Download - OAuth 101 & Secure API's - Paul Madsen and Brian Campbell, Ping Identity

!"#$%&'&(#$%)*+,(+-*&.&(#$%-/01(+-*&

2/(3)4-/5&2-/&6789&":;<&

=/0(*&>(3?@)AA&.&:(#A&B(C<)*&

:0*D&;C)*+$E&

F-D0<+,<&

•  9%)&(??/-?/0($)&2-/3&-2&(CC/)<<&2-/&$%)&<?)(5)/<&0<&G80/G&

•  "@<$/(,$&$%0*50*D&($&)A)H(+-*&,(*&@)&C(*D)/-#<I&J/0*5&?A)*$E&-2&

4($)/I&&

•  6)A($)C&$-&?/)H0-#<K&$%)/)&40AA&@)&*-&@0-&@/)(5<K&?A)(<)&3(5)&*-$)&-2&

A-,(+-*&-2&@#,5)$&0*&@(,5&-2&/--3I&&

•  ;2&E-#&40<%&$-&(<5&(&L#)<+-*K&?A)(<)&$4))$&0$&40$%&$%)&$(D&

GM?(#A(*C@/0(*<(4)<-3)-(#$%4-/5<%-?G&

•  N)&40AA&@)&C-0*D&(&/-A)O?A(E0*D&)P)/,0<)&$-&<03#A($)&$%)&!"#$%&Q-4I&

8$(/$&$%0*50*D&(@-#$&4%-&E-#&4(*$&0*&E-#/&D/-#?<&-2&R&(*CK&

03?-/$(*$AEK&4%-&40AA&?A(E&$%)&/-A)&-2&$%)&GC#3@G&,A0)*$I&

•  9%)/)&40AA&@)&(*&!"#$%&L#01&($&$%)&)*CI&9%)&%0D%)<$&<,-/)&40AA&/),)0H)&

(&S--DA)T&0*H0$)I&9%)&U*C&%0D%)<$&<,-/)&40AA&/),)0H)&U&0*H0$)<&)$,&

•  V-/&B-*C(E&C0**)/K&&

–  850&90?&/)<$(#/(*$&O&W-$&($&$-?&-2&3-#*$(0*&

–  =#<)<&,-AA),$&($&XIYZ&–  W-&<?-#<)<&$-*0$)&'&<?(,)&,-*<$/(0*)C&

"  8)*0-/&9),%*0,(A&"/,%0$),$&40$%0*&$%)&![,)&-2&

$%)&>9!&($&:0*D&;C)*+$E&

" ?3(C<)*\?0*D0C)*+$EI,-3&

" %]?^__444IA0*5)C0*I,-3_0*_?(#A3(C<)*&

"  8)/H)C&0*&H(/0-#<&C)<0D*K&,%(0/0*DK&)C0+*DK&(*C&)C#,(+-*&/-A)<&2-/&(&*#3@)/&-2&2)C)/(+-*&

<$(*C(/C<K&0*,A#C0*D&8:BFK&;JON8V&.&

;*2-/3(+-*&>(/C<&

"  N-/5)C&40$%&<#,,)<<2#A&<$(*C(/C<&$--K&A05)&

8"BF&.&`%-?)2#AAEa&!"#$%&.&8>;B&

"  b-AC<&(*&BI8,I&0*&"??A0)C&B($%)3(+,<&(*C&(&:%IJI&0*&9%)-/)+,(A&:%E<0,<&2/-3&>(/A)$-*&

c*0H)/<0$E&(*C&$%)&c*0H)/<0$E&-2&N)<$)/*&!*$(/0-&/)<?),+H)AEI&

"  ;&5*-4K&3E&@-EG<&40,5)C&<3(%$I&

"  d)$K&?/-2)<<0-*(AAEK&%)&0<&)e),+H)AE&3E&?))/I&

"  8-&4%-f<&<-&<3(/$&*-4K&)%g&

"  8)A2&(<<)/$)C&B-<$&;*$)/)<+*D&B(*&0*&;C)*+$E&&

"  J-)<*f$&(A4(E<&C/0*5&@)2-/)&*--*K&@#$&4%)*&%)&C-)<&`E-#&5*-4K&02&$%)/)&4(<&(&A-*D&3))+*D&-/&<-3)$%0*DaK&%)&?/)2)/<&(&S.9&

"  !/&<0P&"  :/-A0h,&$4))$)/&40$%&4)AA&-H)/&%(A2&(&$%-#<(*C&2-AA-4)/<&O&\?(#A3(C<)*&

"  8+AA&@A-D<&`%-4&L#(0*$a&($&,-**),+CI@A-D<?-$I,-3&.&?(#A3(C<)*I?-<$)/-#<I,-3&

"  8+AA&4(0+*D&2-/&(&S--DA)T&0*H0$)&

=/0(*&>(3?@)AA&

•  F)(C<&:0*D&7*D0*))/0*D&$)(3&(CC0*D&!"#$%&$-&

?/-C#,$&A0*)&

•  =),(3)&<-i4(/)&C)H)A-?)/&(i)/&/)(A010*D&,%-<)*&

,(/))/&-2&A02)&,-(,%&0*H-AH)C&$(A50*D&$-&?)-?A)&

•  N0$%0*&<$(*C(/C<&4-/AC&'&%(<&(,%0)H)C&*-$-/0)$E&

2-/&%(@0$&-2&4-/50*D&?/-2(*0$E&0*$-&*(3)<?(,)&

c6;<&

•  N%0A)&,%(0/0*D&!"8;8&8"BF&9>K&9>&/)H)*#)<&

0*,/)(<)C&2/-3&jZ&$-&jkIXZ&C#)&$-&%0<&0C)(&2-/&(&

GS0H)&3)&jkllG&,(3?(0D*&

•  N0$%0*&:0*DK&/#*<&N)A,-3)&N(D-*&2-/&*)4&

)3?A-E))<&

•  "H0C&?%-$-D/(?%)/&'&?%-$-<&%(H)&D/(,)C&$%)&2/0D<&

-2&3(*E&-2&%0<&2(30AE&

•  >#//)*$AE&,-O)C0+*D&$%)&8"BF&"<<)/+-*&?/-hA)&

2-/&!"#$%I&;*&$%($&,-*$)P$K&?/-?-<0*D&(&G6)(C&$%)&

mjM.n&<?),G&)//-/&/)<?-*<)&,-C)&

•  b(<&(A3-<$&-@<)<<0H)&0*$)/)<$&0*&>(*(C(&

•  \4))#*L#0)$30*C&

"D)*C(&

•  !"#$%&C/0H)/<&•  8,/))*<%-$&C)3-&

•  !"#$%&%0<$-/E&•  !"#$%&U&•  !"#$%&0*&,-*$)P$&•  o)E&#<)&,(<)<&•  !"#$%&<),#/0$E&3-C)A&

•  "AA&$%)&@)AA<&.&4%0<$A)<&4(A5&$%/-#D%&

"#$%)*+,(+-*&2-/&8!":&

•  9%)&8!":&4-/AC&%(<&A-*D&%(C&<$(*C(/C<&/)A($)C&$-&(#$%)*+,(+-*&.&(#$%-/01(+-*&-2&4)@&<)/H0,)<&

•  N8O9/#<$&C)h*)<&(&?/-$-,-A&@E&4%0,%&(&8!":&,A0)*$&

,(*&-@$(0*&(&<),#/0$E&$-5)*&`$E?0,(AAE&(&8"BF&

(<<)/+-*a&

•  N8O8),#/0$E&<+?#A($)<&%-4&$-&(](,%&$%)&$-5)*&

`8"BF&(<<)/+-*a&$-&(&8!":&/)L#)<$&

=#$&pII&

ka&6789&(#$%)*+,(+-*&

•  6789&4-/AC&%(<&*-$&%(C&,-3?(/(@A)&<$(*C(/C<&

•  W-$%0*D&,-3?(/(@A)&$-&N8O8),#/0$E&O&30<%3(<%&-2&

b99:&=(<0,K&b99:&J0D)<$K&?/-?/0)$(/E&3),%(*0<3<K&

(*C&3#$#(A&88F&2-/&,A0)*$&(#$%)*+,(+-*&&

•  W-$%0*D&,-3?(/(@A)&$-&N8O9/#<$&'&,-*<)L#)*$AE&

,A0)*$&@)(/<&@#/C)*&-2&3(*(D0*D&,/)C)*+(A<&.&$/#<$&

Ua&:(<<4-/C&(*+O?(])/*&&

80$)<&(<5<&d!c&2-/&E-#/&S!!SF7&?(<<4-/C&<-&0$&

,(*&(,,)<<&E-#/&S--DA)&<$#eI&

9<5&$<5l&

•  >A0)*$&3#<$&<$-/)&?(<<4-/C<&

•  9)(,%)<&#<)/<&$-&@)&0*C0<,/030*($)&

40$%&$%)0/&?(<<4-/C<&

•  B-/)&C0[,#A$&$-&3-H)&$-&3#A+O2(,$-/&

(*C&2)C)/($)C&(#$%)*+,(+-*&

•  J-)<*f$&<#??-/$&D/(*#A(/&?)/30<<0-*<K&

)IDI&q&,(*&/)(C&@#$&*-$&4/0$)&

•  J-)<*f$&<#??-/$&5*-4A)CD)_C0e)/)*+(+-*&-2&$%)&(,,)<<&D/(*$)C&

•  J-)<*f$&<#??-/$&`)(<Ea&/)H-,(+-*&'&$-&@)&<#/)&-2&$#/*0*D&-e&(,,)<<&#<)/<&

3#<$&,%(*D)&?(<<4-/C&&

;3?-/$(*,)&-2&/)H-,(+-*&

N9V&0<&$%0<&$%0*Dg&

;&<%-#AC&#<)&$%($&3-/)&

9%0<&0<&<%0*Elllll&

Ya&>A-#C&":;<&

•  N0$%0*&3-H)&$-4(/C<&8((8&'&$/)*C&$-4(/C<&":;&(,,)<<&

$-&C($(_<)/H0,)<&$-&<#??A)3)*$_/)?A(,)&@/-4<)/&

(,,)<<&

•  Salesforce.com expects that within the next year – only 1/3 of access will be via browser&

•  ":;<&-2&:((8&-e)/0*D<&(AA-4&$%)&,#<$-3)/&$-&)P?-<)&0$<&

-4*&,A-#C&<)/H0,)<&

•  >A)(/&$/)*C&2-/&$%)<)&":;<&0<&$-4(/C<&6789&

>A-#C&,#/)<&)H)/E$%0*D&

Ra&W(+H)&3-@0A)&(??<&

\4))c*L#0)$B0*C&\?(#A3(C<)*&

"<0C)&O&W(+H)&H<&4)@&

•  W-$&D-0*D&$-&$/E&$-&?/)C0,$&40**)/&'&)P?),$&@-$%&•  W(+H)G<&,#//)*$&?-?#A(/0$E&A05)AE&@(A(*,)C&@E&

b9BFX&2)($#/)<&

•  "#$%)*+,(+-*&.&(#$%-/01(+-*&<%-#AC&@)&,-*<0<$)*$&(,/-<<&@-$%&3-C)A<K&<-&$%($&

–  c<)/<&(/)&*-$&,-*2#<)CK&)D&#<)&C0e)/)*$&,/)C)*+(A<&(*C_-/&(#$%)*+,(+-*&,)/)3-*E&2-/&

