representation interoperability gaps that force deployments to rely on proprietary conventions. This document defines the OAuth Actor Profile for Delegation. It specifies a common act claim structure extended with sub_profile for entity-type classification, processing rules for authorization servers and resource servers across the three token families and their Token Exchange inputs, and OAuth discovery metadata parameters for advertising actor-profile support. The profile applies uniformly across token types and integrates with existing sender-constraint mechanisms (DPoP, mTLS). It does not standardize the policies by which systems determine whether a given actor is permitted to act for a subject; those decisions remain deployment-specific.</t>
            </abstract>
          </front>
          <seriesInfo name="Internet-Draft" value="draft-mcguinness-oauth-actor-profile-00"/>
        </reference>
        <reference anchor="I-D.mcguinness-oauth-actor-receipts" target="https://datatracker.ietf.org/doc/html/draft-mcguinness-oauth-actor-receipts-00" xml:base="https://bib.ietf.org/public/rfc/bibxml3/reference.I-D.mcguinness-oauth-actor-receipts.xml">
          <front>
            <title>OAuth Actor Receipts for Delegation Provenance</title>
            <author fullname="Karl McGuinness"/>
            <date day="4" month="July" year="2026"/>
            <abstract>
              <t>This document defines OAuth Actor Receipts, an optional companion
   provenance profile for delegated OAuth tokens that conform to the
   OAuth Actor Profile for Delegation.  It introduces the actor_receipts
   claim, a signed per-hop receipt chain that records which issuer added
   each visible actor hop, optionally preserves the historical top-level
   cnf value associated with that hop subject to deployment disclosure
   policy, and links receipts together so recipients can validate prior-
   hop provenance without relying solely on the current outer token
   issuer.  This document also defines metadata and introspection
   parameters for advertising and consuming actor-receipt support.</t>
            </abstract>
          </front>
          <seriesInfo name="Internet-Draft" value="draft-mcguinness-oauth-actor-receipts-00"/>
        </reference>
        <reference anchor="RFC2119" target="https://www.rfc-editor.org/info/rfc2119" xml:base="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.2119.xml">
          <front>
            <title>Key words for use in RFCs to Indicate Requirement Levels</title>
            <author fullname="S. Bradner" initials="S." surname="Bradner"/>
            <date month="March" year="1997"/>
            <abstract>
              <t>In many standards track documents several words are used to signify the requirements in the specification. These words are often capitalized. This document defines these words as they should be interpreted in IETF documents. This document specifies an Internet Best Current Practices for the Internet Community, and requests discussion and suggestions for improvements.</t>
            </abstract>
          </front>
          <seriesInfo name="BCP" value="14"/>
          <seriesInfo name="RFC" value="2119"/>
          <seriesInfo name="DOI" value="10.17487/RFC2119"/>
        </reference>
        <reference anchor="RFC8174" target="https://www.rfc-editor.org/info/rfc8174" xml:base="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.8174.xml">
          <front>
            <title>Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words</title>
            <author fullname="B. Leiba" initials="B." surname="Leiba"/>
            <date month="May" year="2017"/>
            <abstract>
              <t>RFC 2119 specifies common key words that may be used in protocol specifications. This document aims to reduce the ambiguity by clarifying that only UPPERCASE usage of the key words have the defined special meanings.</t>
            </abstract>
          </front>
          <seriesInfo name="BCP" value="14"/>
          <seriesInfo name="RFC" value="8174"/>
          <seriesInfo name="DOI" value="10.17487/RFC8174"/>
        </reference>
      </references>
      <references anchor="sec-informative-references">
        <name>Informative References</name>
        <reference anchor="RFC9700" target="https://www.rfc-editor.org/info/rfc9700" xml:base="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.9700.xml">
          <front>
            <title>Best Current Practice for OAuth 2.0 Security</title>
            <author fullname="T. Lodderstedt" initials="T." surname="Lodderstedt"/>
            <author fullname="J. Bradley" initials="J." surname="Bradley"/>
            <author fullname="A. Labunets" initials="A." surname="Labunets"/>
            <author fullname="D. Fett" initials="D." surname="Fett"/>
            <date month="January" year="2025"/>
            <abstract>
              <t>This document describes best current security practice for OAuth 2.0. It updates and extends the threat model and security advice given in RFCs 6749, 6750, and 6819 to incorporate practical experiences gathered since OAuth 2.0 was published and covers new threats relevant due to the broader application of OAuth 2.0. Further, it deprecates some modes of operation that are deemed less secure or even insecure.</t>
            </abstract>
          </front>
          <seriesInfo name="BCP" value="240"/>
          <seriesInfo name="RFC" value="9700"/>
          <seriesInfo name="DOI" value="10.17487/RFC9700"/>
        </reference>
        <reference anchor="I-D.mw-oauth-actor-chain" target="https://datatracker.ietf.org/doc/html/draft-mw-oauth-actor-chain-01" xml:base="https://bib.ietf.org/public/rfc/bibxml3/reference.I-D.mw-oauth-actor-chain.xml">
          <front>
            <title>Cryptographically Verifiable Actor Chains for OAuth 2.0 Token Exchange</title>
            <author fullname="A Prasad" initials="A." surname="Prasad">
              <organization>Oracle</organization>
            </author>
            <author fullname="Ramki Krishnan" initials="R." surname="Krishnan"/>
            <author fullname="Diego Lopez" initials="D." surname="Lopez">
              <organization>Telefonica</organization>
            </author>
            <author fullname="Srinivasa Addepalli" initials="S." surname="Addepalli">
              <organization>Aryaka</organization>
            </author>
            <date day="15" month="June" year="2026"/>
            <abstract>
              <t>Multi-hop service-to-service and agentic workflows often exchange OAuth access tokens across a sequence of actors. OAuth 2.0 Token Exchange permits an act claim, including nested prior actors, but it does not define interoperable rules for preserving, extending, disclosing, and validating a delegation path across successive exchanges. This document defines six actor-chain profiles for OAuth 2.0 Token Exchange: Declared Full Disclosure, Declared Subset Disclosure, Declared Actor-Only Disclosure, Verified Full Disclosure, Verified Subset Disclosure, and Verified Actor-Only Disclosure. The profiles preserve the existing meanings of sub, act, and may_act. They add explicit profile selection, a stable workflow actor-chain identifier, profile-controlled actor disclosure, and, for verified profiles, actor-signed step proofs with cumulative commitment state.</t>
            </abstract>
          </front>
          <seriesInfo name="Internet-Draft" value="draft-mw-oauth-actor-chain-01"/>
        </reference>
        <reference anchor="I-D.liu-oauth-chain-delegation" target="https://datatracker.ietf.org/doc/html/draft-liu-oauth-chain-delegation-00" xml:base="https://bib.ietf.org/public/rfc/bibxml3/reference.I-D.liu-oauth-chain-delegation.xml">
