Date: Fri, 29 Mar 2024 04:45:41 +0000 (UTC)
Message-ID: <145565627.6040.1711687541607@fra-prod-wiki01.geant.org>
Subject: Exported From Confluence
MIME-Version: 1.0
Content-Type: multipart/related;
boundary="----=_Part_6039_1976496511.1711687541605"
------=_Part_6039_1976496511.1711687541605
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
Content-Location: file:///C:/exported.html
Introduction
This page is for service providers who want to offer their services to u=
sers and institutions worldwide. Joining a single eduGAIN member federation enables you to manage access to=
users from all other eduGAIN member federations in more tha=
n 60 countries around the world. This minimizes the technical and =
contractual work considerably. If you are interested in a very brief introd=
uction to eduGAIN, please have a look at the About eduGAIN web page.
Typical examples of organizations and communities that are interested in=
operating a service in eduGAIN are:
- research communities (i.e. international research projects)
- e-journal content providers (i.e. publishers)
- cloud service providers (i.e. suppliers of research projects)
So, if you provide resources to the academic and research community, and=
are looking for a way to allow higher education users to authenticate to y=
our service via federated access, read on. You will find how a service can =
be integrated with eduGAIN as a SAML Service Provider.
This page=E2=80=99s target audience is IT service administrators of orga=
nizations or communities.
Once you have read this page and followed the instructions, you will hav=
e deployed a SAML 2.0 compliant Service Provider and published it in eduGAI=
N. This means that millions of higher education users (students, university=
staff and faculty, researchers) will be able to access your services using=
the account at their home institution, depending on the access control rul=
es you have defined.
Prerequisites
Before attempting to follow the steps below, you should be familiar with=
some key concepts of federated identity management, the basis of eduGAIN a=
nd all SAML identity federations.
Authentication is the process of&n=
bsp;confirming a user=E2=80=99s identity, usually by verifying the knowledg=
e of a set of credentials (username, password). It is always handled at the=
user's home Identity Provider (IdP). The IdP then issues an identity asser=
tion with attributes about that user.
Authorization is the process of&nb=
sp;determining the access rights an authenticated user is eligible for. The=
identity assertions are consumed by a Service Provider (SP), which uses th=
e attributes of that assertion to control access and to provide the user at=
tributes to the web applications it protects.
An identity federation is a group =
of organisations that agree on a set of common standards, policies and prac=
tices to issue and accept identity assertions. Therefore, the publication in an identity member federatio=
n, for a Service Provider, allows you to reach students, researchers and st=
aff of higher education institutions without the technical and administrati=
ve work of maintaining and protecting repositories of user credentials.
A comprehensive overview of materi=
al is available at the AARC Federations 101 page.
If you have little time and prefer audio/visual documentation, watch the=
4 minute movie =E2=80=9CHow to benefit from interf=
ederating through eduGAIN=E2=80=9D.
If you want to see and try federated login in action, have a look at SWI=
TCH=E2=80=99s AAI Demo.
What is eduGAIN?
eduGAIN is an interfederation servi=
ce developed within the G=
=C3=89ANT Project - a major collaboration between European nationa=
l research and education network (NREN) organisations and the European Unio=
n.
eduGAIN as interfederation service interconnects academic identity feder=
ations around the world, simplifying access to content, services and resour=
ces for the global research and education community. eduGAIN thus enables t=
he trustworthy exchange of information related to identity, authentication =
and authorisation (AAI) by coordinating the federations=E2=80=99 technical =
infrastructures and providing a policy framework that controls this informa=
tion exchange.
Over 60 national federations currently take part in eduGAIN. This amounts to ove=
r 3600 Identity Providers worldwide, allowing their users federated access =
to 3000 Service Providers offering their services in eduGAIN.
Some key features of eduGAIN:
- Enables trustworthy exchange of identity information between federations without many bilateral agreements
- Reduces the costs of developing and operating ser=
vices
- Improves the security and end-user experience of =
services
- Enables service providers to greatly expand their user bas=
e
- Enables identity providers to increase the number of services available=
to their users
How to join eduGAIN
Enabling a service for eduGAIN login is accomplished by joining an exist=
ing eduGAIN member federation and registering a Service Provider with this =
federation. The member federation then, following its own procedures, expos=
es the Service Provider to the rest of the eduGAIN federations and their en=
tities.
Is your Service Provider already in eduGAIN?
In some cases a service is already available via eduGAIN without you kno=
wing it. This is sometime the case for publisher services that in pre-eduGA=
IN times were often registered with many national federations. When on=
e of those national federations joined eduGAIN and exported their services,=
they become available through eduGAIN as well. To verify if your serv=
ice is already exported to eduGAIN look it up in the eduGAIN Enti=
ty Database:
Are the Identity Providers you wish to interop=
erate with in eduGAIN?
