<?xml version='1.0' encoding='utf-8'?>
<!DOCTYPE rfc [
  <!ENTITY nbsp    "&#160;">
  <!ENTITY zwsp   "&#8203;">
  <!ENTITY nbhy   "&#8209;">
  <!ENTITY wj     "&#8288;">
]>
<?xml-stylesheet type="text/xsl" href="rfc2629.xslt" ?>
<!-- generated by https://github.com/cabo/kramdown-rfc version 1.7.39 (Ruby 3.4.9) -->
<rfc xmlns:xi="http://www.w3.org/2001/XInclude" ipr="trust200902" docName="draft-nmop-cui-nkg-gateway-00" category="info" submissionType="IETF" tocInclude="true" sortRefs="true" symRefs="true" version="3">
  <!-- xml2rfc v2v3 conversion 3.34.0 -->
  <front>
    <title abbrev="NKG Gateway">A Gateway for Network Knowledge Graph Management</title>
    <seriesInfo name="Internet-Draft" value="draft-nmop-cui-nkg-gateway-00"/>
    <author initials="Y." surname="Cui" fullname="Yong Cui">
      <organization>Tsinghua University</organization>
      <address>
        <postal>
          <city>Beijing</city>
          <code>100084</code>
          <country>China</country>
        </postal>
        <email>cuiyong@tsinghua.edu.cn</email>
        <uri>http://www.cuiyong.net/</uri>
      </address>
    </author>
    <author initials="J." surname="Niu" fullname="Jialin Niu">
      <organization>Beijing University of Posts and Telecommunications</organization>
      <address>
        <postal>
          <city>Beijing</city>
          <code>100876</code>
          <country>China</country>
        </postal>
        <email>njl@bupt.edu.cn</email>
      </address>
    </author>
    <author initials="M." surname="Xing" fullname="Mingzhe Xing">
      <organization>Zhongguancun Laboratory</organization>
      <address>
        <postal>
          <city>Beijing</city>
          <code>100094</code>
          <country>China</country>
        </postal>
        <email>xingmz@zgclab.edu.cn</email>
      </address>
    </author>
    <author initials="L." surname="Zhang" fullname="Lei Zhang">
      <organization>Zhongguancun Laboratory</organization>
      <address>
        <postal>
          <city>Beijing</city>
          <code>100094</code>
          <country>China</country>
        </postal>
        <email>zhanglei@zgclab.edu.cn</email>
      </address>
    </author>
    <date year="2026" month="July" day="01"/>
    <abstract>
      <?line 48?>

<t>This document specifies an interaction gateway for Network Knowledge Graphs (NKGs) to simplify graph-based network operations. The gateway architecture defines a Unified Intent Gateway (UIG) that supports Natural Language (NL) requests from human operators and Domain-Specific Language (DSL) or API directives from applications and orchestration systems. The UIG interprets user expectations and application directives as structured intents, aligns them with the NKG structure and exposed capabilities, and maps them to graph queries, graph inferences, API calls, or operational workflows through an Intermediate Representation (IR). The gateway architecture incorporates intent discovery, capability mapping, policy enforcement, audit logging, and response synthesis to make NKG-based operations more accessible, secure, and controllable.</t>
    </abstract>
    <note removeInRFC="true">
      <name>Discussion Venues</name>
      <t>Source for this draft and an issue tracker can be found at
    <eref target="https://github.com/nniujl/draft-nmop-cui-nkg-gateway.md"/>.</t>
    </note>
  </front>
  <middle>
    <?line 52?>

<section anchor="introduction">
      <name>Introduction</name>
      <section anchor="motivation">
        <name>Motivation</name>
        <t>Network Knowledge Graphs (NKGs) provide a unified, associative, and semantic representation of network states and structures, supporting observability, automated operations, and intelligent management. Existing NKG systems can expose structured query, graph traversal, reasoning, validation, and data integration capabilities. In current operational scenarios, however, these capabilities are usually accessed through graph schemas, query languages (e.g., Cypher or SPARQL), or tool-specific APIs, which introduces the following challenges:</t>
        <ul spacing="normal">
          <li>
            <t><strong>High Usage Barrier:</strong> Operators and applications often need to understand the underlying graph schema, entity types, relationship definitions, and query language syntax before they can effectively use NKG capabilities.</t>
          </li>
          <li>
            <t><strong>Lack of Intent Abstraction:</strong> Operators usually express desired operational outcomes in natural language, such as investigating a service degradation, identifying affected resources, or finding mitigation candidates. Such user expectations need to be interpreted, refined, and aligned with the NKG structure before they can become executable graph-based operations.</t>
          </li>
        </ul>
        <t>Therefore, a unified and secure intent-aware gateway tailored for NKG operations is required. The gateway should reduce the usage barrier for operators, abstract user expectations and application directives into structured intents, and map these intents to supported NKG capabilities in a controllable and auditable manner.</t>
      </section>
      <section anchor="problem-statement">
        <name>Problem Statement</name>
        <t>The central challenge is the absence of an intelligent gateway capable of translating high-level user expectations or structured application directives into validated NKG operations, while preserving security, policy control, and operational traceability. Such a gateway needs to bridge the gap between human- or application-level requests and the graph-level capabilities exposed by NKG systems.</t>
        <t>An intent-aware gateway for NKG management needs to satisfy the following requirements:</t>
        <ul spacing="normal">
          <li>
            <t><strong>Unified Heterogeneous Input:</strong> The gateway should consolidate natural-language requests from human operators and structured directives from applications, controllers, or orchestration systems.</t>
          </li>
          <li>
            <t><strong>Intent Discovery and Interpretation:</strong> The gateway should expose supported intent types according to the NKG structure and capability metadata, and should infer candidate intents from incomplete or ambiguous user expectations.</t>
          </li>
          <li>
            <t><strong>Intent Representation:</strong> The gateway should normalize interpreted intents into an IR that captures the intent type, target scope, constraints, context, required capabilities, authorization context, and output preference.</t>
          </li>
          <li>
            <t><strong>Schema-aware Capability Mapping:</strong> The gateway should map intents to graph queries, graph inferences, API calls, or workflows according to the current NKG schema, relationship definitions, and exposed capabilities.</t>
          </li>
          <li>
            <t><strong>Multi-step Execution Planning:</strong> The gateway should support intents that require multiple graph queries, reasoning steps, validation checks, or external API calls.</t>
          </li>
          <li>
            <t><strong>Intent and Operation Validation:</strong> The gateway should validate the IR and generated operations before execution, including schema constraints, policy constraints, authorization scope, and semantic consistency.</t>
          </li>
          <li>
            <t><strong>Security and Compliance:</strong> The gateway should ensure rigorous authentication, authorization, policy enforcement, output filtering, and audit logging. The underlying NKG and graph engine should also enforce access control for defense in depth.</t>
          </li>
          <li>
            <t><strong>Response Synthesis:</strong> The gateway should synthesize execution results into machine-consumable structured outputs and, when requested, operator-facing natural-language summaries or explanations.</t>
          </li>
        </ul>
      </section>
    </section>
    <section anchor="terminology">
      <name>Terminology</name>
      <ul spacing="normal">
        <li>
          <t><strong>NKG (Network Knowledge Graph):</strong> A graph-based representation of network entities, their attributes, operational states, and semantic relationships.</t>