          <front>
            <title>Delegation Chain for OAuth 2.0</title>
            <author fullname="Dapeng Liu" initials="D." surname="Liu">
              <organization>Alibaba Group</organization>
            </author>
            <author fullname="Judy Zhu" initials="J." surname="Zhu">
              <organization>Alibaba Group</organization>
            </author>
            <author fullname="Suresh Krishnan" initials="S." surname="Krishnan">
              <organization>Cisco</organization>
            </author>
            <author fullname="Aaron Parecki" initials="A." surname="Parecki">
              <organization>Okta</organization>
            </author>
            <date day="7" month="June" year="2026"/>
            <abstract>
              <t>RFC 8693 defines the act claim for expressing delegation semantics in JWTs, including nested multi-hop actor identification. However, act captures only the identity of each actor in the chain, not the authorization constraints applied at each hop, and is constructed unilaterally by the Authorization Server without cryptographic confirmation from the delegating agent. This specification defines the delegation_chain JWT claim as a structured delegation record companion to act: an ordered array of delegation records, each capturing the Authorization Server's attestation and, when present, the delegated policy constraints, and optionally carrying the delegator's cryptographic confirmation. Together, act and delegation_chain provide both runtime authorization and verifiable delegation lineage for multi-hop agent delegation. The specification supports cross-domain delegation by composing with the identity chaining transport pattern, and integrates a user interaction mechanism for explicit consent when required by policy or regulation.</t>
            </abstract>
          </front>
          <seriesInfo name="Internet-Draft" value="draft-liu-oauth-chain-delegation-00"/>
        </reference>
        <reference anchor="I-D.jiang-oauth-intent-admission" target="https://datatracker.ietf.org/doc/html/draft-jiang-oauth-intent-admission-00" xml:base="https://bib.ietf.org/public/rfc/bibxml3/reference.I-D.jiang-oauth-intent-admission.xml">
          <front>
            <title>Intent Admission Assertions for Agentic Systems</title>
            <author fullname="Yuning Jiang" initials="Y." surname="Jiang">
              <organization>Huawei</organization>
            </author>
            <author fullname="LUN LI" initials="L." surname="Lun">
              <organization>Huawei</organization>
            </author>
            <author fullname="Yurong Song" initials="Y." surname="Song">
              <organization>Huawei</organization>
            </author>
            <author fullname="Faye Liu" initials="F." surname="Liu">
              <organization>Huawei</organization>
            </author>
            <date day="23" month="June" year="2026"/>
            <abstract>
              <t>In agentic systems, an intent expressed by a user, application, or agent may be forwarded to a remote system that triggers high-impact actions. If the originator of an intent is not authenticated, is not authorized to request the targeted action, or has not obtained the required consent, the receiving system may act on a forged or unauthorized intent. This document defines the Intent Admission Assertion (IAA): a signed, verifiable artifact by which an admission point authenticates an intent originator, authorizes the request against a permission policy, gates consent-required actions on explicit consent from the user or resource owner, and conveys the result to a downstream execution endpoint that re-verifies it before acting. The IAA is a JSON Web Token whose admission decision is expressed using Rich Authorization Requests (RFC 9396).</t>
            </abstract>
          </front>
          <seriesInfo name="Internet-Draft" value="draft-jiang-oauth-intent-admission-00"/>
        </reference>
        <reference anchor="I-D.ietf-oauth-attestation-based-client-auth" target="https://datatracker.ietf.org/doc/html/draft-ietf-oauth-attestation-based-client-auth-09" xml:base="https://bib.ietf.org/public/rfc/bibxml3/reference.I-D.ietf-oauth-attestation-based-client-auth.xml">
          <front>
            <title>OAuth 2.0 Attestation-Based Client Authentication</title>
            <author fullname="Tobias Looker" initials="T." surname="Looker">
              <organization>MATTR</organization>
            </author>
            <author fullname="Paul Bastian" initials="P." surname="Bastian">
              <organization>Bundesdruckerei</organization>
            </author>
            <author fullname="Christian Bormann" initials="C." surname="Bormann">
              <organization>SPRIND</organization>
            </author>
            <date day="25" month="May" year="2026"/>
            <abstract>
              <t>This specification defines an extension to the OAuth 2.0 protocol [RFC6749] that enables a client instance to include a key-bound attestation when interacting with an Authorization Server or Resource Server. This mechanism allows a client instance to prove its authenticity verified by a client attester without revealing its target audience to that attester. It may also serve as a mechanism for client authentication as per OAuth 2.0.</t>
            </abstract>
          </front>
          <seriesInfo name="Internet-Draft" value="draft-ietf-oauth-attestation-based-client-auth-09"/>
        </reference>
        <reference anchor="I-D.ietf-oauth-spiffe-client-auth" target="https://datatracker.ietf.org/doc/html/draft-ietf-oauth-spiffe-client-auth-02" xml:base="https://bib.ietf.org/public/rfc/bibxml3/reference.I-D.ietf-oauth-spiffe-client-auth.xml">
          <front>
            <title>OAuth SPIFFE Client Authentication</title>
            <author fullname="Arndt Schwenkschuster" initials="A." surname="Schwenkschuster">
              <organization>Defakto Security</organization>
            </author>
            <author fullname="Pieter Kasselman" initials="P." surname="Kasselman">
              <organization>Defakto Security</organization>
            </author>
            <author fullname="Scott Rose" initials="S." surname="Rose">
              <organization>NIST</organization>
            </author>
            <author fullname="Stian Thorgersen" initials="S." surname="Thorgersen">
              <organization>IBM</organization>
            </author>
            <author fullname="Nancy Cam-Winget" initials="N." surname="Cam-Winget">
              <organization>Cisco Systems</organization>
            </author>
            <date day="15" month="June" year="2026"/>
            <abstract>
              <t>This specification profiles the Assertion Framework for OAuth 2.0 Client Authentication and Authorization Grants [RFC7521], the JWT Profile for OAuth 2.0 Client Authentication and Authorization Grants [RFC7523], and OAuth 2.0 Attestation-Based Client Authentication [I-D.draft-ietf-oauth-attestation-based-client-auth] to enable the use of SPIFFE Verifiable Identity Documents (SVIDs) as client credentials in OAuth 2.0. It defines how OAuth clients with SPIFFE credentials can authenticate to OAuth authorization servers using their JWT-SVIDs, WIT-SVIDs, or X.509-SVIDs without the need for client secrets. This approach enhances security by enabling seamless integration between SPIFFE-enabled workloads and OAuth authorization servers while eliminating the need to distribute and manage shared secrets such as static client secrets.</t>
            </abstract>
          </front>
          <seriesInfo name="Internet-Draft" value="draft-ietf-oauth-spiffe-client-auth-02"/>