You should check if the Identity Providers (IdP) of your target user=E2=
=80=99s organisation are also in eduGAIN, so as for the service provider yo=
u can look it up in the eduGAIN Entity Database:
If you are unsure about the exact name of the entity, you can also look =
up the domain name of the organisation through the eduGAIN isFederated Check.
Some federations operate an opt-in policy for interoperating through edu=
GAIN, so if the IdP does not appear to be in eduGAIN, please contact eduGAI=
N Support at support@edugain.org.
Which eduGAIN member federation to join
Joining eduGAIN means joining an eduGAIN member federation. But which on=
e to join? There is no strict rule which federation to join. But one reason=
able option should be to contact the national federation of the country whe=
re the Service Provider=E2=80=99s organisation is located or where the serv=
ice is geographically operated (i.e. where its operators are located). This=
offers multiple benefits, such as ease of collaboration and access to docu=
mentation because of common shared native language, shared groups of intere=
sted prospective users, etc.
Please find a list of eduGAIN member federations with contacts and joini=
ng policies on the eduGAIN Technical site:
If your service is located in a country that has an identity federation =
that is already an eduGAIN member, please follow their guide or get in=
touch with them though the contact addresses. As explained above, a servic=
e can join eduGAIN via any eduGAIN member federation. To become available a=
s an eduGAIN service, a service only has to join one eduGAIN member federat=
ion.
If your service is located in a country without an identity federat=
ion, or where the federation is not already an eduGAIN member, please =
contact eduGAIN Support at support@edugain.org.
<=
span class=3D"mw-headline">Installation and Configuration
Guides
Most eduGAIN member federations publish guid=
es on how to install and configure a Service Provider, please refer to the =
respective national identity federation documentation sites for more detail=
s (https://technical.edugain.org/status).
Attribute Availability
IdPs release a set of attributes about an authenticated user. These can =
be personal data (for example, the user's given name) or can be a category =
to which that user belongs (for example, a student at a specific institutio=
n), or can be an identifier that can be used to identify a returning user. =
Attributes are also generally not released by default. Typically, Identity =
Providers only release those attributes that are requested (as in the SP=E2=
=80=99s metadata) by a Service Provider. The requested attributes should be=
those defined in a formal standard like eduPerson or SCHAC. However, eduGA=
IN does not recommend any particular set of attributes that an IdP will rel=
ease about a user.
Please think carefully which attributes you might need in your applicati=
on. Then set the Requested Attributes for your SP=E2=80=99s metadata accord=
ingly. It might be helpful to read the recommendations which attributes to request as Service Provider.
Discovery Service
Discovery is the process where the user chooses their home organization.=
In order to provide the best experience possible for your users, following=
the best practices described in https://discovery.refeds.org/=
is highly recommended.
Support for Code of Conduct=
and R&S Entity Categories
Entity categories allow to categorize entities (Service Providers and Id=
entity Providers) in metadata. If an entity in metadata contains the value =
representing an entity category, this means that the entity meets this cate=
gory's requirements.
Entity categories can be defined by any federation, or by the wider comm=
unity. In the context of eduGAIN, only the following two entity catego=
ries have an effect on a global level because the eduGAIN community has agr=
eed to support them. Both affect the attribute release at Identity Provider=
s:
- Data Protection Code of Conduct (CoCo)
The Data Protection Code of Conduct (CoCo) is a promise by the Service Prov=
ider to follow EU data protection law. It gives Identity Providers the some=
times necessary confidence to safely release release attributes to Ser=
vice Providers that are operated in the EU. Detailed instructions on how yo=
ur Service Provider can support the Code of Conduct can be found here. Basically, =
it means writing a data privacy statement (examples are references on the w=
iki page) and then adding a special entity category value to the metadata o=
f your SP.
- REFEDS Research and Scholarship (R&S)
In the same manner, the REFEDS Research and Scholarship (R&S) Entity Ca=
tegory is used to support the release of attributes to Service Providers me=
eting a set of predefined requirements. Basically, if you are registering a=
Service Provider for a research community, then you are likely to get the =
R&S entity category if you request it. Details about supporting REFEDS =
Research and Scholarship can be found here.
If possible it is highly recommended for your SP to support both, the G=
=C3=89ANT Data Protection Code of Conduct and REFEDS Research & Scholar=
ship entity categories, as they are a trust establishing factor that will m=
aximize the chance that Identity Providers release all the attributes reque=
sted by your Service Provider.