$%)&$4-&3-C)A<K&)H)*&02&(,,)<<0*D&$%)&<(3)&

(??A0,(+-*&

–  8)/H0,)&:/-H0C)/<&(/)*f$&2-/,)C&$-&03?A)3)*$&

C#?A0,($)&.&0*,-3?(+@A)&<),#/0$E&2/(3)4-/5<&

2-/&$%)&$4-&3-C)A<&

J/0H)/<&

F(,5&-2&

<$(*C(/C<&

&

&

>A-#C&":;<&

:(<<4-/C&

(*+O

?(])/*&

W(+H)&

3-@0A)&

"??A0,(+-*<&

!"#$%&

7*$)/&!"#$%l&

•  "*&-?)*&?/-$-,-A&$-&(AA-4&<),#/)&":;&(#$%-/01(+-*&0*&(&<03?A)&(*C&<$(*C(/C&3)$%-C&2/-3&C)<5$-?K&3-@0A)&(*C&

4)@&(??A0,(+-*<I&

•  J)h*)<&(#$%-/01(+-*&.&(#$%)*+,(+-*&2/(3)4-/5&2-/&

67892#A&":;<&

•  "??A0)C&$-&C)A)D($)C&(#$%-/01(+-*&'&30+D($)<&?(<<4-/C&

(*+O?(])/*&O&(/,%)$E?0,(A&#<)&,(<)&

•  :/-H0C)<&(&<$(*C(/C&4(E&$-&D0H)&(&r5)Ef&$-&(&$%0/CO?(/$E&4%0,%&(AA-4<&-*AE&A030$)C&(,,)<<&$-&?)/2-/3&<?),0h,&

2#*,+-*<&

– N0$%-#$&C0H#AD0*D&E-#/&,/)C)*+(A<&&

"*&!H)/#<)C&"*(A-DE&

OAuth is your valet key to the Interwebs

It’s going happen one way or the other so may as well tax and regulate!

"D)*C(&

•  !"#$%&C/0H)/<&•  8,/))*<%-$&C)3-&

•  !"#$%&%0<$-/E&•  !"#$%&U&•  !"#$%&0*&,-*$)P$&•  o)E&#<)&,(<)<&•  !"#$%&<),#/0$E&3-C)A&

•  "AA&$%)&@)AA<&.&4%0<$A)<&4(A5&$%/-#D%&

Real World Demo -> brizzly.com accesses the twitters &

"D)*C(&

•  !"#$%&C/0H)/<&•  8,/))*<%-$&C)3-&

•  !"#$%&%0<$-/E&•  !"#$%&U&•  !"#$%&0*&,-*$)P$&•  o)E&#<)&,(<)<&•  !"#$%&<),#/0$E&3-C)A&

•  "AA&$%)&@)AA<&.&4%0<$A)<&4(A5&$%/-#D%&

A [confusing] Little History&•  First was the Emergence of Proprietary Solutions

–  Google AuthSub, AOL OpenAuth, Yahoo BBAuth, Upcoming API, Flickr API, AWS API, and more

•  OAuth Core 1.0 [Oct 2007] –  Open protocol to standardize what was already being

done •  OAuth Core 1.0 Revision A [June 2009]

–  Addresses a session fixation attack •  The OAuth 1.0 Protocol / RFC 5849 [April 2010]

–  Move to the IETF as informational documentation of 1.0a with editorial clarifications and errata

!"#$%&903)A0*)&

>-33#*0$E&

;79V&

N6":&

UZkZ& UZkk&UZZs&UZZt&UZZu&

!"#$%&kIZ&

!"#$%&kIZ(&

!"#$%&UIZ&

;*2-&6V>&XtRs&

&

vN9&

B-/)&b0<$-/EK&8+AA&>-*2#<0*D&

•  !"#$%&N6":&`N)@&6)<-#/,)&"#$%-/01(+-*&

:/-hA)<a [v(*&UZkZ] – Better Support for non-web applications – Simplify the Client – Short lived, opaque, bearer access tokens with

long lived refresh tokens – Cleaner separation of roles

•  Server handling authorization requests •  Server handling protected resource access •  Client

– Simple Web Token (SWT) •  Attempt to standardize an access token format

•  Oauth 2.0 [in progress]

=#$&%)&)P?A(0*)C&$%($&%)&%(C&2-/D-])*&0$&($&%-3)I&

"*C&(*E4(E<K&dH-**)&($&$%)&<(A-*&$-AC&3)&$%($&

!"#$%&N6":&C-)<*f$&)H)*&/)L#0/)&,A0)*$&

<0D*($#/)<&<-&;&C-*G$&5*-4&4%E&E-#&(/)&@)0*D&<-&

w#CD)3)*$(A&p&&

b-*)<$AE&8(AAEll&;&,(*G$&@)A0)H)&E-#&2)AA&2-/&

$%)&G;&C-*f$&%(H)&3E&$-5)*x<),/)$&40$%&3)G&

A0*)ll&>A0)*$<&%(H)&@))*&$)AA0*D&#<&68<&$%($&

-*)&2-/&E)(/<ll&

"D)*C(&

•  !"#$%&C/0H)/<&•  8,/))*<%-$&C)3-&

•  !"#$%&%0<$-/E&•  !"#$%&U&•  !"#$%&0*&,-*$)P$&•  o)E&#<)&,(<)<&•  !"#$%&<),#/0$E&3-C)A&

•  "AA&$%)&@)AA<&.&4%0<$A)<&4(A5&$%/-#D%&

OAuth 2.0 •  >-*,)?$#(AAE&<030A(/&$-&N6":&

•  N0$%&@#0A$&0*&)P$)*<0@0A0$E&

•  >A)(/&<)?(/(+-*&-2&D)y*D&(&$-5)*&(*C&#<0*D&(&$-5)*&

–  7(/AE&C/(i<&%(C&(*&-?+-*&2-/&$-5)*&<0D*($#/)<&@#$&$%($&4(<&C/-??)C&

–  z!"#$%&UIZ&0<&=(C&2-/&$%)&N)@{&'&<?),&(#$%-/_)C0$-/&

–  =)(/)/&$-5)*<&–  6)$#/*&-2&$%)&B">&

•  "??/-(,%0*D&h*(A&<$(*C(/C01(+-*&0*&;79V&–  6)(AAEg&&–  >#//)*$AE&($&C/(i&Okt&&

•  "??A0,(@A)&$-&3(*E&-$%)/&<,)*(/0-<&'&)H)*&$%-<)&40$%&*-&#<)/<&

•  W-$(@A)&2-/&0$<&-?+301(+-*<&2-/&3-@0A)&

–  !%&E)(%g&

!"#$%&UIZ&9)/30*-A-DE^&6-A)<&

•  !"#$%!&"'$()"!^&(*&)*+$E&`#<#(AAE&(*&)*CO#<)/_?)/<-*a

,(?(@A)&-2&D/(*+*D&(,,)<<&$-&(&

?/-$),$)C&/)<-#/,)&I&

•  &*+"),^&(*&(??A0,(+-*&-@$(0*0*D&(#$%-/01(+-*&(*C&3(50*D&

?/-$),$)C&/)<-#/,)&/)L#)<$<&

`-*&@)%(A2&-2&$%)&/)<-#/,)&

-4*)/aI&&

•  !"#$%!&"'#"!-"!'`./a^&$%)&<)/H)/&%-<+*D&?/-$),$)C&

/)<-#/,)<&

•  0%,1$!+203$)'#"!-"!'`4/a^&(&<)/H)/&,(?(@A)&-2&0<<#0*D&

$-5)*<K&-@$(0*0*D&

(#$%-/01(+-*K&(*C&

(#$%)*+,(+*D&/)<-#/,)&

-4*)/<I&

B-/)&9)/30*-A-DE^&9-5)*<&

•  ",,)<<&9-5)*&–  ,/)C)*+(A&#<)C&@E&,A0)*$&$-&(,,)<<&?/-$),$)C&/)<-#/,)<&($&$%)&68&–  ?)/30<<0-*<&(e-/C)C&@E&$%)&$-5)*&,(*&@)&<,-?)C&

–  0<<#)C&@E&$%)&"8&&–  <$/#,$#/)&0<&#*C)h*)C&@E&$%)&<?),`<a&–  #<#(AAE&-?(L#)&$-&$%)&,A0)*$&–  D)*)/(AAE&<%-/$&A0H)C&–  ,(*&@)&<)A2&,-*$(0*)C&-/&(&/)2)/)*,)&–  <%0i<&,-3?A)P0$E&2/-3&$%)&68&$-&$%)&"8&

•  6)2/)<%&9-5)*&–  #<)C&@E&,A0)*$&$-&-@$(0*&(&*)4&(,,)<<&$-5)*&4%)*&$%)&-AC&-*)&)P?0/)<&

–  ,A0)*$&-*AE&<)*C<&$-&"8K&*)H)/&$-&68&–  D)*)/(AAE&A-*D&A0H)C&&

",,)<<&9-5)*&9E?)<&

•  ",,)<<&$-5)*<&,(*&%(H)&C0e)/)*$&–  2-/3($<&

–  <$/#,$#/)<&– 3)$%-C<&-2&#+A01(+-*&`)IDI&,/E?$-D/(?%0,&?/-?)/+)<a&

•  ",,)<<&$-5)*<&3#<$&@)&C)h*)C&@E&,-3?(*0-*&

<?),0h,(+-*<&

–  $-5)*x$E?)&&–  (CC0+-*(A&?(/(3)$)/<&(<&*))C)C&

–  %-4&$-&#<)&($&68&

=)(/)/&",,)<<&9-5)*<&

•  "*E&?(/$E&0*&?-<<)<<0-*&-2&$%)&$-5)*&`(&z@)(/)/za&,(*&#<)&$%)&$-5)*&0*&(*E&4(E&$%($&

(*E&-$%)/&?(/$E&0*&?-<<)<<0-*&-2&0$&,(*I&

•  $-5)*x$E?)^&=)(/)/&&•  9-5)*&,(*&@)&?/)<)*$)C&$-&$%)&68&0*&b99:&"#$%-/01(+-*&b)(C)/K&&=-CE&:(/(3)$)/K&-/&

|#)/E&:(/(3)$)/&

•  6)L#0/)<&9F8&•  9-5)*&<$/#,$#/)&<+AA&#*C)h*)C&

B">&",,)<<&9-5)*<&

•  "I5I(I&:/--2&-2&?-<<)<<0-*&$-5)*K&?/--2&$-5)*K&b-o&$-5)*&•  J)h*)<&(*&b99:&B">&(,,)<<&(#$%)*+,(+-*&<,%)3)&`5)E&0CK&

