<?xml version="1.0" encoding="UTF-8"?>
  <?xml-stylesheet type="text/xsl" href="rfc2629.xslt" ?>
  <!-- generated by https://github.com/cabo/kramdown-rfc version 1.7.39 (Ruby 3.1.7) -->


<!DOCTYPE rfc  [
  <!ENTITY nbsp    "&#160;">
  <!ENTITY zwsp   "&#8203;">
  <!ENTITY nbhy   "&#8209;">
  <!ENTITY wj     "&#8288;">

<!ENTITY RFC2119 SYSTEM "https://bib.ietf.org/public/rfc/bibxml/reference.RFC.2119.xml">
<!ENTITY RFC3339 SYSTEM "https://bib.ietf.org/public/rfc/bibxml/reference.RFC.3339.xml">
<!ENTITY RFC8032 SYSTEM "https://bib.ietf.org/public/rfc/bibxml/reference.RFC.8032.xml">
<!ENTITY RFC8174 SYSTEM "https://bib.ietf.org/public/rfc/bibxml/reference.RFC.8174.xml">
<!ENTITY RFC8615 SYSTEM "https://bib.ietf.org/public/rfc/bibxml/reference.RFC.8615.xml">
<!ENTITY RFC8949 SYSTEM "https://bib.ietf.org/public/rfc/bibxml/reference.RFC.8949.xml">
<!ENTITY RFC9052 SYSTEM "https://bib.ietf.org/public/rfc/bibxml/reference.RFC.9052.xml">
<!ENTITY RFC9110 SYSTEM "https://bib.ietf.org/public/rfc/bibxml/reference.RFC.9110.xml">
<!ENTITY RFC6838 SYSTEM "https://bib.ietf.org/public/rfc/bibxml/reference.RFC.6838.xml">
<!ENTITY RFC7942 SYSTEM "https://bib.ietf.org/public/rfc/bibxml/reference.RFC.7942.xml">
<!ENTITY RFC8126 SYSTEM "https://bib.ietf.org/public/rfc/bibxml/reference.RFC.8126.xml">
]>


<rfc ipr="trust200902" docName="draft-morrison-consent-settlement-01" category="info" submissionType="independent">
  <front>
    <title abbrev="Consent Settlement">Consent-Bound Identity Disclosure with Subject Settlement for HTTP-Native Agent Payments</title>

    <author fullname="Blake Morrison">
      <organization>Alter Meridian Pty Ltd</organization>
      <address>
        <email>blake@truealter.com</email>
      </address>
    </author>

    <date year="2026" month="July" day="05"/>

    
    <workgroup>Independent Submission</workgroup>
    

    <abstract>


<?line 59?>

<t>This memo specifies an extension to HTTP-native agent payment
protocols by which the disclosure of an identity attribute about a
human subject is bound to that subject's recorded consent and
settled, in part, to that subject.  When an agent pays to read an
identity attribute about a person, the extension requires that the
read carry a reference to a scoped, revocable consent grant issued
by the subject, and it requires that the payment's settlement
instruction name the subject as a beneficiary of a defined share of
the read's price.  The extension composes above an identity-
attestation envelope (which asserts who a credential is about) and
above an HTTP-native payment flow (which moves value for the read);
it adds the two functions neither layer provides: consent capture at
disclosure time and settlement to the data subject.  The wire
additions are an advertisement in the server's payment-required
response, a consent-grant reference echoed in the client's payment
payload, and a settlement instruction enumerating subject
beneficiary roles.  The extension is settlement-network-agnostic and
attestation-format-agnostic.  The memo is Informational; the
underlying COSE and CBOR formats are normative per <xref target="RFC9052"></xref> and
<xref target="RFC8949"></xref>, and the HTTP semantics are normative per <xref target="RFC9110"></xref>.</t>



    </abstract>



  </front>

  <middle>


<?line 82?>

<section anchor="introduction"><name>Introduction</name>

<t>An agent that pays to read an identity attribute about a person
participates in three relationships at once.  It has a relationship
with the server that holds or asserts the attribute; it has a
relationship with whatever payment rail moves value for the read;
and it has, whether acknowledged or not, a relationship with the
person the attribute is about.  The first two relationships are
well served by current work.  HTTP-native payment protocols such as
<xref target="X402"></xref> move value for a metered read.  Identity-attestation formats
assert that a credential is about a named subject and that an issuer
vouches for it.  The third relationship, the one with the data
subject, is unserved: the subject neither consents to the specific
disclosure at the moment it occurs nor receives any part of the
value the disclosure generates.</t>

<t>This memo specifies an extension that serves the third relationship.
It does so with two additions, layered above an existing payment
flow and an existing attestation envelope, neither of which it
replaces.</t>

<t>The first addition is consent binding.  When a server offers an
identity read for payment, it advertises that the read requires a
consent grant from the subject.  The client supplies a reference to
a scoped, revocable grant that the subject has issued.  The server
verifies the grant covers the requested attribute and has not been
revoked before it discloses.  Consent is captured at disclosure
time, against the specific attribute and the specific reader scope,
not inferred from a one-time account-creation click.</t>

<t>The second addition is subject settlement.  The payment for the
read carries a settlement instruction that names the subject of the
identity data as a beneficiary of a defined share of the read's
price.  The person the data is about earns when the data is read.
The share is a policy of the settling substrate, not a constant of
this specification; the specification fixes the requirement that a
subject beneficiary role exists and is settled, not the ratio.</t>

<t>The extension is deliberately narrow.  It does not assert identity;
an identity-attestation envelope does that, and this extension
composes above it.  It does not move value; a payment protocol does
that, and this extension composes above it.  It does not adjudicate
who a credential is about; it binds the disclosure of an already-
attested attribute to the subject's consent and to the subject's
settlement.  The two functions it adds are the two functions the
subject relationship requires and the adjacent layers structurally
omit.</t>

<t>The extension composes with <xref target="X402"></xref> as the payment flow, with an
identity-attestation envelope (referenced abstractly; see Section 3)
as the layer asserting the subject, with <xref target="MCPDNS"></xref> for substrate and
key discovery, with <xref target="IDPRONOUNS"></xref> for the subject-handle namespace,
and with <xref target="IDACCORD"></xref> as a sibling consent-envelope ceremony for the
bilateral-agreement case.</t>

</section>
<section anchor="conventions-and-definitions"><name>Conventions and Definitions</name>

<t>The key words "<bcp14>MUST</bcp14>", "<bcp14>MUST NOT</bcp14>", "<bcp14>REQUIRED</bcp14>", "<bcp14>SHALL</bcp14>", "<bcp14>SHALL
NOT</bcp14>", "<bcp14>SHOULD</bcp14>", "<bcp14>SHOULD NOT</bcp14>", "<bcp14>RECOMMENDED</bcp14>", "<bcp14>NOT RECOMMENDED</bcp14>",
"<bcp14>MAY</bcp14>", and "<bcp14>OPTIONAL</bcp14>" in this document are to be interpreted as
described in BCP 14 <xref target="RFC2119"/> <xref target="RFC8174"/> when, and only when, they
appear in all capitals, as shown here.</t>

<?line -18?>

<t>The following terms are defined for the purposes of this document.</t>

<dl>
  <dt>Subject</dt>
  <dd>
    <t>The human being to whom an identity attribute pertains.  The
subject is the party whose consent is bound and to whom a
settlement share is directed.  The subject is named by a
Sovereign-tier handle per <xref target="IDPRONOUNS"></xref>.</t>
  </dd>
  <dt>Reader</dt>
  <dd>
    <t>The party, typically an autonomous agent acting for a principal,
that pays to read an identity attribute about a subject.</t>
  </dd>
  <dt>Attribute</dt>
  <dd>
    <t>A single item of identity information about a subject (for
example, a verification status, a trait band, a recognition
reading).  This memo treats an attribute as opaque; its semantics
are the concern of the attestation layer.</t>
  </dd>
  <dt>Attestation envelope</dt>
  <dd>
    <t>A signed document, supplied by the layer below this extension,
that asserts which subject an attribute is about and which issuer
vouches for it.  This memo is agnostic to the envelope's format.</t>
  </dd>
  <dt>Consent grant</dt>
  <dd>
    <t>A scoped, revocable, content-addressed assertion, signed by the
subject, that a defined reader scope <bcp14>MAY</bcp14> read a defined set of
attributes under defined conditions.  The grant is the object the
reader references at read time and the object the subject revokes
to withdraw permission.</t>
  </dd>
  <dt>Settlement instruction</dt>
  <dd>
    <t>A structured directive, carried with the payment, that enumerates
the beneficiary roles of the read's price and their shares.  A
conformant instruction <bcp14>MUST</bcp14> include a subject beneficiary role.</t>
  </dd>
  <dt>Disclosure event</dt>
  <dd>
    <t>A typed signed record, written to the substrate's identity log,
noting that an attribute was disclosed to a reader under a named
grant for a settled price.  The event carries references and
hashes only; it does not carry the disclosed attribute value.</t>
  </dd>
  <dt>Return clause</dt>
  <dd>
    <t>The requirement of this specification that value generated by a
disclosure return, in defined part, to the subject of the
disclosed data.  The return clause is satisfied by the subject
beneficiary role of the settlement instruction.</t>
  </dd>
  <dt>Substrate</dt>
  <dd>
    <t>The system, operated by a substrate operator, that hosts the
subject's identity log, holds the settlement policy, and executes
the consent-verification and disclosure-ledger steps of this
extension.  A substrate defines the tier schedule and its prices,
the recognised reader classes, and any additional beneficiary
roles it supports.  Multiple substrates may interoperate; each is
responsible for its own identity log and settlement policy.</t>
  </dd>
</dl>

