From 958ee4aa89e396e218a5fd68619c5f749e4919df Mon Sep 17 00:00:00 2001 From: Luke Walker Date: Mon, 29 Apr 2024 15:11:24 -0700 Subject: [PATCH 1/2] high assurance passkey use case --- .../highassurancepasskeys-drawio.png | Bin 0 -> 134464 bytes .../docs/use-cases/high-assurance/index.md | 155 ++++++++++++++++++ 2 files changed, 155 insertions(+) create mode 100644 content/docs/use-cases/high-assurance/highassurancepasskeys-drawio.png create mode 100644 content/docs/use-cases/high-assurance/index.md diff --git a/content/docs/use-cases/high-assurance/highassurancepasskeys-drawio.png b/content/docs/use-cases/high-assurance/highassurancepasskeys-drawio.png new file mode 100644 index 0000000000000000000000000000000000000000..6547119c37fe090a5838e5bfd5362878a154b934 GIT binary patch literal 134464 zcmeFaS+48YnkIJ34~9`dO~CML0A&L=K(Xf|NwJgIixf${B-o3+#GagiXHhi)1D=E* zJq17e#bfZ#efB;otv{|Nc*Z`qO_< z%ZxB6k8wx11Z-Copn_!BA;KO@l8f7HUbXvc1N{)BPxS!u_#hQCk@ z@5T+@eE2;f|8OGyf%>1}l6}4E)Jvml0izKKjQSZPq4+;uWk*wgLV38Ziz+g9RHy37G_~z{LsWPvvdseZ?k&-`N527WU1YCHdpsTHg_1&QD;v3 zq3GJr$>TqxKhxiCjN2>yR+^-95krSZ^&t-H&*Ia!lBnyGwEtG~qX-jzLRhGJyfFTA zz2QR}!l*y?!GtCJ^XKEm=eno;$-n2!5+{FN26UHF~o;P-N`7dMsYQE{waj zP2*1*_-rxk`)>JlwXCZ@C-+(B1@rz@>qo)uFIMy@^@?N!B08v+1`_-j-cc^6MgIKi z`GkDlX~M6{p9RA+OuFUU^B+Zjxr|?n*>@eZ_rsojyYb`u!AyKwAC&yHj-UMi!Tr;p z{k|IgcSiazX^ztZmIwsldXu!*J{U^qn_tv5hxPQiyTwt zSg&tGht>Yp@2|%K#W1O_vJWo(K0mbYrZ)KyZorM)@+`*m_6mWWvGW2<1ZB^$so@g{ zJ8l^Ju1fjup2~ZID{Ktr25O=er`7inlb(4 z)Q_USO>-K_+a^kYtXMc&mTAj|9md|WYqk7(?@In zUx*p%eDcEI9{%sJ%`N|w%2V`<{(hiS z6#JyfAL;aqp8q&>O8raF={MDChQqJ`*!`lOVS4?p#Dx2wpaQP`WkExhA@K8;9sVz0 zWBlug;bZi_9^PM6{*8zR%c}mu25r{@g!m0$_$>SZP#hxvx3J;%2~G|?64ph2*dBG7 zeW9?g9)3cp5GJlUjXHg!#tms->-#y*c>1c zc7sMy^5cs9BNY9HHh+P+2R(#+{7H4p@#)t@HURuB+Fbo0xibM3{yOaaft0^h@;(tJ z7^c6XLKx05qF4C$#Jwo;xnn<2+L!45QA}f>DD#g)XE2xF@AGdMBO-c%@11~gGG5bBe?pg$%S#1e^AB`LM8k7fhu2(vY+HJb_b#ViBMDAEGP?hv#=Y3+{Y)Pns2+O|R$AMK@4C7vMJ-es0oX`0xV&PyNf2%y%>BOSS(F z$(&BVquMd%=T9;A2cnvPGuF~Ajidw5b^Rh#{taU^?8{sKHx%x_5{w2LdjOPQ(aL`v7%i^5xB|uZ_dsYk^2w85 z1aqRkkk=0y?Mr$63f6zZwm*_I^s$CWE7rs0`i%kq<(vA7fqp>P zAADEf%lIDG`YkH{W(0m%k3ZO%e*vQZsv-JY!!M6t=+Cbwc+37FY?Ho&`03xl>Lakv zpxYN)v{KpY3U*58RmD&hFXhb~7@So)|0BtlK zRQ~s%9321T%U>wxTem-u4e?1FKhn$>>iGi^%qI){66;6P1kx=&-N;=(KD)eY!&>;I zl=}su9=r8R9kn~0Lmx5nG9Ab5)4Lc>V+Zwq5KZ8J>Ng*%{u%Oe!0(1}A0@#d#C|65 z?*->0lzsH^ar=C%_V-U_+7}S<{z$4h3WqW5NA}1sfm(45VTdCBDi%SmLFoag|GJ;* zuM*C&An-KY|K~>J`?LKm0e=Gd#G;>6iGt*! zKPA@}#SPum$LZ&ThvNUo!};I4gp1$n6@xwewIDq@#u%D_%$tv&&%0k^fQ`!2@t-jU z3=+K{vEaMu`L|c=v-U?y&OcW3FEV$2Hx1#?NynP~E$RBD+KT3z`|?Y5{#9N0SA4KZ znuXIxD$Z96zxKd}zt!#^9kO4g2Sc1-qUEl9nIBC(JfP}LY3}usxb9CVSKV@x zp`yLJs5gOktILek0}B~Ph|4;!fY&P4RW6#%y3sWs`iTo&PT(Z!<#I{PZ_?!~>QjMg zJgF!XKNPqJ8GkgtZu|tT!;5BUGJ=#mF4Ahcr8OW26Mg~hi4?Z89@`E1y*TMl+dALu zOLKEY#OxcR$#3uZLPRYUAMJNsk}Izc|ObH-oRbpJW(Dpc&~fgC4Eb`PR`|K zU!la+t#^lJUPUOWBI!01se2yU(FT2RT5GuNTij)RW>=ItJNtCUxuN%7^m2uJa<>q2 zy`?w7p|pJ2$Dt|wR~KDE-d50%coWsDA(5A*G!AoFE^@si)wLx0MwR4hmRjS+R%)Zv zPjK&w%PkCxA;V?mgc(iWF$0BG55QvF$=@#0xVy`hAK$3evl$x2&?=#v`VS`C|7F(W?hhYK#R9KOO@skvH~!x9U6> z&Pct+Y!j$;V{1_mrs}Zy{Cc%DE}xjdQY4$c?TuzELv&qP^jypp&YX`$ejWP|TODNn zaS0t_J{z;A6kF+8_9YQxo!l^5_Qo=eDLl>=n`f)XZq$goRqNFfJiMum!11>tj~3i>5auUu7C=hzU9>RwD{aD zI=ScsTj7M}StlI%=Gb>$y`Suf)fsj~__8zoKq5PHwB+3q=HM8~vOKkC(=3-}Q9Syh zHLNQyhP)_cZu@!PE^@m(`dsKc)?9FGNwYl6xNLgfVU~QiJXwNc$*wa31=)nsvdY2D zd8HCPWw|Tb{mPwqZM?C`28+kl;`1e%61Pc3Bj)>An4~kKaY`tA!Rt{bjc|?cZm@PM z^(dp}OliCkM0Ka$m&@zfMnW8&EmVjGt-?tGsf9llJ5?aweO8_uy@V4GC}CT{v5J3drAdnxS|$~1nkKv z@4PPBovepMUrMicn7!UbdB?&NWkF#PVs&@%<`Fr+OFgvplOH)^(}Q3mdl+JHeJ%~V zy3eXE%23gxsrC&Ig>FW5*8=q<%~9dr>5r~L1$ZJq6`5QFFt%S z$vX3_<_ef%j+gl@4h}zLeCukeW)CPL*cXJp>F66{% z0PV0s2LCHs>(?|u1KYtD(xZ-u`#XutcNclv2u>;SWK4rc?lJl*1G?F-kwFEn2iqq` zdKBs78?MIPScIgV$8_3WOeLeokoJgDY0@~q6xryK=W{>FsTOabyc)-Dcv*93N^wp@ z>x99{c{5u3ShChJl5%h1aiUSDYSM4yS;J3FF$F35oMv*Gu1t2yrD>LEZQL8cf1-Dw z0;()$e~wk=9i%A-h=D7SNh3D=cHhsvmQMEZ6WspRw2B3fv$Kcze$@x|j;< z3EayPO%_4Ump~XTpSLpRjCMk{pN;TBl&+Wq{m>w^)=iWYcRXh=)NEFIo6$oy4JV+T zi}#d0*&X=%bM)kS*|GD8gQ^tEGjCL&W$fEaP`hm?vc)3o`(4!CD6$*oI={kFerwt_ zAjBsfN%!GlP(7Q{vcXxJO4(VXQX95OrA=3NUwjXas4+NYk$2gC9Kyy+-?r#3Uo0rzl%#@`Xi#^r_&k&C@Fd~qy~imq3oVo0ZWNy5`R zA(3SA zZ9ypb*RHS|R74((YAtC&p2U*ODQn&~v{#L}9ENAT5^=BE@i-I2*z{nMp&Zs2Kyv1F zXZsYC@_l*_zB+Budhbtxd`FBPKY6E~(W9!jTZM_y(XYm^p;UCl?jDKv-h3ajF~VzS z*Jd54?tr8mLucfy*7W8Rm_5e&v{OQ6l(YtKQ4l2uiPHChohR|t-S5vsbW5%iG3LD` z4@SDq^(&K2o*3})T+e7U+(*$vnUOv*9_HC@EgJ3t8qv-`bz{vbz71)Vsw;xH7Y7!< zFcVTxFLfku%SCP4tfv_A;0k1XxsXb)eX#hmz3Oy_)dxC`7KYhFl9I6O&_vBVTo_cEZo(0lv z$y=%dVMx6e*~I(SwC^Y&-jp*pS=fwg=(NO}hAjyZviH39?h>=%YGj2a2MUyS15Lyo zZ_P8YnqUXTW9W~#lJ$I>MFjOge0C$!d9ruXRb&ujoH;y_OzrP!+!GtQ^?R6T*wdTz z6WoN?&}P&j8z}GAT4+|D<2c%#G>Q5LvZn|c(=&6L+sN9L(iPSSF)FsqCTu~@EdCIa(|b}FjtM7Q%fLX0`gsM&l^=5jiCt>-fs z%t3Zr`2l6-e6P$H=0lSbJ4&Gi1OWk_PwB?sBE31Ltz<4f|Lg@<%n&E2J)_D#dH#`?I! zpT$Rx6>M6_=l}#0EmR`n=v?3pKR=xg=lSbvv2ult$d2tai?xJ%%j;ME?boFH=3f!c zUDz3(y}Zz9y7>azarj9|I;h*@}$o&l? zXFh_Fh}m5@7(+?4Jv(QhGE9C8H?%vJ4sB_UixDLbBek#(yPCf~?$67kI_WI`VSg(u zYjIM}if|Jy;rEPl((=P+ApnHWo@_4I0u8v#$(bCc0x#|Lz zTi}|5u2>H5ScT<|dml|mNXKeFexAPF5*-VvFUPfu>f6J+PcizO6Db?Oq(6QxvG9Dv z(5_fO0Tc((0vplt>ZEHWHt^S;Z18*$7PAh&gWJS#v7FxY3JN(3@7Aj_1c1 ztEWT~an&PsW&7Sb|4R?Hbl(H)@`5qFA{5W##%_#8EF$cVm^Y>P7|l`t>-TGp%^eTD z0Ot8b5}75{jhW(&cs?Yic-)9%z2=Aid_4+!g}Kd2iC@3B0d1Mm$Md8s)%e3(AGTDF zfS&izVGq5rHSu@*w_R7b6TjPq-qzD9Lk>r|>6qvl>IsBcez*?jDF zJx3*uXnR1b=&yPVe$`{%{W3$Ir9VbqzV3kOH`t-^Xe&7r4y;uDF-nO+OrH7d^S(d) z%Q-?%#|#kjm$qmXJNE1)Jbb;38}KtpALIF033&ed9>X(GHzyCug1(Tz!LQdrLW2*A zUthMse52RH!}alV_K!cnQQ-TE;qBvd$2cs5QZz75$=zI=yURI8T@X3t?jl1!vM`j+ zykZrd!ip8Iyxq6!7}e|Ip5M=#D3U566gN(^rq&YkguSq~LU!%Vx)z0ZUacy*fJvRL zEj1@He$#7)A(<4*nt9e}^PD|QN8k5DjtukIFaw&V6HkYzP_W#`?~{$Ki|OjDyKm>@ zvIsYY6>c#|j?NVMs(sE0931{idwad!sCdmnScl6Wq zAk=(a=$81x3;YmCt09}Hs*y>F$lB8yaB(%xpeHzW2jPAQUt!+`Uy#jJX{c;|VU~8V zF(fX4$HarTuxTs))QgRySGoTf8e8nlCjw8}raW{_79Tp2(Zy?foA1h@j|rYFZaH{P zu1!x8j9XXqKppC6J(RhT>}R zZkdW_Pts_$m2eL?#XV*QucC1P6?1#{L5_^|v=H4ayC1aKUIcl?o-2{Q?iqk( zE+T>&lUWXgacLojIj>_dNcx?WDcyqC@_q=~V7gt}^ zq}Ef##Zvd%p1MJPkKb;{3#sit-g3}sfq&gLd+-S>aagS4DS8#Lavl7AFO>< zUY5N*G-$xUUI>YYr%=zTq#^H>Vds~Nu(A0oSdK;U&9;1=Zh85*F!{S4$sKj4d|_v^ zI~}*xHzfjtijlGFwX&Q)CV5b0PKaM%#C1hbDGw}doJ?n zQ#_t`9kR|@B+%?j-@Ua{QN3qZc{2>BN)Vm|%PP}ox;rI#sRV*7fI^)@_9B+gyjVO; z&VpFn=tOI-xKl{tQVE4|g5wYV^gKWGrs5`lcu8zw=VuG#N$JL!6J9ak_{g+7^`O*! zZ4MJImQ;*aca$E6K*ubFo}4R@;4CG$JRmNGwfa!mOBbp(ex&cSP2<{f!YMOsYa?1| zs{)M+oCKsVdgATGTTeX3i}+G0e8ln3F6z`hiL%RKyd^oK-7dZ+cO+s5y2(VN_j)G! zGoN4FD7dtN6SQ!Zz!jNcGfHK4Nat3stnr&D+vFUt?BHHSIvnWKur5A08-$f;a~pIM z&WkGe8qej))i#kwOQ&}ZrDyuR`@T^(b)heu6zRp-WR7rtvbjskN}Jqb@P&&9cZ*s} z;HfDK$@_Gr=-J)utnG`3+io+{OE^!`&Rs*DASry#+>Aq;<&WE3b}zo9#e+o5d7f8) zsS6^sQ=S-In__%01`(^<>c z*}b_ZYb|Bj)Um+hT*2RRr>bV^70}sYI^Mmi9@*@^f!