        </reference>
      </references>
    </references>
    <?line 951?>

<section anchor="examples">
      <name>Examples</name>
      <t>The examples in this appendix show decoded proof contents.  Real proofs are compact-signed JWT strings carried in the <tt>actor_proofs</tt> array.  The <tt>iat</tt> and <tt>exp</tt> values shown are illustrative only; in deployments, proof <tt>exp</tt> is set per <xref target="proof-claims"/> and <xref target="extending-an-existing-proof-chain"/> so that no inbound proof expires before the outer token that carries it.  The delegation scenario continues the two-hop travel example of <xref target="I-D.mcguinness-oauth-actor-receipts"/>: the subject alice delegates to an AI travel-assistant agent through the enterprise AS, and the agent's token is exchanged at the travel-provider AS, which adds a booking tool as the new outermost actor.</t>
      <section anchor="example-two-hop-delegation-chain-with-sibling-receipts">
        <name>Example: Two-Hop Delegation Chain with Sibling Receipts</name>
        <t>The outer token carries both companions:</t>
        <sourcecode type="json"><![CDATA[
{
  "jti": "e8f4a2d6-3b1c-4d7e-9f5a-0c2b4d6e8f0a",
  "iss": "https://as.travel-provider.example",
  "aud": "https://api.travel-provider.example",
  "sub": "https://idp.enterprise.example/users/alice",
  "act": {
    "sub": "https://tools.example.com/booking-tool",
    "iss": "https://as.travel-provider.example",
    "sub_profile": "service",
    "act": {
      "sub": "https://agents.example.com/travel-assistant",
      "iss": "https://as.enterprise.example",
      "sub_profile": "ai_agent"
    }
  },
  "cnf": {
    "jkt": "ToolJKT"
  },
  "actor_receipts": [
    "<receipt-0>",
    "<receipt-1>"
  ],
  "actor_receipts_complete": true,
  "actor_proofs": [
    "<proof-0>",
    "<proof-1>"
  ],
  "actor_proofs_complete": true
}
]]></sourcecode>
        <t><tt>actor_proofs[0]</tt> was signed by the booking tool when it requested the exchange at the travel-provider AS, before that AS issued the outer token:</t>
        <sourcecode type="json"><![CDATA[
{
  "iss": "https://tools.example.com/booking-tool",
  "sub": "https://idp.enterprise.example/users/alice",
  "act": {
    "sub": "https://tools.example.com/booking-tool",
    "iss": "https://as.travel-provider.example",
    "sub_profile": "service"
  },
  "target": {
    "aud": ["https://api.travel-provider.example"]
  },
  "prh": "Xm3VqLr8pTzKNdY5W2uEbc4gHf7jAsQ9R6vBnC1oD0k",
  "iat": 1776745180,
  "exp": 1776832000,
  "jti": "5f2e8d91-4a6b-4c3d-8e2f-1a9b8c7d6e5f"
}
]]></sourcecode>
        <t><tt>actor_proofs[1]</tt> was signed earlier by the AI agent when the enterprise AS added it as the first actor hop:</t>
        <sourcecode type="json"><![CDATA[
{
  "iss": "https://agents.example.com/travel-assistant",
  "sub": "https://idp.enterprise.example/users/alice",
  "sub_iss": "https://idp.enterprise.example",
  "act": {
    "sub": "https://agents.example.com/travel-assistant",
    "iss": "https://as.enterprise.example",
    "sub_profile": "ai_agent"
  },
  "target": {
    "aud": ["https://as.travel-provider.example"]
  },
  "iat": 1776741580,
  "exp": 1776832000,
  "jti": "7a1c9e42-3b5d-4f6a-9c8e-2d4f6a8b0c1e"
}
]]></sourcecode>
        <t>The sibling receipts follow the same construction as the examples of <xref target="I-D.mcguinness-oauth-actor-receipts"/>, with the <tt>proof_jti</tt> claim defined in <xref target="sibling-receipt-issuance"/> included at receipt creation.  Because these receipts carry <tt>proof_jti</tt>, they are different byte strings from the receipts shown in that document's examples: they carry their own <tt>jti</tt> values, and the newest receipt's <tt>prh</tt> differs because it hashes a different older receipt.  The newest receipt, signed by the travel-provider AS, carries:</t>
        <sourcecode type="json"><![CDATA[
{
  "iss": "https://as.travel-provider.example",
  "sub": "https://idp.enterprise.example/users/alice",
  "act": {
    "sub": "https://tools.example.com/booking-tool",
    "iss": "https://as.travel-provider.example",
    "sub_profile": "service"
  },
  "cnf": {
    "jkt": "ToolJKT"
  },
  "proof_jti": "5f2e8d91-4a6b-4c3d-8e2f-1a9b8c7d6e5f",
  "prh": "K9mPvXq2LwTnR7dYcE5uHb8jZa4gFs6iOk1rC3xW0eA",
  "iat": 1776745200,
  "exp": 1776832000,
  "jti": "b7d1f3a5-8c2e-4a6b-9d0f-1e3a5c7b9d1f",
  "origin_jti": "e8f4a2d6-3b1c-4d7e-9f5a-0c2b4d6e8f0a"
}
]]></sourcecode>
        <t>This example illustrates the properties this profile adds.  The outer token's <tt>aud</tt> is within <tt>actor_proofs[0].target.aud</tt>, so the current audience is actor-authorized.  <tt>actor_proofs[1].target.aud</tt> names the travel-provider AS, the target the agent authorized for its own hop; per step 9 of <xref target="consumer-processing"/> that historical binding is not evaluated against the current outer token's audience.  The receipt's <tt>proof_jti</tt> binds the proof chain to the receipt chain, whose <tt>origin_jti</tt> anchors the current token instance; a compromised issuer re-embedding <tt>&lt;proof-0&gt;</tt> in a different token could not produce a matching trusted receipt.  The proofs in this example are signed by the keys whose thumbprints appear as the historical presenter bindings in the sibling receipts (<tt>ToolJKT</tt>, <tt>AgentJKT</tt>), illustrating receipt-attested key resolution; per <xref target="actor-key-resolution"/>, a recipient relying on that pattern gains no anti-fabrication protection against the receipt issuer itself at that hop.</t>
      </section>
      <section anchor="example-proofs-only-partial-coverage">
        <name>Example: Proofs-Only Partial Coverage</name>
        <t>Suppose the enterprise AS has not yet deployed proof support, so no proof exists for the AI-agent hop, and the travel-provider AS accepts a proof from the booking tool when it adds the tool as the new outermost actor.  The resulting access token carries a one-element proof chain and no receipts:</t>
        <sourcecode type="json"><![CDATA[
{
  "jti": "a4c8e2f6-1b3d-4e5f-9a7c-8d6e4f2a0b1c",
  "iss": "https://as.travel-provider.example",
  "aud": "https://api.travel-provider.example",
  "sub": "https://idp.enterprise.example/users/alice",
  "act": {
    "sub": "https://tools.example.com/booking-tool",
    "iss": "https://as.travel-provider.example",
    "sub_profile": "service",
    "act": {
      "sub": "https://agents.example.com/travel-assistant",
      "iss": "https://as.enterprise.example",
      "sub_profile": "ai_agent"
    }
  },
  "cnf": {
    "jkt": "ToolJKT"
  },
  "actor_proofs": [
    "<proof-0>"
  ],
  "actor_proofs_complete": false
}
]]></sourcecode>
        <t>The single proof covers the outermost hop:</t>
        <sourcecode type="json"><![CDATA[
{
  "iss": "https://tools.example.com/booking-tool",
  "sub": "https://idp.enterprise.example/users/alice",
  "act": {
    "sub": "https://tools.example.com/booking-tool",
    "iss": "https://as.travel-provider.example",
    "sub_profile": "service"
  },
  "target": {
    "aud": ["https://api.travel-provider.example"],
    "resource": ["https://api.travel-provider.example/bookings"]
  },
  "iat": 1776745180,
  "exp": 1776832000,
  "jti": "9c3b7f15-6d2e-4a8b-b1f4-e5a7c9d1b3f6"
}
]]></sourcecode>
        <t><tt>prh</tt> is omitted because this is a single-element chain.  <tt>actor_proofs_complete: false</tt> signals to recipients that the inner AI-agent hop carries no actor-signed evidence.  Resource servers that set <tt>actor_proofs_complete_required: true</tt> in their Protected Resource Metadata reject this token; resource servers that accept partial coverage validate the booking tool's signed participation and target consent, and treat the agent hop as carried solely by the visible <tt>act</tt> chain.  Because no receipts are present, the proof chain carries no outer-token instance binding; per <xref target="proof-to-token-binding-limits"/>, a recipient requiring instance binding would require the receipts companion or a provisioned <tt>origin_jti</tt>.</t>
