ࡱ>      q`  xbjbjqPqP V::`m>mrrrrR R R 4 hvTʷ gh>0"RRRKA_gagagagagagag$HihkgR  @KgrrRRgKKKrRR R_gK_gKKJ @R RR S 4-wMJ_gg0gMBlBlRR BlR U*Kgg^g jjt@ jt rrrrrr Analysis of Intellectual Property Protection and Market Potential for Secure Information Sharing Using Attribute Certificates and Role Based Access Control by Michelle M. Stoll A PROJECT SUMITTED IN PARTIAL FULFILLMENT OF THE REQUIREMENTS FOR THE DEGREE MASTER OF SCIENCE IN COMPUTER SCIENCE University of Colorado, Colorado Springs December, 2005 TABLE OF CONTENTS  TOC \o "1-3" \h \z \u  HYPERLINK \l "_Toc121584039" SECTION 1  PAGEREF _Toc121584039 \h 1  HYPERLINK \l "_Toc121584040" Project Purpose  PAGEREF _Toc121584040 \h 1  HYPERLINK \l "_Toc121584041" Project Background  PAGEREF _Toc121584041 \h 1  HYPERLINK \l "_Toc121584042" SECTION 2  PAGEREF _Toc121584042 \h 3  HYPERLINK \l "_Toc121584043" Overview of External Components  PAGEREF _Toc121584043 \h 3  HYPERLINK \l "_Toc121584044" PKI  PAGEREF _Toc121584044 \h 3  HYPERLINK \l "_Toc121584045" PMI  PAGEREF _Toc121584045 \h 4  HYPERLINK \l "_Toc121584046" RBAC  PAGEREF _Toc121584046 \h 4  HYPERLINK \l "_Toc121584047" Attribute Certificates  PAGEREF _Toc121584047 \h 4  HYPERLINK \l "_Toc121584048" OpenSSL and EXPECT  PAGEREF _Toc121584048 \h 5  HYPERLINK \l "_Toc121584049" Apache and OpenLDAP  PAGEREF _Toc121584049 \h 5  HYPERLINK \l "_Toc121584050" aznAPI  PAGEREF _Toc121584050 \h 5  HYPERLINK \l "_Toc121584051" SIS Framework  PAGEREF _Toc121584051 \h 6  HYPERLINK \l "_Toc121584052" Administration Tool  PAGEREF _Toc121584052 \h 6  HYPERLINK \l "_Toc121584053" RBAC Policy File  PAGEREF _Toc121584053 \h 6  HYPERLINK \l "_Toc121584054" Lightweight Directory Access Protocol (LDAP)  PAGEREF _Toc121584054 \h 7  HYPERLINK \l "_Toc121584055" Access Control Decision Enforcement Engine (ACDE)  PAGEREF _Toc121584055 \h 7  HYPERLINK \l "_Toc121584056" Resources  PAGEREF _Toc121584056 \h 8  HYPERLINK \l "_Toc121584057" SIS Prototype  PAGEREF _Toc121584057 \h 9  HYPERLINK \l "_Toc121584058" SECTION 3  PAGEREF _Toc121584058 \h 10  HYPERLINK \l "_Toc121584059" Related Technologies  PAGEREF _Toc121584059 \h 10  HYPERLINK \l "_Toc121584060" PERMIS  PAGEREF _Toc121584060 \h 10  HYPERLINK \l "_Toc121584061" Akenti  PAGEREF _Toc121584061 \h 11  HYPERLINK \l "_Toc121584062" Other Technology  PAGEREF _Toc121584062 \h 12  HYPERLINK \l "_Toc121584063" SECTION 4  PAGEREF _Toc121584063 \h 14  HYPERLINK \l "_Toc121584064" Available IP Protections  PAGEREF _Toc121584064 \h 14  HYPERLINK \l "_Toc121584065" Copyright Protection  PAGEREF _Toc121584065 \h 14  HYPERLINK \l "_Toc121584066" License Protection  PAGEREF _Toc121584066 \h 14  HYPERLINK \l "_Toc121584067" License Feasibility for the SIS System  PAGEREF _Toc121584067 \h 15  HYPERLINK \l "_Toc121584068" Patent Protection  PAGEREF _Toc121584068 \h 17  HYPERLINK \l "_Toc121584069" Patent Feasibility  PAGEREF _Toc121584069 \h 18  HYPERLINK \l "_Toc121584070" Related Patents  PAGEREF _Toc121584070 \h 19  HYPERLINK \l "_Toc121584071" SECTION 5  PAGEREF _Toc121584071 \h 20  HYPERLINK \l "_Toc121584072" Marketability Analysis  PAGEREF _Toc121584072 \h 20  HYPERLINK \l "_Toc121584073" SECTION 6  PAGEREF _Toc121584073 \h 21  HYPERLINK \l "_Toc121584074" Conclusion  PAGEREF _Toc121584074 \h 21  HYPERLINK \l "_Toc121584075" LIST OF REFERENCES  PAGEREF _Toc121584075 \h 22  HYPERLINK \l "_Toc121584076" APPENDIX A  PAGEREF _Toc121584076 \h 25  HYPERLINK \l "_Toc121584077" Differences Between Free and Open Source Software  PAGEREF _Toc121584077 \h 25  HYPERLINK \l "_Toc121584078" APPENDIX B  PAGEREF _Toc121584078 \h 27  HYPERLINK \l "_Toc121584079" SIS External Component Licenses  PAGEREF _Toc121584079 \h 27  HYPERLINK \l "_Toc121584080" APPENDIX C  PAGEREF _Toc121584080 \h 39  HYPERLINK \l "_Toc121584081" Patent number 5,911,143 -- Method and system for advanced role-based access control in distributed and centralized computer systems.  PAGEREF _Toc121584081 \h 39  HYPERLINK \l "_Toc121584082" Patent number 6,728,884 -- Integrating heterogeneous authentication and authorization mechanisms into an application access control system.  PAGEREF _Toc121584082 \h 39  HYPERLINK \l "_Toc121584083" Patent number 6,785,686 -- Method and system for creating and utilizing managed roles in a directory system  PAGEREF _Toc121584083 \h 40  HYPERLINK \l "_Toc121584084" Patent number 6,947,989 -- System and method for provisioning resources to users based on policies, roles, organizational information, and attributes  PAGEREF _Toc121584084 \h 40  HYPERLINK \l "_Toc121584085" APPENDIX D  PAGEREF _Toc121584085 \h 42  HYPERLINK \l "_Toc121584086" Draft Executive-level Marketing Document for the SIS Software  PAGEREF _Toc121584086 \h 42  SECTION 1 Project Purpose This project was intended to explore and analyze the intellectual property protections available to, and the market potential of, a secure information sharing framework described in Dr. Chows and Ganesh Godavaris Secure Information Sharing Using Attribute Certificates and Role Based Access Control (hereinafter the SIS software). Specifically, the ability to license the software and patent it were researched. A marketability and risk analysis were also conducted to determine what latitude this product may have in the commercial sector. Both tasks were undertaken with an eye toward comparing the product in detail with prior art. My personal motivation to pursue this project stems from a desire to learn more about intellection property protection, especially as it applies to software. Ive been able to apply a real-world dimension to this goal through an internship at the Colorado Institute for Technology Transfer and Implementation (CITTI) at the University of Colorado, Colorado Springs (http://citti.uccs.edu/citti/about.php), which I began in July 2005. Following the CITTI mission of assisting creative individuals in transforming technological ideas into economic opportunity, my role as an intern has been to investigate a means of getting the SIS software to market. There is substantial overlap between my tasks as an intern and the scope of this project. Project Background Todays business and government landscapes require personnel to be informed, prepared, and capable of responding to rapidly changing situations. Insular, stove-piped information systems do not adequately address common problem domains which often span multiple agencies and sectors. The need for coordination across different user communities is critical under such circumstances. Dynamic teaming and attendant participation cannot be accomplished effectively without adequate information access. But the need to share information must not compromise solid information security. Indeed security is a primary concern and a critical success factor in the mission of a task force -- information leaks and misinformation can subvert a mission, or worse, increase its liability exponentially. The SIS software addresses the need for efficient, secure sharing of information across agencies while ensuring privacy of information and protection from misuse. Based upon trust relationships and an access policy that can span multiple organizations, it is implemented using a framework to authenticate users and to control access based upon defined roles. The trust-management approach offers advantages over other authorization control mechanisms, especially when security policy is distributed or decentralized. The SIS softwares approach to secure information sharing is based upon existing technology and standards. The framework separates authentication decisions from access decisions. Authentication is accomplished by public key certificates. Access is accomplished by role-based access control (RBAC), a paradigm that assigns privileges based upon a role(s) that a user has as part of an organization. The basis for separating the two security mechanisms is to simultaneously enhance and simplify the management of user access. One of the central problems the SIS software addresses is the complexity involved in establishing and administering a large-scale, multi-agency web-based SIS system. To respond effectively to time-sensitive needs, system set-up time and management must be reduced. The solution the SIS software provides is a set of procedures and tools to expedite the set-up of the public key infrastructure (PKI) and privilege management infrastructure (PMI) using lightweight directory access protocol (LDAP) and web servers. SECTION 2 System Architecture The SIS system is built upon a number of existing technologies: X.509-based PKI, PMI, Attribute Certificates, RBAC, LDAP, Apache, OpenSSL, Mod_SSL, EXPECT library, and aznAPI. It combines PKI, PMI, and RBAC to authorize access via a decision engine. The concept is based upon the PrivilEge and Role Management Infrastructure Standards Validation (PERMIS) model of storing user roles in attribute certificates. Overview of External Components PKI The X.509-based public key infrastructure (PKI) provides for authentication through a public key certificate that identifies an individual or an organization, and directory services that can store and revoke certificates. It maintains a binding between a user or organization name and its public key, and provides the foundation for scalable key and certificate life cycle management.  Figure  SEQ Figure \* ARABIC 1 - Public Key Certificate -- data fields and extensions in the X.509 standard [Kiran et al, 2002] Since establishing PKI is a time consuming procedure, especially on a large scale, the SIS software advocates the use of a single rootCA, specifically a rootCA-MA (rootCA for multiple agencies), to be shared by participating agencies. Sharing the same rootCA greatly simplifies security administration. PMI The privilege management infrastructure (PMI) is to authorization what public key infrastructure (PKI) is to authentication. The PMI specifies policy for attribute certificate (AC) issuance and management. It is queried for authorization and access control, in which privileges are checked on each attempt to access a resource. The SIS software assigns, issues, and manages privilege information using X.509 ACs. Finer privilege control is achievable using this infrastructure. For example, some access privileges are more permanent than others: the identity of a person is essentially immutable, but other attributes of an individual or organization can change over time, such as the need for increased access or a revocation of access. The SIS approach is to store all user privileges within a users organization. To expedite the PMI deployment, existing resources such as LDAP servers can be recruited from an agencys infrastructure to serve as the PMI components. RBAC Role-based access control has emerged as a proven alternative to discretionary and mandatory access controls. Authorization and access are determined by a collection of permissions, encapsulated by a role to which an individual is assigned. Roles restrict access based upon a user function within an enterprise. RBAC as an access control paradigm is easy to understand, easy to manage, and scalable. It supports the concept of least privilege, in which a role identifies a user's job functions, determines the minimum set of privileges required to perform that function, and restricts the user to those privileges and nothing more. It permits users to belong to multiple roles, and to inherit roles hierarchically (a manager may inherit the roles of his subordinates, for example). It enables rapid response and flexibility with the assignment and revocation of privileges a task that is often difficult or costly to achieve in less precisely controlled access systems. The choice of RBAC also reduces system set-up time and administration. This is partly because a role-based model mirrors the way an enterprise typically conducts business, as opposed to the conventional, less intuitive, process of administering lower-level access control mechanisms directly. Attribute Certificates X.509-based attribute certificates facilitate flexible and scalable privilege management. They bind permissions, or attributes, to an entity. An AC does not contain a public key, and thus must be used in conjunction with an authentication service. An AC can point to a public-key certificate to authenticate the identity of the holder, and can used to store (potentially) short-duration attributes. The X.509 PMI standard supports RBAC by defining two types of attribute certificates: role specification ACs, which hold the permission assignments granted to each role; and role assignment ACs, which hold the roles assigned to each user. [Chadwick and Otenko, 2002] OpenSSL and EXPECT The SIS software provides an administration utility to automate the certificate creation process, which can produce 100 certificates in less time than a single certificate can be produced manually. Extensions to OpenSSL were implemented to support ACs using the OpenSSL crypto library and ASN.1 object definitions. The EXPECT library was also used as a tool for automating the process the creation of X.509 digital ACs. Apache and OpenLDAP The SIS softwares access control decision engine (ACDE) is implemented as an Apache module. Authentication is implemented using mod_SSL (an Apache interface to OpenSSL), and is separated from authorization, which relies upon access rights associated with a given role. Thus queries are submitted based upon the subject field of an AC, authorizing web access based upon the return of that AC. The OpenLDAP module for the Apache web server has been extended to provide the authorization service for web requests. It stores ACs as opposed to having them retrieved them from an external database.= aznAPI The Authorization (AZN) API is a generic application programming interface for access control. It is used by systems whose access control facilities conform to the architectural framework described in International Standard ISO 10181-3 (access control framework). System components that need to control access to resources can request an access control decision from the system's access control service. [Open Group, 2000] The aznAPI standard defines four roles for components participating in an access request: initiators, targets, Access Control Enforcement Functions (AEFs), Access Control Decision Functions (ADFs).  INCLUDEPICTURE "http://www.opengroup.org/onlinepubs/009609199/fg1.gif" \* MERGEFORMATINET  Figure  SEQ Figure \* ARABIC 2 - ISO 10181-3 Access Control Framework [ibid] SIS Framework Administration Tool The SIS administration tool is used to create key pairs, PKIs, and user role attribute certificates. Two types of user role ACs are generated by the tool: User Role Specification ACs and Delegated Role Specification ACs. User Role ACs define the privileges to which a user is entitled. Delegated Role Specification ACs define what privileges are given for a resource by a user of higher authority. The signature values for User Role Specification ACs both belong to the Attribute Authority (AA). To issue this type of AC, the tool requires the AAs certificate and key, as well as the users certificate and the RBAC policy file. The signature values for Delegated Role Specification ACs belong to the user who delegated the authority; to issue this type of AC, the tool needs the delegating users certificate and key, and the users certificate and the RBAC policy file the specifies the delegated authority. The SIS software has adopted a pull model for ACs; they are stored in LDAP, eliminating the need to distribute them to users. RBAC Policy File The RBAC policy file specifies available roles, as well as what privileges each role holds for a given resource. Access control decisions according to its contents. Policy information is specified in XML and stored in an AC generated using the administration tool. A sample policy file format from the prototype is indicated below:  Figure  SEQ Figure \* ARABIC 3 - sample RBAC policy file format [Chow and Godavari, 2005] Lightweight Directory Access Protocol (LDAP) X.500-based directories are an effective mechanism to make enterprise information available within an organization and over the Internet. They address the problem of information fragmentation, redundancy, inconsistency, and management difficulty that typify an enterprise environment. The trend toward directories has been accelerated by the wide adoption of LDAP. [Park et al, 2001] LDAP provides fast, efficient, and scalable storage, management, search, and retrieval of X.500 directories. The SIS software has chosen to leverage LDAP servers to store user information and user role ACs. ACs belonging to members of a given agency can be distributed and installed on the LDAP server of that agency, or stored at a central repository. Access Control Decision Enforcement Engine (ACDE) The ACDE provides the authorization service for web requests between an initiator and a target, and informs the target if a user has the correct privileges to access it. Thus the authentication service (provided by mod_SSL) is separated from the authorization service (which implements the aznAPI). To gain access to a resource, a user must submit his X.509 certificate to the ACDE. The ACDE verifies the certificate, and queries the LDAP server for the users AC. If the user meets the privilege requirements for a given resource, he is granted access. The control flow in the ACDE is as follows:  Figure  SEQ Figure \* ARABIC 4 - ACDE Control Flow [Chow and Godavari, 2005] Resources Resources constitute the targets a user may wish to access, such as web servers, database servers, etc.  