From d60beca5dcf19bf4c95325785ba9da0d5975be92 Mon Sep 17 00:00:00 2001 From: Ian Young Date: Wed, 7 Dec 2016 14:34:51 +0000 Subject: [PATCH 01/21] Allow remd namespace prefix through import normaliser --- mdx/uk/ns_norm_fragment.xsl | 1 + 1 file changed, 1 insertion(+) diff --git a/mdx/uk/ns_norm_fragment.xsl b/mdx/uk/ns_norm_fragment.xsl index 8d47e8a7..9d58ec58 100644 --- a/mdx/uk/ns_norm_fragment.xsl +++ b/mdx/uk/ns_norm_fragment.xsl @@ -22,6 +22,7 @@ xmlns:mdattr="urn:oasis:names:tc:SAML:metadata:attribute" xmlns:mdrpi="urn:oasis:names:tc:SAML:metadata:rpi" xmlns:mdui="urn:oasis:names:tc:SAML:metadata:ui" + xmlns:remd="http://refeds.org/metadata" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" xmlns:ukfedlabel="http://ukfederation.org.uk/2006/11/label" From a5eb9b1215edabf5872dbd85cd22f0acd7239642 Mon Sep 17 00:00:00 2001 From: Ian Young Date: Mon, 12 Dec 2016 14:40:13 +0000 Subject: [PATCH 02/21] Allow locally registered SIRTFI metadata in export preview aggregate --- mdx/uk/generate.xml | 5 ----- 1 file changed, 5 deletions(-) diff --git a/mdx/uk/generate.xml b/mdx/uk/generate.xml index 9285cab2..5190a2a8 100644 --- a/mdx/uk/generate.xml +++ b/mdx/uk/generate.xml @@ -785,11 +785,6 @@ - - - - + @@ -564,6 +570,7 @@ + @@ -582,8 +589,13 @@ + + + + + From 752f6cb5713d796b232c164488f3ccae23de307c Mon Sep 17 00:00:00 2001 From: Ian Young Date: Wed, 14 Dec 2016 14:58:39 +0000 Subject: [PATCH 04/21] Enable Sirtfi metadata in production and export aggregates. Also hoist remd namespace prefix declaration in production, export and export preview aggregates. --- mdx/uk/generate.xml | 10 ---------- mdx/uk/ns_norm_export.xsl | 1 + mdx/uk/ns_norm_uk.xsl | 1 + 3 files changed, 2 insertions(+), 10 deletions(-) diff --git a/mdx/uk/generate.xml b/mdx/uk/generate.xml index 5190a2a8..c85e322a 100644 --- a/mdx/uk/generate.xml +++ b/mdx/uk/generate.xml @@ -310,11 +310,6 @@ - - - @@ -670,11 +665,6 @@ - - - + From 1bb7bf390d31bfc38c6793c9c5bce70a134d1623 Mon Sep 17 00:00:00 2001 From: Ian Young Date: Mon, 16 Jan 2017 10:18:36 +0000 Subject: [PATCH 07/21] Include Sirtfi metadata in fallback aggregate --- mdx/uk/generate.xml | 5 ----- mdx/uk/ns_norm_back.xsl | 1 + 2 files changed, 1 insertion(+), 5 deletions(-) diff --git a/mdx/uk/generate.xml b/mdx/uk/generate.xml index c85e322a..19c041c2 100644 --- a/mdx/uk/generate.xml +++ b/mdx/uk/generate.xml @@ -550,11 +550,6 @@ - - - diff --git a/mdx/uk/ns_norm_back.xsl b/mdx/uk/ns_norm_back.xsl index 40d793e5..f485059c 100644 --- a/mdx/uk/ns_norm_back.xsl +++ b/mdx/uk/ns_norm_back.xsl @@ -33,6 +33,7 @@ xmlns:mdattr="urn:oasis:names:tc:SAML:metadata:attribute" xmlns:mdrpi="urn:oasis:names:tc:SAML:metadata:rpi" xmlns:mdui="urn:oasis:names:tc:SAML:metadata:ui" + xmlns:remd="http://refeds.org/metadata" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" xmlns:ukfedlabel="http://ukfederation.org.uk/2006/11/label" From d9318b397a9c7529f722b96dcd019454b72866f5 Mon Sep 17 00:00:00 2001 From: Ian Young Date: Wed, 18 Jan 2017 11:00:29 +0000 Subject: [PATCH 08/21] Move expiry_whitelist.txt out to ukf-data project. Implements #19. Remove the badly implemented (in practice mandatory) -q option to check_embedded.pl, replacing it with a mandatory option containing the location of the whitelist file. --- build.xml | 2 +- utilities/check_embedded.pl | 41 +++++++++---------- utilities/expiry_whitelist.txt | 73 ---------------------------------- 3 files changed, 20 insertions(+), 96 deletions(-) delete mode 100644 utilities/expiry_whitelist.txt diff --git a/build.xml b/build.xml index c30079ae..56661b0a 100644 --- a/build.xml +++ b/build.xml @@ -2426,7 +2426,7 @@ - + diff --git a/utilities/check_embedded.pl b/utilities/check_embedded.pl index 8f324cef..8272fccd 100755 --- a/utilities/check_embedded.pl +++ b/utilities/check_embedded.pl @@ -13,7 +13,7 @@ # # Command line options: # -# -q quiet don't print anything out if there are no problems detected +# check_embedded.pl whitelistfile inputfile # # @@ -31,22 +31,6 @@ # my $longExpiredDays = 30*3; # about three months -# -# Load expiry whitelist. -# -open(WL, 'expiry_whitelist.txt') || die "can't open certificate expiry whitelist"; -while () { - # fold lines - while (/^(.*)\\\s*$/) { - chomp; - $_ .= ' ' . ; - } - next if /^\s*#/; # drop comments - next if /^\s*$/; # drop blank lines - my ($fingerprint) = split; - $expiry_whitelist{uc $fingerprint} = 'unused'; -} - sub error { my($s) = @_; push(@olines, ' *** ' . $s . ' ***'); @@ -67,10 +51,7 @@ sub comment { # # Process command-line options. # -while (@ARGV) { - $arg = shift @ARGV; - $quiet = 1 if $arg eq '-q'; -} +$whitelistfile = shift @ARGV; # # Hash of already-seen blobs. @@ -106,6 +87,22 @@ sub comment { my $total_certs = 0; +# +# Load expiry whitelist. +# +open(WL, $whitelistfile) || die "can't open certificate expiry whitelist $whitelistfile"; +while () { + # fold lines + while (/^(.*)\\\s*$/) { + chomp; + $_ .= ' ' . ; + } + next if /^\s*#/; # drop comments + next if /^\s*$/; # drop blank lines + my ($fingerprint) = split; + $expiry_whitelist{uc $fingerprint} = 'unused'; +} + while (<>) { # @@ -369,7 +366,7 @@ sub comment { # # Print any interesting things related to this certificate. # - if ($printme || !$quiet) { + if ($printme) { foreach $oline (@olines) { print $oline, "\n"; } diff --git a/utilities/expiry_whitelist.txt b/utilities/expiry_whitelist.txt deleted file mode 100644 index e3fd21fa..00000000 --- a/utilities/expiry_whitelist.txt +++ /dev/null @@ -1,73 +0,0 @@ -# -# expiry_whitelist.txt -# -# This file lists certificates whose expiry should be ignored for some -# reason. -# -# Lines can be continued by ending them with a '\'. -# Blank lines, and lines starting with a '#', are ignored. -# -# The format of lines describing a whitelisted certificate is a series -# of fields separated by spaces or tabs (standard Perl fields). -# -# Field 1: SHA-1-fingerprint for the certificate -# Field 2: reason code -# -# Subsequent fields are ignored, and can be used as a comment. -# -# Combining the above: -# -# A9:16:56:BB:5C:0C:27:BE:B4:D0:3B:CF:A8:DA:1D:8E:37:54:00:4A reason \ -# this is a comment describing the certificate. Entity uk123456. Call 9999. -# -# Common reason codes: -# * none -# -B1:1A:B2:19:0E:7E:2B:97:C4:6A:AA:D8:97:F6:09:BE:E3:81:EB:D6 \ - Certificate expired for a "e-academy Incorporated: OnTheHub" Shibboleth SP for e-academy Incorporated. Entity uk001473. Call 6592. - -43:39:DB:D5:08:1C:87:7A:F5:72:6E:60:80:7F:CA:AC:B5:A2:94:1B \ - Certificate expired in a