      </section>
    </section>
  </back>
  <!-- ##markdown-source:
H4sIAAAAAAAAA+29e3MbV5Iv+D8/Ra0ccS16C7Qo60lOzB1aktvqti2NKLdv
344OswAUyLIAFKaqQAqt0HyW/Sz7yTbfJ8+pAgh55I193JiOMVWox3nkyecv
M0ej0UFXdfPyJLvz6mzdXWVnk65uRufV5bKcZt/Xq+x1U9ez9s5BMR435XV8
n/04Kbrysm42J1nbTQ+m9WRZLOCd06aYdaPF5HJdLZdl247qAp4dFfSNFT07
unfvoF2PF1XbVvWy26zgsZcv3n53sFwvxmVzcjCFV59k9+/dfzS693h078FB
tWpgFF2zbrv79+49vXcfxtaUBVw7Lyfrpuo2dw5u6ubdZVOvV3D1l3Kc4ZDr
pvpn0cFHcNRdPanndw7elRu4dXpykI0yGhv+MS3n5SXdif+iweIfy3o5asrV
elrZbzSFg+tyuS7hFdk+X8wynuOdX2CI1fIy+xM+hNcXRTWH6zSMf6vKbnZU
N5f4Q9FMruCHq65btSdff4334aXqujzS277GC1+Pm/qmLb+mN3yNT15W3dV6
DM+GLfj6tj2ZVfMSn53Dured/649csTvParqvd52601ABkdX3QJW56CgZcP9
gCFk2Ww9nzMp/aVo5tmPkz/JK+hXmHixlCUGqllOy1UJ/2/Z0a8lL+hqPZ5X
k397B8+7GUzqxcHBsm4W8PA1bd6b7549evzgqf358J7++eSbJ/rn0/t69fHD
44fhT33s8aNH9/XPJ/f03if3H+oNTx4cP9A/Hz39Rv98fO9h+POx/Xlfrz59
YCN7+vg+Defl6Dltvyxm1xTLFlYUlmLU1e/KZas37d6cW+5qyklZrTp42UG1
nCXr9fQxT5Gev4mem1wV1VJ/m1dr+ZEuj8IB0zt+q4rlpdxTLTvYwlExFZ4w
MNmiQ9qkN4zGRVtOR5N5RQ/BrwP3t6tqNivjmw6Ojo4ODkYjOOHjFlZv0h0c
vL2q2gy413oB9wEfmFWwINlOxphnxTKrVziUYp4BWa2AJOHEy/JmsGbKUOA5
fhXvT9ZdFR08QcsK1+DfZZYwV3vFc1uyI5hdl8EiNfV0PSlbeuyCVv1XPksX
2WReVAsYWdbycFdlM7qCIdPvGW0CvCG7uaomV/Q8PZ4V0yncDIMqC7h+XbXV
GD6PD+J72qzq2qy+gbkVTVdNqhXztmI5pXd0RXNZdtm4Wk6Rr1VdVggPhJfi
HGi+8DaYAa8dcLYym1fLd3ADTKiGAV8V7RUPMKdfr4t5NaWlKy7hYtvJUK/L
pppVEx4BcPE2a8q2nl+XOBbgqJdXMNlyhFQCx7+9wusoMXIaru7XfJNNmhpI
vilnZVMuJ2WGc8bh82eU/GHIMW0U87Y2Ail4R+Hu/1jDF3F9gGd1ZUPThh2+
Ljf4zpXMGravbdcFfI6HA/cWMMmC/kE7265KOsrhVS29q5jCxDvYGBwh3Azv
btcLGy8z06xdr1Z10wl5L6rpdF4eHHwBHJKJhsQXEPs+5JZ9+HA7E/n4EaTX
O1wJelOFPBjksJEQ0Fo4A0b9vE0FHpoFfAhpWEiXljse3RvZCXfEdo5Mdw6G
BmTdGi0y02jLBhZy1D8eIMtxX2AA39bwbSRB3CvYyqJtcelhwU/wyEfvy/h9
GfMlOdl4Ew39pmjD0SrkBPwEr6djssxKkKbwsHIMpKKqkYNNb/iSj92k2ay6
+rIpVnBu40OYZ23NKwlvAb4J30K+A4RfL5EiZQ4TGNOsGDd4cEp6f3yUgXZs
1DSHZUnTCucYnwns++gPYZm8erRp9IIW6Ckrr5GqaGfOhEFNYLcaeDMsaO64
2Lik80ALznyrEMbH28PM6XdysvZUTzGIjOtynt1UHbNQIuv8NpYGX/gktiYn
YVriTLIJrDHsR4Xi+KsMbihX9G09Z/wS4+90ok7tzp1HwEhfHwRxomfoIgdR
AfwNP9X0zyEQADyzbkv61KRomo3tHL+8t8qwZaOuWthSIx9D+qnwKCHP60rg
zfK4Sa4W6E0lx3RKbHc1mpe4DX/+5a1KPaD4bfxYNiBrF8D74UsdUrxxX/wc
8HV4Ab4Yf8IJl+8rphmm6bsfPoim+PFjntE/UJH7+PFQGDJInYg3stzJFjUc
m1PYyNW83uBZafEI4ISB+5DwWjcofpiRwC7iZX50WoMmi3L/fFKvkB/BWzrQ
bYnEsr8/Z9r4U41jxzH8BLtL//rH3S+YcEaX+M8R/DhCK4b+dXiEIuEZCqcl
sTV69jke4Ir+zRICiDBDE6nN7vz48/nbOzn/N/vpFf395sW///zyzYvn+Pf5
92c//GB/HMgd59+/+vmH5+Gv8OSzVz/++OKn5/wwXM2iSwd3fjz72x3esTuv
Xr99+eqnsx/u4Iy7WBI3uN1w6vG8lQ1IfTpW7QFMfdJUY16lb5+9/j//j+MH
sGH/G+zY/eNj2D75x5Pjxw/gH0jhoh0sgfb4n0AAm4NitSqLBt+CVDMpVlUH
6wf3thnwV+AiwL1LWM2v/o4r84+T7F/Gk9Xxg3+VCzjh6KKuWXSR1qx/pfcw
L+LApYHP2GpG15OVjsd79rfo37ru7uK//Hdgb2U2On7y3//14ODg5+UcRG9W
owi7AcGToeoCPKyc5qrtls0CVmoNHBtWjHXwfFB+5uk5gNsmE3y9MFdQ0+CO
K/0niEJ81UW7Hv8G+tKvdPmCN1FYGF8iIlm3RBcio4gq3Fmmh9xxRsYbTKrs
LTEUvKd/9RzGWsGY7759e364/VO3Gmz00UjbyfWP7FmQH6/WKANkQLs+dqtm
dNo7TXn0dtKKWzVNmKeSvGPDoYjtiRZVpHpSoVgjgUFaDUxmWXcs0/kNpDqj
lKjKNijYzG1m9Xxe3yC3Zaqx+aUDBQHoPFAnByfZmYoLEgVNydJ1OdXL482Q
pYPCIpaepE0ETYGVEdHC/quGj4gv3k0cNM4ZmCupMYkNBwtUbGSdaP5qZaCC
HdkIcCRWKD+PdE1Q48KR/KXc0MrAs+1mAXIOFD9i6CBu4QXzOS+LqXw4IVpt
2HGSKXxZZG9qAk1r2D/cW7CxltOimcJ8YZY38lQrgyDjDPfR2WKncL7L7O88
WhglkDkYb2tb1bco90B6McHCG0aN3XCo0xzhg+fELnj/FyVQ4rJqQQcgwSmz
QxqrVsh1svUSlhok+moOu9hl83oCCuiqhn9tct4lsSLbsChszABDg4Uoqia7
i/t0BAo1MBr6E7jPxSEuGdISPLAAFWCrOgdkztTyLVOLEkGxnlZkf3rzNLBD
1I+AYVRLNS4cKae0pieVdH4ictR2iawdNZHyjxsLZH3BFByMr7OUpmEJSQcw
vU0UtlOk9orJgIwimQUMHImNjQr3sQwP0AwGjmMq5zNYj3MxuIXT2YJ4+zvP
KrRMYJP0YOtUW1Ds+gcY2aFwp1w2fU+WCAN6BortHJSITM4qWhnFpdAYzHtK
6lHsP2FnNaqMYh0EJVrPM+iiqKDFd/dG3ure0B7i3rBVHNg/WmQbXc052Tdm
g8AmMTOgTXMOHJjWi/cFzqsd1qCq+XyNFIbePabBRYXnpSnntN5EGaDzkI7c
reErPBoxZEiGd+VKTV+yDmgRg8ILauR6PgWTspyS6vkGX42K5lW1UhnzDM9O
5I5ILcyKjmb5vgOBKSbrfh4KJms6GTRGYHTbfWcmTFG1Y2OLVLnEW+d8nUCq
oHrimeDVaNa41mJDTAJLkPGc2ithHLLhastcTJYz8+GR4SVvzlk1VdqfrGG3
lypW5Z6yCa9GTa/DA4NnR0kGVDEYYTsjj5QckhH8b1W3sCItCxTyQNB6px8T
m8pkjdD7tCYeAIswLyZlZJQ6ChZr1l2BJ9C44Z0gBR5MnKYYkx8kWlBUNGQM
wZeknqbYpYicaMrHFJioeg6yebEpRRijI2TszXAQFOwjYTPIRIYQtHjU+ODI
FvadHyoQQZoT+YjBzEZoCxOFsU5aJllTNDMSvJsBvbL3JLt+1ceCtMCkuY2K
T/VHpxmxDx/HQD4Uuv906CUXezo1g3PFvJr0PnWbmZeSXVyozuNjM6Mdujuo
jvt5Q5GDDLOQxF34LLgLv2jc7aBzB7Yf3Aq89/woK4FBzBB7njU1cAcMJxAp
0so2woLDZTbcYS1ANKO/UF+K7CvRR4f8iOoBE4cbyW4QNigoZLX77wlOO/M3
ynHrburgreETEhQBi5nNN45Dgh0ojhx2TubZGCy8nLR5vZKcExDnsEswQCcS
gKegrMAxspbF9PrVV7o9IyTir746Mdf4mNxAqHZdLoFpgqbIS7n6FBFOn+Ad
tQ+EXd32iYZct7Xofah1Zk2slgbFlkWgfOnbct6Rb6Vdt7SYTYtfxBULHObU
aWZq/LjVl+PCvk77Vuz6lINnTk8RwRqxsBhGS2obfw+3/ooZbH3JFtndDx/k
EV20kR7cjx8PxRADwkWTFhUa2UNkfCWtsyjTTrLz5p4mesWggVB18oWEKlkO
mPfPFEX4paBhA2kvKaK1vIRzsFjPu2pkWxH0ynE5KUSkVo0eT1ioKSvVKCZJ
vLVVpzpMd0Uykjx0rRxiRzAiDVn2+m2qUMVZqIDSE7oyB2VlQSZ9xZBl5E+R
bP8A/dHZ/PMv57CWzXpCU6bzie8hQgtUmdXkQVyic38zr4tpdhcf/PP5q5/Q
VVEBRf5TRkxiCCPZIIbOhcc+Prp/KKoaGEoNeV+uSkdljuWSqTOFmU2AfWTj
NfG3VV036LxlkcnWhoR4XPjTy4J5NW4KPBGnRBVIAWCbztkEJnlJhDLp0GlN
42dhxk7oGnab2K95aru6xrEKofU91l/iLreTdasapJ4DiiV7XzisJBxqNagi
WVSswIqE1Sa9HuYL4kfkGRm3+9sbA3LsFVE8W7kv9PQjYESFWDkdIcQFBNc5
2gMURgHlCRYDtIiyhiGXM+AWnTjKAy9BtudIOIRyApfB79M+OV81ca+NnA2W
gV4VAnZRlTM8HmgUlY3jWXMwKFo8G7UFkfnU4RVUw8hG3iBfEAdDKwtMYQWD
HMBCyZIOAA3QfRcFZH30Ae0S2ZqcaJSmglKQcEddx0Yy73H5Hn0Il6Wcy66o
bpHVp8wXimVYV/oq8MD1nM0pJP6qW7BegEGj2Mij2J0TpLIg7inc22q5xoiq
aAGJIFLuWYQJsJlOkgSM8o7/uSLtGl7D2nOtg8aZchQANuFnspf99ubG1CLV
wUk0Zwrycrn5KH/IM/FbTECikGSRsCu/4rKpb7or+D5v83bMCGy2CtB9grqO
xNWLUS3RhZ1HMIB6jcZHrFPJo3VzKuP298yqcg7vYi1pWSceE1OP6IO4bk2p
IytEPxxxYAf49xrFI0zIZr8LDwPzD8ADFoc0Ub4vSEI4YG0ZiAQk47xeXpo7
196nqwhk4UWtKJWEW4B3boSbTpnHggC9EkgDUxRZuo4jsJy4JnZClgYa7k7S
sWuMDD0b8ZBGy34iOLjlrJZgPAMnSMoRwYs3L94A1n1bDZ0SIyRhhs/NgXnj
6NEXAbyNjBl4mKKfOMwbxuaNCNDnZUXiOKkWtJzMpqLVA8EJ3LgjR8f2AB0v
KYXjbAG9W4bV5VsjqpGC2Hcp5bGan/mlj6LPjKNxsxDugNfJSmN6HnJ6D/oj
i6FAPS4ArM41scMr3lGyI4cMIZI0ese43NSkrhXhu8ZS7AtsTmIYAZbyBt2m
ZbGIDPraWJX6ZKLVNGCKqWHshG29BztZUvHz1BQ8ce5XdsZEWkpYqYFQOt4B
LxGFkaMJPKHp1EloHSHpmNfed6R+OlT/3M87ouFp+DvnYS7JcABBYgrwFGfp
49e0EeL4QZXbmfPqL4FLl3jqcBThUSTIyXzNhMNoIPom7QN65DmsJI5XYTwW
uN5xUmyDiAMjq2oqkPj0L1zwGlV1A3d5PTy1XYSNtRTQcMQj8QE+KrcgzXBd
8HF22JONCZ8QDzbvKof/eOtwRBjg150USIR5f06Hzh15y7qSQGVRDMFCBxgk
BU0E+Tt9kxcXDmAtcYkajQWK6VJwFZVVpQU59Kt5sUHMgShmdg4jgheQktwN
tIOQSuA0LY0dX8Q2m2BUamVlyKF0MYLFS4s9LrubEiiXmZhGkGGxdW0IXzNu
wMbBUfDK6BEqgLvfuJDAXdbKxXM8ruawIGDvGl9bTioycCSY7OI+Sums/BaE
GFSNSN4qD42QENhown3lW1E4t/olivoCncM+bbJ5fXlJm6hhA7YGngfD+rtK
UalCkLDKwLzWJKdwzHBTU4iR5c8ma+E0e6Th+TSi9pPs7CXwfrwzJ2GHZqK6
EziaHaIKYEYz+qykFQGyANn6i38/qPFk5sMX8pS37QvSEw2WuOM1ItzHbEur
JUbOW7XXnZ5BOLElg+mG/V0kSiQgQdZ6s4l9F6u1WF8GzwK+USPr68xrEpBH
wFxmepwxHFBdrhs+SCSsUO0UsVku0ekpQqWmX0zOxqY97TBpHsGFOF43UzQO
KLTGiCU26084nGbDJtQebwS8otusqgmptHM8D06Zi58Qb7ciooJbZ4ETM26G
UWeJpabykLQNjkYJzpEUTg2AoRAjAxm+d/fDh6FQbnA3IYcbKTJRsIDDeiXT
vTn3WasP3FnFpsWsz0yLoUNs6Md2UPa36NPZUPCrNXM+DQYgJmXVSeSE0C89
cCsR9jUKLbxNGWffboaFQSUFePS0HI03o9p0fIZn+Syb7NU1Hs3y5uDgLArN
m5lBQt8YnnwtYEiRtcoR6SMlFZqaQCaXxULwkqSFkydIGCSqK7Tj4/KqmM8I
9zDpzKe2G0a5NVbtQOJvb9MOVY1rfYBZNFo/8TQMzzTvbpRBcHRxjNIDtXoc
E00ZNOzFGCwF9xlhVTJuel79mhJidH7eohcMJs8W6yy0aYT1QF6+IU+3qrO2
mSQ7QJ6R/kYDmFVNy6ohMPfS4nAUMmsQBr9esv421TgV4UxoLTlqbH47U0sH
InY6USfoYWei2fz93j8uXOTZDEx6ZIG2Pr+vJrLJk4eP+w8TqgIfEYGEyAoO
fZGTR4aPCvj7EZDRiP4Ks0jBq7K6eyFYc/Mfjxn+TQ5IcnugD+Zyja61MDFY
7Vn1PsR5IzQCRzxNbqCvi/ZVQiohdIdJTvFTp7BZpBLt+qx+NP3eLzjRwos4
Q5TTlwYiC3kEhSFVWdVHFwsGAwgN3YkK067sa+ouCtsHS6naFj5Lws3cD6Qc
gfgjZzcd7ghhpsq5sOHItAwaPepC3RBUS1AwEe7YvDXoF7R4BQaDieFJmDMM