To register the Service Provider (SP) with a federation, one typically h=
as to provide its SAML 2 metadata to the federation operator. If you don=E2=
=80=99t have metadata about your SP yet, you must generate or compose it fi=
rst. Shibboleth can generate SAML2 metadata about itself, just try accessin=
g https://your.host.org/Shibboleth.sso/Metadat=
a
SimpleSAML PHP has a similar feature. Just open the URL https://your.host.org/simplesaml=
/module.php/saml/sp/metadata.php/default-sp
In both cases, metadata only contains technical information. You should =
enrich metadata with the non-technical information (e.g. technical contact,=
name, description) following this example.
------=_Part_6039_1976496511.1711687541605
Content-Type: application/octet-stream
Content-Transfer-Encoding: base64
Content-Location: file:///C:/d34d326a23ed9e30c999023991d70f22
iVBORw0KGgoAAAANSUhEUgAAANYAAAA4CAYAAACBrQbcAAAABGdBTUEAALGPC/xhBQAAAAFzUkdC
AK7OHOkAAAAgY0hSTQAAeiYAAICEAAD6AAAAgOgAAHUwAADqYAAAOpgAABdwnLpRPAAAAAZiS0dE
AP8A/wD/oL2nkwAAAAlwSFlzAAAOwwAADsMBx2+oZAAAHuVJREFUeNrtnXd0XVed7z97n3OberVk
2ZLlIjc5cmzHiVPt9Ep6IcBMYICBmcwQeIX1Btbw3gPe4z1gBpjHAgZICGXSQzqkx4ntOIl7i5tk
q1q9X91y7jl7vz/OtaQrXdlXsmwHuL+17vJatk/bZ3/37/v7/n77d4TWWpO2tKVtWk2mhyBtaUsD
K21pSwMrbWlLAyttaUvbtJl55i+p0dEQerATNdCOjgQBjcjIQxZVIrMKAZF+M2lLAyslUzaqrxW7
YRuxA6+jehvR0SAoO+47PRiFc/Fd+reYc1enwZW2P2kTp11uVw6qp4HYvleIHXwdFewE5YAQ48Gj
HWT+HDJu+Q6yqDL9dtKWBtZ4xqdRA+3E9v2B2N4X0ENdoIkD6kTHKTwr7sZ/+ZfSbydtaSqYgI1Y
BLt2A9aW36D6W0BI8PjAtuJwFicKwVCdh9BWGOENpN9Q2tLAAlC9zVjbH0d11WLMrMZ73qeQuSVo
K4Jd/z523Xp0qHticGmBjg2BHYU0sNL2Fw8sZeO07cdu3IpRsgjfhX+DCOQlAMisvAB7zioib34X
HemfQKAQ7jFp7SJtf/HAcmI4PY1oO4p35T0Ib8YEEZ3ArLwQc9E1xPY8ldxrKRC+ABje9NtJ258P
sNRgF7q/E2PWIjc2SiWmcmxkbhmieP7J/7M0MOdcgH3gBXCsJP8OMqsQYfo+8oN3rG2Ant6hkQVC
awryMykrzflo3ahSqMEOVE8jqr8NHe4HK4JGIQwPwpeJyCpC5pUhCyoQvsxpuq6D6mlGx8Jj2IkG
04dRUA7GJNd2rXA6j6Ajg4nrsuHFKKlKuiDrYDdqsCv5dMyZgcjMn5wT6W4EJzbyTNJAFpYnzNlx
T6X7Owk99128q27Ge+41CH/yQVaDA2jLwigsmrTIIDPyEd4AOmoloYMeZEk1SOMjD6yHH9/Oo8/s
xjDcBchxFPfeVsPXHlj3kQGU03GY2IH12IffRg20uYuZVjAsBsdptzQR3gyMmUvxLLkKc/6FiIz8
U7t8bzOh5/4ZPdieuEhrjcjIJ+P2KaRVnBjR9T/Bbtw+Mke0QuaWknH3j5A5M8YdYn34Jtbmh5KC
1FxwKf5r/wvC40/tmUK9hF/8JnqgzX2m489yx/9BFM45ARU0POhgD+GXf4LdeAD/ZfdilLoPr2MW
9rFGYof2Etm1nYy112EUFk1+xIUAGf+NBpbWiEAuZvl5fxLuPhSx6R2IYsaBZTuKUMT+SNybjg5h
7XoRa+tj7sSGkckt5Pj1TCt0dBD7yGbshi2YlWvwXfp5jNKFU76H2OENqK66JNcCHRvCaTs4pXyl
dixX3BoFLFdxniBzZFvoyMDwOjJ6vtm17+Asuw6zMsU5pzVYQXR00J3HWoNhopU6SYxlmPH/6GDt
eAW7qRb/2o+D8BDd8z7W3u04Pf3IvFI8c+ZN7aXHQqBjcZFCJKywMm8OImfmnwSwji8Lxx9B8NHQ
XHQkSHTjg1g7no4n42UCgNA6gb6670G6dy8Nd8LVbUQFOwnc8HWXYk0l7m7Z415PGOMHzrGx67fg
WXIFGJ4pjPwUFvMkf6ejQaxtT2PMXDIFCiwmPPc4YAlpuOObU4xRVo21/wOCj38fHQOtDITpXtyc
VYHML5jaiw91gY4hjDExnOHFrLwY4clIR7+nENdYW59wQaWdUS9dAxI5YxHm7BpEbikCgRrqwWne
idN2wP3/o+IG1X6Q6KaHCNzwNYQ/e3K46m7AaT88cZwuJHb9BzjdjRgz5p/F1VFgN2zBadyJWXXx
aVQFDROERPizybjh7zDnrSL6/svI7GLMqpVY+/egPtiAt3oFwjMF5U4rnPY9gAMycSWVOWWYlZel
wXEKZh/9AGvbk6PKxkYWLc+yG/Fd+Nfj4hA91EvknZ8T2/uS62FGCU0uNdyGZ9Hk4ka7dlM8thIT
Tmgd7kW1Hzy7wEJALER025MYs2sQgexpOascS35VTzPEou7PMPCvuZGcz3+H7Pu+jq/mIpxjR5E5
efhqVk3NW4V7UR27R2jg8ZyVNDAqLkFkFqfRMVUKaEWwdr+IDvclTmit8Cy5Fv/l9ycN7kVmPv61
X8AoW5YILAA7ilO/bfzfn+g+bGuEBo6K3WXxwkRa6NjYR7egbessc3qB07Ibu2HrtJ1SjgxGFGvX
K4Rf/D46MohRMhdhuh5JZGSBYeB0tuJ0tyOy85BZU5OUVV89OtyBMKQbQ0sQQiNzZmIuvP7ktYRp
m5h+Ne3Aqf9gPBPIr8C7+u4TqrciIw9z/sXjqZsQ2M27UEM9qb/jzqM4HaNooNbIzEJ8538CkVU4
okgKid2wBdXdcDaWoUSvZUewtj6BDvVNH7DUYBfRtx8k/PK/oqNBvGvuJuPm/4QIZCWOcVY2RmEJ
TnsL4c3rQalJoiqG0/g2qMiIKigEGCbm3KuR2TPT6DgVGtiw3d2Kk6C0gll1KUbxyYUmo6zajW8d
26WS8Z8e6oZIMPX7qNuEDnaOEkgURvkKzAUXYhRWjngyIdDhfje+O9NOKntmPJYfAbnTth+77r3p
ibGcln1E3vkFztEtoCSisAyjbBHajiG0SljBzNIKMm//HAO//D5DLzyBWTob3/LUpXE10ILTumVM
yZJC5i3ArLqedB3TKay/0aHkE9T0YcyqSekcRkE53pW3u+AcrRp6MyFF8ULHonEaqEdepzQxypcj
fJnIkkVwZPOoSeHSQU/1NWeuKEArjNJqsMPYRzaOPKtjYW17AnPu+YisglMDlg73I/PKYGY1dkc9
qvMo4Wf+NyK/HO/y6/BfehcohXVoF2qwHx0awigswaqtZfCxX2MUz8Qsm5XSw9hNG1BW3yiqosHM
wFx0GyIw9QexYg61R7uoq++huzdMNGpjmpKcbD/z5+SzpKqYQGByQkskEmP3h23U1ncTHLLwek0q
Z+ey4pwycnMmXxxs24qhUHQsASEzw4tpGhM+VzhsjRyjwTAEmRk+pExchFR3A6rryDhpXeaVpSyX
i6xCfGu/eGqiZOcRnM66BBooAtkYxQvcCVe5mtjOZ928Ulzmd5q2o7obpybrT9Vjefx4am7Aad3r
VqIcv5euI8Tq3sW7/KZTA5a54CLM+ReiQ33Yxw6i2mqxm/cTO/gB1o5X8K66Fqe9meAj38Pp64cY
aEeClMSO1DLwm4fIu/8BZPaJYy412ILT8DpC6OFB11pjlp2PUXHplG4+Eonx5sY6/vDGIbbuOkZn
TwjbHqGnUgrycnysqinj5msXc+26hfh8Jy+h2bWvlQcf2crbm+vpH4wOhwQZAQ+ramZy390ruHrt
5CbBwbpO/ue/vIVl2S6iNHg8Bl9/YC3nLitLesz72xr5wc/fRSl39dcK5szO4Rv/+QqKChJpuupt
RkcHxogWGllQgcwuOmMT1q571917NwwshVF2DjJelWCULkIWVuI073SFDCHQ4T6ctgNnFFhojVFe
gzlnNbEDr42wJcfC2v405rwLkNlTF9LM41xXZObjqVoDVWvwhoMEH/0fOE37ie19l+jODaiBbtBx
tUEpjKJSfCsvRZh+nL7+EwNLOdhHX0FHOsEYGXCZPQtP9ScQpn/SN97TG+LHD23m0Wf3EgxZGFIg
4pNq9H7K3v4or7xdx6YtTez+sJ0HPn8h2VkTX2/Ljia+9p3XOFDbjWFIhBDD5wpHbN5+r4H9hzsZ
DMa9T4rsdTBosXNfG5HI8RozjddrMhCMTnhMb3+Y7Xtah0NZpTShcJRYzBk/xMGu8clgQGYWgDwz
HRh0LILdsjuRBgqJWbl6WDgRvkyMkoUusEazmbr38Cy9OuXSoukQL4THj/e8u7Abt6FDvcNeS3XV
YR96B++qO6ZLbo+PRSAL77J1aDtG6LWHidXtwJw5F2NmpVu6IQQ6HMLILyDr9rvwlJef2Fv1HsZp
emOkTEEAngw8i+5B5lZO+qaDQ1F+8PNN/OqxnYQjNqYh3coSQzCvIpcV1SXMKskaHkDTkIQjMX71
+A5+8bstrgdIYg3NvXz7h+s5WNeNacpRYYbGdhSOoxAIOrvD/PAXm9m7vw2ZooophMCQAsOQGMbI
n+IEyBQw6v+7PymTJ1x1qHdU/d/od5l3xpyAaj+MGk0D0S6QShclxnKVq+NVDiP1ik7zdlRX/RkO
TBVG6WLMeRclqoTKxtrxe1R/6yl6rGT/ULEUEchB9XUhMorIvOPvwZtB8D9+jFV7CB0cJPjkb1Gh
KFk334rw+iZYxYaIHX4KHesHYziaxZxzJWbFuind9CtvHeaxZ/cOeyalNEurivibe1dy/orZ5OT4
6egMsv7do/zqsR20dQYRQmDbikee2cNFq+ewZlXFuPM+//J+du5rHy6qPe4lCvMDrFlVTl6un/rG
XrbsPEZjSz9NxwbGxTpnT7wIJkMzTFCmo7obsI+8z4T1dWNWd6N85UnrBmO1G10FcbiGTyOLq5CF
iYunOescZH4FTvuB4Vymjgy6dHDm4jM7cIaJd9Ud2PXvo4NdI16rp5HYh6/jW/OpKaWAJgSWLJiJ
WbYQa2Ar/gtvwjO/BqQk+6++zODvfkJ0/4foSIShp59Ah6Nk33k3IjDejTstG1CdWxFyFAUsPAfP
4nuntOeqq3uIR57ZRTTmYEiBUpp5FXn8r3+6mpU1IyJKfm4GixbMIDfbzz9/701sWyGloL1riOde
3s8FK8uHqSNAY3Mvz768P3HyKU3FrFy+8ZV1XH7pfExD0j8Q4cFHtvLT32xJiOfOLqo02LHkXm8C
Gui0HSLy1r+llvjVGv+VD5wQWNoK47R+OH6CzVuDCOSM8aI5yBlVOG37RyijVth1m1110HtmS9qM
GQvwVK3D2vHUqAdyiO16Hs+idciC8umhggDCG8BTfQnmvBr8l9wyrOSZ5fPI/vQDeJeeG/dIFsFn
nqX/N79DDYXGyOv12LVPgbbjOSuNyJ6Fp/ozCP/UVMDd+9vYe6ADI+4phICPXbMoAVSj7YpL57Nk
QeEw/RNCsO9gBwODibHN3gMdNDT3J3gg0xB84rZzuHpd1XAFe26On89/ajVXXzZvQkp5FpA10kZu
LJk80X6n4Qz9yX4nLy92WvePoYGAJ4BRujipJzUrVsLo2FoInJZdZ54OAkgD78rbkDmlo3JsEjXQ
Smzfq5OqOjmpxwLwVJ2HMbMKmZmbeNDMcnI+848MPPzvRLdsA9sm+PxLqFCMvM9+CpmTjY4FsQ89
jo60x0GpEd5cPIvvQxYsmvIYHDjcSSTqIKVAAwGfiSHhzY21SSe64ygC/pHqaSmgvStIe8cAuTkj
L3Z/bSdWzBmmgUpp5lTkceNV4+81O8vHDVcs5NW363Ccj/jHWiakMTqe4FfJATcVNTDUm7hHqmAO
coLEtDFnJTJvFqr7yHBlvY4GcVr3Y5QtPfPYKqzAXHwF1pZHEzy1tedFPEuuQBbNnT5gybwZyLwZ
yQ8smUnuZ+9nQP6S8MbN4CiGXngNHXLIf+DTqPZXUJ3vIaRwabzhx6z6OEbZRVN+eMdRHGnswe3Y
5ob90ZjDjx8+cY2XUnqUJxIMDVm0tg+wcMGMYdn+YG3HGPajKS/LpaQ4eWK0al4Rudl+untDCZTy
LKFngo2h2q2iSPZuZ1Thu+wLiYKHEOhgD7F9L6GtoZQlTx0NJaeBcy+IdzZOcv3MQowZ8xP3a2mF
XfcunmXXTd8u5pSHUOI991bsw++gepuGPbUOdmLt/gP+dV+c1ObbU9JhjaJicj73BZBehl7f4K6A
jkJ17cA5+gwQr7CWBubcWzArr5/SanjcQmGL1raBhBeutZtIPWEMPmZ+BEMx2rpCo2TtCLX1vQkA
0UBxYSZeb/LBnFGUSUVZNl09obNf3igEmMnjVe0kj72M4rkYxeNXYafzKLFDb0J0KOVUgtOyF9V5
JLFG0fRhzlp2glVbYsw+l9jBtxJKnJxje1FdRzFOdOzp8lp5ZXiWXEP0vYdHFhytiX34Cp7qayaV
ZzvlBIeRX0Du5z6HdgxizR3kfOoy1LFfoe2B4R3CxqwrMOffCdJzStcKhW3aOocSJrJpSvJzA5NS
57TWeEZVO4QjFsEhKxEgGgJ+z4TeKCvTy+yyXLbtaeO0lWJN4rTCl5XUYWGFJh+vTZYGHn3P7bo1
vKJrEAb20S04nUeSpgEQAjXQ7gpY9vGeGHE62HbgrAALIfDU3OS2QO9pGPFaQ93Edr+AcdWXzxyw
AGRuLnlf+CxOdzP0/x4drB9WAWXZFZgL/zoxUD0FKhi1VALFmzkjix9+8waKCjNJuamvhoL8jFHn
1UmPPRFYPaZBZqaP0xlhWZZCpyiQiMyCJPGUnrZq7Ylp4BBO6/7xK4Idwdr+xMlXjnHCiMaufRdP
9XUIf9aZ91q5JXiqrye66ZcJokXswJt4am5KuQ/ItKXkZZaJal2P0711ODdhlK6DjNXoYBBRcOqd
i/w+k6J8H03HRhhQOGLj95tUzMo746ubaRqcTmT1DURwEuLDE4x/TolbYTFGwVLBLjfOMk5P9YXT
vNuNk5IlrqdC+4XAad3n0sHZ55wVZu1Zdj2x/a/F47+41wr1Ym1/Ft8F96ZEJabn+1iOhX30KZxj
b4DQICWydC1azyf8xx8Rev47OO1HTvkyGQGT4qKsYe8ihKC7N8S2XS1nfPAdRxEOW6e1IL+ldSBl
LywLKxFZRePECNXTgBroOG33aB99Hx0ZZGxToNHbTk7604mlycfVwbNlMqcYb83HxvXisA+/jdN2
MKUF49SXMWXjNL2A0/wCYLs7gcuuReReTPi5b6P6mqCnlfBz38N/w5cxZ09davf7vcyamSj9x2zF
tt3H+MTt5yZUTExKGjUlctwGv7goMoGFIzE6OgdPWJJ0KtY/EGbfwfaUAy2joByjZDF2f+vILl0h
Uf3HcNr2I/PLpp8GRgZxjn3I2OBU5lcgCypS9OYap/MwerAjoT9HrHaDqw4Gzk6PRs/Sq4jtezle
HRL3WpF+rO2/d5shneS9mNMBKrvhKVAWGH6M8lswK25BawPP8o+hNv4aHYlit+wn9Oz3ybjpy5iV
1VO+ZGV5XgI1klKwZWcLBw53UL24dGqe0O8hO8tLW2fiHOntC2HbTtJtHd29IY409p2KyOm2AZtg
9n2wvZk9+ztSF2UMD8asZdiH149xKRZO0y48i6+cdu9qN+1CdR8dAyyJd/U9eM650fVGJ6V+0u0o
9cFvGd31SLUdwOk6ilm+/OwIrZkFeM69Fef1H4AaUVadY3sSW3NNOxVUNk7zC9iNT4AKgS8Xc/59
mJV3gpmB8Pjwrb4L/7ovujkJIXDa6hh6+l+JHd455csuqCwk4DeHp6MUgubWQX771M4plxjl5fpZ
UJmfQLuEEBxrHyQ4lLwfQ1NLPz19kUnksMZDSGlNNGon9YbPv3qAYMialJRvzr0AmTsrMc4Skljd
xqR5plMG1pH3Encsa40I5GCULUWYHoTXf/Kfx4u54GJEID+hiai2QjjH9nE2zbNwLUbJwjFxq06u
ck4LsJwoTuPvcRqfABVGZFXgWXQ/xqxrEyV1w4N3xcfwX3V/3KULnI4Ggk/8EGvv+1O69OKqYpZW
FSeoZUIIXnrjME+/uHdK5/T5PCycn7j3RgpBfVMf23Ynj9/e395EKBxL2Ql4PBKvKRPeiR1TtHcm
Fs8qpXn0mV289k7dhJXsEzqtGfMxF10+pp2DQA+0YW19Eh0dSmWtTm2ZCPej2vaPa1pjzD4XWTBn
cvddssBt3DlmAtu1G9Gh/rMGLJGRi3fF7eAJMFmVagq1K0M49Y/hND8NysIoWI1nyVeQRecnD+oM
E+/yawlc/yV3u7MQOF0tDD7+YyJb30kJ/aOtqCCTW69fmkCRhICBwSjf/9kmnnphz5Q816IFRXg9
xrhzPvn8XoZCiV5rx54Wnnrpw0l5k5KiTEqKE1MCjta8tekIx9r6iURtjrUN8KNfbOLfHnyPcHRq
HXW9NTchZ1SN91qH3iK64Zfo8MBJ3q+VUm2c3bAdp7s+EVjSwJxzHsIzuS32wpuBUbpknDqoOg7h
dB3hbJq54GL33iY5TycVY+loN079f6A6Nrjx1OzbkGXXIbx5J4GvgVm5HJlTjOrtRUgD1dtB8LGf
oSMWgYuvnFRp/tVrF/DCqwd4b3sLRnwripSCjq4hvvmD9WzbfYx7blnG4gUz8PlMhHCr4KOWTVNL
H51dQdasnoMxyiMsW1RCeVkORxr7hkErDcmb79bzzX95g898fCVFhVns2tfK/3vwPY61DU6qlKm4
KJu5FfkcqOtGxr2CIQVvb27g0w/8nvzcAN29Ieqb+rAdhRSC0uIMOnvCk6pHlIUV+C68j8ir33XV
uuP3qGLuHqOuo3iWXYcxZ9UwRUc56NAAduN2Yh++OrJVfcKJoLGPvu8mn0clhYUvZ9zeq8nQ2Nie
F93WzceTxVYYp2UvZsWKs+e1/Fl4V91FpP1gSqLFpIGlB+uwj/4W3b8HkbUAo+JOZMEKECc/hQ4N
EHnjQZy2wwn9w9VAD4OP/hIdtsi48rrkuZAkVjojm6/87UV85b//kdaO4AgQpGBgMMojz+zhjQ1H
qJpXQElxNh6PQTQao71ziKONvaxYVsIFqyoS/PWc8nzuvKma7/10UwIpsiyHJ174kPWbG8jJ8tLe
OUTfQIS8XD/5OX4aWvpTApjXY3De8lm8+nZdIqtWmoN13WitEUK4xcUaKmfncvVlc/n1k7txJklD
PIvWooe6iW74BdoKjrSP1o778b+WXcicmS49FxKcGDrUhwp2uF/RGMs84rWZI++zLy47j6GBZdXj
9l6lTAfLliAL5uC07E4Aq127EW/NTZP7Ish0e625qzFmnYN9ZHPK9YIpoMJGdW7CaXoSbQ+5gCq5
EuGfkaIkO0TkrQeJ7X4V9Jgsu5DowQEGH/01Khwj84abEGZqN77mvAq+9dUr+NYP11Pf5G44dPPS
7p8d3UO0dQbHNW9RSrN8aUnSc95+YzUbP2hg05amYen++Nxp7wzS1uGeRErJLdcuxrIUR5p2Yxqp
rWI3XLmQP7xxiO17WhNSA3LUxyG01vh8Bp/75Cpyc3w4j++a/EyQBt4VtyL8OUQ3PYjqa2a4ykEa
4MRQPfWj+vuJ4fcxugnM8c/tmFVrMeeeP0ID67e4xycAUGJWno/wTW0vlfBlYZQudoE1ig46nbU4
nXWYmWfvQxnCm4F31V04x/a5C9WpJoi11YdT/whOw+8QgVmYi7+KUXF3yqBCKaxtz2Htegmt7Dh3
H7P6SoEaGmLwkUcIPvs82k4tthBCcNXaKn70rRu58pJKAn4TpTRK6eHqdyklhpQYUrhb6IUY1Q9j
/ODMLMnh6w+s49zqUrQeOddwPSbg8xjcedMSvvKFi/F4DBxH4Sgd/ynUCbj47LI8vvTZNVSU5eAM
32s8n6o0jqPJzvLxD58+n3turXF3dsRbAgyfP9VejoYHT/U1BG75Np4l18R7r8cTt1odXyHiLCEO
bK3iW0mE+9WXyjUEbvwGgRv+aeSrIFpj129xi3S1ih/jgCeALFl4ShPYqFjpCgXH71FriA657dQS
JubYJLOKf+1DT5zXUPFnO36/k4yZjIoVbhs5xxl57uHnVyl6LGWh+veh2l4B6cFYcD8yZxEYk237
pTHnryaQWYBdtwO7pRanuwsdiyRRmcIM/OYxdNgh+97bUvJcQghWnDOLH337Jnbta+XV9YfZsusY
vf0RLMse/pCGaRr4fCaFeQGWL53BjVcvHo7NxtqyJaX89P/ezFMv7uWPbx6mK975yTQl8yry+eQd
NVxxyQKys3ysqiklEqke3nTpKM15NSduOnr5JfP59+IsHn58O5u3NQ8LI4GAh5rFJXzyjuVcsLIc
j2lQXpbLPTcvGVVorSktzkrYX3aSAcIoXYj/+v+G6jyKXb/VLZgNdqCt8EieSUgwPQhfNrKwErNy
tdtNKb98nAfStoXMnYVn2ccSW5xlF6fUFPSE9KliJd6Vd6MHuxKafSL96FjUFUWExCiJx3HD7aoV
MrMQMcGOdFk0D0/1jQnU1phdM6m4Xnj8+C66D5FRNGZTqUZ4s8YVQQs9pmZGW/2onq0IIRGZFYjA
bDCmoZGiY7u0cMurhF58CBUFbQm0bSLMXOy2flRIEFh3OQX/9e8R3slv27dtxcBghP7BCOFwDKW1
2/bBaxLwe8jO8pGZ4U2pQsNRir6+MD19YaKWjc9rMqMoK2Fz5Ih3TAR7KkndqGXT2TXEwKC7yGRl
+SguzEwAzXGvOW71nGKFCVqjY2F0ZNCV3o9v55dGPK+U6Ra+nuyzOkkTvyLlGPlkLCep5xn2rLhx
4DjlUoDpSU7TEj60N0r2nUp2f6Kk9+j7SwYslOVupTcCnI5COLv5MAM/+xpO3yA6JvGtvorApdcz
8NDDkJFL/j/+HUbB2QtU05a2aRE8xiPPC5y+D2sbBaXIwlKc3gF8qy4h+57PIrNzyf/qV93Nb/lp
UKXtzxFYp1thycjGu/h8REYh2fd8EZntFtUahYXpt5G2PxsbTwXPgKm+Lle1y0uDKW1pYKUtbWlL
0WR6CNKWtjSw0pa2NLDSlra/VPv/416HT14+/mMAAABDdEVYdGNvbW1lbnQARmlsZSBzb3VyY2U6
IGh0dHBzOi8vd2lraS5lZHVnYWluLm9yZy9GaWxlOkVkdUdBSU5fbG9nby5wbmcFFT2WAAAAJXRF
WHRkYXRlOmNyZWF0ZQAyMDE2LTAyLTI1VDE2OjI3OjUxKzAxOjAwAyiwyQAAACV0RVh0ZGF0ZTpt
b2RpZnkAMjAxNi0wMi0yNVQxNjoyNzo1MSswMTowMHJ1CHUAAABGdEVYdHNvZnR3YXJlAEltYWdl
TWFnaWNrIDYuNi45LTcgMjAxNC0wMy0wNiBRMTYgaHR0cDovL3d3dy5pbWFnZW1hZ2ljay5vcmeB
07PDAAAAGHRFWHRUaHVtYjo6RG9jdW1lbnQ6OlBhZ2VzADGn/7svAAAAGHRFWHRUaHVtYjo6SW1h
Z2U6OmhlaWdodAAyMjOZtSWBAAAAF3RFWHRUaHVtYjo6SW1hZ2U6OldpZHRoADg1Ne6swCgAAAAZ
dEVYdFRodW1iOjpNaW1ldHlwZQBpbWFnZS9wbmc/slZOAAAAF3RFWHRUaHVtYjo6TVRpbWUAMTQ1
NjQxNDA3MRYcNhsAAAATdEVYdFRodW1iOjpTaXplADE2LjVLQkJz6tmWAAAASHRFWHRUaHVtYjo6
VVJJAGZpbGU6Ly8vc3J2L3d3dy9tZWRpYXdpa2ktMS4yMS4xL2ltYWdlcy8xLzE5L0VkdUdBSU5f
bG9nby5wbmfE14skAAAAAElFTkSuQmCC
------=_Part_6039_1976496511.1711687541605--