        </li>
        <li>
          <t><strong>User Expectation:</strong> An operator-level expression of a desired operational outcome. It is typically conveyed via Natural Language (NL) and may be incomplete, ambiguous, or independent of the underlying NKG schema.</t>
        </li>
        <li>
          <t><strong>Application Directive:</strong> A structured request issued by an application, controller, orchestration system, or automation tool. It may be encoded using a Domain-Specific Language (DSL), an API request, or another machine-readable format.</t>
        </li>
        <li>
          <t><strong>Intent:</strong> A structured representation of a user expectation or application directive after interpretation, clarification, and alignment with the NKG structure and available capabilities.</t>
        </li>
        <li>
          <t><strong>Intent Catalog:</strong> A registry of supported intent types and related metadata exposed by the UIG. It describes the capabilities exposed through the UIG, including supported operational intents, required parameters, mapped NKG capabilities, and supported output formats.</t>
        </li>
        <li>
          <t><strong>IR (Intermediate Representation):</strong> A normalized and instantiated representation of a specific intent before execution. While the Intent Catalog describes what the UIG can support, the IR captures what the current request intends to do, including the intent type, targets, constraints, context, required capabilities, authorization context, and execution preferences.</t>
        </li>
        <li>
          <t><strong>NKG Capability:</strong> A query, inference, validation, update, or external operation that can be invoked over or through the NKG and its associated graph engine or management APIs.</t>
        </li>
        <li>
          <t><strong>Agent:</strong> An optional LLM-based or rule-assisted component within the UIG that helps parse user expectations, infer intents, complete missing slots, or generate operator-facing explanations.</t>
        </li>
      </ul>
    </section>
    <section anchor="gateway-architecture-overview">
      <name>Gateway Architecture Overview</name>
      <t>This gateway architecture adopts a three-layer architecture, with the Unified Intent Gateway (UIG) serving as the central mediator between upstream requests and downstream NKG capabilities. In this architecture, the gateway is an intent-aware interaction component that connects operators and applications with graph-based knowledge operations.</t>
      <artwork><![CDATA[
+-----------------------------------------------------------+
|         Upstream: Input & Interaction Layer               |
|         (Users [NL], Applications [DSL/API])              |
+----------------------------^------------------------------+
                             |
          (1) User Expectation or Directive
                             |
                             | (5) Final Response
                             |     (Structured Result / Summary)
+----------------------------v------------------------------+
|             Midstream: Unified Intent Gateway             |
| [ Authorization | Intent Catalog | Resolution (IR) |      |
|   Query/Plan | Policy | Synthesis ]                       |
+----------------------------^------------------------------+
                             |
          (2) Capability Request / Query / Workflow
                             |
                             | (4) Execution Result
+----------------------------v------------------------------+
|             Downstream: Data & Knowledge Layer            |
| [ NKG Schema | Graph Engine | Reasoning | APIs | Policies]|
+-----------------------------------------------------------+
]]></artwork>
      <ul spacing="normal">
        <li>
          <t><strong>Input and Interaction Layer (User/Application)</strong></t>
        </li>
        <li>
          <t><strong>Unified Intent Gateway (UIG)</strong></t>
        </li>
        <li>
          <t><strong>Data and Knowledge Layer (NKG, Graph Engine, and Related Capabilities)</strong></t>
        </li>
      </ul>
      <t><strong>Overall processing flow:</strong></t>
      <t>Upstream input (NL/DSL) -&gt; UIG (authentication/authorization, intent catalog lookup, intent resolution, Intermediate Representation (IR) construction and validation, capability mapping, query/execution planning) -&gt; NKG execution -&gt; UIG response synthesis -&gt; upstream response delivery.</t>
      <section anchor="input-and-interaction-layer">
        <name>Input and Interaction Layer</name>
        <t>The upstream layer accepts inputs from human operators and automated systems:</t>
        <ul spacing="normal">
          <li>
            <t><strong>User input (NL):</strong> e.g., "Check whether service_X is affected by an HTTP Flood."</t>
          </li>
          <li>
            <t><strong>Application input (DSL/API):</strong> e.g., <tt>INVESTIGATE_INCIDENT(target="service_X", window="5m")</tt>.</t>
          </li>
          <li>
            <t><strong>Contextual metadata:</strong> e.g., requester identity, tenant, target domain, time window, ticket identifier, or operational scope.</t>
          </li>
        </ul>
        <t>Primary responsibilities of this layer include:</t>
        <ul spacing="normal">
          <li>
            <t>Providing unified interfaces (e.g., REST, gRPC, WebSocket, command-line interfaces, or conversational interfaces);</t>
          </li>
          <li>
            <t>Transmitting requests with identity information, authorization context, and operational metadata;</t>
          </li>
          <li>
            <t>Receiving structured results (e.g., JSON), graph paths or subgraphs, audit references, and optional natural-language explanations.</t>
          </li>
        </ul>
      </section>
      <section anchor="unified-intent-gateway">
        <name>Unified Intent Gateway</name>
        <t>The UIG receives requests, performs authentication/authorization, consults the Intent Catalog to identify supported intent types, resolves the request into an intent, normalizes the resolved intent into an IR, and maps the IR to graph queries, graph inferences, API calls, or execution plans. After receiving results from the NKG or related management systems, the UIG aggregates the returned data and synthesizes responses for upstream consumers.</t>
        <artwork><![CDATA[
+-----------------------------------------------------------------------+
|                       Unified Intent Gateway (UIG)                    |
|                                                                       |
|  +---------------+     +-------------------+      +----------------+  |
|  |   Ingress     |     | Intent Catalog &  |      | IR Generation  |  |
|  |      &        |---->| Intent Resolution |----->| & Validation   |  |
|  | Authorization |     +---------+---------+      +-------+--------+  |
|  +---------------+               |                        |           |
|                                  |                        v           |
|                         +--------v---------+      +----------------+  |
|                         | Capability       |----->| Query/Plan     |  |
|                         | Mapping          |      | Executor       |  |
|                         +--------+---------+      +-------+--------+  |
|                                  |                        |           |
|                                  v                        v           |
|                         +----------------+      +------------------+  |
|                         | Policy         |<---->| Response         |  |
|                         | Enforcement    |      | Synthesis & Log  |  |
|                         +----------------+      +------------------+  |
+-----------------------------------------------------------------------+
]]></artwork>
        <t><strong>Defense-in-depth requirement:</strong> the underlying NKG/graph engine itself MUST provide built-in security capabilities. It MUST authenticate the UIG's Query Executor and authorize operations using fine-grained policies for node, edge, subgraph, capability, and tenant access, so that the architecture does not rely on the UIG as a single point of failure.</t>
        <t>The UIG's main functions include:</t>
        <ol spacing="normal" type="1"><li>
            <t><strong>Input parsing and intent recognition</strong>
            </t>
            <ul spacing="normal">
              <li>
                <t>For NL: an Agent MAY perform intent extraction, semantic slot completion, clarification, and task generation. This process can be guided by domain-specific ontology, intent catalog entries, and NKG capability metadata;</t>
              </li>
              <li>
                <t>For DSL/API directives: a rule-based parser or structured validator parses machine-readable requests;</t>
              </li>
              <li>
                <t>Both forms are normalized into a unified IR.</t>
              </li>
            </ul>
          </li>
          <li>
            <t><strong>Intent discovery and catalog support</strong>
            </t>
            <ul spacing="normal">
              <li>
                <t>Expose available intent types according to NKG schema, capability metadata, requester role, tenant, and operational scope;</t>
              </li>
              <li>
                <t>Provide required parameters, optional parameters, and supported output formats for each intent type;</t>
              </li>
              <li>
                <t>Support user interaction when an operator needs to discover what NKG-based operations are available.</t>
              </li>
            </ul>
          </li>
          <li>
            <t><strong>Validation and policy enforcement</strong>
            </t>
            <ul spacing="normal">
              <li>
                <t>Validate syntactic correctness, required fields, and executability of the IR;</t>
              </li>
              <li>
                <t>Authenticate requesters and authorize operations (e.g., by role/tenant/scope);</t>
              </li>
              <li>
                <t>Check consistency with the NKG schema, capability metadata, and policy constraints;</t>
              </li>
              <li>
                <t>Reject ambiguous, unsupported, or unauthorized requests before execution.</t>
              </li>
            </ul>
          </li>
          <li>
            <t><strong>Statement generation and execution orchestration</strong>
            </t>
            <ul spacing="normal">
              <li>
                <t>Translate IR into standardized Cypher, SPARQL, or equivalent graph query statements when graph queries are required;</t>
              </li>
              <li>
                <t>Construct execution plans for graph inference, external API calls, or multi-step workflows;</t>
              </li>
              <li>
                <t>Record audit logs covering the request, authorization decisions, generated operations, execution plan, and result summaries.</t>
              </li>
            </ul>
          </li>
          <li>
            <t><strong>Response synthesis</strong>
            </t>
            <ul spacing="normal">
              <li>
                <t>Normalize query and execution results into structured outputs (e.g., JSON);</t>
              </li>
              <li>
                <t>Return graph paths, affected entities, evidence chains, confidence values, or audit references when applicable;</t>
              </li>
              <li>
                <t>Optionally generate natural-language summaries or explanations for operators.</t>
              </li>
            </ul>
          </li>
        </ol>
      </section>
      <section anchor="data-and-knowledge-layer">
        <name>Data and Knowledge Layer</name>
        <t>This layer consists of the NKG, graph database/engine, reasoning functions, policy metadata, and optional external management APIs. It is responsible for executing graph queries, graph inferences, graph updates, and related operations, and returning execution results to the UIG.</t>
        <t>It supports:</t>
        <ul spacing="normal">
          <li>
            <t>Efficient retrieval and updates over topology, device status, telemetry-derived facts, service dependencies, and related knowledge;</t>
          </li>
          <li>
            <t>Graph traversal, causal path extraction, and reasoning over network entities and relationships;</t>
          </li>
          <li>
            <t>Constraint checking and semantic validation based on schema or policy metadata;</t>
          </li>
          <li>
            <t>Structured result formats (e.g., Node-Relation-Attribute, graph paths, or JSON objects);</t>
          </li>
          <li>
            <t>Invocation of external management APIs or workflow systems associated with NKG entities, when explicitly authorized.</t>
          </li>
        </ul>
        <t><strong>Security requirement:</strong> the NKG MUST authenticate querying entities and authorize access to nodes/edges/subgraphs, capabilities, and tenants using fine-grained access control. This provides a foundational security safeguard for the overall gateway architecture.</t>
      </section>
    </section>
    <section anchor="use-cases">
      <name>Use Cases</name>
      <t>This section provides illustrative use cases demonstrating how the gateway architecture supports automated and controlled NKG interactions.</t>
      <section anchor="use-case-1-http-flood-investigation-nl">
        <name>Use Case 1: HTTP Flood Investigation (NL)</name>
        <t><strong>Scenario:</strong> A service reports abnormal response latency, and an operator suspects an HTTP Flood.</t>
        <t><strong>User expectation (NL):</strong> "Check whether there is an HTTP Flood attack affecting service_X."</t>
        <t><strong>Expected UIG behavior:</strong></t>
        <ul spacing="normal">
          <li>
            <t>Authenticate and authorize the requester;</t>
          </li>
          <li>
            <t>Infer an <tt>incident_investigation</tt> intent with <tt>suspected_attack</tt> set to <tt>HTTP_Flood</tt>;</t>
          </li>
          <li>
            <t>Clarify or assign a time window if the request does not provide one;</t>
          </li>
          <li>
            <t>Resolve the intent into IR, including target service, suspected attack, time window, required capabilities, and output preference;</t>
          </li>
          <li>
            <t>Map the IR to NKG capabilities for traffic fact retrieval, request-rate anomaly checking, and affected service lookup;</t>
          </li>
          <li>
            <t>Generate graph queries or execution plans over traffic/telemetry facts;</t>
          </li>
          <li>
            <t>Synthesize results into structured output and, when requested, an operator-facing explanation.</t>
          </li>
        </ul>
        <t><strong>Example IR:</strong></t>
        <artwork><![CDATA[
{
  "intent": "incident_investigation",
  "target": "service_X",
  "suspected_attack": "HTTP_Flood",
  "time_window": "5m",
  "required_capabilities": [
    "traffic_fact_retrieval",
    "request_rate_anomaly_check",
    "affected_service_lookup"
  ],
  "output_preference": [
    "structured_json",
    "operator_summary"
  ]
}
]]></artwork>
        <t><strong>Illustrative query (Cypher):</strong></t>
        <artwork><![CDATA[
MATCH (src:IP)-[r:SENDS_HTTP]->(dst:Server)
WHERE r.request_rate > $threshold AND dst.name = "service_X" AND r.window = "5m"
RETURN src, r.request_rate, dst
ORDER BY r.request_rate DESC
]]></artwork>
        <t><strong>Output:</strong></t>
        <ul spacing="normal">
          <li>
            <t>Structured JSON containing suspected sources, request rates, affected services, and evidence paths;</t>
          </li>
          <li>
            <t>Optional explanation: "High-rate HTTP requests from suspicious source nodes to service_X are observed within the last five minutes; the evidence path is consistent with an HTTP Flood affecting the target service."</t>
          </li>
        </ul>
      </section>
      <section anchor="use-case-2-admin-controlled-nkg-node-maintenance-dsl">
        <name>Use Case 2: Admin-Controlled NKG Node Maintenance (DSL)</name>
        <t><strong>Scenario:</strong> A network administrator or authorized inventory system dynamically maintains the NKG by creating, updating, or deleting graph nodes (e.g., device nodes, service nodes, or asset entries). All write operations MUST be strictly controlled by role-based authorization and fully audited.</t>
        <t><strong>Input (DSL examples):</strong></t>
        <ul spacing="normal">
          <li>
            <t><tt>UPSERT_NODE(type="Device", key="name", value="FW1", props={interface:"eth0", status:"active"})</tt></t>
          </li>
          <li>
            <t><tt>DELETE_NODE(type="Device", key="name", value="FW1")</tt></t>
          </li>
        </ul>
        <t><strong>Expected UIG behavior:</strong></t>
        <ul spacing="normal">
          <li>
            <t>Enforce elevated privileges for write operations;</t>
          </li>
          <li>
            <t>Parse the DSL directive into IR (e.g., <tt>{op: upsert_node, type: Device, match_key: name, match_value: FW1, props: {...}}</tt>);</t>
          </li>
          <li>
            <t>Validate schema constraints, node labels, required properties, property types, tenant boundaries, and write scope;</t>
          </li>
          <li>
            <t>Map the IR to an authorized graph update capability;</t>
          </li>
          <li>
            <t>Generate graph write statements or invoke an authorized update API;</t>
          </li>
          <li>
            <t>Record an audit trail covering the request, authorization decision, generated operation, affected node identifiers, and result summary.</t>
          </li>
        </ul>
        <t><strong>Example operations (Cypher):</strong></t>
        <artwork><![CDATA[
MERGE (n:Device {name:"FW1"})
SET n.interface="eth0",
    n.status="active";
]]></artwork>
        <artwork><![CDATA[
MATCH (n:Device {name:"FW1"})
DELETE n;
]]></artwork>
        <t><strong>Output:</strong></t>
        <ul spacing="normal">
          <li>
            <t>Structured JSON acknowledgment containing operation status (success/failure), affected node identifiers, and an audit reference.</t>
          </li>
          <li>
            <t>Example: <tt>{"status": "success", "operation": "upsert_node", "affected_nodes": ["FW1"], "audit_reference": {"trace_id": "req-9a8b7c6d"}}</tt></t>
          </li>
        </ul>
      </section>
      <section anchor="use-case-3-intent-discovery-for-network-troubleshooting-nl">
        <name>Use Case 3: Intent Discovery for Network Troubleshooting (NL)</name>
        <t><strong>Scenario:</strong> An operator observes that a service has degraded latency, but does not know which troubleshooting intents are supported by the NKG.</t>
        <t><strong>User expectation (NL):</strong> "The latency of service_X increased suddenly. What can I check?"</t>
        <t><strong>Expected UIG behavior:</strong></t>
        <ul spacing="normal">
          <li>
            <t>Authenticate the requester and collect available context metadata;</t>
          </li>
          <li>
            <t>Consult the Intent Catalog and NKG capability metadata;</t>
          </li>
          <li>
            <t>Identify troubleshooting intents that are applicable to the target service and requester role;</t>
          </li>
          <li>
            <t>Suggest candidate investigation intents based on the user's natural-language request;</t>
          </li>
          <li>
            <t>Indicate which parameters are required before a selected intent can be executed;</t>
          </li>
          <li>
            <t>Return available investigation options in structured form and provide an operator-facing summary.</t>
          </li>
        </ul>
        <t><strong>Example response:</strong></t>
        <artwork><![CDATA[
{
  "target": "service_X",
  "available_intents": [
    "traffic_anomaly_investigation",
    "affected_dependency_discovery",
    "path_congestion_analysis",
    "related_incident_correlation"
  ],
  "parameters_required_for_execution": [
    "selected_intent",
    "time_window"
  ],
  "available_output_formats": [
    "structured_json",
    "operator_summary"
  ]
}
]]></artwork>
        <t><strong>Output:</strong></t>
        <ul spacing="normal">
          <li>
            <t>Structured result containing supported troubleshooting intents, required parameters for execution, and available output formats;</t>
          </li>
          <li>
            <t>Operator-facing summary: "The NKG supports several troubleshooting intents for service_X, including traffic anomaly investigation, affected dependency discovery, and path congestion analysis. A time window is required before execution. Please provide a time window or select an investigation intent."</t>
          </li>
        </ul>
      </section>
    </section>
    <section anchor="security-considerations">
      <name>Security Considerations</name>
      <t>This document describes an interaction gateway for a NKG mediated by a UIG. Implementations MUST consider the following:</t>
      <ul spacing="normal">
        <li>
          <t>The graph engine/NKG service MUST enforce authentication and fine-grained authorization for all operations initiated by the UIG. This defense-in-depth requirement prevents the UIG from becoming a single point of failure.</t>
        </li>
        <li>
          <t>NL, DSL, and API inputs MUST be validated and constrained to prevent malformed, ambiguous, or unauthorized graph operations.</t>
        </li>
        <li>
          <t>Intent inference mechanisms, including LLM-based components when used, MUST be constrained by policy, schema, and capability metadata before execution.</t>
        </li>
        <li>
          <t>IR validation MUST be performed before any graph query, graph update, API call, or workflow execution.</t>
        </li>
        <li>
          <t>Write operations (create/update/delete) MUST be restricted to explicitly authorized roles and scopes, and SHOULD be fully audited.</t>
        </li>
        <li>
          <t>Responses MUST be filtered/redacted according to the requester's authorization scope to avoid data leakage.</t>
        </li>
        <li>
          <t>Audit logs SHOULD record the original request, inferred intent, IR, authorization decision, selected capabilities, execution plan, and result summary.</t>
        </li>
      </ul>
    </section>
    <section anchor="iana-considerations">
      <name>IANA Considerations</name>
      <t>This document has no IANA actions.</t>
    </section>
  </middle>
  <back>
    <references anchor="sec-informative-references">
      <name>Informative References</name>
      <reference anchor="I-D.mackey-nmop-kg-for-netops">
        <front>
          <title>Knowledge Graph Framework for Network Operations</title>
          <author fullname="Michael Mackey" initials="M." surname="Mackey">
            <organization>Huawei</organization>
          </author>
          <author fullname="Benoît Claise" initials="B." surname="Claise">
            <organization>Everything-Ops</organization>
          </author>
          <author fullname="Thomas Graf" initials="T." surname="Graf">
            <organization>Swisscom</organization>
          </author>
          <author fullname="Holger Keller" initials="H." surname="Keller">
            <organization>Deutsche Telekom</organization>
          </author>
          <author fullname="Daniel Voyer" initials="D." surname="Voyer">
            <organization>Bell Canada</organization>
          </author>
          <author fullname="Paolo Lucente" initials="P." surname="Lucente">
            <organization>NTT</organization>
          </author>
          <author fullname="Ignacio Dominguez Martinez-Casanueva" initials="I. D." surname="Martinez-Casanueva">
            <organization>Telefonica</organization>
          </author>
          <date day="7" month="April" year="2026"/>
          <abstract>
            <t>   This document describes some of the problems in modern operations and
   management systems and how knowledge graphs and RDF can be used to
   solve closed loop system, in an automatic way.

   Discussion Venues

   This note is to be removed before publishing as an RFC.

   Source for this draft and an issue tracker can be found at
   https://github.com/mike-mackey.

            </t>
          </abstract>
        </front>
        <seriesInfo name="Internet-Draft" value="draft-mackey-nmop-kg-for-netops-04"/>
      </reference>
      <reference anchor="I-D.marcas-nmop-knowledge-graph-yang">
        <front>
          <title>Knowledge Graphs for YANG-based Network Management</title>
          <author fullname="Ignacio Dominguez Martinez-Casanueva" initials="I. D." surname="Martinez-Casanueva">
            <organization>Telefonica</organization>
          </author>
          <author fullname="Lucia Cabanillas Rodriguez" initials="L. C." surname="Rodriguez">
            <organization>Telefonica</organization>
          </author>
          <author fullname="Pedro Martinez-Julia" initials="P." surname="Martinez-Julia">
            <organization>NICT</organization>
          </author>
          <date day="21" month="October" year="2024"/>
          <abstract>
            <t>   The success of the YANG language and YANG-based protocols for
   managing the network has unlocked new opportunities in network
   analytics.  However, the wide heterogeneity of YANG models hinders
   the consumption and analysis of network data.  Besides, data encoding
   formats and transport protocols will differ depending on the network
   management protocol supported by the network device.  These
   challenges call for new data management paradigms that facilitate the
   discovery, understanding, integration and access to silos of
   heterogenous YANG data, abstracting from the complexities of the
   network devices.

   This document introduces the knowledge graph paradigm as a solution
   to this data management problem, with focus on YANG-based network
   management.  The document provides background on related topics such
   as ontologies and graph standards, and shares guidelines for
   implementing knowledge graphs from YANG data.

            </t>
          </abstract>
        </front>
        <seriesInfo name="Internet-Draft" value="draft-marcas-nmop-knowledge-graph-yang-05"/>
      </reference>
      <reference anchor="I-D.pang-nmop-kg-for-traffic-monitoring-analysis">
        <front>
          <title>Knowledge Graph for Network Traffic Monitoring and Analysis</title>
          <author fullname="Ran Pang" initials="R." surname="Pang">
            <organization>China Unicom</organization>
          </author>
          <author fullname="Jing Zhao" initials="J." surname="Zhao">
            <organization>China Unicom</organization>
          </author>
          <author fullname="Shuai Zhang" initials="S." surname="Zhang">
            <organization>China Unicom</organization>
          </author>
          <author fullname="Wenxiang Lve" initials="W." surname="Lve">
            <organization>China Unicom</organization>
          </author>
          <author fullname="Hongyu Wang" initials="H." surname="Wang">
            <organization>China Unicom</organization>
          </author>
          <date day="5" month="November" year="2025"/>
          <abstract>
            <t>   This document extends the knowledge graph framework specifically to
   the traffic management domain, demonstrating how knowledge graphs can
   address long-standing traffic management challenges through semantic
   integration and automated reasoning.

            </t>
          </abstract>
        </front>
        <seriesInfo name="Internet-Draft" value="draft-pang-nmop-kg-for-traffic-monitoring-analysis-02"/>
      </reference>
      <reference anchor="I-D.tailhardat-nmop-incident-management-noria">
        <front>
          <title>Knowledge Graphs for Enhanced Cross-Operator Incident Management and Network Design</title>
          <author fullname="Lionel Tailhardat" initials="L." surname="Tailhardat">
            <organization>Orange Research</organization>
          </author>
          <author fullname="Raphaël Troncy" initials="R." surname="Troncy">
            <organization>EURECOM</organization>
          </author>
          <author fullname="Yoan Chabot" initials="Y." surname="Chabot">
            <organization>Orange Research</organization>
          </author>
          <author fullname="Fano Ramparany" initials="F." surname="Ramparany">
            <organization>Orange Research</organization>
          </author>
          <author fullname="Pauline Folz" initials="P." surname="Folz">
            <organization>Orange Research</organization>
          </author>
          <author fullname="Bernard Kavanagh" initials="B." surname="Kavanagh">
            <organization>TiDB</organization>
          </author>
          <date day="9" month="February" year="2026"/>
          <abstract>
            <t>   Operational efficiency in incident management in networking requires
   correlating and interpreting large volumes of heterogeneous technical
   information.  Knowledge Graphs (KG) can provide a unified view of
   complex systems through shared vocabularies.  YANG data models enable
   describing network configurations and automating their deployment.
   However, both approaches face challenges in vocabulary alignment and
   adoption, hindering knowledge capitalization and sharing on network
   designs and best practices.  To address this, the concept of a IT
   Service Management Knowledge Graph (ITSM-KG) is introduced to
   leverage existing network infrastructure descriptions in YANG format
   and enable abstract reasoning on network behaviors.  The key
   principle to achieve the construction of such ITSM-KG is to transform
   YANG representations of network infrastructures into an equivalent
   knowledge graph representation, and then embed it into a more
   extensive data model for Anomaly Detection (AD) and Risk Management
   applications.

   In addition to use case analysis and design pattern analysis, an
   experiment is proposed to assess the potential of the ITSM-KG in
   improving network quality and designs.

            </t>
          </abstract>
        </front>
        <seriesInfo name="Internet-Draft" value="draft-tailhardat-nmop-incident-management-noria-04"/>
      </reference>
    </references>
  </back>
  <!-- ##markdown-source:
H4sIAAAAAAAAA71ceXPbRpb/n5+ii9lyRJugbOdm1tkokmIrI8kaSY4nk/LS
INAkEYMAFwcV2s5+9n1XHwBBSdlJjaoSSzj6eOfvHY0gCHpVUqV6rPoH6nlY
6Ztwo2Z5oc51dZMX79Tfsvwm1fFcq+dFuFqoszAL53qps6rfC6fTQq/h1fO/
PTcv93txHmXhEkaMi3BWBdkyXwVRnQTZu3kw54eCx497Efw6z4vNWCXZLO+V
9XSZlGWSZ9VmBS+fHF//2EtWxVhVRV1WTx8//ubx014ML43V08dPvwwefxU8
ftKD2T/rfaLCQoewjpcXV334Cxc+L/J6hUs7e3kBK62rRV6Me0oFMF0J138Z
qcM66cMVpXi5/V/ybO4u5sUcrl2XSTZf1KF6lSVrXZRJteHbEfwG93/QyW/w
hFzLYxznyePHj7/+3Fyqswo32T9cJFnIF/UyTFK4BFTZwJzfVzLJSMf1KMr4
obpI4JFFVa3G+/s3NzcjeXqU6Wq/7+3kp5E6T+rGTn5KwjTJ3GXei6zV24rK
Z+oiL6tShVmsrnWqo3y5rLMEmAOcKO+z1a+/+vIeW81+S7+f1qvK26JZ/9lI
/cOOKxs4gwvvF9q7wVv45wIoMK/DLKozdRpO8yKsQIbuxZJv7sOS3+HN5fvv
38+jNJx2LPZ0pP65CFurPdWJf/XftNT3OGOqk/ZiUZ2KJTBwrVHgT4Kj0TKM
3ukNqyJoIdwPQIryVekeKKKwlAeMxgdz1PhgA9OY51bwe2OYCnR8lkTBMs8S
2B5sJgADkW7KxI5dwXIXYQGqy28mWZTEYD+CpTUlQQavhuNeLwgCFU5LGDWq
er3rRVIqMCc1PqPKlY6SWaJRWIEblcaHQErV/G6zVao9sFHlQFW5KpPlKk1m
G8Xbm4aljlUm7+UrGJZkf6SuQQDN2ECfRVLpqKoLrWI9SzJcB6oSrChWJ7Ac
WKIxoHuvTp7DXIsQVl2vVnkBGnYewrthCqKQgVTAwvbOTweq0P9Ta1TAWZEv
1aIGmsga8oK18igHfmfBFe8+8t4/uoIBYM8HFycqTgpYHLBcRgpXsEfRYhom
hw1oJCyRrNyUlV7KHmGxTM9VoWEldakLpX+H+SrvfW9Af7KwVDBoTXSJaZSs
KocKzM8cXqwWeqlukmqBvyn0EvZhGhRmyZH6UbgKp0maVMDdId1Zhit5HThG
jFJAqILu858g5rrQWYRXkAJRmKbwK9DD8hCojUydpfkNDgYeYb5A4UFuFUsd
J8Audalh2yUsm/e2d3I5uIX1ILx5sUJdhs3zdoEcZZSDRd0M3UY2uIMVqMNQ
rXIg3EZpVMuIxB22WMdJpdJ8PqdHcMewiBUQWwNvMtg4KBBufRm+I8KJmDrx
VMsciRjB/stkmuqhKnUEK+TBInCjRZ6CWUj1iNVqmcRxqnvgHk/wXlyT8sDf
n6izHJgZ8p93KdCqyNegviD7Ncs+TFiWeZSQweHZSzBRWQWyWjRpC97G6FlZ
EQXpaSMSwD3RFvRS+RTkcC3URIpVoAhVgwY8G3IhBXlDVjiTMlLHvycljURy
xwIPDMpE6ny5RdHaGMECHUH3GKZDWH9YgmFDFq1BpGOalmeF30Oaei4q5cvw
CGisgBsFrskXxzLSWVgkOSx9kd9omGeIUg6r8V9HOANqWINEb4TFsEgjwLzK
EtR5GcI4tHaVilUAPunRfDRUh5vVAvQY1OHq4uDy76cDUo0qz9OgNKYE1AYG
uFkkEaoTC4UmtQNbmoLWIPWiBSxDZzA02mf18OGLBBbxqkQT9ENYgEoW44cP
1cuG0WqYn3wGagKcxz3kIDYxULfCp3Ai+jPd4Ez+xoagLxWqEaLBEjmR8miL
ZMX2N/FEoEkD0qDwdzXVM9QRmGXDfJ/N2GwBVcHIkVw0uEbbOwVfiZIqJv1A
vBFM1tym4Q9IE4gu+ClQ2cIXT2B3XlcAqMhSAFZg+29WicIOdA/xJljSKgF7
g1QIFcp9EqGbAYoYmSOXCV6LHqGNaLIZeV2QCQTmAlFivL1MeDASSriEoBlE
8gqn2zbuhi9T7ZwAanVBTi5mApM9h+d22PI2paeIIzXMAyapQhvU8LWej0Uf
D1Yc3x46kyJGJGKDi2wIwhvUCWOSEVLkSGxy+bAUzy6C3USnirxo2vFykdcp
0gylnGWPhHjKQkxjWdc7tDDkz/lDWG7e7RHZqYm2y2WCI2zy4Nm2PKLUhA1T
zjOj76C/wNpluhiRDb8ocri0VFdoWNEAEmkV2JsKpc5qMdIH9w7bQ+eJki5w
ythQQy9aSkpPwBBZmbJ8LkD9gxRMV9pBGSCht/nbaCT2VLbt23SwRzArOQ7Q
A5iRJIGcgLhSIQkT1dc3ZJgWlyECH9r9oKATxadFgn6tItlYgbBWNxoMFIGv
ALfgrVt2amGaMVssz3yzwTMDaaYb3+8Ajw6yblk2Iuxcl1tpCWsoAak2LbKI
Nz5qbLLBoS9Ad4sc2KjzugQTtqortFodagA0LHNmgTFNgTWgd6NSj8u3Qc+h
FV9dCDjrxKG0CbG4RwZO0UQnxiaFxgR3bMZ4dKtKgszIeaAHzQuyjEDSbiDq
4zaYCp27QBmegMCms6ZWf2nDiAkhpADSk/Asp8m8RvJvqUdjm03cuWNjGUZy
afK+YZvt7KRIiGcvOdaAXRCOok16JACMERZzDcFIlONfyHvgQEKGCRmkf6+G
1mq20TilTpL34lDM06R6dQUChqoqUJw3eEUeXMT80FH2jBHxjq2icfTM4p/E
/A7nb3Hb4DDiuoCL2+FEV1jCWzur0yoJQGZXAC/RuSFNLkBvst0bE6l0m0NW
CbHVEgdcGQfp9muRp8LJSh9/gi3X0TveNrBCF2j5LDUaMoabeWnso/rZDrFj
pcYmE9lAqPB1tCVFC3cbf68NCYaoA2lNVGcSN2XM2W13rSlXIpmN6AEfBwgP
/N6IYIkjoMcOUeeSEIRhl1HISlTvIpnnBaojTogYKjIo3l9Ad5gmAj5LUiCz
jdQawRtjDA/FopgR4Yih4HIBRZklhWmZmxkE2BsDSX4AJFFnBA/g11W14G1f
msjwykSGuyRN7r/3WIMYEWRMjMUyhFg20wGSFqw6unfPkvN2ycCjG9aZcQQI
A439D2ZhhPvcchow4DJE6WXBXMENi/I+UdcQcSdZDlTbsMtCOu3tiDYHuMGD
BmjcHUpSoEBKA5tPwABXVZFM64pQsR97Uci5FaE6QyC68wrN9rEz27QW5//E
6Qvsl7WEt8F/iAYrgl2bVRJRzADkX+sNPL1Owh2JIcaLG4blxr8MnXch9QfA
r1c6iynMnLXjKWfweGMHHhw7Mk6bKe0JgbAcFlzWjGPAw3g+3Xfpw053TkuT
eB2vYtBJNJD9gELnMQxdlxzv3J7hQoaReZOF8ehZXmF4a+QZzGVM0sypT98I
dmywLUnhlqtuoUCHcSD2AlPgvLEhSQqSP3OmxYRMBOduSYCFa4hkaOHbvkZs
+CFgEdAa3kah52ARC0rc70I7lEtKyWQbLOOj0oozfsQQENoIdEUQQyeONVkH
ea1h6e0CfKG3EY/FE6uwCJcITOEiZsU6Qh3RSjegGF7ipqHHpdq7JXMnNsMi
pliSQ5hqqJKw2sF5mwwRIrZd20i9pniEXGKDIx71btClC4UoAJadDI0ntcjM
PmlQiVU3HJtRf5z7VN6B5cq/DsY5X+GQnNAc+eQQHFNYkmUWizVzY/UKEUQT
nFjxMDA1Y7O2zt8hr9ecp/IlzTjRBL2RpBd1y6fmhR8zYS5LzNzcaD0abZHK
09Mzk30oVFGnOoBhEVxgJLQE92oUNcksI2mxC52uShThUm8DeqGCk3kbCFAt
E3UkzSu21QZIbTnSLVdpqggHfuL55RqjYX0jVZHO5HQYw36xLAGk1Bo88wbW
5j8xdLbo1sqFibxDMQySRGDFg72YkLlegQDqcNmMj+P8JpPrWyk2TIxWuIHm
sioPzCS2wGNjZb/a49jFwpRnGYxStuLTRgKSNu2DCVviauai/hd+eo+C///P
o95HZX5eCW3GHIarBxzKyi5OiTfNn4/e23uIQkr16/npGwh1/M38Ck5xH6T9
zaD99q0r/++7Vq5u+/no3d57MlBtjIQCbiHF/Yfquq32vhioHxNUWgN873qD
VnXlPPwlQV61r64Ikm4Gt5NmfX+m4s9ZEhvO7lCi5nY/ql/VQcP6fmx7ko+4
5DytbQVKNiUi8Xe0uPsYZsL1C45TPrpoQL3ZSep/l0g8HfiB/qX4tH1eOfz7
WsLzf1U0Ph94cTez+S/l7ZE1XWN1hMDpgReabOks8xZtHKc8YIXcJHPMHgrZ
asL4j+ShDP/AFL65gzt3/DxiayVIEQ2MzZY1TAwZkn3PggwePmykDLscgDxC
FMBh2zTAWuCwsVdGEpeCOw89k4+D9R4+RP8FsQ/WD6lkCSRBgRjjXWMqwc7j
RiD+2afadvAd+eG9ZuS+3wrcBRxFoktpnr+rV/ZyYRVreGfdVxAVV0ZpQz6y
6artEhba9wCUpIJo7SgY7pZspqPMC3c8Ryq3Y51il86Gs/u3cJjz/HYAcfpR
pFcU9FNAvzON66qqkok1+eSSUI1wg6A1lxX7h5h8wuQAxV9Sqpr8g7y2KUtx
zPji+vpC/QjsiEf9rfhTxhZf5k3w9uT85+Or65PnB9fHk5Pzw5Oj4/PrPca8
z/p2vj5CmQyQxrP+F8v+4C1Dv0OGtTVhFQ593Mgml1FILQ0LCiAiISZ6JD8a
UyQKfyZLLePjH9E7uCcFuISj3lZVF/4CRl0UCbobw8TEBlMUmwOFmDmM7TWR
+oLK6agNpvZFWAegoSvlXgI9hmp+eXE4VK/19CrH9RDWBIbGQYqmxr1Fq6ME
Q1H6MRnfHXwLk15jOWeZVJWpJhB0I5RkSKNsF9FWqqyVA/boYGiOc1zqSCdc
vvFDb85FycZ+unp5PjC53VVYLbiAVE/pSmnaJFxQYqaU+bZSUG0o/ckOD806
w+qIy9SlJcNQwYZw6+2EYdvsUAotrcquyBCCOFOv3RGmD9kwrSX09qLA3KHf
oYtmzWP0jh3KFQCaXTNUEfjTOfSmGQOsfkC5jsJy0rCPzIkJ0zCeMukGF46J
ORnaYCqczws9p6YP3gmwDivKsfExLnlZWitYUlbU2jbOWoJc/xVY/TYY4H5u
DZM6Icyukf7sD43U3uAjutW1bb6zfeuRjITLOsnm1KpAw8v/W5L7QFnoiUL0
nINWlAm8bkeCnwd2oTjNd3YkD8nSHbz1wKs9KH+kNi5ubuGRvwv/1qP27rrp
5BFzJ5XbFL+TLbturO85kl3qur3anbzbuRQPc8slQ3EvZJBV3z6S1Oa29vlR
8HZeuOv32t39eXfXz1/Hu/V9btxrd3dx7h68kzjOXvhP4Zyt9rhH7xjp2JWs
5Hn+xwWID9Qp6Pa9eXfP3f111pdDGQg4uP4VJFlA9S+/1QGB3HaBY7+REkyq
Uqczdfbq6to2Kk7rJK1gRNtG0k5IVfy85+218VqflhLBWiUQ0ExGy88eSTED
W6awbRo7p7iimIgTy/IYgiSMoYYW4fgxBTtwxqNSGoQHc05yUcNOowM5h2Gz
HLFRulG5y1mGmP7DpWALTZ5wXWgWJim8NbKwB/aFQFfN6iySrimLSZ+MbESJ
WU9KA2axC6eifM7FcojcFDbG/4gNLKdjKtNQA9HZwS8GRJnXAC5K0DJ0tTfM
jZqM6a4qShWW70zqlLLxlP2UINJkkud1EnPYwQDedTgCUqWS41aUiBlNW3do
ZCk3Hoy1+5M4xet1gf1yHpkzipQgLlr9TxI9wkW6XW6XqwzqlKl+yEHmBXwC
l71aBiM9GyScXAIzn45clShuNM2YXQr2NJw65jYZV3Ta3SbjN0t0Nse4aKrI
sfvYRFLtmIBiI9nehahkZ2XIonr/4m1VIVIrHXLvqtmGzHQlPRd1aYp1EjJT
VdsLg12vlaEgl2g6W66RJ5Z4wIDPkAEessHVbrcRGOr/bLorqD014g6HAuUp
I2W3VAEOp3Hp12YM+aXGe3Ip2zzwbZblSLnbSkngBZqCXNtnpu0TjwYyJgf4
Xu9Fq355m1B4BPCKUzLwpf4N9upXsOvM8pYCkDqzi45dXLpVkev1PkfC205H
zz606lmN6rThw7U0M1KUJP2a8FoIso/zcuP0UNqmOTACxoAu01Q2pNpwQwF1
4bFYNcItEhbDUkNak15qh1okyq3wbNjR3EOrWboeJNv1ZEmMKuwaVLC7ZE2d
K36U2Y7nYzCWJZezurp9hq3V2uMKmGO3TR/AlS9GfrOKzW8Zup/bXjYmX5NV
jTaVjp4UP2Vgd4sxpJ8+GLoclOsK0WhzsNU1WoA4cql0JpeAq7WkTNq5BjEV
nLMCfZdJX4qZArdrK3r3b4VpNhlzimJXllUqfZwzEn0sjQmgBCzvHFUPTdW+
lkys6x2z/t22NzV11dpcK2rtiqq0rtiMFrdYGL7Zpv1bcgx8hcvCpZGdtPMk
BycFuCbalgtp5sPOhV7vxJ2roizaMZ5BSxifoF8HttKAMiuXmKt8JVgg1tRf
j/qLZqjSKey4KjYAOosE0yszMM8Iv2wjPjfZREl7B7aQiCmv5+3jI1FYl+TQ
wH76CIhHMEyixbWbmdwspjkJZzi0RpWbAA04s5DK6xIU75WZhjxEIU0ZwBGv
2sk5611F4c4BtwaXspDgwPRWDZtqB4OjZqp8ijaes4wn2TqPbKfFLgnzmzft
KR2v5E/OhzLpVqFJMVGrgOcVnpCxTmOEQYTtEuwIHnCgbbRP9ojEzqe+c6DS
qQciiCi+3EeGl/tennK7lYU9a2dY0Oz7c4gWzRSi91kOIY6FT2YzZTjTYFwK
PvOAe8mlotLVCkB9BK9KbL8F3CmWpNSRdHnIXEma1uwd19TcAPtAlBrrJcsZ
9/sDX/zyfCMOsacbXSHBP34mnT4eADNpWVmaejL26gQoMuYkDJZkzk8HxFA5
NCWdXKKUhZaZpwyTXekEVRNwi7RheVivrDEwoC4FvzqBc7xqN4CZsker4IH/
09Ki4C08rCo8NsTeh88sSKFi1MfhuVQO5MAYbaoX4TrJC6p9tUBcU/A8p60L
1ilsN4G535pTtJPEp9lbg4VJbd7KhnU84QW+hXVVKMdvce0TWvtbMiwUeW3I
D5ZlMseDJ14RRCWzRprahp8myM4zzUl/yk/7PUvkzzE/7XU0STM6k2io7CqF
jK36y66Gpq4GdFzEGZ+ykRz41qEaUh8+tUx23rkMG9QEBbMCJBqbNcXSijwZ
gGHkkOuNZP8NHmgCwe3MuvgjXsS+dT/sdsgqu0be23FRd6uuJ/MdTUYjFsgQ
424gEkkhJWA+AMLpM9v6Y/ytS8L6Q3yKWYhPeRU5vNGWOHzEyZq8DNydMHfx
9hdLvmz4PPHZBQ/8Sl0BfSHXBIk0sTyjV+VlWOQE6T8Rzk2Ic+YJw7iJWTEz
Ds/Uv6H5maITJ0xubkf3yW+l0ADfECJPGO/R2f43vT9sOuvEt68Mevc4vBg4
qp8dXB++UHtlEY1PLgbBr8X46vj86GqCVHsTfLcXl9X4CpYML/Vevzi+PFbF
yN+t+k79B/Z7lYs8jdXB+ZGCN0b4ZQL1zGcP3SpGotDPiO69y+PrV5fnCiYf
toYd4jC9l5dHx5fqh1/acx4dXx3abb4kwok18wAFIQJ0BeD3uF/U6Lk9tWgM
SiHgsKVcJgg2CJ7QBirISwdcrVyjpOHZNFog2ebmMSacHhADHgXg+dmb0zkr
W8bGqI1PHgv2kH7ANCzxHMAaO/sy7C3/li43VoZuwcbNYoJbbsL6B3y5aQfR
Ufie8elYHcQwWXDYdKYIyMDGkZ7i6Qfukt72kwZRhjhIQmJIx688uEQnTzP8
KoUgLxVvQHCkSR0zaci60iKnKRhDwK0VGUPC1vQbHVzAHJ4NB5iwgiAFbdM1
h6nlT3Y4QAVJyA1G6gAwzQ1gnkbigkDblE4rJFGVbnyIIdkMydc0Y1sUn1lN
56gxvhOIeGK7D0CAyBCWA5Hft68uro4vryfnL4+O9zCj9Kx/RBvoD9U7vXnW
R83qDzlyfNb/8fUT+APc4Kp89sGW2cd9QAuP4QaHGON+SEnD/h+DtzjF0fHp
8fXxn5kC3rsDRUgRQAEj1oTDVhDKJKmei8trUxS16IK6WpG7SAnX4y4+2zDw
7Yd8NcYqrC6qCeex+Rs9vGps6q6ixQSWPqYvopgLtP6xgvULhcbqw2g0+uOP
txQfuHxYx4khnAaUbqrTRid5gRtg/y+/2xPikjqfEnp2uV3et2Qh2+AATzY4
bfAjVS+/1eHaZVCX/6GzGNjO3BpSBoNAR3oiKD2TSbIBd5v+qRRNZ4bGs5tE
NtepUnbkajYN/+/nBrdd0/Hl82O1l42Z0eoDfe+GBPKPQe/q+FplIyvzz0Tm
+cM4I5b8Z0byvxVv4bu8HeOydqjs2/s5GAAZEoRTTOn5G9d2zosBJ1tT7LUv
BZHBnZSzrGoccRTijUEz+jw0ISEeHBS3b2fG657i4D2LQ8gCIsagjb/BWzjV
xMcfH/p0pHmSxDgSCEfwTfj19Kvoy7gPatR0GJ+NTQnenaD1P4lzXeT1NEWc
kJOp7gyvvGhJ3KAcWHSfJViEpXyaAMhmY61p7YUFyBH5rkTVmtWcggwL/7yu
nEsBJ3NHNHa9sPEdnYFx/WcZuiZ0AGUdAxvTDZ7ckNMGJwzi/+uOWOxhMxZr
RF8S14LDwRy2O7bDvVBeTuUhZWlQ3zoag26tNj1UJ6ZpaBfVmBVYhrB5SZMZ
a6IJ0Xu/RoMTXNXzOeIt/ySzH3KbeWzyiD+ToItPy52nxGnhMBzRjJnuSjiN
NLhJ5aMspcwDW5ajQh7HSZgvf2iyu36xyl8ppy7pGwleVEQ1R6pCmM/UbIdC
XWbQ5A5awdDOMMeuaiIU245TTBCyHT35wYhNLW4mtoRnHkJMOQEBQ47BuxPz
YS0X81AScmIDNSoncabOhTWOFxMbYQGZJjYm9cIc4Ypsyszjx2t2WEcBiZsk
b/gvB027jL04sUY8YczHDnXpPIPm56/tWT0rZM0SI4caneIzZltEJTGTBCs1
peR2ai/ObAWpkRGRfIRJOTRkxnNSTlr8j06RvGP84WRFGVkBON1M5JRb2ugd
dbtI0YR633jyX6XFs/nLOs0GRTDKpl/RDMIoAi/aX3Nzh+du+ZpbyF/G4I5t
7iuWs4uotUvTvC3hQSQTNj+XQQWCa/PJDukU2Se+iamkl+2p7EbTJ8cPjext
A5fRItPUh1H0KYHQc2q0YN78Le0tmMRai43nVg4KWulLOvJZoF1dHYE6Px0i
hGdRwGqh9H2bqMl9bEWyswy0+cM/MjGA9hTFnhJIjVPGjbIsU9E/NhUYJ2er
PsCxaBFC0LksfSl3Z/DsGS6psoGHgVnNav31AQ25ajG0lecd3+voqBMHCPO9
koiZQJpTPIeUbfzKbrNo5dpkG1+aaE70uh2w7lGkrPd5jH0KkPXALqHQHMky
CzqLGeS05WsrGL4IJL168fLV6RGO0YprA9s65hjPXy7Q8T78F3KKtf15DAsS
Pi27vslAYdI6T6RTFwzEO/D9I8pb2yqzrKng+IaKE0UypzNcNqAh6XCfRBpy
0/KOKMfig2bO985CNB2XUCcH5wd3mB8EsVnOT7rKRBAEAH2id73/A5wGktwY
VwAA

-->

</rfc>