B">&5)E&.&(AD-/0$%3K&(*C&0<<#)&+3)a&

–  ;C&0<&<)*$&40$%&/)L#)<$&&–  o)E&0<&<%(/)C&<E33)$/0,&<),/)$&@)$4))*&$%)&,A0)*$&(*C&$%)&<)/H)/&

#<)C&$-&r<0D*f&/)L#)<$<&`$%)/)@E&?/-H0*D&?-<<)<<0-*&-2&$%)&<),/)$a&

•  !"#$%&UIZ&@0*C0*D&2-/&#<)&(<&(*&(,,)<<O$-5)*&$E?)&&–  $-5)*x$E?)^&3(,&

–  o)E&0C&0<&$%)&(,,)<<x$-5)*&•  V-/3($&.&<$/#,$#/)&0<&<+AA&#*C)h*)C&

–  3(,x5)E&.&3(,x(AD-/0$%3&(<&(CC0+-*(A&?(/(3)$)/<&

•  :/-$),$<&(D(0*<$&$-5)*&A)(5(D)&•  o0*C(&<+AA&*))C<&9F8&0*&<-3)&,(<)<&

B-/)&9)/30*-A-DE^&7*C?-0*$<&

•  "8&7*C?-0*$<&–  4%,1$!+203$)'")56$+),&

•  #<)CK&H0(&#<)/O(D)*$&/)C0/),+-*K&$-&(#$%)*+,($)&(*C&-@$(0*&(#$%-/01(+-*&2/-3&$%)&/)<-#/,)&-4*)/I&&

•  7*C&#<)/&-*&$%)&2/-*$&,%(**)AI&–  7$8")'")56$+),'

•  c<)C&$-&)P,%(*D)&(*&(#$%-/01(+-*&D/(*$&2-/&(*&(,,)<<&$-5)*I&•  >A0)*$&-*&$%)&@(,5&,%(**)AI&

•  >A0)*$&7*C?-0*$&–  ."5+!"&3$)'9.:'

•  "i)/&,-3?A)+*D&0$<&0*$)/(,+-*&40$%&$%)&/)<-#/,)&-4*)/K&$%)&"8&

C0/),$<&$%)&/)<-#/,)&-4*)/G<&#<)/O(D)*$&@(,5&$-&$%)&,A0)*$&($&$%)&

,A0)*$f<&/)C0/),+-*&c6;I&

•  V/-*$&,%(**)A&,(AA@(,5&&

9)/30*-A-DE^&"#$%-/01(+-*&S/(*$&

•  S)*)/(A&$)/3&#<)C&$-&C)<,/0@)&$%)&0*$)/3)C0($)&

,/)C)*+(A<&/)?/)<)*+*D&$%)&/)<-#/,)&-4*)/&

(#$%-/01(+-*&

•  8)/H)<&(<&(*&(@<$/(,+-*&A(E)/&–  *-$&$%)&,A)(*)<$&(@<$/(,+-*&

•  c<)C&@E&$%)&,A0)*$&$-&-@$(0*&(*&(,,)<<&$-5)*&•  "AA&$-5)*&)*C?-0*$&,(AA<&0*H-AH)&)P,%(*D0*D&<-3)&

D/(*$&2-/&(*&(,,)<<&$-5)*&

•  8?),&C)h*)<&<)H)/(A&$E?)<&(<&4)AA&(<&(*&)P$)*<0@0A0$E&3),%(*0<3&

9)/30*-A-DE^&8,-?)&

•  9%)&C)h*0+-*&-2&<,-?)&0<&`3-<$AEa&-#$&-2&<,-?)&

–  8))&4%($&;&C0C&$%)/)g&–  9%)&<,-?)&-2&$%)&(,,)<<&/)L#)<$&0<&)P?/)<<)C&(<&(&A0<$&-2&<?(,)OC)A030$)CK&,(<)&<)*<0+H)&<$/0*D<I&

–  !/C)/&C-)<*f$&3(])/I&

–  9%)&H(A#)&(*C&3)(*0*D&-2&<,-?)&<$/0*D<&(/)&C)h*)C&@E&$%)&

(#$%-/01(+-*&<)/H)/I&

•  6)L#)<+*D_D/(*+*D&<?),0h,&<,-?)`<a&(AA-4<&$%)&(,,)<<&/0D%$<&(<<-,0($)C&40$%&(&$-5)*&$-&@)&A030$)C&

–  7*(@A)<&$%)&?/0*,0?A)&-2&A)(<$&?/0H0A)D)&`-/&A)<<&?/0H0A)D)&(*E4(Ea&

–  !*AE&(<5&2-/&4%($&0<&*))C)C&

"@<$/(,$&VA-4&

•  >A0)*$&-@$(0*<&(#$%-/01(+-*&D/(*$&2/-3&/)<-#/,)&

-4*)/n&

•  >A0)*$&,(AA<&$%)&(#$%-/01(+-*&<)/H)/&$-&)P,%(*D)&$%)&D/(*$&2-/&(*&(,,)<<&$-5)*nn&

•  >A0)*$&#<)<&$%)&(,,)<<&$-5)*&$-&(,,)<<&?/-$),$)C&/),-#/<)<&($&$%)&/)<-#/,)&<)/H)/nnn&

n<-3)+3)<&

nn#<#(AAE&

nnn?/-@(@AE&

"#$%-/01(+-*&S/(*$&9E?)<&

•  (#$%-/01(+-*&,-C)&•  03?A0,0$n&

•  /)<-#/,)&-4*)/&?(<<4-/C&,/)C)*+(A<&•  ,A0)*$&,/)C)*+(A<&•  /)2/)<%&$-5)*&•  7P$)*<0-*<&

n&-*)&-2&$%)<)&$%0*D<&0<&*-$&A05)&$%)&-$%)/<p&

S/(*$&9E?)^&"#$%-/01(+-*&>-C)&

•  >A0)*$&<)*C<&/)<-#/,)&-4*)/K&H0(&@/-4<)/K&$-&$%)&(#$%-/01(+-*&)*C?-0*$&($&$%)&"8&&

–  7*CO#<)/&(#$%)*+,($)<&–  7*CO#<)/&(??/-H)<&/)L#)<$)C&(,,)<<&

•  "8&<)*C<&$%)&)*CO#<)/&$-&$%)&,A0)*$f<&/)C0/),$&c6;&(*C&0*,A#C)<&$%)&,-C)&(<&(&L#)/E&?(/(3)$)/&

•  >A0)*$&/),)0H)<&$%)&/)C0/),+-*&,(AA@(,5K&)P$/(,$<&$%)&,-C)K&(*C&<)*C<&0$&$-&$%)&"8&0*&)P,%(*D)&2-/&(*&(,,)<<&$-5)*&(*C&

?/-@(@AE&(&/)2/)<%&$-5)*&

•  S/)($&2-/&4)@&(??&,A0)*$<&–  >A0)*$&(#$%)*+,(+-*&–  7(<E&$-&%(*CA)&$%)&/)C0/),$&

•  !5(E&2-/&3-@0A)&,A0)*$<&

–  N0$%-#$&,A0)*$&(#$%)*+,(+-*&

–  W))C&$/0,5<&$-&%(*CA)&$%)&/)C0/),$&

S)y*D&(*&"#$%-/01(+-*&>-C)&

S79&_(<_(#$%-/01(+-*I-(#$%Ug,A0)*$x0C}(,A0)*$.&

&/)C0/),$x#/0}%]?<mY"__,A0)*$I)P(3?A)I,-3_,@.&

&&&&&&&&&/)<?-*<)x$E?)},-C).<,-?)}@))/T%-,5)ETC-*#$<&b99:_kIk&&

b-<$^&<)/H)/I)P(3?A)I,-3&&

b99:_kIk&YZU&V-#*C&

F-,(+-*^&%]?<^__,A0)*$I)P(3?A)I,-3_,@g,-C)}S),B7C0P8o6v!tP2?>qbDsVDUb1)&

4%,1$!+203$)'.";%"#,'

4%,1$!+203$)'."#6$)#"'

/%6"!<%$%#'=0)050'>0#1+)?@'A+!#,''$B'C0)D'

7P,%(*D)&"#$%-/01(+-*&>-C)&2-/&",,)<<&9-5)*&

:!89&_(<_$-5)*I-(#$%U&b99:_kIk&

b-<$^&(<I)P(3?A)I,-3&

>-*$)*$O9E?)^&(??A0,(+-*_PO444O2-/3O#/A)*,-C)C~,%(/<)$}c9VOt&

&

,A0)*$x0C}(,A0)*$.,A0)*$x<),/)$}%-<)/./)C0/),$x#/0}%]?<mY"__,A0)*$I)P(3?A)I,-3_

,@.D/(*$x$E?)}(#$%-/01(+-*x,-C).,-C)}S),B7C0P8o6v!tP2?>qbDsVDUb1)&

b99:_kIk&UZZ&!o&

>(,%)O>-*$/-A^&*-O<$-/)&

:/(D3(^&*-O,(,%)&

>-*$)*$O9E?)^&(??A0,(+-*_w<-*~&,%(/<)$}c9VOt&

&&

�&

&z$-5)*x$E?)z^z=)(/)/zK&

&z(,,)<<x$-5)*z^z(ZÄ#1JYW2J<w><9cÅ=XF3q<uN:|kPZuJ>b6{K&&

&z)P?0/)<x0*z^YÇZZK

&z/)2/)<%x$-5)*z^z389=?L|,8567>W2J,A26Jw67*3L)NÄ(?ZJ<)BÇ(q50P;q{&

É&

4&&"##'7$8")'.";%"#,'

4&&"##'7$8")'."#6$)#"'

=/0)2&;*$)/A#C)^&c<0*D&$%)&",,)<<&9-5)*&

S79&_C-#@A)_<),/)$_?/-@(+-*_/)<-#/,)&b99:_kIk&&

b-<$^&/<I)P(3?A)I,-3&&

"#$%-/01(+-*^&=)(/)/&(ZÄ#1JYW2J<w><9cÅ=XF3q<uN:|kPZuJ>b6&

E!$,"&,"5'."#$%!&"'.";%"#,'(+,1'0'F"0!"!'7$8")'

G4='7$8")'0'F+,'G$!"'=$C6*+&0,"5'

&

&&&&&:!89&_$(5)_-e_)%&b99:_kIk&

&&&&&b-<$^&/<I)P(3?A)I,-3&

&&&&&>-*$)*$O9E?)^&(??A0,(+-*_PO444O2-/3O#/A)*,-C)C&

&&&&&"#$%-/01(+-*^&B">&0C}zwCsYC%sC%YsJzK&

&&&&&&&&&&&&&&&&&&&&&&&&*-*,)}zUuYkXÇ^C0Y%HC2tzK&

&&&&&&&&&&&&&&&&&&&&&&&&@-CE%(<%}z5s5@$>;EZ>5;Y_V72?8_-;Jw5Ç5}zK&

&&&&&&&&&&&&&&&&&&&&&&&&3(,}zNu@CBÅ@HscN!9(C"8;|b(DÅE0/"}z&

S/(*$&9E?)^&;3?A0,0$&

•  8030A(/&$-&$%)&(#$%-/01(+-*&,-C)&Q-4&)P,)?$p&&

•  "i)/&/)<-#/,)&-4*)/&(#$%)*+,(+-*&(*C&(#$%-/01(+-*K&$%)&"8&<)*C<&$%)&)*CO#<)/&$-&$%)&

,A0)*$f<&/)C0/),$&c6;&(*C&0*,A#C)<&$%)&(,,)<<&

$-5)*&-*&2/(D3)*$&&

•  W-&$-5)*&)*C?-0*$&,(AA&<-&*-$&n/)(AAEn&(&D/(*$&$E?)&

•  !?+301)C&2-/&r40CD)$f&,A0)*$<&-/&0*O@/-4<)/&

v(H(8,/0?$&(??A0,(+-*<&

•  >-#AC&(A<-&4-/5&2-/&*(+H)_3-@0A)&,A0)*$<&

S)y*D&(&9-5)*&40$%&;3?A0,0$&

S79&_(<_(#$%-/01(+-*I-(#$%Ug,A0)*$x0C}(,A0)*$.&

&/)C0/),$x#/0}%]?<mY"__,A0)*$I)P(3?A)I,-3_,@./)<?-*<)x$E?)}$-5)*&b99:_kIk&&

b-<$^&<)/H)/I)P(3?A)I,-3&&

b99:_kIk&YZU&V-#*C&

F-,(+-*^&%]?<^__,A0)*$I)P(3?A)I,-3_,@M)P?0/)<x0*}YÇZZ &

&.$-5)*x$E?)}=)(/)/.(,,)<<x$-5)*}D=w""2u;-ZV;24Å(qJ96|DZCuS94"!FuSÇ)&

4%,1$!+203$)'.";%"#,'