</section>
<section anchor="architectural-overview"><name>Architectural Overview</name>

<t>The extension comprises three composed layers and a record, each
addressable independently.</t>

<t><list style="numbers" type="1">
  <t><strong>Attestation envelope (below; not specified here).</strong>  A signed
assertion of which subject an attribute is about.  This memo
requires only that the envelope name the subject by a handle
resolvable per <xref target="IDPRONOUNS"></xref> and <xref target="MCPDNS"></xref>, and that the envelope's
issuer signature be verifiable.  The envelope format is out of
scope.</t>
  <t><strong>Consent binding (Section 5).</strong>  A server advertises, in its
payment-required response, that the read requires a subject
consent grant.  The reader echoes a grant reference in its
payment payload.  The server verifies grant scope and revocation
status before disclosing.</t>
  <t><strong>Subject settlement (Section 6).</strong>  The payment carries a
settlement instruction enumerating beneficiary roles, of which a
subject role is <bcp14>REQUIRED</bcp14>.  Settlement to the subject occurs at
disclosure time, synchronously with the read.</t>
  <t><strong>Disclosure ledger (Section 7).</strong>  Each disclosure is recorded
as a typed signed event in the substrate's identity log, binding
the attribute hash, the grant reference, the reader, and the
settled price into an auditable record without exposing the
attribute value.</t>
</list></t>

<t>Layers 2 and 3 are the substance of this extension.  Layer 1 is
assumed present and is referenced, not defined.  The record of
Layer 4 is <bcp14>REQUIRED</bcp14> for a conformant disclosure but its transport
and retention are substrate concerns.</t>

<t>The extension is carried over an <xref target="X402"></xref>-style flow as follows.  The
server's payment-required response advertises the extension and its
consent requirement.  The client's payment payload echoes the
extension, the consent-grant reference, and the settlement
instruction.  The server, on a valid payment and a valid grant,
discloses the attribute and emits the disclosure event.  The
extension uses the host protocol's advertise-and-echo mechanism and
its request lifecycle hooks; it introduces no new transport.</t>

</section>
<section anchor="tiered-disclosure-and-pricing"><name>Tiered Disclosure and Pricing</name>

<t>A read of an identity attribute is not a single act of uniform
value.  A reader may seek confirmation that a subject is known (a
low-value verification), a single attribute (a moderate-value read),
or a comparative judgement drawing on several attributes (a
higher-value read).  An implementation <bcp14>MAY</bcp14> price disclosure in tiers
graduated by the depth of the read, and the consent grant <bcp14>MAY</bcp14> scope
permission per tier.  The extension treats the tier as an attribute
of the read advertised in the payment-required response and echoed
in the payment payload; the tier schedule and its prices are
substrate policy.</t>

<t>A verification-tier read that returns only a boolean known/not-known
signal <bcp14>MAY</bcp14> be offered without payment and without a settlement
instruction, at the substrate's discretion, because it discloses no
attribute value.  Any read that returns an attribute value <bcp14>MUST</bcp14>
carry both a consent-grant reference and a settlement instruction
with a subject beneficiary role.</t>

</section>
<section anchor="consent-binding"><name>Consent Binding</name>

<section anchor="advertisement"><name>Advertisement</name>

<t>When a server offers an identity read that returns an attribute
value, its payment-required response <bcp14>MUST</bcp14> advertise this extension
and <bcp14>MUST</bcp14> signal that the read requires a subject consent grant.  The
advertisement carries:</t>

<dl>
  <dt><spanx style="verb">extension</spanx> (text string, <bcp14>REQUIRED</bcp14>)</dt>
  <dd>
    <t>The extension identifier.  This specification uses the literal
<spanx style="verb">"consent-settlement-v0"</spanx>.</t>
  </dd>
  <dt><spanx style="verb">subject</spanx> (text string, <bcp14>REQUIRED</bcp14>)</dt>
  <dd>
    <t>The Sovereign-tier handle of the subject whose attribute is on
offer, per <xref target="IDPRONOUNS"></xref>.</t>
  </dd>
  <dt><spanx style="verb">attribute_ref</spanx> (text string, <bcp14>REQUIRED</bcp14>)</dt>
  <dd>
    <t>An opaque identifier for the attribute on offer, meaningful to the
attestation layer.</t>
  </dd>
  <dt><spanx style="verb">tier</spanx> (text string, <bcp14>OPTIONAL</bcp14>)</dt>
  <dd>
    <t>The disclosure tier per Section 4.</t>
  </dd>
  <dt><spanx style="verb">consent_required</spanx> (boolean, <bcp14>REQUIRED</bcp14>)</dt>
  <dd>
    <t><bcp14>MUST</bcp14> be true for any read returning an attribute value.</t>
  </dd>
  <dt><spanx style="verb">grant_discovery</spanx> (text string, <bcp14>OPTIONAL</bcp14>)</dt>
  <dd>
    <t>A hint to the reader on where a subject grant may be requested or
resolved, expressed as a well-known URI per <xref target="RFC8615"></xref> or a handle.</t>
  </dd>
</dl>

</section>
<section anchor="consent-grant-object"><name>Consent Grant Object</name>

<t>A consent grant is a COSE_Sign1 object <xref target="RFC9052"></xref> (CBOR tag 18)
wrapping a CBOR-encoded payload <xref target="RFC8949"></xref>, signed by the subject's
Sovereign-tier signing key, the key bound to the subject in the
subject's attestation envelope (Section 3).  The signature algorithm
is carried in the COSE protected header; the algorithm floor is given
in Section 10.  The grant payload is a CBOR map with keys:</t>

<t><list style="symbols">
  <t><spanx style="verb">version</spanx> (text string): <spanx style="verb">"consent-settlement-grant-v0"</spanx>.</t>
  <t><spanx style="verb">subject</spanx> (text string): the subject's Sovereign-tier handle.</t>
  <t><spanx style="verb">grant_id</spanx> (text string): a UUIDv4 identifying the grant.</t>
  <t><spanx style="verb">reader_scope</spanx> (CBOR map): the scope of readers permitted under
the grant.  Keys:
  <list style="symbols">
      <t><spanx style="verb">mode</spanx> (text string): one of <spanx style="verb">any</spanx>, <spanx style="verb">handle</spanx>, <spanx style="verb">class</spanx>.</t>
      <t><spanx style="verb">value</spanx> (text string, <bcp14>OPTIONAL</bcp14>): for <spanx style="verb">handle</spanx>, the specific
reader handle; for <spanx style="verb">class</spanx>, a substrate-defined reader class
identifier (for example, a recognised-member class).  Absent
for <spanx style="verb">any</spanx>.</t>
    </list></t>
  <t><spanx style="verb">attributes</spanx> (array of text strings): the <spanx style="verb">attribute_ref</spanx> values
the grant permits.</t>
  <t><spanx style="verb">tiers</spanx> (array of text strings, <bcp14>OPTIONAL</bcp14>): the disclosure tiers
permitted; absent implies all tiers the subject's policy allows.</t>
  <t><spanx style="verb">conditions</spanx> (CBOR map, <bcp14>OPTIONAL</bcp14>): substrate-defined conditions,
for example a per-grant read ceiling or an expiry.</t>
  <t><spanx style="verb">inception</spanx> (text string, <xref target="RFC3339"></xref>): start of validity.</t>
  <t><spanx style="verb">expiry</spanx> (text string, <xref target="RFC3339"></xref>, <bcp14>OPTIONAL</bcp14>): end of validity.</t>
  <t><spanx style="verb">revocation_commitment</spanx> (byte string): the SHA-256 hash of a
revocation token of at least 256 bits drawn from a cryptographically
secure random source.  Revocation is effected by publishing the
token preimage to the subject's identity log.  The commitment is
carried inside the signed grant payload and is therefore bound by
the subject's signature.</t>
</list></t>

<t>The grant is content-addressed by the SHA-256 hash of its complete
COSE_Sign1 serialisation, deterministically encoded per <xref target="RFC8949"></xref>
Section 4.2, so that the content address commits to the signature as
well as to the payload.  The reader references the grant by this
content address.  SHA-256 is mandated by this version of the
specification; hash agility is a concern for a future version.</t>

</section>
<section anchor="echo-and-verification"><name>Echo and Verification</name>

<t>The reader's payment payload <bcp14>MUST</bcp14> echo:</t>

<t><list style="symbols">
  <t><spanx style="verb">extension</spanx>: <spanx style="verb">"consent-settlement-v0"</spanx>.</t>
  <t><spanx style="verb">grant_ref</spanx> (byte string): the content address of the consent
grant.</t>
  <t><spanx style="verb">reader</spanx> (text string): the reader's handle, against which the
grant's <spanx style="verb">reader_scope</spanx> is evaluated.</t>
</list></t>

<t>Before disclosing the attribute value, the server <bcp14>MUST</bcp14>:</t>

<t><list style="numbers" type="1">
  <t>Resolve the grant from its content address and verify its
COSE_Sign1 signature against the subject's signing key as bound in
the subject's attestation envelope (Section 3).</t>
  <t>Verify that the grant's <spanx style="verb">subject</spanx> equals the advertised subject
and that <spanx style="verb">attribute_ref</spanx> is a member of the grant's <spanx style="verb">attributes</spanx>.</t>
  <t>Verify that the reader satisfies the grant's <spanx style="verb">reader_scope</spanx>.</t>
  <t>Verify the grant's validity window against the current time and
evaluate any <spanx style="verb">conditions</spanx>.</t>
  <t>Query the subject's identity log for a revocation event naming
the grant's <spanx style="verb">grant_id</spanx> or disclosing the <spanx style="verb">revocation_commitment</spanx>
preimage.  A revoked grant <bcp14>MUST NOT</bcp14> be honoured.</t>
</list></t>