Figure  SEQ Figure \* ARABIC 5 - Interaction between SIS components [ibid] SIS Prototype A prototype of the SIS software has been implemented. It successfully simulates coordination between a joint task force of four different agencies. Each agency is assigned its own SIS node comprising an OpenLDAP server, Apache web server, and SIS module. The prototype runs on Linux Redhat (compatible versions are presently 8.0 or 9.0). Clients can use both Netscape and Internet Explorer browsers for web requests. Retrieval of a secure document between two organizations in the task force, alpha and beta, would flow this way:  Figure 6 - example document retrieval between organizations alpha and beta Proposed enhancements to the prototype include interfacing with other servers, such as the Java-based Tomcat web server and the J2EE application server, implementing a secure alert mechanism, tracking distributed sensitive documents, the adoption of eXtensible Access Control Markup Language (XACML) for policy specification. Other interesting enhancements not addressed in the SIS paper could be extending this framework to perform secure program access (i.e. run chron jobs) and support for RBAC3, which offers a host of new features. SECTION 3 Related Technologies Two very closely related authorization frameworks are cited in the SIS paper, PERMIS and Akenti. Those systems share several fundamental similarities with the SIS software: all employ trust management infrastructures; all recognize separate hierarchies for authentication and authorization; all are configured with CA (authentication) roots of trust; all employ a compliance checker (ACDE in SIS, ADF in PERMIS, and Akenti server) and a gateway that controls user access to resources; all rely upon a trusted entity to create a policy; all specify their policies in XML and store them in ACs on an LDAP server; and all provide the capability to bulk create and sign policy and user ACs. The SIS software differs from the PERMIS and Akenti systems in a couple distinct ways. Specifically, PERMIS is authentication agnostic (SIS requires PKI) and Akenti has implemented a Discretionary Access Control model (SIS uses RBAC). More subtle comparisons are provided in the descriptions that follow. PERMIS PERMIS is an authorization infrastructure from the University of Salford, UK, and a product of the EC-funded PrivilEdge and Role Management Infrastructure Standards Validation project. PERMIS constitutes a generalized role-based X.509 PMI applicable to multiple application domains. The system stores user roles in attribute certificates, and features a privilege allocation subsystem that enables the bulk creation and signature of X.509 ACs. Like the SIS software, ACs are stored in distributed LDAP servers, and are accessed using the pull method for ease of use in large distributed environments. PERMIS has been used for GRID computing, and for various applications in Europe (online parking ticket tracking, access to street maps and building plans for architects, and an electronic tendering application). [Chadwick et al, 2003] Though PERMIS is authentication agnostic, the PERMIS API does specify how to implement PKI authentication or a conventional name/password pair. Its API is very closely modeled after the aznAPI. Similar to that framework, it makes use of an Access Control Enforcement Engine (AEF) and an Access Control Decision Function (AEF) as described in Figure 2 (10181-3 Access Control Framework). The AEF authenticates a user in an application-specific manner, then asks the ADF is the user is allowed to perform the requested action. Like the SIS software, PERMIS supports the distributed management of ACs, and multiple external SOAs can be trusted to issue roles/attributes. Akenti Akenti is an authorization infrastructure from the Lawrence Berkeley National Laboratory. It was developed as part of an effort to use X.509 identities to provide authorization in highly distributed environments. Akenti policy is distributed and hierarchical and has been applied to collaboratories, GRIDs, and other virtual organizations defined by web-controlled infrastructures. A main difference between the Akenti infrastructure and those of PERMIS and SIS is that it uses Discretionary Access Control (DAC) and not RBAC. Like the SIS software, Akenti uses PKI for authentication. ACs in Akenti are specified in XML in a proprietary format (SIS follows RFC-3281). In the Akenti system, a certificate may assert identity (identity certificate, for authentication), specify who is authorized to create use conditions for a given resource (policy certificate), define a condition to be met (use condition certificate), or attest to an attribute of a user or resource (attribute certificate). [Akenti certificate XSD] Authorization policy comprises two components: policy certificates and use condition certificates (UCCs). A policy certificate is self-signed and co-located with the resource to which it applies. It contains the overall policy for controlling access to a resource, holds the trusted CAs and stakeholders, and pointers for searching applicable UCCs. Note that storage on protected resources differs from the PERMIS and SIS implementation, and can make administration difficult. The term stakeholder in the Akenti system refers to a trusted authority that issues UCCs and subordinate policies; this is equivalent to a Source of Authority (SOA) in the PERMIS and the SIS systems. Each stakeholder group for a resource must create at least one use condition certificate for the resource. A UCC specifies the use condition that must be satisfied to conduct an operation on a named resource. Use conditions define a group of entities permitted to access a resource; each use condition is a component of an ACL. Use conditions provide a robust set of constraints, to include a specified cache time, which neither PERMIS nor SIS presently accommodate. Finally, attribute certificates contain an attribute-value pair and the principal to whom it applies. The attribute authority that signs them is specified in the UCC. Akenti operates in a single step decision making mode, but is capable of making different types of decisions. Like the SIS software, the Akenti web security module can be attached to an Apache web server for UNIX platforms; to do so requires the use of OpenSSL and OpenLDAP. Akenti is also capable of supporting RBAC; this is accomplishable by assigning principals privileges or group membership, and granting privileges to group attributes. Other Technology Technology that uses the same external components that the SIS software leverages is widely available on the Internet. However outside of the PERMIS and Akenti frameworks, I located only one other publication that used the entirety of the components in a very similar fashion. This technology was disclosed in a paper entitled Implement role based access control with attribute certificates, by Wei Zhou and Christoph Meinel (hereinafter referred to as Zhou). [Zhou and Meinel, 2004] This technology is also very closely related to PERMIS and Akenti. It uses RBAC and PKI to enforce authorization in a large-scale web environment, wherein policies are specified in XML in attribute certificates (in this case, the same standard as SIS uses) stored in LDAP servers with their corresponding PKCs. It leverages an access control engine and administration tool, which like the SIS software can automatically generate and sign ACs. The system has likewise adopted the pull model so the role ACs need not be distributed to the users. It is also based upon the aznAPI, which separates authentication from authorization. A minor enhancement this system provides over PERMIS and SIS is a compromised solution for temporal permission validity. It implements a scalable refresh time for revalidation on the root policy; the refresh window can be set according to application and environment requirements. The SIS software currently uses complete mediation in a session-based approach. SECTION 4 Available IP Protections Intellectual property protections available to the SIS system include copyright, licensing, patenting, or a combination thereof. Copyright Protection Copyright law provides the author(s) of an original creation exclusive rights over it. A copyright confers the sole right to make copies, produce derivative works, sell, rent or lease the work, transfer ownership, and perform and display the work [Hovey, 2002]. While a copyright does not guarantee a paying audience, it does deter theft of the intellectual property and provides legal recourse if theft occurs. The SIS software is protected by copyright; this was afforded automatically when it was put into tangible form. Copyright law can be used to prevent the total duplication of a software program, as well as the copying of a portion of the code (both examples of "literal infringement). Additionally, copyright provides some protection against non-literal infringement, such as the creation of cloned software. [Beck and Tysver, 2005] Despite these innate protections, it is advisable to include a copyright notice in the header of each source file, as well as in the README file and documentation that will be distributed with the software. Furthermore, registering the SIS software with the U.S Copyright Office is a wise move. Doing so will provide an official certificate of registration, which can be used as solid evidence to prove ownership should any infringements be discovered. License Protection Licensing rather than selling a piece of software confers several advantages to the author. Section 2-106 of the Uniform Commercial Code (UCC) states a sale consists in the passing of title from the seller to the buyer for a price. [Legal Information Institute] Under the UCC, as well as federal patent and copyright statues, the sale of a product drastically limits the control that individuals can retain over it. A sale permits a purchaser to resell or otherwise dispose possession of his copy without the authority of the copyright owner. This is known as the Doctrine of First Sale. Under this doctrine, once a copy of a copyrighted work has been sold, the copyright holders rights in that particular copy are exhausted, and the copy must be freely resold, leased, or loaned. [Neukom and Gomulkiewicz, 1993]. Licensing a piece of software avoids such pitfalls. If an individual licenses his product to end users instead, he retains ownership. [Ravicher, 2000]. Broadly, software licensing enables an individual to use a piece of software. Its terms specify the bounds of permission granted by the owner to a user, and acts as a memorandum of contract. There are two general categories of software licenses, proprietary and free, though within each category there exist many nuances. A license can also define terms of warranty, limit a manufacturers liability, establish and extend intellectual property rights, and impose other terms and conditions that may restrict rights granted to a licensee under intellectual property law. The choice to license software has a variable impact on rights conferred by copyright, depending upon the type of license employed. All open source licenses surrender most if not all of the rights granted from a copyright. For example, a licensor will lose his right to prevent the creation of derivative works and restricted redistribution. In this case it serves to weaken the intellectual property rights an author is granted by copyright to his work. This is not the case with closed source software licenses, which attempt to maintain all of their exclusive intellectual property rights. Closed source licenses typically do not permit derivative works and restrict redistribution. Fees from sale and licensing of commercial software are the primary source of income for companies that sell software (though open source software is certainly developed by commercial organizations as well). There is an ongoing, passionate debate between the open-source or free software advocates and the proprietary software advocates. While this discussion is beyond the scope of this project, I have included a short background on open source software in Appendix A. For an interesting analysis on software licensing I recommend Contracts, Copyright, and Confusion: Revisiting the Enforceability of Shrinkwrap Licenses. [Heath, 2005] License Feasibility for the SIS System While the SIS system could theoretically be released either as open source or proprietary software, my research for the CITTI office was oriented toward the proprietary side. Since the framework makes use of several external modules, the terms of use for each module had to be analyzed. This was required to determine under what terms the SIS software could be licensed. Fortunately each externally-license component the system uses employs a BSD-style license. The Berkeley Software Distribution (BSD) license is very permissive, and one of the most widely-used licenses for free software. It is the most popular alternative to the GNU GPL license, allowing a licensee to keep private any modifications made to the original open source code base. There are very few limits imposed upon a licensee, beyond giving credit to the original copyright holders. It basically allow[s] anyone to do anything with the code covered by the license, but requiring a reference to the copyright holder in accompanying documentation essentially requiring only credit where credit is due. [Netscape, 2005] The BSD-style license is based upon a non-copyleft free software license agreement. Under such an agreement a licensor retains copyright protection, disclaims warranty, and requires attribution for modified works, but permits redistribution and modification in any work. Thus software released under this license can be incorporated into commercial and even proprietary products. Under most BSD style licenses each redistribution of the software must carry along with it the terms of the license, the copyright notice, the condition that the name of the author may not be used to promote or sell the derivative work without prior permission, and that all advertising materials must display an acknowledgement of the originator of the licensed program. However the advertising clause has come under controversy, and many BSD-style licenses do not require this component. The non-copyleft aspect of the BSD license is what makes the SIS commercial licensing potential favorable. Since none of the external components upon which SIS relies pose a barrier to redistribution, licensing the SIS software is a viable option for the university to pursue. The conditions stipulated in each component license will need to met. Broadly this will require inclusion of the individual license terms and copyright statements in delivered documentation, giving credit to components within the source files that reference them, and including the required Apache statement in advertising materials. Had an external component(s) employed a GNU General Public License (GPL), the plan would have become more complicated. Depending upon the GPL license type (ordinary or Lesser), derivative works would themselves have to be released under a GPL license, or derivative source and/or object code using a GPL library would need to be made available. Appendix B details the license terms for each external component. Patent Protection Due to the intangible nature of software, courts once considered it ineligible for patent protection. The US Supreme Court Case Diamond v. Diehr (US citation 450 U.S. 175 (1981)) fomented a change by ordering the issuance of a patent for a process that involved computations in computer software. Since that time guidelines for software patents have become clearer, and the number of patents granted for software programs has increased each year. Software patents provide much greater protection to software developers than copyright protection. A patent provides an inventor with property rights that cover his or her original invention while a copyright protects only the expression of an idea, not the idea itself. Consequently, copyright law will not prevent the creation of a competing software program that utilizes the same ideas as an existing program. [Beck and Tysver, 2005] A patent gives its holder the right to exclude others from making, using, offering for sale, or selling [USPTO] his creation without permission in the United States, its possessions, and territories. This domestic protection also extends to imports of articles that infringe. Hence a patent equates to a monopoly that lasts the life of the patent, and provides the patent holder offensive rights against infringement. A patent does not provide a market for an invention, the means to develop it, or any special right to make or sell it. To be patentable, an invention must satisfy the basic requirements of novelty, utility, and non-obviousness. Further, it must be adequately and correctly disclosed to the United States Patent and Trademark Office (USPTO), and it must satisfy the condition of operativeness in other words, an idea itself cannot be patented without a means to successfully implement it. Patent examiners determine whether an invention is new and non-obvious by comparing the claims contained in