Palgrave Macmillan staging SP. Entity uk001446. Call 7663. - -4D:4B:09:FF:2E:E3:36:77:CD:65:59:94:DE:28:CF:8B:51:55:90:E4 \ - Certificate expired in an 'RM Easymail Plus' Shibboleth SP owned by RM Education plc. Entity uk001483. Call 8254. - -F9:04:F9:4A:4B:D4:7D:30:42:88:64:1B:C8:51:EF:CC:43:D9:30:10 \ - Certificate expired - no reply from Kindit Ltd (Picturemaxx) - call 10305. - -4D:DE:9C:CB:68:F7:EB:FF:A2:E9:CC:A0:1A:9F:9D:9D:86:DA:C2:97 \ - Certificate expired in a Shibboleth IdP for Hopwood Hall College. Entity uk001648. Call 10211. - -90:A3:BB:7B:C3:8E:EB:57:8D:DA:4E:42:01:64:3B:11:D9:B4:F5:75 \ - Certificate expires 8 January 2015 - merger - Stourbridge College. Entity uk001743. Call 11565. - -64:44:D0:DF:86:52:F3:CD:3D:D6:75:8F:8E:84:82:92:7F:4E:93:C3 \ - Certificate expired 10 April 2015 - Dawson Shibboleth SP for Semantico Limited. Entity uk002112. Call 12202. - -AD:08:96:85:E3:C1:50:AD:31:4C:6D:B2:74:78:40:21:20:5A:7D:D3 \ - Certificate expired 10 Jan 2016 - Cardiff pre-prod IdP. Entity uk001170. Call 14603. - -92:11:9D:AC:9D:B2:6E:97:1D:10:CC:FD:30:48:EB:04:0F:91:7E:B3 \ - Certificate expired 25 Jan 2016 - Janet community site staging SP. Entity uk002056. Call 14681. - -AC:61:A4:E0:0B:93:13:AD:30:B4:25:3E:34:09:BB:89:4D:97:9A:C4 \ - Old certificate expired 29 Jan 2016 - Lancaster and Morecambe College IdP. Entity uk001215. Call 14774. - -F7:E4:37:53:85:79:7D:41:B2:8A:ED:D5:6B:D4:21:57:FE:59:F3:05 \ - Old certificate expired 16 Nov 2015 - Cadbury Sixth Form College IdP. Entity uk001150. Call 14032. - -3D:68:7B:71:14:31:20:6F:19:49:C4:34:CE:AE:B0:00:68:60:FF:46 \ - Expired certificate in an unused staging IdP - University of Essex. Entity uk001359. Call 15615. - -94:E5:25:42:BC:70:9C:19:75:07:1E:9A:58:EE:C4:A7:D6:BA:97:2B \ - Expired certificate (23/04/16) in an unused Shibboleth IdP for Totton College. Entity uk000231. Call 15316. - -F3:63:1C:35:CC:BC:FD:E7:A4:B7:3B:C8:54:FF:AF:0F:0F:A2:66:04 \ - Expired certificate (26/07/16) for a Shibboleth test IdP for Canterbury Christ Church University. Entity uk002469. Call 15960. - -13:C7:EB:D0:42:30:4A:41:40:1C:6F:F8:08:AA:EB:89:B2:31:05:2B \ - Expired certificate (09/05/2016) for a Shibboleth IdP for King George V College. Entity uk001322. Call 15465. - -F6:FF:A2:1A:61:1A:05:C0:2A:A3:5B:30:63:95:32:7D:16:39:D7:05 \ - Expired certificate in IdP for Henley College Coventry (uk001729) which is being replaced - SR00113049 -# END From 03ae329aec83b4dbe1ac771bcca4b2f7a18ddeb8 Mon Sep 17 00:00:00 2001 From: Ian Young Date: Wed, 18 Jan 2017 16:21:30 +0000 Subject: [PATCH 09/21] Generate mailing list appropriate to Jiscmail Resolves #108. --- build/addresses.pl | 47 ++++------------------------------------------ 1 file changed, 4 insertions(+), 43 deletions(-) diff --git a/build/addresses.pl b/build/addresses.pl index 4fbcc1be..36dc9347 100755 --- a/build/addresses.pl +++ b/build/addresses.pl @@ -2,16 +2,6 @@ use Xalan; -# -# Load list addresses. -# -open(LIST, "list.txt") || die "could not open list addresses file"; -while () { - chomp; # remove \n - $list{$_} = 1 unless $_ eq ''; -} -close LIST; - # # Load extra addresses. # @@ -53,40 +43,11 @@ } # -# Similar lower-case hash for the current list. -# -foreach $addr (keys %list) { - $have{lc $addr} = $addr; -} - -# -# Cancel the ones that are *in* the mailing list from the wanted -# collection. Whine about (now) unwanted entries in the -# mailing list. +# List all wanted addresses. # -$first = 1; -foreach $addr (sort keys %have) { - my $a = $have{$addr}; - if (defined($wanted{$addr})) { - delete $wanted{$addr}; - } else { - if ($first) { - $first = 0; - print "\nDelete unwanted: \n"; - } - print "$a\n"; - } -} - -# -# List the ones that are wanted, but not yet in the list. -# -$first = 1; -foreach $addr (keys %wanted) { +print "--- LIST BEGIN ---\n"; +foreach $addr (sort keys %wanted) { my $a = $wanted{$addr}; - if ($first) { - $first = 0; - print "\nAdd wanted: \n"; - } print "$a\n"; } +print "--- LIST END ---\n"; From 56590068fa9b1e492a672af622f76f1252457065 Mon Sep 17 00:00:00 2001 From: Ian Young Date: Wed, 18 Jan 2017 16:43:55 +0000 Subject: [PATCH 10/21] Move e-mail list related data files out to ukf-data project Resolves ukf/ukf-meta#41. --- build.xml | 2 +- {build => utilities}/addresses.pl | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) rename {build => utilities}/addresses.pl (88%) diff --git a/build.xml b/build.xml index 56661b0a..dbab0877 100644 --- a/build.xml +++ b/build.xml @@ -2297,7 +2297,7 @@ Checking mailing list entries. - + diff --git a/build/addresses.pl b/utilities/addresses.pl similarity index 88% rename from build/addresses.pl rename to utilities/addresses.pl index 36dc9347..09f72f14 100755 --- a/build/addresses.pl +++ b/utilities/addresses.pl @@ -1,5 +1,6 @@ #!/usr/bin/perl +use lib "../build"; use Xalan; # @@ -8,7 +9,7 @@ # One extra address per line. Blank lines and lines starting with '#' are # ignored. # -open(EXTRAS, "extra_addresses.txt") || die "could not open extra addresses file"; +open(EXTRAS, "../../ukf-data/members/extra_addresses.txt") || die "could not open extra addresses file"; while () { chomp; # remove \n next if /^#/; From 15a92cc2d88380d7a792f78d800e6a66f1d0b981 Mon Sep 17 00:00:00 2001 From: Ian Young Date: Wed, 25 Jan 2017 15:36:48 +0000 Subject: [PATCH 11/21] Upgrade to ukf-members v1.5.0 Adds a check that domains are only listed as owned by one participant. --- tools/ukf-mda/ukf-members-1.4.0.jar | Bin 23086 -> 0 bytes tools/ukf-mda/ukf-members-1.5.0.jar | Bin 0 -> 27257 bytes 2 files changed, 0 insertions(+), 0 deletions(-) delete mode 100644 tools/ukf-mda/ukf-members-1.4.0.jar create mode 100644 tools/ukf-mda/ukf-members-1.5.0.jar diff --git a/tools/ukf-mda/ukf-members-1.4.0.jar b/tools/ukf-mda/ukf-members-1.4.0.jar deleted file mode 100644 index 6caf1275f7e82d4751d81c68fe34d6f9543a9575..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 23086 zcmbrl1F&V=vMsu5*|u%7mTlX%ZQHhO*0OEewpq*iwa>Xf-aY64d)|)sX2gsbF=qA| zqmQ21vSrKOXJ0PLRz zwhpHM!RW6U|M{1{jGQe^jE#&P^qtIYZT`au?EhhewXwBU z|6H7ZpD^>^87`pjXe{cWZ{wuoZf8tuXr=Gyn4B`9fW(g+B6}iW6POp^=NEwwDmUCg z?gkO3$DB~%M?{pm*N}f429P2xCeB)4K~Ytbe2xQC@5&O z(DLwI+H=ixHs10moBLyz`tSfg)Ct-kZf^?P*5;OUA~UnIZ75R<*hW+@htDmz!dXO5 z*CxD1PQ6$|S*H$KxKal3lwy%Zviw(p0VPRtF|%|_S@CIxxZWsh)p#X~GA)IMa7lET zS4#=1yM`1(ofF_#b`u2@8}$-R4V-yn$WQq|?iwo4O5i&+UD`{5Y zv1!zKj3jYNmTE$#BrwQIc=WZy3b~|O8m8CltIe#wiuQat>yQemN;$*%N|ehwIiFDr zCj_KhBt1qhey^b|bB}1g$nuqF#+u=*zH9+lwDM+`(zv0%qyma%Wx&2eF$AQ^Q4I}-%hlWT)fk1{=WnWOVqqfX+suhSou^aJ{p3^r^>B<&gr zrR8JC&=u;mW{u-j1&W_Bhhb%3@(uZ?QZ^`dtMsJmgNUKhr6=MKGS!