<t>If any check fails, the server <bcp14>MUST</bcp14> refuse the disclosure and <bcp14>SHOULD</bcp14>
return a structured error distinguishing absence of grant, scope
mismatch, expiry, and revocation, without revealing the attribute
value.</t>

</section>
</section>
<section anchor="subject-settlement"><name>Subject Settlement</name>

<section anchor="settlement-instruction"><name>Settlement Instruction</name>

<t>A read that returns an attribute value <bcp14>MUST</bcp14> carry a settlement
instruction.  The instruction is a CBOR map enumerating beneficiary
roles and their shares of the read's price.  Keys:</t>

<t><list style="symbols">
  <t><spanx style="verb">version</spanx> (text string): <spanx style="verb">"consent-settlement-instruction-v0"</spanx>.</t>
  <t><spanx style="verb">price</spanx> (CBOR map): the read's price, expressed as an amount and a
unit.  The unit is settlement-network-agnostic; this memo does not
constrain the network or asset.</t>
  <t><spanx style="verb">beneficiaries</spanx> (CBOR array): one entry per role.  Each entry is a
CBOR map:
  <list style="symbols">
      <t><spanx style="verb">role</spanx> (text string): one of <spanx style="verb">subject</spanx>, <spanx style="verb">operator</spanx>,
<spanx style="verb">facilitator</spanx>, and substrate-defined additional roles.</t>
      <t><spanx style="verb">handle</spanx> (text string, <bcp14>OPTIONAL</bcp14>): the beneficiary handle, where
the role resolves to a specific party.</t>
      <t><spanx style="verb">share</spanx> (CBOR map): the role's share, expressed as a rational
fraction (<spanx style="verb">numerator</spanx>, <spanx style="verb">denominator</spanx>) so that the sum of shares
is exactly one.</t>
    </list></t>
</list></t>

<t>A conformant settlement instruction <bcp14>MUST</bcp14> include exactly one
<spanx style="verb">subject</spanx> role whose <spanx style="verb">handle</spanx> equals the advertised subject, and the
<spanx style="verb">subject</spanx> role's <spanx style="verb">share</spanx> <bcp14>MUST</bcp14> be greater than zero.  The presence and
positivity of the subject share is the normative requirement of this
section; the magnitude of the share, and the set and shares of the
other roles, are policy of the settling substrate and are NOT fixed
by this specification.</t>

<t>The settlement instruction <bcp14>MUST</bcp14> be integrity-protected against
modification between advertisement and settlement.  It <bcp14>MUST</bcp14> either be
covered by the host payment's signature or be carried as a COSE_Sign1
object signed by the disclosing substrate.  A settlement instruction
whose integrity cannot be verified <bcp14>MUST</bcp14> be treated as absent, and the
read <bcp14>MUST NOT</bcp14> complete.</t>

</section>
<section anchor="settlement-timing"><name>Settlement Timing</name>

<t>Settlement to the subject occurs at disclosure time, synchronously
with the read and the payment it settles.  An implementation <bcp14>MUST</bcp14>
settle, or irrevocably commit to settle, the subject share as part
of the same operation that discloses the attribute.  This memo does
not define deferred, credited, or session-bootstrapped settlement
arrangements; settlement under this extension is the synchronous
division of a paid read's price among its beneficiaries.</t>

</section>
<section anchor="return-clause"><name>Return Clause</name>

<t>The subject beneficiary role satisfies the return clause: value
generated by a disclosure returns, in defined part, to the subject
of the disclosed data.  An implementation that omits the subject
role, that sets the subject share to zero, or that discloses an
attribute value without a settlement instruction does NOT conform to
this extension, regardless of the correctness of its consent
handling.  Consent without return, and return without consent, are
each incomplete; this extension requires both.</t>

</section>
</section>
<section anchor="disclosure-ledger"><name>Disclosure Ledger</name>

<t>Each conformant disclosure <bcp14>MUST</bcp14> be recorded as a typed signed event
in the substrate's identity log.  Event types under this extension:</t>

<dl>
  <dt><spanx style="verb">disclosure_settled</spanx></dt>
  <dd>
    <t>Emitted on a completed paid disclosure.  Payload: the attribute
reference, the SHA-256 hash of the disclosed attribute value, the
grant reference, the reader handle, the disclosure tier, and the
settlement instruction's content address.  The attribute value
itself is NEVER included.</t>
  </dd>
  <dt><spanx style="verb">disclosure_refused</spanx></dt>
  <dd>
    <t>Emitted on a refused disclosure.  Payload: the attribute
reference, the reader handle, and the refusal reason (no grant,
scope mismatch, expiry, revocation, payment failure).</t>
  </dd>
  <dt><spanx style="verb">grant_revoked</spanx></dt>
  <dd>
    <t>Emitted on subject revocation of a grant.  Payload: the
<spanx style="verb">grant_id</spanx>, the revocation token preimage, and the revocation
time.</t>
  </dd>
</dl>

<t>The ledger records the fact and the price of a disclosure without
exposing the attribute value, so that a subject can audit who read
what category of attribute, under which grant, for what return,
without the ledger itself becoming a disclosure surface.</t>

</section>
<section anchor="composition"><name>Composition</name>

<section anchor="with-an-attestation-envelope"><name>With an Attestation Envelope</name>

<t>This extension composes above an identity-attestation envelope and
does not duplicate it.  The envelope asserts which subject an
attribute is about and which issuer vouches for it; this extension
binds the disclosure of that attested attribute to the subject's
consent and settlement.  A deployment <bcp14>MAY</bcp14> carry an attestation
envelope of any format alongside the advertisement of Section 5,
provided the envelope names the subject by a handle resolvable per
<xref target="IDPRONOUNS"></xref> and <xref target="MCPDNS"></xref>.  The extension reads the subject identity
from the envelope and is otherwise indifferent to the envelope's
internal structure.</t>

<t>This separation is deliberate.  Attestation answers "who is this
about and who vouches"; this extension answers "did the subject
permit this read and does the subject share in its value".  The two
are orthogonal and compose without overlap.</t>

</section>
<section anchor="with-an-http-native-payment-protocol"><name>With an HTTP-Native Payment Protocol</name>

<t>The extension is carried over an <xref target="X402"></xref>-style payment flow using the
host protocol's advertise-and-echo mechanism: the server advertises
the extension in its payment-required response, and the client echoes
it in its payment payload, per the host protocol's extension model.
The settlement instruction of Section 6 is the host payment's
settlement directive enriched with beneficiary roles; the extension
does not introduce a settlement network and does not constrain the
host protocol's choice of one.  Where the host protocol defines
request-lifecycle hooks around payment verification and protected-
resource access, the consent verification of Section 5 executes in
the verification hook and the disclosure-ledger write of Section 7
executes in the post-access hook.</t>

</section>
<section anchor="with-substrate-and-handle-discovery"><name>With Substrate and Handle Discovery</name>

<t>The subject's signing key, against which consent grants verify, is
the public key bound to the subject in the attestation envelope of
Section 3.  A verifier obtains that key from the envelope it already
holds as the attestation input, so verification requires no external
key-discovery step.  The means by which an envelope and its signing
key are published and discovered are out of scope for this extension;
one such discovery surface is described informatively in <xref target="MCPDNS"></xref>.
The subject and reader handles are Sovereign-tier identifiers in the
subject's namespace; one such namespace is described in <xref target="IDPRONOUNS"></xref>.
The extension introduces no new discovery surface.</t>

</section>
<section anchor="with-the-identity-accord"><name>With the Identity Accord</name>

<t><xref target="IDACCORD"></xref> specifies a bilateral consent envelope between two legal
entities reaching a negotiated agreement.  This extension specifies a
unilateral, per-read consent grant from a subject to a reader scope.
The two are siblings: the Accord governs a standing bilateral
relationship; this extension governs an individual metered
disclosure.  A deployment <bcp14>MAY</bcp14> use an Accord's permitted-purpose scope
as the policy under which a class of consent grants is issued, but
the two objects are independent and neither requires the other.</t>

</section>
</section>
<section anchor="iana-considerations"><name>IANA Considerations</name>

<t>This memo requests that IANA establish one registry and register one
media type.</t>

<section anchor="consent-settlement-beneficiary-roles-registry"><name>Consent-Settlement Beneficiary Roles Registry</name>

<t>A registry of <spanx style="verb">beneficiaries[].role</spanx> values for the settlement
instruction of Section 6.  Initial entries:</t>

<texttable>
      <ttcol align='left'>role</ttcol>
      <ttcol align='left'>reference</ttcol>
      <ttcol align='left'>description</ttcol>
      <c><spanx style="verb">subject</spanx></c>
      <c>this document</c>
      <c>The subject of the disclosed attribute. <bcp14>REQUIRED</bcp14> in every conformant instruction.</c>
      <c><spanx style="verb">operator</spanx></c>
      <c>this document</c>
      <c>The party operating the disclosing substrate.</c>
      <c><spanx style="verb">facilitator</spanx></c>
      <c>this document</c>
      <c>A party facilitating the read or the payment.</c>
</texttable>