its application (or in the case of a provisional patent without claims, the written description) with prior art. The philosophy behind the novelty requirement is that a patent is issued in exchange for an inventor's detailed disclosure of his invention to the public. If the inventor's work is not novel, the inventor is not adding to the public knowledge, so the inventor should not be granted a patent. [Radcliffe and Brinson, 2001] A further stipulation to novelty is non-obviousness. The USPTO will not issue a patent for an invention whose purported advancements are obvious from prior art. Thus if the subject matter sought to be patented would have been obvious to an individual with ordinary skill in the field at the time the invention was made, then the application for a patent should be rejected. [Syrowik and Cole, 1994] This requirement makes sure patents are only granted for real advances, not for technical tinkering or modifications of existing inventions by skilled technicians. [Radcliffe and Brinson, 2001] Patent Feasibility In light of the related technologies discussed in this paper, I believe that obtaining a patent for the SIS software is unlikely. The utility requirement is clearly satisfied, and the idea is operative. However, the attributes of novelty and non-obviousness are more difficult to justify. The SIS softwares use of standards and external modules does not render it ineligible for a patent. But the software does not provide a new, discrete piece of functionality that has not been produced before. In isolation, each component of the SIS framework has been implemented or duplicated elsewhere. Therefore patent focus should shift toward the provision of a previously unavailable capability, i.e. to the implementation of these separate components as a whole. To pursue a strategy of patenting the SIS software by its application it must still be sufficiently different from existing technology so that the invention as a whole is not part of the prior art. Nor can the invention be obvious to a person having skill in the art. Since the software is so closely related to systems like PERMIS, Akenti, and Zhou, and its capstone capabilities have been implemented elsewhere (such as using LDAP to store ACs, extending OpenSSL to automatically generate ACs, defining policy in XML), I doubt the requirements of novelty or non-obviousness can be satisfied. The assertion that this is the first system to make use of PKI, PMI, RBAC, and web services together for information sharing is not defensible as evidenced by the technologies already discussed. Even if it is determined that the SIS implementation is patentable, or that a very narrow facet of the software is patentable, there is another deterrent to obtaining a patent -- the expense. The decision to pursue patent protection should be considered by comparing the potential revenue of the SIS software to the cost of the patent application process, and the likelihood of obtaining significant patent protection (this being the weak link). [Beck and Tysver, 2005] Hidden costs must also be taken into account -- although the initial cost of a patent may be $10,000 - $15,000, the total cost of ownership of a patent is higher. This is because a patent owner must invest in monitoring the marketplace for infringement. Then, if an infringer is caught, the patent holder must invest the time and money to file a lawsuit (or present a credible case) to stop the infringement. The associated costs can quickly dwarf the price of the initial patent filing. [Crohan, 2004] There is also risk of patent litigation. Defendants in infringement suits usually raise the defense of patent invalidity, asserting that the invention covered by the patent was not novel or non-obvious. This could result in a determination that the U.S. Patent and Trademark Office made a mistake in granting the patent. [Radcliffe and Brinson, 2005] Meanwhile, the costs of litigation must be absorbed by the infringer. Related Patents Despite my pessimistic assessment of patent potential, I still performed a patent search using keywords, abbreviations, and various combinations thereof: role based access control (with and without the hyphen, and RBAC); X.509; public key infrastructure (PKI); public key certificate (PKC); privilege management infrastructure (PMI); attribute certificate (AC); authorization; digital certificate; lightweight directory access protocol (LDAP); and software. I checked for these terms in the abstract, claims, and titles using the search engine on the USPTO web site. I located four patents that were in the ballpark of this technology. The analyses of these patents with respect to the SIS software can be found in Appendix C. This represents a significant amount of effort, but since my position is that the SIS software isnt likely patentable, that effort has become peripheral. SECTION 5 Marketability Analysis There is certainly market potential for the SIS software, as related in the project background in Section 1 of this document. The SIS software has responded both to a desire and deficiency in industry to collaborate securely, efficiently, and quickly. The combination of PKI, PMI, RBAC, and web services offers an attractive package to industry for a number of reasons: it provides both authentication and authorization services, a proven distributed capability, reduced system set-up and administration, and it leverages known standards and technologies with which it can evolve. As the requirement for secure information sharing increases in the private and public sectors, the market for this and similar frameworks will likewise increase. Some of my work with the Colorado Institute for Technology Transfer and Implementation (CITTI) has been to determine how to turn this innovation into a business opportunity. This is in direct support of CITTIs goal to identify emerging technologies and turn them commercially viable ideas. A meeting with local industry professionals is scheduled somewhere in the December 2005 January 2006 timeframe to discuss the technology, probe a transfer to market, and to look for avenues to further its development. (Id hoped the meeting would have already occurred, so I could have related technology transfer and start-up opportunities. I will have to omit that portion.) Preliminary steps leading up to the meeting have been to gain an understanding of the technology, to determine what IP protections are available to it, and to consider ways to market it at an executive level (free from an unnecessary level of detail). I have created a draft marketing document for the software which can be found in Appendix D. Risk Analysis My research on related technologies did not generate concern for infringement. The biggest risk would have come from patents whose scope this software violates, but a fairly rigorous search did not uncover any foreseeable problems (see Section 4 Related Patents, and Appendix C). Since obtaining a patent for this technology seems infeasible in its present embodiment, adopting a defensive publishing strategy could provide protection from other technologies trying to obtain a patent in the domain. Future enhancements to the system may allow for an aspect(s) to be patented. If that is the case, a similar effort will need to be undertaken to reconcile what technology is already available and already protected. The similarities of the SIS software to PERMIS, Akenti, and Zhou likewise do not pose a risk. Those systems are not patented; nor could they be at this point, as the technology has been in the public domain longer than the requisite one year grace period (which is only afforded in the United States anyway). The only risk those systems could present is if they were in direct competition with the SIS software for market share. Presently, none are being aggressively marketed. With the exception of Zhou, where it is unclear what market direction is may take if any, the other two systems have taken the open source route. I could see the SIS software benefiting from such a choice, but that conflicts with the business development goals that CITTI has for the technology. SECTION 6 Conclusion The requirement to share information across different user communities has escalated over the years in both business and government. Numerous systems have been implemented to respond to that need. In critical circumstances where coordination must be established quickly, such as the creation of a joint task force for a natural disaster or national security threat, the requirement has not been adequately addressed. The SIS software responds to this need with a secure information sharing framework based upon PKI, PMI, RBAC, and web services that can be deployed quickly. PKI and PMI infrastructures are notoriously laborious to establish; the SIS software offers a set of tools and procedures to expedite the process. Moreover the software is scalable, easy to administer, and standards-based. There is an undeniable market potential for a capability like this. Market potential in no way guarantees market share. To increase the chances that the SIS software can be successful, the CITTI office has assumed the task of generating interest in, and fostering development of, the technology. The goal could be achieved by creating a start-up, securing capital, licensing the software, or though other entrepreneurial channels. Investigation of options is ongoing. A parallel goal of creating economic opportunity is to define and secure intellectual property protection for the SIS technology. Options include copyright, license, and patent protection, or some combination thereof. The future business direction of the technology will influence an appropriate choice. In the meantime I have analyzed protections available to it in its current embodiment and determined that copyright and licensing are most appropriate. Copyright is conferred automatically (though Ive recommended some formalities to be thorough). Licensing could be either open- or closed-source. With the focus on business opportunity levied by CITTI, I have focused more on the latter. A closed-source license for the product is possible with only a few stipulations, which principally include acknowledgement of credit for the external systems used within the SIS framework. Patent protection did not appear to be an achievable goal to me as I do not believe the system meets the requirements of novelty and non-obviousness. In pursuit of the project goals, which I believe were achieved, I was able to address my personal goals. The research included in this paper represents a fraction of what I had to study to assert an opinion. I have learned a great deal along the way about the technology used in the SIS software and similar products; I had virtually no background in access control paradigms, authentication and authorization infrastructures, SSL/TLS, web services, etc. This project also provided a great opportunity to learn more about copyright law, patent law, licensing, and trade secrets, especially in regard to how they apply to software. Software IP protection is a controversial subject, and my research exposed me to differing philosophies on open and closed source development. The research has motivated me to learn more, which is a testament to success. Lessons Learned My research and project were conducted with very little outside consultation. In retrospect, I could have benefited from interaction with a patent attorney (preferably a software patent attorney). I would like to know if my assertion that the SIS software is unpatentable is accurate. My research gives me confidence, but being a neophyte Id like to keep an open mind and seek another opinion. Id also like to find out what type of license strategy, open- or closed-source, might prove the most beneficial for the SIS software. The problem with this question is the answer will depend upon who is asked. Since the systems upon which SIS is modeled are open source (PERMIS, Akenti), and the external components upon which it relies are open source, my gut feeling is that open source may be the best direction for the product. I did not explicitly ask CITTI is if they have every transferred any software as open source; my work for them has focused on a proprietary scheme. Though there are no obstacles in the way to implement a proprietary license, I am not convinced that is the best approach. Despite allocating a lot of time for the research and realization of this project, I still felt rushed toward the end. I set goals for myself that consisted largely of weekly deliverables that would constitute components of this project. Putting them all together coherently (if indeed I have accomplished that) took more time than I anticipated. LIST OF REFERENCES Akenti Certificate XSD. Lawrence Berkeley Labs. 2004. http://dsd.lbl.gov/Akenti/docs/AkentiCertXSD.txt ; accessed December 2005. Beck and Tysver, PLLC. Why Protect Software Through Patents, Bitlaw. 2005. http://www.bitlaw.com/software-patent/why-patent.html ; accessed December 2005. Chadwick, David and Alexander Otenko. A Comparison of the Akenti and PERMIS Authorization Infrastructures, Ensuring Security in IT Infrastructures, proceedings of the ITI First International Conference on Information and Communications Technology (ICICT 2003) Cairo University. http://www.cs.kent.ac.uk/pubs/2003/2071/content.pdf ; accessed December 2005. Chadwick, David, Otenko, Alexander, and Edward Ball. Implementing Role Based Access Control Using X.509 Attribute Certificates the PERMIS Privilege Management Infrastructure. University of Salford, 2002. http://sec.isi.salford.ac.uk/download/InternetComputingPaperv4.pdf ; accessed December 2005. Chadwick, David, Otenko, Alexander, and Edward Ball. Implementing Role Based Access Controls Using X.509 Attribute Certificates, IEEE Internet Computing, March-April 2003, pp. 62-69. Also available at http://sec.isi.salford.ac.uk/download/InternetComputingPaperv4.pdf ; accessed December 2005. Chow, Edward and Ganesh Godavari. Secure Information Sharing Using Attribute Certificates and Role Based Access Control. June, 2005. http://cs.uccs.edu/~chow/pub/nissc/publications/gkgodava_chow_sam05.pdf ; accessed December 2005. Crohan, Robert J. Intellectual Property Strategies for the Software Seller. Intellectual Property and Technology. September 2004, vol. 6 no. 4. http://www.hklaw.com/Publications/Newsletters.asp?ID=502&Article=2729 ; accessed December 2005. Heath, Steven A. Chicago-Kent Journal of Intellectual Property. vol 5, no 5. 2005. http://jip.kentlaw.edu/art/volume%205/5%20Chi-Kent%20J%20Intell%20Prop%2012.doc ; accessed December 2005. Hovey, Craig. The Patent Process, A Guide to Intellectual Property for the Information Age. 2002 p. 206 Integrating heterogeneous authentication and authorization mechanisms into an application access control system. Maria Lim. April 27, 2004. United States Patent number 6,728,884. available at http://patft.uspto.gov/netahtml/srchnum.htm (enter patent number); accessed December 2005; Kiran, Shashi, Lareau, Patricia, and Steve Lloyd, PKI Basics A Technical Perspective. Nov 2002. http://www.pkiforum.org/pdfs/PKI_Basics-A_technical_perspective.pdf ; accessed December 2005. Legal Information Institute. U.C.C. Article 2 Sales. Cornell University; http://www.law.cornell.edu/ucc/2/article2.htm#s2-106 ; accessed December 2005. Method and system for advanced role-based access control in distributed and centralized computer systems. Klaus Deinhart, Virgil Gligor, Christoph Lingenfelder, and Sven Lorenz. June 8, 1999. United States Patent 5,911,143. available at http://patft.uspto.gov/netahtml/srchnum.htm (enter patent number); accessed December 2005; Method and system for creating and utilizing managed roles in a directory system. David Boreham, Peter Rowley, and Mark C. Smith. August 31, 2004. United States Patent 6,785,686. available at http://patft.uspto.gov/netahtml/srchnum.htm (enter patent number); accessed December 2005; Netscape Public License FAQ, note 5.  HYPERLINK "http://www.mozilla.org/MPL/FAQ.html#5" http://www.mozilla.org/MPL/FAQ.html#5. 2005. accessed December 2005. Neukom, William H and Robert W Gomulkiewicz. Licensing Rights to Computer Software. Technology Licensing and Litigation, 1993 New York, Practicing Law Institute. Open Group. Authorization (AZN) API Technical Standard. 2000. http://www.opengroup.org/onlinepubs/009609199/index.htm ; accessed December 2005. Park, Joon S., Sandhu, Ravi and Gail-Joon Ahn. Role Based Access Control on the Web. ACM Transactions on Information and System Security, vol. 4 no. 1, February 2001, pp 37 71. Radcliffe, Mark and Diane Brinson. Patent Law. FindLaw for Legal Professionals. 2001. http://profs.lp.findlaw.com/patents/patents_1.html ; accessed December 2005. Ravicher, Daniel B. Facilitating Collaborative Software Development: the Enforceability of Mass-Market Public Software Licenses. Virginia Journal of Law and Technology, v. 5. Fall 2000 ; http://www.t-6.it/t6web/file/VLTR.pdf ; accessed December 2005. Syrowik, David R. and Roland J. Cole. The Challenge of Software-Related Patents. Software Patent Institute. 1994. http://www.spi.org/primintr.htm ; accessed December 2005. System and method for provisioning resources to users based on policies, roles, organizational information, and attributes. Tony J. Gullotta, Jeffrey S. Bohren, Liangtong Chen, and Jeffrey C. Curie. September 20, 2005. United States Patent 6,947,989. available at http://patft.uspto.gov/netahtml/srchnum.htm (enter patent number); accessed December 2005; Thompson, Mary R, Essiari, Abdelilah and Srilekha Mudumbai. Certificate-based Authorization Policy in a PKI Environment. Lawrence Berkeley National Laboratory. 2001. http://dsd.lbl.gov/security/Akenti/Papers/ACMTISSEC.pdf ; accessed December 2005. USPTO. The Nature of Patents and Patent Rights. http://www.uspto.gov/web/offices/pac/doc/general/nature.htm ; accessed December 2005. Zhou, Wei and Christoph Meinel. Implement role based access control with attribute certificates. University of Trier. Proceedings of the 6th International Conference on Advanced Computing Technology. Feb 2004. http://www.informatik.uni-trier.de/~meinel/papers/Paper_code16.pdf ; accessed December 2005. APPENDIX A Differences Between Free and Open Source Software Both the BSD and GPL licenses are free software licenses. Fundamentally, a free software license does not require that a product be made available for free. The term free software does not denote free of cost. It simply provides a user certain specific freedoms. The difference between libre (free as in freedom) and gratis (no cost, or zero price) software is explained by Richard Stallman, founder of the Free Software Movement: "Free software is a matter of liberty not price. To understand the concept, you should think of 'free' as in 'free speech', not as in 'free beer'" (more at  HYPERLINK "http://www.fsf.org" http://www.fsf.org). The differences between the BSD and GPL licenses highlight the divergence of opinion between the Free Software Foundation (FSF) and the Open Source Initiative (OSI). The two licenses share similar license criteria and development practices, but their philosophical underpinnings are very different. The FSF wishes to legally protect the freedom to use, modify, and redistribute software by preventing any addition of restrictions in derivative works. It is the absence of restrictions that defines "free". Thus it follows that the opposite of free software is proprietary software. The FSF disagrees with the concept of proprietary software on moral grounds. Its reasoning is that the use, redistribution or modification of proprietary software is prohibited, or requires permission, or is too restrictive to be accomplished effectively. Based on this reasoning the FSF maintains that every copy of free software, even modified copies, must always remain free -- never proprietary. In particular, this means that source code must always be available. In addition, where applicable, derivative distributions must include binary or executable forms of the original software for both modified and unmodified versions. In this way the FSF prohibits the creation of proprietary software from free software. The Open Source Initiative is an offshoot of the Free Software movement that takes a more utilitarian approach. Free software is a subset of Open Source software. Like the FSF, the OSI also wishes to protect the ability to read, modify, and redistribute source code as a means to enhance the evolution of a piece of software. It acknowledges the pragmatic virtues of free software but does not believe that proprietary software is immoral. Banning proprietary derivative works excludes a community of software developers from the process: those in business. The exclusion of that community dismisses potential advances that they could provide. To that end, OSI approved licenses make software freely available to all communities by imposing fewer restrictions. While the official free software and open source definitions differ slightly, in practice almost all open source software is also free software. Free Software Definition:  HYPERLINK "http://www.gnu.org/philosophy/free-sw.html" http://www.gnu.org/philosophy/free-sw.html Open Source Definition:  HYPERLINK "http://www.opensource.org/docs/definition.php" http://www.opensource.org/docs/definition.php Links to other interesting sources on the subject: The Cathedral and the Bazaar, Eric Steven Raymonds essays on open Source versus proprietary development at  HYPERLINK "http://www.catb.org/~esr/writings/cathedral-bazaar/cathedral-bazaar/index.html" http://www.catb.org/~esr/writings/cathedral-bazaar/cathedral-bazaar/index.html Comino, Stefano and Fabio Maneti. Open Source versus Closed Source Software: Public Policies in the Software Market, June 2003 at  HYPERLINK "http://opensource.mit.edu/papers/cominomanenti.pdf" http://opensource.mit.edu/papers/cominomanenti.pdf APPENDIX B SIS External Component Licenses Apache The Apache license is a BSD-style license with the advertising clause. It extends the BSD model by permitting code check-ins to the code base from external developers. Clause six of the Apache license stipulates that distributions of the software in any form whatsoever must retain the following acknowledgement: This product contains software developed by the Apache Group for use in the Apache HTTP server project ( HYPERLINK "http://www.apache.org)" http://www.apache.org). License from  HYPERLINK "http://www.apache.org/licenses/LICENSE-2.0.txt" http://www.apache.org/licenses/LICENSE-2.0.txt ; accessed December 2005 Apache License Version 2.0, January 2004 http://www.apache.org/licenses/ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 1. Definitions. "License" shall mean the terms and conditions for use, reproduction, and distribution as defined by Sections 1 through 9 of this document. "Licensor" shall mean the copyright owner or entity authorized by the copyright owner that is granting the License. "Legal Entity" shall mean the union of the acting entity and all other entities that control, are controlled by, or are under common control with that entity. For the purposes of this definition, "control" means (i) the power, direct or indirect, to cause the direction or management of such entity, whether by contract or otherwise, or (ii) ownership of fifty percent (50%) or more of the outstanding shares, or (iii) beneficial ownership of such entity. "You" (or "Your") shall mean an individual or Legal Entity exercising permissions granted by this License. "Source" form shall mean the preferred form for making modifications, including but not limited to software source code, documentation source, and configuration files. "Object" form shall mean any form resulting from mechanical transformation or translation of a Source form, including but not limited to compiled object code, generated documentation, and conversions to other media types. "Work" shall mean the work of authorship, whether in Source or Object form, made available under the License, as indicated by a copyright notice that is included in or attached to the work (an example is provided in the Appendix below). "Derivative Works" shall mean any work, whether in Source or Object form, that is based on (or derived from) the Work and for which the editorial revisions, annotations, elaborations, or other modifications represent, as a whole, an original work of authorship. For the purposes of this License, Derivative Works shall not include works that remain separable from, or merely link (or bind by name) to the interfaces of, the Work and Derivative Works thereof. "Contribution" shall mean any work of authorship, including the original version of the Work and any modifications or additions to that Work or Derivative Works thereof, that is intentionally submitted to Licensor for inclusion in the Work by the copyright owner or by an individual or Legal Entity authorized to submit on behalf of the copyright owner. For the purposes of this definition, "submitted" means any form of electronic, verbal, or written communication sent to the Licensor or its representatives, including but not limited to communication on electronic mailing lists, source code control systems, and issue tracking systems that are managed by, or on behalf of, the Licensor for the purpose of discussing and improving the Work, but excluding communication that is conspicuously marked or otherwise designated in writing by the copyright owner as "Not a Contribution." "Contributor" shall mean Licensor and any individual or Legal Entity on behalf of whom a Contribution has been received by Licensor and subsequently incorporated within the Work. 2. Grant of Copyright License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare Derivative Works of, publicly display, publicly perform, sublicense, and distribute the Work and such Derivative Works in Source or Object form. 3. Grant of Patent License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable (except as stated in this section) patent license to make, have made, use, offer to sell, sell, import, and otherwise transfer the Work, where such license applies only to those patent claims licensable by such Contributor that are necessarily infringed by their Contribution(s) alone or by combination of their Contribution(s) with the Work to which such Contribution(s) was submitted. If You institute patent litigation against any entity (including a cross-claim or counterclaim in a lawsuit) alleging that the Work or a Contribution incorporated within the Work constitutes direct or contributory patent infringement, then any patent licenses granted to You under this License for that Work shall terminate as of the date such litigation is filed. 4. Redistribution. You may reproduce and distribute copies of the Work or Derivative Works thereof in any medium, with or without modifications, and in Source or Object form, provided that You meet the following conditions: (a) You must give any other recipients of the Work or Derivative Works a copy of this License; and (b) You must cause any modified files to carry prominent notices stating that You changed the files; and (c) You must retain, in the Source form of any Derivative Works that You distribute, all copyright, patent, trademark, and attribution notices from the Source form of the Work, excluding those notices that do not pertain to any part of the Derivative Works; and (d) If the Work includes a "NOTICE" text file as part of its distribution, then any Derivative Works that You distribute must include a readable copy of the attribution notices contained within such NOTICE file, excluding those notices that do not pertain to any part of the Derivative Works, in at least one of the following places: within a NOTICE text file distributed as part of the Derivative Works; within the Source form or documentation, if provided along with the Derivative Works; or, within a display generated by the Derivative Works, if and wherever such third-party notices normally appear. The contents of the NOTICE file are for informational purposes only and do not modify the License. You may add Your own attribution notices within Derivative Works that You distribute, alongside or as an addendum to the NOTICE text from the Work, provided that such additional attribution notices cannot be construed as modifying the License. You may add Your own copyright statement to Your modifications and may provide additional or different license terms and conditions for use, reproduction, or distribution of Your modifications, or for any such Derivative Works as a whole, provided Your use, reproduction, and distribution of the Work otherwise complies with the conditions stated in this License. 5. Submission of Contributions. Unless You explicitly state otherwise, any Contribution intentionally submitted for inclusion in the Work by You to the Licensor shall be under the terms and conditions of this License, without any additional terms or conditions. Notwithstanding the above, nothing herein shall supersede or modify the terms of any separate license agreement you may have executed with Licensor regarding such Contributions. 6. Trademarks. This License does not grant permission to use the trade names, trademarks, service marks, or product names of the Licensor, except as required for reasonable and customary use in describing the origin of the Work and reproducing the content of the NOTICE file. 7. Disclaimer of Warranty. Unless required by applicable law or agreed to in writing, Licensor provides the Work (and each Contributor provides its Contributions) on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied, including, without limitation, any warranties or conditions of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A PARTICULAR PURPOSE. You are solely responsible for determining the appropriateness of using or redistributing the Work and assume any risks associated with Your exercise of permissions under this License. 8. Limitation of Liability. In no event and under no legal theory, whether in tort (including negligence), contract, or otherwise, unless required by applicable law (such as deliberate and grossly negligent acts) or agreed to in writing, shall any Contributor be liable to You for damages, including any direct, indirect, special, incidental, or consequential damages of any character arising as a result of this License or out of the use or inability to use the Work (including but not limited to damages for loss of goodwill, work stoppage, computer failure or malfunction, or any and all other commercial damages or losses), even if such Contributor has been advised of the possibility of such damages. 9. Accepting Warranty or Additional Liability. While redistributing the Work or Derivative Works thereof, You may choose to offer, and charge a fee for, acceptance of support, warranty, indemnity, or other liability obligations and/or rights consistent with this License. However, in accepting such obligations, You may act only on Your own behalf and on Your sole responsibility, not on behalf of any other Contributor, and only if You agree to indemnify, defend, and hold each Contributor harmless for any liability incurred by, or claims asserted against, such Contributor by reason of your accepting any such warranty or additional liability. END OF TERMS AND CONDITIONS APPENDIX: How to apply the Apache License to your work. To apply the Apache License to your work, attach the following boilerplate notice, with the fields enclosed by brackets "[]" replaced with your own identifying information. (Don't include the brackets!) The text should be enclosed in the appropriate comment syntax for the file format. We also recommend that a file or class name and description of purpose be included on the same "printed page" as the copyright notice for easier identification within third-party archives. Copyright [yyyy] [name of copyright owner] Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. X.509 AC X.509 is an ITU standard for digital certificates, which forms the basis of the Internet's PKI standard. There are no obstacles to using this in the SIS software with regard to licensing the product. More information can be found at the PKIX Working Group web site,  HYPERLINK "http://www.ietf.org/html.charters/pkix-charter.html" http://www.ietf.org/html.charters/pkix-charter.html The following description of intellectual property rights was taken from  HYPERLINK "http://www.ietf.org/rfc/rfc2587.txt" http://www.ietf.org/rfc/rfc2587.txt ; accessed December 2005. Intellectual Property Rights The IETF has been notified of intellectual property rights claimed in regard to some or all of the specification contained in this document. For more information consult the online list of claimed rights. The IETF takes no position regarding the validity or scope of any intellectual property or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; neither does it represent that it has made any effort to identify any such rights. Information on the IETF's procedures with respect to rights in standards-track and standards-related documentation can be found in BCP-11. Copies of claims of rights made available for publication and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementors or users of this specification can be obtained from the IETF Secretariat. Open SSL The OpenSSL toolkit implements the secure sockets layer (SSL v2/v3) and transport layer security (TLS v1) protocols, as well as a full-strength general purpose cryptography library. It is open source and free to use. It employs a dual license, its own as well as the original SSLeay license. Both are BSD-style open source licenses, and both licenses apply. The original SSLeay license stipulates that the author shall be given credit for any parts of library used. The license text below was taken from  HYPERLINK "http://www.openssl.org/source/license.html" http://www.openssl.org/source/license.html ; accessed December 2005. OpenSSL License --------------- /* ==================================================================== * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in * the documentation and/or other materials provided with the * distribution. * * 3. All advertising materials mentioning features or use of this * software must display the following acknowledgment: * "This product includes software developed by the OpenSSL Project * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" * * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to * endorse or promote products derived from this software without * prior written permission. For written permission, please contact * openssl-core@openssl.org. * * 5. Products derived from this software may not be called "OpenSSL" * nor may "OpenSSL" appear in their names without prior written * permission of the OpenSSL Project. * * 6. Redistributions of any form whatsoever must retain the following * acknowledgment: * "This product includes software developed by the OpenSSL Project * for use in the OpenSSL Toolkit (http://www.openssl.org/)" * * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED * OF THE POSSIBILITY OF SUCH DAMAGE. * ==================================================================== * * This product includes cryptographic software written by Eric Young * (eay@cryptsoft.com). This product includes software written by Tim * Hudson (tjh@cryptsoft.com). * */ Original SSLeay License ----------------------- /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. All advertising materials mentioning features or use of this software * must display the following acknowledgement: * "This product includes cryptographic software written by * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence * [including the GNU Public Licence.] */ mod_SSL mod_SSL provides the authentication service for the SIS software. It constitutes an Apache interface to OpenSSL. The module provides strong cryptography for the Apache webserver via the secure sockets layer (SSL v2/v3) and transport layer security (TLS v1) protocols with the help of OpenSSL. The module employs a BSD-style license. The license text was taken from  HYPERLINK "http://www.covalent.net/resource/legal/docs/license_modssl.txt" http://www.covalent.net/resource/legal/docs/license_modssl.txt ; accessed December 2005. Copyright (c) 1999 Ralf S. Engelschall. All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. 3. All advertising materials mentioning features or use of this software must display the following acknowledgment: "This product includes software developed by Ralf S. Engelschall for use in the mod_ssl project (http://www.modssl.org/)." 4. The names "mod_ssl" must not be used to endorse or promote products derived from this software without prior written permission. For written permission, please contact rse@engelschall.com. 5. Products derived from this software may not be called "mod_ssl" nor may "mod_ssl" appear in their names without prior written permission of Ralf S. Engelschall. 6. Redistributions of any form whatsoever must retain the following acknowledgment: "This product includes software developed by Ralf S. Engelschall for use in the mod_ssl project (http://www.modssl.org/)." THIS SOFTWARE IS PROVIDED BY RALF S. ENGELSCHALL ``AS IS'' AND ANY EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL RALF S. ENGELSCHALL OR HIS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. OpenLDAP OpenLDAP is a suite of applications and development tools that enable open-source LDAP development. It employs a BSD-style public license is thus poses no problems for use in the SIS software. The license text is available at:  HYPERLINK "http://www.openldap.org/software/release/license.html" http://www.openldap.org/software/release/license.html ; accessed December 2005. The OpenLDAP Public License Version 2.8, 17 August 2003 Redistribution and use of this software and associated documentation ("Software"), with or without modification, are permitted provided that the following conditions are met: 1. Redistributions in source form must retain copyright statements and notices, 2. Redistributions in binary form must reproduce applicable copyright statements and notices, this list of conditions, and the following disclaimer in the documentation and/or other materials provided with the distribution, and 3. Redistributions must contain a verbatim copy of this document. The OpenLDAP Foundation may revise this license from time to time. Each revision is distinguished by a version number. You may use this Software under terms of this license revision or under the terms of any subsequent revision of the license. THIS SOFTWARE IS PROVIDED BY THE OPENLDAP FOUNDATION AND ITS CONTRIBUTORS ``AS IS'' AND ANY EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OPENLDAP FOUNDATION, ITS CONTRIBUTORS, OR THE AUTHOR(S) OR OWNER(S) OF THE SOFTWARE BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. The names of the authors and copyright holders must not be used in advertising or otherwise to promote the sale, use or other dealing in this Software without specific, written prior permission. Title to copyright in this Software shall at all times remain with copyright holders. OpenLDAP is a registered trademark of the OpenLDAP Foundation. Copyright 1999-2003 The OpenLDAP Foundation, Redwood City, California, USA. All Rights Reserved. Permission to copy and distribute verbatim copies of this document is granted. EXPECT Expect is a tool primarily for automating interactive applications such as telnet, ftp, passwd, fsck, rlogin, tip, etc. In the SIS system it is used with OpenSSL to automate the digital certificate creation process. The EXPECT library does not have an explicit license. The author, Don Libes, noted in the README file for the library: I hereby place this software in the public domain. NIST and I would appreciate credit if this program or parts of it are used.  HYPERLINK "http://expect.nist.gov/cgi.tcl/README.distribution" http://expect.nist.gov/cgi.tcl/README.distribution aznAPI This authorization API defines a programmatic interface through which system components that need to control access to resources can request an access control decision from the system's access control service. It is subject to the Open Brand Trademark License Agreement (TMLA) from the Open Group. The license text can be found in section 2.1 of the following document (the document it is too large to include here): http://www.opengroup.org/openbrand/tmla.pdf APPENDIX C Patent number 5,911,143 -- Method and system for advanced role-based access control in distributed and centralized computer systems. This system employs parameterized role types that can be instantiated into role instances equivalent to roles or groups. The required parameters are provided by the subject of the computer system. Subjects are all possible types of holders of access rights within a computer system, for example persons, job positions, role instances, users, and transactions. The system uses capability lists to provide the access rights of the subjects on the objects of a computer system on a per-subject basis. Access control lists are derived from the capability lists, wherein the system provides access rights of the subjects on the respective objects on a per-object basis. [United States Patent 5,911,143] A couple differences between the system described and the SIS software is that it does not address authentication and it is based on ACLs. Patent number 6,728,884 -- Integrating heterogeneous authentication and authorization mechanisms into an application access control system. The goal of this system is to provide selective access to resources on a user basis, adaptable to internal and external network environments, while taking advantage of existing security mechanisms. To that end a method and apparatus are described that selectively authenticate and authorize a client seeking access to one or more secure, networked computer systems. A proxy security server is requested to authenticate the client using information identifying. An authorization of the client from the proxy security server is received, based on authentication results received from a remote security server coupled to the proxy security server. In response, access rights of the client are established, based on one or more access information records received from remote security server through the proxy security server. [United States Patent 6,728,884] The architecture of this system is sufficiently different that the SIS software wont infringe. Patent number 6,785,686 -- Method and system for creating and utilizing managed roles in a directory system This system focuses on the use of managed roles. A "managed" role is one that can be configured to provide search results similar to those available with a static grouping mechanism, i.e., to create a group entry that contains a list of members. Managed roles allow a user to create an explicit enumerated list of members. A managed role is represented by a label stored with a directory entry. The system addresses this problem in the X.500 architecture: a typical directory tree organizes entries only hierarchically, and the structure may not be optimal for short-lived or changing organizations where groupings can be made based on an arbitrary user attribute. This system defines several classes of roles to enforce sophisticated access control (filtered roles, managed roles, nested roles, enumerated roles). The system implements a Class of Service (CoS) concept, wherein users are allowed to share attributes between entries in a way that is transparent to an application. This can be achieved by generating the values of the attributes by a CoS logic at the time of, or immediately prior to the time, the entry is transmitted to an application. This is done in contrast to storing the values of the attributes with the attribute itself. [United States Patent 6,785,686] Attributes are not stored in ACs in this system, not does it address authentication. Other aspects of the system make it sufficiently different that the SIS software does not infringe. Patent number 6,947,989 -- System and method for provisioning resources to users based on policies, roles, organizational information, and attributes This system relates to the administration of user accounts and resources, and to systems and processes for provisioning users with resources based on policies, roles, organizational information, and attributes. The resources to be provisioned include "hard" (chairs, desks, phones, etc.) and soft (email, programs, files, etc.) resources. It describes steps for establishing a set of attributes, organizational information, and user roles, and for defining a plurality of resource provisioning policies based on selected attributes and user roles. provisioning users based on policies that can take various process paths that are established as a result of the entry of user parameters; provisioning users based on policies which may require information or authorization from another person. [United States Patent 6,947,989] This is a very broad patent, and due to its breadth probably comes the closes to the SIS software. But it does not define a required a authentication scheme, it is focused more on resource provisioning than access control (in which human approval is required for many tasks), its policies are defined in Boolean IF-THEN-ELSE form, and the storage of attribute/policy information is not centralized. The SIS software does not infringe. APPENDIX D Draft Executive-Level Marketing Document for the SIS Software Background A prototype of the secure information sharing framework described in this document was created in 2004 by Dr. Edward Chow and Ganesh Godavari, of the Department of Computer Science at the University of Colorado, Colorado Springs. Opportunities for its application in business and government are presently being investigated. Problem/Need Todays business and government landscapes require personnel to be informed, prepared, and capable of responding to rapidly changing situations. Insular, stove-piped information systems do not adequately address common problem domains which often span multiple agencies and sectors. The need for coordination across different user communities is critical under such circumstances. Dynamic teaming and attendant participation cannot be accomplished effectively without adequate information access. The need to share information does not supersede the requirement for solid information security. Indeed security is a primary concern and a critical success factor in the mission of a task force. Access to more information must not compromise privacy or protection from misuse. Information leaks and misinformation can subvert a mission, or worse, increase its liability exponentially. Solution Both sharing and security can be achieved with the right supporting architecture; the two goals are not at cross purpose. The Secure Information Sharing (SIS) system has implemented a framework to authenticate users and to control access based upon defined roles. The framework separates authentication decisions from access decisions. Authentication of personal identity is accomplished via public key certificates. In the SIS system, access is available through system linkages designed to support the information and communication needs of different entities, such as a joint task force. Authorization and access are determined by a collection of permissions, encapsulated by a role, to which an individual is assigned. Roles restrict access based upon a user function within an enterprise. The concept is known as Role-Based Access Control (RBAC) and has been adopted as an industry standard. RBAC as an access control paradigm is easy to understand, easy to manage, and scalable. It supports the concept of least privilege, in which a role identifies a user's job functions, determines the minimum set of privileges required to perform that function, and restricts the user to those privileges and nothing more. It permits users to belong to multiple roles, and to inherit roles hierarchically (a manager may inherit the roles of his subordinates, for example). It enables rapid response and flexibility with the assignment and revocation of privileges a task that is often difficult or costly to achieve in less precisely controlled access systems. RBAC also reduces system set-up time and administration. This is partly because a role-based model mirrors the way an enterprise typically conducts business, as opposed to the conventional, less intuitive, process of administering lower-level access control mechanisms directly. The SIS system furthers ease of use through procedures and tools that expedite the establishment of the public key infrastructure (PKI) and the privilege management infrastructure (PMI). It also allows administrators to recruit a business existing infrastructure, such as LDAP, to serve as PMI components for the system. Conclusion Overall, the SIS system provides a unique, extensible capability to organizations that require critical information and communication collaboration. It is designed to be easily set up and managed, and can be fit to accommodate the needs of varying organizational infrastructures.     PAGE   PAGE 23 CS701 MS Project Stoll SIS software adds user role information as an extension once the privilege is validated, beta returns the web document to alpha via a secure information channel beta validates alphas AC and checks if the organization has access privileges to the requested document organization alpha sends a secure web request to organization beta, wherein beta validates alphas submitted authentication certificate upon validation of alphas authentication certificate, beta reads the subject (DN) of the certificate to establish a connection with the LDAP server at alphas location; once connected, beta retrieves alphas AC 7AG      - . / 0 6 7 o p q ӵȭӭymbZVZhkOjhkOUhi1h G~CJaJh%h G~5CJaJh%h65CJaJh hhhR{5CJaJhR{5CJaJhhCJaJhCJaJhhCJaJhR{CJaJhhCJaJhCJaJhh5CJaJh%ox5CJ\aJhh5CJ\aJG     . / 0 1 2 3 4 5 6 7 ` o $dha$gd G~ $dha$gd`uu x      5 6 7 8 9 : ; < = Y Z ߼߱w߱f jwh\iUmHnHu2jh\ih\i>*B*UmHnHphu j}h\iUmHnHujh\iUmHnHuh\imHnHu2jh\ih\i>*B*UmHnHphuh\imHnHuhLh\i0JmHnHu$jhLh\i0JUmHnHu$ ; >  j  ^ W:#{c d $  $  $ Z [ \ n o p źӑőwźfӑő jkh\iUmHnHu2jh\ih\i>*B*UmHnHphuh\imHnHu jqh\iUmHnHujh\iUmHnHuh\imHnHuhLh\i0JmHnHu$jhLh\i0JUmHnHu2jh\ih\i>*B*UmHnHphu    8 9 : ; < = > ? @ \ ] ^ _ b c d ~  źӑőwźfӑő j_h\iUmHnHu2jh\ih\i>*B*UmHnHphuh\imHnHu jeh\iUmHnHujh\iUmHnHuh\imHnHuhLh\i0JmHnHu$jhLh\i0JUmHnHu2jh\ih\i>*B*UmHnHphu       / 0 źӑőwźfӑő jSh\iUmHnHu2jh\ih\i>*B*UmHnHphuh\imHnHu jYh\iUmHnHujh\iUmHnHuh\imHnHuhLh\i0JmHnHu$jhLh\i0JUmHnHu2jh\ih\i>*B*UmHnHphu 0 1 2 H I J d e f g h i j k l źӑőwźfӑő jG h\iUmHnHu2jh\ih\i>*B*UmHnHphuh\imHnHu jMh\iUmHnHujh\iUmHnHuh\imHnHuhLh\i0JmHnHu$jhLh\i0JUmHnHu2jh\ih\i>*B*UmHnHphu          3 4 5 6 < = > X Y Z [ \ ] ^ _ ` | } źӑőwźfӑő j; h\iUmHnHu2j h\ih\i>*B*UmHnHphuh\imHnHu jA h\iUmHnHujh\iUmHnHuh\imHnHuhLh\i0JmHnHu$jhLh\i0JUmHnHu2j h\ih\i>*B*UmHnHphu } ~  "#źӑőwźfӑő j/ h\iUmHnHu2j h\ih\i>*B*UmHnHphuh\imHnHu j5 h\iUmHnHujh\iUmHnHuh\imHnHuhLh\i0JmHnHu$jhLh\i0JUmHnHu2j h\ih\i>*B*UmHnHphu #$%567QRSTUVWXYuvwxźӑőwźfӑő j#h\iUmHnHu2jh\ih\i>*B*UmHnHphuh\imHnHu j)h\iUmHnHujh\iUmHnHuh\imHnHuhLh\i0JmHnHu$jhLh\i0JUmHnHu2j h\ih\i>*B*UmHnHphu 456789:;<XYZ[defźӑőwźfӑő jh\iUmHnHu2jh\ih\i>*B*UmHnHphuh\imHnHu jh\iUmHnHujh\iUmHnHuh\imHnHuhLh\i0JmHnHu$jhLh\i0JUmHnHu2jh\ih\i>*B*UmHnHphu  !"#$%ABźӑőwźfӑő j h\iUmHnHu2jh\ih\i>*B*UmHnHphuh\imHnHu jh\iUmHnHujh\iUmHnHuh\imHnHuhLh\i0JmHnHu$jhLh\i0JUmHnHu2jh\ih\i>*B*UmHnHphu BCDXYZtuvxyz{|}źӑőwźfӑő jh\iUmHnHu2jh\ih\i>*B*UmHnHphuh\imHnHu jh\iUmHnHujh\iUmHnHuh\imHnHuhLh\i0JmHnHu$jhLh\i0JUmHnHu2jh\ih\i>*B*UmHnHphu     -./0@AB\]^`abcdeźӑőwźfӑő jh\iUmHnHu2jvh\ih\i>*B*UmHnHphuh\imHnHu jh\iUmHnHujh\iUmHnHuh\imHnHuhLh\i0JmHnHu$jhLh\i0JUmHnHu2j|h\ih\i>*B*UmHnHphu      *+źӑőwźfӑő jh\iUmHnHu2jjh\ih\i>*B*UmHnHphuh\imHnHu jh\iUmHnHujh\iUmHnHuh\imHnHuhLh\i0JmHnHu$jhLh\i0JUmHnHu2jph\ih\i>*B*UmHnHphu +,-ABC]^_abcdefźӑőwźfӑő jh\iUmHnHu2j^h\ih\i>*B*UmHnHphuh\imHnHu jh\iUmHnHujh\iUmHnHuh\imHnHuhLh\i0JmHnHu$jhLh\i0JUmHnHu2jdh\ih\i>*B*UmHnHphu d$y"od}.|Frt~gd`$a$gd` $dha$gd G~ $  $  $ !"#$%&BCDEVWXrstvwxyz{źӑőwźfӑő jh\iUmHnHu2jRh\ih\i>*B*UmHnHphuh\imHnHu jh\iUmHnHujh\iUmHnHuh\imHnHuhLh\i0JmHnHu$jhLh\i0JUmHnHu2jXh\ih\i>*B*UmHnHphu  !"#$@Aźӑőwźfӑő jh\iUmHnHu2jFh\ih\i>*B*UmHnHphuh\imHnHu jh\iUmHnHujh\iUmHnHuh\imHnHuhLh\i0JmHnHu$jhLh\i0JUmHnHu2jLh\ih\i>*B*UmHnHphu ABCLMNhijlmnopqźӑőwźfӑő j h\iUmHnHu2j: h\ih\i>*B*UmHnHphuh\imHnHu jh\iUmHnHujh\iUmHnHuh\imHnHuhLh\i0JmHnHu$jhLh\i0JUmHnHu2j@h\ih\i>*B*UmHnHphu 4567ABC]^_abcdefźӑőwźfӑő j"h\iUmHnHu2j."h\ih\i>*B*UmHnHphuh\imHnHu j!h\iUmHnHujh\iUmHnHuh\imHnHuhLh\i0JmHnHu$jhLh\i0JUmHnHu2j4!h\ih\i>*B*UmHnHphu   &'źӑőwźfӑő j$h\iUmHnHu2j"$h\ih\i>*B*UmHnHphuh\imHnHu j#h\iUmHnHujh\iUmHnHuh\imHnHuhLh\i0JmHnHu$jhLh\i0JUmHnHu2j(#h\ih\i>*B*UmHnHphu '()Z[\vwxz{|}~źӑőwgVӑő j&h\iUmHnHuhLh\i0JmHnHsH u2j&h\ih\i>*B*UmHnHphuh\imHnHu j%h\iUmHnHujh\iUmHnHuh\imHnHuhLh\i0JmHnHu$jhLh\i0JUmHnHu2j%h\ih\i>*B*UmHnHphu    '()+,-./0LMNOYZ[uvwyz{|}~øӏӁgӁVӏӁ j(h\iUmHnHu2j (h\ih\i>*B*UmHnHphuhLh\i0JmHnHuh\imHnHu j'h\iUmHnHujh\iUmHnHuh\imHnHuhLh\i0JmHnHsH u$jhLh\i0JUmHnHu2j'h\ih\i>*B*UmHnHphu #$%?@ACDEFGHdefg56źӑőwźfӑő j{*h\iUmHnHu2j)h\ih\i>*B*UmHnHphuh\imHnHu j)h\iUmHnHujh\iUmHnHuh\imHnHuhLh\i0JmHnHu$jhLh\i0JUmHnHu2j)h\ih\i>*B*UmHnHphu 678źӑőwźfӑő jo,h\iUmHnHu2j+h\ih\i>*B*UmHnHphuh\imHnHu ju+h\iUmHnHujh\iUmHnHuh\imHnHuhLh\i0JmHnHu$jhLh\i0JUmHnHu2j*h\ih\i>*B*UmHnHphu OPQklmopqrstźӑőwźfӑ^W hh G~jhkOU jc.h\iUmHnHu2j-h\ih\i>*B*UmHnHphuh\imHnHu ji-h\iUmHnHujh\iUmHnHuh\imHnHuhLh\i0JmHnHu$jhLh\i0JUmHnHu2j,h\ih\i>*B*UmHnHphut~34CDFU_hHݹ}vohahZ hGEhrg hGEhnJ hGEhHE hGEh hGEhWf hGEh@hWf hGEh3 hGEh+% hGEh/L hGEhw hGEhA hGEhf hGEhxg#h`hxg6CJOJQJ^JaJ#h`h{6CJOJQJ^JaJ#h`h@46CJOJQJ^JaJ h`h@4CJOJQJ^JaJ! !,$-$4&5&G(H(K*V*j*,',+,--5.6. $dha$gd@ $$dha$gd@gdIjNgdIjN$a$gdEGdhgd@gds> dhgds> dhgd@UC F G M Z b q s t !!# ##)#.#<###+$,$-$1$ҽҶ૛yung_hGEh}Ct\ hGEhAl hGEh-(Dh L hGEh#hQw? hGEhYhs>hY6CJOJQJ]hs>h{6CJOJQJ] hGEhSihc hGEhiC hGEhwV hGEh+$ hGEhnJ hGEh/L hGEhrg hGEh|h@4 hGEhHE hGEhim hGEhAJ%1$$$$)%*%-%%3&4&&&&''&(8(F(G(H(J*K*L*V*\*j*|****************ƾƺͮwrwjwjwjwjwjwhGEh\ hIjN\hGEhvz\ hq\hGEho\haha5\ hEG5\hEGhE.CJOJQJhEG hEG\ hGEhth/X}hthb| hGEh/X}hGEh/X}\ hGEhAl hGEhz1hnxhGEh#\hGEh}Ct\hGEhAl\)******* ++++'+N+d++++++++++++++,,,',+,;,V,Y,Z,[,h,,,,H-]-f-------ö}h7j.hKUjhjEUmHnHu h3=\ hK\ hjJ\ h7\hK hGEhvzhIjNhFCJOJQJhIjNhIjN6CJOJQJ]hRhGEh-D\hF hGEh-D h-D\hGEhvz\hGEh\1--------!.".3.4.5.6.../ /"/e/g/h/l////00 0!0 1]111S2U2222ƽ˸{tptlgb h{\ h+\h{hmL hGEhmL hmL\hGEh-D\ hGEh-DhIjNhFCJOJQJ h-D\hGEh5^\ h5^\ h5g\ hl \ h3=\hvz hOr\ h7\h7 hX}\hjEhjE\mHnHuhjEh7\jhjEh7U\hjEhjE\&6.h/l/>3C3=8T8:;<<M>N>? ?AAABBBPBdBCCgdXgdi1gdY $dha$gd@$$dh^a$gd@dhgdN;|gdIjNdhgd@222=3>3B3C334j4|4~47%7<8=8T8a88O9999 : :/:0:::;:[:\:l:::::::::::::::;Ͽ㻴ǚǚǚ}hvzhP h] hT\jh-Dha h-D6] ha hT\j ha h-Dhh{hL hGEhvzh-DhGEha \ha h hGEha hIjNh CJOJQJhIjNhFCJOJQJ h-D\ h{\ h+\.;;!;1;;D<U<g<}<<<<<<<<<<<)=E=M=d==L>M>N>O>>??? ??}???½µʱ¨ђp_p hN;|h=sCJOJQJ^JaJ hN;|h9CJOJQJ^JaJ hN;|hk"RCJOJQJ^JaJ hN;|hNCJOJQJ^JaJ h]m\ hF\hLh9hGEh]m\ h@q\hGEhvz\ hGEhvzhIjNhFCJOJQJ hDg{\hM hMhMh+ hMhDg{ hMhvz%???@'@+@t@@@@@@@@@$A%A0A1AAA޼u`K`6`6`6)hN;|haB*CJOJQJ^JaJph)hN;|hZB*CJOJQJ^JaJph)hN;|h|<B*CJOJQJ^JaJph#hN;|hN;|CJOJQJ]^JaJ#hN;|h2CJOJQJ]^JaJ#hN;|h]mCJOJQJ]^JaJ hN;|h]mCJOJQJ^JaJ hN;|hNCJOJQJ^JaJ hN;|hZCJOJQJ^JaJ hN;|h9CJOJQJ^JaJ hN;|h=sCJOJQJ^JaJAAAAAAAAAABBBB;B?B@BABBBPBcBdBhBlBBBBBBBƿo_[W[S[O[Kh][h< IhYhWnh.qhXh.q6CJOJQJ]hXh{K6CJOJQJ]hi1hi16CJOJQJ] hYhYh4 hX}hX}hX}hkmHnHu hX}h7jhX}h7U hX}hm5_ hGEhm5_jhGEhaU hGEh4jhGEh4U)hN;|h|<B*CJOJQJ^JaJphBBBBBCCC CACBCDCCCCCD*DTD\D_DdDeDqDwDDDDDE,E-EKENEPEUEVEcEgEE/F0F6F;FEFIFJF~FFFFFFFFFFGG3G6GHkHUKKMM4N5N?NNNNNOP dh]gd@gdUeegd% )gdf dh]gdO:?gd"P $dha$gd@ $$dha$gd@gd'E}dhgd@HjHkHxHHHHHHHII.IWIqI{IIIIIIIIIII=J]JJJJJJóhihh|h~hLhShwh1hrhh,h@3$h"Ph{K6CJOJQJ]h"Phc6CJOJQJ]hkmHnHujhWUhqhWjhWUh+"Zh=|yhD5JJKRKTKUKKKKKKK1L3L_s___________=`C`ͽͱ͢hs2ihQh=%hCh^fh2!h3|:h hb|hhh6Fhb|hRh36CJOJQJ]h3h@h g hGEhn2h&hhRhchh;$Ahn2hWh|df6C`K`u`````?@{tmt{m{titit{hdE hGEhr hGEh1 hGEhl hGEh hGEh2 hGEh>hoh9=CJOJQJhohlCJOJQJhGEhl6h:Qh;k4 hGEh hGEh5mH sH h;k4mH sH hGEhxhGEhxmH sH hxmH sH hGEh mH sH )@ALReo Wc2A"%-356;FGIT[\rwȼ㵭ߢߞߞߞߓ hGEhJhakh!h hGEhgh1mH sH h1h1hGEhe-`]mH sH hGEhe-`mH sH hXmH sH hf?hX hGEh1h1hY hGEhA_ hGEhe-`4I^_9:(;_`<=UԢ[\h$a$gda4gdt1dhgdIdhgdykdhgddhgd@gdodhgd'[./<Qfkn~ƌȌ، /ESW\]^_`Í&'89묨~hGEh7Y\h hGEh:hhGEh[d\hD hGEhh[dhGEh6\ hD \ hn\ h-:\ h\7\h\7hhJ,hJ,6\ h\ h\ hJ,\hGEh\hohJCJOJQJ0./@}ɐΐѐڐ3589:Nޑߑ MNђǿ׵׭ץϭ| hGEhBXhGEhBX\hGEhr'e\ h[d\hGEh\ hil{\hGEh%\hGEh*\hGEhil{6\hGEhk\hGEhr\hGEh'l\hGEhil{\hGEh.\hGEh8[\hGEh7Y\hGEh\)\/ђ13| !+ДєӔ E]vz•ЕԕILMcdf &'(:;ɾ㾮whoh CJOJQJhohAvCJOJQJ hGEh'C hGEhkF.hkF. hGEhH|whH|whQChu$}hh% hGEhr'ehr\ hGEh:hhh[d hGEhAl hGEhY. hGEh9h`V hGEhBXh*.;KRjkmqy23`y!).8;=gopr~˚̚ 8HIқۛ-EFJOȽĹĽȽȽȽh41h|g}hW#hIJYhs'h02vh%hYAQh} hGEhG^hH|whG^hp%h5Vh_hQhPhxhqhhFhh*h-2hC<BJSTUISew~*._gj˟!-OϠߠ +lmoѢҢӢԢͻƴƴƴƴ⬨h!ht1ht16CJOJQJ]h-hG^hh hWhRmq hWh]JhCq hWh hWh hWhW hWhE hWhyk hGEhykht6hhh02vhW#8ahХ %6Z[\^hԧa|Ǩ37GQRjkʽ}}}v hXhN h)SS\ h 0\ hJ\ hp\ hK\ hVx\ h6\hhg_6CJOJQJ]ha4hg_CJOJQJha4ha4CJOJQJ hajhQ hQhQh(hh"1h>hW#hZc hQhIh!hf6+hkhvGHT_jжѶdewzӿst8dhgd@gd9Ndhgdlgd8_ $a$gd$dhgdg_gdZ[dhgdXdhgdXgdg_7>G #078=Tl۫ ghvĭ]"7mFYoŰְٰ26ϼ h\W\ h\ h-1\ hiI\ h{\ h^T\ hxm\ hv\hZ[hg_6CJOJQJ] hXh{}h6h-1hC?h(h{}h1[ hXhNhXB*phhXhXB*phhX hXhX46HIRWt{|}(STU_ijnճ )9:BV`е%(<?XgjvǷ{hXhph hh{[h.*hxhMhlh{g h,ZhlhE6CJOJQJ]h8_ hE6CJOJQJ]h$h#XhCJOJQJh$h$CJOJQJ h$\ h\ h\ ho"\ hiI\ h^T\0ĶѶ ҷԷ޷<=cd.1ʺTvwzڽ۽'<ADIQV^˾ؾOP\`ӿh9NhhLL,hzhmUht<hv h.*hZ "hV{hOh3+Eh.5h(H"h*+hXh EӿrI69FGnt{|:a34J1s ]yǹdžxqjjc hqh hGEh h%$'h h9h h|g}hh|g}h>*hD hB*phhB*phh=h>*B*phh=hB*ph h=h hhhhT hCJOJQJh3vhT h1`jh'h sh9Nh9Nh9N6CJOJQJ]%89-.34efxykl,-gd`KgdRmqgdP gdOrgdgdw$a$gdT dhgdT dhgd@y Pkl~,-< &B]x6۲~vqj hh h6h=h6 hOrhhOGhzW\hOGhzW6\] hOGhzWhzWh=h>* h=hhh5hmH sH hGEhmH sH hohaJ haJhmH sH h_"h\hzWh\ h>*\ h\)x`a~!"\]klgd4(gd<}gdwgdYgdifgdgdOrgdzW6O_a ~!"(=NOPux AG»ʰʻʻʻʒ»ʻʄʻ h>* h2h hh hahh=h0Jjn h=hUjh=hU h=hh=h>*h hzW\'hOGhzW0J5CJOJQJ^JaJhOGhzW\ hOGhzWhOGhzW\]2Gfn>@Aghny{1Pkl./J_{;"0rhP hqhw hhhh>*H* h?h hzW\hOGhzW\ hOGhzWhzWhB*phh=h>* h6 h4(h h=h hu$}hh h>*9VW^_Qlmhdhgd@ $dha$gdED_$a$gdM$a$gdi1gdOrgdP gdw%&FGHZ[,$>0̹yleeeeYeeehGEhSI\mH sH hGEhSIhGEhSI0JmH sH #j hGEhSIUmH sH jhGEhSIUmH sH hGEhSI6mH sH hGEhSImH sH hGEhED_5$hMhSI56CJOJQJ\]hi1hK+CJOJQJhi1hED_CJOJQJhi1hSICJOJQJhkOhjCJOJQJ"01ijkQmjkl巬嬁rgUrHrghGEh\i0JmH sH #jhGEh\iUmH sH hGEh\imH sH jhGEh\iUmH sH hGEh >*mH sH hGEh 0JmH sH #jc hGEh UmH sH hGEh mH sH jhGEh UmH sH hGEhSI0JmH sH #jB hGEhSIUmH sH hGEhSImH sH jhGEhSIUmH sH 0234fghitABfԷܪԗp\SG@5@jhGEhXU hGEhXh(zkhX5mH sH hX5mH sH &hMh\i6CJOJQJ]mH sH &hMhX6CJOJQJ]mH sH $hi1hED_CJOJQJaJmH sH $hkOhXCJOJQJaJmH sH h,hX0JmH sH #jAh,hXUmH sH hGEhXmH sH hXmH sH jhXUmH sH hGEh\imH sH hGEh\i6mH sH ht)^7LgdXdhgdXdhgd@$a$gdM$a$gdi1fgh~VW`lmyοδƫοҞuj^VKVhGEh(zkmH sH h(zkmH sH jh(zkUmH sH hGEhXmH sH hGEhXB*phh(zkhX5mH sH #h(zkhX5OJQJ^JmH sH h(zkhXOJQJ^Jh,h(zk0JjUh(zkU h(zkh(zkjh(zkUh(zkhX hGEhXhGEhX0JjhGEhXUjhGEhXU!f9op*+m!"g'(r WgdX`=jL,u7|GHgdXf9 Q#RS#HI67}GkgdXklA]6{ QM M N   ) i gdXi   - . x   W X    e   =`:VgdXb: S8|I./rgdXr\4V` J#jgd(zkdhgdXgdX/0<_abc    #  ! "ĹħĹ~h]V]Nh:@ mH sH hGEhXhGEhXmH sH +h:@ hX5CJOJQJ^JaJmH sH #h:@ h:@ 5CJOJQJ^JaJhR1nOJQJ^Jh(zkh(zkOJQJ^J#jh,h(zkUmH sH h(zkh(zkmH sH h(zkmH sH hXmH sH h,h(zk0JmH sH jh(zkUmH sH #jh,h(zkUmH sH =T  """"""?#B#####"$f$i$ 2( Px 4 #\'*.25@9gd:@ dhgdXgd:@ gd(zk " "E"F"G"q"r""""99999:::;;Q;R;S;;;;;;GDHD𾶾yqjqXqKqhqhqOJQJ^J#jhGEhXUmH sH hGEhXhqmH sH hqhX5mH sH hq5,hqhq5B*CJOJQJ^JaJph)h:@ h:@ B*CJOJQJ^JaJphhXmH sH h:@ mH sH hGEhX0JmH sH #jhGEhXUmH sH hGEhXmH sH jhGEhXUmH sH i$$$8%L%O%%%&T&W&&&/'O'R'''((O(e((((5)|) 2( Px 4 #\'*.25@9gd:@ |))*K***+N++++D,G,,,,,,,---.-h----- 2( Px 4 #\'*.25@9gd:@ -!.$.m...A////060000B1E11112`222=333 2( Px 4 #\'*.25@9gd:@ 33!4p444C55556g667K777/8y8888)9^999 2( Px 4 #\'*.25@9gd:@ 99;;;;;0<s<|<}<~<<===H=}=====>S>>>>>>gdqdhgdX>/?l??????8@f@g@h@@@@,A[A\A]AAA'BiBBB$C]CCC#Dgdq#DFDGDQDEEE F FOFFFFF GGTGGGGG>H?HHH 2( Px 4 #\'*.25@9gdqdhgdXgdqHDQD^DDD4E7E8E{E|E}EEEEEEFF GGGG>H?H4I5IgLhLMMMMtNvNʫ٣jjjjjjjjX#hP:B*CJOJQJ^JaJph)hP:hqB*CJOJQJ^JaJph)hqhqB*CJOJQJ^JaJphhP:hqCJaJmH sH hXmH sH hGEhX0JmH sH #jbhGEhXUmH sH jhGEhXUmH sH hqmH sH hGEhXhGEhXmH sH hqhX5mH sH !HI4I5IrIII=JJJKEKKK LKLgLhLLL2MyMMMMMM 2( Px 4 #\'*.25@9gdqM=NuN}N~NPPPRRR5SUUVWmZnZZdhgd"1gdbdhgd@$a$gd"1dhgdX 2( Px 4 #\'*.25@9gdP: 2( Px 4 #\'*.25@9gdqvN|N}N~NNNVOOOOIPRPSP_PPPPPPPPP͸͸͘{pgYJh"15CJOJQJ^JaJh"1CJOJQJ^JaJh,h"10Jjh"1U hP:h"1CJOJQJ^JaJh"1jh"1UhP:CJOJQJ^JaJ"hP:CJOJQJ^JaJmH sH (hGEhXCJOJQJ^JaJmH sH hGEhXCJOJQJ^JaJhP:hP:5mH sH hX5mH sH hP:hX5mH sH PPaQxQQQQtRRRRRRR5SUUVVʻ{njXHj8j1 hajh"1h^'h"10J5CJOJQJhbh"16CJOJQJ]"hbh"10J6CJOJQJ]h"1h"1hSICJOJQJh"1h"1CJOJQJ#hED_hXCJOJQJ]^JaJ#hED_hED_CJOJQJ]^JaJhED_CJOJQJ]^JaJh: CJOJQJ]^JaJ#hGEhXCJOJQJ]^JaJ hGEhXCJOJQJ^JaJ#hhhX5CJOJQJ^JaJVVWbZkZlZZZZ<[_!`9`B`D`E```aaddffffffffʽڶگڟڶڗړ|o_ZRh,Zh%s5 h%s5h(h(6CJOJQJ]h\i6CJOJQJ]h"1CJOJQJh(h(CJOJQJh(h-6Rhbh'h"10J5CJOJQJ hzh"1 hajh"1h"10J5CJOJQJhMh"10J5CJOJQJh"1hbh"16CJOJQJ]"hbh"10J6CJOJQJ]Z<[\\D`E``addfffff'h(h5hkkkBoCorr:tgd%s$a$gd($a$gd(dhgd"1gdbfwgg'h(h5h;hkkkkk m_mfmim nnHooppppqqqrr!s9t;tFtt^u_u`uaucudufuguiujulumusutuuuvuwuxu~uuuuuuuÿӵàh\ihV0JmHnHu hV0JjhV0JUh-] h-]0Jjh-]0JUhKjhKU hGEh"1 h,Zh%sh,Zh%s5h%s hh%s::t;tFt_u`ubucueufuhuiukuluuuvuwuuuuuuuuAvBv $T]Ta$gdh]hgd-] &`#$gdVdhgd@gd%suuuuuvvAvBvFvQvXvvvvvvvvvww4w5wHwOwlwpwwwwwwxx x x x hGEh"1he[h"h\i6\ h\i\h\i hFh\i5B* CJaJph%Bvvv4w5w x x x xdhgd@ $0]0a$gd $T]Ta$gd21h:p`/ =!"#$% 901hP:pAj/ =!"#$% < 001hP:pV/ =!"#$% }DyK _Toc121584039}DyK _Toc121584039}DyK _Toc121584040}DyK _Toc121584040}DyK _Toc121584041}DyK _Toc121584041}DyK _Toc121584042}DyK _Toc121584042}DyK _Toc121584043}DyK _Toc121584043}DyK _Toc121584044}DyK _Toc121584044}DyK _Toc121584045}DyK _Toc121584045}DyK _Toc121584046}DyK _Toc121584046}DyK _Toc121584047}DyK _Toc121584047}DyK _Toc121584048}DyK _Toc121584048}DyK _Toc121584049}DyK _Toc121584049}DyK _Toc121584050}DyK _Toc121584050}DyK _Toc121584051}DyK _Toc121584051}DyK _Toc121584052}DyK _Toc121584052}DyK _Toc121584053}DyK _Toc121584053}DyK _Toc121584054}DyK _Toc121584054}DyK _Toc121584055}DyK _Toc121584055}DyK _Toc121584056}DyK _Toc121584056}DyK _Toc121584057}DyK _Toc121584057}DyK _Toc121584058}DyK _Toc121584058}DyK _Toc121584059}DyK _Toc121584059}DyK _Toc121584060}DyK _Toc121584060}DyK _Toc121584061}DyK _Toc121584061}DyK _Toc121584062}DyK _Toc121584062}DyK _Toc121584063}DyK _Toc121584063}DyK _Toc121584064}DyK _Toc121584064}DyK _Toc121584065}DyK _Toc121584065}DyK _Toc121584066}DyK _Toc121584066}DyK _Toc121584067}DyK _Toc121584067}DyK _Toc121584068}DyK _Toc121584068}DyK _Toc121584069}DyK _Toc121584069}DyK _Toc121584070}DyK _Toc121584070}DyK _Toc121584071}DyK _Toc121584071}DyK _Toc121584072}DyK _Toc121584072}DyK _Toc121584073}DyK _Toc121584073}DyK _Toc121584074}DyK _Toc121584074}DyK _Toc121584075}DyK _Toc121584075}DyK _Toc121584076}DyK _Toc121584076}DyK _Toc121584077}DyK _Toc121584077}DyK _Toc121584078}DyK _Toc121584078}DyK _Toc121584079}DyK _Toc121584079}DyK _Toc121584080}DyK _Toc121584080}DyK _Toc121584081}DyK _Toc121584081}DyK _Toc121584082}DyK _Toc121584082}DyK _Toc121584083}DyK _Toc121584083}DyK _Toc121584084}DyK _Toc121584084}DyK _Toc121584085}DyK _Toc121584085}DyK _Toc121584086}DyK _Toc121584086Dd`';N  c *[-AACR XkАA$/ F݇XkАAJFIFxxC    $.' ",#(7),01444'9=82<.342C  2!!22222222222222222222222222222222222222222222222222 H" }!1AQa"q2#BR$3br %&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz w!1AQaq"2B #3Rbr $4%&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz ?( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( (9kyj5e󌎙yv{6N*+c1ڹãi{5z<6_[( 0pN{HR O5|^b߈KťO.2980W2 9o&֖ևܶq2Iʿ(rg"R2(;ЌוI,HcB fx@1 99QWhzE`bէ'HP(2,x)SVz}vRnm A PH,pjŶ ֝i!E!\Un;mOZOPu3w4lC>1x/V++8^=088vjt,u}Fm.Aψnp63y/nz5.  K!@Wwp;9{z֢~=Y ebY8n Z05? x*O:w:m޻еvobg@m KxQa#*U䞄i{iy'C, F `@95ii韴TVfPFBzK`v՟!a!qhh%}_|7%>q )0S+;; ğNIմq{;ɭlt>>ku,fڵ͜d ^FLY!FC@> T-esh$;N`2z|pGJY_xsSivv p4{6 HOI#kv@Exrnt3l)hZ]`˜`[9`-lqi̪l'kg=(ѵmG'K璻g+*dո̍_k.# ߳Fʐ}T`d̃+v1C]5ƝayA)!B>Yx~qѾPzA@E|=fj#\yk<>f ƒf߆ZN.Gku%jp,ʁxKՂj>Lo"y\TU>UhL$F4!{;\ ˅\'.뷡.Y.%#1#t ` H>a6t=TeYYn`*I$z/]4_Z#]Đ̠^{dZ|ix5[4-L͑9PY3d|fdžuU0H]/N=9;xĺQQ44WC`v5Wס*>ȱwa[? ߃kcG'~C?UtP? ߃kcG'~C?UtP? ߃kcG'~C?UtP? ߃kcG'~C?UtP? ߃kcG'~C?UtP? ߃kcG'~C?UtP? ߃kcG'~C?UtP? ߃kcG'~C?UtP? ߃kcG'~C?UtP? ߃kcG'~C?UtP? ߃kcG'~C?UtP^]Yk}/[oT.$ d$$ Ԯ~J`i]QEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEqZiWu֣= pB׍&b|-nI͏|օtQiV)py *۠qvtC>#(3 i# 6}kvF tH =&ׂHBi0EEyhO{XnšktvT{ŋ^cgLgV= 5XvqX]wk&vMDlppAX((((((((((((((((((*FWA\=W6Һ (((((((((((((xmm常8` $Q@$z. nmB [XB9UTpYU@'wSo=|s" T6+< "Z8BrYKn!l OA( PխΖ~L]%NO"eI헞%[!5w&:3d^ÞH׵ ;ribɦG 0؅SX?}? (V¬?8+(?YSqQ @<gO9aG*|s½U>?}? (V¬?8+(?YSqQ @<gO9aG*|s½U>?}? (V¬?8+(?YSqQ @<gO9aZo,m+w,%G1zgLuP|(vpw}:ESqkCJ -Új=gd[v|0mA nzO_N+<gO9aG*|s½U>?}? (V¬?8+(?YSqQ @<gO9aG*|s½U>?}? (V¬?8+(?YSqQ @<gO9aG*|s½U>?}? (V¬?8+(?YSqQ @<gO9aG*|s½bq&8R$ҭe(4)rH'$g'M'$> ]ܝD1@8yEy-쿓~4?/>nß9Q͎ٮF4_{j|$Ul8#<Ю?Ywj/iO'q朖T vW/=q9H[|S`!0ĕF7I#TuQECѿm+ W񧆬>"-gZN$)FԪ$#5"H(2PhQEQEQEQEQEQEQEQEQEQEQEQEx5Km&HJ}F7V,F"ߜ*Dٮ/_AzYѣ*^FZ4۵'_GAK/OcN.yZ\=yI+* V^?{}\MAkvJ-ԖFAK/OsI'+'~/h{M?kHYoni??4 YB`½O&WO^iq=_?%ۚO,!?Ə'_\ׁt.,Yceׁq?tcki7Cn74 YBۚO,!?ư^?{}G+'~/i\wG{sI'Rk?4½O&kH/)e 4ni?{MV.=m=L#\:,˻/ /"u!Ij+'~/i{luȾ {sI'Rk?4½O&$~{,~K74 YBۚO,!?ư^?{}G+'~/h/'_GAK/ObdA0pѹ}X՟WO^iҍlt9PEԗoni??4 YB`½O&WO^i/e}AK/OsI'+'~/h{Me_qRh)e 5 I??^?{}G$~Yoni??4 YBswt2I H]p PN>Z I?QMAk9PE)e 4ni?{Mtq^/'_GAK/OWO^ik閶"OxI(g^"BiJ:)C&K_#)e 4ni?{Mtq^/'_GAK/OWO^i I?=;#{sI'Rk?4½O&kH/)e 4ni?{Mt㿒?x{,~K74 YBۚO,!?ư^?{}G+'~/h/'_GAK/ObdQO1ݸ}TUWO^iU͵ȴI7RZۚO,!?Ə'_X?t?4;#e_qRh)e 5 I??^?{}G$~Yoni??4 YB`½O&WO^iq=_?%ۚO,!?Ə'_X?twt2I H]p PN>Z^{r/~noi/4 YBۚO,!?ư^?{}G+'~/i\wG{sI'Rk?4½O&kH/)e 4ni?{Mt㿒?x{,~K74 YBۚO,!?ƹ\YF<6˯vQV^?{}IV6"n$Ikoni??4 YB`½O&WO^i/e}AK/OsI'+'~/h{Me_qRh)e 5 I??^?{}G$~Y7ƍk~Q:/4ù.; TeSfdtMb½O&i/4K'4)#u%A8i{luȾ )e 4ni?{Mtq^/_^ֿ7LYzSdE!T}hd:lr bI0WP28>P C?to-_~_&ZY◯j|1XQ^oin@u/`;46i%x&0ea`pjx~'< J"f*64g8#4Wq+)8avӒ;s|N^`a|83/5KëFg.o`PHX ʧh~&*YeήcF ck9Q?^4h.׌56e(5hl%6wqƅ*pǾO"$<64_ڠ 7rtķ^0<0@IyhB?JulZ˪K-" n6}>*m5uҦl3[qp8Fpzho\iwF#OY_"txg)]TaZk]+)mB`l=3ڳ_~5^4_%Vu2')ONր_KbCOWDL}&M)4r"K @y"k|_%#JďzIMJk%ۤQ<v<[o8ڒZ}|Җ;$cdyDc 9`qt  +=g}9nE ( *SҢ=XoCrDpX$t4T1]OE*.:Rr߅c-/z\Wqong@Cr85oњ,}QnrjzHfX7,FO[2R# tdhM7Ht2ƹoo]Vnq]"R~m R-毬Gk|t:maonbEXF nO0Mz3΋l"C|gN5&j -Ncʤ 8vid|ioj 4ײʞ"4ci*ih|CkR4_͢[En\jsX_+:K+uk[k)̩,Ro4<~ MXWꆇ 7bEfjW_OwzΝqz[t"#NP4[{-F-BS[[$KDNILֆGyQ-dZ6 )*# ;E'-|aUe7+.=q=98Sv6ѽ2.[2/>j;]R눵km_)$b˸yC76 PK,pdE2pn =fXMZ[ym ucf90HUT^@/A_Koh/V/A_Koh/WKQ}?2Q^Q@Q@Q@Q@Q@Q@Q@Q@Q@r_}/% @/\YdׁFaӖ4`g+O.mo! 6m_)z֧O՝Af:Ӣ1$0αجr~`}M3oaU3HTF.7b0ǓnNj,M{xGhO K,;R# v烊_SʇG&?VF;e-@`N+C#o+cv^a%"WRpAÞ:ZxSD[{-os%lerD!Gs &Uh57 L'͌ԺV^'ڭ4.,>\~ɑZmszgYsR20arU|[$d6|A Gn7$'9~&*}FkOᗧ/{'Ėl2#aj}+Uu4ZGك ed?t ;vx_hֲȏMa?P8>h6xZNT_F#=<7kߕd( х,B@+4kgMHp,12V,!GB{T7g|EG|?ek%?mwS *3v×.=0H69SжO$g|1awb`5ԣp|g*cb//[C{ux7U~l6!@R9nT|@J [.G>T m3`bTff$I$I.Lje<\-Z#.2285RYW5GSW%Ct:6cs=%[-ijlv|* ,|YE\9uI/SL1L# #ŷ2zUtVGGTMN[+R[+yMDT01Pp>a?Mk~ 1jIKHR<6G] COWDT]Mr{;I#Y'BBѰt'eFxM]U1UΗ5|OxkE76<ڃoh|\H"t;0H+YW]LM՛{WI1#UצZ}o^Zʝ35 t5D7d21F sB54P1-;Pw:57w\~_ºz(6gvec2O-ͤG0p8;w qYYu:Ytq$l~[pm<Z4?i*gGqF/Vy5KVcVw6X>$@9b[xSR{E6gɞV2m F+ר 6_ jkOisev/ݭq9ߜeksttCo-nLڡ'$Kt njjQտJηh>EVG?Kүu K=e  f.c9g%QVz>,oXq;rU8f\fϊK{Ե].egQSW-WG 77Vp[D1FEoqrH@n̓trҌ1,0~^s->[:]ԞCCxUbTߍrvqqBE2ֿ1tD cr9y>,\[lK =I2pTj}ߏ{Pjih꺵H7d~tC?to-q2:k+E*[!)?23;a3ؒ=*z%%c$:jiфy~J0;H8=+ r?xhVu)R)-: jۻmgO˥ Rysg$F2Qg]KD{G/*B*"#b;$k6Okm;_ BTy~^ߔT$ZuԾn|u 0+@`H'#ogqc4w"aFFAx]'+u;3<2TPx8#el|+۴2F]B y,Updd=HazS6[%ڥV&{Th0SNi`t߱Vs]yά!Z|tKk4m1eXdFA@O<[scd4_\^_ܳD!a [ ?@oz ?@ozT =:/&_+<(((((((((K ^Vqi[[[|Ni蘫cşɹšR3J"Q 9TKYӱqIo}{}ݥѓ=3,OC 9P+cşɹFC:s@z\WRɭ+u)Sg?n_X^[Q?g?n_s& 2s& ?g?n_뵿̿4LU~%𯊑ZU.w1RdNj?9rD1u_^˞zw?g?n_s& 2s& ?g?n_뵿̿s& ?g?n_뵿̿4?i*pI_EԠ:1Ncşɹ¢ъzzSBSrs& ?g?n_o/Nj}[Os& kWR(W֕!RA=; Dub.f㧩\'#,M1ܿW_Q?1ܿG#,M}vQ?1ܿG#,M}vQ?1ܿG#,M}vQ?1ܿG#,M}vQ?fW}7S3kJ&S8ӿg?n_.md\tKO^s& ?g?n_o/N+Kh'xmk 44b:5px7/QNj?9r]>eh'wEpx7/QNj?9r]>eh'wT4?i+cşɹšTQqJ*J[KؾX:>=;\'#,M1ܿW_Q?}ee}}{oˋY._q;T"bW Nj?9rx7/Q_}FwtW Nj?9rSt=vP[p ")#_CGkϙ~?jjpM_;#6PRn;N ;s& &߱zvEAt?g?n_s& 2s& ?g?n_뵿̿s& ?g?n_뵿̿ꆇ 7bErx7/UF&iZ[G<1̊QC( CR/o"#NzM1ܿG#,M]>e?\'#,M1ܿGkϙ~?\'#,M1ܿGkϙ~?{ ^?i+w/#N -ČZ4w--*^R6+АT}388Ԭ_a5&zh((((((((((((((((((((((((((((((((((((((((OY<}'ds#m hPES=HjI-ݣi1 l*a >Q؞n巸9 I]H#P ܡx%TY0 UAOV-'Ni% Hk9<\?{=6zevvZZǝ$ OV(qEMfySc#]݈?((=}NnQ@Q@Q@Q@Q@Q@U=&KkuHcP{x(U%*7#EPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEgk^Xsuc]$/,Xb8 lQ@͋g\gynhϗ`ߎv8 U{5 w&$nN01G׎擦}IWh[ S#zPʧMhep"n[h*|EG{=CU兪_]y)hw$*YrBCТlom%WΕ8(KtQvc* fl"( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( M7Yqo[Iг(%@9U((((((((((((((((((((((((((((WvZ]ņ&vRT݆ (O8&8( Ulr A@QYE&_![X B%Zk6hvg9<];ggy%a<]lxLC)Ա+oaOAr((((((((((((((((((((((((r^Κ6]Vʌ.<G9닔V~ ]jWLrJFGF8TDPY('zFKE:ͪ_j2M/e)UvEUUs:=MhPTR:2EwhxLK[3J+'C(N[X]bR$(8gU((((((((((((((((((((((((((zNXv#Aeom!AW*C:Ȱ^q`8$g( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( +?F众Kw7B Tfl0 Rbj31cTմٵI G!M,eELy#PY?v·M+yHʥ[jq (ͺ} ;VU 23F}\(((((((((((#y9J,72=Ƽþ-.ݗTx͚*92f$S >|Q "%IK:]סh7N%oc&+5֛$p =ghzn][mbIL6 y*\)$wW%|F|?EeH`s#X< le`ĬCPU9ȯy+ rx49 2Wg_3j*]sni??4 YBڟ/=_qiVSm }86YYj_m0ww5> 6iI :`G<;ۚO,!?Ə'_GaW_eKxxK06[2;!Ad['8e?o;=f m6ylENq̙esrOURh)e 4{j̾o#.c$Kfod! Sg k0::st뾟7]AK/OsI'2UW߁dTi2 Hj|!A7-5aYfHd_3n$硭'_GAK/OSe9;߇RGj7LZLPHE`4n8y;w_}~#֮6Y^%*9R [ۚO,!?Ə'_GaW__ni??4 YBڟ/=_q~Rh)e 4{j̾*AK/OsI'2UWۚO,!?Ə'_GaW__ni??4 YBڟ/=_q~Rh)e 4{j̾*AK/OsI'2UWۚO,!?Ə'_GaW__ni??4 YBڟ/=_q~Rh)e 4{j̾*AK/OsI'2UWۚO,!?ƓCnu"{یIO=Ƥ$reNqWhТ* ( ( ( ( ( ( ( ( ( ( ( ( ( !_뭮K ^Yg?P{Mt?ȃO?½O&WO^i[E_A^?{}G+'~/k/ r_t?5Gvi9/WO^i I?h; ?+'~/h{MuQDxK?5ZdA0pѹ}XmT4LU[)WF+'~/h{MuUgai9/WO^i I?h; ?+'~/h{MuQDxK?4½O&("<_g% I??^?{}]mga/~3{Mt?ȃO?L6&yZ7?/ I?U1Uy~`\G% I??^?{}]m_FxK?4½O&("<_g% I??^?{}]mga/~3{Mt?ȃO?½O&WO^i[E_A^?{}G+'~/k/ r_t?5Gvi9/WO^i I?h; ?+'~/h{MuQDxK?4½O&("<_g% I??^?{}]mga/~3{Mt?ȃO?½O&WO^i[E_A^?{}G+'~/k/ r_t?5Gvi9/WO^i I?h; ?+'~/h{MuQDxK?4½O&("<_g% I??^?{}]mga/~3{Mt?ȃO?½O&WO^i[E_A^?{}G+'~/k/ r_t?5Gvi8x7NҴK&i#ۀrvQ]?S1wF- NƮjTiV\qZJw5GwQEzǎQEQEQEQEQEQEQEQEQEQEQEQEQE|B [\/A_Kqf?;~[H̨UFI=N=Z?;v0 R>rfSJ~ c[h1,wQ#o':W;RM;i;* ܜ(ŭuk 6^&Z| H'eyFirlNAew}aQWNݎr-gP|10_CT@e;N!lr bI0WP28>PkG𭧈/.,㺖VQ22 &怹E Cf+tKK }mwɏzQh:tM2&3+. FpFjCOWDWꆟ}/_њeQZ;vͧZq:i䱒 FJ-z-|e74u$QխͶP4 dN:kӪe|m6g3A?c#q@G=r X"oЋB?.pđnkKBO((}/ ??u___|?7Z~H(((((((((((((((((((((((wF- Nƣ)?x3E;/i۟q̳M( ( ( ( ( ( ( ( ( ( ( ( ( ( e^jDPYCȳ+/Xg=Et4VUF7N[3ZF|?>EwtWw=0'Wȣ+WwE0'Wȣ+WwE0'Wȣ+WwE0'Wȣ+WwE0'Wȣ+WwE0'WȨq<_٫~m˘?N+Q+w=??' (Gw=??' (Gw=??' (Gw=??' (Gw=??' (Gw=??'>;t\4`.%I+Rڬ/6 |?>EwtS9?>E_"(9?>E_"(9?>E_"(9?>E_"(9?>E_"(9?>E_"(9?>E_"(9?>E_"(9?>E_"(9?>E_"(9?>E_"(9?>E_"(9?>E_"(9?>E_"(9?>E_"(9?>E_"(9?>E_"(9?>E_"(9?>E_"(9?>E_"(9?>E_"(9?>E_"(9/ku rG=@6WmnM .HqЊ֢ךRvb1KrF*[]Q]QEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEK0DdZ  S (Afg1"`b/&ijAS=/by/Ϸ nq/&ijAS=/bPNG  IHDRIPLTE3f3333f333ff3fffff3f3f̙3f3333f3333333333f3333333f3f33ff3f3f3f3333f3333333f3̙333333f333ff3ffffff3f33f3ff3f3f3ffff3fffffffffff3fffffff3fff̙ffff3fffff3f̙3333f33̙3ff3ffff̙f3f̙3f̙̙3f̙3f3333f333ff3fffff̙̙3̙f̙̙̙3f̙3f3f3333f333ff3fffff3f3f̙3fMMM"""DDDUUUwwwࠠBWbKGDH cmPPJCmp0712Hs+IDATx^ * kK7؝Adz[]OWxA(`Zia<A+;C@ F @ bP#qq|(Pظa>Ĉ(`\@l܁0 b0 6@1b Ww ̇1+;C@ F @ bP#qq|(Pظa>Ĉ(`\@l܁0 b0 6@1b Ww ̇1+ yuwa-)psyZi^͏oH%7b+x~ub1;C]ӫfX<|DY{C<ӟ ^"ثx"/OG : x1& l3R 1&ƘxW__aև111q&ҝvp,Tv3sƘ!&h0N> cx[;f¤Ǝ_cb r~>BLߟfvcY11Tɧxoi9|W>_@| -Q(zFjzX[5HˌN,O҅ Lr!W)C zPݚ rT 1/ۉ}Tħ)b~:|_DM??!3Xx$D@owUnXss%#M_!cqjQ8Ӌ*/X}5 :u}|3iG@|_L/ cqZQ8Ӌ*/X}5 :u}|3iG@|_L/ cqZQ8Ӌ*/X}5 :u}|3iG@|_L/ cqZQ8Ӌ*/X}k.hd-f pcT^g S<~8COX̚-JRWNR)G1 ߲ZX]Y>Ĕ؋䷇xPb>5h_Fsq]9Bg!h;>H(|K/CN5iN5Pz9 ~VE ._oͧQDW¹`!R%uT |:oJSg{&iy \Fi["ao"'p}~+ߜ~ZW'2~v٥{myW%m thQ)#SޔvhLO?u yQpV~.[<:Kyt~r_}ƀi(}֦݈ʴ8)^g'#c) Cubḯ{i4Y#!LA$}71CJ ;7:Ъ0=kVElqPfdcL~Ē{[{&K&&4Qu eġ7xb.Sues2 vkXV=A&Aɼ͚^xxUybQǟL~e$hH DbBۘ8(hgܑCޝ U촟V281Quntcb͸ocbwmO1&@_q-QYSZh \ E=,#?/.eZK,=/ unJ&\)xX31<䯩ѝ~wQȥb(zIII"EF=gѾܰZVuٍL˷^|}>jgҜ̤G*LÏUSXOUL'sX$2 \>6eO [mRW}?Y5we$kt2P iiαI؍jgX% eZhpmNXo5˳gO(L#2WժL/1EF& ghF3WRja,C-XT+ D>ބ݈2kYñeqa7Znrw{ t_57cM:蕣upTE 6)n$ Zp횷H(˗\cխ_1?rUQ|t+KqIkYc60{*6n-ļ_7};Uܽ@t+W]Aݱs.c-( 1ZZgqz.Z /YbNU}-NBLy}n7pWIPV}&kOoI$=W:or~ 5;XѮj؈6I> ΌJ^! T~gy|'2zxh5.3VtvZ{7[\;WyS0]bl% hټI1DBkKwB]WiV1.Wfm@+UJhC2q 懤2&~_yȼtJ QK=r41 qĒWsDs?rOL򾻢{^iɚv13”6LfWZՐ7tJ=8sh7&N\!DQՄ,JR {fYb P?KI&eNy 33Ρo/Nwz9{>fX u$Y!O7G-L`c>Vls_S ~v12Hz9 % _b5cU:l,xhWpnNgO^ O]zҦL~<>WosFI $sE@Ǎ:PY͢0܇s 9wħĊ-L__$S3&t;-F㵘cxNЃTW5uTB^ J~e◃Fld] a$K^mWx&>u&&NX>*bFb%I&Jl0.1qu5u '/Β]@IʙiH>Wą-S]IõsZ[9T:1IgdZ'x X9:/N#"81 "9 ǚI8бv,[ .gڒL*T LlxM%*L3P k1Q)'`pSۡLRD%jmF`p@e"*Pk4*Ev(QIrZ cz-ϤB V9!KZ$> F@&.eٚqY= ֘$qL Ǜq QSĉB-6bD!qV K&ATрeke,T[I rB DI|&*a͑:4*)P&) 6~HRD0k8 Nqo2ITC"Yq{;IBV9-ք1qY= ՖgRBabk%-QaIJXu ӲlMjkgՀ8IqMFK(y)D1@zk8]% N*Th@\N˲5z-ϤB V9!KZ$> HCrf bv(QIZ?Q)"5CJ*!J8Ž$ETRrcbek˜jK3P!0UN5⒖0ϤB%:iY&@\VB53j@$SB&q\%F<qPmQmc 5@UÒI?1q[vb>6:KF%;Kۼeɿj4׻=U,1K*8N "ݢxĈ c kospI`ދp!)7d\ <"B}bS1b|ۊSؖ_n(Sw1bx2[ !B ăC' f8=H4$Mm"W:SveYq8ZlD ' bDFw(WᇯV4yx'2Έ . nj U߄yxp7u{o<@A&I.pNB^4CQ_h"LAPj@&Ί $*BN*WYF2m\~S|n UAc 2(֞=;NE,+ieh;5}ni YĔai/Vr$nNL٫93cAcyLޝ DB}Id, @[]9jĚ|Wu˜88-S?Y)jBT3@fw;H>Iopdw1nޙc[(azA88T l lwCcn=i%տOh}fӺS2 . nj U߄yxp7u{o<@͉#n<֝,&eJ&\°jwZ *;ϙA#]&ޞݬ{`edװj A<&^y 2> *bW 5ծ˺ܭ!ĒhF&(BB2~R"8uYgASѝ;}:tL,=Jx.[M=w\PFIDSN!gNSYo ߖ-\:2q8t iTmejJu(*@&Ίpn# /c̟o=,q2<|)THךtJ>G|+@Lۮ2u{] 0&΋6~X~tޅF 1~)}ѷWkZ?B&>^OZriR*=dd~' qV7?i UNW _jyP v[CպDPא Q]dJQQjS֙u{UW}©Ͷu{:w . nj U߄yxp7u{o<@rδfŰ a ă9$05qex\q}3ex(w<PJdfRk|E;5CDPKpY!!TQ\"ӺTK5רK؅ąSN u mk Cѯ 4 d;։=ƎC 6ƽi@l0;:aCt M(;!f;mQ9ew&خ]i@\MxvQky+J>];ZӀ`W}fwtwq5iEq+;. v-jMj+]^Ww]Z՚դWlǽb 3(ص5 I. v-{^ @gvQkyGwWkW6^]Z`4 &mb(ص<{%qGE]i@\MxvQky+J>];ZӀ`W}fwtwq5iEq+;. v-jMj+]^Ww]Z՚դWlǽb 3(ص5 I. v-{^ @gvQkyGwWkW6^]Z`4 &mb(ص<{%qGE]i@\MxvQky+J>];ZӀ`W}fwtwq5iEq+;. v-jMj+]^Ww]Z՚դW\y .Ӄ^uqJ<= EQxLph?y^i@\IؔjKBL;vׇCW%-OQ e(PzO>SuxXWIڂ|1C, Lf{7AeA-/cЭk_ieLGsL:ʆ_3:D9xjgLF2Zc|hwG9gJA*21%M&S0}Y~ , ⎁P Uܸd y^ 5 IĜL2TIoq)ª˳h"]2۪g]fpt{@)f`g81`\b#W7Vu)ijK 2[- c0w@y o}Lɀk7 k+2"얉i;qG?nV6r+]^懿0L#RWwBGcH ]un^^VYOJQ64 lj(ص|ߨ<\]Z~Idwtwq5iEq+;. v-jMj+]^Ww]Z՚դWlǽb 3(ص5 I. v-{^ @gvQkyGwWkW6^]Z`4 &mb(ص<{%qGE]i@\MxvQky+J>];ZӀ`W}fwtwq5iEq+;. v-jMj+]^Ww]Z՚դWlǽb 3(ص5 I. v-{^ @gvQkyGwWkW6^]Z`4 &mb(ص<{%qGE]i@\MxvQky+J>];ZӀ`W}fwtwq5iEq+;. v-jMj+]^Ww]Z՚դWlǽb 資WGcHfq1n^3rL9 p H@<3` Q稆c@ ⁜S@8G5R r9(0x g( Q @9@qj8 0 (sT1P` @΀)P G@)rL9 p H@<3` Q稆c@ ⁜S@0%IENDB`;IDd`'Wh  c 6\Arbacspec"`RHw9$b\K'U[H FSHw9$b\K'UJFIFxxC    $.' ",#(7),01444'9=82<.342C  2!!22222222222222222222222222222222222222222222222222 H" }!1AQa"q2#BR$3br %&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz w!1AQaq"2B #3Rbr $4%&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz ?(1 #+w=OKEdG+7YdCrm)Rg;`@ҵͷa!g)nY =Q(J(*+zDEEop6\V9# 5l"Xxyl*9qc@VfêKoum 4{AW?ִ(Ǘ1Gb]seiXO\7-n(b (A ޣaC*osHkQLhyc5,@IAo 3M4b`(X.2ݲziQT N>KX9%C0ǍB=HISi8SۡQ-xt *zoy0+ C%J4t_Gs ַ5 kpyɸ@(dV9D3g#VQv 9jq_ a-ҺR <-.ŅT؉%19d n+ +Qk{-:m/Orsq aI߂S=+iGS.$T.6 ڪ8cE)dl2xP)˕1O6Xodo)@ +<6w'ZԮx-1+i[ |/MۃZ5׭"#ubx8uSsۚh0}3]JmN h`x8gu=xGoGl@pܟ5 66\1XbXMygs.]E߹M?OkWKYN&Y_yL/ W8z} XK%ΐŏ/xB !fH}d6a)u1ԑU͕ZՕ\n݃1(p=-.4ko:W#hK!;|Y_;ң+߰-ՍDG, zWQ@jw=RԉuXrnwsBOA5Օj#_Ș˔o35PzU3O&-mH҂|s>w~wpNNqVX`dópTa^玽Ew$H|,p2NxLFڅ6S'eܙN ?JKKkqu-ƥ 3HʶRB OlW6ڡKO <ȯ0H"PaY\Y5c?jfĮ*!nzaQ`FׯO1mڦww2t G€OdcXms{hdw=R[ + 4PEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPfwi6yeSqvfoaM۝FMJ bLKj  etR}2mk?͌:MÜ{t4mrXKy,N`T=n` a(GO]+lw E8 2z|4ƙtng1qWhYSI24U,lo;8^1D9 I(ԛf$ӊcݹzv3׌g*Zij3iw 9'TeU nf#g+C5OjqAĉ~@ /We  GZ(MiV6,˜)#+mswWZ൞k_2DsAJޕ:sր8^ͨx5ּI,\ٛy8#%9ے 31츬sG9wh?![08Lmϗ9>l1N(nln粶(\Ζ@**qpxg NRҮu+6qk{L(8A`]hZC[nUy`FLu|+xYg-^VRȤ-v7Zx&A*nvF21ֿmb`]_0/ghƹ^EillgPC >Tּ!Pα -qDB p>Ӭ[[l;F8Z@4ZMfe x/h߈6W]_w5$] ozc7yzmȊ%,P9$0p96=FEy8ݸW$N$+V-#'gkt%S 1tBpk#z{U4{qM"B4S" \91/(/GfGp Gts[hZMImY$($0*4j, ❦B8^IO}4fY'Y`{y4.TdT$=-PE(((((((((((((((((((((((((((((((((((((((((((((kSضe"9s!r,=?J[|)VJe`pTT?^wuko{m%X{YW^[Wtn@mqۧEE'b|:=}6 Ӹ;rm FT0#9zާtuKkrMRCU_,(e`X:tiwwp['>^6ξ͚Dd1 lP7k Z=: MKcZ4Yޙ 3Hp Wk" tHއduֲ? 3A ۫yFok^Ti!tI6e :JQ8fT1ɨ\.b\@ 1p[KNum<,0l;@9_s& ;A7$w|yt>Qʀ=aARIRȩ3LJROFp@<9%΋yiУ-^9巏ˍY' I\֧ 8)XMe!G$}r:Ki7_ZnXEČbHWxKE_m)]wbQhnl^(_T1FrfO=TW5sºhWi\F8 9 Awln1I33_hfUNJNMYMN;hVbO@:爦(a@R N>񝄮GCL4;˅nnKkIxa*'̬9P ]q+ym ]@=; 4[dTxBJH&UCRBtmz[%U"KjCQԠOaWpG8P`9u=߅kK!$p$fGٵ2 }mai=O6U]99=(.]学lke-+?Mll?{s3%nOӠhPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEP߈ϢVjUyVW[1<r0qY$[s0>\c+Xxkf,m}w={$-/ X;ֲxn&|O3)B~UV#'5^mݳ^I{or<ȥ(;`WOlU.GHŹYNߝY@CgKB+%ѣk/#D{ͱo!CN3Z7>1L..mrH1Ӧ5:fAvN\LK)-84l5mK_, Co1'Sˣe;JNoO׭u+4SXg1:nFS\4hZ[im7ˈ4Ią$v:EE䴼6wHfc٠ 𖄎ާ^ZWJI9]ێݱc~WAhPY_G< ]R/ 2.p 3WizMz"iwrd1eMaG_:T _:i]Q3?Ӟؠi*G5YQ)IȢE6O1VV~ak71[u2" `'  X4y$A)RR/2NF|T+ 1Ar y֮xenTIes:jXrNJ <]5\j%ծlgB@ʆ P\89.<aqWy2y]v6(ٮ&/|o+Džs t>f*/ZfӅX^iϨp$F@r@|\vw䲛2lڷ-6wS8#8'?6}͜w{2ZYe3:2eb ۸Ay5E!!Hb$KCS(['.4c*/Ē989s*5#Ζ՚_:mF|ͻiH|>ntK^/5n"H%$_m&1~,9{ zWl+cU7/%uU+;!xޥm`sp2"O2s;D,:K47Rd*8-)=V9u+}* UF1")3Lk=>ڗ6q%(bY CeH:Se4 L+(rJ0J}+-F]\\h(&C noĜ 5dKf_%Ưk_pcA@65Aaiomwk83D6:0lqWV~!J5)s' 18 U`6e^i[I+Ԯp%HcmXӴK2Gf/,V<`(B((((((((((((((((((((((((((((((((((((((((( ~쭣P\n3л1i^\\m.-fn: f@7, /-[dvp=Gdڎs>]ѣGz䌝p{dcbY|-}guu/[\E=H&I[aa1ҫi'UmFy)hT"e$hQ=ŴwWe2)7U[?5 x^]_K jysPaP3Xx`M Q"Kkٓ"^H=zϷZ"tfKvK ̤jV7:YZcs(Њg#zW=-xv(pU?,A<ɴE;>Ԛgۭ;sr'X#>1}X$V1*29NMϵs2}pT< qPlnڞ57NDA#f#1@9S,ilcԺNv3$s0.ۥtWն 7KyǕh9FqM@ӼHe+kyDHӇ9\Jjſc=5X&:rI/3DUny8_\}L {"MZkYJ08 ϷJбHg{[Ht5kIKT-I8|4>ɮ2M>9dC+@w|8<# 7c,^[jP#c ':vc#?U/pso//ӦڶNVI$MДCƘ۴o{d9ݫXI^*P^$e6zr3@$_ ZiܤO (%p$+ ۆtN)<"eWt3]]:r塂&yCu}g{wd )V 1ܤ#T`zc鷋$d[y|Ie>7ջq .,u=Ŵ܉uhp-ޝt֖Zmӭy *:oRi55\r^YH˹o( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( u2HRRbLHuEEhU GFLownhtbzRo:Q",!g0;ڼgX־.k+Fk{%tHUdAsjweƑwGsc:4@+>#,%RyROMtJKgM){OBj\݌"ͨiR3uR[%<#ip9 %R嵖MRs4s9B<q94[=.F2B]K|a=9 ? ]V]kyle7HL!P8e;}[cņbx-K*'Spsei^O˩G<:N=((gY6vML<'/) qk1nH3!vm'7++{K&S:t@bc2{n0 M-_KiV7w\P2 3,wTYUMR1O[m J9=wU!*.PCy&m(!Pȅw{Pز"yhαt/ ȫYt[FK D<*bRRpNCgr-7%o-*Í09uNӴ}cD擡iVl-- oX$z@fc R'R}#hV^X]5봷zǼmmUz\vڵ(((((((((((((((((((((((((((((((((((((((((HĀ;@I=e[kRE줹݉/]qv̇6UcE׬5eBU#v7 EٱȎx@ O@ιFݒ]56hVIQ4ѩqpA{5{mGKڡWC$# qqJt +NԖ+ik~ϔgdܛw/d95wFx"UT줣I! m$rMGkw~ ORJY"A\I kOTʝW jڕϚw4ߡ'a1SYdž.u-ONԑ@^%ڡm%KAcW`&-lg7\,T%@RVcr"F)O4K$%lι̒ˌsH8x(((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((TDd`'E1h  c 6 zAacdeflow"`R~ ÂO/pM\t~U1 Fl~ ÂO/pM\JFIFxxC    $.' ",#(7),01444'9=82<.342C  2!!22222222222222222222222222222222222222222222222222 H" }!1AQa"q2#BR$3br %&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz w!1AQaq"2B #3Rbr $4%&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz ?; z a⫠P ߃kcG'~C?UtP? ߃kcG'~C?UtP? ߃kcG'~C?UtP? ߃kcG'~C?UtP? ߃kcG'~C?UtP? ߃kcG'~C?UtP? ߃kcG'~C?UtP? ߃kcG'~C?UtP? ߃kcG'~C?UtP? ߃kcG'~C?UtP? ߃kcG'~C?UX'to뗟dQ e$ 'ʹ]?a+7@'~C?U?0UyCI\?v<$?t?0Tw?W? ?%qtw?Q ߃kc\.߇0oJA ߃kcG'~C?Us~Wn]?a+7@'~C?U?0U_<+FK U]q>,x@@'.uaQ@'~C?U?0UQ@'~C?U?0UQ@'~C?U?0UQ@'~C?U?0UQ@'~C?U?0UQ@'~C?U?0UQ@'~C?U?0UQ@'~C?U?0UQ@'~C?U?0UQ@>,ާy43/c'VsPo_J(((((((((((((((((((((((((((?J<jO^ݷ~˫ۜg v?H|]q([@Mx|-e&mמ"h) ߯n35/|^@#CЈ=eZ7kZ|ima2\ؼ+*H03xqcJƒjMocwknbVT¤d£FcMNcmvl?ȴ}s7"#ajOr qʯ$j?rsb5>"x $33q,MvKAh7.R,pRzQ.%M'4AL)d >ˑ}+F÷װ2%ťKZqir[865[7 ˒1 o@'y&o.~nxuT>C3]n'.'0zs@l?ȵ>/=IkkzA\uAmýwQEQEQEQEQEJg@?2Wv?=u l5Ϫߙl0qn{dTvk$[ycF Bw`G9#EPܩup*zQEQEQEQEQEQEQEQEQEsPo_J+*FWA@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@ysJ.k+Qs@?xkV)kO<5`_Pija{D7"[bqʐ6ӻ; `tzakx]ErFv6Hmb8<n-ݕjc[f'2ɻ _mQo ,K,#wᜨGU)ěa-nfc8".<|<^gxYc$f'H\9-+LI {(^7ڜSM4z\r#!2B{nX=8𿁯/Pw1»PY*:6^7 kg%sNfv`hӼY}&u퇔ECd` ]oEhm)r/ #uT8&2d2kZZtNC'EHnbeQAatzqRw(乎,qHZVڽyWʰjuQ@7 rנWܩuQEQEQEQEQEQEQEQEQECѿm+~J`i]QEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQE?H|]q(@OᏉl,.a7(dր6< $_ K]q~5ºFqeF{"3p2=jCЙ/H>mNƚAh5G xgp[jCЯM8=+3Ɓ#?03 [#j5?eUkb /qڀ9;nym'Y:/-v2[P6з%ܿu {[Xg}=F̖sʰJ3{V vWRI|nf7Ϯ*اË.d6trN?z'][AB=S6'\t+nfmb/1>DZ]d㓀 SsYEtA Bf"xR<#uuly, 9=H((((()̕c]^^Odz +"o hm7HKdHEQךע2ޏmrXWj䒣ٝvѷv2Gk$ X璷2ݷgݐ>]۷8 WQ(ş8ߕE*c@Tv+t Q@Q@7 rנWܩuQEQEQEQEQEQEQEQEQECѿm+~J`i]QEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQE7@w?Կj+o+lQEQEQEQEQEQEQEQEQEQE6~1ӭ,//vc(EC!cqz?}? i;Dv'WWxQ'6On D?G,¬?8(YSqWQ@ gO9a^Eqygɮm뚥=؟leG9k)À pFlW,ƻ ( ( ( ( (3*5֨~!6 Lm"NZ@p7nHqHږ}p,ǠUPK=%ǎ!:OLC\i3_' *Jps/Ui'|]+M1o*vƙ$>Rs;f{IO.U}Xʐq1W/şZ];IR8__7Hl}f=Rj:o1&N? ypE\((((((((((~J`i]sPo_J(((((((((((((((((((((((((((WA\sa]KKf((P.>e/ump&]l-89Zkw0ۥƱu{/ڭjb+2NMYӴ]Vƺ}^m΢M⻑m#J4{ Rbx\)pH$P's㫫it'daq#x ` lՋ_^rYG3^KTME$r8^q/)aDźV 6z avmؘԝD7͒X0'{䃓9vzŞ@ʍ$b2w۴xQ;Ctߊk7zn FcGT#(;\y pqA=+[ #ӕMGڠW8b0 1j[_ W0\Adkw xF@' X5Eִk]Ab1y˓9A kBY[qZGv$$ܚ@g_J ^2յ/IG>?,NS]"_h*X_lnH;\$swD!OӮ|#k쵿[|GsKʎu;%$Ѕ2.jj-JUӭH±XXpSI>ɭm oyw>D!O?)@ G_io^r06ƙ 9o/So5g~&[OĬ>|0>j0%B0hf Ι_;4m_‘(' <#*kWh<-ih%1YǠ'@*wPOfpJ[bT6 dG&]p[cyaO[}.\lv7C`Ҁ9#an%ao*w6A2ɴ{:qĈWWyp$eY!q)HrB}wG;lVBBJn#`ՄU+ !69x>:ִK:iuum[-QN7NAʢΕ'ٶjvm)ou>kyRi:͆i%Νp@OtbLB(~xr^quxIuk|C DpYF0 ;cj:/`wYtH\&*Cq i^GWTZGĞ$Tb|eOrVMGdQ,,A XLpr((OR*g> Yg q+ (x+vhe`\Dž$dHO<6\K0DF dOk>KYGȘɂ)&CTxֲ߅:Ʋ-F=n9{m:"qIU@Awo?5z5[z} ;XV%-2B3}pv,D_iS|`{#(eqX0#zh+v #Zy0ΦECY3zr +?x@4|'QmrA<c89 ?ud@OfNyeqɪwz\FfePsbNW99 ( ( ( x!(T)$r(eu#x 1RQ@Sw]}ÝE#x/w`1nLg.!p>7mI!E*~R \mvo^|\=R[@Q `dFNG 4zèj:} >P ^\h s+ium"[;{-ݞWD\: gil:U_>Kka;o}b5xSqPn-~dlצiZzew6w )S9A@%[vMsvH(Dر,rgU I}a7xPS \M3ʫ awpgzdӿ$֌FO2ZD6f@ wxwᯗGO#O,3&m6ݍpUH=_;~ 2_ <' ryGVYʃ,d9fq[PEPEPEPEPEPEPEPEPEPEP?y%FU(z7mtQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEW?WR٫PAEPEPQ7VEJ$E `*J(~/#iuvMqpdd?آ((((((((+SHh=Υi%KԭKF]~SWqey|:u4 ik1Z/Ibzf$2I Ԣ(((((((((((? ѶW?y%FU ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( (  ; _[5t7@w?Կj((((((((((7'5?C~[]#}Igl[ vV?ԍtW&R7MQ^o.H7@^{|_v y#sZ>!k.|Myo,#lr9R9#{-wFɺ?ԍtW&R7MQ^o.H7@Ey|YѴkR|Y[q".E,@8 jSk>5KgE2IO J( ( ( ( ( ( ( (9(z7mtCѿm+((((((((((((((((((((((((((º]s u/-: ( ( ( ( ( ( ( ( (<,_$HMf>[t6^%XPM%]x `ylA$ œx{Ѭ~$D(릫Pmڭ\|9PW)X Ev$ =lZxJ5m&ͦYB#L2m}q-խoq*L|ꡁ' p gh>U]N[Lo2O0HfyY<9tw_e液g#$F ohVg(Gnw1qS8'ïJ50H2Y` r"qfjNcIjHʯbuc- 8/È}:SJ_%>dzϵm-2 ݳjf B @54)bKgkߒ69w>L6 `CAqeq{/4D-и6㌃ -id1%Lxv^3{u"K-4OVq$YMKn8'ik{m֩A($R,OFFHҲ~bmni0[ ۼ6#w+92wž O0H"VIlq>wl} 裚(w$Ŀ MG?xkV)h*E5yZ襠((((((((~J`i]sPo_J(((((((((((((((((((((((((((WA\sa]KKf(((((((((? vi%S ŕo$Ty9ۈ ϭ3_W"3Iڻm [T1F:@~&W Y<,/-"]>qq5zNaA$6:,̓< p Rjo-Y YU<'@ $Pyb[b1UbȊp2A05;:KIdwv̸Cí;`d* KFuqoI4Xܜ#<|Y ֵΦ.u7fȴin@H@|#]jM<,\G3Zwo%ܶ25(I?2 H;[CSPEP?'%Uj< $_ KGxW_)' *E-tQEQEQEQEQEQEQEQEsPo_J+*FWA@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@s u/-  ; _[5tQEQEQEQEQEQEQEQEQEy|Egzy|Egzq/u]f$)T2Sf#+隃^Pԭno5 Zm][ZTd*Lm$c$wP;&S{iPD'NxcBnf's][\ܾݩUȓ*y8HR@a  u}Vk -m,6QUıt#Ծ-iDU0$p4͔R`@uY XU38_8N ˴~9ki>ȷ:d-QlbvHȬOx>%K{;[qgf}H-^uxem?u2FT s14P񆕬OH\ ,lIgŏ+S4&Mӡ(nE!,LlK"U0֓L\͔ew-,[̊HU|d\e (E$k{&;Ipڀ0|GE/nkC2&4KcÌq((O)G×z~ fnΨ0 QEQEQEQEs~7,;R;-:BUeA=-FANC^[s775Nwiir P*6@9 pwr[m<+)7b,>{?0Tw?VCkoQH8Ppb'NKWwRc|G#,FN n6q+i-fYT6*H8r=S ӤүuL4,`OorzY/w<-&EpFʕ1@RQEQEsPo_J+*FWA@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@s u/-  ; _[5tQEQEQEQEQEQEQEQEQEQEy|Egt*IbkSѫ\b ^p'j ֽ[,t}R#h%Ť*$m̱œЌx6ȵ(;U  G ^.gΙoce!ڋ0S,808MOۼ&m,nۛ>N( []-Ο|3;Ȓ${%?(.t_wy6}nAk|^MXf#*C:!Ut85'UY`[xiIm|:խ?ĺFw[ >o+*ʻ~c)܎0prb8MLy$xs%He&_-@g tiUψX}sBXJe j -Ts]n.fmF4hbggVT FF\ƪXxD:Xج]C#(Cϒ@FPPF@?hHuw҈+6!J#@(((㎙>w[[ywlޒ.dg2++)̕c]@ڷ_@z ^oSRߗ^#MNWnX\kn\}/þ+5ωgG.%}<8FS/Ur YCEu@Q@Q@=W6Һ ? ѶPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEP\sa]KKfº@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@/+^^/+^@ΥI-G̛S g9-M !Vm'8"[_C:jm,HEw g*2bQU;u&4F%(~5_{jSkXnoF+c1NT#%og$:o ۅfq*SR7 r1"?w fs1cxkcxS[: _'4,<@\ #8=(n(?$](]?a+7G$:Du~Wn]?a+7^Ey.߇0oJנQ@ ?%quPyCI\|S~3𥦋w$[xə^Mɗ#WWLoQ4-Rv;N:j( ( C! VO"sH((*FWA\=W6Һ ((((((((((((((((((((((((((+o+lW?WR٨((((((((((%%{/?ԵmVeiAm@f%Pa3\|Egtoilo$,UX3+ AS9ju=#S[ov`VHL=*OxCSt?M1D.0811f]Ĝ2 #n5a|?֯xn5՘m$1/` 3m'՝u7h[XA>YA*6''msxWTn5k{FyC\rށaTڤlS{m@"XdrkI>iz+3C^\یOq z r+_[H,n,"`y0юG#nZqeʨuCk= ilhKh;@'quƫ63qEȄl`Kjmϔn4]PSTݜ`\Lee>V IQ;A{QZm!S>h6!J#@?$]( ( ( ( %cנWS+ƻ=((sHos¾$K9]#,72bRe=h((*FWA\=W6Һ ((((((((((((((((((((((((((+o+lW?WR٨((((((((((վY~#5|G=.Bio-/2przZ @<gO9aG*|s½U>r4SC2k]_hwՉuH\ A++[%{hYSqQ @<gO9aG*|s½{zw2ݬ )+( ( ( ( chm.+mXPr8A76z߇-p^ ;[M 2)ҩ"m8.wld{Ci/mqp%1j6R@i_![瀣lAVf>9"GUlrϠ^?PHˍEUb=0BÚ5 ]iI4W.7'f\ ~MoIh>ڄdtMI wF懢^5֙Ə }p=:0桹iؤwGusO4{-\o&諀I_y]%pI@:ܭmo[ yT+;PFzt s~ԗڼmaedb$ $ Y'M=N!semur48Wgr9)$t}cVӼ1,7-Gnۣ-_|H1_i4 < 7U`yl>cagYgaiy rI8Q$4h1G`QZX ,m39V8$s[~(^z:;I,ЖlYT,O?n,"Ѿ ϼr[ YK##$-zEQ@Q@Q@Q@Q@ڶaYm/ s$Ѳf{w-ݝԶ,)% ay5Er GmpiyleH FA`t]^궫b"څ؃FJ㌅nqӓ@Ěv"I!Y%@X\H1H'5b:Q׮5UadmI#)vTWc=FFy eF1p̙]ѻ<(y!oK=7Oߣi< 8 4V~.Z \ g Z ?ud@?Y3w%zQU㿳?2;3)r*S91#b((xmm常8` $Q@$/?GQ-/5͖nbTpX'hb1\^|yx9|69d{_ H6EUi&B 7?PY(:.OwG,is;H,.2퍣\^~^uu"ibǦ3`Nfmmⷷ8`GjQ@VUgXS"YrZ[Θkf\⸊2C2+nNGJTS(M>{kV^Zi&\EPTӀe<+9챩؉dr3nE'ճIKâ9婑.lU;Pf,dO2Mp`(OP-f Xn*4eq*냆bEDU6BYEr鏛[i!HVhֱp$ I'$y$I'Myi/`tGįe)iu E۰82 !sqh1G`QZX ,m39V8$s[7xbMĊV '~`@zGęSq蚞DW+*x;Xp}9!AQEQEQEQEQEQEQEQEQECѿm+~J`i]QEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQE7@w?Կj+o+lQEQEi}u]>/6QXq]6ǥm= 1]@evFU8$pz+7gc+Z(_ hR:5d%@m#K1u1;< o$:`N'qs[P^ 2Il%>2, R_F [\c2<(Wpp+b}g7 QH^dGds.0Aր: ++}:;KH#dzV+?뛈OFGKiA' =wMմfݮ4Br%*8%Ikj@!oA:6~0Ӟ KYe,<6ݸQJH^(k_uj\Z$ʹ X#G)p4Pe]nJ]^cyaBm jhq$/ 6$0;02H# |6FWz3V^Y[SDoT]Z$${ ߃kc\Ż hڗ"t=paI 2GI'T][6zevvZZǝ$ O@gí{wj ~6ـ\8'ah煑WE-!O9St6]q'EW䳿LoxĈ  :V;^?ȸ`3 k(_yj]_qq^@PH8(((((uτ۹oNğB`; |BSHӵFA%֣vd{+fT{b 9$ lp }?xGEŔsN `'toʯ#| /DSD@w =%VXC?+x:SnXJa#ቔUfCAk4hZ֛62v&1[xlWVtC*n!,wrqmE忆~]&kWL]Vm$oa#rUF@En9 ӵ_#~Zǩ"m՝ؒC|a 8 Dž~:u&Y]RvjGs@!NŧJ~o1[O 2KTdpT\zF~ӒHpvB@s,rN95EQEQEQEQEQEQEQEQEQEQEsPo_J+*FWA@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@s u/-  ; _[5tQEQEQEQEQEQEQEQEQEQEQEQE~9&wSk%~ {Vf]9UX ('y;>)|=?-O 0(c ~4iZUevv(I9$I$W+51>,ާy43/c'PQ@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@=W6Һ ? ѶPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEP\sa]KKfº@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@gz_U/v.83V 4?Cןxx_ÿi|p-~aps|W I=ƥuiqg,az H#ϣK$4٤14[a$IJM#ࣲm94TW0ަ{94*(k{$W,\mܟKMwQEQEQEQEQEQEQEQEQEQECѿm+~J`i]QEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQE7@w?Կj+o+lQEQE} 闒YJ8rRr2?W51?ZO\j&}:quj_dsZx?M4w?Q ߃kcG SCt?Mx?M4w?Q ߃kcG SCt?Mx?M4w?Q ߃kcG SCt?Mx?M4nn^i}FeC`qW+A -"EGjQ@@QEQEQEQEQEr~3x5o2XLiZ[,G2zᶆ#O<6\K0DF dOka`AՅǽ{%|.HGZۗUq0ϸ ?0Tw?Uh--RLV5!c8?x?M4w?UxoSUԙ Iƒ * SCt?MqօdV6wKt~-3 'J`i]sPo_J(((((((((((((((((((((((((((WA\sa]KKf(("UCӾ!gtgde#8 QVtIdմ~[Pǡ.׀3_NI[ipkZUH^_$h m Fy5)ism5n{w *z =P( Ƕ>ቴv GpTH!0sSA[y,%;D LJx0["Ҷmk_g$N]Ⱦ2[ĕLc)_@`P+?F"K~!0Q o?&_ }gYywx4r@c ~5[W¸;].i5gQEa0(8uf?Є v]BO*zcO}t,KV) [yNҐw2<=u,,r>%GD`]Nt{{;x8Jm'@|esy"쵷W[yߘx~݃_ʫ؉FTa77SPOڤt.E(O\ $9xKm7Zи}JaЫ)OQG֥m㟆R,,xC {ULˀ،! yh1G`QZX ,m39V8$s[-|9J-SF.&m-54@00<Mh(3Ҽa6].[φ H'O6*#}>$EDypjm|;LҨI%|(a2YFZu=^x絽O +4^Y Du'098x>NR%LaPT"CӞf?:ePY jY#uݫaa{seg Ir$RI!D0'h$c#?&5  y!^kFOX-IN9X!! o~ԯ:jq]\븼T=9 WJï:נWJï:Ay%FU(z7mtQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEW?WR٫PAEPEP?x±t<f]k@{P5lJ&$A(*y''@:gk_lj[X#Ud PFpIzgzy_ڭ/w c8FqWq=jO i4Y N23B+SFCmcEu0D_qX: 51x6Xº0IFpS#srӴZ֫᫣坶 ,21 #Ag_J _Z𶍩 KBSImI2NUpw+EvQEQEQEV^#:[iՌwvbTYH*z8$t&('<cWȪ,y5/yJ b 7BIp :d tȮş 55 ߶4KL7T0]TY\q-N-߱ڋ٥ Hl0x;F鶝Gp eon1|%n,WQZ6>RB8~&YE|A?՟y3 0 2FGPHZ/w ™$_K+m"A #i),.:[06Kg9_$:/Ny,iuKȸ,.v t x52XL^w Z[,Y$p:w#5A6[0D#5 `*J(((+)̕c]^\_ĝWմEJ-#2ǻ*`z\[wm-1RHPx ҢNpV0H }Ur:p=+>1GS-umXK+x"rBAH'xS Y3h$#`pÃ( COD2 p8Ƌ+ܺA7@8>no>瞺co4|4<˻NzW'SMO*OX*0p<250]YE$R*(>AqYpxS<=̒ywЮ87'ϵs;qj$3>{'Ɍ)),N[I?  hSMմfݮ4Br%*8%I⸿^uq?'Z|$v*\ædEw7ٞ"27g>o}VoϪZw$i]c`nray%FU(z7mtQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEW?WR٫PAEPEP\o xm[A}eǔfی~p+88> |>tep$Ԑsʳ؂z4'MѭK,`g.±)l3*QEQEQEQEQEQEQEQEz_t l&vܧ  yi/`tGįe)iu E۰82 !sתQ@~v-/{NF9SocG5\>Cz/$pXr{ G:F0Ʊ~ 6ǖy'lPa?wC4GaAUs|C /So4}M7%Q?wC4\"_k$7=L֥}2t! :=GPct?MT}M7%V> YHԭ|Ek)m*`\X4mǘFr (?;oJ~0i* (?;oJ~0i* (?;oJ~0i* (?;oJ~0i* (?;oJ~0i* (?;oJ~0i* (?;oJ~0i*'n.%"BI#TP2I'5XZy}Gr {F`4Sї:@'aAUct?MU?Tҭ?6 P$z?E?(@aAUct?MU[1\3j.`Bk+11s:j9?;oJ~0i*Ú[ʶ6cNF{dgV"_h?;oJ~0i*Ə/Kv^#٪ibPJ I$=9mG~ <aݷrH8 @aAUct?MU|s%Kd.4#;8A~0i* (~0i* ( ?WROދu]L˒A̤u+rsşHk((((((((((((((((((((((((((_A\ma]7Ka ( ( ( ( ( ( pCuo{ |QdG"WRA8z%y?k*h.OЩ&}bAd5Z+ddBHr@UXXimI[_'3R˜oPH   kƞ 𭯁|Cqo.^9#YDBynoxy%NI|p&10=A꿎:-qYOmjFFBFFA$):ևx;H׼'u&iw32bF6F5~7~ZKIiؔHnaqu  6 "Z}[6,9Y%yķje#йair]Ap¬;y` NJ|=oi"; 1aM$r2r9m&B񆇬v:~sbK#i%y%I#iKW|4QH56'IWE Odz ( ( ( ( ( (<ow:YH=z|ottH-e7QEvAMİ9ύHuw҈(T+[x}9=4M1@s*@.߇0@9{ ,㺇RFaqG(0sץX51A<B?; z at-f"c&@<:)SױZ4 G<*ǙKt~38kB<o?cxo6G3wۍ61hڧ:/ᵟWݣ= n2Cd֗P7:5dBD>Б.pH F}s+Tۺ ((=!V?"sşHk((((((((((((((((((((((((((_A\ma]7Ka ( ( ( ( ( ( %cנWS+ƻ:/hw^"w o3\[%c9pg⸽Sƻ5j^J7qsx[3AV^uouk|P^^AsG |7fppyHi$]eF=I2zi^juǖȪaGbU' y/$:D|S+ƻ_Ht/x҉(2Wv?=zQ@Q@Q@Q@Q@Q@InQzyß@(-xÖ凇nIyrTxZfZ(_6zn4hb l\7Uf1G8 AǦh#hk? Կ) 3C(m|?+j0:AB }\>H&iQHͣ7$kTg2n7Y_@dBo6!3k?XY隇l- UM6vG$׍xkDgŖ7Q[%1<8f*c] ÆH mZ^SKJ'QpeP{EPܩup*zQEQEs?+ZA\9 VPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEP?/WMk_A@Q@Q@Q@Q@Q@Q@Q@Q@xW_)' *E-T[i A-23[[ 8 0I+φ-WN# ȁ[ =GEQEQEנWmCۿG^@Q@Q@Q@Q@InQkQXLjo&<AUb7 dd#$](O>uC$&]H@~fͻo.|]\b .H$zln-nfTxOf4WW7Dwzt߇-qo@#[nfiJ!:%pNOA6ZB[32ysȥ[y  # lgZj>XɶIb ؄EJn+ʨ|à]Ԥ"hVPDX R0~2TO@𾇥]jvE-\RSq7r|[c'5j]&oe%!gePd VV-Q' lY<Θ,rIe+`QF|#oHIf2Ё1 &_ j6κ4!pdRK`}AT~Z#/yv[nHU$G2x K+}FIDx7S{+}:;HxWj&p>@7 rנWܩuQEQE{C,Ek]s?+ZA@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@ma]7Kaºo]QEQEQEQEQEyu_-@??~OH?F+u?E?(G|:zy"_hK[z|C /So5Pjo:n Oir9c: rpQRxǖpZZJXmc4`vD!O?)@ (E?(G"_k(?K[I=S_>'W5Z=Yh۳ ,T``c'wN|mCۿG^^InQzQEQEQEW-[8um[FEw/ڦMfu+8p+%xPw [( +SnQFyk_|5o'M&36~h :>_ K ;q(%sM=Vᠷ-:rnTL篡Ns+~q;K WQ@Q@Q@9 VW?x±tQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQE@v++l5PEPEI/n-.^9#b"b#A4Ey_ͬWH.?VW¬?8(YSqPQ^ gO9a@|:s+'!Ylbƫh|(R)Dg?}jhm3\J =LxPmwK R+ pys#2^riZjPUӮ'Poyd`s{Xg[H'd1pnH4tɭ/ou[m3R]͏BW#6:8ІƷ\:jG8_"VpɅQ +>nh o ]w^J[uk#=lEN~_>"ɨv fOh_sԎ4InQzyb ^~'_2X#n BUJ:(e-GÚƉ:q}mJye I䎝YCaſWOIֽ<߈L?o[W½蚏>i:No{<2-wL9RAŠ((VZFyṴgsK~Yeko0GuUbզ\l,\WopA*A$1sziefv攘$pr)xMK8R;Ϛp1$os8ⲓ5Z Vf]ŭy`YiJ7 }LyOW xKS0'1pݛ@t_ ˩6a{$7rpK,P8߳<1C4W0G<HD` Mu בx^j* PEQEQEQE{C,Ek]s?+ZA@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@ma]7Kaºo]QEIu w$Ŀ M@?xkV)kO<5`_PEPEPJï:נWL KX<4\e$Q ߃kc@w?Q ߃kc@E%IO4;h0v#+ס*NC^M'M{T]Ly62G֙miIV0,2[ Fzk;ס*NC^(ס*NC^(ס*NC^+%%{/?51_z/Wp]h$#b 88 €="+*E5tWO5?wuu3q5,p$ K ;q(o_u@O@i ꋩ,p^*YZi%(]؀qG8$t&((((((((((=!V?"sşHk((((((((((((((((((((((((((_A\ma]7Ka ( w$Ŀ M]s;y_]覠O<5`_W?O'UZ((K_u-o Ƙu JXU<95= Gm*ϗtfqn+?OЩ&=[Rhڥ)E]*Xp=E A,N3 |r-p %*h.OЩ& (*h.OЩ& (*h.OЩ& (*h.OЩ& (*h.OЩ& (*h. 3BO7'J}"ߌ;@2zТ w$Ŀ M]s;y_]覠O<5`_W?O'UZ((((((((((((jν[i4?ٗa0!XK,/"!e(z-ʯ<_XxGYD_m (B7u sIס*cGl+K Tu$,Tkg( ڌWikfB%״oxK+XvRk a^ VԵ\jȋ%+88';OsşHkgc+Z(((((((((((((((((((((((((((+l5S+ƻºo\?k(ǹFg$O;{9f>br2ykb-g:޳ooqd4bi$,%|򺒸CYW_ umVTK՛tI\$@2*+4Q6A5]Z4X E TrzJ(:}WEsĭ_YCyv`1$Ff \e9++xRkJoyBfc18qMmxCJF.>%rWFP9`ʀ: vA=P{5ܣ(\3`Ük[Dm--^V%&R #ae=kK[|C @/So4%P-ƀ=D!O?)@ +E?(G"_h(?K[7G{=NI/wkuh\LR]s ހKIoQ%zy/$:Du^74ۍ6kGgyVT 0@]s#-cDҳ# btbNA8܌~)qEi2 n*~@|Aqk{Iua5Ѝ%Y+a0=7N Pf  HAmmquupۆ*)3WP}}o 6-mZ B)ّ9}!gu۽"to&;E[adI]&n?hrKoe\eM[IW2TH";9f$w^i6nE/{An;2G@3^zRiW0B#Nկ˫ >jLar {xD<D|`uFeS/ FhzZJjk!Bn (:j+*E5tIu<RA^Mxڏ8mtcZ=w'W%D!OWܩuV |N[W43BM*(*>yF1^o#ԯb$7Ww@'>WڌwXR_?^ۏ9^Eyd AfM/WK279 ӽm| &_^]լ4/R cx$|E-vj3c{$@#NӎaxO5ާp ̑v iX&Ǘ+-3g qż]Y FHN@Na0Kqq4i yw,%"YFilz>+LY&TgKdm_$DOpch=}KBx#q6欤\?VF{$P**C/nkW?O5 @=-܄b1 }h#<|IeyyiukwF{cr`I }qM6uI-l-mQㅣ$$mߌc;KNwk]i%gvVg˻sր5.MLP#IkAtpN3˰ԴIWP5 ]#[ݸX8!qP ,) )egY|ɢɁ%I%YNsi>]EK j$2yzJ6Wڀ7,?,-Rn巶f2/6'e5\) |hɪzw<oK{KKyFF|ȥr?$ؤU$Khg<.twfg!C lpA#S aaPAvnv3@k_2L$ڱXHo ﶲڥIU`h5H$%7:*\IO6 Zv/nR쏪s߾i!՘)Qdf6)ءn4];>4KsbW(VP x+goy^[1jǬmdCvق/]?a+7@\xW_)uϋXYe֟q )Ih(L :qO'UZ+' *E-tWܩup*zQ@Q@Q@Q@xW_)@t? i~Gޥi,wo 2$Sérz\^GZD̛܌a'y 𷎼-&v֢ZG#]{ڡ,@=2oxnoiQn<{Iv6' Jx|_zculTY(Z%Ro@KjC/ ys5c}}u%ZD\ *E&f!Фm5O\ٲ`X3 hA!($ qUE81RQEQEQEQEQEQEx'O]y>-5>twE5#.er2 ]W%Jƀ6(K|7Co +cآ- W4[4 hb0i_ o`ҿ6? + lG%Jƀ6+ſ&mG%JƲOxOYsLY,gDD14~yZ襮<RA@q$yg?Ǯm]Z =e؃taO8q]řKcy.7f ]nь \'~0\U}E|A ߌ?k?c7G'~0\U}E|A ߌ?k?c7G'~0\U}E|A ߌ?k?c7G'~0\U}E|A ߌ?k?c7G'~0\U}E|A ߌ?k?c7G'~0\U}E| <]\Kqq,O+I;IiAEsi >tP? >iAEsi >tP? >iAEsi >tP? >iAEsi >tP? >iAEs~^xmSWV@΢ "cr0;( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( (?DyK &http://www.mozilla.org/MPL/FAQ.html#5yK Hhttp://www.mozilla.org/MPL/FAQ.html5DyK http://www.fsf.orgyK (http://www.fsf.org/!DyK +http://www.gnu.org/philosophy/free-sw.htmlyK Vhttp://www.gnu.org/philosophy/free-sw.html-DyK .http://www.opensource.org/docs/definition.phpyK \http://www.opensource.org/docs/definition.phpDyK Ohttp://www.catb.org/~esr/writings/cathedral-bazaar/cathedral-bazaar/index.htmlyK http://www.catb.org/~esr/writings/cathedral-bazaar/cathedral-bazaar/index.htmlADyK 3http://opensource.mit.edu/papers/cominomanenti.pdfyK fhttp://opensource.mit.edu/papers/cominomanenti.pdfDyK http://www.apache.org)yK 0http://www.apache.org)/1DyK /http://www.apache.org/licenses/LICENSE-2.0.txtyK ^http://www.apache.org/licenses/LICENSE-2.0.txtEDyK 4http://www.ietf.org/html.charters/pkix-charter.htmlyK hhttp://www.ietf.org/html.charters/pkix-charter.htmlDyK $http://www.ietf.org/rfc/rfc2587.txtyK Hhttp://www.ietf.org/rfc/rfc2587.txt!DyK +http://www.openssl.org/source/license.htmlyK Vhttp://www.openssl.org/source/license.htmlqDyK ?http://www.covalent.net/resource/legal/docs/license_modssl.txtyK ~http://www.covalent.net/resource/legal/docs/license_modssl.txtMDyK 6http://www.openldap.org/software/release/license.htmlyK lhttp://www.openldap.org/software/release/license.htmlADyK 3http://expect.nist.gov/cgi.tcl/README.distributionyK fhttp://expect.nist.gov/cgi.tcl/README.distribution@@@ NormalCJ_HaJmH sH tH Z@Z ` Heading 1$<@&5CJ KH OJQJ\^JaJ \@\ ` Heading 2$<@& 56CJOJQJ\]^JaJV@V F Heading 3$<@&5CJOJQJ\^JaJDA@D Default Paragraph FontVi@V  Table Normal :V 44 la (k@(No List 4@4 Header  !4 @4 Footer  !6U@6 `* Hyperlink >*B*phFV@!F iFollowedHyperlink >*B* phH@2H 4F Balloon TextCJOJQJ^JaJ6OA6 ^ definedterm15\e@R sHTML Preformatted7 2( Px 4 #\'*.25@9CJOJQJ^JaJ8"@8 m5_Caption5CJ\aJB^@rB  Normal (Web)dd[$\$&@& kOTOC 1.@. kOTOC 2 ^.@. i1TOC 3 ^.X@. s2iEmphasis6]^O^ QHeading 3 Char*5CJOJQJ\^J_HaJmH sH tH .)@. Aj Page Number:l p:lot p V 4V oVG./01234567`o;>j^W:#{ c d $ y " o  d }.|Frt~,-45G H K"V"j"$'$+$%%5&6&h'l'>+C+=0T02344M6N67 799A:B:P:d:;;~>>??=@>@k@UCCEE4F5F?FFFFFGHHI I"I#I$I%I&I'I(I)I*I+I,I-I.I/IzI{IKKKKiNOORRUUUUWY~[[^^:_;_``demfxffg'ghhBlUl*p+pww{x@yAy||}}HI^_9:(;_`<=UԚ[\hkhvGHT_jЮѮdewzӷst89-.̾;34efxykl,-x`a~!"\]klVW^_Qlmht)^7L!f9op*+m!"g'(r W`=jL,u7|GHf9 Q#RS#HI67}GklA]6{ QM MN)i-.xWXe=`: V     b   :    S       8 |  I./r\4V` J#j=T?B"fi8LOTW/OR  O e    5!|!!"K"""#N####D$G$$$$$$$%-%.%h%%%%%!&$&m&&&A''''(6((((B)E))))*`***=++++!,p,,,C----.g../K////0y0000)1^11113333304s4|4}4~44555H5}555556S666666/7l77777788f8g8h8888,9[9\9]999':i:::$;];;;#<F<G<Q<=== > >O>>>>> ??T?????>@?@@@A4A5ArAAA=BBBCECCC DKDgDhDDD2EyEEEEEE=FuF}F~FHHHJJJ5KMMNOmRnRR?=@>@k@C4F5F?FFFG/I{IiNOORUUUWY^^:_;_``dexfg'ghhBlUl*p+pww{x@yAy|}}^_9:(;_`<=UԚ[\hk_j4fyl-`a~"]klW^_Qlm)^7L!f9op*+m!"g'(r W`=jL,u7|GHf9 Q#RS#HI67}GklA]6{ QM MN)i-.xWXe=`: V     b   :    S       8 |  I./r\4V` J#j=T)1^1111333304s4|4}4~44555H5}555556S666666/7l77777788f8g8h8888,9[9\9]999':i:::$;];;;#<F<G<Q<= > >O>>>>> ??T?????>@?@@@A4A5ArAAA=BBBCECCC DKDgDhDDD2EyEEEEEE=FuF~FHJ5KMMNOmRnRR0\K0>0ZK0H0mI$K0H0aK0H0`K0H0^@0K0Q0_K0M0_K090:oK00K0:0K0?0uK0B0QK0B0RK00NK00NK0G0qHK0G0pK0G0nK0J0qK00K0L0uK00K0N0uO̜K0N0tK00K00$K00"K0Q0pK0Q0oK00!K0V0K0V0K080K0?0$K0Z0[4K0Z0K080K080K080K0H0K0_0K080K080K00"K00!K0P0K0{0K0a0K0g0K00K0a0K0B0RK00K0d0I00K00K00K00K00K00K0B0RK00K0w0K0w0K00pK0x0yoK00K00K00pK00sK00K00K00pK00K00K00qK00K00K00pK00K00pK00K00K00K00K00K00K00K00K00K00 K00K00K00K00K00K00K00K00K00HK00K0"0K00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK0w1/K00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK013K01K01K00@0K00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00HK00@0H@0H@0H@0H@0H@0H@0H@0H@0H@0H@0H@0H@0H@0H@0H@0H@0H@0H@0H@0H@0H@0H@0H@0H@0H@0H@0H@0H@0H@0H@0H@0H@0H@0H@0H@0H@0H@0H@0H@0H@0H@0H@0H@0H@0H@0HK01 K000K00K050K0d0K0e0K0e0foK0g0K080K0j0K0j0koK080K080K080K080K0q0roK080K080K02K02K00K0BoK0K000@0@0 0K00K000  =========@ Z 0 } #B+A'6t1$*-2;?AB#DHMZ:tBv x  !"&(* x 689;[o9;<>^c 1Ieghj5=Y[\^~$6RTUWw578:Ze !#CYuxy{  / A ] ` a c  , B ^ a b d   ! " $ D W s v w y   " B M i l m o     6 B ^ a b d ([wz{} (+,.NZvyz|$@CDFf7Plopr%%%9999::??@EFFFFF%GZ0jj3fAg~l/b Fq3R337=|==RHHH p X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%̕ C    XXXXXXXXXXXXXX !@!!8!"@p !(  @ ( !ZB  S D `  C 1( b '  #" z  c $1"` ' z  c $1"`'p z  c $1"`w' z  c $1"`4' fB  s *Dod4fB  s *DofB   s *Dop@ B S  ?% I p!! thLt7 _Toc121584039 _Toc121584040 _Toc121584041 _Toc121584042 _Toc121584043 _Toc121584044 _Toc121584045 _Toc121584046 _Toc121584047 _Toc121584048 _Toc121584049 _Toc121584050 _Toc121584051 _Toc121584052 _Toc121584053 _Toc121584054 _Toc121584055 _Toc121584056 _Toc121584057 _Toc121584058 _Toc121584059 _Toc121584060 _Toc121584061 _Toc121584062 _Toc121584063 _Toc121584064 _Toc121584065 _Toc121584066 _Toc121584067 _Toc121584068 _Toc121584069 _Toc121584070 _Toc121584071 _Toc121584072 _Toc121584073 _Toc121584074 _Toc121584075 _Hlt121542205 _Hlt121534938 _Hlt121540002 _Hlt121542929top _Hlt121543206 _Toc121584076 _Toc121584077 _Toc121584078 _Toc121584079 _Hlt121538108 _Toc121584080 _Toc121584081 _Toc121584082 _Toc121584083 _Toc121584084 _Toc121584085 _Toc121584086t~L"$'$h'>+=0247B:P:~>>@UC5FFKKOU`nfxfgBlw(Ԛ^hU_Hit=JJNRX^^ p  !"#$%@&@'@(@)*@+,-./@0123456}U"&$*$k'B+S0347O:c:>j@C>FGKKOU`wff&gTlw:g~^i Is=J3KO;SY^^ p7PN dOsQN$+wRN @ SNA TNA UNA VNTA WN $uXNuYNB ZN B [N TB \N 4*urn:schemas-microsoft-com:office:smarttags PersonName 876546660660776)6''6))6'060656606776'6)67765600606660604"&'&D5K5`DgD$H*HuJJMKRKPP(b+b5b>b?bEbub{b h%hljrjpovo{oop!pMT $"ox7>7=nty-2"(AMcglrtxGN ]`enou@F&&&&&'W,^,0000V1]1{111111=2F23366666777 88Y8d8890979FFFFGG{NNVV^WaW`m`mbmbmcmcmemfmhmimkmlmmm p $117777R;X;;;B BOO~QQTTWW[[__0`:`Lgtgiil@mooop)pZq_qzz=IހR]ɠj Ѯ'Ľ۽.D\c; 4h.LfWuT_ LR~ PQ MVN_"NOw8C]68EGg@AntzDR5Jijs Nt1=Wv#ht.3&m=@RW'0lu?I sx|]_fiCE%'p}R[24{=F!'loWY)+)- QT KQ"$gt@B[_ SV&)x{/3~kr CR 'fl@J  \ a   # & h k     ) , @ B       Y [ > I      OSux_j7B MU&-mqW](.>J0NU c !!$$%% &&p&s&&'''(((())))"*(****+v,{,,,00 1 11104<4s4v444K5Q555556'66627:7o7y788;8B8880979':2:#<E<>>??W?a?????@@AA B#BKDfDDDDD2E4EyEEEE=FGFHHJ3KQQ^VhV[[`m`mbmbmcmcmemfmhmimkmlmmmmmBnFnnn5o9o p33333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333337`ot}~$+$"'l'>+C+=002223447 7B:d:~>>UCCEESSUU``mfxfBlUl{nnooo||^hTj?eӷ.Fl~-<xiG<Q<uF|FHHHHJJ\\g^^^^^^`m`mbmbmcmcmemfmhmimkmlmmmmm p`m`mbmbmcmcmemfmhmimkmlmmm p"AlLj1BRDBe$`JRPgwdRh0 C: 2(7 ʷhGvFO u('=jP*$>5<'k*<M.i2Q!8ē::Y ^k>M)@'TQ8Km]f#QhfpLRZM-RFL|Xsn@y@q?np '|Wp1R%3*sR&xJj2@{.X9~XZ 2h88^8`OJQJo(hHh^`OJQJ^Jo(hHoh  ^ `OJQJo(hHh  ^ `OJQJo(hHhxx^x`OJQJ^Jo(hHohHH^H`OJQJo(hHh^`OJQJo(hHh^`OJQJ^Jo(hHoh^`OJQJo(hHh88^8`OJQJo(hHh^`OJQJ^Jo(hHoh  ^ `OJQJo(hHh  ^ `OJQJo(hHhxx^x`OJQJ^Jo(hHohHH^H`OJQJo(hHh^`OJQJo(hHh^`OJQJ^Jo(hHoh^`OJQJo(hHh88^8`OJQJo(hHh^`OJQJ^Jo(hHoh  ^ `OJQJo(hHh  ^ `OJQJo(hHhxx^x`OJQJ^Jo(hHohHH^H`OJQJo(hHh^`OJQJo(hHh^`OJQJ^Jo(hHoh^`OJQJo(hH ^`OJQJo( ^`OJQJo( pp^p`OJQJo( @ @ ^@ `OJQJo( ^`OJQJo( ^`OJQJo( ^`OJQJo( ^`OJQJo( PP^P`OJQJo(h88^8`OJQJo(hHh^`OJQJ^Jo(hHoh  ^ `OJQJo(hHh  ^ `OJQJo(hHhxx^x`OJQJ^Jo(hHohHH^H`OJQJo(hHh^`OJQJo(hHh^`OJQJ^Jo(hHoh^`OJQJo(hHh88^8`OJQJo(hHh^`OJQJ^Jo(hHoh  ^ `OJQJo(hHh  ^ `OJQJo(hHhxx^x`OJQJ^Jo(hHohHH^H`OJQJo(hHh^`OJQJo(hHh^`OJQJ^Jo(hHoh^`OJQJo(hH88^8`o() ^`hH.  L ^ `LhH.   ^ `hH. xx^x`hH. HLH^H`LhH. ^`hH. ^`hH. L^`LhH.h ^`OJQJo(h ^`OJQJo(oh pp^p`OJQJo(h @ @ ^@ `OJQJo(h ^`OJQJo(oh ^`OJQJo(h ^`OJQJo(h ^`OJQJo(oh PP^P`OJQJo(h 88^8`hH.h ^`hH.h  L ^ `LhH.h   ^ `hH.h xx^x`hH.h HLH^H`LhH.h ^`hH.h ^`hH.h L^`LhH.h^`OJQJo(hHh^`OJQJ^Jo(hHohpp^p`OJQJo(hHh@ @ ^@ `OJQJo(hHh^`OJQJ^Jo(hHoh^`OJQJo(hHh^`OJQJo(hHh^`OJQJ^Jo(hHohPP^P`OJQJo(hHh ^`hH.h ^`hH.h pLp^p`LhH.h @ @ ^@ `hH.h ^`hH.h L^`LhH.h ^`hH.h ^`hH.h PLP^P`LhH.h^`OJQJo(hHhTT^T`OJQJ^Jo(hHoh$ $ ^$ `OJQJo(hHh  ^ `OJQJo(hHh^`OJQJ^Jo(hHoh^`OJQJo(hHhdd^d`OJQJo(hHh44^4`OJQJ^Jo(hHoh^`OJQJo(hHh^`OJQJo(hHhpp^p`OJQJ^Jo(hHoh@ @ ^@ `OJQJo(hHh^`OJQJo(hHh^`OJQJ^Jo(hHoh^`OJQJo(hHh^`OJQJo(hHhPP^P`OJQJ^Jo(hHoh  ^ `OJQJo(hHh ^`OJQJo(h ^`OJQJo(oh pp^p`OJQJo(h @ @ ^@ `OJQJo(h ^`OJQJo(oh ^`OJQJo(h ^`OJQJo(h ^`OJQJo(oh PP^P`OJQJo( ^`OJQJo( ^`OJQJo( pp^p`OJQJo( @ @ ^@ `OJQJo( ^`OJQJo( ^`OJQJo( ^`OJQJo( ^`OJQJo( PP^P`OJQJo(h ^`hH.h ^`hH.h pLp^p`LhH.h @ @ ^@ `hH.h ^`hH.h L^`LhH.h ^`hH.h ^`hH.h PLP^P`LhH. ^`hH. ^`hH. pLp^p`LhH. @ @ ^@ `hH. ^`hH. L^`LhH. ^`hH. ^`hH. PLP^P`LhH.h hh^h`OJQJo(h 88^8`OJQJo(oh ^`OJQJo(h   ^ `OJQJo(h   ^ `OJQJo(oh xx^x`OJQJo(h HH^H`OJQJo(h ^`OJQJo(oh ^`OJQJo(^`o(.^`.pLp^p`L.@ @ ^@ `.^`.L^`L.^`.^`.PLP^P`L.^`.^`.pp^p`.@ @ ^@ `.^`.^`.^`.^`.PP^P`. ^`OJQJo( ^`OJQJo( pp^p`OJQJo( @ @ ^@ `OJQJo( ^`OJQJo( ^`OJQJo( ^`OJQJo( ^`OJQJo( PP^P`OJQJo(h^`OJQJo(hHhpp^p`OJQJ^Jo(hHoh@ @ ^@ `OJQJo(hHh^`OJQJo(hHh^`OJQJ^Jo(hHoh^`OJQJo(hHh^`OJQJo(hHhPP^P`OJQJ^Jo(hHoh  ^ `OJQJo(hH^`CJOJQJo(^`CJOJQJo(opp^p`CJOJQJo(@ @ ^@ `CJOJQJo(^`CJOJQJo(^`CJOJQJo(^`CJOJQJo(^`CJOJQJo(PP^P`CJOJQJo(h88^8`OJQJo(hHh^`OJQJ^Jo(hHoh  ^ `OJQJo(hHh  ^ `OJQJo(hHhxx^x`OJQJ^Jo(hHohHH^H`OJQJo(hHh^`OJQJo(hHh^`OJQJ^Jo(hHoh^`OJQJo(hHh88^8`OJQJo(hHh^`OJQJ^Jo(hHoh  ^ `OJQJo(hHh  ^ `OJQJo(hHhxx^x`OJQJ^Jo(hHohHH^H`OJQJo(hHh^`OJQJo(hHh^`OJQJ^Jo(hHoh^`OJQJo(hHh88^8`OJQJo(hHh^`OJQJ^Jo(hHoh  ^ `OJQJo(hHh  ^ `OJQJo(hHhxx^x`OJQJ^Jo(hHohHH^H`OJQJo(hHh^`OJQJo(hHh^`OJQJ^Jo(hHoh^`OJQJo(hHh ^`OJQJo(h ^`OJQJo(oh pp^p`OJQJo(h @ @ ^@ `OJQJo(h ^`OJQJo(oh ^`OJQJo(h ^`OJQJo(h ^`OJQJo(oh PP^P`OJQJo(h^`OJQJo(hHhpp^p`OJQJ^Jo(hHoh@ @ ^@ `OJQJo(hHh^`OJQJo(hHh^`OJQJ^Jo(hHoh^`OJQJo(hHh^`OJQJo(hHhPP^P`OJQJ^Jo(hHoh  ^ `OJQJo(hHh hh^h`hH.h 88^8`hH.h L^`LhH.h   ^ `hH.h   ^ `hH.h xLx^x`LhH.h HH^H`hH.h ^`hH.h L^`LhH.hh^h`o(. 88^8`hH. L^`LhH.   ^ `hH.   ^ `hH. xLx^x`LhH. HH^H`hH. ^`hH. L^`LhH.h88^8`OJQJo(hHh^`OJQJ^Jo(hHoh  ^ `OJQJo(hHh  ^ `OJQJo(hHhxx^x`OJQJ^Jo(hHohHH^H`OJQJo(hHh^`OJQJo(hHh^`OJQJ^Jo(hHoh^`OJQJo(hHh88^8`OJQJo(hHh^`OJQJ^Jo(hHoh  ^ `OJQJo(hHh  ^ `OJQJo(hHhxx^x`OJQJ^Jo(hHohHH^H`OJQJo(hHh^`OJQJo(hHh^`OJQJ^Jo(hHoh^`OJQJo(hHh ^`OJQJo(h ^`OJQJo(oh pp^p`OJQJo(h @ @ ^@ `OJQJo(h ^`OJQJo(oh ^`OJQJo(h ^`OJQJo(h ^`OJQJo(oh PP^P`OJQJo( ^`OJQJo( ^`OJQJo( pp^p`OJQJo( @ @ ^@ `OJQJo( ^`OJQJo( ^`OJQJo( ^`OJQJo( ^`OJQJo( PP^P`OJQJo(": 2@{*$!8::|D_vF`JR@<'9~7 k* ^k>Q8KM.i20j>sngwq?nLR3*s&xReAlRL|X'1B|Wp]f#Q""                           nʠ(嬖{ * ;& pԚN):                  `                                                                       2gpPP26T(X^:VP                                    b>ƶ&nN`+!젆t;f;Tb.                                                                                                   9tTqH |bHimȏP1&|-Uvk#]m)P tN rQddn 0!o-UrQW*]A TtN-Ur0N W]AHYm)JG;*JG;*r01]A 3=am|\7tNg):mG:]W:g):ddj;HYb[)>tNBo?]A23%U%nCL3F-U=YL]AtNP)Rm)23%U}rV=a_:Z)ZR'Z]A=amG:ctN`gsgh%nCPNk]A?*eptN3wum)Hx+y]AG{]A3' }]Agf%e ~3I_!9>TxA*FQ[%656FBXl+bfj.6= [ &9<X_h0r@fRFZWfW +[ A Y  v   T 4 : :@ P X Zc / DS 8_ a u! [ ^ l be.&57Ycw&>][^ /%#)e-z5Av}(]JQWx>LC6d|f(-1Ou '4;c O{ >r#MT$Ug{f:|2qWnr+;Z\pFZ;tbm !2!dl!"o "Z "'"(H"o"Tw"A###`#W#W#7c#x#+$@3$N$u$R %+%p%[&a&s''%$'p'tw' ((% )K);)#*.*X?*`*~ +*+K+^+ e+,,H,J,LL,4-@-o\-.;.?.E.kF.Y.o*/5/003>0`021"1K1i1xk13m1S2_2n2p2 (3(3s3u3g4a4g4;k4{4#5z5.5f656`6P77*7>7_71~7@,86x8.979\>9N9\9-:.:P:Eu:3|:;;D3;<;U;5<|<<N<t<b=$="/=x=%>s>?-9?O:?C?)e?Qw?w? @:=@>@;$A2ABjA`qAqAB.B'CACQCubCv{C-D% D-(DEdE3+E|L|b|i|s|{}u$}9}'E}/X}|g}Vh}y(~7~ G~Uu~ O!j%*HE`dgim/L:V<JX2^g_6EGSihqy  )-3NSdeAf +WM3\{H2@4=AER d"Hv.G{[7iH PX~ oWx?f +3LMU|YfZa00hFg<}pa)7@1?G`H3!XajnrzIpQ;RUV^'7Wcofg=%wB-]? -2L9GT x,Qa]u+5>n}vM8S1#8D,[h}}%?9c(;dN{VCNR/jpwp9~39-Z0Z8k KKX<5^A^if:jxm$'\7IJiC4|Y)oNK!2,Re[w._)xR{|\)Sk 0 Qc E:N;zWhD5#SeyZ$9yW}{jJTY8[aew5G(sDEncfq41Hdj[)/THaj, 0JrgCh}r\wtf?KF%5 EJLVOz+aZ L:@q}_")%.=f*e8q6WX^Y_c1]olV'[p{{ V\6ow5)?D~ !#-Zq[wt"PnQRanW "/d**1Ye?fgrw4(>GKZOv)?Yb'lX}4D 6Y%t1:fB!? Ob=9=BD#n&<S W7;DDT{^_qX**Z[Ps~ 2 K?cCi`dxm.lx9)Kc!5W)Z-1*IQZ[]mz135{RtC~~% DzU/|+[wbr2Td{1@JTuPWc^fSis,"N7AJMIXg@iVv3=9NFIZ_Ajkx&FT $C{QRUq`G2s==SIWYq|}N`V[dq> Y *"7} &4(]:^M3tsWfot20q?Slvz'8PGbfD ex-5$(542]|\a}Mifou $M1[s|@77,M77 p@UnknownG: Times New Roman5Symbol3& : Arial5& zaTahoma?5 z Courier New;Wingdings"1h0F0Ff6666!4dll 2QHX?>2CS701 Master s Project OutlinestudentMichelle Stoll"                           ! Oh+'0   @ L X dpx CS701 Masters Project Outlinestudent Normal.dotMichelle Stoll2Microsoft Office Word@F#@N@4@466՜.+,D՜.+,t0 hp  ,University of Colorado @ Colorado Springsl  CS701 Masters Project Outline Title< 8@ _PID_HLINKSAtn;\3http://expect.nist.gov/cgi.tcl/README.distribution[Y6http://www.openldap.org/software/release/license.htmlrZV?http://www.covalent.net/resource/legal/docs/license_modssl.txt75S+http://www.openssl.org/source/license.html-6P$http://www.ietf.org/rfc/rfc2587.txtmdM4http://www.ietf.org/html.charters/pkix-charter.html/:J/http://www.apache.org/licenses/LICENSE-2.0.txt.6Ghttp://www.apache.org)/hcD3http://opensource.mit.edu/papers/cominomanenti.pdf{3AOhttp://www.catb.org/~esr/writings/cathedral-bazaar/cathedral-bazaar/index.html>.http://www.opensource.org/docs/definition.phpo=;+http://www.gnu.org/philosophy/free-sw.html#8http://www.fsf.org/*5$http://www.mozilla.org/MPL/FAQ.html58_Toc1215840868_Toc1215840858_Toc1215840848 _Toc1215840838_Toc1215840828_Toc1215840818_Toc1215840808_Toc1215840798_Toc1215840788_Toc1215840778_Toc1215840768_Toc1215840758_Toc1215840748_Toc1215840738_Toc1215840728_Toc1215840718_Toc1215840708_Toc1215840698_Toc1215840688_Toc1215840678_Toc1215840668_Toc1215840658_Toc1215840648_Toc1215840638_Toc1215840628_Toc1215840618_Toc1215840608z_Toc1215840598t_Toc1215840588n_Toc1215840578h_Toc1215840568b_Toc1215840558\_Toc1215840548V_Toc1215840538P_Toc1215840528J_Toc1215840518D_Toc1215840508>_Toc12158404988_Toc12158404882_Toc1215840478,_Toc1215840468&_Toc1215840458 _Toc1215840448_Toc1215840438_Toc1215840428_Toc1215840418_Toc1215840408_Toc121584039  !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~      !"#$%&'()*+-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~      !"#$%&'()*+,-./0123456789;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~Root Entry F@^#4Data ,1Table:lWordDocumentVSummaryInformation(DocumentSummaryInformation8CompObjq  FMicrosoft Office Word Document MSWordDocWord.Document.89q