{pSWElj+QDSy zRJ-CE^y1TsRlg2x#+OXqKFJcktxo`|KP*_6YL|Xb8=~u)CH>w}v#8oYNs*dizK&vw z(3X;AA7;nFZ5V?q)-ow6$Flj6>6IL_z7)c=<^)^oWoH^&X+vWjGQdQO_2#hMdlS)X zm$(CHNU^lYFqVFtTht{ip}as@$q?;}bMKqMij9aJLWD@nmyj3DhBHgSkLDyfJ5lQ0 zc?K5V`*Q7r54`@lLkhh+fiVI`0Z7nIv@5(<1@g|l8v4_(V>!l~6Iib{Jo5dz&nJp7 z9qXz$4C~6S0L+Tlz!N!$sy%N616xSg)-W`vD-h>&h%c9XHq`%1L{D-0D>^F_KK7Ps z&;@{n@d^0-_EZ$#)*jxk@EYLR_JJ)E^uQg>u`9gW0h6VGBch1bgR&A> ztB2DiH}ID=PK#=8-bs1(o?oE@(`~#W1Yn^+Tpr$GI=qn-G~(|-F437tQhc)AA^_q; zFn0=Ij23B4J^`ON)l>H_8nM!@JBpt)01)r|JmCD(yE_m+#8%<%LAZ5WK+c-kc*v-w zBk>M9;14@nnQ46D@J?UXikQ)Y@DX@N=?F%J8N>$R?y8*69Yt!TXVGNYSn#Lt>_x`HZPU1bB%Fi1k1!_J&=>IQb`ozuPBuYS978>8EIC8{g{;j4g5C(?d7q<^)DV%9D!xWp zTR8*`6-fZN`~@3=C!O4EyhT1*dNwK*^Vrhj=i4A*&b(N^=?_(5S9Zq>+P;)YP42MAar; zfrv)!*GI4Ev@*rqK*u+_C@BK#N;GXmlie>}a8+BJYR6b^7QsT|rz>GZ-&>U!EMhoxelL2Pcb*Mo3{!j!;l3SbkXjBQ5|aBT;T$y%W% z$91pX0J_nVO0*L;kmw7B{{I;qSOvy+-dNioAhC0@J?jVXY2m6tNN4U^>x zLSt>xhE96qk@q`ln8_65`6L>0#~up}mZ6i|Bq$nhYT;j@AC0xCHL~#tLrXnXdJK$S zR%_q&Beu!#lyd^~Nz%{ATV7+OdVC3r9Sms?I}42fvYIf^y6XV`Lzr$h3j|wgNv>u4M zp9EWY%ozT z9#iQcpjO}oHhd4-Aq$!jI5BS64%9s;i>)kh_*ytp+@T+EC;m+<{s4VH5QG~)PvP;d zP@D|s9eE22Kiw!B?I?QBUl(wTA6B!N=}?IG0U!GTQ4jnAI&nK?uL}T&plHOGAg>c3 zZDU{%p8T-#54E&maNo!bQ`YZ8*nqs7eOu(g9d>Zng+Fwsz;18Z!AU7evs|6;dH)LB znL8*4)jxqN_lJ7@&wO;WV>8u*M@=dekJz3ohdE&?R^lZ*%u6%~%%);!9wK21ER-A<IhB}- zdBQorwaMqJM&Wdw8?%WV%>CwL*L8_3D8{&GU^5q;RDTA?VU3@87EP~Evmc<0q6e9q z+;6xT;jUvJa_hC?%_fk|BHo<*SX(*S(!^Xv=FIu-JUld*1&z7WVT^tTn#^^_Mq_zd ze|*I+*e8;bto-FDv{d_?b%7oLG&=;2cJ;|v zlY=F+Aa@L=$)`$CXpcsCPLtLsD#M_nkYMH!$hHW}gTF2t!41C^!(>)_AJH9&rrV>C zwc!Q=dTFTlS*_(RUF&|siU2U-6S%&s%6|a;<)M~bWR;wN007+}|H(sH{=SDg{+oAd zTmGS)+=;Q#;tP!>7F9b<&C-NFBVuWS%{1VfQ4{M^0)1atd_(f}^?WS10u={g_!D%8um>>)vvxl1$W^ zL-*BgXURi1DCsw#Uz;(_^aXSox!$3+e+?i!fBb+GwKdj#>nE3WRBhKj1M?y$)!vRu ze#SnNux@r0w`)SNDAZb$_dn;T&u=m{FzBtrKufy~zqqZL_ons9|46=&GDc_AXf+zO zARVs8DNbH97E`sv3CQ*I4oI~sKANDfcO))D6Tam8p3TO89mTgUf(35-G_-OE%lACS6CDR^E6L_1j-#VPL zHPRDUj>)q18f1JSo$^RJszW@EVl1Euv6-ya;D>dCq zx)eAxK|m59-+~8nK}oYoP9o@5enF1YocWDeJj6+lF>nm{tb^_gSl9cmsaT`^vi{1^ zH%K4bbEa($fBh+i`l$G}rrDN~h=b3d9diK7wz!AV56w}=&b>y{V0l?+q#jujX04*lfI6m9#estb?q zQF8|3`;FtAw%Qvu>@I^2maR*V$68F8X=^r#l7(Y>e{P?=t@r6B3uuHwE%KU^2&@Sw z8*ZmhuoPQW4A6UZ4eUgIq}_JIcIU0z%w|opwAo?>R$pFI`bqBvQzHI8KQ&!(;`gcK z)Go~U*kkJz%0_pkIbw#eSb(ifgHh72DYi9J44NBd=~5$B>zHi{f)10w=G}m+^)JHk z?ZR1+*mV+#N4(WV`i%pR4d<2L8`1%oXTr(-Gb9OJ%&}H1U4`t3$kC@&dznkwoX0ky zdT#mWPOah)F^(7LkUc<9-eYxQBq#%xY?aFuQ+I{7*^bz0`o}#t+M?3M%Tw<=$TE&P zL(INcCQ4TOw1Vw$%an*O0z<}|iuMRM6|F(f0`yAA_PP3R)wozOhD*|98&xe>DHkVC zmCLkX$88whlNCQ>1Scz z>BK-dNIf}7@gK|s3ZlJajbaD|T}WL&k7bl(e^Y?z$uitR&J)$6^T5Y%vI*Zo5Odz) z>GN?ZGqXQJ`>V#efAogGAXlHuBhPoTzM2a)Is`e3Es_cs%^!qYhB$gn4csAmFvQDNMAiMSop(g1^EbknO}ne z!p!ElhuHCa?w2&8<9$QiIenbNxJ!}tE-DK72-!*b{O%g``MQWbksB`;%yJhOPasD| z0sw(t*q{&ZD6;imWNP<@CX&F6fdpYJfZJV{-?4><;5V@PE!z)%z`=7pyN;07yY4t@ zES=og5Q^>paO1|VNZjmO6{?hh1&F58Ri3RVSynHoOt zEQK#glyN@(2El{!4r56?AqG#3D0md!?+F5x0?Uuc$^>D=0~5NgQ9o-fmB!QQ4OSJ5o-R*`D^VX!K7%JBIZli8R7kQJ%P}PCxEM1i=h? z6cE>Vg2`wo`cSK++*tZh5RR6zGs2?>L`gLf|49@$;i{PECfUE1&i3?PMD+&%fd3z? z|DTtR>2ELHzpdMb4H5%9_x9#G@hp@z!KS%CX?Yo*8$X~jC9`lmA#MU9!FJYQk&SCt z-9>dm4EuW31RGGK5c)uD=$3GZq_q9{n`Njc{r1UwL)8w&2- z{g31xs1I*JX^-&uMbb)Pd~*$AUJ}ZLKH}e=YR_VNT)FPkcTh zXdGNEHM7yg6_U*k`uxrqGeFK_7L$(T6fuRviba#q%95E_&?lD*V->oWq{`kRiJ|&S zNd(qCgzVdxZQxq#LlQx9cO(N!c13|n=$)+gsG8YEZMY`W`^b=ACj4uBnurOh-4D{Wj)|N95r>ss;QMQeP*Gx(Ld zllKW$XHQ{djR#*=$VD9ke=&}gl06dFrc;)t&7NoDigkqw@%1ikvCYQ2Q7jbe_aAQp z14nEGJ^B3OU6B8gMf@%8^dG?RZzNXfuM!LSt3*{}VyJ*{8zH!v+;EW%{MRT6u`(jx z;w`iGFh^agiAzdv&%BUeL3l0c7x_VYzCsXiB^+miJzm zAL>#^cX?sV7Vcb=h8g;G#lmJPkM&#U-81xys|cO}WFoJf`36h_a%!s8a%n=6A+L(p zYa;a%L|gk~*PLxMP4twI?)ZTviwrvm@6tSU24^p9uCX@^A3l3eq)}`f?JtjP0e$CE{h_6$sMomn$du-VWWfQA1Q6uBbXBc}<;0<5 zziIc`N+wdANkO-XS|cZ?D&*4HL!64+#f7a#}d5qn$>BfN=lK0PUKox}t%-3d<<Ro3FhkGx)Q2wEdYbR$h21-=-(a(}Q8 z;y>11f6HT~|Iu^!7eLHT(N)A!Mjy_d(nUlKX!KiDsjg<>GuABgjU`b_6zCyZ@521tXpk?1#2Cb^XqD^V)UN zc|z>_^}av{P;y5espFN!k9u*gppXjV+*V7QY3`LEypCp7e1{($is|7(qmP<4z!HVx zx@OpHd%0pM63jlyZf0j_+0<(FP+<&ZLR*K)Mm5=8t?#tOf+K&DDG+gmnad;{3Ej_F z9Aath-W;sXu&TefTCsv^**Ps8nm{b2QflvcjZOG_^#e+EwG**4pi!nMOsV)DwzdIg zUulg}C&Fo{f+_!}4eA#6Kz(IM$1{7a-A2ojyLaZs{HpQ$hDhH^bKHDz38!*X`q^wM z*46^G=e$bFqQmYIR&yECd!AA=<{;~7vf*NyI*UXM%_L>`V-u{jL!gKW1t+`4{c8xN znXk$>`794z%GZtS=7hc}IoHWo+ZV5jn#%rTBUQ%MqbdPsiu6uzC;~C?9GdT5b=dhZaf$kSa$jXN>dFmKC_!W2Rs)xBVO{4~1#!8$g9M-1=dgyU# z32FsJb7SvP2aF)(7B@6#fU_>jNVY_RhmqX$#RX#$NL%58|anbde#Fgug5#p^J z$M2naf1DwMz8L`!9?Jhj$iLm2DUW|gKbm^D#*1n+i1k8~QC^52PCu#|kAJhfMII-F zerS2`>dk1$d{lWcQg9%`3pa_(|>0K3|X;l8R2;tgCK4Z z?-cJF;|y$O_93Z$0V^2wIpJCG)B8R7%knFP|6@DkCn7ZciFs3B-q{I7tDk^SU%FkN zuP|z7SaDeZ(_X+g=?w1(Y89(G^hC~yplydV(h+1=_I_(%>>u4KP7OZeScsaK_fI;Fh5Ao~?QaP~{{*Oi Jw61#g+`oSM>zU3t{l2eBtKDD_+F9C{<{Gv?wMdK>4VoZWmC))u9_RCEW;iUUZT zw}id5@Y{NnYloSeTf66KD@k3mqqa^s)Z3a>+k1~jwT5CM?XE@vKgG=a%48x}rM!%0 zEoW_6(cm8gRzh_%&p4TE$s5P}u1P%(mqh3xNmST~N#!H`P}VaDY_K+QB|L?QJ@O+j5mUdGFJCK5f0i~IZT z+)$uf#~ccH&KfzDSv*B^G&C9=&U2A%7NrTaPD&*E+$O!l!gk*V);<$ZpD9|ZBDaHg zIcU%j10QQE`b|p-{JXCkVBF$q;_p#2!~}C{;8GSbg)tR!cm#<-!qy5J2t>3P%Q&kQ#DrRQVVQ3 z#dv&x6a%7;JQ^r+MQwarQS*wB^db-kf)J@Pq)BI~eNlFpwQ^w#QZD$~+`#YXOIpPY zNY=D^3Bv}wKUU~L3^$!O^QaX&G5midF3E~{iI%^ijID%#z)X2#&@LhCaUcD2Q_rvw8b+1lW3Fv?-Q-8frYW5lZd{dldXgMKYM4{ zDVB;GBFG^-M<#_F{+I%Y^Q_YAz?sY`{*8_P^BJ1+gIdyBr_ohY%VDGSq6vyGtGvtZ@t@L)m5vWZO4iInU&|i)*1>xscVRt;Bj@(osxUfeDv7GW?M*UM>>>W{ zQ?r*KA=^^Tld~<0KjEPTg{R;zsy&3$I6DgzW!qQF9J(f@rFn9lpVmS%hT`a&b;@8G zN}6>(C}D%ftgH3QoC)kDx%WpA#b41?$02m3DDVy>s@Zw&ioBr3wI7Bp4%h|?**3g;JMqI~JcPH} zrk&_c)2-GUfN{#pYgBtt+V>GCPd!90_*XP&k7Vj`X44XX3tmUiI#hCZXD61NItY75 zVbR$(E1()@2`M|7m1Hq|>7KkL6+CbSk@E*rFM$D><__%McLW&NgSl zDeJyCAkSb2J9FgbDnBUN7K)>Y20&Bzo+dmfe^y0N6pKt$MJP{EXmr;nCIT6y{q)V- zC@4{9MJY$NIY0{0>I_(ffhSi+1M&}WVt^;-Wcn@?p)X^A`Z4gS_9~;vVU+%%7nTT^XOgv8KTeWIPHHuwn37ux!i_h zJ;d&QEh~f^7M37COw%5+S(FJIEIu5dky<95F7Tbp!G8$9(DtFuPbu@ z91ryXG)NZk(GuS&aR7NIz7H1oaUkXs(F$J+|NW<*7IkQPi$7T!)`NWLO7uE&C!E$J z^&uDMi#s->pe6W0e|H1+Iw1B%#RdIfzAqZ!#gvdc;FX3)@+A?+8*|t*4CsO56aI0i zgX0nStBcp3#XEY7bLcT|@+M|dZR1f&q`5mEreDsk6HOf2DZBI`HAjWIYCm2W3qSmZ zL@W z{+3W-r*CMfZ)!|qZewEmPq+x4nUWabg9p1^dqdFVoy7&l>y4b1S`5^a4aOu#7LMF^ zPLNrbekvr!8f$RB{ozG!uPFcf5Z46#c;;jEId+8&pfxBE;0bUQZ8meQU5Y&=0tCC7 zoW`sV$ea=D__qL{46emN(J`6&n9$uQ`o*ZYCFPIO1=a<Z$#|dUm#QUd?fQ~@ zzZ!z6WZvuOhGNG`%fa?hx9KAe>~#l(We^>qITVqTGIcU7kGz=(7A&+4g;@4NjW*w< zjSA_O^Unh_j&L$I!yiDtTSUH#wxEs{h##NMKSF8zBPIcF60#Isq4D#8bZddIF4`e9 zyPrQzHe~rhIA@Jd`>x6Us?