SlideShare una empresa de Scribd logo

OAuth 101 & Secure API's - Paul Madsen and Brian Campbell, Ping Identity

Brian Campbell
Brian Campbell

A key technical underpinning of the Cloud are Application Programming Interfaces (API) - consistent methods for applications to interface with services in the cloud. More and more it will be through APIs that cloud data moves. The security of consumer APIs was threatened by the so-called 'password anti-pattern' – a model in which a client would collect and replay the password for a user at an API in order to access information on behalf of that user. OAuth not only defeats the password anti-pattern, but does much more. OAuth 2.0 defines a consistent, flexible identity and policy architecture for web applications, web services, devices, and desktop clients attempting to communicate with Cloud APIs. We'll discuss what OAuth provides, where it came from, and where its going. About Paul Madsen Paul Madsen is a Senior Technical Architect within the Office of the CTO at Ping Identity. He has served in various design, chairing, editing, and education roles for a number of federation standards, including OASIS Security Assertion Markup Language (SAML), OASIS Service Provisioning Markup Language (SPML), and Liberty Identity Web Services Framework (ID-WSF). He participates in a number of the Kantara Initiative's activities, as well as various other cloud identity initiatives. He holds an M.Sc. in Applied Mathematics and a Ph.D. in Theoretical Physics from Carleton University and the University of Western About Brian Campbell As Principal Architect for Ping Identity, Brian Campbell aspires to one day know what a Principal Architect actually does for a living. In the meantime, he tries to make himself useful by ideating, designing and building software systems such as Ping’s flagship product PingFederate. When not making himself useful, he contributes to various identity and security standards including a two-year stint as co-chair of the OASIS Security Services Technical Committee and a current focus on OAuth 2.0 within the IETF. He holds a B.A., magna cum laude, in Computer Science from Amherst College in Massachusetts. Despite spending four years in the state, he has to look up how to spell "Massachusetts" every time he writes it.