McEt5hmFn1mvIBPDe5uqyyvKHPlrCIghg5I52ddY5Biqx8LeMJHId8VxcjQZ
rsvcmdn0XZZJpDQx3kVj5Rqa0X/HjHQKoq0l1YcAAyXqlpoaoE+4o58nr+UD
qtcwI0v2NDBK3rpiDmyOJNrbq16s+hkhLj584VJY2hEZsh8PDpJ7SUlCxX4A
+s0yZXtuVR+FEdTJXhbCUfppxP8oHJb1CuYrmG/TIV/FrX6BNMn/5BUdy1py
/CJrffyFqcHF5g2hEUE53bKMfrvpRuwSJ0DLLxE4hESeCJYs8yAQGAV6o4AM
FORAPxHGh4ZHyxd5fsxARxcbPsuvPnVvHgfsIukaIp+cL4ZQcSCe4qunyeiQ
xyGRUDQJhWBFEl3U1sifJVgb4G3AnYX/JUgpBj6EL9h5+jRu6lErBwcvZwa/
VKEeU0eO2gN9z+CtG5X7iikScmSvxxaKTMnuV2W1PfoDCVXPS/hEoP9BWU00
cgFKfHmRB50lyVVK0SO4Wa0o9z4PcDs47QhpjlTLkJuJp9X7gXvSyoNGMuTL
hCc0zmgADGGN8bNVq1x6DVbYvCPyInv8gm4IS6fDHmAA+2HHDmEdnymIRYRg
z5GlEYIRRQRRnk2uysm7nBM27EBTOOoBg4AUGDMKwVAKCYKyI+dUsP2YqjJM
FycZba2pN6BG4qk2Ca2yOSdH/JIkhH6WtC3268iawruWE0sz3X8MM6D6/iDU
n2f6QZa9woCbLRdTLRzGMSqthUVjUOcAUSQungt5u+COdOhEFUgfESgOFp7i
oewlUbqPxDt6FSjOjtgG9pB6ohXRwUOmgDZPYxfei8P7fF4SYxBnwOwgPmR0
hp2SJvBj0dQib785fgmzmKpqOGtz4kaSAwMXOI/NaFKsCnZ5MWZiTpRGJGEx
/vB5HE9qfhKb+Y7BY5Go9jLp4IAEYMkKEdL4kPh2Es8rO2vCAiBUYVhaOrAC
+8n+/Or8RfZ9ic4/Nr3owhVdiFIZV5wjYLhIPrSMEwzA+Gl1iYk9DlRyUcwv
L5iSYlAlGgj44wl6pYEyUQHLfjx7JgCC8E64B/XGq8Vp7+MX3WZ14Wwvple3
sP87LCxn78kBtCffVdNw1szKdZ4ZqnnQXgGxkM8VDmkfis4jOvtbeO0ERnoh
SCtb6lN35ESe/sY4L9ZW2AUgz8raw7e7BKYrvzCTFEZq54c0VgIJKawUY1be
QZWMAbEXHCREIhqzVYya8YTxzQyvfHzfSEWg3BQcAfJlwuVYyUehHdS/BC/T
o50AFuZn7JhhTPUm58IfHLlcrRuM9dBnv8heaiY0fxqEOyYOoCjXJDD1c4Qs
A1FEHKBPDowp1WwMs8aOsib8IjKZchKYpFiaLDnlo2jZZx65aHNxFtPQwkAk
/9gSYYYTtoKiL4+7tGXF+PMMzW3t0/TWS6UKrPLRrhA7HOxBvGbh4Gh+nH5R
vi/IgVH4WQ9+wR7argqwTkWGq5sPj9or0ppuVWSxM5NYMQd5yB+B6g9nGZ9u
DSAxnl9tLnqYuSAOcUuiCSeh7HKoYj7cEI31Ixs9H95gGNdBIcjmhcm/W2JI
wKPgM6FTGj1ocgNeIt6fhGzjCJIDwePNqDB471aApbKfHD92EWi9DUxR53pV
YBiJop8amSFvAcVwRBM20vukcI4s9K96oJ1u/nYLPTMthqwRIbQwgYR48yAe
AnpcWY8qPDaIYATsiz0T44ARsbFzd2j4kucTR77DotI59ZEZIG61E1HJRMsH
51TNCHeBf7KLWuILrNcQju19yDvwGgInspDRkZD3mQfCMD3WEbFv9FQpjdJN
GnrheyOz+VbfwZeqpMmHKOHDG54mV401aV4qHWq91UtgufNX+cTFNkuZMkS2
/Yj+EVpQWiizy7wTlk2SeTUuJdMeTCfEIC27QHGOC56gVaZ2r7pYmZ0GOtGN
kwQg4qTMQ8UfMi8m70ScYyiAvbjhS7ckMXmfNDvKA6ckt6sCYzFtjnJvCssu
jeZOQaFYeaFRmjbCvAl5dyJU2CO57sHjjuIQbbyyCtVa1uYsJRQZGhVKXDZM
v/dynG/LbwrH+cQOLzwJHMu0Pc7MLZskz8W7e8Ybj/WqELGJnnbFwiumsV5t
BBqMeJSlaBJSjomsDsFrMmCZI/3xYBIEZKq1hOn7xCfRpuLUSeAEkrfYYwaE
ddZzScExJZV9YEvbQ1NVK6GpHzEg1LTEMWQUR8V6eoG1p1LGxNSPn+j7C8lh
IrCNdmg0uwJlMho/BnXby0C2+Ct/fvOyHRItonle2FsGkn8seenxvccDPsgK
RUeDdeiGlluQI37FaPh755vaapBz8SoKQLTmspDgRvDTDMDEEq8M6lPoQUfU
X8H2l7d9VEsj/Sf2+TAgUpExDFghhdZH6yij0mkyg06hp7c5hV6YObVg+iPp
QeJ1pjhlKsSgRRj4zEkYvEyedsKZnyaKsExjwsIE0sBkMw6s0FZPStvnm635
yBp1IQUDMRxlcS1kbvi9NtUgwnhkks73JuYfJ+5QduqkBnGO37IcZl2aNRem
KJYDK4KnkdWN4hKBmr50ESNeFmWBK3CqyAqTsg0ydXhD9PF0aVsJrQsJTvuu
oyERMXBgyM6gUO+I+GiSqh3x8KYMEhGt2Qs8XlE9LX2rVkYRjmP8xzvUI04j
KWga2XHmjDwymNytGGgeFg+HpQeHWC/LZYlOEhysYddc9thddUM8dekpD46O
j76hdPtF1c44LycOgbNQN84RpgcWTAWXZNGjVAaf3ypzE5lDpRqyH6rlu+Ky
BJGzaq5Sdf91U15XGFPgVcB6Tz2+SM9FISF0FT16sG7mQCWTmvZFoWsrRG7C
v+86P8yhLjWVk5K/z86fvXyZ1ZOu7FyusXl+t8ScmDuBquaWzexiTjTHZ9fB
KUdkoq6sYD/SicWZ/UqOsrtAyAX6mzjAcf792ej+w0csyMNdlabgHQpVSoBo
aBguCqUKvvoWB4oYghVs8IyWA/jChJX9IiozRL5oT4J+TDtEKrqNVbw9DN8n
w5/oZV9MWxCxxUJrOHD1vVzSh6aWNkT5TLIiPnIKM7FyYgniGLOGVXXkm5Pc
DPosneYTjZaHDCier9jNRFTi+A63oI1veXhHTPy0MMkB+B6fHqCPRuFDMf1o
iREhMrcPX1GwHAdksqkpbpbhlL48++ksu/MT+YVeBmWTR3BmX3gDJx3WenNH
Kvw8vX8Pq3UxqYgT/aZsJnAEKSE6lCe6aK8KpFr0ueCf3zx5oAWF8J8Pj+/D
SGmgPdNZqB93zN7i743itM6vpBaqlooLC8WcbFLP51WrKAZ4C7CwSyqxUaHP
VHIWOpSubZeGTpKBnM3nrkKFZVMOoZPi6gRESuFg0PDJRpC4gQkESulSeL0d
5cDaSi1SGaa5LC/rrlKrgQTlellRqBRzUtbzsmevthuwddHfi7nVCSto64Wh
EO2c87CJD6DEbEOE1vJHbK04bInGA8VeSJ8jnHfCBltbmbASwVHNpRMVWVyG
78iRU/yZkA2bpRKFwzcxBjGMnc6AL/5hPmlltEqAAZfpzrh3ksQ8NDjV7GOW
Jyd0il40sPZKEJmTzjQrKhGt8gOZFCfDdEprhrwk9UjBBNWS8p304+QN1AKY
jF3jKLXcFhaAXNZk0hlZyZcSnvllG4sbn2Yt4i9im/H9KesU2H1IpMb1wmMR
oLpGE60oDUlNG/ivpGYDD5VP//pbVw35DS/wuuHJLOlWhjtU/QaNmU+tcZNl
34Y8aQee8g4ZybhykIFwRzKwnK1RgTlwbQ2BG5eunp69i7jWDFN0JBZr3+X0
2uuwQ06YRO5mGZ268+4S0XOJm5x5G2zXHPjgZUnWFWobP9atT1tHGxj4IfGI
qhNllZJY4YFiqoWLJK8zzOeC1oc2MOxMVDWGDMrtSfYqiVAfN0/IDNg3eboY
l8nM0EAHUfgOXQj9pP8Bi/L43m6Tkpwqmif687ICY5+Kqx9cADseCiGwRt31
fNhYcoKdRPlQiT3W4VGDAC6YvvfF+1WlKHl8vRL3iss37XodnX56pykMiFKg
tBDmXCGYzyQG9zJfXxTvq8V6IcbOvJqV9HFRq1ydIKIR5o9UeQ04VRUKweAI
U97vbRh4X2ScEGWyI9H0O8YkgKmNQWdyxrLsUT7KFqhHYdCM5TjoRAx2MEqm
tELPexdiYRF+IIXMLYrNwBxpqZ+HbDpzITI/Vl4dGWA8yBVSv55vMSnjkA/f
d1cyc6bkgFmONJdfMAaS5X2obkmaySisBfEyGuyqEMDkrKjmGMT3JvKiktUZ
2erYpvFc+NidX2HyGr9axDXPEMUAXK1bfPMNHN/6puV8DP5HNl2Tt08LJPqC
zL2kM+WUqBnUFcV7FDo//DbKw6VsHi28w4Yn5nR6tGzB4a4F1T6lGrPqBWHS
gMXmZe1qWQ7xDMCyoNbBgKfnPtXPskoQQ36tu0s6ScFrE+CqQIJaScotMzlh
uSgjR99IrFLME/bRzDBc4em6q9gdwZ/RmClYm+rCwGIdJ0GoeIsJlRUisZGW
bRA1WZ+9GyHACQLE9dy4Zh29m0G1LJ5wJsj2QcZfVkvi+7nAJG5bxtw2glMg
WoFbcfItqjfMvNiN13K4lc81YbW3r+ipqdTp/HJ5qTAMfC+Sc4C2c54DBV9R
MjNl1wqOd8NlKkS2rcpK5Nlek8DwEnpv1p2haqQmgxUpkFwyhteQeF2bTFKq
YahYyLQJCDbNhXET2IfQWQpS2dMR190K8QW347epar3UX+86c6xUhFHuS53i
imEMpTH3jP/ykG7xB+l5fhLEgds/QLPzZ5OX8L+s2DHGNYUb+DWs1HHNep4r
xphIIz7dVSfKWcpcNBzssfEJnxkKq/tXaCB1WfdZE7quFDTSS7VWmGH/qTEF
fklkc0ayZ2zkhTKWtx/vf9aPe/yOiAUerBfvKbY9zc6lCFSAQnHA7CRLClIf
pSoPG/HkPuYUS82VjYr+uZL6DNkk3cvtTxic5J3EliHVE7J6CKGW6WnvZPhI
uPmtMXVb69oxI6XIWRDpCtOTSFY59Z5pPBcY1/eBMXGFWFS5ohoVrcvrk+dH
Tt8EljDVKv4OBWfu82+OnjKrRxUNYWtA5Bg3M0crrzOdM1Ht2WNPlmdWLMbV
JRWi0VDXp1V9HU4NVHuoaLxVTekkRP5GShplURLSOD65MBT+ECo/pmC9zfZo
0DjJCUbleL/Ak3zks4SbHFhxFAUeAmaRiuHM+epHTfZaRqydE2R4ZThTijTr
lr0vpNuXUWYVQ2MrEj1c6a1YxsGBxaLEtmclAa1VbrFqSZSIDsNcw566KREI
Bj1RehiKzvs/94+H7BkBIVighT8wuqQxeFkPCn6srPJlNUtG7rWjKCwh89RU
jyiK8FPNsAM+dfcfPqU6Rct6iYqzRl9wadnxj/g48s7hbISZ3DqZuP7ZeTSv
gZhO0aYRAZmAHkNeyXW34spttgUj2gIJCbsdQNNoA5x/oQlWaBaDTQa0xxoz
cL8b5PFDDmU5Q+blCxGJeJfGm66kvE7845TMcdDI7TD5qJDGp9OkAVQChYhy
Be5QnjAv+UxKrroj4v0oXeiMQbAxFTIdwQuIu8YIeENHfNzWD2dHT5KTOONn
SNHcmT1GDnyPVZYqr0bTIdMp5IabG5QGYxnMoQCoDtPi3nqQF6wrIoNYpgVj
bU6SCh1QI1WCW2QNczld1VWoKSxEteLGZv2k+gAW7qPxPFVw9br7R/ekju4L
renmq+7aN/EsUARa+ztxW4l2sAGEtnrwupnkiAZpFwiRK+LhL1ur++aG2gLV
cr8mEbK4yqoUGkPRocG6UHmozw5joQNDv4eSHtJUzgq5y776hhoR9iOkaGHe
lVS52VLM1n1U+JySXcMZs+hQ6LUO27XZBpza62sKpG8shmONAtotH4Bpgb4z
DdAMLoxijYkGCw+0WdRxZhBRtD2HSCpGe+vGhonaiWhIWxqPmbHlDS3xXN3V
2OZWa8fKE4dLgX9Q+zDv4KMTXK8Ksv3lB6bNw12WXOJR4qyOJOmWgyuyFDTs
sFWnfcOYHCg+nuID9hyS1YzwpR5u4jikUQpYDNm72AWyOVqAUjefelpsWXiY
5nYuwQQANrTRSy6VJHITg4KIVRUtyREjffBM6Qg26rXtQJH9BMydMZbYWw1F
UkpvQT/UpE/qqrZVLJh6HsmAoYzXKJcURNjxkSCRo9ivojtD0Vp2m21LaT6R
rCgJL7vkrAsOSxoDIq6N6hZ20zVlSd1TSgcXkj2BGF5OosD/KITqbhAZ3vA6
hFsw/CF+NIn+y0mRBXJoc8YWE+T46OC+LQMX8bTUVV2JXUkdzinhmWFoPeJC
cRSVoCRLOdjxlsaoaa28Ydp34FqMfXZflss6tKODb3ZOSbIX3AuSFI4YVMaw
OPaP9YvzuBwNCTOKaHRw16CRsH/bRnKaRdka2Rg4+DtZTcSaE7tVq3U4NUV3
d2dOSpbE+WVZNAK7xRfy4MjS0dmX7V0Cvfo0VuDPFyOX3D5NlwgCkpfwyyQz
1JdkjQ+j5TfuyiJ6eBsls5O5YmBA0cwrX2tqe6THUSGdMvLMzYs10+vApCYw
q3ej9h1aZ2yWHzw6cmkPdCMZrM5FIyEoPM4ky/jfjF/g6LKsJjogJgV5m1yB
GOZ7ES0uMN1sUnqKQ9pIa46+4HpY6hER4vdlgszoVX9k4vfxXV52Ddjegzaa
e0cAb8uEMKrHgN/gBIWRflc3qX6sOnHuJIa2y6ACb9w4JDUdQt29BNSfgFnF
nSdBQ3JLXohx9qvyZMs+FTVd/Vb3j/D/Dh4fJck13ZX3/Jkm1i9QNLATkerd
GVSJs0cos1Or6ZCrVvAoqWVbClOzykve49vCvDqVuFLyQNOinPdAPMbsdAj4
HGkBtq0Yw91iMDuGq3TC4h4fRgUf9i0lcMqEg6GFxn/Pqkyvl4KjJ0/I3tUB
8r7w1zIvH7nEBq+Z82ZiDLeNJrGN++sSDiXHB2Pty3ZLYaOoQH8v7V6t6VB8
OB0RDjTiHYGRlU1TN9xcgL3ldGEEJ27KWfinrnkiepYwIYx4WhCb6oYZ0g5f
eHDVCy2Bz3oi+xA/fHF7aP33aIpU6cT0WI/tGnL/ILFsVRRjA4PpGN21mOcd
imv0u8jwWSVra1Dwqg2CuArylFGUBLOStHlC1anTaov2xsWr/fh+v/ATlSea
rJQlrEh9QnMei4aQC1J7GLb0MyXDhaPBBMYoH1erA6mHs+O1y62TnwtgshrD
0ppHTdXWBPheIpy09BmAtqKUTkNv6Op52YT4wuCaM3gwpExjeVYcD1dN/AxY
kfHGeaF8obOR+phorPQdp7/Gjsd4EyKfoy+dZ3qbDF9TztH5ZQ7jXHxAXHU+
sW+Cc/BjUiZf7+15CfLb/Hc71DMblEG8nW7uPeexl3wwSUDXiM7vl22U0nRL
jkCUuh+CDvslC0h+QB5k5W2z5HeCDTlRX3r4pmI8OeRADTBI9uJvpvOJ6CTM
LbWiSEyT0MvGOoENYVR9hQynUURZOrgJp/JfinJQgC14qWFiFVV0Q630y6jd
0CNHyxi3TOIWosaEqdPGOa2JwHFbD9eg9Kbo/EVcY8jRcIzm1WjD7lJFRW/g