~3rYv%y|)aqt`zW=il^tVJjIeiBwb3=2xf8FV%Wc`O( zz~^-7Xp%Q6QImHQMbMCk;wOX=n7fJ7H=z>@_Lg34DWF|Xb#V^TeF1zj{b`DR?84oO zVwm2YBK^Ww*UQzK_TPsQDEG9`4TJ8|mw0fSBW+=rh2{f|s#2q5H=V z6L6Pgh+j1~UqRWlq(VgXKw9N$TBUk+8rQd5bMid48F~Vj2=s@$7^G`NZiI+%%3n1Z z*JMr_G{=fBnyBgV)wTRUn;gv}70?q~)^?^27pQ%0DYXmaYjX8(kEPV~pQ#I~Zxhig z2g|`+d`!P3zGE+N+3u*q%_iXXl$rt{q0J>5s4&b}d`v^=Qec}9vhB*W3>)JzmT_R3Hm>1`i?v1u^TYf4+qf0?ewijkSprfmIvAh_f^aJP4Y)fayp){KgcLmwDk z7BED-wE%l2F6k*AJmY+=u#w6()c?x*P{^ZH(bTAN(xupI_GqOQK{G_bp-t%?9!O1S zL{_iUh}xXZcWM&kDTNUJ$OX}%O$9s)#i3wDoadRqVo_Y|=H<{h6^CKtBJ1fBGjNL+@FXze689 za{G)<@kwq}N$S=zB4^ZJIN*@?(Yum%q2^j&yG)g+%wN^iAQ`nI$nlCc7SU}qui9zL zI?`~jn5M(FJyVqD9k$RN1<7pJ!MPcl;vNE?>czhe}4Z=egrR#;KH4<$}vdw!AMh+6&dZx&EJMbbVB z9(P|5&B)MvpK+th&)`-44R-Oc$UdiH<>6mHSP})Cg{e<5$Vd&_VmDA9bmK|Mz~DK0 z#rLuFg61%Qy);LcD};>M?#{O;sPC&w;&o%f(%{7zUDJhoMMvD6f}>{e9Uu2w*G-`nscTBaMVW$K)UN~Zp*1vkwGFbuHts(Dd2DZJ z_4=LnAB;Q>6-?Fjk7EP>M@CNZzi9>hS5f(2G+Z6Z4SB`+YsR9fp##$>j=#=NA3-k& zSVMYZVU<;_(4H(9Fti;mZa67bu?M0$mV7{}Lv4-_G*x!Ap>b z*L-g&@?+`J`VPj66#B!h`eSQJ2`}2P*CRXL3iO9J3{Nat;7cey>H!qLm%RK(p}#L= zA;LHIaO&+5eZfnFe=X=;6Mc7#ZP^GLj2BguZ=dA(oi)fAr+(wU226LPFUu`A&<-3? z$OQjKrpI@O$A>67&5Nw?ov!`|z_;~osJ_)u?Be7%`pXXf7hPCt;EO$sPrwC#C*ojb zgdQU~cm(i}D2#YApbHK8SDq45CGg@v9wo6D1c{N@&nVh*dANl*_K-zP2TgQQW7;O- z2W0nbf)=QXgtH&~+NK;#@Drr6w(Lk3QgG0#>8$)$aomfhruCkQPjT4}z*wA)riKyp zu1}3ywx-l%@iIeP6{{E*TDn!0R#54aSj~(wggNNV3ez=nHkPBPo6GLQ9-|RQSwf7< z#xRMLi;3uB>N2zgO9w}l8(T9)$(Uh}KhuRQ@~lnJLnA|Rv2dC2p%8@;)#K2TThsm-GD+WP-JlEkc}z<<~4EWk=&=ONwI0pi1V>o`xRsm~WHXw8^xw zzJl=gb#2$BB8#u@aFj?hRMDMZ9uC(WLsB8l@9rA&qpH;#u!>e_6qok(7?mi3jV?kC z>@YE@D;3i{+;;^5 z>@?q(Bbw!@{PgaMN(=>!f_UUk#kyQD#q%&OZ3e|4ielh(NLLN!x9Ua6Bp zMF&G?`cHSjC3xPB+$XzJeos^Xh2kl&@n|a)8^h6QljUs;ml#^2}BMjpL#9oX=iEWrS}c-+VU2I(IjtowV?8B0K)5)xmafY5J(=YV z*pl+s3}R1ovQ)bp2W!P01#SE7i83b)`jgK=hK#ysi9S*ft>dUj(y^LLkpdnm>8n2h4OaVkNF^cs;T zNT^~n(gZB&+uOYO2F9XJJ`jCLx{>3+z*!VhWNB!~0tF>=Gbiu49#*>E4>kK}KzeGM+8=DyjG^T{F-e&#)GY#{9w;UC^1!#=>c= zpW~_It*~TJ4&fbqm-;}!WxE3fZNkpYt{7J+p&(Ow;mK>B&bE+Y6*?-9+>J!KN{?cx zFi9Sg$(W}qm5M5tVsW+b>_vS(<|cO5G+N&ypEPfuorjFp4!@yM5U3cU4)<7>O`)Eu z3aBRy@Zow)Ib+GMGOcR9Mz%#RZqp9MQuGXdKT9z8kaD1QDhdc>(w!Watt?6qIMeic zP<}%JVb>>dTzvW%Zc2V@k<0&;$B#+1*sNEem-$xz*f}L;I4jz*=5gV(n{;pSDKEM0 zDM9CYUgvewZqCZB=Dsl!INEEiI6ia-Nm)v@g%(ZhX_g3z~~$%Yc{R7J#+<*23LptGoE z&re{L_PRVIkybCt;l!=r@BZLoGQ6P~7Uj_i^>A4mmwfG>{ITA#$I!*b^Rwe8#Wuvn zzEU{TQA$UreMzPjxh1E&e?jzufy#Q0;*%-1vn~+;DBn{aH%D>HlYrciWG^Oev*KsK zBU{UB^rH$$Y2x(BWrTM}``!XhN!lW38(@kAMgc8eV<_X>QVpaE3t8-4h*~jSq^n9o zC1P!xA`%(qIa!NLu$xw>CdOV$3Gqav1i$V!^AGa3V5(XkUu*V z$6GQ<@ui)+CCl2ueHT!ao@Mau5JVQ*CBa!&f@z7gg6$W%LT823q-T1uN3te%n~FR? zjWw8-~>m1iF*&q=Ifh*)?5f!>uyA3ks+ zqQwt1jT?%zyOln?MZ_gUu>$~o1`*@t^C`rJA?%wwD0@8CIULO{tgr_){lP6^5LO~z zh%Cxew6ybxkR^om0U83+DgSNchi7=^oQ9nOt%3py3<6A%A*eNwV|QS9NV(}15d!vR$063 z1aaA=7Ee^Ml6Sv!J;OWfC6|&}FYQW$xA3gg-}~n%uE3+R;ft z_o|;6I8wCvC2vp$(YLV9Sz`bwS9U+OY||mLT@BINZ@6{{+6Va_lwauJ zzqgF{XhiS#x{~*#dnsFQ+M=v^WSW{)L@R3dyF0zClcZ}Ov|F~2ny+rY=^SfzGcx#Dcd8u5Nmkz^NHf^)BWv?09URdL=>x)p3~*SRd6R0E|&jBGFhztT0@Zt~=bIidv$<&R0lK zXfBi8581kRj%Exu*C}VAv(m)Xv*MlS+X=~@Zi?+n$JLwU!@B4FXYrzbI?y?YIt`RE z0|D^UF+2;JG+O`AN4QSqR0O(N9qgNZndBae>hq&9EU2ng(Pysxo7F zvh##%9H)>>W%3m^hJB9qWd_h`qRtp&S7;yiie2J!-7a{fAL)t-0OwGl%bua2^s1$R zsz+ArHHJJWT?=|VS)j8>zrj?4wL!)pPQTFfULcCj#{l7J+NiTs?i-iuW;Q7l7pBk^ zf1Q4vI2M6B+7ztbV^doTab$Ki@BcdXBAOq%J*U25pFT=dNTmchI5i>Mzkqk-Ybvo~ zAq)}S$QQ|Yse_#eq@-@rk8KPg%&%12m(l5y&zAAn4B`r5kB=K?9`X7}^YXB|pE68* z0=Y`~I#qBBm`iwWA;NKwpecwI_rADE2RXge$y7xt#y;`g;Og z`d-eLg5s9Zi&7?d>Ac`%wf6agydcRV`RWolrc$3LEe6@UL*=#pvNRVv4;3z@Ri$WG z1ECsarKtj+MMssJXDOcS_wV9wu)pLOrshFeU048s3WEPG$JGDZc~ta&RIUH(2r12f z9SEg$voLUu;fCs`hYxxFim>Yl=Lm0v43OC`+RbQIt$w1Nw=Cw}K_99x3+a7-w7csp zl+gZ_GH(w^#0?yr)z*0^2-tCDLGS-c9kGyblR~a*D!#kQoLbI6=Gmm7v7AnHKs2!5 zMH`IEzD$%RJl=ErNIVuJ=5ocj5oF*=OFzO<_Jg1}Cy#S1_k!NX3RPAJFDQ;?FQ>xV zS{+h#!4#WPjevj+Ye#7wRd|i0&dW`&+wPc`j5Q(F0=K=U#}p^d3v?$&jgMB zMY;X^ufWmhN=wsmqZP&HxwiL|M7!2{O~$p^`M{{lzW!iQhB16$Oezs9EQq*DoR2_k zVqNCjbA}y&E`cw+k=Dg!988n24`_F@2Z(P*XLAUl10_6OBikhg7M4@0j4xCHMus!D zM)&5s`eFZdx`ETtARs@CJ@9EfYcqXenqFFzZ0p*MiwB*Tdv+|()630m@zcxsH9o_| z1zoGzn|dGDNue`o>$fmDVvaz|%Q?SGpzZf22w+XMH}}yPUy-dl^<)@W0rwAtaJ91E zO)~qAb0_LaIWFDCTnXM30vkc4=6{ZyQI=pDTa>5=OY*wr+{|(tL`8|lx8_6vE7DId z$dp0DqTldw9@AQ7fCFiR{4`rW0A1gIx08gSq6LU zA$8vxMvBEUl2w_sh32Ju$DY2Kdx0NuDx{f!?JN`%lHN7WwAihlS({_;YH)$8ot)<) zMK`51WC+vU6Fn;ZwrzUQ-2=HpVN)QID^VI`ga9S#8G{rJz>wKkao7N|x!b56_S@qT z`(wk%upopXp5!U|d*UF^HHmX4UO4j*!Kqa781PqUKp!x>XM1hpry3cdEhD+dZGuE- zI=lY&@w>0r=gi%XgFqr= zvvN=}&h4iTJshqdXR-dG^u}!R=tAURjMhBC+9jf^Orx0UWeVkt`eUqQ0#2EOroXwfH_KcX3E3TJ35_V5|2NH*CIc6;DM}Go!2bkE;^7(tD#W)jC*Adz2&*6GO z7DRbCub-)674EUi%|oiChW*e`?)OCa35XMDogonK4j+clTIMe4zN~$Tb>^OJE8N4e zKMFr&AN*`^Le{J(Fezi>al$`oe1>pX0BaG1P=RaJ!V)j z9Qp}ji$*ZAs}27c-V;}Fl)W_m(0;{_6KLb01)pJA+}_K$)45wbfCCiXrs_oEPrL-| zxtBi=!e=N7avqVvFGtP!7ZDtBz}!(K^P}Dcty$>-SrGOzYJ(<7s>GrgLHR7x7+6C+ z?K^8v;%*T*N5o^M@0(1la<*os=ShtW)#LcoAnu!z40iIILz`HjuS`oz!D?^K4AZh+1} zBsEJPaYzAjD`AP27gCV&^KIEK;tcGTR1YSFQ~+B_lQ1D6WS-6C@$7&lWKCmyw*A1& zxtX>;1fevHbvm^}&JgEADve(VA-sc8Ng1yOWE9;_62C8^qfLG{Qww*>wk^ty!T>&K zDS~WRk`9PKzp4(B-a4En@kW=vLOCFVE^Do-BuYcapdQ*d&l!2FM2llL20c-2k>2p+ zv_3yW4#O_X#r#X-1lZ?yrm6L%)DNBMDhA;vj1q`ayXEoHwi zed6QO!wFwU0?X>MPC(v-SaH^z)o`G>Jrt}CydG_TTj2)Ts_&e9>wYIm zc>-MAbC;~qWa5};luvc&p|9mp(d^qyD!`kc-_Axjr<=*R*Jg61%!hH|T8kvFVb?F| z@;lpL1qe_%ySP*iE)Bt!ye?vD)eTnYnOEnzUW%0Ka;HE^h?$NtDjxp##a~j6f)Rs$ zU`P&cDzB*t+0EuX&d8T$@a3iJw9>xq%KU6AAk;vg6Yfu1WOin~qoRf2Neq2{b;O2y zcp!`;Hw2vFXZV!e@D5Efn~y=`VM~}pxK5@Dt0((;03m24*S|-@fl&`-=GeFRIy_9TeHQ(&s{7K z@*cHOEj%e&7%mQdF!4rQoyWVi>J-XoAeTpri_qJD@0WamEy>b|eLRR0DF~NjrGWRK zQW2J)6IjNb*h$knY4{|a%nIbR+!EkGdha7|kQ|B_@E80%UHU#?D&9}k+VVbqTDEC| z2MOTcls3WI)pIsyw6o${0S0}e)|PSADTn24WEZt#muG8Qj{^z~GM*()H&i8Q z)vAi{ANdUw@lENK`AT`qQf)@^)kevO$dk3&^!se%JS^`AP7dXql}>RTt5zJa}TG2(5* z4p_)H?_FSn=wO$q1TIr)!a24UN&enAvB+&e&NjopOHL-m#N>WG%0qpA@i`kh?4bYLLZ;t>C*O*2S@fUf05}h&V3AAg z9ewi~1)E?P)?Vg&_j$)?zcDy)f)zKTqPNSLIdO7y!g)$U_PwO6!w3gR4EI`_t^VN& zaN6ZREiib6yKSjl3ky2k&3gfVsWegKy^KdawwMaBy7Gie#XiJgbN#dxZD2f;S{)eF z)3Ps{4O*r4Nig&?vH+}cT)Reqk|?d}1d_kQQR%aU)3$=os{W!u;h~gaL0XRi+@nng zA3U)I`P{4$+A*=f`*77yf)^Q*bo4toX(!A3>k&dD2hlq`{22tE1aKCn$e|3S=itej z4y_plip|(H(&~B-vSx`82L~{niAol+zB$7p5whGjp-)aySK1|IOwn0A)8YT=L@N z0vnh!P}WqR91K6L^}gr};cReLruA+N-C+8o96eit@!?)P<$8W8v%jF#O$B|w&T0SD zcJq>J^PF;po}uFrw!vG5oz6zRXkFxQmsZg)HMN(^{DY%8om}Q{foBNUiNh;8eEqW_ z1ahrCPRzDp@nK%l@23JxtH(R!v~}QzUS?YDiGLMd9&)7J#YIBgrz_rGGiR}YFE2CI z`KFw(zn28ou+OF72}U=xu;s6y+ja}JCoJE-n7yOzSn+NL#f>7(s}Q5Q-CXY%VI)R>x)zAz2%Q()%*?p|`gVU>? zs?@s;Z|nK+!g)qLLxG4TmUL~Knly{IFPUQ!#{I@Btj!M`xfJPhe|UKJMV*2&4Ik!8 z&-?fH?iqQ0hoP=&-gkk*ZFRDOANO01`@Q~K$cA%4nkA$>`58doGi1E%MLMWnx9x26`> zLMX$u{X)Rk*gM!1`IKoCs5kgTX8jU)OVEnMTb6jxyUH?O`8VeKQW4y;usn=QVKAu! zX;-;lsEG@j&sWq-7|@zM@wvBjTx;pytZFC|G-`wzKxAvN>?