4%,1$!+203$)'."#6$)#"'

S79&_C-#@A)_<),/)$_?/-@(+-*_/)<-#/,)&b99:_kIk&&

b-<$^&/<I)P(3?A)I,-3&&

"#$%-/01(+-*^&=)(/)/&D=w""2u;-ZV;24Å(qJ96|DZCuS94"!FuSÇ)&

E!$,"&,"5'."#$%!&"'.";%"#,'

S/(*$&9E?)^&&

6)<-#/,)&!4*)/&:(<<4-/C&>/)C)*+(A<&

•  >A0)*$&-@$(0*<&/)<-#/,)&-4*)/f<&#<)/*(3)&(*C&

?(<<4-/C&C0/),$AE&2/-3&$%)&/)<-#/,)&-4*)/&(*C&

<)*C<&$%)3&C0/),$AE&$-&$%)&"8&(<&(&D/(*$I&

•  6)L#0/)<&$/#<$&0*&$%)&,A0)*$I&•  6)2/)<%&$-5)*&)A030*($)<&$%)&*))C&2-/&$%)&,A0)*$&$-&

<$-/)&$%)&?(<<4-/CI&

•  ;*$)*C)C&(<&(&30D/(+-*&3),%(*0<3&&

7P,%(*D)&6!&>/)C<&2-/&",,)<<&9-5)*&

:!89&_(<_$-5)*I-(#$%U&b99:_kIk&

b-<$^&(<I)P(3?A)I,-3&

"#$%-/01(+-*^&=(<0,&,Us$ÅNW<(NÄ#CJ?=@NÄE(NW%vYW;dq|}&

>-*$)*$O9E?)^&(??A0,(+-*_PO444O2-/3O#/A)*,-C)C~,%(/<)$}c9VOt&

&

,A0)*$x0C}<-3),A0)*$.D/(*$x$E?)}?(<<4-/C.#<)/*(3)}3(C<)*.?(<<4-/C}#<)A)<<$(P-*-3E&

b99:_kIk&UZZ&!o&

>(,%)O>-*$/-A^&*-O<$-/)&

:/(D3(^&*-O,(,%)&

>-*$)*$O9E?)^&(??A0,(+-*_w<-*~&,%(/<)$}c9VOt&

&&

�&

&z$-5)*x$E?)z^z=)(/)/zK&

&z(,,)<<x$-5)*z^z(ZÄ#1JYW2J<w><9cÅ=XF3q<uN:|kPZuJ>b6{K&&


&z/)2/)<%x$-5)*z^z389=?L|,8567>W2J,A26Jw67*3L)NÄ(?ZJ<)BÇ(q50P;q{&

É&

4&&"##'7$8")'.";%"#,'

4&&"##'7$8")'."#6$)#"'/%6"!<%$%#'=0)05+0)'>0#1+)?@'

S/(*$&9E?)^&>A0)*$&>/)C)*+(A<&

•  >A0)*$&,(*&/)L#)<$&(*&(,,)<<&$-5)*&#<0*D&-*AE&0$<&-4*&,/)C)*+(A<&

•  V-/&/)<-#/,)<&#*C)/&$%)&,A0)*$f<&,-*$/-A&-/&-$%)/&/)<-#/,)<&(<&?-A0,E&C0,$($)<&

•  Bc89&-*AE&@)&#<)C&@E&Ñ?/0H($){&,A0)*$<&`,A0)*$<&$%($&,(*&

(#$%)*+,($)&<),#/)AEa&

•  W-&/)2/)<%&$-5)*&•  >A0)*$&"#$%)*+,(+-*&B),%(*0<3<&

–  ,A0)*$x0C&.&,A0)*$x<),/)$&?(/(3)$)/<&&

–  b99:&=(<0,&–  Ñ9%)&(#$%-/01(+-*&<)/H)/&B"d&<#??-/$&(*E&<#0$(@A)&b99:&

(#$%)*+,(+-*&<,%)3)&3($,%0*D&0$<&<),#/0$E&/)L#0/)3)*$<{&

–  B#$#(A&9F8&

–  ,A0)*$x(<<)/+-*&.&,A0)*$x(<<)/+-*x$E?)&?(/(3)$)/<&

S/(*$&9E?)^&6)2/)<%&9-5)*&

•  ;2&(&/)2/)<%&$-5)*&4(<&0<<#)C&$-&$%)&,A0)*$&C#/0*D&$%)&)P,%(*D)&-2&(&?/0-/&D/(*$K&0$&,(*&@)&#<)C&(<&(*&

(#$%-/01(+-*&D/(*$&$-&D)$&(&*)4&(,,)<<&$-5)*&

– c*A)<<&/)H-5)C&-/&-$%)/40<)&0*H(A0C&•  6)2/)<%&(*&)P?0/)C&(,,)<<&$-5)*&40$%-#$&0*H-AH0*D&#<)/&(#$%-/01(+-*&

•  9%)&"8&3(E&0<<#)&(&*)4&/)2/)<%&$-5)*&

– S--C&<),#/0$E&%ED0)*)&

6)2/)<%0*D&(*&",,)<<&9-5)*&

:!89&_(<_$-5)*I-(#$%U&b99:_kIk&

b-<$^&(<I)P(3?A)I,-3&

"#$%-/01(+-*^&=(<0,&,Us$ÅNW<(NÄ#CJ?=@NÄE(NW%vYW;dq|}&

>-*$)*$O9E?)^&(??A0,(+-*_PO444O2-/3O#/A)*,-C)C~,%(/<)$}c9VOt&

&

,A0)*$x0C}<-3),A0)*$.D/(*$x$E?)}/)2/)<%x$-5)*./)2/)<%x$-5)*}389=?L|,8567>W2J,A26Jw

67*3L)NÄ(?ZJ<)BÇ(q50P;q&

b99:_kIk&UZZ&!o&

>(,%)O>-*$/-A^&*-O<$-/)&

:/(D3(^&*-O,(,%)&

>-*$)*$O9E?)^&(??A0,(+-*_w<-*~&,%(/<)$}c9VOt&

&&

�&

&z$-5)*x$E?)z^z=)(/)/zK&

&z(,,)<<x$-5)*z^zBCL=#)PqdAB8-D@/"40::Ru)SPSLÅ(w#vW({K&&


&z/)2/)<%x$-5)*z^z%AE7!!s:qD3H:0d;tDÇto87<Ub|%D/50c|S<,sqP<5C{&

É&

4&&"##'7$8")'.";%"#,'

4&&"##'7$8")'."#6$)#"'

7P$)*<0-*&S/(*$&9E?)<&

•  7P$)*<0-*&(#$%-/01(+-*&D/(*$&$E?)<&,(*&@)&C)h*)C&@E&(<<0D*0*D&$%)3&(&#*0L#)&(@<-A#$)&c6;&

2-/&#<)&40$%&$%)&zD/(*$x$E?)z&?(/(3)$)/I&

•  7P$)*<0-*<&,(*&C)h*)&(CC0+-*(A&?(/(3)$)/<&

*))C)CI&

•  7*(@A)<&@/0CD0*D&@)$4))*&!"#$%&(*C&-$%)/&?/-$-,-A<I&

–  8"BF&UIZ&

–  vN9&kIZ&

•  7*(@A)<&-$%)/&<$#e&$--&–  =)(/)/&(,,)<<&$-5)*&H(A0C(+-*&–  898&<$EA)&$-5)*&)P,%(*D)&

:(/+(A&8?),0h,(+-*&F(*C<,(?)&

9%)&!"#$%&UIZ&"#$%-/01(+-*&:/-$-,-A&

C/(iO0)ÖO-(#$%OHU&

9%)&!"#$%&UIZ&:/-$-,-A^&=)(/)/&9-5)*<&

C/(iO0)ÖO-(#$%OHUO@)(/)/&

b99:&"#$%)*+,(+-*^&B">&",,)<<&"#$%)*+,(+-*&

C/(iO0)ÖO-(#$%OHUO%]?O3(,&

8"BF&UIZ&=)(/)/&"<<)/+-*&S/(*$&&

9E?)&:/-hA)&2-/&!"#$%&UIZ&

C/(iO0)ÖO-(#$%O<(3AUO@)(/)/&

!"#$%&UIZ&"<<)/+-*&:/-hA)&&&&&&&&&&&&&&&&&&&&&&

C/(iO0)ÖO-(#$%O(<<)/+-*<&

v8!W&N)@&9-5)*&`vN9a&=)(/)/&

:/-hA)&2-/&!"#$%&UIZ&

&C/(iOw-*)<O-(#$%Ow4$O@)(/)/&

v8!W&N)@&9-5)*&`vN9a&&

C/(iOw-*)<Ow<-*O4)@O$-5)*&

"<<)/+-*<&(*C&:/-$-,-A<&2-/&8"BF&ÄUIZ&

<(3AO,-/)OUIZO-<&

9#+)?'0'7$8")'H"I)?'0'7$8")'

7P$)*<0-*&S/(*$<&&

.&

&>A0)*$&"#$%)*+,(+-*&

7$8")#'

v8!W&N)@&80D*($#/)&`vN8a&

C/(iOw-*)<Ow<-*O4)@O<0D*($#/)&

v8!W&N)@&80D*($#/)&`vN7a&

C/(iOw-*)<Ow<-*O4)@O)*,/E?+-*&

JKLMN'

O,1"!'E!$,$&$*#'c<)/OB(*(D)C&",,)<<&`cB"a&

>-/)&:/-$-,-A&

C/(iO%(/Cw-*-O-(#$%O#3(,-/)&!?)*;J&>-**),$&>-/)&kIZ&

"D)*C(&

•  !"#$%&C/0H)/<&•  8,/))*<%-$&C)3-&

•  !"#$%&%0<$-/E&•  !"#$%&U&•  !"#$%&0*&,-*$)P$&•  o)E&#<)&,(<)<&•  !"#$%&<),#/0$E&3-C)A&

•  "AA&$%)&@)AA<&.&4%0<$A)<&4(A5&$%/-#D%&

>-*$/(<$&.&>-3?-<)&

d";Ä&`d)$&"*-$%)/&;C)*+$E&Ä)**a&

8"BF&

!"#$%&

q">BF&

• :-A0,E&<E*$(P&

• "#$%1&|#)/En&

• "#$%*&2-/&8!":&":;<&• 9-5)*&2-/3($&

• 88!&?/-hA)&• ;>"B&

• >A-#C&"#$%1&

• "#$%1&C),0<0-*<&

• "#$%*&2-/&6789&":;<&• "]/0@#$)&<%(/0*D&&

!"#$%&/)A(+-*<%0?&$-&!?)*;J&

•  ;*&-*)&<)*<)K&!"#$%&.&!?)*;J&(/)&-/$%-D-*(AK&0)&!?)*;J&,-#AC&@)&#<)C&$-&(#$%)*+,($)&#<)/&

($&"8&2-/&-@$(0*0*D&,-*<)*$&

•  =#$&$%)&<030A(/0+)<&@)$4))*&!?)*;J&UIZ&(*C&

$%)&!"#$%&UIZ&(,,)<<&$-5)*&/)$/0)H(A&?0),)&

%(H)&3-+H($)C&?/-?-<(A<&2-/&@(<0*D&*)P$&

H)/<0-*&-2&!?)*;J&r-*&$-?&-2f&!"#$%&'&!?)*;J&

>-**),$&

:/-@A)3<&40$%&!?)*;J&UIZ&

•  F-*D&c6F&A030$(+-*<&

– B(*E&3-@0A)&@/-4<)/&(*C&<-3)&:>&@/-4<)/<&,%-5)&($&

A-*D&c6F<&,(#<)C&@E&"qK&:":7K&(*C&-$%)/&)P$)*<0-*<I&

•  F!"&,)0A0*D&–  ,(**-$&(](0*&F!"U&@),(#<)&-2&(<<)/+-*&C0<,A-<#/)&($&@/-4<)/&

•  ;3?A)3)*$(+-*&,-3?A)P0$E&

–  J0[)Ob)A3(*&5)E&)P,%(*D)K&>(*-*0,(A01(+-*&(*C&

80D*($#/)&%(/C&$-&03?A)3)*$&

•  J($(&8%(/0*D&F030$(+-*<&

–  !*AE&?(0/O40<)&C($(&<%(/0*D&@)$4))*&$%)&!:&(*C&6:&0<&?-<<0@A)I&

!?)*;J&>-**),$&

•  J)<0D*)C&$-&(CC/)<<&?/)H0-#<AE&<$($)C&A030$(+-*<&-2&!?)*;J&UIZ&

•  6)Q),$<&(&%(/3-*01(+-*&-2&3#A+?A)&

,-3?)+*D&H0<0-*<&2-/&)H-A#+-*&-2&!?)*;J&UIZ&

•  "CC<&(&$%0*&G0C)*+$E&A(E)/G&-*$-&!"#$%&UIZ&•  J)<0D*)C&$-&<#??-/$&%0D%)/&F!"&

!?)*;J&>-**),$&V(30AE&$/))&

V(,)=--5&>-**),$&

vN9&

!?)*;J&>-**),$&/)A(+-*&$-&!"#$%&

•  N%)/)(<&!"#$%&0<&(&D)*)/(A&3),%(*0<3&$-&

(#$%-/01)&":;&(,,)<<K&!?)*;J&>-**),$&?/-hA)<&

$%)&D)*)/0,&2-/&?#/?-<)<&-2&<%(/0*D&?/-hA)&

0*2-/3(+-*&

•  c<)<&$%)&(#$%1&,-C)&.&03?A0,0$&D/(*$&$E?)<&'&$%)&

?0),)<&-2&!"#$%&-?+301)C&2-/&#<)/O,-*<)*$&

<,)*(/0-<&

•  F)H)/(D)<&$%)&(#$%-/01(+-*&.&$-5)*&)*C?-0*$<&.&(CC<&0C)*+$EO@(<)C&?(/(3<&$-&,-/)&!"#$%&

3)<<(D)<&

&

8"BF&.&!"#$%&

8"BF&!"#$%&

!"#$%&8"BF&

8"BF& !"#$%&

GbE@/0CG&'&,(//E&!"#$%&$-5)*&

0*&8"BF&88!&3)<<(D)<&

G"<<)/+-*&?/-hA)G&#<)&

8"BF&(<<)/+-*<&40$%0*&&

!"#$%&Q-4&

G8)L#)*,0*DG&'&#<)&8"BF&88!&

$-&(#$%)*+,($)&#<)/&$-&"8&

8)/H0,)&?/-H0C)/&

8)L#)*,0*D&

J)H0,)&

=/-4<)/&

"??A0,(+-*&

9-5)*&

v8!W_qBF&

;C)*+$E&?/-H0C)/&

9-5)*&

:4C&

8"BF&

&

!"#$%&

"??A0,(+-*&

9/(C0*D&

Use SAML assertion( or JWT) for OAuth client authentication and/or OAuth grant type :!89&_$-5)*&b99:_kIk&

b-<$^&<)/H)/I)P(3?A)I,-3&

>-*$)*$O9E?)^&(??A0,(+-*_PO444O2-/3O#/A)*,-C)C&

&

D/(*$x$E?)}(#$%-/01(+-*x,-C).&,-C)}0kN<6*k#=k.&,A0)*$x0C}<Ç=%C65L$Y.&

,A0)*$x(<<)/+-*x$E?)}#/*mY"-(<0<mY"*(3)<m<"$,mY"8"BF

mY"UIZmY"(<<)/+-*.&,A0)*$x(<<)/+-*}:bW%@NP4!AIIIÜ-30])C&2-/&

@/)H0$EáIIIÅ9&

&

&

&

& &

&

9/(C0*D&

!"#$%&

"<<)/+-*&?/-hA)&

8"BF& vN9&

>-/)&?/-$-,-A&

b-4&$-&#<)&(<<)/+-*<&&

2-/&,A0)*$&(#$%)*+,(+-*&&

(*C&(<&(&D/(*$&$E?)&Üká&&

:/-hA)<&(<<)/+-*&?/-hA)&

V-/&<?),0h,&(<<)/+-*&

V-/3($<&ÜUá&.&ÜYá&

Üká&O&%]?^__$--A<I0)ÖI-/D_%$3A_C/(iO0)ÖO-(#$%O(<<)/+-*<&

ÜUá&O&C/(iO0)ÖO-(#$%O<(3AUO@)(/)/&

ÜYáO&C/(iO0)ÖO-(#$%Ow4$O@)(/)/&

&

&

!"#$%&/)A(+-*<%0?&$-&q">BF&

9%-#D%&@-$%&2-,#<)C&-*&

r(#$%-/01(+-*fK&!"#$%&.&

q">BF&(/)&*0,)AE&

,-3?-<)(@A)&

!"#$%&0<&(#$%-/01(+-*g&

•  J)?)*C<&-*&4%($&?(/$&-2&$%)&(#$%1&)A)?%(*$&E-#&(/)&

A--50*D&($&

–  :-A0,E&`q">BFa&

–  |#)/E&`q">BF_8"BF&?/-hA)a&

–  >A(03<&`8"BF&.&N8OV)C&88!a&

–  c<)/&,-*<)*$&`!"#$%a&–  :)/30<<0-*<&`!"#$%a&

F%,'+B'D$%!'%#"'&0#"#'5$)P,'+)-$*-"'%#"!Q&$)#"),R',1")'O4%,1'#,0!,#',$'*$$8'C$!"'*+8"'0%,1")3&03$)'

&

cB"&.&!"#$%&

•  User Managed Access extends OAuth 2.0 to allow for a user to manage access to multiple (and distributed) resources through centralized Authorization Manager

•  Leverages separation between AS & RS introduced by WRAP

& O4%,1' 9G4'

9%)&/)<-#/,)&<)/H)/&/)<?),$<&(,,)<<&$-5)*<&

2/-3&Ñ0$<{&(#$%-/01(+-*&<)/H)/&

9%)&%-<$&-#$<-#/,)<&(#$%-/01(+-*&w-@<&$-&

(*&(#$%-/01(+-*&3(*(D)/&,%-<)*&@E&$%)&

#<)/&

9%)&(#$%-/01(+-*&<)/H)/&0<<#)<&$-5)*<&

@(<)C&-*&$%)&,A0)*$f<&(@0A0$E&$-&(#$%)*+,($)I&

9%)&(#$%-/01(+-*&3(*(D)/&0<<#)<&$-5)*<&

@(<)C&-*&#<)/&?-A0,E&(*C&Ñ,A(03<{&,-*H)E)C&

@E&$%)&/)L#)<$)/I&

9%)&/)<-#/,)&<)/H)/&H(A0C($)<&$-5)*<&0*&(*&

#*<?),0h)C&3(**)/K&(<<#3)C&A-,(AAE&

9%)&%-<$&,(*&(<5&$%)&(#$%-/01(+-*&3(*(D)/&

$-&H(A0C($)&$-5)*<&0*&/)(A&+3)I&

8$(+,&,A0)*$&/)D0<$/(+-*&<$)?&& B-/)&CE*(30,&3-C)A&

cB"&.&!"#$%&

ST'9#"!'+),!$5%&"#'U$#,',$'4G'

VT'.";%"#,$!'$>,0+)#'',$8")'B!$C'4G',$'%#"''0,'U$#,'

WT'U$#,'-"!+X"#',$8")'0,'4G'

"D)*C(&

•  !"#$%&C/0H)/<&•  8,/))*<%-$&C)3-&

•  !"#$%&%0<$-/E&•  !"#$%&U&•  !"#$%&0*&,-*$)P$&•  o)E&#<)&,(<)<&•  !"#$%&<),#/0$E&3-C)A&

•  "AA&$%)&@)AA<&.&4%0<$A)<&4(A5&$%/-#D%&

!"#$%&c<)&,(<)<&

c<)&,(<)&$(P-*-3E&

=*+"),'8)/H)/& B-@0A)&

8(3)&

C-3(0*&

4/Y9#"!'!"*03$)#1+6'

>A-#C&

@#<0*)<<&

B-@0A)&

4-/52-/,)&

;*$)/*(A& B-@0A)&

,-*<#3)/&

J0e)/)*$&

C-3(0*&

J0<+*D#0<%0*D&2)($#/)<&

•  W($#/)&-2&$%)&,A0)*$K&0)&3-@0A)&-/&4)@&(??&

•  N%)$%)/K&(*C&%-4K&#<)/&(#$%)*+,($)<&$-&"8&

•  N%)$%)/K&(*C&%-4K&,A0)*$&(#$%)*+,($)<&$-&"8&

•  N%)$%)/K&(*C&%-4K&#<)/&*))C<&$-&D0H)&,-*<)*$&

•  9/#<$&3-C)A&@)$4))*&>A0)*$&.&"8&

•  9/#<$&3-C)A&@)$4))*&68&.&"8&

!"#$%&c<)&>(<)^&B-@0A)&>-*<#3)/&

•  "&>-*<#3)/&>A-#C&=#<0*)<<&`)IDI&B(//0-]a&@#0AC0*D&

B-@0A)&"??<&

•  :/-H0C)&88!&(,,)<<&H0(&0:(CK&0:%-*)K&"*C/-0CK&)$,&•  9/#<$&/)A(+-*<%0?&0<&@)$4))*&)*$)/?/0<)&.&,-*<#3)/&

B-@0A)&>-*<#3)/^&&8?),0h,<&

ka&B-@0A)&(??A0,(+-*&A(#*,%)<&

@/-4<)/K&0*&4%0,%&#<)/&

(#$%)*+,($)<&$-&:0*DV)C)/($)&

`(*C&D/(*$<&,-*<)*$a&&&

Ua&:0*DV)C)/($)&/)$#/*<&,-C)&$-&

3-@0A)&(??A0,(+-*&$%/-#D%&

@/-4<)/&

Ya&B-@0A)&(??A0,(+-*&)P,%(*D)<&,-C)&

2-/&(,,)<<&$-5)*&

Ra&B-@0A)&(??A0,(+-*&(CC<&(,,)<<&

$-5)*&$-&0$<&6789&/)L#)<$&-2&

6)<-#/,)&8)/H)/&`":;a&

Xa&68&0*$)/(,$<&40$%&:0*DV)C)/($)&$-&

H)/02E&$-5)*K&(*C&/)$/0)H)&C)<0/)C&

(]/0@#$)<&

Ça&"<<#30*D&!oK&68&/)$#/*<&

/)L#)<$)C&C($(&$-&3-@0A)&

(??A0,(+-*&

9-5)*&

7*C?-0*$&

Ä(A0C(+-*&

7*C?-0*$&

"#$%Å&

7*C?-0*$&

68&

S'

V'

W'

Z'

['

\'

B-@0A)&>-*<#3)/<^&;*A0*)&-?+-*&

ka&B-@0A)&(??A0,(+-*&,-AA),$<&#<)/&

?(<<4-/C&(*C&<)*C<&$-&

:0*DV)C)/($)&0*&/)L#)<$&2-/&

(,,)<<&$-5)*a&&&

Ua&:0*DV)C)/($)&/)$#/*<&(,,)<<&$-5)*&

$-&3-@0A)&(??A0,(+-*&

Ya&B-@0A)&(??A0,(+-*&(CC<&(,,)<<&

$-5)*&$-&0$<&6789&/)L#)<$&-2&

6)<-#/,)&8)/H)/&`":;a&

Ra&68&0*$)/(,$<&40$%&:0*DV)C)/($)&$-&

H)/02E&$-5)*K&(*C&/)$/0)H)&

C)<0/)C&(]/0@#$)<&

Xa&"<<#30*D&!oK&68&/)$#/*<&

/)L#)<$)C&C($(&$-&3-@0A)&

(??A0,(+-*&

9-5)*&

7*C?-0*$&

Ä(A0C(+-*&

7*C?-0*$&

"#$%Å&

7*C?-0*$&

68&

W'

['

S'

V'

Z'

J0<,#<<0-*&

•  B-@0A)&,A0)*$<&(/)&D)*)/(AAE&*-$&0<<#)C&#*0L#)&,A0)*$&

,/)C)*+(A<&'&/($%)/&(AA&,-?0)<&<%(/)&$%)&<(3)&

–  :/-H0C)<&-*AE&,-(/<)&r(#$%)*+,(+-*f&`-/&H(A0C(+-*a&•  J0e)/)*$&#<)/&(#$%)*+,(+-*&3),%(*0<3<&%(H)&?/-<_

,-*<&

–  =/-4<)/O@(<)C&3),%(*0<3<&3(E&@)&(CH(*$(D)-#<&2/-3&

<),#/0$E&:-ÄI&"A<-&(AA-4<&2-/&h*)OD/(0*)C&,-*<)*$&

?-<<0@0A0+)<I&=/-4<)/&3(E&@)&)3@)CC)C&

–  ;*A0*)&3),%(*0<3&3(E&-e)/&#<(@0A0$E&(CH(*$(D)<K&@#$&($&(&

,-<$&

•  S/(*#A(/0$E&-H)/&,-*<)*$&•  6)A0(*,)&-*&?(<<4-/C<&

!"#$%&c<)&>(<)^&B-@0A)&>A-#C_8((<&&

•  "&>A-#C&=#<0*)<<_8((8&@#0AC0*D&B-@0A)&"??A0,(+-*<&

•  8#??-/$<&4-/52-/,)&(,,)<<&H0(&H0(&0:(CK&0:%-*)K&"*C/-0CK&)$,&$-&>A-#CO%-<$)C&":;<&

•  9/#<$&/)A(+-*<%0?&0<&@)$4))*&$%)&)*$)/?/0<)&(*C&>A-#C&=#<0*)<<_8((8&

B-@0A)&>A-#C&

ka&B-@0A)&(??A0,(+-*&A(#*,%)<&

@/-4<)/&$-&:0*DV)C)/($)&(#$%*&

?(D)&

&Ua&:0*DV)C)/($)&<)*C<&)3?A-E))&

@/-4<)/&$-&)*$)/?/0<)&;C:&2-/&88!K&

/),)0H)<&8"BF&(<<)/+-*&

Ya&:0*DV)C)/($)&/)$#/*<&,-C)&$-&

3-@0A)&(??A0,(+-*&$%/-#D%&

@/-4<)/&

Ra&B-@0A)&(??A0,(+-*&)P,%(*D)<&,-C)&

2-/&(,,)<<&$-5)*&

Xa&B-@0A)&(??A0,(+-*&(CC<&(,,)<<&

$-5)*&$-&0$<&6789&/)L#)<$&-2&

6)<-#/,)&8)/H)/&`":;a&

Ça&68&0*$)/(,$<&40$%&:0*DV)C)/($)&$-&

H)/02E&$-5)*K&(*C&/)$/0)H)&C)<0/)C&

(]/0@#$)<&

ua&"<<#30*D&!oK&68&/)$#/*<&

/)L#)<$)C&C($(&$-&3-@0A)&

(??A0,(+-*&

9-5)*&

7*C?-0*$&

Ä(A0C(+-*&

7*C?-0*$&

"#$%Å&

7*C?-0*$&

68&

S'

V'

Z'

['

\'

]'

;C:&

V'

W'

W'

c>&'&;*$)/*(A&8)/H)/&>A0)*$<&

•  7*$)/?/0<)&,-**),$<&0*$)/*(A&(??A0,(+-*<&$%/-#D%&6789&":;<&2-/&0*$)D/(+-*&

•  >A0)*$<&3(E&(,$&(#$-*-3-#<AEK&-/&(A$)/*(+H)AE&

-*&@)%(A2&-2&(*&)3?A-E))&-/&/-A)&

;*$)/*(A&":;<^&O&"#$-*-3-#<&

kI  ;*$)/*(A&,A0)*$&(#$%)*+,($)<&$-&

:0*DV)C)/($)&-*&/)L#)<$&2-/&

(,,)<<&$-5)*&

UI  :0*DV)C)/($)&/)$#/*<&(,,)<<&

$-5)*&$-&,A0)*$&

YI  B-@0A)&(??A0,(+-*&(CC<&(,,)<<&

$-5)*&$-&0$<&6789&/)L#)<$&-2&

6)<-#/,)&8)/H)/&`":;a&

RI  68&0*$)/(,$<&40$%&:0*DV)C)/($)&

$-&H)/02E&$-5)*K&(*C&/)$/0)H)&

(??/-?/0($)&,A0)*$&(]/0@#$)<&

XI  "<<#30*D&!oK&68&/)$#/*<&

/)L#)<$)C&C($(&$-&,A0)*$&

(??A0,(+-*&

9-5)*&

7*C?-0*$&

Ä(A0C(+-*&

7*C?-0*$&

"#$%Å&

7*C?-0*$&

68&

W'

['

S'

V'

Z'

;*$)/*(A&":;<^&&O&J)A)D($)C&

kI  >A0)*$&(??A0,(+-*&A(#*,%)<&

@/-4<)/&$-&:0*DV)C)/($)&(#$%*&

?(D)&

UI  &"i)/&A-D0*K&:0*DV)C)/($)&

/)$#/*<&,-C)&$-&,A0)*$&

(??A0,(+-*&$%/-#D%&@/-4<)/&

YI  >A0)*$&(??A0,(+-*&)P,%(*D)<&

,-C)&2-/&(,,)<<&$-5)*&

RI  >A0)*$&(??A0,(+-*&(CC<&(,,)<<&

$-5)*&$-&0$<&6789&/)L#)<$&-2&

6)<-#/,)&8)/H)/&`":;a&

XI  68&0*$)/(,$<&40$%&:0*DV)C)/($)&

$-&H)/02E&$-5)*K&(*C&/)$/0)H)&

C)<0/)C&(]/0@#$)<&

ÇI  "<<#30*D&!oK&68&/)$#/*<&

/)L#)<$)C&C($(&$-&,A0)*$&

(??A0,(+-*&

9-5)*&

7*C?-0*$&

Ä(A0C(+-*&

7*C?-0*$&

"#$%Å&

7*C?-0*$&

68&

\'

['

S'

V'

V'

W'

Z'

>A-#C&=#<0*)<<_8((8&

•  "&>A-#C&=#<0*)<<_8((8&?/-H0C)<&C($(&(,,)<<&$%/-#D%&6789&":;<&

•  ":;&,A0)*$<&(/)&4)@&(??A0,(+-*<&`0I)I&-*&(&<)/H)/a&

•  F(/D)&*#3@)/&-2&,A0)*$<&(,,)<<0*D&":;<&'&)(<0)/&$-&3(*(D)&$/#<$&($&$%)&

?(/$*)/_,#<$-3)/&A)H)A&$%(*&0*C0H0C#(A&,A0)*$<&

•  "#$%)*+,($)&,A0)*$&.&#<)/<&$%/-#D%&2)C)/(+-*K&/($%)/&$%(*&C0/),$AE&0<<#)C&

,/)C)*+(A<&

VA-4&

kI  >A0)*$&(??A0,(+-*&/)$/0)H)<&8"BF&

(<<)/+-*&2/-3&A-,(A&;C:&

UI  >A0)*$&<)*C<&8"BF&(<<)/+-*&$-&

:0*DV)C)/($)&($&8((8&:/-H0C)/_

?(/$*)/&)$,&

YI  :0*DV)C)/($)&/)$#/*<&(,,)<<&

$-5)*&$-&,A0)*$&

RI  >A0)*$&(??A0,(+-*&(CC<&(,,)<<&

$-5)*&$-&0$<&6789&/)L#)<$&-2&

6)<-#/,)&8)/H)/&`":;a&

XI  8((8&68&0*$)/(,$<&40$%&

:0*DV)C)/($)&$-&H)/02E&$-5)*K&

(*C&/)$/0)H)&C)<0/)C&(]/0@#$)<&

ÇI  "<<#30*D&!oK&8((8&68&/)$#/*<&

/)L#)<$)C&C($(&$-&,A0)*$&

(??A0,(+-*&

"D)*C(&

•  !"#$%&C/0H)/<&•  8,/))*<%-$&C)3-&

•  !"#$%&%0<$-/E&•  !"#$%&U&•  !"#$%&0*&,-*$)P$&•  o)E&#<)&,(<)<&•  !"#$%&<),#/0$E&3-C)A&

•  "AA&$%)&@)AA<&.&4%0<$A)<&4(A5&$%/-#D%&

!"#$%&U&8),#/0$E&B-C)A&

•  N)AAK&0$&<-/$&-2&C)?)*C<p&

– 9-5)*&$E?)&– S/(*$&$E?)&– >A0)*$&$E?)&

•  "A<-K&0$f<&50*C&-2&,-3?A0,($)Cp&

8)<<0-*&>--50)&"*(A-DE&&

•  !"#$%&#<0*D&@)(/)/&$-5)*<&0<&<-/$&-2&A05)&<)<<0-*&,--50)<&2-/&":;_/)<-#/,)&(,,)<<&&

•  S)*)/(AAE&E-#&A-D0*&$-&(&4)@<0$)&(*C&(/)&0<<#)C&(&<)<<0-*&,--50)&2-/&<#@<)L#)*$&/)L#)<$<&

•  S/(*$&0<&A05)&$%)&A-D0*&(*C&(,,)<<&$-5)*&0<&A05)&$%)&<)<<0-*&,--50)&&

•  9F8&0<&/)L#0/)C&($&)H)/E&<$)?&•  >--50)<&/)AE&-*&<(3)&-/0D0*&?-A0,E&

•  ",,)<<&$-5)*<&/)AE&-*&<$(+,&-/&4)AA&5*-4&<)/H)/<&•  W)0$%)/&0<&?)/2),$&•  J0<,-H)/E&,(**-$&@)&<(2)AE&C-*)&40$%&@)(/)/&$-5)*<&

N%($&(@-#$&B">g&

•  b)A?<&40$%&$%)&C0<,-H)/E&?/-@A)3&

•  8+AA&50*C&-2&<030A(/&$-&<)<<0-*&,--50)<&

–  ;*&2(,$K&$%)&B">&<?),&C)h*)<&(*&)P$)*<0-*&$-&$%)&

b99:&z8)$O>--50)&z&/)<?-*<)&%)(C)/&h)AC&

•  :/)H)*$<&,/)C)*+(A&A)(5(D)&•  >(*&@)&#<)C&-H)/&0*<),#/)&,%(**)A<&

– "CC<&,-3?A)P0$E&`*-/3(A01(+-*K&,/E?$-D/(?%EK&

<$($)&3(*(D)3)*$a&

– W-&,-*hC)*+(A0$E&`<+AA&*))C&9F8&2-/&$%($a&

9-5)*<&.&80D*0*D&&

•  80D*)C&9-5)*<&– 9-5)*&0<&<0D*)C&@E&$%)&0<<#)/&`"8a&–  vN9K&8N9K&8"BFK&)$,I&

– 9-5)*&0<&<)A2O,-*$(0*)C&•  80D*0*D&40$%&9-5)*<&&

– >A0)*$&<0D*<&$%)&/)L#)<$&40$%&<-3)&<),/)$&0<<#)C&

(A-*D&<0C)&$%)&$-5)*&

– B">&

– 9-5)*&,(*&@)&<)A2O,-*$(0*)C&-/&/)2)/)*,)&&

N%E&(/)*f$&9-5)*<&J)h*)Cg&

•  ;$f<&-5(EK&0$&/)(AAE&0<&•  ;&C-*f$&5*-4&4%E&)P(,$AEK&@#$&;fH)&D/-4*&$-&(,,)?$&(*C&)H)*&A05)&0$&

•  ;$&C-)<&03?AE&<-3)&A)H)A&-2&,--/C0*(+-*&

@)$4))*&$%)&"8&.&68&

•  903)&40AA&$)AAp&

!$%)/&8),#/0$E&8$#e&

•  6)2)/)*,)&<$EA)&$-5)*<&*))C&(&A-$&-2&)*$/-?E&•  6)H-,(+-*&0<&D--C&$-&?/-H0C)&•  9F8&•  >A0)*$&"#$%)*+,(+-*&(*C&@0*C0*D&$-&$-5)*<_,-C)<&•  =/#$)&2-/,)&,-#*$)/3)(<#/)<&

•  9-5)*&<$-/(D)&•  9-5)*_,-C)&A)(5(D)&•  :%0<%0*D&•  J0C&;&3)*+-*&9F8g&

•  8,-?)&

"D)*C(&

•  !"#$%&C/0H)/<&•  8,/))*<%-$&C)3-&

•  !"#$%&%0<$-/E&•  !"#$%&U&•  !"#$%&0*&,-*$)P$&•  o)E&#<)&,(<)<&•  !"#$%&<),#/0$E&3-C)A&

•  "AA&$%)&@)AA<&.&4%0<$A)<&4(A5&$%/-#D%&

N(A5&$%/-#D%&

•  N(A5&$%/-#D%&<,)*(/0-&-2&(*&)3?A-E))&#<0*D&(&

*(+H)&(??&-*&$%)0/&?%-*)_$(@A)$&$-&0*$)/(,$&

40$%&(&8((8&?/-H0C)/&

•  8"BF&?/-H0C)<&

– "#$%)*+,(+-*&-2&)3?A-E))&$-&8((8&?/-H0C)/&

•  !"#$%&?/-H0C)<&– (#$%-/01(+-*&-2&*(+H)&(??&$-&(,,)<<&8((8&":;<&–  ;<<#(*,)&-2&$-5)*<&2/-3&8((8&$-&*(+H)&(??&

N(A5&$%/-#D%&

&

&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&8"BF&

&

&

&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&!"#$%&

&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&!"#$%&

F-(C&(#$%1&?(D)&

F-(C&(#$%1&?(D)&

S79&_(<_(#$%-/01(+-*I-(#$%Ug

,A0)*$x0C}3-@0A)(??.<$($)}%-<)/./)C0/),$x#/0}3-@0A)(??^__

/)C0/),$x%)/)./)<?-*<)x$E?)},-C)&b99:_kIk&

^$,"'O O&W-&,A0)*$&?4C&O O&,#<$-3&<,%)3)&-*&/)C0/),$&c6F&

O O&/)<?-*<)&$E?)&-2&r,-C)f&

;C:&J0<,-H)/E&

;C:&C0<,-H)/E&

88!&6)L#)<$&

88!&/)L#)<$&

88!&6)L#)<$&

à<(3A?^"#$%*6)L#)<$&

&P3A*<^<(3A?}z#/*^-(<0<^*(3)<^$,^8"BFÛIZ^?/-$-,-Az&

P3A*<^<(3A}z#/*^-(<0<^*(3)<^$,^8"BFÛIZ^(<<)/+-*z&;J}z((2UYksÇOkuuYOUkkYORuR(O

2)kkRRkU(@uUz&Ä)/<0-*}zUIZz&;<<#);*<$(*$}zUZZROkUOZX9ZsÛk^XsÅ{â&

& &à<(3A^;<<#)/â%]?<^__<?I)P(3?A)I,-3_8"BFUà_<(3A^;<<#)/â&&à<(3A?^W(3);J:-A0,E&

"AA-4>/)($)}z$/#)z& &V-/3($}z#/*^-(<0<^*(3)<^$,^8"BF^

UIZ^*(3)0C^2-/3($^?)/<0<$)*$z_â&

à_<(3A?^"#$%*6)L#)<$â&

à2-/3&3)$%-C}z?-<$z&(,+-*}z%]?<^__0C?I)P(3?A)I-/D_8"BFU_88!_:!89z&â&

à0*?#$&$E?)}z%0CC)*z&*(3)}z8"BF6)L#)<$z&H(A#)}z!"#$"%&z&_â&à0*?#$&$E?)}z<#@30$z&H(A#)}z8#@30$z&_â&

à_2-/3â&&

c<)/&(#$%)*+,(+-*&

88!&/)<?-*<)&

88!&6)<?-*<)&

88!&6)<?-*<)&à<(3A^"<<)/+-*â&

à<(3A^;<<#)/â%]?<^__0C?I)P(3?A)I-/D_8"BFUà_<(3A^;<<#)/â&

àC<^80D*($#/)&P3A*<^C<}z%]?^__444I4YI-/D_UZZZ_Zs_P3AC<0DMzâIIIà_C<^80D*($#/)â&

à<(3A^8#@w),$â&à<(3A^W(3);J&V-/3($}z#/*^-(<0<^*(3)<^$,^8"BF^UIZ^*(3)0CO2-/3($^?)/<0<$)*$zâ&

Y2u@YC,2OkÇuROR),COsU,tOkXRR2YRÇ@(2t&à_<(3A^W(3);Jâà_<(3A^8#@w),$â&

à<(3A^"]/0@#$)8$($)3)*$â&

à<(3A^"]/0@#$)&W(3)}Ñ)3(0A{&â&

à<(3A^"]/0@#$)Ä(A#)&P<0^$E?)}zP<^<$/0*Dzâ?3(C<)*\?0*D0C)*+$EI,-3à_<(3A^"]/0@#$)Ä(A#)â&&

à_<(3A^"]/0@#$)â&&

à_<(3A^"]/0@#$)8$($)3)*$â&&

à_<(3A^"<<)/+-*â&&

6)<?-*<)&40$%&,-C)&

6)<?-*<)&40$%&,-C)&

b99:_kIk&YZU&V-#*C&

F-,(+-*^&3-@0A)(??^__/)C0/),$x%)/)g&

&<$($)}%-<)/.&

&,-C)}401v3(89:"2Z4L8)=YH3JPU3W8ÅoÇD&

>-*$)*$OF)*D$%^&Z&

9/(C)&,-C)&2-/&$-5)*&

9/(C)&,-C)&2-/&$-5)*&

:!89&_(<_$-5)*I-(#$%U&

b-<$^&(<I,-3&

,A0)*$x0C}(./)C0/),$x#/0}3-@0A)(??^__

/)C0/),$%)/).D/(*$x$E?)}(#$%-/01(+-*x,-C).,-C)}401v3(89:"2Z4L8)=YH3JPU

3W8ÅoÇD&b99:_kIk&

&

&

b99:_kIk&UZZ&!o&

>-*$)*$O9E?)^&(??A0,(+-*_w<-*~&,%(/<)$}c9VOt&

�z$-5)*x$E?)z^z=)(/)/zKz)P?0/)<x0*z^zÇZZzKz/)2/)<%x$-5)*z^z-|NL4Bc;FU*C)Bb<N7

EV!ZSE(AHo8H,U|;Rd#StU6BS5BzKz(,,)<<x$-5)*z^zA8=@,0RvDtB<w08LÅF=/17qDCR

3ocW%!5EVzÉ&

>A0)*$&,(AA<&":;&

>A0)*$&,(AA<&":;&

%]?<^__D/(?%I2(,)@--5I,-3_?(#AI)I3(C<)*_

2/0)*C<_g

(,,)<<x$-5)*}A8=@,0RvDtB<w08LÅF=/17qDCR3o

cW%!5EV&

&

&

&

&

&

Ä)/02E&$-5)*&

Ä)/02E&$-5)*&S79&_(<_$-5)*I-(#$%Ug

,A0)*$x0C}@.,A0)*$x<),/)$}?4C.D/(*$x$E?)}#/*^?0*D^H(A0C($).$-5)*}A8=@,0RvDtB<w08LÅF=/17qDCR3ocW%!5EV&

b99:_kIk&

b-<$^&(<I,-3&

",,)?$^&n_n&

&

&b99:_kIk&UZZ&!o&

>-*$)*$O9E?)^&(??A0,(+-*_w<-*~&,%(/<)$}c9VOt&&^$,'O4%,1'5"X)"5'

6)$#/*&J($(&

6)$#/*&C($(&

b99:_kIk&UZZ&!o&

>-*$)*$O9E?)^&(??A0,(+-*_w<-*~&,%(/<)$}c9VOt&

&

903)&?(<<)<&

&

&

&

6)2/)<%&$-5)*&

6)2/)<%&$-5)*&/)L#)<$&

:!89&_(<_$-5)*I-(#$%U&b99:_kIk&

b-<$^&A-,(A%-<$^sZYk&

&

,A0)*$x0C}(.D/(*$x$E?)}/)2/)<%x$-5)*.&

&/)2/)<%x$-5)*}-|NL4Bc;FU*C)Bb<N7EV!ZSE(AHo8H,U|;Rd#StU6BS5B&&

S)$&2/)<%&(]/0@#$)<&

S)$&2/)<%&(]/0@#$)<&

8>;B&-/&8"BFgg&

6)$#/*&(,,)<<&$-5)*&

6)$#/*&(,,)<<&$-5)*&

b99:_kIk&UZZ&!o&

>-*$)*$O9E?)^&(??A0,(+-*_w<-*~&,%(/<)$}c9VOt&

�z$-5)*x$E?)z^z=)(/)/zKz)P?0/)<x0*z^zÇZzKz/)2/)<%x$-5)*z^zvÅu|(REbX>t7Y>0

5H,ÅÅ<CRÅFcDÄEd*0)qLE@"Vw!@|?1zKz(,,)<<x$-5)*z^zRs=:;XF#WBYkZ-u

%@=s3s,;1;39XBtD,6w7zÉ&

&

60*<)&.&/)?)($&p&

&

&

&

&

(/,%0H)&

&

&

B-@0A)&(??&;CB&(/,%0$),$#/)&&

W(+H)&H<&4)@&(??<&

•  W-$&D-0*D&$-&$/E&$-&?/)C0,$&40**)/&'&)P?),$&@-$%&•  "#$%)*+,(+-*&.&(#$%-/01(+-*&<%-#AC&@)&,-*<0<$)*$&

(,/-<<&@-$%&3-C)A<K&<-&$%($&

–  c<)/<&(/)&*-$&,-*2#<)CK&)D&#<)&C0e)/)*$&,/)C)*+(A<&(*C_-/&(#$%)*+,(+-*&,)/)3-*E&2-/&

$%)&$4-&3-C)A<K&)H)*&02&(,,)<<0*D&$%)&<(3)&

(??A0,(+-*&

–  8)/H0,)&:/-H0C)/<&(/)*f$&2-/,)C&$-&03?A)3)*$&

C#?A0,($)&.&0*,-3?(+@A)&<),#/0$E&2/(3)4-/5<&

2-/&$%)&$4-&3-C)A<&

V)C)/(+-*&

•  V)C)/(+-*&(@<$/(,$<&(4(E&2/-3&(??A0,(+-*<&

<?),0h,<&-2&(#$%)*+,(+-*&.&(#$%-/01(+-*&'&

-#$<-#/,)C&$-&<?),0(A01)C&?/-H0C)/<&

•  >-3?A)P0$E&%0CC)*&@E&$-5)*&0<<#(*,)&.&H(A0C(+-*&

•  V)C)/(+-*&<$(*C(/C<&C)h*)&– 9-5)*&2-/3($<&

– b-4&,A0)*$<&-@$(0*&$-5)*<&– b-4&,A0)*$<&?/)<)*$&$-5)*<&$-&(??A0,(+-*&?/-H0C)/<&&

9-5)*<&

•  V)C)/($)C&(#$%)*+,(+-*&2-/&@-$%&4)@&(*C&*(+H)&3-@0A)&(??A0,(+-*<&0<&@(<)C&-*&)P,%(*D)&

(*C&C)A0H)/E&-2&&'(")%*$-&$%)&(??A0,(+-*&•  9-5)*<&,(//E&`-/&?-0*$&$-a&<),#/0$E&0*2-/3(+-*&

`A05)&(]/0@#$)<&-/&(#$%-/01(+-*<a&2-/&#<)/&$/E0*D&

$-&(,,)<<&$%)&(??A0,(+-*I&&

•  >A0)*$<&$E?0,(AAE&)P,%(*D)&,/)C)*+(A<&2-/&$-5)*<&O&)(<0)/_<(2)/&$-&<%(/)&$%)&$-5)*&(,/-<<&$%)&

*)$4-/5&/($%)/&$%(*&$%)&-/0D0*(A&,/)C)*+(A<&

•  N%)*&$-5)*&0<&<#@<)L#)*$AE&?/)<)*$)C&$-&(*&

(??A0,(+-*&?/-H0C)/K&$%)E&<)/H)&$-&(#$%)*+,($)&

(*C_-/&(#$%-/01)&$%)&/)L#)<$&

V)C)/(+-*&$(5)<&C0e)/)*$&2-/3<&

(??&

C($(&

"]/0@#$)<&2-/&(#$%)*+,(+-*&

"#$%-/01(+-*&2-/&(]/0@#$)<&

V-/&4)@&(??<K&$-5)*<&,(//E&

V-/&*(+H)&(??<K&$-5)*<&,(//E&

(??&

=/-4<)/&

9-5)*<&2-/&3-@0A)&4)@&(??A0,(+-*<&

•  V)C)/(+-*&2-/&4)@&(??A0,(+-*<&3(*02)<$<&(<&

88!&2/-3&<-3)&;C:&$-&$%)&(??A0,(+-*&?/-H0C)/&

•  88!&)<?),0(AAE&/)A)H(*$&2-/&3-@0A)&

•  9-5)*<&(])<+*D&$-&$%)&#<)/f<&0C)*+$E&(*C_-/&(#$%)*+,(+-*&<$($#<&C)A0H)/)C&&+!'$,+*`(<&/)C0/),$<a&$%)&@/-4<)/&2/-3&;C:&$-&$%)&

(??A0,(+-*&?/-H0C)/&

•  "??A0,(+-*&?/-H0C)/&H(A0C($)<&$-5)*&(*C&)P$/(,$<&0C)*+$E&(]/0@#$)<&2/-3&40$%0*&0*&-/C)/&

$-&,/)($)&A-,(A&<)<<0-*&&

9-5)*<&2-/&4)@&(??A0,(+-*<&

;C)*+$E&?/-H0C)/& 8)/H0,)&?/-H0C)/&

J)H0,)&=/-4<)/&

:4C& b9BF&

kI  c<)/&$/(C)<&,/)C)*+(A<&2-/&(&

$-5)*&2/-3&;C:&

UI  9-5)*&C)A0H)/)C&$%/-#D%&$%)&

@/-4<)/&$-&8:&

YI  8:&H(A0C($)<&$-5)*K&(*C&C)A0H)/<&

(??A0,(+-*&b9BF&

$-&@/-4<)/&

9-5)*&

8"BF&

!?)*;J&"??A0,(+-*&

=)<$&?/(,+,)<&

•  8$(*C(/C<&–  !?)*;J&UIZ&2-/&,-*<#3)/&<,)*(/0-<&

–  8"BF&UIZ&2-/&)*$)/?/0<)&.&,A-#C&

– N8OV)C)/(+-*&2-/&%-3-D)*)-#<&B8V9&

•  ;C:&J0<,-H)/E&–  ;*&,-*<#3)/&<?(,)K&,-*<0C)/&W(<,(/&40$%&)3(0AO

@(<)C&<#??A)3)*$&

–  ;*&,A-#C&<?(,)K&,-*<0C)/&)3(0AO@(<)C&

•  =-$%&;C:&`?-/$(Aa&(*C&8:&`C))?OA0*50*Da&0*0+($)C&(/)&/)A)H(*$&

•  B-@0A)&@/-4<)/&,-*<$/(0*$<&3(E&/),-33)*C&

(/+2(,$&3-C)A&0*&8"BF&

9-5)*<&2-/&*(+H)&(??A0,(+-*<&

•  W(+H)&(??A0,(+-*<&(#$%)*+,($)&$-&6789&":;<&@E&?/)<)*+*D&(&$-5)*&-*&$%)&,(AA&

•  9%)&?/),#/<-/&(,$&-2&$%)&*(+H)&(??A0,(+-*&-@$(0*0*D&(&$-5)*&0<&-i)*&,(AA)C&r(#$%-/01(+-*f&`?(/+,#A(/AE&0*&

$%-<)&,(<)<&4%)*&$%)&":;&2/-*$<&#<)/&0*2-K&)D&?/-hA)K&

$4))$<K&)$,a&

•  c<)/&(#$%-/01)<&`-/&,-*<)*$<a&$-&$%)&*(+H)&(??A0,(+-*&%(H0*D&(,,)<<&$-&$%)&":;&`(*C&$%)0/&C($(a&'&$%)&

(#$%-/01(+-*&0<&3(*02)<$)C&(<&$%)&0<<#(*,)&-2&(&$-5)*&

$-&$%)&*(+H)&(??&

•  !"#$%&UIZ&C-30*(*$&?/-$-,-A&@E&4%0,%&(&*(+H)&(??&

-@$(0*<&$%)&C)<0/)C&(#$%-/01(+-*<&(*C&$%)&

,-//)<?-*C0*D&$-5)*&`(*C&$%)*&#<)<&(D(0*<$&":;a&

B-@0A)&(#$%*&-?+-*<&

:)*+)"'

_`,"!)0*'>!$(#"!'

_C>"55"5'>!$(#"!' • E(5'#10!"5'(+,1'W!5'60!,D'• 466'$()#'9:'

• a+#%0*',!%#,'&%"#'• =0)'*"-"!0?"'#,$!"5'6(5#'

• ̂ $')""5',$'*"0-"'066'

• =%#,$C'#&1"C"'• _)0>*"#'//O'• _)0>*"#'#,!$)?'0%,1)'• 4/'$()#'9:'

9-5)*<&2-/&*(+H)&(??A0,(+-*<&

8)/H0,)&?/-H0C)/&

J)H0,)&

=/-4<)/&

"??A0,(+-*&

9-5)*&:4C&

v8!W_qBF&

kI  c<)/&$/(C)<&,/)C)*+(A<&2-/&(&$-5)*&UI  9-5)*&C)A0H)/)C&$%/-#D%&$%)&@/-4<)/&

$-&*(+H)&(??A0,(+-*&

YI  W(+H)&(??A0,(+-*&?/)<)*$<&$-5)*&-*&":;&,(AA<&

RI  "??A0,(+-*&/)$#/*<&(??A0,(+-*&C($(&(<&v8!W&

!"#$%&

"??A0,(+-*&

=)<$&?/(,+,)<&

•  c<)&$%)&@/-4<)/&$-&(#$%)*+,($)&$%)&#<)/&$-&$%)&"8K&C-*f$&,-AA),$&#<)/&?(<<4-/C<&40$%0*&*(+H)&(??A0,(+-*&

0$<)A2&

•  "&<)?(/($)&@/-4<)/&40*C-4&?/)2)//)C&$-&)3@)CC)C&'&

D0H)<&#<)/&$%)&H0<#(A&$/#<$&,#)<&$/(0*)C&$-&A--5&2-/&

•  !"#$%&(#$%-/01(+-*&,-C)&D/(*$&$E?)&0<&/)A)H(*$&'&(AA-4<&(&/)2/)<%&$-5)*&$-&@)&C)A0H)/)C&$-&$%)&*(+H)&

(??A0,(+-*&`-@H0($)<&*))C&$-&,-*+*#(AAE&/)(#$%-/01)a&

•  c<)&@/-4<)/&2-/&;C:&C0<,-H)/E&02&C-0*D&88!&`/($%)/&$%(*&40$%0*&*(+H)&(??A0,(+-*&0$<)A2a&

•  W(+H)&(??A0,(+-*&<%-#AC&/)D0<$)/&,#<$-3&<,%)3)&-*&

0*<$(AAK&$-&)*(@A)&<#@<)L#)*$&?(<<0*D&&-2&$-5)*&2/-3&

@/-4<)/&-./(*$-&*(+H)&(??A0,(+-*&