DqC3heJPM62TKgQT2jhpeSAFThOqnxeVfpFG4hh9C2V9MOF5opV50wKvVFVo
V0Ehr7AJlYiKLCWreuWXIh1CiTIBN3iSEtR8YdWHVGjh8i5r+wBDY0L1osMQ
nULme3vdKNyMz6XChTPj0uUsZEXdnalE9BLdPXypa6hle+N0IHYpF3IMFH/I
qowEPkOdJHbGuJR+3E+sTrEvjxvycAaoVPDFCLcTVzDFWXu6u74kmBWMBoLJ
/PmXt7l7G3qXh6wUi+1bRVox2Nq9vsNeWU1HsXC2FjTQMMXwnLlgi+SgyBHt
4ePzXS5etRzUYBzW3EWSFrx+XEDZDLe0t2fvTIhQoKoJDNMmGysysdQXMyBa
pdZNZCYwQLbtlSsjrAxfG+k16vOG0Dy7whiyl7NUsyGTIChsw2uhgFWitIXU
9REwQ7Vcl1s0fwe82jkTFCPMJ3W0qbHxacYLXqIfWZuG0XT1pJ5rEysDgP1i
NfhTH3VjN41karA3sHMCXgNO/9HzEXEL0r/QEERX+5wd6bVvg6191EYlzb9I
7CbBD2w1Z6Q2mCXC3GLKWJjbFMW4PJhQOPJ2slIdICPcyF+K1IgtApglT++b
Dnjn9TQKCYqg6I9zi2fH6A0la2h7aSdPT4SDbUwbScGPv44ea0axO6XnXVny
vXwPs1AJkFr9823z196u1IdnztBr5KlwBoFipPS/hEQuK0rX4pTHQgG9wCdR
tnFZr0Q70hUw7WunIzfeZ79qjnBM2R0inWoW+GOc8eRdO8Fjbc1XQJfeb1Ds
y7vdj82txIIhHCODWiWeU+TU9IB5CZ2XPq4p1fHe/j/L9Y68mUOgRvra2cYv
e8IWSI+60k6qcoTV88Fsk4BQ2V6JCzAKxx6pxBPm1AZbu+dIPlO2N+27tImz
7PRli6u6p2D0nbI+15FAcGSVjbTrp1ONncdhJ+5zIKzD30wQk66NjDcs+0NM
2c3O8yU4vAG/X8Cbczl36tzBeHth2EE4KdqSim4KefGoDC7LvGWEshF9eIVN
03bMjpYcKC3uZR2uuaPokt0rRKFuzISRD8VxCbcmFTfqkCuZrKnGAtIzpu71
ADeocH/HzlUdl4+3HcR1b/fgawk3CRiStA6/sJWcEFg+lU7gCpUGYaT3okcu
7+hbSx4HXWlerTrDhndIhVRzyB02ATu9pSPl++aWE0wedmWMqMXIfNNvAqIe
Y9HEeWChQj6vqYWrNaAXizjl7RcBIKp11bnUBj+ksyU6caPVoupw3M7OM9+n
HMmdmjkpdGoWStNTAs6Ezgj/lpCpq5PKe0BLNizLrOklVZcEflhOGbar2Roy
jFxTfLF295qJH0GDpGRHNrBobiN+C5a0RVAi5/7SqwTMTb8fmoo1ZcxNgV2o
ZyOBAhPxuGWg5DFy/snlZCm4RYOpZbEY9E7BsD5cC0Yi4T5dDPUNnyIktUY/
CrfBdrjm/Nb0qX4mX5r0g/UQTX2f3pqPJwnLysD2kFOEnRe44wr+oGq+mJ+5
0WIuvJ6ghm0rUkzL84uFHnVylgnGnhlKe5tIGUCfBC65DPwZ1/+ACYKOMP8m
w0TUM6gJhIXoGMAe12UXgfCJdpIgseX3Z6r/4hp8h4lZduXDF3uYiCnqK/2+
84Kpr2g12DkvEq6cNXYpJf9uPB/nsgVkIDAgmKN5ZvBYLE+1H3TZW1wPJv99
fYMBR2YGRTCNQ9I+UM9cbOVPq6wv/hTqc0Jv73uN2nfVKoT0I8UYyZpVbZmv
Vf8uBmKW9IG+nby1wYly9ahRSkTefTteCDcuu57sKEKjP4OVrclcvjr5zrXP
+06NYn5DTbWJAFmhWsozd7lGziFTCJWdotwQ4EzLjT+M2lI+elqKqpEWTyA9
+KoWUu1qaX3m68hSRAIeMrl8SRGvljsZMqAVeeUauDkXL7dSFs/T3Cg2THeF
b7GkBg+L2AR+WPyefLw0Yi/+fQk08CMWFNWCZpyfRCt0ktUs4cvo/YrtiXAA
5lLLtVZ8ysMTMR4VVFWMoHbQ9lRghDfeRIWGSIsUSmfIYqK/9ILc6SKpRuOy
y4YNdafO3L299jzL7gDZ9+dTtVB30ijWzF0eYrPNIx+oei9pK/0GEL51u8Bh
XDYbhzt/b3eIPFWPJJ5BrMkP1tpUsLJNZyvELLb5f0K5Nhe+GO6qEX8gVGxz
HTLSY9xXbZeEcmrWpXRbiWINcZ+g3kIHkDRL0O3g2DflWPNsz3bcxjF4a64a
spu4KDCfyUXxrrTsAf1hWzSJ7fZQvEcTh7VoLPI6TuLyR3I3HqKf67yPsnW3
3uGl3oU6ovdp/bR4OaqhmIgPJwtYsufu8b3d+zpvmoyYwtZD0p1IPgbgahoc
0mlvj6XdaVosxyXZbLX3hrqcUQUIqvrWK0O9Z8J0JNv9riMf5AxITWDgoRJS
L20NaOLGNcwhOjNjnpv2arkrrnlgdda4AanYkydRiqqL88Ut5/BL443PnUQR
2LQDdSdDqcmQyBciLqGPFjvtdU8wOTb3Gos+IYYNV+n6hFrFVExOTf/bcusV
KOOqAvEehTh0WhFpIEIrG6V6I0lQ2dOiV2mJchyWUvfSfzntxeEcGFLUvlZG
JPAE/O0omu9thX9O/LBDur5R3UzZG89EM/XbWlzLquORS8Tukz4PhUeY4812
ly3uMsmqiNP8Byoz3bDZaKUy0hz+1ApG1qW6rPl3uPWCtq+MEDl5tM4Val7v
ucBCVBlLa+RpjWlTLKNyX6dWuQzjAl3VrX08WIhDXVVRS96rAj1uSfJsUtQj
yjOqWoKk4ALAdRghuQvnHDL8o2s7hST+1wEw9+GLoftdyC0PlpH2+NDofFAU
VIXU/r6JeGKIStlwAf2I1eDQkS0dh76I/dITqPQ3CvQgM4XLMW1WZYhMD7RO
Q/zey8GeQ1qKAffAxdeBbLEqvQnKni+DuIjGsbg9bGi0KBvPfQ2Q/6Y2Jlx6
zd1/4XdTw3/UXk3SZD3UntziHCy2xgbdTZ/U+GlgnbyyHGplpO2JFAdU9YtG
+mWm/VmMyYzgrOdFMUdqwAikHEihJKIV3ZeqlYrHYCuT905iX4yJJHvQOv9Y
vSaWPTGJZcfHjPz7qwOOpZ6hSh20Xc6G9BLkGfc6pNSigXrtW18Xlm/gvfQ2
adfHkMK/pni2NVkktTaCd90IQtLBrZ0Q48Z/L/uFaQZ7F6aQoHxLpg8Z4gaA
dKjCreM6lWinTib30DjpmfxQUhHILytyqrJa9dheEkvZUyE0sCy0Gilnihet
lNiSDPJTvfP3ZF9VrU9hwHIepW8EFaXgRBRMCTltrkJP+B4HQTagcoN217xD
XzosPRwjTPApe12NqHvGsrMZ7JUmJGghdBjwwLYn9ISl8UyXsu4VX7h19Xxb
NVKyP6FvmvBL09AKC6+yO/k3q9wk9tvvaa02MG7OIxQivXB4NemqZsv8BzYz
GxwYQrItTTGylUz/kVzuq0L232oWhoRHn+6+O8mR02yi/KIt2Y2Dw1W13Mqc
DHX62TXSqI9HNGztW5T3U5dyrRficGeRSirDdsnAu89+r/tNSODMtXIMgfl9
6xxrPWe/Ut+d35VHacNTd5qsvuyFFSamI0lnVGsft05XtrQDoyCNPrUBl8Au
+Wg7vAzQQEwuxY9JwPJoQ8U4l3ugfW8ookBmEQUU0EUMI/vBqzwYkODQhkFj
pnSg69D2WvUo/fJ4R6ZCkkmATq/3sga+uYdlGKA4QGZbUF0jVt/ZU2tJFhzv
x+gcHOH/YB+Wi9sxxFqks3PWKPDUZFEQV7Jvlv0h5ez71W9Oo2dR1/CV7w2u
Tw9KPfaBmi47wfbuuMTw+lDbels1fhtdEZUIN491ClobKghODq0ilNQ9RFNr
gabaKAzWvW2sWlwZeCVNmuYTHrFu08tU9qqj/NTKgEvFeaoRKr8Ovmvww1Er
gl6Jn8eBNETlGUVYLSOOHvxCucDu5nfGLPK+yq9vITZz+1u0wdjAcI4/aTi7
hnT8SUPqDYtQgDVyMHNPplqwiA175Ebr/MWtopzB4jNQk+x3sRq39hYT4aBg
aW601vtW3NNBesPuPTxB/AxEMPwoxSFNEdqW6csUKNd2TPpqymusgWBIQwhq
ZqRzDQNZtsfOxFUU9/FKM128RwSfITvNat6zZbyAq5a1d3TwJJwnS/S//Sx9
chPJ/vak7/tVW5d69StmNIQEdG/e1SfRImnxIaCBk8punQ4JgqZdNQPmOML1
fynVNxnyrPXlhpLeSHdiCkKPctxcwkh2YMS5BXSIYDAYNWpR16UQkxhbIVvw
lNUDvDgv32tdYGmD5dyCrdamoO+G9bHkDSOPuAVkRCa2e/V+jUAxIci2lIX6
abZ3V8+jg6eUxC/hLV8+0loyLacJQPFkN4H9F8qQpgersjrUt5chDckYyUd5
xdo8ofDh1LUh9AxX1bFgSK/ybcOamG4qoyqt7kcjuKhdcMo8dPOgyGjwQGER
kAqhY9WEY02gldJsP2kP/qulWYkNC6vFjorU7koLu0flxwfNknKwSES8jl6i
bYFzhnIRefDOx3S0GyVM9TbFg0keTXYosKtIeA5jPHz0nAVoywX/Bpu35pnL
nG5vAaXuXbDizBMrpjlrHpHHR4dFDRCf1jvRdkONST7vA/h1uakdjdo8y1Ll
od1Si40+YQVoNbeMK7glp5q/HxTUaKitU5OcBdJPKcNNdkcmaaRYNdTlSay5
t32OQLUWrEX1VbmwGrk9BmRUN7gJRwfH95zA78U4HA2Lcx4hH4nHMoCJQ+jv
k3qfMK/G5Zyp05HbdVfWHBKrzGMUmYtW5hFH0Rf9vfrHRRhbiE2F7EtWTuLt
qP5xFJwXA4wqemns7hh8rRvNUfCBkG5tsady2l9rteU0w9H5MmsVAbQEGndn
31uhyW3y78B94yalfhj9bwuSfSF+RKsM3LEGhHvBGUm2G8TWiMQtwWm9ZGco
cq0IwMJcQASVKRoJSDsVdUq3w5Pz3hn3pShw4XDZ7DPpAchtTWjfo6BnSGX2
iUjTxOVlfaOaIYA6nC4MqZ1x6YflJiqD3I/4CdrFVUYeqMUn7cfEO7lalUUT
21foDHJCS5qni5+Uo05aTlxerqAp+X7i2uGGdgbH1FBnmx1bWPX4HgWQ2NeE
TYjdPENEaIIGHrc+pfQf92INJrnSMtt1IK8bWG+DdbMi9DOJ7aF+5yFGNYDi
RKFMcE8tABOgCx3BM31zHe1hUk+I0SIw10tBRpkULoOniIbcb1WNy6Y4jsQ4
08wD2L6GsqVDP21Hbq5hpq0KspFBCtouUfjcUOBTAapOdypabb9eaFJLNAsn
fAPxJDFBj+pVMi/GcKYFdCQm1pty9CLUjDvjrIXvEf764Yvb7YWDg1feKgn5
Ax41wHaJJHGm7UbjomUi/9T+w60dl+XSp9xZ+xRRps2cay3DzoT57kKj6yXm
OLUOpauGl3nLkN40Fj/fMBicVKRhq7xqwykDSRLs86HZim0eW3Z+saQYKK0j
A8VT0udS2lRekhN9xOvsjEwpNiq9Q+hD8Scot6xGR1RyKnbYpJTNFwuCMazo
DZcdLRTfTxZyap8qF+cRKeEYDomJy7IqrWwpGN7vTux4i5eGfOehq60D+xXc
oJi7dMjbvmwj7CelYfiKbu7AY/PckLnJDNOos4gL9RbKh+qVFmCRduNdV0ze
lVR8zzVCYoBlVLc67YkUt3qEH3WdzLnrPEYICsCOXaQdM2e4bIpZx8oqEAQ2
A3M4a6msIalf7lzx/nB9WFJHsmvsZbDQTymYTlnpSmvukrUIagMCUa1kL+4C
b2ZwuOiYtSmk9Lw8OPBwdi5QoLc6iiYoQVvCWUroW+M2xbTGrPOlWZSGieCT
q54+V+tpiCa3BAA0eM/anFs3TgY4BW3gwMW3eucoZTKsAWgSesbtSq5xx8kx
1ixYOze/kmejpGy1ai+Re8mJWiZMq90n+RmmExAcpewGZX/Q57ad26B7hjn5
XUol0ya024g8WHRKo4rCUxhKKzoLNp5WRP9rOvKacBRrABPSmWeUl2und1sS
isroxpL9BNNBAjZOzyH8RgCR9Dzz2+AfAkjh8nCRUBd8NYpgFPxokOfO2kNZ
F+Yw32ydhapL+tkobzVGYKGkQjB7O7Q6aCSKo4JWkFRDWg7G7GGQeD2bAQ2z
+4HevwvOBfs3L5qt6BrDahnMJkw+qmXhfSyiUKolvNnybqvcWERT0PIX0gRE
DqT66AKY2FW3cvJgIRMbycSmnuewXv15k6q26OGuOyEI6nSUpANMyHulqzFy
aRJ+wHCofmZV1TbvnFNiUJ4nSTLah8y1FVKwIUXb2+DRqZbYP6N3oHPgIcXl
sgb+NZEq35TXhA2zObsut16QTmtnXk3mp2WQqGtJbGIJassishcn9jYRfgSE
OGVcJo4j0qVsx+lD4RNNqakEUaaIxaLImZjbRPEMU4TIQJGsRanCx6Sx9Ytk
qA6VVQ+rjoOi+l/8gCPaKkJFt1Hn8qael/FXYWLzQrBbnOBSh1nEbjcpvYQ+
3fgdUkLJxU2SDSfJw8Vb8yzKdgMF7vKq47XXGN0u358kCZ6K/37wXttgSyxw
ADbUMZppmcYqxIKMiJ2XFt0ebb/OvUqlkOcsUDVOP8+NyaBOIM3CtGDngNZP
iJqIOHJ0VY2kmbWLbtJ5fRlxRQdejtil74M0RE1NCax/qfnKPAtv01JVXmkb
wtlHL4e5MbcwfPToPoUoulA2iL+QQmIDVoMjYAoqXxRdjNd1A7N6aqe73h2X
5xOXfom6o7iCS3nMytyYtrq9NF0kUZHDYR01a3kXCyheWWlF0oAJ0nJ22RYx
xv58jTi4mUf3j/T+kdyPhTXiO2RH1TFiTpSKCrWIRjrwZvK5cPOUeG8rhWuB
CdVQkmtF0ZlYkzeu39aTivgS6UzSBeMugnn+/MvbQ0/qaAWdo4PDyixwpaVQ
J2heLXsoatp8xkiLnNYyZ1yMwYHLSD0P6HhqwsSginUzI4cAWUCez03To9/C
phfxEh/5fupCrIKD21J+l3U69nqF6lTEh6gWVStcYkcsyaViOI9YHFXg3CTu
FUtVdAdfJAod4a7Sdhr90uFKl0uqRIBr5dMWhqa8ve7tSeRLTkAI+QDkQ8wq
/9RFqAAfXcZodlwBsH8YMxTRTCOF5E9FbnlVsmShkkSmqrM+1s7JjVpQSPb0
UVSRJxJlvogjq8HPFYKFHnfSD5ZZEZKh0OvK6g7tm7gQAibomIkB+BxJHJCA
pElcaxKhnM9w1KiIoxNj7pet1Oj8wZGujAXDrupaK0yKQsEpvTwyws7TQDSI
KWWLkPCQUi+J1ec+0JMWCWx2l5Rr+3GgZFUsGrRP2AeOJZuqrk6buu2rlOf+
rupt7KWqm99Xuy1U9QRtFoQhowS98xHIQysqEe4SY8VNAs+0koKqWDGmSl6Y
Rpi1FNogXlCrgQ8cZV+bT5aTt4hsqGgNWDxV1wWbYBb6KlrMEnUgxpg4eifU
KvfRAYk+wTyVQQ5XxUChTHL8irqBQQEYpLD8bfYq15ONEv1tHayAFr32Gv6c
xhViq6XaITskik/z7ieLYR+U9coc/5JCFGnsHPg66Z9u2SPn5RlS/nacPqZ2
K/EKpgkVe6DAIc9MFKvBce9X3GB70tiF9FkVv5pkoeWW2RM1MpuRVS8W1v6t