|&86Vd81u~U7i|MZwV zPa$2vibJ#?7XS9c{_cuY$s)z?NEXooC~Xdaini*sf@FxaX#89tJcp+08`TC3=I!OF z7~tuVe-w)CR_7or9DNvb9P(GGam>!lW|3m~WX}svS(3#iUn>*1WMXfSB|4Y-L_b38 zZjhm`1=ZWV_o;-W1gfBAWss_E6?yVSpUJLS{`u8K62bMHc%zbgMzw-r0ZZYIcO_wc zs>zcXPK4P(Z{5pUS?5cS=T7OczyEpxBgrCgG4jdIOrrZ-2Hq`Uqx2IQi`*v zPftPKEh&5yztlI!N>CL+e_=?(O2DPAlZF|aWlzimg7Q#JL2h#;JR^_|K2YDczNT{lzyWNYi&%8ZhjWY%2ma-yiA?IO5ty?FWwAJI~5xO)`AJD8VU8Ym;ndh+n-@z$#(+(GklOCds>?sxg-pw}zkUCGnG4q?HY*_| zVqx4?Wm4MS`G|P4^mLW&k{JdHR&gQ^x)-atYrW3cHx(S{8vnh22J)F2Oq1G&E(vv= zBA1-WAQvWV@v5E6&qc81IxDz~BykV&xP;J;MG3pXZmF@~!|*On+Dh#x51gJPn1}S} z+2@swVFp#&!)?c(pW|zjAtOgWFhE+&v9F}NZ2RN$TddhQGzhtV)gRw8mU}bTJ=X0U zjNqwYxQ0#IH$`{718sf~X87T3s(9~YW9k)gakx1}znsEyDmr%?tHhg#AmPZq23-lA zG*Pas3G!a<9@r)JKH^u8<~L%zkU#0m8`uPnD8A@e+V+g0PKse(a*C8Xr5lGPJr~*& zAz@tE_*7LXr0|Tt=5rnPvKFGM!!2uDsR=Fqv-ZcP@4b2R&Q;e!@Jy=#(>C|Sj*bNQ z`5U`9QgSHA@*YGcW%Zk}$>pmpEgj%@2xeRG_*FP{=~?+~ZOpll`W-WV%`PKZ@MrlJ z4}&W&D%~9`UcgP*h|sgZ`{l`D2>nY@6%O6e-Vql5)qD-A(@^i7`m-}-hccR_5r_7m zv(4PKVBlIuI)hLbosu1<2OA^@dvXLoqw*@E_Z|jcfOn-jsK>wSPLBOc^NTBE? zU$5A~FC#H>%G&DOyR#c2m`5HH70sLty2=6)adZ22<_7U zFysiFj9m|02zX6Rmhj{P9}d#Kf%pHvm!`K5HF}F0=;-1rgeI_3PY}cBw5#;s`eGk0 zAG}-=b#Y(oj-uTOFq1eR2Ua4XZGHitdn4+wwC)lLskbCnG;CsQBgCrxEL`K_{x*uG z7DEDsCD<8@kPO9YsM%_Hww4#m7dGE8h70>8iADA!Rd^nwISGsBdS0o{*=G@f=55{H z*X~EHd=T~5(v*G+55vX_8Xz#ZY#elCJ>coTHDbBgn&2Q<-j8Rc5by_wk^&b4$q#~w zX{E2I@wzJp5VugD{}lyXt0`>(Ko)S>fC4kr#})m*AF-^}6DTA=Jq2AUM6&{apB9h} zTs8o~^g9SEXU5d!_xnhqt3Y%BQshsNRzw8>xHVZpu&S8qe{jGMyx0uf1|oytK?Zsp zEPu3~p`RN2wNdA-HvQiUZ=h91%K(-|m#hUmDEj&2?9@xCC8V)s1eP{g?enYtgS`Kg) zHV`1cYBQ`rT9P83pX$indv+L&*-Hy!?{CE_=S#RqZ9t&)O0s3t!E^QmY`AF-h zl9lkL8GhUda0BhWHUb>OzkZ}mB{#wFZDIs10XX=1{dCRVy$OO1 z69Z^Dz;USSyQ!5LeEQRF+90T!mH~Wc2*k6l8V;2s|6_*biR8N+-3o>UZri~3aKMG* zs^L)1S^(_E*N?O)U>|ioimUebP<&4>qinqV1ODu?0c%pMF=+W;^={V|G}_G(;NPwl zCVX3XBmeS8wE_IyHNdZ%0|Yy);0^=)U+^Yx{hTy4`KGBG)fNoC;thj2fF1$ww1Dm6 is^L)K7XOQ5ZS!bp%1F&5praF_{uHy&(K%WI|NR5pVk%w$ diff --git a/tools/ukf-mda/ukf-members-1.5.0.jar b/tools/ukf-mda/ukf-members-1.5.0.jar new file mode 100644 index 0000000000000000000000000000000000000000..d56bb28d64d8510e6394ce9c864d2096e14db387 GIT binary patch literal 27257 zcmbrl1CV7)yDeIFbyaoQwr$(CZQHhOqsvuYwr$(CyU?Xqz4v|b&VSxJ`|cNaMXZRN zF*Dbix$^tQ7~jZTa+1IxPyhfB004EK>=FR~OUDj-TKDE0uwfQFBvmqB%f8<)954S5WCq`)7N zx9O0t;$c!f!0f?B!??G)wF1aVfncbzT&n$7=r z2k^f;*gBa0L#IDe{`!W;@74M56BhnA!};y(9Bf^Tjf8ES%$?l%otzxZ4V;~fg{_ROjcuH046XDX9g9;W z6%qO2hdu9QR?w8-`9YCzAxqC+!wvlM%wSM@lZt(2H&qjOTCxN0@(>vl|WKB~y zIwE0gP8(%#HE`H%`@iRg90jQGaX6A zQAn;_SXPgKpFML;MFkC`-vHf|3lC1z8YfaClt6BVM9DJ661=NxtCmXvZvNqhQqjdm z>sJatPa!9$lWg9KT_hC;@N2Gfef1oy>Lf&}fxSSkN(#mW1xc??Z8AEiiZH88HTrwC zNOte$Ar+0xc!rfWa!;-lGM$YKZ6QH?GIK^nxv)hgJQX=*hYo>+{|*nED=P4kAi8DN zlnSnRn|yqEtcrO$hK#k+Sf8|cv=vhE!|%5IWixg|+-mt>Q3A?bv_PSh3l3+zaZ&FNW?ZUBX(fYX6CK$xmjGCs9560^rbjfe2G(=LiZ?gxw zp|;p%GjjqiMN95T?=K>%nT9`q+OVoKt(VZ7cHq_H$T-KTU?Ey`^9YfRb`Q9gMQ&i6;1Or?MLcse2?Dr&E_pj1Doh^vOfjK#sj4>bpR?|Z@3i?kah%-CTsv4(v3gIV4@xekF*7kpLWENW<;DvYzF!c$WZ4IfIav#$|)eI z1Fxn9&vb_hj_3e%bs!DS7i87a)+T2)>y5{;Zl|mSMJ65zag2<{~+$#$U)YF){Tr z#lG!2HF1$zgUbWh5-EW~Ze2?7)slE9Q~L0eIcdbiAumxbiPQrP0^)4B6Q z=+r{=tc(J>_->Uj&DKKyF(>RpZL*$G=JOb@PMY;bsIAM~%_jlTs$ey!3Q+Rj81Z@vr0uJy>JV=vfgbF-%(niC(_ z`VC^uu?^QUoq8?a50F{$_ILVrqCGqo45Zj`yv>|QC>loN*h1-xhsR;k8=0XBqBu58 z#dC`qZi(hZQ7wqwy9cmUEkF@b4(r(#rU6ZsjksY-G9Alc*#V*whDeensG@D;=?aG- zQ(nWrMtL0)?$O4?yTz)RxeLm1Nu>Tjb`zTWX7>3U+AwIpb~uuXJk+LYRw<&JS_sty z*&zU^N?g6mVFS-MSh;&7NtZiUovYM*3;QQT6`Fs?(*gkiEP(t|h%)_~5EamOG!}Kx zw{cQ(w=@2mxRO)G6%hH6LS&Bx1kgYb;6aoIBwJ$kHpwt(dd=vR{m3O%vWp;r6VbEM z@hZImHeUhS78J%QP|q}Q`JQhj+1=eNko6`&T%s~!3Es;=f(CPkc z;VGJB*b{<%EGn+f7+8o_@K}pXpRB11NG^>`$jQkS&zDjtGe1nrr=qMB)2kg) zE+X63Fue$gjwqL+R3O}4gmO_MtE^?v9sqd*NrRDvU$=A3*dUnEJ3}t? ztB9W3`S1cmEo*Z2<%teFk0?+sDr4ru4y7-!fs_OYF*kr+2-g_+@elB&>{sIgPNZ5SgD(vhpgOp zp^}1QuN@SNB}yFS=YanFsry`|BBkw|MWdU7>aO@1l-nGNRKhKiC0kdnLt~oHr`TKf zC01U#uC(-fhV*p@!anq3!c|o9S(~>0=!2Bu6kGAi;6svO)ch{}`I{URsL2;qq0~;P zo|bA`vnA(@?j*xqT-q;AzG$#@D1wcrD${%cP|gu1I~yg7RXMJr;uMH zonO@f#12u`o-Jcm2xI$%E&k1zsSaYsKHW(MsT}ssS^lmo{K_haNez$4bV+vpynHMA z^GF$pKR&+L4BVX%1OpWq0ms=CUaD=5x6@bZrV@CIel9% zlqpEQKA$*NfjIj&PJ95!SAL%S<9lBIwu@+52+8>!@D~b@Rx%ptK->dNkFI6%Nn(7l z0k}Is2nThT@3(<(Len)Ic&b5o^1LIq_#?{nVhi8`1n?xY-26axlaE9fs0K&@cG#+! zXd68Xtl6YzC`74#X(wq1KZzlb^vVI|eF6U+Po92G~KN8o&pOHJAZXv~rsW zA+<^~>4(8IDWpRUb_eX^6rxrH|pG_timbW@mqmtvJh+}hD76S?5@&QyL_ zW?E4*mRBRE1?7NbImiwjp zQJJ`8NEy6$N~sdalgMkgbdyJrFg1}?svVn&>`D{H7V(G9 z#R~!%5@hY4KR_TP%CNxFm?KUyM#wn4bxe+R@zpe!01NqQZ6HD|Z5fSh$jI9+f6n;9BYo!@7v@WB>*btt}EY*kxzwedGwq~5>s;Z0VhJ?&RLS>D%)%k@53SWX@sT`Pn3G=s7yz0~yDop2Q5(?(vJ@s#k~& z{8%_lumZvq4_^S>DI(5j9EasWpaQ^fQrik}tpe4VyjvWalA((T;JzjY|*}?J{fnG@=z3hI;^x zYLo@{SLROEfZ?&W{FS*hBhox#3vhSf%)YW9kUO~qC9RhoX@c-UoGq9?>`tNGgqJ;9nYzMid<`JAbJL?qZtRsrUY+Go`$4z@H1FwymHe zt%JwLwYnXTvKSe=eLkNd^CFVD7|0IeMATW6sZ#1&hU2U~X;LZl+-AaDsHd;hX0JSF zQF!2re^9BmQ15~-eYq8Uul8nag8unC~ zcCJiOvW~>P(6H4e#TTc%f>Kb}RyA<(susZ5;MJKE(aMNR#{{l?QKCR!LQ@!2Nc`r0 z)OZ?q8ltqPTm;#~PHvKB?#A-P%&8tcYEq%NMD|=cObL^*63^jbUZO$ZHsynJkO`CE zp=3D7pPBrgQy2E61gz`{^|<5x;tMdL8PMMY&OkIihAhcnSalB84Ybdkjzt7DXKjP? z9Ud~(8?6yQa=PEkD8*FF6VCXpP2OKL3a4t_m`vng?>2sQUX{p#p^u3MHgVBP^<{7z zRQs7{QTGTn`2oo&dXT!wJ;22XcOLnWS+5pvG=gpv@#f^m+RDlPNX%7a%AD)U!$pOi z*O)ySLhqxe&RlbBFqW6~$5Z_H_DEckmA@2)nrff3CeRIlYKOqlralqv*WLHb1yUUi zs@wMlpjBugsG3T-tw$t!yuXMVB|EJji zVfd*SCbQD>3(b*msx1mh8?HZ~hni}S#aiydwf5ng2mm7FBU zoL!**6rs%jK0^Pq2+CH}w)|oi?!?$=@%e@li^}cBCTRk;h*;`iGY$AAl!Wg{xg?`# zq^sGm?e)a(s!$UAy{f&q#9Ny-Q5q17q1mgg$2pGEo$dGU!^brMIR!d?!O>iGD--$^ zeoQP5rAKmxwZC&HlT6f_Lif~eX2?R^aXSoxL%>Re)c0gy#d0B+8XQr z?jw_RRBh8f1@|H&(cX$me!@DHux@e{w`)YUDAZb&_dnyP%WpI_FzBg8M@_p4KfkG- z^QQ61e@i}>GDc(2XfYbGAQ`H{E>2!G7E`sv4#@TN4oI~sJ{+g3b0jK75nO%r=sShb z6+R|PqrXN%_H~%G2}qB9&Y<*N z^FTUfzMAGJ9x6QbiHpIi#6IV>Mk99LwWmtoVBK=0hydaS=wK7J5H^d=6YXA>2$wbg8IS9NAL|5 z1Zb*3>5~Li2B7imk25?~k~JJ4RT@wSIfFv6^s(U%vHALBihALQa797-OoY;-4NIF)-n{VmRf8cjWz8y4GJizp&+U`9 z`8w5T0fSJeMOJ+rfjRDE!|n7Ao?@$t4tA%mftARQxYK6X=Dc~6*`!IDHdCy?;>&AF zH{m^RO32^qr=}}T^g5ZG+KCY#dt|*#(crE$OGFsc>@NG;u;FQ>+zp zXCeD{r0A2%-OR;o&Lf*pJ-7TbrxtO@7{_xosBU0r@6lQ@V&r~H){3R_$=gEPY)7m# z{iE({ZBgmsrODTABpFAYK_=fz6D6xX8o@TWC5rFQ0)xgIiuMTCT$I*DISbQ_hbcE0$=$k6O{YCd%1j<&o{XqzsbuZ;CP=zA0l*H_A*~*4J4p zd!N0o-QLo0np7}vpIhVz6?drBL=GOaJN>5L6ggjSI&F~IEdCaJuq=uG`)c5%5Je4R z|I)9E&?r0q9q3)xNH-y!ml5aG5SV zhxFwmy@mfbtsozP5A!QdenavgzrxxV7C2@6sC0scZh?IJ%O7b=H_@K@ zl2blkn-l-DoMQPmVDY!ZFD~>SS}IxTkCsB>S;w?ir_$3LY!9fT9wBf87jK~$r4aWI z89@DUDTneX@F=k6>iq3_P_L$sY_}KjUgqisp*l|Hv6_0V}1AM+Z!lAeQjI_ z5tj@l;IrOxe+f<(x?!;3sG~k}7kYgD@{}>NDL7hlcTgRzdxqL37UeN(YO!