-hYS*gsqkt4l#UTAj`pHE%3 zg8}CO6=N&T82u8hYn3WF$N*76IF3eT!yy*(2^Qc;^SZPrG|7Th{lZvL6*7N1z3+F| zJe**plWQMiPZi9bb8YndH-}bagfr>-V3tR&t}31_SHRHbHu>g)bi-Wb)e*=#yBz=O zOyuxO;Uk7kD2rt?26y0}^RCL=+qnE*QiOG>V74zg)=P)C^8$>T-DaB*$H+4`NzZul zynX0EPKr9k7PNm2)CFKepbYceFNY-LT#g&|7K13wWWjj_@VdZ&TKegp8MJrTAj_9* zY5e%1vdRLG>JW7~@Y2lTbZlp+r}{Dm_-J+p=jiCsvjq#mDb=iAJEGW)Y$M%^17%J^=VZ$+l1Bi+g{<~H+(Wz5%|KG{IS(mB*EvgR2RrTGv9jJT@Gb@d(GLc>g**^Cg_ zR|m*~BaB$UqLC0zZp0a;+4m5_F3pg*2&^@3B7 zte|QC>Ay&EA#@gkXO%lsb&LjOm|Uyao|h|IcecWV_v&6zBRKM*J$NC94-keXN=}aO zH{0kWC;*3B8N3_6c=lG##_mT?wRY~ik|+r)(BmwMkFT5&^+ggd3s-Q2);Ix!7Ek}+ z6@Mp6*?Wp?*WHf!U45~<95_K*xoV#si+pY_7cb7WzP&~6ZnTXt3gLRO%7cEa;Zjib z!g_vx(!9~5Qd&E|&?5)Hh*G?7tlSN$^rx? zN`s#bm2NpmvsqGn>v;ar0&1NxS|i^IMN<3%c5Wru(tV%gGmV3DAg^%n z3y6Dqt)6n!Kl4*G)*XHA;*#|S#k?RTM}?EuRc`PW6lrNY`{<()C1#~)F$WzPT^5@q zM0O0EfOTz>s5e`J$mf-NG)jzllq2M>A*-1D~T8GLe?Q1e{~rz(%OD0E4rDD6t89Y`A8l z7gxv*9GT}#-hZIRK*LcT%+uBqN+HENGQO00>h8!Ima_7n;IuKhil2$HMpuldw&bvAsn4Fqq(gtha`|DFw!3;1D?5*#Iy+`ek9UyjukW7qZ z`9jN1dGI)q=s8BNvXMOav~t zgJBmevw2Yah~;@;4r(pjF~_yyFgoOQos=rod6#3X+|9zuQl`kf z)4y)psL%-F6?U*aNaSJ(C*H73NI_}MvI*&@sXs4PaYzY|M}tN$X-|D=FFuO^xfqaH za%2~9MXU(?)MX#Yz$z_4*c+WKF$|TxBbW>03>ZFqfPJrblFdT6=N4;Hm?s&H?^|3Q@eIGnbEnkuw+}f6#^DF?J$*5FGL)^{e)ojMvW3#*n(OgNu_S~as`FYruuS1Ok?#T9Wso1u*#SuB@|IfaIHOuNmoxY`DFbeb$59;JVP|P9$|{?u1n+kPDzWjW`!RpekiAkkS&>=EbvS zZb=Ea1vm*DSrNHvmcmHsv3{2F^7~^q%wyE=ZG0iz{p{F7)!Hr)O^oDrP z9)RJQwgF>p7nhpQsWufy_f`ue4ZBo>s4`qxLgFJWsZ!0ephPSE&b#mA`no4pDLf+f z*lMyGU1~7)c_-h?xApS#n-S^9dYz5dAy?P!7|HusFX^S8-o=MqmKjpSSG)xcr{|og zPWZLfnmM=>x_%%OSOEj=?{LhT7!(n{@(TeHVt8ZI%j%M!-Ydz)_ip6xEHJl)zT*Bq zT)6}N!+g^+=yef~}gEhkq?LN3~Pgp)&~Mfk3_Lt$d`CdkLc<1Orb__*Lj>tE{;OZ_ar zZKbWZU#$m9+2!Sko{PkDIM=21gv2dSo}0x6DHbJes|aCX9#(xPxXiLstReOHXS2N6 z>Ou;KX~ShZG5GRJfT0A16AC1sOK!O~fI&51mK@gbbimA+Rk+uad*#W8f!yNUek&hR zG`9~UL4J}(e$yqX|3(=W$=P$%<0&{&f5jWJ?AFDpLrIik-6;fL84Q6tzcJqR=lzA9 zU=Xk#Q24PTYeJ`H0D;xV@EESv1-9`Vh_FE7+~l_KzL=J>3V;|6c6uGfC;BXO0%!j+ z#{rWMOZjH|zn&prRjkUg`{_umKD1_woKMFZI*8JneZfZnEb#3;?sYNcY1~3(x-vOEjk*Mv2V=PaS!ah)|SG z@2%wh9Y6>dl7i>}8gLdpwX3+eYj_&&qu$Tk2M60}9VKA8sIQ^BrRPg&KlgB|?%xpu z^u1mW%%GUT;5IlXx~O}ZMTyjnhuMVN05vEA^;Hr}XZd!?4yP6l5>>4!;dL8*fg7S? z2P{)v(`q|ikOFw2SRU1p@F+THq!b!Ecpr##*NV`H%)YrYr7IsI9{BbGaa3>`b|`Gh z<8wadB99|Va{ddU-iAk(E2S#%&5$V9f*sA73Y}_rW-e4~_Vt69Qw<%il z0OwQPh>K9K;1_Jq3ut5o@S8Op7smrHh`m zDEo@9oLk+zS+2-LJsgx6{L+U6sIfc|iwnwV;J*4mOwh6?I6eG<+wrxzUqyLeIoo;x z1JrThT}33D+H=F0Z{{kTpj#>I9RndhEaB}zA&&)c3!D3-1x*Z6Rkp+1y;-O{r)7P7 zgXz&T+!GxyN(wx(Cxf@dJ!pr?KM`&Uk@t7)b}IdL#Vn$XJ-tK!{scdtnh!r19W{WWQKXS_I*q z`fBYC7vCW^x7d%qz@MVhv^_DGS&);4fyEPJT8bgtD4y=uq7l@4PB-mxzJVr5qTAe- zFWK^qb6{p%PKihoSdp1DB6k5Nw~S{4+CH=?CPPJR^+Qx7%PTI{wowoKDyiPp@0{&K z!T0BOXwPz9`It)ic4!RsW|V>2*mYRKT@Fq_Bv@KrRIsRg_L`vh?KsoMWyaq677NCt zIALmYUV*=YY)8l-w<$a$VtNV`ORxIrJ`t?&avRvF4%#jI+Q*vhtOp|<*Am-z7Tj56 z#8t&asoTS?R(PDju%XsE*_AS=L+r4cvs+ZeTBg$>te}&O;}Nw`aW^!5@CiDpcYN{R zWvWYIY1xRv@qvDuQTvMd;S2-bWr#80!_zcd?*MDp^<4JL{h&~iPCBH)8$PJ6bWYGX=U-G(Hr!_^5r$O?7PJhBDYq07!@ z)ZEi-J(Wuym88AD#kbdVYE4jgioy}b)oyhm(pCG4%Lu)J_mV@5;VlF2w}XR0XEpx z=>##1O0aVzeX3c1!oV561q^;i0Z_5he)nh(ls71qDU$-->wO9GvSoaqb$oO3kiBl* za7#(PRF*z{j}bFt>jQhlCgHpbUpOU?TEB*daXG&P)LDmNPaT{FJ#v0NMH@*=_XWlr z2W|^099GY-M(VpM%#DsGz>o8YLGH}S!7u-pT+jP0T98iU_8T- zhkUrqyZs`Vf_!ZRxYE{EKm=@;0eDrX~t!^scHgvHSq%z$1Q zw;yRXZife0uz+dhONWF{r)EztYKB_e5gK`sB*%H`9c@#cVcb{-t@p~;wlv#Fd%O<> zHqBODPlw_sZx=f>wyUTta>v`Q1?fH|;qN6hL{*2KA7{@L*jt2e1YS?0Y2A#Fs}44_ zRTNX2%&1fsVmsc;_5epw>gh_Jn?0GmGJiieg$u#dX-eVzx---%d2y;u=w=fQdXq1A z$hq;#WrHA#s7b8fw0bl1>E#f5+547z56Cel6JyzuV&7a8d@)6Cz2G}?kElI3ZWB^J zWP>?Wq5`SC=h!HS+tM=&?Q)-IQL-C_+5L^S9EEm=#>C64-97TQ`tgc8l%m zAdtik+;5E?7E&Q`etefEzcY|UN%;|X&>8kn59|j4TM4{RSF&yCP`acdSjF!<8j>g^Mzps& z-{2tFN#{eJG`7oM;gFeF*N1Gx5LH{<0Z%7|lFtVKlS3jsHZ#n3vFvaC3kf6fMM4q` zm|mhtO()r!g;P)-nIKR?U#Yl*OlhC0iv`_cIR3+4gyt5Q4L#kS>7;UHoLLG_8#l20 zljExuAwL}gVes|-K;?IyizH`p42Yl)Z_SUIkpgSLi?KO>X8GI9AU||EDb)C2;v)uV zTM%R*xg=GL9+Jge6gbKml;mh?M#&i>E24atD7{Oj(w^(&5g-t)+h-rEAYxVBMP4U=gri?80b05x}@I7-KdXd-2yO>S_}8F>KnntIBZ{QyE=~P6`2PN=BFeW5z+=eud3u|wD7{0-Gl1hU zA)F%!vbnq0#!0)evfpEN;~?Dgo9DS)&BYFy=SrOv=t3xy$AH19E}<;!fkY)07(nWL zYVw>Ni|1Brn>Ol5QOh8@MVDBS1o6B*9?{&!0i_G{jw1&zdw{~SVe}Bmy;n=zq555C zd;HBdvj?H0XarVZU@?eh+S}_~y+!^_QUM?17bju;=s7?E6L3&x2qXf?Uv~3ap7ii^dv^Dij0BhEjF+;8 zLXWEIPxzUzM8Skl3kh$Xw&*goJ8>e*ef?zj9wDa_Zm#-!k#Ma+#HH7E{C8mZDPS#+yQaA#B2gc-16qf4^x`fQJ zju(H^H@X?T2t1P1`&1uBU?wn0{5VAUWrCdh)m7~KV;F=jnlniA0xwN}6FUIYketxL z^f^tjuR#&|O&xpQR=hCvjYK$|$_a6Lu*GKU5#&N@3Hcc9*Ba>!E1DbbG7X$9W1aWx^X5tF1cF``JjG;mblF=aS25;cp#iMr8(F?@k48tSG%+!g=^+*B%DvyGVp5HV z-Wt!2!6qpS&I?HIm;#UAKC~iOadzKs2#GdjC)Za*n3=2hO4;|^4cGUji7h&#>l*{x z329&;!r(8HjWTGwu9~Q^BMlsm++`rq;pDIu&ha!f@>HV&&Y-4;xWECIv_Eu?9iwW@ zxuI9NYlS^)CB-4l<#2Z8sn0i< zXO&pagrGwls8Bu-G4?JV201<>_>{IKa2^JJvv}6Kwqzt0VFX8Z7EC^{2b`G22yS(< z?BkdTq7AVb>7=kjeyEZ38A?g(RpiODq>3-P8#Dc(mB*&MAlUSZSuZZ}nuF}e(*kKn zSCEB%bmJiy3sr(g*zNZMae1MC_BvBa;1+IVm_Elg=#I|yQ=pHwZk7R|@qu`7sf0}O zgi3^X_#$)pMcgY=%F`6N!T#qStk5ApN}DRS<4J`{r%`?sr4bM;@`$fN0u=dp&|ty! zIQK@v4rMqPj0j-lr2+y>u4@9;_J%(Abv|zwz@Qk#)Z=`t9fZKVJF}9Emr^1A1pmUx zwjalKmx32*%LBq@*ISEG@|$oW-DJWtvz!`QACd#A zWtRdD^7a1QpPIK`;A$4l_%t6L3V0kPo;S2qPsHl0704~|@sZG(7T}1`_cl&CDw$UQ z2zPRm(Rf^>zw#JV@k#BWc1(7FE)ZltjipthpC4S~FggRrdE^-dCaV`giQ z#d!o6{Jb(7b^r<3Oh#TJweCzsr4Dy{egV%U$7bSIUkUZ0P>0{>TzWE-w8-fW)+1&G zhi5gQK%ZTvn~s?i-hLbyLLzQ2ND*xyANtw18aZ?3DTc_4%HQFM^t=KF5U;xmhi^?( z+aAy#U%er4f#Hzf+pZSkQt%bQ*glp!y+Bq^cVz4Vif+jVc)9plEE*LOP^5`MpNIt~ zOHaXDj`wS4A2UUwBtmf4I4mm+;zRu%KRTpY;9aq;`^roV?7^N6=f3eWAYVXjFpb(C zA8-z@N4#K?8T^8WsKVS~1<&c5^9clUF(~UrT(!IW7z|?r(IU2&l+?XfUd@NJN9cOo z^kQw!$4v8wp6CYXk9|7345xMX2%PVndA(oPe2ELl(BIPzkJv1Q(^slJwAAoU4@n20 zNFT|D87C=mB`sZXIa%M8Spb;Qj}al-K-Zj(iry*D@%GC}f*p)O?h9jb5yUY0+a zNQ0=nluMDRC&o||=TV=B=_+Fae659uGY8_DUBfwbUZB2K&=WCyk%k-s9}jOB0iI!0 z=hw?{J%niTY-WKRFDO3VU(p-#eg-&!t~(A<83lf6q*oovsiXF{SvZI)SRq*?r__26 zOE^fUW}Ax5gjt=sYI}TGYs*UrfSW~h@y?Ib+m;Nz0G4U@1DWXsWQ`8R0x8RV3A`qv zlq^*df#XCZa_600eE^64PhESa0q|Sf|{?Sr`_7Cn-3n~H| z%7sxr^723>HNogM1E#KxLos0*nL|*daCakpz7aA*EQ=0VfS@5F)HyGno85kR z8J+_25`CqNtjP&_UbkM@>%?&K-E7r%m)fLb-(b9}JO|*wK&!L97I@3gf!3Sf$qeWun0KGTqTyRhH_)M z{lSGU16iyION?jm?(=)MxaIqhli;u9InNftw~XYp5ZOKUT+S1gssy<)Ps|VY8~Y5v z5e>OI{QIssTG#F}WRyC^A%f!*=SfSQ%{HXo7nr1ipWtW~y3FMYm~J~31tAZS(UkZ1 z(|{~Rn>1ckg85cot*==3JZ4{`jktAWNSvmjBlxgbRWlp?nP$;O)5?Z zmZ><7iEdftqmo0yYz6Ts_rmv%=&kjMx2V$N_VqYQ@}aD7XI z`i4jj3a-FM2+vA7*s<2^UBtWG!g3!@Pf z$XNAuNJ8C!goQXU;s0~c9+2xsi5n)C5LN_65Hm%=_m9kH^K9X8`r-{IAA>53uc8=U z(Z0XGc7jR36>D2iUFm86kPgcIeyxhFKSa7P^6q8|j>g(M)N?|>^SbUZmcJSy}DdGb6Blvz=S zuILVh!#7?UGf6^1B%q&DK_r>!2uB!ApEc)$9>~83D0sKkn7c?O-AS#(lp#$acZL&= zYV+opOp?jUk!UgwKj7zF_K?H_#qC^|$l>LYxWtb^kwX~saKzSxK58XVJz~_QX{V;3 z6K4d>Hj}od3sgaa5CoqSW^7jhxKKDaSKl z-e6HIle*H;csdz3DmeiRmAZm%lPAnE(tZ-PS_%n|#{u?v&aH>=kA+lA2#W#{yNtL8 zWYC&3;8vI{Cm`hnwYV{#R5^47wHVQP1Wbg+?