TecnologíaMeditación
1 de 155
Descargar para leer sin conexión
!"#$%&'&(#$%)*+,(+-*&.&(#$%-/01(+-*& 2/(3)4-/5&2-/&6789&":;<& =/0(*&>(3?@)AA&.&:(#A&B(C<)*& :0*D&;C)*+$E&
F-D0<+,<& •  9%)&(??/-?/0($)&2-/3&-2&(CC/)<<&2-/&$%)&<?)(5)/<&0<&G80/G& •  "@<$/(,$&$%0*50*D&($&)A)H(+-*&,(*&@)&C(*D)/-#<I&J/0*5&?A)*$E&-2& 4($)/I&& •  6)A($)C&$-&?/)H0-#<K&$%)/)&40AA&@)&*-&@0-&@/)(5<K&?A)(<)&3(5)&*-$)&-2& A-,(+-*&-2&@#,5)$&0*&@(,5&-2&/--3I&& •  ;2&E-#&40<%&$-&(<5&(&L#)<+-*K&?A)(<)&$4))$&0$&40$%&$%)&$(D& GM?(#A(*C@/0(*<(4)<-3)-(#$%4-/5<%-?G& •  N)&40AA&@)&C-0*D&(&/-A)O?A(E0*D&)P)/,0<)&$-&<03#A($)&$%)&!"#$%&Q-4I& 8$(/$&$%0*50*D&(@-#$&4%-&E-#&4(*$&0*&E-#/&D/-#?<&-2&R&(*CK& 03?-/$(*$AEK&4%-&40AA&?A(E&$%)&/-A)&-2&$%)&GC#3@G&,A0)*$I& •  9%)/)&40AA&@)&(*&!"#$%&L#01&($&$%)&)*CI&9%)&%0D%)<$&<,-/)&40AA&/),)0H)& (&S--DA)T&0*H0$)I&9%)&U*C&%0D%)<$&<,-/)&40AA&/),)0H)&U&0*H0$)<&)$,& •  V-/&B-*C(E&C0**)/K&& –  850&90?&/)<$(#/(*$&O&W-$&($&$-?&-2&3-#*$(0*& –  =#<)<&,-AA),$&($&XIYZ& –  W-&<?-#<)<&$-*0$)&'&<?(,)&,-*<$/(0*)C&
"   8)*0-/&9),%*0,(A&"/,%0$),$&40$%0*&$%)&![,)&-2& $%)&>9!&($&:0*D&;C)*+$E& " ?3(C<)*?0*D0C)*+$EI,-3& " %]?^__444IA0*5)C0*I,-3_0*_?(#A3(C<)*& "   8)/H)C&0*&H(/0-#<&C)<0D*K&,%(0/0*DK&)C0+*DK&(*C& )C#,(+-*&/-A)<&2-/&(&*#3@)/&-2&2)C)/(+-*& <$(*C(/C<K&0*,A#C0*D&8:BFK&;JON8V&.& ;*2-/3(+-*&>(/C<& "   N-/5)C&40$%&<#,,)<<2#A&<$(*C(/C<&$--K&A05)& 8"BF&.&`%-?)2#AAEa&!"#$%&.&8>;B& "   b-AC<&(*&BI8,I&0*&"??A0)C&B($%)3(+,<&(*C&(&:%IJI&0*&9%)-/)+,(A&:%E<0,<&2/-3&>(/A)$-*& c*0H)/<0$E&(*C&$%)&c*0H)/<0$E&-2&N)<$)/*&!*$(/0-&/)<?),+H)AEI& "   ;&5*-4K&3E&@-EG<&40,5)C&<3(%$I& "   d)$K&?/-2)<<0-*(AAEK&%)&0<&)e),+H)AE&3E&?))/I& "   8-&4%-f<&<-&<3(/$&*-4K&)%g& "   8)A2&(<<)/$)C&B-<$&;*$)/)<+*D&B(*&0*&;C)*+$E&& "   J-)<*f$&(A4(E<&C/0*5&@)2-/)&*--*K&@#$&4%)*&%)&C-)<&`E-#&5*-4K&02&$%)/)&4(<&(&A-*D& 3))+*D&-/&<-3)$%0*DaK&%)&?/)2)/<&(&S.9& "   !/&<0P& "   :/-A0h,&$4))$)/&40$%&4)AA&-H)/&%(A2&(&$%-#<(*C&2-AA-4)/<&O&?(#A3(C<)*& "   8+AA&@A-D<&`%-4&L#(0*$a&($&,-**),+CI@A-D<?-$I,-3&.&?(#A3(C<)*I?-<$)/-#<I,-3& "   8+AA&4(0+*D&2-/&(&S--DA)T&0*H0$)&
=/0(*&>(3?@)AA& •  F)(C<&:0*D&7*D0*))/0*D&$)(3&(CC0*D&!"#$%&$-& ?/-C#,$&A0*)& •  =),(3)&<-i4(/)&C)H)A-?)/&(i)/&/)(A010*D&,%-<)*& ,(/))/&-2&A02)&,-(,%&0*H-AH)C&$(A50*D&$-&?)-?A)& •  N0$%0*&<$(*C(/C<&4-/AC&'&%(<&(,%0)H)C&*-$-/0)$E& 2-/&%(@0$&-2&4-/50*D&?/-2(*0$E&0*$-&*(3)<?(,)& c6;<& •  N%0A)&,%(0/0*D&!"8;8&8"BF&9>K&9>&/)H)*#)<& 0*,/)(<)C&2/-3&jZ&$-&jkIXZ&C#)&$-&%0<&0C)(&2-/&(& GS0H)&3)&jkllG&,(3?(0D*& •  N0$%0*&:0*DK&/#*<&N)A,-3)&N(D-*&2-/&*)4& )3?A-E))<& •  "H0C&?%-$-D/(?%)/&'&?%-$-<&%(H)&D/(,)C&$%)&2/0D<& -2&3(*E&-2&%0<&2(30AE& •  >#//)*$AE&,-O)C0+*D&$%)&8"BF&"<<)/+-*&?/-hA)& 2-/&!"#$%I&;*&$%($&,-*$)P$K&?/-?-<0*D&(&G6)(C&$%)& mjM.n&<?),G&)//-/&/)<?-*<)&,-C)& •  b(<&(A3-<$&-@<)<<0H)&0*$)/)<$&0*&>(*(C(& •  4))#*L#0)$30*C&
"D)*C(& •  !"#$%&C/0H)/<& •  8,/))*<%-$&C)3-& •  !"#$%&%0<$-/E& •  !"#$%&U& •  !"#$%&0*&,-*$)P$& •  o)E&#<)&,(<)<& •  !"#$%&<),#/0$E&3-C)A& •  "AA&$%)&@)AA<&.&4%0<$A)<&4(A5&$%/-#D%&
"#$%)*+,(+-*&2-/&8!":& •  9%)&8!":&4-/AC&%(<&A-*D&%(C&<$(*C(/C<&/)A($)C&$-& (#$%)*+,(+-*&.&(#$%-/01(+-*&-2&4)@&<)/H0,)<& •  N8O9/#<$&C)h*)<&(&?/-$-,-A&@E&4%0,%&(&8!":&,A0)*$& ,(*&-@$(0*&(&<),#/0$E&$-5)*&`$E?0,(AAE&(&8"BF& (<<)/+-*a& •  N8O8),#/0$E&<+?#A($)<&%-4&$-&(](,%&$%)&$-5)*& `8"BF&(<<)/+-*a&$-&(&8!":&/)L#)<$&
=#$&pII&
ka&6789&(#$%)*+,(+-*& •  6789&4-/AC&%(<&*-$&%(C&,-3?(/(@A)&<$(*C(/C<& •  W-$%0*D&,-3?(/(@A)&$-&N8O8),#/0$E&O&30<%3(<%&-2& b99:&=(<0,K&b99:&J0D)<$K&?/-?/0)$(/E&3),%(*0<3<K& (*C&3#$#(A&88F&2-/&,A0)*$&(#$%)*+,(+-*&& •  W-$%0*D&,-3?(/(@A)&$-&N8O9/#<$&'&,-*<)L#)*$AE& ,A0)*$&@)(/<&@#/C)*&-2&3(*(D0*D&,/)C)*+(A<&.&$/#<$&
Ua&:(<<4-/C&(*+O?(])/*&& 80$)<&(<5<&d!c&2-/&E-#/&S!!SF7&?(<<4-/C&<-&0$& ,(*&(,,)<<&E-#/&S--DA)&<$#eI&
9<5&$<5l& •  >A0)*$&3#<$&<$-/)&?(<<4-/C<& •  9)(,%)<&#<)/<&$-&@)&0*C0<,/030*($)& 40$%&$%)0/&?(<<4-/C<& •  B-/)&C0[,#A$&$-&3-H)&$-&3#A+O2(,$-/& (*C&2)C)/($)C&(#$%)*+,(+-*& •  J-)<*f$&<#??-/$&D/(*#A(/&?)/30<<0-*<K& )IDI&q&,(*&/)(C&@#$&*-$&4/0$)& •  J-)<*f$&<#??-/$&5*-4A)CD)_ C0e)/)*+(+-*&-2&$%)&(,,)<<&D/(*$)C& •  J-)<*f$&<#??-/$&`)(<Ea&/)H-,(+-*&'&$-& @)&<#/)&-2&$#/*0*D&-e&(,,)<<&#<)/<& 3#<$&,%(*D)&?(<<4-/C&&
;3?-/$(*,)&-2&/)H-,(+-*& 9%0<&0<&<%0*Elllll& ;&<%-#AC&#<)&$%($&3-/)& N9V&0<&$%0<&$%0*Dg&
Ya&>A-#C&":;<& •  N0$%0*&3-H)&$-4(/C<&8((8&'&$/)*C&$-4(/C<&":;&(,,)<<& $-&C($(_<)/H0,)<&$-&<#??A)3)*$_/)?A(,)&@/-4<)/& (,,)<<& •  Salesforce.com expects that within the next year – only 1/3 of access will be via browser& •  ":;<&-2&:((8&-e)/0*D<&(AA-4&$%)&,#<$-3)/&$-&)P?-<)&0$<& -4*&,A-#C&<)/H0,)<& •  >A)(/&$/)*C&2-/&$%)<)&":;<&0<&$-4(/C<&6789&
>A-#C&,#/)<&)H)/E$%0*D&
Ra&W(+H)&3-@0A)&(??<& ?(#A3(C<)*& 4))c*L#0)$B0*C&
"<0C)&O&W(+H)&H<&4)@& •  W-$&D-0*D&$-&$/E&$-&?/)C0,$&40**)/&'&)P?),$&@-$%& •  W(+H)G<&,#//)*$&?-?#A(/0$E&A05)AE&@(A(*,)C&@E& b9BFX&2)($#/)<& •  "#$%)*+,(+-*&.&(#$%-/01(+-*&<%-#AC&@)&,-*<0<$)*$& (,/-<<&@-$%&3-C)A<K&<-&$%($& –  c<)/<&(/)&*-$&,-*2#<)CK&)D&#<)&C0e)/)*$& ,/)C)*+(A<&(*C_-/&(#$%)*+,(+-*&,)/)3-*E&2-/& $%)&$4-&3-C)A<K&)H)*&02&(,,)<<0*D&$%)&<(3)& (??A0,(+-*& –  8)/H0,)&:/-H0C)/<&(/)*f$&2-/,)C&$-&03?A)3)*$& C#?A0,($)&.&0*,-3?(+@A)&<),#/0$E&2/(3)4-/5<& 2-/&$%)&$4-&3-C)A<&
J/0H)/<& :(<<4-/C& F(,5&-2& (*+O <$(*C(/C<& ?(])/*& !"#$%& & W(+H)& & 3-@0A)& >A-#C&":;<& "??A0,(+-*<&
7*$)/&!"#$%l& •  "*&-?)*&?/-$-,-A&$-&(AA-4&<),#/)&":;&(#$%-/01(+-*&0*&(& <03?A)&(*C&<$(*C(/C&3)$%-C&2/-3&C)<5$-?K&3-@0A)&(*C& 4)@&(??A0,(+-*<I& •  J)h*)<&(#$%-/01(+-*&.&(#$%)*+,(+-*&2/(3)4-/5&2-/& 67892#A&":;<& •  "??A0)C&$-&C)A)D($)C&(#$%-/01(+-*&'&30+D($)<&?(<<4-/C& (*+O?(])/*&O&(/,%)$E?0,(A&#<)&,(<)& •  :/-H0C)<&(&<$(*C(/C&4(E&$-&D0H)&(&r5)Ef&$-&(&$%0/CO?(/$E& 4%0,%&(AA-4<&-*AE&A030$)C&(,,)<<&$-&?)/2-/3&<?),0h,& 2#*,+-*<& –  N0$%-#$&C0H#AD0*D&E-#/&,/)C)*+(A<&&
"*&!H)/#<)C&"*(A-DE& OAuth is your valet key to the Interwebs It’s going happen one way or the other so may as well tax and regulate!
"D)*C(& •  !"#$%&C/0H)/<& •  8,/))*<%-$&C)3-& •  !"#$%&%0<$-/E& •  !"#$%&U& •  !"#$%&0*&,-*$)P$& •  o)E&#<)&,(<)<& •  !"#$%&<),#/0$E&3-C)A& •  "AA&$%)&@)AA<&.&4%0<$A)<&4(A5&$%/-#D%&
Real World Demo -> brizzly.com accesses the twitters &
Real World Demo -> brizzly.com accesses the twitters &
Real World Demo -> brizzly.com accesses the twitters &
Real World Demo -> brizzly.com accesses the twitters &
Real World Demo -> brizzly.com accesses the twitters &
Real World Demo -> brizzly.com accesses the twitters &
Real World Demo -> brizzly.com accesses the twitters &
Real World Demo -> brizzly.com accesses the twitters &
"D)*C(& •  !"#$%&C/0H)/<& •  8,/))*<%-$&C)3-& •  !"#$%&%0<$-/E& •  !"#$%&U& •  !"#$%&0*&,-*$)P$& •  o)E&#<)&,(<)<& •  !"#$%&<),#/0$E&3-C)A& •  "AA&$%)&@)AA<&.&4%0<$A)<&4(A5&$%/-#D%&
A [confusing] Little History& •  First was the Emergence of Proprietary Solutions –  Google AuthSub, AOL OpenAuth, Yahoo BBAuth, Upcoming API, Flickr API, AWS API, and more •  OAuth Core 1.0 [Oct 2007] –  Open protocol to standardize what was already being done •  OAuth Core 1.0 Revision A [June 2009] –  Addresses a session fixation attack •  The OAuth 1.0 Protocol / RFC 5849 [April 2010] –  Move to the IETF as informational documentation of 1.0a with editorial clarifications and errata
!"#$%&903)A0*)& N6":& vN9& ;79V& !"#$%&UIZ& ;*2-&6V>&XtRs& & !"#$%&kIZ(& >-33#*0$E& !"#$%&kIZ& UZZu& UZZt& UZZs& UZkZ& UZkk&
B-/)&b0<$-/EK&8+AA&>-*2#<0*D& •  !"#$%&N6":&`N)@&6)<-#/,)&"#$%-/01(+-*& :/-hA)<a [v(*&UZkZ] –  Better Support for non-web applications –  Simplify the Client –  Short lived, opaque, bearer access tokens with long lived refresh tokens –  Cleaner separation of roles •  Server handling authorization requests •  Server handling protected resource access •  Client –  Simple Web Token (SWT) •  Attempt to standardize an access token format •  Oauth 2.0 [in progress]
b-*)<$AE&8(AAEll&;&,(*G$&@)A0)H)&E-#&2)AA&2-/& $%)&G;&C-*f$&%(H)&3E&$-5)*x<),/)$&40$%&3)G& A0*)ll&>A0)*$<&%(H)&@))*&$)AA0*D&#<&68<&$%($& -*)&2-/&E)(/<ll& =#$&%)&)P?A(0*)C&$%($&%)&%(C&2-/D-])*&0$&($&%-3)I& "*C&(*E4(E<K&dH-**)&($&$%)&<(A-*&$-AC&3)&$%($& !"#$%&N6":&C-)<*f$&)H)*&/)L#0/)&,A0)*$& <0D*($#/)<&<-&;&C-*G$&5*-4&4%E&E-#&(/)&@)0*D&<-& w#CD)3)*$(A&p&&
"D)*C(& •  !"#$%&C/0H)/<& •  8,/))*<%-$&C)3-& •  !"#$%&%0<$-/E& •  !"#$%&U& •  !"#$%&0*&,-*$)P$& •  o)E&#<)&,(<)<& •  !"#$%&<),#/0$E&3-C)A& •  "AA&$%)&@)AA<&.&4%0<$A)<&4(A5&$%/-#D%&
OAuth 2.0 •  >-*,)?$#(AAE&<030A(/&$-&N6":& •  N0$%&@#0A$&0*&)P$)*<0@0A0$E& •  >A)(/&<)?(/(+-*&-2&D)y*D&(&$-5)*&(*C&#<0*D&(&$-5)*& –  7(/AE&C/(i<&%(C&(*&-?+-*&2-/&$-5)*&<0D*($#/)<&@#$&$%($&4(<& C/-??)C& –  z!"#$%&UIZ&0<&=(C&2-/&$%)&N)@{&'&<?),&(#$%-/_)C0$-/& –  =)(/)/&$-5)*<& –  6)$#/*&-2&$%)&B">& •  "??/-(,%0*D&h*(A&<$(*C(/C01(+-*&0*&;79V& –  6)(AAEg&& –  >#//)*$AE&($&C/(i&Okt&& •  "??A0,(@A)&$-&3(*E&-$%)/&<,)*(/0-<&'&)H)*&$%-<)&40$%&*-&#<)/<& •  W-$(@A)&2-/&0$<&-?+301(+-*<&2-/&3-@0A)& –  !%&E)(%g&
!"#$%&UIZ&9)/30*-A-DE^&6-A)<& •  !"#$%!&"'$()"!^&(*&)*+$E& `#<#(AAE&(*&)*CO#<)/_?)/<-*a ,(?(@A)&-2&D/(*+*D&(,,)<<&$-&(& ?/-$),$)C&/)<-#/,)&I& •  &*+"),^&(*&(??A0,(+-*&-@$(0*0*D& (#$%-/01(+-*&(*C&3(50*D& ?/-$),$)C&/)<-#/,)&/)L#)<$<& `-*&@)%(A2&-2&$%)&/)<-#/,)& -4*)/aI&& •  !"#$%!&"'#"!-"!'`./a^&$%)& <)/H)/&%-<+*D&?/-$),$)C& /)<-#/,)<& •  0%,1$!+203$)'#"!-"!'`4/a^&(& <)/H)/&,(?(@A)&-2&0<<#0*D& $-5)*<K&-@$(0*0*D& (#$%-/01(+-*K&(*C& (#$%)*+,(+*D&/)<-#/,)& -4*)/<I&
B-/)&9)/30*-A-DE^&9-5)*<& •  ",,)<<&9-5)*& –  ,/)C)*+(A&#<)C&@E&,A0)*$&$-&(,,)<<&?/-$),$)C&/)<-#/,)<&($&$%)&68& –  ?)/30<<0-*<&(e-/C)C&@E&$%)&$-5)*&,(*&@)&<,-?)C& –  0<<#)C&@E&$%)&"8&& –  <$/#,$#/)&0<&#*C)h*)C&@E&$%)&<?),`<a& –  #<#(AAE&-?(L#)&$-&$%)&,A0)*$& –  D)*)/(AAE&<%-/$&A0H)C& –  ,(*&@)&<)A2&,-*$(0*)C&-/&(&/)2)/)*,)& –  <%0i<&,-3?A)P0$E&2/-3&$%)&68&$-&$%)&"8& •  6)2/)<%&9-5)*& –  #<)C&@E&,A0)*$&$-&-@$(0*&(&*)4&(,,)<<&$-5)*&4%)*&$%)&-AC&-*)& )P?0/)<& –  ,A0)*$&-*AE&<)*C<&$-&"8K&*)H)/&$-&68& –  D)*)/(AAE&A-*D&A0H)C&&
",,)<<&9-5)*&9E?)<& •  ",,)<<&$-5)*<&,(*&%(H)&C0e)/)*$& –  2-/3($<& –  <$/#,$#/)<& –  3)$%-C<&-2&#+A01(+-*&`)IDI&,/E?$-D/(?%0,&?/-?)/+)<a& •  ",,)<<&$-5)*<&3#<$&@)&C)h*)C&@E&,-3?(*0-*& <?),0h,(+-*<& –  $-5)*x$E?)&& –  (CC0+-*(A&?(/(3)$)/<&(<&*))C)C& –  %-4&$-&#<)&($&68&
=)(/)/&",,)<<&9-5)*<& •  "*E&?(/$E&0*&?-<<)<<0-*&-2&$%)&$-5)*&`(& z@)(/)/za&,(*&#<)&$%)&$-5)*&0*&(*E&4(E&$%($& (*E&-$%)/&?(/$E&0*&?-<<)<<0-*&-2&0$&,(*I& •  $-5)*x$E?)^&=)(/)/&& •  9-5)*&,(*&@)&?/)<)*$)C&$-&$%)&68&0*&b99:& "#$%-/01(+-*&b)(C)/K&&=-CE&:(/(3)$)/K&-/& |#)/E&:(/(3)$)/& •  6)L#0/)<&9F8& •  9-5)*&<$/#,$#/)&<+AA&#*C)h*)C&
B">&",,)<<&9-5)*<& •  "I5I(I&:/--2&-2&?-<<)<<0-*&$-5)*K&?/--2&$-5)*K&b-o&$-5)*& •  J)h*)<&(*&b99:&B">&(,,)<<&(#$%)*+,(+-*&<,%)3)&`5)E&0CK& B">&5)E&.&(AD-/0$%3K&(*C&0<<#)&+3)a& –  ;C&0<&<)*$&40$%&/)L#)<$&& –  o)E&0<&<%(/)C&<E33)$/0,&<),/)$&@)$4))*&$%)&,A0)*$&(*C&$%)&<)/H)/& #<)C&$-&r<0D*f&/)L#)<$<&`$%)/)@E&?/-H0*D&?-<<)<<0-*&-2&$%)&<),/)$a& •  !"#$%&UIZ&@0*C0*D&2-/&#<)&(<&(*&(,,)<<O$-5)*&$E?)&& –  $-5)*x$E?)^&3(,& –  o)E&0C&0<&$%)&(,,)<<x$-5)*& •  V-/3($&.&<$/#,$#/)&0<&<+AA&#*C)h*)C& –  3(,x5)E&.&3(,x(AD-/0$%3&(<&(CC0+-*(A&?(/(3)$)/<& •  :/-$),$<&(D(0*<$&$-5)*&A)(5(D)& •  o0*C(&<+AA&*))C<&9F8&0*&<-3)&,(<)<&
B-/)&9)/30*-A-DE^&7*C?-0*$<& •  "8&7*C?-0*$<& –  4%,1$!+203$)'")56$+),& •  #<)CK&H0(&#<)/O(D)*$&/)C0/),+-*K&$-&(#$%)*+,($)&(*C&-@$(0*& (#$%-/01(+-*&2/-3&$%)&/)<-#/,)&-4*)/I&& •  7*C&#<)/&-*&$%)&2/-*$&,%(**)AI& –  7$8")'")56$+),' •  c<)C&$-&)P,%(*D)&(*&(#$%-/01(+-*&D/(*$&2-/&(*&(,,)<<&$-5)*I& •  >A0)*$&-*&$%)&@(,5&,%(**)AI& •  >A0)*$&7*C?-0*$& –  ."5+!"&3$)'9.:' •  "i)/&,-3?A)+*D&0$<&0*$)/(,+-*&40$%&$%)&/)<-#/,)&-4*)/K&$%)&"8& C0/),$<&$%)&/)<-#/,)&-4*)/G<&#<)/O(D)*$&@(,5&$-&$%)&,A0)*$&($&$%)& ,A0)*$f<&/)C0/),+-*&c6;I& •  V/-*$&,%(**)A&,(AA@(,5&&
9)/30*-A-DE^&"#$%-/01(+-*&S/(*$& •  S)*)/(A&$)/3&#<)C&$-&C)<,/0@)&$%)&0*$)/3)C0($)& ,/)C)*+(A<&/)?/)<)*+*D&$%)&/)<-#/,)&-4*)/& (#$%-/01(+-*& •  8)/H)<&(<&(*&(@<$/(,+-*&A(E)/& –  *-$&$%)&,A)(*)<$&(@<$/(,+-*& •  c<)C&@E&$%)&,A0)*$&$-&-@$(0*&(*&(,,)<<&$-5)*& •  "AA&$-5)*&)*C?-0*$&,(AA<&0*H-AH)&)P,%(*D0*D&<-3)& D/(*$&2-/&(*&(,,)<<&$-5)*& •  8?),&C)h*)<&<)H)/(A&$E?)<&(<&4)AA&(<&(*& )P$)*<0@0A0$E&3),%(*0<3&
9)/30*-A-DE^&8,-?)& •  9%)&C)h*0+-*&-2&<,-?)&0<&`3-<$AEa&-#$&-2&<,-?)& –  8))&4%($&;&C0C&$%)/)g& –  9%)&<,-?)&-2&$%)&(,,)<<&/)L#)<$&0<&)P?/)<<)C&(<&(&A0<$&-2& <?(,)OC)A030$)CK&,(<)&<)*<0+H)&<$/0*D<I& –  !/C)/&C-)<*f$&3(])/I& –  9%)&H(A#)&(*C&3)(*0*D&-2&<,-?)&<$/0*D<&(/)&C)h*)C&@E&$%)& (#$%-/01(+-*&<)/H)/I& •  6)L#)<+*D_D/(*+*D&<?),0h,&<,-?)`<a&(AA-4<&$%)&(,,)<<& /0D%$<&(<<-,0($)C&40$%&(&$-5)*&$-&@)&A030$)C& –  7*(@A)<&$%)&?/0*,0?A)&-2&A)(<$&?/0H0A)D)&`-/&A)<<&?/0H0A)D)& (*E4(Ea& –  !*AE&(<5&2-/&4%($&0<&*))C)C&
"@<$/(,$&VA-4& •  >A0)*$&-@$(0*<&(#$%-/01(+-*&D/(*$&2/-3&/)<-#/,)& -4*)/n& •  >A0)*$&,(AA<&$%)&(#$%-/01(+-*&<)/H)/&$-&)P,%(*D)& $%)&D/(*$&2-/&(*&(,,)<<&$-5)*nn& •  >A0)*$&#<)<&$%)&(,,)<<&$-5)*&$-&(,,)<<&?/-$),$)C& /),-#/<)<&($&$%)&/)<-#/,)&<)/H)/nnn& n<-3)+3)<& nn#<#(AAE& nnn?/-@(@AE&
"#$%-/01(+-*&S/(*$&9E?)<& •  (#$%-/01(+-*&,-C)& •  03?A0,0$n& •  /)<-#/,)&-4*)/&?(<<4-/C&,/)C)*+(A<& •  ,A0)*$&,/)C)*+(A<& •  /)2/)<%&$-5)*& •  7P$)*<0-*<& n&-*)&-2&$%)<)&$%0*D<&0<&*-$&A05)&$%)&-$%)/<p&
S/(*$&9E?)^&"#$%-/01(+-*&>-C)& •  >A0)*$&<)*C<&/)<-#/,)&-4*)/K&H0(&@/-4<)/K&$-&$%)& (#$%-/01(+-*&)*C?-0*$&($&$%)&"8&& –  7*CO#<)/&(#$%)*+,($)<& –  7*CO#<)/&(??/-H)<&/)L#)<$)C&(,,)<<& •  "8&<)*C<&$%)&)*CO#<)/&$-&$%)&,A0)*$f<&/)C0/),$&c6;&(*C& 0*,A#C)<&$%)&,-C)&(<&(&L#)/E&?(/(3)$)/& •  >A0)*$&/),)0H)<&$%)&/)C0/),+-*&,(AA@(,5K&)P$/(,$<&$%)&,-C)K& (*C&<)*C<&0$&$-&$%)&"8&0*&)P,%(*D)&2-/&(*&(,,)<<&$-5)*&(*C& ?/-@(@AE&(&/)2/)<%&$-5)*& •  S/)($&2-/&4)@&(??&,A0)*$<& –  >A0)*$&(#$%)*+,(+-*& –  7(<E&$-&%(*CA)&$%)&/)C0/),$& •  !5(E&2-/&3-@0A)&,A0)*$<& –  N0$%-#$&,A0)*$&(#$%)*+,(+-*& –  W))C&$/0,5<&$-&%(*CA)&$%)&/)C0/),$&
S)y*D&(*&"#$%-/01(+-*&>-C)& 4%,1$!+203$)'.";%"#,' S79&_(<_(#$%-/01(+-*I-(#$%Ug,A0)*$x0C}(,A0)*$.& &/)C0/),$x#/0}%]?<mY"__,A0)*$I)P(3?A)I,-3_,@.& /%6"!<%$%#'=0)050'>0#1+)?@'A+!#,'' &&&&&&&&&/)<?-*<)x$E?)},-C).<,-?)}@))/T%-,5)ETC-*#$<&b99:_kIk&& $B'C0)D' b-<$^&<)/H)/I)P(3?A)I,-3&& 4%,1$!+203$)'."#6$)#"' b99:_kIk&YZU&V-#*C& F-,(+-*^&%]?<^__,A0)*$I)P(3?A)I,-3_,@g,-C)}S),B7C0P8o6v!tP2?>qbDsVDUb1)&
7P,%(*D)&"#$%-/01(+-*&>-C)&2-/&",,)<<&9-5)*& 4&&"##'7$8")'.";%"#,' :!89&_(<_$-5)*I-(#$%U&b99:_kIk& b-<$^&(<I)P(3?A)I,-3& >-*$)*$O9E?)^&(??A0,(+-*_PO444O2-/3O#/A)*,-C)C~,%(/<)$}c9VOt& & ,A0)*$x0C}(,A0)*$.,A0)*$x<),/)$}%-<)/./)C0/),$x#/0}%]?<mY"__,A0)*$I)P(3?A)I,-3_ ,@.D/(*$x$E?)}(#$%-/01(+-*x,-C).,-C)}S),B7C0P8o6v!tP2?>qbDsVDUb1)& 4&&"##'7$8")'."#6$)#"' b99:_kIk&UZZ&!o& >(,%)O>-*$/-A^&*-O<$-/)& :/(D3(^&*-O,(,%)& >-*$)*$O9E?)^&(??A0,(+-*_w<-*~&,%(/<)$}c9VOt& && & &z$-5)*x$E?)z^z=)(/)/zK& &z(,,)<<x$-5)*z^z(ZÄ#1JYW2J<w><9cÅ=XF3q<uN:|kPZuJ>b6{K&& &z)P?0/)<x0*z^YÇZZK &z/)2/)<%x$-5)*z^z389=?L|,8567>W2J,A26Jw67*3L)NÄ(?ZJ<)BÇ(q50P;q{& É&
=/0)2&;*$)/A#C)^&c<0*D&$%)&",,)<<&9-5)*& E!$,"&,"5'."#$%!&"'.";%"#,'(+,1'0'F"0!"!'7$8")' S79&_C-#@A)_<),/)$_?/-@(+-*_/)<-#/,)&b99:_kIk&& b-<$^&/<I)P(3?A)I,-3&& "#$%-/01(+-*^&=)(/)/&(ZÄ#1JYW2J<w><9cÅ=XF3q<uN:|kPZuJ>b6& G4='7$8")'0'F+,'G$!"'=$C6*+&0,"5' & &&&&&:!89&_$(5)_-e_)%&b99:_kIk& &&&&&b-<$^&/<I)P(3?A)I,-3& &&&&&>-*$)*$O9E?)^&(??A0,(+-*_PO444O2-/3O#/A)*,-C)C& &&&&&"#$%-/01(+-*^&B">&0C}zwCsYC%sC%YsJzK& &&&&&&&&&&&&&&&&&&&&&&&&*-*,)}zUuYkXÇ^C0Y%HC2tzK& &&&&&&&&&&&&&&&&&&&&&&&&@-CE%(<%}z5s5@$>;EZ>5;Y_V72?8_-;Jw5Ç5}zK& &&&&&&&&&&&&&&&&&&&&&&&&3(,}zNu@CBÅ@HscN!9(C"8;|b(DÅE0/"}z&
S/(*$&9E?)^&;3?A0,0$& •  8030A(/&$-&$%)&(#$%-/01(+-*&,-C)&Q-4&)P,)?$p&& •  "i)/&/)<-#/,)&-4*)/&(#$%)*+,(+-*&(*C& (#$%-/01(+-*K&$%)&"8&<)*C<&$%)&)*CO#<)/&$-&$%)& ,A0)*$f<&/)C0/),$&c6;&(*C&0*,A#C)<&$%)&(,,)<<& $-5)*&-*&2/(D3)*$&& •  W-&$-5)*&)*C?-0*$&,(AA&<-&*-$&n/)(AAEn&(&D/(*$& $E?)& •  !?+301)C&2-/&r40CD)$f&,A0)*$<&-/&0*O@/-4<)/& v(H(8,/0?$&(??A0,(+-*<& •  >-#AC&(A<-&4-/5&2-/&*(+H)_3-@0A)&,A0)*$<&
S)y*D&(&9-5)*&40$%&;3?A0,0$& 4%,1$!+203$)'.";%"#,' S79&_(<_(#$%-/01(+-*I-(#$%Ug,A0)*$x0C}(,A0)*$.& &/)C0/),$x#/0}%]?<mY"__,A0)*$I)P(3?A)I,-3_,@./)<?-*<)x$E?)}$-5)*&b99:_kIk&& b-<$^&<)/H)/I)P(3?A)I,-3&& 4%,1$!+203$)'."#6$)#"' b99:_kIk&YZU&V-#*C& F-,(+-*^&%]?<^__,A0)*$I)P(3?A)I,-3_,@M)P?0/)<x0*}YÇZZ & &.$-5)*x$E?)}=)(/)/.(,,)<<x$-5)*}D=w""2u;-ZV;24Å(qJ96|DZCuS94"!FuSÇ)& E!$,"&,"5'."#$%!&"'.";%"#,' S79&_C-#@A)_<),/)$_?/-@(+-*_/)<-#/,)&b99:_kIk&& b-<$^&/<I)P(3?A)I,-3&& "#$%-/01(+-*^&=)(/)/&D=w""2u;-ZV;24Å(qJ96|DZCuS94"!FuSÇ)&
S/(*$&9E?)^&& 6)<-#/,)&!4*)/&:(<<4-/C&>/)C)*+(A<& •  >A0)*$&-@$(0*<&/)<-#/,)&-4*)/f<&#<)/*(3)&(*C& ?(<<4-/C&C0/),$AE&2/-3&$%)&/)<-#/,)&-4*)/&(*C& <)*C<&$%)3&C0/),$AE&$-&$%)&"8&(<&(&D/(*$I& •  6)L#0/)<&$/#<$&0*&$%)&,A0)*$I& •  6)2/)<%&$-5)*&)A030*($)<&$%)&*))C&2-/&$%)&,A0)*$&$-& <$-/)&$%)&?(<<4-/CI& •  ;*$)*C)C&(<&(&30D/(+-*&3),%(*0<3&&
7P,%(*D)&6!&>/)C<&2-/&",,)<<&9-5)*& 4&&"##'7$8")'.";%"#,' :!89&_(<_$-5)*I-(#$%U&b99:_kIk& b-<$^&(<I)P(3?A)I,-3& "#$%-/01(+-*^&=(<0,&,Us$ÅNW<(NÄ#CJ?=@NÄE(NW%vYW;dq|}& >-*$)*$O9E?)^&(??A0,(+-*_PO444O2-/3O#/A)*,-C)C~,%(/<)$}c9VOt& & ,A0)*$x0C}<-3),A0)*$.D/(*$x$E?)}?(<<4-/C.#<)/*(3)}3(C<)*.?(<<4-/C}#<)A)<<$(P-*-3E& 4&&"##'7$8")'."#6$)#"' b99:_kIk&UZZ&!o& /%6"!<%$%#'=0)05+0)'>0#1+)?@' >(,%)O>-*$/-A^&*-O<$-/)& :/(D3(^&*-O,(,%)& >-*$)*$O9E?)^&(??A0,(+-*_w<-*~&,%(/<)$}c9VOt& && & &z$-5)*x$E?)z^z=)(/)/zK& &z(,,)<<x$-5)*z^z(ZÄ#1JYW2J<w><9cÅ=XF3q<uN:|kPZuJ>b6{K&& &z)P?0/)<x0*z^YÇZZK &z/)2/)<%x$-5)*z^z389=?L|,8567>W2J,A26Jw67*3L)NÄ(?ZJ<)BÇ(q50P;q{& É&
S/(*$&9E?)^&>A0)*$&>/)C)*+(A<& •  >A0)*$&,(*&/)L#)<$&(*&(,,)<<&$-5)*&#<0*D&-*AE&0$<&-4*& ,/)C)*+(A<& •  V-/&/)<-#/,)<&#*C)/&$%)&,A0)*$f<&,-*$/-A&-/&-$%)/& /)<-#/,)<&(<&?-A0,E&C0,$($)<& •  Bc89&-*AE&@)&#<)C&@E&Ñ?/0H($){&,A0)*$<&`,A0)*$<&$%($&,(*& (#$%)*+,($)&<),#/)AEa& •  W-&/)2/)<%&$-5)*& •  >A0)*$&"#$%)*+,(+-*&B),%(*0<3<& –  ,A0)*$x0C&.&,A0)*$x<),/)$&?(/(3)$)/<&& –  b99:&=(<0,& –  Ñ9%)&(#$%-/01(+-*&<)/H)/&B"d&<#??-/$&(*E&<#0$(@A)&b99:& (#$%)*+,(+-*&<,%)3)&3($,%0*D&0$<&<),#/0$E&/)L#0/)3)*$<{& –  B#$#(A&9F8& –  ,A0)*$x(<<)/+-*&.&,A0)*$x(<<)/+-*x$E?)&?(/(3)$)/<&
S/(*$&9E?)^&6)2/)<%&9-5)*& •  ;2&(&/)2/)<%&$-5)*&4(<&0<<#)C&$-&$%)&,A0)*$&C#/0*D&$%)& )P,%(*D)&-2&(&?/0-/&D/(*$K&0$&,(*&@)&#<)C&(<&(*& (#$%-/01(+-*&D/(*$&$-&D)$&(&*)4&(,,)<<&$-5)*& –  c*A)<<&/)H-5)C&-/&-$%)/40<)&0*H(A0C& •  6)2/)<%&(*&)P?0/)C&(,,)<<&$-5)*&40$%-#$&0*H-AH0*D& #<)/&(#$%-/01(+-*& •  9%)&"8&3(E&0<<#)&(&*)4&/)2/)<%&$-5)*& –  S--C&<),#/0$E&%ED0)*)&
6)2/)<%0*D&(*&",,)<<&9-5)*& 4&&"##'7$8")'.";%"#,' :!89&_(<_$-5)*I-(#$%U&b99:_kIk& b-<$^&(<I)P(3?A)I,-3& "#$%-/01(+-*^&=(<0,&,Us$ÅNW<(NÄ#CJ?=@NÄE(NW%vYW;dq|}& >-*$)*$O9E?)^&(??A0,(+-*_PO444O2-/3O#/A)*,-C)C~,%(/<)$}c9VOt& & ,A0)*$x0C}<-3),A0)*$.D/(*$x$E?)}/)2/)<%x$-5)*./)2/)<%x$-5)*}389=?L|,8567>W2J,A26Jw 67*3L)NÄ(?ZJ<)BÇ(q50P;q& 4&&"##'7$8")'."#6$)#"' b99:_kIk&UZZ&!o& >(,%)O>-*$/-A^&*-O<$-/)& :/(D3(^&*-O,(,%)& >-*$)*$O9E?)^&(??A0,(+-*_w<-*~&,%(/<)$}c9VOt& && & &z$-5)*x$E?)z^z=)(/)/zK& &z(,,)<<x$-5)*z^zBCL=#)PqdAB8-D@/"40::Ru)SPSLÅ(w#vW({K&& &z)P?0/)<x0*z^YÇZZK &z/)2/)<%x$-5)*z^z%AE7!!s:qD3H:0d;tDÇto87<Ub|%D/50c|S<,sqP<5C{& É&
7P$)*<0-*&S/(*$&9E?)<& •  7P$)*<0-*&(#$%-/01(+-*&D/(*$&$E?)<&,(*&@)& C)h*)C&@E&(<<0D*0*D&$%)3&(&#*0L#)&(@<-A#$)&c6;& 2-/&#<)&40$%&$%)&zD/(*$x$E?)z&?(/(3)$)/I& •  7P$)*<0-*<&,(*&C)h*)&(CC0+-*(A&?(/(3)$)/<& *))C)CI& •  7*(@A)<&@/0CD0*D&@)$4))*&!"#$%&(*C&-$%)/& ?/-$-,-A<I& –  8"BF&UIZ& –  vN9&kIZ& •  7*(@A)<&-$%)/&<$#e&$--& –  =)(/)/&(,,)<<&$-5)*&H(A0C(+-*& –  898&<$EA)&$-5)*&)P,%(*D)&
:(/+(A&8?),0h,(+-*&F(*C<,(?)& H"I)?'0'7$8")' 9#+)?'0'7$8")' 9%)&!"#$%&UIZ&"#$%-/01(+-*&:/-$-,-A& 9%)&!"#$%&UIZ&:/-$-,-A^&=)(/)/&9-5)*<& C/(iO0)ÖO-(#$%OHU& C/(iO0)ÖO-(#$%OHUO@)(/)/& b99:&"#$%)*+,(+-*^&B">&",,)<<&"#$%)*+,(+-*& C/(iO0)ÖO-(#$%OHUO%]?O3(,& 7P$)*<0-*&S/(*$<&& .& !"#$%&UIZ&"<<)/+-*&:/-hA)&&&&&&&&&&&&&&&&&&&&&& &>A0)*$&"#$%)*+,(+-*& C/(iO0)ÖO-(#$%O(<<)/+-*<& 7$8")#' "<<)/+-*<&(*C&:/-$-,-A<&2-/&8"BF&ÄUIZ& <(3AO,-/)OUIZO-<& 8"BF&UIZ&=)(/)/&"<<)/+-*&S/(*$&& 9E?)&:/-hA)&2-/&!"#$%&UIZ& C/(iO0)ÖO-(#$%O<(3AUO@)(/)/& JKLMN' v8!W&N)@&9-5)*&`vN9a&& v8!W&N)@&9-5)*&`vN9a&=)(/)/& C/(iOw-*)<Ow<-*O4)@O$-5)*& :/-hA)&2-/&!"#$%&UIZ& &C/(iOw-*)<O-(#$%Ow4$O@)(/)/& v8!W&N)@&80D*($#/)&`vN8a& C/(iOw-*)<Ow<-*O4)@O<0D*($#/)& O,1"!'E!$,$&$*#' c<)/OB(*(D)C&",,)<<&`cB"a& v8!W&N)@&80D*($#/)&`vN7a& >-/)&:/-$-,-A& C/(iOw-*)<Ow<-*O4)@O)*,/E?+-*& !?)*;J&>-**),$&>-/)&kIZ& C/(iO%(/Cw-*-O-(#$%O#3(,-/)&
"D)*C(& •  !"#$%&C/0H)/<& •  8,/))*<%-$&C)3-& •  !"#$%&%0<$-/E& •  !"#$%&U& •  !"#$%&0*&,-*$)P$& •  o)E&#<)&,(<)<& •  !"#$%&<),#/0$E&3-C)A& •  "AA&$%)&@)AA<&.&4%0<$A)<&4(A5&$%/-#D%&
>-*$/(<$&.&>-3?-<)&
d";Ä&`d)$&"*-$%)/&;C)*+$E&Ä)**a& !"#$%& 8"BF& • 88!&?/-hA)& • ;>"B& • "#$%*&2-/&8!":&":;<& • "#$%*&2-/&6789&":;<& • 9-5)*&2-/3($& • "]/0@#$)&<%(/0*D& & • >A-#C&"#$%1& • "#$%1&C),0<0-*<& • "#$%1&|#)/En& • :-A0,E&<E*$(P& q">BF&
!"#$%&/)A(+-*<%0?&$-&!?)*;J& •  ;*&-*)&<)*<)K&!"#$%&.&!?)*;J&(/)&-/$%-D-*(AK& 0)&!?)*;J&,-#AC&@)&#<)C&$-&(#$%)*+,($)&#<)/& ($&"8&2-/&-@$(0*0*D&,-*<)*$& •  =#$&$%)&<030A(/0+)<&@)$4))*&!?)*;J&UIZ&(*C& $%)&!"#$%&UIZ&(,,)<<&$-5)*&/)$/0)H(A&?0),)& %(H)&3-+H($)C&?/-?-<(A<&2-/&@(<0*D&*)P$& H)/<0-*&-2&!?)*;J&r-*&$-?&-2f&!"#$%&'&!?)*;J& >-**),$&
:/-@A)3<&40$%&!?)*;J&UIZ& •  F-*D&c6F&A030$(+-*<& –  B(*E&3-@0A)&@/-4<)/&(*C&<-3)&:>&@/-4<)/<&,%-5)&($& A-*D&c6F<&,(#<)C&@E&"qK&:":7K&(*C&-$%)/&)P$)*<0-*<I& •  F!"&,)0A0*D& –  ,(**-$&(](0*&F!"U&@),(#<)&-2&(<<)/+-*&C0<,A-<#/)&($& @/-4<)/& •  ;3?A)3)*$(+-*&,-3?A)P0$E& –  J0[)Ob)A3(*&5)E&)P,%(*D)K&>(*-*0,(A01(+-*&(*C& 80D*($#/)&%(/C&$-&03?A)3)*$& •  J($(&8%(/0*D&F030$(+-*<& –  !*AE&?(0/O40<)&C($(&<%(/0*D&@)$4))*&$%)&!:&(*C&6:&0<& ?-<<0@A)I&
!?)*;J&>-**),$& •  J)<0D*)C&$-&(CC/)<<&?/)H0-#<AE&<$($)C& A030$(+-*<&-2&!?)*;J&UIZ& •  6)Q),$<&(&%(/3-*01(+-*&-2&3#A+?A)& ,-3?)+*D&H0<0-*<&2-/&)H-A#+-*&-2&!?)*;J&UIZ& •  "CC<&(&$%0*&G0C)*+$E&A(E)/G&-*$-&!"#$%&UIZ& •  J)<0D*)C&$-&<#??-/$&%0D%)/&F!"&
!?)*;J&>-**),$&V(30AE&$/))& V(,)=--5&>-**),$& vN9&
Z&
!?)*;J&>-**),$&/)A(+-*&$-&!"#$%& •  N%)/)(<&!"#$%&0<&(&D)*)/(A&3),%(*0<3&$-& (#$%-/01)&":;&(,,)<<K&!?)*;J&>-**),$&?/-hA)<& $%)&D)*)/0,&2-/&?#/?-<)<&-2&<%(/0*D&?/-hA)& 0*2-/3(+-*& •  c<)<&$%)&(#$%1&,-C)&.&03?A0,0$&D/(*$&$E?)<&'&$%)& ?0),)<&-2&!"#$%&-?+301)C&2-/&#<)/O,-*<)*$& <,)*(/0-<& •  F)H)/(D)<&$%)&(#$%-/01(+-*&.&$-5)*&)*C?-0*$<&.& (CC<&0C)*+$EO@(<)C&?(/(3<&$-&,-/)&!"#$%& 3)<<(D)<&
8"BF&.&!"#$%& 8"BF& GbE@/0CG&'&,(//E&!"#$%&$-5)*& !"#$%& & 0*&8"BF&88!&3)<<(D)<& G"<<)/+-*&?/-hA)G&#<)& !"#$%& 8"BF&(<<)/+-*<&40$%0*&& 8"BF& !"#$%&Q-4& 8"BF& !"#$%& G8)L#)*,0*DG&'&#<)&8"BF&88!& $-&(#$%)*+,($)&#<)/&$-&"8&
8)L#)*,0*D& ;C)*+$E&?/-H0C)/& 8)/H0,)&?/-H0C)/& 8"BF& & "??A0,(+-*& !"#$%& :4C& 9-5)*& 9-5)*& J)H0,)& =/-4<)/& v8!W_qBF& "??A0,(+-*&
9/(C0*D& Use SAML assertion( or JWT) for OAuth client authentication and/or OAuth grant type :!89&_$-5)*&b99:_kIk& b-<$^&<)/H)/I)P(3?A)I,-3& >-*$)*$O9E?)^&(??A0,(+-*_PO444O2-/3O#/A)*,-C)C& & D/(*$x$E?)}(#$%-/01(+-*x,-C).&,-C)}0kN<6*k#=k.&,A0)*$x0C}<Ç=%C65L$Y.& ,A0)*$x(<<)/+-*x$E?)}#/*mY"-(<0<mY"*(3)<m<"$,mY"8"BF mY"UIZmY"(<<)/+-*.&,A0)*$x(<<)/+-*}:bW%@NP4!AIIIÜ-30])C&2-/& @/)H0$EáIIIÅ9& & & & & &
9/(C0*D& & 8"BF& vN9& :/-hA)<&(<<)/+-*&?/-hA)& V-/&<?),0h,&(<<)/+-*& V-/3($<&ÜUá&.&ÜYá& "<<)/+-*&?/-hA)& b-4&$-&#<)&(<<)/+-*<&& 2-/&,A0)*$&(#$%)*+,(+-*&& (*C&(<&(&D/(*$&$E?)&Üká&& !"#$%& >-/)&?/-$-,-A& Üká&O&%]?^__$--A<I0)ÖI-/D_%$3A_C/(iO0)ÖO-(#$%O(<<)/+-*<& ÜUá&O&C/(iO0)ÖO-(#$%O<(3AUO@)(/)/& ÜYáO&C/(iO0)ÖO-(#$%Ow4$O@)(/)/& & &
!"#$%&/)A(+-*<%0?&$-&q">BF& 9%-#D%&@-$%&2-,#<)C&-*& r(#$%-/01(+-*fK&!"#$%&.& q">BF&(/)&*0,)AE& ,-3?-<)(@A)&
!"#$%&0<&(#$%-/01(+-*g& •  J)?)*C<&-*&4%($&?(/$&-2&$%)& (#$%1&)A)?%(*$&E-#&(/)& A--50*D&($& –  :-A0,E&`q">BFa& –  |#)/E&`q">BF_8"BF&?/-hA)a& –  >A(03<&`8"BF&.&N8OV)C&88!a& –  c<)/&,-*<)*$&`!"#$%a& –  :)/30<<0-*<&`!"#$%a& F%,'+B'D$%!'%#"'&0#"#'5$)P,' +)-$*-"'%#"!Q&$)#"),R',1")' O4%,1'#,0!,#',$'*$$8'C$!"' *+8"'0%,1")3&03$)' &
cB"&.&!"#$%& •  User Managed Access extends OAuth 2.0 to allow for a user to manage access to multiple (and distributed) resources through centralized Authorization Manager •  Leverages separation between AS & RS introduced by WRAP & O4%,1' 9G4' 9%)&/)<-#/,)&<)/H)/&/)<?),$<&(,,)<<&$-5)*<& 9%)&%-<$&-#$<-#/,)<&(#$%-/01(+-*&w-@<&$-& 2/-3&Ñ0$<{&(#$%-/01(+-*&<)/H)/& (*&(#$%-/01(+-*&3(*(D)/&,%-<)*&@E&$%)& #<)/& 9%)&(#$%-/01(+-*&<)/H)/&0<<#)<&$-5)*<& 9%)&(#$%-/01(+-*&3(*(D)/&0<<#)<&$-5)*<& @(<)C&-*&$%)&,A0)*$f<&(@0A0$E&$-&(#$%)*+,($)I& @(<)C&-*&#<)/&?-A0,E&(*C&Ñ,A(03<{&,-*H)E)C& @E&$%)&/)L#)<$)/I& 9%)&/)<-#/,)&<)/H)/&H(A0C($)<&$-5)*<&0*&(*& 9%)&%-<$&,(*&(<5&$%)&(#$%-/01(+-*&3(*(D)/& #*<?),0h)C&3(**)/K&(<<#3)C&A-,(AAE& $-&H(A0C($)&$-5)*<&0*&/)(A&+3)I& 8$(+,&,A0)*$&/)D0<$/(+-*&<$)?&& B-/)&CE*(30,&3-C)A&
cB"&.&!"#$%& ST'9#"!'+),!$5%&"#' U$#,',$'4G' WT'U$#,'-"!+X"#',$8")' 0,'4G' VT'.";%"#,$!'$>,0+)#'' ,$8")'B!$C'4G',$'%#"' '0,'U$#,'
"D)*C(& •  !"#$%&C/0H)/<& •  8,/))*<%-$&C)3-& •  !"#$%&%0<$-/E& •  !"#$%&U& •  !"#$%&0*&,-*$)P$& •  o)E&#<)&,(<)<& •  !"#$%&<),#/0$E&3-C)A& •  "AA&$%)&@)AA<&.&4%0<$A)<&4(A5&$%/-#D%&
!"#$%&c<)&,(<)<&
c<)&,(<)&$(P-*-3E& >A-#C& B-@0A)& J0e)/)*$& @#<0*)<<& 4-/52-/,)& C-3(0*& 4/Y9#"!' !"*03$)#1+6' ;*$)/*(A& B-@0A)& ,-*<#3)/& 8(3)& C-3(0*& 8)/H)/& B-@0A)& =*+"),'
J0<+*D#0<%0*D&2)($#/)<& •  W($#/)&-2&$%)&,A0)*$K&0)&3-@0A)&-/&4)@&(??& •  N%)$%)/K&(*C&%-4K&#<)/&(#$%)*+,($)<&$-&"8& •  N%)$%)/K&(*C&%-4K&,A0)*$&(#$%)*+,($)<&$-&"8& •  N%)$%)/K&(*C&%-4K&#<)/&*))C<&$-&D0H)&,-*<)*$& •  9/#<$&3-C)A&@)$4))*&>A0)*$&.&"8& •  9/#<$&3-C)A&@)$4))*&68&.&"8&
!"#$%&c<)&>(<)^&B-@0A)&>-*<#3)/& •  "&>-*<#3)/&>A-#C&=#<0*)<<&`)IDI&B(//0-]a&@#0AC0*D& B-@0A)&"??<& •  :/-H0C)&88!&(,,)<<&H0(&0:(CK&0:%-*)K&"*C/-0CK&)$,& •  9/#<$&/)A(+-*<%0?&0<&@)$4))*&)*$)/?/0<)&.& ,-*<#3)/&
B-@0A)&>-*<#3)/^&&8?),0h,<& ka&B-@0A)&(??A0,(+-*&A(#*,%)<& S' "#$%Å& @/-4<)/K&0*&4%0,%&#<)/& V' 7*C?-0*$& (#$%)*+,($)<&$-&:0*DV)C)/($)& `(*C&D/(*$<&,-*<)*$a&&& 9-5)*& 7*C?-0*$& Ua&:0*DV)C)/($)&/)$#/*<&,-C)&$-& 3-@0A)&(??A0,(+-*&$%/-#D%& Ä(A0C(+-*& @/-4<)/& W' 7*C?-0*$& Ya&B-@0A)&(??A0,(+-*&)P,%(*D)<&,-C)& 2-/&(,,)<<&$-5)*& Ra&B-@0A)&(??A0,(+-*&(CC<&(,,)<<& [' $-5)*&$-&0$<&6789&/)L#)<$&-2& 6)<-#/,)&8)/H)/&`":;a& ' Xa&68&0*$)/(,$<&40$%&:0*DV)C)/($)&$-& H)/02E&$-5)*K&(*C&/)$/0)H)&C)<0/)C& 68& (]/0@#$)<& Ça&"<<#30*D&!oK&68&/)$#/*<& /)L#)<$)C&C($(&$-&3-@0A)& (??A0,(+-*& Z'
B-@0A)&>-*<#3)/<^&;*A0*)&-?+-*& ka&B-@0A)&(??A0,(+-*&,-AA),$<&#<)/& ?(<<4-/C&(*C&<)*C<&$-& "#$%Å& :0*DV)C)/($)&0*&/)L#)<$&2-/& 7*C?-0*$& (,,)<<&$-5)*a&&& S' 9-5)*& Ua&:0*DV)C)/($)&/)$#/*<&(,,)<<&$-5)*& 7*C?-0*$& $-&3-@0A)&(??A0,(+-*& V' Ya&B-@0A)&(??A0,(+-*&(CC<&(,,)<<& Ä(A0C(+-*& 7*C?-0*$& $-5)*&$-&0$<&6789&/)L#)<$&-2& 6)<-#/,)&8)/H)/&`":;a& Ra&68&0*$)/(,$<&40$%&:0*DV)C)/($)&$-& W' Z' H)/02E&$-5)*K&(*C&/)$/0)H)& C)<0/)C&(]/0@#$)<& Xa&"<<#30*D&!oK&68&/)$#/*<& /)L#)<$)C&C($(&$-&3-@0A)& (??A0,(+-*& [' 68&
J0<,#<<0-*& •  B-@0A)&,A0)*$<&(/)&D)*)/(AAE&*-$&0<<#)C&#*0L#)&,A0)*$& ,/)C)*+(A<&'&/($%)/&(AA&,-?0)<&<%(/)&$%)&<(3)& –  :/-H0C)<&-*AE&,-(/<)&r(#$%)*+,(+-*f&`-/&H(A0C(+-*a& •  J0e)/)*$&#<)/&(#$%)*+,(+-*&3),%(*0<3<&%(H)&?/-<_ ,-*<& –  =/-4<)/O@(<)C&3),%(*0<3<&3(E&@)&(CH(*$(D)-#<&2/-3& <),#/0$E&:-ÄI&"A<-&(AA-4<&2-/&h*)OD/(0*)C&,-*<)*$& ?-<<0@0A0+)<I&=/-4<)/&3(E&@)&)3@)CC)C& –  ;*A0*)&3),%(*0<3&3(E&-e)/&#<(@0A0$E&(CH(*$(D)<K&@#$&($&(& ,-<$& •  S/(*#A(/0$E&-H)/&,-*<)*$& •  6)A0(*,)&-*&?(<<4-/C<&
!"#$%&c<)&>(<)^&B-@0A)&>A-#C_8((<&& •  "&>A-#C&=#<0*)<<_8((8&@#0AC0*D&B-@0A)&"??A0,(+-*<& •  8#??-/$<&4-/52-/,)&(,,)<<&H0(&H0(&0:(CK&0:%-*)K& "*C/-0CK&)$,&$-&>A-#CO%-<$)C&":;<& •  9/#<$&/)A(+-*<%0?&0<&@)$4))*&$%)&)*$)/?/0<)&(*C& >A-#C&=#<0*)<<_8((8&
B-@0A)&>A-#C& ka&B-@0A)&(??A0,(+-*&A(#*,%)<& ;C:& @/-4<)/&$-&:0*DV)C)/($)&(#$%*& V' ?(D)& "#$%Å& V' 7*C?-0*$& &Ua&:0*DV)C)/($)&<)*C<&)3?A-E))& S' @/-4<)/&$-&)*$)/?/0<)&;C:&2-/&88!K& 9-5)*& /),)0H)<&8"BF&(<<)/+-*& 7*C?-0*$& W' Ya&:0*DV)C)/($)&/)$#/*<&,-C)&$-& Ä(A0C(+-*& 3-@0A)&(??A0,(+-*&$%/-#D%& W' Z' 7*C?-0*$& @/-4<)/& Ra&B-@0A)&(??A0,(+-*&)P,%(*D)<&,-C)& 2-/&(,,)<<&$-5)*& ' Xa&B-@0A)&(??A0,(+-*&(CC<&(,,)<<& $-5)*&$-&0$<&6789&/)L#)<$&-2& ]' 6)<-#/,)&8)/H)/&`":;a& Ça&68&0*$)/(,$<&40$%&:0*DV)C)/($)&$-& 68& H)/02E&$-5)*K&(*C&/)$/0)H)&C)<0/)C& (]/0@#$)<& ua&"<<#30*D&!oK&68&/)$#/*<& /)L#)<$)C&C($(&$-&3-@0A)& [' (??A0,(+-*&
c>&'&;*$)/*(A&8)/H)/&>A0)*$<& •  7*$)/?/0<)&,-**),$<&0*$)/*(A&(??A0,(+-*<& $%/-#D%&6789&":;<&2-/&0*$)D/(+-*& •  >A0)*$<&3(E&(,$&(#$-*-3-#<AEK&-/&(A$)/*(+H)AE& -*&@)%(A2&-2&(*&)3?A-E))&-/&/-A)&
;*$)/*(A&":;<^&O&"#$-*-3-#<& kI  ;*$)/*(A&,A0)*$&(#$%)*+,($)<&$-& :0*DV)C)/($)&-*&/)L#)<$&2-/& "#$%Å& (,,)<<&$-5)*& 7*C?-0*$& UI  :0*DV)C)/($)&/)$#/*<&(,,)<<& S' 9-5)*& $-5)*&$-&,A0)*$& 7*C?-0*$& YI  B-@0A)&(??A0,(+-*&(CC<&(,,)<<& V' $-5)*&$-&0$<&6789&/)L#)<$&-2& Ä(A0C(+-*& 7*C?-0*$& 6)<-#/,)&8)/H)/&`":;a& RI  68&0*$)/(,$<&40$%&:0*DV)C)/($)& $-&H)/02E&$-5)*K&(*C&/)$/0)H)& W' Z' (??/-?/0($)&,A0)*$&(]/0@#$)<& XI  "<<#30*D&!oK&68&/)$#/*<& /)L#)<$)C&C($(&$-&,A0)*$& (??A0,(+-*& [' 68&
;*$)/*(A&":;<^&&O&J)A)D($)C& kI  >A0)*$&(??A0,(+-*&A(#*,%)<& S' @/-4<)/&$-&:0*DV)C)/($)&(#$%*& "#$%Å& ?(D)& 7*C?-0*$& UI  &"i)/&A-D0*K&:0*DV)C)/($)& V' 9-5)*& /)$#/*<&,-C)&$-&,A0)*$& 7*C?-0*$& (??A0,(+-*&$%/-#D%&@/-4<)/& V' YI  >A0)*$&(??A0,(+-*&)P,%(*D)<& Ä(A0C(+-*& 7*C?-0*$& ,-C)&2-/&(,,)<<&$-5)*& RI  >A0)*$&(??A0,(+-*&(CC<&(,,)<<& $-5)*&$-&0$<&6789&/)L#)<$&-2& [' 6)<-#/,)&8)/H)/&`":;a& W' XI  68&0*$)/(,$<&40$%&:0*DV)C)/($)& $-&H)/02E&$-5)*K&(*C&/)$/0)H)& C)<0/)C&(]/0@#$)<& Z' 68& ÇI  "<<#30*D&!oK&68&/)$#/*<& /)L#)<$)C&C($(&$-&,A0)*$& (??A0,(+-*& '
>A-#C&=#<0*)<<_8((8& •  "&>A-#C&=#<0*)<<_8((8&?/-H0C)<&C($(&(,,)<<&$%/-#D%&6789&":;<& •  ":;&,A0)*$<&(/)&4)@&(??A0,(+-*<&`0I)I&-*&(&<)/H)/a& •  F(/D)&*#3@)/&-2&,A0)*$<&(,,)<<0*D&":;<&'&)(<0)/&$-&3(*(D)&$/#<$&($&$%)& ?(/$*)/_,#<$-3)/&A)H)A&$%(*&0*C0H0C#(A&,A0)*$<& •  "#$%)*+,($)&,A0)*$&.&#<)/<&$%/-#D%&2)C)/(+-*K&/($%)/&$%(*&C0/),$AE&0<<#)C& ,/)C)*+(A<&
VA-4& kI  >A0)*$&(??A0,(+-*&/)$/0)H)<&8"BF& (<<)/+-*&2/-3&A-,(A&;C:& UI  >A0)*$&<)*C<&8"BF&(<<)/+-*&$-& :0*DV)C)/($)&($&8((8&:/-H0C)/_ ?(/$*)/&)$,& YI  :0*DV)C)/($)&/)$#/*<&(,,)<<& $-5)*&$-&,A0)*$& RI  >A0)*$&(??A0,(+-*&(CC<&(,,)<<& $-5)*&$-&0$<&6789&/)L#)<$&-2& 6)<-#/,)&8)/H)/&`":;a& XI  8((8&68&0*$)/(,$<&40$%& :0*DV)C)/($)&$-&H)/02E&$-5)*K& (*C&/)$/0)H)&C)<0/)C&(]/0@#$)<& ÇI  "<<#30*D&!oK&8((8&68&/)$#/*<& /)L#)<$)C&C($(&$-&,A0)*$& (??A0,(+-*&
"D)*C(& •  !"#$%&C/0H)/<& •  8,/))*<%-$&C)3-& •  !"#$%&%0<$-/E& •  !"#$%&U& •  !"#$%&0*&,-*$)P$& •  o)E&#<)&,(<)<& •  !"#$%&<),#/0$E&3-C)A& •  "AA&$%)&@)AA<&.&4%0<$A)<&4(A5&$%/-#D%&
!"#$%&U&8),#/0$E&B-C)A& •  N)AAK&0$&<-/$&-2&C)?)*C<p& –  9-5)*&$E?)& –  S/(*$&$E?)& –  >A0)*$&$E?)& •  "A<-K&0$f<&50*C&-2&,-3?A0,($)Cp&
8)<<0-*&>--50)&"*(A-DE&& •  !"#$%&#<0*D&@)(/)/&$-5)*<&0<&<-/$&-2&A05)&<)<<0-*& ,--50)<&2-/&":;_/)<-#/,)&(,,)<<&& •  S)*)/(AAE&E-#&A-D0*&$-&(&4)@<0$)&(*C&(/)&0<<#)C&(& <)<<0-*&,--50)&2-/&<#@<)L#)*$&/)L#)<$<& •  S/(*$&0<&A05)&$%)&A-D0*&(*C&(,,)<<&$-5)*&0<&A05)&$%)& <)<<0-*&,--50)&& •  9F8&0<&/)L#0/)C&($&)H)/E&<$)?& •  >--50)<&/)AE&-*&<(3)&-/0D0*&?-A0,E& •  ",,)<<&$-5)*<&/)AE&-*&<$(+,&-/&4)AA&5*-4&<)/H)/<& •  W)0$%)/&0<&?)/2),$& •  J0<,-H)/E&,(**-$&@)&<(2)AE&C-*)&40$%&@)(/)/&$-5)*<&
N%($&(@-#$&B">g& •  b)A?<&40$%&$%)&C0<,-H)/E&?/-@A)3& •  8+AA&50*C&-2&<030A(/&$-&<)<<0-*&,--50)<& –  ;*&2(,$K&$%)&B">&<?),&C)h*)<&(*&)P$)*<0-*&$-&$%)& b99:&z8)$O>--50)&z&/)<?-*<)&%)(C)/&h)AC& •  :/)H)*$<&,/)C)*+(A&A)(5(D)& •  >(*&@)&#<)C&-H)/&0*<),#/)&,%(**)A<& –  "CC<&,-3?A)P0$E&`*-/3(A01(+-*K&,/E?$-D/(?%EK& <$($)&3(*(D)3)*$a& –  W-&,-*hC)*+(A0$E&`<+AA&*))C&9F8&2-/&$%($a&
9-5)*<&.&80D*0*D&& •  80D*)C&9-5)*<& –  9-5)*&0<&<0D*)C&@E&$%)&0<<#)/&`"8a& –  vN9K&8N9K&8"BFK&)$,I& –  9-5)*&0<&<)A2O,-*$(0*)C& •  80D*0*D&40$%&9-5)*<&& –  >A0)*$&<0D*<&$%)&/)L#)<$&40$%&<-3)&<),/)$&0<<#)C& (A-*D&<0C)&$%)&$-5)*& –  B">& –  9-5)*&,(*&@)&<)A2O,-*$(0*)C&-/&/)2)/)*,)&&
N%E&(/)*f$&9-5)*<&J)h*)Cg& •  ;$f<&-5(EK&0$&/)(AAE&0<& •  ;&C-*f$&5*-4&4%E&)P(,$AEK&@#$&;fH)&D/-4*&$-& (,,)?$&(*C&)H)*&A05)&0$& •  ;$&C-)<&03?AE&<-3)&A)H)A&-2&,--/C0*(+-*& @)$4))*&$%)&"8&.&68& •  903)&40AA&$)AAp&
!$%)/&8),#/0$E&8$#e& •  6)2)/)*,)&<$EA)&$-5)*<&*))C&(&A-$&-2&)*$/-?E& •  6)H-,(+-*&0<&D--C&$-&?/-H0C)& •  9F8& •  >A0)*$&"#$%)*+,(+-*&(*C&@0*C0*D&$-&$-5)*<_,-C)<& •  =/#$)&2-/,)&,-#*$)/3)(<#/)<& •  9-5)*&<$-/(D)& •  9-5)*_,-C)&A)(5(D)& •  :%0<%0*D& •  J0C&;&3)*+-*&9F8g& •  8,-?)&
"D)*C(& •  !"#$%&C/0H)/<& •  8,/))*<%-$&C)3-& •  !"#$%&%0<$-/E& •  !"#$%&U& •  !"#$%&0*&,-*$)P$& •  o)E&#<)&,(<)<& •  !"#$%&<),#/0$E&3-C)A& •  "AA&$%)&@)AA<&.&4%0<$A)<&4(A5&$%/-#D%&
N(A5&$%/-#D%& •  N(A5&$%/-#D%&<,)*(/0-&-2&(*&)3?A-E))&#<0*D&(& *(+H)&(??&-*&$%)0/&?%-*)_$(@A)$&$-&0*$)/(,$& 40$%&(&8((8&?/-H0C)/& •  8"BF&?/-H0C)<& –  "#$%)*+,(+-*&-2&)3?A-E))&$-&8((8&?/-H0C)/& •  !"#$%&?/-H0C)<& –  (#$%-/01(+-*&-2&*(+H)&(??&$-&(,,)<<&8((8&":;<& –  ;<<#(*,)&-2&$-5)*<&2/-3&8((8&$-&*(+H)&(??&
N(A5&$%/-#D%& &&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&!"#$%& & &&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&8"BF& & & &&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&!"#$%&
F-(C&(#$%1&?(D)&
F-(C&(#$%1&?(D)&
F-(C&(#$%1&?(D)& S79&_(<_(#$%-/01(+-*I-(#$%Ug ,A0)*$x0C}3-@0A)(??.<$($)}%-<)/./)C0/),$x#/0}3-@0A)(??^__ /)C0/),$x%)/)./)<?-*<)x$E?)},-C)&b99:_kIk& ^$,"' O O&W-&,A0)*$&?4C& O O&,#<$-3&<,%)3)&-*&/)C0/),$&c6F& O O&/)<?-*<)&$E?)&-2&r,-C)f&
;C:&J0<,-H)/E&
;C:&J0<,-H)/E&
;C:&C0<,-H)/E&
88!&6)L#)<$&
88!&/)L#)<$&
88!&6)L#)<$& à2-/3&3)$%-C}z?-<$z&(,+-*}z%]?<^__0C?I)P(3?A)I-/D_8"BFU_88!_:!89z&â& à0*?#$&$E?)}z%0CC)*z&*(3)}z8"BF6)L#)<$z&H(A#)}z!"#$"%&z&_â& à0*?#$&$E?)}z<#@30$z&H(A#)}z8#@30$z&_â& à_2-/3â&& à<(3A?^"#$%*6)L#)<$& &P3A*<^<(3A?}z#/*^-(<0<^*(3)<^$,^8"BF^UIZ^?/-$-,-Az& P3A*<^<(3A}z#/*^-(<0<^*(3)<^$,^8"BF^UIZ^(<<)/+-*z&;J}z((2UYksÇOkuuYOUkkYORuR(O 2)kkRRkU(@uUz&Ä)/<0-*}zUIZz&;<<#);*<$(*$}zUZZROkUOZX9Zs^Uk^XsÅ{â& & &à<(3A^;<<#)/â%]?<^__<?I)P(3?A)I,-3_8"BFUà_<(3A^;<<#)/â&&à<(3A?^W(3);J:-A0,E& "AA-4>/)($)}z$/#)z& &V-/3($}z#/*^-(<0<^*(3)<^$,^8"BF^ UIZ^*(3)0C^2-/3($^?)/<0<$)*$z_â& à_<(3A?^"#$%*6)L#)<$â&
c<)/&(#$%)*+,(+-*&
c<)/&(#$%)*+,(+-*&
c<)/&(#$%)*+,(+-*&
88!&/)<?-*<)&
88!&6)<?-*<)&
88!&6)<?-*<)& à<(3A^"<<)/+-*â& à<(3A^;<<#)/â%]?<^__0C?I)P(3?A)I-/D_8"BFUà_<(3A^;<<#)/â& àC<^80D*($#/)&P3A*<^C<}z%]?^__444I4YI-/D_UZZZ_Zs_P3AC<0DMzâIIIà_C<^80D*($#/)â& à<(3A^8#@w),$â&à<(3A^W(3);J&V-/3($}z#/*^-(<0<^*(3)<^$,^8"BF^UIZ^*(3)0CO2-/3($^?)/<0<$)*$zâ& Y2u@YC,2OkÇuROR),COsU,tOkXRR2YRÇ@(2t&à_<(3A^W(3);Jâà_<(3A^8#@w),$â& à<(3A^"]/0@#$)8$($)3)*$â& à<(3A^"]/0@#$)&W(3)}Ñ)3(0A{&â& à<(3A^"]/0@#$)Ä(A#)&P<0^$E?)}zP<^<$/0*Dzâ?3(C<)*?0*D0C)*+$EI,-3à_<(3A^"]/0@#$)Ä(A#)â&& à_<(3A^"]/0@#$)â&& à_<(3A^"]/0@#$)8$($)3)*$â&& à_<(3A^"<<)/+-*â&&
6)<?-*<)&40$%&,-C)&
6)<?-*<)&40$%&,-C)&
6)<?-*<)&40$%&,-C)& b99:_kIk&YZU&V-#*C& F-,(+-*^&3-@0A)(??^__/)C0/),$x%)/)g& &<$($)}%-<)/.& &,-C)}401v3(89:"2Z4L8)=YH3JPU3W8ÅoÇD& >-*$)*$OF)*D$%^&Z&
9/(C)&,-C)&2-/&$-5)*&
9/(C)&,-C)&2-/&$-5)*&
9/(C)&,-C)&2-/&$-5)*& :!89&_(<_$-5)*I-(#$%U& b-<$^&(<I,-3& ,A0)*$x0C}(./)C0/),$x#/0}3-@0A)(??^__ /)C0/),$%)/).D/(*$x$E?)}(#$%-/01(+-*x,-C).,-C)}401v3(89:"2Z4L8)=YH3JPU 3W8ÅoÇD&b99:_kIk& & & b99:_kIk&UZZ&!o& >-*$)*$O9E?)^&(??A0,(+-*_w<-*~&,%(/<)$}c9VOt& z$-5)*x$E?)z^z=)(/)/zKz)P?0/)<x0*z^zÇZZzKz/)2/)<%x$-5)*z^z-|NL4Bc;FU*C)Bb<N7 EV!ZSE(AHo8H,U|;Rd#StU6BS5BzKz(,,)<<x$-5)*z^zA8=@,0RvDtB<w08LÅF=/17qDCR 3ocW%!5EVzÉ&
>A0)*$&,(AA<&":;&
>A0)*$&,(AA<&":;&
>A0)*$&,(AA<&":;& %]?<^__D/(?%I2(,)@--5I,-3_?(#AI)I3(C<)*_ 2/0)*C<_g (,,)<<x$-5)*}A8=@,0RvDtB<w08LÅF=/17qDCR3o cW%!5EV& & & & & &
Ä)/02E&$-5)*&
Ä)/02E&$-5)*&
Ä)/02E&$-5)*& S79&_(<_$-5)*I-(#$%Ug ,A0)*$x0C}@.,A0)*$x<),/)$}?4C.D/(*$x$E?)}#/*^?0*D^H(A0C($).$-5)*}A8=@,0RvDtB<w08LÅF=/17qDCR3ocW%!5EV& b99:_kIk& b-<$^&(<I,-3& ",,)?$^&n_n& & &b99:_kIk&UZZ&!o& >-*$)*$O9E?)^&(??A0,(+-*_w<-*~&,%(/<)$}c9VOt&& ^$,'O4%,1'5"X)"5'
6)$#/*&J($(&
6)$#/*&J($(&
6)$#/*&C($(& b99:_kIk&UZZ&!o& >-*$)*$O9E?)^&(??A0,(+-*_w<-*~&,%(/<)$}c9VOt&
& 903)&?(<<)<& & & &
6)2/)<%&$-5)*&
6)2/)<%&$-5)*&
6)2/)<%&$-5)*&/)L#)<$& :!89&_(<_$-5)*I-(#$%U&b99:_kIk& b-<$^&A-,(A%-<$^sZYk& & ,A0)*$x0C}(.D/(*$x$E?)}/)2/)<%x$-5)*.& &/)2/)<%x$-5)*}-|NL4Bc;FU*C)Bb<N7EV!ZSE(AHo8H,U|;Rd#StU6BS5B&&
S)$&2/)<%&(]/0@#$)<&
S)$&2/)<%&(]/0@#$)<&
S)$&2/)<%&(]/0@#$)<& 8>;B&-/&8"BFgg&
6)$#/*&(,,)<<&$-5)*&
6)$#/*&(,,)<<&$-5)*&
6)$#/*&(,,)<<&$-5)*& b99:_kIk&UZZ&!o& >-*$)*$O9E?)^&(??A0,(+-*_w<-*~&,%(/<)$}c9VOt& z$-5)*x$E?)z^z=)(/)/zKz)P?0/)<x0*z^zÇZzKz/)2/)<%x$-5)*z^zvÅu|(REbX>t7Y>0 5H,ÅÅ<CRÅFcDÄEd*0)qLE@"Vw!@|?1zKz(,,)<<x$-5)*z^zRs=:;XF#WBYkZ-u %@=s3s,;1;39XBtD,6w7zÉ&
& 60*<)&.&/)?)($&p& & & &
& (/,%0H)& & &
B-@0A)&(??&;CB&(/,%0$),$#/)&&
W(+H)&H<&4)@&(??<& •  W-$&D-0*D&$-&$/E&$-&?/)C0,$&40**)/&'&)P?),$&@-$%& •  "#$%)*+,(+-*&.&(#$%-/01(+-*&<%-#AC&@)&,-*<0<$)*$& (,/-<<&@-$%&3-C)A<K&<-&$%($& –  c<)/<&(/)&*-$&,-*2#<)CK&)D&#<)&C0e)/)*$& ,/)C)*+(A<&(*C_-/&(#$%)*+,(+-*&,)/)3-*E&2-/& $%)&$4-&3-C)A<K&)H)*&02&(,,)<<0*D&$%)&<(3)& (??A0,(+-*& –  8)/H0,)&:/-H0C)/<&(/)*f$&2-/,)C&$-&03?A)3)*$& C#?A0,($)&.&0*,-3?(+@A)&<),#/0$E&2/(3)4-/5<& 2-/&$%)&$4-&3-C)A<&
V)C)/(+-*& •  V)C)/(+-*&(@<$/(,$<&(4(E&2/-3&(??A0,(+-*<& <?),0h,<&-2&(#$%)*+,(+-*&.&(#$%-/01(+-*&'& -#$<-#/,)C&$-&<?),0(A01)C&?/-H0C)/<& •  >-3?A)P0$E&%0CC)*&@E&$-5)*&0<<#(*,)&.&H(A0C(+-*& •  V)C)/(+-*&<$(*C(/C<&C)h*)& –  9-5)*&2-/3($<& –  b-4&,A0)*$<&-@$(0*&$-5)*<& –  b-4&,A0)*$<&?/)<)*$&$-5)*<&$-&(??A0,(+-*& ?/-H0C)/<&&
9-5)*<& •  V)C)/($)C&(#$%)*+,(+-*&2-/&@-$%&4)@&(*C& *(+H)&3-@0A)&(??A0,(+-*<&0<&@(<)C&-*&)P,%(*D)& (*C&C)A0H)/E&-2&&'(")%*$-&$%)&(??A0,(+-*& •  9-5)*<&,(//E&`-/&?-0*$&$-a&<),#/0$E&0*2-/3(+-*& `A05)&(]/0@#$)<&-/&(#$%-/01(+-*<a&2-/&#<)/&$/E0*D& $-&(,,)<<&$%)&(??A0,(+-*I&& •  >A0)*$<&$E?0,(AAE&)P,%(*D)&,/)C)*+(A<&2-/&$-5)*<& O&)(<0)/_<(2)/&$-&<%(/)&$%)&$-5)*&(,/-<<&$%)& *)$4-/5&/($%)/&$%(*&$%)&-/0D0*(A&,/)C)*+(A<& •  N%)*&$-5)*&0<&<#@<)L#)*$AE&?/)<)*$)C&$-&(*& (??A0,(+-*&?/-H0C)/K&$%)E&<)/H)&$-&(#$%)*+,($)& (*C_-/&(#$%-/01)&$%)&/)L#)<$&
V)C)/(+-*&$(5)<&C0e)/)*$&2-/3<& V-/&4)@&(??<K&$-5)*<&,(//E& =/-4<)/& (??& "]/0@#$)<&2-/&(#$%)*+,(+-*& V-/&*(+H)&(??<K&$-5)*<&,(//E& (??& C($(& "#$%-/01(+-*&2-/&(]/0@#$)<&
9-5)*<&2-/&3-@0A)&4)@&(??A0,(+-*<& •  V)C)/(+-*&2-/&4)@&(??A0,(+-*<&3(*02)<$<&(<& 88!&2/-3&<-3)&;C:&$-&$%)&(??A0,(+-*&?/-H0C)/& •  88!&)<?),0(AAE&/)A)H(*$&2-/&3-@0A)& •  9-5)*<&(])<+*D&$-&$%)&#<)/f<&0C)*+$E&(*C_-/& (#$%)*+,(+-*&<$($#<&C)A0H)/)C&&+!'$,+*`(<& /)C0/),$<a&$%)&@/-4<)/&2/-3&;C:&$-&$%)& (??A0,(+-*&?/-H0C)/& •  "??A0,(+-*&?/-H0C)/&H(A0C($)<&$-5)*&(*C& )P$/(,$<&0C)*+$E&(]/0@#$)<&2/-3&40$%0*&0*&-/C)/& $-&,/)($)&A-,(A&<)<<0-*&&
9-5)*<&2-/&4)@&(??A0,(+-*<& ;C)*+$E&?/-H0C)/& 8)/H0,)&?/-H0C)/& kI  c<)/&$/(C)<& ,/)C)*+(A<&2-/&(& $-5)*&2/-3&;C:& 8"BF& UI  9-5)*&C)A0H)/)C& !?)*;J& "??A0,(+-*& $%/-#D%&$%)& @/-4<)/&$-&8:& YI  8:&H(A0C($)<&$-5)*K& (*C&C)A0H)/<& (??A0,(+-*&b9BF& :4C& b9BF& $-&@/-4<)/& 9-5)*& J)H0,)& =/-4<)/&
=)<$&?/(,+,)<& •  8$(*C(/C<& –  !?)*;J&UIZ&2-/&,-*<#3)/&<,)*(/0-<& –  8"BF&UIZ&2-/&)*$)/?/0<)&.&,A-#C& –  N8OV)C)/(+-*&2-/&%-3-D)*)-#<&B8V9& •  ;C:&J0<,-H)/E& –  ;*&,-*<#3)/&<?(,)K&,-*<0C)/&W(<,(/&40$%&)3(0AO @(<)C&<#??A)3)*$& –  ;*&,A-#C&<?(,)K&,-*<0C)/&)3(0AO@(<)C& •  =-$%&;C:&`?-/$(Aa&(*C&8:&`C))?OA0*50*Da&0*0+($)C& (/)&/)A)H(*$& •  B-@0A)&@/-4<)/&,-*<$/(0*$<&3(E&/),-33)*C& (/+2(,$&3-C)A&0*&8"BF&
9-5)*<&2-/&*(+H)&(??A0,(+-*<& •  W(+H)&(??A0,(+-*<&(#$%)*+,($)&$-&6789&":;<&@E& ?/)<)*+*D&(&$-5)*&-*&$%)&,(AA& •  9%)&?/),#/<-/&(,$&-2&$%)&*(+H)&(??A0,(+-*&-@$(0*0*D&(& $-5)*&0<&-i)*&,(AA)C&r(#$%-/01(+-*f&`?(/+,#A(/AE&0*& $%-<)&,(<)<&4%)*&$%)&":;&2/-*$<&#<)/&0*2-K&)D&?/-hA)K& $4))$<K&)$,a& •  c<)/&(#$%-/01)<&`-/&,-*<)*$<a&$-&$%)&*(+H)&(??A0,(+-*& %(H0*D&(,,)<<&$-&$%)&":;&`(*C&$%)0/&C($(a&'&$%)& (#$%-/01(+-*&0<&3(*02)<$)C&(<&$%)&0<<#(*,)&-2&(&$-5)*& $-&$%)&*(+H)&(??& •  !"#$%&UIZ&C-30*(*$&?/-$-,-A&@E&4%0,%&(&*(+H)&(??& -@$(0*<&$%)&C)<0/)C&(#$%-/01(+-*<&(*C&$%)& ,-//)<?-*C0*D&$-5)*&`(*C&$%)*&#<)<&(D(0*<$&":;a&
B-@0A)&(#$%*&-?+-*<& • E(5'#10!"5'(+,1'W!5'60!,D' _C>"55"5'>!$(#"!' :)*+)"' • 466'$()#'9:' • ^$')""5',$'*"0-"'066' • =%#,$C'#&1"C"' • _)0>*"#'//O' • _)0>*"#'#,!$)?'0%,1)' • 4/'$()#'9:' • a+#%0*',!%#,'&%"#' • =0)'*"-"!0?"'#,$!"5'6(5#' _`,"!)0*'>!$(#"!'
9-5)*<&2-/&*(+H)&(??A0,(+-*<& 8)/H0,)&?/-H0C)/& kI  c<)/&$/(C)<&,/)C)*+(A<&2-/&(&$-5)*& UI  9-5)*&C)A0H)/)C&$%/-#D%&$%)&@/-4<)/& $-&*(+H)&(??A0,(+-*& "??A0,(+-*& YI  W(+H)&(??A0,(+-*&?/)<)*$<&$-5)*&-*& ":;&,(AA<& RI  "??A0,(+-*&/)$#/*<&(??A0,(+-*&C($(& (<&v8!W& :4C& 9-5)*& v8!W_qBF& J)H0,)& =/-4<)/& "??A0,(+-*& !"#$%&
=)<$&?/(,+,)<& •  c<)&$%)&@/-4<)/&$-&(#$%)*+,($)&$%)&#<)/&$-&$%)&"8K& C-*f$&,-AA),$&#<)/&?(<<4-/C<&40$%0*&*(+H)&(??A0,(+-*& 0$<)A2& •  "&<)?(/($)&@/-4<)/&40*C-4&?/)2)//)C&$-&)3@)CC)C&'& D0H)<&#<)/&$%)&H0<#(A&$/#<$&,#)<&$/(0*)C&$-&A--5&2-/& •  !"#$%&(#$%-/01(+-*&,-C)&D/(*$&$E?)&0<&/)A)H(*$&'& (AA-4<&(&/)2/)<%&$-5)*&$-&@)&C)A0H)/)C&$-&$%)&*(+H)& (??A0,(+-*&`-@H0($)<&*))C&$-&,-*+*#(AAE&/)(#$%-/01)a& •  c<)&@/-4<)/&2-/&;C:&C0<,-H)/E&02&C-0*D&88!&`/($%)/&$%(*& 40$%0*&*(+H)&(??A0,(+-*&0$<)A2a& •  W(+H)&(??A0,(+-*&<%-#AC&/)D0<$)/&,#<$-3&<,%)3)&-*& 0*<$(AAK&$-&)*(@A)&<#@<)L#)*$&?(<<0*D&&-2&$-5)*&2/-3& @/-4<)/&-./(*$-&*(+H)&(??A0,(+-*&

Recomendados

What to do with managers agile2012 ss
What to do with managers agile2012 ssWhat to do with managers agile2012 ss
What to do with managers agile2012 ssArto Eskelinen
 
Do you hear me - IOM H Comm
Do you hear me - IOM H CommDo you hear me - IOM H Comm
Do you hear me - IOM H CommReza Mahmud
 
Rus6 rt savchenkova
Rus6 rt savchenkovaRus6 rt savchenkova
Rus6 rt savchenkovanikonatbkru
 
CCNxCon2012: Session 3: Juxtaposition of CCN and Pepys
CCNxCon2012: Session 3: Juxtaposition of CCN and PepysCCNxCon2012: Session 3: Juxtaposition of CCN and Pepys
CCNxCon2012: Session 3: Juxtaposition of CCN and PepysPARC, a Xerox company
 
Portfolio empodera sized
Portfolio empodera sizedPortfolio empodera sized
Portfolio empodera sizedVladimir Ugarte
 
Heidenhain tnc426 mill_en_c
Heidenhain tnc426 mill_en_cHeidenhain tnc426 mill_en_c
Heidenhain tnc426 mill_en_cTranhoa Tranhoa
 
Hxc15
Hxc15Hxc15
Hxc15rubenroa
 
Summary data of self advocacy survey
Summary data of self advocacy surveySummary data of self advocacy survey
Summary data of self advocacy surveyNational Association of Councils on Developmental Disabilities
 

Recomendados

What to do with managers agile2012 ss
What to do with managers agile2012 ssWhat to do with managers agile2012 ss
What to do with managers agile2012 ssArto Eskelinen
 
Do you hear me - IOM H Comm
Do you hear me - IOM H CommDo you hear me - IOM H Comm
Do you hear me - IOM H CommReza Mahmud
 
Rus6 rt savchenkova
Rus6 rt savchenkovaRus6 rt savchenkova
Rus6 rt savchenkovanikonatbkru
 
CCNxCon2012: Session 3: Juxtaposition of CCN and Pepys
CCNxCon2012: Session 3: Juxtaposition of CCN and PepysCCNxCon2012: Session 3: Juxtaposition of CCN and Pepys
CCNxCon2012: Session 3: Juxtaposition of CCN and PepysPARC, a Xerox company
 
Portfolio empodera sized
Portfolio empodera sizedPortfolio empodera sized
Portfolio empodera sizedVladimir Ugarte
 
Heidenhain tnc426 mill_en_c
Heidenhain tnc426 mill_en_cHeidenhain tnc426 mill_en_c
Heidenhain tnc426 mill_en_cTranhoa Tranhoa
 
Hxc15
Hxc15Hxc15
Hxc15rubenroa
 
Summary data of self advocacy survey
Summary data of self advocacy surveySummary data of self advocacy survey
Summary data of self advocacy surveyNational Association of Councils on Developmental Disabilities
 
Agosto 4 - 2012
Agosto 4 - 2012Agosto 4 - 2012
Agosto 4 - 2012Genderson Leones Herrera
 
Bentolila jimeno2002 LA REFORMA DE LA NEGOCIACIÓN EN ESAÑA
Bentolila jimeno2002 LA REFORMA DE LA NEGOCIACIÓN EN ESAÑABentolila jimeno2002 LA REFORMA DE LA NEGOCIACIÓN EN ESAÑA
Bentolila jimeno2002 LA REFORMA DE LA NEGOCIACIÓN EN ESAÑAEfiaulaOpenSchool
 
Letter of-intent
Letter of-intentLetter of-intent
Letter of-intentBrian Davidson
 
Who Killed Performance Management - Speaker notes
Who Killed Performance Management - Speaker notes Who Killed Performance Management - Speaker notes
Who Killed Performance Management - Speaker notes David Chambers
 
Ol genomgång
Ol genomgångOl genomgång
Ol genomgångStefan Hedlund
 
14 lessons-from-a-millionaire-trader
14 lessons-from-a-millionaire-trader14 lessons-from-a-millionaire-trader
14 lessons-from-a-millionaire-traderiamn900
 
Lucene rev preso bialecki solr crawlers-lr
Lucene rev preso bialecki solr crawlers-lrLucene rev preso bialecki solr crawlers-lr
Lucene rev preso bialecki solr crawlers-lrLucidworks (Archived)
 
Towards a pan-european information space
Towards a pan-european information space Towards a pan-european information space
Towards a pan-european information space ISCRAM 2015
 
2015 trends and forecasts corporate social investment and community develop...
2015 trends and forecasts corporate social investment and community develop...2015 trends and forecasts corporate social investment and community develop...
2015 trends and forecasts corporate social investment and community develop...Next Generation Consultants: Reana Rossouw
 
Lei 7957
Lei 7957Lei 7957
Lei 7957Rosana Batista Manço
 
جنازي نماز جو طريقو
جنازي نماز جو طريقوجنازي نماز جو طريقو
جنازي نماز جو طريقوIlyas Qadri Ziaee
 
Akida brhn
Akida brhnAkida brhn
Akida brhnحمادي نزار
 
Презентация
ПрезентацияПрезентация
Презентацияdfcbkmtdf
 
Ford focusi
Ford focusiFord focusi
Ford focusirukford1
 
Ação em Petroilina
Ação em PetroilinaAção em Petroilina
Ação em PetroilinaJamildo Melo
 
TIC et Art: images numériques et métadonnées
TIC et Art: images numériques et métadonnéesTIC et Art: images numériques et métadonnées
TIC et Art: images numériques et métadonnéesLesticetlart Invisu
 
Dokumen pbs
Dokumen pbsDokumen pbs
Dokumen pbsIrna Sofia
 
Transportes e Logísticos
Transportes e Logísticos Transportes e Logísticos
Transportes e Logísticos Cláudio Carneiro
 
Grille d'évaluation sketch
Grille d'évaluation sketchGrille d'évaluation sketch
Grille d'évaluation sketchJean-Michel Dupuis
 
Hack x Crack N.15
Hack x Crack N.15Hack x Crack N.15
Hack x Crack N.15System32nemesis
 
Une en 62305 1
Une en 62305 1Une en 62305 1
Une en 62305 1Angelica Rodriguez
 
Une en 62305 1
Une en 62305 1Une en 62305 1
Une en 62305 1Matias Agaccio
 

Más contenido relacionado

La actualidad más candente

Bentolila jimeno2002 LA REFORMA DE LA NEGOCIACIÓN EN ESAÑA
Bentolila jimeno2002 LA REFORMA DE LA NEGOCIACIÓN EN ESAÑABentolila jimeno2002 LA REFORMA DE LA NEGOCIACIÓN EN ESAÑA
Bentolila jimeno2002 LA REFORMA DE LA NEGOCIACIÓN EN ESAÑAEfiaulaOpenSchool
 
Who Killed Performance Management - Speaker notes
Who Killed Performance Management - Speaker notes Who Killed Performance Management - Speaker notes
Who Killed Performance Management - Speaker notes David Chambers
 
14 lessons-from-a-millionaire-trader
14 lessons-from-a-millionaire-trader14 lessons-from-a-millionaire-trader
14 lessons-from-a-millionaire-traderiamn900
 
Lucene rev preso bialecki solr crawlers-lr
Lucene rev preso bialecki solr crawlers-lrLucene rev preso bialecki solr crawlers-lr
Lucene rev preso bialecki solr crawlers-lrLucidworks (Archived)
 
Towards a pan-european information space
Towards a pan-european information space Towards a pan-european information space
Towards a pan-european information space ISCRAM 2015
 
2015 trends and forecasts corporate social investment and community develop...
2015 trends and forecasts corporate social investment and community develop...2015 trends and forecasts corporate social investment and community develop...
2015 trends and forecasts corporate social investment and community develop...Next Generation Consultants: Reana Rossouw
 
جنازي نماز جو طريقو
جنازي نماز جو طريقوجنازي نماز جو طريقو
جنازي نماز جو طريقوIlyas Qadri Ziaee
 
Презентация
ПрезентацияПрезентация
Презентацияdfcbkmtdf
 
Ford focusi
Ford focusiFord focusi
Ford focusirukford1
 
Ação em Petroilina
Ação em PetroilinaAção em Petroilina
Ação em PetroilinaJamildo Melo
 
TIC et Art: images numériques et métadonnées
TIC et Art: images numériques et métadonnéesTIC et Art: images numériques et métadonnées
TIC et Art: images numériques et métadonnéesLesticetlart Invisu
 

La actualidad más candente (18)

Agosto 4 - 2012
Agosto 4 - 2012Agosto 4 - 2012
Agosto 4 - 2012
 
Bentolila jimeno2002 LA REFORMA DE LA NEGOCIACIÓN EN ESAÑA
Bentolila jimeno2002 LA REFORMA DE LA NEGOCIACIÓN EN ESAÑABentolila jimeno2002 LA REFORMA DE LA NEGOCIACIÓN EN ESAÑA
Bentolila jimeno2002 LA REFORMA DE LA NEGOCIACIÓN EN ESAÑA
 
Letter of-intent
Letter of-intentLetter of-intent
Letter of-intent
 
Who Killed Performance Management - Speaker notes
Who Killed Performance Management - Speaker notes Who Killed Performance Management - Speaker notes
Who Killed Performance Management - Speaker notes
 
Ol genomgång
Ol genomgångOl genomgång
Ol genomgång
 
14 lessons-from-a-millionaire-trader
14 lessons-from-a-millionaire-trader14 lessons-from-a-millionaire-trader
14 lessons-from-a-millionaire-trader
 
Lucene rev preso bialecki solr crawlers-lr
Lucene rev preso bialecki solr crawlers-lrLucene rev preso bialecki solr crawlers-lr
Lucene rev preso bialecki solr crawlers-lr
 
Towards a pan-european information space
Towards a pan-european information space Towards a pan-european information space
Towards a pan-european information space
 
2015 trends and forecasts corporate social investment and community develop...
2015 trends and forecasts corporate social investment and community develop...2015 trends and forecasts corporate social investment and community develop...
2015 trends and forecasts corporate social investment and community develop...
 
Lei 7957
Lei 7957Lei 7957
Lei 7957
 
جنازي نماز جو طريقو
جنازي نماز جو طريقوجنازي نماز جو طريقو
جنازي نماز جو طريقو
 
Akida brhn
Akida brhnAkida brhn
Akida brhn
 
Презентация
ПрезентацияПрезентация
Презентация
 
Ford focusi
Ford focusiFord focusi
Ford focusi
 
Ação em Petroilina
Ação em PetroilinaAção em Petroilina
Ação em Petroilina
 
TIC et Art: images numériques et métadonnées
TIC et Art: images numériques et métadonnéesTIC et Art: images numériques et métadonnées
TIC et Art: images numériques et métadonnées
 
Dokumen pbs
Dokumen pbsDokumen pbs
Dokumen pbs
 
Transportes e Logísticos
Transportes e Logísticos Transportes e Logísticos
Transportes e Logísticos
 

Similar a OAuth 101 & Secure API's - Paul Madsen and Brian Campbell, Ping Identity

45656069-Fracao-exercicios-resolvidos.pdf
45656069-Fracao-exercicios-resolvidos.pdf45656069-Fracao-exercicios-resolvidos.pdf
45656069-Fracao-exercicios-resolvidos.pdfAutonoma
 
Autonomos valores 09 2014
Autonomos valores 09 2014Autonomos valores 09 2014
Autonomos valores 09 2014Rosana Frachia
 
Autónomos valores 09 2014
Autónomos valores 09 2014Autónomos valores 09 2014
Autónomos valores 09 2014Rosana Frachia
 
Connect na konferencji VU2011
Connect na konferencji VU2011Connect na konferencji VU2011
Connect na konferencji VU2011Marian Rusek
 
Go Open 2008: Stein Lier, OpenOffice.org
Go Open 2008: Stein Lier, OpenOffice.orgGo Open 2008: Stein Lier, OpenOffice.org
Go Open 2008: Stein Lier, OpenOffice.orgFriprogsenteret
 
【ECCV 2018】GANimation: Anatomically-aware Facial Animation from a Single Image
【ECCV 2018】GANimation: Anatomically-aware Facial Animation from a Single Image【ECCV 2018】GANimation: Anatomically-aware Facial Animation from a Single Image
【ECCV 2018】GANimation: Anatomically-aware Facial Animation from a Single Imagecvpaper. challenge
 
HelioStat Datasheet - [FR]
HelioStat Datasheet - [FR]HelioStat Datasheet - [FR]
HelioStat Datasheet - [FR]ProximaSystems
 
the challenge_of_the_quran
the challenge_of_the_quranthe challenge_of_the_quran
the challenge_of_the_quranNoor Al Islam
 
Aprenda a utilizar a Internet como estratégia de marketing
Aprenda a utilizar a Internet como estratégia de marketingAprenda a utilizar a Internet como estratégia de marketing
Aprenda a utilizar a Internet como estratégia de marketingYCORN
 

Similar a OAuth 101 & Secure API's - Paul Madsen and Brian Campbell, Ping Identity (20)

Grille d'évaluation sketch
Grille d'évaluation sketchGrille d'évaluation sketch
Grille d'évaluation sketch
 
Hack x Crack N.15
Hack x Crack N.15Hack x Crack N.15
Hack x Crack N.15
 
Une en 62305 1
Une en 62305 1Une en 62305 1
Une en 62305 1
 
Une en 62305 1
Une en 62305 1Une en 62305 1
Une en 62305 1
 
45656069-Fracao-exercicios-resolvidos.pdf
45656069-Fracao-exercicios-resolvidos.pdf45656069-Fracao-exercicios-resolvidos.pdf
45656069-Fracao-exercicios-resolvidos.pdf
 
Community Open Space Harvest
Community Open Space HarvestCommunity Open Space Harvest
Community Open Space Harvest
 
Final WP_ExeSum E
Final WP_ExeSum EFinal WP_ExeSum E
Final WP_ExeSum E
 
Autonomos valores 09 2014
Autonomos valores 09 2014Autonomos valores 09 2014
Autonomos valores 09 2014
 
Autónomos valores 09 2014
Autónomos valores 09 2014Autónomos valores 09 2014
Autónomos valores 09 2014
 
Connect na konferencji VU2011
Connect na konferencji VU2011Connect na konferencji VU2011
Connect na konferencji VU2011
 
Aborjaca tfm0213memoria
Aborjaca tfm0213memoriaAborjaca tfm0213memoria
Aborjaca tfm0213memoria
 
Go Open 2008: Stein Lier, OpenOffice.org
Go Open 2008: Stein Lier, OpenOffice.orgGo Open 2008: Stein Lier, OpenOffice.org
Go Open 2008: Stein Lier, OpenOffice.org
 
Informe Concierto Shakira BISA 032011
Informe Concierto Shakira BISA 032011Informe Concierto Shakira BISA 032011
Informe Concierto Shakira BISA 032011
 
【ECCV 2018】GANimation: Anatomically-aware Facial Animation from a Single Image
【ECCV 2018】GANimation: Anatomically-aware Facial Animation from a Single Image【ECCV 2018】GANimation: Anatomically-aware Facial Animation from a Single Image
【ECCV 2018】GANimation: Anatomically-aware Facial Animation from a Single Image
 
agroquimicos_compress.pdf
agroquimicos_compress.pdfagroquimicos_compress.pdf
agroquimicos_compress.pdf
 
Presentation gmp
Presentation gmpPresentation gmp
Presentation gmp
 
Circular 027-2011
Circular 027-2011Circular 027-2011
Circular 027-2011
 
HelioStat Datasheet - [FR]
HelioStat Datasheet - [FR]HelioStat Datasheet - [FR]
HelioStat Datasheet - [FR]
 
the challenge_of_the_quran
the challenge_of_the_quranthe challenge_of_the_quran
the challenge_of_the_quran
 
Aprenda a utilizar a Internet como estratégia de marketing
Aprenda a utilizar a Internet como estratégia de marketingAprenda a utilizar a Internet como estratégia de marketing
Aprenda a utilizar a Internet como estratégia de marketing
 

Más de Brian Campbell

Token Binding Identiverse 2018
Token Binding Identiverse 2018 Token Binding Identiverse 2018
Token Binding Identiverse 2018 Brian Campbell
 
IAM Overview Identiverse 2018
IAM Overview Identiverse 2018IAM Overview Identiverse 2018
IAM Overview Identiverse 2018Brian Campbell
 
Beyond Bearer: Token Binding as the Foundation for a More Secure Web
Beyond Bearer: Token Binding as the Foundation for a More Secure WebBeyond Bearer: Token Binding as the Foundation for a More Secure Web
Beyond Bearer: Token Binding as the Foundation for a More Secure WebBrian Campbell
 
Identity and Access Management - RSA 2017 Security Foundations Seminar
Identity and Access Management - RSA 2017 Security Foundations SeminarIdentity and Access Management - RSA 2017 Security Foundations Seminar
Identity and Access Management - RSA 2017 Security Foundations SeminarBrian Campbell
 
OAuth 2.0 Token Exchange: An STS for the REST of Us
OAuth 2.0 Token Exchange: An STS for the REST of UsOAuth 2.0 Token Exchange: An STS for the REST of Us
OAuth 2.0 Token Exchange: An STS for the REST of UsBrian Campbell
 
Denver Startup Week '15: Mobile SSO
Denver Startup Week '15: Mobile SSODenver Startup Week '15: Mobile SSO
Denver Startup Week '15: Mobile SSOBrian Campbell
 
Mobile SSO: are we there yet?
Mobile SSO: are we there yet?Mobile SSO: are we there yet?
Mobile SSO: are we there yet?Brian Campbell
 
Mobile Single Sign-On (Gluecon '15)
Mobile Single Sign-On (Gluecon '15)Mobile Single Sign-On (Gluecon '15)
Mobile Single Sign-On (Gluecon '15)Brian Campbell
 
I Left My JWT in San JOSE
I Left My JWT in San JOSEI Left My JWT in San JOSE
I Left My JWT in San JOSEBrian Campbell
 
OpenID Connect - a simple[sic] single sign-on & identity layer on top of OAut...
OpenID Connect - a simple[sic] single sign-on & identity layer on top of OAut...OpenID Connect - a simple[sic] single sign-on & identity layer on top of OAut...
OpenID Connect - a simple[sic] single sign-on & identity layer on top of OAut...Brian Campbell
 
An Introduction to the Emerging JSON-Based Identity and Security Protocols (O...
An Introduction to the Emerging JSON-Based Identity and Security Protocols (O...An Introduction to the Emerging JSON-Based Identity and Security Protocols (O...
An Introduction to the Emerging JSON-Based Identity and Security Protocols (O...Brian Campbell
 
Hope or Hype: A Look at the Next Generation of Identity Standards
Hope or Hype: A Look at the Next Generation of Identity StandardsHope or Hype: A Look at the Next Generation of Identity Standards
Hope or Hype: A Look at the Next Generation of Identity StandardsBrian Campbell
 
Introduction to the Emerging JSON-Based Identity and Security Protocols
Introduction to the Emerging JSON-Based Identity and Security ProtocolsIntroduction to the Emerging JSON-Based Identity and Security Protocols
Introduction to the Emerging JSON-Based Identity and Security ProtocolsBrian Campbell
 
OAuth 101 & Secure APIs 2012 Cloud Identity Summit
OAuth 101 & Secure APIs 2012 Cloud Identity SummitOAuth 101 & Secure APIs 2012 Cloud Identity Summit
OAuth 101 & Secure APIs 2012 Cloud Identity SummitBrian Campbell
 
OAuth 2.0 and Mobile Devices: Is that a token in your phone in your pocket or...
OAuth 2.0 and Mobile Devices: Is that a token in your phone in your pocket or...OAuth 2.0 and Mobile Devices: Is that a token in your phone in your pocket or...
OAuth 2.0 and Mobile Devices: Is that a token in your phone in your pocket or...Brian Campbell
 

Más de Brian Campbell (17)

The Burden of Proof
The Burden of ProofThe Burden of Proof
The Burden of Proof
 
Token Binding Identiverse 2018
Token Binding Identiverse 2018 Token Binding Identiverse 2018
Token Binding Identiverse 2018
 
IAM Overview Identiverse 2018
IAM Overview Identiverse 2018IAM Overview Identiverse 2018
IAM Overview Identiverse 2018
 
Beyond Bearer: Token Binding as the Foundation for a More Secure Web
Beyond Bearer: Token Binding as the Foundation for a More Secure WebBeyond Bearer: Token Binding as the Foundation for a More Secure Web
Beyond Bearer: Token Binding as the Foundation for a More Secure Web
 
Identity and Access Management - RSA 2017 Security Foundations Seminar
Identity and Access Management - RSA 2017 Security Foundations SeminarIdentity and Access Management - RSA 2017 Security Foundations Seminar
Identity and Access Management - RSA 2017 Security Foundations Seminar
 
OAuth 2.0 Token Exchange: An STS for the REST of Us
OAuth 2.0 Token Exchange: An STS for the REST of UsOAuth 2.0 Token Exchange: An STS for the REST of Us
OAuth 2.0 Token Exchange: An STS for the REST of Us
 
Denver Startup Week '15: Mobile SSO
Denver Startup Week '15: Mobile SSODenver Startup Week '15: Mobile SSO
Denver Startup Week '15: Mobile SSO
 
Mobile SSO: are we there yet?
Mobile SSO: are we there yet?Mobile SSO: are we there yet?
Mobile SSO: are we there yet?
 
Mobile Single Sign-On (Gluecon '15)
Mobile Single Sign-On (Gluecon '15)Mobile Single Sign-On (Gluecon '15)
Mobile Single Sign-On (Gluecon '15)
 
I Left My JWT in San JOSE
I Left My JWT in San JOSEI Left My JWT in San JOSE
I Left My JWT in San JOSE
 
OpenID Connect - a simple[sic] single sign-on & identity layer on top of OAut...
OpenID Connect - a simple[sic] single sign-on & identity layer on top of OAut...OpenID Connect - a simple[sic] single sign-on & identity layer on top of OAut...
OpenID Connect - a simple[sic] single sign-on & identity layer on top of OAut...
 
JOSE Can You See...
JOSE Can You See...JOSE Can You See...
JOSE Can You See...
 
An Introduction to the Emerging JSON-Based Identity and Security Protocols (O...
An Introduction to the Emerging JSON-Based Identity and Security Protocols (O...An Introduction to the Emerging JSON-Based Identity and Security Protocols (O...
An Introduction to the Emerging JSON-Based Identity and Security Protocols (O...
 
Hope or Hype: A Look at the Next Generation of Identity Standards
Hope or Hype: A Look at the Next Generation of Identity StandardsHope or Hype: A Look at the Next Generation of Identity Standards
Hope or Hype: A Look at the Next Generation of Identity Standards
 
Introduction to the Emerging JSON-Based Identity and Security Protocols
Introduction to the Emerging JSON-Based Identity and Security ProtocolsIntroduction to the Emerging JSON-Based Identity and Security Protocols
Introduction to the Emerging JSON-Based Identity and Security Protocols
 
OAuth 101 & Secure APIs 2012 Cloud Identity Summit
OAuth 101 & Secure APIs 2012 Cloud Identity SummitOAuth 101 & Secure APIs 2012 Cloud Identity Summit
OAuth 101 & Secure APIs 2012 Cloud Identity Summit
 
OAuth 2.0 and Mobile Devices: Is that a token in your phone in your pocket or...
OAuth 2.0 and Mobile Devices: Is that a token in your phone in your pocket or...OAuth 2.0 and Mobile Devices: Is that a token in your phone in your pocket or...
OAuth 2.0 and Mobile Devices: Is that a token in your phone in your pocket or...
 

OAuth 101 & Secure API's - Paul Madsen and Brian Campbell, Ping Identity

  • 1. !"#$%&'&(#$%)*+,(+-*&.&(#$%-/01(+-*& 2/(3)4-/5&2-/&6789&":;<& =/0(*&>(3?@)AA&.&:(#A&B(C<)*& :0*D&;C)*+$E&
  • 2. F-D0<+,<& •  9%)&(??/-?/0($)&2-/3&-2&(CC/)<<&2-/&$%)&<?)(5)/<&0<&G80/G& •  "@<$/(,$&$%0*50*D&($&)A)H(+-*&,(*&@)&C(*D)/-#<I&J/0*5&?A)*$E&-2& 4($)/I&& •  6)A($)C&$-&?/)H0-#<K&$%)/)&40AA&@)&*-&@0-&@/)(5<K&?A)(<)&3(5)&*-$)&-2& A-,(+-*&-2&@#,5)$&0*&@(,5&-2&/--3I&& •  ;2&E-#&40<%&$-&(<5&(&L#)<+-*K&?A)(<)&$4))$&0$&40$%&$%)&$(D& GM?(#A(*C@/0(*<(4)<-3)-(#$%4-/5<%-?G& •  N)&40AA&@)&C-0*D&(&/-A)O?A(E0*D&)P)/,0<)&$-&<03#A($)&$%)&!"#$%&Q-4I& 8$(/$&$%0*50*D&(@-#$&4%-&E-#&4(*$&0*&E-#/&D/-#?<&-2&R&(*CK& 03?-/$(*$AEK&4%-&40AA&?A(E&$%)&/-A)&-2&$%)&GC#3@G&,A0)*$I& •  9%)/)&40AA&@)&(*&!"#$%&L#01&($&$%)&)*CI&9%)&%0D%)<$&<,-/)&40AA&/),)0H)& (&S--DA)T&0*H0$)I&9%)&U*C&%0D%)<$&<,-/)&40AA&/),)0H)&U&0*H0$)<&)$,& •  V-/&B-*C(E&C0**)/K&& –  850&90?&/)<$(#/(*$&O&W-$&($&$-?&-2&3-#*$(0*& –  =#<)<&,-AA),$&($&XIYZ& –  W-&<?-#<)<&$-*0$)&'&<?(,)&,-*<$/(0*)C&
  • 3. "   8)*0-/&9),%*0,(A&"/,%0$),$&40$%0*&$%)&![,)&-2& $%)&>9!&($&:0*D&;C)*+$E& " ?3(C<)*?0*D0C)*+$EI,-3& " %]?^__444IA0*5)C0*I,-3_0*_?(#A3(C<)*& "   8)/H)C&0*&H(/0-#<&C)<0D*K&,%(0/0*DK&)C0+*DK&(*C& )C#,(+-*&/-A)<&2-/&(&*#3@)/&-2&2)C)/(+-*& <$(*C(/C<K&0*,A#C0*D&8:BFK&;JON8V&.& ;*2-/3(+-*&>(/C<& "   N-/5)C&40$%&<#,,)<<2#A&<$(*C(/C<&$--K&A05)& 8"BF&.&`%-?)2#AAEa&!"#$%&.&8>;B& "   b-AC<&(*&BI8,I&0*&"??A0)C&B($%)3(+,<&(*C&(&:%IJI&0*&9%)-/)+,(A&:%E<0,<&2/-3&>(/A)$-*& c*0H)/<0$E&(*C&$%)&c*0H)/<0$E&-2&N)<$)/*&!*$(/0-&/)<?),+H)AEI& "   ;&5*-4K&3E&@-EG<&40,5)C&<3(%$I& "   d)$K&?/-2)<<0-*(AAEK&%)&0<&)e),+H)AE&3E&?))/I& "   8-&4%-f<&<-&<3(/$&*-4K&)%g& "   8)A2&(<<)/$)C&B-<$&;*$)/)<+*D&B(*&0*&;C)*+$E&& "   J-)<*f$&(A4(E<&C/0*5&@)2-/)&*--*K&@#$&4%)*&%)&C-)<&`E-#&5*-4K&02&$%)/)&4(<&(&A-*D& 3))+*D&-/&<-3)$%0*DaK&%)&?/)2)/<&(&S.9& "   !/&<0P& "   :/-A0h,&$4))$)/&40$%&4)AA&-H)/&%(A2&(&$%-#<(*C&2-AA-4)/<&O&?(#A3(C<)*& "   8+AA&@A-D<&`%-4&L#(0*$a&($&,-**),+CI@A-D<?-$I,-3&.&?(#A3(C<)*I?-<$)/-#<I,-3& "   8+AA&4(0+*D&2-/&(&S--DA)T&0*H0$)&
  • 4. =/0(*&>(3?@)AA& •  F)(C<&:0*D&7*D0*))/0*D&$)(3&(CC0*D&!"#$%&$-& ?/-C#,$&A0*)& •  =),(3)&<-i4(/)&C)H)A-?)/&(i)/&/)(A010*D&,%-<)*& ,(/))/&-2&A02)&,-(,%&0*H-AH)C&$(A50*D&$-&?)-?A)& •  N0$%0*&<$(*C(/C<&4-/AC&'&%(<&(,%0)H)C&*-$-/0)$E& 2-/&%(@0$&-2&4-/50*D&?/-2(*0$E&0*$-&*(3)<?(,)& c6;<& •  N%0A)&,%(0/0*D&!"8;8&8"BF&9>K&9>&/)H)*#)<& 0*,/)(<)C&2/-3&jZ&$-&jkIXZ&C#)&$-&%0<&0C)(&2-/&(& GS0H)&3)&jkllG&,(3?(0D*& •  N0$%0*&:0*DK&/#*<&N)A,-3)&N(D-*&2-/&*)4& )3?A-E))<& •  "H0C&?%-$-D/(?%)/&'&?%-$-<&%(H)&D/(,)C&$%)&2/0D<& -2&3(*E&-2&%0<&2(30AE& •  >#//)*$AE&,-O)C0+*D&$%)&8"BF&"<<)/+-*&?/-hA)& 2-/&!"#$%I&;*&$%($&,-*$)P$K&?/-?-<0*D&(&G6)(C&$%)& mjM.n&<?),G&)//-/&/)<?-*<)&,-C)& •  b(<&(A3-<$&-@<)<<0H)&0*$)/)<$&0*&>(*(C(& •  4))#*L#0)$30*C&
  • 5. "D)*C(& •  !"#$%&C/0H)/<& •  8,/))*<%-$&C)3-& •  !"#$%&%0<$-/E& •  !"#$%&U& •  !"#$%&0*&,-*$)P$& •  o)E&#<)&,(<)<& •  !"#$%&<),#/0$E&3-C)A& •  "AA&$%)&@)AA<&.&4%0<$A)<&4(A5&$%/-#D%&
  • 6.
  • 7.
  • 8. "#$%)*+,(+-*&2-/&8!":& •  9%)&8!":&4-/AC&%(<&A-*D&%(C&<$(*C(/C<&/)A($)C&$-& (#$%)*+,(+-*&.&(#$%-/01(+-*&-2&4)@&<)/H0,)<& •  N8O9/#<$&C)h*)<&(&?/-$-,-A&@E&4%0,%&(&8!":&,A0)*$& ,(*&-@$(0*&(&<),#/0$E&$-5)*&`$E?0,(AAE&(&8"BF& (<<)/+-*a& •  N8O8),#/0$E&<+?#A($)<&%-4&$-&(](,%&$%)&$-5)*& `8"BF&(<<)/+-*a&$-&(&8!":&/)L#)<$&
  • 10. ka&6789&(#$%)*+,(+-*& •  6789&4-/AC&%(<&*-$&%(C&,-3?(/(@A)&<$(*C(/C<& •  W-$%0*D&,-3?(/(@A)&$-&N8O8),#/0$E&O&30<%3(<%&-2& b99:&=(<0,K&b99:&J0D)<$K&?/-?/0)$(/E&3),%(*0<3<K& (*C&3#$#(A&88F&2-/&,A0)*$&(#$%)*+,(+-*&& •  W-$%0*D&,-3?(/(@A)&$-&N8O9/#<$&'&,-*<)L#)*$AE& ,A0)*$&@)(/<&@#/C)*&-2&3(*(D0*D&,/)C)*+(A<&.&$/#<$&
  • 12. 9<5&$<5l& •  >A0)*$&3#<$&<$-/)&?(<<4-/C<& •  9)(,%)<&#<)/<&$-&@)&0*C0<,/030*($)& 40$%&$%)0/&?(<<4-/C<& •  B-/)&C0[,#A$&$-&3-H)&$-&3#A+O2(,$-/& (*C&2)C)/($)C&(#$%)*+,(+-*& •  J-)<*f$&<#??-/$&D/(*#A(/&?)/30<<0-*<K& )IDI&q&,(*&/)(C&@#$&*-$&4/0$)& •  J-)<*f$&<#??-/$&5*-4A)CD)_ C0e)/)*+(+-*&-2&$%)&(,,)<<&D/(*$)C& •  J-)<*f$&<#??-/$&`)(<Ea&/)H-,(+-*&'&$-& @)&<#/)&-2&$#/*0*D&-e&(,,)<<&#<)/<& 3#<$&,%(*D)&?(<<4-/C&&
  • 13. ;3?-/$(*,)&-2&/)H-,(+-*& 9%0<&0<&<%0*Elllll& ;&<%-#AC&#<)&$%($&3-/)& N9V&0<&$%0<&$%0*Dg&
  • 14. Ya&>A-#C&":;<& •  N0$%0*&3-H)&$-4(/C<&8((8&'&$/)*C&$-4(/C<&":;&(,,)<<& $-&C($(_<)/H0,)<&$-&<#??A)3)*$_/)?A(,)&@/-4<)/& (,,)<<& •  Salesforce.com expects that within the next year – only 1/3 of access will be via browser& •  ":;<&-2&:((8&-e)/0*D<&(AA-4&$%)&,#<$-3)/&$-&)P?-<)&0$<& -4*&,A-#C&<)/H0,)<& •  >A)(/&$/)*C&2-/&$%)<)&":;<&0<&$-4(/C<&6789&
  • 17. "<0C)&O&W(+H)&H<&4)@& •  W-$&D-0*D&$-&$/E&$-&?/)C0,$&40**)/&'&)P?),$&@-$%& •  W(+H)G<&,#//)*$&?-?#A(/0$E&A05)AE&@(A(*,)C&@E& b9BFX&2)($#/)<& •  "#$%)*+,(+-*&.&(#$%-/01(+-*&<%-#AC&@)&,-*<0<$)*$& (,/-<<&@-$%&3-C)A<K&<-&$%($& –  c<)/<&(/)&*-$&,-*2#<)CK&)D&#<)&C0e)/)*$& ,/)C)*+(A<&(*C_-/&(#$%)*+,(+-*&,)/)3-*E&2-/& $%)&$4-&3-C)A<K&)H)*&02&(,,)<<0*D&$%)&<(3)& (??A0,(+-*& –  8)/H0,)&:/-H0C)/<&(/)*f$&2-/,)C&$-&03?A)3)*$& C#?A0,($)&.&0*,-3?(+@A)&<),#/0$E&2/(3)4-/5<& 2-/&$%)&$4-&3-C)A<&
  • 18. J/0H)/<& :(<<4-/C& F(,5&-2& (*+O <$(*C(/C<& ?(])/*& !"#$%& & W(+H)& & 3-@0A)& >A-#C&":;<& "??A0,(+-*<&
  • 19. 7*$)/&!"#$%l& •  "*&-?)*&?/-$-,-A&$-&(AA-4&<),#/)&":;&(#$%-/01(+-*&0*&(& <03?A)&(*C&<$(*C(/C&3)$%-C&2/-3&C)<5$-?K&3-@0A)&(*C& 4)@&(??A0,(+-*<I& •  J)h*)<&(#$%-/01(+-*&.&(#$%)*+,(+-*&2/(3)4-/5&2-/& 67892#A&":;<& •  "??A0)C&$-&C)A)D($)C&(#$%-/01(+-*&'&30+D($)<&?(<<4-/C& (*+O?(])/*&O&(/,%)$E?0,(A&#<)&,(<)& •  :/-H0C)<&(&<$(*C(/C&4(E&$-&D0H)&(&r5)Ef&$-&(&$%0/CO?(/$E& 4%0,%&(AA-4<&-*AE&A030$)C&(,,)<<&$-&?)/2-/3&<?),0h,& 2#*,+-*<& –  N0$%-#$&C0H#AD0*D&E-#/&,/)C)*+(A<&&
  • 20. "*&!H)/#<)C&"*(A-DE& OAuth is your valet key to the Interwebs It’s going happen one way or the other so may as well tax and regulate!
  • 21. "D)*C(& •  !"#$%&C/0H)/<& •  8,/))*<%-$&C)3-& •  !"#$%&%0<$-/E& •  !"#$%&U& •  !"#$%&0*&,-*$)P$& •  o)E&#<)&,(<)<& •  !"#$%&<),#/0$E&3-C)A& •  "AA&$%)&@)AA<&.&4%0<$A)<&4(A5&$%/-#D%&
  • 22. Real World Demo -> brizzly.com accesses the twitters &
  • 23. Real World Demo -> brizzly.com accesses the twitters &
  • 24. Real World Demo -> brizzly.com accesses the twitters &
  • 25. Real World Demo -> brizzly.com accesses the twitters &
  • 26. Real World Demo -> brizzly.com accesses the twitters &
  • 27. Real World Demo -> brizzly.com accesses the twitters &
  • 28. Real World Demo -> brizzly.com accesses the twitters &
  • 29. Real World Demo -> brizzly.com accesses the twitters &
  • 30. "D)*C(& •  !"#$%&C/0H)/<& •  8,/))*<%-$&C)3-& •  !"#$%&%0<$-/E& •  !"#$%&U& •  !"#$%&0*&,-*$)P$& •  o)E&#<)&,(<)<& •  !"#$%&<),#/0$E&3-C)A& •  "AA&$%)&@)AA<&.&4%0<$A)<&4(A5&$%/-#D%&
  • 31. A [confusing] Little History& •  First was the Emergence of Proprietary Solutions –  Google AuthSub, AOL OpenAuth, Yahoo BBAuth, Upcoming API, Flickr API, AWS API, and more •  OAuth Core 1.0 [Oct 2007] –  Open protocol to standardize what was already being done •  OAuth Core 1.0 Revision A [June 2009] –  Addresses a session fixation attack •  The OAuth 1.0 Protocol / RFC 5849 [April 2010] –  Move to the IETF as informational documentation of 1.0a with editorial clarifications and errata
  • 32. !"#$%&903)A0*)& N6":& vN9& ;79V& !"#$%&UIZ& ;*2-&6V>&XtRs& & !"#$%&kIZ(& >-33#*0$E& !"#$%&kIZ& UZZu& UZZt& UZZs& UZkZ& UZkk&
  • 33. B-/)&b0<$-/EK&8+AA&>-*2#<0*D& •  !"#$%&N6":&`N)@&6)<-#/,)&"#$%-/01(+-*& :/-hA)<a [v(*&UZkZ] –  Better Support for non-web applications –  Simplify the Client –  Short lived, opaque, bearer access tokens with long lived refresh tokens –  Cleaner separation of roles •  Server handling authorization requests •  Server handling protected resource access •  Client –  Simple Web Token (SWT) •  Attempt to standardize an access token format •  Oauth 2.0 [in progress]
  • 34. b-*)<$AE&8(AAEll&;&,(*G$&@)A0)H)&E-#&2)AA&2-/& $%)&G;&C-*f$&%(H)&3E&$-5)*x<),/)$&40$%&3)G& A0*)ll&>A0)*$<&%(H)&@))*&$)AA0*D&#<&68<&$%($& -*)&2-/&E)(/<ll& =#$&%)&)P?A(0*)C&$%($&%)&%(C&2-/D-])*&0$&($&%-3)I& "*C&(*E4(E<K&dH-**)&($&$%)&<(A-*&$-AC&3)&$%($& !"#$%&N6":&C-)<*f$&)H)*&/)L#0/)&,A0)*$& <0D*($#/)<&<-&;&C-*G$&5*-4&4%E&E-#&(/)&@)0*D&<-& w#CD)3)*$(A&p&&
  • 35. "D)*C(& •  !"#$%&C/0H)/<& •  8,/))*<%-$&C)3-& •  !"#$%&%0<$-/E& •  !"#$%&U& •  !"#$%&0*&,-*$)P$& •  o)E&#<)&,(<)<& •  !"#$%&<),#/0$E&3-C)A& •  "AA&$%)&@)AA<&.&4%0<$A)<&4(A5&$%/-#D%&
  • 36. OAuth 2.0 •  >-*,)?$#(AAE&<030A(/&$-&N6":& •  N0$%&@#0A$&0*&)P$)*<0@0A0$E& •  >A)(/&<)?(/(+-*&-2&D)y*D&(&$-5)*&(*C&#<0*D&(&$-5)*& –  7(/AE&C/(i<&%(C&(*&-?+-*&2-/&$-5)*&<0D*($#/)<&@#$&$%($&4(<& C/-??)C& –  z!"#$%&UIZ&0<&=(C&2-/&$%)&N)@{&'&<?),&(#$%-/_)C0$-/& –  =)(/)/&$-5)*<& –  6)$#/*&-2&$%)&B">& •  "??/-(,%0*D&h*(A&<$(*C(/C01(+-*&0*&;79V& –  6)(AAEg&& –  >#//)*$AE&($&C/(i&Okt&& •  "??A0,(@A)&$-&3(*E&-$%)/&<,)*(/0-<&'&)H)*&$%-<)&40$%&*-&#<)/<& •  W-$(@A)&2-/&0$<&-?+301(+-*<&2-/&3-@0A)& –  !%&E)(%g&
  • 37. !"#$%&UIZ&9)/30*-A-DE^&6-A)<& •  !"#$%!&"'$()"!^&(*&)*+$E& `#<#(AAE&(*&)*CO#<)/_?)/<-*a ,(?(@A)&-2&D/(*+*D&(,,)<<&$-&(& ?/-$),$)C&/)<-#/,)&I& •  &*+"),^&(*&(??A0,(+-*&-@$(0*0*D& (#$%-/01(+-*&(*C&3(50*D& ?/-$),$)C&/)<-#/,)&/)L#)<$<& `-*&@)%(A2&-2&$%)&/)<-#/,)& -4*)/aI&& •  !"#$%!&"'#"!-"!'`./a^&$%)& <)/H)/&%-<+*D&?/-$),$)C& /)<-#/,)<& •  0%,1$!+203$)'#"!-"!'`4/a^&(& <)/H)/&,(?(@A)&-2&0<<#0*D& $-5)*<K&-@$(0*0*D& (#$%-/01(+-*K&(*C& (#$%)*+,(+*D&/)<-#/,)& -4*)/<I&
  • 38. B-/)&9)/30*-A-DE^&9-5)*<& •  ",,)<<&9-5)*& –  ,/)C)*+(A&#<)C&@E&,A0)*$&$-&(,,)<<&?/-$),$)C&/)<-#/,)<&($&$%)&68& –  ?)/30<<0-*<&(e-/C)C&@E&$%)&$-5)*&,(*&@)&<,-?)C& –  0<<#)C&@E&$%)&"8&& –  <$/#,$#/)&0<&#*C)h*)C&@E&$%)&<?),`<a& –  #<#(AAE&-?(L#)&$-&$%)&,A0)*$& –  D)*)/(AAE&<%-/$&A0H)C& –  ,(*&@)&<)A2&,-*$(0*)C&-/&(&/)2)/)*,)& –  <%0i<&,-3?A)P0$E&2/-3&$%)&68&$-&$%)&"8& •  6)2/)<%&9-5)*& –  #<)C&@E&,A0)*$&$-&-@$(0*&(&*)4&(,,)<<&$-5)*&4%)*&$%)&-AC&-*)& )P?0/)<& –  ,A0)*$&-*AE&<)*C<&$-&"8K&*)H)/&$-&68& –  D)*)/(AAE&A-*D&A0H)C&&
  • 39. ",,)<<&9-5)*&9E?)<& •  ",,)<<&$-5)*<&,(*&%(H)&C0e)/)*$& –  2-/3($<& –  <$/#,$#/)<& –  3)$%-C<&-2&#+A01(+-*&`)IDI&,/E?$-D/(?%0,&?/-?)/+)<a& •  ",,)<<&$-5)*<&3#<$&@)&C)h*)C&@E&,-3?(*0-*& <?),0h,(+-*<& –  $-5)*x$E?)&& –  (CC0+-*(A&?(/(3)$)/<&(<&*))C)C& –  %-4&$-&#<)&($&68&
  • 40. =)(/)/&",,)<<&9-5)*<& •  "*E&?(/$E&0*&?-<<)<<0-*&-2&$%)&$-5)*&`(& z@)(/)/za&,(*&#<)&$%)&$-5)*&0*&(*E&4(E&$%($& (*E&-$%)/&?(/$E&0*&?-<<)<<0-*&-2&0$&,(*I& •  $-5)*x$E?)^&=)(/)/&& •  9-5)*&,(*&@)&?/)<)*$)C&$-&$%)&68&0*&b99:& "#$%-/01(+-*&b)(C)/K&&=-CE&:(/(3)$)/K&-/& |#)/E&:(/(3)$)/& •  6)L#0/)<&9F8& •  9-5)*&<$/#,$#/)&<+AA&#*C)h*)C&
  • 41. B">&",,)<<&9-5)*<& •  "I5I(I&:/--2&-2&?-<<)<<0-*&$-5)*K&?/--2&$-5)*K&b-o&$-5)*& •  J)h*)<&(*&b99:&B">&(,,)<<&(#$%)*+,(+-*&<,%)3)&`5)E&0CK& B">&5)E&.&(AD-/0$%3K&(*C&0<<#)&+3)a& –  ;C&0<&<)*$&40$%&/)L#)<$&& –  o)E&0<&<%(/)C&<E33)$/0,&<),/)$&@)$4))*&$%)&,A0)*$&(*C&$%)&<)/H)/& #<)C&$-&r<0D*f&/)L#)<$<&`$%)/)@E&?/-H0*D&?-<<)<<0-*&-2&$%)&<),/)$a& •  !"#$%&UIZ&@0*C0*D&2-/&#<)&(<&(*&(,,)<<O$-5)*&$E?)&& –  $-5)*x$E?)^&3(,& –  o)E&0C&0<&$%)&(,,)<<x$-5)*& •  V-/3($&.&<$/#,$#/)&0<&<+AA&#*C)h*)C& –  3(,x5)E&.&3(,x(AD-/0$%3&(<&(CC0+-*(A&?(/(3)$)/<& •  :/-$),$<&(D(0*<$&$-5)*&A)(5(D)& •  o0*C(&<+AA&*))C<&9F8&0*&<-3)&,(<)<&
  • 42. B-/)&9)/30*-A-DE^&7*C?-0*$<& •  "8&7*C?-0*$<& –  4%,1$!+203$)'")56$+),& •  #<)CK&H0(&#<)/O(D)*$&/)C0/),+-*K&$-&(#$%)*+,($)&(*C&-@$(0*& (#$%-/01(+-*&2/-3&$%)&/)<-#/,)&-4*)/I&& •  7*C&#<)/&-*&$%)&2/-*$&,%(**)AI& –  7$8")'")56$+),' •  c<)C&$-&)P,%(*D)&(*&(#$%-/01(+-*&D/(*$&2-/&(*&(,,)<<&$-5)*I& •  >A0)*$&-*&$%)&@(,5&,%(**)AI& •  >A0)*$&7*C?-0*$& –  ."5+!"&3$)'9.:' •  "i)/&,-3?A)+*D&0$<&0*$)/(,+-*&40$%&$%)&/)<-#/,)&-4*)/K&$%)&"8& C0/),$<&$%)&/)<-#/,)&-4*)/G<&#<)/O(D)*$&@(,5&$-&$%)&,A0)*$&($&$%)& ,A0)*$f<&/)C0/),+-*&c6;I& •  V/-*$&,%(**)A&,(AA@(,5&&
  • 43. 9)/30*-A-DE^&"#$%-/01(+-*&S/(*$& •  S)*)/(A&$)/3&#<)C&$-&C)<,/0@)&$%)&0*$)/3)C0($)& ,/)C)*+(A<&/)?/)<)*+*D&$%)&/)<-#/,)&-4*)/& (#$%-/01(+-*& •  8)/H)<&(<&(*&(@<$/(,+-*&A(E)/& –  *-$&$%)&,A)(*)<$&(@<$/(,+-*& •  c<)C&@E&$%)&,A0)*$&$-&-@$(0*&(*&(,,)<<&$-5)*& •  "AA&$-5)*&)*C?-0*$&,(AA<&0*H-AH)&)P,%(*D0*D&<-3)& D/(*$&2-/&(*&(,,)<<&$-5)*& •  8?),&C)h*)<&<)H)/(A&$E?)<&(<&4)AA&(<&(*& )P$)*<0@0A0$E&3),%(*0<3&
  • 44. 9)/30*-A-DE^&8,-?)& •  9%)&C)h*0+-*&-2&<,-?)&0<&`3-<$AEa&-#$&-2&<,-?)& –  8))&4%($&;&C0C&$%)/)g& –  9%)&<,-?)&-2&$%)&(,,)<<&/)L#)<$&0<&)P?/)<<)C&(<&(&A0<$&-2& <?(,)OC)A030$)CK&,(<)&<)*<0+H)&<$/0*D<I& –  !/C)/&C-)<*f$&3(])/I& –  9%)&H(A#)&(*C&3)(*0*D&-2&<,-?)&<$/0*D<&(/)&C)h*)C&@E&$%)& (#$%-/01(+-*&<)/H)/I& •  6)L#)<+*D_D/(*+*D&<?),0h,&<,-?)`<a&(AA-4<&$%)&(,,)<<& /0D%$<&(<<-,0($)C&40$%&(&$-5)*&$-&@)&A030$)C& –  7*(@A)<&$%)&?/0*,0?A)&-2&A)(<$&?/0H0A)D)&`-/&A)<<&?/0H0A)D)& (*E4(Ea& –  !*AE&(<5&2-/&4%($&0<&*))C)C&
  • 45. "@<$/(,$&VA-4& •  >A0)*$&-@$(0*<&(#$%-/01(+-*&D/(*$&2/-3&/)<-#/,)& -4*)/n& •  >A0)*$&,(AA<&$%)&(#$%-/01(+-*&<)/H)/&$-&)P,%(*D)& $%)&D/(*$&2-/&(*&(,,)<<&$-5)*nn& •  >A0)*$&#<)<&$%)&(,,)<<&$-5)*&$-&(,,)<<&?/-$),$)C& /),-#/<)<&($&$%)&/)<-#/,)&<)/H)/nnn& n<-3)+3)<& nn#<#(AAE& nnn?/-@(@AE&
  • 46. "#$%-/01(+-*&S/(*$&9E?)<& •  (#$%-/01(+-*&,-C)& •  03?A0,0$n& •  /)<-#/,)&-4*)/&?(<<4-/C&,/)C)*+(A<& •  ,A0)*$&,/)C)*+(A<& •  /)2/)<%&$-5)*& •  7P$)*<0-*<& n&-*)&-2&$%)<)&$%0*D<&0<&*-$&A05)&$%)&-$%)/<p&
  • 47. S/(*$&9E?)^&"#$%-/01(+-*&>-C)& •  >A0)*$&<)*C<&/)<-#/,)&-4*)/K&H0(&@/-4<)/K&$-&$%)& (#$%-/01(+-*&)*C?-0*$&($&$%)&"8&& –  7*CO#<)/&(#$%)*+,($)<& –  7*CO#<)/&(??/-H)<&/)L#)<$)C&(,,)<<& •  "8&<)*C<&$%)&)*CO#<)/&$-&$%)&,A0)*$f<&/)C0/),$&c6;&(*C& 0*,A#C)<&$%)&,-C)&(<&(&L#)/E&?(/(3)$)/& •  >A0)*$&/),)0H)<&$%)&/)C0/),+-*&,(AA@(,5K&)P$/(,$<&$%)&,-C)K& (*C&<)*C<&0$&$-&$%)&"8&0*&)P,%(*D)&2-/&(*&(,,)<<&$-5)*&(*C& ?/-@(@AE&(&/)2/)<%&$-5)*& •  S/)($&2-/&4)@&(??&,A0)*$<& –  >A0)*$&(#$%)*+,(+-*& –  7(<E&$-&%(*CA)&$%)&/)C0/),$& •  !5(E&2-/&3-@0A)&,A0)*$<& –  N0$%-#$&,A0)*$&(#$%)*+,(+-*& –  W))C&$/0,5<&$-&%(*CA)&$%)&/)C0/),$&
  • 48. S)y*D&(*&"#$%-/01(+-*&>-C)& 4%,1$!+203$)'.";%"#,' S79&_(<_(#$%-/01(+-*I-(#$%Ug,A0)*$x0C}(,A0)*$.& &/)C0/),$x#/0}%]?<mY"__,A0)*$I)P(3?A)I,-3_,@.& /%6"!<%$%#'=0)050'>0#1+)?@'A+!#,'' &&&&&&&&&/)<?-*<)x$E?)},-C).<,-?)}@))/T%-,5)ETC-*#$<&b99:_kIk&& $B'C0)D' b-<$^&<)/H)/I)P(3?A)I,-3&& 4%,1$!+203$)'."#6$)#"' b99:_kIk&YZU&V-#*C& F-,(+-*^&%]?<^__,A0)*$I)P(3?A)I,-3_,@g,-C)}S),B7C0P8o6v!tP2?>qbDsVDUb1)&
  • 49. 7P,%(*D)&"#$%-/01(+-*&>-C)&2-/&",,)<<&9-5)*& 4&&"##'7$8")'.";%"#,' :!89&_(<_$-5)*I-(#$%U&b99:_kIk& b-<$^&(<I)P(3?A)I,-3& >-*$)*$O9E?)^&(??A0,(+-*_PO444O2-/3O#/A)*,-C)C~,%(/<)$}c9VOt& & ,A0)*$x0C}(,A0)*$.,A0)*$x<),/)$}%-<)/./)C0/),$x#/0}%]?<mY"__,A0)*$I)P(3?A)I,-3_ ,@.D/(*$x$E?)}(#$%-/01(+-*x,-C).,-C)}S),B7C0P8o6v!tP2?>qbDsVDUb1)& 4&&"##'7$8")'."#6$)#"' b99:_kIk&UZZ&!o& >(,%)O>-*$/-A^&*-O<$-/)& :/(D3(^&*-O,(,%)& >-*$)*$O9E?)^&(??A0,(+-*_w<-*~&,%(/<)$}c9VOt& && & &z$-5)*x$E?)z^z=)(/)/zK& &z(,,)<<x$-5)*z^z(ZÄ#1JYW2J<w><9cÅ=XF3q<uN:|kPZuJ>b6{K&& &z)P?0/)<x0*z^YÇZZK &z/)2/)<%x$-5)*z^z389=?L|,8567>W2J,A26Jw67*3L)NÄ(?ZJ<)BÇ(q50P;q{& É&
  • 50. =/0)2&;*$)/A#C)^&c<0*D&$%)&",,)<<&9-5)*& E!$,"&,"5'."#$%!&"'.";%"#,'(+,1'0'F"0!"!'7$8")' S79&_C-#@A)_<),/)$_?/-@(+-*_/)<-#/,)&b99:_kIk&& b-<$^&/<I)P(3?A)I,-3&& "#$%-/01(+-*^&=)(/)/&(ZÄ#1JYW2J<w><9cÅ=XF3q<uN:|kPZuJ>b6& G4='7$8")'0'F+,'G$!"'=$C6*+&0,"5' & &&&&&:!89&_$(5)_-e_)%&b99:_kIk& &&&&&b-<$^&/<I)P(3?A)I,-3& &&&&&>-*$)*$O9E?)^&(??A0,(+-*_PO444O2-/3O#/A)*,-C)C& &&&&&"#$%-/01(+-*^&B">&0C}zwCsYC%sC%YsJzK& &&&&&&&&&&&&&&&&&&&&&&&&*-*,)}zUuYkXÇ^C0Y%HC2tzK& &&&&&&&&&&&&&&&&&&&&&&&&@-CE%(<%}z5s5@$>;EZ>5;Y_V72?8_-;Jw5Ç5}zK& &&&&&&&&&&&&&&&&&&&&&&&&3(,}zNu@CBÅ@HscN!9(C"8;|b(DÅE0/"}z&
  • 51. S/(*$&9E?)^&;3?A0,0$& •  8030A(/&$-&$%)&(#$%-/01(+-*&,-C)&Q-4&)P,)?$p&& •  "i)/&/)<-#/,)&-4*)/&(#$%)*+,(+-*&(*C& (#$%-/01(+-*K&$%)&"8&<)*C<&$%)&)*CO#<)/&$-&$%)& ,A0)*$f<&/)C0/),$&c6;&(*C&0*,A#C)<&$%)&(,,)<<& $-5)*&-*&2/(D3)*$&& •  W-&$-5)*&)*C?-0*$&,(AA&<-&*-$&n/)(AAEn&(&D/(*$& $E?)& •  !?+301)C&2-/&r40CD)$f&,A0)*$<&-/&0*O@/-4<)/& v(H(8,/0?$&(??A0,(+-*<& •  >-#AC&(A<-&4-/5&2-/&*(+H)_3-@0A)&,A0)*$<&
  • 52. S)y*D&(&9-5)*&40$%&;3?A0,0$& 4%,1$!+203$)'.";%"#,' S79&_(<_(#$%-/01(+-*I-(#$%Ug,A0)*$x0C}(,A0)*$.& &/)C0/),$x#/0}%]?<mY"__,A0)*$I)P(3?A)I,-3_,@./)<?-*<)x$E?)}$-5)*&b99:_kIk&& b-<$^&<)/H)/I)P(3?A)I,-3&& 4%,1$!+203$)'."#6$)#"' b99:_kIk&YZU&V-#*C& F-,(+-*^&%]?<^__,A0)*$I)P(3?A)I,-3_,@M)P?0/)<x0*}YÇZZ & &.$-5)*x$E?)}=)(/)/.(,,)<<x$-5)*}D=w""2u;-ZV;24Å(qJ96|DZCuS94"!FuSÇ)& E!$,"&,"5'."#$%!&"'.";%"#,' S79&_C-#@A)_<),/)$_?/-@(+-*_/)<-#/,)&b99:_kIk&& b-<$^&/<I)P(3?A)I,-3&& "#$%-/01(+-*^&=)(/)/&D=w""2u;-ZV;24Å(qJ96|DZCuS94"!FuSÇ)&
  • 53. S/(*$&9E?)^&& 6)<-#/,)&!4*)/&:(<<4-/C&>/)C)*+(A<& •  >A0)*$&-@$(0*<&/)<-#/,)&-4*)/f<&#<)/*(3)&(*C& ?(<<4-/C&C0/),$AE&2/-3&$%)&/)<-#/,)&-4*)/&(*C& <)*C<&$%)3&C0/),$AE&$-&$%)&"8&(<&(&D/(*$I& •  6)L#0/)<&$/#<$&0*&$%)&,A0)*$I& •  6)2/)<%&$-5)*&)A030*($)<&$%)&*))C&2-/&$%)&,A0)*$&$-& <$-/)&$%)&?(<<4-/CI& •  ;*$)*C)C&(<&(&30D/(+-*&3),%(*0<3&&
  • 54. 7P,%(*D)&6!&>/)C<&2-/&",,)<<&9-5)*& 4&&"##'7$8")'.";%"#,' :!89&_(<_$-5)*I-(#$%U&b99:_kIk& b-<$^&(<I)P(3?A)I,-3& "#$%-/01(+-*^&=(<0,&,Us$ÅNW<(NÄ#CJ?=@NÄE(NW%vYW;dq|}& >-*$)*$O9E?)^&(??A0,(+-*_PO444O2-/3O#/A)*,-C)C~,%(/<)$}c9VOt& & ,A0)*$x0C}<-3),A0)*$.D/(*$x$E?)}?(<<4-/C.#<)/*(3)}3(C<)*.?(<<4-/C}#<)A)<<$(P-*-3E& 4&&"##'7$8")'."#6$)#"' b99:_kIk&UZZ&!o& /%6"!<%$%#'=0)05+0)'>0#1+)?@' >(,%)O>-*$/-A^&*-O<$-/)& :/(D3(^&*-O,(,%)& >-*$)*$O9E?)^&(??A0,(+-*_w<-*~&,%(/<)$}c9VOt& && & &z$-5)*x$E?)z^z=)(/)/zK& &z(,,)<<x$-5)*z^z(ZÄ#1JYW2J<w><9cÅ=XF3q<uN:|kPZuJ>b6{K&& &z)P?0/)<x0*z^YÇZZK &z/)2/)<%x$-5)*z^z389=?L|,8567>W2J,A26Jw67*3L)NÄ(?ZJ<)BÇ(q50P;q{& É&
  • 55. S/(*$&9E?)^&>A0)*$&>/)C)*+(A<& •  >A0)*$&,(*&/)L#)<$&(*&(,,)<<&$-5)*&#<0*D&-*AE&0$<&-4*& ,/)C)*+(A<& •  V-/&/)<-#/,)<&#*C)/&$%)&,A0)*$f<&,-*$/-A&-/&-$%)/& /)<-#/,)<&(<&?-A0,E&C0,$($)<& •  Bc89&-*AE&@)&#<)C&@E&Ñ?/0H($){&,A0)*$<&`,A0)*$<&$%($&,(*& (#$%)*+,($)&<),#/)AEa& •  W-&/)2/)<%&$-5)*& •  >A0)*$&"#$%)*+,(+-*&B),%(*0<3<& –  ,A0)*$x0C&.&,A0)*$x<),/)$&?(/(3)$)/<&& –  b99:&=(<0,& –  Ñ9%)&(#$%-/01(+-*&<)/H)/&B"d&<#??-/$&(*E&<#0$(@A)&b99:& (#$%)*+,(+-*&<,%)3)&3($,%0*D&0$<&<),#/0$E&/)L#0/)3)*$<{& –  B#$#(A&9F8& –  ,A0)*$x(<<)/+-*&.&,A0)*$x(<<)/+-*x$E?)&?(/(3)$)/<&
  • 56. S/(*$&9E?)^&6)2/)<%&9-5)*& •  ;2&(&/)2/)<%&$-5)*&4(<&0<<#)C&$-&$%)&,A0)*$&C#/0*D&$%)& )P,%(*D)&-2&(&?/0-/&D/(*$K&0$&,(*&@)&#<)C&(<&(*& (#$%-/01(+-*&D/(*$&$-&D)$&(&*)4&(,,)<<&$-5)*& –  c*A)<<&/)H-5)C&-/&-$%)/40<)&0*H(A0C& •  6)2/)<%&(*&)P?0/)C&(,,)<<&$-5)*&40$%-#$&0*H-AH0*D& #<)/&(#$%-/01(+-*& •  9%)&"8&3(E&0<<#)&(&*)4&/)2/)<%&$-5)*& –  S--C&<),#/0$E&%ED0)*)&
  • 57. 6)2/)<%0*D&(*&",,)<<&9-5)*& 4&&"##'7$8")'.";%"#,' :!89&_(<_$-5)*I-(#$%U&b99:_kIk& b-<$^&(<I)P(3?A)I,-3& "#$%-/01(+-*^&=(<0,&,Us$ÅNW<(NÄ#CJ?=@NÄE(NW%vYW;dq|}& >-*$)*$O9E?)^&(??A0,(+-*_PO444O2-/3O#/A)*,-C)C~,%(/<)$}c9VOt& & ,A0)*$x0C}<-3),A0)*$.D/(*$x$E?)}/)2/)<%x$-5)*./)2/)<%x$-5)*}389=?L|,8567>W2J,A26Jw 67*3L)NÄ(?ZJ<)BÇ(q50P;q& 4&&"##'7$8")'."#6$)#"' b99:_kIk&UZZ&!o& >(,%)O>-*$/-A^&*-O<$-/)& :/(D3(^&*-O,(,%)& >-*$)*$O9E?)^&(??A0,(+-*_w<-*~&,%(/<)$}c9VOt& && & &z$-5)*x$E?)z^z=)(/)/zK& &z(,,)<<x$-5)*z^zBCL=#)PqdAB8-D@/"40::Ru)SPSLÅ(w#vW({K&& &z)P?0/)<x0*z^YÇZZK &z/)2/)<%x$-5)*z^z%AE7!!s:qD3H:0d;tDÇto87<Ub|%D/50c|S<,sqP<5C{& É&
  • 58. 7P$)*<0-*&S/(*$&9E?)<& •  7P$)*<0-*&(#$%-/01(+-*&D/(*$&$E?)<&,(*&@)& C)h*)C&@E&(<<0D*0*D&$%)3&(&#*0L#)&(@<-A#$)&c6;& 2-/&#<)&40$%&$%)&zD/(*$x$E?)z&?(/(3)$)/I& •  7P$)*<0-*<&,(*&C)h*)&(CC0+-*(A&?(/(3)$)/<& *))C)CI& •  7*(@A)<&@/0CD0*D&@)$4))*&!"#$%&(*C&-$%)/& ?/-$-,-A<I& –  8"BF&UIZ& –  vN9&kIZ& •  7*(@A)<&-$%)/&<$#e&$--& –  =)(/)/&(,,)<<&$-5)*&H(A0C(+-*& –  898&<$EA)&$-5)*&)P,%(*D)&
  • 59. :(/+(A&8?),0h,(+-*&F(*C<,(?)& H"I)?'0'7$8")' 9#+)?'0'7$8")' 9%)&!"#$%&UIZ&"#$%-/01(+-*&:/-$-,-A& 9%)&!"#$%&UIZ&:/-$-,-A^&=)(/)/&9-5)*<& C/(iO0)ÖO-(#$%OHU& C/(iO0)ÖO-(#$%OHUO@)(/)/& b99:&"#$%)*+,(+-*^&B">&",,)<<&"#$%)*+,(+-*& C/(iO0)ÖO-(#$%OHUO%]?O3(,& 7P$)*<0-*&S/(*$<&& .& !"#$%&UIZ&"<<)/+-*&:/-hA)&&&&&&&&&&&&&&&&&&&&&& &>A0)*$&"#$%)*+,(+-*& C/(iO0)ÖO-(#$%O(<<)/+-*<& 7$8")#' "<<)/+-*<&(*C&:/-$-,-A<&2-/&8"BF&ÄUIZ& <(3AO,-/)OUIZO-<& 8"BF&UIZ&=)(/)/&"<<)/+-*&S/(*$&& 9E?)&:/-hA)&2-/&!"#$%&UIZ& C/(iO0)ÖO-(#$%O<(3AUO@)(/)/& JKLMN' v8!W&N)@&9-5)*&`vN9a&& v8!W&N)@&9-5)*&`vN9a&=)(/)/& C/(iOw-*)<Ow<-*O4)@O$-5)*& :/-hA)&2-/&!"#$%&UIZ& &C/(iOw-*)<O-(#$%Ow4$O@)(/)/& v8!W&N)@&80D*($#/)&`vN8a& C/(iOw-*)<Ow<-*O4)@O<0D*($#/)& O,1"!'E!$,$&$*#' c<)/OB(*(D)C&",,)<<&`cB"a& v8!W&N)@&80D*($#/)&`vN7a& >-/)&:/-$-,-A& C/(iOw-*)<Ow<-*O4)@O)*,/E?+-*& !?)*;J&>-**),$&>-/)&kIZ& C/(iO%(/Cw-*-O-(#$%O#3(,-/)&
  • 60. "D)*C(& •  !"#$%&C/0H)/<& •  8,/))*<%-$&C)3-& •  !"#$%&%0<$-/E& •  !"#$%&U& •  !"#$%&0*&,-*$)P$& •  o)E&#<)&,(<)<& •  !"#$%&<),#/0$E&3-C)A& •  "AA&$%)&@)AA<&.&4%0<$A)<&4(A5&$%/-#D%&
  • 62. d";Ä&`d)$&"*-$%)/&;C)*+$E&Ä)**a& !"#$%& 8"BF& • 88!&?/-hA)& • ;>"B& • "#$%*&2-/&8!":&":;<& • "#$%*&2-/&6789&":;<& • 9-5)*&2-/3($& • "]/0@#$)&<%(/0*D& & • >A-#C&"#$%1& • "#$%1&C),0<0-*<& • "#$%1&|#)/En& • :-A0,E&<E*$(P& q">BF&
  • 63. !"#$%&/)A(+-*<%0?&$-&!?)*;J& •  ;*&-*)&<)*<)K&!"#$%&.&!?)*;J&(/)&-/$%-D-*(AK& 0)&!?)*;J&,-#AC&@)&#<)C&$-&(#$%)*+,($)&#<)/& ($&"8&2-/&-@$(0*0*D&,-*<)*$& •  =#$&$%)&<030A(/0+)<&@)$4))*&!?)*;J&UIZ&(*C& $%)&!"#$%&UIZ&(,,)<<&$-5)*&/)$/0)H(A&?0),)& %(H)&3-+H($)C&?/-?-<(A<&2-/&@(<0*D&*)P$& H)/<0-*&-2&!?)*;J&r-*&$-?&-2f&!"#$%&'&!?)*;J& >-**),$&
  • 64. :/-@A)3<&40$%&!?)*;J&UIZ& •  F-*D&c6F&A030$(+-*<& –  B(*E&3-@0A)&@/-4<)/&(*C&<-3)&:>&@/-4<)/<&,%-5)&($& A-*D&c6F<&,(#<)C&@E&"qK&:":7K&(*C&-$%)/&)P$)*<0-*<I& •  F!"&,)0A0*D& –  ,(**-$&(](0*&F!"U&@),(#<)&-2&(<<)/+-*&C0<,A-<#/)&($& @/-4<)/& •  ;3?A)3)*$(+-*&,-3?A)P0$E& –  J0[)Ob)A3(*&5)E&)P,%(*D)K&>(*-*0,(A01(+-*&(*C& 80D*($#/)&%(/C&$-&03?A)3)*$& •  J($(&8%(/0*D&F030$(+-*<& –  !*AE&?(0/O40<)&C($(&<%(/0*D&@)$4))*&$%)&!:&(*C&6:&0<& ?-<<0@A)I&
  • 65. !?)*;J&>-**),$& •  J)<0D*)C&$-&(CC/)<<&?/)H0-#<AE&<$($)C& A030$(+-*<&-2&!?)*;J&UIZ& •  6)Q),$<&(&%(/3-*01(+-*&-2&3#A+?A)& ,-3?)+*D&H0<0-*<&2-/&)H-A#+-*&-2&!?)*;J&UIZ& •  "CC<&(&$%0*&G0C)*+$E&A(E)/G&-*$-&!"#$%&UIZ& •  J)<0D*)C&$-&<#??-/$&%0D%)/&F!"&
  • 67. Z&
  • 68. !?)*;J&>-**),$&/)A(+-*&$-&!"#$%& •  N%)/)(<&!"#$%&0<&(&D)*)/(A&3),%(*0<3&$-& (#$%-/01)&":;&(,,)<<K&!?)*;J&>-**),$&?/-hA)<& $%)&D)*)/0,&2-/&?#/?-<)<&-2&<%(/0*D&?/-hA)& 0*2-/3(+-*& •  c<)<&$%)&(#$%1&,-C)&.&03?A0,0$&D/(*$&$E?)<&'&$%)& ?0),)<&-2&!"#$%&-?+301)C&2-/&#<)/O,-*<)*$& <,)*(/0-<& •  F)H)/(D)<&$%)&(#$%-/01(+-*&.&$-5)*&)*C?-0*$<&.& (CC<&0C)*+$EO@(<)C&?(/(3<&$-&,-/)&!"#$%& 3)<<(D)<&
  • 69. 8"BF&.&!"#$%& 8"BF& GbE@/0CG&'&,(//E&!"#$%&$-5)*& !"#$%& & 0*&8"BF&88!&3)<<(D)<& G"<<)/+-*&?/-hA)G&#<)& !"#$%& 8"BF&(<<)/+-*<&40$%0*&& 8"BF& !"#$%&Q-4& 8"BF& !"#$%& G8)L#)*,0*DG&'&#<)&8"BF&88!& $-&(#$%)*+,($)&#<)/&$-&"8&
  • 70. 8)L#)*,0*D& ;C)*+$E&?/-H0C)/& 8)/H0,)&?/-H0C)/& 8"BF& & "??A0,(+-*& !"#$%& :4C& 9-5)*& 9-5)*& J)H0,)& =/-4<)/& v8!W_qBF& "??A0,(+-*&
  • 71. 9/(C0*D& Use SAML assertion( or JWT) for OAuth client authentication and/or OAuth grant type :!89&_$-5)*&b99:_kIk& b-<$^&<)/H)/I)P(3?A)I,-3& >-*$)*$O9E?)^&(??A0,(+-*_PO444O2-/3O#/A)*,-C)C& & D/(*$x$E?)}(#$%-/01(+-*x,-C).&,-C)}0kN<6*k#=k.&,A0)*$x0C}<Ç=%C65L$Y.& ,A0)*$x(<<)/+-*x$E?)}#/*mY"-(<0<mY"*(3)<m<"$,mY"8"BF mY"UIZmY"(<<)/+-*.&,A0)*$x(<<)/+-*}:bW%@NP4!AIIIÜ-30])C&2-/& @/)H0$EáIIIÅ9& & & & & &
  • 72. 9/(C0*D& & 8"BF& vN9& :/-hA)<&(<<)/+-*&?/-hA)& V-/&<?),0h,&(<<)/+-*& V-/3($<&ÜUá&.&ÜYá& "<<)/+-*&?/-hA)& b-4&$-&#<)&(<<)/+-*<&& 2-/&,A0)*$&(#$%)*+,(+-*&& (*C&(<&(&D/(*$&$E?)&Üká&& !"#$%& >-/)&?/-$-,-A& Üká&O&%]?^__$--A<I0)ÖI-/D_%$3A_C/(iO0)ÖO-(#$%O(<<)/+-*<& ÜUá&O&C/(iO0)ÖO-(#$%O<(3AUO@)(/)/& ÜYáO&C/(iO0)ÖO-(#$%Ow4$O@)(/)/& & &
  • 73. !"#$%&/)A(+-*<%0?&$-&q">BF& 9%-#D%&@-$%&2-,#<)C&-*& r(#$%-/01(+-*fK&!"#$%&.& q">BF&(/)&*0,)AE& ,-3?-<)(@A)&
  • 74. !"#$%&0<&(#$%-/01(+-*g& •  J)?)*C<&-*&4%($&?(/$&-2&$%)& (#$%1&)A)?%(*$&E-#&(/)& A--50*D&($& –  :-A0,E&`q">BFa& –  |#)/E&`q">BF_8"BF&?/-hA)a& –  >A(03<&`8"BF&.&N8OV)C&88!a& –  c<)/&,-*<)*$&`!"#$%a& –  :)/30<<0-*<&`!"#$%a& F%,'+B'D$%!'%#"'&0#"#'5$)P,' +)-$*-"'%#"!Q&$)#"),R',1")' O4%,1'#,0!,#',$'*$$8'C$!"' *+8"'0%,1")3&03$)' &
  • 75. cB"&.&!"#$%& •  User Managed Access extends OAuth 2.0 to allow for a user to manage access to multiple (and distributed) resources through centralized Authorization Manager •  Leverages separation between AS & RS introduced by WRAP & O4%,1' 9G4' 9%)&/)<-#/,)&<)/H)/&/)<?),$<&(,,)<<&$-5)*<& 9%)&%-<$&-#$<-#/,)<&(#$%-/01(+-*&w-@<&$-& 2/-3&Ñ0$<{&(#$%-/01(+-*&<)/H)/& (*&(#$%-/01(+-*&3(*(D)/&,%-<)*&@E&$%)& #<)/& 9%)&(#$%-/01(+-*&<)/H)/&0<<#)<&$-5)*<& 9%)&(#$%-/01(+-*&3(*(D)/&0<<#)<&$-5)*<& @(<)C&-*&$%)&,A0)*$f<&(@0A0$E&$-&(#$%)*+,($)I& @(<)C&-*&#<)/&?-A0,E&(*C&Ñ,A(03<{&,-*H)E)C& @E&$%)&/)L#)<$)/I& 9%)&/)<-#/,)&<)/H)/&H(A0C($)<&$-5)*<&0*&(*& 9%)&%-<$&,(*&(<5&$%)&(#$%-/01(+-*&3(*(D)/& #*<?),0h)C&3(**)/K&(<<#3)C&A-,(AAE& $-&H(A0C($)&$-5)*<&0*&/)(A&+3)I& 8$(+,&,A0)*$&/)D0<$/(+-*&<$)?&& B-/)&CE*(30,&3-C)A&
  • 76. cB"&.&!"#$%& ST'9#"!'+),!$5%&"#' U$#,',$'4G' WT'U$#,'-"!+X"#',$8")' 0,'4G' VT'.";%"#,$!'$>,0+)#'' ,$8")'B!$C'4G',$'%#"' '0,'U$#,'
  • 77. "D)*C(& •  !"#$%&C/0H)/<& •  8,/))*<%-$&C)3-& •  !"#$%&%0<$-/E& •  !"#$%&U& •  !"#$%&0*&,-*$)P$& •  o)E&#<)&,(<)<& •  !"#$%&<),#/0$E&3-C)A& •  "AA&$%)&@)AA<&.&4%0<$A)<&4(A5&$%/-#D%&
  • 79. c<)&,(<)&$(P-*-3E& >A-#C& B-@0A)& J0e)/)*$& @#<0*)<<& 4-/52-/,)& C-3(0*& 4/Y9#"!' !"*03$)#1+6' ;*$)/*(A& B-@0A)& ,-*<#3)/& 8(3)& C-3(0*& 8)/H)/& B-@0A)& =*+"),'
  • 80. J0<+*D#0<%0*D&2)($#/)<& •  W($#/)&-2&$%)&,A0)*$K&0)&3-@0A)&-/&4)@&(??& •  N%)$%)/K&(*C&%-4K&#<)/&(#$%)*+,($)<&$-&"8& •  N%)$%)/K&(*C&%-4K&,A0)*$&(#$%)*+,($)<&$-&"8& •  N%)$%)/K&(*C&%-4K&#<)/&*))C<&$-&D0H)&,-*<)*$& •  9/#<$&3-C)A&@)$4))*&>A0)*$&.&"8& •  9/#<$&3-C)A&@)$4))*&68&.&"8&
  • 81. !"#$%&c<)&>(<)^&B-@0A)&>-*<#3)/& •  "&>-*<#3)/&>A-#C&=#<0*)<<&`)IDI&B(//0-]a&@#0AC0*D& B-@0A)&"??<& •  :/-H0C)&88!&(,,)<<&H0(&0:(CK&0:%-*)K&"*C/-0CK&)$,& •  9/#<$&/)A(+-*<%0?&0<&@)$4))*&)*$)/?/0<)&.& ,-*<#3)/&
  • 82. B-@0A)&>-*<#3)/^&&8?),0h,<& ka&B-@0A)&(??A0,(+-*&A(#*,%)<& S' "#$%Å& @/-4<)/K&0*&4%0,%&#<)/& V' 7*C?-0*$& (#$%)*+,($)<&$-&:0*DV)C)/($)& `(*C&D/(*$<&,-*<)*$a&&& 9-5)*& 7*C?-0*$& Ua&:0*DV)C)/($)&/)$#/*<&,-C)&$-& 3-@0A)&(??A0,(+-*&$%/-#D%& Ä(A0C(+-*& @/-4<)/& W' 7*C?-0*$& Ya&B-@0A)&(??A0,(+-*&)P,%(*D)<&,-C)& 2-/&(,,)<<&$-5)*& Ra&B-@0A)&(??A0,(+-*&(CC<&(,,)<<& [' $-5)*&$-&0$<&6789&/)L#)<$&-2& 6)<-#/,)&8)/H)/&`":;a& ' Xa&68&0*$)/(,$<&40$%&:0*DV)C)/($)&$-& H)/02E&$-5)*K&(*C&/)$/0)H)&C)<0/)C& 68& (]/0@#$)<& Ça&"<<#30*D&!oK&68&/)$#/*<& /)L#)<$)C&C($(&$-&3-@0A)& (??A0,(+-*& Z'
  • 83. B-@0A)&>-*<#3)/<^&;*A0*)&-?+-*& ka&B-@0A)&(??A0,(+-*&,-AA),$<&#<)/& ?(<<4-/C&(*C&<)*C<&$-& "#$%Å& :0*DV)C)/($)&0*&/)L#)<$&2-/& 7*C?-0*$& (,,)<<&$-5)*a&&& S' 9-5)*& Ua&:0*DV)C)/($)&/)$#/*<&(,,)<<&$-5)*& 7*C?-0*$& $-&3-@0A)&(??A0,(+-*& V' Ya&B-@0A)&(??A0,(+-*&(CC<&(,,)<<& Ä(A0C(+-*& 7*C?-0*$& $-5)*&$-&0$<&6789&/)L#)<$&-2& 6)<-#/,)&8)/H)/&`":;a& Ra&68&0*$)/(,$<&40$%&:0*DV)C)/($)&$-& W' Z' H)/02E&$-5)*K&(*C&/)$/0)H)& C)<0/)C&(]/0@#$)<& Xa&"<<#30*D&!oK&68&/)$#/*<& /)L#)<$)C&C($(&$-&3-@0A)& (??A0,(+-*& [' 68&
  • 84. J0<,#<<0-*& •  B-@0A)&,A0)*$<&(/)&D)*)/(AAE&*-$&0<<#)C&#*0L#)&,A0)*$& ,/)C)*+(A<&'&/($%)/&(AA&,-?0)<&<%(/)&$%)&<(3)& –  :/-H0C)<&-*AE&,-(/<)&r(#$%)*+,(+-*f&`-/&H(A0C(+-*a& •  J0e)/)*$&#<)/&(#$%)*+,(+-*&3),%(*0<3<&%(H)&?/-<_ ,-*<& –  =/-4<)/O@(<)C&3),%(*0<3<&3(E&@)&(CH(*$(D)-#<&2/-3& <),#/0$E&:-ÄI&"A<-&(AA-4<&2-/&h*)OD/(0*)C&,-*<)*$& ?-<<0@0A0+)<I&=/-4<)/&3(E&@)&)3@)CC)C& –  ;*A0*)&3),%(*0<3&3(E&-e)/&#<(@0A0$E&(CH(*$(D)<K&@#$&($&(& ,-<$& •  S/(*#A(/0$E&-H)/&,-*<)*$& •  6)A0(*,)&-*&?(<<4-/C<&
  • 85. !"#$%&c<)&>(<)^&B-@0A)&>A-#C_8((<&& •  "&>A-#C&=#<0*)<<_8((8&@#0AC0*D&B-@0A)&"??A0,(+-*<& •  8#??-/$<&4-/52-/,)&(,,)<<&H0(&H0(&0:(CK&0:%-*)K& "*C/-0CK&)$,&$-&>A-#CO%-<$)C&":;<& •  9/#<$&/)A(+-*<%0?&0<&@)$4))*&$%)&)*$)/?/0<)&(*C& >A-#C&=#<0*)<<_8((8&
  • 86. B-@0A)&>A-#C& ka&B-@0A)&(??A0,(+-*&A(#*,%)<& ;C:& @/-4<)/&$-&:0*DV)C)/($)&(#$%*& V' ?(D)& "#$%Å& V' 7*C?-0*$& &Ua&:0*DV)C)/($)&<)*C<&)3?A-E))& S' @/-4<)/&$-&)*$)/?/0<)&;C:&2-/&88!K& 9-5)*& /),)0H)<&8"BF&(<<)/+-*& 7*C?-0*$& W' Ya&:0*DV)C)/($)&/)$#/*<&,-C)&$-& Ä(A0C(+-*& 3-@0A)&(??A0,(+-*&$%/-#D%& W' Z' 7*C?-0*$& @/-4<)/& Ra&B-@0A)&(??A0,(+-*&)P,%(*D)<&,-C)& 2-/&(,,)<<&$-5)*& ' Xa&B-@0A)&(??A0,(+-*&(CC<&(,,)<<& $-5)*&$-&0$<&6789&/)L#)<$&-2& ]' 6)<-#/,)&8)/H)/&`":;a& Ça&68&0*$)/(,$<&40$%&:0*DV)C)/($)&$-& 68& H)/02E&$-5)*K&(*C&/)$/0)H)&C)<0/)C& (]/0@#$)<& ua&"<<#30*D&!oK&68&/)$#/*<& /)L#)<$)C&C($(&$-&3-@0A)& [' (??A0,(+-*&
  • 87. c>&'&;*$)/*(A&8)/H)/&>A0)*$<& •  7*$)/?/0<)&,-**),$<&0*$)/*(A&(??A0,(+-*<& $%/-#D%&6789&":;<&2-/&0*$)D/(+-*& •  >A0)*$<&3(E&(,$&(#$-*-3-#<AEK&-/&(A$)/*(+H)AE& -*&@)%(A2&-2&(*&)3?A-E))&-/&/-A)&
  • 88. ;*$)/*(A&":;<^&O&"#$-*-3-#<& kI  ;*$)/*(A&,A0)*$&(#$%)*+,($)<&$-& :0*DV)C)/($)&-*&/)L#)<$&2-/& "#$%Å& (,,)<<&$-5)*& 7*C?-0*$& UI  :0*DV)C)/($)&/)$#/*<&(,,)<<& S' 9-5)*& $-5)*&$-&,A0)*$& 7*C?-0*$& YI  B-@0A)&(??A0,(+-*&(CC<&(,,)<<& V' $-5)*&$-&0$<&6789&/)L#)<$&-2& Ä(A0C(+-*& 7*C?-0*$& 6)<-#/,)&8)/H)/&`":;a& RI  68&0*$)/(,$<&40$%&:0*DV)C)/($)& $-&H)/02E&$-5)*K&(*C&/)$/0)H)& W' Z' (??/-?/0($)&,A0)*$&(]/0@#$)<& XI  "<<#30*D&!oK&68&/)$#/*<& /)L#)<$)C&C($(&$-&,A0)*$& (??A0,(+-*& [' 68&
  • 89. ;*$)/*(A&":;<^&&O&J)A)D($)C& kI  >A0)*$&(??A0,(+-*&A(#*,%)<& S' @/-4<)/&$-&:0*DV)C)/($)&(#$%*& "#$%Å& ?(D)& 7*C?-0*$& UI  &"i)/&A-D0*K&:0*DV)C)/($)& V' 9-5)*& /)$#/*<&,-C)&$-&,A0)*$& 7*C?-0*$& (??A0,(+-*&$%/-#D%&@/-4<)/& V' YI  >A0)*$&(??A0,(+-*&)P,%(*D)<& Ä(A0C(+-*& 7*C?-0*$& ,-C)&2-/&(,,)<<&$-5)*& RI  >A0)*$&(??A0,(+-*&(CC<&(,,)<<& $-5)*&$-&0$<&6789&/)L#)<$&-2& [' 6)<-#/,)&8)/H)/&`":;a& W' XI  68&0*$)/(,$<&40$%&:0*DV)C)/($)& $-&H)/02E&$-5)*K&(*C&/)$/0)H)& C)<0/)C&(]/0@#$)<& Z' 68& ÇI  "<<#30*D&!oK&68&/)$#/*<& /)L#)<$)C&C($(&$-&,A0)*$& (??A0,(+-*& '
  • 90. >A-#C&=#<0*)<<_8((8& •  "&>A-#C&=#<0*)<<_8((8&?/-H0C)<&C($(&(,,)<<&$%/-#D%&6789&":;<& •  ":;&,A0)*$<&(/)&4)@&(??A0,(+-*<&`0I)I&-*&(&<)/H)/a& •  F(/D)&*#3@)/&-2&,A0)*$<&(,,)<<0*D&":;<&'&)(<0)/&$-&3(*(D)&$/#<$&($&$%)& ?(/$*)/_,#<$-3)/&A)H)A&$%(*&0*C0H0C#(A&,A0)*$<& •  "#$%)*+,($)&,A0)*$&.&#<)/<&$%/-#D%&2)C)/(+-*K&/($%)/&$%(*&C0/),$AE&0<<#)C& ,/)C)*+(A<&
  • 91. VA-4& kI  >A0)*$&(??A0,(+-*&/)$/0)H)<&8"BF& (<<)/+-*&2/-3&A-,(A&;C:& UI  >A0)*$&<)*C<&8"BF&(<<)/+-*&$-& :0*DV)C)/($)&($&8((8&:/-H0C)/_ ?(/$*)/&)$,& YI  :0*DV)C)/($)&/)$#/*<&(,,)<<& $-5)*&$-&,A0)*$& RI  >A0)*$&(??A0,(+-*&(CC<&(,,)<<& $-5)*&$-&0$<&6789&/)L#)<$&-2& 6)<-#/,)&8)/H)/&`":;a& XI  8((8&68&0*$)/(,$<&40$%& :0*DV)C)/($)&$-&H)/02E&$-5)*K& (*C&/)$/0)H)&C)<0/)C&(]/0@#$)<& ÇI  "<<#30*D&!oK&8((8&68&/)$#/*<& /)L#)<$)C&C($(&$-&,A0)*$& (??A0,(+-*&
  • 92. "D)*C(& •  !"#$%&C/0H)/<& •  8,/))*<%-$&C)3-& •  !"#$%&%0<$-/E& •  !"#$%&U& •  !"#$%&0*&,-*$)P$& •  o)E&#<)&,(<)<& •  !"#$%&<),#/0$E&3-C)A& •  "AA&$%)&@)AA<&.&4%0<$A)<&4(A5&$%/-#D%&
  • 93. !"#$%&U&8),#/0$E&B-C)A& •  N)AAK&0$&<-/$&-2&C)?)*C<p& –  9-5)*&$E?)& –  S/(*$&$E?)& –  >A0)*$&$E?)& •  "A<-K&0$f<&50*C&-2&,-3?A0,($)Cp&
  • 94. 8)<<0-*&>--50)&"*(A-DE&& •  !"#$%&#<0*D&@)(/)/&$-5)*<&0<&<-/$&-2&A05)&<)<<0-*& ,--50)<&2-/&":;_/)<-#/,)&(,,)<<&& •  S)*)/(AAE&E-#&A-D0*&$-&(&4)@<0$)&(*C&(/)&0<<#)C&(& <)<<0-*&,--50)&2-/&<#@<)L#)*$&/)L#)<$<& •  S/(*$&0<&A05)&$%)&A-D0*&(*C&(,,)<<&$-5)*&0<&A05)&$%)& <)<<0-*&,--50)&& •  9F8&0<&/)L#0/)C&($&)H)/E&<$)?& •  >--50)<&/)AE&-*&<(3)&-/0D0*&?-A0,E& •  ",,)<<&$-5)*<&/)AE&-*&<$(+,&-/&4)AA&5*-4&<)/H)/<& •  W)0$%)/&0<&?)/2),$& •  J0<,-H)/E&,(**-$&@)&<(2)AE&C-*)&40$%&@)(/)/&$-5)*<&
  • 95. N%($&(@-#$&B">g& •  b)A?<&40$%&$%)&C0<,-H)/E&?/-@A)3& •  8+AA&50*C&-2&<030A(/&$-&<)<<0-*&,--50)<& –  ;*&2(,$K&$%)&B">&<?),&C)h*)<&(*&)P$)*<0-*&$-&$%)& b99:&z8)$O>--50)&z&/)<?-*<)&%)(C)/&h)AC& •  :/)H)*$<&,/)C)*+(A&A)(5(D)& •  >(*&@)&#<)C&-H)/&0*<),#/)&,%(**)A<& –  "CC<&,-3?A)P0$E&`*-/3(A01(+-*K&,/E?$-D/(?%EK& <$($)&3(*(D)3)*$a& –  W-&,-*hC)*+(A0$E&`<+AA&*))C&9F8&2-/&$%($a&
  • 96. 9-5)*<&.&80D*0*D&& •  80D*)C&9-5)*<& –  9-5)*&0<&<0D*)C&@E&$%)&0<<#)/&`"8a& –  vN9K&8N9K&8"BFK&)$,I& –  9-5)*&0<&<)A2O,-*$(0*)C& •  80D*0*D&40$%&9-5)*<&& –  >A0)*$&<0D*<&$%)&/)L#)<$&40$%&<-3)&<),/)$&0<<#)C& (A-*D&<0C)&$%)&$-5)*& –  B">& –  9-5)*&,(*&@)&<)A2O,-*$(0*)C&-/&/)2)/)*,)&&
  • 97. N%E&(/)*f$&9-5)*<&J)h*)Cg& •  ;$f<&-5(EK&0$&/)(AAE&0<& •  ;&C-*f$&5*-4&4%E&)P(,$AEK&@#$&;fH)&D/-4*&$-& (,,)?$&(*C&)H)*&A05)&0$& •  ;$&C-)<&03?AE&<-3)&A)H)A&-2&,--/C0*(+-*& @)$4))*&$%)&"8&.&68& •  903)&40AA&$)AAp&
  • 98. !$%)/&8),#/0$E&8$#e& •  6)2)/)*,)&<$EA)&$-5)*<&*))C&(&A-$&-2&)*$/-?E& •  6)H-,(+-*&0<&D--C&$-&?/-H0C)& •  9F8& •  >A0)*$&"#$%)*+,(+-*&(*C&@0*C0*D&$-&$-5)*<_,-C)<& •  =/#$)&2-/,)&,-#*$)/3)(<#/)<& •  9-5)*&<$-/(D)& •  9-5)*_,-C)&A)(5(D)& •  :%0<%0*D& •  J0C&;&3)*+-*&9F8g& •  8,-?)&
  • 99. "D)*C(& •  !"#$%&C/0H)/<& •  8,/))*<%-$&C)3-& •  !"#$%&%0<$-/E& •  !"#$%&U& •  !"#$%&0*&,-*$)P$& •  o)E&#<)&,(<)<& •  !"#$%&<),#/0$E&3-C)A& •  "AA&$%)&@)AA<&.&4%0<$A)<&4(A5&$%/-#D%&
  • 100. N(A5&$%/-#D%& •  N(A5&$%/-#D%&<,)*(/0-&-2&(*&)3?A-E))&#<0*D&(& *(+H)&(??&-*&$%)0/&?%-*)_$(@A)$&$-&0*$)/(,$& 40$%&(&8((8&?/-H0C)/& •  8"BF&?/-H0C)<& –  "#$%)*+,(+-*&-2&)3?A-E))&$-&8((8&?/-H0C)/& •  !"#$%&?/-H0C)<& –  (#$%-/01(+-*&-2&*(+H)&(??&$-&(,,)<<&8((8&":;<& –  ;<<#(*,)&-2&$-5)*<&2/-3&8((8&$-&*(+H)&(??&
  • 101. N(A5&$%/-#D%& &&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&!"#$%& & &&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&8"BF& & & &&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&!"#$%&
  • 104. F-(C&(#$%1&?(D)& S79&_(<_(#$%-/01(+-*I-(#$%Ug ,A0)*$x0C}3-@0A)(??.<$($)}%-<)/./)C0/),$x#/0}3-@0A)(??^__ /)C0/),$x%)/)./)<?-*<)x$E?)},-C)&b99:_kIk& ^$,"' O O&W-&,A0)*$&?4C& O O&,#<$-3&<,%)3)&-*&/)C0/),$&c6F& O O&/)<?-*<)&$E?)&-2&r,-C)f&
  • 110. 88!&6)L#)<$& à2-/3&3)$%-C}z?-<$z&(,+-*}z%]?<^__0C?I)P(3?A)I-/D_8"BFU_88!_:!89z&â& à0*?#$&$E?)}z%0CC)*z&*(3)}z8"BF6)L#)<$z&H(A#)}z!"#$"%&z&_â& à0*?#$&$E?)}z<#@30$z&H(A#)}z8#@30$z&_â& à_2-/3â&& à<(3A?^"#$%*6)L#)<$& &P3A*<^<(3A?}z#/*^-(<0<^*(3)<^$,^8"BF^UIZ^?/-$-,-Az& P3A*<^<(3A}z#/*^-(<0<^*(3)<^$,^8"BF^UIZ^(<<)/+-*z&;J}z((2UYksÇOkuuYOUkkYORuR(O 2)kkRRkU(@uUz&Ä)/<0-*}zUIZz&;<<#);*<$(*$}zUZZROkUOZX9Zs^Uk^XsÅ{â& & &à<(3A^;<<#)/â%]?<^__<?I)P(3?A)I,-3_8"BFUà_<(3A^;<<#)/â&&à<(3A?^W(3);J:-A0,E& "AA-4>/)($)}z$/#)z& &V-/3($}z#/*^-(<0<^*(3)<^$,^8"BF^ UIZ^*(3)0C^2-/3($^?)/<0<$)*$z_â& à_<(3A?^"#$%*6)L#)<$â&
  • 116. 88!&6)<?-*<)& à<(3A^"<<)/+-*â& à<(3A^;<<#)/â%]?<^__0C?I)P(3?A)I-/D_8"BFUà_<(3A^;<<#)/â& àC<^80D*($#/)&P3A*<^C<}z%]?^__444I4YI-/D_UZZZ_Zs_P3AC<0DMzâIIIà_C<^80D*($#/)â& à<(3A^8#@w),$â&à<(3A^W(3);J&V-/3($}z#/*^-(<0<^*(3)<^$,^8"BF^UIZ^*(3)0CO2-/3($^?)/<0<$)*$zâ& Y2u@YC,2OkÇuROR),COsU,tOkXRR2YRÇ@(2t&à_<(3A^W(3);Jâà_<(3A^8#@w),$â& à<(3A^"]/0@#$)8$($)3)*$â& à<(3A^"]/0@#$)&W(3)}Ñ)3(0A{&â& à<(3A^"]/0@#$)Ä(A#)&P<0^$E?)}zP<^<$/0*Dzâ?3(C<)*?0*D0C)*+$EI,-3à_<(3A^"]/0@#$)Ä(A#)â&& à_<(3A^"]/0@#$)â&& à_<(3A^"]/0@#$)8$($)3)*$â&& à_<(3A^"<<)/+-*â&&
  • 119. 6)<?-*<)&40$%&,-C)& b99:_kIk&YZU&V-#*C& F-,(+-*^&3-@0A)(??^__/)C0/),$x%)/)g& &<$($)}%-<)/.& &,-C)}401v3(89:"2Z4L8)=YH3JPU3W8ÅoÇD& >-*$)*$OF)*D$%^&Z&
  • 122. 9/(C)&,-C)&2-/&$-5)*& :!89&_(<_$-5)*I-(#$%U& b-<$^&(<I,-3& ,A0)*$x0C}(./)C0/),$x#/0}3-@0A)(??^__ /)C0/),$%)/).D/(*$x$E?)}(#$%-/01(+-*x,-C).,-C)}401v3(89:"2Z4L8)=YH3JPU 3W8ÅoÇD&b99:_kIk& & & b99:_kIk&UZZ&!o& >-*$)*$O9E?)^&(??A0,(+-*_w<-*~&,%(/<)$}c9VOt& z$-5)*x$E?)z^z=)(/)/zKz)P?0/)<x0*z^zÇZZzKz/)2/)<%x$-5)*z^z-|NL4Bc;FU*C)Bb<N7 EV!ZSE(AHo8H,U|;Rd#StU6BS5BzKz(,,)<<x$-5)*z^zA8=@,0RvDtB<w08LÅF=/17qDCR 3ocW%!5EVzÉ&
  • 125. >A0)*$&,(AA<&":;& %]?<^__D/(?%I2(,)@--5I,-3_?(#AI)I3(C<)*_ 2/0)*C<_g (,,)<<x$-5)*}A8=@,0RvDtB<w08LÅF=/17qDCR3o cW%!5EV& & & & & &
  • 128. Ä)/02E&$-5)*& S79&_(<_$-5)*I-(#$%Ug ,A0)*$x0C}@.,A0)*$x<),/)$}?4C.D/(*$x$E?)}#/*^?0*D^H(A0C($).$-5)*}A8=@,0RvDtB<w08LÅF=/17qDCR3ocW%!5EV& b99:_kIk& b-<$^&(<I,-3& ",,)?$^&n_n& & &b99:_kIk&UZZ&!o& >-*$)*$O9E?)^&(??A0,(+-*_w<-*~&,%(/<)$}c9VOt&& ^$,'O4%,1'5"X)"5'
  • 145. W(+H)&H<&4)@&(??<& •  W-$&D-0*D&$-&$/E&$-&?/)C0,$&40**)/&'&)P?),$&@-$%& •  "#$%)*+,(+-*&.&(#$%-/01(+-*&<%-#AC&@)&,-*<0<$)*$& (,/-<<&@-$%&3-C)A<K&<-&$%($& –  c<)/<&(/)&*-$&,-*2#<)CK&)D&#<)&C0e)/)*$& ,/)C)*+(A<&(*C_-/&(#$%)*+,(+-*&,)/)3-*E&2-/& $%)&$4-&3-C)A<K&)H)*&02&(,,)<<0*D&$%)&<(3)& (??A0,(+-*& –  8)/H0,)&:/-H0C)/<&(/)*f$&2-/,)C&$-&03?A)3)*$& C#?A0,($)&.&0*,-3?(+@A)&<),#/0$E&2/(3)4-/5<& 2-/&$%)&$4-&3-C)A<&
  • 146. V)C)/(+-*& •  V)C)/(+-*&(@<$/(,$<&(4(E&2/-3&(??A0,(+-*<& <?),0h,<&-2&(#$%)*+,(+-*&.&(#$%-/01(+-*&'& -#$<-#/,)C&$-&<?),0(A01)C&?/-H0C)/<& •  >-3?A)P0$E&%0CC)*&@E&$-5)*&0<<#(*,)&.&H(A0C(+-*& •  V)C)/(+-*&<$(*C(/C<&C)h*)& –  9-5)*&2-/3($<& –  b-4&,A0)*$<&-@$(0*&$-5)*<& –  b-4&,A0)*$<&?/)<)*$&$-5)*<&$-&(??A0,(+-*& ?/-H0C)/<&&
  • 147. 9-5)*<& •  V)C)/($)C&(#$%)*+,(+-*&2-/&@-$%&4)@&(*C& *(+H)&3-@0A)&(??A0,(+-*<&0<&@(<)C&-*&)P,%(*D)& (*C&C)A0H)/E&-2&&'(")%*$-&$%)&(??A0,(+-*& •  9-5)*<&,(//E&`-/&?-0*$&$-a&<),#/0$E&0*2-/3(+-*& `A05)&(]/0@#$)<&-/&(#$%-/01(+-*<a&2-/&#<)/&$/E0*D& $-&(,,)<<&$%)&(??A0,(+-*I&& •  >A0)*$<&$E?0,(AAE&)P,%(*D)&,/)C)*+(A<&2-/&$-5)*<& O&)(<0)/_<(2)/&$-&<%(/)&$%)&$-5)*&(,/-<<&$%)& *)$4-/5&/($%)/&$%(*&$%)&-/0D0*(A&,/)C)*+(A<& •  N%)*&$-5)*&0<&<#@<)L#)*$AE&?/)<)*$)C&$-&(*& (??A0,(+-*&?/-H0C)/K&$%)E&<)/H)&$-&(#$%)*+,($)& (*C_-/&(#$%-/01)&$%)&/)L#)<$&
  • 148. V)C)/(+-*&$(5)<&C0e)/)*$&2-/3<& V-/&4)@&(??<K&$-5)*<&,(//E& =/-4<)/& (??& "]/0@#$)<&2-/&(#$%)*+,(+-*& V-/&*(+H)&(??<K&$-5)*<&,(//E& (??& C($(& "#$%-/01(+-*&2-/&(]/0@#$)<&
  • 149. 9-5)*<&2-/&3-@0A)&4)@&(??A0,(+-*<& •  V)C)/(+-*&2-/&4)@&(??A0,(+-*<&3(*02)<$<&(<& 88!&2/-3&<-3)&;C:&$-&$%)&(??A0,(+-*&?/-H0C)/& •  88!&)<?),0(AAE&/)A)H(*$&2-/&3-@0A)& •  9-5)*<&(])<+*D&$-&$%)&#<)/f<&0C)*+$E&(*C_-/& (#$%)*+,(+-*&<$($#<&C)A0H)/)C&&+!'$,+*`(<& /)C0/),$<a&$%)&@/-4<)/&2/-3&;C:&$-&$%)& (??A0,(+-*&?/-H0C)/& •  "??A0,(+-*&?/-H0C)/&H(A0C($)<&$-5)*&(*C& )P$/(,$<&0C)*+$E&(]/0@#$)<&2/-3&40$%0*&0*&-/C)/& $-&,/)($)&A-,(A&<)<<0-*&&
  • 150. 9-5)*<&2-/&4)@&(??A0,(+-*<& ;C)*+$E&?/-H0C)/& 8)/H0,)&?/-H0C)/& kI  c<)/&$/(C)<& ,/)C)*+(A<&2-/&(& $-5)*&2/-3&;C:& 8"BF& UI  9-5)*&C)A0H)/)C& !?)*;J& "??A0,(+-*& $%/-#D%&$%)& @/-4<)/&$-&8:& YI  8:&H(A0C($)<&$-5)*K& (*C&C)A0H)/<& (??A0,(+-*&b9BF& :4C& b9BF& $-&@/-4<)/& 9-5)*& J)H0,)& =/-4<)/&
  • 151. =)<$&?/(,+,)<& •  8$(*C(/C<& –  !?)*;J&UIZ&2-/&,-*<#3)/&<,)*(/0-<& –  8"BF&UIZ&2-/&)*$)/?/0<)&.&,A-#C& –  N8OV)C)/(+-*&2-/&%-3-D)*)-#<&B8V9& •  ;C:&J0<,-H)/E& –  ;*&,-*<#3)/&<?(,)K&,-*<0C)/&W(<,(/&40$%&)3(0AO @(<)C&<#??A)3)*$& –  ;*&,A-#C&<?(,)K&,-*<0C)/&)3(0AO@(<)C& •  =-$%&;C:&`?-/$(Aa&(*C&8:&`C))?OA0*50*Da&0*0+($)C& (/)&/)A)H(*$& •  B-@0A)&@/-4<)/&,-*<$/(0*$<&3(E&/),-33)*C& (/+2(,$&3-C)A&0*&8"BF&
  • 152. 9-5)*<&2-/&*(+H)&(??A0,(+-*<& •  W(+H)&(??A0,(+-*<&(#$%)*+,($)&$-&6789&":;<&@E& ?/)<)*+*D&(&$-5)*&-*&$%)&,(AA& •  9%)&?/),#/<-/&(,$&-2&$%)&*(+H)&(??A0,(+-*&-@$(0*0*D&(& $-5)*&0<&-i)*&,(AA)C&r(#$%-/01(+-*f&`?(/+,#A(/AE&0*& $%-<)&,(<)<&4%)*&$%)&":;&2/-*$<&#<)/&0*2-K&)D&?/-hA)K& $4))$<K&)$,a& •  c<)/&(#$%-/01)<&`-/&,-*<)*$<a&$-&$%)&*(+H)&(??A0,(+-*& %(H0*D&(,,)<<&$-&$%)&":;&`(*C&$%)0/&C($(a&'&$%)& (#$%-/01(+-*&0<&3(*02)<$)C&(<&$%)&0<<#(*,)&-2&(&$-5)*& $-&$%)&*(+H)&(??& •  !"#$%&UIZ&C-30*(*$&?/-$-,-A&@E&4%0,%&(&*(+H)&(??& -@$(0*<&$%)&C)<0/)C&(#$%-/01(+-*<&(*C&$%)& ,-//)<?-*C0*D&$-5)*&`(*C&$%)*&#<)<&(D(0*<$&":;a&
  • 153. B-@0A)&(#$%*&-?+-*<& • E(5'#10!"5'(+,1'W!5'60!,D' _C>"55"5'>!$(#"!' :)*+)"' • 466'$()#'9:' • ^$')""5',$'*"0-"'066' • =%#,$C'#&1"C"' • _)0>*"#'//O' • _)0>*"#'#,!$)?'0%,1)' • 4/'$()#'9:' • a+#%0*',!%#,'&%"#' • =0)'*"-"!0?"'#,$!"5'6(5#' _`,"!)0*'>!$(#"!'
  • 154. 9-5)*<&2-/&*(+H)&(??A0,(+-*<& 8)/H0,)&?/-H0C)/& kI  c<)/&$/(C)<&,/)C)*+(A<&2-/&(&$-5)*& UI  9-5)*&C)A0H)/)C&$%/-#D%&$%)&@/-4<)/& $-&*(+H)&(??A0,(+-*& "??A0,(+-*& YI  W(+H)&(??A0,(+-*&?/)<)*$<&$-5)*&-*& ":;&,(AA<& RI  "??A0,(+-*&/)$#/*<&(??A0,(+-*&C($(& (<&v8!W& :4C& 9-5)*& v8!W_qBF& J)H0,)& =/-4<)/& "??A0,(+-*& !"#$%&
  • 155. =)<$&?/(,+,)<& •  c<)&$%)&@/-4<)/&$-&(#$%)*+,($)&$%)&#<)/&$-&$%)&"8K& C-*f$&,-AA),$&#<)/&?(<<4-/C<&40$%0*&*(+H)&(??A0,(+-*& 0$<)A2& •  "&<)?(/($)&@/-4<)/&40*C-4&?/)2)//)C&$-&)3@)CC)C&'& D0H)<&#<)/&$%)&H0<#(A&$/#<$&,#)<&$/(0*)C&$-&A--5&2-/& •  !"#$%&(#$%-/01(+-*&,-C)&D/(*$&$E?)&0<&/)A)H(*$&'& (AA-4<&(&/)2/)<%&$-5)*&$-&@)&C)A0H)/)C&$-&$%)&*(+H)& (??A0,(+-*&`-@H0($)<&*))C&$-&,-*+*#(AAE&/)(#$%-/01)a& •  c<)&@/-4<)/&2-/&;C:&C0<,-H)/E&02&C-0*D&88!&`/($%)/&$%(*& 40$%0*&*(+H)&(??A0,(+-*&0$<)A2a& •  W(+H)&(??A0,(+-*&<%-#AC&/)D0<$)/&,#<$-3&<,%)3)&-*& 0*<$(AAK&$-&)*(@A)&<#@<)L#)*$&?(<<0*D&&-2&$-5)*&2/-3& @/-4<)/&-./(*$-&*(+H)&(??A0,(+-*&