<7B zMFny+4MxZ*yeKoQrXPLmOdMt#iK10wVEBiKVhV^C4W5Boxh5MaUTy1bi}-@d0%vvyc(eVxFy5r$7~T00}+i zBn3aP-1n)#!L<4x1(u8vo_Lum+AeS|=Fu8m1lbI2)Ypk3!aBm^*+;*}%0-+l*h=Zt zf5@!zmQ*V3U@Ohp;5*Ez10-hl5=eyRBF?#EO|IyF6g_M^k?8qd?j;QayBu=`zf7iF zUjAIsc#`37;4Crs?I>YLtjE7DN#oftiyfD%QdnoH+Ch12`N_l4Gqk*`gj4GZ8ZZTb*B!3Tr83fLXf~{m26l5XAVdz_bC99Zl#M3 zGud0id57hLAmJG^TrkR6VE3JEoDW3k?c2^&i3p2$#5PZ5f*-wiA{LQ4SsF7=ola^VT^4u%%E3k2)V z5&E5Lm=|okuKj593|4N3-wA{uDrpSs?Q2(&9WKZ}!=vShFe(i?-&xywR|0mJ@Qx_&HTK=sIpDN%KEi13rSiV%D z7*7*YK#5$K$d@YQm1Z%_GQ!n&Z6f-V;3p@0R=yDpcV#svAP0M|W#oL?a-428HTC`Y z{TrJPIT_|Vn;2n?!S_&fA^SKX@^A)0i8YPW(N*Y>$ss;1h$~CuyO6sF1i`kd-%T@J zl<1GCbHnrX;uzZ-BAkI<`b`{dgK%8Qs_3DS5*bm zdy$JUcI`D5bf+bob9PydC?e-IrHug2=c&_c_g`)o zqpBD?#+N9B{YO#wuWOXN_VO$1?9*O&qx`1pCn04qxfG%Go6$4R;jsy`^ zENmS}8Je*w9lUqi!FaC^?xrxx6>Mez)FLx$Yq|AD=jrS4Ii??>l?lSI2L`5j5}E?3 z1m$NEewV5ZBhi$!EW-hH@uBmMQ_=c&>`VgCai`!-lxnDVak^bzve?}jD6ox|CoZ&& z(Hy7Xny8}~m{XkVNcm9RHi1{>_3HJx_%&XWk*&0z%drqBOl04K3U7KOm|~MW@57O% zJ0!@Z1{R-%ETN~WT9X0Mm`P5Fr|CMS0>XJN&p45d<^nkU?GJ@h768=|ZiNa%1U2K{=XBPYDk1ze}o#_)j3i30KBM zH_HA&4%?GE5mmsi(+6M6_dg>Cvr*8=&#z*a74*c+v1%9OYXclW$sS;`-71akyzO#=>>E*C4upM zLmKmNMA5y9!&txBNa8%4176|i2%m<>gzP}+u&$^;W(X~?L)cJi$Q;vDr^c74b*w;= z4P2@~rB|`Pl6r4z7}#UT@?I$z}(8dS!^|Cu25?Nk?>wn8aqmq)upI z&P*)mmCJ>-3f)aoWp9>5SN*9Z^36Sj^wXHN|4Qpk5|JC+My}7S${Q(g=YEuiY9P~?+swb?_bdc^^d^tuWazYqU%3NDf@5v_fev%F+Ny8 zu!RuZL}s|a3h{GT4*5LG+_1l_* zNeqPOa>7h0pG~O(3r--$O(&0*bR_j*c$-7hgRLaGA;A>shzIAW>wd^ct z(|`}li@{%HvpHG{G8?#u(wZJ2W%r`$Ph9B3@h(v?i#i3IKUa&B2ZwTHOCkDHf~ z=4*0+c$}rzDP}&7lBJihJS78Iw%a`H_RmBz?zMdI{n-`2Mq1QmnD>Z$+8jFKB{HVL z6GwS@0%iuzQhK9Gw*L!qE&kgjHR|{nwsP}n>;BeIR+qTLR^xA?A$z!|SR`pZ2WTpi zHK>;nxp&Y%5xd4eYcBVNg^>T~ul=itmHz99)PDeCwyLJ%x)2gi-M(cKH2Gw4ei93O zR*{hPe2AoAPk46RUIV_&e8XW=6N)LKCW8ifB233U@Q&>aIinMYBAQMs*Vk1xE&wfz zsj7q3xWmOwTw}wr*Y-=-VovhidiS&skRSU@VqV`n$U`46Jr`1csKGNC7%nOP*$@vx z{|^H^da{AMQa-O~Bax65CI7Mw9Cp0WHT~ks(*cr4`D6>u^H$}^6sbrA!}O%Ge8lq- zAj8ZU{d%ZPlPu&hCTlbjpfqzkP!dcxsEHY72dqUGibJb(l~R2|@mPKeHCCTWD^$poO%yFqOYe9cnD+S3Grl1${jpqL7FQ(eZYgrf`JuS%n}7OD!Vbg+@z zL2ZV?#ztF#N>NZ$5{2HXqh&7LM7d;1y`TbzWh~Mpd2cX}seqk@(vp2hSb<<#0_-O? zv@q>UA9S|m5wT;{Q9)_OQv|VH$f~F%dPmOrL{gRUGAvP@bBMe`mBta^;$~}uwPxkc zO2LeR>75g%UFVWnI}+$`EE)H;tzt0Uc~&I0eHz7dG-B&frtu^+u{aL*L@dMzVhug8 zdQ@bHA0#$oMAy9CoYo6|EZSBYpn_)&&AC>e0*ngtip)G~I$RSu>ANB7K*0#C7) zNLStG?uHP%@q0^F6NUXdY+fI6n%pjO zni4*!BGg3AmCyiV1EF4^8Vh9|#beD4Bw^e|ng__N5+ZG`?Xm7eHWqx6xcX1jHFv$~$A29gPMsok4(V zSwX!u*rFmpEk`Wf{N5ZzEr95;k|K>|;YBgmk$;zWn0Ff?rjn09rXz?O_u93(gFEeQDUkI?kM!5!gO zKtVz80$qF)sn)?!V|}dp_uQ1(GayV;ZvMN zL$&Gqu-4d`cj~hLiX(--@DNTcK+5A-sH*l8)Eh z#~Y0GulvWTwg5Q>^s!V&jw3trD6#iqkEqbX5G-rmt`8o~o=Qb-Xx*aYE(L$0avA!pj4fjD?Pa}+3ceqZT z4St?i!k&c=qFD5|q#GYnboRw%Rb0e{9qVKYMX8S^(+UDNQI`^i)EzbkbrO0RFWs6* zbSp0G?YVP9gKZvhDBwD4YYJ@JfS5ox_hU|0 zTbWDEv*r}z@&S?ei#qaXAj=iC@@+=VDMHbSK<*1drpk~cou>9i*AUdClVb>= zoP|+a5X?qm3eh7qT*;KDp&V|rmA`q!b)Oq{n=?5kiY3UQxn21@Y89N`JhA3*D3|E< zRH7ra$AzPl1Z23xKia}W&?CZgr1U1N=>AK5x^CEF8h=rF(*HS?%Nkf18#;;T8#>uK zxc}eBinafQamaLv!daN#p&;KIA3tC)C{#fJU%sCiV6X=Lt;u>!OYJ7{I=R4JajMR5 z!G{PTL|?zJGlM4U4V&q(7ZRBh>r+$rSLv~i489*9Z?FLNE5vrtOBp-t{_xArK>F3R z5JD|oMDT|h1bi(v@McGC;(5X6DE=(fH4pu9AsPCw3*uAIkcsu(@XtjVa}N2da# zkw>DaXJPj2#po~4?q8?9cQexzW9Bnx#K9>}XL7#!y-@kdnD@#wb7!1mj8;+uRGKwX z`Mw3$ku}KV(zqVhRBq97E;co?Or6?%@UE>y_FI`OC2F9`<}byK-$qNpEc?D0zx1p( z$MnIqSii;unqIk0a=ZIer#73Dnqn`dziMcHb^qB`sOy|@<9$_}mbK+a-3@SKzW}>rLF1xrH@KgHffuJ918KyZOm(p-Xqok(~6gmmW zqKBfWN3B+49~{11?u}O>BsV>5(CD_H^~%&n02vK7sl`VJujt|BhnU1hc#rxKDGmPT z6u8!DF(0NZ&f?5O=NRHiXr|liZmx=)+mxQ?a4QP=GpHFBJLnyMe6&NBr2-?&S+vlP5AgbcVMUGfJ%xL&|d zC~pxCGKGAm5^;m+(_;yI#Sap5I-vF$WaGN2?#N|*fY`%rMLr@%esI6ARYwjq<84#i zU30&fyAj=6kLV)5bdd4_#~Sm5c(spU=DZ=gQQTvXxJGc@ADG(f5_dtrSQ31$Ci;Ti zGi*nD#g6#i9-!*UA9==i)7FaC&PT*8DFA=Wv&`!iB9qKb#QQWo zS1wX%*Olb^RpU=4^Ik>Q7duv14z!K9O&xMztvMhpf$9j&B8wcCs*`GYy(0bd17A1Q%mRFs-DY3!|Jl^}SALwFzJrswp}F0E zo=jD;{=z=^oK780vPLB;vM&6Bl>i3_f^f8ikW>)GNCW{GueB{|=UtoY4%7kK4}f>Z zuY)XaJ8(Cm=%&|GDzTE0x+bnJIi^Re*{!cH=dW-8YC(rU2RplXM*932!sa-K`s8r2 zkfi|{Q9WY&VL5V>MFmxt&oro)$UytFz`Kr-m-eyEQYxr@k7d)=y9jCDAb+ft8Cy`( zz(l(gtWl0{(4`Ls#fmSOsOj|>+X7uN5C&#I_~Wa)PBsxibslZ!^uYoxZh@Zhlv{!F z^nV{);_yGjakG#cHmxQNpN4OIoznkx0&}{GXaPoMf5?TtWHnzDGaPl2+@?eseEyBKMQ^glg5EWCk8|8+g@gI2bi5cBxBSC02CjPsB8GY0 z+Oqc+pD_(nxi+oHa}9yp+MKrZ+%cO|>G`fijcwb+XCYLgF=gqj;|ZKjgBvr|K+--! zCRIXb4=)m8HM|nFDj1v7&beu{__u_>LKc;PUXyI9bGCcV<T0s>^Ng>$lf$hR*Z#^pjqnM_h2(S5H3|a_ej~lOivh3&tt?j9V0f zxL}a-iKNlNYTrI%!2BJWSJ$fuOJ2{2K5!hK<4yRIUjTD~IvJ`#w{d%?hOJR||?@ z9MLB3pzvQW6JQX>4=ocYnF}^b5YRes^A6e&M=l@PIM7obwFI1CF1Nl%X)ygtmyOKoab|642? z%&tY*E6n~cZl94!KFRe;N!=O-q>Q?A2W+xlI#-fTlw9j8m&p>9xy$NmM58tYIbP9* zBHHz)6+3NNM{4e6)3jJT(W7|7OzTq@sSifWE~kqOYAlS93?r>8_+oiUk#S0UcrjuQ z^MnC3ihfMyD(&5yY#&)U+Q9aA)M)CEN?UjCvkdE@_Mar$Wy|Pu(8(zFJhvQ3*cFnh zTyR-Ua-3NpbV=tqgO@0(3|yqWQCrDHX013EnK@?}y&syh2oyNI2>2VUPtWq}Q7do$ zO#-SXh}wt2WA5{!85x?d({8l+8N8|w;OF-X?6WFX9{zO$B~c(*82aP`3{>Bm?fUD2 zu01K}={-j-`Q8?v(VPQTH_8`t8796B6D{JIdW@Z0Q`W`jb6_ppaB8{BT zTiXgZR%XHYW+pIpACBhijfTY6b8+vnS_V%jA)u z56}w`@)LlNNU!z=sLw=~O7r`QL38vw(|sJ62xDS8D+E?ei+!q-ZGGH;_54bSbT*0r zmA`ohQI-A1q-E=8A@{g%$}5jf=kvxr zK+3owpwMkbNDcT6tXDl4PDk~wCZN(j^RGMWU(YgrvE9ozn;KqlpYT0Tx3Lz#!2v;T zWE)pPahLXTZ$muZ#QM9*&RBsV_J%DUY9h|Inch4B<`<>ldF5l97uI}BTXRc?H8DQw zQ9gq|ANPHM(gJgT-!>II>%xAb_84>^_I&P}0!|FKV{F~;djVYU2Y7hp?HT~|1O0-R zAj<(z*{{+l`(8t`nDGpx7PI_TaI5-uCXdKh0fHoK&F54$U&Q05?2w$1UNmad4f4(~ zNUQkHFi8vRlYW(o4hT6aC2ay)D{S(5Xwf}UmfZUNah%!5T&e#4jbWP>`ptnlngTj` z!}g_kls2+7f~i6j8kRKD96-HbbPnKALWn!X+##E!DuW7cN2fK1B^eXxB|2k+s8piJ z1GG0rsf0B_`l9=TuZVDQ-O@w_^6Yi;1BWqjGl}kXvWU2)n$VT50KyUcDU+VjQ0-QU zVNXH$8(OF*LAJ5xh>^qEh}x|gmo-tvS9uthu%(M9EA_^ohmjyT z_S7qY1}#GEsTOSq5;egSxO8{g*>j>aD?lqUF0exhLthaQC=H3~Ulr3o#9S#-!!s&| zG&CC&cQ)f9R+}P7C#$pOtlMW3>8y2yqX%RN5mm3Ril*gtYpn`+DB4P!gnW8o_Ze5z zifA2fHN5RDy7eY5X}H9$Vv7sd!By&q89o}S$B#auhX>vDubikW z)vX}P4iOY*B9mYjvM&J1x^(OLjOGZ65a2i}T{V%jV#-q{v-ef0#tIKPPy3s-PG8*H zYBqbmhbYZ4z)?p3(n_aMjU}}1M2JidqT*k1dZDkbRL`V2obz~*3fnKrE(}N&;k+-^ z(`YS~A%mBEt>N1X7tz4ara<_j&VFj2QPlGemPMeEX0jfT9SUJeM(Zd6Ik1g)ni!aBlCo>BT) zM3YSzadlTBtSaXsc=%F7bt!#FzD`p$mYGSR_9{VeQXYWfzJys5lT<@}J z|1486;7Th`3oG=&_2_f7%@TB4rS@c6tr*vKXx{UNqu1PMZ?6w@=CNdNrQ0x7 zKW!2-($mvB?YS!+1FITO(f(1I6~dqB-L^sbbZQ_5r>_aJ6cQ9qj8S00UJ^U^5a zBfZy#6&Dy_Ej}M%^t#8*T^3~iYZdS3KD`0s=+WG%(olqu;`^ym0$8-wNbK6G-|%YN zhV6R63^r6r?7*+zT3iVAuSaS$*umDy z3UsMqv}Qw|t_bpe0VVAv-Y_92Q9ei&-nM*6qmHo+VoVKBXnOz-_SDxKFyYdhP5>qu znV5~ImPz52k;Xja9e@Sh4A*{)Ce@bf5*G-vo;ct{;IaJ#i(lSxI+K!NvQ(-z2y7I4PbE+dF@{qH+$jZ0&E;3Q+uSDl?x0;%DNJGfNBqC2;5tCD;S=Fge>OXTnR!0Sm{wpkkFtGorlN6ir}g~bv$ zW)8jH$R{#abqMU1&>O2PRa3q~l+sip@d*!J9>pU(L9<3EkGv@5OAUcYiafm(ONT_* zQYOp3B45*-1;X#r^%Y-@A{&(@84cN{vc|M*FC*>c46iSrT2hkhoYv~`2wF|9@SZFA zR~;R=q@0TrGP0&lNQoG;CQ~+-W1PcS3(?imz>2V19$nj6WOd&>-`_u?HWd)EvZeBt zUwYBe8_;W3%7;JhVYtDA%0=h3rPv`UrGmYtHX}fMv%Bc!