}UGeM3u_Um~jNqG*=`ETe2as%bJ2B ztC%PV9nc(`v8Bk#L5MhCtM%R75$NfD}TlI=Lt(#US#H zxCBMYr;#dn5L~q@^KOUC6^|xDDe$WBj54m5${-%XH_FVkFziSwBAz%8N~jFEklw@# zr(8jE#;uKKLGM{bLE0i!QyA)DbeBV5m5_3!hlJD3np`L+bp#<18YTh6glR$Y%j8;B z#AYW!`Jhg?WFi+xVc_OvA=j1B#)3YzH!2JI41^Q9Z9|%zJ(-7S1IdlKgGMogO*4>- z;)}EqpIqQKMGWArg`ysV(g`J10bM{-;P6Qq>B%a*&ZLUaOViSThwCl^f&^%;BEhqY zFdRBL7z-X%$8AZaMd#zY;ggYZE)*PrNy@x!Ssw1=^ITfe3~iY>4MjH;CKICuK?*Sg z1!$0~gIiBOsRDUx-W)Zg zQ?yIz(jX)sBV?#i8hns}f?W;u2zVhJ)#q?ZZD+PN5$H2T3}U;wNJ<-xMko;`m1$6^ zBj7TGltRcyGFy&Om?un7#}$_b#U_JJw2oov;a0!4<08kA0+V0{>xGoaV zbL0UfbHHZsN6Zjtbf(;9B8n-(o}wID#Zj#q&*)T{n43`pIWKn&msG|8aWAh)<6IZpaDLfWdsqFO0} z>STEegZf=)B9DQ0CQ!t|NmX$no+vW}LLO$nwB)loaZat|3WLC?X^?5L48}oaGU%*S zDGD6FI#=X~G_jl*MKl4f++ZTOi6R+@qPQ}kaY9iN7@2^3rruGY6n#S37~iJ@O>MB|;C#yy)E{G>UTc=Bbp$0=0TviMc*rXEWnvB@9nJ6vUDk=xN?2838G;xE2jasL zNz5BE$Wv58?L%dd))31eYU0tkC5$TeW(rP`9hxE(d>J@hHY&i?Da2WmmLnt-QUU`z z5pF4GPy)1Sv(Vs-IlLlh`{r`N;z1GSODHE4ku;bc31?+!M{LRBj-bW~I9)=(C4lnH zSdb^=ka2E?Zvp_E9G25+b7}&162_7?3%C>%QX+9wMF1p008?|M%#^s(q}LSHc@^AL z9+6QIz>~__IQ)Xf>@8AJdmaT_4QEPe@emddAmB?w6}}@W42!t95;Yg&+=vPH@yrMc z9oL>5_;8H0Youxgira_;mnz1ns1A@BfCPuHwEKBcB~M4jNe`5%8-vijWi~^rPXONg zc%_X6c~rMJQb2h2oJsFgh=ggMLj*PAVVnynTskzaW9$izE|F%qk(n2Qc?jlhOH3#fjK0gCeiWZvslDC5eM1@5g7>9SdY#x0clh~#~<(B|Yw)C7?u^?W8$ zWwYA~w1}h9VuD~qn+>M%f+_}0dPG*7mUxIrHZBo~L=thr!SPf^WYge}LV2c9Wx$di z%ow&hnENIpuopo)vC3mj6d)RDPk~sY)+D@0RvFD$bUKbQtMe;t7A$H;GCrS+8^~fg zF;n@G3Tya$J-E+CIkeRnVy&zJ3|l!BuNCEDIqfeSHzyBzE0fdi;RE}Tt z$3=Y9s_@1&0FwghA?wvkNhy%(q`HBf>S+OK|9MbGCSDLO6nKCCs zfT%&?h!4^Lft-YLK~;T7;me{FcI-BJn(E68+ z2|^Jsv-4+kCP#)!C+(@QDFIMmcG%}}2=IfsD^A-uVUNuc^kIUq#jG);pveoSlq(9G zBhXzPcW`tFT;l%Jc&rY>?N;-xSb&DHXIu*C(2Yo9mL!ogCEYn@_8bm7NkOrf(Pya;i;$#lqDBk_Z|?9EvQgmF1x6PQ|z-@aKavLVGqUjyerW zG3_qmk{QJObNRv?%`^g7Y0w|y&1O#CmBC5pN(pRxL%r-W)j8%4xKSb zLKMmRH9Cvm3*m1kL#SIK-rE@{+4 z)gh5$jMcE&A;}cILY_Qnkor)8G$4k=3D0C8xE6=jU{nPV2b90b6ebJ6g~HpdfCd}J z8PQNyw?CQTAb6BAVjM0Ua%mWkgeq!u9tDxo3IHrTp#Yd&CxCURM1l~rylQ18lXMsS z_E=0EN-;_l4#K|yBFe2&`e91krjXA?gO3LFTWLFoEF?X^-N&4y$Px}%5v5h5!?IA# z;>}VSXxu2c<2)V}Eog9|Dj@e@=18Uph<|x99CJXvl4sRtRK`?5)>25vLbgh9LtMrw7^~z z@@nZ&vB zl-Q^!c#FKODIA0BO0*aihC5aH%cY#?qUJvk0hyro{5wf zB^hxcl)$a1Ng4qh;v@yzG%C@17$qsdRgAJg(`pP-ktrXR536!WftQJRt%-<*pVdU% zDZUC5h9qFKIaJ()Cu)s@4(Ge{faa$l#X+r8Z_A`|LCQp?f;yj2U>0Tq7C^7o0G5Q1 z5F`!UA|R#+Whn^G>m1OBC9yf;IvoeVbxaUq1VgBD(@I(>yGCq{<;A>MIFqBpXecGA zETPC`38G-j<{bI7C>9nQ#83^Fljx9~-&H_7e$Y?~Xx#)L-vB0qr?66_Sfk^l3n6BK zu(Ta)L8+gYVb06TeF3pkZG?OeoybKH1QJ)m%6f$)hblVL(P-8|dq5d5f+qAJ?sVEN zk3pTI!11+<(A;e)3bcR|$Z;}L98oz<0ZvMa zX9#Q5Z1a*fdnA@bL{JOrSVc&PR#z@D=FOqNrW%1I~2ahshA zX;d2X*b_!&QAhZa5`vSEMGMAoksDPOU0KZGz%adyle0QvjCqm`qjZ`B4j0OIB)}j; zgB%U*(AeSz+^I1K^)d$~u_&No1?6Q$M({l0=>bxKR7eEOhgiV}K@T*NrS%vT!U9MlB9e5cPoCa~re}eJMhH3VfTC7YjkmmSlqFpmn_x zG!Th7p_>=%m?StqN`J@<-ZJF;0OuoR@fIUU*p-7~FoB-w%(cfUK-TdR-f&g`%O&=J zrbQElutJC=1JGGv4^u*?*i!UkRL7i^Geh}?K%$enQvd*hg@P!} zbrG5{8sO9VpxtkSYZx8LP)@9rBwcABvwH-$QQxmB0eb7QKR~} z-><{;DHn;kIC3!Df+C5RZzZ%?y68zIvpTLrByn?8u{;(p`cQGkp)GhJ+=VzK1}&Ac z>p%emOoT-zf|n4DW-Pfhq!9tw6jD3P%N6Fsn_h@VZ2_4^gy%W&cqHm2wMZsT>T@)v z)_{u+DhEwFBAjTLu_a<_5QVJF;ryFUj=k_KnSt|N^pF#(s?06G#BMvL(%^ck6ql}SC^pK%vrkTY~z zO&piq8_1}{R*ePAffWbH?cs1LMti+QtrgG>_R!&lr&gb|d8*Z>b9j1sQjCk!3>!WEqbd!U*>Ww>TGY_r@ z`TDp73G#dnk1oX(iwx!tgmeg_vy&VR zSuBR5vA79$WhD|d?V^$?iN)xEDke^Xr_}HvI;989k0?YeK+~W~lfmIg>zE&hOJG@@L(Z>|<(JHAOx{*wP931AR zl)1QGr^L+BRNTPTLX5&7xB94nR~6&vIZ=_*Y1D~Anm`bf1t1oZ7uw=Uzu)c6`|*SY zQJ4$45YBP(&D>lpX-q1hT_C9mNzBPGj{^7#HQ?McVS9zu%@>kMs5eTb(&m^o>&7&e z0v?5=RSu6PlioDopQ<e><50z8 zk1J(L9zQC_3S?SGVYD-zDF95E1sYq_UL?*(ye@vxnhVhYSLKrF!j5#%?^bd}u>zq= z2pQv7Vu6Z96yjTyQ=@}30pQ=m4-g0^N!z*bz6(;kjDmR|p*2MA1OosM(-teL5xMPo zXq+m_EnZq>4?BY{7Xg6DaTmd?6Byb?LT|FWeUMK?Y%W;{hPdD1}@7#`AcbU0y83x!^%!(tCw ztq^93L81bZeE?FE^;?tBE@09?|0$O)7zu$4ioEpzrowSMEnJ~bCCj5ZZ4`r( zf`YsgIz(-8p&;pZI5O#^4Pr)aQ!Yv%h>nINv&rfzXo`9ZVax~f5xzQ#Nu*%)13-{c zmJ}Ja5M?9s0%hEqHF#Y{Nt#y>7`Ryu3eQm_grr^$ZHYNmK<0;qQV?N@JS7L(gSgL? zM5GBg|ruVZ*LRACt*MLb}OMAK%m!W@TECAyeW1Ihr!H{;5nk@6E! z73g6>Jd3BZMTv-S^BWvmT{i5KQ{XM(s7EHlxDF`ZHs$g}99EQ2BiU#IF$rX}%&81u zR+J{AZY!#d3DgV~0_qBzix6Z7o{n4q=FUSKgC^kD&=noVpx9=IUKOJ`g+Oj4$J8u% zq2di%X(GC!O&Lxk#7<~WO=^Ng<}odFjxr3Iq)KQb4oYOBATI&2AjlU+8H3St;5ouxC;IYsk zEinShIzl2&0?T+%h%rJoMT)2O0>+#Iv`~Z-)y8y?Cn5#hA_+ByE-y&9HORoGQqXWp zM*WT;Cj$8HLS51V{dh=9C=m!4BRi)@0(y8Wq-JR#Y`~n1zBjnE$s&01Hon~s?T_BH zk>@IcBN78b5X>MmNiiLy>%3gGL_?AZ+LR2$(h}$fM-oAfQWE7l`ChLrO)$|`fOeGy zqa^4`yFHrFftbntzGB>_LeeG!fWMe=XjMr9aE(hV40>IhAjT!4MhL9HW{5$+J!In~ z4Os+UGnD5Ond1Q^6Z_TYDDW@!g?K8ij~J{DW`3d0L}THF?NCB(PT~xxZVW{M|4k6^ z8l4f1KBD(}DI4uAl36vAcS!M!l-deac)$)LGvmxC6($7ko{-a-G$=#^71M!-hv)EoMLpM`EJ#&M#)MDEq=?C4ObMxim4kZ~ zUU>hQz0RMBn6royBD`9fLHcB({xCmg7r+1%T^7;>E?g*qP-cCUFu0u_N1O_V0HcyY zvV`|k=hZ_jDXq6UYg$|1i7W{E=wRBlF8K;l|!v} zfybC6J;tm*;l-VlgMr@-N@*eh-VNahF~OQlpn&DgUJTp?k}E10XalnY7Y%ZyPX)7t zXaJo-0x?wRdV=r=xaL+hq zxk?e0VRArKRjZ4n1V9}CNIx1U@QA(`h~)i(9ADryg>t5RERrXRvG{Iozl#FD1#8@5JO|VPXV(k zmFn^shSFjH90CwIC>SNx8lr%RG`?6thnnfUHe9qZ*)f!6q{hq9`)zUNc9bsZqvRr= z!>hApJph}UX5KykbdVwdpy(olpdnyPIvh|pVWPBQha($-ViAid<51cXpy_ZKl*9(1 ze8Ha5gB$|Bf=dTk5rGV_-b|hXo=7v9pHr$l?4HQ)QjQWilEK8cFB}&_~nm z5S9;sIUe9(#Q=fQ;GVb)f~bMY6Cor`^H4xxwaO{L5l{m)1}2Dc?74!LlTlkBPpI@SyB6bBpP%^YbArGm< za>@eOyRrbY$5mdUP~a$Yy0AG7YotJ-BnaE1rSP zUZDXnT@cD#6hKIkfXFB7 zXfzapX8|iWD-t1Dxh)Zi!fCV`m!e6)HZ^E@77sM$$Elbhl9t(_s5Px}&^baJAfrB~ zg2`-SQYB3 zqzZ5%pzaj1L2&$F|E!z|jgrw-<^&#h#ic?*3|EtDluY>uYKc=^9hXvYE2|82s19V5 z)VOR}lZ_jJ91jhp3EoQ4gj{71&~cfaP!R^yXT-@-+klbG8@H1%xeqG<{3;Qe6EQOe zUQ&>WKwIV7a5#E@Y^ERu@h$@|7K~y54#8M5F2<5EhB2c zSNXKGL}Sw_f?lu>WbmB=Nm-T54rak&2eWd8B8WSs#Ca=}e7nGOQbc23@C9hF1A+=C zP=jDuFXoqX4us-Q`xz!d06#OY& z2AxZ*2$-0+k``zog$JWg;GlrrC>Fo3S(GHCK`fOQ0!()Zu$rNwKF7T4Fqi~|SnV#Y zmVz7&H)mGkc%`)^BsoSa7i>Zqcncm6ggLMPNGAB#{J6mufwv(pLwMd4W~RV~rKDg* zkhZje*`c6(fTvPKz~j_O8C?PMn83L*#=;0{-F~hN@a(0`oa!uE5eKD6xL8__0Q5X2 z<*T523x&W9{DhzOM5T!b^(u&$tX=R5YnU>c}xf3oil){grJN;L&fdVuz^D; zh zpypH&3FrCtN<%lEgNk1!IZ69*h19A=Wl&p#GnQA-oiX^y+|K0LfOZlePjjy3`|93t@gaJ}d_%4Jkcj`^|ub z3!9V-j9GmEgWewjVoaqiGL775BltvAtB}H52DB^2K-6Gx0>y~ch{Z!eoY4!#T$t8E1FRY#0%gLi-e%$hZJP!t5E%Q}7yw)~ zh)EbDkP;&k-dxat*#X7}Q~NMd>JTvvtuA|(g5Y+&dV)9Hy+7I{7J4D<`QlPhyiY!9zcsgbkt^<0rq+*2=f*=q|ISY2g9O} z6Oi8kl^Uwt(vW@fi}diyVoYq+gK7#^B|wR|jk!QtPw+iv_yVewoB_f^p>#pZciSWZ z7e)qCHU$A{6)J@+GARixh(#(JQziiE$eC6IRltWLRb%ji;UR+^&?k(6P_Q6F)D+5x z9ggu-0W(mcmXnkKD0re$W9w1Ef@IW}b`y_78UsDrkVuLI?$GuyXK9$xLylTaN*JA-w$< z8PF3pu=F4z#E0yoM&v;qC@1Pca#1JdjZ0m?bC8l!GI)H(Qw>*os(Gr?(`9OY7=sS1 zBC7#b5Wa`+>EaGU>2-$co3NclSUfCm6!