<t>Registration policy: Specification Required <xref target="RFC8126"></xref>.  The
designated expert confirms that a registration references a stable
specification defining the role's meaning and its settlement
semantics, and that it does not displace or weaken the <bcp14>REQUIRED</bcp14>
<spanx style="verb">subject</spanx> role.  New roles are registered by Internet-Draft or RFC.
The change controller for this registry and its initial entries is
the author of this document.</t>

</section>
<section anchor="media-type"><name>Media Type</name>

<t>This memo requests registration of the media type
<spanx style="verb">application/consent-settlement-grant+cbor</spanx> per <xref target="RFC6838"></xref>, with the
following information:</t>

<t><list style="symbols">
  <t>Type name: application</t>
  <t>Subtype name: consent-settlement-grant+cbor</t>
  <t>Required parameters: none</t>
  <t>Optional parameters: <spanx style="verb">version</spanx> (the value of the grant payload's
<spanx style="verb">version</spanx> field).</t>
  <t>Encoding considerations: binary; deterministic CBOR per <xref target="RFC8949"></xref>
Section 4.2.</t>
  <t>Security considerations: see Section 10 of this document.</t>
  <t>Interoperability considerations: see Section 5 of this document.</t>
  <t>Published specification: this document.</t>
  <t>Applications that use this media type: implementations of the
consent-settlement extension specified in this document, exchanging
subject-signed consent grants over an HTTP-native payment flow.</t>
  <t>Fragment identifier considerations: none.</t>
  <t>Additional information:
  <list style="symbols">
      <t>Deprecated alias names for this type: none</t>
      <t>Magic number(s): none</t>
      <t>File extension(s): none</t>
      <t>Macintosh file type code(s): none</t>
    </list></t>
  <t>Person &amp; email address to contact for further information: Blake
Morrison <eref target="mailto:blake@truealter.com">blake@truealter.com</eref>.</t>
  <t>Intended usage: COMMON</t>
  <t>Restrictions on usage: none.</t>
  <t>Author: Blake Morrison <eref target="mailto:blake@truealter.com">blake@truealter.com</eref>.</t>
  <t>Change controller: the author (Blake Morrison, Alter Meridian Pty
Ltd).</t>
  <t>Provisional registration? No.</t>
</list></t>

</section>
</section>
<section anchor="security-considerations"><name>Security Considerations</name>

<section anchor="grant-forgery-and-subject-key-compromise"><name>Grant Forgery and Subject-Key Compromise</name>

<t>A consent grant's authenticity rests on the subject's Sovereign-tier
signing key.  Compromise of the key permits an attacker to forge
grants permitting reads the subject never authorised.  Mitigations:</t>

<t><list style="symbols">
  <t>Sovereign-tier signing keys <bcp14>SHOULD</bcp14> be held in hardware-backed
custody and <bcp14>SHOULD NOT</bcp14> be exported in plaintext.</t>
  <t>The subject's attestation envelope (Section 3) binds the canonical
signing key; a compromised key <bcp14>SHOULD</bcp14> be rotated by republishing
the envelope with a new key and recording the rotation in the
subject's identity log.  A server <bcp14>SHOULD</bcp14> verify the grant's signing
key was current at the grant's inception.</t>
</list></t>

</section>
<section anchor="signature-algorithm-agility-and-downgrade"><name>Signature-Algorithm Agility and Downgrade</name>

<t>The COSE signature algorithm is carried in the grant's protected
header.  An attacker able to influence a subject's published key
material may attempt to force a weak algorithm.  Mitigations:</t>

<t><list style="symbols">
  <t>A verifier <bcp14>MUST</bcp14> reject a grant whose signature algorithm is below
the floor the substrate publishes for Sovereign-tier keys; an EdDSA
signature over Ed25519 <xref target="RFC8032"></xref> is <bcp14>RECOMMENDED</bcp14> as that floor.</t>
  <t>The algorithm identifier is inside the signed protected header, so
an in-transit downgrade of that field invalidates the signature.</t>
</list></t>

</section>
<section anchor="grant-substitution"><name>Grant Substitution</name>

<t>A malicious server may advertise one subject while resolving a valid
grant issued by a different subject, or a valid grant of the
advertised subject scoped to a different attribute, to manufacture
the appearance of consent for a disclosure the subject did not
authorise.  Mitigations:</t>

<t><list style="symbols">
  <t>The verification steps of Section 5 bind the disclosure to the
grant: the server <bcp14>MUST</bcp14> confirm the grant's <spanx style="verb">subject</spanx> equals the
advertised subject and the <spanx style="verb">attribute_ref</spanx> is within the grant's
<spanx style="verb">attributes</spanx> before disclosing, and <bcp14>MUST</bcp14> refuse a disclosure whose
grant fails either check.</t>
  <t>The disclosure ledger records the grant reference against the
attribute reference and the reader, so a subject auditing the
ledger can detect a disclosure attributed to a grant they never
issued for that attribute.</t>
</list></t>

</section>
<section anchor="stale-grant-replay"><name>Stale-Grant Replay</name>

<t>A revoked or expired grant may be replayed by a reader, or by a
server colluding with a reader, to justify a disclosure the subject
has withdrawn.  Mitigations:</t>

<t><list style="symbols">
  <t>A server <bcp14>MUST</bcp14> check the subject's identity log for a revocation
event before each disclosure, not only at first use of a grant.</t>
  <t>Grant validity windows <bcp14>SHOULD</bcp14> be set conservatively; an open-ended
grant is a standing liability the subject must actively revoke.</t>
  <t>The disclosure ledger of Section 7 makes a replayed disclosure
visible to the subject after the fact even where prevention failed.</t>
</list></t>

</section>
<section anchor="settlement-evasion"><name>Settlement Evasion</name>

<t>A server may disclose an attribute while omitting, zeroing, or
misdirecting the subject beneficiary role, capturing the value the
subject is owed.  Mitigations:</t>

<t><list style="symbols">
  <t>A conformant reader <bcp14>SHOULD</bcp14> refuse to complete a read whose
settlement instruction lacks a positive <spanx style="verb">subject</spanx> role matching
the advertised subject.</t>
  <t>The disclosure ledger records the settlement instruction's content
address; a subject auditing the ledger can detect a disclosure
that settled to a role set excluding them.</t>
  <t>Substrate operators <bcp14>SHOULD</bcp14> publish the settlement policy they
apply, so that the subject share is an inspectable commitment, not
a per-read discretion.</t>
</list></t>

</section>
<section anchor="consent-theatre-resistance"><name>Consent-Theatre Resistance</name>

<t>An implementation may attempt to satisfy the letter of consent
binding while defeating its purpose, for example by coercing a
subject into a broad <spanx style="verb">any</spanx>-reader, all-attribute, no-expiry grant at
account creation and treating it as standing permission for all
future reads.  This is consent in form without consent in substance.
Mitigations are partly outside protocol scope, but:</t>

<t><list style="symbols">
  <t>Per-read advertisement of the specific <spanx style="verb">subject</spanx>, <spanx style="verb">attribute_ref</spanx>,
and <spanx style="verb">tier</spanx> means a substrate CAN issue narrow, short-lived grants;
the ledger makes the breadth of a grant and the volume of reads
under it visible to the subject.</t>
  <t>Substrate operators <bcp14>SHOULD</bcp14> prefer attribute-scoped and tier-scoped
grants over <spanx style="verb">any</spanx>-reader blanket grants, and <bcp14>SHOULD</bcp14> expose to the
subject the reads accruing under each grant.</t>
</list></t>

</section>
<section anchor="tier-and-classifier-manipulation"><name>Tier and Classifier Manipulation</name>

<t>Where disclosure tiers are priced and consent-scoped per tier, a
reader may craft a request that a server misclassifies into a lower
tier than the disclosure warrants, underpaying the subject and
exceeding the grant's tier scope.  Mitigations:</t>

<t><list style="symbols">
  <t>Tier classification <bcp14>SHOULD</bcp14> be a server-side determination bound to
the attribute actually disclosed, not a reader-asserted field the
server trusts.</t>
  <t>A disclosure whose realised tier exceeds the grant's permitted
tiers <bcp14>MUST</bcp14> be refused, not silently downgraded.</t>
</list></t>

</section>
</section>
<section anchor="privacy-considerations"><name>Privacy Considerations</name>

<section anchor="compute-location-of-subject-observations"><name>Compute-Location of Subject Observations</name>

<t>Where an attribute is inferred from a subject's own activity, the
provenance of that inference is itself sensitive.  An attribute
inferred from observations that must remain on the device that
computed them <bcp14>MUST NOT</bcp14> be disclosed in a manner that exports those
underlying observations; only the attribute, under grant and
settlement, is disclosed.  This extension carries no raw observation
and the disclosure ledger carries no attribute value, so the
disclosure surface is bounded to the attribute itself under the
subject's grant.</t>

</section>
<section anchor="ledger-observability"><name>Ledger Observability</name>

<t>The disclosure ledger records reader handles, attribute references,
tiers, and prices.  An adversary with access to a subject's identity
log can observe who reads which categories of attribute about the
subject and how often, even without access to any attribute value.
Mitigations:</t>

<t><list style="symbols">
  <t>Identity logs <bcp14>MAY</bcp14> be encrypted at rest; cross-substrate
reconciliation does not require exposing log contents.</t>
  <t>Reader handles in disclosure events <bcp14>MAY</bcp14> be pseudonymous where the
substrate permits, while the settlement still directs the subject
share correctly.</t>
</list></t>

</section>
<section anchor="subject-linkage-across-readers"><name>Subject Linkage Across Readers</name>

<t>A subject's attribute, disclosed to many readers, may be correlated
across them to reconstruct a fuller profile than any single
disclosure intended.  This extension does not prevent downstream
correlation by colluding readers; it bounds what is disclosed per
read to the granted attribute and makes the pattern of reads
auditable to the subject, so that a subject who observes an
unexpected concentration of reads can revoke.</t>

</section>
</section>
<section anchor="implementation-status"><name>Implementation Status</name>

<t>A reference implementation of consent binding and subject settlement
over an HTTP-native payment flow is in active development by the
specification's author, comprising a payment-required advertisement,
a consent-grant verification path, a synchronous beneficiary-role
settlement step including a subject role, and a disclosure ledger.</t>

<t>In the spirit of <xref target="RFC7942"></xref>, the present author notes that this
section documents implementation intent and is expected to be
removed before the document advances beyond the Independent Stream.
No claim of interoperability is made.</t>

</section>


  </middle>

  <back>


<references title='References' anchor="sec-combined-references">

    <references title='Normative References' anchor="sec-normative-references">

&RFC2119;
&RFC3339;
&RFC8032;
&RFC8174;
&RFC8615;
&RFC8949;
&RFC9052;
&RFC9110;


    </references>

    <references title='Informative References' anchor="sec-informative-references">

&RFC6838;
&RFC7942;
&RFC8126;
<reference anchor="MCPDNS" target="https://datatracker.ietf.org/doc/draft-morrison-mcp-dns-discovery/">
  <front>
    <title>Discovery of Model Context Protocol Servers via DNS TXT Records</title>
    <author fullname="Blake Morrison">
      <organization>Alter Meridian Pty Ltd</organization>
    </author>
    <date year="2026"/>
  </front>
</reference>
<reference anchor="IDPRONOUNS" target="https://datatracker.ietf.org/doc/draft-morrison-identity-pronouns/">
  <front>
    <title>Identity Pronouns: A Reference-Axis Extension to ~handle Identity Systems</title>
    <author fullname="Blake Morrison">
      <organization>Alter Meridian Pty Ltd</organization>
    </author>
    <date year="2026"/>
  </front>
</reference>
<reference anchor="IDACCORD" target="https://datatracker.ietf.org/doc/draft-morrison-identity-accord/">
  <front>
    <title>Identity Accord Protocol: A Peer Ceremony for Bilateral Agreements Between Identity-Substrate-Bound Principals</title>
    <author fullname="Blake Morrison">
      <organization>Alter Meridian Pty Ltd</organization>
    </author>
    <date year="2026"/>
  </front>
</reference>
<reference anchor="X402" target="https://github.com/x402-foundation/x402">
  <front>
    <title>x402: An Open Standard for HTTP-Native Payments</title>
    <author >
      <organization>x402 Foundation (Linux Foundation)</organization>
    </author>
    <date year="2026"/>
  </front>
</reference>


    </references>

</references>


<?line 743?>

<section numbered="false" anchor="acknowledgements"><name>Acknowledgements</name>

<t>This memo arose from a single question about the economics of
identity reads: when an agent pays to read an identity attribute
about a person, what does the person get?  The observation that the payment
layer and the attestation layer each serve a different party, and
that neither serves the person the data is about, is the observation
behind this specification.  Consent binding and subject settlement
are the two functions that close that gap, and they are specified
here as one extension because the subject relationship requires both
and is satisfied by neither alone.</t>

</section>


  </back>

<!-- ##markdown-source:
H4sIAAAAAAAAA8196ZLcRnbu/3yKvFSERepWtdhctHTPnXFzkcUwN7OpsR0K
hhpVyO7CEAXUIIFulkfjZ/Gz+MnuWXMBUGzJv/yDUnUVkMg8eZbvLHmwXC5N
X/W1O7F3nraNd02/fNIOTWlflPC56vf2WeXXdeuHztmbqt/Y82H1F7fu7bnr
4b4tXGUv287++P792+Xroq+unT27wm/fFnv81d8xxWrVuev4iOTeO6Zs102x
hQmUXXHZL7dt11W+bZZrmY4P1y7vH5uy6OHSB/cffLO8/+3y/mOzhi+u2m5/
YqvmsjV+WG0r76u2eb/fOfyydDvX4GJMtetObN8Nvn9w//739x+Ym7b7eNW1
ww6m9iJeiEuUQe4YUwz9pu1OjLVL+Gft5VDXPOEndfHR2VcyYfqx7a6KpvoP
IEPbnNizunedfeW6qqyKxr4Far7sS7rQbYuqPrErHOIfYU6uwGuP1u3WmKbt
tkRIfOi7H54+OD7+Xj4+fPhQP353/+ED/Xj87SP9+M3xY/34/SO99vv7j/Xa
74+P758Yg8TKn/LNdw+/k4/ffv8oDv3gG/z46unbZ6/PT2juyjDIGe216/a2
vQQylK62sMG9+wR737V9u25r2OkOrvD2uiosDGDf/9t7+86t264EvsDBInlv
Je7vIG9fdFeuP7Gbvt/5k6+/BrYp+q5YfwQaV66/PIKRvgbO+3rEdNv1blk2
flnq0r6m4SLXwZ8vnr199+b1m5/G5AgSA4tvQIY8zBDWeuk616zd8uxT5e3z
T71rkLFs39r/3BRNWbsoaud737vt/0rCVDLH5U4WN0uYs6dP37x7doAsZ2vc
9sAaSJ23Dub5FAi0bZs9qZEnVQ1DdkUNSqRzJPbePnH9jXNNINQSBNTDrHsn
yuptVzXralfU/7tpVxAFZij3b4/uP8ip9gm/sWeNfQNKyZ73wCkFEG+saaOO
nS47XxcOaH9AatEX9u7Lqhk+Jd/cm13jFaj8YYV66WscYXkZrqe/x0sxy+XS
FrQ5696Y9xvg+S3srvU7t64uK+ctENWlUkDLaXg5BRmOHS/K7IRTvF3t7c2m
Wm9sv3G2jAYJ9A4Mp/S1Rd931WroYaBVO/S2MJthCxd4MVkwmRXxCzy23xS9
/vCltx3pJFdaMTswbmnY9JQLsCIwqa5fjG88svZfN7A/8IwwdY8Xda4o4Vtz
eGp2B2qxbRa0pEiQzv11qDogEz0GfjM01LroQM0W8LOoE3xIYUFJ7XB+YF3b
dbECXaLTv+qKBhfsB1caIB8+RSa9wLXZqp8+SykP9IhWF0wFbOewJq5BMUrH
sgVsqF25xl1W66pgU1DYEv5sgJh+U9AuGbwFFwIj77pq7YBw77N1A4PtWo/s
sWqREeKuLg3Qzvme2dY1166GRdu7zBCF964DFXGzQXqsO0d3gfqoPFP6Hu1k
GDXlNlmtvazbGx1vC9eBtSrqwZGw6cTvnRqgWFGWnr7qb1pQKw0RxdvGgZSA
1qiLPfwX2PYaJg/qXzdjXex6ZNeiNwnz9tXW0VZEWjN/OZSoIuExJNUN7JSB
51f8SKQrcl0JRqqvPN8NbEp7QzYXSc0LXMpGl8BLfodzWiCtBF8xp0TGcutN
C1snY63rihkiCGWxr9uiZCYq0rmnfOKaYQtavK+aK12HSbmka2vnJ0xQpXy3
bEDrA0BbFldN6/tqzRsZeWHJCCb8LsORuoGRXijCaZuiPiVRAtF3Xb3HST19
c/6clvD0yZt3lq9kqgb0hRJqfxb09IGe/rPAqg+8fCQQMhTMGtQMTOHgCAC6
PhyxdtxWJRh9Y76AGfZdWzLFjDlTHULSOFIkn9FxokgMKqgKjSAQiHcP7Cfc
XxMJ/Kbawex62zYkfS96uyHZTS8wBPAjC/FUNm0NXA+yoLKGF4RpnKImoaFM
OhT7Cjdwv8OBVNQ6QL0HZezUiGKC4RZwryOhAvvatDeghq+AK+HqpkUNZqcP
wx1mWuQzDKpAGOSy6nxPEjwiDgjYjatrXnyJRmc9dB1OG/kQ7p5THtFI+YH0
kfkZrfkHWmWyyAIYE5AFjItLxR0IqCBRb8KIhknN9J9Va/At6uIyKmLiR7y8
YbXfmesWZgSUxsdXuvp+U3VltnI2QW3jAhlJ/5hgLuCZAPiIKCeZ8le9J6rE
q/oSY79OtZ1YmG3LugIYcQ3U9SgsaHxddU3YYE+GFq0IbieTb2T0QUhQtYD+
+C0Ag6w1zl0U92T5RwZkoWzhd98KBYA1gqZdsFYHSgcb4gDJk2ZTnUgGhPRh
8uOc1VoEksEC2eBUPcjNri7Wsh7lT50AUl/tyAq8WRg6oA4V0/byEn2sFG+Q
3sCNlzkuLJkvsRaJyacLAxIoTA4gLrt2m265MBFbBfhyt6uJ5BkwMXPAhMcL
j1UWQs3BKEWG5iUZ+Me7iRfzveSQeZn0XwcgLm5KVIdAfxwN9AMAEtcYfPZH
lGMHdHC4fmEisjwaikDysnnGwRI+M2ifQdNcFWjYMr4ePTX7CekJW0IEWBic
DLjarsPhiZgFStqSbT+4AwMYOhBvZhMg6/qjcIEHQIoclbCB0izaSKFZADKs
TCNk5L05YKNpL1CJ+GxHRPQCJxEW+W0wLzDUl96kMC/RyjRaUGKu6BrEbi7/
kTQkU4FGxuvtrgXq7PUptCZBF+wKLmjnGdf0yC8EO5FssjVE49Nst0TpVp9c
5CuQg20ww0EL2jF6YUH3jKUVt5Q8CRoKx5a9zBBO6epqRQqs3gP5u669YXtM
OojWwMpfdwDNYkTDs2CYbsUJKy6B54SHmhG2JlOQPi9aqlOk88iw0XXm0OBj
4D4ZvCj/MpRIaTCuhzA6YQhUbn7ewStq5IjgCWRiryYneHKJAzf50UxEJwfy
CvGR6aYwH8VC2SGDH1F9ijaARYNCh0mQ7QDuIKEbuqKu96bdApHGjBHISBZI
IEThU6+M/JQFX5Co+nmOuBsUchn88Xp/Cnzq7LljBfDwnpEnsOPCfIdClXmL
PCMOAH4gHRNkjkDxR7e3IV6ml8cg2YeA8WTEpYS9SPXsgE4Lwn16H8eQPrDK
8dWKpFydlbC+dRo0wo1ZaeAI/AEJHIEK9O4IkTYo+2ukFnlO8KxnqLjYvvNG
4BpuMChp77z66fz9nQX/375+Q5/fPf+Xn168e/4MP5//ePbyZfhg5IrzH9/8
9PJZ/BTvfPrm1avnr5/xzfCtzb4yd16d/fsdlqw7b96+f/Hm9dnLO4zfUVm0
64GWQhzZghaCn2CZu86RGHgDjuYaRIE9tidP3/73fx0/sn/72/+RuPHf/y5/
YIwY/kBdy09rm3ovfwL99qbY7UAd4yjApWgTq76oAf7APvhNe9NYgC1Iza9+
Rsp8OLF/WK13x4/+KF/ggrMvlWbZl0Sz6TeTm5mIM1/NPCZQM/t+ROl8vmf/
nv2tdE++/MOfgO+cXR5/96c/GsFlbQ0CSOLhui0rCbWAyuK7oWMxJjOVbCAQ
ThIn5oQUD0emVo7GazF+sT3g54H17BGDsMYyNg1nsXroetxJeG5QfiHSJVqQ
h8d7IxYItrUE3bXuIwKLw7OLAY4Q3nqOAu6qqwbQC2gLkWJycRNph4W+Iwgk
66TZAYvtd2AEQP2RPh/6tmm37eDF5QXlhHRgP2mnwdwFPPT3OsOKU8Gf1t8M
Rpo9jF+jeXJb3JswQhWjBOMx7F34CabgPhXbXU0xE0alAhtQ5w4oIBZ0IRow
IAh7puv2irUL3I1zhmffI+Kqs9Ij4iNPJVkBMM2u+OtAHrWPIQUYQ83RGp33
rlEMlCp+0uC86okxEAJcIaMqPy4UvNP2RhuwcujL5DY+7EMMtqHnEj3PGV+b
GE88HPZGrZ3xR5UgeJuGecRo6+y/9OIVw+qeps4JL2vsaCyQSj3aCrDkYJM9
qUkybBhtFTLwmqMsLdTVVoFOYbwFfSG8FyGvI4Bp49LRScZb9AqE72xiRK40
JMvuNtOOJyEPCyabAjX0wBAjzO+xEYagj4M80rPzWnbFDcqk5C9R7cyifyae
wBLkC9IB4IQvxHEoYzQguJBEIw3t8VPh50lcL/cEOOCri6g61jtIlDMYAKhE
uzvyTciigBqoh9IlEjl+FCwvSU87tPG0MNA2uEe81xzaB2DSVSAcTQIKGcTA
FIM6qNsr5HYArgyDihF73xQ+eJElx+Bl83jzJSoDQ4j/TBpNnIM89H3NCIWd
tHTrG7wdPFkUFTTShI4DnuZMQAKTMzRMKJ5UMGwrOpTF4J1o4tS5UfOUO0K0
Xo65aJAlaP8ElHc0OGVFlNmT7MjEk7TJTNHDEwJ06RTJhYJJ+MtEI2ng2E6d
r9QLnPA221reXFm7p8zqAjRssqoEx/L3bbfQkKfnOGfUEGMukbDoaBbspDLA
cp/ceohiohA2syF4XaTskqKcICG92wUIQRZINDEKTTJrpr4EtipSVxtXDrWT
DI/Inl/IFMQy+ajfgPqgG71E8wFOa7wBvLOE6KijSLIrDvq0YAVgLq+Guq/A
NMYpgTov9gxRhdSn4OSTESA9R+mHCuNBbARglTdNRthxRoQpSij+rFtvwICz
I2XfACGvK3cz50l1EuPCCLh4VqX6Ypy3UKWAkzNiKShOlRSM1PjY4yP71Vdz
VtXeJVt5SlKp0ceSUPK9o6++ssHmYo40WKAY+Pus+UyNI94fPExC7SGKFuYy
ycsRfzNE4/t9W1/TAseAjQii7p26+KPxv8TdE0NOqyoonwXeCHMzDqx6TafE
RhtXhHCAbCWbUyDqAyTq0zyqae+qX/o40I/DmzFsSToHuAbHGie3bExuHQpu
JholT5QGlURCQRkwvHycGps83Eo2LItd2hC75PsZQyBdGaQIMBT8qOFJ0QIY
3jXmIdLnfBLuiyT6hkmUBv9CvI/Gvj0tNzHbi8ibPIZiDFS4sI3q0MFizycZ
y6DzOapfEI1HyU5AX/tmvaECEo/OpwIMjveZR7jqxJ6LNgyL/pYX/Rz1STJ0
FbP3LGqIyFMAwKZWk6OHzL7yIY6R54/QFi+SQHRgiEWYvetCRjCSXww+qsOW
3R7QrSSDPF8iAIVBP+1o5/X2qT1/ybrrAT3kYXAIaDEFsqYa9NRU0E32GHUv
6J9hSxNyIThWJbBDApdizoM40CxBdHmkRykXCLRJ8FuyJTB3Uu5A6MajtTDM
/j0HYWj+0YyJW+PnoqUKRltSBI1Expa+36MNobyLF89cHeSD6e+gIfJESPpE
sZshC5Jgpiz1EUdXFaBaA7cwek6Z5Z9wT0gezBZbZEoFhBMTPsAPVRkezaaM
v6PBFyakOEY8TIBkW/WTCCsJh1Au0mHQERAJhVAwrDpQbgkjLnHNYKPWYGgq
vyXoio+Q9Iytq0u33q9rHKb96AnIVpL0JjhrG3cTmYSM/PuKkm2JGii4wGuN
smnOWKcfLPypJOqsDn/BOHRoKmRTTigSihJdj3DFO/eRGLnSSIA4g0kkBHPQ
jb1bGGC0JUPkFMjdWySPDJO5W9htWxIMknuolGRhRHS2AJs5m/yXAVQd7Sk6
cKgKMMCAqXNAOomLCRPYVFeAMdLxcD1ADAxS4BC8BPRZWf2kqrIhnOgNcEs5
KBAmjnA7UMaJ4xa5M88I4rhk0Uz0MglT4MCTig4JdASAWuRBD5M8MLJWKD75
jAA3InDAcNm1Ko6nt4JiyvdHJRRw5lm2sRzrYl98Q145ei2Cwwq7asE4woqI
Pb4GzlvSJ0MYqSZirRznZ13U96n86nfFAS2wsDFjGgwXbinMhH5euTV7UEl+
E2TAjI0IMsl+ZiUZ/mSuQu/bsKO5ajHbcLBY6HNFQFxN8lnn/YuQhn0ixtd8
ATg/LWoy5kCu2+a57oNrYplf8M4fZCgKOAQOHGfQcJl0hezrbQBzDl2avFZL
4NqJMRfhORf2LlVPAwmBFotga++JF5tYRlr7pYrcxJMP+ruuKCkCqOLizkxF
/fX9OxewDxcy79smMB8CVmdc1s6R6EwlE+ClnVvMBYwvwsW/AGt9bhKg5zhI
mlAgBN/jI8nPoqdtQTphlMuhFqTKIbtJ3PQCFzR+suYFdPkZnsWqJvin4PQR
DiIU/kX5CwYUDZEvg3gJFAMW/jOQUtFkDqb6kYlc4hOIoX4J6bbPzfjMbqoI
0MXewUxv0EVNeJVlGg3hKq2soNg3+40IDwGjhmgq3IyFUqzr7E/vXoRCNzx+
8IFqxYQ5jkiiVcr/iR71hp0w0LTjalW4DQvzfjkHFjvWeGcswbtLxXp9cWWP
v7tnbrpityNKURHfEhRSW1IsigFZUqyXRX2TdPCIn/EyHPCj2zNyw7RgUjGc
5EaaNBuMuGg2QhAzrQrmgu9c1FdtBwpyaxKUK7aMihMRdFFaxm5o69iihdsQ
/GIIBbxMABANmkF92vH9LOKs9GDyIgW3hZTMwfpQAy3tBZbWTDTQvZN5rUHj
iu6Ae2eVx72TnNbzuoPuZ56uyskAhf3ppxfPrh+psO81N81qFe9ltv6FEMmF
MAgsT59OrjfoJ77Mc2S8R6JSvFbiYqql/5nIYS2Mi7htMh+skYPBLkBaLxb2
gpeAnyiMBsSgW0lWDwrmCcl7vDctR6FqehFUvuCUr+bxF2nIcjnKVNAlNECi
GTGDleavYgBwuXXbld5GCHKFu8wnnPCRuEaicESfsCbg04JrcOLivBB7rMWJ
Dj4lsZDf07gERA8NmRGsn6peHDbs5SlWOBD42Eo5Wl3zVSMWlBKigr1FnERM
0iTMkz18SvB4D8ZVEwpzLW7ASFiD5SoqXyANjyq06vb03ArA066fMfk/yyGv
D/joXkohycMDpEO38igH78sm75pycn8MQv0CHghQEEUaDdUe7Ewmu+c/ni0f
PP6G4h/kcZFB0LtBJX50FM8ELAQmDvw9vHiFOAudmEbr3dbdfte3QJXdhlPA
lIZeUyYBmByu8e3QUWLkXRwd8ReY8LX4KLthVVd+E4Mk/HSwSdW2uJopA0pj
O+q6h+VyODpqXQ9X8/1sKHLFKcGSHu0mxerYJKz2wtvxoUG9Sygj2LVpTlJs
0ZjGSD10DGsHyDWxhYB+K9hFXzDoL7GWeFs1WGvKafVg/dQSo+UzEZ08WGB9
awCuMiErExLaxAreaKc8F0UX4bc85jnNXUZxpzVWFE1JH4YBRFk2hrjxaFPw
ROELMUWaPhqV7xGhiiuQK8zee/ZNKCvOAanLgaYtgzD8eI5hCtzFPyeeHe8Q
T38mnEMQDV1Mto8Rox+wicEasjVjHDuVqTHdBTvLgJo3TEzbrFUNs2YrEatU
wykpHQmuGdlIFCxUzUhzIM+Tcfh5BKXFe+pjeBspc0KJkXeMDpMdJ5FnHs7X
idQnv3qvIfSUuSO3pdW2mVgJLkM+ZPGrGo3U/g4URqmHP/M8giwEQgUgAyC4
qCWEFqMSSfYgZEnGRo84Umyr7G0YPrGkHOMfT0SLDiQR6vPbs23kcHkYIF6m
uh4AHujWm4yiepxBqwpwJcoL5IKk9hCe8PjI/svguv1nVKtIXWIWONreFNsk
lh7WEKEe3DbiuQOWidItouYlcsd13RKPktozdF42mFnoiK1fXNKC1hu3/mgv
iwor2UY8jDpr8JPjBbi1XGtmJEVdpIUSrut46phEGcQkEf7gKDzHYSVEtq38
tujXm4XY/sUoDbQI4R/4zhX1RPyMOn5fzJy7J92WpGJeJLEXDZT+llBPOF34
2Th0mkfKXYkDWSXDKeNx4cdcdUjA3r/bFUlmFVUwjTn1BtInjh1aoMwWi/E5
ogU8NzThyAx+vOVs2imbLqpl0lINrm5B8ChundykR6lYy0eCVS6AUMLE4nDA
42Bz0KxT0EzyX/xtxek+Xaf4LnjdQd9FdRx4LVr0cLEg2H9xWazRrPJXnIef
gN+kPoDP8PEjxZ057PT0o0IhNVwUjOCTx7hDLSXHyKp4OeKqByuokFAeR5w0
s8FwO5oL/HUSsejkKCC7OFgPTcegL4R5ac0XoNlaUFz0570MMPmBCgeZh9nP
wgghlVUjcY8knqHZsAMZ2KywKbk9CcERETiIFuj6WYMUU4/5IGTSmFIacLrC
eDwf7Gvsf7iu1RMalBfkgK7BZGRfXaOGH4X2QskosXM45jhTWWQ8G12OWoDu
BhnCJeuAvEVJAoz5LdUQpkXErblpfPBtR0BYeOFCtAd4qkOOPo/Do+GIzeEt
kkLrq056HkgoRqyp2bZlDLaupD1BHuDN61j4VASDSj4BtnKGYnjRF+BcWzyC
HVBRi1cHd6XIw2RGwmR5jCuxrYE8XD10IFZP/BaWDA9r+CCVVjOUSdDSFb3M
g/zuyH9kcoJFVj/maGyo3lcEDsxvKCO4pYbAZDUEgZ8UzFcqh34+R4Z5Dr5g
gUSuOi0j3YtDhPPSC6aCUHjSSprF8liEw0o1JBEP5GOz4lc6YBPT7/g/OjC2
oLMyVY+f8NSFo2TbctW2PW7obudSDjNoNBrOIvrTdJ+5NHF0bkeEOKGmKUHm
1fPCc0BVOSrh3LbATojuM6PF2ysVh0+54pDl69DRqRzgZoWAJ4xLTF5/OK0+
9LeWH+quTIoPp3xAO9WG7LgOgHOVYiKgpp9hAHgiKlHantF2F804Azeb6ss0
DyEHlhyyI3iWclSKDcu/KjqwCanv2GHtbiNfifdF7iSZDz4xqiH4CDi5iFMK
M3AH9Ce5m3Su4eq9RmX5dMxHIfmFmUICqknq/iVV8BhDkGW+VES1SmjAcaB+
x9xSv4PAiDwPvNXP8jzm2uKTf5EinQtzYp9LUJhqLHSpJYtAvAMe8ZajAycj
lG7HNUHjsE7OiHPedSgZnq0uCnhpJhaaVh7NM9aXE39czP5oIjAAcI+rL1E7
vH7+5+fvFKqgS5XSjl2nKe3k+/8Z0UZLVWVOYyLedAWeIr3btFrsIgWFdupm
pS5WOD4HXuCAxZkhjSae5GgVaW29WHhSiJolSJeDedXg0+oqRhFSdV7TFSV1
gGjVBJBIwRuLAuubyyKc7Xeihvnobd6VDcTWpFVkUxZTLJvkqLUkjZqnIPEN
9muw2lGNQ7syzEIkigNM4uSi738THcyFUQ3Sx8UIQ61gTVtO1iVTh//AArUS
YMvAE71XMCj/yuccbVp7+1xPtPDB/9/UPmY2JoQwN5TUl8OuphOqsUtCvPDA
kRdTTGp2J0deRgdexqrTHDrxyvt0+1HXUKU2gZpnWM9Tt8z3WIQiHn6TRshM
WGTLwRKp2C1qMPMhIp6DWrgyVOkujHS6YebMapFzY5kUI48qkc3BSuRJKREy
aD6sbrEJXQrS/aW6A0TaNxUhWwDspG366QEjQwXr6NOGQI/2lvCOa7TGZ7eR
yAljFY2/wXzTHRQlglZYdJlwRavMcGdiQcO9ZVVm+IMTXHx5gLdy1Hvik1Fp
Mgv7nXi22dDB/A6k8op8dhxBZCWYe3RC6mJ3lEndTJOx0Lnt95ZpZn2WhlDo
+ntKC0/S4F2s3qS+UslEms9X+SQ1bdzAgms2DZUlprdqFoCrVaJvFicbH4qZ
4vrocw5lIjTfKO7Ofb3kXHo8iQUMCvp+oyexJvXa7FpHdRL0WSixzJGmhp8C
F9FxojRCNdkSII9YHIxwUNsRqTzOrtSDKEaqR5ajwk8AkhSyV+pOjsAEB3uJ
LaooG4jdMQCoZBW0+Y2pLgqHbTAtgHdkV+IkwtZPj9vgwTCXDvetSYZjywvL
XfKMaLREWM6z6MOPrOVCa8zME8pTGeOsTVYM4yVbgt13aEGUAF3fVpEynwFp
L0Mi8CFZB/HpO9uu6Ggxmxwce6pKsScC918wfOSp8JMnVc1u6AljZHQPvgFA
NuRTVLHYLiC216SjTqFxF2jC2OqvaEbqvA/Uo5YDFBDirLArw0EqiaiQ2qNj
JwIRuUYs1bunBkOi1LQpmQ4DEtb18WB96JVa4+GmaKMyN5c9qQTC8hHxUd1L
rM7w0yqi0BLh1IbJhe/GkxpV0Y108qTMerLIhIdxP0d9Oo1JejEkzZVsaLQQ
GDZskwbCsG1GDX5qbWhIPuAILiDjvwbQZV9xCElbNWg8JC4geaQZGn0mKeQl
11ZMGxVFbJuezJRDR2IR+ewBt5XwbFakMekVUqehKk5st0nZDH1u1ttsYsHD
nQ3hDMBEA5BH+n2ZzBeaILOBqpllDl8mFUpL6SUgqSTtBcIh0BSMF1zEg7w+
UiGV9lZa4IkMUiNIAQ4YMncmx92IgbU/VdIb0jGMIpD+4uz1GYUSqlLCXD5t
wiX6X/QJXYw6goSUOLpzV5XvCYqW8gcVJTqzdWXFfn9WMrhMYoRPEgv4jnJL
72Q4TnfJ0JjlyAJUP3844pQIVyTFfiTzPS5Tc41hWzzKD9uJGRcu2P2Vo1i/
JnXQv4pkUk2P/dX8ulwuwz+4IQbmf7V5Y49fs54Lh0MFR/HkTUVJ1m5/4PD0
kaUnhuzOgUdy2wgJV4rXOB81puHS5NDMiGcyXrhMh+TjGl0alsURjWwdGwrm
6hN7nhUxv1P89rM0ohanAHueUGwcY0OfsD2Gnt7w6uN26ejp4WpL7DiqKmH8
EmbMqROpHI62J3JL6M2QHJdMz2gDGamjG677xhUfpb2VbuAoTQOLeg36WbKl
nQtywcHPF+SbuH75DLsK45BADVZnCI6vuKYE7q5DKTT5C4mg4fSrnI0VVnDL
4Ll2JSCDr0gmsZH6rJBnRBbOjWJsLood+9Xw89eHqkj/73qFDKVVS9iE/MMi
9nOMPVeSRh2UJsZZWe7qnDwHfgA81sffPvtcuDrwGLp5pLHBKDSokJb2zU4y
nelvaXp6o5HdtNJDfQc6MxuvBlNWl/cw5fscK7W0qVHUoyd4ABFU22le3MXJ
3byqyyZV5w9wyHMsp6O0zWjItN3T8f2ZbV4yf5EaWHFR1efGeDw7xNsAwzKx
OpleeRa3SmR10NMWkXNORvH5kBC0M9s5AxnKSfskDAySsHBNijaikvjyyGqq
D3uoVTCu44euuGI/LxbbjunWUFYY1hxT5hkTYyb7mduBt8dYqK4KQYBRjJkc
xI94+aviCjiiGbC86C7W3YZffqjqBP7lv70Cndz0LZjgS7yKpAOLBeNVsIXc
ou8f+MUEoWwLcBRqFwxC4pwuh47QQboObqqOrwiQfuf2DzNvNfijslqD8aLB
F1ewLuzO9OY1SSGWDEibNTq+Qr8HCnJf81H79sPPeTrWixJ6Zl13Nx9mMdPy
HVbzsmdpfYsxLi8VD4nC+5N93XJdjsreGBaBAuXzDj+03ZUTVSxVPMt/dnuK
eAJsrTBfNjoLgeEQmC3y1pqPOKHCbUMKZLam3iTOJWV8dHjVT+g2SQm2xAKp
eT3u8iXO0YgECAbFoaZRt4Ya+jItsQoB+0AAf18J26NuPnyswktpFVVrgUJE
Sd0UXXkDdm+5wtlgUdp68H1b7pNSLK3wwhh317OEg4mt6G0TuE25l31bHWDS
bHBdAJdhDS3qhTjRU0kEMQFLIl2cetf2mpvsXCxNlnrg8EQ5AIfeF3msjTaj
iVAjONCawDlUwBy6Icgsrqelf+odW25nB9pEC/5GhY6h+lwy81posDwLp0vO
pMKWuuW1Nw0eGJW0Lp1OmTnIksYBJRqhDwzxHcNnWTgLG/iPosHAhKBWwJo2
6+R0Et4crAssy2zRIUMggweWcJ+3u14YmO5DvBXnNMOcSfRDqgDZexfrzYUQ
B5ZHHT9kl/n8TZaSDFNlDT4SA2T/U5S75+Wz8zNhNynwwI19Xj54/Pj4e7bz
9x8++MDH7UMLOw68FD0/WZk+mV80Rej4TYraxweKMF6Dp+GQ+5Z0CJswrOx1
SEQQcIFLqLCUWrzomFrpHhQdhcKqftAKxC3csq6wzZvwLu1ZOGTJIQ49NFiF
5ACHCeh5Jn2PgZYCaBw/lD9RCWpyDF7xwrRUSvqFcXwgjpSkueAXAPcD5t2o
CTCSmDojapsF1dNc+JrmYhMliaF8LAEManKGEd+Pw5Sh7U9EW6inJjlfPcdI
a80i41zNyb5QJoBzpc2491MCaZh0prAZ1Vku2Ihw0/NBk14m7CCl1bZ56hKF
LTbLwjJdLY+iyl1l8uSWmRzp5FByLHlOG7SNji3HjDMFLmPsiHKi8aCJPBCz
pQjMSVVkfc1leGEq7XMNGpgspbHKvZdaJBJ9ela/fVG7JUvQO2wFLuEMrnKm
40U7clFGBzXxShUKXQhWimG/LuGHNaCfgayNmCK9Dqb6FzCyaEEO8bDBZtra
Uq6ZVaQZ11GldQ5PPlsojn2tqGBDmMblbV24IQkfs++lJ/rgXZqKhzkw1UY1
7ynIwMpCktjuWgK4pIJBCTRLwqKB+6os8gdgXNyhVKy3g+dmlRQJ5i06zKNp
RgG27aM0Spd9SzqNW4sQU4xg+jxw+CX/RHUASC85vrvrnHS0JbGhAo28yO75
deFFDyfaVyNLo7Z2pH1bAX0LKmqiD+AjA/6RlFTeGHiSkFpII3W9LjTvD02T
MSN7M4sYs9JZidvKJmqVfhsKc4SPg/Y4kHarAVxw43AqZ3U2D7tYKhmJqG2q
C3+b9rmt5IbULHlTpweUzC0qRrtvalMhjm1THZ1D93ctIg4jbY84ADLqahcE
QvDJeN4SVEalhbMFH32/GBU/j+p/CTSgv93LW4f0uMZCKt+LGKiPzSryyC6Q
tuhhOHD+Ku5iRC9BGdXmjWAelw5Kx1JYAYuZ1rtpKzHmZ6yj5EAkpXY5nL7I
TmziOz5a160JckQ+pYZNdtXhQTA6CbsMTZ7qepmghaZdcsmRKJECTD539beh
qz8Zmy7MhBoqq5pJeqiQfqxrIwfYyPHStEjyDoiKXxIyLtbD70M3qCOTyBcn
yoqOCs2HnlBhSNzyawowO0Bi+Fb3bFL1QVygpfjpIYIcJiwMn42Sdgqc0ksb
LT49e832UFrfL7C5dIcZ42u1cP5UJFLEgjUnfrHCuXGbGjW0asmv23rYhqPe
ng5wlFR+dEC33iYpBBaiilwKcKTnwdrkb7UeEjVKeQXf7dh8dBpWWqTeLJVq
JUgupK0Ek3jMfncDcggvg4yjWD2UoffUTAdfX4SpH/FmiqbaDbUcbuRU/fjY
NDMDlpGVUgsi8TRenfbxWdDbfEKDpDVFnovQ10kLycSs4DNkFl5lB/wkwD7k
99BZgxGGvaFiZaQKrW9X7MfWBSu0QLc5F5xlxbLS1AeTejOgutJD7RFXRzSg
c16SFGicVar4Jatuxu3f0BOgI7YhK6OvmmASLblGDBEeuUqypfIGJXzdKJ01
P5sAX7y/JoNDS+LV5of+QjaQCgVxA2O9LFVa8lQ8qDvsVxndN8ID2DbruljP
hqYwOoR8/TKpcdQjZm9WgpfoYuakcZvK8VtNIurDniCEkaqe22hQnZhrYp+6
Ql6Kwk0VvdYIegxeoqUO4QGpFM2f1Saz48EIlnUYuWw0Rla6a6xcwZ/p/RcM
0MFCZgcGY54N296j49foW6840oQPQJCRvDksffyp9uN000rJoJ+S4p4Ft1uX
h06T3trDsWkt9nFOHmWm5SsRNoSb5qs+XfoepqTCgTjehUqSZHt5P7SGOq1Q
SHQQF3crszBa5gjRYcCU10cs5pwzvyC1IQqTe3UJQ6BR8gg32Zvhcpy+zbgv
FAWiz4GIionoQpGr1nJKmWvF543GneRT2Irz2LSwHYDGm4WgcK3lj5No9mP6
Z3aY1NOLxCPy2h4MVo0tEijbS5HeU9C4rffLYDapVhrPuQORi3hUAEVfEvWx
hyStm6En6Z13eUkKnpoYdf8LE9l5N5Rts6fO/Dda68X2SSNcHD5eCMQaAUnw
KOtaKtjysxRWsKMcVqDWul/EQ60vq+YjtnE4o4XLnD35LmlQVyUsa8G91eZJ
xDTiHtNzsHijBEBGY5Lw00sEuOZtIJiN74Z19M5Gzo2grcLxuJdfKjiVJC+m
Uhv2Qpwy0sIeId/W6DzIwuwTh1wmzK++QUH0XEqdKgiqkOVjvG00C1lNMPJm
BEg7RMr8ggCGQbHlaI5+5urBUUBEWOj4ytBgcp0ChtRioUlSvSxIKF7qBGNx
SI7cz6m/LccygrLPL0nCaQrd5djpqPOtuS0pxyZJfHPU/hiBp1+l1X+WmZT0
Cvb7lnbRHHOcVI5mOHhhxo3wsvAdEH9DLXrikarUR16iy2YyYXE7OV/BT08b
7ur7NSeqFM+2SxoI/I6KwPnP8s7uD1wtGZq8cr4LODO+8C2ezAzJUT/elUqO
inANdWACev2Mwdfu0NsROWpDJim8pKa8LqjMYuX2rdir7L3qJBNH5nWLEK3i
N3GM08/UEqR08rZMzAlR7+/4Fkias/nbCadBXfn/7lwWtXd3/p4WKRQdAizF
JtyYk8BrFV70QamaNb6IBF/c2V7mL8/zJ/xeskOv9p1pPmrGr/YlgQ4F2/IW
tCvX/4kLHhPzHl1tfaegvJJJXyg1blnHHgFbtjSSLa9bQdjB73eTcGryCsRD
b2NbxHdTRNixcptKX/qVn6GNR8puEd1DL9PCoyYUiqKPV9h3SZbLxZ0hnW8Y
gHo+Dh/Urja+TL2G+ddy4dE0I+ycvWVAqYNHHoDj/j+dwvYVDoEAAA==

-->

</rfc>