{~(swdVNWy(yZA}yksfA z!IxR+mCT7lpA?Kc$~$H%&k1gRp(=lZ>3yPV*qhnzcxJND2=Hett?I*jKt*svah}u_ z*u*=V-l5=MPGC$UVhb_(MgpxPR6Dtjb@xqQVuUlSjJ7bx_R$VvJ_gQreszOx?C7*O z(-etynrxG6@1XUN6po+>hcT4y{P_ls0*AHvt%ZL=CAK0Po7B9K!svM;5{$>NVHsns z7Mrma@%|({x#3esP*6vs_i`^efW*5IBCiE5zr#I70$%~Cb z@it9rm^Kcm1sUTdNH2bAd=uXRedok^fzxqA{(5Rwmo18Lqgdo=zyF~IgS#gl9M0i4 z7)Z!ZbRAeYbGMa`Cy3f-E-utOM=h-E;kQ13Sci&SDBM9qvtm8I?9dM0f^QDFu{8+mB+4z`0k=H7ISDgh*T^yXiCanwTG1{Uo6LHF_O;zm&D;~-qSqUS zPd39znqdDsSZfen`u8^!X@8#DD1s91vsy}-I0>XGV8yI=N$2^!L|AkWAGS5Umtp$i_P*zPqP(7Mkq!*nv$z& zx_9{U;9gg(U069dYBCEyhL%t7puqi5ZGI8xa!lKkYKy=Uo&rJa#qx?Ad1a}(!(KaSZ-L$J zXYtBidcptY5t#Ol;D1Y!(;sWyUR@H2Iuz%NjcG#na(=#c5zH;f!BZ&b?Zc6@cGfiSy=(pV9jboQZb44Q|gtiUIt zUz=J-h^>UziPRIl1F?7GRiM5~UsKYT-io^%^Rm!RzhFW2bYE|LY1zcQ%kI6zA-fOt z8q3N*OND<^iWe0X#>qCk$Ma6@6Dj>o&V_K-8MHWDOE+y_aj7Jsc{R>*$(BOS1{$!w z;O3L_@eLKk^;^N$-L7Gxqy0s|AdW#yrp=)I zIKmV@=CnFpUYO^?i@(-izdpE+&m$aY$k# zDm;lz=+FPFle3PCDtrGppn!zZ9fG7vcXu~KcS!dzbPo%Iq=1x^fOL)$i-MGr(jY^q zGzbicC@t_C)^#0Och~Rl;l*p_k2#;uJ?GxJbMAA_^PZ@RvZ&MU4-mqJXr`v5aB?pP zz+K3}lOy?0arF)oB=mZ}mR2juhdIg3lB1mnx4<)@wRytm)4M!;oaki%#dLQc9YVPI zLx&rniWavSYR^9Tf$yZAv`WXItU_YmZfuRZJ$}?#h5pc`*Eco?w?=$9a=}C5=B77x zrW?S${!18Z_LwqB*DKGTZt zQ5ZkG5Ql{A`bf1L(K=DG6`wuxM&~x4OVu7#EO`o+!Mqk&4;lv{4`$gZSmh?5E93vS>}4PF&zawwSTx4{59x_R4dUeCcJ} zEP?gL#uE=178zbFJm-j{6`o+oknd~V-ev4fQ1aR2nTfCtPMXk}(DKUYlK{}!@g@gKNO-ctD^C$nP_$Y&j%8~|Q><;SSZe}<4-p{!r@ow1Bnq{tS??;C^LpDfkw`}U5 zf+8kn)FaJRcgf-5_DdM)6xU<@aPJdyE~o2o6WkoKG!F94uvnOpj1LQ=aW)_F6Cs+a z5hE3u2fx>plDk356Ie8QpsVIjYpaQA0iul@(^Bil&$V?F8syccN_o`<#ZC{Ql%N$0 zl=6+{x5}1Vuzqlb*{Vnrlc)^X>xbFJ9XLO%>yW|LW?Rb*<074nGV#=>SW^Jq)Kdto zlmrd2-0A`P(#UR$Se3Mf#f;vMWaWzzx{)Maq-cV^wV8rd~Va6MM(MSR31(EOoa zFQH#KbHMweP;N4|6_{0aHyfd6+Q8M`^-4v_)1Gi)d|aNn{D&GWAEPrMJdBV5`CF5G zn!E??)GXfIsdhT4JgFsYy*h7l>>gO(X?ob@dyDSAAa(Tb@i0B=oYBd&zsJ5pUl~l$@lwb_3BG6!P&`iR;V}*GvrXfepN+PJ zN)OV0sPK~1FY}PK>%=t&Oo_p|;j=+!L!4*A)5q?un}#h6&OpwXG#788{cg@kn=#!^ z_(=s>RFvYq=P7ku5Fb7N4)yMZt7a`ECr%wn^vPx)Sux2@1jiSCI|&T}N=keP^KSC3JOS9{!K3#WObzAL8YaW`TZ(oE1^ zmf;0hp%jYKr_5hg-*(6IuXCOQN+fiIZNoUa$X%X&egqSN)Yu=D4(`Uwg&Xpa<>88w zyvioWV&zwTDyLvq-Y5BL;NF?FEj3OaxK;O=icl%+3Oa{KehxQHTT`6O=Y*d55Wnjm z-*UZmECSNG>$NfXB-?{hAru{VHMpc?iGlR!+bTD4v_K=u)WI8tU7zWjv8FIy0q7y# zs&at*;_djH&@Ucft{G(t1w6K@_Cfgu`UPSK9U(ZZtdA&Ghy`VJDmt)$3R>F-tezT2 z_XH~NqK=ud>J>o1#8*%~`z+f?NE~GCFrvGd7?}un1f6xH@{)Wjt=(7Xd`wJUUkt;B@|NcMsz+*^SA(K)^?(`q zwb=31S-xm@M)|O$mAg2Y!a9bp%eOYKluCCW1bTRR_(4Pc>dp>4pyFTn@v^D)W4m3C z({1I21dgU6{h-&vlK9n9pVaEC%1hnm5BM^^erR32ZoS@97C{7uGVy+P5gTeFL%o4N zF%&_}9P9gd(kaQ2p*E2dGtgywWnpPo97|o6@cP|jf=R5b)j82UdhDExX4&_2SBZWb zCiQa+-r{6QQujMX8w>3*2yHYN3<)}G=rHZ!mTZxnAplu9r4_EF7kJa^@1L4fk?DmBU7hx*PY>=Ap+ORAF8m-pW}A&gauNxQNV3 z#WJ-hqDzRoiqPx`6Nj`=Wu}~T^8gm{E){^PSq8T1usYD8!YDJ2a~MzB$qk^{%6*gc z8jQ!`Bf6ew9oQ!D1p_)q^DZkoW};`}pK&hfCKtLF)CDxYsg>E|T@PgX^m#d3Vb0cR z%^;CyRxbF-GouwVd%|%_F<}UJ8a|T7CbBaXwkW`>xi#08$AGiZ4o>a0v>#oy@Tif) zFLu-SY}PgNRvgNCDt!NhW$e&zRvdFWb^Kl29^p$a^wJbjr!*$0&+FfQv)6si;pwKD zE(P1MuIVF-)4CI)%w3*N3&wQFvLzo)dex^-^K3G@U;Qi~REGl28sQ+Qm|7brx}{UI ztWer{@ScaF8=+?SmoqV56WdU+xu44Lv*Nn6Y?l}DTOs)9Phlo@C zd7qT6bXjFx)ysa;O@3i_Z#d*>P1B%&hh34$&9^Y)4%hvaXb}eP#rEXvdhO|Yn~jF| zu=Q{ns>1gA$Ii|;G#>%3YNBiEops}2yDiZj*2U8Dcv|@nT6O^wXil;N+ZEc_d-EZ@ zRIPz?ijt8FoYGRi&zTcD%*yTQK|=y-=v!7~Fle<6rVQ@a#OE4P_xVaEE{^QBqu`0W zwRlQhVTvYJkA2GUA?|sRF@-Zz>?xdIpGaK()I`@Lq}`JQUGcIVewnF^i(Er(D zaY^GK{n2E_=+u-W5yjfdaeB?INk7T{ko3Vu+%rBljtY)Y+m?OId=8X#wCk<0>tPh0 zax);A59+75Nsp2+b`#Y=YJeC4>eYnOs>?gd@6zmJt2=WNu|1fLMxw7k%hw7_vdaD1 zR=YIZn5L(r1hK7~=<*Ij#*7E_Rey8U51uew6G1)h+KaQ~mggLeFL+|-MhvbT0!Vkv z8h&XM*xncoGf@aBBxlj~x~G45_Z3zoeq#4D-L`gY`K;GWG4{)}dqMiosvcz@3yy6v z%*yX>W8NF-xP8kHARjfQuB}O!lV&xks0EcftttGnvNXntH?mWh0r5Naz>teZQM+`L z#i{f9B=*vBNA=w2YPehKz*~zadRK?b@}ai+Gi=IDOwZtU_u)OQy_VH777`OSp6qY9 z>7!W2%+E*zI;)A_{+{N_1oXDeFPN-OT~0};=|X$ns6*vM2E1CTT)kQ>DX%P2UMNf9 z6tqpq7)2e^q+9tq`kB>=Y6rTel#X`ai}+MeBFMf?bCbFCD%6O*!cE%XR%Kg|NRx%~ zl{Rf0mZm2fZcD%Oo*BRX#B3n8-jXDii9Ru)Qa?kc2Mn@3D$Cph)0aA4;jwNq$erzw z_iijn=TL4G#MBc8vX1h_+$Kz#4&aT>7ZPa3xjue&H{VMlwAXrv())lEr9unmd6~JN zvW|zTI7-nT%KD8La9PtkiccK{9*xb2_uOgomu(U5(eW39(xknGDye>94kG}afNqx zY%us*Q3wjPZS08dFA8)@7cG0360xKxnbX=S8N+!a-YH%^ zJ^3WUE72lcrhhs<&QD!0VwNYl1*pLO-b%`X=-tVxv7OmNmf6`kstSHIki7|2FD}NJ zg^MVu$?^Cbuh_`wiY^`rg_X-wW726WzCH;F)SQDORc9QTTAM(HVnWjB+h6QpXCyJV z=jRoV#<)5rCUl&p#!_oGbg8pKjE>|Upy~5k#8Q*44zQqM2j`k#1b;RTT6B3ATpCLW z#2vlY;C=MLdx>2G#tnNZJy09ey6bY-R1l`hL|{AcQDLOcSi3y;q|D@~wA+ASGAy1` z%4ja3gtvf*6z@as*!v+sV6eTMg)=G8NM>!qnLtmGI7EZ-Xq?FnlnIkdbPMJ*s(W(7XttkO}Uzwl!~!fr;|HPY2dt6guCf?mGIqGE!)A z=9#ZCC{o2V2lLgZZS4tI4?T2CM0@M@?n!c^H>uCcqTqwF`IQNnXB9d_N_H5NQn0{b z)fADr@vh-bkNq8m<+sIW>#32XfQ@z1;u_f&TiEv)_h>C+iakO_CBsLzZh@+bbt-QW@(vVVOo{Ub2<&TC zJu{lA#XS21l%jQOyjBshgBeHT>+|SWYVJi;FdpJ@?JrcYtCf!}G7Iz*v6f@uF&oNwQ{aOgif8e}mKcUKNSSC@K&S@#(M z{E&T%eDq+FHO37HWhS&B7;B?I1 zr1^M@To2&lSpJ)=k;iWLYlRJ`NT9M$3Iia?OExJ{_;mY}_ADmN!T+^G^|hGY>EjdH zP4}vI1D^izXU{|T@m$!Hdm2Y0Nrvz-bB*p%g@cbPkKf`%CZwfxHb zSEz2!ZwYiHcxk<@*RYUpJf3Ro&N=Js@jtP=c6U9Bf1tEZibj4e0J9!iXp5FsavC@b zdtZcV1;5@FL?^uH-^?^BHx}H03IvQEe6ncAR~!z&HVwu~fJ6dy!UEP9sB;0g@v9pGu$sA3P_dwQI6&K4h?_QN`aQoWIb&A+ zb}AvoEL%+tgIJokAg8=MDqDGW>~t~>mY$iOjMKREuIMxF9)H*~XRkQ^8_KuyGe|w* zd1R8;I+(ZE1lCAZjJ2dLg%2k1nX)Bkl03No@X9C&D4>)?109wKP=Cg1`dYaifSLa; zccBnKmH*n%4aUl%EM4oTj!mSxFDwuyPI?0_I)8Y_xA^q`Z%4zX%tK1e+ygtSv>>sRK1D~KZUD<(K;UQ7Wm6Jzy7_TXUeCTrK(iK(ue z`up{7fei0dEN$*A<0e@>T>Ug3*Gv35lcb;c71O+s-YQ<-*8BC3oxTg@ z`@j%1(0AX!a$G{Y$li;3W3Ybav$srX4CUm+0E!}9`PDV{G3x&3Zc0^JHyf-mdTwS! zEitB#`b4YY?JcNJBazDCpGUFwx>8@ZV$$Q{qRyVRYqY4&WIyN?_ z$ACRf<4^2Q@`&M)xCD~JAbbZ`%un7Q1ZC^fi0O0Tm5 z3qAWIKf$4-EnEAcm*6BKmVJ85{Rl337&HxxHribKAxeuYwq+)gaRt3>64esykm4^VwH80*gmTP=YH-3vG>EEdMR4dwd^~#{WZ{_4jNB?X0 zVo2(A#@QJ)ZcQ^JSO5cWDAe3CaH&&BVi_ku+0WzpTG)qLch zIsbU^4lMrvyJ;dQ;~ut%jj*;L9UsjBRdy9NWp!<(a$OHLCAC2%y=`?i)qzF8HB9UP zrj?uI4{niX8dDe{nK&DAymXQ+O1SEvJ+E6;GzwZ7h=& zZKT?j6cvZXp_k98u-)oaQ&r~1-Tg#86VmBB8VBWpZm`^Hy%g4 z{{vV5{YWo1I0x2$jq?V(h_`=|>Hp2;`*EH(qC_NGe~z>NXWMh2{nt2GQ2PgkKhx5P zpWlC0qW>m@a;^mV52ZhG_vdoof%nLaYx%$A&QC$-ugLuh{vP?PpPvF`X7M>Z`&$%( z;fT$GKO4<&WAR51{=xFcov#-?k!h%W-wYA2h2VP#V99@a%KV*;e9=J|3EcRjLm8sT z;6ELH!dSiNfDGO{2S9#{La-%b)#Dc({*HsZXoJjGJ1?>O7KLCmqF=W8_p^aaWjY77 zeTzbHILR+te8;w3>;W>1=6sI&EegRk6u%(KVGgZ2*3X{_-UcfMGxeC|vlqx7=OcnVGd`c*e~UsemHFR>^JgQ1+<|kC?