p6U1ezJUV0Y49un4AhZWz8ULzG11DXyTdKtoQMmPzzUFjlbimaXBZeeaBgfm
xC15clv6galjhPdxeo0uetINtHZIAE3y0nNd14ggkbZGlHfEkCwdLJmYS87w
/l0dv7FfWGQDnQu1yqCZsEK23NYejdQpfrn7ZdKq5cHxA07pjujN0NdpfveZ
E8Xcuds5xIab+skiq8MYi8NwbzV6xn/3YlufTdeFzdR57fZMe/Wu3Ggztn6P
NqpRxuVXnK+mjVNVOx9x0wgce6zNh3C5LrC9ZFluMcT6bV64mlODPL01RD+n
+PHqSf1zK2KVA3lJpUOSTRKARqbtY+5gzMBAOQgre2UhDiMKDbGRv3dOiss2
K1syO7BSr6s1hzoTd5jl4VA4Znu5j9Wa6nzggO2Y+ZRqMqRnODpM9LB+yduc
slupPTZFHb3v8vAStT99fP/JALVbJu6nEHuqcKkhr+5OW8XQrbRxaT1Wdpad
iJGDkoiKdJwOVMQlFZYzmyrqEWdFTHYQ1NBguegK6OuL2AMuHsgxaUmDoHLv
HaY27j+Drv0uru7AyBs5a5rcXy2vMSvSVzDgognzzYllaoaYkg8doieF9Vzi
czbQ3FTpIYUl8LBbeSFVRkdv2bRkn4yk/kS8KbLYdVPF4o5WDz3+UuDTlTiZ
1MRsgo83bpfnk6K0gCurxAopCf41hOmBnBnNinGjmP4VlSYFGXkFWjEV3LTi
zKPxZoTh21b7wx0MKxd/yDmoLEuh3RYWOvF4HQ6BrLGFm0EQtidP79KU6CVj
S3yvehhb7TE1rIRa2Rzjp43oEFuYB9eRjRdDDPXd7RzS6FKwU5iSBmojpo/s
OP5b6hTG5RDET9grH+GarKG/f7Zu6LQlBb96zt43ZkOLj+bDF7c4C1NmP+R0
dJz+dn9v6x2+KcfvEfiyVzAgdQC3m2WHMDc+rSgZ2aflS/kgWmDr6fqkQ7XF
LkrOVuQqHipjNqyRhNjlJ3iLYwJL/FG7xmXpYOTDZhOhZ4QmZSbVFLAqKJKI
Cvc4h3TV69q8JcTwR3iigeZfrbtRPRudU7mBYLOwkdLe1i06tkTSMgVmVUQI
Waul1nugNU0rBm8EfavdUWEgrlnsdAI+eIhqYTuIOFIfjraIy6KI5YkcClc1
QfDe9fWA6oCnPTyNWrOHcnbJ8yZIy8wnwS0YWsZTcHI3cKnsBYE3v9fd/vBF
0s5vRw9pdqIpKsv5lIWGsErKCg8QcyaGiRovsjYIDlOhJkmCNeXn66HW1B6Q
EXWlwugokW93GsbTXmmxXvZRUDw2KOM8dRfk0ZCJC8orRicGt7phOGzrNtsV
JfR2k4F2pL0lBDi4GPoGdnKGtiFqO6q/cHs7kJDviG6/OcHSpLWYyEr24Y09
kOBuqJQhK51n8XEyriJYPtZrQZxTCXDivYKqcqc3j7P58ygB2mWGjxvGX5I7
U/wpyNXrxkQ1KHrmpTz0XT7V1aVtWy/Rlr3IQ8nRcrq7hauU44NfHz1+8NT9
+vDo/rYuhAM+MKmYK1Cy4G/xUV3XWDGQm/c4uha2uxJX3B4y8KSS8F9laF2/
5QMtFjB2MNxqd6hBa7rGe7bGDfNS4gFdcy69cYTXbwnte05QeKxUP5/NtwZW
k0rOxHoZ4owXST3M4Y3cs76qQCIDU9F+QxGIJ+EDPTU6HPL0eCdnOu0/e1tU
YfvpILLijcMFGJegiWqapq/5TFoCHYmH99zGfnN0PLStVSiryS4ZJ8Ciap4h
r8Rr7GCYqgl1F0e2rerYVv91uOdw2HpLIouYlUaz/ZU1rRVOTpGcmp9skMQA
3tL5aljSO7W4gmYtOC32ZQMRgVJTSfDxslyWDRUexXYCfUJuh2wOoaRvy6vi
GpvPpSaH6G6uScZQYED4hVDDyhU3clyHYbQpibKRm7PFy6CVHaq8cQS2UAYc
GBeOCPaIx5wO7mdHkxVHILov0lCmeD0MfWINVXxs8O22sLUElhxSi9bNEDl8
UpDHk//BGlWcioi1JhuVFPdkH4Y1jxvOXSUEFj4bcMH4iUqAgj/V1LqMtb1n
cEpv1cWxtq4f8AQfEteOJVYQUqIpCe2kRYH5TqZaJxlzzxNyz/kDPmCoCOKB
tITWDCxt/2wZWQmMHWmA8plM4ka3B+X/d8QjGPQ4Vaf5yMoBh1paClZhLNVX
X+GqS8qZdMbRpAewl7/6SmIuodpw2XBQleWblr2AP8Ckw36NlH2mDaNApanJ
J4bbfrkkRIwWthImL0xI23VI/ruWXTDGy6qrejGKy6Ys0wK7FRAsmOYEurOp
WV2usAJiisLcaAdYlQKtjCJK5QK9dIgfVSkSHqSgJW1GPGgEHvlxMrwlVINW
GCFmYHGZO1Kf8JWoz63nBWUYsHERRhzbCzRRNhhkes+uQByVS+mSsdJysOyJ
EcsAZ2kV7ueESuOzeV1GhSPu9uE/UhKhUFsvXArFrXtdLblgFaO09AfGYx3u
amSpRYg94IXchFFCpqvbRhkDpfi5Q9YOJ5OccowlLAKqWLBQxFd7YBd13JGi
GJD6QeeQ5T4T1zqcEISfUan+a9pWrST91Ve51RY1I6JBeDTtvwStfKpaorgG
rAMyNx8neNbL9cuMIPiTVs5atAHplkYbNTjcbIWnt1l+ShXprFAQNDrT6PgU
UvpPwm4a5Sbu2qsDmFvFc9LR0U0LJDyP6mnQLiPLnVzV2i4s1DUXlEdczFHQ
UPhKdvAxr9YlEx7BhFsL7VgIe4bLRJldVKxoLpGPUGw5fpmycRmRMLze7oSo
35RLuXWj9qpYYVRm2VHCOVYJi1QHhVxrzrWVZibEScR3ZRNE1XFZxVFENLf+
GVTcWaKrFtkBrlMsDfXimyTpEKUVn5W/Dk2SubasnIwfMUo6Ul6ng8OsSOA+
eFqRptFLS8zPyiqZZKfsfHJ8WG0kzlhp27phdTpdfSI9KQ8SKFotqZLckOkz
Yi0pjJIF4NDWgZklvHgIkLjTOiFC4uanQ9nRmks9lIbduzt25UWDtbRuZYkR
psE8e6H2muGFaeFenv10plYi/0bbHdWatLD6llWSgCmpYkqcsvO7eNFeQIz9
OVLoTkxKHqMTyNFSRH3iiXJH2s06athCHuvZvKI8QXUICZ7GZ8BWqLqzm3OB
BL+aD7AFTeJnoO5EXpyn9XykiDXBJyellr4eWOVQIdKkHfLD6TTXBIkOW7Tj
J1hh0ie/HKQ/0lbPNaUR9TTgcxwCbTH12MWznch0zNJCysz7g0g0F1vLRSSJ
ziV9SFNB2AWM9QwT16iIfzIhYZlYq79/dC8M9VvUNJ5JHsNrzJdHP6LgA+7d
E81XozxjxgPyXa2Z+08e33+Id3K5gDprN3AoUO/VneXgUZoT8ZYqyWc/kuvg
wxdRYfnE+0zlNDRcPqVsbyRtrORW+jDFXRwtcV29dJgWeaWmSx1X0FzA7l2K
ajkn1S0kMaRxgdzU065miWoFdeYV9qDiW7YEmnPxF+5VugsW54vsTKZJUBce
J3MRWpjXPBmxNZ4Nlc9i35aFxU1rjhKsjr5CLsSSCgTIZVyoeWVJ2uzl1W4Q
I03gkgz915J0wLoKWq6UBEsE+EwPCRX4oIJudva1E2RAUZwI71TmYOHyVcg2
NWO89fipHUH+YGf6F7cJAgPm+476ynNcoMhCnSlrXKK2OK/tuKTE+HJWUmdA
RWFtDy0dxdul/TyoqJNVQ40cnCHvKUmdQ/UV9+4l962khfSwCaHkfkeeKAVC
muBy24fQqO6/UohKuWmkgUfB890FqXSNLM9+OtBczFP1qqm44fptlE03Ss7h
lyltswrhgwkoQ6657AYQNLk9aAmolju7w5eWBi2jZuf4Yq2ZfUvu9A6mJY7m
Rai1S/5LoyupDoBNBWARgl0u/lerUOfXWE6kVA0YQHjLkF4nXR3R+UTKAg0p
NGFUkHZDzQn95Mx8Igy40qlbqdPd2bwu7kAfFm2JDTKX5usrmTpcy1EySnoY
gT0uYk5QWwWCh05+qGrKkZX4EPlc8W4sjoUtJ7m5FNmF/E3vHQC6XGgV3tBn
irIFHcjYQ4t10ZlL0gt9c5Y8qZrErkwXAna102l/3lg8M8CCpE8xG4m3NXWJ
+gk57EMb8i2Ytrwpw3G2eltDY9eDhi0hV7jHNde+tbFLIuVQcTdJd9BnA70a
G7RC3+HZjsIFyFXMjx7KAbr6IvWybKUDp1Km4vPxYdDFCCRKPQeBXLm8xQln
R7CERElhwTqjPA1m9gAJpxiBbjSXggt1kxNH8G7vV5xmcgOfr2+EiJi1ZyrI
QtGC5ORKfJA5YpnW62tRC9tIm8zYMMYuvPpy8jmbAGUtGPYM6z4Ah6LesjNy
dFeY0kOCaivqjvs4BQD8tkq9smc74XnhOFFiLvVIVpeO1h/WKvOyerQ6tAoW
U6J8qGmcpe5r+DuhDioFGuIhGNrVOaePLQha07E/xPmaWFjycTRGJvIuV1cl
SxRRi3JffNXNxPg3EYhMJwNtvbxd+bSTrk4v/oHbCgY9V10LBeJiqNMqugFK
IFIhW1q+13KayA0dQj5eTwpJ+zHBnUYmiryhokxr08Ps5xWDlAOAPYa+gnlL
2Y+yuBPHDHi3FInl2pry8+rL5HxltRhyV0QlOLE6CqcG929UuYhL8AwMwLD2
chqLeX2J62noQWbxrJnRW04+pXwvDYW4/0a6t3Bak5Dbar7mEJbjCDsbGzb8
Kp4tbdNK0/5IrqV4UKw9wI8A6aLFBzdRAQhh3G8JUMW22/l6geo/2Gx0EUcB
3D4wQXKjw5UARGJKIJwV60dofEnZHpPWhAv0skxy0IQYqWmtaiikqibll4yz
k6YfED/7d8IJzaf7q+NIzjwEKoFEDhyFg8T1ylnoU5cRb1UwOI0dsyAq1H4n
tBjQ3aYqEcVsLgKJOwArvhYcMdMk0omQt+NnRH/CGlSCIoNHZwLVIKnQ61Is
SyTe+GX4danhYx4Cbc/5V3MySIZXXO+BUyOpeZ8rPOIKrm6tdI6dSVAkYDT4
CXogDvOk9UoAo/LmR3AtkEFNRXC42mE7reOaJ0ENKTx/Xb8Wl8cDgvJghHbd
gQowevvDubo47j0kpeVsGeKUrMcvS+4cbnqea9QcXDHsFY1K/8Y1BIvUIsGh
SYEY1lFZAMD/QIy0mu/n8H4qAJKtwIzly6KZUvyPzkqorRA+qedG264i36Sz
y7Fo3Xbkdwekl8Zl4zxywaKcINrN3W8FUH1UoxfHOGRdKjg6JQUCc0NkWiNL
iBpYDgszmjfZyCj3W0whi3hjURmljf1LyXV1BMHGmD08oB++GDTrNVvYQTOo
MBdFTGfrufRKmCU8xhwQTE5pT6yAYVWTW1Gs1AyVBmQI2IVzlbAbZZjaAmSW
kje2aasaRNSMqzrNCUW/IvN/cYSHvsaBzRr2dsWhOt8jYFxR40ofcc6zWak+
U6uoUodGAdugvEe3nCsmc0FWUP8eQq+jC5NQR6wR+sAPHTyrmAWyWxT1Wj6t
+j/zYQmVdsPjMJe0xKBMxfs9Hdy27thnadmWFCOFvbBKwPgl18STYt5V8iKF
v9y1LpC/vVsz+ur9w7V1IQuJa4eGAyUGM4poKN7j3GEGyddMi/0XGlV0UPk5
Ld9TLzONXexYbnGSjwu1SKQHlrSLsAUZi0ZZz0v/WXJNn0bFJKVnRON6VHBX
ozAGMpvp5omUwebKo5ZwQewrGBn9ZheVVFII97Bnq9cq2UWWfFKJm4IErKn5
kAOLL4qNZQJLpcq27BTf8jrZMuRZooZu7/THQ07DZjFjJPBSm5IAWV3Ta86m
o/zS9wV6mUISyl/O+ZC4t3PAg/F2qjYOoaqZ0QgeTAs3AreSaXERzQRNFlKi
ONpP0Yo5usapdklpZca5WhFjx6m8K9lDqv1NSrWbOeR9FgqDSZkKHf4aY0ad
LibH8aqym2kEL31wxA+SKxmUGhsJo/1K+ih5R24KitoE4UAnmLOI2fBZah8e
kFP1emKVLlKb0GpzifXCRdcNzBSpEUwsBgod6lst/cqlkDzeFbXM0Jepwcuq
46eDu0J4wBE/d7bu6UckBuJ59Gr+nf0tNMko+1qdU4JJ4eppSNonyeGDcGYp
wVloZIl5cchXO+XUFHneWMCQFTlfJhGGd61QPe/TY5vhRG0Zqw9KAbSbUH2L
q9s4Gg4dPM0wf7kUxwDisHI9fhItoH6FWrtWv+3KAXs9dqAvi+YvEqyJTKWR
1Y7jOk1NSnzvYmmxckVvhzxZYia77QpzY/L+LqgrDLRo3s3rYhoKCksYlOj8
eb/NkRuMqkz9d6B3MXynWgI/DGAM5rVqPU5hE8r2CgndsRTxhNSWM+bza3iE
pwlsxBc4JF8CPLVAXyFx0/PXL7/77sW+XKldoXhKWFElbUiZgaNJIvMe2bxx
t2L1VnARISeK+sNryLnnG24NqeuoNLaWuIpFcN5yOJrizyeBvW31cprPSsr9
qDe2pqxjlhlE5gl74JKg/a641AhXDUdkfLdHIh1JCsiAGZJPQh/puJBMctZK
Ir/Lie8BWW2z120CXwo2KDUa8qFA6XaXyQxdcZdX4zoU8W25KBaqGjIY9Ypq
Ic8UEq6ILl9GnDVzv+IGY9c112W1is6u4djn6aFg9RzYY8thwW9FTv3AjtkP
X+z26GKBS9sUnSHr+c6xofYxQ9rF9c75iWg28f3cpSTB50mPI1TYvas674Vu
qTQnO6MxF6tCDCohAw8VfR437EKnLJsvwdxJfPQ5gxQlQz9y5+x2y4cgTpSj
dpuPPgprR40PbfLBW7zVYV/scNnbarFj0wl8rjqvbmamsXWr3FtP/5ISwVdr
CTZhnmEnkfyWTcBpqNGCVSKCP89jBbgohCt3y7DL9qrChMybopF70omQyck7
w9mvLjnHiV7aXiDM6wIMeNQdtRZv7pRbcsyqmfDGV7VVVEik+Q00SVLdzI5k
CDiiNhSjmScCPqSKkQFJIFCxT8D441zciJScc4W8WTz07ocPoq6OPJPFmz9+
PBTVMWUZnWT/GP42mpYU85MAl3kiUvSmhZcs3GfvyV27FX01qwacm2VoBsoO
oUMVqtazI/hy6XrdSTxblE5xC7558ezVjz+++Ok59vyWwhxcbSzJVdYhp6jw
ENBjUH0ZN7+OKcNUOoISR6aUx9t71BMjlncg4vPdPfXSvdNdi0nCirXkrqTj
zmA3zZoHxxyU1LRFvaw6ol4J9ptT1YpsZ6tqVc4J04iGBba0eaduiqibEup/
88IVaRBfFrU7kuzNBQsPxPksy8Fmi26/iQOh/zL2m1vuy1a1USJOOBBzzcsK
nFMUnMKbNONvQww8ie4iL8IirAE9hqttIKiWgc/4utKK3YHNq45gbQ5O0eU4
q+SQSucG6A7HYyKDJmQOpJ3sqC0YhzBRk/JNLKtGUDiq2JimEYCzGmy7AZqi
sIHZrglRXmB9Qg21MVpK1YdzriaJoTdETW6HUkXNXaTF0jVrf+pMjX0dRab1
Kbd0vGwlX5GAklLVknjteKN9uk/2OxH57WCzfstHg531VquXq0weHX4nHxNp
FirxBdUpdzKDnCuKWnX2Xmu5hMXDdp27Nam0ZONSsgOuS10kj0esFwuGDyo/
lURHk77OKRHVm/JGpXFd2idFR5Kmg+WWcWXKqa0ugqkJ5K61agO4kjQE7RzN
dMFNgGDfrksf41DPkPnlb6OdfDBKkHZeYLIYUZHWZc8RnHTPZGqUyroyxvkm
7YDipfDudpaxB9xV95XjP4yF1PaXDrSpuIS4PR6qOBbFjIlKO99w2zvtKsRr
iHx5xAthme4SK6f4sGEZ2jgBXsGfQPvAai6tDTby/gDeCs1wqhBCpJALGzHf
F+1VdmZt588uKZuSjeuhjICCbxD1a/+Mg2DLu/1qQx3uExq3dfQiNiOgPjjn
81LQdovqUpwl2p8UZgi8lLQmsikVxmdBxtyvA+OsFtV7rtXqS0/YtzUb1g0U
ay7Y0GJwp9rCqRrr7l8Gqa1ZxrDyzxUUhezVgFofvhgGS8XZsDurolGV0giV
7ZDDdMT6SBtmMDcF8Zo66J9DoHLXhoUstKxgBK4Br1hTZeUW09idtRQ4DLWM
GIKtxQV+01ZqAgcPJQcdM0TIqQl9cv05T584gnwjxCHfX7+RXK/livBibpk0
XDlQnAseB5cHfWFLJYO72yu8ubu4yATjdxnoSQ7jQ5KpcBOsMK5W3CxRD35v
2VjVoUVNA//CswKbJMnFUVaVKCRtY6Siq4G6pUahNRbiIIAFXrxlwU0BcsYn
SKWlG3QIcbZJO2mwBP8m4ohtNec4GZV6Y1P2pSg2YgQpIC2FLCqcrX3H4EcP
tYeVXPe7aFaJ3pBCDAKyVTp7misggWO4s0iVXK8RtmeIcYMdoduBKvfMIkCs
ts6EObwTpbWHjzV2xlkcTcC80ixqD3z1nGEYBOs9hTsAsTU7ZPHF09wyEvCc
zrUDqu/gZonw02BJO8dpDHGRiHbSkE7oFfWUNtghakDVSzuHQ9V73rz4959f
vgGzlx+KokyxfUH1M8mHRw+KKTNdkxHGnE/mJDs4AC7kKWEfBGaIqk+we9Oh
tMjdw3Ve88gKjw+ndu5I9D3dsoJUbQM1op8NzEyyf6INTLkYcw1UsonRIA1a
BRlplYUhCe+RosnyVc2cMFdp9oxE+DloUAcHcbJEIQXjLUna1Y6ghy4bdOaj
oVw0c0HHu89aJgFCwSh+GCE+4AsP7t3DjXsC/0EofCvpuX/+5ZwVLEyDBc0B
duOfIeiDgdZHD9bNHBjCpGbDg1vTac0wS/Pnj3Mmtu5Dqr4hxrGcdyN49ahd
t6RANC2bE+YbQxGBitJNJbhFS2HWdF0ef0ADBrArtTpKLAfZMQtZFj2AXkCb
ujdRU/FsVnURWIVRHkAo/wStZT29ZJuglEzUxQo+jxpRVLcKI5pXWrFloAcW
vQyY1ZRcL1K/RSAUUVEU63lTXNfVtDXICUJs1VMV1S6SSjyeBL+zGBq+XwC4
6qq3AJuCvtq0K72LstIOWGsrqVXArJa7PsMKU9Jh5zHssJlVPR2In7AkvkHZ
LmFPRCqYv1CTW/DF49LKAahJJ/ZCMChE5+WTSNAHdKFqvQ9mctz9FZenBwnv
d2kT+9vX5BA5hvNPUOEtFpYItLalWRs5oSrutUeOviY8wpyKVcjQTmxaCDxx
vaRVF7syAIJ8dCFYdR4R4ht7YVLIxPnjc0Z5SKyd2Ocqwf6JkrQnbhvfd4lZ
TC7svRcIG7/h/GX8pZC7YgG0tC6GtqMoQkUJjnvm7MtCVt+rJHpL5kEiZrVG
S4hGS2cGoMtNbQVNmMS4rce4Iw+5gbjx5iCcBvvqpd2eFDJMBaQOcxExceQi
whMG1LAvR2hgu34071wQKm8CUbx0weUQrjPrR719joxqCcQyPfEkkRwS+EuQ
95H3Z0G9FE2kWDakvkWktYZ8UdNRHOyeSJjgCQomKcl2r42YUomswoLBru8A
FaOknIujyGKIQwMuc9UfNIPwBghQZC3p5H2fdeRe9KL0OCbFfgzPGvxCJBJZ
+oRNMKgj+S+2B3us7Ftk4bPf0e+zFh2j44ipu1gv4LU0u9lZLgCOKLbAiSK3
FLsHJgRD3HCk05yFN4XPeSJDmFjuCfNfLHU/aLFjcCWUOa1AYkibhSgTTPIH
ubGOmexoI+CIZoInU/XwlEL5V9yYiKB5zEjGEpBQZQgF94KLRTFuHx5DX4+U
QkCfcRTRwcR07K4wCSjcIBHCtELBRrd0mv3Msibk6vgWkzC9n5JorDbX43B/
z9aj0KPLo0C8N/F42D0YCrJj3moMXDA3+QWHLTL1uTRGMqViwn7VGoFMUm28
n87Wulhlva3vLnsoJs1m1dWXTbG60lqLQxtGqhqq3VF/1i8Tl2mecQc/h3Dk
UDBzdx6Qxl+4372yh7g01sW7ahrFryxTJ2xve6jeIlS02k7644Z6QlSvOO1D
n1PEUJiRJC1yy9KkhSwMQvac+9Xpv9TlcGGfRzAsRlCLOaMn0d9g7mAdPKN0
PAbY829WVvA4hQ5QvMu0yWT2Kqvkwca0S/vHBwl94ThFBGeUoYkagYxdBjv6
PWXioWW7Szoz5K8un8GMW/KsSABBU5uRbn/EFhwijAfN6wXfoOzV9VDjyi+D
hmSlFROlkD9Rrbpm+oq+OtpQ2bVs8C1OQkkekgoxBm0j1daN7nSoTxsdQylu
ONyo7e72OutAOlgfPMw/eSFvUa+FHOcREJRbl5TbnqWkKespNCjpU6oKR02/
c4wnTFw9zJ/fvGTLpQYbl3kk5cu7KC/TOqXkW/a3MPCjQadnYvgXXohRbEXz
6FAKdWRJI5tET8Z1mfYfptA3qWug8L7jcjz1nJNXB2huRRKbDGGdo5a1txbq
Qo9RQ29qCzCeF8t3pfTabKVsA1us4owf/qi1kwzsLUSdpQKiq3uGoYnl9IQM
rdGc05FNbWLBzB8NgOHSaVqLjIosWdHg83Iu0dHnRmFJQcx+aXpcIO0+Ko+P
HIEOtYo9UToFpndJJYPMAUsVA+DOEf6RRVXQVJBYKhidBftolNPurBapunUT
oceEb1LyZ3D4UFq0vs7NgRymRdOWo8uGhNTWUg0nWQiuka040IchNBlCJViD
yvNyJB0yZBpa8l3EAZwN4iTEItUqAIkLB9RVJ41s+5rFDKcSWpg2vY0b6Vjq
7hBwwWQSWjJ4fAfwDzE5W01N5SQh8hyW1Yp5ukOH66XKI/nQxLOAMEyTjKEJ
EuMIt+jjPETmYfZwE9YxH+j8E3diB0kiYTPQTqiL6GvSTCRcKZqV5rNM9aYo
QwVHHutaExpmH6wbNBTvUdDWZA6bt7QA2rSS0lRLVVCP0oZRrWLiWTACOTbo
8sGO6xlvcavGi0DzxZxUsGRsGOYOgBmp60miitf/oklG9XQGmSD7lwf0+jZq
hjtdk6aZx3rnlkg8a7wcxgoqboMMRf1+6sona51/n1K1vXHIBQMttVzyv0LE
jgwvKtOXWl2o22DYI3uLucJvOIfCEpw90Ml6mDXuJl0737UH30aZx2KH3Akf
aO9YmoaUR37yDXdjwwwqfAZVsRNQarhYPH7iAn87X487/3OSQMuiWUuoW67d
SfbT12f426uV1hvu//ZCXNgc/7ClOcmejLGZhtVmcE555x0fqXdcipiyO+bh
MVaG078xuVqCK+K1Mgf6iBzoCMYuL5nC1M9GjjFxi969OLo4DM4wVgismF06
bq6b0crPo/hnzPOeJRA26+ngsgxfhlwpBjakX5HVe71WaEtUW/kki4iHlLuw
peISsX5ugWZOBm6j9nFUe4gxESSPTBXl9AyupnvO2sP39UpsTJrKdyDWGFIc
irBumc1ZqEztWlGcHGRZxtoQcBrOEZhXhdgNoQIpTwBfxff/WFwCs1yusT70
3fbQ//QdMnIrBZ38+COWPurq9irjPBQkfKQSuw3XHcgAjt9/y9BBNdfCf9RS
sKY8XxqWNuvyk8n+UjTz7MfJn8QplgtX/7d3cD34yo6AwJUQyEG6bqlPGyJh
X/0kurDKKeLPcsNP9bKktSTd9lM/94z7a4jqO8esrJcv3n7HwJs/vzp/sTuT
frjoqDoyHG9qHUMxkATe41nP1xekY1fvc8fgqK7tkpuJb1YcV+TSkCyIqVn5
L+VYWoY8Y+XuM3BW/OIzLa3OnHXwWymPZQ4k9WlJDf7JcVG1HMOvz0ObBziO
2hMtsmCp7ByrFqyEcEVAs9mHRZzb32fR/p7/iRhaVJz9uawOEX3MTHZOJDRb
2zKjb7nlmjYs4/A0+xH8e1ghbm9pn/YlgeBYN//DpicV3LfM521c9PvusHvG
abKHPnVCoi+0r43Y6uyJfa1GzB82L1+Nfcvk4Cdrryduah6dJFhwFz4SENPY
fe+okaLE7f+dMwtZE586LxubS0jbd15uTT7bzFJOZchgcrjlvjHVRQQiJtAW
cNlfqaqAmLguSX282T88E3KXLEqiSBTK9sol0kCu7WQdSSMX00lc4wNdnvu8
mFQPUpmx5HosTsSBvnUVreJ5QIrM4BhG/N3wl/57HFvq0Yu9b1xm69W00ObB
7MhBNIWBIFCoSR0U2iHgdz1dE/2jVtN1wainkro5YPVoYiIUveB5SKyFWBzh
R0UgBEIcmQ3D1W8iaoR5uh1hZ0LAUyQtDw513ERSJ4zCdYjRoMDdtUAp7RGe
uynoKqF9WALgFfm7OUSJb0Vn7WdSG2hJF6s1uXWuJJlueJY0TkfvJwQlc6fa
+y+Ktq0nFe2aUTKdXW2n1zvB8GfKDjANUBgdfVyP1kmmBRObgXIZm8A8xBNO
+OdbP8fNLUm1fh16bn8GJcb1qxcdJv2KU188cn6sFiN112EKt4ciu1CaNcc3
kHJK6E9mwFGnwM/GLW3Rdraa/jxmtryLFNh4LXd+PNUOnzw4fqDraQMc0qtC
L+3o1kisvbQmsOpx4t5+AsnPXZG3PDMcR65eVMsk5X4JVry7r3Z+/h17vaNx
/OferzYl/u3fTrfL2tfftl2GjN5ntxwkSb7PTeo9oDxIqs/btv5zKmE7V6QP
Gv99S3NbL3Om+fm8P9U/gGyH+l9b6+3PQLdD5Lrrmz3jU5tvw/S2mZ2fZnBa
V+nxJo6Pfk5CutWw3EItvsqgDTQ6IeK0D8QjVEJYViWhz0cnINixsTfovuxf
TMlgvK7mwb3unGnaa4Go+XkwOvbr+ZkPvfFND+a6vwkQvQ57eSQNWePOblG3
vf6jaSfhlpAF/TIuXbiRQYBWNoliN1hXn9/6CzyOp+VPTb1eUQBpbYG+LQim
HIwZjHKOzDK37JNcESa9Qo+uB9ndfpFHLuoYVXw8JCQad6zmRTUttpzBzkrO
NdsdSdmE1EvclDozRUhKL+wRrh4BIl+6oCbSLQYm6kZhLtcVJgpLrsMY+aKS
Jr+QEAiYJE7YQcr4awe81WBWleV0jBnhoFmsF2scBOI0RqNRhpe5hyKV2WnZ
cShFd1qz/zA/HMb6HlMibjC/sA7VBySNgtGmRUjFaMrg9A9dy7R0netExm7E
fs0WbUsHpoCkD/pMDBzJkjNV5vM1c+RrTtDE3vU+zSGPwKQU2eqkVmAc9BTX
vqlTowLMGEFijORWtOvgTm3TSoFV34KPu1K3vghLjM+OSrHIHB3Rt5NyWcBZ
oXWtlmtFcN3UxPI4QOzLIu3dPc6bNVjYO+RxMeQQzJyX8v4R2GAV5vpj0e3S
dYnnrCaYDhxnkJhn5yHDgm6kKr2CHtYAxFQT8uXdwtIbelosOmyaWYBtXnM+
SV3PtWQf9lwI6hDNih3HQrLAw2FpMIbhuC6niJD1GAC5vBJM4X5LdDeSPAsQ
wv/5n//5WwuS8sNBlt0Ba/XOSXanfDJ7UNyfPhp9Mz6ejB5MH5ejp7OHxeje
5P74wfQR/HyvuJPjA2Bu4gNXXbdqT77+umiPkgU4kl3k24v1NLp9Ve2+H7bS
319NV0dhZ/TWr8FSb9qvabvlM5MOHsMZ9d+B697qoxhi+Fp2ZIS/0POfPC/+
yq8i6vBBgdrpr35A/SERVcVjSklUXjQ4sv6KhLuTYRXVr/SxO/T7R/j/H2nB
JstZWLDf3uFg77yF5fjzX97esZuYfelpg1v+zvf/i6KB7/2rztcuHf8rPv+P
gedNd7rDSY7uFuaQ7gPMltzr+UL/5YlaJq8++IhUfnDQLy1B/Q2iUnvR8SSg
VmWKMfsW7czvOvLGGeGes3NGIUxTRpmevmRr96DU//cfEKMujmiEUTGr+Pte
vOIf9pZVc4Vv/x+Lb/76Hz80T1Zv//mXn6Z/e/jL/fWL8eTB5fezx7+dtf/+
9M2j62+Xz47r5/feCR8r8NPHjx8/evzg4fGTe3QRxJxcfPLN/Xv3+KKwyIez
++WT6dPj0YPi0Xj0YPLNdPSkvA80WTwdP5k8Bib5cHZnmPCOY8LDNL2KEatI
HyCfWBxZtf1IFknHzKpT2cHF/82evIWm9mU1v5ewxAV5+6O30+H+XPFTeOIu
jrgnIW4n9UCHnp6OH+5BT4+L48nT8sF9ELkPp6MHs0fF6OnkSTm6P8W/n4zv
TY5Lo6e3V70ysa1vgUlRId+CUonFlN79dSoXavGVvxg8GSX/7koOIWAYa0lW
/QE91wyn+rak+jL4kdanPpJLyX01Z9RsXOyZMJeqcqd1XFWHrkQrVZPhy9bW
QhJC+GMhk8fXlAoKoBRtdQVpCWSuNXXGMpGqE8R5XHuP8j9CYtPb3gvzRBoN
iRZR5W476LdoYv/fERx76S5GQ3vzbi9O/vJ08fr6f/zH/R9u3i7fPJ7+bfLi
4fr78ZPf/mfx4PK79lH16t1x8+yb97/cK88GxMn9e7cf//Hj6fHsm+Lh6Mnk
fsnjejq9B0Mq4eLk8fgp/MyvDhGmvTX1wDYqI/tgUYY6clooN87oAbNFaDXp
3o6JIq5Cf6+AVJRP0sblwwyRUA2WDEoFpn+Xq+E5dDzoOuMfzGLz6IaZVFXH
Mw7y8nS/Kl3MPVx6s2IrJF9DIfBxqdiBus2IDpG5y6pGvMT4647SiUkBHUXK
DhSDbKNRxPXtTgfbSMXF5y5M874Y7vU1sUQeuHG6nkSVGZMKir5UUPC6WPF6
KUwYeB9lA0gC4dV6McYcsq6VMn4q0HaVQTcfdU9U3r0QBoEQhTOkEPz7MHdu
lnD7tsLZp+JesYoeSZNc39k5yrcsOqtcTrSyf+HtFNasnSYKySCXfErnN+AI
++gVpp1I/8vsmXqUD84xIid9IWItk4sCddmm1FwY84VJGI+O9LI2jxA1utPI
8tnLER88KvuswrN/XK1IkWY4mPwetMPIhcJAq93OEz1ZLbbRppCh5E56X0iB
dbRGJTdmjmujceVay48Y9pIUDyYoNh6NjscgQR6A0Bg9LR5PRk+A7z6Y3S/u
AUv+X16S/396Sba7MG71WMyKeVvGmj6VwHMRRZcPoyk5/8uX8Ll8CfINje3u
+6DOrN1iBe7lVXg6+Wb8eHb8cPRoSmrgk/FofDx7MCofAmMBHXD8zexR8CqQ
6QEytJba32Mzo7hurVZPNB6n+WLbmhQT6V1Y4YnONSh3UW8uqOZZvLHUZT2c
1nq0rTYcRiluCclr72QW5lWzE5Zh9UirVkvUNoMfZsHTT3WzJIJUCIWG3rdV
fBGBF4rB2TIVISaEzZO4+TLlMAksAJfiwrZJzWIninxb5LynHrptGCpprIrR
aRQY2lrNJFVhcDu4fHL8uqQ2d2R9h7AulbBYbat2ffB/ASMDfZK3iAEA

-->

</rfc>