#r zCT3Nf<{aY-dx~nt(}rV=p$@eafXZBePp~>tRgu|)#XJq5%U1pf-d{|L(1`%GN)S2a25aW@L&sg!p=fS7{MR%kaU>C@5}?K zXAV8ahRqRoX0js8(Z>m~;V}5x%+ZJBz`&{stj+EXyy;^2@UPvMj$W%P-6F%d-4dG6=IQzbwly%ks;z{4)KwEXyy;^2@UP0(ULT z^2@UPvMj$W%P(|fvn;+EXyy;^2@UPvMj$W%P-6F%d-5kEWa$vFU#`Fvi!0vzbwly%kpbvS$(orL?w=os7xO{J4G<@=k1!E`hNr*IyOmZ%()oWp=0x>u@;`2Xz zhKCn>k;@ZEgd#C>8Z#{7!O#BovJXEiT+vX3kpPu1lJ%uS9vA%Z{xif~NgvD_Gh1BF zgPHXu(>|D>M~D77H#5WZ3>B3pM@SH%!(uK2h;UB3pMaF#Bdr3=r8NS>di3uo!V zS-NnRF5D9^Cs?|0mM)y73(sK@mM)y73uo!VS-Nl|FT&D=vvlDsT{ue@t`AFDx^R{* zoTUqA>B3pMaF#Bdr3+{2!dbd-mM)y73uo!VS-NnRE}W$cXX(OOx^R{*oTUqA>B3pM zaF#Bdr3+{2!dbd-9ZMI^(uK2h;VfOa2Q#vC;VfM^OBc@4g|l?wEL}KD7tYd!vvlDs zT{ue@&eDambm1&rI7=7K(uEWDG)ouG(uK2h;WQa#>B3pMaF#Bdr3+{2!dbd-mM)y7 z3uo!VS-NnRE}W$cXX(OOx^R{*oTUr@ccu#$@&%nGf6Evy=q%*j=Q@6jwV5O7j69%3 z4*EiY;6n;&ac9v3if32qK81AP5i2x9mke;&FaC2rX`T$uiRNX#2ry-1FCq+M_uv0x zIHxO5<02u3br}YU>YY-76T`HGQXem-jB1y|)QR_CME{KD_y0b3GjKWoXA<%I^Zq~0 z==?V%-I51H(vL0oLqhJqtTo8W1Ht$gT5I9`Df`P>-{)|5KcsnoNb3II<%{QW{sCWn z=gto=1tR-be)vbU@sHj0Z|K5-WSt>)e~jMyA?3RVDA|2LC68u-iXGV6Bhm+4@X?Uh z%W&JHxnL;mBY;Gl;Udo^U2!<}A0qsa7ydE6_(yEw|0@#3{TqoA@$cXEF^LjB;NE^* zq8_q_{|kxJ18VcXBToNa>EZDIf%M3I*^tNA31wL0LBW|^sTAca{6mTQ8|nEw%HppS z@-aHbNXld4^*C2NAHJ&moGvf|C1*tDq4-5AS?MdkeoTS{5}`=^P_l>zKVyjQAHVFw z&k9#G6k+(`RlZ2p$H*|8_`e}~0?~sNdq7Ul5k3&b$3#!`cSP@@g8SDIJ^q7H{zdfu zMhJW{uQZvYb1>1K2*^*!1Jj&JyOQbueE2az_^YP)hs)yg1{l$R?<;ruf4&*t-=vu> zS@~$gM;@DW!QYwmhsTn>h$|h+K7KPU^7mHazcYmY7>J1u#nSL*XQ0OBL{?|6knlftB=VuK)SW{C{s#@nL?L zDf)|a-rw~8j}@a11e%LTQ>jeS6@wj)`)D)0e`#TW**EXsKlMNn!KeR2jmUkd%KptX zB8QPqW~m;^;KR?4y`29)(TESM&Ho9RQ-Kfje?jQ}UAJK&=Wi^)e<7i(RE9~K1|{;J z+{=e*6)ftYp7#3w>Vj5&>kYXANmum2k01O1bPw!a%;kQXT2E0@(y~M?ms;|@FZ8OB zw_raG+;vo6HrRxfHn1#ed7xXr%hR67zR&B$TcD~=IPUEc>9qhPuLZh18-wXY#W>0V5-Zd5YNpkV28#5d1t{JS# zFKbphYLKFPn?v$wf_iNlxt8GqyX0}fpHKyEFb%A|h)6Thh z)ueMbP2W4>?&*&XSJ}9&`shPlyh8^LTiWZ{o|*1@Kjd|(8y&Omtnks(?|!d=_|73E zm;7KshY7DY^FG_H(;FM_9RHJBSo3<1KgPx^-=#e?QmY z%L}{-M8DUu@`L?l!Ozb%=^yXA=JI*(`SZ!H?FV1a@90;$YU?kr^L}mL0STP1^}~NG z!E|of)~8nXRo@m}y77I#@`~<*Ga0UU{|Dv1egkGVxH;-w;mtjRj)`9QP?-5}W6gbz zDrdIxx>VcSzNBB3H4Vypgf5LNHNO6O29GIiPE@IO zy2{j^$Huq3qo_W>acadHYi93BfxTp3vx;RUf*Ln(4LX(^ODw1REWy>UTn?A(Fu09zy6J4I`WKbu9onvm4!ybH zmxldozxLJsYAv5Ho%N&i$W!H5-@BXMIo{2>2x)H?x}}@%xnE#$HBZe*X+)^>Xme@ z`2D%oj^V@iO|S3{s#oo%y*#h_c3YGODdnZN>b%})`dg)UHwhPXp4@kU>A9aI zy_XD=t}PuVSuuCYnbP$?Jk@f-E5mnQm9OuY+_9^>YQ@0;$8WrOd_?h#^Jv}EXnk9? zYXjOTcOL2?-IR7;D(`FDJ*3_*p9Q~;H9}5qi60A1-SKMgo0^3^m(2X=N?C&mhmhVi zt}m-zvAC9zUYa8st~Sx$GXj$C?raifx$l0C)aAZa`2ubrCr+n`0OTm z?z{C>9M$^T1$8S%)c#}LnOA#X?={F!l7F$ge#6Booeflr^pI8WMc2QasWR|oy+K! zwzG&Kubw`2>o#(Iul0kbO|SHrwV4`NclTh$)SI(x>-_T84Os4hJF)4or?C5%U3 z&`i-7KkbGdIZ}1ips%~kDO;XM_T4ZncWTW2rC2ke^_$-7pA2c(zfUo_(t{?9J!wP00h(FMm$T>a3f+u>s0d+B0NQH^K1cCU8VziKnp=}GFxk)A4l zHfXV_?B}h^+P=B_$+ty|FJ#YrG5f_0`J?i*)3xrU$-MlU31ai54ud*JM|3^Zg%f+r z^?TLkdoS?&wH?2w&)DIw&5Y<*tT;M<-AC%T>j}S#)w$PCQ#Dq7Qi~V4B=5r9mi?Rd z9L^gxL42@f(R#}FLHy+Rb-w9gsEEv5t+zx>S5kXga*;J#=uyAr=XWbjm*gk+BM2Hv zeIqNWTe4`9bii|&B^Q&=^_^JtUSjnx{V>CabnQkrFa6Y1)b=(11MNC&O!pVd?7jAM zsM*u7;KOb5fq1a~)r2`S!XF+zWlxWW;@;{@OTUpcx=`nxYh!X-h{(8uz5CE*&(!+x z(27nX=gLNxOVf2YQ#*8Av_O>}{mkthUtZmLYs=-W4aKK-xj+!N{WSRHi^@To`kJm= zdcD7{)ugZRYW;`Jn=s-+pKZ0Cy*_Bu*V}*jXs>Wb<019mI@aadozZmrGx_hTF8ER4 zCvwB~5B;i{q4udB^pJKN?sC7d{aj19`ZA~ejU^px;?8%g>l>Hxo|BfV>(sns8`r`A z&Dr7I4)Tv)oY3Lcj4zun9URg$K3=H4v+C8ZGa6ej{ycftptC35U3K@99gF1Enq?0y zwGGuTJoi%dlhr;t*oc_TeXFguq9#%0maWh1k6*8{W9G&BbxW=uFUh2q#y6bXi*EX% z!HL_w$}gYqoJp?P-@MM0)Ae^`wR3fy8a3ZM{G2n^?Q31D2_aw4#;dAs{C()MckhN) z>OUJrY09Y~1J8F{J3RDoXKmSdaFe=IS|9_>fl+6V4Z1Uh*Ht*I)rAvpA34k0bW+fw z^z5PeHJ@G5%~Y{%#Cu&N+m7sXHa^_q%!P)(&#tSRC=le4Ntec6?=<4DuW_UNwiDA% z4&Pb$Y>RqAd8b-8=l^DCG5*6w{F)ovi34BU9+mh+x@LE)_}A7coYbs^{KHh;x}Gi9 zCocVVY~7!qHGWv$Yii(PGw&S4-F#E4y??Y>_ioz`eH&GKqT`s8-?SZpZn1yxlBKM{ zPG4W!*kk9KcKv0*we8Of_ip=P?bOhv8@)E}y0rL6*TX~R=(dkP@ywY?+#y%$)VjGt zxnfTLG2VANZkRd4ckt~h!$(f|vTEne)X~l5yXWiY@HABs+Tr5sq@qK zJEs-*?!UiL4*tBpYJZK+6Uqx~PVY6XJCScyv7&RMg9i)yKi=4+v9@ByOw((?wmi{<@4vBx$@CCPe62-TC3|mX3P3{ z@15N;v;Tp&rwck$d|&F&=`XLX=o`A->C)2o|LFeSoF6>PzgXL%Nq@=U1+FWL->W_I zsPvWRHX7gFu{?jkxANM@NO)-d;+oUS28-dO3@X8SVJ|H-x*AZ_)I5YLQ)Et7morUB5v$+aHqA z2S;sd*6+l}C*eOWnqK}L?tShmxuNUir}lmZ6SBR1pWigE$E&V!o?T&>_~)to0QXD% z(6SB_mVVp0-(A`KXFs!Ws~Ya!Z2q0(`HAJ$UppXIU#dPXxLe-i#aA}pI^N#&^b7Ut zOqjJ|nxt^xS}<9qucDm(^|$=C0cSSOORSiEZN6_$)WY5MW{qlh*Clpd#?Kv~%LbnB zJLboB0~4brUF9{s+xl>NUH#{fwqJkiagF=F&UYJ2C+#ZlYkmHM=g1#^ZQAa~kIAJK zScB9Y%iIa&Kj-J;b&izw9UdMk?t(t?ZH)!K&^rm=#<$5%gSTy6GK< zc8F$Z*8xw9It}G3YH;KYSGIqq1Ee+CRQKew3mXik zEF;Hgn(x_Ivq9ptzsg&k<4@gFeD9L4J5gUqfuy8LdbR&_-kkD7?S8Aa{VHikT2AgN zp3Ir8%TA?BIP)5{k|uM=g~c)X2VGWFon5E&jd=Tus^R-b9{6I%*)5ZUOQO1s!TK97 zYxlj>U{|N@zkhsE{s}iuj6L?$dcOBb;bEfbfX1~d25o6mvHo~T?fj&mPojY4w+$d9K}9dgE(n)wLFlyMD0c-OlR{ zzd!Y5Fo$|H7(yO5p9+4`pcw98*flI56oOAyzt`HomYSQ z>hy@{lEF5q0bK8AAuiNU68s0YkeL6j%R#SRX$&A{Awl3e6nbzQm zPQ!MZk8c&+tI=BBX%;uc{~-11+>YCSSlfBP0>MW^-krPp@I~@q;l~Q&m!-81pAcL> zMc!GmE%;5V+dZz8%U8VQoc_k`8uwbgiEC~~Pm7OzfA&}^^+$;M@{5^kU%5H^z1iM7 zFZUVV{-wH|r%CqM*N*Bo7#Tmi^NwZqRmXd`e0{)|fAn6ueXVhKJ%7|oR(xtuFMngz z6mZh+yIb!|yASxay|=}Vw@~Nb(4Gx1-gvdo0mG{)XS-Lf;o(&d= z½zVPZi!XG;QoqAlXRt-nntHVz3F`T@yVe@6vFShWt$mP@;aFN($qq#S1_Gv&{U>q?zZ6pVaF4&D0i0yFOaAeJ_`}HV^DqGX3t>jrXFQ z!5wQYo%iEA%dU{Erq}8@zhdwBNAA>>%iX&l8SQ=H@Hfw$J2tpt`Ex_s#t%29k4}E{ zRB-#jWE1%r`I~N{M#NY zWaT1ts6X}UFGl=g&nx`xdoG==Y8ZBSM@ek#le@~cL?$8Udq3Lyr+?jgQLRDLwx&h; zR5$&pW*02hbVT`Lyk4SthiTM^ySc7|hUQAPXP$X9O}pQ#zjENVc1soXt(tGe%WhpB z2tWJ&hUMtQ=SG!(`_zg}V_oyBF4BH8w8!tJN6vTMrv^V=LMn^PoejULE>VtuW!cOI zD@z8ADEU-5YD4wu>yFK8@z~RaM|QtZAfKp^luT`=-S_nQx`W};p}IZScBLdy3tvgD*nX~(t1)P37P*_rJsRnvwGD2z7}RyylSh7=`p&*X$M9M`JB}Tv z+V|dQR3E*T2|c=FWb5haGfla2-=difR|Z?pzFvNDP;FDr`QTQ|yOzE3+K&b6r>-)!m5yS4h|Vbf;6cDzT&H(qC=Dw8M9 ze|6JKKW>lR8z>#TLiguXm4D5^)2BXE9_sGT_-5Q`d0?V1cFr|u_2H^-O2|GHH^0`@tLOGrpSbFh)_U#s zsZp=)TrT@y$ZsvWrkeKJx%b}AqX&8&`T>4tc)7_{{pSPDjq7@?{JjR@i~D$!E+~AX z&UC##{_{1KZNG0{#$8h9((`Wn*7Ut$3(fQU{P^>0RTNV9{+9AIZUC?b>(S37a z<_8<&*Edg3ay8jD`{yzF^$SkDlDz%v>UI=yyKSOjhd0`va*Ou1$Vf&Xy3zG8_2I!yfe)+N2(m_Il7BVpV3@fPd* z2;=((w(5H0tu6I#c3SrO;R_XB$k$yws68lL;hk&zX%A4L7E4Xd8W_1*j8;4%t}cAYdXP|rV0Svs}Fl{@w3 z&0lli_Sn?fkHe=r^U7!IuHR|AFSB~?meg;J4$n$?ca5HZ{);=4-gxrOTi^C|ZYuw9 z+|W+O&(>PD71yjgT(YiqdF|5m8Q15(Qbcc9rL&yf)duMX)-GvYYtFB=f8pB`yRY^~ zrh3sHWk*}DZ}?uHvn#6a_q!=_#eK7A;!jno*LdQKdD!U9RJ8GotrczFy}NFgd3-0b zssFaP=a_DO?yQD~qa{z(4YWbtc)tCj(Q`(;CB%=t+M8-TC{^05@s*D}pEsjhH?4d8 z_bJkuT@%R79-nsMP5PzRn**L0*16s{_uZX?z2`xg%kk8e9-5isKMovKk96&Hyj}j; zR}}_@f6di1r<|S-w=MHOQ_~gLv`c=I+jGp+^p|&*)F1!HQ(vv==&8WpI_PiR>f?(W zf8?J%v9{;(J>w?r8o4xgqVdFcdi{K*`V~!nQ`D9?<+nr5)V;SeXP6zf>9o@t@e2wP1Cg0{g`eXcXHcWIY zlx=SD)ZSf@xDxre(ZM!T>o&UCd9MD>@N+_O*^0H+_lK9vTX?MD-0=C&kKT6z7k5}( zZm8Ml=1;`X@Pb`cZ*nCU$_CDx_-wc5FK_8lYs%(ip7Tba$~Uu~x!HT%wc|Z1ax-i0 z8~XK*(&G3Jr*?#B?TD|wnYEi=LX{1i_Uynbk4HPVGNH{Tl<|Z=ROW(M3ZVu9Y62e zvGdoDwccY@Oo5U&5ag3B^wBQKJHH8pIlP?@HpL=49c2s5bb~AOWpj|~gT%jxR-UVZ7>H-Xw$tMB=xq{WlF z`|0|>fv>xK?}L#@Xverv>%LFF)h9Fbi07Q<+o|KupZ|6vPk#KVp5N;IJ8z8t?$uML zoJ*n~{nqNlRe12P+n2RFRF*@w%nulD%zrmXY)sGK&v>`|;3uAOV?Vsmui`5CM%mf& z@++;^3l7aabCrBD>YR9Q-1>22_k13|8=dzXuCF&ODP4an=-uwpx7llYZ@~DzUHZK_c4w81H!S0;cm8R0qY-b- z9PHWT!K&?FcCFvESCFx#37_iDf8GgcAT9x1B1>EwxU18qg;%iY2Yr@!33-xTRc^|jG<(eppAlisy;xMN%M z>r?Xwk63p=LEZRzpUBkLV7<3VdT+u2`_hT?zMk|E{@q)%bXTA5w`PBO&}weeaU-tj z3thYyU$1&4G^jz#zNOzhU#(*1pkou~{Wk5&y4UJVH&pFk=fpF=9jtq@|LfB_wcWEL z^ihi{j?QzNR_))nVZRaA2JG}L{C?4lnmv(<6)(h%uRZTqlBaJlvbxSIy*`|j?6l`dujlV{Ep2!3oxJzJV zwaq7&ZCvqPUCWxj*Jg$$Z`$ygrS*Er;wj6N!WN|X>)(B+s=s19RPW~eObB;* zW-r!k((CMscg~!e{LQ4ZhNhyDR$FH*D;?Zr^rVxWM_KB;iR{1@aQ3wI9GtY5>~s^` zWXGD@8{eMaZpFyl&c>ro9JGEhwC~Bqo8}8Yqr-aLcTXyoK0UhQt<)#So=WwfKMj$t zc=45HGmdk+8#gTK)2YY7i`OBI^>n8XiqDp{^Yi?#yxIMk3w!qul#J~9#-&LcLFpgP z&hvWP9=;W>HRaI0U#@(<9esY`t*;w@pU_>PpI!(if6gOM}35B^!be3x~+w)*+V z!ovSU%3B7-(RFR3Sa65n?(XjH5|ZHV4g&<&3GN;o65JsWVDLeMySqbh9|(5le(v{u zzVrP&b*j3$s=K&ZP)W>(Kt)Azm1J-3(;#UCP4h18&*NP+eCa^A&0q@@qe5?Hg4jxA zqvplM9I*UHof_&i@?-3_%OI_D8Xn=TmcIl3lKM^ZPlw)b`AX8n3B#ouuj^sa8Yq;c(tJBiJ)=p({VsTP3De5U1})puD`b8 zDL1wx++J^vZ^D)CH|gPHeHT-*dM<*fQ&A0 zjLjzWcq|oYj6=Q10U0^cAir3VqriG{d`Z5l8m(RtrOikHolG!|N3|3v;t4TW(*0zwMJNmpwFG`nXpYd{C7l4cy^Xwkh0~ zda^NnJMRI%XK`dXcMtZ79k20)SzNc7O>NA95@$EXC;CBWuG4%oOM@SqWTcKV@pr)3 z4XUh%G=+hO2D(tIKC#7R^g`sdo$s;jZ8C#e2tl*~nb%rl3W6cw0DPn@$f%TGmUCKV zND>cx*&yy(cJ1=z8964kXFr0pm_QMc_Yg*RE?AmRkVqv=QN~G)$1E6Su#;--l&s5~ z64cL=dggjZ0=k4fOggvo%@^A|Gb3;|rk5 zUr@cUR`?~|$Y@O_CC7bL_{2Wi4u0K`+++-%1c|rIRb!RU5IMg{`^zAcT*1tvRQp^K zzizq6gqMh3rqKw=l zcv$ovCu&tLtFo7F+EEwIrUrYY9x2=^t$yMVH zsIIu{JOw8as&D0bqi)$ly@$@8F$^qNJ{YhC;+^L`_3FL|m;>c?*J~DXj5`{zia159 zUIZ7nmXqUzY3(AG3p@_kG7D*s#xhEIvbaX5{p&5ocd3rzGyC2h1G)99AdlULj|dtQ zTq&`<7ey0Mm;N5M^=yIFqMdt;|5sv&nK-ioY3A(lYJq%tjeaBO9FusFg%SjKdJ1P3 zdkz3!v@5~6LgUPiGX@3kT{ojJm8u-n8K?mKy2=bZ)Y=gLEYYE20gC}OjrA7tIs*_w zL6m;HRH!xY#8q}8H-M&x$nZ#z(eGM~+c+xQ*EJ;kwj=#ug6MK@w@)V~^RmW-Ae=jQ znF163jc^Epp{}i+b5x>n=dD@WB#G1i%zS(oO}NMKQ=`|)NBSl%A>D~HP=X0#?QIr`29 zFrXmwZlu7jQSa8Ah4eeVieuB3HlhaJ46|ToKLSVfIGSU#UX(d4l4xjrs8iUOyJY<( z&EF{-y@X0J94Ks{=66f^dR;PnFL#CCb@iv757Rxw^lJ^ja8PMUKuGXGs+f$e_7P75 zUmTDJDG|eiYNe=8KTxvu8C!IzdFJ)A7UbFHJ8|7L0~>SA!U4YdR16uY7-YtSW1nDN z^Uc((F8dH9GNc>lw{cJ`k|Y^ZvYg(kXaUQu3z~9AG!la0?{rGQRPVXq_e89g?OB=O zbXzS4sMN6b3~r&6iKS7$+!u}zAUb-p1*fylKx=-j@x{xv^} z3)lKEk1=7*8K6OFd=E*E_Cb6}BQ}@N%@sC9+6-rOs!L(BFR?TgBen~^-cCf3LR#7T zCn-lf-$LnGqJBKLIBb+GDa{{$B}z-AeW-NT#V$#2^yi%g@=QAL!*vrp)^v)u9`Me0 z7mU2O^!#k5%1y+%G%*g{i}vpM+y@VfPXD%rJUECIHSB z#eT)K2G-2G9%OO3!k$s1#1&$f*;ndvEv;Q@5=;p9=N&tiNFQr8EmQtbhEN zyyLVBDnwa8vPi+SLG4jz-EEkn$LXb5vye$Q!x9$nC;W^&?Wp#w9;PPRm!k&8j|6i| zlU>1*jz=xwp(w0iU*Z?d7!Xv*Io@TluR4U+WsIm`czwS~1_eNXl(T&fOul6@K_jU+dz;nW;IQ)1h zRB$Y`V_ID43?hf|K=_|ikZHv8N4Qr$V>?=`l(ApzXU_NU*|f(M#D8FFxb#&6Uy$m! z1knjU*tc98I_yt#=+Ar;jlr`IN8xNJ1_mIa(bml{{}R!5rr}C`d5MwsZsNfBmgmCd zboG?tx6}S1x7jz$lE=C*HtMmpUai*3kGi*%J?H0|lRSKpTI^5fSV~JaVC=_z9f2PT zkEQgoTQoV=KB;hMn1Xu$5GR%ldKIzEaiq2$!Z;k{$uv)L)O48G&&aggHOQL5wjgYB zlgmZ@tuLD)wxFQMI*taQ#evav68+eN3P*TPjBs-Yge$1tR?)-<;ix zTAHVCMpBF6O>yRM-umZxXFHt*+p*&P!4)5WRoPucw`$436V9`m5F3Tx%S5FTC;ld- z)>Zz;ppx@M;BYs8U!c))>P@A8=)ktaa^p{*<+R2q;Z9K}Y%$8ej&xuv9RoNUjc~J= ze!#gYL^0xunq7DKsDd(mJm_FsSWgH?__Y7Mg=lFHVMPAG77m!7fDMAC2d57_J-HbS zjeK#>VkZ^X_*~d;b0E1+*)EZQLAxJS0Z5sE7Y?Av=|eXN5ianpZ;}xd2D34YZ3R_jXCsp z8wSMccMI!yURUgzOd)273IfO9dbMouewJY9pZuu0tOvZ$q%!2`m^4ZPl+#RUt>r?_ zH!ah93=Zh#@BQe?sYk?4utD{j6j$(t^4hRSMwMex1357T_H#nA`)6q1N;h{jSeLPi z7n0U|f{`C;YB7NxL%OFvtiNcO7>k8lySCNDX08~&sFly-2oc#$j=8t`{C)>MtDt$1av4VWa1$aJV!4Vq7Nv6Ww&sj`c_0-o?Re5i+cfKWa zlpCclnV{yOsafku)^3!hpK@j0L1s4Zuys8a)X&E)Mlj;`RknAc`}wQiY_tm?w~aQ( zM+T0Nyg!L0|7wIW)^qOz;cVPPDYGPLMl8hFFZbfG7}+RXv?mUlZzgYjRF!D|4l7Z) z792ILJ*1s>P?~}`p`WqrON-_CtPi`ZhfRquyHy#O@s;&#cpIDuWjFVU(+myqv2ONiu2;^PTPj^OAL9aJlw}!if2qo^Z7ep^Y}$!pWVp z!w8^k7&yG>Y`KLVq#=I;#W$K7?3f&Ba2o5Z3!Cgg#PM7=m3}3b;P!tX(;6-!HYI4zbMW5c|C67RN2JNHgg?4}fCOzzh)1UZc= z1Gd80Vx!Lue^bgo*Y{_MvuGwi#IeCCjd5HTD{b{ksHVUn0E{Uw6Cb$TQ@_DWiSIx@ z8Sj`*3w?X1I^fE1`h{G;O=+$=72atWQGqbJA5D>+nT)2?lDOLs9~evXg=G>;>6bcc z=zpODit%%!R+q6(vyUTjyP0;ZYC^Fsppygu@gUN)Gi2hNlmTtjb%qu+@NPA*)Z`DSt{EOe{tf0?_tp@P@0(e*J1rmFVNPh5CJ5&R)nV znRX2z<2MzA3FE=fr5uX$Bj~mLXy-aCmk0^XKik|sD{j$T91-q=VuC*`jg`VFTAj;O zVJ%6D5YZCjIdtNH>M3nys{3|7W-wV3cm>GqPb%Yp0JU(@q|K{$Sx=--O4tW!PEsnr5!;$m7n(A>V5TMsT3QsUqg}JlmGgw za*4EeSJ`?q1`;&52lTk^Nk0Tx?P$qAcHyLlB3vS78Y(UXauMyVlV!wYZiPldjnt29 z%6$GMVgO;^1wNZSIS%9NJszWo^!eww=R=blaOPk6#{wD&|fFh`E0W3xpRVFQ8mUPbKT$Sr8+b2A=Y|OLq&pD157=IL`bW=m?RG^ zcC^dfQFIZ96XyLP>+NB4$UFbR_y>Dl5@%oWDU`XFNJaFcnm9#W9piVk*@oqb zX6G*Rs;h%6#!o{0U(46>YzGkswPko%zY_Jf?$L0X3F%T?F<)zk-rYj1!cwPnoQ}cj z8f~ec7gRj0<;5v2o+?JVTv2iM=Qx7hpU3xL)V#|&wFua>ThZw+t^c_A%y7F2NdTg) z4i5g#lFcw$dd`%7p8xG0=~yTV_gE^2m?4>QsNepLn?a|z9OaG95sFq|r6ZUB;u{H$ zCfHDp#T)FDafEKg@l`zAuB_GXH@2JbnqlPP4ae$nbd#?8MpGSMImtrs?ty5ER5X%1 zX(nCG#sUR2#oZ0QxI4QL6RWomL0K&m%BzAp?^7LpI+J~OVUbgJjd9{pS=!DIrOMvWYN>eBivs6^k`dobmViw(Q&BV zT_Ac`jtBa{EKX1!Ox$V$jaL0$6~sL=R(=A@qp1|9(8;>nYP-s~w@$GnM>8`74p_Z6 zSHRvRz8kXnz;~V?S(N*Go<`d@g6A^_bBm=46DOXsy4K^qs>wfMlKsp9MB)&<_aX+Y zQvYqOJYARBTXXV8N0gNu6zQq@`OBz2aeIg0MCP_BRdeJ|EL&HT-omsA`7`eVU5ZNZ zJfkj;pmj~j0_&lKh@8C{6yj{J)Wy&{XO%aQH~Cl}@A)Su=T$Ga31~#^2Tq?5)DB<> zXBM42PSekBZ4kjT-t4l8O+nYy^&*b7CU?5~c=*5Qoz<%nz)1O|($&a9Ru0diE~6>t zEaj^LVaw<|LygdFUMB6w9@P;QgpYU`ZbFeVr0c{Ft(BADVwT3rYlpxkYk%kHIYZZW znb>2R5&nEN#>5|@dn@hDzGqexqa>EWt6n(7_L4%v+sAMjf0L4tPfQjwo%4Sg~ zRIj9ZJ=U(0c%M+_b<(6mK5cXsy!He~nWfdj4FXjm^hXI;t zGtjNl3pN}FXRO-D^JVi)-W?|S6Bt=f9DbXN{}fV}YZ-nRnc5N&_yHQ8I@{+Zf#v~Z zBtGiQFW6i?=N!k}(+xcvw33M60xn%iiYQd)k>xlf3(5TjbDaz%G2yn!Y;mQ_KNhDU z_1J}xAj0`=IuPA__tzo@uAGv(p%|%ar|7RukZSH{D$z6d#ZFwtN6psajT61pD5mFi z;Hbwvyb~Hq3)bXTTj*t`C>*cm*P1^LCsd$X`QxPu9uc}in_W6(L+0|m4k#0PEfpOt zPbIefED}Nwg@@(6P8i1!L47>V&aX$aSzfciF!BDD*^u`MR@Ap#hGE#UTL_Xp+*8dku#ts1r z6~hBreVDQSzmQXWRM0jYrBZ*i7ycidOo+n&|E8G~x11!sycn@DyAwS^Fjaj;yY>6?G_U6Fjqix&NJZIXr^j!!leCLQgh- zNI=v3WlOjmGd;5h8{gr|nvT4ZE+`miRPDsg;eWwE-!ZYH=mFxW4}ma|^0Cd%xm=8i z5~;x_`d~)xOBJ=*i}8^X-n~seVAXOl6hp?l_J#ew;HJ|wMuLGV+|BLtcHr9AE5;CcR(kpzZOl zEpRPvQSzBYtRBKH9 zhI|YXWwAM!8{^^d-X7Z-^8#IZxV?r@z|bnmD$XnY+K(H6;)&!ZC+8djPRZvM=_-V@ z&Ro?$tKTc~DpCHS)|dZ_T46XJ_G*S%sU)Od{a%CYnU0o;+65~7+Vk(#i6c7o<0KbW zU@Ym41|Ny0)n-Kah7_UlAUa#ScMlS|d@GC*l&Ddotdfd?XiE35hs z=np8O2sYqF0c+Dh=rtMq&T}$5IUojrc!+FXy!s_JT z&Lrzc!~vMW(K2*f!dxb`ADhXOuWX#02EA~WyJxr$wmO4|i zIK$--`yK$q0Psw#|L10}PNzcyIMmqd#OX&tIMv287quk!k``F^ZLBLbJ$8IP)ZBsp zYJFq_Lr!F8VtQuRT0t!p0*dGKYUO$>dA;>;XiDW=pPkGSpw1y8Ppxb6$gt|AL@YY8 z=5$`6PU2eJ19An`5g>N8mNI7-&!4-zbnC`&-|ym1_jY2K#(pBjMV#2Ce5ok;dt^EZ zM*+KqNgi(CeRLo2l`|whlt>5@oMrYr6vp4=3?yQgTEYT5ngu8!kRo;kwMuHgKI=G> z{>_-@+@$xzzx1RMLs+nxCmG|02L3&460u8n`)bE z8Z{DytrxWN;SqYPk6+YON;olDpS~?2J~x?^5D8=GpxvpDL|odzEn?eHH%a9BQVJ@& zCLH41uQpFQmN>diI|@z@I)kOo_~MpvVK=3HOpWazE#UuCP1#f%W$5*ufLT0$_GAl4i~W$2ES}OKH>&c z)xpp9`8RXb+bI#mtuSwn?<~c;uZ$uMra$rMAS3AoQJZN*YQvGahL#*AUDkBUgA#RdK+NHt8Bx^Ix68 zrpipwaZ;oJRQJ6|sWjs&>7h1*L4_nwe+wXrKOw0?L*eR%8;cY9w35<=DR69=} zBrHVG04C7V1Bs>%FUg&eSG&7sC6HpEl?r45jU86=&59ENKA7=q(6sC#`}sygvxbG#1_=!fJg1x}CXP zRlC|lm9Ahfe?}d&#hs)>?&1tjIddshjw#bzebP( zg^Lp~EmmVdTZ}L)F}U*tIKt^7r8Z*7&n=2fA=KKWf{c-KUE{q~r<7lpjn^_~8QuD) z3r?Imu2iw}&;N`7+d;($XoT#&5$ZYhhZN+~E{g)+4Gw;Eez(IjdH#uR)<)KKpt*=X z-d3gk9%yN!+*Z}~Lh|x_zi9ffwVOCytc;iY<#yU`8d@}7|^6D5jcp@cM9IK&RG{*-w@a>cj(7+Qm-I! zyoxzMiFMM^h3Nw288i3hA5nh|kf1B)gxewvL(4D@z!4)f z`o7>^naBXh2A8zie1tmb|F96V=73kt2h$TXTSfp{2COL?Vvrue1RDJ#L`7Dr4b3i# zSi`aYtrl!f9unwXqX)N|3w~Uxv#P)6kT+bX!iMe(1)Mtag79m>iLr z2Du6S@`sSrTx>3`EZuD1rQlz<>WzEXB`1kgr$vElHtS)LaszlqWVC~6?)Hij6{a7q zuKbFjd+&s90|{u}aRJQh!`1bC-mX&9Zp^V3FwRf(Wj{Tdugvhy08a=yRRFUtd*#1$ z4m>{o1%%RBlojZ|k7RZZx0R7TtU0?;18l^CNq|P~HuF3q zaccDUQEK2q&1Q(|&GqH}*Ab+GPm<$jgT+V`U}DDn%<7?<5$kw;q(>2W5Fc8XvEV=4 z@>xx8D-7lt(lA=-to#eG+4YCcxVj8Q-ISYK$mv0YPub*4b`vm$GL05^b&w$9QG~?_$a+* zAPAdqjzG3Vk;Iw8W{mZGiBhAK7^0sJ@7J(&Xf1U>qu5BXo*FuEW?u`l-4` z5Xlb6AIACSfZs{fL;>mjm2_`*7)AlrP!B7JUE8ps3-de}4`}$)ft`Yg5PT8)CT);S z8u{hqYi{f$*u~jkz6YHT{ht{_dCrRE%9Il1Ev-&XV_-A#-;Bm5_M3_Se4e_0Z@KG8S2|`$$LKOgH#V5qW6<3AXI? zlYUyLhxSDzcC&3aVo=?~h}{drHF@i~P}u1bxnYII@=xXFpU zPxLl2dUF2Lh5EcD`QeReg88?<5JHQp zf8@dxTKvaBy@Pmp_527W`wbWfqSlo-!-!gy8fvD_ZuQB)R^NiE$G#Gyrt-fcpf`1d z^KV+a@7<2N-b|K^jK0cuzr1F59Txm8Y(3GE;-ZB@tE(+Y)sE_Umt zPdYyR+$(tRbM_`7-vcjLWS_b>9yRmu009c4^{z)jv@?AWCWz%87q#XTW3HB+ILWmR zPrybVyvPtCckfA_sgiVHyM|+!B_xWJzExZITb&-TXi}0=#-xx^crD_#6IHg3IO?=R zEZ}m05ac{%#s{_64bR)qA}N>18%rg!KHzz;q>^4O)LpByXQK`ZJ!I?Fu~c|`XF-F? zckwN6qwTK9Y*^Cjk?rC_4UW&V+rFx2^kUVo$4BqYcx8F{%)5geqAvscAkWLDmo=9b z=r*NzlZg&wMMIpvh#%NDK-b^0Zs|Gjm^4AB9ZL0z2Ta-Uy#C zqj2+W5Nu84(^ma@1D1lcd-BnttRbT*AEqchDkil?rP*!EXg-5jV+0{V?}%kh#!3+ zqcyaUq3xVQPw?)Ol?DYhAku3S$=OT!wJ2IM0HNbS-RIs#T>QD`^f(`?_U6(P%{N~Z z^ibik#wSWhkDUTD9V38%vZ40vO!T{&S=rT6g%yjZ>(PsD%dy?W-J81Z!Gj%(bb;N% zxBU3mK=*o|VO%n|^Hzt8TyB?+84ENZN`#Eh#q!~l^@UIfEYsvW-RUC{E=dH_QG?*W zoZ4!s)Bp>TJR)SXg&f!IGSgtK?Cel1A(+;{zf9x1w;3iM5nKy8?|Wwx#l8}n25OtP zc>hiy5_I_7EsH6lga`V}SekteRcCh_-8Y!EU4Izf2a-IUc6-~7v0d(lPD((j9$7S+ z@Bd>oKkss-{elIf;lU@y)$+6m#pqdCZ6u6^b2ge0nquyLCAm2m@9ROLj5F_xFdxh0 z&J^?I`FnpBOK2K^Ludqmt?l~jAa>P{XZZ56Xc{~)twvt z2;nDFBuIBScmPh~X20d?`PBPoa7F?VHy?jNlt@8`2)>@_2~{$Rb_C#&zliJTICg{| z(EZYiuTCP!!l>mPABfu1Kozm+^WLdhONXRCG4}OCaW$wI-%`=EEGhGCT+=6Drtxxp zhEh;JF#`{jVd`%>u76{rZcY@|s3}UqNbX-g16mhhG0p1R47x!3ay&(FnD2%za*-8K zUxdIaM$rn&d3*PYcK~c+0MKkTO2Tfk;@~P?PEbg_Ysz=`I1{GIXLolIm5{YxJ3eM+ zXYZTYA5Du^PFZMn+AvCP-h6$=Q!Mb#cPQ1LWs~31snwwj0H1`zk}Y|@fs8>rkLnM; z>G3JpmjfwwH3Z`5RgZU`^KVvr&`cYd@X12m@0j_jdFvwQ9D(DtB-<5_$?ZX{qR$R7 z_w8p9@2hkwIxPLqer~pCvqZzE$gMYTB4KN>+P1k zFA%80VG!ExMf>TruhJppMst6%Mtlf4i7W_u!g%GjoZ5}6;a#(XBMknULIVhXxg!+$ za`c@}{C>%jh|dmN#QQwXH0bdibbYz=eGiDy$%L>UA0LNCMta*kPn!Qe-Ts+P&daN@ z3b>oswOeoV9N|gTb6hP^`gh+Ke7eKpK3iT)YgYW_R%0lz%Hg3y8NaY7QjP-j7;JI- z#674UL~+xtA7#F1oN#Uo(UE+)9ks}WXnYPPXsk-=jwg*xFTEWEE+0(=>7sYt^|-_7 zUhb*-yv@2!9q#b{w19f$fxEP1!MD;vr{KV=q~M6`$yv>3EQzdc7}amJ{l!09m{XFE z^qXOcglKaKtfo-5kEZ1`8%Tr{HSnd`nlVl#%Oqd&%i}@ahE?70MY`u1Mn)`2ef6ZnZFY)v2D&dxLb_VVUM;D?z82YcM7LAV~e zUVBcg?=8K?A51MiLNle=FB*k8IuVIJ0)vFnf!$Db!9q52gi@ z2CT~JwR^!+w4MapEz>xzYU+qLLxuW#DT0R5%28w~O_e=^3rSk22Dw)ipPw5I!J9C5 z%Z3;TYa;-{%VyF*rfcL!0JT;T-cmVfATc)prIx^{a;+uiZY_m}Hw&9Q$kpOd`*ncW z-~L9B=a99~QOHES^I&?YB5mEpJE8L-c)UXKd*iKmN?@u8ye#Y5$o<1zBgo)&7-snCr)KPAs6N<|Y#LLxHvMSfv7Lm`+wL*0OhpMfI1) z^QI@Rma6BZ5$N*)rW1>YvwSvRgl_gyn~$Njp;wGN_Heq9C)=is|Fby$9vg>Ag!lcH zmb&^3{$Sb z5AS1xo>bG(%50b7#s-OrmLM`w44QD1_jZ&MX-_k(7u)GAl7n{}8!D-gsdDP28g z!}EB^&JG3RZuO^xIMLqj1vp>cUis$?xU|61_tU>i}s=Bj@ z{01Ql*^AAf#XM?z89HMnXA0^mP4SyJ8tQ~^6(YV*-hbjU7&UutJPvmb+Rr}@a7Y}I z$?Ns=LCaP1A*z6?02{Oi1fAHT!u{LZn^!fEeQa+t7OXWok(rU;sH*1YMH4JZ2+}1o zjtn~TY5^)KWPGHG%6%ROG(IqpintymdeBjl<~}bWvrv2LiK4Lih4-&Xu=s}0g}A&6 zB{@H;ZC*gb9MnlJMJtT)8^#9hv+7!`%~fQISt`(9GwfJ(83;H=WCcm;R2xNCxpom- zka!1)UJVs}rcxOtFm#0$+71*b{o^_RaD>Yci}Dp*PrT)8nE}77=0p8Eerf>j+9gDi zbtIGs!7&tFelNlx(GqMe?sl4tw3CN*V5u@~6xR+>_+_{7D?kM*D9Bl?jHsT^X@r;K zkl3`kwHfOwz@+6YU@W+8d*((n6f)@V_R#b6!*rtcVdo@VrHGImUu#`V@{yVAMs+Lh zC4`!Jue=5Ym?|N5&2j0M*&LshuG;s}B)DkdEHddObQR{c?FX@!GcLmbe;}Qm^mX@3 z(--@XG^OHy%Xwrm$i)rPGor=_88rGg@>o9prlV)7{NRRtbh#x`y*B1Pb04xCaNmjt zVqFHIgykZ;p>d-3&R{2TWiP%9Kvh@;ymvB_5h4170T1b#D+sEM0ly3FsT!0N_MFK} zl=zl37PH3Te;$3vpa!1ODoUg6ND70czzUF!94Ub6K2Pd?<^rfw_tb~wpsw=TPg$XPd8oM) z9*(eYSFrJI1-wyUO{f*h+Ex|kpjIU1_cmGsuIcack{WY$N$r!}n7qW(^><Yj3>GO6pw;YQV}11{I&vH+ri?(?3jS#1+WC^F5L&7DK#d3fB>1}?Z3 z_FRlms66m`w5}B4{G=PWs(l38RgkV~{{5pbO>&v%{?q+!|-n zm788-7qYuVi+f!Wc1`&R!e8uc&>tH$?OEJOqIgG^^u-a`aVl4lp#?#z_re0Zh##Jq zN-p@h0YC20)|a`R1rD;mxM|F9*MF88^m^73_L2^lC+gXIqbUY8gxkKHMiDZo_j1%| zOUSBkrO0r%%3L8sOJh!wpuq`=HwIjpe5pOX0xWXxP4WyZ;zBs`FrQ7&QFc(J_XUfi z0~{gc2k38xeQv7ri#;!{bO28n@6h*JP&1AgE`x=sYOz|^Mr(K=V}uq#LtuSr3vZa5 zu|hFyiGNtl$slbjyb4}w7M-fT>B9Zvg`xTe)?_L;0v9Y$Z#&Y1zHrP4+xDEL%IoH~ z81qG?VvErDexZHPY-B9TSP+GJ8bKq5GPobdXQ^T8Mu zZBv{H442gdU@ViL^$!O!@X7YkJzYXJKjCb3_mPpo0^+5eQ;a3Sq*&h+N^vs)|{aBVt;$Ps5<`Z zp3ye@rd`2NbT4ZXAp&npt}lPx6{sn+2m39#>KksViidn?8Ac=O{zW*L2nO}TJGjgb zJRj6VxxOhOo=;bNLK15MY?FC%rsvTHAfERqQuOSUsMbX8C}5I>X~`naf|p^5WV0gB zbK8vmMwXRYtnhj`w|Lb9+lw?QN5RZ5G~|2$K0q^)ZpXWI1CagJjy4_t-5LoJ0|{tH zGo%m_Qq3FElhI$Afd>z{b^m_58InX~lFOPOQ*tQP)0{`mJmZ}>D&=wbilK>5uzj{a z>J*tI=w9r3Z*dzI%~ZwIGSTHJCNTo7Of;-(k3&_H2|8E`t(qrkjfS(sh#ph2-JV-+ zNs`J+`rz*$$2nZ%y4LHgzyp|M*W)s~nkn&^!;AAuuuQa1RK`jiXsZ)2Te|rD!#k0J z2nW4T+pn#1f*0ULwZb-=2_%(}z~W5DUv)weS^`(Bil8!z$DC3uPJx$8LETiGKL%mX zwpd))*Z2S^*o@KYAbw0WKESqjzQFxRb*_GVEaBuca<_#loNtLVchCLh(32)oROzPY z7_!;!1#aU@yx*q?zm>&vXbd{rv(#cTUwi>$%h`aD0dxM1^rQ-~zUfu@DYdSMs!>;# zdmn$;FgCQX=cKFCX4H^yef9FNa$O0rwxPj2B#q}{O8qm9Vj)4T&3LxH;COJiFYii= zqxY76E*v!i1lTBAUzp}N2CirvLQ`>cVQcbWg7;nyC)|mEg}>a@l-%xmeZk_}h~(?x z1;l?U0XFg;7pA#6ZYS6RRis3mXf)tl;^9d^Ltp!OC3ge>kJb(uZ7u$}O9-k#cyG<* zZkX(gRnBZ^KW-Dq<^COeX&aDW90UM?13wS)R=hP#uD*- z9kTiRZ~Q%E;B}s}U7wV@?&Z{@1 zEsG-~Dkp3XmPi<67)Bktqh8`I1TG{(tGGUe-wk)ca`1<~!{|bct5HHY0_VufMTZF9%Hg9b?LP>*X?NqU(-vBN`%uX#1Sc@ap21phE}Ig^0;dDTD1-k}>=YKGBQ z%Hpk}Y!YEae@!t;zTo?PNl1o~`zd9(MiZWp^uouq#1ld5P?x=v8migokZLgb26 z=h#NE<=ufpt|3U)SjIT|>zIqnfdc#?!+L*qG;b83Er%ouQB8i+ z4h|l0_zeRZLmq-T=OAawkFRhK>lF@fNW}NKo52G{)_SdwoG`{py;_*<3+lLfe?u6! z(RdnXNr51n-M9XR#j{vDU9jIAE~mU0J>89Fr{-*&WHm*jo@D#8h^o&h7|n=2x!~(E zZgLx}-DzgN3DFH2Tz5hA3jzA;z)gZ?bopoQUj%V*2{RDF^<7rqn_&p5z-L%(aevXZ z+_D+PljraH+^Cxcx+h*xjq;VF{(jH4^4Y|4V@}o5ili-VgSE>YwRX}dOTUTm0!B!Y zeIqXcrtQ}|4Ob*G>y4LL4Y!i&*KY+t&$s2b#$!X)G=6`0&~-e}qG}dgy@>m+-lUVr zC?39~+x~Y=Eo7j;s(#L(m~ zF=ud_ZXWO?_Ul-;s6DH}dOa{!hXbbo&5W}J$4vo>nB;Pslr?e4RL@Q>rR1Qon4+&|rYcqhEBt#lGaoPLy6jNx57LB)N zC%Ny8np-Dur0ce4jPylyZ1qR=FNp_4COxCnANWJ;Wc$2Utq#?N#?3Y4z-k)dwgoA@MB@B80=>F#NF< z+aVpWJUOsY1ST)B{ISy)&rI`uy)|RKIqT&W1RPW67}SCZ)J8T}Q?Aw9QQ3Oj_kgu` zZb|m`^@wZz_0GU0?nYNH>{;y&AoVf9hr%LCkV_(*gtPVUT|;c~ z%Kl@0Rv>T}^VdYQy@Unp<~LYb0zJwzCKS{gli(B>FQ}~&GQ==O3)m9Z*MUAM6AC+i zLq|0OEDbHAN|~i2ZZSof84K0CevlyoE28a26-bSqouy)Q=-QQ7IwP2GO3yXb(d4SOPj8N~zn`0H zGq`LXEYGTZ-3hW~&(>dk+7z&Hx78tmo}`u_#!^G_35wssFgiv!(PrYrhg*!vX2hCT zpgqRTX|rlJbRH--d7}fq|F{z`-zpstng?T@8iM@jDx4J3?_O{1K z=?~8|ER0;*fa+5uxaG!u&JW?Fcvsncl9$)k3BK0r*hv|*2pAl92tja_2S2ukP)!{M zigy{3ZlGs;Qs=VM8;K(^BFG?{sb5L`86dcu?MvhR^UL zCxS&ufueo^;-1_CRlL;s)Ya3w|A;+D_CC&XdqR9QSTvj=jT(X>4ET_mda zOE^S_V`(8AYKSOHO>rD@nReV3InSJP{{Q{{`n`U8?e*IC^}L>auJ7mlyuZ))kFS%{ zi=SXj%hLrie+Tvs%>8KHbJGrEE|hQiX8z_*7L2c8m|ib+aLPgqC4?~-1!WE8p@mw#*It5ASedUbX=r4Qsj>(%UC1yd2L~23XTQ zVfA|e61W+b)z?)(8tO&|yBC7-VM~?kvqu2*+Oxe`X9?`4+;nmgzu(Z^1xfs#IJ%9z zh!11G7|Hb{U_lHrH2I2p(9R9}AHs9W$;0l)U_S@~yE3QFN>qUCbe&G>a%p5;H;<5V zI2d;he)@G+X7|wfEz6H*=>yl-3#~L`&0|})34-&A-yW;&e<^u0x>dNE| zv~j5wH$)0yePnHRkG}=>9v8ka)M&+p^^CrMa@yti?CkgP`rqc29fU&jW&5)d5g-Gf z#6D#^#sL9vhXqlfnkm$nee2+H(u=Mr)$}}=HVU)QxYKzb%!0pUkcK z@`5D;44E7dN>U_~z?B4A(&2;mt&X_upEZiqaw^hQWfD?jY|wu7#HPq0vEtk2+ccSz zXwkqqsx`Z}lNAv4Eh_%$#^HD4U)BC>Z8x?#|2=4@#COuR{FG%oLdP(J5O8JjY|7Mt z_3QnDVXpK;A8u=KCCUE-`j?gVYQM>_>3e$(U%we`TyQU{edQgn)xE^&l^O7QdR!+a zGkOV~fdt4y!7-Uw@T;0UPzO-X9FKSJqA@FmBDC|QH8pTFC+O&e4rvOTqpr-QVKOX^=GBQ&=5 z7+ihycJA}Dz%3$fEXT03*(mI$B95U zq;Y=5rVV634K>$l>e7mILgv7ef4d1`+Fa&JDVbCmxa!{>z|HUu&vhGHN3yIf!w+N| z^DfpuPBF4ogksG-kaA&*E zTg9)DK3aLJwoQ29bA$o@!b0#!O3F4&A%T}$8yQ+W-pXWHAtOIozo+cIlcBEm{^(&mq2;}Tyc)rR`sP7wTjaju~# zo$;nGaw1fl&bZbDh}hKt9ks_xU9TqwdY;6d9ox58$i}f_ply|%jbJv46_-R>EVgS` zll#LaM8C_K3F=|`MsNAXENf=6o*so#gDTfjtnD}urFb>w%m*LG<5kcW7tHS15oUJt zFr8#Nc)Mdy18E`O-Eq#b)5$acQ}@IEd)>W)i!y9_6t$sb|KkfajK__lO%Y?G=BLlgAghl zx4WtYtmAjj_SPJp|F)hVH@e-Pz<$}%;_VS(zI;)(INwapzifoS){{=971{uB9Mx-n zltjNdf@?h^_U?RY{^V1+_V5!fMYq$Dk;boH3BFJK_(=tLQ*XDf0^Trk7Wx@{Z(-;D z@fHJ46Vr}`ulBFc2%rBRGUgX2!23W#|6&d9X2L5z#X>%RQ)k^%Tp|WTTfeVzC?t1?5qI6yA3R$2qj@ zW<Ws0;k$99IV3pHo+uz1(vz^l ze1dmZ-QC8ZUbH`a;4b#Z3rK|^ z+i6KqM|<9U5mX6yoa)_4l&`7qfI79@y_74o1(*)Eo^wzBp+_{6E~+B&VY)=<_{lbr zn~gW;`#x6LC4cJ>SgvOX1$Vju)9T9&*wBU<8@3lJ=1c{BROk=j2bF-CbOAI_H?yVE zc)dJe1z#Qb=ZJwe*u;GRX6|u literal 0 HcmV?d00001 diff --git a/content/docs/use-cases/high-assurance/index.md b/content/docs/use-cases/high-assurance/index.md new file mode 100644 index 00000000..c49824a1 --- /dev/null +++ b/content/docs/use-cases/high-assurance/index.md @@ -0,0 +1,155 @@ +--- +title : "High Assurance Passkeys" +description: "Advanced protection for high visibility individuals" +lead: "Advanced protection for high visibility individuals" +date: 2024-04-29T18:42:16Z +draft: false +images: [] +weight: 330 +--- + +## High Assurance Passkeys: Best Practices and Considerations + +Individuals with high visibility and access to sensitive information are prime targets for online attacks. This group encompasses a wide range of people, including journalists, human rights activists, business executives, election officials and candidates, diplomats and government officials, as well as celebrities and public figures. They are looking for services that offer high assurance protections for their identity and assets. High assurance passkeys in conjunction with advanced protection services offer a powerful solution to fortify security and protect against various threats. + +## Understanding Assurance Levels + +![Example Authenticator Assurance Levels](highassurancepasskeys-drawio.png) + +The [NIST Special Publication 800-63](https://pages.nist.gov/800-63-3/) provides guidelines for digital identity authentication. Part of these guidelines includes defining Authenticator Assurance Levels (AALs) to categorize the strength of authentication methods. + +There are three levels of AALs defined: +- **AAL1 (Low Phishing Resistance):** This level requires evidence of possession and control of a unique authenticator, such as a password or PIN. It's the lowest level of assurance and is typically used for low-risk applications where the consequences of unauthorized access are minimal. +- **AAL2 (Phishing Resistance Varies):** AAL2 requires evidence of possession and control of two different authentication factors. These factors could include something the user knows (e.g., a password) and something the user has (e.g., a cryptographic key). A phishable example would be SMS one time passcode. An phishing resistant example would be [syncable passkeys](https://www.nist.gov/blogs/cybersecurity-insights/giving-nist-digital-identity-guidelines-boost-supplement-incorporating) as defined by [NIST SP 800-63Bsup1](https://doi.org/10.6028/NIST.SP.800-63Bsup1). +- **AAL3 (Phishing Resistant MFA):** AAL3 requires evidence of possession and control of two different authentication factors through a cryptographic protocol, plus additional attributes such as the use of a hardware-based authenticator and verifier impersonation resistance. An example would be a device-bound passkey. It provides the highest level of assurance and is recommended for high-risk applications where the consequences of unauthorized access are significant. + +Assurance levels provide a framework for assessing the strength of authentication methods based on the number and type of factors required for authentication, with higher levels corresponding to greater assurance of security. + +## Key Components of High Assurance Passkeys + +1. **Attestation and Metadata:** High assurance passkeys provide attestation to verify the authenticity and integrity of the authenticator. The [FIDO Alliance MetaData Service](https://fidoalliance.org/metadata/) provides a mechanism to validate FIDO2 certified authenticator attestations and prove the genuineness of the device model and its attributes. +1. **AAL3 Multi-Factor Authentication (MFA):** High assurance passkeys require multiple factors from an authenticator that protects the key material within a hardware-backed secure element. +1. **Device-Bound Credentials:** High assurance passkeys are bound to a single device, such as a security key. This device binding ensures that the private key associated with the passkey is securely stored and cannot be copied or transferred to other devices. + +## Best Practices for Implementation + +1. **Risk Assessment:** Conduct a thorough risk assessment to identify the specific security requirements and threats relevant to your organization and applications. This will help determine the appropriate level of assurance needed for your passkey implementation. Offering the option for high assurance passkeys may be a deciding factor for high visibility users. +1. **Selecting Authenticators:** Choose trusted authenticators that meet the criteria for high assurance, such as FIDO Alliance MDS certified authenticators that protect private keys in a hardware-backed secure element. Consider factors such as platform compatibility, browser compatibility, user experience, and regulatory compliance. +1. **Enforcement of MFA:** + 1. Require user verification in the public key credential creation options and set the credential protection policy to mandate user verification in the extensions. + + ```js + navigator.credentials.create({ + publicKey: { + rp: {...}, + user: {...}, + challenge: ..., + pubKeyCredParams: [...], + excludeCredentials: [...], + attestation: "direct", + authenticatorSelection: { + residentKey: "required", + userVerification: "required" + }, + extensions: { + credProps: true, + credentialProtectionPolicy: "userVerificationRequired", + enforceCredentialProtectionPolicy: true + } + } + }) + ``` + + {{< callout context="note" title="Note" icon="info-circle" >}}If the relying party accepts a wide range of authenticator assurance levels, then user verification may be set to `preferred`. In this case the relying party should include the authenticator assurance level in risk assessments.{{< /callout >}} + + 2. Relying Party always verifies the user verification (UV) flag is true in authenticator response. See the following example extracted information from authenticator data. + + ```js + { + aaguid: {...}, + attestationFmt: ..., + attestationObject: ..., + createdAt: ..., + credentialId: ..., + device: {...}, + largeBlob: ..., + publicKeyAlgorithm: ..., + registrationData: { + authenticatorData: ..., + clientExtensionResults: {...}, + flags: { + AT: true, + ED: true, + UP: true, + UV: true + }, + signatureCounter: ... + }, + residentKey: true + } + ``` + + {{< callout context="note" title="Note" icon="info-circle" >}}If the relying party accepts various authenticator assurance levels, it's crucial to consider the UV flag in conjunction with other authentication factors when assessing risk.{{< /callout >}} + +1. **Attestation and Metadata Handling:** Verify authenticator attestation + 1. Request `direct` attestation during passkey creation + + ```js + navigator.credentials.create({ + publicKey: { + rp: {...}, + user: {...}, + challenge: ..., + pubKeyCredParams: [...], + excludeCredentials: [...], + attestation: "direct", + authenticatorSelection: { + residentKey: "required", + userVerification: "required" + }, + extensions: { + credProps: true, + credentialProtectionPolicy: "userVerificationRequired", + enforceCredentialProtectionPolicy: true + } + } + }) + ``` + + 2. Leverage the FIDO Alliance Metadata Service (MDS) to verify the authenticator’s attestation and that the authenticator attributes meet your high assurance requirements, such as key protection attributes including `hardware` and `secure-element`. See the following example metadata service object snippet. + + ```js + { + attestationCertificateKeyIdentifiers: [...], + metadataStatement: { + legalHeader: ..., + attestationCertificateKeyIdentifiers: [...], + description: ..., + authenticatorVersion: ..., + protocolFamily: ..., + schema: ..., + upv: [...], + authenticationAlgorithms: [...], + publicKeyAlgAndEncodings: [...], + attestationTypes: [...], + userVerificationDetails: [...], + keyProtection: [ + "hardware", + "secure_element", + "remote_handle" + ], + matcherProtection: [...], + cryptoStrength: ..., + attachmentHint: [...], + tcDisplay: [], + attestationRootCertificates: [...], + icon: ... + }, + statusReports: [...], + timeOfLastStatusChange: ... + } + ``` + + 3. Record in your credential repository the status as to whether the authenticator’s attestation was verified and its attributes satisfied your high assurance requirements. Optionally, record the authenticator’s registration attestation statement. +1. **User Education and Training:** Educate users about the importance of high assurance passkeys and instructions on how to securely register and authenticate with passkeys. When high assurance authentication is used then attackers target account recovery options. Accounts are only as secure as their lowest assurance recovery option. Provide training on how to securely manage device-bound credentials, use authenticators, and recognize potential security threats. +1. **Continuous Monitoring and Updates:** Regularly monitor the performance and security of the passkey implementation, including the FIDO Alliance MDS to ensure you have the latest information about new authenticators and remediate against vulnerabilities discovered in trusted authenticators. \ No newline at end of file From 998deaaa6ef901f1474ad06bef0512281793b7b3 Mon Sep 17 00:00:00 2001 From: Luke Walker Date: Mon, 29 Apr 2024 15:26:15 -0700 Subject: [PATCH 2/2] update note desc --- content/docs/use-cases/high-assurance/index.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/content/docs/use-cases/high-assurance/index.md b/content/docs/use-cases/high-assurance/index.md index c49824a1..47fb20a4 100644 --- a/content/docs/use-cases/high-assurance/index.md +++ b/content/docs/use-cases/high-assurance/index.md @@ -60,7 +60,7 @@ Assurance levels provide a framework for assessing the strength of authenticatio }) ``` - {{< callout context="note" title="Note" icon="info-circle" >}}If the relying party accepts a wide range of authenticator assurance levels, then user verification may be set to `preferred`. In this case the relying party should include the authenticator assurance level in risk assessments.{{< /callout >}} + {{< callout context="note" title="Note on user verification" icon="info-circle" >}}If the relying party accepts a wide range of authenticator assurance levels, then user verification may be set to `preferred`. In this case the relying party should include the authenticator assurance level in risk assessments.{{< /callout >}} 2. Relying Party always verifies the user verification (UV) flag is true in authenticator response. See the following example extracted information from authenticator data. @@ -89,7 +89,7 @@ Assurance levels provide a framework for assessing the strength of authenticatio } ``` - {{< callout context="note" title="Note" icon="info-circle" >}}If the relying party accepts various authenticator assurance levels, it's crucial to consider the UV flag in conjunction with other authentication factors when assessing risk.{{< /callout >}} + {{< callout context="note" title="Note on user verification" icon="info-circle" >}}If the relying party accepts various authenticator assurance levels, it's crucial to consider the UV flag in conjunction with other authentication factors when assessing risk.{{< /callout >}} 1. **Attestation and Metadata Handling:** Verify authenticator attestation 1. Request `direct` attestation during passkey creation