~{Ek XRdhsU5DE%C;?EHW1?31Kh=THe)yh6r literal 0 HcmV?d00001 From 193c193acdcdfbd4a7154ea3f9d6511dee3a2db4 Mon Sep 17 00:00:00 2001 From: Ian Young Date: Fri, 27 Jan 2017 14:03:10 +0000 Subject: [PATCH 12/21] Switch to entity attribute blacklist for test aggregate First phase of ukf/ukf-meta#10. --- mdx/uk/generate.xml | 70 +++++++++++++++++++++++++++++---------------- 1 file changed, 45 insertions(+), 25 deletions(-) diff --git a/mdx/uk/generate.xml b/mdx/uk/generate.xml index 19c041c2..d4fcbaaa 100644 --- a/mdx/uk/generate.xml +++ b/mdx/uk/generate.xml @@ -243,6 +243,48 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + @@ -251,31 +293,7 @@ - - - - - - - - - - - - - - - - - - - - - + @@ -316,6 +334,7 @@ + @@ -556,6 +575,7 @@ + From f83edc52c4672ca52660a352024688241337d507 Mon Sep 17 00:00:00 2001 From: Ian Young Date: Fri, 27 Jan 2017 16:21:03 +0000 Subject: [PATCH 13/21] Document UKf maturity pipelines See ukf/ukf-meta#104. --- mdx/uk/README.md | 73 ++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 73 insertions(+) create mode 100644 mdx/uk/README.md diff --git a/mdx/uk/README.md b/mdx/uk/README.md new file mode 100644 index 00000000..fdff0d19 --- /dev/null +++ b/mdx/uk/README.md @@ -0,0 +1,73 @@ +# UK Federation Tooling + +This directory contains the MDA configurations specific to the UK Federation. The main configuration here +is found in `generate.xml`, which generates a complete set of aggregate output files: + +* `ukfederation-back-unsigned.xml` +* `ukfederation-cdsall-unsigned.xml` +* `ukfederation-export-preview-unsigned.xml` +* `ukfederation-export-unsigned.xml` +* `ukfederation-metadata-unsigned.xml` +* `ukfederation-stats.xml` +* `ukfederation-test-unsigned.xml` +* `ukfederation-wayf-unsigned.xml` + +One reason for the large number of output files is to establish a pair of _maturity pipelines_ allowing +us to introduce new features, such as entity attributes or new types of metadata, to an initial limited +audience before making them available to the whole federation. + +## Export Maturity Pipeline + +The export maturity pipeline consists of: + +* `ukfederation-export-preview-unsigned.xml` +* `ukfederation-export-unsigned.xml` + +In this arrangement, features are first introduced to the `export-preview` variant of the aggregate for a period +before being included in the `export` version consumed by interfederation partners such as eduGAIN. + +### Export Preview Aggregate vs. Export Aggregate + +Status (2017-01-27): + +* these two aggregates are currently identical. + +## Production Maturity Pipeline + +The production maturity pipeline consists of: + +* `ukfederation-test-unsigned.xml` +* `ukfederation-metadata-unsigned.xml` +* `ukfederation-back-unsigned.xml` + +In this arrangement, features are first introduced to the `test` variant of the aggregate for a period +before being included in the `metadata` variant consumed by federation members. + +Once a feature has been "in production" (present in the `metadata` variant) for a period, normally one month but +subject to extension at Federation discretion, it will be introduced to the `back` variant. This provides a +temporary "fallback" mechanism for entity owners whose entities have difficulty with a newly introduced +feature in the production aggregate. Such entities are, however, expected to move back to the production +aggregate once they have resolved their issue so that the presence of the fallback aggregate once again +provides them with a fallback; not doing so would mean that they might only become aware of a new issue +when it appeared in the fallback aggregate, which would be too late to take corrective action. + +### Test Aggregate vs. Production Aggregate + +Status (2017-01-27): + +* the test aggregate implements a _blacklisting_ approach to entity attributes imported from eduGAIN, +while the production aggregate implements the traditional entity attribute _whitelist_. +* the test aggregate no longer implements the "key use" fixup required for pre-1.3.1 Shibboleth SPs. +This adds the `use="signing"` XML attribute to `` elements present in IdP metadata +without a `use` attribute. It is not needed for later releases of the Shibboleth SP. +* The test aggregate defines the `saml` namespace prefix (used by entity attributes) on the document element +instead of in each SAML ``. +* The test aggregate defines the `mdattr` namespace prefix (used by entity attributes) on the document element +instead of in each `` element. +* The test aggregate normalises the `xenc` namespace to not use a prefix, as it is not very commonly used. + +### Fallback Aggregate vs. Production Aggregate + +Status (2017-01-27): + +* these two aggregates are currently identical From 4a13c34fd067487345ea6fda79cae4e0bd34c3a1 Mon Sep 17 00:00:00 2001 From: Ian Young Date: Tue, 31 Jan 2017 14:51:40 +0000 Subject: [PATCH 14/21] Implement checks for v1.3 of the REFEDS R+S specification Checks only applied to UK federation entities for now. See ukf/ukf-meta#20. --- mdx/_rules/check_rands_member.xsl | 86 ++++++++++++++++++++++++++++++ mdx/_rules/check_rands_support.xsl | 49 +++++++++++++++++ mdx/uk/beans.xml | 1 + mdx/validation-beans.xml | 24 +++++++++ 4 files changed, 160 insertions(+) create mode 100644 mdx/_rules/check_rands_member.xsl create mode 100644 mdx/_rules/check_rands_support.xsl diff --git a/mdx/_rules/check_rands_member.xsl b/mdx/_rules/check_rands_member.xsl new file mode 100644 index 00000000..bee2e9d0 --- /dev/null +++ b/mdx/_rules/check_rands_member.xsl @@ -0,0 +1,86 @@ + + + + + + + + + + + + + + REFEDS R+S only applies to service provider entities + + + + + + REFEDS R+S requires SAML 2.0 POST support + + + + + + REFEDS R+S requires mdui:DisplayName + + + + + REFEDS R+S requires mdui:InformationURL + + + + + + REFEDS R+S requires one or more technical contacts + + + + + + diff --git a/mdx/_rules/check_rands_support.xsl b/mdx/_rules/check_rands_support.xsl new file mode 100644 index 00000000..fe92e6d8 --- /dev/null +++ b/mdx/_rules/check_rands_support.xsl @@ -0,0 +1,49 @@ + + + + + + + + + + + + + + REFEDS R+S support only applies to identity provider entities + + + + + + diff --git a/mdx/uk/beans.xml b/mdx/uk/beans.xml index eb185e63..6fb81d6a 100644 --- a/mdx/uk/beans.xml +++ b/mdx/uk/beans.xml @@ -334,6 +334,7 @@ + diff --git a/mdx/validation-beans.xml b/mdx/validation-beans.xml index 3ded8bdf..da3237f7 100644 --- a/mdx/validation-beans.xml +++ b/mdx/validation-beans.xml @@ -277,6 +277,30 @@ p:XSLResource="classpath:_rules/check_incmd.xsl"/> + + + + + + + + + + + + + + + + + + + + + + + + + + + + + - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -